From 617cb76575cb8fbbf0eadfe9ba7b0f44b1ddfef1 Mon Sep 17 00:00:00 2001
From: chrisisbeef <chrisisbeef@69e6d614-4441-0410-9a8b-65af957f44db>
Date: Mon, 25 Jul 2011 06:24:52 +0000
Subject: [PATCH 001/812] [maven-release-plugin] prepare for next development
 iteration

---
 pom.xml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/pom.xml b/pom.xml
index 9ffe42b87..aa817e883 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,7 +3,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.owasp.esapi</groupId>
     <artifactId>esapi</artifactId>
-    <version>2.0.1</version>
+    <version>2.0.2-SNAPSHOT</version>
     <packaging>jar</packaging>
 
     <parent>
@@ -66,9 +66,9 @@
     </mailingLists>
 
     <scm>
-        <connection>scm:svn:http://owasp-esapi-java.googlecode.com/svn/tags/esapi-2.0.1</connection>
-        <developerConnection>scm:svn:https://owasp-esapi-java.googlecode.com/svn/tags/esapi-2.0.1</developerConnection>
-        <url>http://code.google.com/p/owasp-esapi-java/source/checkout/tags/esapi-2.0.1</url>
+        <connection>scm:svn:http://owasp-esapi-java.googlecode.com/svn/trunk</connection>
+        <developerConnection>scm:svn:https://owasp-esapi-java.googlecode.com/svn/trunk</developerConnection>
+        <url>http://code.google.com/p/owasp-esapi-java/source/checkout</url>
     </scm>
 
     <issueManagement>

From 2d6b884786093b1c04e746c1b35bac157772d594 Mon Sep 17 00:00:00 2001
From: "kevin.w.wall" <kevin.w.wall@69e6d614-4441-0410-9a8b-65af957f44db>
Date: Sun, 24 Jun 2012 01:04:46 +0000
Subject: [PATCH 002/812] 1) Fix Google issue # 271. 2) Fix to work with q4e
 Eclipse plug-in.

---
 pom.xml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index aa817e883..c48a1908f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -30,7 +30,7 @@
     <description>The Enterprise Security API (ESAPI) project is an OWASP project
         to create simple strong security controls for every web platform.
         Security controls are not simple to build. You can read about the
-        hundreds of pitfalls for unwary developers on the OWASP website. By
+        hundreds of pitfalls for unwary developers on the OWASP web site. By
         providing developers with a set of strong controls, we aim to
         eliminate some of the complexity of creating secure web applications.
         This can result in significant cost savings across the SDLC.
@@ -194,7 +194,7 @@
         <dependency>
             <groupId>xom</groupId>
             <artifactId>xom</artifactId>
-            <version>1.1</version>
+            <version>1.2.5</version>
         </dependency>
         <dependency>
             <groupId>org.beanshell</groupId>
@@ -252,6 +252,7 @@
                 <executions>
                     <execution>
                         <id>check-for-dependency-updates</id>
+                        <phase>compile</phase> <!-- Eclipse q4e plugin needs this -->
                         <goals>
                             <goal>display-dependency-updates</goal>
                             <goal>display-plugin-updates</goal>

From 899e828ddceba60e48e15d440b814fa7722a5b44 Mon Sep 17 00:00:00 2001
From: "kevin.w.wall" <kevin.w.wall@69e6d614-4441-0410-9a8b-65af957f44db>
Date: Sun, 24 Jun 2012 01:08:09 +0000
Subject: [PATCH 003/812] Fix Google Issue # 257

---
 src/main/java/org/owasp/esapi/User.java       |  2 +-
 .../org/owasp/esapi/codecs/VBScriptCodec.java |  4 +-
 .../esapi/reference/DefaultRandomizer.java    |  3 +-
 .../owasp/esapi/reference/DefaultUser.java    |  3 +-
 src/test/java/org/owasp/esapi/UserTest.java   |  8 ++--
 .../esapi/reference/AuthenticatorTest.java    | 41 ++++++++++---------
 .../owasp/esapi/reference/EncoderTest.java    | 13 +++---
 .../esapi/reference/HTTPUtilitiesTest.java    |  9 ++--
 .../reference/IntrusionDetectorTest.java      |  5 ++-
 .../owasp/esapi/reference/RandomizerTest.java |  5 ++-
 .../org/owasp/esapi/reference/UserTest.java   | 25 +++++------
 .../esapi/reference/crypto/EncryptorTest.java |  8 ++--
 .../java/org/owasp/esapi/waf/WAFTestCase.java |  4 +-
 13 files changed, 70 insertions(+), 60 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/User.java b/src/main/java/org/owasp/esapi/User.java
index c8b70adb8..f6b9fa2d4 100644
--- a/src/main/java/org/owasp/esapi/User.java
+++ b/src/main/java/org/owasp/esapi/User.java
@@ -663,7 +663,7 @@ public void removeRole(String role) throws AuthenticationException {
          * {@inheritDoc}
          */
         public String resetCSRFToken() throws AuthenticationException {
-    		csrfToken = ESAPI.randomizer().getRandomString(8, Encoder.CHAR_ALPHANUMERICS);
+    		csrfToken = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
     		return csrfToken;
         }
 
diff --git a/src/main/java/org/owasp/esapi/codecs/VBScriptCodec.java b/src/main/java/org/owasp/esapi/codecs/VBScriptCodec.java
index ec3ed5f74..2dccbbd81 100644
--- a/src/main/java/org/owasp/esapi/codecs/VBScriptCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/VBScriptCodec.java
@@ -15,7 +15,7 @@
  */
 package org.owasp.esapi.codecs;
 
-import org.owasp.esapi.reference.DefaultEncoder;
+import org.owasp.esapi.EncoderConstants;
 
 
 /**
@@ -44,7 +44,7 @@ public String encode(char[] immune, String input) {
 			char c = input.charAt(i);
 			
 			// handle normal characters and surround them with quotes
-			if (containsCharacter(c, DefaultEncoder.CHAR_ALPHANUMERICS) || containsCharacter(c, immune)) {
+			if (containsCharacter(c, EncoderConstants.CHAR_ALPHANUMERICS) || containsCharacter(c, immune)) {
 				if ( encoding && i > 0 ) sb.append( "&" );
 				if ( !inquotes && i > 0 ) sb.append( "\"" );
 				sb.append( c );
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultRandomizer.java b/src/main/java/org/owasp/esapi/reference/DefaultRandomizer.java
index 65b894c67..3272a6946 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultRandomizer.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultRandomizer.java
@@ -20,6 +20,7 @@
 import java.util.UUID;
 
 import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.EncoderConstants;
 import org.owasp.esapi.Logger;
 import org.owasp.esapi.Randomizer;
 import org.owasp.esapi.errors.EncryptionException;
@@ -109,7 +110,7 @@ public float getRandomReal(float min, float max) {
 	 * {@inheritDoc}
 	 */
     public String getRandomFilename(String extension) {
-        String fn = getRandomString(12, DefaultEncoder.CHAR_ALPHANUMERICS) + "." + extension;
+        String fn = getRandomString(12, EncoderConstants.CHAR_ALPHANUMERICS) + "." + extension;
         logger.debug(Logger.SECURITY_SUCCESS, "Generated new random filename: " + fn );
         return fn;
     }
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultUser.java b/src/main/java/org/owasp/esapi/reference/DefaultUser.java
index 40672dd85..6b24f1aae 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultUser.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultUser.java
@@ -16,6 +16,7 @@
 package org.owasp.esapi.reference;
 
 import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.EncoderConstants;
 import org.owasp.esapi.HTTPUtilities;
 import org.owasp.esapi.Logger;
 import org.owasp.esapi.User;
@@ -472,7 +473,7 @@ public void removeRole(String role) {
 	public String resetCSRFToken() {
 		// user.csrfToken = ESAPI.encryptor().hash( session.getId(),user.name );
 		// user.csrfToken = ESAPI.encryptor().encrypt( address + ":" + ESAPI.encryptor().getTimeStamp();
-		csrfToken = ESAPI.randomizer().getRandomString(8, DefaultEncoder.CHAR_ALPHANUMERICS);
+		csrfToken = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
 		return csrfToken;
 	}
 
diff --git a/src/test/java/org/owasp/esapi/UserTest.java b/src/test/java/org/owasp/esapi/UserTest.java
index e79db714c..ab31d4808 100644
--- a/src/test/java/org/owasp/esapi/UserTest.java
+++ b/src/test/java/org/owasp/esapi/UserTest.java
@@ -19,8 +19,6 @@
 import junit.framework.TestCase;
 import junit.framework.TestSuite;
 
-import org.owasp.esapi.reference.DefaultEncoder;
-
 /**
  * @author Jeff Williams (jeff.williams@aspectsecurity.com)
  */
@@ -45,9 +43,13 @@ public static Test suite() {
 	
 	public void testAllMethods() throws Exception {
 		// create a user to test Anonymous
-		String accountName = ESAPI.randomizer().getRandomString(8, DefaultEncoder.CHAR_ALPHANUMERICS);
+		String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
 		Authenticator instance = ESAPI.authenticator();
 		String password = instance.generateStrongPassword();
+		
+			// Probably could skip the assignment here, but maybe someone had
+			// future plans to use this. So will just suppress warning for now.
+		@SuppressWarnings("unused")
 		User user = instance.createUser(accountName, password, password);
 		
 		// test the rest of the Anonymous user
diff --git a/src/test/java/org/owasp/esapi/reference/AuthenticatorTest.java b/src/test/java/org/owasp/esapi/reference/AuthenticatorTest.java
index e24f9e547..31699ccfb 100644
--- a/src/test/java/org/owasp/esapi/reference/AuthenticatorTest.java
+++ b/src/test/java/org/owasp/esapi/reference/AuthenticatorTest.java
@@ -24,6 +24,7 @@
 
 import org.owasp.esapi.Authenticator;
 import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.EncoderConstants;
 import org.owasp.esapi.HTTPUtilities;
 import org.owasp.esapi.Logger;
 import org.owasp.esapi.User;
@@ -89,7 +90,7 @@ protected void tearDown() throws Exception {
 	 */
 	public void testCreateUser() throws AuthenticationException, EncryptionException {
 		System.out.println("createUser");
-		String accountName = ESAPI.randomizer().getRandomString(8, DefaultEncoder.CHAR_ALPHANUMERICS);
+		String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
 		Authenticator instance = ESAPI.authenticator();
 		String password = instance.generateStrongPassword();
 		User user = instance.createUser(accountName, password, password);
@@ -101,13 +102,13 @@ public void testCreateUser() throws AuthenticationException, EncryptionException
             // success
         }
         try {
-            instance.createUser(ESAPI.randomizer().getRandomString(8, DefaultEncoder.CHAR_ALPHANUMERICS), "password1", "password2"); // don't match
+            instance.createUser(ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS), "password1", "password2"); // don't match
             fail();
         } catch (AuthenticationException e) {
             // success
         }
         try {
-            instance.createUser(ESAPI.randomizer().getRandomString(8, DefaultEncoder.CHAR_ALPHANUMERICS), "weak1", "weak1");  // weak password
+            instance.createUser(ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS), "weak1", "weak1");  // weak password
             fail();
         } catch (AuthenticationException e) {
             // success
@@ -119,7 +120,7 @@ public void testCreateUser() throws AuthenticationException, EncryptionException
             // success
         }
         try {
-            instance.createUser(ESAPI.randomizer().getRandomString(8, DefaultEncoder.CHAR_ALPHANUMERICS), null, null);  // null password
+            instance.createUser(ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS), null, null);  // null password
             fail();
         } catch (AuthenticationException e) {
             // success
@@ -173,8 +174,8 @@ public void testGenerateStrongPassword() throws AuthenticationException {
 	public void testGetCurrentUser() throws Exception {
 		System.out.println("getCurrentUser");
         Authenticator instance = ESAPI.authenticator();
-		String username1 = ESAPI.randomizer().getRandomString(8, DefaultEncoder.CHAR_ALPHANUMERICS);
-		String username2 = ESAPI.randomizer().getRandomString(8, DefaultEncoder.CHAR_ALPHANUMERICS);
+		String username1 = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+		String username2 = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
 		User user1 = instance.createUser(username1, "getCurrentUser", "getCurrentUser");
 		User user2 = instance.createUser(username2, "getCurrentUser", "getCurrentUser");		
 		user1.enable();
@@ -228,10 +229,10 @@ public void testGetUser() throws AuthenticationException {
 		System.out.println("getUser");
         Authenticator instance = ESAPI.authenticator();
 		String password = instance.generateStrongPassword();
-		String accountName=ESAPI.randomizer().getRandomString(8, DefaultEncoder.CHAR_ALPHANUMERICS);
+		String accountName=ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
 		instance.createUser(accountName, password, password);
 		assertNotNull(instance.getUser( accountName ));
-		assertNull(instance.getUser( ESAPI.randomizer().getRandomString(8, DefaultEncoder.CHAR_ALPHANUMERICS) ));
+		assertNull(instance.getUser( ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS) ));
 	}
 	
     /**
@@ -243,7 +244,7 @@ public void testGetUserFromRememberToken() throws AuthenticationException {
         Authenticator instance = ESAPI.authenticator();
         instance.logout();  // in case anyone is logged in
 		String password = instance.generateStrongPassword();
-		String accountName=ESAPI.randomizer().getRandomString(8, DefaultEncoder.CHAR_ALPHANUMERICS);
+		String accountName=ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
 		User user = instance.createUser(accountName, password, password);
 		user.enable();
 		MockHttpServletRequest request = new MockHttpServletRequest();
@@ -281,7 +282,7 @@ public void testGetUserFromSession() throws AuthenticationException {
 		System.out.println("getUserFromSession");
         FileBasedAuthenticator instance = (FileBasedAuthenticator)ESAPI.authenticator();
         instance.logout();  // in case anyone is logged in
-		String accountName=ESAPI.randomizer().getRandomString(8, DefaultEncoder.CHAR_ALPHANUMERICS);
+		String accountName=ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
 		String password = instance.generateStrongPassword();
 		User user = instance.createUser(accountName, password, password);
 		user.enable();
@@ -307,7 +308,7 @@ public void testGetUserNames() throws AuthenticationException {
 		String password = instance.generateStrongPassword();
 		String[] testnames = new String[10];
 		for(int i=0;i<testnames.length;i++) {
-			testnames[i] = ESAPI.randomizer().getRandomString(8,DefaultEncoder.CHAR_ALPHANUMERICS);
+			testnames[i] = ESAPI.randomizer().getRandomString(8,EncoderConstants.CHAR_ALPHANUMERICS);
 		}
 		for(int i=0;i<testnames.length;i++) {
 			instance.createUser(testnames[i], password, password);
@@ -342,7 +343,7 @@ public void testHashPassword() throws EncryptionException {
 	public void testLogin() throws AuthenticationException {
 		System.out.println("login");
         Authenticator instance = ESAPI.authenticator();
-        String username = ESAPI.randomizer().getRandomString(8, DefaultEncoder.CHAR_ALPHANUMERICS);
+        String username = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
 		String password = instance.generateStrongPassword();
 		User user = instance.createUser(username, password, password);
 		user.enable();
@@ -362,7 +363,7 @@ public void testLogin() throws AuthenticationException {
 	 */
 	public void testRemoveUser() throws Exception {
 		System.out.println("removeUser");
-		String accountName = ESAPI.randomizer().getRandomString(8, DefaultEncoder.CHAR_ALPHANUMERICS);
+		String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
         Authenticator instance = ESAPI.authenticator();
 		String password = instance.generateStrongPassword();
 		instance.createUser(accountName, password, password);
@@ -379,7 +380,7 @@ public void testRemoveUser() throws Exception {
 	 */
 	public void testSaveUsers() throws Exception {
 		System.out.println("saveUsers");
-		String accountName = ESAPI.randomizer().getRandomString(8, DefaultEncoder.CHAR_ALPHANUMERICS);
+		String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
         FileBasedAuthenticator instance = (FileBasedAuthenticator)ESAPI.authenticator();
 		String password = instance.generateStrongPassword();
 		instance.createUser(accountName, password, password);
@@ -399,8 +400,8 @@ public void testSaveUsers() throws Exception {
 	public void testSetCurrentUser() throws AuthenticationException {
 		System.out.println("setCurrentUser");
         final Authenticator instance = ESAPI.authenticator();
-		String user1 = ESAPI.randomizer().getRandomString(8, DefaultEncoder.CHAR_UPPERS);
-		String user2 = ESAPI.randomizer().getRandomString(8, DefaultEncoder.CHAR_UPPERS);
+		String user1 = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_UPPERS);
+		String user2 = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_UPPERS);
 		User userOne = instance.createUser(user1, "getCurrentUser", "getCurrentUser");
 		userOne.enable();
 	    MockHttpServletRequest request = new MockHttpServletRequest();
@@ -418,7 +419,7 @@ public void testSetCurrentUser() throws AuthenticationException {
 			public void run() {
 				User u=null;
 				try {
-					String password = ESAPI.randomizer().getRandomString(8, DefaultEncoder.CHAR_ALPHANUMERICS);
+					String password = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
 					u = instance.createUser("test" + count++, password, password);
 					instance.setCurrentUser(u);
 					ESAPI.getLogger("test").info( Logger.SECURITY_SUCCESS, "Got current user" );
@@ -445,7 +446,7 @@ public void testSetCurrentUserWithRequest() throws AuthenticationException {
         Authenticator instance = ESAPI.authenticator();
         instance.logout();  // in case anyone is logged in
 		String password = instance.generateStrongPassword();
-		String accountName = ESAPI.randomizer().getRandomString(8, DefaultEncoder.CHAR_ALPHANUMERICS);
+		String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
 		DefaultUser user = (DefaultUser) instance.createUser(accountName, password, password);
 		user.enable();
 		MockHttpServletRequest request = new MockHttpServletRequest();
@@ -573,7 +574,7 @@ public void testValidatePasswordStrength() throws AuthenticationException {
 	 */
 	public void testExists() throws Exception {
 		System.out.println("exists");
-		String accountName = ESAPI.randomizer().getRandomString(8, DefaultEncoder.CHAR_ALPHANUMERICS);
+		String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
         Authenticator instance = ESAPI.authenticator();
 		String password = instance.generateStrongPassword();
 		instance.createUser(accountName, password, password);
@@ -589,7 +590,7 @@ public void testExists() throws Exception {
     public void testMain() throws Exception {
         System.out.println("Authenticator Main");
         Authenticator instance = ESAPI.authenticator();
-        String accountName = ESAPI.randomizer().getRandomString(8, DefaultEncoder.CHAR_ALPHANUMERICS);
+        String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
         String password = instance.generateStrongPassword();
         String role = "test";
         
diff --git a/src/test/java/org/owasp/esapi/reference/EncoderTest.java b/src/test/java/org/owasp/esapi/reference/EncoderTest.java
index c7a247c6e..52feb91e7 100644
--- a/src/test/java/org/owasp/esapi/reference/EncoderTest.java
+++ b/src/test/java/org/owasp/esapi/reference/EncoderTest.java
@@ -26,6 +26,7 @@
 
 import org.owasp.esapi.ESAPI;
 import org.owasp.esapi.Encoder;
+import org.owasp.esapi.EncoderConstants;
 import org.owasp.esapi.codecs.Codec;
 import org.owasp.esapi.codecs.MySQLCodec;
 import org.owasp.esapi.codecs.OracleCodec;
@@ -591,7 +592,7 @@ public void testEncodeForBase64() {
             assertEquals(null, instance.encodeForBase64(null, true));
             assertEquals(null, instance.decodeFromBase64(null));
             for ( int i=0; i < 100; i++ ) {
-                byte[] r = ESAPI.randomizer().getRandomString( 20, DefaultEncoder.CHAR_SPECIALS ).getBytes(PREFERRED_ENCODING);
+                byte[] r = ESAPI.randomizer().getRandomString( 20, EncoderConstants.CHAR_SPECIALS ).getBytes(PREFERRED_ENCODING);
                 String encoded = instance.encodeForBase64( r, ESAPI.randomizer().getRandomBoolean() );
                 byte[] decoded = instance.decodeFromBase64( encoded );
                 assertTrue( Arrays.equals( r, decoded ) );
@@ -609,7 +610,7 @@ public void testDecodeFromBase64() {
         Encoder instance = ESAPI.encoder();
         for ( int i=0; i < 100; i++ ) {
             try {
-                byte[] r = ESAPI.randomizer().getRandomString( 20, DefaultEncoder.CHAR_SPECIALS ).getBytes(PREFERRED_ENCODING);
+                byte[] r = ESAPI.randomizer().getRandomString( 20, EncoderConstants.CHAR_SPECIALS ).getBytes(PREFERRED_ENCODING);
                 String encoded = instance.encodeForBase64( r, ESAPI.randomizer().getRandomBoolean() );
                 byte[] decoded = instance.decodeFromBase64( encoded );
                 assertTrue( Arrays.equals( r, decoded ) );
@@ -619,8 +620,8 @@ public void testDecodeFromBase64() {
         }
         for ( int i=0; i < 100; i++ ) {
             try {
-                byte[] r = ESAPI.randomizer().getRandomString( 20, DefaultEncoder.CHAR_SPECIALS ).getBytes(PREFERRED_ENCODING);
-                String encoded = ESAPI.randomizer().getRandomString(1, DefaultEncoder.CHAR_ALPHANUMERICS) + instance.encodeForBase64( r, ESAPI.randomizer().getRandomBoolean() );
+                byte[] r = ESAPI.randomizer().getRandomString( 20, EncoderConstants.CHAR_SPECIALS ).getBytes(PREFERRED_ENCODING);
+                String encoded = ESAPI.randomizer().getRandomString(1, EncoderConstants.CHAR_ALPHANUMERICS) + instance.encodeForBase64( r, ESAPI.randomizer().getRandomBoolean() );
 	            byte[] decoded = instance.decodeFromBase64( encoded );
 	            assertFalse( Arrays.equals(r, decoded) );
             } catch( UnsupportedEncodingException ex) {
@@ -655,7 +656,7 @@ public void testWindowsCodec() {
         assertEquals(c, decoded);
         
         String orig = "c:\\jeff";
-        String enc = win.encode(DefaultEncoder.CHAR_ALPHANUMERICS, orig);
+        String enc = win.encode(EncoderConstants.CHAR_ALPHANUMERICS, orig);
         assertEquals(orig, win.decode(enc));
         assertEquals(orig, win.decode(orig));
         
@@ -779,7 +780,7 @@ public EncoderConcurrencyMock( int num ) {
     	}
 	    public void run() {
 			while( true ) {
-				String nonce = ESAPI.randomizer().getRandomString( 20, DefaultEncoder.CHAR_SPECIALS );
+				String nonce = ESAPI.randomizer().getRandomString( 20, EncoderConstants.CHAR_SPECIALS );
 				String result = javaScriptEncode( nonce );
 				// randomize the threads
 				try {
diff --git a/src/test/java/org/owasp/esapi/reference/HTTPUtilitiesTest.java b/src/test/java/org/owasp/esapi/reference/HTTPUtilitiesTest.java
index 8309844ac..40f9e219e 100644
--- a/src/test/java/org/owasp/esapi/reference/HTTPUtilitiesTest.java
+++ b/src/test/java/org/owasp/esapi/reference/HTTPUtilitiesTest.java
@@ -20,6 +20,7 @@
 import junit.framework.TestSuite;
 import org.owasp.esapi.Authenticator;
 import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.EncoderConstants;
 import org.owasp.esapi.HTTPUtilities;
 import org.owasp.esapi.User;
 import org.owasp.esapi.codecs.Hex;
@@ -87,7 +88,7 @@ protected void tearDown() throws Exception {
 
 	public void testCSRFToken() throws Exception {
 		System.out.println( "CSRFToken");
-		String username = ESAPI.randomizer().getRandomString(8, DefaultEncoder.CHAR_ALPHANUMERICS);
+		String username = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
 		User user = ESAPI.authenticator().createUser(username, "addCSRFToken", "addCSRFToken");
 		ESAPI.authenticator().setCurrentUser( user );
 		String token = ESAPI.httpUtilities().getCSRFToken();
@@ -109,7 +110,7 @@ public void testCSRFToken() throws Exception {
 	 */
 	public void testAddCSRFToken() throws AuthenticationException {
 		Authenticator instance = ESAPI.authenticator();
-		String username = ESAPI.randomizer().getRandomString(8, DefaultEncoder.CHAR_ALPHANUMERICS);
+		String username = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
 		User user = instance.createUser(username, "addCSRFToken", "addCSRFToken");
 		instance.setCurrentUser( user );
 
@@ -423,7 +424,7 @@ public void testSaveTooLongStateInEncryptedCookieException() {
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		ESAPI.httpUtilities().setCurrentHTTP(request, response);
 
-		String foo = ESAPI.randomizer().getRandomString(4096, DefaultEncoder.CHAR_ALPHANUMERICS);
+		String foo = ESAPI.randomizer().getRandomString(4096, EncoderConstants.CHAR_ALPHANUMERICS);
 
 		HashMap map = new HashMap();
 		map.put("long", foo);
@@ -461,7 +462,7 @@ public void testSetNoCacheHeaders() {
 	public void testSetRememberToken() throws AuthenticationException {
 		System.out.println("setRememberToken");
 		Authenticator instance = (Authenticator)ESAPI.authenticator();
-		String accountName=ESAPI.randomizer().getRandomString(8, DefaultEncoder.CHAR_ALPHANUMERICS);
+		String accountName=ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
 		String password = instance.generateStrongPassword();
 		User user = instance.createUser(accountName, password, password);
 		user.enable();
diff --git a/src/test/java/org/owasp/esapi/reference/IntrusionDetectorTest.java b/src/test/java/org/owasp/esapi/reference/IntrusionDetectorTest.java
index 8743a35e3..e7f79d509 100644
--- a/src/test/java/org/owasp/esapi/reference/IntrusionDetectorTest.java
+++ b/src/test/java/org/owasp/esapi/reference/IntrusionDetectorTest.java
@@ -21,6 +21,7 @@
 
 import org.owasp.esapi.Authenticator;
 import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.EncoderConstants;
 import org.owasp.esapi.User;
 import org.owasp.esapi.errors.AuthenticationException;
 import org.owasp.esapi.errors.IntegrityException;
@@ -86,7 +87,7 @@ public void testAddException() throws AuthenticationException {
 		ESAPI.intrusionDetector().addException( new RuntimeException("message") );
 		ESAPI.intrusionDetector().addException( new ValidationException("user message", "log message") );
 		ESAPI.intrusionDetector().addException( new IntrusionException("user message", "log message") );
-		String username = ESAPI.randomizer().getRandomString(8, DefaultEncoder.CHAR_ALPHANUMERICS);
+		String username = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
         Authenticator auth = ESAPI.authenticator();
 		User user = auth.createUser(username, "addException", "addException");
 		user.enable();
@@ -112,7 +113,7 @@ public void testAddException() throws AuthenticationException {
      */
     public void testAddEvent() throws AuthenticationException {
         System.out.println("addEvent");
-		String username = ESAPI.randomizer().getRandomString(8, DefaultEncoder.CHAR_ALPHANUMERICS);
+		String username = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
         Authenticator auth = ESAPI.authenticator();
 		User user = auth.createUser(username, "addEvent", "addEvent");
 		user.enable();
diff --git a/src/test/java/org/owasp/esapi/reference/RandomizerTest.java b/src/test/java/org/owasp/esapi/reference/RandomizerTest.java
index a9c57f708..2fc27f9de 100644
--- a/src/test/java/org/owasp/esapi/reference/RandomizerTest.java
+++ b/src/test/java/org/owasp/esapi/reference/RandomizerTest.java
@@ -22,6 +22,7 @@
 import junit.framework.TestSuite;
 
 import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.EncoderConstants;
 import org.owasp.esapi.Randomizer;
 import org.owasp.esapi.codecs.Codec;
 import org.owasp.esapi.errors.EncryptionException;
@@ -77,9 +78,9 @@ public void testGetRandomString() {
         int length = 20;
         Randomizer instance = ESAPI.randomizer();
         for ( int i = 0; i < 100; i++ ) {
-            String result = instance.getRandomString(length, DefaultEncoder.CHAR_ALPHANUMERICS );
+            String result = instance.getRandomString(length, EncoderConstants.CHAR_ALPHANUMERICS );
             for ( int j=0;j<result.length();j++ ) {
-            	if ( !Codec.containsCharacter( result.charAt(j), DefaultEncoder.CHAR_ALPHANUMERICS) ) {
+            	if ( !Codec.containsCharacter( result.charAt(j), EncoderConstants.CHAR_ALPHANUMERICS) ) {
             		fail();
             	}
             }
diff --git a/src/test/java/org/owasp/esapi/reference/UserTest.java b/src/test/java/org/owasp/esapi/reference/UserTest.java
index e41bba49b..630976e7b 100644
--- a/src/test/java/org/owasp/esapi/reference/UserTest.java
+++ b/src/test/java/org/owasp/esapi/reference/UserTest.java
@@ -28,6 +28,7 @@
 
 import org.owasp.esapi.Authenticator;
 import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.EncoderConstants;
 import org.owasp.esapi.User;
 import org.owasp.esapi.errors.AuthenticationException;
 import org.owasp.esapi.errors.EncryptionException;
@@ -74,7 +75,7 @@ public UserTest(String testName) {
 	 *             the authentication exception
 	 */
 	private DefaultUser createTestUser(String password) throws AuthenticationException {
-		String username = ESAPI.randomizer().getRandomString(8, DefaultEncoder.CHAR_ALPHANUMERICS);
+		String username = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
 		Exception e = new Exception();
 		System.out.println("Creating user " + username + " for " + e.getStackTrace()[1].getMethodName());
 		DefaultUser user = (DefaultUser) ESAPI.authenticator().createUser(username, password, password);
@@ -108,9 +109,9 @@ protected void tearDown() throws Exception {
 	public void testAddRole() throws Exception {
 		System.out.println("addRole");
 		Authenticator instance = ESAPI.authenticator();
-		String accountName = ESAPI.randomizer().getRandomString(8, DefaultEncoder.CHAR_ALPHANUMERICS);
+		String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
 		String password = ESAPI.authenticator().generateStrongPassword();
-		String role = ESAPI.randomizer().getRandomString(8, DefaultEncoder.CHAR_LOWERS);
+		String role = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_LOWERS);
 		User user = instance.createUser(accountName, password, password);
 		user.addRole(role);
 		assertTrue(user.isInRole(role));
@@ -252,7 +253,7 @@ public void testFailedLoginLockout() throws AuthenticationException, EncryptionE
 	public void testGetAccountName() throws AuthenticationException {
 		System.out.println("getAccountName");
 		DefaultUser user = createTestUser("getAccountName");
-		String accountName = ESAPI.randomizer().getRandomString(7, DefaultEncoder.CHAR_ALPHANUMERICS);
+		String accountName = ESAPI.randomizer().getRandomString(7, EncoderConstants.CHAR_ALPHANUMERICS);
 		user.setAccountName(accountName);
 		assertEquals(accountName.toLowerCase(), user.getAccountName());
 		assertFalse("ridiculous".equals(user.getAccountName()));
@@ -329,9 +330,9 @@ public void testGetLastPasswordChangeTime() throws Exception {
 	public void testGetRoles() throws Exception {
 		System.out.println("getRoles");
 		Authenticator instance = ESAPI.authenticator();
-		String accountName = ESAPI.randomizer().getRandomString(8, DefaultEncoder.CHAR_ALPHANUMERICS);
+		String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
 		String password = ESAPI.authenticator().generateStrongPassword();
-		String role = ESAPI.randomizer().getRandomString(8, DefaultEncoder.CHAR_LOWERS);
+		String role = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_LOWERS);
 		User user = instance.createUser(accountName, password, password);
 		user.addRole(role);
 		Set roles = user.getRoles();
@@ -347,7 +348,7 @@ public void testGetRoles() throws Exception {
 	public void testGetScreenName() throws AuthenticationException {
 		System.out.println("getScreenName");
 		DefaultUser user = createTestUser("getScreenName");
-		String screenName = ESAPI.randomizer().getRandomString(7, DefaultEncoder.CHAR_ALPHANUMERICS);
+		String screenName = ESAPI.randomizer().getRandomString(7, EncoderConstants.CHAR_ALPHANUMERICS);
 		user.setScreenName(screenName);
 		assertEquals(screenName, user.getScreenName());
 		assertFalse("ridiculous".equals(user.getScreenName()));
@@ -360,7 +361,7 @@ public void testGetScreenName() throws AuthenticationException {
     public void testGetSessions() throws AuthenticationException {
         System.out.println("getSessions");
         Authenticator instance = ESAPI.authenticator();
-        String accountName = ESAPI.randomizer().getRandomString(8, DefaultEncoder.CHAR_ALPHANUMERICS);
+        String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
         String password = ESAPI.authenticator().generateStrongPassword();
         User user = instance.createUser(accountName, password, password);
         HttpSession session1 = new MockHttpSession();
@@ -630,7 +631,7 @@ public void testLogout() throws AuthenticationException {
 	 */
 	public void testRemoveRole() throws AuthenticationException {
 		System.out.println("removeRole");
-		String role = ESAPI.randomizer().getRandomString(8, DefaultEncoder.CHAR_LOWERS);
+		String role = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_LOWERS);
 		DefaultUser user = createTestUser("removeRole");
 		user.addRole(role);
 		assertTrue(user.isInRole(role));
@@ -660,7 +661,7 @@ public void testResetCSRFToken() throws AuthenticationException {
 	public void testSetAccountName() throws AuthenticationException {
 		System.out.println("setAccountName");
 		DefaultUser user = createTestUser("setAccountName");
-		String accountName = ESAPI.randomizer().getRandomString(7, DefaultEncoder.CHAR_ALPHANUMERICS);
+		String accountName = ESAPI.randomizer().getRandomString(7, EncoderConstants.CHAR_ALPHANUMERICS);
 		user.setAccountName(accountName);
 		assertEquals(accountName.toLowerCase(), user.getAccountName());
 		assertFalse("ridiculous".equals(user.getAccountName()));
@@ -675,7 +676,7 @@ public void testSetExpirationTime() throws Exception {
 		Date longAgo = new Date(0);
 		Date now = new Date();
 		assertTrue("new Date(0) returned " + longAgo + " which is considered before new Date() " + now + ". Please report this output to the email list or as a issue", longAgo.before(now));
-		String password=ESAPI.randomizer().getRandomString(8, DefaultEncoder.CHAR_ALPHANUMERICS);
+		String password=ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
 		DefaultUser user = createTestUser(password);
 		user.setExpirationTime(longAgo);
 		assertTrue( user.isExpired() );
@@ -712,7 +713,7 @@ public void testSetRoles() throws AuthenticationException {
 	public void testSetScreenName() throws AuthenticationException {
 		System.out.println("setScreenName");
 		DefaultUser user = createTestUser("setScreenName");
-		String screenName = ESAPI.randomizer().getRandomString(7, DefaultEncoder.CHAR_ALPHANUMERICS);
+		String screenName = ESAPI.randomizer().getRandomString(7, EncoderConstants.CHAR_ALPHANUMERICS);
 		user.setScreenName(screenName);
 		assertEquals(screenName, user.getScreenName());
 		assertFalse("ridiculous".equals(user.getScreenName()));
diff --git a/src/test/java/org/owasp/esapi/reference/crypto/EncryptorTest.java b/src/test/java/org/owasp/esapi/reference/crypto/EncryptorTest.java
index 35de74c90..8c205d8de 100644
--- a/src/test/java/org/owasp/esapi/reference/crypto/EncryptorTest.java
+++ b/src/test/java/org/owasp/esapi/reference/crypto/EncryptorTest.java
@@ -24,6 +24,7 @@
 import junit.framework.TestSuite;
 
 import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.EncoderConstants;
 import org.owasp.esapi.Encryptor;
 import org.owasp.esapi.crypto.CipherText;
 import org.owasp.esapi.crypto.CryptoHelper;
@@ -31,7 +32,6 @@
 import org.owasp.esapi.errors.EncryptionException;
 import org.owasp.esapi.errors.EnterpriseSecurityException;
 import org.owasp.esapi.errors.IntegrityException;
-import org.owasp.esapi.reference.DefaultEncoder;
 import org.owasp.esapi.reference.crypto.JavaEncryptor;
 
 /**
@@ -345,7 +345,7 @@ private static boolean isPlaintextOverwritten(PlainText plaintext) {
     public void testSign() throws EncryptionException {
         System.out.println("testSign()");        
         Encryptor instance = ESAPI.encryptor();
-        String plaintext = ESAPI.randomizer().getRandomString( 32, DefaultEncoder.CHAR_ALPHANUMERICS );
+        String plaintext = ESAPI.randomizer().getRandomString( 32, EncoderConstants.CHAR_ALPHANUMERICS );
         String signature = instance.sign(plaintext);
         assertTrue( instance.verifySignature( signature, plaintext ) );
         assertFalse( instance.verifySignature( signature, "ridiculous" ) );
@@ -361,7 +361,7 @@ public void testSign() throws EncryptionException {
     public void testVerifySignature() throws EncryptionException {
         System.out.println("testVerifySignature()");
         Encryptor instance = ESAPI.encryptor();
-        String plaintext = ESAPI.randomizer().getRandomString( 32, DefaultEncoder.CHAR_ALPHANUMERICS );
+        String plaintext = ESAPI.randomizer().getRandomString( 32, EncoderConstants.CHAR_ALPHANUMERICS );
         String signature = instance.sign(plaintext);
         assertTrue( instance.verifySignature( signature, plaintext ) );
     }
@@ -375,7 +375,7 @@ public void testVerifySignature() throws EncryptionException {
     public void testSeal() throws IntegrityException {
         System.out.println("testSeal()");
         Encryptor instance = ESAPI.encryptor(); 
-        String plaintext = ESAPI.randomizer().getRandomString( 32, DefaultEncoder.CHAR_ALPHANUMERICS );
+        String plaintext = ESAPI.randomizer().getRandomString( 32, EncoderConstants.CHAR_ALPHANUMERICS );
         String seal = instance.seal( plaintext, instance.getTimeStamp() + 1000*60 );
         instance.verifySeal( seal );
         
diff --git a/src/test/java/org/owasp/esapi/waf/WAFTestCase.java b/src/test/java/org/owasp/esapi/waf/WAFTestCase.java
index 8a0408d63..c0c63f772 100644
--- a/src/test/java/org/owasp/esapi/waf/WAFTestCase.java
+++ b/src/test/java/org/owasp/esapi/waf/WAFTestCase.java
@@ -20,10 +20,10 @@
 
 import org.owasp.esapi.Authenticator;
 import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.EncoderConstants;
 import org.owasp.esapi.User;
 import org.owasp.esapi.http.MockHttpServletRequest;
 import org.owasp.esapi.http.MockHttpServletResponse;
-import org.owasp.esapi.reference.DefaultEncoder;
 
 import junit.framework.TestCase;
 
@@ -40,7 +40,7 @@ public void setUp() throws Exception {
 	    // setup the user in session
 		
 		if ( user == null ) {
-			String accountName = ESAPI.randomizer().getRandomString(8, DefaultEncoder.CHAR_ALPHANUMERICS);
+			String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
 			Authenticator instance = ESAPI.authenticator();
 			String password = instance.generateStrongPassword();
 			instance.setCurrentUser(user);

From c51e3651a86ffb2eaaa77b96203a34ac69602f31 Mon Sep 17 00:00:00 2001
From: "kevin.w.wall" <kevin.w.wall@69e6d614-4441-0410-9a8b-65af957f44db>
Date: Sun, 22 Jul 2012 00:19:30 +0000
Subject: [PATCH 004/812] 1) Fix warnings in keySet() method. 2) Javadoc
 clean-up.

---
 src/main/java/org/owasp/esapi/EncryptedProperties.java | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/EncryptedProperties.java b/src/main/java/org/owasp/esapi/EncryptedProperties.java
index 667ee2b52..e95b1b858 100644
--- a/src/main/java/org/owasp/esapi/EncryptedProperties.java
+++ b/src/main/java/org/owasp/esapi/EncryptedProperties.java
@@ -72,14 +72,16 @@ public interface EncryptedProperties {
 	String setProperty(String key, String value) throws EncryptionException;
 	
 	/**
-	 * Returns a Set view of properties. The Set is backed by a Hashtable, so changes to the 
-	 * Hashtable are reflected in the Set, and vice-versa. The Set supports element 
-	 * removal (which removes the corresponding entry from the Hashtable), but not element addition.
+	 * Returns a {@code Set} view of properties. The {@code Set} is backed by a
+	 * {@code java.util.Hashtable}, so changes to the {@code Hashtable} are
+	 * reflected in the {@code Set}, and vice-versa. The {@code Set} supports element 
+	 * removal (which removes the corresponding entry from the {@code Hashtable),
+	 * but not element addition.
 	 * 
 	 * @return 
 	 * 		a set view of the properties contained in this map.
 	 */
-	public Set keySet();
+	public Set<?> keySet();
 		
 	/**
 	 * Reads a property list (key and element pairs) from the input stream.

From ffd225161dd445bd6e3e573e5154e7714bafd014 Mon Sep 17 00:00:00 2001
From: "kevin.w.wall" <kevin.w.wall@69e6d614-4441-0410-9a8b-65af957f44db>
Date: Sun, 22 Jul 2012 00:22:08 +0000
Subject: [PATCH 005/812] 1) Fix warnings. 2) Minor Javadoc changes.

---
 .../esapi/reference/crypto/DefaultEncryptedProperties.java  | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/crypto/DefaultEncryptedProperties.java b/src/main/java/org/owasp/esapi/reference/crypto/DefaultEncryptedProperties.java
index 5726b856f..4f6d1a381 100644
--- a/src/main/java/org/owasp/esapi/reference/crypto/DefaultEncryptedProperties.java
+++ b/src/main/java/org/owasp/esapi/reference/crypto/DefaultEncryptedProperties.java
@@ -46,8 +46,10 @@
  * 
  * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
  *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author kevin.w.wall@gmail.com
  * @since June 1, 2007
  * @see org.owasp.esapi.EncryptedProperties
+ * @see org.owasp.esapi.reference.crypto.ReferenceEncryptedProperties
  */
 public class DefaultEncryptedProperties implements org.owasp.esapi.EncryptedProperties {
 
@@ -136,7 +138,7 @@ public synchronized String setProperty(String key, String value) throws Encrypti
 	/**
 	 * {@inheritDoc}
 	 */
-	public Set keySet() {
+	public Set<?> keySet() {
 		return properties.keySet();
 	}
 
@@ -201,7 +203,7 @@ public static void main(String[] args) throws Exception {
     		try { if ( out != null ) out.close(); } catch( Exception e ) {}
 		}
 		
-		Iterator i = ep.keySet().iterator();
+		Iterator<?> i = ep.keySet().iterator();
 		while (i.hasNext()) {
 			String k = (String) i.next();
 			String value = ep.getProperty(k);

From 88cb0cf1c6ca34eaef062cf9b6bdbaab89878d4f Mon Sep 17 00:00:00 2001
From: "kevin.w.wall" <kevin.w.wall@69e6d614-4441-0410-9a8b-65af957f44db>
Date: Sun, 22 Jul 2012 00:28:32 +0000
Subject: [PATCH 006/812] 1) Remove unneeded import (bsh.This). 2) Fix or
 suppress warnings. 3) Add serialVersionUID. 4) Fix Javadoc.

---
 .../crypto/ReferenceEncryptedProperties.java  | 28 ++++++++++++++-----
 1 file changed, 21 insertions(+), 7 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/crypto/ReferenceEncryptedProperties.java b/src/main/java/org/owasp/esapi/reference/crypto/ReferenceEncryptedProperties.java
index bcbe786cf..cffc14963 100644
--- a/src/main/java/org/owasp/esapi/reference/crypto/ReferenceEncryptedProperties.java
+++ b/src/main/java/org/owasp/esapi/reference/crypto/ReferenceEncryptedProperties.java
@@ -15,7 +15,6 @@
  */
 package org.owasp.esapi.reference.crypto;
 
-import bsh.This;
 import java.io.BufferedReader;
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
@@ -42,17 +41,24 @@
  * and decryption based on {@code Encryptor}.
  * <p>
  * This implementation differs from {@code DefaultEncryptedProperties} in that
- * it actually extends from java.util.Properties for applications that need an
+ * it actually extends from {@code java.util.Properties} for applications that need an
  * instance of that class. In order to do so, the {@code getProperty} and
  * {@code setProperty} methods were modified to throw {@code EncryptionRuntimeException}
  * instead of {@code EncryptionException}.
  *
  * @author August Detlefsen (augustd at codemagi dot com)
  *         <a href="http://www.codemagi.com">CodeMagi, Inc.</a>
+ * @author kevin.w.wall@gmail.com
  * @since October 8, 2010
  * @see org.owasp.esapi.EncryptedProperties
+ * @see org.owasp.esapi.reference.crypto.DefaultEncryptedProperties
  */
-public class ReferenceEncryptedProperties extends java.util.Properties implements org.owasp.esapi.EncryptedProperties {
+public class ReferenceEncryptedProperties extends java.util.Properties implements EncryptedProperties {
+
+	/**
+	 * serverVersionUID; use format of YYYYMMDD.
+	 */
+	private static final long serialVersionUID = 20120718L;
 
 	/** The logger. */
 	private final Logger logger = ESAPI.getLogger(this.getClass());
@@ -91,7 +97,7 @@ public ReferenceEncryptedProperties(Properties defaults) {
 	/**
 	 * {@inheritDoc}
 	 *
-	 * @throws This method will throw an {@code EncryptionRuntimeException} if decryption fails.
+	 * @throws EncryptionRuntimeException Thrown if decryption fails.
 	 */
 	@Override
 	public synchronized String getProperty(String key) throws EncryptionRuntimeException {
@@ -120,7 +126,7 @@ public synchronized String getProperty(String key) throws EncryptionRuntimeExcep
 	/**
 	 * {@inheritDoc}
 	 *
-	 * @throws This method will throw an {@code EncryptionRuntimeException} if decryption fails.
+	 * @throws EncryptionRuntimeException Thrown if decryption fails.
 	 */
 	@Override
 	public String getProperty(String key, String defaultValue) throws EncryptionRuntimeException {
@@ -134,7 +140,7 @@ public String getProperty(String key, String defaultValue) throws EncryptionRunt
 	/**
 	 * {@inheritDoc}
 	 *
-	 * @throws This method will throw an {@code EncryptionRuntimeException} if encryption fails.
+	 * @throws EncryptionRuntimeException Thrown if encryption fails.
 	 */
 	@Override
 	public synchronized String setProperty(String key, String value) throws EncryptionRuntimeException {
@@ -164,6 +170,8 @@ public synchronized String setProperty(String key, String value) throws Encrypti
 
 	/**
 	 * {@inheritDoc}
+	 * @throws IOException Thrown if input stream invalid or does not
+	 * 					   correspond to Java properties file format.
 	 */
 	@Override
 	public void load(InputStream in) throws IOException {
@@ -175,7 +183,10 @@ public void load(InputStream in) throws IOException {
 	 * {@inheritDoc}
 	 *
 	 * For JDK 1.5 compatibility, this method has been overridden convert the Reader
-	 * into an InputStream and call the superclass constructor. 
+	 * into an InputStream and call the superclass constructor.
+	 * 
+	 * @throws IOException Thrown if {@code Reader} input stream invalid or does not
+	 * 					   correspond to Java properties file format.
 	 */
 	public void load(Reader in) throws IOException {
 
@@ -218,6 +229,7 @@ public void list(PrintWriter out) {
 	/**
 	 * This method has been overridden to throw an {@code UnsupportedOperationException}
 	 */
+	@SuppressWarnings({ "unchecked", "rawtypes" })
 	@Override
 	public Collection values() {
 		throw new UnsupportedOperationException("This method has been removed for security.");
@@ -226,6 +238,7 @@ public Collection values() {
 	/**
 	 * This method has been overridden to throw an {@code UnsupportedOperationException}
 	 */
+	@SuppressWarnings({ "unchecked", "rawtypes" })
 	@Override
 	public Set entrySet() {
 		throw new UnsupportedOperationException("This method has been removed for security.");
@@ -234,6 +247,7 @@ public Set entrySet() {
 	/**
 	 * This method has been overridden to throw an {@code UnsupportedOperationException}
 	 */
+	@SuppressWarnings({ "unchecked", "rawtypes" })
 	@Override
 	public Enumeration elements() {
 		throw new UnsupportedOperationException("This method has been removed for security.");

From b03591e53823c3d6a7792b030bb4cbfa6b6916d8 Mon Sep 17 00:00:00 2001
From: "kevin.w.wall" <kevin.w.wall@69e6d614-4441-0410-9a8b-65af957f44db>
Date: Wed, 28 Aug 2013 03:27:06 +0000
Subject: [PATCH 007/812] Fix Javadoc comment for encodeForJavaScript() method.

---
 src/main/java/org/owasp/esapi/Encoder.java | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/Encoder.java b/src/main/java/org/owasp/esapi/Encoder.java
index 168fb32ca..8a0ccd94e 100644
--- a/src/main/java/org/owasp/esapi/Encoder.java
+++ b/src/main/java/org/owasp/esapi/Encoder.java
@@ -294,11 +294,11 @@ public interface Encoder {
      * as input – even if the user input is encoded.
      * 
      * For example:
-     * 
+     * <pre>
      *  <script>
-     *  window.setInterval('<%= EVEN IF YOU ENCODE UNTRUSTED DATA YOU ARE XSSED HERE %>');
+     *     window.setInterval('<%= EVEN IF YOU ENCODE UNTRUSTED DATA YOU ARE XSSED HERE %>');
      *  </script>
-     * 
+     * </pre>
      * @param input 
      *          the text to encode for JavaScript
      * 

From 41138fef5f63d9cf0d5e05d2bee2c7f682ffef3f Mon Sep 17 00:00:00 2001
From: "kevin.w.wall" <kevin.w.wall@69e6d614-4441-0410-9a8b-65af957f44db>
Date: Thu, 29 Aug 2013 00:49:41 +0000
Subject: [PATCH 008/812] Fix for Google Issue #306 and changes to address the
 side effects of the fix (i.e., the removal of the deprecated ESAPI 1.4
 encrypt() / decrypt() methods from the Encryptor interface).

---
 src/main/java/org/owasp/esapi/Encryptor.java  | 122 +-----------------
 .../org/owasp/esapi/crypto/CipherText.java    |  24 ++--
 .../esapi/crypto/CipherTextSerializer.java    |   6 +-
 .../esapi/crypto/KeyDerivationFunction.java   |   7 +-
 .../esapi/reference/crypto/JavaEncryptor.java |  78 +----------
 5 files changed, 31 insertions(+), 206 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/Encryptor.java b/src/main/java/org/owasp/esapi/Encryptor.java
index 7d651ef31..35bf094dd 100644
--- a/src/main/java/org/owasp/esapi/Encryptor.java
+++ b/src/main/java/org/owasp/esapi/Encryptor.java
@@ -105,75 +105,12 @@ public interface Encryptor {
 	 */
 	String hash(String plaintext, String salt, int iterations) throws EncryptionException;
 	
-	/**
-	 * Encrypts the provided plaintext and returns a ciphertext string using the
-	 * master secret key and default cipher transformation.
-	 * </p><p>
-     * <b>Compatibility with earlier ESAPI versions:</b> The symmetric encryption
-     * in ESAPI 2.0 and later is not compatible with the encryption in ESAPI 1.4
-     * or earlier. Not only are the interfaces slightly different, but they format
-     * of the serialized encrypted data is incompatible. Therefore, if you have
-     * encrypted data with ESAPI 1.4 or earlier, you must first encrypt it and
-     * then re-encrypt it with ESAPI 2.0. Backward compatibility with ESAPI 1.4
-     * was proposed to both the ESAPI Developers and ESAPI Users mailing lists
-     * and voted down. More details are available in the ESAPI document
-     * <a href="http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/esapi4java-core-2.0-readme-crypto-changes.html">
-     * Why Is OWASP Changing ESAPI Encryption?</a>
-	 * </p><p>
-	 * <b>Why this method is deprecated:</b> Most cryptographers strongly suggest
-	 * that if you are creating crypto functionality for general-purpose use,
-	 * at a minimum you should ensure that it provides authenticity, integrity,
-	 * and confidentiality. This method only provides confidentiality, but not
-	 * authenticity or integrity. Therefore, you are encouraged to use
-	 * one of the other encryption methods referenced below. Because this
-	 * method provides neither authenticity nor integrity, it may be
-	 * removed in some future ESAPI Java release. Note: there are some cases
-	 * where authenticity / integrity are not that important. For instance, consider
-	 * a case where the encrypted data is never out of your application's control. For
-	 * example, if you receive data that your application is encrypting itself and then
-	 * storing the encrypted data in its own database for later use (and no other
-	 * applications can query or update that column of the database), providing
-	 * confidentiality alone might be sufficient. However, if there are cases
-	 * where your application will be sending or receiving already encrypted data
-	 * over an insecure, unauthenticated channel, in such cases authenticity and
-	 * integrity of the encrypted data likely is important and this method should
-	 * be avoided in favor of one of the other two.
-	 * 
-	 * @param plaintext
-	 *      the plaintext {@code String} to encrypt. Note that if you are encrypting
-	 *      general bytes, you should encypt that byte array to a String using
-	 *      "UTF-8" encoding.
-	 * 
-	 * @return 
-	 * 		the encrypted, base64-encoded String representation of 'plaintext' plus
-	 * 		the random IV used.
-	 * 
-	 * @throws EncryptionException
-	 *      if the specified encryption algorithm could not be found or another problem exists with 
-	 *      the encryption of 'plaintext'
-	 * 
-	 * @see #encrypt(PlainText)
-	 * @see #encrypt(SecretKey, PlainText)
-	 * 
-	 * @deprecated As of 1.4.2; use {@link #encrypt(PlainText)} instead, which
-	 *			   also ensures message authenticity. This method will be
-	 *             completely removed as of the next major release or point
-	 *             release (3.0 or 2.1, whichever comes first) as per OWASP
-	 *             deprecation policy.
-	 */
-	@Deprecated String encrypt(String plaintext) throws EncryptionException;
-
 	/**
 	 * Encrypts the provided plaintext bytes using the cipher transformation
 	 * specified by the property <code>Encryptor.CipherTransformation</code>
 	 * and the <i>master encryption key</i> as specified by the property
 	 * {@code Encryptor.MasterKey} as defined in the <code>ESAPI.properties</code> file.
-	 * </p><p>
-	 * This method is preferred over {@link #encrypt(String)} because it also
-	 * allows encrypting of general byte streams rather than simply strings and
-	 * also because it returns a {@code CipherText} object and thus supports
-	 * cipher modes that require an Initialization Vector (IV), such as
-	 * Cipher Block Chaining (CBC).
+	 * </p>
 	 * 
 	 * @param plaintext	The {@code PlainText} to be encrypted.
 	 * @return the {@code CipherText} object from which the raw ciphertext, the
@@ -217,68 +154,11 @@ public interface Encryptor {
 	 CipherText encrypt(SecretKey key, PlainText plaintext)
 	 		throws EncryptionException;
 
-	/**
-	 * Decrypts the provided ciphertext and returns a plaintext string using the
-	 * master secret key and default cipher transformation.
-	 * </p><p>
-	 * <b>Compatibility with earlier ESAPI versions:</b> The symmetric encryption
-	 * in ESAPI 2.0 and later is not compatible with the encryption in ESAPI 1.4
-	 * or earlier. Not only are the interfaces slightly different, but they format
-	 * of the serialized encrypted data is incompatible. Therefore, if you have
-	 * encrypted data with ESAPI 1.4 or earlier, you must first encrypt it and
-	 * then re-encrypt it with ESAPI 2.0. Backward compatibility with ESAPI 1.4
-	 * was proposed to both the ESAPI Developers and ESAPI Users mailing lists
-	 * and voted down. More details are available in the ESAPI document
-	 * <a href="http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/esapi4java-core-2.0-readme-crypto-changes.html">
-	 * Why Is OWASP Changing ESAPI Encryption?</a>
-	 * </p><p>
-	 * <b>Why this method is deprecated:</b> Most cryptographers strongly suggest
-	 * that if you are creating crypto functionality for general-purpose use,
-	 * at a minimum you should ensure that it provides authenticity, integrity,
-	 * and confidentiality. This method only provides confidentiality, but not
-	 * authenticity or integrity. Therefore, you are encouraged to use
-	 * one of the other encryption methods referenced below. Because this
-	 * method provides neither authenticity nor integrity, it may be
-	 * removed in some future ESAPI Java release. Note: there are some cases
-	 * where authenticity / integrity are not that important. For instance, consider
-	 * a case where the encrypted data is never out of your application's control. For
-	 * example, if you receive data that your application is encrypting itself and then
-	 * storing the encrypted data in its own database for later use (and no other
-	 * applications can query or update that column of the database), providing
-	 * confidentiality alone might be sufficient. However, if there are cases
-	 * where your application will be sending or receiving already encrypted data
-	 * over an insecure, unauthenticated channel, in such cases authenticity and
-	 * integrity of the encrypted data likely is important and this method should
-	 * be avoided in favor of one of the other two.
-	 *
-	 * @param ciphertext
-	 *      the ciphertext (the encrypted plaintext) that resulted from
-	 *      encrypting using the method {@link #encrypt(String)}.
-	 * 
-	 * @return 
-	 * 		the decrypted ciphertext (i.e., the corresponding plaintext).
-	 * 
-	 * @throws EncryptionException
-	 *      if the specified encryption algorithm could not be found or another problem exists with 
-	 *      the decryption of 'plaintext'
-	 *
-	 * @deprecated As of 1.4.2; use {@link #decrypt(CipherText)} instead, which
-     *             also ensures message authenticity. This method will be
-     *             completely removed as of the next major release or point
-     *             release (3.0 or 2.1, whichever comes first) as per OWASP
-     *             deprecation policy.
-	 */
-	 @Deprecated String decrypt(String ciphertext) throws EncryptionException;
-
 	/**
 	 * Decrypts the provided {@link CipherText} using the information from it
 	 * and the <i>master encryption key</i> as specified by the property
 	 * {@code Encryptor.MasterKey} as defined in the {@code ESAPI.properties}
 	 * file.
-	 * </p><p>
-	 * This decrypt method is to be preferred over the deprecated
-	 * {@link #decrypt(String)} method because this method can handle plaintext
-	 * bytes that were encrypted with cipher modes requiring IVs, such as CBC.
 	 * </p>
 	 * @param ciphertext The {@code CipherText} object to be decrypted.
 	 * @return The {@code PlainText} object resulting from decrypting the specified
diff --git a/src/main/java/org/owasp/esapi/crypto/CipherText.java b/src/main/java/org/owasp/esapi/crypto/CipherText.java
index 629002e08..689ef1c21 100644
--- a/src/main/java/org/owasp/esapi/crypto/CipherText.java
+++ b/src/main/java/org/owasp/esapi/crypto/CipherText.java
@@ -65,7 +65,9 @@ public final class CipherText implements Serializable {
     //       reflected in the class CipherTextSerializer.
     // This should be *same* version as in CipherTextSerializer and KeyDerivationFunction.
 	// If one changes, the other should as well to accommodate any differences.
-	public  static final int cipherTextVersion = 20110203; // Format: YYYYMMDD, max is 99991231.
+	//		Previous versions:	20110203 - Original version (ESAPI releases 2.0 & 2.0.1)
+	//						    20130830 - Fix to issue #306 (release 2.1.0)
+	public  static final int cipherTextVersion = 20130830; // Format: YYYYMMDD, max is 99991231.
 		// Required by Serializable classes.
 	private static final long serialVersionUID = cipherTextVersion; // Format: YYYYMMDD
 	
@@ -435,21 +437,23 @@ void storeSeparateMAC(byte[] macValue) {
 	 * @return True if the ciphertext has not be tampered with, and false otherwise.
 	 */
 	public boolean validateMAC(SecretKey authKey) {
-	    boolean usesMAC = ESAPI.securityConfiguration().useMACforCipherText();
+	    boolean requiresMAC = ESAPI.securityConfiguration().useMACforCipherText();
 
-	    if (  usesMAC && macComputed() ) {  // Uses MAC and it was computed
+	    if (  requiresMAC && macComputed() ) {  // Uses MAC and it was computed
 	        // Calculate MAC from HMAC-SHA1(nonce, IV + plaintext) and
 	        // compare to stored value (separate_mac_). If same, then return true,
 	        // else return false.
 	        byte[] mac = computeMAC(authKey);
 	        assert mac.length == separate_mac_.length : "MACs are of differnt lengths. Should both be the same.";
 	        return CryptoHelper.arrayCompare(mac, separate_mac_); // Safe compare!!!
-	    } else if ( ! usesMAC ) {           // Doesn't use MAC
+	    } else if ( ! requiresMAC ) {           // Doesn't require a MAC
 	        return true;
-	    } else {                            // Uses MAC but it has not been computed / stored.
-	        logger.warning(Logger.SECURITY_FAILURE, "Cannot validate MAC as it was never computed and stored. " +
-	        "Decryption result may be garbage even when decryption succeeds.");
-	        return true;    // Need to return 'true' here because of encrypt() / decrypt() methods don't support this.
+	    } else {
+	    		// This *used* to be the case (for versions 2.0 and 2.0.1) where we tried to
+	    		// accomodate the deprecated decrypt() method from ESAPI 1.4. Unfortunately,
+	    		// that was an EPIC FAIL. (See Google Issue # 306 for details.)
+	        logger.warning(Logger.SECURITY_FAILURE, "MAC may have been tampered with (e.g., length set to 0).");
+	        return false;    // Deprecated decrypt() method removed, so now return false.
 	    }
 	}
 	
@@ -474,8 +478,8 @@ public byte[] asPortableSerializedByteArray() throws EncryptionException {
 	    
 	    // If we are supposed to be using a (separate) MAC, also make sure
 	    // that it has been computed/stored.
-	    boolean usesMAC = ESAPI.securityConfiguration().useMACforCipherText();
-	    if (  usesMAC && ! macComputed() ) {
+	    boolean requiresMAC = ESAPI.securityConfiguration().useMACforCipherText();
+	    if (  requiresMAC && ! macComputed() ) {
 	        String msg = "Programming error: MAC is required for this cipher mode (" +
 	                     getCipherMode() + "), but MAC has not yet been " +
 	                     "computed and stored. Call the method " +
diff --git a/src/main/java/org/owasp/esapi/crypto/CipherTextSerializer.java b/src/main/java/org/owasp/esapi/crypto/CipherTextSerializer.java
index ca4d4ac16..b00dd245c 100644
--- a/src/main/java/org/owasp/esapi/crypto/CipherTextSerializer.java
+++ b/src/main/java/org/owasp/esapi/crypto/CipherTextSerializer.java
@@ -32,7 +32,9 @@
 public class CipherTextSerializer {
     // This should be *same* version as in CipherText & KeyDerivationFunction.
 	// If one changes, the other should as well to accommodate any differences.
-	public  static final  int cipherTextSerializerVersion = 20110203; // Format: YYYYMMDD, max is 99991231.
+	//		Previous versions:	20110203 - Original version (ESAPI releases 2.0 & 2.0.1)
+	//						    20130830 - Fix to issue #306 (release 2.1.0)
+	public  static final  int cipherTextSerializerVersion = 20130830; // Format: YYYYMMDD, max is 99991231.
     private static final long serialVersionUID = cipherTextSerializerVersion;
 
     private static final Logger logger = ESAPI.getLogger("CipherTextSerializer");
@@ -234,7 +236,7 @@ private CipherText convertToCipherText(byte[] cipherTextSerializedBytes)
             debug("kdfPrf: " + kdfPrf);
             assert kdfPrf >= 0 && kdfPrf <= 15 : "kdfPrf == " + kdfPrf + " must be between 0 and 15.";
             int kdfVers = ( kdfInfo & 0x07ffffff);
-            assert kdfVers > 0 && kdfVers <= 99991231 : "KDF Version (" + kdfVers + ") out of range."; // Really should be >= 20110203 (earliest).
+            assert kdfVers >= 20110203 && kdfVers <= 99991231 : "KDF Version (" + kdfVers + ") out of range."; // 20110203 (orig version).
             debug("convertToCipherText: kdfPrf = " + kdfPrf + ", kdfVers = " + kdfVers);
             if ( kdfVers != CipherText.cipherTextVersion ) {
                 // NOTE: In future, support backward compatibility via this mechanism. When we do this
diff --git a/src/main/java/org/owasp/esapi/crypto/KeyDerivationFunction.java b/src/main/java/org/owasp/esapi/crypto/KeyDerivationFunction.java
index 90807199f..40c095b89 100644
--- a/src/main/java/org/owasp/esapi/crypto/KeyDerivationFunction.java
+++ b/src/main/java/org/owasp/esapi/crypto/KeyDerivationFunction.java
@@ -49,12 +49,15 @@ public class KeyDerivationFunction {
 	 * {@link CipherTextSerializer#cipherTextSerializerVersion} to make sure
 	 * that these classes are all kept in-sync in order to support backward
 	 * compatibility of previously encrypted data.
-	 * 
+	 * <pre>
+	 * Previous versions:	20110203 - Original version (ESAPI releases 2.0 & 2.0.1)
+	 *					    20130830 - Fix to issue #306 (release 2.1.0)
+	 * </pre>
 	 * @see CipherTextSerializer#asSerializedByteArray()
 	 * @see CipherText#asPortableSerializedByteArray()
 	 * @see CipherText#fromPortableSerializedBytes(byte[])
 	 */
-	public  static final int  kdfVersion       = 20110203;   // Format: YYYYMMDD, max is 99991231.
+	public  static final int  kdfVersion       = 20130830;   // Format: YYYYMMDD, max is 99991231.
 	private static final long serialVersionUID = kdfVersion; // Format: YYYYMMDD
 	
     // Pseudo-random function algorithms suitable for NIST KDF in counter mode.
diff --git a/src/main/java/org/owasp/esapi/reference/crypto/JavaEncryptor.java b/src/main/java/org/owasp/esapi/reference/crypto/JavaEncryptor.java
index 68a4cf644..064fa932c 100644
--- a/src/main/java/org/owasp/esapi/reference/crypto/JavaEncryptor.java
+++ b/src/main/java/org/owasp/esapi/reference/crypto/JavaEncryptor.java
@@ -329,28 +329,6 @@ public String hash(String plaintext, String salt, int iterations) throws Encrypt
 			throw new EncryptionException("Internal error", "Can't find encoding for " + encoding, ex);
 		}
 	}
-	
-	/**
-	 * Convenience method that encrypts plaintext strings the new way (default
-	 * is CBC mode and PKCS5 padding). This encryption method uses the master
-	 * encryption key specified by the {@code Encryptor.MasterKey} property
-	 * in {@code ESAPI.properties}.
-	 * 
-	 * @param plaintext	A String to be encrypted
-	 * @return	A base64-encoded combination of IV + raw ciphertext
-	 * @throws EncryptionException	Thrown when something goes wrong with the
-	 * 								encryption.
-	 * 
-	 * @see org.owasp.esapi.Encryptor#encrypt(PlainText)
-	 */
-	@Deprecated public String encrypt(String plaintext) throws EncryptionException
-	{
-        logWarning("encrypt", "Calling deprecated encrypt() method.");
-		CipherText ct = null;
-		ct = encrypt(new PlainText(plaintext) );
-		return ct.getEncodedIVCipherText();
-	}
-
 
 	/**
 	* {@inheritDoc}
@@ -366,10 +344,15 @@ public CipherText encrypt(PlainText plaintext) throws EncryptionException {
 	 public CipherText encrypt(SecretKey key, PlainText plain)
 	 			throws EncryptionException
 	 {
+		 if ( key == null ) {
+			 throw new IllegalArgumentException("(Master) encryption key arg may not be null. Is Encryptor.MasterKey set?");
+		 }
+		 if ( plain == null ) {
+			 throw new IllegalArgumentException("PlainText may arg not be null");
+		 }
 		 byte[] plaintext = plain.asBytes();
 		 boolean overwritePlaintext = ESAPI.securityConfiguration().overwritePlainText();
-		 assert key != null : "(Master) encryption key may not be null";
-		 
+
 		 boolean success = false;	// Used in 'finally' clause.
 		 String xform = null;
 		 int keySize = key.getEncoded().length * 8;	// Convert to # bits
@@ -569,53 +552,6 @@ public CipherText encrypt(SecretKey key, PlainText plain)
 	}
 	 }
 
-	/**
-	  * Convenience method that decrypts previously encrypted plaintext strings
-	  * that were encrypted using the new encryption mechanism (with CBC mode and
-	  * PKCS5 padding by default).  This decryption method uses the master
-	  * encryption key specified by the {@code Encryptor.MasterKey} property
-	  * in {@code ESAPI.properties}.
-	  * 
-	  * @param b64IVCiphertext	A base64-encoded representation of the
-	  * 							IV + raw ciphertext string to be decrypted with
-	  * 							the default master key.
-	  * @return	The plaintext string prior to encryption.
-	  * @throws EncryptionException When something fails with the decryption.
-	  * 
-	  * @see org.owasp.esapi.Encryptor#decrypt(CipherText)
-	  */
-	 @Deprecated public String decrypt(String b64IVCiphertext) throws EncryptionException
-	 {
-	     logWarning("decrypt", "Calling deprecated decrypt() method.");
-		 CipherText ct = null;
-		 try {
-			 // We assume that the default cipher transform was used to encrypt this.
-			 ct = new CipherText();
-
-			 // Need to base64 decode the IV+ciphertext and extract the IV to set it in CipherText object.
-			 byte[] ivPlusRawCipherText = ESAPI.encoder().decodeFromBase64(b64IVCiphertext);
-			 int blockSize = ct.getBlockSize();	// Size in bytes.
-			 byte[] iv = new byte[ blockSize ];
-			 CryptoHelper.copyByteArray(ivPlusRawCipherText, iv, blockSize);	// Copy the first blockSize bytes into iv array
-			 int cipherTextSize = ivPlusRawCipherText.length - blockSize;
-			 byte[] rawCipherText = new byte[ cipherTextSize ];
-			 System.arraycopy(ivPlusRawCipherText, blockSize, rawCipherText, 0, cipherTextSize);
-			 ct.setIVandCiphertext(iv, rawCipherText);
-
-			 // Now the CipherText object should be prepared to use it to decrypt.
-			 PlainText plaintext = decrypt(ct);
-			 return plaintext.toString();	// Convert back to a Java String
-		 } catch (UnsupportedEncodingException e) {
-			 // Should never happen; UTF-8 should be in rt.jar.
-			 logger.error(Logger.SECURITY_FAILURE, "UTF-8 encoding not available! Decryption failed.", e);
-			 return null;	// CHECKME: Or re-throw or what? Could also use native encoding, but that's
-			 // likely to cause unexpected and undesired effects far downstream.
-		 } catch (IOException e) {
-			 logger.error(Logger.SECURITY_FAILURE, "Base64 decoding of IV+ciphertext failed. Decryption failed.", e);
-			 return null;
-		 }
-	 }
-
 	/**
 	* {@inheritDoc}
 	*/

From 71d5b77b3da12028acf4291e9438b3e3a8825414 Mon Sep 17 00:00:00 2001
From: "kevin.w.wall" <kevin.w.wall@69e6d614-4441-0410-9a8b-65af957f44db>
Date: Thu, 29 Aug 2013 00:51:29 +0000
Subject: [PATCH 009/812] Update ESAPI release number.

---
 pom.xml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pom.xml b/pom.xml
index c48a1908f..2de9b9a73 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,7 +3,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.owasp.esapi</groupId>
     <artifactId>esapi</artifactId>
-    <version>2.0.2-SNAPSHOT</version>
+    <version>2.1.0</version>
     <packaging>jar</packaging>
 
     <parent>
@@ -106,8 +106,8 @@
             </roles>
         </developer>
         <developer>
-            <name>Kevin Wall</name>
-            <organization>Qwest</organization>
+            <name>Kevin W. Wall</name>
+            <organization>Wells Fargo</organization>
             <roles>
                 <role>Project Manager</role>
                 <role>Architect</role>

From bfed966e11fe6f860347a129d1191e8c59f483a3 Mon Sep 17 00:00:00 2001
From: "kevin.w.wall" <kevin.w.wall@69e6d614-4441-0410-9a8b-65af957f44db>
Date: Thu, 29 Aug 2013 00:53:43 +0000
Subject: [PATCH 010/812] Replace assertion with IllegalArgumentException when
 argument to CTOR is null.

---
 src/main/java/org/owasp/esapi/crypto/PlainText.java | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/main/java/org/owasp/esapi/crypto/PlainText.java b/src/main/java/org/owasp/esapi/crypto/PlainText.java
index fa88d1d0c..bfa9fd3a2 100644
--- a/src/main/java/org/owasp/esapi/crypto/PlainText.java
+++ b/src/main/java/org/owasp/esapi/crypto/PlainText.java
@@ -38,10 +38,14 @@ public final class PlainText implements Serializable {
 	 * Construct a {@code PlainText} object from a {@code String}.
 	 * @param str	The {@code String} that is converted to a UTF-8 encoded
 	 * 				byte array to create the {@code PlainText} object.
+	 * @throws IllegalArgumentException	If {@code str} argument is null.
 	 */
 	public PlainText(String str) {
 		try {
 		    assert str != null : "String for plaintext cannot be null.";
+		    if ( str == null ) {
+		    	throw new IllegalArgumentException("String for plaintext may not be null!");
+		    }
 			rawBytes = str.getBytes("UTF-8");
 		} catch (UnsupportedEncodingException e) {
 			// Should never happen.

From 41e8903ebb3ba4f335cc71e2d1d00b36b72862d4 Mon Sep 17 00:00:00 2001
From: "kevin.w.wall" <kevin.w.wall@69e6d614-4441-0410-9a8b-65af957f44db>
Date: Thu, 29 Aug 2013 00:54:52 +0000
Subject: [PATCH 011/812] Update documentation to reflect ESAPI 2.1.0 release.

---
 documentation/esapi4java-2.0-readme.txt       |  1 +
 .../esapi4java-core-2.1-release-notes.txt     | 53 +++++++++++++++++++
 2 files changed, 54 insertions(+)
 create mode 100644 documentation/esapi4java-core-2.1-release-notes.txt

diff --git a/documentation/esapi4java-2.0-readme.txt b/documentation/esapi4java-2.0-readme.txt
index 7806c393e..de7c40dda 100644
--- a/documentation/esapi4java-2.0-readme.txt
+++ b/documentation/esapi4java-2.0-readme.txt
@@ -31,6 +31,7 @@ File / Directory                                                        Descript
 |     |---esapi4java-core-2.0-crypto-design-goals.doc (draft)           Describes ESAPI 2.0 crypto design goals & design decisions
 |     |---esapi4java-core-2.0-readme-crypto-changes.html                Describes why crypto was changed from what was in ESAPI 1.4
 |     |---esapi4java-core-2.0-symmetric-crypto-user-guide.html          User guide for using symmetric encryption in ESAPI 2.0
+|     |---esapi4java-core-2.1-release-notes.txt                         ESAPI 2.1 release notes
 |     `---esapi4java-waf-2.0-policy-file-spec.pdf                       Describes how to configure ESAPI 2.0's Web Application Firewall
 |
 |---libs/                                                               ESAPI dependencies
diff --git a/documentation/esapi4java-core-2.1-release-notes.txt b/documentation/esapi4java-core-2.1-release-notes.txt
new file mode 100644
index 000000000..b5b04897f
--- /dev/null
+++ b/documentation/esapi4java-core-2.1-release-notes.txt
@@ -0,0 +1,53 @@
+ESAPI for Java - 2.1.0 Release Notes
+
+1) Fixed security issue #306, a vulnerability discovered by Phillipe Arteau.
+   This fix necessitated removing the deprecated encrypt() and decrupt() methods
+   that were intended to provide backward compatibility with ESAPI 1.4.
+   As it turns out, there was no way to fix this bug without a major rewrite
+   unless these methods were removed. However, as these two methods have been
+   deprecated more than 2 years ago and they are known to be insecure
+   (they are vulnerable to padding oracle attacks), the ESAPI team has
+   decided to remove them in accordance to their support policy.
+   
+   See comments for issue #306 for further details, as well as additional
+   safety precautions that you may wish to take in the unlikely, but possible
+   event that this vulnerability resulted in an actual security breach.
+
+   Finally, since the removal of these methods constitute an interface change
+   (to the Encryptor interface), this is considered a minor release (2.1)
+   rather than simply a patch release (2.0.2).
+
+   Please note that there are further updates planned to further strengthen
+   the MAC that ESAPI crypt uses. However, because they will require some
+   design changes, they may not be out for another month. Note that these
+   fixes do not correct any *known* vulnerabilities, but will address
+   some potential weaknesses in what is not included in the MAC (such as
+   the crypto version).
+
+2) Other Google Issues fixed: 257, 271, and 292 are all fixed in this release.
+
+3) Fixed Javadoc for Encoder.encryptForJavaScript(). [Revision r1879]
+
+4) DefaultEncryptedProperties - made minor javadoc changes.
+
+5) The ESAPI 2.0 Encryptor.encrypt() methods now all throw an appropriate
+   IllegalArgumentException if any of the arguments are null. Previously,
+   if any of the arguments were null you would either get an AssertionError
+   (if you had assertions enabled) or a default NullPointerException when
+   assertions were disabled.  While IllegalArgumentException is still an
+   unchecked RuntimeException, note that if you were previously catching
+   NullPointerExceptions for these cases, you may need to change your code.
+ 
+6) Other miscellaneous minor code clean-up, mostly to remove compiler warnings.
+
+NOTE: A follow-up patch release is scheduled within the next few months to
+      address some questionable design decisions regarding what data in
+      the serialized ciphertext should be authenticated via the MAC. For
+      instance, presently only the IV+ciphertext is MAC'd (as would be the
+      equivalent case of when you would use an authenticated combined cipher
+      mode such as GCM or CCM). A deeper analysis of the design is required
+      based on findings in Google Issue # 306. I will periodically try
+      to keep the ESAPI mailing lists updated with the progress so watch
+      there for emerging details and anticipated schedule.
+      
+-Kevin W. Wall <kevin.w.wall@gmail.com>, 2013-08-30

From a8b4022f284cd67239439eb51c6d2cc18fe0a834 Mon Sep 17 00:00:00 2001
From: "kevin.w.wall" <kevin.w.wall@69e6d614-4441-0410-9a8b-65af957f44db>
Date: Thu, 29 Aug 2013 00:56:49 +0000
Subject: [PATCH 012/812] New JUnit test, based on Philippe Arteau's orignial
 exploit, that shows Google Issue # 306 has been fixed.

---
 .../crypto/ESAPICryptoMACByPassTest.java      | 232 ++++++++++++++++++
 1 file changed, 232 insertions(+)
 create mode 100644 src/test/java/org/owasp/esapi/crypto/ESAPICryptoMACByPassTest.java

diff --git a/src/test/java/org/owasp/esapi/crypto/ESAPICryptoMACByPassTest.java b/src/test/java/org/owasp/esapi/crypto/ESAPICryptoMACByPassTest.java
new file mode 100644
index 000000000..34878c705
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/crypto/ESAPICryptoMACByPassTest.java
@@ -0,0 +1,232 @@
+/*
+ * OWASP Enterprise Security API (ESAPI) - Google issue # 306.
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2013 - The OWASP Foundation
+ * ESAPI is published by OWASP under the new BSD license. You should read
+ * and accept the LICENSE before you use, modify, and/or redistribute this
+ * software.
+ * 
+ * Full credit for this JUnit to illustrate what is now Google Issue # 306
+ * goes to Philippe Arteau <philippe.arteau@gmail.com>. Originally
+ * published 2013/08/21 to ESAPI-DEV mailing list. Shows that both
+ * ESAPI 2.0 and 2.0.1 is vulnerable. Minor tweaks by Kevin W. Wall.
+ *
+ * Original class name: SignatureByPassTest.
+ * 
+ * NOTE: If this test fails, your version of ESAPI is vulnerable (or you have
+ * 		 it configured not to require a MAC which you should NOT do).
+ */
+
+package org.owasp.esapi.crypto;
+
+import org.apache.commons.codec.binary.Hex;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.crypto.CipherText;
+import org.owasp.esapi.crypto.PlainText;
+import org.owasp.esapi.errors.EncryptionException;
+import org.owasp.esapi.util.ByteConversionUtil;
+
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
+import java.io.ByteArrayOutputStream;
+import java.io.UnsupportedEncodingException;
+import java.lang.reflect.Field;
+import java.security.NoSuchAlgorithmException;
+import java.security.spec.InvalidKeySpecException;
+import java.util.Date;
+
+import static org.junit.Assert.*;
+import org.junit.Before;
+import org.junit.Test;
+
+
+public class ESAPICryptoMACByPassTest {
+
+    @Before
+    public void setUp() throws NoSuchAlgorithmException, InvalidKeySpecException {
+    	; // Do any prerequisite setup here.
+    }
+
+    @Test
+    public void testMacBypass() throws EncryptionException, NoSuchFieldException, IllegalAccessException {
+
+        byte[] bkey = {0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0xA,0x0B,0x0C,0x0D,0x0E,0x0F}; //Truly random key.
+        SecretKey sk = new SecretKeySpec(bkey,"AES");
+
+        //Encryption with MAC
+        String originalMessage = "Cryptography!?!?";
+        System.out.printf("Encrypting the message '%s'\n", originalMessage);
+        	// Until there is a better way to do this. But this is much easier
+        	// than having to set up a custom ESAPI.properties file just for
+        	// this test.
+        	//
+        	// NOTE: Philippe Arteau's original exploit used "AES/OFB/NoPadding"
+            //       so that one could see that the effect of the decryption would
+        	//		 be "Craptography!?!?". However, if you wish to do that, then
+        	//		 you must also change the ESAPI.properties file used by ESAPI
+        	//		 JUnit tests sp that "OFB" is accepted as an allowed cipher
+        	//		 mode. The easiest way to do that (if you are still not convinced)
+        	//		 is to add "OFB" mode to Encryptor.cipher_modes.additional_allowed;
+        	//		 e.g.,  Encryptor.cipher_modes.additional_allowed=CBC,OFB
+        	//
+        String origCipherXform =
+        	ESAPI.securityConfiguration().setCipherTransformation("AES/CBC/NoPadding");
+        CipherText ct = ESAPI.encryptor().encrypt(sk,new PlainText(originalMessage));
+        ct.computeAndStoreMAC(sk);
+
+        //Serialize the ciphertext in order to send it over the wire..
+        byte[] serializedCt = ct.asPortableSerializedByteArray();
+
+        //Malicious modification
+        byte[] modifiedCt = tamperCipherText(serializedCt);
+
+        //Decrypt
+        CipherText modifierCtObj = CipherText.fromPortableSerializedBytes(modifiedCt);
+        try {
+        	ESAPI.securityConfiguration().setCipherTransformation(origCipherXform);
+        		// This decryption should fail by throwing an EncryptionException
+        		// if ESAPI crypto is NOT vulnerable and you never get to the
+        		// subsequent lines in the try block.
+            PlainText pt = ESAPI.encryptor().decrypt(sk,modifierCtObj);
+            System.out.printf("Decrypting to '%s' (probably will look like garbage!)\n", new String(pt.asBytes()));
+            System.out.println("This ESAPI version vulnerable to MAC by-pass described in Google issue # 306! Upgrade to latest version.");
+            fail("This ESAPI version is vulnerable to MAC by-pass described in Google issue # 306! Upgrade to latest version.");
+        } catch(EncryptionException eex) {
+        	String errMsg = eex.getMessage();
+        		// See private String DECRYPTION_FAILED in JavaEncryptor.
+        	String expectedError = "Decryption failed; see logs for details.";
+        	assertTrue( errMsg.equals(expectedError) );
+        	System.out.println("testMacByPass(): Attempted decryption after MAC tampering failed.");
+            System.out.println("Fix of issue # 306 successful. Crypto MAC by-pass test failed; exception was: [" + eex + "]");
+        }
+    }
+
+    /**
+     * The modification of the ciphertext is done in a separate method to show that only the generate CipherText object is use.
+     * @param serializeCt
+     */
+    private byte[] tamperCipherText(byte[] serializeCt) throws EncryptionException, NoSuchFieldException, IllegalAccessException {
+        CipherText ct = CipherText.fromPortableSerializedBytes(serializeCt);
+
+        //Ciphertext metadata
+        //System.out.println(ct.toString());
+
+        byte[] cipherTextMod = ct.getRawCipherText();
+
+        System.out.printf("Original ciphertext\t'%s'\n",String.valueOf(Hex.encodeHex(cipherTextMod)));
+
+        cipherTextMod[2] ^= 'y' ^ 'a'; //Alter the 3rd character
+
+        System.out.printf("Modify ciphertext\t'%s'\n",String.valueOf(Hex.encodeHex(cipherTextMod)));
+
+        //MAC ... what MAC ?
+        Field f2 = ct.getClass().getDeclaredField("separate_mac_");
+        f2.setAccessible(true);
+        f2.set(ct,null); //mac byte array set to null
+
+        //Changing CT
+        Field f3 = ct.getClass().getDeclaredField("raw_ciphertext_");
+        f3.setAccessible(true);
+        f3.set(ct,cipherTextMod);
+
+        //return ct.asPortableSerializedByteArray(); //Will complain about missing mac
+        //return new CipherTextSerializer(ct).asSerializedByteArray(); //NPE on mac.length
+        return serialize(ct); //Modify version of CipherTextSerializer.asSerializedByteArray()
+    }
+
+    /////////////////////////////////////////////////////////////////////
+    // The following code is a modified version of CipherTextSerializer
+    /////////////////////////////////////////////////////////////////////
+
+    private byte[] serialize(CipherText cipherText_) {
+        int kdfInfo = cipherText_.getKDFInfo();
+
+        long timestamp = cipherText_.getEncryptionTimestamp();
+        String cipherXform = cipherText_.getCipherTransformation();
+
+        short keySize = (short) cipherText_.getKeySize();
+
+        short blockSize = (short)cipherText_.getBlockSize();
+        byte[] iv = cipherText_.getIV();
+
+        short ivLen = (short)iv.length;
+        byte[] rawCiphertext = cipherText_.getRawCipherText();
+        int ciphertextLen = rawCiphertext.length;
+
+        byte[] mac = cipherText_.getSeparateMAC();
+
+        short macLen = 0;//(short)mac.length; //<-------------- The only modification to the serialization
+
+        return computeSerialization(kdfInfo, timestamp, cipherXform, keySize, blockSize, ivLen, iv, ciphertextLen, rawCiphertext, macLen, mac);
+    }
+
+    private byte[] computeSerialization(int kdfInfo, long timestamp, String cipherXform, short keySize, short blockSize, short ivLen, byte[] iv, int ciphertextLen, byte[] rawCiphertext, short macLen, byte[] mac)
+    {
+        debug("computeSerialization: kdfInfo = " + kdfInfo);
+        debug("computeSerialization: timestamp = " + new Date(timestamp));
+        debug("computeSerialization: cipherXform = " + cipherXform);
+        debug("computeSerialization: keySize = " + keySize);
+        debug("computeSerialization: blockSize = " + blockSize);
+        debug("computeSerialization: ivLen = " + ivLen);
+        debug("computeSerialization: ciphertextLen = " + ciphertextLen);
+        debug("computeSerialization: macLen = " + macLen);
+
+        ByteArrayOutputStream baos = new ByteArrayOutputStream();
+        writeInt(baos, kdfInfo);
+        writeLong(baos, timestamp);
+        String[] parts = cipherXform.split("/");
+        assert (parts.length == 3) : "Malformed cipher transformation";
+        writeString(baos, cipherXform);
+        writeShort(baos, keySize);
+        writeShort(baos, blockSize);
+        writeShort(baos, ivLen);
+        if (ivLen > 0) baos.write(iv, 0, iv.length);
+        writeInt(baos, ciphertextLen);
+        baos.write(rawCiphertext, 0, rawCiphertext.length);
+        writeShort(baos, macLen);
+        if (macLen > 0) baos.write(mac, 0, mac.length);
+        return baos.toByteArray();
+    }
+
+    private static void debug(String msg) {
+        // System.err.println(msg);
+    }
+
+    private void writeShort(ByteArrayOutputStream baos, short s) {
+        byte[] shortAsByteArray = ByteConversionUtil.fromShort(s);
+        assert (shortAsByteArray.length == 2);
+        baos.write(shortAsByteArray, 0, 2);
+    }
+
+    private void writeInt(ByteArrayOutputStream baos, int i) {
+        byte[] intAsByteArray = ByteConversionUtil.fromInt(i);
+        baos.write(intAsByteArray, 0, 4);
+    }
+
+    private void writeLong(ByteArrayOutputStream baos, long l) {
+        byte[] longAsByteArray = ByteConversionUtil.fromLong(l);
+        assert (longAsByteArray.length == 8);
+        baos.write(longAsByteArray, 0, 8);
+    }
+
+    private void writeString(ByteArrayOutputStream baos, String str)
+    {
+        try
+        {
+            assert ((str != null) && (str.length() > 0));
+            byte[] bytes = str.getBytes("UTF8");
+            assert (bytes.length < 32767) : "writeString: String exceeds max length";
+            writeShort(baos, (short)bytes.length);
+            baos.write(bytes, 0, bytes.length);
+        }
+        catch (UnsupportedEncodingException e)
+        {
+            System.err.println("writeString: " + e.getMessage());
+        }
+    }
+
+}
\ No newline at end of file

From fc4e6375ec7b8830440372f6470b6028fc3ebea4 Mon Sep 17 00:00:00 2001
From: "kevin.w.wall" <kevin.w.wall@69e6d614-4441-0410-9a8b-65af957f44db>
Date: Thu, 29 Aug 2013 00:58:32 +0000
Subject: [PATCH 013/812] Added comment about why ECB is there as an allowed
 cipher mode. (Hint: It's for testing!)

---
 src/test/resources/esapi/ESAPI.properties | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/test/resources/esapi/ESAPI.properties b/src/test/resources/esapi/ESAPI.properties
index d6f93f1da..1435b7c6d 100644
--- a/src/test/resources/esapi/ESAPI.properties
+++ b/src/test/resources/esapi/ESAPI.properties
@@ -239,6 +239,7 @@ Encryptor.cipher_modes.combined_modes=GCM,CCM,IAPM,EAX,OCB,CWC
 #					since the logic is somewhat different (i.e., ECB mode does
 #					not use an IV).
 # DISCUSS: Better name?
+#	NOTE: ECB added only for testing purposes. Don't try this at home!
 Encryptor.cipher_modes.additional_allowed=CBC,ECB
 
 # 128-bit is almost always sufficient and appears to be more resistant to

From 66f0d85f2efabd980246b7991185cf5d0bb39ab9 Mon Sep 17 00:00:00 2001
From: "kevin.w.wall" <kevin.w.wall@69e6d614-4441-0410-9a8b-65af957f44db>
Date: Thu, 29 Aug 2013 01:00:55 +0000
Subject: [PATCH 014/812] Fix typo in test case name. (Spell much?)

---
 src/test/java/org/owasp/esapi/crypto/CryptoTokenTest.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/test/java/org/owasp/esapi/crypto/CryptoTokenTest.java b/src/test/java/org/owasp/esapi/crypto/CryptoTokenTest.java
index 330f88f0b..f81986550 100644
--- a/src/test/java/org/owasp/esapi/crypto/CryptoTokenTest.java
+++ b/src/test/java/org/owasp/esapi/crypto/CryptoTokenTest.java
@@ -330,7 +330,7 @@ public final void testSetAndGetAttribute() {
     // public void addAttributes(final Map<String, String> attrs) throws ValidationException
     // public Map<String, String> getAttributes()
     @Test
-    public final void tesAddandGetAttributes() {
+    public final void testAddandGetAttributes() {
         CryptoToken ctok = new CryptoToken();       
         Map<String, String> origAttrs = null;
 

From ffae68a189d582773175232934783c6ab4efd169 Mon Sep 17 00:00:00 2001
From: "kevin.w.wall" <kevin.w.wall@69e6d614-4441-0410-9a8b-65af957f44db>
Date: Thu, 29 Aug 2013 01:04:23 +0000
Subject: [PATCH 015/812] Changes required to crypto JUnit tests because old
 deprecated encrypt() / decrypt() methods were removed.

---
 .../esapi/reference/crypto/EncryptorTest.java | 98 ++++++++++---------
 1 file changed, 51 insertions(+), 47 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/reference/crypto/EncryptorTest.java b/src/test/java/org/owasp/esapi/reference/crypto/EncryptorTest.java
index 8c205d8de..35166a3dd 100644
--- a/src/test/java/org/owasp/esapi/reference/crypto/EncryptorTest.java
+++ b/src/test/java/org/owasp/esapi/reference/crypto/EncryptorTest.java
@@ -56,9 +56,11 @@ public EncryptorTest(String testName) {
      * {@inheritDoc}
      * @throws Exception
      */
-    protected void setUp() throws Exception {
+    @SuppressWarnings("deprecation")
+	protected void setUp() throws Exception {
         // This is only mechanism to change this for now. Will do this with
-        // a soon to be CryptoControls class in next release.
+        // a soon to be CryptoControls class or equivalent mechanism in a
+    	// future release.
         ESAPI.securityConfiguration().setCipherTransformation("AES/CBC/PKCS5Padding");
     }
 
@@ -99,55 +101,52 @@ public void testHash() throws EncryptionException {
     }
 
     /**
-	 * Test of deprecated encrypt method for Strings.
+	 * Test of new encrypt / decrypt method for Strings whose length is
+	 * not a multiple of the cipher block size (16 bytes for AES).
 	 * 
 	 * @throws EncryptionException
 	 *             the encryption exception
 	 */
-    public void testEncrypt() throws EncryptionException {
-        System.out.println("testEncrypt()");
+    public void testEncryptDecrypt1() throws EncryptionException {
+        System.out.println("testEncryptDecrypt2()");
         Encryptor instance = ESAPI.encryptor();
-        String plaintext = "test123456";	// Not multiple of block cipher size
-        String ciphertext = instance.encrypt(plaintext);
-    	String result = instance.decrypt(ciphertext);
-        assertEquals(plaintext, result);
+        String plaintext = "test1234test1234tes"; // Not a multiple of block size (16 bytes)
+        try {
+            CipherText ct = instance.encrypt(new PlainText(plaintext));
+            PlainText pt = instance.decrypt(ct);
+            assertTrue( pt.toString().equals(plaintext) );
+        }
+        catch( EncryptionException e ) {
+        	fail("testEncryptDecrypt2(): Caught exception: " + e);
+        }
     }
 
     /**
-	 * Test of deprecated decrypt method for Strings.
+	 * Test of new encrypt / decrypt method for Strings whose length is
+	 * same as cipher block size (16 bytes for AES).
 	 */
-    public void testDecrypt() {
-        System.out.println("testDecrypt()");
+    public void testEncryptDecrypt2() {
+        System.out.println("testEncryptDecrypt2()");
         Encryptor instance = ESAPI.encryptor();
+        String plaintext = "test1234test1234";
         try {
-            String plaintext = "test123";
-            String ciphertext = instance.encrypt(plaintext);
-            assertFalse(plaintext.equals(ciphertext));
-        	String result = instance.decrypt(ciphertext);
-        	assertEquals(plaintext, result);
+            CipherText ct = instance.encrypt(new PlainText(plaintext));
+            PlainText pt = instance.decrypt(ct);
+            assertTrue( pt.toString().equals(plaintext) );
         }
         catch( EncryptionException e ) {
-        	fail();
+        	fail("testEncryptDecrypt2(): Caught exception: " + e);
         }
     }
 
     /**
      * Test of encrypt methods for empty String.
-     * 
-     * @throws EncryptionException
-     *             the encryption exception
      */
-    @SuppressWarnings("deprecation")
     public void testEncryptEmptyStrings() {
         System.out.println("testEncryptEmptyStrings()");
         Encryptor instance = ESAPI.encryptor();
         String plaintext = "";
         try {
-            // System.out.println("Deprecated encryption methods");
-            String ciphertext = instance.encrypt(plaintext);
-            String result = instance.decrypt(ciphertext);
-            assertTrue( result.equals("") );
-            
             // System.out.println("New encryption methods");
             CipherText ct = instance.encrypt(new PlainText(plaintext));
             PlainText pt = instance.decrypt(ct);
@@ -158,23 +157,35 @@ public void testEncryptEmptyStrings() {
     }
     
     /**
-     * Test encryption / decryption methods for null.
+     * Test encryption method for null.
      */
-    @SuppressWarnings("deprecation")
     public void testEncryptNull() {
         System.out.println("testEncryptNull()");
         Encryptor instance = ESAPI.encryptor();
-        String plaintext = "";
         try {
-            String nullStr = null;
-            instance.encrypt(nullStr);
-            fail("testEncryptNull(): Did not result in expected exception!");
+			CipherText ct = instance.encrypt( null );  // Should throw NPE or AssertionError
+            fail("New encrypt(PlainText) method did not throw. Result was: " + ct.toString());
         } catch(Throwable t) {
             // It should be one of these, depending on whether or not assertions are enabled.
             assertTrue( t instanceof NullPointerException || t instanceof AssertionError);
         }
     }
 
+    /**
+     * Test decryption method for null.
+     */
+    public void testDecryptNull() {
+        System.out.println("testDecryptNull()");
+        Encryptor instance = ESAPI.encryptor();
+        try {
+			PlainText pt = instance.decrypt( null );  // Should throw IllegalArgumentException or AssertionError
+            fail("New decrypt(PlainText) method did not throw. Result was: " + pt.toString());
+        } catch(Throwable t) {
+            // It should be one of these, depending on whether or not assertions are enabled.
+            assertTrue( t instanceof IllegalArgumentException || t instanceof AssertionError);
+        }
+    }
+    
     /**
      * Test of new encrypt / decrypt methods added in ESAPI 2.0.
      */
@@ -246,7 +257,8 @@ private String runNewEncryptDecryptTestCase(String cipherXform, int keySize, byt
 			// Change to a possibly different cipher. This is kludgey at best. Am thinking about an
 			// alternate way to do this using a new 'CryptoControls' class. Maybe not until release 2.1.
 			// Change the cipher transform from whatever it currently is to the specified cipherXform.
-	    	String oldCipherXform = ESAPI.securityConfiguration().setCipherTransformation(cipherXform);
+	    	@SuppressWarnings("deprecation")
+			String oldCipherXform = ESAPI.securityConfiguration().setCipherTransformation(cipherXform);
 	    	if ( ! cipherXform.equals(oldCipherXform) ) {
 	    		System.out.println("Cipher xform changed from \"" + oldCipherXform + "\" to \"" + cipherXform + "\"");
 	    	}
@@ -281,7 +293,8 @@ private String runNewEncryptDecryptTestCase(String cipherXform, int keySize, byt
 			assertTrue( "Failed to decrypt properly.", origPlainText.toString().equals( decryptedPlaintext.toString() ) );
 	    	
 	    	// Restore the previous cipher transformation. For now, this is only way to do this.
-	    	String previousCipherXform = ESAPI.securityConfiguration().setCipherTransformation(null);
+	    	@SuppressWarnings("deprecation")
+			String previousCipherXform = ESAPI.securityConfiguration().setCipherTransformation(null);
 	    	assertTrue( previousCipherXform.equals( cipherXform ) );
 	    	String defaultCipherXform = ESAPI.securityConfiguration().getCipherTransformation();
 	    	assertTrue( defaultCipherXform.equals( oldCipherXform ) );
@@ -331,7 +344,8 @@ private static boolean isPlaintextOverwritten(PlainText plaintext) {
     // TODO - Need to test rainy day paths of new encrypt / decrypt so can
     //		  verify that exception handling working OK, etc. Maybe also in
     //		  a separate JUnit test, since everything here seems to be sunny
-    //		  day path.
+    //		  day path. (Note: Some of this no in new test case,
+    //		  org.owasp.esapi.crypto.ESAPICryptoMACByPassTest.)
     //
     //				-kevin wall
     
@@ -508,15 +522,5 @@ public void testMain() throws Exception {
         // and checked against (at least some of) the expected output.
         // Left as an exercise to some future, ambitious ESAPI developer. ;-)
         JavaEncryptor.main( args1 );        
-    }
-    
-	private boolean checkByteArray(byte[] ba, byte b) {
-		for(int i = 0; i < ba.length; i++ ) {
-			if ( ba[i] != b ) {
-				return false;
-			}
-		}
-		return true;
-	}
-    
+    }    
 }

From 600ecc1fc19056a56fbb31a8a0cb188b3e870ccb Mon Sep 17 00:00:00 2001
From: "kevin.w.wall" <kevin.w.wall@69e6d614-4441-0410-9a8b-65af957f44db>
Date: Thu, 29 Aug 2013 01:19:51 +0000
Subject: [PATCH 016/812] Argh! Forgot to change test from NullPointerException
 to IllegalArgumentException. Always good to retest one last time.

---
 .../java/org/owasp/esapi/reference/crypto/EncryptorTest.java    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/test/java/org/owasp/esapi/reference/crypto/EncryptorTest.java b/src/test/java/org/owasp/esapi/reference/crypto/EncryptorTest.java
index 35166a3dd..1143fd3a2 100644
--- a/src/test/java/org/owasp/esapi/reference/crypto/EncryptorTest.java
+++ b/src/test/java/org/owasp/esapi/reference/crypto/EncryptorTest.java
@@ -167,7 +167,7 @@ public void testEncryptNull() {
             fail("New encrypt(PlainText) method did not throw. Result was: " + ct.toString());
         } catch(Throwable t) {
             // It should be one of these, depending on whether or not assertions are enabled.
-            assertTrue( t instanceof NullPointerException || t instanceof AssertionError);
+            assertTrue( t instanceof IllegalArgumentException || t instanceof AssertionError);
         }
     }
 

From edab9e3f8b4db407a1dc5e7630fedc2e48c6809b Mon Sep 17 00:00:00 2001
From: "kevin.w.wall" <kevin.w.wall@69e6d614-4441-0410-9a8b-65af957f44db>
Date: Fri, 30 Aug 2013 03:33:42 +0000
Subject: [PATCH 017/812] A few more minor updates have been documented.

---
 .../esapi4java-core-2.1-release-notes.txt     | 21 ++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/documentation/esapi4java-core-2.1-release-notes.txt b/documentation/esapi4java-core-2.1-release-notes.txt
index b5b04897f..3570d0f88 100644
--- a/documentation/esapi4java-core-2.1-release-notes.txt
+++ b/documentation/esapi4java-core-2.1-release-notes.txt
@@ -28,7 +28,7 @@ ESAPI for Java - 2.1.0 Release Notes
 
 3) Fixed Javadoc for Encoder.encryptForJavaScript(). [Revision r1879]
 
-4) DefaultEncryptedProperties - made minor javadoc changes.
+4) DefaultEncryptedProperties - made minor Javadoc changes.
 
 5) The ESAPI 2.0 Encryptor.encrypt() methods now all throw an appropriate
    IllegalArgumentException if any of the arguments are null. Previously,
@@ -37,8 +37,23 @@ ESAPI for Java - 2.1.0 Release Notes
    assertions were disabled.  While IllegalArgumentException is still an
    unchecked RuntimeException, note that if you were previously catching
    NullPointerExceptions for these cases, you may need to change your code.
- 
-6) Other miscellaneous minor code clean-up, mostly to remove compiler warnings.
+
+6) The public constructor, CiphertextSerializer(CipherText ct), was changed
+   to explicitly check that the parameter is not null. Previously it had
+   checked with assertions which might later result in a NullPointerException
+   being thrown if assertions were disabled. Now if the parameter is null,
+   an appropriate IllegalArgumentException is thrown. This should not really
+   affect existing code (unless you are experimenting implementing your own
+   crypto) since user code should not really be using CiperTextSerializer
+   directly.
+
+7) Some of the setter methods in KeyDerivationFunction were changed to explicitly
+   check for invalid arguments and throw an IllegalArgumentException rather than
+   checking these parameters via assertions. This should not affect general
+   user code as most would not be calling the KeyDerivationFunction class
+   directly.
+
+8) Other miscellaneous minor code clean-up, mostly to remove compiler warnings.
 
 NOTE: A follow-up patch release is scheduled within the next few months to
       address some questionable design decisions regarding what data in

From 602bdd096c69b38afbde655d500cb642f30a3195 Mon Sep 17 00:00:00 2001
From: "kevin.w.wall" <kevin.w.wall@69e6d614-4441-0410-9a8b-65af957f44db>
Date: Sat, 31 Aug 2013 22:37:45 +0000
Subject: [PATCH 018/812] General code clean up and new tests to ensure that
 new ESAPI release can still deserialize encrypted data from ESAPI 2.0.x.

---
 .../crypto/CipherTextSerializerTest.java      |  3 +-
 .../owasp/esapi/crypto/CipherTextTest.java    | 79 ++++++++++++++++---
 .../owasp/esapi/crypto/CryptoHelperTest.java  | 24 ++++++
 .../esapi/reference/crypto/CryptoPolicy.java  |  3 +-
 .../esapi/reference/crypto/EncryptorTest.java |  3 +-
 5 files changed, 96 insertions(+), 16 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/crypto/CipherTextSerializerTest.java b/src/test/java/org/owasp/esapi/crypto/CipherTextSerializerTest.java
index cf6af911f..9f86b9fb7 100644
--- a/src/test/java/org/owasp/esapi/crypto/CipherTextSerializerTest.java
+++ b/src/test/java/org/owasp/esapi/crypto/CipherTextSerializerTest.java
@@ -17,7 +17,8 @@
 public class CipherTextSerializerTest {
     private Cipher encryptor = null;
     private IvParameterSpec ivSpec = null;  // Note: FindBugs reports false positive
-                                            // about this being unread field.
+                                            // about this being unread field. See
+    										// testAsSerializedByteArray().
 
     @BeforeClass
     public static void setUpBeforeClass() throws Exception {
diff --git a/src/test/java/org/owasp/esapi/crypto/CipherTextTest.java b/src/test/java/org/owasp/esapi/crypto/CipherTextTest.java
index 4bf07cfb3..18c7fb505 100644
--- a/src/test/java/org/owasp/esapi/crypto/CipherTextTest.java
+++ b/src/test/java/org/owasp/esapi/crypto/CipherTextTest.java
@@ -35,15 +35,21 @@ public class CipherTextTest {
 
     private static final boolean POST_CLEANUP = true;
     
-	private CipherSpec cipherSpec = null;
+	private CipherSpec cipherSpec_ = null;
     private Cipher encryptor = null;
     private Cipher decryptor = null;
     private IvParameterSpec ivSpec = null;
 	
     @BeforeClass public static void preCleanup() {
-        // These two calls have side-effects that cause FindBugs to complain.
-        new File("ciphertext.ser").delete();
-        new File("ciphertext-portable.ser").delete();
+    	try {
+            // These two calls have side-effects that cause FindBugs to complain.
+    		removeFile("ciphertext.ser");
+    		removeFile("ciphertext-portable.ser");
+    		// Do NOT remove this file...
+    		//		src/test/resource/ESAPI2.0-ciphertext-portable.ser
+    	} catch(Exception ex) {
+    		;	// Do nothing
+    	}
     }
     
 	@Before
@@ -62,8 +68,8 @@ public void tearDown() throws Exception {
 	@AfterClass public static void postCleanup() {
 	    if ( POST_CLEANUP ) {
 	            // These two calls have side-effects that cause FindBugs to complain.
-	        new File("ciphertext.ser").delete();
-	        new File("ciphertext-portable.ser").delete();
+	        removeFile("ciphertext.ser");
+	        removeFile("ciphertext-portable.ser");
 	    }
 	}
 
@@ -72,18 +78,18 @@ public void tearDown() throws Exception {
 	public final void testCipherText() {
 		CipherText ct =  new CipherText();
 
-		cipherSpec = new CipherSpec();
-		assertTrue( ct.getCipherTransformation().equals( cipherSpec.getCipherTransformation()));
-		assertTrue( ct.getBlockSize() == cipherSpec.getBlockSize() );
+		cipherSpec_ = new CipherSpec();
+		assertTrue( ct.getCipherTransformation().equals( cipherSpec_.getCipherTransformation()));
+		assertTrue( ct.getBlockSize() == cipherSpec_.getBlockSize() );
 	}
 
 	@Test
 	public final void testCipherTextCipherSpec() {
-		cipherSpec = new CipherSpec("DESede/OFB8/NoPadding", 112);
-		CipherText ct = new CipherText( cipherSpec );
+		cipherSpec_ = new CipherSpec("DESede/OFB8/NoPadding", 112);
+		CipherText ct = new CipherText( cipherSpec_ );
 		assertTrue( ct.getRawCipherText() == null );
 		assertTrue( ct.getCipherAlgorithm().equals("DESede") );
-		assertTrue( ct.getKeySize() == cipherSpec.getKeySize() );
+		assertTrue( ct.getKeySize() == cipherSpec_.getKeySize() );
 	}
 
 	@Test
@@ -200,7 +206,7 @@ public final void testMIC() {
 
 	/** Test <i>portable</i> serialization. */
 	@Test public final void testPortableSerialization() {
-	    System.err.println("CipherTextTest.testPortableSerialization()...");
+	    System.out.println("CipherTextTest.testPortableSerialization()starting...");
 	    String filename = "ciphertext-portable.ser";
 	    File serializedFile = new File(filename);
 	    serializedFile.delete();    // Delete any old serialized file.
@@ -218,6 +224,8 @@ public final void testMIC() {
 	        encryptor.init(Cipher.ENCRYPT_MODE, key, ivSpec);
 	        byte[] raw = encryptor.doFinal("This is my secret message!!!".getBytes("UTF8"));
 	        CipherText ciphertext = new CipherText(cipherSpec, raw);
+	        	// TODO: Replace this w/ call to KeyDerivationFunction as this is
+	        	//		 deprecated! Shame on me!
 	        SecretKey authKey = CryptoHelper.computeDerivedKey(key, key.getEncoded().length * 8, "authenticity");
 	        ciphertext.computeAndStoreMAC( authKey );
 //          System.err.println("Original ciphertext being serialized: " + ciphertext);
@@ -261,6 +269,39 @@ public final void testMIC() {
         }
 	}
 	
+	/** Test <i>portable</i> serialization for backward compatibility with ESAPI 2.0. */
+	@Test public final void testPortableSerializationBackwardCompatibility() {
+	    System.out.println("testPortableSerializationBackwardCompatibility()starting...");
+	    String filename = "src/test/resources/ESAPI2.0-ciphertext-portable.ser";  // Do NOT remove
+	    File serializedFile = new File(filename);
+
+	    try {
+	    	// String expectedMsg = "This is my secret message!!!";
+            
+            // NOTE: FindBugs complains about this (OS_OPEN_STREAM). It apparently
+            //       is too lame to know that 'fis.read()' is a serious side-effect.
+            FileInputStream fis = new FileInputStream(serializedFile);
+            int avail = fis.available();
+            byte[] bytes = new byte[avail];
+            fis.read(bytes, 0, avail);
+            // We can't go as far and decrypt it because the file was encrypted using a
+            // temporary session key.
+            CipherText restoredCipherText = CipherText.fromPortableSerializedBytes(bytes);
+            assertTrue( restoredCipherText != null );
+            int retrievedKdfVersion = restoredCipherText.getKDFVersion();
+	    } catch (EncryptionException e) {
+	        Assert.fail("Caught EncryptionException: " + e);
+        } catch (FileNotFoundException e) {
+            Assert.fail("Caught FileNotFoundException: " + e);
+        } catch (IOException e) {
+            Assert.fail("Caught IOException: " + e);
+        } catch (Exception e) {
+            Assert.fail("Caught Exception: " + e);
+        } finally {
+        	; // Do NOT delete the file.
+        }
+	}
+	
 	/** Test Java serialization. */
 	@Test public final void testJavaSerialization() {
         String filename = "ciphertext.ser";
@@ -334,4 +375,16 @@ public final void testMIC() {
 	public static junit.framework.Test suite() {
 		return new JUnit4TestAdapter(CipherTextTest.class);
 	}
+	
+	private static void removeFile(String fname) {
+    	try {
+    		if ( fname != null ) {
+    			File f = new File(fname);
+    			// Findbugs complains about ignoring this return value. Too bad.
+    			f.delete();
+    		}
+    	} catch(Exception ex) {
+    		;	// Do nothing
+    	}
+	}
 }
diff --git a/src/test/java/org/owasp/esapi/crypto/CryptoHelperTest.java b/src/test/java/org/owasp/esapi/crypto/CryptoHelperTest.java
index 0e55723fe..678b0acf8 100644
--- a/src/test/java/org/owasp/esapi/crypto/CryptoHelperTest.java
+++ b/src/test/java/org/owasp/esapi/crypto/CryptoHelperTest.java
@@ -140,6 +140,30 @@ public final void testArrayCompare() {
 //        System.out.println("diff: " + diff + " nanosec");
     }
 
+    @Test
+    public final void testIsValidKDFVersion() {
+    	assertTrue( CryptoHelper.isValidKDFVersion(20110203, false, false));
+    	assertTrue( CryptoHelper.isValidKDFVersion(20130830, false, false));
+    	assertTrue( CryptoHelper.isValidKDFVersion(33330303, false, false));
+    	assertTrue( CryptoHelper.isValidKDFVersion(99991231, false, false));
+
+    	assertFalse( CryptoHelper.isValidKDFVersion(0, false, false));
+    	assertFalse( CryptoHelper.isValidKDFVersion(99991232, false, false));
+    	assertFalse( CryptoHelper.isValidKDFVersion(20110202, false, false));
+
+    	assertTrue( CryptoHelper.isValidKDFVersion(20110203, true, false));
+    	assertTrue( CryptoHelper.isValidKDFVersion(KeyDerivationFunction.kdfVersion, true, false));
+    	assertFalse( CryptoHelper.isValidKDFVersion(KeyDerivationFunction.kdfVersion + 1, true, false));
+
+    	try {
+        	CryptoHelper.isValidKDFVersion(77777777, true, true);
+        	fail("Failed to CryptoHelper.isValidKDFVersion() failed to throw IllegalArgumentException.");
+    	}
+    	catch (Exception e) {
+    		assertTrue( e instanceof IllegalArgumentException);
+    	}
+    }
+    
     private void fillByteArray(byte[] ba, byte b) {
         for (int i = 0; i < ba.length; i++) {
             ba[i] = b;
diff --git a/src/test/java/org/owasp/esapi/reference/crypto/CryptoPolicy.java b/src/test/java/org/owasp/esapi/reference/crypto/CryptoPolicy.java
index 2a3c26ba4..fe3a8e948 100644
--- a/src/test/java/org/owasp/esapi/reference/crypto/CryptoPolicy.java
+++ b/src/test/java/org/owasp/esapi/reference/crypto/CryptoPolicy.java
@@ -82,7 +82,8 @@ private static boolean checkCrypto()
                                 // (default) provider.
             }
         } catch( InvalidKeyException ikex ) {
-            System.out.println("Invalid key size - unlimited strength crypto NOT installed!");
+            System.out.println("CryptoPolicy: 256 bits is " +
+            		"invalid key size ==> unlimited strength crypto NOT installed!");
             return false;
         } catch( Exception ex ) {
             System.out.println("Caught unexpected exception: " + ex);
diff --git a/src/test/java/org/owasp/esapi/reference/crypto/EncryptorTest.java b/src/test/java/org/owasp/esapi/reference/crypto/EncryptorTest.java
index 1143fd3a2..35709a21a 100644
--- a/src/test/java/org/owasp/esapi/reference/crypto/EncryptorTest.java
+++ b/src/test/java/org/owasp/esapi/reference/crypto/EncryptorTest.java
@@ -443,7 +443,8 @@ public void testVerifySeal() throws EnterpriseSecurityException {
         String plaintext = "ridiculous:with:delimiters";    // Should now work w/ : (issue #28)
         String seal = instance.seal( plaintext, instance.getRelativeTimeStamp( 1000 * NSEC ) );
         try {
-        	assertTrue( instance.verifySeal( seal ) );
+        	assertNotNull("Encryptor.seal() returned null", seal );
+        	assertTrue("Failed to verify seal", instance.verifySeal( seal ) );
         } catch ( Exception e ) {
         	fail();
         }

From 139318ed3d72cdfe02f08c3b615fb44f3e4273d3 Mon Sep 17 00:00:00 2001
From: "kevin.w.wall" <kevin.w.wall@69e6d614-4441-0410-9a8b-65af957f44db>
Date: Sat, 31 Aug 2013 22:38:40 +0000
Subject: [PATCH 019/812] New files to test for backwards compatibility with
 revised crypto.

---
 .../resources/ESAPI2.0-ciphertext-portable.ser    | Bin 0 -> 114 bytes
 src/test/resources/Readme.txt                     |   5 +++++
 2 files changed, 5 insertions(+)
 create mode 100644 src/test/resources/ESAPI2.0-ciphertext-portable.ser
 create mode 100644 src/test/resources/Readme.txt

diff --git a/src/test/resources/ESAPI2.0-ciphertext-portable.ser b/src/test/resources/ESAPI2.0-ciphertext-portable.ser
new file mode 100644
index 0000000000000000000000000000000000000000..dfe173c949c6042b597f746264843043b7099c3d
GIT binary patch
literal 114
zcmV-&0FD0<GTVCq00BVFY5@2E6hTE(FGE5@FHlQEQ#DXwWMpY>X8?cz5C9M}UtOUT
zaVIqAW!lU8Y0KyU001CaI}ONJlv$P>6$gX61o{yuTRg(Zey7RQAXyyi0S!9<6k}LZ
USwZS~D$eSlIH?=UHzN7)_<&j}umAu6

literal 0
HcmV?d00001

diff --git a/src/test/resources/Readme.txt b/src/test/resources/Readme.txt
new file mode 100644
index 000000000..1bb4585ed
--- /dev/null
+++ b/src/test/resources/Readme.txt
@@ -0,0 +1,5 @@
+ESAPI2.0-ciphertext-portable.ser is a test for the backwards compatibility
+of ESAPI 2.1.x and later crypto with ESAPI 2.0 crypto.
+
+The file was created on Windows using the 128-bit test key from
+Encryptor.MasterKey and encrypted with AES/CBC/PKCS5Padding.

From b69a2261ebe0feef88b0580806275b4088035d8e Mon Sep 17 00:00:00 2001
From: "kevin.w.wall" <kevin.w.wall@69e6d614-4441-0410-9a8b-65af957f44db>
Date: Sat, 31 Aug 2013 22:41:13 +0000
Subject: [PATCH 020/812] Changes to ensure backward compatibility with
 previous ESAPI crypto from ESAPI 2.0 / 2.0.1 releases (crypto version
 20110203).

---
 .../org/owasp/esapi/crypto/CipherSpec.java    |   3 +-
 .../org/owasp/esapi/crypto/CipherText.java    |  21 ++-
 .../esapi/crypto/CipherTextSerializer.java    | 151 ++++++++++++++----
 .../org/owasp/esapi/crypto/CryptoHelper.java  |  43 ++++-
 .../org/owasp/esapi/crypto/CryptoToken.java   |   4 +-
 .../esapi/crypto/KeyDerivationFunction.java   |  37 +++--
 6 files changed, 215 insertions(+), 44 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/crypto/CipherSpec.java b/src/main/java/org/owasp/esapi/crypto/CipherSpec.java
index ac9237fac..556ef8edb 100644
--- a/src/main/java/org/owasp/esapi/crypto/CipherSpec.java
+++ b/src/main/java/org/owasp/esapi/crypto/CipherSpec.java
@@ -365,7 +365,8 @@ public int hashCode() {
      * will just allow it to work in the future should we decide to allow
      * sub-classing of this class.)
      * </p><p>
-     * See {@link http://www.artima.com/lejava/articles/equality.html}
+     * See <a href="http://www.artima.com/lejava/articles/equality.html">
+     * How to write an Equality Method in Java</a>
      * for full explanation.
      * </p>
      */
diff --git a/src/main/java/org/owasp/esapi/crypto/CipherText.java b/src/main/java/org/owasp/esapi/crypto/CipherText.java
index 689ef1c21..47e6fc78f 100644
--- a/src/main/java/org/owasp/esapi/crypto/CipherText.java
+++ b/src/main/java/org/owasp/esapi/crypto/CipherText.java
@@ -102,6 +102,17 @@ private enum CipherTextFlags {
 
     // How much we've collected so far. We start out with having collected nothing.
     private EnumSet<CipherTextFlags> progress = EnumSet.noneOf(CipherTextFlags.class);
+    
+    // Check if versions of KeyDerivationFunction, CipherText, and
+    // CipherTextSerializer are all the same.
+    {
+    	// Ignore error about comparing identical versions and dead code.
+    	// We expect them to be, but the point is to catch us if they aren't.
+    	assert CipherTextSerializer.cipherTextSerializerVersion == CipherText.cipherTextVersion :
+            "Versions of CipherTextSerializer and CipherText are not compatible.";
+    	assert CipherTextSerializer.cipherTextSerializerVersion == KeyDerivationFunction.kdfVersion :
+    		"Versions of CipherTextSerializer and KeyDerivationFunction are not compatible.";
+    }
 
     ///////////////////////////  C O N S T R U C T O R S  /////////////////////////
     
@@ -307,7 +318,9 @@ public int getRawCipherTextByteLength() {
 	 * <p>
 	 * If there is a need to store an encrypted value, say in a database, this
 	 * is <i>not</i> the method you should use unless you are using a <i>fixed</i>
-	 * IV. If you are <i>not</i> using a fixed IV, you should normally use
+	 * IV or are planning on retrieving the IV and storing it somewhere separately
+	 * (e.g., a different database column). If you are <i>not</i> using a fixed IV
+	 * (which is <strong>highly</strong> discouraged), you should normally use
 	 * {@link #getEncodedIVCipherText()} instead.
 	 * </p>
 	 * @see #getEncodedIVCipherText()
@@ -566,7 +579,7 @@ public int getKDFVersion() {
     }
 
     public void setKDFVersion(int vers) {
-    	assert vers > 0 && vers <= 99991231 : "Version must be positive, in format YYYYMMDD and <= 99991231.";
+    	CryptoHelper.isValidKDFVersion(vers, false, true);
     	kdfVersion_ = vers;
     }
     
@@ -843,8 +856,8 @@ public int getKDFInfo() {
 		
 		// 		kdf version is bits 1-27, bit 28 (reserved) should be 0, and
 		//		bits 29-32 are the MAC algorithm indicating which PRF to use for the KDF.
-		int kdfVers = getKDFVersion();
-		assert kdfVers > 0 && kdfVers <= 99991231 : "KDF version (YYYYMMDD, max 99991231) out of range: " + kdfVers;
+		int kdfVers = this.getKDFVersion();
+		assert CryptoHelper.isValidKDFVersion(kdfVers, true, false);
 		int kdfInfo = kdfVers;
 		int macAlg = kdfPRFAsInt();
 		assert macAlg >= 0 && macAlg <= 15 : "MAC algorithm indicator must be between 0 to 15 inclusion; value is: " + macAlg;
diff --git a/src/main/java/org/owasp/esapi/crypto/CipherTextSerializer.java b/src/main/java/org/owasp/esapi/crypto/CipherTextSerializer.java
index b00dd245c..ee69e7baf 100644
--- a/src/main/java/org/owasp/esapi/crypto/CipherTextSerializer.java
+++ b/src/main/java/org/owasp/esapi/crypto/CipherTextSerializer.java
@@ -24,27 +24,45 @@
  * Message Syntax (CMS) Authenticated-Enveloped-Data Content Type, or CMS' predecessor,
  * PKCS#7 (RFC 2315)), but these serialization schemes are by comparison very complicated,
  * and do not have extensive support for the various implementation languages which ESAPI
- * supports.
+ * supports. (Perhaps wishful thinking that other ESAPI implementations such as
+ * ESAPI for .NET, ESAPI for C, ESAPI for C++, etc. will all support a single, common
+ * serialization technique so they could exchange encrypted data.)
  * 
  * @author kevin.w.wall@gmail.com
  *
  */
 public class CipherTextSerializer {
-    // This should be *same* version as in CipherText & KeyDerivationFunction.
-	// If one changes, the other should as well to accommodate any differences.
+    // This should be *same* version as in CipherText & KeyDerivationFunction as
+	// these versions all need to work together.  Therefore, when one changes one
+	// one these versions, the other should be reviewed and changed as well to
+	// accommodate any differences.
 	//		Previous versions:	20110203 - Original version (ESAPI releases 2.0 & 2.0.1)
 	//						    20130830 - Fix to issue #306 (release 2.1.0)
-	public  static final  int cipherTextSerializerVersion = 20130830; // Format: YYYYMMDD, max is 99991231.
+	// We check that in an static initialization block (when assertions are enabled)
+	// below.
+	public  static final  int cipherTextSerializerVersion = 20130830; // Current version. Format: YYYYMMDD, max is 99991231.
     private static final long serialVersionUID = cipherTextSerializerVersion;
 
     private static final Logger logger = ESAPI.getLogger("CipherTextSerializer");
     
     private CipherText cipherText_ = null;
     
+    // Check if versions of KeyDerivationFunction, CipherText, and
+    // CipherTextSerializer are all the same.
+    {
+    	// Ignore error about comparing identical versions and dead code.
+    	// We expect them to be, but the point is to catch us if they aren't.
+    	assert CipherTextSerializer.cipherTextSerializerVersion == CipherText.cipherTextVersion :
+            "Versions of CipherTextSerializer and CipherText are not compatible.";
+    	assert CipherTextSerializer.cipherTextSerializerVersion == KeyDerivationFunction.kdfVersion :
+    		"Versions of CipherTextSerializer and KeyDerivationFunction are not compatible.";
+    }
+    
     public CipherTextSerializer(CipherText cipherTextObj) {
-        assert cipherTextObj != null : "CipherText object must not be null.";
-        assert cipherTextSerializerVersion == CipherText.cipherTextVersion :
-            "Version of CipherText and CipherTextSerializer not compatible.";
+    	if ( cipherTextObj == null ) {
+    		throw new IllegalArgumentException("CipherText object must not be null.");
+    	}
+        assert cipherTextObj != null : "CipherText object must not be null.";      
         cipherText_ = cipherTextObj;
     }
     
@@ -59,8 +77,6 @@ public CipherTextSerializer(CipherText cipherTextObj) {
     public CipherTextSerializer(byte[] cipherTextSerializedBytes)
         throws EncryptionException /* DISCUSS: Change exception type?? */
     {
-        assert cipherTextSerializerVersion == CipherText.cipherTextVersion :
-            "Version of CipherText and CipherTextSerializer not compatible.";
         cipherText_ = convertToCipherText(cipherTextSerializedBytes);
     }
 
@@ -69,7 +85,6 @@ public CipherTextSerializer(byte[] cipherTextSerializedBytes)
      * @return A serialization of this object. Note that this is <i>not</i> the
      * Java serialization.
      */
-    @SuppressWarnings("static-access")
     public byte[] asSerializedByteArray() {
         int kdfInfo = cipherText_.getKDFInfo();
         debug("asSerializedByteArray: kdfInfo = " + kdfInfo);
@@ -114,9 +129,35 @@ public byte[] asSerializedByteArray() {
      * @return The {@code CipherText} object that we are serializing.
      */
     public CipherText asCipherText() {
+    	assert cipherText_ != null;
         return cipherText_;
     }
       
+    /**
+     * Take all the individual elements that make of the serialized ciphertext
+     * format and put them in order and return them as a byte array.
+     * @param kdfInfo	Info about the KDF... which PRF and the KDF version {@link #asCipherText()}.
+     * @param timestamp	Timestamp when the data was encrypted. Intended to help
+     * 					facilitate key change operations and nothing more. If it is meaningless,
+     * 					then the expectations are just that the recipient should ignore it. Mostly
+     * 					intended when encrypted data is kept long term over a period of many
+     * 					key change operations.
+     * @param cipherXform	Details of how the ciphertext was encrypted. The format used
+     * 						is the same as used by {@code javax.crypto.Cipher}, namely,
+     * 						"cipherAlg/cipherMode/paddingScheme".
+     * @param keySize	The key size used for encrypting. Intended for cipher algorithms
+     * 					supporting multiple key sizes such as triple DES (DESede) or
+     * 					Blowfish.
+     * @param blockSize	The cipher block size. Intended to support cipher algorithms
+     * 					that support variable block sizes, such as Rijndael.
+     * @param ivLen		The length of the IV.
+     * @param iv		The actual IV (initialization vector) bytes.
+     * @param ciphertextLen	The length of the raw ciphertext.
+     * @param rawCiphertext	The actual raw ciphertext itself
+     * @param macLen	The length of the MAC (message authentication code).
+     * @param mac		The MAC itself.
+     * @return	A byte array representing the serialized ciphertext.
+     */
     private byte[] computeSerialization(int kdfInfo, long timestamp,
                                         String cipherXform, short keySize,
                                         short blockSize,
@@ -152,7 +193,9 @@ private byte[] computeSerialization(int kdfInfo, long timestamp,
     }
     
     // All strings are written as UTF-8 encoded byte streams with the
-    // length prepended before it as a short.
+    // length prepended before it as a short. The prepended length is
+    // more for the benefit of languages like C so they can pre-allocate
+    // char arrays without worrying about buffer overflows.
     private void writeString(ByteArrayOutputStream baos, String str) {
         byte[] bytes;
         try {
@@ -223,6 +266,13 @@ private long readLong(ByteArrayInputStream bais)
         return ByteConversionUtil.toLong(longAsByteArray);
     }
     
+    /** Convert the serialized ciphertext byte array to a {@code CipherText}
+     * object.
+     * @param cipherTextSerializedBytes	The serialized ciphertext as a byte array.
+     * @return The corresponding {@code CipherText} object.
+     * @throws EncryptionException	Thrown if the byte array data is corrupt or
+     * 				there are version mismatches, etc.
+     */
     private CipherText convertToCipherText(byte[] cipherTextSerializedBytes)
         throws EncryptionException
     {
@@ -236,19 +286,27 @@ private CipherText convertToCipherText(byte[] cipherTextSerializedBytes)
             debug("kdfPrf: " + kdfPrf);
             assert kdfPrf >= 0 && kdfPrf <= 15 : "kdfPrf == " + kdfPrf + " must be between 0 and 15.";
             int kdfVers = ( kdfInfo & 0x07ffffff);
-            assert kdfVers >= 20110203 && kdfVers <= 99991231 : "KDF Version (" + kdfVers + ") out of range."; // 20110203 (orig version).
+
+            // First do a quick sanity check on the argument. Previously this was an assertion.
+            if ( ! CryptoHelper.isValidKDFVersion(kdfVers, false, false) ) {
+            	// TODO: Clean up. Use StringBuilder. Good enough for now.
+            	String logMsg = "KDF version read from serialized ciphertext (" + kdfVers + ") is out of range. " +
+            				    "Valid range for KDF version is [" + KeyDerivationFunction.originalVersion + ", " +
+            				    "99991231].";
+            	// This should never happen under actual circumstances (barring programming errors; but we've
+            	// tested the code, right?), so it is likely an attempted attack. Thus don't get the originator
+            	// of the suspect ciphertext too much info. They ought to know what they sent anyhow.
+            	throw new EncryptionException("Version info from serialized ciphertext not in valid range.",
+            				 "Likely tampering with KDF version on serialized ciphertext." + logMsg);
+            }
+            
             debug("convertToCipherText: kdfPrf = " + kdfPrf + ", kdfVers = " + kdfVers);
-            if ( kdfVers != CipherText.cipherTextVersion ) {
-                // NOTE: In future, support backward compatibility via this mechanism. When we do this
-            	//		 we will have to compare as longs and watch out for sign extension of kdfInfo
-            	//		 since it may have the sign bit set.  Then we will do different things depending
-            	//		 on what KDF version we encounter.  However, as for now, since this is
-                //       is first ESAPI 2.0 GA version, there nothing to be backward compatible with.
-            	//		 (We did not promise backward compatibility for earlier release candidates.)
-            	//		 Thus any version mismatch at this point is an error.
-                throw new InvalidClassException("This serialized byte stream not compatible " +
-                            "with loaded CipherText class. Version read = " + kdfInfo +
-                            "; version from loaded CipherText class = " + CipherText.cipherTextVersion);
+            System.err.println("convertToCipherText: kdfPrf = " + kdfPrf + ", kdfVers = " + kdfVers);
+
+            if ( ! versionIsCompatible( kdfVers) ) {
+            	throw new EncryptionException("This version of ESAPI does is not compatible with the version of ESAPI that encrypted your data.",
+            			"KDF version " + kdfVers + " from serialized ciphertext not compatibile with current KDF version of " + 
+            			KeyDerivationFunction.kdfVersion);
             }
             long timestamp = readLong(bais);
             debug("convertToCipherText: timestamp = " + new Date(timestamp));
@@ -292,8 +350,10 @@ private CipherText convertToCipherText(byte[] cipherTextSerializedBytes)
             cipherSpec.setIV(iv);
             debug("convertToCipherText: CipherSpec: " + cipherSpec);
             CipherText ct = new CipherText(cipherSpec);
-            assert (ivLen > 0 && ct.requiresIV()) :
-                    "convertToCipherText: Mismatch between IV length and cipher mode.";
+            if ( ! (ivLen > 0 && ct.requiresIV()) ) {
+                    throw new EncryptionException("convertToCipherText: Mismatch between IV length and cipher mode.",
+                    						      "Possible tampering of serialized ciphertext?");
+            }
             ct.setCiphertext(rawCiphertext);
               // Set this *AFTER* setting raw ciphertext because setCiphertext()
               // method also sets encryption time.
@@ -301,6 +361,13 @@ private CipherText convertToCipherText(byte[] cipherTextSerializedBytes)
             if ( macLen > 0 ) {
                 ct.storeSeparateMAC(mac);
             }
+            	// Fixed in ESAPI crypto version 20130839. Previously is didn't really matter
+            	// because there was only one version (20110203) and it defaulted to that
+            	// version, which was the current version. But we don't want that as now there
+            	// are two versions and we could be decrypting data encrypted using the previous
+            	// version.
+            ct.setKDF_PRF(kdfPrf);
+            ct.setKDFVersion(kdfVers);
             return ct;
         } catch(EncryptionException ex) {
             throw new EncryptionException("Cannot deserialize byte array into CipherText object",
@@ -311,8 +378,38 @@ private CipherText convertToCipherText(byte[] cipherTextSerializedBytes)
                     "Cannot deserialize byte array into CipherText object", e);
         }
     }
-    
-    private void debug(String msg) {
+
+    /** Check to see if we can support the KSF version that was extracted from
+     *  the serialized ciphertext. In particular, we assume that if we have a
+     *  newer version of KDF than we can support it as we assume that we have
+     *  built in backward compatibility.
+     *  
+     *  At this point (ESAPI 2.1.0, KDF version 20130830), all we need to check
+     *  if the version is either the current version or the previous version as
+     *  both versions work the same. This checking may get more complicated in
+     *  the future.
+     *  
+     *  @param readKdfVers	The version information extracted from the serialized
+     *  					ciphertext.
+     */
+    private static boolean versionIsCompatible(int readKdfVers) {
+    	// We've checked elsewhere for this, so assertion is OK here.
+    	assert readKdfVers > 0 : "Extracted KDF version is negative!";
+    	
+		switch ( readKdfVers ) {
+		case KeyDerivationFunction.originalVersion:		// First version
+			return true;
+		// Add new versions here; hard coding is OK...
+		// case YYYYMMDD:
+		//	return true;
+		case KeyDerivationFunction.kdfVersion:			// Current version
+			return true;
+		default:
+			return false;
+		}
+	}
+
+	private void debug(String msg) {
         if ( logger.isDebugEnabled() ) {
             logger.debug(Logger.EVENT_SUCCESS, msg);
         }
diff --git a/src/main/java/org/owasp/esapi/crypto/CryptoHelper.java b/src/main/java/org/owasp/esapi/crypto/CryptoHelper.java
index 2763a2832..024150bda 100644
--- a/src/main/java/org/owasp/esapi/crypto/CryptoHelper.java
+++ b/src/main/java/org/owasp/esapi/crypto/CryptoHelper.java
@@ -210,7 +210,7 @@ public static boolean isAllowedCipherMode(String cipherMode)
      *
      * @param ct    The specified {@code CipherText} object to check to see if
      *              it requires a MAC.
-     * @returns     True if a MAC is required, false if it is not required.
+     * @return      True if a MAC is required, false if it is not required.
      */
     public static boolean isMACRequired(CipherText ct) {
         boolean preferredCipherMode =
@@ -345,10 +345,51 @@ public static boolean arrayCompare(byte[] b1, byte[] b2) {
 	    return (result == 0) ? true : false;
 	}
   
+	/**
+	 * Is this particular KDF version number one that is sane? For that, we
+	 * just make sure it is inbounds of the valid range which is:
+	 * <pre>
+	 *     [20110203, 99991231]
+	 * </pre>
+	 * @param kdfVers	KDF version # that we are checking. Generally this is
+	 * 				extracted from the serialized {@code CipherText}.
+	 * @param restrictToCurrent	If this is set, we do an additional check
+	 *				to see if the KDF version is a later version than the
+	 *				one that this current ESAPI version supports.
+	 * @param throwIfError	Instead of returning {@code false} in the case of
+	 * 				an error, throw an {@code IllegalArgumentException}
+	 * @return	True if in range, false otherwise (except if {@code throwIfError}
+	 * 			is true.}
+	 */
+	public static boolean isValidKDFVersion(int kdfVers, boolean restrictToCurrent,
+											boolean throwIfError)
+				throws IllegalArgumentException
+	{
+		boolean ret = true;
+		
+		if ( kdfVers < KeyDerivationFunction.originalVersion || kdfVers > 99991231 ) {
+			ret = false;
+		} else if ( restrictToCurrent ) {
+			ret = ( kdfVers <= KeyDerivationFunction.kdfVersion );
+		}
+		if ( ret ) {
+			return ret;				// True
+		} else {					// False, so throw or not.
+			logger.warning(Logger.SECURITY_FAILURE, "Possible data tampering. Encountered invalid KDF version #. " +
+						   ( throwIfError ? "Throwing IllegalArgumentException" : "" ));
+			if ( throwIfError ) {	
+				throw new IllegalArgumentException("Version (" + kdfVers + ") invalid. " +
+					"Must be date in format of YYYYMMDD between " + KeyDerivationFunction.originalVersion + "and 99991231.");
+			}
+		}
+		return false;
+	}
+	
     /**
      * Prevent public, no-argument CTOR from being auto-generated. Public CTOR
      * is not needed as all methods are static.
      */
     private CryptoHelper() {
+    	;	// Prevent default CTOR from being auto-created.
     }
 }
diff --git a/src/main/java/org/owasp/esapi/crypto/CryptoToken.java b/src/main/java/org/owasp/esapi/crypto/CryptoToken.java
index 8df9dc107..4276079f9 100644
--- a/src/main/java/org/owasp/esapi/crypto/CryptoToken.java
+++ b/src/main/java/org/owasp/esapi/crypto/CryptoToken.java
@@ -250,8 +250,8 @@ public boolean isExpired() {
     
     /**
      * Set expiration time to expire in 'interval' seconds (NOT milliseconds).
-     * @param interval  Number of seconds in the future from current date/time
-     *                  to set expiration. Must be positive.
+     * @param intervalSecs  Number of seconds in the future from current date/time
+     *                  	to set expiration. Must be positive.
      */
     public void setExpiration(int intervalSecs) throws IllegalArgumentException
     {
diff --git a/src/main/java/org/owasp/esapi/crypto/KeyDerivationFunction.java b/src/main/java/org/owasp/esapi/crypto/KeyDerivationFunction.java
index 40c095b89..17635ce5a 100644
--- a/src/main/java/org/owasp/esapi/crypto/KeyDerivationFunction.java
+++ b/src/main/java/org/owasp/esapi/crypto/KeyDerivationFunction.java
@@ -57,7 +57,8 @@ public class KeyDerivationFunction {
 	 * @see CipherText#asPortableSerializedByteArray()
 	 * @see CipherText#fromPortableSerializedBytes(byte[])
 	 */
-	public  static final int  kdfVersion       = 20130830;   // Format: YYYYMMDD, max is 99991231.
+	public  static final int  originalVersion  = 20110203;	 // First version. Do not change. EVER!
+	public  static final int  kdfVersion       = 20130830;   // Current version. Format: YYYYMMDD, max is 99991231.
 	private static final long serialVersionUID = kdfVersion; // Format: YYYYMMDD
 	
     // Pseudo-random function algorithms suitable for NIST KDF in counter mode.
@@ -102,6 +103,17 @@ public enum PRF_ALGORITHMS {
 	private int version_ = kdfVersion;
 	private String context_ = "";
 
+    // Check if versions of KeyDerivationFunction, CipherText, and
+    // CipherTextSerializer are all the same.
+    {
+    	// Ignore error about comparing identical versions and dead code.
+    	// We expect them to be, but the point is to catch us if they aren't.
+    	assert CipherTextSerializer.cipherTextSerializerVersion == CipherText.cipherTextVersion :
+            "Versions of CipherTextSerializer and CipherText are not compatible.";
+    	assert CipherTextSerializer.cipherTextSerializerVersion == KeyDerivationFunction.kdfVersion :
+    		"Versions of CipherTextSerializer and KeyDerivationFunction are not compatible.";
+    }
+    
 	/**
 	 * Construct a {@code KeyDerivationFunction}.
 	 * @param prfAlg	Specifies a supported algorithm.
@@ -155,12 +167,11 @@ static int getDefaultPRFSelection() {
 	 * be decrypted.
 	 * @param version	Date as a integer, in format of YYYYMMDD. Maximum
 	 * 					version date is 99991231 (December 31, 9999).
+	 * @throws	IllegalArgumentException	If {@code version} is not within
+	 * 					the valid range of [20110203, 99991231].
 	 */
-	public void setVersion(int version) {
-		if ( version < 0 || version > 99991231 ) {
-			throw new IllegalArgumentException("Version (" + version + ") invalid. " +
-								"Must be date in format of YYYYMMDD < 99991231.");
-		}
+	public void setVersion(int version) throws IllegalArgumentException {
+		CryptoHelper.isValidKDFVersion(version, false, true);
 		this.version_ = version;
 	}
 
@@ -173,6 +184,12 @@ public int getVersion() {
 		return version_;
 	}
 	
+	
+	// TODO: IMPORTANT NOTE: In a future release (hopefully starting in 2.1.1),
+	// we will be using the 'context' to mix in some additional things. At a
+	// minimum, we will be using the KDF version (version_) so that downgrade version
+	// attacks are not possible. Other candidates are the cipher xform and
+	// the timestamp.
 	/**
 	 * Set the 'context' as specified by NIST Special Publication 800-108. NIST
 	 * defines 'context' as "A binary string containing the information related
@@ -186,7 +203,7 @@ public int getVersion() {
 	 * entities and other information to identify the derived
 	 * keying material. This is called context binding.
 	 * In particular, the identity (or identifier, as the term
-	 * is defined in [NIST SP 800- 56A , sic] and [NIST SP
+	 * is defined in [NIST SP 800-56A , sic] and [NIST SP
 	 * 800-56B , sic]) of each entity that will access (meaning
 	 * derive, hold, use, and/or distribute) any segment of
 	 * the keying material should be included in the Context
@@ -204,7 +221,9 @@ public int getVersion() {
 	 * 					value but {@code null}.
 	 */
 	public void setContext(String context) {
-		assert context != null : "Context may not be null.";
+		if ( context == null ) {
+			throw new IllegalArgumentException("Context may not be null.");
+		}
 		context_ = context;
 	}
 	
@@ -239,7 +258,7 @@ public String getContext() {
 	 * @param keyDerivationKey  A key used as an input to a key derivation function
 	 *                          to derive other keys. This is the key that generally
 	 *                          is created using some key generation mechanism such as
-	 *                          {@link #generateSecretKey(String, int)}. The
+	 *                          {@link CryptoHelper#generateSecretKey(String, int)}. The
 	 *                          "input" key from which the other keys are derived.
 	 * 							The derived key will have the same algorithm type
 	 * 							as this key. This KDK cannot be null.

From d08e7f81397ebadaef033dd53f14c0f4b79b0393 Mon Sep 17 00:00:00 2001
From: "kevin.w.wall" <kevin.w.wall@69e6d614-4441-0410-9a8b-65af957f44db>
Date: Sat, 31 Aug 2013 22:43:12 +0000
Subject: [PATCH 021/812] Future 'TODO' comment to ensure future backward
 compatibility with previous ESAPI crypto versions going forward. A reminder
 for release 2.1.1 and later.

---
 src/main/java/org/owasp/esapi/crypto/PlainText.java      | 3 ++-
 .../org/owasp/esapi/crypto/SecurityProviderLoader.java   | 8 ++++----
 .../org/owasp/esapi/reference/crypto/JavaEncryptor.java  | 9 +++++++++
 3 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/crypto/PlainText.java b/src/main/java/org/owasp/esapi/crypto/PlainText.java
index bfa9fd3a2..4491404d5 100644
--- a/src/main/java/org/owasp/esapi/crypto/PlainText.java
+++ b/src/main/java/org/owasp/esapi/crypto/PlainText.java
@@ -148,7 +148,8 @@ public void overwrite() {
      * though; this will just allow it to work in the future should we
      * decide to allow * sub-classing of this class.)
      * </p><p>
-     * See {@link http://www.artima.com/lejava/articles/equality.html}
+     * See <a href="http://www.artima.com/lejava/articles/equality.html">
+     * How to write an Equality Method in Java</a>
      * for full explanation.
      * </p>
      */
diff --git a/src/main/java/org/owasp/esapi/crypto/SecurityProviderLoader.java b/src/main/java/org/owasp/esapi/crypto/SecurityProviderLoader.java
index 1c1e35ae8..cacc9c9ef 100644
--- a/src/main/java/org/owasp/esapi/crypto/SecurityProviderLoader.java
+++ b/src/main/java/org/owasp/esapi/crypto/SecurityProviderLoader.java
@@ -100,13 +100,13 @@ public class SecurityProviderLoader  {
      * certificate has expired as of August 28, 2009. (This likely is true
      * for ABA, but I can't even find a copy to download!). Lastly, the IAIK
      * provider is no longer offered as free, open source. It is not a
-     * commercial product. See {@link http://jce.iaik.tugraz.at/} for
+     * commercial product. See {@link "http://jce.iaik.tugraz.at/"} for
      * details. While some older versions were offered free, it is not clear
      * whether the accompanying license still allows you to use it, and if
      * it does, whether or not the code signing certificate used to sign
      * their JCE jar(s) has expired are not.  Therefore, if you are looking
      * for a FOSS alternative to SunJCE, Bouncy Castle
-     * ({@link http://www.bouncycastle.org/} is probably your best bet. The
+     * ({@link "http://www.bouncycastle.org/"} is probably your best bet. The
      * BC provider does support many the "combined cipher modes" that provide
      * both confidentiality and authenticity. (See the {@code ESAPI.properties}
      * property {@code Encryptor.cipher_modes.combined_modes} for details.)
@@ -116,9 +116,9 @@ public class SecurityProviderLoader  {
      * by NIST's Cryptographic Module Validation Program and are therefore
      * <b>not</b> considered FIPS 140-2 compliant. There are a few approved
      * JCE compatible Java libraries that are on NIST's CMVP list, but this
-     * list changes constantly so they are not listed here. For futher details
+     * list changes constantly so they are not listed here. For further details
      * on NIST's CMVP, see
-     * {@link http://csrc.nist.gov/groups/STM/cmvp/index.html}.
+     * {@link "http://csrc.nist.gov/groups/STM/cmvp/index.html"}.
      * </p><p>
      * Finally, if you wish to use some other JCE provider not recognized above,
      * you must specify the provider's fully-qualified class name (which in
diff --git a/src/main/java/org/owasp/esapi/reference/crypto/JavaEncryptor.java b/src/main/java/org/owasp/esapi/reference/crypto/JavaEncryptor.java
index 064fa932c..a20c6122f 100644
--- a/src/main/java/org/owasp/esapi/reference/crypto/JavaEncryptor.java
+++ b/src/main/java/org/owasp/esapi/reference/crypto/JavaEncryptor.java
@@ -692,6 +692,15 @@ private PlainText handleDecryption(SecretKey key, CipherText ciphertext)
                 //       But remember Jon Bentley's "Rule #1 on performance: First make it right, then make it fast."
             	//		 This would be a security trade-off as it would leave keys in memory a bit longer, so it
             	//		 should probably be off by default and controlled via a property.
+            	//
+            	// TODO: Feed in some additional parms here to use as the 'context' for the
+            	//		 KeyDerivationFunction...especially the KDF version. We would have to
+            	//		 store that in the CipherText object. We *possibly* could make it
+            	//		 transient so it would not be serialized with the CipherText object,
+            	//		 otherwise we would have to implement readObject() and writeObject()
+            	//		 methods there to support backward compatibility. Anyhow the intent
+            	//		 is to prevent down grade attacks when we finally re-design and
+            	//		 re-implement the MAC. Think about this in version 2.1.1.
                 encKey = computeDerivedKey( ciphertext.getKDFVersion(), ciphertext.getKDF_PRF(),
                 		                    key, keySize, "encryption");
             }

From 9162dcd5cc5edd97920d7fc99606803802f41212 Mon Sep 17 00:00:00 2001
From: "kevin.w.wall" <kevin.w.wall@69e6d614-4441-0410-9a8b-65af957f44db>
Date: Sat, 31 Aug 2013 22:44:12 +0000
Subject: [PATCH 022/812] Javadoc cleanup.

---
 src/main/java/org/owasp/esapi/Encoder.java                | 6 +++---
 src/main/java/org/owasp/esapi/SecurityConfiguration.java  | 2 +-
 src/main/java/org/owasp/esapi/codecs/MySQLCodec.java      | 2 +-
 src/main/java/org/owasp/esapi/codecs/PercentCodec.java    | 4 ++--
 src/main/java/org/owasp/esapi/codecs/PushbackString.java  | 8 +++-----
 .../org/owasp/esapi/reference/AbstractAuthenticator.java  | 3 ++-
 .../java/org/owasp/esapi/reference/DefaultExecutor.java   | 2 --
 .../org/owasp/esapi/reference/DefaultHTTPUtilities.java   | 3 ++-
 .../java/org/owasp/esapi/waf/ConfigurationException.java  | 2 +-
 .../esapi/waf/configuration/ConfigurationParser.java      | 2 +-
 10 files changed, 16 insertions(+), 18 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/Encoder.java b/src/main/java/org/owasp/esapi/Encoder.java
index 8a0ccd94e..3bce42fc4 100644
--- a/src/main/java/org/owasp/esapi/Encoder.java
+++ b/src/main/java/org/owasp/esapi/Encoder.java
@@ -295,9 +295,9 @@ public interface Encoder {
      * 
      * For example:
      * <pre>
-     *  <script>
-     *     window.setInterval('<%= EVEN IF YOU ENCODE UNTRUSTED DATA YOU ARE XSSED HERE %>');
-     *  </script>
+     *  &lt;script&gt;
+     *    &nbsp;&nbsp;window.setInterval('&lt;%= EVEN IF YOU ENCODE UNTRUSTED DATA YOU ARE XSSED HERE %&gt;');
+     *  &lt;/script&gt;
      * </pre>
      * @param input 
      *          the text to encode for JavaScript
diff --git a/src/main/java/org/owasp/esapi/SecurityConfiguration.java b/src/main/java/org/owasp/esapi/SecurityConfiguration.java
index 1700d66f5..9c54acb9c 100644
--- a/src/main/java/org/owasp/esapi/SecurityConfiguration.java
+++ b/src/main/java/org/owasp/esapi/SecurityConfiguration.java
@@ -288,7 +288,7 @@ public interface SecurityConfiguration {
      * to an empty string, which means that the preferred JCE provider is not
      * changed.
      * @return The property {@code Encryptor.PreferredJCEProvider} is returned.
-     * @see org.owasp.esapi.crypto.SecurityProvider
+     * @see org.owasp.esapi.crypto.SecurityProviderLoader
      */
     public String getPreferredJCEProvider();
     
diff --git a/src/main/java/org/owasp/esapi/codecs/MySQLCodec.java b/src/main/java/org/owasp/esapi/codecs/MySQLCodec.java
index 7bdc60d39..01db4faf5 100644
--- a/src/main/java/org/owasp/esapi/codecs/MySQLCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/MySQLCodec.java
@@ -52,7 +52,7 @@ static Mode findByKey(int key) {
 
     /** Target MySQL Server is running in Standard MySQL (Default) mode. */
     public static final int MYSQL_MODE = 0;
-    /** Target MySQL Server is running in {@link http://dev.mysql.com/doc/refman/5.0/en/ansi-mode.html ANSI Mode} */
+    /** Target MySQL Server is running in {@link "http://dev.mysql.com/doc/refman/5.0/en/ansi-mode.html"} ANSI Mode */
     public static final int ANSI_MODE = 1;
 	
 	//private int mode = 0;
diff --git a/src/main/java/org/owasp/esapi/codecs/PercentCodec.java b/src/main/java/org/owasp/esapi/codecs/PercentCodec.java
index 147795ab5..307da471a 100644
--- a/src/main/java/org/owasp/esapi/codecs/PercentCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/PercentCodec.java
@@ -47,7 +47,7 @@ public class PercentCodec extends Codec
 	/**
 	 * Convinence method to encode a string into UTF-8. This
 	 * wraps the {@link UnsupportedEncodingException} that
-	 * {@link String.getBytes(String)} throws in a
+	 * {@link String#getBytes(String)} throws in a
 	 * {@link IllegalStateException} as UTF-8 support is required
 	 * by the Java spec and should never throw this exception.
 	 * @param str the string to encode
@@ -72,7 +72,7 @@ private static byte[] toUtf8Bytes(String str)
 	 * Append the two upper case hex characters for a byte.
 	 * @param sb The string buffer to append to.
 	 * @param b The byte to hexify
-	 * @returns sb with the hex characters appended.
+	 * @return sb with the hex characters appended.
 	 */
 	// rfc3986 2.1: For consistency, URI producers 
 	// should use uppercase hexadecimal digits for all percent-
diff --git a/src/main/java/org/owasp/esapi/codecs/PushbackString.java b/src/main/java/org/owasp/esapi/codecs/PushbackString.java
index 60a4c5e13..d218eb932 100644
--- a/src/main/java/org/owasp/esapi/codecs/PushbackString.java
+++ b/src/main/java/org/owasp/esapi/codecs/PushbackString.java
@@ -49,12 +49,10 @@ public void pushback( Character c ) {
 		pushback = c;
 	}
 	
-	/*
-	 * Get the current index of the PushbackString. Typically used in error messages.
-	 */
+
     /**
-     *
-     * @return
+     * Get the current index of the PushbackString. Typically used in error messages.
+     * @return The current index of the PushbackString.
      */
     public int index() {
 		return index;
diff --git a/src/main/java/org/owasp/esapi/reference/AbstractAuthenticator.java b/src/main/java/org/owasp/esapi/reference/AbstractAuthenticator.java
index 6a5ecdd43..4876da49d 100644
--- a/src/main/java/org/owasp/esapi/reference/AbstractAuthenticator.java
+++ b/src/main/java/org/owasp/esapi/reference/AbstractAuthenticator.java
@@ -115,7 +115,8 @@ protected DefaultUser getUserFromRememberToken() {
             String token = ESAPI.httpUtilities().getCookie(ESAPI.currentRequest(), HTTPUtilities.REMEMBER_TOKEN_COOKIE_NAME);
             if (token == null) return null;
             
-            // TODO - kww - URLDecode token first, and THEN unseal. See Google Issue 144.
+            // See Google Issue 144 regarding first URLDecode the token and THEN unsealing.
+            // Note that this Google Issue was marked as "WontFix".
 
             String[] data = ESAPI.encryptor().unseal(token).split("\\|");
             if (data.length != 2) {
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultExecutor.java b/src/main/java/org/owasp/esapi/reference/DefaultExecutor.java
index 1cfc91f96..9f4976591 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultExecutor.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultExecutor.java
@@ -199,8 +199,6 @@ public ExecuteResult executeSystemCommand(File executable, List params, File wor
      * 
      * @param is
      * 			input stream to read from
-     * @return
-     * 			a string containing as many lines as the input stream contains, with newlines between lines
      * @throws IOException
      */
     private static void readStream( InputStream is, StringBuilder sb ) throws IOException {
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java b/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java
index b1bf850d4..dc99d76b3 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java
@@ -912,7 +912,8 @@ public String setRememberToken( HttpServletRequest request, HttpServletResponse
 			long expiry = ESAPI.encryptor().getRelativeTimeStamp(maxAge * 1000);
 			String cryptToken = ESAPI.encryptor().seal(clearToken, expiry);
 
-            // TODO - URLEncode cryptToken before creating cookie? See Google Issue # 144 - KWW
+            // Do NOT URLEncode cryptToken before creating cookie. See Google Issue # 144,
+			// which was marked as "WontFix".
 
 			Cookie cookie = new Cookie( REMEMBER_TOKEN_COOKIE_NAME, cryptToken );
 			cookie.setMaxAge( maxAge );
diff --git a/src/main/java/org/owasp/esapi/waf/ConfigurationException.java b/src/main/java/org/owasp/esapi/waf/ConfigurationException.java
index 314828bfd..9ea04fd7b 100644
--- a/src/main/java/org/owasp/esapi/waf/ConfigurationException.java
+++ b/src/main/java/org/owasp/esapi/waf/ConfigurationException.java
@@ -23,7 +23,7 @@
  * The Exception to be thrown when there is an error parsing a policy file.
  * 
  * @author Arshan Dabirsiaghi
- * @see org.owasp.esapi.configuration.ConfigurationParser
+ * @see org.owasp.esapi.waf.configuration.ConfigurationParser
  *
  */
 public class ConfigurationException extends EnterpriseSecurityException {
diff --git a/src/main/java/org/owasp/esapi/waf/configuration/ConfigurationParser.java b/src/main/java/org/owasp/esapi/waf/configuration/ConfigurationParser.java
index 2087eee2f..2366fcdf5 100644
--- a/src/main/java/org/owasp/esapi/waf/configuration/ConfigurationParser.java
+++ b/src/main/java/org/owasp/esapi/waf/configuration/ConfigurationParser.java
@@ -56,7 +56,7 @@
  * The class used to turn a policy file's contents into an object model. 
  * 
  * @author Arshan Dabirsiaghi
- * @see org.owasp.esapi.waf.AppGuardianConfiguration
+ * @see org.owasp.esapi.waf.configuration.AppGuardianConfiguration
  */
 public class ConfigurationParser {
 

From 67fa255324a597c750acd9e6cfffcdddf0cc83c5 Mon Sep 17 00:00:00 2001
From: "kevin.w.wall" <kevin.w.wall@69e6d614-4441-0410-9a8b-65af957f44db>
Date: Sat, 31 Aug 2013 22:47:29 +0000
Subject: [PATCH 023/812] Ant script to create Javadoc.

---
 ant-javadoc.xml | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 ant-javadoc.xml

diff --git a/ant-javadoc.xml b/ant-javadoc.xml
new file mode 100644
index 000000000..084d4d1dc
--- /dev/null
+++ b/ant-javadoc.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<project default="javadoc">
+    <target name="javadoc">
+        <javadoc access="private" additionalparam="-J-Xmx768m " author="true" classpath="C:\Users\kww\.m2\repository\org\beanshell\bsh-core\2.0b4\bsh-core-2.0b4.jar;C:\Users\kww\.m2\repository\xalan\xalan\2.7.0\xalan-2.7.0.jar;C:\Users\kww\.m2\repository\logkit\logkit\1.0.1\logkit-1.0.1.jar;C:\Users\kww\.m2\repository\commons-io\commons-io\1.3\commons-io-1.3.jar;C:\Users\kww\.m2\repository\commons-collections\commons-collections\3.2\commons-collections-3.2.jar;C:\Users\kww\.m2\repository\commons-fileupload\commons-fileupload\1.2\commons-fileupload-1.2.jar;C:\Users\kww\.m2\repository\xml-apis\xml-apis\1.3.03\xml-apis-1.3.03.jar;C:\Users\kww\.m2\repository\org\apache\xmlgraphics\batik-util\1.7\batik-util-1.7.jar;C:\Users\kww\.m2\repository\commons-logging\commons-logging\1.1\commons-logging-1.1.jar;C:\Users\kww\.m2\repository\xom\xom\1.2.5\xom-1.2.5.jar;C:\Users\kww\.m2\repository\junit\junit\4.4\junit-4.4.jar;C:\Users\kww\.m2\repository\commons-beanutils\commons-beanutils\1.7.0\commons-beanutils-1.7.0.jar;C:\Users\kww\.m2\repository\xerces\xercesImpl\2.8.0\xercesImpl-2.8.0.jar;C:\Users\kww\.m2\repository\commons-codec\commons-codec\1.2\commons-codec-1.2.jar;C:\Users\kww\.m2\repository\commons-beanutils\commons-beanutils-core\1.7.0\commons-beanutils-core-1.7.0.jar;C:\Users\kww\.m2\repository\net\sourceforge\nekohtml\nekohtml\1.9.12\nekohtml-1.9.12.jar;C:\Users\kww\.m2\repository\org\apache\xmlgraphics\batik-css\1.7\batik-css-1.7.jar;C:\Users\kww\.m2\repository\xml-apis\xml-apis-ext\1.3.04\xml-apis-ext-1.3.04.jar;C:\Users\kww\.m2\repository\org\owasp\antisamy\antisamy\1.4.3\antisamy-1.4.3.jar;C:\Users\kww\.m2\repository\commons-httpclient\commons-httpclient\3.1\commons-httpclient-3.1.jar;C:\Users\kww\.m2\repository\javax\servlet\servlet-api\2.4\servlet-api-2.4.jar;C:\Users\kww\.m2\repository\commons-lang\commons-lang\2.3\commons-lang-2.3.jar;C:\Users\kww\.m2\repository\log4j\log4j\1.2.16\log4j-1.2.16.jar;C:\Users\kww\.m2\repository\commons-digester\commons-digester\1.8\commons-digester-1.8.jar;C:\Users\kww\.m2\repository\avalon-framework\avalon-framework\4.1.3\avalon-framework-4.1.3.jar;C:\Users\kww\.m2\repository\commons-configuration\commons-configuration\1.5\commons-configuration-1.5.jar;C:\Users\kww\.m2\repository\org\apache\xmlgraphics\batik-ext\1.7\batik-ext-1.7.jar;C:\Users\kww\.m2\repository\javax\servlet\jsp-api\2.0\jsp-api-2.0.jar;target/test-classes" destdir="doc" doctitle="OWASP ESAPI 2.1.0 API" nodeprecated="false" nodeprecatedlist="false" noindex="false" nonavbar="false" notree="false" packagenames="org.owasp.esapi.waf.rules,org.owasp.esapi.waf.actions,org.owasp.esapi.tags,org.owasp.esapi.waf.configuration" source="1.5" sourcefiles="src/main/java/org/owasp/esapi/errors/ConfigurationException.java,src/main/java/org/owasp/esapi/AccessController.java,src/main/java/org/owasp/esapi/reference/accesscontrol/DelegatingACR.java,src/main/java/org/owasp/esapi/Encryptor.java,src/main/java/org/owasp/esapi/Authenticator.java,src/main/java/org/owasp/esapi/errors/AccessControlException.java,src/main/java/org/owasp/esapi/util/DefaultMessageUtil.java,src/main/java/org/owasp/esapi/errors/EncodingException.java,src/main/java/org/owasp/esapi/reference/crypto/DefaultEncryptedProperties.java,src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/DynaBeanACRParameterLoader.java,src/main/java/org/owasp/esapi/AccessReferenceMap.java,src/main/java/org/owasp/esapi/reference/validation/HTMLValidationRule.java,src/main/java/org/owasp/esapi/errors/AuthenticationAccountsException.java,src/main/java/org/owasp/esapi/Randomizer.java,src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/PolicyParameters.java,src/main/java/org/owasp/esapi/errors/ValidationUploadException.java,src/main/java/org/owasp/esapi/crypto/KeyDerivationFunction.java,src/main/java/org/owasp/esapi/reference/DefaultIntrusionDetector.java,src/main/java/org/owasp/esapi/Logger.java,src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java,src/main/java/org/owasp/esapi/IntrusionDetector.java,src/main/java/org/owasp/esapi/filters/SecurityWrapper.java,src/main/java/org/owasp/esapi/EncoderConstants.java,src/main/java/org/owasp/esapi/Encoder.java,src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRParameterLoader.java,src/main/java/org/owasp/esapi/reference/accesscontrol/BaseACR.java,src/main/java/org/owasp/esapi/errors/AuthenticationException.java,src/main/java/org/owasp/esapi/reference/DefaultRandomizer.java,src/main/java/org/owasp/esapi/reference/validation/NumberValidationRule.java,src/main/java/org/owasp/esapi/reference/JavaLogFactory.java,src/main/java/org/owasp/esapi/codecs/JavaScriptCodec.java,src/main/java/org/owasp/esapi/errors/AuthenticationCredentialsException.java,src/main/java/org/owasp/esapi/reference/accesscontrol/DynaBeanACRParameter.java,src/main/java/org/owasp/esapi/errors/ExecutorException.java,src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java,src/main/java/org/owasp/esapi/codecs/UnixCodec.java,src/main/java/org/owasp/esapi/codecs/WindowsCodec.java,src/main/java/org/owasp/esapi/waf/ConfigurationException.java,src/main/java/org/owasp/esapi/reference/Log4JLogFactory.java,src/main/java/org/owasp/esapi/Validator.java,src/main/java/org/owasp/esapi/crypto/CryptoDiscoverer.java,src/main/java/org/owasp/esapi/crypto/CipherTextSerializer.java,src/main/java/org/owasp/esapi/reference/validation/CreditCardValidationRule.java,src/main/java/org/owasp/esapi/AccessControlRule.java,src/main/java/org/owasp/esapi/reference/RandomAccessReferenceMap.java,src/main/java/org/owasp/esapi/errors/EncryptionRuntimeException.java,src/main/java/org/owasp/esapi/ValidationErrorList.java,src/main/java/org/owasp/esapi/ValidationRule.java,src/main/java/org/owasp/esapi/codecs/MySQLCodec.java,src/main/java/org/owasp/esapi/EncryptedProperties.java,src/main/java/org/owasp/esapi/reference/validation/DateValidationRule.java,src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java,src/main/java/org/owasp/esapi/util/NullSafe.java,src/main/java/org/owasp/esapi/codecs/VBScriptCodec.java,src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java,src/main/java/org/owasp/esapi/PreparedString.java,src/main/java/org/owasp/esapi/errors/IntrusionException.java,src/main/java/org/owasp/esapi/crypto/CryptoHelper.java,src/main/java/org/owasp/esapi/crypto/CipherText.java,src/main/java/org/owasp/esapi/reference/accesscontrol/EchoRuntimeParameterACR.java,src/main/java/org/owasp/esapi/reference/accesscontrol/AlwaysTrueACR.java,src/main/java/org/owasp/esapi/codecs/Codec.java,src/main/java/org/owasp/esapi/errors/EnterpriseSecurityException.java,src/main/java/org/owasp/esapi/SecurityConfiguration.java,src/main/java/org/owasp/esapi/errors/AvailabilityException.java,src/main/java/org/owasp/esapi/reference/AbstractAuthenticator.java,src/main/java/org/owasp/esapi/waf/internal/InterceptingServletOutputStream.java,src/main/java/org/owasp/esapi/codecs/Hex.java,src/main/java/org/owasp/esapi/codecs/PercentCodec.java,src/main/java/org/owasp/esapi/codecs/Trie.java,src/main/java/org/owasp/esapi/codecs/HashTrie.java,src/main/java/org/owasp/esapi/reference/IntegerAccessReferenceMap.java,src/main/java/org/owasp/esapi/ESAPI.java,src/main/java/org/owasp/esapi/reference/Log4JLogger.java,src/main/java/org/owasp/esapi/crypto/PlainText.java,src/main/java/org/owasp/esapi/SafeFile.java,src/main/java/org/owasp/esapi/waf/internal/InterceptingHTTPServletResponse.java,src/main/java/org/owasp/esapi/errors/ValidationAvailabilityException.java,src/main/java/org/owasp/esapi/reference/AbstractAccessReferenceMap.java,src/main/java/org/owasp/esapi/crypto/CipherSpec.java,src/main/java/org/owasp/esapi/StringUtilities.java,src/main/java/org/owasp/esapi/codecs/OracleCodec.java,src/main/java/org/owasp/esapi/codecs/CSSCodec.java,src/main/java/org/owasp/esapi/waf/internal/Parameter.java,src/main/java/org/owasp/esapi/util/CollectionsUtil.java,src/main/java/org/owasp/esapi/crypto/CryptoToken.java,src/main/java/org/owasp/esapi/reference/crypto/ReferenceEncryptedProperties.java,src/main/java/org/owasp/esapi/errors/EnterpriseSecurityRuntimeException.java,src/main/java/org/owasp/esapi/HTTPUtilities.java,src/main/java/org/owasp/esapi/codecs/PushbackString.java,src/main/java/org/owasp/esapi/filters/ESAPIFilter.java,src/main/java/org/owasp/esapi/waf/internal/InterceptingHTTPServletRequest.java,src/main/java/org/owasp/esapi/reference/Log4JLoggerFactory.java,src/main/java/org/owasp/esapi/reference/validation/StringValidationRule.java,src/main/java/org/owasp/esapi/waf/ESAPIWebApplicationFirewallFilter.java,src/main/java/org/owasp/esapi/reference/accesscontrol/AlwaysFalseACR.java,src/main/java/org/owasp/esapi/errors/EncryptionException.java,src/main/java/org/owasp/esapi/codecs/Base64.java,src/main/java/org/owasp/esapi/errors/AuthenticationLoginException.java,src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/EchoDynaBeanPolicyParameterACR.java,src/main/java/org/owasp/esapi/reference/DefaultExecutor.java,src/main/java/org/owasp/esapi/errors/IntegrityException.java,src/main/java/org/owasp/esapi/codecs/XMLEntityCodec.java,src/main/java/org/owasp/esapi/User.java,src/main/java/org/owasp/esapi/filters/SecurityWrapperRequest.java,src/main/java/org/owasp/esapi/reference/DefaultEncoder.java,src/main/java/org/owasp/esapi/reference/crypto/JavaEncryptor.java,src/main/java/org/owasp/esapi/errors/AuthenticationHostException.java,src/main/java/org/owasp/esapi/util/ObjFactory.java,src/main/java/org/owasp/esapi/reference/crypto/EncryptedPropertiesUtils.java,src/main/java/org/owasp/esapi/crypto/SecurityProviderLoader.java,src/main/java/org/owasp/esapi/waf/internal/InterceptingPrintWriter.java,src/main/java/org/owasp/esapi/reference/DefaultUser.java,src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRParameterLoaderHelper.java,src/main/java/org/owasp/esapi/filters/ClickjackFilter.java,src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/PolicyDTO.java,src/main/java/org/owasp/esapi/reference/DefaultValidator.java,src/main/java/org/owasp/esapi/reference/DefaultAccessController.java,src/main/java/org/owasp/esapi/codecs/DB2Codec.java,src/main/java/org/owasp/esapi/reference/accesscontrol/ExperimentalAccessController.java,src/main/java/org/owasp/esapi/errors/ValidationException.java,src/main/java/org/owasp/esapi/Executor.java,src/main/java/org/owasp/esapi/reference/validation/IntegerValidationRule.java,src/main/java/org/owasp/esapi/reference/accesscontrol/FileBasedACRs.java,src/main/java/org/owasp/esapi/filters/RequestRateThrottleFilter.java,src/main/java/org/owasp/esapi/util/ByteConversionUtil.java,src/main/java/org/owasp/esapi/reference/validation/BaseValidationRule.java,src/main/java/org/owasp/esapi/LogFactory.java,src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRPolicyFileLoader.java,src/main/java/org/owasp/esapi/reference/FileBasedAuthenticator.java,src/main/java/org/owasp/esapi/errors/CertificateException.java,src/main/java/org/owasp/esapi/ExecuteResult.java" sourcepath="src/test/resources;src/test/java;src/main/java" splitindex="true" use="true" version="true">
+            <link href="http://java.sun.com/javase/7/docs/api/"/>
+        </javadoc>
+    </target>
+</project>

From e707ac86e6e162ecc64b7fd95f04fc3579d6e8b7 Mon Sep 17 00:00:00 2001
From: "chris.schmidt@owasp.org"
 <chris.schmidt@owasp.org@69e6d614-4441-0410-9a8b-65af957f44db>
Date: Mon, 2 Sep 2013 20:38:25 +0000
Subject: [PATCH 024/812] Updating version back to snapshot to perform release

---
 pom.xml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index 2de9b9a73..39ec222cc 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,7 +3,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.owasp.esapi</groupId>
     <artifactId>esapi</artifactId>
-    <version>2.1.0</version>
+    <version>2.1.0-SNAPSHOT</version>
     <packaging>jar</packaging>
 
     <parent>
@@ -245,6 +245,7 @@
             </plugin>
 
             <!-- Check for updates to dependencies and report on them. -->
+<!--
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>versions-maven-plugin</artifactId>
@@ -252,7 +253,7 @@
                 <executions>
                     <execution>
                         <id>check-for-dependency-updates</id>
-                        <phase>compile</phase> <!-- Eclipse q4e plugin needs this -->
+                        <phase>compile</phase> &lt;!&ndash; Eclipse q4e plugin needs this &ndash;&gt;
                         <goals>
                             <goal>display-dependency-updates</goal>
                             <goal>display-plugin-updates</goal>
@@ -261,6 +262,7 @@
                     </execution>
                 </executions>
             </plugin>
+-->
         </plugins>
     </build>
 

From 97d4891a1a2b277dc5997e04923bc697dd437ee8 Mon Sep 17 00:00:00 2001
From: "kevin.w.wall" <kevin.w.wall@69e6d614-4441-0410-9a8b-65af957f44db>
Date: Mon, 2 Sep 2013 21:47:22 +0000
Subject: [PATCH 025/812] Final clean up. Removed erroneous code from
 ESAPICryptoMACByPassTest.java that caused (correct) AssertionError when
 assertions were enabled during execution of JUnit tests. Removed superfluous
 System.err.println() in CipherTextSerializer.

---
 src/main/java/org/owasp/esapi/crypto/CipherTextSerializer.java | 2 --
 .../java/org/owasp/esapi/crypto/ESAPICryptoMACByPassTest.java  | 3 +--
 2 files changed, 1 insertion(+), 4 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/crypto/CipherTextSerializer.java b/src/main/java/org/owasp/esapi/crypto/CipherTextSerializer.java
index ee69e7baf..2a6caebff 100644
--- a/src/main/java/org/owasp/esapi/crypto/CipherTextSerializer.java
+++ b/src/main/java/org/owasp/esapi/crypto/CipherTextSerializer.java
@@ -301,8 +301,6 @@ private CipherText convertToCipherText(byte[] cipherTextSerializedBytes)
             }
             
             debug("convertToCipherText: kdfPrf = " + kdfPrf + ", kdfVers = " + kdfVers);
-            System.err.println("convertToCipherText: kdfPrf = " + kdfPrf + ", kdfVers = " + kdfVers);
-
             if ( ! versionIsCompatible( kdfVers) ) {
             	throw new EncryptionException("This version of ESAPI does is not compatible with the version of ESAPI that encrypted your data.",
             			"KDF version " + kdfVers + " from serialized ciphertext not compatibile with current KDF version of " + 
diff --git a/src/test/java/org/owasp/esapi/crypto/ESAPICryptoMACByPassTest.java b/src/test/java/org/owasp/esapi/crypto/ESAPICryptoMACByPassTest.java
index 34878c705..e54ad33f8 100644
--- a/src/test/java/org/owasp/esapi/crypto/ESAPICryptoMACByPassTest.java
+++ b/src/test/java/org/owasp/esapi/crypto/ESAPICryptoMACByPassTest.java
@@ -54,7 +54,7 @@ public void setUp() throws NoSuchAlgorithmException, InvalidKeySpecException {
     @Test
     public void testMacBypass() throws EncryptionException, NoSuchFieldException, IllegalAccessException {
 
-        byte[] bkey = {0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0xA,0x0B,0x0C,0x0D,0x0E,0x0F}; //Truly random key.
+        byte[] bkey = {0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0xA,0x0B,0x0C,0x0D,0x0E,0x0F}; //Truly random key. ;-)
         SecretKey sk = new SecretKeySpec(bkey,"AES");
 
         //Encryption with MAC
@@ -76,7 +76,6 @@ public void testMacBypass() throws EncryptionException, NoSuchFieldException, Il
         String origCipherXform =
         	ESAPI.securityConfiguration().setCipherTransformation("AES/CBC/NoPadding");
         CipherText ct = ESAPI.encryptor().encrypt(sk,new PlainText(originalMessage));
-        ct.computeAndStoreMAC(sk);
 
         //Serialize the ciphertext in order to send it over the wire..
         byte[] serializedCt = ct.asPortableSerializedByteArray();

From 4d37568b0b6aa0ad86f8faf63b6083c51741d587 Mon Sep 17 00:00:00 2001
From: "chris.schmidt@owasp.org"
 <chris.schmidt@owasp.org@69e6d614-4441-0410-9a8b-65af957f44db>
Date: Tue, 3 Sep 2013 01:16:41 +0000
Subject: [PATCH 026/812] [maven-release-plugin] prepare release esapi-2.1.0

---
 pom.xml | 1008 +++++++++++++++++++++++++++----------------------------
 1 file changed, 504 insertions(+), 504 deletions(-)

diff --git a/pom.xml b/pom.xml
index 39ec222cc..e6ce7652e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1,504 +1,504 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
-    <modelVersion>4.0.0</modelVersion>
-    <groupId>org.owasp.esapi</groupId>
-    <artifactId>esapi</artifactId>
-    <version>2.1.0-SNAPSHOT</version>
-    <packaging>jar</packaging>
-
-    <parent>
-        <groupId>org.sonatype.oss</groupId>
-        <artifactId>oss-parent</artifactId>
-        <version>5</version>
-    </parent>
-
-    <licenses>
-        <license>
-            <name>BSD</name>
-            <url>http://www.opensource.org/licenses/bsd-license.php</url>
-            <comments>Code License - New BSD License</comments>
-        </license>
-        <license>
-            <name>Creative Commons 3.0 BY-SA</name>
-            <url>http://creativecommons.org/licenses/by-sa/3.0/</url>
-            <comments>Content License - Create Commons 3.0 BY-SA</comments>
-        </license>
-    </licenses>
-
-    <name>ESAPI</name>
-    <url>http://www.esapi.org/</url>
-    <description>The Enterprise Security API (ESAPI) project is an OWASP project
-        to create simple strong security controls for every web platform.
-        Security controls are not simple to build. You can read about the
-        hundreds of pitfalls for unwary developers on the OWASP web site. By
-        providing developers with a set of strong controls, we aim to
-        eliminate some of the complexity of creating secure web applications.
-        This can result in significant cost savings across the SDLC.
-    </description>
-
-    <organization>
-        <name>The Open Web Application Security Project (OWASP)</name>
-        <url>http://www.owasp.org/index.php</url>
-    </organization>
-
-    <mailingLists>
-        <mailingList>
-            <name>ESAPI-Users</name>
-            <subscribe>https://lists.owasp.org/mailman/listinfo/esapi-user/</subscribe>
-            <unsubscribe>https://lists.owasp.org/mailman/listinfo/esapi-user/</unsubscribe>
-            <post>mailto:esapi-users@lists.owasp.org</post>
-            <archive>https://lists.owasp.org/pipermail/esapi-users/</archive>
-            <!--This is the OWASP ESAPI mailing list for ESAPI users, regardless of programming language. For example, ESAPI users with questions about ESAPI for Java or ESAPI for PHP would both post here.-->
-        </mailingList>
-        <mailingList>
-            <name>ESAPI-Developers</name>
-            <subscribe>https://lists.owasp.org/mailman/listinfo/esapi-dev/</subscribe>
-            <unsubscribe>https://lists.owasp.org/mailman/listinfo/esapi-dev/</unsubscribe>
-            <post>mailto:esapi-dev@lists.owasp.org</post>
-            <archive>https://lists.owasp.org/pipermail/esapi-dev/</archive>
-            <!--This is the OWASP ESAPI mailing list for ESAPI for Java developers. While the list is not closed, the topics of discussion are likely to be less relevant to those only using ESAPI. Note that this is the list for ESAPI for Java. Most other language implementations, such ESAPI for PHP, have their own mailing lists.-->
-        </mailingList>
-        <mailingList>
-            <name>OWASP-ESAPI (Inactive! Archive only!)</name>
-            <archive>https://lists.owasp.org/pipermail/owasp-esapi/</archive>
-            <!--The name of the obsolete mailing list that previously was a combination of an ESAPI users lists and ESAP development list. While obsolete, it is still sometimes useful for searching through old historical posts. NOTE: NEW POSTS SHOULD NO LONGER BE MADE TO THIS LIST!-->
-        </mailingList>
-    </mailingLists>
-
-    <scm>
-        <connection>scm:svn:http://owasp-esapi-java.googlecode.com/svn/trunk</connection>
-        <developerConnection>scm:svn:https://owasp-esapi-java.googlecode.com/svn/trunk</developerConnection>
-        <url>http://code.google.com/p/owasp-esapi-java/source/checkout</url>
-    </scm>
-
-    <issueManagement>
-        <system>Google Code Issue Tracking</system>
-        <url>http://code.google.com/p/owasp-esapi-java/issues/list</url>
-    </issueManagement>
-
-    <developers>
-        <developer>
-            <name>Jeff Williams</name>
-            <organization>Aspect Security</organization>
-            <roles>
-                <role>Project Owner</role>
-                <role>Architect</role>
-                <role>Developer</role>
-            </roles>
-        </developer>
-        <developer>
-            <name>Jim Manico</name>
-            <roles>
-                <role>Project Manager</role>
-                <role>BuildMaster</role>
-                <role>Developer</role>
-                <role>Architect</role>
-            </roles>
-        </developer>
-        <developer>
-            <name>Chris Schmidt</name>
-            <organization>Aspect Security</organization>
-            <roles>
-                <role>Project Manager</role>
-                <role>Continuous Integration Admin</role>
-                <role>Architect</role>
-                <role>Developer</role>
-            </roles>
-        </developer>
-        <developer>
-            <name>Kevin W. Wall</name>
-            <organization>Wells Fargo</organization>
-            <roles>
-                <role>Project Manager</role>
-                <role>Architect</role>
-                <role>Developer</role>
-                <role>Crypto Guy</role>
-            </roles>
-        </developer>
-    </developers>
-
-    <contributors>
-        <contributor>
-            <name>Dave Wichers</name>
-            <organization>Aspect Security</organization>
-            <roles>
-                <role>Documentation and Examples</role>
-                <role>Minor Code Contributions</role>
-                <role>Project Guidance</role>
-            </roles>
-        </contributor>
-    </contributors>
-
-    <properties>
-        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    </properties>
-
-    <dependencies>
-        <dependency>
-            <groupId>commons-configuration</groupId>
-            <artifactId>commons-configuration</artifactId>
-            <version>1.5</version>
-        </dependency>
-        <dependency>
-            <groupId>commons-beanutils</groupId>
-            <artifactId>commons-beanutils-core</artifactId>
-            <version>1.7.0</version>
-        </dependency>
-        <dependency>
-            <groupId>junit</groupId>
-            <artifactId>junit</artifactId>
-            <version>4.4</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>javax.servlet</groupId>
-            <artifactId>servlet-api</artifactId>
-            <version>2.4</version>
-            <scope>provided</scope>
-        </dependency>
-        <dependency>
-            <groupId>javax.servlet</groupId>
-            <artifactId>jsp-api</artifactId>
-            <version>2.0</version>
-            <scope>provided</scope>
-        </dependency>
-        <dependency>
-            <groupId>commons-fileupload</groupId>
-            <artifactId>commons-fileupload</artifactId>
-            <version>1.2</version>
-            <scope>compile</scope>
-        </dependency>
-        <!-- unused according to dependancy:analyze
-           this is a optional dependency of commons-fileupload which
-           is at least needed for testing...
-        -->
-        <dependency>
-            <groupId>commons-io</groupId>
-            <artifactId>commons-io</artifactId>
-            <version>1.3</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>commons-collections</groupId>
-            <artifactId>commons-collections</artifactId>
-            <version>3.2</version>
-            <scope>compile</scope>
-        </dependency>
-        <dependency>
-            <groupId>log4j</groupId>
-            <artifactId>log4j</artifactId>
-            <version>1.2.16</version>
-            <scope>compile</scope>
-            <type>jar</type>
-        </dependency>
-        <dependency>
-            <groupId>xom</groupId>
-            <artifactId>xom</artifactId>
-            <version>1.2.5</version>
-        </dependency>
-        <dependency>
-            <groupId>org.beanshell</groupId>
-            <artifactId>bsh-core</artifactId>
-            <version>2.0b4</version>
-        </dependency>
-        <dependency>
-            <groupId>org.owasp.antisamy</groupId>
-            <artifactId>antisamy</artifactId>
-            <version>1.4.3</version>
-        </dependency>
-    </dependencies>
-
-    <build>
-        <plugins>
-            <plugin>
-                <artifactId>maven-compiler-plugin</artifactId>
-                <version>2.3.2</version>
-                <configuration>
-                    <source>1.5</source>
-                    <target>1.5</target>
-                    <debug>true</debug>
-                    <showWarnings>true</showWarnings>
-                    <showDeprecation>false</showDeprecation>
-                </configuration>
-            </plugin>
-
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-eclipse-plugin</artifactId>
-                <version>2.8</version>
-                <configuration>
-                    <downloadSources>true</downloadSources>
-                </configuration>
-            </plugin>
-
-            <plugin>
-                <artifactId>maven-jar-plugin</artifactId>
-                <version>2.3.1</version>
-                <configuration>
-                    <archive>
-                        <manifest>
-                            <addDefaultImplementationEntries>true</addDefaultImplementationEntries>
-                            <addDefaultSpecificationEntries>true</addDefaultSpecificationEntries>
-                        </manifest>
-                    </archive>
-                </configuration>
-            </plugin>
-
-            <!-- Check for updates to dependencies and report on them. -->
-<!--
-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>versions-maven-plugin</artifactId>
-                <version>1.2</version>
-                <executions>
-                    <execution>
-                        <id>check-for-dependency-updates</id>
-                        <phase>compile</phase> &lt;!&ndash; Eclipse q4e plugin needs this &ndash;&gt;
-                        <goals>
-                            <goal>display-dependency-updates</goal>
-                            <goal>display-plugin-updates</goal>
-                            <goal>display-property-updates</goal>
-                        </goals>
-                    </execution>
-                </executions>
-            </plugin>
--->
-        </plugins>
-    </build>
-
-    <reporting>
-        <plugins>
-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>findbugs-maven-plugin</artifactId>
-                <version>2.3.1</version>
-                <configuration>
-                    <findbugsXmlOutput>true</findbugsXmlOutput>
-                    <findbugsXmlWithMessages>true</findbugsXmlWithMessages>
-                    <xmlOutput>true</xmlOutput>
-                    <threshold>Low</threshold>
-                    <effort>Max</effort>
-                    <relaxed>false</relaxed>
-                </configuration>
-            </plugin>
-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>cobertura-maven-plugin</artifactId>
-                <version>2.4</version>
-                <configuration>
-                    <formats>
-                        <format>html</format>
-                        <format>xml</format>
-                    </formats>
-                </configuration>
-            </plugin>
-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>jdepend-maven-plugin</artifactId>
-                <version>2.0-beta-2</version>
-            </plugin>
-            <plugin>
-                <artifactId>maven-pmd-plugin</artifactId>
-                <version>2.5</version>
-                <configuration>
-                    <targetJdk>1.5</targetJdk>
-                    <sourceEncoding>utf-8</sourceEncoding>
-                </configuration>
-            </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-javadoc-plugin</artifactId>
-                <version>2.7</version>
-                <configuration>
-                    <detectJavaApiLink>false</detectJavaApiLink>
-                    <detectLinks>false</detectLinks>
-                </configuration>
-            </plugin>
-            <plugin>
-                <groupId>net.sourceforge.maven-taglib</groupId>
-                <artifactId>maven-taglib-plugin</artifactId>
-                <version>2.4</version>
-            </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-changelog-plugin</artifactId>
-                <version>2.2</version>
-                <configuration>
-                    <issueIDRegexPattern>[Ii]ssue[# ]*(\d)+</issueIDRegexPattern>
-                    <issueLinkUrl>http://code.google.com/p/owasp-esapi-java/issues/detail?id=%ISSUE%</issueLinkUrl>
-                    <type>date</type>
-                    <dates>
-                        <date>2011-05-11 00:00:00</date>
-                    </dates>
-                </configuration>
-            </plugin>
-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>versions-maven-plugin</artifactId>
-                <version>1.2</version>
-                <reportSets>
-                    <reportSet>
-                        <reports>
-                            <report>dependency-updates-report</report>
-                            <report>plugin-updates-report</report>
-                            <report>property-updates-report</report>
-                        </reports>
-                    </reportSet>
-                </reportSets>
-            </plugin>
-        </plugins>
-    </reporting>
-
-    <profiles>
-        <profile>
-            <!-- Activate to sign jars and build distributable download. -->
-            <id>dist</id>
-
-            <!-- This profile is activated when mvn release:perform is called from the command line
-                 to actually do a release. If you need this profile active for some reason outside
-                 of performing a release, use mvn <command> -Pdist
-            -->
-            <activation>
-                <property>
-                    <name>performRelease</name>
-                    <value>true</value>
-                </property>
-            </activation>
-
-            <distributionManagement>
-                <snapshotRepository>
-                    <id>sonatype-nexus-snapshots</id>
-                    <url>https://oss.sonatype.org/content/repositories/snapshots</url>
-                </snapshotRepository>
-                <repository>
-                    <id>sonatype-nexus-staging</id>
-                    <url>https://oss.sonatype.org/service/local/staging/deploy/maven2</url>
-                </repository>
-            </distributionManagement>
-
-            <build>
-                <plugins>
-
-                    <!-- Signs all artifacts prior to deploying to maven central -->
-                    <plugin>
-                        <groupId>org.apache.maven.plugins</groupId>
-                        <artifactId>maven-gpg-plugin</artifactId>
-                        <executions>
-                            <execution>
-                                <id>sign-artifacts</id>
-                                <phase>deploy</phase>
-                                <goals>
-                                    <goal>sign</goal>
-                                </goals>
-                                <configuration>
-                                    <keyname>9F460575</keyname>
-                                </configuration>
-                            </execution>
-                        </executions>
-                    </plugin>
-					
-					<plugin>
-						<groupId>org.apache.maven.plugins</groupId>
-						<artifactId>maven-jar-plugin</artifactId>
-						<version>2.3.1</version>
-						<executions>
-							<execution>
-								<phase>package</phase>
-								<goals>
-									<goal>sign</goal>
-								</goals>
-							</execution>
-						</executions>
-						<configuration>
-							<keystore>codesign.keystore</keystore>
-							<alias>owasp foundation, inc.'s godaddy.com, inc. id</alias>
-							<verify>true</verify>
-							<archive>
-								<manifest>
-									<addDefaultImplementationEntries>true</addDefaultImplementationEntries>
-									<addDefaultSpecificationEntries>true</addDefaultSpecificationEntries>
-								</manifest>
-								<manifestEntries>
-									<Sealed>true</Sealed>
-								</manifestEntries>
-							</archive>
-						</configuration>
-					</plugin>
-					
-                    <!-- Baseline for ESAPI 2.0 is JDK1.5 - Enforces that a JDK1.5 compiler is being
-                         used to build this release -->
-                    <plugin>
-                        <groupId>org.apache.maven.plugins</groupId>
-                        <artifactId>maven-enforcer-plugin</artifactId>
-                        <executions>
-                            <execution>
-                                <id>enforce-jdk-version</id>
-                                <goals>
-                                    <goal>enforce</goal>
-                                </goals>
-                                <configuration>
-                                    <rules>
-                                        <requireJavaVersion>
-                                            <version>1.5</version>
-                                            <message>
-                                                ESAPI 2.0 uses the JDK1.5 for it's baseline. Please make sure that your
-                                                JAVA_HOME environment variable is pointed to a JDK1.5 distribution.
-                                            </message>
-                                        </requireJavaVersion>
-                                    </rules>
-                                </configuration>
-                            </execution>
-                        </executions>
-                    </plugin>
-
-                    <!-- Attached JavaDocs are required by Sonatype Nexus Repository -->
-                    <plugin>
-                        <groupId>org.apache.maven.plugins</groupId>
-                        <artifactId>maven-javadoc-plugin</artifactId>
-                        <executions>
-                            <execution>
-                                <id>attach-javadocs</id>
-                                <goals>
-                                    <goal>jar</goal>
-                                </goals>
-                            </execution>
-                        </executions>
-                    </plugin>
-
-                    <!-- For building the distribution zip file. -->
-                    <plugin>
-                        <groupId>org.apache.maven.plugins</groupId>
-                        <artifactId>maven-assembly-plugin</artifactId>
-                        <version>2.2</version>
-                        <configuration>
-                            <descriptors>
-                                <descriptor>src/main/assembly/dist.xml</descriptor>
-                            </descriptors>
-                        </configuration>
-                        <executions>
-                            <execution>
-                                <id>make-dist</id>
-                                <phase>package</phase>
-                                <goals>
-                                    <goal>single</goal>
-                                </goals>
-                            </execution>
-                        </executions>
-                    </plugin>
-
-                    <!-- Performs a full release. See release documentation for information on how to
-                         perform an ESAPI release using Maven -->
-                    <plugin>
-                        <groupId>org.apache.maven.plugins</groupId>
-                        <artifactId>maven-release-plugin</artifactId>
-                        <version>2.1</version>
-                        <configuration>
-                            <tagBase>https://owasp-esapi-java.googlecode.com/svn/tags/releases/</tagBase>
-                        </configuration>
-                    </plugin>
-
-                </plugins>
-            </build>
-        </profile>
-    </profiles>
-</project>
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <groupId>org.owasp.esapi</groupId>
+    <artifactId>esapi</artifactId>
+    <version>2.1.0</version>
+    <packaging>jar</packaging>
+
+    <parent>
+        <groupId>org.sonatype.oss</groupId>
+        <artifactId>oss-parent</artifactId>
+        <version>5</version>
+    </parent>
+
+    <licenses>
+        <license>
+            <name>BSD</name>
+            <url>http://www.opensource.org/licenses/bsd-license.php</url>
+            <comments>Code License - New BSD License</comments>
+        </license>
+        <license>
+            <name>Creative Commons 3.0 BY-SA</name>
+            <url>http://creativecommons.org/licenses/by-sa/3.0/</url>
+            <comments>Content License - Create Commons 3.0 BY-SA</comments>
+        </license>
+    </licenses>
+
+    <name>ESAPI</name>
+    <url>http://www.esapi.org/</url>
+    <description>The Enterprise Security API (ESAPI) project is an OWASP project
+        to create simple strong security controls for every web platform.
+        Security controls are not simple to build. You can read about the
+        hundreds of pitfalls for unwary developers on the OWASP web site. By
+        providing developers with a set of strong controls, we aim to
+        eliminate some of the complexity of creating secure web applications.
+        This can result in significant cost savings across the SDLC.
+    </description>
+
+    <organization>
+        <name>The Open Web Application Security Project (OWASP)</name>
+        <url>http://www.owasp.org/index.php</url>
+    </organization>
+
+    <mailingLists>
+        <mailingList>
+            <name>ESAPI-Users</name>
+            <subscribe>https://lists.owasp.org/mailman/listinfo/esapi-user/</subscribe>
+            <unsubscribe>https://lists.owasp.org/mailman/listinfo/esapi-user/</unsubscribe>
+            <post>mailto:esapi-users@lists.owasp.org</post>
+            <archive>https://lists.owasp.org/pipermail/esapi-users/</archive>
+            <!--This is the OWASP ESAPI mailing list for ESAPI users, regardless of programming language. For example, ESAPI users with questions about ESAPI for Java or ESAPI for PHP would both post here.-->
+        </mailingList>
+        <mailingList>
+            <name>ESAPI-Developers</name>
+            <subscribe>https://lists.owasp.org/mailman/listinfo/esapi-dev/</subscribe>
+            <unsubscribe>https://lists.owasp.org/mailman/listinfo/esapi-dev/</unsubscribe>
+            <post>mailto:esapi-dev@lists.owasp.org</post>
+            <archive>https://lists.owasp.org/pipermail/esapi-dev/</archive>
+            <!--This is the OWASP ESAPI mailing list for ESAPI for Java developers. While the list is not closed, the topics of discussion are likely to be less relevant to those only using ESAPI. Note that this is the list for ESAPI for Java. Most other language implementations, such ESAPI for PHP, have their own mailing lists.-->
+        </mailingList>
+        <mailingList>
+            <name>OWASP-ESAPI (Inactive! Archive only!)</name>
+            <archive>https://lists.owasp.org/pipermail/owasp-esapi/</archive>
+            <!--The name of the obsolete mailing list that previously was a combination of an ESAPI users lists and ESAP development list. While obsolete, it is still sometimes useful for searching through old historical posts. NOTE: NEW POSTS SHOULD NO LONGER BE MADE TO THIS LIST!-->
+        </mailingList>
+    </mailingLists>
+
+    <scm>
+        <connection>scm:svn:http://owasp-esapi-java.googlecode.com/svn/tags/esapi-2.1.0</connection>
+        <developerConnection>scm:svn:https://owasp-esapi-java.googlecode.com/svn/tags/esapi-2.1.0</developerConnection>
+        <url>http://code.google.com/p/owasp-esapi-java/source/checkout/tags/esapi-2.1.0</url>
+    </scm>
+
+    <issueManagement>
+        <system>Google Code Issue Tracking</system>
+        <url>http://code.google.com/p/owasp-esapi-java/issues/list</url>
+    </issueManagement>
+
+    <developers>
+        <developer>
+            <name>Jeff Williams</name>
+            <organization>Aspect Security</organization>
+            <roles>
+                <role>Project Owner</role>
+                <role>Architect</role>
+                <role>Developer</role>
+            </roles>
+        </developer>
+        <developer>
+            <name>Jim Manico</name>
+            <roles>
+                <role>Project Manager</role>
+                <role>BuildMaster</role>
+                <role>Developer</role>
+                <role>Architect</role>
+            </roles>
+        </developer>
+        <developer>
+            <name>Chris Schmidt</name>
+            <organization>Aspect Security</organization>
+            <roles>
+                <role>Project Manager</role>
+                <role>Continuous Integration Admin</role>
+                <role>Architect</role>
+                <role>Developer</role>
+            </roles>
+        </developer>
+        <developer>
+            <name>Kevin W. Wall</name>
+            <organization>Wells Fargo</organization>
+            <roles>
+                <role>Project Manager</role>
+                <role>Architect</role>
+                <role>Developer</role>
+                <role>Crypto Guy</role>
+            </roles>
+        </developer>
+    </developers>
+
+    <contributors>
+        <contributor>
+            <name>Dave Wichers</name>
+            <organization>Aspect Security</organization>
+            <roles>
+                <role>Documentation and Examples</role>
+                <role>Minor Code Contributions</role>
+                <role>Project Guidance</role>
+            </roles>
+        </contributor>
+    </contributors>
+
+    <properties>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+    </properties>
+
+    <dependencies>
+        <dependency>
+            <groupId>commons-configuration</groupId>
+            <artifactId>commons-configuration</artifactId>
+            <version>1.5</version>
+        </dependency>
+        <dependency>
+            <groupId>commons-beanutils</groupId>
+            <artifactId>commons-beanutils-core</artifactId>
+            <version>1.7.0</version>
+        </dependency>
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+            <version>4.4</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>servlet-api</artifactId>
+            <version>2.4</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>jsp-api</artifactId>
+            <version>2.0</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>commons-fileupload</groupId>
+            <artifactId>commons-fileupload</artifactId>
+            <version>1.2</version>
+            <scope>compile</scope>
+        </dependency>
+        <!-- unused according to dependancy:analyze
+           this is a optional dependency of commons-fileupload which
+           is at least needed for testing...
+        -->
+        <dependency>
+            <groupId>commons-io</groupId>
+            <artifactId>commons-io</artifactId>
+            <version>1.3</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>commons-collections</groupId>
+            <artifactId>commons-collections</artifactId>
+            <version>3.2</version>
+            <scope>compile</scope>
+        </dependency>
+        <dependency>
+            <groupId>log4j</groupId>
+            <artifactId>log4j</artifactId>
+            <version>1.2.16</version>
+            <scope>compile</scope>
+            <type>jar</type>
+        </dependency>
+        <dependency>
+            <groupId>xom</groupId>
+            <artifactId>xom</artifactId>
+            <version>1.2.5</version>
+        </dependency>
+        <dependency>
+            <groupId>org.beanshell</groupId>
+            <artifactId>bsh-core</artifactId>
+            <version>2.0b4</version>
+        </dependency>
+        <dependency>
+            <groupId>org.owasp.antisamy</groupId>
+            <artifactId>antisamy</artifactId>
+            <version>1.4.3</version>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <version>2.3.2</version>
+                <configuration>
+                    <source>1.5</source>
+                    <target>1.5</target>
+                    <debug>true</debug>
+                    <showWarnings>true</showWarnings>
+                    <showDeprecation>false</showDeprecation>
+                </configuration>
+            </plugin>
+
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-eclipse-plugin</artifactId>
+                <version>2.8</version>
+                <configuration>
+                    <downloadSources>true</downloadSources>
+                </configuration>
+            </plugin>
+
+            <plugin>
+                <artifactId>maven-jar-plugin</artifactId>
+                <version>2.3.1</version>
+                <configuration>
+                    <archive>
+                        <manifest>
+                            <addDefaultImplementationEntries>true</addDefaultImplementationEntries>
+                            <addDefaultSpecificationEntries>true</addDefaultSpecificationEntries>
+                        </manifest>
+                    </archive>
+                </configuration>
+            </plugin>
+
+            <!-- Check for updates to dependencies and report on them. -->
+<!--
+            <plugin>
+                <groupId>org.codehaus.mojo</groupId>
+                <artifactId>versions-maven-plugin</artifactId>
+                <version>1.2</version>
+                <executions>
+                    <execution>
+                        <id>check-for-dependency-updates</id>
+                        <phase>compile</phase> &lt;!&ndash; Eclipse q4e plugin needs this &ndash;&gt;
+                        <goals>
+                            <goal>display-dependency-updates</goal>
+                            <goal>display-plugin-updates</goal>
+                            <goal>display-property-updates</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+-->
+        </plugins>
+    </build>
+
+    <reporting>
+        <plugins>
+            <plugin>
+                <groupId>org.codehaus.mojo</groupId>
+                <artifactId>findbugs-maven-plugin</artifactId>
+                <version>2.3.1</version>
+                <configuration>
+                    <findbugsXmlOutput>true</findbugsXmlOutput>
+                    <findbugsXmlWithMessages>true</findbugsXmlWithMessages>
+                    <xmlOutput>true</xmlOutput>
+                    <threshold>Low</threshold>
+                    <effort>Max</effort>
+                    <relaxed>false</relaxed>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.codehaus.mojo</groupId>
+                <artifactId>cobertura-maven-plugin</artifactId>
+                <version>2.4</version>
+                <configuration>
+                    <formats>
+                        <format>html</format>
+                        <format>xml</format>
+                    </formats>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.codehaus.mojo</groupId>
+                <artifactId>jdepend-maven-plugin</artifactId>
+                <version>2.0-beta-2</version>
+            </plugin>
+            <plugin>
+                <artifactId>maven-pmd-plugin</artifactId>
+                <version>2.5</version>
+                <configuration>
+                    <targetJdk>1.5</targetJdk>
+                    <sourceEncoding>utf-8</sourceEncoding>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-javadoc-plugin</artifactId>
+                <version>2.7</version>
+                <configuration>
+                    <detectJavaApiLink>false</detectJavaApiLink>
+                    <detectLinks>false</detectLinks>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>net.sourceforge.maven-taglib</groupId>
+                <artifactId>maven-taglib-plugin</artifactId>
+                <version>2.4</version>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-changelog-plugin</artifactId>
+                <version>2.2</version>
+                <configuration>
+                    <issueIDRegexPattern>[Ii]ssue[# ]*(\d)+</issueIDRegexPattern>
+                    <issueLinkUrl>http://code.google.com/p/owasp-esapi-java/issues/detail?id=%ISSUE%</issueLinkUrl>
+                    <type>date</type>
+                    <dates>
+                        <date>2011-05-11 00:00:00</date>
+                    </dates>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.codehaus.mojo</groupId>
+                <artifactId>versions-maven-plugin</artifactId>
+                <version>1.2</version>
+                <reportSets>
+                    <reportSet>
+                        <reports>
+                            <report>dependency-updates-report</report>
+                            <report>plugin-updates-report</report>
+                            <report>property-updates-report</report>
+                        </reports>
+                    </reportSet>
+                </reportSets>
+            </plugin>
+        </plugins>
+    </reporting>
+
+    <profiles>
+        <profile>
+            <!-- Activate to sign jars and build distributable download. -->
+            <id>dist</id>
+
+            <!-- This profile is activated when mvn release:perform is called from the command line
+                 to actually do a release. If you need this profile active for some reason outside
+                 of performing a release, use mvn <command> -Pdist
+            -->
+            <activation>
+                <property>
+                    <name>performRelease</name>
+                    <value>true</value>
+                </property>
+            </activation>
+
+            <distributionManagement>
+                <snapshotRepository>
+                    <id>sonatype-nexus-snapshots</id>
+                    <url>https://oss.sonatype.org/content/repositories/snapshots</url>
+                </snapshotRepository>
+                <repository>
+                    <id>sonatype-nexus-staging</id>
+                    <url>https://oss.sonatype.org/service/local/staging/deploy/maven2</url>
+                </repository>
+            </distributionManagement>
+
+            <build>
+                <plugins>
+
+                    <!-- Signs all artifacts prior to deploying to maven central -->
+                    <plugin>
+                        <groupId>org.apache.maven.plugins</groupId>
+                        <artifactId>maven-gpg-plugin</artifactId>
+                        <executions>
+                            <execution>
+                                <id>sign-artifacts</id>
+                                <phase>deploy</phase>
+                                <goals>
+                                    <goal>sign</goal>
+                                </goals>
+                                <configuration>
+                                    <keyname>9F460575</keyname>
+                                </configuration>
+                            </execution>
+                        </executions>
+                    </plugin>
+					
+					<plugin>
+						<groupId>org.apache.maven.plugins</groupId>
+						<artifactId>maven-jar-plugin</artifactId>
+						<version>2.3.1</version>
+						<executions>
+							<execution>
+								<phase>package</phase>
+								<goals>
+									<goal>sign</goal>
+								</goals>
+							</execution>
+						</executions>
+						<configuration>
+							<keystore>codesign.keystore</keystore>
+							<alias>owasp foundation, inc.'s godaddy.com, inc. id</alias>
+							<verify>true</verify>
+							<archive>
+								<manifest>
+									<addDefaultImplementationEntries>true</addDefaultImplementationEntries>
+									<addDefaultSpecificationEntries>true</addDefaultSpecificationEntries>
+								</manifest>
+								<manifestEntries>
+									<Sealed>true</Sealed>
+								</manifestEntries>
+							</archive>
+						</configuration>
+					</plugin>
+					
+                    <!-- Baseline for ESAPI 2.0 is JDK1.5 - Enforces that a JDK1.5 compiler is being
+                         used to build this release -->
+                    <plugin>
+                        <groupId>org.apache.maven.plugins</groupId>
+                        <artifactId>maven-enforcer-plugin</artifactId>
+                        <executions>
+                            <execution>
+                                <id>enforce-jdk-version</id>
+                                <goals>
+                                    <goal>enforce</goal>
+                                </goals>
+                                <configuration>
+                                    <rules>
+                                        <requireJavaVersion>
+                                            <version>1.5</version>
+                                            <message>
+                                                ESAPI 2.0 uses the JDK1.5 for it's baseline. Please make sure that your
+                                                JAVA_HOME environment variable is pointed to a JDK1.5 distribution.
+                                            </message>
+                                        </requireJavaVersion>
+                                    </rules>
+                                </configuration>
+                            </execution>
+                        </executions>
+                    </plugin>
+
+                    <!-- Attached JavaDocs are required by Sonatype Nexus Repository -->
+                    <plugin>
+                        <groupId>org.apache.maven.plugins</groupId>
+                        <artifactId>maven-javadoc-plugin</artifactId>
+                        <executions>
+                            <execution>
+                                <id>attach-javadocs</id>
+                                <goals>
+                                    <goal>jar</goal>
+                                </goals>
+                            </execution>
+                        </executions>
+                    </plugin>
+
+                    <!-- For building the distribution zip file. -->
+                    <plugin>
+                        <groupId>org.apache.maven.plugins</groupId>
+                        <artifactId>maven-assembly-plugin</artifactId>
+                        <version>2.2</version>
+                        <configuration>
+                            <descriptors>
+                                <descriptor>src/main/assembly/dist.xml</descriptor>
+                            </descriptors>
+                        </configuration>
+                        <executions>
+                            <execution>
+                                <id>make-dist</id>
+                                <phase>package</phase>
+                                <goals>
+                                    <goal>single</goal>
+                                </goals>
+                            </execution>
+                        </executions>
+                    </plugin>
+
+                    <!-- Performs a full release. See release documentation for information on how to
+                         perform an ESAPI release using Maven -->
+                    <plugin>
+                        <groupId>org.apache.maven.plugins</groupId>
+                        <artifactId>maven-release-plugin</artifactId>
+                        <version>2.1</version>
+                        <configuration>
+                            <tagBase>https://owasp-esapi-java.googlecode.com/svn/tags/releases/</tagBase>
+                        </configuration>
+                    </plugin>
+
+                </plugins>
+            </build>
+        </profile>
+    </profiles>
+</project>

From 95c8c1dd46060d36b40576e521f1fb8afa150d01 Mon Sep 17 00:00:00 2001
From: "chris.schmidt@owasp.org"
 <chris.schmidt@owasp.org@69e6d614-4441-0410-9a8b-65af957f44db>
Date: Tue, 3 Sep 2013 01:16:50 +0000
Subject: [PATCH 027/812] [maven-release-plugin] prepare for next development
 iteration

---
 pom.xml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/pom.xml b/pom.xml
index e6ce7652e..5e0fdd4bb 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,7 +3,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.owasp.esapi</groupId>
     <artifactId>esapi</artifactId>
-    <version>2.1.0</version>
+    <version>2.1.1-SNAPSHOT</version>
     <packaging>jar</packaging>
 
     <parent>
@@ -66,9 +66,9 @@
     </mailingLists>
 
     <scm>
-        <connection>scm:svn:http://owasp-esapi-java.googlecode.com/svn/tags/esapi-2.1.0</connection>
-        <developerConnection>scm:svn:https://owasp-esapi-java.googlecode.com/svn/tags/esapi-2.1.0</developerConnection>
-        <url>http://code.google.com/p/owasp-esapi-java/source/checkout/tags/esapi-2.1.0</url>
+        <connection>scm:svn:http://owasp-esapi-java.googlecode.com/svn/trunk</connection>
+        <developerConnection>scm:svn:https://owasp-esapi-java.googlecode.com/svn/trunk</developerConnection>
+        <url>http://code.google.com/p/owasp-esapi-java/source/checkout</url>
     </scm>
 
     <issueManagement>

From 204636f7ff3a71dad567f5abe1cc86d038de39ed Mon Sep 17 00:00:00 2001
From: "kevin.w.wall" <kevin.w.wall@69e6d614-4441-0410-9a8b-65af957f44db>
Date: Sun, 15 Sep 2013 19:52:51 +0000
Subject: [PATCH 028/812] ESAPI Security Advisory as posted to Full Disclosure
 and Bugtraq mailing lists. Keywords: CVE-2013-5679, Google Issue # 306.

---
 documentation/ESAPI-security-bulletin1.docx | Bin 0 -> 25167 bytes
 documentation/ESAPI-security-bulletin1.pdf  | Bin 0 -> 648851 bytes
 2 files changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 documentation/ESAPI-security-bulletin1.docx
 create mode 100644 documentation/ESAPI-security-bulletin1.pdf

diff --git a/documentation/ESAPI-security-bulletin1.docx b/documentation/ESAPI-security-bulletin1.docx
new file mode 100644
index 0000000000000000000000000000000000000000..9ab49c9bb04429a0448236f727e503faba0709e9
GIT binary patch
literal 25167
zcmeFYW3VW}^Cfs~+qU1eZQHhO+qSKDZQHhO+rImL|Jm7?*_jXfeYPXIq9VFFGrOu!
zp019Q@>0McC;(sp5C8xGgaCJhS3a?T0078f|4sl1AT1#~TW1qnXFX*PdlM%eI(Hju
zf<h1=ihKZ|f8+oE<Nx3pXiAom8{kI>y(RkzGp#Mvxzmp>u$SkiiolqibcMq1#9!Cw
z`RQIn!(!%FxLYXR_St=1U!Qpbqt+3IzALYi&|o{SgNSa*U|dY@j>|jrLNh=hLk?ky
zZ(t$7eyXkYJZuJz7PnzAX++opKBX|r2PInxC`j4zqy_5!pmY=TjikKWls%1=vI0s+
z2wMnx_L7T_@<1%ykK|n?!GkiMH|nmRlFYELkyivEI)+aA7LQ<qgruzGVON5)g9y6s
zhCH6w_m8<rkvvoZn-_n(BVsnVD|yD8t;)9I6mr}$g)f_SA}yFtvz^g`3|Ds2A(@Uu
zo3MU|cT8{3^(Q|*7Qnhxg@CyPx_ba=zKyuYr<w}&fJ^*ody$&QNK28s2*<VY!V2bp
z<|RGy!XL6>i^D!u4JMV|`H3+c?Ls9f`@xBl03=ubN*gw>(jo+c#ob$O^kNk=aiU4w
za5}0M!ZQ4UAKj7ttB9+#%XKFpz*P3~?2#l6e0TLIz+uQV_G0{KS^V1j?+yI@1qP7+
zpJ0rafYti=?~3d{ltTZ5v7V!ewG%zvf7<^azW)bf_J4Tv=)_G)U;&uWThLvDF(0-~
zD58b+9q|G;qD$c5j4MDlxT)fep6()o4*5;plc&>3xs|M-tR=28Zm?Pdjph8cEPb(E
zD|egLC~$d=F|Eu%Ggz^iItyF76?*Q3<O1&KKb3_CjiCZ0yhNr<bw%1CV?D|p@i-EY
zN^uEO*w4|G9X+E@YQUKpr5hTs7G}5n&7<n9dMj``Y*@ZfrnhU85vXI}26pRohE&!P
zBaShal+QF+)(o?xISGbUP^^0vh0D*vzj{%zAvBN$kP)+w-Y(g|n!51L>xCYpwOsgw
z8Z>A=UY|lijr8Wc{|N1W#mJYY8M6j306-!f000gE1fZLpqcQz|1B$Vok&Deg*830L
z{ddp+{^PuVcK**kw$yCwHdzsVc=dn#5#oK2DJiF=nyGRL%lre1A+xK#rIpMwqJ%9;
zNQXb4xh7mMs_L_vH07V7oVoi)y*zR|A3OJbG+?miL@6@d2_d@x#cLP|ABR34U%LG+
zV53bKjY1OR-K7|I?ygq#c4P|l(fo|j3K@Z$h-40EtEvqpVfFaOVH8lszZlgzjM3sa
z%TN#9Xuz>R`~NI&vUW9!v4SVj+&_^Fe%hs>?tHmyTJoafj6|-IihmBFItQdW6CUAW
znQ(%C>Z1vPB~quL^S4o1h^S0T9|swv-2EED77e6h!A$otD!_=O;((1}bEUmK4srFi
z=95x$e>l_Z@55ukm@z{78JRqP?$TAr9#k-(-WfCUh6AYqd2g$mS_KU>qe(({3g0WD
z=+guOA1kMzN-h+7FH6q7_57VoJU20W%t~CL20D@4&|;<5S85;fl1Ci6s9CtK(57rt
z6`i&T%R~jjeUQZq%EIa#V)j9Db>PhdZasPY*7M#t9UZ?UC`TAUTv5;$(Fz!%M0|A?
z35UUoX5@YnbJ4|?3L=P<jT;*<1Y2G5BqJ?cg*@xE)^+MG>OSnWAZhMMbz|0gjjQRb
z9`HGQyLBq*j}t#L+5|G~OPdHJeA($?IQs1jt&vq7cAJBc&|GLJd?R*~44Y4T->`B~
z<=<tGcdvZpZ3?UD|6$(lomDs1nc+W7{>h#JU+#(S5fy~30kGM$ZH|jcn!SQF$jkVs
z$;kVwiWX@CZ=~0Nl&Atfq{<J(Hz+IdgSc#IdVmwN;`C(l2mcw<5xNn(4sE`k#k3{)
z69DPuV*KW47Ahrac)z<IOMP8Nj!oX&z60;iHBj-aWfVO%dt>~2TgHXSam$Qd26Nj+
zk0^bDjA${iNDbBmwh=^Ln$QfC?%_z4GkDze$n}R+YdCKbrrl>WppusDwZL|Q>#RM#
z;Lg)|&^u5W_B1cLr_7*jG_TG?4QN&6SbhGufHUU@hTfdQ1)j@SK<Pb8&JZPTfj6F>
zUWv0OqF#5|B1+2n8`g5`;oD$(>Ec_W?3NL83_V<7>uyM_E_EXpZ5N;-)R9dq)`RvN
z6CvWo9;475_myI@FZXLF?)}-@5UMr!%z2StqS^01g8pAqlMNX>_7w>Lz-$2k0OG%l
z^Ixgye@seCI_t5UBbhz;`a1z<`f%2L)hA>M7fw}7OK5I}qp+<>`ZYk3g(M@%<?+gs
z*OlBuTQCg3Q;kzaM-nHWm66Kz!irbJt_uuXw2D>7yR9GZaeltqVH?%><N{3|9;QuC
zOw+qlg&uVpJ=~x7-$z|urKEpbGrSC%?)7rF-^bVaK7T*xf7kS8iq>tf?G#~!tP>}{
zU0)uoQ%W}{qoRyk9#(Z1G{GC$B@0D1GDR+<%<Cace};J@Pti+l&#r21aHhXV`n`qh
zoGwYt4BMXX&F5Ek^=m{>YP*>&MD8C9uZQtnH=Uw;o)`47f(1Oo>Yrs<rJo+G(e3Dl
z17{vV=ZVw21rF3+guR=h5<T9Nhyejv4@IuR)P<TPRQq4*V!~oWX=@rtw^wWqTyafz
zH|=0Q&3n8jW$YOuyLsdtFz(FTko2eCg)ZX<1Ma-~DmV)ZR&7M}gG0ww=ZqnTIT}-{
zy7iOb9~tJx`as3FLwkB-indwxW?0>~%+<2s-_?iGU)3{q46@1XXxmo-#Hzd+A6kAg
zT5@%CY1tI6WQ3~B?bfgqjx_KG46&wf&t6prk0-0qz0@Al%;0=Qb837>YD#}bnL8!j
z?4OYWEq-o}Gio}GoY?V>(nNm-HbW@4F*9t$P8+RjjWS72dP~v2{j|g7-e_%Qi_U-}
zVzQQ^l%^2$apOHdCu3SiD*WDAvD_Qs&D>K}r+c|}rXKAYupL^OtiqvnT4g4iWLoAE
z+h5Zxey?Y5rkh!N9BONsAsDW?ZdVq6ZvC>pig=2>$*rAGxrWljops5y>_UC4jri^l
zwSKE={{nA0U85H5yfx~;I8?SjZW2Tsbc)Fynw%MaPOga0E#q!qz*^>O)eqQ3&o&f?
zQqW(SxwJkXGOT&e8H(E9FXK>I`n5wPqT~mi9B)pxOrOS6XvM2|C+&pr_PAVz(9i0c
z6hT?0oaKn0d{3;hZ_5<oGP6^b0SWV~zYkyp*g(FBpf!W%D74xjoCY{Bp*2spu-Iaw
zT@#uq)NfrO?FRAdx+)xO-iYJJiLOJe23u5Kt`*S%hwQD`7!2M9F+aVVg7PQIVKP`}
z+2TBU(cDWdw?b;#Z56PVlNd(8HCCg%tlB45r;%vZAqMW9*ml1xvZq@d0_g%QS|eq)
z!qvc@ZciO_+F<@nGT1(MwAjYKr7*|>W%x3B|0$rkOQBU2tXXCibCt!zY5zhZ{zI1^
zHRf~dW$cOt6q7+yc3bwHwT&g%8IG5Des#l)()(6-&P<~SdtPLBs6Rsq-s(3J`3gX5
zLk5c6&Hd<Vk-Y1By)DAE0Q<E=^mc}y>jRtPuN4jGvT0&O6UZ*HD}u3*Pbehk&AEjm
zx^F9k=IYAV*{34+WC?(+Rb`I+J;Y~{-xv9qGtX<@D)lvjksf1ev#HbbF>qXC+b~(o
zUuy7TjCELGRGPBXu+!oxTedi&X+^QeqvX>aalC;%((re0oZ0snd=eEfUSPaMI$-e&
zn<=y|V{KV_FUSU1&Y^CW&(mA3)fR(>ZQY!y4aYYdmLgQ%IF%!l9obF0*H^S3%1#31
zN*bqoa!#bq5QXMCMIxn%?@7^5qv(_5#f0ld4-F$niJ?FYpcsV)CPoebZLmRl(LVgZ
za_$2~p96xG%&pMm%0|s(in>L%mt9zHq140`oH$4$kR|KwaiMg_g)C?W!1kFqUcPt(
zYQr0O+O6Q11#;%<DLR&eOsWh_O-{gms*bKswH?mnOT~bWS1C6P9-DULj{*t0`1lHZ
zfyN%IeLIP9Upn<Fh3yl!Hst$xWHSiKAsWL`9y%E9Sd<q-j4h1yq=N+hD#5|*B(tjA
zDtXciIsu7WV?Z_c<EdVfUAC-NtJt+JPY2#CTZwGQ>t?NByXi$&oPLf=joYk@R3|LA
zZC5Tj1ahi6v8@H?;aIN?vu{EcR;+HnQ#e|`kd`H(H=_(HSbLtc{a!ky_HAD?dF(#g
z0T2ru&KpNqTlmSGBEs30*LZ3OS1aI_xaMg{p8MvW_sy;%$ug&#+oVpS?pcS0>t?k|
z2ORX?;M_ZyI0)nTGJ@uJ8KOYwr7L-?)X$EdA_zx!fl(8<F~UmK?>#qU7URpQK&H10
z;F85_N9sH)->2!M#=R$~?3S$$i{rBNNU;x_tdE`Ao<9{JDae=*s+F1bxvAY-TFJ%B
z5aTB9H*_1wjp6=m51mRD&tS9m_oI?a-l)fP>QD8j;E?BCfl9O(Z}Q1gz#k0P4L^;{
z#!jJbHmn>5(LCWqQ3sg9&yJDozg!SW%~`>Vk+$2NpJ2po87o|?(?a3%)`Vr1JV{&j
z!q_4`YDM5rH6^=xgQxw7X9F}Di+JpVEsMPS>pvbjFq;?6ou%7D<72I}hvu&$ORWk`
z!YIE~60SWj)2qr)*E@ZV(+<e*zhgXFo@EgVGD}WG)C;cFtOGSuvB!WzpP0+#ws%@m
zp+KofySfa(pV?VUy+nW95D`ohquTQZR({ACgVlZdvng207s1mfIFw069jzM|@!(~H
z>3@f!nVHFj)+S)9M!i4bjf(eY4{IlQkc-6l^o)y6Qvn5di@D+A$^_$?AQQP`-dYgu
z@}$YgakBa7mpPDqmab#vNNCeF?$s+kEvj^;6G9=-0`UE0fSNX4XK{HG7b7LQiu4(e
z{z#$SJDY8utqDaz>bY0&#mr{R&)=}~sPGc8fKy6Dz<vxHl{m0s9E&*8j1|r<ki#v|
zJmU;U)Eze652hu8%J#UPNU+7&#+?q!i9kMF<45pX8Daz(-Y9QShmq*}ITdZcF&vkJ
z9ctJvG+$J4#KM2*jd!J#rel0O3=u=;NJWg9Qm)hlba~?m%qn?`i^0hshI9zAS_gmO
z&Z64Nn~3kq@kSVzQ<xc8ENGyJ)@N73ev9OqbnPZBQpglN51PgtADw)c!m^H$e$?Wz
z()+!Yg>g%l(*$~B{Tw%JLD+C|yD5%2wocP^PQ9w<9<yqjl|wJ5zEh7BZ#H+FK#oRF
zVliCy;W=n1<#w7z0b4?~TSWv#Vp?vqg4xbm8oHfIr483PDmd~F;hN$aaU`Cl-o&4U
zzO}J52c*4iOw&Z-CsP>b+jUt?ws5WhkV2LTl~4S%-6+uQ_$^+qB%t~!N*yOjYF605
z#n3&>J!8LfCmV4U-48iry8nG&kSZr2hJ_3l<1FQ7uiP)ozZ5WDH!ohfG&LFM@e47$
z)~MLNDjiQF<o05`YI&YnCFU+$ruBz$+!qKo+q{llzhr^>=4l?gSPR<0fYFwFn(C<`
z4v1Fn0o#w^vmK-m=kb-@lS0bhwB58hW$Kgl|443Y)qHK8b)u0>gzqn$AHsvXjM#e=
z=dFyokS|kUk?46cO{^tE$e8iIt!*v0hwn{axQZPK-Qhum@r2l9*=pWy$P;!wzX1U?
zFRCqMhTS&5Gz#NRP_kV&BgwfxVGS>W&B^$1d@@QWE_Up^QQQ1bnvdIu8$q@%^(D>|
zdvcz78A@Nv0}R)jIum3e2&p{TKyU5Ij;-Fj?q4<PDQoDda#+P%yP6Y<L3!s!G4Ftb
z<2cU?0K%>aXborZFetxoTTH9pq;;}}<Ls8;nfwKH&b!X!36Dp<`8h4X+0Kl9N^lXp
zO$Ah7oHrrbm(@n&e}jZ{EqQ9*+g1+6xkcxigY|;>;WBW~T^k;2&S{w}WcT3MD#(pn
zU{Cog_Fx@SHN%a8myChw>ee^QmyEX5oj7X_$f!}=QLBnEvfh>=`xI2>=-1)xvk!OP
zyL}9gJ~(+9RXMpI64g7JwrUrKeygk3lcU{*eQ;p!95Z<<mc|!N7kW##tF1lnchfn!
z3Q8^S@R5hcECyMPqoq=|6pa`?nOh(Z<uf-QlOQ5Ihzkf*?QiHRLFDKVmPb@6p&hNW
zhyg7*6&N92c!uj^FUZSwd>2{H5yE5FqU(!7#;2;}2{poh9Kqp;nvNmV%{A}_ntsG}
zpr5F3c<w5Ob2|>1jNIcLMh;oJ@Xl4|^BdNB8#mMZXI}wNy<-XNXKIrWZ+x;WP<T+)
zLH|X>rc0u#+jI}*l)wy;>VmISv&o!MT@*)!3pP2YrqBo1EnBw`t@xrNHWJq%+>|zt
zcMMHJn09s!d=Fr_y`ga79`1Qjr6}c4Qfs6qEz~V@bn=5aupUWwUkn>LCeT}1O-2SQ
zetW%`_L{FS=VX}IilsiPn{;Y{dBIedeX}4eu-4;>5WmRtFWP5Ryd*da&O}iRA{<9Z
zzETML%G$zNUFE-g<6~Mt(BLzPvbcZF6LVZpu@r@zX(KuKxxp#e%$C{`%R1bj<zI`)
z30J8cI)xd@KoNFHrQf3m+L*#P!c(`Q4<-*sK#VpuTW$ojlwB5(SGV!2w1}URkZ>-k
zE8sVka5`K2h=~QOE87rKpcN7TbppXFPnYR?uT(VL6@A_Y2FI7nu#}z=fLZbwKsxLx
z=2>jH@RH9|FLs7+&&jEvL-@7?Zu=K<0120xRfJ<8AmWZi%c}HyV`d0Tvu0i&eAs0|
zpL$0j4koIpbxUj?^S-N%|FopVfq%TJi@yJP*(oMDyd~V{H$*f?s)=M{n8|zXQwa&o
zfWc_=pqa!g5=A81so8)b#$hi#D!=&^@ChFC+6z*WR~;Oj0ZihE#c^$j+3RTEhc^1f
z*E`n5J6=q#&HX@-`t~P&+Mjgh8-!fD9i_PaqAb$Elv`7u<-O2B8^-z*u}nmKPV#eL
zYNARvUDzEVhY$c0NERuiABPL5l!L-N0NXE4Wc$OQsl;9dQ|K?Vet!pEA;{AYGeMK}
z{?Ho_WKd4q3mXN6KX(8xCO?l40B|DagX^F&806<r7*@c?7$A9Fj(Oh+E#sq;jc1u4
z%-j0m7gaGq-!Qu%b?Rc^&58gPf^Y!XpTtn)W9kY-pa6rlAf!0}RdxHe(I@!6*ck*j
zX#q6L&SHgm27lGxZTsvPJf{wl7;#T$vG1fNk6=`5qPbzXWSQb9G=dH8e5|v(8c4XD
zSOJF`vhiV}R#q`J3%#(7qTe}q_TJtVQD4TWpi&(eX(vX9PD_hqi~hK)x~|WDV)rxE
zHgPJo6*Xwn8l3pSb%t>+UVEg47lDq2&>+IAc#ffk=hwk3I~<$K>A$Ez7cGd6fX{Qs
zFU@Tbmiae-X7&2GbCV*zA~n?zR!>O667$i6e_$aKo881lWCh5nZnDgW6^w-Jh@Z}Y
zu->?_r?ZrX5h2IG4oz7B%${D<@nJ%zpwVaQEM?0Sf&{G4J~>vHyDK%726a*vA*~<;
zr)Uplg+80s!-{m4t}qm#8)78<u%aP|p4g=3&`1(zAV@o7p|f-_T4F<I>x5Uz&sv5+
z&%B}`1ll1|>z3m(!~K&j(N?@uHJYHKT1Fxg=Jz0Q^UunG-TP)0I|=4Db=m~#6pcMj
zd7pR>$<*IKf~Qcc22SUHBAQ9wVQZA|tAPO?xlVX-$Otg4WR%oZ>j+KX;yta(QRzU;
zE#@Wz(82Qh9vbyK1Gi!Gnkm{)XHpPVWDVM#_ZKOULWLoc@Qpu=K%I8fq_X~MCI2-#
zavp)R8%usM8PHz{km|U-0E<`K4x^#At=}4Hx~`8Z#2#k8eX_@zFaf`#0{x);6s!`x
zs@uAw3A^5eU9v{1Zj2XkOe_A$<oqHLzmIVB-&#yLOFH+hX@ER(@u%YF9F2i-Oiw+U
ztO#0CC?29N7J?&bCr1k&{n~_M1tt!Qjv!#p&kr2V5l+j5-v+%fq2tUpw}-@}st>~w
zdwaWxGzL;+rW2bpH!i$}S%gN-nIans$M0t%R5sauBMToW4QDHhIK2Nv08)<l`(h11
zpG#1*SXrf$;m)0P;%;&rEb2@oi0|_0OQ6j$DoIph8=J&+Hu>P#ScQEVaH&F!?4p!S
z65{C3$Ghg>ct9TOpB-${OJRa4LWEbFgstI@h9`@LqzOX!o)C{FmFH{=;USI(v6PB$
zw<cyc^3gfq>YcFJOp%`<px~qvewt>!1PQqS5NGY<BTylqWJv3V#VNBtrn(I=7_h@C
z3~L9vaEZqUOF+k~hG!TbpB7Fzpc$)R42L)=)q3dpmx8|Tb^w?_D@y;Z&15-hVxSm-
zDK3k8vwXy$0B)q793|S5DJjC(F9(cuDH;4W3=usbi-bghnCX^Z_K0`Bndoo16O^Oj
z{d8(+_c5AbFu0Ko=;j%ygwAt;7acRa8ug*Sv)mJUMJ7cOj^xg>a9q$Q6L%j~Us<>3
z?~mrE&FSF&W}yeQ;U@}Q0Iw;V=~;vrqG7BHdzQwW071A%ECwx;FY+}eUdTQIQGRH-
zH=%N(-#G_Do0MhAK%G@qInBN~41z)_Ku#Zb)BxZcgu^vP290Zhx<EAvN?=xu1|d14
zMEJY_6-2|9C&N~R4zf*T<VSny8`c|<qp+9-w9RyEB7i;t69P6OjX0L=%2n)v@>2%V
zwYXWG;(0K~BZ>Zdt0Mk`>X8`54uY8|(BhfjtPnyUkuBb-#v1WFo`C|@S^Ub3EkP=u
z(Da-%9L3N5r=Nl=q|m-!U{l!v`Rp<t<0Tm8b@Sh6rHKdMzb=3cG<n5!kXupSF~LWH
z)8xc@3hBqT5k}9VEe;jfz>^phSei2pXoh(e;EuoXn6>v*V_A{QSw@5B(#b+e*ZpG-
zI;o%>2C!;&f2%q#3jitLF`t-tAJm5mIfn$P08OG_>}k|<UKK>vRD(<QMvWPRV+SEu
zINs)tY>+qo7gM>$=!>EIifP_Nxl=t<w-9)7FXbtO3J5()P=Sj5vAAbI*AO0nXV42r
z2%~mEn_r}XaUtdCC0*-gD8L}3fQZToU>n(u`tc^G>ygIlAXr`<qX-ExIGkVsM>F6(
zmMG{39Xn~xi1`9wpg50!{9quj;%R}1&J!S&$#YPB)#?@jtf^d$d9>%)@fJXZBVFK`
z)8RL(u?2D)vU4GnT!_c4&Q7xj7I})p`?<#E{itAXRBU>@NwLUdN1`Y#4;%?i;=G8>
zmdbM~*UVc^W+@E)Vh`ZCv6a`X-r*4BaMuQvPF*LGhyJdqI1E;tAUGa_1=@}X_M=>n
zgOp^Z9V{f05{(&ZDtOwndkcx~v<|X`=upv+BAes4FDG(>_9Q}O68_fTztOaZ2%0_z
za7Oswv8xOF5EUUU&^@40sd_YSqA=P+xON}=Ubz+BvXqs`EJ3y@gMXbt<B}06_#hDl
zRrxkrQhuXfuwAxDobx|_st~8yIpXIJso@6N83|z_vvP+NghvaW>=U2r07#0m178$+
zl))P8g!v+qxse^tjNwr1>+CpbUvui#rSh6x+=J<K#v$Py)9j2Cdd~bkq>Uc-;@Q4Q
z7$1(ImJmn1Ww1p{g8+BoemX=OhH%Q`0^Eu&V8HR34vw6)HcYws)DQux^FAZz|1M%!
zfXa=;XX`iKWXRENT`a~ZZqvg|8s?%Rk)%CXrSNMDwE^e1R{P3+Gi^O7i4bs?s$TF|
zeEHfzmFD-Qy=<bxBS3is4*|jLmw+M$!4Y3P5aIiwl@@m&AW_wb4yy@EpdiaAv^AWq
zNn-(5fF_q;<8$<~%rT`rMlT>5gdRp$-k_1!0<87#9tqAQ%Qxw=xdaIxRCOv7cie)A
zNZT<5d)zz5R4JW8K-D<Fm2cBt{zx8^)Sy^3Od?Eui&wOmhiw)(EN$;o+UbnwUJ7w@
zHLRYSIn7U8DbxRCD@Oc*tKBOZ|M|E+W?OiH!U2Xj&fmWyGNnP|caffS%yM~F<zGzy
z>}B}3pI=I@jLnPh6!s0r*gr|Jy2Ej8&{Bd_1<Xyn?>jF%b=`7B8_J+HH5F?m6hK?d
zFrYbc!sR(ei(0QT!{pU%Ts+sn>xirrawJ_A3?rGyS?pTkMyG;SAk$1Te<S1`qy=Rd
z+U>G@8g;AH5_37ddPWkF<}!6-#4v0xi+cVcN|*gq<JKA98#2~J{!=Sgbu)IIZJu{e
z5%NlrXhwu<=dw|q74?qK77qgh<M;KmYod4<xBD9=k^#M>W{ZH4`sW-5yLm+kLd1R;
zxH^~~t_g8L0LE0Ac}ylwulp^8tiN`cu8v9sP2<aho4xnLz!5M=C^+&S4z_`@h0t?H
zX&#AmIe|RPXfKR`-N335Jgjy*E6eKjyOIngGWNBDNw8qRLY1~dp}~-LM*+7=QGZpn
z5!ORaF*s6TPV^cysz1n4Q}9pLB`Z^`m#mf<4|`n9<N&TM(VZ0dVPZE^WGj!c0!Css
z1gsJ$VRbqV%f$U5l^C-fy(AdobAmuHtbp;ezETZ0X=k8i4mB)<>@R1>o>tf5+IL~^
zfTnyFXJl&JR5-uw4N?2HcJaOK<35pB0x7iL-OL4RbHET6k<l-X7B@OJw;8r|3BFRw
z?;{T$zeWvd9uvKNOaP*@@!71urZtr0H6wJAxMmUz4Ri9DG^d&NB}+h?3b=!Xuz^62
z7ZwRK!+K;l>o^fpum~82JvA*9CF=cy<&$0M58mnd9W*)pf=(b`%^^TR<rAD=Pl2&>
zBr(~WS2`|h|E}GuxXfXzdl(9KqlDZn3<{DnMpq?6<v|oNxW-@m(TiE`>&}16XQPiK
zTzJf^uydE~MrS60c4di4@GV7oW9|^^2N5yzMVq4<P$YJ*y4KK$d%@VBQD;KY4>AkO
zQ6LZPenU~~G-8vxU;rvfgERH8q=e5>xCb^>FM7{iMQVK5=uXoZr{8U&a74zqDhj=K
z(}#&_Qp1w*lzks=IS3CKBC(3eS+!faR9vCyjoLdiggymdImq<k(sK`wAQi8{0HOjj
zK6x%%wIhtuoMMz7#q9zUdn^s&7=WRmgE8TP2qi~==u}lPJMkzdZN+%w5KEWG7jPc%
z8cnEiY8P)89gF<wO-qvd7wE~^S~C|pfGgaU-DPet@FBbhAx;cPK*t>xzbSvUI8sW~
zH6$8JW{`g!X&8G9$LNOm3g>wAye-80Ao4bKi`B%VL@pM)+dT|7F8#y9kh0coW`ecf
zz{(EU`dxsf6knr+jNV&l3Y7kaG*meiWwM-C#&UM9pv@&(&jSHjG=O$P?<GTv4rw<o
zO9SQYo`C_{M&5<f_1l$EA1$+7(9BNxB@h3)F_e)(e6ji2!-u1a&$UP1C)%ioA`S)A
z18ZbMfG+<Cz{ba(6-4R?5zh2*4ADV%0|1yG$HQ2!d>lKGg!DqckYA@adi1_+`#c=|
zOy!Oz)=8KGG?xub@15OT#X~pxXA&Dkjn_7#X|n@S)`$eyY@4F2UxlvJBz}^*KyvP4
z!u9>{B9l@%@Kzwf5Nu>OB%U{|;LNtg9ToN!ZB}xY{zFsPKpvX>sy@XG#a)qa!6T_e
zRC?M_68g`;LjO-T_XbkH)X|P1x)HL2>ED*zMx~Z09Z5=)9+m|+u&D4v;JyWL!Q1&C
z2TCPXi3F|5Z=BA<d@ayRA8HqM3pd(P3u=~~?ScpfBU^cKgQkO=Ncpptxt^94BPXYH
zi&gvJJ^=uI<l5<*{p}Ub*bbC0IiKh>7-tvGRKL2AP@P4Vv$f@f)zG=Mw$bR<FP7wk
z$zZL0KPd1BxV^)Y<-y=lmvt4OCI}O=BBu@{U?wQaG;}-4EcovjN%mxB(*hMnBm=KV
zBsXs&PP1C^=_D|sx)I9Y_8*sGOX(>Ixn|%J9@8vp>nOOFdL>2`;zt=)j8gAgV}ade
zJRwE-m$7&G4$=v#WZ0Aq#s<`6gOsl1u$sTU56Kor9_phP(coK4<-#KhysCJ61(y|l
zF&E7gR`j6j{a;>@A(Wu}#|u+9@T2aRn15<XrlpbTm+;tW8V7LlkcK1{svtT(+jwrr
zQwyAoqm%Jv^##M06vg4`3D8gyUrs3+sX9{N#p1c`L0K4xQ_yiE(o>EashHFfTs(V)
zxh9`b6RQoHf=^-EF%~WhD4!>W424<LjMGkY*>iqEpu<{y4=<QhsR)<Iwp`iqP)ruf
z8<0w-+;IyoHc(g@_-nr$QrRiV=<~%bNw_S$AznE5P)1@yT1M&O26xw$OKw?JkxgQ6
zoJVEl&RypEv)n?BO7`l+-*2ISSP%C-MH5~KoC#c#$oqt(KKPMzzhdY(_GYE*0vy49
zA}HsJlqsjhhdWF%7I7$LST5t$h>37<_vUzBSN7?-`@m-a=ABKuB$2{C6SmD1@^Gc%
z11u{k0^q6p|6HTf;`5iZft+`ybO6B)#$LE#L0uPts>ljDgjexMqs<?P6)aC96&VjE
ztIIR6P?5xO$|E8*1T5=$-X}Z8h7JBc4qmAHbnw|36KQc`m1Tr3ERWYm&#Wa!N{au5
zXx7nAG1$0P(4`<S<BZf(W05fx#?$0kR?lQ9Jl%6HL$M-?7!V;M>eV=c#OaTsdO<YI
z4hI+_VbZXpXhM$cBVVcm+yTWb#|Z9n6k7d-WtQn*0jb8IAb{e?ba_rc(C@Qe9sq==
zY#Pjx+4o@0D4Ukg2=Ra;XL4{(hxtL8{S4P!?qL(tqkz|qX>=271>v9|abbqZI@O=F
z->w?@jms?@Uk<ZPhw`l1rx>Nmw3=1-PaYCFfwjE)4w3#_pN8JhYpRQ*gs#A>DTs~2
zxjj_vU1ZV=fcLW3#B!71N8l08Dd!b0iLy8^?0m8>AJi>or9CIOvmo)gw|n11`Ncki
zM>=I46K(4_1$AIRuJ%_VY*en`q=!vus;@pgT#EeA0+O9s?hih0y`rQ}0#KRALMy+q
zZ`)k4-F&?V)a6vYi1CyITJCL9u0DZU(341-8dAzo4lerb_EGJh%0&7ULk-WKvF(N_
zN_0&%_CIkkGj<wnd4S2<+@>wk4ve^;VsS~wk*Cn?j_nRfIV=0Sk<33c2Gh*32gxN*
zYR8Qb?8>)6-M$@7<xS4Hz&U0@yg-^D)UMiGvvbUbb78kBWl&f$4^7y|e?f83_s9U%
z19~BHHh%9UG5rhIGytOq#r@bsuuF)l)3}7q3$F^p$lG}ng_JeVOXWk1Pg6jINmM&p
zSsZUU%PKz%eU==bHUg_ZhcvXwr>SAzN6=(A_?$ArBPjgy=Vahu#<AjKa9Ii!d4Zdm
z<w+GNPgN9rg6;&~r>G$|D`;83w0<qJ=SLn>>_T$L%`&5oJN4??G#e@|JRUNp=O0)~
zmpr1`vC3MF;%I0PuSkAQPdhcjFok0^g6f2riV9ashrko7g}=f`m>Mf6hSN<3EeeC)
zAHhNne80N=$hDRB9V96QPuwHbLpkZP5DZ>hoo&t0$=NMug7B2(gFR8x6U;qBga5Wo
zq?X958YP}26IgBVK7$!8hsum_r*4iCrxHU5zSA|v>wEUOJds$j2;Rc2NspBv9cfVH
zLO=5?Qz65&jrP|M;+eKE2f)M;z4%+A2S}_lMER(u45I+X)P8pqF?CKA8!{=RtZ);x
zZWMtUV=`MJ^*I*ATu{jj;=E`-U-!G(F<x-m)@#`)0C!RI(=Wb1Lls@0xexM8HlH#!
zFi6J$KjJw{jYcDukB@5$c=3{r>nIe*(?-h?tI^?jDSt{e6QgmFYqLl#rVOSY2Lq%G
zW#;Ao&VdVJCrQz;2xkyx+!s8;v$`pKI#melqf47+U(wxO$LEovKt-M>1_gmWHdrcw
za6-zUl07`5dQi@JpAACznWj2`Gcy1ChRs{tR!|U#%^cx3g48Bto7?)s^_u-`ZNv-A
z)k_7(TklDSWcyf^l9;V;ZDCs&<9c)v-*`{=_5_&-S;Do~hD#p=Fx6;O4Wi+?Qwr44
zHvN@{>k{E#2?Iko!k;wACzvG;i8GZ$1<<)Ay68a1k6+ky)f7{jTrEkX*7f*?vc;7*
z3@|5N+z&TZ!;<N|)TGs(!qJx%dA`gkX3;8oN*SDLd-riJghp43l3YQU;VzYS9*jlZ
z#r<glRq`C5s^T_OIJio;?gYCcV9|KRJY2mixH++A_aA9V3(QPe|A}Gf9W&bez^PwD
zBXaYt`!w4kc~`RX<mO=n&m5N|WKHZU0NlG)F&w2lPS8Af7<0a`j2;U5m9{GGR*DOh
zM{MIcux{*nHU){X^uA%M>WY{!s<+*=u9PhOO7~o67v6Jr_MG9pXlVuEg=VEQZbh~O
z5}VDoBUn*_V#R6Gd}!q+hw+L8!YfQS8|5*wLzn`gQs%cI?q$i!-S92<rw*t)+;Q((
z*6#9_82GJ-9X!nNcStJso;^cl_{?L#aD@|xBy}SX_!|Ol)VWV&VeXsa=T5K4)AecU
z3zNo$AM|1`y15YN49PeF=codu9s3);cEWc6+R{eri~4LY{VIhgITSq&)PWF@`j}Bq
zYcFleu$dv)2W@vOQ@;$eCdfMM&7uk=ZoSTq_W-ch#6vp!m+0s4?lm1B1h_TrE`cXR
zO>_&<q|jkhaoh|iyzYaMaM<PnLrz;~Ad9dCNf>zw8X}b(JboHia>hO}ms@M^&}KBE
zb_WVQd#RZE1K{%66P(so!P72F&X%u-sY}D4r}v@sj%?98?k6#|{_XF7gw6jOX%xe@
z5M}wl;)G&s007kgE{$?FH?c9H|F8DXe>9s{8gl<+iYUGCYi<P2c1Gl`Sl}*^YxP;Q
zGT1}5VR#l1scZ6u{0kC3*c*rbfP)<dVW?|1VFp?OXlo^(%<G)ixO262Vv32w>bi-n
zYmwEwBuMXvpTBtce=ApSMqzM~2r1<@biW;^g-Gr__>=0cxA9)+t3AZ2vO&`CgPXc3
z6Ly+oUUxeqS5<@!1ND7~Rvk8@k|kHuQj6gS)pbuOCG>5lM50l<BJC*=-XP9KtS#DA
zwR9r?$Z#j`VT|oy#r>6=lTUhLbv)n!tBpwX>@zdWmq0cP=?4RMiHTQQHvz&mTzT=A
z>x&CL>UlsIRO}bttjx%3ZE|pdtTl^D*Q{%4s<HE3@30oIud{ZKv{z=Re#Ne))&lhb
z*0;o4y?pNI_7s=}sJjg+RZV4_7WJ#%8MjE~e{sllZC$Bi(e{q`naG~1{-+JGHfc~V
z1T)6Rc6w{xurzX7@5hcGW;?x$nK5ncyx4;sJ5W2l`=+j54vk{V51&8MhpWcjxHVgX
z9!qb$mVCqNTeZaW4h=M?D3of%coe3MY{u9<EQAMuHCCSo`D-CLvKB^hbKp)wu>y0)
z*<XUmbu`&dI1MeKH>cd(4X*@)`KRdh;{CNYmrrCAJ{Ono?fh+j@DQ9&Q*frjCOi08
zg}(RuYIYRAh%eXo@nIf)*<EAg_hXQ}_v_1p1!2LAY$l36@9X7iJgS!W`@2&N^-d;0
z%;YV8M7S{P2;%w?1BFS|fs~xsp$BykV(}qznk1RMKT`_yJ2w*NX`0eB!wrXnbEtU_
z7x1_U%H79t7SSCcBBBsA+pTa7@Wye5Q(IZnK<tq!!-HL7!1BaUapc;_TYb1Q3VF1*
zTLQ|330_L<-c}gr&nt#33Y>%>%7W9Ee>~LnjpD_cOWH@E6tC(Tod~WpwG3l1F?ptG
zREq_SZ-(kQ%#W*eqZhafd*y;>6i$cu7}OM1Fh0^r`aNeZ1&&$*&Ov$#tS@k7x#U>C
z@|%ga9Mzq(IEGlazqm&8Nh*Mkl<aQ5d_C26&tz$R6iOtX@_bhS2R(7?n*iH@gJuZs
z90`>XUpzQMA;z_X3h3^!ZRnZX9k47~$0r<VY^Pi;SgXZZI5RW?4-+D4PnT>Pa&HhN
zw$VQcE{aQ;>L~Mj=fE_DvhC#l0Tf&E1iBtyP5h?~?Rr+7m&)<fON3xIgj)l*TRX(r
zre03#9mzUzJi?>aQs==}4ZGLx`#~2)9(@nVYy|^~`F7Nr=w{RQ{XmVEG$wXAB{5sE
zMHlH6j{rW{GpEx5$uK2N%$|Z7BZIwtL7yoslD3bq3UjzUl#JK*qOf2_0vxGid+=Z(
zW=(PR{oEV1*OK*xP<S;CQl$>w+CC~zb{-29qiDq(j=7U4b!MMNMz!{Mc%W_VU{y^B
zCsS(&;xvj#m{vgpYduGD&^Yw6eq9|IGYf<!Vci2&_B)Fe`<1>Zkd51A(H89pH2OIa
z=Dxo%?}F#-XSr>5^5{f1ktRGg%*UR4<g(<JX66;PJy%rH#1$6w+VPGTGW{_k_al-#
zS4J!iB{{j&oWiCROIjA*gTuzlh`ns+C_8Aa)V7!*+JH$?Z7}SoQqsEd`&3r7_8&IL
z3;Sn-Yu>UtC2&Q;Wwg`;SXic%5CAD=a_V14<S9=DC}riMMv3|cu>QMR2|!n89jOtc
zgUW_RDdG*+7Z&Og@4|2l;eJG{`iQmBJzw04d^vtnZMXEue7!weS*=a!_F)dGj)$1^
z{&k0`1qica)iU$kaWq>fMZzEt>Im=-l?mJAe_T&?OfR0|i19nCJpT!~#ajik0nDon
z3mxrT+QdVrJX8Qxg82Ligaxj|MWDIoi(X1tz8ARhg?=Re+sa{Pk=_(4RJ>6}h=lS&
zj0!3El24Oy#ucK@v)M@_k&4KOsDh+cs(OXUL1JBQwO6sT$%7(Lo@JSs0vN=F>38Fm
zDo`ZP#&PWJM5R&xx`Fdn#)Y3Xm7lB?CL@%z*^5wb4sY67p<|bN>Sd>a$n(dl5z9jr
zpm9NUZernwMTGrS)rxv0dt`E2oBi&fYlK0aS(tK*knkJ)g^$YHwAb|v)@AIqpoQqo
zy&ythjbB->AqIQ_bOA0l-=QIhHJzE#YNN_!L3NVt68gp&x`#Zvnv^T5ch=&nki%)6
zquo7WWQOKyZ6lVJnZ^CZIC5Z)oo@_dG=0|im|nx%86Kw_bQgw9S^`=6E=N-TtN@%0
zp5UEUtkL<9{(nntFl2yeY@h%DX7K-m>etD{+1bL@%;`V0)};1N^~;LlLqF%o@T490
z*GC|mAA1udgRDFWKA&{MlsE!NB#!C*L)Q{>G$)I|T)sEG<5TqEZn$#RrqOfH5}{#J
z^98qFwX4#Yw&QT+<1L_u*owt`Ww|N=cULpcyH2<J>p2ZQ&3I2UXsr$ic{{#od4<zr
zn>=e;KF57BlxzJFE*<=@X6e2XE*q^<-pqGLqRnj6T9oM7XpE4!{<P`Q3TGu<hD?=~
z0wu>-5Gz##H;(Y|X|IUTclfSEWBhXaaSk4jEs7lh*g7ovJbYC1ORr`Sid<Ae*e&V(
z9Bb6pFxhTW_F}iV3ZKQ7xVvb9TEoF00IX#e<#uYs&3N=R57U$K1sBD$=|lIQQvPkS
z!wanUIqpTV4jz~L>NV=pQr1C$bczis51*@I!%wi#3q!9Jsq}Js#g<B`1t%4OBz+vn
zde%_D@v%W!rs)8lr!I?;_bRNJzBN(~s+9p_o9YP0i>0r=nV6rx7cN>a1W$bgr?V-t
zN@S&~1?_83)qrMgSIu$Lgv#SQ#Z!h7s7Q9uKhsr^W}4Tf@8B`9&GEy+Ic6WaD_g>@
zss|bcJsRdk45E<F7*2h-5^J@ROE`*FZ?b%>*@Aam_aS9E-zVJWfStzKS9#%kUVwKq
z?!MripMyrTlx80=CLej(F**4$XSX4WirqJs=`ndOEgG5T8<1goJTy_g#Y<Ay5R^E4
zBu-4xYbip42P6OfL1@KZyZa^-;^-gIO-Kx8uTg|?GRHE+9<nbzD#YG?fIJ_9xEd7s
zW>3v<GvlYZ2Z;UQtGPwNyBLiTtmQ9q{cB@Z9*f>quV(0*56-I#+)JX7TEw{&>)7PP
z`#iut<P5ay#H36P;qz9&`B&@YF~gAyT;L+@Po_mYm@&u3Pe~F7vzQga5lQR(Pq3}L
zskya*xOk{5A<dvOhp{a&goQYfv!H*H2dHWgMHn`>C<iDdw02m>ACbq1axupxP3xre
z!sQ4b`T;A1Fy8xltf4>mhE2A85k5_2e_WKj>4%nP?=Omb@aF(3WwAJz9pz=uk4QCh
zXxtuPVrYvDv<nxrHU<1Y$BD_C=hq&_obI{-ZhWw>Ed+2@MY+`0=J20j-d`ZKf(0-O
zSty8B2i+tRJPYD-yG5|t0P$FkkPquoW25p=N`Ny8l~lk40`j^|F4jmrRZ~jvLCisx
z94sPKlQ{{8{HNh!2DovIg0yC=ZQC|ChWZv?Ej2Lv>MY6Y5*l4=LA1890if%OWL_?m
z$T~uLPXYGcSF^W0dKp$PBmOj1Sx^vEg#3v$&ss7(gZ9OkW_^{$t#vhn3{eE^?)GRf
znIll^rS`ZXw?iNPfP|pAv7XJkj*#s|y%xlu`P?pC288&Ibh){3gP*|I(w=mZVD8cp
z<$q3f89nYf-TpY70l=97%Yh5DsqS6>nD#1yl`mA_dOX^Ht-1x23f%fJx2qP#k=tOk
z#Okqh|A@x_EMj`hP5{>nW%I3@Ac0<Z9DtCPiqAw>%j}%nqK5VVCOOry_z`@pZPG93
zU%X7r1{kB{U(N%lrjrul8!Jsf*Zr+WXkB4iP!2{cD>0*e#ANA3Uk-;JMS>+?al!xr
z9yh=<VMH>G=B>g*`oRR?s|^W#HKo5u^<jP6#hfkG=rD+TsIoJTAtm10l~-d~oGZ9T
z+uWiMs@(^4z@8-i>p`mT>lSzY^8wVBwO~1v@75JI8kh<N#dz?zE1G*v+FYdzOcA^+
zPVSJqNPr7ZaA@vJ*!u<kzuQ0@Dw@E6LjeGAO8@};OSJ#3w!+ET!`kG(a_pA&rsKZ~
zC!bsC-+;kaVKuFmGD)(Qq75e5Oi|ZQX@&UVbP{FVgEqb0;XshvBSB*_n{Puzk{A8@
zPO~(|mENxJllBocv|zZ`w3DOfHRg1?$Ld2qy6Ldb<w~YS2;#|IO}f|h1#g3b_m}Be
zzV8QbL{WM=Xjp{3F!bDR=2r#hHjEfSuUT$t?`im{uq-Y-cU6$I{=>1xz_PcyiIbiF
z$n2Oy&iP4mPQ1L#h;)CVkXzT->6&(2uc<iu9}0as@gv_hH#h^T>kOjn4Dd~%J{z>q
z{H9Y$kKE%o$th!9#3K&ZKB1l{-5^Hd_QC`N&_!~iucP+T{dM%#I9~Xw80f55?u;xu
z{nM7M9#bxA*CKgsu)M${#`Xa{>Kn0wdvAk~mcy;V)Ifk)Kn=Fruem?_aE$|JI%n$5
zY_A7@H@I9ej*E3TwMKCuhwkj+-<KWJPMkAiwIfhbMzkmWq({?#FAQ?@#ut=@u;V+K
ztM`^aau8SrSr&IWT;M^E_o31p>#P~T_S8GW1C;#ZAaGU@dD(URd&i<?>(|t%W8HxQ
zfdFXe(deYO;Cg^^8&lz6+}3YmH|4B5WA{cDglRCm+rClQxdF&^GEYx|kik}`oNTkN
zQzP6ZM)1D68%_LfGJX*nY*>Fjp>p^V%pcd{^xw;%pMco5dVWnCgY2~suC)dR@P|R{
zaTvtlz|m2-)-8|tAyL79B?-wFLYpbPOd}xJ?7yq|%U!mx&8e6tsQn$AS2!=}4R`d0
zB>WK1y1riw=lxLoE`4Z;e27m|oQp)aQfJb3!`3~bCL=LX=`XSs95QDxQSs0Jbt3+C
z;LoxZ{<xn;NBVG?DNn6)4z|R%P3STYZWDmMbR)M*PuY>?OUPA7DaPE7LsgCTabCeD
zs83GX5>L8xMVL#8aPs8RtSa<<kIvu*T+s-=n#=m$;=ZV!@uw`+KQHEL`O#P49j^AR
zy9(xrpH`j)he+5!eI9ADZaTS50v+c1B%v**|0ZBtX_z?E)s$)6W{>(9SG}e?a`nq%
zvvzxs7k_b)5Am48mM(&+bOa|^yKn5JO%L$ZRU><yuOL(;D2<<DnbHaDA#Jvr(@87G
z)X35X15!|pITzFdO^{dVk)iv%4~!%~PbxbXdk=h=9B?Y~eu#DYG-sS(>1x6%y3;lp
zy+(F&uMOK`0p~o`&Bf}23MdJ1g{OEUNzgPAxAEtVaBYUNu|?)tZW0|Tz@peViKD=<
zcF=8zQqJ!P3lZA@r__~VseiYr0*hxk^EKASzR60nVG>AHYBn-uo56AcP=+fD{o*~A
zcZTM&+T)=fuY}b~37XE$nZhQBiAa4(oN&Qnze;&y@qaVsgUR<Qmjf>C;ZL)~O++}y
z|BNdDOJ$|1pb51SGd&7sWuV6ELSazYAzjplp4q&FSniPIn`4(}vO!X8tWX{^rm#V(
z2OY}*sS2%_w<zQ)xg;;lWO)#%Kq4?>g?2&m55}_rnqxeW0X&o6+Q#pXW%-v(!$vAS
z9?1X<h&k&%qsr(08?~`Tuuk_rLow||QSyE43h+SoA19JKASgDM%n59O(D?KB!APlv
zoIooK|L**sEyD`!faL!iZNoC+cp%p`wF@{{{+G?CeE*04=BBM6wd>DCFP8_hd=soP
zsU1*ci;HA%MWixNYD<8mdSn-*`dfG`6N&oS7N_KY%*BKf+5ye|Kd!#VJF$(~AIS7A
zoPrLPxIK{lo6ZFQkH@nBil<?lk7D}Yw#T#l3vKeL{^OxqiAZ_a354c93x)D8qB%X!
zBsM?@d=4~mu_A-9to-@^&xZdz{J#y0?EK$`ml5m!6C?tssolTX-6s|UFhDs^xA-^J
z=FBkvBK$~lV;i$SlIdGG0UQ47@o$X9Vi3^8zevQhu!lIb*y$yCb2%;Sfi5_Lo|J(x
z?KkvEsPqf>%vy{9nKkNf772L(m0(#Au(yIL4oFYsz^?UQtNI1T<Yz`)*zwMN`;|D`
zMT6H1OOp0}TB#33S^Jbv3ZziwcKBcAdvqW+lY|cus+c@E_$Oxwc{J#X1%l$wE+sYn
z>qKtQumTfX@cw8#z4ryJDW||3?%E(LzrlpF*8@vJ$|Yy$t10Muubc!yU_)mn`673V
zqT1uj%CE)<4K6Ej<_>6ISM&d?zwS!lO>(w3?%>~4gE*B$9=msUW$ezKJ$fo$zl^9K
z6zdyhiHzbpdw{y9Qufiu2J;E7TYqHwLRMQqV@(Zo$BCG!>#VH-LSi$<PG1u_s~gm7
z=5bj`OU>nUc=TB?BfruzucV%u+PE09Ur}vM@bV*NX&4TebxvtqOj_m`VRt<uToh!(
z#&eho9o7RBc$`d8W?e0HON~9+c(R9K7E8(E83!ZQWPMs`X17`3ERbz9I22wF!Tz9@
zKd<m3@j=sIq06Jreo0BS3ilU(LTReP^n%kYn(h-jno&WAu<>mxu0a*Nv(r9Tx!Yes
zr-QpLJ<Co+YuTltgu2oDv-+)H05AGA_f<aWN(3V?XB^$EEU^?ShWMI!3chAJM**-!
z*o)yonQZ=o%=f}d<FDJF%JVxW0;_0%e^%Fb52luX<NUY*#hYDE81G2nUfGb3?E;>r
zTsWv{cdPDI?>-t9<?P18qY-_&0FQ)3#n6Z0t4dwp>H)Tfj*c~GV{AR253>W$UPp-w
zSOX+t1M|^MaX^I~<YrtXyFIga?Ojn33j1{HY`(j+9)(D}hK*%(dQsR@t44oDSAdO;
zwFzo4o<Dg@Xl?PvR*YQ#Of(6=9a!Yj5NkO0%}5fLSvl}rzHY&Q&$1qHb4%Mv=>ex<
z#qk|?SSqDEZuje#0SHZFG)jnYr@7>Jj5PakDMea0q^={(;v|#6i&i=O2IFMP1dTQ^
zOS4vQRG(dCVxrqx=<Ti)DUj^EtOzN%OLowd9B3Bx?xHwAa%JDP1!g#H6A<L_2T}uO
zm&EwAvT^*_B|~!25NZWTD}7@2Vxl-c8}+A`9~quUZ*7hXs>IT|-AW^q%rWWX0X#J$
z<o{~tEdQcf`!$ZzlF|qQf^-ZhHPj5<G1A>JATSK6v~(jW-AcEFG)PH^fV6Z<3rGsj
z=yo5Kz0diaKj2yOV%EI4uFr})zV}+cxvC#%gQ41!SQT)OmJYotj`;Y(QK@F&^D%c5
z-=~Hz3gHj)0%DV|2=8^jIUwXIejr`sY(aM*3Kt>m6fG3vpe@v9KUy$R8H9VC(;2c|
zmXQD&EfXTrXSf+WaWb-HKxI?SHJQCFO_wqw_V)v>`evCoA3k?OS1F5*#}1h@u&B*5
z7?@L4+eW#o#$Nz@pPCW1wuYHO|D>z!m<KY&K7d+XpX1MK_kP&^jM?MhI}!f#|F|Qc
zt*e6(%*d{QgmmXmX4Hf_SxH)0n43EN#7AAn=`LI^(8Dzl>~Kem?>j#-)-3(x$Hr_8
z5}Q!7ClyPVXC@VWD`{^-`*YWpJI7+e@U)Pq!2x^9An)mhF)Tc~?&E}<-iH02#q@1^
z%3Ub%sYe}9fI=J6--zSr83mBG7rOK9;<DxHbmNFNbWV>-o2E64!vNVGIMwL@bMT;?
z6l}Kq(9mQW<h5+S<XY1L`dX{oz1m&oRR>IuL=Yc4hG&ZO?M!{H-2h2CdOO4TRrDF;
z;u7i|ZOW#Dj#o><SQ)YN7`f<dE@P3KZ|!N^J(5HB6Lan#a>R*A>)fkY5o5{q$`x!6
zCFZGvuf4Wsbl>R=cB6!oI_))Ct)V252gxB5x)#U*Y^55vJ{>lX8$BqShsH9C)ZtFD
z*3lAb-PUv@qo{}OzH`LC9B9-@;3uyo&k>@Pu)52{Ld2!2__cq(`b9@1gLhptp6B9u
z;*j#q5~caWSeG?n8*N&49BzsXlhqZ)uy7Q$N3O3;Z%}KypD*t89*Ebth~|v<&Jf%N
zKE+e3*x$BkHV>hYUNk+SSEK&Oc;T?*?qJqrP~PK`ik^udUFiy*-$n<(rC<S7Oqck;
z;;)NJGwSZ0k&CI-@|H{Ck*Fqzd_5k<J8<r_m#ms%e(lM9jjx;{+@+(68X5YY8|e7W
ztON&07vYIba3v>Q_9sygg$F6;%e6l45o$G_eu0d6BMcM4u(N3#J|C8Y%0l?{65cl7
z6up6zK#D~z&xkvNqVPH<97pr?>uhbtsReOIzzRl%(f<C9{QAkgp>?>E7YC=YL+9~e
zN!26_LNhv*Q|rik5q0;NimthL%)3GKsRn^9Xx~KT%E=cpFO?EC_m~PJ8RY{NA=M=t
zFH(@NAe=v6WzlS^CxC#3<1$`MDHqQM;*uH?W07@P0=9A<MldYfI|?6ogj3oPDc3Gw
zF}DQ+d)CXcV!aHN`+=u0ttlO8ywj_$W_CY-H*VEILNu`;3uLrDhk!dxkcDd)u|t5^
zxjj^$v$!{Sm-xzMC%>-BIcNaEun_K!5gPiheuNDwjDj!hhGRdg6;w2rM+*nAO=xGA
zCwxR8ta@c6w2(H9N-3d;|4_1F(t%bbP4Y8Ue=qfMTcjke(~3S=IO<ZgT4W56g}iNp
zJ{p4E9I80+Vl<%~z)^KN=*lNlO?ASz0rC5m;b}wP5U#ZH^v%)ilc`P;r-1BbmuG3b
zlur+2WloQk{4Ixc29zljHVBlyEI`Hec(JbD@+nm+M+FW=q{@l#!5lGfsy_y0*TWz@
z4FV<jxS20#`U2`PnKCk4*f>_d1Vk~P^*wUR^mukz3A@Wgy_EB*rAxsP$FN8%_fUsy
zZ6|*BY=PHdgmOJMD8K>D1|u1>OSX6=R>s6QwGH*GT4aJ(s2;L7IzdVvbtjXoK|I^2
z@`Ejxi(JT81~d|K!F+!np4QLZuhGC=x##gM{EPBNBPKp<CGG=*PU$?UNO3fe@V@CT
zc7GB+toA*~XL6<T&?j&R3*@!w5n@RWWz^oq_LwQ#BS$(a@<9WClgqlHBJRO`EcAw9
zSoDlk8kx;hXG|TtBeK6A%hX~FY(a07`9^lV<xXWSkfhK#*2iQk)B4l>OfvUZYJE<h
z?i=A~AV3yJJ!ew-i4qUjyE?m7UnfRz`44pc0hkDILmJI!Y!D5kv%i_Z#b>27@SW=H
zxt@%UgTLbyxuc(%;87Yx=U7GVyki?_SrN?Tq7vVT$<#FqrM16FGHXJBNzbO}j8gpF
z>j$L$FPMq2TK$2U;TxjJ-!ap__61Cw{fX(Aw<`jT$pn9(vFUCchB{vX3Y#f<d^tA)
zH1|kija0PAW*DTtA92|K*W9fCJHz(=U|7Uu`OdK6O$de^Krrmz)|>`E7}g$0)blnQ
zarj36!m$51>c5PEKN$9RV?_kR{xJTVVbT6#Sax(IW0Iu0?+mN;C&NBiMH~3Ru;e3t
zXx|yO=LN-E_nN(CrqiQQS#f-oxrZ`y)-=dU6sZ!ZYG__7x>W6I_jbJma~X}Svu>D(
zyQwHP9)7b7`)YDrd=HF(*ePcZkGyl7x#3<M+I|xDSQNY#1MONk(#uLb@xqf;90k0U
z?f{sOEH<uh`o1m_ouKHMMSV0HvY1J!d<4>h!unlol!6MX3hn;W)(C#JyoCKLTVj?A
z+~7I{#A0c7DZmPu03s9zqW(O73%Q1!#SqjPKfe6UG2{8qKz(K7QWv(k?i3vR+~a)A
z$bJ&C^U(RGN2oxm_ew9v50Yj|1Dn!;cp}ImpP58vI^s0_GiZg;YgRcoZUqU0I<6KU
znHrli_b8iik-J<iTGKd)M*4=R`eO=SKm=90FCQlr5R!rlfr1Nj?OOWAmb@B_2~`zu
zUJISGLZ7o6oG83bO-r9iHH}=7pnAZrP_@7sIazsP2rj?)B6TN)Vnk406K?vn4h=Cg
z4?H*XBTT}na%LATl43lZe$3Ag!CeSEy~X|J4z=|l?Pk}CXF#oI-rAi9G$apE*#(yR
zMQv)d-NJ<G3!ibW2C+CpF?w5E%+=ZeuIU*2nmlWaP~(FLSqSV~Xu}R;AQ#!W=s^hw
zqS6ONG?we@BYKDpDDs=<!6m*l&K*=R|8o3u>VVq=4vX~XJa`}H#pvoosB+syIE{Tb
zak9X|8y25#as41zCby#Op_1ljEb;5*yi<Zs0N!0U$LBkxuNcGj^}2j%vu+}XFU$=@
z1g{ApZ-s_3z{tsUFN~3by;^<6H)LRGOlL-%JCcN&K(a<!bmz}XXn-|&bsk$IuU8#s
zFMADg9ouF($ppu#Kd(I<h}j`nU0nbGG1_Bf6G7tq!|V1;jEn1%@i*L1q<75-J5|oj
z<*2GPUu}vujF^d7RUwbeQF!TwQdWM1pYI0QCN{=^F0ahd*viAxB*3k#AFkqcg}#nw
z#J?r5aVG!R&m(!JHN)0rsr4{LyL`yYqBoK-Y{i6K@IWBq%Z4Hp4Kl1Q&xqle5<G&a
zoo8PiFARWe;p^FnWjX3D8tJPshiw!+a`AHHt#9N|g-$8>a=`oxE{e<4B9@Eyj!~1{
z){oi)Cm~kqgsY`yHigTDmtW9pk^(9b1Z$%W#L5DS%o&$x$4|+9vZk9$mDv?OPyqoH
zoEwsc+hqslLZWRx9fc%oXlH&ztBUWWsZS4ErQx}kc>7~vLKlpS*|NUw+jBgUt1>Ep
zkYz$zDThvMbEGoFELGFfaC&Gt!@xUtb3CT~%KUxYQM`;0^15`7T)<m<Kvmyx>FO?X
zq1Q7^mYGpK%fa{E2acVVg@gPjjSM;sD^^_U@r4o7RbNsrNt&+y^_gc0^K`*BBD`t?
z5qE`;h`K^V$*92XVU7S}80=@H<A39=5L}<C+GaP+iQR-Z0U~SWldCM2N0#c0Hd!~;
zMSg4hK2?FS-Ap!mG;?x1DwLvo(j{4WnNCqySfp*+#wJuaAU{n%A@)NZTMvt-O@n?y
z)W^i4C)#iQYowOg*!z$>zi2djqi@a&1>`c52(@>a*UR?;{DZBf*}HBhvTNQU)lo<d
zEP*NJ5Pt$54aX>&2v8YfJyk@s!!i$0`4$7m*A4HWF(q@a{Q?0u2DYs1F$#tIEtUcn
zY7L{$)*<<NVyYVn%l-=@zC3o!@5qBWd@M;nGci`-&5U)HPZ@*bwZwoKddi~MNGDrO
zA8rvAv9>^o^_&!0s3HZ3o*)GqW0mt#JOYTm@}u-4d%35sy9yUZ{~)QrG0&Sh$CZ<!
zP@!y`Gc*)RAB~eNLo<jpL%4cW3VCQg@v1Xj4W1QzMhbA#ApvndBC*rn;j*d@LG8EI
zhlfW*G55$Zc2w1mt#rdCc*Bp_Z2Fog^>{7Hms$hlUAhSu#XDT(uV@6xV}#-B`MB%Y
z?U&)8m!*1}AE@r10|mkYHBSP~2E4nZ4eJ{or}MD`+I(-MJ5SjPu^5aDbSrNqR}rJp
zPn4VHuYO8LOTSTP`N^;M)t43*`J;lhT`}Hq)noYN^BgX3X}&a07m2IfW&3|!;<-il
z4C^DhNFySU>Gtnk#MB;c{@*@=xMn}M)EGnM4jQ7)ImHWHoL%<qOS185{cH=s8?z8y
z3lBP2?QJZ2pUtn^c}^wHXUlZJwM+hEFfS<N0sk}J#u%VnHW?}nw6ktz&8o`4|Cot0
zK}PDGoLJ<b(NJSuQ*XW;G|xDX6?F>E=}RXY`zSug?=?&3#1Jxu3GG@mVqvC(zZv;7
zia3kf49|_I+f~blK3wY=g;D-f+BY=h+s{9%CQ`LB1rngh*uV(rPo`}|u@2UJG|`mW
zwzcciI2?i=OX*g)W?=6|IO|IvO?1Of2`_3qo*Weg>hbDBz>-~7ay<CD8;j(TdT7&3
z6ET(jdtj&zTS$ex=1C;7JHKIyH$^h}cJM$LaSk?K)Lr|$`s&tDNNRY88wtaR^8<Ot
zSnkNVZxW7BOE|>yp{;?D?=+8X%0}Gw$v(6RJdVhs*wphfbhW`FN_>5(xP=se_wAsC
z*bs4X|M}Q~zD`2=(f6EP#Gp=q`1%n8W`PLgRWmku{G(Bh#x)@ZEd1`{o1W;t?rd@i
zpxZ!LYT<e`w(S`bx1zR$<Rcm=t3g_mW6<I4P+ayQdV5nE8-uJ@c&vU)T^w)XZlY{N
zUM%edUF{!kN#zd4Ks(~GpO3fq7{?TnCm!H?HbyF)^>8KhkjuuK-P7Un8<Z+DOk3^H
zlC`1a2MnkT;nR;<h>!Dd8$WxI@a~1bS#dQDiPzB#v4ppd8KYWAxR%HYb1mz5cU_n@
zxo2=_sHxIqKsHueF8lk2<h;!MTv<1Z8tc=0*7d_x3aszKebXg%HZa@G>6TCh#h$5_
zgooN<B|8*_&WPQLbg#Q0V1}dIZBCKT>*YpusVB{Z;0*Q##b974$-H}&oEQ==WBvlY
zo?cem-;;6yw=s;db$c;lM$DH%g2EytqV86=#GcdZh~!iXRr&{Z(8>rv$f~5M`nx^g
zeG-dM@k6wZFF6?Mw*eA2P`Y9n7R4bSzkC+nX1F=%+b)*|594EUrnxC_R8Xl@TRDgu
zV#D#mp;T+9QS(`ku!P49D#6`(NHmmMQX=sUeH&fy$<j;jb+el#hi7dySB$iNi6LqN
zL4-;8H^yk(Wr$E%2vDCdHSW9KcWLtV3mhN}8OEH?_g;_a!yD8!CsdLrx&K;|Q%F}F
zH0$l&c(w3&48*r-m@+**aOQ4%p7ull{TLgDXXOm@22@>E9o!!cho1I>J1+tUaFbr{
zxDAJKWFJg1<8ZzAZWDw_Qwb`9w_@az^FjFTCtpq%b~Z&cI&*Q123a)D8Ma%@)D1-~
z4iWW~|7?LIyKMzNh*41y0S-iew?J2O6V>0UQsPwm?Akf;8#O<JB%1v?#PcQY%V0p%
z3kwVLsOR}{E3Dnwr=#1)U1fcShmlhoXVb`cw-{nK5;Z<Z@dMg&bH^iO?_&pvC9BJc
zB!mqjhj<vhG`bZo)2re3U|?sL!TC|xg}%R!40TrMe#k0wfmk_aUb?2(!#Pw|Y!Z1`
zGHT-+;*b5FrM5wSHEcb4EaWxS)ZKLOXovB9u(lk>YU{Ypi=n*&!dt{`CvrO8YDHy`
zqBi2O8>F*2)FnE?1G&K7!$49o9XLAGyCKPk)!V^4dC{|BDKe}C&~%{^Z2kn+RHIK6
zG1%RjJrST(NLtU$SD+odv!w+iZfhhU(RBTckwXWO2Ii*@ho|qevAZ98yld`NKT>{*
z`ISJ>4<CHhYbsvVzCDKlqV&^c#5in-o3HitHK)|)=0ZoUW2?a(s>vD@XoyI<`n=9t
zD(LEk70;_{rBG|k3w>|FW#l&sXC#@oz_kYGRUy438Z84vxry#gDo1-F?#VyzSkh}A
z!|$Pjp4h*Q8FtRLCgyNN8PQ)=MEdqAoJ5`()mQlUwkvKhF6Tg?c{P1;1t~8}&TruI
zw-th-x54MTt~kC7U~<`yiTo91?}dZhJrqmr(t#AY5>OV&`OK^}>|hLYiB4YFr3eRL
zbr4L!M%$lD<9i@h?dbUJbVR)dU$B|s)=hMudxy00?X4jZvLvNN9WP+TL8*aq*7aN+
zDsW9ZUheyL4C>2~Ldz?21oYzBJo7Wg&rP<s7TgFG86?1^5o(ka!g1D{@ZxlrUerv+
zi6I{I(MF^iK6YcX`K>suElhni|E&Z`Q7cfKpqjX({H)1Z6SiwAMy#b1v2m;Dt-B-3
z>Rt6#G+Z3adHS@E2H(}OiF(l)($_2F><|xT5|#Pj)FlMnCQjjJP4_F=wNc*;?%5=$
zDhm$C=ReGXrB<1>a}g8wKZ#o1TWEjo7S+<iTrbZefays+B`2h=_0=rBwLfK*aaSc-
z1T)jY>FO>2y+NO#u#Xxt0pr+Y<~`I}(gNc{?0Y&C0pbUa-RROS8jyLnC&5G9&t4N%
zwI<CBBw9TQq8ztd6|`7Kmc?}Ukd+}PY$+y=@S5PU7!TFzAk>iR-|aSR(&c8?(6T0F
z!sey(;KB4`SUR1}TYJ)%ihL+w{%-qxYiK>8F*#gD1~|)zTrB-Xuf$WdgXQCKxxcZQ
zY3RmsVkJDkTwvR2zF!I$PZnl7>)5UOzU$2-EneVl_=IB679>sh%~o%EZ+Jes2_j>4
zgbp<)mY8M^B;KBXZ-F<%*Y1`gH|lw&>iusClwmHCOT3byc1yKk55!bZnIP)K+`Eu?
z2Ymv!Tj2hU7y;qc+Kr9F2`k(~yp_WTNrs8Y41&so-imxcZ2~5K@!{Ni8#xMmwyLAH
z0^WKys7(s!0D%Z87lU{KMLwI65$GGtL-oEA0r4gUzM{TU{*eLYMDC*30R}PiIA?WY
z>p2RplP~k9om5-K?#y!Doe@Xpt80py*Fe$Vg97%lHK`?vw{Q~Ymd%&^doFbRDo&<h
z-w==X|LQI`Zn7f=vwu&#M~rcQZ2yvfuOk1a!Jk>%zpJ|uJ@mKa?d!rn1BibYZXycY
z|F1aW>rU76LVtM$V*N{c=ymz^n)+YzEY6?u>lOCbEw0xt{<84k`)ToeCF6DZ^`e|#
z@<pM)<^NNnb6tG>?aVJRiS!@hYwv2V`~0~|{^f#%GzLLJy1r(<uKsfY@w@s|?Kkz`
z%Zcmq>#X<7AVTx!N&G>6*Y($D>R)<1ouB$^^Y(Rz>odnMhc?}x4u8xeD)Oj^W{QM_
PgZRiITKb;B_h0`3`AacY

literal 0
HcmV?d00001

diff --git a/documentation/ESAPI-security-bulletin1.pdf b/documentation/ESAPI-security-bulletin1.pdf
new file mode 100644
index 0000000000000000000000000000000000000000..9f09e49cc4085fb22c0e9e4e84ce8b40494af8ce
GIT binary patch
literal 648851
zcmd?R1zc2J`z|b?(kUQF4c#*^GjvIJw@3^r-Kn5-NlSN^BHhy62-1=wf*_rOoB<!-
zNB@s+p7(dY?>nDAb@tw~_gZ(XweGdA>%NCpNlb#39ms)+Mq35{gNeotU<241T418_
z^Mlmf?My(TFejLmtr<uOW@h3D0K>ml0m;E^%ot2;Sk+Y-0U%W;2WKNEH3t(D6<b>;
z00-ywE%Go2OKBTZTX-{9hbG1V_-!VF@IRPnCN{>`U0gNxOJCQ0fJAMbZJYp5kgU0}
zqYeOa)f@nP-6{aec6|ory86%s{M^{peSc{TF13RRys__MtC%?2Iy)GdIKqXJu(ffz
z`d|leT(t#~00X$cA3y-?*L{K{paAwizT^O~Uv~+T-~@o7SN91Df|ML=jZ{sXbU<($
zg49ghoIujna3hI){}BEDA$=t!NZ7{4)(Ni6bt3?Fo~srB;P1+SuS^a<yOt3EzV2HW
z0FpN`HiwDWy6M2bWdm@sg8^JTVEA=WxZrS=90Av2fFvDko$Y@3>iPtv3Q}``**Mx=
zscz&B5>*9>nYfr6nW#vLz(rAm89Ksm`R=vv=5YkD{cOprhJRR6!raQq!~rB>1#>bH
zGcmF?HUY_**qAvz0&uW#UO(mN<X{4`#zb>Vd87N;c1{B8k{od9`|NA^;{t*~(bpOA
zzALr<q1C;e5}~3F6fdeaKh=AsxNJc$FQQVSpbvthHRdbDH>;qK4|Y8Zkty9Cpn3O&
zr<cp|F%?{TI~%dbXM@4VXUnG*cZE<CQG`b3JKyb_wV^LQUGkp^^&Jn?zsoh8erulN
z+sW=}1$JmnGbp=r_mpq@;0ZA>e1SElb9zq-)L7h*tM{Uxx@yO(Z*iSka4_R}&3T0D
z?%2Lr{(VeF4X9Yc36=f&lf`}sZwf`$q9=^`ahMm69JCEI6<J7-z3}B(i}OM$u`cW!
zv=?0sM`;p(0b=rZMe!8wibkKbj+dLW>0%Tnu>{~xVdlr(a-ollMJVM{er%F)4oH2#
zd2sllyk%RAM+)J*sL<q{6A#LwtHbn^Vt$|8?Xgt={6bGDb)e(@<|m8?hE@D%cd-dR
z5cIp1UC40P%H8dbkJxeb266UN*VXET^t|}m7pdZXlpSnU2uNaaxYa(dApqJzV)S<{
zJ1ad&UMvcB3M6xT&Y{Ko;H<U9&ON_5#ce)x|LbOTn!g_e{oU4$M^&@z!~LH(#vUj6
z1C_?ph0jj$K9VHFKnJCT=2|;^eI3v*f$^r_rU|u9ums<`@L14^Pq&9F7^bJAy~pCT
zn$QixRlTM54i`lrPA^gDsmtLp`P(863RxvDp)i-V6_k&tH&hJ~0aTGA1^6eb2#=zk
z)kjD_SU~nh(Id;<;Tw5Pbx!bx7mw0Q>Bybv=K5z%jEUY3O`xY0d+dncGi+37)S@pA
zxzsTdClE^LZrz_pKteFx5%=tr%pH<@bAp;vQEtpxl*)tFXFFJZb`Lv`^4yxdBQCjs
zO1tU-B+BUoiIb>Gp^_p$wPaRLNwiEB=~PB{Y1|4*g;OoHV{xC@S(aKYLgEwmEm51Y
ziK^PmD3zNc0rSd>=r=4!s416X?&cq$JMSGgKdw<~rKEVUmmzk47#r!Wfi*t=3ojyf
z+*<82WZQG7cYKR(?)>G(y5jgo#F5{ZU2baP(@b@{;<hr8J!Ol-$H#>TzWag6$uDmj
zd>m14>4=fazwlCC?@-K$pp@HUCt^Eb5o?uv9%(q6UzAsvpd|jv)iNn9@S@4(CWI%*
z{;q*SxwV&P;3svUzm+q#-?>_S;ccPB+>5=I4nzH$EbOo4H}wY-P>3MJnnqczF+Lke
zzR^%$5%ug4SW%LKnHIy6WiR`aZ-=){<4H)9Na@b4wO=+8C>*+E7!)-JCYqyfe;HA(
zm5`)t2;}*+uX2d-VazS|!HL20SJcVa2M?zCG<@wf3>FsE7%Q!;y>5hz6ABiJWfkLT
zXu9;@V1k(iCY2eMiNDlxLH7r{pe5GmT8zmgrcJ{DaT~&RTBZv+R6~zx-ZGV=a{@?j
zlq;9w3L{%*DDWd&i3Baa4Uaqb;gzlTK)rW%<8oqg4UHVxG)mE*0+|$jg~7m&BOFo0
z3HIzHH5l>YJS~mFSG!phhuetNgM1ptLLPr?%sf}EE`FlB(>quk?~S2ES`G6v#dk>Q
zxtbZ05l`1v)vNo2fY|-<H}fSrzOI|dE){*sM8J7>e+G*ssRoPbXh~Mz*(^>8c<*Q_
z!U8r2Y>A3=dt#)gIXL-Ra#TLQNrj+Z+$-Adb}{cxfVwj#8=rF^0v7av(^~6_jvcOT
zJmD(N(oTfBSFgyN9HH3#M3I0n`xg+AVkH|Xi+Xg&fHj%R{Cz8LAlhS$`&q)b``sva
zd=2Gofm=$a(j6m$y!;$?;*W!27Gmu;46>-DuoSptM)psNJ&4f}A9(Q-<Zd7+Gb-yF
zlMfxm<W(lJz<61uFPRXeP$%+<ENpx1pFT`-BCFfgE(;KXC9x0H*8n+nY!jVKTju37
z+}QZkybofkJ&snJ*+Qmlirx2U6F#DE-n`Jdn~*+d#U=Q$vFScV`JjLk>Nmf=RSy0f
z2d#>hNSZ)xF1y?v#F&)i%_i=Hj89rdZ_4Jk7<^-NigU7Y?%k>+?B1H2S&GErM<l~!
z3$_6lj3|pOI{?7nZlj<IbZ!{&dm<5KvV3G%T0xFPn88#iPTmToMQfMw6Qf=d^`Q_s
zU&>CF<bC3c`0zL>0WvI(Tmd3RPT;q7?y+}uuW{fMSnYq2U9*BdUUb)>Uc2C?$%4wZ
z-g<}i!ku#hM)$R`M)Ezuy4$4KB=gv(>GJ3)NERLD4+kD30Pk3Nhe)VCYaG!?)aAl2
zW}xpOq+C;`B@?PFv_#S^r02_$`TD?l%)`V>d$Fw};E;a}PaaPR61P+P+58hP0w<`j
z(lSP2%ZZ|d`OWs)S*rGD?_LYtK`n0QRdT9c`(S%mI7J2WgxeZ8fVqZuPBrC~cy5Mu
zGIt}cZSu#%NNWeoaW?VoK&uLK?+SV9SG?yH<qma=vTABcc<RqT;m>dk0}hZl(vV`Z
zj8fzWJ!1?+sC-k2cG1Syne?p(XSS5SS(2NxDGm5SK6GP_E0GO9lb+^K%>VKnUrVUl
zre(3$!zRD?vfGGlY<r~LCf4wk6Zun>96=^!p{D`4E!~;;fq5@+0mr2M6M#Za-Wy!@
z+%J@BXanwShz^cFlM;s?DDWW_I#Ac6p^<9lE(fqGMVX^%6-?<e*+z=c<FOl(G9Ca`
zxH*o+&{A(Vp)|zQYR5D06Wmrby<MN9^^yW)3I-sS3kC!$H<qf=FN$;dIe-2VaTlZe
zj;geyd9oayXmVJ%scO5N3aCtjiBSNm8zX&I>|qX;#;9t!>6#$JWW&C_n7RyRSoG9d
z5xD=_8z#&qr`{NWuH>VBN+65P5=+Ru9i@Vw?1M2h61fwU#6Id`^-bzi1U28+ow7MO
z;R0yq7S7j1!~U);&N<{6Y?74lvC0+fBs|Qyn!fQH{amWUwrV-vUo|rC1%7s6ncH^A
zu^265M&5iZ+u<%$?UK<xf<1<6iCkWR+g@0|J>wm2vheAfo7qvM_Qk{O2qVPEiouTv
z1o-1MpQrg#Q`vTnMv;Jrgn}+jiPF&MXY&|KjCaB*`Cz*uE;Salv1U1&PWVUu=0!;k
zS!iw&ck0VY=7v79j&n=bzAQu4os)LB#EUU|kwH70r58QyInFP)&S{bGm3hwA2itbz
zd|N=|L#V~@%3Zl{4)?h$6l-<V16ER(^RuS?j1FogQP)UtOai2BIsFBaZ`~rGE44dm
zVwS(nDRI&~O>H8o#4d%7CdPn(Q{^pWlr39eu3h%c%>ERcWi6q{j!xqiG6VyYn*eR-
z5whua-GPWOyQ0t=G6PF7o$1#irY1$~6QuIJOruHb_7h{fN(N@K7|1T7gWM%y;gX1a
z`DB8n6^0)nl~24w<WvoyqQwNguFz7|a>yhX$1&!n(+F2*>bY0nP~rZgr2xC$w<PH*
znD2Ip6bei1d7aHV>|Xk5t)xg}ALCcxEoV9bIUaf$2Ng1LigOz~syi}vQ~F2?tww~#
zFp>J8K6xBy@E$c_h=H-ry@v}4g(rfC*zzI!f}*_6S^jJRvLT@%&Y@f|?l{S#u0%XP
zBGET_sR-kctd$j#FP`E#?n3t#T2MZrYTFXH0A3f?fj$IxM0gP9c<~($?bOP7HL#YT
zIpI8#y%FlWPlSW0NCW17-kw3pi*UQ4xYOo6F<XyJSXE2n!Tm-?J{f+Dp`6<p#oUIf
z`%Vz)m7%cal5G3uOzle9n5ei1(152;ifqWuAKriQb>oR_;%w;GAdvUH4mDN7o2tl3
z_H<GA!(bL;LpSp7jqWD&y?Gr3-R@>nUpD8{g;@Y_LWv_ku^gzrrxT8d&2KBhLt9w_
z-e1H$b=>C94`KnKKd&k>%DNaiy9qQ-Ix|<K@h3T#yG@{rEJME7rTH+vqS#2Fq+_hM
zRW%~`1NXgW9^#^}-V#YFJPLmG%&zKVz^ME<Q6+f^|IH&@jr;!Fw;n^{BHo$OZ97-@
z#`m`I=_j&oa96v#c0HlebQz;*Cjd!1eY{W0s!gms$4eu<C3Y0Ugv}Gpn3iqk#!1qW
z6`qkM166l>>uxKo&J_QMzlu+IwenNZoWZJctg7^8XwzU%5To0td*6%>Er8~jobMG+
z+m|uMX1U&xk6Kmb${q83+5PJG^=nechlGjY4_J!p^pxH6wG$-es+D>!RbHig1rred
z?wrH-@~eup7L{J`ejZT7RLPBcynA=n+PCt6f_b2OaO|uuCv4(a`CBQs_^WUGUb?9`
zjMdZh1AwuT3f7@iC$?U`Zh?{pm&oI8S;Y^U0SF%(hy%K}S|U>ok?SpyePg?~GSbcZ
zpkH;lz7~qTBHLsx=)<z36>{jN|9F$YW$OlW&3)j^FizHu8WczJZgH%63Cu2uS@2x$
zc51dl)-i6_^3FrT+_%t#3zl%^jHqHr%FBn@C5ZR(Qu|aBtM5$>SJGjQzq~z^XQ6JV
zudL2gKv2RY=e=B8?4xyxs)SLRu(R90zGbA$*#H_SJk|*@Dd#w8cGhAK@PX95V55<-
ze;Cf38MTRzFIO+~$Sp0*=Yl_Ceeq$I#;s!lwOk)GHLk=Q9|2fA)tmHJJ~A-<HFqRO
zY2TFPob-b)-fnWC%l9^NU0qbk8v3O6*Z8_2({ajv${g)SwLA&RX$Dv@MJafz)>!aX
zdAc2gA2?2FD#h{yp}ej#?~*K=Ts`pf)8hHa6p`#JRdxm(wzX!W*LiJDK?;D1Kw)-U
z!Fy<2G4#*73_EwBC3X_wgFCwpo55We!*Z+k{-4*}F`lmBRiV|q&Uo1--8e6zxsvUR
zAncsYUPS5;+f4w>*jO=tz2H#4mRFbLJyu<ZAwBo-g#$*IMKVDaSwjhq&ez5^n<=Ad
z(~St`lzx|mqm(ofjx-sbOlC|;MvBYZqNjMsdutnwJG;RG0_PAx&Is~2D$Y)?R|;t9
z3BGJQpWcJP5kq=ufDZ{wpj{)~vjbZEtT)ZJ$>8m$0fFNkvlJVt(%Z=aiuXipi#B=^
z%wwmMRr?>tG~mmeTOM=oz`6+JbwUu<^%`5b2m0j2J_hlmVF<cMT%6<*ve8buq>(ju
z2fA2cy(DJ}wj+Trr7m|7cx9DgZfr)%(i`+egLf=f4pC4X;>DiTSYYTE5V>Uc=7$TN
zhpfSOE>UlVpVJ#spY#fQa1~V)gVZ#)COAls-@muQC3`RSZqV;ihSRM~j!>X@GG^Vu
z^=pA&wrt<ln=X<k8q@6oRGmZG2$hJhr`%4s8>%KDq|JO^!w)aa_Lx?t26o;w+6a*x
zX#jFP-VBiLp5Ad)@GxjRINxA=BJLT05S1>&(`1J|@;)9ZRHU`kpQTq6T~E9cJup)v
z12N%Q(bOVz$vf|%$K=R1c)0pA9cr?!?h=KQifVF95;@t-xmEaW3azSF(ybUV2Xi`y
zYZpmhCKkb6@5rd%se6;yA|;tXT%B}~nTT}x%E8CC0{MuAo}@3>ct-a&!!!!F+4jou
z>PcE>>9Bo=`#0~U>-ng?#EaoI`%FNtsb!|aTNWAhl8>EP;Jw#S^@2=fh{ZNq`M~Q5
zXx7{CPm>lke20~5PmaeDT64P+j7&ulvvl1wX^!+t+di=9Qm>{MGi^}rukVa?uFU~v
z=;bI!`Xxz8qRS6U%h>CKB&$nSg~>GzQR2vD3bK#&i;(uF;|!P^@^y5}9guu&)mL>e
zbDobJ&&9saKYQ|x@N3#LP94D=l~fdU{jrKOo-L^xMqDEyJsuudEfGF927%4<w&;#;
zmkK<?_J!G`ljQ|2JbAbg9|UdZAFVo;ojs=%81e~ze``a^`}Rrx<|q-cNJqPWwQ0V#
zhIJ3KudZokeHNoB@{y3|<OxFlDJ}S@r0LBB40p=6$@*MWaYIYT&MM4??WHb9MXTMT
zW2Gs92DN=Fr{HNO(c~15YNDAL2xpML`D0(A+V1s5Vh0^VW8bO!ki+oW79R0lYaGj&
zC9a_9p=3;hs>QiuR9?$D;oe=m%9vmo42s+j#D(ZPP8I?gRPAQ0WFnQhuf&Uis$&~`
z5j?NdBz38d8}w5KjokXUCL|CZgBHG(x}`=r?sYqxI|#YSvdDSGhlkgPp@}a&8?)Qi
zMC5*1r;pO|#i4!htNpP?XH7FjIw;mV`AgUxHd(KZZH&m+$3)3!BB~PYa$8|B`pdm#
z<x?ZKYUkaXJQ&a)3l4KTb#qjvdOmzmFw|HK&fi#2<`A)I<9onl)XYPPUn!oqPFPDG
zb~jL6^VAjPqkh4z;)i_%`YGr)9cs(sfn8pH1JaLE$c^{%r@T5}>heW1u2Yj4u1<+a
z8%0|2P*J7#ykdzz3Yh3x7-FCT-|eAne~Ob&@;aj~$h3&ReK?s4Wbafmu!=hG87#U;
z`n9QWhJ9bF-&^{wexG3|R(wsKq+6A)o`XXt2uJyq0;#=tZZ8YBIBe$<AjDMkK~`2E
z>^aw`nOj{|vNJO-?_LHjb5Ry<Bu6TtPIS_5m{E7M9XJ{g<#fp}1%P-PYZyzmR&zhi
zFGP8eEL{ro;i2Q#?UF&L?E&nP9}WQdFq^y`W_qdF1Y<UHrrZ4G8{=EmK*gc{bh@0`
zw;WCQpNQz+&8bhl)nlHfj1nPWR+X^uX__dc<<V&K0a{we4o;A48g<*xlO;YY0aS1%
z$2%#v1{kMXm(C{E6u$kCBhKw{BA|_Pq&_*U7kxUFS~u}TKKN||?fIz)rba%eyjp3=
zsyB+A=+eT38F%Nndcn+`%d?Zq8=X|8*U;<_K<@`idj*01fCH});VbAAr0Q(wbOjHq
z!BO4os|qk{6F8g-5`j6IT;CxqA}S^>&MXSEGB<QEXA!ZrG6sp;z#&9)8#9omxs9-m
zqxs*?ubvPyaWrx;w{x;}0DQ-gCCnWhokSnO8~_k79CQBTm>tXxf85yV5gd)?x<*oe
z1~0Fk{EM`IwtS8IUW@uW@!&A0nd4Pw(s0b%+(_8Q%*q771`>8Ox&o28IN0Dw>i1(-
zF#JRmW+!E0ZuaQ=SHdo4*J1%UAe?Z_+wJ=aI~NDfb*Gwt+{wlU()#16t2R`fOsqBF
zk6hm)a*g-0a=-!Ns}2C{U^w6n?-maGUKt1u#+rZuVD4+&_-CcBVC5f5|8R_)xs4@A
z#l*-74xw{#0J%5-oIFq<9G!=9^8h)y09@d!W<^xt*s<mn{tJ?TL+-*qkYr&aCv#gH
zI8LmtB7OCb;gOS*og*&@<m&1Qv~`6!+5v4H%s`A+;P%f@GJySOxvmiPA9DR>=)lJh
z+i%8;HGH_h{v0aO#&F}CJGrw;{b7A$7~B+ab2tL7y$@2eRkty}f~Mi7xyI6e7UAla
zYY}t+?ALbF1^h`sTwnPi;9m#scR_v_R8(5*s@E$$z~8Bnt5XpCvYM@=w3s~14)jA*
zkeDXCH@K(aU#hx0!d-ktg#g&ErMq_JpCc0PWVnbba3_Gdud)B1rN4gShk%L>#wHH%
z$;0rY8#wu*Vq#_vpRn!>!f;B(<cf`PwzIP`vA!CwzkvGJz5HnDZ@&0bjBBZWofzNM
z|HpHJ=a)GF2LC)KxVS-on-iSu9DmLUC<F?=?(dH|0sZZq;AFqP=Z`tT4uy|kRxq3;
z0dsS51Gu=j|Hq`bw&E|gyRznAH2!-F7v!H0#DB78v41CIe!pnJ*OVV?7WegizexHs
z<MRIx-~3xa1^V}V^X~-}_J1|1a9^{2zj)~14=dNR=evOar6~lTC4UPmU?}%5Q;6&L
zQ;6-CDZ~z6@2;m1JA@1Jn<;c{pI_AeIk5a~VE(-+#PJ(9UB~`E*YbZhh5n#m|4!Wh
za}M$RB?PknHrD*Z_3gWC|JXVIa?FQsO8({?b}s1mc>WL9H;(TP{1NlnApbDtUt8uE
z-~27I!DIH181-||XJZ3GIpK6X7{~?x07HRb4gd!iCy<@z-;Mk5ux|yAGLAn5emiqJ
z69;RUxfRI75oTx3YHZ>H0<*D0ScRR<oE@D&Y;0gKHwW;MleN`f_Xyyh^|)rie=O6#
z(Sse#1BBD?98ex01Pb5rfq`&({<~KHPwN5sMUS5|Cw`{~2Ro1p0EN2)!UKSEumL&X
zXYh>~_Z6xCZ*9Zi?zr0R0L^S|;rmmdk*zhz4s^XIWBu+73z!QGWbWwbY~lzqHgSS`
zNyyw-0K&%kS64uPQQ<0v{sUKlxwwE(0E7*4wT<L}Z~&nk00=uLkmo-cQ8q5dKpXg|
zf~(;IGIDWr1R9xI3)#TmA_VAM;M-PP2LW0zx3C7U97tI7>OW^*1&}DO5=fd?6eJ8k
z7Uxw`6a}fs@hVDyR7BwyMa7ihm(|306~sWID!lR_>8t;QRe0rS!94Ib9US3XS^@B1
zjll7X5q{n_{Kk*pjR59hyBdcO9{6zl!y^BI8~<Nq1I}M;@Y@Z^-&UFb@y^Hj_tt%u
z@2^q+^70Q~pssepzu!Uq{MyI!mu>#_qd$i3-y+pNU;clH_}eJJ%Fh08zx(|X2Y9%l
z|9qeOYaHN$Yx2jtALno0{doSe&ArZy`bG1rEUJH=`1EH=)1PThKa!h35?t^>{oNVd
z0LUNv0+6_ylccH>JQD~WaU@m2-0-dV^*!)o9sv9=+<EZV!T%sF3Ucju0OYzk_@ugO
z2|k_vX$lnhI-lyllmo@}%MAE==kxcIpr8=W>&4>-X5yBTs$*?C#~u9*o&@FHf*ANk
zlqEDv?-(rDk!tKxjzXukb|h&0#h0bnI+bsWTspja|MTlKD#qXq(}rWV9;X^H!q83+
z_o5KOHT{m+nzeMz=El2Ao&L2?n(^ZG^_zJw6Hpj^*$DL~U+YWbzJ01fQ`XZ)C8fH1
z$QO2c%GB3seSD_QU~@R!c7A?(SZo`rUsL6#m1Yups3L(r3K||?wkae$EY}Ju(M#(L
zO>1%)6F%V9Rg2gH>p?FdrYQGRMuVKna_c-BUM%@|(S^#>yBsi2G<!XJ=vW~~c!;T5
z??vc#u(a`Bg)S6y@-0+LrcO&}@iDVttk^a(t7b@EJCmYy-R$UgeQvthXco<ejOx>z
zOr4j`qWWU~HCy{76mE62Ugn&y!ZA4sxU+}1r|u&$dHTj$P^ADp=3i@li#R!3KP<+k
zv6gy5wNe>`lvwe+nbk$C!1G3CFCk^?UYVJ>&DT7pvel+8hL4f+le0ygs)STQ2bdN0
zRohQ-h7UFPVG!3Tl8aB<7T&ua&47Tlt&ern^LT5fYe4P!Fv%NJXRfBRXx>eeWK*_o
z91%FnP_(@s0zX9q`=px|bd`!7LmNoxSyB4D1Qg6s>QXbXX$rnD7HqI+ysN+?zh?nG
zoebqA)4(clP%^UPeB~#Xk+*4qE)fm60|^y_5Ftuwr$y<QHe60?U2nJMB@QI)r^+He
zOr+%bI=B>qul*9HYMre33BiH}D}^$?VxeFRD&k-^rNpdDdUMK|Sy9EyR>I5NRb4&X
zjcqI6ZA+Bgw%ao%O^-4tJS&W0_gk^Hr9Zmk<f#JnrqrB5R%ED`)wWUR`%Vh<CzgpH
zfYTV)O{XW8am^ApD$bwb?obyVQa{mp!nR<JW9c@yG0w^TIfUc2;T935Kf^wljmHw#
z)zG=FEh%IF{&MT|q^%Za(@1vn>ymFiRbUtYhP^HfVuG!jTYBoNroM?Y$DZB|IfW-t
zS}IVkv_V=DzuXr>Y<cI_rxGu824EB_HW9?)2{&QJSZlV>bBI)<4s3bGrt+O2lPSfm
zdV;S9Zo9XA?2!-~a`Vg{!`$P1<8dcBW{Zb!W<h)I#8dYqYkw+LnS3}F&Q;Y;ycJGp
zkooBKxJ&M?Rp6vD6Lxf)uG!GoY4^diqe89QDhg)N@BE^2*dBQLBBkEp$!TMvd@TEr
zivLoKe31ccc1FyeX*k$X<vLl2X6S679Ylm%`5EwL9ky)MFB#43Ud1YygvPlb6dHo8
zcKnrvV#YqD0?F>C7v}!k2dzq(YtE8kU*Z!#E(d*~bH^PCq~ji)m4EZbq~z9kSh#<h
zzg6iDs*aIBOe)%gO~}RA*kdx1M<;~IW{)w>Wr{N@v6%IFPNHKmN)aW>Y;fF{l4i<n
zp;Xe1O{)G*18;LbuLwsO#5#0a<oLhi<Z3ck#>MXqmMvfig1B1gxJHl|fXOgUH!FEm
z&cC*M^bfWNr2@WL22~OY-9D-&?OEpu^C?L7+Noa7n}->`@oylF^^FSY67pK@p<_d|
zE6743#}XBNDHKErGK_=~;sc2Ts=KzwxnZ|&s(-cGMIBNHlDe553|2_sB9iljx}7rO
zFGfL**28gz<vnNbtrf$NL5wn1;m&o&Hyk34Uug_D6cY&Oyx7cky+^*+pC9n*qk>V7
z)#y9c?V`DslS?uDT3mJCt@7Q<H+RohVSs#$cAY*dqndrmZC??4N~G9^eJtJ{d!M9q
z{98s?84K3uBR5VGnrKdgRMPIvT;5fwiEnr5tq+b#6Ic8|#bY@y{|4Brg2#E|t!M<j
zv}*MUBL(>yOevlui$^$wwe<7@<bzx}rJ^Q#X{#%F$aBGDb{G7vLe%HUGFpWIm4KGl
zvx5#OH)!bRZ<fYrz_?~flpjd;#hE{B4Z2@iE`qPC*dyIf_ZHjfoC*b{2>C+U9g~h5
z)rcW~jO~7x$pBQ2A?aho{EiGe(EhjwCo)1XAh~z(#fnikanNh*<s|LB<bV|Ey#)1v
z+%LFD#weE!2nL5bK?6Q4WxUy*a@gj_9}Ge|1scZV-e2B%{OFEn4==Z3@zbY%ck_|f
z*IVQl{g+|gU5D7Qh-6jtA7yPPhcPI4T&=A_WWEI!tcR6FT9)h9mitr)Cx4vKwUs7$
zZ0?4vRm6(yY3^a06A|kNAY*)DY;8$T88KS2TPS%eBzwSAgsh)Bb<kEI-+N?h=#ZS0
z%JoAyEem!ODW9beMG;#&4|NIgXvL<Je>a3jQ#fuIr6p;_eEl{@*c#a+Z(b*c;-V~d
zII?O;jMTuu_=I1I!Atom<hf{oGEiNpCtHluzT2V6zlvv_A)oeTs)nqKyz^SNHVp=;
z;)CWMMse5f4JIi@K`U7Mm^Jm#!V_ZXrBj??Thy)`%{+kYqc@9!kx(2Za^(7ytcGvV
zlg*8?`W09_hwXc|321ZAtBS|RmTb}CB1!LTcwA{;)Cm(!D46oS%zGbj1i(pC#8#Ip
z+QPG061)Gd3!G7c_NDX-gU;$sR_Kis(=D?vn+)zNCgP=Th%?;7O<c2`Q_<+ex=&fq
zI&Vdb26kSYEote^g~ci(AuM@wq>OsJaThxfbDq?x>R;?mp?wn)=`Z}E-YDH_ha$U^
z3?X{%W?<Qr!-oQI^YKrj@=L;Zv}!otEeA>|P3`MolaM-^f`h%?Q*O<_j}$w>p^us^
zde-gLtCeLebDO8(Ing^0YB3r{qxd0~FyD(+4Q?jaKHU7QwhW~&S`)HT5_zJ$rB4O*
zK)E*z$b5K@W?Hu8#l`>%3M&sru|f^2rF1t$?#_~1)&TF~j!1<aJ?AjYCdBaM+^;M(
zexDFWna6=hR$Z%OfaWCm0xa!266er8b2$W|mhAzXRxBb|;yt~KviteQ=@MmRVxkek
z6il;+-Lt@^krMy&J3Q$T(K^f1ST@slso|;5Zs;giDUpf1!**tKLC<e-dZq7)rjfob
zbMKadPlIfPBA)r=<ZCD10q+ws4wCmoZk*C22^LYGBsP01FD)BT3C~Fa<bu>R>UT(v
zF@3@>Ggfd`#a0GQTPD@`ZSO(bHj0oBF$p1~i0JD0k-;3Qb00jq2M%L<#!*ccM3LoH
zKi70B=~_tdkHQwUlj}FT^hw2Auw>jmfet0?Ssjq0`tBcN*?Q?DNpw-Sy>eZ#$Iryy
zuu2=uqq5wb3dy?-ozk6kIv!}r(bOW30k%TTjl_?oKE8Lh94a_MCl!22g^Cy$CENFT
zm$7F!{>@8!xreA*+{xp&7wH1d!myH9_qrW4Fg7}zd+|za{RWZ9E`2tdRoOp0JjUj-
z)ove>@9}C2QMDSJa3w<9ewXXSwLM|1{Dw<5*!ztlp6){>E!RN3*_Vkaqk|*?-!>c0
zyTeK<4?mmu-v);tC*FiXyUv>53B4}K$Yj|?+2-5oyMs^X{|fKL@cs~4%|m7dDtW{q
zB_~Kun)RFc9UgPXPU;%n0#z)Dl0*T5{Ifj@w_PiJg$Cu7B@FskiT4Gb;kV<ztb6q^
zgILWTb!Mkl-)0!=xCh^(fNu6NNuRolecmU?<EQp<BWorO-sz`I7^2RU?Y+gZIos?0
z&*ztQ8A91!fE#=0L?0!+pg1AOOCMDt_A(BE`E}n_X?iF6q2YocsNQh-Zl~<a_0|1l
z5hmG4FZyj!;?*<N01r~aA#`$drgh0iQ<(%@iKN`+)U?&|tmuAk%l<f6HVVf&O=A!T
za--2|xIr`{=q2)lI5xM}3NBUDC>F9NyP;%?2ai#9<P_9|){a=8j<L?hVzbfmsQ460
zuzYhDmvKJyg|Zmtni(<h9H?#T^rtc7j_tMU#e#U0RzrKonAX93M~~jr(VWgv*=wg1
zoz*T06XD9RYvVFFy{?dg8(s7BQ=t|U51DjQW6{&gPcfH!sUzZz1y8=j>>W`#eQH+X
z9aLC<#vFU2Zn*QY`Ivc#`Z9zRw;?BX=jdjxj4wmdTgX<+5WXf~OtQ{ea7x@)E?d8_
zpxat@4G+2e>B}rSiXIVl7_~nONc@O?+_;2WBb%DHZYKJnR{V=nmRS6~4-z)f+x1gj
zd~Y)iGmAG3O1eF4dV5K1)$pkf6XF-JCd>rDG-1&Y5j_AEE@f(_9x0V{-TTa9WU^j4
zm+T5Ayl<vGUlyLbW$jL+iXhr-K<TpBB*F%WEoFOrWp>D3dtlTWHBd;G`Krsna7f8U
zl7`VfJ)ES%iWOJFvmaraOynp{)et)Y$JtZ@o?%%m3c1W^!D28Z)v<C}QYXD=`bx3b
z!`=kabtXt_RYgyGbB3E!MKP-9fzb;F>O}MTB&$1Rf_Y?!Vnn_Hmh)-`)gQ#bMnf;&
z3G4QGvAh~C_tb5m=kyr0vQA><jL{($1=b5v?J<CSYPk)}8S-2FUyw907bNcY@?kHJ
z)2?y=RA%OgL%$d?p#wAdPnbTd_!pdTkA-tm<f?c(X)|>mMlNf+ZX~8i<98^`D&^V1
z#)uz3+yE;o!MEfs+T;zszLv<nR(#pXW`0T=^_vOu&pG5C-i76#XE?qQ8ilz;W9z?H
zp*%>ZK_;LVPO39%Sj+rmWHmf_F>r%4rEb33tgA{5r1-duPw19~n0<iCw`MGkZ?p5&
zmfQUrYZ<l039Qxg{kKBml7J_Omz|7L)FO9ZPPLP3D$46CGmy&?>P+|}P}t#iX{4?1
zN}F#qj&&z}KDc>E@IkU9b|JX@PBFo4&$PocFFo&_HEMc!=`~}^hq0`LicP3~LXdTZ
zkx7&7Mpm2>O<u_P7TzuH&F8BHGaisNqN=&JRG<FBLM+_DXj}X<w3C}ED|fU-r#YOv
zsY;()>s-n&`fMksS7PvrgI&AzGI0@Jm1_E2L`l#w(2&<Tzal7{4$((o?+PK2YVJ0X
z&meBv!wrg%d{~phYFfE9_Bi_Hm=p)r+tE~xCM%wS-J~WWeC0kmNc;iG_AA_yWj>=f
zLjvlx^dFz6>iQiG4p1Kuq$HlD;Vgvj>&v0rKO2IQ!USA0JalMrBi^HU4s7{g)~w7}
zn}@=b%Hm7>_DR|jU7wJJT>_WhdLTX~Yr5CpE_r}5r&FzIGHGj}|FVZ*&3)+k%4AKu
zs*k_i3F2WhIZMfjUfahq$%WO{<a$5idr2|sddm;e@TiPgyc<7KE;qa6(ar6#GI@?D
zL|J(S_MUqqBZVr`_7Tj>l+oOBj{lbTexAc<%VkG7yJ?!x?7hp^cgiK9H^D8Tk@O1p
zhsewVd1>57Mb&PYb7PRjTRUZ>MQ7TPInEPB+znrm($9?9?;IBTh#XFnziF+|;ka}%
z5=^+15@`E@<`jsM>pY8De9yJox_+U}g6nWZbbjNjA|a+@k?^R8eBS3k3uRK|LZ|q{
zdipl*7h}9efqX!-F;a7iM!m`8C8`@9sRME5gqQDhRQqoTziA{ZI_MRxSvG!=1@YF=
zg+0ls?WR4Om)UuJ;-J9fhDFyc14hbPbSaE5J$X#$pc6ZvH9c`^x4J*a2}$c4noN9N
zj<4{fZKb9&(bdY^#~V`prBB!KL!4u#LiVdRPr+}K4|O|^+%&oJf}o#rFPMYAJc*37
zAzuGXbIAkUIsLMv_)uSDfWehC&oeR@`x{O5O69W{=dSws&cJvSq|<n!!;Vilxs2cl
z|EyKRo4#^{;+*5+*bKT7=4wz)UQhF~^|M7qKdk%PPm2SB&Q<*unlBIHGp8JfJH7kn
z)|j1VhXVz{20^{$=iPUL;@@!{tGsP;e2z_|=w}SyAH&)Q5wL6M+57S<aD+9oP(r{C
zL`*f&=TD1JtZ;vuO>zwx{Q_704OIe($b%GY;jDrc$O!gpBEdDd^iQ7>75??9YY6L?
zr>+_MAE53PO!&L}ga5%<{b1XFlYapDPU!!ffN+gS{fs1C-*YVlJQ3p>z56)>;rhxC
z5&xQj@LiN20{`!4AV97&46ZTBKe15&oLBjgf$#^2_h*X4^%Fk?{NKtzxbEdgOaBH$
zdsTe+-^j}O1)2Rn!O&f!nm-i&;lrO9Iyec$31<(u-~<<(3xYs_@F$>bQ253F8kb-M
zvodmq7jN1+{38N{`<DUxTdw=>f&bh;f&cKd9jkvC?1y~EZhsH<|CBDl^OvNU>nDHM
z^&bzUYl;5x_~BvW_$jN4{g<pR@J|^mQ0Pw#FPM{);~ydWawf2=G&cYQ@<)Of^g9vo
z2iXgM8V>Tq*?2HKNeG^a1<z&q#RETc*}oY$S4<)YfE!Nb!U1p&PPQv%mz@n>#m)5}
zjGKRfN;I~0wXw2=8UKw<yk_aXbB%ER3&_T5d`0AWnA_1A!Qc!VoxK3HHO$h)=n=e5
z+{E#(gd5K<+Wr$F`@6PqEji(N8SsohAQWDzeXaZdN3>=CB@yeog#DM%`|t8KKNy*x
zS(-mNoIeWM|1%;6Zd!OGfUia0Kd$2foUHzSc1;8QE3^#sdszJMl%}))l2Lfw^bhO(
z173y;a-C%GCodDLV`)3vH+sd(z`UuDRd6A5t8b((+M-g&@Z}Yi8nyyIT-;ZEF_@I8
z9vu>K>1k#Pn#-*$_wl`>Jg#SEmga71IymnM+g@n?+IZ&F+qUm`wB*n!IM?WP_{FG=
z8@nyxy_H_`GK=3OcfS};NP-CrH;1v|^xK(w&zGHaICW!4SxHFTP}l?%D?NYevJVGX
zN(>ly9(ozn@?#jfa=V3HOzRzs7BjY;S~LN_sUHuT60@eon~nN}ooru3cZVh|tsLsd
ztuOmjm^2l9`E1eK-q~LIwP}FxWh<!tiJ?I3qPvpV7qxeJcx(^R-iVU&2LxhJpt<$z
z!W<i(-z5l?NNFlr`h1V@?nWGH)c|3#ygI=MOItjt-uNh38%4mPNHTXp7OOvBv#nxA
zD@QoGwiq*x^yZ$m_l3rBX{3iX3)75ey@564`Qe`2$R5$TN;pPyIDp@~jgLQy*BegN
zq!kC-z+r_|?Q$YXtzGKPm9Kj&dTegUB%MnKWnz`Lt68@*a0jA#y^^Q5YwzLHT$~_j
zFc0sgUurotosbCLUWjXQly#51`vq}pu(WuXxr>ElF%EN}QgCn&a92j2UN^!^W-?XS
zOK<Yk7yY~GypgkPan}7^Uz3I`(M6ag)mAsWnt%fMiYtKr_nF~+Vx*C%*p6B_vSSQE
zhIOeBEyINU7cS~)bOb|V0J&7y6O~>pXJm0#&D}#!qCEGWiUWQxioJIsg3<kvYn|?h
zLIKJ>p`rT~DEj&-E6B}llLt&PC8Y#S%i=_PN(Pdoi{~#?m&I{A{43Hr6BRi`aX$pl
z#<8Ta#NMDr@$?kO+u1zf52U3NBc~aaGfa^c&PcGE?7W3SCA792c{BUN%4uR;PS2|1
zy5x&#X)qp7V^Z&@f-`Z+anO(tf9g0Wy3h4-{T^)@q-QuGN296m>trXbi0)-jV2!#|
zNZvGMqyYQ*?#7v6Z%pUiC*L~0sUF#);#qEj0a>v+E%jZlJE(G9?|I&!-JS}RF|3J2
zyRDO{m_YW?BebGCkA!0M4nI;J&f6~r7Xn|oPLh~AVzAS+v!LkFcQo-$V3ETb2kYC<
zzEUhyVTv>k4|h;9$S%2vDZV>!=J0uB-g*J?KzD!$%vQ5K49<FGF@<O;5iKa4@F07(
zIQ@C{x_yM6P<{k2o^Z~4srOhMVbcJN73n)`3C5CZ^=Bkr&9wn^lls7&cZ2#*T3E8U
zQSP|LWyj(2`LUYvr+sE9a78Q;Whf^^0k*h`Yu~)2GjBa>5VgJBWmb6OAr|r0H)zSP
zOTuIE(P(De!->-NGOL+Z`m*QQ9WQ(Jr)2l2PCMQhcSR_6?0;UCa2HYwPU=B=X;r8&
ztH{r^Nv)nQIUugvw%=j)ftBom-Slk!CYGH)(lY@|N4gMNyZa>V!LK4Y$60{|K;&|l
zi6uViSPPupXPZ`vB9pV_5D^*d`!M|cM<n5ob_B>+1$tLH)FZOR=l~s0+wxuQ;!cEE
zmkUX&^}fpb3?#POeqb*hVsn_ystm|(A<Ta3c!@EVHsE#3LPPH+6>`<!&Cj1FUvoZn
z3KUP3-UB4}u6|w?TE%`Fvlw3enr$0PW2&$ASyPP2t&Ik%@@<Up^A>tFJbcPFrDmPJ
zyVxTPx${uDDpBW*d1uMZm!!#()5*oSpAp=F!3=qwv^Vt0i3lipz0HjzaWrvqrsRty
zA104W>c8d|Nf9(hd}fTxBOe>FdxlOPbf^1vR#LqYGX(JtqPcs#evYtx(vxMjl-GGW
zGM~GVUIiMQlhr`TeM>f<sdw3b>g()cM$x>FtTp{Ab`9_@QYvSeH9<8~JFgWZLyCv-
zM42a5^tK3ZI#p-H9{yeXao)uO{{)Q_=iSfQ+8BvQl+=T#=0q+;g_H*u!jjpU;fimX
zAbm(*<ZdFmp?=yEO#yurUIw15*<n?4aBcDJS%e>E*M%n5*@h)9f2F?9h(?|h+@K8-
z^3A|ERL!@>WLWp@30m`JI5$#U9*JHS?%=+e2Jjj|Kv6(@eGkPzBkC^g0&z16lhU1&
zQRc}d#8($WPfBDeGlhJUB9YH;olHL6755Y2Jlm7aMfyhA!T7G|Y@ePVU^r@<ksNvN
z_T}6oFL6ob=BRb-Sob>eetWLPz4@Tr6dzKD1^y#Upo^GBv6t^rdauue)h^_Afc-R^
zlf_^|w4X9#y9PDyQgz#&`P@R|5z6j8D!h>?CDIy6EHAcczM%Y)FAFW;e1BbE#onOK
zw|z2(&CO8D$nt0z4~&Ws(c5v#{2y3ahrZaOShMq=RUgcF0DZKks0)HZ7K<!gnGhuO
zN9VMpd-gQl&dmawY+vBZrlI442IymR98RM5R69Ner4E9{^Tk?l7nM_{Ejv<#qf^s6
zRb}pXRen^KXgXo<zv~CXc&)ic`ZS=F*w;XY)nIv1)F;#N#gmqTvlPdW#9{Okj)okZ
zdmeqeF+2RKswRx`{uh)5c>o>x(6CG+i^IF8(v+?#Cc-JaI!BMiT0)<=_z5RCxF1B2
z=yS;_<svK0^C==wrZ&*@%I!Qv&HKF7gCT+Q_T+*L+n1<R0Yz=m=!gJ`s|PZ>5SywZ
zQ*9G~MmEO=WqKQh+t?>F-(Pzp5iHs!`9KO+u>6>C$&bTjFFG-ysl?@m7_L29Vq#i=
z=ft_r?Kxi?5i-dTd<OBaWLt}ga)^@oQ*lHLh2N~@*L5B^-0E4suVITAwtXjZ(lWr5
zz=CA+Gfa|55KP?7n>f{#d`~j-BPnB@1FZS;Ch{QnrUz-|(XBV)SRN3PWw!uM{u{cr
zD2x1=boNgt1$EJsKEl}Yx3tA@a|}8Ck_&j)$r51-{p26t_#tOHgn$+421(d56HF*x
zm#7hfh1L!(@az$q+E)6YkdN3}-uegyr5ySuXfaeg2+bJ-X}9mCj-`C;d<}iXPpK_;
z-}HeLsVEK~dtE&BrTtBwQp}*{b%f!-q6v1@;52Qrw>k@TEko>eA21{fzdStK2_@M0
z%35?>F;VZZvr4nfFh{b*YROw_r5NZp(!2gFAcMzvVa|Is2Ewc(5pG>DBdL`-;qiL#
zhSKzk%8?3+LL@OMgd>PKy6v_WmF!`4fB{t%Y4KjvebtYQZ~F51l5Zm!oC$a3pdH<3
zGQLp=er8aZ(eZ)Pq|eG~V~Le^>Jv$fopYXpE%w_pnZCyuD2zAMij-Q_BM~0K>+O@r
z#rk5!<XQ&$qBfLhOCDg+KTTcKRFK?6aHsi_+j$Q~6XkivV<A@x$1+2aR7;_810vv<
zPdVDeooq5ry2n#SgCnTRZ(cA2kEZk9d7^`(rTWDiEUt&NsExbHy501!PqocAO<`_X
zr0Lu+02OA&X4?uulwvt|pzPk&^*w(8DU}x@IM<-i7`GS~Ot}bX_;%9jQY<hVS5O;5
z;L|j!ce`(JRBfS50~HtY<Tx)-70orZ)5q(?=q-2uG4BhlR1T~viUNSPEhqTGy(2Pv
z`o5rId<Uw8A$>5#FllkkDEhaT9mwfl{CIqx3t+Glh@wk;xHqv&l;~USSg6+LL-V2D
zB}zv-^ia+4Db-$POWr%w@F9HvLgl(?EmTciTJ1@a^2g8dW^gNtM@5X3&;;F<1A!LA
zdUSWHk;qdXl)Jwdq`-B)8CA>n#iGW)4D;!_BtS+F75$|o_j^7htJIo=`?z&u{oT=Z
zL5movc{JoxdR(09!8-Y3?~<0*#XzY;dNVz&KxONZ#4UgH8&tA8dVXX6Ee5K~%F$SE
z+L||C>JGRBD$pNA0{MJa=C-(KUBWj4L9m2d;!9YcK;pQ;b~A|dfP$~3Xj3(v&bqP<
zNz2a$-pBX%=0eDpdeX30N3m4p#~<7*6B(0x`7ph0Wbygf+<HUpM$tES*&>=^GlT$x
zLH_R5rN)F<yoye(Sm&%}%9o&+9I&i$#w#9{N!E2uKu(WKYbj0cyXFUn>*xgZ`b<C;
zp3;zb7~%f&M(!xcQg?{rD9`im6>UbH+Y1L6VeM?fdgST*YNp6LqEBcn$eU{n_hS6W
zg%i*#r=sdTk1%%;v`c2>PTi}g52@e3TUYl)$DEcyMP7*8><Z)Jx{2N3B{N&^J#Zd^
zAQZ`67RwSA2`Sj*Gnp?;I}`J!>1t$U9$ntOY|4{WLn1MG5mHR{ygh46-8pbT-%-ex
z@rCTeGBY7^f<0A>%&0{ztkcs6pE^C>Kkum~Z@@bq%NlR$DJ9;IqqT996hn}zMND>D
z3KiS=0^i{EyPH2=ezErmze~7G-{$01aSw6*p}C9VyeODl-EO4hbD<^XBRmkekW0Pd
z5pTV#pZP3@o*>ni$#cEW^|#V$I&+gGV^R|EDCoykc0K$i(ee3v@E#9Kh0(rxHYj+q
zlZ=E4oU_q;xh5WIUt{e{Okyn8L<H%Udp%~7Hbog2R!JDq5>J->Sb2!eGCekcl=^v$
z%ZvNj3@)>VK2;_8e(`tF#T06i<;sE8V7Ulh-1iuV9+zjB$8O<|I5+I6gA~{iqq^>x
z&h;=Tv+HzZZy>~&JB28yovU{H){unErG|`q31PZcrw7W?Nej2+*pfV%RMVnczR`i4
zr|PRfWm6A2_&O1ZBFEh!$&^Jr6H+l>BZ;D*R%?A>ER|8sXRXtRqgLLh+h1zEZG+*z
zgGFyKsPV<POchby(v7U|lW;wENPTV~f7UDZQf)r-N=n@uBg;k4C!Komrtk9<hTNP|
zns3Q@^qJyQsAYWtC3QS(lSGa~>BX5fg4B-F!i`NDNc@xvQ*1dI9okafJbOaHn^)Sh
zNFEVDTm;3r_inEnB&0>m%(#x$CcwOW4X-e;S^9UJ2Jg@`D@^Kr45j;m<?y2De%1{1
zm2IH?LqMvl#Mc-u>h7q*$6U1$#Jiay@r^^YfLgqnixLK3<L<)50|S%U0z`x&h*J8n
zQ??~-gkvO(pb*nyAjV^iv6(IvaLX8I_$7|cf%%QSG@haQ#Djd#{!x-RiD3MKck+2?
zo=!K-H9B<N3zTlOK5ToN>#~N!@~ODX$OvqB)7?|PPVvL7`2t0Bp_@`~B^gxRh8f<^
z)+M>6Aa}6)^YsMRaH@vW%H-2qJepoGymzb+MW*q2|21Ew)s`R%+EhIqr5Lh5+a^=5
zlO?<i`0X5ng49lv^=7f7L+wfHzEeHq6RX!EeO%`4iF-NfY?AM+m}-=lt05*DeBG}W
zN%t#b+Vf%Qa(L$QPrb@oF(@^S4BL>iqrHpj7tIN%%1t}Ws&7Tm-_j{;a8b)JBwOOw
zrkWJDe!0~Q`=X9jM5JQv{>ZE4*-<*)3rYT)!)^EPL}b#1-ybR@&ZRqY*3Rt5L>ch<
zY+-sjo7rmiLE*;IxaQXAd}|(8XwJPfvCAUs4V$9Mr4)P;GMQBcF7IkjYd&=flIP%h
zFSG5z&^tW&MTPIw@({Zihsg>?u<*U=y%BgLo=PD;@ysdD8xmjXyb-JaQhJ(v%WZMi
z5Q-`R;$19zb|>`k*4?oDw~%!}>kHbKc5&k?ljzJ+qsO#9IBAGLNJQQY^YF{<DAjlP
zXKZrB%q@8XRjGpkl%!2<gB|RGZ>nq@`$Fe80#fVdVhb`SpPygMKYQ$Y+1kHm3bNr0
z27;0`>2BGQM(S6y$FAqs-sJfd;{-eIUvJ|bI3G`TDsDv`$2xgYz(qNaWZIX$KF^%k
z7Z&@(e-s6cMu17aFnn+5!QD@wFd8r=Re}Q#7?&hia#eEJ*dfA4jX2I`9Zh-KXbEja
zImMn_<%_-Cf_yOzVjTOOiD&HXxUC`FQVyZkUR~l$aU&D&$!M*Ek1S&2xR4}}M)NYn
zlLl<k+2fV42VT@nd_mAAP(sadZYX0668QGw!!|?1e4iW-Z#@UCb)J=d{?emOvf3zd
zVb)pJM}fDsZ84a4CW5JnFRdeKdN%Xub$MGKRR_Jdkp!jEz``|`HwgwosgDi?T_z}Z
znDZMN<vy)Ptvb~iY>3m8NPS38I{Da}4G2!vbFfU82%vq`QNnQ+NkR7_2cqgVk5wau
zG)OB+EHawQl*Nc$)HasvH>{w|ztqYi(^TIjcvoLg8$%?I)g)D;%hH)gs;VIuU-i)7
zeSF>2`V3xcMB|G1RG{EDR!IDMZ4*p}_mwZp9G}6M0OJ<=X$TcnYrpSV7HCMxPa<~t
zm3`@5qOa1`YH!Z~dh3DqdWBxWulK3^+8y!^%MIAV;j7ep6ytnS=8KCEPuKHB3TS~P
zs*u`rwz#YI@#?GTofCc}pVNh|jSN2q%q&~y2lwbd-lxF3ED3J^hP^wwG4@*;>>6nM
zfn)s!;)OsVK%T4W9UdUOFz64AmxCJ$g#ITO@Bb_g`J;5?8v4B|A8~ZC0l|Ns6J9WE
zY-{9vRXhs2F8{rTc%fJ2B&<fZ4koN{u$R@r#L5I-;>`;GK}!=ypp%=^U*TQ$UkZG#
z!Nh-{>UVsXg9Bbw0xyh#f`M>~@Vnms0lxcxTGL-jfS^B@P5j2G>=3v&dEk{Z+}9ON
z-+}w@ivI_y{tLkUuQfnd*gQKNn}-(y(HYrVIog>R2}q04g4wP(6!^zgYQM81{6NXU
z+|~hJaScC|hnJi?I@#J>eJ^TjZ3jQHae^N!y4sjHz&}-;t*v1W?sR{zzKH#o0;6jr
z`JWF3FuY_94rBjepKELVUu&OVYLDRcdjGHh>yN3z#s!2|eXw(J1G&KP%DyXW{a<UJ
zU+R*sfA{yt__=2O{$1|mZ$I}7Uuv$o?%$Cp{~33}am{+b{c+8faD1mwIIbxaxOe_(
zEerIITAKgL@A<O-Qp|GQ^bfQBebNLBFSWcP=Kds2!n9^>X1fSIxfY)iEjC8_3oJ*9
zs$jgW3|_%E$4#N)P@sqwlq-npd=Pglx_rayV%id0JPKM!6mU!LV>!t3^_u|0qXxGN
zkE8XCmB+Y^?$q;dn(?-6hK5Zk3^QL~RMu*zr8DA=q~nzlnn(81;Bp<WnR(ZC4ujUr
z^cy2&mo8~-yaa?A@}{+x*yvHspV-dd-R^CE-iUk&K63H;fGV`_P%qnv`F{0t>gzYR
zbf<#})QMy`wqJ8sHK0|=eHHy2Tj-g~zx$zEl3GSNida##Kc`R*SwXGpP<4C0c|1)k
zu}^a;hX6*@^T?o!%k2?v&>;KmnO8Ob!dj7oE0X@Nsb2fMccCQTtz|>3IV{Q;jb$jZ
zFxy?s+D<6Y*pjK$H_Gg68JR}rh_-nJ=7~^1_8?_QQo--^txe|ZZ>7@w982(RuHv%g
zvL2ceVQub+bmueTvDI#uCe#<GYKsT+>!TTa<~RE(uI&+5HPpE*Q+5umLN7E-9B_mv
zVMjw8aO~A~S)FGUCl1`CTbtUSWlbJSSbpmiSh?RXGp=PR4#F@UM^sGzbm+Tq^Qj4W
z>evEXM$ERZco(hJoIeBSX%dhPsU@GQ4ARi$_R`jU-I9}aBSGS*)IK)_B|ME@h5q7(
zXPZ+yWx;gT9+&>Dv|Bcdl-p04X4W4LwU0gk-qNW5_P<zr3#hn)ZCjM!?gWS64vlLd
zxVyW%yF-xR?rx1+aCdhI?(P!Y?US5$?mhQidE>qDM|Y3zy?5!T+PiD6nrp5dI`wyM
zym!i1$VsFLvymdY6aPB|?azHRYMS!2>1l0N)n!g-oq;{3?mYk}M9IP=Em+<5cY014
z&IpcWr6o9?oUf1t)!Mk7!=mHrKum*QNpSK#tJ>On^w)yRsWJnf`nF>bG*yHtO2Z)m
zkd(WC%rJA*VKH__2=MF%RtjUH&w!djiy{!cjbm(HWJP;G1(n_M8KNy+a2<{zWR111
zoIY)M+~+b7@@moP#cdp#1`sqjxKjxH(@RfSUTn2iSeqR(SdVlL5yNS95cv(-XE_;^
z)+j@4kykk_nW)TB4o`vxpS`=QDu!caN#2>zDXCkV{%ITe6!J!vX!k`M3&6sflVcd5
zy-`B&v+uc9h;)C*r|nGr$(613L^8)9j)yLisAhJx(SnDnpdl39eG+0B_KER>W<;P^
zp1#Zsy!Yc=_61oOT57+yZc8lMLUv`~Atm&jJn~wM0{awHN0U0f90(+A8$lyeh6pj!
zDd&>dq&!zF|MbRb$Crq8uDB?eF@_^;>d34LW-5m1l%;xZ7h7mz*4zzc0iWVfgk*Zy
z?!7LIpUvECB}r%6wU{P;zl7Ih*e!oafZa&2j8vg@=WS2TuU?{vci2CDA9EA>(uBuu
z^}`R6YW|_5+e%b3nzgmT#J*I+AHCaxi|5`PYOJFB#)o}pp<sAnH3VW9um}}2cK(eV
z5(ppfsqC2k`;tz)j>5-zR=Zc_+k2*sxV9PSVm_?$GW)tS&2JJSlTi>GB|Rw$6uFm-
z+!~OreLU?}KbpSzrX|GsQDmE=6s2kGe1(Oi1^xtbTb=w`gS7Ies4pelgOg~p;s!1N
zQx7xp=LY;=4L%lTQXF)NQ3@%>#j;?O6A2MWJw{V&mFwE}G3QAAb#~3t+5rYS>{j43
zX^mo|a}XM8iXx9;p*2QJV_>1rOF2KZaWa_a$M#o?HfL&@3fi%(qKGrOVz#Zx)_0<m
z#c@Fgd((x1>AaZl({r62yhFirU=<B~Y`NOb-9rp`EpV=8i%b}*7?{j8q7KC_;BE>*
z{X)Fz3{FYOtXf{fZkK-Q#UPxOGId-yBj+IZEqmGzhJ@<k3*68#tZx452J$?==Ogdu
zLqSF>ve7}GN3<&wTill{&f+aRB)Ub^zw9)fpAFNa-%V7f;q(r1vPBVRSU=#=2x7oy
zOc6gt#!DqM8p`rri{CT1>1cclyn%ECK~|PN_QR^ktz9d=^|cx=bpGNo%+I4zB83C>
zfQ>t@Iw7a@U6Q`%4HlDGpdTJt-*4=!OTuUnpYa6MRa%hB7KSq=X5+JB2id2IPxz9B
zw`md&Ak(<dXCQK>GbCx#1FK--sI3;~MPMOVrBMMeEPOhz=N`w!2)v;>CW>Ogc`Rqq
z#=nuE<6$v>p_7|S6zeod3I+S(-wzI`@#JbNXc-kvm5Z_{=L@Eqyppx%aDn>!p^heG
zWKJ?t#F$e`c=|NF=;L`^HU-V7Q!2B4UonqiOk@o9ry@mH6QX}toD;Q|T<VZ2zUh|u
zeJ#q&nIHRUfT|?~@#HF=^J^-8j$CR*^iL8r?D^`5naWFwshk6*@F&B28t&8WGrPFZ
z>(d{Sih~F{Z)!GtG9@VepPNe_1G!(A9Hrd9D8JO45laW>`I(Q$)-YfdDE5#4GVz8D
z8iuB2A+j`^A%$oC<(3jgDWAd&*}G$M1P&Q5RCrly8{KL5Zd3%q!u#H0^Il!*@&)4t
z_`caqbMrHV03sL^UAO(b>e8zZD}%MB<Ld@cZyEs%abGqIj<;=8^D~0|AY5M81ZI~B
zVwlx{1!bWlWQUp!MKhf~3!yZRU-EZ__}f7Z>hhA(u)~OSBL*#Q(lf04!8dCHb;qvG
zR5SsM((WE2pDuw(7&NZzDe)v+e*1@-OT)n8?*;LSDdPixG7R)<@C5Sc9u3Qom@M2K
zIlga#zztxp*)4uunI7oxiP`x9hIM66v!BvY*D}x6n^@)hEBj@N8|g|ZLx3Zji~eT>
zfe13c=a+j5OQ!id-|ds5lk<d79PSqyf!v9wtO$&eOvQ91q&Cj`fcDjy4nFo^!-VgS
zvinG01l+gy#CVozPGQ5-rt;QI?<O@fq7P0RaC1W2xVk|2-7>Mdqerp*ccg5m0H*&M
z3I8ko=ik^|{~g_o^Izy@|5;z`|I*+5Lt*O=@A2O$Xp8{nf6*CZWcxSG9?rkZxPN6W
z{muK&HPyd0``<~Gf7xOGQBUbFne(qA%>QcVe@RUHe{nizX8#xQ5l&XNf2F4V*UB*e
zQE-gy!=e74PUo!uS#XT=Kk4E8UF-g{_x}ab{U=cQ3*?wtSm-}0U}gFPd;ed6ii<J5
zwfRSwiNBI#hNk9p2Ie*&k`cy#XlV2w$Nx}`5L6MS`zt}h%Er$5Ul=9+1Ih94D*gZ1
z0hSNJiw~s5!pKhl;hWA1_<uxN1|RWL=*^hj{;{zBE7<X;p$q_y|D~SdYW5LKMc>)!
z<IBn1@Wa90i0&hFhl9J_A1lm%Bcj6iA4qh6;l}^aAI6U{_~<js$G~uWe0^A#SU%K8
z{`BtuWkCM_QXgUZ56rl~Sm}T2!-swy;G^+OY=1_B`GY?BkM8{6^x%(Vjgu{x<wrmi
z8+uoISA8q1Z>E1v{u!13JZYHz1Nn^g&wcRE2J(Llm#qV(<e!qhsM3E?{V3`~e@*Zs
z8p;RTmh$Z#L>j~##1O;*#1_Qy<6{Ei1X2m|1w{4Zw*!dL$1f%j00<)p;Gda3hFa)j
z=qZJ`{!9)4CnGB(D+>z?fDXVy0RT{ZB$Ku^`ah)j&|WZdHZ=aftNvdfYixgD>p#2r
z_pv5xV4>(_%^>p;pyorc=#MhfNBkO&4{f&pHZlw|6YF2A&%fiy3QfsqyhfA`s3G4?
zMo#J42S|7@7o*-NBhOrn7{Se6u{1H<3YWlJ=$JR}4g*Y24H{mL!B6@4GVI~EZ(^T0
zb;`uui!xN!%MKG8CDL=e<XEuxD1;}dvlEEQdh(_0sLhP&2t<t0I$|BLzI<1L`msR3
z0Q!bPu>DCVFh7rxS`CBbEnZ@xq&P9FFy}%@b`vLZT0;;rcv4R(BY`{ug@hL^3kuo<
zD3MbeuL$#60Y~k(z6~ezD=JPRP!=8$^^C}~heIFKyN4oB94olMuab+Y76w1AHyk{X
z!Y&;eK}}FrBX&L~fDF2iT3A@<rHh8?u!sm6dl0ypI9CowYpT!tRi8(cCqfvEZ3+j>
zGx=7jkI5Wa?xLKLLkM9X2TY`D8mCYevSzC!6#!Z856Lp0pQx{B&Scibi8H|nuCB+(
zf|ou<Wf;QUYaSE{BOLLApT&qtrWR{ePdGR3G6?}uCyUOKr4<KO094M<C?J+Z6bh16
zyq3L-xSBgc*`>yDQ;jW&jR0X$2^Sp3oSfb43sar&4VL7o5X++F=geBYd8!jVJ_Pm^
z+LZq9Szo{Z(pQQhk+ZHkwTubwlLa^!)qc}T*JBF=!?F4-wn;vew?)Km58lNR6}<4p
z4jjr75S09FuijzF;9<L_zfB&IIL{BOk+Uk!0g>1Y`he#-+;I@f$3GVA8Lq?C4~RYB
z5X;(cnM@wV7m>lkw>9gJ%UUxiD+Yg;XG&r&L%N-^t3(|2x%e#7gnGAN%j}b1<3+Pb
zhUX}KNJjsu{}9X&{ifC(Ef4CTCwyV7Id4}lv?nRUGrGdl&@a%LhXklVp3q*TOPm_n
zT$j!7b9!iM6p<0ILK!|o=Ab`hGFCIVrr5gl-9YQ?#^6xFWkk&)zPV;tbb-rwkW!9;
zs|*bxFL4fa#UK-w`-oxr#~9cPcp-1|$#4o{b4E-aqO03%uaXZUARuqy87lFY=b?OJ
z2-5xJw<r^M5n@HL%Zh{S_YL{0e<+Y8DC1}ogU1yzTx_+A1LZSOpn;Sau7FDaE)y+?
zKF7f?2I(r^EoXyzm^&$2h81d*Rhf`VqY&IfL$`0>QX{BL4(dsRMsB;1hFCkGV<}#n
zkUHHHZa+Se7(yukga<4Z8U3(v4m0rhy1y?4;k|bu1r>xcA`E@QOGJbE+#L+UBZBX8
z2i_+Tei^aYki?%>ixD&M4N`u{jt?$5&N#u*PZK_!05*R7aEOF^|8ow6eUH?sBLTh`
zjJ~5D35mOpzD=k*Ku=2DWY8?tcz;Yt)Mwyu2w4zMFRfiF<1XzP8HyY*!rbEk*DRUE
zI8oE;HK2hAGr{`}(#a4YP{|!+V59G~EhIv{jok}%6_L#dVaUu_N|K4yma17JHA+Ge
zH5SvIBp4r$Km=8SRUPu_$0px*X0L(L?t*V{kUCH!@J9r{Qti2k#MFkc7qK^EuJD-P
z^N0d@h)6n+hc~=xTeqn^6ee94T2GLkTi3!T2@zXQW?lzXiwJFy&Rtb)6Nb;TOOIA;
z-=8pJcIi94-zN`RH+0@qf4np}#nY>{!7s9v^2Vd{XRWQaKZoreb-JheA+}9)4W5_w
zIF(V?#dM`H4=X1EvpAO@Nm#H4BO}H|;?8w4d4JpL;_+s_6~0xfp+6Trv{b+zG`7i&
z61EgvFpbEza7jgyHxV4jkx|LtY>OurV#5&Kxb;iA^^^as$jzD{Exhp1*<*!zDhL1R
zgPQ^TZC+ADJwB_9R%;)gdc-u745*bh(PUPiQ2|a2pt8CpPZ_Ks;9Hlnbo?}Bc9}N$
zYK`ITT-tq}>}^&m=#*E{wzhE90N@(mmu5C7EKF>q`8}!fTR=7KmD{qvwK2)}xg!nY
z1Qk&jG2PH%;zFHqUA>`vZca<}lD5AxtIgWlZpYg)TDv7g8%=F`UOb|(!X@)e8GZQq
zys&ajJ+!oHfcvVWX8dsH%sZM;d*CMwz;rs-d0gcrY&?v<S>cz#&(>U_Ipq&KM9cB9
z39UVT{@~<CGEUh{@!<X2^zkw>3sY?e@uJ}lLg_hSjAZMl;|5?TTN&<&V{GN5u$JpG
zhh3@IOj=}9SE96-HIj|WuoMm2-KW&PfLfL2l=+*@F6`ML^LA$eCJ)b3aS2O)ISUf(
z{wxG3{9#J?S!==2)Rvc0xLP8<nbqx#k2>qq$GKO^597k~q@Ar**SO-andKVsLk3(Q
zl^dN5ea6YgQ=QD#$49BE)qjzxMr)p0^QDzaQdf>R&()uq)vP%Ol~k5AS*#r_OvtQc
zVp}=ea_lcuA9S&*%)>X}qg0-tYU+k9`AKT6kVUn;9D}g!F6dZ9N$rB8YvH16v4>gV
zgROOyRpJX*5(?k$t;B5X$?uYeX>o^n@r4~X9YN~co>5-CQkL%Q|Gh*O=Jk(DWg>hR
z7Ok{p-XF=-xOZLM(Zz|>8{t~GZh*yz3qG53E?*NTFS%Z{@GFB~=%a~CK*F`0V_W5S
zkL|t|*BrZutKM6-R3a`2`Xr0SDwzvc9wS%d3V)o?-<(?v$%Epq;LLgQma3Rk<~>?#
zU~_a4Ryv(qjTEj{OW0FCRkJxco@&OBXAc!B^YU6VT9NJLN<qRWPoG*`Ux_fFli+F?
zz2<VJp{qnZHkW%8v-Tm0RWzm3Dt|F}zq*str4RdAekz#h<$9$ZwF?d^nT4r~-v6|E
z64YY1$G|INJ)|9k6?C&7K)lqCo_SRt3i*5;1~hhL%neN2HH$+yA-$XHk&}dtpM{G!
zv`u5=<zgzAu?Oxf4bDKPH&<3GbF5L6Vs4bO)XmOo$^+2KC&D`WPTiq&@!i2wM~51S
zW#H<>d1Plwo$Q(wG?DVmc^N1*_B6TZ?p6?ignMmvFhI9YKqq+)ME@pFf#)gLma*H(
z4!({zt)CjKl*usf2Tx1l+y<ZJv*)O+1Frb#`z+{r4iic<E3f9tBIV1*!%Am|)3BKr
zCa;ZuzBJQs`H=M%2YDuS+eqV=Y@r^p=`xZ0l#Cc>9t(?klF?ON?##RGm1~VLKLkjV
z6wZE$@Gdm5U}p8`o7Eah;7X%cDa94<vDd!x0rY*L+hY-aQ42haRuToQ09MR4h?G~Z
zd9I8rSBz(_`-hOYQZ0(gyk_i4JauE6L!m^jenHchFNh^;ewj_I)ui2QaJr&nUixL#
zIfO-MNUq)+M_VA?0AjTE-m7I!<1qnOjtc)ceezPWH^bhKE!E{Lgg<`kEQVKAD!BZ;
z7*QN7&x0H(WEDcF-(!n0;)%sMT=B=@=&ao+)m=dBaOCfrq3W?Ga!NYkI}?kc%H$W1
z5%(dFx-@k)TOBcuPvy?Ht)`zXQv0JD$iuB{goQ|I#ZbPtS*G_#(|@Kde^se<`&8`Q
z|4h@6-Y!3AZ<^MCmxz)SYbcyiNLR2anY(u)N>z_-?G3{idg0vuNc3FA8Rqm_*-}df
zq_01{oN6JKTPbA<Ew}9R6`)(TP$}69(Rp+Qr+c&Eyx-W!K2A*K339V=i9s*C`f0x}
zTLMK^0yT`l^F}uDLRDL&g$)#c;T7jAp^07fCZ-Gj)C@-UoL@6A-l><$H%iPuP|s93
ziy%IsG(6lSbC@|b>PO6py)n$8^W^@h6QwY3&zgSJ|GIVY;>L59MQDrEdCEum>BE)4
zE_s7G6{D%8iS{+Av6Fx|GmC&%kQMt`6yC*^2j8XhDx2`PPIl)75~vOV-&rNnPnp(i
z#OH<J=jL&ig4gS{v+=d9r?V{KU8s#U{lM3weK(4Yb6NKHC17ml>xtX@@4d?hoBQ2|
zkBt-P#O#;LJ3EeXqRY{@xmWw!S3=uM*W1_O@wdANliSUwyZu}JIoJIF8{6Oa=dOI~
zZI5og$lAWI4{u0PXA)x-qq20xt2?X(`pGLwHYK~y1sGQh+D#bAaq=22Juiwwdj^Vc
zWKuTMHA6ePAOBX`Ngj`)($hBw`!8^5s}ZAkB{S|iDHC>ulCTr8j&H)lV^Vo#cV*#Z
zzxK2EYixgW5`qoAx;Kx~H;yHHPF)KQkH#g%MLFO$YDLgts*DOxI{<4}>uA}(j4Jmz
z2-`XTl3r&hq}$WS9u(sv*%>C*{0)^D&b0?B-MpwkpOK)6x91|<Tq9SBnsEK-V55Tw
z93`^nbf=@p+e@j&drxGpcOX`d3K@x&=7gf!dsQ&?h4$^Fak0k*lN473h(^4*Nuhhh
z-4{&sjupHqNDvoD$iqU>Y|^ga={Hz8?l#k{WQ%?(gZ?F;nkr$$um1UCZ`)Z1A*9ua
zwJL1_7H6>M)R#Y!zx%&5R{cY8{x3e#`~XCMwrf97DCeK8yZ`RR3i#vb_&>ea0RJfG
zqa+TF4@~>VAok%J_@U9x{MUK-&k@_lS++kqu74edKT>`O__F-9%K*M`{#*Wkt%c>U
z&5Gqi7nk+JVUqQOMe-rl`BBoJBc{I_&HqUK_v&BeJ-`>{4}{Ci$@$?B{E_1$-Je?i
zq+(%b`B$gqe<;xZ6D9ulK#+rpgXzPd_BUQA<HvqAJAn1?cJ99e!_y47Z?npG50kGx
z2i<L^Ziw(;U|_w5c0tKs!kCD^AjzW_eiP>R(ld?;D>PQHK8mZfJ|9fFTO_dD1ElF|
zs4p2d9yHi!-qnmZ&@QcJwNj6rub!v!*DbG_zQ3OjCNgJxPI_lMp1-c2fBOXXo$@7y
zUt8UKZdaDa*BvA<y%uCUDLFam!<0X_{qxgrOQ@;7gk+girG}9f(9Oz&>Yk)w<2?+*
zudig^?YtSkKO77@&m1GMR^x&+xPrCrtqtF<E68Wr;{}$`fnY!t&b2zq789<0>RRv8
z(Ogcdb4k)+odb*EB|JGd)2v?Iuf)-Ykc&K{>G|wJukjItr~nDXDD{&PO1MU{vp@Ff
zqA%e*J3W`}T#sjGY6C&eZ)K3@pgV|)>u8?Xd!hzD+-taH`P`M_h=CjD6d7~fnwOsX
zPGv*S9xM>i{bsnNtj-esS8tGo9GSMKwy1{rRcCcsP};#K7{%l|okepPA?|A4^GO$<
zlQ@WTm04{>JFp2=_SRa%rK|4{m3^11eb?N{^oL%*4;?VO%<6P!8NRQmth4X5+*&Pb
z30|rq<3jSBzTIqNa_Vwa8SY(zf#E8PCQRz7V?clVbV8+vyvTc-v;!5TUBX3N&q5oL
zZ6DeF$?+RK6*#~jcWPvr?NpVTxa{+to=wV&i8}#X>Nj-VAEFS@VBI<BLa9>dMo|3F
zZkv7}w{UWrwzYl;B${UMBP$TW2#Y2qzuFzXW>Ym(@^Rwa!Bz&b6G6TO@V`K_Wyv=~
z`7~w3c$rv>8=rr=lp3Le)Cab`w5}vF1hp`qMMJ3{-ABuM5lD0>zO$OW$MVV`Ng#2&
zCq9vEy_+C+ejk2UY9}w|iFc^MDdr@r2s~ykp(qbt^fl3X{|S-tPL|8@3_0;?dv{;a
zw#<CJ<O;DBsknmSm~$L){Pj88yAmFW<6hZRL*<24$k%q=wu8@>G$Jq-fGX1S9{FVz
z*7vD;@Zwz)nSuNI;KDcm9S!;2@a{bu_F=+jE&6NF--KdVFeLi_%=Nz?yqEc7B|L2E
z)_6xzMZlc<!|Mz>!7c*Gds7fkW5CdIK}&NHaW<{Ye*CDy;?jdC_owswuB02h=U(Da
z?5|OrEK$$Toq;47P@uL+bLt?wd6dhjwiP9pAdOH5A!-oM8*dMeI25;?8iUXrLx|I?
zMz>DM>rdkP9d|$g`%XRJb=>c9Y-n2zRMM1LomsPcz6#;g!UfJV<qQIXn|SVR^vJh4
z*qrFW)d%$DwM*vc{aJeD9qeq#f0udFZ_+<_O3JNkNlfbvzqiXi$Rvz0<3tW|LVbJK
z{d(4s50FL3m+?#YCe!{wx7q(IhT{RtWEN{}$*&bTK0}YSx{`WDi_$V`3e|*UY3j^F
zs#HLS+v;K-;|~bnTBW@DQPeEDr$Zj+v=Pf8i-mHE0#R}(Xh6Axr*QcAf!XCS-rdNE
zJdd@lu<!{$ID9gwG)!^y!HQ0SaixUptD3`>IoVgGX=bH3Z0mkG9_mpQo5n{S>e`j3
z#j&GEtPM32+nUFx0=EkEWX}9RL^N@6wO$n)8;06PweX5n)#|+VqP7C~m6N$*iX{p<
zx#$spoq9+hPQ>H%S!O$}H)uSufXCya&Zi!yHqGo5jdiXKRrdDkwz0T`S<)lDxY;CG
z#^Iub<r=zu!=N&&c6Corwi|4Hop43&4c<;?7oe<Fzr<GqciBm<?BS!)s^mu|6+)(+
z1k8t;Q{z3}B7EGkRL0p)*TagDE}E07-vb)&2|1N#aAqkLB6UASUr`~Z!dwg5cU5me
z+xv)%d(o=iy6X{;d#%mjeyncYKl8b*PLO9$^*G)IIpnqR6mcgoE4BA$^=T`wqrRyB
zvbl4ftc@HIIFaNlc?fu9%RV$qU6`L(YRMVYQ4w*mG`n#h0c@KiOw_lruSD)?YTBWO
zH)9vFKds)$=;pU4z~=M}cvm%b$d{s)?}umX1|&7;(Pg)`MMRIPtj{QjfbCi@6|w*J
zZ|mw__ewYRB(MRJ^CIfrkUE6{+luVp1au9;jd?34e>8|l#!b!y?pxNd)0=JU)Zlt!
zLshqumWY;oo;a(U&h7EqADIPc0`*YRn;PZx%es&}%^6LwerYSjdDhh}&JWQdQwOz!
zOI|Eeo#_ckWhxEV3h6j26p)orh4yS<$B}W6yO%OpscDKR!AFKZJ+9}<oAc(tYd-qd
z=!5YT$h+Hp@1F1Q%m8f^t}-k~8CX-t9zj*KKgg5mG9ksd&s*9L;L-$o`?U{8Sq>>K
z3>^$u(>*p8uIn&+n*evuHmS`y$b=saDfa?M#}LT^#hV~$GLm963vP_4z9y9O(6v%0
zSf9YuF3jFv44idCb_a1oQ&iX~)$6d5^AI+gKxEn6g{icTo0T1!pTRjzo*dn}d2o$t
zE)QO@ohn~@p58|Ge>N{?##vBPxvuQV4Vq&~h#KjsEvj3Xn3p}jt-8Hs#&yNM{8iPF
z`-=gfuOMlzXbZc~`n#v-hv+n{)@UM+{tnFgG`v)x_#Ry=56GHArIdo$Q3Eez96fEm
z;nX}u%mmgnOmTed1j&)xH;UAiUwv+?Nh|w~_gbs7>oe1R?3hA8n#<tF6mQT6@aI4s
za>_d1dT;&`Swn`sC)7#?qIUn2#3q0mi{Q=$b4gKu)B!quu}Bp_BaGN~dL9#+g@wG`
z=*U*0r+^LD*aRrM*H^2Xr4hMD?r6?`YozO{Nka(bhU>0vY@w`)M!zB#pq4*U)bm-X
z`*W4h52auR(el}#4t^+!+g8S{6PqhmPWPh7@bvsWs~i3TZ`zj3<pgdw(cgtxcAk}W
z?DjOpiVOC|c2;s5VmNT*)wSeIaSGuiwzY;Tn&Ai)bO8+>TE|XFrF8k~-$nDrs=uMu
zlcm6TX&97>6y23*Eq-~sXd38m%;!;FniUF2Rygs8sImph29P+wGaFZdYCzSNKB!%o
z;v*(vddIOdw<DP>GW5m&K+>=f4_)Hbwos-acvI31z<ExQ+XMKBnE6|ul2pV^YK6OC
zD&jtY-Y=_?A;1A^PG7dVFv-<iwt9jJvt}?l)F<TC^@}W><64R+r0&-+hII5>i1JW9
zlnt^k*nRz3t7RX`__{+M2C`#*JfvM<Y)Oth`zvIly$NtgJVacWQZLDJ2#m<WWFsS@
z@sfK9J)ms~_7M5{!(M(WcoTEmutgBXyU{d6Ie)CM>1z#ig|<ao&m)GSyd~d4=plsu
ziRL4_DEolF#oA*F^AlBvs7)%sE%btT3!=xictuxn_yA@SC5wzla8cAP?E-yEyho=8
zZFYYra8Rr{xGMdEQXexn`T|;?VoSdVvB$+fd+H>5QuqOS<>k^nBp4bAmEemN*~<uF
zc0g0M9pPMSvK`V^a$qZrE6VTuV^`z`WHvM#idB&Z2v%>Jt<R-C%v<C=k%73-3ySS0
z&<m)QL@yb3tomqMrn5I9r5%2D7`ee0iaj2sRZ(_iTd+N{(8*}@*P2%-$*3(bmN3c4
z^T_n%T0&~lYQjx1RdH4RQ^IO8Y9eY9P2Z=)4=)BIMKWa71URDY=(q5C3<S9KQS^!Q
zKk4)4MgpRzB+Q7$$i|3R&`i)wP)tzMUaEhDi1aK4)<WwDfaPWZ0sxtEqA4ON62)Xv
zM6<}HFv@`vJw^f$xfyaIDMFNFQlxIsWPvb&mw^U796f3Ru^U<+VNEGX(UC>au3+2)
zwFD4}H2sHOOfU;q^PNycP->uM1jva3Vr0ZfIG{`3QtU&}{nrS4F`a7oOlXNi6W9cZ
ziTw1)`p{?tIRt3Cr9y~=(DI6d#g2*m6Slz7y2Sv<H{kgEl2gdD;28DTB64vG{4r=o
z;IUtju|APjf#}BozH#t#$Z&`};BNg4w9U6!T9}SlRLy^hyMWko?9qi5g~>*FlRBip
zBl41X2((MNVB8`(K9_wn<KF%=i#|5x?mlfrza27$+`~Y<{)$IFe*}&qpQEl5wVg%N
zi?;1WSAN6$(kAW}koE?)<!o_!KfCDDa}NDe-mtU4;~(?sAJeJy9@pY&A@IQb;$uD)
zyk%XACKKPu|0pT}7Mab;Dj0gg$RZO^@Q5r5E=s#4q^%1}-^<TL%gu1ZAfdU)iLSu-
z2rxLGkXVuM2ubsaxqYunyrAiMeWT=YUGjb_4h`{yxqkp!pmg4dN(--^MW+QdjS{kg
z*%$GR1T+PNS>+O^mkgaL?XrzLLnO8(Dm2Osr^B$z|G<S|e*hjMFDTyroo=~AuNe|L
z(q!x?KKs#WQHx?^?8ueGHxDGZD15h~Y((?VB&H<uk0j|Rs!t?kD5?)6rbIph?#YV7
zqs2o7S=K|qpsT*go5WD4dPTHs0e4hmh7q*1TGUs{c1qp^Yf7YCo{%e$5tRhp+|_6Y
z!jX2$`<xflJ)4A9x!*#~V8(DGCJ8HZXQ7Qbs}T-pBaxKsIa<*U_#^d{3pp=%dlt%`
z+vEw^xmH3;-<jmeGLWOX)nh2}L>mN&HBX{9S1wU~IdnBfVMbrbJL-~9>AyIkazP)U
zB_U6cWJq!Z%SmA!uscMMp`#2S!@@uW{tEOGARt<>-8^9lj**6@NP!md_sgL;d^t?u
zEhIC8w(t)_7Lj{$UY&!Tq}|Pyf0B>N@d~?w8PRt-@T5G?YYVty8_}eMl3N#QZ1cN<
zN*I(U5L^nV!QGQjSee4;{B~rxW^^>?gQj~`HpGF6s)DM5+yWgBU0@U(3XYT;2=D`B
z72*kpkP6wIq6*7jc%q*BXrb#tjqsw&gX4?}2YOsR!Q(7B3E=DF=u_t=0e;8{7LzNX
zP{YK-U<5h{U=yXr2n95vpu)g_(-39p5%r-Mz?h_&z!NPy(l~(ZfsfcH7*hHQLcL?`
z;U@f)?+|!I-GjS1KA`mFe}vwXr6kP56L<vKi>5pWy6OtJqwGN>Y~;M)?71f#$Ylw;
zLmCr~%usq$M&}H==J7<-fEja-RIEPtfGoKoY#H<zbi(`;D9@}48LNq@`VPpR5=jv?
zBdbH+N8LwGgQ<n7g=U744*a(#NVl|IY>DXqcGK^sqx)xmp%{WD=Klg%j@@iV!~TXX
z^oWJ<%r$Z@e+PU)++$7H$ZHF`f*lz(JJhCB4JirbL(vXRW>(!cPF!1;Y;^HlP^rAs
zsd0`}tu<LqOJmJ5iG;BKl~!T7t^sUna;U%0t0-%)nTsuhxGfz?T!(9{ys=PWItv@2
zw-sE-tz>BJ8>$SdeAFIotvp$dhTU7!=5D!j4*gj9WL;D;?ohY1R{lmMX4L&oZ?buu
zPaoM~;J&ADUQ;32UQ_TW`NLk9-WV#GiO7?xOmn$LsY_ucxiDY#Vj7q%GN_D|Y{GC$
zi@{KQdf{Sob|G_ec&N5g-MkZu__!P;jo-r-0h5K8Sh@W&LbiUN1Xv^i?+U3=g?<or
z9<<R%#_}SE_W(WBV(H>E3+b;EUcajdZ-djmZij1_xNm6Qch}UWTW_v3InSsVUtg+B
zU02sM^+?x>T(7NuQLlvj>1r9!xX!x9ZFu5z&a$9%t~9&QV$r79Fz;5Tow#0Fk+|L>
z!M3ElMTZH8dI<vx^DvV-m1)PqUua(KqVYrKg#SdoY!Ta+MMuq2Kd7nRK7CsV%m?}g
zB^|4k%Ej@tL9LlTEM$4&;<sJy%&awPjWoebSz!P<c1lAEcrSUcNiSOf$2ef&B9%xl
z#+tdx`ibJ^=V8D3Q}YvIyV=xro!QNyHYWz8cHRW@QUzN0S_|qLOJ<Y!AP<+S%@5J!
zI2HN4%)-nv40g*@(UYO#2Pu3xI09A^uR_@3!0%yxLsk)&x~a=4SOeaDd8jmYUu~jI
z9D-EC*MmHYY71qtQ{;Ex%F_1?PrOTRUuKxS3uUX<q1IDtaXhh~)fE}g$XOqVA2A0N
zp28w=b7wVnYUkOX8r0G)yw<QTFT_Ad^v)uKrpXU7jI~FT=v?U?x1mNdjEmLRfAFDV
z`4G1zU1#i#f`oH)Qe2>pa<t?NjJE8%=;NmN9UI4`743@&cl?Zew|H1jePIWEX5@bF
z#2<4!0HL&n!fJC_Jl|vJ_wD>%aRK0gmF=<JbiII36ok|IB-;gb0po=@XrE54jvj7`
z{r;5wDX?dA?}{u3?cU%2J(~t}5HuL-90?CH<|Np>vR^4;%w7Qv8tEpx61UBz%J$+z
zt~WwK8+ZX~5nc1v^|1$01O~xFSH5FkG9bTq7O(=zp3RgYqXw&OM^x@VXNOYmC#grL
zg{a!YrG~^OtXbawpj`Edt!GjXO$&i9*m6^&39&L5cT=PZ#wJK}Q>AXl+K$@_asTq>
z?BN`eD*0d)=DzFo0_2Lm3D*bazQ;S|4MXGolN+>ie(p^`@e-(O&K<$*m4a3y!uw+m
z=1Ud6OU@)EzQk>}&LT|o7uQ^N*IoiQcmh$r-@=o;WJgWp32$$4H;*i*0j8VkZirdI
zx;rCoA8d!@O=Gvc>=Abpv0lZWJ+@n{T9(gS_ZM6*pVk8#H?`f65PJyi=kOm@-f-2n
zL6Y1l)Q-JrZ;9{*;$GF_M&wf)3s$2GKHnLx1=xlB=vI~bzJuI_b-#`f7i^RCGSoiU
z?$~H#`a9Y>WuKtMb%-4)FOpEm_X<6F1NCM=P^|%z4y$IvRr72w$8~7kvkJZuV$z+;
zEd0PfYx9hUSLq&tYLa2j)1r7T{&NBLn@@`KI)O<q(w1zT@sLM?=d?##9}#VD#n=kR
zT!U|4i;=fZ@=5T*mOB){8%s8r#LRp`mQ2<QmJp$z4|e~)H+zfuLE?!A*0=k57w!Rd
zMi;nGS=dqWRr?y@?V08UAu1P2wyUdZw#%Fo3=qN#IgrvNgvEo+U6LpiqzVs_Wv(yP
zKPxrrBsB@|h9RGo1jHU;^rjJg#&@R{N1Gs4Bh5-?92?tCftZx0k<<&N4JAVw4aXm;
z){n|8sG8N&sZ(NhDYhX_3c*%k3ox!td^j?q-yd*895n^16VV8aQ%W5ec+l<}OVa+}
zN`X4)W_%p%319Rf&7y99c@Ji9lJbI+l|o671Fr{Q;M{$WS_>LHR=ewos;Q}x9~oq%
z`X1R1qHor*!h^!ZZ(5zOC`!W?G9#@_Hi94kmH^-OJW=~_so)m-Ot$Y+^nUBJ(^XqY
z?E3!pmSJTg!6c4af|(%kqbKVWRiua$_Ug)k0vdRYe`nPG<>(3ymLkNx8O9$Ads+(F
zEiKeGGle_}DIdBlZeZ?UD3zI&oROGTN=j;~V1Egowf@fkhNGEQifE)a!5pH%<$UCL
zH+gQq&doASJ+f|q1S%`;B-)#PfsjvA#l<W7!d`wS5WSx|QzWLW$3{{%L}ECUP#4I2
zxa%P)rPanXmal56(tx;%my82c8O$H(FS=?_fEvgZHUJ$ok{u->!p6Jc?ey`$b>)}X
z+`-2IOE)-&^EwsZtX8U+u$kv)nGxk?vGA<Hv0~z8UcxVVkT?*(F#9&zBV55Yo@UTU
zQSAInPnM0Qw}QE+-GL!RQbMA~Fl->@O3G}h*)i>U+v3?#z1&mAG2^jdwT<=U?#yuC
z+cAwQEj}_?X|$x*Ek*P#aowRNbE0te(CkVxEhT?8{LUyCm=hCQYmnf=C_Z1NEEGLF
zOd~NhGC>fLPBfz~%B}qv3rn|>4_KzyjVu#mrphviu8MM}N|kqzH=bo&`pzprqS$A&
zY>b(n$C6hZ8s+A)3DTi%4UWvdIWh)HxYWQ-Um@ExU??ZNNNknk&ryqbfN@W`E{f+D
z?Ru<M(VH7`1}DSwd86Pf_1X;!vuwd7yJd9VCyEd>hol>Bdyfep3dh#o@UT@IlI(or
zgHGUZ#%ZBahf91MK2Z7*!d=`fn^Ih#i!N+N5myO}CQc+$0<}`<XwIQo<0sCT@re>7
z0edl|YW0Gf7Ye<;v_?|-R~l*j^rY`_>dZ~DXaSNdC_sWX6+@XF-%qWKc2ZV?;RW55
zIsFMJ-aXD)W|<hM<s(jDWy)#wTx`PTvwAo3E^I>JQNR1#goMiT80_r0ljOu|=W40K
zc-bt2Dcn8E>!=^l1JIlt%FdWE#L2Hy-XhQPjusnfF}R=v8v3X#rX-}TfD%7rB`=Ma
z`&L;*b^H;}7Dwu9xY3x#mb+W$_CMm+-*AlU`41G!Q(g$Vc&nt5v&EP9R}QY>LZs%l
z!}T~LdCm@C*P*1~LIo?X5-0@nNCI;Wslv2>O6E*Bhc-vmt%7TZEf=eNWWTeb9B3zj
zjDr4r%7C91blccl+Bhk9Tm2(iD5b#Icwbk@eb-cc)S|1olW=frzxU!@t~us5PCINW
zmnySTP!NMwe5U1qG-6czR}dAre2HS&7|hXU$spmMwfo$7&7oZL>rK^kx&`dVH;lvf
z!#3d}MGM#p6uTj1vvuTi-HC-wAgUUSZQ_oXW==~>j5dwS#%zPPFxRg6yJqzk5j>z&
z5Hp7LIM+68usoZvcx(D~aEcC3prT*d2*Me!WbwTRnra=j!uoEGLf3P5Lb63)+J6uV
zH8-0@zP>gW@{qg(Fd|(K_EN8=xRBmGJvsa5Tn3`Kc^*<;6Xqy0y=bGe{o=eaFwM%B
zN~o4DHS{lvYA*UtcXv<w?CdWf`QtZ5+LaXn$DdTq8>C0an3BpR$FSm;Eycs}8w|<^
zk&dJ+<R?@uUM`V>Zj$#guug?jDIkTCINADh1~vHkhMsn}00ac&e5X>(#oCa9r0?x^
z{xq1?V5kFQLz_X+>>Pnq*hiH{6|sYLI6rcuE8M|l(L1oUU&^L)ci_+Dm1b?JsU5Z*
zbB4rKMAKWPjcndKbH`&MhwBhU)4p<X9j`z}i6I+a;YG!ds?D3$<%>8iUuPUu2Sg7>
zN1_-pMfN8exb~O8&9HM_F)I+u2yxHgZ%LuoUsfg<sg`@VNQJ2bW$A`7(%|MJ%2rv7
z^^($}!0S(`8#R*wT-JbbbzR+L9ec%QfU5QE$ezY(6X+}i;;7+X39{e8F@(_`#TNxP
zSY1rC3q^!#3PPmXuhfF=Yf?x$^E`EY1%qI~GGyM2$-04I{I5<3aR;s7KI&m%`D=91
z6|Juq<Ln*2f(TbhmK&YbE*Bvc4Xp*YH7%qo3BOfjwt~1JJ=2TU+^tTm2fZB&*B{3x
ze%x1PsMSAJsvoTS>WlC7clN1YC6aDOMFqnjBJzG!KyUqF*$u9;B_0hcRWeO^iL<p@
zDQ9-(EyxbPzq%EgR*BCwdC755yS72-Rr+R#AsF9~?Q=Dn-@GF2waip~S~J)(2}jVr
zoZ*zTQ>xohLu6US*P6!$bQBJ4{G!ulFzh`V2DK98@(Z$26PsE8_p-ZjWNKP>>F%Y@
zsvwzP@52|FAJmKZT*(x$?7SIq>2YQC7oE7E72$+5KXOcfE@`lrx=!|Hi2dGH38LJ;
zh$oAqlT5J3J5LGsg*tXK$y*Gto}1<KpCNUjJiBgfE$()?Vly4C4v@aWpv&_cLM}uJ
ztOE9Gf|tqZEb%alVz)2^vsD-56TccedAXdm-MQB<?P;f{Yt^2R3sLXAi0A$?QXQjr
z^2m_?ZGOFSAUkftr|veI_j1^`+k~fTV3I*j^_7a;(VwJ@bTIYndaIYm^?*t8dIoYy
zboHS6%ud~<cvA7KS6Td3a_(Bao8}|9suq)5zzG7no92=Y8&!{>3v}{t*m-?P(&XlQ
zgtox>lh@V)nRU{j&+-apnBvJHviT=-1lphkbPuNltH8pOWR12o-6kVf4Q7M-!RO#4
znLswS-n1C(vaMt&ymn?gDeO?$YXdc0FVNCe3p#XDQ_IWQireDwdPWoN(zQzI-)NQh
zfu3W_J=m$tHD@@Nb**eVECy@)uN<crd1|im@@}z9O}b&hhHW7m)$kjdiP^c`!SQC8
zg3(lMshCqsshB8jIZ%df!Kx!0ibBRo`xuEu!K1n;cf-9i<QP%?fd&`fB|_*%95DyV
z`jHk<Qt7Mplw9QVbnXf+{EDL{T}}6d!b`<X%J}Ko)y56pLNN`?MX2aCGvZL_Fj?hM
zDB}9qiO0B_rA(uEV(B}qBYq9<{hCnXF(luS(Ik5Nbk)_%G-TnUEaj68u!PDl=w9T_
zT{UD0WjqbX`aDxKZc1^b&in2i8Kz5reXWhg{G766$eA+M$2yD~4<YNI?I2lWCMF~G
zxvpl{C>4VtouK{mLg1X0QT@DO<?-dqSE(PNm%%*C8rUgoxifR(wjAT*j_J>jD^azN
z{%`wm7YXaCeH&0iSA17y`KF}4XFX7xhntqny1nkefJwg`5%RCtiFK{OYX>;kevH_O
zF?sC5o=8(^9e0<z2W4)RENhAM6zyp?vdLmbbM)hfFi!lP&$=6Nx6-2zwXg;h$q_aV
zWXF*b1@e6ETILpW?um-YbNT2-Nk$?A6oV%_c#NS`DxLyDLH8p|P(6xQaRY9!SC2Zy
z@Lt5^p+9@gn&=Ma+{8S!)DS%YwL)Te9@x@bola53Nnb~(iJ<68x>W-+Xpg>+Zg)1{
z6<Y`{sGIu2bj~{1?n;>MbuOc>v7z^76}XX8ABrgjW))6jB8lf|nG<MwH(37KzlNpI
zcDrx8Sr!KZl^qzT%^Y@B_a`i)N6W@Xe`4=UmDEY3GECU8^^x{tf3<X>?Yuhr4dZqy
zj5~I>SZ%|y61kw1rJI@dQM4x0qi?@jfaj+0BdXmu6fMHKqydFG&6I$9n8vDEV3b(t
z6ncTW(bL$}W6(+Y2#`tjK=OKYa27GTLxq>jY57uBmIprn8G=r8j&Eh)!t?y%HVGG>
z+36h>KWd9TM&MGoo|B|IiJ*+C)Bdg}Qu@gKx-wO>wk1V3Nb!=%t30RTi)jrrH4l)M
zkDlUZS5i4+u`yFU|BT94!{x-46%}3|<Gly_(}1ZTR$n^HnM?=#e;H1cOtO+<7CN>n
z1J_)(m$m}E$SGQ_qeH|-wtdZy#*%OCN6A9fQPlm(PRy}43K<{n5Sf5dDGC&pu`rrO
zyx2PEJ8NbrZ@eQ%)%w`?M56VNmQ%R5{^GM`V;U-DOopH4Hh3;`g?Cq@HEa2rB-0sE
zW=>DDXCm$<yrGaR8jUXBZ8oN_rS)ZT8f<_v+G_$z8h*PJ1x?H(#+%-wP5Yq**JU*b
z)Yd7KLp@H0rt}Qj&96Q7Xez6|G6(xVmUP2v_f2G724PQAXv&J+4IG4|0-1QI*ti&%
zbJzz{!c_TMO!m-Jl@eU6Qw_OIl}8>t*nht+b}?>|KmK^Y)B1cPQHOG|%;M_lVp7@?
zt=@<!73CPHk_*;&CL`-oU>#Pi;1ME@bb`9N|9k~`w|5qAGkDBg&T{HPTQNvk<8SaV
zj)F8X<xZt8OukAAr%01fxVVcYsgZF<|5g<p(IknRogNowIOilHG$cP4tI+D;p&{I&
zLl*CCQ!h%Hs4t;-%y9tkEY(s!^>q`r9UksyGhD?H<8higU*_I4wo|paS-j+h$#q&A
znuEUhp-2hJ{*xo~Wqr9Zw+?YcZVC3YT7~EywsNKd3il5-!$a~h)#RI&O}^TzA|Fno
zObdyb#*PZWul_F*UedVP@o{NrKO@Dc9E>J$D-zktlySHFoRw?mXUQpo$wwf`RiYbI
zq;M8LPY<2tzH(u0QBm1+mPVe>ID!o>iaaWX_>)p1wbKd1$!>-VCrtU<N`{{11%Is`
zpvHMU;dqEY7v7k7p7^On{Lmcf(_bP~J69CVV;~UVy6R>tcsaG$Kj${TDQ5q9NpT>m
zB#o((a+i!p-eGHc^Oc#|fE|&M-{CW9&aY^j!ND*iFYBQP92OrFD~Y+7$KLQmZd#8G
zs<?gqmtc#m)Pp>qA;;sU2q8_Ah?b}QC&G&iH+#y4;>t=ld0CpL3MM->azV?CyQCGe
z_C1%(rzG6q^YS^t^YY6F9ffBw+h*U!0qnND5u^UHXL^kzO<t3iV^R8+sYa`@&2LIJ
z-oq(Dpps59y@7c_{v0lDM_IRX1<5xRYEO$T$DzqL+8WD@y@`w!hD;7h1G9)%%~hH$
zelC#SzX6+BH)cc=IWkJEb9pjK*Md0h!NIESqG$Fh-0<=ZrIf>_ZiLAqUz4-np8eNV
z-t8V|qDs#lemcpjLbqNTsRRoTkOztyM+s15?`u5=G8%3>!?4wg(4+OGp{r)35lU0_
ztAjmvo~=i%h9U+OE0xsCzu-=mcIj_9W_V-Z@je!w;CRf?U6Tf=>>E@H{=i{X^fjWs
zxe(Seqj@2`>wu&$Jy~|m=DdD|;p+MhE-HtI9*YbtHUkif^dqrYDA0{`!3*H&Wnk+8
za!BjN(@rKO6+Cxp%?*~@R#}E?*|Hm?XD&(f;4N^*!Q;#>NGxaz%@XVq?SA{7JDOm{
z+$?vj->;wF>+N+;@IIfm-z{5Kv@h@m7#Z<+er4UW<Gc~fMmfc}h4=oNiHR#L+e?}h
z9yh3i*otu%yDks6D0zJBe<_a%ccI&fxv6#Hdu{gK<yn1tH9JjrZ(NZPk6o5rc8jz2
zuxcD1Z%b%Nz--vP4Z%EMRN-ND)Fj+|)H~;prFt}%He2GJI;=ilJewN+nISE8glznt
z4$m^Iwogi|lZ;FRBRfG)s)~#>vXPv;=%BKR#P#gO{z;#aTybou31!$sIf85;CB}e&
zb0Up{`s+Q^g+j&@(F*Z9U8;x=wa3xfp;_+@OB|Emo3T`ez5pe*)HfZkuf`K}L2^I*
z2*P&uS0&!*%qk_A5I-*xHPG5V(_8wg)VXOr;-_9jL!-D-KW>)P`+`Ox;7b~5I`t}C
zNTjMVQn;VlF(ZsZIX8xIFY3^Zc04l`rdM44qArjrQOoAF=U_XT6@DXIeKxSM7Ri#Q
zj4@5?KV8uTxK>I475XEB>Mf4k(`<X_J5)4&wN!8Gd*oX=SDHTrHXAyJJv0O9rZs#0
zKMm@%2rMP_PmB+woAWMWH#2nC;9FiLbj&z}v+-K*7PG*y?UV79>jJ{02_!uhv8*=k
zsB#q@9Cov`p5jr}oAOk@rdw~;^lwFPa-xQx-g50{5<K1P))&i@xQ?>5C*m@Xl;S1U
zXsX1NO_I&aH#7sCU>u#NU4-~7#j5a33E4=6@MW9CkPu1M38us}*h?=C*1fqMS1+2V
zrcGgAPVj!l-0R2-MYmgCow*i>(0Kf$RL-EkoM$vwZ#>*1q)dcz6Ws2bWkf@(dvSy{
zbSkedqT>=_P(3uvd#E-klMfvp!bmfFbv@bMF@7(No~OLf`L;o2=;=Gq>Gv2(UNB9u
zk|AP93bR=B+l$84$zM5LZ;9@DKg}T$hU8$tGI(-se;6~C=cxCk1ck6v>^i?QxsZ1r
zX&FzEpg(*fgNcXLnKqe=YMUAT2^8H@W!PtTdY7TfSi`6kM=&DqKBn6r^R`?Fcuc~Z
zgO|l?{4$Gjy#9JwT}mm*!mfjD`|-CH5h{QE^w4y!6T5_#H+Q_qczKiIq|!u65~h$5
zKRq<$YA3KPUCu#d?Jik_#caSoYvnMAKZqpR%(4sFaSp<=>AFL~Y5n3x8sbKmoI~i|
zI?iUE&##Zg%1LJ(Hm6r5BQBZFGt$+L&Q*1pj$jg?V2owc)Imwdy<{XYA%n}#+HWM0
zD&btVhhHO$!Ai7dU?h=80yG+FoJJ>6IFD?>Y{4J#x8X0<6icjf$W5#EqOR49u*xPU
z=hPPp!#-yxnXZ_>L0Q&G9>|CT5Oa!*_uJPw%vZc5O_^G+W($0{GO4_`q+ppPhYY<7
z=#%q(f!IB2j8myhp(%Rze*`wp3`n<l2k}_%+x$LUajZ(GO=iFq84YcGsnW~hVMN+n
zg&8d@92eIroS~D<h-Xt4XSzzJ&1Sqm3|mR0AumxOki@~vtOI3vsw4v@_tTNkvc<^f
z*#bN5M&jrf0e6GBNpC{h5mD(}-^EqLbF&-!L&$ywC<cip2&^2~9npHOTwElfJk81o
zlTq4@`uZj2-H~Dn4^9b;W67Ygvki02mv1Yq*rRdJb1|`skm0tcu>mZ+h9?eF7R}zx
zD*D+Rj7rrR3%{oJ{x&Z#rY`_+?YDlr!ld%5H%?HW@$|3?BEw!ViS+A8#%1~7f|%4Z
zD#>JuWji$H%Zy3wi2xDqz67+~GuzZHV^K%1&3dM_LY%nJ5WUa~;|)W<icl})i0`nl
z$$U-P39?T;1!IY~;<q6mjIUd(DbkUxIm~l~qgWR*zOmyd=T(ibAst8WKSGzk$?gdL
z2&T!B?L6oj+!VTlv}KKAiS3?+ZU+GYLE=DX&PI>0BLpuj+Jx<XF@FpyFT>A&sCu6p
zy@V_>qO@O3Whj*0Csf;Ro2+0u>&32aEi@r;G#zZ;C`4my0n7?lPN6jv?J+wB;>62r
ziQ!4U??FGSQgZoZsTPG0BwJu(TPk%Dsb1hsAg7&(E-_pzb)tgX!@bFHd6Ent+vc!C
zk@)m|x%u%j%&Rce8B7pGx)%ZMv2Po1afR$nSQ7sZdDaojA}Ktr0hOEl{w!{4sPujx
zr?Vby@kZ_(YUK7V!u0t~@a9p^C~YHp9XpTc={+;A?tO9^>Fu6!`OY^cEyyh7e}2DV
z_r2M&;l09nTx4Gc77sxZQ_P4FyJguyt`ed9KL=_HO;}^zeTNF{-5l@XU6$a0%A&x7
z(j{|>5t1SIf*}w-X$IdycZ;(FT_tZr(wQ7tQTP7#0MdrdgW<pyAdA-Ee*lx*rOGcu
zosSPvG_62X0mcL4tw<C+&*CpDxB(<ZdVzmnsT&TMs2d0_x(9Z^dZk?$+6CK1t|FyY
zY|8f(ZNk(c82Nm%AtAr;P_aR$|88r_I=)%9`2Ugi6<}>O?Y0F9v}kdM;ts_jSc_W&
z!QGwW?oiy@;%<fD?(XjHF2UXH((nI|UOC@A=Xn+@Yp;Z1$ezjGdEXJ4*Fw3TB1yt4
z5YCx@DkXHQyw=cc<8$)#+N6JN`^6_6c;j){<Bw-uzP72Ci@yE=Ywy1!@=2<`)n?>F
zeywS;T0Q90ueE;wiuBD2(y`wo(d#d&v|VIGMfKl&IoEjo;}&c0J9yV5$J*ih;oA<@
zc}XZH?a1Blsp#SJ-by^DM7Q&*wAUiyw8M0mof@yRF(Lda^_fM~x+IA3mtI>87+ix=
ze!ZRNth$5dlj256^U>xEf97#%wn1+KLEfN#U~^#`x1*m^{Z~vEwIofeRNk8_>qMP%
zoEn=};299XMs-XMPdTqicBrgf6)p9-_#nYpQ{k7OvA#&PdcL>BC*4JIVXIm|;URjh
za{StRmj)uc5#QO$`=bt5CLd048=CuCF#jn91p9LeZu@~+Jz4|o2Ws`xH!Qy7>UGAK
z{O^e=Q((d8$%$#hkV4o}93~$wgw;RqGt>;?b-P>2M`^0elS%Z}FX1MIQ+>y#YGPB5
z-01gkbx7JwvD;l8)DlLp18VYWA?JMgMP$<+KNXduZGX_kadZvTN*NV@6L(=CQX6rW
zHsZ&l)}e_-uCTOgRpdmEr=xo;{-#y{$R9$BH3uukq196XE}twYfXno;+ajgoe~M-K
zQ!LGEv6CDazblfu^1LWwIVhwQ=whoiy<W@3D?NKHH)Q-#ijJV}E@@eQUV`di>yqGN
z3%`FvU#+TA75j)GPLwyyX#DRTK3eEgs!>EQAy`o&O5o8_5z9+9eSUxamcAa564jQ?
zN*wtqtqS3nFLh-wq9LWUTy0>?Mq>OjkF8^tBS#$!<B5<U&H`p;2@>OgDle}biW<sH
z4YafNlv0_A{tK(AF6^PH3f%kZy23C0LFJ~&bP|`DD<QlE_E>Jbr%lica<s9(6iL)$
zqzxvpm50iIMM#RDRn!j|*)x7YPBp;VPb~@xnyyQj5ild}cKJ0z5nqXq6Kxt4(RDvY
zv;AXJAKPA9T{$B+C4z3?_r;~C>1T0=%KG4I6g7>h)JVnmh^j2!;~R>Fc2zm6GP?%O
z4m~Ypf+EQw*{X@hSQAZjiI!oig8~ucCL+Z<CQn^zrQM!zVL=kskwy~(iT>)wL3I5W
zKd*C%F?LT3?<eoVyw1u@GgNFv_ATfQ>pCmZ95u<S&o-=@DVBrOf{6=I++R;ZSLDLE
z*9C$o+Y_81FF~s+zM#R6ymY5dzTzz)pKu!GU``%w^u~dcM8fy!$<`--n}?GqFOtd5
z_N?grD$c|BAI)$YQ5L^nw^G%ZG{w%&fIdoPNZZL4WhrOj1!qS1^*6>}6&s#=e&jL+
zpec6J_!U<^ZyHHVP-kflX4xT6E+D_J&dX6|(2L6$U(_+rODoZ}y|(B)_iEeuC<bJ_
zsEap)7?d9wS%3~LjqEcHI{KT`dwOhGTd~VqNG+Cy<MdW4f48IsQ*R{MeM-J8j>hLy
zX3-G$i=bbbtm!`0#j4CCCv--+PAU0j3zw;CUzw;ZF-|pL#|l&#ZF8O6-Jq+^#JR$Z
z2+TT_@H11g_1j9W1*Kn(0nK8s0VI=+b*pLin@hsHL!X;-#Z`SqL{h@)E&}a>sGGug
z=LD47uh|}MMii?mo72B`Yh}o9Y!r3bVTCo(%}lmmzXcGOsG?Zz=@;%;yF${dneJ!0
zL~@a}VDvfrbX)8&UP_DA5^IgsaAL6B>6&9H1rD@giJfzLkLe4G`pQP^>WicYW@7G}
zW+;KBlL|);hD%1yu~@DHMMm0%%j(*DHg0r9+U^0fp}R(uGwANFiG?%j3On@GZiS&9
zOyFq+HKlc$Le<S`<*fWswa7Fq6bsuNaL3-6vFh%95hbv(bYSyRogdgZsJ_#Q+r8pY
zSi6LR9C~CGV-|l-7hgJr{1Z!Q8;GjzmMTEiX5r{gm&v6>Frig4fNw#ISsNGIc+@Rm
zp%ySLz6&)x*1b<x*rpmwIg?evAydZvV|4E((|%svBv2`7N42ziNgHIrSkkd2+U%Kw
zyQ*ezHOGP@i<cV_d2MGAn~VYzVj;K5s1dc(A|;cT1njpeE_Wa3F3(F0lRhG**|{|I
z|0>AHo_jSS6>q>J<JYfhJ(}=~a#}Xy>S^fYVvcCUuF-@s6>++7G|EEPk*k=g#Q#0r
zK*~z^ol-YvBiHc0jrz%zqVm0zr@&2B2!@5ZIqQJ%6YH2qR_TmZeUE{2{0xxcI#yBn
zwn<(=ovGa5wz_H=m99`XMcpEHHl#iCgXg#EP8^`DYvSmxgKC(0qWTR(vLK=?{~=tO
zonnYUJ}o0XQ^f1C)oP;Ug#*4NWvSUi2Tpo#%sFboNXVh%18VDoWq~~<MLyD&MrO(;
zu4qS7)CFWyE^-m7_V_V2KW2An>9NVF`2ffXKZ^EbpfvErzMM`>uV<1T=N0AKC@qk~
z2aGs@6#U=hA`(mr#g1xi`^^^)hNf11&7a&R{*;+~27A#Z5>(k0Y4k(yrr{~`ga(^o
zYy8U#S0|zRnquUQXY5Cx!QWhHLajN8&%+(at9;8Z;v+g!2Rv2lEA{i&a4?q4gRS$|
zR2UZCJI0IRqT|<1FRzc{lh<}n!!;xVgh$(l4;9lc%vnc!ix7z(j1b@7zuq2#4a#|C
z$($=sjJ1L1Wf-ebPYzi5y}*aJPIF)$JlEJTGHd(yhRpFIk!>64cJzHbB|e(#1w42v
zqj;yv*6joy2rFZ3bzJpkE{iSj*28y?d?h~KN$x+qlP^wj>LV@}D<2NJIG!;a?mqxL
z;Zj?^16PHpVI4xh1IaTK=o}ib0K@)3`^-ssh+z;gb}SzbVEG+I_Ifsi1S?a4&;cJN
z)yfZ8nK4NQQ4|vF{0@xz3>Jf2G8}6M03R|Y(IA(24h?To8|tvea(vi?!I%(sG{Dy&
z;EfRYAtRay5GxE;hg@<yxZwkie1N=aDc6&dUVK7e7l@%BP$6UT8{~DnSEbM3-i%2U
z$Rz>flF0$^Hg!Y@JUEsgFTD|dY5x(zjsp1V_ot4mf9kkBmX8hKhfDQBNKNwt@@7sp
zj^*P4U^6G<pB&|nBgV|$I^d(G<_d%PAXVr9rR>+i^ln&yW|&m<jLF@xJq;Iel&@Kt
z3ak!E?^5kDC-wi7i8Z!I`lpuncn)q*fG2D~Gh!-=Fqk=G(iJilag}>q8hx+p53KzR
zMuIrNI}8K?ogh`OFC+vU1p+Va+hj8*bv|^PLog9j#e~8AV|!MRDndZ4(4YSu_fM(!
zSPu7$4ht};k)Oepk9>Hef{bD7t8o!q%ma2Alh6%<`AXl_jmo#endar>vy?x)W_Lfd
zdHWvsCHo|K#i0H0n&JZuB6g?ys0&Xm@FRo2ta5rR*)*+t{!ka4+Rv>t@oVo4N}l_w
zh4GMYAkV9zp~0K~(QQ-U1LRVprhZy#>C!M%(3}x;pbpLGdk!a6izX!n3!>v?e4bHm
zm5=1*QtBD@S2blU27g^D9-A+XLo|0a)}vO4=0JE0X)7+q#~asW6-kMpiRJ&{w%J>}
z6(YaF#QCAu+}Wh2aO=AiQ|ORkgvNuIDCz3g>Yt&BxL7FBY<Rd~yFAtUy^%!U(l|Au
z7+a|Y)0Yh!oX2@?J_#F{G-{Tt<Wg0C54(iD@of3giSuiGVHzJ;+&GStqCUBcxa9Ad
zxiwXA92XaN+<Jt_4?0L@O=hJ>9Q>>RlbF%&nF&IVkSd*>{bDMeDlZvB=PfP!Q4S1x
zhwti?xrICvJ`%=hfwzXTAnEb(syB*TZ1=PCSU)|2@N-77Mwf4EF9|*#811Q@FzX}!
zJp?W&PY7k)G*~P;m=b`eh_oPa&3<S$M#B?PK>e{H8@#IZQU9GAH8sAdaUVZE5tyZF
zb65T$9Z?X5h=C7jB9AA+X?4#!((AhY=Z@zg6WEaCiMBtpV|oZ*u|do?b1mD+nKPxU
z2-i+Nw?~4#$MfFverMRCre0mEc>egCvvIDJq$1sm@%~Rh>~{qa4m>pck~$?=DTpsX
zTnd;InC}k#@T3kqPS?>wXUNz&Vm>~=UCeh_{N{j$AK`r_ib6k6>{i(uM*75FT^L*<
zrUT=wO0_6#Nmwj)OLL*i*UTCDK-`cFAeZceQ;KH0nbJ4XLS5hSY<Kafv`JnQl**v3
zh9TnOIMZskUvIPAgPQfogAsHu_Ix`V^d{1X-3k$wH}big$D))`H2h_j=1ZpS)eRaO
zF$66eX^8syeo4j$DtDSWQWG%wE_@F9Je=W)eAq7Yc4RM*A3fD-PQn<yICRq7t!ymW
z&0R?S&ixv`;ovga{ZXA`ya2YH?8)@2h{Zzo(v9ia&g-Pvxc*|EXTny>$zQZdt?*Wd
zuS@3N&3moS=5wctg`}Hv3ROdrh;M7bK=4O^XblPQLv!20M8DU{;Pq=PPT7_&;xah)
zAVGp9NxhMrZwZgaKO!$E_Lq$}=Ry0u(0dM0KH4-T4-dAb2p;iFKetw2=dUowq3)p%
z(bTfoRE=-_Vb~OmO~8;%;?zJ$RVFMTkx|Yz<k&2uQvT*z9!J>Fx)d1Vu58ROW-a1|
zT1X>&y)tt&gU6kk&)>-3IJw$yH<)P|R6{gB^UbUV!k)s^F@GXnrvct}xaaNb35-U|
zl7-{sT>6rb_&`XkivWtMeZa^cbTrQjv#A#~Ap`7Oct**m$5++O+4YT#RE<RtXmJ^w
zUDwSq0k_{?-`rl&0atgO=QNj2-ILv5+}#f@5wfB#JxDE>8lD;K(W|BWPhg7NA$k(n
z_JY!q#mh(fY_QXr$y8Ctzy@!B=r?E|cSva8PMQDa-gnw}*4je;{+T&?FIKNG1e9R{
zYWwE*F$46u^D{VRk3I9#XF`ahNGTUO`G|9jm1SMEo`J4G#wVYbF3AarcL5zfp`Sl9
zZ(jZ^|Bw-g01p!Z*Zgx*yq3C#+G)pON7vqQoUzc={=&FnbKfy#Wi0ZkqOz>|^r9oK
zBe!Fx!!y8r;id|HVZQSx#c!Elgv=F*EERh<OIhoS7SCaQxlhw}oQI-vTez`N9hv4?
zvmzn^qSoK3^i@Ty;6kh#h)fkz;E3H6>wWQ)DWeV>*nYU@GA(B8AgL1zPI9FQTk+J|
zHYAvHrYusw1zM$;$=Sde8QNf05Gxj9beP3OT}uWc1d02Eyc0x0^uI;sVbBO5qiBoy
zl0dd#RyKJ>L_CnrxbyjXl7X-5oJp&zo8e$0=PORVSD86~A2e&9VPMNzCLP@;QV!mX
z%xrD)G|~V#C~!Zz6C-I%0xHAvv1OL$*~Z9<Q1w=P1^hc5%>!Gs3;Za1#>Ab92f98F
zzV%}bJ1~|3I(x2(3+2lD;Rzyf#o$g{W#*Z+Ix!gv?5@$_(R5)kX0@s|Db{$V{z@{`
zU`xm@9O#fY@NG;r1%N>d=wOJulGDZ8MTr+#JBrqARhrz?b~_k;qW{R)v#RHDq7DXs
zC)9oXwAqXM5_9I%Gs?R1MR1BNo_04TocdE*`)z7Cv&m!odG)qMJ#x6<z%6#qOT?K8
zp7+nQ)b-kzmr#4I{^>FbRDv}TKh~#+-Irzn-lOhqW2qRS7;7K;b@ET~K83CLEslzK
z4-w${GER^#r$RORB8rgr$zXOm9%y9TnZqi{#q%-2<*EBRSRlC8{{7Q2PeAEQ^ZESq
zO%nC}>Os&|t8Brsx1f33#TNK}72GPqUJ?B8z9e{8s$=;~?B&7Tu+AK9lC$Y%K$nQ8
zNXRg;!lMFo{rwQ5!tVw41<_9CI9gCvK$%cUVB~D!p~~sld7;;V(D^e-POG?6yjRY%
znp$zYo{QYIc&AvW@w`{|P+pv;;p5D0aZ!W~>aM~fO%%QpvK0K6UL<NVNVo_*d}e7x
zh@KSOSLorlJh=QEKak)fMsc0RIHaohziaC{SbhqP6CXvK%!M%O?PHp$9)2{0F-oWv
z8>=KMr-tc!EO50>K<V;8FgKav#YL{{-ZzNe<dnP=d24A@<t%sq=~z9O!B|=-;W*B8
zB_n3kwBF%J78xCUl!Qx!7(MskpTp***+l+4e;ZGO97Eh{{|P;(_ast~ay(WbE4xd_
zz<@(;iB*u2T&AA3vh&hMr0{b~j8eA3m*^gfsD7XtY#QHA@sx89v7y6C&4(=s={IVV
z-_3|Ve>ys^bM6rorDf#yn!UxyICfBL0C-YEK8s;Pj>7{m2q@i-lvgd^*Ln)<jrViP
z&0s#o1Sn|EGfP#`Kitg2=TiDkfR$ve`}eZgv#ol7V!I|(!%KAIm24xMUI#<UPP2du
zXww6tou&OH9OLelXhib{E^o2aIs94W^64eT1*_xVuIjiPj@kxkKS53_=wd26gF6~K
z)Vo?=Xh{?+d>G`IY#1QwW7VH**VU>9wW}P)C+_anM62G?X>F-Z{U|kzNo)N9(({6q
zOE?+zrdW;IO?#Z_rpLx%YH7MX|CL8MnxzFuE2oxjxOlq3THaN6x_xdWd56u8{f*g0
zZ<yRdT{=GgUU+sQURsA~uxL)cymPravgmbX6`N(h1CIk@wOWhi6-Sd9&*qZF?8^lH
zO}=P8XSZ{H9rx^}eC=9izuNJ|Ez6s)7mQcUI~Ju<c>ra{VnAiX?**Oa=KF{w|D+s_
z(mUxV+1u4qlIz-8a|;X$lUdFgVogD}r^Bn9*S!u`tDd{B8fUyOf81rxqguK{s)N+`
zV;tieTpc4DQXO{>dZ!=uoo8yTB^ExJb@~wyuYOoEU8&RGlqMMEq~L6N;BTBM@#R%`
z@dU5Skc<;;>lu)QxcA=_wYb8}YQDsh_1tGX$eN;tW;{3cbw=L@AETnK&Wmr1e0HA9
z!(sSpt5Hr)k~|;!6n)fl7@ErEM(nfz4j&caz()ym8ig<h8jPpXqK>r$YW0Bcoj~JK
zb6}H-RMl^>rXEy={OW^FMhn-to+As=*#1jeff#d>>0hD@WEQ@d&ITW_h<Unh4Ea2M
zVk0BJ-1axgTjARB#ev&_I()J-TV2ImI7=kF<Qx&X%OBHz=iNkchu9ch2NS}ZvL${P
zItP<KOZ@I6iZn_;zH%u0=z%YVmB0>iL7z7oB^dBPkOk$wRvx_U@PnVzPPW-rFxKga
z3R`>wC5d2xcP}k6X<m`(*hJ%;dJ&s3Vh@WAuaV56TT8fPKVq63RWgw}1{B!cb9rq<
z!a{83m3?I3W`=mVLQn{nHANmY%F7%L?0$U%Hl}|0>>lAlv2Jjd^D3{#gUIdarbD(z
z<=~Ka<+fy=KJwTfAoE-ZvnY^>CkflPUsz-j%S3;5oo7i`KMu5dYWh;lZL=N7z*Hh(
zuEC-&PwaEG3tE+LR6QToNZi%QN()t8#yjH;>JGF&Vv#iW!$qB9*7xW>A&lk&DETK$
zi-9X-Fu$-DhTuhPcX|I%C634-&?q~^{~{lUJQ=~S>h#nYyuF&7YZLcOjBiRSwZ8Pk
z-&Jw<6@yoAi2}I_g*RSgEaKW=H}+lDPbRnflWYRYm)V77!Vst2U93$u9<7Tiwh@BJ
z@o1E6fO_<#s4Ul|mDn;LBmYhCD9!p*3{X}|pK(wWM@0WM$mEoiwVOMWSbQiWGWxX`
z0_q(hA2_WKkaugb1A$t8rK!znH8@nD4eoK@#7y8jHGC0t%Mn@34*DfYZzwxS8?_oT
zvv>K3SvbnZM3-g4=r*DsGi)AynbLh+frB-kD&Yo~wfL6*XE{bvc<S)yDt@;y3_|sZ
zN!8Um24?piSmUURDfBSrFsHsf{Yu}Kth9@Zd_$*|Xpmag((}Qon75c%`<&kf5on?n
zbsgtj>G_}p-^&}8Gval^7bZ#aOJ+oYHZ6L3$J0T7dw-Z0R5BRB0l|-i-HmtjLOAox
z4z>Xl0hQ54nrJ26T|GP!=(TYancMnRn!}C$uT%JVbkKPglEygSTYfbyG&%>2?W2#|
z6iPs+$+lfgy9l6-Qh!#)Hk==OSWOfF#Ay4qNP47}1(o8Y`L)!Zfdh8$*bJdxDEl`?
z*XLD)=)Iw=8%Zr?(RifDK~mp2OFvJ5HmIrWctfCbe}W7FYd#*-a?maTn}?-h1wQ5(
zaHlZUE}dG;P2$AR`#x^EFsJ0`vYb$YaKy00FvRd)(0ovjh-G-UL@RCHs1Dgni0>%U
z$lt(kMSrtmDSKOos)`WvQ&bZpq%&OQVo(yL^%vxB+9yo$lz?S2ND|?N{1=5c&_%Wd
z#)bGcxN9&9y4NSl_v7jNF@!3pbm(-bbeLYrCNe2gr7FY|+GnAyP?Q*E=+q8(DcE|g
z#J~ef!x%f(5~fTgH5A1+v7cjYG}VyXIHl&q-Y?S3!jwgvb5Us2Bf1dW#u*m&{N$c?
z(d7tH!GacT1GK?RK_j<yzWMgs{B7FXG?+AM&T0BO?YAv(0AJ}gqcx2;oQgOwC~fZ*
ze{v&}&f~L%7?eM7Y^V=P>9ij#Q^0}TKfGc*?z`!r@av`6RKwR)Bf@l0ylObpyWh{H
zK3XSIwO+>s&$bfD_JW(@_SQMz=+UfeK3-%n9qYNvTl8EtB~`evk^;~~r~EVJ-CZH+
zD&pPXM{jI(9Lb8C>{+C~6{z`AiSzRi7NJmV`P|P^u)nuHOGQ>u<&L!?eE<FMaZggB
zKgeIOJh5e13cK%?-0%^N_1lv9`pu7M7#^b^(eOO<A5Az_s65`P@how!f4zK!*+TYf
zQa9ZR7<y}}jA$l%2KJX8vl8?sraz$XT7os}#wSxgd@C{hOIc8>oFseKwx|iVgZV=%
zz&0o|eJ`se;t}<nJk#$Rv=<T|0v{Y7%HvxX=vy3JHXFG*puih-AK^B=wRfkarzUIU
zYcw`Ux45RTk%-M(Z%<*zP*UCkp}+yC{djBAYZa&O@5HzzOWvsXGOcN3Xxt_|!p~fC
ztO3SgJm4>daK1p+-nEr$oiVfuLAJbU9L@@D7%>~RNZu2jXScDe8GL-_0bK=c*#>Si
zY1?hHU2C$@dd9MWx<wp=(tJII&j=3C@jioXTy0oy8v5L!pe&pcPBZCL>Pi~m6X3U?
z5CftMa_X31l-KU0bYoA`%&W&T>E4F=RJ+umsGzP1*Z*ntb)}uvP_se4;vg?19}>lv
zPz&-BS!h8~SNc=7wN)Q5=?l-)3;H&WoEPl&>jXsjHv;nQ;&itXuq62c7;Z}GFsDBe
z{#XT05EpcA*f#NkQh!-R9G_NQCZaacb%W{IHXYJNj0$F`cwc%`#MS%;xfjOcb#h0R
zwKplJ@!{V{ja~Nf*ZZ+E8B>}u>mG=XIX6p)K`R3!r2YQFmN@kUKk-Bi;m{Jlh!}tP
z&vN|!E!h#^KOrj*25mARcu%OyfmFZY(+X+$><Er7<(x0sx^#=`EjkE8Wa=#%#}|>W
zAO6oW?eIHw<61wH3(GrZxb=D_7shv`u<ON4E(M5b2p#laT*%)Q>I6-fcJ9yWT^*F&
zJE~U0C?ENVHtLQusa7E>BXxvomFa)@^Z2Dk9~BMjTVh0Pk;w5AtlbIcvoLGu3maY!
z`QoRCwCF?kU-LKAb;+TPjk-F5{2D*te^3wiMH_EPvYr3NbDaq1GZRZ=Cznn7`IjBe
z4pq<k2Nu_FXAa*N&10xm_Ldu$>JMvoCpCw1xMNvd)1BwPx2Qq>H()>aST&~1l>wRc
zQ=N2EwYvaEYhe-q9i+No;el-OpW?%Psm5DCHajq0{bcx(nb<KqxpUG_-v3}%&jtPy
zF3=VybTdoui|R2{?JfIkjkmbj&Xe)(hQphTd(_Q@t=PzGDRqmhNLv%pUZ_9(8+y@R
zUZL`epD!|f-c()Q1p3c!^`GhVTabCi!XHh<p4rG>64&$L{lnPzS;UJhQzmM3Z?prK
zsx`TNwVrlep1B{-sM1=36Gk@#h42c0z2Lfr-=AVs2}CLv&*j&?Bd}2kYq5k#TM)?;
z^ZB=6jNN>?AEuJ3@<3xe7(d5U_wtQHtx&*@NQqDU9qZEaW)yXkC*mhBsTo_E0IDRX
z!~&}1UXdp}FJqc<6XM;df8`oN8*B_rtPg=IyvrMs)3=EdS$nG``Y|RSpJ)Mqi$jz(
zR73Puc<uoEV>4C)6H$!wT0E0(muJ2bopnP;C`a%1{&4ZpP6%39v=QI%A>@RNr_X@i
z=2%_w{7&f*DUbnq_}kbJ-2YBU<3TLS8(lRBv(vx7U$JL{@%V=!W@55zZb{>l;c3Q~
ze_54d_SkO5nY#=#lm2N`m+YC~_xxWWW<s(UZb@T*tbCKSspvG2a)&`-c}ZS`_b3oy
zR<~H;@`UB*AP$VQ&x22nh#y7@95pvG&;~zcjUE4<E5+^}rx9}Tk%2EgwKqR%<cC4Z
zSMK2)s7;@<&wx)*eQ&6s6WfYEW7`mXdS6GBfFuJ|;hW#at_%19GxWw7+WAd=8^aoK
zjcLtljaZk{hWQhG0^$(NxzAl2v@U7cyE&$m4KEZv7(PTk_`^48@Lum95nP~d)7!$@
zT49)>TH&<ew4t<NpK;1CZjs9nZy8VVPXVWJr@5!d40fT5<b=D|&<{ROZSJ2j_LBoX
zI=^ut;eO}wrfQAP_8m78VS9s?Z=V(=VQee42e~zLk}pi#L)(`%m<(8M|8F+9++=UD
z#ye;O)VPa-q4a&Z+n~D;!7tIZ?om;dOcw%P&Qz(tdE{ue<vyc)e@8=R0*g6*<@1i%
z$x*{Y`Qi{-{`2W)m@kMlN?TK8W6&BRF>(++9vY)r;~WAFDPc=|{9l|4>}Kk_x>Rhb
zTUO?s1J<i-1g@$&jisK~=}()LZ1$u4H=bInCyrXJtKq+s)qR3GbwlCu#f1f`DZ+Ep
zx)fAHja*jFIEZIAC`WmPWeW!Ht{L;o%PQ|J^~&xg2m`WhWpInVcq6-QUEm{Y?V2#C
z6EvtdD0Z6>!5i$QvNtRB%E=deUQFRL6dfZ;6a}B~Xce>J6y(AHQ`t}tdUV&lPzixB
zEc{3_g#LcE?@+pt2m?E9-*)McKjWXx2Dk3uHWBr1a5us9hV8LG1WulL(XaAw&z7UE
z8{BfY9C~>loFSZecDt(RbCz@v&L)H<+ag*y9z*w%I6p^^c+*`@GhDghi4iVhH~|we
z;lO>41HPFip?tZ7nCA+S%EDaA&$;{|bTVQH(|PTfQ&}j;G%wo^f7OWyeqERFyD$sP
zc54Lli_s&98^3q$h#R|iors(GgyF>k%6K@0`~68rqb=)-pTenjO6a5wV5BXP8_{Ib
z(?xKky`CGDqz&FyK*0Z;@8Ofc_trM?GZqiR^tOOo3Z@RQ4GU8{_$={9@}-&wig!qB
z$L{tG>?4P<KK6k3lQ)}Hd+{wwOW5Kk)YZ-#TVAg>s{pze<u+7XlH*<&)nHMV58K}F
zby<kpvu|05J7rH5_#(0Sd?{VfW%X!_0;A&$V4tC6H}Uwwc2C(J2}k2!a-b`lkXt+O
zi@K$^y}jQYj7O@JLA9d5D*V<B#gzH^oz}CF)-%;nH?ZG3?Unbu)AE~h2D%Da&kAIk
z=rBtE&vJk7ljaptTDSczo>$~<Ir@vgjxLt^+2}2$c9;1h;=(C?QM>xL@LXj_T?KZ>
zb12Z!*50^RG-^jX_uC+Su_~SY<4-9Ky_o82cVwd^2#HgjAj?qrTs6|Ggqy8jZXNFW
zzz`nFofz6wH>xf9QK2T<vn0EKDa4T%@m{a>C#4V8QcbkBxm{-WSn|xgyI3cdr}wjS
z!6@H^OxQW5w^v%$b38hwuefU{!;@nIrmVYmG_>e8D}~c``D=TD^9JD1(_u;_yXSXe
zXa=Y~TQyu;1viMD(+cH+C~cW~O>S@~o$K7t)?wy_QC)wUz#>))2KAaq%Kn@gv1~6M
z)yX_J7iPg|Sndo()|2_Kybi<PauN74Ul{l0qTmjL^5;n4b@5TUF7s-3J`#ot+t3)V
zeIkq`|2TqgI}=<fmcsEbjp~z$`AUFuaxnEKe_HG87T@&6q)<Br(^Sg(of<d63B9bb
zYl@$&s}~E?`@|&Khoz!V+80LUTI<cFw@a}J5ru2XRuP^?!^jB-EnJ(}OZ$(!OR}TM
zQvpe$#3XjbL1#Cr;nZ3uv<z3ztPIW!PAkOep8VmmAwpIIzw?}=BKp5}(pD3r+B~+I
z7MN)#=qn}J1slAcAlx)N+(?=iGPUF5kmf0(2D`EfW{szvGuOyf<vZA%rd~SHXpHoC
zIuhEN&qj0wj4uUBt|!YOH-QctNGU|DAs75!WKD5(pPFLo-r)oRRTj*}f7WD6%#I*2
zPiu!R^1nbGx24u0I&TsW^+GR&k!%PoMZuSS2s`~q+|haK&d@`Ci$>fXb%yKpJ$=Kr
z%HQFsQ3xOv>cGG<S-WocxEm^n?VZ9+{SC`I<u<sNw<EGERWGRCu`1EAicP2BX|SyN
zy7UzGk>pWp4&;ti(q4UwU($O-8mGZft7=ugq+j1{7q*Q($oT(dIHn`<?*D5S#`EAj
z{NX;-S=ot=V)<3k1F1N6l`QhtgPkk0tOrXK6;r2*t+*-pi~HST@KXGsXZ=5DaeIa7
z#;Lw`uvzQ)sG2KqX2IA4akc$MsIYFKdzz`l$+kMIP)qY@!yHG&-2n<diF=Hqh8;es
zi>u_j6kQ(0$ZD{m9ED&1XluDjlLB?ia0=g<<<3^f>bu&4l3)9DAy#q@epv*V%NY<j
zQLes3su6bE+z_^}DP|io7$!;FlU@HE3l@&{lZ5XV1SEOgAJBf7xWC&znj~dK$z}dT
zh-jJ<2@v!8Cgni}kh!ij6b#ciIXk+d##qgiO;=TsP5kq7tG(1$__b-F>ko-Us7)n^
z{yP#gXP3|Zi61d#`df^g13!OUBI3Ve8G{V4IsOyjXPZ~c{W=R_ZBgs7H}d#_R2sdG
zla0sj7AY_~o*T`X>X0DicmCp4CG$Mm|H5-8Nd2<AwMzQ}ymKCCRd`N4Kfx3Sa|61^
zX(NHQuPd}E5T<TGrsykapGbC>B^>NFDhnKP)wmW@8VAA~@n_c-#<cFXH)JcVN)m0Q
zUGk4LNVRS(hq{OBU~4ycZ<(w*`8-fpgXUFDIA;<g9E}Z9|2G-txTBw1uWG_HllZUl
zm<zT#kL`j=$?J)(m-ygJn}4OS*L_b}ytYB=W(n8r%BpnbXu7f4tybl*e9oY}S3jzo
zIE)|Lo#9&bzhi7Ca<F~NzE(!4ZQ-dLz_SbkMuWm`ymy~$t-@^$!U+sUo+9j550)+*
zq>5!^$7ri7_`eV>E2KRU;%|;6FlZRglMQ04)$~<}#xYiW`)L&RKd`dcj3$PXBbw$D
z5{QU~(j!>wG~u@#+klBn<k94YcE4mIfAmYTCNf8xxYqu3Cio|Tl!q(K<CH3kl8mMq
z3XRn`1`E{w2iCodaZc1Kb=Yu)i`RyC6yphfoQUJOWxREx=Hj;Fj}(;i5w>%)c-cme
zh3!eE^lO^fgw9PWEDzy6%ALDQ{+XbF?bSJ=<@f}go-E1dlNE@F$>G-}h^qbeZEn|1
zHf_kF=YqCCIn9FL*^f=sAWz4j&38@6;u|!C5eBDDnt_A1ur1%|SqN0t%{Bc>H`FzQ
zO4ko=;aWltSl~Ab8=>?IFcg-*>giCXdy;*n-U-aoWDS8AB0bBvW&Y~Xsrf*)!|j&M
zkZdbGmr{qd+V0H4?545tu-@GTy}L|sk1p8dSx15zaCNSs6aQ)O|9Uxd_;<H!!Xbf_
z_;IGHS$h8z1-#VXN_cU0*I{lyj`RlEKna9Ltudd1Jdj9wsclG^qI<XNpmo~+T(oRB
zO4?Oy8B026PaQpAR=che{HT_E2*$&cJMQzOwhuEl-eB2>h^{+Uvok+xryfQKbOt0K
zo@vnKFNP|VZD6K=GVD@lP9~n2FpECH(#y0XD3o>lk^8+<QTZeag1KHYPYL%dR|bE_
zc(H`_mM6qnSE$2{Uz@x|5(pdA+_cm5EnSlu>QSnD?bL;J*t6>vw*XV&<%9+nM}z&I
zsfc_61+H8x!fCl$oq(wPQ;!W}4nF22;L#UzRQX0s&xjsNb}NNFGZUvVz}EwZ4XRW?
zJO<ap7NcJ6z-sZibK&E1$*+x0IDv0#!YnMST}@nvQ&7CG&6=o8fw|e3v+5!*S$vsq
zp)DKv-;wzyh#+dgWvVBeleqdUFGAds?{8a4;%3A-t}#2He~KB>M#nxYq6&?m!~at5
zoWT)Wul*;o<%()_T^ioBB6hy0OYU9fJKp&l*7)nvFgyvnx<e<*Og$-!J@sU}QYrMd
zC0+FuFF~g-I7@@}%;|N5<?h_gANhvc^-xgkZ4&%C373Z3L5>sM-3&ODnnU(1quqQs
z7yly>FQrLmo8Og#{{Ir^ngjN<qd9!>|0*gp2kdAEa~R_PwjgMZmp0JEFLc;!GNr?j
z(!|~Fpn>n<mU~`dms$qxN6I_LG-OW^<s9QW_U7@5Ewk)Lf}Fz}45o;(|F$KT&nA@$
z+7FjEi2-C!;pL2&I{fPYWX1a0qZ*5Lt3w(MZJl$xL{9F=__m&cI_n|{W^FeCR+_yL
z2X(eYTqT=5j!WFdy=MHt16%c|Nw<`l%_?H>)!(tAN`7CxDTWtG!LfDqGIIDLhGXdP
zB{%CO9iZz=*E-AoNP67)ROTle<2`>{TIlIR0`rKw*84^f?v|x33d#%V)ZlMg-(3-Q
zXcNG?Y5yYX30NCQv;S+lco|1FL&@QZ*^x^U{@bFY=uEV6f@oaL8dwT1L+CEKuxs|x
z$_8TU{O9Kwa@rsZb8i#jh27A<6FMp-0X(K1$a2<yZ0o2+itLwJHdi8&<l1c@37bOi
zb0cxNvvoyp8aT4GRQu%o(aJpsw#Ab<G*>iUuH<vQkdcZ24i~RQS}*U=6Ysiv`U*qo
z2xU5;yrNMHawn|k-$7o`nAZ^YZxq8U*Yf!edK>ZoQ{=T|?b8?hN3t{aXCqI+TOWF7
zBF4?uk%%@DZu4JTKL=`Kn`0JEcW&b3V~RXV&%P!}mx`x@EnhR8w<=pY<LV8)jf>nM
z@l^)T%GkSFA8FJC8pNX*;tD@c?kz}CjzwIFT7&UkQZZvGa>$tQEOEp2Sanbdzr#_c
z1*(=iWZ~~w*}0+S1$qCGByJd%D;-8B_@)0%5H8z0jE?h*-~4T%#LjdeAhIbaGKo&F
zWT)Xmdq(eAPo<ge!o!z_i`*)C_}-c7IzS~FS?`mp9j;UwdYV)k8r;g`NlfbpqPWKc
z)BP^*Qog=oY%9LvPOqHTFRPs;+g;KwYT)ACA-GZALs6Yg!`fbA!)!lvp29iebb^b!
zW?bi5noH_J5R653qscEYzzZMPo2ch}zEoD(!m@S1jCypX(&>@cIzrB|pAWJop7I{t
zT>4SmidVbF*?a7CNIVpD!h3bYd;Ny^QuAs`a08!FugEL^K+w;mQ|`(BHqk)v<{pQ5
zTXA)7u5d1#QQNxPntwGAY8N@^`5ttL{DeFyT(kcA1vcA;J<|TMU~J`-XtaCU#=VbY
z2_q06dqa=Us`tGAy^`}O#Ie9C)0{-<A@5$iz$)83us|aZAT-UWxGXdb&2cd`q`)fM
z&qsNoxFp?;jwP+g04kGcC&FA3YG=e;`tnLca-W1>jiJZH@4Pf~;_U(m*Py?g*JuA|
z8^o*7DSG)*k!JMmP)vGIkw`guj#LaCs6Zm0FXudFK!Hy7--{X<nrc6J&p$5^$w$vQ
zA7=?M(sR-`QvH(eXnv|gd&#a;5puLnuzxrs!o&cYuf(ub&8c8kGV$y;oJ*1k=<dHi
z^^?kxMFmqtg_cOQkS~?&3#NF;-trbaNo{*e4OdeM;u6bhe_%?!6)mvdXq9TA<KZou
zfh`6#H{P7)_bz)MSv9(huUq+*q&atkR1R#be-Q&zP_;fBQ6ICUFB~d7coZy=7;Nwl
zgKL2fy2_fJ8-NZhH%-zbgk_L0<s^p_kU7Z2bHgEhZry9qqd;1$^kEAn9bmqppy62{
z=$0Hxcdz(`GNRx&NQwP-sJ>E+{Rw{o4LH=UfDBA$M@I%G)5k(93{>U7R1yZgQb(Q?
zuG0H#I#Ok*Y&u;<*e&k3P1T<o*~T8603ZYMxn+5&#!kx%MWBwZ=dJK|>w0QFv=tKU
ztZbv#!qwyzs{4~EO&t(WaGvi;*4jbcFgTJ#FxWxQcj8>NI3DT0UjV6HZb|?)js{uH
z9z_~A9C(<l7Q{~ooE0^WI^NU^)W@T{)0FpO)lhKWTCJ=Ll!AUQ8lct$ZkN=_!&(Bj
zl!O^`g9xH$rhap9n0@_9OkgEV9OQg@`?gfJtN&WX<n+m7l=)q`DHG;!fE&}-WzVT)
z@a_cWipop1soT@69#|}({%ZBy!zw{G<Sr(m^kiacMfiw+YDJ;7?cpE2;GUH4&_1ee
zCY$)h*G@K@V@bJnX0x;$jR?|hJ+|BI6~+4r*UBQeqZFSiXd9VUaTB*Rs#i&m1b*kB
znVsu~onfQT&*hzW6iL9g@>Y!$C5qj>LGB2_KcM*%jN&aE)SB73IyP)AB7T}J^1ydA
zSta|R*r{O>y(DeN+}})bQq?qh&a|5pXK_DVf1W;sSsvGw=yedDpm-2zuh@1|*Bbgz
zYx`2u#msY0w%~BE09kweoR~+N&j51qYNwHC6o)pqc)q~3c5`0px!3WJpV)rjonB>%
zY88f?hwv6`n}n>o3-~u#Ah|PSKw26>=N@mf*TvZK2fIcR=J1wz8~KvaOL?zLZw*`+
z&jNch3aLqb&zB11Eu;Bm156aRuKF9KW>>Qg;D0G}!t_7czRA^dtNUE7U7*gaR2;9a
zphAI)7)6PCvx3G=cb~k)LcAJj(AiCQryuKKf9_Jc8iLUwgT>G0`fK;3r+?kvc=IZE
zK&*subAh#lQQ;_^g<6Gj)NW+nMd#M_{E2w9y*`uDHLVwQ%}=kTq>lZL^z|Iq?uXM4
zO%m;x-L($2(7KvA7@kWf5OKzOlb5Cwan9-ll!`v={d#ifvji9lDzS>k4uL4`_ggog
zPB!4{V4OFOA#3;UpGXi>TF1&oUB(WAPRkA$uJ1unf+(m{FK?r=DU0&F$@q-1Eb?`B
zuI!511pN~m%yVOlMPZo~d<PE^l~tG3_tQ}YOLanUQf?4?)jPYdUJmb=&$2cxJb{+e
zrOwMLgo{2pyfv>)$DvrI98YUxbz`X*a<yW8s?l4UIqFy&#FWZAxj&!f&OF_WGkfA7
zgFI8%e$PIo=ZRfErd5h^Fs<iFY+lw9yiC*Y{?;Jvg|tbz6?HT11<kxfdpHqcmMgCj
z&T;lNWWk~6nsTW68mvBZ3*7@Da?Ht*G!WpIrSB?~w{HFkG&*>=^{KA2Dc{O;l9o8<
z+5aQjc*?m;y#17I8}8n;%z`n)-q5lhSEd#;YF5V&sPmmgZn9c)?9{3wxbZhaz6t7e
zcxH_@&z0nu{GDWmz`#~)%*o)CN>V=(rFCIDYkhYAo}oQ@y=DNoA*Hafn=90qD$*Kq
zDjmI63wTCJefpZ(tT|gUR&6=6sM`CS9l4xCUkmA}Za7ubs#BZQ%By6Wm5e$_Xml7F
zbsR#`vWsV$&p^~xd<vs}?%9K#ei7RCo_rRY!+a`strnq>E>b<f7*)+y2}ItR*?dJ7
zo$RPLEB|alnnjVOH1*6Wr-iO^Rb!F1rE)3fg++d!4l8(q?1ZLNH)|w;t8pk<i)__O
z`zFL=Xy}-&@_|aZj(Yfej&Zv@=ooF=al3V*%&oZerS-ZlK8TZEH5uz$Ggi^jFuzdr
zELUJJ^)-U@<u3YDeHTK_>p};S_b2O2OGGmX`xY`+9I?%vPb=PUP~DzB5IaSPYu<pO
ziuLjvbP7h|3-+q6evi6MfUPEHVg#y_(o~z{3I=ob?ef)S3ahouE#uV}b805c>5EI8
z@?Te2oj&5`?f2GMUznOgr(bfT@5R3=SM>Zn-CJTBsidF!3OCha?6eGr@%=I&qsIdK
z3G48n!XstDHOP@oiK{RqJ#pzN=7>GNk!DeH9#{=3kb(GhTI8Pnf%z6YN5yE&5r>gG
z^|eJRl|^Cyf_X(vLE_iky~13GTl577hHYv{UF5!K0ZzUaJJf8V&%x^kSyXEP3>zY&
zu-p}Zf_187?TCnmb?8-+esk`en?lhvrUgg)OtNli(kql-(VVMLx;JG3xJm*R=PDHL
zO_>9l&FNmZR&UOgFU+4Z$G=JvJNTMCTQ_M|;gHCnrMbT)2i}{oZn#YT`1E?qYX(X~
z(xMWM?;q>VA5K{q${)@ZYJLBYgQAN@?&<uC*}YpwfLCgy4tVn~*`iciyML{{yi&O6
z?&w}<buxXl&9quH*y!LI&vY`et<?f=auh!3zR%X-;*iS}=BSt*sh*dOy`L9<x0GdZ
zeeU>PC;rqi#H#<ax@~rwPitgy8$dP#%fhVgGM)u9z`Ko&MN)VkP~eeCr_&dPtwdaS
zehzefJ;+PCnXuqVjVs(~u2KgULKh<xxG^^)(77^uzD|sP|4QJDq?>}BW_ER<Y|2Zu
z5;ueCM!D_d*b8)?lJ~1B<?e>3;VRkss~E&e$r{<6hRT-(D#lN&2k~m^%B2Y~c!|wq
zl`0}C&ra8&5N$LqkV9#30Zmp`@V)31bC%aQrl<nu*H+Ve(Th-;&@4z)q#byC;N};L
z^J187W0&9pwRr5ZbpLY0QgM@dM1w}Xal?}3)bc>#1P!CuvSSQ(_A%f7Nb~X1!ANrz
zuHy~JnZ)r%+xf)thUqW0idGXOZrCC@le|>F6=_y^2&Ov5#&8Zxye7wR7LKu-nd`a%
zPju-pq^6|c5fP+j46-%wZH9Z99NtgXT9{l98p==+H8d4z1jzsl$1`DA0UybeQ4$^c
zUVVcK+({@rq95b`pv0Hc;hPV;O~d7ao-hJ47n?#s<|8q!M+H0K<|BE3NU`auxbIo+
z%&9_!Ja$#_`gN$AWb6xmf5|>WV?pKNbnO5sNnmq4*Fn(mh+d_A{Cxf3A;V~op1tiH
z;nKGGBE92<`nFVm==U6m%dF~Ns*a6wU$rui!A)|*obZ@oFtP9@u3eN8#!G||TYM0N
zO(dR_33c2!xKUVNl`=3^UzIj6Hih^eHHq-}3hg$Us+aqPyEN+NmVEc6?mSsiAc^8Z
z-XZulkZPvhQh!1DSd#@g^x1g>A9FT?8?Kv$Ch*G*vE2#j4b!S~@`IKAs^xL*@Ka6w
zY{o;(NjW26WI8?Oi7v6W#R!?kdsb%~7%(tYTKpIfxRF&{s2Lc!CfM2R`W9nb*eI}9
zBHM5f{j#UYFxqaAqLSv@>&`G*Ny2k8x;u|K{+Ru)M#algLg|_5n$CG;Yb2TK8EC5I
zkW^O-ut%N+c)YGt=*=IitYC%}J5VkN&Ki{BA3ZoP$@pBnn}5~hG1Is&t7(aa!+Xdu
zNPl*L>5&$_P3Ns0Yoh2Hm`!x9QM$lpw?x-lY_~Kpjl$biMWnxARn{a_nsrGhRVsgl
z$K-5N@3&u=*CKU%K>O0PG&|@{AJ5BOMh8gQPgOjLv2R2QJ%7dl#mAmt+J5PR9mmRB
zmOKK2utiie?5JaT^Oq#IfppID_0b)v$BG#?)Q-IQi;~O0*Le!1{ObY>-*Ux)0cvQM
zle9C3Y@H-ozndp|21+eV0*}U7w2$&1&0UM|oC$%*<TGbz2e-j&Jw@xnPKw<jI(R`v
zox(HgXa}c#U8Ui|u{wAf!_D3=IksI3y!uB(u7k`G<TJ}?jai_B;~%Nxd5$(+0B-#w
zf{@%fvqP+YawqJZ0p>ar|DwjY7qWF)6al5X>6#wx-!UmnJJIy5sK-T*+P1l}-U9b|
zcg}{2+xWcnv)q(T+Rw{MHIMes8TQU{dJW+tNbdA*O%OFwKwsrV`qPA}gtqzaLr$4+
z4=f(e%K4z~dh4xG+3Ae+>G=4u;xmU!LP;Z};b7DYZKPrF)7PM7y*Z-5)$_rlvPPsy
zhlJclQ^2E1>k7)G!|kw+^+O8V+Es?+ZJdr_wq!+Q_U12StlsppAcE?@fHjGz@8&D-
zezX~SZ7XULrRa6QyZV5m_&i`uxvi4aDW2T9{gMVSU{<cep$|QPbuY={R~b($G#yo{
z>ZMyS!0NvE{-iX%Vy-B|JhzK^WFLCXBkG=_ugI8`UT?2?7f^n<27CN?H@0JCIbOc9
z{H69te~GHca)jX}>)HK&8xo(b6X^wWxv24+8XCB0Ru>=WZkCX(7x@pp*xeBEs{S%~
z@U6h>PWU^f2^bfg_{Uf$oPTt-9upwJ{7LZutS*>yPcuz@Y`L)_mG2dL3Hlv{?>Pm@
z79-)f&l?wy5RkeAWu+r{Dnhb_NU-j+I=2#I4U{A2L-E0N=lRN8uUYyPuud8WIIZ&{
ztyILKZ{Z}eFGrY($ZoH!mFTB<5FcRcXRNR?3XvV;hp_mzHTU34^;tM16T%w3_8JYg
z4g_Z<cQlXJp8iSa%;BX4JFPq8+K#l8eZ=oQxK(*%VMuTgf+RVR0XrH`ty02o)-aoJ
zUdKbEM6%gXjdaYrkgP=6+c1rE!k>Ogi9%h6_P`}+*ICQH#TAH@T@&&^|Cb1K0#WRX
z_gsyvIidyi6M{t<HuJhskvOk*dth13e((B9LGLNXx61~Y<d3rjTpv2V_df(tMuP*W
zsbo>L{w2c>2iMUYeKCU9b8KV1FOm{q(eZ2QuZVlfsbax<2U*5<TKOYooE+E<1yQIL
zg|GMQHe|rgJ#N(aK<a|lVCDeWY1AxO810j`k1oooh_XsA#G)tN+ED?p93f*$(f(J>
z#;o#X-o@pw@S0U^wfJY=yDWEBb<(0}j{|<=NzZba=eA;3#ieO_GnzQPBW;YMyE>N;
zcSg(`<Ew%#ygmTs&v1Z~uJ_z%)azPx@6tQE>)xjKn4JDKGJ;tbn+cI#@fabtQD}Pw
zPwRxYgOGh4ZYemqW3u4RZ2Gav+)JH9P|MK-lGlLfEUcn9{BNn`41)sf^<IG+Trc#r
zo%_&!4WVAcWsZ8(CtMr8BNo4=o1pT=a>2kzMTG0=eA>M3%miQOHJ33`QTXXIhkc|d
z6IZ_3&E7MvTlAK2F-;8Ryc8@tlYjxWOuJ)69_QSx<X@!-ZVfvP6`bR!NBOS-PM0@`
z<?pUFK(4J<m~r}e+U;<U_yps=Um;zuffc5vK&x-vBV`jZs%BJ0>=+GXtFBqNO;J-;
zTa8gX<qIjQmcSxTYUN~%!orHoLb{+;gLkgCBZ^8so~E&{cruE$P_8$ArC7lmI3d;I
zRb}O5*lD*`^-`6CD|1in;?cqvg!JB=kvp;$Ol1|FqpR1H3V{uIOT@{h6QtH0UuiNg
zNo<;ZLbkBbd%wJUlZ{y8OOQE0aWXRr#mzEDTO)r~dA~Z=tysF$QE4z=9q49Nou;Ao
z71guWZNfc^uJLETL?%8*!guwl%*U7eEU0a7`}-8g7DQ7M8@uqV+uWlZU#F;tL}4>3
z|EzcF*1-I+JdY<ScVsvJ!gb#x4Ui5V*?mHNX3U?=QkuiVwsk-g$FX(b5!cy*gb{lF
z%x1Q`?1rF@LusatPT&2LURtl5&q8j**wDdZ)YK!VE&>8**wjo&VXs}Kay&C+UQcbK
z;B>ibx{k_YHtlF(3#SwHaIxg8*Zk&HOaD+g&{<3&x>Rg3S_@J$a4jNE<s3NOuciIM
z1RzZ;c`QWfrSd+prAbnE^mH(s{zuy~Uh=nIU;HzmNP2s9Jjq0Rh>dyYN%n<^aaus9
zdQ|1;VmPTgwzWSU8#|HZf(li1awxugXHfsbXk}|Qn_NLMuXu``FxbFWKOr8_zuAiB
zOtq$@c=I60w!6e*zdJIF{2}g5ASDA+&a}jVLUFNr>~nWSL(F$F1Z9wouTLlg9o<?-
zE;Irijk!gU`a#^suq@@O=67gyOtX}qnRHd*Bvqk#T1REbrs=9{1V#mKTz5zK?Q3`j
zA3Rq-?-0XAV)L)XXrvl&lbG+ck=U<A@tpP&-Ws4hvcNwlz<Uqbt4fcUwy6V7YoB9t
z_X)gfNuC*>6OCDTEvf#(fbXu2=N(eX>Ac4O;_WS9BWb!U(Kg#{>M}DkGc&W>&}L?6
zGc&ZAnVFfH?KU$rGc)6>@Beq+&PcP;=xOyzkvGmc_eMmfs#KMgc{8G3!p8Gc1*Y9x
z>K?92e&h?Y1hj(FSq_uCI3lw?C9_`51~752QWN>k-8%Vd2qg=XJ@@eEBl1%<`{5z6
zyAkm#YV*v}#C<)PeQ|v^66zc~+H0@YhUYPIsOx5#eRD(ad&>7BkjtfXkV}v!|F<3)
z2H0`Pr$10VI1K1K(0HH`(d>xhP|?2Py`TyyEeZ{i5g>-W91M8t;MS1MzA)P=w%9GW
zGT`w&Mz&Bb$m<Z7kV-wu4DjRMo_sxez4XXZAWZ(eiDG|2E2N;KTix=+{IL2NPQ46q
zmRFoo5t8MpXrv33UZ_`(@;k|YLUD$jtY7e1I}B#~56LjtghDf|0EiikhTmciw}4>&
zw>k=6n(qX#cc_0o2Pph-qzHnMhI7H~{~OpFS6E|2Nuy3hH)IYEqUuZC`;!4q3!)0)
ztD36?4GxNU9DZxGBwv<(xdHw6DlFRtMEaw@EbsFCpZ~@XU#cLxl!vx2^lw<~TC>_U
zr?qGTAJ!)O51GM+aa>d89X_NR<c6K#6S9BH_Zj<#57@4az<(CMHDw`a$_G~#hi8-m
zuzSgBFg+10deCZ6e}k<Fesc!ijeE3D>BKRi4_+D5f3#Qg0<GW!QOW*RF7LZQo^!%%
z_6nEA_ory;{|BgM8ZK0h_)N<Il>v*#U{0ivCXqmfR2VAq{~cn{EBGa=`Tv(v(j%?B
zO-gl*gz6gl{p_l*{u5+YFYr3VfHF@FPl3jG&n3i&5?fxFg_=AKo-7SMDo@=<$q*4z
zc)X%ojMYQ!-Z5E6q=`D@cW21&9i_OeSmJSHdqRcZwGyMM6C$mBJkkl$fCHX9ttg74
zk;bAh3Dw2>^Sr!c&g68-FRlI%d&)emFp6ZN(Zc^8{+#7Za6}-@6qY>tKSI_qa0|8;
ze4cNIzOCDW*FRjB?}_Xmfu+yo*LFMAwKl4VLNvuGK$JJHL>%QIBo9wvo;b|?e~ZDB
zaMP(ET+9NdkjLZSGBI<Q!5mF||FbBtkcRaO%Gqy24{;gxw3n|Zi-1Y~UnLnSbx!2)
z<hdK}lm5@w*!CCGzoGQ-E>c}f01h3YH24*&rVVI@5L$5zX<RbWh_vB7rC4^zac9Ue
zrIs+;VvngIsQ5S7Wq~l1SiZpg;a!S4jxd@iBI$j3z>5+`IL#!{Sp)eMVNOazmFFeo
zwuY7%n(;KOag2S`{;NU<K5dvCt~!bkJ&Mrxqu2pABRf3x3~{u7K?Q_DieSYAVan0m
zc|UPnSD?uR<e)^bu;-9jbL5b1|9t-qNg69AS&$hVaKuCWJ=3)JE~C5u4ZEY;lIka>
zd2nn0lS#&PXhv`fOBiwFu0%e^tn1GA4qFHvR~TUVP7;Z)<Bwl8Jp_X&ujNM%eGLK9
zMbLu|{_Jm|EXDaRSdw@GEU%zS`Sjpm<KXXtIl=amS+lBs<-M%i8mBl2E%Y72teb>A
z+~BUk-vak?ZFzV^e1oCyare8K-RtyyPj9Y~LA;52<iVdqzoD{#pzi1ThuxrpNST33
z4gb{ycMbn$1K6eo?GW{ChW;rrr|=);!TogeTN#K}^^UvpoI^>`(NEcfk|O*0S@8K;
z$9Y9g3v*D5k-ulA*RPlz-jLPVz5g?)tctaeDCShCpl$v?gU-^&b2HmVMSZ+zS|S^N
zo_R2|zJCg=8h7X-1o=|;ERY2YN#{?`QZzJpAR8COeS*7vnI*OO?7mC>v}Cd){H|aN
ze8>#VMxSbzHt;CZkc!tc*M;xc5;FfB(gWSryR-Dh`Ww4Hed6Xs#ug-57)ls@;I4G;
zvm!;;{}uS~rEpW&RrIV8MtP`g>3eJn4~`ywRw>;-ut;Fn#Ht3@<U=f17aXEHd^i45
zSA9ZEEfc8q8*+?FDU^*S<}BZ|V=@_AR>Qha+G^0o%lcFVim^~XpMv>p;LL=#5r6Am
zWVOEZL&So=_C&JIX{SEVyf8+EM}sp<#eHU!<t5BblMXaIl05nLvrL^_H~-Q2P+uck
ze(b?sc>YzrfiHQHSHs6|kvfoiZr?STZ)g92>Q%=)Y3xZtQ&>bx8X>!@Q+R8W@JPVG
zG;RHEgg11Zc0^n3@-8%Anu0M330b80`X%n(8E@uYT;z)I5mV%r@R07U?E1?&Ozx41
zdG<3s)y9V=s^0P@AL95ZI|coKT4ZZrSK@M;R->#Z+TH%wzUZ9D2}<LVgLpPlDLJdC
zMfFI$`?@*-yPfJxJmdu1nTt^BkSH9702q3|ANr>g+qEFlz8}gYA3l!d>@EjGuMAqV
z|60$59#IN7*&ptn%xyY`0UFeULpKHetmfbM(cs_veZg341#w&nK;j7Se~?!m=0NyL
z)3o&a|8K)h)AHB<znW9Xwm<c<g$q#cXf@5Wk4>y-5ny}0vfC!MuqofHA)5WxdPNvu
zWSGY)PxK&Lpw?k8!I*n#>eu;ZWtu$vb^Z9pH;v+(uJlaM(zlqXSu5(f7MJVCMP&Dw
z@n5u-uG7|yzwciLRjkkbq<muIp*+K8vey-EUAIB1^K+d0nQs7JO*w=@u@UpjTDUNb
zou{-TC_;)QfqIKXIqsh4HZg5zL4x7C7E~1!yYI}l7z1Pk#9oi9Z__U`&A|V;q4!Oe
zEu?}%)gyF;paBi<MXEvR_^tys)^nzpm|8*A>!HW02Da!A=Zf$7jSn2(uObzvoIRQw
zsm41qg%Y?H%qA$xpTE5d+h&fvj2&CXRGF!IY}u{yM~suL_`z>>E&rG-!VC3loM&oR
zn1py85Hx?)Z(c6P?RRWPSH9g2pNKJ#)IC@=i!?5L+ZqU-2%t4!o*>Tt8Z~3er#vyB
zFFBZIhDm2a(`XG~7lQJRqm0`c%<70x?0)IJj@Jw+Hd#x?9al{88<$11y#5$ZhMUp*
zA2PORN8RjW8-iN+aC8tA;x23_|2irB33)nk+rp4|W71LIy?b8H!N?`&`3UJp-Sg8H
zwFNQ(^s#-&`)T<K?`^}d+vD8j%9;T}24e2p$AgKlM^EQA9|Q6@XnpU;HV6aMI0T}9
z@VBSq39!3f;%$YR9vQg|liASCZAV+kZ5?D&zj{G@+x*mQ46s3eJ3XEjm~}X75agc9
zZ8lr(6lgNPk!=K9@)p>2_#)p@J*<@fasr$F@(D1p*I6H*x)bOdNB{olgLXJIvd~}G
z*kAkBZ}xomzus=V7DxILsJ9;PmeZfe+u3064!%AJ*Ha*$oIU(d&qv?BaQ?501fF;)
z4@D!p>Xz3Ptgee#JeKfTjga`S7<~7Po~CG9sRJ%17Z62ZA&(rfzw@<Co0i+hlaA@r
zbp~9j2(UUW>qKgXZfuQRTbOvXF!8D&5mo;L!+t1XeI*R?7v9K#WKs4oL%0@wn?l)6
z1?5r1<ST*8RtzGi{41QWLkP+v^b9`p4gcpK#FCld^a?&AcPz7KlIfpg#WO4B4Nh3J
z8De0?Gu<Gs>;hkq$6Mb%uycIC?rnTO;iv!4V)bH<s^xS!2o|fSkSQ82R*s<MbS8*9
zvw+QFKdcN|<O>GY9V3e|nr!OBP#TpF4u(xx9E6E<9jO@vmv7Xz$t-^4r^}rC9fuum
zBqeqKjD0Q!Npc9CeW}^l^QU$fnZ~GbUb{^AW`xt#@KQAr`R;|%Ew4gf%Thr1fY_08
zY@6J@0R4TGcQEcJ?_V-y>AkBuX|t1GN^+mKB@?EtY;qE-+zAb%48;;^rm$0|VBWBk
zAV>a$dEifnJDWmBhdZ+!uFsX_VV@|q+};3Q<WyG)d@QA~kR(n;L{g0;04+5!ZwPkr
zffGfp>~8<DOPKy9((4azd?8j|Yfo?cd*zd#$bnzhNW4B()#{YenCYtO!b9OG#&2oA
zJYPfB!>9eFWofg^o>>y?r6=(CDv>q<^Bys5eIe;Wzz|7%5#tD=(Wa0mjQH=^IlsXf
zqoAj;&fmkZc9u(thGM~p`JMGVY(p|&twRs`*6QJ4&`Vw4lDa-3@p!=Cb%ICh_><H3
z`Xq06N?)(tlb%{aq*)UhHV%7|CD()}r9GM35uQ3zKj~0K>B+L}S^TJixa<^QY2HK)
zR-+bOD*8%xE<G2o8YE}M2k@1uBSd}{o#AqR_u^K<Av5*+ULTrz84>3u_o0PT6@{ve
zS@}s6jpWvFhip=xfT?EGG&{?!AT6o!oPjob3%c6<1A;5&Dcp^|Fwtc~+-x7~{-(?9
zqXNJv<<<w&9T~VDxKBf3O2`RjKOd%IfJ+k=goKTiy@}q)5$59RuO8jof_b_IbGE2R
z1bqgFYFE)(`uFeB&JOU}v6JgQ7mqzIUMs?trg-|1UA0$fVM4035>*B5d!+eUb)y@|
z10wj}0My1#|5%^o`^1LkFuN+Fg9@?KYCz~$$%cqh`>*+=UAoiK+Au8362=^{;*(~Z
zS_<#|Sne3Fd~c%@aTSE<!<H00OH97j)>?X}1exh%cd1|m(jWY2XZ?%@yvyGnL#z${
z{e3YLnFb|heFFNp61dC5`Oh)q2gPH`P2`U=aR#Mkj7Vh<M2S8yh-v4wsvBp8Yj{jm
z7*C;Y+dtNdNvRQ&hPC|yW60C2Xyp)l0{iIwHX}O)3foic`3a{C@><#)+Z6xA^@>((
z>U3WM)p^p}iN-R4Fq4S;WAa90QKn@!Y5I#aLMCb*B0??-2_k`l&?Up$THmNEry9g-
z12@W2nF_a3{xGCbYkafPkQaR{mO($!Y@=jJy_(a6{GGc})<peYmTxD+c;p~fQJTNY
zQ%Gy>D=L;)jd-c{i@gqyjqy`%j`_kN!EdeQk44Rhk!UW4j65BL&o|;c8-|j6e)HEj
zG8e%F4_sO?x+u$Zz5e5;s{VmJQ3aZ<eFIj#@DWboUIySV0#*cgehGW^i3gyM+|Hzw
zlUm$XoVaz4>d-24WjyoJyhEuzTxV%+^mf>zxyT3P1NK<gRxkNJzX(JR+zWf8Ls`Kd
z*9+0hF@Fv2>T>RyJLXtd;0yE>eY)HC6XKrUw$DfDgwXbKSMeH(A#IA?pHYtnLwq7~
zE6ouDCvoW>=QYMoE+F58ag?56w7Q;-S}nO-Pdke$+o)4zrrv2?a~^wFIf`@5tgd3j
zP%VC_WKUL%m&U!sO|R=1Fos?{$al~g^hB%Ie!PQ&_PIumK_%xD<X7IaKyaSD#v;Cx
z7Rp+gs>Y(aFcSuyx5bw*b2XH1kIHsHRj>uZDV^69cy~3N3ok#sVS=qgU*511lsr}@
zjJ=sRC5+8S+8C9<<y7(lXhg75qdrS1b(gxzFZw8w8W_hrNOcdyBQ!<jj1C*+n^=IO
z#Iz`n94$J~aV4T@&tA}@Kt|`HI@{~Lb>*K&2|e8R3|Bd|D+J*!kKOtDUR}K4WkOG?
zs#q7La%Ptg!ds<KLS(TbjQFTHCuNb>4WG@ZBz#jF**LE#&D+Ql;1#uMO`|P+;x5H5
z;$?F#EYpy;|MT@HsSBe?yW7^^=iIpTOCI8<`eN*HNQ+fr-LeGY@1>PttEb8t6k8lb
z>)j#c1uFs*9>;SV`t!d_@&;|;?Cbne^7G%ON=c4_u>c3IWNERT3RQ#Zq2jH5sp<pA
zpJSf6<Y|YYvs;Y(3Y%s+!*95EgtuQyZa+SsaD7y65P2>uZvI5LI38#YsqdG9?vy3X
zuZp>r(VB^;J|^%7ILw!w_B2jrxPWN4E=B^UQ~gz{p&-s(<-Ff%$pKmBEAI-qkj7(`
zUoNPu3OK>#xaxOHrf~VONSs08l3uc~N+Et!lBhA0;XTlzk*^Uui`4)Sy{8wQ#5$$P
z^O=X`x^5+2;`W;?a3Pdeoo%z*%w)SQAr;sC%N<cFq+vsCq(rNKg7blR#ZVO1x)^8~
zS!hU<&F7l1iL_ykeQG6L<s6~oF^j$SRH84<0-D*n8Q4&zbtUG$%;qBaLEE}I`dhW~
zuZQt~sFxny+T0~!0cvb9m^tpq93>9et%w()Jo~L<@JXMWl<3~77z)dT67L5EaQ69o
zV$?`0Q$F@dC0;Lz97MMr;N<t{mQ;;*mYs-K?X~@rV4ZRw&6fV!Z+NC(b#%)YxFWZ2
zRq#@%_0ouSd@UB?X#De7xlKt0@5yHYvt4G7-BqX-=BS%9i1j)tp%61XpQ@H*ZTb68
z+UyOj*sPjMHAr;lAbS*Q7Zk0{`ivEea+j8BkZ<o=Y%KGCEncV=YmltZL9i)-epDMZ
zxbjA&&>&-mxv5`uxp*puh-@8GAq~bNaS;-VjpnZ50Q1sSHs!f;x`;3X<=?+Vx)Aoy
zB(mgkm|wz1mI6JsN0uTzH`H0}GBmzNJC(t8i<+qyoWlNW6)g#iyMB5s>FhgBkD#gm
z+2ydz;aF%>TQ}G4dn1qv+~RiZaufbUV4YtYkL<#|s_}_Gi=<de-fCfa>M1rw^sK8S
zL1+p7v8#4NZO4)ICSq4`Ogjk>54{_>lK9|lyFlNyw@c=bl>x|ym5T<djTaYo6ooer
zU@;0CUE?5zXCxx|G_9&%^kbC|pAs%=6l<EsxF<PPEgL=5)BRYh2(Jk5M>sREta<Lk
zvd|`VRwu4pF{pm{R!w9{SB<bJ+`*;cQ<v4ir7m5Gs#5D!plyI__0$ku>urK>iEoK(
z`8E5Q=#=qc`DS$H`lkG*e5U$nbH2F<^N9I~xj5pC|Auph^5)rI{ea!xy|Hy_rE8>X
zlxdCFMBg}BLtjr{KUo*Ntg3Fh_V+?z@#XR1QKY<^ccp8sZ8pnds-ddZbnQuVX$|(g
zTP^>hd(}oQ{=9p|5_k!DP{%ZJ1^Z&EGWp!<(b+P$^Y5lHZQaxI!y?m~gnlQb6=h{}
zL6YQ|RchQsWn!HGnp(Lr^~$0KG55&iVsKsfxrMQ@i(AS==zHwB{;!ej;cT_D1BJT&
zRRWLEY;{hz3ZBVTn&{;228(@|TX4&A9?2{tt9bIU_{xi0IJYF!VFzPf%i?o#D0Pqh
zpPUgz!DDCVDLBMK%P^dBQT1M&N|SZ*x8^SmnQ>ENM;D$iah@aAWMc<R?X5CnjgN$N
zQr^}s$xgG&;-x90_0dWYr$66NoI1ERFN>uXMB2OCggf<gD|J-DFE~%}EdoD6Gz!_4
zqe~-4mk$`}4_BxSy~mqX2W|}~E=JXi&%Hck&-0gyo!Oe`nkK8lehrmfIMqhh%09j>
zAJtwsJN*{_9juL99(hsM-2d4BxV&cgQ0vYea^Yg|h#=1G=G+;7wJ&|b;-VpS&|nu<
zaOP+ql|*?|JSlH%dW2D&OyfLhKN-)P37e_8Z#P*vd2wrCTIW!Vb1vglG&+`XG70C_
z>X7Y_-O-nNFrKK&b(i6Gt8t`oq`<lEHtr@9WjmVDJ*s#ldW6cksJ`1lX5+N!xS0^2
zaWL6#U#E0Zku;atC?~dg=DF=jV9JHhojt5BH@QM{<pOG&?fDbdYK-5!l6$n+k$pp{
zt2BCHXl&sX+{@on_e<j`4*z)WKJ^xPL;NZB?4k8lt5q<&+K0T{iQg-By#(r{*S;Jt
zFL?L@I0JDf+`SpE9F|vnmpbrq<t`;o_p+=?&ktX3fyP;f2dxDS{sMdztNVO+Ka29Q
zd!Yp#`nj=Rh@Fa8KY1VIBrZLh)7NCRckxbv|5;l3oqh5?w;vrn%EmUb+lR^sFX`9!
z77{OQ*5~FKo*bVXogzJoJd)ZLd53uABW-=IK6N7Pp<0tm&(_N~EEh0b8n`tgU545W
z7i2GGFKJIrT=KZpH%>QCHVetxlr~B&>bU=A=3d&GwmHmaULs%OFE}=j(<(i+$hXUv
zdu-rdqM!0LFIN7lU*EX2X5~gmEq&Xgs+!MeiLzv6pNw{A$O=0u58kESrCsQ7)$jPp
zi)DjuQ;pUizAJiacZE}(?cRrd46i)p`lqw^RQ<}{Cge5TrO>7DwVZvtU5fWgdrv!G
z=U&V$e_ndi%%;J81$!@2^<Y!vin4K7^R%;Y(XG5QS~>EmwpsAv{*h$0%qw)azd=pG
zK+M4VysAGubfC616g3pLcF6OhIh6J(`dU8J>-gz`K6>Fr^>vA375_4sOVTI72l&a0
zeiY}XeP{f%lJnyq$=*eInR_>vQ}qe*sh*q2KACbrxWm7}w{w4meJ{?)ew})r;_klJ
zy+!9De+z#Xo&35>ewNOddsqEv&e;6i`uH`;`RVcLA;<3%nQiy_hX0(+0ro!iele-{
z1?$tSbb9sh#F_sQRA4(uc2RJ#o}er_)XIq|PnM|}|1zR7xo?zigl(!(XI0n9%&VSo
zzPp}&o^*aVE*T{s<#I@7Be!|Tlai6pvF1j?$?Fz<H?;3Hk}9Wu`?>!ynH}#C=a5kx
zk4SdJJw<{KJVE8jHa$AvJaC)1)8Mu_Y#ih6fAQF?>gb&Ou0Lc$m=_`<`bnMFeoWvU
zgMU~1B68oO4pR@zm03!sJT%vFI&|mLHlkydPetb_535p1#TlAPyIu6kcXVYn1=acL
zP`QrOTI;FYTA7pFrq_MR$bC%GhlTpM8Q-jNIfR}3`$fDa?YQUgC;*R*nDNU?+JkyR
z+$7#DST%7aO5;n{M?>kTqvX)3XprWs&PnMmGRZPep`1}&?8{&#3cyWs?l!mZdSx*@
zpH^uSykf?NBVi$Ux_G>LH?A|<F}(6>Ln}>JAGmlnP6mk5h^0UyXL-z`wj9S&86)3W
z5nS~i9*4i0jQ}@IiyxmbAu`RzY59Cny}H#MU1VOwpL;Angump|D>9H(-TX?<u<<^^
zI7gACo{$NT@>>zRkS)KaCcZQN)DZg}ykeyif7Nho9c{Ru?rzSOK7qr|da&^kIlG2Y
ze`*`aauLoo!{%Pi^Spsqu(eX{)pkpLRQ+zsdVRO&(=;6MD=bC*1Gh4W+ty(&_^;@c
zPx_PHoj{9RAM5>x&v?)^g1R=o*WRe<mbx={%8yLmhiYbwx;d8w9VjXyvDfWv?l1li
z{a;IBL!&mWDX-BM%OHFoT^DSL+N<}UeLf10y~occu3!AuQ?*+wkAs75tRCC5m0R_X
zKKx}vzIS<Se3m?HU1?R`nvOgXs!%$?UX{Vo;zOvB)jmqEB{sC$xVX(JnYK%lf1DC6
z3Cpe6@PpnMXy%4@A{h~zJT^M4KAop$bwkTc>W;yQvk516-{lpgNbOEh<2lVvs{3h~
z|8V@Ikn44;`;(V|xB^@K6`zT?=!_w#F0Ox))v{RRsAR1}G>Dgw{5kR<%TGC2jeo)}
zqKclHJfT?MLV1;Blkh2JWLlu8fb%_n^h9CwtU*Vg3Ssq8&{0sh1bUOPo84<X@vx()
zV@r>TIn~Z<?ESCjEo)Zoz&A#aV7luwrN7-=0C^Z)9$Fow;IKf~r?}zvFBzJ@?fAr-
zL+ww4g_?QQtkYN&V%u3h)KbD*G-82K>RP6{`iRKv+g{8D6(6}DwHT(VD`)+*&)bo^
zDjxM8tu3^Ue+}}qO|OvRFWlR8)-l`k?NpD022j>*g=FG)m_sk)(T8CNWH^87(3q5?
zFNE)ccoqO03?>XG2JDX@jv#KD>W9^7HtqNv`H;SBBMke)rujo%guh5s&gz};Zv>CC
z`^9s8kXC@IywDd3TfnE}{y%llr{sJfa0~vFJRjnhZ7%2%pK8jO7FG8?&Z{s2ZXH1U
zk{e!^7ECuvg`l0_<O&q$v`+>rx~k6HReY9Q?kYg6nVSQhYS(71tl*v3+Ab=`)`^<)
zodPw_og0H%yB&Ruwf{J@&0|Fgrx``|6K<Gmqq`HFy-tU#u?Oh%V`a85GEQKjbHSbI
z@Nd}|cAoPe@EdoYR^K&iRtI8jxwFqdFQ)z6)4U4C+Ipp!e^y}w3dOmD&1?Z!TV*h;
zU5%tb;Sm_oF7#o2f$-4YNIrk1BCNwhuRqq2<W^}#ZsW44!#&xij$4UMt-;QAW<n<A
zo#gt>i&>n8;DAv_gNH5)rHaDv7w1fwz1pwpkQTN6)!V$rgW9H~_|GO+d6E(*R^z2>
zsk&7@BsU`JvSq_FH8)&QIq>r|+zzf#`hL0@_4C7DG>;)4dEsVy+HB#A#&2fYqh{K#
zGi~?k$-<&tyb%j0;^p<6<;>I?EBN(dnl)nOB9<Pw)Q#E=ifdxjjZO`Un!t)dqm=fy
zA@+>W_eD#PvxURqXtR;Bg$(A4yvT@pf7m?K^(0hJzhf$TBU~3lT*Uo%0~Lp6GuCEP
zR@1;jJ{9bM%CcW_92WVjR7e)-tCR=|jb(BL^K^~!D5W12Z*((lR~VIVk27sH`2Vh^
z+P)eorpeFZMTN5S<N;FIqjDj&$a2Jm&6l#HC$EmV516lTJEzPmgqbUZrb<nSZzOmZ
z@!)U!p0V@YhRyr6ny=weub^JJ5+@+;zQ=j=245`UkMi|qUux&s)Re5sy24qO54MV8
z$AG@YLU)qNh}ry-7p_M&e_m(e!og$4g6IXq5&kIc<Ot`?fvR+gEJ=5!i_KmHnOd;o
zI3`*7{CP*-OrEFX)PnKZ`s0z`yy+;;Mb~|qlzo{mKML^{5#v8gyc68fjv@AG=8Ow?
z3bTvOnO`vncho<4i0}OAinCGM{2A3t&}YkyU*X-~ige^MsaY)*s~0Q8I#qlGtng3e
zMW8-Pb%s(Zmaxq&<2PxzPNtmTiCaZ&PzT)8H^su&9uQtTl&(ljE2|DHGOLKak~c-=
zozHmZyH&3W58bupC*JP)W`wSm-po4%*?%sY5hD>shddHS+Xjep^bzCi0HUs;#a#o4
zdHMi&JJ8Y4uz0D%c5&R2%Y^CBsCA(=LTmuO-%LS!YBn9ih@7Gl9LAB?$d<^Mu`(Um
z%Y?VW-T<b3^chHRb#jg8vyX?oo~>=0ACldx)o7LP8QFWMVm|q17dE%-q0XNsKCnlc
zAC>!Chc?7h&OY33UDw^)p2fP<-#@szqj=iiH}+S~t`00ZyX8sVA-6&nC7Zg<08HrO
ziOM*JlHx4E-8?f)sS;$vd*tzXxLS+;3I0aZ3K&djW)S&}2g`ITSv;a62zdl6j4QEN
zT%_C%IvF%%KFLPtlRMnAJKTzRGJGN*h~!5K7T)%Jto&(O0-4dI**|E7AyEKeVec^@
zqI@(DM`Vy0gVK0<Ju4Yges4zoUW_SMl#|(L^bR!Wr~oj!gLhU}`7rivKA5M<AnK)%
z#tc)}laPM`AplQ}5iRt1cDm&uZyMt3OJuuUeIaj1Dx*>`Tc@TEdmQurCl%$DJ2=vn
zicv0VE<Ije=X`xpDKmkXP!4dZGvO&SktvLrwfeB_g9zR1L`FR(05G=Zr?odxoqjLM
z(gLIjJ>Fyod3Pe+$M_Es?iJlf^k9*SB|d{rB2EDWf)64$zzHE(Q#3}6gboo@XcH6$
z13Afhvyz#bO?HU5rz*yc_SkiE-uYDgy`+#>N0ENRCXO&&JRo_1h|aQdYSuIs$v$=d
z=-7cHt9**sbl8BF7%g0!Mg=+?-pEEbkA8<k0+Hyb@KrG?`DBbED58j1ES#NDqm+)+
zm?Q!%yhY{=`yL*UA4%pjY=$L<J>^E6ypcz4i^r4}g&`{zfwtsw(oW&joFybRY|UlR
zEP~uVG0hwh!67G(ql!_RK9AUESr@u=c;c2ZwR9Jlk3SO~!)(Nb$*8@fnj$AAQ>@?i
zeNxzY?iKZe>S*k~9S4YO)}S(iJ5+w$XpDs{?E<PB!(1zY_j#XauVt0Z-^k-9jnd?#
zC<ApUpc~gmD-$#<$8gcqjR3L6>LO`P=8n?cBol>1p+<4`rD^~`E>U<0O?b#K(Z65e
zzx88{0f3hufR}Fofcl}wWO@VmkA%GU?yq~7EH{V43}*89)F+;+)YRhrrMTg0(s<o)
zMo+_M$i@~IOQ}uT*bYtm<@U^A^tpKS@K~q1s1xDOVUEpbhWJRGeDvp#8-NMR>yB5%
zpf96u#>n7^44FJh|9FI35X`<(8inrPbQVQ9s_Wu?L9Ey-GtjLY-1GX;CmJ-JJ<uwn
zOV(W(_xP-VK3$BI(05V8TXflN%3Xa2d4P=+3uzwQ6F^pmR)#jl2i8-B$5X_zp~p+a
z@D>m`EZ!d*Z3c&bW7_bNal$$8-g^%^O7HJtCbKE1Cv>FX$yUGCiWmPQHlhV9`m4Lc
zthnJ1PpsGNY-;)|lWD_O*CEcq!s;P&-CHbQj{Mu%t?Ru|{U82o%(`h$fV<u8EarIm
z(4U=)#+}B8SC2<&+EuSr9*yi*^+H68HMfQ*hohOQ)yZ0EE50cWepTo13R{8~$lffC
z(Pz@y?+<;<OOE5MSOU_EA<0D@)Q4R@3j-LJlKVQ?wK@qd+qb&9+};PC=#yF9miT5{
zto!TlC!%Wr9UnZtczKcEZ$(v4^Wpd}yp3M`-n1V?yzQ4sjS#Ci8rd_>+vCsB=B;ef
z<?vsZ4<E&;1GpT)O)SUm{DVZ7LIIcQBEKsa<$9uVVDV>&JIDcvXOlrTK7-zqb@-iY
zcKNX0BjKI=k%mq<p;K61E|R7Bs*CU4P4iQ3UN3i(iP#SkOTXWSOwy}$-0L6Hnj|%Q
zKTyu6#}6m3aSoCn3K4Ygt(ImUyI<aom!EJ8xdq5~fXQjG2f2?oFWMDbM=+11cd4t=
z5pTs6Z8i|q?Z`T1?3R^YIBm!|UR74b5BF`DUD%pLSJr`-c;@s=KA-g}WxQpnjm`Se
zrBfHhiRL!b5)La0UySsDHZ>|9*hkO5j^wbHuax%9`#O(!bBXadEixlAFqa;6>Kkdh
ze_vIZ`T-YF^O;*uwpuBWt!h3KXUG7o>*DkcyH8v>CU)9IkNCiHu{nC<!Q+$X9Oiyt
z9D83M5IceL7NV}8nSOg?G{JO}*0;X)a$OtA<~rohuSVxJ?$@s2+QQf+zP{0&?xN$o
zJ9dBD4ZHbJ6TYHmb%d#%4Vh9k=8tt@AhzFnH-1B&xxK2+XV^HJDeHSenc5EH8^8Kt
zLEVrn<no;!b4xyGs%~L*6!P8@*R}Ud-vic@Wn=1KiJTv*hY=y@sx*Ues*QY{PDp3o
zQC-s}{>m-#{e3OhgJ5-0TI&7i)dQnSeT?X`DVW!k_9drzB#54*`$g`U26`hFP8)ZJ
zwtEJ0y11EzI?9Mr@uvsQnJT5r9I1x~s`y4Fyo~_=#VXHb`^^XcA1C~ZZ$trZtBMhR
z%ncq5sXPV(bkUePGdj@P%&TC^oVl0Y7A=*TEvvon>K=8%3MwgHH|_5C@6i1GSl4jS
znXC^kO~QtD%bx*(hS}kEIPD4PjcxC(!MZ-7`!VlX8IP>^57p{>Ox`{YNz#{=vzbm8
zXO_&2T%+vlQiicZ$VXG^y9!%6+<XN1bH3g>AD?$l4R%V=(QLZu1+q(2!+arTj<t_6
zu49Z==#||;<e#rZ4wln8ujY3)HQ8Tc=Z(BP$PN-~l~&=dK@qO3L|M@dHmBM6X3IL>
z29t+rPW(sf*k`a3Yduqcffx8~da^GF2Ynh%o2)lMtF0DWitLcQ+@Z6zLzF4(55)!E
z1U<Ap6vzHz)Zy}Z3jX!xtPE0V-ux*q+<n%*Bfmqz#)8~Klvj$aTea6(Ro-apA4Tx=
zSJ%H<=Z4zwO$YDcW43nmflg0FHxE76^`2sK4jHg!meA|g0k68eh+pYFhjxEgIBcrA
zoxJ(svy_gn*??pP_Y}jE1tK?egu1#lf*|h6fvB?-WWEqFqzi@R9JO)21!6k%#O@Nk
z)I9Izbx}^8jo%ri;=RCG!;sGt#CYao{X45V*8%GNvww=_<vXvH=ZliTQhP&J?<>DY
zFNP18gV$<&x0ZZWU2u)hQq<Nk{g-r<mFmV2`D$xAuc_TfcvFx;5H>H~g?H@ayTw>!
z*NSg!5r~VW8C|RQV|W&zs=X;fwR<##cxzOQSs3imwSrJ5{p%Hdukl)Id&<LIE7vsP
z%SSB^TQPKMhdoEdYJa$IYp;jH>2RqP_QjHBySmuNy?=I+J?9`3-c2Yw<tsVavy3}w
zW~pRgYTL*eeR3wf<JzoY^D}POcdF{b&y4S#Y-&y9@iu7ng(hRO-9Rb$x*Z$_aD}TS
zKZd{4;-%b-Zmm$}fu3jW^U_c({fc~Jembz&XKrVPTYK$-*LKs`#CG2?==A8ocuI?~
zW;C<@w0iAQawgb3_S*XV`lPJ;)Dzu3@{HX0iTX0(2CKU1)p|OclM4AR73|YCkJ{J;
zr+ei%m3;}dz$>rcF^Em^?m<%D1>d^a_?Mp*>^;BnF-YmS3Nm|xZ?eyYy-I<aMKjIw
z<e~UtCTe;u3s;S5(a{DaAF&pJEB({;<D=bVYm2ZV`lS&jP2EE$UDzd<UWfU~9M=5f
zFL0Hw_hD>*^2TbP%oR^}A`-`H3q+1dIgw(Ip6au$h+J+qPqOZ4wm3eUg$#;cWmdiH
z?%ECkN38U%#iDx>p==Exos`1mF2PoH$DKQztCp*f7v_}$Ya*s1OdBgzmEk1~U%PG<
z@ZH=6tt{LJnZ1l(%9_4cw`om69*mw)M{%4qSlC(9Sr!8P=;rBXrgv<XQ((zKFT+Qx
zQWuo_nb7EwQ6cZbcnlw}PcHSz>2~5llV#I)-&HfN*!8cnS&qHelW7bf$vhuF9JwQ7
zcUJ`J=6cU;jLqNQ_C|NVcF2<(gZa5a?jfqW=xq<+{IbmooQiK5A3Qunurb(#U9#90
zx~I&cc|VZonh&YG5ZyXBub)_U&Ac!0Dsjx2q~~r+C6>GAu$Oroy;s3jKWa92VLmi-
zfa&cyrZz$zmIJGGY859N_8B+yANzJKb@J3gl<(%WT}u645!Z99>UwF-44>W4r<=sO
z_zFcUfl6t44@(HW^qrL}Gh&f!xLcN$kFNU)`c794P{N-(TyHN7lgZQEeZaeikK`A2
zT)~gi$k|0PQ_&#-#}jwc@gV%^P+Dz6`Kn!W&&(E?aJua%JF}hXHYp<MSlWi3N33z`
zi0_}E9#`a!!D7Kq!T#sXT!Kpp>Jmz3Jm%kj#THGoY?y6){0_R5Z{x33FCe>bn9NTf
zv~XN#<NVFJgkoUXTJ*ys-tv2`la^9QXQ7Aq6Tm}r7^SWDLZ~U`ud}TzVUyA^?Y&8R
zOVN+F;%m(vy2sjW6s_OY3_7kU7sw{i^0gm*MEU@3iuYe?lYHnZu+{a|0qg<n%S(M+
z`n=q9zmYZ#$paAs5SQ8ewgNBC8)}4~p}2|9QJm}Q`>gfZ-*l>vWzRGC<nX5^9kdCG
zV(ESmYZEABSIIA7N}x-S(dJ-yMe&K764B<U&4Pvz)8@D;f>`9?S9Z$-7k)0MpJv^=
z(m9T6QHiDtw0t;j6Y0cj)L~Bp!mt*;=&FFTyW<LjjAgYa-xLC}v(Nrt?vBn?v-#!Q
zRJ>gDswXoqEmF~!0HAW`kchWobfb9#wSiJKp6`)CeRpi)V2ron`45W%GM(*Fp0+}*
zRPiS?)x(*}BOr@zVT!h92eM2c<BFudg9cSS1l$8-ezY=06G*}qpo0fm-a^}H#fzJb
zv$_SKRE-cf9H#LIVgCaXouxbi=(HlmhYu}y`mAQrXI1+yfb_U`!8Je-2wK9+Z=gwm
z!1k`0G2o_-0JiUM9SL>-jC}+S@$<fzea3Z21_3#=H>ac=nsRI4x)Ahe<pE1>+}ROy
ze5-d9Lm&`Dk8bQ+_Ze!5ikBQxarNy1fveCZ^%H8=z6MvHOjRK<&qSkRz>1c%c*zb>
zsjvIxEs!z<lwRsIonfaOL~->ARp$XZ+hJUNL@x?23Om*IjasxcvDq=E(De4AxI3g(
zCB!s)K(`bSRO|vfu>|(!nrV3gZP}6(bq%>R3)uW;G%nz19Rt9wAAtVlADK9rR2^f#
z90Q(O!=h>e%a5VCTd1P05v#(8J%@hT-A9z~9vfGM<wu8O0+cGIc5UpB-|T+jeCQ42
zu*`0aJ=oqGCcGs;Js{fg;(QoY1?T%job4PJI{;a{7NR(RJdhpz<AVjV?hqjR8U;3@
zP81!LepPM7i~5xPr%^D_!TwL9w|~L{fy~7g$cFx5|M<QtJ&SPWeFhhP-)B3pVt)`;
zndE=Pm9HFs1p|$|9Z)(^BUD-R!7lF~Je?XE93nert<pm#?e|81(@t0pVVxC~l$q`X
zLqvs@pAQ*e#2s85l!=~U1++?5aPrttS^jx%dS<S1t{{$ACwFZyn;#xpUi$OUpRx+O
zDNA@&6yw6&+a4)W$-i9<@Lc~e^Pr&?gO^_3;;h9-|8!?!$DT^73BF10A*%_kpuGEw
z&Gv^~SuJm}Alz8;-dU}V4&jp#;<Fale)Vj%ezFar4Q}6M-YH-M#+y0z-30x4qTTQB
zHt$;uk!Ied_w#hszHoaS;zR)A1K}57LwQkFwXj?$J-V-)>~A?=Z=EBvqkR2k+sbtf
zaGfw`Ld3N|p5Laf%jo*_f!P;u{BL;JIcpVb<JL=^)o(Eer%k<gn}S)YzDE;~n~-1B
zv0ss-U(_-GSZw*vX7raWxqYAdkuSF3FR$1}l%(&{>Sfn)*G!hAG{NH5vUshmZu^?s
zu}dIZ{<_wJ-Y+V*W2M()K2X-dE?p3tZcx|w*E6)k;>`s3nUMIEHIAJyS#9ucr_TGO
zYkf-OwFs|9UQA=t#m7o&HkXb1e=X}DuU9X8FCK7z!gi%Q?RQ}}-rl?QczW?QJ<dOY
zKh8c0VLsatymQz;dpLg_^R|E9TWj;XH&^j@$}gewZA{(f&6kwQKuz)eNzKcONSm+@
zPecCo7fYNMnKk=BgctpR#}ccN;nX+@qmk#7H3|Ici|cIkVO5Qt53)v!50ZfxAI#Uz
z0OyR54Gp`V&XYt>n-S^U!2KqBmw$zJ*V>MqITSw}zn;P_`k9{0AYeH-L%v@=re1e_
z3U0S}w^#-ZF$78tna{okgU>!^9B>0|N#afEJ+jN-?K$AM%XnjXe%A8LUs3BS#M7I0
z3xIfgRe4WhMV<;VUB=yY*>yQyP`{yZzwLbHJ$KmUT;>nqui?4j-}RZkg^<*XB<(~Q
zxFu0QN=4X<@#~G0W(tqZBPC{*WK@KklMXAWF^Q98s^u<FqeL@iP^lHeC{N3=_Mb;_
ziZ3uqkdIBP=b-#$;g_T-MXS)<IFFS=R+t;8S*WSNr!6J^!lvkva7EyxCtC<d3HE|p
z7)2v>O5$V?Hm`o_|JW|2t-!7{Dq^`&U`-KEYMg8BQp(MIYX^91({96kX;s9NI+T7f
z%MG3n4pr1WVW;5yi8Ty2n>m|#e77;n`>gY~a4Y}gjg<LOhXPffejpC@f`=f|@I^7z
z$ds2Pcz+O&R}tcjl9!~{Mgmb9S<QbxvE#T>J}u;GH(9v>IR?~>kOE?+kHj2lHJe6u
zaFKEr1(*wvN_tnD>NL3gPI5*zkzi6M!zWZP5;5&i(<oM^FFDJMRONM|exja4JrRGn
z!$BW|_ANUZt*%N-9r1uMEI%;00J!!8Nk;0dy*cM;7g432S3$R=kMJ0Ep=zyDV*{3x
zZnBQ}Czd&_R2OBX@JMqZ{PJs5L#**lE&dC>1b)uGiaGT;Vj-e}N%}ot^gPBnhn%}G
z^LT;oB>VWt+MHcFmM@9VWTTLG7H=L@Rp8}g*1O@c^qz9mhtSK<IZ8rY;gkA=I)R_k
zE1b!+fSChyOL8lh-?Z?KCiV^{35HMKAJ@`sybW^~URJG+us3G74o)&id2wU9Z#v8g
zWX){I9{vIzcln!eP%d%%#`MTE3}+_1_6ly0j4+wTvB_~zoO%#V0&r>1sLGX~-}^_H
zw>8P0!hBMX4EF-w^1|}xf!)Godli9B2Ne*|i=g0^ApVWtdNq9YXa#D}2-IMucPj!(
z9sY6XQ)V>wKw9dzW;E7_OlthZtAJorgKhd(xEh)%Z3VYlIO+j@48ER=Z~Jnpr1S6r
z1sLR?Ha&)6s6T>|zf@-A1Q2=<Mg{l(OyrR3F;jd6yn~;SO~shzpmD&DffuJnW^gi1
z(zS|tqdn>#bQ|bO@00%iX39CtNt!JLyEVL(1J{CZHr|RL9d(F|@0I5?!<96QiD(Z@
zJXcdQWx$Jwp0S&;qk-)xh8c^L3z5@HosrE?uj6jXA~-|KM9S<_%u5$%56;BO40G-Y
zQ)92m^H8s_3$O!^kLYIq#Cw$3lUVj)_yl>R*fT?$;zYJD!a`^4eMaA7TGo@R>CN~F
zISymo6+Od9C>A2A-^t-)u#(HJ&*@_TdL%D!O}_0l>P7PlGe1JVnc|81sa_129YJGR
zib4TFBg;r_vZz6+{5@5NQc+4z6P0?DKZnPc36TmhZ=Ayz=bY)Fd$}@9wl+6H+b$<U
z$<Cl$+O8gL+X#`+r-KRaMbAVadl!r^PsV5hwL7m)MM?lB&!|u_G%h}2WZ5wB7Q?<Q
z@x%=C9Nr_fbR3+oa9k*LWfbSWRjgEydy2wApTC?Z{Pr%vt>&xZ9n)%3_0aIlVbr0b
zvQ9v~XVqbHXw~nI)&O%<H=(;`bJXBKbXhvFkm4@x7OAN#uLD#o_dU`{S%r$a_TiT?
zYExHLg+6WqdqU%|o01zcr(T!<gXlK*s8~`}NBM7|)Te}ripblpTRtgkg(f}vwS?%H
zdf`&h^zB$PpXNI3=h`|b<43Bm!9}l8zJ|NdI{e4t(c%j1=L1u-iyZry#six8#&2VA
zb%#Y#b0mwaEGq%|;DhP|Txoc$J8G$AvI`Z3Cw6mt!)~)I@y01xOuPf`4rF0C3<`^}
z%nE2zsT9Z@$PoUaOa^&0S<DKHs2L^5j5DA8A`rVdgoBv7X^epJ+5XQEeq_7Rtsli5
z%>GKBNgT$YcB4i8l<9zCnXsR{KO`Rnh!((Nl@a@Ec41Zj#Yq;xh)eN83fu|ePW>dx
zpuYc$<iz}ofJr>)5tQQf$DZ~QDDq;+ltH-w;SWV#3GksvkUf?YnSSf|UhA8oy3oBt
z-@Q$Ewh{I7jkc|`&k)Z^gR5zEClzPx=W-~u-1MGXM?Tw?wI1VgH9ocT{2Kf@-k{rz
zu}w%i?%)UT@XR51zwRo~t|E`fhsDap&dAD)?oH|UM#P(?u72G&ziyK{irs33el2W(
zLnNrf06qBOtLCCe3+#I%%n4Hfilu>MGGUS<=I%e$^2Jri#wHyPm5d>8%P9l47!G?P
zhL!jZ>JI9npc<H%2esV_Tfgxd4E}d~|5kgnHH{Kfi`XxDhNZ=VhiR?n<ZGCg^Wwf@
zfvUF{K`M@mK;b?g;v?7{Sc0WKb3ykX=6y?jcFS6*MA{sb8U7QEgsb2Ap^x+(0z;De
zAOsC*CCKv<b&ApT92!F$J4?{@9VS9l3NT}fqGyH(iUF<;rUv61A&f5MgFMPxTG?Tq
zlj+=NHV`(Kc{Z?{>#42|s$M~SV9w;cM3lD2mo%_Aug=TBESyD2AE*>ZQ-j&mS3JGh
z%!kg0&KW+_+00PkEnysY4!dKI5Me~}$94P;H#XNh9NUAz{={^EsvKEW267{o)(e8|
zfh-OGX=jO51v}$m7eES)h*F)Rzz85Ng(e&#yd{a#hF+=xM?#h<-LWDN@lO%aS`pA{
z1*X39fa7_py@PUQ;Ior@dzymtTZ_GONb=BTLE1yEXJgb5`hz@?L()hfVbu7wRQt8q
zAla>d_FKaPI@m&6e)|~ILK@UggbX}FIb1|kqH|jM7?d+AHYG&HaVjE6*-x%!FI$A9
zV}(Rxh5Y#p;yBI(;M_O&3nGX7VIxIYjo>gtvYQ|&)hL5>@X~V6Fh*V)C-qJxpGYzx
z&b}K%*-h>&c$xKFj7~9bYWOkE1gx1D$2`qz8xkHMyS1WlCMmDT*iz{$<5Y6djuKY-
zDX$=lwf?l(_^Oj3*N+pLq|$d%TM5BlNnYi?zs<f;Or`$Q0gge^OFzw<RHGuT#`b$1
z`pwwy-Q<^kdJm-TbMbd3(N~dIa81toioJxP0_5SHai-uDV>-sM_CnZMh$Qh0rf3dh
zJ`Q7|-;-n>Na^RsW>#i@-I0sWr891Ib`!ip1RseY-RK#IyZQ;@;hV9oq3j`7qA`qg
zg>8gw8b%&eP-Zm&k~X4*ov4BLD*ezGCA|gBL~)y8W*F8OQJoG8sIkhbD2m#c5@pnO
z1#L_L%Bo0`PNYClL{S?c=_E?BfEuW*x=Zx0s92ytxRCh2T!ag#j6(kr0n|c?|C1}R
zANv38Td0hhsI)2s@UIHvUw!;DY>-GvRY*ZwUd(A2aP;rMh=MkvxYMwIhr<ypB>EM!
zA&Hk!|B-MqW+<&%7cHX}miUjI`)7~;NIDry1pKRcD6lON<hO8$J)6JofbJ{W=J>T*
z&zko~8u?2K7b8x4@>b?C$h|B7cNtFR@wfT|npW;J@pFF7$yf(J9>`<rqp=sW;^=iK
zj-Oq~91>lymGH4X!A!yjxgnUBVmvYQUxJ@tw{ASsN^~)>)A2;D&<Db+$~;2H;n2A#
z9x$TN2X)A_Ek@`TZbpb_#QY@u0U6>({I64c0a{`3agt+H=|llMZf!ic!+QbVDCGMi
z@?+PCDC9;;0WtLa<ov-I==<n3E_k%}g=RZCFQRUg7B?w`y58#En8rG>s^8q+r#1O#
zv&CR}yoVEgVtn*?DZN|LcY}3M`1eJ}W|+o`o(b7kF{}ctgx+J&H#piDNAD=|=tTiu
z6k*5c8#Ha01`++oBndKNG_k@8BKD5u$0`-<c_DxbfG9%b59SC1*@%1qCktZ~W0as=
zZEeZ}LlTy>pYb45&V(5lR|G=N+A*YkV5XYlawutFrYo=_|2HdyCJ8f$*cxDomNaZ0
zf{SVmeh8`Um(ly%C#A=8I!!!#Je)_7bSzOT0#z7b5Xw(ksMp5hZ6+HlEG~lJyo^wY
z1J@-~Du57;Y5l7s44pHY!n?)|kGvt5BbRsp2KNWKjPRsk2pZSVhG{uBAve$iw~T28
zH;vTDN{1ih4Z<1Ma2k7dLfB!*8cG4S)S}RtiARY?e)JUd-`oPGGl>FnN5eyYFaZc@
zgg?hd?H3b?0%XE|)KLf>M?vrW+OJU5G0aR@7_~_76m|o9;gJKTj0k5;tE*R63@yrr
z{Ag4BJ)LRrCwElkK=}7Y(Qk3S=pS_nnWJ(E`?Z2D2fCv=`(N0#f@lVR<fm7?MWAVc
z9hc$!M9}L7b|q#fgnr-vp%u;&%_JdS*=euL8H7{iGcUzimEk+_D`r*_q7=21z&Pf+
zBDJERg(Q~+ZNeAD7l^%R0i38(Prn2@B|JE$OvHSwMqH5w?5u=^b(}2I@2Z3ZIVnlZ
zf{MjW6ibT$&#JTpYYPJlf1Ik!`J{$;jkGu!%H>hi1SSbV%1o4m)i{5}G#H=dQKy7i
zN%2zD6N<uADcQmhA6JoiNPvQGArVpEi(Z;V+UP1FQJENDw0|ANCuZ35k@<4HENca|
zsGxdLYf)=WE1nY92_q{xZxP(Ap@p=&%n4y5Tal$V)vp1K8F|BOCKJ3!Be6Q7L_*Hk
z!KG@agYeocjLGx>7I<^W+1~|j60osJ1hnEBfemQpV6!F#RuYX89w|Q>6bueO5(09t
z%|XwFCB$Rp2r>n^rqptMNr(r69<@_^6a43?3^v$y9g2Ty2C7T6N_56Ric~-m!wX|!
z0%w>vj0uau6A|kEzVTp5SfV(aNH44b<00jxL-C7v0&WdC#-i`>-BtrdPC8bFpi)dD
zxPej288*>0uw%-T7orr)oa}*G*_k`hFpyQ^E*6cDR#d~UfvcliyJm^dN@Ul#nfRuo
zbLYb2@5#4YSFVVwdPsAx4;THwp%^*BOwqO;H3gJ7041H{dUzUPVbGE}`qIO}TJR)D
zSJACq?$pCtJApCr0pWunRtU@fZrYc(=-*f|(TX7=b)v;WiKy4cA3QjxE()T@?Wiw(
z7vR<OGj6!4WPwOmL!=k*-88=lWf7~(tIWiqZ@VUh(y(8x!q5n4qtt*0iMh~1FvT`~
z#dg)4eRTW-+IX8#{Qm)zKx@A&@TemJc*2naJmY8uJnv}hck^26=|aKLNj+E4$2P=2
zp<tkGxL+-l9a)6A^>(bImtW;u1FT?(ZIpjXVS;0Te@e&><8a$pe|2GsV=&>c%j{N;
zk-)Z&F~ClaB4C!|L4P%`6_5%>*)0B<1!HZc{+hyEhYi@v;RX(HOz_w6{D4wmu{r$n
z3kN$?;4sIOKzu=|t-`;kaHOM}a3*05aExO<u*k6p_@HAc(B@bHbURi9C)g?iNrkFo
zU7%%w!{+lZEu7-m=wDh;VGH_K6js}Uf%F2Ot;)Z;aHeAmu*R_+INw$k$S7Py`SUpz
z1Z~s(>k6uDv-}$impXRU;|j-K|3;o4$PD9j+g$&a!qwQy@j$)3&T$yH(Qyp8#c>L_
z-Ep=acR4NuatimBM+JHm%(5-;Z!bJhZuD=b)^>$+4wuIPk8$KVfqn&ZZHxVT3s2#g
za~xb}^ZdY|f(5o^{sV<)%bWQRa62%x@IrYi?8UZ~{=-F4<!OZN>uqCs7hqg@Hn3TF
z9x%1M4=}BKAlXBJ?QJUqBMO$;*7%PVthBB7pDOB7K0Gk`63i|i6&PKx#<t0SwqU(&
ztN%h#Uinx;OTFEvywrc8V3Tc!8dWr~+)<B1$}7~Uf~~gQs<Cv%gyV##3C{sndl_(@
zR|0PID!?t?c;I$#l4|6&CJim!<!w22Nx=@=J~ggjx9y<XtaPt89eBW-LCEdH-b}R_
z-#T@9!9Lp&|BBLM-W>mmkR8T@w&QAQ=_zjy!hV<8XT5`f7raB&)NxVX5kRANw3^Cm
zO<h%R#CBRuD>!aDr?wv#=QRVHd9A=yZ<*Sj=TBW*aN5q)F5}X?PGEcQ_^BHT&e<h3
zdt4XqM8Zjg(}3CD8NfX6Y+xVnJm5g@Lf{bZ5;dFGn!0)1aPRUd2hGepNX;8J%DYO<
zGfQ?w?Za{EHnU=nR|k$8>s<@9csHm6dCt_@P<|NW?MdnobCSKKI(%HIcXK^DyxY{_
zJb&t*Ft)U(tE0wMcxwsw)Z0Gqeqhjh2w3Gk3Y_je0i5MM1DxwUKXw1O1wLWwA#=Jt
zLmfMAu}@aVQfroQ&N5$Y9rB#1N6i`bOto~}O8j;}UqYSD^QWFLXWDc4_wuEn|FEal
zj$7kv1v|&yLv@T>?`uogsovh?%K~oo<pOv3dI5L)1_1Z@1_KZJhN%u-cj_5)4|_kg
z!rae3NcD|7;u~3y#|cmS#;86V+o3qZgX|;J;J9<XBEkpj>@w!FslkFH_R(rundEcV
zqvD&OrkRJ@&1zNA@Nyqvu-+b3UIiRmJ{@Q&p9L%}p9^%9FHoy^t$?|xqI_|{Y93*?
zs?*J*?Pcn$B47D3V34qiaC-Slbr#<mC^MVwPIa!?T)u`Qw~J<#uUD6ut@iQ$nMHHU
zHxX{V%wABw1Gu<+H*i_`KH$pogZ`PkR={a4vrkkPn4R`X>f)j`<wt<)%Z~#$m7fM~
zEkCC&HjlSYQ<oL(Al&U_f$`>v_8IERqJ2(@P$7(0SDGg}lVBfowget=rUQ>VGkCsz
zMqpymX=f&K&N*`elgyLsv(+`l%-I7dIs2(=%+u`i)b+)ReO_Q%alCVoy52m)zEE9R
zoa7t|Z0Q_<c90X8NH`<3)jZq2MBQYbXJ4)^D^7QguEz|g8Ak^Bf!W2GPHSLZ$Tlyu
zuTr-b=Qzs<o%PtmIUd;0IT1L>ISDw_ISn|%IRiM_IXkeh*zBAaSb}!esym9U&V}j@
z*c*UL?3>ZUGUpP)<>(c1(9h-eZR+k~r*qY%$nyisi^n_H238eMbZ$_y&8zIS>b~Mh
z&dusRZU@$yS2?%AUTfb&->8=GqMhN~51i&a1f1bK3Y_gc0i5SNgWqVD^E|#g>f-xu
zu<!TpHE*^bQV$j{bP4sigmAe_Ru7uD*^jD6%(eCt{2Xw_5+>AP@hVpe&VfDlGwSi;
zwXRn6xWUyHxY^Yyu%URHZD3$?ajh#0{DgCZZN+<Bx&G?n{jOfXL#_eg5xka<gMmH8
zM_q&cTZ&J(hWWS9NVLEBjB6wxm0V-|hl|hKwgwJa1Xq#&f<<;c=)XYM%TY_L%Z6)*
zpSLG02`;yPrX|HS0ocl=hR?Ax{Pzu<x3qOlQMZ~Gx~hRV4ne`v$u*N76ITt8zNsb4
zH6NJkTBI)KBhJ+GW$`{0qYpfPl~9)Co1&(cwe(d3(|t2T{<%u#Ual&(EW=l$jw;La
z%~wZpKU0-Zmg8H*eU5J_5T2werL2c<1-wT;-)c3;&-}ndOE1?_b%<qvYei7D40f#!
z##)BC*7*-uM!GioRm&LH7XK7Wk!yP}0cCcf%!97I!4!+lbs!LLak~zyvn&%_$AYaa
zs_T@$#xliq)_=@W?Ya<bYnkbe3U;#8xQ+f5mig|uV3uW(yIC;TvecdG-(p$eP7C(3
ztai5#4zR3qcL@#-@eRvHcXn`?Ws5s6IFd7pz);I}cc0)G%P#jo{wuhL1dBo=yJfF?
zIPidb6!5TnZ16$LF}EdXvz&652HlpkZbxu}<$}8+sFp;zeZeUuMt3k+9pbcwBi&W_
z^@%%$SV~EpdwQ^*H@au}Yf75A=VGMBxe=@>+~QsktSL!#FAmNxNpmj?E-Gp7UKw<k
zbfJ>j?lu06C3)`k!KEdA+?!wzbZ_;$ONO|20EfGG`>RVvx%UCbx)1snl~~+IfTix^
z{w*aA_i12-`<#D!iO<7;L63y~RCyHObWeP6Md4sil7D{5EKkee>XNyhbZ`$Gf#AB5
z1)hxXxos|4?8!ts%RD*$3neQ(J%Src)_D2_x0I~s46|gDXHal^$yU$M;4Xe$1oxKg
z@QeUU2UiasAUs^M+cP@Ez=OvKPZ6FayukNT85P2keIB!aX30U172o}crwn~NZgW%`
zOHO;7VLOhn8Na?NQ%lbABgy%2Wg207&U-7nSea*hWf!uu3G=LyXQF?dRq;#$9|kL~
z>|>4hObc<~%7KJK2!|IQ_RR2aw<dXJ16y+BthI6!;aF?BXI_Y@R$8nXo`wFs)=bY5
zAo7uu<5?bJt(B#O4#En4)mQomgCVr`@T~G5v-Y#CsjRXN@~rirvJSPaubgfj;o0Cn
zYaQ*`3^aST`7c<lo?38A{4SNV2<KYMJbQw%#a0izqSfg+RJp)9-gC5aF>>G)trI<G
z(DO;2^Oei2(<+3@mDU**vbx?nyCSx7jdfl{Lgjkor&MmTF05!(xz)O)qAk2Sd2j3T
zicXa~tg9-r;Eii5aw~U-JfU@MMX$<z)(sT{Di2yWR}8K^V%=6Ttn#?EmN>w^ijf!#
zLZb}%?a&x)-BU3JBR)pk%G1{Ue6+P5swl!p2d`CmuK0i1`~ILfk}J)urq%Q?48t%Q
z1~Uw17|dXdv5Ya+v05z47|R;eG;NHvGQ+S8*Y%_87fp9{bpbssrfFK3RWPg;vpN~;
zw49ERWezKJSk_@#=2({15}1%#9ZTpGSgXKTN60#iwVbTL_cE&*5Yl+GvHPDLFTR)6
zRaseCnJ>ThGL<FvE6jTjoOcv4gq-&jPw=AizM{Q%OZUs~WGO*-mxoFi#}Z0cFhZM@
z9_-VVzIS_QtI{9!wse9rfc=+pHh7iZsSLxJRAmHohB6xU6m+&S7P8QJ$|M{YDAS>M
zdbctgO2Tg!N})@Xd4p-)bg8lc<s48JgJ)>FvK&gMtCf{d7PQP-D3`8L)<e7KdY?H|
zL^Hm)&>q}wp?##B{qG=OV(=m@`jSI7%;BLbBiaESI!tt3G^&x@At%u!&I!4RR&gCd
z0ir{+$Cnm7MIZ2GLQOOrjnF}<v&}?@eL4DZsFUb!><dD@m~}(FbQfu1h%Q1Wi9Su@
zhx>GoFCY8`9ES#p?xp*Dg~4&U-&YI~1;iDhA$q{KSC1mvOjw655Z(Pwmai;016RvI
zpY=HmkAENQ&?S1<cS!g0p)2%=uQqs{9`!YVhVyV{%*W|oJ~Tn}6w%kPp9;+p-A(jO
zdeSF@?*<S4UIRVtQ@~S$9}nH8XMHWfC3@c17F?<y_eH=qF8PiH?~*pZL-ak;4j1SJ
z-|^rLdeL_xc#B^4odTauqELFpcP3cK?{686Wbn3@vCu=ls%0{g%^z-=ZlC1qT4p18
zyt8Hg-C>?@Ss-~9A&<Ld8RA~GWhGL;2U^x5yZKPddZdK!Y&Azp`R>*@D51ACF>-)E
z*_s@&^QT+Wf_wSF*33vXKh&BNso^iQ=7Zn7)LIy+=dZLDzq`y&wC;^C`s{$8YAp+v
z@z+|*BO*W5lF@OEpKEnQJp9epL)fdf)<!fV4!_;nKr{#XPOBUV^7mSmNSMFh+7jvF
zAGWqddIVEzB+@5XTaQKhg@o4QkpX=M>dJ3D0dp>WrbFfw!p_!Hk+b?NPe^S&13IJi
z9Lxx?uOD_rTF*y@c}wfX$cT{LdN~pn@><6uU9Louv!L~A_`I;YbtW>Z&$GDUR+#e&
zC9OALKD*L-E0`vfwl2ZEGQah1uuwSAx*C1DU~hc@bs)1Op*nzI#-!J$CSU<wABc~P
zxiSMu!F+)Uq(mkKF_8Xl4{m|TwBQM3>9I=31wjksLTSOku3(!G4irUZg|5J!$h<xu
z6nX;tA`3!aV1Hy0$2pN@p+8^)zXmhw$O_SG!a$%(pD#z&v3@TH>mylMA2s8r93{^>
zn#jiop#6oj0hkL5!vSY7AJ2b}CJQ40-Z)MpIuplBN24tXv)7~fL>J;(9W53{1MZ{6
z<ajU9Wx`lM4VDX&fdI^2VGet=T$m1o^cm|>T^}ME=9Pg?XtCKqcU0p!=8=b3A8iok
z1HJmZ@+c=P1WpDyVKHzTG@OSs%Yi|CjtNi4dN0vrrg@ai8ILMNw+JhNA(%PB{PAd;
zuok!g^F)|M9*qd=flI-?qB(E{bX;HpVmwP=Dwv7;<>)b@kH5VdxOVh}m>8G~mWj!M
zo52<_EpR*7CT0fi1moy6-??DK+37nEthMgD2r;S(tay$w`!2tCgNgHvhwd|pzN<%i
znPlJ05tT{v!Q5>_-v~WqGJUt&O`w;Ez6(0Xx7u!H@_i556PQBZ3`Fc?PUq}Y5tLl4
zTH1Fqd)4^%RHjT#YR_;EV*bP$o>H!+v}ZF8_pbIl<`C$D`c)NXa7?Y5)xMi)P;=W$
z7*5^QUdqU7QTqW#QTGJLv2M3xo@}o+=2k>AE$Y5^*O)fxLVFDpQTMmkGsje0JHs4T
ztJ+28gnGE$!<<s<K%Y>Z?HY4N<=cZqhnaJ#yS)pv3i`YnXd4C{Y8%E}+TO!lR6E=I
zn9FK+dp|R-_O=f&SJjj4XPFuGbo(%7(e@GMx;ofC%G^+gf--YUz0f|!EUA~?ooDW<
zSAYW#s1xmz%&I!oKCOEwtlMYn=9IDa`MNpvTKj??x&6nh>RkIG^FY1XzRV)^cKgcP
z$J9ITPO=vDUi%swuikIBvPtU0_H{PJZ)&S%)BV=4na%PigyYy;|ITnCyUU*%PTpD?
zTjb9Or-9B6XR>?zdEp#(pT8iS&+hl{4i~aEe@VEQt@4+K_p*om2f}4+o!=fVXPy4)
zu!H6OHQ__7+g~591<iyTSk*6vIX2+;gk?75*N!;ZPJb}0u-*P}xP|TYcZJ&webV0(
zj_B4>zv}M`A7fAZ`@_fCLH|Jb1UuwE8$QKe@DGR2u$TNJ;dAU2|7iF;lrsk9O!z0m
z7uhNQboerR%|9C+XXpI$M+VuO{)O;WdfmSmyvpA8FN410UkT5!_xx+`E`VMKeP1(&
zud@%exbO|mq$P%LaaJukyu>AFY2mxvPAxOM%B5;K;RjrXmLKG}Y^|^Zad}#C@H$tZ
z?QLJ<c57uF7Oq4qZyV-HH3!s<JcT=;9qNeZ>{@L{QeBnS(2-JCr*Xj(T(u^5q}TOo
zN=H`RNv)+L7j#>2hO5yc9lJmu>)2H{q#f@l;_9^%!OXfj?NrAej?vC^?Bhi3T*rRS
zqn+=tahi6qql!JPU4~Wy-Eml-^>aaOyrYf_YgaqSx=ja(RXW^UmlWtw^$~|-j3c?m
zO2wn2<C4Bspsx(H_i#PhOh*9w_l^*rgLiZqHc3{8@Y=$WUan8O-qEc`VqCv=1N4A)
z>xkP}y&>x=j9KD4dhzJ!IH}M2xwG0*$7wR_ypK%iW$GUFe-Wa7L%}cV0rgvCrhaFl
zkj1paWI@lEo;AgzXHAKw7tnL2mrTj%c~h$C74(8B)ATxe(UfEQIC{zSZPT~W%Q5?7
zzJgMAl<oL3O5Ne!(S*`={A9;ZP<jFg`e;H%!a<agU{9z)wuHA6+R-->-cR^3YD<_*
zSVrGZxSMbvU5DCKA~X4ZH32=3o<T35D)cO>M)jxyHK1>z8uS<F7z&|o^fMGj|A>B$
zuA+aY;?V!1;;HA*@2Kagmne!#rE(}M-oHq_OdY0ZDve^PFqKP1sN>Xrs*n0M^)>3h
zQ$MA?5%ay6?@@}`WA;)$bI{yI`OOjYH>no$`{wtlp!r+ozow3uzhnLzDr6oq4^v0Y
zBjz7cUFIK~e@u0o|JM9>)cfS?zvJd>=ATjDGT$^WP=9S+H2;!1Y5tY@SJWx<Z_NKf
z{b#(JjT+eT;*J-o|GML6JJzW|%MMExHEVgp@&>hP`M4#Y`i<ptmSXC+_)7)qca|?&
zN=;@<ndP9#VyUpym=Y|1ZfP*3S)3NPDZ}Em1Wcc_9JL%Xea_NtIcfS+%XchiOb76H
z049fJ$np=SuUe)p)22qtjAhQ`w%oAXFg05iEDNR<%P%Z<Os#mol<A1&*OpaN*mB>p
zZi>XB*yl{|$0o(TWcp6*%dxMU{w6j%_Oqtp*e}HLrYo^cu|1~c*uRSXs~Ei3=VZ)t
zvEPjyig^+LJ-C>cV}B5PF(xhcQtVG+((!(snC#epjGc=qjGd2NjM*Lg%h-R3`I0r;
zdOoJg`s-(2i}`uNZxeoN#$SB#C;~bjrQ<Jxzi<!m5TShqfNYd4p8g6a4vItKg|D0w
zFNs&g32{oiCeBILN{^Hv?UYh0N2ClXTgsCPq}@_U`GbS$Up{Rc6>lCy;%)Jccu%}9
zK9o!c)8Fg@t1^R)-y=5u8$?mRqke}>V9|*v2CltIc7!6+cTL|#l<9k>@4>ZU)Avz~
z=|`p?p&evLsKxYC(@&9=e9QEV>1U={6i4=g#*<y3&zXL1`Z-D<`#+yI{mS&K=wJVe
zp<<|wzjnAI#)6W`w@)cC$uY_3BQYs4DJYff*nA}>Cng8IO1^7KkJ%Hm2W612m|lz7
z8}kK}Nxt#OB6~JI2KA4pl1R&8jl?tr@q?Ht=7{-Xp;#>L70bkO(IFlJT`M+-oG1en
zu|;eXBXI4Qcw9Uoo)XW9=fv~kMe(vYE?yO9#OvY>@fPSM@vgWE*H*;`5|SV)lOW!b
zAlj86YI;PjNDvE25ch0|O{$U(OLbesDe;n9Ql$Xo-INJw3Uo;7l)9x}>Ewo-mIkFE
z=>m~UP~J5-S0v5B(M{<#9Nm%bL77F;ed(cWk~-o2sb_eDHSl-kFOW7#0f|9rAZC<}
z-atE09!M<u6o?fSgFJ)wfW)B^kY`aT`V#qm@J(PH{ma2WLx;(igSAjz1IUYr0ojR~
zkO#el{76GDqjy0*g5Cp31wMKoy@I|4@+$gIAnEA8pfl*B=(`}Vp&^h=^h1!>(f<I+
zLO%le82X=R9O`!!B!~R{&X1!x^iL=k{cn&w^v@ulM85#ZM=R*pQ1><T|Inw=I>=`z
z6BUaJsW{-iVzQ6>Pk{Rp(H^poyM#)oUPGU!UZ-A1UnE~FmI52v(U-{IxhtdIqUz9>
zsd}m&y-D_Tmy_=k4^lkEBO4`A5~`rQl!EM3E7gV^z@1@q2-x!|`ZMaAR2TXN)lGGy
zx5)R2wZNno(c9D|>JoZ~x<dT~HBb}O-ytXU_tf7bhWZC;3bDj~UBCi4h_~iibCE=L
z&&k$LTMJMl*)i8-Ew&aTkF~^Fg1qE=8HMbR^I7Yxe~$dtcdYNAX6V~Rbf4IM5&r*f
zgd{);ARUke$ThIbKoMXM`nr%JqzhR>uCPle67~rDg#Cg|s1gnfb%ImiLEHdU2nZpe
zQ|K0Yg_FW*VNe(nE(n)|E5d{@C0rBcgqy-`;f`=mxGy{uO(0e=LEI^(iWy?Im?sv9
zyTuY=LM#;zh<34BTo7x-dXW)D(IaYNPz;M*VvpDd(k~8(XT@QV5ph%;6DP%KaaNoM
zSrnJW75sP6cGT}+!3n;VPzx4o0{i^;vhRZ+&l4+8Bv$?cvGNy*mG2~0{t~hBWMbth
z#L82NmA^u)JdId+I<fMP5-ZOjR-Q?${B>gGS;WdeMyx!WSos^o%0G^#Kyrz#e}dS0
z9<lX&V(XtGw!Vwl`lpGle}>rlXTjD@sEFA2=ZJm(2kKQS9qb-k_8wx{e@ZO7gnXy)
zd1B3bi8X(LSo1z&&0hp-ZiO-MF7+;q0sOVXmx(p+C)Rv``b+9BVLV`)E+^k993<9k
zBi3xErofIJ)HF4XzH0rN^=qigdf0jxea*^RS^ULuVlc52`Y9gT{#itM&LhNk0=fac
zfRk|UBBZAQgMcBx1vq!v`~u(Q=@qknKS-WjC7<u{oaFmFr^Q{50-xjiJ%eHqV2@IW
z!4G(b#C^XXI1hi;bAccBToU(h0{`YmJXb^;ph_v`M?Dkb;olFEr%u_+k9np<r)P?v
z^jssD_RNVqz^#;#V^t{^1B!#6_1xs=J-5ZsCdltj<q*H%xg&Oe2zr%TQpTd^9>KEb
zKEL95D4x`TkNGvPNj$v?{F`6*TE#)H6{i@2*_$8^eK>GFA<nx~Nc5(P7aoO>?9C9;
zyxHQVM<HZ-^TaEg5OTZ)PlKl8+LVy*-7OS)OP+{gZz)F83GEt&u-ALwsZi#%3+3MG
z4?@!^ZBB4_Yn}$~0sjr*khh+o*2@qyctwn+Gulm@x@WccrgPeDf%AF<*{f}bd)U7u
zDBj?Qq3OJKr|F`0PiXOm3EI3}Ld4ti2#$IC9>Z~O|06iz9e8S-@}3pWc!wXuIq!&Y
z-aGmjwzu^~@7U8ooKPBs%ic+0+&le5z%_A7;lyi-O!8gz&OQ}pyz@`A9bDcV;HIJo
z*S!l*1M#-fBHZvUZs3-8c?0<R9l$-MjU3-sBH}~kn6TtsA@$t`$)p@7$9KJJ9|p;)
zoRAWfQ;(Ff>Ro>X4;1ruNIR7?QmS%JL`s~Lp`0gawsP@F_4y!(79~-PSCSt?l9DE-
zD4CBTUCG%BDNnf^<@QIo*x<@2$4Ldsc$9;r-OAOiJhEXYTl+QIFVQwCQD!#Uwp6*k
zwN8XfE(524JvNQ&cG+~*7{hp6%>b@z_p!Y<-2mLu9!BlCX$ewzj&wk|A=#B%Qnj)q
z)hKtRdSw;+7l~0G;Pd3&z(+`;4`E*-d3+X0^TkU+Uy>B|rAS@Abg9Reg}EKSv()Fy
zmHK_VFh5HJz9Q+YZ;v$W+edgAI32fzG~(Njxl<bT*>Jhin6FBj^c|L_eRa~T&neCO
zcxl1smKJ>~@sZdEVV{88a9PQhR(t{M$D}pzKhbtx_t|8#FNDj$*W@@~r<~~PCcY=?
zYq#{#Mwu9fPl@^hTrcb!<z!#4oaQ?zXZlWW^fS&6eTVyA&hZV(`Mx2!(04&D_FW?9
z_JR-Z(SiLn_S=tOK=;dXndbuW$MBq}FUBbW*bjNPZ9W#K7;?GiCI<G8QNJ36?C{*f
z*zl3qXBxh7tFPSZBcpyY3i%NDLGXpd_kll@YrPp5#BQ;l%hVw^_^x2PlsVsoEc>R&
zvEsWXxA^9W%>sYOZN8gw#CMxqJLbDX(&N5+@(JI4JZ|MvzK3``k@q^In&fk;RX(pK
zkZ}<m2L>-<E|o8;J2B76mw}s%F(QwvshGF${ZS5lY;0{CR~!6dj4fOS=1uvkvMSH0
z8Muxc_d|X>-sJ0QwtPd)lW(a7@{+n+zN?ntdSgz)?;x+LrSbz+_YEJ$K}NkAk-_6p
zUYgsI$EY)T*KK^f@jjS`qxhg_eE^>}T8uPaiNk#n#bZ3Vl`AnnMmcf|AL6{E9GnMp
z6SP5Nl5(!;ZnFvZanowE6~AZGgXRPeYToIwG^gV8gtKIA&=cRBLE;y%JDk^()SOM?
z4Tw8DDb0B#rT|X!q&F9kIL(L&JXy`VJ-N*#*#CQWHJ4(p^At4`F7)hawqxKi>e<&^
z?b+X4<FPf@V;=TYH8Y;W%_51(fG<6D%^q^Evsv4SnQ+Ww#3-aJqYQk_!#4+;99k!-
zS2VVZ#s-c}4kn1kFh=Zw%OYjCo5Su@zk}Qpy&vbt9F2ctyTEOL-%V}qBIj`27=;lh
zK7yx-1##V?G2NE9ZUZ=;i(-3R7md-L5Sw`dIzBWu!?D-a_zTBe(YR}CjD_op@5Ond
zZDNeA#uU{~(sZ@DF-xr>wu)n(=(x&N>l=5e3_+19Httb9jr&xsalaaDw5ef&Dz&Te
zu-dcL-W%)GJ_4uOkH=RduMRZ2)w7MNI@}mgN1iy|V1CdTQb!v*)v?BIb+WNnosN#T
z#*^yo#_?%&o?uX2z#wC9NL_5ape~d2lDZNdgN;|zwZ;i`y>ZHK-WY!{t{SiT<4Aqx
z{E3*e8gKfOvG0ij$CQn?{b`MN{F&sP@A-2Y@B8yHcVYf$eCRL4J|&vpZSohpt^U34
z1b>-(r@tKAqdUWY$er!4b?5mT+y#CP#|7@)ei@g8+s|F%SKOuk782V+|GN+P+uU}4
zgrM4g47WLMJ9mx$xVzqe!p-<kxkdjO%-wE}{~XD$`Omw9{)_Ig|1ypN-Ch3iC^x%%
z{8yuX$=&ClargVL<N1jDtp66CQ@BU`cip4@Rri?xfqPOzxE<Zong!2Cu<v%yYe~2a
z_kxy!``NvyrQ>nsUe>bQD_X95P21&O*NU3V+McF3Z6EgU_*zq<wjYl<k`L<Ll&smB
z(zL3kOzkkPdsB{9*Oae0ai2F8YJ5|%=Em>Uv{zG`%CtaJxfUXvU~n$x$)-bEH};iH
zwOVgegLbls(@tZ)Yf`kKrWWl2wq4v___(P}yF~06Y@sQlU1>U|P2hG!CPXEK6S@)l
z<G-N%0sRZgGFsXEcL25=@vO`$Yzy1QM%ZKQarOjziao=g1AU&o$d((T5L{-*S%)E4
z*%|gadxO2jE>(}RciC0;0f#tC^&%I~C4D`aOQ~Mq(%A-GAP0cU;&NF|m+Hx{Cvv;E
zqUsTD54Vro&)K*t?l4!!IXRwlb1E0$LhPZaK#oqXo9pFHvbDN!r@29H2=ZMZ^}{v7
zIq^08M0f&T=YQ@j*!EZcUDiPl!q}()d4a5hCXsc}7s)#4OJp5188L`MFC!i#m8^!o
zLRLdxC99zyC99zsWHt0PvKsn2Sq;r1tDzqwtD$d@)zBQW8v1dv8k$R1Lq9=QL-SzF
zO`&`=4f1KS8d^YBLq9`SLqAJaLyOQa&@a*F(EkA`CTpU9Le@n8l&pz<o~()PC2OKz
zAZwyuq|&K$R7%!FzeLtV%gCDOm&uywezGR|6|yFJfUJqWN!CQmsaEP;WTTEyM^GhM
z6LpX^(XWy<(XWx!&}tazKR{onen|Zg9VTm{-ymzEZ;>_8x6PgAZ=yQ#f92JiFPeXd
z8em*cAg6iB{7b~Z_`Q#C|EVajX{*dmRKV<HQke`Uo5=$yV0JSlOeu4Ku`|_74UrzE
zkLhOyn6n_m%m_2ej4_kUG&9T06RBqyMr1tX{yat_I>>}U*MoFn!FFT%1lY|d4ZBGq
z&&L*Hf<Af!tOwhQ8QQ-9tOwhQh1g0gSjv~chVYvCGhiKu!G^GXJWK2&o~)BU2k+$q
zOTyNW2)6J(*b}ycB(Q=rU{BZrcB1ctyhJP@nOMNf(EsCLw|G7LBhcsn1Qv#S{T0&d
zX=DxjRp|LUD4q0i29*eX{2J-qOwzBflOD~Y-lpo%$4HO90X-_C97=&6%_XbcpP;&+
z7xPFje$x1VB=MT|r>GxL7tt<6S&OWDHv5CFHorhuZx^PGiO@B4J>8`XbBwNGj$@&j
z?ZTX(McShabBfkzjX48nwh42N?x%wwVGzB{^Caz|`=Y{JgglQ4bD18163)`YhK%UK
zj1zqo^yuTl%+O=><c5Tu6H(bHIlNt@E3RYoG(8&?X@Z_NWMR8VQ&6i#U8HODGQG^i
z!I^C$%}F=u73ns;2C|Mtx+Bie>x`L+i;8rQN!%{bIuUw+-9yhZ$+|eN=_1`{(wH>q
z4wJT7&n-26=<H@Pqe8DSIZ=TU^|JGs>)Yf8a|@nRxFJhSF&1a{<8RH}rBj)`8-nvC
zGiBRk74U#5C*oinEYi=j7B(KzLwf00*d#WEseN47bf$sLVmM+iK{gk^F&1_gTg2{h
zK4kZ?`&rv&Ia^Asa$ehFPcoyhhjn3EbYbhTeX~wtyCTc8Zfpyzifx7sVEbT0%yqVt
zylolV&GwQS^^($0G76($OOZ{aJqBc}oPb+Z-icdZPQ@+Fo@NKxA@%}$iM>MCuoH0K
z6qJ39oufVMP4+f>hYqv%pnm=AefA+|;;dW(x06fdGPrCmkM4I~;R?9jTnSgo9pLO-
zHCF>Q7NM4-Ts;|OVUFQM&ckV3Ded8cTo}s2qn5l8$=OfF3A_>4MQdCS*T?nK)!YD-
zJpuXZVJwYsXW^)Z8|Fqpk8)$&Bsa~?a`R*?Yr1d?+#-HkZkb!**0^<-8AdCXK3AM8
z(UnYW9G>J#qeonscr?0l0Qs&$SFvlatISnSkGUN5r0Wna1&=&et*b$|RHo3yxn!5(
zYGE9%HrnHgxQ;OmOq%Ps>jboNi|dr@jO(21JlJa)^gyxeqU*A29Bj_vx(YJGl)J7I
z3(RNo^}ZtcYO%%OzH;3F+;T0s?lSqVRk)(K9)MG~@bP>SQ^==q{d_u~#plwq{4Tx-
z-@)(U_woBdY{bTk*-mn{ia*TPF%I6z^Sm2G<pW^DSc>@&-^q7FtsCed-^-t5()iQZ
zPWeH8h`+#J;;--%{1gwPmY<{h_?uvlGJZGyHh+h|$L<3QRhWGKK6?e)W`x}bBW_;K
z0Pd<4XXI=-k6x4uz@FFXHF-BMMWS57-j+*YEYCV8<OAZ2ID^MET`Jp|9JyMqk?Xkw
zY`PQ=tv!IP64(s$(;9v(<boXVYf=`0sW9IW3)XXDh9Uh@N-xVEXSb|@jR)a;4&<8!
zzDkqv9n*4`+yiy&ll$cX`K&xFj}R7ImPauI%46~*JZ)O;k!Oj_1J9XtuH!~z@-%G0
za-Z{>yolLMUWAfy&SiN;UX$19F}X`;F2Y@jvI(RQ+B6f_#I?jf6!3rXW)%{Ioxo6o
zLaLDJ90XfAC1eQMn3L#wA&>J21x&H9TPSh038hS#a6qsN)j|z(NT?SWxFQN3*OH(K
zK_QGstk5O&2z_+WbwcPD286T1urMO@38TW8Feyw6v%)-!gayE&uq><yYr?u{=JLci
zF_Ati%)6H8Q85{E*U$^D2)RP`<j@|xE5~)79mG3x=>CnpIkjQ~y&!UAcaE_)hhE2f
zbA(y;wy{6w7(MpHJvvL`U13&Sg|W8A#^YT&Y`kOvJ9U7)+Mwr$8AVD0Zp?8`Z0_7)
z!COd0Orn(HN;G!u7`t_t2B}KSH+Jfzlf62dJ9DBtaxU?15>0*bk2B0apcy8EWU{Lv
z88mX<MigCub~+b87M+W4)x1^XTn6cL_L1Wi=gM0PZ!I|2K-Qh>_#ABpiKFB2xtc&t
zfKCKSrju(6YYXW#kW4xgo?}X|B~-vO63L7Pkr|DN%w=Lo%xfldnH^*nV<9nbESbev
z$t>m>GIM#B%v|D0%$q=B-sefon@Hv?FOb>Fi-<~WNEFFCk$s2G21Gd{kis0rdCdI6
zfpurw)1dsMv+YeYAnpT@sH1#H$D7Gdi8Mgw6Of~$d;-$^r$hNQNDB=V8`!JES*xez
zcL4X`xC~JKILaSF>iBRRv>Ig`GJwl(*aq$ikhekkSD*#Z_5?%#$DV-W+i>FP;IKe?
z3UKBFa88FKUdNl~pAr`Vmp>SeBuK}f4wcw;t{Rvza9xKZMNccCe;ny>d;@Unaa3YE
zTl#P~vH-boeAmD#;K8FPM^Aud8{+>JfVL=4c>>^l%CjEF_O>q1eL5W64e2gG(FXvo
z9V`Kq8u|7-CH6hpc1RhxOgp6epAHABA+-@iNLsZ8(LD7=$^b+-KD_y?tvKj0j_W=g
z2Q@%&TN%!6;2+1qFrW*L-M~8ydU~+$$@Td_sDQu|5CU{Q0o{+{VE-m}Kf<?BzKrtN
zz$U*OJo_krY}m=xevS4^w2g+hwC%{Fb=u&Rt+p8*!_l#Y%Q9@<QMJvkaes~i#sHIm
zX=hsnt^@d&gY)`%{7%?M99(b`U*ZIgJ-7^50jvSw{cYH9mFw?o17Bssz6$!q2KU<F
z9vkKX+2C|&2V0KLm$rPpTpRckCtSCI|F8k4*q|&MF6)rdzR~uCd$FIiVeZFe7H_sQ
zF3YCqW#DTz;Bs4=Ua!acX<Hv{_!Fa_a9P+l+JN_M&`-AGTkd!0eTRSBpzUqI<2D#~
zwsS@v^A;pN0o(m@&J&RD-1M(oeC!6wwqU!Djrz-fi=S+9KI#i2&P^Y<#oyVk>vm}a
z{<qySj=|<^cMY2bd$R$T+aBn@E0B=_S69UA<F+D6A5ZwbDu910fPX8pjBybi2L>-<
zF0IHlc&=)5j8qiq{Dtq|;K1!;YumWm;1^?TRTx~1?Z0B5UdN65>-6zf0rywn=fJZo
zfd4A$^m-Fsf_JEZ@+x@az7OM{Z9M+OJkdHofsZ$Ecnd!0Ss%iuxE~(DcAnhIm7y&h
zxs?-l8TST^Yq>f{JL>d4b~yF-binf*kk6s&=P_qhg6%lqJ`%sQ=y@IR3=(fZ+~L4n
zcgx_jZo@W>n848s08YUE-*MXDxk0^L$B+&@MjaObmjG9E9(DkyIi?K$1io}!Gwz*p
zZpKVATX=M6vkVeT-Gq9N8}-`G!`nD`BZi6c@Q_i)ZD*Uk%eW_c|B}wl<o6l94amFQ
zG0vUZf^$#6)5L<~&dr!^#<>yKZQ#ZhY>(@rG1|W+HcN6o8h@obH{z~GeA#8=-jvNY
ziH@y`P9w$RuGhI4^BCi*0&Jq<v;nY(3TX2R=)Vf+zltjczy>O&9<}$1YX;`@@l^r+
zTmk)50qtLL@5$p0b7RGQ0L*RdCV+Kwyx9}B9Pc!cssoQbdj=reNb@$wpuGS9d}lA&
zGXCJ5?WKBs><4ttvfFjv69tYb?GVq|YxH-vL)>O(bne3ZVHb6u63uUic+C!Rm>uFU
zdsw$edk+BODLceC_5nREu%9)`f%daQOky9=`55=V9byRkn1M;X&2ih=@qM!Zh$ZX`
zI(OR_jr<Tp*dd0nujw(Mecidi&6Va&zf=kFL}j8rAE`{!=M<ITBP+p2RzloRS**8X
z<z9V0f_-;oxn4%4L+|IxL;AR?ggIm-_`^!@f0ejw@O70fx_>9v+VnApk8!;#p<gS(
z=T#op>s|@=S9wbB^GclWoc>;wn8RSaRbJLPVS{sl!z!=pzOoX=StXt`-O%~264&Rh
zZo9a>@Nwm;ZqL{jDxqB+NN-2H8{@gL=l=GOyD|Qd*2>Je=5hQls-~;xzabQx0mugA
z0SW-S0VP|~QX@S8umh?AHGp~m0}ufofCdNx!hkM751<dw4;V0T7BCDL0gM910F!`e
zz^w7CdB6f-aZ9?q<@X9;4X}=o)eMN+k|qL@0cm=EoLVyhIe>gXA)t6mx))FeC<izI
zhm8ESfCc~ukO2yy1<(eF0FD8U15N-=0nPx<0nP(10xko_0apPtfb05uS#JPt8R^oN
zG@Ade-lim-H|}G$Twet|Ab;W;J!1jDczq^mGsW%mObQ@<OPU49-IDGC{D0=oJW8q}
zTlZ(qvcN>J5DF1NifS!oDrQtf83aL~GRqQB5GbLMK>-yM5YR@ZRun~`6@^>vfOZLj
zh|1tBAkI)CqB03w1_c#RrpmhU{UX=9{f2+uA8)O<YUStG`|Q}UW5<piC(cQ-TmJWd
z<?}gLna_3U_Few(KFry_e{QfJ_5VNFtNFitdYDgP`oBH?cRT0wHJ<@C-scQ4pArA|
z-!bNMpR=rBR>9*1^9mLgloTw{C%Ug-X~D{Z)dlYrtS|ViU~|E?f*sL_g1rTY3Vtp4
zqu^}9OJtb8cp@uND^WL*o46v8pJ<(Em*|+dA<>IZQQ}tq_n^ek#GQ$I_>50XNlZ&T
zQt(;giD*P(LE^c@^L$=Oyp~v%Sey7Du`%&QqAao9wA+=~pZGcPd*Wmwl?;-Z$@7vI
zBx@%xNnV<`C)p_3JlQtcKG`|hJ()=MPWDgUo*b4OWj<roCOI+rP;y3cc5-g=>Ez<%
zi^<aD3O;Wo-${PNXH)VkK3kJN@Y$0*kUSFImpq>SJN-YH_~}9?{TG?P%88SO)r|ZH
z`&U@Au#WlEEX*-~dFHQ4Vavj+lE(|L)2FaYVGpw>Wd9$3aluLd;z9<$xRA*&E>z|h
z7vlWl!g-#4aiJQ&xRAv!E?mGbF4W++7P8}Y<4v6l<IUn7ordw^_)zDX_=xyur&Ii%
z`29||_@ww`ryxEx{;-pb&xx;bZi=sqzvE1aZ;T&y9^%&*Ui|;qGuN%=j^g_&tDVao
zr~cOT$E@`Fd(xi+>CcgW<NBD@UH^2N@6rEpyX84i`cpamF)KaCte_mTx^s+DPM+1x
zX_D5LtmVJ`@2k@Py)OOf^51>t^sxUsr_i~)ATocI3#t{=EU07tatiYJYf{j%;HrY_
z3c3{ZC@AEwZ^3|qAq67}#uVIVq>~D!8aB(c$V;zAyB@U?OA1z-xvIi1Z8-eKhR1Jg
z`0@OBz7xbd#XCD;ylebMC&uq>RF2;kA7tj?j`(orqWGBj-A>*3`1k|PCGm&ie{*u<
zYvXI3OXKgx-*qmF{~Z6>$@_n7-A&yRTxqaxILu%rcqY6#yg9rXylK!w7*2uTV=zCQ
z55E#V41PJh8?CM|*eGo+iM2_(ivF#^rNS_wZ#{+M4bKX4gyFpgSD>><ZOh^1>#*|>
z^5NF2v~TUOd^fxca(FmU7|ln1HIiauXSX~o-xc=8+jfk|w!IvkTky68HjCkH;CJA8
z2SzuPw&G3w3M38TyRlG-t6h+f#BvAZqv2KH*Pzpg-fyLsD)e#<yaU|ow?u!4!6xt~
z@cf`H*b)m!z-Gu>5v5k)aC&Krj(9VF0j<`fc@LIL;EUm3z#oCHl@F=*=(j`O0-S2F
zG1!dxY8G??+tBKE`n>~u+i|@S;cSEL!Wjl14o&agSa=Q42e*Y!8=NLhw<`EFt@1%f
z=ubwoB>cO<mEki6>q+A76?e~Ybs_rw&|eI14rXEVAUgGfPYu=%J~o&L%G8Uv`!%=$
z`H<jSgFU3_W`O-^<-ykp{Twulk&l$Vo5I4I@O4}*;%Y7QJJEJOcq+Kd$h(KqJQ>_+
zcoc3?G$eNig_{iS3ryyC4W#3o3D+4(96X$s81%2jP6IHPwj;m=V7>4!Tpg$=3B5D$
zt>8XzesHViD0UI(38S-M8IlHIKhxJFJA-IG9F=Px;WaGMss^oU(5ePHuW|J?B-@Zo
zL-HTW1h=ZVK~E?P2Fs8%fR~dGCO^H~(Vs}$d?XIs3HN}KTnd&TFJUYz;VUi2!<Bfr
z5`R`krh52aGOl`LU_JC(;MHF6jK%N?WfxZ$Vr?PT7GiB7))p#CCIgKRKK=T($1GZ9
zF}j0TJIJ_BneEPCxEI_AE(6bU)vPr?n|VBm=63K1crx5fZv3H~k;JT{jo>oyEVx;-
zjQ&1s?z0lLa?i!9CgRQ+>6nb#2rdK93IkIOJlE!)xEsgX;qXJDB+i*wU-Wm&A3SNG
z5qW3vAs0z5l3YB@#lu{C75{UCBW9$x*-Q?PD~IW20c~63`7p3vG!~tW;4<(m{kBkU
zOWzMI63>0$e5}nUVw<$GOhqaotKT74Es}xol@_tQ5T1p87W1AZiJ6^|L>|=WObkad
zUe>J8^uCw)OHxYyv;n(P1GB@I3?7WS8=Q^&n9v2y>UfD+ep#y($u>0mu?n)l=Ge&>
z`m^CB;XFJyt^5|)e~h;6(ccYk1io$anacSlRdgq-ASQWqTDcJ|QQX3d)HWEd=tVol
zqaNb^TV#G`^7$KKEYNtPxxp@ZOLk2qZg<NcvmSd8^TuE{F>efJ6ZytqHt}x^X0sj}
zgW1eQV^I1h@P7`LYcuu{)RvWCmaSdU<y5NX2J6TZ_l&svJ~P`cc9|*|`aXOct)|%;
zh3C^)zxlS#=&C=Nbv+rK60jb44J&%D#n>A{b5>W6y4sJ-=|^Q)EQ#5hWWNhno7*Zu
z+k>&2$q=&&yvAVL;5(|5bgo9yAlS(o{L^52*30ja*?GMWB{wVLPb$Az5pFSjxhj0P
zpLO9#KP;pU97U2%&Dp?OJ11u9q5CfDC1CbXYc@?qI!c}&Wu+fw<sQ{KO(Sa%UKX%6
zWyc#C{${X>&{)_^D_eh5VU94CN%Gn65x#4%r>%ADk0Tk^pqROX@+R9+tL7NXT{U*u
zH<hP>c0fjPZMq(A#vkDVi_w$dajM5+?iN&w&Tw^W8dW8d(ch>cEm*U{4zWwvsdrMN
zb`nXmQ@bApJLu~->gS(|3|HSk^FnwYm9ud;-S9)f4F-P=hBJ4nqAlpR1v~~m$#}m2
zz3_w?QARk5{atpNbC;4stUA)m7VtClKgGhQwsO*YFYtus!o8Hr*^heuG5iUzI5c;d
zUT^FdF>7_Pvlj`K-`x&QK)+O@c25U)GsX!9^Mb9aC+NJuhz`q7_c<&q*4V=qic**>
z^ye!lO<gk9{G;N*IQTeu?iVo2*;J}O)0Ikjb-t|m7t2Gl8*0?m7}t-%4~91lJ~8|?
zBrWmeH}C;`*v`1x!V78JDOh2!W1yXSuDIEE6ssT5%=N1q{tMR5fUh9$fQ44UG=sl^
z-9od*y#U`XqQ^JUUm9#szG3q;I1Tv;EVRYiX81tl>%$%RtjvE{cWdUZY@ES)s^muA
z(b&H^YG(9D2U=6Zgy#NGtvV5(7sF3jcN54!;m5jr_v%MCgI9uiU?$iHoMX`5>n6}_
z4kn^2RPn^!uhW<ZW`cb{=?p=CHr8e%>49WGs2ZC=+YI$?Fb~WG`+(AKg=T*=*IDFV
zt{6MTcs>$7GR^bAOt24FM4jnxqI3=S-YIORu=b|48N8wl$4(J;im+3Jog(ZM5se~Q
z^E*k??+Nz7^ZnS_58nXafdBQQEkwhj9qAUl0>jGK+(O$cLCGhC=EUd4!RqEruX@;l
zDrc&M*Aw|agzg6T9brdSx3Cn+Ry3<K(%Qjm1}BMop3v_CF9t`dm0wk8b|1B^Myqw$
z{~5_BtwgUVY)uX;hL0;^QG1Ov`bZc&t5(6Ex<d{Ri$_zr>u5y`#}iu*{r0ro#`<l^
z*{7GzvnE!>M5&l46%(amW~!JdiGPeg1JU>4^@;OHp@|;Z8}?L|>f~-lp}pWA!Fxth
zJDs;SGc(CXo0EBDSEkNu%xMntVr-_sH`Az{?#<X(^rcfvvu5()3Pxwq=ED`}<Z*Ql
zk~w&Luc@(9eX|}@J^W+Bu%6?Vf2rpl<zI#m8vSQ<Liaa?157;IsKN(>#r@^rlgO8Z
zV+<~mri;GW{S5{e)3%#18jj}sdO8to(6bAF7Zz^P^N`>?uD(vI7lg43kzas?vtTLu
z12~yZ(!Bd`sCxT5;MarAgh5@MXM;=FmuH~=E;IX`Fnk`JX5v9DY5Fs%D!;&oarH8;
z))Yn^v0zWorC=BOx<)n7U!*4<erN5o{!iQ$%-~$`k?!05^*Rxodncpg&Q?6#5~4a0
z$-}xs2#;Xr9k2}i2K){?d%-WjaX|(0fx4R&hVR2Cfp2qO{)5x;>$>X;uHoKqO`3Z`
z-MJYoL(+h&W@m|75&w~BRtDQd_Zxf<3y*-mSd;~WWk_UUIhxPV>Z~NeStQ(fhEK6S
zKE)mBN8ki-J9n60b0_%`_pysOL8o+AX>v(-$ouKB5PU<GHq6Fmw%Uf{;o~ir9fM^^
zjGgdrIw{9I#^r|>7`zcXhw!tT)_d?O7UF4?oj7*l#OGDU@~Yw!wh@or8~p>kPq~4e
z`z;dHbFg2kvHN4W$NScz?%xb<1ebwl(J^%_>cCt-gl6Z^oH)Yy(Z$Bv)jDbVt0WI<
zSd;~W%fPc>4~>qioS^;nlK3UGJ)l+T{=j|m1K>RH1MVlMa3-D3ne;*Kmu7Qsz&YJL
zqB}ruF_vq>ztXAMZx^Ptc91udonVjr54iUZ23tfv7;gvT?O?o}Ew6&Rb#{(Er<KDU
zV{OLHx!X^IZ*iaSIwP9L33?89VxM8Zp+$OWNG}cPr6KyCDXPJA^%XS_CxRP!vY}Sh
zEh6bjH2xrBC&Qhrg|=k1MdfEBot;g-8A&uMBsbu9FrxceQ}?6)ZFrCwv8V{w(K$K@
zBnbxvYw=Kg3cNc0S4UEfY+L~L4zrB4y*dkr*G99AWQ*kCLaufa`fK3Fq!U!-?EDcr
zWzr8bSvwbleK-rh$|?9)VVJG^v~avyMeXRNJvKjKfBX^4%dz$l7}tqASjE*BSWQ{r
z`MP=zPl_`7a`LKBl@5zl-(v4m!#j(6-*Yx^#hN<HdRb&wF_H)iXJj*@Z}6OHRh3=f
zlsq(%*X)$*9Bt}VHuKUL)cN{3&e#7EH=2#XY*u<>Fq`>m465x5k?O!MeBen%P#D$L
z9!I^}0Nzgx$<awX*sardutI3|L1ovb=mqjzYy2blSw^vlw!5f}Z%7htR;`GJBYz*f
zo%*ngwl{&l#F~QBv;#^K#*|U93(>y-d;yzORDX%i+QIcYcLW2$EOz9Z!$oA*ak$Zs
zdLtjm`D+a)zGBwePf<2|pOJ^0WX&4X`RHTrsg6oBc#t|URd@Tbr&*6DHIGquX7edY
zq7I?rQ(LE6li{jqJnQoo31d%d5Aru__4#9U$~LG`tb(s%b<YqtZ7u3*L#|%T%Ch`^
z`4BWyFJ^BwC$iuw&Sl^7Jf}=(R?sqb(&Ox*Ix&sYSi&!~!$yTv*Wb7kDB%<{lvCR&
zoznxJJ^G7vLieVt!bij8b9jWB@D9~=AQAXR+}jI&!PR6`1stUwl|^PQ_G(Aw>Ll<8
zb>?ka@f6grp)<RwNXzkjxvE@bay~ehxo8LuV%8=Gs<$756^wl!vr`8hPWS#Ca3)xQ
zyoeKAnMN9PMN%K$BKQ*fI`<Jb_j{sInP^<ZNqnkK@xg@PXXD{uT6NR?Rd|4G`6#%B
zTBPx=q3s&lb|YJA6Zym74E$Nm++E1|@lj^{ZFZR@%yl~?%XE$iIE@DHpx+s5uM5L1
z@Rii|2tJ83wYAU|d`M^f;78W-`MPTjddbf)3>T_m;OEn1%WCcwC;RJ-e6J!IeWNTj
zJCSgjF!(9Zyu3i2pCBF{47Jz4!EUt^ouO31)6~g9T&*Vb|DjznoFxyV8;QV=c)Lxf
z{-Bah{r=sYpnt)u9*p{8#??t)g`X0En~|^3DEtosb7}~l)f=~9q5mB|7#@9#{jKN^
zW|jx*Ie^J?_4qaN`tWDcI<onQo&!XVFj%ao0YO6YXdFJwLBF=126(?>zdx8jz8ed@
z#KR}y4QwwwoomRdWPgm*ol|orQM86*PHZO=+t$R^#I}=(`NcLTHYT>6e6elYwsUe+
z=Qo_{s_yD_(Y-HL)!GaDeYz;s%7re2KGb`{b9G}ET4Qx3_&&A)eRmDCFGMJvFMMAW
z;*1->M^PKJq`XWk*M#SBh-%6qTn9BRgeKWLS|A@2+IgR<(<3a=0pX`P+ZSRN3Ip@w
zS}$He{eMOII(z<f7cNWrWU|z#eK0Z!uARx<s8;NAaGwE9Lf?)Qt{Z+}eefPnR$8N(
zmIq_LN2U+aG=ZIBzyxX|0%6FN!d{XAVJhrs;?})vPo~#fh9rkcl-+4`(^t;&I5@Q5
z)!9CtPDEpxWe4gwIBV-FG#d(h*WZI<{>}&1=lt4hl1j(f5~|7`M=Y_v{#Hs9G=ah8
zvty3{oZ$E%!Bfk?6R~$_cf`&kNmROl=JKG=+Mdknj~QUQ7S;}_3WqNL$O76n6B*L6
z$ps^1s0^yB=$C*IfZ1Kgf~L=UHEV}_+out3EEuR}gDG>VFyyFvZGPG}ZtxG-rDH1;
zgcayim>6FUV}cxd%{-Ygw9MZeF?4B!q&vDG5q@ow@5cVj#La;O-&&VeE9@pZgO(}2
z1YteC@HX3OJ2~@N=j?;&6!QB}7K_t0BJIZLC*7v70%d^1{cYxX>f50BD8y|OW@?~d
z<nh^KO&QQDZ!6GU-bmifuWu$N>XZE1Vf<4rL6mzm?%HF2q9^^CTY3Er65coV52WwX
zdfuI%nc(U0f{SETuNid$7$1?u_*M#^CnFD5&J;QB>!VmbTs=IO&j97M`ojk(Q}-_U
zv+4E^Z#)w32h+GKRF$Yu?F!gQp+9R3!Hff1)X$^|L_2HK%#L=V!Py>7;6zYE0qnns
z)}iFl+Ejz(;iLqPVLnE#QSHe!rf&ace*;f0aLC|+J`Gy`nMCI~A?p!UAW+2lBK-Nq
z0&(t72JY)4v`eBHdVo(hur0a2cohG9N6`UO5$r?h{1{jq=N6h1BymmK<4wKL2X#Ld
zw%$T^X?U&^>BF!L@&e{uL8<0T%SAL2rb2sA7Tw*V4!#cc85+&~?uzHs0-o$gtE@Gq
zznUtuI|=!p$^4`GsspfohqmQ3Q0`n~yNUoFv#d~p<mC@<)%?+5udN1lKu041!Rt$D
zn>Y)VYCl!Pbq5Sm<h5vO@H=`(_Vm4W(814F)TX@Zs{T9Sb0To-naBw=$H5!~y}=f(
z=~Lz!@6q*~mc=9S?X_(W16k~H>Zn7wz$qXHF5q5aALl#aJHh`WW`?+kr;(9H-Pz0o
znv*!n{2r?!W9B4y*OK!LPr0nguvMixc)a>g+&T$3q@~vds~6q^TkPPXMFXq$Ga=zg
zI9q`h`m)f2yi$ma+!7z5Ochn?H>w-sjbP&7i~+e>F)P)kg8Ik6F}`d;1v|y<5YEhk
z>qX%`L<Rrt*4&EG&pmI8`uz8(oxS0bgM^^s8BKaAjYOCE#>^{v<eit&JLl#ct4f#e
zQ6d+XX>YY!7j=>}GPYzF&wQ|F{#xGz3&vkg0%@8=8O5Uy;<-xF068~tly8cK<4^ra
zr5yNIgFqGa8q^o+5$^t-8ZGYriEfUp+KBH05STL|L}YxFjJC23W6;|0ltO{CfOH!F
zKqTudXISjS3*Wn-sH~6NP*e2Ieyb3_7-ixHC6Mt~Y^`rDHZIbdUxFgiN6hjHm`}*}
zagnzy=S)%)#}5_nz|J_vU!S#Plc4*mJ)`5j$|sH0FQ?HHZB4=fYe13G`ltr>k|*|a
z;>$M!YR3$WCV7e)FKmTukxfx<%s4@y-brXH1_eb|Wsd$B(N~EPc2r=jaUrBmW8<ZQ
zHZ+@F;O(QAGlRGuLKe}E+)nksv%H%{+wgtP=|$whgGNYrp-052!DP?fPmns=*6)N1
zqzSC{&_yPVmps;US3l_Rcbxa)+7Cnsb7Eh7xwAf8GN+#UZOW5Qse0C_S31HDxE#sy
znQf-__IL~wZdXX`8COOxT6OK7lwzk}`1j`wI#?r1lB@pU$F$%tuJ#0uuF&;&KBn)*
zW$n~e^1t-{>Q#zq(Dn+WxD<qyC!B|_>9+G&Tyb9ZtQO~Ppbho3I@znE)iPLo4ihRZ
zOt!c}S0j3%r}F}JRX+2GpZI|Gah>dBw<vDXU0Fl%QAQ#I$ZBqs14EPPNyS6|2uOrn
zw4n6@<v(u0&q>9$Ey~*5&C5OnuB~ark@oq2FZm^fDUk0ndJwXk5GZM-9InFSIyG`d
z7u+<VmP_&26&bJL{PhCSh#cKQv&Ne(X(H%B>A>M0#EUa`*Lstc<@G^xPdu)%TtolF
zy7brIZ5P?_P+sAvm~L^;u2)!pL;PegcYV8vLEi$FOufw^Wby#+VjA6?6Rp5*`*yPr
zhI-}8EIR-bizhuJPph~BwDXDOhd=_JJ?JmC7OC|&n&~GgHJFbr@GR)D!jp5XHWAAO
zG3+kVA3tl9a*G3WYm$2=QM02P`X)6`M1vdTmVJUZU2BXL$F`+>!7MJ@K1i->hXL>(
zN}q@$16dQoPjFR#utGGCWg%rgBoI6`j<H*!#BOhh7kfRLB<!KNAa!=mEUmJqGvKT7
z9@)LBTL3y+R2+oqX#V<|sOANB@-dT0!giJWlj0|#S(X6*M&j0#o$8tNTlLb_H}c_y
z)3B<Lv|~EZSmG%R+*Ud^tdPi?Q?g~u%%8k^R}E9*TL?iwj=UTYnVab+oxJQ*F2eOY
zKB;xLmQn7pjlOTnwi+U!UZuL@1UIGFZFDNUeTdIn!LGd6d@R;I@rV4KthZ~q^i~$M
z0K%)VFAJu0M;es6=jgR(SC{wvW=<&$O*jB5EBJmnRxNU80!YW$cZ@Gu+*NE-eUVk2
z_Hf@+8`;thO1JP8TCmhN2EnKZ2{Pmt8|aXi6BumdU{|OvVLi&)db&Y=se0!#zbes%
zIPsIsdZsC{oR=BN`fbDaWOHPKJpt;Hq;E{8zOA#Ys>|azvR&O>?s__EfSbU?a%f(a
z6T;ksp8RH$CAod32{bk1a1CKFXcD%99wft{+y4!XneFCgvIUKuQS#ByLx6`l&q=g0
zQ}7`CDQoZA4nG~Pz(?5IcT-X?&=*V)v>W{M??}m2{t<#aL^WziQqZSwz(2`4;HdBw
z>b2NCbS|qT_P^;9h)v+a*)~!Sk*E{tGxROT@Dhyi#f}J2W@ZJfo6shDU-=pT+1S92
z4F2YbZ~76hcWPG^iwv*lqJbv#3Ivb16+Y81=mv`3f)}39{=w-QJK@i@!1ebT1>`p0
zUfcVwfnJg0^)N5I+oJ1-YlSfInQMJWPXB0&2VI+>P2Ob>6eL=Itd$ji^S~q^qN{6v
zpu#zR_*-Dl%(g~_Tpg=exu<K_w(+@aUMtEwxCfqL1%EQ5SQq40dft>qfP}5dG!D#@
ztt{Ei<zUXL`=9D;s5jJqZrcUZrEr9~3u^Zle2bvg+w@KZsQ;!9{T|+>rad3{v)AxH
z5hmJiY}p?}{W!M%P=epk<AzXpzvu@L<vP)FVUHNP>!j9-aIg;VAG55+^yBi>>J4Y?
zjhMQ2B6s#Rykck3?Z17u>tooz%-zkO`>thMCQ8DWsZB9|N1gH5BXFU6flaJgG{VV;
zh`O=3wi7<hUOBsK?|0`)u^Bz}@oQlKuWDQ6t{B(20<q>EJ-F@;P&$t_?NLy*X%Ckl
z0)mUiZ#`>h1l%Nwu}$QHx$O_hk71j7d*!Y_w-Jv2`nR|6;5XcM`^_WAHsZg-pGSN=
z0aJP)j}?(R2O4-p5s8F)b=;%KH4y8}0<C9sV12+D2DC(;VV&WCK9VK1D6c4uRIc!^
z^9#fQb26g32r+>bC|^{WD8YMiih|&5-apUd{XYr0%IUnov&eHREm`B&q~AD(`Cd87
z=6;nKJ)?OExFhQ6hEr(ne~WPQ-LDV?04z;e4JjRWkqf|rVE3)#>!Ci%g%*7pe&k5_
znaKB0fthg-mt_+KXX(3!hDqZszvSEgGQGCdxAV^s$`EVnU6!_ZD(K$B14tV@vDftq
zV(Af>{1a_r(N}mB5Z}y}*!*K2ZA@vP8q&Y=m07OxyzMx>2ztm#mh<89>_qfP1U&-b
z%V*(sv~jIWoXlEMh4YNxB~PoSGrriM9>>ayq8^B3DPwzom7pG@JcC&Q+f_zD`L7v(
z1}qOUB+vWGF`!Pcsi~W8hwwuA06qSJDo*Xp<L_qw!1D}#4L!3C^XcD#aLeAS0eDut
z{_Wh<Qw^<6`hqS1{fWJdHzNGbjnwcFa$WDf0679>&s#aV!`lNTc?m{IY}g?Lzd9KJ
zt@DA;7gC7Vfy5`S&l+@@V~^KqS9^`j!})V7q=VXv{~c}j7u&l!P|kpKmE-7C%mDg4
z_bL`@=x190g6B527Q0By$F`C^@$uZ%hJh`e#*1YQqwSV|tZ*@nJIH!OSF|}n4HQ4>
z9kQJWFV-_MAFP%_*HPKTzpd?O<ch&t<mt(`3lp#|vA*fTZ>G#Oxbq)KXwq-(2YA-h
zi61O9ZBb36wIT8qSg89rM5H767e4zBI}H!MA#NdpKc<4#JiNd<5JqUY?oc;IsBA*6
z1`hw*pGR8$*Pn&%OrHmi1(7IM35{d3A+bnmX=7B8okOt#O$<`ODLsW0YA`DQ1Uy08
z{VM*kKCrNpoAd=~GT>q2bIn*o`?v+I4~CU1@^FngcN#a%9}tA?`HW8oJ#xLR#ikyx
z<tJ0Si0lKFC0s*<O7lC&r++khBS1ivDs1~6RVg@Nk2vj|D3~?h9v`(#&aX&;jQ_TO
z3*4MO$S$`Yq5;Ez!cjYA6Kce2OWXxl5&_mXU<!H)SWY`bCgN4MG$fLvg}W|8%e%)L
zj~0q;O(sjM|IJ6=)kmlkE--!O10xdw6GvgH2UU7Fr#gTCEkk<x+u$g&3G{5K*}D_+
z50owD3Xef~bmgY+5GRejfg9-m_%Ft{|7v*SNm=RIa}Rs|NNtbPc{rL`@^0|PH%b1u
z$=xV+?Njhy9?z{a-Bx(!snlR+)>hRMlHVt-f+Cvzu9143yv1aPpS06*8&W73-(R)2
zUyE9VRX1;v^GTeJE*$kv&!8331;V>097^pHhze-m5+@X`1PSwV3;C2Yt<(L$B@v7X
zR?^`ojvDL<_0z5K=(n1Eqx;Zy@2<;E^_U{@;QHv0QTUR-zCVY`F3f6D7?0ztR@+pU
z<hzgclfgDN&EpJ?$Gnxb;a4b6@5^|zD@$_Dgd5qon^PG1!PD+RksO-^QOR?=Usg$W
z`2rM{m>QLCv}$?9U)D~=Rn7BFTPqjdLf6vHqfG34farUZUhf3kOerVWIon>F&ZN35
zs)-w0K(cJa(3{W_siRa45Vg(l3ydo+JjoWnMY?ygcmq?{?!9Zl1%AQh#F%M&ej!eX
z=yWRZCB+E}x$(kDY`O7MU#jO-%WN0mXIK1$jk6K<ZD)eRKY+@9_Bfso0&F9)v2G{r
z@CQ+Z_NPqm!9D9dqp~rA$hh+~5D7qJ)izv|6Mm>#=D4`<efWgrtZfg?@zdaC^w^2{
zDq2NncSv2@$e&RE!Lpg$J4Ij3E_lv}7;;h~i)AGxt=Zy#KoyYm&24Gc%YIW2%gFrm
zZzE1Ei;USehh05Ku9Btpr^tHqZ%>{!6?M4_&+r>7Q4fvfJ(JrXz8LI^U-EaTYmr@$
zh8;;q)x_0O`{k^I)h4VRNN+du%HrnaJh8=pU$Bf=Cl`=<if%`}SH%?yoQnNlW}h6D
zuV$_&CSqEeF|*;#{N#d)svEDLj;-Tw;|Pm+G_`n7m$c7RW)h`-x&{%V4L=2(r5y}3
z&<r%|8UX4db>QqI5)!()3xw^^tkmCauCX~Jmi5lPYP;l%)YE>l!V{vMHh0UqkVgjK
zY`cv5m;9>=*%}S4Q6I28G~(76l~!4UucX|iV2M}=j|f~Rm@o~VWvnf$Y;`K$(Uu@H
zW_R19+iil_<XDiukwOqMhfyzPi72hp_dy>4-E1EbHmxZj+cfp8M{A(ym58fQh*p2J
zqPrwHG{SntF$nzY6HL7CJuUolX#Ve0O20q@#ne;6uNje0@9(U39tp-P#V;shuV|&5
zf(}PJV)aleFrc+-*L?e1@&tpW_<kzR2H^ZW!VuBLEVdF)E6~h2V#h%@I=Kw1`A5da
zO&RA+h4>mpMX*&uhBBTVevn}i-#ws?17O{iITzs<E=65$PnwRa6g%I%{l{~hG||*t
z_>_5-=Fk`&EwFml71|alZfEpPD<WK*bpU{0wVA*Jy40TPm+I>``TIVnSyDFp@J;5f
z^%Wg+l_@{%eu3hHAoi)HJ|PR^@lAf2aq#Gekq;|to#?TEyqACzDh0)n5>YyF+D~T=
z8e9sa`ch*B%St7u)v=hg0@i2Dx;Gd>k*~0yI1EsCY3*7n#h|mCGinr~_jOsRQ~$ak
zM}3v&O3cRX?8+wCr0~0B4&Onl$kb#slUnz8Z0?s<)$Sd6Kk<z^E@m;FX^hJCzIE7R
z*OUw>MI7rzg1wZ*%3JDRqqC<Oxzc_tb=SWwTNbktcb=QN#QvOf{4U=6$c5yP2$m~0
z)-7AtEhjB&4u5fZpehEx7JNZ3*l=XqxZRclVz=v`!RkrV_$YDNM^qIaKeWTYw3~ST
zl^dD6?x?BMES@jbbt6ygi5hcZ78OYtx|^K6?73F{bL0HL>!aQ*w!eVE3s;p9*Ghg(
zpy>=>X#N(@)^Eau>(hUcU!|cNC-0LWwv_l`KAf&OHWr?7_zJ?6(UBhZ&bPRMUT4(N
za!1L#`b|2@*H6})`FF0_ba+%=7KfCC;dBH&xUe-T@b+-`NaNx{TVC+pkcQ&|lZyDb
z0lWOUT36f=7?e)bB^<JkHgeN3K_r8?WG1owhko!QY6aL@om-tAk))qI`N&c>L}QiP
zM`c6KSbzxgR&b|xYAJDbEU}YxDvJuwKdmW@h$NN}`Dt#6KhP2Nb8QU!gi5?QLbnAX
zCz{Nq%m^th&Y;5$cOvB?Myj0oq@4wDRK)k5+N7Mx6Vg3|t-kjqZ&+4Zq57V;)yu*)
zd>nQ7vI&|!e1pyw=%yfF<opA1*EWj`5%Ul1!^V8q4D5$IE+5(^`uD}R8e_to!1C<u
zUCmAtoB|wc^{jILt{{;hNI9_r>aG!ZK)a(KE17txiHzzJF<ejw4^OaW@2g*aM;gi8
z!&~kiob@Xsi7A|6%^FEOm~pFt^Nld(T_k#sJ)B{N<Ookz=M3nD=tC2gZArm%9=pw+
zV;6MJPL)s)j)~sUZF2NY{&Kc*XoTOhLdZ6nuWxO`^g;DtNMQW+p?&fm<+<Duu^D<J
z-|^!z?~ap>ky6_9{&?n1_Bo@$w%m?X`|lS;NITh7Sl^lvaP;oR5Tpa)y;@^A+6Utu
z^oDZl6>VZ52kCyyEUHb_bAF<R4>?PFItSJcVbH<_A#*D?5+RgzQ$s;KPcNO<y|=oG
zJyN*pF$DVl7M?jRrVvMc;=B+yaKcF78HVSrhu%Vs*e+tK{3fk+Z!OU01;w4VMzZs7
zbqdmfey<yxa$rxFB%)-!*T0{c$y@MhVCBZeJYHbS5o+a@4`^QCj=RcTVO^WzpQY}j
zePFEFk2`M8uG3}N-jSCkZLBPa+&(uS#^PL>z67l9Ev%OPJ%CGRH4A8IimLLn)HV&J
z9Thhk-gxD;(km4wTyA<<uQgsyE>7N$sAw?rfV*7f^YxwegY`36g|nQq{>;cs{3Ea8
z+PPVc*2R;<d)L<tJ+w*DBa$Om^HkPRoU`%mukOXBa9*6ET{b3+&hV9`D(5PvHeT<{
zHT)?l9waVbCn(;&teHtJ^CBnzJ-3U6@<=C<{G(`>ugK0Tzq<V8#m)AzxB0Y70YHeM
zpCL?w6O=?kt|SyF3ONiFH%tVRpCjZCVj-0(u%DU`qN1`8VnU9J31RzW+(-CZm;CfB
zq)#IYfUVc1Zk@)%HPzy``;*r)tE=iVKwF+^;A>+YP?B33%7gHM|9tN58YQwG)g7h`
z*f$N44K{(&1$yuAGmXh3r0z}#HRhI2jJJPaob30O$1?99aNXubh{QZD;wtIq<+Yxm
zn64^>QG)2Q18V_1(uE-m?3yN86*51DVzkFs5C~-37DgO~czJ>Om-|!V6ju=`U05cD
zJb1^!9ab;!@jN&&H{~nyT#dY~aW)p71Ivc?Im!SDC{U^8EInHdi->_w&Lw3ZvaSAY
zur9!YtwPozZ4t6B-@a6<<Z+vUhM0P>pax<CD*}Qc#+okY^RiS`Ynlu`7N_{uR;<XD
zb!r+7B!CP7{1Ey!YmH*GXBa?|08$7_7<sfzYOWll^<FKK7IFK)?M3-1=PR2FOg>_F
z+3Tonav+|-s#>wRwo4ts_vhV#6&<zZSu!<#2FyTF;B7z>M7iJ@QE`j`IFKSh0k#R_
zoNW2w8xNRMn}c;ux?COk^<n_b`~K4qj68ZK4OanPb3DJYebx3)AVz>S1gGoSwX8Ov
zeVY&{5<m$t1*><m*s7X>48s%P5TFV9jjlOftkk$s^!OgbY=p#v;lQw&(D*qo#Uynt
z2J{IKfe2+z{t=CmNyepXU$osEAcHLvtOi?!wNBTfY@f3o|7YVHYnFxDLF_&uQ2@~w
zFkcBs`9mSkB*c_qKnN5LAWuk@Qr4;oFfawC2RuL!Vco0$L4V6`@$IuBJW3<J%Nfn%
zGkNosz<YP8Mt&Q(_N_3HqUMgZpSoglOetBJYQ5$A>P`@O+;kgUZWkw~&wnoQfeqw3
zC~#UzJ*;9LyJGsjXJnRQMmFc^2d)Vg2#QX`)A09yWwicCP{z-3eAnhE=KFlPwEZ)D
zXQ#0*`8xDGlu0acEjW1G-n(1Dk-&9|6ez`nmfQoi41F}+%QYVSuZD%AXE8PC!ya3{
zH?0NY8>!7#OqZm(pw>BWz%DJP?6mM?RnC+DErv~b4AxdrRhn@e)0RS5A#q~K2lcT9
zNBN|wOR3swT6P<!a=>Xvt6ka@>Yi!`71*4V^_zNZv;Xf_F+6oF(Gr;{H$fqvPg{%1
z0bl83b#~c0n<}@e_pGg)rhE>gYO7w^?H%=$;9bz)wR*3Ny3BUPGROF}QNB+{ESbg+
z3~Jg(q}mboac#zxLz$}90dEHWw=zCp@flb<d(9gd;8Y%fMTM~p=U+*<3`ISa-?RO<
zkuEj0PG?_y^dpi(T9YBW3`6>_q$)#FSqFovhj-a+t;zu!^%%La-I-~oRFsUWylktl
z(TU2z{F-$U&62!oRbm~+*t`juSrG<eXcL!shpmi!52;J4uS7_exRDrLPzP?qc)7fc
z1t|Tlg0MS&?43{XH9B!NkTv(3FB@78X*SScM&urONUmFuN>}Xd;-5-|^ia;Vo%QXM
zgv4`(SW9NMIjOGU54yk&d&s?K{9Z3LhfUJlj#EAFLEO!PD4z?XWlHnC6=CM=yT8RE
zxvD>M<_v4c!pya32vTArbj9(694uM)SXM_{!01l$VB-Q^?^+qQE4#yV#R1C<ySI9^
zV}I71^lOej4W__>+0cRfzWiHSj$MrhUPQ@vA1*QkE5Fs7=G(pDy&270q$lm8Gk2=B
z7e|sG>P!P|lnl@*3C*f*zsAVK2bjuFQdKWhAIg}|;4MIdo-;9-mHEaVhw_upg5OhO
zyT9O;PB9q7joI!8AjZKMN7@tK4AE@hK5EfiL;P=j_JPm%6u>hsZ0J61F4V2SJa=4$
zzBPAH#vWdGjOt#dZtEU<jNc^Kd3*=JcA98ua8gyzB*IPQG!+W$e~x9DOj-x(FNRSx
zMW;ZGq{6m7uLb3YAjtC%08n^A`@vtVEawzjW*&qcB)QDc3Y$*(s?5!>HNB7n2uHA^
z=OmXh`)@m>s*tu%PFG~<*T13D+LB7LGw+6THCI|X!{*vG1F80`4Mdq0f^$Uo>WzuZ
zkZ@PGcHT|%rv`wL<y-OeFS<Rx(}teJNf4}?5Uf2_B}R7z_r3Yz_{I2`Q=39Nldv}7
zh+ZDq73%hwqRhX_LyCV!E9VsTM$3(<1rL@iONlY&9aK``&YV^LMx5TOWJa9*P>GN}
zahEO>&5D;+w#@ovT3RtFdQjRiDT`4OFe!{Q4bDTWnlJrISSFj~!ciu_;Nof}KjDIC
zC0FSpZzW^v!eFIv;qvEHHp_+3GdX*~<AmE&{;1$`UiYXtdtMnU_gj5ZH}3VfzHXRa
zQHqP<sltZ~3a%u$ixRGEpbN8S;O6we3B9LGN^bLst!_fd43lnz_%w_+V{~CWPrUdH
zl{Zmz9&;O8bb&+L54l{}HafY&@HTw8e5p1*xjgDupLA(u7szz+IcKqS`MC#hwm`FE
z=o6<`9rb+16PXX>iG0mAmWe#>HaKrN{j;)r1n+|K8L#x}@;PCx66<LrtqSYe-&$qX
zGmctS)^pNYr9?$U$I!Z=YI9b)DT}jOy0JcmL=U9*Xdi`Vb5r;AK7To8C^r0>rZGRT
zZ3}E)9ahEKoke)$hg?W`#EPAbc|^>e(Rd_|?$Mn68BUAVJ+#BVz;1NH)UV+HwHfY-
zouQTPgv5K}$qtwa4rVF=(tb6gd5*vSjuzkg?>!0IUnINAT%RwxT8Ay$UNrr31+?>v
zuIXM>AsbV!NW~3a8b0}HjEb)i(;wvG^9?#FF-S^yP$3l-d;LXXQ3Ry{xlsv&6B4Hp
z79;kLP-6CgmX;cpeVXlz3%)FPBc@HtW3fj{DsYU8zASzt;Z-e+IIr~j%20l{V<;0}
zAm(H*FpCS-QlcG}u`NN^FL0elyj7+=g@8Q9@q~i=jdcnZOckDx%k+>-s2G%8e3VD^
zkSCxRrI(+Q%k@y;qZj}+4MHUqXo37UpM(wK@*n4koMfTztl*A-XXvK?EL&!X2##mU
zW^mm-VJGx~1zWV4FMsl2?+07<pa`UA&Sq%DJ*YPb(zHqX52V@9dlHrW*ke-nFoB}j
zJQi=^oL?BPQ38Qw_mJM83l<a;L8ojPW+Di$5nTc4Y$=Dr^yw0JxlPaAp#xtFhFh%=
zr*&64P!AT6fGLS%z+=;cB?e$k!V&?n2GtPLd2Za0-Fd#(;NNK@vO3IMfMR=?I+NPu
zIBp@#Ye~sRaz$h*O?g7bRxsy`n?9$>1Ftaa!NYi_H*!ZC^n2I(&S|Tz7KdXmcFh3q
zmvsy~w92vPG0(Amus!5spYKywH(<-R?TK9Sigvr4{v3Jr(T(V>J@zB?6?>IHb85%{
zQB_*K5m(5J3O*^9Vm_3DPycxMwG)eW40z2E6%fvZ(B;=!1Jf1yP=oQ<gTmD}O2`zX
zH-DE~&?ZJM)=At1P+_d)&;KN8GFP!{lFB?I<)ALBUcOXf48K5ms9Vlfs;;}3e0xC4
zKwr?ec`8}ze+<JVZZe-IZsK?E1{x*i>tU_&TZJtXD%piy;5=ZiWp`{T)=DXTp|A0u
z+J1j}6J?F{R7|ns0b}q|2^<F?+Bvd($H>H@W3@?dCE7FI4$4XjZng=Zii5$#%41+6
z+cUiE7k>jviUuaWiG-bo&2%f&GraE?PYp^+1QjKVfc-*cu)pUQe*#LH0}(Y2gZ;v0
zV1m8Wtv%0WXp+Fha>2-Q>(Mie1xl(96*c|?I}L-0h0<WZJh$45fQgmU;4s54%?{k`
z5ORDR3Hyb?z{Id;INvXR0F+b)OgtGXiVg`|6NRac#bE!<FP;cYTmVhnOh!SIIEwBq
zGO7X*TN90`j>Eu2w`VvOlvEHh%I13o+y*AbJ;OzQ@${gi+Th|%klv<%p79vJv@B58
zb}%zn=<#<{raDdo6aAjyPrrC@P*P}caWz=dv*7rNS>?xfF>yrbD12CKZd@iuI)i=p
zp5YO{cx6!1VsP<Eh^R~iY;GbZM-qd5qn_b^e(__Vr0U?}Rgh6SNZ73?_emKe<6Lp$
zQGwqNnlu~<=y7~had{Zhqo8<NABCGO(DR(;iX!%a_ZGeArA8Os4YlSuf`_@bjLRy(
zDVDPxzv6dje>n3D^9eKu0`B!X6|R<`?}fZ2i54a9mAqw%mMHI~yrpv%&F?k6<#S@m
zUayY(Tv}p$4KlyFU)qwZAf=aPTz;J`wjpS=bzXvyY^b^g*T~OGA^!s$6IMWEFHHrO
z>(4U=6u%v-ljKXB&BUoqEtHcmINI&&X_`uc42@cC7@OADX>(U(sxi<uCk>6BEk#Wo
zcT`kSo+XU~S4D+<@q8&gE^u9nwE_F^kKcz-<WA%}AS<}Wd}HhcXo*^yy%}HJ_9~p!
zJZS?l>`WU_D`eHoHlLceRO8_DD>Y~<O|?nJGz@7+9qE>CE5gLo8ZeAs&U7)CDj9PM
zzX(h>>{LOfJf}U8!<xy3JF@eOPfuQzJ4G26#_k<Eg{$Yc&WP@5I$!0Z-pWlq>$1ls
z-WA`Tw7n|?&AQAj9t+0TjXpd1Uymyb6b?HD4lA7=IA68-6{eQ9P9Qz=^a`=IN}~^s
zmG997UR5px=}p?QCndgA>fH`mbtWX9&UT18Vfr_2O5939?VBjK$G<jp9~oY<xA2|;
zkE~V{9dIAHf*nxc2E;#h9X@z|#B-{5LyGL=@QrTy8#3XG_p~#iZtgJ);tuv`U_<X2
zf^|$0ZiA;nBpSkb!6@&LK0*`qIX^>~^%P&@cuj8Z$fUy78*q&KS8rQCVr=y^Ga()J
zxz&JR)*Wg5kTIa93p}U+Q>!C-0aXK9X@FZB61)%V9Z)WV2=<9DLu44jzopvN5V-cp
zFGIHPU_EjH42jM|!R?U|frgKQ5<A%Vp=kD~@<7W+aq}Jg%uslH6b7Ja3z+&2u1+YP
zePTOvnS_e>Ly1)`p>k|_NLjp9MS2OPit>UiyShSIu?qac@5bMis(1@(jmj6Q&<jfZ
zl{}@Br#KH4r}^2+X!B-`Vz#Pl^RA5|7b@-Ze;y)N3m(h7t-5(~5z9nQYk2Zw%8XZ)
zh8AEi$`Vii@>EWi)SqVZR5O%Bo+f<n_)E%9)7z^4lw_O-ynhW$ug*3hS{C&2NDJnl
zok_TWZ>Vt2DV$)o)%(al&3!yrd;0lEbQcdDPu(BA%J3`u{_9?}zSruM|0-EJ%eja8
zsNXE%Jelx}+$?K8x%duFrEVu1uUO@os++!)Esem}l~oJdIu32^ipoU}>-NUJRm+Py
zSM6>MKt<=GfOWS^503>w9ip~GMZqHTS&K_Ak7ZV!yta8o{UY~ShYPUHLbr}VTfL%u
zk^QXArLWCW;#}h{xAa>*G)WFac|nDBK@LHAZl0xaqOT~X)cQ0{Le~4P#L|F}H8vxp
zDBjX0J(W^cd2XDIQz5-r7JhEFVRt@6nOB}bR^qPV#Dpiqe7wFW(qqz@eM2_k<d0`+
z_MyjJz{$Xg*xcGZv-gC|q3K<O$HG19$Aq<+AC3i78t~ACwZFq~lg%zI?=a`k_AUm;
zEF=TvP?vSK!(2RV#w-fQdNA$AEWl$+mW?P?>d=^V!^_AlRbj&X(CIGtWp<pce%$7(
zbNA4ib;--Pi~Vlg>n=;v05e_8tX9(~Io;H(Rnt%{{b~ZqEJ@RLF}2Yw>t&{bQ!owT
z(7b-eh9zSHvwp#bb!`H%e(s#5eS*;}cE$QJ?c>mo+X6AI?=XzpDkg33Fo@eyK5gzW
zs?~%cgZ8kj)vPK5@6Zgp*McI0`cQ;*!ONs5t^P2R+m0bMa`J8xUY_xYXfjgXt~hpX
z$z#N0#bdx@;pFJvP0#6Tr|bC9^{vHwBV|2hLw#L+!{^fa62vW+cbMS3>k`pn%YMsw
z%Q3XAV14Ei+pU6klHf|-e#?!rji@DYedH4TNyM$}EuMGcWBH>$Yscr*=g{ZUXUFGc
z(%HOqs}+7d`0}S)ZF|4&DT7nDo3FikyY+hGCC`(DTjyJ1JMd#=<M@xOuftQ@+eYB`
zwygv(%YTvWGSzyt0e>m>lmJ-i+|_fbZslChAap;bRsbZM14!(uo2S;U2(A%5Lp%C5
zQLakd#(6KZuH`+8JLWcVt}5Ind9QS@89Y-u#x^m&vx|xL%Z=+l;=}<c7&9oeMiRm(
zXs{CbKjr(Q-Qy*Le$K?FN~TNNklB(kBrqfhB#@vIjbKZKnM9bxn1q`|ucM7%ju4KZ
zjNpu5j1Y{V;Sk`U;o#w5;Si-EdkC^H-wK)hHgPnO-tQY$X?>-$eybbYRF76a7cxC~
z_ts6^dz*SSjJe8iM*D!UnVEP<tdYw<LEI2?^UuP+(F@Uiwf*2YUm$&uT&9fo?(VMy
zM{P!wUgsfmIIGF7JnBISM;@wRQPYIb^jB{(=G7RFsWq-?si;kX`9S6I3zcP7hEo{!
zeA6`dW7VQIue-|{-L7zEC`GM1-Tb|{R&3uO2(E;T#LacMWC+O?LE7W>IQfqD$5*l8
zx8of7k$yqA|9#ww?&N{oCEOtWrSzcfWtsNdpWScDe0_FUXhj7G9GO19WAk%P`x>^d
zy&F@Ns~dBbOYGZLq4OsSb*HcB=r)m3jEio}>lu4G6$3qar~`K^b(82=GWJRW#Xz$A
zN`g`o*)S%g(z?|^%Y`)Um%yE489tS&sw!lqRSB*^X<He?@+9vhFS6qyms1Z{ai+2t
zpQ(bX;Ae`F%_z*<mz&o|cX*A@kIuE0m#wI@+M-5F>(vZjdx%?7bBvg@M)Gw2-uM%_
z@Wf~?@z)t<ZjPqbv6AOqqW-=uiM}T;#7|66yI6*=YOy};nV7v@$(XHXi2-O$@8?xg
zO^@fc0z%r@G5^b!(Xs+&+8Bp??!o%qmfp@shs#oh*N@w!<x-yFs0_WRl)=b{Sx*N&
z9>&fTVB`~vC#)U?V|~iN*y+Ze>0KRwyCYMNfw4JdXzc9Z?iK)fiEaC~#l86(oqK;%
zbw2C!twm-AUBuD{%R8l=c0CC-P<?|L&Tf~hV_@U((%$U@H<p^;G%nTaU0?j*tUGoL
zT>*!BM?vfey>_Mj(-%4GEVtL0FG;S)3;BDy3%dW;`tqfQyU9Ob8F5WW>fDbY7hNDa
zYe&xu6Ch;ig%T=aiXUv8$35BGIQ`p2Rcc!ML9ug(d_leQ2lzs{6-Y-FR4J!HiKk2_
zLf^sZ3&1MK$d1wJ-C=dEmPv2ugex_F?hNcYkD)NKx4EsQ>IXd8u3cQ%SN-@VhZb68
zqkX@;aWT;SEx;R;bv5N&Ce=W{w%VWwc`i6jBv9DSAbDCl&y7jK!rg-G5Fr{adLSV0
zCeKoXjg6lTZ7kR<G}-WAI%1l~i>`sW0VN}}DX3{DF^?cmcR8UE=wgG`HnO^nk!Ufx
zqkib4jB*ru7Ye`KYoBMYq=U~u$PhEu7rrB^gTjEu5J>xRX8!E`?0*gZEYkA31+@xJ
z9YOuOZ;!i!+d`qktAn=`f)|9h-DclsFY?a3PPPuQ6q@s+xi_bmpqIej30>jMA#!fk
zGFUr{Lmsex>Fk_f-#piM;xEBH88c{%Z{FQ^hi}ffgP`83K()u=1SrMabhnE=#q%I#
zk*1gL>JBz9VBL?9VYR{YVtH#)KpqvQnkMwnnEShXk;whR6{rd{sr9kcQ%wIJ*2{cv
zw}CSfx?~rd_JudHq?;J32wC82neWvy*pbAic3Y|N!*mVE8kw{)udQEwT3$IncSYna
z&KjGvJ*vH1eK~)31#QpO9cHk>s*PM7INx=JZ72H-!n-zK56iG;{R6CQL1^AXTn}%z
z=ll!+*fU=CeYk@l?UL|CNnBGA);E}*z`y2q6*8XDzLs?rRiEL#9_qi0@0MvutKrhU
z*afrIJ)%uXiI~Y_vZkb1Yr%X&S|c3cSj$Z{DU*-(e?iJKsD#jL3(?C%AaIL`7+dtd
z)^HbVSWHmUHyoiuZxF-I0^z6OS$^ru<9ImJNcLDn`OET&qY=ZK4OGObUVf7=hphRB
z2lpCbO;XC+xJ?QV`{kEm9Y;P`T5EY9{rHyg0C%Z`L4m}AT`?lLAczBbiecX?ry3`9
z$3zE0wjf9BvgjZVIABx-B-CxHNQ>*`Tb!oXozCm1Wo5TDVm6U!z|)S)nko&bI;cg3
zf8LR(nyRK@7|W?9Vi<d?=3p3$EFjw~^4k*kM;uwIMS*7lkzGT$M1U?uTtvcAck!$Q
zMp@C56p~jq4oxB*^<yhzTCZZwNG3<eGf0jv@u0U(ChkOVuRiz@bwpb*11o?lKfp@h
zRe<Q@4q!*%aqlgUZK@Jc80YaIG>`7>u0S!y`_<vATkPe1w6v)C^wwK3<)=<c1@-A~
z@uVH^4_r&t*dvzY`Qc>TV2v$yP|^pudQSjiexY8>Jnheih$PPeZr04H7IA&9dXmI>
z=8SpfP^W3`A0C+nlTuYF`g1>j&+Y!66D_s0jPXtM@VO?LVxf_)ESIb-chG4AY2>2O
zJxUALFTgD`wtr~kh@D#eU6AiXP}>y+XnBAg)+*|KeD0~7Lg(la)`@6uB#QOpwO7(h
zGH37-r?WKHc87&!6nBS(XH=>HWcZVwx6Gbq+oL<+@<#i+n{7hpdptgHG=DIevzZ)n
zFWU?scpZ2_hx4KF!eV63O_E#m;TnNBn>8|_d)D%#B39d<=Ro#xFWULn&OYi(t@%!%
zykn)(@^9mvfNn`6rBd=6blv-16++W(5Bs2EIyws?L~`}&hYsLRiPVI!%k$Zo=q3`l
z)+JMeKx-tm*as|#;c`td3;3IZoWpvA+~fNR1_nug(tz{rZZ$*3wtZcf_27QWV|poE
zI?i`D!VLS0-P%lDxjg)_jyL*#XS@DF<9?O}f;&F&T`u~-HLwn*^>=slXaYMg>dv0@
zKUEG_MvfA7Ckr*M&mw%ucc$FcKFxS;M2LN029PXoM3SFLwBHpa-{VjO(J=+l$$f@V
z1otC|Zu^nqpYtqkM3{F&jRuhZVF;pA`cP#(=l$3XeWx^|+r@P+Ys(&!eV=i`4n`cj
z)jaG0(*PSYBCiO4csbWHk~k0G*J$qu0KbvLAMEA<E#7v12kY*AX@Te-av7g+J={Ug
z?s0Mt&hnM?pivtrub@ex={ct`0<H2EILxnErojL3TKh2;W*cKVAP|1gFA#h%(A4ub
z(9{oSq-`ixTj{a?(u5#D)kLp`xdvJuanX;m&^%?NTU&7cqpQ(u?Z)V68OK{jy|2pd
zqQP*gIZtXQY}vyQl~)j-{?U_5{5;wox0bW7w#)P(LCt2s;_uc;*vkr<s8go84o&}Z
zP(f!k!7`COeJhe9K_sg{Fgdoifz)8~Fi*glE2FWstcgwF6LZsm^k*m0GxFY?MsO|K
z8RS4?+2k^$HIqOnJ5IZi?V!>#(;jw3AJ=LO_`rkQ5ZBP7x<FM(t6@vgdU<O$=3WQW
z8A6ruaCZi^4YplSUleDbQf|wi3ZGsK62aKAB78euhfHsj_pfduC}RUu+0e9W`k`9Y
z8qlV@@h|Myi)~NBr$YD3v(^?yj6PAism@ZKMMI>OptFr+Yv$+`+<_n7bWJ$&SZnx#
zC~stw$ZzOAG)?3_6ipaD3{8+eBu(r-)J+JJ=xZFA1I;=^6<r5fo20IKTp7zRJLg8#
zp-y3)D3jEWW?U(Dt%I!tYW)tgK70QTC?v-^8R<Edv@XFd>!oJR68~WoOOAO{(Q~S5
zU6OY5_d4{t^BD4VGGz;4$6^h#!tKHKx>FeP)icEyhy|`MR1T>7ML9=3eu?$@#<&r*
z77Gyl-PXXb5H<8XvBoKk?SJdOAcADw9Bq68BwPVja-!n8eje+S^kF|L`kj2ooX)H8
zzt32LMFV}rUO(`RjBSEqjRD0d5;+tjXT4?Zrv*@DJDz_(C4GgKj(Ik6GtTvgc=j@H
zCLxZz&GYa4S;M_Agw5mYmo<0kT#~uRvM`+E(JkwSi;!{PcvG@yCsmKqoi<u`)}2=_
zTECpPT(=xTTl+RpF5539pZMLHc!xelKUTBOeD-|KCY_GjwKpy<<=vXwhc=D~?U7m~
z){QS=pZ)>{S@o79Z}F!d_!xKNu`V#~;XHynf9fe!r>d{h?j+qydpvoDZ+h!lR!6BX
z(jFx}T|UvcV{}4yd_x2_Mf6Oo;XKeu@-?Jo9Gt@$<}gM@(?+_X(j?5hiCOtGl0@iZ
zED2O8V^*d33hq?wvS-BhFU=EPv>V1pjZ7}sqd#?g5o_}lL~?{yr!%MVC9&GD+lJes
zk7(k6IpsB7D<|in@1Ie@3**0HHcUMx1>gyHR~|7-CRi_RuWR}*c~INWq|d7;Yu`}9
zHy+4c1!-#A{rfM6$Xo>(YTNVrFU2nrVpgL&v18`x$$vj3OMamK+mrmDS#n}vYt6v?
zaH4<Kw=CAz9!B91T8=^`G!7n;?KNg7^)M{;$e({lDfIxKp+ZPB_h~YgFhO60@YQWb
zHR<g9D!v@}Y7?Y*A`lS9J)tJ%7n6YxE##M4Wz||`6<=kIZZNNCFxRr2;<B7_p3Oe_
z$ImJW7?c5+{e6_(b{zvr3#fOqZM!%Re=uV*`e0`KKrhV6zgH&zP=VfhI6q$N!ka4F
zPsVz7DU3XdQzGVHNzS$@qzp|ouXV>|++O&FP^fgGN|B^|u*Ck|rosE}&j2sY+?oNu
zT}P!_sTmK715{EYeml^Jg{!2G{`M&Qg``McCc99|-B{E#pUpE@e~<4{oP7`W@GqrQ
z5TOuw57jAVH^+o4L~4m1o#(*jPcciDF05>cD_4wj&+RQ$Z-MA7w>9mhB^hZ+O<$aJ
z4_;Z+cu)EvDmX{6D!gWaMNq8l95Oi*+<n#h{+2!VHO-#_XQXl0+&DL@8uNm2b(-x+
z7{1Kh@X^HU*Z0}U0@P*yI^$<)zAV@=E_qYE({_5?SFoyues!5Fzs~$>f^n&)nE>$h
z=PankmJF#HFQ_z{=`RF#>e+pzFJ>k95}ZBuOGu?je+j&(cm7fMWUu2b3jO`B>=UB_
zz4Y=b(U<+=vEStdD|}BVqTfY64R?#$;axI5_21vp*21mPO67m9nLMA7^9S-Ho$)LV
z^U`T7Mbg~Ai*kKNj%X#G0k*sP6>`Mq`_G!$#@;S!D+v4CRNVp}{l2K92H0?<?vJb}
zMZG_=zs7?hYog45of)#;smoS9e70-6Dj04E2D<5dN$L^YEJs}*@n7c(Vr^@r=$RpX
zvLp7t^Tn#+Uwj;)#q_vw3!;7;X~*oPrSxjLC)^cZvrVZ_)^G~NBx7;;qA<#gcZ|MR
zy9eHJCVhR9{G<Ew2&d`yAho-8z?kY*6%`xv6~4vS9-#R;u|HAqoHSSbWF10Pp_nvR
zTj9<Txfz!``0c@+qi}HK1?r)#D5M&97py`uiKQ0ItuOjA1&3ED?&K4N+xJpyMRzoG
zVs%Tmg`4Xl$6NW;uaa?QP5FE^Rad^c@M~@10yERj(rw#I;!ExxzZ~HB>CsMf^tSfF
z{gvL?<NMgy8Fv@id!E)8VIEJDNqK77QzEZaai7m4ApjO78+l#9dFx<8a)c$8?C66-
zt6Er5!OB)XlEKnvT#a9u??m|(Ti*~BkPP%a{45euWP^!-0<L`qqKgIQS|Fn%1myp>
zO=yOg3K!!4j0sbU;iy7NKdGc4#KLo_P|(Q(@<kQ@!bJT4G~S-w34Io~-62|Atzf#N
zqDoVN`A-8-kcZ_hFcl-vlL#Ro(Bt(2N!T!giB+lL;3S#-U}#`|Lm>V9>4_*;3idM$
zO!`U^?fzn0Xy&N%XkGA<ck7LGYf_69VD?zi=u>a@_(Z<tLm%{n?S8O4E$lu4%2G{D
zA1K?R_l(N=7g3z#&dR^cn~4g242Eg?r)$l0k2?x-PYh;jASPUBf~tWc7bH?DNS!v@
zyJi6J9k1F+g+x3K4VefAG^m6$2*RhN+U*hSr#5b&lggH&-V8TlpD9@r!-}__$Tpf{
zB|1wn{;v>a5EePIU?`|yV4N$T94ua+D_Ckb0%`<EC|V0MPkP@s7X6%wFcNIJ1dJcf
z((q_+_w+#ar@NshDCRdOM$G*5cw6e)u?G(9T?GMkz;fG4f$SMMQ?geJBA?UWLc$U9
z3K?9q<baK8v+@8jrq^BFoUumL(3l?KS6n1c<N%lk2sG8Uy|h|x35Y>=_%F$0UsIcL
z5Yom>6i7}c7LJVy`8&okaFdebMee|##B3(WoVkRsq#}87)MpYxHoJj44R%>w$4L&V
zz!2#)d)EF=p<5K)khCYqMkbjUoMktzipPyA+?%_fy0@lBQ&lvLdoS&m88En=_MS|7
zlMvb|P1M7Y8aBxE-kNe(Z_KN_lU>$4TJ~)6GV8!H{-0EvP6}OHPVfi0@u3xmFC(l<
z5(fl6jDJnIC@iM9%hjS|WWs|Mzz*1>hJu?=GI+-B{x0_^v*N@Pp;j2HPs~~!df2cV
zFIU5#M>1~3z#RbNArJM%oWsz|%{GczPf@%1G45*j7fweRzN?F^y`)9(ow%jg9CmMA
zwVci7{9@Y`?!lu*1?E@R1Gq75dNh$p63R2UDeDK7{#w`w*vKm;B_Ld+d?0X{GN7<r
zXnuwNptErOa|`l7Axfk%nN|+BSxwW-6RCaiRmU*%7abOEg*Y~?`~1Mxelhj!Y?opF
zfKf7K=Hm22JhU*uv$UWU(-uBc-N%?dhJIa&6ZYe73_xCoVFE!^LR56_Yt)q_yV}5x
z;-3-ObefB}eS}bmYHp`hjl7{i#rL|962P7w&Ls`_1LK)XU!yD!N*fBUtN7g_(y)!e
zfeXe1d+h<r;rIn#eSAxK_<res3-Y`-+a~(J@#2;p?Q75i(6Ni!>X1<L4NI#&8wn9b
zONZ61R<rBYi+Kx~O8iOxcqw3Gj1?>m5t7MI8w$42KliRV0b(wSCJc1D2XvCm^2MHa
zGgBX{UdE%`<9{n3&y;2lK^%a`R>omQ3S6-qLZ3W5oe!`z^5?LiKIjF&1OE_8SBBMx
zn<&ZOE9REBs2T`cdd%X{j_RqdDO|El>6~Vapfnkn%H@nAQF>&`R;Hx^cD?DI8jJlS
zOe2JHJtKFOXv5nl_q;-Q8pN>v1=nfrIigoZcIq(9!FuwV=HUBUF#beR?$>qP7tezd
zNG1f*P%3w4sO9K?VlMWtlYD6@`~0qRcK+?vukq>~r_}8qHM(ko4)*Uo>7O9$=vQ|y
zXgq=hIC#z*pf#<$_<MNX<mluhOVJNb9u}Hvw}wVVc;}aZZNx9hkuS)+CU8`JF(F3!
zZ&`4O{A-_%rW%e-drmdWl;q5ifS3q;c`3*qX%Hj*oUpGHg&;Sw*Va|uPx6^r^hA$S
zoWcub1B<N=$;jOCQEl9FYs3^s9u&}p&rUR=OEqjf0mA*tbUJ-~%ou^zGmaaU8&9@A
z!2CUVv=lF_TVg;dUnL8#+{!(-Kfu=dfJnjo?Kw}{)uda#0bU@pb)vo+0QNzCzP=DO
z?1cQXti0RZS~&EvS%XaEeyV%Qb}>^wcH8(T)3OXdbtfg<CEtr8x*0Jv@~`%Ub<I_q
zfYWpGj%_%>V-5p~YIBx{SJJX}qOQo+^`WNsigBT>Jno+D&s(bB{E`B#2l5UkI_}q!
zif09Vmv;1~XMdk6y$s5;W`u(vr|mmaCXxi^1nh(1cW>I7e<hi7p4(1`$6!T*S!IYC
zgP23qLh424VFi&c7YXC(cf*cZIl-#ek`8=<&@vAks2A~U4of{K_~b~tqA$=S*?^CC
z^}>l_faFKy6I4AA0Z*-&7b5V)AvztwRg<+9Ap_v1*8*r3x<kwKn`B=xfG56U)oAcA
zW(9@<Znrhm%D&qJ9epHlQWu=Kr-E3godO#oT;!(r5;7htZf6sJi)0St_<1Ep9a2k^
z%%0Ro?05``*y-gqi~;k2nZF4!R#KDV{1Ziw53>t-A4>9TY??9j!0N~o%@lD<zKa_T
zHNE90(YX5m;Ov}&JPV#ZKRs>Rwr$&X_pfc+wrzJ$+qS1|+qUiQo%`Rr5BsnY8}}`<
zPSmM~j5t*%v-11l*TlbXa^H`kMX5+p%U`1eq}kIJ@`Y`9$i8&#78jN~`AWYSM*Qyc
ztr)lFf;IcMGCCZd#-UPpdGKn|0!_n|lU4VA<BKk(o|8H6_*XEZrFC8>+YVN?gD*nq
zs+of*@5Y1mOj{SK4<+>#qc-mVMXWbcPUpK<zOv)ucx5z`mRh~_&n{<>93{jY$K{@v
zf3!Qq{KYU?HwuXd`)SBmhHeYCh5(axYP3{(l8gWS9}593eUD!?_{lIkG9f9zuHG?5
zcQ+2!QUw0-zidv<4=wG)9Z{BVN!t;^Yl{BDN&)?q1Eqlr+bZ@4rVRN|9#kCiV;cIP
zUPM8TTfO}SxAc1@78=^B<aLkt`Q8O76U%I5lb<|abLaVnEaX1bh@vfm-Y(Z1E3%tJ
zNS9iZpb+aC3ST4LVT_#vB}p08{nWUEPG_b=#IM87_`xRc>!d?ScSe1Ra;L0y?wXcH
z!HfDRaWE@O_>nR1ND2p_E=8im^<@qE)hs;VTA<}!h1koPHGGKDY3S*W!LLUq3IA#^
z`Oe`_JYmB~zKnfg<5D*a-%=R57+_k!Qki^;PZes3k`4HLn9ON1U<*Aqro;rP`BX?t
z__EL1jL@`c-t+bxEs!%6t9%lb{2VRc06%fgR8?^^O@7}vv^N=KX&B0=Ts~x8oo})$
zIL6>0R{P6ld757qf$;ke5WUvw!vs&b1F=JasqC!1e@^P&j1CAnO6;mRhBjQ!nf{{M
zvQ~ZQRpOlbHYxs2QW)u`iq9%7_^o&4AW#r9BoU!|IDOm0Y@qq)FZNXLdk2??E6E#D
z1uLeT_*ZK2P}^U_dV8+FW<i@M0VpxIK7RPNJCPB8tdz@}fY=&o^%sDh{lB#Swmk3y
zVYBKt^|ZYAHqv9DI2x~PJ0)_39DqD|wK26iphc^12NXMK?MQy{I_dyGqw}!EkLuP8
zWzC|Kf<$AFD-9m~CdQfNu^(%yD0JXxxCOM=xl0^s_HdEYtc>I`>o%zh@01@-9D~3&
z@I2xFX%x>LruSBd^BFU`i89-``g&S2XiF$I_kXU#=+ej>gJtj=5G2Uy+y1qGGc+B5
zpgKu3z}3^jxr>~XoKe{}`Ns4vbxJx##|}8rM6YZ?2Vc*+nPKwiVal|z*iM65*p92$
zIc?t%9QLT*Y74}|a>MOOA^j+`1*eWOvL3&P)2zHqgo))wHj{_Mt+Mtp<C{maPuVEZ
zg|yj7Bd{k>yH*U?_x+|+lhYlY<0G|7Kp*pCkO`^RX1O;O#H`3kSe7Pknf78?lyNuH
z(r$r}iq5}1o713WHRC3h<Qz|O#Hi_j7eRdn?dMfByN|SRi2l8<7*E;}_Y^bmdoM&z
zoO{K5SJ~a-gM7_5|1{eBkbKegDKJ09t#$fLWgd6Mg{Q_=qlnXhLvtT}HAcnw_7Hv;
z3bro&se9)0Q8%smFX3AhBj8(xRp@Z>FKWzHO*5o}`ngeuvgkF_M$we<7OWejiDOdb
zqf;1!Hf_3ao~}q(B!9TI>%_v4Va*d<uF6GVHgEpMJ5fVVpjS!=hH_H18icaj$9|@#
zi$7~zv&v9<Poo+v!NPpNXYTeP`?{z@(9Y)%NG}ko0OGHR>Y`tl1^3vUgjBy&?((Gl
zej>M5n0c?CdY3zCoQ8FBPjr_4?lz(zGadw@`)r2pZ<GL>w4R_P{24Ylwxk=Wv%!(x
zSm<|TTYyNs2(F1sE6EB@TWIV5_ElRaDHH~}i@a|JGWTAtpY2Hm)Ef+3PGT{73r|+K
zG7C@C_ooucx-XB*#(|vBmFwbqE4oj3QR2Q`z3qvG$!3I_8}qjhjR5N+K8X82E;Z&z
zk`fb1nx$<hJUkw`%P%Nhy<T|62X)9<ZxrX;Cx)(D2*a6HXU~`{9O)D2@$-9d>@q)Q
z`ZM}q1f$Mo(D)ITD8H#pUwY>2`-3g_Qa1a^n+uiTR>}CkZLcd?GCqc!5;oFPhp&_O
zM`u0u08dL?_ZGg;BM;!8PIaVgFZ$(!3nljUvy<RKM7**3GGE!PeywaJO=4;IPxDBO
zQO>^9YyS}*<Nof=|K5=@>1#KYjjU<TU#s0@2LN_|-bMdJ06pgNoE0^bBcD%4iI*Nw
z9dfTW(s|~V)%mkxK@~<Tzsr@wYp9?BbPxQ<f5Fbw{%e?=WvU0~V!fq+izthl!%pvW
zddA#p=V8G)cxGxl7T(99C5twFOpI<Tdnp}i&i6<0I411?x(VA1J*&T#*iVU^)UlX$
zoRQHOmRr3PCf7sQW)~QV(z58sdmN~^B4ApM@u>8H6fStrBe*g&>!4~IhNaK;Drq{<
zaD93mAP}2cz;!PeMVVE=+%-3XJrZ)PYkIOL@l)~HHP$2w!_<X@wqs(%mwb_X9Nj72
zsmIXp$@*A?JUgpWu@D9LZ6iNf2IdMKVh-~gQ)e|xZP&_xq`+>E5>u*T@NrWP)18f!
zS$f_TrNp9*3?wEJ0iSeSWa<S1iv}`t0F@%jJ{xtpU=|S30t&gssL>xYjk!A<`rZ?n
zJoj7FjE)!BcZ!PGFUeFwtjXsZWZxoGN)xSGvbK6pO3+fy%+$|QB04mEwA?~->hNM7
zD84uCl-v}nw#%t>2m-f&O32jRNoouw4t+EggM2LfF$;u+w>kLhDad!_Adf2OZz?Ac
zDfAR!=;F4c41E*}GMRjO1dE)sXUo3V7Xw<Q6~u*5j1+RLw!mxaH;d3U&gf}os%$!7
zUzs}988JT&;S0Ae6xS{^n0O!w29Wg?C=ihD;EyNxaTa~~kBftOicKy2I%t7mQ!Oqq
znO1MyA`mBjThksD9s6go_tz6d*<MIa5=s^D>6s`*O#+LBPsHyT{56=MmC<ne8%=~v
z1Ip;%CUi+C0%34~u?{H|2q8R45P)E(;0X5Qy339(p<iNL_u3n+sPu=uFT?!g3W?%#
z0q~n#n6MQ5IvmZ11z3*l=B&CBgP#841+$U6MtzP~F|-XC)0ZV>f>p1kSM>X`SlN0(
z`fiEoi?%(ED5a54i#gxai3sV@OcBm}y5*=XE8`Vj$t&6=0X&OLzLV7L{ns2S?L61?
z80pOcJxu0oWu&aqvrn`D?g5u#_F}Mt;7@`#e?*MSnJlc6F_oF3>A}E>gP7bS(fnm4
zs%7)VwL0w=AQuAarpxQ6;fqGxF&)iMNi?)ynYb9bF`GS8ht7Q;-RotQr%F{}(2b^f
z2%YXaI0Yd&#y9PKKw$7m)$`GEJ^(n<GkUHT%0YFT4GfZatx-|6nlp!fr>)KxiMQX3
zN9;5O`88cK6!MqxD%!!k;TQu+S;3b5aGjs^-OnCR?6tgl5e{fu>pS7W3p$=c-H072
z#3kFgBIci9RiKxmaVUMHhkv4+QV>rjZSdf3Rx_euH9YNahU@CD<ZQ~ggHqY(ZJqm0
z+x~|yb-VxmXPP|+2d5M-wvxi8dFrqqGkuX4<8vkVeCYaB@f>4&q2rp_H@$9<NA{=V
zPv=u#-#p6;AUp?89x5iRzUFP8M&!Gxv`wDjZ&EGBb*(-WLX}TXQBHE616j{G=2pN&
z@^*?(*m&2vWPx0pOL}KJPvRr7GVyv_`}e&cuLO6Kj|KUruKfW^{|f$L^kzppO!5*5
zSL_RCGQHNoouG#)>-3>*tfs>i6-jL+V3}e7Ct+zb#uqozZ__uTmNO-y&$Y3**7d@J
zIGurx#{zBXL3#*JyrmZh9`{V{-I_t>2Q$(R0OS?&{hn?Qn2cx_WeAWG9>VC)FWvwo
za9Ai4TVp3@M-u~^|Cn}$matGv9E=1E1phI4c<99}tes69>BX!KoJ~YbjO>g}=w(c7
z&792%n3)*)_+X*_&vf@}lf*I00S1K78&4?Q1>xI7j{3hC>%so;I%ONmXMG97<$qE`
zs&GD^Q_LFTRS2TwA7+jfo61{K=5odDYSLKUw=D~CV7}%gcfB~w2NFTm0q@9r>aH;+
ziuN@leZuM)EoP#9g)jOzUD$7zicend`g4`ayG@+8YbPae+W6I9A#l+rjMUOKe_#W0
zu|MXW{}MZAsZ*^s<Dc}MRJ>x)-lA~k8yeT@*TsOWqyyIx!Brj((N!e|D7rl-cRgRJ
z_CPpt_4H>9AF=DwpLvFiF!kx1u{*>P`C)~fXB%rqG!Y_6NXj&k7C39li0n0jD#^8|
z3MC`vSX&W|$MYjbC~Inr{A}Ojj*CcHRtPAV1uE4pWKAc2OoNyJc8oK>FIc`OW)J7u
z8R)%<Im#?V*8d)1u5HWdE_?%{fHe00KZ3#Z{}l{QPG(My|BehJ0TUAwI}6AE9i2-b
zNDY;frCX1iZe|AP$zd7>8aE8EcxV^~|7bY-03dX2gjs(vP)yVq#b|Su2q{B_AZelJ
zbQZ>HMw|7YmjcNki_FAkvXrVX>r7u87U?W9fNW1wxkd0zm)kV~nX5<cw_b1Q4|5pj
zgxB_0_CxLq9Lz6}Ur6!x1j}mRS#H@o)xhpoGr#J!EGx|xy<ZMW{XpzDf&S)ZBUM#<
zJ)!q{VWrFSjlh8_W0|t6=JC$~-#&}!)2zr^WNKBfC-C8?J7NC1_+jZB(^@?BGNk;)
z8QR$7qP?|kl9#9gub>%v!0KjwdaSwZNv~$$av3zyk*fEVwb+jRtHKTVG%KyO_99SY
z*TI*UZI)iI*+O$5KV`MYiQk{L)5*f?H0f#|5yuZ~InA}8|1-N9dV<}Ev+&{kI%Z;?
zW$Tv=n}Elss&uVpP7~pQraw7Xz3fZ{EACY<uLBplK6Fj3^Uu;1b|(+s!mni?^pA(i
zjauFJtIn(v;Lls)U(_4TraCXDu7B@*T{D;6bQ+s35d6S~G|7QvECg)I-wz&w;4iLq
ztsy=Uv+D)+PVH`JOFv6pa#s9wy*sv_%MWPKSpN!O)agz3AoBbBe4h-V!>#hAh+~0U
zV=i%+33I<k{00`g?PtO<2AZa3-;+z)5CE;O@S(y_#fNaZ2c;n<jt<yUsftu?gmFVk
zS43=^8(n42a>o-vd9M5-_MOLTjQdOmzmMlRU8rbxF8x~(cpKfdcrq~R18R8<ygK;w
zw^?Q8DoFM~eR9*wLbDrpS=`umWr*u}W)@WOwe|Niv3dL(oJOBZAJntkEN4&do$$hI
z!+YoKpiY!V#MMe4OZ$zrxnZY1;sc0#4<8>oG~`dvM4S*x0Yb=6t$zlX@Xv--_<vkK
za(&*}pWg0J3K2pm#s59_KQeFm!Kwns#_g>5!$_0Uf1q)21|7j}Ddu)omIZK%gkcx^
zS<)e4XF;y&P}Bs_od?KP`LVurtk)yMDx?7}`jwS?SjDKAUyhIRzY1scKKmU;dc?Sg
zeeHOj>}s>U2U7zxvs0yaUTvIA^bX#3>VtW<`GIlD1Y&s9C@)ZLlgmX*T6*XFunp<0
z!*HcM()#T}HvZt-il51~L0{up`Tg)Wuls?18m0b-@9hu~4ZTSVN1@YpIre=nr?yYU
zFq<vP=drm+>C}~UNL5u)z{}(w(r0M^lrE{MXl{>Bj-WV^8ycB-F|VD`^HMVtFJ+{h
zS8bL-qSlOA21m|Z0J7H6fT4Pr0PX#F99G(9>f*snHpv^fj+m~ZJQv#%_1}#PM{IX|
zc2>FbQc93W8t28qp{YO!69CfY+b6O{l4YaM$&ef~t~Wr$!|nucH!q0^drRBqF!FT$
zyV@l&=~7dhwp_&Bt`(Nro|PvzequCinH%RorUep9lL8KoPc2M}!m*|3`YKVeSY&l|
zn%1G><KNkpRL-bJOz_7DRzXN4FoB<35ViG7ZA=M-_y$nza70oMmRl*3J?01v62qJb
z=^kgO^(*5w6Ke%*z*!A!wLnzpI^FuC_G$rLPuz`_^*{DSGP({uZq@?RpM~W%t5i!x
zpoZUIO<aqoWxvBtu?XIwh@hi;T<3oQ*E^W=G3(gU4y7cvRl<V0AzX#Brbe*_6$*Eb
zr~|o1Nu<`H=mr<nBpCKb?W#){c7k-i25jc{Yz2vF%#)o8Un_j1&?0Tb!h-ofExNKv
zk3GRYD26B#wz%9cZV6^6oZL0%{Oi=S*kCKVCUAKteOEY{XTu^Zn!+9Al9io+TZva@
zBCbu52}B8-+OPTeJNCT9rFPr2y3!hy_I%(tveZE_L}0%=|6#esfeokD*^t>W$bHPl
ziB%e6d=lQd?on<wHg12}d=op^TRB5<_H!t7^T)5QbW@Shq|Am?=YHI^V`@Fcd#9%O
zUd?SnYry@;N*#=HJ{IGP0o`lHuKdb*MK>FPJ@)s-o2Ooyv=oZ@NKX%-WAGWFhOf)G
zs;$k}lPvpp-_xRmVdLZ<&1ax#iWYD!)RcLBzAG`S^}y=tn!26(a+HI${BgGjALl`g
zxMTth9eVvO1zlSoBWasi${SrnOThRHN4A+ljU9$EGI-0`L#{)pjmpkpO&)S=;53AV
z6&$|4>Ey$ziUoZf*QGsN*b%kX`KF7FkB^IOPfcxgt&e?^Swt3l#|PNsdr!?en=aos
z$dmk)qm)ah7O9aIc?OABINZp>YNb_G8jTa0g8I^3&eh(a;+bm-r%p*d8?0Y7fYS-%
z%N^`A<AOPNxcQ8coAZq;(-MsFUwY99leeMmPdlwU8Q0-!3S@2y8P2ApJnY7Kxz1b>
z1~joUBwi-)2?YRW@TlO#V&xBnbREIdqy=P}hsHh+Oo6%pf6H8EzC?@*UG-VSVzi5$
zQ{fKIldK<k&&Y^t-k8ntm+soP<2kIP@KoCff0|^yN#q4BD{WPhBFXTWk|ec06|{t_
z;I)KJAZFvt>9L-hw3wjMQWFd(aCO&QaCxkLR{3vU!E{AEw_X`@ybzE=k>5!5ioE)|
zDGS_I^aJDd0{d1U>&X(>y|hP65H7mDcB{ju!&jUGSF)z;TYC<i-ISUe%HlIA3#hh?
z-KvqL?V6GNw8+}EjV1qX5(JaG#nRk1dy~7g47P$ECC{GY)Z*druAvoCBBaS=aik!K
zW3gQo*Qcg^#DRIjgT2ReYH^eAQ5eEq`_uPX94*Xm7HE`DmS<CNt*~^YNMDRpVORuB
zj|810LM7_D>i;3*oNm&cK75)=OCFXbTS<vA2|Y$DmkWo%qmxI>K8RB8RpX^qia9fC
zeBknoVNl@RCF4GU2{$%d_)IMn`{irqG+_|Rz-qHp4UDO=;+PDMU_vY0tRe}`Lo2}B
zHwVXD@91@+i1<gm=Eyii`x=9U;KGoY>o;zYjD}hCDaN9MK@P=5zdUMltQ?DA6m||?
z;$UbhHh}wM9Z+81hXyAQZS4js5#4F%&tTbI<U(Ja>U?ckQCsvrUZ*Sj#CUB9<Hv);
z!+Y*yW6SfM?yvP%5?}$bU~j<lxqC`sI%_c5MJIXHj)aI@C1!ra7+Gr6Nr|$dz$<!w
zW?p*n$6$P3o3FZ1H4+yaAxkESg(FZ56G&@u%;%KWKZlD!V`Hl!+>!@}w_2%EfZRq?
z5Pa9e8!z)bm!zC|z^H=hOk{hRud!32M{W^M@?uRe18hYMIls!m5Ru#p7MoHmj{3&l
zNL3s=Zu$66A!Ja(L=k;8bCqUfD_2^(ideOBdGIad{E!8yEMIq}p|NIK9PmDMNi%Dg
zdwY|xg})OvDQ*pgQ#NG^oH=e)rr1hgEpD62`lBY-WVWEWv)v%G1UhXTO3;#0wi$q%
zEZg1>*K*S&VVXm&s;a=K3t@S9Hs|69eEqm@PJAm%`+$IcC8pI08dk=BpScL4+DA`a
z0-C{L*jEReyz=AS@PKZI(7JZDjZrSe`wA*rb@xtAkhy}nwE2dL8T|woG&h>3#v%Uf
zli-bsC_4_qFBU>iB$!_`*y$e$M&wmkgaa8-PCQtisNasbKMZj%DE!t}#GRffI}(DN
zxL*r#Zz}v&OvIg*s0#}*l(_#cypEq}6ASTKEVw7Uj+y8(9AbmGKQNqupQuSJI5m70
z2N8>?KRR3iAF)I{cs^VK0kI2_ke=vJ3`ABWJOYBsK_!(h?aYknOQqz**i)^<%-9o9
zf<N&noZ(Bb@M7XARnnVq#?9oTRbn^htWh#z@*XLpmwLvS(L=I;Zv37t6K4F5objzu
zB5uq@uprFjBT@ox+@V+EWzr#D(rMBmUE;&kEn3pe)U8>v5g&=V@P^mkq*|h7+@V<_
zZOkQJ0?U*`wP2YstZZ3!zFR>6JNNI{#DVR=xQ{hh9o|aB7wiskM;=~FINWFWFXh7J
zxjM7QHux2ew2!cV5l)UcLpZ!&#)q>MR`_nOf**T6py<O<0Wbcv_g{nH0BvE$7P{f(
zq16ryEp(#`Lu(xvMvhACZBd@6(Lf*zEJM<L!@)3))>E|{uQ&<xP&x)-blqP2`~G(5
z|I!#Ntc}aX;bk9pQMKTNr}Kh1`_GaNc#1PQ-p8BF(K0ZqWYZzQou_&V#(=tJpfgDk
zu+pV@CiD*uMq?!5l%%MH3Ckia%+AecAPM0|A~m9EG41HGP`89!Q5+LIgsfFJ`Sr^&
z{vUXfl^uO2T|eP{Y`cQ4JphTi8=+=1*qCai&2*)jT{l^|mro$8$D0(%gc^b7dd9By
z`dTL&r9;kDN2bUM+2CM>(6MV9d_sV6QM-!awb3)<OHl6Gz@>?;==R8^p=%Ic_M}f8
zG-7M;BjF%E;Wt!*5ndl#oDj|f!m|&?8}RCjU^w<y_?j0--xYskKOdC}DI+^$*4)r<
zCt@eyvUod#nt@JfeKzV(u45=oKiWp^<B1GvxJnS;_%p7{!!Lf*nm*5UTh?>Vir#&R
z{F&PF3d3a~qJ1L`eu`GjfMPd=cZdWNTT`}tQP2`_&Z}NjPMwh_sGY&dqziVYiCaU2
zblA~y-|qeuO7D#M8f?zdcLu$INp2isnKH}2OaWKPOwbvklZGsNIRE;eg!rN|rda+^
zx=hjxa{e(v>o-o;Qrz}$!<%?9dV@Ud6{#^%(~qm1{e#OfuXJd`F^_aeP4L&5poNf5
zBs+)$nsF4wxN?bs%sJUV&T!8WH1(`z0uvcfT{9l(`P)T8PsliZOanjY$@kFN4LRkR
z&Kh61`jXqa{;kqFTK!*j+8xi4ORz=>4J9`SSG7O6!jcAAfzU@pciwmy{3)D}#$};J
zhSey!v_?oyyh21SjZbnejj~H+j}+<zRk!MqTE#t}An(tu^>Db>X(b@W<hP_m9Fu69
z3HO0M(i|n1*vuedoC!;`nyVa50bGpT$kK3ulk+JKF4suxbcE>1>Ktdi#?3Gup0gNK
zY;q_Mq_~vWwU~Gj0U6;sqDy!^0)ebC*%oF-@jvNpDNAZ5^*wch(s#Gf8OBz~Lz@sk
z3Ay>41Z60GNxp<P&BLZIi+jj*z~D*902VD?3t>Ml9gPYI56iy;V%!f)%!?89v%PK2
z4`n|R%g|nv^NS)C9;TG6i+D06C8CMrefs=aGzD@ZO1Ze1B8g(5XawP5_-Y+AsgMhW
zs)ZsX!#{Q1NJni19NTp2TA0|jEoaeNW2p+g&(X8ww6{)}IKORz2vpj`6}!sdG4gYH
zhJvD~2Y&7%q`Cl(JHn_TdcIxSTmHH@h?g5>$d7l<J+BvsexKIHz*j@t{GVrEwbeC0
zJO08md*{!lpd;>m7>?KWk<ucMPkw9?0At3c7dj#tpTu=f6e7-x@$u``3&Md;O2JQ>
zTSBQM<=D`N5CLdd7$*=u9UOis&CM-C6ipgc9vSnfbNkfefR<{%VuL@+K|7NQX`<<-
zEi;2L_ZlU)8Mx#5rWQ(1(k7MLW>j{n9q)W45>@4+F+ajR6(^l~PXtaJp+^u7e^p6t
z45zlrVd*7;^pyP}dwGMF=z<?t;wOD?KU6Kw0mxlCb&h2mPUE`CHxfYkxP_#>`Gede
z<U5qpyp+@Y2Hrsnzbh`}#mVt=V1zL+RvrB4d8Dy{!tcI~ckE|#1jMbH^D~yG{`6z@
z;I8+B5mC>+<TVbaEEvc+nnOkR8lP(r(hgS%GK|fr!*|5`q4(9O|Aut9I~cCLvPlNd
zQ~e)itJoYpw%aRCYIR`*vh}e%n6K&J#7uLqv5{(T0Z)vhH4k~Zz+!MgbjbIPWm>HB
zCT{`bxLLWsi-rKcbR#a-&y9aAj<@_<F50i+#{+)-WVl*nHL!9$S~*+L+lzW_{X%kM
zO*$Aioc(}i1A+V>&#v^TVZu{Vho16^G^2ZvbMBm?86aJCY*^W6wuG+98lvVBkn#i|
z-0}RD2KMXO<w?pw&C4+vMcj7+74G2X8?cd(jXGI?`NLF^F5uBcH;daw{}(HotXr&d
zq0-3kiKcY^05o5{F~6w>$8eO8OSl_|dB_-|Ve9f`PaUio&bexu0h7!Mum+k5d--MG
zd(1aLFX)$i8m>FZ$RR0}O-x2PZP_%E(H_ik^Tv9D&(-_$X?3E<Ut7aNpUdy8%jI|9
z1qBvyUH8)ULRk<bRe=1^-U~7f-UIQ;7>_*)X$;N;j2ZCw3ts}3131>7RUZ!Hccwqr
zUoe8%T`RK0cD(bfN>XUSZ57(L;CI1PyX44VPsxS4KPLY1-PL6&={fGXS){fn1VNM9
z%zlCs1d>Hd-LG=cN&YH3%blgF2uei=U&|`;Qk5zqAsb47d|j$cV$Q9l{v&;zmv;!g
zmFluv>Ck}7NdRSOi_Unp4Kx&DHH<N?P+RxBRdgIMj+1rn#57+|BomSJtStCNN#^yn
zG?uO@-1>KI@*(1i&N?^|wpyn1kC9JL{qeN~_ZXpS!A;M$zJPGf>a2!rZ<02B2-ZdM
zVkoGMQetO^E>~#rd?;w*woZ&uEwnJZPqm&nZvH8lf4K#oK7}H&X5F9SilAtLaPJ6r
zyt|ojJ%Vq@JDh#ZL4JZ<L7tdb$bCCRev!{#cRqtJ2=auvBHqw<vV-ghdcxkQ4j6YF
z`@Vx(h%ZFXgx4aQ0d2SrK>OZ<YJ+Hlrh{OEnBh<13y9K)&<Ne(9^vibSc4cMDQ!fL
z9;c17rTI?zjrq*^3;A)v_@R6d-S}Ln@3N;kvm5!XLIe2+`RYRSVX+~)P~8ZgbSx<E
zlBXm2#Q6cU`Lo3N!1-VK-TA!vTlqTqJ+rj=+p|;oHu<@;%d@Go$FqsE*$TqumStQh
z_#M`RpZsCVe*gBO^&oh<Kbg>C2+8=U8!34m3-}X!xT$wnORW?!r{Y-j<Evi3_E#Ol
z3kw;R=bR=b8Dg*TclMe1Z+S5@NYw=2;5XC<Op66aFm4jxx_Vi$cwX48=;3SoCvJ(~
zl7N574<Nn<6#M}30CjWhFVrd0weADYP1WIBFk2oEu%tsr>4Pp;g#h1%&s#w@2@?7O
zsr(WBK)Is6Mf{BS4!P=iiwNSjPqorVFzdiCIdDgvjqB`2?tzCF<hAZSyiv-HKa(uM
zRqN++M<KbyR{B1FmudTVuQsKvg{x^Epb^tJ6DEAiK@$Sh2LB{4Ow3c}3uc&MdtN^G
zV@MYBo%V?t(RsHu7c;5b0^YF)=8oVC{F;hyi|cW1=XHbczp<;kIW$#=?!%QwYlgkr
z!npIz>yC8wM6+&6?0H1+ejwNu<F1c?=|3d`zY|z0ImiE{&Yc&$b#F#AJn&$Ta`g=H
z?nV!=#(h8PY<mx_bt7F9iE?N}I!<zbMMC>YqHgDLHlVQ{4DW<IX$N!L{yo9au}pj;
zg7cvV^$MX4#65Sh(^vEgbY5uyT}4JGlS1Dox9@*Z_tmQ4Mb0A%Rd>bZo^3qff#U~s
zeUI(`_P6X1_|Hk=>TUM!nsIND$@75(U${ad(8%x!@IILXhMj!B5ywyKp6@;h%_pK<
zAH-dv@#7|lJMbN8(}wab&H4>Xi~V2vQFi{I$CzgQIGu{(Y^9H>X8op{b`tijaPlJ{
z9=$BaP`r`GZ<<Xwevuw*>5n^*E#Mz;qg{ewCHR`B{jP_;FlWx<2H5>Q4^sX)kFYY|
z$Cx<-kL^8)+JtVSd%s<aZ`9nA(Ayubf0@E>)xU$@Pd(>4rkUe^i2gyU<A&^sp-1uS
z_YryS+z7hydQ<g!=)D5IBwWlN;VVkTDpbi-hey{Fuy5%;KtGXmgV6VU+@Xm-P+xJi
z{`QRK8uA~kb2M9OJlVJhPJ~&F_;knt*|M&TP3^(iKeT(RqNOI?)mR2o-_}?TeB4t_
zTK(yuEs5{cVU<TU<TvV7*^1gyGuYmUZ9jvXG=5y=4KnVmz-%Byhx&tYE*iI_mCZ|t
z?x^e>@;21o@#(E&%c!mdg&h1lZ_O~mjpH6#vkZsse!ud5g*-G$#?<h|3o&|N*dS?!
zL)-ZCNje0ysHiP4L!&Ph#jIoDAOpiq(xSYUBBh>8pD?!>aHZx3$=EJ~k`ZC4B^S!O
zU{O}F3(bVYY7?MkdCo<Z2#Xn@&9{JM)Dz?FA~@CJrz+-a*686V)qvE^*W1~{NLWbm
zRI>PqqPG=18F}Bqqi(C_+Ti&#03YZ5_v&MU={kzu&mS8k)E6xAquY|QNRZ1KEvOz#
zy+f+>XyIT18TYJ<I!AS=GI4&MY5yu!L&x)Xtx5A&K|tOVGg;~hu4!WYc;;kDkYL?V
zWe$~7M^KPd-pVzyjQ&f;q;HtpT|tPX8AuZ5=lAdZ+jnnMex#(eYxXzqVO(KhVH9W`
zQdAfKDfI+up_&%5wQD7`4RgY)1eH-M68Z!gIx1H**o=g)XJUPqqp_`~GMdM$;QZw+
z%88Flu=huXP_^)=M4pcOLE;(n{BM)Yej!<P@|DLlaZ}dg3#bg^5_FCCJpZ<o^aEuA
zaH%~ihlVLYW|H!F>T?w5dvf;oWneN7TP?q+3?X<BrKt~D)><w4Q%8^>uhsg#BkH;%
zQY#8t>JfyN>bA0ITZS?jf3X6kK;nSA*e`Jrp*id|FN1)%>sgiT8RL|;NNYB$Kme{0
ztP{JI3Lud6+Sw&~%=iH{#gLJC;c8nY0lBo<%y3G0hOR=B)$Qb3_GUBB;by?2QC-z^
zJD$zvyXCur(rw$>FQ3us+_|N@W!@%+8s@pCt)P@sn0fC5+x1(Y?BNWz(+WL#o%6Uq
z4P9+SWoLD}r#SE%zRXH|#=-QF7v4(5D3EcRi?vT**IL)ebjlS2hnF1f4^&W5fQ6B+
z83*h{(fYyKtM8nxq-x{&w+dZK*-~_>1{{N_Q-`Z`;tR^t6(x)>f6pJK7Ez?)VRQzV
z&%irS5_c#WTaQ|dXH$<xWFImXA+GeuDa;-sY_n^789k-W&pm3h&Gw3VC#aqJ(;--5
zV!bPZb9}nhQY!4X!^ord*63`H?~nxfXZJLh=&rPM3Bc$kauJ|mce*UjX?EnT?tlVA
zENsv-#<xN+E7jDEAzG}mxzQAn)zquEY)XEmU}j+pJm?H=d5*s1<OCPy*h)jzkI#xr
zpCJqP@Yeu`_Gds-)9-2{tJHnxjM0ta4;3EVV{~04<2>#zbI{s5Qj?MF4HG3c>DC*z
z_DHJL2)<<(Mmi4PhyeLKg;du2{)kPYG=sT<SLfOnkPHot+$>x9(>m{F5lD!o%>;Jn
zQuN|;I`3Qz1aZ&bN0R8ihM5Yyq#XCRq<y~(ycjIZ<48skrYcs`SA+U6D%TA8Fq-P>
zROv@*Aid$}i$g$jK|BwKX(vpE7DezDG{_I*Ce_gd;Eqk#T=bSzj5!`d(k3;^8rv(Z
z&bnR~%SvwMr3^AS+Bp;#(@V+7-g!D+Y1jsm92hW80)+JT`t&2V#@<&&#OntHOwrIw
z%V$<ENvqbhQx6~OEqDW8l5;XQt_#7?z4^+LkzwfEwQ~{ek3d!|uzEcoMA-QVJ8X`n
zm+ng-9Lf()$qs#JpHHw@Ef*wSIubTysA8%*i5pgmjTze`SSpwft9_p08!ld>|MmD@
z@D>gJq(t#*@i9GiCv4Cg#n*aYG8_Z2QcTQaRJ>2HQFzCACSIb(#!@kch#UCH>X6@Q
zt9+!z#B?(+Gl`P2wfYIg*lF$1jIJDgsT$^@26J*%k>m&;lZWDOhBzOf#Y;rloURYx
zOSeDWM>6lPo82bI^A=RM6rBwmw?I0t=T-4N8Xk7Xy=yG)X{}DGE2Z~l^K=SNRy!Gt
zPy}ktZ|9@;rXJ?ywJ$iZWifyjS83eWak~mf`i2_e#2e^{gQTYqG-~uF8#NNw4t=3d
zI2bnME}yNxqx%%%eaOg4AmC6&OV3m|@;uRVJJNYi6`9_WD+e#pPxA}9>i#B<zeXO)
zWTeEU{p(J%aV2e?<sLMJ->EW3SeQW$tURvS(e5%>c+X*__HD5d`&q($?ht)aodE7p
zrS^KBtkM0+dA5U1ilCi<s@2l#wf5DY&&)D)<z?DQ=egIMNUREc&ZLyij2c?<LaRR2
zW5^FqKl@tqM@yLP%uoR7<%KeSEF6IqV**|{5idxUlHrrwYXBFQj}(kCuxyb_8#3LZ
zbv^TRPPCO637GyT^tM&9QLB8WnL}6af9UjP{T)PP_F&9|^{C+?9bnQc+F%bVfdTzB
z?V_f3tumeHUp&ZR70Eg?ZmChpI5&!QBg+CnLNZkLil9rPEl9Gw6+lHrJ$W29JcB?p
z><;t}?>DnZ2VfdO!A4PfR@d3vm<*ooMx}e(v{C%g&>(=wrOB*dW|od*=D8;gaZANE
zniaoc;W42JCBbIv#R;BtgHhjPw-a*%?U8ggnaSd^syEWol9zWG8U9r$J35a07W8da
zd$@uMvZAs%-Yl2rt-5suKcwnnOJil-RX%!A)n&0U8gO<rWWnY`$T{p>bE{6SMo-;e
zrWMd)C$iDG3t${Q$dVN!3NCumD7n>V%k*Hblw?K@${;c9n8{{XvbM+27~m}!NDW<C
z(J{=NGhfW~h#Hzg*k87F8c$%4HkFjZDe(%s-74PHCoco4=?lvkWOi?dr`L`;8|Ff@
zawL%({6Lf~6d~gFsVpz+sIyfqHd5M1UbhnMwNtx5?ZL;t@H{#m*106MQ&}pV#=p$z
zBv(<xs-mOL(|?=D;O6h@6FPu;8HTLzx-G9lNsW3d8HpAfC=@JQO51gD*QDPPc@J)4
znM8BOXFL}VVnmQ`>OKy3UX~3C=GwlZn<(y7`h-nMIgndSPdi(P9C#(XF5$?VqUzg_
zl%r<6j?jEOG>*-ot{Uzx(DM;R)rOp?cX+1RF-uy46goTe-&Sb17v254ca2_Kt9umZ
zma^pT)lz#so}<DxhB>3!GDRWDY8Bb+*KVsO>snBw;pJahKF0Sm769K_6`K&C88x^W
zyqBME1h!HX7%5~KAoqBkbGjw+cq3My*}AHvL$>VPdg^#)%@E?perHVt95F1ycc)Fn
zmrb(Hfo;_Z4j)UGBHJy!Xb`gnL)Yk_rIfhg?G$YtCO`F!OveAtzP}vqbi^UggDhDy
zPMl?y4LVCfM_NYSuqV#iBHmSDc3f$v`!pXT{WAU3fc`GU*352O*&&s)fTQi(eO;f4
z*^i#L{nQ7$pLuh|V(0EI=s}y&d7f$!w<+$n8mxYJqblf4CL8Qw7@H$~hzCmsAnsvf
zz}2B)th;H54$z5?HW_0Zo}VyJDXc2ypJpO@f$E1YjV}G$X@AwvY+$DrYUc<ui-fjg
z6I=^^4#4)QBhvy;Gikqc$S!2Kc{v*9*%=j6y=_0~;VEQ)SaLaZa7bOj(<*3JV5%L)
z^$q;nT!G#=a_6&1>5xm8IxTl&2^$w&D4L2CiUvt4AXz1UW&du<ULhqdg%8U{lA?jm
z-(o)3FCG*HBa%eBSZ=w<YCXm4U|C33%kEE^bRFtA7v2pVfF@nrCu+Gp)Fs#&ok9mF
zACOA3lEjv|vdJf7NXVdVY7{&^G4DiUiLkE-=VO8BUl)ZwBKC*!wsREoHB<=fnP-3g
zC8(^05#AkG3?#3NwT*8C57&Un`QCC>d$t<IwYF(2>#cvhD5Y*5Rp@Krr77zro4K5r
z!R~0I*1;=h<WO>AX1X#x)>gIv&^ddfL@rr2t2jX7$xVpKpbN|OJUeh?%YjbzidLt~
zWn`tcns%8Gcb!Zh+_;kj_EAG7Id8YBU`~qpjLsM$cGCtdtfNlWpYgabJBr)hfzMZ?
zRco_O&qaoD(tC3J!XCW$KKJjkCTUNGNG2fz*9c{Z14{~b={H(i(~JXagl#t!29m7+
z9iHD_U5(t#4&Hw3n_DTTpFfkoiXmen-om~cqCDzoH}_q8H(2QGv6bUg8OdTMyF@xd
zjC+W+{=*j4%)tw)sp&G6;Yc99|9;@8^Z5u09VLCDcBEm1%+!tOw5Y>uBNRz#GyE8s
zpyTN6H-)jYcP{E?csHpkOU!LaZU37Tzmc2)dq|K;26^EZ^PCRRs$t@4QKw-vTVd>E
zlg+}tClC7iqI+~dxdL);OtC|h6q=n*!0;~R-oBHpL4YMq=RA9W$aGb-V<{74?T_VF
zeJ=7(`+G`4&PGk;o89v?Z_gOf&d&pj#Wiid?0S<vtb#P{tYhOcfH3*DXkRs|rpn(E
zi}m0VNr`!EN66W%NR8{(ic6|fqNu0gySht2f{6pXmX2b}wO|WDV5b)KA1zJvkL;Pr
z2NKyoo%GW;Zr>cW4^q7!xn{ZTK4v}44>=z1hFANYNu}-37wT3&t`;*MD?2}3FP}=+
zAJa1>oa~?G3kl-<LilDc=+aB+ea?x(pCvHG(YVk95&%=I8Wb%V3&^#xB-<R4j3!ud
zv3<VmWqMQ+7|eFpz*Bj$Stnw!PP6`CZ9|FFLl!s#a!94n*(ZkJX`_O=($y8ZoW5N`
zBp$UvI|!duw1n^na>Nm+S}MfpN$w`=4$f94hsjr8t#ghbp$bVH-s{?zL6{6B4mY*;
z+?DZdi?&wVg1uaD=<_t6ga?7S@Z_WgnO4lYXw~-(vtubd$}VzVPC3a^+jAX@^&8KZ
zY@N(OUNyrkQ|}*&6{hp=HOzgewCDkxSTd86<X{rvd1+8E-folPt4^Cy1UX?8fM~K@
zLHM)PsR^50mO{961{t7Ig~AqpYKXNYoSK_7s^%pB^8K-s(HN#1Zub*|%VK_!es!gH
z*K5sEb}>#$`ojzw>w9l{NR`>KF%_$!QOWFxoKz-rQ4h7@1es*v#B`L-Sbmfule6ci
zG;W%KY9Q^x7!`NTuu2Y9j4j}jfz+5(UiMqD;V{QImc%M4Mk9aBqIK5K!hkATnqsma
zH6luGVbMI3MX}Z5dR9a-T&$AOB9etP)7+%#I92A0Hc_i3{Sh)_F7cE$WBrg<QW6un
zofqWU0*BKvv4D}-U6!AlrLGd34y|s`C<+Y{{aLi%#3up#7@<bWp!J@`yOab3-Deb+
zFOptzG|S0s&d5S^*>Pp@a{jo$V`fX8%X+L}5p!+$(L)-~Mb78-sQ4|8K9Vbo-RRY4
zf$4!P4%5rdqAv~ylv1)|hu+(Mw5-b^NyaT&nwlm@SKBT!qSUn`rWeIU<Q?q!)_WmX
zq*}x*n!VTrbvTPf80w&T0|~i6Mc6o7j3_Bf<*+!=phEX8-aSVtgD6gooy;t!J4)`I
z($gY$)OTRO^sA<vKO2h~OdaZ7P>BEZpWrQVC>UL^b@>jX^P&xMY4m*giqpb}Upa0T
zGn>!xs6(R~YL#xg=6w;7&$&_DKfZRJ?Xw&<-~RF?rm|}n0&D2A`iftz3Mr=ylLL5m
z0UL}g#i!60yG!zBFh+vakr-#qw_`KphVECSB-f@y6Xg3GCX#Rg&@`t*xM7@j?jKUI
zgDXf)hsPD0({FW=#||(Y-^=Hqfb72l!!!kWlAoR^rblvepYL%6z41|TX1ys$NQa7%
z+&0w5JDdjwvgf18Rg%oZkA9riBJ1Y1T514onahijuwk<!N7h1SCR<9~o`>&rqgHHW
zCvSLho!p$PK-Q||I0?K|?hd^vms0s&lSvJCgQ0NE#~<qXfB?IG^@iZlF%4zM<gP7}
zfu%4JhqLy>A`<?0)eIp@FIJyV3^}joam|j~hD5*9!QV;IiGvF}xwe_6xwqeUr(rc)
z<Q^CJSv{YL?>DfCg^FGdc_q~)S&vNp7H7TE%CmkB9~C0+71}i_b<LlQYRoPUQDl&`
zvA;HXl6X0#_+2EG9$UU0HYK45i^P&^Iq}_6xv@>qP2va=>t%9Fh-6>+sqv-xW2fVM
z<=Hfo$w3qNYZNHas60`4$HP+e%1uFza>7Lp{fa+Hi4fm*C@pnFh>#M(MM#JcBP9Mu
z=36g$@b?cmWGl`dZ&8p4^1HgB$!8t{+3g7e+kF}WTYX(d2)0IB%F*?{pIlL*H6K1}
z@h50-=PMqOF!T<Q%x<q>8#F2EXm@m7!j16iV81Dvt^S@G+Vy^?1dkM*Xj|$K_8UKu
zwV?qsG<%&rG(cKlOgFgc-=|zeJ~okT@JAq1Q$AC3T$$zwQ|%Ztb$)!mnx-e<$sRb$
z&iF2drU%pK6~=&AiLDTx#oBZaELcn7o@p&|Q#V+a=0AR?!i!OG%xnX6`+uIJ+3x)i
zjgifN(;NI$m1*Dc%b+7S^S<JjN0GuklYMqCF-53EJCUdvA|EJ{s2vdo^uBWI9-$x1
z$1}|h{;@<qXoz>_eA9K&j;59f^^C+&Ps}(cHq<6n2c4)K^NtaUwvy;Dt;c|W)I_>;
z+U-r}R9qk#<|JC_q8%;_*Y=9TNJ9u}5r~!+9v4B5am~j_3n`iygQ}K|rViKr2>kat
z#dZ3@HmP|Gnp!fWP^!VU(9=*kqyxsy?EJ<-cbc)-4Ur$A1{KP6&2VT}wEe)GkT!iY
zLONJV;#JM?388sVZfJ+TX(8>pMg;Urn!*2edBn6~S?E^Z4EBkZ1|=%OGZqgtWxImE
z)z`fT#V*6KB{`)y?rcRM->=1bz>lsZ9td?qo0Qbjmh)ZA;=@L9m}ILiAjcdIrb4im
z2Kxa`g(k%1CLJ^o;49Q!3k_)d0$WUqmGGp|;d9>Xj=_lOiZwEeCg@sq;WnC@=@H2n
zBeD;;G^w$G)&mPsT?>T;{cgwY+53O+zCTY)%Sxd0Jnk<A!C{&MVeu`zudAR}?9Uh1
z2+*?$5Jq>5KDKPwrprAH%S=U!4GEp`-!o!Vt7|x>%G6ovX&6w2Nc&6fPK~ppo>~K9
zMzAfy(p(DrdNc7cn$xn5l4wP#l4Ol#A=QNR6lSCrQ&h?Mej6FFb%8N+F=*!rSQsJb
z4(nNthpNK-)fT1~C9$6{@8pSh@tp`+UO{lg8Pj4|b$a@yOlv!Ft^(0T7#65iE4t67
zCLg0ga|>_dBG9I62hM}0rl1DJv#k0iPMX8#vufG<IBDQl7bFMqW(L$E6tYIg@y*ET
zPJP49d^$x)^-yTk$Zi=5?9ONt8aiBJ^c&Fq=H~pV_209M)243$cq?@dOO34B#4Qq6
z6rWF*x7!dOI&~X=JxgrR7`RpHP?#4m%ZQt9j2a0J6{cK^I5j@hmZJnL`o>*Xr6iu}
zQjQI*WYWvA&}z+0{z>3A#Tf<pj`UfsYT%!hg*+LeT`_1}<flSC4&Z5b12+;}a`xE<
z@`ArBP<jHH*~4{L?HtE<9~!yj7*_j}rM0yNJE~U2!Ldp8H9Q1zb1=-HJ-5z;I6!f#
zTDvT$Wm~^MaW6(MVNe{A0QZd3tp}yvgQ+KyyUS?|p{h?P(OP$@wUpXSnwlO@nd`Qp
zR_6bM*5%_(O+42V59%d1v~e0wx|-%F&1r#o*Q6{}An}H$X;x%ErA}L8y2j^BX^GA%
z@xxt*U$~X(lkU;LY(=0QYYOo?>ED1nLoWe{r}3XC#aiA&mKfOvb%CjegL1db%duaQ
z)2bEEJI4dn?iw@^KV$2Ld8<a2toek!`1EP_k`cXk|3=p9o&<nkbBvj*nL##&#0A$r
zT(GJ%uJ^+|MV3Z^mIFH_Vi&|b7Y05JOrEbaWS|Z+rTaDYD~DOtm{2c}<;n_iqZa5?
zRiPSyszh{BEm|pb0@k(>##b8O-11ZGvnG*zY)vGt&M0WJ^ZRq#IPG+4pS3l_;aY%!
z|8a71QC-zWh5!ifwrD3rb!yp!Cvm%l-qt5-pjHap?V|YSu>T6=Agzt<7`F;Q+>qpn
zIaBr0U49VN3)?H99t6xAvH@QJ(i#%4+u(*qTtk$ZgNqeaGHz_}<FDZbwwKVabm`wG
zPHY+U?+N}X*8)*)gg&>p)~M>?`YulPOOV9Pk)1=M-VGT~jge0ki6GZ($9|d8Ha-t-
zAs0U9!tRaW^1I*}E<OfkTFV5j)X)#V<nCfAUhCVdeAL6c&7yp--xu8R9<u4skjJ5V
z>J#5me=<JMp7em-YWlQrN71!DG930_@7yp?)@kw5R#dN<<=i|r>EhPR+&GzI7I5H<
z>bv`oAF!gTbt_AU0jZo@+N$UESut#lD;k!~TrnnUwcY&|w9KiUJYs21*(>|`V|bPA
zlh;)YnK>q6c@wAh?Nl+Sbm|%P%c0t>BiE1lv1?|JY8m;%R(hsSrdVbl8Uw6q^4)WQ
zpg`T$H6-)lD~Ei$CMya}eRlP>Y*X+FL65wxK=iD&YlqbwHF{~Ww5y|V&#Kc{;Gl|n
zuJah(ypf|SjHuXET(!cfqk4KLPM<OyCGArbo1kZ9jKJpcn4bK+st~D4#Iw`P6$q!b
zD!jrOQ!ziEro_tiFm<bxmGiRvflRYTueEeqS9a(9;_;&=%pAJMbxXQpNjX5Dxj6qN
z8a*qLr=T)U4WM$w@EH(;mbGTo@>+#gAGK6$vZS^yNKq}0d}>&p0zg^1#2d^9YH8xC
zQdJ`_nN_u|a`6}+UaOo$ZBphhK}JlMb1q+}mMa*#G!-*#6h0X`4GgGPinc|cWK4aE
z!W?F%TP@#}@vy0}6vw=ZToGJ>qq(k6Rn;0C)@<cbvuhq0fiXfwNATRmxnia(7i-af
z5D2lP&rztYpEM~qB_1<b;#rQg3|lj*YF45JzL*1$tJO4rSc^3xno!N6SH@xe8JAf&
zov&N1mV=(ZsFc!yt0!-)bEMXMe)Npn3dq1P&QLFOSRLKFpXanUQeW+^L$kqsn5o(~
z{s5;QH)B<wgR#OLf9rCdYL7PcN=c!mSSPn8>0Ak8l~Au;08rBqG=@!Cp+*~*Vvk=B
zS1oq}w~W)E4dZRLv<G-h7JqPh@hwAK&EsacnS{yIEln?%XJo=j)%VZB#<foZOrBM+
zbXdp_o4xI85j4u-Ij@|7`A?ZYg11sdTltms9aOn}@VJ*(wb4^Ku3oIG+W)fUn!U6|
zKg35aX`D5`d0%f<RjseDPgeN%$V63AK|g7u;x%rl<(b^27=?wRncOt34%Ar6Sn}$0
zouYwBI-NFz^;KT-tq;w6F7IK&Ph||Fq4)$)_azol$8-Qi(H7C=u9n80GZ`d~U+T63
zLxF$?pAFrf-andP0e9%gRoyv%T-_oRH_ZzuPYdh`dJRT0lSh303epVLL0_Dvp>1(t
zzYyra1$f(wq{Gn6dR|5VN(W5fR3rJaM1Rg1!A?N%#$ZcTOsfM%@=dJO!ah2HwkA~=
z2Fy}4C#L?9;Z18h>2A5@`fG>Am{#G%3&I0o_B@zC824HOgQZ6n$Unc|^*$v?*RWu}
zsQI)vrc&b~@{bCe*tL8|5!8D2Oed_Gt3H>qX!)HfXz3j`t>0eVlSh(fcM_#EJ>EAC
zM9{>NFf`~fISV5~Wyk<bF@p!Tss0b%w9_AA_Z$|1EJ;&`l=nOyp_k;<hiS&ZoN{c5
zNfNx$E%A5_Dc<6)4ocV3baIJPTamUga4TamkaL*OIRj@m{Q1n_TxLQiM5k53)1If+
z{=;T}9yCwAG3$e7->^?VA-K+NcK;V`Zvoa;*R6||QlNN?76?$FxI=MkOM&9<F2y|%
z++7N#xKrHS9fG?%B)Ge4F8#iL|9kIq_qkinxz985uDRYd#+Y*@b0wK$8Vn`X!-&48
zCM+yqWOYm&W|)c%b`)hq8Bctby4%-){l|gu*slKw?pOl`Z=LXV*w`(iLo0l0>X-{2
zZ=3H(Tl8>>ujQ)4n3?~G)J`)J@AjwdX4}+XvrnWBt;ngwW4CY)X?`O*I}aqhv10{6
zBX7qN5mFU1fJ_b}n6m_onBzR*Prp?+me5nLKW}G^sl%sAk2T=(>V7IF=7j`|$n5aL
zr$T<Bn;KK#!>7`Y@gVX7Gk|ywai6JY2<phS@`}m6ZkLSlAn=4`0C^lrgGSPYw~_xC
z35?wem~H*)Q&htrwRMV8DSgdLpHW4~%O$)m`@4#mmoMX7cFcu<w=M5pldKn3y>M}H
zv5C-vLZDNMhcktXgQNAG*#*J#0cWEk-U1<)H@X0t^yLfAgf;g4t_n@am&*po%X1-r
z`b$fO)6qwtK$Jbx5Yx<`(=|7e)uC~cm8Rs;vDN0wC92;Q$iqN&caJ5M5(M%C=qMuE
zl9GcUB>HvhhCLfQMP)4PUA;mh335dbf6YrvD&5=fY~;~irt}O92XFVGy(QTN+TSxl
zxtqduv~L{ilEO=tQD_78*tEacN6CxtgPvpV1V4I~iBTdHzwP8db{)rm<NkhewA>Vn
zlBx6#t)QU5<@OdomQAKW51bX4X_NU|kM;^t5_bl-Q%M3@9#QK1o(dgL&Ykug-I7Le
zs3{}PFMA1sAp<t^nv&&8Q|oq}V8ny&fCb5c0j*2|rF2?T7LKR_q09JWl!Ob=;0D~}
z#YEtyA0gUI@KGf)q9LKp$9Gn_bs6skv{C(Nd1PoWb!}K<f930OAdG(&{gSI!>`+a|
zlc%6FI2v?%c79$qt}3GQM5y5*?MX6tILd{~z|69_eO>e+g^pKGNU=_$yWpb<-_Vl*
z6)+*;!G!PSkFD+JX_J{exWoWWAft6dc=S5%*22+GF^Y)ko!&izMh=DDGsK7DB7OCI
z5quJ5z{l(Y&C;!nBsfV0%>mr6rQF&Qjyl;WIF8k^fxNN&39TtJ;Z*hn?9^)tGBPIR
zuds_^u)bI8$*C!c5H%&Frze?@nL9b<bDLfVEhtfDaVo!!m4N4Z(`)o9Q9`O?wW!mo
zu-PoRkVjd{$w|ByJ{L*q`peGA&lQgr>F+FfJv+>--&mzMH{_DHaK31+I@hEq((5al
z>A)4UQYXg_(wf$9G4~O4<+IKbD3A2VTGHZOR65IaBym{CDSjKx6E+eJ==7HFMs@@@
z=}{|Y>EsXutlO}d$I!X9=PS_W#nr5dm5`e|)+>tzgL3?SgV5ipl(gT+m`$n?P3B7L
z-#*@co-Cv^WjEDOtkW1SFodr~ud^;UGuFn5wKF%?nRG^|Df`kxo9~h6Gat4S2K;C*
z!>*^Fkg&;yO%V?w<25yO*5$|xM(1GTsQNNO`;{HMKZ$R=%~5O@pts}RK}?&;6JTn7
zN(miMRw$ORLoh_Puzf=#bS-O`oNDdbcw55_1Fc^u1LgNJ4iVNZHl}V^39+(#U}WZ0
z!jHm_3lRmxJs5`K;{7?2taMDGVC<^4Y`@U?Ho6ZZ(eEhnvsz;rF5_?bzU9Z<#NXNA
zR=Nn8-$>4-Cu{aUeWib8)+{7C(A~!ri}s)u8nS6nz3g%Xa2k2}Ff=b{a?b!}5Ekq*
z+8HrCyqwg%yDd-~(-D_rih9R`pEX1;G%>z9GTvt-O}!U`B2%E{DMgj6;8|Q1M@;1M
zo%kY;A&7&j*CS;>>EoS_99`eCXAVI5d?1o||9FRHI7|Bn6D?Ub-<a}uhP<h(#+F6K
zK)Bl@7Cr;l`Qvv;8+<~C!E|L00(Xisy<|98J#Pi$B>f9jE?i%RnwG_<b1!Ifxi5zl
z?U@#z{Q6b&CD+P5Jd{QmqQ^F5^fEEH>Btszt)#c2Db5uV@}-T>pOp8Un0UgJNpxj;
zdYW#fRN2U4%7wgQ$_?;Ub+tm}mu1lWcGnLXk$R-C^B?uQZ`^;phDDI8gaa>#L~ej7
z2Lhoq6*E}DMj&~4G6MC7tOn6vJY_e66#cl8-^NztSed#d!m!uJ=Wb37v;yxNBX;OZ
zNT^S%%0mM7)#{@H7S(S6sJhvt5F=7l*~y<_-+zY$kl<CaEfo|F6b{fJpsuTNrv#WW
z07g5t@bF%>@mf<!89^)@zK&n$+O*SggIIYF=;q8{Te9I${K(7lb;P3Jc+%wf(B)kg
zz5y$nV{!Lm{D85vG#ka~4k7ModHi^EFw2e3l|nSQX$PziNb%DgDOq2re_YZ(dgYX~
zPj;bO{%xl%yTdc{k!oqN^ZXN^n>`(oe5K<j*fe@8A(a-g*Qgb;S9&GYg8+o!$+L}f
zLm<f(^B#Oo8iMY{EP$i4qKuu^ri7iQ>&3$FrEcf!8BNCDwtIN;kOx5<)fJ-V_tF%1
zej3^Dsk+y2ev&2ZJijIYpI;Nd9u=zpNt5;Rn5{XTT7qfgaZJZ|@w(kj46u47DDI(j
z0dg!|$i2$npOW4KU4Fha>niiMNJ1Mn8a5anOj>y-J>(wKD8Ki<Hp5wsepa%H#+1jH
zOhagRK%3cd&q67K{e5&|GsA1w_kHek=A&a#$btSb{!{+p{wZGxWu>*ef9B?VnE8;#
znUAI+9QeCkE_AHdzBC@~oB1cS!8x~t4-q*2u`)S?Soj%BpHON2zKO1x(T$P*oLR-U
zru}S#^0og>x7ha>;8c!(%vAVP=hWI1LP3}!aWHN!XHISIk<@ak>-$TViHP?w(chbR
z!C&@yx*BICv7=`)4vg$yTA@~|#ZXA0*ev$<L}BypT|`_c{>1p^6lXGVB<@CCBg>m$
zHKZP0MRk(hz{A*Zf5a-y^Tt_bFwv8$U21WN8h(fkPlmxVv8C8{Z7F`6q*>R=3$)sW
z)EI`jR7UUFbfa{dgP@3);&n5XdHNAnv2pL{oPMU(ZzxG(;cQvd(C%)tdp7YS4m3zM
zXeXJsS-ly$X`VRLIHqCFRK8HmxuNyjfU$<Rq-1km#iY9z*Tgc~ioHZeGt#5Qs?y{9
z*VzCj{U~>%X_^(=8mY?T_+_nI$l|u(n&4_Hl=fWaw6SHs2zQ!x+HqRUTxPcCi@iDU
z=N{<Z+=L0p?`e74iA#HgO&{-;H<l7hsytg#s99sId|$|3)OxvnzkNGMW(^~Rg*`n@
zBlh)8Q<yD0Uzt>ODkW&z>eN90&><ALS**_Id1ym~hMtI?8<>a=BqTATu{im7LzG0w
z$;BV<T0j0;+(Jq?DUYnm&VBuNu8Xv$yuI<{Qy^Q?<b^AE%b4~<sf+V@-&V!&{P20w
zVDf%aa*}4U6KC7pgDX(%ykhHoxMg@&Ly2)AE+(#m5nIz<L#4J^VCM<r;8YHIv5rv;
z5nsO!qw)Bq8?#d9mE2&EUs$;f;xekw;~N}(r)8Q>4I7@UM9Z<<qpz@0q(@mr$u?uw
zW}IdScIcX7Qon4MfPUr*;uHM+i@1~Et2fOA=HvWb@G6;y?Ln-%1l5Y+fw!}hN&So_
zrgzxaS^lCI4e%?>?|m@^`yNhqS!`So><`nO#rN{?*=6VHoh`N~&8#%G-(Mz7Rmz&T
zujPe8=?i8hSxwUyuBVa_A&R|ejdbA(7v`1`3D=sRAhVS1!gpU~O<xbay97S3tMx9y
z3wL{@-F{}XlwRYS-nk<@&qMYa0jTJAo;vvp+Y<eYNBB+~(q*ZyEc$t&hCEwBe4c0P
zN2uaB#hw*A78;mY?r>jP3Eo}}qJTOp)H(C*lwG$I%p{8TRDP*54jXs;su~S_o(YrG
z_`bd~pIHE_asiLx=o2bINnTVHw<R$OiHF@7A7ANtKbPzGy>ln_GIzC$2PF_2b83f%
zsX;-2!-tX<A`LEF>TJtOD_)VqngWyahvAZatWepG$TX~GDtCQ8euz;=ud?UsHn-@P
zLT;(;szLofD53q}>>I0vAi0K$2xwJFZ9Dr3o^u|>>*)2L^e_$REsSri*`-4qi^|su
z>1+9!9$P}dZphk|OJ03Ev|3+*X#Z-QU5wx6{YS?4+=(({=Rwo9sJ@fPU-qYatOeD8
zNiz=V8QVjJ><4HDl?&cnb<QXR54WAztgc@+t9}j;(s8Gn?s|H`G=}jI1c0`P-$S?G
zMvGFcBzIvWPq0wGOQucJB9Z4*{Jlx^L(^cl(E4L&>x;TD#sW>=g4y{qM(M>yg}L>`
z>_vPVo8_ox!{vyP)P>Z@gXU^_^LPW*1E%#{#b6PA>Y@c>K{pbe_Un{A9&p6S*uCnP
z0idklES2+{aT8PY*6nn6Pxf<Ko>5YiB^>m^ZRQS(8;}X?>mBx}EHQJw4)?=ar9hHE
z@70~k^zE$kZvXIsFKhYuR8J}AN5WI(E97*r_^qHda$9^;yOSOMElB*Wv$qXbv*;OG
zncwv{onOgPALN$+nZo^H^)6nWUeX`(UDTzTq?7=?PUM?3T(1tLKDlFvZ<Bml^1Z=&
z0&Mr5zx0Z+b>8nRfzdw)fMtI#ea!}ltdQ-bV;AD<zDhqik6H{&Y1vW7cby4H`!>FU
z(3<)K`sU+xc?=~(4fc0F`PydyYlLMcMY&<<W^c>I`Ki!~3i`u7WcQ{P_u}736=FjQ
zbyt4~3(&$4CDOk3XBCfPLe1c+rG+M&f0@rrN3lI7Ke)qhGL9h#ZURr1>BDc>tL@*G
zIE0kQp*n`(WtLbz#FzAqf5G3Utr<WtPNbv}cngf_bzP)f@QbiuzBs_@okkQm%y)cU
zW0b#%I!RWW?m+5A(?48Sq0al237a5Q^9_>21uUyemn_7cn)Srw8`c&%0ou0gFSLyx
zaE2Y+KauS_mfvG8!IQi^?}+SpdBWoSiXR2fS45B18BHxC4^8bePyP$eof<#N46Hli
z3>0o3)cOtuD4Y%yetJh2Js-g_gTzA{kpyY51615ctoF9)q&ajO(s2zXg%VD9zIgQR
zm7><S{>3T=)*D<c|BiCd^lDTho9`3uSxP&?k{<2J3+59ab2)f(`8<p%zwc1Ha)4Dy
zJCL&d0oanzTh@Vlf)2r@gd6{afmMNd^kN=rE!UL}))2zKM)9Ju7P{f#exZYK2<158
zb@me?xTbPOP1%g>Nrg{87hB(aXmCc5dx<Ltj~)zH@nWAwXRxjp6XDd|q&W@p?s$W_
z*X=X9x7E5Tv;nJF#1r0hZM2K)oO+#$!U}awvxBpo_~6AT`6Ev`(Zj0)xIdXtok3o<
zeSJ`c5|6>Hh`1fE-da?90dA?^9DjXYogDV+3GuGo2}%dOrRROg{RZK~r_dH$bfZrg
zI1dD=Soz+Brk~ItIbjGVM!bx{+p>F9r(%wra;PhC#8B<0l%v--9BVM2ZDf8~ALd(5
zZOoOnO|HEs#8%-4x;9nj_0e5@3jxcLppwh-nkUYmh*ac4$&mc?P!oZ)!S;1M9yOnb
zSUp_t$gwg+iyO{Ijj{H+eWK5(djdZy_uqO2LM-YBNICQvsblq*SA?@4BtIk_li6py
zkjOwJe1jVJg7F>7nh(i`7sVeBE(8xQWS)^N91^kIn!eQO^+{oDtEBz4sCSee&NqZQ
zpN}kr+2?}xe0^Ws)<Yts+JWQ=uc-X^K5^D#Z+JJg<FMc+w151Gnd|qG1%BvN)hDt9
z^dop+yOymG%}Y#ggOm3OND|%zF)vYR;8o->=)BPlYv5gZl?{q9<PiRsit(8^KgcT1
zr?<nt{3S>OSp`nWp}6N}ww-T~g}x4I)&+d^4q4Pk$(HCFeAZ{)dSW9e4gh}SjB?54
z1Yrjra!Ls&`)0PY4d?omGZsI>j89&N>j|1E0#UnYIkM%J+gh!6i5}4$2FN>A58o7i
z)K~RJ&^h)$l*bdg`&H$u-qawm+n3Ok$fnn=ue=bw;Jgq7p!8#?t%2JiLEGOp+}6<F
zBP+c`vVBY3EMekKymqNa;0$OFJYmuPOFT|k?$<SMFxO_u9?i;0_~A7=5WOpUY&wCc
z1J($O?Vxh_gRd)0V?Fn4>0*ia?O}S%&d3jF2f|PEdO~YLNJ#BPP{$KQXY9jfgeUaV
zx(>37O?(=!cc)I{briucLXSuEmB_56duJHqT58|@i&M<EFoB!b?r4H=dF`a1@NaM)
z-ab%sqYJ{DeB$Cp9q}3Mcz&zuUoiPHccgddw(EYzY(J!E#dk+%@)?Ap+#tH6K4G*X
z!CuU^V`h+^xMMb({#(IsHvOlNHk<xip>8&PmS-m2nx;(~A8GCOk(U_eBZG<ciEV)h
zF%bR+m)K$Nw=AZ%E3%hT*>gPvkIsUbcPmsbz$b!$aD<bgJ1w~vNk3=NG<F5BorFnI
zCDoiGzV#v1-;Pg}oeWW?zo9-77g&lnBE43vWDcc}>33#%D@A_)K?Dj1eR-*eFrn(J
ztj9P9f8`th^O`M92)?)7rrqvDaKbBW+shjp>Xd=){wbxgV&knga$*SI9D=q$!DPvM
z>`P`pE;|z|3U>6-U%X&o_RtB|iZ0^EM@HLV0M~=BB?o{C8(pl!uDLDpI#TZH!_JpP
z*;}D^t->oD&9E1v#D4NmBJrZ34q4(+o}>-3UN5-XRHNLymrR^-n?+|<<C-z*HXOzA
z6nc*C?bSk8D1<V(fH4UnSnTo!RD;r;!v*+Ud4u&lmu&lMUEPPfY}T^zc5aQ~$%@R@
z1TEY=Zg%EZYf}f^1@mEw=WH^=gWMd?lul2`eArCbnCn{&=Fa}<u;_g@nNpq1+-uh%
zVU#U05ijrKskYG5RkMuI+4g;RlV1TaKU)(KA>I(F;^+w8-KpnA8TG@s#!Qlccv(D1
z79;^2k)0Z1`XzXvqNnh!9kY?k28D4f(lHy1a6#fa!-J3RsVQLfQ{4NPF7UL#ogYb)
z(TMKE9Gx$vGYI&7DrMJhanyno*Ub25{Y*a5&%NNx9HQdqnuK8rt}ULV)({&m_>`rj
z9(XQ@LZkXef3}f6001w_UM?l}wfWR_Fv}sX1VN9!+B%Wfb43|KxuD!PjNa48M=~3K
zKDO7Mn1YC2FVcP3UpUcCppW>D!to>fP?NRnEY3o)>d{KQZQARgHW`@iNTr#_UPur>
zFK>%?;6HV^Uf3`mIJcSd3KBK`Fk62PS{qpm;j^JWYEG@+2CX^lckRxExLKP3RHOlS
zBtfmct0VY9Pd$!4vbSM&Uaw%tGJd1&1SizCaW-IqI`r$MT4&<sc}6um(I<=L*DP4!
zo%dGniI*@i{g2-fx9U1PkHY^>Mp}nk4CN%YrfURbFC(02XC-&)PDvwBv7m3jFMV^U
zigIGE#~ccnZ6X~dKcP9pf9Vd{Iq}E>OMf-#m<+5vbY3IU2%41LZm&XtdX@m!m;FpQ
z+69Q3@};-M(pCI8GT_YAOn8ggiDwc^5%jEf%hMc);AWyR_QmTEED;u8fQqfD=MWZN
z9If&$fgMNTm%1J6!}dK<bY3vOTpDzA>!9C3mHA9OlZvq~6V%jr^nS(eY}fW|_lX$L
zdE*I(;iv1X>*F-Gjd8*RiO`0Wx?wu4W*v+y<?;pcauYcAcHEm{Qd97M;X4|);!O$W
z9jd?p7K4xc;!P(#26ShR*V<;XMqMw|BL(-zRR!(}y$}E!%tXIBc)cILw?DD9BO-=F
zyibX0&+*Ym;ln4r?Fi*Yy;%uaMB!!J;Cl?()zD7l5Dy68ufpN(yS+I~+LPEHFkDih
z@ZQmjwuEN*a5DnUDn!jHO>oqv6An)X3UDyT2{dQcrEk%;sL~qVPVUE4tD0QMkVf&F
z8R<@q=QZEIbq;^*AL7^1obY-J+&;CNzI^JH&6TTtos&9LKCeMLhoza3!}1dMwFG<&
z<r{Uv*SLf}`n12wUx}lBwJB1F%TTgYTEpsI`mQAhz}Hf!xi$ydO&LwSO_s~`;jR=P
zoB^h@3v_FhuB2a=K}gGbuT#z+)7aS|$M@$??ju|=oE%M|4lw$Z$?hkI3fO)3#D#h7
z9qea;d86M^xlek|je2N$jxUG7EqImRGj83)!~J;+vI%#F?q1#-wa~~MzepmW*Bp3|
z*I7L&KF8%Rn6HFRE{r-~nbcrr;-`bRPZ8YTdfc`7Gq014K8BiHuBQ{jP@iyNfyEZO
z)1K1zj_&Z7>&Z89`;pK^LH3~I8y!e@mhmN$Cm6Fvs56q)`|>7aU+D5yXwusDi8O)~
z%pBEQc0z>aa#UXH4Ow%#5eO}X!9}h|&TT9NoBS|OKbcS7jHQ;hZ$>cOx}fE^YVA3t
zj`6q_S|{KS+dkpfY1cg=uQf<EY4wjkMFHJdy84bXMgP8YK4jBLj_aS`NJp>Y_%}tr
z!D<Z;I>EijI=f<B(`j41toum~rsactHLrCMcA?c$KQFwhvHi|~#}snt+rRp&0D?x8
z>q##q>+uRAiUH|xIu&pyja);zA@jt^&3)oNNZ@_GC1lUgbba_IfdnS}jSb(aDcyH%
zZ~bm$)$$5v#3R1-zbz<e16h{jV(8DgbUe0oAD_74oFegK?0+QFz39VlFq?Fl=+LJV
zq?a1RrFF>^j`%kCmiG3ynCG`a%)yPIn5CZ)q(SR`yQd-xPK0hRWxB*o+ncn!xMVuk
zY;~H)Tk;yN9a7$2^%E4_sF$Xev>|UpwXQkV1=8F|Mw|{`YVA1FYFudhOD^5(T<Z{W
z_AwXS*c&dK2x>)0w2E7lowbzBc%heeqd?YqueFbF5SL7cq^DE6H&2z*rVr;y9a1s-
zxM**wC?VNvq@YKN8=9jojoBkM-D~HWM}3(Q@m`_T`w*K3O2)eE&A95NUvZif_L96$
zl<owWtMqRm_R>LG(Qy_Nr(QrWm3w8#sl|<JJ=GIB|G`bNXK&rf>((DB_pN@%Yi>7!
zI}#WYgP+ZKXc&=lHZ!ULF>!uz{htRnGQOY5Mm|KBZl&wq3==&@eCFSJ4*oWa_X(T1
z{L$UWhyld>@>8&vdv?(O+3c2@5|+J@9`g|W%S+)*R^n;*rx))=di6te+~4Qo{X)d|
zkCNQ77#dVajM4wJq~)QZ{Ns*<CtnO>FUrsL%1vtIwq>941mQU&%$&{N-_PWN05J<*
z;@q+%dr?8I8yQnilFAi~3o|T?u<Xrrj9cozj@1uUmasuE;y)ZtJ<TFcZvGx<qka0S
zR(zBoC|B|r=4Cir-RBXyl=lqeg*2IeKp_-IExR~VnN}lqZNKSxWXmp6;W0wDDOZVU
zZJ4J#>q0->9cUEM?S5l`sP}~s;g&Gi-Bj&RO@*&DAH+~Zth*r&<~N&D98A*ynW)FM
z$=-Y!#>xh#B`t=#R^G+?4rNoxsNe2?>VMvfxRJEr$lJ}tVX5xis*|WoaBrIOjc}}!
zcd8d-$WiH%DvxVrZsnq);-j0`CNex9M8D94NLQ#ReD1WLV%iOVN(y6kcIb6_kxLke
zY9-W<6*UMd*Nk4piWGEu=~`?*YPGksSd+|uh-}#tHb)pC<w33`<j9`(6<L!d@OgKc
zKhN^%wynoQ&IykVWWU9u?E0!@Wzi|U?&xx*advik->nG*7t!5xqCYF>8@WcZz2CX*
zi|#31YFuY4IZQH#?Y1gCN2FNJoNGY1_p|G%^%QRPoC8Ut!w&$2Che}gHdeYGv^S<S
zQTdNRB`G$RL(FBRf*XT+)hH!!(hhN?OP!nO`SD2!lB@v4IyRuFsybbzmo>m~tx;`r
zWntGr;aedkJDn26XWF#w=HatTt30G#RG}U(lTXQO1L0LDO_c5bx1gAgTqos0yToQy
zcXDgyrYC#w!=v-ZWUd}$@93eg8a|xo4N`#ST3at()JZjn-(B#@ckT|gmUjiux_V;$
zboL@(HLj6R3I*sG4c^{&7hOI&;c*lU!m^L~ndKkrXt!RhoI3hD6rjAZm&+&ERWHoi
zYv;i&L)p;S5V7qB)P>%d+RXKumxwJRm$nR^HW8=$c5~y-<c-`-G5T;6R&hE?mvcHE
z`&<?@y}&o1WfG-l>R@ZepD8<HQv)}0He<%GqiBU#RJ@#BeXJ)rEKhTssXBtM$JO>6
zlql}BswZ~x2Rkm`WISQ6rauHutF2!<PvRr2XX-T{$&6|i!I+jxj!6s!w-$Qsgk}iN
zKh;ytae#Ek0Qc^5ByJxVx)51#x_s3RhB5>}GIF}-0ebN#b)S8sKTL<*7u8|D_96ki
zTOkHyQ+WdGSrbaV5LbK?o#`=p7y!P)r<}nNpB!GryUf^EuX@x2RGqJ4zpW#Vw!P(A
zHFmg5(L8}$LZQRV=T{3rqH(dmv@wLoCg-FuK*|h$6mzNvl5?s)N}ed!6T;XB5WmiQ
z(-6J+4v(G1&=YUK&cZ&_<!ofB!_5UUy7@gPA2Et1!xBy1701^KP$l##xe|3C^eVct
zK3~~SWA=CIZ9RH$iwLS&?7WP=>Pj|39!+hedN`cIT>ty4b19(74)aI^^9VdU-2!O`
z-?SY?9Q)DE)io*#${JxxHPId<&m7+PsS$HZWi^@!S}efd;IQpYmzmy2O<ofpV*a>~
z0=2ktnsV`yP6e)h;{Swhkl?R9rPO4=27-q~9zR#A^xix@$jQ--l9VELcY_!)R)%l`
z=u;_ie&aCeLYp3u&K)UVL&L0-ty6v1i=erRXg7!IWVbKXS&Jc>dWRw#?U3Ns@SVZn
zRv#FihehgfaI?>VwJpbj5|$%#zajHF?yM4>V_ATe<081*QNN!2t$+7d=>*BH&P(J5
z<_c7hqm}(!{2b%Z2M{I_mK!&O-BR)Zmq})-aa+3Q;BY~(N6M#0LdsEaIH8`^vFAf)
zO-Od@W4YH{D))P>U)(HOG2Ap-@y@_{23Bntnukrt5KF3a5i1fA`(T1_Cp=aV;Wg*_
z);p(!WBJHBBCgqb7k%Ni6Wh;guh+Nsb)f`e`oEvDE=kvUXh&Uwo(wNZ^NyXJxx||l
zVaRu~Q(nKG5YvH`qdeU<YL-$IGU)f%c?7^lR!J=(a02_XQ`~u#w#`IZ)uU<%P}>H>
zgmMIvR7MNhidr$XT~qHFWrt5RyXU5p>6LiTJgu|k#2}Vzcg%idzh26+C83oAGas!-
zoZZv?4dZ=0zE0V{EK<eVi}iP<{H-I-?`LufNb5ztLDlI}3107#bS5Z+DmMonz6M|R
zzu+jp61PaNzUtThO(J;|xLkqc{J9dI%fEZ$hraGvE=zPX58xY!w~f+L((}DmN;8L6
z)B&4ujzv*;19}}1FzDRcP|$QJC|sSmRJzm-7IYfLlKNmem)gv3`K=Tk|HCl~=C_qB
zn9lVTRPd2>5_W1Ue)eQ5Z=d=k8;D6wYI~gbll5wHwQ<Ab!fWOca}9VWbiBe04ZFL)
z@Dhi`FSn7UBm=sb!A;Sc6^zYpZSPZ>bjh{aAa>j&+lFQd^ESBF;3V4?Ue^p`W&&Dz
zqDv7NLSL|DOx%x|K2dO`yb9;QfT;RB4L#BK?^(r`F|j`?|3L~=%FA9pj~;iP`Rl1|
zdb^~1MG)mN(<f+Ql+IB(N;q$#c0~~95lHVPyZN9#lD_#MoFX)Md(Z8abZ*k%8dr2}
zcllB5czs3vD0TCH4;J;;ghwrb@Yf<<@qn#%4?uk+eA#L{7{EQ~Q}qYjxNYO$O?XaN
zkVfpG9DkVmKTKJoic8f}K-Ccn2H5JJ>LDJ9VhQBGnA>2Lv{<@Y3tj>xEMfo`^{wN!
zjVY~FLYEHYt!Kc)jScFO8^$e541>d!f8cDXxNkUgiJ^CxWYc(gsn{>M#<q%qYY<q4
z#YHb-eMQ5yzxsy{NVeMe<7ds-qCp*#Yk$ia{73m;$j2p1#=kW!F}R*LekWeC^iIZY
zP>)K!w6CgJDo##zw5{S<vZUame_kJgYk&KnZh-akqJP{{TF;CQ&)8RySkDX(Z`oGq
zThDY12R5jOB*)gzKj#&c><FwP=i1-=W6AYbULip4)rKRpE&uKNaMUFyvbei&yme-_
zBZGAfo^i?^Mj$N5bMSlGHgW8qQt13~%uCL-*f%V(RNOUu*Pzb)k0QSn>$i{L7o)Y0
zAs6enixK0I;1b(~(l7!j2j$NIIbHG+QCa*0@~+&^yxA%ZJRqk}J`|7>pH;j`vkb`b
z%NkmxA>xq;$%^5Y5E4@#{97{-ERV?jY>C4o!7R4>mnMaM%#XkP0dmr_F6?7SA|{6A
z@3<vM#l(Rz4waSIZ-cj!=A3PPU9SMjM=qZ|E}I3N-*b-MF0XFPdFYqy)xB}+O89N-
zSiIq!yk8br5^WBij>bTj35Eccbn6%sbgmU_rIrVsITAFllR!<J)rg;MZ8M+Ok*%;`
z5n$!vrm7&idc8$;HFcCz!eMOVanGIZTTm)J*;8Xc7iH@;aqBq;se!LXGRN#p7I12O
zA}DP^uyH)pJ7hQ{I}%X3=QP}U2Ta(%OxR!GKU`g)2v01t@j1`3t+wbjRa|h|;ZuRw
zjYRhHY4d${%e?yFfxZweaF1h%*R&F>sLdzs)(Ao#8S~1$Vn{i3jlKe0rxjVvIJLSl
z+dh7&t_MY38CVsu#+$|y01H^-8(IO!z(e~(+y(j{4HA&)k+Key+0w~YT{jQzlxDJo
zv}RUrDi>^CzlMIzYSOWlLYtgc<q;b&ajBz)Q2yi3*6EIpevT2L@W@6`9;oDs$>Vyb
zY1Rev&#!&WwZ-i2eReBSiWf>c=#YJ3)SPtcn#UvE=?USY;fnGw-mjs9+Q7-iD{uf$
zLCxc!m#y>XI#$l1+`JS@@+}t*r<ZT%8O*!$%tmhR0U2dbaqa*X)M*SO4%mdj1#Hq<
zUP0v5(*7o>X)Lc`^7^;PD9MjbIB_r}oVdL5c`q^jTbPLcEf<aD)2nAI{C}}}^7`9S
zI$&B(LAacXGdgQHtL&b8p5n9B!Ss7^&EaXO$Iyd^!mBa@UPfU|RR|Z=AWD<I)3(=e
z&+@cXbJ+o(^8GAYN}SL6xLa4(&?43O*7qgLi>Gq-^^ssU>*VmJ&pnL&^^^p4vOR|h
zKkf4R>Rl2!iCVZ0hN{_(7MjtLf2`nxjOPgC1FfR<&)F=l{fBrNs%k}!k+IqL!)dB&
z`-@!&IOwxLvVHmNnc<CJM3>)Z#TiZg3SXf9n>3ngmP(2hZ=yDuAYd~UM`Y~J0Ap90
zIB@`1m^4>@KU(xi4JHs74gCsN|HXQ5G!%hM01ORJjHj)VKWt%F9QjGh)fYpVSouNm
zsy}8Kn{5*<k&Ri{_<P?`DgoP#L5*lCK9hX<mH}5_@<tnEe58z;n9w@&m*=Hcohy?x
zBZ2vDP8?3n(C=s9mttHtuMeWl^)q<hT1y^$sURI{z9shzchfe@dvzZ#jq>y2UGWr0
z0ej-|vSD{6;*T?5MbJawYi*<f!G2m^RjiXW>=!Kv>|mFvsh`|xFa|(n%O`2ZsgFTP
zadMN-OUz11pXV2lv5qEy>ukgU`b+NXc+NfYYWXnJ$KD;;RpPtIX|I&l^@?vWzRUEC
z<F6^%ZJ%NNg4;3WijOndo)(#vcy!4r+{-2mc8_S+DIrxU=|8BhQ>z}C=q$c{<P+4j
z0{OVqk9kNI6b76zWu}D{v`hn;#@nPIISYf;gC3&)@_YZ<BHxOwrbM|dXWE8Qsm^zA
zA>SHtTKacmzj<8{ZJFQML`=MV)1`uL=-rmwGu%yEE$`KS#5K+@k4I5d;tqO-dVdsr
z#Z?2k6tMvGe!e;z>C)v^N|)KIm$<e0i%C;f(o@`#ghancXT5}Gc467PM{tIMIYR5h
zXOk;zLc#&*=oa~QY#gP^bve^kj7kl@bc^}+h{`g^8u@1;p@8h30TS^|D{@&6iWt@G
zW|;wcd7aulSvMsCbN_|2>Bq>HA{%5EI-=j@<N=Nf%2CX?1+<c%T~O%GGRc|uvQrpp
z&=e)puES5#_>a{;lewVKo~4kF?q&z`i{Q9ON6k7Ye3{w9zm?1}AJw=dx1l|YCD+~E
zpjD?&sp}Le(yVSwRpGSY2r4mNF^^CiZl2cCM>tn0H@ys1DXZGUO;v7tS7C6wcYi-%
z9*|n6K%r7#8p~TUR36)Z9`yF<=QbvNvFM69&h3{dW{0Fl{i<}XdkSMAn=93X(`EwZ
zq(g%fo+|D6RKUmeqM;jC_NVgtWBlt!>@`8FE6vP$uc-qkQ9B6pksEcFM_8;HR`(-#
ztyOpFS~mE;TG=dQt+f($n)&FyL@xPY+$feXQ#+q>oJpyz{<zMZzE~rfVZvyWuy|?1
z6yIFD8g-if$gO09jeg#k5?`!IE;>s)-_s6aqpYen%{ialKftLr-~SKm0s3P5<l+gV
z9HQcjKh`0C6>F^(GT;<?PgMkYe{`R9Fd+(uUMY!<`!V?5w_aBg8QA6Vobz+>mByuU
zQ`cGp*y6sb=ce;6ba|B3ALCxP#7s!jrp8QsrA3cn6Ir?ryMNAJmSb6IlJ-cG#zdTB
z@gVpQ#Yc9enQtnNbB+0zh7j4&B+fKex5sy+eAT6Eh38qR=2@lP;}~NbrbzkEZ-(Lm
ziiAaUKvI5*&jMB0y^bB^`9^8WlFxW)%R<fwX>3COQTlY0rh;<Cr8>E_U(nx44)qn4
zUNTXUBKMnoS3Ne_BO`l9{c?`5`!U<{Jyhm^dDCMDirBb(2ZUHo>62hMI!5U^=H+iW
zIi_vZArgE=o)wYxOBJe(Q4*3$jlL4eg)33zcV5f%+V_Di6CYzslgm{X-X1a?EYYXp
z7JPhsCTmTd^xwvgWKF0mHClJ-n2A+4l>^Hh@ctv+AnJoy>y+{)7Q3<w%yFIFaIS;c
z(l8MINZ6GGeG_V=XcH>-wZyDQ6KZVBgosk(4!T>;e&%w(dFG!}jihqbhUbEf>wL$K
z1*x=H$7+1<72Fi1W0c=Tp|dKyTk(SAS%!gd@#J^;=~6{<_NfjOL0_9t_^xS9TJ+QH
zwX2Kd=JT|^=7g=3%Qi4AD07!p%Bo)uN({$@JybF;bd%<Foti={gq4)bvb$<cAw@z9
z`-H!{qD;3v!Tx)Vj0-h?X{0}EeE&-$-6936m)1^O$*Rm9EI7+e86kGBwVzq&MoG!!
z{7k&2jClCrQHn7Buh;heTnoNx=%KaaU)a{bS6-#3wd?TrC?%(iP+a4t6eLt$r_b^z
z^_0*O3!%?4ch4zS$5&oAdtSt%%T59idDU>2Rp`F?Y~UDEAB81GW9N@`4=Ep2mS1D}
z<H5OlbedFoo1TJF<*Htk#_q!c2ZZIfgiRP|=((i)3y_63%KP-R&!I8MpId9IXsdbu
zocwd=UKZL)HP82j@NXTr{j1})XUE6%e#;hD$XlvU!?{jP>jtt&Vm&>6>r}&N5ykhj
z(5J^%LIzBXM3%Ka^HKVavqqML^f>{wwEXF#qLRsxDUwW&rmNS7Uk>@I!>XyxMmrRG
zOBOf}V;3xHX59u`c+}FGmED@Igcl-Bk0)00wDX2dNvAyJ@8wv8oK+7p$~idUgVtym
zdN=Fw>ej6Ju|60Ip`upwo)is0GB$mwYcxCUEg2Z74fHJxus|KjED=J#!~d7CG?7l{
zpff_*8i%FWyILyvsrKy;9x@Z#ADp_44*s<6uD&8QcFsIrp`+eQcOR5DL*8;voVqh~
z^4Zy|aqF=^M8HeT`Q~+gkyAZ4;#Rt?8{v>0v<LbnK74mPc-?l@mm$arISuiAYyw+V
zC=L(oR<82s>mKkQ-WsnX8rGW~7<;5f*vy~W<oc~!a0Ub<QA61+p4*+W{4`6JM_j;)
z?ID<P`i0hkt*js$pb9V9u$M=0w0?7hxwmE~#?J=5ckk()HT!Y$@V)VQ>wL3~OmlC|
zISWZdB8>H1$oQ#u2$pb5$__K!@)~-G{68V9ZXsG#@w&}p%sM;x%*8Ie+`qR*KLdx)
zoyTugEKyZwn>QYm4=p|e83?pa8wpJiYbyMPO+;dY%(fE;!FK*GI?(3Ksr3}*N)qaZ
znKvs$79SP!)T=0G4$x*tKOQk0&g;7si@TMc4lkhElEpP{8>G*NN~SPR!gRDk2UD0a
zErwmK4kRFlbUa%cy|bz-!+zKXTn(VA;}f`bYsW{>?6GYL5h<FgEH6`i=8=<rLus%O
z;-zCUc-qlWzx0SUJPYt~HZii%#CHq!R^S+U4|{vHg`ED!m91kYJQq}S$v=5KL=(#Q
z!CC}g#o)P_d{_^^e3FVq+9{;ZF#`qPycP`Q1G`~c*x?`b2-K@m&SbS<!T?%PH}TMz
zt~PTR`n(=!t*E0Wq>Sgu)fTiy<UDu!96D#dtL5yCZ(W~<bYGu%@Q0E@gKpk>hQk$K
zyLtJhubIqwd-Zxjw{H+Q4c@>)dQT)bPU#;O*ggHo(6au~-*N*_(o0%_O!2N8yIe4Y
zTD}u6e3h2}$7#9B$LY{qjd3OVBy$nP64OFl>6*-f|2Zj5GF+tCaj?NxPQxweVvr!2
z=8u>X?zFnhjSyz1F_ywlENT09{8gG8X*-kPxWk28NGlZwTbwmYD-=)5KWrSOB1$Xp
zdQBnt$HqURd{BvOJKWM9j(R+LTjG_-{m-L(+Pt?R<tYc~gB>5<>I`1j+Knpw+(6al
z{~d<J&-6r!pEtZ#t!^WuCBRfllGksXWSRT_2^gR<l^?(&n}saF^VteTp59o%Jz|8N
zp&Svva#aZP4?P@NJ@!l(lE`paM4dr0|EYaKfeYnQ7dX(omJb6gUGYvR31{WaqDWH_
zs1n3=D3xwozGV9jv=NJctDfG>79IIxfSyN3rJpgYqPtbRdsJrHDd{SlWwaOZcFy&d
z3Y%|sZp(aRcijZRlasKiPk?WG7i&G9;QUX`4L3vG>MH$2sM>ICe#oKbvv1pCakzl7
z1Z`3|SKDm!E!?V@u3(x~UFBRlDk-B(Fl4+d79sT-Jg@uw#MuWy+)tanep!nMyqTqe
z5pL>cJy^te{WvR=f8rQu6TSU!kfxdGvQJsAH@OuyW3SQ&&I|beJ-8cqBuGBI66zi;
zhl54H+DA`OExX=7VMngU_pPhmII2Nq5uTL(`|#}ucSw9@?YR@+UJvD}TS-b7;P~x*
z$YZ$>M!OI9YnvX2p>|CcY@6<mgaBb%nw7x$1V6A`WSt??)~YSQhk}(9)fNYD%@p8=
zv*KfD2Z-n;Z^ovEcG><MML%o!EXdWjjd;8CKAmU-=+`f5D1*NB3RQ_9`5%Iptn@5z
z5tP4vzRWO3)s<sZGSB~Isq?E_k_{w2!`Rn|pkDWWAFtj$WHA2!8W7>t>yrf|xFNXN
zXN~LC4YW~RE~l@)_9!(H@k-w*`|81&07#|~r03WzFn9vA#L}HUb_^u}hkJcEC|31`
zY0_+)31kC-^sqKUT(uUI;uU^k(=?0?JxOz&!p6DxNSX@g8q?i~JabwYaqD_O9<>O+
z;Y~drT#ea%+=UK+$@4I?fhH5tY4scl8JYZ%1rJ#99s@StJeNm&Yd7G#Ne)P~{v#;Y
z!em#7NV+t2{Xy#^U)u|O*B%9{Fbn*K>oSZwrS3ST3QA>5ag6wio*xyQ5ZIr<!^cuK
z8&!+4j+)Z4F`b}&ZJSvTR1|Vam0wuDEOloZ?%2?ZQnv~+JRXA(PZb?B?rCr@9e2u)
za1kmyNjB(`Uhl7adK5OfPHVU9m9`$K8|t>t*q$7#xE|{B1zB$YJOosx3fBVrKp68Q
zWQ#mT|8=qng*mHpF#m*&t~vZql1Og#yOMKaSFf+p+Il_d{t2=>7A91&4?1~+CK!e^
z9yYpqe)F<5SkN6=w@3H}<qmuq#WxCB9a*(i`pgu$bc=K3F0nDPPvN9P(g4f})fz~R
zx8KfLa-nt78AxUS>sS~%luyoH*q2SmRuC#xNFM#4Cbf9MIqd%<&?UT;r0_D^VE*xt
z6V>+dEMD|!qVNBJ?Ag$H{y$;UxiW|Jcjw$%zVJ)&gP=#d7Z_cio!N5@|9#)hP!9kQ
z=-NySWW@{uCu^O38|r-t2nfhmYW^$G1y$?qU3F%#f08*w=4L&JCc85V79_}&4cz&c
zB=fxKPysh%zUtfAqTqeyu1mT#S6sW6(0Uyatupe`e?#A;PMfjh8S`uPEz{|^*-ZD#
zY-#;in5-X8RG#JiVUgP7rwS~dyg4!FP_I3+rg3%qYN^qcD`KgkbQRoH{dy?0wRmTd
zhCBivog#D9a@^Kr%_737Rn}whd5(92&JSNwfAw1j&kGsb=6Rl#@D%N3&HT;Fn&#HH
zy4kZU4MBmvJf!KySbpyOl|w~4JcFQnN-<teNX0rJeb1T4rmgudFnQghp;5?nU9tPD
z@Usp_UlAhqvE3oRvs=zOfOva{TdbFdcVyfyA_C};lJ!5JMjFwm=wY)dkgu06EqBeH
zUp#akVX4yjqe$OtmG{miKtwU~Dg~qT^NiF@CBK&KD;MehN`?}5-I_q5ClzzQ7r@oi
zye&!dl@(b4)yi3d6%sl(!R@5s^9l<3ngNND%88$iO&Lc_`Ay2i9bX)s_(2U<C{~23
z1i+drLaqHfltah*l}nHnk`6@d7l#c;?qH2_J$hY`u=#O4+C{>%9I$`5N9z|9t{nZj
zz*l+|QPi>?qQ=6`irfU1o?GoIahM$l(VXrtsh*W^D@m!3z0xo%i^Z-Jm06PTEBQG0
z3@OgR*qC-}WHS6+AwfI#f1fzoe@@ksqsE`=NBGZ@h2?tsYqB)!qt1w<Ydrjs_$T<y
z!6kEn@h5CL9YxOQi*FH8qv6cofIl4gYO@kNM+6Ui1S(YDsEYMYkJ~vqXb}_t|C_WU
z{TKf!NL|la3clHf|7X4~U;fU&VdG6aVC|Q%mVK}!hFw1y6Hgaq(A1yu@z1{<k^&*H
z`)S^Y@<B|u2@d%)wbA1XW-?6twU?|p>YCywYl?;&r;G_gj}_b;Pk#pR8<AnE_X*=E
ze8<N$+a^2Y&rS`hE&{UcrG)cRXN~md|4E|d4gGa|robHRTI|p8@2>x?YCH8$lO+z}
z;q!vqtyzmuu_*!`j5}h;_VWTbt&w7<@DFc<I?GOp(DdISJm9r~kL9~aPq?3grQdbX
zq<z}F77W3v)kBkAHR~hik1jkl`FGuGmf(NwT@x-8{i~C-oSw>%>mWj)oH`<o@+paN
z>wFAEvOsc>Jf|HokI#MzV(@qWr54JmMU;}-Oi;H@QIAQ$|4vHwuXbU}neLH&!+CRs
zRPHbPOGr-Y<^WIgR_~fiyXG)c1$GNXin@m)ttx21uPDFpU{CKdZL%m$Bezt3&z@OG
zaMp#L?#b2Xs&j8e6hHDXvz{%I@qF$X6m=69=<c(>@6jo$CN>UCDd(25ImQ+gNooJr
zs91qOrj_|_z9wfA{2E7jP5k47%zCEK{k2qW_o}e7#v5b&OGkO##Jhnh)!bIL%h-Z4
zDUa`a^ykBD5QhH(DB2{t4o+$2uCQIk71T+!eBWdI4=8H7^Xm`K&D8;2$EUC+AY5c7
zFASE*4#)ax>_EyG8wZ&#V_d_~FTconwQlBqfxNazu4pkde;j2evot;*y+$o;dP>rA
zJ*WC*K>nQhn6u9}mUjEMtid8$;-BKgU%yjD8G->vtUF(td5xCAbkhY#p9jp_8k-oK
zjJS;6dqS><sOFjVi?&gOb>0tjb#E-a<KYq=`4I&)+*nE&f0=s1ac-a67rot%U=Wi%
z@k>eV%>HtS*z<+Z#$4o7m1B*8LJ>)nDhokw`=Kq;SADuAWT%ehH-2tVoqEipAQa~p
zB>q9rZ8_vgDE<k{0~VfbI@c;=eo);iu`~XP;^>c63N=(xVfJD_Sv>)F6fZyYc8M}Q
z3OOg7XK{x!2QZGIB<rKPBWsF;?BpB-I?Xzkjg@_n8R?b5P*zQCe&?q3McR(QD%c~w
zNSV28vev#_*{(;Wdv2gZ1>^Z7)~^I$xv58wq{;JNr@H3~-)Z6+78zJ7hnIv_D6`g*
zr&Vl|-#9HuWui#P68h7Q_C!ui`WzP={}?CCx{B=!o8yYpnhsO_PV+5Pfby=PV{RyM
z&xP%Zb5QRUiUWdc^xBZI3zO^bv|M-6#fZ&iGb{1_@(G-)$9JX5pjp>nUt|?_#8Cvq
ze^b+5d<aO(9*f5L?~n${N0oF=>e%(g1KKkPO#3h6l^X^N0ov_H$6y0ff65cMj~xnX
zh=XJp^m>%VzSAdU56O-lMblT-GlZ<77rzlBiH7o;JNAdB%GudQBlo8u3VI^l#A-$L
z#mZVUbW9ew@e3U}Alm|BEuL703?*LV#r6PB)1bpKI6ggUcLXiJl-*zK+V;7UBM$wE
zOgxj6CXE|X@&5_geR)?kc(e^m9A#M?Yao_5ZWL_WNO*d{nn>3zq@(HiW^jhsqb1XH
z+^<m8jCy3OyCwe1{mrqGY;<KB9_!w_tcd?xFxOVCKqbT{<W2hJU8!%8J|H}Z6mFj^
z=<+AnwXXq#`~>@kRtpmwikR@4t5e#RJqFBZOaFjo?I*rRTTn}<lOt3F$>07ouj@*r
zK51nnP#49a;(Mv|1qQf$)bYKP|A!=Tf0j<kppucprp^z+p6Wt2Uwg%2=j*zOSf(ta
zUu&J0y2n9VHaz08A_e}go6J3LiXS)LafMN<4s_i7GLy!x4jjprW#5@ZyZZ<aE3ejF
z>T5jXOz?f8X-klR92>zNS0t*WQY<50n7golh{%G_?_NvXwfyod%l>~S70`MuqMa?U
zY^2w6#G605i~)~fP@uJvLFgTxaSNRa{Th*S%-B=-6(=s`uFEw2%6-V|m@X>zIdNP9
zSVt_GdM^*sNWi(?#|QjZtL_gh;hVBc*ZjVR(qn5JMvp__kfENCo9>>WQGUyz8%r%O
znS4PCseLj3`A{guUfG+kC(#?8gqbB^&r4PG%JgqGr@wB*v4q4)GN|7g^L1K^B^<u4
zBG#{^7y|jvN3bmZ&&gL_(rabn4;&$FRHw5ao|3wBqi-zEbjOMG3B_kp>MSg#LaWN%
zIIc>2R;K6b35islOt3FQN(X566qos84yUSc^7ZcF%H~18(HAcBgkTkx>srC3+OP1z
zl(w|xf%ae8UHkL{Hr+{k+Ho_^4(Dkm{EMmeu;p@*?~vzIHmxkZ7^$GzHO{JxE6S2X
zv2TD99!bGGYd=7tcVD#^6$HL3piKEwbF7L>J1Z#qgf>}ui@gO>A`E2J3L_nOr=H+C
zbk6?twb8?WAO?X+=1@u4Y1&^PQ*C@=-a!xgM9Ph0ziL^Ad~DX~mUNOv)tvXwq#Y6-
zO@HMlWIUSPr+LQNra9B|5e{Bcr?ClP28AyVlx*ps=a)mtu=_*}=ehXo!UeVV3db3j
z+6Hpv@Z?Ex-RGHhpiYjv&*h$!O|v_4Q7c+mIZXL%XkVvEtG&U-Zp6Uux8=qqmb)!a
zvC+NoO<yvFrYRQ~&vacah^zPD&@mzCODWeR;2U2|?GRu5-lf(#+A-lJyU_?aSt_MY
zPSwyNw98Dj>R8yOxe9T{&QicquPK(ZpXd48h4^3*EI7Id#n;KvMcF;30KistnuJIr
zjP7aPjew93>&#>W6>cK9dUX*gpi(;N2-~(JF4dnG=$kQMu`5zAqXk-9KBdl&Hpb&(
zD}k9cC#)aA)aCsa%mxo4CEn<vt^TPxV&ke~$hu%IognVdf|9s8@XUI@6RXQ!Ocy^W
zZ6w}=g`_9Au)IKAd!F8lfm>FE$oUDY)(4fZ9lQI<lYI2}T&oQ}3r_h|7k%A(?nD-`
zP(_G!wGEX{M0{K<v)+`^9c}mo8G0>p<MCEU*<TgcBTJPj(lyy=V3FMY&V*|EIHuK`
zYq)z*Cl5=$O|vn<qi9}7lH*eiqtI;IxE5oG`uvtQ&0@oVb=kzwxw&-Eo^5{X(LO-A
zjdD489|Vo<zN`DK&Y0*|fED;l)oaR-!N^@lFciTHUbcPmgyBvVe($<acWTCQL(7@+
z+-(MRPG=}7rUtQ9GklbDFmk>w!d3J-#sXAs!*zd!f&_6q)sENUVke5&%_mrOOzg{v
z>+iN9cCVdR7r7@Z_HisH;rvAZfu|LH%*c4qt~C(n0B+Qx$K+XKPWRJ(F9c=vn+_?0
z@Ep_cM~v<N2ed#-zp>)OSDXE(vhNJe4Zt}Z3&O?PUtMP0Va6T*wQxP$0+ZQKp1^-y
zX5PVvUHrEh|82&9oAKXf{I?ljb@5dfUv=?S7hiS72rL@MqH)wgSv7$=xTu4RI=EOh
zjv_SUvl5?`W-jEx0LX_T7zjgkbT?zEIMLlqbh|{iOLV(LwTp$~SSXH#;zYEIRpLZ*
zv;T6U`3krau7ay!99$2RVG7(1cR?jg6Oxg|8Cjf>#Ti+gk;U<8iBC&>TH@0ZpO*N5
z(!duO!CYGPTdRxMR=%;8QEo-!+E}AgSuyvnns;%C`mH5=zgoVkJeToPKjPDMj4w}&
zH#Y9wZF~Wnpaq@or2QIFULBfThaNYe#SQ4N`m0Mn<4WVT23INHC3>D^y9S;Ir3^2k
zp|51_w1DIFY%e707JHNQPb@F@CS?88a<l%a<yN9-Gwl{=<N7J@0em=#4=3^4q}JI6
z<+HS_y!N!VdSzNyH?x0>@>jOEfeUE3L*zQ!p##3=Jt^43dps;Iy|V6~Mn1}$fX+6f
zvCRklMDjTtJC8O<dxe+8CzJSO5}!=sk4cnBqC^rUk|>cxiDXYd!Hkb4@zEqcn#4zw
z_-In}($;#_+o>YBTQ>^2eljGZSd+B(&c*i1o(su=i&3T3UOl#(gkmL7tQpwvUaoQ+
zwi}}rE9HIHJc1cM(u;HD<IG}jjmYPUs1BsBRK}GgSE}Yp7jl(it}=?Nl*zWeDcR25
zcY6+fYA%X<6N~=ljV$`it1jB+jTAv@yiwG6qp0ylQR9uG#v8@etGW6F`2;>wrE)au
z>gU*gp8YS<$CucC8D8!7jTli_C+j)Bkk`sT+ECx!s4^NRsZLB2)y+k}`s&DZh)l;k
zhJ8b6hcT~<ygK|sMQI%oT8D4UAWG|;b+DfGb1Us;j&IREA)R)w+Sv{r@HOYAfVDYM
zTZd1?v>s9S62T79>kz$ZO^SH6T9a<&7%L-x6d#%jcfvy)o5rz+sebd+PYZQ@>Pe(t
zs4J6K$wDepSF=KBg{@*#X1-^N+)O;X`X~Aq0~MaGL3WcNJ4M)kx(NF35n*BCFKL}p
zf01Vi_AZvc=DZp3n93*2=;O4%g(u-D6`y-u`3!Bf&M}qpceKBU8n&O~KF{lWPm+IN
z-yh*m@Dd&{i*`2rS>+*)&!eq{mpS$d?|qH!zrbHX^}7xhaIZIM-{P9}@HX2E@vH_s
z>3vwdw^=ssO~@v;m%=hw?&Zli?Fv}Qu~oFI;X}5mq4ZyV_?Y`Ov%QXMeL}k)K83#l
zwG}ZiUT%cXApu`N3-52mKAZ8eEwGi!dmH;*XrrI)Tz7}|aEXsO`(=W@_*b4+W}*#b
z{PAWHt;z<+sA!-aMvceVoOfX%ybsKqvxJK01KK87s`G256KCIQR;wTJx*0xEId-q>
zd`kN__zb>)FJY_Bxs_y;N-|0%`c;B{m7rfG&Q6YfrE)Lt-K+C&rJu^(FZa5B(;M$U
z1ahG-^n?B|01i{Xb+I?$&j%md1-y?jk*_Z#Utj1S#P(5Mo_{cHF$`hfaN^)wY@Y<*
zX8UB`TMDOgY$W?mgVVig{~25>0B3USEI5bjoXfHE*d9$A<TY!heVLH$i0AB=0a-En
zr^21^5XUmvkXUlah?Qi-N-|<48L^U#SXs1bZ=#5~Eoz0$@Fnz+B?l76126H$i?O=O
zdYX!<D@#3xLOoB$B$lWNlqyX^l_u@WSe*M7=hSn~8q}4%Ol1`(8u1k9_7uFLua3t&
za{!q(-%H^sskEo)7;V-HwZxmCvsRpTwKs|SVFvZX3@R;ZV%qGi)lMC;9XfP9fimeD
zS)xu8sJ4ok!349HpsI>fRmG{Q;#fL?l~ZXeW8tgVzM6_@97I&jLA#&Dvy|&Djy=>>
zgYe#mRUOhpM(e2#Io4ohX|S5?wyd(Kvf>)}R9C}!-PX!WS5(>(*&|k?>jyq?V05N(
z%I<OH|DadjCNm|-ObIem0u5F_f0`gWB~VKj1x%oP34EYcXVn*JXX+|D!JM};*K3*U
zwao2WvmcemP;V{s*GeQOn7>xCOKW$vyg^56f@n<;t%-Dn%yDWfqBFsqwK7j@nWweP
z(^}?ctv^iFa4*~k)4a8KcmfYk;Nb~8Jb{NN#FctQ(dczjBXv?Eb?RQV&~An;Ko8|N
z!jik-@34nVBESF%InWE#`t=anK9F9=wwnFfJ`4^AA6QTTekcUB&K*R16sQb!G#s0*
zOsJPSsh2v@hfZ{%lUk{hTB&otQJ%@`v*0{9Us(PN;3BvbE`#sE_hAgA*Qu@k@ofJX
zu7jVzPvIuG4JJYMI`(c}$KdCXUemTxZ*@{{by9D2Qg3xqZ*}&xejP|3gpGeR;2#b6
zM+3gmfN!X(b`9AxPQ_B2UTx8)E0P2mN>!wBsjA2IDE}UmO2SdPI#iWmGj-Q*$csv4
zo}-p|flQxPmKi9^jLiB?sY*2}LQMm?dTr*S90`=eMLAqlqXav<cw9B!R*hQBI7lrr
zs(^P@Yel%62)+`oQfnx@ZX86^%9-{qc!=$39D7);T9s<68cy_OWDTq(GqK9?J}M4r
zyW;RjC`rd7XREW;rK5VkX!S!O41rTKXZMl|IdieDDydD`Zu4dcpZGO(&vMja9o9)=
zjW$tio$e*A5WD~{!XIEJvEdhaTsM!EWC_>K<Jx&tK_OO+C9E1tM2^v-Yo%iD;c}%s
zy(dpsPw72sjh^mDT;%ZoO!YT<sSuiVZ~ExZDAc-nAv3?2Ia2Rx^|q*^a=Wg=$-qV%
ztDz3s9m*f{)#~ID&RnBb-|#83SLRikBgle%uwFk;W!Yx3Y%@CD>_3uyC2$7Y0T_+1
z^wvK`z7X4V^;T7c)O%b%NfpUBg`xkV@NxV7wqE8Fu8d#CP>5Q5Glojkq7t>tk)u~r
zR2Gc0PO7_Peiu|dmr#{8bElp#)e^<E%%Q^^I{0xc>-RBhiRfCQxRxlc#lK@jaxL@f
z;O8+St(HiuCDLk%wAv!|{TB|Fs>M>xSgICFHET<$%=s~QUZ<W8v7OAaRN6`jtmNu!
z=BF)$A#kd;mW#F2)1ZX-78S0f!j)9GlIm7c-AbxkNp&l!Y$cVgq^gxvwUR1UQpHND
zSV;vdsbD1)tfYFCRIie%RZ_J|s#ZzGDydc_RjPCp?*cuinv+y>l1ffe$w?|XN%bbF
z-XztVq;iu~Zj#DPQn^VgH%a9tsn8@9nxr~Y)rS;^qT3zVpdG#LV65u7T?abZflhWX
z#&*W2R%)A=8>&3foAX<-lgs%kbF^}9E9bU~q52bC*PDTrrx@+D+qGZLz}i!cowQ%^
zI+gy3%KbmR@XjR*w4(m4D9#Mjy_HpA2dlxID9wzlr<v!fPl8e8R@7t$irb3fwxYPL
zsB9|=G6O|zMNwN()K(O=6-8|ozWwt1fOL-6`TM_l;?ZO7?uEv>rt*$3+za>VPyTj$
z)tP4*y8adhtD&g=8(tl(iPYch%EP<VlMboR8>)ZSfYnpiyLgrIR&$*Oy~0-SoTC4(
zzxr#@5iF9-JmVWG%EVxzu9m2)CF*L4x>};HRy{3YO^R{3o2mc8w97gnOS|>8UDgH(
z){v4lq_dwkU(3FT*T5Q5vW9e6Lps#H32NU2wJ$o&F|E^H1O21#-7CEYF+}&x^kU3q
zoVkp%N*P7%sh;q}Srw1c&n1g!2lDzD&Kt`1Fj2-Tb`*0Or}`enN_G@Ih%vWu<~GjU
z#;FC%s0GWY1<U9`jJb|eeUG9SG3GnYe8-vZIP)E6zT;wOrV7qlFL^VugPWdzY>*E{
zkgkFq{mgtA<GP&jr7P5#*rS15)j+OlAXho$s)hsB1TJ=Qv5QL%YaoYZ)&;!xVd3=X
zJBLw?UPv{1AwA2ZXL-6VA4uM~0w%*0xE(4*9#_cY3VB>1k1OPHg*@$jn;6d~`n-vL
zZsLBMw67$ov6MHdapz`yaR4)t&vp@{$63u7t9f5F<Ev(Tm5i@4Grmg3QK`o<jbjgM
zk9>45H7Kk9R`p#J<`2A&%&WYu!r=eU^y>s$U+S$EedG{xjJMSs>+LbGBznW%XY8#r
zulBw+$9YX6hojrs+s59_>~YyM*4x3kJGjCZ>|G>G&gtaUZ#i$9zVfE-d#J0SZ01cU
z#4YMuG}v0q)_PNYgQ|K}XO?^0O!d902Cuf!p9$RY2Cg`f>)+^YFmFa#Zt-UE4zd?p
z+u7Q|dvE5PTf8~E+RUp7yt>J|jjO$^uS5)Ug<WiI;;baEe&;PWYw+mj#4yfy(R)n)
z-z*NdqGG-^RfMdV7-X#wgY<VV&V+-%bFs?5Kt%nGv`c8y-?3Pyzgw}t{*9NepY7lG
zTQ1Rp*V$huN}VzhbVi5@XQT)@r@@)xXlIoAHgeuMoU=|%e?y4+UUKzqJHpi8|Cs*n
z!D?Zs@Af9kyQ0)+6A`0>c87?VWiW!XC41GLQXva3(BIq`5q<yLZ#UnV^$q8yx-0kU
zU3d}qJ4yV4D@+$v;xVrI2HSP80NxZ4DMX}io~W{h8h&e-F~mAflv?z}Iv>6Z7mEt(
z5{_TS_BggD(M}d&>({iiId=}U@ZN2r-42K<dzRt1=NcpIdGMO3@IOvZUJ|ALxrX0A
z4_?ONuK@k<FBDab&?>x41PZSarG?iSBMNU~#J7krqh3{b8!B#zw?$CA3-7@~SOg8Q
zL<I9c5J4*dSHM{KA%yjJa8_AQ($2%~jFx$hFwc>~a^4p>@LNK$cNO-o`ak<^p#_W*
zU-LZb0Z%$2YM#Lz|2JYqc3D^C=&c3&Y%TJvq1<H{w1{$hmbk^9E2i7?#B~2$QSP4y
zFH_0C0t>xl;dOZEA-p5NSs~5}Wq*SxM?<350pDpF(%)KYvNz1$Fnh!LoI$)A#H&G^
zV{uME3>44s{@t(_JQ2#@2%kfO@edWl>E&?i6t*Y89nb(v^*5^yr#}Ju6TmhTvCTwm
zGm#MtVg!Ts`wrFX@ZwwP!-+cH9^+2Wh};9?jb7x^i(Gn<t74Cy<kFK|dXh^|D(J~{
zVlYH+a`%ft6@L@hcL$_nFGTFAp61fiTzXnTPiyFDjgGsQu-shQdC(PeD&DTq)~v~j
zvql|fgS&gWo0!`Rp0MbdMb9jHW1$K`-J5hzEZvKx!pgpL)*a__$NBy@SmiGi^NI2h
zQC?bjxhOCEF?a2$2l*(JCAI?j)Ms&rli^1A3;Y#chd1B@SjGB&87zl5tYEG$f$#Bt
zrL9q-I*PVNiR`G37@|a6XPkoKqHhLDYn%!r;WP+{fN>_AD;kZ_@Lv#w^WnR20bC4M
za?TGS3|GO`Fb<e~<ELEbdYH)e&2S6gf5y+?HkbsH;Vy{5J#Zgv<~?7+RxzKR&!^|}
zjdnC?J9MzU19r0g6&mG;`DBVJGDQ_pJl|{(^YgdkM;$;G$=?ZIK_`3-Dbbk!cM-_n
z4SQfOcp~5vU_uV`f<Dj}@}M6a28ZMMIik_#xIF;!p#Y8)5&J0i4~Al14}ovNN$_nr
z8NLgbavt7de-Fm+8oSsx!cBmEgdb~HVC@R5U4gYLuyzI3uE5$ASi1s?M6gJeR_JyS
z!XhCoqSYFUgs?~mi$t(Q1WTyVR?y=LdRIa3D#S5HZ*QV87>Z#C91X|7u`m>d!EiVZ
zj`v0yCEm#VFT9EQo1g_+VKZ!jFJUVrVH>#6=1sIs=nHw!&l_nEq&)&ofK%Xf7!B$h
zHFJys_~gZ?;x?=h!0(5n7h%*dN(6?9z%W`7Mk~TfA7q}GE)N4sOearAyEXNE^2c}K
zVrq;_czqe$<Jg`=o6gVSF1@v1^FG&kxLbF-axnYTIXIY!PNfZ1L}rM{RNo3+Ph>{K
zt>Quce;9s=;!cN0*!~sF5`)BScmwL-E%w#J+l=NN&U=^kJy-~fpaI@ze<P4f#0Q+a
z6qdnqSOII`bMo{i&S@cU^}+`>({5$XyL=(z16XH0)>)5r)^|rmgQ)6ttSF^6h~_tm
zQs0qOD1*_eVi*F$;dnR!RXvH8=%<E=V$DGo^%mAF#hQbtDWcRAQEG}PHAU1K&oR`~
zx`8%I#WR)sc@Nw7!TnGHzvg{2Xdi>$09Lo2fGV!}B-eO~?Wf@xsD@{OEN}fD=5hR0
z&YKV9Pm64BeMsbRuD=MLMbUo;bz&EK)<^}Qa_ug3t&!{>BKwEP_*I3Y(bXTo)i6%i
zJW<h0W&2Dfk7P1=guEEX#%qWZa$%MVHDbd?Y#6ah=*u;FyeBZ;M(ZxN?*_(Al@g*)
z5nZL!QQ0jJExJ$SLVqK#m+-o)UusTOA7&lYhaz2pxhQKJbifYL$h@v%URN=%tBCJL
z=C+Z!Z6wYc^&CWv{<=T+^k|n*4|b^#{kc<+J4Lut1$T;YrwUySWh!r76;0Jw+P{y7
zil<l|rQjRb1%LMzS?|Jo&_rFY_FMm7KS7l8MjrH2M27!#a+X?mRv+|?<M{5XzK4n)
z`_*8-8thk-uI_bZQL%qz?<MzD_H0k0DxIu-I6_X3s=tAkt|q9^(&`aKJ))?`EYxEb
z>OtiuW@V|zRXwW5q1=5CcOS$ROSxhxSBP?jDDRH)j#ADXB!=km^gNa-#!|&tvd0nH
zZyc8$)bA?Y@1824ef^DO`WvRdp-g|vMe#rBNw-z^>p@Qz%=9A5YBltrCS$dltX>2&
zz1V-<GZxJaqPan|Hi*^+(bgc^8bn*e=xP{U4GUHCE`kPF0<4G7(;#{pL{Ee0X%PJk
z{(~56WHgP8rt!cSQyPkXhSAL+x*0?_gXm@u-3+3cK{QjXyTa(DT6=}j$uK$@MkmAQ
zWRMswMJLtjW)~4PE2EP^bTWue2GPhM8W}_*gJ@(BjSQlXVe~PGJ_gapAo>_YAA{&)
z5Pei@xiGpIL>GhTVh~*nqKj&!6eRwGnfRZd(ZzORK8h9w(ZV2F7(@$$Xkl37b?ZQf
zp3`!yP>vPKu|fr-uQ(|Fhh$={;y|y+^2gu-ah0yv|5;4!^Ng-+yuW80?3)pB#6OtH
z?kw2TOll=RL1(YhOy<f~&eCq>+^3qQsHR>&io^8U@j%tg!*Yj#1<t-_7pe|B$a;r~
zCsD^96jba%J>Q0R_E%HuBNR22R@FlFt%mvk(iQ4d9)j#E9m|@moE1)#6;6~DPE_U@
zIr1>Dj2zZt<*az3tawzN)y~Yev+^lt{S~yv>D6JB^;bD-u5wmBQD(Hoo@eCPwao5o
z+7p#Zw)<Zu`@LfL{BN-DE$q0^IFebN&#X=_yh2nktBuTRec`Rf3C!wx*3Mm;s`ON?
zSPlK$$Y48HAI)9~mx>F}h7j5iLK{M8LkMjMp$#G8KScb8i2o4rAJX}K1#MT3@AVJz
z{9r~`3`1Zz91kk@pG12auzn-1L%J5YLFeCt>H*?AM0|&c?-21FBECb!cZm275#J$V
zJ49@Ui0u%u9U`_v#CC|-4iVQO;yOfJhluMCaUJ@f))&Njh*%F1>mg!2B(Bd`DL~aq
z^$d@&{VRA2>fvo{{0{ryrF{<;!XjWLL6wRwg7V-GICm*5gXOS7KSQe6uSzw9rLCK;
zQfr8o8lt6!XsJ0sX=i1v-)5n*5vo*+D%Cn*76QydfVeHs%t8RgjW81d)Wt$|BdBf!
z)s3LK5oRZlQQbhMI-1qPtOS^q0J9QcRszgQfXdWDc_YkDfY}K!I{{`V!0ZH=odB~F
zKzSosm1%&P3NTZF%uEFis=yA=k*t{sFf##En5rOKLsVr*kAnwkhbh*uM#=cUIHIS_
z+^xac**NPdWe?9Ly6Trs9dG+;frFn(sHa+`^hiBtE2T%J;*0~I9{#7F8d@v<jZY3G
z)+)tXrQ*=cv#=m`9F84_bEJYJ71*#M^E7Ud=*Mi_$86m9PoE0uCqmxaI>V`_+lPy%
z@xq~Ex_<h#knKhKxzcp5FpDevfh$b+t0#vqi+Zk5&lT!3SD01!6aADgEKb2YEb$l>
z@iRpG8*JCX0(cX4vu`hWVmdlM9i5+!&QG_75-Z11S)RgnnHY{2S$L6!=9lA17P?=K
z?oUVer{hhQHJfwiKm)Ir(!*Ise|rw9HP`Ty3;dZ}P_C8hC0+mRqUXEF2_wh}BghHm
z<OH<b7(q_>sPGzWaGfy(&s&A(HIfrX;CU_jnPrroW@n;kCKCneO_Uy}4AjouOSyZ0
z?%tofhccNcq%+YxosEWY=ONr#-PO<Cat_KsXLU!F(!`$haEV@(mv-r0rXKFrwd~cm
z(zNd96eobHl>=GPd7yTU<D9OD?OIu@r;AVORdKiWunGxhMiyaYk?xv0dqqrze~|v5
zncXXsavkAnbuwR9RKxI?VCMO75Dy9BAwfo0lU-G1o)-u4m>?r-WMqwaO;A5G9-%!X
zsGl3prkw-n=f^?jryd`sN+4Igq+_R^p4Zd!c6#1UZ`;ux^;A}^0@l;R8hS@mFh{qE
zS>lAubL23+3)8zWy$jQ`UG!`hJ=;ak!t^Xm&%*Sqg`Tx!o*##?`z&l5pm$+<7tVTS
z9Hw_+`+4u<Oz+z9oKkEX$UHZ0q?b$ZoE$tS2hRzl>lm>MTh>s+1T)W(chTcl=<##(
z*iVn^#YyxylBu%F>2WzdE~m=sPnFf5Dyx5{$||SF<=wu09J8FRv_jgyC$Oz5t=a6K
z1L=yZoE|52)ip<H5tUcE`cgh0(w^~>uE16u;P>H7#0}9^Si1L0@AuOCdU`*<I}VPa
z_xtx;h*kU5i2HiplIeLlcAlT94^@xL>9OvuUYVfo^k_XjT2GJq)1&@664P~|pB}wV
zk3#gQJQJB+JsLufR*7%@v(LXWRmkwHDrC?<cutmGfmCHxAYBm~)X&3u`Yi1ly*AUI
zrFBQ*v;XipR6spz(Vw%GV9Tgdv42u;N3-hfUD$IM_KaqfuFDgmTJ2`ToV4m?YHy`{
zfgU^{nx%ZI4)^QN8u0*ZU5~9J*gA@>`)8}5=p~=`mdko?xzi5Yp+n_A!zXh1Cq!>5
zaYOVM1K7$Jj_4x_#hJXmNL)tdxk5}7BgGVPueem)FCG#<6qQt-<H<LVh-<~8<fMpr
zQp^=MiCSXh0V>NTth0=NRbr(`ir<Qq(ObM~9BLdY-ZT0dd19e)m~pshFf79oi;V)K
zkhR`G<2bR@IN2x_pBMpSl=#%R#JE&!G(yJZB4J!<Tq8Ca*BUpAHscQCe(`tX0pmfV
zxAA-91*4BK(|F0~XKXZDjl+#C{PP=Ijiga%xQ1s8lu{mIoGAOszQ!rCpX_IRM-Gq!
zj52w+Jlq%|ebQ%~Ds5>SBc&r9<1~4MEH+M;N6Vv)v*odJsBw-QE{`|PlPAbhBPhQk
z%Zy9pNO^{FnLJCLWqe<rEzdE=$n)fR##nj2yui3pUL-Fv!txRsGOm)}lVgk@$+7YW
z#<lWld4us2d8541m?UqO<;G-rtGvy)T~3ixjj8f(88hyY_sa*2`{bjt%6LFNC7&{W
zDW8?k8q?+P<sXbk<e%hA#^Z9f{IgLd=gHTMr{wGMb)!bs$$H~C`JQ~wm?;;@#l|1y
z61l{fEtkn<#vHj)t~CBESIgDLT)9Rz8}sCP`Kd8qZjc*|zsQ7aHQtb4%A`>*UD<BD
zD?4O|u}G$*XEd17l*Tf%x7piRZuT+z7;!V#>~E|v4>$9THKt`27;8<xImlRN7MsP!
zM)PQMnDMz;W{xmg%`xUUV~aV#{F$-Ce9?T-*kdj;ml=D_xVggcdL7y;R~q@#@}H4r
z{_pZ<Nhkl$`Ag(6`AhRZmgnSulHVpT&EMtgEwA$(>a*pozMFlw%9wAG?+$st?@r&H
z^5?#oFD5H}_xkRW(|i@a2j#=QO5Zg3h;O>@5&5W(e{zOzhVL=?nD24l<MMIe)4u2A
z6TTOGe~{1mX8HasYkal7SLKVoI^X;9PrfC-59DjUrM|fQt8cY$gIwTi^=*@lzOSr9
zWZdd!70J)7BdkHP-5P8SmOHE=*3ojOb*wc^c3Q_<$IEZ56RnfvF6(4#gxq6|w9YV1
z>rCrR^APJiYmC{)y3z`pMb<cLygA7Fv30FE*os&a%pulI*3ITH>lW))^EhjY6*Wt&
zm=!ZmvhKAWFu!g6!kTWDS--NLFi*3dvYs)|v1+V0%+c1{)^c;awZd9!mRswrb>{8X
z->i-19af9A*}TizYHc;|v0TeF@3nSXUzzt=DeD`v!rEi)H6OH1+cbY}_p*DLm3Ch{
z&zxrWxAV=1ZObk&AGHVCN0^V<#r84g<93OCg88KVE&CMnX}ioGVb<8E+ozk)+h^LN
z%ops@_GojaeSv+6`A7Tv_84=HeYJh9IoF<O-)z2S-)i4&zF}9`zck;sAF&@ZSJ;o+
zkDDLaRrZtSTKgHh#$0DVZ@*xEX3w%`o1fcr?Rn-G_I&#_v&H_z{><ELe_?-Nx^|1*
zVz${^>@8-yz17}oZnwAD?PiCaDmc>YEI7H~w45Uff(2u9jxCs2a9hrZg4vFdGs@}f
z<mXg5XFKQT{LZ=18JjcHne5!1^Q!Zv^JdPQ&fCsAId3`dIq&7X?JRPda^7*4JMsU=
z-Iu^eQDpzWs?LNXkc8>#O!bh28v=m<A;AD57?ArA5JW^o1YuF}LS2<(6%;&BL3CZk
z6<tMzb!FXESJd?YR6s#F!=ao)R75}&@Sy+SdNa8Xa)JB%SADvs`gL91UGLTVR==r=
z_&BgWuqk47U~6Do#M;1)z^;hT0(%455t{-B11BT4YY3KzuXTiujQB=Z*VQAw(=~NW
z#35~KJK~s*({99%IzcByoYeJn!-$`CbDbP<O1IJNeL`pG&c5optM2NH);)C}UySaj
zhxlxLvA)<>SC7z_`Qr5zdW^5W9;?Uu8tSX{HNK|$I(@w_Nl(^y`da8YdX6tcKcpY>
zb<mINCwv|CQ~DWSXZ@Uh-j}Ig)Qf%H^~?HIUr+sS{hF`8enY?E8>rvZZ~89OZ|S#u
zgY<H}!Z%ods8{<g(x2*ezDx9ay}>t9Z`N79QThx0rSA%TKxg}|)CcuJ-#E9MJJ5HP
zJIEdEyU88y4)@*cj&Mi%ZgEGsqkXrzW85o!Q`~Xx)xK%&weBR}-R|}74Zc~yb-{JM
zdxM*TTYUEgzY1pi<^+!gkNf7<?N@hz?@^NHy>7;w^Iz=Wj|S0|^#7sr4irA~4tPi4
z=XskD--%<kIlQ03DKgJcJC@>jyAW+Hj&=FY=fO|*mWJBkedlGFu#DyJ2_0wFc?WTv
zz_GW?Ill3h!GBZ6)Y;w+FB`u{D%!$g$~+kI9N%xsMlJiy`v&#v@{|+)&1;+D(vF2F
zc|DDv(!nZee7HvVJ!tiwoHy+KP?1_tipld+8B<sBU6fMG59Q9475**sE^;W~@uT7M
zGTw#vQ}NHGART8%;j_G5II{9uP=R+b+Zz^=J^$OTpj`1X3SFJ(MS9Ac$nlT8wRkFP
zA=MK3><ClVqSx-m`R<&j#8MA3p_Dq8dMk3%D5hkwUkV?3>MOXcJ?xKgXiA;T*A5nb
zA4t6{EP=UJFC|}HS<DxEPA79h&%nqr&XINcCs#SgEy^yt{O7)Do<m-5RmG&q%8Pj$
z_)ZR2uAK!+-xF#B#|`i8!`nW9<EPU;-Gk*Gy+kD%dd3~@dC%F9o@ds1-+Lc=%f0V^
z?{<Wo(bp<n#%G1kawsKeD8=y5nR4Dd9E<W1l2Cgpep8F2T$`5$vTLokC`7^UD)8T`
za9O2D*xZsfcpGw05=)?)vlZ~SK|8(8TM(uhUSCwS7PMwEWXpon^K(J&$dlL@Q#K+r
z$FR^5PBHKF_frw)jl(ge5Uo(#y^OFQecIB(a?V=-8L*n~YMz&p*Y>Iz@i7jrHKSqp
z>?mqj<_!a_Q0Y95=8fJd;Uk1EvRVFTS4Dfyo+~U<F}|$uo-2s*en01JEp%RjW?Q6x
zZSY<<VX0;3;S0mztIqU2GgdY@V|9rs4(4cwVXf={B+v`xsNpjX&yX&~eSaT?F#b;=
ziBfF3TxlBCTxNKKOvv$KW)C>(<`N4^XqV26Gc_a?EI*eMLK-r+mm1}aSl%G7p4ZsO
zwgRI{D$64?Vl2%!iWu3SN{Rd?7eJyXmDCL6S{6<dzU#1N4obKWEXtwg<}p%cnECG_
z*Ag1ja>rG0Zw@cGxzaxG>SQCULVErG9p^<BI-hy!SFfQrljGkOxbkgbN`b3crSXQh
z&D&=5mcp7#h|aMi#cAE%4Ta7R=f+m#AJ0$yT1wr;jNRT3-mx(5Hpj=I<IFlEF^kCD
z67-Iu&oV!EdtamNTS64*HV3`+VT8Gmx#FmIID`^QD0{oNou5JB(TV9CGjmWpYXI)s
z&$#$txUTn5^UKh+mlw!sG_DY;-ILRLKHlK7ue>i!SW<g9&Hmh2Hp}KSj7Io*Rczj_
zK@~UUtU7NT%czi~EsigW^orld<@F^#ODS}9C2R95%T?mhs%crpT@gKMoj1+9H~*Y^
z8Ou2%@5p<#(D|+s(iLj2ca_)OgdBgbz?JvR0q!rE^Ak(FQss_&%+lPm#$2~KSby*`
zPGx&RZyLwvL7FWvp63Q9d#~`>S{#eQ<IVz>dFE_lsiU5ei&<Vj#-ZmjWj6c@P*#Lc
zmNy!2GmB}{*zYm=0}#?T;aV1je#7O>_A;TJ1o1nXIVAtw;Iu+@?=5`h?PdPnlQZ*d
z=1R`|d`aFscRpH$zx^2fn17e$&YZ5zuN7C`@iSUxW?}P}%5S|2YbmAvjJ)?<%vIAz
z79q`S^t&Y1@eO6J7mJ=aGn{`B+HR<`*)J$<9sqs4A3}44=EeKvud9-GQYByba>k_!
z=3Y^mIRh^nJ$G@5SC53g*%X8FO@CiZi;LB1ODwM#w>aNXVFzu^aQd+_rvBZ>$usT3
z-_?JYS(tF2Dd9Vb_XT5wBE81Y!{6>g`G2R@SG@y@`2xq5-@6^Zn;TmtrBqZtEY6=Z
z-@7>LGK%Z3lDRc#Q(u)n7g21k6?sP`>#v$oFW=Y6a^%Xri%PemQHgbwFcKF#Mkhgo
zPJ*vlraF1PFs%I~=21#;=a#9=(p@6glUjzdQj31ssuFi*O8sASWt(3sDi1?5Lp>^8
zw>ciGOd*htUs7U87D*v)&C{N8ZS=~`#U+%Var!i8*FhKgsrXsjGUh*A$p$2rRJV7?
zJ5;P5#q=t0RWxtmZR9V<hfBE1qZoQ!Sl7$_%^lr}&ZnQIzN`YXYN78JmA;qo+<pnT
z!P_6UW6b&1d@w(qW8YWCf-;0#&*n^0)wr@F+Wb$)JS%T!7z->y{4>S_^So>FeYGE5
zB3~RXzONOeLt^cPf7yEn$IH32+1?Uwmbc1#u|Uo&ZyD0&eU&sb3FlL;WioI}p)Vdq
z>dyQ2wg>&WimigtzU*A<$3u*q!nGJ{uQHa=^VF|iY|ht7{u*NJ29x+~AJ4YreD5fr
zb>clND!xR%YUUL8c#~P*3C%$+V?P4)clmr8w=-1V3J%ST;HVPHTg!G8{fu2Bp9k|@
zTgIhj=FI67{C3ZnbAz!JEwQm@bDq}duS;{!GEleT=M#EH{Z1YABEz<mEBLv<hu_5t
zp0&#|^zgi3NEbG-*`?ZWnlH>*;3D(BE@VpRT}%#rL*}=&mgi~B*XTvu3yjs$MLe&X
zueNY`^YHGM@;vg3{0{Ta(=Ooa##$&e1H7+5ON<S`zW<qbQSd8FW}!LrTfCsxCZw<P
z_rE>NX-Rx$-ogf^h3ybR))yQuDs3i}-y(Ar<;<CfIKa%2hkEuB=HAeo4$ZKe_dK4j
z6|nJON|yH&&#q^M-(*Jqx(e03y6{=a_9SQ9<?+O6Q|3t_#rOYNj<o~c$S&sgG9ulQ
za5R4z4t)_0eNiyyi@evvZ_Uunn7^o)Cv0Y>*BU8wc4pJhuFJLeUdobbWy$ke`9@4*
z3%3kU@v~ynt@Bz{zD*bzvUs#vW~|k5tStT8Y0g^<^L8ntSiU@yb80L0Y8mW1OD#QY
zy~#cIU}zlkrdO`aV(TgV&Eq0UrUp1T9_GO=m8t<{c<<o&u$=iqeXC4bW0*I~_}`iG
zx?BxD=eN*5!%EDz5k1ey=1n<vCdH)5`OnZS^wVMdw)1+F^k(Iz+nxVQRYjb)!)Oy>
zzIZg;yOwz$m71r(J1d+0LC*MC!qswr{V$Y%MLtbu-<ji!Vrot&!yTdioK6zHYTZrw
z>ROuH|0lwa#u1V>k*7AE%7&H}S=frLjIIlKI{nmMvzGwJm*(}b^1HIO!E0RTJkwaO
zd6{SG-<)U075=J>caeQ+BRDGZ)Zq#hn2zUP%d5rl2K+A4E8e=YwxO7Jk^O)FUF5k_
z{{!C%PnGEld}TPVP)Yk3m6bFf#s3y5`UN%bUnHR~8D*ch<&mSL(OlA0iXbyq4WNP4
zn+DOH)R$(^OqxRX&^($(^XWyppZ-B>X(4@1+4Mer1HY9H!f&HPLeh5O6V>Rjs3B_6
z4<bg?q2t09$@H^mE4m=oR}2sh&3Y%IsTd-z5lLc_m?1L7(_)DjE_REr#5i8jWFoI<
zGKE((xr<jcnZYZX%;XhK?&cLu?%@?pX318vm6*+|aop>l?LRK=_y26y5x>~B?MT~B
zuoGpRJ<*;hwSBF9t#s|{?3-oKzSX`}Hn4BAr^|-Cu10fvwmn<6v>&jak*#?BjBfTz
z_Db2q{>WY}ue3i^iE=!zit(mus2a*;s<CP+-{Ms<{>!UkysO%(w(<j&rqbkcm7)5|
z6{^1)DYMilHA-fi^)TeuW<3n~tyvF49#*%gTjfzTUEL**shR2lc|tv?9<+pdSgo_9
z`doc(WvUHoi`7kSQ`@ax>Pz*d)kp18yRE)zzuIs0SJ^7t8o(=I3{>B#L)L}rusUoF
z=Jha!sFUiXHB|lPSk^Gd=lHG5c=d~`ouHFwO>!DI&8(Z87EVj+c3%BrDzAPq!^v<u
zS$8|<IbE!Ko$gLg>wc%VGst>~SHF0iSHF0|xyrfUdd8XK%(p(`wJz2<PdW>%_0B?P
zp|#O@)_K<2<h<l8u{JxeJFi<?o$bzcYn$_h^M$otKcMGWJIopn)|dKG{iwCmtn^^*
z(ogG!)?WRbe!==mzoZviU+b6k%htF0L;az3P_Ndjt?%@w`cvzWS<%7zUT@Z$ts`bd
z2kWR=(ZM=qR&=m_a=W?Rt>bPFcYt-$9qbN{knV7IM1<vzbVo--x?|ii5mD|q_o|3m
zB*kG~9jGJu;4O-TkDzMs4poPbq#E$msV4g<-ut&U`)FQC$oM)G3m=8wI%Ja{-odX;
zE)cCk-1xc_2j7XzPF3fUhOdw7E}cg~_^!BKmoh0Hz9A*R8;ieYXjKw5M;lsD3R=~g
z+MuMi)B%)^)EVtLk9wir-qZ)}=?fnN-tC8081AhD?!5@D7)qm%>vH%=8ckzR&y_SD
zEtx<Q(UPlaGFoyo{Sj@r4P4$35@0%N{}a3o?!OaxXTYaG2FyeY?txFHS@2D1HheR>
z7e0yZgHM5ExF1&^fNxH7;9Jmx@X7QLJ&db!AwgP0g3PBhdK5mL9)oXBe}+${$KlVR
zzrbhE6Yyruv?oDX0N;V0qD3g-1xTN!kUsyQCiDt?GA*V5fbu52jW)bP|K+u|J_7w?
zT7@>OrZs58C-BL<Qd1Mit+j}MPMeT&GwnoscELBL-Lx02+6Rf2&JwK^OSJZMh>j!u
z3Hk-C`jtF7M-XIO2go=dwHA>gl7y%Rc_(?@Cnai%n&cBvB8sYsT9AM>AOT~jmWUOx
z6fNpN8pc8fqL=WhP)az$AuZxW9O3~HprFt~Q@n76ONk;Vf>ck`6?Lhzh!^qHMI?v>
zI$tD;L~0=FiF(vX)ECXsh8B>pK3-Q!iFTqB;%0TJ8j!aAP<wyTAGHq<15mqJX(|?y
zcNp4W)|*n|3ULL}j}c}i_i^G6sC}Zi2DMKTx1jc0#qFr~4lxZiP8WBg#=FE_$U8&K
zK;EatLOh3O#52@PJS+Z2DdIWtJSB@o;st6hUKB4;3$a)%0cE$?O?|{3v6s4uec~&`
z4~aw6S9~wNr~cwF_^_WiB971iaa0@y{Ri;_=*Pq{(0>#^g8q{@j$9|i3F;wEij&k!
z{49Q^p5hnr3-uPiieEwhP5cJ>DRByPPk7WDqll#L(vlWkAR}Z1;y&p^JW@s?UQJd*
z9AgZ%HDe5=nlT1(j4_B~j6ob@4B{ALD8Y;|G!SFVBh=A9-~S{<`WN`0qA34g{m+r(
zf8M{C0{$ibzf*nx%l=mp|Cj$YYUqF6|30PoKk%=jrvBCbHI(fC#J`?e`#1QrsEvQC
ze;X*<{kss~?cYo1`1kq0C*eQrKTbZ3WJC&GCX(XpYIb$1XV<W!5s$I!Py>u`Hl1sm
zy;j=Wj_pt)M!N(`wiE3{YH7wivdoxA4#vFe5#C_mNKy7p_DzUSwkK1heY1TtRX1ZH
zorkgTHe9{kzMW$1JM1ZlPqn8a<urR5;?wQv<YJ_}ixTV^_Ds}^@sb*2ynF!R9D5FR
zuphJ^q}papDr#;&Y(I?nTzf9!^Xz%l(SF2!1m(=P=cCL=?Y~fc`w9C=&==SX(2}R@
zzfw*6Y5Qr^zR-RKY5r#a4JAKkKZlZ^x1Yz=m+Y6wwinw=kn8XE%gFT)`xTVA)cz;Z
zziR)B>e~OdUqi{S+ppu^->~1n)&JQ4K}+7W-vniuy$of(Wxs_I-nQRH3GdkNA@BS4
z`_$0>!2SUA<@R!luvgeCsE)nTUWq&X$o>d<Kej(c$*b&DNVD2rjl7@QpQ6UK_FCj!
zXRibOGkZN!Zm>6?gpGC<O5SRJfs|j`U*b9Mw0GhzcG>&Ussr}dxYKX!?@-Gj`!Fa+
z>|?mQAMF#!b<+MBPx}}96w3FMMV(ZHsz&Fk>Z%siSG83%ou^_{EOk|Nl%F!u1#D`l
zl!~LqDxfsgQLe%Wqk<|(brn2CsdyDnF)Be}d{K!iksPDVP-~;jAZ)A}Q?hEJnjqd(
zHKk@ov!NEyY*MJXYOPv>4*iDO8~uhlK)=aA*g<u~)lRAtr6{w$ak5zr3@Oi3nTU5&
z-4O4tF2L0uss}YyJykDCQoU7gl-x)4#nt|*KS~&&2B5ToY9Ov&s0Jhb5OopK4^_iZ
z&c$jtQeL7)P@1|_jRXZ671CUxu0XCaY7F9I)p(?tpeE2cM!Q1%7Ih2K->Pl}WxAS<
zG=EZefj(2sMhW+-2T(rrE!^qD>S5G7S3Qa}X5X=7vkDnnxIjIP_(FxzN4=o_j=V3c
zr6}{C>NQGNud6rlG?uCVBF($%J=F5P`hYUja<#&&(WzE~@}c?|EnKBmp@h|HHPWw9
zYmnv>^$D(isy+pMty)X1)H=0}S{j`XlnrVF!i{Pp+OSD&LJ6DIW~ASuwxA8$)Ha0M
z)pn9bBP3-sLWIx=shZIUsk6}tDH<B#cjPxKq~R*`LefSrq(q|^QX{iY8bZ&JRLiWE
zM#8L?M#_nFYEnJ3W*R89o!aDcqMaD3;lw%^#hf~hA8C~1P$MVKi32_81j%n!R73g%
zClTozI1Q1ek<*xhP7|joN^9mcBMDuz1;S(}8F^beEs;LOX^WJpPAWBU+Bxk&Nq5pI
z)@kpwr$lI?8A#v3>3|YCIvsJflY`L>x+yd#r;F1Cxw<>uLBGK1iIlya{wQsLGYDyh
zI76tKbCGiqS~$`fg_d9Lj6um)Ie$QFCpy<6<s|1i($4kHO(<=$^GAwzZgZxf-l@)=
zsPQgm26c93I(JhS=N@Mko$t(cW~0V?o%_-LInErUe9(CiS08d70{vm<VYFnfGY_>q
z;yi+q=R5OJ@?*|psQu5*pONcv=W)~vU71=NT^S*CWoidq`6Wtr7CVb6#aZGk0UdfX
zDA1cJ!RXDD0KNGEN;WH`QEQ_;BZT%0%H#TRYOepH|3WGH3H=1((4-MQr=LffMfwG#
zfj&)XMxUm1qfb*iqfb)@qfdjfUav>EL2m#BS~c=Qt43aE)d-<gQ)_6|-KeSC-R+Ke
z54Q(3b9=hID8=pV_6DVo+n3VZer`WXcl*2jsl7YE1xFkG8)=5S;9vI=_Yz8WN4O)9
zcceR#TDX_Fmw__My&P#qyQ7f?+Br%X=Z>Qb-K*TIp!-QVfpzp=tewZOCLR;k!i}~a
z!+LfMYuLS6!|uZxw!<2BKi04Zu!emhYuGMp*zv4k_hJp(VhuZnwdxq;Hv05XXv{IJ
zEB9tyxex2g4(rMTSXXvgSB_`>IDz%!`gAum;|$h}Q&=-@&6;r<YsPI^Gj0dH_(4z}
zf=`ED{4li4x$qg#jxk2kBk&olC8x8N+?loHF03VYWi2_Awd8KBC68e(xjSpgJ)k8&
zg}eGId;&d9&m+DF8gl}@1fM~RX$iHYze8`%fZn_mI_^K=Gw4-%9q~7yNoPQlUIvu$
z7WC=XtWT#wpMIB8={@+iK>I5Z{}8?{wCs=2!jIwGLf1Cys;`DmgT}oE^iQB?r_pEd
zY0$Pm2W35NfHuDoJ{_9(X1v!e@EMdvI}rZ@T6hMu@ZGq&7d{=j_&(hGSF|4}=K%Eb
z&h$0(@)Y_OdU+S<<%j5e`X0V39i|@<{|TCUSJu?KK~w*gE}-AwGwBqx_6vkr)TW1!
z(A|3oOIVc78hrhH8hn(fE~-OIt^wUWigovBQCmbK4vih5(buC{UyovaJ(~6PDAw2O
zu)c1yzOGnb@5}mnf7aIrvc9faU#|;&y*@>V2BHD#Z77luZ=S2cOVLuaM9Hm03h+Z~
z(FXBU==3$9)3>AQB2A>B#&ppE@s7~)qlDS<E>@feT|ZiM6<w*OIA5F(dZx&P-rr4h
zL%h4_jd&l?7xDh$LWG0G5QG<rp-4XrNFWMG;9`_BTntA!mx#*{9|cqp4OB1&SH}Vy
zL;)L&!<}9w#zXs`0Gv=qTn(IHi)+QT6bH003HN@Tn2h+%Kn{wLLw_KLJAf;uh$(mi
zQ-LCaKoQgN9PR{`sLNO)im^luF;mP${BH4A=<ZJgGo&zP7|EF7BE}3O88ckQnBj89
z45Jt`jAqPm8Doaa88eJx%rKfU!$`&q7c*wKgfYW##tb7EGhED=;S$CS!x=M-V9YR-
zF~cy%3_}?+3}ehNlrh6FSxeTUPBL0X)44KM#v<;Qe#Dhjh{wq|!~-%w^<=z^r$|{(
z)<f7-HbvN4wx)nglWB-|lARDAE{D^l@=AFn!m)BJ`Q&&x9^oW83E>nu1>qC&32JQC
z$)%=pp<IaY8Tkw)$>-#AG+4eQU!sQcpYopwUzM-o>Ra+Hq<=@ggESw@kEw-OAs69B
z39UkImYXSAX2~oXBKOPvpk&LhskvDdmy#_wYGl^Kr6yJls|LcFR!wSV)wXKWAj@z0
zseu)=f(Ywcb#b+^)fnjwI=aH@WObr?))Z?B^|bzE-Gy+bbsxevtv9JBW2augNUs7f
z8Fb_V9lcHo{x^V;5`mGRKlzsfDYXJpT1~0`HNZ=4ftNl3{ZpW(4nR#C5#QwBf_N4X
zR0a^#R_f~C1{`Hp)ZKyj7yg}y@AmJe?*2W%R2KkK?E|Lz3dkw~$O_uF{|N9^b^i(f
z3998k=|2g|&;Fk&+W!j>S1b^hq-fi+eTYW_eMJL(RRa>M4h$9t3|15ID7!Y|(ZFL0
zcr1pr9Sc+zWK`CNQCSy8Wwsr(<DuUhY}S^sS&BW$o&@dRAh8(6V72XA>{}2wNUWbd
z1?a0b(AP9j4A$yn-(%kcR4~h)1yo>gS3F~?UW}$<7)?2hrg|}&vKUQ;a8wLqrx^Q1
z`$d##uv0I_OEHX;97aU(jEH(M7K&jk<T4iO#aJkYQBWVoKMv!cUiKP$4NCjO{sdPI
z{&5-q^kU=_!#F2~kxUGum)?wC`Y?KN7`^mk^fG|a%Y}?yTt+YPj8Ec$Od0~`G*XSA
zD;s3efssjuN>WMCzniP()RFN?8t_Rg=;A3rDH)7X>N85|qS~o;)Sa<P55_7Pz$zV(
zz9SGzdqymYj95|`v2*}pIS**63vkQ%KrB6QwWsO{J-ZhWOB+TkX^dDh7_qct#FD{?
zr410vg(!0na7!ZNmR5{gQW>{&VBC_*xaEAtEotg<bvg1H^wNXTOM<#mT?vZ8FdZ1f
zT%i7-{(zJd)kNIg)#_^8(KTuk(p;ymgMNR#x*mCNR5yZhv$`3fK|AS;cDgg#Nno^7
zU(HZ6&>n+%G8pr;QghTC#0~OEVdT?>kxv?s&tue9{aO7P<vb1)lnNB|H0TS}v!MJ9
zD5yP9&|<W339wK{V4;72{)&19DVG8lr2`keinjer{Tt}?HDIL9jFGwkBfX7h`wo!O
z`HYk@87XyRq%?++Qg=p5Js2saF;eQnNU0kmr3)A-B>*X{Lz@joN>J<7dZgI^jFiS0
zsRv`EOtn>QMN4+59YDN0)lQ(GU1}HAQ2W$A#1E(g2n|N+%NQw29aIN_jt;5sK{x2g
zR>#$GP)?{5z)J=x)df=e4Jke4Q4~}FfiQ%ZBAf_dCxe<|88xYVs7V4fMMLk80d|UI
z>{JujsSYT9AgEX%D1~wif{Jwl4s;2|QBk=#DuJpyi9l0PPCchSYB889mN8XL##G8l
za*_~l?lealgQ@C<F;y$46(|N-#WJ$eVPuu&q@i|$tn7SfD$42XbOzm^DV+~ZMLE5k
zUMRs}swiNpfoRW#Kvq%CU}rGm246)nzKV5*I?y7Vi=B(np5e|2#78<K5x)#rD~hpJ
zEU?y1h#Qnuhf$WzC`&QQ>dPprKclRHjIuPNth&wv&I8D0u$IkOt3P8c9mZPofvln!
zS=Du(aGpT?N#{wb?>yx^O&Mn0ZG;9*WiXmbcXm0uD1gB^f+FK;$JItSG;SCuo8rEu
zOXCg(YLYK7IWU<b15*Q25v~fXqNKp5flsMvU|nDx;_CzJX>edeU;{M_><H|j#({%@
zL%4c8a02w-0>6Rc1w3kMAP6OCsU<bmb+n&a=r|omLv&CFfy9zDkcV!g+aPSKQ*kv-
zw+Bw^q|Zf~&iXu1y6J8R2kAl7Ko8YJsfk%fo0{nndISy9m+DJFAFIbwBRyH)f~(W@
zpFqD`-wnzvJqwiCdN$JEr|$#BpvMgTAaG-benbOh06jj2(4fbzK#Wf#T&SM`4*VN%
zV+Ii8OVp7OV`u$_{txxg@9XzL|4@H~aJ9yW4D|RJb<v;e&w)HQ>W$P>@6bCyKcEjF
zJf@GK%oF+qW$KgqBz4n2>z}CyBgw9eB<s5uxED|c<HpX68@n)K?81n#J|o5qMvN)$
zrS7GOj|5^&W5k%wh_R!4g?k0!W8JZo$+&S0<HjEDcy~M{xD(uo$Ti8GM5*o#?hVv6
zxH-6$ng+KAw<G*2m`yE$-vqxwcr19FngmY<Pf`<-ZkAcUJAPt=Yk*p+;@?}9a{&tf
zqoN|;`ioj)hAesV+4D^G=EC2cvqE;ROQ%}iQE#U=>-6jM6{+KJ5u2lAZwr5a-kV$V
zMQnqg89q*w{3ZO%JJhVgzZG%G6|`VWu28PZy9U2c&84rzSH?0<`@bmfVD8GuVXIc}
zK>prXF$+)AKTne)m!nMG{97h_)T(#h&1a>SB35MHjGR@_D!dBD)}l`>^zL%)wHM`I
zK`p#4UIVXB_<UCR)>=Z23CJ<k<j*N1rz8%S=KPBV>GD~5d85i(PsLriEd~{&_OY<l
zP{;x}$Kp}u^vqIR`6WYgu1%B-AAxe0k<XRcnl2e~cb3<H-_lld#w1+>kSIH|K5L$}
zZQHhO+qP}nwvDs4ZQHiJ`}Y2?CSN+!>8YuyXp(fgsn;%u6?-=<wzcXT2-@<X_wM3v
z*sbPNRZ!_>*iDT}Haqi^uOe3$Qfn^@Xh?Z^*BriC{}nm!j^C#ku_*&B0N%)5`yM8A
zmG3oEF=ojf_Bj6SKLU$5lQllo&wrwOXnDN6#eAPq!eal?g7Py=@o=A^l{;;*xZp|p
znR4jih%RnuDOs!(9_~ZXqQ0GM*etc4hRMD*_so=#k$1x4%C1~BgI_juydWF+k)?tB
zA!+2&J)z!j8WGs^9bFAM*hY0DywzM?&)xy{C}#R`+}mD*rT3}P*#b01-B}g{@vR(`
zX7ff^L`}f*H+Z*N^RS=eQFD2VD%HByB5tm<IsojM10+T&T|m{5Z}^98IsO<6|Df}b
zlT@|Os;y96eCx~~uGQ@vsa8;1RW=z+M2}_sZ7NTrT~PD`mD;vE8-}lLlG?za4Khws
zh(#%$kbV8Lf$TB;SK#2?TqS}G=1dv#<IYh>f_<h<LiA{X`y?xw0KYg=`s|A4``0u%
zZ|I{&dgb3_YTcuE$MhG#N{i4IODFEeZk2KkOSeZx+klboTMF!_Qzk?G^mV)CWp&O(
zhxSW{!mJ~d^O@Np#~P)#t;1--<ck?&7iBs|<#rt{gPLOGn%RGCP`A4%H;%UQuT-T<
zI;Ay9>3K${+Y8Yt@Q~$`KkLkCE0sq_d3Dw7X_4@ER5v9FkHkgP&$v>h;|#PayH`ny
zBFRLYl%XXS!9_}aUCt4Xd&<ZXUprRpT7g(pJ{fl{vhW(k-^tp@H3-~Y22a%BGnd&{
z9s>=OTD3)%YdE1s-0HbOYd;xO&Ew&5)J9PEV<`>Bs{*ANR-_B%?U#6*ib<C=9g0<#
zv>%Gt>~b(fJy<lf_?kKtw8Wx1G_<8`?!{P=0PH$4cq^B_(#~r>q&nMVwnf0~>M|ul
zzshyV=VKd3N)@y>NsQ(7S(GR830br!icpQHEX0k`vXX6bJd)Lij`!{shAx98N{xgp
z#bc_6luj{T(%mBH4(VQ*9HT$uKl5!4ZCWzfN1^wE9I`%Cs*0$Mv@FIAOR}uL)HyZt
z(4?KuWUP8|;W9?LYwCJ+QT006)7)<|WoMqxT@0rf{~q-X>Thakk!Wh#R{fbmGbo0+
z%Sg#YRfY;ubc2QF9Mk$`ytLsY&KlG5d`iik3SlLLbX|t})TxDOXk%cFeYca#T$4$u
zVf*%_lN4)OcFdVb;{yGbkqbx3*mQWS#^Xq9Yb$UD;tJt4?4#MHwEfFMrv1YK%EEhV
z%f8C&ihU+vfDc^<PUO3Pjej`7*rh8~2rv#T6%yf;&xk?R+KpNi>j!ough`K~eb?{Z
zrr9$mN=w>T%n<H>0u{fkNxENwwqF5yS=AN#efh?PdN+xYGvGVb#*uopqRi72gZi}t
zwN8s?HWb^8t>~c+6Ia9fO|N8R%gO8EeZ<C&`q#-z8>;0@@8}_u#@hN(NE;X%_>ZX<
zk$7w_3@!?ojGO3v&c{*dO+sSLFmZL<FNS~*W9RGCg#X3zo3xhsy3K;P%+H1jC55pf
zd9f~h88HorH93?sLrc@AP1UU{CHA$_$2uE1)Kl|E#HStAtv4n1JJKc_jZV$nh*q8?
zhro}9kstQV*CPS{i<#SSTZDMKvn@tB53%(rnej^tOf^r}TnUb}9YE(Ng=k;$Q)fV6
zCk1t5kGge2Kia3fxqF|j=B#Fp$4%#MHtLi$E#J62e6=6HQQ<M5Si!jJfcJL#AOMbo
z)Q*EVc7u$`uBdMV2R>&*-tuuC1ihPmEzMjaOI;k8-3mb-L<o<gNhUF+doeT1$Tx<F
z>$SBiHX(V;L3!5vZ=viYf$Sz^f;xH`rPEB$8<(^M-~O_dva_AQjeqLkfU4rgi^_G>
zmq;4uL;%oc7c|cUi4rr2zNHuLrxjW>dS^Em^s3%j8K)Wu2X+MP)^LDF4`l<!k_W-C
zQOB@TgJvy*A2EUUkRP|W9k-nCw$Q>~1FtL@)JU5A7b=IfRR3zdVD}5|cBM>uCb-iA
zcCO@BjQkD5<de4tItY=kZjJ1Vj-QOKPQzU2jmDL8*mSrx@@&o)i{%8LMhamZWB7<y
zY~risv#l_9Audhvj|4(oYcPNmAE-ov(D6<^2i=D16ph(aivSs^!Q-rBs7pWq#06Es
z@8+n(Fkc2<-aTLM)rc^`gif`l(*R=uX4yMm?o|oe0NjYf>5P8e?&YaKe5I(%1@s5<
z2g)-AYmh(g>wU??g25_g@y7+^#XG9+rBC`a+!Y=4h5QU^t=~7pW<zHacaGM|<A{TT
zU*!Av7n^Y^hAsXym2<i%vogzE7F<(qsYr-jU09wTGe_SFxyCQOHczMw_7AGP{-vz+
z;@r)`>{(h=XB25R^Ry(7bwNCjb%k2ar$J_TDW#oQ;`b-Z-@r;B0neU6&H-!-ppD}^
zCJd7@UTI6+wd6QXh?~63^Gv76$#yIAcXVrqP0wEWkk{POeJK^<=7S~Z!KnfxJc8o}
zR*fbOH<3(0@-FX&ex!Uv1|K=49|d^}eszB57_41cDGVBWSBY5gU2IY8>=xYduT*?Q
zN@7%&752)=32Ck86`ylG=OhPr2jhXXfw0N{Q?#ubb^~joh)DQR25PiJ9|8M~#wBA<
zB+T6WC~YXYWAy*TsrivRl-hfvvDg+=^Sz|8_;;8;`)y9%jH~mk(bV3WzZsg%kJbYz
z-Q~X-8NZ?p#kQEg4;xGFr2KLser0|+l)o}#Dc#kp5iKGB=+;G!O<wbD7!yb5RH@$j
zZB~~am5oR?RE)+XM*i_b<PD{l5as$r4uUD8*hg^eK^*m3HX{yg^;r0#cwO<+<PJqx
z;g6|f@^PFZ3am+mM`%T?_wCwhI<bidc#aQ}SK;?R^)J*m_E@Uj%FKRr!{Aem{Aln|
z^!*I@LXqJDMgjFv^uxf2{S?560%1|~DfA)wa(aI0*Ey~;kA^xyWK@yJ)kSp-_`rth
z`t<~e>3SfD1dWix4U-7zm1a#sl14{4HYXnrH(yZKUAjuTtV>%@T*^<Cy4cwj=I@j)
zqVXp8fUmrQx2R+Kw-anQ!aAT>s^n}wxdFTIKbQe8a1XlnToQeEA4piScm(kNXQR!d
z8_1U`l&jS$b()oWFF=qkrHSwifQ%_o>n~(3WB<Woh{nCcAhk+4?j7JBMbD`qU``xT
z#56${fP*xFogtL$-jV^<2faLTRM-LjvjN00Az<Z&!Y#XM_sIsN7IBQ&0pd911)vEL
zc~J&0^_Px;`K^cht*h?RXmXK~uXZJR0hVQ#;W;zB$=>Jg{@C_jxZRWgnvrI(FfHRl
zBGajlh*1<SBj}?we1TbF>AiLv67UEO*u?<pbA}Aqsl{{awCJ$ljF2A!iW#9~!>OGA
z6Ejlz=y!1EcK~6RYF%!Kta*-IVYEc!Mo8${X`qT-+Kzk6t<&e4ZD9CCJT&}Hv&HJX
zBSc{wI?M7OhPtUWUgEC_lOWZ4VhWsAoK|*e3O~KudC$MW_iWE?`oCn`dGV7CAViTQ
z*$UM9g)e%le^??GS<e7!kq2cLIG?!Ii+6oezI7je0u&xeA9;my7h*3)`hFO{h+dE0
z@RZYGpU-yYY4d0)8~ag_BRSkv+zx9S1(Fyj%aYXhc+!w{MBpR3u;nkW4%_hmJPgJ{
z^9FQq;hrKxaa9}mm#WO_R_6J(8~D4%>H{46bs#^kP%gV|{Ow`=#MvHgtyQIZScKf?
z&BOcNg6uA(RPoqArsQriC@xj5dTbs@ssN<g5U~#Ih`ML!-ue6O`R54n&(T32t>!&3
zIhk*5z<me6(cj(DKNo)?yG<3wlo*0Gg|7gEr1N>ezLogA0u3Ho6#3tzC?emvI#aKH
zTqvG>#UYnT6=4-&1xLAh--SSqTq&FV#1~b|YXvNVmGFP1029jyD!}i#`LO+7?y=x%
z^L)9Uh@OZxjUQ+JZ2DsSRvUe)JYV8hW6pkT$ahPm#~$5!!l+^kJ(#e3i*gNc!WrPZ
zaj7_d@6dOcS7XWnw(|}p!q*-!M?vT%Dds@k9DIf{m2>0U36?O<By@q&NjQ2sK`-3x
ziN^k~2xS8-VMV6ScxyygvgUA%Ar^X>`Y}aH7I%vw5?b;4F-ZlhdlxbmcTSg-D=NV|
zaM4MjNdjm}pQg_8k%@Q<o^aZujW^+Z1R9yv-W%lQAtCzE9m@AXefy*xxYAdpZok^y
zjbNjEHM3y3M7RPms*{&{asMPfojfi(vR$Ysuo583zA!xtI!ZcZE68TB;9c}ql|aq>
zvN(<;^l=y(&{)3KBtDoybALA00Q$ZnJ^nfZH#|2cxBbSrzGps7J9;IuDY3@+&VOXo
zl9lrrPKvul)V%j25`;d?wWz8^%DluUxE9b&6mPXb?f5@cal+HwgZ$g-eT@Ela!PhY
zOu*zgP}%#5gP8LW<|(!>s1Kx{&I-X!!?rIg5LrJ+i`_~ZK^U>`v>&yvwI8fsEkHpl
zVEcgUeEWPAxaU_b;HpK8{eOB;9ccVJ+h#p_QQL9YaAKfHLtel#`9O1zG;tyzV?#>=
zBlp^F1zs&$DZHq?2)!ufc;Fb}aN7}Jg3fkRsAyju$hgq7U}8aoZ<BacZ6JKRo%(aH
zV(&}e65kLzb;yv2e3;Q78w_w3PrzGw@Dpv}LW0Qj#p|F>2DuG#*kG!EHyPm}X2#2J
zMfcjY=^}{xk-JeeuDE)JaN*~JCg3at`3xX)@vl)!2mkn{<)Ru4CG*MW5siYL11bAA
z`;qIxK!b_`4&ZIH^$N)0M!{Y~;izalJK3?gF(y$;qH1Z7v8Ms&ivS(ufBG@5!a0FW
zg9ZP=Zbi(3#e!|<gLplMDgv_zD9&H)E$;n>LtaG$2WAYI=!@Qsm$NUUQbOlIYef<0
zJJ++eBWXox#n^<ZKL=9u*OcRFQ8;G8*E9=i{|kPhkeEi;9QMx)1?&y-6g?fUTFM;g
zo*H&h@I#fagEh2h)@T%m1Cs+4BMwE-8Q;)satAF81r;;_^zoYk$0Lw;dFTA(Q}CPq
zhrU}t1Iha{<ag^S;PAQj1FDZ%kT(9)d6x2$4rS9TnC?$kS#J+f@MrRO;J3|>-%r&K
zmhYl1v?UlpKxKaM?9i;qsS6u%CutVqG}KCvX8*CBW**mNq9&~uj~AC0c_%_QB1^Dz
zUznXoD_I>vD~1mE8W204<0(`=RQ?2=0ZJfiAZb4l7B&s+N@(`pUawti&`iKwOKk1&
zha15Ah`En|*g<Ns8(NPAxw07w3?xdqQUx+?xP5_2E6pZK;hXX)z??y}n-(O0rtCnP
z4T9}0VS<hX!g!JQK7PGU9<W3wh0X!&ZTUX+T?`Wb(5-2Z7rEp*C9)WpUZ)aNW<U8}
z8XZYiatt7b-Di-Knnh}in0G&Uy|jZQpsxr9JSv|+DY1%097z#lfp{5WJN`0BT%J?C
zMApH|Yo<a-9Hmy0+T2(z1-KJGKW;8tMc%XyUrC`{2i(7J9iL@iiZqbcU}oKr<e$0*
zS0sE&wyLZOfh6rhibH-NGQj9ORe&RzfQ14GI}YQOVx2WZbG{q@!dYWGh;ed~@KZxO
z&N<v(;(XcOt;la+8uhiiRw&UuZ8DIX;dC?H>ESgp-8Icu<WJ*I<A1tqtgm4Wl68N0
zqjN=qUoBe!xg&CiW(r1<7zJQ<1z+JjuviaFl%h85IXwVh^r0yFNbkfSllq+}!~n?o
zWGSOswDdc5frd4sD8wM#5tIRMs)dw+u_~0&ZW?>_I^?n&R9FFFKatOalHUjzfC@E*
zT^vAGGr+B`42j4u&i(pl1rB>gNgxw7DS~|d9B%oEC_z*ZF%_?aY@St}J66o(>;7?-
z5M8K%UJ5*|9vvMedvq~!GGcmHHj*-eZihq1M33AK--IvccZ`1*1M*<CAhZDbI=)`*
zFq{i`XFcD^ds)1x+!2k$sOmdy$>?Bm%_ojlDHQBkAhNg?zM=F?^r^j+(3mqZb1j5T
zN<`pUG_maQ<C*`pN>2B##{RRL(GYuzXdT`RY;D$4{Dtz4J3gIzF`kplYmxbHrVw)-
z^<VXANwf5ZfAc?*YKX15?h^06U&0?X&jcdtFaL542yS@$V8=gXZ-1A(A$-KPWdj-y
zvx#0G?r{*ZswHQMcWFmEuIyuMTCVv&h22@fr<c6tU&wsaRI4k8huU4VIei39mV)iV
zZTMLID4j)}dHZ!&{$7OKu{sg9tJ*hRkF+Pg=GiE{D1KI53vP|PcJz|6+9BGF^6m}1
z<DUD5aq8&{)y>`d?E!3>yKUccu>b_NW4Z$9O7x<*4@GwM244?wRXO1H@~a(P596Qz
zURa>h4<KB4wN`hqdeWJ(VCAA^wg<QXJ8VIwWhdn)cT`V+Pk`UZPY6#4-F#gFT>(4s
zD_L$ZDwzPEmK0LKcN|ZG7HB{I82KW%xaEe6;$DFm#Ugjq=gbz+Kdj6$Usyls9)TV}
zKfxY}86;sD`P&5W_cg8v!c&S5Mwm@v)(K|kC{LyhneR;e!Z-;pq;Xvkv7}tm-}rl$
z5W0jPh&ke~pzcE3{(KP#7KrC#h7f-tLdC=d6#JnL&w@}9b%<t&I+JE4C|r4(8lgQ{
zNs#Mo64fOrB80-Ue|TxFb~W9hXzxaT?VptJ1tH}Nu@U_PC)sOt6lf*dgr^DjpdTO(
z|Im^*2v(zBj*x~c#oW)@rv>*6qR7V)-~?%`BUs#sHb`leMGLhBBA_g##z7W+g)&Ht
zBbeq}r|y)OSxbjBhlO-~rHs38Xazm931by*aTDM=z;RWMs8m22Y<@r?*Q7Y675i;|
z<?<Fyf>vY)ruM|CMAYIJ2F$#>vCpLMil1lS+}~I~KIAL91jrJJ^W@;LPw|%tMA=V>
zX9ab?mM1=si=})NB~s>tkiVPll&S2*uUT9(=|&towJ#4sUje?8F0goqb&+cBB=OSO
z_$e2`kMPpv<0c~P1f$>;hg{k|X&@BHkTC}bJ~@1~x%y@AP4m4%gUIzY!cb_)XFh_t
zMB#na)!=OWKWX^3K!G(jDTxGpz}yJM8ib=z69+ZQvSq=;;0tubP}lJ;<KhN#5krC>
z>}dCi#i@rRlGrF|A_CkrHW38(gMx}od~=+n##0@NCE}DC7pc*Sp^D^aQX~Z7ETyWF
zX(U&Qp}yIAP>9&^{(=)L6dDR!ASry#A&j_wM7}!f4<SR9Z>F$(9eq=r<tdr+QvQRO
zn`ifdFk%O11X{ja<|_Kc9X_CA-Gu4}lLO83L1`sQ`g^VONNhKD3UAjTNACexoLAag
zTu>^{-VW;xwfQx!u6I@jzX?<Zp#^FI)Pk8Vk2^j{dJFLgCr$ucNOe!#0GmwqeyFgI
z@6-E=#}4w!EukYgWt0_FIA9bYm6xg~{R3)2Y@1;IC{aYA5X?c?B5WgAGTK3KBcL7c
zD!LsVBead^4*TwN_&j=5#;Jf>F324pE5Z{odG4$7!+5TotCTC`JwCnW6V0FKN0mVm
zjY^+^Yv$wUQ@~!q9wEZ~Q-m(^Q-MB*C0I-T>k`_MgemdVbex?hF~fWc%R~Di|5(sT
z$8z>sz}E7{>?SYr{?780m7{>rj34Z0){{d*G+$VaRac~E$vaQ;w~wRT^<DAh{{eAQ
zSO56dQID-b;{t_!=le}yY%_hrc$>NH)CF9l@i2LX5kljl^Yq7u{Lp=Z#V~joyaL-M
zGDooe>i@udtxV5n7puXF+4&`ri{+(Si&0VD2mgIW>t1Go&hj%(dDC!7pghWWRX15<
zoUDbg*bTM#h+;)VbF7zx;3|ueM#Q+HuUcoZss+{I>QBCBoNOqZhtU!jGf_E;`^@Ol
z7)8}M`p5k=DV>9iu_n&{SKm~<sE7;rY#3^-n>{}c!hOYmCJG`k0KS!#RIJxZ@9R%}
z=BtK@v|4}{iCaq@4I}MLT~-3t3JVny;7d8``K3+0G?PDLBva$jC@3fsp%&7^DwBzF
z4QySrkUcLiZ3>h{eFy}EMSG5VGwP}&2y-JeRW-CkwBN_b{a-J{Mq^ABi<N0sc86c3
z?-b&J&{nFp&(8{iR3?D6<22>APl0@I+*b5BNfcV}sYzhpAl<{%x4+*d)&LH1xumZP
z0yK;G5~IMwQ|pFS196V{*87&h1}Jw_D@L3~x%vyM;v3i-*!UYfKvvc|W<kyDeJ}o#
z&3@TA@scE*dY9<}tUbh8$W+Zvds%hURuF4=l@e;vt^SHK0ae3#LkWOYKCx8fV(fp}
z%){d-o7ZChSW2BpTvftdvjkZ*(l%JcS)e4jM5`le26327;NWZ3Zvn(qHl+^{Y*Qm}
zR(ZhBae){9+!+4+l-J`f)mh8qe7rJwz~Db5_vrq(>K3gx4wZXmen_-7#sqg$Twskn
z?Hs~*IKDf)-*?K``dL1~2&R$AOck$bdR}cR=pwg3;6HmxzB{x|EQ9QTGwyO8Xg*ut
z$v30(q|zQwyax6%QB4wQPD{;u`WH$ww0R-<qM(h#X#?2DFaX)<9y8*5;rq_E3=c9S
z_J;F7nb*_Y3R;D4oJcltuurG%aU10{aeP#Gspp_wHw52bHBET{OEyT3<?@b{e59N~
zZa^!7o+a12J6wM{i`geqzf_O4-M8%77)5YvcDdwkbFXh)R_@++vEn@ux#qYR)>h0w
zG^uJf<PQVbM#f%AzPx*|=WcLaAbR2JTF^QiIe=9QFZ12R4Q;Cev*+GMgU?xY*{X}x
zBh#V!dn(_FkOe2uGX7y7h6M0IU|X^eF3d(f4&wh^iK(0VgKLR0DW@BUy71R3_Lw#Q
zI&m`L#&2a))mZ$R@{D&^(%Jg``3aY0#-X&;`3Ao`z24LDReS?t1A=5{dz|<M=aA|P
zpX|;01=}{pd7N`{$v#<&Cv{DAUiAn&=;Ysb*ET`R0vBvG%P2bcM=O2I1H!NEjOP-^
z(aaO<=lL(w_ZNGY*j}Bd>|NSd60g#HAI5I=9SXyjXugdK_lTL$c@;py(3B?SKaSkT
z8*)XQV`5QrEfT7|57OURw(|OmvjyGmJR2TUDu2w!bW^LL@RB*g;wPc$+Ln<`AS`l!
zUp)9*(N|Hv86NZKyW?$-iBDP0p&wCpfMZX?z8Q0>zd^|!{;&>eJ5i}!&dOru=PtWV
zeSv%-Yo(J8tNxj%s1w5*0@w-i;%`^A0y_m)gM!<^(44ln;;=hm&;=5!7^+5A@mkXI
z(N+EdknFyxy9qO%WO!4@{nK(?d8@O(*sY*T?z)z`IFrHZRmB+_8E_|O67LzmtZ?@C
z)xuNLTe{mN=Kkr4RV_*&$1aOn)y=EDnvV=Y!cBtgWMLJ#M9NIjV+hXfieGQ1u%C^v
zFJl<kVGGG(6@f>ZO~&>$W*z30B~2V3<`8H;c#)>>ofK@DH+0ph4}!aUNx>xBk;*P<
zV8mF^5>;ckm0p!5Dni(7qx_rb8q2lVb+ls_`>Es+`$fd_pfh}1aFaiBNb~6FjUaC-
z*3sCTovvVM+x`KR6~gwsi#cmh{0rX|0(C=IU)=FXz{6atzHpRtOLs2wg8L@h(fZj|
z4QSK3B{uSDsJFHJUgut?$;h+TU9-2z-PZkPb=m8VF61#~n5WcrXzN(=KBE=NCYKmx
zIBU6MM05JcVM^{9;5zN1{ROmWiHtDLSw;l+1u%+_5Bqe<eD?TF%jO5YHzUwn#s?9t
zPxY1zM;JVIk3Q%QIEN2dc8|QMzo)l{5B`<<6D4BM_Mk-`$p@?_uzAn*u7eDtCv->9
zb#G^HCm*ddKy`L2h=eJEm`Z<+yMjs?B_h&|d0+V-_x=bxFaI69A-v%zTs@pUggpEN
z{Dhh6pu`}BM0hJkeaLm>E73k;5{^A0N(XG2u6$3xa|P!j_9^aS_PI<_<+Xxqe(2JU
zsxR(Qx#uGHspPqiGwpimwdzYDZDq9u<@gF$fjh9b@I%xw`aj(V=c$!B!VC*(W{O#?
zMJyrRrA0Ffx%?6p#Ymi`Me}pH_!1q(SeykWGmKe)sTZal!PpC*nh$o0<*ph}Z0>wd
z!52`9xvp|gMDFsB;A_+}r5D?FUqRWk?fI_Yai^ZeF9hytPt6w?ij^-7R|s$JJE?v2
z$E(4{a8r5jeW!h<cbR>ueP|0Yu2eS|Z`M1nefP!IhX>BaxtH&nmXD6@>l=@bAKfPx
zd1?7-U(M>C1VY`4t!MX#fa3MeT|Stma2KP@*q3%sTMiBEtrXD4HT$X)myw)rvypO`
zQp0)s6lumGXXd^SuLriEii<WIbGy}#!o8_D%WeCbmoUSzq*F7OO6(TTSdN1%^6S8B
z6+?f|QSW8>&9*}#Yz<g@xt!J*B+(Y<vHHW-EqFVTj)|-@?v?Cy8rGmAtcyu8(}u>)
zrCIrFan=>j2&tARb*<_Tz*PO5bKTu{uCo}4Ycke(WlM&I)F_W@VAu5wldgX3TPe+b
zZN_8rnrzNX@smxGM$>gJiP8o4=eL}VV|JD)Hp2)<qXm<;l4<*svcip3nau2kN4*sx
zU#F3!Zm*HG@2_e0(itI6(GCL-7HQS&)J>5S<_qiCSo4C1EM{)Q>@n^YZUECvXTNSk
zDm%Ox`{pLbj)i@6=k41l&KtLq!}(0xbP;Z0@6<L8$z1RBi8`3kV%GC~BgW%*nCh`j
zMicSi23N<%XZMWjwySweQ!Vt8ubM9J^cruu_RE=ZlX91)j@9q4FYDnr$y3`i+Y2k_
zV5t_41+2Cjc-4xFFy<6#7F<_sJLQgdtoncH(vDLtvChDg2PHx*J&t3JOO8_<y~1|%
z!+^01+>4%rNvCt|Bv?qPea7eq>4e$Fn>wPznPXQ6kZJG}LMQdxg*lvA+x8ntrWTAR
z^o=#3j?$v++^6IPrESI^1g@*=;LH_IMV|3(+i6A&p5(_&uIpRpQ;#MsvL23IZ`gs`
z2Bc@su1IqwH5wldwn4<hm>YAT_6gWiPSNF^2Ne$~rZoeH=qxktC|Q&>;3vweQ74^a
zR#TT4^f7E@&-9Vo9x*znYfL7OrEVpjGijw&=Fi3>awqhsT_zmU-OG*U=BEbvu%*s8
zNgK=hLEU5YjmID!YBuU4Y2?}J!OgJ_gBm24n9rHV{HHG|H48CDN9E)4muPfXu42#b
zl1&GAgQG>}Bjg_i_5sq4Mw}Sf(Zdj;HHGut=VVS<K(6s~3zXM3r#*?&Y^Oce*8rvv
z8(Z=R;+JCfBQDA>H5@MsiZz)w&NmgL!R2<>XXAFchVQ5EGSl9Dg~h0wYch?-gIwoD
z_}plJvn9DNYTmZJr-fduS3(RYvn{VmBqy0Sg+yb@HyNi047pVKXP#>5khPlTsAD0n
z!5>NetzD2ZY1(Wv*V8Nv6P_ZTBu>g@rje$S*IPVZ*fZFd74R%;FEzCS3!|Xsgk#85
z1CRdM0}szq$ITPRE^yiW7X72HBQ*PzcGGZpj9?AqXh%8Whyp-E`|f%j3>%H+ineCV
zMU1p7M%254X{6!kmYK!F;_8Z&yLM>xXf)N5Lx&TNqYV3uXN+gbk^CvT(~##p_Zc?(
z{SqUnVS88QjM~&x;343&{zyV&2+wr3e?99d*R>Yi7K3bCf|mMm-!}9KB=>0rb8JTj
z2Wy|YmcWejY2=7@aSW8UbWLFl+4`kJhfJ%C>!uxYD}`3*m8CY-KhwsK0(XDv$4$Gb
zR+Gy{r%3bF>|>ci$27(o#vDn!C!33Q%=GnEC67(!3-!Cr{e9_htpv-7CM%pLk@Q%{
z$ju7NVQrBSe<B-~8ldSS=SzEP52!Y3v;{D!KyK80+ER6vPUDiwO^g=)6}P1?N~Z|R
zxhAQ^819ntY2pK`nY7G;32x8LH<|vZG+Q>u&8bIw*<{iY_faOZ^@HwJ`Dvx!Iih5a
zS?QRegJ}9Rr)Csk4RdKDVJ{V+MN%u}6x1|@Y4qoieKBnh<%IWI`iWEvm1g2ra1NJY
zrzJ8S>2$UwPAI*{fc7QR!oSkZIcVy-9qTi@_A8t4HghVve(;yY-_tZH_4U`3*UqN#
z&RYw|^b6r6xluJZ7<2?H3YOS*x~^LPU>>zxSK6Yl73pdq*KC^CvM;BdmKU6M{65gU
z$GXlI+ec3MdrjYdLc|6y;1%g6K2gvLJAH{^+;+6dfV2V%<|LJz+&SkEcN37bx4R-}
zXw~PAipknLXUH`=l@=qhPI(Rm2*w3`cJp9?fV`2tL9zvS`9J2+?Ld0@W(sR5upZ@)
zR_G#TYv;H;r1lD9DZT!w?G?(BkzS?jf@6hB*mKp**zQW{<?blDo!|%C^MvLC53d!`
zO`jkSuT{}aqXgS`m)T7XwBo8AOTGfvO{OAO?^8yo%t_w+8{hXb<N}MlB9V&<76Gyy
zh4qumBEa6|w}kP1o>~i^yv7tbe#*_U`&5}>u8gWXz<l{<fo;13xt&m~C!v$ZB%_md
zhgKyzcVfGp;M#MwiGN2iA1WgEbNbtF2fCIwS3<w?r@QWVG29HgGaL-+DqN{>hdn4i
zRJebN5yeCeg2ZnS6y6#B&Wo>mV?`|pm|Lk7P|bT~C)y>o@E>G8qpJD_lN&%0e;vK#
zwn~`fzG5<b3@-iR2fULJ9(R$*JmHr0Xo1&0x<q^-q^H<?#c5A4<HqvcK61F?ZeP_X
zn)Eu+IlEPN+1a47>SD0!a|2|xBz?Iv`YOYf$#IqRf}=i<*$lC+Y^z+lAHcfd*#`?y
zqyr4ryz$@KtFm>B3oTF0)YA0;sj*0;>_ikw4@s_8_=u56q;Ey_!t$Q|Tb1}H<C~W_
zSH8FSMucvvZ#sBS{?($(0c(><HF{5RlNt4E7D`IxYbwLY&`Hz7y6fG>Jw(*2>bmfi
z=qvWs$hzh0P7~&O=BwaUNzATu@Xfb44>isXU`eK53sTHSxfcRgH_)XE?sue3&$WDm
zv`Nb$j$R8__(C{G_~k5!6Od3L=HgeH+&#Guk+iFVYr<yjhw7HBcze|VG3+_dtaaQB
zP{$YTJ@Q&fJkt2P)_qyk46$$nPbwElqmBcgN!Ou$`cs0zFG!8JY02ZCIuFIwXCx*5
zn*LolBwxFaOTzRqcMJ8JqO)~NRhn21In3MR9<Uu_HI8&tuxzzzmC9kRLQ@gTu7W4o
zNn!3U(pd&iycxyNpVw<Oer0^C*;9l}Jn_>PjYnCli2FCLa&Tz8rjz9)$61CwC}vKM
zeU?NGA&#2NcSR&x#zYbQIQp5HX8bMf@r!q(UzB^D!yDvxOK^**xsyWLk3IVgN+!$C
zz~x#Uhyp4xKgAM}X}-kMJyD;lGvIAJ#p8}+Wn(3?bG*e*&W*+Wf>++8A{SawWn3gi
z9wvg6lsq0X!G8Aw=+N0B?j7Gf5Tihc*j9nJL?*7quRJ!fr92mi(-&;@jp~is8DRCz
zI5@jj4z*nP9-v9co3BOz7m%|D=CV_%i7=mP&wNQn?_@`Ai!v9WRw7aMPI0TJ(a99O
z>VwXKV9)mRqitc_IrhFoEZr}>&Cf)*3`sdJunY!UfI3Vq)8ip-d|mI?q=#Q=#<5zf
zs(R_Jw!3W16B`$@Ch1=J?D}8dF-PWQZ?Pw>Waru^I<F1Gzr8I^mR-pqrAC&FT=L5j
zuOF;I!{hFY;Co?jVaUZ!WA|r%Gv+@lkxIDXEzOzJ8l+XM)%4g&P5v}iJ0A5pH5VDp
z)ANSI{1;XuBthm0g3fc;i;<ojWE?00|K_)}7f8a{XS57#>fo&?G<$LMFjonyGLcsc
zFVS66v>S)k=dIS7wKVgq)6yH4)-bH6SO^Ez{n+T?N+J3i;ogBc`)leobAyA@=$nl&
zM~Yr-d3<k^A5a{9^X()2v(mF%yl;FAl~*7eb9q+EO(PCJtqq&SS(Z$KHdpYt`&?wE
zw_M<JOswlKdBhl(T|n-2TC{l)WNDpu8iv!R8J?EmOOD>2QezpIyg}w={GZKCL#i8x
z`Aa$j88)V#uYZgA$Axr4%2lo;U*>tpV|em44T&QiJvghDKK0Vxg*wwh*63y3@$%z}
zInHsw^o@blD)^cF!(FrR3xRS~wO6}Iw{h*N<<b=kzFF%7FVlD;`N-I|KJ#+mvdTM4
zyHS==nfd}-$yV7BUUB-6xs;ArN*rv-F{#9ivqPV<@WLwilB;8M+I4Q3hhwT;?4(ER
zRBHikOH9_q>N$m}R8v-MYdIXIg0awW!6`*$L8N`v<8bIbW~%0)q;YD%X%FgQS^a`b
z8{*#VdbLQFSyf$DGxf}IQW<o7bW`7k|6`DGWfl6FBooA1vrnbbyTNG<z1TQj`mgn3
zwOGrn%dCpIWiZO>#C4PUDv?Wowy`8Xj7Rg9NZ*FBCX$ylNcxsutiYRPI&zyRAFSO5
zLw+dJ2GNF}^{7jfb=^^8>Dt1q!5ZEe++zx7+=o6{uHIjD)6CGRu$YG7*|954==_WJ
z(ldOIUXBgT`5If9cx_Xzj^Rx|j9!pxT|Lc)t!C{yM9+U$_mn@0UA3_ml-v&;s-sE7
zLB{n`MzoS@DbC>dLB&b>;P`3!XaUC2V1aSQnj-VbQO5Sp&S1YD#C^r-swNz?QjEdz
zlbpdr+ad25k`yG!@A9$w?-~Z}$?$^^`Vq$QljK5-)z@FT*GQy2GaTPXp0ggKZrTuP
zuS2(EPuz2NZc1Nxay)6@w;w%4si$@^s6MI0$Q}3kZb6swnIfX8x2V126LL5Hta50E
zBx|oPI&>VluzhcRgJI7~5cHyQ44sQ%)D@Ug8}@aVET#;jR2<2NK`4iKroA>7ysU3a
znn`-u7EoiW2@7vH>!FsYK&LGnG>2Ir=QZUtqgoU8Dm+<(S;wy9G%;8&SwA;l<PBw4
zD^k<)=c4}66a(In)N8T!#oBRcqb{wkuWqaEux@2;sb;cD4((qJWFZNcg@A1z=_=0o
z?E&m~i-TB^@Dt#8@{xR)9gxytq(W6P70RsI3B=s59-&}y(El>}7sjbq!L*2^41C2m
zjhe(oT!yuWA#B6gilPum>I=A|kN@#uz>f{dy>E*k`3F8N7Ii5qVMm-mjo#lD&vlKL
z2lmisE~zDH5Z3F;hwD5lO5NUTRmPh%h~1)PA)YGg{?PFiUjt6CG`m7LOkz2Ra2KZJ
zrd4$-x5r(aNfQAboLk8#ho)$Xy9BhPE{X%ls3_|ehx?Ltnl5K5>2cASF(uGZ`b8dK
z_7nO1=eYS*Z0+;^!;ivRROV;3Q<%0%+zf$O;2W!TEc=jUHe`2@t3G#(jb}6AJ)WY(
zo#|TW>4gG~y+LLIblP5@eBxo$(=n4Zr|cNdNE#c08lov$U~5dGLT8c@u0yfsM_3|X
z#-VLOkxRKBy_-E?qbt0RYPa>>UJAkMICttHQ~AQq!Neod8flU<df()rQXPC&lNkQB
z>9`?-%$UApQb7rhYPZ3C^2FG+Y6Fhe!i~$vhBxuJWG-=*Q6>Ju06I+cA|WYT`;o>D
zppE@`{a-)chB0vYUCFS;0MBQ)*gJuORbDjn2b6dWtC>u}l!O7J;Od0B5LiMyi49g`
z?_PxR2()k<O;1G$BC#70&^qoh4D&kMb&711$-L)S@1!cwFUI3AI8s=KFZFKXCfCc4
zL5OCH%zl{+qJmz=V=ilq5z)R<a);S+w`IY|C}iG*4RGJps|_cTQEdHw`;eyjvu=<A
z=1D)<_DjS=Lt|`PIfqdjSDRMlXE7i5KeVbFLXT{XgdY78NV}!oz@Dl?waug3{74(6
zUxCdoRx{g?FA2!oh8qxNNB<P@Z6_MlWc7M^cCiok*$}<8tLrsHy~@QKZkVD2?>zgi
znXFl_+%v<G?3Q92!nf*?Ju|!DHH$f(?_*xVZB@h{kKstWi2(^KaUrLV>|(9su?XMA
z5$(mE*$u6kpCLZF8)RPVWsd3-u6;~!8>H7ZyhNWt@Bdst-^80Xca<O=IVi%?7sqg+
z6)LKFxB+>FT!CcPbMFKcVz$I>;Wb})6aO1?AG};E?HUp4o7n&pae_7Mq#cE{npKtI
z%?~|Ne24D?wkJScykd_(q9kQLS7Y={+xRFThTkBJ&}4#b2~*AYDd4*%4n30J$iEj*
z>Cb+aAEI%*hf}8(#U9WfQ^6~RC#`YH%)H%jNY*DozIZ|RhU%8K?H&wLBoJ&CET42a
zMT=>@RV=>Y&u2T!BGFx6zat*rZApj?Hz)_CMRL7b+vm@dY=Q(U_J}efNg(R~RYwmd
zdUL$uJhUEJ72MMwR3+|))0HS!0Og@X26G__)PR8&(-^bBjidMyS14^IhzWOm#xH-`
zL!=r)ztBWzDMEtqT$O$fH(ljovCWO!+^?V7bu)<d__);8izIHjRoo?2oJXp!=1Sn$
zvMEsZsHhqh@l#g7Vvm4uLn+=B>Uor+dBH`vipcAX%L$Gw_Sq3w&C^PSN*=RIapYr<
zdrv;DOIK62nMfZG`!z2xZg_U6A3T3WJ79rh1P14sN{Rbw5<q)8ob+jDp%~jmsAV2&
zz#PM4FykrZAKw&<aB!{lQDVF7{w{Z`yq6-DV@<1oR-r__2KyOF7Go!*QnaF8so_9$
z{;Sv#?xJ_a{S2V@GS-(BCOjVD7I3!8wd;_Fg;sDEwhtA;+M7*6V7`|q2Iwy=;$4JT
z$FpHT#HfII)+=kB+@~;kDeFy#K@P!!c-1`xCK^veFp!CxPBNSg5$~`Y%sj8yfWb>#
z6~q2#+8}x4TM2hR5~MbG9J;v_3-RGsWeH8DUiO2fSSDBAd@yx!uBGY21lw@jqjgIK
z&PKKQP`+Tb9P9;z^L8Z9aJ2?(@`k8k7x$m+DzudG>dhpmnLTWaTdte)J%f%U-7~&B
z2OSaZE;i9Eqn8-h^YwTsG+%wfVWq-{WH=#iBd3+7-e0>(DR*i&@$C^$WNaR!Kfb(3
zVTkSmIdG=8gp+!@53u8seUj67-N%(fP)Ad@iUAP3wr!gUGBP3j+*kvH`Cbw5hwYpz
z=_L%6x0Sb)qPR=KDS$ofz@|?V5Ptg703}`0JTQ1x5c<j(_1u1Oj{TL_riYNX>ahpK
z)qYy|XbuzfrIYRlR*K(!al8$KRzfWFfIvUJQHguJgBtZYqvk{wmB5Wx2EY)S{FN!E
z$D{GI_?__Qv6rE_&3@fsczGt=y(lOI6V&!bAnMY{>%;X$ay_*vTK1Cw9cz6#ZTH;5
z5@&&g1&ODmy_0!SWbm#u+kdJYA)*Z5fnv1?rdKzT=#63A1mVjQxp_bsLl2S}<xZSE
zL+7cw5>y5>%mvqBP7rKz>7CGMpjODDryYJ+>YgL`s7@7oZ2MFQO(#ScWSU3o&*^u%
znPhZbVZu8c0&O)sWHLI#8N^d0K*#hdjUd4V&Vj49pftl(_RH^yqS%M6xQ$@aV>RnA
zPRP+>2?Ox#>2zh{?12p@h-*JmdYh?K;Z<x~HvVWlK~Mhs3R>#EX*!rN%C-IbuK;7!
z0LQ1u3jXWg*vg(7sfS-~$^?yGDMUjs)1Ih8?4weK0?wHGd?&49y1YxW;p{y3kw+_@
zmIzD7eKG&gqn>&_BDX_>0yXw}N0N!vQnzg`C>9Zfwy-KZ@E88OAn;O**$*IHD*Y8O
zLS^>+G$HN+jYUu3Y17V%53cyqH{XZg;mbeXc^iVW^;|R8c<5gH=eUV6>M`ok(rMp4
zFY*NE?r$&d1n+I<?O?Ct&##A<c&uCOt{*;1OV4<#(adeYsx!=8i)2>xJQCl(>B7fw
zghsMAeA3;Z7Wb@pi4}oT<G|@k+(rr}hopYuTR~FiEJg~he|}Gt83bcRgkVMd#(`K7
zp;!`rSQ0^45+PU;{#X=%>`G9Fa@BEyU101=n1^z{(9Rz&WgD)1Ti@j+z_*2DhoU<n
zmI1!NPjA}FxuVP!Jh8(SmH~6VMHP=`S;sr(-O)Z$ODFQ&yVAbV#{$MYx{Z}<!awwj
zCs0hhk^HkOO2a|j5X^6ya)~{a3?%;mC>~gn>GRQ)jxlHQPk8*dLm@l=AiK#QiIxF7
zyP==oLN4wN$c4u8VRwU^-&UW@<o5V=yM7~{EX<0YLmK`=Jiki(rH?xTOWu$b*9&sa
zKPm0~Xx=q7bRs{2zp3oNiVs)k+*#zp+PnfEK;)+$<#Z$uNav@X!1nj_>ze71Z`Nd4
zbEftW4jIJ4iqnk9iin!FqTj^MlJhwSb2&xj{AZ5MU4Tepi38abCq?M|Vp&GpaY#kF
z<+;*x5q;&QxTB)6Y{mwK=lrJpS|VuZcpGY6DJ&DP($Ei5#r{p@q}YRVS*U0}&iCK4
z-!I|*%#?%m1%0~h@$+~kTO8p1C1{HSKgsRa>Wnotp37cf6`Mcs6`PcDN8db3ZK_Mo
zGa0yE`(n8j>Oh+mjK^8y)dmPkHpmb5$(ln%6`K^tEy^~?iNLMN)W@z$D##D*;}r(o
zWepW+49UtvTJq}3Qf<GS?O8`uLj#IGFYcTsICVG-$DVS;-<ZI{k+a*n4(XV&J_pab
zm1YN9O3Vm>yfu_yHyEAOHE5j_N$_67@W1L^65n9uc|vJ0ch*7+Y@*2l30wa_wwYUl
z$3ctNIjD=lhyx9gemz(|xXt_&x<8^?ytQ>Xj`VneUT0VTIIn!Br3hfdW(W#CzJ3Xc
z;I7xJv^|uuQDon3hL1!|GOebnV`ut^POvn>KhtkSBhMpjJ><Rl^mTAPx|!{0fYjX4
z{arM!NMg_jUl@vNXrG<Wc4G;pZZGU=xzT}gz7zap>Y2O&w-<<)!%qt`*^8g0=7K*C
zO6~VgqkxVyHi$Mu*)phHrE!Vi-p6Y-0n}=Qt*H-uAl$vA*H>dhIp|AQnWOGJd>I0~
zYikPP$ctfTtv&*uF-XjbDNU?{n3gSdKv<D6wab2iXu`=6wpx}Sdzw|(;??dgf5}B*
z9puKB!9tSShj@*#fsnT(A_fObz*#(RFiV*)lB!o6Pr2vo_<Ij^fv_bW>sa}S<2stX
z81KbUI}+tOIr$i9vH-myy;2u@Gx(6RZcmj6dyiFni|s|rE4RXz`6i%J`drtPIs<dX
z$~>zgvS(=yy=WAkn?j`^7naC|uYH~zQUoH0xG;0kM;mF<ro<AS?NGQ$C3+}YpzK5C
zIx%pc#zh|Q&|ZaTxyX~uQcU>P5H%s(U+?wxjqfZ{I@`9%HDZ^|8q+4+o<?(!vy!q^
z-~P~Ay2&=>#(_SqNRkx}oJo@rj9gc(S!v@M+P+vV{&Nkp;Q0fmCd%F@M64jZSm#--
z&$H;+5+Gel)*Or7RzE%1keDyu0(Oyif<B9xFaIn~CK3Hd6TQ^o+O+;{kx&!kD``pJ
zT?(ID*c=V2u8O&Nqf089o_JBxB3PreSwQ>dnhAi?$a&GZJ-G{uqku*~nCeKzFd?1d
znYgEyHeB(u!~*#f-k0K3sM-!fL#YW59I37hwKpebh=^X2DQsr(4k(j|!Jy|=X%zl`
z$etgF$~;vP9;R2fHI1?eO49(c&X0{}ycU9xfJE!WRG62Sf(SBp$e<o!b-%NftQ&A8
zosU))lF=YUjbsz$-7ne(vRJ^dY$Y27qd_>6>XD#JzxEb~VJ%;Acy&=knXQiVE~=l(
z5j`5|Hr#3X@a&PQA;9}9W;ttw`=F#%rCosy)OtNhqR4?<dNU=Vn1Wn|L89r?AyG#Q
z8Mav9I?lEOk+yb}w(YM+tY{ha`V{G{In}iDy?e#gopNV<%c`nd0;wS9Cgn9UuIGVY
z`O#BnsB8&Dd+1F=En|eUxXvD?8|tkGZ_CuxR{0_08$x&1wwY8C=pm^?!6AYsv9LvA
z!F&)C^%P`_a1Rz~wg6{UT;<V*L$}mez$U4sQS>ZTw1nh*jGd-UioqL%JMiOU{UV;b
zU)TB(y1UGITze6-xo$Vn33zIeaeLPoc&AyMk4#U&%c<adP(73VB>?A2QO^V9Yk7P{
z$$j~Tv;0h6Q$_Qx4DUxkM4dg-GzmlIB#+}bvLCw%`@dm}>rRi^NtL?TGW6*`R>rH{
zGTc6O!rb|}@*S5PT~j!XrfSp&?E`L!T!BigOQ;zz(m^I`7cY*P1y)Z3GUGDL3bbWy
zo^zh^E=M-xTQiHx$vZy%HuW9Q3YsBH4tFoGZA4XlT`HM<(DXo3N$I;5X)Gmyl6wuU
zT2UP>!`miTN{p(*%G)JujLc)xi!YALoF+8M1LtDR^h|n@At-1G5DZY0Fph&d29j&^
zB#C2%z%mny42@d!k)a#{g1syAWLq;QdUiBvzJi&0&)!wjozfzjNjRncAhVTvB;t--
zU4_O7*J;FE95<Fd)nAgYUgv^BB8!(76z5&Q^0pL0UAaMJtk?zHJE3K)hy~lcL1ixt
zLS5=`Pd*q0+g4#7yg>4{FuziPWvsBj*#TuM;PN-lVIDjFWi6lu+n8`q%L0p*0c9;X
z1>2c$Pa1gVT_Ex|)?pque2bRBJy@$ux_`u0VB%>?-%^e@#89=2@0F2<2yn~DP~KK3
zB7{klkRm@Ze>sYBFS>s1KcI_WEqT{JD{?P8A?-iDD)LnKihc&nqu=aTZEA;qzCmww
z_iX=&-m?0^&JgGP`fZ&d&R)Rx1@eVp3lu~37efs`RRNl_h8Akk2(y_f?*Y!MKcNM1
z!Yq{p1AjVz%QxW<dN&V~Ys44$f)*-chs*a-5iT>!iIAJ)4Y=Ui{zb(uM=WhQIC6DJ
zC3np^inDJhM&7<G|4?p71TPS>FABvsmeQwt*(;RX9cunQE&mWNH1ZF)(&rB}#rGD4
ziSSO(Z6TEBDbnKINq)?as@#Zf0LQm$Ud)dIZlSDjPvySkW2syRZ@~Ij=r0Lb|JvcZ
z`W6~WJ>98zRd@iis~#xb(+IU{UEX7~s}_ujpk>ZgzAGkC9ZJoRN7l9Y=3X541*Vf^
zWw@0*yf4oBvHod#t>(#z5j8kxj8b$$C~#*JAPrd2*9aX<dp7^;3@Op|4=3DxRTw+K
zHQGE_2B27luC&C@5U>eWBFQ^l18790{3P!%|F}F__pV+yuZm4ui>2y<7#K}I`Ih%N
zP4NVxiQih0)V1-{>S2_5cw55LEMdBY^Hj&9FJM;k+2<W8(h{w=B7H(C#(KURyxTN+
zy-{|~qdmeVPur<k+k)>D#3Ox9&wi5FqnGFCw3T?1Y@nG6B896Yy~iqCBPK1i#^|FJ
zaez#ba_5AHt}R+pb;ah0Gg3SKScs=*d&t^=a+60<U)&6%Sty;|ZVF1VlDImhv)SVE
z2$vn*C(2_;sD}EU_BGY(VM|r2yv~hQd)4La=8UTJS@>Zz+P!{U{zwCbx=BPct1<DS
zPUr%2@GOK(1^>D(yTwGStDiDea&^FDaMdGHjUc5XC0dzPR!G<ik#x}9UfoHban-s+
zEa*#6W(DKMWDT{J{t@sLH^HO$Sw=8PM~@y#fi++#JybnlO#kZ{$1vYMy_%k-PGxzj
zxxIa}!>SbS=CUfs)H8_agwZj^aOZpScmJc+!#=Qli5c&ZMJPDnch6QnKWz$be3gHt
zY@NjPb86p{L$%g@5XIGSTi!TbS(8Y+VQ2{>JG($9%f)3M)2h^divEzxzF7hDn84-E
z2IZro2Aq){sU+Z9&a!Gbetme~#>5^nalje<p%tHIJlX-Vq&$SlCL`1Mqz!cCpQ5Gh
z5egf3>PXuu9%>OP+jYurM0-V5v_LfROw*y1eYJMerkDeEn+5+A=PQrZMNZ7jNy=1s
zKcnKs7NY)kh7aw?9zE{P1lU2!WOaIMw4~kP%Z)jeynZKuee;eat149FQ=jMAHGBDK
zjtm8IA~7Nh`CftW{{dn^oxg3Z+CE`hoMy8gNNlIH;;6EXNL$jbba1mwI+o6Cll2YK
zWIa;fppLZ^k@_4)(IvgG#odi(nk^j|1;(S_H7lgj3w(ra7YuZ^P<ibTZ@qcQK6OpA
z?N>XPm-K>b!Zkr>n_8Kd?k9}S+3Gwo?uctlT+@m;OHa_#);U|c=&_|Ub4;_r?rb$p
z0Z-Wmc8@q)=}dZ|u87VvkI;qIVbv<=F4be`HE`vTQ>$796UU@8=?(k#MfW2|+qGOe
zmQJ8KTA_#NXuXAAg5_G;NN<8W&ARkVKCPz~fxl-niMJxuM#BKGv^3z4JNACtBwbz~
ztPcW@+^0+EAd^pRTTXA3-6*ppn5!)b{9~q>X?9lf!>;67(vrsud^a;<$>b-muJP;j
zE>DzCccwD8SuLA{o$;6X2y>g?Vyaynf7~?8?DCELoO7IB<4*Z8e)m=ppXgrUue%Sf
zmGSw^@U2JYI5zic&??xv)o%p8IcZ#~CAl4bhM8g3`GfkMtFz7wr@>VyY}5yDmSJbY
zHZ~)i)CbKg=B;`}OtUYFnYHDrC5sKB%N8egh`r*dF<Z4{aY5X?)?b(7>J^j4WJjim
z(8*#g-6jU<QRh>UgXKcnA`XD#q}V0yi?PD0a0tA7$=G!*7y5RBSS1cwqPJ!w%`Fpi
zEX9d=^$pjw*R;S}qGGma6pyeo%jvCQXU)}F#zby97MxmVJTt<K@%aXwL3fv6j-7rU
zceXc~TqN^|dEB&O&37fc5}d`Js5<uQ#+qGvA@^#Bx(QkAGg};JsoL5zXQ$=#uAx4=
zKJ7t<blF9+#cU<Z2q{vcq?6LwGS<LK?4D`Lf&fpQVprJ>_R!wrP&kAxp`LS9Tsddt
zEVfD8B-h4~T(2?DZ08EO5_>Cq!X<E-bO|@WrBSQ&g8LEh>v8ru*TLkNrnn_`+dIo8
zbJ<)i=cy~=Vg<sL!1p;bc#~iiFu`v@?9Uv_LhHRaq0{+P=n?w)d_G@zDhvu!mRU>G
zwIG;zTwpx2Lc8!>knH2wic{-}I@{%VImt6>PP8Pr6vHFI?b>mjns?1(&UiLOx_z_E
z*$I3&U#gI*CA)bHo3!b~Z0U(Kaut!r#D!Zkw`SN4X--;qESZJcs5E?IUTTz@rN`i`
zb?K4IW!@5#ZE;c#*j}=oH_K!#RwP}Q1gYE9D$Ud*5{12R=&_gF(JjFmai&yf8KeAl
zX2h9v^N=qEb~xhLzfs8?FlW4-zs*y34K9}}kIkshtIuP5_>r4EmeKkhevIj6`aB2|
zVVav(T$#>dY?t5V&pgo^sg^=xCa+-&Tvg5_V1c#FBi`h)xDS{y^%&F0*crS*xxuh0
z&O=5pRNu|Iim+LH1z+JRag}51ScUm9Mp?2Qna)(cTF~Asb6FZVSA+BEwL@o*Z4&Eq
z_FL_yRxo3FTtOFSUN>5<A})lDceq?iec{cd`XRGmZFIG{IvknSIWWJ*-pYSBk)fP~
zZH9m1oHD#{&Kr&!c7WFwv8h*goK_~zG6d#}QpN;gYYwx*Y%v0l^L<Sw(9$PhY*+YQ
zZj-poTyGlYb^Ik-&&=_0%rO7bo4{hOj#?u?2Qk`x?LLBNf2REzf}X!}{t8^(^O3^+
zk;46v!u=bea3dYSqke(vONM{3|61lzr3qvrF*Tj|8hF>db%?(LuY2{=;4=ZA4*+)Y
z*1EY3lt_G%s6{l^@jx;XLl^?d0l-7vdhQzs$4q#?{{Yd{80%|5sS1DW-}yhzD8FDK
zF^w_gFIPr?{^Wn&(I+<v+>BdsqNWe;H(V||s5`6L!ME{#Z>%@jTYk;&EjOij$$G9<
zUq9{b^$yhKn<~LIHMrGO0Ir#;J0nZ*{<`BE;7qU4OsQvjlT8Knv4NyOYQP$J8W<1E
z2VMm>0$HG}mYxT;11G_RfImP4ErBF&RIP)n@U7=HeWuE?18;fV8K{9ltwC+3x13nH
z=Ks>=dd`qeY<UNWT~pGPr{zXs?#e6TC9zJN1xJGu!P($KFfX_iB!g=~V{qptVLrpn
zSEC_KO`p$D6|G+|op>j_vFhE``{7n_zdqlIcOZ26${?8rwrn!5y5L49SxA-yPkpZ}
zg=R|a3tzi$(6?$ghtj>}zQe$3C?}L}^wdNGPjC1`MFDGYI=E~|4{mzPEopfF6?bs|
zn)_x}O~hM{_ggP{+v+)Qo<F~)G+_PWviYpK0Jr*QOa-_f)UU@|UKIr+x?WpbldiVe
zo1pgj&0KFD9&e`9HiN6Xyj`^}Q>9f?kCZ*}zrZE`uK&P)>_4ks1mD5n5<ZVVf2X4=
z8i>EyZmO*5^H2Kc@cw$vc#4~A^|-;mQnhpA#FSE(Uv^NvSG{-5Z%XlR+0CX(+-fAj
zD5>M5j+7OQ(n*jE^aslWmBF-NcAzql8w>{ag0+FgKo1}%y}^M%Yj6l&@f2()foFkL
z|4VOdK#RBHi-8pIc|o8!&>t8KOa+ku6Oe#y!Hsxvvpsl3j1ZH=0Wn6*5XYg!>Vj+j
zt5L(FP+V2?ol{ei>BQ&vZ{fwEOTKY+gzEC^@^4uEkKXCHGI({__tf{a?yQ+Gje95j
zTUQ1{I=sePZq<0puSTy%YdP;gbpcuBv(|U{T7CV#dEZ7=)Os8$1@+trq=qWMdw(!C
za2QMm7Lplg4YUUcFn(>phM+6x2}T1<FfTBumI5^aL%<v?43-4kLA`$^*cI%!(H>L+
z8G*6@7OeVv%T{f=6SQ|c&_k@iEO6!L--HUl`~Ps6pb!OYpG6{I%SBqj_Bo^tX$SXK
zpC|h#FtWb}BKs^-1fu&K_%=1N7sJT@dHD3$7f>yF4*4R?D0Kx!*m4+QtuUihgQisT
zMZ~7LqPc=NG;e6$Krqdlno7i}`I6>K$UTigV?Y`;b(%WlzNQ|Sq#MTK2QU^l!>7U8
z;L~93Fay<}z-PibU<Rsxrg^S;j{KSCdz$Yd-I^b3evG^i)w&+2)_ocNuN=LaL(L)b
z70rj550O5o$9)yVTrJWM^Hx29d8@t#^HvR>`}nye<m=~j=Pn@s0%olGmoQ^h6lSdY
z2FzGB0y9>9Q+=)r8HIVPK7e_vegN}Ut--uiKZJR!{u9hwwF&c9{TSx0+J<?neggAW
z9f6pefqbaT)McVEy34vxp;}$GE(eX(eNOi|^tW{Rx_mTVR|Mkn$6ypr1o5{4{cZT<
z*6-*%IuDwxdsp`^dR`aQg;1T2)^TVGRP-)EMelc^qL&I4JrIj^i)b2ra_f_7rY!XL
z)l6AvhMFl0{R1^q7MiJM%0mC}!j~_68NGbrD;K_se(J)&g+E8LFMRF7*U+2`Ll=h7
z&t8aL_y(G*Mr1Tk&8CGGT-d&_jTWjA8GTKS$Y_xok<r)H$cq-Mkr(~E8hOzYHS(fg
zP$MsDhB>vYFsIgCm{Y3(=G3ymoLY96Q_G=G&?lgT`oC$QKK1D+lvFdLqwnh9*Y}_g
z^}YH&G@$>Q{%a_u|GNI`D6Nm`zkxFPZ|a|+oc;s-2dJQ*&`+YGeo8-uD*A8fzlDbN
zv-$-zqJN?POZ1=W|4RQ|^iT93>OVv~^{4t%^iMBVT&zU9F4kPELEpb<zGy*vF5bR)
z2mQ)L$3+MF)r<Ep-bec{;umrBpI;;{66gTT`t|1^3U(rWzl?<id%v>(+W1Wrk{KW#
z=Mhz87AR#AW#Bb~%mJUJ5(VTXP|}fkpp-~lCgMOT7MvGDAcS5$-+N5PAu-+qBHnid
zN;|$)P}=mK`c8gj-uUIyOdaRiV0N-ffY6bG%8&N{`yG8!v{AHIUQ&(}X^RYRJTBZX
zZ7=OFdS3DDy5a4{3am(5fxVvhX0&Yg&7JGm{f4)N!rIr;i#CX{@{+g5inLc&OWWTb
zt9bUBuHZ=pR^3`rpq}}5BRIB49Qd@p0uX0<KvbFndpszsr9r&kXZ3CSYJ8Psf-j}$
zxmt%J!<(l?+Sk$x_baf{_M+$YF0}@Q7Ep)EBJJzFWxMaxmZiTfT*)X;D=&OQFoA2z
zs*8Hwo+E=KM=E3+aqLSaOUN#OQwEAQUe7MttJ?QiinLb~3NznGe<$|pz;%OqclCbd
zC1tyBKfaRjw(xp#_46w=|DC<_fr=}u^Zcv#UR98$5rN4-QP5ZvMNy%Oq6!KEgb*M!
zAp{5#LPNU#S5Z}9gfb!`i<m|x8yU=G*_cI)Y=(_&Hj9x>Gl&=wX^b((3`Ukg#27P?
zi7m#+V9Z2%@BLodZawPip0j72o$${4)bIV?efQlzzkBcR-dEJyQ(Lf7*tNgz(B|Rp
zz-0c6xvt=0Q93P)y(NXAnM(z^fh$EWv#n)&V4CEM<R~x~xDl9dNhfzdb+9@xSmerR
zCV4Oi%Co{Unp-ZB`_xwS9QKg%I77FVvP0^f+UD2IQO#2o<NL1B+#Z_RGn7@<e8+6d
z>!*3nTcu^bTU)8gxRrjH<~jfMeP;_V?zd&e?=_b^EE;RR)_k*YYWG}$;m~kFNs;SN
z)}g$DjYCHZIJ2tY;l6fKHzM&LW-^zW@0+7CyY@af>}g)g8#-K_<u_NG9~LYYET&KG
zG#qm5J59<usxXLn8jqScTNI?G(pzR*EP-57j%6*%mf3)eFf35eax0)}8EZKnC^@<o
z@C2Fy0o3dXvfXXzZ@J!lyCQP`$^B=_7s-`k%XSji3E~kBk*&7HQjlwoqI>y<*$`+e
z7)>9qxV+~{VQ4{TU}Qh3ouaEnSNDgL8gh8`73T`V4><~J4tpxj(i$Qut|rzQlHn?y
z-Cw=GWPeFs-=2YecLJm4ho!USqs`-oruLePTr>`|xuPqx##~at7v9`^BkL|HovV9>
z_MfNe3<Ls;q^^QVYL{CUTGoh#a4oJDKiQiD)zqsEnBUjgGC|VcM~_-G@8eqZfsjCW
zOMc6G%aedDP`9r=P)^EedrNj8YRj@`iA}c>%|J^>Rx#<Bk|m#)e4cbnuS#Aez0?;Z
zU*LGjmn2`}1j&qKh7%=ok~vN)xh}cR$s{)=H@R(+dC5E%Bw3IwaPN>TNtU=^Ayr7_
zo(pdcZ{<S5i4(>>AKo6`&V`0|gm-Z74DSr@<if(c!n?S4g&z+;&V`3}hj()k;XUC!
zTx7%x5gP6<BJ>g2+zS!;5&2vS=`*W1T|{+6HJ2Ar6H&wMj(92JB`!arKBAu66Y+Ay
z%UnT(HNwgjM%W|lTv3EG!pZH8a7Vbg;s|eqmwQqEW%-x668Tr;U*Y!2zbgMKS1Nx^
z{u;Mm{x$j6xH9?I<zFYB*)w16nJ@Rum;1By<s?(YHh=9S?NC13{}1**=<|BDzH^-5
zJLkLTyUg*vGroDkQ@&}UJMSCujgq6|zFXv|!*|QKK#q?2+R4#T-(}x8Ir8`h$&t<1
z<U2`@YJC=RRORdU4g8xPPu^OWJ0dvVdRvmlAsN;i)AMwLRTuT`IimTVF3P*+eUf=G
zo6p}Y3iie25BuWsR(*zwuB>!lfv==&xM;1QPH*(cbc5at`u5#s@0$K>HlN~3UiYbd
z+MP`#<Z4lHLDOE&EBb7n5mFaV{gHmPKa$jm$M?`5<PY^5{c?Y$Z_+pFa`=zsxM&)T
zt2t%*_JTTH)b45TTIR*Fahie@moH9Vls~Lntmw+_svj>K&i5AH&+OS9;=jMs=6~dW
z+!*YeY~1d0c&0tojmm~z=Tm=gW4hj$c{Dw5$I-$XeS2fEmfIboKa%|@e^VE=72hE7
zZqDWRmJNF^WZ!&wzVUd<r5Cqn%QMFtPh{!!!};wy+IKe5ve;|eTV61d{iw0S7ngOx
zQ{c^R2=zT}ywq^9vA-eGH`u6X)a>18)cfKZ!*-7DH8*CbOzdzpUh>5yuNKz$ax1!g
zQP{53hh`qFzpvAJ2fP<jI=q*5wD0ZAxv+E8yS%s4yY5}j*zOCVW&WaA$ZJO{?$A6}
zbm<*gv)PX_ALV5yujwy(C%m&h&Jynnw@ek?^2K?_yjQ)e-n%<xT5hMze2>&kySLvv
zq|^G$Iq8`xS*vB^-UaWIqN~L-zH(humL^M+b0TlGkk52vKGJDTGEz%*zG~Fepg+Z*
z*U;-(@pt)7`n~?6zHVQ@f6kxfKkb+M9{7j-<NhiCjQ<+BhSVgfOSx~uSM9y!lkFMs
zUUz6bD?X1)?L6sgbDs3`{vzMBZ%#Kz>U2=2^}oJ9q%q%rdvBe8)4$}u(<nAp<@mLu
zIsIiRdks5Ey%!3{Q?m0ncWyNL8=H$x&>AXQD_YCH-Po$XS*$Le$zRG}@~#!$PsuJc
z>Y}o5Hd;Kgy`6d4zPOzJoc>Hwm-@)YzQ(egvBug)SLRZlNJ{r%;{d6tA)lx50<pwS
ze<`uO8h@{I(Raf)PxeKR&6VOU^PlzK^vAn3u1I=BdYw~Vy(`k+?i=wR@jLvN8*c81
z_g^IC)ag6#@1gnkjCjryn_ls?`Gb7-^hJ1!Pwq3{?V0cP%y;|q^xa5%>3eJJd$;Eg
z`ys9Y*AOSTF1Rka#>mmIT~0XVnjyMjo6L2Q9F4kekfUzbN%G0NhFsUl(REjc>lQgW
z=NcwQ?XIJ)9*#e<<f<b_O)i`3%&+^2xBf5UuJplMzi||QlkWUK>f7~Gt|_BS-)?R*
z#U)JaczmGMB+HyK7VGK~mW}JCksURz+r>pm)v5<MVp^B#fk~xrPfKx486ME9=oLF2
zr#((sR`%}bH4eSxPgpjDyKX0}?VMLlyOxrwjoX!#`YCs?Tj5T3=euj&&F)rrUxl}#
z%RT14>RxuQl5R*vcC#n9vdq2a4)c_Isy%fc54mPLxu%$0(_i6rUm~HeyJtzr@U4)m
z?qZL@(`nGEvt8$ukCb;zXA<wHc9=#I<8`?SVfyyO_{1gGaKiGgEK{f9RNBq7%j$gl
zc+Oh(S=Z&9TAC)$8PA}*mfWk)!;yQ8c}8f84w8<Mq)X-YSC)BH2ct-OCOy;oc6Gk8
zM*T!bMnBhM<3M6)Qh{lDcUw_^!m_E_xbB)tOi?{Zxj;%OJYhNEQo<$ms`-lPRC>@$
ztK?X3s7?=Z-KHg+#2N1<Oqi<GN_ChzTQx~iq9<ut@!TV6dEj<6@C`u?@gyaETj@xz
zENf`5D)m%XTyu|AwO6$_^fsLKv>oIc&NiI$<Te~}XM1vKnKl?3@){iO)rMmpuA$4^
zrdrh1xi02T(;9N!c8$BnO(UvsWo6pTfmZXJc`jl3Kx=Ak;$x4@Q&3!lQeAhi?Rac%
z(@*J%U8p9FF6A9_o4GCLIw@J%j$Tr#7j2&6uCyiHsp6ttM@=g8TyC3k%GGPAHgRc>
zh!rindebhyxN15@Z6zVNurl$OA>0t2qj23esdinawq{hCMqUh4J=k&9*!-d^(~)>A
zcX4MMy<@^e!UQQLa-U4zxUSAOsf=s6lP0Ze#y;-Wxb>bkcQ&k|jFg#$ev=9ob=-Y{
z)}Q+>>?z8lC6>`d>yPAV%v0jAkvev{U7mou%Dv!z;_e_NTjd^dD~Wd96GzTcdq{U*
zCE-sHEwMv)EwRx{#4hV9uU5`_x;-aJedM}txo;7BHM{%V6XYs-_krTBTvATDI@3nN
zt+c7)F4KnUfl+Bxx=v^2xvuHz)L}bn5@ubea~F$?)OSs?!g19D^PH(OZH8{9r^f9h
zHR;G#HmU7ql7kzbQO~?*(Q_rW!*j}W-ZPgNS~yPHqt>{#tJg^GXoyP)Q)>(cx41t%
zwS(E7>OsOS*L}4jVIg6{*lKJgDVk24qV~DFEpsX@CE=ENj#%6ilU8{-t;^`L_qaBd
zGse}l(`gq~A!$>lrUu^AMsl~}8T33Pb{N_aNi0$B?rSI_mQ_makhIJ?cSplfQr1fM
zY(r&3Wrdf7Q#VAC5*Z^lyPedDi{xO%v(nH*T25QTuxG>bv>~M-tD&aB>&|WnN*p%2
zjO)fReY@eFaUh{AVb-WD?kXHtXBT%ROcZzNa<kTQWh!Dbrfzk1+7Z_y*ZrKe#2~WW
zcil918vBfEuG_hb#%z^g=e)VCxF|;?{gc9^(nXo)TxSoJnn=9*C1njQv!Z_2Y2%vm
zwrRw)LC@{1%hBYnB-SKcH8r^|8;cWrQ(F_KOg6&<!-K>W*Tp<b>T%^|U7hMi;;?dR
z$EK-dN2T(%>-EHIsU2#)p<ESiY*n3iog-~}*%VM7A$A@}dz?7sx|0~Hd}Qz0buR6;
zG2ir5{lt9URGm1S`ouK7<8)Fr;aOvqAu4+&?M`C5aw?N2B_5Y~Ewf$SuQwVDYS9oy
zTY$MOv-HhA*tkynU(-F+gS0N%ny8hL{&&haklMQAaqi@fvq{zVv!-hIDt<Zco8q^g
z{U^k;|AhEg|DO=Q@q3I>O6-5okFwmgta5@pPB%_IdD9KuD96jg4&3Dg%Qe$e%M#H|
z7%ZG%8Z)h>Yf1PqV*xoDHr=rhKgu*{j^l*rJEnQdILF5*H5=sIiL?#N=-XP=TmSnI
z5)}THhxeD=!qbYiSeyEx;zF`4q0{u(a#jA+vRo>Ydn~J#_1N>)5NniG6@C1WMSD7W
z`=R24?MXoyS1f&&e#?MXZMkHbwJazX<Q`R#+(SZhR_!5+)vWK(s;wdQWAcDD-l$TW
zjRkg1%#qX;>!7JipKot9#Vh*KH1-MOoGwe#pB%1fc7$lB98t07ZLizZwnxd6MwLBS
z+haYGHk-PlxMVDeUNe^LFH-cG)w_aCl?HizpSIGzZa)!o%z7hrGCE8iNNy@yNNtmM
z8?U4(omuKZxlFA!RchtBi%v&EokFiRCk5rL)OA%X$K2NjIYaly@7iuCb;{Kqr_msn
z%ThNqVOqJf#@Vhm8$z8$hSCI?ygGJ6r;fEnPiWFBAMUwf3(_pa#LG)`DK9-u8c)9}
zAF)O1ye4mkM-iqvopd>|-=@~D+W6XFwJf9B7H>;Y+tRmdsvOnH)3G;fS&lkoaLh5y
z@tloPbJDfkW41g+pDEJO6g}YRjMi)09o@Df$4OhIu7~DnPeJmaX(@HuctzpT8P$VH
zk7$k#r)cFSk}Gw&+N@Ytw^c0HPb4joR1U`46axxP<wM)C*c)|SWzE@rFFmyd$ww+>
zI<I;(!;`vV3QD>h+hkd{UDIz*ziOI_S<=oND6rj(8BeQ9a%hjm#M^FX1X34m<K^m|
zXXPW>topI&V0n}BlH!Tl>=;q#jk!7Z(l1mErFJX&)9$8;3G<p-$BH2|`F!$-vD@)9
zdA@$a$){CmyKFa&XOx$0_et&x5;mMchAhXtzRIy-G^neS3$*d6ld*HrVY;(%p=Ars
zi<$vlN^C*Wlv-=NLh@ImyC@H+&CVrlP{p$1xZ#@fbyJTqVCq%WDuxc6)YqmBBu{H@
zDfBv{Gb`q3MtRIx=l!HRTDhj#SfCkGTu_ABN*$*hHbt1jv+I^)FnYpqMm}w;u^DYg
zOxGNN`daItd@edTy10Hwd(3W$J)fSg=!-d`SWODuHDq7Tu1Yp5s}y1C5bHx#r1gxk
zVCUJ`LG5LeQT<S>&NyR8NtVT)m*23Akv222>$?1Dsm!t#bCa|InYPp#qIr^3Lt26%
z@4RAywwT0pog=X|y*d53+#~nI+_bEd>z<@HTZSyxYyH-6MZfWe!WBDbxlpmDekk`O
zZE9y?9vKZ4YsoUpU29ybAt}gmwPLwqnY2iivP!v-tTh?sPvrr5Ao?zCWd^Uc#99(_
z)H-MCie59d8;te~*128R?RPZ;jyOe!;h0^a>97{)^OHG4sa<35vlcj1wN=R@F;jL?
ze$swCS{XZHzp9P52RqEF*OkH6^LCe|FZzNbN?)9D&(LFixNF_IVI}u8s<b`Y9$l7h
zxPDA?LZ46CXTIiyE-Th%Fecqj502^5mPVh@W*JJg7v&z~NK$BYm@__k#7TOEG^Kjb
zIBz_ol^Y*uXPn2<7S!d6>&`BDx8g$dvNlK|Cber?ospKISeq%x*k)PRW;rXJk?F^s
zDVAH#BbotcsqTojGAEEaDGy}aQ=5~^mBC3tX?N@W&OE2rXpXt>>`9$B^zJ@=z^2e^
z7PMzmN1R8KpQf&8E2B@SM-sF#OS-Jus`}$bl_uX%Y3;V2wCAUeq>k9DG^_RwbBdzR
zKAS#at+U$ftH~kS6oo78s-Z?b8heHAHhF!&qfNe1Un}3x<;6VK%1IrZpu1w-)+4_`
zjz^un&eO^T{hBSbbkR|l%$Xw7`}OO#$kbD|o|vW7IQ^{6o5b7NZ9TTLw$mBm%JsUg
zgnNhbZI=@-k(NAYo65PTxNBKI7^Ez-T_o+YS36}JPK~RcvYj(rR*dP6kiN%ZJ8GNB
z7_}|g?%2BIO=YcRF7>3TOMas&UpYo<bWAtn+|-_Rj5@9ybfn$2A5YlGP^FD!EIJnJ
zI~@1O_P`j>W@#f0kw$~#ykk;v+%cyc&Um2i)-T)C$@dIL)YZ<%F46H&cQiS~7O78<
zH8`dnH#C<j;|!ISC;HZyF6E_|c;`7&iu1C;XbX)wcVIeUBYV4kAvMH#dzU}vKB<j6
zyO!1W3@N5-=|j$&I%C?JI^evP{FL;(GyCIXmJ}lCch5S9<x#4lq$1~|y2$!g=hPvM
z{FLq}v72#iY5j4<RdsIkaZR>Duh1)l?S4C9^nksLj1i~OW|fz$SFDq<A;!tnm7QlD
z<p)k$A1D^IS@v6L!TN=mVU6EDX7yM-_UqOrYrwu{mZweR#l=iH4EF7bm+Cw6^KFmy
zcjZmml;n|&ChLg3IbF2QTNiaR^&J_DX}2;KW4o;@)_c0!)@pT$W-Q65y_p`I9-KVy
z$W4uk>54h6P0?PfzmQyFuXU6po70uH$mGf75l4Z2z}{~kQu?)}iateO^jgN5jFRZ(
z<Wc*Roq5)2)uWwv<Rh`+d9vgX<t6=HQ+&ck>YOUi!A0LSsuIeL=amZkSi(K!B~8Ds
zEB3rS+g@y%l5=G2yQDQHtE{=vv(|EZy0OGM8goSNO7+;4_62L3L*@u~Xk%5Rb}RMA
zlUM9vntXkkZPVJBbknX>t|x3HY|vE}$;z|;ad`GW4$uC_;a|=FIQ+)?>~nK}cwVu6
z#gxto+ZRJq$S1%3R;Y^bdeUv8n@w&?njuG1N%Q1rJT#bm^4mviL&(v{^H0eqzkTTN
zV{$a`{MzBy$<gVgZgSN7{2lW7X3z2KS%qYtpT{%*Y;HeEm;QgV_y5+h|Btxl&2Yaf
ztYvF|Q*QnpVVbw@+q|_8kiB;6lb#=X+qpkw|6|hqyTY}Sy@T5yY{M23Turt%^4Up_
zs>$9N+>PyI@F}vLA)jr*gJiP>hvO{W2FZRtxDGLlkk8TJD`X1~o+NuUISwb=G)O<0
zbP60Hn+@^Lkyz%)b_Ma)k&RqQ>Q?(_^i6==h+HlO-v`h|6h~BXdVC)s2j2(C#rFYr
z;rjr2_&&gHd><em-v`)(?*kOz`v8UbK0pz^53m>C2Pnq(0ba!S0ZQ<FfPMHrK<U5v
z{7d*=QACR#Cu2Id?Z|KK$H?AJ_O7ktp10|LJ8ak6&i}rhp6@05>ECny?AA`@b8m~U
zXX~DS>i&n)^7cIbG2z}!)9=dD?+f4cwtM`k>1uzQJWTeBzdrU$XXz#@mvu_7O0UYo
zWg+CKTUISQNwzwoIVtlHO|`5Inp3hfvO$>**L0HOa@l#=h|ET`^onZPDA}%n^pi=G
z;3-)MwrOm0vS|``0lPb5YmznL^9=4ow;ONc90^?~o8Q_Nx3-n7ji#A~x+i-;KS^86
z`~T#9tvL}nq@~igw&vljt-JBo)_lCRbr0U!T7b8<7UHd~MR;rLUc9xn7;kNT5pQiR
z!CPDR;jOKucx&r^ytTCqZ*4t*x3-q!t*sS!YilLm+IkRgZLPsuTOD|7s}pZ+b>Xe8
zZoIYCgSWOe;H|CRXXXC?sN5wIt>gr}yz5*lDg8TJ`{TD{A&%`-htD^4s<*=M%HO=^
zckO%_*~_-}u-_m4&HM2p+a;TC$<T-WW*B;&$f*(qHjPBXH<2v>w(*^OH{UH$@F)3G
z{23xQk@MY5N3??o7a+$c$>({pkC5#=wg5RFAo?>j46)F6Zv8sr%CCQ&Q4q()DQ+8n
zoiP-@&KQGVXM6#_&KQqhXH3AaGbZA98I$q5j9UCIV+wwkQHS4U)c;?Oo%rvY^cR!p
zAC;>pB^Gc3`baPi)KI>$0lp4RF66u5BC(k`#B-d*CaDH*fE@_)ZSW@eJ?QhnQScNc
zUk)0;BIt*~J75p=3drl=3^c8f2fzU61s{M5;3h&kz#uRi#5{&y0=vL|@FaMTQqY1&
zz^62)D5c|Dr4)=DO`;6*z<7`c$H8V0@oa7f5!<iUAcsJH%t?e@`2MFE%-A9+c_9Y!
zW$**|K8g}V82-P4Bj82wbMz{{mm|F<{|#t9g==M7q-WQme*(S%eii%)cm*M|Ab$dU
z5t>BE{~i1!_@BV5IGYXPtnk<1UxE&V`8v2497Xz1K`up@&*A^uE@3v;3L<_9@+(0Y
z(koHE7i_>)xVzAc*ggoppUzFCe*^h-@Bw13LP!Pp9&jg^4i<rOa1WRVc7d>J;Ur@F
zEO-WS{zvGMTH)iM2mCz3oJQ^jL8OO&6|4slC(lae--90m8yKl=^SC4b5#;w*+z{a=
z_!#^rYUh$4P?>)Yd^hwzMcPo>B1_NrAYVhOJ`GJSVn+E08qf}YP(r+Jp%@`w0YjmO
zy@@^aEI)>8kzf9QfL}(Kc7)%CkW<hcfP5aZ79nRLe-vb8avMYn`Rg2+#S33Sek;MF
z;68-!LzrpsHN^a3=sQ8AR<Ixq5s=>vMuUir{~_dL@EFKy(2c8DJPBY3!s9GI0S(e1
z!qNoPsqpt8Qplf!oP*RBK+XqQyF<MTJot0)FjxY94SXlk5Qf;G;V*!&Y60;}{|>Sg
zya^5B6cMM$%Fv3luQ5t$2s?20C1?h4)n9?I4bchx40s)Sw0&tXvj-5?F8$b69Z|00
z+7#%65C;9fupNZu3qG(JVUQOoTC4ax<Vc)Fufii=(kN)E!B*}d_zGbom8Bvy9`OB?
zVjSdcl>8k=iIngM^eTQ4XTJb`1^g<mYJq%&a@#1Q<Piz~3&ijgcYGf5eeeeOb?_c|
z6Wj!U$z*z8((h6EGUERUi15N1_!wscl(Gy;i5+x+PLSpL7UXiU5}I#=uYoM5-vU1e
zE`a|4eivavQDPCu?^VdSN|*#c2!0rBLwZ<A{x#^@l4&`d!nJO27xV`3J>biTA7w=>
zgz_bjm3%FD7_@>1k-{^K{5y!o2E7gU`YhxN;Av0~p2OXLjH~9r{|5ak$_Mqxvl9C!
zunytpq5lr}LxewsoFXs65a>txuOQ41py>mVQ<2%&ZD?QvvQC6V`S7d^QNm;-J%};%
zAjVUw=O8a~-{t5CMbm?nllDvX--N7#Jc#iB0{%?$IYQ(@SORf((G2q7-$VaXkfr%9
zV*45R5E|rH`YRCjDP?s!ix^OAQdkuKeemZv3u_d6K-i~<@{txmc60S4OcUfVup3vg
z@?@#{6!<sbd0dM&C8GAF?a+S!WL6E0^fQn@0T!Y+m;*n_5#LYz5bNjP7$lk>LGO~J
z&|Z#GNZ!0n<Rj46AtXjI9(@{bqhZ7^&@fVrI8yZa(hsxo3ug~(P7~P&IfMGcf{6a7
zi@Qb`PRV!T?DN!@<5>#P&-1LG|K#Qh?LBbTj<nT)EG5UNEZqSbz%-oo<7^}3M#$wL
zMohkz5oh;-{|*}T;rwx?0eh)eOh{$)xBNj$nV05TWTWjea(x7MuLIwM@E_#P5Vql}
zY)0rY0!k~mC$#jSPnVcc&P2n%j8alkN|}FH1ARSM#vMhwz_?7)AbjMF7l|I@9iIuh
zahE+TFPw{x6m(`GxHr$zaTY{v3QthWzodQ+|9)ImhZ>Kg9<_+t6w5$XVi>{24^nFp
zP9uCeyBFeVfs9&^>5;a}n=!PGaIcS}#C`#yX2sp~F2wJp-m)B2gWmvAo}z<U9bz`q
zd4X_*k~h=&5#PaT4QD?J2B7&auDV4-ij!bGEl)9tl7E@y6nrnc3VJ7<4GEt_Ucyn!
z4JeIbg!v_Mv_@wl{Nc@RYGViq?@{n<k}*!OfGuDJ^bMO|MBb-S{$y^#|1HZq&RS@_
z@E@W!CNx2Y=ggPlj)mY}I(HN2aTW7qx{)e9&N>)Tsz{HN*_e}hlHvuFVIR_Y3fKOG
z#Q?&3#dugFJTWQ!Y60y<V6%p;HVA$nybHbq;dda0Z-Ff4VGwx~n1{@4<`4+qM);q&
z_Fd30Kj)vJp9bMY3v9mgMVy5{CVmHWLH~Y`$wMI8yMR_Kj3XrTGcltPZ?d`oF+UQ}
zrwJ?IS%iUCCZcZ?eg+x7F8^c5@Yn?}<S-C@l$a0w0^~Iib3GCBI00oVd<mNSAm&yA
z^OKq1dkch@E?_PxGV4XJA|j;t58!_WIfP_$E|xa*1|svuHzC9S6eZBWs}wNz6fr9i
zFy9nx;Af!!HVB_wM0oL=I15iw5THo|*-QblU;;VxFfTxcr^>@`=l=yn3G<i}k@1=m
zrNqMqc+{!D(wPeW1-Kt)`@t{5l2OY%{A7X6G%*9>Ssh^x#iPaXdhliNS4cDZ1QGKH
z5wj|h)nhZ_sR5by&V1$;ob7?k#zfQwKMBH?c+3cRlpfFe@SpRMgd33CF^~HI=my^d
zo&Y}s;_f2SEUIxY1BjkhWc9+V8ojz;M>)X4MP|eB=lO>q=A=B@ju^QW8>tr__Q|uE
zI4f<8-6CrXXum=dh;dDb1=+k0eU!+01GH8_huHoRd<qRLM_^+syDzL%z${f@GjX=^
zfH|Om_AX#mM1b}3Ec}NtlftTnfcg?xj}g3OW0a^_5i=m-Pf{6okw(L}DFt)4{G3-{
zV^ls0A4v__2al)>%!0-QW`i<N3Z{ecAUs0>^93?XW#Oqu&HU9LLGv-NANRs6fLP-}
zjKWmk44I|vz2HZoVScFq27#G~Asq4p$VjsQZ%|}2tWQI;7yM`N0GN+BnU5OEzn7!)
zWg7lfXx<4TJv>T-$9#u)BL`9Ml<xx-U>C^dW$=E57*GYi06k`5B625UuE8^JAD*yq
z0{-^LA$Nex8~+}{qin@@LBqUyHgkLhJchF`LaqVd4Jx634)QlZ7Un}BYF2<pEuj3x
zkAQ48@ioXrAnHOyE(F+^l=X6~HDQj-vvCAt;x^2qx53W0!7_Qa#==@|6KnMd&sM<x
z1Ndq96^{@<^DWWaNSXi4uEIJPkM%Jg>lHj!T6pw7JXZO5^msC~*=^{Zq-dK`tfxuQ
z6Ux57+0N1VCJn!v%Djt(f#1SbkTAx{kV28IEMe5(vHr=U{}Hh!CSn~!WF9YDc_^W4
zs=`Z@BG%SKcoBR&h?MZ?y?J=}Jl6eqHV!@qPSI<5cn&;PV}!Oh!e|<xS0d&QfuEq<
zhJH_c4rh@b2^$}=e#@&s=7FFLMK<=au^3*8l&znj_mi<cA3cu@J&BafHL(6EVueIx
z>o6GE1&lu8E0`I@BUL;~;1Oi3F!SHpyiWV%H}o_;(6G5r7s$quTOh^`Df|{Gd<hw9
zU&?ZUwDFbDU>ua9<V9vhOCZ)o1*~L}c1mMlrHwvWWIo0tW(f#`JBq&mv0^M``X3?v
z%*J57Qh2Z;*6~C(<{F`AtKu2R7h4-d2@7nr9fSTH_)QQcBkToHYeF>m4xB|h;^Bda
z9aJN2gFYLx0E|H*tV;%8NCtmWhP6uB1k!v8VXzu6$Pu%ZK0_hBI-wNhEJcY)e~g%o
z;65-HOa+q>TPJ-YBl@6WEm{xx<Qp;)1M_ogxlD}3gi_{_vemyZ+y$eX43vCfvjrr1
zk-Ul=T|o-rhmetrrm&Pg%MdZn^6)u%wnB*2ODXD9d<;FFJBXOUiEK{CESX(<4`e<n
zTLFfb%deuhfma~1_0l}#=$%Lj%0$wDc@Vrc9$uD&d6Kw0FGEOp<Khhv9ykwAkH=Ng
zX6UgdFNOCdUWUx(HH@$j5xxYE)+%DYDT9X~MQkGaIuSDq8J?<$Z2i_x=lde_8`+vR
z*3Wr17ls!hV{?HKW=n_@Em~%x?UBzwt31BBN@TXu&b%o$w_@{I)TYQ*xmlf#z42ut
zqkrbnQh2OmOEHU)G7p)R6~+RQt*hgSk`%2{L?2F{iF0(dlWH(th^&2KrB}wvnXPrR
zCmk&PtginH<u;5*?_ebcKU2n@IKYb*@pNDtTXl!GDWX@AVU{Fgej5CL0kM&J3SDVo
ztp>ig02>qFwTkT71j=7vzmCG5CgACn2-}vj**aT=KEf@NyRcD)l?G-~Qnto|9LZ2G
zGOR_*(09qON-twik+8NevYs5PA|kT~JgtynZX$(siCEJheg)ODr$21=)J#2X0Z+2{
zS800qFN5Es6h1|tdlC<jYQ9Y=MIR!<UzNglm9aSv>vPc8iOd2MxQpa0>;0l>xk*uC
zQk1!fmL+9YhhADdM#G5k69iT}7_Vh)#ALG%HbODq6?z%kvWO8-WR`>8Kw$Ge%$`Kp
zl?XpX#@YqDFUm&-ixt_LKf5~{za|(Z$4D5&FGC+L#VU#ny_^iP6r-e!%{A~0QHuUn
z#F!;uMlVH)$uN%=U*_sy`E|%$9YRumm{Q6#hbV=gZt)@Ptqx^d2fL*q4^sv;G14c<
z<nHwByK&V|!2942!0+Jf0r2paOkx(>arO)}KLpveNW(S-C2t20;_M*g9LTNU2*Upz
z<fD*Z1HXcFu7F=eem{#avtU2?x8N|&z5)3agpY*$SI~b5ny*4*08QW>umddGy7qsu
zcP>y?6z8I@NB7<{`#t;p0ud2;i%3S~B?69!BO)Ro5=7o2AOa$yA~6OL2@*5}2|+>>
z2|*-8k*FbvNDv88G>Ff`F@_K%iY}vs5av{UHQpn0&${v4b?!Rru61Pj?drd)tE>Nd
zbk$$g|CpJY_d~)H$ipL!W`roc^N~M5YS$880B`0l#Pmuq3#W7K+i(y3EAmT7!AB1X
z<oyVfnhKNJ2IRja{yAu}n(#$j`*Y5oKyo*1jeHP%2nl)%a;=$>S+0f;!@b0z)B>B}
zX0CmWvmbKyPmXqPgX!^X_{VS+e3STh65a~Qa{#>soaTui*aFFkw~nhiA(@Bd0wh<$
z;V{YBCWPHn7vV3E3?)1SM&QfDceSMh;acRAc$U8-p;nl2iw(z+-@s`62D?wgWBjQn
zV(;B)B|iPU@2pkM4m{n_p4D9mKLD`@>USBdG@&QF0r{<r0h;rczX^_jqijs=)}xOg
zp@-LxbJcqI9HdwAeo2_og5Cia!n^Ax*f}rZvG7hua`+Ts`cHi&;cDbp5FUt4+pQzq
zPCf^a6PM?Xum;w`G4KL77&d}vK;2K8q@YK^LC7y8+>Ee-&gvUO-j;ALn=3P7?_(q>
z<TGIjmf>ZvA31dEs?uqgFq%{cc+!!`uOj77;2)3>)+dqdK>z)$_Vjtkdqc`duR<On
zTtS%8mwpV%?_4P$d6WFCL&6MB??vKP%y%MRgJhwrAxO}n*5u@GJo|@8&c%{{3G%H-
zGVnCmgqZJf_AU4Z{5@x#Hj40acs4wPIBwk7g>Yv}d4h0j@-~^6UAg;E!dJuYj?@`f
z$J)Rit}b!yXwrERJ_9#G>Yn-uq^_!a$v@?##xakZ;#QzI`wslr(Uy*(t=l_^d6bxp
z6;+V4pCRc}&nbr82=jFMFzGPj(ms-5l;a_;{drx{gm0q`Tmx^0vxwOOrjWFR1yVbP
zd?b=iq~olz?UA>q4{>`fXzzM3eTcJXGOyH~Txp^QH?ufKYO^6NNKw<&<@K7kcL{O!
z0K6MsXX$;9F#U-h!QH=sq@$C=$#59#fhM;QpEjtwAn!u?M$u0c38OL{Abc7u!ttcA
zi||yqkem!6JcZo;jcd<BG6!;2p?MwR8JW?jztaD(hEl;Czk-ox1=b1Q?cQN7=G|yx
z2Hxh{Z>l>j?M^&33=XmMdZ`Bt&xFiVyaM57miix->Sl4!@C@ozAGekY8NI9Vq}+)#
zuOmFVu9M-_<o^mJSE%!Ce@M6s>`0nt!YbGjUSszSnrr9To)b<YHR_wn*qwOlQc|da
z!z}gr_F8YHj0tPMvT=Hg1x6z5S#K0E8I7wMq_z}3#I-ec7ow_G%}w}Y_EUYv{-V$7
zM%X!y-9xBas*S>0nQRWX!oH?OnwdEFy+AyVq_g2S;N`Frt8D%3zC=}9_Y}|d6nETb
z^DqBqdt<wwP=5kXTB<(wj(VhAZNir!xvXxx?E?w-wtCiQ5WcW(gDpq9vS#MmHYY79
zwQhE&r5U^Kq)ytk>2vLjKrsjL8r5~P<0$kwSacB9VzY$2_2iw>le-w|KfuFwx0p$7
zr5)`f`Gj3${Ykk4cUe-`OxX3=W;Xw5Zw0#w-(X+jU>i0ge><0HW$)#&DyKUB<3W0f
zsq_hU-C+f}dcdaOx!GBN8&;#?AUG1XVIBE&VmgcE_w9P6x)?g^dN=OagQx3JS8Ldm
z)r791hUYy(i!jvFEWJf_gM_uIF0gv|M{iq3uorc^tE=H$HIyeEMR*){9PLtL%`{4y
z5!eOW&UrkYvw;1A8U1&trE}`m+y0#Ja52Mho_I^xeV88^-dbnqT}>HXQ)gGVui<%@
z*p&Tu$@5~HXEPJGI=Pa0TrJu@N)7L2C4p9ikCVe5lv-CxZL^pu?EWQNM&r2ZQM(D&
zl#wmLAw0_n$}3$rn-*bvj4<i+<&Gmr?FRJR58ZZw12{VzwzD%Ge>^4Ims(K+JHu*t
zKDNhdIEJe(hqds-dK-wH7k|^n_agR*^cHI&F@0kzTh?5gmwDS-A#+>R7<p&%=~k<c
zk^jHj6uc(3Wtmp66Wa6_pqX(z(f#OiOx<E(EyH$wP*eYp+w}E^a4!AxVxI0|a@&>u
zp#|(=sVkYkUyW7g3gYyG=fI25b{}#w6v^4-LD-Vj`G0J)JUIhx*nECY{y%~pWK-IL
zy{aYY<fxg|NUnmn@Ya5evmetBT!y@}*kYcpqiAb57F$zG-cz^Pz1-?z8Mkf3Qa7!$
zy>}P1I@HEjL)riND&ZU9Oi?GSP1UB>$Hw#yAs;In*;Zp|^k&0X65dVt5Owcbn-ldC
zyq2@i**u#%VC&@cx?c8d-I?SnWy>1Yh_ej`+OYQwlFPZ{<%BOJd<N|5h`gHnwtz#B
zcY-%_c8WMd*xfic*fuD;m{MDN@*l#kAhflk2x49a`->k^j`n%~Ri1}F+d`uU^G37s
zJH>}KhlHDPwj1~DjQpy)ut`%|nx4v@?L*8T60RZ65ZGN@C9IvQE&U0sI~V@I_Bq5y
zZr%kc>bVV5vT87rk(T-_QD9_Jq<6B+k=p&@uZG*L#YtU3{9g7Qp~~c~IqAFzN6TA;
zwK&=Eba<D&)@xJuk_n&1waqD!7Pc<=E3Ni)nV1)$u^!y98+U(+@L_gFwIWWazINH%
zzDjESY$>Qu<Qddwdv*@I7cM2AKZ3K6j6{c1<VAMQXsLJCwY2wwFIuYZq}&m9mS-8Z
zhG)YTuzOv`j^8M+M@aema0&bt{GKZ*(rF31kn`DfUl^9iRa4@8qfXMAxFgy=uWpRt
z>9DD#`bT}qo@UtE)_GG>=Ubk9+?+j=lwT&!xwah5eJ2UKSE?;F#Ig<PH-)V!g*(y4
zEu3wJye~Wl-a;?B-^Hw#UrOD!W!f2eBUc~l-@-e&s-4}J$jEAy?cahI5XSBrY)$wz
z_-o6c$H;`$^B{IS4?Akm?T0zRo}Uwp!`WF8aQjbK9q{HjGGm&<yZ~!|fVH_w?2Q$~
zuVf9#TSm-fq{bc|?@~wPpE7d33u^;&2cH#(3ReAs?8FPQ;-HoilbNi-cHz67LX61+
z%rOI#ApL)URn8!mUVo~iJsUg-ndt`~=Z;v{eXI(;vm{_W_L+YL+1(Mi4>|K(A4`JA
z9LoC{bB#Z{w-}Nwj`n#2E{DuseOA+g&c4bnYwt4d?(}&baooz?LUe`Qz++xn!9JY8
zYdjr0oq|~76&4;fA31Y#g(XLw37y@**)C=?OA5HzD=A+Cu>*J$;B?-Y=M!e`tWGD~
z0S@GB{j8aJU&>lJ)B<NcCJvSj?`iTwd3jh`0<2m1zd_>GbNQYnfc-y+)jG(2l_2{x
zf>^2pXeNN%XSb5?)@Uf50INI!EL}lXVS?<053sYyV+QTHb;fhiEl=t{k9>qJHP5YB
z)iCdS4Z4!0Ci~s2B#2ErxQMeus8?=3|GktQwl9A$a#xFnB4Pd*#6A#Y-8SIX{w5;F
zG9Pqb18sNYEGt&QhqxE>O^?+gQ<v;n>R151`K-AIUPX@e#%J^%a68A|=h|;`mbtU9
zq2liB{0UA#!n#0!xqr}of8oBKpe6)3>)(b>uvY0qj?A*}A^ZfEmPe8N6v@xwpO83P
z-&%MV#Ma^WB+UvW*nhlX$gwmkEFlW(pNGvS@DN-;oaOe8-YuLR4{6sPmOAeOM_Q08
z_Zdj0!8;%pKTTO{+L!t@e3v};V#MWE<(%acJC%>+M86Jy;>bAjC-eY^xvCn?V-NI(
z)N_iRFAyFM>7zU}pvjewl}S6x9=X+63A|gVrK>3^>Ze}IJNjwvvKe9z@ops!_8jk5
za1$j+9`rp(a>V%y>0qnz?uXQ5uQ$AatC$yftS@`mioI{r&%3p!j~z+*W90O)74%(R
zj`%q=$-YF*ek%QY(wqhV;7ISvjuA!g=Pjp)!II;xA-C^AEPer206kiYhvvOU$Zegg
z?WFK+dR^L`{{r&%Ty+56j^u}MLj6<Q+WQFCvX{eiz2EtqJ)c^{o5FYfHf=WGcA~yb
zxxY;gd2iY;S%qEi5Uh6y);MfTR=a|3XXC@@e=q5u1DEg=thEIwQ+*JA$XRv?dVeDP
zW4H=#MZSUXk4S-b9dO?VJ&XKJ<m`eAuqquO4?Y&Zz&!4PebQ(B+IKsXn;>y(>k-m<
z8P4FU=Q)cVK7b8Vvl}zOu8)BG;_LxZUPYUwC$D79v67YOO4gu*^s(M|(e{2~y0_;E
z5oe6C6UOa`!tSy*V+p&GwT!cWVEvSxLILy;VD&ageG9TrBk1;}40P{St{MiXz#A;h
z+tzX+l9_M~oMma=xpDi>g}W@xJJ-&?xJu1OPJA<$u~+RUd?vgK4uZ2Sb%5}_#JmPR
z1}DJjoIM}jiDW3@(;>O_I>3QQ+K^@%_CP{z6;EN_$d;oxtGMcZ_!7Jfc~A1c6v+tq
z4LF8tpW^Hn=;t?t@8fKD&i)C$LpnZ0;x#7xA>4wb0v6#qu0jvGH{r8LnVfhx!4kY2
zo=Z&V4TrZN=|-;5p8q_On>jlUden_>?yc?K)T~+0ckfmtJGgd)d%JN}KiCDHN3PJY
zsl8T$mMXcgsl##VaGbp&amE92>a&gcDEuz+W902c?&bDB?8IKN6UoQ6R{L)6mfJl`
z9ndcjhdQ9$KH)0~yHXnosRJ4<>1ucd98JoT$-}j<6MCl3t2>bVfH3-0Gq{R6Y38|>
zuGUc>)U9wDJO@4tsY`kQbam`f<Y-2b2kmNpM|d@)mg>InBIwS#Hq{JX4{4_=Lmb+g
zri?WCSLo9lkA!xoUD-VZB_vm7K4|$X_#iP)gY6+Ds6HZ0%hIi(d+M!_l$DdC2hFo+
z_oSZ?rrxSQ5O$K2@PMs#e7yxwT*0$GnuGu$SbzWt8a#M#hu{+2-Q9h02`sR<yK8W_
z;0}wsyDgT*7w7Ho-l|*oz54%OZGYeNIn%Rs)=tmPOi!n;-=wFPrU@JYPz=x}1Lk<;
zVzyu7=Ir-q)yc^wasO%k3EVJ%_vf!M1?|R5#viU31y@id!d|(tt)+fw7|<{`n4sC(
zB-kyTC~QPul58GWo>(B3W8zj;HrD^X2-uc2>Jn|BWvHWlzr0RhSRH4|9Azr;ZJlf2
zH0W{}0Vh`gX$>CX5wAbwm41!TAh|z?=1-~79>ecmfw%@!9HVF`Zx+6zd_vU4?3z@W
zrGcRHyS;ifnc*kcWf)yAf0*g?IgZKapw(ciVq_1zHUT#l<JHhs1Y>H-faM*2D|{o%
ziQf?Y+ZmB9sXR$_CiU0n5@Y6iHU1Gy(DEUk>;8u;BLwkIqlHkg&t(85MjW9krl|kf
zU%0nztc3CVqF)Bi2J%rOyAvg^QU=QGkj#d$;0@zXJCq+K80WXJb=Zv$A3VkhrbU7A
z!vf`R-9Z~#g2HN7T=YLQPXz1h-3wj6-)+p2(N*sX58ATyU{g8uLt}>-z&C9K?@qZe
zT9|X!J)jP{qaNS7qxS<=Q<A9mOZo9DCjnl?8cLA<Lv1-ssBcInr_Q!DemcsfU&YVW
zaIO^SM!Q+>P;1)>3_?2QF%klc@12!eYa2TgF|{pTgDsAQ;qp0f@HsSIUH$aWUka@7
zV46I;HYZItK1_1nq-u4@UE^Y2a^ye7T&c9;eKyRRT9P04$Ypf0_4q-AL>ijX%`nz&
z^@%=t!|cdJWqt|mX8BV@d32wQ2i7TSb<ew7i{6Ob`U9gt_5xrNq@B?ru<5$Pj+TR7
zNdC)eL9*0w3tjl$dn03Oh6FGE%-=qU+gOh1uD8;cCLu+3p5@xcKu){anPsW!J$*?O
zc>2pMy97tVC2ZrN1uRJ4yHiB}Q-<aVB&m;VA6~QSmoPgFum{cUA3B=aSr~<aH>oCO
zb#LB1z4z;1{?;$@Z~bF!fBHpgQpvV4H%gs;E;I<*vmC4I$=`U`ASMgNkP_tJw3w}8
zto2OCir#nFHtDyOToO>S;l{Z<O)vTJtfn)VZ+FyVdncP6R;v==mjBUK82426Pj|I=
ztZ$d_VM;EGcYBu5dj`X|x3?$mV+_>wzwXrzDj!p4YgZQl20zakjk<m1nqpIZd>L|T
z(Q5d3r7(B-6c{!S`QBA11UmWP^yq7;+4Tu-PCiJY@c9$loLD>qR;Q`G^K#5fc(3qz
zQr73x_JqLe4gp-fr0~HepWzMX`*%m5B(Ge(2#;brb&a5wJDN;Co#X47u@VGs{|eF9
z@a&o0R>cGtaPy&VY`fbh{C*T1^^G`mo%k|u@v;vKI3>iaDOs_2+PZQBK|8;<Bk+xE
z(gJ@x5g)x0{G+C+uDRqGU1^|do2JC08zCwDR)Bi*mI~52>f*=0rmte&^MbU)cd|S=
z^|ZcrB5jSxr%4Gng+}Chcbzxp>W188kjz`)(Vpl|N^hjjA3Fu}i7<qFalnJp(VwUo
zdT{vHDWyiNK~LOb&DO{UN5(oo%#4mfy7J2%XaG?!=$pqs2%0Ot4A@?nR)gQ$Y)-xM
zj|j(8WejYNuJ$9!0<(@s0Rh`;QW(x>kLM<o(VB|$WWC<ofEtAJ({$ga&Q*F3bdEH2
z+T~viIYmwUlWIC)(9YpciDA^8k1t^sahmz>A}QxN!R5(5@>|-j-#4lF`~9E{uSGAO
zl?SaU0F0YJ2iZNzwG)RM3%RF&Rc}XT5`-G=5sj(rtIrKdPc79sYXD{B*3p=j(XVU1
zc{U~eP}y{!X`JqKvUTfWga!jxB#FkE3p{+p;U^fPYwR1(B~nolzmTT`|0Foe1S;SB
ziWAD|$g2F4M!1a7=M@a#^-X+qH)rJ2iB6zCVUDkE-b02Y3rHPH`Y^t5-uEz3rUf2%
z#X8$e+-@(|u1LcgZ<6?#d9IfYC~J9sb*jV)HF;K<#`wlM)bYDZAXZSRY+2A7`-Onx
zL_k-vmf{^y1FFU4>bpIpdzZX@iF?#lf_)Y0c4@(=$!>%6bGA#ZM@kQcb#l9j?37j6
zJH*!YU;}oZ=}WGevHSgB&M7Eewg4D-6D&ae#HRu-9^&#1ORknKFWnsVrG5%&(4X8$
zbVxg2m3YNAu+#3O-{jba?Y+f$(YPTlU_S9yEQjZLa@RGJP}g2BKYJ|A`nqkozM*4x
z#=T)8;%(CocgiYIX&gVWH#oSmnd|Hs{FsE|a3T0(Tgc0weLJZ0(@M%nMzE~B+y;fK
zvwm4^Z0W4>B5GE8>@ub4!BOOh&cRuJYg0?nUHsI59@Q-2&b~s*1g(~XjeduFQVXI%
z1a@_O*~V`EjX?Q%+g%Z|_KC03PN@2JkkU?+`Zh>uCqaEXMrkKaeLG2MCr5odLusc-
zeLGKSr(AuzL}{m1eg0(Xp>6i^&0~4RZRQ4LHX)V19WFt_ox{@%TlUS)UD05LKYtWl
z3?xA*{80c&P&I#4j3j7?KdM9$w8<aUB?<a(LDmB<N`grBfKW*gmmUyV3Z$S1B$WbL
z=mEK;K>m6_1u0O99?(JxRILZ}mjVsx0lNgFHuZr25h)N1ZY&gqDGj302f{^28YH9-
z)Q|>g=mUp@qC%xXq58laX;6+nuvr?^tPh-&22JV%52Zne`oLFd(5pTWUj~G40K^xL
zl9T~S8UQ7QqX06X|9`PC1jfjK{0)I6GN2SgV3!Q2+7P%X0~#^}LS;akhT`kV6U;f8
zib@pMe{@RZKOZ@%46S`Lmu<IyFs)tjdv)Cp$d(gp{N(0FZswI7@I8#0oVFq=U)vQ2
zKO(UA9|Dv{BCOUpKb6jWVJIp*_j~xP+@C1!#cQ#3aZ;zGn<xq<{6&zHaeOMZeUV!0
z9g7l~Onzxi!G3gpLd#EGawL#ZamNil#YMcJ-Wax49`n&=R}4g8>vA+b%m@KlcSVfh
z8=_5C<!3Xekl`@*9iM5@Ydqfp!wb2*0j-^nEHb*x_Mf>TR>SmY2|(u5jrHOdPI)b=
z4WF7RCc}a~j|X>T<8aOfxWw?MRdgw>2R^Z^?KKvCF+7;X>Ho|kx~Am6NQZ@20y-dP
zp1{%*XI7$M!qJGZ0WxcY=m)+y1+_@8k()>GNxG$S%4F5dkwn6CCia;ZRAq4MH3!bu
zAfKWl_in=vIVEC36SiHsQ6~ajB%{*V#hC->w-X#`e2_^Ruje2mT=JJQH6Jp%4{Fd)
z-|$6cd98o1=7TrxiF0JlL_Cyl_giz@Fm6Gs`fWoa-{~3OjAb99v*q4`+W8J9*X}eY
z1|_}|<VTB1Pf+QY+(!9j(DU(2kd<cp^wXW3q017Idq9>UVCiwNw1DQ(*T|pSGCT=0
zh+^A=`>T9t{Z^(`vDj0q<6B*{lwREPIIBekl9Os6;TH8B(Has!K7-vlybJkXD725_
z++{Q%m9z4hC-9SOFS+eUogR!3;&)j_n3@PS+i$r0&)2#gx$)#f*tTrB0W0Gw#fW&l
z$lI(f*i|7X#f0eZIeW()QP(g4JsMkr8|j`(cM4C|vo7qo7EcDi3ZV`E!H=`)zOxyK
za(`wT?#^Ekw9e`4{8KUsB*T{$3-vCfQa7mY4Zf%sWAb0Up3{r}vr%!%!XBgZs9t(y
zEHKDet{$g;C1f+m81F(-c}-ktUk5*NWLJ~Yr74<Ro4)>@TzpN+-xn%kg=Q?gf(&To
z9|>gr8QobNo;{6AH7PhFvW&a9DWgXY>a-Vzg`F!h$qvC(&W&jnr$2U=f-YTf6}9Gd
z)yfGtq@vW=#)jQM+LcXZF|Jz8(|T@|B*irF_`r7^y4ACjN9zy7zG6A&<oe4tyKXnu
z9Yz~sQ1`&aFG}0T8TeL?YlS^dP^6(o10K%ZPu0~Qz|1k@4KoI=$4)il8ao-g;WtFy
z#ct+urJR5nOW4Dv;7u38v43cmmmB#-lF6()_Nx52oQ9LNJu{K-vD2h&(5^aqbX$&B
zS2h9xQH<b?pTHq|i=R%=u7ZNVKaTvKi)@t`Z!UXB{`<Md8#}=96>Q!2_@Zb;rMk;?
zxO51?nt%ufzbe?=E`63?;t?Q09zg@6{PlTDh;AtG>ewHD@s+9iRqu*)fTW@31z`0I
zEqmC!DG|Kcx-KpH;Q=XaC93P}xmZw%sn%cHy6Zt2`b9ugZROa0OFvXxLb8%87rAzk
z#Ov^`fSR3K-_iO>2~|OWWcKHY2|?mYY8-kr;aon;EFsaPr6d2<oHpyf4wcCmE;d^g
z*6cI`BG%n!iuRaO1Ad$*H`X+nqM7!hc=A|p{wrI1y@QkuFE%#y-jtJluY|;mRfj~v
zlf&EewD`jrjt&)_3M{bp$9)p(#Mb7A-VFmSLTNsiOb(aOQsdSoGK{cYR=Z0@qbm8s
zY;3w_rsk3Ji?!L1rUo4I{@MQP%Uh_3+jzT?`4w~8{kET9&Um|(pTAA?<_>H*GOabO
zKrdv{T%XhBkxOpEHi{{{IBhfS>%EuDE$)9zt^IO-40+%C-qN!el*inA`HpQa4y|dB
z)(du-n_EL~ZT{Wz10FBOP%}N_*t+hI)7EhKcagF$4*7ReEI6GH@H0K**<{}Dp<W^u
zxLM%V-hQ$`nNAE((aCsBv!bz=HCnZk)B*P%Z{ovH+Fm;Po)Sh<5+n$ZsE(-2-JdNF
zl)xwcFVutnL!13~usS+r^)std)S20r60w(6nSL+rl*l_fP^O7YexJXZbnf$ql^B9E
zA$yr#Yaz3SE`!2pzqe=j(|!~UoA1wZqHkC8p6jRmyc_&6R-gg5lj4uW(=S|8ejF=8
zm}dZy$HRi>3Ck|j6=?WvTi)|O_y*byn+RtHVYlA-J^Ge4Tm<bO&=+!hBBl*V**!qh
zi{!HfOT@8&41Yj)>%k@w+fEidAHhKc@L<gABDf{AE7g-(V8(|HW5eo!<`JI_{~VvK
zi~fZHBjT}$#`i+tzUB$!@v|yU2<KNV1@qAFCkopk`WgbE$PN#x<Q-BI3Vop49nBJu
zw1@oZd(+l@S;gP*Ayt4|;8H1*Dt@?LS;{e$zB+y>L9LEnJ`<L=YGoO2mx@Mdc|W~%
z4FQ9`8m!#TxO%0kX*9q~w1X_@IOaH}PQ*7~FfQqs?IsPalz9%Hb!@XS@@@uZI*0in
zthKN4ki>cv`dlM>uOvh^>o+(#%<q3wXIR-?XL;6DXUf=BXKUA47uR?T9$c89SE$F+
zU+!OV-#=O?qtBo|q{@l6Nab>s(T@WceRTd==2TYS4%T+tSG5^QnpGB1LD+M(=}X$I
zUC`lK)VAFhSWu@w)S|C!UtF=+_pwP!f@x(`=o(hmUbZc~qsK3%F3bQw&W_KFtLC^~
zU27f3yOz5Wx>-G(UN4s!{1yEh^p}5~c3tbH*`HoTFRhbPKm=XZAg5CwT}DAxK{aT0
zc4l@i_Im8P^7#1L?r8Zq{hIzrW3KUNai+Q)>nPzU!P<0CmSg@;B=|cAugQyw3G2PA
ze$@EWk1J6QrmKRnK5HLywF8=Cq{k-Z1XdeXo4LKQhcTSv!Lije*t}etXqxEp!dUI8
zDhEB608Hg(ajp7Frg=j063f@5GnM(6_TK#7{Gr&V*#{uN@v7*TmYr>oZIEZNM>;N4
z<}fal>@PbBuAUUia~OT)?^4=~^QU`F>|}eDec=(H>7wcq_vd>Rc|r6A_(}RTzsUP3
zya2p}U*?~nH@#2z_srJ__c-@B4?QAKk*F6xqn}0r`r2RM$q-2C(CB?sn3*H#B4_A7
zF5*`$V&YTdQ=cROX@Rs4Lj&joa$ZS|iYGbRs}1@#l`{_(3nZ0`TE80n)>d+F9(Eie
z98PFt8jG|$25yy&!|uBje3|F-UgVVRUaId6u&uh#@x}@IYaKGOZm`+@UI|_ba*AFn
zv@3i)Nzz>{N?MbyG&r&`h*-4K!|Q5x(>kqp(`q+5c2+%w?fU7qTiG;tj4oJSG*xEo
z5FeX|{r$>$17ZJKU&PqFI+M)2GLy__Yc;yL1TXER)0Hx5Mepg%G;Kx|*UdNz-Iq!<
zx*8R#H&|MUq&CSRI+VT<`3}?9jJVf~WDm(de18RZQps#$7dS{yHB%nx%v>`fJ_Ji#
zqm)e3u;(doX9;ejJp`Lyqgc$)us3%Ea*y63<pa;q#eS_4hN(AkeX6u`__ngN@w4IP
z%wW#)(7Tgn<&i~*dg21dPsH_yT~jSL*E;38s%t}~Y^H@y8pIS1TR6<&u-8dz>26}3
zo`qwyiPb62&MbcrUe?0P7&xlo$gwj!@U>it^TbJar$kzEr>rub<63H>VCiq7aB8#@
z-XU1k@BaY@mz_6O9~_G-x8zmzXX24{a5Td4AHDfZT($;|1~}m7WoysG*GyL<Qmt1b
zTIQSZoigm0jic?DcXXOM!rE-Tu{PlbWAMgnHgJQ<Cj8p&Cj1M%RsHWqv|s~Ip&T0v
z{EbnM-Iv#bTX21}SG9Uosjk7j={{SM4n08iU)7pUYuDw^{T?tyQjR)FIsey7kvv86
zMD!$4IZ;NDGZA9ZEKvawj=YtrfT`H2^C`$w@KoYd<kVSSo5+<2swieiGEhB4J#+!c
z8NwOb6x<Z*4%A0EL+!xv5_0{1tpur`x~Tbp-20zyA|@9G7i#mzW=xIHwh-@-$KXdG
za!6>1WbjZ3O-M<IMTkWx6k`&T`6Dw5GiLS2YLseBp|5__?HuhC?KDqbca`UX=RN0f
z=Ox=F+X-0A*x{7q%Thcu>@(yuOfxJqJTnx^IHgf&VQ3(<n8;|^Fj>%8*cwSIJu7qF
zk4r;SEmJd7H&Z=R6H^z{U#8xs8hc5@ox^-_Fp5xeQgOiuqL^^YZv-Iff_uwd%X-Ul
z%STJM2Ac+p289L#S3_4zS20&xS7TReS94eQ>wl0ZNIoPUatSGetUy8_#SoWiyXmZH
zf$7Bp2XRa>Oo<pVp(v7w>`2dAMFy<VL2zwxEncmAZFKEKElF*<rk(9iTPa%)TUT2V
zTNzu4)7vGzTF+WwEwag|F}+E-$%!$cNrs7z@v2FiadrRgzy_#;l<)K7_gk$~58Zx*
z3n~7ulS70<83Q^4t3&0xdb<L<zB|u52)m-Y6gwunIJ+vlY`gWlfT6=7{DGAIlp&3Q
z#s0;ioJb*@O@d9VP2x?$O;Ug67vU$zC(Ea+J5aEUDy1>VH9yrd-ZI-V0TK&Igk(dq
zAQ_OHFNt50zodQ1NzF{nPEATpNX^iU)y&jP*NoH5(o9)OUCLaFUy57GTFO|;@nF6X
z-f`T4j|%OWCTZZ7$*7u@gVp59;Tx$}msK5W&)1hJsCAVEs)?3Ms76($YjQMNo6nz?
zwUr-eFqUa6H?~`=&8L^$sAZI8m#?Td)>|vgca{OlHmZ45Z<OXO)P@qswc;YFW=D+c
zr0YEE<myE0RO%$_sI@YPVu|93vWc=XV>68<xSBJjN89&$_ku>uMv_M6N8CoDM#kY;
zFo;LiM><BHM_}>D36k+S)G<^F#qFx!lce_Lx|SH`>E;F1>;~BcRD6}6$M4Kiza~X1
z$jQqojLVEmkIOMiG0HQ_RZ0oOYiF#)t|WRfH8M8RH*(#mA3x7+&y|##lqOg)6U)%d
zEW7fov#*n{Gp)0%^Q=?oB~-~_N?}UFm+{FfNGY&9A7oyyUH4uG9hn^^9nBxP9Yr0D
zA2A-C9qAR5uIC8G3Z@Fizp(o<__FSriKK~9XV6-tn`xV^Sd_8pv30QdvOTi}vG%c2
zu<f!Xu+6g7vjWTxEbuIn&D71+Ef&l;&9ncLrFZyrqCMM_=1Ta$@xb!nY7A5XRyQ?S
zwrz51(rQv`@@?W><yd7~rCDX>`@zS~N6yE|$HK?KNAIoS?&t30uH~-gF6ZuhJ95gl
zT)9lVyuRGA{JadSBQ?deh%pzMgvT4{iZdnuIt*{6ZarvqZ#~vs)P?G9>b|b!uGOp!
zuidSg&hm|e*OM}GbP{#qb+UDmbP{xOyjfwg_BQsC_JDsk@H-GfYfvji>!kD06*=h-
zXt1fE!z;E&r&_0Ir%R_rr$eW|pQ4|ppQ)dSpNyZx%k9(pJ>vbqebGJcz2v3M72##Z
z7-9GI<9)~d^F8bmzAw;W%z@Bk&i6ke;$-Sl_~Afm-~o^mhyj!b{yQL6)cIoh@H`C!
z0gr%MKptQ#5D_>4ECS*JB|qAr5`N71IEmYY>yCH(S)aLGja!jhlUw<&!Lj{MIPQQL
ziw*;R2A<C6Ra`ziK78-bHsOr}ZwK-Q;s!1TMh1=sv<7$vS_cpZ1_p`-a0liG+y<fs
z#?2+_3tHM*np?W=^e=*Tws)p?4hL|ksz1{f{n}TaRgO?@Qyx-YRGw7MQSO?_ojIR@
z%mmLQ&P2|f6}8D+$wbKf`b94jlemz~naG)xO>akk#&Aa4q3>1hn(JEQT6k@Bq<Lhz
zOdkpcIXCGtaWOW3Z>9$@0GMFk7ZYtp5x}D0zEP9Wgi$td{iw?*>gX>pJvb(DF_|lo
zD=CNGfgZ{LrR~!9EBDFusqra%vbxv2H>Idn`lFPu)TGp^G%LYK&}cJPt8^&wDzTo@
zEvaVey*PtHMoD(m>2~6tpg(&gA%+)ZOKynvKK2d4Tv%8DmPuInhxZ@ey{j8x`oxL#
z<>!!-a1JV6{x`}1@E--GSS7JgVKLSB;%oZzugRl6yRdPe9Qc-Pu+yAZUf<(6o|1{m
zD&CS=*bK)K#S*h79uZN+hv*N{=<*oym=h>WADK|AFsd*GzpQ=sp=+UP5on=r;kq+F
z|9P%>E_Lp4Zh9_z9vVxNNCL)K&RbJtm}8$KpQD~*nd6ufnB#Nx{KLThU6rH^E$TxQ
zirfb|lyS6iR7Q--50xkapH@Dv5P7jQ&|hmqvZnH;;-)U9MyArHFpU(r1u}`7`dYU&
zTdZ2dTjW|yT5MXpTL5>Lj#?gyE&RH;B)Hk1vhlKU^ojIw^-2A{KZ$w#^6>W1@Nl>r
zhx@KPxbM0+A30Au$HY>g6o@CTrD%=QEVL>VFO(}ZDYPl{E(GjdN@<xY7V;~9{fhM!
zC+$-jcG}l8d@Uj^EG?YnFP`5oJ>cHU##GW&VXqPHy?TbX;gP7I;nLyd@1SA{w)~Ah
zIOyWL)8^Ca(@oRz)4i54mN}NMkO0UQq{dRs)%3qyn6|6CtFWt;tD39cbs&UdnkHW-
zpD({!Y%`K1((khXi2&|1(*ek=znz5!FMPmc+_=)%&Lqni2zOk9wJ)`AYkO+Lm%^5o
zmiCs$mVPhQEu}9FE{WC-{l{UM@ELm>R}b6{U<_gmMGwmN%MVN(#I?`0NAf#lC*Xr4
z4mn0`k`_6uRrHPYW7_>Z%{+sy=q@GpqQ)~ax!4@^H+I@_J>d%j4+Iin9vcVkm7aW;
zw|gDQ&CF24jqUaVPnt{leP4Wwiw2Km8OHxOLM#UoA)yVy4Icf^P+TZ}7pve8L3Vwt
zE-FDfK|w(tK><OU&hMQJoxGibFNQuUPo;Oscei&{cN=#Z7YG-k7Zew}7b+LfOM&~Z
z_v(K3e*9gYFZcInSA2)~`!Fyx#oz3u`zh}}>7L?h=ulxKC#&nbzxd1FC*(`g5r6X6
z<tO~BlS_jUe~Q<vC((P!E1^lDgm0h*G522SVC)OAda-h`Rk0E=qkPGHg&lBzZhuWb
zBZvhA0v&-oK?5LM5C<p<6p9@~!%5Rb?M``1ssHQr7m+NHJds?cRHjU(T)e3@E5(r<
z?}#F6wr#R)l5NImB7^L$)UEWb0)`ZZJjO3|DoN@gY8vViDhnEX$`oo1szoYNDZzLj
z@_XCM0aLxpq&>nBKs=O6NQOjZxlr=eTy8s|+ah2!(5+jbyQ7;+)x7Leom^lkQqEgJ
zO#a-Ow-9!Se2^@G=?q#IMhkKa{vXLAQEK8$*FH}JBZ_mjTt<WyRx}H~n*XjGG8dsn
zB_J?SHJRecb=i`}VBZUX0{xi1I=;XoYVaRArr<}_FK5K9c=5ekS3fI<kcL8#2z>~B
zP_%!$8;%ARB1j`Q5iL2xRYu9z1BJY%FWrCMNFe^8dvmXQ?$R@fD1`s?jazsLot#?b
zh<XdBd%WAOJF9!WTO+W#yu9*L9Si}=+VZspvBh8;%`z)+<16GpG{uXcZSnI2ZFutc
z7=xqv*9kJc^<J2lWqD|mm()Vv(0^+JO-e{!hvfNJKNdZ6@eNPk-POD?!4K&Al#ZVd
zARA;7gNj({e;7yIo)>vY?uC78UE0FSU8sMbNi|jT{)uXf8F8UkhSAiTOa+y`u}1m7
zsNA?hX;nK~X_Up9M}jf*N#<PRcNg|k(pL353*3t88J5CQZRPF%{W^|Utb=XY4AXnY
zyBU90Hj+VHA@ZTJyrwhg{xptU=W4kmK>7lBF{)IXm$qdgtb^BJ_H}}DOMc6KtNf=x
z6N_nG9vO1MIjBf*O3-5`2#NF#?^*}a_+vq&8u1yfPB|Pc&7ORtMYn%zEr7v|!Op$K
zxAiFeD2!}K|7PS3B|;5uK;;`-L__-A>Lw987W@Kd7CJbQk-igp@Au*9)18rHZw=uB
zi;>eaiUngJqV3<_hyY+WxnXUDc2K?r9mCs_Iq~yfJ<JFtM4E3a-mABM7>Ua**Lz=r
z<XZW1LZeeC<ZoNM0s3rRo&9d%cRf+Z$+vq}hrAm3$*{ATE47xZl1VP_ubCRtZ3@4f
z-`zWmudH6rmhBpSn<koYWp*f}0uAvYa3gW!ag%Vr<;E&mVw13Db^Pc^;K=&`%NH8Y
zT}TQc=0zu%&1Ly78n+w^utl=0?qTV!?Y`(n`6)1Q5`ASqg{6F#D)D6Q71UH>S=q<(
z=N?n^(nw0smU~s$CQUcU#POqLOv!Jyc|HP7bRy)6w;O@Je)Vzb@7r;>aXs)K48&j2
zf(mL=91!&WtJ*q>EppIncmv%luV=d3dW+i-T`@)n5`Fd3)|vm2%W96|a|e3Ef|8Bm
z)h2MSE!Jnzu_<tYl^#8Ma02wK=<+!lNgZM6txW*H&|%HCkoqn3y*%Ou(62wJn2;z+
ztrgvs!;z>4=?_OSVU$+v_&d9=MCcVr(FhA~Zn#H@4`%@~R%?YyG3Q5oK^&EC@6oLN
zM5Q=`O-1{bk+esH(V_=8@~d-^?}d@3P+hOrNqF(60j{~eGYvu)q<t3sXRs-RVU6^6
zvw38{3LK&i?#u%d?CY3JGdjQgs1g#$o&9MMF!AOL@eGmiC+ZZ2C9*4p<t^k<$~76u
zL3P5Ml_TZkA^GH>HXA?eMK5$BSh<EtnZNCGQ-A~d+8FK=(iT^@=SFuuLJm|Qwb4Fq
zlCEmdi=&Tmc#a@F(hZY;)|CQc9jsdsCkb`>DwBN@iOXB38?1`Qz_|cp`NQvq=@F$z
z!eA!KN$6ESoq@nRR794Bpy2jCo869Bd(ox(V$DJ^29K$?OyrI!cT^%KibPzrz&;0{
zqnQ*N#}uW6-N~C>+3mH3QIU3Lj(#T0{<M_#^yO;+UWMVzdsm!<d28OV%pYMJ-)v>Y
zCsZ(XKUB>7mn_^T@!GB5qRhVZZw3q4HuJKqsUK#-C~z_m(Oqt2>b$I?J(OKk?OPE$
z?5RN&%U3j8eO@sL0tl`G5U(jzVdnQ8U#^X(8gp%gCkM;2WMC%EF23rXe?|oL{`s}*
z93AXxHqL$uv<mC)JGbWLp6yACPU0o5RlnyvDAzIFYoTVlp0BBr+~84>OzsM~oA@2I
zJjFriloOTY#Z{#*uwWxVURF@3F`+v=0bKXgB)u8~ryX7zItWUPNfsWO^uL=z)g_2W
z-Kx%h#3^0}xhH@?C$Ho|Uf0I>Mrvf0lEIBtR1mG-BuNPr(Z|HT8IX2e7$b1MC|3U?
zsZFiC4a=<dowAKj>43J8=~wq*voEbg+Q~usZ@qvcQyd*1Tkq+vtKipEMK#PIS=@!q
zJ%3f&Yr^}``RU)9jJSRZVne{&r%Up!DvT_><KeAmg(o>~_!4+kK*t|hKQ7iY#^Ge#
zaH8?riQfrEb!Mt4UIKJJnmG!&v%(gE6YuN-n|}V9!ghTFe^9fR99y285^QMx(^jt>
zb@N4Sy$RJHZFpPfb=vTmkI@csli)8d@*R4QLl{w8UMJ^YaCgP*x?3Lq##>blh0IX2
zwzyJu_dYf`3lR-!XNW9j8EQwqThUwMWhN0iLcAM4FvoGDxQi|cgD2SuP~X&@E;;?S
zm7UV}e9l<|YbDE)D{Ywn?dE%Sl*nZGm#nZY57oQ0jKei1h-64_Ivp8B=;4V8-Ac#@
z4T4))L(+m^GjKz-Rb{#IUP}fiatw%P8p-~F*Rm}3`45}xGnRzI7fx2aU$G<N960Za
zjl~yjq!+L`0(DZJ{;Ch-Dj+n!Gk9;0Y>)Ks&B9y2+Z;su=|2E`pf|^{Hx>t-uYKEm
z19Q52n-y1vd#KfkY<a_K+6p01Cy@DFGXfU^;LS<EO2&uwnC{2_5cI=SG@SUOyLZ3r
znZ(8j3x+HY{-6s{Vu=hF_D3@@`KLMd!`%D}8(U=B*TFF~6Y~%jw!YLfqp`6X4)Y}f
zHruGLO@nAUCLxt9eG92ZHXffshnzf!{$E7#%HW7<JuUFl*Ed~Qfem7XBru+v_m!PJ
zD8&5BDw;_~L32?L@lVyJni=ePMzUpWb?si6w-uke|BF`NL1+WA{}=T)cmH1m`=V0J
zhaPKFroZ`rR1e3vL#(I={DzMPZ|o6Xm8O{A0^XejPQJ+rimbY0p79Rt)##aaQRH1$
z=XY4amu(xr7P8*xGF{0kuH-snEB2ijhH5aH0M8pgb>j6dig;*!U`E|GBYUC`_7{(3
z{_TUc7xAN+Jd&>W&wpqw{72Jpq?$`Tbe7=su>lFl{H8hZ^*babfG_X{-kq8hmXIv@
zBKWy4)c8&jjWm2)l*Q+J2<E_fp608w_BP4Z=zoliKD(0d41{^0T&Mi>{|~vKu>Th&
z{uDJBh5==1A<B`A153(x>c_VtqO|OZz0Gj_<EG5E4lR3%hzqR`J<y@(yb|qUG`H*j
zODo{qO0*TQ<MZg47aiM4=~zVxYkfBO|9s$lr-AVb-ZtQQq7U`oKd&ZwN$TtRpOfY~
z(aXuAfYyt~wL5KlA4aauWI}_{sOtT}Mdv#(<*cA|v9I#oJ4eF1nBRUVEjWLC%esl^
zeuRD;%X_z>(f#<*!{BWf{T6^~kDkl`<z8m26}y0rr3_AaUDzh{<4ey!&m4-<EdGyz
zeI;w0Ej`8t@}y>&q&!IL=TA5<_~@t61EssuL+mQw0^mMX{oYio;$N^%(k|EaSNJel
z{v(BMtO&fn^`N%>5ETrJtNDSACm{lpf{>uBQ{)*@vPb@Y`aY~0R5iF{9a$Lyn73zU
zR}~fIXfF@RwuY33(9E9~5@gT))Io2U|G$v2o=KHbRI3EX0l|E#jq3kCU?*C%<gS`_
z)GgR<k?3=Z3fUz<AL1au5R%29%;r2(pY60<IV)bbT_G;6WIJQh>=4Z{{P@3r@Noq#
zo}gL+Hg%Ih>oLu!ujMQz9Oe~+k@NR8yrk-feaAkUS(xQlMs9)?695H!SOcdzYUKPo
zlg4gM#vlKq>Y<j~7`ZW4Q~~E3YyRS?FZLd5YwG=WC_8Km({-;c-Zv0te#^wM=>UCe
z{h+_axh2}|2GO&C_<rR2?f0pLaMQMHkGyVAFWr6OZIn;e8Ovrk6v_I*ZOdwlY)kO^
zAKSIgN6Y{}%sYhZ94D+ysL{T8GyYw{J(Dk&;_O{HmIKn~ZV8B;sihf^3+YT0$VUq6
z#LCa<T!?K@t!9`>htP1kQ)YoE^`u!ws5+z^uxWhfehCE{eY285D%BulO<nuR^o=V%
zV;E@4-KrP$MUJ`@3l@*Q=Y09bGfY>MGp;0Qjcw0USy=xY-^jQr*RrTYoW`6D+H$%6
z{GQt-_19mwab2+}d%id65`y0(hxPXUc&*DtmoE}I|Mn3-h-Xt>JiuB>tSCC1N!}A)
zNpGT#nR&MoXPcj8sZp1PH<P{Rxsq{9#%Cq85_6hg<oan@4tcg`kC8WVL+W-q1LEi$
zyCEx?0JGxgNFXvh)AGKgYKwIvFIk#D^}58(=q^?QC)b*>X9<8wilUZqPNma(vdtA{
z8E(<MlR3?Gmetey^o^<&nIB_)rF>7nKc;G*;@qM%E|;9XPdcUKlYY*0mO)tC#<1%R
z;umxA43@ME8}cAQzoJx_`2#2h2t*xi=1ntgNVYpn{oCN`K!!L%g-P=$e8*BGY<!P8
ziT<uM4>yO~Usv9)OOjqy-c%O69;|My{>-_4o`zBSf?*9%tA}_f&!&rODAY5j%-q-i
zmblp4hg6Hxck=HPohgrc+<ex3C5gI1vW=c~QcdjqBEfL}!Z({wHdg43A$98Nt!h2m
zItdlh6_su!97&D!|LX8+q8G?dNEX($jRhvWG!-=c&HLWtr`d*EGSn^WZsQ7a8Z7mi
zql*8eTq2)VWjBL?4)S?)D73?_mbI1Ob0vfW^TzDn>Z%clr*;>K9^t-Z8~CA1(idrW
znOWEtr)alHS!T^UQKwgD86K$KEgk8Y^@~zq4Jjs^C%$D>buaQd8ToTvW*V?(wvuz8
z?r!U^ss#UQh9u;@x0BZQf&8bf3VxJAmla8pdrFhMp0Xq`+gO^tlx*ZZE6<gyFdWz4
z*^*g4G~3I2>~85^B!G0Dae>!^21jkrZ08BUif6VHFE=qiGq-3~UN(MKMyAXpX9>9U
zvVCuDC-VH%QG&OC|7PM#$zc6ZYhP>M6+w1cvPhj(WaIX_fZ4IjT-@if$(eoAH(zDw
zMx<D?Wy$JC$m@PrP+-OnjntdAJ=nGjW5o9Dec_RwP!>_K3i0RKej$FzdJ(WZd15Z8
zgmwLPPw}s|2GAW(S^^#nM0F1RiS0UG(Hq*H9Lk#HM>>G+CH|x<ysxX4C(qE_^?jk-
z6)!3n(@NG$5d10pg>|6*m}g9{Wb^-&ok?@okAxzdCSJ)_yj~?O0r&Hzm0quUMp*_~
zU1f*9z&1Zgv1r2sz9)aSI38>At6I<)3r?DXtZ8&cn2$BNbFbK*3r-xfteAXyn2!~?
zGgxeo9w)9^PHZAI%*TY>c|mNC4<`;PC+7D9>wY>)Dj+rNNp0Le^p#C)kDdJT3>qO7
z(29lP$VL7(hA{4DI2>hgq{AT!sC+-OKK!1bH4eqJ1&+UPz;$+a3hZGx&i`Ve+^vPZ
zXMnfemY_6j!$RS<7klT&MIIOcZ;pc#rwgwsqrkSz)sXonDM|Uw-$G1;n%oE{E(|0!
zCq`*bj?INN!i6QB8b&E6mYyEQ&W6RaC|20orvC0QZMfk_oRt;%ELg0#5j1vBO>QSE
z#`FWr%7%PqLaeX@B=revL{w~Inx0DWoR4B=T5L}QCr+N496v40l@sd-{@&Drr1C(+
zRMh0+)a2`OV&QUPUa4W%>{v%;<TI;ch5cfMF(4^}di962VO?`_msXH$DM;2ICk-P^
z3SX>{kleXcpO!8rZ^dEFLP=sG&%a;@QgY4koc!|B-!!wR28kidtd1eMuU+;>#`wXR
zCt?>!<8r$_d~?iUyZI99iBm9sb3*cB+6S%rz~r7=Fnh63%m=m$b(e%-i9m*~O+=2I
zyfS}yg_KPSJxBW~D5pNeup5#bkXbP#6~%|hc1ZEs^s`D)ETozx$R3#BS&f<3YEgzZ
z@1BLFzz(^v4P>~fWaB%dI-}_7jVXW5coJ71w%yrxhIWk^Y*$})JWYBfgS!aElt(MJ
z=<n(Lm<`6EyEb>)ozbt`q^2*EUf0C*6V?ATt%BM%Q7Dhk9VT9@VGX+H<$}emiut7Y
z1^ikukGI}f&$=O;U2Az0TxGV|-<j1$7t7rdHmVmYy}GnVO5z#(y0$kQTCABB{Z6_Z
z2c%6pBbg5YS3EvUIYWn6h(2Tn{m|_Qc&^&SMY^w;#<D+X21)n)$-h3ayrhCn)4)<L
zp7?$&UBQ4|0S{*V-p5PfCtkr+%x%&8oA%7j?$8TD|C7Hbt>+W%^)qWp0JVCiJ)n#~
zmPUCF{+030wt%NXe6RP_24xa#+gA#~O`w{}%Gzwb_yDR6t&qSkQyP%@+Z=y9S-quk
zS?=+*D;;xd@jUQpWm6kevjGGsEifNElwPEq|4O{EZ_lXP2!bgtcwgv)y-=8y79KA<
z!4KaW(`P<~8dUtpR%yZe`w3N-)ic*lo<zy_E@t(Gh(z&XA7~N7t&+NOQZonTI7EY0
zTLgBp;eW%1_?*SkCNft3h3z=16*3t-lY?#SGFLSpP&^&Np2eB}l|8|HdXPQiK#}=I
zDdMBGiZt<Y$=j9SgPCvW(=}xn`Ro!`@O<mD@8xESuZdP<)lkQeJR1=0q;*Quw|&%D
z8uIX`ni`1h6!@m1uSL`ZbjA2)nHuOjH0M91Op&idxt9zyAfHKlPybRAR}y)g>MSd6
ziPW#M4u84+=tb2Lo;+QC^u`OFSgN`x2;x>Y@g=`3^2Ca#BM_s2Yv!Yxo$AbXgUmc(
z^OVlf2QNZmX@`;mh$XLt8mY+<H*faB6v{OQZ=8I7!cms%$1ItW>CmIYYgDiBZ1eq7
zB+kh7VY(%`ig<JjwNrC<)V8E3!{*w!Q+LkrD034{4#LsF+KUQ_c_u&&$QC<e?4PO1
zk}7A^`uIeR!;;o5<72e%q@STsnOLCnAP?;Pb2gapoP8s<<Vu1+$l{V=Bh})H=-<Ae
zy;F}JliJzN;oFVi!{Y~FsM<63{5)#Rl~1-JuB?h5hQr__E=|AmMbe#!53PJe%z!gg
za-+*D#^d!s;P`pTd+ZSeYk{diQJ@wZlN|;g3SM2;*_YY3e*4cW-h+=(unL$C6tDs9
z5c2T9#>$~9@mV{(D7sVjMfb7l3@LlC+8aGLd#Lk?@?GvE$~i}@08|Do7*xQURf;Yk
zFBqMOo=}`rFJPTGEGV6roTT1>+}0lEc#V9`eeHdXvKl%Y<h4pFt1GH2*%r7Kv`%zR
z_)ffU9;P3Z{!kTJe~ppCD$Ng+g3l!UwWMSfD;}Pij~bqykE)p)#Z&HhD(i*c^Tic|
z#WcmlRQtuU!y<g*K1r*=GAYtQE^7NO*=63^;p+K~+y<Y+ICtJnt2f}Bi6c)d>3-)0
zMTl8Ui>ryRivg4vyuz~cQ(9E7@u>1+AoLHQ(f<8>)oXl>F!}+td|5Slgnka=+!l2-
z>_t$Iao88SD*XK&Bo^7V?{xig`O0YcYCGmm5iM$wpPE5&JMJtpk$5Jm9USVBIJ@Fe
zso(y6!ht93)>@-24l6ZIZ}}yQ&(<%?@@ota5CJrfYmsEY`_-?kM4t@8%`b1!{2czP
zpNK_c4CiX#os+B&d31z=+c>p6sQPU8w&WJ&k?qmt5%sa~xyTnRXy<R2Q`=QLxw5&k
zxxBe5v?L@$UTRCpW?DQJA7$1w7N>udko>WfvB<U10Lc_5jb4<Mfr6FJgjHeCtW$Pa
zy{?hp0B@M{^4+p}6MRNQzOMe1ybT;-me($ZH)3Dc#*i#vM!KwVn~*XxYF64VqEA~L
zZ+2<T^HZM!8Emuv%`=OLAryRK)(Y=4ByfR0dL~r3hG&t;E0m<Tl+LcwIz4dvX8BE+
zP3+5;&Th8$w$8MIX<e$^k+>JR5wdKugeTl43@yUSK2`(3S%jHJ6H)R&_(08e8E?DR
zd`L4dMdqrin@1ZP_-o~HpS48=+r(Gs95)VpZ}#c5Jz4jEuEpFcSymHz6Rs8^Y_n<m
zV;DZz+$4AGj^yWBTUXuqfeC@|0pNEf2nNU#?>nt#Bwx!0J8}{Q#Yo8$ASe%C(_|H9
zm`6UZ8SzGqo7ayZty%oVf~Apk`xZlY1ZRU<Ca;;{5LmN#5d6m`5d0`B1g{Ep%CTxv
z(8Eg)dX(*Wc+vYix?<NMW6+~lRDD8_^{?5k4OhSj(BNQ<?&M$<+Fc&lyi6SU90*vJ
zUDNSu=AA7muiq%I1HC`Wb6!Mwke0dC@HmLfH$6Wr*)qk+*aP1NgVvSJe2imG|D2n7
zPEXbe%srN<*=6Nj^H7TI)TJCqC838`);0Iyn}K@I>Ru;JLIRZUL&6oRWb}<0ieGWx
z;%R8fx)eKmF2pygwu-%_S4=Mj*Q)r>$fut?PM5ymr`=TJ61-K@E3}$F2Jjr{MNdc$
z4;_m`wEwD`g`XTDQC)m{PS|;MsT7FH&VI$$){;T=J|&e0zec-Ub{!=?<+$?F(Q|#r
z9I9LO=b=h!F6d`bzcBDt))x9ep8Ba5>&(fxvw8wd@qkt@sB}2Z!%eDCR<D#3{x9ur
zx66ZI<#q4#(-2!t6z{Vi56q8O?FGID&5vgvuS})wZ1Ql+xmLuC7)rJ|)fzIv9<4<h
zA#PtxhF8wN`|G3ul3R~9J<V$~A>}3rR&s72qA1_j<dKg~;c)()$z(B{=A4|#2u*g`
z)8$cMN*LY$*s5F=4+GC%3br0_Da=><4Yd+H;ma@F)&-r0UESnw@*8>oVQWfhSG`T9
z@&_#3zHVkWiM}LEtab_6g+5tiHZO$kWczy^=!+C%KRa-alev|NEQ{ZMpP=89o5?z*
zkd!vKM3EyCbt2#FVKUAd5nD)dqe#$VIgu=`AJy`&3(y;>qJq_&EPbkr*PE=ODZlXT
z_C2M#<<JT$acWQ6k(MTNC@Cx|jC-a%qCGl3osb$)v}pDd9O_9t{hY(wcJ^5(Yfiya
zNR_5>zkW_yV3A8BYwpVTs&uh=syX(-=fwA<w5UrXw>MnV$yx`6UN}QjuF}P-$}M|7
zT%zKt64i3e+5&f`82(2pqp9{mGYBHSU|9b9w${GZK2JldS*v-L)uusBu3Cwwo1b@B
z+mNw{qSA~G=Zi&$d51V@<3`i%EX{ySZMr?4O+W8n@d|uG2<ndC#fNojP7uwJ{Y4zN
z%&V=p>cn~Ry6Qffe{JXz*EGfL*{$qDn!r$JPSKKooq>_kBgf<SwtjfN7S5?O=$M7g
zlg3@Op$!5ug5=WQ?&)rpTgQZWYARctPN%7^-m%`Rk$==TA+uLd?zZ7iFTDOiuYCRq
zT?4R-=6gOLA))TgedK$CJMSl7zcBx9%qz@$$*1b453htmV4;H{h@LBNmaxT)mMdpR
z#zdaW5kGGZQ!eTexfiCMY|2zoLo!pr=+Vc&@m2Y-nRy?)9C-9K-<_BsNZ|l*N$W$G
zGYEaqYd`Wq$^kk2;`cy0Q>_bsf8HTUsK&e)+jO^K@~IQ{rDBgazWX%-`mjn2aqqfE
zc{<J@eSRV-zAU1n+BLCTLZk~l?p8G~R!~XeDosc%40q^nrj+w>P?;G{ZW66K3m~S{
zZ(I5&Y}=NiCqmSgv!1h8_I%2Qt=6_|mDExC9G+QlOV7-s0c9yHS}_Tiw&|#kMV*_N
z$!T~*_Fw7ANtWG=!B%`}016SSk}OK^caiMRi^b=+|4k??z49fn`mi~(twZf|)yp-C
zv8uGMmYqc@w`K9(Z}61W`;GJx!dcHAk;m%0ji!)hyKOt~#`=}QgcXgTLR5Yz(qzQ^
z23LS?nR_Q$VT@;!lEcj_na2i+f^)<-LP{YQ_IcIH)gITSN&e!?cH|L-$-{Ym2_lX~
zcj{Y`F%GqHH*Bi_`l$~t<Da1sFzMv75kZP5wdjd?H>p}S)j2zk(H7t6_3#F@`v=3B
zWfJR6F?+?s(XY<+zUs=X`dOsHtm0W1D0O04C>_Hc$Gm7{8S@i*(zj)^Ht&{8<SRV)
z1l(jQ$s`jM(*E#-f%}T%zL!Obs1l~+u6!41oJOCQ0H_iU{NeP15d6OWOp}<Ba&$Nw
ztNhsVM6vv6kQ=wdQ~K(1{ZeNhvI7QmKR{vS9JAXg9HP|m6GB&Cz6z&5TaW+w81Be7
zix<39d4^G#r&oFkfg;c9<!sx1-Wc4nBWaK7TlMkC2xyk}SpDqR#LD)H@@Tj?K7f%F
zxMC{sQkjl?18W1PyaE0BTg{_a01e6Y@76;ly#6P912}PkkUHi3?p!q{aX(8d1K;nb
z83z5pX<Ymht{|io5o>ZReq$w($}yQP+0wYU@{8ZNQBzL2pSM>2Ogtt`QVQV^>kupc
zfd7DBf`Hdeo>&@i%j*p)YZ`7nkk+d=y7F`@F4>WtRJVAr>6gSPPbpY{VeOP08^UMu
zNT8#IDA^#~ezscjV@f-j{DoF^7wmdoO=79FV^cTsdv%3!8fi@`brflB4NZ;s;)VHz
z`NFi96J8$t$sy}#8k4M08u$obLanw|LM3fsRO6Jk%t~qfji7Vf&7Yg^N5ypi)(iQv
zGt?pv&2PF@>b$mTwNiLtyyemkhgyd`Gsu&T$A_oR?g^urT$#;MwAq$!NnOJRV&JD^
z@v1?U3Z$(OH3TfBiN7`fPCs_YYg!~Vep-+-V@$l!xDS8%{rc89O<PFI-Gpy-qPC-H
zvdK1YVdmaFaDA||+uo+Resz_2?k|D8#xmDx^HTE)#p&v4T)Z@s0IPU07>QMmGx3O(
zHUsQp%H~;R%QTt5X!?ssSA8U7pYc+iM`VLq61=)k?3|xTNi)i~|CvWkJ^?Ut4<Eq!
zjz8kPXWS~rl+@^4sY~<vZE+OcxuD%Z@Y~IU)gLz0MzETBo@J8OAL19n#sUtdR(p{w
zR?+zvw`_11&7XDezbjpT|L}XGA8j9?3Lc>v?#mUcpbcGc+~XeR3`xgaJUaVx6!U>R
ziWYBq^}D#X>~_X)kUGd5mR2`b$*!`-p3{(7H^=!C?}ZPx$1vGq%>6Pw8Lkq>UM-;;
zeXeD<+yT{qvyR2|v>Uy?b{q4^o-eyAEeC$ToWD9NOav>2QBzuph^A8}1yf4r?{P;{
zG*i;1tR)0dQkGIujyxyN!LqJ0X($8^=Xm@xg(j}NvnScECiXoy0MHJ<uFVziYTvc&
z8k#d&?+yJL{4-2)XV{W|&0tBT%?apBTi-wI8t=2i{9FM;Opu57oF8-isg*aAv!5jC
z=M)imDhd-*;k02VGP&f0q*SZpy5Hlmm6~ntiR;{dZ;TWK!tTw3eUzh<aP~jnhi6h9
zg2kOnb;%aNa?TlRv@r1VWeq>I!f3>40j~GKkH_85x4lRDxYflPn>KqKlYICy%WbnK
zXE#?!UZR>;k*53X8yS0YH|8Go9iAJ;4r$F`9jKl8ep80p%3Ej{V2$rY@3M$=f9T=D
zuP)~}<%0fB?Rmuyp$oLx>u_lCp!Y=Lm%O<-dF%3|>z^nzn6ssDTXN6#%=7Yl_$vNs
z{zbz7m#LZ7E9z^m|D4cK4ve|}U$l{1)|b!dGrygMi*mgbxh%h!zOVd!D?F5|<ESx3
z^W_uT#}Gt{-!wtBJ^h9<=Q2O&QwbS9CL_`RZtN*G)Tv=xB0R;!Kpy%%+apeusH|v|
zRH&><n^aZyC%vrGx-h+*vn=Si;-6}Vnh=K~x>Db~6o+<{M#7vbhv>Na)tqsoY^Cza
zym_PEnfl}0TQ@Oc4U2gyMz_T1`3qjHl4I7tzpKh@PLTeB?DJNSWY@)EQ(Aw!CKh;j
zHDYE=uHOr2Da^9n5Ow@yo`xRJdlhWt10VtqsAO^~Yd_hh0yz7k8h8k1GMsSi0wo%#
z2xiqSMRW>i?Sjx&@Ww6q&be8ex6D^a7$KFG(tNqN&p6t%vOj*Mu1+Ppi}9_XG*3-f
zDmV;PHlTViq*ZMxng1nA*a%#OFXfeLE5JDmoM@o2F98Iaq#gmQ8o2&Ww>cq?zbiL%
z!TdWb2oZkFr#TC4gLFW|9}BoTFafh~hx1{(B)p$|AqbFP^*vsT{9)cl->yr7oJfg(
zzZJ>Pl-pnA3glT}hi{~-70h#u{v#m`xb?@Br1zN}8R1Bg|7R#!hF~P}kt14uOn_R&
z$iSzE?<DyYv7)4XioDo;kX?_|=w8Q%_ay%hY404|N%!pwPm+n9Ol;e>tqCUh#<r7*
zZQHhO+qP}nx_O@8Id$);x8Ayc+}d5$Ywe}IKHXK_wX1ur967=y-T<)^6PtDhxjhC>
zFrpJC=k&+{a!xq8=^Gtz-OK?+2Vl{;qig1j?;6%F+(Kl!)E+>4#|Gg=bh~PtpvcEk
z&XKYM!mo^(MRW8avP01KDAI*hyCR$*ipS>8A(Q<|ug2}t#y&iOFVKZ^D>^JXpP?$I
zj!M}qzhf4KNdV9Zrj|-Mjy60MVWsuBr8BR^vex{ttv~OMvB$IR8R91Us9S&3ot)`p
z=pOnx2EJgay7XrRb4kbzWE2|jPToEY7K^22^J)f)+~c$hYz^qOVq4Fms0ym=(zHTh
z`%Snxr&SIzwt`(vHw3TywZe^^xRz&QRmWQOQ@-+U=A~7qdU~@sFfGn@>EmqpJ~&V<
zSEO1li}UrrIdHMgL|p@I_)OgE3oFa7KrW6Lp*7BKEQ|8>1UbMr&dJ>%ZiM07Gr3DY
z>5_e5w;iJ`%XIaVIq*GBS6x%^cz4{JyNkl>;qmxSo#+aShFD*d@c4e*tGkOt?f&?H
z)1K4UA=Bv`B5=hHI)QW-lG}yg39vpf#V#<u#^DLmzsK$@I<igI>V|YhT<1IlPtQ&2
zwlwhU$9P31R6k{$ylF;emlJB{C!tk<ACJGb4FP+Oq0}hE<eMQMGl(!58xKbx(}2}i
zqX1bfS_ETWqy%)E0j5P~*s)~#5?yd6YxRWNL1n5FNmo??!>HL3jrcScdnUDpmJx)D
zGr6ppsCAIc1EjONjo&RFB<lTXq~|OcX-vbW6%tXHCD-)o!)0;|Ep1&hXawdgF=?!&
zZtYFHQ}0FRb76Zrr`rQw92gE~*={&BLqYE?srNlSX(O}HnLbeJ!1X}#TsN@=Bihdt
z%|?h*h)?O?RFEC-4y#s=CbS)+CscPF5>smPhDY04v#XvWpDLZ{qkVq)-5Hey{<IZP
z-QS;(gw=nfCc#zS_~R5)=31J$E3c_w9E#{#z)P2ijvl->nBr{P%i4gk8*gc-9>&yI
zVM#Z+0@vslti(ejoVwh-MWX|i%8tys*f07yNSrLJI82<<OS<xlK}3cjPA@b~NpUuw
zkwiL`!g4gZwlKYAGC%FMP;h?~=f+`w#V+Orp1|X52ugeCr22Pj$s~gOD?tX4-u;<t
zCjWeM@eLvCX;86Lu8zaNu_Ph(21#pKaFi#dYrS~57H)?iu}D@hFGZ}r<WM}Kh(70l
z11bf>RDZakSD&QJPdz`X#A@Qt0DraJEtf{1CmO%!bE?I~EJ{EiYTzbJ2Mz#N4HCbe
zqMoFlr=F>PDB+Q^ZI^Z-!N#;QpXy+=MY6KCY`4<sk0y)C#)1utCXLG4f~})wp!s2H
zTbd^H((Lz>T@!0*vBAEn`Ef^JhhQiDy88Os#>!dP*}yrz><Y6Lj&{z`uBol^5^ibZ
z!J$J#`F3>wDRzmtN@_Fuy_0HhH1w;A^~+5q?I`mQvt_U{#GKNzBa`I`)hR>D=|B@y
zMP8#t*(M(1V=t8QrK<Ab^(aAgJ<7l`#ccpvb3eiLwnp1%MDT5Z0e7vW{6cEPp;I~H
z!5x+A)zdEfdy@rBOK|^a3Ffczi|-eSSN;d*a?nB8aLb~(=<6SO0y|PxZKXHI>aH;~
zce*ab5VTwH@Af9g_7yr)$#l;Y2T|+o&j)WlDk7}<*Vg^h=AdtL?=c>K!dodxkD|Ut
zT6&_F$wGr)a}nRpSzV^kKMr1U`v$}r0O4qH?1vKwbpzZrs?^A3?8;WCYXg_VIEpUD
zM_yH?Uc+Wy{aeXuQi#`$E%DE_H+#EHq|$QEG`gO%@A)DUSh0<tDo54*Q~rD#l(0~S
zRtEMCc80o^|B}{vX0T9<>`eId`2UjX`1I=dtSs!B`1nlf_>7G7_^gaf_^b>J_$;hU
z-;?a>_$+KJ-vk4rIzAI4^FI`;IzBtYzjGYlQr3TL8Na2>9IXFHnHauF_J1ZBn7&;y
zGc){4vi$GaZ!1Q&e-)U&71)^=@mW~d@mZL@W3v3~g84ftGXpa|GZQ^N6Vtz%EZ_Dl
z^xxq%@&C^}nE!Vk-)sM$GM4`#`)2;%1}h8WH&EYeWMjf-qyNYGe+CoFe^dWCvwko9
z8%5UdtQh`*`JchT%J5&*|EbHu#DdSl!GO=q%JF?>`xgNwMpk^5@2l{g_`iNwI2iGn
z=-KhvIlg_;Gk?SVA6@!yt8Ysd4tyrof4s2$m;Y}R|0fEp--3UyG&eV$sHug6p&gy5
zg|364u%W)Sfgzo=p_Q?N2|fcoJsTs(e{l@>j0}tn9E`lYuu%Vf>o}*MyFogu4>Vkl
zcK~SAT2~D<=~Oxa*iwxaV`<n!oiPVAlX_f#^#;`Tg(cDhq67T-hk<SJZD)afywz}}
zlA7s$xo!Z%UeO_}{<xre@g$cr{XzvUfL?RUfj5y1exKBkh_swVSiL%X+j?>-w`aCD
zIvgKQv7b!GAb}wAr}j1|=3(q=;6TSN5vy;*BUpPJw8=j!NQ&wRoQ`oqn2lr(G-l&|
zsWLo5Y-It)!8M8e#^<W`3~_=1Vg!x3X)3MjLYERG#~Ow}vaa66)2aFTqAf4j^_f~Q
zt>W$we3UbbcQX{h6Gt?nqB++(Z%4P!4dRB@zxYkrqAgTiY3YMdaN*#0W}DgGDb?oi
z#b#ji8*%tnL#y?esDUVVIQ&DfTE}PVpRW3HfbZ{#AJ@;yU!$GRYiGunz@K3`owaxn
zr+7xkIqqEXnjb0}4Ihi}3v?h?X8z6aixunb1h;o)=w5G52)XKu+AX<suY>JdMD_JQ
z2!<-DUK_2MvFAG>Kca-Ztc12us1`V^6A9|~U?3)1ZboTTA~qu~174CPJ_aYK*m%{c
zvO<2R;1Gzg64oYo-NyMwReGAIbUq^I%M-+AKKD(-+<v$#esyc#PHv^y%A)u+nhEC^
z_<D}EArtsBWBm3~ALIy`YZg{PmNdcv{CpEd3PAtGUzUA{wpwX`yaGKR6^&i8?=<H3
zyOZrD;>%Zg=Vw8Y0VRM|aXS8-Iad^vSUvHO$C!7B0FDu!TrdRTQgJgP>j<G!ThA4+
zDWe=};_{P+MCO4^B3dOPGeIRc`5dku@G0|4C=ThNS2%T7t)4g|sUxjCu1UZP)iJ`l
z2wULXKuhuDtBTlMprQ85FZ2YtSmlxXT$ksx;8Mh~)^u3pv;=6Lvf&M}G^bLOWt4lK
z(hYR`OyLcnAQqLa{MuIR_xhv7hg5o7J4*WNUPPv#ggK#b_G?y{$Jg_kk0<C~R_S#s
z{+PG^&dU`}(UkJPbd*vh|G$ivS+2qta9_AdY#xHbHazjDSlpK-Sp3O+*M4@Fzj-ZL
z#Fwzjr%+uS0fz$qfvQ^Cs}ZrZCsz}`dFWxY_*aL?j|(BT+_Y&=haaQhK%Ie|kyfHj
z+3GX8<QtKZ*<8~ZC67<<LUkX;`E+sbDpHINc-!v%0+HwCn1+HBzJM9*`N+e(023B~
zA8T&KG3I^uaq)am{m%5bQktyE9Ju9T&O`~T^L^cn93tk&NC4k<$}5&8L*bv5B!HoU
zy}t<6-dG~7+Ik!L>fFWxhw<OF^2Nl%LUAGI!r$6#d4FAHid#!-bGcQO0Z8Puw{K8I
zD9$`qXjxbLw|4fmYGR2SMh(d_q9A!ohGr}nW(f)eNi)AhJuT2KV0j|U2g(DJiw}sn
z`$AS*j1PYb8yIA?`#^)`ij*klu9FcerkPk>VF(C1Dk(javZYYXS{+Ww9&-mBV2Y$*
z@xGULHmgpr?Cqy4E!Vt~-y`C{^2m}=DOf$%3!=CiJ=ogDn1Z*)$tVCs<~N15pO4oT
z_=OiH$+stQ8Q3(#Md?^a$oN0WNM-D4aScT4)nE}3Q^cYlEfLkk>zEeAg&XvI;7NP=
zWp@LC30c3?`biPh54+>Z-~?JTDm#N=F!#(~2A?sbO}PIG6dK1OIokQH>ljB7K&Y9{
zTJFkmxr#Dlz`FO1!r<eFc#ASJ^UojvS1+^sHaMz|{$3qSMT9D06mS=1+z<se7unH)
zVRZkw55`gm%`zk=hmENnkgd*XEO{6khkyc`%g6y~6+wO<a*WTm%g5k+%<h*s<i5&|
zccs2gH0v>~^K<5M@ROFIt-=E_T8G?Ql~1gZi;$q!MMIyD4Z?7i6)ZU_S|*D>>ZvLm
zk)?-$7ufMMFf%QkOmzlgD<Zdt%t)|q+<Z&-q(}4(Gx8TWxb<#7xK8VyS;kL4q-EVx
zzX<MduyM?#z>&nCgN-t?gNx1e9KAifvg>v3mI_a=a0L%r9K*q@av9ZJ)qK;6r^!f$
z+>MFSE|z#|MtcCO>upKXlA!zopH907bE2Q(V$+`UupMX*%#U{wXkh*ULV<tfF3%i7
z)p%!ZZK`9WYv|zW<YX}@X~(mcf1dTxXMxEd$9Dcsst2dfokj~O6fXe_6K7LE4inCs
z-0u`plt1Z|&>FY*^Us^5N%aW7Bc9J7zio1SWENF5eIQ(zX4(_tdL!6hTOAr+hO-0%
z!K;<PXqY%!<BSDNXNlHS<^w6}bHU3fUXWB4ou8K&c-qP#Z~el;w%Bbc>{-^?x|!h_
zbBWvm7pq_GiHKm3W%Po%_u?83l?lovL_Qm0nT13Ai#^j(ILSIQKO@yx8gh0e#Tn_k
zsW!n0t8cmbrR+F*$p6*@7CZsVh}XSdzn!648Pc4(w@siLQ$k7#jeL3ul%`5>Qsv*R
zd<bHns0xeY$X1z>g@kHiB<T_ie=aWX6EY`pezI)~L=)uOT$D$qb~tVK_$ChVtb?bY
ze<<8KI4fiJm~TGVI^?{}=C=0!y;*S6%44z}p+Sy6qHWh<dn1fieq+&4Tq<kXQIZp6
zRH78AXBs<p?L$?DV#!-V6a(oz{@tcWYhPrLY!u5?wz@$+lEJ&IZ@O?mj2eRbH0*tf
z{w8mDJh)l8Us+IWTZQCFcC9qWPCBM}ut!yLZjg@35xxJ7u9MZI@4A|sb!Ag$e*{W9
zdR=|gye%zQvu4sDOif;1%)PGojbD&nyD=vSMDAze8i8T6Xl0f~<M04stW<FA-pKdu
zKSbCM+8Zx{%v!MP9haL?Y%cOS_UE1_`*;a2^l|A2S`LD8_n+?S*anA({CuT}Lh8`)
z1<6Fl8c*ra6V~b%9cS5^{u?GP^3uLf-FrPk>$B9~m~6>PDm;f6t*-r~+NmzJ>*xAI
zXzHYYnhMK$JkAZONQNK+dWpC<w-^YwKkm>TxO?#XFRo5scmqlTRoOXreOoih*dct0
zDMgC?#i6h%vRPr)JLO99AJ3721>N!iDZ<gCRFV3`GfJkIqEwNJ5}0v?^89fmroO^b
zq9_rMo(KZ)@M*Yc0gstyxgUNt<cO@bq$mi?X;ngm14|J)k~t_$&k4HneL;{NnbT)+
z4xl+yFZ9KH=-^_~9`u8LFMc4G0@RU6D5R%?EiHR_dD{YVK1YtBP)~Y4Y^u$)<3VUL
zK`&Av`@PqxFV$wm4h81pNjuveMU<2x82m{qaxvM96|u8L;^u?Wfu~JD$<6WT41Hh*
zYse@?Jq)HZS^R;91i0sWmx7_>VvE*=z@UV|BivIQ(#hBL0^dk)3j$jZ#mMDV$$NEX
z@}uJc$uCg2rON&6(Ty+_$?&7(chPcSY5C>;ikgRN6arvrrNR=>vj#@Nr+RkE6b0>t
z=;*y-7!jmobO~0HEZ#L3@*qsN;mC%iAmZSqfDw&tdt~VZW{<$?6ZS~XmkS*~gIOdp
z5~Z+|%SB!r_K{D_?CXV-$!;l<7>KAiiPG3|4Jy!j%^|U%7xVNzg_x|Mxt1VuQayse
zU%wq}7zNHjhe}eVC*p_w{7T2eoWw_^5;z`Zf;ILqr~mZ#qyXzFIRoC{l(ELbGWoG5
zJ(Mhm>YDf1$udS{jV(^XSuz+3nF1X|vnCA+nJ`YmIWy!7m_i*yGbe}roeI`DAiYSx
z3k1JM`g@V>G!efC`fDd$k0J4r?4S|9GeLeS^-f7V=lgq6?;s<2D)bT|eP;T@OFU=$
zgOj-P_p(VkXZeE@x2yEBi9fqSUd3EnL0-jP%R)MdH*5A*AXyQx(=&PV6yxgPb~AcY
z0sRG8hq2-7e)^FK_T2RYGd@U@{Ks#2dUzd-?t~w0KvrPQc-wA2<UmYxh+K5JJn!lk
z5<f=Ey#Hz#8#-wuJ<QVKcU_qAt62Q3|CHoEV^v*o#QJOfSEFIUVnnM0b-I+rTlq0<
zCE??Zm7}&%waRkXP75U4ee;p~VTez6>knUdV^Q@}!?Ge)*6LmSd1V_#mJOTMU#!jt
z`U5|7ew|HYd%;tbN0h0m>=u-iR|JCBw7YeJ!{t%UoVUPd?zfE0-sudX<t0Y{D|W$`
zWTFSbV->M#QG)@Xn9P)r1XZ}x^S;peCh7+oGyr(a6@E96caI0u)<av3^$~50^%B45
z=BLN96LNPqZ;LhE4|T&D6#z8~s(y<IUcJc}^{GNwZoeQnb@8$twta7AAZO7~8P)aa
zLqPNPdGXb`_CwaE$kPp3Ypk5qq=NC}u3*;W)!fk?CtB6i#GI{*E06wkDHAgwK%t<(
z(2k}zURhx1j`@|9r$As%-e0SrGqh9U1A(*j)62C1%+w^plQXq4a<=2t^8U}O+ceK<
z+r3<|SA>I{4%sAHxGU<B!D>RJG_?L0^XPbr3zOrrL?-ADrXN7wuHJ7znS-)DdDly*
zi>ULiW||Ez4H}kKH0tJ64fB}h4-KaP5gN@fvo$|WRp!Q=#>#4w-fJE{YA_GWA=64l
z>br)J)5pzB#PBX$&{FY>ApIJt_=}*pYG_)GFju$8J!*vx_;#p4af`5vH^BVS7~&o=
z%vu~W%9!|JVmkTHaYG!!u^^AQxx_LBZFREW15sE5brI&T{dG3_Z@(&qjIs20i`)&Q
zY8$KN@7W$hK>6>lV<2H}h(95~#3Kbd8!dct8l%%q(9U!_;*OYdNujN;VB*q5)6j$5
zfY&y$ka676eLczlG(HKwqi@z4jzRd68~PK90~I$l85_Y(irA)uM8oQUR0E>}!TfOb
zmiC7E!Qu_Y4}=dM4Qao7w3{`s71o9PrTJd*jCHfLM>ixlpdI{0{W<q+e-n3uHze1e
z6&}^!g~s=b4;?QYFL(=m3k@&$Dq;(vi?@@kldF@elW7ytI;v?<eODXd{viK&Ye9-P
z*a2ds4bjgXNwl_hUY*D#o-<=SDih-a%{R`)A1Pzxy+40B1l@J;7z4^Rg7*gvOwt{G
zk)+Rk*4E!#wrM$%+Y1x;)1WH?2ZRZJhWe9OY2KFf7*bM=ASzo#=LPFrkmjE-3z2XI
z$A-;6co-LL&{jjWgr9QUW-3gePr=JRm^dS>yi*TM`c$bHyXfBu>LE%72d8)R?imD?
zjzmbWp<ICg=sBMv^}j5|>}PQ37p<q)exnIp^`N62p5pcS(MN$JxXg(h+m_gI#9POk
z5Qg?0L*NLd&6J1uQDh2Io>DGno#|@J<}G>Gqd4ZZ)*zbM5FCFw@n2qbk6&gR9J4($
zIRFo``#JKvU@N<0cKM*rKqVjG9K)=F-F?dJKJ;6QO$`Hj65y%U5LO0@er%9m34#ts
zN&e=bM4&d|&vMMm;L+2)9AAPPp;31E+ljldw8Z44v#Gn;;{y+J6`!~rddpc_8d*vH
zbp669IijMZ3^ry*5rzT9xvE#A_6%iVg9-8b50rV%*rDzN(^)f;N+PGSTXv4Ah-TyF
zpR*%w)Pft-_ZJt?jVBkD&%A|G+VX27P+x-1in(*ju?~VJcCuyW2}QQNlHrplR0Aqj
z?q{9d@6r-S$|Ik*D^9wP^T%q{VeT(_@nPvE=((?fm$(GO1kG57x-E*6#~HGVW(Nmm
zMS!fJllDHFg>LGI8h{)X&0o&GLS<v@h~gNYZKmw(9@P3JEFm95sU&vZdyH^$CEp7l
zMj;3zLkO^xG}(0g-``(Nd9n48|D{BM3R^L<RrV$qD6yxAtt$VS;<_Q5`bgTE!Kv?+
zyQZmm-VLt@n`t;fbCcoK(Jnnitk?Vn#NA$=U18J0h@JRi%r=Ia>6TrwSq2w`G7#WW
zXYMHhIuhm%^Z4EOl8$|O55bj~Bm>GT7!C*ZUAf`QMk2%!ljoxPPc<M?w7i~^9~`a>
z)btaZa&+UM&<WIU?n9*Q9zURIR0qep<2I4tmmm<H-Es=N$FNq`r~vB^Dry>C(5Zt6
ze&Tz!7U7x&Nu^M5j2V=`TfI^B9qKwYOMhyoB#B;NSS3uD#cU<YLg!4++i6Q!@XY3y
z_vkfa`C%Gfc*ncJ!-5D$nGmLstN}JTw8jVKfTAh2MxtG_kS3gb&r7^b%r1`<zI5F*
zWo<z^SO`!x4Bd#$i}uE|3z^PTN2#MHlu_i$yQOKLiZX!m(h)y@HKv7Wp*zX(dQ>c9
z!e&_jR7L@4yEqq0o(YSLq4AjMi!On>kxq7R_L4qM1zQ>c0*3{wyeb_%Owp<-nJ;Jy
zr)-BE)B>_RJ(+-tV5jR)Gq5-dN8nfO5W+YqLfM|ReYhTo9I-eCI#G<ypXu!1*DtiC
zx$DPJiE4&SPit>&mv4g?Y)!P4jCjk}&$npEUK=i0lOCQ2P5TKUY^)Vh?eWeuH=esr
z1!H+3N!X8EHrsMty-avDu~}#QPx}qoZY#wQnsKw-#(xnt9oW@}jiN+rO+DZ;>{aQG
zQ}Pfy^oo|ShF1(FAonW5j?v`H%ezLl^;(4!RTHJu$D!!i3iR4Zb*EEGC2x~v2}`}6
z?}^Sv)zyu8Tl6pdLQ?Brx4|PSuvSYum@+E=$Z2Q~jkb-kZQ7r{x=lTfs~a-N&ZpYb
zrq-dcS}lKGD;`ync4_;<6jKpnI1~`;)TGcH<{?5?{4SdpBciOADjJ($K(`&HrNP7o
zlg6W0tMIhbfAa^EZ{kQwbRSOkQ0@LwP%Ugg*-!tfVt^h_KV&JJylKD<f_xXT8y%B8
zEnH#h)s;ysD@=W-ZT%^m#XjDE$rGPy?m|LUJV8UPuI26frv<gOo!gmNLAI;`*EO{;
zTW57f9O$gLe7vf5*a-`U1;yoM2~EmM@D{lzJH}bsp$A%U5S95Stf*?a9Du+JLn!<y
zFOEaFCbAZNT=^^+owCe%*?e3-Dyd1f{MMOY5S<I<1}aMH3@!uj;V5k$YBkqzBP42|
zAFoz=5JpqiWmmLmigM~+X)mf8^zEk1E-o``^YP__DRtx3M%8>g1-IwQ@x8EFXEO9|
zpuURX_M!>tpw5gt1z*EWKofF<t!;I{pYMx9Gp6?EiU<CRhElMV?8su;#0>VbWuuxY
zZ9X)7S`Q#fbi7`pKnW*;{Gv^R)(dwvf#c9|$bqP2bsrnUzNsb2=&yif=X6pr0*idW
zXm<w^+ja$n)^*LV$?BKT$uC{$0?a9|&Wn4e*HhH~rT{@KRAv`mXcdl%(raNq=X0?)
z*~)lJD9xrqFENgUM<{y%)B*$=-n3W|l(TDaKTl2wvJyO5g)Z$NM?;4d-HhxpZp@jP
zf|qz`{Zo^lb&<K#v}Ivc@TeCGlC`>8G;W~WqT~feJtJf7Hs^uC#ZYu!<@KAIsfP0$
z^3JSC5I$f4{u_(fTbFh%J4T68aV%d$$M|0y@+#qV(}$K@l~mR@tX7)5WmD?f?0oUd
znsb~<bY;b*Gbl=x+B2JceT~LTz9F-YhsI9UX6l|MBlR#=nn$0To8dNZ9`F;W=OIO_
zW}2KU9Y@+X6DL(`U3lef=JzlkjOnTc$0`yfe5JN+VHW#p*{E=ESfgfBp@uynv4*V3
zRg}qwB>Tb?GfBN63IHYHx%(YL#l#KXiIyN;$-)bHN<VS@nwY&`GjhNP#G1PhM4LYv
zw|l!k$8c52TleJ?_pw>jDohg|P=%Z&dlkwiy8Z6&B$^Fntl_e*ZZJL58XV{D3vzb<
zbl5wINL798{l3Tg0GFO~!xRh~4O^^Szi9}Z=<0M?uzs@{T2P11g>~%67}%^#SX=w+
z&Sq9iwwc`2uT5XoTG*DSv21H@F{JOoN<~ZN8ISW(b}K(^gL@%<;^ZTEk!>kSCbV|Z
zn1{$!apb&Oyma#-J7}_vPQGH&z%>Nc3&S{-fML;ZP0B~E16|mjDRY~g7{&;qnK4Zp
z8dpQifk=KG$jsiq4@5AKL5j^xfqFXLgYP-5sT`fgevM~M#`{TqQ_Ip7oris3$N|6C
z-n5m6JRp^RP*7{5%3`_LYd>@n#Cw%EzzHf#GLV9THPtkm<wZ;MR}&f$Q7Fr2O&B3V
zqQWf_47ls<r@&lg4y#$UDAAnyEp;1>1DK_*TA)$j&qRuA7{9O~0ZwmVX>Z0c0|fj{
zf;z%-ifCJq9-V+uYSs5QrT$fI+jK?*kvdQk7QYFyBEfDp0gmjRSQ&~b_Pwht-yink
zwI8**xmH#AikYEyNn9uNJwVsnsQh2U7{nQ~_4&TBz6x85PMdW$J(np6FK$qM0|T%L
zDRQ)(kEaDb=2n*S2C4Q?NI~aM*dg<%PKoCUO-=LG79AJb6=R9z>4PFiJiHTGc_>yZ
z8O^Ngz3Pliz0Zy-ub-_c1sMa?@ZU$rEy2Eb275HGd3@+jutEeAGibfkRj#HOzCrEb
z?BhB?kC`L-6K6&M#<{otx*EtCOhKZQ!>HDm#cg&AGud=+*x&Hf(J)i%04#^PNT^60
zdP%y(pM)(!(UTuaU>ZMaEWs-^>q`&cwzThdr#;+^FM1{~k9RvkJ3c`dYF`sq7Sh#l
z7BjveD@zZiJRYyx)P)F$tX69tQt-In_I5AvRdwi|TfKlZ$3@Z<k%kSK-Iz&NnTbu%
ziQ^3CR>TaHMW_1)BI>UG6#7nXn@2J{kytW6zoQYSz3DwcuQJrw{#ql}6nDc5`=u)s
zt(TaNyuoYy0>AWinvrp}v2vsH%;90#&_<AaroE|Ehe=qy{66#by6AOTox%rb?cQ)(
zTC9Mlr6w{aJwL%erw9T*20!7_u$r_XMzdXpX`?4j#s~;i#!)2S??Vg_%s|ZcNa0;|
z5+1HEooB^_{RvzE>Xzc*AahREAq14WG=4P{-`1(MdTN@))7`w$NnS;ss0YKLeUO2l
z3UxB<0B&pcrZ`A2mWTxn9Ky6z{6O>6#QV7%sJ(G;RVkm$ZMa;^bYo=fq*-qwP*v3i
z)@H<pQi}n5s%~@EJ~fHs=F}E=qKO8}&WP!7G}Ew_yR~wA9_2BE8I3;^+~q53-~*E-
zD^VTDG_xLEJ>&mS$UVnB#~3#*nI?_l0ER6jBnakLTOBx=Yf5FwLpZ%iZGdgVe#<fE
zO=wAu$D<NB=;HtVIsu_8F$x0Oxl51iJ}$y8y0I5vLh_`WrZ`(c3Ap8!e4Y5i*Riwl
zROPbQxCt`G5j7G%wH55NMgO*XNM=ZLVeh&SRi(}BdWm(Vt+=c#zs2CSrVk$guvyb|
zT6e=*mc<dQ7xSdE%gdwSNJ#nF&^VC4l^28o2kDw#h8;O<p9ZQtB~-T)%tb~vMT~y8
z%pJgL%};vgs<4!@Z6An#m--7gKTl;S$k6oQhZ_fp#PCZ2NH}P<_Bn2augxgGyCn*u
z_~<5o8npm)R_JFNu+`zJ_gZCM%9B@1wr-bh>YR#&^C5;2z(o*k@n9-h=7Eh8mSdn&
zENi;s_a9t9oyFtiosgv?tz~k1ZZncEHF!OEIM_trWV}W$FxygE4pedJaVde1atSbu
zsG;F>ryBVjxY0CIp#P7)@q!2YyF;+UUPL~XX$<v4sPK*uE6iHsrqlyi4uID14m86b
zQ8dDr&eYV%Tc6(e1kd~Q8B{&lOb7a+ZMqNkA3KTg@jJdD1xmuLNCC696vA-A^-Nzi
z98izv_w?Gj%jA!gBUrGuHwyD8*!C~q-v=oxyAWR_bms4MA7XpKg=fUgN{k+j+2O_-
zwrTS=<aSb*HJ+Yd&zNs^8qeKerK%gDy0$Zo9W}C9ba>g?RAN<ebmhDJ)i<|4D>q6S
z>$oe_bi0u0by7bOA(i>7y&oeMA#%`?z7q&?c6mv!LTv>%aBF`Q2%G^6`kAIL_2}rr
z^ed#u>0-Ivap*yvmoE|Lv4Q#T#3bF0xWgQjN#MI=G*%d{%!OBQp^0licG02yJbA#w
z{M>w6bW922!0%r|ih=sB9aikQOU5IrD>nWEqND8D3I_&7<9o#Rx4i{$?W8p~1yZb*
zvK*1IRij?(EY^%o<bhPUGSnmo_5`FcK8D*#NMALL^BE<Rw+H%jvVa_hLu0b@TPnVn
z{kkM3X!XRMBuR5kQbS=!UL~HslWNQaU8KFm?ubVb_87C7n|Nl*A`}?0LIONdPrmf{
zC&*9Aps&u@*x!bK4s7xz=~Pxsl}~J{`w+nylY$t3IeOlCGkFAXL0&rS3JK6ZAdpv(
zyAZ#0j-o$G*@x}kr%^%16+owwd?@1+=}8V!*{H|;i6`4LBFP9S`As4`)=0?9KGbty
zm}Iii<Ilpjl^-{QVI)V;sCBdt?H(4I67Z~VZNcK`xEpBY^Cz&+EGn<%f|AbKT~{rP
zjtN^iwYEJ1xI%MU{(!lxw{;3{?!a*#ygULR@OyqRma$Nhe~@)P)03+<Ifw|=ppUTt
zSR)@8*1*VUg{%XIM5G{VeI6IR>yfVVR~Nk%g&8#UKrJ#C9j{6*kPc$#+%|IFF<QwA
zBxRClC<K9MFCrisvi^rI5;9Mt&5rNRuwci8JYbVD3uoNSJdFq2lnG|P^c`fOWnrPE
zLw=rpI@6N_3KSTIT*OSIgoc>XgP>UYGT))yb3k6vx0zTact;_~{4@ww=rx1JlpkSg
z1R|o9KTg7Ua@l+iRH*N(@`8ukZSgkP@E|7gktK#3V182_vYz`cZRy#)ca3ICT9Cf8
z0ja`Jm0(U&&b787Uto(ul1_3d-7=!?8_{-*+uAlV$LVo$-ka$&5VH1eA8J3I{U^0o
zZLIq53@JgH?IBvCoZP#5{y>(H)&rEfzADyb1+BwzC>KabhSZvSs*Nh+iJKA2+j4j?
zWlLBsQFR!B193wbFBVEJj#}gn#AK~=RLce}yVnCKm}X4mA`W6`^0v1i15Z=8Ip#14
z7HP+T&tri<8|i#Dv0|;zdXla5P?YvLbw`B;pi}ZhG-i`%CFZC4`KXe?YOUr<=A>B#
zSM+cTzGz3I)ye7aqt`%eQ?y=8?K8%5)60q*BU6w&kdTcrBM$+|rs+Qqm)*HosKjt&
z1(C5g`P2}0bA34ax{`K(i8m0U|4huDM`s(=yIuT^T%p2po9(o*Lu#RqTZ`fY=w95u
z*MNK%{G3HhaphDXFFtANX!Tg^hF|)4nKR##<!+@`o;hctRYy9xr!Vt*>cEn_OksFE
zA-b|Iysv84XgNJRrqkBE);vkfJdUpjbh#`3#gpiHKtk)Q3<nLhXg6-aI6J7@lTTNJ
z!V!9$OXTZk>uP!xy<LBJPD2d?D5q_fF&R#^FpN`9SnoBse|@uM1=zF@Nkh=mj#5)*
zWdl1XfD)U_Xi~x=SH?esQVje3h+a(Yz_nP(S)yfUlxtP5)DpN%fJQ@eRQco&eaQbE
zt+k|~KAidoaiQY=UHQcKq}y@d_2oTe_cAp8DlcTgc{(H>rVLiqPboZ9VU99|-!wec
z9o8~>gt<PDooI?7DGV>N`F@ewZPBK`5-ENZ7=E41ZcuA%=aA#`Ubc%Xnmmb{kGQX8
zw~BSV-+Nn+S}}7n@f}B8Onct%gS+nGQiKT;mq`glohnosN>f*@mwA%SaT?mln3T7;
zL|@A9;2^{}apJLrtPL|70KVRX>N5{~d~k1V^nRS>S!@Jgbl&X8!~2N)ok~5;8mHqc
z^%xx@0Mv{P`tF-mctX&%U{&XG_jvL!u;~FMLV*-Y_xYX-(BqWK1or^*&DWkGjXG_=
zFZSKyyd1q@TQ1zhCF9`%#L7kK(?xNHa+iJ0Zgy2$!fn;GmsS;2f2EuO;59jP%AnAK
zj*ObhwOT7G|9)h2Y<)VFpIt<Zrz<P&)GgK1mI9ck^I5v6m}?pmGDowg);tc%BP;4Q
ze7=5;v<lS5pD&SPZDh`hbxH7G%ctJEmKQt}8u`o^Ljwv)xYlI*@LG&8BZkM59VzW^
zS>LezImacMiwdYOTYk9c%A87^#y%Qi57Ab}y%y4yk4OQgck9_<M}`oZYZQ2z>hW4E
zk6@a^$G(t{h&_!d?2X@~RxT`=aNkK$OvcGgRJU$cCi}x>&ipXoxMqla+5@MH<PkZO
zJ+~NtVIWdsM&k2SKpEiKo7mZz79eX(BJMWUPJm#_cw^cW;n>=|pAB8@yqC&#-o-f{
zYQ!!*7ezwi<dKp=Lga&o&&vS?hE(C=o}k}BIcKqU&F@{pP{350J`dij2mKw{Q8RZ^
z5&CImXEawd)rG09ou$al=WT6bNvqSaa~E^358i>#cvWeB9e4^LgT7%G?~gZ$W06F1
zAti|cw6%FRI)__yYQw42>;(VG3PbNeVwHpB1u-_WV^*5A9ag;-Ma?%pUe}QF6!31y
z*Uk|_AYzz}Tc#MXrIzTF`00y`mmfy!MJ+Ih1o_G4wgtSYlu+66mzL{E;iox27$N6x
zbZQh7Xk`R>CE*Gb2c_u3mU<s%iMac~hM%j2pe>8Qe`pu6Hqi~+@jN5rdOnBgRdJ}L
zMRW)$9qSYAIC4x3vz#hA;z$c7r_#UDk2t0{CWhK-A6q-m-Z~#D5(NAB&@TxJn#C#;
zu!(Pq7X4g3i)mCwE>jN68rNAS^wB*IiqkG9lN~;bbXCGJCNpsPtd3KS!Qf@_hW>n=
zjw0@fYIZyhoC|D)ciELsQE}N`MG!f!4_38Oeq7!;*@n$swcDM;mZ}$;2S#>yvGNdX
z3FazI_K@+QV7S(4(I%BN-U(BvboS^c5nqw+d2RAMq&moY7NmdNp&k&?ZH-0ncmX(y
z)(Ez)=Z=n^>`fighYr>Z5!W|Q*ay=Z+9gqA_ZVgO_oA@<MT0!0y_ljSbMuKnuQa(t
zmH*0Vme%gPBUDD@L4F+ZDoe=PsvDftvgHw~NZrDr3`9iNjauej=Y0*0Je2}306Er(
z7O53!R%upY!M!N)_2M&GFuW(%bC}+FhXZX9Psx0W#{0<KOLe_B#k0K@Xn&@SetMoH
z{r?^>TZFq+X~=|KC?|{@1eA<1<Pdb&{HcWB{k?wY;F>1bAelDUV4Fr4uuyA`&2kd>
zI&@6?I)I$D$vbC~?;{7O2gj06i-y<|inBpo_zyh~MHfO8#VA7;MT4mU`eqxbH@q=i
z>iNKAp>`}^*&KV9gaa6&Vg$%jBICuz1o9P3L;*DJ;mpIcn2EH=z2Zx?@0{fa3iVrZ
zT{S4!v;!tzzV(1-;Qx;ASU%wzZbOk=Pq-1RMmuosMM#nSA(fwC@MG32@xKEGYYENV
z;^wzkgPVp<2i7ZOcQwh=P>W(3n8He#*R<wrx5J&7EqcOAE!D1aj`POP*Tp*aQs$ra
z*pN40@VCmF0H;Ot;)#=>v&K;FtBa$IspwbE-K(4Yn~%7kNgY}^8<dzhthw5lhm;mc
z!)=IolFt!j{-0iqe5#xyLj#mqGS#XC@-HA$me<PuVde_m6Gl}_lEI=E&crQz_rUm7
z50taE)EkWnBaOaWb5&28z4pX|Gu6(>gR`D}h*`>KIUXbK!2f^(QszpZ-%zI7ih6KH
z-z!m@`EucU|BCq^L<UEf2)lf0R)f_5(aMk+;$;CF;(pZs#IsorR$Gm()H?wvcgjKt
zX@}lz>ET5r$s~4m_u!icd#nf{+18TXq}f;41;ihT$8u|rjs*j-EQ!eC8ovKv#uv4$
zh*u%(k{P`lW|MG1d69Qh9W5JC)ohGkipFU5Q_w1#9Xy<k0l)9dZ_ms>&9fKb7}HPB
z+luEB_^OXT3YP4W`*ujUg85Nscw4srmf!As9Csw?LUKz>F-6oRK3X=sHzGh$MVdtV
zB|mCDoB(p5phZ;`IZ;5=g~2X4dN#7{Gt&aIUhcz6ktIy3b?f#@GYb`wZ_Ge<sx}_x
zih7ruInZAGe`Bqq+kFm2c=&|Z^MjMcff(W#+tCp5YIZi{ZbLv^kZbY+pr=Udv!`(9
z-DWm@82N6M;}2>(>)|iluu_DKVoVjZtu-RR<*e?>2~k;dL5R}CA=Acu>#tk}j8_*0
z(~r#)j2`j=AUOb60ujx?Osi@IE!eXVsHW6dQggp&-8SksN9;<DS-`GX=MM&rPQwz;
zd}HXe#CY=5SHxY&?{-&$P_+tS`4l++ZkeMQcSSEn*kWc=AujD2-?=2Sj9a+dRw&2E
zS0}W|e@aoIJXpw1mqe^A&=l;J_PZlya#OP~G!9s>G%mB(7a-Go)&$(99C8~lV!%`A
z#tt%@>GJM_oR^basClz`mIqhTM^()DA&&mW)C_=k86AvlB^;M?OHJ8|k5!@n`WXwC
z;=jIuHm*xJw<4MM8U`SZ@IY%u)+1aYAJZ@QI3F2&j6o|adX(&gFfy`j)nl6TJ*Jok
zw-`@UUJQ!djkU0dI$08_6wL^530_V;9JlR6ZfGgiH<M#i3)a9LQ!CIUeT-<zO?W6U
zzpv@QuME6Z?SGzT*&I2|3lCdq9ZiNulOj^!N$sg(!?NuPb3MB;<~*#BhIc9NA3qF#
zL>zizq6%htIagoo80Jd0`bI{ChAW$@W`2x&V$5B-UWs8Wsix6$Fvt!YEsRTcktoYH
zzYO(bfchk-YG#iG<zOe+#X1V5pNH&JX5JV+C_v$t&49(Re*1*2+sM>wYrfV@%KGdk
z(i#eVq->+4d|jPB7rU7;^c$|5ZHAr<(47@$XxN38ZBXh?#EdfSEOHrkEUyWb_IO--
zjeReviw5L(G1-UJ<;+QAPNq5&(KDn5RsWY`H3YmFcMCkOy<HL7v9!I#bDh<Zgj_@B
z!&TKPU<%*o<ihiCnuc-|uHl~ZM6|hizZ#qwH>Xel(p2wrhKX(r2`{7AldMD6v|1R+
z+f1^a-X`7m_6WPjgL63AIPLs=fZOPhd;B1+xil585ema)Fz=;dcvv#eUdoe+6t`hN
z`tlw_qZXq0yiZuTkq0Wh=Ced@)>CFq@B^w-u^gu+HTgx&$bRz*c@+0x-}q}1{aC2^
z2^H@uLJ6`lt!`!tU53mqyGyK=g~hKK5U6}j6g-w<ElUgQ;ES>3j}3GZd9o%c1}9yO
zs}mEN%$(iK=4KNuVg|I2;gP>O4tUP_b-g{W%_|UuPIU%h#Z}F_lXwiGFDsKY!4KK4
zx8e-*Xkqrdke51*$05Jvc|yoy{Z^J~Hu(ByDBfcIAq<S#C|b3liRJA2Wy!(U2uM%3
zFE3O~J<_Y<-j;ou=+#x#GMriEh~dQ<h)Z+M7*>hn$sRj67n`m$E#uln>-{+nLv~Ls
zXW<xY*e#9Lp_fz9VvjwB-oqM{zR<k9j&Y2Swnq@T60VFfpUBdk_THLp)l`*iB%VYW
z8aE~eorYGnWhovXcyo;FOiqnBYAVp_&}yCUvh2b07%Gl%7oUoG9%fCdl1cN6<QO+D
zs+~7@n>MUdFCSgkwd%HZ{uZPZa%2=*h-r0h8ILx;SZwO0u~@dY;4hugr`=BQDppP$
zGOAhfie-)&v8-%p#jQCuOzjp7Xr-;3+8m^e)0T}~v2tu&1{88Pt(j4dh*b=o*}TjQ
zowL0_jVBKtsT$lBq+H(D`Gi?+GR9S)!+PM>k#L3&oq@4Q!qQkfCf}{o*2OJkcWmkQ
z2z9RPIC5&R;!%Ma2H~hx!8)X?D%DJ=8Qs2gSgCBXBiOQAes{=Osu{kx&9m3AkNJh;
zcl#?zhw9oJ%efX2byb=ioFxnLbhODu=F^?&`PG!nDF!d95jbl?O*)B%Yimc}ypf$d
z85thbDr;-s&aYu2T`EkY-fsj57cMM{5|Y{^WKL7>4lvG}HWF+7m`dZBrjn}~Z%$Jy
z@0(l?Bjl}D8DaKo16ymK0mQ-7eih1sHhJ2TEupz%u?z?FkX!Opz%00!L!e}s3}Z&`
zk)DL<>~~x8`fqyffqh#coIP~9LiDQz1_cJGm)i{yS*n6vdxb5Z!46jQ7!l0$ncG!&
z5m`RPa2Y#%dYg#HG}K=?fO(gCp_nMldE?qv8W9VUI5oB^nyO*b$5crRheTYj`UJ@g
zDeO=8xD|g^mu<Z}MbKZ#rWlT}VSR_S+3n@{OBeCU>u^(=!=*(@E;zEPx$tasz1!0<
za~FB6*E%Zf?$f9^IFH5v+nNuMsN1!1(E48G(7&E|4;)P+=j7E4LAmMGG1$C(?$NGQ
zW6Fe_(JN!;fFC3r$ANavItz?)N-Cx`ADkRU-RkSIX9lflWV}D%bNnmi(wOB-J5m=1
zQ&takaLo%P`|qz=5N=Z|8iDJaaz<p#cX2N~hJuQxCT%&6l{>erAH&|PxM6=<0Ee{=
zA3SkxTROGvoI8Lz^}gj|xi<Elu}+9myxZl_ZCyP{<MMUp=Mz`pb84p!Xwu_;th;E{
zk#$+L4_FUrMOcq!n$`uai_lwRIO<RL5}Lwp{P^wR(<eu9n8?uEG?Bs*(Sqv1|J%o2
zAuA84Cl+rB?P|GZlCaE#wyf{SRu7orSI@L6uA`DyDg|fL8mP6LW4J*1a6yJ^pq&WT
z(?~Fj@eUFf2vlA08yzdxTs`w*L^yvbNZm7HtPV`G8OC3+kg*fiAvvf?BZ^s98HO}`
zRu_cK@<zRW+*Q)8!~1){^gyyNg=hPM5nG?s+&HhC>Ai87GbGk9>FiS2C%iRgE(vEY
z(oaVI*R4%wrF^7UnttL(rjbr<s2AamOd%|*qk%>?bQ3qV#eqgVdhdp>SG_edvbo3G
z*)U5!8+^;EX>E%)0l#Ujp3f{U7WwMOd$MsN)ly<G6Kit$9VY)w4YAk}W=067W+~gw
zqV0D)NnEmo{79vkiTu=dQQv({1))@Nniqd+BC%oQeYe`!bfPkL6txLW$wiyIVZbG(
z!jNICs}-r*&;-HRcMm)tDtxRKg-dl>@~mMV$W<(44%?}ITS?#|-EC&nbjEH|F!l+M
zqJV8B(J$Vg>5blVRNMEs>=%L~McenF>>oJkld%cuNa<icb12))K<QS%MO@t{KsJni
zameYT-6c@zr`;up*jlpt#9cg*a|kw)phZ~S6wv91eu@+yTm&{|Ka1G9P2t%ayysN5
z9e`PmBxs6A#+nKCA)k*VFTrd^fs0<Y_d$!yYyi-*5!>~!>6_q18{79B>>kjv#w%Y=
z$=wn!cn9|^?2fURF!Ez3J*MdFA7JUEeskD1wLXdz>^wlSSly;n>>ZG@c;0ioHm_Lh
zj^1-q+x=vA3L7{>Cw4Ze5VB0&BQUZ7+x5WdtUhyY+xLj<I3PvH`Iy|k(=xDZi0OrX
za~A)&Lu6m@nY-J*=VkYRkqzoTp;jYPjDD!~G4LA~W*x0O>P#>kBOA5rG1Vm`n|QNL
z7xkX|Ws?dnd$3&(mF@{H`__HpX7ie&WT!8V;>5&00bT@b0|1hh^P6L}d1Ye90V=Yp
z1tbbD4$lq)RxI;nS(E0+a6yU;x9fq@wSbG@yH6n4Gkz4=&%2wke4<C}4Nep%+X`0n
z3N>wLSv9S-EpW@1F;)<?m#35$j)mB@)k#(0n~501xjB}y2v>Yi@>gv~(Wl6+0@t@d
zfvk*~LN~CNcC4H7l_?{!Xt$EhtC?9GE1d-cyts!v>pl(xq9uIH@ww%kH|KPyEoqjn
zh4Y|}_TxEkC=U{f`In|~qXLhZOJRssxBpC1a#v{93raAD!bp!cn;!o@sHn)~S8@51
zB<j<ej*WzRrnI|EOC@@x<G6!uD$|~L-I^sXz#oq%*dBUaN;{hCH>;R%*;f`1N0*p5
zE9+4Em+!1<oBw#O+So0*5-sj;4m)24?3^r@wC?=s-QC>WoJ<5kL%1SUaiI|Luh=n;
zh}xPO`8-lgqf}cICZqIhcM%$eJ$lgKK_5pGDVe4XLG9u`Kzznb!*}DRJm?^3p@5tq
zf;xP*piY=4m?6v%5PIa5DYJNV>`*v2Mjhe^ACvncChC#I{WGi*X($W=?x`Ef5orf%
z@+mcGv0%2i(7EEElZS)pMP0P2e4bZkWJ+SDiepRC26k2!<Ybam2{~sEw_@U<$^G&m
z6=baqS+(>Cwm3=v;1hl#KRhJ_ZqDbi63ayUPtZbYOicPZ`s^@!gbC@0EWnJcBGIJ5
z)nfA(sY+~#0YC?^T^6l8VcKw{8wX{Ud<Q@&T9B@}%H42UDKa@>`;}S5M*?{t3@Wcy
zhQFHpVaM6PDQhmyoNXe=ip!E}BE*@Q7%4UoDXtf!I(*`tcvOFS>mfsbRE_f1S`U^h
zgLHw>P#mMCRIsabI*T$7KmoAKm=&*j#J}cIk`(3Q3Peb%6iDp8gl;&qBo#Zans0Sp
z{#GnehCIZ0$yMtSmr*(``RisRJ1~EOr(EqQ0xR`0OCb(N9QE<5DgA~AOXs4u=ArCf
z*zmZ9v7t^<NGTQWv5!!G5{%qMhNGaqEq$`=L}#4p_y@OqN%BAp8XEAQ?wTF{*a=;S
z@9L-){oHo?-Zy+{X>J>iqWZU~)yiOQL3)QO<QzC#tF1;8UY#EtG<e2dJVi24Zrr+Z
z&pGKqc9%ZusrL4=%}lJ^ngu3an(ZGM(phA5)n7kyact}oT1GWkbf^4zmONZHiu$+*
zvGw5;a}2yPQjd#2^x^m`G&X-8$`o+26wUPl>EZH!fR*y$t^TRp3z1DRO{jnUvIEKp
zob1)eZbCl(g-(9>lU@T!p2X4F9Tqi@+}KGW%=D`U&BUt*+N86cLW2`#2TZG*%-QEL
z>j4<$0XQS_*kK+zb{oWR8}u5)xu<?wMK>dGZh+d70HtQ#rPqODLC>f!g+|d4AX_A+
zsC49?>stuK{HJ@1(~UWI&c2ns%b9(WX}OqTieE9j6nVLr5Qs}T@Bvgd(1B96sARc=
z>U>0c*RQS3aYQ)D-L8QH;>yJL93z#F*(+Hrt5Qy-jJ=`IA&Yko5`4xySPP2<=ff==
z7v3{|I`LGROH<K`)V!pZjEGW^;UXyZ_dzWK)5SH;YAl&+=a7pX=R-4xN#QJn*vC;H
zJXNwv|2sJBuG&3&^s%5T=*&<H0xhA0Fc1D_P%&D~n^Zg6Or;r1(W22RU;mga8h+!k
znqC02A(<{(-uJ%=z_@3Fv?t^9RmZtK^rx!V)U0yq>(mY}4ki;P-WX0ZkkPsb)EG|P
z7sS#Ij46@uB+aRrE#F1OVO&wH!a;(+s|jh~qN8J?r(!Y&*yEFN!2%|;(Sqstqr!Wm
z>8jaj=@9$^nT|z&LV;xRC-;Ye8xjQz3}L|NS)T%U2p^Q~!2To^9W5A&@4}2^q!eHj
zICE?j#U=@muo02v)wQEx#YBn4(oz$%YI18nVqcyz7jyXiExj7EF*ZHC1}aTGwCW@2
zw~<&<A(%=6di?IpAw%j?z}Ht4y_0e;H%p((wkz9bTCXUMRrx@vQFj;3B_Ih5Mx(q!
zAx};aHE>v1*Jiu5&74X>q8)HUnJ)NprUb+hSAzfeM_Lk?Ezm^YSyDZ%8?!9f2ak7V
z?<CSxOp1B6grJp>QgMel3`Eh^Ge}TduK>)w|9}TqkW(MW!FJz0r`J2`SKpRoa;PU%
z9bCrE>k<rcs*iC~bS<mGv-}kwUj{@q^!5tBS~0z>CzRsGaiPw7^TW12#6cO?niN@>
z{-GY)KwX%}?0oZ<DP<(y88u#KX^VOhA!ovnz1IH0gaLAvZ1N&nE5$hTEi$Syda|%p
z|54hGf1nJDDgM0|GUG4@2wr3-MD~6QF-ynD1<|bBuli?U`}koRLoG6l^rHqEV&n{?
zF6gY&djGcn#oAjyx3Mj0qh`k(W6Vy>%#2CQ%*>paWR@9Y<``pUW@gLG%q%lg%>0~l
z?%bLCzgcVMzwfP8`c(bx>e?k~cek{wwM*y`2lH9~1oq3rt*N9^dN(0-&nteYz;G}e
zA49;v*~n0{fA~oItqrDRN}6Y4h*!xc%TN6-(0Tl%XiXwRbe+KHxV;cxWXeRwT320i
z(9}n1^~&1FJQVuXuBi|EQAC3!^a3)<j3If-8i$4l4)m+~m6ZlrGJQ${(#jeZMh6-R
zdi_&0RT;H9GH!TlrdFbjMZ!WB2j*(Qv=g%s`z9aNc!SFkmzs`+X2^CrJOW?c<ldIq
z;$ivu>3r`sV`Ycjf24P`EVcAw$^d6|>@iu8B;UdA)e5r>VdCKE=B~Y5d8&4&^=7>t
zUz6vGVR_nw_cT?(YyEqwce6+vYaiD2>#KosFWT9L#GgA96~8pvMNtas1L-e#a%e7i
z*rM+|`cv%2rMgDtBug`%ziwW({t7uEA_}=iD#18<9t^pD$?tja;i~c)qzJjLlYD!e
zQO(VBkk3_+#A|f?BA)}4%a(dqeRwU~3AqONMbSTuY~6p)-q=iEe@ytcZ8uKB{=VD}
zEkf?e_8HmpGsz6se#8FyoOi()D}OP7IS%Sew_LZLFmOshGUcZ;3U0XbhansZW=a&R
zxV7JD<hZUNiS8W7CqWaWU8HKBoa#hGvk#_;)X;FslU&FviN9^6s7(P<(nDEsH^Zo#
zMZJYwdVYIAP1ymLG`qH{!G-YOl^6Y=#Ee}AsMY4RQNP@XnGSGs8ZqIqZdLoMXgnsY
z`MI*NrKMb-;_=J`5ki$*hyNl^RR2}4!xH}c*m#?S0wIjm1S@{hSR5dY5FwaeEGH|)
zksm1|E1MRb9K(xw?~zGbM^ndB$8p^<bNV)qT{_v%gmr}%(yqu-t>`ukBe_4owz&Uc
zNMb~-(=1$yEuJOH$eGgMqZCfO%GQFN4AP0B?9D!7-p=81$==uMPfhdA=DDUOCNjTt
z<i8BFM#(SoSobkROx`YwtrB;q@tyJ$_Kwv4VjAJ+loq-SD21=Kuf8#N8uKu`nbv&V
z)7XRAn-TK3idkyHzO2Zu+s!R~MkDdOD|D^rnLlP%Pa<GgOjy@yo5MMx(K(7e_CF!J
zoVu*JyuAFt<IL;)%Urvfh#?Y(?+ac})v(>bWF5G0E1GTnz@C!_jTaT0J59EneBNMQ
z0od%GO_esw@hRg}^VGG;*2K_rqqED_FzD7=zkYnHgql=TQj|w@9GfpJ@dJ~1NI_-$
z-A?s}X<C?#tChRq-Nmo=<Nl*Cds<5M6|If3!m<UWD$Hu6>Vi#$-e0|JAI5e069wiO
z>zM>Glkm<nUlcy#etXwS%uRU5IDr=ou_|pM{WCF_o`nIguBXOi@~5b;&A<kQFNJs_
zs-D}pl6j`XK{iEx-s8u|L}I;%)v0nRO;d}V?V-}46)AI5J5yCtT~p(oxuN`_-6303
zaZ`0{eU3(pZ}COr1MeeHFMd{TmDoSx*k#-{Dd)6s=<N$iE*Pr55NFk0jBhd?T8j5L
zi?)*Axv5qH(4Si@A`C0g(=(?0zAY)#3F6OQ0o1Lz9FJPQ$&@XzP<>m_o>jRfi!c-x
zQ(O;9z$e$O!hKt<mUlY`-^!qhJJ=4I9<l!_sTN88i^xpdti?=rKJVarlRQYu&bvE&
zOq`vf2@OJ$D3rWtgLS*4beLoM%!1DRZ-i#glj7^5#;mhm*MeqIH(=Xii&8YZMxK2%
zHDo+&9n2Mq@?R%U3OcDsAqjctI57}8Fx_I$(TYl~o?L5V?9Njj%s+oKhVA{FjWA4}
zqqYc~W6zdttS_(utjH)<e6L{b6^rV1#1HC`=pmmx+vJxC1>3Q#EYM5oZ0D!nkO=^L
zVuPfHTE6*fr2j7eE<MyzSLf0WgKs#3J{(auF4>+Cm)vZ{N9qC>wm&+|q-le(MddL=
z?OKfcYcjca7J=oJqZ%_4YOARCCOdp1M*b@nKu&c!VR&7p%)r!wQWAkh7wbZ0Fu3<M
z9rGiJ(j;)(oJyW9?0I$bzWa`2Iu@d4Qt{h5vK!8X6BEF#tDTjDqShW!srYhY$ht&H
z%@nqqhQYxvc<Bp^n2?8~D$BFtaPdiSjjWM~QvunOe(uNWTZ~jxgemc`=MdI@TGoRY
zq(?CQJ(VcGG9km{?Y{EWqMX~H!K1;&)4gfu;MMp*R@jGBvyiDcYVOCMBFk44o{M=d
zu7(0*UnTc31u%OrqtikbCv`6DQ?rKc+yW1H2FK(nxrIK}nqT}@<(t6tMC!g0F)^pW
zOpU3-cJG<SxKG<`akLNJqlp)mv3RRxoYtfj5vvratimt+3%t!gBB$gWS{+-<mVgB3
z=NMFZvziU=$@}Wgpq2JRZ=WhnlYt!v|GGq3{j9*w&M8qNd8*p12v>jZ@aWhHMLyD_
z`eo2xp173ix?(=)5IEmZE~5)<7yPj>S*usI!DBoftw?ZV^*QX$-At-*BQh|kcY#8*
zWcO1}dh=G170#%Z(ozQPNfQ%6O1c|SmBoy*zEB&`crO1}%HVFBHh#vha~b!olty<#
z3=Wi4W&sA45X)}!X}Aqn`_BU(h2EW{ehs$0{1LkXWk?6q`L?t4<K#CzSkSPgKE}i%
z19px4SM$9Ilwc71yOTSZsgHzPW-*;g9h`9_@8!U3vd|B73UkUpjEsQqmU7?3MxAXS
zv~>KR=zk8a20ig_K#%$D!5UydMCQn*OoYl8?*}MGW#waMxD)(f4Y9`cWNU&C=w1;9
zb%V%2ItIj*pTBkCE;IMh!wz9lEAu0cz}rKx8Ngck=yDTweD&zFc(0e`)=7<xYe;uB
zfhgdEvTNOUx327EB|7@80lFkRJTfaE#WPa!_<M)hm8Bf6?pUob$8=!)!6I&dl36md
z7!kX}M>#gfdRZB^{s4AfO2G!MkI#@4gwwy-_Al_<j!hmK(atV^+)fx%&Eh)ZeUTS(
zI|ZMSs;Net``oyKVZmeuXr)5$$T%gno}tAoV|T~ncD?1RWkjlFD8wvZdMDZANW?5m
z>5_tOVKqAKGG#S<^e~g)CskDp#?&N%+AL>kBQ1)_z}VW;ll?ZLw%AE`;jYvvkLJNH
z)Kw2d-`siFO0ksppDHl)-eEG>A~54hpv%P!XIkdi#vx~QR3Rf{3X&Ns-VzuP+Hyq0
z$-vpbu==L>@PME}{vd#FkWY}WxK9&^AFOB~Xwb>827+7g<^M=>$?F3P`Z{t3g9z~f
z49EZZ6ByRRhlCoc!zdGm8g>Zegno{zfU1xp0E?F0fxa4W>i~)Z$$#b=@`4+KhI&H0
z+2qYk!vxWQYbR)9p`|{<>cG9W6DPe}d1r#q4{qqka@#2Ef*^;4_AxQ|_!jj$TzZfE
zMl1<P8}wwXX<u!~j)~G#+8^-^Z?%Yk@5+YU&%KzK37i~!-~)1o))6yktf_0rGT^tN
zQ4Ju$Uz-T1VOl@4RKjQ=s^kd1EB)%lQ3<DkG-KH6)>_ejC!giT_Io_@7`7Dv?+i@>
z>Fy&0nSodk=M8xSodL-Jg1i!V_k{foR<NHt$cM?N8-xy~p1b7wi0pyj!QjzH7eML7
z%8XeEoepytVEn`jQNP&$e#UF<AZ7o)>;nieZhkaO85H?c`cbM!89Nh>-3N67S`q~D
z5fAqra&|`<+Qj;Chs**bAQF@U1f`%w4+qe?I6~jYSH>duCy_y5+QKqpG-5O&-f=J^
z;-cgl?S(`38Mitf4_TfILN?+wqBj0{=O9cVVtr^pDqu4Md|M=DqDJgSlqAR%)D_4T
zgcaBks8hI8$ZDTQA1knz0cSLHlCKU3N&}L>0RFd+N9iP_fwwWdXr({t!WZ=8%y-TT
zFnrX0L|C1up$7k;;Vb=74d97DsJuQzGyjy&#6jt_KD`j61e$)=Orq?Y0YL8mGhirV
zpQ<kUQ!Y^ASJYdMbCmaxV~9LeMAtyWfG0k%dnVBx<UWKPL>fpEjAe_@4gHid!59T$
z?#l=!JSRKHoIrU(PW`Y{#YeV~hJHNu&e<HMh0Sjjuk$qA04P?;NAR~`H6WZ(n?byd
z2M8b(n{SJc=3B+aw}O+Oaljv(sfU>RNx>{xy1x)sU{++{jJeJfy2^)sL0Faiu#T^!
za=t-5J|<dNL_a=;+Y#=P+u@HBdOKMd7*kl4{)mXjF$}=q>>G<R*b}e3BwM&gKYj|f
z|8$u8*|+lZ!50D{1(-O9JP2+Y5@AoCbMD{RAR`D)6*VZ;&m4USP;~=L(CH9~*xx!Z
z?s;w9G48Lyq3+0}q9XU~>0G3*$cOkb-Z=MrK6}0&e9J)6pkWXls03sQ;sgUhM<4>w
znJ<@bgHMAm&<E&y>vQYt4e1Q=3crBxM0XB(4*wD634H<9;~hKX>xTuTC%grC4`g=e
z42TS<e+*v;8?s<MzV~g;AKgwqUxj{j6Mf%C8mxydQt>W(9#y1*C|D2veH$uu6oTqd
zg-=D*4Ir~%>odW*K%XVNEt`V#J3iNuUSr}H2wMf0AR)vjly^uqcL2q}8xQz&c?iGr
zNW@18QwT<A`Yt|^K(-^aMkZ^cCY<f3fytIMD0A{Q<x^AO5ZN|nwrQOZ*prp#v(D8c
zZ{yiu32S8I_5lb6to6H?AE^<|7TOfFMO^`b104?v1F3;2X4=AU)qPe$;vizMJoS3m
ztq}C1Pn5427;{s}=A(4{o+OTt?+9pgOWX@bv(r2Vp}2p5qcMQpGUFp=E!_a}i4+7?
zq%-t6|2fn-;$nqoeCd39ASVFwY~$XO{}tUD2uYGPO1x3Av_&rcC{SgwY{$m@8Eu`W
zC0NxJ^)|KNmm*iCE-uc3E2kGH6P=77sa10Bs9N&-F{9Uymo#e91xV+_CHb?AZz%!w
zn%`1-m+&UDp}7K;8(AE|eYS{yX{lWi8(20-MBJTxwxLd7m?IFvoG)f6G}Qu4szHIR
z-y6jjFkJ#orp;1~O{Q)4(+Nz@7Z6+Ozt4ONsbRuR&#F@=@=cAQmzE1!d!Go`MeW<1
zDfA@;3AbdKJl54|xL47BVzDQxj_Y^q{>*X8{ThS^3%_=YkkD0-A~X`at^!>m`#C~O
zhJ(cNqIEkC*Rk3P=Yi}qL)=(4mt=La=OxnfTH?+G2$40~^AYL!G;x%A9f}{C9cmnE
z9C93*34#eq+c(iC(N{gdVVlE%@0{`+=bZB#^_=m%0{0TyfT<Gg4)+_J?dwN)#dSmv
zR6?kB2vnrKLMB_O4dh!2ys@`B0?>|N<!*#O$98b$F+E;+qYQTzGnBAT7H9{=3|0r(
z8o(Gpl|zU@sUz%Rb-;;1=J=`@AT#4gK=(l(fH?jP5d%_N=;%+W%IO$m)bh~gKJU^u
zM2Bo#;HgqKoLsoxQQbjy@d(16f&2Ukym^MiqkW&^2lQbLyofI^lM?$|J$Mf*gn4#1
zSkR(e?<7GH)Z=3J&$#ZK%<wJ{I}X0Cpd63~1ki@~KSYqk77Eq}$rhS8^Zhwg*u)-7
zCZP-A!VlJk<RH)cvVjirRHddLY+5L-k6Ihyr_Nx;ZF5MpcT|md=cxb*4iD~kGZ1wP
zLEM&LS?g^C1K8hJ?v8Iie@n$y@eLT3W;^#XdfWxl=b?iMjvY>vyD+!EZ(tsevsO#q
z`L+6SF8i!QRzL$FI^fr!*Whgf-=}^$FXwboCqRH~@r`2MC2l=~eF=XOZ1w(gq(gas
z(L}O+Z~WI43LX_wA0o(?45SDKe8#=QIO%|TLG^(5K&yo&0((L2!^lAu_)LTF!0SHm
zY;pFxmc}53poAb-gCT^B)AlYH!Lh{X?O+oh9d4+K*Fbl;vj|WP$N_W-Li+od1e=1f
z!Kz>m2%U3;0=x{{<cmK~7Rh$-mM=h~Q-1#PhxXgMZ&u?*Up|Wbs7x9)L;vVsh9Oaj
zncxE(EDAS5`jJ$FK1h_l>tidV(L029KYcS3imhjgr`6{2nyq)FMevv0s1-4hVQkEF
za6wRP^j!ux1n=&E`ecCxHt8!@uBQ%X4zDhkDLi|?$g$M*y~lfxaS08y`Z?v%r6RWO
z{Gy;Azh~gKtO!H9nc*EKgM~mFceIh9m^=LT)4L&_T|>ckU%=)!LV{-g`zzPq2PtmC
z)Uvt<<|`Od#U}o=i<wfKGLIjvlxR}&tvma(_(zqKLuurZvf_dRWNFQXyUh1GbVEd3
z7+F^9mlWiz%$HI1&h|qd!xj+qzY;meH?*YG1U<7=Cf>Re+&am$U3_Fu;vxw8wdX*I
zpSHZGY?`97NU2&c8E^f2d#Ye+D8w}~Eef#Y%pTck7s<1>@B{ONZ;&H>!)?4rlY9Bb
z!Ip7Mm~P27rYS6~hA0uNq!T!dz6i{_pw)>$)$zBqBPws`z&tfKLa^zP-R~M5Yr`6@
zB&6flEc@Y}-iW<=N8BFOV$0>W;_q(D<mE#`dgQPY^w_P-dRpECy)h`lG-I?G<*^HY
z(ZBB?;Jr!cZ84V7B+vdUa}b8XK9se9n(Ae#wZm>jf!ZztWze!Kf4i;`mCFD@4di4O
z_uFw^Xthqh!TQ0vk*L+gEw92hZTh~~(ThdElAt2VOXx*`c(==8`W3NzEy{qy%TJNt
zFN1fN<bsVq)VqtxO8sbB-+9e`|K~hV)?0vIolhNuD-flQUEgxmGO82mtjwXzsa#;t
z#h%)s)&7KLEhBWAzb@T|pUiPK9WTA~ZB?C8@3QNPx|cd@3(tx{xzktWd9`VVS@VmX
zp^jShd*BU*hiekk_~u{^ziZqF@mB85UIabDi%l4&NFyP{ntQth5^=#VJyB#{gcn=E
zBn=0Mq`IB-x?ghXf*oOF%0EtFi!}R5sJ}lzH2YgF&VG!2oWc|F;P33m{0n#kf)lA6
zkz#B<O)-cx2S_x$zqp0*mhbV}G>_aw-+Q1TjyM_I5;uOediqfMg*a+M-`abnN{B1c
z^%bciqp#u|IlZ?ctpwaEy2bm%m)?Czz4!v9*CVX~cxiNKv-0TmT+9q|!#1tZ?>;&`
zAaI#}P6lZ&6dHRkKLNv2&KcLbAMYSiPL}=9F3<)00Oy)GBFiRUQUn>O(3ZBp<YHPR
zz<2*P&>%)0_BV88rbi3h>8#|({TK51*V90<UH>C;`e@XZmDlz*S4c{P_IcJk$vs{M
zt`Lg#g$p;UAa;mtZlpy*B<+-<C~vWZIQBsyDUoV!PN<_w%zu#e<c_K_<+M|(qRqt;
z>evUxq`Io?*9N*vpVEs6MpB5DOypCJzsCw#R~N|M)DEWqIF=kp=Ukkobbo94dLvR@
zp!^0@KLyhMXpTea-%^eThtd@n+2{cnzw>3+$W3I)%}IG;qggcZFb9)3@nWNyVr&?s
zJU-PIq<)WOi%C6*V@tEoR~~ab+$7c2$qfrL87u9v**)1<z+0dTA4(N5B3WL6U)9ZR
z33CL-oH9xgf?MIU*IxX=g5;=Q{4dA)2>Tz7c{?=iX+9+`Z7ZedSj0+O$2M&{4Cj{0
zNDbuvkdY#fM5)<%Ympkr`=JxMt+eyF)7#vu$=f5rNU^Q-^&j9E5mU}G#Ua+*Cm~0%
zJ!89RwAZ|19%9wfb*&3H?m^M;Be274wykNBu0kHJ>Z*@#gl*X5><1D6fDw2r=%+Fs
zAAoMp0vT`j^&kOr`di&WvD-=oI)`!6F@HKGPb6)^8qAYmd|Oakma%RykMmbtyyT<_
z<@18M8iD<H4R}6jPE%8*6q!&HCGseY-*1V5{{&LaxM)#?{{mQp*%COS)zm-#gT<0P
zL#o+POyReP6-RK5i~cX5=^7U={ugxr!|PA+82-@hH{(zf#q66xW^H2A9Yr-93X{o7
zdZ~d-2{=(!>Yra?kV8!r$o-cbw`;Z)zM@iWD`emJEu>ddhn|cM_H*CkQhA5OM%iVs
zoU-+K_BD><-r{Wu8n2j#KZX|-vS4%MXZNWL;lf5L&Lyeh)zBKNnT`~PYsM#*4oSbM
zwBecoEI{`WD*VfkKAqL15_g&#SRvP(y(xYn+TU5EB(#UBTyJvp7hdL)%G2^5iJ7nN
z4@6X{jH0H$CSNQ96nRTJMm70%uA)<>FznN9$>b|82G^@xDQ{>IO>2g3bijk)OM%|O
zU$5JekA9Wqzpb9`r|b6)h^)T%!NztNYisa~?{(aU$<_cJMpMtr@lq_c6z)&@K3I;`
z@93lksij6CWtNl>3e7$it;x5&Ul$`_^fRw5N}tSE^I}qJnp3CiP)u$e`aqPJ(b_&V
z?fG&EK&Ncre_b>$w<#KVX&E|;HR5ZEoGmx5JJLAeRcncyy(zEfy1l1zWGK-cws^ZO
zxUSUsUsPjd!fX3$F5p&GU$Tfxt{GE?Ibch0;R72B(xag_p%1iTlz;AQr^Z2&_R58J
z#8KJ_wiU?C%1%ELElNfJ5^3TGrX7Zy7@J&Y5jRRfkT^!i72$*B7Lp4(Q-F?9&V{vA
z9n%l-pXD4)0?xjV>5l8Mr|!Rv&d6?EM+)$YB?Ci}+4FO7mbZ`=(Di%d?l7GD7#BGB
z6>Czi*97?0YQ$aY&BX48lLfj9Tiz~9$W3&@r$f;#tlR%@HR5zAg2Nl^q2I5_4cEUx
zo*J%fODorXpb^Yg`EI?_NQB)k;HU{hy(OQZ5{9d}JY^yvrD~?twA`-A4wfHNBf_qP
zMNj!&@71|fJ*dI}n$uW%Ks)|Z39E@}VChh_Dqc0Mu$t*WF|y`A$%&Z+W|nJy9UM;i
z2wPZQ+lb?~xl6E<21a^P^GNEB#zxaI;6lQM{(@~Q$IxN(;#_2N?~bd&`xDUX;C_eZ
z(JR25szaYhs<h^8{em!E9D!-!g;Wobi*jhU&9{NF14xt|n$<&DA;f-0=COILwufR!
zjfaFe_}ws0EAZ#RIZQ7yMVYrf)w1)&1D&3Gy3A>y05i0E7n`X)V5EosIO@-*XZH@@
z7I)Wx5#Mk$HfXDa8%liBGSi=&h<wi%=V!kk@z3?H3vS5K@-wW|&}mz@h16|<!2oV(
z^Ucz84SV!4)N#u3&ZZ5f*uAXTJszR(5<fdt=Jcof%Q~KZ(Or-J_At*mY3ml`MB!1Y
zieeXqr}hQYi;j2leHNPqeTSCzRYe;`3yH2%jLoaMt|vAdiB+rJZB+ta9jpQiQUy-d
zk=%_*j>CQ>1w2;@p@Mvy_uX`kb;2eirEO^#9ZrYQH{ka4|2i2yrKVJ24S$|xDUK}b
z@sCRZl`rUW9)H<ja~yMb1N5qV(+k*D{qJDE5RoYD$ufk_mcqvIA0K<YsYWEWhUPO;
zgm$-xN7T8a2h%ZTdiWV2l?Z>+p{wl_+;!KbVeDb&LhnVha&R}>N3oCSd12b;K6=LG
z4SMRheIaRM#1}%2lKmBVBD@~=98nQekl*Ud#p2sgi4NEzvg&GaK|6cn<^pz$__l_*
z^_((%V83;Ra3fIV;1z&XQUj;$P|ACqVmrFi%R(=wlfT+5{W83%t+AE+mhNn$!FRHG
zK2!S^bU9+qbOL_j2IJ!?r`c%B_??e2G5gD}TOm%t9S`{}br-ntP4DDOODu&RB(JqF
zm$y6KmfXUF+zZ;m)l-fAFNeFnn_3}TIw85Peoe2z;*m<v*=~|dPf;NxA7}WzLORYM
z#v_t0yv@@EBR=5Z&(HM_@Z+Z%C~0p!9R3?>v!&>YYwhAW%cmYxv@)cIOKK6~IkTo{
zRTI=rw~Fa2hJMppl4_#vY+D*~-@6S^tSfi|0;{$~zR9;^YyBjM04%@C;Y!*d%2TcP
zy1T5`qm8T|n_Jn91a17<7T@(E#3A=Ke(Fh;A6-0b{j{xA#hhG>U|i(#O<op(p{S_u
zdlpxGB~ysXzD%C5rG=YDba9<$%S6J`+8ykpvkz5z998;^+^)x9YICKwh52KL)tdTO
zd5igp#3huL<&Gd%wyzEr<IF;JiLQ@H4HXU}KMK-kyl&0_Ymj3Ona|fZM<_~e{xhF$
z+z%y3>t7Wf(Q3RSpVMEIf*z6eIriQW;yozqv+W)25}H2p&oi&vt)IW7)RS2An;i`o
z856nde3MBt7=!Ac{C+6nAYc7#a+y5J*ZZP;BE;ZWpcRhf8Odgw?`r<5VW73fGr?hm
zZ~R4VkDKJff_K*QdVR;JD`WL*)49f>Yux!?U-6>sTEo>VAuF=O=g)c9Kq*OY-|T`L
zE>Jl)bX$XNFCaOMkzBqU=A3IhY@Rzd3v5p%f~OQ@9L}zGvdD-660Wd6rL<4Ilzip!
zbi$PbCOODzq_lH}7gVtAJxnB=A_Maif2>_aWHEVS^7rNe-~h5rNSD*Y!q#r4`||6X
z3)*%mp6TGJhM+k|N_vTP!`C!J_Gf{9FA^Zn{Hmd9bN`Dwp*NG)H}AQs+YPTr?`;pX
zh4rJmAYtJL^SeD;zyr<v1H0aJb9jSr_tp1}sss29gH#_(;q@zr@V!lo3O-w7ml5SJ
z?Ph#~?9}o0vmHkGiBd5tLsEHmMQ;RL-c+Uvew>uQ(su<~6sf!~f0IfDDu=00DN)0z
zNA@C(ojeJj5hb$hXyW3(YW@xEi~)Ul6D~Vv6y%^x7~D9BBZ{}@0ZE_W7Bu@?LSPiP
zdt?}z{lynX!GT`*rn`?HNVYfqbv&Z~3+a*&X5QqIfVo%f4OH0f;gL(->d}<r9}9u!
zx%fy$yxo(Q>Jp8KX1{4C$3GBK^Jim^`>kcne)CIt%2qSaA84|E$u>_tigZ{FJ`&U6
z8g}Y$I^~`x+H2lYRj0G7Q<|L>Ytl+6adN1eD=xWqsQXgRIWP-XQm(dbAzEG^S`uMj
zXHz~mIIGpPWH37`rBkNjRHs;;uw${RQx;#c)1(zr65ptWrat_~uKvxDeI5TF#~A8I
zI~D>u48ya{O<Dr#+QYNFO-t13boO<m>PH)Y_D=a@>sFqyXF*Y}wrSC(Qx;TW+N8y$
zUb1K5`iG$?pBtWaYy3Mpw|_V%{oA>A?`-uS7uZc&On>|P)01+)ZO_{wKqwx!q*K=O
zC)$QX3(fL5U8lM_owC?J;l})zUEY{khku4!*8Ha@b)ASB<opjo7(g2PL{i|OL!x=3
zG#Bt-n^AYgG`c0OQ99%gq_^;Q>sGJirL;KOCMupPZ8M6VPIc=xH~nqfVwcDdq_IoH
z03PfxuC7oF|7j8U<Bb$Zqqdrt*y8ArD0ezFpgU*(W<+DX#i)5YHL7dBLeZ~FddfPW
z3)dvw^QQfrUS<rP?WZydI<lsFeOC0Se>rZqb!mMcxMk{r!I)aDiz}B(=>AbNk|@T5
z!CB_FQ!8FdVk&dH>9W|N$MO--2%d8N_653vYfHF7h}FyL3FX?$V&%{?m?*Y5WK_C0
zLfJ@M!Ip=EVJ`Y@)kcw_`dYi@s<-9!QDv+FuOF<IA@ysmskRcsog!Bk?@S%qjmFCB
z&jJOkQVdt78xyhD`rAF*GD4oMme*Z;E<X3qF9V}*;d46c7yE=Gf)=^@x#yeExb{lw
zNqotyACoVR`f`}ZU+((=;J?mUeO3MVQ8i~U{fw1u2vm#C)m4iwp*#in@@xgYsR8vF
zzBN|bCj84Tk(NT^?P_P^{Q>o!%L`_$66Fk$L`gPLM6vBKiM{w!i3B+d=rfv9`ljo%
zYe2BpaygqG;Mj2m!vS#hLb+nKthB|tW&c(J<_zZyAlhKvK)}|=M+hwNT)%vIY+SA<
z-V*3@C%P4WtX^9WB3Zogsp4`LIew88Et_2Z&}Cn&C8rwniYiJ}6_Fi^#SxWl_JS%p
zno|fDO8b(K9l0Q;*!%ibk<B|QJ5*J4^oc=~Lt%zL)FQKR^Gs3Y;+DEtLv?24FN>hR
zEd)Yo)v!4(8?a_SD_&9;`(}rBh%1VQCO1W7qvjU6{-OWg!modG@ULdQ>q;un|Is@D
z+ez3XW5I){_ndPam4_xJO=c08yN@%DM-re%<3^R|Xnjc^9h<ypVWBp~O2^>v2ZpDr
zrM1+Q>@}p!@=WBU%!;xVr4sT?65~9?cz1KR(x$4^dDk>$`=w}6rF%<NMkIUbIoPFo
zrSMUuyGz+eB)jP;*rmFw*^hq)#$%00b*BD-YOLd*ews8%@qRosNqIhEG#Uwhx=NKl
zy}GBE=$`GTn6za(s;`cIdW}o8>2O@T<*lX7&XnY?R@M$nwWQV#%jK`;Sv=YwpdSQP
zO!VvJMZHAn@lcIct2JpS3y}5ND;>+x%+d9p)^=ShmHyQ0o}!~`v!9}~bRx)`XH%k6
zmo3vPax&+rqy5f7U*?vlDyL;?>@B!RH-<X;&@*}Wvr<opBR}JCPTooLK#wl1W@=Q;
ztv)`zBEzlE;&wkPeNx!zD2un$qk@>${5qxV#i~R||CK%8`*2Q3HEu#0fk*0F{*T2t
z<_rwdXXTccqBK%1>g)tk3mVew;Cn3egN&tX`IERw2|R{4MQOacqUJJyqL>KYB~6a%
zYpuj<ZSYro8WYHXnf#lT2T2R2%NrJe{$5gu=FQn2|KqYZ1Zr)^+YkI>KHQ*%b%R%{
zN7P=!o1+XGGr?ZRqrZJmOYyYiwV#?3n%3>z|GFf)MLFv@Xv~S|w`z;B*HY@|=|>QJ
z^_$4@wkXJSMhvAcjPY~M&(uOZEXc$`Je(DB+Rs>`DN6fEDpg#Nn?_TV@YC&Dp6H>#
zIn<({FgP2Z#=<<bc$QBf2RL+?)?8>AzxF+@ON+)zFrZF(A*r3F1aO#Ns~X2C^}Q^P
zGh+%zQ7aelM?~!Ul~$laOJtdrA0*xG=RQ!EE3eO#11t(!jcEXoJ11hUbq9RM9kJEz
z1+Ne7&%j^qTyE6Y>6L7-r!v0J5BaE`%6t^gN=8%^oJyNxRiapT<h|H5HhxP(Gjjs>
zo;^68BSE~+QC6=DN8_z|5{j5JD*5>~h_uS`z0zWZc@hk!QZ$#*HnezI;TWcI)W&|m
zI2Z8`99TtJG6<&Wlh)T^Y8_TP!>!rN#Zejutlot#-ND$5mw~MM)RzG^>C8qPVQMv2
z6vJxO%e0XiO+Vx5G@B6U)T`}v)k?nA4XG7d<u#Yd4IW~Zjs2LVk#(-mnDw44jw_XL
zt-fh#ZO4;7(KgeuS+m}CT+Zku+FdbyT-|5cBi?G;T>*?m9iO4>Xn5E4WjF?@7oTN6
zc&T_sH7@f2-Qyol9s8G8FN|k_MOy2k*8<t?bYtl?P$i|G3$VY{LG}NKwMInhtVUit
zUztP;HjkR;-pp<A1926v?jc|G*Rn%C^Z2D%pqyt^;n`5AlSUQeHIZhWT1kD*!<c51
z^Yv;;yL!=?s#;Yyt+Ph2TFHVHHc(}q=TC3qrQd?EPn6bURITfZ`HIg{ABYv#$<!LV
z5rIW#1GEiVJ4Ca<F{uXij%z%{^?21Y#r2qYK$+LkwBdD2saMHEBz2~$XGcl9!?MQ_
z+gtRZ14<%M52v}IYQ=@>>rqN#;@8?4s)z2_@g_yNDN>}g-^(aPceFFmuLZucXoemr
zuBWL?OL1Hux|jXcH5U8VFJ!akInIa{d6{*GkBV=0l4No0+3hVwMgGZJe_m#V(s~JX
ziGMXObxC}6GL5D9b(-=z*`fQ7q2|I;VNdb6IjQe_Y8_6RdF|?ox(SDFg^bzFYQ-fL
zUPr8NFPWNI+V^cy+gQY9V{hL3lpO6Y7>;(GXPbwbv+P6#v&8mI4$s~r7h#f%e8*qW
z^Z><WG2>o%L1uF{TF*Z7bzx@(V<Zk|g-vRTNF}3mjEt-vR4J>xH#jcnQIsOg>%op&
zkPBgmTaXVyr?^r6+m4E&JhR7H$||cz^G}1KYDjk+w@k=MT%#Yx2gOY&sg++Ck2H31
z7~(Wlu^8$KMtl_Y3Y+x*^eHE$^X1KY;cG|@byWrinbgQ%j@2?|mT9U2FfM1QuHU--
z`nL%{(MX75tU|CTN@?@kwPafc#$QHz%5UMiQ(wFVncuT<80#iPQLp^gb*jFn5=maq
z<UbfAB#N<uE<;+v^rx3Id#MoW%-^f)vse?pp;5Z#kJmGk-ybo?ymRikvcgDh`jlvD
zWc=t8k?Cj-ar#$7m%9*$j&fU_hb*&N(@NyGyW_Z8M{hk(;^x1)j>aVxv?>k}lnKUE
zWdAV<S^Z*%iN(cx;0;iiO2J}Be<&;oYQ~Xut~irUM9Up9vtrrn9<<?<Hl(ArLN|?2
zP)o0Vpe_lj#!*y@$#$bDj>>kUE|yTFdjrYmxEX0l&$t=o6SJ_mTECya<JjdSxBid<
zadCOM*l{xwlA?dkgnEdFIhpAe>e{)fUPA|Yse(fXMb34iLz;>w7UI<TQATdm`64XO
zSkuxh0$9`HECN%OIK5aj`EP}%;->UfrAYFwRN|F#<FMnZ6O{UBOjDH}O4e1(X-q}0
zQw~W3uGF!o#6JndB5Kk{EIC!b<wDvWf0;C=Vvv?Rl6-Hde^`}$^PnL0A#eN7zI`-#
ziArwN6w)+w)TTIjSTwmAU)^YOqrSQo>z-*L;uS>OAs!S&dm#=g4TK(Yb%_pXs6LnH
zN3pumdQYRLXipQS5O{Mtt2~V^q~3`f7t%cT?2-c_P~=|ij_Wm6IoWn)PF=}3xtb_A
zxv;w<7l>+X-^um-YW&E_<w;Zi<%3PPZle$<7bjV}cwv;gbI4hgyFlJ6e`%Odgt;Q9
z#8B5>xlq16?DibNybV`<v&h!v;lTFpN<)LI4eo8egwPLe1m&oH`3LZVc&&f8lCfTR
zv?NR6zGGmv)AgdeOMcU#d+Kg-qx0^<Vr!fEz5f1nwnA_Q3J-b*4L@NA4}ICwwd67R
zd}}8MKtb}X`4naBx6PA+Zg1+j(Gzu!9#uPcD{%*wx^YO&N^nZm$m4SOYF0Gi^$$hX
zcApPbG*;(4Tz9Di9%Cp)fPm|wtqUC&fopy#7f7Z}iqd{=y*|1HA9ck(OBW&lSXKti
zVAZqi0{_o^L=`N_X3n|WgJo9q3vXl>|42XAxh!FXu`PXMcY`fIBPv1Zcwlmx#az$<
z$J;#ITKMdIE0MOwB{8Ra2P{cokcD9NGv-!7)x#ZQRluoDT8sAHsUUg=9<hDU(Iz~e
zd5dL`W};Zdo^n_Qu@I%nW`CD_BvWPEAPW_qJi=bTJV!bX{#Jqes*&f1WMH7Rd0_rv
zoj|`!`DLoPd&%wIGSIi+0qMfJzt+_oz1=@-RJYa1;Ymry<`g@!Y3b-FJbt!~#<3@n
z*X);d!;-T*xA%}@RluP4J2VRQt@W<^LH%r8)<Gv1)ReDjv*k5QPHHWTPHryLPK@n2
zw^`>iMzvcQI-$e1Jfu31*wM|1>N(K!U@e`Xqsfpz6O)^ijvHq5D8FV{>H85&dl;t1
z>k4e3o$_tO;eg<lM$Gl@Te}aZVrZwGZFi7f!Stuy&v)p=pP63Xd;fs<>=TL{mA~$l
zlXwofkiRhZ*zB+BE%K^(UAg;!d;Y*QI*Ru?^w`1q65;B<@iaq=ywS1o>4_omV*LW>
zad)<{Rv-p`DR_Y=?vrN@6+c&gBJ&CqzmUH(e?pr3NRq7dmZ7@f_KIYABJlFn-$W?w
zjdel%j~S@VdFsqyr#m2jgOkJm%`ApskGM8h!R=NXJoxkZ!By6$SV3e5<_{5f(1ei{
zn?G#5+#r)}N#(i*zXkG2zh(I{$EFzG=5%c-$GS*UBmT~Tj`hPfzCUDG4GcRc(jh$L
zme74@*~q#=>k_WIGr4BEc&ZoQSyuq#A>H?O-C@b`p-7Hwx5CQ`E(>Hu9?jadk%`TM
z-8dT4cMrdp|F^Jqcu<!92LuzgMe<zyGlcl~N4LE3g<{B5bTa9%i~uvGK!z>;W7F2n
z>%fJs@mJ5N<WW69XVAuAa#T0a(#!Y>M!OA__qnm$TdMJs;4JrO5;J84TLgSor+E?)
z=Ve>arbBD`QGq>pu#~rNkDnN+70?xOld&zBx@jSQ+uqwA;Bm$_{zyMO*4Y%Rr*0dC
zznUYar~bfDLD#dK_i7q!8}O`-U-1>bywj=vuOw1cvxS%-`9^sJQ-d{yO=nqphWQcZ
z%O`#_6yhy^3PFv{zaej1`lcgX-PplJ-}e^#--cdq#M%i7q=^3xo(evrMO;lt{DA>)
zsi%UTe}yaWP9UO30qEa>qNvrabugw!XxY0eo&#Kq_x)Hhz3k-CB8cB*#2M<lZ|<O+
zL6LW)&RvNLL1`DJ$9@$C>c@erRq$p8^2Y&fSs5~C|2h9$*#CtaHz*Ubwzos-sify$
zAx^L>mCV?|vHYmpZFS&}5d9^qeY|g?+s9k?+}>VR3ZOe$9&)Rzj?<&co0mLrQgTbv
zD=qy%cho!NR#pA~pQ>X=q^?t-?5%pnOV!#94cDkB)+Us@MxwTdCf7WL6&a)cjHb$)
zmK-2>AIY)hvG-?e!nNY#)4p1aa|$d*o(@E|7B}sZiF@)NsE%@ExV1S=mEgO~Qdd}j
zRdZU4ebpn>-0Sg9H<9I<Vt@jtHe+vvt6D<cb<KNgl3mpLuGdQRwef|<>b!>Qm@3N#
zk7C0|chfMEudUH+rW?}quPbHh04<480xBn~$yYYg*EY~k^fj_)b0g!dPxRg6tQprf
z53SA_Ur4Y!MsPPmCq8scxnN%@T%c}ooIhcAtSy94Y|O`|J<66BSXR4NL@_mZQrK)X
zG$d=E>{30pEpABa-EvpBr_OU+Hk;|q_a8mD=&pMo-srQ=yOHbn<}>>bnJFwH)24L7
zr`#D}l2~o}%X(CXpmAPwQVK5g{NIpQKGN6!BCY~prN6|7*!D9TcP2dH1T^YCB>a^R
zv>OOg0Q|qE`MH%(AoslHpxw$}#s$Ex{CBMuXi4`(0tReoHoKjp{Effhxh}zi#498I
zDGdjZY^~hgVgDmszShIf1PMi9=z-q;CVs>cnRtQ73094}z}M?1aKXfMK_a-|T=Ok3
zl~Wp*JmirSpeouUzfR3fkDYP&`4G1xcOa_d7Bf?zuuk(V!5fI*!vd?!f`ULE^A&$u
zG3=yLpxuY4lB_*A?VMu9(A)#B1x&Yq-C_tl_QhMkbT<SX`+Krr)+ijP-*S1a)y%nj
zzDE_y^R{L#=Hr>5f`8cloI$uB3+-v2DUW(J=-YmUzDpSLT0^yjmkJa+&P+y#yt<Fw
zXNi?lb3N1<>P)62I#$^_(8&%kroVcSk+0x2D0f2O!rLUDR<%>x5u@c&YKl1=DISoZ
zKrQJqRBco<rB_1_Q|*B+dSNanwNXOn%Cpz=Rzq;0qT2v;S8k_jpB(Nr316<nPa9vl
zzWBGke9?RT2=I<>5E>|ezq^9SU_9UVwNQUlcv5)W1yiREM18m%m8KhSoZVX<Z)J)l
zL_zyq45`NfDuHvE{d}ms(K&N*E+ajT=QcLs5SY$(m72AOEMUIRBm8er;n#STg3whR
zlM!4t(-B;UeFQ?UAJ!bVBAPGyEV$b3Q*1m;>j+5VZRsdh3V&$RY=}{;NQK-~vb$?=
z>2cjV+G*VRZWlW)!CHERIBKyi>Sh3zVRv<c0q*N&kD_;|OK<r)bjM2GLtY}Mw8&;T
zaa}4W#6Mft-j375ZF(Wvwk17DL?y9|Xwr#6dD35+v2y={Fp;WP(^mYFtx8P7`pC#b
zZmTrLhRF28{i4Y3xk+Urfmyo+UR1tL!=wGT$_<Ba(2c`w<@*o#Rt7ReBCH2#&fCs$
zq&lIP>vsQ7Y7S=EbjaL+$dO~V6YnH%+P5^hS~)7Mf`6f3dsmx$#8uNDU$obg>nLkj
zMGB3xEEHSOVH*%pf`)>*!b$bS!b5ZVkfi+!6)$isV_2J0nx*+fGsY$tC&f&aLlcZ-
z<i%&KK7HAm{G`Vg?qi1`Dbn{ToZTo_bFV>-((ql?Qu^xZCE?|h?!4yF^UK-e%lfT0
zX0?Z7wji$}Nm^l)+>AKYVGic?WXQw5i08jU-*5kO_w9r~{=Du7nEvUSZ2lj8A;x|7
z#h_Mzf|bhrjDSV$3q_%j3G-I~R9>~?%HzuW-{pYmnxcx4)I(Lsvv=xlsmua$NfMz`
z-9OTZ`%d+b^#TNcybH#FoXnCJKOpM5LN#;?Vr~;oTKgn(_Fl~Cp9C%}V$NqnEb2El
zANX#X@5g^J#&tscClN=>uTheLktd=^6Qe9M6HZ}~Eg~CN7=po}m`y1)BNCGQcF$g3
zdSFq3;o<irH~jp6L%qw;ln;6Do&F$)@A8#Ftf|9?0#eLR7^G-GnuIU}Qti4@@mU77
zeT4Bs?Ha?hpS~<i65;Z0o)y-~HT`vY=4+Nib#>j<`vTMUoA)8j>5A_t3D0DIu4W9=
zkGqaKhL5Wp!=ILg+J<sXZO84x)E?*Z`ZA>K<z6_cM*hnvZR0pC)`@wKK^(45e1V0b
zN*R=D$>&+x;9+VzT<2x4mdK_f9Rt6kPLxcj5oj*IdoZOfTO+KB-`jsM!OoQsE0Cu!
zK;M>50SF56Q#Ev8Nqb%PNrjo=Caa82V8}4D9UdiPcaLdOBXW)zcA+M$g_>`&YUcl>
zzMogz<dxD94>_W?BcdqJ>2Zo{jKuigkt)>ol*x*`3bUzuLIr#dc|Bl<^y*e~KIffZ
z(i{V-!LJGCwCgGiFTUgKJ-FE}sx}EpxKDGt__hp<V@0Y6ttp_E{}JBXxMhp+joW)H
zyC&g|G_hSs5JvUb6IYpUT%>YscDs;8a&7+G@FIU57+Rlu5x9k5bjxm6TEmpS{Fcir
zVd+=r?^mafs#th6_UHxE!RfQyg?6eVw;P>f`&Z!pFQ~U<o|^|RFW>Os_eZ{x{!~HG
z?yy(-^!NyEl4iWI8TLr&17LDF9*lQRe<z>;`vRfnzxO%q8kgsMK`8FiXh`8N|7-g6
z63^$0xcutgLMs+@pFv!i@>p|?Wga2K6q=+JxjvhqL9U%VBUY>WE;AXpMIcB2o>m!i
zvfm_Dc%K0~Tn-CvMCUhTF=J+Y|4H2cErobmQ~%)!mmcQUUldGb!1B&Fe&GVy1?P#l
z6v`W-q|+gD&?4YKEy?Ep9_r{K>JZItZ&0graK^D}0#aO6!m3yAPjiBJhIB_1F`59q
zZ)?6zWti>Dvt1S7MV|gN!Mp5>TxnRt!!vq>q&r=M5`?ifS)-&A9#6<JAD*Z&-CtzA
zvchw#M;6cyOlSE2NQdtQsjWD$Cc!;HsQ#9DTigWqJQZ~e!rTuJOkaD%yGLOCc*gAL
z;|r+2eO2R&c~s+LxhuQ*e7p8~VwW@B%Ve<lrpT;`bD0V0>Ws9*mzj=D_e7|XIkbrF
zI!C<DoZi5c#JI|mT_%g|azu<+;{TdwXRY{dqBp%yV|wGs$qhdOv*)J?=C>7WgwS~h
z<+B)J&e@0?=PM1$1G6&2>!A995p5|N5##(zIyt~vwnS{6y=HQRA~N}K9Vl_zHAwql
zN>Tu1W6E`}8oZ7($n*`E(^31TJ6(8j<>9vu4ETw{3;Zt}qanGpbbneHdT&V}caTRC
zd*mCuK0k$DrXW+%td6a>@Z+p!<Q^M&Hq^moRCGq-9~ZuX2Vnd*cHw6nFr?}(x%4BY
z*Y-lZigb_UAr`aj-HZ=64qxoTubwe-XUZzJkTl6-86$Iyzo}emO8jXN!(?h1OwaGx
z<1eGJSTPBtT}mQx&&y;qq*S8YxxuMeF|nlfN+NQh1Cr=G|2~Pxv}*a<`$3zgM^nT7
zY0aFi6abqx=hoN?i3%`)>1XrX+F*$v&WMW@nzHa6$GNi_+);`~huf%&P=wp4A05mh
zscB!Z7~YX1;IHpACP0QU{P+&~3+}tF&+p;<nBV{K{rK-uJweuYl_(_j8{M293xR0M
z=Y|A=Rt}9Jp$E3HKCv*V<ls+`Xb63H=BajlxK#LD+g?!vYO`W}_^<e)5o~kZ#&6)_
z+jd444Rw+U?SWkHCpQ5r2)PU@FyNE$AO8$@46$lJHQ+bi$#`x)0o@MK(wRuTy`EFJ
zJ~~{A&)<eGU(q*Ra$!T1UN%g#P0Ozxq<(a6L8MpazsQ^Pe}coI>MOuiz`Bh(qoIB<
zX_jHV&MkF)6Q7PmoXDcn{#3jFw<oJ365ate<_z>eWuk(=SV`YB3@3y(52rsvX4(nz
zuz=cB^k;aJ0v4oHct+UEvfPH%!*ge!s7|$sfM!D4?m4yl-1zw6;N_j3t1}I6)K+Az
zK`{M-we@9BX=wpuDTUfxl~t`)Wj?H>7C%5!TL9qiJjchg2J5V$xg|koO$Zwa=TK_h
zw=>7dq9kbKYM3QfUY%@`;}qdhRsl_!Y|_Q6?gb-!GG|>qto5-W45KNBiL6DjN?`8W
ztflMh<Q)GeQ<?DC?<|peFX%2ysNzA(-mxS&+6Gm<8w<qJMBiXZG<H%sqN-{OD|6he
z%ru2S7V2nr3)YL~{3#%_O4tSCAq|GWWm+yo5VbA&vbb+fCyUj%?Sf6viSvRD*KW17
z-x1O7azqQ!jkZAt>_0&49UaeCNEhoLi0qDz{5b>6p~!kwTUiKE<QEb@Cr!?!f-JZb
zsAkW6{C%H2MUY=RL`Wt<_C#bBwaK`$m^t5#*zv?-4c}n8=Nqd_K{q$bkrZBM(_??A
z9U9KmrGXt>7@J0F=O%K^ctP17*t^!MD|^0@+Bbf=x9O%M%;~8rZeR>tfwGBDF*~34
zHjJQJ)UGR^ppMIAkJ8pTC(}9{SpDVYqdRup(BJo7Mq&EbfoV?b!aa(NpG9xDDkC}?
zUtt!*Ppu5@IfrjQ`&njDh)i&XBuLbXoK}iqc3+-*;;$E6xGr7t%gpkXF0!nixTalm
zJ+SutMmBN{EQq)6+s#tzHo$?aVNSaC7;q*)_J&c)j2(COWzQJ3^)T1(d#|>l@HvK~
z6L<7Cvn@9+Jf+`OX9!_RPxX%-WGbQE7?R82H1?`kO6RE_S$rmwi?2BUfVTaN56_p`
z-g;N#VK?Z~-;HQw>GMMJuHHS$;?b^YMJ*lM|L*2GXW-*cbTHw;YfR12eyn+qx?YEG
zuc;x66Y1aGa(+^E&J{_oQ%r18rr05WMZ_4X+OK)G+_cg_;9aqYm@~MQr;`;<7an`!
zQWUo1Olk`M*s|DB0Ehs_a;!fVam=RFTeRwHDW|RbYe<x7{-@9{aISr!uYHfiz&i90
zOWmhDrZ1%-B{ma{&asg0n0+D|*)ie_-LG%#34e1|rB*`ANn*;-JI`>pH1-ppH5bmC
zi9*`q+%;?u<p|ZIoiKx`e~;m=6*i**yodADN+`tCKR$eMsr1x36TACF<l$W46l7Ob
zH`9o@V#(lywRUd?Z<c7JiO4u*8|~Z(92Peq4b0B#EwYbF0x#04;rE9I+l2)O_nS5{
z9oR0CT$_q`;*rU*8flM;@!?k@j$a*p#><i8{dLYd3^(@O#Iub<vmH_INSh&L;|XPM
z9mcLQ3lL#tc#q?fVtiKVk@(ow|M0lN*SW{#NB$_ZuT9NWwSru4dn}w_4JMNw!Wwoi
zU+?^FJTbV}!o7!SwFEa|bdUGQW&nSCd@4OSuDL!vpH=KB$!g1r$Bl=AR1`2W*P7rP
z889<RD3rAGiIA^&e6BW{cdZ#MYVlAfaQ<gxIS<}a;#DgOXO%bG0@Tv^ocKrB2ev9?
zCW;fQE0eOpbmDW0eOULqV||Sq$l+wG;P$*gC=>mui2=Q|ycR%~B7~T2Yat-Q4q`aQ
z0P9gq+qCailLQIX_}NyF50$XH>f)FVu3w9z&rZh@DrunVZBXj$kw?lJd9vP88$Pnr
ziQLGG1qtul4m2h`J1lZ`UT3})e@KG2fdSed+uW>nyWZX`V&@^7QVZh^DFm{{WsS7d
z0E)Pf1mRmg%dacN8L|#B<C!Lfv&x9!QAV9>$M&KPu<$iZiD)6j)caZ}i{;9G9HQL*
zO)L8&{=Ff=zQluNk*+XG3EWv;(N_)^07trZM8Czk27XjLxD2C}!<SY?44am$e@caP
zS(@N{3a+)*S4u^UG4DbNp(!rk;d_?D_r-#GIk*DN62k&GXEo(Ki$Wz1l_LBk$!-~Z
zvndt&$Fues<`&mfk3uJVa-Ip{MSKzD#fzWhdOv%lf8I%;o+N_V5Hck1WV*~T1Y<W5
zS$Xr0aRRHwarc!F%bO=M85^a#WD~8hM62;yQP!Z#9D~#7h2E}N&ZX5I(Dy%0neGsu
z0`B7>5Tik`>|i+9|A(xv0E#2%)(uV|KnU&uLU4Ca@ZjzioW&Pe+}+*Xo#4*m!3nUq
zEbi{k<G;7wt^4ZLoc^Zg^r@-po|@A=Jx6kpBjF3W{XU$igHZ>4&-`lFS$ykCC1IcV
zds1iL1A<%V;B`=M2!7oA)xa3kRJ6Wat)^$8iI)i?5WyyRcU(q?3kh&om!gMx`*^Q_
zkF_X7DhsO;IGKv_-bvqsbtij79;{3ZSVJxvxD;Rd?#6XKd#o0M6)MlQto)%2gq#4q
zTuJPx_4G|d{E5vz4k6jCK91SWkdZY})3XEf<Q-~5qWh-GLv@!}EsUe!*_)_OWW8>E
ze`FIu@9IW#ycdw1DvhOLX+$R{TU7QesQOCEk&k4vpLcktc;j(vnsl<&^X*)&aw0c^
zX+Q_sf2upd-gEOc#`2m%#>@$G+0uw#&blP*grhdAIATBVf6-6+Ity{!s-b)wtp<uC
z*Ij;Bv#J>z$&-<-Ywur=)wlo~)J`>SUfaJ*+L~H2`UM>(YM2im6f`i7m9~!=wrydO
zrPE46H{a;4I7W9MdC)0(0i;K@lAy8l9|(4N{?r#5jjMY3Trx@-07!9qx$S%?Am1BS
zNf@S)V9)Y+`NR^|Zb46A)Fsx;3+XS2Pg)r*WtQd_r*s`Qm6kL@v&UKyO{m`RNmp|^
zARBvH-M(E0Gbqxj(bKCY+qDZnpG4o@9vqAu)rvR^hwZDhj&E*P(6=B^qGQ{<^t&oB
zdmYYwy@6)qnKKg{d^K<XO4!b9$dtXFfRa;=$y8Et@MgVqY8z-PY_(Z_wo{#6IAgIj
zB;XJmpEol|FP*%zC!eyyX7MI*-?*1Vb<R7W-8rerL0>=V8g1+W`{(Zt(0jBV6ZP@T
z)aS}d$GcLKHo7q6YP!$uV58&OUf-REd9TTFkB!Zh)<OAwGNFn{;q#Fx$#NGF7XLmU
zJIwjQF1QDkR|@-yc~mfU-PgTg9Rr8ebFnV={_<-XC4KHu<v-_LKycshJHDVM@QHti
zx9*miKb_gNK3qJvf^+7r4kcL*?Nv9fzXkO*WAKi_9LZ+Smgdi-5b9C2Hl-|voc-?w
z^(IcqkrO~OZgZEdJ#{NobL)+L+-Tc(2x-T4-(wKGV%mFXFq?!1Pqc<Mtf~iFK#QUc
zlR=S<5f-baV<yF1NX)wEbXs7X72}iqW@umJ`)4clDK3iFwshW~&b0@h^dWMeKxuHc
z8V2Zeb*tlmnyT<66V>B!GVO=0WAU+Loek&RWUMJc9fN4{qO+i}tYaN@fFMB~wXtsh
z?Eqv8m<+1x2=TgOd#kU}?MnhJYT#n+yWVM<>dr<WY7}(3kfs>gp*;fj{%9~_YLu(=
zC++KUYFy_V&+cn-@~Mv}b?&ER#ppYg5$csoq?At;0i4RTBkdD6KCtAX(DcSK)C6w;
z@T=c}zg=8u4a>Js@Cjsg_Q399cGNd9wt8<)f44H?)dY;Gx;LfwUL0|5-i%pQ4;Q4p
zEi9Grm>qr1P_p_{Ps~4BTQ5+ezq6n{;XG2?NUSqj+bB>XwX>j;tx^b-jKh9nR{U5t
zLC#hEr)g`ES8N1luKiHWg=72HXGA^5QN6@5S(33{`H*VP<wn^)ZMIt9)+-;eDu(AV
z(Y@#fVGsOWH*>aUjpX>nSMUrgFQv|zz(Mr5wmGa*Yp;X!_SxT2*zwc~dcgkFHL>)!
zvL}!)XL3b0={@|8`H|TX=NwmQvrg8;9ARU;)v_I>>cXRJ%dFd+{EdWbmR)Drnn`EP
zTJK}kT+O|h|Iyk=_Hq^4%8P_+#w5O7qxVR*dNmh@hi%j8dN^mM8~g3jd?VwZyJd~v
zxRpXZf(IzG)B~=ktz#&>ZwldYj|@|}In>fOB?I5~^i08sPv8RUqFUwD!5qy&&0BDS
zb-)!9Tguhzto)u$IZ>;2w>LYH^WC12^{I^x=Y+xL>087iig{xGD#33$elfA(x@TRn
zA%A48&l_VTW1+%$34sim=^k*$p>{93%c^V3c4|+|&yJwZa}$O?XZ*i1zmk4wH2Qew
zrkT2lFgNdu*CUg!j`ADOo&-FRIZtA7ZVugtVl_VY7*=YQkqzGR%qbXp@r^2DPER5_
zYJqdE@ci%+-5%*jT2JA`hB_5#LCos7Eu!n@EO)-h1TjW4Thgr;@TF?I1PcB*`E#Wz
zyR2*Fy$8Jv9iPY4ak2HuDS~#4Xo)*iTp87$`hD1f8x2V;;N=VjUG-#va-S2fDOgCc
z;XFJjQiFoHYd?kkx}UnuvwZq<PA3G4ty{eiMIICdz9&VV;dy%FqWC5WM@;@j6BU@<
ziL>3|dk$zH_;MmsE9Uc)!GRe*LcEF}9xf(=Y7i@TZplL6<6&h~Q2j+@hQd8BeYcjM
z*BY~6#*yVMIM7TXRFM2O^^Y0@<e7Vtckh#}gM6%Gc|Xs^nWs0#J?cJOGIGm*?K@By
zLh)o?+P=d+4zKH;v$(<wpm@XK(-tgPL2IfW>^aG*ciAa~DK8!GzJlH@({rb&V51T6
z_|KLq`olxsH-JPqBti#~r|`)MEB<`-M`)Di@Q&H%$B%4u5A8)(!XpUfV<;W)cV{RC
zy+vj(g|T67oMN8pPp%%ddU*Mmge8fo<HVVQasH$Yp@gxnczpyJh>U4Cq)@H={s_{H
z_c5*39L2Fhs%i0`=<YgHt>(+R$o!s+jhK0{2tqz_MB?A72yLKa>k7B10Is>=8&{gs
zC4}{SVL^Dt=)OrL^Jf>UVS~#=knUMrCuYIQM5_KlyX#NH(+oRi{(@^y--5P+j_b?c
zowY9X=kp4NH^uV^_5NguVf%i6n||eyTHAoMX^F+)h<@d<noI4A`IM~fb-vQLg(^Gm
zbVW5@7E}JXGwXk5dYK+mL-ZEi>o(hO^md2~+vV^JTfL-$<nA}N0)GXaPB%zHkYYYa
zVj&pgI|nLB{=cw17yO57vy@t+M;ptEvMJoCDy;GQoWvhC|0HsTF#EsApa}cs&@03M
zuEe^(ZZW+|;kM%%=tx`dAzY;Fv3UrI;RXYY>=}3_(#vK46t_*(?Y95l4x^g+U3EXK
z!`hQ0YhK-`pOag_k!h*id>SR`ewS(md%)wP?P_0@QCm<`q8-$H_CboJ9FUJ*C>NBC
zma5UDm4waF<c(!^YmJ{Ma}g8vyE$Nx2|KTcc`$yXLZI-V;!Tjqs<<6Z!`Yth!qiVn
z5l#{V2~O!z*<xXAw)=>RdPkQt!GH~4QVfgm>9b*&eL2@nZ#jM6wpD6)0Qy1c8hN{F
zrEWL?eJXuZpZbDBwM`$#(~Pg^T)xfSPb(E!bZtqFd|{?&H9oy;!fZfH82+0-Dj57X
zaGY~t;UDuy#GUOKza($~{@n6@b#Ksj!jN-XGb{gG5X2BcEQen~*8BLo|BPquZ+#8E
zJxRH2l6U^q?aZ%7j^r1+A5r^w7jBoL)WS}eaD#sjzyGa4;`T*h!HA_+Ev0)go3n#S
zT35FxY9V3xKpy>;cvb!rZF#iEZfZq3aU$T93C3Q&b5Y=)YgV{+?d|)lZ|#Je2f&nE
zTg8<tSAkXlLzk+&L)cFets)~tozo%I!r?x;8}uPs?z*=Ds)88OxMYyYn(@eB`f00b
zp4pHj$aDp>jf{*dZNUUMt6#koDd&Pfw{zI3+ey$ad(0N~{kKs7E&A>VrociZk_`f2
zFkt+F)alZ_J7OF3wt815_zAVBul8$ri^|vefFPh?s@|JSYuoUwT($m)TEG+QCT0w;
zU7Xz)1AqPVq^sM@?=SNc8KWo7N!(%iUay^FDio^c9Gc(DQO?s|&P)U(!;~kd@<-V9
zRo%mT#4yjFBhFC|o{1WubuR1B8^!}$E5Ivv(U?Rr8&TTG@w*3}^q#BSYh~OPCvgqt
z-<K#tEC;%s`J=HfPQ_oc%AB0cHoUb}(n>h#r_z&J0c~HZKJw|UTW;#NzY!=`R0JZS
zO4sHl(j&GS*-IgrfVhnZFehAZ$z&{sGyx=?D<Fn|mjQ3Dfq&?^@&YlPj*hoX1k*Yk
zJh$jpVe!S%Xtjv+w=TSJvgieKKH^0IKC|&MN|wTOCz4q&rS)W-w*`aVkQRI@CW){J
zrA?#6|El^$C>aW)983DW(EK4oxGiY$W-A5aH&&T)G)5M?SXAfZCzaZ=0*)kYUP`OT
z8gB}kyc6eQrXQ7-j8x}h+Hec12THA2549uP9vu%4siFMCW96A`k4hTChli3{FEkZo
zrZ)wZ-ifm@<+ugq-m35CM<q4k@<U0rm(p@FHAV@!m(nsa&YOZ_ZwMqNT2@5z_(8-`
zUeX%Dq6sP-<^QOpD2#F_`SXRwqV^p9@S`>?D!C?dkAD?yQ*!Fl!4PJvX9Wo%fdN*6
zi}x&_QY~nXlS60*`Y%uY3(igJ1P2FC1s{h7H@NX|=_cV(^U&4A;D*Go%E0T6?(AD4
zD1JO!#YzJBclre~A2AULFJxHXq!DIw3vfK1<vS)A3(e?C`l4W%jAin_C{e#iDjHs>
zD3m}U_P=SdCgPp`Q@5jK*YnuLGWq{0_{hkGfAHnQk#NBrgTpRK=a}_hmU_Y1G@EYM
zxoY>3yR--R3sH7&3#LM_DI#`1UdF}1Zf`{r<+(WZ)c_1<L((~*PR?Nsd_u?;K##-j
zNRsl4DPz0tzo9FAyW-b>;6U}fSrc9L;?>p?D&1v=WD=iHtg`yV|1}|#WBBJxS@TSA
z&Ha-T-}e?$7ItzxIpEYc47tmH{|^BFeM6E1{u^`V*o7|r+;-;r?zRY3qM5i#MQK6d
zX=`rgCn@*w)8!`o0S9Mc_yO%xuAg6rEeA^`Zm*R^j;$)D5D&Vi95-L-t!O=p&8KbW
zLYQaFZZbcZC?_`g9_kl90(+-RmOVGg4^^LXlVBRySj6bB_@_R+eq7J#{-eDJ4MObt
z$qeVFXVGPg2y8o;r0wSCMR27yfH_zCK!$MH!2VU>A<Yhyr%AlPyrstGJ^BMTR5YZb
zEMO$fK=f+%@@Vhk<;KzOq!McPdJ4=Ysakn@mXduk?`+n1%87nm>I7L%^vPU*Ag#^O
zSf!Q+W@}*{xE5gBC8A#)mwVespLeh;luo*pVKXP~W}8w)%9rSHIZieJc&~mLt%%OD
zZm_|}d>2S3F58h}B%bTlD}77b>2|E%$Z^;aOh{XL%ZyM!=(<or^DOsM;LI)b>rr@#
zwb;kOh;VOM^Nxnds9t};=@b)ZUb4%7`Tk$vZkK=e-Q7<3gkic%<S)mb<sQG7JagPk
z#4S=-_FCp^#y(ik<7oD5Z$*6lcM};*3~ZYx!0#6$4Ujn>ouQcYdOlDZAo7`cK|wH#
zuV}~>7D9(rhW1W9x;Cj&HY@~F89{ixf2{#9+UXiZ#h?9FC$9KP!WVI@q>51ZlF_S_
z;c&{K<rI~4BlYDYWvU81vxmqGe7&`$(M5V?X7u8sbP%x;5xEfP=jY&mvRIuQQ!@Vp
zzdT%oEPr5}l#D#Iahu@U?h24PT#rZ1il4i&5b&c%zT3sxlP;ODjeI7siJ!Xduxl=`
zam?Cl|Gs2`Zjrza-me)Tm%t~C{O7F)aM=wKvy#s_M7psozf$GwEv29O&VCo!cbZK<
za3Q9NOm-heBkX;SrQ}U9GKqZRU6z39!qzMQyhYvnES8!xWn<=)5mxuP>+%SJLBY(8
zsU_#;eZ=P8N6a7U3(YG<9WdJjXWXBCcR$u$9+To?kJp!&j=1T(ACA%I{LFdVQ9|VN
zP}@OTak7?&S8;UF(^tB6E*Kj@IwX#<z0{2KrBibyVgQr6?YLv;Ea24qje<p2*ePW;
zo6J%^Q82vjT5?IFwQE1Lqsv0Jn%O-mo2Fli!Y%F&hSGB4M&c|yenkqlH4gqZTI{;l
zi+Sa4H{0NBW_(BD3;y&J!lgv~n=Jpnz)aWZQYeP|a8`HhN^N_`NQV-dlZP?Bn&nz4
ztb8+ffcvy?IqY8A-9JyhaHUy3N<#do&lz_FQ?CVO;}3-pg5eiyW?1m>yY7uPLT|K=
zwX4)l*=n2HctqKS*~!h>8{af|U20}%wJqVPStgKqsdywZ_gA}Z=9C}AxQmL?n+HM{
zKAByA+0z>1Z*AL|JYtZ}(n@==nfTR;%<70~<Shrb^Omd3;H5&_rRX1vi1qBm*u7p;
zS7$G|QR7v6SI8boH(H)EHCGQxtlvv+vhH(d=G^mm!6Ea8HbZZEyyOH45pFS`#Wz1}
z;6gDAf+Rf^GJD_EV&1)9i`ZDnmo+Nf+Q!sV4w^Mw%UTf=>>3MY3AzHYkWG~?>L$7n
znv(F7k%tk4V>B8(TBs6}itWaN;E0i_|E2F`E}Qs6)MX@_+AmtY5v>s}?+KOZ=gb<D
zL=sP?3eO2@4{Vt<#v&(rjS&&8QeA4vA<Pk7H(!AttUENk(yjWWG#IM3u}H%Ki733<
z(dxUyqB}f05^jY8%B^aoj4?{K2?KSST3=%l{?dYm!hrF>l4m~#rPBnJ9S+kx0daW^
z+|ilsgAuq(S-0ZLnoDb5m4~uSDrQyEc)Ve@os>&ux7N!)9m;E^V%u_;-%Zmx#MSBE
z$n6rEX~9XT+pwlV9V%-T&+@ODOscP6@kWsn_e?Y;65StCJ!Rc~2{Dmr=qH2Y-tstx
zaDYK|`a<+RH63(sU*AeOMpGkc8G%u{1szld$!H_Xz%1R84*HC3s}YY&=ZCgBr9o5O
zUn9*s%OgmadJolgzq*(cM$Cp|;^WDN6Q`N@x7Bxy7pdA4nbMLicd*jp2uw4^Mk+7M
zRv7PSmQ8aS5^dGWm50mQ%IR||5CCy?G9*RO%3aDB%HWD)rN5;ibY6!%&Y7ySl(UpY
zGJ+B$%$$v4Srn^)H20+I(ksaFj^81hbJ}wkp~e=law)%y3PYv2%wwBp7Kk(QMI+8C
zTA<H4s6ynmmlNvT9NC83iaQJi%rsa6gShng^<L#O^0Fv>YR0F{hWSolPhcN9aQ`vI
z-z*I*QC<32IyQ{%pf0Itw|XkIOSDULRqB<DC!sCfEZtn<oP4+O)2&!7TV*tuKb<*E
zu>(XjBJJpCH>xv2XI|wzRJ&@#8+}s9tYWMxOiOTQ2u*5k%bS$c8Za79$`zhum-9&T
zOdBiR8=7RElm#W03r>`%0m;>+e?=Ai-1BYssmoQahaWK@71y+n!-unvWsjESWjT2{
zWox-P1(V8q2lY1<vl%y5H`KFa2cy?XhY^owH)@A`FT9=lHq&o~;8Lz5H1`0)`T0Yu
zSv2>8wbG{jnuGB}okya_j6?oMoyX-v5BG|-@}@(gn<#+Dn<BK_7Seugb13O90WEXc
zZ@*@SFm-C2sWl(@OfhnvsIQPZhqV9GD?N3IvBxVjXp?LM7kKZGo(M^wIFfCVo?W&n
z*l&Hjqdi5{LuzGqNNEpWoo}JnO<3V>vjb)wS35yB_y)XEo^0pSPRZKOKv_Hb$LOsS
z4jS!bz^tQcP>n;@nfJg;c*WRD@DtiR)oBa=X&dAv`$=%#^fc-;s+#u{V}-1R31sKe
z-0FW?4O>&uv3~AvG#`LKg<#(5tz_@k6QiquEr!~rSA%`+j&0Mh2S2H`^gFvXJEMU%
z+gxDMqQqU@P2IA@E&EEKB<s{|?W)5icrPZKb15x5MG$RCc2Zj*fopW;*iEnf-&Jsl
zTKiD_@Ku;gQpxg6)#~=*&O^OR{T}Kho_5imj6#k}1vy&Ts;Py9pG)%wXU9@ZB!zLJ
zOAhNGkEV_Zu^DkyP~^oR{0aFM{1*I4${@CJI4)N)p)kbTRF-|>A1T)an{;C->kN-V
z1uN{JxOSC8twY&uBJ1B4T^(CpOWmp}mR-VT%SpmJ0^zwi{5zsMD`o-=LJR;i(d?k8
zc0g_aeNxk$Yrm_k$80HUHe_>fW{~Yf&$zW#*8{5gyYioQRMMa{<8J{wff^f*SBs8Z
zs;HDm#1m2Ds#<v&f}^PU2J|gC%4%oADhZLN{sj~3X(7f;RUW-%eOK*`gQe5ndQ@hJ
zJ1R3>W>rOyY0ytS`i{DDx>X%l=M7HxI8Xv8L1;ST(sowT4df0wfRd0)lwNlMA2I&9
zJ7`b3$r&}Zs6YGM<}^B-y&=t2W<9T1cJ`!4<t+Yj2mY;jVD5VBTMzqvYxiOJ`Koef
zp<#({a`ADj_NpH2zM~glb@Fom_u1SFg)Mi>?kTY`I7b0|^Ki!d27PGO=00wmzKyA$
zTlA4TGWHFrY64${^WQbv`tVmB`y|~MfZjH$ySS^tw+RQG8u%T-lfy97MwQjz%f(~+
zr(kG%P2=-3*<}~JKsbfhTgBnQ;lZiy4=LnUUM#7vvG&x&8(r}5*zhntSeSY^dN@6B
zHG)n9TYG+c6!dNM`|f_+`4Q{+M`1_#nXut26exvnc3$iWvhl;>{-;83)#iY%vg(TV
ziY|BPp<TI)yN-y>G{2?_V?||;x8B<i=qI76)uKHYjqpx>WeZV~%%_ifzxHXxT@n4P
zmM{T=Ni|;!Q$|9>(HZgJCWn`|ZIBPaFGU)Pdrw>AGkn7t8V4x;Uq*N>Pr8~U-O%=N
zG<f)DRP;Nz6HM(%R&Y*gN;qCSe~$jce>%4^uuNZFW3t$$Vqgwe+@#n)T-E-IDJ=7n
zxPgmsc89tK(4%a5IkvL#0dU?JL}kuV{zc0qbF1o|utC0=D?eiwKH=7yUUFv?I#bir
zenFpj5%qMLqn-V|5)}2@hC@gs^N$kYow4XT;Lyi@5yqzEY=Yj^w&J2EbjwS_cxly{
zRA=C$`c)xW3u;cbY@z)nhF#4aQ#N$XpcU7SOHl|$PbnO>uW;x@NF;}sAY={%BZw_f
zrwBCn1XW`@8mB2_<rQ%OIzwWqVw?8ut9~}#_HCR;D$}?GdG?CTjO^(XZW*@(t*MzV
z;lDgu-rI={*>V24c9*z4vTB)QH1%%T&N}q^VBjMGFVu4$G`puU-^Y)Z6H#8Sv2b?!
zle;ST`I@ITtjO)3gO!#K<273+G-WVVW0LT#Pv?*kZ3L-<=Il<t_O2AqkN1!Z+r^w8
zUU<OIz0UiMY+4*A4oh(vV5jDM|B%Ad%lqxE8Zl2DpmNl?2RI}*oiBMxyBi#CTT`?;
z*RSB3JN-P3dN@Jyj{{>aFA=mDlk0cr=sJmn88?T!Tn-MdYbSvSkaP_Cd1Gqfu_i<@
z%8@E;6#P&Z)%$rag|d69TIyIT0h75bh|jHwv0vB{Z>${?6bnoZ&JN*H@0uMD1tVQ*
z!M`YKBD9(5j<bps+5T=IS(h1IWH$EKxfeR!?YPlQ62}=F`H;RXYW&&~i;Zu^qV6>3
z&2sAJOO|%<sw{c4zodfWonrvZ?Z28Ze`seD{;K9hGUk7MCrp|7RDzBWvZ5-)ao;(*
ztVS#Th627zdTQh&R!dZM^y;DhBmCS9`o|Cd>9fh7we;@2ZQ`*xp|H>T2%u^KRIGpT
z<a%KqEqza+RIA}obbFLDa@%G<tJ&!kOyDaU(4thxe(a*t4wje;|4}3H&fIVZCrOzJ
z!(pt>P3e_I=eo(mz*6{94bkzwSaoUm@$TDr^SNO8Rfj+KuL4xNFQW!259G8Q%=cEL
zD{Uir`9O1n-~G?hS-@wU8&!DK3z&vi8+V3EV<EIh>kbdP=QUNi6_l+;P&N0DCkF7)
zYevzY{<gQWGuf|-OW6R@73t)ZSAZH{I_vlD)XI*Q^~_a~b%;1j2|*_Jj7M*KmU)JL
zcMTq_HUU`Uvej1~A2Y9i)}E*XQ$QaNI8;SE7&(*?yw~g}y4zzjRX{tqE!VT65i-w}
z+JtYZy^%4>z`dpBmj}Nlkl5+-@5@maW1gFXAf^4K8A5rcR}GTK1y?;d9{TPois%`F
z)xl2G>w(375jylzcyLAtm4(E5<FrV?n;96l-SkWzJ|>ZkF~VlRehI^0`n<!r0)zIs
zd(#1P;()Xbp4E0hWn}sU7JMcqtovEE75+r|Z!3<iQWQHnswn%n9)eqzRi(4mVE0?(
z>%b^`XUM1DV@A$i%dCRVu(T9KWmZB8L0<CrAA%w2H;Ut|WlC@bu?;A?cNzk|KyI$<
z%%53D=UzBh#bj7uJ4U=mhkLth?o~a0ryD3gb%>Q_1ytb0$2F7W8S++I!bInV2o7i3
zB!qwj?jcX#zSP%{&z>r0cWAS3Ka$3|8|C__d)6BOI+buqC#!EI^*AkllWb`SOs57p
zRdeM`BtgG%t~;<@z1s1fR*7d$?RZ~2W1#_jfucEBLM#9;am&Xl&p=0=5wn4NQ1@+#
z-{7~JCm+mm9$kl(YDe^^L#-eVh@noPXY++lWOyls$QTxV5|kP8L;%mx+RS_|U((wO
za;90*vOwfwAtQ>^a*%JwHBIUh*JqvYT4NVn19$qc4@RFOPUuY5pA}7h<!L5L_k!wA
zCbQ@LuFhRzqi8ynO15eotC?fR*{Ooq``lTz;|ZE09=K(XYweHIc_f_4iQaQ#UOp6u
z|C_e@LG+AWYEgD)em2<?tGD*;jP;D|4DIYxnzm7GX6_HS@60)Ye9<jnEjrxJ@u4)o
zBylNl01=8YC=rUSv$0Ap9({1a(1^W4yw6w!s=2I;Q=$EqDC08Bs(@e)#k(N-czcui
ztq>IOzQ`TfLos7#v@plBoO2*w!94?Jk0X!S0NOW${94Hak#?Ep;nHej3~1xBwON{P
z^pOfl^K3pmfOHpHlUCjX0$RY4da|qEHe6RuYs{{L4FJ0!=lf$^iH3%CqRH-6S~^}u
z;Me<4**i~{@pt8Sbix7r_iHxD0!MWi%>@+!$sv1UG!7rZoZ7w(PjIEZ9)y>d>mCbM
z3;D{E&rE(glelMI4|=Yxpqrvr#{L(B-V3tb`l!AM#!Yj+M1MQu&bPz|^5JFTRQ@Q}
zXXQyluY0w;x8xkJoYTh3_>NWvaAB43#*ud})P?zO?uW5;&pw%ZN^3jz3ly&*JDn^~
z>}9*j?e1I!Wvr{_qh?f{r^orr{o^`Ar!8fPy#l{1=CQYo`Jo1qd2W5*gjy=^EEfg2
z@He**04KGRa?Ir!R(TY`D_N{-m%BH6xcWWopYFdnPpX>7C=aTbgzjgAsUYZjXQ{bj
zfO(^kp7KNWWowc(8EXunLHWsm-yh`3soicHcjlU-K~OIXt`59?SA_VO=I&&!t<?H>
z7G5?Pok5Mb^GMJ$*E7`&ru%;Xbc<hABPbmX6(jP7rrYO)j(Q@dc2h1$(i?w}-SfLb
zn$jxm8<?-GpnDYCkqwV>R^K}GjhB9Sl;gk(I0S0hRJYT6)?f%lXm{)(0yHNmR|lo$
zh<kX*+h>N0?hA<bZi?Z-+>#={8hKrhiT#9fpLzsWpe;i8uab=iB9*k~LS;)rD(T-p
zH>1qygO+^_+h$cCZDR-yJAQb{O9+Q*dQ)^*X@vvUD@y{C>N*-aCj&Er6@I{##Vbg=
zz><_nom~SwT$QK{;Iqj&0Pv&jgfkj+?T3$n;F&#WNfPml1+5|dJ=9TEFDLv==;D)0
zvZud(q4e!+K}V_Llb?R7ve$}~<W5~hwL+lzpDUjyf<zK3aQ=z&x2J)jn<>K1-{|W;
zHV?obZ&t0-t<KK|yCgdg?lfkx2G(US0(4tZ<r08jjzf~}#C$;#Q;LM5^E38sak$gE
zZ5jHzv*YtK_1DZxzs{zc?G2`ETWTz0VjF&?QiOYduFc0J!IKjs`)Sm|Bffq4_%*9v
zlT~IrVsTS~HC_WTjhrjuWb;d{q^l8n%?BWA&4)`#eVA>R_k#Xj6gpssvfhhGr%+JK
z=)z9M*V7BROFcR{=uQ{CNx5Cu8DCmYg?s~xM@FZqOnnWnR1;fBs;G&FV=AxqZtB+9
z1sgQeLOxM%jD1|jR6}3GDA29Zt%lfi&0L7aJPjkmV~5JU5xI3lz=Sm3E+b@|64<EE
zF7hf`LqI<NZj%Je>LrJ2L`x^VsUDOEtW;jAX0Oy}#Kj_A(|x&&)fX3eEetOIeOan6
zEJCVbURM7}V_Y$YNC{A@Z5^p715p{2(wEs(y{UAc!!LQQ&gLGhNP(biIo*W25AX!c
zC#4pysoD`Fxaoz_c2xJP-n_4Dd1Smwh1iQL&;acYFf~*TMUVO?+|}wKkjX($eeq4R
z_rf*WXcQTwPFYdwz+6M-kfSf$tC>F^!;;<LuBj4f>b`@#rP2uuter}?(X+O$W2$Fj
zZ_;$E<Q-J+^bV{YZ+kx$He_Ai6Ve>sU`E>AJR%R;b_)4lbn27!ENrcuuKYd*odQoe
z(fRIp?}&u?A~MAX6(&$8PzNU`P|SlIAa1j6vpmHbqAbz;XFO;4+4^WblJ1=FIgkqS
zdrw<)Zm4;i-U>y|&aLCq!{$oQsiFZTsD*z7?=0Hk?|uA=!>Ox*WBjIMgCW@s1=hq@
z1oL==lpo$a5!Nn`!ZJ*{*t#6LpW1n{HLN1fcmlcoBmUM5N-e`z^Mdnaa*OS0@8v%j
zC<M~yo7od2!p|esrmF}`2Oq^~(n9=|HyTI`bRcvQbxI*F5SYe8DYv0_-=7~+3fr5?
zc7*=GkZBf(DUUAk<0f)qjfb)E^`HZdj{u7}tXxpN1)-eeNA`UI$hK#Cm;h7Zs8Ry&
zwGL#1?s^HgoAXNP(b@iDe|(<uB+9<Z5=NJF6@EV0Hh8p1XT5G;y~Vl>t(xQoy_)ld
zlnKx44Pza}CvY@xc>{QW{)jcP_VFYZ>BOGfIqy9c=_}=(GWVl!i*6f6HUBEcd;qC0
zktjy5bBVaU-~qX|Kk=)GLjFq8H8*6Nprxtd6H`jE=$6UPt&Z^bgs?S~yF}L*fi-z|
ziV2Mk=$vk3OewD)=W)|51-E^sN<tq9oRmpz{73W08*rSL5wm8KoYf`gv{o%JUPA9B
z_h}AYA_Wf7y{O8l8&ZF{iF_0n$(_lSdkD($?8W8c#EG_-`l!*eji>Yvgnq5ZARfWv
zH%CeM^N!R1RMZ3Wf`as7gXY&a<OZTRnlH3k99ZKtYTv@XNn?$RJ4)jXQ>3{^V8@Ag
ziI+<i8O42{rco)3a01Y>iE#m@<r^ehc_}bB558SjQ$FP5iJ*v+L4LR3`|(9$Q!0h1
z^wXBYIWaxgZgN1jomkN>Ccl`IzdAW^9ok2?d~i;sHOoV<AHXT?OWFh^dPk*(0QVw}
zlupq$5eqw&Rze$MLM0s(NU>s+np}0C)3hT7Hb0Kw$n+bOcDgDv6cJw}x)PFS444rz
zHHB7j{IJGaCO^aUun1hBzn!Kv%2|-49PqBqkqCp^{LqUL9)K+T4W0ZM=>o17qW}W~
zPqH7Akiq+l@RZ_3{e4<+Xu&288rI)_)<816znJ<I(w|R1#svR<j^$7!oX-6@P3;vc
zXDOnt{IjVLfuI1@d9DC;=V%InO#*KSU+=52Q=X?_+dm8A6o*iE0%82WLu}DRRM@7j
zLJ40yNA{H24HB8t**sahzQ=BPeT4L;>|6b;@?!Klp&6ZDOA&4D(lrp;c|h?LEKR5>
zsd*nqua~cQPl$>j=ntsHmoC<>kA*D3S>keDGhTa2`DdO`gv8T~gLeE&sxBE?EaT-J
z)$NR}4AE6jjr;0cj?T6(!1f6ciSxe#5(4*z0{BRmmvy|17upeGLv&w(f5cMByhFrd
zO{55A7!p0ddH7cXZCNE#DZj>WNGf;eCw#n+Oe^@zwnQv9e)ArY#J#Xk9iMhGP<S9y
zL~y)pS2cX9f<wvUis6c3XlDE%);yKHG{vpSjSI;0R{*Is%W9(V)0K!LZZ9(%vxuBo
z23~@dzLCEFw2!fVI8RDO3gsT}F7dW!kQ>5;zKwp=qptCUc)8WMn-nLs1KmyEZq4_e
zI~|o~pkug$fEQ}C=5Ga_?Z7d&W49BP^EQ7)CkJ!;#0b0@zQXW6Pd!rtTUI-;Eb-Fc
zjc46b-0*tOxX!-Mbo}iIA<Vc-zuS~PV?PsJdK!O<yMo(=3%$yH_&P0QEfo2MjFs%?
zlH|A~=4<MMdB3hTlLWd#s!ZIK$}W3o>zHovQ^$&KbcO4j=f_6(McpuZuK`bzqK@BP
zL9uGP{4H&u@w-?+RV(`4gVz<@_FLY=N1XJWbRxwB=CP>KK8@XZSN)8!ameI~k!{iI
zE|(+G;h)tNzlvqcQ;}?FI+P;hZ0szy&(@Lq@@?&zl<JiA?(2lUBeOJ2be=$z@j4k7
zhD!BA!2{(s<u2yPTx#$&pQhMJ-Z}h^rHSY&M_pd_4=!|14e<@@hVbG!I*9?r>TtE%
zP=b<8a&9#_a_UmCOq=3#rDSR4@v<yw_2I+<WmUR~;tHqj*gUpao#K)HMci_n&1Q9*
z&)}*N5uwF$5~C&!UWoWkIXW^-vPh<9Qj97>`3IoJES!UTc{W6Ei*87CR<WO~IGB7}
z)tPQHQf&*<JDo3TsdQ%c+cvwFoH*?dy+kw!CtT4{W1&t3DkO-9UuIlFkXb!Nq)S#W
z=)7XqbK5?v4U?Byu~}KeIpY!TbeL>5E3{s5HK^`X{Z0|Xx#m%ru;5e$e+%+*_!Ht7
zryWR4s*FMY+IRT7-%U)=zdok?KM%}3lCS*l>=xuFrEnmF5<bkV0mMKtgnBk%=y#cR
z_`O0|iDC%24BX=*At<W6B?2gSAb(DQ$ebIfGbboiDbf$suu|O2;l~;IVL}VPyCbmm
z!zdSii^8UrqZ9{}X?zWMi+fDWzu`0acFkuJ`Vh1vb#O?3!zsd5CRYeCYYZZ8RI?G!
zUWT~zFXp*WoG>+_Za^!}ltxG!@h<MlUP67OUVM2%W@8d7qf2vQmnRR+A<r#*=wPv=
zuT>=i(*fl%>DtAn%Ed(tk@dLfms;MV3Q-Kpb+mFdE)vt>b@?=_;Z6CN)Pv#V2-{1c
z@l}KB#)WbXUoh9+lMmI$SD9?b8kv6GldZrpYN}m|g#xS^sgU-Yum-fVs+fkrA!<@`
zl@t}sMz{6hw8MvXXd>AGRU3(bs6P^U*Hd#miTrDPQSLe=I#{JOoKt)O;Z?upz9sT6
zri(E8#g~xpYRzf!@UNyvpA*b|g6vrz5hntxotc0_lYAJw28MdR)8^Xjafc#DB8jM~
za&ClbeMsfSu(^k=iB@`6dNNg2ZgT>GaKBZmB^Dsq$WMerj#;gVB@SGk>(+rQn=2wG
zSvpxdWsQy*jzlJgw)Y@j5aop6L}w`6wwxZvWpOp3n~I;r8bpQCF0f;#1HmV$9)-Lc
zDuwzS)zA$+_XE>n+_$rvwmvXPaO9pdC7!rAw<}pSw=a{B3$A2C22OTv^Q&$1bfi{S
zD4Ijv0fo^#0joWs?ENGnt*440nrU=Uh)OhnFNt4l+$n7+`v^%8Pxr;p?@a#a!IrJn
zi|!C*`QIGEz7C$m1-C6<_3g%Z^e8WR1~=gdA~1{?))H&)KM!v9;YY+6GGzB_3Ix^O
ze;C|EG``>&ggS&)#ND|X9`Q)b!V#!p7^$u%D&4S1%>IfjSHb^P!WKXAA-XGwjX-dZ
z&Hc1{pEqa9k+i_P)9CpGd8(!LL(7AFzX9@m)T#fd$tS&T{5ERieUZU`;*r@;EbiHZ
z`>o6cdq%l?A@)=leMQrh*YMj^Kc>rmOv}VAt6Xy^UK;onvilXLz|jk%ru>?miikCU
zZJH>=`7uv&fb;bjJ@U_$-yi4)N;fQ~n6-S+S1@V{(#i`4#0E{5^xvHavH@xe#-}dy
zjWam6y_pdEhi>Sb$dF{m+$ps^Lic74jGGU7$}ggQ;aG0i6m!@VyTQdOdxRf*%l5O&
z2SoOTBtH%XE%9RAnY@q+^^ps^kX9_1bumv0$i9*xx-c6ZuOThG;4e%#v~;P$5<?aC
zi?qXo;M19LgIP*_S-m9ii$Mf4e_>|=5ZIz)aHc2_fy95>M;8Q>YySs3F^%uON3L!W
zv}2eZ3nkV**$<wM<F`}8wVQvaF%OqbToy6;Il&};^~FL6iFYp?-6Smf$8Bvsdu%6~
zNe+gK(pMBkBfKd%;Jf)Ho+cPs6U_bDr*fbEQ8{s+`jNat6C3X34)28=<FhC^238+=
z40gdr4&7ic8TBCLtK~Wz(|z~Bkhy=Vujlvh;n)&iqJDoO*}seRJ)d=1;4N4ks(E4v
zBd&UI3Byo(aMMF0`o$AJOt28md)KxQUlN~(xb9+z_K;QQ?HX05M)1G82a7q{hds2s
zFBg@*u@~5<DJ>ZJX?}S4e!+4xU;p#xu00}qh)No7X3yB~FYF=gX}q##yDULzec#N`
z&Dk7N$Hso6yt7kzBh7d1`Pf5dQh8+!cUiL2`VPj3<&Ae){L=a~&Cs{r1x$BYqW}BC
zBr!7olucq#5rcqw>nnG16#3s#*P)MWFu;7-LZ>te6{%sTG<0y3H5|C$SSqY8<ru-o
zKl2CH&L>{D*TqX~wjH-if&2O$>wCu?-Fwgw|33DEucxo}=-+MQL@K<|0S;}ZB$=`z
zPjw;GH=GBQiLUPkeT$qxw8j~$!QMA9Z&;szl^@32+?PZ{{5wn|$&%ZcgqG{M>h6M?
z0ON&VG$<=Ez)Fm0ietpWnxhz3!m)t&*@Tk7T!*0QGdOAr(Sd_G9dOO&uGGdlpDObb
zbreao&dlPC<P%g2+hryP*BzbiJ87Yx2(O<gRn}!@C~0XZ$=GAA?MJ!eOWBBoHv*$F
z0;e(}?uv9?RJ|^v_Z4*G9I^tpLW{NXv2Af4^;0=FzAEPST31(Wgx3IMexA&_oNNK|
z<4@VobyXqza@Orfd4&4Qr|*y7l^f1JK?#u4wll<PyN1`b(Oc#|4Vgbp1bLFWYB0FY
zKVYA=e>kRxIX)5@s`soXH~91&7vsCj$J8~u?!W2mWJLX*m9Y<+SWsQ4z;=z67HNH*
zZhg!m5{<6oA09IU)?GtK7L)OwV3w_Lm@UGf&*OE7X(bsYDk_ftyngYi4n-^(gxvyk
z(Qc|LyGn4Wk_2M~u%GCnwNx_QlH71EA(fUN*o$~}rR363i&*doyBTPrwG_Y9=faHn
zZ>GL|GTNO<Oq=}R7}tv2Drh1USfBpzjrEG4JCiz^K%Uq!m1ma`F0J{K(b{yP+vw+A
z#=g|%NW-=G{tl|3v|lJZ!{jWPWMgDB3B12FcE6?VPQGVcv?Jw=QRX)L{!nc0u9}PF
zGh*T$-}79km^M<_HKrV%R%GH|)RI_}->rs{T2aWVanP?@MBgG!j8i6I$k5rNmcC&f
zFAa-ghh9A$*D5XKm?XPPmz7pw!lrS6Ts;lz)&y_-%Xl!pFR}=WJ-K>JlaJN-U_6q_
zz*#vfR{bj3XqU09JVK<x>~=b7QAT)H=0;>pL@hKkLKU;RH0CgbXP_LPI2U{v(*QU7
zBk+@w=(<(5O1D4>^HrwmE-%5DBQSN(gl%$IX$HbElzy_!wtO&TO-*LK2Wuae2Kav2
z`gyDbD|NC6c|Nn`L*||~#D+9gftw}g2oo642IF80k4pCewe4eLo7SpGC#1?yOfU@-
z#~*Xmul<qwJb!I0;*pK{u&={{@G8G+EFwG&Z-<?k&O{#);-)0LD_*uP9#hbij#*Sr
z4Z(6(z-P(#G!q*b3w<mHmxJ@ak3!ghvyO+n_VM5faKgAQje3<T{e~4TN2*qA#hRj>
zqJZW<x<ISf8L=ugE6h6issgjIp!l93A+fO-h~&AjQcgDpOaA2So}pwq9`9JhdsKlq
zc;=-@f#$@z0-8SsHpq+U(c8Y1CqIN>qOYqSaqG;aZE01OkeZsvJcregAU_lHwG#R&
zX~VTtI{3<?MTCl@$)nBWhJVh9;l_=w4F5ibFhueXuvr1V3?}N*PlSuMm`RWKrpAxT
z4*xFR_NQ(9APM-`wXI!MH5bci1q`U99UTc?nE*&Cse91l0VOLaw*^>eQV0^^5IK?S
zcIBf|`8j`|Vo$DEvN)FHjb#P1g8+jow2SEgIdQu2+;o-z!jVtqTCqQ~kh-?n45XWw
z>X`fmmeb`3=BVb147D69>DR5I6Nib*y0tB<3dO9z&YvsKQk^3ceSFD0yTMCucIo?X
z({EU5x1T%^X+4q!QC~-IM-xrKwqW!(#wSKXo0>WeB^i&b&S>prvZc3tm1DbO5@e{&
znZ%I32eZ*>^Id=`41*H?Ung0@t%Yd02l@O2sYUs=1a#rP;r>Mzd5_F-2Ov4fg|F}I
z=(-5^-Q4{{qXQyuKxq{_gh09=^Y;WxV2tyiGJWSMN0gHp&)(Mw>pi2)&Xrc;4GkWR
zuiMgl(uHj!ttjN_Xl8u#{zztg+&tXf2J0*E2K7A@EZxf+&<$Tx9@HK<_MQ)C1-4@!
zJoscX!HTu@D_YU#c$s(`HTL>`Z{=5rIDB?|cK)ngCmnJxS<VxDfj+yQh&~ndIBuu*
zE{X=`CG`o9Jnfl!s$*k+LeqW+>#XA{e!uF@9)m+ogTZBk8#6>q9sa~JPqK?1AVB<y
zC5ONehP~VN)B?n@U3;o|I4WRIc-8$LVB(HL+F1caO);Bxng$up+LbS$=v?D$jNl`7
zPF*@st0|LfAh1y;iXV1!KRJSMG71%(8lt`-gf#OT(u4Ak6p_@cN<R<Ya_y*Rbj|2&
zj(@D;BEj|UeuA_g^pD&&d2p+tjNJ<DaS!Xr*mz$q9_qd6=+;2;-?lzK*G$&bv!P1I
z>>UYBO>Zec){e!ha_P3~T5ug)>T$|n;ZImPN!-WlmiFv7B^Tdwl{9re$(y;&lC2Rx
z2C0vhwTR$}Ow3n|oX_xV5Ze2=6)RhGXVaTFbnvX8Q~jgvbhShF!QhQ6Igz{lK2xS2
zCvUJJEA)gBc(`qvQvVGEsPigY&RQ?gSash?I&~9G)+e_~!X0nq+st#|(&)gg%5z(7
zWiEdR5$!~0W>=LD*wM6-8H#6?zP^b<ZFZh_iKg;cK)hkI$<U^~i>z}k`rVwkt0{@5
zjYk6Q))o;yTa8<?UC&v?(NXb|VSWoFx^$b*Kfc+ZBw7OA*ZeM;Mta7`L#$2%nY%u%
z$Lf@aFaJZTw!mL<u=F{<b&VLgi~g5oks1e9elSqH4>#lofIttl9opj$(hGUvu4IQk
zPf4$jcu$;_Sy(^F*DBOrnDg0OO3A@|$EO=vm}Ql9K)`eJaEqaU*Zi`T4!}m7tZi$J
z&GXB{TQ*3f#!K-v%s5dNP5SYT=6%~fGS0c<!);8(i!;Z)gO(iTzXFA1p|YD1G%Dw%
zh+=i#xqE2lWrddG5OagFJepvQ$av@cQL2YU)|K{4eZh#Xcajf0;vm+aQNHGoc*+~P
z6pt`c8(8SggMn(`%2D8Jxpo>Iu;Qc6@-ciiC{^NheLK=<HgO!p&oTG|I#<!DKGKPM
z*KsX;(Q^Y&(Z7KIiyLv*>E6-b8D0PBqlLcRN>~!UY-fp3*^v*tMnm;Lx?E3Oz4bGC
z<y4$}5v4Op%<T>^<~$}M!5N~LGD~}x(9ghoCVe8%|3*Kl#i1Bhbd)^LGs9BVdo~Go
z^^sZ?P_?HrIx;uL55aRwcK#&}FWvKQP?eKc#*xFv<SEpM>+Dm#%cEAT=k0$0TSZRl
z?87_#R*G4jBhmQw2T?hDvS8x5?VS4k_f|waKin1kTEL?Q0VTtfZfyie>)W@_C=t(R
z9q}VqE6zN<66?;KM@j4D#IvuW&FH2nQBZ1(ft+p1X?+Ch&aqhiiur^ZbCR`J92B&Z
z3(S_ic(eM|FYgPxpCV@!a)>(257*I4CL_dYSPdq1*Ii57DS{@<!0ivbzWF;+yzxfc
zG`!(PJDR-7n+p?Vahcz!m5h1SvgPEq-7Y<)r=I{SY&!f!`y`FDYWhsfB^+)=9r4pU
zvzLI8f9+N(#cO&Q+I5VoM6HTUg-w^XZrr8^SxvM$XAN>E+Xa^n0A{>V>e2vDWu_v5
zhlXb&=j73CwnGYoSY}0yR^=|~)$OB8=R;a(vYiU^L$zlL$_`;`a`?6PG9<;O<Z(D=
z$6S?xdx+U0_Bm!nN_2Z3$c~nvv!hN(3mQ4w$8MD*%~e@UKXh_aB`x}R*>Y`>zh;^7
zz20;-Ef{KV8IEbw|Ieu)ZYp(xYcmR-Z{EU;qX0Ehl`_hVkTGhGW7NW`p(vsXuM%(n
z%Mq0o)r-Vgm#pLU>8MlC8YrzA^29V_chfcMl+@VACq4ft=Y!4oA0FH*(aYV;%xlT>
zlSR@RNNd3zYC0u#*3M9OY<_H-pRnejwS7dABJTHIahl?1iqLoeYpPTT(#3tbjvmbi
zzq2E!-`VUZ0k;@N;V%Vx6cfNe$^nGv1F<mF8>Z1sHtMxsxEhCg$pfAxRSA@~E^T~*
z{bbh@Bby5D=B5rgYg$?Yxgd31jH9fifr1Hm^LWi;S%+ej|L}L7=N_tDc>yvIms%0<
zI8Kdtl2}q`^YyZBEy~HIqist3$wA@RkE3gcqfZNSzihL@bxOvoW_}(q{BXr<P$FBh
zz{ot&T2e-BDQenFUP{sdaNCyYwG`pz7Re7RS_1ic8>95`nx?R<3#hjrEP4=|*L^#)
z*Kw_ZsJD)&6C1eJwIn&Q^Z6u17Jug{C(ta$c~{c;?X9AB=2k*=9I<T2!z{*Q@|i6o
zz~3Htv|Xs1o<<WCa=oaJUbZ)^h`Ng{b`<*F=$G6nnr}31kD{*EE{9HV8t#i%Hu)VQ
z6t-}4dR+V&uZ6A>ndkFwnz!bl@j5<Moy!8AHo~b)!bv&#^IpNPu>(zkSvz?9I5sy-
z*XP{%b|(3Do@hQ;?ow8#<OJ513nJbT-tkqSLdgk_9U%bK-RMhcAIx<o!zpj;ilfm#
z$7oTN#Gx<y$QYe8NghhZr{W*?#l3-x(yZZC*ck*&k7_8(bS@l5|Ju`!R*yHV+6P>(
zYhCZ<re?mhlnmG_M9lCnQ%<Vy+g+?cm0Q5H*Uc&G;7I*F`x>js&T7Fsz66h~F#S8S
zd!ng3V9VLBQxBo*P7&o-3LnhH*R}l+^t(RT>pt_c&bN2VuCj_Zx3^_T6r*C>Jy`4w
zyUi!w?{zUrwmoAt>)8dv<Ll0Tm$dR(wEXZbn+E~stYET{b4=0q{aWTegWomXi%GZA
zfnYPR#FTYseE%H1+bx|3=R|ewe7Db}H^#;MBH53*WCoJsnB$nTxR<aOTB@a-#hi`f
zlv|Bha1*x*wMRrJ0&DY<PTUoj2hsM)t;^8TE7jzh<(U{V2P}}sf~-*XDb_1gds%ov
zSTT4lChPKq@)i?d{$@f}kbLX##M9U)bNpq*ckXjy^_^u2mo@XuqEd9uQr)a<`W6pU
z<3Ijpm99Bj<QPyog+R|QF;{l#Fm3+vtX-ar<8Lbb`{}sImIn>R3>KM9L&BrOBIVZ9
zM0HIq2glnyyopsH_mW+C?h>K_{?)A0Z9c)wclXCtNCY8&kUV)2pSZli&`YLwsMay|
z*6|PXui~{f^6X9H2m7BKCDxBE%sHM}C-D12a04n&oPb&EnZK}+^tcc<RI<v39D^O1
zsCf2x@f5?^XVSt_@%Zp4_OvD#hVXdte$KfFl4Qwb%6x`hm2~*$r9(pxu!6Wq2O_Ru
zJp8~u{WBL}ascL2lx_&+qVfA?TiO(NI>I&GYE8MCWK-B)8|8%Y&Y9qv7F?8QBU+Za
zGbB1VeQ!*7Z>)=QqHc<tFef^gu%^`O=9<o0kl@R)Ddew@a)Mcw0=<hyzl-|4bKXUf
z-tRMXJNXKHY^y6q|B7sbYBNls1;47q5Ru2<;4+aAuw%H7T~(k{7tLfsqK6Hc!rBq*
z7Z%O-yVo|@8y*I-ZRXIH{5Z2%U5$4JDe<m)MGGKl^XLXlCbG-i+%vdgZu@e9HT7Y6
zb7z<X<heCVn&an(tXPr*kFFms+kokvNxEP0zDCcT+3W~jl1dvso#4+MM`_k`8;!38
za(eL39WMgIbp7Lg9bMBj9Yx3g9{`*{W53VI=MYm{cgL`GcN5m*?c_Vq;K{7PQ(1%O
z$aT=&$#T71kI~`-`5|Pj$5Z7;@*~JvkEgO8Ph&lv&U(B(>+xjyZ~1SG9A844C$lzh
zF28~{PnMgZ&6A<cp#|i2xt*G^4S6bS_7wR&bb2yt^Jc8g)8#>V5FuKpw~;?Vr^m8R
zk7b?S)W9vGShhKjHhhK&S!?z<!-8gyWz8PPn!Pb=_ITFpS*+P(4LGumIOz9S*6*&-
z1o}PJNPvEig?>+huPxPGwp5QZ(u{P3Xk8!6R_oD5YiRsfwq0+`dOw~m*n6=ByWi?y
zbs)of-g+Kmz>C(4@U;!0Wv#W=QcLT7>wWketS_MbzqGy#jsdN#P1Yu)+G=fu|Bdwx
zd~I_m+2&BP&7tL=?!TH^`>*leKp8wL<oO@)KR}uO2mOnwh5rfv6OfnqmqON~MN1wn
z3VF0BDjh9;;?bf*xzWPl(V~?-$evC<wq}%U%_w=CNMM`BCibiLtI*VXY-qw`LpEDB
zM%iy;gm8FlNMI|+7<;|F9wB;!Xv?EQ0!D?6NUKMMc04LLJO*U54P=bH$KHdp+7hw}
zTSCUz2kZkF8xGrt;p>qg2V=m`kdI*`XpWJ<qhz+0Oyw~kjmLoY7y}e!3nM`yYyTW4
z+KEQY7$=63oLDCgawCifiELMy!ec;=lj@`)T-#Wtu#M&aWAAIc;yA8+t9rU;m=?l>
z5UgN~i9!fQG9d~kM8=rN7-NhvCIk~jONf@pSSuqm#t01qK`_(Z^F7Q=f6S+3EE9#u
zL{V6lD6EY2u!1p?v4V-BB??g#%)vyFIfSr8(Y{-)?Abl<A9(NWF?DK~>b_OC>fT#b
zzq+TY=6-c1c!14dGl24oFcaLT&H>xhU6=Q>IcyG;_GR|V@SN<xyr2CF`xW5(F#9k(
zCo{x7>fCS-yOZ4spJZ<M49p6J@SW_{+yryO<M5sA*o;?ag#>k0$W(W1ZepK?xk1l9
z!#)EvWQMp$ogqHMR<Tv^o$Tk_%vQ7Cgzq&lXXw>ABZK`m%o+EnbH-=b@3MR0JK60S
zug)2X>YSm6IpY94C-X$6y8m-C`wIICJR!S4<JDcD3F<D;%>*^0PsM&1`yqUiosjpd
zJ0b5^cS6RiJ0asY7i=y-_icW3^P}h<gz0g55@8gJ63785QK4$(EP1!wDPLBKl|6D;
z@yb_}0cBoUQ7EM`P#b8FZv>j<9JxZSmphd>c)Ay;x`5(NfQHnbkRucg4Tmm;*27!F
z+2N9KL%2Ka3QdI1gwKU%!>i%hNJ1n%k`uljsgCRpEkx=g2Oy6Ed1fF_Rd|2c6b^=u
zL!1jQ-lYtm3tbJbMmmGl!QFxWV1003@PNDv>Jkoi2F*d6ygTTTa{>aqkqG}tU*u$H
zJ#rvi5*Y&iu8@OpkBkBDDX2kwBqwquat(Ojh%Cujfncy8cunpMF3Ekt+o70XMJO$l
zA%{c7(E8nS0kpUwa3*jn)B?dMSA@C(i;5$}1+Ro^l=)C{Xh+}-$e<87pH_MA3av*o
zLKD&aXmNBea4xyaH#7`<w?r=i-`MC(bUwNeU5>7V$HT#6^f5M?799YJbRw^4OSCI`
z8mP{PXQLBPHU%XVDC?0NIUVT7!;?y~d;s*brkqgrC=R(#Sr6<7y<CvbD#NlzzAT4j
z3DTX)9?;4Tg_HLw^N_wJo0WXf(rNhyP%g-M%1WR)P%gL0Q}XSA5E=-bj<kg)LZhLp
zq5054m<HLipvT<s&TwnEIqVOQs9L-kL6KC@5Rqg~q#{xp*$2{23a3O2p_TBd@HA+C
zHnbeBi)caf<KceL@p{M`Iv?H|$qN^SPJoOYp*vwA5*yh97GRFpBA$p8E{|jZxBl=3
zXsJBxf?N~f%y2E#&m&9n4JA=YQ)*PZ90+Qm?pp&zft`UWc_<hT_5}xnLtp`BWjJ_}
z#Nb)5kG9}g&;WHA4oyVX!a>k`U*tmMcI0f7ipE4P2kRr@$YA7FhzeANDuYwO3&aXS
zaltlaZzv;_A1VtKf~6NIjl>E<jiDxZcO!Tsa0;v>Ba{JFkp_LiBM$+ug5YJa$-&^Q
z;94j#v^}&Zv{#mb716@zooF<g7>$c=4+p^}Dx)>gJ>ill7geH;&~WqwNT5En5FG`p
zxEfuLdZXTOL$oZ~2r?*-&V<i|6wpHw$UP;R99jr19E(4e6x|UniZ(@!;q2&en2k1q
zo$iuLp{_QlO`m*H9#rz>D}i$XlR^ciL26}S3mZWc=vJ;m7*@_Jmx2k<Z)XDWfx2K8
z*g-S2!Vn0`;lOxcQYj2922uh^N{kW{a0UEwb>MiQKX3|q!iX#>+XHif>w%kr)xbtz
zL*A{lC{2n{;evT!dEr1X&>D;lZh?21fo%CkFg=)~T!m)^0atJr^taMrMIcwHR2r42
zGOA1{%K=sym9NQ5fmtO(QG%&~5*T-21X8@}=+g*2kc>LJU}Tb@bso7*q2#epabya{
zElmGAqR^}A*;}OEUxU?~Ybf>9tp>SK7}2O7{QyR}Hy|XU5eT1APp~Gb=T+}TA3)fG
zu0i;$dPht$`Vhi>=pzUz=#LQYM}L8ks-7Nw0Bi9BC=EY|vj9Km;2cz-p3{63KY|}Y
zh3Xm1$J7&-Mfh3#EZT*i!&T^U{2lxq^n`lrN(pYnjp#{y03Sf5xD~ger*JnmqcZ#k
zegi$DBH;?Eh$=$Qs(83k#lz159xg>yR2lU&ss>bCjcO<es7}Sh-vNBvj_TDFejDJ!
zchM18&(ESRKzi4ajk*CSP6Yh+A(GT}xT2!9AoXWz4TY$64MGus^Y@~D&1W?!XjJn6
zAgD3T=QN)~ZvleJK<71?nr-N9I+xBx@6ZKw0h*-u(tFXn^nQ9jnxbE!ThT?jjc!Bl
z(I)!)Xj(nbHKU&7`heMB{)%SRdnK;G5<!EmY8kB_&8fFV{7yZ4bzPgHO+mlceo6Z!
zbVEHY^#}Ew)PlA^TZlf?7HOYAOWG&3W$2dn8SOJ@Rm*8P^k?k}?dxbwdr~`%*2&2o
z{5f)R2X7^(a`5NLNgSL`&fwrLkkdCfL%Xb9#$O~i5#UViZS5WWAUQ{ax9haJB>a$W
zn{FE})IFtp3O}Z6(7l9<bO&_@ahdLAT?>9%cUX5AKchRMGvW%JN!Nudbv-%(e^d9r
zbmREjx(m9C_#brd>8A1bbeDCP@e8^c-3)Hj{Yv*6{32k*1>79tigDq?F(1c#jN9}{
z`Xqcrzgxc>8v#3Q;CB6OHU^u?N*MP73QE8}Sp6p90IYtu;2@jArr;2uoirRKD_$Id
zweB_?WwY5z{3;-g=kYkKLU-dyb`QG;zsuIM^>~VHU>op7vhu{2V9m+n_gEWi!%M7-
z_2G|LkrnaBtjvb-3VVz_hS%9X_BH(P?Cb1F{8#oAdkX&tJIMZoLhMi3A&Mq<1W;P`
zP4-Pn$G*+}fr?>2WS6K1*=2TxdWf9<pmI0mZ7QT5-c+=yh$`H)Yf}mJ7&+fT6>oZG
z({t1lo4&E>d8%yFw>Isep50WpsgC-_rut3arK$m$JPNjqsVZ1$5lpfbF$g*7|1;uy
zr8dbXNzzI9B>&gkwK65y<V1P9D=LNMy%0HBk)!fy`Mf+KUy^4$667%hE#&YNcnahg
zIg#X$#(-9lPXJ{;q>b_lDcf5muLB*FERDHqAx|eMSxJ(@z-g~EB}bJ^C0D+r>{N=R
zHu;W1E3A^DWGf|V%^<(hD%lj1bOB0OQ;y5q;s4#d66Bp$=AcfA%A&HWYy?n13n3Qb
z7RYx_DVG(}9_2XXJO@;h(wKZ6YIz#kQw*U@@<2_Or9LSPbsUrirL%G+w8JLdkd{CW
zYw&gl$YD&bk(*?%JWuKiVH8T3k*`XZr7QA+G$ajyyb|R?xe%lhCTZ!mbX#tbE&z``
z9wMnW;F>HCNVlNGVW|^7<K!;cA<sx_a+;hWH_9C02DE+BHJ~RY7OLfpNs>~flq<DL
zCdgr{Qm4c#4a$CycN?^-=<lCv^0IP<$m_186u;t9f<$6+i*gD|7?Ed`S&;HLNa|)l
ztMn`Vpp7*m8TecTshR@`(4H}+8R~XPxgJOjq$=Htpi)T6Ie2s2T?_L7Lr>5X2+@-S
z?b1{96r$)$^d+RBr|D^!8z}S`e3G4dUqqQO_Gd##K{*iaM_+@G3hy6751>-?6iP$S
zK-h|&MV09D=pP__LA`q|1MP$GMYJD6CTfB3AnHQhC<~v$r_e)G3iVZ#O?{2piOQ$~
zssNQ!Zc2ucK0pn^D1MsyDLOz6Q^Tm48lgteAz1PMD>6`TQs>btw3gPQBXk@chm7iJ
z<97N8-HuGmBg|g(eWr<NLO);*F^AAeriFP0{g64#96>))Z$lbntc)G~SiSY=4C7;t
zp`S8C%n%x57MYLHTiW-v@1u9MztsK`O=&;Set<4&7qyG%lJ+C*N9aA>Pjw?`TK99^
zTWD5Y(f%eTEhY_Ji}_Z}x6p6ZwdTCOQ{Rbxr}yYR=(>JTKY@O)pVYsH?&vS;FJoFi
zqo2Wy{)+wz*6Qc<b67|Gia1992mQxbzxk2PkKiQe@g-D++T)Wz6UdrCBEDBFbe$Dz
zTuAH^qvC)#Y&ZB)#H-?hct@h8OsNE7t?!I)MB3`QAT>*^lF4~oEEJ2y8gZ}K<xuPf
zaYkHlt%=J(nR}N~qQ$+gYRRRRy&xSIyCBc73jys_$O|RguL1S6R3dtTe%4<B<zAN-
z#X_lH8j;RPlhT~DAr?B~)cmyACC7>mIo+`$=ZJU2;lJmt@r^i=Wl3t4`^2jRivhAa
zD~|y_p8`rP;8}z33~3J_8dz<KfZ3%?IZMix8h~qxy+Yb5RsxSsagW-XMn{~;NtvR9
zNWzgUULy5%wyJX2DV0lgl0fR~8*v$={ZcoyNr7-eY!X|<75f#5mEy(Ike{R{#PhZh
z(E&V)fUXN#UE^AVyl2ER;94kl`BJ1Rry!ZcVJP8*BU!2yN5y%d-6Ni`Bhe_XOG%>9
zK|y&nYW?;|vtm@rw5>|xw&OB#EK7drlyp-HN@t{1ab6yiTJ7nsAvr;GNd0n-lp^Pe
zqkvQo$oq(-B$H$U)M#@S*()3?(zrBkH^3^iK(3Z6KzgNOF>q3(OnbUL-MIlW9fS4F
z7CBX%fO-_lX3+tyo(B7&pl45i(wG15_GN8DOdILT_zZdxz<9|g@&D~e)mnD&2Cv{f
z<3qj#OQA2z>gT6?^*)1l+A{Au>D{p8d;2XrysawLtkv(^0#t}l_}aYFz65K~f8IZ1
zyX?OsZuMUhi^M8%znv3XZDFTY^oyrNzkS$|Db7M_QM@UxiW?GwJfr>@{{rMG0s01@
zP7qsx`uJT+r`Eq9p0nNJ^Li7#BfQz4Vf9;9_<BpBf4il|>i6&P=UWDR7kGoeknops
z?8E*$5)zA?v0{~-vjz!wDNpn}w?GY&#967pIw!8$`lMZ!9i9SzG8gX^{CnM*u2Fvr
zpVLcmf~BxG(U%1!a?s)pzt@-Q2T0<N`cGJ0{sI4K|1dvf$@kUsIh^44S_&=s!1)s4
zE$su|2gG>W6v2PCFvvjV>z@I>fX~ELsm~q*sAx>OU|)tOfWe$wq<V4IKLhOrc}X_N
zGb{Cpv!Y)bvJ`r!p#-hZAkJELhyn@TS#P(H@44*D0*Pn)4)_d2FWyt$e&1QI-+Kmh
zG6ZSCmjIeu_2uyfUp=J9y#hC9_4n2Q^`vi~We2?N_w@+_!X<vlcfmj5za%C2=lxef
z7t8hxkrsonAlNEqi@9Q*SZli>cB@+K7e~ZgNlPRN;W|76E!tAW6e-rf?q3#Npn1Q4
zMJ%^BiSeS~pOKLN4#;OlGy(lidzv^0sXJn`I4({?-Yrt9lrCjKtEWYibyYlL9~O)3
z9ORl8Gi_PI0JO;ub)NHH_r(&s<flOP2BFb?)64SEGEb_%*xT$cb4^%kyg~R5(O+pP
z^j!1T_?Dn9GterCQh}6XU6o30VcVcoVV~#C)}UA<?eaJA_5K#$W$zhc1^yPl(Q^y*
z+SQvVc<<VPY6T8oDqrf~1EGcJofCYiy_B~VYS$08m<;(hfU42oNZ$IE{G8X%=ST);
zs+1sA+lGi$fK7DT7bG)qB}h3;tU}y?uqvIj$B2{ClzrL0ELIWQ0eKYJV{Bpns8j&b
z^@DBgh90vDwsB1=h2Vkr+aW(I*?5E1?`?)&>GJyBneI&QaiVEYf%iD{%4;As(w_%>
zw|!&2-4F_VrM_xN*ZZoS7kq<4B3K6m%K+pE`mS(-cf)tfXY-kzOU@-e?3?nM_^_wI
zHNlyDm!b5Vz8k(J-<o^FTjxmy+esxo(w8n|Ku;+2bowcfXN+ZlFZFq#zr^_yeHHGT
z{$xJfn+R{y_#B_)(|WFeeeUvA2+6)qu-g&uId0Co=*xjoB@7X23_TD=AHEdi3Zo9R
zP#~@I`oSWmz5Tt3&Mh#**W%OoG(va?4<U?4@Cc&tC>})`{1$!-(fDorHe&EQ_#LFh
z7x6`;!|&twQ4Ib7e}MG(*Z9|n#q)R`ZK61eL$Q=V323t>Ta%6AG_#snbdTnW<_e0}
zT-97fpVG`}=1_v>n&uk%v}Rs2j}kT4HP_K+G&eLiP?Barvw-fULv#pjp(AtzeU?5(
zA4AFXtMserKKeEKHIzcXPQQ-sr+-NQ5T(*TqJM-QpnpRD1f|g*&>x`B(Z8a9g|^ba
zrhkn-PyZYJZz!Gq4gDMR1^T!2Z&3z)gT8^jNH5R}D3e~K7tw?CAL&1$Ec#FMpU^h?
zWBOyXo&F2`7xWPQH~McVn_(FieTj)>Vo?qg$Hbv8Gx1D3+QB3+3Fs?KB9n-6nIt9&
zJ<M!jwxB#FnMp=pWm1?Fl+UCxspxA=8k2^0GFzFg=n*EJNk;`t29tpvWgcW6M1{;Y
zW*d5pd5C!k6)|68zJ$Kce3|(&+Qoc@`3icRd6;<^6*KuvK6*lD)7emo&Y^RlCv`5J
z3zh0TIuCkE=hgX8nNHM+s9Y!O05|CZx&W%sg>)hGtS+L9pi12_-3j!Zu3z^P^nC0)
zvG1UNjD0uuUDObJG4>+*UhI3Z@1cFM@5jE6UWol=>@QK{C;q=r{C}VL|NdwA|FrwH
zhX3*g9HB|nJm@HNlyQlsQb&`+*pck;no4^rdnz5L9iv>bW5%%n-&f4zj&&i+amPsu
z=FV(Kv1QDm^d!QY6FrqcHDMlyCo{a@OcJ&@GcB;<bX{{+b>DK<Sqt51?tG)-ZgM-^
ziqPkta4)!5+;=>*C&@MF%!E+oEOHjP6Rm~L{Xks^w0pYyoJB^jQ*c(f6-$L%A;IY7
zb9)oWx88JTZu?wsLhmlOVr^<4w=VaV_EuPH_(jjGu+Le-mzxTJD%GvD&vo2sA9t4Y
zCOG3eS{#L>W$kl4mCy#SbDFf2uXD~iM$KED*PV-y+AxoI44aFbwDYEO)lq0pa!#6)
z+9x~iI5&8cQ?M3$8jN1+cF%sJ(s9)hg?gUqIBh;<R6Hh6cjuxB0fpewdR(qpYci=l
zgaN3_Za!C7>lt+`&MH!SezASdB)JvysrK>SeO$7&ruRUv;cop%;I<3MG}cq;%7WT?
z@79e=>=<zEGcR&`;rRg=jI}1@GW1jm66AoKoy}aLW5rbJ%5!eGsyk<$*SRKM=v?gX
z>+ZAItfQ_Ao{{c8Po2Z-88<2>v%5*yVx9M}E}Q#~%j21|u2@$**FB5Yd?A%P;kgO9
zB+qL1El-_i+F8ZlG%AADH1+p35iNAu=$=COZ|hCxK_C1%x6-i=?HS~*LVJch*`Dm)
zv%O<Lv8DHdCC{z!s~zjsrk+vLh2C&)Ux&ASPN;Skf&Hw5&L`UEtjk8Q5sTSb<fwF%
znQ}U5F3~d9x#-x#4FgpRSSQy>6RkN&`cj9tr_#w1opHq-Mq-&9d>T(U_Bt9>8$Rzi
z4|yQvh(eeLnR*<BAf*#v&klIM4z|B6m>pin0EDY*$u*8HQ>ilv!d9^5o$fMgzMFH_
zIUAg(+>KxXl^t;&7Hs#5fSlRZLcYp12DYB<iSJmqczD+B6}AYe7F%bXhc%xvU2&e{
z%7i>;3X}(yF7!ED!MbXlbs)<euGqC^O%r0>ipSp(=csg+2(g|G%jMo2qt|k!H@0_6
zdjm)>3v4~ly4S6AW(o;>gXx-enOJ&9hEQ!i-HRNJZUy9!>o{-p-c328y#>A6jwWYS
z$3#yTXhiF1YQGNL^Z3QyYRd&T<thL@bhTHJ@<D5HT#IYXnPSQz{n0hn5p|Y3%Uw(G
zmU71ksqXEdpF~%u#m23;mt9lb9xjpSrjza%?y0m)ab?aq7wW0B7I(xzORjo?uCS-u
zG}wKMMCc92J*}<;PqS-_E46*jQqd7dV(&f}4-N=fz4g6qQ0GFh^HtA&u(Vv#6G-Ym
z`vPcXxnlsVeiy_FAxp?|)wjc2S1Hk$tH4q0YU7Mx?-{O6m)Vu>$|1eQwcF9s-RDkp
zH+lN4qofzOJl4}4r#qHiORgmtDRw(|dQQ0{*C1$c%BXN@uCS}mbH;PdGucjC7doQQ
zTT4h3I#qj5wLp*M&vhj8i~OS1;p*g13AcJig?+vIdd=-~+)Vdi?-Up9_4G;|S9?zy
zy`7n^lR~L!3d$dIU2t7+v^dL!1W$_7<*c&iJDZ&*_YUror^vI_859n5mbjzt6Yc@1
z^RRo}s&qtMmz~E=3C@1kS?73nUq=(<&2}flnB#&#-sC!S-RIq-Fml#8N1SI|w}nn~
zoolEk&LVa9^~6DoFSz4`3R9jZ*R#`7>dAChn%3Mk?!6sdM#ZSWXi(xQH#$sb-Iv@m
z&hCyDPnD;(Bg5ga7+@6WG?}~mtVU0r`zq8n6J(L$E_NFoWsWBIY4?KbhU=EoZ_4ZT
zxLd5n?s;dOy9>18aVx6FaD@ID%rYMUJ|y=y!~x3Fqf7{&RXv8us;}@q^b~{?)mM1G
z>MKlDeT8YNukdrKmvAdOitOm~$caRhjbuQaUj@AR1N0~wL_bD_=p2M1z?&23>nh@W
zT>XWTV)P!GMo*~d^GOwbma6FUDfO=7GECz*RF2~TYd(*&0BgRWqRd7WU%rT+27I|+
z#h3r2;>!anzHCzQ<v|r$Hsc<^l!x#sz?3hmUdvZhuVpV)0GQGTnDS}Bf6q{rsE?`w
z1lg}5$TuiA<wb8(eo98~s6Ne$s!#Lxs!#Jn)tk9UjZqiSN7MwM%oRYH*U=immpGQ-
zOT3v{qL%PIfHFVE@zg5ySNv(}ZyJQ}1AMs|KcKlsb1&XTP$teLC==%se2KrNc~G+r
z7igw6)A%vsC&fj?Pl~@z5GUS65GQ_|AWmFN5GQ_uU`<>CSkr``q&w+OTuN?R#ZNJh
zFi+qz=1Ha;f0L<Ts`0m(8fGuvOT4T2An~i>X5v@H2I5!6uaIAfz^#mr3F5;{lsSgK
zPyDL*D6_~c;cjM``6IS4e`5ZEc|fsuut$ru6c(X^TC8Yew6QouP%J)9P%M6x+!TuY
z2#Uq8X?JLM;1lF-Py9N$&lC4+i?vVSACg~x!avfMYoEh!XuqNT2L7q`dF}IfNZX)o
z!2e8eEgsgsragiGh1`3If2RGRb_D-idsh1<epmaJ_80hl?K|2J@D&x~{(;=Wj~4*l
zF5^WN*M3B9*vHF&XgA|O>OKXy_RlJ!{VO2aefYMnQTHPL58XfM4pLZmNN1w7<nBZ&
zLD!}0qCTxN>jWy1_=~B}>VB?!lX^h+mhKl+y6zp_FR5+1S=}s^r@Ny24fRz(v^S_n
z$-YNw7x5`mj}xCVRZM)!)Dr~hQY8fGQcn`3OO+C&OFcz=%~TojHB(O$Uo%y%|FQlj
z)H7t)B2}p$){j!p>EG0kQMF{JBDGsTuD?Kio9tz$>hu@&7pd>)-_yTG)f2BY^<CnX
zruGuAH1&_fD@`@%Kh!T#-_tMaZ&5D-s{S+8MD`+52C^TWdYSA*rw)^A<Eb`Q!_w3d
zvj323XJc5FGO?d#KTUm~U~a05U~cLt!Q50g!Q502yN%7J%xn&uO9|w33*{uc1gT#3
zQFa&QB|8Htg?*AOr2=G6AQfWE*$OI5b^}t!2rj3N6I@QcN^m*VM{qgy8hem6P$$?H
zwv9T;8rg2@4c5#G)G%OlJN0wc$-1b2WqVnPdXrVy5cM{o^Vg|&*pq<BF9IU}8TBjn
z=YYtssfc`@eT#jY`W^cVcA8pXF9RaK1&I6+&8Id!x~WieA0YA)&Hd!IeN8&KUs3ag
z&5vw;6jpW^IgtOqF!xIyHEvdat11h|!8{njicvYLLc38tthSpFb@Vj13u%rHSW>uB
zNc9;T;4{pX!!yYe!|jBWi>ri`VBUcL)Jr>$b|KA6xkruWWq4=cGU43;^ED1Q9&NDP
zhE$z-noIs~qcT=+0Y?ba)AX`hyHs+A<AIg`9;sTxM0bg0wYj+`;b@v^@<<9-aB$RE
z&8;0tv8?iye2r!G;DTX-(-JCfx2cwsOq1LNV>KVcCj#|Jp+RUC1i>$i2y?=sRclSR
z7FbKI)z&tv*&4Q<wO+B_u&&uCTZ}EumSNj&+hNOxJo_O}P#Cc$0DT@%@3Za(>XUaV
zt!5!;y=*IMAK*_P8Rv(Omh}v_=kuec$*v{-JU?M<<1ZbV<(qg1Kcn&o&ccW-->S8>
zKzXG?1L1D#vW9IA>setI%2aGo;C;e2V3_FWJbc?yYgz5y&*ky!Tme7O)z&^>n(VM0
zN$D;*bOG93BkVMl3nfCiP<8Ztd*Pw5P}g2#ia!)KRtxb$N{7ufX=(+|-GsO8D)62c
zrfutX+ExafwSVU;*eJW-e%!X*o?;)dPui#Lv-UZAzi{2YD74yU?5%=eT_f_c@3dFh
zP4+W(mo;n;8uIz=);?Pt2ePoNf?RA?54W4!(jLcEx9;aoa+kSV+--i(!G$B^#zB6s
z+1uO<lDT$p0W=im<2VC%jY}|A8{3Ywa;XQ)xPs;lcvHdMux#+u!3Dm|G}lfUuklTS
z30iOyG~ohW92fe9acfwZ1Zl1c8`d0a7U;24)#9M_g7ucIP?aQQ-EB*Tm@iC2n~Q}r
zR)bX%ZbHse)>P}1Fb(w`g0~|eAHiA=^axs;2&r?{UDj*XC9r@>Ta9gxZ7)dbwzb}R
zz&Zvt5^Jr1T!L`jy2UhS_8z(ob*?{J$=Qfq9vnS7!>#c<Obx~%%c{Z4U*)eJ&FAOM
zGyHi|voV##BXeMxIUT!t2B9v0|FbEeAI>&xGulRN=WSko*w$!kvYqDd2(=xywgG;D
zU*_@-)>uZm<GXeVTaTXZcHOlB%WBs?A)6Z%ij1+wSb^pTny-VEly|jpTC>;SHBBDA
z-8LZP@-_U*p(_F_BpJg(=AqlBBHJDNb^CtXC6L&HFl}e;Nud9&)>wP3y}@2WtO6vk
z!`^Qf?C0#`R-3)fUT00W$J;aQB|tS|FB0}c3#P$}CTtV-Q(!;+_M5h4+loEcUT$x;
zcMFsDYz~>qP34DfbLm_bmuJasuOyl__L*k6f>wd^aGl(sdFJ2=zR?ul7GsL<?r)kp
zI%BLh3^d)~E8C3+7kX|OyoNm;ou)~?t9^iLJGjDU@M)GamNV^p_!chKJkJ}O_jkLv
zCE#*^=Pa(~R&%m>rlZ1`!=2@ZxG`=DYB34<9Y<zc{k*q*_>jcsL;r~$I>{T`iVxpz
z-_v1(UV4Hb;0rl3*T)Suw;Hc-OMLR-EMp&6+MLbp<F4=uU(D?yBhZl)GWw7nNJbq~
zxn&i2=W#ivIe6pfu-P0iveD$H2oYi^21Yps{t(6J7#-4l;>Y~NkNJro^M8gPGiFqu
zrlOYf=plp}3jTkKn%jo;m%E#fH}2{lH#9XLZ_eE})1y5&-`w!>{+`sfCPQ&gUgPbi
zoP(A7cC_s7F*hc>9DnFmcd)y^`&4sn_w)-%-5Wiqx#7i@=7zSWo?Sir4p#Pb_M|u0
z?rUl}VBlV;ebH!WIy`0B**^M`spr-U*)LBT77Xj(OSc4j!Y`b8xx_MS7=EeY(2(JT
zrNrPcuXMIp=ogJI8oTG(M`7$A?O7su4zEGJI~KvPV3|BP0p-oMpRiO}Oy5g2C%;g8
zC~WBJkdBla94~agm~Twy6JK8B)A${Y^^I*W-{c!x+Ft(O?0pSX8`+g+l~fY6ObBs^
zLlcK~2q6w3G;xR<V}-^T)5NARR?{E}8DuP#WUQY;NJ6TA&=17p@o>B>>+upo2<xzn
zLx_iX2ywhD%P=0o5JHHX5JCt|(}egiEaT%4hxP1zuV=dV=WKS*oHKi7_w;$EByQ<d
z)qC&W`|fu?zj{90u+1b`vl}(uq=qn82QgtTyyNPPZrg4FMvRBr5LH@FH!Ziy4co2V
zt+}q=);jxwcRv~*+fz@pWdiPy6EM;9?iDx(qvIM3xEjhlMNNde+#7aH+xG`pZWn&z
z#Ti$xV03PUb8QDh%Z;;<QfrFmM)-6@7cOtyh^E1qbVsvo`f#N+&AUH()Y=~2@upbY
zqlMu^(UP#qn}+(-n$8{#mU4BMavNLNw8jma9`(rMwFf-;ja%;AhHX2|-0~)IyG##i
zC2D6_Zkb?4U_5*6g$@0U_0VG6MyAJI9(d&T+V_WN7@hm7`#N)5>}DR@iSUZhZhP7g
zV0v8HNcRo>%vAVpcs_hD;PM*14r{xoyD2G3dtBZUcf70DYozOhcG_i41H5+AruRA`
z#o={NUn9jNctx+sk9e<mR-%*MPHS3IQuvWIrLh=kp01-^jkD2F4{J?xT5QEOy{!fH
zv2{LJ%4@vsFoMwL)+3j4-|3$R^kB_qYP?BqlhDbIvZKz~M!rD=1T$ybYE9>%M&n_m
zYkMJF<7v~tcm%B3P16AveZ-pPxoZzF2_Z*hsr9Ngsi7j2-B95TL`S`W&}h>%7X_<d
zYSe+n>sxNw3+*W(E$DcO>1o*rWFj4hl92s}O8B0Txj~I|9P%);?gz;J8`SVA(x+QS
zLUExu|EztD=?NW0a?9hu-B6j+63Pb6Uul_Y>1nxh$r}nZC3*7cBc9!shaq*Sg2`%3
zXxU;?nbbxqWMp#OE7olLaLcL}+Te-W&0ekD9Jv-63=J|Pk=wScrfpAmgpYKDlN)uB
zCBT;8DUqCTw6Q1D>rx9w4;#sgw1j#iPeYyda8w;R7><qjBO4J*LuV*1k`S2<M?C|P
z)X<YieW<HJ8z~Mgcy8EkhttEEp7ExBPxKNC-nQJR3n;?RBCFgz8z48(lEpr3yV-a<
zI%jJMmq#aUPr+lBqia?Vch8y<C79Ic9yj0_Z`=@Ft)REo@`kil);^4Ev-P^Io=HHy
z)}XcNJ$=#5miw)lq5ZA-p$uCKASsX=_PejPnxbZ~3c0l}axjt*U0^+}H@NGbyR_Y=
z2P~Zo`I8s!vI05Qwbr|>iq<IW@l>`}Mn}OfHd+UwlXjvpl}WH!LS1Oy@IVQ5g}Nfe
z)@{$Y=YeOyvjg))TI7y3B{UiujV#&A-1GKPm~XNIFykQ`Xw-Sbwx^6foF6`74~L8R
z;>KB92R+cZ;i>dyN43$Twx{#}I>0~6A}!&%mW{AIS`pd~yP_FjuX1z}9d^1k-Balq
zV9V&f)_aX3o?Rw~+l{8cESQUY6iI<1=CP*;Je6fe!clu+ps0c1qD)T1azlT3AUqWE
z&?egC4G5czjseRI%!m8v`S5k?lW;dP8(wUzZ@Cqu8q@(-*bC)Bc-*@`sBv1tSHW|^
z+uh}!X!u4{wCN)^qvlASw<H<>KQ`OV(JP*)mu{T32Ov8e1dGYD6Vc&D%5&EfjXJ>a
z!hpwnqg~N4dv7pR^nz7oS<|A%aAl;_(}yh69ZwIv<Hs<!v(Zjw34Aokmecxx*R(Fe
zjJaYj<R>oWdat-mqTKqd^?F0NA?$TD7==!^iN4Xux9+lOQPI1<b*J@FTSCKNbgpru
zK?{~M-a6Apd6R5eVkOK4?Z~IO9k_c+>pG4hl@W~xTI7y*$9tm4ikVb<N<@dPcA{x7
z93L_^9E~ub>GsCe##`Y-jRm$lk%`ENH^bV0$s3ssjfKV{_d}DR>ByER(bH$o2uGuF
zU;~+Sw`U;yC{XU{_Q*^s?F#LMA2mKiHiUk&YeW5ZEnC*I(Xs)v{;((6zITab4nl6O
zcjrd;d+LxMTOk@Wj=19^HPNKT*~TS^5k(9Iz5}t$y3nYx$63>0t|#2j;MXl{JH#}9
zIMF`riEn&ryTe^~&wJZFH<+hh!mFn18hP4viS<AAJYw!gZZ#gZ-LVt&P-9P|AX3WL
z(Bqz&NY5p<u_e?FtsD$>wcHLXATsii+mIK{f{j0pl!l|>-AmvJElZKZku30uwa9_c
zoab&h+EB(k_2fgwkw7kyO9VmwlKdq>DmRoHgo64OHAE<>Kd1hJh@nQQNg|H=F*Q#-
zPyLE|llVBbN&SX6MExE0gh-`+Pwf%uILA4xf<k;o^^)o(B14s@$|F7-b0_8wkqOVZ
z@z1nQw~NTYS<)+zBYhjLMp;rRX5e2XCW!|`8P1i?VFq4@8Ti+5-t;=on<{bMRE6^<
zJ@ISEn+!N_GU2@GJmgI;5H&bs;&8?!;EYMc8Iy!FCK+c;%{XHU;fyJaGo~ocm|Ahh
z)P^&rui%X73eK4R2($FpFiYQ#S^C=wEo4K3I2-yQUSa$uX5$|rHl9=<Hl9?Y6~<%?
z;^fI##eY!zklcsZcrppHq_@c|%)=j1JW@O&zku2J9L3)$3GyYBACadp17D39_*#@7
zk!H-pUqJa0X~8_a9rN&)Fb`jkdHBnihj(Be-idj57v-h=q#H6One?D_%p`}I_HUqd
z%w!+t+y5Qr+rNqV_5rkxnfx=fj+q=p>zK)JW4`^KYC|1I{s437tC&lF6J=858fMhr
z!i@U5`t#~9kZ+@WiriEmSDzz)gZOiW0`cbxCF0K&l-j1YDO4z{QmED6Q2$gBgK{WE
z9?GE<#}Qku&?2^6k&m(`#R-%>DGE{cq&S7LCq*&Jo)lFmds65jdume{Fdr_)d_U$F
ziZIH66yL;*_aJ7xzl|C1A<TGx2Q%JxFysB_nDHLQjQ4jj<9!!1-hY8sS1U%)>T1PL
zFpvE+%wsQN9{cB*$6i9Ks};X^?k&we#WLhjA6BYR4yBAkIh67PD2GzUqZ~^4L6k!&
z6Cj5wSAGa(Ps(E`ds4oPvL|H$%AS-bQ1+xOMA?(_BxFxJ$|A^d@|9DN-CR(<fqCHH
z5hR&QcD<LgRJHv-cl<%lx_*x<C6x6~E{?#rqJHb*5PWWM<#2BGVjl<dUi~6h0n$8I
z;_d=z8rPrX@^Jn8TqZ~(7g;VDq@l|rAPsOSZu<YyeEBXPuG&&3y!VFO>#P6cp?Hf=
zVY>~n>;PY4*72R}V(mElh+Sl#U3%&a)Ov+<;fRn+KNRfNL}5r67iNTU%N(D=XTUW>
z>=0kVuGEg#jynVV9Q%w*;128i`6ogm{gAzPd0nsztThqtGtTx&TB$;ENTSpwb%}Y>
zoU{f~m$W7)%7-L}TrStiE?JhNaytArCwI$z@&H^@2DQRaZvpB<kri;{LVa1jDyPGh
zVUWjbS?&&ZM`XAW(eJ1?#B%q!30f!e+?1nUY~g01g;7Int+#fZwiuGdHtwN#jaw2s
zP@Cj+c}MDkXU)mG@Psa@1huG{g6FQu<<g)WZBA%DAa^$(Y)<7<xX0o|-Sx}!e2Msw
zckq+qs#q^>@sqV)L#&W)h^6lc<J?nW#!)XN(G&E9lp-ZT$q*-`qjlHW6+S>eL?c`U
z*RU&&dY<4ng&|%IEunE+)}^lIVyR!6Yp!W#<U|;YciQ2AcJwsgfpLNHX}%9-qIn9+
z;pV00Re8Pnn!GE^XiS?K`2Cuk-h30rY0j*x^;#3*>U6;_NBJZevvfJLcKq@>+lLC$
zBEM(WnRU)=A(P$ZG+eziARJ=*=mNpc<$=amf;1l%9<f8tfJ4Jq@SU|@c1W0K2RH^S
zp@e+~^}Y2OT&cB=*U}H++#sCY;itiJ@`Z7Bp7Zm=TnBfP>)~#}Gl!u6i}XVdMpJNs
zr7c?KguD7-zMUTxDakC+@;xblwSGlvmwM&=f3TQIX<OO^O(n~R<XpK(Hp#4f7wJci
zqW*!s3`xV%D2!MqjMx#l!U2CR!<h8Luctx7T~eXsk@n>4(zIlhZ%8F@=80^Vy>RUV
zc}AX>7r_c-IaZFBD`gkl3E4$J8k6SOKK(E|fGxg)r<rYLo9|`U`LWt@?tnEHtbbF;
z74ytD%{K)*oMpip?pfx*CU1(jxC!x&I0Dl?SfF7@>=AE+{oRKvSH%Ku14i=^w<Yq(
zs-=Lu3mQ$3A2n;5v*c&ZIdYw}W{8znK&Pqvq?G0ih*RQ0WP4zFt9+ce!B6s&hFI}2
zvOP&H#R)Uceq?j(qBsj>6<HcwnFLn4pU;r8K|h;y*TpGeM%oWO8W5MnB~(XzDiJ(g
zwFOU_ZEk5UXwGXcZY~8YtZBA1*JGbdZ}ww5yw!Xg{GkJ#0}JGvd1(z<E0UpBqEy!W
zP#Ojutv44yy^-b(D7t1nw#>HXYhd9FpJs@?RLURa%XlOBk%tfP({!GASlC5g3Vy2L
z4ssN`Xw60QP}M`2iJo!Af{Du#OhT@3TBsBYV2&AQ9|)ChJy>8=c)+!YrC>{7Pn^y$
zz*+c0?zWh~)8b(sW*~l{)_Za3;u5FlYEZw~0pa?kgO?5pSD9>Nh1@l+&8Rc#L``)z
zpDiA!^};9}6jON-T9Y7V)vky+mMgWa@t_bZD1>++S=8}bep}3gQb6ax{CGp?=5qK2
zet|9!^&Btk)F+8Gpqo6=BGwDY--g(`{4&2LWC}$>xlkv_!aCo@_j3i%|4AWTEEWdX
zZg#+|GiLqc91L|~{sp@l5@yiMi#@i4r(x90wc}uwGuA}@iXm27!*8$t74=sHLH#xL
z*91xZkoqCSmcOC?24c&Ps2}0CR~<x%K)a<Q)SHY^??H@uU%;sM5JtV9z^FG3qux(p
z)SHe`?_rF3KZ8+k21dP~#i%zEquv)W>dnTe_wyL_mSNOej#2M9jCyq#^}dEtZv{rZ
zl^FF_Vbp8DsMm;5Z#71}CX9N|W7J!N|DE81;!A*Z>oC$475_=`L!uL}Dft>gvBY-~
ziY2~>P%JTuP%QC%gkp*NnB||wEdMHI`PVVa|2Ag%H!#cp8-!wszr|etHs<>OGv@kt
zFxUTgnCpLxx&9{<Pszk@RXgf9Vh>}`k75j(gfZyz7=tEb4EiyQK@VaK`U1wFhwvJX
zm+%^nT)c+k7{Z`r9$v|D95CoCsl}XrJ?8W;V@}_JIejPQ^j(<KcVkYU!JK{r=JY+7
z)AwOc-;X){R?O+QAyi6!C1yP47vvyj<fkwr|6|O^&tXRXCzz3+e{M&!kNhb@kmTQD
z7XArl;eU%+_+8Ax{|>Y8PZ5G7e~%EP;*)s2!e{V$g$%r2;j?(XLMB3xiq9bgsmMYI
zQZbAWq~bqf*85FBB{zuC_pr&U#sAas2N7D;&EQc&S=ABL1`9#D8q9&uXfPGd$-%?H
zERX`mFi4(Yau6_4RlRi_Bug+Zm<Ez5unSUU;8_s7qN*&g4N^&9JFxeE<VEk|tJuWY
z4BUrg0?e$m<sT2_-sM$8j>R6>yf_w24;~5TyC#CJpf@N7Zv^{-Gq#!FyhCm5vg(XU
z)``F<n`Is}_6EiRbAjc+b}*hEbxj5BLHT^3IypEKTx2y?9h({)fZuj>ChP2lMg5Sq
zjcpMu)hpI5_944rORl?R9yZmm7Pj<kxnZL$fNIcd^rld7mK9R1H_ZgA(+>#+)hq0*
zb<5FP{mAGrSDekKGlUV^D69q_upNf2v)!ykxK&-wmYVdE!q8#3RZbbMHRvy|nztpB
zZN^wA$>#ox3(`I5LHR@L6o1t^Yow)}3z^bx*{JxW;jk2IEfp-aBT~6k3AMeFOX`yb
z1U-M1EtRfXORLK*xz)*Ne1bApadFJp8_efCFh1VEG#VZ2Y;cAP+h*trtB$+Eb+TDp
z7uS1vl{0dV^2eOWwR6MO`P`VHUeq?|4SH@;EHu=c2hGbD3)up(!dA{rn`+D=w`Mbm
z*|s{UXXK8GW^T@A$9;m{lv8D+&?C{jZJU8}&?Ei5iwj(Zbk8`)Up1y(@LtHYMS~A6
zuNu{;oxI}W7#|x<)@7ax@cGcn{CC=Dv0HVPeEu$*#Xkso`4xV>A(ek*BpUSm?zw=m
zg1-TG>vB!-&-ikd=evWa`Jv#9wOD5oH0SqMwTl63+l6P=DI1KUE#Dkhoo}i+pTb%$
zES@t81wsP7$>dkB*cQcY+xmq{<J`Gy+m3Owx=%Q8F59qyG;iy(4OOp*%Up%2#-uU!
zn)C(>>Z6=jPRRvQ=7n|J)#_wPzP$QQ{|p`cRe4pHcp+1M+)Om@Z%(>UN1KhC7j~M{
zs^`zLfo(&FbqeWPz9!$2r{t&d(#3`HRkp>p!yY_0O^-=8q(^Lmupup4+l(o}@!$i=
z#bnxUu(NDOV8N)qI9k06mcJc%VpN+}!Fs{}zyorFbx6m-Ze;(#mEbx{u?0xSYyv&T
z9%ggE4h{tm>E{D`K}9ecyc!$|-mM%7z9Ux#%Y%>LPUG}ZHZK?-m<+6)53mP}UABA1
zB(R%A@UC55vUxCgT0gI!x8w((1&e|#n^(Q7pTDqUowd%g#X=s~|9!TFZLw|$v+M>(
zum!>`VS-Dc!@^eitQZHLQsYRWpRo1ZelE$9E?9&+Y`wUj)f?BuG@-yj3q8V9_95*N
z9tt_as+eui2*vCYl+yBRLIFEsZPPzGyK|1<v|OQeRu8&iCk*f;;jr+Sonp7d6p=77
z#!jQhrZAcf79H}j4r{5DXsBlkz^~G!BMo{fx9X_%v28|*N>}0Bke-$1jap=z(u(8?
z?nth(Q7Kc(w53bQ!B~k6UYD*1@97j$H<nKaP13lO$z)1*rDuXg+>_!R8PdApK=pjx
z0kHQ&Qk~dOYo%RTbFN)ZkPk>j)+tAZ@u<Zs%}Du@U8W2j7k19|n|Kq$TFk??d`tSd
z_RCM%`$B>BvGuWejZ@PpY>lbL9ll_9l{)5x4SKSA*H~h0b8iR1FOUsX?{ZgQ_M4%f
zaDl1?ZnW-zq2A`QxxiPaZQj5#w`QUYchCX;Neg$l1)-E%79H$EZcQw^xPV3m6=Ry=
zTJ@vzahC3?E;&n1wYG3(u3s#X4{~MlVXlm$xxpZ7Bw(g^!fo^Md?KIDA2~P8=LU;-
z7ccWHALXyZQwRBb`~W}0FY-HFfcJu5X7Z=`I^M+3^Ob=)u**Z>*PGlPKh9<u34!91
z`9r}<-X56d`+~`Qk=SW_#Et3mMUNO3uZUgNQkX0H#D3ddakMT~91|zOYYW6Vaavrn
z%~!7&dPGs|Wv9epaZudki_GoTo0fF<HjJCYVHOwYO|Zy=wy4-{>$VLTvu*dzwYzF$
z{l&5B-RfBWkX$U6$~AJm%*cKz-)5KZ%eUnTuz_9B-G=<IS#9cRPLc1(Bj#<{BJ=W1
zDZe>R?r1m+R+D*gLC%4)bs^KZ*_>g$DeL4mxyRWj&r0cXi?ySArFuokvW{5qTc<1!
zjBCh>jYm!OY^kA!Ev-DL%VnQ(al%dEnsD1<KbuSMaYw8BVD?#Z71ZUGnJ?IdRrV&^
z<IH7mvA4kj)~s#S@nVvg;oh#)S<0EB%UfK@`TeFET3emZt_p2uqg)z$AN|JqS%&55
zQ7*&LOAoWxj7jvu>(4F*1YY2c+qPJ1kHu??Kl`jMl@`yn3oYVNYihaX;-JNDS~X12
zWpoK$L7S}|FzeOW4jJkz58KkKPoK-6ryZTvHrtVNT3b9Fu3D&SH*TL#u^qDI+VbhS
z^C{**wvA4rj|#WTHAV+58Z#>I3yk3Bvd@lNp9)j9OnQMWg(%u0)Uy-pW1)kEnCcD-
ztF8{vtXfPGQsI0J=vgP|g;I9bX=m@S7KeiipHJZ`039f)zo-7502ra72vYT&>Nz;~
zK8O82hy6Z>{V$BeCfdPs-bL>P6Ym~>F!QKb_f-<gij~)v;agF$;DF4#V$N3q=cZqq
z@|A!zQN0P${nzgKbcDhc@Rbuvm&aF*>-YPz;kVw`dVEPB-86KA)bZMNU+VvI=6E;T
zP}-H@_f|I-B>uMt*;mVyj#oW#1ggp$!;Ue>be--@*r{;FJJX#<oTh4%(^T70mZ4vH
z^_D^BC~@Aa(3WM_G7d9bBUY6eOX_r|JDl<7)MfonlhgiAP3IAZ=#+g%pT{@okM$?|
z)BU;rB45Dg!O|iBX@8yH>znkA`S1CRRg<U<&Un{qRasfKW7<vB>6{9O5w*Zj<21SV
zSDOs0`W1JQJI#5|o#BS(yEa@;i(1@q?i6>S&(U<C>0nc8(*a+*f4=FkPi)GnWnS$-
z_dIdGs?6Q#=sz`jO6{I@raPwJxnI>2{Yup|Q{=qY)Z$byuBL02A%=bRnq{4do>Dgz
zGwDonSq2&l_p(dFWICps{7#d8zNw?>W>b%WH+1-8U8_yEe1p}pa{&5$+gIqU^o=>_
zS39ao&PIKNLv(~+?I>rQCP%+x*q2f@?bt^Ba%Q4&^_4iiC!@|8)Gz&tvCMhbISzdv
zbPSf(`QjYyzO=>}U$*b)>0-G4ilg1J=2-TXIr@EthKaK5sxt3WpZc6yzfzV_efrf~
z4x=yWOxRa(s=q?(m@cg=t*e@@?WnBR&y;1Kjh5EEj&x!4(MTVlkzBvYKkqa92Yj9W
ztNt6lPM_#s^q2eZ`ZIld{uTeO|5+2&q(S-veZ~4szAOHG-+o_)PwVJ(Z2HV_pD>(L
zz>(~?`=)(!P8iX%QFOSI9K%kNG3-{Kq0f}O-iNdT8p&}C8#<cu3<<6+_fgl9>#<wg
zq<i%m=ri0@&{XQ^cWt=GP8r>kmG$nurg|n8X{bV5p>5)un5H(y&d6@HTV1CE9q5}Z
zjjU7ARO2wi=nR5J!|rgI(RuIHYs__bzj4&D=6>QZGDjT!uib3A?T>A`<MT9)_~U&>
zzsq0gXQ98>eG9&2-<od|`aAA_;Gbzq@E`GaLyti6_4>Me{r*1xA>XK9_DB6Y{zqlg
z{&k-N`ZDYvde^dxeA~XTKhgKZy&tc-B~>K&p;86mL#0-!356<F6^mEhcK-A28AXJl
ze2$1h$s*dIyhvOjuED+0n_*wXG5sZo>61h*#PtX8G!)bGa7;gr-vj#+Ns%hzWxV&)
z2^?Dsacr%@drz4a`HGi`3yKqp6U0TuNySORqBx}}Caj7tE51zF6s3w%!mfB-@j7uy
zQKhIN>TwjljH9p@zt?pIzt?pQ?^X3D`0cKCyjRt~QcNf&h<~GaL-7W21MmL+r<jSm
ziJ7>6i}!u+Qan~XCcdipt>U*tH|E;DhIhE?!8=@i9q(|}i+8yC26{J(xP|w*`X=7z
z>PL8=t699y)sOK$S3kk~Ts_45T)lz!xmv{gT>TvHbG4z`P(3Dot$Lz*LOfCJs(wfO
zR<);kM*L1qs!3uG9!nAbMXgcC5zlb6B_YlpAr<)TD@y&c`ejghvAUR4tIw!Q$ryDR
zMBe8xbN2zv+{I(&?t_@QOMsaB4e~?y?W_H0XDu=j?W{$91nsOv9zZ*5ksn1nYmrGY
zt{4~jd<+xgA(LZ#F@EynF@cx>`9cgA!;yz#nqvTpKy|-b$WNfiOMVg}?>PCHn7@qq
zOY-wEGchydk(eLH{FwYg%uix|LgvK$H0B}sMHG?Amrz6|b5TSlkD<s*=Ap<-9!HUv
z)S}2sehEchQjhoMs=<46)#AOm%y@6E3wUp?I=na6#pizi-0w*S{VyA21A4=W^q@V_
z$wp0^<}0L6^GBLLCYv-JnhuiHbZR<DPV-ewH_2;yG+!r0O`oQZlr{fe^JiqU=3AO?
zkzvgp%^fnL`L5>sWK{D5&3*EZHDj6y@=rADnsu^6^Bc`?$bY@>3;VuEcJ4c|?*#d$
z`(D}iW%A~}Gy6)(ukO?B(~)1>r{AY1d-k2*cb@$EzS@1YWG~)5>>CgTJBXq8V&Spa
z|L*vM@!J(;Iw2m*Oc&FOqBGM0pC0BGoO3X3Sh6q!Ak{D|d@Ed)Og~8Fj03(Et`epN
zq(Y{KVL-}bP;Ad(${FwfX5M)39i?`)9q)Tq4A`8=egF6;9Auv{>6L_{tmCtlx?}X2
zy_4g4btevM=~Hv%TPIy-_Vndv_KxSc%L<pZai{v-71}F>%cn$RQo&+T*2(osU0z>a
zU6KFPT=Df&b7%G{XWyxL(sgoOJLfjKJrIYC5POE*G#nl%NE(E{7vN}jhnYj}JuQve
zaE#7-R;fEBo*X~3nOCQ!-D#)=h1xTFMN9hf;>5z`W8p%h_DX5&*(lW4=uCy#<r~_~
zs!3Nd;{^+onW%e^Il^3J5}E7hj_95`MWwE&xNPrK_A7bCSK*H1@7%8_t8n?1o|6jg
z73Ll@elq#wp`tuprnbHKh~C9KC|xXEF3NJ3p|L3FF49Av2bsGt8YX6jnP(PJkC;Vf
zg;{rp&+KXA3YRNyqv8&qO@!z6XbasLFgiJCR4b>76OYmElJepchf%*y=+U^I;EQ*U
z=M;6Ie!;V9j*X#l&AngTeJaj<)UCCwTh>q4Xgz24&g>mqs4PC)S6Xx|T((zvJ8$5W
zSg8Y)mtB0_S*Kk-HLZ<vr@0GH96qyI4|h8`ezN;yw|4G$&dG7mqo^%BIq=F9=)wp(
zpb;)`PrB!rBW^Pj>khz~C-CWEa-m1b?ooF?lh0H#CZ>+DWBsA)*3h+;#b+uiM=DEC
zCcDj8lejqZ-Tm%PcPET$mbMTb$HK^twEOETkFOSYAMatjpp``CM(%BRLboyL<T%nF
z`eX*Q?b^9xG}s?#=#@NX=#{*)i6_TTIZhqb=OPWEqP<eK$&4QxE4qeITwWd0BlK~c
z886=|Sgf4Ny$>TqAEUKbv{#DiOK-fA#q<@+NY91K#fimNp@&BIH13BP$};@D$t1da
z@kn&JyO`5}Y%`(XF83Jf5tc+$7zLwnUvY1{H{oo#*31;S9nfPJ6aNpEjcmHp?E!1(
zEn0$^sf_#%`5l;;zDs@=W~uLy-y;;{56B-7N^+bWCn$1~oFr7_6gfqx$r*Bnh#}|5
zIU<&PNIoQ<BNxd<LZf_9`697T`G)chB2M`;<<E!@D1WZ}IT5e?h4L4~2bI56{*p*g
z{z~~P;zP<em2VRJm2WBEB0j8qTlqGTNOe(N#7C%Zs+%}K^-w*;N2y+_mq?=es6OI(
z>K1j2NT&L!e&S=)05w1yq;6BUiH}ovs5?Xo^^kf<yg)5b3&bI6ky<1^K`l{BL@KpR
zEfb%lR;U#sje3iEi})1vHuW}<PW_ttHSuX`i`pU%Q`^)w@fm7|+95KiU22#3EcJ|f
zMr7hS{Bw8?&%$%~i+B#tR_#;mBR;SCfa(Lp5!DA(A0)n@`jF~FM2_mist*%iRDDGC
z5#p%oqpFV*FR7kaJx}DSKBoE@aZL4b)yIiE)eEW@h~uhHs6IhxRi9LSlK7J9Q>sr9
z`KnK=K25x=%1~tx1*%L{CUHWQrOF}-RoSX+;-u<`>IhM!%2DMIr&LE(M~Pz9G1W2R
zmAI+6DWW89I&PZya@<VZ3~@ScHg1+U6E_z(N0i3R$IS!od>^U4k5u1Bs{aCzDtS-Y
z@gCmGs(JtTCmeqe(OU!b3Zb-m=ym!LNcHqGd|K#DI9Ef@VX2bd0;!x{f^UVj1nMcR
zh4c)rpGS{@ltcH^!yskSH$h6L@6aRf$HxC}W8-_As!3V*-v4WrF-G>idjFL6`0Sa@
z<FhZ0ykt6G@?Y8e`mn05GvCAB`y2>^45ijuJ$%$0&X=&y=74;Q1QC%SL58B?e1Afz
zbtom)aTv=`Y6)X0G1gd1DK&;rV;D<~wT7XTSW76EQfe8-T82<djpbVFIMz4@=3T$V
zByDeRC-cXBo<8^S+0Xu+cfWgm?RULvt>0Q_owEaSpzujKb6@e)mLa7r{hZR4qzdfK
z$jdmrWhl@bXf2G~Ft>d$wJCcddsX(tmJSM^m$@%1BXeKC8St}^>1(zOZO%<U=Zg+>
z2S&XYgR6szcPgj^dICMch@dWL4l2P4x@O<J_xgG*T2_YiWAe%Di4Aj(qWr#q{G{w1
zWhKa#l(sBN%hH;Wm)Viw542VbS;N~0v&y!VCN@9O5PVR1y*j>H?@z3@dawKKzG+`u
zu(vvcrO48B=4MYgGXhbMwPv(emlaPrig<e26B&8cO_}aMYx<c@^#Nn`!RkZRhcoiz
z{lU9cIoWmj(Mb`3z04K`=c~Qd`yEC8E~PEMrTS#`DbH+hb@hlxs6OLw2uvt#*@GE*
z+q>Bjn8?fBl9Lyi9_F9TUX|g@i`=X)jaFLZ{ee}^nm|?{wV=7c&+Hng4b;iEOA^_0
z(XngGP?nX-l$A*{0{?CQ;?CH|w1JX9c|nxY=3nsN3#<!h9~%rrZSPigZ<x!T@L%!I
zXJrH$w;%EENnhg~_0I<iv-|ThHs5m;r5Dg~FiDl&|0K;A)5Fq>Hy8M#eb>m|R3Cwf
zV1BUFHyvmXb_V)`2ZC+>%TzBzR40AGG$KHkf-`I%O;AVm$LcF07^E{l5dPTlz^;H4
zFb3KKJ)X+IX-{QP6O0X31?B?R$qExmEiAXJ5qZDTR=qN#C%v+IjU~J~(Ql_3$<3Us
z9;q$}-gS;whdB?rTB{?gi?e3a56b&D)H*YA`!m{;l#Kg3TO383%c>iy_pll&j4X_F
z)E8!Ks(<Ws^|9)j>Y9Me>M^_DQM9SvF_YR<8l91)w8{JB{f_!TYsRkXuJpt#dv#^C
zJ>720P+DwF)#s?D1_C|R!@+1e+`*#YZtDA5$Pzc*ZGk(~W1bCOa9<1F3g)<n0;kzk
zU@&k#a52~sJQ}zftPk!BPJ4=zE(ON|$H|AMf+v_|$g`PG&$)+!y1@OcT)c1T{zD%6
zkcU3xp??lMlv+poyCdDBQ-7LMIY-?iD$zaS9CVM<)j9Vym0+K9Pm=De^OSptt}eT;
z(p8VMlRgFeCHH>1y6kLs4^#L<?moI|b2hm<Rf4P7?WC(lXT7`UonGPH->A%~Z@l}D
zQjg}cQ~1T!D1EqlGP_%z&n!({WA$5WH(nu4=SIQWqa(dOJYkPKkUq;oq*SDI%JbH#
ztx=YB?#bl+OvhqaYmH4-$=HzIRoLLVuba$WB@Za2iC0rf)2?NAXV)ey>cc(po<vW9
zr`S{DIpjI!Ikml{<g#bhv*3;L-1f@e60hvZ_3qt%)7$7h;yv!|_DbF!ile7EWfbS!
z_7cx!&w^(Wp|f~M&uvec*Xcd4oJb8bDEd3ew;gTnOWCysMd@{4Q+k!NM!jjBdrUW}
zAI-1NT4T*hPBbW<Fn5RHg1kSa0%c;QsiC}1d5S5ISx-DGQR!~V<+``TbCB}6<Gt_g
z_NjcDtx?HcDPw7uV2iufDY;A^u8%TyDJOK3sbSgO?n!GQ-MN+0snlEj9~n-WkrxZS
zTO~)EQe|m&_p<WI1I)tKC=b~>HB6zhr4}2;s3f_pEIzZR#;16id_}$r?|CZ8spWDM
zY`<Ch;E6R<j@`Z+Pw0IQ{DL>nH|;s>kMvl*dwoNm0<sC&)Ys-a;k)F!=9?sop2;j#
zii};}RBv<o?Dm`TJXufcU1zOLyh<exw@N7ovbzmqnWdSf?itG<Y3h`-*|jOFWqV4C
zzIMluN3c#g+EP>r@mYtAk(u?nnbbA9$*e>AId@0)9kRfDN?T58+9i6TQ982d>9P`P
zbeHsd=?KrfA<w6;l;_>k?hBi*q&K;T^x@gv<S~8<S7*pczoL&SsIyL4&Zk{Uuo~Jt
zVV(@KLl@OKtMy8c-P1r%v7gmZ=>yNWXT&q>T?G%w^X~H2c~7(Y*?yBW?R55dnmkS3
zevj81?lpS4D5lplyuFolT5loUtsyHHc<xd7lVr12y4vHp;`MuLy;5nuchGy$J4*K6
z>$yk1S5D<P<C&*e1)js60ol%K-P)s%(#>pMNG;Y!k>}T0>)h82lRGr5r6lZ0$W6Cr
zjHb`(Q!TB=8hO4j(x6!9taD1QwI?OV(wtv!wDW`fuTM9b(rdhJ88x^!UdgXlda1Mp
z{P5oK9P-ZjqP<srt9`NFo7uJA3Gb9ILM}7pq=u!m>93n4YJ=-i6#Z4>h$TFAWmc0h
zlKY-KpU`9tH*^|0t^R`Af?EA5eUv^*Ibro1yE11i>vS`Pk-EvWODS!-ODUbyHdAxz
zJu9=%>m~gi%U*i2Fkh)Z%oFd^dFy;><cC$hAbDK9=Zvq{ch+~5`5{?H@=be>`)>K}
zdbPejU*Gl;pWC;O?w;}8@O60f^ejzOM}yu$-wb)|w11^9$CvMG@pbwx_{Kc@eFv=V
z%nLRz*!EPOw@zg~$iBn;#i})~Buv$ZXN;y@bDziw=2tjw7&<M@n`cud-5u^;I_|oA
zt-BI35_07MeO>W!-GlV~#O7vGD&+a3X!51e!pH=>yU%?#>u~DI6l!1DwaN+i(foSZ
zYxV1+*uCuVokPh7^%n~d8=Fkp+;*k3pw=>I8BMNCt~6+j@wriHed)!idSj%kee;6*
zhPyMlID0Vtwx!w9UpT&b(I{93-M6gmx=G!n;etWYjiuc1L@M?63FU-5pPI4tVtR2(
zi;j8<gNAyh3n^#yQSJxS+I!Pla<$5CLudA&vBA}@Z%i++YPY6tJf`29)Rv+o7gLQ<
z3&||CU$^>sADrFI`rm{@)Y3Xx&r5dek>@urSf`A)t+mu{inF^5FQ<liuj7CEejxqu
z;jd2~{`%z4=+`H|_dk|vMsWT~Mx>nDl%W!pleT916qHWee!`=ha!A)<+q20`SFM}!
z=&ISYCZ(0G_S=Z{C=I3v`V^Gio1*C|Xe-#HqARE6Bwg(?-byL|o%ZqW?@A)VqTl6e
zYs}(<q#AR)A=iAxvN|p`=EAnQm?~SHZLfLW=C?KLFWFAp&TmVVwYE|1gt1+F-H>Ro
z7w6ctwskgRuF6&tbHi3EPnhS;!{&Jk-DA6G8?{Z@TIt^DjddoSDPJzvpViGPVREBx
zjXh_>QFDz_ta#UlD<_q6%5Y54rc=&5=dL)TKH6EUA9GY%rX6;<TrPJs$c=VIu9a(3
z63sR85sFu{_MCFCsLZ@ZH^1qWO?DPK#@7xgr{u<+i*f5>N8+MfX=?|JPHT><B6B2l
z&|117+B`s42MlG}UB)bZpPc2my>r17VTo|9cE#pY>c(AW<6c*3OfYruuO?Fm%>&!3
zTt|&rt`jb|Zrqw<n~O6t`)I>c;w`I-bGFUN_sKqclWMk=Sb9yp8)EJIavDr3+o(L3
zP-{rEtS%CgYV1M#?%2!8t1K1v7Gsa$pm~q;$l3vOW%ji5_}bw(DQP6Lz|<RiCGKYS
z^!o7R`_9wx(a!TRX07ZTv>$zZkG(Tl%bv;PPFakdH!K*P$>F;B%n`YfJ&~i>JP<Qv
z%}MbZv*PLu1v?k?({ZD$l&qYF{g%}!){TQD7n25(2DX)Ko7)gu+LY5^$hD1HIt)#Q
zMC19&yN*PMHKoaskx*i8aOCRE+HmuLAy?M2y0_2R?>bgG^l|+gV&isgtc#B}rJ234
z@%pnH6w9sTxvewV2a>fZ^XtQ7`jnHV{I%ztwU)EyVe2)k#<p&~)>x8yI_{>aXouIj
z+U#`{m~vu@Sj{`{v!`-V`PYZ<9FDmwHyQ-?jMgfuw=t`tt1-4(&ss~3PV<2Ax-}<m
zoiWSSYLs>^B;2>oSUQubEY=$v@3_~v<MnQn+t?nrPP<Dt@2V&-aouu<xmOyy%>#0(
zj{HzNu|C|HXCBb^<s@b`XP?kYwj;LVhWOOuuAsipuIT2iI`aDcHrbGyt1{-<QZ1_~
zR-Uaq=7MckoXqOj)>wK*e<|r+rq?FRsjQA|6NWwdAoG92NmJk2aa)!xFKZ%e!qRJN
zr+D4$np%z1*1vN&X?%T_;iRoFsfOCtux-@bWxT4LNUE`{rq(rR*=?|In@e7m+-jQM
zmKsx)G;X_^)MO}*siGF6i(RBv<9A%K-M8J3JMEM<9F^Nmy}C8ZVdYeu?956oM@u>6
zIA}84?wD(gjg}iqnB%hTrn4@oiL6rY*rUJT7@_k_+-YUNl<!P+Hkyj`XYKipbI$O%
zR%fkUXQ+u4k}n$U$$m?RNk=WNQErSWlDjw7Z8{}4%dOhNgwruqhCNEWeln#-KV-ff
zn-QC+8#feKb@~Uf@dm+_LuY={xVAlW#9EP1OKr_<KIG~!-6G#?cXh^$>HAn)i!C!>
ziS2UfY<aOKvnDo}ZS89ZT=neQRb+Fz_E{Cz?$~2mr%RC=<JK86j9FGCZdZ(kuA*F3
zu9gi)O%bl%xG7VWtFLfQyUUPanAf(u+H~`}d95=x!_Y-#>?12Sv3|pHBX-1YwwoQt
zwCzeFS+2-2%=#NAS=$~#M`_YQ{aK@y+UJ9~ZbPo=8aw4VYC8+rRrY#&o4vz+z`Vy4
zkvteDZD_HKIs2Wbjq7x4*l9oNyy)z)pGZD#?{$t+e-`T`ucO{4181GdZ8~Z?U~O}q
zbzM;6sh^lD5}e27Mx&FpQFawml~9t?pbfX5wGY`Z#Z+lqlZI{1m@4~&r17{yM`Tii
zV+|egsjVefGiP;&9D*Y(rpnS`Y_{Kssfs;kzh+yPd%$p#`kp@f1xI}DjHM-BV;_q>
zWuLa+vP7ibj2*B~?!013qaHTbNqw_(Zs(QEbB;3SP0I!2%}2+q4_px`CzVJg(&^t=
zzJ8UdMfN98Ij=ge8xFfvmJ3<yOud#N%k;*JmIq|F3Fnm4pKP>TO1+-E%W`X5xJwfs
zZ9N)0;=B{%)?c8O+UgoI^|~glMTOnY`>q-4aqs2~CoQ;zm>g4tDZ(9TxED7?t)w}*
z&h<byzw?lO(shH{;8~a36&oj!e+;;WT$kLDas7`@ubp>Io4YbA;|BGeW-EEvwK%F(
z<DHnhmK${3vfN7QatzqbrW}*vI7wrK&g_+s+e_^gmD6&oZcU1}*lmfHFUCZ~)j8KW
zqm*&wviXYB$Xb(AYmc_CR%VmenTIVmwB^pdjwX3DCMUVv;gxTi(qfO9a*}u1qb(gN
zmGXHy=w3<x&aRSvWx?*YySM7>8sqtFw>&3bjhl;`Gxf$@waidSayI(c%c-*EmgAJO
z+1YA7lkBwWVy*eZj(NwdW5ID-NAzKR_@iUy!^wL$-l6`!#93~yGF{7@jV*AtTb0;@
zX0NF?rti@)%L(dVrI-l0Jn5KHrtDF=k{XhZZA#Qih78AHN0&Sp<4*2z+|$a*;kN5Z
zO?H*tEVtT=Of4y0jzzo5Dcd8QPN!eq8<S=(PHHl(HfK2YTW;9X95wdXxV?`3<V{p-
zY`r98=Hc&09{zsh;qOQO?0!G;dn>AuEq{9ckf5^OQ;E9!YyI>o=x(pI6D}AENH@Q>
z%wVOf8AB0WO|Q+TPeC_PL9+?n=-O2J6m-KCiF7rvR$mcMS7-Hi=&En+YD4rpJ;Xb+
zhmc9}7<L?FsUBCURxJEC=j}hZzV{yD{8zX?7Ity@T$UrH|1%79xA`Z|a5|&-C+@HM
zoqPX-^SzY&kCsPE=Q`En5%<}#LbXCeM+ALF)0KwK=oPDR#IDfMVW!WB70L>Q?xf)^
zI}|!|R^%gvq80foN>^0Sk+!0WP7PhB(cuQNPcG?zMJtLZ4og2ssRZe$K)U&KP)w@Z
z#~<!PSl)+lU%IbK#BPKn>^hLK>%f9t2MTr_BxBcs6}t{nu<IZdyAC#B*FhR~9i(H|
zK?ZgmWMbDr7IqzEW7k0rb{%ZQu7h0cI@p9=2YJ|a@ECR-<YU*tX6!mBz^;QW*mY2d
zT?bpS>!1j`4z^*}LGi;{{QsgBLxe*Tel-|!j(C(Rto`@TM{?-Qr?Y5T*Z;2m55vBf
z6Y2E-H{sa*ZVFra2m0g7CzE@AC!PLx%Y*X%56|~h_MZ1p=0Ek!?SH&{@5yHQzjHlE
z=S5X*s2xXT=&4XW9r2+xbaf`w8+wk8J)r}1&5i{ex9QZAem{lrh8{wgfzaX5k<f<a
zRK`OulRS+0UJ6?rdWDWzAp7LfJkb8m(L@LP97c-lI0d}-J9wK?+e4p={0Nhlk8pmV
z+!QV>DvYgMKKbzd#((7f#&1b)sbsw6*n+nlD|pLsGTw4*#aoV3@Rs9LyybWU-g2CV
zw;ZSAEyo#n%W)>&a-4;?9B1P#$2oY*@kYGmI2Ug@-h{Ut=ix2KkKrxH`FP9mX1wLN
z0B<?og0~zO;w{Hp@s{HvyybWs-f~=ww;Vr?w;XTBTaHWdmg6Vzmg6$K<#-3)a$JtL
z9Ph$gj{SJcaR6^Q4&p7x)p*Ns4c>D6(TAS#&@=uoo)Hpa4r#`$WmIJ${}|_|&`6)N
z?_P@<elk7#d`B1YZkUky<#^+N;$&$qET6M~Jp4O(wJx8{@5=vm@16V2@07<PR4gA=
zbhzmV0(T4b!ah1Ggabm0&_<G*?(bXHRR|pj7li&Oot<<X#Sx_A0L5VU4^SJ5T>h`t
znRouHRm6X_O42u_OR6yZORE<D(i)F{X?+y`(wcyOX*J>hS=ZzLSrhU9tV#HPR{8%~
zx-<u6vp<z;>Bqo1-~w<OI1aoE{26&dEW$VQSRsu-C$IvT2kZlOFceCG3a|kBlfd)9
zS>PD(Ai`)N-vJIovlsGlly)UB7H9<K;BGyz26zKF1zbc5USJq73yAr*a0S=|JOXS3
zUSlYlfp*{n_Uw4lW?phtIBdfHk509C0$2{r1;zsf;5lF&5NR&10wU$NZ$gfMe2?nZ
zjXlOs16zTI*^`PjkQag9#V)8i;HMc1*MYwTzRALqhI(=4_awiLSRVmaAhj)!OK^7q
zay#S^Akr5<0r?leUjcs&e1N-afS<zeQ{hG8$AR6zFoZmg68<~n7ZEZ9_`k8{FbKQ?
z{3qZk;P-&v0RAIz9BCpQ^-q?OYEXTH$(mx^{RgDXcW8eVh!n(^f!{)`-vF-x{|fro
zfJjsPU%(3}?JdZE3Hj%cMabMr1HdD|F9LrC?B&S(R+xmGt?DMs;mG_`D1`h8U=m6a
zjgsRTB@^<x2>l0v^U%PO;$y(S1D+wXhlni*152v6K@YExM%Z29CNzD(e?yocFdUj^
z5povtUjxyu1%woT2%LlF9^?-#<0Qp`HA3+0)Sek0!d;{$z|O*dAbr%Vh?-Ty-^5P>
zbAj+Hu^I@gs)6EXkpk*hEQE~Or+F(&lk0CoUI%#$_#8@d7;-=G%Lua`sBpVMem~^T
zAV)uB0lAC<Ux5bouK6%zEwBjK0ff&BOTaf&)TfExM#_4miMBvJExXHed>_Y<N(u>|
zr<piQANi``d&FlLhC;szde~E4f$;wdyb29Z;RiqoxE*m(gX(%{;8B_nK+j9QA9w<I
zPPGI0848~Q`5V9?hEfA$Coqa*h??+yEIhSt7UmIPG;k$w3?X|MhQ)9UxlNi!p-)2G
z9LNd4$AD^JJn)0SaNuT+$oDlSlV`GAvVhsZLg@P$YQDmdypiDxz*m3+2)PMzC-7xx
zEI?i!JPWn=9cW*K>Smybl<m-82Mz+i1N}b8KU+rjbTf$cW#Dh1e;#-idDTGv6=WGQ
zN-KU7h%!^Z0Tdn~%}da~gp_{-c>(xKU<>f4C<&}BzKWC$kUxZUZbE(?`V2h#VQ4nu
zt^&;wq`-Y(6|ff?lthw%Z$WPY{umlwgHHi(LxZOvHp}D<3`0Y4_kGCgtH3WpgIW_E
z!1cgH;QLiSr4)XPbnXFBHfaY(8Vy1uc!iV+JOSK`kjaoeKrhOF5Qq|LV0leBLUtpJ
z5eUm@wjg(Sg?JkJp8$^o#}VsWkk6=WgrA0d0|*b1{sQUzHLwnvuOrr*NE7}kj^M5U
z8MYOXzWN6U&wG#YrB2eX=KV%UBI}bEFO%E`4fufc1<3upCueun=o6&+#UU1k#gZx*
zClUD=cV0C@xRs$)#Mp?y*~Nv$8A3BOy)2gcIfg<P(#N<dbU}j=L^uz5nDI11k~OE0
zJNjqwZIq`QVK8bF9wp6JRQCz1plJ$8Lu#ZEzKIexF%+K1-LE5sgOE=k%xT~W)gB7@
z1ag_+$nq6`w6vA(qR$szK)##{-2slP{A^5N+*N#O@fhnjU>QCNA4T|n*mf`DX431h
z{2*-pJ>d7zf9^qEUqQZLzvANJTEc61_9q#V2QvE~XX#Lx8Nd24I9MBU?BKPA9G_+!
zQfy}^JjJ-H0KOsev0lyeQVp{S)#eG5@C0gyjW07Ol?UMuAm5KL{wee=wxEAt`X4Q_
z{&pDh>x-|l{+xLQS%5gFgi&4?Lk;$zJUxu1tILpkIUi+UlYW#O<yW_ITQNo<-9;I|
zb|lzGd;>D~0nPzF4-KA3YJ?5JHr4PD4Ig=*0UiZ@6bP>q_W@x~5w$7)GZ36j(gCeV
z?HDi(PXwkX@o|u|j%3JB0l`KjFg*!ONdjXL-$DwNKpB`1J!d<25%Lk>$8a}_*Aec1
zXL$@|cjJJ#D}sTGU=b471@#Op7H7+^0#5@ui*_PRI>La-s14Bn7<%}d8un4|frhgh
zgqP4#B(y9EOjQI|mtaYWGoNh4Z32Q*Nq>uws29-%J?y52RVB`R!0RN~MB@BmEs*y=
zF$m8&RSytlmg1pDj?xTp2Q*+NA}{R$AWxq^`+cAfxEmqCTBS!3m#2VoN??g<)QAXn
zEuvRcgK<e{^&&41JVye*rTH7{2VgysGd);L{2UNHkBDaxIe*>>M2(AR5j3A-cn^FV
zo+F@Ug|7jTvH;H)@N@$AUNCKG0?57h67>8ZefW$FGYAPin26Lw*k6KQv2_!Sj0`bv
z5;0#8cuQXa1WOcCg_R6(_dJ;YYrtQl&7!49n7K&Yw%<f7%=N_M2y-5K_=#u)Zh{6}
zotOi&Gv;)}%2a5ZWL1H)bnZ*YMT8H~%$ddNhK#X5v_XR&UPLPvGob;m7I?kDXT$~|
zyi|fLV74gn`N)CgI%S$XU;ttGy!iWI*E|=@A|=k8(Z(g73+8ANpW$NGEOEBXJ)HLd
zop|0NjL~2$(k{r)0zU`*Bv=_|INwK@zsG0}4yJw)dKd7cz^8%WoFZ6?2%bP=G{aor
zr;#Q&58066Rp1=bTn7dP{zksXkeB3NA-4g)1P$1iSb$Rf0x~$TnzO_+K$KA8T#mDp
z&jZ1br83CR0l|NWMKCNDK907`<nIFefd7D4oR_u&p8@6rxh28AL|%T*sI8E}as|!?
zdA@$&KLYOp*8;)%#E$^0fSkp}0bvvII%A0<o?7Db6mVS$`4V^9ff{Ear-4(@G(qkF
zVjdxJJ_#-=fx(IwfMC}W*sSzfSQRZo4SyCegA@M-GGAxF{4Nx8u28gV0ezInSsca!
ziT61}U_=Rsg|?%{tXbd)ekfoR)4;<+`HbETL|;nGndzGr_cMNl@R)rIUtt<`4Mujf
zbP>I@h}o+KD@$su6p3h4A|F-x`VabK0X>5>4diq1Dd1(?#fUF-@_vA=Ye^Wt1his-
zuPWe)1gy*m;Hv^`BAHou@!LyLq^U>TafYGXGBzd)69|tr9D(zSIv_?>fscUTx*Dt=
z&}@{+u$zXDn^^Hs|2<^BDutd$4IU!B!nmJQj@&<m^29HWGM=y`Q~Doc8Z}0IHTroC
zn2#ELqrfeXI#q+WOIW4RV60TXkJl_hdZ8&r9r5uFJ*vcc(N@Th<9Rs;=Ff;#0yTJr
zgw+@|tgS}BC)S~~We5*GBm5dE{1o~R11&%ga3`<`VZMZPz6}|pl7O*TH~=0C|CEMN
z7vKh=;CP{6JE5y#D{wzGyh!5fGu24HjjhuXyCc+~j?`~(zeQf320jaX8rTT@yXD$1
zCwvu}!`$~E^R)}uP{b;kFtVhfln-++0`hgd<EnIwbc7nLrO@nKh5nF*LEBV=d1`=C
zEyIxCE`9>Yo_zsNp&-^L*i)##&enScthY#LWomFvfu{zxDZ#fTlt&HgiJU=!EsKR<
z^}m8I!9T@TJQo<LP=jaBWEe6C&W{;~U;);0iy<|zDK#vh#?z^>h9+S(Oapc*f$@qM
z%Ov<7&9zmSnKBJ$-JI8<&4%)oJ?^VbY*r{>G#9|V1u#i9_;4urn25Dp%`aIS5!%pF
zCKs=h{z-%cKM^oSi|}eSUt#8}TRA|^JtmgEgMORIobO?cT7x#F!3v=oY(&j@3twN2
zXLTWQmfnPrU=C`mkEu~MbtDi>H5C0oI5eSP;Gr1t)!dWe8*2DZC|H5SnGfd}SX<VB
zy=dIX5j~#NhuQQ-$nYx-yhY7tH@t5|UTUl&N?7BiG4U#e1oIcLax0*A1oWr^R<H#y
zPw5QGgT5{lHVj1yq3EU6yskGOBvO;G{wcxo67M;A?~2)_2I*@sJJ4WWuLgV6@O9MF
zV2|)>k$d9;E2nUmA<cOiK49PM5MyMr2u#PbARYAt5dN>m%CH8O(SW6^F*lK(P@N(T
z@Atq|)jMHB)UO6?S%dyi&3WLP%g;q&1pX}pR*xnA)Z7DkkIFeSYG2}W9Ntbbeo5e;
z5}z4iKB(b55M!B!`xVmHV02K!uhe|j_7@=ybQi5agPPKS|7+j_8jPeGK3?ZR=ByQd
zEAjHf0-<2<p<tNmc<8xDVay_aUPW>`LunW|!I0)_OdbS2vW&Md1FeFGGaP~bB*RD4
z9NG6@k_q}0U?wmDxEi>FAu+2ej6n>a0lu&-Q!bJRVg4Dppls^Lft#W4U>MrNkjC*U
zcybk1V_29}$cKSvkmj4vry=eypt%b94sZdQD%jyuKo!!5hWG}<Ujb2`(2qm@8PY_)
zny&)qp>F|x9@vR6Wsu(hKD!*(4{pZfe*%sHUqpGPI1={>k=met73ur{^1lFY0sj{H
zz6QAt_#_bJr&)OwJhlpRSY{1aQv5mO%RtmlXd)2l6BDaKf6L+)0$+#bQOK3RerQl@
z<gpBEk-{R<N2!R%GW-tk8t^9YCrIJ9DEW_ps0Hffn7#t3l>)u&n^|fLRahaZ!d#o-
z$AFuFZvjyw)S_7#5I3|0X|9Cc0!=c|480%vQD~5+1kaJa1pR5?9Po<>e-ZNM5XK7`
z>8od<K^Vym&3Yj0ul@iK9v-?I2+I%;tU`ZSg;AU7MQDz|J}+U#?<Mx#w}fxv#N%M*
zcbP^5ZmdCj7r~&!X59S}M;1oh1DUU8oWr=U16RSijnIp`|AJ9|H}3K<LkROY`h*o6
znO=?YMf?TAgd;B2I@EkUqzanv;qFSvS2!-!vUwBa^S~c*L<#>LDf9JAKL33lcTeE%
z3EbtQ;T@Fo^GN^KkUs-_4%h+wBJelBH<8YZke`P94CG=U);0wvuo2kDaun(oi`XoH
z+YNc`z+FBw;wx-?MTLK>n*#hA!fyxiZ~ZKY`xG?qWA+rEf*lS(^GV<ca0dGIe4QNf
zZN&WmuP<0288SGDgm3vJUgLcAhOg%gK#y6T^eAKr$Qk=%NWTSG3B+28SP46up{c{l
za~<q(6B<8o55n;J{UC4~a3}C%Ko77ScoO(F?1twR3V>deX99O$LS8RHZsmwvK7lYV
zK=U_1)USwo7g6Klhky}C6W%DoKZR?MS3w335yrTTCmLfp3VqzpK<=gMQ9J8-Enxn|
zXPw2+p9Bx*O!XMTcLP5QgkMP+kaL0gz#=|_Mhalg;)^VO2{UvlkLiUQOKV8~eT4Zs
z(%~z*-+<;DNa0(Mzr}3}xssv8SEqZS=>qckMIF-F1^IL6H^3!C%)!-Ii4x0@S{bZ;
z1aYszN{69;8D-lAtj1mN9Feo-Cy+aTqJGG~LYOm%dj>ha2@U2l;?t1%4Dk%)i$Fg2
zKY|*$kGOpA1iot!4<gJ#l(36i6}6KOJ?4M{<`H5h*8u+xSO|O--lc)O{2e{yN&dVj
z`7q>eU;}UpI0(c_vIY!146HQ_?I;ZE2^#c`8opYNRYY|H=US|^q3{jiW#Q8d*<L2;
z8JaUOKBL0w!91JQvL~XsCtC?=2V(Xug6|36M%<@aT;au~3>Ev1hUt%^UcOCZHCyeR
zho0fr*j_22YpE4}#c&p}zJ~CPY?qPvc@|Q7BP0?WDVn9DIz*Z>mY4Jja>UxE@I%DC
z$&u;B!)#ZT@U);;vG1*hSwDc?7uF>=>5s5oQbM`VkA89<{Uj^ZS7=tsRuASentzw%
zPPXewXv4Qf&$2yN!b?l9ApI%kfgx|P{+8{7lAdBnVeT+53h80FK-0E#k@aRw7OR#u
zXH;ypxdU@^mb;tn8I$tC*qa#Jmp-<%kufe<<A}=2VzKW8g(FM(EMJCFDiAwlq+^iF
zus5a^-&+1~Nk{l|hLi$5yZAHgYg&(Q*<NO{Bw@Bvjg;HoK7t;yp7m60<}Umja-U#v
zg_nUZ0-ptb33vqGGq%CDH`zC6<RQ1Axr!$(VIwtGyq{JTLc{94l_7aDp>$=b5?qnh
zEWTL~I^Hf|2w&=e<`u+x1<&#d(ti$`=kT4~CZzTStepG@n@tO^!CPKi>Vv!&ctyqb
zV%=o^yhKQ|JS)P~kUY&&&?KTfKV{_+y6|+*V4n3^*h+?X9bg(wfXQMJ^1Y?n$Ho^}
z^?6wMO}2fG=A_K#hfu=jnT4fKE*)UCjP|ty<^KY5c^>!;)czN^-C(gM%vnw?`@mV$
zK3i2ggp{}ANt-aEd;uk_WTld{SX<!hIW=t89C-_i)fTc^#r9dTCn`kA%MreT`6tad
zMvx0j?fdYb7f_PR2>-*S!+3T-ybGmeX^J*@U4W%bo~D6sFn_kOxau#nl29*t5h;&g
zEMVU<RKCsHW91^Nm!^<)$bAy!VfA|!qs$xds2tW7D91roPE`_N57tZ?&<~$tyBVns
z{-uh28%rqeTgrrHHEfuKr)J;Lgh2id@O9OaihZ-dQbS1M-bsiRLmCq>jG?$0b^2wN
zyQl`<L)qGvHnTRelz^V({dhVH`<CH9+4~M~t!k{@wUX@Q+xz<ty?2nR^xk_pbVSNQ
zI)`2ly$^_}2#6g~QHqL=4MmDFg9QO;qM%~$4eT<AC<uS@W;^3K<NptH=iWQ_KF@F-
z-kqJDowBl4lC`q-7ldy@ZtD=f2I1Qg-U{467m@Q%7-w^cxQTu1+jGB=)3U3%84Brd
ziSbVRv<WvrTWp=xi}a=A)wo?H5pQF}!{?Ls-2o0Qtz5gl_bu{Ifj3cao2DX4x!U9T
zI>6f;x4XK@X;jo=Cfe8qX?D>MHaFue7?$^%Iax+21MsvqN_mK9lAGOJxhP$1iP62g
z;QT(+*5)64>RKv?`}(`q$u+JltDC!bo5Ff_Gr|m7UF+y0bF-t^7R2nssJM>Xxjs5y
z#bQlh35T{XDp}lgzMy?;4tlT<>iN<6AF;Y<hVh3{`VVOP2seYr)F|!3=-EuiMKbf;
zBjolns$o>00KLzpyvotd#<=?Ih6KInd4M~k{;t(mqP^AJOcWGz5)okk(Hw9w=1CW0
zu(mN+lLrmp5z)Y{9|Ej$4Q5ph+q+tcHPT8v#ja}rJC()^8^Q7uVtp0jsak{dYp}NI
zff)GIsWBe0KF8ju!n!@cYCQN5I@BJA30S%e>@W$e7Q_cgb2Zip+wm557=!n*GQmEG
z!RlSV0{q#<YqT-p{qZJwbWamiu<C%em0*-RA9-R87Tn+wX|N-2uEA4p6~r1_eTVQ}
zi0=%{hxID7wxFa(Xr10u(YM;~8vETJP){vE{r!%r_dWO%Qeri(%YuflqQn<aTW|G+
zj$p92ZoJRTYETCHk?D@G*WES%QBQ%@xbWH{bRuyYIlm9w<HHz5q4fypDZ=Z63-HwY
zc}7Sx6Y(RR_9whgh2Qb7h?F0pCM^(#4y(ML3ys69_N_w>erFBVMP1QzDf01FW$c|L
zz(on{7HPke;;nh`hSJ`v<ky{F7lXGndQ*EVF{qTl9&`fxJKFD$&p@qS0!=_Gc|G`N
zEW*3dJ7dtZ8<BD_xTPuLy>G){^jDUPG1&bv;AGVU9O(C{@5ftD0eu*?(tbb4>l#>B
z2Tvj&Z>8Lim;=BakPE*f*~qsY`9r@>6hVnAf!?#CB%WfALwk!WJX+0U#CyB9_n+y9
zx86f3&jS|&vBD2L#mWGipl;Y73D950``m6vyw~y3Bf&Y)3i^@uo;J|$)BtEGA4Au8
z6}%1qH0AlE8Ah1=p!~<cqd-_E6l69)yn<$}@*&3a=Q6}Vt1{5IO=+M;9qK_#g>I{0
zOHnI4q7Kle^&`j)da;5vLw|wNAv^M6l=2nu6k<xDEqjqOJls@W<luGu^T5|ULO*&9
zTr?JK#~3AMg7VOP)PWeYEaENo9_o-lxC`?63F!F{(x>*iJcB&w(<@?)%*|-|(RWGY
z|26P+)J-6K68Hh~hYdu+ex;z->$wQ`1vdB6f$(7<#%EI;VT>ns<?m<+zcm#iCPY7C
zpD6UZT6K`dYkb&gm8X!yP;WQ$7B=)3c4LLNV%5bsa}yA{a8Ms_VGmkjXG(*HZfgZL
zXTti~)o=pRKZ}@mQLA?`8e^wJe};UpkE6WLo0r*lfsi#Tv#w{C;@zcQvd}J!PTKpV
zVb@F%dX`X6ZzuG7>yT69XFAB5@xCt4pr<}To<E}gUPt!*;$^uP>OTxv9as_Q{n?;p
z2i^<Lw-o(l{0=pCTXX@$*FZdWISqEo0@xyg{T}fYIon>-u-p<Xw=M@*9s=k@3i~zc
zR-_z)_!dC$OaS@^1$`KK!h&i%FJYI{_}wMUfCjd~5My!(ni%A7V23f-_c4C1G2nzo
z;0?@NK?BO|#yaQ)D_uBBINwXV_89I~9WKVMF7~?h07}Hpcmlhw2EO+R?CAva{mky?
zbU&N>`4{;=3EU5S3HSnXKIl-FMa-+f_kl+p+Sxg`o1KA!fhQdb#EZR%>5lM?$Zagb
zNN@F1=n=rXfUAJ_IF#1`2{ETp;#S}u;PZ%I415+b-y%E?ct3Cf;{S|tBgD)^p7Vf*
z5i=6_3~&eHF9j;#GQ3+6I0l#-d47ba_o8(z5VITj3Gz9Ecu+upf%uz|{xV=|An0IM
zK@LF;g?!}G2>Yi`A-8IXM=Jy<U{?;gv2t)}PzMFtN>I{j<+-sEaA9Aoji|Y|&NTs_
zcwdP3-Hu`4cLu$5?C^7|pEnWT7VrAKa*P1MVm~v+bDw*94yD`#TmsyLdQL`7P-n~k
zE@eI-S{;H<!t=l%kY*S#1L*5q24UZW24V1q3V_}V=oEY=Pob<%PA;_n%I0>YiSQJ2
zci?TFp1bY_qMmXaa6L+S4R3+x#Y2cm!&B5y+y;CcF+~wRj<DxO@Rhg&cmv`eK{yMz
z76@q-?*LJvd<*yu%6$*vbwJ<OzU{g26r8EH;Hj4#|89ODIA2}~1hr*eAWD}rklx3a
zMi`}t@yOG2CgezZUhN7*pUN6YGaX^{o!kz@*sH2z-+2gVyALV7pXYae9z=Kr;#=V@
z$hf>52>I3E{GbT1zr)1az|ZltGvd*9vl-zE2tS8#afG+UT+zy{USLsK?ZP2^D#DVE
zD-zgqN!;vgPziVrSafzItP<tx?kxk2Ny7`mz~_oFr!)3Y*nhbIuPVkoYv40u@YR)p
z&xTs$^4IV}(cX*If2jwaR1I9MOdf>29}8L}F{a4_XoUbW@Q%23)v)q+)R+aFjlM%)
z3&@MO74aCI#3W!lAm}WH0KW(N@#;<>WJ*bgjFE>ydB%8X`z|-WZFKlD5aWr2<T6GZ
z#w@^?7epx_WSqSm)dG$NRsmK*8t}Qk3Nb$A!-yY<_+IGQi-4aY9(*V~XQJ&APsL*h
zPXnGsxuB9PjHd;VLw)3lku3mE28aAi4fMYK@BooNVXQz+B*rm$4f4Tk82B)FQa<Ku
z4$k+QJG`Wfw>fzKJ$M=i@QXHHAIJWz@>+@amd6@EFGM_2YVV7M(Idbdq`V{^LF*PG
z9<w2%4jPiH&?5=VfC-EbVO2cE7^Qt~kb0|~x%7}SjWN^e<_^90ICg>r)(OJ<Hp53q
z_%AErRV6Tr3jbZC_YL!2?*7|DZ$E){Ec{-EUrl+hHqZI+agyFs+JD>YccA=kvj2MJ
zI#{J(<FX^O!#^TMA-opYKDL-S+>56b5Qar7@bP_s{egpky?|YTV}VV9?SQahO4tKs
zHQ>9z&w(EUVLb~9c&j52wUuvs+atnTf$sq80yhGi02=@&qR#Vyt$^Pk9`bJI4i|G8
z;l~gz3%n7y8Sz&FVFR@DzQg0dWx$=l`+>Its{+>`he`-P3VaH<0P*)AJR68w$&Ns8
zfrOn?*70^oAgHQd2Tdw@yCTwT0KNho54;0UBVaScoWffzk<WR=<N>0kvLSE>(xWW9
zQgt{9@#BEUfG2=20Aa0_uL8aO@I$=S9AQt-uMvZH6?#^6M*N!yzXd!BoC<^$SNS|w
zAY2#-d#sh*YM6c8)8)X)K+r@!2RsPejg)Aq9p_z)@6G3d=(PaeRssC4jQ<k64g6aD
z&M&@|6Ij&;7*#ZM3gf?bXbRo!4tQpsg`VqmYHwTfUe@qd<qu&0#9m$k`@+h99SjdQ
z1r0^{FWvl?_^+c5-gg=v#o`wDX&-d?Se-q~>3}E^-`!h{evVro!Z#J)H3YBv)t8IW
z&=9r%LIgexq66Zm!*`SslM4vj2>*h7-UL33G|Lfw25o^2kUvBE`iO5057k1kx3<$g
zkHMD}UnJ?5fw12O-j5NwyoN8d+6a3Etfs0o@&Wy2aqNSv!_E%$DFHhz{|Ft;&*l<g
zd?Ta0Ro3g3um%gi27oO^!wRI~%NM}!QQ_P90QLk4TcY;g+IX*cXm%=qMHDkd0M9++
zy#cY#5#DFmYv0}qmjPON%hC#jyP++x6e)w4cEA@9p9ZW4><aX4uZuK$-S>%Nn(J$Z
z?UZ5LWcXJY@B0ehMfpA6Lg}&vXgI{}E7@@%BKO^##lU}ec^7i_{XPeMbSJ_~@osOt
z3!iW`8}S3Zk3C|VAx#2dNQ6SX9cOA|EVU@TFY7?h^XM;ln~OJqpquLJJ(;1oV~&$v
z)<kT-b@@+2&R62COoXq+w~8H*rZ(b7BEACn(EsMZ8oZky-@5JudK<6*8u4qi7hfDm
zaCiW#h|R&}ywIWLA}1Hvq0m^Js+uUJ6iV@5c)^Y#$3qhR?2PXk7?xE&2rCWdXaU|3
z{(Hl@sPk2htAlc|V_-~>GcYn}?Am)@FXXIBA-(@@%YUo8*X_~EYRKPz-QewV-naiv
zSO36&U*NUH{>Y~Z>gg>KH4%Rs+B*yB!MBXBQRE*%F|Vs)l@&n`HIN7eza#DJuH=8?
zgvTb*NoLNTGM);InlfS>%@{v)+C<vmxb3o@t;<k-qVwk|Kcz@hQ7S|E=n~5#^{E+k
zAm>R))QyJFNE%O5tY+ZTrjemyRMv*7QXOhQ%_*IFyYH&0I}N2#G=ZklY{HL<Abl=M
zP;n|pZgo(X8d3}DNPTDk3F<+^@Jp%FXbu%3*|A5DbZXnPd)G2FpjXe%WoS8aaBJ3(
zO3+1Akg8K7YDsOW6ZNHmB*}fvlSyM}5>2PMNF7p1DsOYEL5;0u(U~gKJj55IJhs)P
zr~(zHnpBUPP-|*OT_}SF*}7Jto_3`>ma=FD&5ujXOGzqC6{!f-qNdb_+EZ8RM}sM#
zi|H~NLE~sL&7?ojg3Q`eGsRhlQUO!I0>Bc$@|i=&Pm@)F^?@ycoq)Z7gEEIs9U(^p
zCjzGd=KvQ1ug=VzkR_J`*8(>K_X6Jme&<lB;S(oKP=$acfaQRdfz^R^fsIE_8JekD
z0=ob+fWv`Vz<IzW<Hw8|s%`<U2Hp#Nc>Kia6VztlcHpzXJ-~y&BfvMtPs$vx-UEID
z{0ex&KAfUX1J5}O6fgqj0Tu$5m}D<OIbdaAbzog!V_-{Q`$<!VPYk*Mdjd1ET>K#5
zaNt;A7H|e|9&piA+atje;0oX^z&n6zfg7fdnK&|d7`O@eB=BkAF5v#D6Ed@cmw|5q
zKLLINJnc}6sZ(p#(kWm8U<qJ(U{zpUi?wxAU~6DHup6)!@N$cF^bp`^U>0x|a3OHX
z)ahAM^$oz4z}3L@zz2YjPO}uyn}OSb&jR-V4+4(>oe#dS@=^4kxJo;6l%tFOmqPA0
z%>EH3tTYF9G&437T8U5oUy3s}E_)19t_wt`)#kC|O}_t)VPQwX3jf2Esqh7(z<Yu)
zgJWiK{~e}XFc!LCEc16*@Pe`81z`Svh|<n)CGgw(7al5ZL#03`_j~;per2li4^h||
z=aPTo%2fISu)qajBRe}Urd#M<+DyCXRr-WZayhQet+^);<0-s|Z{qd5iFfi5{)kTq
zA@YfGqPA!)dWvCUidZCW66?jE#TT-OtSlSKbeSPX%UN=XTqPfnPs+XW4S7tSRtZ%^
zRaOmEy2>DEUzG5?CcnyluPDd;#X0V4|K{E%RyE0ez~k>VQ7|w2z1jYo^!7e{5BJJS
zW+B_76@6^(pZztDim$oiYmw}4=X*5!eg5?9wJDsVwk1|%zc1M`$9=CH_oK7tUvgfK
z`xV*CEBRoK_j6FQREZq-OLN?x&VFAyJ;(j3?B!Lc{F{3_ZdBNl{k~!<`}-ApX1}ji
zF2{ZO9QPHo-&fbT7k13e=P6LVVSIh|_xiEM@c240zRrrTi+?Y5&7JY}V0=9qUq8y;
z>RP3;_d>1V*=t$*$sG6lv)|WQo#X!Q9QSK;+;92~54-!#Iqr|<NdHFm`}#S!uzuU@
zy;Of>_UA+I&2hgz$NknE_c_`-bbI#vhnLCze1vkpk!dM8ijLXU{8yN3+}S0Bb4IML
zsitEF%11g}ZEgtfG%L(fv)smLev}`zS-Ic7WjhXSB7tAPmH1^@g<qBpeD1QUtR}0=
z8aO%O0DhHFxEhEbT`j~e8(ZDp7qa@n6k1Jt=mYwh3)q?@?Aryxdr5?MhWA-q9d59A
zmu*8HyQ(Q;$8mT5LsRo8N#18`wh`AG%wzWYqP>3{*Bi_l683Jb#T(2zi#OR8JH9PO
z<;(_>wnZz<{kYy>9<bNt_WqB!-te2055_4Uic>xur+g$%8Q0g`jM8pJX}6)YU!UBL
zCwJn>UB7)2-i<b{K^xbijlVuwhbQat<Q_Z`mgk=5=Pm8sFAFn%Sy<qgg(ZI9R^j(;
zgYfq74l5IW?cijzuIq8DI||z`%g9-q+<D!sswx|&$LKNk{aI!fssH?@@qd2P_`ms0
z<G*oJF>q5gj4R7^`~UFFe|YA<<r(HTz%^cfsgCnG{$*YPXC%QHDR4#_I3pK0BR4oB
z4>%()I3pi8BR@E!063!{IHM3aqjbFmSRFx-E*c<MaCZpK!JXg`{NU~o+}+*X-QC^Y
z0t9yt?(XhzPj=tCZ};83Uw7C1Rn=2dJ!ii8&dhXIG5#ok`B6aiqad|iciqNq;93m!
zN=)KP3~(i8b|r>$C8mBQ#(6a)vK4c)74vN?CVVRfxD_+H6+^uh6VXeQ;>%y|&tLAx
zUmn13?#plP&u{L>ZyvyZ;>&;H&wt{_e-glt>&uVp&yVZJj~l?B?#rL<&!6tcpB})k
z;mfb#&#&RfuMxn%;>*91ue+M3yIP>jovS-HQ$sLQbCH--a;CLyIT&%i3EsZ)L03rr
zaQRIGNOP7TW=5(VfHqk@pw*E0u+n4nW80Eb=0`_#^c<EWFAd_6s80Xm^aLm<k#L2r
z_n3L+rajiAO&i`}OJ(mforRtE7+2<IJ>g-?TEMO5#lSP&<MvxJLVlnr@G;^bAMzZd
zN|<JaVI`E^QJ@j+{5bcBiffj5M#M2MMc8I0LkH7KM3;-U8jJfl^e?${9cE3$(sHQm
zKuIR@X2c~YI^}>w^q-g=F_|6wdeCd5;JLMD#>}xSr2e*b5Eudhw|`&?1fD@a>o*8M
z?%OGc!YwZ>uv%9bSG29k&?&)ju4m!(6Rfu}t&M;{);}-+0^0w;1PHAE1N|V7((Yi;
zTC!5{aARcNvoh5+FX$BOQ6Y4K{3y>*k<wPftsKm<R>r(Gl||j3(xGV7+5?h6w<;RB
z=Kce1AW#beA^#+${{TqxV-D20f4z*Erw;^3ArMo=Aem!%xTgIMm;_10uhd*t;A0$0
zCazpTK-Lxng#Q8ik_p>nZmVF*jyYr3a1bbI2Z8i|;GZNI1Wf)({`E2WCy54u!+(<O
ze*h$TLb_<g(b<y8*bV}LZW2?}%sr9bvaLi@+)PAo)CvEFUe1}H4aPGXG*!ZQ1jmV{
zr!tOc1deptnuVtn?O{iSnn#%V4c0ZQ5%ld17bNW`)-MV(+M5NJC@IGXFWxhfM2jIJ
zMDO9=B6kZl$4kP&e8n+g-Y=5xMXjKSYG@)p2}Z@CV8-of#84f|$=K!x>23O{ZGE(;
zX$P<kijj;R6V^=Y_{<@H;2r+rW3o)p9AGew;j@ViSl+tnm!_f_2Uq+-+Ai3ByotY(
zaut;c@1sgom;a#Z$;4NVDjxyN#2;yJ(rI97Q<@032)7I`&y1QDWumQPtkWHeS`;|h
zdpp`V)@UKWGr5b?M-qk+#;J;C<V)MzHIlz1bW*RN@Y1D-O^J5wg&#E>vA8+h8Qm3i
zlB-jy%WkAwCRviJl5>-BkFF+UC1~%R7)}|=y16iurV%fZK~q4FHjVU-^xA8m$d(=M
zxx1{yycKYti}4-Fyv8B5&3W(jUo;XuhyD|#yR+Q4t)(uKRfT!3Okhub2F>o`6o__S
zl-hhgzFEM}sl4`hMzdO5+1ucgibL+PPlKbVt&`S%ihreGWUtD7^S<l*QTN5ZXK{qQ
z>suRotfZOSp~qr%h+D|1p7+W<Bmb^@YK{}{_|)=-N3=`($9Dfw4t=%HACe{ax}hei
z&La(qjk=<TK~o8AI-G){-=+X24GKmLQEa*dY&u13x;aLTgFe$V=mI0Y$Ye-H4a@;5
zRn!74vq*a*#?hn!Di;*dwj1ny>R*W!M}r*Yd!Tj(YCD4*?SG?e9K-N7OQ|O%Y7Pd;
zxhb<?WL7vwfU#L2m0y?LhJnZn4yeKiSzqNzDFx^MN+7d=*a;9T31UYjkei%Qg{?Bb
z%5#I*8HreJ7d4zbdKuBP_WsdOZHph$g(V3n?c*ab_srZAGAFx+fiGM*dGM5^^HU=*
z+7}>}J1iGWhQu^C0S0%E%pVHG=E;yy%}IQXazqs@$P}J7r9@#}1hFotf@qn-a>)rW
z>1SmA#XrJwmqGhgC%|YNk@;8Kq6$WUIxEYN9GO$1I97qg2W0-qAakdg!nrwJ6c4B7
zrNwhY^KcicdJB9_Qzr({^I)haB1ZR|_wnwqFMoRiR6nU@nc>)~j85%%Em?(?&qnzh
zQC0eH4C&0p+sc^OO8VyGx#VCw*lXWJ*UxfRDe-^Z-w8g{&?DrbD8+~_v+1GXiYcDs
z&7HUBL9B~Bs<(Oj5*B~lVOupEXXg{Jrf27^v-&;Ec&Cd(pKro*8Gahi>bWNw&&a!{
z9L&5v*f4pC=gcTOj(^Y<)SPYFzXZ!HFASJrHpY+H8g*#223kx9fD-1-h*tMU9Wz;v
z(j7}!PY{?vyKGxGW_Z{l)i+Qf<$Li2hD=-VM2gMG6ZY>O5oG_KJNC*RQJrR*kz+0F
z38iS}mkIYKNstM1(`RZ>BUf3*=o77rOVDrl+XtwVw%pa)0n}wVM3fB7Wvb$%Lv!Xl
zsr^;<`#}-y0CrvU6b~0xGr*yxmWfQ+T533=C50I$(%MQ3khFtU7fs$)sL$*Sl^g@s
zqoy?BBinKsDdD!rwJ8%=*PN75@W`+!3b}=kDj7Vnv&l$rcLa?80=I#ofK-2TWh74>
zmHo=%kJCw>il#N889?5P>dmJ{NPDQ=8@@%cK~Ra1z4hLkyyf66TXGCeQbS)D5t`qg
zN>2|wif?bEDjGXE$p`(3vIxg*udb#sKY3}dD=qRk$<FV-D0&Tr;u10mA9N2S1gxCS
zyijvj=oBnP#J!Y$2++<F9mfnfy(qq?wdxQp4Gl!SSiC2+O61I#{K56o$-%Nf$PlPx
z37Qzt4=6LA9dMo-F$`atXgbii?s6No#G)McIPkKY^|YQ0RXj)$HcOLAlr|hb2^&LO
z8i@-#McW+VMy2fYzp+&NaaJ-K_}*_v&60^csXEsOxqW|9el=*Dq=9n*_gL1^pVHrN
zF8u_23fI8u#_X<M46zBesd(*k>5rL**rwd3Jei@wD4HKE6;P7n#l(pIRv|4vQ`+iI
zLXDH8qFGQcFLJM>#93aM9Y!BTuRJA+BhP=YHP3%ilN|#k8n94pYMNN46Dlffu<&8(
z$*R+3SyYj`5Kb7P(l~G;B)g(qQ?D_DSOKA)*0eHZ-Ek6CsnVFEphCkX+*YaL_-7Kj
zW?9*WuL7gX=n%qXLz+0#MG@QGQT}LV;Fk{#y>8r4C80yfOZ-V`O~7E|UvvMAqfqV3
z9-zsUwD7N68p@N=2kL&Hy@9z^(Q;N5SLEO<db)vFUXdf(y5Q-t;EM37SxM3)=^dt*
zp-C~?9Se6zxYCV8{0L=yMuO~iJ9!(yQq>6mb~{~LzYfRh^jxd83}3)$@?Jx$wKQMI
zY4hIgL;FDSYS8Jyp0!pB+2d9_+cS9eYW(Y&6DXz|(bB{SM60y~;U6c98xgG*a^3nR
zEB5s<kQKr~C&?R_YR!b2t#-O+6V!)enF!5z4?1gU!ur;8-P~ad(`U4i0wyD!7{INl
zR2qlDXeWl^!Fejl<sWo6j^g20CK0|+z>S_%T#SCWC%)p|Tq;S<0Qxge@o-%#$&f*~
zCywG?MJkEz5c)Gk@o)>1h)&bF56Lqj)eS7w%|MTM+@(QyCdficDhZ`Q_#3j~-cTw@
ziGj{Dpm=<W$!PLVA}1c`+Dc_U)DO>mM3<;55eK@47Z!pxZsCRCvT=#m=n~{SA_{pW
z;?y@F2s$Kmc&2@3Jc(Fb;>QwIJn$A>Vjra0e*iU5=ly$716cxn^^w5112vEi1Ej+M
z$uU5EF&;bPskZ?M)HsU8N>XXFOh%)B5&?LMd-<s(`v&1kp#TM@VsUcWIHgf}vLqyQ
zz|IeH<qO?H@uXA|tReI^vSRUtRFVb#@Oe;AmSXX$RFWox@cA%+0z<L*dnyTnemH9+
zV3w*_JRy}t+8~@Y0x-*Skc7!(q%oLihM`#OB$dX_WJDc6vLG1Oo-1xJ1hA(3vw+7<
zjH499f5`A;@sT!l#mUD|sH_?pDx5w{eiQDQpG!rSJQ{4@h)+5+YG>b>`JHl9f>}}~
zS#eK^Q(7j4We=2|elpo%Z|#?gdGZ7YgU`Wa)b6flW@^t)%~_^>dez;P`o}=I@B<M}
zUSNLU^iM^qGa?ZZfI=dAn+PEg?Rh-~Zb!q8Za)dZ5Mq?lV?;iYKNV-Z5LlL0mga0l
zS&A)UALA)_k@ULf?Iu8&$S^8&L%sym>}fMCl5_~^RIE;R8R^)^ZBwaEINj&<NjdPD
z9IDEWcr(7&!s8YXME9_Lh?kV#;Q*Yx9i)9H-cr)DuxD`o&7}w3aIxv^wg(mO?5lQO
zeWT;ig#^l)RngV6dhRJt@8*N=;e$U$X4&=FJ4V`~MQ)QawrB5_rA1tm!ZD1uFMVU|
z7SX9(o!G)zh0aRRC@~DZFO(P`Gd6Utq4Af^4tDuxbG(%ycN#tSNOgS&J{j~Fv3)5%
z1<SrI=g;WG0`HnlZB0W5m!FB208Oq<gXNWjO_k=RrnB$dvGD{(V&4q0mV+A4C_3Wm
z-Z^7YlN%^jA6{oOR$DYzTe$wtYg?A<)VG|GzK+5#%j(d-j)B>4UD}ZVZMMBXHx@U%
z-seS|>xx<u&Ml9Rnb(syB%JGuT#~e{j@OM`G+(}tNyAQW+Z46b7PZtBm8{Nod{`g%
z2qBe-EW5YV7qv8zf75)FX$GwiMYpoxUNT?g^T`-2vYlF=gG&PJZQ@s1L^(SNM6~D9
z$xv8+2m<QXqBVli@a_Ld$k^c??yO~o+}iU^PC>SQ$J*)B3XHI4qMsyhB}>_vRpAGW
z?LU#wPhqr@sP2qv1u-<g0F|o;7uukf8Z{)XDjMeZ-L-P?Y=x}<M74!2=%(8_SohMk
zB`xT$*lJo2owq@hIEY>R$*Pi>OX{$5saVh&<*ibgi|}wDx){S*i(xqY;PHjN`A%rb
zmX)V6HL|zO<1cnYMQC-ORmT%Oq#0#GBD+JIJ+A0VExUWn(|^L>;L1L=-NqAhcuV98
z#;`}@ilRFb@r?2j-E)}m7JyAJ8XBjch)p*bTBo0h%|H<vrXN3ynlOOQq%4ItHvrG1
zIF8ydfX}pKE_*vb^as37PKy{bjAlT;PAU_VKP+be$4=#qWHRj5xz89-m<WVYkR(N8
zPK=WpO_WM#Gqg?<J4kvq^i~(ZObjyAtKh{*8Zfj|?=zFDZ(PV7<$9M$PQfq~sSr|5
zR^A)9L0yn(QYBDoKPlxZn=FqwDQ_>kC=Y2@x>rg8h0tm_DR?P|Uy#+VeyIR6&&4f-
zsvtHm#WilK+%^xyEfX!9F^|NxxUaf4_fIdSD5GUlmzHOl=Xo#PC?%SUIhB5a?NYay
z(Y$AWFZ2f5Ecwj(EOOt?z2Ll8ddpnSPn~MJw`>&XPJ7(*b?FjKL*GZd#Cl8gSbj$T
z?NL47lz(sc7V0V6oV7W1x$Ai0eeeDd@Hx5zyob$|+#Nn#wtn<|co{jB+uXIhaKCr)
z<$dPMo)Cfb1$<RLv;3OUr<ETfIdg{y>e7<fW{I$o?1N-drX&fhfCOXvv^9#D5sMpj
z-pWvbd3f4RaUj49m^ND+39uMVi;!|t>{Vh-k}^^p(6XejYu8{?T%TuTlcoa&{$g^H
z=2hHeWkirBo%_qmBrVM{x7Nr=CrvZA(#T{b%{{l_$aq{_uyDndL0?>PY}}qfc%U#h
zr)BJ(wox2&Y{4wW@6dK^1C{D$9E)Quni^-Eh+{RFT4$VzV?&YpR_qHf{g&2i9ExKe
zoF;V}>^9eFw84Iv>XKD$%Ew5Q9y304fOcE<OndFTll7+~>=E^nl26<-^@-}*ZYSZ7
zN!S$H5b6+`E?KvfXVMebwe-&FAD6HkG!s-4v>via^2reN`Yd{*(!THWd9Y}D*rIyO
zQg9AIZT&oY8;rWC{ItlJ@RA`$ef4^6SNXM`YQ&Y;I`}%MDsUAcY<=l^RkhA)l$Cgk
zaHk;%{l<E?wIY9+EisxASA);{9`r&OdC#z&zj23X_f_k))Oxs@{blK-J;QiFd=2#K
zkF3>I;x|WTi^LU)Dxi>`D^;K8F-K{N)DWpEV3%Jl)t=`&K`s&_D3FmqER~#R14V9&
zaaZeVG;vg)r#T_G4}0NyXKi0QDS@bT=Ay#IN2q%_uBBqZwPu@-n<+JQWTn8xi)u(e
z2{hGb1&oGMh$-fm%`}?2vy!IcOoSVkcuQr;yeGbJI#D>W-%Floop|CF*`-S<nh9#K
zl&rhsVe*e7&4GUe_Y?(r`hWh6__bhvI7DCc`fGLN%j%+LtrhvaC0mBj-)0gM&b`As
z^R8r<{`jU%v-dY+67j?X8&qXf9FjoZ3i*?X`5}Gplezgreb_Vgu`_(HrmT+J<pn_z
zV2j0!+hhpUHQ<fWl1l1*frShSBOg_d+@pu0@f5Fty;9#!TkXEa4DatWa|KO_rME~a
zdJ+;|Tk3T6#W<ZFS_DmhF{Wye)yInrQsCK3Z*xnac4Q*j{#pumey4Vl5{9z~jd>`p
zvz46Kd>v<lHp{85LrJ-F5$Rc{p6Y_Ljs$pB@>bu&$;Hi}i`)8(fAlK<j#KAk*4fbG
zGCI<YP$B*IrD!`og3mB55k?K34;Plr9)pcnjtTcq{t4%ulFx?QEWS$JnVMsR7s-S_
zoh>7iuCjU*?ki+xp1a0v>(0Rr4jDPi(OO%X&TmBHMn3!rINTxcRu3;u#!o(0n6Il+
zY-^KU+cqXF9nP-!6;Lhuwx>Y^FH^>Wx(uoE&P}yqmu!F*6-Kick+Glxx<_eS{KwNw
zN@Js(%f4}2*B>PKIMLt4LJa!qwp(r8e~@P4Onx&7ap-H??zHuGm2M^LWY@x_hx?4^
zvH`0pZ++NonBqG;yY=qbjLAfUh=TU-j6^s1TIh>H#Zf5EB#f*74O>3;SD-KKR~RrM
z)SrJ+-2o!u=qRM%`$oQ@0DH4Pp`nQiz&3PJk-|`y0~dA-jn}5njg3#2p4Wx<=Zt~$
zG&T$4sWkP5hNTrr<uRp&^8L+L$&Z(wI$872=q%=Hpz^xkd;KBDMe6%eHm3laoKp++
zZFARccTc;=!CS(^)T+x=rqAF<+27*K8;-|m!8P#c0c_3DrWv#$!RoAz818X`-C$4>
zPtFU$3m4(ZeS;9M;GPhoKS|dC&#!H6Z*qJg6<cDr25q?B_@9iAJfB`4DAox4X*uIn
z1J55K-bA0AOSC@%EiY2~68aK^DRQWC#J@h1J(H279FE<F{ro6=lgKwL@gW)Q*jGL3
z_Eh#xI@({_(?tz<qk)vA{U(@4h8P6YBPR^f-lnt@k&F8dD`GPsU|-{}W7tZf$rR`*
z#w5j*8JX|#Lb^vhU^t+3Q@X>{-hf5pU8p9jfsTicH{!m}y1%=Jv5z)NIZ`pIKDule
zVIOVJw_L83t0nAA^+^2~*EQOb1U=$y)NzB&IsAbr{vq^?)ATJm4AC6Jlk6b0ZLczw
zVUnZ=OLBlqhn_v$=9>8WaOd^StK9lt`|Yb!T6?6;qM=3ob4uf3<GN?WL;b_IPetuw
z`h?9$ldn9yBgfaxtEd;gf84g%Cj~E1^t$EfLHD|EQ?M96i)zKyXq8|k1B?2Y^EA}x
z=V539llpFdR@DMa(N2P(^qQu{vq>=u<7r7EBrw!}CdV5Urqfcg8A7T{WK%X7Vw92I
z7y4CFL>VHOkubzI)eqEDFKaEc)H5$P)VtL`*V`|HFaKP2_@vVbs#Iu(nd12Rq(Zxu
z{(~c1=`N3QO`)10TS@9qLbycZn!x0H%+X}_kbv`zdem#O3ESCaK2K9<__8j~GvAx`
zJP`M{Vn+CR$~<$v2YHEHwqo|7@IK@|xeO__Fu4i3GD%bapKg8rNqR(N7S56<t82bV
zN!7{(t<Y*!lU6FtxK{2zc+`FOzbar{D78gi?7RN1^sb96MZdOs`{Ye&Pan#7V|uWQ
z+#kbvLCHzdC1_NFFO)|nC{`UfkgWG&*;5}C2U~L;83$Xd$TQ%UsTj{py5*W6y9W>C
z?LcTry+uELUx+fxK(z7@T<xB2=GW%l*P_toY+7r{dw!qxq|#m|-0BuuYR0!tylYuO
zx%*U{?qqnehkPJ>q(m$z<&~^rxy^CqY3g*h=XjUFjycS1ta&f2!<trwJU?y7M0F7e
z=srobq2AoPyW??+XOW}n%wVBrp!pOR)0XkT!N}70eb_==X%O5I(x-o<S{L;0e~-Pu
zNNMHVVOz<tZ~s_rRd!q;`rRdPDTKHLTspYcf?m%d+~qpXzJqs(zYrR0YlvUSlyIWX
zwF*f+pE9bO!+%76)nw-oeUn@G?ew<3|F?mE`BUz==2C=Dl$Eo_-ntFzy}KK0O|89n
zbMM-bK(=FF=g#1Am!>8Hd?-wiDM>MG*Npp2B8|2T))6M}KCp0K8b63_G-9&>v-xFg
zUZn(++rwKz)7C-I9q~jW-7G99kT;}Czo?abZ|E#a=LRi&ObwwL*J6#t{NCq1ctZGS
zDd(oiH6&<vaxS8F-FFuwhKg|8FgyjF!Os82ZhtpZ>$&ho;$<wWCUXj~z)-5YCG6DD
zo~Br)tJ*VJw!po>&FTKK<t~0XsFXL6<rt&*D~4s3_X5UbTV`%d!lYk)Qe@Au!~u>s
zFgp|4rsV0$85nyZywn=|Ci#p&UpY<1s-={tdenv<B(}Y+AMQ)?djP{uggT}CDDSAZ
zsIEuXf%mEyDBD?ZL)TdlAMK)q8qO4cY43#&8D6Hv-_DU_`$#p4vA_0y_jTnDLN6XI
zD7N+(V`mLB{$+)ySeH^)BwpS}m^%c=x69bQ(oMM*d!(|*(nkk_tB2tpGiFvCt!m>^
zV=4|po5;Owx;R*Dd7MuxZ<tT*wL?Kitiz|*V|tmVI>%3Aq}ru992f29qMP6wnmDwu
z;Rt5=Toy92;DJzV48=dG*jS3kmLq6AlrqRfn3Un0Sd?Kgp*i8}J0?3u*GM}U*ACa^
zPeG&A_NAHBDWg?4rJd9{qcx+7Ub1Y0_qFEvC$Hra<zh<D<@yUq%5zF{$}CDT6+k7~
zQseSbrK$3RvV)3IWjG}`<*71iCAM;m@}%-Z<)(7waxP`wck(Mo-ojVLtPV$_VuzHA
zen(y&F`rLD^Vj90v}fWMi%-lZF{0fU1-v_)_HN}_-PhW^3*gkd1Jmt6oP8LJnCk)N
z<R&4dN{JFxM^SWKb|n(b6g3u2c%tm5b~dt7uzsxm5#41QhutPIKWR+@$B0aQN@JY!
ztYCD!%q)3_;zRct#BxY|j3Ln&U)($J!D87akV3C&nzj*!0q!*Lz7I;TpjPAvJsM8C
z4|coI7WmY3g}2?(C$b$sO{axX4a>2I+a_Zjo3V%4CVdgxu}9b@OBfrnhvF8_Lob`~
zm{>A~cC&HAchh|Xw&HxQXBF}g`cV4tw`Zf`ga1aSDI4wRh9ZGxZ)ejrByQ4VJ9nBM
zACv0}YGl(rA@UCc>}A<v1$$X@d2@wx#fnmhvY7Iaa*2|OGM3VMc||#%xnPwF-hwme
z`9-Cqd~U((XvCC}7cwf>BwNe99gs_zhI2R1tg2nDQ&_FCRE~FS-YwG=SM5}FqJ8py
z;(U+dRPqw|()g13lK)cwk{(<jS*K#K_=C+`S}CDe!t}+QnN2-iFI_&pE}dtBYyw@n
zu2`5wQ?XdRv}|_X^n_J99dp8cf?`5t!g<14I-^*~L29muvxu{zE%$g)Yhi8rn?}=O
zX_H0QN-eu`M)i3CK`B8cK|VnqLDj^9%si%PL?cV1tl6RYSW`sf!it7fL9=>?Oox1j
z$ZGj|(YmY;uUKQ&3fjut{7H|v)rZAhXVJ8olW~^f;gX1xS$kkL123fEaqzL|@!-jg
zV}hfi<3Ky=x}|oSbzU`4wV+~-?O4MR&oRSk)e-bv+X>o<pxvOIejTu`z7DC~a#4N}
ztTSD4FWRMjxe#(+_TuP8^e*uJ>mB(W=H1k*+B?5nK({a_&j-k_s#~pFShKivf_Fdh
z;`9>rLieKbPXF%h)$tM9t?2X9N5e<PN8U%>XW};wI#gA!r7iATa4GRbEaM%UA#Oc<
zKYRha0fJkwL@*#&UnoqkId8mnTF$7HX&xsXo-X)4SUR{W_&j($n7v=GU%ub2U!otU
z->sj#AEV!i)CN7uy<p*p9V&{+K-R#<z-RZnL9<;e)6kE}AHAtIw5&2LldO|WlPoIO
zDY&Y*c##%Sr;&J3nvqq5+Jo%7db{$wcDoY0IJ<7U<h#nd2noLwG9oEDMl8N%C`iL9
z>M9lk##qN$M_CsWP0|h1^{LsDQjIf4rQoEMi*XgR%0}k(HEdQ4SBzKmRxG$oPZ*uj
zWm07_Ce!HC=`*U+jz#qsGpdYRI8CF|JkmWfUNfLGLQ=(2#WEZw&?X=cNN(Y86%X1D
z>~BdNn%WlEOs&~#SZr8rm|D_Z(pJYqCd5FomnkPqCa}iW4=N7uFnjZxvFT(YHc^`j
z)lrkXlcgk+jZ(>nm?xQg<81(qQVrvc<8|W=N@~d(DjK-77IX}n>}u?q&Fao-4;m|U
zVszTcbIG^K)?><J2o=ASHKSBI7Az1n6|0UH`4;^adl!ipQ5I(wwN8aC{F;Wj`nguQ
zrZn`bnin<jswNhl7NZvF7FAB^PrWTV?nCce?-TDU@BN!r-51>ZDgMs07fe{+uH-kf
zYW6KIC7X>kBed-Q9bBgPdt(*UY}TCC%-L+OnPgQ|HM3}`X|ig%s=sQzYGu(t&`i*f
zRhw0p)uLUmU8mi0>pWB4vU=|AF`sQL`}cK)<y`$i??L{d?t$l(>=oUkuImrqkdAdt
zeN7|BissqrdB&OM`RaMcxz$7eL&3xDL&5{g!|j9Q1I@!J;s!C-9b!fQISiM6w4<1=
zSTX4;(^}jv_F?MQunRg@F{d%t!H-b_<!D^7tb&o59kt89dw);<Ui>{bb-;JVcW~sC
z;hf~6|3S}P&B<BPSLT$SB~!AA<5bM)!41vTklCNbIcYZuJLzc>=Ma1gIMh1)d8lv*
zGzoC1x-~k4Iy63HKcqLwxUIb{y=}cMyp6o=yp6vNzip3j38U{CJF)NZuTHHfsc5O_
zv52KvW$R;GWb0MlqIRBeoUog4P;O0bS82!9ve0JeU~gsbXl`?EeP~B)=h7O|(ymsl
zZm5Q<wq9c6xWrr+ZCO8e3Ry3^aC9Mh6nOmgi2MliXzG&9y{UbaeUN>ey_<blZOh<P
z<H*sv)V|cl(caRkx!$p6b<uxOaIt%laKUnMdm(v2b8$-8TX3(&t0Vh2;Y8x`?%L43
zo~NIufM=HnjTbVTWD0&tF}p3>eu_jks-(AJ@wVP1z@)(>!z9F{<}kOU-(h@ipL3t{
zv~BD7LF<0)>YGl}(ovH~*G4VJLdM1UF2NDO8Nm+0Ho^JCz094=wahKwKHaT~YekpS
zM$<-07hY#Z*J>wsr$-lb7r}<X2K^=AQvDLrrsc8xF<ADh43wy5{qR1>tE}5mmuOR9
z^VcS$ZZyLZ$B61t#&*Ve#$m-3-F?*^+tcEU&V$vJ)q~aT`PKP7!JX4n^mDssiKmGd
zmgjnRMK_*zZ_NYVyK~PH(L)I+>y6hN#CyQI&>QJn0Vo4b*ax^zoKNs4;8V+|%_pvB
zMfcR^j^lOdmE%?Oz2hDFUF>b>z2wd09qVoVUm6!M;#@>*hzDN|WW++KSqLw12#5d(
zA#hUg0*E%hFh73*yI;n?tbghKGRtM3Mt9|`WvXSXC9UPKWt>L&fq4X)Vw;Je1>*=^
z4Q2f`D3{9=ekEYz*N;?ODWnHjM0i9*MA&GUXv703N+>vgkzSnM5`Tw){a%sYlV4V~
zOn>pUu-35GP%RNIzFi<SL&tpO4xsce2{`n}3P=f9`l%(3G8;TjY%)v~9z6RqOm0)o
zn2Ls#mX(^7JrOG%Jsp)AF)7eEWb`MTkaAwSoOUT-9#w;A1$_l~1!aYZ3!e*<3xx}<
z9l0I9oe;BcrIzyy{<VL`R^tcC1>PjQNl-|TSkO@LE$A6CXd7pHdE0GU1e7*PsFkym
zzLTkwd<}O4V}r;Vi3rvuST;~LWGaXum?5M_q&1WzKPr`UGL#=Rs!#+qt~+jAT*Xk0
zj4~cC4IL0U9y%U99zh$fBxX(;6?ZV)K0G*_EN)?_YUoqQYfm<d!->L4z=_p{-G<*r
zxL=^JMARg@KJ$we^Bm`#;GBp6eIgn$=0JEzgi`pnAZW&HCT)gu#%(72X!dB-RLIfl
zZvQCw=-{Xsl$K)SsMl2NPOXu~o!Xt<o!FhzomWJBrdUm}6EKsQ4d_yQDS-!$$lzqh
zCot0+{RDag<$)5TnTa=v<%vmvC;%PcRFS>NQhGVNp1X){-*$8+aTidcFj=GpY{T8v
z*B{4r7<{WUrKL*_y^k^)tk>_?FVNrBM>9~=pVOBe7}dw9J5jT$WLm`6#9GB(MYV`J
z4?mA-8jAkIWk9K4VsNOBWsqX9v~wm`7L~C(*~(8CRWg8f-F-dos^Y2UspM(N!@vjN
zBiF%a2%Cyd8NeE>*kQYFcU9~p@8;_UbhCByc5`oF^5gU4@)Ppo@T2ihRr1}iY@Pn*
z@bmDq`tAG+`iiOv5|D36El0ea0h(@3?;6db5on2GB%Fvs?u}PV@E6RmX`ZS8N{r5q
zuecOU7tTyWd=8k|^_v}(DH3A%<U~#s2^MOe*_YjqT@Ve8EcG{sP&ZDS@jM&p68y9A
zFo;WYRPe+mw?e)6%FO9(dlvf(dK0l5q7kAI&5BcgHY{GIabH;TKMB_fyn2N7ynR73
zUeg-YCFCYtH<l;E6Q8Z8=~4)jx&S*w3%I7Ahp!C;64)kWx7a1SNa8!w6(_8wAGa@&
zTxH-qa8HG#1+^_HRs*&SM8a+&<c*nrL?qz*@gkJ_UqF99|58XGFaj}s4chuPLR41k
zBipCw30KT4nNPEoYC;g0%e6qgVZ?TVx6#PCK-#Mc+<X()0jpA(cA%ch5+2cjb@`H(
zsk~L`AE>-l1KxwE7Nc?^UrcCpG6Uq*C=;W(H!aGJW)fOlG@sXq(x{NPU>mIg1?hSM
zMQ?%dM*AUc+7%W>EMFUs{$GbO>oJCGH0PTiSoNDgfI=Bk17X=bQNAEjW2Xm!=c^~y
z6Ik|JGx#PX1*fBBC?aUd`!TUJgWbcIO(;U}Za70H1S*5TuW07mSdz54bkl#pVKJ|&
zVr@jKF`TM~n|^j<+<-VE1KIAFctnu@{DXLKntuNdHR$5!?B`rS#{q1YpN(o>GadU6
zGI7B!vY3z6)LFVOLdP)r+WQ!A3B8Hr{U!6u3PLT@cEK6e<R<L+77f(~#5lMyL<mKk
zMD86)IB73Vg7DRlZw{OcSS_;JS6UeoV6ty^lCUjMaH%1b<_-Apx@)lv6pk}%LQq4R
zG~a8^-Q%uz47aKjdlOvL4Y%2R^SZtCy`{J3R+qpDx$#Ln*f_{&kiq<7A4$5aUM&Us
z80~+Cf916W{Ts=T2#kM_{-Idu1Z}Ivw+HG2>X~2|i`=kYxN@3=EIgL#XFg0=KAC((
zy~eaL>?XALmp9}ml-LCp%2U|C5`d3L;tIjzuG}>ElEBCsF$rGa3HhYXbY-M!-(wvd
zV-%KegTNvz58@x4@7!QKVNTu3)K1@Aab2NYF`q9<dKCI(D)&7Eh@hRpWWS{S0ZQzE
zC2E7a2L)#R-u+F#1^d0Cg+yKUsQ-d$U;<tp0eA^EVK^^2{FFwO78aj|YJy~{VjLBi
zrN&uD$c#83vt{=S>+0(j+2Wu|**sv&Yzt>geb0a=RHIL3e3Umg2BHJBWJ4-nBfeBj
zeT_yxsTR!@|1TsDnBjfptm|Gu%JY#CpL<%2&Vf*{=FdR}P@b$r+V~$H0u9XGu-tXc
zwcJ#{`KG}q1Smyt8bnG7;-z#`W;5P$wmIU*vBa^?l9Y0BQSadQV_2ejkno!foqAW$
zHGEJ1)<8GHXuxT}t-yl{6sW+iz-mB@G<v;7$FIm`NY~HDuN7Kv6cW&MipV2MibuN<
zV?8KJg;<Xk?tkk>^(23AD5}NlxpcluFRC>Gq-^u8^c&UAE5#42AWmRc`OzX+GDX!w
zd##EYnKI>DCi+qpiA6vG$4awS5VMI#gd{~1*?v}|v{6hKlSRc-n2w5WIRUJM(&yJ`
z&8*{M7n;dYsuTh**oW&$hobR;LL`zd6pD=}0ytvvqIA%XPTyAjUVS^5Odfy^r33}r
zeWQCnr8x?JK{*gk6ONP{H6pR+A+_-})_q~00^9obi}!U5qM_!<Izy@jcr5*4T&Wjw
z6dfnEtnp@`rXNA9hm#@kjbXR;k@uJ8g@E;JeBc6Y=T}3YuF9|4urFVZAaYfGb->y&
z9qEqTr|)ws7%i~m2>zO<%%`p7#owpxdHecQNv!OqHo-B0gDQWJ3dWX_ucBX?hF@Lr
z1N+OEg4$jyWzv~7)rJ3hTWD0}8O)#y(@Lp-C3U0+hVcpNS{FoW4KyR@MExCC53V1Z
zwq`pJYhraMPvB{6!DmZ0C`>63ML0?aoh!EKlzXp=#O^4^2387*cU9o9`4R=_WRXEL
z_DL;L?^XUpY#L#TzS9jn4{#c;5E^r$(uO8DWs*IenR7o<U^rHYY3p-9P$R~Zb6_j1
zgj$Dbm#?43S^v7)3EL)ZT0p&wI$9ZA)C1Kj@RYgZ#{SaB<DUiXoJD8~*?!%^>SFKA
zcp4uC|KXL;gVQ0$tQ(ifFdxtVRnh~x(uh4`iZOae+qN;jDN+$UBL;nW^K>D1A@?3s
zsz8MRRMtVoDYo)g!9=Bnse$yQQ94DN#QNLFEp*11Fl+@O4P7r#5_MWSiO0^j23!{s
zPjlb`f!io|>13}n7xxlswxeY4m!3so!XUBfpecdj@h_p%ubE7LBaJB$h8ZbPiXu(p
zs!EuHEv-=$<3p0isVsuE)SMk@ajYa}sm%O}7x!p?zOc_u%nn-yS+k4R=QWdtnJ$3V
zMq(~1xG(<Vl-c`{z><C~*B8X28ZT;w<>=UeBW*`y%W(iyz;dw{MMJ7YM>2OOhQuVj
z_Ir>hiAA!V{B;=f#U8>`D8&-isPo6fli#=TBZx{eAIizEBMu`~CXhAuu(g<K(3W55
zA=tq)KuaCQ{AjT27lQPme`x;I1dP%t=`dF%&2j;(VrPvMR;Y@k6@W!FH7r(Ci{Pie
z2%sfnqQB5$&CmiL1Wk!R<cJ_};~yCmG{qNvW*iNX=ZoA3mZyo-(3}4z<c;mrub{oy
zUpxOlRNMLx5?0K-I+!Q``<E0jJU?lHVnK9Vu{^u~Mv87gF4|&RLD#<~KyjMI{s)PL
zf;Eec4Q@9pT}5ki0se)t1h0mqhpzseX%1bl!aNOx(ijn-!I@@<uxI{G`CrIx262>4
zFl#r??31zhe`mM}cmJn~yH-#M&WEH0SqV)KSq)VU*8QatYVnIIv!Mm_fJ?8QS1YtU
zhT2PKVs-qiJ3yPdsG`U*DzW=}(Sm{oX%UUt=&kxR8(h1w;1aEA8YEpqt`X+ln7{Wj
zRZi5+KhkYfpu%qckGv#DwJ$4ZuW;0*OXNQB*kaTYwxWaL13^83*W#){7#6UgbHN88
z3gz|79WnkFm?&aV^cUU}Rt=#N>?eh&CzYrt*<MWGTU;zZYP{Ib8*y<$SXffxZNWqz
zWTQb}!hm)IITv_GJktID9F8Z-|GPKy`k+7y(=;8{jRP_N|DVj-6VqYM+S`3P6g?->
zOq6Ju@$Ca|0jlY;ZL^-ENe7D6tU31oTZJLe1Ae6X<^5Z(F4!H7uQ%j$&6k(|Eu3Bj
zzia+d4@ai`Kh#_r2Jdj3M}YBKNvd6r{-D?Y$NVh$d6$RmMI}u1EzgU%ks<IQXu1R0
z9V^chW%M6;(F)WMDOCoMSlz&O5ry?6fnuAu`6-gJ91#Wnh(d2niFexg7j?4x2C8M*
zq^x7XYqu@xU%a*eTQ*yS*kgJ4u82GrraSuJje+S7Y<Dc7OZ~F9h~LI5#!PN_=~x8}
z14oi}@d2-@k*})$n84|uuo_f;XQ;#UAR<oX7nnxHk7i`-mmSpJAm@VFm_h#koa29&
zOd3T)?g*`^!Z)*`Se5?^!9G<uCQJf8mMXQ270vQeCtb*wImQ5sJd~){3wYN4r+Q>J
z2c<z$)TE$6S%jd_E(OFZYLoyj<uB+r2gp}KE`s6tj`>FYrua20DzQQ?S=guoJS}V#
z1g1!s6(q7tnAI;ZH);f{j7^*4XwV5&7@0P~S0zhuyV$qr{2x{msupt>a2quOR4k^=
z5j3g<E7(k%psK3-5>ECd0_ilzOc$7@D}0@1Z_k~-7wCSu0JHwu{JljapBqpO(FNuT
zBisB)j-qlSC|Z$~t5<V-KC5^wBp})Y{RVM`UW?Y2h59ZTuAM6jZX@uqK<0l-u8|fy
z4(UzKE6M-WkoCiyOcG+n7kAH`EWMe8#kYAY@U<q?>NEWB!@rFp%BpZQ8R^KC56$4j
z1PrVBOU1?1RL8(vnBBzzmgl*Ju#5wi8w1f^f1@z&zR?w=C$a7ytXuNCGo5lvW$!<p
z!#&3e-p;QgMQh$cpEsxkExO~B?|3zh{2lJhG54$0kv*M%GFKT^QhMye4y}7kb8LFT
zyN?x)t$U8B*1aeC@9%pgKhDx6YSex9so#qw@27LL6F$$}Z>Fk8R~asR3PLcpW$X#*
z6UKIeXS9920<KOkk&<Wb+ruliPg*IegQ{OLTC3KatvQxNRi6sh?2MnkhxdNc1b-5b
zKZ#w{Jjp+ER-J`1%6<fq=+5NR%JUV`s@5p?6mAr647{^=WyF7IX{0|%L>g?a?hk7`
zD9bz<T9JWXX_+?kK*iDRu>l)kVwvlsI>8vCIRIT*og!wK2nwRkaqEf3OvFZpM0%UD
zdU3=?dtW$1FZ~)7UkL0|XK8_jk#GL^d8`o_0Mbvv=sKHx#SAgg4HLU(6b=PZJ~E>E
z%h3e1#E(!<;p2oo^dkQ4oPr9x2r|Gf%`*_#;2O{DT^H%ak}8svID%SVaP~TS7Dlzc
zjl0aT9<*u4yzOu6H%mKNDCON^&m<QA(0ap0w}8e(X|$qya<P3yM-+)XWfj*=)xXno
z8&5QLs=za@0&GyblE}gI553~y(S+IQyPd_7S95eF)S>^%w3DDKMjVPh)xR6`U55v$
z2g|?onx|72Mt|sb_D3yMI<sd22`BhSH=64(@^aSrO<)eZp8OVIqSFW_0#erOfJI16
z*cHe!h10jwr<ndcg^Wp%Jv$x|T#J33Xxz;jC=y=6dRt0NtHV>2ri-8_zYFk+j$-t*
zgo!|(y1r`sPespvC?-0sVIl}XHa&#YzPbTfknsC<h85krYO_gh`-y4OK^8a=^_cbn
z?}~aXRuOIo$e6m>_Bv=s_-GqwN7?~3|DnurJ441)2l-$VQu}n1XuQE4D3S*9VVjtC
z5oCc9Ne|@^G(+i%hC0ga9vRas+dkC>Nss9WFu~&q6Co^ne48piz8X?ndY9Pm=?xPh
z4RYvNNG;GE=tH5EN1ld-tT%H42zdra!EDH$^+B(m(>lNsR(o@g4srPp)r4mtOoTdU
zFMzPxo;#4mhq!NNNip3G0R?ja<d#clt=dDPF`;mvNF&HCQWDx~UeLf$^k&Wh6Q1EP
z5q4AgK_l;ph{F(x#vdYq10A4V%p|lYpk6g7dUcl|N26gPd}WW7+^FBBnJ!8D^0yTc
zZv{zcDfmF+L)DAB228xg!9>J>d`J>jOY{V?Y?Afq?}L1xLcwIpnSI}TFEu=<5>~tO
z9K{*-?s?LO>BSO)>BjzfHGu5T5RB}}6u1>Z{8bm8_`j+0*ZNexJPD#;VrB1cBZz=5
zAs|Z*RiFMJkY!O6OaN$f{Nc5(pdVgGAy6dhP>qTok+5dA1%&{TwaI^slY(rNpzWKo
z#z1ZOl#}oXM+!G#Zsn`nPj@p^>Y&aLoxzTMtsRu0_7H!V!cHPtAASQ=By#tSzU$_v
zL$~9>;cDnMPj{GfnU(>uW3WSccl>-+62}O}-j|R%7iwG`I-Dod=fF&R*}1zStIM*C
zv579!{k}rsHcR1#NJ^d>8J_`1lEVsEhR%jpV=E$MBhebdFmCkv%Wt@nPu<5X+4N~I
z0exw`^CK=_JrJ;`8GhKG?8P6;O64%KxNhFX;~aOr!P?Z<o<C$BlgEr_a(QXg$dUZM
zF~U4tdM+rD&B5t>97zkBlPsR}<l1&QLVZVl_n7-+b|-f~<aF$EpYz!eNxK8x6z8yM
zsD<^md$@~J$o2F;k?Br+Jodu+%I3To6W9%;j&Kys<fFYCw?gJhFxHf$-j~oL$bL!;
zthF3q@!;aK+(XZm&i|V9dZZYY_>uQIhd?GgIWijNSK!H}D+BX5I5*|U_qOs5vG}<B
zx8gJ+v4b$R={3f$3Hrk4?eP+U)5Y?*dq^~LvZphBljG(IV!%Zdn)l^4dKfQV&xYr9
zPweq>tyU}N))^Rcaj<zr;`ewFr8B1c4!89F`SEu3`@}`JgQe5vspUZC^Y=lI$MKh4
z-x%i&JGasGO_Hvjb`+xKi+g>A<-4JCO$vU^kAc90XSke-jkR@+*8<%;-IUu*QXS5d
zf<G7+*<)6^Yb-vh13s8YPj>D(G@5g|%KQmE`VWc4!IX{|HO`lxv`+^C2Sy2-$IpV7
zui99fxH>K_lh`Ihi6Pk=S97BQyHH(f*$t-YZzeA1fT#<6-u>)_0>nqEvD9YU(w(j*
zv0&A!IqKFF7gcYb;FOuL&w}SA)LVX8wIkaXg|AjWtB{Z9lg5%9HM2MST7^?LQ&V;M
zr=Ge<S-kn146XL^m`{`A7IeFA6-GWkpH-~49&9C<S+LSJ@Enb9f?}X4;ibgjh;?Ca
zzVZtCBwaBD>(s(6_IF2@wBl@f+|O0N7vK_&%6!T{>`B5RjIqOjzvC#c-OR<+;mE&?
z7T0grT|^TU7&q??niTUsYYe2+M3!bvM7>$PUS?7jcURe@z2f-jYI^K%R~R5(df6Se
z9;Z;4e3E5!sJYZ$r);Q9M9^!WziNNvY+R3Dembn9;icr@%X!HP%|w6j^Ryo=45tu%
zHanD?59DWY@NI9L+%6wF^f0E+?e}yPTs&6}DG>P-eBLMm*YiT)HrF{XH-?HUeNLlV
z%3m8@#v&aK-?op+Dq|#VJa0w@@l^RfiY}UPvS@tnx0*lb9D1D2vXNd*Z(gq%CK<wM
zyP5TFZYJDp5L|s`XD{g;P2RRIf)DJi#vW5T7jL6dKHjrb+x=I)vu$~?8c$}OBfC8>
z%fiBRtE93t+DrzIr@Y^QL!F=HgX6n-8!tcjSR#w+OeVUGBF{ORd%v%Wld$4`6ETR1
zWRfx@=#Z<Y2yBmOnk7GNDvagj2{Q~sw^}0$bPr~CT3_<gsX27Bt~u;^&feraeB^fE
z+kAX<h$ftg2^vlPLTwQ3V;l*QrSz8q4yXA5C2=$@Cv^euw|qgos60wpX=Q#r82%Rl
z>p&nLF*4={|1<l6^tN1)q=mV$_m!keI{)!U%2^qu${#+oR`g}j^5&Kz`Grx99^_bn
z6_tt#a+KHoid?}2)VBue$`fB_gw)taRFbh0?jh}LZ5>Jp@(wL`WHEy;jr2`R%@#1s
zTkzwq*r}@2Pg)V=Usdu{;u`3nk3{4l8QcvqsPEfF@*o3bp|@15-oSWg%kS1XL)uTg
zu{`9dyo1!+-R?KeNmpE}*q6O(=RV?YnH)CmU&M;(Q&<@AHIgz@(Q#ap-B|ar$T?j@
zF+Pc1C`1A{O^|BbnkqSm7sfkh;N96VrFB{)J|TiL(b%pZJ$V~|g6j6}5ts{N8`*t<
zQ=`zM^UF@RoWE;|k1kE^mR?;IuU9b4>X<Il{HD&-q53deOr~0BF)wcgQ|D`BBDx<j
z+kY<%HP{~#*=4L!4!6hM&kGkLt?vcr{-9&{P0;SOf@kT7T)Y52?dwiYtx66YNfIV8
zrJ~vjBfQDheUKx(+%FUOvE4jVF7Vx*^JPbZ@7s%7`PE*TwC_v`!`A>aHZTN%b4hrC
zd_#U&af*bNjOnmeBZ^rh*d_@guVWq0uA#)3!*e(!o;3aGDp5YLc;5Pi(z)f)l#>Au
z+`$mb_hs3$Mr5#Ei%>~;#VSEe80#ng*KBR!yBp@m%R8BP@30D897{cw)(f&jv+%e<
z6w>jByAHS$LWY|b=}a5aA*Y{PH_KM)%yVoogEJ||33FhuV$1rqZUqm<d+;`|Kk-15
z%}^2bj?S#4W&|2UChkwfEF4jCTMEZWi8{VI4CLL(7AmFBO<iLso)sCZkb+k5nR26f
z0LGENN#8qpz7C0wIM_8)sud7Ssm!Y^B)6)C>xV~a=cp6%_M4sBpX_sL;x>~7Tf)ZO
zrP(2K=b7%SlH{GN7~Yaw!zA%7E4>JN=OblspZTk!iPr~ueI>Od*oyxo4e*X$l82m+
zEB}Hjry^>VE0%@(@wLX__~3X?$o`7#twZM!<z(;VzQcWRqtnGBvawG3Qu2p|5yt6{
zal{P-pQ0+(P9!%%owU6l#Fm8etDQXzU)y;OS8a={u0Gf}{BHq(!?e-zw&C=PrGZm?
z)n6e4g&6Km!FG*r-W<FHyis&wqCP|xo#-2wT!i}If<?6K`;1$GT93|19M8+tUzLHg
zDqEIokXJ-P5Nx`eB}uHxlnF=Y=~f~6a`oNkv{OOzIG|(-h8~&lsjg*S?7Tx6``CSv
zkF8z$GCogWI82(V<7rGmFzmOws@504D_1%<yF+`*)d2D27Ic21g~fT_H+qlul<9h^
zqVj$8448G8)8WJf&{S$sZ5{O&v<nvE4m4TM9Rx`Dk`GeURg{qJ&;Ik;876N&bz46U
zT6j}9sxD*1Gl?2``eh=ghnC92B2(@6MUO9=OJJGE8Wed1-)V<a+`r90AA4U0e*7wE
z22%<LaMyEAcSiFvP5BXyqssm!8-G??ywnRE^{Q<CE&8ofLAJa-G9YR|HUIflMG|hM
z!dfl##)GL9GADNgi^X$aejA5M#p(xgUF`1_0iqK3Q;{p$UPOmuPaoAOQ~kMJQDK*@
zu?LIr#{vtkYZs+gR}sAT!RfU9H$KjMCLs(A{N!t!hV-mRmhFy)vt6|rEAA{AoP~QG
zge68AZfjns@yT*HnSpM%Qo`nXMb-@_bXl>C2MV<O8rv1d;s;X0zh(ojXT%7AHhlN^
zGMZPEHR9<bmuy;RdA3jiM}W3uy8eBm42?=fH<h#HAWqVi3N2klMWm%!9+Nohlkyt@
zhTMRXK-Q;ujKUuKIm+%-gP6~k-eO*Gxo~PFRsabHPSG7e*g8-^?Rir#rtr&%Y~Hkl
z7l(fZn*5(H5h%UCkW6zO7tr^W7UmuI=Mfe#;^KXuO4wjMdnh>12J?k$WrX=TI_GqE
z=-4bnLJ4a`e%qc@M4ZOtzpAKDUU=$6`a3*%F|sjSONx<QW>NLE2^K5*OOuNI>^$@o
zBz1Zrtk5aixMlY8JM>U+t-sYUS55X8BOn|D`>Ecs|MtMcCMDU)jvj$~lCF8w)Yf&t
zbv<}}HjuW8Pm_X2vIsSGC(v}#>wTaAif*L5CJ+07;5=KO-qllSf-jH4x@)a~hid<~
zphzQncaNkbe|aNdG@kNYj$FaXRh@LQR!EU>D#B0!O<&EQA;6nha@yoO4C?|+m_wQY
z-Lw8Ho;2cI99`Ip(Moi|2nzgS5|MGiBU5>D3Ih!WWX9fW2o+(n@km?SkG!;o!y;l(
ztgRQQude1&q+j26^ng~e#HX*5ExpS`uiXy7Rn%R6J0KYm_{Mh6PGa}C@CxDL<}-hL
z@wq9ayLLPKGSTiDF|Si$F`h8&L7i3Hk8yd`R>vK|yO6-i4DY@-{mW!R7p3_lf0w*!
z+`L(s%Z|ivTh|M<z*!kr<+e+Mue*CV4cC#p$I7GldQ;1ykVFey4}^?j8Gov7qkuXc
zIhgOBpIOJx7}|u~S8x@n-+O$`YLI3~ibmA0)1ro)_wB(@(Vlw|CH!Y+TOPCKrjcU2
zc%At@=cQC2-=$QswBYsqyKvTqHVaa0+bsp@du9F?ZSNSPS=4olcDc*8ZQHhObXAwt
z)n!{x*|u#PPuaF@8@Jzc&X?Sq+%GvNxi=X<=3L3n-ap2kd+n7u=6G`u6_G+oF%15s
zDN(D#gfc+1t3nPHD7Y^yFFNl`@*}<)T%Ecv=AtS!!Jg^E!#a*AGyI)FxXF%ySzhZV
zn!UoWK8!VVD<!p004bf<B}A@40}cn-pYOXDci9nm&{9#oQOk?FczWN=JV%t)yj7sQ
z{Z1c1tnF8&*jBpm!V`-joy7CB^tj%iO^N-+EFEO97VFy5%ER+xm|iqBmaCTq6B!07
zEnq{)4GH<6$sPR|j>KO~D4EC?$seapX&t|`M^E_6y+f4zORa>=Hy{Oe)_>=$<_0Xq
zg4#%__??J(OkS2lN~P5_jaBzm;;%(bqC6Q_;q4g9^)JIDV|_he>)%S!Ltd~kZer60
z8D7!RW1}Z)nMeZD`FKYZ+bj48yI-6H<FV-~luRhW6^d7I+j_Y43iF<MhoZ?Ap-H`w
zGpGV<nC8{N&G1>x3WX!g;Du}4*~+M?i%fh5T4tzhl)y>SAz8cjU4Z_Gf`S`WvcQv1
z@>eu`2Hn(V0G-mCmbtgls;sq=RXixHs;$hC&;sn#vL!`m!B$Y+e3g67K>ZBbLLI{r
z_w?^SI(a<#@kgs-m4<nkkcjFJ2f&?S{P3Tzq!!!M#bUFVvg#m1)|-bCiHQ)OGQLj%
zd@y2Ixk4{Jm&o|>puh4tm_II!Kk9^hG@DNaBbb*Fb~ek!R$8nLnI5wYbA;k57w+1X
zr9sG=ifL5NPh&**oU47wK*r%JXr}@3eFPB$xNIw5LM8CwgB{pk_XZV2UBjr&RG0W@
z>7G%V*-O=UVkks){f@^QYtCHuX^i}aE52D%Rp~XDp5lrbaM2g2{Hf!=-xLhOYu;!$
z<gZEzmMt@%RWU$YIG~y>SI9QHWVj{%RH;dRdH4TJcUs)TTG~mTw6qgoW(u(T*5W1f
zk=#xMeQ$sKV@WhX6=CQP0-q7=j$Ef9dmYj^L4HK#iUrEi8=sJ}l^>|11LtB#1eY`6
z?#Q}**4?)mQH=q0?{=TSmIZwA^chF(Z%rOg$u;*d-wFq682BSXm$vgE>kMkI4tcZP
zPUKq1@L_4QZ`IJDNqnE_@5E+svW<-JuDE4CW(OLS))tQU{2+drKZA!cwfpVp^w;#4
z?f(evjjiBeShzTen27#I$j8ShVQJ%J`j=6{=9iPHn5l{VZ&OA&Q#*4f3nDf)W&r_s
znE$%mEz>(eF=mYk33&aACSZqHG04#@ERwt;M27HLP|vT<A2c{41q_$ty1BHT9>2n%
zL8h+rx$8{hbfI8uIj_2wNcM&O=h#Tf`_G`_YQs=ue`O1wH|Lhyy2C6ptb4MIpq>xl
zx_p14pzC|ma2S8My?^8mr}@-q_1^WKcxWhkE^-`maVpss(b)kvK<N6{=eM{Sz4azB
z#hV_Y;aP$S_h@#D?Z)-cx#NPDSf>HhFgSB)TCx46dnqoam9NukeOQd?IE?^@V|Ukj
zj@tWxWNYNELz?yzYjr+Rro%h!=r-tMM)j+HDA_*w-oLkyW+p%in?&7@gGjpYm}u@+
z1j*7)IkNuyI1V#0+tF>l|I2!ELwnyVxE4EUhpI+dDYtV;%u2>WD8UXvC$N;fdN!AV
z5SJYgi4%457^OUQot0iDA<ljTOQP!cr&j`rerG`nDHF%(C12>I_JHU?ZI1@7ovI|W
zLQG|sZV>VTMS5@pkvFkbzKljJg%cmp0ZEQ821i;j*V|l9kg^gh+tvph-76M*E1Ey(
znwE8hCXR-QqMVdUkDlsyh9-C;E}MJD6lz0-{clLX^}j^|Zca{a*8jx_W+E0QRwfR%
z|0gRhJfXZ)CEqS5y5h+zwBqU8q?*ZfwIFSni~!VqpqKzl29oAJBa?YhaFJ_beg~2G
z&4(@8pb^jjXlgRzE_3PChYO0;3kIZm>I@;99@gi1EYW)R->%>G-|wCTuN#g>8Gp^Y
zd0C%PIU-qy^jc3=68FX&ObqnbkJXABuT3VpI)6JksE=p9>SFWiOlY0)lNV5;!MoDs
zOs!~Mvtsbt%Q;A&=48KxFdvTi3@wP76w6g-ZnJ&Z3?(2i`4pJSnOZcKKfU==ulJZ&
zK5ULAxr6z*eP^i+z3{eLd++Cmkh><?c0|+}D8L!H?~fgJ-@w0b8CAMKnY=A<%N{Yj
zU3G+G487@vy|*26(CPN8q!B**LSJ4wVpgXmV9@pbFzX&#Q9JHjg_nmCz`J378^&7Q
zac9yZWXh%QL3t&($DlXVzjfVi!ukVZ;_r$%Vc_vrjY!b<`HU#$3IU7B$>C-Ay{a8~
z`H@)nARU3D!8nSQz6f=xJG<rTF_6DX{hU)5U8ji2Vus)L`?mfNpTI?6s6joEQJcqe
zGyp2eW#dg@V`?hM{;>-EoyHEEf1YDcH`(|%$>r<02eZ%9UdQ@0w@2aS-U?VqXl#@z
zOhJ$fb7j`8cd>2^0ry|)3y`W325C+SEgKLQg82q+zy1rlm`Sq<2kxtie6_{Hn{j31
z1;dhQ$&}N<GwTblVC*#Gd0IfeD*EQI-09EyDtsryAqtH*FS@W(w0SHzPFfJc{gyBm
z=M({j3AC<Zd|Y^6bkcTtz7)e0rzV?<>Qwd*n^lnJCToMwy_XL`nKLk(imm?Q&%z$U
zm?ljp%H<RdS5{VwOHUQtrmN%iq0XrHr>|F*Pw*wT`sewpB=<@}{YPjYH@~RYHjcC7
z36~9i*40l+?;f*cODXe`k3gS!#pax=hi^lb?cejhwz!)@E?GPgi`l<7-}bLu6Bo1O
zcn{%{AFYQUzgf!OS8@}|D80zpePNG3YotCH@$Fr<uA}$g+OCezhS}=Q+qbSMO{lrr
z%$KwU*HYX<#$bn^E6i%|5>7=|hgf_j`M;Bb91Ps+ofk8-in||6rj_)89%U`H6FDoM
zb?Ls&UYljS&Lvk1Szn&<f5AAVtFAr{pE<9Mx{?TN=xQZr8?4*cc;8EZVS;k^xZqjM
zg>MrV?CTE6v>(BfuBs0=z1QuB?w>IlAA?x?UVi$@t3cI7JkqvDQosA&*$Fy+6Kco!
zY8t*|cM^@Ee^(29k2*v`G=s?cw+RUvHDeLZPz^oj;1&EurG066TAovWs(JE%vAbYQ
zGRc}a$(Qw8{XXOGP<1_1_^-!o|9?w9V<^}GYHwB0H8Wqu(PgA*(TE{=Q1{IE0+HHj
zIS^Wm9Kl&*Rx5JN$(v&YH>=(Xh5*J%&5hZ-M|1H{x}}7}dYCE=(G;CB9r~@?Dwq8-
zolm&M0WHaby9Yw^T~?eN#e$xm+g&?2F8y)(@6(aR+cWkvhE1hM9ri*7^@_#dGmytz
z52;TT{z{*sFZoZMPl-<re)X(!+NG$uq*ByHTqabg2=mcYdp}c?M0Xo3+&+nVV~zeX
zrUo63K=wL!8*JSvbh~|*tE1CS%A9^{cl?}b%sZeLgyAUXO~ecE1I35CC;R%q^A+_2
z`-{#u9C!n^cGCSeYM;lYn(zBuT5G7#dH#Wg$|~kk;8AS$^*ov6oJIdv-)Ff<<XiRr
zdpm1kpM`c2`%Lc7@wU>L$5;7QyX%Nxok)O5y4h4|hCo$wF^`(Mwz7cfU12!t*iZ~E
zZ*gN`tHnd9(e8+<1RNnpqtVEYu)FvB!4ur?#~X8xge-)PNh=N@4m`6*R{5V~-95&t
z=U}kMU;4d*E;fX5&z!w8Ge9N6r#>|gudLb{gNh^GZZjnI<4h%1DfYlD_O?yVfT)v%
zbK2YYen!l9@2bw`P8<)%x}G6Sfzs3P^d*SKNc6NwxW=0#vT53<VE3*XGQIY{29DC+
z%x~7r8GsM*26^wl+7Y90mLV|D4~&+({E~m=srY3>ny4l$&|Bauw8`P+cc~8-$${CC
zkvNk>fX42AX7OKvODXo<Sgai@%kdp8ukjkZ8R|JEmUo=&ay1AQ@D>Y|$!wg4NG=CK
zp05!DT}wXck<`-&$8Qm`{oFoI8XB|iU<6C%tDoIR_Slfuf^Iu*vZ4zp38vr4(A32%
zrxb~@lS~|uNcZC-NG5Hq>?3Bxs9S0V^6rEghvBtG1`6_8Wtilirs1??G907vQ%8?q
zaJQv0X9a?^$K;`$lXs7!!Ou-ObRW4Jm>OV@4LHZpcBz{ej0_Y#>gu6^K%~Bq6Fpg-
zx5GRiQGN<$!`8e`p3GxI6qh$iRR}DvJ?x2^%B6I%jNmNsUmDw3w&+u|)EN7BNo>oQ
z^FPE5zwXX9>3a6}ll=vzpS(C?7sDKaP$O=XK*=W;<sJLCJQPuvj`0keC`s`u{ok!V
z78|SwRqxgZx&($USsHn*s+d|(t;WZUk3#4QYIJT(+4n5_c4&b>K@V`43pYI-4Zhh~
zQm@60f#2*K<T|3I`)|S$lQcNA0JVQY>`KZ4ioiKWxKUL61OZx`i@6m1kSXR_@2}mN
z(q=3rM#IsIJq9qoYE^G1zu7GxpG?4w_`{IJFSHoPN;;K>TE}0iGf`$Jip;B+W~yF`
zU#nj@f=fz&WSUYlZknFF#%VrH51SU(=A*0Q%lH4P83?s8jSJOHP>E{=7I722YBhae
z(Ql{Wdy3q0X<u0X>%XGO5I_F12%QMU50V}RA7a<jLlQ*NZ9pr@=xOYWNs+U36tx~M
z)}EyAGrEtDe{&xYBm8oZpZpp-Lng4TL|??^vj$e}X=5{1;A~Q2nopl#2=>%=l8-P}
zR#t7<4tE^)m!F08C*{A*veWY`X>_d*YbiC*^wUI=?4x4OszR_xRCSxX#@5N}lqs-U
zybfthv1KT)aar4_kC>%!Kycu%2BgcA@f9Ap|6z_^M=?xr<2$!LVqabkn*^fVQr!*=
zYzW2&qkoTJR1a$PQ+!{{{%Y`Tti^=!BwjTM+Vl(VL*>pSohm%?5S*f>E44b>ZA4R_
zEvjiMC@AOIH=XWFhofsc6|!~a;(#*m5wPYvi$X39b(eEfH3`Imf>n=b4ykmAV%KV}
z7gfW?j21_%n<Y>xP_rgYCdFajTipS%y5#&1y-}-2kvXff4GZYaJyW9|5eH041Rg;g
z3Odt|+`fO<+8fiR)-xcXMby=eS=GD60w=9Tq#<D?woW9KO}Y@bmg<IN=$v_E{|)n*
z7>X-}omeuu6N61lO-?s$PVcYto+b7P;&?{aRmm|eEz9e(ZiCH7|6}jD5{V4a-paD}
zV@r6Jiy7lX&o2*9t{7%FrmG$7%dUXIY*9rC1{heXbb#mjDC@$;@b$N`K{F5HUK<vu
z#~GZUzv)O<UtDvD@s*cIS)g2IG(a%^#WHP2XQMIil~2q^U!qujD^{V-%E^gaCAjVP
zVcO_Y&-5m9vt&evQt_sf<mfs`aes?+EalLQW-eVP4PY%=p#nluFUi&^0Gd=P<BXfo
zDhjozfiTp`vUPF*)<P{3pfR;Vig6qoY>^fb&{Ab0#W)+yu_%=kXhWS|Xpv}~j0Uf=
zAj_-@z*bq1X4VH-sw~JTlZrQ?mB=uw17gwCRn%mZiN)K{R0~t-fMnDZGR(pN7V05c
zW(7c<N@QHV8UTeFP(&4P+=y0C_)|ui3MfUb5N8~OHc*5`0aT)fDa0ZH8c{<^Gb;hS
zs3E0h4FNtX2hy{e00ET)nK)8$duk8qSyg}yHK@vO=~+>j9<(%--%`5?{j}okXqGC4
zGP`m8^#3ICqbg+5aa6&wFePZvDuc4SvHc9e@&GRCN)@d_CfQ%{BpNUUXpq##g)_2w
z2_i`%aRIV@`2ns{vkc-HXo4~hY5-D|4<g{R%7;GSy6{B<U|;y61L%>yO+pJTdQkz0
zs^BH=`JwqH?J=r+Xag7vUlP!AWN*{Za%65LslSMTlqz0yKuHxZDj<|fCnL~PrIQwT
zUF0SSXen}&1#lLvFaoa&-9!P)MQ-u{%_28(KuVFDGyt>6O&D-o<fZ^HFLILrloYK{
z0##M`sDY>|7fE{#)C388%G3mL#xZD!vUR!u4QdzZ+gLQ-q7`DG3pI&KqZD%To-lQ@
z^sOJ7ZqW(}@Ka@j64<4(K?>Yd*&qjIscaAfFI6@ufK@6RB*00P4KiSq$_5eeQALju
z*rcLI3S3mtBL^m_=n(_$i(aD8Qe+*{&{AaTv;ne(|Bm9#s2Sq-M5q~J_q?d55=27y
z_5RP{Rffj$wfp}sE_PY|C)RdZ{u_v|2MaCWNfVxmPvA+r`cD;aXvaPL%9T&#O|UQ_
z+XP(`YI_tr4_iX13NMTTt%@#0_t!wKBGVBz9j9)Iw4lbG4l9g;q$k#qbK+6g7Hf>P
z5GHE^cfy(V%6AuY3_lW6i4bm}UKU%BVv8vCFU_`~n1!>_lx#Z{n-8-Jw+br{S0GQ9
zK_e+ADJLr@qM=L|VN0_>nH9^27BdywC(U-qbr3Tl&A!cL7Arzl#4aV<OZ!1XK|_Kg
zZ(2~QA6pu`7DdJrYyrNAr@$7Ojz~^Jgd@V1YJud;5lfZhfi1L<Q%dNZEV+=f_DDQN
zK1O^dzYtMM`OmHqpJ*&!z!T{;oTcm>j)bu39;FDi2)PKwJ!}K{nM?^r`R^b<cA{9K
zlmup6LL{`<tr!AL1M2DsmgH~pdZo0q5ivAbQwb6<WjQia7%4(&YN*pNH5Qu0eK9%G
zE#ZY~^<CS<_qY?PS!9}b|G(R)pIIlo`Szrv>bdqLqe;0n)X$vxHDL&<t0{@RVotFq
zKaxI^P8ffGu+CzN`I5Y4mU~IGDN;X6j(z%{pytPvU6AG@j=q4*zKdNWcgd>zD7LwV
zZAFu1!FbTdv!Opw%=)l=MW4XuFNYfx(A1!Gi43KL8<2R!oj{b|@y$B^_DVj%&Mygn
zLgp7|&netM74r-yD5)O~BOu==74r-upjeY%kYRUKz9P=g65|bPmPCOSj+5GBQ-W1a
zJrT~g6+=X_C0`S9@+Ct)X77pdXiGUEpy|jsVaVqVzanbSI^oFI4Y$jivMV;QBWaHt
zvm<KHKH<r?F6(1Y>_|VM$)_#5fH^yC5$nmT9}j0BZBMjdoh4VhHy&e0)faOjo`n!Q
zmehmKy(g*G&UFl*3U58~o1);M-GlMx5ZB|1d`&}MHky&hhyUj<*rY4j$gyVyT9tQH
z5&l2v*qCX7?c9}^o+I2ywr2%SUp%Eyk{%I;fkIEj6J;ULlp)EMBEb=wK22ejpB^RF
z5QY<W7H)<znJc|KJ5r1)Um(4#vdr#OV3n_G*{XUfL3~yOD2*=-DCOIO3n&)L+(Sqp
zRjBKv6wf^Nqman-7D6qR!Jd5yLv;Wllx(XLGa1psaj*kV63fK&1CUO!3X3BjQ_P%5
zc~M)SDgUFX#cwi#YgZqbLkTfF_S{{u0TP5dwh$C_F+39?QIcq@nVql#47RW_NR&fK
zytZ5rwFcioVu~fkJtR-om{LaeYf;w`^0B-r57fu}DGwA=REV&85`^6%0x_R6)`Yi-
z+$pbxh!m=<wg1IoF=}K_d@63^91t16ig^G^xSp6oK6t*H)lM#?3(H#AURb3VM!98i
zIt9xR3U)Z07_*wHBD?c%wQw{Ng~0&)W^Dt17u|xE$)$r&<Tt86;4dJ}*T3F*Z}4yE
zZ{RNs!F)wmHAe^`yTK7apneJd_&_)H75<v;#q7=To8JGon~BIc{zQ8ry@A?6T@irv
z1^4>t<@fRa&+*>Xe;e#t3)5}8`RTbE!e_pHrehoD<_p0M?9JIa`k8%4eFr_U2X0+<
zNqh@4&(P0@;Ens-a?8BxzH3_R*gdCt>hVf+y<}!Pp%+!C)`YP-1}p|7MrZ0qz*zfi
z(?t8od!>G(1J?q=rSA)=7S)tjsTsfd=L~3&Kh&gk=lX<o7h>wNXG=P#TT3dZ$2HUy
z*cHST$Q9%j%k%9PbT?QlzO5bDww1w77sQ*{NroS8p1qLaazV}c%yLt$KA0Z79)upW
z9>@pArBC1&1E>6*fm!-R*8<ye$Es7xGs-;w*8KwAb(@v{GoHZ?KW`(o(^9g09;+y>
z2yTnb&os_I_mI;e_3-B$Hmf&VAx2)2mfjY&7MsaUdF*-Wd5gLl!2}vp=8lQ?0i+_d
zEtNk{HMlhC4D);%0_?T>A~bJ&Xj}U=Ry1EUN|O)sit<c#lS5YKsAW0n;Tad<5g9+-
z%KDT4s#*_kUCQ#G7VYf36=`^$V&?(#$aOJ76>=J=oNyqydW`HWwvyZOxFO{8R&~=w
zq97VX;2|FK(jc7kuyxNw=3%Ww=bINotYFGTOY*-K0?L&vWYtUSbNSTjiul;tj8rU8
zE>K~|L{OU(gNHC9;iJ}BIM|AF+0+6?8`M0@8P%I2K;&eAQmLUaSI5vE0#A5PC#jSd
ztLMu5wstkTr>3&I;t8rRdx@;746@3$qcs$?eFp|@Ma_kp2?8>2EYc}Ra%YPziR5dj
z-r?o46Z8(o>SaU0z`;)_OUJC#6U4+dy^W*0_C%DL2-e}@=mCVq$JS5v4&w%gjH-cR
zaNAP5i2EVxy*cC($o)4&>L%?j4RJl5N-N_Tn1~bRb(W&?1+%C0B&9s}dTr=**a(@x
zBY{tuv@!2YRy(LN31*n9yJTZSd&L8f=x29XbyEce?TR?{#Na5^;^5cd-AWk;_~hjf
z69%{jrOU=Mj48${%Uu~|^%ZI#lZwOX_0F^?1zOk=b&XJa`3h=S`+%P?vmkwQIw-3r
z>6zH$8g%2M+5%uH*yG8^7J?(U=p-qmk$dK=e-D7>!O7;_J*lNQ7Dp_FhjXnTDY~Eb
ziXVdfe&1gU{ey(qk!MO%rt)Lly{o<2y%algMx?bMT8NckOQ6<%i@h{P<h7t$2y|dm
zKazh$_|N-`_lg*S{J~)&Oof_&IQr4xPmzn93c>c{u~*IrQVB{9su-k62wn+36Gjd~
zL<n68TJ6VSFPaex6LjiNxgTSGx4m3ObWD&`5Hfzoxj(VsBS8a%h?!8hAh1B-ph7@I
z{Xva>GGSqX!-3!Vg9!QN62?M3K)n5E6GE85J%M-tulN5E3-R#dLx>_4<mCrrEJ7hj
znIF_2Flr%|Sa32>hF)m0AGdyBwO|}X2(_RXy>O|1TD?E9{IG-&Pb8do%0XdzL59+~
zY&!8Rz<j`?K_&eN{jU9cz_vlQLAQVWD@0)3pa@`wprL+&y&yX^y@q~*V1_?@K?R@$
zzyu(^etv+wfWKh9{Cq)r`Qb+BhUkX*!heHs!*PRgLs3ikf`0>f!}HI9m*xiMhUEt3
zhU5nHhVKUNhVBOLhOHLS4aN<{4Ri&T4}lMo4~7r)0)zn41+40yo{ZRtvKDLwLCg<>
z2#)Wk4H&_XW>8(f_kZdp&wql*4*w26UVmP{b^mogU4LD_4F7+X#2?r1-2eQah{W2j
z!oR|g)}PjI8?*<60g3^P0fGZ8<p(C%WUqK{a4$sfYp;8y<pM?Y=XBjS_mkl8*YV0X
z-g}P8x8sHHf4}&u^27YcFm|s4<ey9sy#G(b|GIbAblo%e(?18q<CS+j&m5C$#|!W1
z|15sbAK&=8m%l0^?)31HPiOX}?wSp))o@+aw3pP*udp;j=iINFxj=Ykb`6`=Ip$WI
zwA6R3decp08%;N~_%3eO|2uMh$N3~NQ+BPxO77Jfj*AYwbOoz=Yh_5Ljg_5wjn?M5
zzz<cZ#kcCoAK2Q$L7kS<(XF_HtTeoDjwW^MA=zfuI!J=ewbhBJf#YluT=AKP7N9b3
zvcbuiI@98}?)?B77EXtnW7G!QAoJ>vXGPbywN42ud}Q%Yp~w?fG^NsmB-bC>K<I`~
zqnwz|W>WErj@KAf+-OfO)i&AS>rQis)l{&Jdn8sa-c|TVUC8mJHLR?r$IB%<uC!h7
z@%^(y55CAZoX}q=OJ4<Epzs~bu9|);*$XhZatrkQ>H&JR#_I#C&6bVzH+t>(`aGh{
zda^es?E2D?O*Q-eMih&kl3rjpC)k=G)`zkga`amtAfKjirz58HLY*@YIJQToezcU&
z>*6xIGPfL^$Y~DvxTIjv7WkmCPYcVR1!o7Im<~W^x8gYxdD}=NcF1IWGh1uce8j82
z?GG_zw+W9!JLf+Vo>r{NulTp@(sa@+T+S5Q%{pnmPi8sWFW$M<@~-N;VLV&NuxMX}
zbcb$6ba@M|_c!l3%DJi!uCIWtCBQadVEkHNMc^9^U13-%U-d1!IKEgfc#<kH<@8Lw
z?1OQSyaY<$lL^e-QQ5>uR=u;~9_IX3BxbZyzQTT@Qz*q;iMSwtqVdFO(`-C<9O)X`
zGU_q0ccfi7znE@qu3LV{spsMVFn<o*+(+3!3V3A7j4yEh0hCVkhSZ1KpkzG#Y}j+o
z840<~;?)NNhXg`~Z)h}A5&Qh&91PGJPtnd9S~_NWtd%Cr7MZJ)o>!GERw9{NYA*+x
zHSg90_^<@ou8F4KcM=c<>wF&pCKd)?l<$J4+cCT>csQ93fWDo`Tk|J%NK+`t<6}gu
zGB_Np8}lLRblaUBV$#JAkW;`}Vsac{#PKnT(0XyymU&FVcXz?dyM6trap)vz;owDp
zwEiM#zFy)%p0zXtOWmIB0gr{J!RD9rQ3s@CIxRE(mPMqZtWyy;obC1Le)NYtp=+a5
z%gsrW)x^zdF#m$Jyo5L=>U?^3=A5V7P-|H;c*j(xkt-Pv{4Ij)^xmoMafgaHVHpGF
z<01#L-K{I$tnC7?HU(^LhD!qhzTrjf$}709wHmk%FTypGXlfCYF!-j3=_+usT%Uf8
zeI>y>d{2)xXJvqJ<ZZ~fnasTSRbC^zw1FvNGoSCocjLR<@KN_8`K1x?5-TtW0}Hz!
ziZD4|QQ=4i?<~Y~cL@c>b+>z)$>V`upP5-XIEXcQxM~%GQ}V_N=HDmE^~ycEqsi(-
z8@Z8v_-IBxc!ts9?UQaLb5l}my4o5i>9mx1;bds<nrVms9VX~5lTWEof<ss5<@SDG
zx1^ONFqKdmk-8sQZq=B^*;0l2t!h*8f@q+ne@YjMUV9v1XJ4PC_^@WXXAC4?4TwN=
zMDHO*cyj6ppmK#!zWSTyD1NA?%&n<5g`V^;+z7qRigmu&gq{R_y?Jn104LnCi>O!M
zzi!rL`!ep(t~Ex~v1h+#r!{kZ;{1Ha^|1J+(HE#q%Fu;Vue>qJYqkr$>ugtKD}i6h
z5d}TU%*-p?RWr|=%8A3qI>6%M5(L|F41dh5zVr7+@7X5CaO`I;+usTpjWUn4-cDYq
z&_qF`>#27TGM*~k3M@`}u(5Z<T!@ajpe@JBWTCd62)NUXhO1$KxiKx7sKQ!ZKb&03
z%DSAa(&4SMUrY^fo6iNzqi1veQnK>Q@_jjIMhsDpxoO5ML?|=LWOu?_(tbEy0X8(3
z)bDaD*Bpp-feH|Hf(npz#-l#UOqsky;}6HX6O0>yWaCPgE?n+*tr9K8Jllq60qDEF
zbAL=1oUU)LE%z8EvoaKqH%B^%x0J2)GMKlM9MLByP350NP3=rL?{jp!tqzV=7z#G*
zG_I+{DA$}tnwf0)jhf44x3^i2<PMFO$m?kc%$P9&OFJ$`Zylx#R<p}_d)iN%2?;Z=
z?jD~8$y@ic%Ao63-B-zv1?zk^3(TWo4j_#2PFMVmlk`K>F{V3h)S0T70x83i5{NVu
z0#F?l!iIxT<C)ik_>B*lIA4eGAES8NjW=e|_oLs2x}dh-O?Gi*$*MQz$H3@4bjas0
z-wy$$sFZ6Cvi&orAbK2+)dQ|AgmVPGOI?N=YTb@Id+*b}wWgn+vY|A~+nx{AFdj1{
zTem>x`+vh(z9ff7<Q2od2LNeh=gbXy&Go=6eDD0#S!Huc$t-+)XBVf1)hYlf7H-Cl
z?9H#6D-An19ZrastslPhy<q;SXt%I9*6tjo<i(DQ%UN}3^JDYT$evD**3;UrqcYFt
zTne#g9$BMSHXR}pN@*sIIFBBBYbI`kVFkjNu>8`y5*5;%6kDkFg{wIG{8Mf*11ml{
zmHh0)Teh5y&zwAbYn{B&rRu4!92r~2QejiP#5~tQC!MJI_X__Kkozr5d6QF1NI6?i
z5fK?V+Uqv{20n4T*jY}MErH>gsny#YIf-uD1E)nAxrrHsYiuSrd8jCb9A55u%Rx0+
z_Vex_wF%?OzAFcEH@rIA9PCQSE&|L=4(4$-<^oInP^XGV0gVwm#NwjjwRj+mJO(YB
zcBbtpMTAnSc)gp4#*-Vzvnf==dBdWOuG3fZ$%pN1mQBRf?|%u$?eeZW*lX{BhTU3R
z8aJE$0fAjV@7AEFc!&m%uDhM=mfCG+T?YO^^a*!MPqm%lu`uT2xI>5g4N|BUgmH`Y
z*55GHo0YHSQ;qXTjKCtJA?_yFD?@Fq`ls$y(j|DS?dv}$#<$U}eVJJH074FL4b|@o
z#0}=AtM0&*7(q{$@b$usxY%SPxCeMSD<7NNx2|K1lA>GoH2xilg4t}G?d%<dLQ@Le
zvu1+syEoEZ$d;ZI-h`!4JD9CD_ey8UU%po@V*0<s+ec9JNs>=c>i#9jQ}Xg>zc98q
zVXrfSpC|j@%^U<$fxIN)5c+O);HZPZs~uD=q(eICk2z3?074OMm1~$zp}&F6T^L{K
z!Mf4DxF(|bbO&zM7npWY3~eU36$}-QWzPD}PFC$k2`ZexlL;x8_spT@OC@UKL+q@y
zQEF_30v2W62qil=LfI)}HHl_^>ZU9GvbAU`W);b2%$ksIJ)5!W{=!jd#D7Dc&qOes
zi6h!$#q~$>8Ga+~%d!2dfe?zR7wBtF%#%}rOy`sdyNiD}>Z&6P6RQjOIYgLgM2CsL
zs3jH?)c^I!d>(`*gzR#?3^sE4ieC^2{4h*NxV@T_+}2-t;MU*TFm_^Q$z0f*G9mqB
zYjSfCKa1^7GYd3Oz71h1etGv`eSf`R3l7pU;Bip3{npADFm@;$q$Ejh1g_(Gk4u(u
zM!bgUBk}ii56j)HR^}G;tSo&Fo{gc>44^$WQuDB@I$0H;EXd84r41T4wbs+J$hjy6
ze`;lFQW*+rNw&rhgZbNhvBFa0Y_(-FLr$ThE?&b=$;AkA&dzM@4=xTGhSgD;wr+NV
z2eNl}#rNzn6#@$QhU`=rEOh7HOYwEp6{&*jFai}20~fOvmS$bLc!}SZXa+7eZ7%GN
z@<-eA6P(2<&jAWc=vkGrA2IM4))jx6?lMoT!;ib@a&%Lkm5woxhaIuE=<96X<2{@e
z_Slgllezh!>)gg|5=8kubSp{O+wV;N-k4$cHA7xLlBPteRervaA0DQ?QBZd1DzeZa
zAyRZn`bGfBrjQf3B<1$-n8O_h$+8=z>14%9`_SqnJmDBPDJiw@<KLg7ZlCC$Lk^gg
zv10!46QU+LP#C*-mi&d|CubBi6uZ@TNy>>B!Dr@sCVXz53vkP3%x*c#NyRIe&xlWq
zGg4c-S8t%5Je6@xPkLg;GnbHIA^2Nuo?T-YbD-5NGd<1O(dC~g&Y>7^xN?-~`5+TG
zntO(nxNAM<ob}Y<`CQxT>EXkt-o@MH3gG4-o<!$Q;5@^>Ky%r8vdNhIH-l@anM#*k
zfG+bil4rh*n{{)c<@(3&1js0dgD?=pB|@o`MM$l#;UNG<)lj#YLA-Mo2s67unfZ*m
zeRwFD0_P6nIgpcj@`mkOR3ZK9&rl)LGJEz{H?+0k(?|22Z@W}YTsabY>)^M2C-bs?
zT=J#7<IOM2K&S`Bqn{Qioz&soZu?l2-I(d~kiTgO5jUB<E*AHFKiVBzHnv&k6BowU
zpEi1j-r74ybt!0Lc6CvWN$}A2eD_@N7QFMOd*hNOm!LKkcEL)tloXI#dBk_l<R~}~
zp-j9h3D<+J)lZd=izPL!JlM#jz6BG#p`Gv+)9f~NIy|b%x1POKD;DG17gem!=c<>C
zwc|}!hv=_eY<in(qu|X}Z18>}J&{q!8L?phOoKM+9OX*mGEdz#JxcTEHi~!mk7cC<
zBc2{5b!V)!>hY{7*QM8%V~Jl>*RNvOe&6<e@BZ$gCnvw5>VM1(9qqzt7y$2O!WK&w
zuQJH&#Yk}*f|*IaTQ0ZB_VPW6b0zS8ne_AwCGb9;h1zQExpsO;x4+nYkAlA)X|LI4
zdVi6F`(88j@i88FnD_NMdnuW=*ZSo2b#r+}yw<Nf>%Ql;YyES5QV!+g_t*IZ+tB~%
zxPNaY50zLa?dLy3QVqH2|A0b-6utJ&j*Ng4B_?D3tTzldPngq+f9Qp2!b4%M5ko=M
zagMLLO6Ki1#4g6McVE#cfp$_oYE2kakM9Zc(n$+xjmrLyqx9LV<(NUm7I{qToR1>_
z{wMKXoV?<N9pj?<1t<f%$z)BBrH75Cgy6TdjS(!xbm~Gcwt1bw1@Y{_;_W02*O?hx
zgqbDAq=m+$MN-BtO->Xk9NzT36xvOsrq}>&{x16L4Zy-}A^xI#-zeMHtmdcK>>3F9
zpEW@{^~}h`O;ROK^x{cs4H9Kg=RtLnIxYSnP}?er2#DV#vr>g{R&0&b2M#atICr_+
zt8L}B|Gqa!2Uxi6cmwYmVu73Ij@@!BW@|N?Nk^WVYxk$2-Rm7i>#$jHaLIIRw;>Zw
z0$kq>0Hj}Ia>(t;i=H0sE|E>?58+Sf@I~K0+rm2}Ty(J8+4k&pp}Qt~lg0-zEI1)9
zx*WBZlb#i^xtQjP!b)Y4^;7n&+tHMrCwH5S^Of1sd!-6~vW6&`lq#P$<~{Sofw}(0
z^YF8G$Upqk9mGk*=rc!6j)$qRmQ)}ukj<QXprq?cAXaCVY9=WLe{BspnJ)n=;kJNS
zAYne~#cFREntI@rk^oTDITF&V6Kw@gaSv)m2`6z)6D@C#rH8qLm4!>xOKks5Q#PUU
zQvp@i1K~@(&U)G@Lmg}$B}t&`uS;ps3aVA+O53|E>S=QpVwH?sOf#+}3Z(^nf%GGW
zZUZfA^w6k&hpT*XU(>Revuptnvo^R3qoo(zSXl9X%;_G`9O86bzFK#?u0aX!QlmVu
z9tkRTRGqu7zl}dtZDB9xDmT^7&LX7i3v1=`W8Gzmf+TT(v@A=+awEs~g(~(=lOa<g
zT@m)@OdI;TU6AE*X#Afq=Dx1X(%!b<!S;)(LbY9b=nw&&DUY2rP}T4P6saVo4fE}C
zsy#FGYZe^Sd_+@(?ZE6eiqu82+WmY_6O@<O#kW}W_t>)+rHg0cDq&9r@opSZA^8Ei
zu^{^YI~aHI#%hq~grY1-VD0mw<^G^fL3G9W1@HBt!qTXKYf}0Z7fCa?t8QO9LREY3
zE*W5t;HWnxK*0<^4WY(cd@v1r9}hXUxVmmR9T6eZMeN^i*YGxTXm=b<S@!E>H9+OM
zzM~|{{9LDR7agesiuC$NBSVF03yVQnUFI%9UN{2cWGF{2SI0DG!l`m)T{1Q?pgk#V
z5{XD*iBpath;TvEi8bf~jO$XVDEd`!#PWBtCpE|gqcC76cg&@`_|KYOY&(;QWvtbO
z!XWf~{K@+Sez>5}oV0fm<LBKG^`rE{X%vtcCQ`{KDSWQRjPSKbQ^~UpBc!r+!yd0h
zUvgnvLPa@h3SfA~{tC^5DW8$1gXqt6B8LOza6&=+k%5>+hAUK0Kqg9r4L*s=j@st|
zuMCg&3o;>;7ODqHy}~P$mYYCXK$m9{h*}&Sn@M|hOQGjc|L|`QlIJ?;{iT!QPvsp0
z={0x^kByB74#I?7Nqyn)Do+Qp$Mpxbk@@5aoLflzfp1LKjsN!Txa^MmwM7Fe9$;|4
zI{v$2$d4#m_<mI|&eqCJ;S^tkj5r2uQC<ta`Kc##qfu$L3PqrY$O_pAQIX5?SAfP6
zf!ccy#DD=3WTecJ6UVwuWu=#}1gM$%=`VQGus8l+5g|O5_D(xXknhwYCU9IL4$*Ud
zF*4|fkoNoE(Z$j%JkF=x#h<oqt7d-+bf$Bmb&TK)5ewwAU(Caf#V#Ob%}<_OO4^~}
zttTyZBUwhiSVtaM@#c;v@Lr@AOlC_#z;xi;e^#o8i&e>BY?S}ZYq9~Wa%`1hyIt}f
zWYL4P?}!D_g8a?mtk3S)OO0ay>nG&r<g3KFaO-$U6<#z}nI(3BW^N8ROuRZAlw&So
za*JZ>off+A)ACI{<d}ucv~8Cjy-uVpJix``cGE)I6+PfincrP(;b#-5wdY%H`|jYi
zuVbqmakimhvruOWHqG3uXffy5?4r5LdiQK`@m#LHSeySfZ}khISU=?&@!9?wXO$Q2
zYP!<qZ+oB}x;f{{W_0el7O(Spc}mr&SEp}%2d2z3SK?L10^I^Z7`}q&aq*Kmy6Gs*
zSc3XNaJKB-*pz>acnP;Z%0Up~?V8jV^g+TuTRPW$t2p4qnN31Y;o0#IX9|{si(`qu
zHxJ<KH15h&BG%Obgc!dyZVQy}7ZKDsy8n7i++ai`GIghI-5D_}pIpb3gO^}~f~GUS
z*|>xu7!L#n)=fSu3}>^NYeaM_)G@Ak$|@eGoAJ6`_r4Z<dKI#F<Cc@C3048Dlt<YD
ztiCjFlZjgPMqr`dt~S<)7o0egqZJie?787CZSfORV_u+_f;Jud$xX@X`?@Ny*4|5E
z{pm%qzFnA=y$-?BgofDj8H%7h-aQSJt8gDej(+%zafy8tg8;2HI9HT-p-xaQsEpN6
zQi?)h++Y3%(-^3r<Q_T&RWtlV638^ZxE!!n$>?sbDzkoiSsQe-PlzgV5H=5MR%{~Z
zoMgmUcdWRFrU%X0KDz9jB5;A-+f9JFdYhfJ%_KFN$F&t%IFEUq7U1;$El-m8vpmu+
z(b_)fuX{i{L4*<ag~4owJs6HTg0?w=_%Ytt)n6&zzf#(Nk3rt7O{ul5sKvGZ1E8@g
zpjJgHZ$ZMhhXT_%{tc(mvX28?K8vr6ut-8lgrrQ>N7`0st^~%bhC?{jK(i4LCRX03
z!Fmfm&>>g4!S&}O{huGiFb=0+<FAXbk<?D9l9dwAuY68K_McX2DLtYWF>B*6PJf&p
zPvTHBo^u3wW|jl3$GDuj5znTMbO*P1TZHw`EQRK1ME?DF8qoWj)*cV0t8wIPCXh#t
zq(=&fHR66YQDIh#&&A9BiT4d`zZpH<8gxbBqG8CASV|^FKO{xRPsp||EV$T_A`|TC
zc}iLzg_8aNg*G4sk#1KJjDcGfSSj7E7=FBfVvz0wETTiNQf(`Yj8QD^l7STke$h0s
zFlq>F;7!VanuhHwzkftze|7EeEs4mCTUdZnV#&KaR<<6e;p(iL=d9JA*F}w%gl8bQ
zR9?dgwGuue66)xiyQE@w>Ca%p>qKpuU39u%9eo~Oot$qzPqGj35?0}^E=BGcyo{B+
zFrOh!z%_SU?8bt~gdD4NCO2GEWde8|X~qu3)>+T3`yDk6P$34HLKjmSz@kSE--Ne+
za#H0rO9aiKGL{G?+R}aAp%`pc-gqpQ(wF{uIAvjsAq;GTpG@U<Fz4Ez{}wCyMcsFU
zitZ%Ok)!O4J4~$UsQc&UEzihR3f7SzaJIZe3*K5brp3<8EtL7-{ezQ=Uj%};{{j{p
zpHDUO_3o^7Dwmx{IjN=W;im)QtzfN!&A;woPkA=jQIOxJU^HBZAcW@Nq+q9f6X~%(
z?*QI?`yJ*pvhHSZ*#Mrv9}+{Eg?ZUhtZ;J#3h~Pj%20~&mP4n%=cG|awI+y&YlOdn
zID}B!&BYXSRy)i#rRHJDdA`dE-S!;zHpD)g0$Tg$U)tj{?1J}E)WOxAdT*^{9baN^
zBq-JB6sc6egI)0}W6&?zM8epGyhwTsZZxrcwg+>Jih#&*o@KZJYYJNav1Ir@))6t9
zT{QF{(%I5%rEKJ9EO=LN{V3qNCY!wj%u@A*y~mTnf@!t4$J5(>hBdcuU=8si)>8<}
z`88HJq8rHYebHRA@u$#O`(=7aU!wEhftMO@2VBpGp<UZ71!LbC+;oL1E;jA+=AX{l
zM)=i3pZM16JkJX3LBJ+#Uvt?tJHoQd6)b4X4oQ21q~GdabD`(1FFG)FP3v8gf%mLc
z?s}$*LncSn1g_qcbJzP!HJ&gMM-msss;_XR+Eh){0Dbj9Rja>Dbh`Y1g~e&Aq}0(z
zZ7pW3t=f|J%IX}M@-yWTg5NGl<KGj*05F=2Q2QHu0Rd?8sis<X+_-G0ie=#3M{8#=
zk6A4b{Us=i+6X`}M2sbTg4^}+w@6$Ga}QDL;-hPN!?Ng}f#B%NXB(01yK35;00)}j
zG-g4U?NzTobgh(9T8Vmg$N{V}!>%br{Mf5m!{*GGW?v+rddOwifYZpe2oIte381P=
zHPPtt++olje9}n0R}(O-pFu^UG&t9>>_=piZ58x`Dl&*eqh8C8$13()ybpiY?mM$n
z<XZG8uAoJeVTEY+{Ax66ZNGmyKZnrqX#A#%T<D-#a}Kh`)H_f0({8>RnJq-`oYLm?
zx*;C6VIHpG1ZMj_aMDv~nR*p2Re>yq<Ayt%UA;1K@Gw*6a(%W-hnQC9-jqh+R!Js0
zQK+h~L`g#z4=G6Y@aATmfu(^86q=@JOsCQ}xwQB|h&}rnj8Ge>79rjdqnPkDFN{H4
zp+G7><y3+$3i)bbXkU1XC!JHO;GU3sH#AtGRMPRCi1YXvHoWBDD54~B@`ETdN_7Dh
zIgA;hv4KY*3G}I(vdnq6oAnrK3p>*^Ae;FCSR>et*e7$dMQ<P)W#GJniXf~NtceDo
z9nLu6<)m2nus()!`nD7~-?(BjJjs5-NsDW(bFxKD_8MMLCqXQ%Ci!Y68>EX^DWL(d
zJfH#sMMrN%*t9UUUh=mzlg)<wY^G=n)=b0N;od|%5Nf^&Z$cy}Ix#Xz-q+wKJ?$w%
zW=Itt2m+-qoH4@ztuBfMde?C@f-19;e;ut#x6L(4rp!%`7pt)EY-_A`xex_H6q3On
zA_hd6UW>)`mzB(Y>x*LX>NKl-*`0G#-Sh-B8SF{yscp61YyQo_c~xo%C`C8TGf2=c
zQ#LKXtQx;O7hN)W#Ko4iRn)ih1vbnDj9WQ4PK<yBCpUFH>izX{BVzM5>Fd}r32Y-5
zcsipUR8CDr0<TcU&%|*oY&VAQVwX7ak{o0HS#3o6RB92ciNsH}YjH~BEo}Z1G=czr
zIH@3B?X9N#Eih)9#veMETsaG`ye<^Rbhe=KR~}%3KK>~OIeWsFhEF}{<#ARJIU55S
z2F8LEpzssE8;m^2N@^Qj|CK8YnrMpjias9#89j_CSHjpcxeT|f!)Eg*`FVCCPH6><
zN;eRqEaeaT-q18o?QGYdv<r)p=3i7l;|f4)kVVwQlFJj*0Eab#>h>gCmYdI?xKAIG
zS2lLr+n0gEN5`329YZj@o}W`6)pdRPT>>{1o5#`cuG=1GkZyPZ!@4l8c2lMt8{9lj
z$HjVPM+$@Vi3H?ZLG{8L{g+|7H|8m2E#q6}c{kDVSPgQtQs9AV#Ie{RrtZO@oKL}>
z{eK(#S$OV%jr{|xbz2O~YDIJu4XQ?aqy_t<lZL{LB0Bl#Zv|bP&ra30E`EmFFM*_B
zdPJyn&dJ`yuhylk;2=%M#pzS6?guCL|297>Yj%;(Y>5Opdh^|n7|?>Emi&2A=cy+_
zdv{hSBSt7zwrR$3nR=kVj&c5Jz2()9520j^P1{HtHr%1>8o2dloX9%KG(&3}OiCes
zncJZOKMw2eNz&MFSx|MBFs<h?P0TUU(v}AYLm^?6$?}Kj5pBaBpWzpBkMt8F%&YsS
zi&Rae{UdJmW|W3zyjtmfytSQ*z9|DO(qjFIbnX;hSW#G84;Qv5keI1tnr0G<s8WPy
zdB9W{^2(X~8sQv;vS1@@jH!&7-eHcA<s6<>dKK0F?ppn5%`AvZ3>(Vnv(zZ6Zx=Q5
z^j5Y0Q<eek+H|zR<2zDC4lQKU?B<qis$Se4cl3%`?ZPHm-=z$er&6KawUEK-bI9^V
zlj#8BslHGgaz9`)&;l<gD5s9T{Z)##Nmg_s@{s5tt*k&Z<ew8^&<0AmxD^YahTsB^
zi<@@n2LGaJQZ7~2DMV+7QOEOt9=Fa}-dk&L$yn^!)x5)f?cyWGT>HW-uZP#(N{Omd
zF;<1K5m#d=qp77onET!Y#r?AKIGRF#ocDgjU=N3}2>&=sPT!I+SJUHWXOP%O4W$$b
zta4x#?Y)qaZ}7JvRwo^rWOgvNQi%lh-gf@eRpp{OVjc8aGJlK~u=<A#^&S!>t71Ka
z1Kp}AAZ;Fp4$uA=D`L|aZmA<*p4l+B*c)93_B&~NcR68uSf}o>WDko_j)p~%#yU=I
ziKGncx614onTkl2dP*lAp3^ylE)=fP)8vTVJBdn1W50pEmv-^f$RTtHkS(Z4Zg^+8
zg3GXTYOP1zY1;}(De01NEPTx~j28p$njKL~lpz6NOnryr>Nnru<mR>wqsPb!mog@g
zlJXlNzmUPsXpyd{CC^<D;3lvK#YE|*_0TUTges1M_8&BrlpYl3XD0sjSDYG2K2k5-
zQ!fOKA(U+nS5T0VKLONvpyNN1RQBT}1eb=?V;UJt(8qc&MrolZ=_Ft1szi=+FwXcW
zG6k&LINv{<EEmp9r~ZyKmWN+*CAcz?Gq7j_)gAqbpipJ8?J#Y|r_?<4`pw&%N7-ox
zBdFA!uXY$Vpd`?=;+r`TplQS=8eXkgt{&XgOPb^6_iyZ&Hg`J4oZ%^zng?9<2VosH
zJ5_IG0F*MqAQe(rA1poy63h=lp2>IN5k#*!b;6&oLJL3a9>4@i+O)R#PM(D;9t(5`
zVby12up}Pfs)7hN4I|R`jUjr5lxHI87JN}Gu0@o`@KEjq)j-r-*mJG4Mb_k1EF;Qc
zkR>Ygu<mvSfBB)hosyI}4)SHE>MJH2kW(-8nm9v6(P@)}PycC}y>9ey3vrA8y{L0^
zZ?23St9H6L*r;Iy9R}_2(mTc5sPiGHT?Ob>$056<2xE>Gv3&k@ojCxR>v`s<YAt-A
z*$Kf`VA6^p_Cd4<hRhh|CNv12&wxZKocW{5Hn$4BkzAPft%J&pX^i>-ga=?%TAhiw
z<<Cl$GOJ9Jggs*_sww=&Pd35FIdr*ew=boDMi;2pj>OO?pap9+Yuz+r{a0dqCweWg
z$&Ikn3jbGJ?6z1uU3ccRVNiVHVV9CsQbg5V3Y|qei8;xb+9E{?vil;nb7G+kAu^Bk
z#C}zsbvWVP%YD!k^0QmPjrJ)jAn2t34CW`zo;lYS%oL2$Wmf=<FDz8bpQRJml?@AR
ztb|{`lyBa(U3|9tQLyFUD*S1|<IXw*O?P2VbN9t<0nK-;dPNfF=%Gu@aLcs8_`IR)
zLVY)3+mb#72=0;1JVt?UZjg)jHofI9kg~7w5Vcae)<|~Z*OtRVvPi$#h4w{nK&t=}
z^Gbw_;Ow0py_!TpdZP;J<ttL|rl0ab^u>2WnZe%N>f%!}&ZtQIG$sq@(CO?4irXaY
zM}Fh@M<B2^MKNl<SdVRi6zuM|>?)I<Sy#1w4MmDpj}r6{v)o|KN!`$h;6?0becCsX
zTcxDXI+KYCe#|(Jua<Hlb8vSAOt760W0XPinFE=Bs^v%SvWTw0IiUI0g~W0e_mwfY
zl%(vOe|W;8Wa7KQx-`}05>O1+{(@-CKXVb`(D~izBa&^^fb3i;!ID(otZeK|M**ow
zn2(EtFF;UY|BE~SffOC{&JC0z8PxA3^$1KrGpt0mggbjK{eegl#>%*BwYcPGk}#)X
zs3D6L6&58pS3(n0nRf(N1bJ<<BNmjov9LZQa@jczgyD2;7u{5d`%fK(H7Iyx=+0h$
z(z`C?BN)tx(t+kVFB;}9BW2Rg1%m&Jw6_e3qlx~7L$Kh%9g^Vg5Ih78?(XgyeDUBG
z+}&l-#odFuF0i<}EzafnzjdqLTXnzP4>Nsws%Pf(@0_Ww>0|Iybgy{8nTkD@v@9v|
zo|hu<cZwtVfnR9VW>XC_Fc%={p_vy6n#ty8n2rJC{R_R<nh!a%UMT0Y;7WA+R~uAB
z4knV)>SxU7%=DfyO_JH1;@%0RDstr8Q;mw&+c2r%4?1;9XQ8MorF&QeWTj&wDIAvS
zhg#la$I+tRH3J>%saf!dBU&t%@#<5`pyWm0<ZGHtqG*myD9tHRv>@GOjvr<5rWE_q
z7d*_{yuT@2S%sxujZL@%QjYnZ<VENX1zEmWUCgmHbpr}SMez!HYOeYbaN&o8u1zuQ
zJ*CSOrIy{u%sn#=Li-ot8Lc`c1I_6HJ%71(2YKFqTL3mbhi2c2V=*QWCMNa+>M49{
z_s*iVjzoiC(uDml=l}J4FY@eh-@IG$h{xNQxZ9?WKl63|hV0wPSfJFT&+r?P-!bp?
z&#_onGDmrD=daQZvDOXQaH|)#$1dnRc++N0+wTCaf2<eP29w<VRlD}*QAq)Hjg+dz
zV}Be3X9>j=^OE;!1r-_iKZOr{F;*~o#r`_$2|#@zWq-b~YT!{)Agq}azt8DC*@`xJ
zot+1!Jzt5okOQk&LezQoL@Q*DE1%aA<!ex8reZ9CU)#{oqc0w;r!#GQ0x0>Y_a%#Z
zUKNtkzhX|n0L*H>yS<J`j%XI7Uc;HE_hICyc?aHMj<AO9vh1<so7Or#C^0Mls~Bv$
zd6?ghc-Td8bTXWBrHq5V@{vs1H}esVd3|h%)B7H@GNAdfRqK0Vf9$lfnp01kO4h0C
z!Tw`_svh~X2(<Joy1&od*XCYE-A$PLiMrm`2NYTH_CwW~JNkm8UR0E*CSJftIg}Y>
zh#U#!QQ=!2;cQkuY_i0CS0T$cUZ!$lI<Rh<S(S9>g;g|{Wj#D2QFH2Q3LTTK>_k3-
z>Tv5A3M>6z*e3b{M~@jtITmRfWZatH4=DOS3gkW`UM?~e%!>gJM=TkX!^PN9jPsIl
z@m}9~Un`Wa$?N$nIlqv*Mg+2yj@9V+5UL<uoja|f#6l8%nlBxsiXj~rs=Q;B4(07U
zfN%EAy&=mhekJpgm`94~Ri1)qCiT$T@?7gFTR3N&`UVtUek<ef8v6|RI~U3q6k+;X
zg49RT!f^9hj?be@$Pu}^kDnE`SU8w1eUvg}B_wGj$6$eKcxVv`U?t&iumPS*P}xW*
z9U>0*uv~{ZzanUs6^?|29J0QOd!)E@M>F|RpuAMhUsz2Ta-hsHv=dGa`gD3w5_ESb
zDM-iuUBV@958dP(EcKJikNC&#{)H{(tvv`IF8dxahD8tgQK09?hvB`d8IBE%xem?G
zC}HLwsW{;RXa3;ae5%)Q!B18Y$w<m5w+vf@voSMqB>j4r!zg;uhBkn<sQBZ&5e2;<
z`JX(fxxFQv(~vi1;AqRy`dUHShNVMI8_J@sFS-eeSb2R^fMjRAJWRgYA^w_WZQ1zS
zu!bsmLq-xuE|b#-M`-m4Sy_B&*3vX^PO&1c`LpMr@Ih$^gUUoi-A@&SSbDZeYs_x%
zs^m+?JT5-CP#wh5TMiBm%88arbNuRFcarYYdWW~0+tb8|K{|qvH$s8y1*(fN1x<N0
zNy!9!856~)bE?MeSQW$(rv*a7join57Il8Ed|4Id7Gt(;Ny`cPPu#F}Y8lV!8Ib<K
znG}4zirCLX^fxnI$&=D(k=0Hlk0_}czA~O=Uu|*ks19dIl=E9_Shjgh4TcEZCSkU2
zBBni7|7O769Ij6T-@sD_>s@r1mT0#UAix!UF+Ml74u5ztd_S{6&<|C5>rvkJRXHSC
zW%yi@qHy*ib;)jn4~w4tq`{iZWAixVuQTcV#aMA_k`Vz(vx{>-=gQ5#SFdex_1Jdw
zB%J*6oVON%EvmZZmA&0kttxJIF;MVz+m^zH6Gm{D(OH@~<6OMu;lx!=e(7016}-fS
z&F82$*<NupQP8D*!II^2pp#!TUyQne=eH=CjeBJxwaZvEm?bc1v*+78A=V?rD05{D
z=RnBn*li`{s8#HcjI6MAYa7Z{KMXo`4OnQN$2ung%Wh00$GnQQE8vKp6*rHk+2+KW
zsqY81^V`eWue6s<q)bNk>m5{Q=uc0Fmh#zF-*|p&lb;}~4c_m*H5ScUNVe@k2N&C_
zXuc)CblnWLqcy!I8$iKH455Ulajnar2fR0-vO^Bl{Cq;sZG@Ij4?N5=jM%yv5{bmW
z+O9CsZnsmWcgbC<4Ypib46aIX$!QrQ>+p7O{;e>U{6iI?@C{bQvry7VT7AWecO+nX
zun5PdO0o|!|3SV*k#&q7Gx$_*M9nR*w6E~HM3lQ>eUaU>FRYpge6aCLL#*bQ4#1=V
z!9KS~)toCM_PyDNc7fWRR@AZ{>Ok%*dZTBxxW<*ge<8H9pUq;JNZEVyQrx!F@&-fw
zoZj4hq5c1!F}^X(a&<(DpnwybxEgmTa(v|d*Q?3+o0;uUcYAAf!?s^;PlLF^1$ic_
z?6~ibUTki>;saPIIRpvMS<afPoE}*)&`lT4gq<htybHYdV$d!nve`5}I}E4F<)~lM
z&!6`-I1GedcX&G6fvzV#ejQ)#2HU9BW4%MwuX=P7Q~mKs<M}4#Sl?KTd8a#^ja?--
z@sHCFTnYEm4LqzpCi(73kJ3KLY2gbA1Sk|>$XTkQKU{HR;)IW1Y4NT<Fj(LUjg^{`
zSixVVBXv0s<`OGj(2-!m<w+Vpp-E^LnVglwaQ;?R$B+z4pF!mMZsw?Ecc7*Fhz2~;
ze5MYXwru7{Cs;RWXhAhas}T!`xL&HX7lb!{LLGd-W;3k%YQJNLQ2cuY`)>?HlvN=R
zP*E|tcA$n!aCsj{HU-ZTM_G_3<7eP=wx-DkFQF*!c=~R`#h}Ycye1b8MH9)i<=QA9
z4*jw9gUog^C|ls)jtDKrm5WEL<xH#YN=8O^6*cQBoOZ^Kd?d~u{E3r+56CiMoqyW`
zAi^jPLGv~NZf7GU`9wm~jrwKPCEr{=cuzMsx}&EmC=%1>41RzWxkL*~jO<GE_yoh%
zByC}dZ<ikdqDqMejm4)+x76MAjkzjJ#z5*iDaMdoO%QX|Ny#v6Zc)QwCHkztEl>Zx
zTvE++{2g6ozx1%N^3P@Ar1k7V(O`XZa&l)NO`hlexQxbuzCWbuX~f-}x(f>Qb_dlX
zh!k)T+y(}z9D2U|JDsfJ@vse9ZS>}Dv_C*UtkmC(*>|Hp9%{;qDMO+Kr_c(AG)ANP
z^G_OSi3wbl0&%l*9hW%Y^WW1O3@28bj%XCtp>!$w(n;wkZ(!m6@Of}Q8cj66#VzB?
z^F?opbW@QXK{3WMD$gvCQ>*1&rREa|$sG!E+es@#j2$kpkMk{okMlC;A+U>EFVz)u
zu=PYb4-mSEPOyx_$LpxGkT_KB$i0El{Y$jhidm2^0X?V+<vC@>Xl)ZXus54plbZM7
zGA5mqBUN=??`(AF%x7#Fk=Wre^>Un+AoAEKr+1d}rYAqwM$@lC&k-x08L}QXpO*Aa
z<Zr3#mpQFhFlf8gY11+3YkOK*jC>7Y8ftRz&DD%t(L}sMmGnEZPqS^ckLBQ5>pX2u
z{{e|ve-1%E*OPP*{wSeNs->a9;baLic{<wkZ*l<mG(tDhe_I3Gg#_!%H&D>!?7Dg8
zZWh2i3gX@?F6(2!Ye*IG+0lhJe;Z0ehMQhw4dq;sMj`1Rq!ZZb&cYjF<`mzAFc?&d
zQ>no6eC8ul*01ZUfAA*%2pPlYD}4g7=IF9t(2eY>SbGZv3xp0qF|UvxK0L~}e5;Vi
zz!s1CE3_6OP6|3=<BIupQVkMOR}VvpA26|&&8l?G$3Wzf&Cl}QjSfd?6O0J|#(8rT
z(FQVo6Mspqq=${~XDB;1Xx`qlXrwu+_TIefySNWrPqQQk=B&&cUH-NswoN<oU&4MH
zG4T_qwR&8R&Gx#XIJ|eyAnS4}U+%o>B-e#bb*-)w9i_EwG9Pqi2bn)nnhhM)7=-8j
zMf|h+W#^*^%_rU;|Ij~EnZrB%y8E~Vb6hkbPI>0#|8?5fsR#jE1CB_e9MefW*D2UC
zssI?{6^qs}Tr3hxq+d(nk$4iJaZ-Bp2yZ6y1xFAtq$02p-AnQ>2UWhmg}3`3e>w5>
zHGUB?!DDM!y7cH%iK&UEp?4(mzS{ba0S->4`u1@ns_siHjcZEa0^9X5Auyy^D+~ER
zSp1~`4rnBTRu=3yi6F9%NG~XJn@@z_#~T$GWD%YtR7~wk#^A6Gx{3W14@dh9xch(-
zfRlKKrnsW;BkQc64A=FNQOe`TYILfLQx!>wn4yTaZJa>t01X?+<4TqfwW~Js+wrQ*
z=NK!~P0P;;RU$s*0GWyXQIXvW{)EOU*8~#T5)(6|;oIKC6WLtY7R`qrIKL#YC_1IS
zhwbS9w3)_*^hoJUX6I_c@<R%FhzWk$P5E+naL_cTtD6@BacJ+h5=Ryq?^YVqo+4e7
z15CV`x2%#xMA7nmTv7LHQw7v3&`TGE0hTV`*j9)>^?#)AG2zzy-oc9l;sSQHR9|1f
zPC^{RaSMq~(GRf6LauaROI?=uXxZ_xmieY~1Akim2!VVV2Eq&jjnEyi<{79d7}S@d
z3{}N&(?2~YeWE7`yRa6cyphM%s2Y|&|NU6VZLVdOrFd0B#jd;J?SG<EU0SR^?Ix)G
zokADEhuGT52Ac}G5lyPRqO^ttX62rHJw6MTC=5Vt^R{uV1P?M(R#|3GYt7uIZ==pT
zmLGoAzr0muV6l$Gaz^p>-83PuQ%lnG^lr}V(i@j!X3Qs)@DJsO`kk*-Epq`8aODnM
zZD)6~*Ux|*0sT921)-bTY#@or3Ab}bG19cl;srU1XzN4|5m{T?tQCr?wx{&MY8SnC
zfRlbX_N^c`@?@;(cdYMlhw8rNbhyC8mh(YhwY^VU6yk@2bv_wke<2hT{n0}388Pb9
zpiIrjxH;LM)PLz(#?sQ@q{5>x1$)Fu;}-DjP~JDmD<mtDBRcNo=tDJ&78Z0W8kKd*
zm05l??155!UXRzjsj<b54|hE~_aE3%UMoAGE5|;I4nXLdw}p8iw;qFbyY<AgwE<?Y
ziR{@QMxD6x@`rWYYifmC`36%t5(Wof7q-bFjYfmt`i{FT%mds_(tEG$tNTKdkT!ZV
zzuTnIrnHGIDvK*CDu6ayj(&F}%~e@qZgK4X?9k;_ZMz35%f$8oSqxpa`R1&ukju9c
z+awdyiu%DANwdm5HsN7wK;Z2~!4-BDd{I&M%i}KyCFtVc#q~ej%{YfnuO0Dz3cuBj
zxGt`;KV=eC%1$s+zF)id6Cs}zN6nLD8H<qAE#xmfGF7S^i6GFQb6HI1-O<or=IQ4m
zqbzrCiLazF-75NkouLhtyx~xnc}<}t1<c9a-4of@*Pz&#RzX6%fg{kRfu=LcBx8S2
zg@wgkYF@{PBH9}sh8!IkUov1j$-A=obb=|9m05J>Urvh731LhEVhO#2k18`o6(%Os
zOop0Wy^E#5REQ-_lDr)&v9{BKvhu-PJzb&elf3VxjxYQK%8mZX?MU;5xxP?|-9#g=
z@x)=*(W}p{?W1p&C)1i_4&L}0i*U%huT2)eZ}xLE=NZQ+WO0XQkkO)wMEKk9DqqQv
ziORIq>wH2s#46wQPh_xFh2AR$@y4qk<w!3paw}CzQpr2;4D|85OFfmYldkJ3Z!%PD
zCpegqnY+G#>OiKu3-kMG`1nyd0>5}Cvv)x|yQp&Mt@)Lw*^Mp_*~M)uBlR><lfNzY
z_e~YX8WmC#tJQ3qJ!;>chtHl5r5A9<11P_b^WRWKvNyd-=qU)L(5heJB<v7>hQ$bc
zHocoMVI*!DO%n_@h(EndHHagBn1A3IKi>HQ9H8yUI$h2Y7~N)D_b93t*wgyGL<M1U
zfd1>QO?OCE_%(5YlkH~mB-5HlYN8)EE421f{BW#*e%{Ax!npkOpcT7Q{ky1hL^j1V
zJveQz4Lr=#5(<G7^B~MZ{ID>PBm4MNt%r$tn7T^8>(pKqkgp|Y*f^Q<C1R(U=&IlT
zn0QZp#Qyde#XtJBlCXvFXkgu{rMXJe1^LG;01IYZR95JA_|)5Rm)1mPITp~uA^kvz
zCls_^CRC7$&+i#5i<?g32G2}GILt6yII;Y^y3AmXXc3uK|6uzd?u|G)Hm4azH)!I2
z`Tat##Tb9&7(rf-_FUs2vg;J(p*?sMugZY7m}v(E%D~~1R$qL5*omEPo&kL&%;}?V
z6gJh#x>J;j4Z7K_uNbH4<vp}XRj>6r8uHvL@p~D04#w!~+Lm5T&}h7hga(^e={lQ}
z8Md4-pL=R#>OpjTirL*Y^senRlExl-*EW;%a-d13!kQq^*)vs+fhMa_&q`5}&j_@-
z{f)Ro4n;3JGjsUC<eGy?i&raYarOFP*bHS6>SKRPN;+z;yW+gPZdUtVm&;s_EVa#1
zZ{Vh$@)G{hsYvO8y`xKcXLQ&kSbh>tXtSr%E}`VA3`4t>?ZB^(T&Uvh;kE0<n=f%N
z-;6k=+ESa(Q+i+!H^t#*7wTC&mLYVTNteA^<`UU%p)j$5uje(c<|4iLTMf9>dY9?R
zmBoNpNtdHqv*Ch5Z@m{or+d#kcq{#)Hf^28;79#PFgjq8{$PjUr9YbV<~Jl%>CXRh
zK^mE|z99dS$bH+e^G(KFUu1nLoY@E;%#>zA9Ye@5&2-`x+DCmt*kT{qcUFh2W1byp
z#KgR4(D28wUToZiY!|ZI)f=p4rP2Xl08VIk{s72T8WP%m%ec`?wj$ns{OZo0WF|Vq
z@z6jfGzx%xdnwsnrfBS695nOUnIOtY0k-EPr0C=K@_W{~Yb#Ap5k0WQ9g2&y_v!wt
z!fUD+u*Gr_W@onf81k&LO)9dAO(Xownlnjk(~dvp)a2N9H0GQI03YIUhpL&zj^Z_<
zLM3&QG$oStR=JFv5w>p3WiB}tMC3zypLDk^<mi7^qQ5Losc<i*mR))ES`YZTBG;uq
z#bthsod;PJ2F`VS-@npwU2m`5-a&kVR;ZWU?szlDKBrk0%e1@}*wvJjqQ}bY@Ny&$
zEMs5m8q?DI<qKEkT1J6;C%0XIRkbQKy9$9aqL?z_&*M|x(Y+Qv#=QBJG7Q2T5v2lh
z4^`R;^nOVLbtj-*aI%BW<d0<mUE5i^@J(Zb3#8qzS|m9<5%ruvz%Z>x2%p~aVRpK@
zJu%ZEmB}GZvIaX(W-%%u)iE(SOLo4W{qO{zT#H;X36v%gY&t9$DQ(%j103@f?1)0j
z>Wpg0J0axhVXXFPkE(uX8zEQFpk7Uaq%mS=VS|--)27+AU*8zvTU6}@ik=OX?+PoZ
zed0!5>Tn`@(-jyOi;}#@t_ro**++JG6WZQVc7NH0GOBRD`V`S_b0m@Dycixiyw$SX
zE#8bA`Z4+fckIvA)*lINLwqFOgq0^8{RZn!9Fn<860=m%$A8BpzrRjm)RK^?zzh`i
zf9pK>)la=~juBpG_BCJq&0q`F9#c&&AP-Icn_TZSCH=x=`J+0B`!F;Q^F?Q>^p(`I
z<Q2a7YVGl><xf9CzTB>URj0C7(F6Kqc%ZqxW%Mg6NWJ>cV;NaUl5O#kgDC7{{Z!a1
z0%v&_(&-$cCO34X;K0B-@FrIPMO_iU;szpWlgE4Upl8WzyW4G{g~3WQDw2Vb$8|z)
z2^64zE{zRcTg=;iRI>bFLV|JZ@U!3%>74@xZnFJXIBhh@U;!cwa2^u$sKoLELo$!|
zd&P%^BK1H8n2KNrc-?6~*xT-=kJ%VH@a>9z@JI95Q_SVinb)-|-KaAyOW`c8FUK1$
ze~jdBGIDtdl-Qzc34|aBz(OzJE5ACbj&Ojq&OpsAH|Vn<eqY4utc>^8W3?8W#BX$v
zwlF!pq^hh59p3okn;F%{g@xrGPGtLcf{!7<p)2Ulq@8NR?<1f8iv?D+v&X%SdQ5ig
zkBZItZyryqAUFn7%;#qWQ1Ts5UXJ*|1CK4{r50R{AJX`uL6EdiWcNOrCBGE&7HOd#
z$PaPeyUdJye!EU#%A2q?_Kxy~KlkNP|G@v%uJIG9UmspyPQet`%l?!zH;i_fFd~}a
zEpv#*q$q_K3THXw)9GBbapdN(j^gs0@y#<U$N+*tIz?_AS=(5j$92W%sQKx(AZ9+g
zo}NuoG8bk{h6;EjeFMN*p@aHwK23>k=pxxq{;cS!$Ku!ukycMi#plrpS`VCZ7DPrf
zlvtQLsT2_=ui-Mh7nm#P`Y=8uwdlVoqgX9~ziQf%ayQgtfd-L#LM-g9`UoU@WB`RE
ziP&f%%qiTO``~j{3im9`tmvS4o&R8{O<pkOj{O0v8fzF095^r~ZqZ)o4b{lgdyJg=
z^NMIGY;MQYEE0#7S&6sJht4z<W<5QL^p3go6aTae(}WMoN-URpqzlBbAvc=)=b#3Y
z<){~dAl#G=DJLQx?8S9g?ylw}jEDDUZ4_ge#E*C%*g$Z#qj?Xh)gRhB2(;lRU@BW}
z^8OFN9}y0O%4u%e@?IX_0?6jh1JDm3f5>L~7(etDP0c@!PjPwCfV6W^l0dMzf_O(I
zUiGh3mIR$#MvRjpqnP+|iI8;1g$l;N7w=qW=5GYs#8b}w8gM28AAtiA5xL(r;Y`{I
zkEXkj#~06o@Q&K@)E={@++GMR5v}kAVhy9})@7KUO38*azY!EvVti?(Aee?_{OHFD
zA(&=9AbL@<Z1Cj<g^UM3{>r#z5$y}>rv<!Ht4bK)2+1%lo(HQd>rKeutP3IBe(B7=
za1#b8LJ)y7If0GGh`FSNGho{Gq+5OKWy#y`0^z+nS_*~@lAG7FjK~fhQ}bRQw1JZW
z3pKK(Ih?2pe49qtoRV*tpg$npSW$-Cp*;33*WNz)QpxJjy<@$ppOvBVJE7#F6|9R{
z&({4KG#E$1L5;`mBK%TqHQIce^_9?>79Z7EiVF8{O#&EelHOR47`ZQV`yww-Q!tgA
z@_)M$T#Xr<7mOK6r??)yEE}>>fJP6B!dCUZq@0ydXZX$zj5S~vEIhVlm+wcfzjvqy
zEH3a)H^`GeN1?e+FOySikD*g=^H0Apj#xwxOMRu@1Sfm7BwG+=*Mr<dP^SCZ-bWxR
zdfI=@(g}0%Lm{1dgA*+58b>iR-`3B3k|~w+Lr<?3Mq`@uLmp@#(=H<ScROVH;eBYS
zEBsNe2Gvry{wHE8HvQ90pezqa8-fZnVw%$ChIyB{<{Q#)Vul^HnkV)-SoZe@9rXF#
znU+2o<@93?y=LN*d*3y^>Alkw(H$?XGsS<J-xyd;)oT-eq5Z8r`P2U<0bE`LD7T{T
zMhxW+!q;b_qv@RBy<>%+DDQCVy~EW3qKR2gH`<+?@_8ip;E=fa<Un(LYTA)i*_3eW
zR<|y{03P;2Y&gkHCY`Gb(solEMYmoSVQO={5w+|R`Xm^}d(=CPksI3Gg_3Eo$#3~S
za=tD|eH1<Yl9Y4%|JT=M>iBZ9<3n&BsTljp$4M^v#JWx~MPKfISS{jR7UPX;`SE%t
zl+aydHwxMlN>6J{sNH9s+t93Y1goHhVY1u5xyk>Iw$2pX9-DmUz$RGf;DZEasKfcy
zcL0B{dtU`lF4+tqvw>KjG}z6^^)%#tFV+6V9l*n=4+jhuZZlF^=<^a*$PHc0s|)?p
z{uGE8?={UXQXrGt<o=F=FuFaGZe-RJoQvqwFGMK}qhxFXD?yNUb;!a$e&Qu@)84Ae
z(A%7A-z6WEBaxh!nkQz^-?>PF!%#h~6t^cMjfL&PHmBHig?D-poiz9H>zJ)D=2@s-
zC2Sq|{o=5_@JVMkM(-KJ`}9#PJ6{Drihjr|!J7P^bet7PD$c&xYUMp`Y>M2tanC6b
zE%=QgPE9)Gkwv+Gcxgvsg6o61KmVgX{mQ%ok)by+@^41_`v$x7_5m0TbLIEpwdrTY
zEz=Z{XSKvDM)y0XaW3e?{0gO^M-K!8Uzd`O2Kad4+RjDV4lG$tV@(7}dTDp2;Rwj$
z-Fv5Cv_g|UmXbq{Q}Tsyk3y^B$$dhS>uaa{U&SrO96}{-S$^=};?*J_AHmlmyK^<G
z57SVTlHXcq9*685u!zb?jcPIDEXrB_fPAo<fdot3eBmq)&CT)(E*+%xMFIw{S$p~f
zP~S+tFD@8)u&ToSnfXL+T_1q+lR@vx`GP|a!Can*CHl%@_anuW^9zwB)jTXC%E~ai
z7@Cy*AFms8%g%KKCQ9IplR|g3xtpcp8wW_w4}C>sMf}uVu_I*#sw7xtfVd`k`^Oh<
zMZrt)jraG5N^90phcKcsXI>Cd_9*`_Lmt&*#m{wxb=agtM~z|YT+GG~L<1g98pGxh
z+V{_>a|P$`p9SO(-qE{<$PHqy-Xk>cKc#4EsA<5_2D0?DOSAia+ot({KaGF6CIIRB
ziT|^SR>iRTYL)bA^R=2wdHb;%?#%dxUrbYfJP&CmNYmTsp^~X8j+cbUbf05zLOCM!
zxv?DpF9rX?`8A;t&WGZQN~yVCjn%iI$_gtxMvwSxiv^(7lU=2#uKB|02`UNO5qfbr
ztod5m$*%_Y+W9T0`P%q|;^??n$Q3TvGIau%j>1Te`;<)#aJbUNy#AE?7`c8qHr=(y
z`DAFkHGN^QcNN{}e;#R@M=@FnUMA4V&~j&u-8Qa2+fggKW9FW%U8rnZCK$Rk7Ys7k
zl4=|_z0UOWr_psy&5UmCSuQ31|C)F9P$wkT(i<TgwsUCj)c>V{vPF;gB#hgZ4l<jG
zEOhr)qD?OiF1#n)bc3-r!utjs%Kl;vti+K_t}(}n)(h|<zM#Yz&~mQ8eB;h{Mdb8P
z#@}c+2Wf@+h=4vRw|PC=i5S3GgCl^S?iyy;wx7QUOkFgQodzBlp)_*m;RQ1-7n2G~
z)OKO&%<Q{ml6GIJdr){=ad=1Pi$_|iG)}P&a@WxT#Vi>aEGv&|C1YwypNJ2mSWm5}
zs|)tN6FKh49<>DDajL}L8k(LcXj_R0kBc#ydM!r?GMUaFsKjuj?*)Je@@om&6F_K?
zq9X3kQ>?y0%{S%ncE?7-(mKxl({liVF;oVkhjr_iis+@Pg5*B3l2|Eau<Slz!Ft%K
zvNpzHz1Gi;21N{=Fwr*N>%;clD8g+A%D3J7XiubB>%VVAc)Pkb2Na1!(VN={^>T1J
zS?1?TQN5{oF>{RbvqWV>>&ckg(p7s19?A-L#IjFCAY+~>-C+vy*nq3pXs?DA=fFLp
zj7a@Gia;UHBFSNMfAxG&9UB+oFYc1a4z#^i^djxiB%3i0h83Qfl@>TAqSTbsi60ps
zZrw4nz!EQ#N<RsP7!&1GrRj<#Rv5UvbAli7v;&C$9e?&(3hanq@*=9$Eu-+3J4>0i
zj`B4r@2apw9i(6WSx@{GqW}~`f#W{7OcX6L_=95H@UJcB3`tdiO9F`5w1V}FYOiGz
zL?Q7E7dGrDYx_+H4Tqzo-o|#c5iPaH&6q$6So?t#V;XrmzOm{j=Zw0G8KDnX{D>5<
z>*`fAW}JQ|m4$Rwh%22;$#wayiJ+gGL|+F@eZKi#1MR~a>$ffd;AGg=x!eF{_S3&O
z0u#16+bcdyd9#xbyOruAdbc^>m4jSfJ{3#!H>Fuejg&Ucj@XoNz~a0)b4Hi>nvR-B
zq$_0P`Kjxo4)rr$NeueOJ;+#9{j|OIS;?$hb^*x*p=~xwfgelVM0CE-;Z?;VfVE{B
zsK&=vaC^|?ro-ICO$ymorwM2~ayxmOnMvjXF@gFvRw$eyIt@}jHe!938(wxkJ~B0)
zk&Sc&b~E2jkMqZ)wVQz*T%T>%K2NVqajq-{a_GQni|RBtu#wQstBW<<M&C}~Ihu%}
z@GS7yyn7^YicQRYW4gV_%@g|5Do|9^!ApdiH@a|_JjkjoK~yj&B8CzS-e~$w+`+@s
zWH*z((Trz{G|wZ}U|4~dwC!*4UEBt}u~!}JWvAx|>uO67!EGP2wX-oes60+${!7fJ
z%wa8`3uJN;0-2^>a#$@4K4wdH{M<Jfe#@loEtM`3OI$;Pbs~0cNsKV}HB`0Qt{kI@
zppkMfr1+7Q#0E7*f4VuZqeUn)J>aVFaNa*?)6zv|f07VJkf;iSvvDqzX9QEqA;iJ~
zRx@<xEQA}iook7JuA{J{M~6Hu51yzYve(XTy4aFaRmf(cSS~|aCw@OE|Dp0ASrHuK
z=u>JnS{ZWi*tlTXZ%coCd~D=fVC$}?!~fTIdW9mI6+Lvv2uQ{;MPQF4Q4kGdw}$6@
z+^d$t*fY&)XXyL!bWqmT8kw83C@a!02#7X*3X_R!9AHQ}hYB07MoS_VgaER(jZU`y
z1-1jGN;x=&EG*T@XLGKq+0<QH3FhxP(-~`jn|7?}(PW`Jc21*w(w0K^2&xIBVler}
zi0_tbr()xx<I}2iuj}9u5kBPDqp7}9katI0;|@nmWR_7pxHm-y`^e}b!okKc)!a!I
z*##29TFLaXkMEMXL2zrumqc0htk*T4bxjWT25egeIkCJh5T1j5M`YAkez)<i&<f@>
z_(+7<vaCN>p4QiydXHXBuB>mzodTi03wO)QbscN3THyV?e8E?<t3#QhyQ{-%<Qd!K
z9%oG<;@GE=k8bD;gSef4^g`N>h;|mJO^@6f!(8hJPVm%w&ieJbeJbO9Vu40iYt<H7
zOix_w7fPV#zv9g!`2rcPSH@Kr^`3YJV}kAR``7dBe|a2P9Cp>7BLPh3n;O?FmtVRf
zd9Fh}i2X8~u1h=-{o>p&Ay=f&cI%^W8BjWPGL5<i`y&5ym3D!=%<-qBf#+OjUUJ2S
zE71`Ir&=t$6nbz!eUU<?x?4Ec$a`GaDvNbus5tP-XH&zMF+Hh7Ow&{AH*KhR$yG?R
zgr}sfihKk(SOy@z6T$z7nhf`P0G$7`okBgrT^#74V2d-<Z|<b4%OW3^wWY8{yyfH6
zb^k-4IGX{zT&CZ}I@m+JLy@Fs#lwNp;IhQe|6FwA>HED9T4xs=gkr<{Ba`ceYtT8|
z1rt0Zc%uy!Pz`4weBbDQZhp}L18{(abZk6*xPScw$U%S@1e~AuXuL)}vb1Z|1~`!2
z%OgNIy4{8Dnc*QaJxzFkpbaog=VIVF)5a6m#S6xT4*|dru2aGPe0JlB<i7J`rym?-
zdxQT|r>JqpKRC$G3nm1JOE*;cLJy^rxSI$0zkA0wyb<r$Q97Txp+g%_92Y*gfY_jO
zgE<s6MO6;TtA=aN&h2h@zWZ#nPML0~^F;>{fG6-A@8ZS%;sxv87aKtS5kk`g6~9P2
ze@`RUa6sS9p@q%z;Xg)^?$v|Ny)Mv#&KowovG3nAJ3<4`3$A=nFMMDCeu$mt*WBV4
zZd9S}w6mTm>>1~Z6R;4O?j{5PkG}&Ppc)>M(G9KG@D{#5LxjLw_@Dy}5Z|ZsgkLMM
zB;N23o6Go{`X=WlzD2k>o5G&~=jpG^*jdI&%?OfB;dmEo2%UmoJoxX0P&<(>d=LNz
z@Q{LcC?eFIevV`NDM$7{S*P9q(5uX@(9dU9BA!QXzy-v)&Y#5r))tE{vp#g{Uu0o)
zj&{2zJu|}Hk9b$xUv%ICp#JAU|H-oxuG8;>K^72xQCkQJFbVfAOK-M&ZvS)ji&J<A
zxCg4U@$~6l2&PjQ7P8n4)w>|w5*ZlJNcy$mjd!1o*r~Sh<auHD5hAzY4SRnE2dNG^
zf7xgw2VnT0%WS--_!NZc6xH-h%T=dUkHosjLg|$G;mCVm1qW%^0DtH_-FOneI7NVv
z{Y_FO{{WFxdV;?ZydcFoFD2a4YxvP#GJ!KR=X{|D(>cG<1_R*lhI(DB!FRqPbwXev
z<U!{g6c6UrvfKQa0E@u$pAUqD7eE+D^#8B|4+-sVA_w@PcXq);5-Q_kO>FK-F7%K)
zHT=){E(T`Vx{v_p@DQ4ADDQ<JYUfaodl){w)@r1HHhi*8&z1Eq`+ph&?&d-0YzjOV
z{0{}{Zm8COW6%B14eo_DH;~wpp^;_JxtiUG{lU+lOZ6ES0vzBPPXD)#1f08fL)k9G
zUvU+J&K<g;(2Xa_3qj__GCZd?J`n)?@fG?l;IdSkVO?FP2TF9&K?vwV?|et@T{lqg
zUl9Nhc*xgVU76z6es)n{&6pAkh;gvtZYvHjv>rF;j&+|L=s<PP9q_Ki9hiVF_)f%b
zDE!3>?7i<l`sOUXe<eZZ$``jm4xa!HAO90f&{dZ2g-@jGR%;=xiYK1&T7ho&byCuM
z%u&Xb!-hBM{n<x|celIn{VNW@02Z>{F1qB2PjL2m)}uOg^r@en3}54F&6xB)q~||S
zg3e(#o<uKRaPK=|I^USo%b07mNhuae2lBNACFe>}#F?sud~cnnEA^>*tuqc3!Qv&Y
zYPtpbh@A#7kT*DkN`qVRix<UqyJ75e&EiORrt5z1<j8(DnTGH7R`@iGJYm9G_W0*I
zXSn2=jz0AQ@SP6+=WG|Gy&d5?>lVv)_uH2q9k@DeZKrtlO{6hHv9~ujBniX|iVCRJ
z*?-qYPVY<v!I!<5xRNmg#`oC7wU`CwDD=j){7o8+xoDY=%GqZ7t5t(zDSE7J<%HF6
z%ZK6TzfQu3yiFbO>gU<ovcOpi0+-|-KDQNf-~d>6NQaGv0lA&+x_tHc983#iTe4_w
zv<JqmIWTevkWQm-(Zt&3It5C<89(^JesES*df_EV))u*}2W~iB8R(4kVNe34;uW}f
zdzF{(w5X#rt;8(zKyUt95euBgApq%{w13WAe?Dy*rM4716%`DsT{3Tr2uOK|dDuaT
zu3Q+u^w488osv+1cq(TbcN-%hluVueG@;XVmaR?QX`m4bET5kMPMp7(BI=vY9E^fu
zQf@}9IRI3O>KU84YxcOS<z(DmJ+zg1n)zccOU3LN*57p`*8VLRSk-B#&Kq~v@TJaA
zV;_eDdvOat4SWxwP!qh{G#AQw_jZhuK5<N+WRxi2J-M8F0F2S#48o@`;hN(Lc@{*X
zG3={jCJ?j5q=e-q=`~_Gm#LmEQ*_TMt2GRn8KFn6on2ba7%~pRUkw?ZZIsKzIx)-w
zX|j-IM@_DFucwPE|7kE%!||=wTg0w~G$=I!JeP5Oe2hYaz<R;9$Zd>`9BvvXXG^4G
zp{vGCTd|96^EzCbYT^|^pRrAC=T7s6i8y1s8OBpqJ}sY`*VomRm*0O`AYqczzTAt0
z7t&T89Q=YN%}mfIPwPr4HoMOowU5wdvR0)hXJRp?NzFKBOllg0C+k12pG;e?!lcgA
z$$Uq*8534BJQY1KHubU?+;)1i$*cq&dJK4|T4Kg&sgVc~G#{+Z%_nAAk`aFtW;j{P
z;W{D3JF6L(*<QEq7bLAI`Dj2^8cCjjsJi!KBZv7aA<O6IK}BEQxnc`!p2J{gkc%Yp
zr7+GjyMqsnlk|m3`Bj$CBQOW+WnuH6DVzFnw!@r_NJ;P6kN6Fp<CWC>nO}(NHA~m^
z7>VLl4>^ivo7_nOJPc=O`XO}e13Iz$cT)t-CTzOy!yPxMY4HH_^{LoHT{V8ylcS51
zG*&k<iTuYU0{M@>DbwJh&^V9`O}_un@y}A03dWN%2@aJ%Z!S(1%kc}+Tz!@;zJ0hZ
zBMUc^8;r`X0BYT=1#D;#FNs@n=(iFFB(Ma^q|q*V8%Q9Gl`xU@Br+MRt|;=;_=X!{
z;M#ZU#WTY(Da1aVpt(p}y2-YdHn4y~HYcUo&Pq~`(Pe6NpQ%q<+*hy0Q6b=PNDw-W
zdo#Aj>FsIJ@Y3P2sMAtQ-*T7xIgsB?*YCv@)L?noa0TC2$4?|>Z3&tWI*~vh)geho
z3ytQr75ycwjIL7mRk<#RDwk60m$}=XqmyLF7!gmpr-_^F9@^2cEF)R$c(0xF2oHr<
zrurGEAmasbqc7m)>aSDmJa)cldAY=sV=0Suy>mwU054&rooo4+)i1O6u<I3Do!#f5
zDZ}e9AvRiL8}q-ZItMYEIDwQ~Ajc9}9%@6H{fW)Auw|0fJ>Ng1`KvZK&iyC+hjVUy
zl`U`GzG)RZ#fSV7Mk+1ivh-|PDM)ql6IGeVJ5nR1!bj+^$*HD;KSpYJ)5g^{D=xAy
z6R3#Yp9hUdD$9?Yin+w46yJsf*pFg)Tef8NmAd^U7)+{V6F#d3)0LyThJJIf10)&)
z*ogPJfBfa8E_STSt)k!f7F%}E(<(p~OA)WA)hUo|WX4=k9wWu2+d#5sZ$CU2>qJak
zhi3Na3}k85B2ge%XWVYONZ%?k=~R-%pM^qC?>OqTeMj8byi-0BVbt3Y2_jvQw<|fP
zmge2((AJtQ*5j~Sxk?yK$v9q=<pY^fliE!QNa#O?G({!F(AGply;4}td99jg`tZVs
z?C%1{ObW@YJ>v%>dWuhim4~8sf=;%7vzJt4uSq}9bd#`^uncMJWMHY-jam0y5B?RO
zNKXq;EI{4)%}T>Q<%qr#a-T1g6U|SGQ_8-WnfQk!GKGLOh4CHtHoE@m0VP5hnuPFu
zN;xljjDb?NEbq~V#q|A=>)(7&i63$muM6WbZ`%bu+v@b}SCs7(`1DrO;!0)aHq&eO
z)lbz61BkiO(Eo+VN=ZmK^EJ;lERkqkHNa_nKGKhw`6pi{LLq1eS+`@>C;aYgp2@uj
zD!EFa;X<dF#2k*bpyf}HH@9DmhjRC6MLf!w(Zv#ikJS6~M@RJ7iwgJYGSW&8QoSC<
zc9qj)sLNH~OR_I<vFr3ZcD1;gHu-U=wJ@%VgT{4tw^oz5)!y<=sX|-Rn30BF=Z8lI
za5dPqexY(25*GO>v^rDGCXJdGGH5-Z9*#_eoOl&)RDpg|&ElLAO=y_+IxF=$^EQt*
z_^ahITA0~VfqSYf*6!PQ_uNcc%&0~<b1bv~h%4(yEpo>)_nM>`QHuTX4D|Ffk@Pna
z5y;xFdnWCfl#yE?n=({$GO9%`$ne~r`B<vwJaLY+F{lL>ZYGBLDve=$Nw$d1VB~D?
zw5%Xwe85on&MIxpJSA<6nw&zlu)6h<e%=f|gPF#KcX#p9G%au|(k`+G$zW{1&MAd(
zC2>mE%@%)wxZCG8*cr_05fnGm>OfGa7)LigX4MC#WJ?biu4LXb(d0eBE6CB*vt=(3
z?NiDx5g#kV6uUekly~1Tb3fXv(9tHHaKHE#)K-VJjlB)^fO>3?ZjbH;?|VJn-r4hO
z$@Smm_A7ZAgOys9s<;45hG-O68(6mZtk@`PvhkwBb`-Gju&G3-z%l0ic{7tL5Xk|r
zS><6%618alP|gxgIyx_tJr0osPiE(o2~IW1Bw6g_HU;dBq9p;V-^`!Nu=&kKr>4Gt
z23L(2-LIG!<G)pVDgbE$t(B_)f#ftyNv1J7E!Iq;-G~~D{lPO}$?x?wJKZ$pf9!wG
zWEEnyd+m1Zy|sN;&-PZcggV&TBEcNwG9+`2CAeM@@<fD}Ql~^hKds^$6AF5|4|-O{
z64<VnMfEcs?c&{k2|;q%K=5-FMjr?+GVO#<UEJ99h=j5KB4ItuB(0N7rvn~ERtFK*
zbe&4b5Gjd`KOc!q<)m}$D!4NWU9(|fB<aQpTN{>`%DJ=Kv?gfH%4u=T4z6;G|Jsw|
zu+#p_&CyIHL(Vy4p1fh7#+~4a%@uv8#FWNE=hSM)?$nyKddiJu0e}6?RsE~7=~25s
zleFnSGb@=WmRSLOCWBYXtqPiT7n|ojJ_^s)6V3EQf#{Q8wZ^h~&Ud;ob>+>3M53S$
zPyRi*B&6RS#DuC!pJmwLTduE))l_X4VgAMt)2ZfdJA?n_^}S%ENp(}2b@l!=^4l?1
zLeyj4a}EUv){>q`B;Nf|ak1vrj%%d6<l!g-53E+nCJ$39r;%omR>;`)0h8Oo&fpfX
z=ha3}5TZO8U@M#kJ^MF*jR`x-z>(%R;GEH<sl>m~CG6T)%`Lw$e(a0V^0v1eEq0FK
zv3|-rO8=i9l<;6M1L`76Z9~Fj=o<MxA|S>gm?C*|hLtum<To(SePb4vsRRPELW(d&
zyTg8k5nBH=l*(NH1ILkoNw@!!$szhlDre>G`WeDAG`V)3b^YW!=@#lSvu7cB_MTYu
zr$+0n^;@El*W*dR?DX-?sh&&ykVMXl)rp&eh?~fwuFus8hZz`y)-jE)VxJ@zsivs$
z)pled;Dnx$xyrJ#l$M!swMb}fdM{?SN-Tk)tX0M}WiXEFg?>+M49ro~>;Vl?;5l(V
zbv{(6X0~Lcr7Qh{n}Ga_AH@y#gw~N)j@ezK_Dk_{+76wjqCd3~e1peyB^|s%_|ICI
zlAn2v1>XG54b&9%$jId`t&}Ua1H8<kjsv6hafR6>eaks*E<>MA&2H+|l=UU_)LvVe
z*<0e>m)w@zfEf)&3n7(Tm0MqNgGyq@evzi~O(lJKuQIv6p5@)3c&Hp-!F7m#lN8Ji
zKI-j#ky%Ag;1}`P$}?%3o2(U`K4+@?&0QyPbdBdLF*d!wAEju3{aMZEtHdP9VPo2A
zV;os5%~tqJ^V|bhVqI?%d_{}N?E`tOO$yl7SqBCAk7YE^F#VbnEFv=7#fd@#*xq@l
zqCS{lO;br%m!Pe7T%mmw$8Y+*nted<KIMy^#PPm(*Ydv^uoi`$-2^Frp{y#R_BMt3
zOQ*V$&mP5`J2`J#Qe+hxuXUvrKk*ss%gNIImzc*+Q6GGMnNrR_bHO+{|NP1i#-+3B
zt?r6@$fIm!ce!GCnmvZ9Dl6m4DC+CnT9^S2^j5i3Y2SCH<w&KRzVC8ptl5=+;<E-i
zb1&I)FS3F}hrUM+lSrbYc!;nL)ED`|OOWR_MaQZ<qL>97c`a{yx!*i~&)z-AR@2ob
zvB0;NR99EOd^By70$n@eYe}h{l`^2ns;guIr+>!{Co?K!Yz-WGq-B^EiHRu;mA4OZ
zD3Z_V)RMaj#nf%nstenf44;xQ<p)@V#~Ew(2v`?ddz<4%-B2oLB%IEd^&u2br14DV
z3gK(u_^H(j>olpESSf6kX-?Nh%$X!RQKs?BSGyKPxA+x*XvPZJRn065Rwmcf3cD5y
z>$SjGl34k!-K@NLEq0`YsCy`m=a8E`s+*zs%b-I$DI}@3Vm?5oK_%EiSV=pPU+G2r
zI<bfYukEM9BvFAg=B7_~QtFyr#~C6SE=q6%pAel89WR}rm2E>3w9jK6qrZa3pq?Q-
z=F70zg146pY4|I*YT%M>HZx;=GE*ka%D9%tq>u4^dmH{ZzRGu#R<o66dmNVA6#ls`
z4Dg?f6v#pLuZ?EQ>R8FxR8P9jPcVF+M*GLckn;CIWjwCfunt+=EyR6;2V6(c>3A{8
z4vS6fc%7Vyurwu8ZQEEpJzYk=@QM05@_%>^N4xx94*~kVg(*1)yAw}mTHg&$rbl1A
zw8~SGytIHRLpL*uUCeayrA5QVDOoplUHUPzqu^WTvlr-^UyfCSe%0(K&8>5RerI`#
z&W*Fqu|v{JNztJsGbyc=2rM!3?1xYLZ<}l!Ld|c-4dtJX-gFeZtlmCXduI%|)vAzu
z=Gyu*%(&%R7^4XaQGA>H8~n5~otie+m6Z`9xp=%NzStE5Y6-nssCjs=o_svl@)X`N
zv8Eu;>;ATtGP%}ua?|ppk?G#4P~rkboLx-^pYb&DI$#$QOJ=tT@3Ji*B_1+}6+gbc
zrz84WNMt#IV>9NEjuElQ)YbT`ov4kk1^H~|WU#W3!HCpExoY?LeG_w?5!xKDyO>e!
zvbO0p-##V?7F>MRfD%CwuFu3=^7{Z^YN=`mo|9O2Lz1`~ouQKWvQ&lA&}nWu0vRfN
zsqyeNomt$%&BDvV7Ct*Z;T9Pz9va_N5L>doL&Cb!uZ}3)FI1Ekjm1OpISz80mePmL
z0dqN=&1<7}Ga1u`lbI<ib`DJ?T&E5Oa(u<gh{wUo(r@T=q*Vv^ni)6k^875R(tOzh
z3CiFiH*2|V6RR0`m16m(p@se8)g@&;jZzgWn~3!nS8EgP9MG~=b+Mh=;d4oeU7KQr
zkl?9;6<6&XfV)iL7k`;BgND;^B3Yl#Y$DmL_U!vICo^)&*7RPgd1>^~fV*=@H~EDH
zylnICK+MNwz!sFa)`nkZaGt)7S$gQxI+@*BT|U=Vd`{yN<P-E#`GWP-a16CjwtAZ`
z9DC(JXvdQ2tZ=SAb9G(Yun0w^jwVaz`#m_7X#_SoOfU-WlMaP`MI-LC@6S`>&dMfh
zP$^L<2#xY(Nfsh<jd+1d@EmmvvhA_$O`k^}^4tyA=IDao9uEtv9opUJW~VE(cqFRR
zziaF9IE@sZB_PNX30fWR=<}J$XIH39?6@Wv7^QKvgsBReJtVHu89)-{R#G=N%g3T#
z2%l*1YXu4$rML(s28YYuWt65}IlHKWcJF2VeU^`F%#*@JVlQtjJp(^3J8L2OxKS2O
za#B`Dh)dw~02BgdcVNjBdcmjbI=G6|cX>Coj+LdlT#Y@h`xc&FC+xXTP7M3fwtZ=%
z2LD56sbMAn89oPA!Y`vFvuJi1ZU;i~03btXAS_BfzEGRvaW6JT7@{&+>P7b$qL61U
zV0uHG1HYs0{%+tH{|S$WrIzWiX(xp0oQb#b_w!5wub#90zsnuQF;6NB9r=N}vr*s9
zlL9l`QF&%}rt=!W(v{Pw1q-CE-B>&acUxn%#dtQtU7bW5Q=ivu_bMr;vJObpX1!UC
zp^jU{*U&n9<gMYLWmieqNo_ISxH{%HtM2pL*Za4<O+wp_t@3Hut21MAKGVOhGVg?m
zYN!2$1j}Dth7~TwyH*JkcKq*N<ka(gJIUE{({3USdB4sJ@!SB}Zq3fWDS*ZHLAU95
z+`I{Qt}0u5h0$m63)~4d34Ma*72a#)RQ7yeHwm?TSF&m_<Unl=n<qy}fmF?|wzE+=
zYjJT1XQzd{C3Ys>VJ}Ad1%&0?6z5tbZ{Z!f;n~r9&;8Q9oNZV?0>#jNkJg)dr0HLI
z9{TNFt>gJZawbnQc~{KA^wrlk`av9wW9OHDsxv0JBBuRgcjaVZ;WDZK<W!d6Y%@n{
zA$Z2d)I{ABQc_lt&YO~^K5MdqF$#BTXqAC?`|;Ek>~<S!XI;6=JXb`w5+Tn!>s#)Y
zMFFs`ifc@wm{sNoMV(lJ^bnm6-J}auY!BbfCzdC2bWEn{Qx(Y|9xs#8YSXJhimMyT
z8JgWKLUCLrNR>3ow(0a%-%Xj;)+LF|H~w@-z73>;UXA2-;Dqw_1AUGKhsHx*6_4JB
zm!0eVn;5Fv?Ao=oRhL)Oo7wq&g$Y}OEWYgL%z{p3IjblYJL?m|=mIXKGD0RgLGuDA
z<!-U^H?I1%(Uo)HNCtO<m&XdXvEXc9vP4e0P2t`i(R87Z2+&(rrK%KY`Ag+kcf0OY
z5K%n*&QTEYP`^x0Sx^_`KKru$W-{YropIC0@LK^)J>a#vaMQ=Hs_+D%TEl-km|HP<
z%lO@?Oy6*~{YHJ5{US*txN;wN2yne2D3W{3^YuEJp)PYKcYW-V5e8iOO{~SrC}qtr
zQ8``Hf(y?I<Xaf#OC?K6ZZR{64i7p?Xk0Z+a+i3qC`yg2=WqneS9}|a;>k$m7AY9G
zLaa&FN{1w)VwP5TkE{gwhV4iPN<n7U_Jet4E!J=a(8m5j-sw}Os6gvEOs;$-s9AqJ
z*(KwQ2}RYsMN_HS3U}3dzJv-0uY(=^&`Cp{(d>w#W3E)@+{~Or`BeFYBs>oMW6;|A
zPw|;fNt2XUW-@TdMYlrI8o1psoMtkn9j784`M+p;3!u2VE&V$L5`qVJ2oT)e8VF8s
zcM0z9p5QJ4g1fsk?$EfqyE~0LeB^!S+I)9r?%bMx)l<J-^&s8F+3d5{KIg2Rj42$4
zWjJ{jwP_+vj=67KETf*Eo}2D&CH0t@Z8_Mny*<vOt6-m6#3?-upKs=+z#3oJO&$Qt
zx~LwU)}UaC?e?B8Ce3%M#0YiTKA5Y!={$ChRwfa!p*Oj#mt>kJ#ypI&pEplD?~tB0
z>rj!DtuQ)ZIsvp+Z<y(>>DN5mSb%zJ{+?#dypm(oaUMjF(iVOZZ_^4r+8Ab>Tg=IL
zMUx=S8kn0@Gg0-^qvWUe=Qa?n=vL^jY`qN9Pw&;tgmnhlUt85i)oEQ_qVQ1XDh;C*
z?gT5^3mjk**>?%+{S@<A&#J?M0B&P$5cIueUEC&~r@;WBsKRnqNY;1Rxqd169#;XY
zEJ$!u?jNX&4|sdHF6RPI5QqS-#3Fx&N3NCeMQf3ID;Y&8l3*2JY6G_ftIasANYRK=
zIcwL1W!fM(+yHse<;F^wvdup}{F9unrj-myRVR>r?fahP6N-2y{J{Dr#dZ~07%vW}
zmya!*KesS#r_aAE@%dAad}|`W*@n<aNiaAZzBe0RWb?ZM-1#4SB_Or=byv;QLXGtV
zu(4HF(n42Pw$O{r@qXtM2*uJpC23rE=+w%pTZUxTg`n{>jDkaYi!+}dV7$iaA{Yj2
z8*C)N$v{q8gQ|Xm!)4TAQ4fs~T6QK77GzD{cu?goIXYEX+d2-ksLh|+Q82rpv}~cU
zoRwc7$f{lzFirkynk;6DTWr*&c%faSMn9brZ`LEh+LW8LII$6<K_g0G453?zmksYl
zax%7kRFJmL)KH_mMESnj^%*Ly&2Lv{^dhhbn_~Jg#_akl>rGCQrTj2!{{`>5Yh9>N
znq5jh-Y(@=z_wi)Q+hu98YQHQxK3Ku4)95R7_o3CKoQu#-|$H(C%y8jRcssEd-Jzc
z5>9@4?{Gr8jA#Lj8AcoYcf;iDdCp59@}$mX%uYmD1+$aV<%UNJc8nB(j71Gtw5(N$
zOXz9`1*NM&)U+L{;Zi$=o-Rf4`H0(vvlmlofHT;%>)fP5$<eGw(SdU2na;=1UqUrB
z^uYkrpc*hkiLdB49sq3QkEAnaNVNW-Ik@f$q-)Tw>|337h}++Xm1>PpKBWA$_3b*t
zR6BBm3ZDO)lqjz=+N)-4fsX+gL1T@cy>~HSo)jPN4%2huTwRoJ6Qvu-gYe>WquaKF
zsU<w;^;h3nN^}G$WBEDp{9tcksXCAX*9c|FNoK4+eRzR_JjjHI5F}ygfVss;`q8W^
z;~VR~DZi!tpo(3ogB0_P$)HdDp|r%>7dxd5^2DzxNB5>(vOdxtPL<wI*n-|4PqpV+
ze5Rp<(9h9=@9ph3?~tp>lJp<Db6y16-^0Pgqu$}0$@5+@$IkO!>Bntv2<FfFB1D}4
zRj>En5WWReZARlq9!)RVW0}2)JX#fN<N5IN83XdbFt`OG!oDopn7sqW#E9_pNOy+z
zXfs+LV<^BKJV=v<cI+@}h%6)TWStFPyh0t(vRcU=+!7pnzWi%cSVwomL^Ukm;GQzk
zOFS?A=l=gMEGx^+5vDLj7FYNCiIMqd7|kCHqoCIro4`OyHndwf|MBUUP7uf7GD8ds
ziv&UD)GZ~emw0%({AT_?4SV|;qyuc3!a}_?FE=%@W*_T!dP^Ck{cQ&#slArK*=|tN
zBn1TgS09Q*Wv9O=K?;K?a74x#sP5$$!$Q0iFSE0BX6M9pMF-6b`w{O~+9qzEJLCm)
z9^SQlYzd!X7xUBkxUO4zDt<lHys0&ILzHGCE194E-)T1{U`*vYr~K$^DsAq_FL`5$
zLSSGakm$f7hzmDsB%lCDbU%r9VDX&`H)G^|0TAMV#w)b{GTFB<Kd>-gX=)NQHAyun
zIX=iFF^okwGZE>OOL#2Kw~*M%occei5i5i4eL*P1fgYtJy-+H3?ns>c?%PY-{ok_w
zL+1Naac?{|xI8sv4#dAd)25#5h~LrYKE}&GOHjT9{vo0P@1SRT|5u$8W(>v4?+C`;
zz483U^`!Hs8mUgtq14mAd0gjsU_q0Or4i=w=!Bu7+HBONEPpX=Te15dtyl=Kq(o(|
zarY`K+bV)}8zSE}yEd{rg*bWonXTV&^Y!E@)}7qen)2pJa!&7RFJDuwCoWf$^J`?e
zVxp@A-#)=e<ocu6NW8rll#E*}kPw_>3n&aCN0^%R&g~7>IW$!LoIr=7CB^)WVCi*I
zwNQNnr;7{_kx4JvnO3sjE5de|wrFs(xNO`rxeKlDse*hl7eaD7*1#go8?$%Ti=6|>
ziw=SjI6v4OrElQeU-;WWJ3D-noY%VAU*eOI%z;kM-1&}%O6z<uJ}VS0Ho_GH9N8*i
z<~)@A&*9R11oy7JG51MI`Kg0_elqv+(*BM#yK`g1<Z!Ch$sgAA(zS|he$w(Ym1lk^
zx7O1BhBT&gWBp`zD&2{L?Qg4+8@l%dPx7;K5U<76IL_`Nqd;g9jLPsfG&_i;{+$&%
zOxQ9CRud_Mlf<{9Umwe#Q)h~HDwQsZdPH!VYD5Et3-@8w^bZg`Gw3gUsWbWDzyGj7
zhxaMgWzd8a{6+!qo8E4N1wo>V78bzBfKldeYl9yac)0$)9+|9NC;=))7j_8>n*m)r
zK&OKmOx66p9E4ke?FDJwX|4O(RZ3&s(gk|O|7Oj(0%0W(Y3-&0|9oBW7Bai$?F_d;
zt||GE&obDVV(T`)YN#5T*Ozz>&g|EcX9XdzF%+Y3T^zSz@YQM9XV`UxImmQ=<RgE*
zIr71hhjn{3jCdOJjRk)9y*Kzo=o1Fv$CNHGW9`>P0Ha0X$i)?(QZQRHB%z%LrnyLR
zZ5vRFc+f(}&hy=(u9|)u6rF$B7{bK1t-JFc1kXCt9_ipwJP5sNVg;81&S}60|FuEm
zTw9Vo$rj^-*v#aXZJ^o=2hBHsj*1`ncps5q)}S!!iIC}hK7Y~{h1G=bI{st@ZOa|B
z$iIZR;pE^mGWM>o&G(V}4@_ioUw%)s!M-Gx@!ewVod%<-?O-92aIj%meaBs=D@*R@
z3bnVdKhXwvYN`%3C{^Ihe4zt$pRL+FX=t`7DRZqDz2I|nR7RBqvqMz&=+F#q1e3J3
z05Dd=nW_awyTZ80rWi9LU>qe2^ab!yofBkx{kX_t$1hmP1z$hgaR!gW_lPK1(+ndA
z<qJ+{f2%0O<xJ>HzrhSl%`zjBUD_u0%O9;{NM(M{3~%0dDlvR03+S*xfd7%n0Ppn{
zqze`1C&z%()2>>N(bM6`Ku{KlyC#zG22~eDGJw(s)u3Hb)?RKEesT??9^Hy$wGJes
z%k_Fca>;nHF2Yu)FZknDhq?>aOb1B?!Bq2%new6Wnwkq@S|H{(lI9O)D?9&W*o;9Y
z)pjm|5u4#oJ5Imhj?E;Qm`k+<9!DV&7ID^0Tg+6TI(1mxHYL&GT(=v`Lb<O$DsQp5
z)+N~|dwm(U1;`KMmm0MyUs!6Go|RO)D60dgY185`M#V#ob6>lSZm9j8?TC9yaSDP4
zyU!usfr%a=o<AR!5`xm#>A^6M=pJBpitqS;yxSbP=FAhg!KRxu)UV#D6ML3`>x-zE
zKg)WxWz<zId5*4o$Z@!Z_0O8x_`MkLmpY?z`v_HwwrxDu+Gt~3*V=LM#g%wbOTu=i
zk!@eIZQhN0KD#6Rkr(Xe&S&y3yp~%EbzbRJI$aGdC83<Pe<T*fnzi(I7AwaV&5QE`
zoKCW}d%voFHlOht7jJ8?s9C&U3@fvIRqqdH4BS&1wpVLafZ6Ypqy_DH0gv3wBE8RN
zu>i$+JsDr=G3>^6QsNFTN(X<dF^T%$gMAFQY-8@zj0$8+N$LvgYcJq<5KRgqoGKBb
zMTQr(_S3yB;PZD>&9wlb`VT)pVau=SnUJI49cMy1_$iA0@f+XVIYh}o|AuJe{fl76
z??JU@r*^tG$gR#-k8%$j73;7?Uo=+V=&(TgV>k)mfplRP*&$9FA_`wyUpaHXCeUE!
z`HlKe4<p;<yHb|ZCd3tId<k82*Viu8pW+V*w}FK(jngZAZm6T4Fu&&*4S+RuifQ-i
zHWmSwz|upDMKI>MN%PkyYwL+1(a~F|nSQ)B)q00PX(aU3X#K*d_tm{;T2nVai}HGV
zl!~W@F5SXvfmgR4tZ>cG1j6BUI6^6|K93FCWDTL?rat#pq4rl<>8=^@Nzfo!EJ)NX
z%$;Dna#yCMu7XFlJJ#$_!7w^RQptFCRHJqhri2Ot0{`AM+qpL~Z%*xCWI86n@Bp~c
zjtlTx3qMR<)MhApQ284AEo(DudB-96y+y!kdot7B0kv<ZfHY`lzZsQ&3*Qau4k`L2
z%C#Oo>Lu!qYbJ64wA1V2+#sm=^}&%;<wUAp_&ti1|Kj>Cg9L$e0^G$nUIP%Zi%>ui
zt&jzg9vrep(40UQ2664jO8@`8HS+bm!k$U;NAf4gJOQ#L8YEQr4@iLnz8s1cGrR*l
z_sO8LuGYBvx}?*n#UbFjmy04s#*cdqn7CJWt`6lvS#MSR=v|lgm%kz^ilmN|#upv@
z2|!a9UH<l5=}RkYp9;hs)hC^ITgBf!(1Xlv+e0C>&z+#4o43mSQKlqe%*fJ}wsL$@
z6jiObmn{;#xP(qOdJ-WHtV7mDzRz(#TZyYM=N2a}DMdBG+NtoLQ1xlOYbb8VrXO*!
z?FnVpPC45M!!&N@*zEpytanth8E^j+jGH&O6u}uj(Db~5?~uGajM6^Q5#7UQjRtwH
z-n$%mHX>0u$a<p+JmG)7QX$e?MR|cQ=LHpyf)ALR@8MaQWJw_Z4uFDnegq^l7g>-m
z4#5;SBLJH9-?93>gu_q$CxAb28)ha3X$d{TBhwRYpb=|I`AG=l;2evjFPkVtux%fd
z(-yQ*x6khed9$CLl07eXwI$yU2DhdB4IZ&Ek#^^D(!2xxqMUaW<b>N>*(r@1an`A`
zE3Bc^!|aniQqc6rOPUMy58nvD7IvD;3p1rz!>S}VTq=DT_M{~~(-rUS*7;pNoPVPQ
zz#o3E9sjzxmt*NL!Nz5Zn_3+%y&ytvnH}?|t>rL5$7PC{S{*9AAWVLo72`DiwJ8DX
z^~9PptU&87yUQblk0jd*Id%4?vGC?nJB8=VGJ>o#<ka#TNA}k+>gJ;>QuO~JoTrVX
z;&n2e7-3IMEP;wbN_roWx9wX4E@<m*VcDhEdnn6FH`JkLxe6&^gcj11etxNb(qDx@
z-x#CB;}VX&6H1i%Kg9+PaX%=T#|7AXgsufPMnWFSdha2M@By`7op>MX!6+~L-Y7s!
zTXEHBeVL$n(bw4>Y=yLPOjHEO8X);U#le|_R%9S@_im-Ped7;JKGCu|IP$X-k`>Rc
z#>n~wR0a2u<}ZMUAY;O_Ba$@FE}+cZQ0SRs@Z(6cA^~%Gt|ov8cZj~gdV$kzqFFh>
zKX}_Yi(SQUm@_uWutND);w((y9rDS_r^6xK=~a!W)nuKYtK8VDT(6@4A(2V#;Onr5
z2yECP==0&Up?A@xTY|n=`(ruecjmqhp$ZkM3q$i-*}fm#zTrxX*}4pJjVmGjmA$jO
zZOd%!rWfE!l=}psIy8=#rTO06Aea-Az%TGysfo2V`6@eKx1-FU*#$G01^}JB)!TJb
zIY|?micukeH`k7c7!(L);{&%8^#PL~<?}xzQ)4h(gYQ`^zJUG#Hi+@0BghOWA{{1J
zkoxQDSkSW_F7*Vjd7kcDNx%6nTO@-Hyn4)L2Fw#*R~x>eKpg=#n(zMLH#9!o6;Qtf
z5NUk3&-Hb4w>-i_bh0*dFGS{r)YPeEWTn-G$moP@h<qT)ZNJ1-fG#<7-BK7-{Ny-&
z29Vtn7<eQT2*@OnQ1b#|CP993d_MQcQ;`{7P*<-Hy751KI1rWnmo0L+m(K_3LQgRT
z-Y8cxS<hdm_`cF(=EcKJ4*KtJcV61*x-~GgXeMaWg*75ig=bhnIg%9M@-Kfl5Rql~
z`4_ALdkKo=BDykx$?4dW8e-&{$P6b0GeXRHlOsWWLeiE9>YI!!<Z50$?U84yI|S#{
zj4j+)58t2GvgZgMx0t-Q;Eq5fsU7m|{HgE0e^ajBLVy5(3Y5(RIA4!Oiu7>V0+A3B
z+=2T7MS1^SOBB5KfdIcFo5aNdDl%ei92vkRfWTNl^q#dVBLHjaqc4u0tRTEu5dS|j
zfAsPKuGcG(B0XJ>K>CCP58%1LUPBknfPV*_p}r7!@M~*zw=Jlck(-*NBTuNiI5uSv
zf8a&ywhjLVeu;S~(*6i0#Y_Ad5&F=k;xDkR2(~*{(JblgrqX1w8E+Sc#6<Wb=zc@@
z-iGmeD1;{bn%?VH<MmkW|FXrpCJ#yXF95sVVD0A*iT8AW4V2d9(dqsT1plZ<>&dMs
z3zx%8vdx6SOtSeD26@m@2;-P6TlZJ6hc)U>A!J)&If4psMV1*30_6Txi%Y6t((fPf
z`F@NkCCiXQ_?Uff6m=*PwflY6Sc9=UiA7eMcd%Czb9N)04U8tNRwizapmV}7>&+L8
zp&#x)kUy)}WjMn9O9*lwZ$vCT?5pIDKrrKvQvaBP0af^pzw{*$=lcmC#a-Ci@Ii98
zx6Z;LI2)1g;NOJo*cX1tcL-=Ke+>!{_{{{P7Cz>%K^6W_p|_CbhYi_}fj%5)U74Q{
z-`P?G3G(B?{*P9{!>!0ud6Xb{pq<)xrYEBYCZpxYwYWZHI06gX*xZ-@U4Wj=ANHOR
zr_1Eye;sfrsj0$Ce4~_I2^zO4YI{x*(!k@Y8<CwLm}TXWOvZVZarCQvK<O!HPLyBN
zoMOYRIc8uj<zc1eH>j?q2;C1?=`dRvoIO{I91szAB2f`7NDjXo8D5$u^aoKaEg4Ns
ziS1kEIIzn%;!-Y$$DZ`O<j&+pPt1z#o9A4z%HQKqdWOfgiiqoMzRb!+yJ-YxOy!rJ
z(hhf`aAS1jo_1TBX!z9%->O7<UzrrISWwv#BYK*T*D2R|%T&GqPCw8y$S-tN#v9N!
z&SaVYJuouOksJSA$mJbSDqO`Dx(&QuBQ8o~Qj$q5%9otZcBgHe&HDGirIhm5Q?Fs^
z%x#mZR8Uapu=hv&A#N<&lN`;HpA9=Q+sYSpVax*Olo!rbT>^uq4L|E<A<jJqzhRp^
zS#B>1|J=^MKMgHfr7W?(+xEh9kJ+{IO`ZC#RW;R|{PWrQHg<Fg<W_!}d~=bfF_0fu
zNf*e4Z2cUNgrgURYxH^QExBQgaGzNyK3-JM;>#P?F1xtL8K&1I40D4yCV`oHz=X{*
z$xXuv<idwpdNpH-HgkwEvU=qT?QS<#h5)B+2%fw{m<;8{w2eo5yzFE9mcC~)7k}es
z$~OC!;fvKkq^-KLRghD}Ht>bfT+c4f<_M1C4fK5Z8@|QBjHJT@!<s`4lj!Lar>c%+
z0<JgKfmSPs%RHRCDkt{LdCoEPHzZZ_PkxUxPj8!{+M*Hk<Rz!YJwh@L_!Ub<r`;5J
z{EI~8YTha#WgXNNxP5$mHNs+*$=HF31^oC)E_)6|<rNr0qzIp>_u<{4Tm{NIq^vc5
zv=X5XUkcS9KIjyx!9M7_l&`#^P>u9?5nM_QR8dNEC)DW|zm|4#`hsj*Fs*L<x<BB8
za&by6p1DkEspWB{x}|&3)t8PCAK1Prehu;ze&j%L<eImv-7q#?AvHhzEWQCzO%lF}
zVL+i6xr`W}PFyTpq#e4wc)Z+do0rGc%v=C&?2+2IF^?RozNNi`qf!0VA&qfl&|z3I
z+wYcIG7EC!p_%R1<Dr=Wy<!?9|B8Nj4K*`r2}{GmQkt5$+}f%s<zEW}zs-3F33Sz>
zm|Qp2qQF;}nO~lr?{*fP&+B4Hw2VOCRE)7G&nvbvX%3DC#Mk+gyWHFiG*KRFt$TP~
z?{XksY%121j|3dLJp8P;=3wI`yEpX^!0Nf+Bk-p3NSsdFdBOxY^q<}7N<QY=bpP;9
zy{fxi1;v~h>dFEbhNzz(NQ>R1q}?RqT%b?=(M2?^`IK>NQ;`>%9Yfj6u6u^{_BAUV
z(jvf|+}Fw`mx_$q&*~x3;p5|J+DH92JPk8TGl?4E>|5ezHp+dj=cVA*{2BKHQW?CB
zV5Oc14N5P^>0B&ckrc0qyL^ziOij}E<6btvTw}lg4sfVNv&Km1;zm?HAQvrx7avg5
ztWSHYI><b89;O7)M=w|Hrmj5;v251EjhyQzaXJr51?Zv6%=M!>o%_`|S(T<P8qJ0z
zdh1UOddM5`PP>d^-=Ld&qQiAsIa%tCI?ii!I-RZ_JZZFen_naEMg|_Q09lK`igk&r
zYr)gPZTWubF%m`^gWQ=N(>v!Pt~n;4xXjdLoEGQA8@f<B<^w3_NK^%L@s)FNEX&LB
zv?IOXWtz%G+?fiYZ^0*!w$sBX%iDJhAlyS2c|lj`)BX(Wda@H^c0|xR2i+1DVI*p2
z-mSrd2Q07Y%^c6k>8=jd)8aPs&<=cMU4UbgTAjvGsqVTJ1|kh!*9wj@*6_p+QnHFJ
zs9y=6o@Xkqt!7q+7n;<#gW6a(tPzS&jjonUSd+G!)GQpX-zA#7-|@o*Uf{okxY2ak
zp;dH_KJU~Ia4QGmnrDM|7X}!z+5A}|9KDF&_sedApcw0WtWL^2IZDb>gTA_;DRhPv
z1c+K~hZi4T8XKg0R*mw`8>ef%q=>DOPuv7wdS<!lIK)0toNPPQu6AB)0OEdTH*OWs
zaTX0OG?lh2zQR4!(Yo@4cBZjgy{?a5>s%s!X@a!Qp`TXku}Q*epJ~?WVu@JAp&wn#
zPFO{)Cuq~P9pv;P)#Tl_+}7rihVO}Q?SC_{TO4w_(E?_npHpa^yTV%?2wdMD1TCGv
zO&a$>SH-rXe@WgnD>)mfi8!o)z|B5u&Mj+R-j&*0b4`taVGG0^tjieOEuF)7KOlv`
z<gC3j61sNUF9$bxb33nn1a~oT!~I^V9)6o*ryO=gdEZ_<ZNSggHhgrRAt!d!jhn#F
zcO2Ri)X;n-u;NB!-6Ct*Ld(mvgy-Eg8qvu(ezU2M&lj<|)x2pdaLezJbrEAzb)jHW
zG@9N{4pQ0bBOIimpQ|}@vTWAE9bIfA(pkYzKTaE6zgWjS!^9iyXwbEI6z;vS@v4_s
z)WmuT9o2zl4+=ZQzr_U72Sp`s4rYTkiy0Vbe(JnL;bY-c`Pz8Sk%(UhMLh`j5oj}|
z#fR;ZZUQ%-9x-nbyh6EcRHo?N*-tv4ZuqtqKnZ&uC<JF|{Ue0V9>nndy#D!&tV_S1
zJnPk1ag#kq?k;X2wLf466~QUiR|0GRNO&@YOL+s~!_SnD#N4>_4W~-8JN4FOqZi=D
z!;93m-TSwvPod_7YvpCr`b0R*#mJ%KThE3k!}<;B=%3s#PR_EfeU1hgRJOD;LL$&x
zFhf@0s?0Svebsmqw2-_KmV;`+M!yJ+?sRJ*Js6s>HO5FGExMi3odaCwwdRg5c)<-c
z=`rX%)8|d<UMjeOt~KZpak}+1jGDi&v^BPy)vx=$Bh46rl51-Aw(YI)w(dLjd<8X6
zanGqdwR1;j33faKn|43o1xKz?cuckQ-rn`vl$`OMB*9bTh8N@G;t1W|E-Yqy)m%5u
zXwNPjE^ymoo?HW=JBNwAn<X88{3#j+?b^l+r>YxC##8d<3)9o|gU6eM0OQW^@ye<$
zgsLt=iMYFCc^+>Svbj$i<UvQ&!q*mZ+zL~z<vZ6wbL>J#ICAq8I4{JoyTP4gayR9~
zhg8ul3SCRIdMoIRxI+DcSvg<PnnxbIM<3eyA6B=Xx?c)y*dle%o&r6tN)jLWyVW&$
z72=X;$(uJ8id{5P-FruO0&}Z&<>L;eIExjwlS<z^C0QmPuxeZ-(Rxd<UN~<TvN7vW
zU=Fh%HhTcoTh%OgaJLRq60Ls$?d_bTc@wR#>HFUOR>C#`@X<-`qCh(o$oI>%90sUV
zF;6w8hi*|jcZ8Ol`Wl|ymE0borH_V;8h7skspdA0$^kd#OTkT@@@k%iC9R4UPDMtc
zO2BTWM|o_o!Z{CR)?`|?baV-N@B`-U9h^s_6i<I4Ij7fRUf$NN87^PyD1H9<VBw=3
zm5#-xdGXzXS!->Qb<J5Rn^#SePU()y#dH>4dQy4k@Q%W0kxi&lMDC+L)r-j{VKHT&
z>*JbZvv6h$rnc^WO_3mp&TW;&3UP8BI1ov-CQb=gwdRLRGmU+@!TdWWN4P<{Z}aaw
z^ifw;>2cZnd!(vtQ3>y$2<M3gF%0J4>Zpy#%=DLBF`2gvsgD}}>dPB69B&?)|4hO*
z5ENe0`fGZ&>RKJULhijqECjA$y9jngwBhW4TX>arw&W~D_O@ZA4~=qE_j#3S3ym_p
z@3vvZHq)Hlyjg>VQdBBzl>)yLRiE@#l|svrB0V>4d>m|*{Q4K=qWEywDmiU7vnp;l
zgI^elx!rWM6@qXE@o`my;@Aec7URSk)qU`^OoE|9V|w{GM~c3wW>M(M18-=ZiaMlO
zgB~%sYrbr;hun%FuTpH_3VUP+S)-j@WwmHmV+y(R|3-@meb6;V)7+;44I$T13TxzT
zTDOhxDO)*}bo6VHbacaR-a}(zv!6jppR-nKM>mCr=^nU-TW98HxyC1~UN6<pVqZH1
z@T3wEJB9e9UhAc_V3EIdT8Oj-c#+emcMX!CoqxU7!=qpAA9OxH|Jv+<V!hI>%{*uN
z{`FOvdCm+$qjY_`Y0ex$W~H0g@kpWf6~F-Y(~aS#xq^uBgE`~(r_25B<Y!A-Gn&TX
zr+!VYM~Ku3yB5g}H-5XfI|F-S)QdY7sc|)GYRPeyl|^o@8Os9)r6nszwTW6S^V7-8
zY`|jnVoRgy;jo3Fg5NMop0{95W&@fsC%XYDuB$A^8AT2lC+tW{nJ2hNEDb<<kqh6d
zt+H9MN;^z=M9dk~eaGFxX4)|{=Jkr@+~@R)qus-rNBR!Knj>gyaawx!ctmuJFC9g!
z8Qd!QH1kDODRr#iLQCADqnpC#h~rzRHtAw)L!UYZbHkGDRBnC{6g{=S=-xYcs5uz*
z+m(7vY>=1c0`*?+)-~uIfRwRxoLPU8XlV<@8JVocr)gf~Vx~dP{7EK76t16|9z>}d
z>Rdu|EScSutQ5V0*OZOgvZ=-A>i<;hHfw&O`V#rvs%TAoM;cCL&}pvh7(D&xhhJB<
zDek1%AJP5nM*3jM8aO+&u4V5si??Dp=zY?}=abDl<xP0_yxF}G9HFrE;%DBS)-;q9
zv&V38$dpfKzhEGpjQIH87&u>-IBRsVU_p>PtPkY0U~`JEYzkX8T$1WpHh9INL9<lP
zf<+3QzC}pH%{8a;i!rqhIFlw>e-|^Xx+PYLIoF%={1DQ;Vd(%G<3)IsuPPFqp5Xv5
zdxY^I<%RVEjd{58gxV+(6+aYPKg9jTxTk<lY24DGovy`kpj8{Ej1OGSje&jlkn7Fp
zmgidTusi5fs;yHo^|<;iH<57QQ};lWaUtb(qpI^Pa0YEANsq_c<uG-H4MaCHX(gd%
z0}Cfz8FN*_AuO~dEVL3aqp^ycMQj~TU22=lT2@_r#WE+4V?o(cbLnjm(X3TgH+c1u
z${BGLu?a#m_XahpENtJ)U*CQxW(T_2@7E#oRP~jCBh;L$Jb>8FNw#Os9H}MCLkq)3
z^QHl*B}+pC!+!(Kl0}X*hLzE>(TwFEz)<3;I<cCLya89FfkhO{U{CU5orD=#&(nZ(
z#<*GfsibZRsh3{`(mzveBgWYUiZ^VwpMF?0{YC5WD2-mOm20lD?^NKxy?2#bq{SWH
z8dD}_a-LeWh&XK-cu?zmvhvmWRB_&^z=C@(LdeiOp9dw*C{P?I=s1t8RJ`3Zw8dD%
zEe8y3v}%z<<-V=P_h^h&DpGnlsV|p2?;q2BXL)iE#D{zJOZO5mj@{EQioODzaSv&;
zUslunf&N<Y@te@EjG}mUPa1=yXG7cK90PZiMFY90%UTx?no3)ns?P^a{fj$)B9%5T
z4m3#=TiIB2>9J(LQ#LkSR-UmmTpsTYtBvw>pL523pnI?}wmL%0F412kASq$)Y<xL+
zy(0hAV~xLfU2)7*dwiFV=$Uxov0wK+S31=)9@`Ut@%3lw2;$USWgI*-4;5CyP&Ki#
z5->Hf36l~#mnh~}vXYi)3TJiZsYlhpOyWoF+T7q~d>3uPc~L^O$JuD%=}D2R>cm-z
zDJfjXNs;AhId;n_NnF-RBVKwrCQC(0J!yJ5G)pvLT;XvMscK<U;9Yif9ky*gavip1
z{5UVe0`$18S7XRBTf(NDz2?ctF|=3Uleg0zFm}1&@m}JHfz{$0XxXCvq0M<;c=jNr
z?SLb2!fo^n)Koj<O7Jq*f_`G^_;OJ3nC?_bSX@)3PW=i+YKfYpn^nX|>7qDcb+w#0
zR&}-PzXPedT2>sox?1KRVC9<NQc>N6HP_S)PcCIN4wsslGYFT8H5)%nD#;HnvdE`e
zEH!**sCL;-W^P*bi%h&~nJcLzyPr#06$EQ;QWZdEZbJ1$Kd`w$DAFq&lT{2N8E3tv
zw1SrrApv=gQ!IsyWBIb`%2#6?R!s9Wb+(LK9d*2>zc;^9@o)yDI|?}vUNhD+N)Md;
zP56}H(KQ+m4C77vTR`h~dmFmepbHz``%N7%sRy=B$D2oLx^@*?qSgR!(5x+T>+7bI
zQt)Aj)b7m9a@Wc(4M&#EzIQH|r~a;naA4kNAEeIa5b{n>beRpxDQ=x0;fk4%rw{8Z
z1HPRkah{zy;#5sP2g-7)sF7ZaqPL~%tpkWR4tf&x^p3D2J!@bwvkzsUQAPkDu@UAd
zE$JhUJc6#acyA0Z<B&wUUkqq)U%`fqck?l{9v~^M^P{-4Wj{C}M0vNk0_U1$86!=y
zP9K==$h}H%Qc8t{pu|We8;nNLO(kAggo8cxDOCMZz#8v&jvu%Nr>i~9d7C-P=ZLp^
z8@71~wo{TZDYz~>5Zv3O&gRwCb@*V=wkLZD(&d05-$Y9ZnFKp(`dP2(d7!R#zBZ_6
z^*vpGsOJLo*b{CxM4l}%j#n^{;zT6dFk5x>F{HA~><&-5UO21(S~emoDmJ8-{F`i%
z$kw!%0w2!a5OfK;V9B_gd<CHAEnf9f#rylm(W?Gv%bdQtiohLP-%Xv{SZJ+ah!en>
z?pw3L`+;ghJV(@x*sSk%K+_AvA9Z}BD(h0ZCGzs?SZ7STz#4T8+kO2gJ>V2Z%0nqN
zdZZ-ntBWkltOo%>2R?#!UzZO^`Z#GF4uH^IFs8@%wk!g;$`1%8um9OZfuw!<QZ91R
z{~^AG0ISPy+)m$A5-4ScV#$pLP?@)b6VY)61%+`JDq--)QWZbXh0*SHD(|UMHOhHd
z@d+eQu4qdRzB8>%$2c^tOvBjS4+TB!pK@u33@+QhD}!a8<g@362id;<X-ex6>I9o}
z=P8CoOxeVN(Jo1e&#9Y=y@?U_?TDsMVnD$p{H}#iy<_3Z>nv4wxsn$8nH3pp0cbY&
z+C|6fkIu}4yy!|o(4ui-=r3;+&dNhFaJsEe%lK<=(PQ@f?X$eb8|t~jHa4?wZz*_r
zQzDTzHhphzKk@PgMIwcWxPbZ?{L+!ucLi_nK6>$fzBioWzDM^8U$o)&@?G6Pe9e5p
zW)2RQI5U3HP7XQv_@<(S)!CEBdk)-O%MsFb*^}8D>|&>|*~bSaO<W6Q5w*qHg9Hc?
z17w?wfCzH%=d{jKFiYOX?;3&ue{_Qr5XrapZm3;ysFU!F_yC+=k@I+2;CzQI*LDuX
zd)Vw`D0(zs?>R5uMA?M|-JbL7+T4vYaKPuyw-V?e2aH?lM0)RW&^(e75a4VE6fjwZ
z-S<c-o}y^oO;Dhg!%S}0RQEORZMn2;25dM(a$1GlE5e5&mSO!l4nKr-{W%v@x)8%h
z(+Bin3Q}Q+wooTUflz3=nYJqNUN@(FN8O&*?8#zHNIM%=1mK`qzarUAAc{-Q3VUP{
z_rfM^gD+e{#ZL+8sFU}!`49o3)D=5W>}3Wg7Nn;zeZJyMhYplG@1?lYk9}kmf5xKo
zhL7ia-%sc(??K6m;z4;Orux&Z`jT%iK8G(P+ZLWTfZ4`2fo?)1q&k||(!tGSirW*i
zM;CAc5}Hl7@u1>TX9<_)JGC!<P|;<*P3d!$-2zb9<%Oo~?~fF4rG5iGG(Dxf1ZRxz
z<I9~Ewd#JI&fE(G*>FU(N8f&k@M%y^G>`j@>B?J<2+$b^1m9U%u`PlKH=%E(?pH@O
z)t|3Vt0y$zWrNm+RD+Vk>ihqOrEqr!h?`C~=9^6jKu{o<flLpDpd&jWte4?kq^~E_
z>zww8D5GyS)ntTb)ol{ip;}>yusHMhcB4teV>aj%=S)jKjde%upCW>FM^*nHkibKG
zuw48)G4&yBpAkn_iLg<5QF-0;>29+R8qH7WV2Tli7j2{i`15XWiV+`SVqd4PblHqI
zuxMX?yrqzR^A0xS3j`X)_qXr<H2HV9g?708P)zcn7ASu>iD#t#lThtk{SPhd@d=_J
zbbWe+_hp2dUEi%I5VVD~f`>GmI{XJsLR9U)nRobZ!S#g=|5LJ&!DN_4QnVCvm8l5Z
za9<wwJPXMmX5(VkNo_$B?SWP3UqZRF8~n*Lnlw=HI5N{I@_}{MGueLwVhyCY(!hZk
z!E6M#`EV0KZnjLwRI!TJl>`4$-K-&ADWh~UpiInse*e*=!4-1V{RcHqzY<;nWkUYR
zUDJDjRC@mY1&e1|-st3|YZ9-_{{vI!y0k!N{?FNeV?0VB*p5n0nslI0h%=5NA7xuH
zD@8o^e`UG_bG3A7{)2>4wX<GxnEd#HNr|brC)R=3*Yy_+VQeLu;t)fnN{c(r?w9O?
zTl8Kykm~f2-t^IiJZlrNL#$5tkD|rEBK5ndvCOK}{3-<b`4NTr_xs)CUF-pv8=ULM
zw^s!!kG~G;#Q0VVWUNCF6}A_Y8aTA`+Fsmqixu}H=skN4nhui{({$yO;|7cD)RgFo
z2Mm=ON~q$MwyTOX|6)pfty7pdj&<NBU6%f@LKR8)uic*kKBA1+k-D%1y{Nk12ROfM
z<7J!{O*&8SHytRBhfyWT2{RX&h@cM_WMM0@WQQ32%?uck+#B-yZ$RZHAlmJ8)GmG0
z`8&A@f{AnW8vqCxwkjKr6b=bqdAmO8XurhIzHI*)#><Y8qB+1EH~RU&@@CjsiaEf(
zOBLWJZBr&~tDQ)p8vZIwn2}}dh~Pi)G$JS_k31k7!7)&DsfI7iFDf@ChvtCxE{?DG
z+}IK0U8*pVW2`%0$fhQD$6augxg++wfp2dNqoh(#c0HoFID}^9GCsbS{h*dA%D*c&
z=8EP(@a~T=1FtOiFOurdrgUW?jm)#^Vt_}2EDZiJ)phkM#jZC`7HL2G<WL%>Hgl~F
z4&syi`QlpR3Uv;&dIMxd4Y%a4<yVtsj)U&y@Hj(AL~XYyB2u*LrRg>EG1H1M(<FXu
zU4rbdK#u$N*<oq*(mGLla44SqS@dF;?`RbVSpEnL;xeZO#x9WrMDN8l(M9%<eqMe{
z?^e9$dc>R6FK}LYb2!0Wy@!v|BADeYMv(&VA2Tla*)8a^XW+vrjc4&Ufh&Vc)L<{-
zahcEe!G5qf{O=44GDt4bVMtkgPzLsBQCftv>clQFf>(&gH9n(F$ikXZ__M?c;3R1u
zE+1A9*m<g#<tLHJOQ9C#nJP}Qn3+P=u*9k-iO_~;{9<x@YS!i}pB+8Cy7<>Z8OQB{
zGQ8=y>_$69m574@IW5j2YSI7F)SOP-xy1G$no>&jC3L%yNzn;62P@2$IX=q3zfOsO
zY6TNcSX$A{?V=u6BcH?3dS|x;jjNK;(M<BK;_L##ck#uwwFiO%T34BJWEZIwWEWZ<
zNb&xmlue<`eBirZW6{_@<Zc5ea8EDFZQWyYZ>!LBer*iOd#HubOPm=}w$gOR|C{E+
zi`<#v%hxk}oMqHjRVSs(@G3&#Rmulj2Z?!ap%?Y*n7vR#710-MFI@+<yY@Zzv)uK;
zGsAU>Gjm<_N4Hy%X0B!#-0N_|dKb@n`W38|(8a9CuH*YsDP4C5Nr%yA=d4}OhKZNz
z(eW<fE!!Nh<%z|bZ+P(~*W%k;S#23}h?TU8lPO0p#V)p?3xItncz6Bk3I8lvw-%?4
z#*4cdw+;1#@xDB)nOPf?4eJRnTZZBF`GMZ>XK6)rdU%D+_x2P0y`dnPjXbbf%Ei>g
zSP4~GhC(`$H(MQF)5U|?u7I<Q!%cz9+4Iwh*TAxlf~c|khLH?F{oblqCi&Q8`Z2rc
zW_F-0^CuEK<Y0N|#`*5vmUE|fY#Sz7TzMF;#!5EvO}JZcI$~Sou85k_{iHHjl%yq}
zFnqJyZJ2ajrpO_;?zHZ8s^&TPk{f|^nNt~O8MIhZw0tF%2|QZO4gs4f2BS?B2(U60
z@MF~M`LF0oJA53086I!AHB3N%f^F-utjBNbu(pMM?VVX4h@gWIK5m{_Spr~*?=JX4
zDle7|JKdM@zJ}uibT$$qzYboA7YBUc<_ElReJ~?lXyhgbUgT>+FWp(!8B!$yw)B8r
z{UezO1GzlDZR;urn=b_{p5ZRx{)%7zYqfw1IzOKTm7D{|2;==!2E1`$x1Igo(zi{O
zIe>vJ9u~h+_tx}RxAfgNk0023xP`h#q9UA+SCLOwR`E_@3SCa05zbo2_*PEcK8PwR
zo~)`y!|IfY1v&^%KjWiMKO|E#5h=+5y#<BYF3SrXTjC!A{8gv}Hp!O4G#K8JFv8a9
zvGjbS@xn}^PU}&8BzV2GH*Zr75V(5=-TWOpAz1B}L|X{|*>B#3w4}fVy<8V@M~^_e
z7uN;Vdi{5WsETK#^t;wj4KeJ~=Y%y8fm8NVi*xTRF2s6dSHj-Ox#uA8*|eb=X*U+I
zKd_H*_D3%aWbAKn%=0=0UgeaK8}d*dejRqO#CUxh?VjSYwgAoqID45y_XB!f@9%B*
znvwphez~d`zw%+dY9W$ebB4L!g^Z|b^ojq<>yg+5R{%VrBDzFv&_-Z~_eXV265?7R
zHW>(R)?onXIFqB?Cm(=C(y-J;(s08{>2`qSGd+*V-P6ErCBCzZ*9_9@@c#2G;qPp4
zx00NuJfbt?z!$$;rKY}!7e&;6XGlhXi1~xBEq+-qL(ol_%jn<mA8Dn>KTRt^ILv=Z
zD-)D1tTSaV{;tf#Lf0;AK+k4;ug{3Mc?S20($-mSi)+<u4c1ut@%w^C4^P5(ciX>I
zc*JDu(O~iGYKCGJN0(fc_pIx21p=iBq!)F)5?M0+gYMaZS<$+7EPozM6^gxdxcgn7
z=Y|Y#y1jJNC;KdK>C4gJXU=gx^7~z(mz4h(CR&?+@zLnco%Y@s&}mPN`?3VzZ3fYE
z@AGdN$Fu^!uFfm+vRcqQJ@mD`6lW`Kb9Yir)0BruMPLf|7Q~lQ&1t#S_y0wRJeq+7
zWpjM!moo336!=GD_YzTf6taxPFC~N1D91^pW}u~J@+D_tBxeL)_1Vo2v4uYiX>SbL
zAx8$m|I#$~bn__VDfD$)Bx6jI!?(1W89(4Itp#4l{$-d!w=D3Nld+hIPTQOk>|QW;
zTT8*gv?Put<4?b?vl;55gmVVxS!7WrS7n2Gj<CWIaLpeAlxhOA2qQXr8CI_HK}7|c
zN_W1E(!Jf~!a6~_LMlDhLdM<JB7wlu!L!BKDem#FXPtX`wXLc;I$s%6%Ii*1ce9x1
zpR8j+;|?QcDzifQ6L6T5aO6F>*>KG_$B=D<yu)JF{=3UBUrdM8yx4+@5>T(~jy;V-
zLslj3yuIVC=GzNiUY<Q0ckBc9ZnNa*<&oNq5WU;%0?Zmf)AYr^>=g&EC!Eo&sh(NI
zRU+-2y!M?#0vm3i>?xjUeXhpIm(M7TL$jWh=VnJEYG*d;TD33^Hg(52cV3*jT`$!e
zsNqsP*Q{!S$(D{R{DB>ErNHG83?Xu1bh(!T6v`Yqe=`GFUmCOV!Jv4Nz@GR?7Zu$K
z*5ORZ)g0zk*l=`E)-yWD7S*bU7VAeemcIrgjy?n1L3#XXx$z$oJuQC~`DyvfN%_r5
z`Ra+z{R3vrlx1DCvTFDJEdsaNqdA$ie|*8B)C_N!ls0p@>q(Wmd3pGKEUQp&9IHq^
za7gJ09CvHytc9$FtfO=v(LlY?v0l1ShtkdNKYa!opFiu`v+wzObO{qX6c$1+WUQQm
znmVGcA|&d*VX~QG$Q~$6$SiMc`#2$11N~gq?|y~^@XUSi-n!NA)diFg(d0*S?`>+4
zzNq0Sxl%>QcenX%oOqoa?T(l^lby`rU4_o{Ww9t$M_4s>h;{R{P_m3K<2$v~g)OSO
z>5L%Koy9t1pxYXzSEwMh{Z?f2-*nnEn-Cum-u-g66`mgw>#%PrA>iyV#}|GF$$2P>
zrDqAEI1|nsJYv%j?c79Ub&AYiVYLdkb$;gSEoD48*jP0>tL5z}z3d^dJ_7exS(jYb
zmO&QJQIF6$*4%pj;LF(Z_QQQNP<8MlFCOOD?mtdjI_y`spVz5QBEJa=VI5b=u2But
z0=TnZf1|(dM~pwvq=U=v<%^;%3-iKy={xI<5WM7NPZ*V2-@jG%I<vWSeFnd_(P7x&
z%xzJ_%Zn8m^v~5RE2lHQfgt1rb~aI8lL(P3T?e-&wc@F)7479*3P}nVUnr>}Tu53w
zl`h&gHK4b>*a8!et9G=EoQfPznSctV4`PROMqyNk!>We?E@}?4{f9el8<sL9S6$I*
zs)xZOJZG-Xga#vr5@~fDM~tVbX_^{tR4VsPQ1Q5@uxTD~n@IS9gCWJ)k%KPD+X-Pq
zE`CEU6&~z$mza(r4=Oe)M*~I=Hia_raeCRemM%{lxUSQ~2g`03D<)mFQL&Gu)Ar^(
z@n_dm)^s;90uDkBj(Z_x9Wu7r%WYF$+E&^sx*Vf4D=h)>CC2**J5zaW7B|174z^s!
zb>pD@%LWh~0?MYo!FM>`a=xBuPmdkftlw_8G^`E#--;CD(CwDjMw+{ft0OC_mjarj
z!xuVrBwB8Dcj|f{uM<|&AdBgrrCoFDN-lrdS#wU~A)WuiU#VKv2w7#(*+wW1@s8~K
z{e1)%i~3&fL)MXZ$Bb<}<K)@J*`Zml$!=KKd!cL_Y7u=&miC~Q@LL$p;-CKX(LgG-
zI~2}C>|b8dxw~hRH@Ew<xBJ3p_UpXn_h0-u&Q5`Hbs@lcF)0rsuE5AN1zYVt6#z0q
zfeVU^FeDXH2wjnd<B`o#*DsSV2WTnb9pl1<MD>V#qPAX2Mm100S7Qmm$>$T==(KYf
zY_VRrjG*Rx{QBb6A5Hg(&Ko1l5^X<B;G_Wh;AiJcpH#Ot<reMym9m<Rt*67=g|(;P
z;$*FPO<OyTRSoD<9c*jkU7oZRYW5>IIBF^oqUZWZNYdExi2q4*#^sTQ*TSB7Hg)0z
z@N4s;i@U0!j%rr#l8zjHE}-e9t>6KXgWBx)CB}d((fxF3+0a?77U=L%HYo!QA|2m#
z5135>8}hCsC<v`1|5FwkIyl%NotXD1BO^mbuJU^b+P<)=+o|Ej3)#&{;~<^IkNh_8
z9p;9_tsKdntz`S3iT3<89~uo1DKy^3H||&n(Q=N--((stcIiG62$%M@Cq}3A%9<lq
zPkNf1vGsziKbC$V;+3CZT<Y+$(Nfu~fey}$O{E}(&NYdx=%1ktCc2T{8sWDJPf5<Q
zEHJ#MG{#z}Kx`=fbYr*0`zhjESJDh2Bq1Sm@Aenzv3rh%D#TnRe$zp@1qkvC?;2<H
zPWx+0#H4eKSPwkQ`^ZFLR?*<Vv4}Y0Kn^>6fo1AchE7&TQo(588?^a?(aR|&S%YlJ
zNr^$(9=gjDm{B+xzWbD@ri5L6(_?!GOU6;i8<(WlU9!{%o}mX)*1dXp(sJ4?#iO4j
z8KsHerJS4SFuhAvjQte=*pI?y`Zyw_E}WwzqOPQ=BB<_|Gu`g7#__d)2%%8zwlu(a
zgFCq12XS5T%TwX2$C_Bhgsg*n7WYvH{cQSUq#YOyzNV0qR$SMN$*?<H3$GA2<#U%}
zd!l5bi4K5*J!43+Ix^c6uYrw2O|0Ax$h1-HlZUfWM4}0Lq~;V?3$9J#-jar0ND{ZI
zMvHMLU9dih;#P`MMmLRK!n;Wh0s>s<VJxLZ8Vc*<SpZKCQ*pW{aQo=dY5tc3V&x(A
zW@6<LmpJu&OYhR8Tw{~{=3qHuuJo#jpj&_=UweT=?L5XldBi4FQQ9!ZhGU8lQc7cr
z&{7CP7CW4GwK_4B$j1ykP9KiNgt!Gv0<9lvnaYY62mpR;pR*8%E)>P)+-1VA?Q^d3
zZv0wK#UfJ2mF+`lsb#)RoqTyoZO6nq-j%JdZvLTpC6*e-7o{GKGJ+PFQO#9<$aD^4
zH=ARZKS)in?O`u!9H0aK+zK46lmzJS2H2S1^<=q8*?ux+j;bd4NRD4Hqm0)-52M(m
ziZ?j__HrLyaqw*stK(A2@RzBGFWC+m>Kf!xK-2=KO4Nb*w+09Q@pTk?#0=4cEK##e
zQ8Ui|dg*b;F%m`-CC^K7$4hZma?~?){`hxE;vCeQjj($~K4mz2MZRV4>&e~>4+oA+
z%O|{C-Tg%QbWA2NQ3_kQ0qBFZCpzw4c)>{Ox5_mtA<^oz%HN&CzdeQ;e&XU0(L~bP
zde4LUvlr_@#<514pLJF~@#TxUp1ytg%5c-h*p@MH^s0%?;Ca~!U!ZdA=OK!m!d{NC
zoH^cA0fLs`)xKLJL?t`_FLP<<$&Zab+8K3w5J_KwwpW}H>zDYndC1jhy&UQ=#|8ky
z>@G^0@Z52FnwaTa|0D64Uo$|bBlU&$1)zorbyN7V2>0A^3G=am*8Ed-JkNm0B*Zm6
zUZDki1PdF6C|7dliXQfneeHLptt%HuCq(P6<cjyrl-2_{7jP~TGk!1OI$a~X@n8v6
zW-n}OP|`(hGp%`d`Oa*`%%htZNmJ13khM|#`QokR5z|WIYCqksmJ8-gz$)m}Smiv>
z73msjB?ifW9c+AeQ36LeAX-)C!Q$=jxEpilUIP8{ebn$}YZcsWfu=Js3uM1FYK`-3
zcRts$;93PCRYl(Edc_X!sDFGAupyd@7YJrZrq&Y%Jn(-G5xR~MLn%Bmmiww`6e_GF
z7fy@LDnwf=Ifd*vFK!#b5m<_GB@9_B!h#Y$&o!>dqK_*CXA3ciQ7S}TtENdoXQ0s~
zyg^*6RE>T-$7WkvAAO8=EKFW2<AA=b8sVY}==pky(b9nCDXdf0CB_)yu9uY1<GUev
zMuZfMt@r+>n|wop0OO(?C5>h#xU{*7;}c8yX1z4L_0eZ8R#)nL|4AR6T?gm)=ZC2s
zBchMmyZXj#g!_+sG;8IYZ5+6_F2*t0cY#)82<L>Ft5<iCRw=lnyG?M*tGA;ku+9iN
z2W8H)7jY*d&Lle9R(9+c(<jQ#m^z0iwl`o4=Qj5!YdfT-z&que0{2*J`$&m+>v-`V
zFeH<7&lw&z{h&Q<jA7o#s-G4VKIfXQWqnanTe-vvwK227_6E?LUs!&<#Eu4OYyr<X
zZIkh+0z<gBY&ZoRe$o%dcc<FL;*p&E+}w5<SCal2BgB5!=%KYlpFe=q1!>p#sCXG`
zzvV5=cUSW$0wCS(7v3;!5TZjT*<xytZ2qj$KfPg?NLv>qXIBRx(^kr<cM+tFBVCc7
zRw6lz<I<`52&Y6nEl#84tq>owI)#34su$O&u0=ajY(8DH;q2JbsBIy8JZ-6$eUQTy
zYI#857&(`DqQKKFJuPvC-a8#r)CQVnHp|#7=s4gMEy^^j-YoPk^yWM>3&Yv`Tu^D2
z5>r4{+%NqzsmO>EeJb88O+n$Q1cQ6GVB0LxzHA{sg2Qr}F*nt`<v`nUSEM}8`Imi+
zbFFiPeduhT`PR}w>M5(E)kTs!ZOUScvNm;ojB}#1|KxnrMAO9n#?!L-?$WW=rq=G#
z;qun<mcs?t|Hsxl250g;@58Zeb7LnP+qP{d8z&pyak8<ov29x$+qTU+#*@$Y_vU%=
zubQjoI^BKFRLxAyRCV|1_SDaO>w@kK%arUiFkmVPTOK~&=R4v*MRfG?0`IcSqUt>E
zBvmkUDCJ!6oWtLZc6{|F@6yZy-NN6>m?Ci~=Ul|SkiReHp7!+a?3zMx=xN#Z?BhKk
zbPk0A@tLaiM|aFb1;vEnVS;)Wg0xg4p@`d)gDZq&%^D4;6iT_bxcO`3Z7EZ0T3c{$
zQ0r3LaPN0>wZlIJ-S-yw#7zv@0eS6F3{8w6aN<L7fqJp)gLZ*=aX5kSi1g@U0SOJY
z?S2Fyi0pT62g3+g?dT4n3CYO?9T+BBrl3$NW0jVHiT7Pqs2k-k(cjA$L<X2kr|p~M
zoD09}<wquW%~#G>kB+eSw|8jsUckyVqv;2cpCaz{)1CL|ou9*(b@~DFonf5zCo>?e
zayRzIFoFFe{`0r?dd`VrQuN2@=X(90ub8hqyTj=l%Td|)>Gx?fd_at#q`@g*7eKfE
zD)`(pa{g}kVR*>!X#yy_*kQWY9FO_b0i<@0Z=Vw<@V}FPvaGI8!zNx}9~m=32WQnL
zDTZ`8Y6+mnz*CKq?jAVS`><r<DWo!munnjmmO26*-MBe6m^Kt+;Gd8M8HU54Lvm7U
z!otD~lT-(o!X(G6cQyNKMmz>;LJgCzLk!^+<F3P~Lbl`BOn%Enz5k>XC=SfTPQ*$i
z#r{VS#Z3kvB?^95I55<@qAi!!b`8zUE?Yj2R{M_c{`QQ=;C@yAK#IxoVy>>9<0PNf
z3+51?=R9S&S(d0l!WeT<X*u!b`jk=?UueKSmK|(<g3Zjq4A&09OORura+~QCddd)p
zsEtj3$Aa7U^6ld|+LA|g`^;TFA$*lgszvh1(AUG4-Qi2(VbyuP_R7ev;1sKQ#3=Wr
zn@aX-GAKnprK9%m=8dF1l%1xjX6+)L{zWYFTyS^-kfM)YSO%US>`!=yQXOo?xC9x5
zvTE$kg=DH{F$$ID%YVpBFGuzX?hu|_iZ6eqWS0)_d7w<CyxM(~Ud1SN`%QFt2RCDm
zWfk-+t?uO30H3U&vx82%0^9Da0Mx~FFkZCEQHWhA(W?RVfQiG&cRkeT)iB=epl-wJ
zCy}jKaW!(jkj^!r##?ankqY)$kG#VW&U*a%zJ>Y1XZ47ps$NHd>o}YqzuL~(dO|X&
z=JuQ<w>(qd{ry9NiH$&-gWYn;eMFw0ZjZG@<7fLnd)hQW!7kE3Lx>7iG70CEoS>=b
zyduH$YYf@}bnFQ-!>=mV>8eHr#X2h<$Pb+rPYPP&l5A_`hF~9MF<5VzDRuFK7_!RG
zBDuEhrcbmW0?Q3{df^Xza+h=gIDs|YGrV`z;-%gfWL?>-s1^=qv3WYI_!6v`2re5;
ztHYjx9(b~0n!9BtRzRaiAH`dM!kglf(ay1Z7d}k$Pz=q$Vwl}~BnP)DpxW}>a5Bm-
z;eGfnB&Psl=L>ORDk{!uLuLZ80nXIPAiLnDe}MV^-`wE>>aO){EAXT%M^T{SXvu;5
z74rZY#Fr?BtnClLut!v6n#=kVy=^AsVFB`XT5`T;aXa^`C(;0O=$ibcKPa9zWGx{+
zSVv-CU_K`|_$#yVb2~C-x(}W0xwK{pu$<-AK@Dsbd4UEQG+6$c6+AV(7k4=mQk+Ez
zHptC8%E0x)&*Y7^5aP)cZzv1USGSTgoHMZz>6wMH5nYX%jjkj=mx>iC_=0xhZ07?q
z>+tapT_0|qIGyavmLVHXEvp)K|8d9<@PXf!35xoq5cC4-7Z-X{@J`)j<m!TF^9`g;
zJ~5_<h<vhWtd?-3hlmsEUnQDZr&F%1I#tDWzdG?11xI2JBp(Xi<)(^XoZIw-1*I9-
zKTKSCbgaHnUag`zFH<l-YjfhtIfM62c)mgT4Xkfye8ae4UKz=?{TN3$1AnT}OF7yC
zv|zqY>l<9(aJEVKJAoFZFg%8z6{8-e&=R&7!cn5ltN5F-WA(n1q+{{E3&*`fb4u1I
ztLx4Ha%oT&IJeqmP@Fp0?y25sb0K^URzu+pp|hTKp=@Otq@`$OIbCNU@nxcjlNAo+
z;6Xh{_agfl1?2pTgnu~vGHRFd)%?ZrHfDHzZQ>GL-G_yzAM|12irCzLf@jw>%f5nF
zU|S26ST@S|R=VTr2VHWsL#<o7BDyb}pkAcSlCL-wNIDXshr>EystOc?ArBEmaQ9DU
z_oI!oOgJMz4@U({uta=9X8R>mk{`JdM10CS7^nP&^Gis{`SE<J8r44Ct1djQF6_9-
z_YWZ1qY{p_yR%b27*`G`z>KTbnB$461MalRB*}NM>^<$2%6XrXsOO1tmCqUTC@fM#
z6KGF4n}r@q8FSCI5S#{)cc>6tLv=qe7!Cz7X{w+Z4r(fc8BQ*%Kz7H}6qt1rz5o67
z!ajLtTYtEGmtv^O&_n4s$xZ<i{*?q%eR#85%J*B7G%8Gyh73eNq0uK3N}xNWJQ8W=
z2yf>o24)*6yV}^32b`}fA+2F-RcK@N#4OR3gPWK7;KKD$xwv7QTc~bI_!vjsH74k-
zLi?)5tW9vh84!B-i7@_wyYtzjoZl{`FGlKC*Pce;20IiKdFu#ivR29w-ln22Ez_iK
zKdK5C<|+$xa>l$fh@M5OEub*d5TdU9)tmOGFRd+|woF$IIzqjrT(|6RJ7Pg;CZYJ@
z1+@u|_!Ft7CXmF6NClbv2o(t9w5ZP?q2pCbME$}N)rcaohCZ^W3zYC7UW9(|WqIs(
zzhG&|2Ky^~roF(c#UHkiXG3igT4p@Lu7?Oc8ENywM50XDYSfAyj|C?O<L5s5VU)UQ
zylp04*t4_^+E{ueWsr0E--xu9#h(Yhl3hW5zcqcsvtOiq1Kp?8*k-937U&z#WZAK+
zzH8};rVG+J7V8xDCffYb37t!+SWGHfDg~Y-ZZA?UG-=!CjoDPJg=TM5yDO<Tsa}dj
zcPtP!dgiP_kA2t(svwtwhYOY><x_+$7$*V52!%%_7nPHI<OmBO-1G<~FS%)<J)7o^
zzSQ|sSrPvBLjS)H6!5<Y!Ga_BVjD(q+)%3FxN@Y#X><5~IYxpJY$GCIBlT(TGYK;)
zaAAJ%mw8-4tUnOOl;D&s_$i)y-g;E?d-}G8i~$8b@d@vCg7{?_@A63(4v(Cw?LC9r
zF*is6=o61uUg3uEZOFe}p9aBCFK;x9f;+?@lfqvpRx!_#ab6385~PB|%Si+r<!*s}
zOwS4{0oS1vgW!XF<tRwOL23d7aA88HVFO7>da^=tCR~415Zjf}W*9L2bhrqArtd~1
z;Y`6<=4Hz4j=^ZcYJ&PMI;sZ;_=ZD2k{&hPXf3cZ@)5OB22<r8NbinP-ve*()wXg;
zVS_?3EN9~O{I#ydXB}~njAv&c@nR&N)pv4hxu^pI9mx5j1wy}I1J?aRbI9KfjdF9_
zdWAs=^dSD}A^2dre{3~yQPU%(v~Z=FIWb!~)dmjsnMDTCU_q-gAidJ34639xSzhjX
zm~ZX~_7a6|XSsz5rXdzHE8W@bVNrk!jZWPl%7oI(K+($#Y01eQtUq(mS~@Xr?HPdy
zPQ|KLiuZEu!i4Pw_!9LCqZT^ncUdW(?peH1X7qI<MEYV5R_$s0+qT&L#m1Fp>{OfI
zD(afw$VV_i2@0_xNmP4{1Ich!q_ZH)TG5P?Q>AVjwFSQz@`HZJ^GwAk6FkZ`s8*QM
zcvfD=RaWCtjrSjpEBYCp8{)g|qFe4yoMSCl+4>W##*-8{*K?`vcF|4Hp2RbVSKh^}
zn~qY(8^k$JtkXc{!t?5O@*`!EtVW#Uvf;)3k#$)hm@nfTP?Rgs34B2n2EXv0ehxO$
zRhV52QMmee5k8!y^jLf0zMzy-BwDDmPhi@_uw0zqSb18x1{5fU0UWBhg;7*O_qRe{
z6q~^(!1%tI_q*TE;{+7il8m6QTX7K^22kb~=ukTi{>UJ@l55}@=_QQ?48#J`YAwh%
zm!_I1GcD$4*F2VYjhNRmjhYzN4|Xq5KN5lu!A3fD5A#Wo1#0wV_YKpa_>etAybJUR
zV8A_sbA$wb1bv|1yWUvCX=U!^q2_6Z>;98|XaTp~d*A#difDO8vy7)e9dSn475y}h
zfGj>R%EXtW!NxKct`kBRXTg%(V~F_yCcKBr0h54IjZzJQ7ex4HH_8!ek4~bl08NH@
z1=XRBe9A<UJCg9WH)dJssP%^H;4elt#OtU~^zTT#%-=!!7KcrvLp|)pbSFcJqc2|o
zt}bZ@4$B7{d1bFu?c+LI-y()LkA{A8_Uq|O;N1pK)t9Q;+lIx1Vnrn5{JE=pA7<9x
z`J{f{JaS5Rh~?5L#|+=(wY1x{2selD{AcmSIjiTP9q+Bob+g}3qV_$3hYOxAaLcVR
z0|EJ;EQVL+xjHfyn+0GZvzSAAm#>P>eVt1OHOnO#b{k9i8rTmh{kAS%u?7_YQJFmb
z@cQ-*^}9e#i+8a$o^3DCHO9OCb%n<y;8}mgU&}Gft{_#r>QS%24}J^Hfgbh}ZQ?mq
zl)u<Tqlfftflud<ZMQ|`#~$Ma=bx<{6-Hj>0ujfTUUAxVhW4U81?(@Vv}-*SzTNJN
zUi!DLMIJkiK8I)EuQ*fW7FDvuOhO*zzGYvgSBgaU6pmgK)@I%1;de{Q@;63D)=6GA
znu+wyczjK1I)&gINxzYAAC4o?$LMCt-%V?RU$&PUfE}|R0b=|L)6I3~lNZ^5N5;hW
zT8x#}p)urD4URf1i=!W1P(7*zYP=VI>mFRkdn1gk&i3*2A<oMdJ^gyjieFJK2qrZ%
z@W3aI&*g9oV~<7$T3=cCCLfmoI^M9er@O(83aZmzui6b`HN;bq_Mxq@ldW`}=Ta8a
zO*aN7SRdS1=Bw%WWo_?9M=T^-)p}g9`ELy`>mYhl>-a3*^n*$7`{_2O+Js&-c7U*q
zk0X(?O`s;E6?qRGOGgzaflBBr7H)ORUCJdDdjESf<(lmckl(A@cMDn?gC#7a%pi}|
z!-&8x_KFdf<hxJCe4o_W>9hmjLKJ(WW+GW7>caf^a@*;G`iFOQbG;>M0b#)lf~ltR
z6$GEI7WK!<AC}qYu!xwFxr>6-wbKrnbke(+L6VQgk4<aT9dH-2hvIA^*wse8mx(Kn
zJ!xN+(50>#K`0YHjILLi9`U1(TwKa1^buH$H#q8eI>>8?S3lyxKO>*oa(S#hv&5&|
zv#jWo>OZ?dc&zkam)3l6ie6hfEA%$at6&e$l2N5M$kzA<h~quP^7k!c#Sf5PX}#IQ
zCVp)NaS@AJr4dE9UDa99ylmMEBTvkAjm@mByAks%dx)O&;4GrMVMiiQn{xaO_scFA
zKIvd-x%%nt|2SoFX6@xucyv-3U;gDSlD_K2(l|CU!q3Tsk<1I+9np6F(<Zd~cJX`K
zo33<+-u(EKZ*p0t+xEg6`DMG6t78YB4v<3E8fm+2v}WKVdqIfl^>sGw2+6KJU$L{>
zHMm>i%VQ}w&k#M%1TgxE!(a>Rr&vFqCE0fPuwG#}-vtx|QsWzdeE(FplKxDIqIx>@
ze4-p*%vTJjs4?A9j$0?!894ltvpSaKn~&ZZ;7jMdTL3bS5OhQ&fXM1=;+kFgwDrXD
zsW%Sp?8MGiEY9Ad+XD^RvLl^e8GTDW)fB0I)x4e%37yBF{t=p<33Fr@6D*uwR`)N6
zelUH_o-d^%6ST<E@GeNhn6<v&;>=WH2Fmg9zaS(Tw|Y21ERt?xdA)M@W_=#UYCqSw
zSxq`ead#ZS5^?-B$u35Vca48VoJ#Dhc(vqhd<uCd$G%&f=&9$Y^1!j*jK09|oL3hF
zJ3Y~i>Xup~IA>bUImrMvz#uNtkvW-Ho@dNEIMCQ`q<-<&e04A?4sE);I%r}6tKZUH
zQBP6so}ebYER6>9TRoB#(_4ZGini-)-*m?fR0UF<C1hyggXmq?5-N!ND0Nii2$c(i
zT)o%M?<`MfFg3@$q?*6><DHKP3bTDJD=qgF3kWSuI=}wBp_=bXjPRe6aTgf6A5=$9
zw7enQE2h7EQeSoy)jUnRo4-KiE8$XYB65opb?7)~M3DV;G!v(CVB-2s`>|4eS**mF
zP*k&g#5AC3z_UI@2=I|j>7dk9*<=(;P3d0hS)fQ}H$C;p9_d^(dMvvC>CHd>x*jk+
zcqQ>}=o0t#l=GhP$Hz77^U0njoeozd#Z80hPPfeDyxsxj{q{0<vu<R+(kMRN*?Lk(
zoo6$O<q5kru-+SjJ(nLdsKK4;h)L^uzGK=*+m@z1U+(~0vgtxo!2;S>7`1FL*}l6#
zCnJN6(@gVuS;Ex$+|J^hCr|&S8tPNo;+O8klTL_^dG}bkgS+)ue$zS2>$aE0mWR=7
zTs%y^?O*u2HRT>9?=St=SGWVFfeevX><+qH{jDZnXqdZV`dbA<*zPS}=}mFJ3_ZE*
zX!pgji32S7i$zTwZ&WjwY?<yxHW_+-rTT03$PvSoCt|F>*9@1QB+m99C*?0?v!q^3
zr;yv6V1Uad!F3k|b$_{b?)HpEO4eeAnoZr;6f76wc*16%wf3u0;(3RYx}{%2TfF@3
z(SAKi6ae6{)I@PKRgL5^MpFgBsxlwxFOS;}E_1g>!gOlZbN)E0M<D^7^3?Ayw-^52
zME0%ctC#l&D3?*)RqpX$TYkx&!X6H~BaX{KF!P#;XeRZ@wbNhiJ>6tp=At{jj2!O{
z{L+F50yyB-_LLR|qAdD=Lcyr1H48U^KWD4_$Jy-_(UG08Tv*OP+apgLI#^E!P)sfO
zxiFWWBPMlk!&%kbiVr$3_U$G9p}lvXb!dwxpnjJkz!;Xy@KSP{Io$cSt*8cA<NTFa
zQwP6X&w*V>_BI7bru*J3kp193)^ZkSNt*Y=MG-9h$)mb%*VP7MlWqKH6Qs;EC`*2>
zG|wOy)g~s{D_MYezX<+?hqXo$s1`L9uAolp_2K7Q5~#X`J<suZsk#y7+amJR&xfra
zuuuiG=UPAMpca-q+R?+u^K~?+%s4%FeHe%Os4_6#PGKf@hd(N8QvPV-SZrjow3l@|
zTa3<MXBSos6r{NJDxN)r>(q9#|LMr~5j0f*wWJ`&o{{ji6~z6$?PN-rSJkildY(9q
zTkdI5F&#yQP%n3FgxBaPIj>6}2;TYyeGw9-q#2o^xSIZI$v1wHIg<LoR;eDRXX&jW
zh{jL=!DA5b=D?U;tdwp47!5*BrS+?R;~le_FykUeWs9ZFq>Ni<+S-`K{bEh>as@GW
z9M|%&tf5I^d0wXk->hmL(c)4Y8gJ;z_-RIViE(rMLYX5?qJh*7L!NEv)T+2nL9!vr
zjpubitE6Ch1=|jEau@j9_wO|R?a)Kww-Vk{b}PY;{o53^C$lAw;@$WYhGC!oWxp{H
zd7o*HRv=xm*zFxrAbRQk)CbD`Fy}_miuc>eUQGB-Cy?rX@99Hyc_?`I(ir>o4^Ry5
zLux1$_H5Ffh6HaId>S5(e(O4+l}2vQFcIIxd>m1pPpi7rpJ`b&79wUkn-)@~-iBkV
z&N!u$9NF@CfF|bc#3qZ;60xq8@S+hzfnVW3zo_MFYRSu%xmwv(_d0aNoU*l&H8h9c
zF&^zQUdQ+=KcoMO<#B5T{5!V5aBh6jRkt;?g@11PO}f8{_uPuN>2&McW`SL9-R+P8
zGso5nwdsCzG}|}%{Y~UKzKPm5nf#9se3OqKyd#z?Xr`OdY~SD=YRC78cH^v$a^t)j
zy>&*5WpUs9-C1`&gdU~Onf>eHy9wP;HGU20@n}(JO5MrOG$+>PZ`JQe!QIhNKE8uJ
zefw?mH|ZJEa@~Kzi~RNObni=WeeM){@0b060hojLBo*k51nxbn8sw*r<UA&HVSGlV
z?wa2S8&K4+0+zJ&_NQ?pZGFP)T8F~CfL*UXt#utkk~kf<@8YH&(LEPUcRKgVLsxi!
z!4>^|)2L1M&%fUW!?+!`KKUN0%OQ%a?#s{T1|BuMfO##$ebp!+`)A7c%_;Gk_L{!4
z-a>JJ0Sx1xA?{z}o!h?qn)*fqj4Eqx6~FBS#@~7~CIx{4Pgr*jU4vU_-TiNqx>K5-
zbX|7cOY0YxhwD-59DXxe=KEoMghubRbz?)ZxD|Hqt#xCRTHh{xn*Jf83@I2jqy>yW
z0c!yb;ySs)xdEj(T%3;8BXB=qf1)RYF@Rx5oCQRJVgKO?kOfQq(;h$vW-rzyv@XOu
zOX4WHBjNOG=d*VpUz(XtOZ_M3(x#ZL>88Biuga!BbWu$lx4Csolti3MYhnP?DtSKq
zc8&#UId;R#KiWe&8P9W?ewELCE7s_d?-?H*gN&vn@&`D)_A#axjof1^)-HiV3K{6E
z?rWKM-z4$Zw-on3V*X8<z8(2$B{6mLM?e2FDE^ku&wWqP!R57Aur)22Y}@!ARsW}}
zh|c0T)&W%YOj$crR&uxC(Ag?Lo0?Cy4QOe*TybbDWxhovvzO>1#NKAUnZBpt9M7gb
zr-_x6)Kwnwp}H_1<<4`an556ga_K@ZL<S6D%R2olB|s9sO$#HG8QQos(WnW1KI6hz
z?4>_ZCd@Sh`Mnb5vy=Cd69#`FXoT}GsxBNC{$D3i+pk__q}EkXiY=L}QcO3f&}OJm
z0ff<AR03=jk2C4RQzruHg~-?ZBR`=PGm=V0n(zLz)Qf(knL~U2ZEgW=>?o><i-lg_
zVI}z6Z^ugTIY^``J=QWbR!a~76XnIkmg#4R8wew3ZR<wwp0ntVv%|k9WAHLm{C`k+
z6P5uB)<S1_3u%a^OseP{Xr=nw`R=}vYd{8@WpEos;b#UT4}PO3y$NW;hMF?mw@_cj
z$yH>bdn~L;?wL;1cb9<EITNqULDyd_{8J`g`GXHV+H!)!Ca<1Y^Ya0xs-<Lr$R2TA
zAKEWu^}TujyJUtj&1UKx$fPffPs`p{xk#Wo!;&S)IUrb&I6MdP-xuuXbnk~;<Xbw{
zQw7MAZ#iYZ(AOE(hpo;-4d{bnaf4WdRNfkydf}Y71*H%U8|Y%coD#U7yfS<nGqDmO
z8!?Hd>MVvI+blvEgBbiXb~wCHP#dVg5!AmlhbpF~Z5>04o|^6jKSSU2kK$Lf3G|N>
zuw!XU5|#<90qP~(tEj^JEafRH8Ak)BAr)22Ott`8F7&J~r3kjkmv9x9f{9$Hp}*AZ
ztoLy2ocC}q76t*t$3x1tEt$G8XBn#@ct-9o$-x~X`eNEwCLSz<?Xnvb2d%Q3+arUO
z4PY#Eo5|tYht*_<)$W>!$JI{DN}e879VsFf3i-9^i9&6on_`C>lUEiI!xN3kX&sZB
zF?b%Wyfl5AhgbP<7S$rrZ<`-U7etQ8O7Ks)-YE9G2Sg&?NF8CQ0((Tl&)>0EM#tEW
zVP)r-gCvp=*AuW)nN%DLF7Y(_LP=xXIN^w7Qd}}p-&56kgmLDkI2Kl@pJ|YjJ?-NV
z2l7dW@toSl{sQX7%AInlxYXRL772C!I<S7`+PD;I@#;c`>Kc%~?AquLO=b+`B-06&
zq}|Px@-g4OccrLGx@n1*;}Ms*mh8%~xwG-tTx$}15(m-MI3KqC{A$X2*uCjQdEr$#
z4pG=ib2?{pTTd2hrufvjgw!$F*(3Kmn~i0`12^iPpo{P|hg6T;6oos+q<Qfz$tp9=
z7m%hD<gu&LTjkXt#-v#3+%O-#$NV2J!9HMBmke)v2Ct)3$_jv0VhV&faHW3LI~urA
zz!)GurQ~ov*Hc0uNQVSe>2EwpDbWxA-36(bIP%iGcyMY+=U(c<n3Mt<^=`5N@H_Pv
zTJ}`a1DuD)-`qr>5Zv*2IQX@>VU_-9#baeR+bKIL-0}*dTOJ1;u5~_&-C+sasl+61
z?U^y1YzGMc0Q8oD&MEI0-@)i(sSlCQR6NoCXT00(5r-4I5#0Olbdz@^mhJIt;g=vi
zkg=QtMXTxQJM0<yB>35W!$Y!0&pJIhw?nkH;J+h9&NO!-62jH$&X_U=44UMc%@Y#V
z83$N14#~R0J-S!Wlc1g;T~10wV(Unwrb#9TI5sfclu?dRw35+koie#UlS^rpOp`0;
z%KnTgX{!;dC?MKY+m!3Lw(-a=7F(3Zln14?pAp#Pot1e}=XIAOk3p4#TH%$4O4%3Y
z@``Zq<V>l{tE(<7%CUp{x-1fuF{r^WnA^cIld~y<le6`OO+XN{qWg@<-H`tO21zz%
zlrn7pldCO{$iawO<R3{`<YSmtq)a{Pcvr>4C!m{<a0fsop!-NEEUbJ3A_4s;XiemD
zh>nn-m%m9DbXS-VI1QX9sW>T-3I=t~L$(<AN7p9|@(mOT5gO(i_#e0j(XPCO5&R=W
zQN|JV1r+B+see&-y>44p*XqIBH(Nsb4qgs(hZ1ul2tOF$@TB1delR@8HSUPc1@^42
z%QJNGZxJojFRw>Blej7Kle>{t^4ouU(+Rmc`9tCq;lM`Ckp$2@8}t^qfIF%&p&&q@
zK7zB{n1ZJPz?}lPYzU~a!zJZJNCN&sqk;cfU{(@P%GQBM0K-JdL6gdp2v`uJT|_K|
zoI_DSE-Xli5`t1;15XbRunS{0<86efC-fO{zad@k3$ueJ{(laXXGYu?(CRnYF|a#1
zelv{jxb>Z*bPN3E@8^VY5PBXm@|O9TK>XdsoeCYfo5%;>cmx0=`U#GBAUH#S#Ii?9
zBvbS?y!Ip{?zVY;<zjI(0fC$=1tTm1Ln;MR^bbXZ22CVRNd$&sNlPZ(7{?+soo#^m
z3pbPvfcqy;Poyd@1<$r}8qKt-$UwBJXi2BWTpO#-;EX*<ryAJqlVn@AY}tA6@#sML
z&%LT;$=kN8Y56*%%g-{$_j4k<t0&fNYB(|pG9jVV1Kd0yxQHGFMT=x-`MD-u@;i$r
z-R#crxJO~>mca+!GfDGK=8mgoPyI)v!=dh<V9onWrR6&vtD1ec8Hwrhyy$pN5&a$c
z9~qqY7FP44y1CKGE&Uq!4pg|k^!jlg_rFHKdmtX}40;U=ew=p3J|zx6gAfO&kP1LB
z4EPWe)a3xsS;5~)9uNpHVpu1T!Tl1qA?@Ao9R|2#Z^&n+TVD8;zL35MtpvwnMLs&-
zJ@Tfz-VIh>k-m^tN3Qpu;;Cp{DB61UkmE|8ukW|1)Zc|ap_PdDhjS;r-@R*rVeiPG
zv3G)GFYhd$ICdW_f=Iew>4L&{&&bcPBkxIHG-m$SU|`#j?~s7Me0^UDg5dUkgE<u3
z?=>%mqT?>_++1TAU%Df5_iQs%wZ<o3XaLw7!xwEUm-H{r6|ayUun(Vq)50If@5EB5
zwFiPC4w^3&X5@!sKfqg^;|hnv_6B~?bu$rNq1_z$B@ll}@NHB)2Rwt`S-o@a^?;_g
z?1hc0-fl;IQI_TV;Ia0WNDCa!|46^H?pF~&gz>>cdHyL~?DN+S%tAB3rycL*XQUj@
zScahaL=rI-iJ$_BVMv1iL@QLf69eo153?b+kto$TT*2T8F3j}Xfv1<Jk(nOJfKPtb
zhwJz}fFi-`{{*3*{I@6D<f30hxc?JSp?-LqoopwD|IhFR?e(cM>XZL`w&xi0;kr!n
zD_e86rv&uFd(OYC26T&H`X9L@AdPRlkj1(;k4BXVwD^;jMx5~z?;i80BCbU5Ju)g~
z7Hq(s8A*t0A9U*iQsR?<`OdE%xAhrc3Gm&5cun<xk``%5$6Mt)u-Y4^-W+B@(&P!J
zqvP7-`kUqWke+b*PB`snETi2Ju|Rq~XX39EkS{;fm#0*JKu;8XCJ%!2tg#g#4?>k_
zSRV9$)cJvlT=EO-4XPtCN!1ci&pxz3!vu)<Abk_P`{51t`(=M*Bu7Z1JN^Ul4S#1l
zDN=A~s+KM8i}2=pc&6zD_3`OKvUlXG_Y*XZ2j{S$LYJtc_mkJ`bK(;>&a1;bw?UcX
zO>kAbR25J_@F=*dt5m`$*>*8}!C$IcQy{sD`G}qn5F@FLCebgF^-6RoWrl{kQ1+&b
z)lO_KyCk(FM2Wfr0KNN^A9;(6d*YPgkeVY^Tm=LiI2nEAq#l60F$p~yQjaDc2=f~z
zAU`)A;NBrn2OQ@bkkOFlB>I3p2!Wmjlu(%GLc{%-mdy_PEF+>8qPW3S16x;u^?^+8
z<yZh&?EUmegxLA;mPTX!R5N?WkGoBkiUr^QB4hq!Gi!LzoTE|s)7f(-ph$`9#Y&M+
zHShIcW+OzQ6e+U<`C#dV3lyR`2|$Jo!xLhB<F^7qV)rLt7XqsXaMypStp?hGYJIY=
z=8%ed3Wh~}k(#|XjXWpD-IkE;1GJjyb)gC~yYaZY2)KRGoL_AY9_WWbOH#=*z7GJ7
zwm18o8#gQPhuIl2Id6@G0i&crc0^|<UMts$K{W^tcbFa@Y};?Qs1R%?@tN*4y3og@
zNKJD1Sm$5dcXr&)=XeK8O(Ru_ak|T-EegWFK2V&`)ee@B$-Vv3@OPm6RsDkAplYSZ
zvSs60Qor-#H{(j8UbM|7m>j*^x_ZfJG#QT`!8I90t2;s4?kuiIIHCAH`He>L<0yJU
z-+!}lPDKwGBvD|K%laW|-NCLrf$xmr$I+#dXl_k>B=Caszel`bHkRnM;b`AMnT=A6
zByf_;R_|H(Q>2p0`hjXYv(z6<jwH~<Q8);vywg9SKB3wby>pF4<$UMg$;Rcqw?e!)
z(cJAXe>Xyb#Gy4GG9QWJ1ZVSuIZHy<B%$&X{!Dv^Rrxc~3YUI+J`!apM)VGLx3e4%
ztx1Z!MFLRxBp@;G)r|wy9L-4;MD|sYtP^`cOUz5vB5Mz)$d61z(EqnLBVI|Q|Ih4%
zj53jP41f1zK~^r*z~s*f*&}Ovc$Fk}9h57otSENfPgm5$y#G!4woM6VG&#R^L6sH5
zuH*XFf1mzO|KG}^S1$jV{*TUx+wr%D7yaKvv{`ZbO95;a-2Yu&3;f%3Mo`W@2atyF
zF|ao)NRRq4V0J>h<oJIQv{^y9&`;w(C&ZMZU(C3#VHElQv+NH3G-fIQtav>jdqaK<
zoXrYes6Qav3Vqf7d_Ydj1FVdn5NpJK8Y4cvgneIt9`SqCT;rug6(xGbIBcaHHChf@
zjzEqP^#ibFfXpohjq(AV0JK+ukTS@Nh`6y_3kDqrO*W~nQWpkY1SW;Q+JG8Ocj+_P
zgDAUPQNGSCno;zg`AL<+EnH)n=0c(+W=&wiYNeIZ&p?si`nNoGMP9`sd1}<VJ_~T{
z7np7)g>WTs7%`wR;+P77`Lf0#es*y97l%q*Bav{a{gCMfA;{H%XPGMBg@b3>>Toa>
z(oK|DV5Hopuok$@BOGXqQiQTpqu?wX_6P@g<2*HQ840q=vuM?LYv}xPae}%^k5(&x
z8{P^uzU1vu@5BnfR4Px<d_p{5=Xx&X9(lsDD;Ak(*CFt$PO6qaYu&Qw5iauCD&2R6
z{ym0V;4?3Ek5Il$%3q`LBO$_2z@^S~D+I$-z@*K@R^GJ(4M_x}J;{Ss$vYg#b(B$B
zw-e%5h4r!^C!j!nn82H16ZaoPP6GP{h1dYa{yk={0aF3iLoJTusWCAHc&*~8(yLY2
zK@-jeM-*{a<FeX2*%$Inp;&@o>_G^*Wa7@CS%NkWuY#6gZ}L3k>xLP)BIjdo2Aznv
zAa$KA<=w^SHox5cMYOFS!CqRZeqp6CEYRL3)txO<h_I1_gFB{CLRA~!3&A^*?k4;>
zVd?|z08*^rHf~y~l?^sH2kQpE4LQ~~%1bKRG`8=9ybYdiumw#Ua+XM?l*1SDdLTVR
z#Y=imS(-$pTx56f_2-MqN)b4!`rh)qSqrqEp~4r=@xk{hcs+n!pi(x!<DyLj`}BT)
z0@*&?hAbQ_gh`er{{mN{R19L}MtFI8AumKp9-S|h%N90Qffzd&j>A0$hzJZ5AIFN0
zBR?aPe6M}{l9;Oq_pJI(v*HDnBu#3QK(_EB`rY%Bv(_!52gI{nE_+w-KrlE(EfM3k
z=a@<Kb6Y5p5B%=|`H4MJk~9=;qKIF1PT0PRZ$0dPs|nur-p&v*6MsnEKjXj4k0_P&
z()-052J!&mCxm-?=^x-HB>#8v!T6A3d;U85!jJQUKDy7j=>?e;X2uWaW)^xt^}*<p
zW}A_}L4BZ{6jJOXc)*yDbeQXW4t^FJQ3dp6J_B#hNk#RcTxQL0W}g?Hf3C=MLEX>V
zGDCNL%WRo>1?U9en^lJU2wVv!M27n=ev5Vn@P*1;z$%%5s+lko?RosW1_@b0K0Ak1
zGn~%7`t}_I8A`8Xh)F|AyR-jnqxV3cEwnL1XTcK-ANTvXGERse_Y=4>CZSmjRJjVq
z85-0lz6YSFqX)x@z>^ATk#1DvM42N9h=()(QwS#w-$W@uc_T#<CJ4X@OY=_)=7MK|
zWC3S^XOYzU@<hnj={5S8M@h}~12=))<M_ufqN5E1DF!CSDuyR!@j#&C@`;@DGTW`g
zIT(1Q3Z@*hE@g`;X8+*hl=CrbYiIAj0yRr8IV_<4g^4iajIqbHP*Z)B??h<AqR|6U
zM^LdHE#dz!FldJ~fkcIrHQye5btSv8ob+M#ZNbK%>v*==b0wy6jg$|?FI?&Z4=R5c
z9%HE54aWq+#KG<@VC8X7D@hosdsxGZpNdqW#z6MrZ>(r$Fc+c|(jM49@$hk!dz599
z9M0>v_r?!~aNfG<@w$(zjTYY!lqL)^BohWPII&mDoQF46OW}i0LqL7N*mO6Ym;G7b
zipR$no;84&tJ^~&HfW!gVGSwP8-O94<oDRNCfR7np#=T{7k;+#9AtmiJ}s~qjj~>J
zu5%>c)HPr3NF{uL;@O*(CG9VoRp#Hp%LXFJ+W`9HaRgMD@A8=}7tIP0a2sb=6}>J>
z$tbq((o~b=i9{XOIN#4o?$SKb$mu>zDQkNwx5;lPezIvK8sMdLyLMYNv*h2?=xxvv
zj0BcVQTC=QVD8wJU^!N+o^&ZZ-KB#9l?++Zy|LBdvow0~vwrm!Db#tyANjf$Etp;F
zYiwR2fNz~|oZeIK%VlqMRM{P)?EU(uEF^A=X(V#&*LyG}>TjJT3BtxZ?0r4g<@33e
zIR)#a*0ywjy*uTu5FwUs5)n=yZYY-i3lHUGNj}RGRF<biEZf2deAWk{L2ke#fpz&O
zS#fiU$5f?>`f+8N%zgJR4p!P@1a4JRmP<IiKcd$5k|%g=n+vScrYFAAwx<K;B-Rq=
zoJ|Y0k9V?oF}R6)#c%?Ng{gyQUDS5MJI!3wwSWD>PfDz233}`B^qeK@EzaUfW<tzJ
zU1)l46PBvC7+N~|7o{2wLhNy!Fop~iS&eh@6zATq6xv?!6rElcS@0d@agIvPNOM=i
zZ71`r(?YE>yPsKDwmPx83l+cT@*lJ8`0ZyS*~c!6T}-;_2VFs@`=YE2t8yBC@5ucu
zj@(;Xg2(!zHE0z3S0xj4TEDWuvU({QMS=v9eMtnBc}4`9dAbG9weAbzSnVxmm+uYq
z<iTo>eSAsAn(r)C;gMe!vmcJW+V_{;q(Zg+aDTE^mTh?yPcoR7k3Vl+_Ek7Qs64gU
z7Q#pto@Y>Irfz2<F@TWk^#WT;>|g>fcAEyba5n^>IPIo^bFJw%?&Vdw=Bx_W5cPXv
z=#}5}0FiAc6}|T*9}{j+bHyLy$Ee_Q^7T&cm~hIsDg{;+S%n+%L)P{sBDGE?Latnl
zLaKSgfdI3~lncFqgv@FDMZTtE{9_d+D@IRh;l_so_c~5ggF?-Bx!mFetiSmd{rwcP
zxWw3eB@13~h&W0jJCcVdwD(F$_pJ2>L8slHFNM0Ve<LWSxeR`U8Y{x*TQmvmv4C6w
zwLp-6XZo8GG3_WTqTIBW^jv?prMH|Z(a2`S4i7^p;qQ1=Fm;eLNq5QS_s6E5liTJ#
z#C3`1`qg@}8ut5Uo@eq&Un!e2H3B_!JbPddqUuTi=Y)3*P+vnKgYKX70DJ4be>Qpr
zFe6*lzlF~d<ofp%c=hk%LFs}87g**g7xB!(x5r63ru2%zhB3M$9;dO^B^Mwu^Pr1<
zriuYOX9U~W`O)QGCCg?*cx$K5^xX!gWpd;ZmeW+)x~N87ZW#J;(zr!*>x|bbt3MY4
zS1iyr1+_OLrOUsC9vb9YYY0S>UUCq!J@vX#$A<fgx1`gSBb-z1pB-xIf>TPOzb&dN
z$~;5KAVvG4hwxx})}B44CAVb!(xP?>d^ZH9!(+tLLR(5?c<NW4fl)d%eZ3wyebWX+
zW$gyq^=y|9wz~9DZmfFI-#1@4x28iRqbzgC+B#Xd)-JlK5+(CAXkXYfEHU|Ioo#dV
zX3tb6ZTk}$VL8c(JBo_>4(GgIr?eoh?wFun9WvHLYtt1$`j~O2*X57;s)y-M&vOew
z`fmOm?RdV{<s$b2PNDhN#a@cb?%NFNbuT21+slh!{1_hA)FKuFe`Af)Uuv0D)vX1f
zj@@g=L4M=hYNbM6Axv&7=bSkApZ#%DkA4YelJqSfkHpa%WYhofKkk46E$MIvH8@)X
z|6TN5!+Ehfs2dXqtRC>Ad2ks^tr<Jvfzq-T0M~L5Kt66;aRYNqC$l(G*PWd2mOtyz
zFZm?0-a@W#I*(#1i9YAKHmtB=HM~o1yw#uYM$>sJDgE0{QlOGvv*RXydsYH$F04NH
zFVm0o$JHPAU)A>jy|09*of+$En)kgfZ9J;zc1||xzN)aHYrgyPH(&Z;m^@}<@UU3E
zab#{Ns#|29me1~nY5U!W9xB<Y`+R*#!(kF?BVxsD5?oCi{^K+$@ws8Gami$dsu%IS
z%|5WH^2sY>Q3v*<c}Yyu5df+W{UL6j-()ah1+Uu@f$K_fm)d;U$T6!vS`HT6G-No-
zVYV1CXx~u<R>^eZeXH3Lty8rJM%eP%-u$7_^1J3TP91{J1W|H0ttZ~E=kwBje<`b*
zKt0+G2IVTKr^vp)J!1>~oZ9F?hN|ifbXo`b1<!G?&4T`H*BF?`_9bs>t(ZWKL+7Oe
zTH(!Va(~ajGY;HjSpu3xz9mz6-GQ9)HJI34&=k5TD6)`D{6H;p@>ay1AY$N8-lLCs
ze`%&UN9`%LAL6;<Y@F1gdQWNQJ}=x}Z8qXx_b$2&bt`|eSx;~qx(?xJm^o^8n<BRB
zu++bKvei0A{K}Ou*1x-+`=RCV#7KKy`SedlzCIdwJzKbn@##Bu*$h!<kZ3LYNUV0W
zHuoNu4B0HlBARGAew#IauzvS3{4>KY<DDwsM^x2>?lxyGX?@JQgr?voXI5>s{Qa1{
zsafZhVFgb>f0Z4v**<*Ie|=}8n0=C?=_^6Pe*Ue->Vc!-t9;0=;jPB@f+H57ykGb7
zF|MqzKDI{IyO+-gryVimfDdvN(W#7HhX{_eBH=$cTj$iGZV$eIu#N-~Zt;%;Yv-r8
zy(D<&5r}<R(pt<DqwSC#6}YtWQ88Xq)>YOLK~q-HHkY&7q|<uH)_Ik6b7YqXJC%Lv
z?upkr-$vMcv#tNJ9p|9kB;-27j*)3IucH9AJ)M8*rOH?CSu;P<YfeiIVxdj-s_Ogv
z0}=%5PtMEJ**e0JrHy(^VL^|JHj_GwK?9T#+tjs4un^_YRU%6!M2wc2CQXR3lWQ`i
z)oha*s1zhUekJt5M^|tCqyXr%>w&6p`QI3r`OW;}TPxmO{L9^49(7&4TXP+9xNbsL
zO!c-VZglw>pWR?47Ybm+NWrKca}96^O{r^$0eM!0P9EMNn`D$tn(JA;VF8%X66@y|
zTh!1<7d^<xpsG!gtC!J_Bs=aANlj2OVs+mEQeyM+fLr%yUnP1w&J_<(5h7Nsw`^)#
zpr%h~0PJf8vK(1<v`NQ&H*zaA^IWf5$Fd(v8r98QublUcpH`*Abqg_g<BB54ai@_W
z<VJ!YQ-iV{abphbL|Mbd@$Ry`<x%jX{-d=Pf5Sy;ZuhVsMQ!d_tzi*e;D^_a#GAld
z{<X%N@SC$y*+=ciuO0U{7HHTFTfyC(Ks&o%!>hWB2RlI#kE$_0(xNwG7K}t(DeVOJ
zM_?#hay-nS=hsR)%7fA`Qwco#GO3}J@Cia{v36+Z{X(YJXW837$_u#Cw*5Ahu{IXE
zr8L(c%_S)+y_jtwWf$gS{u)WY>5mT@wRxo$Y^4@c#8mY)uC)8i%pS<jI3r;mq9Ika
z<{lD)>CY2t+-7r(?mkl3suGeBJVlVpEi*w+1gs$pqZ~94cKD9khs4Y(YQouPn*wTO
zbWgY-j-m9(;tCnu32qhVE8v%G#tHUk)0aGybx+g${cH#lYvFqT;@izEWyC_Z%(~I8
zRBoPe;j7tZ5U2`wX&k1({yp`DU#laI)i_T>d~FIeMf!;}vD+t=bgA^vB6h2)Vd@SA
zO)bIJXZ#P<3#qRw9J*0sI52jxosiQ9u1abZ#+>pK%YLN}qiVnl8pgX%2Zf-Z;g_Ra
z$Gj8o7+s*GDU9Z>!vYfbRi9UYTW2-P<u9u9@r4*3%wB4LO^8_ACtmb?dax-Q%pmf!
zpeZxM?#DPb#G7z7w)Q<yLI1wQH7832*JR}EB?Yc~-;Bn@DS7|6unBET>HmZs$V@YC
zw7*fEAa3j3$Fz}bIV*SiJTIdf;52NshJ%(H8>Vy&tK6qnL0We<penSwzAH#0Ucboy
z)2-um87O;9wo1+PGE9DKp1-i2*>YJMgd{wFfVjqC=Vy=SD#$Al&~s>fu!D4c{P{;z
z!XZ{>0WXMOC!X!`2`0X2W(ZCf+Iu4&W51dRwfX84R&p--&C6Y)J__19R0#3%e3jwq
zC(#vd^Z~60@B&+Wzb;!e9&G<lHhDbRep&Xd6isCs`kvo@diJPN&#lk&s#J(myCtm(
zp*r-~JwMxC@U6<UUE$R4K^OWttIjnx?A2eLTMZyQS6<W6>O|cu4H(uej87Y(ubbK4
zd8S~u^{COko|vdXz24|#SfryF1Ws^eTaDqGBR3Wjfy$6JrNATqqX=5U1q_j9PQf{1
zbx#o@vr3UX4|FR=t#k6AQ1GpUkzAH#U7}SA4DSju?_gF3`+r6wB@D?yTTrtMYF;hk
zkK%3`!-Xv`s{HtiX(EVcV>$!u<<FgGiv_WsK>yO@V6Pfn3{|!LO8=oujOIsr$T5UN
z1Kx-21E3fZ9BmD;E7nH9h_Uc_^uN}zT9V(;|2_g2dFiL%eqBo)q>*?%NhpW`b5S0N
z!ZXp_y@tswsi*&BVuyB03abXy$H<Wzpt*a;4wQq!;Vr@Uj$lRzEG)!VJW$7<D`QA>
zQSC-N1|8MIg>{yQb1wG8i|>X%=~Z?|{Z73rBK+Y_CERtjV*+E@6oft0h3$Sb%VUzj
zyxT>6g+<wwD%=$qx*1QK37nF|JdcTbV_tWh@<zN`NqVB(K@cxz`B*QYp73%IcRP&X
zGoJF6B*4b%r2FqZj5e@VGrgkjM2@71Tvra&!WB0z<3vg#KN%)u@4wt?%0(9zzbeJP
z0v3m}Q8sfDD$Qn4O#Makav^7U@LsLMtdr(m(M8ezN%4gB2fes)OT}p{X;l}L!Nsd$
zkTR?P6uCOry%z{`%s4~e4q^G@$07wUw1^Y!6gPp?ToJeA$=dD)zD~t>Aq)^a4?{o3
zg+2-Cw=3p-*088{yZlsQo}NDJMNzm7kAB;|YpIatAs;sF+#(NCu#6kxRAe5UK3<j}
z>h(!8HxqQqi5+gaM5QWp)_u2`e#5;^sd9<?7J|JdCa=TGk(<|XmQv)@g&wRm3ZiQ^
zg0{&T9P`1#s{ULYXL*Awk)|GX>3zpi=&Kv5ri_&m=Z*~W<s4#1J&2@UTOPmb6vCw_
zU+MZeEes(P{asx<c=g;2%Vt^ynJayJ@kva3xhR$Eu)bTKYI|b!&<yUT_44D4=O(wN
zY%YSOa>!MnEV+#vwtnbL<5m4QT6<xJ2e+uETHyG3#hktir0-#SMzx<4U%QAhg1-8n
zT0D_WcAN*Xblo?d<?0!?O@`&{nf!>>$B+~^4?Sp64>!8%fj&(A?sF|_SthqE7|fG>
zy^?;ho+UTRiBna*<AF|rO?C#P(}qm)-NHBT`QvuR5LF;#HQg?PZ~VCpm#*PiJJHm<
zW-Hb}$g9n=bE}r&aXUWaJZHOft4h!2WQgqp!!H57n&s9+5X7qmM->EyD+DLuYgfy#
zmb0#_P9-H`SM1P?hmWhhS{cC;MtECb$40WTaL=$ldh^*++xft+*N;%~58-59f+b>i
z2gK`zk`CjkWn!0#e$m-$1well;`LIFGyJFU2W|^HU%BA5JGer};Emr0#R@R)Gs4@F
zSzCP{Dx|3AYzy)CCO@7)zM<<ia_sqc5jK$Pc9{Wm!hgO$n3wz7hQ+IcJQRbecoQ}f
zcN+-Ht{U=Z;&-#*6y3}^Ec@9AJ+D@8>?HF%d6brvFS6m2-ILm|`(0-4pc*S(nL@Dh
zB~MG8wvo0^N<Fsk6+P@OEe2$16>{jduB^^9f*mTx+R=T|3CphzZn}`{J#>iINnI@;
zX?QBV9CAdOn(#G_kvu&7h#lLm<h$(&O+2Ixoh4g4I+?0WEj`o?Eryjm><wdnsd|VS
z{V_50Qv-TjTx~72l$kbmwABRHr*=D!sl1k-7%IQo6!dVt!w(5vFku3|&bct(bU{DO
zb8GTU0WCa9vdd51_G&>-?DMlLB{83FFvnrMgkhQFGlHyjG31+G+v55PEvp_ZkIVS)
z9WukMt8*pGn`g~W=>_FIrupmhmL=OwJ@K^%q!xc(6h+c{SXyAmH_QbnRgTb8ND1gn
zx$i(aLJvpr+!;Dz{xu-i)BK2+H|30Tv%`Ah(w;u5S4@Cjy{_M;K$f=oVMtb1Z?h`<
zL*62JRjU00yWTJ^3WEAzHh3afQ_4a_RD`WeQHk;)zJ{VR`NjoJjw{tM@txY3WtXE3
z!t&mnZ1Br3P6%xj+>CHlW+~2IOx}P3?~c-%a+@URhg|4L*bfmu$xo@NL_rp(14G>G
zKU6u)e<p$u24*}mF&^5ak4TIE%(9%yL8BYrrTJN4s}4jlZ<}}bzX!iC+_R6qB|PDl
zEHJt;GnN_RnY9;v%yHt@JTRQ<Mj5^~Kdj3My~aG~Q_}O3@sD+q@-u$;<HmjJy}DRP
zz0#f5q_^DoPUz3!o`y}V&vBpf-P@nCp8}W*=6a;Q`Y#ec<zEdao=#L<CqP%dR=th@
zBLYcP%wb%(sgrsK9M1UZ=2z0y{xA4X1e#+$a@#jX0=otW<ythFlU@DJ8x?wN8NE%;
zcpO>t&KewvE{<ex+*gRd;(TN9_as&)H+VOMn^U^E`#8Q|pzYckC+t>uJ8aI$$$E|N
ztjCbc-J>?orSXsSj=sma<GK})C(U2!(T*)`n9YU?2e%ixcRyZ&E_m<44q_Xw$6OAk
z>m?7ryUw_){7OV_;5^(;0Lb=_Z>Pk{>>XZ@#!4;Ce^t<WN_|e>p(nV$1ixb^AiVO$
z{gC|ReW@&z^3(Q{S0VdCegQ}~Q#)e}|Ioz*`0lWb5~B+!JZs5pr=m*<k|?sCtPdqi
zn&$bBP;m#gAI0R>l)uasm5cPzuRtnJcJ5%4sf!H6IqGrIWLE$EuGokj9NBMfY|yHK
zt(i)Ju)rO%%h06z&>vo_$wd+cD|ueutkzeW(2rx-&+^IH&z!@YgMuaTphFg5AG?!S
z8tfbE8_Rt0cJWqwN&QAnW(*kmj2gL-R*U&yc+<`A<?JIe5;S8<;PQb=9xhSbUlpte
z{D6JluqJ!Meq_2i&s9vJl*WN=cr^?%M~f-k$uKQTz>tRX)JmY0rm%i4Jb{v~{*lTT
z=n!HqHTJ{&2l_Usx10*8XMowRF3alk#Q(?KSun-%MD0GfySuyl;ts)s1b4UK1Y01u
zJHeel792uwx5YI$EDph0bkWOu-}@nMO-)ZvSIwE8nyzX)=l6`@xxI;{h5IDZ@)XdR
z?vd>I?ft$^y^g*9b=~1U*XG>ChP~I+hticy|DUBb@~TXMyCyS!Yy@wyRwd3!M6FC(
z5$^9$YJG%OYE%o03U2x{LWPJ|;;3-Cfi`X$RaCnO77K-}?%u3FD4qkMZnFA@9IX)n
zj7$Hu)zfFCsyURaf(~Cy90U)f)`1I*+A(gI3zn=xU$Y%y92~f-A{f#r*K*Vx(>C{c
zplUb^pKi0QNCgwJ?sG8v?)b2f8x6vGntL!Wm00mnl%i-EgstgPQh>}J5I<&AEz|=T
zEkuUIbXf!0Um!wY$BRvt_i;dG%zpKMF*OVvUsBDt=92H^uo$veqA9>_x7(c=62KBM
zxp{L5|2XFlw=KVLAd)g7R6_VOCBvn(Up#q8s=UMx2ms2G?hN5$)<`x><#P)<D&F4>
z9t=vIOa-TjL2%N65GLkAy5LAHDVLPqfp##>dz_e>ZjsnvLwp`Sk309n&)u6nv+#CT
z4wk{A(TQyILmr6O4d4dghXa1730-Y~0UtZl{+(PVA@GaQ<a31ZN~oAdx%%`BAjeCc
zWUH5_b&UgvnH<dhv#A}z+xcYv44y#|p{zHId{R9l=sdFfr;p$5&?f(5icZZoXZ%dY
zH}(>0pVd5BACmzkIyC!;RK?(v7jb(bwIBpBgwkrHD2iPF6N}q*7-pQ0(AZzaFN@W(
z)Jta@kAVZzd+gr$a7HN4DR&Tjixr%Q1D^|ckc|fMcxQ0O%c@GL%H&04#SW{o+tM6@
zP9sqU|J$jt80WUi5||_*L>EF=iCq8j5MQGS!_c4QtjcFg>KP9mQ5(UvYHu9ZcXH--
z;S(hLtI$2?{F_W%p_j*!oEwu&F+LyxsVJT#i8P5!gH(fThJ=fli<FD(C}BBXD4{jp
zC!S5FmzrQVyhSE9nbR7jT_)rUeL5<^mtPSg#hNRaW%9Ggi2bwxgnI07Ugk60``LGD
zR_zH9bDS4{8MG%hXXv|Nk6B1+bSaP{5#kLPU*2QZ7}0#APK4l-A5;Ox7u?ca`!ov@
zOU2+6p{0OvKKFFH9p+$iML)qr2$Ng-(Ka(Uy7Wbf7l8q5^hq1AbmLw_w5|UxmUt&a
zeyXvjAB;Hq)XcqPpcTLOEKCkIGpDrRHQ!iBF^QxL;7dI707~xqkxvl-a?JYXjAKfn
z^2Af!S7cW_5|0?Ot@Ne?bH-t%?HN$U8?{IASss(9OU16x(soKkPdGk=y|(M%<_7_D
z&HUw#0NeZcp+c6%bY`B6FILDUJoYTby5bqs(}g1?*ZRNkY%if!#D`{99A8z~5A<Ux
zt!f2E_8K#^ENcaHP)JXC9EDAPEmbx~4l+>6VlYtdF)TSvnw)M1xXEdqdtL+<Jd2&*
zh+lRRflUL>FYN+Pjld(=YPscVkB0MI|M|(d&ky_;G0;V?ks9?LaK2A4Ccv*D>u?r@
zoU=^}=_Hq-v|ufks^!Bu#6HARZc_)&iV9~LeLvxX6FHKp=!W*QZ2jveu{rk%J?)C<
zFKLPkpD4aTuV?sxBSA9zMYh`eEiXg22b#9lw+p-DLhqY$r8_mqPOg-tE4coB7#W#m
zs24iEDT5E(lH!IR3RMYo2)|9Hf~<UL<r4M!+bO31&xD``a<G9IG>vBRpo`=L)V>S}
zo#iNGVfS|m^X_}vM!YQFwgr<TuzP}mH?DAjo1`0uY$z^!Yz=h!mu%fa`ZMdq8~-*b
zHugNhD3@F2o*OQ-T}Yuwfp6<ql$ez5RPcnuf__F}quorQ6^KLG+rkP`vEOWbx!~6?
z(enG_w(7PII%n~^29SLRTeh6~x1Ob`vDbIHak|Es@nj79u$4b{xEd9DbRSDGZ0^4}
ztj;DkI{Px0Ny1K8bxtUR&tF9J{aP_yA*N798VMiCu!(58>>K(rZ34nL*bHGQu6jry
zDGqHaN&d&VBI7w8D|>S}Fz{uJVmk<o1WdWw=CuQv9HK#y;5TnL(3qZe!?lZvP~|Vs
zRAeW{S!LNSVAqY*^zkUa>Jk_RN?z5X*`@ytU%D;k{9T6y45qVC0pLOIui(vOeLYqq
zXBB?8QUN;$pvgi}e>Tv1%CEf4RNAgE$<}4oFQo!2cQ~(_qXsgX@{3J+tajSl{zMR=
zFBWJF7ktq+@T@%GBuA%U6~z_#PLvq6hPxw5VTzx09@7Y*WP7&UfHo`=g^3Jo4FTql
zm||{73o{>yO;C}ZM*fJBt2pCXDhUkZ8$O2^G9bb)v7Hi~I%+dxJR?E_%-Jjy&!jdA
z;S#*c9<Bnxf3G~icUP?7S~u@@;<|&^GN7BU__8N>JZ&&{Tzk++xF;hC^>Q0vP=MpY
zK7)RFC|(4V@#Px*ew+Q$4fJ@F5|hY0io(j&z-smAoj@C8@?{_A*x@4=U1j7J0u}?M
z+nRxzZPmu859tAe%j0l6WCxAWeS2}@(W9v&4M5@Zw38s+p4fXT@4Sf*-qE+AK0!Cv
zKx=zwImm6x=jnbeT==AU?8`&?hj-<--R?%9lQsO>A39zUiJ94>6%Eg%!0dam+gcvp
z$kTD31<Hc@9}iBHU{Q0;dz-EL2C9XC-2fgl7zovEEtoRS2WR{Nk&UElbmZYLU>pnn
zlsGVe{xbVyE2~X!t5NaSvo-lalmpd&!XsOX&lY}84cRcg2Z0wqLVL30nI&<?2JTd?
zEuj&gIZs%E(tQ-l(|zP^(;wtw$Lr;tD~|*w15oOX3>CWy#$DxNUuCRmMrnI#EJr({
z>)`}A2U<axqrxBl;A$tN{Xor)-J?C8tGbrIt|oWGnZD0sh@)!nSJ7!l8<MoUrvU|b
z4&6{iMVU9Al(G$%VBP=bC3&<Wh^JqRB_2KL1m0LuM8tgRA4~sCNXjPcT?_PxNGpEh
zds^e7e7K9+b0aUjuhWRBc%!{@L_6P=xGN6MQ;q*gPPNCw%fpz;dDeglF6Fr*isA^_
zY#a>fZq!9Q5)=c2oG^#fixMp}-gOp<0py~1GiI>0jc9MbK+;1z<D#%kmiZtS=5nZy
z0_QUu-PCm+wHxD7MApc&<Piq>Dd&*CZxW{0NF73lrO*o!oe-S3N_bxjLu6k9gKXG9
z>W=haDo%f~iUJ*z_8vpQ!G`KoZt~5LC;p$Zwe5iZ9hDKcuKn+K2j8#7&eqO}(T6;V
z1s=?e@{$k~*~fN)OaT9}p~suqinnb$Qmz`j6C=0DRO3bWE#jygrmc_<SaQzuCXBc7
z^O1MpwlRC+o1cl8A{n(1nk`G4oy$nOp5@!Hu%6hZGN`ew);Gg@k*D41+uYL)SG;qZ
zlgTPw?w)W4m}K?vLH<OTaQN<}7^Hsh^ga)weAE`hY{0A+hDaJa(JH=pr|cyQ$*Dty
z6sLJ`mve)S{>!%t@0IYtd246#IH(hg+;&a8h22j=uaQkOQY<kvPEt(UbxK|ie>dhI
z22-k?8U>SwaVjj}IB_bDKGn-Lzjn`&Zw2gbzd=aQPLrO_dP%0LXB8?21c#Gi|FegA
zsyfjlE-jBuKhBH&ef$!8YmYKo65BX8AA45WNy~In4~kRpeIKL*UB`HY##YVQ5FpGE
zkSDRJ&iw^6&zkD<Fm;q$26>stD|yi+>B&2IsYHl&<j<fGq#ScnR>a!OF)r2X<9w^q
zrx4d^Wb}{sluCTRUNLUuT+?mj@h7DY=$dJ8)pL$1IC8IFp**j&k2bZGtX?5FS3ocI
ztFezY9q!IJ_Fe(tcMmsq?dq%6*vDbi0Vq`J08}cq$I%JD+VCeTj}vWljT6+iuWQ>V
zbK?Ocue}5lM@~}lYIecM=!pb~sa6?Mj?OOTI?mFC?_V&dp^DUWf0&a=(qQo{O&6<q
zgt&zXk@rU}vm_0fLjE-#gbb|w`oW;Pc~pJvDFsZT73LPwoe&8@XuLCKvPVd8Z)sG=
zetRQJ?=1!wd7<gKzEet_5CA=L@;H-zHXo1+YZMr=k0UfG708O2ai;kHq^;oF*IMP+
z)QLUIq=WGKMRXaO($#<Xt{Ls0dxUjWx9Pg18pUFPqV}yka-DT1L_R|AP1QA3qJT;l
z8TI4K2S)01!YkQls@{nnwgA3-yu7r0==8s783Qt||18|6y*b@DQ`6FS)ALO2e%xBx
z)3inlKq-5Zw)()(D1l_xnWtU|#iFv4mEcdLYYHzwPgoEkSXwgbvZyN5=n54JMS|7g
zk@ShXCsHD`zPNC7dDaVv5r}Ul+xz2VUEoUKmgnP^+)S45THqE1h%q&=JnQ~Qnxp1)
z(Z(%pUkbtRi9FnPI;IC=ywZMTQ7=(~@q6gIG#IGBa=r1cC1(9Xa}JM;A{1b`cbJc&
zUnI389QfP0$9#{BhS9DieAjBfk->6yJGqr8V7aMBM#njz%FVa_a)T-Z7O^<j63=V3
zTc-~LSZ1<E3(D^;S9!LDwuKGYAGQ)*OTc|XbHkPij~byA!43^N8*CSN^oGld@D(cz
zZ<=lkPv>Qgi^wVw<Lf;qMU<k`08W4ig-IeM>oU2J{Wiw@7l$@}8PbH^bfDH}L)Nca
zRjH2ui8zG)Hdtf)t0Jm7^4VZsjzupglo!sJel<F-EFv`@?K$B)IdsbRuWRJq>lu$>
zPU+}az>1z6={q@u@}2+=XoKxH&bKf7GW7xjNsQQ+J)@G{rjotR2NK^^$BV^u(_{lJ
zIG}jX{cey@ihYeU7?uI9Dj+6hGAfpD^x-=<lp`36O3Cw0(2scLX)x<f^AYh4dFsW+
zg8vX;lBVkU!fY!9ck_fWc}zTInPB3J&i4eEvX=ra4%sU-U;PZov&ERQ6ts00vvr5<
zageNnw%FElYtGUiFsdnKC9z*iE9$<}a-``37)3nx<VjDnN-{`Z<9@Gc?l-W=8}2cG
z$5%P6EH_ILR5l_<t6Hf7w0~azKx)cd(+U7GwoLvrX=qr~tjb_5`>d8os+h1SW9;LT
zf+;Kr5PbOgt)@D|zvb-AOiWZffINVF>Uy_p7f_i&_ZnBR>Mr)iIU_yF!n*!H=9xtO
zDUK?yp4Zyj_!#I+xOP$S+mBpM6X`Bw^Z~e32BS7*zKMW3K%MVNOu!{)!QNtTZs0JZ
z!?SX#79w$#l~%5Gy4KUU0}IB%%XvyPQI)K6=Ew+|?MrI<X1y0)ow6{qpH5x%U8{A9
zucKL#bE2|egN~a|N*Y7jhxALzp=XMs5`%IIAHC$?bmcOSa-AIWih2+pc_xF8*|kcF
zuciWcPMuHYjpJz0CvN|r2hDSq^G-_gQByDo?XzL{mhD99nS5N=akXWP_yNA{zqX^i
z3W_Z^oYG(tx=juw`*YR*t|z=zQ>+sG{e%-f1Y+gSt23O&GS4CYkcTn|qY|4dgIOJ0
zZHCWhzuPTCNE++>w{)M001BZ4IEY32Ps7PKGp0f*u5*5?QSz@4lKF-)qJ8zI;c7zh
z(DEi--|yAr!yZH}y-`oVgcGOFT$#Ei3Ba)bVj#2?+gZE(fGCkDQAL2F=%_gd5!-O~
zK_2MzZ}w@Pj7?;7v~IPAL8E$ZGqG!_kT8+Rue|T3Y3fa?ITCiD_C<q#H6G4xOO>Zd
zdgdR@+kbRsd;{S5;|s(w`U7Dh6^H3>)BZ>5RYUDjhnco2b>4!aSRzTYAR85g#c~X-
z+?%!=e22o)dCmhs?oP;t$|S+5CQZ_griUrLaR#bA#<FlgmBen>zj={$6D3anR<_}v
zhsqy;u{I0(0Vcv{mvv&xI(i`!`#FOW>U43!K2w=|W9txO2KB<~^w{--%yN(7035wU
zCz889`l$+0w*PRK9q+YwwU$YjMV1wo36F@EzmMAJh3$VorwzXK1RJZ>5&GM)_}Pa)
zAGPnU?EUjr!6(7=cbR|rtsRUCGCS!qbj6hq@vl#z9mY9A)N2(Q=J}ZPt)1lTeNZQF
zIv5L!=OBr9wgH}bcUxkYI*>1k<lXpFzFsHdQw6s2gPKPYI~>$T<d@t1vpOZ{e%z}f
z2Li%^zDI!X{zsyTpAF}o%I}S@Gm?Lge%<BpCQrXH5xxM{ub)0BU?cqfd}wkgZS8&F
zr~Yy1`RZxsbyg0ET#{ajbR}%<ZyvXuZ4S)EKgRmR`E<7ScTVJ=lto{#YSI!}>ZKkv
zwGMYGuwGN{X0&0>i8WrPw<Wf(tpumjE^BorwW)imdgNCKUnC#So*C2jj+gr;pP!UB
zZe4V+s(G9EY<jG0l;rLv?v;qH<{PdVuANZI^R?x_9L8Ezi4NxfE7&eLoA%MjRL(ya
zyGRt*D(Ia3=5Fjh<IUw}>cv&^S6dclgbn)d_58P_sfR`df%AV^UzL4eFR}vK(+^EQ
zq6wEfmPJ|1=pPs#bRRHBS$s+ZS_A5>y{M?G6&@^ns`tnZTzm?P1WBqm>^6ut@-H}j
zlAcLht^up+9>z3NWR(3@Zi~K=TE9uuoyHV`_(BWD7|q6R;u+u1@8jLiyzDwUOg24g
zs|V*U#16(Fs<-jQ?z8?L;@V<-d86X;l(`iv&9hby0CD-$m^ul&dZv8?<+Yy|hI+Xb
z<JxrcV%`N91ycpzE(|rg*=ce~-yiS}!Luj}9Pn55q*~B-Myq-v{u!qT{O9ki7&_lI
z9ZKdcT@5}D2Z4g@uiJ-@&PFSLudaXb$r<-!HC~oJz$Nf^k)8>q3=sNR{as?vF+p(8
z*<X=YogY@6-!RX{3*;xCXLAb}CQiP=9AIHYsmMZd^B@ULoA|QdrLf;sC_SAU&o>bU
zs0HfI(yNRG-J-l-%t{!{u5frwRh$}M_m@!I4?KsA$t^1kTxj&0B9!AI$Rl0gMWNKf
zZHL2Zhu7I%V3iYibr+Rr%V&lfoR9zgozf7oPdU)iY2jFOnh-F!C}&U88Hx&Lahxv&
zezI7)3L?JNGv~LM`~)KH<FvAr+~1;d=D%nz$F>Ec#^SF`GiTX!YT)A$Vt(p`C7W7j
zKYHy~@D!b>p#9IX3f3soqviYT9e#1@7jGfweYj@F3ygJvzY6)W7~xZ|4c|U3J`7Ix
z!UiBu!EICTfIb1Xuqr-ksNyAVH~K`3?KQKg*7obfq)Wq?(U|1Zkxp*w@mfGIcbr$Z
z9~tBMx7&a8)yp~q%pI9t&n7Y4c9oYxTV#i-1L2~DLS?tIYoE65m=*-`>!2szPkrZ5
z{;Uz)CL}3L8rM&%-FSxs;g9*mu6x&730Ago-CR9cM{AeyRPK^Wd3xSm&m;EI11p>z
z&1!)>3_OTK%MBfWKEzv|U(Rq|fgO77t{KRtGEy-(UA<YEY<C+>H>@%(xMt^KX824~
zrzpAU;(c9T6E21DgM}8dhW47X@A+?B%6bpGPXNhkiJ8uL=AHb7wy|-xq@sK+{gdB2
z7q7pLrWFoLkbnn8@J6!F^x=mQ!OgQl79_v^RKJVe<(Bq{Ge~Is9pADisrx;}OS=Ol
zQ#QN0aq+$^E#xTu+c5%vM)B$O;Q$YATXo<qr(yKIm<i_fe!1rr(%Y<&_y^ohWV`Bm
z8G`a`Vm3*uZ(FIi*2*sEouK*BFk4_<EDn-+P8zOSS|B}qg**N8#Xy5_&5oUhfzTl1
z*QtyN(sdiCXZSl{nnq%H`Ev_y>m#&>cqRDTosr)4<9zF%Uw`lQsyt0SpZ$&({F`UD
ztXGSEuge6aMm!XK7hrU!vd3yV(<$uKLqDM!MVgOk_50zw;luS$P(om7ldYf}9MidL
zZCNv^6rF-{jotC@mwEv&B6+D@+WX|RR$n{DjL;E(Gt)2ceYPdoRN=%b=!Ell0(-Y3
zd8u&zRL|G4AwISw@ubWgyh%<iE0W81vPHn?n_|GNbCXc+nL$-|^O&n`TKDP)D}0p^
zx^kv05HzxPpe`U3ccfOl?vDRQhs@sUCob1q-J5%x8T!S9#jbnS^Vpw9O6cNQNBEJ`
z;@dv!UPNBplVCuYp%4R%Jluyijy=_<leYVr)2A=lKmPA@@A-1yHsH+X&<yFk^`>r!
ze4<WbJ&&95b(yeMa>D)D<aFF)d@Iw+z}KXet+A5J)I{fH&BNfX!dLwC_Sf5}UM!og
z_ojhEf<Xf6$J9<hJ_cure^|2C3JGL|yyQ$EjEar48dTt)?;n5x$!VB3waZUyc>6pf
zVrJl~yH;9T2H)EBFcjjuSQL-<uzJEIr?b9@b;{dP_^apVwAa$#aDi~|??bew3b6S*
zHR~uC<8Px<dH?10b;Qm7H)Q1$w_DLgWQc{6h_kkMEusdf&%>+9Om}bk&i16cCR($M
z(wa`5ycaAcxNeWtfT7!W-!PNx`oWcTZ`H(fBrAK&=8z>(EKoEm_je6-v}(eg_?Aw$
z#w_{U{j3-`so<BD0AVFN&=yo8G0W9Uuv!c@lIkA84{p%pv@RtFDFlSq-v4=bJ39pS
zDYPdic+jltwwNZg3yvc>C&UJtG6|B>ksW;c1BcQ>Dv31oz?}Lmih#nXT5I&3)M};J
z!u9Rd%<6?BkPWYSXz+#X>$mDFG-={=bz&6|<32V7SsSko0Upl+(?X&+{EM<1-b*;L
z1&IZMg@6Ty1%(Bj1)7CuvGg#f3|?`BTeMsJtO7s{pm9uXtOZ_uWm&EcKV{W_&!DD{
zQ4X9pmuXu2<8r4Q_*t1Dp4OWAE^t|O0KTkNDb4jkn5B?A|I6nF=I^P8td}Z=Qu=bq
zi~d|RQqe5m(=zaMaekq+gx`g$h1Z5tge%;2i0+UsgH-@UrmeqbC_c9ZXU!@Dqye&R
zQpa6^2iHm`w6`w=%a8iT+9TKX2#3@-p7;%clX_9V*8gG&rN5s8Ur2)`TpnQHEGk97
zI`4f~>&r+A*a~R9+(g;m4lQqFnm5njfrrU{RqgY}Hg!D9*+N-Dxvkl!Q=(G=lT(Lb
zhjfQ~huS*R+3Qn8Q<+nGlii28gtZJ~mcRegpa0=Cq5qPn#xR<ynB~aQkj3uFelz8r
zf$P~_wz&J}F(le1+a|)M#U{Zf-=@?i&Ze`hzbP)rrRldmra_{?8hZuD5eG$vN`}kC
z*9q?lj%s@fXSF}&hKdG!HQ7rjOJhsGQ!l6DzXK0dL3Q3C-YH+3{A*#HCObAdP%Hl|
z87^Z*t1Z<oQP>u?XmWH`q0?WMdGz_OtSLiKTJjoAKZ#U%Y5r?8ZQg1?5rpGj6wJF1
zPl0<IMv#7uLsNQ;LkqhmB8uGQ;w1jKrv6WUkBjra?T_=LOf0;&g?m2B1*q)10vOY$
zju#S%cd^KsvqMLnA*LH4f^Tk|fBd#%VD<A_e#dE~Wn?+RZ{&3ZZUA+UXYYA{_2n*t
z;+?8hwUnd|WgA@0fAg*;L8piypAlchimH=^YmHc&6A%40>Cf=X_}4&fXo(A={3d#A
z2MNA6pKf)BlTKirQRdanM+=Z2z7O{itdzXO9mzJV%Hz)GG2!;s`UmTi<6mjax5<rW
z8|GK3rCNKqbBJ>|cgUlYD}Pryg*Vk+u6~1mgKn6n|FhibH|IB7(W$?7SDAwFF9{eN
zZzGY@Syq!ca(jFuGSaSjHosBBt{wy<Nr}i*94N&`cz1BDK*WUe2@~;PT;BNVcreZg
zsZl(KO!+m&9@zlih>KNg^4<GN$KlfQa6K*;{pIWiDXbs&eg(B8f?uk>oR|TXbRf$~
zFtQ(pd*WMWavU|=j0A!oW<g-8FYF0ZT+qsnou_%PT;5R4yU6=G(<^VP_7KVB6Z5sp
zao51*D=}pBc`ov6C0Cdj3WOe%_H*f17dm-3=IYC1aO_^R=ptpp;AVa4*W;>3{-*=!
ziB0y?X=(KV6BvzGbb$lkrTCl~se(wm%)T|d*;EH}aW9YJJ^BJ<KiYkA9;!Q2P<z7<
z|10{9ss2r_7&F_Y%wh)UthHb21*=!OyFQ!~N5hEc^?&+F{t-8Qp2c+iws_9-_V$Gb
zLXM-S=R;g44&F{y$rT|p|73@L)|AeLnuSWNRS{%)tK0Yd=YxIuV+yHV!85~VDyprM
z@M%Ws9VuDc{9M)z>DD#+UH#7RT5Y#|*C7aPA_wcs9{vojh6P1&rhyggJ4sieK}Fah
z`%3ocQ;v^CF(stBO%(5`P)ZUF!f-`%<un^?Rzs~8_XhslGaXbda15q~5-vL_-_;J~
z)B1%9CU}QG+_A;H6Ez>E8p_s8gyi#IF^jQ<Er(L!O7?FaDZNoN-^1<`UZGs6Sfb3N
z>;$^uwZRx;Tv$-@hi(ZNWJ}xk*l+h1YoYp)`euz|Y&&vGK4bG^?Okv#=E<rtIR0V1
zndWu>-)CT&-`MRrN3}x-o~Ro2q=Ha5z%cD3U9z<fpY*~4`VbZ~!=4;{Q*udMCDGon
zXX?JTqilStLu`&{Ax@xbNOYllM6$n$+QwY@w=L+jwM@m-gBWD?&I|ZtiXO>y+&MNN
zn^k{0d-lmp*N*|Xjs1-1=+ZyHq2Gpp*1AoQ-?ko;qux@Utsm9%;gf@2D2$2ugD6ac
zcMwkmpUNs*ETJ|({6*s6b_4O(++nq9;2fn5*WW~$DdxraffLH%j2JMy&>$aKRni3h
zd-#FKmEoO%DUrqFi|kAAZn;l4`u|u1!~2A-9wLYZz?8bfE~$TfB7}|g=D4LKe+JXi
zX%Jsm3<H80aaV6;3zwzX^Gvh<fMK?Sqnl;KP!u`+d(xp&G9+6(Bxh5f&Z_@kw2TH#
zPq#gY{!Q=%EX&@3=tpr$o%1fIN>)B3yR?YD)EO-qXRnJ8gk0K)C$g%K<|-XTXk0%c
zwPwcOP){-B3>a&6ePp7<5Vx$dKjPszvsq1^YN|u)F~O1?3wfX%)egApgc`Ur84mk&
zD~k!a?URqHI^FOuEjrZDnNlQ4o5pp%SKaf(-vh4CW{TfE<N0Xgd*Vi;vMmLgdCm4P
zeoH!9%~Bykxo_G29?$&%e3|NmTPni4;|igImyB%9LkQ-rjJEUqLbo;HQ@CSL{&T`3
zcHH?U&QWzs27>&!ueA7I*bEuvAymFA5aI2GeD|I*vE)hnY7DQYY9{=W!5w3Y;@J&#
z)N{(+hG4-U`#b#P1Pi4_EZo#pqiv0H1bE2b0kJoRBHYTGR8nORidbM6L+~3n2;>^$
zQSH_ISm%;~`&DlID}R!C!c3ob00tF}L_-i|Ylc|16X&%u6IO7X58-by#RN&V;xX4%
zOj9%oYu`MZ!G}f<yBp51p8+sFMmoB>%oD?r?rrM{IWE5o6#>g`sa6z*&%BqBIqxCj
zJQ%gF#CN?zS(32A6oLQtRh2{)t)IV@q_o8~E1rM0&8hzx%_`=UJ3GqJwdAE?K?Mvo
z$mG;YxNmKEv9b?Bo_L3WN>a~+zwU`ahMZT!1)sAcOp>|63Ky^l0rlq3W+SRL{W7^t
z?;e!$egikrL1#MxAXCmb)7#M3bF{Wj6b{K4pYx~|{)?)|fR8^tBKLxPL$>#7k~zNQ
z<=V&|MB+j7v>s*(4A;NL(X}L9i?Of&wnKQrSbB+7S$mLSEj3NZ;`5hWzCM^kORzFK
z@ejpd^VRonJ;!?ji50QJNK1sLZ*pCxz({tDVX+GwhI@_kBqa$9r^~9zCDV|6t^wOb
zX58KhRnv#)J_C}3A1>G<I~BgH@O5EWUNK_+q82oGFS09*(upOPTvmB@MM<V&ca)E?
zD}!_j280im1a`Ibl6|Hj;+5n}%5&3}D?G<SZt!2aQvx1D);tHfBMshZ9yzXp7VUnh
zk>jQ3r3tj)^+TVUR}}R*b(+4c2%|`#iYi(hF`vD_JgFaxwkwcHP2n%Dq}TkkDb6&K
zc_H+bJmI5me&c3n9yYpXix+bwJe%CLYq_DG(YF30+eLLpvaR@q5A`h!2qy@RXmQ&1
zzpCC=Nb%{*ZV<*3v>P~7UCBeq<>OK2TW#Wu6Yw@54v}qeLxwmdo9&s-R=P+(X9t(v
zX4*Ke6Rxa=R!D>+)Q!oCN@}$eu*I!&>%G(Kvdv5@r!-H6o&5U&hLrmvIuTaDE#arD
zzR`L-rvMP}LxRzq=q!4PfQTE>c0@nWuFp&tdyynKQ!`0<+sq;nZRaLLEOUdXYQ4H9
zu;*_izJ@lUn!~@L2ht_|Duy|IV)=bf|FUo5mhZ1F9JeYATPPN1AR3nv5)5H2#UY;H
zD+`YH<@?aavQLaWR04hVea0UKa}!DKk>+FamC3%cANQiYAsb^!gsS#zxuLl3<Y@Ss
z+6Ni*{KtDp3Nan_Y>O1@4=3Tb82Lxeq4O_D<48F-2)Q|Ax|ZraQEzv&cVU73G$>xR
z>gT8&Fz10n)7IcY<w~-&r{IR?nm|teSleaNZ|>;2hQv>kgg<!jNbQ<g(Sc$*slyLw
zN|@&UpyzwSG#N&z5Xj2D0WTy2#+0nuZ=dZRv8r~862lXVF;G1c#^u{4`#T#9M|mgM
z93<++*v~evul*oCc~(dr;QoNJK>_2+@&n<ZW(}EhptGEY%@;w`oF*yj!sLwlZ*)Rb
zqZ9egi(D%Ki37)d(KirQX6d24wSaho=O-ZP3*qCpm3CwoIIjM!TfzI)?#U;xR2}@K
ztk?N4<*msyc*q^JyQO=;=mytDx-sYj-7o8nzb-_WD&DTZc>i3J2Xd2HJlAgj=oM|z
zdczO3#O_F!u|22A>*lyZ_0p-AO<)DX;6UiIAW1ZLMtMZG#EAE<L?3Bwy{SeWISihM
z60{5|?f>oS(ga@dfQ$lNFonXuG|DO>`_^<D;NowpvO;@$Kea3UZykKv&A6`gW1bBt
zZ=-h<w-KDFG-6n99=GF*oc7&k)nu1ijSn*WVXiE>fiZkSgXWXZLPZ9kM$PxEH|8;_
z<6zkry2V0G;g4Q32=9gdne2j6dJ1O|nB-})$>kg2*b`yw&;Q7_%>d$9aL4o~ZFdrE
z+BNiD#PxONI0{*l(SIY@Cvx-O4Exg^_T;mYXs__R-mU=D|9|hSuODsyx_bmgcY3Va
zz3HO;O=R&6*_VwsoIqcZ1w<8k^*+`1{AZji3~qaPTc}uek40kKb?!Z~mkqahT0*P^
z%L7%Rh^W-d6#S!wJLi%$9`BSvqA}LQxD-6Yfs;!e{K+7^FnZRkE|{vhh`Z1<c(g)~
z6yrWt&>dlIgpy5aD=Oo1(1amY9RX{u0vk=t>?tMEPHAi8?n!ZH?DB`%7b_OU0>YvB
zmf5P1x0#0Bw{UNMcpL#N9ACWsWntK~4+Q8_SXL%oL(D?83k7@T;2Hp=27D{S;{;<!
zHAe_LNCx<({#aPTvLFGgBC^cAf!#Z*Mo_!s32sSsM~V6Y6sM*U5rqRe)IFayTKcBz
z+rQEFXvY9>7L2bbS@+n<ZL`^Le`r{lJbWZA_dhgBTY71s&%S%6@$+iaFkX@hULvT3
zbAOhh@$7GGfPtF9Ogxin3xP`?{b47XUc^_utFwp3`RewO?L&KWX4zNQA}~w=(w5_~
z4dw4-ACcpiaB;iY!DQ|JH1l)D+vU=!Fh3vcs2d;FYo$Qamna*KRyFWcGZ*IQnn7Kj
z&<<9@lhqlMF;`D@K@~L425uVgQMZ|Wamz0_hZh`^i<t(3=u23ooy(1O=X-cOeq5vB
zusx!c$f6UvrfT^0IsLA*oC0BfSOPnu^MJ+H(jJOCs-idA6R<)cN=<iID>GC5!3v2+
z*u(Wl6zT>YT+isq_r0NRjDQV=rR6uW!g`i*juGVGa6wOF|D2h%NDKWtas5rCEC>1|
zx@obP4DQyQ3+#P)S-?%P?<3FBz(h1Luoc(1Rsk#Mgnf5}40yqquT}{Tzo#=L=~45*
zTYHIr<i76Zj{8UaZgTvOid&TDSggX)W6C}+ENCJSpK7143DfMS_juJgx%#(J?6lq(
zcj5>?swB_Vq-_qmTl_e5CEpV|YvkVTo3<^s`7xOq`S`m%1IYptxb^~Y*(>greypD#
zLPZdY_!FmkTSX(S+#;}0<6sx?`{s1EH&m$P>k}(z0_t2>{iEhMeNcw;kt~l(a|=}M
zQTT{`iDthOaOHWx|B7`Lo_+kB)<Jl(Ec3@I`bQ>DoYAlzj<BCR@TbkI)~nX<*wJQU
zk?~8>d%B!|&^pe^&MZ?n(J|upK>Hny$BkN1EGV2r?P)=%SenLZM`0;f;ZDYJW9ZP)
zP>N17!ns-T^N+`M5eWP>?|a7RRXqr$@MuBgE^+;ayKvQ8pn*g;d(@5iQCOnl^daOu
zWd^6?eJW7sKTCL3K$y=ii)i73cVQUtlTUrIc(5FrPw89lRcE{xC5bHKmIOf;@#|fP
z=iiM~pT8--CxF6@mfoYZ&Wlds!j#9Ll@LM+EJ2I!JyCxAH#I2_xK3vBQ_R0T@zi;o
z`WNs?n9^JHot)g~4JImBJ5)aSNPD14ESVe8?d4l8TFNG8_*{ZW1U~jG3kyd60JkNw
zQGpMbK%V>*V~VYDm|criU$wjG8|n0f*&xfAL*8Z3kR1aAetx;57%I4x75m~TR+DgK
zHw+76BT$%9{-f}}eSAan0_a$y#K$y6J)&c(0m^^I)}4#`##ks`^?HopoESFce(Zqd
zzcy&aATgSOf$*fgec3?NKfoEmBT<$d$BnswP8d&c<D3Vcxq;^UTkN=+?J9LGhZ5W(
z=|5sGv3D7{S2IJn-}Qm<zA0_7Cz-S*yIrbBPCd`!SImp51l6B0qc{FsS4wvgQ1u(X
zpuCt(cIes$k~IS;yHX4PYV;XNAmujqLATEvbZg@Y*nyv>hmd<eaUMkr9Wy6MrDE*)
zQ5^N~0?WAU{E}fhw{C!X?*N51f*gcon+zlh8z&{fY1P|SH%cJss}_(BtJ(O6-zvH=
z0%5t-(a}qwl-<!a(E>Nx2jn~n!dc!q)V<J+Doo<R;I-Djcddg6Kxob$pE+s0jz4WJ
z4Z`IQjx~6roLG}AK6H@f^c8<5<5z?@rxtca6N7-Tf@Cz3k%ATG=)Gfi|M^kWb|(^i
zXvPIY_@wEMC7>MpdQhL$?L3VjR49s@z<Y*q_cPy>;4xQN%@y*M;Ue42MR*t95^4Ws
z(IExss7Us1%}#QMt7NaAE7WS+VcT<C*)}1=pe-_oyrHkgQzi(d3+|<e^~M!rdUq8|
zvzhP(z2FIEAAjTg6Icpkt0X@z2aB5RzGC~ld%M;BVP^Zap*(Dw{Yq@Hw|aad(toil
zHYYn-vR~UEnJWY<#0;(%OAT%RG#Mk=HAL};sH=^;ZS=jA*`wrHen6ha--q|*)zdC;
zfbH};V<f*)8a+Km<VP%R@{pVo^YUymu`F(?F=IPELo2<KOPQCaisfgQF%J56FqhS5
zt3z>cx9JhEr+2b`^m5_o0r~><^Ytz8UNQ~H?_T~$9-b!ywmdcY&lJn?v#3dtn!i&b
z3CZ>nL3rKJoL`Owl9rk&Q(s%K4gMljgz>$6{b5W%??wv{Wvy4&d%7k{xZ&}IsU_R-
zOO+G_EkC71so@I>K|MokB^A8kAxZtlCl;nWe=a}WQZSRs0Q34AYDmAu8mNwdn5=%M
z@d)nt+H?M3DsET$++&QY`Uz_%_MlI$0o50O8Nzpk0gCDmw-1~kOpdd#iGm8V__ttt
zlvQ>;Z(+6*-hxoeA}p*8+X`o2Nhu-pusf8rQA<{}cF!qeg|w32!e5<&T>93@hzBnl
zpm2?joSpL*RjHuh9YFBUn<nc~i}HUk1X=ce9Qs7$;Y-q2f}i;X3rd1NJ^i9aP)&b^
z-H(A8Zel6v=8Fc>>RN~}Ltaac8ttbP>Q9J^3wKttaCR@x?)BjL0+(m(K>6m)#F}d-
zdRQ?(J27x>9$dxtwW23kSL$Q8*fh$hD+V>pKnvmVCX)%tA(=R>*Y?AXB0^HZT9(KA
zmXj88TrhmG(&;5Kxq3b9o^myL%Tkh9>qx3{;D1+i_qjWsY=)AsI2s~R28Ew0Ldb67
z3=S<4-DlZDfpGhBHHLhkTyBV!eYd)`5znFiRJZ*(oVvoPm)xh->95q!qT<rD<*ZVd
zm(iE~ELR&Olp=#SiPXxp&p*Gx-QPK$EtTpc=n#y`?_Wkz_2Rm~CLQUeeU>r3T$a+e
z?St6%BJQ$E$|P+bVfJqspg|vAkj?=g^7N`Yx#zfS4=x}qsbIvQps0A|O3VKBKHj&2
zh$+LXi6W7&twZ?(21vQXZ;6PSFpKbVRhZ6yLV`A>wpcfaoOR9vP)D|WB;W(Wf@+zu
zdNA%IBrrSz8$@}p5RN5LFA!2^WZ?{Gx51)oeUt)n-dC3_`cvGyX1L^7E{K^Sl}FRG
zHF^^JW#*VqF4xOwytM!FA~q15W0_4tjgf07XoO&m6u8EaizSf@_xcdFU(Da1mQyFq
z;wF2;Ddup2*iT=Rod(`)d<O$Z4Z^AwQ^?x*L@M`zAA>78BWlsiF9|+U1z3S>pdgds
zlc*!w(%2vMMFZP+N^SgIP=YE3g=fDv9ViK&*uJ9KAdn+pl^e+$fbi2AW(6}txN;C@
za=2Gx7|B}zr=8<xu^@j7PWM_RYi1EwIDj3Cxh2zLmAS|_D{Kh?2G1R=B#(~Aqh6&F
zW54++D6wbiDxQaI=1OHp$*StgZiyEc*r6biuZ34QHa6INfC^zzv}^t{H9Ql%yxq-I
z@I^Sv1Zq94+(kF2VWbn*z$8i`*}qEP^hD^9(TR5X^_q{%FHpVqtFQr)A8kLuri+L7
zL!e&*O_Ru8L8ddlM}}zbJ~XxEziyd|55zov<l%0%0&&e5W_mXYmZ$M^N9KB;Y~Alj
zqar=jtoRuwV??VBcmww!P1=#_VFhaexu8M$GSqgW%P=7)rPFYAl3pTyqlgQZ;`|6V
z#$L|mABBhz9ci1VpxHHLVp3GB%>F=g#7CBio4i<=miU9sz>=<dz06`3QpW`M@d^-a
zNpUUhf@yIJkzf8wl;fZVtv^E}FsPnfBlYi5Ht{;puROuDFtnwJh3meU;Mkj)IOg}C
zP+JkKWJkEb{2vfuTA?dJ?UL}uK$@mzsy&MXWZ6|ntx)n$trB<LqOTGm##6#SG$zL@
z)^e)QC)N+D;tb12lt1J~t@lshR+nk3cO2Ues2L<TbuBOBk+j2K*qs?!flHbR&0S%N
z2ArYBF_Pg_Y@$TwF+C?iw-jjY#9b!I?A}4ce?4`0RwtC3N`A7&xD%$l=smLZq8h1*
zf7QQl>iBx!v?8k3e<;(zY#kXDd9|cv!X%*mEm9+et18T6`G*))hT1kwY>$wP1Z>dh
z=Wrq`bf&!AS{ob10=Kmedx7@EmvrHov5bHa<<yQ}k=qsbkf|o7{8wJeVr`9|*a=U{
z7sk^T?MI<yed98xQ>mCTlt_f$_x&D)XI`Lyd>9X*keR7z_6d~f57+Rq&&SMS#_1`Q
z#<WoUjsSJy#HbgteVIqE4kW1hv1H`PlRFsAsL;i!0mfGuG}?zS@CE+KxY(nAxtIkj
z_s_tUy1p)aZcz*RK4!8}KLnY7wv$B0gcMS1|B5&niKw?jMeP$Q2JehG^`)VAw%`6M
z#qS_2Kgkii$SGepPQzs>Q+O!<Bl08sZ5GZ^asA~txJT3#j19~QYfu)ESwBHxR2S*q
zDonwT!$9BDa8m(`cFLz*YOZiG3?3+|hvbz>1FU~{#rY-^u)9};wzHxS7@Q!7DPJ@e
z0j%#;nC;rBPX}!fo_)FxZT<e{Uz~Zbhrw%!D{)#+dPej^an?|wQbqO#W8^y$yJFbp
z>*MyxgGD&oYgY8g7M}b)T_m8BuYawLw&Xldk&U)0qaUt`lOJX>{1x4e?U6g$pfjjk
zZ4iLe|3>I5H7Sc|CG}S60qWLYp$eT619@BgJJJuFMYcLr0%z?KGYuX}`#$2vN4@z^
zc8Jk7Q{Lmv#ftB`$ksQt5n4{*y#z)PU&xsaElquLjVPQkPlJDtuJ{$z6IVRSi3V+7
zBUpy`SUN~PY}?UU>;KX`_Qn--4GoH<_TN~au{M5S9C9q46~>yvH=dXoJlWnf_q^SN
zZ6_7eK}ZS>mXai2K0$_RKK6IXwE0&evXA!7(1W78WCGpnLjIYntUT(ypxp9Vvltd4
zG;#td>K@6XK~DA?Xl=Wnj$d;k#gCsl$wY;8h;vG)S>fo|h_}+ss=j<(6kaK<&qWM^
zpAOloPe}IT<9DLD9Q>Q27vEjlG>c|H1o26eEInw5347JCfAKbh2}I5MWH}k1LqdsC
z_*R)ra6yS3FfQ)`Aola+_U}f1CI_v=Tu8YQ-Rf&AyvTklQcUpBY%$&sllkh?`9sCL
zFd>g5^yT{WuQ7HDb9mrTz0{uGG~e-QJ<C#lqn5=!t|W?O{WSo4wOR<pDw%+0qgMuW
z&s|c>^T2Irvcl(x4@Qun)niJ1puPyuggR*cf83~_Op|(`4edk_GW&Ccc8XilA>#qN
ze$iPG(lgAhC{s4~O)cVLNsr0pe3T^xv&l8#B;Co+9I|FLLH4j&D9<F@x>pvnRK>l!
zZ(WEXt$lEZl)P6l-Z}@#aE%R;@VS1;rvvk5r%%-W!$kt+fRV8VKWxe#_`Nw19A4gq
zO~l-$t9TIi$V_3e07?)x$ycnW;aR!>*&s}>2qDSASL01&apy&5d-ak#HSFqAY@`be
z^$?+8is~?*u&KEY1P_7RU#OG_?>~Y7!0+KN%rEBqG{y`%a2ZzHcDU9<$`*F*&3#@C
z49+iXZ}3k}9r(2~q0#haQ6Kn5T7Oc~2iQ8mC;#3LM`)8^GwLJRh+-C0OAVf-lpQr_
z0Qs|Kewg@Ehr_nwHu>@EFW77$*=9nBgfT^SAIR-zgefR3x$x#KK4Xv(^Ip67TJJl;
zEsHs9G!Ne|HD7w*Q|UlQXMofhEK&8P`TkD-@g41%C$-gO8(hE1td$zcHC9UqW#_s)
zBeRZ7D_R@8AjomKp5Bi7nJwb4^^jyd`pySWO)Lp6CBPpKLghpuBaTI*HyB+!5<g(?
zZ81}c1<XvouPjt5h;?qNwRt@v78`LS-3|01@>}cUyQVM3F|3%l9PuatN+dAt7{uZx
zh+w`F&rKk)e-2ug;r|w1Tr1Pcd%JqPj#fJwzO$9w`2%C;Jl-|t^bcx*Z90RW0?j2x
zh3t*v)leyKP^)@D3IE7V8o3x&%xH58bap1S#}SR+WcG>B8Uf3$&&v(-kP_z?O|%r6
zpG*nw^&%~a2X8P-;BX}5x~oM0>SZW32ru``*GDDkdPH9tEfs!s9-m)-Gm#4tCP(>_
zp}v%sB!P5h1=<1=VEPs!4>mv7>OawE8(8fEhGbHvn0`d;NHU2b#%Q(R;$;;3*r%-`
zVeFqiPe0AI@w-#|Fzq*Y@M=+#J!hXV#nL0*;EtW7>Y|sp_wA^Yu12YwZki<#f8P@c
z=cERY*~$ppOO&0m`^Xk>@)C^%K!G&NFwI3{Az~;Qy{NKA5p{6gut%i=3dh#65^#+D
z1?GH+HOQE<P9h`RFdj%CPq*Q;29i&H6o%S6Oqg$aA<dyF6Q4U|ZwUA&`p~iY4kGOZ
zX3=9fhs`XAX4py~^xQZF0f<)Euciicb#(uAA9rGtBf0wS7Gp{;$T)9!XhLfYO@1%M
z1=*97G3uJZ3x1U=orYRP9%b`JUSZ6#6RnaU1uA=`>{qOGR?l_F8lG?1c++0x!3HWl
zlE+<}6&6~J3gee{M>n2lm=>F6P2e2cQJ*3zaaADJ34HP(c~pu$++{*;$JOALwKr2k
zd63mc6;z}qB7g)Ef92KXz*|1Snla%XcpYenTgiCfqwg)V&R?l4DM`5mHxl4>PIAzC
zqGX1@;-tu8^)bS#IZ0ySoNKiy!>6#Y;&?_{E!CDloCOK!^5BFypW62Ibqc-{!sYIs
zWJiy@CW}Uwr6rguC3E%j;!%!BQ)0Yg%2~nP9u&3zSh}7)i)_7~U5q#|D6R$Qb4g<H
zyfJ1?xDpQrS%(&m;aM-;oAgP@p`2o3_AA>AN}yu>bgwnESCe@=i|Q$#UGg!=R0v79
z!uBv{6LY=Zqmq+V*!uLba;5+CM-TQ2YDQJRw`U`lM@oPJ2p+7pt7~YTyKVroZgfCO
z3_En!XWTYKY1jxi&2Gp>4~keS?|-XxJi;BxBC<*(E9OE73cL2Y<KO`oywwcP+u{@$
z(v=QK>)6p&<6y+ZFAx-fWhnGRj%!it7=nITmMK5}MD3m~T4vQ(NI6$(Fpi&$ClWS}
zM5SBEupG8|(SD_%IK#PKLUht01d`H;5$JTCy49ytJ0stp(XT(n^kxp{)@Ha`=zN`<
zsIT7jBQC%#ELI0qt9xk7xVjvSCVMlPhl%vPNsuP=sQtwPy_D&zW$!8X3J!R1-*R9>
zQDlrVGfH$nf4$bT#v~3~lAG+1IPAnChdUhbgsWNZHYaItH>dmR@}(hBYjrC<$Kl3;
z<@-VuDAxFeUWlkYCk{A0Y#0qBaVNvw7_JLbuoWlat33w~fAO3)_s&2OX!^XzIXG&*
ziZUdgIITpvw%pfSglJogs2t%C;=Ux4!AKL;N?olPS974MANx8wTQSf?vmaGd7?E=M
zG0J>GDp~I{T?sUR<QUiC=BEdLI{iu8N#OLvefV{xw_d(?aON~_!k!0GoTWm`u3h3g
z71mQ$`TH&#yQb#n4Pmq$EpUdc9TFhYpQb=FEKSAaPdg`9n66=<Xf(mJQ~DT~Y)`(=
znp`ba$5^<K$T(s5ueOKi){{n(p^z#~<Iu<tW1lZsBZj?q*y@=x#kD;|!axGU{&jND
zr`dSuVVxas{1OLy?6O^P@1Rw<<Qno!J*P2P1>q2SvVmrhrQBr1kyDUTvVlEHXJX#3
zXo@A!{E{A*N2$$1&er*ns{5P7SCo1l6h<;y!Bn0f8z?j3XAdGFJa)2Xgio|Gfn2tF
zBw}$;OxaV*FS5Z*?5BH%6-8!Pg<p%SB0!Hh<i90Qp3#ln#Y@uRFh~BL_Co}32`1=4
zO3Brc%hJIlkZ)IerxO<RNz!$npeT>4Eb(*6*J=_xJobUOIht4ZEkGnpu?-Zguhe=W
z#%e)kTWjyg?eO~K-4~--)s~YK4dV;k3vu?tD+A5NeyGN9wxxH56QZ}H$&w*61j&kn
zhkRFR$3(JQsL;^(FFg^1iMo&m(jd+mKWH+J5LC(kxAK-di3a78Oc2CHz+gV7)tL65
zQ%P9A9Cr71vGSIqeu*okZN3l&gy!)D6M_k{n~jYhe<sN(y`n4ZqlxuY7|El)c$B%+
zi489IIkI#3;`sc#;Fe|8Cn%|WQG@<@npUzfRy%w^C)TCBL?`>#f{7QGK>27@?cH3S
z>3^A3bl#;$m0StPXJ{$qWR>g$rJ|LQcUno5CAy2#rUDU&^IwdFJG8l!D^ecG!h)z|
zdH&dL$Xut(`OI(XfOU_Uj#;#BnY-oczu5U_6jTK9$0}nBIWE=E2&nt*@5r6Z(jFAc
z<-l_-?~2O0{%&c{yVH+wTnN0S7FVtP=V1BkGlxAkMk!~ya(9)aO_2sW!+b5hPe(u{
zj6m7?vB0s477kfdE_2AZQSaYM#=phSRW#x<8d?FO7s`vNhzr%X=yydDx3CGA3T_yF
zI+1l1s7tcEf6I_6aRf>Q7ei#cM8y?k?E&6p1?dWK`<<$yy5|ciRB-DdCVd6wB7jP(
z=S6->%tSb*u;#vqZ9R(hhkujRecs!QZe(p_8{kH(BvT;#Bw+_CJ8T9bTS$vY+4q2v
zz)#Mw<z6RHW2{z!70fgE???e5|2`Dqy4QWYqC!jiTl+}1joo<K21Hyg>)?b!*84WA
z#Gmio9>Ns+w9N^9N#apuT~0hHv}N7RaT@6L*97k|e<HAjDw$(62<lTgKju9;p#J$}
z6s8eo(x=n#;MpyDhkl2I6f)@lf4F<AsJMcrZ8QlG+(K~o1cw0zCwOpo3-0b7+%34f
z4(=|&-6eQ%_rc{1dB1o4-_=?F)wwu}*+X@8b$8WM)xCOV_U;PhgCc<KfRTYQ@pI@3
z^g6~1#PXNyQr_T#+$)nO+nA{>=+O<e!F-OCjJ$gdITTJcxr>8|hz>as7IbqEr$niR
zZ~2b>z2;A=E}2B-o{}GU9B2d|qdrorsUXV2nD}0G_ieD))*IQoLN#Hoz??#%`cgk!
zpG;DFqO?KpBGi8{_%>5yQ_06gB=ruX+x`b-m3eApeg*ved;Fh~-NqXR*==~L4L7~7
zh+++oPwq6}S4z&i&B<4wP=kJeCFb1cD`IX3yWNqfa(5W@eVboa8CT~SBd<~0i-*q(
zbPtUsRb<2N2>_mx*hl|1iKpeZU7M?**Km;+b_`~P{;7KmqmMrGDLxVnE~TH8E_LH8
z0`rfbOGY~#+fs&KBnLE$S2}GSk29{buCfMtt6k20#((>SD<6X*Sv?lAzSWvCmls+&
zhSU%)gt`oK4aq<i1<nkKI|OlJq^pnXo7C5iac&#ZswSvN&%R5@p#n8SvS?R2gD_}<
zw>W%h?dh#Y%bU4TH;^(%9ZrbiE&A>_N2C$cUB1}zwRGJl^JlceEcH02ospe99q=&R
zA6^ZPf*#W(RUe~myufaDElWNZcOUk45Eg-Swrho5Zoc=Q*C7?5moVdLm>g$5;5*5&
zrk3X*Bh{>Rg_16}9sZ2vXBSBY-<uo`)ds%LU=vphz^mF?R<ngeML@ao&WDr4jV5jm
zB7~^Dm*EzDd)qP$0{o8ySgO&v`u%gYZRP!QdkJ}}%j;8zhgUQ(DmmtJANGb|#v4C#
ztZQsMDfwOjRI^lRAByN|1tTG<u~jrw%GY+eb>H+uRQk+e;|``-n_HY-9CUP~QouH$
zDYb%qj6Rmh_$E{QeIIXyHcWwIdeBf5FLlniK;4K<Z?Dc_X(_{DJa)^FQ$0UDd|X6d
zablKyVa4RM_Evfbw(qvKEJ;B`*$x!DPQt=M#9-*5(y&K)+#0*an!sYlzr%6ijKu7$
zbP>CoPlinXH8GMbT4VS)Y%w+6be*2!&n-{=7_+`|Z`1)tR7!uxj6&bZy*L423`OC_
zGRdg$k5%*dxH1c??{M<7a~ZAGkqw7&D%4HWa3*mt^ObC3@Q0Be-<{a5OVc0s(HDFH
z7wp}x#Qm<XQ`4X6qq7VCWND7NN7zD%Ho=oWiH%^@S&EFX*L|5DeyLp^RlFQJAuA1u
zG`GW7j^aUcn-ujbP#4$ZE>vb$kg^|e!I4cqe!XmXmE#8G+|*SmCV%9HA4g_|_L;Cx
zo>?*zs^lt>LB$L0)JyrxbCy44ArllQV2~j`&doZ`d6r%TOqU#|bf0P7)XIVXg~uu%
zsGPi}fR35dILCH~mzpn8{OLNXMMqmUZf@+*I5n517=cxpvc#BGx}c<^P7tj4Y+6tb
z*_UgAf8hy(W|`O`R6ywF(B<+Nv(UpzHlRkc^3($7X)XrCTB@Wt&XioOEPOdW;HGHQ
zrWwze9&pTS!cK@#h%loxXFO+IrhXETW0Jlt*C+=paxa!Gj#ea}1<o!s17;a#CrWT1
zzVb{r)1FQ>-HiWfLeJb1CKn;Q1!0rPiWY*R5uIpewY9&nHcgr)7{rJE#c_yh4n<5$
z8ynN=UD3DxYcX2BtHNMTlZ>D>x?*g-<?7JdoDrVJJxZwcTZviuP9x6pS95-ep82^`
zVPVM-d|_fq-$L3_A$t;wlN4b`_lm{o&U9f%$pkR<W8r)1)SyDrb;G3;XD!i}e5Q5F
zmShI4c}F(wd#stB>ka!|&MSg-^Gx7`gWJr)^$tQ|*1-Vg7~(EW#~2d3fAcT5KW(Fp
zX{uu&tv?a0<o76XdMq46ZPq$_G{$APBg$itv_}=jRLSt^mTN3Fc20mHsZBiNnv_wO
z)DmNw1=g7{$BvOvCO}hSikb1{s&QgUU;UURAnlCVVU(c4U^lf{Yhe_4b+1!9Nw@88
z9IM_79y8embWC_!^X+}ymAs-{x9MQly@E0>Q6EN4#WaQivaYAvG{@eLdk#d7;nfBa
zvsjF2SnGEH*ROhZVXvToZ1`iM-o2LWY0WA3Q%{3qW3s!{GR(_k&fc@ftlZ6k_kW&7
z>Bop_gNXs1sk--e4om5~D!b{N1G33<aed{|4MV%sW0Y6ijnzZTMBs3_W&-Mgp=xEi
z^`XW&^8Dk+cgMA8H|jW#QXuGrZ_K3;G(y#-Z8WlWE0Zcf##z!?U$PvT92uoAvy`)e
zQpFa<w3sMh6mTI~PMsW{HiiUhfuekz>8Fz9uLi@5ygKvo1)GKGU&Sb;+!Qk_*f6C<
zXv}C*BpfqJENK+|#974eG9S#9hLwPG2Ok}Zn&TwWT1T}V^O~1eq(gU!98gyc4^vwj
zG{m3ValwscZj(IU8<QIf=@S5i(qb)hj_esFZEpQMLYPve;ss%aMF--IDLRGN$}DD7
zk=DQistlU6mqPwky^kpZ@rFUkq)L5AfS%$~Ts=`aHo$O1t|4G4qVUi-0#}G_)D@6<
z%4(AeEGbMerJB~>wYp-TV>wH9*|!GtNmYa0Q&U85lU>GIl?K{O*790*y{`CHE%+b_
z@OZCs?qd$qqDRFXvr<fU<)Lc3=&~QjsCO~kyFAVL3Sh_dYm@O(8Aq{a2R)5Ca{G-#
z)df*gc8odM1fD%`z?CKC8K47nO>RI*in<BN#G!UgW%+Y$x5~2E7?q}#W-@)la09ER
zRf5;3Wv%j!U2V@AKqE!_Ci5cTkJTA&`50eqbY`zhZzHqGn7X;ec-qzMxE2%k{#S=7
ztzHMl*XIPGq2hW>OY6Y&1{qDz>9Hf#!1MI;FC`AfbTI-&>cXh<p4XJ)TDJ4fKey}0
zh&7Dw|ES9ASaGiY_IOD%cpa;Lm5bucIlTdUq8CL-?82_7D218Jdznjpon7kC-M7~5
zM6If%1MDNGN&(Cmyd)$|G0Tg}>(Wpr;fHG~kB8v7V;5g~tG)DR^mV(cZI0g&%oynQ
zR_h*1-Xt3r2yhhkq4Y!8Xm9L(2%Gk1abXF$hnfCHnc%S>Wq_I289M4&U+j-TOZ`X}
zgv|zFNA)xF-Z&9F_C?hXc+XoCM444@*&X9QevCS(w%J@{bSC+_%r#qMbNqeedXYKt
z`6V($s(19Uw*ymn_k@Hc&Tp^{L)h3JE#<3#aN$Sv6fEKGRT46QUq~Cau%R(p?5%%@
zCz`OKGg>UFf5<32*`+*Mteb%FE-bn_gsq1b8|@z=RdscS!A*#s5*RZ23?#4l5;9mM
zAk2qIR>Ki8xF;aofkbwx97C%M8>{|F*w_p$#Yn&~5mG=G-cBPSTmOizjw!s|N<s$m
z4=IBut6>irY=N*LBM=L32a}Lxk&x+<D5{W=rMwyovwuYY^I6!?0WFqZK-e47u_9Wm
zm4I*qEczdGVM7zN*ew5$V-&I)>cNC|0Yh(ivRcNF(Mkcs8`#);`jEkH60%^w5CRl3
zdy0_3DH1Y#wAk{HK?cKNUmpP3fPY9j9GN{!$Y2QxSrMdwOlHpzGI&oyrY<1N0FB;^
zBfPDE7Q5~rqJ=_sDTWqHD<Ev|AF>UD9{REQ*O?eq)YD)ur?=r|JaGyK3Yh~EI;Ve#
zAvqc6udkObct$I(sq<kp9GY{jD*?oR8J>_JA5@xAZ+E<(K6LhyyL~n}x8O<DZ9MZs
zJs05X4ZepX-ZAh@mpvEf>nplP%Gz=8%&fipU~<(b$hLj<g;O(~{^rBXPNTy;sdva{
z;7(!hN+@^Sh;}o6U^DQx5JzT<HEhRGrm+(G!NKR!l>{{(4s}zt7)|!?SEY!gbI~wH
zrFJ<d9;5Hs9F27zd1?D=+lh8I&Lb_2O*<=^M#j#<*cXngKJ5xLuIzScb$|F?YAu2l
zUl(#cf5?kxO52rMkpkBeY~InHB~qWsK0h7xxAv`mI<2=BzvTi7bUcnPy<{EH&`1WZ
z=2|lYw}Z4#`kSh)(~p|b8)Gb1ep{ofX1X*xTl=4o6hzyf*&WICmha7z8!Vg4iD!;E
zxbpdog4~czE;V!p*00=Oe1YfvoncKp^joNRP)8R+_wB}+16P)9*fr&O?Dp$_jtDp6
zUXPxkEZ8O*82%QtMI>DzyacIUHnxRzK7!bSZvXHsyJz({Y-6PGth>J^TRAn5ub8%v
z@br2Zg}q8v`Y@yR9)Cjv9NYqH5uYjWEj#68>yveI^sZ@;i_lqriT?3=#*6IN#U_;8
zGHqMkv6+TW{cbb0%o@5@?ct3eU0}wVu~vY4omu|wY=-XPr}0cMYcO98_y^Hg5lmeS
zU!kmNY&lBSl>S3{M>gXD?ZeW1SV3Jx;taw=kP77KJ9|$tkQuVkw1$S*I^-TAD68zq
zx={8RtcNL;ge+5ht0Ka>IOnN}hW_K6_G`qGJY6&XXJguN0WRU-131D01ILy5tT@Lo
znHgLz$-Vuya#8FrX$;ep4;c(I#PLF^Uy?4rNZhkW63%HA6pJY%&MEK~5~-HYVwBdq
zE7Z$dDRYD4-8Je}36;d=#GO>MX91<4!@?GjiE`;-j(h2z5+k@RHOILmYtFh}>_oY<
z*y~WWUiY~WrP%*4hN~>9IPWl-t3swY?(p+K$;=^=$6*;)(Kv|CNx%pce)#J_TU*7a
zn7~P7r<4a%`Mv>qsOTg`8^tb}ZNQcexcAvRUegxedPLU2<FtF?ipe`6_zDh^Iqz@D
z6FlSQge$X8pY9da+NkE8*xE4v1^e1Kw=4D8W|kZ9>~H%M;@Ot28~^L>+R1!k=klSo
zLt`uV+jGXZCN7Pw1FJ_bo2L#wPPeU{&9E!}r=+)49=*JWL=Mrd)GKkPUvKL?`gxBs
z9VS}UPho(|?fW|RJ}!){K24mbn81ZGhdgWVV!7htilU>VM@J~HPVaC0#rTJ!E!E!N
zfm5hQg%9YfQox0;5Av&mjkD1Q15UKh0oLVNvsR9pt1|orS@S1Ou&YxqN0zU=2Cq&t
ztKeEL<=aVKutQ6dx6bXnmt*QFXvT?uRkt%6cF_k4Ea@IYR2ICS1eSXaBP!IL>jA^@
zDnw7?KCtm>bXE-PSG%VZRjyCk9KyTjdP{beQy;io8}f?C&dppqK38Pstj_?zk8fW>
z>>a_l=e(%-<YFJlf=%43U$lHkeIAv4%9HjB+*5QaRQGMJB_R3C3p!^&V7!cy1;`V&
z9_>1>*}(ls_qesP#(iS2%5&UWVdD{@d(m2f&wMMGs9p6n_x3;+?ERd^myLQT^iai@
z8+~Z-(8QM`d#LzO$Co#8=<v`sKAi+6<`UDLYUYv^bMi*&<9LAL)$}Re+mF81@)9sP
z3V-<Z!dv09f@lY|sS|;ZbE~kD-PCO-w5bz?k9RAvQq`oo739I_4%MF2Cb0IyCgipT
zIP1{|*@xbWx{|lc>jd4V0+&2i@wXzu{cdsXU)Pi%dzMv?g|xrzdt=vYx5jS7uC?u`
z?VM|3Yg#s$ja{1iUdLXW^p|{KzAG$`ERS_p+IE|E<u#WzbDPMdgYsMNb9VQ%wy`y=
zGcg;`ZCvBn^6AOBvs<SdY<tg|{8^LBH1|=)EraWyHIcJlx2-OJ9(zVEDqNd&W=Eps
zdP9rh#8$q4`4mMEK@dg|MG#65Nf1sDogR`Nksg*Fl^&WNnI4`VZ79MZTtkjco<!Cu
z#vt|*vMpR8Y)|eMyZ>5uOK2-kvE1t9UKpIyS~SG@o#kf$(JvgPpFh3{zz8sZ!o(El
zZEB$jGjno^{1Wz4zc<}MLzQ_if)jQ$_sgYB61>Z*$L-qf&D!nS*(-=xd2UrmHj7Jn
z{WhaC(>g~`h&5Y}6(Lfg$6N`IFj6BA^p~|wbkdYHS5!8yl6exxJc6|!4<oXqU&^4O
zdQ#22jCCFlKeD_qtY5~U(r%K&Je^gUZI1O%DrahQD!~|!bOn`cTxCk7diK{zx>>qu
zx<b%|qjlDJHLAfbb4a%1E|2UK!TobYF6HGTr$}8cRCD%z*}foyJUhKgK8?Z<rePcU
zcBy`tK0<TJpn_qnX8a!;#kCe8w<Cs~a*z1NQ(E>f?7v{+Nr}E%&>p?Z0h}X^R1<tJ
z;{%~;a1ET6v{bY}-8xbb+I-2mI$>;L)?)9mg;|m5kD%RLW6E@#=S>`MWE5`jk#P*=
zwEH%WDgwibkNX2Q7vK$(C5}@aGLK*;t&=xJUD%tt9=*JG2bHY55zf@vOZ;;A$3bmb
zdbXH)G?bp^T~ahi><Pw=-v|Cm$dh?j><*MnyhS|n`ZaaX<g@e+Ak6p@_n>+BK%KvG
zYJYQ{FSf_CbI`{@IGSjxNDQfiQ(q=pZIV3k8cxV@%Hq?*cy#P~qEb?cBo5@`6cs`t
z?o7m&6eg;Osud+`8hJbX=1AdSk73@vE9PVU-QM-y>UEam*Y&4|EIqXpp;sE4myC3?
zVvNeT;u-BdSVNK&PX8EyrX0IP<mfeEXUKUlmWA7UyFZ|FFihwLp7<pe*@P6;+o)^!
z_|gX--&>D+yN_=BY`AO@ZZ5ctmyZTj-K9=&=i(;r)HS#?kC!Hjpp<hLlCZ5u2S1dz
zK756d-+?;riQWd`!O!={7aaJ0ztA5v$?&^=fj_>g!O#0e{-9MtKZf?`7O?%C9#AUC
zmeV39WQ(QMG18E-zNaa#x-I;|SZ)26*iCg711#dtUv=jF@=jNn^X}Y5{f^-B9OmVd
z?x^nb=s<3XsVL|DMOKadJ+YfQD>l9Gh);M%=U?NTC;qPSoUWhnK{bhT{y0LkAtX_b
zW9=UugP;{KS_FWbFyb-7Z8_8w7{uRwyL(ZCx*Vr*jC-`Eap!xOKS9!Z9vFU^$-<Qg
z0`w%K8`1%O;R<={_cLP*85(~A1WFZw_G*)Hk#cz>FC0Gm{f-$`#G#EC5)3T)9Z09p
zM8h-49;h;ve4HEMlgjdfi`Sl^yh|G$3tRTy;@$4C#SNQUmCYjX$53Lm(T{@PyB{p(
zIOc?_<fRp)VPNMRm9dmm$5h4wQ%l`S3pR3Sl*;{EN|8&~v#Sq(9&*$vXDDX`j+Y{q
zN=}L>m$e{N7b6do3Ml(7kq8Z_7BN^(Uo4ot<DMNi$6hRVR`%%9saGivd^XpuXC#nY
zP+15fb9+WYDa9|v|4r)jlj|J{$bYWeR(Mrv6)CDzvskl>*(reQLlh`)R^C>SuskX#
z?vUY-gQGx3fx6pG8|m@y2keo)ZV?9GBb20OA}ubhtp|tazod{K+IR#rSK%vTOxC+#
zGyifkad}dEGhvXAVpucvuwt;)rnD2E*>sya!f4waK!;}CSQgj8ekaU*$mcE1DZJ?4
zf=S-?gemp=pfRku%x`5iP_8d^sm;!oLv@4aVk_2i1;x)}f??{n{pka#FuZz<$XN~N
zH+?n9`LKFpD>cmq1dD;CS`<ij?_L!nQ1#p&yfVPi?|DOQb>Msk_y?uRh<lBWErLuB
zE(hY?29MUya9el=A!aRKkS%gW4{{TH;|BYRZ>ufpX%CbuTy#7_fx?A`e5q@mE9i@2
zn_?T}m{q<nG%qeUU#C7(3Yp-=UoRkhbUYm(i1Sl3P|zPy7L(Kt_0&y;rDAI^C!7rh
zGuh?yQDw4H2?&#rCJTQG6pyZ>o+?J=HejK+NRIgKBGsSIC{9gfh=waQI>;o2#leNE
z5AU8WTV@-f@d>{QMpIw%EULtBs~)qu=K@dq_@J}`im)VV644!<+Pzasc^~#!oDBy-
z$WAKS->w(e+Yi1MhN{PKGmIRv^X@@!%WUdlSd`}304~bb+2WvJFmkPLON(VP&drV;
zlqs5U9nFGAv=%F~c7Lx_6<FfX=ZW;~kK7G+A{*f4>06GoiuEl9nfZq?hlP^S9cDu3
z3ii!lU~Z{d^T<13Gz|spVcCa=@HGa|QUtB2pAs<dFxV!Aa=Ik6hHALOy^>dp-Qb9%
z8yb_04<fnc7e;LLLfJjhO_8}{V-O3UgL<)<pQuU#IlR;E^eml{W<}{bWe-U*`6-;x
zXNdEnw;wwXSqM89?a$-rPff#5fDN<8=36F4;h&{wBaGr_$r3g41--DP9gDTim2A91
z80y3GoXv{0gJu~FtYI1v=rww*NK|G;xy|#ST#{O4OYKmbsZEnCOStQmB<aBgi4UZ&
zm_IzL;PN6q&K{DOJ7H`WEKoqJmk^L+{K++zik1acURDxpm5314L{0`pd0ZNy<~XDv
zIR*#m-Y}!RuV^xQ+Hv6c&@qDrPIg~}K=Gv{T78LuW{H8TPJ6aa+fn}3nT)`SFw<Q-
z+baL>lEX=8NbG&IFlt`q*ZoH`E%xeu97`y>O?Er(P)1RG+3#MbxVJ$R*+Do$zvStq
zsQl##KmS77egPYD*+0XuBt3XzfS-*G&yNfdPu^>qp)QJgbU80UIZqN*#oheW9z2#E
zv^KmoF+^qY<opxvSwSWyzm*(UTWoPWggMK?u#HmsDKkF1g^6S$W{aNr!#9dvxDr%S
zduZ_w+v*>uH9Bm<1Frbt1h&7tL?e&px^U8TxCiu3J13Y{S||^ZPpd}9z$v_r@CC8v
zgZBD$`3BHnfWewS*W1Fmf3}~{Gv4a1NNycRFBr&H3PXPLK=KaX>GUtV%cA-m4A)1R
z&5;jz<#Y5Z5GcqKOy_Xq7jooF+J)qC^ePg3`hpVrIr#bu%7G#QOFoC8u-#ztW(<5E
zDIiSf@+|B&8|K4|QZ<a`W>$F*Q<pEPP61TYPwH9Uccv&-=ZE?^u=#>MvkbUQSl&Tq
zcje7hXb5`9mVSiiv;+ZLi|k3&gr@@VZ2>IMKA7Z8K@pq=BOJ^Oi!B`+e)9`m4Yqkk
ztTkC$&VEaE$4E}5e_#%$YiMWljF9eTSg;OfSWxgLS%}0kwWz+4YfuRqXiy0-(R+~Q
z4I3c@Oxd$rP$dl`mvPbqYq0FUb|_xi58;)-G%L}|S(r9!(@)z6YeXmRn0sk>%i&Mf
z2wHtfD%OcG{qqfV|MvQwiSP&BZMTn&TFlX+4N3J-o9{J3z0j;?_17?Yn4{k_jvBmo
zf?nG7cjLL!&wN+UBpdMVehn3_w~ZQFZw(Rr!C!@~j|VeVZw)rpAoC+VQx-Bka~4!i
zvPo@!fPjZI)B4~rfcR{7AE)lK2isCfuV*VB_~TOXuQOwXqaQB<<^64f<&rpc$aB#x
z@9p~K=g{vPurH6%Si+=8W(Emret!PtWQc#csAr$5)j#-(9(5vn<hB?$T3yMlr~9i5
z`%uru93dwpX3ErsOr!d<rUiS$B#VZ#pP+_w&`#a)2U^oVm@3mOSSnL2C@M27ALk)B
z&QG(vpPyopw<1q6%`4Z+O;CowWF<C2Xzrnr2qHAS7dZJof>0l)mD{Im_UD~_@$0Vq
z#E!zm4&+^NVyuWy^P88-xAvwOcWZR;ivD3UWexvqe_fxnX?WT+7BG+AT1Ioluc3+3
z%8qtvbH1+6_X`-V9i%Bx?Kc^V;(jU1x=no_H0^O{fhN1XDGQMQA@P`sdqTc@=`v#S
zKAf@s)L!;iHTH$!#}iuCB-O!h#OPr^;rm&?#fIeEkvXJt;=)>yA}k4UhXkBzaT{js
zM_>Jx;@=fBrUPg*YgP+ai+VC9h7<Q9^e!}Op#Y;tb}pMBUsX50t9Ax91}~3151(v#
zZ{0Y+_A11pW9BLtiX;@1mo_(Q;oe4hOe8oEHz5$|MZZEGN|W6wx|q4geUjn}&+4<;
z0A8lujXhy`({@I#kDqNYUMAhsKC!)g^a=0mS>GZ)kG}i#^7U0~5`EUM0&@O42^^ll
z=j(t}KhOqM6C#lxg(-||x8ymNC$w%(;s*6B)*+lzpu1nEoUSPe>t{Up_k!7zYH*)m
z<jKQwb4)4l!fkpR^;1kKHNr3P4B7C&=y(U!#RP&eGww|7G4(UdxfsbgI8$c(s}p3A
z>({1Ag|d4($e%%&pwJxi0&`4e1uG>h3aU~C<*$eA5y~Mc1fcAW=HIJS<MzFN=EijP
zE`$+(7UI4|G%&_s;n?Yt(SLObRyak;TUiaWcd-~=wff=`tauugy|S8U??SP2`ek_a
z<PLRk=>*2h@K9}dR_LoDDz<b?iCAui=J#vei~Y{M?#@2hEZ*L!d5StVCo^umY3I7!
zlYL=&m%PMBg%M4~5%OZu&<C9R>T78qH5-|2x7Bz0n$54T9oVmKK2M7-=SUyxiqMu6
zKhO5i9LmN%C`LahW<AXOe3*%Om<f59Nq(3Kc$kTQn2C6pNq?B}dzkt3Y%E&Fr_DPN
zmQbN1+<tG?J8Y17qbT_Jb<%ry(!2ETy7L1_^}uILKEYGKcY-{F43-e4j=Hvv`e-t<
z>;<RqH^3G7jIZQ9RDXQ6J^`+Y2!K6G`bTTExTS6bG55DRY{I@$eWxk)vac<nkQ)lF
zvAjh1tE1Fp%NW@|L-qFSD^}OyFj9rB_8BsZ9FyN*z=rtu>TSX?D-zH~VN-|2^?u!C
zwF^q79LL%V;nc54W@JFa4h!!q(9dZS)S|DzTnNYS8{1T|3vSYUI~VgdTx65<BE(gS
zhcxrkM95w*;wI$<B*n5P4Ij2{Smo<p#pP@B-sS5gZxYg!*jUyeUg%lO75-C!$FLoR
zAnM$Xgv&e7j)xK7s`3@;S?s+%F><E=g$b8W=pX)5cme1Kf-9EuU-7w+)7_rVF?^dC
zBh1ExSx!=-q<Hj|X>!-(+@y~@#B~Nr)6ePFsXF<o+~z>`zZM2N(mwbk`R!oV*(fX$
z$F-%ZaOTka{E9*C5I4PQEP1~DbU6To*F0FBO)0EgzUY)(Wdh&D#Xq$7`rNUTT6m?=
zc_$HcNM{{Cy0%{<y#jz2)D9TmDoA|hg(_^qXt@3OV0W%&WVfkvBB<krkRrS<hxBVc
zY-Q0KV&5Z^XUA>xG-L@cxWCS=oUIS{yktDJUJ(<Uh(XgC589!cQ4D+-bSh+Zk6GY&
zm(Cnz9CK1+;Pr8|*Bxun=4`xsFx(e>F6{k*j;F_UhtmtTpVl=Jtl%oic||zC-UC~v
z%5;hU9Y-|OE6PYoZ9#9lsPGc0e?20oV?rpa8z+s~FrwP}ce4Jfls7-@Whv%-Ij%<;
zHxo`Xv&>~0e~dv!_37`XAMI3%7)KQmw6W`^n?X)4qTU#?>~WD`&QXH038P(oUa_eF
zzP@@~`7f!pqL&VvYIRBVhW^{s_%+fYepbW%gA)hFaaC(V-n2~i;CE%H@mV;1kl*Ok
zh{sOJF7cyW47{T8V%5ifd>$$W9o$f4FH2%4WLno4!@nO>Ko)IJHG-Uiv7YxQ7`!f5
z;%6GpCFE;f<0tAGGVC6qGZ)=ySD2~y{kTYX*L#lS8ylP)@`nU(0R$!gcmFM3yAc0}
z|G#)j{+?}uK{V*u641q;-j@ph{QnQReRU<!!9(9$14!(5WUP*eXQ5jzcGMOH5^9&e
zC!_-Qu%NlH{diZ`mJiam2t(-qMX3-G1}gbLX*jF@Ed`&UK2eMIq<XxO&{{gl;V_oz
zljOs%&(KrQzoL9DFJ-)jI;Mx>``KtBQnv%3M>7p)PO$hX`aG(sE*!0cLet`NMiW>*
z8#rJhF(F|a*tycQ9}A0L?U4EQjo=Db%1o)0u;?!ZSwvDmxd~bIiu7HdWX`r~x=YxU
zcTfy-J4HAyQS?$5T}Le}Nz7jojSuD<DQIa(tjG5{wsytW&BoUyUsF7xiVf-TRWQ|*
zdGhdeGw_sX+VFt1L0zK1%2Px^a}pXuikFwy*P;E=jN*?*ig?VIHqGpjy(0r|<VGV^
zDpq_xS{KyBNi1DC_Gv>l(Zk=Gx}OQ+-hY$eI>s^IaCE3U)X*210UIx;XdXdN6q$j8
zTcSC!Qybmov&GB=qi$M?*iHMIS7q{!Cz>mX!3HT4CALQn_!`SWgwiWdws~Fg+%8%j
zuA@i(C`aSRO1B<td`=20&D2{~XR-*6VbOeS#{1jbErHL`!uKfcjne!zOh*SzGN%`v
z<z<D-f7r*jQ(k3e#B2LmJPIOP?<<tAr%|$2n-&Lb9i53LR#TS#?$v~Fw(6=m!Y7+@
zOcZu+N6tlxYPcFNwly*B);*`X-{U*}9_OT|Pq{Nc39M<X@4;I2>8SBaOG?5w^1#XO
z$K-FSxmK@fSKwc<I7+SZTIg9|l`x%doj<a=t(C@qo}Ov<uS=5O_?evbo_&!F>lb=M
zfwXb~i5(4_vw7m2{1*y*x1tdJ<;Bv-yWd?#TNQR5$f9>ynN!wRPv>j1zU=Oohzs$9
z<~;>8mkoK-S}cUto`V}}-El`!%L4NBE{uvZWAw%j%K6{#p_JqG6ePb=G^$(2O$n^d
z%qSkYy7m@;?PXt%MQ)qo4Wnl>#V>WDXY1ncyzLIWcqfMz(W~+GQIE;)o88P-d8!dx
zwu1BbCl-*hkrFh%kMY|`j_yBXb?A5fe82t}7EtHodV0N%%pJJmfWUQkqd}CKVdx4l
z;)%;({b5siSBGc7cn3?_n)+(n5)?cYdBa<FbH0W@ki@?Txz8!;MkYGxIlc%>`&dgX
zAy2nMxYkSNs4G6qdS+LPpMASzh9;|roI62lC1G>fQk4}O+;Rp^#|F;PAI{%$cwT-N
zPZlySsX?e^qVSl>k1`NhH*0TmWT#hO<GQ`e9O382v0nFJ+tM=BF}s-g(E7#extTIB
zZ^i>WwDx>`pE)}o&Oq5%HfOCeB7hw2;SyHSlDjMfn*1?W3O}yAdn8M9p1S9{JNB@V
zvmmiqLlr!0g6&bpqPy(fJuLc{AEfRDOv>dd#hO2rtScwqLNp;}NKe_}@!s8LM%}gk
z7O~`qlkke0rxuR;S+d+aS{~{Ji=e8A5E-`Peqjq;d<fq9?*a2ri7vWC>CVB{S2quH
zixIe;(7S6lMZD@8eqXt{f>L6jl?N<UfwS!QS_=XqL+sB)8b!`>^!z}6-LrSVA&|3y
zmGaO<p2+-q{TCk6avue)-~1wViou6LdlMEsKIb)wv0lFiP}MXn4x{BdJ#hj2p5lF>
zb1094+pW*;Ny+Q@q<AOX#6r$WLnpebCGw|=yA0mMI2FT+G{7sxnq;+3>Y{ceNsEWq
zb3->drCrBXx4q4_z21+nZ3cbyh@ADhjAokN$EQEJ`9x*8)|US`nkO4&%W!vI^sq#F
z@P6SUV&TZU%~7P%p6lN#q(7a^mXU{Q%^4y(p$jG=IBT>z%UoKWXsxex^gPb3jA}@W
zkw3rd9nJol5_~(4=cXLTX1HF0ykH!dMO^Idv^=Fl?d<3nO%Z-M+xT~lTmocHFB*Ms
zrn>xRM^f`HIo_p-zui>bHPHck!S6^Jym`y3tK7bBB0STFrAO<#Kr+zkmP%-)-I~Td
zVC=~KxY<&vdky@tv;Vv+n6{yGYS-iPyk1`3Y+gB`!TWWST#Zyo98S4eAP?%5vg*NA
z?S{;W>_!4X`GiIQ^FzXH-6y5FM+-UdDxk;*wR>(|sFKR#A$mWXUWQZIX8x+X-8<cE
zb~u5pc6xo5!{#|4DR!WtvPKs>i@?CEV|%SfRZ-%@)foO6J*`KLr_g{NAWmo=wgW^2
zkRxO^1TQD3ue4n2CapPGfR83og@mq*Gs<-gw!*GdRb}xG&abAh{nrL?sLwoIU1v){
zSB=g;fP5jYm=-gjhu=*xHEC`}nw7@m-@ha1*5}Boc-HrxJZ3sYtlo@BzH*Yj7j_tp
zW~;#R`V)wZJ8zJ<e!tmKdl@Zbx)Wc!@fY-Q3zjG<d9K8K(@(S%k2dYOrDCj3Of@<7
zf><N70&d9XjOR%~+}{XH<Ppi+G?R055#^KsYI0H^0%Og=r+IylLe?Ju9!4LAtp@Ga
zZvfoglxy?%3!Zu1opP$W4rEH$Avb|8xK=SKXEWAe{rUsscIs@BIHH<+;)u%Vh}vTR
z`W5ceertYjepB)_bgSs|bZb#QWdUmL7fNw&9SvD%N=8}XuM@IqnU}jhikr`XV)eNB
zj=aFnoioPHs@$zV)t`Gj<{G)u?C&OPVR`vSS?4;P>t!Ckk3<qRXGYUh9K*vo@x+NT
z+zZ=np;S~^++3R7{!S#tKx{xoIEY&n-qVL{U>zPKc^m3%w)FNywcM+po6r1mqXd#v
z8E!jO@*br|L}1Lk$g@(UTa`}%^z^ruuM7=Pexk+?DMV+>zN^#aW4(TC;zZc=cc_Zf
z88+9qAz#=NmpVB)nH!$u<dc3_fyU+{t=ZzE3OJ7zY!`KDXZaUqd@f^o_?3+ZCI=(%
z7|QngV;uDCTx47N_z*8UHH)b#{jcn09FyhfpVl@C#<F0ELCO=1CaXWAV2n92P;sTg
z${Jhc8pAhdO^Od9=s(dP3<*tq#}X{d@5=pj<EaXJp~Nv%3NI=dM6)U@9{~SF-CaN5
zpYajro^FS_E~lt8GRvD6WU<<}6dwp~$Z(0H>+l>*mPcqHfTw<Dx`d;M?065XX3DeZ
z89W5osIs}A*=HbTt-Z{DD47$pwV+~)^|Oa^z>l;(U+6v=`OA8|#6lzgBfJ>eQo7(r
zi5=ySt4GzJ(nL(Y#1ju<;J$Zex~(r&=H0Z!g{)d9%^d?mQ+c<W#s#RY*B&dm70b<C
zJ5Rwvx2ttmgs7-y32ZAJiaDKP;q>?6<a;Ypt1V`$X#z)S1qt&$lctN^M}F$lIewhZ
z)<&KnUGnIrRZDMs&BN8cR8J9s?Rx1gq1;Sa)a0w<zPMj$c_7z?<<FdtW=#f#BYsFn
zCBVXiMV?Od2V=ptZVyqI&H$n+F3zu3Es|N=mLtG<*`5h!?qj*Bson1{0Vi_{NMYfS
zBPt#SmmjZ|MX*c&0+GBeZEa1PjzK18w}^%KtM18;F5(?WQBZ8)zJM$fZTAFSV>M}D
zx6M**w{oftuO08@+J!G*lpE_l+4*ax`OL9NBjHFpzGl*Xn%Xa!K0d<ZXycOw`k~L%
z0hHmQIWI!#Y2)JD7r6`FtI-O3V$z{_TvqxO%8DY62i5nhP1hgR2ds&VVNdhtSUgi|
zT67vC8m;D~u34n3FbA-YbVGeo>{;)wzt%qbdn;FPgU7+<2^XA!E8Ka9$Vuz&9$rIL
z8|7TuX%voDI4v|A^7~u$&#)PLZBB9J!4{wuH1aT;z4q2sVIMb76%ks+TT*WI$8KOD
zur#yI<uLz11Y^QvxpLAm{fgD6Z~v4$kjPr|@s@%ekjM{w{#$?Wy=crJ8mzV=e8l{C
zImY+0HyB+lEki)4SvS-sC6(6X(eWx#s0T@0a*PYS#y+ZqY&5-`D?8(JrUjn7FL67i
zTRjw?8eVKR8kHn36Va-@+9=eGatGsq?G$cTozy<Bxb71pNA(Yf1%--QLD!CrO&!nu
zV_vly+zlGub&EW+;+5OIxft|`MUu`RQJuzxrGRGaV>Ca8!^)x*>cjK*+KC(Z@rv?P
zX=s?^d9`+8l4g>dCv=@_oxNUrR;$@jPlLuMmQQfJZS~b5Ia{|fREcykvqybes}^Rh
z_sq3WP;}WI?oRN!Pv;QDg6plwR}`8$j+otQW<5s3Z>Cpjh$qIiJSMz%qitmH+U0DJ
zWUXr%OfTCC^WEZv{SU`O!%fz>3h<_QUQdceK1xS80d^zZSDZIsldWbXGQ_V7HU{u3
zIX>Dv&(Z6zNi6$D)<L0|=$3Qao9iIeu8Gz@c$wYcaU7z3lD|k?Z5@bujaVD062W>V
zzkaD;divN7rp;@7A~H7<o)<eOWLC#xzIZ%O!)_$mwK>bgeeh3A+hv=eS6j=qX-(o1
zJ%xXr$bQlNRkJw%02nxf<Ze0E^z>Q1e4iABV!rxGrM2kxAchWyo*S|^6i-``#ov|v
z9<}<pj{u<_V9o||we7)|*Hmptv+`Q~D2i=Oc=uGa6@4f;6iFDzansdX2+Ryh`y5Q4
zW`A_rOJovs)&V$a9wt|`d&S144xV+XTwllI7|~WNbs%?2bK76Z@~}6X0q)FY&Wu^<
zT3iTN4ty+B=l{djlw)vke^b@q=2Px7#`@Cbuk;!wHNJmH#IU<pw8x&pi}Y-^$d{Fx
zv3KU#Wc7vkyyxJY_3_ie#=I{)A@@&Q6S~Yc({ym@+HSA2#VXHf#~6WElhby4bIFW5
z=DfAt12{WFatwBWi+^as`9=k~DuVv9QM%&SMg00%3s`MqY1xJtS=+~<d($yXI_L3$
z15f2>V!;BCBkO3JebG>Fp;~|J{6ptk-?_j|kAqZxugCkK40_aUjzwbBHr=b2`6Ox7
z)=a)L&NdOYq(T|(Tw-B9byuVL6@Mp%hUntV3YISiHk|-&0~c@zGRWgDdgO?>w!$TI
z>UV}@8V{S)SK_lj7GuGna#Sf>I*Ap&1>*=ko~^Tnn&*7!#$%gGT_+~%)h@UjNAg>h
zz!?=xB&`N^7g7EZM8$p_u*3PeR@rIBvYy~vMzgFaVIBYDBzu{uvv{pVK}-xw6tO$W
zL085aD%KcJsZ#~ot<%11M}hL%Jxg@@$5Sh54=mg<#s%XqCK9;AB}hM6^+$c=8GQiq
zk4~vTm)^=6iN{$hCrpi;O9B?}vjut`T8V_{)Iq%SD}I{#5E0v!S^65z+m^pWqh60l
z_GR3LMmBMqw9nz$k?~~q+Cd8>^x~gF$;~JNWrV1IIqHj%4U+r{(_FRnL7H!g6L6ag
z;(k8BktU8$ou;R!s(&PDUAGHmfeMj7C?{EHLbg~aHwZT%9A-dX*l9&#O1&3~OU7&u
zI*3ppJn$IGJ2pPEkYxc{>fGg5uVY<RuYg=6TckYE?F_%&9^-lI1dZ&{d6l_o@7y%G
zp2qf_D<jL!pWkX2ylnQzmgK3@*|b>>MXvE#L^N0+m{{}SvUPb6uY9b)cRBt_R%xkf
z(`s8{*x1NYF%{7JEDJjJ#%4O4AC9uRK0OP20SoUkx&bXw@5X32$uVW4a2BmjBnnS5
z9!B`C=`C16Lc={AcD84*q6Jh`Cpz^~ymL#Jz6YDAk9fwT)7KvMl@kfLyGB&OYfKZ~
zc)WUgvq4z3x|Gh=lWy2sDwnJ@!12fVd_cW>QDWxWf_}V>&PM}sBc_CO(6liV!KuR3
zc=Ek2`K!(DmLs22--^sHw;k_6AMNvZPyLKyYUP<c%2fBJ7J5>LM}cI!x2si37F)_p
z#;L0nG?Hy+N5Yi+74=t(XI1K_Bmzf_)H<$@O|NeFpkAW)yqd>rHq=-d#7+f!X(C}F
zs5d~{)ix8*RJ=?QV<nHFvd@cDR*YC2HOjH${N8Sl!(5}4OK4(+k-a2;o8(HJ{RY6P
zb)`B|G}`5S<x@u{f0c9JkT|Sh183px=LuC-ZKr;A+mO|aa4J9pt0Fe4gkv>Arvu2X
zvBRJyieUwJ+3BS3q0x!4@-Bu?EJvLO9Q<;e7Nbe4qwDHqB`VSh%V=CSvU)lTV_m_)
zakrRFPU|yLYK!O7YX=`Im|rF)a=`8HCo8IcC_G>1zS!@xFY9@7?}hj~l^%Ef(evA`
z+|bE$e3uw+uUa^LB~@LyierxRQo$$26GPsNyYamTBC>6t_nA8I49EyZ)`kv__C|VE
z|418sb7TY-4o(s#l7FNo36mxX8xv5Qgan`oc?^V|gbm0EDKG;eY*tnhHUI!pVqw)J
zVP|H0qc}84SUEV}#NQ}3P7-ziGo-}&Cc*M1%L-}9!o~uj*dP)B=C|J1-v(h}dZSn%
zt^PwnYB|{0NZ47~A$%Ykq&@pvD~`93nco!Rd~3z})+Z;VcgR=}ikS(*WaW6PW@dUD
zll83)Gc%+)8#|DMgY#_=W|p^6{t2<XDZ%>BBo-j^n-*-4@&DPx0TF@}A@VF7><}T&
zH>+4UAtZq5jSB$0ae;5v0azjAe`EoyoDll}Z^HoCAsw;+-qZrH|I_eaGxj$C{v!Z{
zU<%~q{BKi^e+vA=niEp<KOJ(u=?+l~(lewd);9wIoc}Ooej@>Iow5SnQ2D1UE9*bt
zSxA8Y9Ky=>HZlMJ!RH_PZ%_j`-`a4nLONz;f8%nny*ZbSiG+on<3HCw2XU~y*~0c_
z3&%glFmsTwGQYvV0epjj<IOW1Z#V&%{zF2zod3Xq0R3OcINrPiU;?~d5P41(NDVv3
zn_D<pAj3kc-$*uy?f-!o;zCFRNX-4;T#%;BOmDdT$65#tQTf09aK5>j6Qc8*>$FM!
zSAcUe{ht7T3+lJxn<Ud)KX2MWsQ*#<U)>uv5F6hD_s#788_oX7{1?yv(c(Yaumj$V
zew#@DokDMu=WW{jcf!0)mH&*z{1zM#-5}ThOoq2<@HPP;dO?E!UkgYmzXke#BOFrm
z#(A^p|NKE>{9hD7g8M)JA=X0T_$`3{l_3%N7ORl{*xsV^zhMcfgZKdweg6}IZ=v@V
zbN|Y$5H#NK`k(OnPh9<Pl$jw4{LeD-UzGokM*rVaY|IeUAr~w2o5xv!Z~lg$2;sb0
z4B<d*|1XD)8G;j}=B*5XtcU+>{#Smp7$VCGnWz8T*0+%PXDbg6qo|psqmezMsHL8x
zk+6}0jiC{vl##WGqbX!1f~<#Z|5IXyET|AqvGegEBm8#_c1=I_g!R<wtG{i&wLWW?
z(5#!*m@aksQ&X=}PqF-quAIJEB5|eF5?3n54(><H0Xuy18dPD~!e?B#ANrd~a!3K+
z1V3=VGs4Jyhnpig;l9n(R{umv#kekZ>A_uV@?tWcp2F?0E7fe_=KKB~fQrnt#LS|Y
zQS<5tuB}zpJC24qmASgCves9#pY2&t-*t-1Q?*ZGj`>k+-5B4wIC)81W$=ByH{M9C
zPUlu%pI*5+@NKktzxYa5WzllDEU0`mze?~yCLU(;TF^n$y1U2*W$r!XhQ%Uhu;u=m
z7D0t8G)eo%Bh_om^<6i^y{mzD=9M4O(p0Q<>i_OGf==JV9e;?yS9P*kMH1iW*=scL
zS}g^0s}w$+j0L`nEH+Rq*O^*<lu`aeWa-14m{ca}`@n$QFm~MId3cDtJZ|Zw$O6}u
z`2G&_Nafn9>^1*I`sbNGr(%P*qU`OoNJjAcMAY|9I?Iz@yT*@pyoZ2f*oppAWLj@_
zh0gaID<<z}K|q_O7Wz_u#43If&->jD%(SFu4)+h)aLY5bUCSywtdN_eROz(~%kR*R
zSvGp|&eEUhq9@we9sdsH#+rPlQvXy%B9{9TOu>XOD&Hqf9WFytO_2P|#9+H{&b0)t
zde`gs6NYeG5L?4cO}5-N_niZ0;&AUm2x7H3HtFpLtu8+#wen;m^;kd5jCbsK0Uo*6
zT0c3hh@!hzg}q|dx*p_h^CtJBd)>YBA!!qoY?8OmefYlX1iGy|6MrH_fAN8pXQ_L^
za4K{-VS3Cm%kqHV^_<yzriLZ(F-kYl;q3F7=~_hqbR1lD$n6F+uWzU1ZtqjuWqNt)
zw`#Fux)h-=KK>X1y6wJFZ7c$PFuX3%v~G;-t%;LgDG4P4gulPNUKhJ`5Tm`9z3yZY
zwU|AhtZqrsA%p+FzkY_xe|kp7<q6>2Uex>s{iIvL`7QVpjJ^4HU(Tuz^IcqvNYAz(
zkAJ4+%I75F@u<xsgQ_jbuOkzfr%>PL{_ccl5`2^*2LP8aJQ87sg4pgmB_(<1$SYzW
z-}kU+hz@YzVAsZ||F$&wm>ixQo-&g1JnB!Pw}#33ie<5<^y6pbGd&TaE^)Hr#DmG`
z4XV)CK}iN)QA|&@ev8gVATxQt81g83zQL=k`(q{2N@rcYk0vA1JiTU%;YDs>24T)k
zgIhWMn8V(vwYg=ovaYJ8qBa{qjnlxrudZarsDQGsne&hO!AqTzZrHN%^iiF8fgnSi
zL@!yC5eaBsbzukovGq4ur_FqsCEwYRsK70Ufa;=uZc8Yao@`R~Zb~t(@K{0|tA9Q&
z!Hl6}CPMMx_~q;a&)+?B&rDKdJqy^&q}e+z-oJXjS>)$roiXwT{YQOxnHtN7c(Ta{
zm$N}f4V6S?C#BstC^VRJ9fz1<$8;RUa%3Q3hV;{A&lvHnZaAbg9d0lQA`9E=B2$ve
z@+!Wy*-3G^oqKzRA5v*x!|z{*RZ6BKwLxcq;|qdOcl+~AQbM{jgkpEE_SJCi-&#Nw
zylrz>SeIb1uWe8zRl420COg4pm~CQZAv?jjo`LjLKT%gepBYz{$+=M1_+!v|#+QRA
zaSF2*R9};O(x?>pku9Dd>s7%Ve3eOOBbhlQbOTbZsur+2yj3f>zCWz90i(_rl(PMj
zqof^%s%?g4?nx6PvdUJf$F*Md^lcW+)ZB>WjGoiy{yUjWduJMJwW$NAnEoB9cr}_H
zVjODzQdQjS^Gp72&Bg1hf&OYeX*u=e=|{^1?DwVL-@_1jqs-Si!71y{{VqIYas>C9
z2Rc|-+<Cj1!?v0i`+I73%t!Ue;qcm34Q}x$!HG-`-I80D^ow6Cpg3PwAhoupx9?}s
z@)F9}a4d%I9$h<??Qfe56(O3WcMZ4&QX|ycTE^9F4L=PQn6b#h9&K~o{}J>pLc!2g
zhQZpmZ3&>`&r`<CMCpgOWAl`d^53JX^T%Z<cgNE0y-)_3aJFaYAn49env}_I)>T<*
zX>xsz0EcE?C1{gdbqL{RE@855adG6x+m-oO&v&$C(b<GA`d0@<WR0s|kTD>uG7PI(
zilSZAnqCFu^v(R${Cjkrg9@X`byt1SfVJCLGPW?=QYDmplAKg0J1FmlyYqXaZ__oX
zT$H#Bkz;FyX8S1cNzHjae>2Fn+C*;G!W@4a|F#bg8nuFipssg)vb|_jE<myt#RaIV
z-8hkVHH++wD&j&<%!7l3VqI~f!JA;yvoOiMZ*f#?i{O>9z`Vf|?i2q$HM#Jn^q6kN
zqZH*K8Br7UV+!IjmNUWp-$Wlh53vBF#lwoyasLvvc{?0gzibjCx37%b03yDgMpje+
zi@>@Y2V9lp7fkpMr0am*pCoa8Mo8C4)f6**Ms&l%6o?2cd>a&hRPsXYTFb%LmopB|
zdxzZ>GTwH+Fh!sErIIhkeli`U*~RElmR9|4%%v&2R=&8D(9sdMhi6R6HDJQ}7};|s
z?yt?aQZ$*v)io4DYwsDCnPXbl-t(C5&@>ZX(ST#7C#FW!)vlX9AL0(?ams1pYXcRf
zoxuih-L*{D1!c-OF1z{{PopIoAYQ5=7Ryu5{#`|<1#hfuKqG)%^r+fEfEC;g;-%_B
zMOzbX9OL`K%{s+2eg4<%m2m<8%5Q3EO`kuTwYtR^tY??|Q^<^N_HYe-SHQe!8weKR
z)h4QIfOB7(oHJuo<`A#>&?p@16Zj3mqzvs&&(2Juo{Vmy`{PB=)i8m#c-TySM#iig
zX(M;x&x!fKghldK4#j?&Y^SPX-!nvSX9HEYIdV@xxe(KY3)Lx|XHj5cz8Zl_5u4-I
zt}Hm=%SA#T?Z_RkAg;yM7x99pL1j}HhH|ej?nO4iE?STU=^_~FEO~<`A__UfKMv-v
zi0?7oAHxz2G*pz~SzR69V@kznQiQ+R>G=8+VNJ$O!Ha~@CZbvr0RXrLF)c;(2l$5A
z;rS2?JVD)FW#6j6AAs({5DTu~qJGFqdc55&-!G*C>Y**jhLqtz<U@0CAUKszWhDEQ
z`#A_BC4xW!>;!spH9YZB5jDZ8<R9qWf_^f7D1I=|SMY++C(u`L8t@u$sqnj^zs%8g
z<*eBSFa*d2pt|Y&-2J%xH2hLSYTxH@ZCVN!lO>CzMR25{(ZCxEr`MtvVkn_Wkta(`
zipt4YC8EbG7*Im@L5s{9lM1|_8=)Q~AEX>49W3mxDR%#PXr!S2QGl!a^Yk@FzI>q4
z2jV$NQfWrt;4bM6vhPtGyJQsT9OO~P(6GK4U7|)R9}wZkps7BPC*Z<eQ_RZCNM@7f
zq<$00rjSD$B)`FeR_|R4BcY5z3xOBT|1BRy`2+6TJ1Pk#2_`b7AAChCCeYOIe3W+q
z8wP&SWDV>AkQB)wi%aM)GUt5V>u@g;G-v2ffdM_xXP?@H&e=<zQZ{6vee!Gg(Vl?a
zn$Vrp3G3)ji2>AbYZR{j8{iNpzTY-*-h|Z*-&`X%R4JY)yFnD5fg9M+j2KVpN;<hK
z;qe~68yxUi)UHt*>V770-lD1ely{7uh{*5YyJw)q$gx(El8MFW65wRf2}0GdNO{E1
zp}V)B`N>=(Hst-pir4h~NI&sOouhU8L!+V*kcFTT<h$z~jy%V=MsMgSGzV|I>t2O+
zL4S%lTouPWCHZ>--H87Gu=Wmcl0;3S@AR}iZFf)GX0>hGwr$L`ZQHhO+qP}<_V?X=
zd-v_$_jd1lTNS^5MMY+w%Bsv$C#o_|#JadGbk76`E5f>{tw4V}_Kv&n8Nng0zXjo;
z_IJ9iJ1Bn(g2My|6{Pn++ixH$2<L>$61GPD>k+n~4Q_x2H;e{1@*d*(`vFBg_@3Wp
z+JY2l!sGb<8}rMc^UE(FM=^&_#R(22uP%_z2<ZaVak_uDEq$+krK8aAWsaX`lctMF
zW${&KWKPR?tq4~qWG;y;H2tz9Sr)90(FN{t_jO{5Z@6z~1}P&vMD$kzp(HGHKu{Kx
zY`=OGmOT1>FDU8RaX@q)nd}RpMWiX*TYxYp?N5v__w)-@MDmD`Dir<ZmochvIE}xw
zZ)C9C-|9cQ-u=NtoJijbJWW<1S0N6C!d=H1D-Z~A&n2Px9QwPT+^zd%gXn^ESs>FO
zFvXU6>B6$P^}8M7N(d9w5f^_cirhayC?Rllk(mhJ<3RKTcOvC5<mv>|`RTd~PI*{>
z_AvRDfE*xr{m7xpo#H2pI37a~hX^Hf|Kt<8&*t~_4bE)R<>u2CoWf#A`W^HdD-|uI
z1tpur0Lf4+aRQ=HjO6Xh<okVgD~W!e-A*F{8MbqGnjj<jDT3Sir*J<x{zfoWfS{gc
zr*sQ`FwOeGfVh_y5l$nTLd@sq=B6{`YWQXcA14wF6Sf*bF#II{>(48hN-(=GI*dpM
z@++J`Sk4C74&=lke=1r!_gta;8S)m7(98cGe-?c8;IfObqw2!$OKR=xlXBKW)Q1mK
z_@zzsN_S-~`HOKjEBZ6|9z6bwbyj2e3-`uFv`eT1DcJ|<1U7#u#@p}SB7cdgY`tr?
z-1!UfL@8e-+WT*95`s_UJ>qOwvJcP=+w7g_6h2qjJ<RM>w0G#e&Z*O-!Rf<gRx#s-
z3?Z(PNsCW-ZBaB&?&da}aF$|~6Hkuzp0{Sl>IWf}n`Fk7H}VNWeqSl|CB9PDo8E%*
zlR&A}C3p-jFT4K>#4g`FB;iJsBi?L>=+kc;-d3y=ngi)4_ym)dE5%FOt-r2qx0X*<
zqd-p;WL=;q#`$T{)`G1-C+_)Y(Un50RpZV&evS>h-&-IzwRJ_gqRevVcZjM`D7RI~
zrk{0c+Eu(U3_M&)ps=>m^1Td*9yyp@-Ze8kJtZ?dwd82!T;VRGu#+<VT6NR?osX>>
z4?Ov|@b482Hv01e@APlEbR2fd`wU={0B8S6hzz&w@M*$xq3YNUI#q;K?`$5TQ`QHY
zvm@?f6S#Xu<_}42o<9Dr%B{JnlE#2nehv8hfb6OQ8x@^q87As=m)xiTZee<4uUpxy
zIi(<U&Ni8fvNgn2<W)~y1=GDz*qnyt9%iF5{xbM-s0ykx*b263tW$Cg+*6t}C~8U#
zM0IyvF;lyh-sxOmXn_nPoE*?%p008(WcF!Xb4m-?365z@bDA`))UaECkyOqKcq)H{
zQ5`=lxN*Sg*eQPlo2%$7v0E$~&eq=+v1KIBr;1Srunf|4AE(f63}^0>eHitiwI1W|
z;@3`f87qc7L*6MFbE}bS%h}X~WzrU0)?Rb3nM#H*>WucM-MMwHROu;rX-3i>8GjO(
z{a*%pRgY9XKiMl%W>Pnd8yBsNd42f5RJcsM`CT-J%p1a$u@-9is7o!FtzpMV<zUg~
z_mdXQ7Oa`SpD>$1mdf=uu?a2AY8NTBCRi5Buaq15jgFqSW;1Y9!Lbc~&n-Cq#fGs3
zJ$PQ(=j1iq8;rp@1>e{N`cq0^_PD*Uy4*-ExrHu$aj>XoF+gu5;CZpbR&Izdu%-U)
zcb{@okkosV5dY`91kK;l{X$!N4Uy-<{mH^>8be=BBq6X^c=ha3#%f24uSH(nHF?QI
z>kZUj+{p&7FPeYQZnG-Z=%$9e@!|hg!R7~6TT%vE+3hq|RXyNgCEK(Ce;xKTT9SXs
zh|FUB5Pp(=Rw+kSh1SqR8-(6QT!xnEuF?Z|!nas_M|%Tb`qE+l&FU@ts`X**qiYpt
z2U1+``wc|MdvECIdJmV6Ut^qZNP8GgFhwq=i1sl?w4x*YB<z$YfCx<H-)jCy9RHbt
z5t3<0`QlmcKULQjvjoNbNz$Qr|2e}!>R5zeEWqKf%T4u1+BC35lzJM<K^KzB&-(bU
zwki;%9!hy2vuTx6H7-lHaDKvfb;dr_V*xB{Kkwzp_r_%ZTa#WmHfS*YXB;-H7o6lw
zVq1<K?D}_?q3d;ePU08b^e9K%LbPt{=3g}Y`*R_+AuW8%z-W7(+E7UmH%VS4@kg{l
zWzm&?DD4)X@O_vkKfIe!E0OX&cHXXm@m&bleGj&>vd5A#X1j2$c`MSkjpy4@I*umA
zTH6mJuF>BiyiQ54+1%HVhPgn4Vtk-B{gJLw-w{4Re2jleLMp&t^?}=BS9Bp(Os;v>
zMOXGXE+h|3@vaS0w;@rp%)qS~7#U7EfN~6sP4Z4`uwflVmNAlzE3{K<b8IfUdfXW7
zia3f36RvZR0GKaB8boc{CrH$7yMCvrvai(cy`**3?khLroUll~xFx5DIq>wOOwMiC
z{<!3eoK<*XbD>=af7;Ww{RP+Kcm0bKM!?_&oX(|`lR$KrU5Ca81Q(@!8`4!i`3tX4
zj_(n~KFFXzre7Qv;kjrV{gQvGyY3pBGosT$GTUU^?LG=^hj_ig8`!3w^BASa&r|Y;
z_8&AM@8<&5zTg(p9dc)y^pF>o6$@Ju-gi{f=Ph>3jnR(4HgItHWRmlr6Y$0wwbZqt
zDNx4fn7pI+KcR6C^`n9M?!jOQSSl2I8`u|KCn_W@BI2!rMwhl+y+*LAc!Hj><KAAc
zDf?PuR03fS4q94X+`>1@(1!E%3gkojlVbZ46BFZ+QBlWr!@}%Ubwa^LbTpa#s55#{
zP@7fx5|}{ADemMi8>Z0gCI}H9IWAWt92C@=6b$4;Frt>N5~OS<>CHO^PEL9>n-uZ&
z1{gx949um(CuU0`XTSj^@}<|RRB#chL`oz3xNS3)2oZ}R%%odr7Tjg16<?NkNjmlB
z+9A*80pTcOL{WeWv$@mu$3H{G%%_T&H8c9rq7h&PKJI(NxG4*I2^7fk3DWpYD^v_E
z{JFCc@j$?LxunD*GnooI-(Su@+K||PzITw#Bb1Ncrp^NZgO;+%Qkj+k{6{TRX(MCC
z^(*1AW0RSwWxZv3au(8!s}N9Oq#8ynMhEUi=INixCZcGFL9@V(;xJ$qEuGb|Bh)b1
zMo>_r7cFCnG-|bicw|inr!$A{g|a%qc#^j_m8qVq)Q3k-g=TDe?%~{ltX)1(M|-;j
z>6qTA<%9ergW>}`CMYCT8{ZSCSGH;iCu+y<!;ue__QlH4>iP)$CQ42oKw_P8MFuPr
z784RP=8GCm1_;^|iBZDn5h`BKDI(O%dexfUC7p{#jN;31PQ<cY>|NN4*qH4NYE!=6
zau$#2o-{5^wncn8_7NVjotKg$;78(&D)A3L!QU0$=L`kLz2N;8r_cdDpTEwa)FXap
zu@JA&?zF?EWU*sPa6_6O+SY+$u^qywz}-3P+6U<fdvtP#KhD9Pjg7fssY~Y(*mN{I
z#Encl2?c<nT8w)Y$ampsX&JJ#sBS(;v{1>J7mnog880wPycRZ;r|2;su~c+4*WIQ6
z%p1<Kwm%gdpK@TGkEbf0blH38Ad+n@DVxz<vJjLnc(<N9*EL?*wVE5F*>JfjJXK2w
zbHtP`jP2CW&{*!Qv@uAmYFuaa`bfZOUntC5(Eerf*Rt66j6|K<RQ5DZ%Q~v6zMQj!
zb40e1^@mMWK6XcLJCzU-^}D0EK`dVtvRS!P>IzC0NP)w1&7HuJh&F&~`Ql(lbMwRz
zxQ$ta938#KJ#x+lG$PnSr{5#9`tzdz<^n?AQJ|zdG{1&gfTBTlI+EZLRKk0&l?xj6
zl7g;UVU{sYFx)pGZRSf83}KF7(X;_k>moM72<47)R<hOuWuyQ=oYt0lzq$UvEOfyP
zs?Fu0J%HlzRGy}WbUtn2sBV`cNsJUihp}-?MmfRyoJzsSHNaeVT9@vGg2Bjgu4OA?
zrKCMpO6}FWYm#Sl<iHc4zsxm)6&K6<?Rx?`j`tj!k`XAmN3HHX<Kdh$GL&qc=SFnZ
z$H53`f!(!qn-MWU?tAkNTH0@7JI$0B@W(iQyJ6W7IkJVV<i||2Q0`6)Pb8U#Q$$d9
znVDA?;ZGH4F9RG##w9Z(X=2N)P$t6eY&vH&>6)(IHclcK!{Q3oHT||M#H5{2f);Hw
z4|Ez9<924u6}7X*GE*(vFA`5w&T%x+6gAr61S}ImM{hFIKojCF5EWhPC>5%CGv!Cq
zhV-OIb_?foWNCmyNUrAc2TS5q(64?sH^pc{L4)A!O&IW8l<KHv<t7u`iiEwOBk5$L
zs%NcenisC*Al2dOc}Z)~QBP1c>@!zv%poLm<qfyT$|Z9;r(wBt&8XO>paz-Wa(&ks
zxCy%t+AJJ}agnnU$n!WoP&rpqF}gooPLV4~-8!6~jX7wjyFIGdsHHFRP#RdJM9V%n
z%;wRGdeeYYlx$oVNC7QCL>LZIm6E-jE7MFL*&oBvU*KbWCW=Z*G;Y0jSLz8%i6~|D
ztE@Q)SVQ+=*oV6dL!MEO<VaIeO&gpmMtLI35@hH}Q$2b1g1b=JM_VMW>e0e$zdrD?
zDA>)E>Pe7tvv1KPQW#U5Tl0Wsr#&98O&aIfYdyI5kRo?!V46J7P$<=DIgE{t`mo_#
zV(ef{@34qK%~LNB6?Yz1QqH63xHx}IQPFbi8O2CZswfCZSgBKq2h>v9J}3#x*z2t?
z8TWP*(cT>_E0|F5?I^6qGlmK3?-ljj3TJ5nl>iV`gflD}lhXy4J#D*tNfJHkzf1OL
z>iw;@$#CwtAvF;bdzU7Rz{}8C?o+K3BRIHK3rKOn>quVl7s+JYrrE477u)K^%VgmQ
zU3nHhT#T|ZWDaAMf~KKz8P0c3iQUSNXJ8qlpG!<XVw_m6re$g+ron9rtFVhlK7wph
zT^$b)Dq-gK4#+)7e(G;|rbz*^AYHxu3)3_bVA6e?Ex+U3B6$fTSE|L)KhHx1SIDw#
z5Ox*;=yUHet!n2Szj`;V3;Oy?b0ton*Kh5<XN}g2_+F=)6@McBh^1Q7zb!~JF&ydb
zIZ70SzGL2lC3SBZyHzTy`XMG}=G?NL`KadYdA{x@kJ%Rg6}F3UOc*pR653gfWE2{%
z4{S?76K%$1r0WO{3#3vgm$9U4kI@h05;&i!Zjx1j%X-ku;&@*S+~GgT-foL>3~hi4
zk@}@)rN<?f4`YC!jKK3rK91%|JZKwq|2Tsau8tp<;uT30C5Dg5HRG4L*N}riM3u*R
zK+wd%IwlF1HF3y1+MK2ccXr$}V+PiySeY1dqyO7v6Hf^mm47e&HgZZw-+6dJ9`0)R
z=E1*hO7VG;NaN)W2d+pbe}{K0nXQ6k;@zw|pMIhQ0Z{+qokBXjokE?}%;d_kv*N$_
z0%=3AL-7!0F>u}&p(FPR2~BZHU9-?1U^Gi@8u+Xq8yZ$9qb&~4;OfJalA(?ems_FM
zYUKXV%YgM3T1Dct|Dpgr!nMHAVfNbEaVNqW*)scLN*&pyvJvO|R1tm(r}>@jG|C&H
z!Z1MdIN7wQueouZ53uaWvN*gV|AHi4BK|qOoP6_Ur;@p|EaZ^P8oC=cV8EJl^Jeib
zibfMna5<2F8_DQhoqv`aDS0#x`g1A8Eep`qQm+4!e#_)X>|?!hZ=Gq-#B$kXc{Dql
z9;sCk@kYyKVrFJNR2cwDT~Nu}cPsT_1WIjG$-8$uvGymzo1rzz1868Qg!CyP&Xf0o
znntc9Y+-<<VL>>l|BsTA{5gu)9rpvP`T|ST@U|r#Q&QF>F#=j-^;D)e@LoBCQMymK
zOCW6vE)=P=^IkZCL~z31rQQHi8irm#AI=7!LPXHpxl&KQ#|^0c=<-4}I_-uwwa4Z>
z<>Q4K&)ha7o3O^Nh44L#cEb!UoNJn~F)B4%9)PZltVI7~6SQe*0kyvBVoj1V#0&32
z72=F^%V+lC)ldMDh_oaST|*Xa+?t8#WG=2qw45APSsliJlI-btdD9+U@r&0h-K*2O
zN0oY+5j#kogi&3qFn;po;q@@Y!_u<CwIU&+LgAh}Nr_;m5=l)9w}`JaT3W-)Z0)#^
zmL_J6!8oZXxWGQdf6L`yM(+`)o)>4GW9Dbn4l09hm5q>V6r^gQ9!ORr*>O2n<|V>W
zh@ZZ6IUBC!y=N+1N~@&ufYD(mf}{6~mx|0A{g;-XwJIr9(fpT`2GZ4(t9+ZFL0dhK
zw}-L8me#e4D2wro3z2w*=D|eS<VfjA4N4Q084Zn=(?Rcg<0)r@<fyp+6|}tgkrb^J
zO)VNTtu+mey0dp#S0{l)$^If`J8syFaV@yG*2zE$#@s5!nKRY!l4?3diZ*fGG8I_C
z+=ZjDiYsFnaLR#IPbsw(fWl9xWShE!_!al9{#d&>phv7TQ7#sR3|4VupYecE;@~f@
zc1goL)OUosxQX&`tv4;atAw!`52X9hB4(;?^LESatvJaOV6*s{T@?E9SZ>3*)e%c3
z&v_lmYh7gv^W_TT*dwdAceXhw7xj&aQjU!ImZ$ue*iW~~d&4kE60|&z5zdsB#acHb
zX=SQIWf(Fg#00qx#%?mHUNbV|pFYzR%^mi21Gy^U6yrj#y_zljmGh+=G--;Za^jW&
z4&sU<xKV+C5*G7W&P0`biWX5K6)~NfY#i3T&QFd@`gXS`nOcL;S+Exr(3eidHrV*a
zdC#`0TwWR)D_dqmFU0u?ge>>H>?(w7ciZ?b$<qLj#s{X;@HU}HFF#p^Mn_PN!A<~r
zoDn^gK<&!@e5e|2=bkl1m72VDk_79(6}Y}}o?tGrb)uG3ps_Fp+S*KNFV}Wue4(!U
z>iDF-O+^%SXw_a!61LGu<-6kC{ey}VUDDuyY0g+K>3~d5K<ak;$dNXS!xL~NavuJb
z+@V7|kEFq*PdD8{wEP2E8R#D>V<J<C!g*F?)_p~Ez*~G^2pZu%D-+0<xBO(4fmh3=
zlOFw9XRGje?jH`jaZPL_llRY>1T&@~S|v^nzc9DdXL9-@oqD|^s*;ryedp)#+tV4e
z0rsKz{CvkYbBw;>aP1)ADpkphV8{?;uq2czSd2NcNi|NN$RMQ@1#Ffk>G6%q`canl
zmseW%cnWgLSTp4F&KRj?lwj9Pjo(WWit2#P%K2M_G|kCR$Sps%&vSIUQNy}Rp4&R>
zom=9>yR+qRldB5T4Ng_AlQxj7k>ne)G68`?I>I1JmQUhow0V#S04#S3c}vfHzFB07
zuxgvBgr@>7?i-ZELxFn{6`AVfm55K8Zd-412i1B7L5<7hDVJ6rA)+7Q#N|DP>H)Y)
zO*!&X=3GS*!^e5}=A%1n8B-B^oz}XQc$xmpTvg}C#thcYDLG=9BxYgyT0VnVf-it6
zG$tMt9{W>{)#p#~we*AOJ>jF}jXd36hPnE*p|ZNCc+pfW4ODZyv23v8Zuc+7E1)H8
zEiLzTw!fpJF-JE_iJJoU0S5NBl%P)sIwV^Ic=pC&0+jk!JBp2pL5u@ryPN$|nk6H*
z08il()f|OmhK`XEVQkI!{UcmCta$yJ(d<`CKjTs4EdH_>Gb{B59xka8g;6IK?2(~$
zaqG-xysh#=UeHe8)Z~oqpR6=~<ZL4xd_cm=Sn-ra!51YDt*<wEZXaZw(y(3J<ybo%
zKE1M3vtnwGD&d+ojOgX&2#jHJ>I&s<+%u-^gi8R~VocI~nqZeKz@!8FhUupvr28WL
z7Z<@?O7NEY`*s<D2V>F$@l6r3kk*zw_D){&)mg6KBk|4ZjU2^Ss4Fd=5uoPzjaK;O
z(uah?QU@U_BXo3CP_qB)?&i{GDfkLEBsus$k>?7b9iJA4XYyVqyi5@Ka>M%ZgPAD0
z4ZIKZIl`YlFbX(*!e5akG_Po%XvUzM#QDH8Pv~f;KEWq3$Kc7h0x$gW?O`Vf_*|$T
z%yqaLuGk7%_Yj3}e_e#|`W%11LKG&61krCqO{q_DqJIGDv`qEdrhA=p0)TROfQNm$
zHHq%;2y(K}AaBF`y|u@&fj|p~ct^f2t?s9iZ#!BwP4##lcc>+u$hM-qw%t_jtt7#7
zefk}FA`c+y@KhzEegvJ+OGf1g{yjnX%R}<6?7))t^JWX~5=CCRx=?udh7+2C25GlT
zRjWHhza1i$O(Y!6FM=}U1~Gmr;zoXXvLfP!VYpv8B*`y`17Q#4T*_cdzSmQ(9iCzs
zc_Qk@{Ly@-620p0gZ$butt^`8RM-uSXaW3yD=Lw_$9q#@4^2|PD}w3%D>^M$!aB|#
zF&TWnE4gG`(vT}ga)F0_JGSGk6}@&(eK?l{B#_&8vvgxu-_05~zMF<G@rJ~H5gQ2;
zMXjW`)-v80n(U5D_Qz#}ka8f&IFn?aOLG427IZ>$%KmU`u7vW}anlCong&nPrJNOC
z4y-lbf7PvvcK(8QF!_nA<iz^!U=q7h`vc0ie-#=C#Q&G<_a(;e-(k9hD4`lsB+x{X
zsH8}Zt^M@+yyApTv?%ozeCxjwvdR3Qih=Zlqd^$y$bK0G2aD>LcCJ6UOiJ?m-g})q
zc~0GVr60L0IZXO+jYWXD#!e_@if&J^?c^Tovrp~YBzc$;Uoiko<UMeQV9d2;IMAHZ
zImZfx8%vYGTJ95aP7m!=hU+*VXy&=GU>!xFzZUQLFAp6K_!7$%zLSw<n%I*%(d0UT
zUER%Jsho++Xnhnqk#PANj$*R298#vFoVsikP{$=ysBwxZbfsJ<D<7Yx7naA{3pnTB
z83&&NRJiO)aObY&j@{DYHDB$>qfq=C#`nZ3V=+$^R!>f{|Hi9kTSC6HO|0Q>6y$qy
zW|wX4XH~RES9n)xekOK_Y>0(%UEDytP!S2Kv>pXqjH+}xm8P07U7E(+ul`)1F?`Ux
zL{j8-3_mm~ZPHxm<39+>wcY1<)expK^eLRxS;Y$t(=hVm3?dp;J-e5iww4kdTG?R_
zSf_@1y6g#+^*?M7A(uK3#guX2SXoG%I5CYa+%F0`AWbJct9l8@$a$_G@G)j{sO<x=
z#A;U>gE(0;eqSo~;ep~5&w@!PkZ)?axG}q1YZ*K^x1B_*UrJQN84ct-H7RXR6_0SF
zmwoa0<;0-qgQT?PxzHu@kpaIHtQY@MN>qHasHV-|{G_KztGEKtFw^3NhjydrNGWK?
zuWNRwvYI*&g;V2c>gdu)fX#tXFDB3_X1XuNrd2dxm{(U}8NP`r$xW*;G%S5)S6XAS
zk^040?V;IR(bktXy*w(*4Pewhq*OaG=gg3>KGt58BJ~v-4Z^s1Ny^zAL%^-grapp-
zFL2u_hki&XiL^(~uxj$e!>j-{BPJxS>sg^W(NsV9F70{uG?TKqW-Q6YdE^$qd6IFM
zsk6GtGM8Sl)PTeJn;LQjG4=1-;xCss%gmg^I!@-Qf)5P|0dMKE{kdt&Xguz~awsjd
zl5t9TYR38X-xVX4S0am!C31H>LdRc=&1{S$fdOB*iS^f|(b@V+zfs$ZqeQW}`Lhx;
zE+=Wnr*4mzj@qDaH_S56-`hdF(#Hy9rZTyP6pCf0sKy<q#>PdPxhE1X98Jzv0^CzG
z)3RbtCg-5%ZlRnuO-xSI%vx3|176=Pr?5M!hfnN`PA}hc+r!V>zgOl~;!0_$A0L~Z
zyW4O}x$Fh;suh_UmApf4VT5*aF;113di+h;VH>QSoE8XnVg{-?M$#fgBjXIDb%=6c
z+*+cReDa;2=@j(R^FGmhu5B!VM<>f~*WKBgPrX%SYI2Ti7LF+|<Z^UUK-oL-ay+ww
z9S-u=kmh=t&BNN*7nkL(mY<82+9oGc+y4f?gUca03!vjtq!-44RcDr*ScZloN`KFm
zMjEgZR(v@!l<hW~&*bHu%E3w`(F*XAPQ@Bv*nqsK>?)KZc@%v!*~K285h2m!B6v48
zJ(eo^<+^T$k<wyz*)oe;vX-JcId}(pYv;~wJv=r^C7G-q&rMfh8=V<bBI9^;<Z<ZA
z3AzM>#p3h%?!VsX45^5BsHPgtvzDPuXR=f6D5LD1SwyF)q-|1w?_F8$V&RPdr(TSP
zVoZP?uy4T?;cD3GP{)-y4ztlBTf(e2IB(bPRECwCAcq_}_6}G%abT}MNY6;Rq!`U6
z{~Q~pp|Zv2b+7EskP2`#H#&4fyk}W?ar1Z5ef-VExI~VXaY9j5aSLFUUog@~%;%5d
z;NXhqx|lVZt$%Q;kk{2^kr&kk@UJsWFy0;=wcO6JLkS(#M;GP;9qt;q$?cPq-EKd+
zt(>IPPNqw$^r(Sl$WSQ~1sWL|7tkXk&O$+>4qu@@*yP+JhE2Vw2%F7UkA2x_s=^95
zLVi)Q-zJrV*=G_8zCBI0d=aH(g-0fS4TdT^cRm>CD}F5ARcsZ6mD`AOZM|x>mA>L-
z*?d@U7<xJEzAScK^PiHI`3MaUvc{Iv^5C?M`2dMBhTy8B<ydG9$W}C=7idwCm^OtV
zUr5^(9U=l&Iq7xUR9qW~cV$)?ZeX<ENVf*h>YMu8JaNWs_T2A~?ff@oW{;vwMgU%L
z0LWpCi1d)*l*n|&{e6O?sA0A6bdi`lDtm3g$+Y2^tpkpjIy?ZMyNwcwOKhG~{2UVC
zW*Fmddd+Z3V7f*OBRJqL`tFxKuF&LG^c{me3xNrxy?M0555QJRQM94VY}mBBQ=&m<
zv0r*v$qXKVFoqEhz)E-|{f`&J-KP?mR2Y5%x8LNAga>d$*TDlsqUS=fDec{7(>B$l
z`;~C^`|(YF+Y1vOf$hKJ0x*Wj`6mU2-F^amL?+qyE%_#C_B|uh^M=i4xMy>tk%H3k
z?^$Z=(uZ4c_TQlZNrXr2`|H8!*!xtxlk)rJf|F&#ZfJmnVKd%Ix&8O-jsmrYrv}_%
z4BzyT;g*a|hJ)t%73MU;3bqPY_5-_{W>x+gL37lxVzB}vBhW_C31cyFisb$cz86jg
zJ9#@hwNiKMx&Vrj*N`}AWHgsz9c5)>Ml%+NSW$6t3L2V38-lo4l7jq7ZLLCee~JLC
zq{LF`1qDGAGz|hK3BkYS<{^Rwa$@dFmEaW!smuf?{+{Wj>e8_p$g1b51KR5E^{<rG
z&Y|*pb<;%O{WKn#t7O@jVTB+z9y50tTd!8AFu%O<JK$dNG_gKEEv}HXg3P<T`P;WO
zMLkR2kDV<#T&7Ol5KmLXSkFAxZFNWZzLhS1#|%=7OGt2F*hI~rHw&rhD3|8@o0p8q
zjSv$TfHqz$<bQCSSs|n{5m|PYXQiiqhkvB#h=Z6^ABig;YUIC!B-^m2oa@~QJgyad
zJep46=8=*V=I0ldXO_z>79A6d5sN8@88<}4Kyfh->CIrXXeEJ(Rg}l1E)aPALBdwn
zPLV{|Nv%y_%4=wL<r`8~HDxt>jK<6Ne3=~`Gvt(0{@$Me%2JCHD9@d0s4}bJ;7+e0
zQrhg4cx(Wr(t~aTM46GIy?ky(eK&5-3Zc`7|0#!(Q#AH%@IsDSo_K5`F*RW=e%3H|
z#oiDpDZHfMU;Q98hiT=c(2(8TV2HRrUkzmreI}9eO-ei6(eC*8_*yZexHg)LR#n;=
z4tJ8#T%nbFxJt;CDE9(TIpxh1_P0UQN2wy`WvYbW=?9jp;U(pdFX$)1l!juKC;tzm
zf_Eg8JRzr;PqFw<v6#;uf#)K@CN<_Xuk+^{ZJQAWnR=zL#xb}{+ekc~PQx?d+qJ-`
z*!Z|ytM&z^iFswM#)b$Cp3kG*-B?hQ25Rz{)%q7P=iiiMJdrY)390JJ>bZhV3(Bkp
zibKTExs&ZHt@NDmYWa2Z`GzPgXUR9Nl(~j~3FRGB9Xptb@^~K@v_E4`h0GdF%?N2E
zS_4`bw8GKkSoG>5uvj~7y8Z$m@P@IZ<x*R5D@cbi327XFplk?*U9z9f$|Xg%j4}@r
zf1NvCjB7Psltj6E&5v2nokwov7x_Hz1g(`F4lLKBi|Fg?n``T_`!uq?UMNpkxAmvA
z2JmR0^)I_sp^WLHcI|jjX?YfpI?D|#WtCfY5m8#aO_koNWms+DBIOJS64la*Dft}B
zFV>8)pQu%WLThrkSgSxaG|9Ro1<tQ^{%-AS6Xuy%C_kcra4~Mm?Ljv&?<tnZO)7D0
zA|m<3Mpepg6^DP&V4lLwTQO*QTHP$8sG+FAe|VhlrFO9qql|2XZquR>o2>_mr`Ja&
zmdg*NCLoaytGPd2pp>IXAC04qQC0}2rnESkly6A03qF#n^9Ok4tP!_PIh#zPEH%$^
zy6IEc)Ne`QRfTDvYr;0P)dr(0FHUEWloKf5%T5W%NS1eN^$Q{28QyB%r+u!OwTiYI
zy+*X6V^tD9wP*>+IFWuC^;lnYhy;__{cUFRL?h2#fqg=?I{^&<-Nid?R>oN>*#mR(
zRKej%9s{p@R>disw~J!;u8ag<sFA}-+ZRb@BaccI!tp3G@MVuw8A>@#j^ki;sdUa_
zr%@g{IDPhK=Prw+E#51;Xj}N6n457l6G%Go{3j&D;$`mj%VkQkAODbtdni;w$Tzvt
zJM{>Kvj0xM<C%9pn07$y(a_nbgxb<7F8XVtSF-K$R7b!lsz3{gomLz!gK`~bHQEhJ
z#<8<X;>1&@tN6}KK>6tHV~ArbD|zANbH8NrsfaV<N+t=it)#ERP9o?DRqyoC^XM&1
z+SWOG4p<24v43_jtPD|#eAj!9N76~Z;l<{#D})On^E>(1=I}=%O6tl@eV(SrS`DRn
z?xWrP__2uOk_Zo)*K$3bvDG;HoCp1yzPY4^0qMY|Vd;szR??Z|oByFU;ZW`Xj@P>;
z@u2Vt7Gu5u1_Di^Lp(iw*s27*5vUPyfpDU#opVUd0K0yWqZv#R5{`HnmDUxT$;j!e
zwZ@6@$zoXt6>Jjq5gBv*>!krlyjV`|X1Y@A)cK`3?IkX8d_ieBK;=Yv&Ojh4$^%Z>
zXb~WxJXQNx+j!Lac<a`TozL`Wc`B<uUsoqio1q@jaj$*nKGF7Up|-D7<<>#n;qj2U
z>7jOY(NSgu$;GAM&YD?9mJ-n+<1e1RCmF*v<fQa*7ONw5!kFI?e#KbUu^%8oe-Oew
z;6*A|__VRy6nYln#X2Z+!P?<dN)h&omtPO#no|2&3rN}kcc7ufU^9xQ88dPKi@@2>
zbp@x!s@Jzw8T~VsB$wIYIdM=GDDg0j(kBf2Mql%G4I58Qn2E82ce97`<Uh7cIa=xZ
zIEoZMN2pNg{&`wa8=eX{rB^Z+7Kzfvq*=G?a&$~+EyL83QDc9-Zzx!@MrWiu3CSlN
zgvIFco*$RBnpDbBAHg!}*uOwhmR9A^+k^G8QLPX^fDKXt0OTawO>@2b#44?G4JA3b
z$lc{9_aR2NM~aG700ZCm8<I%S+fW7@@tcT5thW*dSM#Tm4)VOh$bccTDajAFRiU|i
zv)6f(LfA}YmWuGB_7-yJ%M|CCc{$dGcjfi-bZsAr$%@wsKbsDQicz<MJDj4fi*#HG
zH}lD50Qm~7VbvIS<{Wd8i*#2y0wB-6aKG99@BsOUYDz7oj{9gMeKh^G<?fK1`Dvl0
zf+nmiiL!@z)G5s((xT+dNG0J+u##A1s)K};{HbuA!yfIRa@>p5MdtGFdX<CEc-Syj
zbW$=a*HumX#f#P*c-EPkxBaKri_r_-{u?wHay}}j&a~sx9|x{BkHrn1Ob=YBDM1|Z
zqm=%NEOPru+bK>3{<^*ugOWQ{h=V(TNo3<np1=v`=f>D1GT=MMOgedv9nDb>4K<q2
zh6A00+18BGxTpDdaN6N`<<($$Ka@z)AiBm{`%;C9<d(I>+x|%7%#guA$_wpzgivV&
z#F9Glndx1uC&iJ1n#$-|qawG>onn*rI;<Xxb3eQO>*%IwU9JS-QD<p-%8p1nb6piD
zW0Fhq1djZb&iFQUS8`7s{~ZfsV}Vtr@`q@din9hL<-R463G1%h!~!4S%l|NW+Hzo=
zgfL+Vm&=&i&4ncJJK@X>@{#P6%zX;VY1~VFA2wzx;hIU0!{pzb6{V3Zl+1_0rU@5L
zoLLj)EAz?|pXWgGNn8v5vk>+==X)xH0oCt5_7?gp^Q6t{q~>tE^w%g=%V6=Ug(2+f
z<Y^6Gr<_bNahA*8UJmt|d*$AS{A*!HtFp{gxe1O6({~;Dj@88~M#|;DYUhll^73o(
z?>yA<ISpoXPxvXK9XYikVpCHyySmGD_*bPjb9H{Sd)PTKgkGqjmRX!9OWba=hne7Q
zQ5WPLI@BLqdN6P&8^KE8MyT~he&_W2R;Mf@?&VZ*{QirHopJN-(>cQp#PyZM2`69G
z#S7&E0Fj7@3<=i?3)(KroW<s^;$o%i_p!1s2f&&_ZGBbtS79;pLwlI|(Ntaf1x^FU
zv8?wAPlLs=tRZd?!ADkt&f|NRg^M@wzDbKku#;woQ}3u8GriY=w?IP5?Z|@00j|Ji
zL@Ge9VBO1qbHx7Ogi>bgL;Sczo%&Qjs8P(F|H5qlvcTLiVKrrVLjr}`xR&u4XOmC1
z5V_b(z^0`x`stMF3AuLCAcw$Wm_7bFZZm@QF|G}H@a2>o)Lw+pg|Sqzl(g)?T6jZA
znmqbW^cg3BYi1P-ZY(2e6%w)mJh%8m#($MuPUX^l^4!n57+b4~sxqcgdQKowyMwu0
z=_xu8$wuC5%qt<<E8vyOqWptEA7^i!huM*oY87?Q>W*m-;SOeIfKx&+ZDUa6aAKEY
zvmgDfK{c2WvtB|stR}5VBp{?L+bz&e)D+w27fIw*nh6G87|ky6o=MHZb4nwJX`5eT
zkeP?71PYqDnSSjda@XvvkPfv#zp29jXnlKN;)rol4WH?~hoGP=YicW+{5NJwzX<2q
zrPI*+WV*axKf=9v=01PF%68#Bn8<d~K7dcV@Vs71*ig<q{R!SZ6*@mN?i?ax+_G2?
z@yeSB3MU;863TrEM%Vuohhf2EKAqs}q$sGz%=f~#6fF}_*GdC-b)dJQGJS*KS_<K$
z>g00-efgr*r2N_f&J#A|M@7a2+M!PsL>Tvbss4d_OWij7EclLa`PXBI+f_CkmH7G>
zRbWsKa$>i<D@bC`n!c|qxcUnmH?^Z4gccJ2=bd6}BDM8mV;Ecc1j`iiQmPG_@}1T;
zV!`3tK-C0%x8JS`LRq*BfpVXNETOQ7CzyvW?L0rud>{8SHfA^c+raVgrLdIY^fOVd
znks=t^Cyru6L-xv^cYHd6;dCSSo#qLbK*bttoK8>TOI};T?&<!lZ+}6(RKK_pIyFR
zt;!cWN8^Z}W}Q%2<0=5LvSuUnVv)4vld^o@ow}WhM3vQc5N*+?N2dJ^<5S|8B@W%H
z&cQo|(aDOohXlc-ORB#F+nQ(#hvE!#V8HMa>s$IgS?IH*#*2{dP7GClVmL!%G$zBO
z@dX-1>&1;!ljpQE2&bB0j!ks2qQ+pU#9&3mVU-+C3_>3Y=(D{Tv9My2PKXR#P&8o{
zH|X3S)5(8^xAPF%5Z@{j&?2~X@o59y#>ON?wp+xwpj6lhEE)`#9{;ug{pgbTV(bUK
zf2Hp5mZ&;AcEaiC6t1e8vB2(t%T+<^(B`WmJa&TUfa?zhzE2mM;y8YQa@Xu53uk<s
zwWqb=*%{I4C%*3p=xmyPB6!snj36*aCWqe`fDjY9W0Dj7B0TY7|IjHi!U8fRGMAaL
z4!eP~A0#lLN2L;86s5YJeIq=ijmWCmjeoJo1C>A==i95tyeNuxgc95OeS$@#6&#N*
zI>I+<n;$M9?n4BV`^0r$FCs{n*1`KZ^lJk>GhIK?p3#Mq8h2myCwz~-E4sKIBvpWj
zE`}mzg+BPXzm_a$7C-ZOAm%g7W4Cs3(8pj`KM+JW-}BE-e}O@3JM_qIu{>o@8*JpF
zYz*~na8qXI5Fd=R{-|rDcbG5GqKLj;-Am+bjGzT7*R&nht)2%wwj#_RLi6xFgsdLi
zW#|T3@P}%6?jW%1KJVvM(+D;wJ~l9^Ygp_cn;j5OaMB$QHqc{4J4_e@g?*tx>$3>q
zGG<WYZpr2aHq(wU2MWVmZs^(wsYUF)YA2fgUe3)81MH?v=qHDZ0Pq}t7kG!kr|;eK
zia$fSCYs9Hc~_aFbo-=QD$`}=1fQDwQqSz_eX!89*?z^TZ1Tf<>;r<}&AXvJQ@Liw
z4)~2NFhueU7THIhx3~(^-!Cp%-rxU9`<rAjYkJ4znU*emgGCR!-fWO0ZG_Fb4lBrt
z)?OHGO=3S%j0$aIq0|(0EFw=+DfVcAAeIB5LbYwpqV|>ZqCl@|%4vo0U4r4yI81a3
z5CbExG1&0<j}(mGjKKdi%5sPnHpH4$7^+jIEQ<e6RSpSbj(@N|nx5KFQev&utW!ZS
zb*|gY(@dJRlgQ$yq12yp$Y^GuS`ywxkm1xHYDmBTmyuwFpGYIv5LyoA*T9b$3w(2+
zT-4v{)Pkh}qM*Uze@sEH-6^$g2F@y6J5Z{cb{9z6SN%mau1%qFt$M<M+LwLNfL-bT
zpaGlrzXqV_L@K<+dW7@TT2IlbgpG~2sr7Ih9K?Mlv_*5Nx{3<gHu<-uHMb#tRU+4^
z%IvBAKT8ZlB69<eg}Kk51@m4*>W%t@D_6hk#?-%&s3O?GvaFj^llE7PD(}HEJgGWW
z2N8PVGmJcN^t^}g8DQfgbX{YeUQEqi%=IYdW_XM0$yThX|5VuS8R0&{1$g$VQ|+3v
zZj>in%Z%G!)M)qqA(a0V!aWR9@5K?<#gWf&BpwSR&K4c1OO?2{g?(@47N6jC9>L2i
z(x)dRVm~sB{mv}UDw3_IxGV3)IoHM6e-VU$sj=&qt&|xaW8tlcE4=O}8-$LD{U;Cy
zSjJb}y?VDQQI(rl-_@WJr(`FWmh^%M?A6Qs3k}YP+3z@<ni*#(D-BZ@ERTYNL3i`Y
zY-28Fo;+ik25u#_+uYL=+IF4X#j33`PgnH_x+XaxnY{#5kCn8MS7!5$FKrx+Wzc?%
zt-4xIT5NSRyAo%t=HF<yIX^DJSY35XnicPLl}h!LN^>q$>OaKSdMn)mYoJ<W@N?uY
z>XgI&9!l+s-@RQEzpV@Gx}3AL)nOe^Sl4yESX4&kYREb=;~}Ypa?IPXexNA#)>T7&
zj}+IO?>L`8U;b#>*o)m^)u`IONjoU6DB6Bb*X-p%tlLt{y_agAa0}qq_?7`y)i@IS
zSAt$JS-iyOx=r?2Wsi8_E(FdPun0=mB{RQP{5G&&Ri}q;TV`}urjl_X{B-Fw;rb%L
z&LEn7&nWfsZxS9T(EA>o=n`F!BEZtDnO0tTb%KMur}4nLjd;6QUK?hrBD}2xbjgUi
z=|uf^Y<av;`o^k9o<{?%SS;)G(k`$vaadE&k#>~xdc4za5~>l0y!!2Q)>xrxJhGCt
z`j_~0oDrHJIogg!4tZ=lB_vU63`Maq5Jdv}WAN?%gDR1c=wMbdXJ2WKAu*<^J~+#e
zm{?OEUSLE;ZD96K6I}MeZ}o3ve>EQr+m6MYGua%q9n#PX3hJ8xJG1B>8K19*XV{c}
zT*2G3mUiAb-+Gg}dE(2|4)3X*o(V_BWUERWgN=;;PQf5z^fNS$9*2od;bUMF{Xa8i
zKcc=ZQV*gT9&y(?;H|Voov({HUlMY_$7DDen&7Oci8wEQtE<v`99C$GJw<~qh8D~#
z>NqtM&n)^Jo*;OAq_U74x}@g}r^AQrwJnjBaIq77wE$B!15Xn*6Hf~_oW(w@YZA-D
z7n(_>KiIXMk>&8}olKpCcYcQ6(c|#3FMMae_B769MgQnUL-a+k3k%@n>EZoDc7FXs
z@P|#8hfIs>HhFcB09$6BW5o~*6u#l1zw-!&|7$7>nin-)XC1Zw+jr}t85cmA)PY9V
zq^iKQckd{t?NC)c?8}DO`pBRdLVUt<(~U_cA|-FIPElBImRt5dz0Z@}qtA&kD29d$
z^tEs+Hb-ixTlf`*i)i1n%G<dQ-lN-$9oYRZZ$J-36G)|3v>B>0P>v3>@~?#+j3&6j
z4r?^Xo-U^*{0JS8^`8(rNRmF}W`x3Cre;WQ=qF4b)2E&fSs3^~Xt@4}t`MkweX>wS
z*JR~?y1EUn**Jk@eBVE&yL!c4QI&hlUEwl=y83vwv#x)}_hITX&n@;!Tr;%)tm?I>
zhSLsuxCU#7EazN(y9V-v(9pyB*JD&PGc0Omn9sx@kBM=jE&SRsj;(wcYLNoimw~E`
zST=qCb;HsQoVKmy3eVyPpUg_I83eyAung5E=qQNdNs&wF0U=^YJBcP>6YM9ktwONs
z>q8~upgn<sr+N)USUGcx`7~VfJ1Az+^u^zSIJ>AI(czyyV*2BonM?E;?Y2bT4259*
zgZ>`4#Xp+(jr+>ygZ?9_hj*tM&bP-F5bdCBKPf(`HUc<9&x}z~z73sOHYIkkr2hr2
zl}+jB2ffXI49AsCs#^z}X0>eDXN<+NR=wg({*LLmQ~mI_^B4R_HV@37u^$_j$HoGz
zSgkAndQ|Y2o_h}ef(jGnwaz&6c%cEmm}r20?Y|ni2Dtq5bK}mxP+kUGbL&bn0WZe;
z;c3>F)M(@Cjoo>$0r@=n+%xG~7q!PJ$95i$@^;nInQ(U@oTskg8-D%!yEJT`_(<{5
z!kmrkD=g)twKDdLLZ8;@34SIn)RGqeMpp<#Chp<MPGeS0i0B-V0o>NLO?B2K?q|sU
zlYVdr#)KoWrWI3)cb{8q%^K6nvR*4fA%@4v4YctW;rOQr_7o-uc9~uhg5!7hlZ9=|
z0ps@Lszx)<fjia1^Mr%l1~+yc`d25+7Cn-e&=XXrPYwdJ=eSLcRjN?!TzA7WLCdmr
z@Ojmdi;5mDB@r_S-9`YzLcpzU?WX>wVGlzUa;h(E5PyhW72c*7%yozjSqUtv7wQ?B
z6D+C^>6%D~BF6O)T{~uT`7i6f^?UX+bFB)#N5YBo@E=W8{rNnRj`vaiPm2Aj{|Rrd
z+p`#*sCW1MCBm-FniLmqS3GWCoIwi5QjsF}e+T-=Vz-b~v<=MQRJ4!OkX7<rXDF_+
z>3krmeHrDTTpM`fJkj>JVN2wYAjFj++87T60{771O#U{odJEov#qU{df(zpR77PHx
zx@H5xGj0C`<DC8jj(N=sjBENEseRYIeY+o8T3;>%ExkW)mMLVJieA2&8}y9y`r#Hr
zhj#3y7rEUQLA&`Ut)@R(WjFMJ>kgm3l2|!Kh!Sy4X+IXZD<P;&{&oa%dyFru{Pp)w
zS+<-19tcBiiuU}6_7zlnb-ZK@E*Mogkj@hIH|EUKE&Ev4t|h3wO9sHvbiY8`y<paw
z^xjx3w*oKLsyk5EENcE0GdZX@=Kl^Dq${2U(s4Xtigyw&?qAX{%o~>2M*X;l7pMx6
zH<@NM&A+FLp}+R6C>_R>hk^z@BCQ5J<gTzp^0@!N>rq<zU0fr0{&ST7lTi&_x~)(g
zxFHMtFRnlQ+qQ%051#WN;9qo+gP*AKKfD&utYl9%$Dg@-|0%v(fqP9m=H4sgp2vPq
zJA})6*nCgMjyA&ot=Od-TMlZXyty8_;2DZR?H~y>kORHKa{Z#7VH0DLMvRD?uPC_8
zzb1=u5HfVF3?_=o#AhcBnG~Zc@9u^AZ^bXdn%wkeMZ_d=g~n$8WyRbNhVMCWD?Z4S
zqcyoEuH{cKQ4bH#+n~G3V(Szk8pL*GMAiwaN|8zj|E-`Y?>{gpcLky39tc(ceynK9
zdq5+A@?bT%GPc|Z*P1QNY$qSeoLH{I@L(~RGCp6Cgd1m+PCFEUT=Lm{Z+<U<k%>wZ
zAGVAzpuF4n%u6WaDjXo_y{Bt<wx{R9Z%xi*@Mhq$dPi>fkA9*nGz%}NrGL{7&N9eV
zuSYe8XZ64{WXB;ExYQG7#PL(W3H=_{T-+eJUD=40r!Iv*sNo5J^HwnnN+0lc0HR%t
z8T}Ct7PzF5aK?$8Dv;0LqU62gsaz5aJVB{Ia$7>l05e;pcU1Xp<7BulKMh^5asRD8
zs%8{xzqK8>W~9#_E_@XEHHZLw9ERUWwYn_hK#r08M`VtX?!Uyh@p+$$|JOe&S-OCC
zj79yS|1cce^nexriMakZ!)qh@TJR%hd(-kW4DBT&R}X7J2q&A^yN04Q6C@UMClNoj
z;Bo#5cM2<i(Ez?WwjwoDaD0^Li=@yw_R-!8XgXRifwLh)<<rcq_oMW{^$*vaemd0v
z&vJh5{0s(aQgb8WKV)FR`rjB1z`SipG<^*z%t9F%3f(slx~(C2QH}8|7v;`9Cmj9%
z11Z6l5HePT1Crcz!T7Xbdn7q)g3+PiTl!qja56l?|4cPddZ;OVRaNpTFXdKN!YeC{
zQd$@)Jtc&GH~gDLbsY!lUE3{#`aJTJM{S$*zh>+jCh-*s-bNsB4Ry642xYKm7OadM
z#v!#I3R$-!Al<Ve{j5Uj_%Q>WjH_1}P53l5xD~R^N8lO_@yTlAf~#ZXcI5Rw3BZTk
z;r5l-P;aO-)o{7URkC<eZi^snXizAd1H~!wa;>JRP?RvDidVLy6<AO%Vw?p%)ea{E
z1Ihb~4kreO9s3I+eI1e&q!+(@>5dyCUByIu3U5kh3NLHPYw@kM^6JXv!+VP|aGBb7
zgP>U%MB;XzS<Vt^fJN>cae(IE0%bs3?)?8N3KZkz<-~=^QU2c)8o5)%f`11VIdi0f
z{}fmXH!8F_K(q$<+C62S3u?KFs0Fvf*6oz+s>p$YdfyPrruvEU#Vxs^cM7NAlHA%i
zk5g!!(rR>?SfcTNs<8LXV-!x(IR%z5N@nPt!YG)qmDZfGp3%3A)7~ehBw)0iGR_EE
zP^xL1beRv~NN2n37A1$adCq>;EPjr%8>x#GCK&z`Dg<qaXID+1-v0))YCa>c5{o*u
zpRo@~<z0p!#Ap9S(+AId@OQjyEp3cf$hm}}4#6AZO44xWe=toqWp#esUliH!c)gvh
z$!vMQK92pzwf;97{@+auhYK-tk6L=R`$sEy$YqM<@@*d7mzM=z;&1VT<Pi#(MNHCW
z>9cGFcH(>g6+;Pg;bOA7fqBILfr1&K@a8<+?ZsfLQ}7mXUajMLf!p#LEu)3?7;?>x
zuu0ncCg_?4afP(wMbIAQ(w34X_h$6646L?EIR>9}0DhKsb-qnLQ<9P;D01fBx5?!f
z%JJ!QK8<jsV&^U)f~&O1hHS*OdN4y%wt@B00YIIo5e;I%8AZu5WzIYAoWGQ)pfH&P
z5Bqe#lNR!ky$8Q&pP!WY7u0+Ah$<sjl$mM?ol&T(%(R9sD%Dr!I-&g6Oalc}G)8vh
zVG?SZqr38`Nwv+26bj}?`Oeb+7Yr!qy<CaPz>F5M%Q54X{A$f*m0?Fq`P7)n{%gh_
z1TPl_`hqK4N7X~XQM}O3!?;DelR-0a9n-srahrAv;d;^vih8Y`Xl;w^cqHt{N}nzJ
z<lQP-FP_M!#)rSD=3|+h=QgPeFu`NK$Cp}R=U@x#tzB5(<TxUgl2y{kE^EutL3(YR
zp>cu*mbiTbEqj0QMGAwnev=$Q(T)22PO<D{CJu}7R8I>VkL8#)dg4$Qyub|}zr;Hl
z=h=-z<x~*!4YcXCXN-k`=-z;;FKhcErt=_W%n-#DT6-g=1=p2elm}4`wvF8v4p~sd
zjWmphRnifDyaNCmm*p_BJBDrW&cLpHh;%!?n$yMFbjk|^ZRe~RbF16sT5J8!OAc`p
zQ$FBslsPD)C84toOzRl>V#b8LH6j;yUQ=jdVt!q6A_IJWT*2W5h&f5Y0f54)K%b*8
z)Kh`HF5Xiyzb4&r@r{;;c&zMo`%&tm^&ba`3N$h;oCje4gSEGSiX+?GekUP7f)m_B
zaCf)h!QCymyL)hV5AM>qJHcHVhv4q+)?X(xbIzRe&b;@2>)y4V_3Nje{qOGGO?9z%
zbypR6QsENokYz3y@Um7++pG#;T>LEj?RTH3V97Hxt6<4BQ?FpblV7i3#s!86R{$71
z0rm1GRA7*2%L-)s3%m<>4`Z1>VFzQGJMmip>mOBI0kL~|BTHw`Blg++q;xqW9dbr|
z!u1B6h7J_pV)tRAh7YU_1G`QQuM4+k4;L&{W6Rzl4xJ4fx}?JK(Qwg@4C9A)bMw+Z
z@ZW6N)P?iWxQpC*+>Fo*?_?64;ty!!o(yPXmjiuHoN2XBH8t;fI>>6~f>cDkBy>wt
z6gQL@Q?Er<K9Z(}FPYcUh)6^vVv~&G?>cxkAG$U&Hcxmp4>atSID{RAi9DK^s_N1h
z9<q0)t1oZEJF9Ke9xmlCYb}mChPTwVNbqtFuqEB^h^%_7G$34;q4nt;rdB){b+Wa1
z)U2gKuHx>d0z7KE2Oq^YnGcY|X0}OGNiSEn3X;0DV{{J<<~g15wo}y>YNT&U<2Vit
z#yC@Iq-RUxSPaz^5?Ktfn5gvw4M!@&)yNbA4TmZv)yS$3h3eA)Pb*q|T8MUYZd64E
zPnzc5K#!MDL&h8N!<Hd!t-TEI)C8>zYa2wY4g84pzM*y-%4CWA-6Q|LiLHd4ksmqH
z&g0U^jf|x>6=*<5k#EOw&ht9UywBmt#@Mz6)|Lfb_>@QI$4ZLi3hR8Ql|yy#c)IN^
zZR9QLj1bur8d2;PIme`nRzvuaL^i~cx$`0G+ec#T9P!nKZpX}N_--bvscrNnquLwy
z`MQ?_G8&W}S{K)#C(|U)MX7z7_!YfOCk1!dy5VWsABD@PDPq^5lr_bSsgyOxGgd>V
z*-!Xjcr0ii*Q>M$e~Ef~l)WS=H!skZa-LYkx`NNzD>%P?US7nif~Gw-6C~9nXhU8~
z;f%WiYd)BM<Q6&};mk90DHBw%WT@+PV(0N{_3}w%1W`lCxc>PE&7`}XaHdX}w1d89
zGC@R4ow=a}_*>2xN%kZ?0_^*WgjMF$-CW71*XX)R@xYoFCIz+-;8#reJCTTo*~0eg
zVrx$j5d`!e{ih)DbnMETS9QfQmIn$+57YU)j>R%sKP`g6)>qD{!m+DjCQqf)@@BS?
z;%@<uHhlQs{aoH625}fMYmxGhhpog4PZ<KQMuzRI3DE~TdU0ppQ^Q{xOx;KV<}R}p
z(3evvinIV#P{O6c#*JK4+lzkJ^Ix?s1Sp!-XL(Y^xKH{&HImgVu=FO<bJU>u;ahj#
z*t9jz<q$dSy~Qi}u5_>(JA!|D+}nO;XVhW-7Jh-!AX?ZlISp@H9VH`r;ntwv1viLF
zF-nQ?38wDCs_x?Ch;Tir`Wa^71^#!nxhdc5ogE&vwB6$4VrV7stX#iI!?db}{i(5x
zjeD20gU7;kPkis+3WGWn?5&mUy(vl*gdIzYr0W!T3txD@J!j4F`6C9kR1?^?{e}^k
zvJlm*?H|@%<}}4tO>lW9pV`F7?XcD`t6f`j5~CtI49J~1+?_cjGoKCMs3Y4TP77C{
z=N&0_ryjxbq-e+9>A4h8;3gP9G@<*Vn`|{_nPfU;xag3=%A<YoY^WNEX2Ngo;L!Ts
zwe;eiMVm^mY&U)HqRkQfSvZF82xrSi6iY_C4bnL*VA?FpK-9yj528Anq;i-~sdg!$
z&KOD>nKU%+Yw6ZH$3MDmLNZ$DWZPj}Pimqr>DF?(MDrLfUE*J#YqHhm!VGdbmJQBc
zrk}A&He-_<#oNB@zdNd8A9FwLJ=f-YrI*Y_!Cds4%H9T((pT%E-`IAfFTr~hy*z#^
z+=NRDsj*=l>vUx&Am|C|+FA-amy4oP7N+g&=YDy^8zQqlwVttLtjQNP?h3jrPYU2t
z`u0=yI#*8;C+CJ9y_+4~Xm{?KA@8(7l;vG>+#t8THD*rsh{z?r##Od9C;0XNb6dO@
zpmE3M^XZ0rU*=xjVVhHKzl364zOGw22PY@lEJxK?h~tUn{2XQfw5Cs=xn>x%I{0JZ
zx^mn+<~f_%@I2D#u=RfYk>Ts8uAM`*xLvCFMb1!_X^$A)j9+3v8?@#qGuj##<@aHy
zTUaOOpqKXUu?%bD+xa#rr(^7vYec6*yB5d9<wc7I)*r<+M}6i;?Yl?S?#I=nEk}l2
zhdRflt?8G6c$aB-_7!+jE^Dj!k_7kgBjz)WkVZGHR!tu_sjUNtXPSl0mOs`kWq$;T
z30tYe{209<akR=UzxQ8hG41Ity=Vk)oQjp00hU~4Iayw1RlYCIngFHJ9ZmPLoRPL0
zyNWim3GBMuA}7>Qn@lWauP}$0lg5uPx6ymiGQULSFhF)R6>+mKf@c@d);yrSY*Im6
zse&;NfOQx^vyD4#3uypiFFJ-eY2_^QE*EK(Ptd6BVIFgew0JguZt&>h)iTgQJNC&*
zqZ>L+*R-I+_(2uqY**cO;Z&HWMI@Ru1kAT{C~jT4U&TGC%g_mOPCL2vc!64N13G%S
z2zb#<FsSSa9orceYc6nXIC+-<YWFB<>^5maPZMzH6q@}e-5nFqDNpk+v^ne|ttLuv
zYKP+3M7h5#JaSb@U@Z2_32$iOsTV&%B~XoBNO34cGr4joBr+Lt#HlP_mbhy>jt^%t
zZOP=A?J6C&a+@jVrz-6mDK)FnvH(Ve(V7I&#==IlXKIA6OVcKALdUd$`$*{sa{IC@
z8j7RnN;SeW7IG{aLRo_O7IG9Civ8$Ar%La*6gyfEl2o2K6+4V(D%7?QW$!~Nb>tGL
zO6**fXevs!mFikcW=l(00A`~l>T)c@03+9#QZ*KH<=%@D)ga15j6pWVJY}?EC81TM
zQ8vYVC#7PoZBrFPb)^(#w0tFDQzbcd;W}YO4WT+=7E=|D-xn0amE}AIg>Fl*X-b5{
z%z!!SwMFQ^+fsRE0IF-k#|rr^rBI`vx3!^eVKBfFf!Y$JGD;zUy$1!SDzV)(e&|>O
zkwTLVV41D|Bvt?RdLV?tNmXsho9=`z^fAn7_G=?Xk7s%EIND{CldRcXo*tvHWWhW`
zaie6FpnQv7q!vSec`^~H!cpjS`RC(M4yRt+1)YKgP4&@)XG6Eqd=(#U$d)Y08s8DR
zsXbxrw$Hg3ri#(ehTx*9FbB675qm>-${)J}SJf;XCJ_<fD+9L7!DydZw3t;Bag#b<
zOH<)ol+F!_D=TxJUHTfa5LHzhQJJ&05Y~WURD;6^1~y|ZAroba++eu45t9L{ppgP&
zYU~1YYHze!d|IfRVm%%aLdn$U^aN~)?r9Sm5gbPKFra#PeK**fGb|$H)=hlO7dD&5
ztNk3&+C7jia>8s!MkAklO8<b6>x|ttwMQees(Uq7q@Dg$matpaJUSpKvXpnjQZ#m4
zV$Tn6fmuAp0zH<Z#k;Ue?b=kcrM3Xbu@{LyypRTRErYHtoVO!^<l~fp!*h$8M>=QF
zs9d06$rIaw{rv?(3d^U%WnEc#eEGS+={iL%iJ3aZWo-GH!0DptWlp7Yyyk8zcRqmA
z1Q};9_yR}@=hYg^<~}kOc{{9TR+ocy@znBFpL=r{C_z>h8II2(IT{q|c_uMA37PLv
zDVk<*(US#}I2=+0F_ftIc;-cBEEShUfMux5;y_E(Wur*gB6a3*$ejh@<+ABz)*Rue
zI-^n+6g=Gwu2IX0C3$-Z#I5NprK{A{tb6!x<5~A`--fd|j+leecVvr?i_aA{3;U!Z
zQnBqPToRhoBa14NVTQ>oCACiElH9{rrSFwQu$6<{OWQAgAX9-zo2f=C7N1I}KpFg&
z2Xd)y<dq|PVG-@~dto#A_>RS*S_g7TZqr~})IXF|%+I6TE=jY`klJe|7NtI!n|M`3
z!ZSAXkeXt_8W&q<#pI_3{o?Muou+xO5=3<!i(tGZo!;K>*yhEAgk8)Mr9Liuh-I#7
zpyMEWBv)l^Ul^h29&Z+<uCnQ~DsPT9V-;EH7aJviAs2I8u#<Zu9@I8T*tI-6XVT%I
zs^7rkq@mwH?riUbm!<`cF~@&yO#TAbn^_gbDb%Jh-BJvKyUwh-5kYpDUc@PD0Vl#6
zDSOM)bg~^bYh*+%B3_K|170DMC!c@CLQG!%tqyjYHhKFi7J_Wkr|s7Xu!^+5OaQD1
zc9xA#Gvon!kw%skf8?=jlylISIJ&S>#<NJfk{7;>*Iq=Vv+`osoW+(o>p@O;^Ijz_
zr>3h4wB@*$7F_#a5V7=u#$7ac>ZF@)oqW2Q^H_KJpy3i5(fW+OY^B<OGkY9(e@pZ9
zh@NhxT8OiwM#-0Cv8%y)z}ekAW>bDaH*7Y#M#AK>4?g*ESxej26y5!ngj_<CMI<fe
zz4ysTmuDjZ;u=4<f6(!@s?^9}R@K2cJAe~2$kl^gI0`&FqdeNidAJMYZO@jurBpLy
z%cTD>tjraXklr&St!GG9RUN0gAXa)rtnBoj3LI0&oxfgg{X{@FAsS;Pev~i7Msjli
z@{FG!hPXQa&6E2R0m+TLUd764;qC4Iy=VO1>?QQoGOuTY%<A!!{iDb%*XKC)(uTx{
zSw;(*?%C?|@8cb8Q65GLSF|gx9YqPkWz=Td5Xc%7df+uq-4IyvwAHBPFqET!o<1ZK
zI-DbqA2J|5$Ff)QRNnpB2$zC%S#R?A#qWe~@5OIrpH&3d7IvcLaLRv+?{J!v?AQXz
zdPHpg1ME&Xxf|e}cT6T}{F`thEXp+`kLxCitvK#Ea!qEqXb~mT-da1U%BuHlBN2>x
z{0^u*&HF&XAbf`94+S_q4t_2-!NyT7jzFU}RV$=a{HlHAFnrrR<RCDzy%C??_f`cT
z;cHK`JrR%HO;%CTt>X#RYDYf{ieNKNM#lt(GaKX)62W5?KdmZqj9(%~6|I_I5iXx@
zHm_nSS1nR1D*)!g14m4P&Dy+k)#-LscW{T(^ua#`w+>p9#eD22c8$M{x?FTWkE|wh
z_kbDaUAe|H48yMwCM&W~61;f;Np0&N2NKGipl(Ya?pJ5ff{{p5?J>aJGEyVqgqX66
ze!29qJ4mQ`%A;Z6VhFcoq-q!p+b~Ij*!=_!rxg99J?Bu5!h6RQog@y&h$r{#^9A#q
zb0870p_>Q@p0G<II1BN?@CAE?|6qXR>vTJ{{6tqD(4VWdzGA|5^M&pvz#SkRfl$E-
zf7<<c{wgh!$%b^SYk?hlcY`}E3UNd5j-J;S)`pNbG|YwpJW8~o;Ej}7i@QVRjTm36
zxx?j+8n)qR|4O$Z(a6i0b1-veH<NQFFk^1gqetC2Sy^d@weksN1r8QK0Lxe8h1(%q
zvpZb%dRD!SfN+WHpz>^>sN2@S;jSpxhIu98b`6tw9XfYtWi@1Z9hzl#L%)%OTizbl
zs@JlSXi3hVtibhj4!F(&=<Zr1=WM;Pn6tOBa>>5o*7OhK0m1c@Dvy{|Al}ZtAY4wI
z-v7o*)GO=K>IB_W!s;)2P}0@r*tB=n>_?BjX+w|DnavJ&+J#(Mz-eAm^Dl6r_pe7*
zR-Q;drS^L}crH8Em}6^W(s<>X@;;dB>RurN377VN-E*D&^`<SQbT@cltr<9c4(Wlc
z)0K3N_JmjdoAG;3_*DdZgA?2oE@NVQ>q#~5;8a`itBC4SsJ^FIc#6015@+R8;vp(6
zdVw_BNV-Ei>1<2>*E}uier5B{(nWlFH(VV<Ieal#YEN+Ex~$xf+})eZDX7rQtUL6Z
zEjuQ2Q8xeRJ9cE_4eGQAdz<ocoudbaIhiJP`_Wr^<hf0#CET5XG!91N$dQywos`R|
zv(#_J$><p+?&UdB%v7~Px9eWqU!l*DyrR7Oz1Jv4gi%&{G)w{&%(mjOIr2rMi(?eb
zYQYm40qEJF!WsYHRbavuSP5Zx)Kg9`lb&2CJ)%IiQ;c$1B9WcH7*fy4&j(eBMN$8S
z3aSeJ2ZR66?G2H?>&=g;x}<=_MY>IK$?r-;Al~NU8|*pjbuQjZElq-*nU$k^yhap-
zbEYNuhv~^eCszDkeHYx0-cyfLnet0bjK=oJkFz-_T6@l*R~8~L<_&Y-%*xtk7mu4<
zZ<eMU<xHwicZvgMfb2@%nu>nv)7cl!o`(!j40h~qOTHLj44#YGdBoyo68Cq|^;aZp
z&JCTLZ{O9~wO)90V$+P14PAy@c;s+rl8=*#@P+k>IO}4+Kss;kCP!l3f&V@geQIB?
z*L9ISRfP!9fi1!gCBf2Yz~YabN<xJqtvN-~$TJi<oWhEQ!3Xh_l*-RkJ72#kO_$~v
zp|JqGg2>K@U*H)l#i5i3zf)qVl0X1nzVi7VD0%mBkM!%DF=uqvjI9|9>oYZf-r=5;
zI9s5nxNNe~*kSY_;bgY=Y^1XnOpduHQ+&zqoa^4LQ3*<I{5o!2VcSN*Y^ZUy*^t{^
zO_hsM4Y+HlFXC<CJsPxHyLZc-s>ab`6DAlSEq?|Q&aeq@mi(~}THYc5u`R%Jp_Wvn
zA}v8f0chk_&HUU$SeuQ9NB)InHY>O;D_=76<5Xc0Q=CW}RqeoC&`eTDu9HyiOrn_C
zFmausUW8^z3?0iw{tgd2RN<!PY5J}kp@ZzTf!=67{wgkMF<#tsq?lPhaoy&lS^w=!
zq&ZmTUg#0!O|VlQ+O1|ifP&cb!VTtD#M6FJQKuh@El0XPWg&ii44hx2h*qexD{(^b
z+P!Wn_nscyaeZp-f9B=;I{KLb^`zb$tb#=r1@mo{W7+|_mR;Qz<C0~jd|H%<GIwi}
zVlI5LHK8>BI9r&$Ztla8nz5fafndioUXx4<s5y^!Pf=MWnAp45qkcz|%ZH+VKmgw`
z!xz~{pX>GRTW-}gcq>KYf}^KSS8)B0NZ%7+o6Uwkta{ZpA1p-<p5ik*jpXc2FjQnC
zhgH3)(5FaThi6`wY7H==4wB|7fV9p<`~7W(fGq99My*0m-wQ>EAQRR{e2{n8<JSp%
z?x83Tu3oq%GWJCSis8=~Ny`mx#B{J||5~X*J*EAaJw)E)oXUfG%d0Lww_tzW4t?o?
zwN?Av_|+fwZ=pCaNV#QzW@pFDkO#bO1pmMf=Y0H**Xt`NK&<E~AZu`)b;hCDj8lsx
zz5JWBic}#W4@GhE9p(O;1P5PnPJWUIrAgJl!#K@e6C_VV)-L+hl5d8_ggvaA75|^%
z!H(i`+DhtPTgd-{qG=|@11!qxaFe)Q62+GvpM1UGzA(vKbSlH?rH)%8PAOiSmOL;k
zd44P5l@iX(%aM@>k`?d8DPD<Dx@ilK1NL0ecq(#sm9APtGgN?=|CizA*7(I1Jhv-^
z%*yvTwzL1Tf-@R&o=QxK`ofA8I9m>Ws%!&>v~N=#{55w_$}{2lfN14YKeaJ3LpbPx
zGZ)n27^LCwON=1g_jnr~cpFf^7<dFixHZtR+tI?@t`6&pSU}SSSlI?!+16Uc?4d7M
zwAAdl8BfD=idE3c--p?S%sncBQgc)rf*r&D0Zl-E9I3{CM&84Ev@)Nsjy~%Pn*A9L
zcW8gt8$1(V1m@0#{NKgT7V4O*`cFt!k#MQ=|6fqzoE4sq*++ZShkq2XG`UW?ZxiRx
zILN7~9hBNBhrxdES~T5e8WPXCtB5&I)6oY&yXO(-*glvW*akk}vil7l{Z1t;iz8tf
zR)kwPKisvbad^||>szh0cGx9n{=#r`N)YGsn<$wc3SKV!Lic0I@$p~76YNdy3Z1oQ
zSS`9xgzX7f&Vx62EIX61nr=Q4bT<2tv~Az>F&q{LIgbs}ovNj|ns!9nLHbLP6nF1V
z-Zt#FgEi&2y5D^AMvJZDaL4?GsH8&eEyoG<d=~7kxm%7~I(r4muH#0lbec1-h0ULu
zNVyyfh6k%I^X7iMu_V9Mu8WH7ComjNO@A#k-@$2lh#cQ?X9OR16K8M~w?Q^+us*%z
z3tXDn*7xFEFNA$^=#n9Oa>%*t=ky*?A@gvQr&2NBru0s?fnbPAKbwE|3(oW*T)|C#
zxE1L(Z{yhglUJqhj{W})`{YiJku_W+8w4h^ZJn|wK!SJOMTPQ<Eeca(2-Z>$vy~n;
z217_#a;LE5=0{RnWCo0w-H#WVLK$HL_Q<ZZAIF8anu59iIdp6gxpr(=kDOS;UHY!n
zqbWS1)HBu%@92H8lF5L0d9L}nF@n1xW|#HC5ztz{uq$tI?qaSu?z5Gif+M1XH!}y~
zv?$4p;BaBq>`%~C0dYlP1m?Y<Q48od21qpJdlmP)y={oyRJL0ZkJK2nrQ)z6=`Y)A
zOu+sB5cVvIkCgrY18`50HA0#a*f}X5l<u}xpLz>~l}<a^a^ESfhL)E$vo^OKH1BOH
zfiOKw4t@X=QpQD8jLQk`A1yOSw9$Aow2-_qwJ>SNZ`g@SZyy4qjo1R+Yw|0pe_*t6
zrTWiWc$16v;}|+z1x?`7ARLRd08QAikBxGdEo#THjvaD6=S>Q6jwN$FCrzMnjz8pj
z_LyMc90x4~R(^P7L_awlZ^zD<17CZ&BA|Dn?~JM@*$Aq8VWkpC%?m!3nlY?Y?WvC%
zJGc4h;>@7FcPVY6rfi*{hN@eq#&y*U*4%+yJ!SK9=dM-8ONu~aeG2jZ>Ud%H`O)*C
zf%ln%=a^%)afZ!EluW22bgW`XxK0Urea0r}#4X(Fp=typtxhp;<koS%2`HA*XJcw)
z+Q>bHm7ckP+@9Vxe_u=(>Nv_&x<MzRv6GfCTF)t11~Y!}EjPS!wM2P8t$|=KZ2`i#
ztaQe5<VH<x<NBqt>7cfVlR8)=8>+6T+hkfFPH)QwsV^|l1ef+LAQ$$$=FH6jqhMXf
zhRrK-KiNm;3#pfIe@9>)(6>?<S0!xopaeV`22Z(g1D)4xaD9kuQ6qb8UFahF!GmM6
zb%QkD^W^uTN_?H*F(zNH;uGAT<GV(-Qovuo9&t>m>4HtUw0YP5UVBgyktYQ!TXg5;
zd0=&BiT<L2Wmm!BQ@e*+`_X9PZBjK?H(7OeHf@VJXzb|Z*}U3aK+5U#MQXuwJ@&|}
zBFM(zy68Fo;M-Zq!J@2+R)e?k_1?32$)TXsb@Fp+$)=5%<Jcke{gRX}|23j5lT~L~
zBRpSMlr2}m8d)QRHv#~#tIPZ1TX+ta(QEI*fC>PGLb|+zcfo=^htcl+*cvE8En@D{
z=0<X%8o*kc`^SKSwN;xa$!tp^!lM{GI6JlF0T0c%HG{*t4!%if5y13*>p$lj-);IP
z6LCLHeg5Rwx^9c2?7FmL)-dCc_0_5r_Rx&g#TxqO#88({Kvm0Kk$e_E!g-U2ouL%K
z^Nws2HN5|L{Te(v1Jv2oIU($9MCn={U#?#_!@Y2z9+C#kII=bIu03QO>g#GPE38~D
zH1lOmnQPHkG&^F#^#YRu9dkQE&ASeOt1y7WOc<W)%X8+8-b>Z5J7)sVcBP+SS460k
zKSn8;2y$`Cem5)SM>YqB&^qYjxmDuhOoT<u`@esP_Q&X3!g1^S%f6B-@>a$j7G^z$
z#5G6iUdC1*($<iMiSTVzAN1A;<x(Mhz(gPdY9+S0Y>&D_4pr-W8SHyDPzCOl;k>(C
zT{D*snp8Dly6vWtt$Fg^w*GR{Vz+-`EUG4*z?e&ih2t+OE;pSy%w9`l`VSpl1lJ4`
zjZs>209v<8FO+u%D<x(|0riI~_sbzia$}@nT^3}Q`ZG7Q2{*he-mIs5skfP<kBDb4
z5Urr!R+oF6+0K`xTCXi$Tv@%jQj^k0-N$yAsJwfvzh;&`UAGGyLyNvhFZ_nc@g0Tr
z++2!VeS7y?LZ&h6IS+)#_-_?VvbXZ&XN(CQ^=$MHhuPmNxVym0Z0*f#MPm!pI@hD-
ze_!9%{Z`kUHb~#*2z2)x;p}CtZ#vI%;f{@^bR6~2ePv?d#D5iYBmv|z&<PnEZpX$m
zeI7T~nM%jWJzv-cVwj!_@7Bq2${dZb(xyg@6-X2!IJ9OgplIbaM9n(47oCQWC+5hs
zSa14dUVDE392Q<n$<55T!+N@W=AF!Sc}6}|t1~yNl%B`M4)?)t=sl~gC=Zb@Qo5Wb
zQj)Ep9QrL}Qi|>R$a!2-9~R!y*xqfE`w}T08Y)_DUnAV2Xz;6M3)Ihrg85;Jz=Sb*
zfuMT9py?(6ia*vlmuSUhzw^v>O$(p|kl~j3c-wmVqleOs48-e$gN0V>%D|6mjYK)v
zdP1O*+y@*h7|R%}dYqFifbkw))R7C|D(>P6b@sBjbz|3~GB!miK=qcu8f!-h?I@EZ
z{U*rqDCaR5fD-(KVF7CckAZxPYu)C-HTP6}Tg=$z;(f(&RhH>?IG_5hr?GQefhiN6
zp;=X!58NC;FDDz!_*F44`vWC^ei2-NEM@|1!i8{`>`vz?BeYjiuB7n`z&>vj*A(J%
zL42nsVZ@j!Wn7stv&?{3W6+~M_TGZzKN`pY1}92`OMuuWWfJ=`@g3!akzC3YK_y1(
zkBNGvj@oR-W;>MigP^Y~O4`0m?Za=2(#<=x*nKq-4b2<8>onb)=vANOG0FM@a!pgH
zLiOv1=grIMRWejsLF<~XF}EB{cXV4^JPKX{cll4mB}9k>FerP3tFqFlq*O1<KMdPh
zGOWXQx%*>Ae*`e36;BlwyA=H9B~Gt=@Fi_pVdR+<BxYTDyb-5?>**L>#;^Dl{%A@9
zZO>35sUwqbavhGLx=e6Q<lwb~%a8l|VFs?jv+;ZBNSaK<qs&|IS%e&Cy#`}8HLsy&
zEw_%I-LKGZ&nOfYi2Cu{p2HuVHMbj6+XNU&=oa+N7{=hk3!ln#+*8*~-{!WyHs0eC
zv02;uu{HYA@fmgVDOSd|BK;H%s=PUYMk4?wZLQ0MA`;6-AK^PR!Ml$j$1rEEaY5J2
zBTz)#$O`{W{9XLo!Lv+RPjdu~X(X^OnW=l$38am1mlsvWgWFaC+PmvpH?c%IjjDMD
zANz&Big2{PD#0=^t9U;4EVNVB&4cpTARqKxhOnCuDr$aNkH&LEFy0~KlHs&^Tt{EO
zZ$P~X!nv~=-%igQ#&t)Nr7LUyF_rK&$#^MFWvJEaW+Lp-YAt=$sO3&^Exg54Y5Y(@
z{7s1G<9u^Sl^g-`?)(GI!eCrKe&oEj0SE`@UW88cR6l-3f*4Ocn&~QYkgrQ5azaA7
zBj53|Rt0gD(glCjA#_(BGRC^e0}y5H>d{S+VNbuyYzSI_bM1TKslB5;J=BYDYit}h
zr}E-jOTp#ecq<ketsvf75f+o=nu@hhhZdD*=g+;%wAH?m;X0;EzOLuKyRNTt&iUSA
zq3`xN8AYIpQHWeF@co=kJCgwWCtb~4T<SLof-ZcqmbvrFo%OaJ_~Z5OEK=V(hcbpU
z;r7e|TO-LZ2o2w62D)ht`MgxIck`zW^38spjnaF@1hJPAjJrh=74^0S!RGgF-nlED
zt?<o$*@&Gtqv}?*|A0*!{;|FD$kcvBu7?acv!}trkoiY{7R+pve&%^;>i5Txml|je
zai*#poprikM}H(t_E6BV(Z*><SCs`$fBlQKgyty{GwMzt@}*5Am#;a;!0^SW{Mfi-
zl_%;C(V8~j<4skzjAN8}-k8Hp%2qhh0egR|?N7|OlU|)GL<75>TjxmSuEdYwdYM2A
z0zb-mW9mox5=GL=aiOLCT?$2ux%DojjWZ2u8C=2O+;Db*-ukk&%SJueoe<r(4Dt7B
z$Xh-~Hx2gQS6+vM5GgeE_n)TUKdY5jz+;RAee)x<W3@-X_$Z@47UPoz$hJdOl-3^u
z2IA}pPIt<3q;dqoCKNL44t$!MiROS|ETj;8a00@JPQnCD!H80JKVH;!#nk#{j_aF-
zgw*yB8xlW8=sla<;B=cqK1OUirtR)tsjBOLEMo{^_|5+FLx8vl@^(1Bm$c#4E?~15
zU!e#Kun!IOPIt$j)80M3scme@3)}uNW#pK^z=|)f=~;5;hG{<{BaW^hQKw7OEAm$J
zT*J`=5NSPgUM2=gvi8(|O7tE-8ttuf=WV-QCKG$Y;(3Vi{UDhS;+A9&*v8aNwDF-=
zYgBFYuS<fNgCTo22aEX5m?2Dubcu5MUFMl7+HkIbU!|Cfq=|tmzX_Vfx-cP4XxD0Q
zCA;FC5cg;9&#FX`s8Of~y*0fH0=X{bF69%%+N9dF#J%?$9-T-S@9o1HKeq~-pq(NS
zAk~K;hRD2Y+hC$5*|4Y1-?*eU+%Vr@WFRho?^vbDDZ;6YOMyq1{vk4^KwP2sd=jo$
zKJCM^I;Rr1;x~#>RK&QkXrquIiJJU{4dCScB;*FeWbY*IIlE~&v&vIGv(7iVj1O8g
zT13(@<#FXGh2m_V8-l0uR>hn{3qObDKlY|f%J1u*>+O4s%LLo!7v>fA0`e&LEzhy{
z@%HV{Zzr)$<6JVQ$?HO8K1WW|wo^Avvgy_JV5)m49mK$FzzoJgo?EKL8lK~+#SQm3
zZ&%`?A8zqqd^i_$t>jjH`ixH+g~XTGKY+Gje8KM8de^ZXazSic=i%>>cNgGM>rvaN
zoIy=MRUQ|W<W14HReZtBKr53ZgWeJAO_E7zm1sP?8!B}XaDi(Z=8@u&(5R$Myh`mf
z&=Gg~zGbUryQSCa9{(QSw(!aSDK9xrWq_)uRg-8gnCIg0;&Fra9)g1seJi<DEe90$
zgTxJIAx?z+RlX*6A)FjSLZo~F)l|L?RRh(nL?I<2Ih~k&Jlaspq@{S-MM$lxTE*Vv
zdqY1x32%Aa-nfjn@z6v0Xg(0Hp+8$g1-=OsvxcmHqn_{l`p0XmV%iC;z4#a8JJPd=
zTFOeI=mcK)Be<j39G{g>6<5OF6@-iV6O`1{E1;&oqAIXBM&|+e6oMoo4&FNY$IBxs
zi;5MfXX8^Y9IPKW6bqIqQjy5;2=nNmPfN_)UyM&5P6utR9}pd^ZebmC0HTHqi(~*Y
z!-XZ|CF6sI#dO6p7yAc{jw#$4o(i4{yrP~eo+`X5WlHATm(z$dQQMa@N(Yqp0@wDA
zbsjMf0nO6wLeJvQ;u!!d#ni3g8JYv-d+`~0ntQhyxgT3N(|8Bc_oQ`M?=H&JQ_vGn
zC%m%pXz6B2%@wwx>*8v$E;biU7qKoB7O5>0pVFKnZ*cCtO)*T9hUm<b%#(&IOfKv0
zF93@Imf26=oFbfZTP0hBTa>&cTC`fUw2POEm#I2(pM^Cjy-RqCc!(=z@n`Vk4(s~s
z$hM%4v5rqKIB9Z(x1<)S7O5_bj#(^ImWtZI=h9&_Jv9Yv=b=xvCvw#qjmFogx72H#
z09(I&dIwqerTF4<EobfH_V+cK&L8pXoj?4X$)O=nVOH{S-#-bSAr1|!#jX(~$aVJn
zMp5Ydf{;Bli{J9%c_?FHco5$CGBVt$pTTcWthIFBCJ^}nd;#(LzQ8YvDY%*_r7Dr|
z<%kDE=bbJ#es%&j`Zl?CdX)_GMUwEW&{Br#l}z*bY44Ztm&%_w=kbn|rD;;+?Q-nY
z2Ww+ZhxSRB#Er;}<I|Mv677rzk75^w)JS#{(*PrsO+{OJ+efhy5<8T;@gsC<MQJ*A
zj)OBp0r@gX?M0f3>RRe$nsUvh4k?Tk4#NAXLr;?p606GSiR}vNxteMZ+WYQ9Gx-Dw
zUU`}d%_R;Ac9#3b`I%I63FUOl*-MHAi3wCuiFk_2+1v`O<wrK#+towWkVDngI76%y
zheO!IlRm|UZG<E?$|fcz;%mMWM-#2zwX#<O@!_c9c?i^zi(uOD-004%idYpf?&z=N
z_Ts*iWh-SX`N#-n2Fyb7!uAU2K+guS2Czc5!>|N?d#w}nO;GuZy@`g2#s{<^|D~^3
zi^z+}pM&hOJ-)v?Mu7FXu@P(JUJHZ{3W9bDM0^(ocNHia)c@w8OTT+liIAItTP~qH
zuB$^a;Vfhw>tO9{a9yXkySp&ZxCA<2{B34-BwQvMuLd3(FPVprI&wR^N0Xb0i?&OK
zn}ZAgo%nU~*~~i5%w|_uSJ-s%`gnIHV5-Z!%X}uTtLjYUfMR`g-QUfP9m`629Hzlv
zW4fl>XkO7cNTb{II?YC-QK2pCDf|L<hGW})s6w`aLPymr!EGvQ-%ncE8o9^xMWGjR
z|F`YRQ@R6%0|gSYQ!Vks2Mq7$4%%#;1n(x}cTx)=#=RK+C^+pkI#8?Ep8qq=fdcdj
zo1QqxZob$(iAecwxHI$En&aR>pYnz}E`77$L`@{|mTuGdjWeV(y!lm<Ank3EZbYsh
z+V1`E-Y(U*C&MGl%@@v-jH-r+HcQFw<Urd_+fLwkl$Y0t7&W}UG<Hk&-ASJ9?Nb8>
z8Qdj{SKrH`mCWO_0*>dYdOzJt%iXyQ^9}8D3_+FNQ+V5Oa$KPF-nbv=py8eYZPOUe
z&0z0MN7+s7aK@n$0uHCH^^Ysjt=;}r@4YwPQ5STGFGt@WpJ-mNJMy1-o-LovpSBx|
zhjjfga9uLJ{gD-(WS$RiFDmJfy(GOdZVlYde0lmg&f1^1Yxq(hcP@(#A8Xhb&Y9-D
zNkmK83v&1n_+pV2MELmjVq&&ySHlT9jz*;i2Zwas#m)xrytN+QEw<dv&3eZZG<bjp
z^x5u8@mzFzUBQO<0rvscp}Js$J5v-iwYS@Eb*2HnqP6Wi0lT<yi<q^JhtnG*?(zYb
z7}NP>38qu*r_+0lJA}t;??S#rPa?DoH2mwyF8#e#pm$b35Tyva%~xBvBHM5eLYJ9n
z5-0$1I+x>U!V^k}=NYnL0`UOj8Nr$(QX7y`?4vFVlVU<;c71|MZIH`cV-H=I4QD2b
zHvsA&X^9SN=l=mjIAtL`Y@>C^O(zd(7v@=6?xI!v)MnD)+~ASo9Kt>KDAc}`N}{ta
zyyfbVF}@4wp}i-J+Al$6N$$5O2Yn!<H6Xm2b!-AXlw(yp^&@L*qJcchZQ|!+1Yc5m
z4qTofz+Ik98@ZYub2}h6V~+ACxmB27x@vtb*UdBsI<7z+yE*tdH#m_Uo^CwrU9AEM
zCP1GgR6(LwWDa!A1Tmr!+-Bgpz`HBB(@asiEDWH;o?+yDGrhXI->vmUd*s|q5tb!C
zlo|hzR$iJ2-048ZqV#!AS+WCxEde47?4}8)Eb4<B?J1{^cG)qo5!@yj&c?E5+K8cB
z8x-r>bVPTzA<wYQh|5tgp@})r6MlPyS49nIlnnyg%0){s2^!gUREn(phA4kR9|l`t
zBH6bOmAN2`0WyNZM3VnMB8UhqlaWvQP}ocpdmu+8s1nYs5{N$#I(~4V`_cvro|P;{
zJhZ0!?jEB;61#D2Q~C2>2<S#v`!qeN?3vdhTMDGg5s7D!#tV%GtA3z|^r3hw$^QlB
zwE|MI?|0NU1^*GvLh5QE%|dEX?1}TMz%<KG%)HUUn@I32M`d<2Wpm@IOPv_qlb&5Z
zHmvm)lyCuw-hfalZgco*p1rgO14L*)P(i9u9E;8JbsyHW^7cRMx`JN2A-DN!gMVb9
z3W7Ra-FkL!t=N1vn+~u408y7^X(2%bUXLWt>G&8Y;(Rg?_V({i7W8YIl-JV0D^3H-
zH_ohLDstD9FYhvSHWMzPlHyu2#q8T^9ax%y8q~}F=-H`l%q(BfS=MM;`Cv~wlpaEo
zXrG}UP=(ui^D}c<T5k^*x$l_P#=r7GyukgJ@hid1p$uG`_$mm20ME|+x26Htg5(Po
ztcKeBP?s`#ef5Q*z~>AqO-dcw0UH+njQ-tw5AE-}0bOsB8NT#=#ey(``&&Z_%cPb(
z*cJYY32FqBUjKXeD>|rF%(K`4WC&KcdHOHiU*REW;aup~I=@0fK*3?sfBF9P6$DhZ
zVlonVA({jPb<Z}?!T$n(VIA%5r@1@e7>P?ZVC#!(JZP$%EE7;!jKqr8RUk00_%;<r
zSAo!i(qHOlSbyfT3*%Tcqag^Y3VhLrFH7laJ8o>iyRF|`aa#Hz4eKol%Qo2+QENj)
zv-BC3Z9^OSma}oLvkf7<XOC#M>vMR!Zkb1ZQfx(+DGoOd+mFVDzEM`IdfS?aRLdoc
zO`|`fvZc>dY?DI~(=ROSRp}4yfnX(C_JklvJJ{s-!CGpXY;r>PFR+jGnIh2I+oVW^
zv2IXmxG&qA0!1_p6~g9Z|J1}c3U#Ic`$b!6uCfP)pIQvI$4%Q@17A|673#KjYBHj+
zzmEsuq{=ob!rg-3x8{QdWI#t;5V>n`?B8Gm6}pg}y|<GBLE6?P)K397ZDZ~Ch|t(N
zuBO5EKeGQ(rg$Vx=|qOs5*NBG)_ant=Nx-Uv(*}q))0M(Znq*ZrU6Cil##YO==uj*
zww6eCX*rysGq9a7X<==y^`SEG!R|8iJ3AB<ZJ<w>?gtnMIn3a$PpD8i^hg0d<Zwd&
zj+{9gr#jOSP8@6s{kZU!_SdAL{}Ms4xi$`VOX2@D5~X3E?#xEO-CiFEAi{{$Tso*h
z4ag@iceE+<Gsn|B{GJ$Q@7bPnhSuAOfZ((?(%Z{xPFpH$TjQ6Cw{)~-1buT+i4oA&
zU|S2}?RposVFs<j)wtL>gHY~dQzxi&npfg1Kf_ggkgj+wJ-_riRpUzyB&)_v@qz2S
zgYHy-6b7xv8Y5zoT%*G}BMkT^97a@7jUfJ-|4-cKielWhG_D5tTYVl75I}!l9UUFu
zPfd&&{YAj{-8)j^<mfN4mJx8~wasFH)Y|3{4J~z!Fb%DxgUKP%vM+Yqq~-Ru>0yVO
zn!9#}%bIFzDv8@e)tV`t30RsbAyZFO7v|q6rq@VN=u%t;dn8D;8P8)wk|bLVHhxB$
z+jix494bv|0L?Ka+Fi<|&HQZ_Qx0wQ$fQKDeZ1mCZbj{s_(#MLT*)s=Fuq9tFPdDu
zLF6`{LVId)KN5hP4s&wXfXaBLf0daqc`*f@@rnWLVgvT?hI@2KUl`AmLOLX$3^(Xd
zyi@)XeY~Uc?f7SeFU0+=qAMZa*MI6lf5PbWM*bZQt#?mj_pLf#%P(WYr{a*RAy0)d
z3(2tlqVwDk0;wm=&ZyyY{Wp9fXL@hwzPSK<!jM}rb(b;>mNI&xkXubQdf#e?ul>ZQ
zb@WyfgsXDo;44tzz^}T_pT)nhP=PT>pnpUBFQNXBwK%<`mct0uB41%V!v)f~OoH5r
zQTV>y0Z~`bPtZu;d5d`S-)27ob%63$zqujt_<J=v2Mapj=4>M21?{m5WxfTH3H*Dp
zpO6y)Xd4{)mx}&k2#KO!%3??8wIz=fw8ahGl*J9&U`OrG{uSM1p0#3zCJCI&lWW8D
zN@TlGyczdfb4B7t^xfq@;}(Ht!sK7+e7kO96w|;cp4|EQ0zm{ulqsxLY2kyUe7k^7
zZiETSVmP+kYnE(cGZ76W1_2vf-%TXkpf&b4{e<iYowjcy1^?IR_vedJuYdC&eUtdr
z!GopuV3|Y;)__p=TqkgYcG#KwvpEn(ZA~K0onhnt_$T|v@Wnd9L(m@g+vXp2b-St{
z?utK#F=I91*A=j20^s&t)6?^&$XkFM)1oijwC`d_6@+6Bt<d8qJKWgKXxtzJP{>3W
zp(_J1UBFg85_c45>zki%QEL{lBuslCyR{961#J#(%d}xq^O1a#)<Ly|mQ(RCt>Z%e
zuh4dwwU6e<OWZ0wc2>o!2kZ}&@Nx)397x-r;vwV^9BuIw%K}R3Wb4pNW(8){`-sH;
z)XS7cOHmwUeD8<SFzjLh)o|P3QTCn!>E>y%B+h+#GOdF=iFAkJI9kWa{C|hRs<6oB
zgnBeW%+a1frEJmHP}OaT3_`I#<*!qrd5|#dLMY~GS1d!T?@zqxN6a!vVs2i{PrK=3
zX<$Kf-T&;f3WGhM46$JLK?B}^RLW@5ppTFVfyD?9EG+e5%nyUVBvy|-kSJI`D{rsa
z_e$&_QexS*n5*2z<vc}(&FwH{q0HE*A!C;DA(Oo4(1Y;1q!kZS(=~`B<NAuzW9GXG
z{NF)oGGDw|Q7nmaU!Fv()BC+Ri+z&H1YnP)7S4064KeH#)MLD|yT(R#=S(g}h+-*R
zHXy*d*y*KK@mmMv9nE*^S6;AZfbI&|4%(;Yv%@a189n;}_Y<0}C~+WW09B|ncWkIk
zo%+BdRom3sE%RNO&nosmqQoGBGNn*_r#RO2pRD#dh%(rgccg_rGZ$v3*w?k>O9o|f
zAx!<I-)kj$8MKkjAY8A3b!ZGe=FK3ZrwK`tk<AcnZaKl3VTJ3(VmH?kZTu)^h5L)U
zJgCfR+4~E{c5W}zf`jdINv4eA?2GMU4_8VZ@Uc_<g0%Q0or0%7O9y&IS-^D(bTZq+
z;N@R7s>AM%D(G(z)p2nL_}T$;C(*CN`C@mj!t`R+r}I+NY5z0Ud{Xl3_;#)W|5DPa
z!_qa3lo~kC+*3fv3SVU!EG1}xtvB_1w1{LbSPEao+Vfwgm^E)P+Dxzn{{PvSQRUSO
zm>qtfT50)E2P^+OvT7m4HU0%A*>66RaPdYTYV%ZecQ3^q1BRFt3$hvE6HJRF1r4z&
zr({zC{~gt4PX>zPP+AuKPjlssX5ur1US#1jr2N<BYS>@p)o7F&+0~GgOtL9HLvV_V
zzd!7vtf^o=e8Nk`+ZWKF;m_xL)(NmIy7HDg1JTjqfUEaGj21sjSQQ^S7;8TnVt=#@
zw(uEX7Ft9y70iQ=Vf`-y3KOCdsuwT-<K)u+fj0Qaw+H?6$R|Ch_e|0AFd<se^RGip
ze+Jm^r=pY5Nk8emevcBJ{I%x|G3f_}S0V2{Oa6+cyJ-(}F|J9(JjG%M-=s)J{}U!+
z->Eb5hmn|6y(x>!B6)u|1%hPacX;<v0!htx;C&Y|#CR}M9soGn`(hjmIy#+{;m*Ax
z*i)#5D!UE`y&v~(3926fCUPt?ifZhb4C7j+<kHyJ8b;QSyn8`u#=oZ4v|KlXRncf%
z?3zI@ueYfS0MPu5!hmkkKsO|3jm95c%jhTdHVpwSG)tE2R<M7G>Q-O!`wu(ocpB@W
z=Wf;(@zoP!>TO<^4Zqc3_gUH*u#EgCAS9_bPIu*_)7IG(2T0Ipnyt&j{zv3)V~R+7
z+?kDzP-jyVAV`C227iU~bHNDFs`d*xv>?Zl$+`$En|dR#D+FD0dyO&(g(l5pT>!Sv
zj(wub2OXi-CMy8KeT}w1m^~PlMsps*n?v(wJBE7WL{|VhZEZW?x_04{)Tz%5Zt2b!
z7H9y6ZtIpC-Xt6O?u^80&hkoJ^;#Pxm3C0+Irfz{JVB838E2QmL`Z99q>+nEAQdoW
zPjfaih*l&ii(`+mf|naZE3*7cCP390{<MN-1yD)kLDWz0YPo42IOjC&!`X(Q`%%sj
zMTt$W4oL}C&XTAkL1=q5#GXVBd=a7sAGu|y91SstWuZAK2dWS&5}+kfv!zf&#9nhq
zdFt<Ydi1SF(t-unA%PFYxjcnk6mX#Vy?m^L%>)+ch@!>z6AkqBF3^Kzy}Q<>ADfkg
zZeIauNUHON>f;A?kQUO;<h04aK}r64oC{z29M%f7&<+2cB5&s4VY_n@ccx>KD<Iec
zEvD>aHDVX6nlnjr;P_k)4o9GOgIKDg<qD-P9MFPJWNO_on4DiIL{H<`v{0Uo32AUh
z@9|2sx*D@nvVQcU9;MUi<2)}Czwg`kLecZPNAJcm-s-4$sP_+@ebm-i=-><Wm*q!|
zLhfW_Od_@yGiB4a3JBFWpwaKaFv!ComJq9shZ{$Fy)Mo?rGd^HH>b9uFLZ{9%q>zM
zYd|IT2iB?PgN8;Il48<{jdetvV!;&)VzKGO3u1xKI@umMG#@KX!Vng_I#9|b+^3Nv
zgj1)1q>i=1ctBMl{hv-0FU58+TtZnhr!u(fBTN`Mbxx&862fA>pVR&aCR${*S_$am
zNq$B2V|h_9fM6%5CS-`5Kmtcrf-09E+(QzJ8q+AW@jgU?nBt=tGWh0YK_QK&_fOFD
zs>!GIZc|f?MQ_0U4#JV^@*Ou7`!+;-nm>ecYqp^+wFC%x)Ya3L8UcjZ*V(*vz09Pp
zOu6F>sfe5B99%H6D~M%EnCA=`B{O7leF*0E6v}wws&am>PsZT%CpZ=*)6%z0m~5S5
zbEAUm;#9dpz<506=8DXXLW$gZGTpP>eS#d*S);Tl?<z?D7M%Zyiv=hxg|sBC!GbK~
z;{sEwghJdfr7ab`ByC};CxN2zZ62ma`Rk6;1{IQy&mByyzm&v$tv~$2arCnE2&8&X
zfw08}?L@m&kJg71W`~9;an^H;;EqpEkQ;Pww>Lfz5^D#7_f-JP_E@hpuDBey+&;av
zO%IwBeGW9|iRV3F>zd-*NYakWn9VC>**BGPQ~w_pYdtyKM)GeO{<~bk1U$Y*uLdH-
zqlvs*HX$3zwwA-cuC&CU%+jvKxvpA45ea$yK0uCd9YZ~CWiIcQW#3cEP3P~e!g{MX
z!G*t=k8T&S+m|@}`8;UWeIF^eFA6P+n8Jt_lMtzkEJyY<&99aR9)9i}8ruMQHto)-
z#Az?&sj%)RNF9$`kkLIpy*8g@N?nXA^$wgfc0C3`&gKQN?q^H6nJBoY*rR&;2wUHQ
zNWbsC=zIZZarle>YBo1^|G96l2<KR+wne1HytZZ5&&0XxyE%BrSL4kGOMFz<Yj0PY
z_2>4E_J?>SK{b}Y#lCETU<!gEXZ-)QSuh|^g)@u;@qte}VmR~9_}?BM1Zx<VE&21D
zDh}jR*^&fVzdWhn!qzjmU%$HiXXg<A5<L872-eKMx()$;Y2dp5$bN5(%eG*QmkO*N
z<nyf_e3Vt@`SknyP<I9wZ<tLDYp6y(ETD!yR4tnrP)+?adfa^R9XSlBUdeRm&m(xb
zu9K>aj&O28s0m{=!mu2nT};-hWoR+Mxtm*KW(xn89L`Uw?b~=k2sIZT6^IYj6G;K>
z)K`Ytbg-Ukd&2@c=>LkmCzl=B>3-eS;Y;#deP&C`oj2BO{W$n^7`5g=_|n_c1G|Q#
zfX1Wmc$$+S4`__pxVY1kHThP1*vt;^-9%<^H%pz@#%N5*hhNsxHEuvu);RVrtUFJZ
zBlka&FS$nU@r+0<M<f?-?vqxSFP~YBC@e?hCnpjEYN_)K32CU7UYjaKD?|Pbt}~ZX
z0k0;pKa~9exX(-<XrN3PK8NwE!%gZ%qx;oj=JozHf{=0H({9%!*L`sX|KfZlDhcDv
zl`ym7DkHk$BI9c!rAe{xKLfM2CyNA%hQTC+Ujj~DZ{odQ;$I?BI8MC@WWPvEhr8Q>
zaDEXuY`qCtNO+|QB)>o?lVE<qzXq7hJz3c>;0kaf*nh}|c@OtFn4cdFwI}NX6eI&V
z*u%l-8I*^PD8)2UGO8$zXwswrNbKtj$`eOsVw=<%RU~%I27eE^29^*Q8~jF&KiL1W
zNrd)TjDG?l#okLif}GdVqTGfv1xIKH{Z0m-$i6U+19W<U9^KRt^Hcxvc>nz*$1>;l
zULNW9V^hz(<={R*@Qyu&MVSw39(UX|-njE>_chO*r=70fx_}^F{?f<w27~g9k(szA
zH%1kior6J5o)iF?{q-LqT*`2C)1P?yv{N6~bj-JZ>VBbZ^})Rx%H#IY=LjC>Z25F>
z#opkQqgqAg=3r2pX8}Ower-^ZaWoUx=JxLpMByD)liATR=yBV?_Uvu00Ir69nI*kk
zUR}HbrAvYD2Rb>m$e?(kQF*?7X*a?;)V{690M+mCtbis~XC_z`CvnwE$-=G;sxqi&
zVKHLU$rnQY3dF&&AcI}O>Py0fd)d2BZ{LD~YTbRJa(Hj~cyYSNph|t60W-7p=;m!V
zPLb+$qgCfFWp#De^Xf-cW!H*7-1y~M*CF#Ll@yBgA|_x$^CWURsj^-nI}!P&Cc{&c
z#=Jspkl;bDjOGO060d*K@JM%isc`j7URYQd-MQuN*uD2kN*SCQ=ye4ShDmEXT;#-I
zq_^&E36s%r{yUm;A9k}=JEb{nGi+-py-j>{GX|w7U=Tmsuay?VhP$i;??(K;1D}4+
zr3kk*7@XF5nGBPzMCoi`q_K7VM6+vd>MtM~zwryVSSi|xF#9*OWvC8K4SC8+3lpwu
z?dWG)O_=GhN5e!ebAbPCBRl{x)+`rgBJDE+4cPa}M44<Cu784#H5DT@!eekCDg1wf
zHS0xc#FG(G$HKr*>vvmJ#C{?L`MI|ZVs{Sr1Galu-<{9@q3t}Nno7HOKZ<~K1?dnh
z6s7lGMo|%I0@8a6y+m558KifmCR7pW9i#`4P$CdO3{{#C={3^(4LCEOGk4~@cdh@u
zYrX52=RCZyki>KLyU%;}-m)jZ_PXhjCA{7>^?aah)`e4~qUTk!|5-jsdRWOC$M%{#
z+)|NM>9!taSKL2af_&$*f@w9F&VnQPKVt?!*<OQp8`uVVBb^l8lx9>iSnM6)y*ZCx
z^M<?KOS3ui8;&pDs6D$hP6oafFEH6mj|INwgK0*;HK9C-TTFh~!g|Oyz!!cB9GK=l
zOnn5YT688C^XWG}7Fib=VGt4-j@9*1+bR**FIde_WUj8v*7g|ej?o`e=aRCsQYiUh
zT9mFrxuoX1W9ln^mmgy!DlKAGp?9R_KgI-CT4b$$?2ak^FKC`Viw}QMa(5)+-=UpQ
z^)`)quK2F?BMGi<J@vkb7yoE2gyH;nDG%#MHQJW;k3_jDT_570r`{W3SCT&*VW<7P
z>UIisul@ik0;nxq^%i!n4ezGt4HQ%N7TW+H331^x?u#BiXB=!VtKaHydE?OIKDBS`
z>_X+#$wL<js-wnWNhU%}I;$RTKD;iienss@E7hZODF9upH?g2xM>=o*!mxRh-GbOZ
za(d>La<tmD9jb>XSJdV152{@Sj-L5g3Q$3Qr2@2JY&yB6130kHeVe%@<iMS~RnTY&
zXyn4DmtNpYB%8Ns%&)%yrK1Yt_1p!ERDnZX#gZ^Bj;du#?LSOj@Q}Uav-gv>O{6{Q
zhzM|06yqIC=f^q$K_{HdhVW^{GYq~X5GlB?Vwdkf*EF?!`OBvmoq>Sck`?FQK@6wq
zFI;~h=DjJYeH+1vdvXnaeWYtxa!jAYV8zlt-JvAD#J#dwwPyG)CW%_Kb=RmQy#a^C
z3c}gzcx^vuQ?9rr&=o6lr0^9{cR$_kSsnu-a_x+sxAjSXw11fxoM2?Ed1?izI~|tF
z<WptQ`2}F@$JHrs9Q>UVKDo<Whu-p>aT?!&F1o+qgwyVg$#r3lnE7f^VUj{``=auN
z?kqnzxFH**z&|N~D@YL5FD8F(^i`_$1-)SRB~}~fvwk2!)eU=gew-jQv-L_W3r@5k
zzYaBW&zc~bQ@!hnVES&;VGfUC(~Z!1_ABF;Th0%>sAw+O%~)04=TIVKu!0(Hc;+jQ
zCF>BoF?}vXB9YJz3)HLt5KC7DCS9va*wrf(70d4>vvZZ-H<sqo+%a}$f8Y0p-Ra}1
z%}JPFC+k+egdw%BSe-x}&()VwFNs>ee(f`TTyC*>^flZRys6C3AzryrN^Ej<9>0vh
zgj6z6tF_B-PjlbH?xEd77uz9vEfWe}rFD~QQOfIv*9_I&&4wPe<`<f43Do7<c@1@c
z{Zc4aICZsCyQIXMi!OO0_9mT4b(Woli^0%*VQ(vQ*U8nFMCXu-Ke~R!bEEu>{D`n+
zYDVgCt4S*AQzC~}f1&pMLX(1+Kth5w0h`!2A~Iq!V&Hox=H6!I;!T`QlDd@S<b;G}
zthiQ`!QZ~@yrIjW^5@WfZP*BK3tkAGrf7(_9|;^ehgcjA)m_yqtp?{XIX~P(NVWNB
z+y|S0A)L&z*G@&X;td-!zDU%2$cPA^gZtPIs<M`HZpz?}-A#3g&r&2=ql5xA^Q=9(
zNmbJ0$3&`pmM2igFp9js9$(ff$nr4?DafLBa@W-q2wp~@@`N%KjS?idT^}x6!%_vs
z@_2it<Gh63z2<XJvxAAS99T|4QJj6BrVhtQK;GkXl+u4cex;)+#;W6)$G#38j#<df
zP%K5N_NtYZsW!bbG)d=V9nr~?j9)3z%=vb>{9NaSpL?NHeY0e>APze~+~KlX*UnHu
z?fDdlD(>4HRZG)Vci2Z%^G;I?rHr(y(MwY4>eTCQeX7$X4DhWADHfBRteZmys--DY
zGXvJUlT(y2R~1OP)&;CqD)(Yel)j^;`HpJH<Q#ime9GibCI8~K*-W@`6pR-)2gRKE
z6Dcr>truw?B`-LQHN2Nj=H~EpcGi=gdvDtFVmEl<#G&UqTJNOiW6f*F>|9lGmzB8H
zgQK}pR|OSjk)2Xkj*K|&_}wZ}wWJWAnp)Nkal7Tf1q$vmXQM+CIc&nW^mR#3G@C&Z
zY)^z@vQk>08A8ANYvrozXIT#BM(<HPWT~vjPJs`r(n6->nOmM!_sL1mqO~(Lg?ogz
z`5@7f{wUtEzW#Lna3vFd+GW7fvV*m!^>OOK$UDnz?uN$C#l-INXeOn*BNL=@C#EbV
zHh1wjEZHq<9HyskFdG~^L{zf%Bss{<o(N2P;No=^y>fTOS?tHf5+w-hseduY+Fot;
zm>j2~(|c(#{$0GD^4ap)-W?><bf#68WLG}=W#FF7{64ED;<~~2S$HNH*Qwhu6^7!A
zux(3_HB*I%!XYGbCXcO5YJUIpPH3jbL>*6yQKeW{{kPF?)~9aTm5?51@Kk@sm}l%g
z6Y;NgAY?S7w(=AY6X;WJnW`Uf`rD|br~?ddyzk|=c=q~cw(;6|pYO6~(76+dX2&GH
zjL(_l)+W$z?hsLqjd=LsS3ij43KSF1tz20%lcCs#dmqM<ER7-lY}q531t${6?faJB
z;!9X9;uQ=OAhY+n8kNO2TSwwgC^Dv{-=F!_rr+~SKdRj_J344#JBkPITKmQAos7w1
z6I7CgDbj_H!?9gQp?7Mcw`!EmCcb<pdaR-{W&hd#B)0Y#{!Qixa-?`9BOrUw)y2Ug
zG9<p5?AvK+-{V}n6nA>?MXv2=q-z7}8yDik&IDz0UtP8&XW#Ds;HSErnR-^s1{)aX
zJp(@!9H})rge(uwv6#Fb45FxUC;)8K9-keDusA5%p+OiYsP{^i1w^oT)TF8N^xKz?
zE<nCXSGGOvw6~2$%VDNc(m;QVzi5HyiBCK%$-%L}t5!B+u$?E-Md@T~gKLCWdlE3E
zv3F>fX$KvY8TX^EfTTbF@GZajsrWPcq0V<N*vsfg$6flFS(;9}zE!cx+3SKH<emvl
z@K<k~z?;w9&kU}pP2TBRFC@C}4i}{h5`JL$EU=aCB{TLGt{>9ux~a};$YcfKZhPMB
zP^$}5kQ&A`jmZ-~@9Xol5HwaKEuajejC)ud<YY+R9C}@xVj2mVZ2-%=$T)p~HoMMD
zZ9o>!up7U9gF6FCz(kQ)!6egr#`iBd+9+J#fbj0tSl4+FZ0y4zo!$-~9>W=H@gc43
z4v+ax8ESJ1XXgr-pGDt)a_1p|2wl{z{c9neG6iO%_>Jabt1&X=9J`3A{c?-5u_H^0
z*o7Q&L>`D=HV{{Ckh~4|#J9riMd=N`uaWz-$6PUp0dWEoM1?px64SF!Y=?Cgzhv@=
zS+%_db6&*G1y`kFX+LFpj?|agdX{k?SKp&{(=jcYrE^6i*@Ct7Ln2*p5kJGozEN3+
zdmTW`l+>wRrH;PVl)H0A8`pAvuc`OYV<Ld4j?XwTCFltIm$;=vSQ>Y=WsWr`V8H$q
zvg}p?XNaW3^DfF8{D@aD4+`<O_*wYAc7Sc|ZqeKd^@YDbtOPsm%+ZB&xv)K+;WUgM
zs3RDem5hpQEQAD%yGX5nxN=PCIm<f{?R`wVXZjQlKdjwn1|Xg*x3z(<ps{y>Z?2ym
z$#f@c$pv3LDCdA`HIxor7<lOgjisG+ANoB!`j}14M<3Y%rgz>)Ih*rLJ)nm?#9!Iu
zfJdKoO6?1w#+Uc5AsqufVs+T8Lnyv*Wr*20`_dhmn)qIk0qwmR(xvhw^F|-4ff<{y
zA@?^r7(d(DOGY)K?QHbPR4A%tNSAH&nN>E{p?+&;SIIZ`F?3GTw*V}_qw|Lmu@Xnk
zi}l$hu{--c!yLMq0W33@kLhS<7eEqzM7$kVbxgJ3HQlJTD-%?FN@`Kbc^lCSIgGRJ
zON25RlzZ>y!1^(H9fC4#{vhQ@Gw<9rxi>_yGaz9fCz^~8@nB*#c_#EM)W2_c%LcS6
zy>c+>-Lhx3#AN(^!kl}@knwQiteJcAJd)!!PT`dR2KVozSTuZcgnZj7tvC@K#B39+
zM1yJ1KbRZF*!$9a&r{n{z(#c>9vx1j%w5z-A9KFdwNVNSmet7E(OQ;Wqykoe>9-kd
z;pR<W211O`F7r!y5FI)4I`;GC6JJr@pv*Rbn4`Fzie2V~Dqno}8nqY2r}WFoGh$h4
z<i~!njLpW3qYUJo@*TUN8kcv-k*u=~q+76<IX4RPNt%444bSF7AT;Wp@rX@&wf`6I
zOHXwJMm`0vnXG)@)1h$-S;?Xe@ixo<0dhmFPw|Q!jxdUjEkP+WYtjz>)t5#Uj2_4g
z{t>}>{Z7Lks6D+ak434~Zrka;4V-fe_shp(sP<XO+w*SH&{up6d-RxFFthcR_>IsR
z+}oAez9LB5(IZG}z_EAK!fKpRe<OJeVC#opim)*Zv<Df%g<WNwHd74VKrFXoqfTEB
z$O*Qzr`PpVcm}F=9d{p{bT)_j?uM3FgZ*455(TUU=anC?^`mMs7KD0{B)VTmlh=ee
z1k1q9WM$?OPj{Q<Wg1P%ExpUTPsOkb8%E(Iu-Y{rBxYyyT3OKnEfY0g*+83pvz-xb
zS>bDIk-V|tQ2Xtf6d{>Yf@WMPM-TY>d8u6p?SlE&4TeGA=^B5g)#vWd;SGf}XMnT1
z<!}2)JWn?-hp#cbv1H9+#xnb|6S0J|EEN9NG-rnj?#R7bmzMLtw|~h$ObKJ|Lf`8p
z@pzWlFkBtm)2f9%{%RN1DN;vs$V6736k@0(UrOc_H9{yh1DtqSK^JNu0BHH(sH+Hh
ztQ&lmyHNu%I?+fe3!Gnhb0BHcOnxpSY)ZraKch3;CN1oLfV<Vd^?40=U!0Mcy5i;p
zEe{BXxyZ1`%Y*{-d>yX=EK6AR9WLzQ-&aLpuTQ74T0BX=@c1jn#%}Ldp3l6Peu05E
z)!5_vD@Ui7u}XoW=JCiTtp16gqX}gC^SCE6$yk<2k>boj8uG@uY;9#6>65m-_8P0S
zba5(dsDm~G#1<zlTr7@X9I{WW?i(=4(O~#5?RCBeFfR?fZl=qLw|{o|qm<0u&w;mb
zaK3%QPApf}?|bR{ld|w_X#Peskz82Mp~831yOM|j?BOQE$Ft3v=0?Sm5f(|r(y-o&
z-mtSoO_bc*%YY}78)Ngb_$Oz4rn31*a{)foZkC0!J9dzFy9)nbunc||qhR+U!K-~?
z%LfPuhWANlpY~N{#L|}k0*Sg)Eu<lKXGc(jF+1ffOb34tUy861U;gz3iLdy@g)oL#
z_6AdQyw>aAuWbx{A4WhIWvk@qn2vvuQ$7uS7+g={nGI+`$c(O!AzF=F(fchEMP@2+
zb}-&wF9DuM>z~jNmg0aT6A-19>RXgzf<(9=hx$BgciKZ({9V_d%~QE4doz_C0*Cg-
zeG*YKA#aRGpa%(o=Iq>k#$qvoK(u-Msm5m3_LFg)uTP_h37i)Iq<m-nC$#=I%82+D
zrOJfr7Z53%Poof8bqyPbeK~m6)Xq&Kh+!Y@Vxo=vFJgmRT3QfMre)1Xobc(B8&M#e
zD0vH}Q?aSm59xCG!7pC<>Yz)kJyu|o-ncy^xSb?_ldXMNmcXn}S%KN0=H>&u<7>&@
zzOYp|(;X0gX?uR%n^2maPj3PGgYuEyHtG~cd7-6f`H`ip71<9m3{ylI>y6|6QmsDN
z#`{bysl=}$ribu`moBYr|K=p~#(-jR7_VXHU*ucBvq8KFmhEN|J3n<EzQQ^DYIuGU
z?a=qP`pv35CV5F5vLyyQ8>)<QJGhMER7nO$hQq}x?a-Ffg_VA)0oPaID_oki^Hx89
zeI(M9pIfGl)+t(|7HN8$OFOvzGR62gdZb`!WpLZw&ih65QR56`=56!Jc<sd2%%tP`
z!7Ia-Q>SSemcxy`P1WfpKvW5-7steEz43ANhQCUeAH&p1>XEQ-%kpNO#*PFNwWk)d
zwUNEwV|eK@)5;d;x>IzrPIPQC+R@0(fOc~DQJFj0{3>DpLn;6vQViO|D2;S=#Y!7L
z1n_kvw*D0HA&VA&y`HWcGI!Su-&mfuVIXj%g7UhynaJ>0GI)43$m$~>W=?+n%A8El
zcYsE$$qc}yUOppsgly(PD5}jD{u@5{I!VP<iEjhMrEXVsB)?g4w`zQ>yCvup7R7iQ
z6M~bKxXl!dx5q<1*8Gs)85(BYrB0<wSKYkfPI+aw=r=}C81JpRDd|$N*p=RYk{qeX
z_&_66|HU;DFiJJPCW(FM>i@P>bHJUmLG{r{!J;I!QQq5?=Wgi{zng60Vlgi_%&zpc
z?O`+DAW>&K^Jm^$kfwu{(@a^h<77}7dCe0-gLi>EpId2`Oe5XOAGJR0KVgV>k@F8E
z#5G|Opx4|qI3}ksD;!a|2;2nPPN(lg!uIh}Ht7HgLO(*qS%txO3NNi4<RZtQf%RZ=
z9%v};Y`|xJi)P2@)@!t$tE9cEb?;KKM7l^`)x6tqT3^Z^CVrW>%6Hn3h#IMqWHX7U
zy4PE%;UTzZ2MEh7tR^}<-LT9?4KMU`cvrgTZc0!I9vsPT>%20oP=YLVTN%|Cb8!IX
z+yPc>v6XQOdR^JY-_*4Wn<BvpL(<)L04tH$$`l2?5&)liY;rzQX%NF!!1=|O@VUjc
z&sSgHCnK=9x>z^(32bFY=h0d^O4evWu^Qe~E@o3V=nqn}gZSQHX}h#9E*qdW`>QXp
ziR&u;zGPp!*rrNau=C9Ln|ckoZ})hSPYeUN1c-IagiEo;xCq!VmXV)8Y?gf@%HX_O
zUD3!f;%Ex!cM%W^^5(3!8`UxHoL7x|C@cm1Jq`@?P?ov)(_uMfN{wTSMlj1eb>9Ch
z?Ft{LXyq3Wi)dx#at=NZPAPn*N&Odd$k#wb?O89?bM*UjIj!AWtF`6$L#j+`<77*$
zPhk}_{P%DaqbU6kA^35rw8>7SZrG!bw_=Bzg>K4?R@0YtGz}RoKBh26K7FVgJfs^a
zHp|2Y%Vu>=u#AaAsmDn?6;x21zuWZ})9PuZvSQM`E<rZET-KfhOIV!pY3Z~b03;Gy
zmm;>x@Q#G+vwMC|_ZzXJQ-2SuPvg4%gu9(9OQAd4@_v%ar;lr@zo^J7t5WQM=?2%|
ze^Jpa&bzm48*#XO2>@YgTa#+Xv^lJNUcwcXm$jazmGOMPlRO)~WU+Qsxkgnyw7DJY
za>+l61nX+NNog2?D|zVjjn)~#GiA-)X?A%%+~+fu%=ERgr*bwvPvL?*3ZI3flUQu)
zUuW1JQP?1GrR;h$QiE}Y;4%>CS1h&%uYZK=+!TrPS)chvTYiar)uxnT5S5c*FW=}_
z_7?Av+uOlC8Rvxc2en8U&^_jZD0^vtMmt0Az@5kN$QDy7QK=eQNQY0@fo3&N@eIWC
zr%zrjMmEZ?oKMz#+JBUVr32~mi!2}+fvedlek~JWy()Jlbe5kf26K!m`^q}bfvn#g
ztV_mx1Tjg(+@baF!8ju$_cs$~Afu<`%`2m>CAj-N*Z1#FbYyyhSgm4Mu}eiu?QCwd
zl#(DtaD@dVMCq_^ybr`><&=XeNvKa0tksyB*MG+}QW<971>%wT@<I{pI(;xv?~=At
zLKn+3!ZGP|L_V=}(CAXT=I!FlqzVHVQ7%u<H2E#~FW8{j{6++pFllNrTU{Voi9U`4
z#^fUT6DeQ1*qik=OX@51*gH(>yn`)m#TIcZY1>QBGRZR$=nQlo?rk3Y6TSd%_k5ku
ztt=B)t@>vz<U1=kxZ;+9Kb^5djhUB+%&uQd^cKNw;Qsu=P(MbgC)iFspXMhNVQLW~
zKY|9zM#0lC;%$5KGSp0>1Y9sQ**EmNcOBr+J>LYq6}fouD9c|3&6l;5{ApVWv3DFL
zzTSNW+pWxLJn1>9L$?PM%nwht^mu=&2<LQFpNOv?JzN;JyZ@Nyqao1e-41mfaW;so
zw1X_B3IEXK@mbFzg#LtYOKBp!k;zqT`DDVxD|32u<XW;Ig@Lo{Bz>rUS3VKF$gONz
zAkd(N)Kz*b0_g~*?oqGY5ZM^Qca=g1YVEd!*E+UXGyxcAwM5QdX3yr&_karKi-zYl
zdu@leAN0a%S^}JBxqW*CrYp`G-&or>)9wvM{la4)FLs6Y8Je+RDSBd)zzK{e1`l8~
z?k98p79#edjj?_PXFpc03#D403Gxx20pO(MN=~15L6vcYJ^E-uBro~Pa!!qRL5Z<l
zk=Ty!vG$MUzv=zsg*88^?wMVeIvFOX{%PNyB|o=!#>@rD@sn@3c3xD;q^%ODdf;)4
zXJZ_`J@XO&3~+M86Ke=yocs{&^!4$GYxYY0K=j1oW8U{12fLe)X13$vs1qhxmNSXt
z%gvTPE49I?TG_@!`8w3gBH8iu<6Lb%R^T$yjl`LzO0Rf_srS9<E^)<c%yo>a8)v>N
z!)H9>neom;f{D1juFmMww28d8XFdU6AMzHovnAHOqfCB28~4;uBV36Sq{#NW8CTbQ
zuhjVkm(}_^RC+>vyr8GXylVG^B24O@D+kVGVx87BqDjuLq}0-W+x_&pUN|S0x)obt
z@x#Q#-_5v|D5G5C?m;D(_dQKMtK}T!ri6lI!5xi1O#-WkHxJ1Y@&n>V;RRdCZl`fh
zCZ8vjBz+VW_?A9f8A%olTMac76DMoUR7U7)^Yn09j79OKf~<r}9Xb<>G8TwZ!3g$@
z@^B7^*&ot{T}?cmBdv?7?;DZz_m^aFQ#`)W4<w?S|0K1+t;Bq~Gx%I^(_q@-E41yC
zt+Ak6rzCQ%kLu{;I{G(V4PW-mQUeExh3taqs}WK9tt6sbFMHvpLVTmB3+Zb_Wirw}
zB7${S@io%id|s}wDf}X%AD53Y6EN<i<nG|Q`-W`o?(9j^ka?A7#aJV>)^4su->XP_
zsxa{%q>x_#toehoiD@n$KbjW0L;@}n0UkZ5^2-`){^Vd{Q^WTyhZz1mAenPh1K+st
zgAz5k;4+`q*FQ~W_;W(Op;jgLO^v@x+^jEN1s=wQ>B)8rf0Mg|E<<xa5+33|PN29e
z1?n(CFY{3Py!x%lW|=s#0){T1puhse6obT7f*qWlcDdXfA(<8iK`M&V|B+N|>G?|l
zAkKJpBq8_6xa{K!wO7;aGM#Tb5pd(zBV6CT|1f7iNXP|4#1}%#W_LK@#=#>+o8HvM
zWr!6maMRP}X0V<e?snquS(AMp|Iko=YV;;Qpw&$}g5IWm<8_Df@g)^7X)Go%ol00w
z0al!?Jgm;XayQ;ReyO3$ZPK#ANzh0P)~6)88Ak@U#N!+L@Ne?DT2x~ZB-#hW!an1F
zOh94!)bOha2^<(O!o8V-Z(Q}ko(9}|xlHdr<{BI*RW{aVU$d3+lYC@c_0gWjtM_)9
z-Zzm*IPmod_xF^a%wvweODUzUsv{D4TcN$jW<ror6pQG8kzA0`ZkC$wp(V#=f64~z
zgGq3f6Wry~I#zHJjD6EITT8GO{Ueq2hQn!=ITef~n5wXSma`$9#eQ00`>C<!jM8%}
zT4gE9{XDSqXn%GTdOv-EB^BJso>6hn@6Cd2aGL|mMemu)4c!$g7Xtqvl1&T4u*|LS
z<gXgIO2DARk>B%}Az=K(@|SAd-@}8qo3I9W3s<SVI%3|Zsr7heRPejRJPWYqZtj<O
zfS*zEL5K$2dAVQrD?N#{#cONs?@>7O_bHoEYtj}{{kq@iBgfP3JinOo<M3jth7g*t
z@49}c6b%@8c|-RbGZ)-~a6|ViGs%Bm13bAmWALXc(mfp(n8&@49#a)Er1>{@jx)v8
z@;}Pa93XF>>H1D@1?~HtRv_fG_mRYBx<sMK9z@`#EmPE5rj&5{(^S<QmE6zlp-Ay{
zrD5b3&$RwM>cO#fInR99h{L={s#h;iwkrIk0l&-oGa=_O<zAlLd77=H61WwYR_&`$
zhxuCuULUmqm5HGab2y0vPE~|^I?OYtdUXPu%VB&D^MnQmt=fQc*oOW5QOZFxu(=HO
z)R3<4>h4!;N<qgr{X-z21eRwvUy$Ne2+Sxv@PnhxyI%-c)k7-{QBu|4RZHNSTpNSk
zQq>x%B>BDggY%c|TrX|B5AoEOcjtX4NvoMolHV7MOBOm?c_8}eBK}Obo1Fqt(@_Vh
z0uZ5j=g#Ba)zA~{09bF{Li`sNB*&&AQ<&O)CZSpAb!3z{@IPtzlLcmK!agax1vIg*
zet;U+cUyefk`H;*`|mGjYJWu&Cv3TOdmYMwrqlyWxHj#XkM%1y;MoLItG6;+&L*;#
z;QDxF+Fyr=@fHBof?K|&2e=#hOh=V|^ItsrWH>jS9!-^eY^3(Wm5*EisN~IaY`Ju-
zrTIM1&tluJBWBUbFNjPgOM~E!iT3Lea%qrl9%Kfy+QJgCv{67F*QVQ=w2_pW&Xd0T
zPov2^$n65NM%gly$og|a7Bt#i3ufvEHx2E;q9W3%3>hk9{kb95gbMgRgbEnT@juR1
zf8GM|$CdH{pAR<aXv&PoL~7YVdFlxC-5J}2P2s0thCgf!A75@rS>8`$fv<n&r$OXI
zx=ZAQ=&i%I5FoELm-fdc`mNKl-?=8Z#l-cgf0lSEsi4UB?j5bhXOeqM!3o<Bo*uHE
zkA~nlr>u7dcb91XRhnl!5Kzm4<~>6>-f(5?n0PEutNu?iHXF+F_UDmQmizN4l`JSy
zT`r7oSbq0EkrB4+9m4VEDT)HU@1Q^pWubeyup4OQA2yzhcc|-ZWc{aX&wXQG0eq3v
zmnkaudvo6aHJ?@8%OATj=s;{I`ghy*#-K2<9Rt2d^vjgT_f@jr<f=bIgO6Q*jJt`j
zgl^@hR=^#uR@otZTs7y5wS+l+Qg#qE_>NPSgZ|xAn(o}-O56Wk&YyuiHfBJ>?o&t(
z;dGyfn-OnrM-XRF<F~fG4O`?aDqdf&UOD(E8=Ge}!i5ohc9rbzP1XpKOJ?{FvaU$H
zV`U@FyPcqXIZK7Y3|ik~^dQguZWk*(zX5y2jV&Kzp1Y-y{nh)(qlSfqt&P1CxLo~w
z#y$Sj%T@OTQYrrqTPx8LRIdAs|I8JS`0`XMZXk7}UWfTQP@srLHKdFmwgN?QvRB#7
z6eIg)YMsUd^4fHCdpWgTnTzUUh76H*r4}M1Ics{rs)(^-bI~GbFX!)aL?CtLKSxEM
z7504<>Q5F2FOgbn9cGt85LlK?W?$OrwwABoTpk?W;O;CC??qP6x^drU?7KRxmKn|x
zA_VJ$ExG#2+D8wuDw{v@9^q1NA#+AbZK^T>w4cmSYk-4q7~cw}x(9ziT=uG&i`Du5
zcbXsAz>C|{FEDu3fM3w4yv!Tlz*b-o*HEHSd(&M>qn7n|3@jDkWwVL5omd}A%e{~$
zSwJv_p)TDse1*WjXBdZIyJr|y>T;AAqXeQZ?G!XwcwEb;=BLj<`wnF9mb$`a)XZW5
zzLBclny>+4aF@R1V{n-C&ROvXGC2JD<C{mGPTS`=6%87(yO$+4l)z*(2%n-JnzK_1
zy@rOjE3*P`3s8l_p8SjT**SRI;B|fL!nP~!&c(!zLEB^;*K5P@Z%<i25fi<C(7+mJ
z@n|{Zxodt7&F$!`^xTLHFcI#CCivd&z=BCgHlk)QbQ7X7h)aNgcO``4bNAofleLXd
zOPP%?&}@67C~F=U3;lM7{UA(HHcs-6betrWTzjmGHdHY^+I7<+EpqEq4EgaDxsG%*
z$?6w-jRvy2c^i?#ZV;%Wex$o@ELo#*rtO|j{OZocQQYc~uSUMef{UPPt9e=k`cnkD
z;)<g<o>E(wqOdt-v@mU(@|OJFtSCB0EI*|K;tpL~wpk~xB?)m9w?okVMo9EzOJ^yI
z-o7%}a>f_Ty0(|G+o*ChnS0`dK5AU6=4~N&c0G88yn}dh_ykE&cX|t%-6ksK!|GSu
z!x1Xtfn{g}M;pQCV>8r*Y>}$D{ltMwRiGH;*(fqIa%+>NP8OBB5iqTOIASL1%`z3M
zHXA#gy|&Fy#nW24XR##~c1-5cLO5Qv(IQGU88+8=h9}m>$AU?YJ*nM$GJXfO>hJu%
z!%Wn5d41$CqiY|kOyTsRiPldypz&E}{Jsj*Xxqw{4V61pgEY&k37tj&kY6>;9AYtT
z(3WM{)3-;fURHGDTb#ut)iNU%c#p9+BfwYL60Td^0X%-G0>1L&gGA%dQKsHuF&cst
zh#?x}r?>O5k}t6xm9?vi{j!=ZdX(S$PtvBs@BOH(WXJjVV#cyo9_ulxP_>H!`sAAR
z3$MaLWYFc-47<uh83kX2w0v^y`rW<=rSB@|$)IijH;FpgMV%Db+1+0ja8Tj_zh0O;
zaXurgU4b`7tCS%bHy<-a$#1g5>782*JY@)_t3A=<SaLYk1|kbAHWk?BB0d#~3)!ba
z_b_<-H&2NbW^kP?VmcLENM$1|umZkJkm&Oi2{|MX*8)u(0Es;BZXtE-+}~(0Yi-*`
zFMja}r0MIF*ca&Q@EUbjowSlYo2$F5V}7p`F{B$}|0&uYt7I6u0>X28NRfnL-+oKM
z<sx(lBKc0&iKiPaLZ`Ua^tGoT`HMs-&wc|&Od}K)>Nszf>NN@k)cl(y+bTB$h@QT5
zofH+_GsAa!Ea!9|P&-RL5uR8_(t?<*BP?>^BY5`VW=J`2wda<%!><BvDgEj5u6YL&
zwz8i8C^vNLAa)zUWy(Cd`*ujYO$Mg0ky&>rDcP1!)j?C+@sydr7;2;Nz(}NJ9JL|3
z)!2J%?BK7{`$LwdOgqkdwjDbOwG_>JrXKi398B_`Ph_6oBj54~J^u+AA}!XvYrXTk
zK-WeyC!OB4!g?c-+M*>TM5lGXqS9J=bNAfjnf;3~?=e5wFI5X~9gok_JZl8jJP$*+
z`ZDAe94rp~aoY@~A*ExTZc))-IwH{n{n*)qEtIJ2-dXl^rgaUrKh3&E;Dppa)GMf5
z;Azh8lwSty;Cd4Q;cPWO%k8aOf)^mUU3Igv|Blb`!B(r`skYtyZO1f#q?J})+H!(s
z`u74&S@-U|qd84$;W+_xK87f0@bbYRY)q=!b3SL3kgu($g3mbM#5CH{7~h`NBHFU}
zb(Bb4#bd$YC-XPq0Ot>kAY3bv)J-59-#Iw*9>%(RA13IZ8wE=i*b)R9ccOZrUi5O-
z^V5h<Wt#p>=V~ktb69KKKc&Fq#Kgj)bM;kqdS#8~um=zoDVL^JePqZv66(UTj@;<a
z@!p*%h=vg#8wnYxd!8we?ynxG7c^zc$aRDE>eXW!`=SryFc3LfJIq_>+05R?{^opZ
z>*hLZD<>sCyy<qLee2`QNnnHV+tTFx6}Dw>U_&&_$s%_gx+Ds0P(gH3iYAp;1Vyts
zq&4t6D7(+z-dD*zX4mvETu!bdKkpwBwqTO_y`v@hsBXjWvWT)d@%f)fI(*uc0CFmm
zovW#4!I9Crfq1{o9N%p5*;Dy2MsZqTNs8SM`ECPxVQO$C=~oO!<Y;qOn-@?kmFU`a
z{Ao=HU*lB4CpEviXGTYX>pEe|`uy~*^*j$*#lvv6r`)$XS=*sObn(|LD9x20L@9;|
z5DBo~GAFvO6sG&2o$_|lwThrHwujt5Sx&|aNBXg3`$|()QycKHi*Zmp8jx2()&F6m
z$qR5xSt()X3<GnCzjfMHH3OWK3(b><AHiH8hpV;Ia+o!>%q5Q?<c7D$xB~Opan*QD
z4&*mT=uSq>6dTH$sLB{ooXo%SL&}fl-g1cNKmTPFxkb#Et|^7;GDIl`3fNv#3e+Wz
zQVh@~Zr8Y(bQ$EWnGZd#D3Apf#=@2@au1<6nS#vqaySPQGk|lz2XrN-ePI7;OdHlr
zX?yRyuMS_zX@7IxXwqWprt4$>zC|DX&aTqT+3!CtVnP#r&2L#GGJ;(}w<OKdmrm6d
zPYt$DdA!ePnjn!=Esr)b{ntfwY8Q{uho>}tkjUniN7K`9H=GCdY8Us^eje}-N5Lv`
zd#9#ocCf?CSlC2`lkq?=SMH1AcpVQpDx0bv>irW~d4;j@Ko3{0LvgZ>a=!rDm3xQ2
z>21Ewjh%?M#_EGy5#Eo~%kC~yKl;<G&?_4))=^%eM)S=|Cro=TTko5`rl2|aH<+wS
zu%{J#ghiY~bSvk!3FnKP+iILI-rZJ6nOEqLOIyGmxk_iq)mj|ZyGmsYh-KnVA4rzW
z9#BH_XcnKx>a7a5&KMcl^-)0IWcHo39)Ak+X2P|D$jy%#$uq?KV=~TH7uM@9pM1oK
z7PmKi%F^*zOl0=93N;@4e<I=EUb?I+@jm3>MRe>-@V4g67&cW|#HtJ{)b0#8`negf
zO#Unhh1!)W)O5}LxL<c_eg;2fP*cR*vz2Cx&U=S_FPxFoiT(`MXHYXxIvLhDi<Fe#
zSTR%O>{pzVD3InzTzL0A%~;A_rN$tBZP>C=WX$RBvVi26nUB=VHZ8gH58!&lHlMZ6
zm9uLY)lvQk9t{JX3>%O96t^g)`C5OVV9sgd5sUU$;5LTl8;Gm8YH+R2Voz4jHnUiH
za_)PXi`aTA=S1XX0ub&j#Sg$0>BjCnE~i<+73k)VAXIP11yiI)cdb||f_=MXpN=Wq
zJ3q()SY5$Ir00PIcD64R9H%AS#|f~ej;)G7>UCiHn-(@m(kawcf}c4)%_8y%YR<*C
z>3s0+`mMl6qf~sYQ((Qif~C1p+OiM0yBcNfMVod^zm0%b?`I{qZVN(<3D7;J-t@|R
zflF5WO{BRvb9uq<&@0n_Dlc<y>2J~mUE8*t%cR<QPd7>v#Gs0d`_vZX4ShyIwQTl4
zMmax}Xoo)wz&`kgX=}G9AcysWEQ4kJL(V?no2j6K7u(Nsph&j58@1jj$2w-uud2oE
zMz~vYoie(?Gv!HoC05$@upxb5_3qx;nqX#Q?}F1-{kZSC=s(KS$UbQ!n#1iw*`{W-
zvJLdg(LYEF$EM<v<m#Qu8sp*No-f{d27LA_R*o{oC85<j<u!oe;kGZ{x&{>XD`r2N
zXkQcENng1T>@V6DWan=bLSMT!X{aRe{+eLE5kYm&8xQ(H-oP(b&l*YXlK(V!=X)#j
zU-FDbm}EyF%gJIbn5b^`(`-2i{437h_N9(8<U(f$*M(l#$F#JPGBldd=B3_J?do>Y
z8{^?hF7LQkBi=!iH#(cJx|)<eSqzF0QSJKVG%w!4ln2G!a7~LVm=vrw$lVqCc(49T
z@69~AZ#M$d%wK7ezKFQ5D)3Q)KmvJlf$keqV470qoR5Uhp8d@BJ3cbMr5rO6gH=U7
z60w|;!0i_!C6{(b<Bey&_bwuNK4P@@CPT(SgzN23b@7y|IQ+_b@a}?F-(aq-lQgYX
zCHw7`_h)QN?v)?|*SWG*n@86!)&j)#XbV8q*a@`*XneSw{RFz<I<Z49Y?$Gm*5+J+
zr)H7YzjqOTd}4$-54<gx{POe1^P0D=6GhLOS-s4_%7n)?<5;n;(YP)JK_UY`!iA2;
z3IDt2J<s@=0K=8vs!?D^x2Uo+0j7oTd6S;L9~ClZq#+yo621Tvmy^gC6XI9}6OV(U
z{S>6X-`<w)_f?5Aj)lk1v#GGo`_0JrUkSy>Fvj~6VIHSLeWhEglKtmkNngWAu=VsQ
z_zKR(t0SG%>=$g;1`c@7NWZ5BEM!L-Hq-TIGO9;^^V}veoImX`YC#~oKp`2{i(cnA
zSm=ue3pN16R(D%=^Q~*~N-ft8p7_goIz9AZ&ATJPJQ<$29*=&V7W2*R;<#(c=9fyz
zxS@e--$YjW6~0Txjl71(44YoDuedlnw0hm?V+2iwZ9P7pb$ub)(w(*Fj$X;5Z`EON
zn%5(@zrXgPf{FbH0~r5Pkn)=lMfhg@H8ndX+=#Vjiai_f`Me=X`<6i_aM~<`Fb{$0
zPbVD62si9smBqC;80*2BwAqp6aBTS@9Tt0!Z*E(iGIP|gSt2!EaR1*a-_JyqYe(v(
z9%RKH2z)bnd}?(8-Vecx+oO>#pgKj&QkPr3qpfay{S=m9I<kdD!FeQTcwN$7&Vttx
z6&xjvnpms5wCk0-=uIR5XoZf89{Ey_j_Yfx0aM5A^N$RLN}WCH1IEg|2M9sW7Y*DT
zbgLHQV|G8i?U(!>^5|^wyWEWHzI5|f0TW_-TE8JbleQ6T^rxbL9o|FhWQlfwN^$*%
z6q29d^_vJq`TV6}=?^J{qu*~D04#d~9lT!gP*l#{uaW+kL^$@l3E3TD=Chnkue(Z%
zS*W|hckHk!ugO)>Id{FdL$Vl25H)-M2KL(1yBM=$*q)-IR@?HR#iju;NgnkgOpjck
z=N3?+ojVjdcdd%a{7=&zRf*#6`2(B^dUJP+n5+`Bi(e#Y5opuvTA3yWXeH@c!TuRz
z<}e<12LZE4A_L`7a|8`l4Ya%?=!a!hqYI4u2Luu^Dvz2X2&hD%<*h+v><;{9e_HIi
zP7T}+jtxw>ZC2bJT6GLPE@TZL9{=!_^Uc}Oi>)svf{eHSTrh<^MgL0Y$Z2{_zK)`;
zIg}9B2!fxoo1~fY)V@^=0jX%Yzbp3flwfT7<`JVMByiRF)d^YUUrnoB9U$aiL3E@v
zYJxbW+)XZT2|8h0<uil)A1vadqVkqMAiQzNg3&MDa>p&f*&oO$tytThaF=A}>{Pw?
zPa5w3e5j}Y7xPw<X#3|7-7nXa7|m_vxgEoD$SU5eCy91{eoVX0Qp1~Y=uq-unApMb
zRSET|en1Jeu6_WF8mjjLuc_(u0-~u$b$=j$dQ>OC?<W{<QWNnJ5v_0vm9jcA=ak$T
z)&d$@btdwc5@QPg1n#SXnE&7@oerX|JE{m()9ru*WldsvNsuF(LlL5e^W5lm;4(8H
z8h<*fji~XEIm=7)AKa@Pt9Z%d#ORq8aMD-aO<IKd0m_g>{^B4rHc~D#T`Ph_{`{c(
zY@~K0Tj4d2FS2ZKuIIWM!E9Q;1ICt^eFtIV#wxoCQjqd*cSL@*5GO~5`qvEhCmoJy
zoVoUY=Mj2GEVXQ{a57Lk8n@IJ7oz+5ni7MRVgMU{(haD(oDhTgV|iR7PkJ(e>|2iq
z&nATYkLcCq?hrfVXJWU7GW>Ie+TB8+s;1&6q#XRI{y=oU!y!yXu8KZ7DUaL=w+;m+
zRBTth@*n=x&v2+GFK539$=dUc$o1_%Uot^k9L&OaNGpPG)$q5|3|9oZJ7l3~y1C5~
z*sdg9(|r*3@||+9pc0)G!L6;3a*?f{k{L73@z~m~{c+1<N5TIjGfqXGk3K?hQv%h2
zG*-aZ{E>oHcZL2A;;MZ9$a91X#^0?93zB(GCl3=K6$}xyxLXzc0{Cf!5#h&A0+ol|
zOMpE<+@Q>T#UC8R_FVUY#8yzIJ3H&@8w7bb>J5Cct~`-G0d^mTpP={a?_lM=X?Dqq
z=9!+0S)oK4R6k7kwq^NMpINq15+6*?D2K1uj^HX|2&|3Yl@3VWhBAXnkP3woLfi0A
zGneK!e{luhbbnsQzH^I-<uP6R)j&G4Yj;S^gYHN1hg~NSK-~Pp6e2YbxsT!xqbCq(
zy9qo+uE=Lnt3LT#9uR-Vc=xpxi{76Y8_ZchQZtO<`V`DnaYJXuj=N1{v9o&LN*AR|
zBb3w;WhG#tm!`kI`_oBcR&*jp%Eh{lyPDFo{+Meb+NYd&@9l5*Cqj<|qRvkl54gDO
ztR9sV=O<EESH9KO9_)_L*Hiz)6rnzXMuSJ^+Cfx+RyqKg(%5H>n)eAjJXT5<^0~PZ
zTMZ7`4z>wA(Um#sHNxFVkH<dWHDIv%)4XiZU6mvKJM#P)OU;!Zbw0QJ1MlOwODvVS
z=+RF*6D*V^{u%b(dgA{aD+lXU^B2(ohY-d3P%V-wJ2Pz_R3Xk3ZsLg&Zerf}Acf^+
zia77~LmG-{I)BW>4=gA98^vsy%MIBe3XF~K739}!aT=C3Bz9!~iflM$Qw-M$mdq!&
zE5o+ZI%O5c?h|q_2Q`WL2b3<^o4s8c&nmhXitEZqgL#g7#-@VRa?C7=8TikrDVRha
zw=bL)U=H@_Pw{Ajwo-puT-9+W&{>76C;boLA@WC9I1y|z<1`VdMRyf{Ue7e+0>QaQ
zZELHpzxk1u_g~tT_#jJ|G8|&1a=y+%RN|W`GS_`&EWk@uBjynO-?GchW<gCc<s;X3
zB@xC7qbpZ^n9a)Wth)bf+Q&4_kN!JId>qZncvh=}n`+8OXm-CKj15wpNvL{jF)^>K
zD)eYl{|k(`Ya%;5Dn@x}#yiX#bscCU*UT&MxIKRBAjhS<iFzrrf&|SS+S{I#6UCa6
z#+tj<)z<$t($7j{uC2sqdrWl47>t3qq@1jfC98Emo7lTj04rqnDmZ~Twi2W6A>AFL
zFa~<fOnZ*xQIPFSQQJqvAKArGh7i3ietUpfZ(Fe!RD|MeU<H!-@l7aNP>4qeEf}vt
zQMF_yDuc=m&GaGLq(YaqwU)BHv^K#zei$NyDi5XK<!=M1vMkk{TkYEeGYp+FX|ls}
zYT~DO&4C-UKKrzmZKNw1W|Kn2J|XV?@DD4$S?hs$Pa^r_j2Rk6!J<vvY3(1CqTmV5
zvfLJP_1iD@^fXb@J*Y;g7p>5S`MePd9tm53dd2(%YnYd)Uu?f?*$QsCaD1^`;2~`a
z&a$TWPRjBW*e-qF)bZJsTL$^rK-W7d$6D_KhrfEGFn}Eyr(Gy<O`V^;xZH_7%Mmow
zY{F5<rcQcAJapQeFr!m7bC3R*eCui!+tc9dyBU!*!KF4P@XJSL5IAKSq6qZs$I2t_
z#{SA9hi%DP=AaP_8Tbx)=dGFJMHR5n)XUmg$E<fm3Bmz!?9V=5X%G(JRe7UCwRj;f
zshIvsb=T%{@S@+$?&8UQIg(}VP+`I|YGcb{-%>Z1n)G4jE(jSqyeKqdy!J**%4UdM
zKbx=aw4+>C{^Os^j7cox`Wbuk+?GG%wAttBj=cx!2D$}2#e+23kEi!WX^wy4@HxH*
zsG`GlaeY6#?egIL73;b)Ws?ns80#4a7D!C2)X3Zx)A+z8RT@y`qHi)Jgk*9${Cv?N
zw<p2Znj@Q${HW!F)q2as4wo;J99mjmBv!jOTWiZ^NIK#=Ut}qgtZo3~&6FJ4^Zxa4
zSh6i^$D(NMR#_P2k*9gi(Y{W5%k5KY?D_FA7sD@vk>a|-R{*)a?;lHZ&zfDQi2TpO
z<40P8oCZ|BXy#HL7WjxsS;}q*R~{o<do5o?@a*;$-=9#k*Dn;|8A?gAQ&FnU&C%CX
zwCA){VJj(kClYO^lC6)<9~Le=m-r<GZ$##*bA8*}-ZFnR`+|PDW}CD7UNB`(<iTCr
zXI^B5(6Kvdufh>cFjAV}L|7Bk9{C+uvN;Q!ln>bq#>YLA1g1vyMUBA(q=bOhovSEl
zIxKM08{RtNb^cz1sivZ8zm}Bi2v@}cwLhbtrsydOaoGaddW+w|63@-y9GI2Rv?nTr
zW{o>9eeQi#u}2cR?***GOmF^q+Whw=-It<i*9qRgzr<6bq_pz+bHn@hrKEXXE-5Jd
zx@+kGpX<Ej9JWql%E{wNAzMNthZ3cp2Lvq~D?I4HIoWBIW^KO1^2@c}X$Sc;bArCC
zt~zx_=pI{dHkGn>ONoMeJ}81(m>=vdGU3^7MFr*#o$C?Mr1A2WDjo`0Q{NQQP<HU}
zu4Tsd{<LYQ-}vOz2ZzPaq>aLD6SsLA7Drv0L!jtuN|7is9)a30O}mJC+`{Pa_k~e~
z2{B$|Gn13ac4E15B+B-+1dm|eqZ*snJo=VS1H8xy_nKejBOPpBlkrq$JraHYF@$F9
z(``n5%OB<%=z&k#CjiHLB+(zT8mYJj((p+e1aMS$f=WP!_DmxT$bXP(={G!bU*Ps^
znF^?qsO9N{B$M8d(T3<!MTxZjf$9d`qR8JN?ry#Oaqwv|$P2g5CC9Y`&IVt5BppQA
z4W`pFITLVbtIM?dYx?|*nv-ELh(ILkzKYE=DxBOE&XQ5FQKR~TK9@X0)j16{&qtD$
zzi1d46xu7fI~J7wY35ev*gD$k8>9>;{av2VdY_Y0^BkRI_eDd+pwL!H#IYdv!W7jQ
zdA$7Pi4kLg{T+A5ccsyT)vp^a%#_Dk=zKc{EtTv-+vg(Dg}LfO!i7JXR)h53h)+}@
z8T{KpSsbgrR8rIJePR_`Dmcj~mk`a;-O1<xZ~b>5$M(e;S*$S_2j8^l*eWbYRJO14
zCll^v3vM{TJpgKz)rVR^!T%MVD0>wAFNlJ7e=PcMs1p-dSBdhW5{iL=P*D~@CLs)z
z9*GhMb_)E(QWL}|0;Rj6IAB;-p$yB;coaB}UX33^1e9)#@T{CB+LdbcM~-c@Bf2()
z@iI(5P?2Pkt5r=C9HpDKknN6}HdCQIUmmFPPZJG~n>LXROSO7)&^ZTURr#lgI;C2{
z9JtK}(hBST)a?Z0=}#boI~GQ#K|N=`ZG3Iq2b|)|kxHTE5E1}S#eBhW$?OurFSaxW
z*5&R523AGxHTu>+L90gJs?a@G-@3p(2?voReTxFEBz>z~cc8v?t_TpPw0@vrh5GJt
z)cd|CMapg|;lnT+nWh!@EFkm3rork5^yt!-G%kMvxHYJ2lWwK02TZ&GwUc>ps;(J=
z*fSlH!r!W*T;6wOh1-P+FKWyLb!xs#E7Sr#P~mTaE_En7bD+n&w%K7*tmsrzH-YR_
zOSkwar?>$X!3ITkTA_MqSBEk$&_zHgQcoY%$38a3dM8p(7lkmVp{Xi|2CF>m(NqvD
zg*vK~7eNI&NI8Jw0&U^+swjPr%B1vSD-QdyE`4^r9#(spB~N^@Rb2IRU8Ue^<?<w=
z8o^dokIHx=55ZeIMU*Y<*cHkaUMx=WVprmtd6#~NfBd^?)~=N}IB!=To0pcpb6g+h
zb3JeRibg$e@QOwqFKC6bmJ?KTfjE!&cPgw7T5pHhY>i$H=U5wQIK{nkC(=tkNBk=h
zB0aUa)G3<z)TtQHujyb~@{UF<fGMO6YkdBsuPmH}<pUvBN1T`i5egEPeQB|&&J-Ct
zgW0$Dy`0$&+Gq47&g{hQ8~74rc1+JyezN($Okm*6+@m`Aa}=<1wLhPBDs&bbs!d%U
zSJ_!pvCrwjrFKG|8EnoyGv3^JCW@^|1&^!1*BZR#)iOuW3p?9hGJeJv(tX^^uO_Qs
zbbBm?S0Bx1@3HK0Qjx_syxr{8RGgJ8vRxTsJX}6rGwwLPR+G0{ljl~hOBm^19+JM7
zkX~!FS2*TAey}OclCjXX<qOWB=--<0l9lccUHES%ne4>Zw*N~sh?E*s&DI)V$0e5G
zTFvS4!{WBl7YOV;u4<KIJjcQTu$Oq+DOj$9&EBxGlYXJzJn&AR!OVEQDGJ}d;HY@f
z^bsMKr0zg#1i7|b`P)Eh=Kq&g3h&h_723B{v@_<%Oy@g4Y37UfCAj?iA~LIH7yc)5
zI3lxp*1BY0kIR2JV%nyoUmshgeOyc}XWy|QiEgy(&^cqV-UG0B8ZG!7C%;q4ML&eQ
zPzxB|xJ!HMEB;*WIwvP5SpHH#QvgCerl|DlN0lNh6Sw`45sOhnWY28AZuOfme=*qP
z<@-c&e0OX^gg;qIzLx{WDG#H8l+SlPGpGu+_v&J^A#i{Y>|MN~?DXEzjv~>C1Xhcq
zdAZ&B#jKbFR)wQ^sa-66AD=_kbyn!FpiRTsxS2ZX`$?%Os>ctkt(MNBN+oynM$Gi8
zRvv)`a8HYi3mUu%!dKKiht1Omnv^MVpAO{;d*YrY{cu*!N=wguLB)@(x8j48|GTg`
z5o`SYr(OKW|04=npR;A%BT|v85Xrd}ACfElJSU5jOv^U^sk|No%{#OEIN*HkX|bHF
z9f-5e`B!0?Z&D~LZeE9FzDm&;IBaR?(NI^>u7yaA56D7g294YO#!A-Y!TeHXeyok9
zCwYMJRS(jrkv{NRZ}DjJZ+TUa)hCsFp4>gl%tlVGqhhJ+qZCJ&C&dp;JQOZk6<f72
zb66KisqXE2jWJ60^*g!fPkjQZd&qm<8Xq|6U2Rz3u%vKzZf9PH^jmn=pZI$i?@iKe
z?y}d)eLrQvTyl=B!|j!j>vdZ5zmh$=is@{Ekg&ry1f<uoCHZwNy<2@&MU9?7^kgId
zhQCl_w$CNC`m-&Ex+B^#mwv%-RZAHQvtFZ&M?lYQ+zwdKZ+m;*tENn|Yw}q0J&Jzq
zJ*Ju6_SGJlvX9F$95adQnGxtp$f^XhbGsfuj&b4ZB$%SFCqiZc(^U5Xd7Ojf^*Ez6
zTt2nRu(0qj>VLNTEOz65zx-H<Of$vrgAHobf5*7z3SdhTfYes@_UU%)*cz11%v|+8
zwj9B5G-eE|dFV)x38}V4q50Q@m8Hn4RON?kp&*9Bi&s~M`LqzlJhRWX`I2M?=^+w%
zW<}`oAzK@9GP1m^8DZhHkP!4UR|Y#(`CeP7D+BxaG5<1al;kBX4%1E|DClxwu8GKr
z9y(LxKrcR1;DBB;Q()%;wwjs$i?_D`Yin8izIVNpQrc3WcnvAqqQwgoC|+CxrATlO
z79gcq@gl{gxRc^e3KTCvg1cLA3j});Xt$iR_j%6sJ>UCY*M0pm^Pib}4Pj-CtTnSZ
zcQN2tB|#)SUo}P~aAHFFF?*iIT+&s#!vyI7w$&J8xv0H3<IZRd&Qv^vMU;I<u_-o@
z8yjvo4|`)WV!~xH=ebo7<0iw(7;pA{#S7A4`0wZ`rj-Hr6z8P#1Bb)X`HhEd(`)*$
zQN11n4F+t#gCi_I+O8p$jArcFQj7$bv@<-FRtAFwY-k}gY{ar%a!au9BtEzM#KX+=
z5Z^k{_|{Zi?z?3&X%`P)OCt#T$dEu7e_u$m?vP`%f1!1B{PIc6`aD+=UV4d;c80W>
zhp)19?jxw;Sfg1^t8(RfhvXPa_d33#%U~k-HuVvEEPI^<K^%LX->7WsYB-K;%%nal
zbzyMcDRCp-sJ#j7a+2_P6TOm^z*ZE`Z`q`|Az%sljjRX{^8|}z;qy6O&LPDPdm7l}
z0O+VPNM~RZ$>RoSh9dVt6tMj5vGN}ddfg7wCKJ9nb8ppddArgQ#UJZVxciSZ7bWd6
zMSa68tP30THnCSdB(NxZEJ}fhYRxxF1dV*tvd<dT8a`n|o#Mv~rEF~*9kPsK_Sc86
zS)9t1sdM&rd)qU%Gq0*)?#2ST3wl<yhd3xYn`}3<R$}Anff;Q>SrpgwRqgo%H4)Zd
znswe|_g!fZ;waGLz2$Ivojf`(v{{)#yaI9)UA%>P$2bdWkHIQ*!6|J-b!v8HFGz7T
z!4Kh@pjySx!d*O5Kl>&~ySW2d?nJ=_otX!XRtLfQtvh+(>I<oiZM$E!@Oi2IWm}R7
z3Ku;Yc^<0rKE%Wf&do-EaiKxBEjbsz9sM;IpO?a4wmBJ5K)29fBd}tp#Wd3(+uS!c
zQe;}G*!!k4e<cCl-*UV<b~?41ICc6KSSoofx936`@_irATM#Na*tKm$5VZ;W#^S0K
z0az-g7(pZe5D0gJA=0t0*%{3<oi-CUoqxPk&Fvw~v1_CU6lkdC_7moS8e<YXTvl+q
zk*?QfZU<A{*j{v!=S<~QSqd5fHD}506!7Qp+20Fldj5ilrOtW?z~5Z8+JNKuRNFgp
zhHxkiJ>Qd{I4a0gr8zJ<wrzqsy$tainA#m8<Oi0!UK(FKwzL5o+84}fF>({5s{2NO
zPC-SRoT!Pl?V3yLcBg<B%`@vwV5|J*&UVT^_2A`PaZvvlKQTJWe*?I0dvxWbr&)XD
zIC9ce0J9s6eO9x;<jHN*6S^vCVdCAPuL5NKzy`FLS|T2@sE>c97D8Y_waxELuK9dv
z^=TPlr{Zp<flL{H_6T#IdE|1b6lf%^Roi(*mft>OXZ#1V&bvq!ZV(qQ#>}~pal9aS
zJkNq`#<C&6HY2~HC}WqbDsu5X3B|LNOKm(~R@B8xrlKh6Ous)5d_mK$sqf_f!y>Yq
z$);TW7FYX}q0`7iOWxUBMxem~eY>i9ZCjyIWKxHQtu##=t9*ZgUX1Mz2J+n-;s)=U
za>ze>6q1J<d||v~KtcyDNrAf!4YBYZvccWdd4sr5+2GD&2h6+^1`AbdE|Kx;g+%~|
z2!|IigN2fn>WKJ(!fg$E?RL275D61+iUF{AB_JZcn*t6TI>_ZsjE(Q4fDaP^&HZgl
z$GAt<7|k6lN?&kk#)UA!TZn-A{%i$fM`ckcB6B{&aRXcCSlgkv_IWMNg+lJgj&idm
z12*PZ>!E;lLoLo3ruoW7t+FU2k?mNhOUo-UY5ni7XzVSiAA`-PXJ}aSm77bJ%UfS*
zN(|XGnNu5JKEvtLm7b^hEd|8F%a;OT;F(JSCN<Usq^wD8Yv%gjJ;nA0#b~6B>g{Nx
zf#2=Ke#g(Kp+0K<xjy|&I;#b}NII(teM&lOs&x|wyxg9IE8ZIM3-SmOj(B-<Rtw=7
z8g>ie6dHCDo|$wueICMCaZFugfTQ#BrB2~8Ph%9=(~Kl%(%CJ3LV=IDaYlj9;$8Rm
zCTe@Fcg->un7rdPP61KlAD06EK+JgNQef<OITq(3{h-*%a-4I}`n;a!4|NL088=e6
zM8ok`L4*bbdpc$*i8^GSSgdkMS>Fl_bq-D)f1HKdUmK^(LcLz*ubn=0O+y_@uA@HR
zI*`;H<DAVQ-B8Bc&%WxSEK-|%L8tpYblz>LwmFCNHDwWA!0=Tu^GhkE?(!qwGR@!i
zay~O5yI+E*m479_=VD&q3(&j*)N$NN%KReN(B)-L_ez;B76h3iXF;Y(UCozcL~qKj
z^qOA)VS`qYOkXT;GkG&a7mAH=Ge<5iujl|zdA0|lVeli+Je0RgbRNof3izP|JQ13w
z(#OIs!qWE4^iF7_Vc(BDeh9W;k?GrSl+1A!fgfoA-I%uVSx>(d2~MrZy*MN|(^<a;
z9$brtydg?>hxHWhI}!!?v?)#k3IB;IjZ?gx2(z=Ol7&KrgpAGjlLd}p<#g`Ot;nLI
zIYvmuQR-G$n;gAh)=?@A9}D(lc$J<+l4C^qhd|4U2NrUyV2S*McY8vHRQh{DB$^C*
zrUoldNn$@0;21&_;0d8c<~F5)L)W5@CCtmcF`uq)_DWmFH4Gu4LsDm63d>c92HK`I
z)Z;!i;$UI^<K#(^;L|Wu1DiZ)*_K()eyxTT(2y2GtX%87d5kSy(Li(!d<A3(Wdq0e
zQ5o*?<P50Sz?VTP&?09*gnyxy{uU2rAO33iv_pYod?WIvHgF^M{t?Ypm~S1DRXcq1
z5m@lYIDU~se2u1{CXqoc-L~kSTT~v>3;;w{{vaMYV7AY1cL|AK55)}3SRxOU<`tvm
z3<N%70<=*TPf!FlFqO4|wquQo#7~DMHahzAv9q;wDA5X*HrMCegE;YrCB%n?q8S$5
zS(<kBZ8s@Mcw$!KvPwslIqO6TwAkyo2^eFCM?)K&N7qa(v3=DCmayAC<q$fJaULz(
z5|`bNWwg(tnbxewf-coW0JKGRNRu(klVy*bhH%Eg9|pd*F9ZoV>{K`$qi6Mp^3%e4
zX6$v$D=?c#v1RB+Vv<ciV#+wBbdtG_m+yQYaG49M-D;gUXw!t~si4%6V|kE9iy(&i
z%~)vlF2cAEn19eli&-7D?lQ-bSW?=oDzL-=MYqvHkPLz^75TEBCiLEuGkH%z`qrmY
zfT3Fsom&)IBw}N~zfvSHlgqwhg?4yx%o}$?A$xEuqq+pYxVEfFb~h{?*0AFcb#g0g
zBE;^1G^bWfN3k$6@#fxEOpdl9a#tygcVxII-kbunyT{@yVjDGgK9%Haop4g~PWQxy
zkt6c)`Gt*A%#wS|bnc7aI#C5IuUIgXx7ZD(evWm>EE|44jLwaH7~R%dhI7E4DZgR2
z{6gaQjIX4LO+by)Y&L-^yAtpCc8f;XB&Q4E6&F06W-cq<T3@_<qT0aqw~yDp#qTrM
z`c!Rrm{|<r-`RlP|MtLdpX-R1bBc1*|FEzE4r`7qijUW^2AlRT?r`(E=EK(+kCA)4
zys+S^P0VI67ZS=4+x90_hp|>HYYn$C%SOk!s&`n1*H_3J4FjC20>qyO<x$3d4?mRK
zug*FYY^XkzDZ^F!uDH+b=B_hsd_-Gl28=A~PNS+!2)?v=F>bA3z>wFLN()Wg;xI1|
z5ImVOeiAjpU_~h4ZfeDZT^TE-{ut#T03V3m-kraCXA0TE@0~Z!g#+bQt?P_9*<Fuk
z&<-xES6AQE)_RX?edpvRBxF_kmf5Kl=h#Vzne!ax$^L2_;B<#0?zmr(73a8j*$jmv
z?YNiihDG(Yg=xOHVAS+Qt&f<VK%QxAiwr$i)@Z6tSlhn_*q(BQ+58>C+B(8VrCa|7
zB^1$&mYQBER_sA_1&%nFM{^e&u${fe_6?iri<kkBBO&Gy!WV=YQ+Cy)&^psi+I_|9
zThL|_$4lcMxu&Gg)*@IF!S_n4&sPUk<DQR^8ZldH4NN(YzL%R;R11`wVOwklT0a&@
zWE#FpZ0_q{`dw6WI+@A3JEGi3O3Q2{+^%HI1GD7Tdm|;aYPH$%w+6@Cg53o8x|gk&
zhG(zY#U;ADmZHRr6Sp27hb#vxK~m9=`>3)`Uhj%$3o86cQbg-XLZp|1pB_I?6HMP}
z4nK+N`MZ376lDg}EopOph_Yju5LB-{`i+n3+Vqtdbn5wf3KU`X`L?GF7M2|}yf9{z
zc4EE+NG97<0T8wvqco6ONz=!Xg_VZYwU%R*CQ{KfeOy_!(LG#>*pM+$YdKD7A(aOx
zi2-dNcNScNx9rK7GcD%zfa4P8ss8aJ5on;oX)2nwPcRINtP_b{xon8SF<TlWeWx@0
zB)UgX5g<{hbuEpDu1_fImL%wnNjso;j(OOI*u28ObhI(QHnj?QIWEc$RC5n=kIFJ}
zZAQm`0GZDgx~3&p$cJKF@dD0pJ2EHu)D+<Fd8~urD4qpy{B{leKzqRjYK!?H3q+-%
zEhSIW&@6qBtP`nSotVS&waUAy6{k2aW}KgO02a1&f?3K>MO}=SCTb<k7yT=s&TzbO
z6cc1^WYTA}DJ@?bWRT5(7(Etfn$KWCjLxSq(5LdS^+jjFr9p-<vAg7fsSI2T$EO9o
zNm;jKR9nguFA{-_v!xJ(tl4skf`p9uFSwSpt!wjLp=B)Jyvpffd-4=3Ib`gQ-3Rvb
zjH_ZwbN&s(Yo<s2B>=!k-@oDb^pF$=ag62b-ox*Ku=UR*THy{>t|nSDoLniJ%AuPy
z{ghv7IcblX+J9?fPBUPLg+1okNr%mvG>FHcF&-jc7vA-3m2^HpaC*23gr_+0>@PUg
zBQ-n_kkXW_w38VC4yW`lnXXlvX9*<?y2=dfz$)C3Y<OEa$g-39;XKf){3!^0G#`_<
zd)h-D%wo<6t28vter^KRf|l%o^9M8r?t=p5&!AJOja)Bn3<-r{mhTu<GlDCTb1w{x
zW7RABP1fE@aAOzdS6^pontE|D;qd~u%^8{})v7NyPdV-|0b<koZtU{sCq|!)BY~K`
zXroHfi1zz9o}F@lotH?XI9uZISh+lP0QlR{NSzb==|qWr0;z#=KE0(%x=yW`t?HGf
ziHdXsKr%AVRD(Ib-ZlQ4>&UI})nqebgDSca(IMtGd-+oTLcs4*tUfr*%rbOUrm#k$
zl&f`*W@!A$$eBoN0Df6|P5<xk_pU^TZWU7K^S0Q3T757gRO(@N?GGVYMz=rxnW<t_
z$<rUh_YBQ%6mfc~$JXbra2dd!9?A?^wz(<p#THJ4AE*EK(vZFC-p5>GgBm)ds5(oV
zvwXjQp?3Ig@*fiVeJ*~>zrgv^?gOMyzenyhb^Jm~eg2l;1s?+u?dIeCJ8l8jo&{Xn
z3|k4AJ7hc-<QF2o2NLSK5^E=<NX!lrlE+3DN2B<AoX*ZU{?R$tiRLlv4u!u#r35b@
zzv;ynJ;$>zR9AOIy6}^>A9g<f5Q++XSA+_5s>U{A%{4)oR>t?KrD~x%pg=<P9!OMP
z)vSk56d>RG3(vnWT(xU_pMSrL@KR-RCc}sP>y?id{oWQum8kz1W;8S>D&q84Kkn|O
zlEI=QU$0QSGN@6?iae<KDW%}pb`24+e(+*gx`6TWe~Ed4$qIp}EAgyf6#aP8G8I3_
zK3xt^{vGeuu2P+nxZE<`xDxDoN2iT*De5gEs>5|`#xT{?&pAC47~`Ctg+(UtEczh<
z$C+j^`cuw<tzdh-Us$2|j!ZXaH@c%S8E(8BmkfV8Ok)U=m0!4r#m&XI3-O9t))ITK
zZKl@`_|y9>*H%pqpHqH&M)_T?aCL9{r?peI*)x#|{jeXhEE`cT8<8k;u-M!yH3O^a
zl;$8WAI+lz5)J~ZfNsr3krY<o0g@r+!y)^_p}kSinhs|9O+*<C+h5Uu4V4b9=A!tw
zt9VCN6-QL#VpoTcM@&b;v;~c4k5fZXVPfNQq)um%f*v_ihU3&<AE78zU-`neTMnqR
ztPfgzZXD3!8q6~n7@IeTI*pi)?^X6RRrd6kW6d68Wj*$hWd(WC%mdmStICM~1rGUP
z=IU%kIBc=ce!(<Kz2OI`VLzH8w3&zb2PIn-PEqW$DjX)n@G}#QG{Yb~TeB#=26Eab
z)rJvy3?qH1`7|Joteogo&mq~B&5>}9qC5$0bCji`Y?Nh#3vDWt#+73!M?yyiZPKF}
zRvWX^_fOJ7>Qo$iTo}%Rem!@zl`JV-qJi7^1ufn}Dvb~aPPW9Gj%ec-Yy?%1!-A<F
z>`zkXN2OnIaV#_)4fESp0ksbn_HmD>Pi_#;+^xo6M^PN96f%-YMx+n`T6C{$srg#$
zOsWqu;I<ZRj^>8);e)Z8y&hX(RwU7rd!=mBL)P?<lx=Kmo-@~phbp&<Z*uM5&;QnJ
zZO{{|HMeKta&cf%Lo0G69<yuNMytLhnP{>6tN#c1UMf{6IWjS+SALPI`E&V=#BUq|
z^BQL>Fa><&bU6e9JHJpRHlA()E$j}t%S^2ZPKXjwgBmUubiPM!IP8O6NE{BL)@Lj*
zJ4U|x27C9L2i^3<1_7Vvo$tAYD=9-=g|ND2t1ALQ4Az)s*0ffbotZ%8)aoTG4Ew;*
z7*R5b;*eMWzoJo0p&&%b><J;6#INAzIWR3P3$%R9opiZ1d+u~<4;Urq9LZG!xgdzz
zX9=r`JOvgyWK`SP8+?|nSPb{az@@Y-@e(!+cXb)XtzLgXzP#Fi*=aXuch7o_Dp(-y
zJwcdqJj?DrL$!_yk6fd1o@p8w^G**K{J3li^S~cwPvSgeCM~UlwtMi5q}IX=v>9*z
ziNNO_`~0SivD1KswPxUEnH8s*ZoxKD=Qd%PVH$(xX_NfQ=wv^i*}HBUl>%R7vv-8C
zYK_>SXslZCU(s7eIHFb@*a!!Ya^aGx7l(-c4rMca!ZEFa&!U>@#eYI0ygA~eCdG)s
zzqAkop6YjO{+vZd{}TWVg_4n!NLDEG_HvINz&Tec7_^EX|JK%@v&_iWA8^fS#cQ##
z?#1PKlN5i>N~2#W_ruG7=aDlwNzYmCx5_j;{>VqEa@-RaQ-=h<Rfc(Hhr<C2LF{M;
z^Fw$KpZw@2!#Mms`5d|L2yzC$({mO`$`a4o39W6b;R4?NtZ4;gXOPLFBTA2+TyZMu
zMzfNcX?H1+t#e%yk-2eq1d*-a?j9Yd-c16>A2Wu!KdV`>N*PHZki8+_NJMPQI|fgQ
zRyMOEBm)$8i;@AfHq+A}DB9u0X+MYZQ(4Rq<0ZsKtucbw+^PF_Sc~Q;YMv4U1x<I0
zRQ>}*`~7kW)foy^^z&LYLP{Q)o(nnOG`wb|Q4;}W-xy@!A5`OwPG23;4hwdpeKA{{
z3wR^-%4^5Gkp|`3KQU&0uAU`f@OujGP2&5^&$Ql_f3tF*y4Y~V`&<}x_SWpQLXueU
zH{=1!cW;&@O!c#!i|$i5ZmPa5zt}*Cx#U<~@n(3Y^;7z*i+}U^Q~0OSXAXC5L4Q<b
zq{WJi#Nu&-xqf-z&9aawPS#PepY{89=lbO>Rv}Z58g|*V1pf)Ag{P~XUpERnb@43f
zCq8&Z7HqJ#YSK8hKe3FSWkM9^4mSI_V&P7BiQ%fs&D{HH&%eHV+xYEwLG5khMFt|Z
zf^U9TR2aX$b0@^j{U4-%bF!k>*y3kh;cd{=65#sde)RJ-PCY8Nz2{i4>anoxvFYhI
zxf!kiF$ln>vtr`ff5ZzSNe<7&mVgkF!>EEp5^yvIxR|^J!GBJB%qC{IqSqvVMJ@l2
z!S;X}a1<sBCVS*LFlC~iKhtw38NeR&TYx*sB{m|g^7d!ss^QJ^ELh=+A>*^(vtd)z
z-Zovt<S#fcD0Y??6FJN0j;+wStBY(F`j|f!8GYt>_m_+<h5Ii){&KuOCI6{Pr6>7%
zkFg#Df0T!iaIyYtU4IF<KL*iNz8BekRup?Q>=*K<zX$u*{>uR|--A1eCd9HJ1d}Fq
z{{7FJ@vPh*eEwDMZS%JvcZy5ASM6`E+#mWWT(M{Ts^?CDyMj4d;J2U<ipRV}=b8H_
z94=#WmWTW*@`n$uLOuPT&WHvJz6I%u<^<!v3%&~uA58g9Nxer`AnwaAxg!5xNKJ!!
z0sMc5zb}q{oIk1h?t>Fe6!5RGJoHH|S~bjV7Mvn-xpEqyxye$Frz3g+y9x?#G|2MZ
zrCKk`8Q#H<yjHZe{_9iuX6Z9Wvz|fzp#<#C5-E}Y40Mzj6=G43)Kxkq*m&o8pg?+e
z^GRmTCY}KssjFB@r_l~cpg>ADkR2T$mZ)AU*HdwL!#-_H70LiYYull<jY>mR7?=Px
z7J8g1eTK!u0V=WGCTtpcseO`v0Ib!WpV}=soSWJqIcz2!8+eTNv&VM|x)WY)c`vqR
z-2rNbDjz85JEZBZ%mz@$4!omgQtA13aHcml6%R%cks;pcY2@zc<eNCCaY6&<OS-E$
zV+O>w0pc|AfE+9AowcC=`<QN7wqav2-VVF?=}iRxgsHU<XBh8`r5|To@N0V#&sdRP
z=#1Wu<Hn*w&x%p|!;BRldc!@<l&~b9lPi5payYN}(8QK{Ri(#-I`0?QG|a_vI*dw4
zepXVWa(R?#sQRkuan3lkxpI$E+GveHr|W&;oziufH~n#B&X2yMihgCxj)#Wq@)86c
zrpY~iY@xC;N<FWrJJ_HgNsWwD41m(e0OR=3{%DDltkss(Ds#fKS5-7mQ)AZWq~Oy|
zzN)^5*<xYyMx3YWwDRwJ<e5}og*GNm%5CygQvxS3k3EljvTb5_SZGw=_jv*(*@}7i
z{~hMBp+TkKv*}N_@Zz##%+3S%@k`xUo-g%0$gtO1+)JMAHNdA{Z5O*8W^deqnfO}L
zcKhvYwv#;E&LQ7pfWG1Y&LmMaJ6jc+I${jx?QqKAUT0sZLWl0<6Ii|L>E2a{E8IcV
zQUEfXRsvG_2g2+Y61-|Q%=oT#Hg13A+N*Qh;IYvbha+2@D7c}I7eKSxAGOKjW~m>s
z+;Q@4k$R>5XzOlB<j3k)e=j9g!A&bEb#~*(M#qr_htE6@`8kmVVm$@*LsqQY3_t7|
zD<r^M->Do$$IM;I0@q77$2e<8njA*<EyyO!XR0uwIf@XJ<DxoOML(f@kl*H@T${56
z_`II&qI!HOUrlqW>c)ifetx|JVQtO^z-yh}MfImtXxBL02}HPXbvXPLB6&GxRI`^U
zcEq&^OWQ=0DYLiUeD=xaQ<_Vn$5(dBtQR4q%-(q8<wMV>G?jD%U)k}`QtxEaReTP|
z%sLS~N|TK@9zLYxO6rw<%c`T}G3FyPZCQkC##VA3VA4^<WI_|fmZR?mO6i13RWZ*-
z?lYKvRB<ZdDvEutJlo`F43oT99%JI=knRK=p;T2G!^|aRYRtvcuPgCts-|`nF0bWe
zsW@iT^Ae65A0KzIuS;*k&(X>5m|n+*mtedhJu{%HT=T%xO2mUq1464bHY1t(c>+w`
zL*{Y>+~Cfwv&?^88Hh<*XY0TVoT$99WT^uxuD?bokhvj*T(=>0=|Y2Jn|eNr>x9X$
z0Gx_Jeck<p;uEW@6SdPupK-JE7=mnsQdX;HD~1|c&rXfnL45Ja*SYobFG!)1ds4DZ
z(L=|rv71EIgqTO_&*qV>ZowOM4Av!>o2VTjoZ(u2?Hhs{7hG;f&OoL`Fb^8ur)p)E
zJE~6HcM{y(cAH)}{@!`msysB*+P8l>zpg|r_Ve8c88uGbq1p8f6rFxU>%a!c<x<&<
zPiyv*w=WKjw;s5C@Ok#(qmO*O+~#$$0+Qh57*{^0iz6Y1nqjo^BABNv>Q2*Ev>Rp^
zaXo_taa#EhJNlPDFiy9r6W_kQb64%nKzjo-l=%sRLfg{V!27IkRir$rNpC!@dV{{a
z1l?~C%4Cy%NFGBJV{=_Z<7pC8+Osat@QWf3dM-$6-g2FEgBUmn)>7>?oI2mKea+*V
zaCkDt>D`gNWL}fvP(nR=zlL}%sMI936zS@^*ts8KPuJb7y8xTb%dJv(+Fd3Z%O0_-
zI?3g=%OF~2q0h{$QtEj$mIv<50D}_O1}<sjeolg|L7f$Hc9a$;=6W~c0fycaYc}4i
z(Nkr31KxyquzpK+9ra_CfhFf-S=azxr979h(0!AAkCV(e3l(jM!a5uRx=zbEnmw{(
zw`i%B$Km`q*VIvw03AEtW7xM-I^JD1oQx_~9;sJru&;sQ?<5KI+@juc;&e&A4YwR+
zit8x{s|^j_tt930DhY&|^5q)2AnYH-4XWXa1g;N4R7dzxuC9}#K4`kQD8GhbC7zpU
zG+7d19HNQVwd!k0;b6KF=pMqIl6MgS5mJlg(Gp+G;pqWW6m9F=O6FH+<~@m+SszYF
zwcTL@8AY&8h4*?b_mG3YW1=xR{vh9ZuWiN1W!0(dUW3Z|!wNBl{E%Mnu0-djxdE_L
z79^G3*P!dio2t9Pd%<PLwX)Zd(*(PE@wtli*^Xl6yaI?5brXER<`55UK%=0d_zOY!
z3rNy2bBBBxa}VDF%PzXzjAcN%QX7T{q=ZRuAJ$ZgmMwFRt??6!>IAKqP5>d%t2Y9d
zsRNBuPUa6CrDB!Cz)beg#<dbh|8YdWm0q>XTFGDyQB~*k?aChca$W#2Tn_R)S9(3g
zwIp$G-~!K^YpuYDz34PoL*qns^lgf4=;AYq{KxDpI~go}k9K_smkMp=j9$lzoTje(
zd=4}8JfS-jM7w%7zX}u^7E4(mI=9EuG>@kZ|77z<vV$f{xuk?SVvX7I1=wI7y;zQ4
zclNu>8m5=C@4M5Beet`K`R;P|D=JU<lrEb;*;ZxUhV0l3JrW1c*x)|by8yE1O@a4k
z!~(1zH)$rGI4HrtjvY)W93-C9R%;6P8NJ~kT{(&lvQDWh?|wTPU-i2+0yM27RmjS`
z^48!?SZiC(fRU}iAS|PhQ_Avq*y-x);A7M}n3vha4)f}xV^_=QuZ<KXKW(h2^~{FG
zinu{egE7n9go!7Nt>wH1qw%biR3ziR!9CVI<C`ds28|K`Fy}F&!!EN!AF~5UMJt|A
z71-FPZcUvJ!kUVf@8>}vC4?@qf}wEQFSq<rWL0PrKw>68)mjzqSV=T)Jr^(lnQU9K
znzJjn;nCuz$d9|FD(l0L(eN2D^-E4(nyOx8Lz~@y4h@bP5dVREJimKq8~xGAb+B5%
zOq+@miXS`RlcHDOwx|~W_7t+@gAO@Srd@tgk}X4P>g`6lN>PHj=}qZ&dw1~$AS=hN
zB)_`^UE-F4tiLqBjOgggh|Q7XQcbkT7Z}rWbuRv<2kGi)L&`1pF;yy;E!iKdJ1ojF
z>HEPlza+2qJX%<nPh9JBt<=FcDnOUKlG^=3$;!oocz-<StQNc|&!66`-2X|%DD5Ph
zwuHWz?G>-cKLET_J)pGn;h5N*%ji{#^HWCureb*((=hFB#};d`AU2!0keL8-;OvXX
z%_Q9Lb7^fW?cc0%ZR<H^CaTKi2S8w+naW?l8s+m$gE&ieH>qzq_dlAMci+&>oFWnx
zAX_fnP%XaWD^IL0h_hk&XM##j5$At2Ooo55{>mZ|%P}(pyQE5X@iEMmqh^3QCPQkM
z0g&F_m%?C|mfzD?*<|Xr>I%{0J-c9fsjJu(<t`ekcXt#f#~O%owfk8_5RNf2RE}3t
zYh+*B{S;yRvVHd}Wp@hcO$So>b@t?O<5x9^kIuj`zppKsm0f?buNE(~-k^$AOl8U^
zVVDu>*Hd(KK|??xh1k%o6f+<B(gwN_-SE|CZT9yKc>g4O%y@HKMEwWkz0v$HY$W&1
z|Hi<1Z~n$Q?&F>tS-%$*J73POvutNhGVx9_C-wxA(3^7i4s=$J-SN}zGtFKG1tJ5x
z;AyK`!~X%?%pKOoK~lC_F*7~nk@My3KzlN_s=(;6CQ=9gz4`7tloV6lx)^lbxkX_-
zx>kTnsp+txIO2Ynj(mmyr3P${a@WT{K7%3bR*}v%NYKW@NA<5B{NjVQo>+Vj7}OP8
zc}>ymjcHj*kN?!N)UIJ0ma%)o3b?|i%Mo3%m3=3xx?<V4nO|4jQt*$n#Y;Up&R8pf
zoVUDg!A#u>{Fy$*()sS;rVn;MqMUwgexXDiVP3L8x;1!%KTFwpSTAQT;Whuv=B_jR
zU_rSX*IAxS;22dp-W%1-wQR6}xwDm}TD`_GfhxCMH;Fx7EnP=ma?K1bZrCPp&6T?+
ztZ8NzK<hQWUo@;-W$aL5gzqW~b{?NFW^vU9^P;XC*VJaZ7DM-Ni>8l3?{D=A@q9lJ
z*(Ib%ZveegdrgJAG$V^HXFJhQy9WU@4+)MRSfUe7Bqnf)Z@1R(>r~Hsc2S-_<NLO?
z$~XbvTHTZ*PrNJpFd}U;YflcblmNzbBPa!>7CgxZ7G4`NCWz7s4mj~l*q(^Ml$y4g
zcjC^Q$<Ymu{dXPP`)RdsgVM;HW+Zf@GG|4{92}TWi2t4Mc4t{)-!A28yqo3e)v-l>
z%btr+;D`O-Hm4)QW+$lLB~u^!-wjRbAN_zC)6e09>Q}XpPFe)BU5F2Cl#1g*HP4^y
zKV;gDsu1MFh6hKfVh{CfA$)Y(5VMou#M_tDf{UAP-e!CG<2TGpL(+8f`bqQp*fcVL
zCEA^>M^v$=GsOBQ!5yas2NUS@v0ui|Nz>SrIv912EbN`0f|<0R4u1Qzbxjf%$HQ${
zi5z^G7PuN#wAXrPL19`;GEU0Z_Ng^94ZQI?H_`eA2@P5;(ev7(?NisFG-LyQPr*zv
zjaT>1y%AdxOLTQtguuieaVhL(-jXcft)Lz_sj~jc68Cbcpeix)ZU-)|vAr%@RU3?X
z*@UsJ>F{U_XIVNFv5SshIML?vBv~S>Sx=0sqW&RCZ027}3khBdC31pRxyEC=e|=Qm
zh^Fx3=hWtFGWedNOFpa6kj;lR@CwYCW}8?>(Ve-iR|^*-A?}G)0-ea1?{Sz+!FNUy
zPJ_mG2f=Vl#9kNg5*ZIou`Jp?iem{}x>hD3SU49UVZL`NBiP@H_FedK9hWwqlt?Cq
zggMGCW+5)0&Cbv$)-K{?OrX72P-_25J<Dx3_YGW6od-u3r--k^UjC9gsgG=NU}F0m
z_0T(Rfg7ftI**U6>#1me0T#KjPJKi_rHTWS+*huL-gW!Dk>jcJQzDJm1vsU{drtdd
z$kR+VNdgGhro-Pu_^9Ulgw&savq}3s@is*G=<fokyAYPmU-<hh*wUvrrgen=*1_+-
zBR|4k9Z^rS+=2M+OMTaQbaHp|4+-lz@}uCx6VH8uX}OP(Py5$={{T$*h;SNu8{)Ok
z@LlKO$&F3bk7v?Eg`1AtCNG`awZ`=?`xN&QGxqr!7oG~pZ94gND!L?0Z~v0qE;O=y
z*}rlR_I{f9&Cx|aotK-qbmt<b1f78RCbwUwyi3ru?Y+d5ee!eZU!DB&8$I2APbYn!
zwK4K(t@NgWAB&<($h7}Goz(qDjl@rDUvG-~u_*i@MPe&-mg}tGm;H;4#B{YUH?R1y
zym4`##{E}cf4DcUkwhwMKzp1&_vaLkiz8jnkm`0XjY@RsiX_V$XZIf5aP2QU7t@I8
zYF_?HO534NQ+-+^xuh%!RdD{?lM}A}C#h4>IiY7eJRxI;FKyu|zuc0O<R21w+5#QF
z_!75dr@V7ek8OBD%Fd%S;-@vQmqaC56r4kP{KK_V{~|^Aw1;b_@35vtKCO{nGLU3Z
z#2yik_Y}g56y{2EP;~xB2ruEJ(S|3yasEpnlCI{}6160Yyt8kQRJeBX&fT;>OAO)K
zNjo>vROxDjmk1@HZ=Ai_OqH}#w&*_(WLAsKageffIR-Z2vTJ|Yv^B04o8cgZcK;Gc
z0|$(%U;dIzv3V{APDo*dvqBglW%Ddg1X^@32A#$OayK;94wnUF#|nr1*w)vk*?ttw
z@?cwlwKL2q8Y?{6W{r+)t(KlQU}Xt&O29}7wA*~q3$1)|^P;RQp-xoiVFPT5gdev0
z36C)@h|f!`KR(YYex5bthrhlyHOAqu(w{J;F-OC?bGdM?I{nEHdGtaHpZL5J_Q=sc
z+Of6!qcWjRXYT%5zvv&h`q~e+FGdr$RKGm0^3Q_w(W+0YC8wNjbSgShd11oRQ`9%)
z=&D~~K3L=(g{NvRC){=vo;0{9cfI=6B=tq;ZAY(Khc47D^tjLjjw|g>e3yf7EyE5V
zY5j()>SC4f#MsW5%mg)hEp7d-YvdyM8YT}QdEK*?04=*%6<b@i#G8bPN&OP@yBx3%
z9fUF7&ayioFkxymb2rAX)NK4G2jOuXCx<Z12SZEMt8pBVgQA1*7!HWG7m&Q>SxK-g
zo5`E>uYsypXF1~E{LK141*n&q<sE!0rF#FG(W96D_1I4UlGbj3R5PoD$9PX2#&*MN
z623az-n&&lE;NXv?hpnN?#EGIe}MGNZPy1pL9(hZwD8FFI~6jAf)aAK^~c2fUG?K>
zk$mb4tr%UoFh3L&jm=7f$r{;ODcx^S$Q*W-wdQ@UKUTkp)njw3u*f-gaOMR-edeW7
zy3Z*at_VuVZdU@NFAHQdD}ti4x0L{?%a4?avnpTr8DOQ)nTH=MgEReK0ce(4<s*G7
zrF)%{nQwy<GTUFp(=PL!O9siz1R(d!9QHABgi{P0VV96@%O0Py#3vJ(!jC+?Es%AJ
z*+XIrKyMtf*3Z9;sHv1gAulkgz#@#YD0@XT(l0O#G&sKsUM|>>*zp4F9qn*2$*mN^
zg0A!0A7lsh7U=4?z1rVEOaPA)Va?9X;iz4ATV6;c=sJ~b9xj1m#&D@8g(9kJp}1^@
z#fa+guni1BgL7c|hq*I%%x_{gaT3Gp)|O9E@cZ2Vgu}Qn-6%WV*x62Nhr~7Fo<pC-
zFo0=T<l2%Hy6{Bk8ZyeL6Emi~?VU^XpDa1i8!EoaqbZ2nAn#+iw7{dfu;g;AbL``m
zq?66&!c_Snj;KRLj5u4$)@5OA>iy!Qj=sjqSCNOc&URk;y~>pu1B)8R8nEtN-S63Y
zf3X|yzW>RdIMbnpi=}g11m%p?<V;KYjq(z@dHAv80G7o*E0dj=Y*PG`SpmtlzeRV%
zM#^H1l{RK-sTi=1^e`G&Y_PK1Ihz8TTCCJ^EMGI6>&wx!%dtSLqKnqL;x#hQ2E7Ur
z{&r<+e++xCHdI$)M!5u}J#AewHDkRaX8>@K%VdEya!P1o6d>h?YjhL@-bk47A;k#f
zmQIeK5UnV<uk&WkG9+7lig#CVpn|7!lV4uMRi{|$*rQuu7vB{<A|5$_zmz2>wp@nU
zlX4w7v(W(9^G{#L{{N5HirpMEPMIgJmvLy_UhR9PNdm|`?+<GMa;4bi2D~4(Q6{ha
zBa*zY=$236qf=}u)t!zdYAUJ8yR0yODx$Yi!?c)rxM)f}Z@|`Bo3Q2!af#4l(mpBY
z25?Ol&asT8agm9$=K3PQyc;~6ZLS;sPW-9;UqGhCi<d~}nL_4(t7AFJ&o?@FS2k^A
z*RCqT!e`Omb>`KJFWm!4qr2f%wbq*KHP%%NFerZ9=^HAqOA1XCXh5Q*&s6W(`PdQ_
z#yX!G!2PN^;o|_ort>51M0E8w*i`56aOq{I;A<Zqhp3qbkY{c7W7qhUI0vS*pb~!O
z;jm8w8MSjqWfYKs6A2!1K}8?Krv$YLm2UtsDHc%JYg<qOb9ePdNpBij`2`awnmIT<
z19SGF?D5k^MY4q1sdqnW4SXMtcW$jvwLcj(bbN7g_6xY4jrrBx+@4O^35HVu!PT}C
z+ehmo3AeqUT18#-!QeOXX_6_vWwP|zsdD}}(!@O5db;DlCW<Me9x|F5`5rRrb96ge
z6a!rf=ADid)@`F#=PD(eY6i>2Z5!CRq^(o#aY<S<SdTjmJT1T@7<pEJ*IahU<G>B0
zLtjk8YjzEae4%X!@e<n&#Y~Yvw)tz*I<i~U#9pRcW|zc*)Dln7udG##h^+mcp88Qz
zfPwY(jPw*M?Mi0y`265KX~=WFxN-4A6TwyJCA%-TLOXd@i)0UT5dz4ahdfF;-MW}b
z&`gGy(1aAHC$?FB<0FX-fSyOq4&W8a-6ic^pCr2>WJ1@cgpq^o>;zTZ?H<b!2yme@
z*V{)T1>Ez)NHPpu+X@_<b+cT?(=o+N8;wAo<eE4udC>c;v*Q`39cS#=6$23_dEFZP
zkM)GY3cj?eb?Gx2u@bS9;Kl@8k!kus^Cy`UAy$(s<17kY=1|_PY})l6?|oIgFk5E?
zZ4J)JrDabg)X0J@OXT$^lJ+As@;EedfW@+%CN&9&ZD%1C6Av-=>`3<Xz;10tw>zuc
z2D-h^=2*I!6^TZe5A^lh6qw3RUl(_V3mwW0>&$It>;&|C%_%1IIrA@U67$yzv2ar&
z#GqiA5fMTDUAY6gQBDK#a&r>^yQ_(Zxzr+UhMUcDVr9mRs~PIE)4SzJJD2^bUd!b~
zkck>EC|wqTS=MLX8L@7>jL_u<>>`u}0lRXpY`O7!&~9ynY%ko&RJQl6p{0^!K~GF7
zjZFVNnLc(Ie8C`r6p#A*%7OBIXHc_~F6ZS@q4gwH?#s*;Q|8FdmRAnUHc?Ve$v%^a
zj@fxQOa_LQ1A>B>-&PH^EecnlQ`Qzg{kp#TM9T-~cYUsuR7H{ka&(Yf=+o2L*{hPn
zFD1z6j4x4}f26$O@T$F-UK+Cn61B`f;uTbkRvem@&D716jB=UKERh-6trZBk6@;Ca
zN59}H&lkAaznXlNgFa2oSVkd?#xz@ifHKdtA6SxOk61J5rbNf>^-egg5$~YT$$Q<k
z!*Ykn-zYLY?2=^_a)x&-(FL;oa&~@(iz{DCEJ|6=f3%o3BEi;oeo5h2GIGi0_o>Ux
z7@d)mCi~h#bY4EL9%umRfUdFV3apgC?Oo@VDptZ@e#nG)AA!{6PZn?JM>jM)-4$Po
z+OR+7GKc9Mc6Qh8(k`Yx3mc^QXrAn*V)y2_6O<3Pb&<KB3*)@WsdZb{JSs1MSt)Wp
zQ<K;@pSd41XJ;xBSZy+^{1{5=)Yp<Drp>XH9isY&L~7xC%eWjnQ>wGwSt;URl5~>%
z!LL$^nyF{3Qrxvt6}9BX|D|zxz{B}<JNuVk)1*TD`GpBxZw80I3N!4gV&`ro8#IUw
zIsa{1%hD5PI`%>BKf?DaO0<FYMt5Ccm1qWM=_^`Atvu^TJgL@IGpJp8yVq?|pD`~z
z4Ul>|qp-YP3P!%6SlUc63+}U?TI($%hm5$<@Nj^zla$-ZDcBnuPwb-eH>zXn-<r5v
z;AkqA4Ubb&${egH`ja1yDhh1(*6gh#j-6ln&#}p2=A$qP0*B$90&})<2bkpb@J`;{
z@&$A?CfNH)WfAimMNn$y0au{Enih`b&F3T7X}Wr~WsZrN@?(dRjuZP4Og~1TSA00>
z6%~@e>)CxW$h3s6>5=+s_E>S1MzN1T20wpu)ZO*8PE*T;+ApvH;*#LKJ~v&)ah+?6
zFQXq%i^K_@U&khPC{I%%1rXt=FU>g4aafGr?tIXW;I~hoDe9$+Cr``^T6}90_i@2H
zdb2SGc&g9|`>|&Opq_Cv8_oERBRP67p%wpeI|yuU*_~G@QwD}s#p&Ez`_kZB-nn_V
zxqSuNm8snm#kp)*d!jkaSfpCbfflQlY1$hcq$C@dxg8%DbUlZe=LLYuFufB`6S3e`
zw{uVm`+AHW4`I&ku^5IKAUag;w0&6<q1sj+#mSr==x;pp4$T9APB_8WK_ZUqt|_b7
zshEH?+)_~;MB-C`!fD1Sm496^@|k&nbk#|Z>1?GW)V5l?)AUseydt3|Kcg7=v_?XC
zVImy)^f+Oa(;Q!u)>Wk0vrb~-mR?vb5V>yE6KvM;IBa<3G}bLQY?q*uyW;=>@`m@S
zqaC8<TDHx%Tw?hqES3XrSzs^WT>Ts*h?oGNOj98ZN-6B{<7?WFb{}5T#<X<{$%tqe
zPiT$p*u6+I{&PR<FY~d(nUN(D&_(5%^la^c^6{?NnCltRwahnVYqd|bX%4~BE*?iU
z(wyE{qrAyRD~SC?{JM7_`9~iw<heuPpKa5=@UONN#pxZ5xz@`@??H9viwO+!M+{Wk
zOp~gK{s|wqk{64T$bX$)w{Be8;d%-Ah2WF<?up-y@w)y2G8wR?9j^GTbop`iwpcMI
z1f3=69EYMd+uy*}4v_gt8-Ho{54^(V+q*WFTYZwMJ(jEqinSO>1o^D>3PTV5Z_qC@
zGufPATivmY!`=5pIXY(-wInNU8Es0uL7jY`-H()gdd^w~c*b5T%h)@yE;SkKxfvyx
zPMk`oQ9QOC%UGyMPbOZ08C9M2<8&o3jp6yk_--^TJzF3kJ#<NlHC{4ZvDJ<~+OUOP
zB%Oq{<CC$sG@E|RL&VKrQoKxhQL7ziG@J%8q|Xy84Gdc{V?7fwB>?)vqJN9Ob=A=u
zPbrgxV2n3hVwcKL=jrG%j*u;~i%CPs@~o!*GcW}f|0uA4SaRWsm&@2*vJ;4hXCMyj
zcoNUO{EcI?F{^UunsHu#j1^VhnoJHDvCOJ57ON5|Zz7%L{}l8*nwbV6%ewjmLBwkQ
z@SkykmEr;7KOkN#9noS(`s+*ko9_`L5l7pH{1qIGzUl0YeI6%__{Py!i?#5PclfiL
z*)z{Z7B|#|JMNl9yeaaGq3&f&GQ{DK%IxqQmi{M<J|m*XBik+HTq3N=9#HB-k`9n1
z`RIdRm;MK2gyzn<uz%Li2wT}{l1UofuWV{~ITKq-&|Tc*U^dZb9}I&ACmY+1g!+j@
zTWMY|^Ri0m1(I{MN5!$y5Ln`FmZt8Nz!GnjK%!Qsc!YKOLdKDF3z(KgS9{rUp>}Tc
zuibH(jM=4dzWC4##Z7klwbbdGgutxwFh5|%jVS?E_$TX#05<(mi6(Vccqk@Zq#s8;
zbCU$v@<ODE1e@#~z}s5R_Sd@}Hvo2{qRsJkqY};PJn-~U7SFhcvo{|)+_9m3=y3NO
z5uezws;qEAqI09E_BMYoFDk!uXu{&KR-nrV{hGI0Cpmc6S9mdb_9iv(DYsOsx+Gk|
zCL**bJT7gPk=jAQhV~qPP2@`qT~OR|kxY<l-TrH-q*>{s8Y`-&K#2<46Wz=%8+;~I
zmyO&JL374nf(bZA7FEq=)@irK7_Hgr#KSEY*y(U0xFco2$H~R6XvZdsdSi!=g`A65
zGqkW~c#jmou+6B<)x5n5G{{dwChVj3EI%D^oTS*m=lDCxrAGO`kBOW^QP0*?>y5mF
zlXk1Ue0khA@H<-uFS)dh`9X5hSdkf@;vahRU1woETO+eufgMSkUw)(%II+74&nq~u
z`*x%iRIqbKHs$Pud;j^8Lc48bMj5E{$%&maxM^NK$DQ(*B@C+FA!B%_Cu)}aF_5sJ
z;E@|Yqi-{|&+d6LzYW1Ypy0%L^4(U1eN0j}`?Ihu&#ljP8j3roblj)q>G>X~iC~NJ
zinlM@at-d?FX@#BQh@m23X)kVL99~odT<`v3nH(DZ7f?@gj<4RZ--8jvn<CI1!**q
zr@&d4^`iCQ&w<e;K|E3<w&5D{4dg6_PmAEq&kv7B$>vKJ4qZ<7_o~O&$>r8+xGPZe
zaoZBx^+)o&3LX?$NfcRifxVN$CRPtQ217`-UgI&3A9pjj5Nv!|yCN`oO=yMSLR8r&
z%Hfc|nAU52=G1GnJsuQGNfb*{WUuj8U*kJG<RA6gu_8WY4H~=Vb{SolLv?)5xZaC>
zN;t+yJjUvwO!+4ot=9yr7&{snw73}zyGCG?_<eKY%Kp(q`N0snVT>K13dYFye=~>F
z!2~aJ37Ci%8i^NLJydtO)LQSQ-yNhsC5(+0KmNm99&hGQ)qJp<60Wp*2q^!=Jo=j0
zA{CdoN0hgx@xi$%G(J%9qR6TbQqmRA{`y#XFob^PHDPlIeb8fNa`BiKLG0G##*c9S
zZ&`g1yRLZ5*T*u0Av7zm3G7pGczZl4jD-W)lf+`)JeJ7}q3L~1V3LZ%(c?+_zm<I%
zfBDHf@*-^GyRPCc=iWE@@at6<(pe9mI*kpIH@}@+%Dt3$1zGp_%Wb|Je&6)I+~>O`
z`HkT1rG0X`D{>zKC%3=c<h#;VNBoUugFW-N&i5XZyk7{&FS2}K-T-vr)n2>hvF<^+
zaj6Se`=a<a{5ts!*2PPL7mp_it!^ICzPNRQf_<%L1=b-a$sIku`a^W*x*K6%w=$Op
zJe33AbK%5VaV6m_P0l>HG>XeAM3gkT{hRAtm+IPG-3o{6$^`GXp-l&>Ge<erCw=$?
zDm6q$+bp?V7!UQ?f^upC(QgE<FkZ=;Wd3wj;A+H$9e3EZFI0T!x|H7m^pJZ`ZbhYb
zVeMMQ<b|(yUG9F-;X^m3U@=oWX|1zS&f+*q%(sS1iMm4dGV#g#?M|x38J11QtJPP%
z>k_+(PH`F7?+ozX8DQU3ufHp){g{61_QTXqe6lJbv~RXriCZFD8uS?sZfMM%M!tD<
z^U14(ccIZ$zCo=`6ehZyQzu4-33X#rdbQrYlfZz0kjwYk9^dxed|oAiTjX=V=@i8M
zv1;K;Ispp)@TymJOSLCB+5h0mHqBD{!H(|M4W=*17D$h<#_Ow#GdtE>dT4G9N!hN9
zMdFqRCGxxnBp?LMmhG?*Ou|hFAJH(&fxa{>?!ENe@pF<S!6d<l#ETNnen;L3Nzf2^
zG>>b1K(`L!&X%UL`-%5aP_5|1BUpx>U4Zo0Rx?&79~lEg%af|OjtA=nr~-x-_Sp9M
z(3}<8p=+&)gFZtg`Vp?-uHjmGRC@lchh{jM!UAulh7?#kEt)CziS23EVE99%_QVG{
zZApHirz)!|u8|TdyII->ly8pJKz>fIcTM|Ze?Xq3K1qFsBv2qwh!(#aK|R`Wk0zB?
z|G6m6`jaE~p-<1^pEdA(-dOMyWFy3}#j*XthO><W(dDFdiL&w^3jO-&>o+s0{f|;_
z6XtqH6~x-d8q?Usm_6Fxl9o%a5d;Kk*3CU<UQ-;^3kU|sf#a4Y6DDh0_?r3Km7kAk
zQIz>O`I;{9L~&JE+DyD-w&}F(WV5uLnBu`KXQ<M`XM<Br1+j*W2A5MkU$=(ZKv@+>
zan>$xUt7x<?Tlg=z0LLgC<GixW|(gSwOxoNSz}sbnkPkZI`}#zf_-A&3C!kOsYb!9
zRVxIa<Bsy79@@qp#>TwK)=rj9uSU--%XL#P`}BFSYXVZ4)18)S`wVszmx+5>y5zQ7
zU06F7)~6AR4M+S({5xz%H7+zvleYWhl|h|zR9_P3sAj2BgE#OuO^qH}&UX}lBz9zQ
z4RF|y)u`v%3beblKE=Od>+(L*=qc4)irr&a<b;%9=lTpxw0(c!V7<%cMD#=y%?=5N
zM5}B-w*=E;4}{!4x%pB}`xsH5N}WXRv>!qDi|iOqX-;XznsjDadVmLI2hS_xsTP`-
zZn=Gc1iJ;EvOxmZrUfSjzm)hQ38<3L-^B^2(!9S<e}88p%_zs1k^Vh{ATfQ{xATdB
zNQbYE?5HG@Zzql0XFp$M-@e|6Oesv0*0U`E=>6Oq)+=%>0h5i%aHk#(y@x)gMlq`k
z9Y)MDAKar*+uFa&#9uNy85+4bM?E7oo@OgW#7^(5xLrKo&X{7{<q|K`<D!aa7Wm>M
z%J$7o%vPAKMIf0wi@T8svkjrh%1jI*hHLO{$4A3(rhx$Cra=~yCXUEKrWl+K!oBtw
z;|}&JMO$Ut&v}^nx^ZAh3_d&6SLY6&m{_y;`Sn)MJULluS>49j;#s@?=(v!$I_EI9
zup)IG8`&+_+;A7j)+IB#gRs^_ea$c(DYwADC#UoWc$_hOp+`hjv<GFaFg+B_sesdm
zW0kF{*7d>(*{4!jZ}C&jB(n5%q=zC3<5y*~WQQ8vAWM2uRC?e@3oW$M9(DaFZ=!EV
zpwZyiEI_!JbMmU&?W<Kn&GF(*>5VgPT{x9OEQ^<#>mJ;{*f7age!Z#gN%=*?Z{+1d
zMz0kf3}3lI>i3@CQ%Uig$GxvN_1}|!y_*|^%5gTY#_vO(QUynS76EUnk%|vxkeglA
zth@DwVBNArcT@hiTay<Qj@0~v+3kKKuLloYVq5lEFK(>6NxrOOM)n&m@rWFYjeW?S
zXE&JLF>l7Q9#J;{D^U2NL<Hpewkig5;<ooow<l?aZ~f*p(lB{_@!BPSs4IB0CgE~M
z-B2Tn^X|Hwze&iG;=m75j)I(%+M_xGdj`+&4D0wl=@2yM$zNDe4Z9KHA^r8;=JWN$
zk%8O`SNww|{0|9_+PA&FTsFHL`;F-9YGUx#Zq5*n-M7oRr|q!Q<B-x8SDOo#M>Tz(
zFU>ZcPa$7Mw@-y-4j&zU!>j;z{w8l_RseA0yCCb%HaQAgfe5*mwk(+5l>UAI(*{b4
zfmA<BJaHH4s|NihTacjSLaJ@Zj|)^2pCm`pRrfgKXq(rNzj(4vsHI%f&qMJ8TIi=W
zY4usE_i~UDv<yz408?Zs9luE)l8Bd|v*l;(ezL59Tzv_tu3h{TMR`Ay+44<YELrGU
zZ~JF-zqgX3c!N!O`a=Rv_T1|?TfkTRC(U~G-dRlQmvnu)#!K4&Ey4T4H;D@V@}z8l
z7U2s36UV*!5bw~p>U{#w1+7Y*<r>5sEgNVWH776OjZBK*@lG}1@$A3$z*)2WKLCzE
zalfzz&dPfQE2;+?T#~8kptvqDQhl<)8yKnT5{m+(vV)cIhQOuj(+wf`Y(p$?Np1;l
zuO5-x<Ih(0h-HDxRY%2&z;yL!Lpyv)@#ThnfoZuts8y`5Iwn>IW~-+g4#KkyUGTh8
zzuC|O-)=Y>n5|JY9D|b@PTX;7!>ORTW_iPzpsnhJxIHjmli6@CFs~f#=3>i=h6`|>
zY`G=qt~w=Z1Gj6|G>pLo4HJq{m)nE>sxzWqQq>eTOi3!a9t>BVX}F5|IngX7)s!?`
zgEux@hc_wpEe*HeZ8ie$v~jS`rh!eiG^L&{CCU2+cUN5yZBlC0nCO<4*H~@YuuHMm
zmL2S<3E6U`<y8}+U&^eS62s_2%(e<{x8*CA>-%i$(37j;ZfQl$L0i!sciA>bE2^%E
z9a3Jst9hN`BE=hEZ*v(OYOa7|&6RL_^LBV&vsTKJ_li!|A8gh~uT)(Z_e*Q4Zi$^z
zL48-V8SZJeDVFO;o83}@{A_eaOT_NLX#KHfKYT*$j?Trc<-}g8u>MqYSn+Q7j8Z?N
z)Xz0{z!#eL!(+{z@I-UBR4DHiy#e>3t`Uz*CG}Iyz3|oMKKNQQTIBZVf;LSYls491
zZ<c+lc_>D;>Ee*I$xNDuWt)qX`gxdZz6fiY$KkZ*NjSav3Y^_MBW;rRit*;$=DApk
zHe0KgwwPBn-;lOwbH!n4o9vcU?JDuSw9}m5ya2EBQfa5$5*?1WFFIemDCxB8#Bs@F
zF7onsyuq6yndJ7^GQ}C%B5_i(n#;V)6ldJ2S9o*aO7BW|yLUCL^{$2W-u1BATO7+V
z+q|X0eC-DDisUl8z2&i$%F(=wEq?E2I4oOki4JPZ#2G1M-tFD0c*j5La(isGwnChf
zV&)ESjTDpXv9;#?UPElXwo<$ywVOL}=3%dJr{3*#z`b4%+~<|x<K757=-mSkdG|`~
z^1iWR?RIfN+Naf8sdUgh>^<;5eBOIVI;hoKd8tclwx&ou=8N9LijUl>k9+&29<9x~
zOgd_w^bXwd74J#usMc-GkdD>#*vjCewhH)|Qa@p<giqPF!)I(-_?%4-U$B{_WAa|X
z{WW7YTd-5>x8_JEv|;N?=~T^x%?(c}zN+||%`csjpAB|vcUxCWXSBO*VcBxM=DKaS
zG@<RVu9eQ!+_H5j-VaYH^(nc&i`Y70&ejcUY`t)rtxq~9?-lIT?zgU&E@(Tg#nRZW
zblY(_+cpU2+J@j&wqa>Z+ifkCCU)g3US~TW?9=vI%cZGZMYfBI$KegONoh*kYrBGa
znQaEHu+71hwi|N0wLExy*LK?iTC{c=9Mtw%H%nJ{>Fqphwx>u}wa2YnaTVa;&@P*O
zS#Vf8Xx)MB-S!OFZ_kl!-GSrym3GD2A#06vO*?Egpl@OON@=3znCxA<?W=KS&>lR$
ztHZuFcu}d3YtLH+>H4ny_VtR3rR&%p-qmR@g}d$LaIbwc+-KhkAGhy-2kkY%$z4Ns
zL+}cY<B)D?yX^uzZ1unwtrGe(Y<IxtWy>wW8SS_=5+u7W+CA|2KdrRS?V7Yp!5h1-
z*dxIO?WA>2klQt5hvj;RYA5Y`QNLo{tGurRiVwkaO8tiYFuY(tB2DP1y&vZ718|D{
zB)rUi8t)zZ;{DE84+J&ZIqRWdnl8hB7S2(;Qt@j0NH9%%!+JQFu3fMm31;io+A84n
z_EET4ajE@MFuR&s`-8c<a{Fa?v*NAxX?TZyHpI(ol2D4S#y*er3DyRoWjcfXW?(=k
z*l)uQhblgUhce`OFqEV7IFbUhI?0h5n3ZRu&`Mpzv0R>&9GNiYn$T+99>)qvrQ7Ss
zlT`BOCA3y|z_A9O9o)B}^}0ij0_mLYu%i$@;wX`(bp6)yP_cY{L#4U_$42S8_Pk>g
zjPnpG*PV21k<W=^8ytV9ryV=tvkqM_Tb^-ZrREv$X(>-0`D5kgIqzAi(0s!?0xx(+
z7suz#@+cSEYN6gsl2u#ey$s9a%nl3hotDQO?<|awBvxZd@y<&<mSx_XQjc!Lwh%n7
z8+DjMn{}5Q*3eenWrr)YLpSa4hH7-Pj!@u;Zr%|K^y_Xq+Cv6xvk%+cb{q@|wJJwf
z$Wfc*=m~jhQyoV`QtfibF|4mHI8I2ZwV94np-Alt$C=QcstLzADYG`uaUry~>ZoHZ
zbfD^(V<IqHyT&mU?5r(tTn!znEp%K99geRzYD*l~Lq}>iI&Mkr@`@tVU%SakLIbs1
zoSb|WoSJ{k?6upRY4A>GI;=zAPS%>7*`d?5R%dSLY^}?=Dl}5-b>@dgYeUX;p-Z(f
zXHn>KZM(dtt=;F`5I9?VP+mLLcFC)h+8$>a)~?FBvG%C50zT%f#41j{H>PV(IJd*6
zoZ8TA?HQ*&G+%qpX%5}2o>#WK;Isu!*N!>eq1&|+^2)7t%IU|eTy=)wYw{Yk_PTR7
ze9PGpIIAbl{V?b349w~^&Tcr(*&CSGr#t)LZ0B()NuTQ+gjYF-LLPm-b2xBXzs`BS
zMWrutUJRX-&p=C(euHy7es8y=>dTyyI8KH0ilow4I%isz>$f}SS~BA+Oug25qh*C&
z?_6lflRp<NYxHIp#VQ?Z^_Bv~g?gKdkFUU6N)&HYyh-sE<yE#R-l=!HQUU{dziV0G
zq(1D*2%MHz)Ga#wZdcA?-K5wmf4*8=`VQqxVm;jARUDFg)e_V1cdcxRDfM>6`}Ccz
z)q%_UZr56@hp{SdIjHY-t&gvPTe=kYC_Y+~XUoUA>T?yt$7Rc_)|O+6Pv{3-rSX+&
z%PIYkt2}U9KkV8Jqa7{hU0dU;)|NAh&ndnjf9hMt6i>vhzv$Y5wJ27kEmQh&R}EI4
zSeLe3)la$%Ql|cjOMquw4y-v3x;$80%Gc$Z;_Lc3m(+5r=DI6_Pq#cWPv~#B_F(qB
z?!x$~UvM1=6K%KakUS%}4u`oq>N*k}uH#+(VNG3%YapCfx6E}ioL-mVIvvhl9NU%A
zyDrCdHk@0x(lvt7c)>LqURAeR9trE#x-NzD>(;w2hu75=+iAF{uGBRh-Vk2{)Rntt
zrK!5j@+?!gRUWtNcF1#dU5#r#Tvlgr-3(V?cE)U5C%A57*2Ab3uH4nzs0vrsIcy!_
z?YlNKCP`Q8JdLS1zNE~{;l|}SPNXpt$KTVq0^Zx0huOTZaSe`qps@h2c&M=uKHOM>
z*FDmRF|e+`aT8hw8n?hF8!`ITot9^cy0eWt!`ix$Mjg%x))JxHb)$`@&`J5-h4pop
z8m;k>Hf*lD+~~q_rW?J%Y<Wfw+v;YmhOoPC-nu93ue;e83Ww`%H^#!d4XVcWaEE-}
z!uyrubm~SL_l3I+NsR}?z490y?lYt+s~xO)!p9X4{$o{RT^$}$JgoS<;)_Zj#^W|D
zZ|ssT7&04sq%p$^c{L)hOv00fyvC#PI_5jM<%+!C2+!=&+ZMtzhBb}H;_Hg=oZ=hG
zyI3$3G@fXsa=n#TT4oG|ji;n*hLXlJSW#eI(VAk|*my3!iU?0C9#(u2*W!Y7%dn|&
z4BpZ>5ufqH3$k068MZY}#b^1}48zXGt3hJWHC}_!juunn^&lsoz1AGXD;2Mn=c(4U
zvhl7J8?24DFn41HZ(VP2xd~=!%;T-a2Cth7rW-<T4IFc)VHPWQrw4Q8Il8q}ak+9H
zh7IlR>>y{@=gtkL84kKv1+xuZ?tJN(p~t<hb+aYIdpl;Z<oHyPF3U<^61>`%D($qa
z^(~hQEbD!lfl*7bZ$(VNHhFlq)VC()u$21>@a$$^AzHTjN@5<%4&O$kp<Lf4X`7|S
zw<RWN(|y~dO%{W1XDnh7e7e{ki^FG%?bR0ftdiB@@wr+rStOq~cEA$xg<^-|=|EfI
zi%Bud9$$Oxuw^gS|3@qbeEVYkmP5XS$Z=+0*FV<bmczcD*ns7T?<ng1zGIOj%Yg4h
z?4;$S?^Nux<+Sfi?5yRi?_6xeGUB@s8?}u3#$uP^3Dit{6Ubcgq@!dC%O&4b>~cKi
zSuUfc#4_!>ip(X?_0#6<zH9KL?|N+3GV8k)o43sSN$hm}l)R-j&Cf|2EjRs|*v)v(
zs(1O*?&Mh|V_I&@xe`gRQ%-#T^gFMv^=HFMRuWYHTqLG=#yO6R*)AmcdRp@8ulrX?
z8--MVe(bie+`kSv3umBBC1m=G;%k+*Bw>YrgJc!*{AE&)u*P4}mMRqZE8CXG^Po`Z
z-`<ufl=!u6N*-^^6E^zw$ka&IZE+U}oBZa$sGOkN3Kf^g4pu7ljmoQRid)#?w@HP<
zHe{|6VW;0MZIttG+ZI9R_b=ABDc&ism)dlTXA<eP%_KXtOzu_dGQs2zw^`+Sn@h1*
zu=;mPI>F`dKzc=nZ3_ur|NeMlZHp;xSG>>c_jlrqh5X%cOtzdcTdvD)J1DgKd*ivX
ztxMSF?~_8pLH}_W?P%%p55_ZQTaV(SijT>wxV96DPboel^!SI69FZT}&Iw2T!^nw9
zk!=@*WB&6}mvF*=5kBP~$2mXapNtJC*JVuc1n!C}EneZAe@2Q47yNV5L1D~)16xk`
z7o<GHQFl@6RwX+q^N})k<wz5TW9|*DI}9h>Wvw;Z-R_FeZNn*drJV2F+glBWGqO?F
zwhD%GZhfl*HsA3Dx2@G<7<0Q@CBp>v8jEK-!<5_K8ZlgThg<g;uDN%&?loL@ceEZb
zoRY^+*}-wcE%*MgMowp~hZG;)wcXt*O&N*1yY+~XbN99$(GI%%f-^>q`*>@=G0i>L
zI-vNZGESae%vNygS!23;sC6Wsvy9p9;nq=OuKRrJCF3gh#n#KleD`?kv~it#63%yD
zX`NNZ%z4E(jYaO6*4yx0L}lFIz7a_>mbn)qN%1+wSkXiysf(^`;v>tA+nZ7%nMQ5X
zvX(rf9`jMI(cF|F6&P(zIgu4cchky9p3&d5I<iJP*R(d6W(+s24{D6Nn~J57JWhr?
zWk(9CDP}{|n@Yo-@s*oi-&7tcG<Gy?j+AJ_O<N-yjr*H+L^c^an`&CO8ZI;$T0O?@
zCZRQA>}_&Hwix@GJdth2<4sazr*W_;BJDH|xho^Oe>>W6)1HXQc)n?G#A>|QbRgm~
zjyD~Oc#V@yha(~5m8K(+m~p15KhkcTYZ{2`Gu~)A898WNXgVF~GSQ~9FyAy1(JeZq
zX;eC9TGn(a(qqbKy4*Ty%4wR895t<MnvEPYt!|o+oG`6zx*0iTTHka#a>i8bQAN(l
z*Ee#(RH|KwjG4+kNs$TTpa)~VX|rc}WGa5`Oj|vfk*lU1o)saFsm7BRxn?qW*1&?N
zAadR0@DxUFnLM77aK84u2Wt$I<U!6dMLb)g#I(n=Ey|hpdUnDG+&7{c(;<(p<(BEN
z#}pVf9r0MBX{LUUE1GT^@OY&{(@9S#nr%AmiA8fwXFcuFRi+VZq$STZ>e<)2*L2Bq
zFq&_=?CHXm)1IE_y2V$S^&E{BndUvmLMKf(Jtv|Yw7ZSN(izij&#7pccF1!kT2Zg^
zoQqc0CwVSJx7Vk7#-iH#<))0NRy*#Qi0bPzJyTJ0HT7H#=GL$9T#MT3^E}t1?)o*J
zTTy>~K{JVl>kFH?u%^DGnTzg@r~dkl&6;RO{if!$=ze+i677^%Dba5ETa;*T{1c~q
zgHb83D1tNp<I~}Ye^(IyW+2*Ezoj`ndR(60ql0n=j}FOqV{|zF?T|b^1jp;Qxhrve
z<-3~toz2<7Uc<TO++gqGw>R?lDl_#u>&obPV@LC<=*4*IuQxU4N5|`}_$*UG$vw;*
z^8q2uhs+H^nOn@?h>H1$GK8ZElp~3B3DuA#G?m^(lIh)aIax|G=)L4Fx`N(MK1TEC
zgXC`d0)2tp!<Mm6k@SSk311``3El)B$xL`7;SG|VqD#?{Po(HmzDaUY_NR1{ij?oC
zyg|O2^4p~eB(yYT>00v2(t@Q$WDLF8LR3UU2uUGJNg}z6RFWlRE2$yR5FPnC*+ITR
z+DVvnkhe&LyiMLC=g1$JB=TEE!z7cBn5E3!48vqFc?{2NW-6I`nC(m*lgSvF2(yZb
zG5eS@<^b~o^JV5$=1u0S?91%Sj7#NEIhjV4qzW-js+j8Qj92xX>N!SIeOvWB6I8vZ
z`W_Qj^{M)qHr0UYC(Itz&s9HXI#jQze#Jbe{Mulj>Z0l`=G&@C)n(>+)wJqQOsDF7
z)%#4B>O<9EneVFpuKI{MoN!OVJ<Jah-r;zrms`rMVMe)!xrdqS+-JD;%!k|)Tq*N6
zZX;LDe8fG?RZtbTnfnUmxMw*%P2uV}fo5`6&P#K+02iYVao^+)(9d!QxgPo$_Y&7n
z%jMq?&@J2v?rr)dZk!vZ4csMeirTnoZkjf8Gu#aIavyNlsgJwC-J(J6@7!$~Q4=+x
zF*Q{u(l+%Hbvk`cou$s9FRE9l*U;~&A6A#pe)T4GBOOxv)i2Olb(gw})u_AGKVXy9
z1L~i!A5;HS{d4vn^=b7l*-Z6o>ho;2dPMzucBT5V`VVY@`oGj4u<O;=dCES?oB5k;
zW#S`=b?kdfpIG{YDwQzAOk%KxWaGM%4HTq+3{Xr~3X`S&jay2Gg)60f!i+E{+<0nA
zSP*IH%$5>yt+-w+esaB7Dwd0z#jWBFvF7RCr-wxT$;)EOlV_it7MF<`Vve{{T>bRW
zlc#ZSsc@&yDR=sZgke5nJ|YzNb*l2qoGj&6E`<J&{*W;AW%@Fn>!+^}mi~<Xj3g+(
za^dKk^i9Ik-_YOSbMY1(B}sIgjuQ=im%fWn$9wcWl0vW0|H5bFefmB=BRA+@NgB(r
z3|YqFKXNylz;a|ct6?=Hon6i@Cm(0i*>sY@-pgi^d)YiTk7Oyogvn-$*dmg{7PH0V
zKDLB?f~=6QFv->YQS(Rg0Q#?C(v&kNn+PSuE0hQu1+2k@ZNg4LCzu4Q;1aNM5<)^u
zXczW@gF=_kgMXQXqrx%agm6kYBb*a12xG#8FeO|St_jzLTOtvzi=1#x)ClK9jhH5;
zi`inXxJt|y*NH{q2C?kl%CJ}=R*Kt2?VX|*&7w_o|4Z?UVR5(Ef!6*1QqGGPVYApN
zc8k4u{72~%kBft_T!zGP>{W)>m=v#wGvXZfx`87ui2JQnG+TLV3f@1HcnsI@i@1ky
z7h%+p&q+E8OEOVZWF`3|Ng%6H)a27BJSjv;Bt<Amq!?uhDJ4(hY<>YHg?t5NDS4J`
zC#hs7N*YEV9r+kBpe!SH;vjdECgLIYkO0cZNefB_My2P-z2w^{S>!t?+2s4AhkSzk
z5amA7hq8kF1m%A6Q<PltGn5C&FUcA7?;J`VM!+%hAQ>mWBdf?eD67dIP#z+GL|H@T
z$zRa-o8-UA!{j!~XBf(;Ndc3D5wMU+#t8T*M!-~3gb^@<6f@b(edKZGe&&AiIgE&T
zq!eS~X7VJ)#O-7w^EF0GKF`!JHRKD7p3##{%5Tb^X3UJ4R4^hVl4lqv<06|G9}^;5
zFoH(NHjJTd<XPtH%pUSpri1AqUsHZ@wiDy&2~x!jGJ|9nGsOIY=$K*VS47Xe&b&?x
z%p1&kVpQ(mdW-@BG4r@^MC2X3gIM`S-c1_hUlI{JFYyv_@L@hoobvC9h>PFLf0H!w
zJ^T+y6aNzb5^2V@ohCPwdw(6S9<gMDT(An{gLR7(EwTZWk*`>CEvqc~mUWgQ%LYrC
zrNUBa*>2IodW+d&6Xq>$i{BEq?6!1R_FFnF-IiWUpXIn^&@yBhww$+Iw2WIOEmtfv
zmO0A}%Yr}!UPwV%CS(XX!b)MauvS<v6bq$7xv*K-D(nzy1cPu>5Cn(d5hNiZ>=E_~
z2ZTeyVd02yTj&=Cgp<N)l(WK!Fe+RUE(_DbtS~F8#3V5l_cKi}{~z|g1}duaTKmk*
znGt_7A~i$_5=w|MXpA9-8bj3@g9PEsV2OH-Rf2Nn%nvaCGgxbkwU%0I)f#GvF@Dxk
z%B99oLy)R5*1u9N*H}V~wSIoY8fq-@8n3Z_#@xN1a|T8r)vkNLwZ665zUz6;<~{G(
z=l$7xzxzFAO^rU<3V&+eK^Chg`~07>?>s6)Vdb%~@?o&@FTu)(!^-c5mB+)%N5IMx
zVCDD1$`fJbNwD(!VCBiM@)TJ4{jl;>Sos66^3kyJ2Vvz82`yC8VC!RH>*HYS<6-NM
zz}6?g)*pqfKL%TWoNQe$WWc_^0{ebKH%ga8cF&fb3CsQ}EPD$63(2Xl=4r6zufdw9
z!<wHWYyKAbzzez;$Opbh);tr|oDFNv(fvsGBk~8f>0GkuH^?8@nk87XRo6mxJX_bQ
zYZbm8^K#6~LP5;7m~FzdF|WnEMp=q3c17$OTBjj2_k#tUuT2nKHH4jn-GnBs?f~Hk
zp@ndQ>%?KMT3=mh_TL8DNP!&JE?>Q?!Pi(?a4WdZwb!@5bUvXlU}d-t`VN)Ke;eG!
zb<Ef7YV{p2b@hP%cD4E1OTC0}V2<mQ?{w+%zYVlm6<FXp>+2|8<Lhvp_jLjneO;yN
z36=hHkhcViO1B3T*Ja-o*EQeu(wZLN@122C*G<1ry8AY03iwM81eTVFeiJarKcpnq
zA6I%r1<O3P(v}|Z-zD+>5v3>mBlrp=`jbje-X7epB*mXvGRB`)dgfM?jQ3B7=#56n
zM1Mx<xgL~E_GjJ+ylv&NCDZ)VOS1gg{UX;dF}$bB;~6Eh{RMY~dH(q&3;l(Cu*5Gj
zyk~=AiNo)@6L`;;CziPVULfcX1Izr&8QzQKDSY*u3n!Pf`%jjv^sg$Z@UQ6&@8$9_
zCF}g_ZwK$S^6}8I$zKUn`L~p8^KZWe)&813sPpf<1@->jcZ^1VQ^|h+fj&6oKT^`{
zZ|Q^M{u8%=$9)GVy%1PYa@v2Uq{Dx%U(mhMOM%s;R|9L&uG4?vj?m@5RC2|CwGUX|
z4gZ-kePCnBb^nb!L0L>-bEy!}cf%Bji2(P_gyDg$kP`ws%8~=Mr9%Q{^tTtvMhAAG
z4{?Fvw?o;uKtox2U~lyEr6U3fw;(By+z0&Zq`<+_)WGPnDS>0S&Iq*j*Pky!X<A@h
z>4ZRfA7lh3m1YK}^uhGNjA)eQ1ll68{gzm)#mY#GE3*bpMPg9doWR-WIMQt=(d(+M
zN%tHr2%PVp+oHh5=sqEq+@zR7zV8#&7~mVE`7rsFFV?@F_YJmpUpyhPd}73&eJOOM
z_wfBPC2+Z{G;poVAGlezG$``^Qnn&Ei0gT5Wvhd+Wov`+9AC>e1`|0>mTeBElx+=;
z;XR;iM{qpHc8r<qy{tAkF%qB4b_FMwH3X;exXbnivv@Ab4hC~McCt?3Sa5b(Yj9p!
zTX137so;{bvq4AM`JlV(Vlaq3lJ_9q6L=0U(>|%~XJyxD|B1}=&0xG+3@&3Ge9t{7
zxY8XPtiawA*=wWLs9PsP+fyQY0r!dbMt6L09rw+h7~Iso&fK2Xj@KUhGVOUhHg`&}
zitF5CXb<0|g7<5l-&=4{-IuXv@qSG2iR{IE1;~CdwqAQIUm5Q4zAFsgV<Y=&1n!A`
z6C<)mV$am}#^}BBmOWD2CnIoArhSms7<(V>hwf?q2@KdR?{gDXbjK`$J1e*i*W6&W
zdv>r6K1T7wJug`AUKnh2FA45<JA#K$Pd?212mF@&i2cd!4mP`k!Q&i@+{=RP@C(fk
zB5{#zi}i4vbFZZM6!8&WFN$0Id?W_;@vUBd6^Sq1zQsByZn`Uir?KYif*q0P(VqOx
zy(!q~t_pT>zunt{SKQUX>m0)olXwhuA;DcAGU2(~#UQO;?nW(+N8-|rs5V-kG1gx3
zxO+Slha>pHSoa0-)V*K39tw=+F-6cPPDaN{j*pQT85Iw)_N<57aBQMEa5o1I`o@$`
z_Kh!}#^BtB*PC-1-^B7P)KSdxWQSJyCYR?%@)zH<^4ad|p$x<^$~$~n<@1nJP)zfr
zh6>$RLK7l6fiJgwAz~Wu|C~2)teaiFg!gFQymE(cVY%Cr5%T($lm~r|@?}1E`AT1~
zyu!Dve4TG)`6lFKTD;_Ek()*GCeC@Z90j^G9q404c@@V?^ed9vMe;C5PYebkIgFNj
zurAKWeCx`$alYf*R9@ZvJh$iZ@ZX#Za?V9#^Hr7Cp^o#$2(&!$7WB>qwcPI(X!F`T
zuj>ZqViEMt>moT?Ke?H2n~K}!W}JIP=U<$2Me?rb9E<zP&vKi{ob>iB@;~?S(2zcU
z)gFqA<XG<0p%LzmP!h+Y?s(N1N@crtcZJemPmy|V!#>CMM^}#!%Ji5*(;*KDWqaa6
z5+mB*JR?E{93wnQq4{i|p0tqMCyya`CWKr7*&_pfNO8-P84BY%J+wUHgX|L?DYV8@
z5L(~uf8<x5`JqboH&0<`i$@M^_qakey!S+actmF`_#chg;|=ZfghRWbo8pIOd8i5F
z)Y^Mig${VugpPRDhgv+9p%Wa7JX=C1J=;TPJT;+no}Hl!y#Fx}Cn+cJ><(S>G=;8m
zJoX$2-C#TAz0h+ctoO8pV>~CqX3W>g@NmzWZ~~tbJQu>Fd7eC%!sEET=W00Jb0a*-
zs}E1%9FXIGBsP0v!ZW<)a1Mj@VV~ji(D1O8=iQqSp5sjpFJL?Kjt&<ghS55D$AuN#
zOAnVq$E2{IW4U)qc&T?rc!f77yxMCGul3FeZ}ct*Z}t|2w|bTE4xV3cX}A_~jK=Tv
zhj-z+G~B@U;9U{k>s=i_=v^B==G_=>jo1(8;GBPWH;3E2Tf?WkJHlsCuf<$%ZTP%*
zSNJ09XFu^agfDydhOc=KhHrM;YUCUc*`rAI9xE5QjkmRY5Z4KML1%6;w+q5Q{~hHY
z?%z=^3YUBSHNYkdF54R0dRwJ!i*38D#<tV8+ty?|U^_zGVmo1zwXz;KX**+cY2}>l
zg6)#+s_llNS7H>iGJNhtB|%A6Ml0i#bY+q<MVVn+Wm~QmC5EBoC|0UNnR8Z|qb!&^
zMk%s|6-6mk{B!G+rOFCrwX#;(sBBiYDmxU#=2Z)|s8x0;4a#0ySS{4zpmI!URoc)$
z?h&`-d;CUv1Apzm>k?V`GyfxBL-WW(EL4W!YiJz4hJFcOL+{4d(0D-+9Kt<<i%J5%
ziQbEEqNDIl^getOO~yCTFXNl&{rD!Dif^J1;G5`!_$E3A-$Wn6H_<eF6CI0hqT|T(
zT7>aJE0ss_O*9?fL?6R9(Z}&kG(-4M__Od8;Ug-O@n!T$d>Q>JzKl-Am(gkXGWs=q
z8GTBZq)QTJ;LGUK_%fP>FQYT@Wi%UKMxVi#(HwjkorN!>xw>!ZUJxYRi@Fzue0&+5
zjW45L$CuG(@lA9N`TLu~T-_es9$`Mdj6R1iqu;=n(M94K@%us{`TJ&}NNg1M2usMj
zj|j5ZDgIed$cwMiT<V0du)N1s<%vSNJW-x3Pm{CcTq?8WdGbPeiR_Twa!_7|a!78L
zkIU`yX(}CZr`#o9k+0hXo5?nWi@Z{<kk`qZ<SLYH;A**!xL$6Q_j6&p(T^p&d04ZX
zIJ}=NMo(+>AXyLFib(UHPS(S=VuGy<AWM0gY>2;{4<zfDPd3E%F&OqS1YgVVqH#I-
zH{Ynlk}Yf?dty6?BP*yTdtwV1F1$|VZdgD(EZ`nm|3hTA{8fA;t@-<8VZ7@1V$~Dz
zC43aE`~@KiYn-f$r8WLCRyPIfdOub)Rkui2C_I1_eUMhvEsW6xX+_iUt$VC)Ev@1>
ztm4C1#qs#E{fO>OU868T(8XlLWcI8_afLXnxT1HFPs(SC*A;Jy6!~0nl~%U(F7k!q
z>f$=J$d`)ii|gg9RMV@-H*EUiMk@QM9O7b&v6<=GTzouIY{QG&`xaXQG_)6=)=Gz3
zY{|u)#htbo;;z2MHoEvq@%2cN1#YVr*`$>ry^CvvD@l%%M?{J%RZh}MYVYDolhY#a
za!ruA2y$BQ;>vKQ$Qe}leVJTbnX;Fz)8*_)QI_=8PWq=qLu&WTN@{Us%LQ_QOCp}%
zx3~&ue1(xhPxbuIr4>`}VjE{mr#^)v#WqQ+pVBiEkz$)6FPB$!7ivZCSaWN!<q)j$
zdX!4J(l$q{UtlYu>z2rfsGPPb^7g*PRw~y}*(vYlV)M&QYOyV~t+1_@574Twl@IhC
z3H5m+&C!wW(juSeE}3evZD#wnZH4Vt+jiJ$VPm^sGYzn)y`<+L#=FLLj3n;SLFiXC
zk)_xguu5sJ`L05&Rw2*6(#{iY%dxeR@2s=6k>^y|PT9`d&f6}^UfX4wt8CjfvgQ4@
zn`H0pil_|Ai6>j`Qeu^OC6TTvG@~7|m;N53jF$_QiOOVU8ugg%ze~x&tnF8FmE7VE
zZc$vP%vR=+F7{fC2rX4#VcYB|u2&Yy+m$876^euEJE`3!^14pNP0~6gs4Oe4QdTMz
z$~t9}Ql)HzFW0L@saERPUzK`WgRMbnRQ8j%Hme@198#L`HhPnCoO;vFKB=50%^gao
z(xqHcuG@v;D|VCWf9!#>$v(s$N4DmLy_x9l2wLY#dy+j>-f2&>PoOoPBp<M6$eBut
zJ<~qjo=vm9hE~92m&i)l<|^$4ROZX;?U||tQo&lG-FDav)!7RPvb^0+7H{`b{Rw;6
zzTCdbzQ(>@4%;j3TjcdhynVauwb$5pQk&iOCi?;V5qpch5;ktKpMai|_A~Y~WW^2k
zbM_1NOZKbw8}b$|#dQw7eWxP^wz}JX!C{u09K+d8i4Qmul+%u6$7shmN4hLICdo$}
zQ^<N(uq8TXIC30Tvfv~1m&vx;CChOxmxF9XPI7rE+Ge`K@^;tq;x4janWBKn*+`Kh
z)wQZP*R`fNNTY4CSGv}_D%r2eW@xrtTU^^+HLjhm-L59GP>LKB4U*UfWRvTF>j1Sl
z;@V!^<(y_aM!GoO!Gh5eQ3e*AB2RF&6kky)C>oxiJ2JH!L4H%<I!RI-&w`w!1YKub
z=j_{E7hIP(3d(Byo4|90IcsuVRoY!QO7s-xrmL~8B&Nj7Z{s(W440*n1de9J1tke3
z$t9yp#wqb7>BXHTlhnwC*yU2%OQtBx<R<4B?ula#X=mGMax8EZ$tH)wg?gJp{Z4h1
zvVA!Gj-__Vv4ZZdhD}KF8pm2H8)?P2I5s=B(z@+%)XLi(yX<L>27cDjAlEqdlHC*(
zw>u8nGaRK<_BxI!ZbvJ<F_p%BRuOGy<pM{W<CNp9<2-p!hvTB-vTa526*;qblRZ_L
zr^HjwcH+)8$4#ebPjwD*#yaDjiN&XB7pRnXI(EntoMW8hofDTFv$fGq<F#FLPL?xB
zbEb0|wa=0zXRdR$bDnddbBWVIR+~oF;G$UXb-JBF=d$9UbETZ>tRO$8xa(YJ-%TSN
zAy+DiWFwoLRdTj-o3q+kP2MAs&N^qke2#2q4b5K7v*(@r<yFo@&Sv7{&UWW%=OMYq
z+2QQ8yPRFlE7UsPdEHS&sjtbN;S$JKGF(GkarO-RC1g_%|MQ&r4|mQ~1ULQ*hj?OP
zagv~0Tqq1*oIoX+%IL+T7f1`F#p4!_d#?St_QmOo)A_n!{(||>S3F;Vx=B=~ES|Dp
z)q+)vXHdzZ!p~(;sa#OG*t*zC@6nq#nO~xJ#Nu2d;9R4}iN=7;SHy|Nh_j3dnePCc
zWnyra8Hn@CV4PouAoDdN^Bs!JHx?(CVK}pVNzlbEi7myL@ZTU7Z4`7xwRGJ~*InYU
zS+PYs?gY8J=^9T+`~sw?$UUNB)|flQc*4YfFj+<J8M;opGvr>NYnFyw4YO6`W~<jc
zJt2nVd4z?1kvE*KOKy+6WWs2Y9U9z(U@wgC2g`b4<==q{!n%I2sUN+Js$ST3XUONd
zuO`%e0qRxcPg60g@eZ+{aHt<NtH|edJAP-#=e2Fua9Tr$iu~E?)tW==o=I{ip{p<Q
z*#@rM9{CG39oJRl3ItOx4Cx1Py)feMKoTLfAEXf`^n;9E$h<S;S?M}m^^bl*_wwct
z7HI9HJ469tem|J5=~U=icxT8frK=nTR}>;`mTK1(gw-T_d)^g|ytSGfzCH3b5;phJ
zvAh>n^#gu(D_z&nb%%DX?Y}=?i1mcZez1kGy&u%vio9J#J@Gp_-bUhOB#t%o#FxCi
zx5kfdJBeP`$ht)4=wQ^`9=o+q-7zIP21I-~;$OUHXf~fueYnM@3)TC1t%NqhDK$p$
z{*rfIt>-c2T_jvCLVPV+tH#N^n?*Y$u?TyBG^j|8?@LsBmv~OJ_$<+$CMBxll~UAs
zkjAL-l65j9)=Rb^QCyU0?j-7i#Cm6I^Bb8@?mzF7kv%LoYMxn-L)F3eB-$^epw_S6
z>(pzFy7!aFI`LS!FU!=vNh_nCU!tua|IOo?t&OchtBa39N<ZkmFHi0V(~5fb*Qh<V
z8}p*jdykFmm;ar8vZCnLy>L@e&mI`H-*v|<f>ftnY2T6>wR(yl675M6?LiXlKhkln
zo_v`15BTja)t@BVXQb0=ERs4jzlivO78hY#&03suMfu2OHE!|q-7&DYZ}sx4?)Vb%
zt;<^fyR<dG67_so^*4$3CX1l<+d_Mih4-LrEhf<zEVKt%MrhC7F8=h6<NdXX^tqpS
z+zoFOzUW=Ii>GUPp?92&j+I-AdSYaBOq{MgTdCd4RAY2L*-!o^6`b4fdLyr?((1@o
zEIUc&IHu(<`IH-33bi;!YnsnFQI{IeEIju-Us_I(U$4b7-v0$H&awT`9-UA6@=2eC
z`kT-B59c*xXZfs?^O#O8eroX&&rUAt$(v61#8K$dbfAx2YP>|hddJ~jF}OR2iNs+Z
zC+p(-WK;Rqqn^K_jt76&X?{Xun=NQ{)lsPL2fcH_=6;~fYwx_S8=X<;o!3QjwEs?S
zmQ-|W{*_kLlXpesSlm}Uo7yuceSC}j&yvyCuPm8G-8q(p>Mhx7EQ++VNUB|13N(9)
z#IgOVUs*K&vQS*HXntoQAG3s2MEjeC{fg^XY4*9ksBa!auvBW;q5{6h`nPM>njRly
zpRmwgXK9M^KWb+=p!%DI_Gn8B;e@*PM8M<aGZxPikJ)mPa7NQj<FK65#;LWp(3#G1
ziEx#0qX@CcswdDH&T1wMSNA^#;w0q+)&xSb8jr1`H9Muf&^nHgPMD<5mvstZhI&r0
zTGe^7&QaT2Y45NW5fn8C<oF+n%~sk2tbPsY>ORA^ZC$F)yOnZK>uS}`tZUVI<aM-e
z)b4H8bZk{)xs`H6E9Hk)ial1!$E=ixSt+lwQa)vERp-~*ro}NH|0(TyR<#E!<w91<
zfvmJgSg%Fd551G~0W0M~`IHOg57O$jn43@eKz_Woe&i?lG)MWA1LTj1ven2rAhJi1
zoIhS|lRr_d!+)6(V;=m^|1#qr?~9q3CLZE{UDY=WuL;6{WWs2|I6^vM5@AZzbp|1a
zU?t2UEFcsS6hbM%PgqJ=L0C;#OV~)*OxQ};L8#TRi_k#WOE^e4Mrb9p5l(4+IIF$$
z{1;p=5-w}t_SXnE1tCTx3?js;eT#|Lu8D*c!WhDMRZsVIqI#eE8Z((NO&xPg79p1~
zn=p^Ckg!C3UyOs`CImJ8%Lpq86@+z!O@u1KHbOO_j!;i%B<v>~A~X|@YuEOu_NNIQ
z+O<)8t|RJxC!vdQg>YRUXC;_=t~@^j$&&}h5k?S_`uV%}HI<M?m_W!-=ko8uxLYwW
zQ^RyZHbEj35atsKwR*nF1Q)?e2uD4?T*E5D8Wnxsu^xCWZ(Ck<UR_>&USr;V;80$(
z$&`0IuRZT{UPoSMURU0gyz7!6nWQ07oHRm8l2WOpNfV?DDN~v*WlNG&AkCKw`Jb%;
zuN21L%c-oA))3Z9mC_bzyHu0cA?=iQOHI-N=?KswosdpSXQXq|1?iG>Rk~r(TVgC`
z%WzAACD}6CGR~52nPiz_nPJJXSS@ob3oJzz#ZqeVTb5c@SXNusS~glXTeezuSZZ;9
zm!-k7*K*Ku%+hLUvz)S=wVbzHv|P4av)r_bghAF=YrHkln!+;v9%CJEooJnGokk^#
zN-h<?^4~1arow;Eqq5Mt#Ok2prV_L+v#zvOSl3xMS*xtutku>!YrVD6y5D-p+H5^;
zZMUAbcF@i+vfp1~5VT)nh`}#048kul48boknDI*tvG^s1IQ$aBaQqTOJbsDc9{dKw
zNV9AX3HO@I&1-~*&A%}36sDT%&2I`%o14sU3A4<H%!h@1bF=w(!q?634b=(H4mAuF
zg%v~1Lmw4Z;#V1}|3B`TP8X+h<G)>L62=O`{l_(sm)}obeLs2g{p7{>lNaBAB}!(H
zN0T$6E|t7Fb%<J@8mD1|2J+feYM4r1n@V1rnxVE$&D7d+9eG)5wx&zc>I*c?*WSzb
z3e~?;WnpYy6_sd@Vs2!git;G6bo*7_X=w=gg}~mGR}cS+_O1*`qO}@|U*Hh%+Z%fP
z_J+Y6Hire#{C)FU!D#-W`A5P4{0_$u^UusRv<|PCUl&H18_j!!Wb*;@Z-f-{G4pSQ
z(L?n^^}?8;#-T>xp`qzR(}lGE$J%u_pA(-VUTO3Z4~A@oJP`7uT75S0M57<|MX3KV
z<h8`<#@8WdLsp-C6tWf1K0-X6>p#0DmO>9dI|%xd#m9&j7@y<+4$8O`_0x&7i~-_J
zX!9z+_p^GIKl=mvP>K3iAU_74i1$9GG3%LW^x*B&A@kcm7srx318t^&pVme<7H!JV
z!>7>yC(wT{o?>~R;VOES$YZCCnC8vMPmRK;=Nn6izp7~)3i)y9=lUV2$u>@f{1jxh
zWd`0$-gGkt@(jp>#L1}VaS5n@TB~O{6LJ=KFj{6|e*QyzlH`YtPV|2=o?>~h;WFBc
z=b6EJ<r`gib}i<L<spVYqgNw|hhs!{^Ssg6iy(7L9oK*M7p%fxFsnM$&jb$;Yk1V)
zVc?nI$Ix=HI0-zP_$xeieZEoVf6X=)5`Txsq7Ooz3O>m*uV2n>bb9bhXrIn(kkRHP
z<6`1!XdA{gy7ySteS*6i(Ee$({~_ez(DMoSEZScee@FFt@i6ghv5ob!tos->viKfx
zCbto;GV5}{e+BPjHW<+I8R&VI+v`4nh8oDf#NC-_|2f*HK|T*Y2z~?YKN89I^ts00
zkPIKun~ZOfe3R>SMaE|04v}n0pTKQ|kBl!8|0lEVyjDYONQa&Ta3Y>925$i0BYuv%
z&y)P`%=*)i_kxduUlJGa>X<$v{(;5~;9776xQltf2zuiU%=VjT`KF0~$7K`bsbG&L
z*Mcj+{OmJmc@=j%xW+IDHM>x=O<i}EbrUsi0M~*mz+GT|>KU}(iDw0Hy74E(Sy=bK
zqUNZ^JeF$6C&3prxdB`Yt^jwT<qSGaq#7$=V+!%}X#W)WQSd<U1K<td{{;U=;|6do
zxB|?Y{|{#Ghup^SHn>@nd5oXn*|{3?vvH6UdAz!hj4dRO0#DZDSHN!YBJg4GMbdc>
zR{t7W#xd(IX#659>L6PhYHmV99BUx?Fyt5EJ1yYDV6~=++B}Y4ec5;j7RVX~GL!5E
zFG9^bB>xQ7bryE}8p~w8E$}0*FQGGuPG?~orv9ko;t?HX%hxBOCJ{A>=wTwpn27#J
z+!M0)IvVLxjP%>kyc4_uyhqc(9_NEM-DA3&Y9^sR0h$w_IRTmzpgDnOkGzug*P`WV
z@Fh*A_PVXme;nMU$!^3ej1K%O%vdwV^2Pvuiw8UvRxPt^7=)T?<FDC%AU^=hc>wY#
z(^rWnFw?qFZ*`~<K8I!rcXM%fFYX@4-97N}dU)t)a56mNQAF48n8pylfcg&+53fMp
z$or=5Pl&5`snM8Q3RjIbs{axq>MHOzF=NZnW*mI*UC8%=YqU6Qr+Vnuj|2~39stWR
zy~^`rL{t}-^H@wRESsibTt9~I%kYaqu(W?;7IWc8*H9DIyto41!8#j_^~5FOPL3xS
zZ!5;~5?bcN`@U`BXnz;vZ?H_!hU3X>)K_Z}iREEvGZ*p()pODQPZ-M~=-deX1MsdN
zAR={uA3?A3jh#H(%(VM3tCq0Hbdq>0T26(0743Ivk&wN9i5ktg-mn?-uo-ucf}aA<
z1rG#|8juaH!`rzg#8yO6h2<=8CNw_)`EhN>*-G*V_{BS@Nd})X-OHAP-Q-nx7XLpJ
z>vVImH-&ho(5+-PUWZ3q<EM<7@bS-4BY{W53$CyR!#(h?;n>S2444F~V;k6w^%BtX
zBY51C?1N<OO^75aABGq6-5I!Bj41T4nzwTOc+?-nE|$ysX<gnzBxH-4fE}|QeHexj
z8F)m7XVB(Ps5vfD_NbeVnmL$<3#Lzrui~jf#Hcx_IghCIpy^%SdAaArYD9ezv4!8Y
z1H1uz(DWejZ%jWRo@%o2E{w=?8h7_<>_!h+E-;P7-HV7S9E&ViBgOO%_X@pzg|h|S
zzaeKxz`A^f`q!~)qnHJCfA8R2RBshof2(LF?&R!FKayGK!W(@UuNPz7%5lK(C}PM%
z%!Xu<YV^N_=9kg(C(!)AA<u;77Fb0K>(u3NZ-rgx^9Ar+;~=W}EAo)p(EKD;Dh+yC
z)y#ymS<0YTUJp-MgS_s7=s^G3R`18%D)jjsyz3okOW-kzzvp={Vm8E2nGHd#ay)A@
zyvwrqB;+iNv<v<J6cOxG_;mt$`w?{R<sKR)V$=h*-f~Y;AdeI2<f1!@QNJltzAaor
z-;Uwg-DopebaBMMQw5w4>kABjA>JfDO`4}*1$T=}*tYdAliUVvA8O3nUWJ~=wOJBL
z{(zb6ZIr<ID$Rgl0OsN6c*+Z24@>A2dG>aq<`-D;G0^rLdMH5-U<O{nY){8X9eDOb
z@M-WY_<je*veLK&@<6r<-bn?lm#`H&OTb0wZ2@$ejFlWuG|S}i2Kc?g%V=}ml*(-U
z1pF>|AL>)UIi%sZnx%6~+6S2@8{b3BXE{sF+o9(j@KNYF3Oz@m=MQKvqrJ>EdN*n^
zQ6s5&KFhSzeFA<Lybtv$kh%R`>RAA9*{3qH&1azJ8Gcs(EaYcZne`CwLwyQ(6lxM-
zSBEi^tn&kCy8^BO{}Nm$@_s!NI%h)XOz4~moim|xCT3|SYc`~DOG6rF;2<;{g!~5N
zH+U2@t6R~3=3lAfWtsZ66?(SfsZXGRYbK$epK8qBu}|ba%r-s(FXq*GQRF@JfOekZ
zw;UGR;mbHraZ5ox`<%mRXe7=}+2G$o+eqlY3T_A2;n{iMEIiwY`VYY^BH67eg~w&8
zWfmRWMr<|ip$LF?nY>2c0T*Dd+?avCqP>}C)l>_Ae-yoa2X^uSc)fPAdk?E~1UC5|
zR_#5^4D6G=k7i&ruaxl~;w?Bu>d`U@E#HB>3UAL;?G0=33$8I3uu=xpKZEukfIkJ-
zfREt3Q)4=hw{Xqpye_o9ET7jHYYn+kwH&S?OUS_r=3vF?<SxjD-_sd<f^jf$(DZ#e
z%flZ(`@pz~+P{pvu9@dVe1dl(v6yAU>);=uzJ{|$@l`}iw5R-^^SAr(>@4JOPPBZR
zPw3)Nj@|~GxDC%5DF%wMxce(S^)u!H_o6-?8g78=(7q6MvYgk#@CMJV;SA)N;K!K7
zWL_gN1-4Ov_HV(W-e)%MK%2*46$#wZ@I9>TUm!bh_aWRJ0c)874eIH>4xEj5O-1(d
zD)z)Io-xA**jXwNEe~NgIl@_uVH@)2b=aG>GaHtn<~zuax}ax2xDEU+_<iU(2W|z2
zuxGuGowt$M_%`I_U^TbDioNN($co1zKYU-48^E>T3NYui@AIkCcmebO3|bBWKVkY8
zV)Zn-47^9<T5tuJHN1|N$hyThxQ3W(tXyMU2&-6ttThCl1%3%<88<RdFS6V$<lEJp
zg^HtLMZd-y(cVzO5miJDF^{Da`XA7^0bC2N0FyT3Lws5{y#>oTYK*6+21DC6@M7?L
z&^a74P!734;|6doxB_>1bmcr_;y#uKj57TMJdgF`DN$pdrFWpej%UL#71`i2jb8z~
z!HdAKD9-3igRuJFK+7zSkj4j$M@jzJ_%`uRP~Wbx8@vd782kuZ9qt}M%@Ndmk27Jz
zYwV}GZy^Iu0)G`8Le80tv)dEMX~!XFUI)7h!EV=aeyGoa=3hZB=Ui968-4pD>i@`k
z#98S78LkoU)%X>#8@ve2UiKjOO1zKH>878nmd}2nKL>4t!P}56tbjKS#|hm7FW7>+
z?`!-D*bQC;K8!XrpW>JKEylO`3otRa!P%dfW%WD8Rm{>UV=X))iSMe6^Z0o_af_W?
zW8B9*5gQ<X3|WMoh-kme_z_k?Wj=TRJD<C0HrOg!#TDoqTdV+i4|=`_chy)r1w7a|
zoLJ!XGLAImlf0eljbDZ({}EiSMO2PIdl6ALpv@Yz{{{T+FYu$mh^vzjhpQm}n&U9p
z6+LA<fOR<nosEdJ8=<)b+Qvd|;4`~eh`VmI+{+xZk1ad~XEfuFq4_3T%K$az{|={~
z3V7%Rc+ea04xIGKe>sNy5*mIEZG!k6dTKB9yvcnNaR#SI)rPg;owOJyZXe5}p$psw
zzwQFJ!CSk)ZRqW<NXB<du@SR$gEIlc%ZO1&!6N$hYd(pKKLz`l4frl(Xg00pT@PNo
z0rDGY|0<rvS5QL**O(NJ1|}!!-$whh;Ag?xOjnr)%;)_MZGOg<GvHpx@!-dx?FQQ8
ztEo7M_XshLzsQM?7!zPWEbF;%#*4iAVjO&Dnf9&BgT3+?+X>f;A84m_K4I131oQ;_
zdM57_1G2Gp?_#B%WZ5*xco*HhhMj8<pO?vcIVQ~Dy92VZzieY~qIlH=K8(231m>MI
z2j}jws6T`HGpPR<_2*FkKI#`h+aK{3^<1_L`(qn;55L!VmPcg5cWgsFPU73K({09i
z{5O2=rYN@vGyEy~%yH=nK7*U?g4cJ!yZ1AT_}WQv<`MLSxfOQ@BRd*wdJ^&QGx)+Q
zh!}i#Ik-ZL9{kjMh#PP5d7Ro*p}q?JN4zq<Kym~6{Iqy4@&95LlQI9hFw#F@b%JO!
zS8K^NNjMYzmd7X#;}f(2r*(sRraOr<-7&=EZ(<%2vF;D6r*Bxx2qVQJQw*N^6nVmH
zd`>qyL^@xH>kwm0@oXucT?@H}-=+Tw-dKcnc@<~F@8aa!244^{x*zbFT^x%ZK8Kb#
z;Tq5%<0{C@_{?r7gRHhGfrbq5H#lFSypjEJk9ZI72<Y2~uyFO1{WaLYOpN*w!(JNE
zeAZ*~gO@Uk+r(cYX0k6l#j-JM45L>(lLcraAZqPH95eD=gOB$wqYipvG4p%S!=Lea
z+;9r=$9#%6JPLUxpW+Swim?pko*3af;#_eg)oexoR~SAfe!)OCAYR~qUo-s_IpOns
zil@<Wf9~b8ykQM=`ZVS_ybC;+&+o=P;D6zBgyH}4*iG@6fgGI5JMdH?pWh94L*9?O
zSJ0n7qlfjV{}24@PcqMpX$;;z1-uC3b%8Uq+>-axk$9?w&+_`;^I6{TUChr&e4jjv
z9zGAw!RmYu>o|*7jqH|K|4Y;)qMubb#cTjiRb`w|Ho(g^;H0yGPgQi6P9nw!kx?H&
z%Ws3<Fn$M-kYzJ?mdemD3mRrY!%Vd7!dY)D*N9_L^B!ud#4vxUz)3k3yc*}_uj9P@
zb)3SU!1?Ycd{!b$p!RwNE#Jo*<B@qj3~dkdv*HZMFRF~17g-zeKGdgx+`Z*fT}{+I
z_yht35AG1$-8}?%4esvFMJ|%y5Zv80xLq8AySrT6T`ziJcz-oB^?sPYU_R_RySsMx
z>2qpTb@w^D*OE3-E=_0e3Yy`U5Wpb>eLuvSu8DC(dd&2N6up^YPxIpn44D=g;M?F$
zCG(|nXIkPb|LUI5{EXWE_NUV=wz*uF=$&&Y&9165)qyEh@eBEb+yx>SCz;ZnKS5w$
zv(ey30+lSaY=RthX;DH^rqceRVp3cYW&+iol1%-Q|Ilsr?dyiu)S;U|x7(Xg>D1Gt
zmB=o^6#oC1+eGVuAq8e`^{_*DpUw!VU(Orx;nMEz4IEogC4z-4S_%eL<~4ae5;!^B
z3lw+W0Ap@OYC{jXw`FR`dJRXR_1)czvoFSyTvnll9qXd=UD<)5**ul~`e(twWIzN*
zojySh%;kJrgioUyd@f$^fivNTlyqHhpQCo>mrbOXBg0hPN{nF}X`zoCcTdVqnmbkg
z<UJqH>=YVXjBRRd(2t9JSKB(DF`Lp{SxlV^1Z69IRYxwf6g_s<#Q59mY0S*jyQg2B
zn!9A0#<+&mynj#b#~c@DR#M~Tzo8FV3JZnkE*Oh6=xCnOl$=D-mgGAH?<0@j_%UQ=
zTPrE^g!mk85RKgkWQr(XSfXoG|2tIJBfR6!#os9Laq<q|AT<p+$wY)k8YX?W#q%q0
z;=}H&+}!OGxsqG1KZ2Wbl=PU6UF1cY_KapW3Rb^nOVSmeNeV*u7Qq6hN&ab=cA9&j
zi?r-@Dz7-xYh1m>T*yR|eExio?Zr!sG8I^{?QCJ3R8OWTPA9j9^@Q;##6&Rmtk}Oa
z4<(oozw)&e4$o3PhWElptxAir22e`B>CHZiJ)#zO_da<wEbD(^m3|jzvLh=g^d?ZW
z+oP~ukla8K{pHkqt__kD3C@z3>~+<FhMJmzs{J*KM3=|J|JJFRGxQ?;Ma1{GvU((V
z_87k1Lb5M7@)*w973Pxa(y(yDW%{K&H;QDg`Yckmjw%9^J9SdJ_;B@##nasPK<|h7
zo>;(6K^7)Nn#siT(`KJ!FY?ZTr}!g%2M20!eN;<7dhH)7<?`>QprtxCftW(mGtVi_
zVF(|3560FSrP-UQP33sRB>mNGdQ0w#OWJeep<9Dk@eke^Svcy(4dy1c_6J0NYAjBk
z^RloY>St$qh_9>W<zlylV@ysKJH17Mkitd*%4Uyvz7)-h^nO1khY6S2y2@RVzg{F1
zs(P^H0OR)vmpRa18dR;{y)#-TkhEJTnm-+IgXnKoRN4cm{SP!ss4Xd7dKa$&Dt70~
zS^GP97;$1(=p=Ke*%#zon6lcI1PF@#r&soq(@~x|H|Vl2*G$LZEn$In88%+NVq-(%
zSgnN&T@hck)!H!pzgwKj2+O$PS8iRBVQ^i#qK1|fFn*9nUoyB5{Edu1Ove8g6k(;|
zz8vpH>j+`@+>%R~-l386RZfJAVijFg4(-uiE0?;wJ^Qhy^j&ta{&OqLjb?QBlz8+z
zd<*xYR*y2y^VMhJ`7=MbF4*S6*qs2;4q`)u%kcf-Qh)U;Hb}$F!|(C<GZRGzN=M}$
z3&~<(WCAn73A^EB?d03xNXStt=Sfvkiq+ZLpAz82N)nocXh?Wni9PIIs8?B@3y;UN
z^yvlGBc3nhpE$a2S9A%cYh$|<e{Is6J^AFBz1Xlq(?8`#BGy<)b%7M2_#X9)NYp+)
zlXBF9iNn6zUFEg&XGVAS8&=6GKhZ+F6%9xmE4Q2p@*eW^W$zU0@Yx^@UOi)m?abt_
z3DZYhXaMzEe`3YYD|ViSLO<C0sk8`*V+DK79&1mEHPj^<vY!FnW-BIvcw7JBpUX6D
zn_XGn1-WlHSaE6n+t|CUO7j0=6ilRpL20H_h+#0+rt-&N%ssl=W!yfYl@5U{@aL9Q
z+$&;B*XJ7g;xFDTLQ!Ej*Tm%t_Ces`XcNI5(AQQkY?D3Y?fsRYRb^X)psBSj1tvZ6
z8p?N3+V|837Ny@F)5_wGq0sEdZ6rD!j$k|Y+K9B&AxjbdptA?@E<Ev^h%PMG#;`=#
z5rVy+h{H{+J+#H<79Eo9D-n0M69psB%=n~{^$(m<Q^pv@w}s(#x1Q#BJ_LqX`<Q}L
zgoCEWgn-xwXE4ErarcDu9HtY(iZ`xWTZ;87&Sb17N)xT4$bs^7u1s|=_lI!szqPI1
zI^ty9uO`W3TLA<f=q9(HKa#hAIq{@h$EK2dfDvBb#@ijI>^sGr?GDtR!&o;05#AXF
za-2a<6{0&L8He^gvH4wC_oSYwzHa8a)PIgA|23<Q{p7i%yhPS=+njjt^r=yGpPt9_
zTg+ap&|8+Tx!-Phj`-4Q-=g(WgOa#?YuFI$NsGo91T0%nPuCu~O-HJg;8R%QASGm+
zNV>whn1tLYmMxy33-;D~jfLWL?4Lq-rX&G{7wN-6_fF*sw8iJvOQ*smx}z`_TV+i$
z1l5|WERat%=}O?pXN~?2B`{0Uq6W>Xx*e)M%+NnY&2DmCGwuU}bCvUMk<_aVjX9wi
z0-{djv{FKEU5oT+ONtwlCUkVu?jHna&6meVXH?*+x~u|}!*8*_aAxd_7FjF`IB)Q^
zkpPk0U0Nkwqo7KNCTX#wQ!&Y3l#&@NI~WVo?za-mdUh%99vHd%35eA1ST_jo#)*y7
z;1Nsy)Sq#o+q{_J^$IBO)Ul7&%DUOb%s7`%Q&j<^htWA}b|Y-Ux9`Qwvg5E1A~LlU
zH?)R#Rp=_qw3$EPIPZts`bmKR%F-UUh@Lsy)`rS&JUTOlnQ<QafTb{NH_1+504_<{
zxGeLVMgypfekyMAvJPq<Q}hNij$1uO?UCJO6u7csje)#|)gC_YO<Y0$ZK}dI9QT2~
zcmJ%!J5tx_Hu9N>|K3f;iUK)Z5Yy7EC3`AhGZN+hOw=ekx<#zM*wE;$S7X-`yCDvz
zjkKul<CJp)d*h|epdGvKW3V)Q8kp~6(Q{}uxT*6QE2zovUC2erHb6o0)&4hv_GO~P
zYsUk+pAEp0gX{^ox5IGT`8vO6b7Z9I_am1}Br)q?g#Z*Nm;_+-)kz-~50J3=@%UfH
z>au>7f`7Dy!E(y1?XW?-ph+tM>a%kc$4`P*+~Uh#sI~Qgf8;u>_h<W9ODf_5l%p#C
z#98Gy-sxN_9`qi9B>&)7!W$(o#12eh%KDJ`=nm!(&mO}oc_t!CPL>xU=8fQvxHn(8
z=6r8lCvf=!${6)g1;x}4|H!nCXkX-4#!B%jE48<iL?Mw3lH@*;TDlC%WGrv%m~Xix
z6BrqYGYaMQHK7J30UZWd6L?K(GnM36iF+5;i?sm+jwOv5ALE>8zdP4p8tUCp^|giy
z`8*n8V=bgb4y*QuyYb<GiX;n2&We*{GQ7RMonm5bQ=H|7GH&O7D?}?)07m+w4Ryhj
zhI{wUAlwYiQ$4uWZ3a)s4_lcK>@T-Y)4LhYw((mWl@63}lWqh)9mQJBH${wNo{{Az
zabs2&XnL$tfB>eA7vbAW^VFbid~IY=Cu4Q8_x`yoaq!BKjzt8WmQ!ApHMM4pE4t`d
zTpibgs+}MYdLNy5cn--|3yyP5YR!hE9z!nWS<R#{MPuaU-))R>MBDk~>o5V50q71M
z;$7IHQH)}z5hdC&eN$BC6i&-zy*AEl9mJVs1FXhL<Zkqx7#yr1A!bOBgh&X@YdUUN
zK`ex8(HOtVQPYtks07>Gs@6PYATt8M0KjQL0G@;fZT)c;c(!(u0OjWEM0MmWjxdg`
zvcHr`E>agPU`Jbv@YtNu7DgQSeR__mg(;d!5$5D4%vG%!j&x==R}9&c`aYHDsdCD5
zhECal*=OR+?Q<}X`7VKXccx0-t|=pe54f+T%?g70yIOvJ!aCRD{03AF^f15tfpwnM
zUPd%Qf9sfDPSt8&6IjVDNSe@DzCTJ_PtkMFC<da907TZ&(xcWjpQ%FJy&^y?1rPMw
zoI23S3Ql`CPr7r>$9j(Vu($Bp;HytuO?9oh>92%iZMDqB3vulfp1rP|gm>Hc7JoTh
zndLS^US_5vq1demH(!=XCuH~}2&VPiXo_>cIpvAU+LH!y(m}sGaqnecVR}*fNSPy-
z6M5?)T?Te;rE2p?S?WW0bvqEf$)Qh3j^ejW8*S<p1S#^<T9P>*Kd#uliJovDwY0<9
zhSZzCWHx-zXReYx5#G@cYbUgCmnX%9bZ&dk`@{kmXZy+yqj<BB^wd&S5rFg-5|*SM
z>Ck?OmM<@*+j5Vz`1foX*Vg)dCa6Mekl?-#LSEYh*w$sI-UI5rhT5ouXMLF}VmY_b
zY2`nPc0wI+xAcCW)5lS?Ow>uHBnD>#Uf_%Guf@&B`H!p$X@OX(XzRb4>G}%w4MItY
z+{iM{lSEL`NyLfI{(Gd_DDbw2(ffy%RQ=siqAJuG`4tB${CF1XOYeW=9jJ+^SVtU|
zD?8jjT3i3WAjVbtKM=!|)yu(s5i3ajf%T^FM|?)Q{nHAO)M;RrviWpUU?u&SkZwo1
zb#w#i1nF5h5n3Q?@9|Ng0o;mzs3rT2k1j116M-W{^^cIO1V7pTi!e*T|AR0v&Hq7I
z+QSFJaDvDE{};jlz5fegl^1aeY-hnH%6te!^#W0V1cTuj1@_F8N7|9EKpd*Wb1#{T
z;*`YqagRW#kXSWMgh?a@_5XnrI>fzr-4x*CZPcQFSHm$Ugo=O2?d>D#I5lsD2Ed-e
zVkvT$qac4al;}DjRaT9%9alaYy52BIu=<v78%R6tsY;{C(C4$P)h`|(*UXRz8wc#=
zSw8FS^Vhw^7F{X3@RrHVO3R!kMmjAg%PH`kQco(GnM3Ew^iHYAfU2EL?xv4?wFmU{
z%-mv;G|_L3^jRQ6*K!Bt^a4xi7#lSrHPGY=KP1p>6NhO{e@-9v&kLT;Zks!hOt`mv
zS=6wk#Xi0*gGi1o5V_KJCUP@spiN3&DA+LWJq=gX5r<|4t!K@mmp7p*mJbtUMC+W7
zj4US=X!<QD&(=_=>3(`*D~{dG7kECL=9R3Lx50e!*#j1elo9)4-T$5?XRs2)CAq^W
zi#YI@DaEpjD=o9<WRQ=a%|U#~=Z_lq>wHp5*Dgnay@Q`D;*usfliq+kHDg_l3i8;d
zlS7ybi};v2O6PU}_MsF33O1koXODohqX^Er>jCG=PFzlf=?FvL2N@|FD%^4F-MG<b
zP)1I$x*5DKh#ti5l~0M&73FlorgWTzs>ph7ROWe`>WJ!}Ex|fRdgTEPyf1-ER>f79
zKM|R_wW3#oa>uUTu{PSu{OU2EUw(pUUNWq7n$Yp2&UYGqJu0YnI%#zp$i2t13Y>8>
zAD{oWp0~|Cl4&;^Y4%xm`Z1@q`we*HopS<<(6B;j*sWj#-={RX1>5q;vCk4Tn<E_{
z5YHcNqN8hsJ=L`&b68nDS}gHsqn(L?8h#_1u~J5R#7pOPm1uhZq}=TvHR3v-o$tC6
zXzkxL6)_oQ4G=<BpPAZk*tB~_;U69JVtPr-rtG&OW2_S;^ow~GcJ&idpfW9vZ&$0p
zh9K9ahaC{^bsY_1rC$#>Tp3|J`Psvpz6)%;1rD0N!>91;62_F|M$Lf86Ln^8sDu%d
zM@*vHvZcOdRdV4J-Vdz%C1;PEjn6}~bai%W$qzI-Gx9cT?tq<>;MlvrG+Ah;Skc9I
zRb7yYDf^^_m&X(_dETCZD@LZw-Iak2NL?V8vL)N>*9rTxrGk~;La4b`g{@!S2%zy^
zB_$LUmV8wTJqLu3JUkO7?OvU{cb(aU(G-)y2Hax>oiI?sW%Mat32%JKpvR8UlT29_
z4-?#+A-B@uoVJN;q0bX*)@UY1nj8{l4E%ZQQ<&StuOC`QB;&i>w#PsbtwYt9Gf}OI
zu$blUnEj@BzYa3nKe3jyHt4&;>dVapH9~TyCsy7`<dyy1*Xv%X?n}xua_voJL8&#y
z^J}%o$}v@Q;BV}>e%#Lis##iuolDVOHj5+^Uv6$S?r^p<tXVCZ33|&&o_p93l&p#h
z3C!N<KxZ19;oh8F4$G&Z(tdx0kKUeYFLJxWGPd`_&Bg5<^T2)Awtl}a?+QIUgR@(O
zI-{!{XYM7<mJJ^YoY4x))VQ){QPOwQ_cD?*NYDBEyP1JX@?Ly~a9vf{r;~ulL*0k;
zhQi1G_TML3wX=*A=zlzwnEf#QK6&fmKAGO}8aH6KiaxLESKW-fH}8^o<-TR8%t!&o
zV!GVnIDxkA`=cjLMdK_CeK=L^lU*0^Zw+$NkjT;geoj4c;qa@M-<T(xxC6>~$q7=q
znw{ac^|8m9+beL-5PuN&jrQJc{7e6H>7931*ZU>+$ISMpYpo<edTT#6&XfF7Md$s1
zZcTYJeM;&3ruL@s9jW0?s&7ifo9V33l<c!`N#j!Y^ORv;05E~1JfJfnJC*55Kl7#u
z$&;L{wEpriC}*<>VqKGv*_b@<xYu+d+Jy7OYu<ER8eovn$xz-sbEkbGuxt>37v9wr
z`J6Rx<VKir(~#cD8DaH7zUWwZNOYwMBfp<r-f&OSo%BXJGfWI!ER;0Gj!#$o++~JM
zuwZ<vtz_jF#@5<@JJZtaFKOkZ$X&|3u$dtg^<Hr$8oJ4$2Bo`mxP!i)mCd`&3(LNw
zv_-yE2*G%p-<VB#s)q@!6$X5U!i{9)h^uLRTgrFR;%KW`5TTV!x+57N;O8GNT=dIm
zt4e&BSrp7E-73ZNua@xt+}iYp_UpkL*<T~4N1;h6MRJ#u=jHp&uR-z>+YJfF=ymi~
zMN|G=a1E4pQ{dksB6BAaNGV&wuza23Nr)#S%qs4;$K8vZX!j7t+U`;7&EP!ak<onz
z!4u1#{|MZj$tN8yT&T9LFRTa(?ew$UBY#G+%Kq<ut8W!~7?<!eCh@7t)6H=819vaa
z_CY_O7JubbkUTu*XD^={P$_Vqn{t`e`8FG9GUQeS>8b*A8LY2@rr<;Tp_V`if21aK
z52V~5HFo)~+hL9O$yWZ`EL<O_ql0>#@-8@0k(<3z4ywrG-LI@2_3FTmBr4yYme7w}
z3Zs}>994|G^<K00i%F)cDExDo7!v9eXl2XkXyxe3X%&lFvncW8X<G+hj*dKwH)f6C
z$Jhwy3oZ2Z3tNhc5;Rh0UH@_=<GNOF-q&D@+PRkB#S!h(v`RXrw(p5}#|4;h{@te<
zy0qk`GCCQv>AJt&Q=ZkS#-U7=Ri=;o^a{)?G>?jUScLRK&evqtVp3nrBkwvYcL#o&
zBl(YB+qKd@o{B5dQ=;yn*ibtZW$RNfMI^Vmw(7I`ndhxDcn*VIyM-jG8a3i|3$(zN
zt|eKlsl&1yzY}iMdQ&x%k<|2J5~W<*vZ(QfLuL)zWVAM468Di>#hypM5in5hkrFVX
z4?*eZ2Z}O?Sv@+|wI@>+UE|&3DvC3y_OPEC?h^c68`fz&M>}tRDI`g^aT703#QZAU
z_TobnK`r%cuQrbJ!<qbzyzSaT=y(PI|04w;tRtZJRC1u0wCOdAK>ILjIfMv!!W_16
zYJm@dhD%}4ZDYPl;HJM{Z@e=XF#>Hb?bh7YQx0tPDeh!&K+t6mwKI-Bdb7{aQpn2|
zdD>5!-oP&22iYPML~UHn;00p`?V3EJ=0FLvW#Sy<wSRyO^Y1$x%LInVz+M=>|Im(0
zH$wYVol%I<$wCsh=lx;Z9uyVA8n({f{^r7N2L0JmYr(7zJw<p<m$MIC+Y<5mVwpU$
z_s`G|NONmUuZ^Y|x?lqS?bmj%ycjlN!nlkE2sA)ItK9si^B+Qwi8D4aGOZ7ff>P+*
zmI5EqWDv425p`<sPiK<#&z}FFInjyIN%XL8c|lLLfmVqcINDe_C`7%MSL45VJxS7R
z;aCIDw{dEb&jhXx-eA>v|8+TkB}S6|2ZVpJE*<PebjHkrDeWOp5se_~en@)4i&?C>
zh*Ud%m%qs!ext{F>n_@qcYCDYejnEv)}caB+kc;iis^Q@?>}X~Z6?BWtG}D2y!ADX
zhwsZ_ewnIn={<f=9(ZGuhni@<i84Kf=_J2}5(jOn0^fiJ2f4G)jEgRBNcT0e`*Bg-
zJlT(|Bo!}qx81Ju0S3@mGT3q`g7zW$Rqhb;mDX**BxXQ(^y@-E`1={BY{|=%64{vT
z3PV_6R-V3!pfzqIq5vH4XYs(9o+4wPE5MaYt-vxNF$aH1mW_2a_wG10=NJ>)*o05R
zn0Zx0vV$<N#KEej&hOk=a8jwR;S8pIy~fCam3Gu&?IG<peke;>=)kv!{qPccv0g*e
ze(iZE+ifwQsBzVPdzV%?b&Ez~AUX%Jet)VV^)oz(EQF>W`;9-<nw^yryS+WL9}>li
zu<E_1-EI$Mi3W^6-4wnUU2o0oC(Dz3WS-u!ADa1lUMx98*9|4r9IihabZBt(>T(vE
zoxddo`=c|Tdd6hLgC<9=>uh|51Vunl=|$SsM{O1n%|EgCF&6`}oUx?)BiS(`PF@!?
z5L8++zm1~RnM1|f7=F*8tSP<&-vjo;KQa98k7>6g(z&@jH=a6&AqRyq{GyhcnaZLE
zugf?5AAy1&&p6ZIGf1p_NV&l5CE){~*gEQd|1QhMo>rzzfMwC4^e(BADMNdMIj}&%
z_Pb`R`#a$kYusN+df5Zvw2?8QR9UNpbmAIWc)_6T4M*kLp|x{lNCYC<XN3MXAh;8=
z?PcBXO|FW-{Ok!74H-`2ST#hHee^46WHwW-zlVDF;x@nO+R86uVlMk;UfRt!c?_(o
zpO<$%h^b7)mQ{9F5PnOvh_{dH6YC<AjUm(X-!L=18QfRA@nySonYtE%r+(!wh}?8J
zeQ9q_N%t{TMBKbo=RdGGc`+jh*!X2;SW<u=pt-`ysy?7jS>kOZ_SeET@_tv*%GPCk
zY#uU19AFq`wsFaHI+#K`kU~3@Qre#qaCs?y=LrM#OM83kG^e1BRk=C3l;@y6GNJcL
zQ$~L`R7**4P14Bgml=J0f8AlWyi<I{99-hD@ZEFRSnfcey6cpW%oP{?Lw`xj_Dte*
zSN{ER|MoOZ-GnD-%h`E(%3f7vuP~Vn5%D_npA%*`y?T#E9I^U@Mxws@+I&i5=d>Z+
z047`n%!vG*;$8Ai#9PGM4(1z+Bu9ivgozpjyAZp+9E}u}lnnjS+<nsQ1-xg_Ui(IM
zbCL^O_4m=XuId`%!{_!lwMkTG*rE=iJ$P9--euGSynCnQ$O|6NObyrO_O;^r_C7E<
zZHpi{TWtWmf06L_!qKx?gOXO6ingL1VI5YjPxv$^Ipad|p<v#XwKcT}1YGH4@>oB;
z@F+jEY+v!ueEv`&$T~Y{;dhP9JUoyUZvMv{rw;znta8#W=@`%DEWeIvbCl9*F+1#c
zAd)!fSgc2{xX#c#>cnQ$UbD~j5d9*R(c0u#m37hOu_@>Fko}^h+j0qhn4N`g`Nwgt
z$6iSD&pEj0?J+$hzQ|4j*1!P%p>ub^ef{RO^OW0l!)7hr)?DzEYnR{=+9=#boFG*d
z*u+zNwT1E`T>q$^g%Qu<&a8KUAhT{Z<>?LU7Cd<<r^|BPnm~KbIcX&yrhu4hK*Cw<
z3oytSd06q#DXE<LJI1;1t7#BlzSVFtl^*FI?LMjjvD+I}!0DC}u=;EDckJhDhF_{e
zq5@W{fSc|CS1XO1&w=}se2HWU+?24?^F8~ll^V_PFo{@5UP6?y5dn@nTH7#KOl(?O
z>b8a;7SRz2egxW+W*jASBx)zbvK!RdW0?Mx7zJ&#ug9s!i9?l_!n>bJQH_+_n?{+G
zlUh+W-F!5o{-%Y0gP2u04QnFerl{QPWY}DNvoW=F{F_??6I*kd-kvb$JWBGz#JOdQ
zud!6RYW?)O-9>WjxCEyvZu-!;S^csCr_tDuzp|@qKMyFH+HR_;sz}C7fDJ<bqG8-8
zw#_M)c9eL8#iej3e}_y+?I^d7&838*fP#`i<*2+)%B8p--$Kd9>|(VunWwX}wimp0
zcei_t7YIJK7|=yn>0rFM;B7t-PHZ0OQ1g|#)|!|a5M}6^B?dU?3uf+CdoHa-o$mXr
zU|vXh7BU|{w}^m}P7j|~W-n+w6DK@j!Qb@;!Do&j3o!EqE-;JeBy`o)F^$M_tbN<D
zrD{v61q0&6I~(1I1E%90)pUJm0oq&eu114sTi6|=s&)ojT|j>`4@y>S9YZrsl-)VO
z3VPrP*9LpkhfrYOqPtTYuLJW#3UF)@;0D&$8=COEbuf6S1}^37iMW!jB!W$wmveSR
zJaSik99#7ql|2~Ok@PnGw!3Ok*HbU#*QTog6%LfmgH?6WV1edI9+y+F&)U3$Gtrri
zW8s>0W~-uOqA=J2km=yoyx`Epyw1}+0df~yM+1hg?E_Xg!KBSYIs1@SKZt$v=6UmB
zi_tnOME{}UWg+L#->rK^vw9k5_0}Msu^#X7Gm8DGLK>n&rUFA^J)Wg2XDg&Yp-zDv
z=u+ZU(&CVL{oW8Tnlzr&c+OGGS$s~N&XLXm@;hi5cL9l)_?C2>r}2xpb#!v6)2ojd
zrtp)y1$GLlbE_{H#+S#Jo4jY)B-xk?T4Y#etTJ*=a7@@AD%>i#0e_ZQ9H6X)ymb7U
zQjcD-Q=YXma`td;(t7yfBlEQjr;C~<IdK#tlas+J$w>Ge9R1!-^lk;%eV^z;GSBrl
z<rS;hi+!J{dp}qXpc@L5aC%SgmQb1C0^tQ`7Zq@&y6saO(`7>qq@CWM{L0>i*raHN
zu{eHO4xe&Ji^Ngat1S*ot<b!@(gG0^#0)QB>RK=NCP(~Ich}b+_$J5va(7?X(V;Fe
zskp9Li7yyKt*w7Pstv|n{4Z$V_?Fg~xA|xv)MMP-QeCrB+oL|Br(Ruhn)P~Ilr9d5
z4-cyM_*fs1V{YBL?}nZ>E*N9nT)PkWcs;p?yjwS&vvOa4;~PEK9j>qM=iIt#c~8Fc
zQq-r!cPF;9#Edt)m@f{+KYe(id>orY7%TYFdtrPOqJtPK#M0*S#PL-w68@2t^};d3
zF?<w)yWwXa1;Lo%4L*vOo$%L>m;mB<SQm-K$Lo&{Bf{+|DS&Si;jfs|dn&~7M!Vs}
zF_brY#PPj+6f1mMkp;s=)R77T;S`BHs^+siA8r&yf|3M=Y-vGwk=y@RVR+G;s>JNT
zhyO<!L$;lc;#dJY-aX>un&2XVh8a(pL4RB%MV0+<DM@7@5Gf-d8Y$EEKOrk0A-f;V
z#y*;9g;OMmh{VVY@KGf1glBz~E|MdT|EpSER51|G&mN<2&&R>NGdv$fsm>T9lg&rr
zu^XO+ExotLM^XAQnAF*iUNGWEKkl^pZYiM@O{pdtBNN0&fw~*c6-hZu6(ckE5jlWi
zgDbsv$49}u6W$m_=_*AW&-u|0j`Us@AI0Gy20v?zOa-6TWGtnd7;*Zdi}`AQd@Eaw
zf-uEwS~wRig_T{&QFp^%=mCKNZ8=sYS3r})IW?%Xa{~h6UHuKQ{5bc#u;D1Z_Hu>~
z>?W}zyLw<DI!6a2LT4O7dS{w1iD1j-H4;E6*ury77*GSY3IM&F|K91lGy0CK`I*rd
zR{icW_j~|i$_~nQpj`ws3sW`nE*mB^!k+y%QWtdgZKNsa-1uGAIGluH;EYXB;pWU4
zn2O!3yh>Z#m~ECS>wmo#xk=-%2`!Ct*X9=@uf)_utq7qFUFah;nW#;P8GktXZ|WJA
z{-NCptMo{nMK2Gx%d%>@VCRzQ1X?{_W2v`QMLmvw@3~_e)>N#$?&z;g!$d@imx4SN
zhI8kM(K+xAs@VL`yjRWSm<@xbPa_TMAoRFaI}HyPJ-a)E4kKm$QuKBC;zKq|fJTT?
zNd2bQt=CN=_a9fXE5ut6JlR;Y90H+iA7%lOttp>jzLXo-ra}wDPqDaPviv52zGCmL
z>s{tXH`h59R!=VDb!5*Fp4IdBsTa466KW%Yp~<G(GvD@qU3Qxdmuu)}Vei&4*KZwu
z8^B!0(o?|@K*_^fq~8G0=;)BzocN?OXYXCS=G~aM-`?zlzVrd1;g3%SYL{U_O**sZ
z2wkh*MLf`=as6=V9?FptK=LR?z>5C#^R2ea;9Kmd8HX(CgWa2KI+OAU_EUur^VB2B
zmQFg&)X42kph7Ah)c-1BJSo*8rGuho)Xv}2OWblS^M==3ej~;6)sS85V8mDF+vO<m
zrfZX5Bq`)3o+)AArp|ZgAzs;{oGEetCcQFl3R-;=QklTI&-kRPImYWBtHXG@r>DcZ
zIRgK*amgn-O!K75GlsjuAo>KgYCnt1u9pXlk*=J27Uo)X6UPPJ{2@*-+OK`3kuFlH
zSKGr9U?WkGb}Mfk*LSRD3*gBfPcCWrSVgmIW!jA!jW-<#%q@J(MvCZjbNWt>Y@G^D
zZiV!0ehNl&Q+K?)>7^64x6wLgiy0mVdJP-CRy=8!6H>Q9E9U-OnG?7T3$Ny&^mEHF
z#msEWRAx&+rm$trij_al%fu(Q=~q*<bfXEA+f05_qz{ejr!iyW=q8><#LPzeOfxqJ
zgtZw%Th<1HvjvDQF#FuhslM<G3?T*9_$`Y#(ynQp+d)tT*SZ`w>&DKl03p!z>PDmG
zpAh+%Waw%&XmgnxP-S4%-E?~H2?&CU*kgd^13dZlar_DVar{ZD(Yg_rg6;Y|wwt$~
zuiBl(AN^X`U&+_8-|!vLnuGQFa(f-NA<oh*oa;CjXb-`__pr{(|0+(FS94Yl&p7*5
z_P>4mW-4Y+xBp*YnQ@`E%6BmpiMW!2Z{ga7s_ZHFYfYxo^V+7YGyNN;(ZZl*;6Qa<
zfF0|+vFXJ`=X)yf{XO7<6TQJQwPB@Uar~u=v;COtgzT8?H1{a?B=<OAMs%rrx_iER
zwtKOArW;2-98^hQH`%Mr_s5u7TON0$K${VF!c^OCF?66F#1zwHcFpv=$tr>=g1P}a
zWmKRxrV>luEL#UJWs*Z%OGYQIo_xQSw37C8z^6f^lJzC(-VC~OX#XG4FnpapPnus(
z=y$@w&<56(FAyA}5vjTvdlaIvx52@>YkQc?VVb%TrdUN2^%X9j><MGe6{eIa%LW*p
zunCLX<t2L&y??m%l4nGqG-ea|6%Giq-q>Q@<?@5Q@Y+9~dPRHAwO){|k%Oh+vJwP#
zZ2-_9Y|pwj1Zf~!`2>g~F%4V603?x^iPr6&eHI*1s+&8r0)%E;94>nUejAvlE?WRX
z3@nzGJpe&q^X6p-Kp5B}<czd^inKQD3<EfxQ(JmQ@Dd_y#kwpHiR?TOs6M3Nbspqz
z-jZT*NoTfVT$TexR$1CD6G2k2lv<6~&DZVMP1kMLE!Q2_P1bE*ds@a?)>?*ImRhD-
zj8+*O5<&8UMcK3Hvn)2vjnb=(=c)clXfg=J;<F~l;qDp&G*Bv%R2CV$V)<E%<H(N#
zk~9XXjxxN(db1A4G45InNf)vY#R#*M$8~oSJ`BQ%{_#2TtVOBybVTMfZYw`{MiZFE
zQd|*NbV2d*qoDe1d)CwhlD*mbLVe9@iuU0J3*HrRNRr=PhAVR`NM9O~3cJ_lD%{$&
z{@sxdVWh`3d|k$oi8nrTG~bnTK(f3<LrWircfjCUWjwNUr`U^;8=GuEtGxV?zA0%{
zj%2_HQRRf;KIvHwwm2WN>@$6jT==YvO(mCV21C9aXK^cLNiZXZ9CC3nX1N4?RgyKe
zlucEms%bJvE^AgPLJKnqB3F=5M8!xi_jgw8xXfK`Hfd50kJ_NMOka(KQ7frplzYF;
zRlK!)UCoivGpSvUe5+c0CW>h?3hk>U;;%fuO@6&4>_;fAf!o#tR-3kgo~s;Qjr=!J
z%CMXTi{tuXe&Y_Yy$;7LN8;AXvAO+t#^E!q_~vSICj;q?w%;8d>JL?p%&j3PF49Kw
zMwysdyf_j+HOh4wF&xThC!>4_9EmRGh$_)4q>)`x?&7bdcO}KxHc}*dlsIHP;8?R5
z6?=7NYkr@TVIr#_;Dj?G!oqRk;2UG*alRtkkYOm$FbVf30HOyImNBJue(!T|)Mk}u
z*$1x6f_%DbP>}u=fz3?eq?wVC@^ohwC|k2YhJe71;4_rgCVj-4g!*QPd{Y%bf?G+j
zU{y(wf|T)V?DGX-G$ERN0^z6D0??ziJmWfMw4SNRDrT%6rn5Y7o#HEUcm{##A+5F1
z@?Xk%^1!bYzXGu{z9@zpe!=UFuokiql0+F?8e9sN?Mh%JR{o0jCG4Fd2AXE_{(i6&
zfZk_I{A}fYTeGL2mom~;cVSP*7B`rM@h_cy*wW>nf_fZn;%`cB0MpK3rRYdx-`gj$
zw;a?%81%Q%Ujr-q?;Jd@$>%L-e6Odm+I0kF=!!sWdUQq4MvFRqqawkUPa4ulbTJ`i
z{J3>2`oWq+sLb4AcBz-G>cfv|y!+PtQjW~c@n-uV*Q|A=m{hDih-*O>73~<k>)&;;
z3p&q)xxGnOJbr`8xc1R>*G1YDz-H-_CaM<YJZ?aw$Hz!K7c^}f32y}<Kh1ygkR#~%
zC4`Lqhn||4ZEn>%3l!1Zod*n$Yy=FC{_Z}s;5JlLS$mg1du8WEcq3Zo&q8XXLa`vR
z{%I;sX^rhN$XNW-Mo5u*!A5#D-fNC4L&|oVg)8WBT46QyamL@B0<l2-7zI;#X*!5X
zb{N-HCLq6bIu`{S{!7rXvq>#mlrOa}eH4XR2zxId2S$yz5(W+8F9_dYZh4}IraA7$
z@9U;XO|9thrPdRnVfgG)mT-HqLDA5tcdVF=m{a6Cgc0VtBJG4#qVV6-YVbYZR1jcM
zGHq;vvU_3#2nUI1<~Ty>LkSuKO;YlIX|j)VkC!f>BBNH6hi&Wi(dZ7<4mgLy6U5*v
z&1r@rhaz)rIIlP-)8JPVInGk`IY?PEVBweMvQyFp>o5Kanf9n;x0B<&R>+ZTzOmm3
zay;zxVr~2LunRqM6#0do2W+gcc4s9U4V(4z<s(yixQ+Lvg2u;gn;m@;iHR*lc+wC_
zCf(tDMDa;Gy!G`7p4vq|R_%&nEu>}6(B&#FjY5t>KDOEA9W1_!a%sH=`t-E)wEW(H
z2X)F^;v30R_`%rgrFO*=$~VB#OvHn}MBMx={>%2A|F8a65FQv2)@-)e3tUWce&smP
zJg}&uMzpS7^qnE7zWmeLq1fzAaUSYH{z3{*m)`0Zc`I_8hh2@*h5Yjtb<c0Yq9+JL
z_7X&&27+f*3QE1X&@YEp6fp-PO{weZwIwSV+QJw5PYNoIXxjde7U<kzcS<<bg&t8p
zM{-Mw)}?6cRZ>3x`E*AoEEP~Nbd2bekW)~4Java6EI&1Kdk51g!#Xo|htw%oGjn<e
z-&x+t7_;%=`GD2IoM6_r!#2FO)HbcQr8eHS=6BlDI~APHU$>|}9cG}<hI92{MU*jd
zcV40;UpCyRqrATFY%Q$j;X=s?WDR665h;2kX!7GUFkwd|R^zl)BCg{qWss=sW)Txm
zkCj|yWM{+fr~&5x6{&dzB*Aj4%BvCj{Dq|#ADgW&V%k_yLAy+2K=0)F$lPxNBP|<c
z+XyJq;#?bs$u%OJ%QDQpHHzMyu^y-PhxkiMC)m0(k;v=klPOa>PRA~N^=u1qq$a&X
zX#3+e3w0O09@Hr%Tz>ae)!`jzE%nL*+QxF4q77K~3te?p2*A*3s7YO63yFz7BXzB+
zd;R!oZ^OU^2VGXPMto+M3MZ#1%hNFZ4>}jZw)<(9yf<1pYAC|I!>mJ|Df%G_JtBFJ
zE}0yp#$OIom&zc^(vPuhj^F~rvLer5D<r1>i?%xPgzzsG`gafM9YpO51>gUs7%_~#
zyW^>0sdNfl2gRolmBS5Rh}pun0TTp%U2S}=*jyZl^01+B4{b|=ma#Mi>()wE#4CmW
zijO9>qcV*~$%B|8_W8I>yMn{v7RSQx)oKktn2CvY&34sIon8kXBa;RNQicRH<JPIr
z)pTx>eDe%-6~T2SIoj$*mE~l$+YUSE`j2t*eYyx{RYafUpAuEJ%D&^5VjBcGz(YCV
z?DonRRDp%$<<RPwoJ&YKQl}?V_MJ)g_t<I4TJu{I(W6hfSHHXe^A}e>Vh2$?_x*Y^
zK0=RqtNrhOEe3yv5mQP}YLjkIXHZ8X<oXHCG?0B+HvGwES8~U?1J$tH+Ltmy#SF`<
zpjt!yue_R=?5hmNcTQqjKQT%ns@A;!3=<;$J?;;qL_G;aJ$e4y{W<)A|8$T4go^(Z
zjsK*G|1^RB#Qg74#GKLDSFs+|OC-)7LDNYJ?bmDs?T{GQo$B!WjCs6Wo}zBtk7<1N
zy-#d@KzxM%FnjsRiO5&^61e6M2xXAZbBHkM9g@2#5Vm+n+(&aa&^H;L@ks8)f!}2D
zf3n(t5DzsW)EKS7ij+hAv;Qk>IWs-)k<Yy3G33~wkl>JEsEa%4d2gIu+|lkn^3A$Z
z7!Rn0_$j_W8O_5Bz2ZH7^4GZmgG&fA)FjkN3d%`mG$gpVzh!VpsK;2_{<gN2;7b0g
zXd$7FGczA-Z5v^28)9u6ZEYK5t&2G`k2ceYoxdX+?GnNU#&rpL4Dt$}e-G12`D|OH
z>0FIt&3z(iHy7GS?|^uiCLuV-w2C#a%|fCiJ%@PJeS5s*&Tb&PG^6N_0G3Dp9X9!k
z*KzvCb6VGb6r5k`jj5NBEkYuHa9`E2R>6yuA(6U>6Co>9uK*fxSG{zJ9AK(~K*IOZ
znKH1`G&611i8jKG^o=5`8ms>~AP@%gM2F@nB6#GjC=kW~{%Y$sJUdBBH`)zwWN>qD
z0WxsTTRJUK<-O?}+go5)!NdUwu%xdf4O@?bmU|Z5$a0m$tK=n8j{ySec;C6PtZ_f3
z=#$67?H3$>Lm%FyZ{#nd+#;U;s>?e+MRY@jl=0={0M;AnK13*aF}MTPp$t6n1D5>q
zM-aI(!a3#lDnjub$;|H?(L5nSnLI(h3=U{d?u779Tr)XeR5sP(YH*s`t%;mNzNo0<
z^fn}Ae%l;iCf}Tpw|=m4Inq)QwHuCJ5B;LjoDhdj&O#O0{~I8KFfkqLD<+kIXfBX0
zkDIt)4!a@-Ni^F-Y5j5WpHgT04@Bk>Qe9t3YkA8Pd1yX2cZmrXQpXIbZ8BO}O;AIX
zT({U-42u+za%!Gpp8O1`bnN3L?pr4wBQ-|2Q?FvTAvrJ@M1x>GXFgb9?HtteQx;|}
zcB-vC-Ky>tL)zL3o3==;qt`2S%IauW$=zuNop7aC$S8S<D7AjYX9lrn{$bAyQ+*|*
z<RznQ{*SU*<qraDEUD*@Sgr4|f`vnj1w)MaLyUz(6?sDy1w(dFMCI-RpQ{E`kI$^_
zvxK=<E<ERoqNPUD7=(vED(Lc%kJQ>S{L#a&VZRMv{A+akWz>A+_nZX8%BEArdXOX<
zBPwthf}I(>{nm&mgzo?(4djXE{gK&ERH%5M$i=9AUDA>@Dn0|)GO?cX`n>ACf#g8r
z6a-*UUSxV?kZjnh(r9e=LTGIFmYxWl63B1bvayctXt3;YGnhu()~(@iIa01Ix-ZqP
zzApmk6Y=-o>gr;9J1|Ff#NhH@)C?pbSl8`&G|_z|wqbkwF-Pj3{<Qfp1Fx3FcQ53s
z_v;kh_ucppQ~j_R{7d|gs>Kht4*%st*M%?2PcX_)Xi(&n*(Rx3Zg`z?@3MNqA!wDr
zti0zXf&O!@|JQi2FFT@e0kT)X^K0a6`p=NBCb?|BEX54YrSC7^TDE`q%)=f{YO+fK
z61pei<%yc|(fhw$XvkxXs}0agQvR6)rvzgNNmgUV{pLF7$v%T61G+dF2E8~N87975
z>vr(e^g+G<s~J1Je(oSg-xCu`3%io)V0Y@xyiwVR;ypAG%96gq?Vyg`Q|-WsJz($P
zb`sZ{!CwspmCQ6Iy3mw?UJEK1exPr=nY6H}^8RdAX;x!mOu-uaqhty<vob%8ZH;6)
zk3DYYtw%bvcI}n(Z|znhr=RG`Jf~OP8(|~fbH}EG^Ag5(r~W$f`tNndb=!65b;&g@
z9Wsr}$PW&=1S<K+q70b%L0hb*a>Bnn>X{WLc>*W$s70Y_dDv8N^5kli$HDGu0@T?l
z{wb3(R>f|!-p9#zx;~Vh$vq+U-%iat^$n}PX(cg^{oJ>$uQ+4Lv|w!wJ!5<snb>FJ
z*N=(Q8)n{@;g@ry_DpQpzi^FN7r&r?NC1xc?RDK)xr(-SzqSf}C#6GAaNF;>!MpkD
zT_&VJ$`U{y8`rI-_cz`)X;s&ua4_Q}<0Sp0BEmKy1I5MdHvkjPW$r+8-Pj!isjaOc
zPDv<)m^^I$>oYPm0)2z};twYcw+m@MdJSNHwraZSTazSkYgi!k5@j<HKC~*diYm?q
zedn_cx@nwo^?$b^)|_xf(LCzk6N)0$JZ2>`S-*jcVe_(HWMjW`qQ{T@wj^c#*ngX&
zFdWvEWxa=vdJ{7oUYBLj=DFsCk9uP=9FCM_-Ky{_i|q^jM1z?SQjCGm7Q*wmv78@S
zn+N43dj6Q`rmYL08GJWYcn=)*3s1-Bl%3ARJ(6a;GqbrfldNndT3pAo+kmkn4WSH9
zEAYls#gYG}#6=DK<|H$UdnwuNuoSTV<Bu*DasFozNuYyt7zU5A(9ft+#9f<+j}IKz
zjlEvFW<m~ZIn?YqAbe%Ps8Zp<2JFGPPdke-N&cP?nwh`LD-~?3z@<xWs@@d&+I=<q
zRv3^zxP4PMa&f@l4&C+{HU--xm>&OHAv1t#`LCq?0?Jwg<ZS87>{S5KR3s%%VE|hG
z6;nl^BlR+Dg=vl3(A$A3*PJBTbm`r`V6wrFS{ym#$-qC=5ozR>k>LId(*T!Wd@|={
zCFKV5DBSAjB>*j8S?7G0t?0d*M_xvSe?HpJunNlgnG=1F_>cYX-)gm`GP{NQ6Df~|
zHg$0Eg*tj!*nHuM@`>zyqmPtusi6vMxz@bh3F>`{k2JH!Wd-`e&<W>#>$93)RTsBv
z;zqv$F3m_$nnDRCjh(t|Vs?2_d1HB0dDh5?#>k$-4fj*JZRYDc&=V4HIr(M;Bpt)l
zP(_%Tod54`K2G%h4si?a+`dKgOy^TISpH#KsiWJC7aaC-wT1uV*H<HZ8Z|vEB)%sT
zkysI$DdV$K%Eunk-?c3I*5ne%4#9lna9_ERYrWe6_b=+Q?K=iSJ*px~{@u!}_t!hJ
z?HO+)*pHdm1qOESbRq8|HcQ|?v}I#tRK``YnDbA&^9Sl5>%+p&hR=KhX3rk{`@H3p
zMUw$>^&-i?R7I6$x@8f&WwS+;E>FU&^xT8rCym~EUa6@Mf9*rX;;o(hB71pdppbLb
zMB_@m@3?WrY^%^5dvei#UJqaR5#Km>4anc^FCJL;x8LR7Ms(yH;ML)Y8S?%Z$9{Lf
zhEuTmv&(|uiv|v{H5>gRfH9hQWKMTDL!go)t0nG@+F9BekSX#_;Q4F!_q$+`kQ>ft
zVuD-hB%>K#6@NzS%|Oi0!i{{YY~RxnR|PAm#X{=?jWp}A<-V`T)&6#s?ZF)dJT6cn
z<Z~sFz|qoaea*_(SABuUVyi?>sz6-G(>EwXv(V~Ew%$x}4XSU?^ZVqG!G=0I7jmqU
zLq7iNMj;yl?HT+xCSagGgEm-}5sL90A;j*o8BgyYU1#w!+~~2XC*5Iqu2^d>-<Q$W
z9c#K+jG^z|O#bP9xh?3UFRco6M`R8>qqu{ENoy|3bU>ZTZ}X<b19Alo+Qq+Wl3qsr
z3e-u<qEwPAFlWj+=<NQM{MwmLhxz_V4WE{mBCx!!96A4TL$NU5d$yhSE#N05_QDrQ
z?jL`IJ(N_VRW$zZ;{T_s<{k=Tiy4^_TtJgwCQJAKA9oK*6eH4cIV=Wb{LnO~Mw>a%
z4@-gnV=GRC?pLBhvv(-)x%aOROmR-aO7AyKEsww;nehmCGY{B>x%CW~g+u8Ky)=VA
zRW3|)g3}nRZ_kO&2@-9I3cuzw5?}*X2e#TQOHC2x*0QR89;I#+&-WfUNOhK758O~r
z;@xWPAEvl-9-iDzw6<+O3H(M1WUrflyY^Zo86OQxETYI#A`=ocVC?MCwZ=KNabU@3
zcD6H9Fnv(6F%Ud32i!MuRjkTcPUx1Dn41F>ubJ!s^NaXZ@;u7&lapsTE99lV#+Cq0
zOMs~o;cM^8S&_q%jv)4CPJ*roN0pftpY2olKlp=sKxAoY>B`)h1q5<)6A>cm)NmLk
zd7IZ0Fw#nIDZ9p^bD9|@-RRrhet{0)J)A`v@RO1(7z;W0avJ@ErMRf}yyT6V!I0Fp
zWqR9Tmm5G7!dPKZ^RnXc(vB{O!2=w4{T^#o&MD05;|<R$T-UUNr$oEH<a_;uoLd+l
zL)+z`%Jcd??9#C&Ib?~&MIILg*w);8lFM^Tsw`z5Ei2;UB(aid2E$m=PfD^FU@w(D
zARG{NeI8&IWO29C@nQsWQ+_hhvH0^?KSE9R*&al~Y0**(?f_KGcV*E7->;jHeJewi
zGMNc#qMZbvCFk#|V&$m0h%LA)6gundDzwpA_LKDvX39;5vNWIZe8+l~HS{(3PDcK!
zv*s)z<p$ht*Yhxw<=U`K6iR5`tmqx$3J*Ka>Ph+37!h>cn(mFlmq)iP`nGK!aIL`y
zobGHab{I^Hg{39RkNuLCORwrlwO}~5Xqfqzulk2#?s(jyF_~f5F>{uAL7Mt+75HW!
zf*Ax8qi72SXAM{5|Kp%JFHH3@Zux!Sx?10`v0*PbZD|xi1dOc&IVe8NyFY-Mpw%lH
zX8dlAAaQ=bmey8&u5MZX!u+0WSJ!%5pcj=@X}eWNYyr^KGE`bKmCK<@S`%O?7rU2r
zLHgC)I(!->AC4vsy51oS?#M%I>r*;demGPp7a3n4U%!La>)`7?fV+<tDway$ByAy^
z!hlJqwrnLk{@c~(5>~{_6iW|&w_rBrswK!>(%IiWWw_5)Evo^5%D-Xv#XQ;aPKmaa
zB-hW2o>&)bQ+C;857T7X0Rmkhlal?@kkP?oW*E**Ko%Qxr^o++k>z1Uw8dcim^r;m
z5!6p;mILVKyPdJvs8lkDg-ZJ~q143PD;Oy~3b?PfvAgvB+(bOyum|^2GvA;)2y(Us
zE)1R@x+zOc`2!$t9XISLDV#`n=o7M+JPxPOu(kS~!}qM24$D*eiI;g%jY0$a;$jk~
zR5WCECbDBS$C&*z?~R76fM*LunRn!n5pOf`(@12Yl(iaLPEVbn;Tio#_X<!cC_laM
z<;N864E>+d3nL-^DU1HSx<1E=M_jfO;J>oK2Yl+3j9_iu=VttcQ`VkOwD#81AMgZ|
zCa1)o;HD?0#osgjNVoHO@=CY!@?M<%I*NRC3@z}U{u_Ys<0rcogD%q=Hyd+>x-H--
zZ+PpbC*GvV4sPkr?e?~6W_sexfN{7XVWqW9Dkis5)!Y^^)wnkw5N<8~un@tNhQn2Q
z$vaWlE*W#wRCe$<WdmN?{NhG|*CpIh(5u7&@rkVtf$+kYFA6HtBq;9R02gN%pR=D|
z;c8$gQ5)``FN<8fe<W;nnr&!K{YCHvILSJX$3^U0Wy@5v3)7q5l@#MCO;p~yn^Y_z
z)I78unEA0@3?2;b_L0Eo*mYyThAtOvuDa1RIyo-+Ny~!{d5n~_r$L72!uO*OQ&-mK
z(*c)Xx>47f7f#$~tD1st!L}(vpx5DbZ%=e(G*VvkcSuIi6r(p3KnjKQCJiTcJ|$L6
zDlyqu+aETn)imTtFXG=-CRml{_jRq#+Mb+BPWZ}oIRf2wa-1k`^)dAi4Jys$R-T-_
zlSwZzCSZgpaA9jiCYP)jGj&@5^`5e$=U%Tfl1AOj{}*9j8C6Hnv>B4%1P|`+?i$?P
z-MP5C-2^TWJh($}ch`%%ySoL~i^KB0`|a7?U*GBe(LFWYGiR!+drnoI=ZWbWX&GQH
z(hV`ky;uM)-|Uwjk2XD*v!&*RcOm>8K~hd67T~zd{#=$ju8Ya~dx{RNR2Msl?h~Es
zuBr0=`{Cc?c&Uj;%)lF^9IZTiLD+^nfpqUV;7D)hzig$(Xs7RIvU-(>X&sh(yGKFz
z$@~?H!_sa7I$pbwc<10>&=8STqxR;ez13!@cy`gnubt&_OX*T~dRKlrS<dbg(GuKi
zWFEJ`Sz$X!!mdVXrGd}&OE_x~eWcK3@no5JdgOT1J+S8GCF9P%zo98Niy~2`>e}7q
zC}OnEs9adsT-8Q*@7l3#zd-%G+W9c3IsY5bmw-jEo>T?-DU2)8Y*HOV4Aw1c$Mf3m
zo)#KbQc^vG_Z|}OL+*1ClQvVS8rt#=Nh6taxu$g=#D56trgcms_Qlt|9I@D%48H5U
z0-p%_T^t~sq4dvBGjmr?j9z9N@%tT{*yxd2iw9->t?c{u)6jJ@FWJ)qR-AcqGgs?#
zPvEqv{yy`du$w|oft@=l;-so&Ta2czA6#NldW(;WaOH!outRDpJPA~d+{vG$jFfoY
zPLY@l#nfeMUVqerF-u`bCFW0*j?6!3t2`qNS9XA^JFn!$I;rbal?l8SuBjzwqsfju
z1psrO^_fBT`wL&EveES6#w6^C#R=Tg>IL%6lZjQ=RlE@1_XLFi$Oq|Ii>LJ?Rm_E_
z?wWwxTziziXq$p<pCY)@EkH768y4Fg1<%QJYBGjP=r*&Bn(1MzmJ$lP)FbVb1!(AT
ze+27+QP~bj{gVl72Z$~kb_az%EE64XXufosjjG&e7J6qeQFh=a@4A!}NzLityQUjO
zN6PwiI4X($2K0GqlvmAh6OVb+l<S&kjaUEltNK|ZJON=x3PX&TsL)lo)y4NA6L@?=
zYs!c1hFZjSz2-27jP=?}X-2nCd#cQalET_PJ&)_J(>r9XkEuM%MutH)TbIa0JZ}Z(
z`huiP$Ehk#bZkYXIZnDTd$W{|N#KLy3)7C2>k_+n)@gDn<|Dj}{|2F)d_AM7Lh%hD
ztPn8W>2HU)V|iHyoPoFV(_7|3Gwr^1=r2f<$)MnPe~p77{*~U!)8zkpL>FJBSsS2n
zmdom5nojRJjwZ3S(6=^3kU^ZXX>8RYjN(Ad1rVEEP=^1-Sc+54$rYLs6b_ZXDg4Dw
zHx!<M@AzUq`G-upt~;zcvW^FT-5Wv`XQpErkpVV`w+DaD;JT&zn&MZc*p1V+e+RsS
z-azp0_Fsx;Sg>9k&z;61x3{A@CyNzt1(Ru1%ag|&HY~;$63a~Xo9+Mh*A1o7_;Z17
zZELqfA>}8C37^;7j}T8JK?4FAOHNNgQuheVD2!UYK!e-4=hz9c((!S30-*J0`kPDD
zC1!HKMTd#tg`-KE95HUZV2y55q%|^_XCp>n!x<Rd<ZKbZfYVYl@<Dq!EdtFL;1}Sk
zcyd%X3)&)y0Sy)<6OG;-KiQm%pU^kWRx&d<t=G4;7Nqg{j7%ya7;0-YO5del{&j3A
zJV7yv>~t=^r+97_6l#PA3?^H%t=P}T;fX{CCs7hgx77*RXCm*N)zT2;Mk7rsSM+{<
zYT?Mr@_$fy+NkiXJ?M*!_$O?l9`J9VbqN4_=*Dp{cGGckVAAxg>!DCKm`eY`e<0-8
z;*!v0Z=>Vhr!(qG8^ewQBH*|2teZrBJ<ek`m`uiJb*;H7a8G=as}uk?JN+2)S?E-;
zd44h(#ovH$Ybyn0#}D9P;YNQE95qnQn=s6Ly|y7ArKI(CB)40Cw#UkRGE7_gE4u=@
zGNU@jb$3adRi$)zdJQZP<Nub#-&S$49Gs9^zn60cP_l>BdU1H@o<PL&_K_EKZPDw3
zzxGzm>xB)u&;h)QjuSPwD|WHv1ROS5&r%uG>KnJTT7DJo6zs~dHU7DIzp>k7UxfF2
zGx{C=g=>*xk>!i&vsXH2B0QOz-Yu7H#5?cfbIg?Q!s+ezL!g5|r7oE1ynxA}-Oc+j
z0c!$H4mqO%rOb*>K;Ye}j*|D_n$n>zJC`cSjxEQn*IDjnXDm@Eo{3v%)$35s(x>p)
zgr*I=CUg<rYboHjHa&ee4_FLMZgCg1n>ekQi1n4~fD^KErU_Wi+5dJ2JqcDM-n<f@
zXD5vv4JB&T<?QPi*~!_i&>hiot7PVnA+$Z`J5|BIiNww(&Tc;rncbTN@|wQ>u8JD7
zYT@%bEg#6Y&O@dwZFbXUc^pyc{ri!X3r;c0jr|~)E@wV(Jbn#PWW?wWMU`_MT5mYa
z5L>u#ib!iHx4VGJ>VPQm8v!mKmcx3|*ha#&CJQU_Vd+4U9sW!Xo0^6`F&mpdr4HT&
zZ{PA+Uf?<yBl5V*Ne@K4CARpj%DtzGm3l8u_gcb$-Zx_nr*(ZE9<wjra%t|4uPHih
zMQ<PAT0q&6z$!-Sm?fej#A`uc*Sk1FVdA6NTwa6itl0|t5WCm$Ukce#I)?#crN-ux
zGp#r#M%vydzi9!_3t-H;0G*SPXzbCcoQTEyfQR`Ues`<w0tK_kopY5a=Jgl`Z?2bg
zXRXSZ<Cod4ibW~`4lktX^%uQ{@b9&TLjLXr_n4mhxNQjy-9mOB7!3obVJDW0X&ck_
z0K_{@ReizL_NtM^wmyRPtc!cQm09+`K8^Lynwnj!q>?8$tC3-O7unhXPyW*~D1QIa
z!O3MmUol|GHeisfE)!wgckx~^%2w_ylIu8jmdjh|1$;8)lbAkucPJKe?uh1ZCb<B*
z?QcjU^j!hmkUe+GFx?{*w#>2Ix=62JD0AiMpZi-UpF9QqDytL%&jQEyTM%9R7J|=C
z59~BriuN{LK5|$7{7C;+rpf5I;e1~n;s^_I#^b5WZ|RK+(Y!)#186$&VS3d)jo-!K
zUw8_7%-9;&jm+a|$^U-M?m+MbpKgq`6qR4!bCo7n!*|lFtqHgN`|C5*7^Tygi8zYh
zw8w~P*a%E~hRt~a8%Xk|zpbMPOy~Kr*<a`{d*onJ>8;<zzVc_$2(7nnt6wLDqb|@#
z`#{+i+G*?7_}m0q7pQVmHy|d{{ll-=8qz~u&uayCKPRb$FB*<MW@p?@+;n>m%)Ka{
zuVAE7XYF_B3cY6J8~{7>rdhfD3a~dG3WO&OnbjGd^DlS6Aqot$-_o?H*jd@|I2uum
zeQ_=RVzG|3{k?)KPJ~ft%oqz17&06B;fp5VASU$1Tt`J2AGI*HA5|O6{=2^ZWRu#)
zMS0T;R@193zfGc+9)3QF^)@RKJDkqn`M=#;qko3~j4Aj1K_LoJG@~(5Hik1PHmCV?
zJ@acP?1v_d*uH23%=ZlM`utiF;SQP_k~~$Y3MLcl&j$j(Bx=-hn;0NrLQL!`%xmva
z`Vl*c!Kv%9O+*HMd^c-tZru>!RN8Eh3hR?f{|v54=lim660e53i!YW8EoO$VYrRHq
zleZzT!Yv+#o$puICvvrP1H;f)bwW<($j6BRY<2X8kKKcn9npumRMz$=m(D3iH)S4o
zr|EhSE}jMXg^{+6f~lIt*+WChlg7uyHa)}g4$s?@Q}#84HQ6-xu_{?Q%lCg6;HSNA
zC^3We@cT4;94y5H?G~SPhfKxUlnB_fWSNBFOJJM&DYyM{Z)N23T3N@&v7bhrAE9a{
z7T129`&)!>jhw9o7ZFl(9gpl`!T!DiBHIN``Q?m$0MknK*yzH;ue?Z~-5x3`oggZz
z{2>c=JJX%d2sOVj%uar4ywU7BpHAgBlPvuB%uDD(P9=czi>t>%``e?4m<3E>$U&D-
zNh)hKT2K}eKuCFgKXbkMEK2G%nJw|ptzUyen3V-P&9BR9evskwM4YD=5dapDe7&fn
z4{i{n9~BUz%Cc-_+syOc>3LsG){lauy3{>-V5q%=Peus}l;++%JKRo6u0**WnI~`G
zN1xr+nzwF9HjGHlBX3sn#=#4G)P7EeDNm$#<*tKk&B222i8w)T<qw{X!Jcy4X4tF^
zQHPslF9B<&cg$YXFBL^ASq865cW)uX+tKIe00hK6q5g}<(E^D1dnkc-UN*RN^_EIQ
zKXJF>LC33+yLp2tf2ZM$@V<jOny5Cax_$GF!p6PWV1lrJ`PZtZrQcd&e6jW;@Gxqx
z*Y|z3nFFSc{z4{RC)f1dKWH&l%O|}BQI#^iw-Nu<2YA;9s;^yTmJ_XFWBK&St$)hm
z8-j&{xvQItg^B%tnvSM6-w@b%*-2PP{?pVWVdLg8Ao+h~9RF9w$;Ly%$;M5>#=-S*
z@xKZW%YTXgZ(--){{KgFehB|Fvw#4zq_v%!g$uK!or#-;xP_UcxdpSlg#*CNiiDMw
zm4%Jxzk94CY^*$7JRCwo-w^)Kt9oUeX2R<0EzWmM`YP#J)rkBg`i=Xe=V!OET|`t<
zP3)JfArkz4Bn@f9DEuPporH4BDy}?*x(uq%)U=AT12Sutd}YhyP7pUpDPgbYIlmGP
zzhY-S7$OJ0nC&2Vy%6-wcHKxEiW%yH`tiAw##p5{Zh0IW@R*2$TDXbw2hXnD*2>pG
z=?VK2U=yC?)S*0G3w-#RX!DbO7wX|89Um{9!TO(8kn$r-Be9iXz0>gA^NIhb!%R58
z!Nvp1^VYkQDvvMk8;hS@iS?TMbe<Z{qg|nz0nYOil|nI_kR&g<9|2z`?nM_v{vHMR
znean0VgI&TR{#w*=Pwr4zbeyww%T3rhI##i<e_i$Yj^y_hr3FU_U_#ClP>r(OZm~2
zPwOUs6T;z+rm?RC3LTOWUZOVm)5)@+f44$#3_@!20>@ANbsxvSM(c$epDyFk?U?@&
z9$ou6ojg}Tl{<VH^6H$d8_tGE%y9AqV6OHDC}nfs?DGzqyesNoV7_-5JFOuVL1kR=
z+1|spzxgVz1wJz~!%EA3w$$4{+DT_V^*3oKIdGMp{v-$Vy66kVCH4te9EIf~<daMO
zfPVTq^%*6>DFb2P=W1TtaaSQ&xO{Z#lP9jcY)?UXObNE;PgT`RV;JgcgZ|xCRqTHK
zH$}U78fJ~8?F3x$ZPw->*l(9qoXj+se1<hB56;+Y9EvBO$Bf9re{uzqoQe2DXVZW7
zEa3R(P!OAm3E&pxP>?NUrFqY}M^%`<1v1i>8Xur^gaV~{Ts8cv0%l3LRS!A^^xr%w
zG~U6E0dH482ZuN2>SLphWUKJP|6PHeJItY@z$3vIN4XxQ?K5H@lxa+b|Dk>jWU#*F
zHh02XsP2RP0Yz;rNHkV#0&D>MWJp0--wG0f`{CrLf9&{EUZ%}KbTkTx%<@LLhTLV{
ztj?sBwan0=_;Q!ZBGsIt*T=Z485r(sr0UObFOb2rwGXb?-EPD1^jZMUpl@d4y~R%G
zm)^=2kt<l`p2_nZJAQsQDtNCccHyirY;ftnwjew^Z={US!)DZH0dB1E*6F3C<KZ8l
z*cjAVP86pa8gN$BnwHLfPz7bD$J<ZVQV!~kQ3V+m%@=FP26wqC&sjMhWA?UWnn+Z3
z6cnV)pAo5hQPJ}Cl9i@KpJHI~7dY(13K}fAo~Z~L%*}F6$FoOpDy!*JaIN%TZosth
zj4;~T4_@nhgCMiE8_`WBkA&-&n0CopQbnWU$NS>-u`JSZg`{)cB5`_fZTa>37<6=O
zl+iN<nq(41_%H<DoV}Sa0ja3JKfDYan-FopG}>toS>L*aVmCB$b7`})^HUJc$+-q=
z+?h0RBp;dihOqZ-=dOzZqSH(i04DNH9jkS@f(%|xQ-7v-IO+xMXpyj&@Oz;343!4R
zeS0M!Ap=f1gw*M6UZzk?<zuX?{W+6R+>V>?Z?SkW<tqCr!myg=QW-25jZz~&eR~Oa
z9@*HJ4JUBiyYb3FO%07|1|ZG_G$&p}{vJPS+hsy)8K=4=``Dzg?M#ULLFs_vBS1{a
z#cLI>rWvk+`E_p#r7^;Uw8>RL3ng!m-`vrPq^+SL)Zm-8llNX77jiOB4Y&vcW!ucs
z${vOP?9HjYBbx88sJYN3qjhq~P;bxGoypN@oK$dT)HgdL(_Ll27yCcs7LN9t&=$MT
zA)^u}6Kpi0$c-^hrh<HwP0qy~zV=HC)@K6``t*%@?7fx997drX>#N=E=G>u(kZqUL
zneZ7JfmM|b^33Jod0xDl%q9fFF}-5c^vixjt)Op~ZprEvL=|OdtGx8$t=n`iD4Kkx
zMCEY2cZ}sS#$qRW<*9_J37uwgn%+ty8P%3E`j+bQr(p|^3l%DkjX9rdrdL_4gQVn3
z6S!$6Jx=|v$FQzHxN~~fmeH-zT`q?u2xDfY=??nMS&<_8JlYmFOa^gW7;OLmv&N(s
ze$Oy}hm%^5;Z>J}dP0>vh_yPR7!{WkouA-<v04u2j%LXQ!#s5<qZH?4G)IIO-t!uz
zn4L?T0O{|CuiH5qEp>tb`3S~AsXBN^Zr}JprnLS-(#fNTMozI_ro}(tn!2L2ag*$I
zL35)SL$gFkYqNiuJE9&P)`5%b>T!6)<#`EyqiazUa$ECkGK1}AuxFc>kKQxf<kelK
zJ7Mqg(n6=)S0@?WEbG)b4RK8qcE*8l$z#X${m)BO4RjR2>KAzXKW41S_>fyAy=PL%
z`H0*RW?Co+<&N_Ah&Wgco1#p)T_?i`1;sK6Pqzcb-6-FjOeTaddfNRDSO&{Xd-&R#
zn97?LSzj3nvn71K&z7;WG>aog^`7VFDDrQp;V7RO@6%vHa~1IL32iK7wJf%R$uY$2
zp+{;V)s3hZ0TvSkr;B6x81v)X_69_aC{9gvHOCpt281|`vG6scr`1@1sS)-M77c48
zL@9!~;7$=(+1(}+%JvHKHI*SO`+IlkZ98PKhz`7UMOV6yr16R99Bto{Tf3dSzoW|&
zfBQSS<2+`xYr-Sk|HRI*Hs3JubGf^RTiHXqF?K5#wW$Lrqp+*QB`UShGc_E(dN7bm
zIZg#PAZMTgwRJ9xWAfRg)~7|%lWkV_k((QN%LfVf71;^|K2-!M)GZrc0{9&g-8<41
zX88~z&eAU}O+Nhks%EZBf7n-pl7*ud^9F<%*|dAl;W`8ciDpWdhs~zWMHN?%9^4`0
zsqw1Lv6&sb)m>jtn2_v_aQJl53=OsQ^Lce`|ICSr;q}(Q{^{TdfzL$`Y3QMOPe-$D
zu}=W|QMl9X*ohib6rf*`2WD5BQnVn{WK>5Q6U(GU50ROpiw8#i5s{|OM^lB<6lEi|
zrl=X_8tD*SlJZKuMBkR^K?H%(vZw{5ypk@Fwyk@N;FZv_C<H{jGA?np(RvJfdO@LZ
zDCk5aYf8;Am)Jc-JslulxQ{Rdj*PLF8%1~2k^~OrOP15Kv?%uuS5E~f6NJ{2O$oP8
z-e@Y0o0Gs2tSssz+xeY9ojuZ=2h9imr91W(y$`BK3&ad>gepYsC;5<Y3BUaqThG?#
z3If1SqGpi^$UM-SV4qQj^qk#;sNrHT9H`f1aSD`QIJa$jG(f9xTBuo6FL6$k5+|vk
zIym8?PyA6fMd&azph*%t>f4W}oWN60IdSI%O)2tZRVT2BYl~V@zJyo*bmB8XGa)q*
zGRgYdE#ANjY5|GUe%PL<un8+^7OK>5N^LmHz%XM995~jmf+A8@<W{s+o@#UJ5-Q0e
zH3^E+<l6AGAoIY$9)-V7z7ahK3O)FsMfiIa&`a<opob_t&=(#|z9zo(akDIP70Hb}
zrJGC}7P>VCJjhFwfHcXNGzFf(9^0yI7bFI%g0GtKFd{uAZ<qH9yCmC&?%9O9p9(vt
zI;C2Zc)-|>0rA5FN!CP~e<Aw|Zu9jtfHu)9N!ul1TK+geZR_{&f^KMUC&}$d?WpX?
z>?mFWtAC-AeT5GKao)O>Q<amIQ+UDc?<KN{(wZRTfTm=e&<Q}MqNLkAqEMvCf5e8U
z_AsuGpmu0M5i}q$$$u-ttVarj0#A$z!PuZ~m-0%!MBcXV(F1YAJANpuUC}G*lCB@X
zDq(<@^T&xG=jR`#A@V)cQxJnFRk!4n3Y;xGUSQhaT-3J|vTO35P!I~-GyDa{24%aL
zSNbK5#2z{59xetAf=*PZ?DyyL({_N5v1<vJXbuk5nrL&X6YjQZ59P;-<CaBD!1TjL
zQzW$`&yeQ{yTk}g7ImiXmO9Gu(vdr&Lc+j<X9V$yGImR(NIc+f7l9(+IYFtQe;^yt
z?<QP1sZ-)9lEoBOG@yA9?$_@kGRml50|{;ja(*c*ed>v!g&Bl5%h#7`_%9{E!o$J=
zsr^2_cnA4QtP}M%3TQj_fgRNZ{zcQJD-69EY0>|HZ#8)UYZaR&8~<R*P{JG9!f5RC
zYPJgG?^=Wl%E&rRo67kNbHgkAzGgxu4LMCOjY)!@vV-I!;fMkazp{gP3)H?(!ijRF
z#3SPfCk<GnMR(Dx4Pjq4fnGTv_*yPuRE0^b1#=%gAwq>ov_-jX+Jk9?S$RT)7vCbe
zT3mZ?hOr?tIFY@<P_IH$n}H#as2aXP{CttzxxnkF3|=d$j}1d#h9~(l0xbg38F|~T
zM+d|X4?qop6Q<5kTvF8jks=&8K)8Q^c7T3>YKfr>Hx8l_CC@SGoBLf%J%=^}Z~c{?
zH1Ut9G?9o=w2KT#T=esQ41!QZDaHkB@oH#NSxDmX>%Lh+jIxmU<0rv4wh=iR=G^w5
z*W3w*Dp_I|f)UqJ3H&POKbC{9ZEt6wkAAD1tFl2TzY^mXhE_*cCv8!>VYI^8!V!s5
zo6zNCjHye~P|A}gpk{o9%}F^`6IaGi|4P}*WRg>DY~EV&!ej!)@wYw)ZnsTEM|rMZ
zj;@c2E6N3o9~Lnv!X4G8gT@cX9o@H##*JD@tuF-&PP)|V;RJ1>GEwP^H-8vN|L!B`
z2CfXg?C6Cao*r%#eiV)n<k52lD)`Es6IBhWPMMO`7T1=hp&*dbWFYyl1-KRvfhbqE
z;>Wfbmm?7v^_K+hYgQLpmpg*wKb{es5z>Sz735rkuId;55iOdFy!Oy*rV)M`$GrC7
zYpRe#e447f_K<6u5po(|6(UJ*xP6fXSmkr67L<KvnmiitAZjP!K39UuIo9>iIEWq&
zO!g8d;KIAj)?*D)lVU*bn;h~fLJg4RNv)1@Lf@taRe&(yg{l6JdE1eI;6!>zNPj$_
zbt~bJ++sYzb%1mOBQm%mSmIfNl*LjMi>cJn3eo6>gTH@e?-pl4M*`slW;sw0ipWhh
zXAHd_#R8PGB)t*#WfH)-0>7?#M$C>1Zmw#1m0Fz^;;)pP?sj<<zq{B8V-Pf|@r0fg
zF|MvrUo0I6l~|NLQ}Z{r-su%NX0~ZeIW~|5w7U;3fbBIhmumZ8cM0{@!Wpmhyw(qr
zqRtigxmxe=TT;F;l6vYL-Aw^VNrmRHj*+3out8bk!B1&Z6*+>WCT@OB^jsYFKC_Ke
z%%Xk*jW?(}^74!!w*!U7a$SPW<Xf6wYroh-<s9dI8f^Ql59lJ^s+pbm;SqpwV)u=r
zkSh#I%UI>dgUaa7Rj^st`sU2xTXhWk;_+AR-!w5faK`8>TLd}doD*VI;N-=upG9}P
z3oX7L<*rrkZfza>t?LHSoDMO0vmGlnGaWXAviAssZ1>lMqiclG9`{#Ez>>W2vyJHk
z!yPMk=8frN!z1l2!=F!&(JklR{0FUvJi2Rjp7qVx4Nl|HRGxXtCcU1jLtVtcfyT%f
zHq569Hz41I(q{6TO6!)=GfkB6@JOnvlB^)L2Fo_05;JXMf~#t!d<&(7bsU0dq_Bq`
z!$p%_-6bVf@;>XRP{d~jEgi2}-a>kXrW8<c;d~*A!Y)-mBh@+9uEBs*RFCMc&F)VX
z7F-<zmbS=fS_P^g+sg4R4meK5UWQ)LAgAbGuDApR3QS@ihO^}<!K`IwAbK+%EqMo#
z+0a&J!iyP`Ah~qCNM@M@Dpa1>-Jk5_U%%ZzCmZ+55qVI#$RZ14AT=@4GGy?V5*Z0_
zm+RCEjAar{==2yGRE+kN&h~B@Hn#hx>`t8H96UTVIte^qT&lj#)lCGp-nMMtQl4#>
z&F~+DG?{ewBkXGbyxkTrKB3X)#KB`=U?5;1K-#f&nkTUdBz=kP+NNj2G-vD<F(!=3
z)Mi&u=fTm9%A;H-N#|A{vXNiHd*A*iY#+LY((&tkk=C2@ISt|N`zNzQr6+!9;S3}&
zh|mdt4a&1O=u+z;VOE4X1HrS~_L9l(GwfBWrYpQYp4Mg6^Ud!XwFG}-RF5EpxK9Hp
zkzjU@-Ut3qvbz-HkJ@sodqfM7gV7hly4)UbOGiuObb=`bHI{Fra{+y4#KK*Zrgv8e
znukqwwH!O-ci+vLA`QIzJT!O1o=rYgT#;*kIjP3_sZb3afTXug?SyU@q&7wNftCKi
z+nEIq=w5b0&OkiuesqG;hr{mfcY@bPNbcUZ8aL|xUJQmi(UShiKGlZ?huCiWG^05L
zZg!75aV`MAEOt3=^UZDid?M5aD<0Q~ox4KYR7$LWyDruvLF#qEPn0sIUJKu7+b@2)
zFv0ZbK4ZK1DcqHLDfNKi<Ier`Nc5PfOLYSF@9TA9KK&)!YqTZQOia|J?G5MdyN%{`
zi~nTykIWzJpES7T?Dd)aQpO7*D+I93>qYbi!`wZ3NjI=_a@jc-q-*pOyT*dp#wfTc
z2JdmKPy6_e4dN@2wX5KT_zeE?yd5NCR{V~*bYlPTxw9_?0Q8NYz-{4qAn5FA{Uz6z
z^d$pJE>)jMYmAqNT5CdKztFWopRftXmeT2Sd8m=GzW&dRBClqoT@&(w=}DEr++cwK
zMj>}@d9O#TTl|}qeJj_bi#P`0Br8J$wvvxvG+vV5i-OTQc}z3$Dsf+P`dWnd^#-}6
z85US&1u7z)zk1NY`}PaQh8F_B`x?%+6T#6Ku@2uBsA=OZU3)zmmuNHy;ihD+HZ<P^
zOo5e@#;RfOpAn+{Kfhjs<|4e$crh0ap-$Z~8o?C4=k{JG9sPa~riG23>&%()TbT2d
z$7{}(GZVW<xQnvMsXF4GLG35ZQHIT^G$m!BA7`P>Jw-I-lfKPWF-}q!c`?EwRlqPt
z;NUg(CFjAUlN9V0Ns{*H&C+$Sx-i@>3(T$;y$iu4d@;b{&wyXlp)jZow>Qh|!Q=>)
z+6h51_`V2+Tx#%N3r-|4m+H(E1CE9O#MB;7hWswHis~u-l07jvVt=REt34FMS(E(O
zw8gwd0^fQ&P8pCfCk*vtrl1-;x65`JuR|pe$n6c|_v<P%1dYi>XKBRs-_c<a55J^`
zkXBcslf{}kLG1YcmJP!Uz@?6d-^Qg`p9w|h_hIkvL!0V?B-<^#8utwP9lA^JlwnT7
zlZiv-e(E2xUO?e84j0+>_ls@pE~;|jAXcyM41pfnA4!~>2gH_}_&i)Rr@eXxpE%`V
zxfz0ko4!+HQQO$qxchOA!Ej>35Q!802=XBC=%;(gkWHMj;naSq(6<dra}3g9?!4U@
zNj6-ISR3UvT6@0@xXCHHAJo*~%~X@+`9R!>^CGX(EK`Rtz#8f3sHkXa^2KNCo^PG$
zNG7b6?6W_Pq>AcT!!Wyl<QHP`vsYAKoCJ%`=GX-UElthFkzyWFteDR0htFh{dM@k_
z;>~12){X<!6D2E@|IMYfkF=H#xPQ|zL!sr6tf*0zuNy4E)Q#Uz{*#*ay@+U30}sV7
zmxD;aaN6lov0HW9K)G<mZt6z1;-FRDR&w|@@*%@5qT8GWZ{E6*qk(TBzi!e>&@Grt
zL4FZ8QrA^9QfNIXhkd|GJ}i`tReW?1r8v=Q(&pieP&9rD=`8p(zOijx<9v=ENdms#
z*%?NqD(JWmB%iFkaZIy7jmgVi#@X^$4)eP+%-F)3X4&egX6p@NJisK50XJPeSh$V{
zaJ(^7ORb`8OPeQ9(D(E~V_J|;K1d^t99HK#w$<VtXz;su3U};W#@Ql6U%jkcRNlv0
z(NLx|4HziwrYFB!zCw47{#Mma>M!fyAX6&orIu<us?=I&Wf>4?S{B#FE(DZS=q99H
zhL;UC04&fZKIBRZKlp@G4(C=A`nijGy2y6UTa8pQJ^09P-ITg8NZJ}AJln3P?q1M5
zUDnB?jRoFZpz4B_Ln}&08L|?Czpa#ysJy`>)8^2~4cUqoU~$ly!9OcWTf3G@wKT5k
z4?Ok=48xV&+)u7dPQ)~BWjx=j^Nz|kIdGpZ_l{Y;z)~A?MSg8C=Yb9>4?LBeF8}a`
zunv5OzY1g6qld1_bqQf))*07Ra36gtEn8#1j&~onKzy38nY7I^G}Rf$w^ws<$tb}K
zuq#^^toU0~+hxO0L8Dt^6~f9+niPD=YkG5=aXS;@UE$q;odxunl$Y}fAiIy8DAy{v
zwOr4UNSwX4iMcps$lwOr3?4|<oAxg~hGTBy7XQ**@=W-SQ9E9u8DOaM7@4*p@z0ul
zhNQw$lAYbEypyD&9cBh|WMsK<0oNkj4!cfbIAduk-&@<|U)|v$qKvbQU+Eu?5qN%s
zk>D{&D>Cg48w=8vk`Y>bdiaX7wK||uNx>MyvTqD!Qdw!BsHNvD*x|cdSX>JkH#0Z)
z4$|=T_wRdTS@mHu*W)frVlGl95~uALq1??)*y(0o4HKC77-m(5d}ZYgR8nTr^Meb_
zXLOktWpdO-jLVv)lF62P)H%IGQlW%{1eU*LhUMb*2becI*Gv?q`UXp9YF%b_8LqHg
zA@zYPkovI|7rn=D3_Tm>)-AWqv4PfL_!`*?8E%NTg++irzYnvmu3^vIz8>C{<uIY}
z&&ecWn{9xU_vEScaOHf^M5WTgViJ9VbDn-1{elMPU{-FBT_|1NUs|)QIML+g&{PEv
zm{wCq9om(52+-<iFCs6O%q6UhoEw%JR%l^fUH-RL2{f@|t-|oQN1@H*9YP|Pp*+Kp
zHqY!-`0>msL6JtUtIY<@NX}+?Bx~xNv-^4Fb%+M1W)z<sz?3^!W{{dvUO{@SCT%3y
zzLfYRrZ^EIeH&wtpv~8hM&CNZ?uxIeFzV1~_LBGdK(_z+chF~^ZE3^}UE_$!pDMpx
z|G76tMtbS}BIEDp7%}i_n@JSpmk2mAN&|0-TKc+x{r<hZf&WE#?3kwyUD(B+Yg&>D
zNo8gj8F;O!mx*G~!kZZpH4d@V=|rom3#6!7vg6oU@GckRPSYe2F~krUEakG-<fXg)
zh|QH9r1t04_f^lQ;Kan{FO5U5W5YIQG>Rr=XOsh*M^k2d3yyR8PH;$B#v!9e-06&B
zbExBvT23&fCv$BBc|Reab#s%36Uy1m6Uph&hWs&)&U_!!ml{+(N6T?zNVMbUt&c;N
zO1YNZ0By$`#Fc($={fCxl*67dzUoh4I8{`pt&1QV`5oqY4P$HaVOT2TMbsSb4}}_S
z^t0b(#t8)z70SxgIMZZ)C97xbl`~x|X$vp#%kWZ`6dy|$RBHfc=$7mJI{iJ|qbpn#
zO+4h>6%BVs5PV&uUpNN;#*7%>s0f9RHfhh8&5{U?W12-c55U2YS|;e7v9*OC_7&<}
z&)%rZ=+wmzMPHK-Gl@WWl>G3PpjqF?QL)mlB%$k$JaxHMeydoS$~*hm+nJV9+6Jgu
zjOBjB6}O|%RtqR6ZL*ThYIQKw>9(odJ!Evy0!&qt+khOdc3bHlylvGMHZU8XWxwm1
z%|AT9;D?)7fe>SAC4D4ROe{<?CH2ZGD(0}TlGLd*s6=E8<Sgu?3at`G!3ugQI@5tD
zTRWMRAE1xvpMA|Xj9Qz*{q<Mq{kLL;=(gJ?vIGy#X7FFnHhsf?7n}ylQi4NweWgA>
zNAg`c^a%Z!mRhQ<9r+DigPkQi9_i_r{&$Q~dO|jA-s%=FNT+N(i;c0u@=+eYN*!VF
z9?x{{U~cK|ab|X6CwUUQicYRyTxS6&8jPy=z-YL3ozra?M%Pl!$eT|yo1^`1&-vuW
zI@@(tPoYOwbg&V+n5`PNxal8usy4g7OMJsk=Su>W!Lt56`>#^{Nd=_OPr@Wb2+9qi
zuGT4`?O-AD@u2YK_cS74obUEGWr=L(VZJus(+GO>>-LMzMuMgl1|mA=3$wSJri5XD
zPOGGshS_iKJ_S#6{tCWC){PWxfBmf4(*4R9{rR5MC6R)j<RHLck~}R(U;jT0`zuR;
zbq(vZsWkc(g(Kp6kM~HFm+PU(x6bK)S4UBpr3Y1GFl7fc-|yW~eO>=7Hp;f;HGxMC
z=JV|gr3;|SlmA|E9z|(PDT1}1e68So8g9|vvA0>PSUIC+q|QT1zMc9&>4VQif+54g
zclzMEtD92UVCFT0u_JhRvj!>KORegYcXqZWp0xMHy~+1Ow)Z*iI@Gx9ws&pKwZ|B9
zi&xLR*J*<B>6eR<(*F0F#{;YA|Ea!h*WMoXpW?GeTx!4%cLjy(4H$5BW+Tc}B|Dew
zI_{p3{rmWhwog|c13>xnGyG_}rIW71DZrz@`9nhh8|xTbfrja#1Jxp0sy{IQHCbO%
zq;ZNVdA?eNM}^6Di{~G|fQ}Ag?q!(%!j+anc|mAFxONM{mqA*ez1m-3apx?3F43x|
z<}k-tMhzp1WM1X6i{w#(qlRD?ou5edwfdSrG8UMU6H)Uj{*2Q7o?jTY;FMo%9JcsI
zQ4FL^ZZKZRB2RW-%MEL|RW9yOWg7eu2oY(q+d8l|N*a|cp2DtmT-UI&;8#mMmA9y6
zPaK|5r}`f|H{VD^X%o6I{l1$BJ^V%d%<?IS#+LMVs}BQo7juV?@@}uHFi&*>mJe%0
zHIDnqU)WWcf;8-Z{Tuj~4fwtbyUm8DbujKir`z#Q-pWr-l@2A2!V54ei_8tvUc~1=
z#IKBni6^RYZSiX``x>;fQ73T3JFso-CP@j#JA)gEJ$o&2{{X(3#t3;UEQs~7BTL)X
zYQPlKjU`RAVsV~ElFs=Sph3yZ(x36sWalC3h3BU}Qz%q%<iXmDKMm3O^C(rBvx3`4
z1LkgJ%4RZ7GrDE?jp?5X>i%?)FBEpvCBjU7Cd<lZV3OTzIT>tZvVIr(*VhdX{4;L#
zU1h}=>{kgj+-RGh73wMQC_ZMBp6~2-e5dUxeZ{hz?mc7YKZBG`$qzE0RBGhD!O7gD
zKg-U{enJ0}`zuz{yc5eA`MuBDD&}NQC`fyiY?7!??N2C|yw@;!|8Lj^f2j<5^l^h`
zjF|d><o3>892KM2DA#c1Q2UM<yE<x#9#!5DKbLxi{ztki9X=PgtG=UQGw^E*oGkxo
z(oWKu$17-%EJ<J?zEv>*;RT~ZCqvEe)(lvMX?;^Ig}o<7MAId-KI1n&vjk=RMq(+v
z(iP^Nmq0j!;kD<3?Cn9F#4UH#s<_fX3|NZPwcKoo)6mu@=Cu`{%(CZueF}Tz%V$@X
zw@)%PQC=}o4u2B)M_VwR>jneq^P&Vk=X18l#VkmhkuTVM<<4r;B*IUb6IIe{GLP?7
zn)(3LVfqKpztE}<@Nb(6A{`D{$3R<VY^VcdDWZmng572Uc#*A{s%}TJ%JL@1SN=VY
z52}o*G2ku8m%Ei4+yTuFE*$fE>!i+=RXU-AW;)xVo1;3tAw%n~x1EJbwV(LmGlS3f
zhT3F}cLFYw9GV0E72f!r$P7<pk=x1M_x^m5Ey{I~4sZX%QLER=xMbaqaZ{buF{5^4
zK=h;~h#i^@UsR6|L7I97iCrfWbFGskee7!A51(5<e+l|x8)W+Wqe~d|@~i)sSLB+;
zCN2F_y+sTHOl)7+j$hwCpzAt{7MrNHF#LmZrB3mWATUq;B1-Rnf1h<W?C2_GS9#Vo
zPh+2=!HU@ib{Mj<pdMd9?yB%HVXJMYRzu03+xjbi{Qz^b9H9bW`x^|ESTHY<!=b8*
zv~HoDqbj?}oU12;_>Zn1YQ{otgMEU8gcX;Gk8fbA5C3x0D6r5xefiSt*l3^8(d22I
zw-khr?e8C;q@{d&7a`(-yoQU6=Ij63ywIiV9OanF!ODnv>wvIhyy;UVmJpN5O#|_M
z;*KyN6%aV%UkW<$<qn5J$)eoqHQW86l#O#;XW=y9UW|Kd-+kT<B`^i!K@rnDjd7IM
zkdoTwBLKCQ!o8Kk;_q&*P~-5o2_L0DvKo^S1VAt1qm$b|FkO(Zka{4)xpeb=7Wj2{
zYHSxDn%RnMumw1-gsPVUPx2q7U>}d%BVqksH>}}hVL?5Ghk2b>JRFF^C-jeXMm{}9
za)6+eBYM3Ere_*-H+*^R7HOfUue#g1KG6Y3|3cNZsl&m$-Pvg-U10E;V%_+W&5U#F
z5n;<Ew`$`yS=PVsQ(dIVJ#<I}-`CGTFn)l{|J9%)$AKU`<P`Gl$=4amQWV$~O4wSR
z+$4O2N^XmCn+Lq{ht6$s{D$x5Rr)4<Xm&1rJVA!p!HI+P&`J|Yr3skENVRRP|K&$q
z85lc8l=vy){`^<eYsZ(Y;fS3q!FshwSOKP$l<%S<K$_o{n_DN>wL*d$hVLq{PePr4
z1h!8hm3Le0+m}dB+%n)<>GyLHwhWK*cUMfH6zZjGJF@&=BH}?U!?!5t4-nW*Xo0H>
zQ$INyRHo>#?P`?88~<l~B-Qs5up=;D=J*|Qf9A+l_x5tX0q!Ted*67DiRgX%HUmb_
z?cU7R214}8qF)h-_30>_B1j_iU=$tpfi)gXmkQtiZDv#0#}zULH^fGSyP%nWuaGFP
zxvQ%D?Bd*3?giE4(Os*oYOaFzN={<hPD&Pm7i%!xfBZQP0fAnYRun-rBKR|HPB+)o
zZ9+(+wHXcVX#1w?Oj6)!+xfG%@GkcupX<S+AUKt`=v*TIBnyq)J)-aHx(n+vi|SbZ
zg21`|e&Ca%zA~8jPOTV7eJ7>%jxv`m`U)t%i}QH*zH?9ZDBa9_`ce#Jzq=@SyC@M(
zePS;W&enBwuG$TJI^mnYka-oEQ_6dTI~JCIB{-hUeG|1|+}!|Y85s$es=baDXG^}K
z%>fgh)JlYtpB$BeybTL*cVIzafd6vI+xI!8qBoplVZ~S6IbiV9h4MRwjs4DseW}v8
zGhdy>%!|xTb`AlW4K0Qx`8x$g{%ZK>D8SX2L(<ci!$zyN)^gQue}CV(dE-waWo>OO
z0wQ9R--Yg**51UVz3m`QuP}SPZ6S_H_^^%oecc#LCNGs-1vvuZH<%7ykNuHE%ZLer
z_rsnd1OV0q-R;Evgs^-V`@bD|Ni!*7H%T>L;hji*SsCjK=}4xDKXEhDXzS2~Ve`0V
z0NceeRz6odO+BSK8(pQ9HgrHfy>l2D6DuR5ePabHw=nnnaDs3Frp4J%ZAx&z9ShF+
zhhsop-=r=DG`!ZBU2Vk`ipBm~GoB{U(%ig+PR_tOjcmO=h^Q7=ak*SRoUkL>kP_L0
zX&X_Bfla?-s-~)2pAIN?=ap4CnW;#@>F7_0t#K(Rh^YREg$f9+bFFGR&`-MW@p%-U
z%G1h*aYuMH00#IEXENFC4I<8|>p2F}o68#k>CYEWNmle3THXPhk&V2B{_Hc{d|FF9
z<U*2tP4@~X87kP0s%og464==Z9^Se>X%(*b;WY5hd~c~$SYI6DZoHaSm^{Keb{HI;
zuPifp&mrFNjTdXa9!Xd7a)GJo^RV*S_jCC&5)u+utgR1_4I6m*xzslKY}TrM+QEFH
zcppsbm@Yg^J_3zd^s>78JMA+U(MYE5rHy^7>^pefY>d`p^wxsZnYbC|y1T}8(>9Ci
zy<v&?2oI)}PAgwg(+s9*7n7>VyYzqoow<M}Pl4&NS3*K9-%25##*V|Zgs|4;d{+a<
zi}r)-f35&=$8fFh3NpN|l4Wyj{H&76#UAha?`Ba?;&qn3_6v2tWA0Gkd-D%1SH!Qg
zEiIKWnwH-lZrwT)8AR`&Ywq<aeX3n#>^(Tc#behz@-e8UCA1rErrCWg<0zbI`<;N2
z18~#8Q^!GlN>w5P{$o04z^dRe-=fCzW@GHBo_JIAf^*12;?c4PCOvu|WuUj+Ok|Pe
zZ;h1;n=@{s=k?;(fU?&B?kFvT8oB57vR9(10KpZ<0?5f?z?Wma6f0GryX09@D8x4t
z;+qV4{tMx!^wd4)SSL91%z?B?KN}RjR!#+IS%Yo)HOt;_%btV5mI><bMu|8Qr)9ul
zwRcnR?bL|%yZ7geEC!0V#Z{(U?oC#+hN>rM(~<}6a_r5p*B<ILHy^a3ertyaPLesW
zC0=oI`71EFCilo8!XbM!%;6@+qcrG3b3Yr{-f{9c$nU`a?sfR{CI)Qe`Q|JUa}yI2
z;Qi*juW(45J%sA~q&Vn4oLPw<d~Sp>$-i)Nv#jfM%SjgG)v64DQY|=Q?-O{X>(DFb
zc$vS{awa+WmlD(0tzG3@GGXk!d0ldDD<|{fv|b4cMc<fur`pZ~?LHl%Yf&GZG*Pso
z-=BE8;ZE;Ey}sr1$DL0RW3>u9s!QcM`-yf-$nh4?ZjZIZ6~|zmjX+bfk~*794gZzT
zU!ozlEx7Fw{id{&n%~|Sw^?GRF1I+!tPA6oIja)hn$(o+K)yQi5|L1VIY<eZOf+|`
zx6)#w8BV4$T2xW3xL1|5u^8!>Z7NvMS<qq@%t<;IWcnC9c|^mz4sc7@x3{3Ata@Hi
zw8--~?@=8#_~1?SU7OiW%E~U0ST_R~1H7w@?(o(}H_ECP9U8<Zv*|nNm^JH*4(|BS
z7?b-m=xtV$b>=qD6X~?pRslbxWG>hn^FH{mCe@NYNN+9#6Q=za@7Md^o;pvSznus_
z9bf5sKiQxZIR7BBIO_`g0_g4g<yzI^sm$Dfl)*z|KV?3WAp#MJ2(Zu5cdy9YX@>0D
z3ft1R!7{g!-i0X3Cgb1GrmH0v5XpY~mO8I_fa2}{d$$lHAt_yIqt?{wm+lPP43=%d
zgXV4p;wpj^0dxDuAy9v^@R|_Z)VS8U1$nvc^ki(Y9bW%(u9KdG){%ZzdGvw)t##4X
zblK^7q36E&WRi@cSD8rI8*M|$!ob#ka%pJyrB_OsEwm|;CECmMBf<>0xBvnL@6T`^
zmxcyIVz#)Y*7L@29$#o!OPe&GV$Rw4QsemezG0~)MIp!h<11WDG0aPj`X_vF$6Do@
zMUP_MUCwGCRU|a^@MF(2CTjhC3nK>NQ~#c~`0l*ecS0S&d!_vB5tmx)CcBaltEQ!B
zAgD21vqy1wJJG^K&3U+yG0e;Ek~QhgdAOc2>9Vlzms;nrQf-Ypi>0K;%ILV#G#g$>
zJKNJp)VOLFvwX0Uw7jtFu?$(Ev!iwyZvjsb#`3c+Ch^nX&#x7<7#(2kX)0duzjpug
zo<(H#aA-Xo-lK*UcpQpn&whanUq;sBB3k<S*0{1Czqjvgj)_4Fr`t}X%hY>|q(d_i
zupjaZ9j`=8pq|x<7rA^Oa7)&5Im~-ATANKyG6{CCExDaAS=Ju47dxbWX`3*apjWu1
z*r!bJ95WlsTbG2S<}N7ESe?{p=1#Mkt<>|f`YaBKEBVeH>$nHZo!hHc+1@uv8BR>&
zT56$irqwTu{4*e0rK)fnTgp7NvoCCPPfMR1pCD@36i$!jezTJ#n&LviE^&2oJD6X|
z@yLyORkg1)Z4|v<x6>-ElW`mPJs~)zW+PeXW*){XEy$NlZ%Nb;+>qRFb*OZUySi|&
zGU00KHgJ+M%fy!_0gyX;G+RBWzJ)AD)O~r1JZnhzUjefM_skY(r|(2oYq8uWjiFOa
zGv`@*o5t7H51Lv;=~ZA$Y(qTmG4GI%A=MMARrUPRf}8dMqTZopmQMEh?n$~vtBVs^
zdf9wc$~H#z^Tqyxd`)EI;gIt{POBfQBk_3^e7e~!S<?{tEIzx?yN&bF3bkB%k<eD}
zQpM>!56V1p@p*={Wg#_ngJ*dav-8gDxVp6x%Uspf#+U}E4!ST|`?lKkZ#EGs4K1D(
zKEx+|f-1T65}UsD%N=SeTH!}@ITh^hF%o*|e2EcjHE%C7jV|s9*^5(}<?p3dwkyoc
z*{_?U!LlU<W`Zx=5_+US=V{F|BW)&iDZLZ^#O#xzjxTO>r7?M_Zx<tzdT)~*&lZ%W
zbx+8Dj&OCIHruTG;T4WogEZOZ*u@a%xMA*S7<W58=RL!YI2+dHT+||-AZUVR6<E)C
z5*4nC=x5&~{IQqaPngaG#XcGmQAi7qdyV%{BSQpdj3he#O3E<}6;C05H|ltF=lJJ*
zY3u<$8qvoUovths$uVOpn@V$@7!{{e6AW6L3iWw}<gRnx`Db{++!-3Z(WMuxx*fkE
zl42^h%2NIp+lF_92Wxuc)r3vwi)2iiW`wi!c>ksX8x7sVAWjc(74~;BXblxsZP<|w
z*%sxlSye>Dg6NV4IWH?Ll1yBY7=qtoepB?y>zLA@1~tdg#GJHtS=5Sp@?wsdRuW<O
zKooHXWWZBb_-H->a!4^l9b_`)u_iTQAti00t-i&2V(WMYNk?VRc|%hQm_hFGeVnb-
zeUz=%$M5Q`W4Q-zK?>Iul5NxyNcU9Ejz;GSI~x=guYBhS;o>WI)0HtE_p|2#28Bn1
zuZynlyKC7KuO;<@DUGnxD@C_W`h9gxNe`7QW3fQac9J6WP1Ii2mKi5~Brf%c&Jeum
zRb_fxB<crE^=!?F*-}ty5#heIl(#OYQrUqlpBBvQYC*j|xy#YI^7MBHv6|IwcyDR*
zUUM&5A}poRpI$JQ-E}PZS;>0+?>z)wPzOD7x!Kxq%t3^PzqGbFy$CmcN?bNbe^1Ym
zxWxoKx+IgO#ypy5A{U0kx=ZxP=EvX@p*P`E{r=j!Ym71b?WQj=1bdrun*Knnh0~JK
z@9VP!IE9Vp6YMr>a}EJ=5Nz}hXfFxylDRhx1hj^SZ|RFb=2C|CEmCZ0gA@k$!jxZ*
zh)oEwZksoS8U_EbH-gPr{}c0QMPYjIyc^=)Z}VA>p<v$J?0?YOLqb<+zZY+bo{75<
zAX>e;u{JA1Ne>D|If=G_EhDn!a_rYJXS?_AB;Rq{Eqs$GeCF~rz{ypUgzK{NoF2L7
z?%evG7Z-1qLiD?M^gAeT#z~zjS~oC{Xi!CIs~Cykj)c>5_tz#aQJgIj%ILh;Hfj4M
zo}t%>GD$LibQu0seE-&<NP}s@0VT2L{8W%Dxf$-H-oTCKW&3vl=FG$O!JDjoZ<OnH
zhOFd?oAX>qUn9W2DA7dV<V#kf)U#d#1UO$Z&un#vsJkv+mTu)vQc*a2JX_Bfsd-U2
zPg>8HKx1R&EyP$R^iIh50hYiNZ!yQPdo0Xbr>n2H3SDpTV^wJuGP}ka#a}oLQC{D5
zVLsawd3Ln|Vx9?0KYRWwWK)vgZ9#5HP2#%A(DRy*6E{B8;YRItt$%CmrtTHr=A^mC
ziPbmbA=PV`Cft(|$(kFA$MaU@&WamRtM!tlQ^FlltF*&khqWH2H%;ky3p|V;c3=af
zr6gLiX|*#O?s$^6BYAj18wM|KxqE%V>UPNLfDO<23h6;nMtC+BPUwc>f!p6o1oWvq
zpwZ<Z_&LcZh3zVTQ<#!R5xc|yZDZCC`R~-PQIJg`d}z!GD_i<N7K)Ei%01+2#?dSC
zRlZTDmdX;0H1MC9Lc6~0JK+d8eWmL{47ZCafxe9@3Hp=)^0E3U2`7rdAqICOH>UH)
zMeVepc8o)|F^$cbK;UbPY}G&KMx8(7cf%|i4s82Fc>lG6boA57g9@>YiJlR+D7A+g
zw3c!^;Lj8s>%f>ByDu({#MK7fkKmej(sEGDmf4EY_~YcVXDvAPb^H`t1lntx<^?Xm
zdqDjQ!dwr0ab64*5Bwc!VD`_9l%cS&j1<K$y#I@}w}6Tx+Oxfb2Y0vN?(V^w5P~%B
zZowtEyEPu%A-FpP3-0dj?(XoBT$wv}?!0%ud9&7DKXz}bYxSavQ|DCu`y7_qi6FMO
zg_Np>=zq+X#HI|n;<ESl<6R2PO<-T*HRoW5*{1!3!|T#-=9h_Izhs?>?zV%FAhx{%
zD`R4N`tSfpXwtc%ox0zh^e=Hz*8a7WyA(6OcB4i)btZID-4^(+*WdOF&Tlk$q_IEw
zI6Or%M{}6Rl=N_DYi@S`cc6&XW5uP6)vMa02-9Z8rZm^C+M&?UW5uLY(5~8`z}Hr^
z7Qa^h8>ZhCLCdj&vh^?!bF#59I}7&2#hGYbYf+nY636TcZiwF2`sm~pn2{TJ5ws1-
z0^O@ms}Q1VlU{}4L@3)_AxOlI--@2UH!q0em>R${GeWGb3RG7UEiK7Xo_TA={=^FM
zY7*s!ge@`W>I2RUM$Pf8+L3J9#kl3upjopXbB@hgyxdV%Z7G~`3eYTCk2&mSt$(^;
z7jMb{PN^Pfh6P}blj9H=vccO)UJ*j2>I74La$~T3+^cSGR9ag#qpoINT2iY#qfTdD
z8dp0r@DDMl6Rk%NcC*6YR&}7E*tj{4b>%azHAP8+@{AOnd2U?o!~ot`qtx#eGU{qn
z<%VxYS^eCTW`(KyG1s{b<CM7fvG?4QW2Kx@%A|inty#x+RqEW0!;?u*ptdSrT}`UA
zBv%<Vaz|>+osR7Rd1&w8;GAf|n!=6m%&7=012>TZ5vJReK}YbUY<xxtUc!Z7IQPWr
zz-s%5^q{q<H4Es(><|gGZeX_CRar{PFO@|eBwH$6sg<=4Q83@9D0_`NY-(tYJannq
z+B#5H{|Pwk7QPnBFK>A+JoNCp!QWxXv@}A+(u(;s{-OZQ*%v^i2mOR=+%b9f^AqZf
zjJ1#O0klH^sKnNeZ1mZm3bMwjIFA1oe}%T*C-Shji+P1H)&+lWU~xMRI^bD7dIUeO
zTaKy>HS+6gnh&xr)Dxnhf7}_WJAzk`(i!Yld;S^j6NGXno+^AsC$Ei&pgY*19)vq=
zKr@4NEZDMB1)-xid}u?Rg7Sf5`)vjOP2cAwP2X54{m+I*L)v%3%024al4Q>;6T~?Z
z%6KgoKlbr(Ab(d-0o1;J4j=*DrmPu{EQ9ac!1OxVSvHig>rluhKYrBNgLz&z!+8hc
z<2d|wqeYADIJw-f-9}*P9gPjyP)_N61y<|2GvCoW?9?sI7KARu1gcG<xH#L*`!eR}
zUW2W392dpDoNSMMcQVFp^Gqsh)J<`&l|(j#X8W_5RFa=-QRD<M{-QB9pU{vbJ4htC
z$zg-Y*MEm%!&y@V62Fl@P4H>hXX;<!NMhK+>?X&!PMIw!xqs?Qo-r#&Y+=%uVM8-Y
zg}+3(#=IN~g-I_uvjoe^_Uxwx=rt{hs9_>X)QSNjZgQr`aF#PGsbqI8pC3v2hpsz8
z-a59%U}U<<H-tYT%Fy*$(v{C@eDg8+OV_?a$<jHiw@<?T`%(7e=RjwD%+|7BvzT{3
z!F5#D4&mI7duOfOk9+<KtxEn}I-iy^KmLHx!7~>%kW`?4s4mr!@2MWwk&ixgv{jE!
zitU;)0W}CBz%~;{C^jE-&uaJtKGO+(hX%*3)8WW;M$i+Ma-NOjae-j~&>Nx#;Rdke
zB$maJOzJieS$ShL0Dt02SoHv*HVb@hw@e7`aV6mXSWd*8(shg1527Hdfb$>B=@>n+
z9nSJNvT&P{di*s1eVAxj!=aJRDg<-+Bc*biv#pPZkKUJSolSM{ezehqkeh_KHQKW$
zqvK8i$1C*y!>(E5E&1)tAe=o!Z}^3xW-<Z`C1%f$6qfzSlwXbgtmNvvsZNLnW++d1
zWdVn}%$mqtAK{kX7cxUy`KGL6;lO>hp<9Bk7v+5`TkLrKrDeml1kvW>wl0VR-Kht;
zgiNM~0SaU}d-sH;9mVjokr{cXGpypBwr{{0>)bk~GiH2W@QI}=oR^Q$8B#O+X}g_r
z_W$i)OxI&-yA!*Di1Sy%ujJfC=+$<|IWWdK*rqkNIYhTi)fqPV16-PG(05nB1Ds{8
zv7=sDLs}A9(*4FwqSrutV!0lhJH%=S7PWV&-225fzBwemOfmBAqX1$t`4S~neYc8Z
z*p@Zc27)pa$sQ-8uyc<(y7_D$R74!xYXDU*e{Y{X&e!Xn)A<wVhp+ryGk>nvQ@8Tv
zG0(KPdXO_I{-0Q{zcb`%+u&*<JsWmS5tjvmF{6~BVoiRy<Ise69`WD(@(25=ohp>>
z-KHg6>xA~C-@s-N?N#=m+kB-y;FgRL2G4&PGS=rruTDxF?y@*RROwLa&_99j$RfT9
zD%N|40Qq2?XKnl&JAXMa1+RLX4XAcTVfSAX84hu$uXkK(1c+DGmx5UJU;LkI&v<5M
ze9$lS_#B*mw@98*_7a7cWSO~*a58qSM0gD|?}g{ldY!|XGyofc@KOW@6eoH&#72C=
zGv?+}0%XlZRO&WUFx&?U#}<SphpM(qCEQlZvC9i;LMG3aw?!u!B>LQLzSUF>^`UOX
zVkMsbLpz7B#dYOg*VYMC-3|{J`?IT%qDCKIg)AicARZobrG(&m`koh74SUQ_4;|v$
zBomA%zJF>nVtRU)TY-Edic8?_XY+nZ4k@S|LLw8q*#^VY|8oI2F@fJ(|H`uf49aZX
z|BC7<$r`ui1+{hAITl0Ux?VElh3gFO*)z@h1$KkBXF*Amp}LvLBYwLATrkjU3?Nt%
z#H2@N5&v>WamGm>(DsYf8D=Hm)>)f=fIV|Sc*>^MqtdlIj-M~mWOtwH7kU(Yxg^)K
zO}&6n<nHeI6MuR}@8vT8>hRxTNwc<~JO|CE7dez8YxS^|_n(2~6wAS<Ry|oyTV<T@
zmEW%(RRXndLL*R^OI3Syi}Wz4f_<O<%Sn`Su{Yp>YhL`I={+uD%=m|v;#{ZNtFri&
z>4_$FR~4zeW5WfR{}n`l*HX)c{S(lSHn<9+!r|t(vJo(=`X!Ry7BY5`Hb(QH9G6{d
z+TDz36O7n}ckyii!*tE|eYoX-p>38d8|YKQZKNerF)D}-!Atr_gyYQ@ME~#LpZ5Ic
zB?Cw-MYQG=_4uN$t#*Xsr&FzM6__PwrWDQ3@7X>F;11BLqDT0_9uSq*A8ru4v_Bu^
z{s*qIz6*Yz2$Fx0`%L_KUzEm!Iu|(?6kB*9zLPMV_VTkJxcy<Z-xW~OF}?gi&?qj1
zXu+(dJihtPJ}jlN+j5?<URBdh>WNd0_?6Hih;Yr9^lz<?cP&@?U&O)CigDBKN$m&m
z%bmdM{lGf2^V)kwZ|sPU$g0*sYZ8dP@*4)toNIxuyD~#}71ma|aZ8k+h!Z_dJ|%`r
z%B)s&xb<<M#m^5!*{3A`s~|;=?1P(HiR^IWdjbD3`C{ckhRV~Z-F=<W2k^Fle1jXZ
z-6{R?Dq}dd7JHCkm6Dcz>}hn`yLniYtl0NyVteEwRH(cmW0L+dq~Fl~=aItF7Yw8e
zd4Tr7mBP6bWAz1hBgSo$?JG<6+!qX$n(%A7g`NkMgEqtu)<#>Upys&fde#eNfFe@1
z9ZH;E0fE@|2U-{)Pw;^7|3joVF;i=6M+7{gg5v@X<<7cXxt0f0tuS;o1*q1es95VC
zl<s_Yu0t8c+L#yN*9bO&CrYHyxE}2giT>dgd(3yRYR`>7#iaN=Yz=?8Rb3U((&EZ@
z+}5ELW*GaTr8mu|D!r1Bzp3(H`iDC0fH}xl|9`w1QOi#Dni$o-Kp6*d%`?VQU7xP6
zNL;gRJ3Zv<avna|Ge;7P24U-g(PMaAIW9fN^JnXH6g~ZJ#Jv5S;%{^5JpG>-Up#SO
zb9C83J}_(bQDAL;m1l0wC_U|>XUzQIksZ#7?;_iYKcEu@(ck4<b<6roo<Y9dCb>iZ
z0`@>4o3XiX|0Gp`q7BX03|`)0e#YAj7Pcm>ieTMtwxJ4PzHYAyBhweeq$^<I&9qK8
z_daDU<BY>1(0WZ{4jifi6E0V(Yt5flu|%wU^TCP3n*KXg-z&{9KA7H41RN^{r6}05
z<}_C}F^BuqT{NDwK6H{@G)=+_?uoPV3Aq6nE7q8hEThhceEa!~-lj=+XH=|TBB?jY
z^v0O9J74p!!(0s1I}ZM|+V8CS?rK36u6=nyn1zY|B>JYls<8h#?7Zn=`u-UZYE~Zx
z5e*xC=((b{p{tfY#^d+d{fkglDNOBO$<_x3+u7!S0EsUYeh!8e5eVs&t0{f@QA0{m
zjRuBgAwwL|jg+jjVmq!euhNFHByOQEh|TAe4y!R4TI7BlhG*o0JYrZL54W|q)&cai
zhCq@qI5ow-Y!R%(K7B&960$G{!^#Nyw;?%im8!)5uTUOc&5Tq^+ORN$o+CP!vT8~!
zKDqB-hA|@X7*#)_C<5qd3?)gV;MC;%Vj}79|0j_B@ix!18k~8KZPuPN7GA#yoth~H
zgdS^VYg>J`72QGI-w_Dp0{zsRLd>zkap)|-2P`um{JT*;rh_{0KO-O-H#eDsQtcI*
zNd3o6BExB}K3wH}@bD~)(@-bR<+`})yQ0H|R--9y+hpYYdz(K<Aa=TcUA~1se+*ug
zcoN*WMQw|`^XNJy^CbRvBhPjMpx>jJjSk{Tak~dcLpk*A^ja(4lFEM#lV7hG{2!kh
zMkD|4ATIZW^7>o%x4^@aE$6G(XlsBbRKJp(M)9iN7T=tg4)i#8aE~xMQnoEhxSuJ3
z*yaa3n146=1QOOqKr@KK@$14N@A<$29m4YOMB*wtt+Cw9z7S*w2fgp%S=yfcH#>&(
z!VS4a0?Gaf%}v7_0_Isi^EPG+29t2RF&moe8{oD{sj<h~e!Xa>*C$3l#y3D?%I0W8
zUXvDJ3%9&K5SL@}bw!;D%ltPZF}F)T@z)zuH#3m1o-R|DcChJaFwA~VhTy|E2?%M3
z9VEyHYyrgU1aaZCS%*mVzra2al0Oa`wk1Vl8*V}2x(EZbqoT2EEM_#<sThT9??VP<
zH9a>j&=WEmp1QXG&4@|w0*&%NA$#PDFhC|M8r^UU5|`(1wxG<cM`^gB2v>z;v&dL;
z8dRKYtHkzih8!N#^@p*0i@uIJ=PN&@vG&^xN|zZ;4x9$s4pUqb9wZqjGj<*+glBNj
zwoyf6`1L*ow%efZ_Vh*8dJVot?HM^ImRIiSoPZlzU|O;vnO4SO(OvPKrNTR2q}PVs
z{uCHWa&w8~{dF!}7xXcUs@CwDN_mI*R4xBQhk`%9A+ryz>wrQa{<f_sErL&qQS7>7
zBNK@%H2O?ml|PgB7b^Geco$ARbmlU&y2@onS<1JY8t$Ww&sB_B2uQz#%ZPVUVVVhu
zp@=P0qw>-4Okb(q4{pNdX9n2k^Tb~$>XT~HMp8Kj5!pcXwqzkcdgysCC2)%oeQw4)
z@jjnO;|3%0vq(hXNgYiv3gO%C7kh|PB|StNEO3ML^jF`<B9mkH&IX&}_fOWIy2{@9
zI#mJ~Hk(=sN+$V@N4ZKYOmjJ)QUw;2Ij{oj8V^{G`i7B6JFxGIL3WRFjNWf3!`m(b
zzPV{??2nD_2B3bY+TSm;Q?dV&gZ;(dWF-?%KNZXbn}t*FNE8CTn~4<yFwDfV02miJ
zatv_O*}st~hxm6ez#WTby@P|2>kAVJr=ALagCg0(p~@h^vx*&^%t{!mPUg^84A{fS
z0UqZ=BahN23>BeV<nugdb-{@GW@x`F9MD8aXGYh0ug#r6U|H3#F~pepHu)iDO@`gI
zJ2!+`sg!l-MzmeoUrs5AP6M(CP72nk?jfi8LaW_M?$~W#6KUH_FiN`n7ZV+(-H*Ha
zhliwv)-NU}dM7*h8TuxZT|QT@e~y5uZV9p9>^cVJHx;%dw_20ME`}K7KM9A4qwd!z
z%FsQUc8k&})!6wfM~ux5e%*dwN`RqN&={K>J~fm-gJO2Pdv9g-vtU1W2WX}&SM8hZ
zSKtzyOw`(}a-Mn&nkF2|W}FK+yjd%05wrJZ@rXJmkrN~3U}(sPyH#9IrA<Ze;33gO
z@8HnWMDO9yBbWpkB-?&ri-2AKZk##+QYh-Pz)V7noi?6%Cw`SbeIiy7TJJEU{4C_s
z`HJV*kD~q>+|%k0J}>qNcT87PPX5$)ZaXi=2WM%Kz*##>8u8G3CI(?Lz`Z$fn$z+s
zI+x@v0W|V>RbD<g82h16z<~B~tfCmGw)9c6#{rt~I!#405tRTJQzFe8&`tqOh|><W
zgo*jR4}sC2B|0G!Qd$HJ(s%#IS2T!kFrRp7V%W)re?maox9KQtfKG3RF5QtwM-PgA
zYTd5bj|l8~#eO>+%3680ROJ{g!fMOUzx~=6b-i7qEfL8yxjEQ;NUi)yHvsZ<rSKFb
zUpIhUmOBD7MwO&+R&Uj{HhK^4&{m1jBkJIx4t>#az{ds}!FPSD7qv(%!XKC#8DJaL
zZ%UbElo#yX9CKN`oFv%0r)}@W>ls<0njfyp8<HDaG6^V2`?CB&M)Dc0b*K4LOX|<0
zS)&7wk_$m)myFtl;B9nOL7#2(LXM@?;aUNd?Pj8z^H%6|%*{DQ@Is*|ut*W#*<SHq
z<%MW%ktN?~Q=y0Yg$PE#cQ#CjUdC(iJ8kKAXN&D#+2c;zV66gSxV>;L&d-#u1rO^{
zWvQM}7bLQXZbWkiOkP`(K(%o#*GS(6glz?|ntGlsw*^4PexFS0_J>&0l756`c|<P+
zN9x~E?*O)(r^P(YN!vJ{g-~%ikywsU3{F^fh{(7&qEnLlq@=fUDKF&FT?#{*r>3x@
zSuVbyyX1xNPyRq0*H*Y+I6Q-HhP7^AJVT-<Lwm`>LX|8>6JHF;-hI=xbufr@uEgxh
zZe|v1?sNJAiOi(aPmYRkYW0HCook{wc+_B#7WI<T%})#y_$1KMx=q&?Ok&H>EpfA!
zR#yz;$hQ0l$Nc3Gye=M)o^rA=w;e)CkX65Ow%T}GQp~B=C2FNk*9!`6@b*5mf2eoi
zPNvQ1(<XgvGFxM*>h&ab$7;M#u-neRP<(GAC?_CRBlKIP+DtITh<5L913PSN+xSxq
zpg|w3-wyHC;CO1JPi3<gL2BpW<p+i5h}5R<sgE?;!=1%0&K!|(tZ7dgj7&QZ6gD)^
znmx9xUw}{-b`c8eaMw=ClcE>2+B(DbuCEhA_xIbJ$}?eI)6^Sg823N@-JhdfK5n~7
z{Q86gm7@n5kX0+Zc+^64DtMaWXBTeGVd(nWwehv&=Wa;vWN?kR*a9i3CGbG`#2VsC
z+6+^%Q-+0~1EDE1@aB#ilQ<v1Qy%2Ozx!^NB|`dOQW0N0Q>j$eQUSjp52}zb)u{vZ
zPIy>9ZX~+{3#Hpd%$De<p@34|hik}QD{e`?+?i_M*R9#<d{0>DT|o}`<*Jp8JkGoG
z4C2?ypC*45-i0cnOGzNVkf7LPiNs`y$@HlHn*z2fMJ`mIy)Gif>OmU|rb-{7or4k1
zs9w3t(jay_T%uriJE3eyKtZs~u#CQ8>u9xOUNo8`hjdenuW>e*<>fx+>%0xx4CkxA
z&H;B6w_e@0c&CkT=dq5xCw#BQI;Zw4_7n6AzE#k^W*fwbe-rm><HQ}|Xj70mn;zB@
zd|S|?>0>OMi}wrh)&fD9z|bK>nX$%JIY#I6-9lvf8;HSYIFiUl+wk#Ew{hA5z=9x;
z)YDyO?_GBA!+9X{i?VjTFac6wfIddj7AmVGSQ6O*?N<pX3;RP^x+Fb8+%-wokAlUI
z@XAgM*U!{+kM_!rLs~6)a8>F;2DQ*?rRCM?^;K_@*D>J`{B<yB6xY&0OJ@}4F+AWJ
z8K=}gFy9l}Z`94-9ZI9u?cN@0`?AvZc}Xflqqpy(FrI?f%>{5r*l30RrX2pyfR&E`
zMk=xdwuR9#BtpeuceC>0K4b-+%fi(At!8;+ps<y>3070T&h*e4jGZDpPf>u{RJNw2
zakN;=LV-#Ofui)u`&hmX(3$@uSBX=RevyIX0ad}U=FA>;MfxRp1ioClPRDF2cA@lM
z4ARU2?_We~C}{?Dx(G%xS2$3JwyhXq_w6&xbd|rEnn*WwzW(=W87?5hrCNT9s*2vs
z$HYXZjV3}&^BjFk{RTn`bM*S-E(;D8_0OPqw4B^7BR<<%k)>J`Cx$LHKHC`?P%Vl9
zLzgOt*(_yiQDNeJ*DNosF>G8xswxeI@<K=)*11a2XBws4?{n1c8<P449PxEp9#yf2
zLi@3P8@xrr6w{e8-18e|zsQqX2dA@N$uCd42S`{wD3p=(j3m^Q(b*ijz96#1k{ido
z{hV(JJkl0*EGO|~B=L-hsx|Lh;OGKUsQrwh*ZLICNFMKNxWkO=!l%~IGtKBy^!-Tf
zzzj#FjT--S&bgb?JU)g)sy{i`a9F;|n1-mL|9h_CfP9rfVX?x(v}2VH;(U4FQGMEx
z%BLGT@=Hsq%Yc4&y(-N_dKFRSVv^$NsA;o4vjD?dkt%f(HHI&o#Uv@yQNwWk#sP+v
zcvW+bRjP>T2+`5B{h#8T+5Ndh4Rc$5E4{@q>2uW=3f$Znkh~<Iu&Y?F8Ly{Uuc}|0
zRf0kraZ`!PKyhO_s@SJ)O?>B59W{l<_ZWuH{aCq%VIr*JBuUwUUx1={1tba>F*Ig<
z7;(-5UjhrrMHOR6X!}v(jy91)FVDrGX9O7;?VOg34kAlhG5-i!U!Q`GK4ev>=M?I$
z#XAnO_mt(S6)U5>d)IuKu%_C6B~y7LHqN7IC(eU!8?z+zx9$wLM;!;~R59s-U&uK%
z!b)e*o+XcJvD~^VR6t5mUB)b=LLuRB6+kdf+Ft;cY$3@js!9bg$F~>ekB-0Sg0IN!
z8FeF!4q&tSdJrzSABB&%r&GGD!f}R%czG6whYpg|1lY`tl`*$K#>UF+L$o+rR5``E
z-!MUCvExe2MKXY?{@?>#pa5Bs340nSFLr#2E!h>I&`!;Z3x%1S9x*Y==vtJUukLF0
zD=_V9XKP-@6@D@$7B*r+BXOnU%JKV3YUoS|1MmJdb)Ai?;OEiWD^01<+PUo5mB@)l
zplf;Vt-34n<Zp*5c(LU+#D8!^wBI;+eD26U`>3(~p2vn^-X)0n>o$l@WRTmf|8QQ)
zc!00_{j44Eq^qI&RLAki&a;(_-{aJ5tt4$X$l0@a4EPB<CyEh}Fniw0T_@Pi*gcP^
zi9C6>CT+vU|LeZ9EHv`G#<j}HSKYyv;6p!Q-T_LE3xL8Yw9=4nl=g=>-weoLn47`8
z;>TvSamm~l;((K<6U7YOab@}ika$X^DIJz&PfRH&D~d&tHSlwfT!@lJr5QnS&l|$(
z^xrna>&>?9Q4Ll~!8IY-Eb01Ls>*e;knPjxnpiB6+RojClQKMqhod37I+~fvJN2MI
z_@Gkebn(PK-Hr1TM-=;+Ys?Gc4b~9PoDKKQ(QXVy?X@CA%5(luoY4seTiZC#e2*6b
zWe$ilxw4k}H+-Hu%Y-1NxbxhNZLO_5oJN{JD9&*=qL$q^xX=K!L!%S)w{mgbERkJv
zbqE25!A?pa1q&cnf-xjoN`ET`r;)rzyD|OX45Eo<mkJ{fUEsuozX(^@VU>!j6%!rD
z>wA2hGs{3kmobrEi4v%mQ@=EPNDuw6qf!;D)hYcOPBEr#E%?s%6GIncdL4c_0O%h<
z0bgMVmL9G@3_cS&tZrLm^8KFY^Jt~bcOF2J0S1!<(2;Xs1kgRN>Q08W8r;oQ6=Bg#
z)O`pnX+u4<HayYem;1HUIm8z_o8zpXgX4QGsw&i#T7OHEUykEIfb5TBn~K_tt3_ZQ
zRN)v5?7`I|pbM(7d;cGR589)N2oP1}@^|<Px>SAL-F>xU_uT^ns&h-2c6Y(B3!gVE
zZazzlaoB#7PNhxG45ci{hTUbvtO2fsPoDsr=8y@pz&Yjb@e18xX?4Jtz5EYmgJ*<%
zDMNCOBjt|K6q_KY8GSs3d_9Fka;4<<(M;pH<H}H%(ee+-3wU8^rA3@^+Y>-*QtpcW
zkuzsCOkbZV7}_xK48EerzIu7V9KRgp+?r^dXM7FfULc8Z49+3k7~%}E3eLgb*bC&I
zK18Vo<)CkjPzk5Coj=QZ4IVy~7C$-_Iu)R+c8r7D)_f#jK<Op5rH}4Hd&7?xzW7hs
zU>m01+;|@%C}LDeC66N&9yh1ld(mvoJX3$-=b!WxHrbk4Ev20z&yi0*^UQnhOmu7h
zOdRy=S?WtPuu8$Q<y~mRFQ+(HM=PgDk`f>a+o+^AC^50PcBTudPd%UBOe0^B+(;wW
zmfVOV-z@0Gmu!yi!k4_Af9%f85Ethgwcfoy_5hAQRcBPzT^>2!nv}>uB8X9>gZZsl
z^m%KSbKSbMq<Jpv=W8XN$YwBNDj&e^Va2a{f4iN0aN6v3OC1HEq3WQc;*0%!tQLLy
zUZdP`Xa3{azTgvXcLp#WtDV#Bd|S{Ry_*Z@j@pe3d_sA{5pnm+Z`?dqcwj6_RQ^V{
z_*Kk@P~JTnVOdz$&tnR{>1bEqGxH$@C@Mq4l`Km1C(Y5i_f^{>R?rpO1`9oNlEnSh
z#43~t$v!h@Ln;?{nsF*uSE>^Zu!Pus$tFnalVo0i%#nV>Oig88IEUr;9CQI#K*p~s
z&iL9Saqz(zmRQL6+RBn)5ZVxRJ1Di*h^-j%dRs`%CGn9j9JL6Msh%Z+`Z9zyqks+j
z_7+*PWDaWNl<=Wv|K&tj!Sck}%?k$A2n6iGap=7}T@@9>HNZHnUw7HPg#-3r8+`%Z
zUW$-ye_@etrZX;{-axhy;?G+_lP#u?h8q3IITQpq>CS|WD3I;8y)NPgTed;-R4g|$
z5dX=EG~#2w&fn*Mxenfd($fi<_&#=xv;l|FM{1ol5kX<iE)nkctR<M5h;82HYw8V1
zWkL9BZ~eq4xV-kaX7dTp%7;fkQ8{~{W>^l+NDfIux0rUeuHCV~o3Lm}wXh0AaQA-B
z4_CMVe8=p{TfW>C+^p8*0|MIqTibvjs!N>;TS_|^yXA?UDyOz1)&RFtIK6{@M$Qj4
zT2w!@yXJDzLNzfgP_*<mzo-*`FDx@K&V{O7vBCEe|6PX5d6H9v>vR*`MP~RVH-T@b
zjiSea^t;vz+FD+5h4Q>Rao5jys?6_Xd=%E%-~ZaTfo9If*!kX(DxatTXa8AGhNe@O
zo4<HKA>D7fS$ptYBO-{KNZIK5Oh?FK<&;s0(UVF>NonKvTbWTtyjhsBdfItx7{B<v
z)x6wsEP>Z|Sf1&e;U^+FwOiE2_i0IOl~LH~U`19-CBk2>!8)U*2hux3SLwA5uxZOH
z^$b=(#&^)2(KbVucjBK>HbYr=@>Rs#ZvT>?MJ_MDCXiD~H?GKnQg2*ouSAboI`u`T
z9la`|wSSiiKKH8&+87$-4ZkLWgN&|AdR)HdjM;n0&1!N9=8UrQOO#o*l)`QXjmJDB
zwN`9o@J%~9E~DVi+S|Dp+;ynsIVY>$T<Z+Z_$xk<>*#kFf_@xwV0>$Q1^yotg*p6n
zsr>b@r#=$0SBZuRqhEPSiKr3;K$2&{M--D@h@rY<2lE5P(y3XIiYnS8W=sP(KZ@f8
ztufcUEyx2t%I=)k&W5<_A&{wvdRY34PdcEbzT=pg@NKN1OF0DY7*`SwJ_Cq$BHA78
zu&;QB)uI1OQ2S`pgZQmbDGGwPop$9`Ho}Dfp2zd|z*FGJk29S(NYn=B<=GNakICL-
z7_)K*PJWJ}>Lj!;AP{GW(V&949iC<k*?o*yz8(21vzlQj4YP(3`sRF>GbhUnI7@3H
zj?Nbl6J-xJ`es<S!Uo2MJEN^&0(XW~>L|s?ZfF3h))QiSkaz`-w)b11tTS%>FTewh
zKOoLe!v4$@iAXC@B4KlU+xZ(0kyeC6LYM)mw@USy8J6~NN3ohShg4_if}JXuszPTn
z-po`*ULD*E(yRCMM@TcVOu%2!Sb<gX^M+?j_;<n8nwPG?BVtjoptj+GB63<$=4wIJ
zwN6pM1ABwC;hz0e?}MmW$cu!HptN1RtKx_*j6HI15&^M^j#BsyQiwM~&Z^nlG;kYV
z=7U%EpG$7J=ZD6z$PDRvIrVTO!`gc^6Jcb3#l9_^j;MBqVA$#IJo9Xo-nbR|TRk$-
zR)3BygFCXrTY1+n?ck3X6%^6w;y+BHO{xU)i<wa~L_L!ZC4&|E80NR)E$jw0V^vv0
zuw$KBf;y6-V9^`7LN+lHX<7TJ?1zh81Z0h3`KtN}=eHs(?0Vt1BCz`i!}<xsh66S*
zF0Ie_kIxfA+P+Y2^mcG_!;AzBE>G8`D#drw4(i1jxnyLi8$qyaQ{*+%>0-{#+Gx_T
zs!6J8vy&H71}VjM7WL~*Z&jGZSN>78S-e{a)2Z!;R#gF>lJxD8^b(A;13N6b{kMw+
zDl;0O-4q7`#1>$i$2@}3lVnF^*zsrPug!I~^zH_EyDZS9-CTCZvz46QYLHnL6U@LA
z+A3B7#(wLcbN*e%!&xEne}{6Sx5wk$?-0k{vzYoCSFC@i`B?nvv`x+MiYef25@m)n
z28#g83PM_47<ZUB6o1-+z_)ohnU8$&3IcfF>U?yW#6G}XSI8Rvcv1V2zf8(HVFfjV
z{<-q=oncNBRRNlx3+9+aY(G6~k~n2`pJDvt@b>esdoP=-AjLCLywoC6#n<=KLL%3Z
za?fP{#m)?VI5f%xw@~!{dlw&SuHYR$rf$w(!~Q7vzCY^nJ5qgX9?m43afo~*)@9GU
z)<)Od>&FagUPnXqc$2>UgQiGh)eYstzL-TzGO!kkQ`YwVz)JcZPA$FX;1U@Qm$N7P
z7dFZP!f^Rr?QGu7!jyK(g1Lg5rCGW3acyDC+pWic2wAV?{~|qmPn6U)|E~d@!JQ=B
z2*+b!X*T{tFA#Vy)a36hKP&4<14b!xOk&5Y`}gJzuPj(yqd-LDIWYZu!v8P!TdN+N
zv^I#62@s2&(;qgz)opsA&+fvK+>G-lo@qrFEJgGEs40&Kt_TrkhB8J~OpQsBsndB5
zxQ15J<NU4m2@`6K3`F}W)*?~PX_AzKs8XShm2)c&AGmWAOnq?74U&88>&B%YpADlw
z#idN^hahFEt15<pDZ;0it;enw184z+n4Q`BsVAPdny2-?cLi8j(;dIJfe$m&12WJT
z1&G&H{6`4SVU`21oGJ*%s|Dt8noR-17Ycy*{}|R)esRD%?QlC2qz}S819N{*H~o!v
z?6+<hyN|R&=bN}!F-(Br^hMF)990DXtm(dNJT*nKFf+ryg=1!%>cfEIc~cJjQsbOy
zi<;zc<?8W&4Dn%gy(}x*I3wC^|8yUM8E7>*F&R_f>b>Exe{?X211039P%&!5vm@lr
z^W2b%WfUDCl?byg7&0#y&ImRaY`L@Y6u=lT9J{^%(~O1AguOmNT_DGei+D)Lt)fmj
zL0%JP$*bpG?q4BjM|zLf5JDtrHhEvd>+yf_4!L3pIgD)-3fNSP_7RDc1Li9L85CV1
z<A{WFCFJ%||JbYv#>~HoIb-MfuT5e6;b?nX+~c<*tEeJ;b|Fl`>i5C6H@@A9>zVT(
z+!Z%I#BqP3K#~vfJ3<bdC&sE4qBr(Z{bGbvB|&c-se06se#2!$o{$}9SyL6RTsJ;|
zT6Amn#};l#y{QHH>_Ip&r)qqt?)LWu-#4EGK3J=$IUv1md=mAlCOqA-6>%u<LPOCL
zUduA4*pjL8z@zsWz>LqKn^kGaUKid|H$KOC@B!aJHwy{e)Dk}+DqN&uY?0G-5n#Qz
zXNlipnNx51y;J`0VmjZYcxmp+NVvO1^C}1-m=Z%W)8}{-Eh#=`B?jjDkw-NU6^oWM
zIP`rssc%8>hkwuJ@zc1|$hKD(C3@Jf6m^IwsTRP6J=@q02sPgRzK&r~<JY2!SwaHw
z+rQ(L5oRyzneI9Son?LWJxU6D97Yjbb)!9SBUb(uWX4%!SZ9q{9`^m1E^t^buL?*r
z-&)$77nrFGUJ&=rjKW(T_J7TGi<GJsV8YkxXDQQ9g$Afs%F$t&{m;X<5B8Vc%ndeY
z8=HD!PE6<q7fl6r2yC!e#wQjo(_xvmVYAgdc4;kGuqd<vmwt@ew%uC>KK5^k)B>>z
z9}OXJGjIoS+<cAW$dHRNEl>>%>2TYmDZ1yc>{|PB)8pw<R<OnwNnJHWtflrWDO;95
zTGvl5B3?PhUM|O8ah8;G?LJE6k1v{EnAd7~LWmb-&;$7jxWcQxYY$9)22_TkejB8m
zZl|`=!x+R3hy<3HVCY4Y`W=v|4bRPG4W@yFO6vNxnv0bQGerV`dW~jm21{QC)ut+G
z)py4ppwz1$fsHlkGSYNAgqJS8BHw4}^h0;BA!^vEfyK)$GvSKkDf8yT!1BXLdA(Vi
z(l5)!)=H84*ZQI9a`P8(>(M$2h+$n&L;7#0rhdkDtQfHXWMMLvz&EzyXT=fh2ip8{
z>+)>_N5ZOrq*}Wc>00wm|13c)qW{!q(=F6wc}H2CnFtO)O?%GeOoY|0?+m8xpRi`6
z3SM4-Rtby?5m5>x_Pb*#K=f8vQ{+Yj{}?_2-GR&eenJli0p=nEAUNJfg?BGTmSMVu
z9`2qUEn8#ZSa!Lt=8W_L2d_)=_a5G?^XNZ34p9((7P<Bjge~)5RP=cvZQ4i(_9k^m
zc??fwxz*sgtTat^PWs$TZd8@8=(v7qAOLh}Hc8+guLd~YPW8tM1YAf=>)hCAUDx2I
zr^|OLf^{yUbI7|o;y%01;IyXm=6K0wMHfBbdzR&opV(ekvS9DD{~6E7iem9Y%rg_G
zLtSO~ys(XVK|hRse8t@pf_OH;_@zQ?Vc{<_2dUG^B?s9p2cD9JF;|IuGzUsEi$jGb
zT`BNUzau)(eJkv4LGdY2H$s!5Jl98KdIQq7Go@h%c_O$%VYQ0Adr+D+Ql|Yde*~!4
zke||J@d>N$@+Ww(MRhz`@o<UXas@GxjQ}+4USRAQ*_C%TAivs===V4bg-d&*M{3DA
z1fR)v(*sa?VGL1uK%v}1r;AvkWVC{4rWA@4Sz-UoR=Z^z(Iq*sNHD%nlVKZKN7E=b
zTI=zvK_2NN72k4kA)C{$FNwLnt)p}IJDt3$$oTJc?r5iB{?h0A>p0^d`=SSW#7998
zWADOI{3uPK@sUK}Yl@H`+VVP{-)a}u-ex{c)bM(m@Jf2@zw>>`m4n`{fNBjWtw5|3
zg*x&+%|!E+gPKP1O+yLPl7py~gK5%3J_>j*_V&cB(059x7<s}92=%od+*}sNaKgQ+
zfWf>=^+H2_Y2<|^;n{%ku~+jZvhj%6eqJZ8x{cPvOKIe#DD_#1XTDb9QCWO$w`=|%
z)l_19T9w@L8OkjV?uHigB>&?Wvf-krtGvU$R?*<I<$>`v3*Y6-*3J8*x_8GJVK<}V
zkGt8=o2IYa3qlbmj1o=>IZcD(GmU$@npc*L>YUieNns<P9IDMd$z8Ws(v`5~Q<|_G
zl1<YNyDN1byix*brHFW1iQBGm0oxiGexumXOrs6c1n0IUCCHX4yf=Bs`v?}^>12@F
zdb+s{JqsvLJTn~2wk5S_INY1O&1?I1CxAQS!4#+^LRIYX#p9#SfCvlF3hlOEpG7`C
zm}KacPi=sx1OXYco85wCc)9!-gKVz)ev6TXsHq0%1CV3G?^2q&5uQr>I+YeZaW8d=
z<>=NTbeQr{HU$VaC00Mmdoqk2^TOJQwNs*Mx<J5!I;v8+Ta2o(WF102dU3Qu*V)$r
z)5sf7-<(FTx$DVgmlAr}1-Qj0r)m(AvR#l_n;*HA<_i0Ei%&r@J8H6pbxZ%S_l$KJ
z<*xaKJ<m>j(}L>NLlv^?lO8h?a^hM5#vY8|9&+JY5IenN6L&z`N&S&s+xBu&;APia
z{eHSP)jEwcUey|IU*P>&Nn)RjIVoRJ$WZ}hm0xlnk{KyqUdT}dWffa;pOq<TwX0@o
zFE>QTL{T?01392^^~Em#!LL~(mCi)>(v5p$>#pKaGASxGNZCaK6g$|(y~%1D!J-E0
zfMZ)al_zMwWVFfPop@WOFZ>+EfuTg^=SzV@+hGe{nsVoYJqC~f-c>cup+>TbHFjzL
z+XByl9~F$&=>5ZjN~K-#S9E!aN>|!bp7ylkSF=<8$`s}Bn$XFjSY;yhu1EC-kBg$u
zga>XiF<9E^lhVZi^>05%ZCZJp{rN`H%+lPP5*~<%VdS)hE<A5>M;ey%o%&ACv-TsZ
zldGd1d~O{sS`C&gcVr;WPi9=y=k(tJkH|O&gF#q5<RQ&gq~$5qG9!4-W^5J3#ug)L
zWCr%DgKX+!KBb!Wq~EXGoA8n{a`@de2oBxk1ByM;ZXZo;E6M{dhYLnxZyQ&eM*Aw<
z$qolvq^!Q35dF|u_D~Nyu$hg!<loh3i!5}!lIS`sa=Z$dJdlXniZhrcFa5br&h`rA
zz#*Epyz_n*V8C0db7(HgIfiw$U3dx3#k72Yja=l!Op6L6hG~#J)UWGJT(nJ}do<i7
zoNgxD7hK-jqfp2j6SbBdK`(k+?Rjo*L#tQO*NJcQz_w@W#%N-p7_E5_S0|E<vwrlQ
z2T_z3=m@8G^Xm9XTGP61_0o#MO%Yv|TV@poAr{q*CyzPMlRA6lrET}?z*#Y6x--Ec
zk-fwcrQ6cX$ld}%oB6FlS3m4+nZYnp`uMRr`|$hs<+i-Cgk5gX@EI&(9QdLx9+c%l
zw$|LYtlY%?_tYohJJ&cHqs-73Ad)44uubY-Xn=S1WYQ__NcB<^;YoGhDu4bY_o7S0
z;?GW(2<GJ(za?#St1yK61b^;0TbG7KV}z{%T;@**Chk}ai_SYXJ-zmN+`A^WuNHl4
z51$r(KiSoe%!*`BpBPegGf9*=^$R$13%xus?pfvQL|ww~Z&`72>w4F-wz(X%oP@N|
z==YVwUzK3sdgaA~f4#!o2jL`gYk~SCa_8qHSG63c?A{J6VGr(zW(c<v!kr!Ub9#TR
zUJdR@ZMCU=odLu`gF)7?=>kYEj@PqFvk3{!M^MOtE#lqgCj)|b^F@Rax96#09B>fH
z@Oh|tOGdNXl~?%7YP!HfIWW>l2!%AAEd)=}Fv3JgPRtO=SV#^4snz3|nbJq_%kzVn
zy9pXFrjKCMGc&l4V8}BQwD%MA{E;g<gwPGIvO~9o8HEmk1^QZ1KcKy5EgcEKjwE%}
ziv|JGtHB?+t~PbzJZ3fJ^1Y0%!543OtG~#B4)#=Z2`h3V#1#B!H2Oi5*R6luFdB9%
z0&&XkTbB9As}P66dlofKnh{i$%To~+=_ddPd$OBQvqfr&i4hw)lww2W$YM5FC`1I<
zr3U+|jg6VD+)Q$CS1->VN*PUNA&u@e`@~=W2|pVVRijo<J#Q{=`NuN-L5)U@Mi<es
z)p5OkIcKbZN6SscO+oNi``QHOU9@AZ^PC&OSN8?Dm+M)<EuEs9q`E+=cvGe1T%7{h
zvB1OFE2$a;k19bm{8F7Pox<?(^6~QNp8eUwS@YckuD5R?UtXnLr_{n<FJ7&hZeH&{
zq%Dwp1PY2aiDeXyPBBiK9D0p0P7;q1kLB&zUrE#sUbpRC*68fX9)#86UtwS8E)YHx
zKkzMBUprmj*33T$T`|=>UcZjlzfEqZajkAysh!VdHhAUdnsVdRqIEhZI3BsDwP5mK
z+oCZz8HcgJTPRgnnxH+ev-sh8qTDhjzNV&pyYNEs7@tQDX(n`Qo>i1CmTa5aGK_$%
z_p8RX3#&qL6m}nc&FPjik8tt#*sX5$xK#RlQ@(9Qm$*8q7ZL5^>Hd^$h6U~W)eD(Y
z?G=X8NxbdO3)JJNr!aRB^MuhplN$e2rd@N%`v}cEhyKy+-38l5?Xp>!KBnyi_4*}h
zuCG+vTvcBbSgG4)3x%qrsTQSjkvaJR$$}H_aSX06!wY*9pYb+r4JtiL&tuM$J@YGv
zoK-Tumaq#>oN@?q!ClSwr~sm0Du7=V_akxn!YMt{ZO6Dv+6>7-KVE*G=VV=R34Bdw
ze<mD#_tuakQLW(?v>k@H;$3g28_O2A4%qkEe|qhjT;CrPx+XY(%JkZibe7p`Opi^E
zeZVF%GJD`vNS0?}7RZxW)peDYdY$0!Cisz%=r`Q{z-eE=qq%BjoM>?U`BKxqsCBS;
zqFKIvxOjN+%5O(&=gV`$y?3J++$H8E2hW20q`O80+bY{?>~7NFFedBdQ{R)Swr&~A
zY+u+AKbx$!1y&-|1==OuC7nxQWB(IC+c-Xv;=;~8?7lSB%!;cmRwY@FjlP`4d`RFz
zoz0B1PbZ0mjnewL?ME8CyTbMIt86kmm2@nrHi~tuZ;G>9Gv7C)=f_nXI8#MM3t>Hj
zMK-3%`}d)uQ#2K%iWIa+IC5R^?^kBN{a}_UhONU$3HgX@xsWQh$eu7M7rO2fy6f^9
zgHhx?s`FBQ`4A;Fxs`Cb`+V==MRk>`%2&#ASvn&yQ$AF$;bzqDo}fw1Hypb)xdlHI
zyDhbCKJ-eVLl?;|MDr?7Wa+6+L>9>+M72u4YMjonO0sI1P9^)DDp@D$H13q6jaoK3
zKT#*fi*D6KoB9>#+4q$ERPa>bQpvC7Inykb&XAC#GB`STIea?6)DJ&=I#}LUo-Fho
zd$2r(Zkub1Yba%_eye^cv{_x-pe%Ydc9qSGT%|u{n0PS!!tv6PhdOAO!A?Zb6lpM!
zVYPXda`9+Kdl8}zW+?DDvMz`r<`}rh9yWiIc+4WzdJMaWj#Ye2vp9)0UpH1aCa>!@
ze-qkm^_XHA(ygaqrD27ut6`~O!qdJ}`8;VCTH2#*fNSwMcT>5|zDQNaJGfsbYY8@(
zR5xm|NN=*}IOnJuYFQ**i%<(?sW-@+^0vNNs>xxUg9c;8aqV%frYdvxn%ST@ln~ur
z()NaLG!z*_0>+Y}P3-oBuPxLjeFEl^yiM5lg)bl6NsT7Z#!0wvyU5oKK2NobF;Sg)
z+OG83`UW#TV{x^n?dyH6N4Q70(f4PqN4I#Ld7%m~-Nx}3WVhUHO1HR{0oIw;@z!zH
z5p9F=$|Z}}zLWYT{nx41UOTs}+KN8boHI~IR(u;qx`MNhk@mVnKr911{Ht8Uq`X=I
z7T_`n%k#KmOJ|3>n}zh%B*Her?c&tossG&lC4*p);B;ry$$hP0;I+x1C5QLbp%>7b
z_ryiW5s~~f9T7=@cyCS+9&vmh7m*f`c8^a`l*8kdL$-Ivs$=_&oA=_7z*d5`P22rZ
z#q(FYpzcc>A&gqH`w6`b);1T9>^GzlYlrmhC*VuM2+7FC6Vfj8Zsa9j+Ai<tuq^ke
zy>?v2H|=ABB(GmCEtk;6TTcP@-=~iVjtMMld9CdtY6nJA(&{yiNBGjvOR2a|ZC4Bg
zrg`S?%@1{V6?Z*m*t+WZ)q{ASW!fAPFVRi>t_e(XF6|FpMksd~54%U+)=YCvV%tJc
zE4K+u(>shCVM+xaDvcy6)W4LNej9f_ycS0frBv(1l%{zIzrFzzBDQI{mg)btZNA~=
zC#`omL&kN;F=K8K-I?N{?}&cu<wW;XwHMu5T5-R(=q&}UX{Vn)*Xr@w?;x>QGMmb~
zRbx4SOmKbXc!H?UXTLFCx2}_+GhMI6eVN_UdR$Uponl#Nxt}S~<!G#K;YY;dW@M{r
zAqqh7P_*bg+C>mBIb(igb~~TiDC|^5(%><KTpS_c3(H5E=Q#qiwd@<Qht^4L{uVwq
zelVlbWIeqbd`r`lLb%+>g)r}8r&ZUwAwPBTR0Nigs!2sVc5C&x65wKf<5aD2Q!6&z
zy(wFU9!c%GH58JMgeru38~hL=5t?Ciin=HszEeuIlg2B?-}!a1tMuqONbBUZ8YkMO
ze6$Vy@*#b9ibTSm<`C$W5a^Y5z0;A@k#NMva~pVBT(yZp#$&k{g$lvQb9fwkh%`Hf
z#bPaR6mN6->M;1z-5GszNN^B&F~Z##$2&+N2%|Sh;Dae@Nw8(#ds}2*TwC+LU_Inu
zI3q90x@wj57Q4M1+%iZb(e7Hofj}efA%0~P$6)SshoU=yb98Mfe#T3_`N}Ke!WuEx
z5RZv~zHn_od8W#E${xcNr+WCzhjMmM?H2P__*wih<trL9F|aG^E8K-ZL5an2q#xM^
z9{6L}JqY_!QxVyKmZ=bZ>IgLIkZ)4~@}^t|05?!>?_F`k*9owxuvP#}_}3k@O-cL0
zbuL-<&%?2xxE;3!52ku5d$-WaiHWZ@>T_K6T|jV(=!l<kaL0gUQ{)3-w{aCf3q|-%
z)+^v~{LgNh%eL_iaV9TdaM`w40L4clPMLh;kl&w)_my2(9~dI<2_IU3Os`ZAek{`I
zBhQhx&$jFk0zNOG^o^JNah<VhQ^pPnT;gq&yZd5Omf3`?ZBwYCk9000wG+%PgtM!g
zt{e#|K$H+`Su@cr19vic-^$;g2t~WknPfAd8Rj~(rAPjr?%SPLc7A^#3)!vE_~eh-
zA12`iR|Lu7JDH7p<pl`CqN6$YdlY2gai|5Lk4BKRWOBGXv~d~;h<F^PQ<*?Nz`rs%
zV>kgl)a-yP7P#;Y>ws*zIPW4zMT$&XFr|<oC*@<4$m@3p;yO8gd-w+BhB$80Xsozy
z!?8amhZKHH(l5?EJ`-3<@Quk#`774IbL3!Qh=HKMIo?lwkn{V9_%F?2V1?ED!$3yF
zpX_@RnNow}ao)eZ=|TJ{+s(jj4$Szsla#Mw+f?HUnxhjxgkvd%dPjHdLa<r2KgL6=
zB{v5@V%s<R59Thlfer`9;S_z8FYwG8y#D+hF=vY#TXCU)bY`L?Q|+VK1?b&!{FhD$
zz`YO=S#VdhpjN-I<iVEao!Pz2O6+8`u_?<zw(L4^tMZ+g+1ilT6rw~Gvzi@g@mt*6
z-Q`H4kH~nXLtwc>U|v*@xrVQ&H`0J&E#cZdgH6vSVvi07mhxo?FWRTVv;2+>xPLON
zbV$0&1n+`q35skAI<nyY*^s!cnMR&tS_J47!`J=P{R`-v((j^oLShKZ%7)UIJb$>b
z*5`jx=>Wm8(GC?b=lpA<#XJecruC1%4TEE%ZT{9C42Mr^QBaZ95eSD(%U^Jo+2IQZ
zL5onpoY~<G2cb2@459lmz=!ck<y@!R3-eX!k2x$qd!XY-+O)-qY&xrv`k8=B+J}H@
z82Fx56f%j#cL+t;IQRpbSk#~Rdow`22%v+5cohl#AOSIr5VJzPAO1IBu80L37TO44
zmgRR`D>kHGIYzA@O)Lt#^684@NYwla23VW2ye1E>M%7pXqS#?1?f)AT+6gF?<qupB
zJtL9>pSpn%mu?VorBoq=<duHpj!_*SXb@t4BB5cE+X~0b2oLanQi}?mi7m=(p82FO
z?kbOI$Y`beH)SRZ7vYlg0AtW|i&6>>D2vo(?RY=Q!1V9GZSp|?NUJ65>iZ+#?+Q{<
zHtH%^Hk(S)PuD!^idXRNtUU->(EV)P51H8gZmkoB_;(~BuTM?^_}6f*!yV;}{f;9U
z68(Pwn<MsrmWox6%!UivXsmO3*QKFV&q?>CHvj2g!JXcF&L6RBEAQyKqj`ZYIZM7z
z_2cMj$Yq<#q&4J>iusHlfgc`15a+Dj8yVW2dCd=u7~xL$7tG(IA8Y_#gZ~4dxms){
z;kjD=aT90>Ni;mNEEevAfE;du?saMzb%Tm6KMLZ)@aP4cKd|VQv_fcgKiej2XF((I
ztLCPOXjdngasR;sNH+L`idlF!!MVjR*#>8`@Lq!Qgk;k!{{iD`#(z+mXSFLDXY8}_
zwe}pS)0lvB(<aG(P`lx(-H3qE!)D)4D&rf=_iGU~roSOcRiH=GEA^_EBnuzy+ov%S
z;UGxDHxn%43k{1$ZW@&->>Id9wSFe4sFibor!@P?JeBtF2ZxOMrlQ&v$M`6_JT{es
z?H{bDah;Z=IOScAd|Ofb?u50S_LW?^nJmrehh&_gB$X7e+C+bhO#HX1AF&i^^!tCJ
z(}}^Rs|&`KW+|pWHim*p?c#6HGWqZ(wTmbU<o^?LG1NXwZaAwV1^^+&_r=nv12?FB
zVm?V|Q3p8YSk(lbcQ8yx0FQD00vUy4nWAOMTE0R@s_By<hibj8Bl`c3wzq(aV_Dz5
zcXmRs03mpQ!2$$#w*&$N5AG1$b#P5^C%8*+ch{gpaCaDBa34JAHzYfI=bV%C|L$G)
z-nHKK>!+Wo?ir@(?y9$Hs;NEQOOjB?jEt7sPgf-<wYk5IevOlEu{+9+Vn}h@`o-d1
z?GtMG?<kt-_-%X|Mnp{cG%R+@yE-KF15KaM$vgo^8?dKH8>RsKK1o;nC1Gnnf+C#T
zdHidpKd;Mo^kn$cZtKfZ1_LTKbrt}I3jm66Kt*1ZFq-Pgr+d88p;R5;DtY)d1D=%U
zYlbv7pZ<u@FOb(~62|_4fBTT{iiFBhyO>^vy|#HCH1=*Dv5g5~|3%dIx0eRkZ#~>n
z-J;#%V#ObL4II&y#Y^;06+Ip)pMr`4!Z%_>UY!I$c<HTBkG~MCf8=^M|ENnUk~7?x
zfc)LFtvuxHVaxH*Gu+B_Cw|N!|CMj=c!`2GgsiC^#R>j}LT{!b;xrv!>xZrp;g#aJ
z9pXoLN=O`KIN$0FlI&vFfK`NhuXtoJ<VNVnL)6|qt<HdOQ5@1_B6=ke*ZmtXy(CEL
zqU+5EnZodr!3XheT>U^`dOc!dQhGfraCb>h!;@g(l}x%oX2PiIQPid}2y3M_1neKi
z;N}Zz4eGS<lc>Mz(L<3~W1DYPdLF^EUZzm8a#kMBliV@S<6rNH3OpcqYw5L0@i$aI
z@ghfV2pzd0&>H|!A9fvot{ab~OfgUob<&*UDRU+|woP{C8f+pk(h6f?042mh`ul9w
z*EoOJ4F()Lu?yg1JdwMDK}+8}gg3&()PKsN2Lv%PObRK|DNG3dg`Eh-pJBaD@Cbut
zLvGWrNNJJ?5f<wp&SSmgZ%l*NxJDi!ECSsLM3DY)n_p~yAGNo6zCN@4jyho2BM#g*
z?CH$>8Sew0Nv10yccloUy<fs+J)6_an{mgB5hzPgYntG?QuNRPqCj^neT|!j?snc-
zpl*|eB}&TqOvf_c$TA<4pyuKkzetpG?hgbj61HWlttWEc2=u#Qz^<$;;LdF1BTKf~
znM||y;UypW8Xgy54tX%3#+{2loc1<*k5=-zY|@zF8o@opttXs4Q|29EfvEbshqFQa
z!l5re+=lWC%?)oD^UQv9AjR4f9LR(FQBlck-o#!N43SquR@SOJYLCGwX|i7PrD4!;
zUhe&FG4tdk5RUbSnHYkqUbNtexIOGi5<#of`zM}Uz8`i>27mMT!xHVw-h(>6KWgEZ
z&i<IsS!PG6HL2V4o%6PKeQJr;zW2J0522Q4sRrKC^)GDnxKmOQiPC4+;shNdE%#=h
zoC;pJKlLE;(Pp@IS)M{})w(!sFU9d_KHTyBX~CwGyFCZQAAI}<h?gOP-W*_r0Bo(x
zz>Z&XzX~Ptp17H%(OwZAYB4VlxWQkKU0)xbe{o!GfnSu6Zn|lKZy`J9JJf9*aE(6r
zct9eg#k|_*j^l>Lb>uPR2%D`y8@^}i!IAw3H$q}<lcN}lA81}JjB_J=p$-3a3iYVk
z+wIiNsFgvg1vRo1aI`kCckcW(F3!z4J4WEWZ=%oii%tp>cEobA04YK9XSz{OlfGNw
zKn8{f`G{|&UYY(Whw&-#g94$P{o4tW>W6aYueJei7ar!j65FFivkRH9{0$^=`FDw4
zqnJLagS*c^4vr;gl7Y&%c~hGk4D-zWdJXf&!z+y9e0ur(&vrff^gR4;-?IuCAW_S|
zOX%HOJ}rLP1<<Mh1GK1X{ikXRcIP@I*3J&)>J`@<&kqw>3VU}KHG!7G&PC0QkKRxa
zGe3wx43K=4g&M*AX8UQrkUsnyhgYkBfcb}k1E1o(Ix%155X<^^@_m|4R#n8t&9^G1
z^*nmWf461Gzia4$$kOWLxoO1e&+oW()i3Ne8F`Z|>}HGC@5VoRR~do4^?JWaPS15w
z;UvAh`2c@&Hz{P#0d68g=ACzW3jb;jTK$%g<>jZO|I0GgP_~b?T2lTuh%yaTFw0US
zn|Pi-`L<f5fK9GA;)kUdlR8ArcUQ-6f6&HqmMCVyk-tY#y^zH&W*YSu61ZfBUToRg
zlmJ|M)|`^M=U5kWpzNWwCQVWhi|1Bje_QU!X*rZ)CXvw;;YTJ7B7%)q?un`W?p~>W
zpY8TB?DmE!H)mvq#;jxbPqykWR^6y-!(qQ#Lv%DzYX4R*GZ=Lk$G=XwF&?UKA64{1
zY@0$%Ohu~0^tsYlSz@e5GALCG;OgRRq9?T2(vP>T#U#<KTj^WXqcI!OHP|;I6Iup*
z)R4F%AW9ahoILdze}r!SK+rLxarlvfuDNw=MxgPta1!T1u<eaw0?WQ{$~lxkhhA?!
z44Cjr>;?a8&N$gUJ%uY=#ZR(uz>U=t#sYW$!31U9yrS*#e&-_((_KBgE9Q;9zEm0p
z*Dxs?j{)^Mu<!mG$IplfmFSQ0G(U~Nv24s;ORbk~dxy~XY@Qhm2ICASCosY!Q-gbm
zB~j)aB}$)s=);6ct(?%)5KF$yLOnZV+?hW`YKVbKp{^kU>w`}9A7trzQlPdE$O`rJ
z?dw^zCb>Yk@X2~3oY8z&Yc3)+sS(9S`t~=29<b?vVG21}`*3;}k8w((>;4BV0mmpo
zEG+Ddupjmmqo%1d_P)JLlVMEEA7Q8?h~e^oPf50^|0pHoRWe7}M|4(3ug6+^y@kOC
zNybYP_{pt9ZW}(FM(LbDJ<7}g=Ag$WFEiso2(g4KTf}CTZJ!oYV!v7Tx@KhvJqe9|
z%vmaw8DcPqUr(UdulMK}x2-9&f;A9?;NdX@f#X55rkeid1@ep|d|lOzP$gtE%xj#L
zFG`j<k|##SW|D;+8X}^{`W&VJp`20OcsA0LtiQCB_tcGslRNc1I^5ljhOZw^9YDC+
zHM;8t+}iV4MY5TwrJncad4*8-ymerSBqo~~xL+=Wyy$uB6{61pTQ7unJ|!*%tWJ10
zxqMQ_(0}Y4v(OZj&fG)u$k~^;^l5Z*6WDaoitXUsV6m^SDK5^Lfq`Y;v|Dqat`P6M
zFQh(^NttEPbc@za-PbA!Pn!o~W@Ns1-`0@sti-@m=g~6*6%JffA*CrTk5P9|58}?@
z>G9~98-?tJloN)tvkW@$&h~T8L5;EWER2fwLaI~BYm5fdsBh!8#kWYc1W=n1wLAq%
zThkmz`WuaNq)ECf(zt!|<Pp3u#;H4<&R9}!#;G5DMcl^nT79G!%u>U7kDCw+0ai*}
zut#@o8gwuB*?>Yuf;g*?!=DuxA<hC=COM=7A+7?aC`|h|Av~xHhy~;Q7w0UuHzA$^
z5HJH>j&{yw9Mz>kkVitse@ZWpgmi6+%{atMgWpK@%j{5({4oam%WUb^@vS)S8@XKV
z?GuTVU(L&Nx5eRh(>mV?YvjUZ1o!HcmRV_Si`>$hG3B`#D~S>Hxy@pWlSy_LGyG;Y
z*VJygOy%Ulk$#V-&1}L}QX}f}CzG&eqWo4W=GJbXD5WeGjH%nZ6iQo7Y!!1i|BDIR
zXLab}Y&TM!?`^@Dw*6(HwCBWDDdMFW&y8YkYmf|BUFAXTu+iLRCAT}faGKPJk^QB)
z7k}XxY*{3Izb=2Gn(|}aJm_zKVyn{PWCqiHQY7uCRLULN{<~<AN5~L|n#x{H*{p?5
z^<29t2P_0-EORMqEAL`-?`VXrEcLSI1U)Tt1!_mqx~MsXJ*7v|<VT4}ivJv?CjJdt
zHs+~Czg<W3otjp4A-q;Y7!~}4?N#+O%a@q$kqOCL<bSNMH|T{WeFGTTZADF%BwZ`&
z77QFR>t~pjce5&;)UN1N3a=#K{yTiq$sf^?7$d%xKu{ALe&!YXwCWd&TW}cNE9|MA
z4|AI8V&9rRE8zeub^7N&p9|Ixkq8Yx_40els_;q(j@2if<Pi#qaoz`*@k77Od!OC<
z@R{JdcMsr5ULw4HjesQh?x~m8(?P{04Y+#<ch`$27k2&z*QtDKF9(Hf=!1Z=$-yhh
ze!y91G8X)XbbGz_^1KPBBgbHh53seJ3mW&*5i&2BtR4W2;ZzR%Z*b-{dd=0V%8}te
zSVuBg!ZeoGS>HRKz?uQ(k9vGAUn^uZ+LQd+dk)O!-Ti!Dy^mWZnJ+VF2gC_{JgB&$
zL4J?y6Ut<HYw0#FxDCvI74^S-RE-l)8+tDwdUEiR#-j~VPMo%Sgh65Jf2>Z*_N`>s
zjaA$8s~-#3d39gcLTi~eKDcwtdHLT61}|6i`QRn3N9Uw<IBm@c`@+^gtxi(I3Z@?4
z{a20|ML!GO?}Q-|_*aosFIS|W8^HX(cNLusEB~tj+xOO$_Dc-~YuPqoI2<e!-u>|<
zX_Q}J{v`#auJVB+`_iDFhi3u=L@2O-VFL>1@tB7~!iXHN>wd9ZtRfeavd$^UZ9G;P
zgY?g&2<uz1UUpH5?jJl7&#y}hy82&)Rr-nt^?oi4d%2_dc~xoRSNT<GNLTq~_b5r*
zzWffLr!yqCz@uRM7vz#}nTWZlMW)7P<&tODueM9k&;Jezi!y6B{{{4<tE7T!4;A=d
z{ZD8~>UEU=W=Rc}T5HU2x=?Sd(#JK4@{vr~4Y-p9gy9R>=&9{{M*Bm0-Vr2-IP~^N
z<IUJa5pw)jNI$k_{t)#b`N@+0ACwO{@xFZh<M-BR_<gCK^R}a#&DX3cb1WzvT(%I)
zKOArB@V_j4xF!%t>mxs<kg!ZfU9x+n)p-+KuhG6Hx3ArO`aMT(R%b<*pb9#rE>Q;7
z|IF*^*g-rv_8spL+*&Bn2g^<;6xCb6CCEIRUmcKIoF5e$mi?2E{P#d3JRO$(2k?aU
z!?J$?KV9#k-OJ(6ul)ZcMEW;D8kjkjuorfU$V4BvWQ+LUK~q<>RN>W!ME{>6xKf<z
z=c`l8_k{+jIn})?$vF#`%n4z-aH+tnki1UKs}QM#nzLZZ5YdvlE`KS<D+$Rmc4_@F
ztY5P75eF7*A>SqicQ3-uOlVPKm$VS~W0tf6$AewF>Xbu%1KMWe@s%Yf0)lXFh>bNb
zY8a>uI!fws_FT;?HlsDuz?e(zBlWQO3AdW>;w!7?dN%H~CE;DC<#qf@YJE2c8Rx@S
zn-5P&F5wH_02F+011HH!Z3Lp{87!7AMPP#<5UKJWyZi8qcvRuJdu_kto7Jr&?t@dM
z@3DOyi(H}cY0ZlkN5B3rON{4R3PqN!J5Jp9CUBwbV;h5~%0F>(@DwPA^><)m3+XWZ
zH<V`&<W>88@@s$T)$&R^!(semM&6k9>q2BT&Eah?C7h~;^a;3PdSm-vtyLQly3PjT
zNw{+QZ}gTjjNQHD8q#mh(_QO5nHz@kbW;mp5qZ~hgO({eZ0Er~_R?=xx5wf2nF<Uw
z!CZynsRMfJwl}33v7en0O46HEw7#6$o;(xK4w%>Q#G_j|e=mNEuhxGfQP&&|>c9@P
zjzGY<N8A&cqd8;yb<fYiYmRjqX7e(F8b^%@ccJvLIwF2}Gr<M*M27nD5%(*2_reT)
zzQ>yE>gnz$`nV@N%)32hWLB?HjA{P0OY9K`^L!7r7e1b)ejQ0M{pdF7JtCpX-P(Ab
z2G=q7LQX>@sPC-}9u+-VmqC%cAT0U^6o14KN5UN*L(Nx>*>@jh4S?45iC1}uCJeDh
zFXB#MlTSxx*>1sorEh*w978bLI4Y36Jo?xq%1(71VW}`HJUeAnCR<akk(C0td*IWg
zery?aD?wmJBZVP4BR+P#-{<<yg;!=kK0Cpg&RP4d%)0%$y*Th_#Tn70gwsKZx=&(b
zFDi9tXJ97=J3!AU+ty~c=p+O7ikdP1oLfy*4{yZab)qx#jZ?WnQnrK|br?-d(@LG3
ziO_BO_3KdzoB6D)00;$n8mFaP0S-t?Tz!@5s5JXA%s<J8d6yal98`NxVK4A>*+h-T
zt<;H8QMA5jr6ynPI+Dv**P>{p-@}5v4Bu%JC0BaCg_?)5hs>o20f$K>%***``;OoE
zIW0bW<JR*z(>b0TS=a!B&>Vb=v>ASuP;^oH#O|O>L@7w;h)+%uvKg{tq9q0hA@O$1
zCKm!2bF)!M+rqMmPTf+3!6b%Le5gu<AlpcdGHjHknE?iOVi**IGEXEYR$lVS7sE=N
zM8L3$Bf6DP6GV0>nRbuR6$IX~4dGhM1yi|T@nDJswZ|a@*3J1+%-JPRL5m4-rAaPT
zQUJPefC`K8;<Clz;x2{9(ZXJTXh-Sx+@Smn>4q?Una2D2Uium{e^19KQSI}?yrbPS
z9mw*49>!dJL#72A)F#D!ZlP8xVYrsBindV-%;^pZIl>7-wOUC%utXLec$p^KVm+Qg
z(^=Em>)<sVJH$Opk!mCIEvUTSqHme*>MFS8=}?umLPdj>tNXD!#%0aKT*cfME?pi-
z1q(g?45#&APj^J9UMu?CB)Yn2Q&vk>OABk`fX1n0{j{OtKneETJXAM{4|vv}tIXS+
zVQw-rs;YQhba0jqCycCxsa{W4IWX5y<fiql2`+dh2pcozfF8Wy=-#%H0<41f;U~P_
zTFT@}J#D%>vl#M$p9%7;&5<Yqm#CdBAV21<(Fg_3eM$VtR%xWg!z&S0hq)TE)AYr5
z&-%3wZ^O_X6~^O9-YWCcnqyLlBEg*;L(xwQ6`6z{F&E8d{zgPx*9AL(eOH_nt+rUF
zBBufW*ubl+#jnwbJ2|L{jxje4{-v%???au~oll%2WY>0bf<Q>yS1JcGjkx*m8^X6c
zG=ev{BG+mAZcIu7jqqBo*xRgP)u6m9wG3svRlBpxUhJ<oj#MS2<7N5XGl^;YBJ#9i
zduR&_YXf_O&AcRScC1fvG)Yp|d^51rJ8x*ZTi8ghnr<-4t;cKY1-LidqmczF?T}k4
z6&M;wRc|JJ$SI2!DN?lo3*e1gb#@_lvUpkgRI@-f*T#d>PM{(9=Go4+#Y#+9k5RNd
zd?9XT-Q@Xx<iw1IVN`N6=7DU8{<k8Wpw3JY_Mjp}gD8h?gPA7)Fh%5?C(jW&>DW!}
zZXsYX>>4HFhN$Lr;2CK4)^l+gZLX8RZlPl+Iu0d~$K$<}Lo95e6jKMw%Lb}f7W6(2
zbf&&yDId^a1IENpRh$Q91)8}7)o0|G&QAxN+>Z(Fl!gj)v0clpJo@@=bSL#ZATEaM
zeOiWwe1Mn)s4WXIFx{!>B4xh0&nRXtRg0vXRLktW)VKXz+*GO|-ZZC}{(~DU)UX?o
z;goYPeWnaK{t8mOnRgE=G6h#(Nh|nBv#MoB4S(IlWJO2`8f0TN;p9e338#Oh7n073
z9V*0;ss0IhA;?mwHj`&$VG}?`wGd2^Nwqn($+1aAM#mSL`r7mBwYvzutD(hiLUp;(
zWOu6S_Z5RZT?R88SJlSpzS%CV$r1=JJI4S(TJ0IQBl|O~mKj#O{i)^6-b+_=MU~m$
z7D1CLG=p$0vl!HLtrIqG<Eq4?ko2!1v@eNNBSOsc{+N*^vCY5;DKjDFMo;mP7RgP2
zy{W*8o8l+EQ7#~8lu43@iz3`H%(V&Hq}<eCoxhm318@^*exQGY^ZD)-PNu|g_9n9(
zSHqv0fhB?h!eqk}o6k>J?C37Jo(Gl)O=aGBTfVx(x%u<vS*T#EVCG2ZCI#!`P+`dM
zz$W%142pQhHXlR^NyrEx0=pzEk%S;3*~&7SV`9wh@`NwUFr9K(^5jKzs&A^GOs3H=
zY>>m|KV2%V$Gk&4X?<{c1kE3?@e@rD)q-OG8uT!-V~pkUusLv1&?<An7{vv?Sa@f+
zag*<a|MCy_fZLDM5&lyJf_HCrB5)KlQH;qhab|rm70k?8?yDF4tD<SR>QeT30E^cs
z-Aa9#BIC>`QljCXK_gF29$m5|2ByBL9F{juMX!4Iu+OdPkC;rH;owd3s;BiMeVbS(
z)M|lRqJ_iwn^Gs(F8IYFX2U$jbZY*K!UvzvN8mSwPS6wrd5xP#OraU3RSzuQ+zBRq
z@-lr#clkY~Z<R%tG(wq&I+012_rO9pO)gjj^A!jv$x~nL=KUm-?Jl~1<lSAzObQ63
ziE}}e7Omd`uClGQ?Fl6X^lX(A6F2ly@5m}(D!*>rsSj>l^HX_=g!#!(7NLw-@XzPj
zq3>pW1fRm;r$5x69rWoR&N9I#28$UX5zanF>e)C?t|G9lYbPoNo%4VbvcC3j9K*(6
zo*xsMOf#+GJG2iv;W)IFsI0M(y={N*?U~zlZgzO{Tnj-Dg~6|!)j~>C$2rjtcJy5E
zujahMa<+_Jf~Iy?E=s2RAkF2adRNX(tv3&?iBa20!raG!{xg7OsBBGIO-j%K1pb1=
z!zW6J+#N}}%Y>7V#eGk>4!7IolDf2!`$<kI;<pnNK&^|Lo=OaR_gJ^ntWm<g_54PB
z%LEX(2ljK050}1pGFGeiVE;?Xrr!|L9#9gjcc*pTWrj0*w!}Xl9<s4z*DwWCrL`|Y
z3r`0_|J<~_l%+*R%Y|<?tWPuRIi@Kag@SIH7O(8EPB{4tub!lKiSYVwK>xfA!a;9;
zAC2@afL%0HhjtcqPLJ6QAiI~mMOa4WfYg_n0;S*e(j=TiY1Bj84Q&2$M|z6`Z4I~+
zCbBaZa6`C){6T;V2t#deBf%l`3U^&tt`X&Q$b$U@i*xpNqkCw^V~-m#Tm<B=I8w`d
z-m8X4HgdkiLZnTmGv<O2-m>h1VAX`$el%c4Onb*;MjRrHD304@8hw+5Rn!*cwAL`E
zh|b_PG11?b`BY>@K?Q5dcMTd#LS*GzT#i!H<uDD1VuIuOq7gh$J^eSFICjJM+IyX3
zc72<nmQC<iudoB%vCD@@&s014gD<?N(TLh_VNae~X>C_=i%f$(t((%n?E*77XpDfT
z<4lrOhkLNCJ{}zqHsme&EJ=pxF5sJJzkn`~`WDUuaTafEu&(RCBm3ao4CJu`n?KLO
zzm&sD7f8Wwq&rIlwrCt48uz}kZk?ic=uZv+rXC0hJZ9XCAEG?_*17&l(tCxH;QU*s
zncD%S5Pi;TD0eu=d)g2-k0<_qZ6bih3%t3^j$RQ+ku1B}YDcJB9kdVN38&p<!^zJ(
ze<1~G^~JCzZ3#750_7KXA2iA}ZuA;;lw*V;f-JQ(mmHInaV{3j_VuiHJC$(l?cu+s
z7}QtNI>xRIR?Mr$^7PpnsqWME{bkDEp~vR51RpGq562yS%aZnIO5?^bTHZZ;S3or%
zafz4%AxI9!Yq{mU#uVuIw!AeCSND{~2A#f}{DO<Vi}rdi;jD0R)#cKwe~RJww9oB^
zS-TY`f#l4}r2mfrdBH4A`hNg9$JXTI4|}Bghs1#AtviF%Wco2pa<R(2N8+klRDCoC
z&e^o3(Q7dk|Cm$Yr~7$U!uT$0akSWEIH@H=nXq$>2o4kaGFImgZxz%ubkBp0gBz5n
z4mm*Dc*)x(C}OyblUq9k1CVxjk)>l_m#HJ<l&8~gmevLYv_9><Zte&7H8uCo^))s1
z!?M&({T+S0P09S6^KG?#ZjJr5eOs{YqxbN1OfDspeJh#BPO^u*=M!_lTgM$jTgcX*
zr-n{0gRPn9JJ{U7MxB`$E%8}q8?IUJ=b`C7@Z`KNmpKqy#WK*26T-i6uCO77i?Nq>
z9gbpQ-;A6b+S#Fo-1S_9mvn@N4b?PHoH@)*X|I(9?U%YtxFEwdXs2J@B$Zm{6_*ba
z$sov#-TItSRtbE*LEMuu_7uFrm`xl0Keq^FHk|~cqAm;t(!eaK4<Xzw!MF5Pdu{G@
zL}r45JQxiL!+k#N6rtc@V5yWvN@DWt<LVfV^RBBy54S)3xjk^hMhx$;(m*(e!fuH2
zHnc4v5NqCBGB&1DO}ElBPaMp3TaAy{8i9qw0NdwQ(vSg@CazG9xCWML^#Xh}ms=9v
z5H0<3T!}JFuGJBL(RXiFjOaes7@n9$%eFn|4a_aWR^+`p;(`}#s=^MYkR5qJo%lvL
zD$n>CmQ+TDm;!5H(7%{pn}`!|UL1SrYklfRj&y#_%<y&{?qAGPe8FmuCqqlB=AA$%
z0E3Td$LjbSv8GW*!z)Qs-C3h3egdOuf%~&?{LNMYu_jhlp_iTFrxIH^#n%PYZ@_31
zoA8_+w+S^y%jT@hl<~_K&RTaYbH_I5Zqjl}Bn_j-%FAk3Q;^4187PGL3t7cpS&E;k
zkRp{{k5a!?gA*%!>KsmXV6(~>mfFqTWOpkQXCr&1K0rJ~u$th_3;bk+der|qm8*vZ
zUcQ<wt+uH6Dx|n$cATAaTp6H*ulTt~D44gZM@ac-7zwTT@F(2k{SBRr{eEKeF`(h2
zzva?rd?(`s|5)eWK;F^MNPfY|;hOvFhCB(ccATK5Q!0E2^aB%svFG7q=P$%)xT_Dm
zdEbA6e{%HU^{*x#;M4L0yaw%@D}(<EHSMf5JhfX!I)>3BQo5nxBa|w)hjc_)Yu;6E
zjC(hk8~B^wi1~=JU`yw{lJ|Hn{BMUihL77$mR%+&33yDe2epM0wX(LpgT~}iJW=cO
z7FOadqm*ZSj*;=@<HVMaIacXg_!&gL8<}^VVvs3~SQ8trhWFQ(z07>{qRQdg^51wh
z>Bm-W$I(->zgACtp2Q=m-XTZ}*ZQIjnnI-lh1PJ)xzK6S<mO0m5-U&=ctKs)W+rXt
z#u?9!#APE7eIyQns(Tal#SY;7Bqp5W;lQ~OJ`aHcWu@@hCe!iG#dj(3UAnYwa;u+2
zi2$z!kY29H(sumuxST*p<ztMBuMV#t2>M9mRVBq}Q6Q@s=|JL1aG6_V4U5=Zf*qV1
zv9rvmEv06tYsd5pI=fN9llzJUd>H~BZ-D<HW7Vjb+E!MVidXihPRccsP#Kp;&%R}m
z0=k&rZbVg$i}f-2VCn1<Qu=QzX+P0ZcSo!~ckSV|WD8dxfG8c;P5e$?m>yqjk2^#=
zx=MCqHev8Ap=eUh>kooE?F%$=dw-97jCSMgH*WagHr8vN!C0VCPshe`?gif9IZ*Qh
zG7|>QvaW_#8bq$YouT{Au+hhxZuz|g=kznw8kiK*+^fIqDzzp&$s9kedr)lL5n6}X
z+GYhRh1YIBjkRtj*RVpIQjgrWzQ&#ps;@&iW+Y14Y~NG)z+-Jx=S#5=+0b`OWW#am
zBLD&5l2DPoFtE!C35y<yVCI$+0jX<6bZowz*vF7nPv}4p!~0&q=Q@SPjmAY(_#n@E
z4N1AgdQH5*Axw9V9_4$D2FXmeYizlkW9y}aU34{fuNt92aae_tsH#MG+$bdb#EFVe
zOO4|-JNVC2<5$noby;;uVOKvWZT=iZ$hbxDUKt;S9@1jqedWySiE^#FiefF#*_YI5
zWLL<76WUpuE0nx6B}fly;C5eWxOm=znozj!`dJQCyM3WV2rhuA+Z$yfj@g7A*wY&>
z{kXH&{eh!PLEqk0*EyxJeI-tBA1RTtDo0sAe$zg5C!rBWGwelUgH`faw4{*`*&2TT
z4aa`_k8eeSJJ(kUFx3lDbJm~<H(RqQ<}HZ<RUg&;Gz(c3V{!^c6%-Q-#N`!D3aF(N
zv-1mnH78t}i?t~8rVzIcX78m{;ndvrY0VEAXSH)$bE$q(s?LN{s{>fi#L%pJ=$L`;
zxEx-G@7bPagSOwLUG|i(Zs@>80PyAe?YzCC=i9>3W(V1(=mTNiAOqYl#IfF9lk&r`
zIm&;Y6Q4q~H!dBNKIOlS#1g9@6;pcgHRy$E#0#28{k<?TGyBeJ?iIC#ve7TT&+EeM
zR4s4`TUku1U&}?2Kl`?9avz`B2q*UWO(hx)0t(0GoSNv29TOe;FlG8Mi<yPZTo}U7
zyIaEcHlVj>^>&x92z-PHuJSfeEBScmqxsv*Gj}~_WBqc;C#td%Z||E19mbdU^-pW=
z!6`I`FOuL5QjL&4YekiqmRTtNYNXN?hhIb$Q{?{P^u=3z{H^*ks}A0NQOX8hM;`1Y
z)cHV5Tp|+)nS1z+D-@@6;`1oC!X-cGK=d(M#(k^cRD%d$Q}n&6@|aIxwH`}l3rZ~j
zhP>r1(e-wJ9+zXYWmJwnwCr5!{=l;<7~zu2BKWxw`S->^&X<kndmjkPqo(#k9CdJZ
zx2G+q30>dc*R4C=p4`{2mzpoqAy>;n(?sw~Z|~MAq4m(6yyKA#@^8weuTI#)TLG~l
z=hmv6mlQ2))s!K3?&sNxfz+4I!esfzFRFQLieoV1dIKfaI<rT@o6lNpdN1%MswaY|
zXT^op^Nne+EV4-@YI-A!lay)Hj*d))aV{>AK|@u8qBwI}UTNNreM!Z#l{a^It(LB1
z;v&k^Rv*uDmK9b<veECtO7H||co>rCW2DqGwZpaNZe|t3CPl7!F8M6G%}bNy8z*_@
znOn9;=pbg?B{4?oWc-BCt<6EGS?e)+TG)kMXYO|=Kt^;_qqC4qi%<-R-U`rW3e*<8
z=3beKV8syw-orNH#lHi(9iaSkE9mxA@s~Hjq-vNW83EYBRWCDyttzPBkgrUkw}xF*
z`zencQa{%c?kF^NiZOO~qMiMqeCt>7CRO_x)GWaxU$RvpNBep6CKv%S)i8CNQ=!yt
z6-qY1D59tGytU)3mDf{F1?z75On*+k=}aNn@b1YR%ZSewC;WyWN1&0{UDq|kx+l|J
zFx$BbFr48$k><<Y3XOZ3Hjjh%4R~&G*XU4n8>jfWDO(OAlT?7Sj$7@XZal<h5W;_=
z_lI{F$~P^V_m-eS;)70GX^rXw_rNWnWE#GJpODa~lLD^Ebx85I@e4S0=g-i-vsSOt
z6;8JSvzD!kTI)ZhpA<fC4K+C%$Q(z@+S-6c)iRTX6RqME%~`%qGkcRP{$d`A)wmyr
zX$L;ra!lf(xRg^iMUxzc7F9}d+~A~y(GGbDC3%VcvnlRCvy{$i=@m6fi%>Cjz0t||
zDmDs>iCg&d{D#)|BreuO`)Csl@Phf4=*&(}(R?HQ8s$1P^OsAC4o*3PyYdzY`(7@+
z)l1yPRaPq<C>hrWvCc3_Igo>#rG+%}BTB|aKvg457Iu>OgkvI8W|=$HBcZdKB6M~J
zE~+nu;a7+W2vUPk+x&&tE)h^`J$)de5GR!5MjbvjH5uRT{>|Bt;v1P^7c#eI^p-^g
zZ7Ws*llv%TNu0v#s+Lt(FLX+g<-s08$iCpUTcRg34Bd-b&hLf@<wNn+dVJz;=|5fK
z&{36=uT^I?#YRs>9;wM`N%WeDIsY_=PMOkn^kC-&50wce`Ce95N_16Jq=Ve3wD_!;
z*mpCZmLX;>yP`=UHm>(bPE`xmJz(Jcx2e>)VJzlCCB{I$mHnbQIx8;nL@rWGd{p9Z
z6HnoVR}<@}xW`BQNgz(o)Z>kM_teG>F4xq|je0v@iK+31H^mYPb#HtnFso~3bu4^4
zX1Be`SxWS~WBThxeO&F^=~K!iD0fE@8|{9`<U)+W3B-+UAE14EeZ%`k`sotnnjNpb
z-%3TzvI1l!`?dmll?k}Qe4_XV0-fQ9X%`I1K17ha<yISJX}r6u(L6jhQ<2a_*-XRn
zJo@QuWQQ#;&4%}JKcu~;i)NhGRQ8npmc3>^k33Iy1N3b2lwhJ*#J*5=!BnC4IZO^L
z7R@BFxmGqPD%JLGE2%C}7pfcB7ZzE@OcYoAG+Epu5?XpBwe@otn8$Duwu0>nXB+66
z4P8rT7R_qT6Ze`M6r|&Nx8%4qsdFXP?DCW8W5%*=|27L`;<m@KFYWUAHUC4xO108Y
zluDfL$ld&#RJ^*&9cegUzPb2=Kj7w&WH<bKVyTVu5mC43p{(1JJ0Bq%T>h{Qn@3@t
zl-8L1filZ!P!qSuq7dyvRX0@7k~Y-Y?SXb@+%^68R#E9vAt$PK$CM54?E%mOsX^=Y
z6wRg!oMvhI4whZBSBdiQ=}*&lVB>mK%W*JVD|<)LzPX@8dE&I7K}&I}aNA{~!OT6U
zwcWlBz>$t+QHRd4%yB_C3+1^6aOknGr$6-kLRW_cw83B3;pc`<4k9LY$gabt&?PWH
z6;0@nG6Y7=%<HprBn(Iy?nLf2=r_{Olt|S4S9z)oOug%3tHXx9;{{s@D3m1EY~5}k
zxg=qX4cK5PJ=MRJ$fe2hk9lQ3;GtQmJ+(W<_KQSrFnm2lyO{{5S($EzZ8zXmqB_j>
zi+PBa{E#&XIJll%30{9*uX@8+NMv~0QRERnfmV5`qa@I83(>Ni?+bOs&sj<#nJd%7
zwU|cafoM*{HR>vEjuJN7fgBdf3zx-8_Q2yrjn7l7TO%+;KhqG-vBPR_%Y@V2P>a_a
zry%;2atWhd@dHTxxvu9G{L+23fRLyCY%Koo6ya&7yfw9S$JQsi(MV~vQ85YbEg<O5
zkdK-?WIGU!k14LD`!)yYgVdm_JsU5Bf6T3CdCVoql~R64v4OB=*PT2VKZXb7){{2s
z-wJ_CDNkovx9gr?2m09Fd%IJ3SN7drgDOrF_Zu<gvYhSwD1~j;?ZwLC3fot6gPycw
z|5g~>LU{qt*;W|W0#oka%XK?Y@_zgn;gvneW1(Ezad(RFDpLV>f(Ur`#aR&UraWB$
z`vlaUluDU(uoJF$Q(hpTbP6)9vf2z?^go9@bb<i=4JAw}v#Yq|W|KD|T8?#l=wXCg
z8&@yFYFfAEKTnm+%#*j#&AROm=h!E;;#Z7nDAo3F$ExO+I38aPs1h<43K`n>6rm<8
zG+6?tz(sS{y)FZ)?u<MwTE{z6ru(7Xay%AVx%KA<MI*cgJfYjtnGIuk`>fQehU9%k
z`Ux?#l@0Prj=kH`stZ(wJO<eV!lUb?CcucQ`nQe++tSr+Z7$h^MdS5vw|7HppJYOn
zrk~HfS2y?HW5Sa!d)N=2z78Gu8;%|O(;ert7_K^2P51|G{7wvRVdX<iXI$O<pnvj=
zx?|3wu(OKrbjO5?k1jVC>!d0<HFj*w)<sQPrf<uH>#K9kD(@8$=fTU|(zTOne)nQV
zkHry`$TO>(>!d-x#Nxv09aAn%y4r8^nHo*QLlZyqiyE%pz;N3J_1BIxo0f13#fJsJ
za6^e>pj}-%ezI${Sv2`cT>&7@jF<bwlK<}I)Ju#_VEt5z=LuUWAAkSkmMyoYbZ+04
z-3_;9t8`ppinoHJtm)49a=t~GX3yIWJQGeb6r-%=5Z2@fKOFH6<m_eN(L+HKC!Ou#
z@x}ZOYst-sAlIxFKz^Ml_5Odz6r03BPAQ{g3PeZo_LNBL+!ymyzmXo_2u+-FSb622
zr&6H|Mf(|T$H|}e<zKET+}IX)aIx8Yn2K-zsS%J+hkyflc1;kci|vtr{IglIc+vEM
zjC>0gMK4lfvMM9(lp+VkM^(kRX~c~F)$E@V|0^CoJO0qgOU#7!w*TLyhI;7M3P(N7
z1gnX2Vim8HS}FydOjJqGsG@8GwYakIR>4b6tn9)JJH_b#O;dL}I-Z+6M>;TH{=0mU
zgBqAGq`Unoo||<zvj$dOio|vq$ENg)dXWb}ED-hDj!1X;AEdn3c62&7d7d<4!QYb5
zvmi`B5tK%qZ}*m(Fj8F9ot`b5Kb)V}%LDUWXQqnZgD1LNthiq(XlC@ulZy1CV$3Td
zrIaeZinFW!YCe9E^x&)Es|vhN=D)}sG4`<+NhT;!Oyro^NoLvcA(&ASx-MDqk{#QO
zijiB<`pl7%Io}hUm0=d0K%D}Gs0dT;>_qAO9QlH+XjAU7b=Z4Gm@`L8iBx=j%Z~Sz
zf^5c4oIT~A^(g-7bDnW%hrFu<XTk|3?`_qdf*X;*7c?kYGI~z-P^T&<zEsOTWqcUW
zn%>aoAZw^YrbAN9$na7SJfsq38Wj0Pw80@Q)g8*;L`3xE<7aPVN9$#2`uVTE!5Vc@
zuoW=sVA5KX>OE$l$Kvb@3$%Uql^W-2C9ZT+gi8&ur{Uz-EYRM|hZ>F_c2KPsJ{r52
zirb+YI(dwJqfp&XT5FjJKz(EP0okbDIu;qtdieo;a%c(g+GP%ZIEa0I6P&Q;B)a|9
zGI_0gEMtyuzs6JGM_Q&Lt=x;v>DfB_IpI>v!+FOKSFi^rHN;<OT^BSaOF<f@EL-|!
zs+<H(kwCPz{iOe^INw?FAcPLI<bugky-~v(1<^LBZA(aDNJm8-|Ed|3oJnR6Ea2x&
zHT{`XfZdj!sq5^N@m8atqO6VUKsHj=sXS6wHu5k2z>>*x670gDPJIV`Vee4qA9?=n
z2q3;F^wssHvy7>TN(?ueK-bVA+N~nBy-{9P1L$Bbs>vZcj@vy~x;8(`cSnD@p{tsu
zT+sd)>2P8e>F_ky7qlY-!sCP`HovDWzaPA%$EFiO>`fD`)>5d>)Wc(CB=dS_8w0mZ
zs^GChL6wPjSFJb)uCuO5XNx(tfYwPJMHif_MqTZzs~G@+%c%df$2g?J9F0gow1Uz-
z`i4btk#;bt%ej)%sv9-F{Gp+_ZZ`!iQ_lBSru_6iSM*qwvX~~fS#)a_ye$wCzQp2m
zD$dGq)3xUXy}Oz|QLdd8XGu~@m^qoM4TDx2OE7?E)~%F-sX|M!f!KopZMOBb*5NMC
z!wc+rq~@2C5Qyj@=43Ai_)F`zkn<GlS5D^bB%IIEP$Vb_Fk&wh9FGF`S)rF@`nohO
z9eNm*Dk0=5K?MJnozO#|DSKAP7y>%vO#OoJESfQBV!7NgnE+7e`i0k&Jv?zB)9^TN
z=67;a<M=+9@8e~>Xd5rm`ba#NJgd=U0?ST+g8h0wH_$MJOP<+Cd|mQuGF1W#-MVBj
z*O=~LRs4U*;}2ZNueQq-l9@Z?WwKTp5SIfR=-!1t&O#><A*0ZJR@2F@BfL;Eecwk2
zs|ig%;L)Yr-K}n%*$?9@qdaS0bmCa_c0bhGO-j@_|9<wtm&4}MzOnfOwevM6uK!ZU
z1p<Fi_;Q-{OVkdK4QJSwh>J&I?UYceYZm^{p(W#MWd7ixW!!5T{&0q+;EPDG0d-hc
z92Cn93$$!@!5s$T@`wX6J^YaX1pVxd%5GU#1K%mvq5jBvbF5HYKW-J~@$d&j4EwtY
z?3U2#;A(a0Ex%_>U`e8$YkRbn&*Q6fEgwB4_G-HjYbbNhGW`cm$`SzVV;zPr(~@XO
zTRJR!<~hHZbzy*#O#hv2t0yw!U?1>Otug4}&~-j!Cf*zM`a!J^*6H8x(eN)hG6-Nk
z_`Z2M4Et8nx^!0sk=-pn57C{}`|{TgZ(v`}3#O@W0{=1n{iyQ4q8vzeq43P^`~2vB
zE$1%E1PfmhZaSuecQzdZJ>oVUS#B(Izyl{&8kd?Guw`Sy4^vCDHE9c0f@AEUZ}Xh{
zazV27;SK5u&+x&kR?y}-?gIVj9_fOXXsv`@<C}X#w@??o)h0}Rs~we?Y+3C|77|wl
zjXd+nZ5}c?uxaQ!bD;e~SckE2n3~g^yXCqI4))z_a}Qexe*)-~16>{l-2Aw;tb^6U
zNQO$kh=Ty4x~)MdXCU*mw#w;%jl(7g!&0deI!RH0T>e*dx}Z(bDwaiG%~wREmrqCh
z1Nh%m5of?fI0F(OBM~j@QH*h!2RSR7uJHghCq?8m(`9+O>wI5<>cd?43wa5JvqYrH
zB{3g`{xr1}I{7F_aT!}p+mC<BkO(JuT(WYeXZU~Pz;B@({;X4L8vmf%wG3?$xmAAG
zG3Z9R988tt%rp>eq9u8(n}~D82Z?GAy3kL4mKq?_WpXxD#)l#G;}+v|<6Jj?i)9R*
zrFqTcWPx02v0P2Z)Ep4%JFOCM&@CA53QIhIbU|+GP+~tfcMC=NG_xioGhS^Jn&)UJ
zGOVMs-9ytZVEoqi5;XWG1`ucsxatO5`b(hJorPqkqqdWTkx@%^C39as2GqhW*8!UW
zHaS`XJtVJ>bDKG=VHag+-4e;2peDTI%x0P&b?)4;g!01m97rh6=i@&TOpC3D7)$EU
zdwGZu<U})tVcq~-!(Twxk=o|s4aYg0D)YNS1%h?<dHUV`>kk;u3D;XX<{jhj&E;A*
zwu@#R`-Sf*R5Y~rKk_CMRy+Mo_<}^DTacIT1iJA;Pk;eBs7(DNeq5c5{<!N;JFIq0
zH?;(mv4drigibS6LYb*myeXlWlNmv|<)}MQPYrq51NTx-*b!fT*{9`5F~2>0el%mP
zm+JX=$hQT`vaIELHYZ`!)O;pc>)qVq;4nvN4!+*4vHg(*y}VFV=;Q2XMy(9#poK8P
zWJTOiUF-09q2`)KV@16K+_8i*IT**UzU{D2nOH#g?o^qe6wum!;XKs*p>;*rhw-|h
z&<pKJVWzh=BWl|+=bxgGct%WjL|95ZZ$aB>Oq10w!wQnUBjtfR`NqiUx_c`5iABrZ
z;X6Bi`gR5zF0J}?{kI21qgVbXw<OJ;Zx6I9o!Q1oQd%8kl1SV=--3xo&;3tsU~&_s
zl+SrBESq7$L~mf7$D#<Y)%0wYk=G-8H>6CBLz~Yd#?0ShPcnT<E2W_uN-2xdcX~82
z4vcp}&E+pu);|df(TW(MVRjJ~Dec+B!fPhY{M!t25r(drsSTo$UA6^yFlG>iY{LJm
z>?!27-*bry;f;@gXE}N=0_gAY#&c#QLo-}$`)Teyk3vr{d$ayLqFzM5<hL>>q(3?$
zftgueR;#y10#7yHVd1TaNN<QXi>*S>;W4_0RwEdSAW*u%VCIt+ZoZ#HR;qSW>yTD}
zuEo*5BO>R&9V~UJJLV(Qp_@`}(w=M1fH+2Z%_|w_VP+P4zz$6;b6TmcL*-amXLMiD
z=og~26y<Ociqe|NQfA+Zk#aHkzam+;aC9!Sv{(M>@wK*(FL7j-QZaO^!XvWi7EOYV
z{8rlJLv5%y=z$RCUr=HVLE`uUTnWu?xheGq!2_SeC(0gvGy)wlY0JGs)@w#5v$NH*
zl_6hMyH{!TY-5?Y`r?xfBnO!(jPRoF?WEGs&Gqhu`MM;0M<B$~a{h+>-dS28XiD;S
z1Rn0!+E~1)bsqh0$3APw_OYb;tS-L!8+oNTC1TgwR*g=UPg3+nyr`XVarX47o?Mq&
zzHYHXxl(}&jbc&ugD#GGz>3vAM45wxHgE2iJ|rCpa}3M;IqW%|zdGOEi|+cQG&|HX
z%6KJEw)IE7Ul(IMei85dte+RrF!d1&%+5_?7#_me+(14#hP(Xs=Z)J(kCs;g+Ueiz
zad(E*9qFG{I@pjI#AEW$-y(<I#Ee^BuxdX`WI!B<^I4Y={M+_eAa7Zh13SiAu-wAO
zE#oXNH~e$3*czJF|GLrCA$xW%TwvUWz_+LCv%OSB5m)k#oFJZ<jWxB9NSoUP;=5aB
z4q2Skhw|5sY_MO>i~M6+?evb}cl_Dx@lmVwRq5Sb)q<;2vVFoKG>a-Be=Z;+Ss|Jw
zj{pt}?oEN0Ev9T)y4Pt?k-nolPM{LDwJh)MtY*HVo3aj~lgf+;s+iE8UGlS}Ai?-)
z{#SrVM3d34l8HGwhKbQ_oY#vo;$YvkvZ>&y(_3hBsu5~}k>UQ;?E?5Jk(Z@#;Pm&Q
zstymEv&(|8sMx#OzN`jya<XlfTScAHY)9WBrKmWn+P<PjdUEpXEVt^f<{<cK#<$jv
zhZlUeAK;-+U7*%I<qZUdeOs^lPSOorhMD<{6983`Xlgm|bYtGJzt}T0oK~b=*z)E~
z{}rb}gGsoEbMY%RnntUZ)pVaj5;Ql|76+eh45qYdmNsdYUel}3cVpL<cUhR*>}y=k
zoes{aLf9uc9r<te`fc!m^W6lsOdt!F?Y;Xj#qplcDP0^Su4U@6cw&q1J>UI99#K91
zhUx7V^qRkmIL-9hZ^M?%5;Y}M0I3k)3K?B}*Sv{re&QwC^Eu7fhr8vKP{7rB#={g9
zU;5ew|A`B>Nn$vzFRVQH2esf(aKnMi9KalbaJSOi-JxP=u-ktjwo9az&r5XSEPm$-
z9b)suM?-JWJ=OY(k-gFK#R>a5-%v)MLH{(^<O;LE>A7cn5$KA=)afya-HRftKsXZd
zUEitY(`kHQYeXZ%S;y_?s5OU*dFj}>1kNw^R^96NBm3GoUz|{&cIj{uh%UXHA_~>B
zrVZ<Wl7J$C{hV=}15li0$t$D!z1>f<?qP3&sB+_NP0zWWQPpU;EOI>?*$2Lm+vPg-
z0+OX(?Ty}fSiadd7z|bEZjCM9!EBWNj=f8ZF{7c-x6MoQ0S3GlGslCWZ<!9qC6e)F
zofhlS^A}ou8_dt^(W(4WbvI#f2?UbG?(uVwcFoEU@o?zQAj39jZU>Ud-4Vf50;yb1
zKr|KUsQ_#TZ!wv|isQdXq#>7&b;3fH*(UnJs^1f`up!8M&Qmh9dr3Gox_?X@%Xh#V
z&<+!%7~)1p2j+MDb}vei3Zt~!CrYj=_LQwrO1fY<U~ObBc}aR_@78bFC#_kxapQN9
zm)b`Zw4n0^M>vnC`^-=~3M=~si_aY2B<6VdaG;RQK1sp)`pUDYN#87cl6)cxPrW&K
z`_%c>BQmEa-aYmEh~XShsx3^nCBy1HXlh)GD*AYKhu#|nU?=;W`%NHAqctNBmMID$
z4_2<BAk$af*|_})Yt@~r64)a1uhqyvSn6o);=gcX)0PjBtWQ*~KQS9D`vuiS&U9v4
zeTh>Q>(%C51F>Vj$4v!z|DyL6|N2t{=558@W6!VJjQMlVCMVXI{B$=BV;A}>l2jd7
z`Ya7+251`-3^*!x|1$YIX~_)nnEC=#Mf#a_V|G;6T$Jil6-$g@(jZiEQsoCasmYY^
z%6kJ8MT%gh&<jIU41QQ$0d(EwOoqWs>LD|_{n&anxRqV;KP+_hkZIjcY_b~Ma#$%5
zb0*zjboJ!Qws@3ob4EjNCj5|@_x+Fc*m3`{FhaIH3D_s@9@Q>^ZSZHUdG^1^Kv}K{
zTEBQM#noZl1;!YIO09AByZP#H2sb;a?U>s3tvzq7$^m@SAK=@$YwE)2O7wzvrdJyL
zBs%oHlXX2!&f*OJC*YK~2HXhmGU$4uUj<KVcixho{bMm*1<z>r-|C*>RJO+7bnP-2
zdj9`d1Xq3Kt^Wr5T`R&X^>dutb6XCH9Yd1^+Tx^a`^qZI*vWy>2Gv=Y*qYSrVzAyp
znMt@i?2m}mF~h5gHM|E*#m4Fw;u-!0eLRs^9X&kuzwjRKEJjEBA0)(Gi?k;R^*5}C
z&{#%`h8_jj58x?x*6DV~=xK2M4RlBlF3ctE#$qZ7u;~h+G1NeZBvuv&SO}Zb7^*YP
z1<fe+*VvlVfNDr<u*!?$ExLaAiC1@N_Mt+leHfNR-G)<G7Jcsyp3vy3pmzk}Ds`6W
z`eCsY#p`rEp)pheKE`6ni+|nq#B~2Ikez%nsCIdeGw6okuS<{)p@do-C&_#oCwguj
zIKSoqxL^VRq7TlW($F%TYPX;Z_3|CGx=oSuhtmjhNNgL5?WoFyl253}S)6-bJFsM0
z8jcTyG$hEL2j4=@Mb2*y?oQ_h?AAS6Gir7OJUw-<R_<;!(~L`b^v^x-O74hmug-;A
zyQ8Pqxny*Ca^Bw<ATOAIPNK7`^tG%xe5&pgK=;O+L>F;KRWOu%Tt$!$y`4MuX}Qm7
ze|ju0qq#W1$J++s$A$Ejd8BR>W>VJli}3al&c~n?PJ-~(k<dH#&VEuuZ1l>2c;S9p
zQbTm6-~iP({iM1uO9ezb$rMab+4BQ|0b*}pCD6FK%fgtl@Ps;X*Ud@9OB|a3=C9KF
z@EsEbJ27>0p0fDHQ+3jkfSyf~=eFNSk{H5sIWV3}d5(CobWj*Fo}+l8BddV^B*lJO
z{viOala|=<0XlLI8*OP45%$#HN0AqwI{$1!^7QpJZZ9l1sw>-Po2JQ%7YgF~iEZ+M
z<>t@D`})bnJgMG58^9n))aC)dAF>TPHe{_OY1J2ub`xqXy%2gq(c)_b;klr^W@!mF
zs0*B+MN=*dr<n#}?Lv^wY~ZfyGWJC+ufP|GmTkosj`M!(^I<%P^4CuUKn#M&dL}xw
zbRpTk<yGU=jkomkp{~{p+{1y2o9*r@q1t*<7Y>?8W_!6%eEl-ib4aa9ILZYf;L8CN
zo)=e5RhEXv)IhknC@%)9x*|hKX}mY+Z__^fTariT8Bs0a7h+pnB%0|_q?#%(x?)(%
zb$T=iCz)reBi3bF4o!VqM}p5h-=FTZEE`ZW{+FpX6w7Q*)$teXCl2MiF<ElrnYu!#
z3?-TLw%<z<hU9xQ*)!%~caOKntKrHc>zV3E(uL&vGFAUHx3w|oOFik%+IJ3Jc0=9E
z?(f7--d8PLv^q)>@e|Jst9?}I{#9;=Kf&Jye?K9RL?O5Y!LT8qiyvXbq!$Anmlrq@
z587N|y~b_%PDIijS2o<(%MUMz`F&WdDfnUeKicF_SRQ$><J(2vl<obog8sOrxIGJo
zZZRs|eH&H+2QffsRDw!Zo@)f}2(s{)8~P9ImL(9fS9TaWO!uQE&FK6z>;FI6-UF(M
zrT_o8BV9mx6BQ8Yy~71WM4G7dW+<UI=@3Ar*N7qzs&o{DK<J%NA`p7-gx-6J(tZhg
z@AW?S-se2$eE<J*=DhZ^?<tv`O|m<)pP4;PIqq<iJm4GiZK#{^DrXyiQb#w1z&pMm
z-PD05@u4dU=WD+Q`#)f8WwX)hn8x}oTsPzV1aq4u*Ws_PIdLB8w@VEbb(O3+*?QZT
zXPyE~dnoNJ%Zu$c1KU>)l6_sYCF;nHTC|`yjhY3~IGAH`kgN^#1-_VS<~zneC7)_k
z(T?0Sx$5(ZaRxX}qC0Gj?_~=p;9M&Ss40aGQ5=lI4fXyIU2we&;D)i#A?CF|&D~9W
zlU=RZp;Sn-5NsGoF@`iw(6QkUvjrA*aFqT<qz$t*DYWG%jc6_{92TM&YcU?vUel$h
zifPVIs$)y!mxkYQzX?ud<YhoyxE9rTBl$YyTjMYRP|WwH-dhA!+{*Fo7CCltJ2S+W
zwek=2Wks`^uH$WydLxd15gA;^8za4j9f`#^00_yo@*w&{=xiK4Vod~y7@1f+upKt>
zt-fgAl;CjTp=_vNw)U>)V4`sc+hC&S<e@J&u=~?PNtk+<O+WvLbEr!8Fcz-9IOv&{
z%MQ@?py`p#3r0xjGXn8uEC$@uR+CSNwwfcd1BF_WtRyB*gKW6#$<fxJi&`_8wPXv;
zQ<o=^a6OtcP8*Br4wKRfkV1K4lsUCW>2@rNLUXcrctc3E8JPg_pyjtWS+GS`M?lJW
zcPW6AaHL+G2R^?&V1W}^4S@&?10_07xZGyTHtHrzacJSBfwlgr!u)%{z{!^GF`5Ai
zC40a!Cx<t#l09&_gQEtLDGb{yi4Z-c-JwfyNCDWmo;)f~b?l#7s0mD4ZHp_c>pNh3
zzAbR-uLC|Z@82Sj)qa<QPdn_TWGrK$^z+{M=!MZ*(1{#>l|AsVW35)y@zv^Ncp3IV
zwx8ppawbR2xGr|EB`{C%mNn_u_$x&$uZ7<KmZ12t<8C*Q)Pf&3PY^fnq(E^xDOGZt
zD{<zuOZAGi$`wwQH!)4rD2itdqfI)e8*AP1BEqK1IA5~-H2Y+%XN+U_FOkWzIO0kL
zs8wy6+i*J_&AV?T)-&|Uf-RYZIGy7t#FX*rL+YHS&H{3`%nr{&k2spO90^Y^4h1@q
z4xy~=&J++wmFvO|>2+sWbw{Nqo5QDMr__lY4XvbS#%D%_<Lj7T=@I5BljK4NI;w8b
zEX21FJaI}EYrpMwjGXJS+OZJyD2|uVRbg;^6U*!qBEFrnQPx{32^tgVjh{ASc_-qS
zvieQyjW6@yt$Cr-57S1te;~xp0eS^TY424K1gJ|U!O_r2D#5XRi$RvVXsMC0kR;&-
zibMhrGY9=e2o)ViLjx%t(z)MC%u0~HBtBA?Y_QIMpBr$Zq<uz;HM{zY;lG3#=1#~O
zui$=Myr;5?WL6f#vp!F3c-GP%t+)kk>YD~+WfS#13tIkkXFGf>Su%*v<W1=NUASng
z|H)kn|HwJnu`DRlH><Ufq3M!g{DQ{SLg9me5`N2dWnJ<2gPj@YW-YaS!|O<=8$>Nk
zA~%Cj4s;hwjQQH*kwq-9yjBkD|1d|DfgP=Nu#+Qblk=dlm^E*bU_z&^vN>mKCMsr5
z%Q51_+L1mVF$C9rHmdtfH-YU-NAw`@v9;36_`BJPlm7GQ+N1n>V)#5u*}~kH{3_1z
zx5pJj+e$}no+)#BFPTRrCkyCSu~)usGnx{q_$}Rcpt}`9#R+@5%APv!4F@w~RZcri
z_A5F^W5?&Dz|-o!M{(=7UgrD43xfbP{1=5-5&CuHWAsjTc%a@BrF&JjL96Ca{$dEh
zm~tQ|e)-ayzD7cpCJHiR*VitM(ZfZrp2gqPqtIX4L2Tpd`-e@qIcir;zw54@?sW)b
zD{8(uVjOD2E6;TvN;%@3kQK12_p`o+vK1MJ=EdD+|C{N_5yya^g?O`E_~NITwp?i8
z$q~;GmW4?B<cRDS0b0@V3r0d{5XuoISuMQJX5)UBbF0LV{UtN)XuO!2cpig8;&O^1
zlxOvEMRe3BF1`Wztje#?DF?oM5-;Kk(E6_O)@kZO1#`5@6Em{sBUdy8WXM&X$df(q
z`McRXQ70l`^@c`JCL;dhLzO4#S=s7+eL2gP{d)pdo-~4-AC#4t`<}KIKj-@=Q@~O;
zUVu|2K88g_>3vqFVqb5DrDbpN4;hp7YTwg_;^#b^<bN{-p7KRRE8k)6d(`?jlg8uy
z!^w;&Vaqv{e>SO^0~z@D;!+U=lE5WiaYo}sxiwI55^>=!laS9XTIshDTEp%E{|<2B
zHm{IWOABHcO-0LSGHYT33Xk|j96la{?;T_B!DK@qv2h;%iq{azIFG-8$|E^yk@~;D
zk(hUbsYP;+(udtRikcGQ_*ZP-<7Y5yNzW@s`rxmX)%zfZ?E&Bro{m@e1m#df3S8jm
z3v}ud7I?dyJX4p>vHAr%iMPrLoxC*rg$D!9a|k3)JF1TFa|V-_>REv5+Ox;b-k#t)
zTs@^Rs{c^VgcR_hpK`8CkV_tkp|VZxQ7sxK_2c9nmeAuY93cG#9k2n3XPmqPq)MEH
z{TM*|FDZ4v`X%@|dHYEDIeGdd_&fN2fa#&GaR&3lc=NRP%Ee6&lp>s_@Js%@&g`CF
zXYN6}N!yVyq{KPc>5K#9@_2v&PKzlm$_~M}F>x<Kt`e<(Z)sTc9h+t?6bYBwOt{*v
zT!7pQRWA6t_t4GP??qG(Ikmw#91n$Y9-i%Yymp$RLi^T{Zw1-aQDeUU=o$MHT9x7<
z`ifQB(~VN;Lt7uGsqRC#egD{khcdPgvu?sEKls!X3(zDtGQ228y_By_wQbEbIw^eR
zy9a&U$Jtot<9CrMn13QMAH{6$<vr%4+Kj$f=kH8OK95+rm*<$1Ku=k_RtM!OcjGqn
zdy|wZUn){^EyJ1V%Q9vcT*j*-6NVgj#n#`d(yl^1=u0x*$2fPt+tBG{3v&MYj!37M
zNlDC9CWvF{ZDys$zCz&0_p%vVck#$SdPZ*3R}zEWW(?egRWWbZG)xS~_=`;j^=<hi
zM#^KI1&L7vi6O+ZcSP{bv9tGf9i)8d?(a)CaQ;UxVv7;YywT)q%sjfyJ|0lzNW3AB
zBUXs_xjoddC@nT`iJ9H=)2SOEUBkQWvy_=eO3`OEoq_BXuSWNi#;<AI;llc)4{4=L
zm_0?5b+)te+@AsWLq)v@6Q!(GQv|cS;`_`ymSMm#on4z|2|eDf$OL&rN9^o<m$qYV
zUhc?*BVdOaxsy(_z9w(1#`CdgtAwYv%mbQyezpSGpz+*Lab5*dvrx-yA4=S{gVK?b
zXb&>~w#C7iJl_ZdxySq$Q6JSvF7-bmU%b-=VRjrHo-&gID*}bSk96vFR2Az~T&xYT
zzjKzi)rE(JPOT_cW45V#h*G3et7E4~J2^X@qh_F*V?%_#L$#e>cz)|r{QtkuJy8Le
zpS%PyvTt2Jz9BrTQ022<aDO(JulD}{pX~4{wpq6}bP}J>M&5=Dwe+1?bJOGS@RX=+
ze!kjUv-m%73ZOoN{t$g0wrH7wR9c2i{{oDr(L!kolEDCzzd$H*O^m<t)~a=g9K5qB
zRfHgDHkjuy45;zpi3aXD`0oQAGOs<ybuxcW{MlaytBY&E!yn(v@u&Xq<QcBu{|Kj)
z5e*Gl4d&<nBW^yIm0?C=K7?#+yufkbd1JWMy_~=|KS1@IP-EbU1{Ti<uMY5}(=2pO
za$%!$ARk>n2Y(LDfxKPt;kACKLGU?Lb|PYT125B~4wtyI{Uhr*pZ#S9Jfry7W|kpI
zt0OAsY7eo=>Lk>phgvFyoplcWlyw|qC?W3H-2+@Q!Xsm8x{$INw1au0IL1-_9cC`o
zDy^#12{X!xFgB3ZtbLJ&3tyPaG!0)XkejnwT%vr7VcgpH!)m1srVE&1uu<w=zg~x6
z)bAWUK!JyE+UZcCNZcp!8QqR9T$_k#e7l-bAAF)-CQY4hRDMU9Be5m?Bnj0SpoX$M
z^2H<OP9!82?m*<iAM_cz(;H$&%92ztRa)CTC@bIijc#tIK?He<LVeG=W21I`%G%TI
zo=}qi;jlFMCVrV<QXqI5G~{~|GxiE1jrI3R;A+m^vON5jxEjCi%U}fc%|w*5f<9Tw
zxkFpMy7wH)Gh2_k=e#X;qy%jJhXv)6+i$&0M%+lQhqfo!DoAu{g3XJp`9=gGYw-&#
zRo14B!8TM;goQT2W{q(+!PwnkQ@OjeET)bAHpBO5h1vpTM&5oPBr9TKr!6W<y-j-`
z3)ioK^hK#gLVN9jJ|jF#wBJqT<b_PlWHqln;Cu1lTKLyjkM{2LFp{0{Mlq6oBZ*=p
z*(Xsy2UuQ`Vqd!-@xbdrvBCp!igj)5hIC!3XOd}D{6Upk@sWI$QSs3OFWF*NEZl+*
zh<?UlWNaKp4zk$1vF_8eLAj235iRQ|c~58Pfxm@Xu&ZV<EKTy>s2>(&X_8F8qei`0
zIP~CQ55vuM+@8sMqqOpvqG4(DAqT;a5Vs|7_ulyfC$}fKd&M7k20hxmvFsBy$<#}B
zyGA{O^?|1>7HJ!E9@6;W&u1tPw;=jmAI@IuZnE$4HAel}^4=xE1r*x@yE9PlNz*tx
zcXA?Jun-*$g9fY-|E#g9f-jHa%fO0@c9Uk<aB;9o?hq<~nq;Z8Zt}zndePV6#P4*2
z$)<@#eGBga)aXj~z&f;&o}$5rWX(uqjrXCX-DGY7F<3~{r!Pw6j<RqPeW`E~X7DSZ
z-Pg|xzLJGAz9BMMc$!r))tWG1G`2tFdQxKGYdiF(d1$A<JQ26ATI|WHJ0O!ml;%M^
zP@}t{F!`Fh(@TN?NsAqfg7Z8qWIlE@oOC6SSAIdu(pa)vI;M(hg+8C)NYW}bdM&DX
za&xg`^o-vMRp`+*9LUrC1nd#V7$dX>IQr~h+h{bhK|M-i=r?4{y++3M)SU7YER5!W
zxX!{|4z1BhYjDPL-iZ}aX;QTo89yZv;p2D;4x^a_p53Ek)cn-0vGP)*u}a@ZSQYP6
z;NfsBC2LS};4>SHvq<Ew&zRCmqzzhmBFfXbYH~bZxNNm!-O~wc`j)Ipu6wFhDMK`d
zqADXzTi4)6D~2@=g1ra)sV;!BlYP`<>X(@W6;G2CRwUlB!K@^ou14vCDWq0>z*Tk^
z{J0YOOciozz@`eT@WSp=Xz-V~>vh`YoX3wR4mmg~^dDXohu^lYzis^+Sn$OM!50JY
z&qq@0J1MelVsCZP=7;zw%A)n+ERWPLpDymowT(h^KDF)_5Y<_c`myjrH93lYhP)!p
zA0Z>2$YDx&meWrB22RE4i(rMmR6zY`;n&d~llAgP4^syBG>2*k?GfrCG>GZpEkxF=
z4HzN*bF>ZcX&-3W$96D9$p9Oa7~JzYVyws6W=bT<w-xI<Xha8(brng9gVg7-p>SCu
zw(F3JvH9wO^nyF(%<O^m>o9#^Ua64g{JIBa<u_B{*^-my<BNRykzK~PQj4`6c4rd#
z4##z_6O{Ug!Uw|IT@2T?K6mS^>X=G~<(WtAa}*`Z55hE5z+PY+Tc^o%CW+U8SmCiq
z_e9R*GF@0H`4?NIKf>xkaioh5qB76qaFuJlQmM*i*=M!)WH9~ci>Se1BA2yltl*-L
zwMuMBR<7lSw5zl|VO;SwW!=l)zg#@2@|w<Z`8X9SVkJ+f(cWm~q1|DpmEO4G@Ebi*
zPUFRW&8POvE<!n-*9L|@ey4eE<Y#56Pe`aOs4(!LE`F)ZGg4Pn;VgH^3_iEvGgLtI
zec-n`nkB8vm~!>&##8jDS?7J~1{|NCs<rJqev`achckaze#{U(<@eG{pDT85^CO5p
zy1;M8<w-43+mOsRv3m+Q^GhG;=%ds9UKZb##+hF%Kc;(|!dxN5F%&pI;_6Xqz-1dN
z+_(eOjwEQ00*LZ)u$G3MLEVY<A{3gdj1rHUEB=7TlW?47_g@jz?4qsz1FNU8!F!>P
z3W9COquyXGnFn~c`EK2I%C+kJ98U&O*X-pMyPTJi@?kHmH~3yeaBuL^+yhotF`b^)
zP}RZDv1F-)w*_v?UL{!}Pc<aDAN)kdzcjR4vuEVKSWQ|V`|p5hID5)xYngh=XWhC_
z`+%ACzNq@ht@}Fat)Xq#*i}12-@_`;%N6Zu4N+BfE=qe(o|HFmmsM7jq%Gu$rawj?
zOCn6;hf92yH~-D~TAYIP?h<9Dx;hOx7B@009y8p?yr@p|q*+uW@maGd3Fckp7s(Tz
z6^cgDzF;^>)4EY(*t1Ih3-XrC<hfZrMSI#q3^n&&rU`37L`mpwG+e~ub*0~P;6pRu
zgDs*cUACv}@}Jc*27`NP)OBYKY8$ISL2loOKE$hkqW%!Sy)l{kl>ffqEP289<01D<
z>*`*qg5oar_1({!o*L{mpFbFCq-YiQvg<An<f%_kcUhSkL=u{g{1)?{01e)E$kdpA
zEGm3=F)*$k^i8PgN<Q$CJj)Z)KXEZZ`?sj8H+6nTap9}m`1jiSxI9LiFNJcv$UmZV
zIZNv_>i-rd=BvKQ-8RORRF|_`wtOs~B>iPK+vT*lGbN_ItZiOze&>tWS#al6?oV~_
zTc2iHZr%f}<zvevY0kyi_HXlIzPgKQ?I)ZseZ$75(#{jod|k!Hf1zMGFH4iGY~|RJ
zUOIQy+~qhgGG$;J7E;mmn?1hHxi--8wvxJcd2w}b_lt$r%FeFKx2~0)l!1BaT%W-H
zuD9Q*pGwQEm_G_iDLCIBSbr=iU}{$N)Ld<K%`!>y3k<xpR<mOD$9_vpZsEL@&C>{5
zbrU`30}>aZPn|m}90jm!mjjYql!lm>uDM!nP4%c={(06P`_1!KjupE4`4nY2&74+_
zVY<lGwL4-*!SVX}EU~$*oK`QxG<NSN)#M1p=5{ESc;tRK--A)Q9Hey`_K$>BerGYL
z$;qX3*-y(i>>miL^i=0``!vs$RGssl(q%i1YceYgyCpL0Zzvf28N#fpl_K1hClj1E
zRVv-o50eu(tNKB)@teIh!pnp56O}o7lmnpHjqxn;pWDeG=f$qi-<SlYGZupSkKe{K
zKHb%GUNCg2lb_($I&2>}dHK^c5ZfJCsa2YA`*g(RGNs}6k>JbM7R3<}wpF0%M0j38
z6hO~;NdXfcl-~ZV_rM|SdS~!-_;pQ;m80>%_G$F}G~PQj{1}juN96?9hhIkq*Jrr-
zgt>Y5!jiU?%_XWJ26bb+v-kL2?DzDO59q#21W9$Js<o(9?DLfwE{IC34`ZB17l+l_
zvEIn@XtnleHiYl!_7PoO*Y=TVWAx%yF*bBBitdTprOY0P+D+wa8E&-&)$9Nil3e>O
z6_O6x79(|?`_s}p_e0nUKy5wQ^xmUA_=excqcDKpp``N|jmoC?7*)rQ)OGlg1Ct$-
zbeKQxfFMiKZ@KcssC!>X@1l_S_q}|s!;CxY*Ap~4feI<EO_l>todf%rlLWIfpiZq$
zjD5^N0zJS}3(-2l2qzn+6B=T!Zt*E7oHBKI)jEBlt76J&<q-6JRm>2zSgW^c6jrk(
zR?XmL!nhW80+mia886d6qo4~ucSSt!2wgv}^WCVbIrRh)o(0oxxqvPU&m^EJY9ltM
zt5WwULHWALzQP*~HA}y-YNq1X5sfVt$lzH=wb;LH5E}>E9aF6Kkd+EghMP+(j8D2N
z41cfgA}Ko~PPt=ezgNz^Eoxk`?S}RnV`y?pxf4Un=v0AyisF>QWM_{Q-@tCYAze4x
zBYYnccHQ#d+331a#ya^*ct&OTL<g{A-*_-L6|}P}B|LUol#(EM=rJ-lM?A4PFU>lZ
zOc%JANGBs|<J+@na&`hM+<DW^dpI&oyJ$e3oOqbIHD}~a#n_-DLc2JvpBS{et*-wH
zjFJV>rPO2AyGm&?)_<e4%?6@LX)r67kkIihs$|Pe_!rc@!A3f|@aNmL40M!NQfmp%
zt^oBX!p}uRU(<=?ef#FIEmyjLbVq_n%mPUaoAtONB%4iDTXq<4k?9%{>g?&~)x_DT
z6A}8bt&5-=jBsiZGRy=@2a3)XQ4z{T6bRIBU2%c2F#s(h^%}E|4(7%K>qTyjRv3R(
zFiTrbGSyVJWedWYYE}WnFn1O;>BNY%lbY+ya4033g~0YFT<}+Y!}gaNu1QRbo-p{<
z`?+7|{{C>h(vOzwOV#*&4~IrGmsmaNwn1>we!9)cy?--XzA(-Xf*n^8<@+Y%-+Ap$
zsLFi8|1I&arR_52k2(2Jc)NIQ6fzzlXty3#<KpzMTSl<ynY2Zm0qZ(k?UEoz6nb4<
zy3bCfkrQ5^ahIgcZ6hUqenP@>yh`ZgJuUT(@}SFa^1U>P@N<j2=I8)5Yx#F&qM1oQ
zj$g{Bd@vHG5t4Q12|?R$nE4s%*<sGIV~pLhY;{*G5k`-D8Q;I%fvr0%S5A4en7ZjS
z!xR`6B^VaLLnbWzief6hDThb<xQ&~v)-QG5x5w)b&K0r53RdK`nyGME??Ct`zwgeg
zaM{1~c;B9&JZZYa5-a=-N$tq!awH<;evDg&8_4^H_2gT^_~5ov24HcI+Sz=UHCFnY
z&FS0@W?OOGI<Lm%%lGYlYf2uE_qA4@6C;iE39~0$elMw`+dt}Go9A$2ZJ%g;=~gtJ
z#NlS%Q)uX%M+wF(dkJpYcHn5w)i<2yH{Wy_j~Rv1x*}G$#N8z)Uty**OkR;*eV2lH
z-EZZbxxo&M>zht2*69LPRKRY!!yW5eaoj#{#C5jgE1tgDykUfgD5paz#U53%Lx)f7
zr{^V*)ZaUMBN&VVjU;yqe7SWX?QPWpbKgqrPH2&dgy>I@U9)*U{#Zx_5~<YnJ@J!8
zLtQePcHjb^K#F~f?L~1jOD?6|Z@}lt3#D(8cBNNNsZ-hXoJQi?2lY#VMS=;^-d79O
zd%51bLW<in3|Q9rEMpa`lt<0}kmN=MGYtL-EbCbr6Vb&9?_8ht+C3gsQLJLK6lOjb
z1zIx{SycEe-zmOVjyLVS`<?~zL!#-;U{d*46p4BR5Q)t9W_9(0Rts+mPkSvPBG6Jk
zuM(a#bd+ChcVM?`ykLi*FDG+D*%1W9-c?qI)7=4tk}go;zE_M>hMSVIyyt=Vx87A|
z0r34IJtGA^hAS(^vElMF1G4TSqx~W8cnER(-u^oxVkFHw0ljZ;LG~;jfgd(ZRZMSk
z$nfF5Q+ykErS<M3mLInA8&lE@CK;OEJMS4FdtWmYSR}JD5YgB?fpcH)DzJ!V-Bpl#
zDR2%v+7q1w2`xmI_pv}}d5THUkxCinB^cGgvGu3SEzwPJ@2H-UnmpDu?M-9iq&Y{k
zA3SnK+<^z<gAf!OS_eKXKQl}@^LciB08KZ2#y0Z&F?O&8JFOc8ez&Q<Bl);iVc9_B
zO3(}s9nskP=N69w*gm~g3{bu=kRi)L&S&{n(NCGiwD;EgOOTsiGwS!Kw`f=-`Iq}P
zKe@LSn`h#H>OSNEzJO1Tl|jH6T9#S>20q`B?u2B?kTsjr5J1p!r}Dv`28j`04<w{h
z*%_FYt-Kc<(rIG=TfCmK>je}S8Y>)$>~OUyHG$D5tPk5D{*XFshLEoR1e?+z<iXn!
z2EH*lpx0L$V#qoZOw#m+_|HYzlv)F;fd3AYEa(R|8#6pT2wd|Q6E-Dqr1F12hiKoT
zLoHJiP*P~MPzT)MX)|a7V@TK^&O`hzeSfRN$hRs7^!}Ph4B2ObNtq4?Aw4_thW-m|
z4Leq;;C|Wx1KNI6!~ve|$^2((YAO^>MITx4t%^Rf;b+<2j=5UMkwb1rybnMB1#Cce
z?<01YVu%Yt!Siw)jK<%dyeAg?cB4H=TdE1G%k2OjN%hakec6I;Zhu97`(PqU(jLMj
zs{Wo#@CSOL$qEyL=O07>Y(9_+>X5XDYHRkJ%5$(A|FD~ij2~$dw1zV2@ZMz)#70;Z
zrLkbq!coc>_62Fo4jXRcC~X609b24(Vv2mFS<V6b0N)*qm|8umVPwR2@#u|aRrw#$
zx0wE^Jvv^Q`W;)La){Yum8>Q{=9nKg$FrH<MeoyCN5NByFv$Z#P~Q*;e<<KfW`e}V
z)T6<smn<>-Dx!VS7?8C?v^$$#X0e!Cog>p6WWZpx3x<eJIU-p~+Y+@Gl#RmJVnlfp
zhVMHWL&(}O3PEck6NIeGo_K#LNAxggaq;*j@e5`vDm>Z+2@4u60LFK?MGo*LMQv*r
z*GGzX69sjdyraEpbdtr>pu;M%`~aoM2o4OHAvrCHY*I&ko9S_P8@{zHd=u<;b_MKP
zznHkh3caVi1q<n&-!OV@Rz83z16(MZRRCN@#NU%#t@yMhkrF@sjBM97@SV$Lqxj%S
zV4p>aW$~zht}V?Mp$N@{hY2d_9a%jX8D?3$d{T3Fqt(+_%tZ~jZ<|*eF;G^xAapR=
zVmLNz&F*DuR`6x5B%-jiutjKaxP@qJ*nqam+RVn5fAbol)8uQvZPjZ0py?-cf#(ZA
zU`Ap#TQ+Cwrm2p#Fy2pF40K?!EyHSJ-&cpT#M@I_3g`=}O}+?4v<c>M(H1M#`$@{R
z<cit33sB6PZ;ytQD}lX&@ADzf9U0av2K>wMivJ=-ep>%)FsFO=$>hF^a%SYGe%=pa
zSuYXKH{#mppMB%X4%#-5VrZe)`((oIVw3rl$NJmE4PDGEL9}EwwLNa?7QOofDX$ZO
z>ZVGcSJVV+MlYKa-9q!dE1#kiBb2R7pPGEvZT)1z?_y);h7D4)!=Q&RO(VP3BfI*y
zA>vYfPxY>6PC&&CgQgl*x38_emfU7>k6<n+oD+<xZh1GPy+fmPeur2JC8jXOI<8<Q
zBKi;A3*cjmR!mjKGkbdPy)5KrTgDTX0KVOK36w`+L#|it_G)4)O7!9(<H$K6i!guJ
zqaT+-cEWGfg#1HRsvX^~{Lu+aRgbPey_2v>#jEzo!?Q(VUVU|39yL-y8DQ>qf`80>
zikAY1SSa9#HNtxO@|XdfxYml=N^o7$!FSLY|B}1EOYLHVMUf?WCY-C<e>49`^bh&|
zN!p?5Oo)cY*yfqhT935omKOeEhA3JV72F+()wr8?8$gbm`$$_JexFn`3L5JF-z39X
z(GV7$=DWFZrsVJQjNfS}7lkTnZWk=BC;~eNoaD3-cS%{IkjdHR?-Z5!LKIneTko<!
z9>B3GPl&(bUFF*z%^seA?g2<!**p9A|4el}>ftHmkr%nVyPE-^4bw*4CZ&ji2D@<F
z29V%}J<@&v{~`Fx-~B21tm{i21=?~L(}oSV+%7E)w#@^)6I3n=R2<}KrD36#gHw^V
z@O)ZkHSZ#PZ}I&>A1iDzP*K1;ZJA6Z<$OQh=V_ms)ptb|=}$j27yiY73ND+zy*~3O
zrSp{Q$rgtXs#ptNGQ_ox?A9q;VfO6%HbQ`E0$yn&WtImIV65?yJ!?M&)^zK$y0Zw=
z6g$H=eCN*bN{*LngM7w=F^m6}<C2eu>p=<1W`qc)UB_RGJ7Qd}bH!!wSuIdkI1@hx
zkQF<;kyP0}5^2~Iy)}uz)fK_US&r~qokY~FC!BJo4C!v^R>&y<?r6oGs*K3kO=157
z=txQ&LSuZLLJyA<w2HSvW6rGWaJ{_xbw_dV3$c!qA{TJrtM@$&m<w{}Ts}+&{P=$t
zxfJWAqBT7~<zEtgeEitQhgrG~G6j-cEwns@oT?0l*k$|r?f2xEW#K<Hc)RlEIb}xW
zt%0kbxE{I4eEwYuUwNZ$!1EdZp-V#!7uCSk^vV~{DbGbrjzBJprGLaf7L`%?LYXpr
z`3<iDPZoZQb3+^#Ro_*UU&Y=tKd!ji(6PzLk2Sy4;UB6c;4C9Y`5*YNMW27(R~MOl
z{FerASKsJU&Q;zTx>|v)!Y3@!e;hi-s^I#WjOWB_^{)qVUdW%VbAI^eM{`~#HtomM
zUykg&F{u*PF)euByqISDwY*;s;Fq>Jp#4#^-z$sFbY58#Z0YA`iuXTH*B?i9-c*=#
zWK)Vg&cA%#FYP^tZFJ?c4UwevA2s@YJ8+fIpt~E>B3~C18ET~Rz(2Z3!NREeEp6u;
z=T{^;+8R+YBGw?m9yT-?wzD1Nc>naKZ(tv0y`uYxBuOEz&Vd>|I%t8;7R-8MiGFo0
z6-)3%2g9YvN;!MXyvzCkZU3-F#UAGJo3W`lb>BjTF$=i5G15)o9FR1-Unia=$!ivq
z2t_~{z$TZ69~F!0lS)SL9=mF_aVm_#IeT2!ek1FeZFX?oBXylg*=lzvRmrm=%N=d{
zEL8aU|74b5v(djSlz)+S=v9PueW1%Im$`qgjZXIZPKd)mbwQxuZf#)hb{SgySn~9u
z5yBXB88dF+K<L@{*<-53tvd+QF{;8iXa&4qFaT$|ix3RYU9)+4d6&=iI{{5x{oUl|
zo24_N&}5IgdLbKxug`}u*dk^z1Cc5-utT72;pk3_gQ616U|G0{l6Kz?61mT*W(C2^
z)lGJiR_I%l0#iyH+&08xB@YF7r{2^gUq~mfGQMcIxIOin`hHw0Ty`z&vV_|$BBwJ4
zy4QCcqc>gh5Mc16zDNUNb9bAuLXsRa^#gNSxUQSu<Z8N&ac=XT_;C(mgErvgXwVYp
zF=6f8k?2F48jXaFS1M&zjbBC`a)rh}6JktyD2iy<BDZwpV#3;Q+onRt0MM0e)cjcj
zI%bA-{OoQgLF~=3?M<x`$tw5P2&47Sr9wF)X9@1*7GC#9<3cgbb$p~@6BITyBQ`7)
zs^sXmS-~Mz?w)&ed1K5bRL&i*Piw^tF3+N$xFyE2&5^aWqLt4{=~kad-l5x*NG?~N
zaWg>gu@ihmXybE4mDOziXnF4cX!bEcEs2MVa2_A}3zn{Y{!(d`n?IU`W7DOPu>0Gd
zTTeCgj+M+s`Dh--FT>>c-GLJhHvKG?V;Saho<bPh9%P=0evtSs_!+6=<J+q82i~7V
zZj&oy%mhEDiweEddp}Aur1<gOZcp6kM;{+tVkW&8^_$|JELE&5dqy`NTd^$Om$$O)
z3*(H*NxRP^UVX?xH9&QYZDObrm|K7$yeGA=R><z259mO@W&(hy-gUhA<McS<ay6SR
zHO!ZDg+KBmvE;c;D5T`q(fb0{Y5;ht6*o@KQU<UhdnVRfWU}!68DZZD&xbo#rMupw
z=rnZYZ2_yV22J1VqF+A{p<^t86h*-q%Y9#;*4+qmAmJi*>3b$D`7F!)^VZeVZFx}Z
zqBONoLUad<nbUU8md&;W=FSoXx-DhJC_%O^!k*`_m+#P@@8HZ5+1b<s5fLL(nDN90
z<C#awp*{=ElqmC!U}d_fkUK8}?pVTp26HFN`x2{PM<fofDyYWZ$!?G8oBz7}a?V-w
zWhI@cL1ZG=?=ty%zOWI_VBV0z{`VY1#(~vzPw(di;H7<%8mY7)g}v{OoNct}>4V-+
zNMH4RLp&pg=22}<ndx$%kqT9l_fjxVqc`eqF!EmusSRh}Cf5%rn6WOW@s!hYTVCNZ
zn8?hna(0Q$-w5@TJhbJIp`L2S%u*gQVY910>;}_rpEyMNNGsH(q)&DAY%V@%m++yz
zhMhx|RF3b~82<3k_=a@T%Lx#p&)g|^o9ubvrL*9anT!2A{y2qrxrHoy4#5mWJ&jDB
zA`ggzmQXh&>C%Ga{t(kxK`L(mhYI6TAt@*}8v^!pm7LkdN4%k&fVbuZJK-|PykGgR
zd9>W>qMD=jlQ8)qK1)6hWHYjEV^#j<&z8b7PnHFm(Z~<#1BkCelU#;7#ca&!OJPJ~
zIzj7sjjn@#$hPK5r7+bo%zsv1pX;Ed_-b*I%V?+Axr|9&wVpTOI%p?uU6xcb);Vfx
zzFrD*{ayZ}kiV53*T)dkCCW%SEz1GN4DiOz@cG&ib0Nsl5~tUU>M6IGLDX6^?B#7k
zppL_u(e<gB&8<UpSEr)~xT}KF56u)aD|LKbx<&0tGu}9(reePasmq542F&VO9n^S&
zpDJ}f=f`}`&0MkiRO#6%2WU+U+P*#*$P7DEF+LkPV=1hQUVm3)@U&E^%~f%Pi*1bA
ztSZAM_D^xUoP<FbKKsyp{5qHx<#<QJ&L0u6^{ZHz>N@;H+$M)!sGo?|Du}S8F>n+h
zw+{V_Tt!$i5jbimXIqw9I`(ADHfLR^-<8%Xo3NxWaMV(6y*Sl%^oh7_PLfc+>VL|y
zV^97eScebLn3S}{)dr3!?hej6+SHRh;t3~_IR7RzvE=I_x}uD4CTt6|@DTZYRq}GT
zB<5a6WlB~T2gM$2^)eWaHvUy4+Ub=s6#J@#<FR~;n|?0SuiE)Zm5N0f?z&J<kwURB
zBmI1OI>^}{9J$l2&LB40yEneuGpU;&<{N2M$)z%+@pik~DcUV^r&E1W^z%t&u@U7N
z-F!;AE;P(5@@1F$hG?6lf}nBi!?pVuX9%Y*^@!nSNrj5Vdxv!M$?4-x(O!`hTw9BV
z!SdzThx|Kb?U(N9Q^ru{yPaJdzZr9r4ky5j!HMAJH3`?MBe!W)tivIAaijT`Pw;#>
zapdbaCLf>dd!P0o4rjBa&Mua*tK+W+Fy$SHT5mxY8D2x~NvwQB6gKRtxpOt}Jlx8t
zn|dZ?|9){5U4bx^GMak_@7u87){dm#5T3wX4!3R_!d0hsQ?`_j`DHD*+gfIhq19;5
z>Wi3FYpY4@;hVCP<cBSrs1Elq1a?SweHaIS+iEcs6pJ8k_~EGrjrYz2GUg5=KF?Ii
zeL)|IOrDTQoEjD^pP+x!hCkAzJR2TLr1K0tc*!-@IPX;sQrq_Zj`j_30*22!AD+=M
z?p9#juyDJ4N$CM^hlu$gAx0G~o$)gjXgaPf56bU}n0CUfWj5R#=IS^()p*o}I+3id
zGe4jaw?_M_ZL`}Iyh$qhiW3U@Xpzk^%C>$@($z0H&7jC4w)hUgD9JVRf<jmpntspY
zbl!R`@%h{}*C2)}Iq*a(VxzmUmL)XtqdVFC@{z@f8CMAXv}TvnC08N!>Y>@nx}2l1
zcE^-OXJ7S0N|!&d8Fb3MayIkW;lj})wW!NCMSsI!2s38le#N?w2t31^hnO9{aAMSd
z)(luWOT#4gJyHRmWFdU|OzM`|+A`9V@BfL&pbyQQU$+Qoy3brwWU9J8PMCLZ@P8E{
zYk^e5MTYn~OTwLIwDJpKz(Fb2$4-rknQ34p_ivbkf1HBbu9QNUl<73?8gS6ND66n6
z;q0|`sf^NCUHfU}b;>GVHZD10F5=vgwH3^W(t2#Fo>FB=1{Qn7XfcYTar^0n+QqUh
z1F%Yp^)^cxc|mKP$ub4UZjIgk;&|Z2@klTDBgL#})5nU3F+Mk~GE>UyD0Wi!;t&jo
zYbi(mW0*f<u>H<rKNIC+wiby~g5-U3<p7P$FH&csbID^1+w>NJ^Sj`N!c>!k#8CR(
zj<I9n%6ZP+GvvwHYw)x{HHfQuU{{T}<eRxa^X}RBB8Y$y!76)ntTw|vvB>8%#D6Rm
zIEC0cqVi#E+%!RZ6V!oGhrGXwrxgTe`hiB~XqR757lN`kMki36vIJtxsm?9?vo8c^
zv#5$CGW6ZkOMROYXY7fT9p=Xq;dKeyZv3ZqEmIxnDr#Th*-ao;^g6(cQ=&e5+EN$2
z&24s!F?)yHuOc(Uec5J>+R(9lr<nyPytqT2Q!m3=avt_@%u*`<f}K$I7n+9icyV&!
zzQNnXyr)bp(oN_fD&M5-A?iPnzI^8EhNrhp_p<tiP!T$@d67fPd|Nb(8;0ilH#Bqj
z@P-*7XDDIl|1>e#3@N7CXS{Sk++mw$+cg}uvCW4?Kg4#9TI9?>!GwYlhK_4Sa7Y2S
zdBeau$9q-Rk90uNVVmaLCmgjY&4)0w55-j1%%37ArP=Sfe7+|IT;}k3)l3XUU!;((
zpTW^Sz7WRv;=C*na^^pa2O$T`p!=LQ-uQY`aI7g)D)n^`XXN{>XH($JO+@dJwkM;~
zrpdB5M-4dhuy9W*X7U%Ypr^N;qXzl!@Y3<*R@yXMuHmSO%{(mHGmM#R?>*A-lvdg_
zUq0ceNy$8f?fJw^cKuaEa7Y4|d6mFAp2%L47zWs0Tqb5>n4b1`ikQic-YOkWVWmyr
z@&rdsLZ%yR&+bq0lr#UO4q%x)#_+$uCC1Qv`LCFF(KJjc*%4zefbEFUZko)x2u&hd
zj)u_{Hr1Uit3LsbI4s;2qb-1KO9>g8W73@CN5XY%nxkR&q==!BKY(w5s=#y?87dv6
zxWEgP`SpUSDUevmw>@#0Bgi*npww4nI}-Fg>7yBNvI}VfWZ>V8gCLL+zy&j);jcJB
zR;NIS`F8pEx%qdO-TY%99uUYO->xAx-x0(EiOGCkSTz#q1@VyP-!xx1&x4tI$BWIw
zhgB{kL2n`4Kg$in77_ageiYV@&CQL?@UtGg{NSIZpKSE_{QNZO-^HKx1-*h0^Xy&(
zO4TEA;?C>xdjvlJ6dYa#-QvUNhHWjg8`uF*y!Zu3!{s74oSmbZ&nvS%v!J}qOv39!
zJKp62o-MJ<1+dLT@5MFovk&b0n!|2M-a{k5!wt4+cVGaRQW|j!@YWi3lky5^Z!6G8
z6(xAP)y?3=k{=j&G?R0!u2pr`?rLFlc&*dHgd`>v-cdeu6NBTn0nRG(0y_`l-F&3}
z#Ev2O1i`MS>C=wEDWm>K5xkN;uL^^+1a>{5!VRWD$)?I6?ZX?Z`LGSK-?0|K;dQ66
zliIZtx(mtG?j)QjDEBmz^4f2U(>df{#ei>>55~p6>H{<Y4w?Zazvg8Z80%oo^Zl9t
z9ecnaFDw$`g3L1k(qpqAkYYdM!yqown5g{=*mz;s25@i!>4^_xFdg(mdcM^m?u>VV
z=)^+y_o~3{d6me|?RjFr0p45&Qw)-QC|^P}4q+=kniE~0k91s+pG`Dt0@R85R%9Md
zbmf>lq~~9WQ%8hXB6D!4Tp&NJ_HZ#^KW};@_5PlC3=Y*kg^=Xetah79Bo?tMhegYL
z36beF3qIm&iAPCLr=bK#{1}wx`ISlBfpr5uQI7MYV=*4Yh(e%oKWo4CB@j<9+bGg<
z2gG_ea=VTYEBI5oiIOUy%6V!(k{D`32iA!M8pH6D5%>&VJqV`iZXwp=v@ad&w2fi5
znERa>PAMPu14myb&}Qjnxciul-Ov%*JST{9F`1+zj3`|9$!{dgNCkG+=1au@;WdUD
zZclnc#;0SlR(g+Y@juxzm2hU12K1M{9i{jorkkV(^f-!$5{yv<+Tu5s1^~w3P+P!o
zDUXdFRVn9BxhEUG+=CedH+R1;hM&?hf+mm(bJ`jbp)^3#b>cIIR5lLud@IMidxC^3
z^dOXr2=O3x`l)^(1E^v3`|VnP?%Btnt6HdBG);cX(1|3)EG>4{y!Dp%@de@3HwlFj
zVtkdv1?!R*wH~UO5a_{0oEXhFW|7{B6=42D#|5d*aRlV(huFgnPqWY~XBmy8x0vy$
zo-V1QQVqe}Bp#FbP^&`vC<nWA{>M?<6I6?+bn|8H5E=&4{ah%G^^Mt7i$hWD;8cWb
zikEw_!$yyY5J8uB!I-qO*HaOfjaCuNiwQTV0Vm^Xs6JG2h50N$IuC3gMuDUc)?Ga1
z8TH+GnMc6BFnA-#dqJqNt)go-7FBI<5OFYSCQV188COisV%xk&J-FbafYT}dXJ_lY
zt@I-c0s%3S$f6*f1D<vU;7B8fSDYC!Z0#2@d5AVS{t)BF;;sFLuQtru(Le+^xvw1>
zq_cNNI}DK)@b@l=wHI-dNEp3&;Vg%1Vsj*H*pWiK(-^TR>big(naaeBOko~%0=(O4
z8$YZGnU%3s(F4mYmG02>@sTGRSFp9K=(#@dDiQEL-F0u6<(|oOP?p(%P8C1FQ~NnS
zWvVK(aMP6Njw-cdTkx}oi4>D-+hs3OkB(+8r1;(<+8zc-NnsY*c|<qgB|18b@H`bM
zLnz==ztnY4L7deieCJL-VcerS;n|KdA~g<76sX(!YpdK1ndJnM<r1I_hpSSI`COQB
zs~hVY=-ah(UJ0phsPB*8TsO>tJ9cP$;nPYAiJjDTKx@%Nbm4BD`m5EkR}Uz_c)}Fm
z7B30c>M=5jgNrG?X=6sdM)JDH7Uc`%o4Msh!;z6Zou@5f<^j)uQ(C;8do7Sjkv>{;
z&)H_B^nm8}t(_zG-m|S!yb7&ouLAd!W|1)36ps}7k=eRa!?0(e!d@U9=ee~bPF1$a
z)!C`z<S_QI_wE$W-kK3uBwmc*|LAy4z;K*_g52%57;-Zm^%!y^e-8FQ2QxOjq38ww
zXOErI12W5k_A|YqH-2{@IL=e@8Du{9R{7n7Ao33M-e`?8375IL*2fvIBd-s34SbAK
zD-~lruf`nJsJJAjS2fcD3Hvs+_C21VT6#4PQxbf-R*)J3UW+Lt>yzJ;c*a-Ehjm*@
zQ2m3ej($f2&{~(P8;HxO;z1e)XX%#49{8XFlwx)3o~cYOhsB4hUy43zP!zYl(bVa_
zkFRU?hv-7Kf);%mZp@$DLe)}ul{#7Gj&AwtNsmm`>5pf$e>^=$0VLj(Xa^~5Q~l@?
zQ?*=AZtB{)DP&Bx(j$XknHGRw%gCv{<(K2qFk!bzc*H@~1fD2(c*I>kbuzF~unh`V
z*w)rAd?AUsmG1((pDNnyZL{=yPxM(-o=E_^I7Wn6N39o>-`Nwe$MxYY6dNxnM;(<L
zT$k)|y`g%2v80BQ6}1N~S|>Obm0FnPpD1m#w(=Sta;IOjx>}{%bD*qUF&32O=X%7G
z<+Yk-VTe}le{(7H9zaUBke%WqVHM!eL32;6dep@>l5k*2B$4i=<_Fm4M2-2p`{o*=
zxotWcouAJoiSN&yjh$IW9SxnI_tV!fiT(IhH}{CAD>-00IJGxABWi=WQSIfVMhzP1
z``Gd2edudu+ZT$o+P&9eihr0oy$@rGqnK??6=~DwQ7ubSdE0Iw+cy|mFu!XT%<>5U
zY)cTBIPE1bS%#x1ds2IZ3cSQm1B!MphRsOq?XPhliJ&)>a^$T!OMVOIWiYN`0P{8l
z3%1Z$mkrWbA$ROAa&xp7apdB-LLdR~N(B4hQ<Df1>raKQ#(BJfx=I8zCe9||Oiee8
z^T=m;HNT_|>K;~$QzeWgdnGSQc}z}$#Ko%!V2y`0bqJgtHiCu}6t`@t!{t*vVU)dW
zsbV+-KZJ>BM&=U!*S8l!-d<_tx$QZ;clA*~6%%3Y^*bn~w?yeL1Q3w{1+v#bge?t2
zOk_p3Xg6L5Y|%p-+yEpXVv5E?0ItNv$R(F&obIVaAm}AcSxEthaK=mB*YR>b%G`+m
zNbPf-v%Ae&vyc#WLaa@AhBNp8N5vLO;d5nm8qrN8{hCq~NL+oz3uU(SW~yEa&AApd
zC0`IG+Vj*APZ>-ULJaFLIf{GB>4RTO<^r(sqZ<2Iu1|I6)IR6cV}`Pa;E>d%LJ_s%
z+xZmLPjIBPFS4ViQW<FKi7#H4FL+_7#Z$l@H$;wH#anQ>x?B0i!=Rx${}=i3I1KLX
zn2>t8bW70pnjUJg8@KM2?G~L)kP(~+O}?}xvF1<tg7TQgwJ{7zX&A_bCS3EIg8QK9
zog3L5E*J(dh)~rqxLr5&Yupl}do4VDFEO}sW-{>o7SSHOsvBpsfz6%qJL<9sBYhM4
z8gH#kxc!Y;+J82~XBTg8P&^1&LkpmK&{1##j*Z91S5dWSCWbR=yX%LFNFCDMcTLrI
zdASu$hJCJX1leyL-z+7D%k`Y}Dl<sKhuJ0W54<MU{Ovb%VE^?{hq4S=GDL|2SW)`5
zdHPUhhfUc7VkLbqOB`^;2I-LgXe;{a@YTA&iF(1<gL<X<lGySC(jmi{N+o@_kX25{
zn#{{|?fWt1lf5z`R|*<QL|U9k+{3mN-Ello21|a2A5#`_hJCJQqtcf?I>$KCnS!oL
znMpJqbUDzUUJ{-za3DLqR(6X<5(qdgy!)U)?<vaeksmkw5t=lk@m?fAwGc$zazS!Z
z7F-4*=bN_XA*yAdFE*8>FuiQ;Z+81=Ge~iZ`|V}oT?W_-hFN<@q%4|&Bapd=m_zNl
zn_lu<MYg+55Gf$A`Qp5+(1M7?CvYVP;f)vLU$^h;5&B$59#JfKb2#2m3O|wdzQ#%G
zQ5~`lgHnsVz~3xMIuVDC7;U3H7&cLkl(TZ(#EkV9K-bS&hw84U)H9c}C>Me7kn0o+
zuK2r^%=eLRucGWm?wYn6_cLofC}{uCV^Z|qR!~p4{}m4AOUItd5GQT6pr(Tw2EH(i
zhESR<$U{8T4KLe5V@xn#^R%FOMwoY?H^^v5sI+Ta@LTen5j?DAQ=9I61+m$}Bgm1O
z4_SG^9GQd^Zq1g|9t?b>xZv}yB4rLdO}utSRh}{@U3hXcFl~q|t6^`c&|e|V57%jU
zhnj`sMZ4I$ErXV@X)h>MZ5OZ7$k|;EzwCOVfO^k29z=j-xwyqAGb~Kvj{G(Nq<-wz
z#F($3n6LUVU%Q^)mR6uzzV%QnIEsj+_I|jc#PtGR;1^X13Qm>q`UD5M$v0$MLW%xv
zA1NmTq}+*B8;*XqQa0+2$mO~q*cOfmj-LYqX3?IW-VDJW6Ghwl#dl4M?}~}g`tRc8
zu)#2-@*PoqZueyz)Q#$EK`0lIOZN5ZBG*XV$s!x|>Jt;1ehr|6roRS(3ycp923IUB
z+se}OqXX)7&1-4f+naY@7FO$Xa8v%1X@56Hc*hq#L7hjl5rFH!s0_|;In^}rC0XNs
zb0QC|yM92~aC&>#=*m&pi$6s5;i-FT_BUf<1LrdV9+ujMG+1*U;NhWd$Pg17^q=OX
z!7b@y_T!IG1|K|H6!i<C8|Y6YafDZZmjU?41f}pURNa{tT1F;l5x`n~p=x>vN^9sZ
zxkb7b5SzYQ*t!q5r`q(Jy5t6}r{{2Pyoi|+c!@u<K8b@aa0qqXXp>L`4{_^~J>1b9
zU$uVBfpqe<q2X>mAdMdGWuw+`RL{Wzy5TKP^@<oJ0J>s6eW<^SITvXBq3_p@$?f1%
z{sKsWa7Z9;9}keGMY%D~l8T?u1oK*e-^I~4kkS`foN<=;z`vOQWHBMXZKLuSPoL1=
z&A*rR;{%5GG8`yfKbvHW{SAO@8rRSN3X^QW+H-`e%MTQjiLW=QiWl~&uKi;E8ULS_
zFnz>9T%^pE$?$_0xk5GrfnOd%HE2s|8lJ+S{ahR+`26c|<uTqqSEK+Xe@C;j6K|jX
zznO0!4|)2o18EwR@5EVN;g5KcMS>Lgi%0{E4}@d^erd>mZrwmgDIm)>&XN{5`n#z&
z&Vb4<k9}ePyzz-3fyRG<3xNjW$$wy%r(c3VkXWvx@yS1#VI~1!Ob{oGdp=H$mP`zg
zt{0{9-|Zn%F1`GIz1~!uXXM{ZA;R}6ji!A(BkFN$IbA1qnx<$snEOU2W{mGR<#meu
zn$QqBiDSW(K$x<T{+n7|m|)<E(d#ZB)>WUDv%Mqj>Y<wl($|UQwTRDDDUKLW+h@Cn
zMgHpAJNGy|ZpKL9v8y(Q3g(G~ldozQ29lRO8cUOmbEM)Q<elXK<^fv7fO#grgRUjK
z5gSKj(gHw=gi~9`6|$@^dRKZJ<Izo{wMGu=8!TvD#{=oDhYJJgSBDF^ws+q!1@X@D
z1dazXSyL7L#46QGDmfyPuQY+<Y)L3VbJ0ba1B2IU)Wn4+{Q5z4^@M2lO}8J{CELb#
zjoL+#%&UJxAhWf0(K-Ga`;s+gJcQZJxHU-|W9FH(iv0lqho}vNY`r1cMY*DJryS5u
zKl~D>bR6)l7Jw}Db!05&2w)YpqaMp1Hpdy%M0(s@NCY|-O<lFy+R^tGAP(znOcS>|
z%k{*em;hMvDOWc3!b{0z12q-_10FGFFRE#@tqWI)@Chem<;tM7y2(N|RhP#)VbB)i
zae68@oR*2#j&3i;Ehz>y+lAbTN}a~JM>c}<5%uC6l>n5bwtI4bU_YG3%7ePnJ@VWF
z5SBm#b+zR<^HM34yWwJ10Q!=>dYQ&aagMx9iovJ&)}Q9DzX*;=zwufaB~pErb=nrQ
zmfMBZoB)^pUYxviib3`EqldIh9|@hiuZdY)rl(lI!*>b@sDQ)u0f2lckCt|)yip+m
z+yhO;Rqy-qgd5K4fQud}9iJJ_;R(%p`|#P<_ncJK1e!U)E5+9$20!-Ej9L%^bmig(
zKlaeTivyu+VFzE?Uog*lT3nF6SDi(zU1mWnwl0$`xm1jkbnvl{0bU%$vz{7o@Ue%%
zc~p)S8#UL%uwy~&u~Xn~PoEr=v}G(Hn{d641zwDsBt(*>;%`X?81+|8=$>~I$&Xz>
z>h3zdIC&;Fy$F7o+H=pDCV=ZKYL=^!{NN-6v%1TZ=h-?-0%1HIY43p~SwGC%%CK%r
z3b78^^QcaL#s^*&lz>tBI9HM^gW?{pQS4rTYE^JI*X`o4>tAlm=2~QH6!+a9wIp9J
z4t3R)7yptLrr9H(yOgHl+{037K_)cnA0Y%tR~i2Q%<NH3u*g;^?qeCXBwH^IaUFdi
zZkv`Q6eXYVHBH5|hvol~_Kne*L`%EDOst8GiEVRY+qP|MV%xTD+nDfuW7~G}<(&Ji
z`|JL@YgO&Ws_yF5yL(sF?yjdA%uzI&!f958(QST5{{Qa&zWDz=F_xbJ>83NiwEvs_
z?{&n)Z9PIreE;!l_%yID*ph+X0hVX>Gz7!}ICrRHijq(RG9Iu-LPXO+b^`<+7^fY^
zG{~*Mmun6hf4f15XG-fJnQI#B5Ck9?|KI9sr{f^KzW+SggY*WF?=a5p_^t!6b+Eqh
zo!_<=mO8xT|G3{lLu-Bp2mSwT+KdDZwSR1)BJcH542_l!QeeXCg)m;D5$SqjbEt(o
zCCfsG&qE4!iGbAf2A|pOylS<5ra%S>PZ~eJ>8XeJeqg8~)5gMtJ2oKEm-gu}fc1cs
z+p`ye9ufLMb0DVQ#c}@MW^_P}2)qYkZ~H6`S|bkr3FL^>Ntfxr%~SA{50R7J*g6K&
ze^((nN=3I{C%J(=6D^Pk14Pe3K7-%4jW1x9J7AV&2bxF$DHssMvE%y(sRR}g79~jR
znO^KU<yvP4)S&*_=kaiX%nZsTkc!7tlFdhff-U+0p_*m-==0fap|zbGTUu@&`@O_b
zsU3+yB`r&^u)H4?nMDbBkCH##6wrBuwIF(#EkpK+lEcb7%3Hs3A8{gM5Sd2IN7zLu
z`>PbD7riucA((e}aCdM($}opR3rNjJ<|}oKykQu9tu;qpgXBwI^UIH<>$fdhD-7hY
zURZ~{_&RY9iSSVBaBA@0E}uj1bqbIeA5}J@HnJABdzX>%cNaB2#uoA>$`<+-`X+|g
zux|cVmbEN8A44odDGc~w{Ndby*kNt@DD=@(`l0kr*9-n#_rT~O<WypC<RRoVB24NO
zV!Bf>e}-9x8I0Og<8)(i<)QawAAfqP!<UaG9Sa7uU(DUmhy1gYHid08CFdo%!<meQ
z!|aGln&`-h1AT_*a5rk})_rrEk%L{vWwczl9HUGW!7u&+XFqSvcMO@t-G#kg!-?=O
z!q2CY@|&Yw`ZWBAFOpA`g{tStn^YN(8@0VJ;|#nni+A{itmn)dcA2}qLS+8@1d)!(
zCh^z6BwJ5KY}#nHWO1XS+6>%z4vQ{}cIVvtxN=QTbx$B_5`KJ-k!3<oTn<ySRIwuP
zKB`Gm)5ufhHU8dcf#}5I#A4xWUamO0gjg|j(SnQ0Ce<}fR(w`!HghvxH%XV}LDH+Z
zyTq+{OT3r$L1II(^~C2S&v|T-zMBq@6<*v<$}V$8{7Sr3x;K?CZYGT{Wk%9W#xH3`
ziXf9tO08H<My<G4^T$FQ>3D*5hXs~N`z&fRkA6B`iKeN#<1k~2o#tVLUNeu8hv<7p
z77cl1`Yp!3GNaUI!aL~={>$VorbAa2ky#kZzBH#)mt2opk6M>rk6sRmYy$N@45OIq
z1l<kj3Nau;X`icIHjAn@NiE`w3UXi6A>&=>C3M%>qq<AgTV9v^OFfH-pY}_6Dmgbf
z7mXm^ZLAmBY@B|AKD_aOu3gGo`7)(*xc#>BwsP0#*6P;4A?Lm1y@W%Lk0=+3AayI=
zYxt*Q?m9VL(%V7o(A8M(SnAN#q}o39E(-Jl@~6y{oIAtL9|sFTTfv%V<AJUqkKKl#
zQ51ZPT*+tGfmRW(fhT12$e+-1B<}(=lI~Rb0?s6;<fxGc;d11*=&9tcWUdjHLq_3h
z!x<!$lp@|-CzBF;L$ng<5>Mf4iTJV&k(~)_B)sG~(x+0d@;sT&3)tkkO?<W=InU+I
zs~wVECKq+5hYHIWRbEq1>Q9=TQ%_n?8c&%{RU6B;ckES=Rd#8m>cq>5huT)P&470q
ztK5eqkC^5y&*k^DhpdOJ6;ob2Uc1klhrox}Ly=|bW$Hukv(n|WLjv`$6q>YLNm+4O
zMhwzYveL}SL^1MMw$6l6l2}$Xax)UY>2rxsPsfy%OmDec-b1u;$V9{pHL~86_mG#Z
zMB;I~Oq|3m8Q<CUtao3>-gefP!F|N(O2xwx8ir6MYs$zeeo2jl1Up+fN^wdiejk94
z8?W)EJ0PnQpOv3Dt;gF%x=<gz>M-s)pAfjQ4bK0A=!ey%wG69;^_l^(b%0IYpzU#>
zEyoYBoger8AX&k%_E;f56xQqrfp*wonuxf+g1~+mi-Y#4_M4CSTc<%K8es1aoX^@E
z`CQ%%tX(x@rU()x1)%WMA!Fxb4b-7850U|4)(noatIP00b$g!X;`-aR+~3`1`aIfx
z0JcZ2ed%&BlloxF;}DF9P{;&kuIu~DM{WfB@qv(#+YG|n`xi!LeKh#FfeZEsbOS1F
zzHevKCf-s=Fnff*MEk@so!(x4)<NB_up^AzeHi0-KXyX}C+fpUho&<?9{z<->0_b@
zIoR&_0KT>Fo&5<$SBF2d<=+I!%tvwUqXWXOg9r2aZH@5t3i5Rh?B%YF%v63ktufnw
z&ZxqzuIPf*`26dC3?W3Ve@B=2%2odgSX?U_1kU26z90_eWP)%qJmhYQ!Kv0|GrqT@
z-e95MaH7#Zue<)*ANAQOXIAmtYYsd-H6%{OIr%-fr0Zzo!rR`XNy@I$8mCpM#;zOL
zE%|_IU8`GK<9+JAbUA_}r&DpN*ydEp9_LlTp7<7Z6L2ak62@D}#^+L9p%o8<pmrr+
zv~zROrQjl7k1iZhwLgBUvrlQ{J%O29vniERxhbbxbxBmKN}y0xuU0<ontxiBV3}GW
zOL6iOP#K%pTH%#^KhSpSOUm1#2ftSR4NV3d7&>L%4?Dd()%3Dl@=ws<Xm~~DEUDv9
zSptkXEU}N>*al=NV|uwpX#Fnjtlpoh0Cn-%!F8+X7|+plQB9ZU=&ch;*C)_&`7=)0
zq@p9=y2@NhN38^#+O{xma#?Teuw>%mwc}{y=Rk9TQW27b^_W$WIZ-8;%AI(Rt#Or;
zHx+TA=7!xq%C|&H<pise6K#U9Vi={?S(<RR&O8Qxsj+YRw9dV9qMLU~y}qMcgkLvn
zKRyvSpmXVM5^!T1X?wMD*5a2^&wFa{Mxz#ypx2gbCF}TM7i;vk6y{SyEmM#2*oGIu
z%cd%aj_;txpu3G-%>fhJxnW$pCiaN4$85{*v57}Q-!8Pz`h<NO(y8Ns3Vj(}w2xh#
z(?IWNLV@<^t=6(j*U-^gRvM|upL%j>b86AK!K!exf>$#h(Q96%Mb5m@866c(-qwlQ
z+daT41C4&r);V4-I%7|u80gwctp=?URZTFnB059Ne1?&La*C12`5-l3{t&z$^~yww
z>ZRgjI9%mvRtdOtnpRx~e$;qKdJV68BDUxG7RT4$6ugQS^FCTzb@Lu;mhCI=1K6oK
z2lv*n9BEbARDoxMqBS3(^@YB?8VbGP&Hy`7pNF;N=z6v0ibvL(;t6!G&Pw?e)t%Zc
z35c_&xcpb2i5B4JGWwgST6%$6RXM*v3xL2@$7XBSk*brLZCNae$6}w-QR>6OQR{<K
zv9?$IvZhzkbxBXnbyRn$qo$zqQ*{#mjqS~(xN=usC~MvXpo3q`ol=c+-l;>KEQBV8
zgFKD`Pn;xF&s&`t`m{Aer&j2=xOrizDyw|Y8r78u4sZ0GfA>+HEqYl;;250T6VV92
z7lrF*=ACbV?9pxj!@0<i-L=A?bW(|ma~S71_`a-@ObOqz-2GTs(>x(yqB)3c(&ygV
z*!mP@tNy4l^4LUIpKD*OMyG6gy%G;UoEvTQ4RF8qrkxpeWyN_k+vehA;`%r8#^0*a
zvE9+|FJSDIdv6?`inBUDc*;gyX2w=sY{m*GKxYlC(vInFX&&`mZq~tS(6hf#wpFFG
zJ?=`Bil(s!=CALsUhcr?xn3v@Pc($+h+cLxyRx0DiChMOPozl73C(6}uh<898I8H9
zCr6sL$6|W~W?4mHw7rdqT!J!f`J^;;(#Ih@nW(Voy3~{n@D}MdZ8?i9CV|blD9TVf
zcG@NI5r2q6SP8REyFXe6oO2b&(8XEptB;I`<Y%C|82*VkYf8{;Dj}O5oBLw0tsN)4
zvuYTRW<?pNWlc<81XeB%{<NrZvJ~w%2Z*qCn%hpZIBLnzl>?^8+yGNbjj&AGYD?iF
zI-;%s8s%CH<IbAO#7KlC8nW1B8rBB+Z0$H5rIBah=*08Nn>cV*YNI#K&u?6r4ADpJ
zGK=M17_tuA@`VUGK+t%8M)PS?;P{e*rS07GDF<!6dX+})A-Z&>tTH*qBx~kaQbx70
zrb_`^fjbK)6Wd|7Q>9p0Bdn=ftTH*e*`jrC;tDHwJJUH}1XZqTr7)U#WDoXGC05}G
zO|E9eY(IdTv-*%BT?>WC43I@~w3PK5V>ycq1CX^qhDKlAUM92SGg1y432RkT0gDw&
zj-e{IyFOuAgX0m|7;(|AQrG4g(a{Dx34iNlZqdusJ-;EbWR6tx6g78(Nl}$kOGRh*
z6s?dlGP3dQSDeKh30`70+KM;Jir>46YUE8EGo3|cI!~9ac^Hb(zDgf7L%p3k@;YkH
zsLreMj7iYjuF9!JN4L8Lj#Z1=vOAWVg=?yBm$#Ig{G_f-En6A(;+c%1=}CO!nQVu|
zu1qbT*#*Z3Wb>TgB>a-=ZYg>;POhP)<~!(DF|^G?!^nMXqFCN_%30bMndKsFeEuGY
zTX<R!ENgbpa^NS{ceQe+C)R<IMIKVSJlXXs<BdWNNhBR)Ru81aJe{b1<KnZr%NV}8
zEX~GIX1!FSms-_r##yCe60}%XoPx5qxCA|;O)0>m%4)jw-4m4~w5hxM#QL+k8sm;5
z>GKTtnMCi>)sTer94SlJaokx}R_>PFCj4@1YmS*yl+2e{H8%EpDje!T_>cY75a!mS
zqfH<UU{$ZZXNQM*rzAv5GM8~St9*Uco|f&1Wt}ixLUUHl_6c?hpZg<$DrKtHVo@{+
z$itpgNGfId)5dAMK~v(4hO(yFl3OwbP-59Bsoi`Mp}bp-S9x)eCLL2=o1J$-uVCf0
z*i1^>thCgWu++@ll#}4n+?aHq0N?DC9FZ{H4BJFZn%x}Pv`5Nqd6%4(pwsMH-D+%C
zEp$e|qNkNVMSD{2Vr3>7v-sL{M>=Ztv07}fMR8IMZwZimwGvv5PE+_1oWR^{6{tA=
zvib-tmG6vCUr=9>qFb^hs$H@rwp%>?Qz`Ua@?P3SyjiE;IkdTjn`1d%(~BbQM7)+4
zJ8K(L%j<XA-dGf8wUMArZo<hJ<NA0V>geKX!1khn9nE<yZ)Fj;>7t=Sy%#aZAY<ht
z6KAU{1;=E4-lM5~jZu6m-N6`pOp}+1Ny^}k3^bj+vikyNXLsQX6`vi%$&)Fys@Om7
zcsLL8I~Ra^Y5c{ewn>dqp&MKKFt?n>Ht<kK{B(0TYu5Hkv0+jRQ(HOhm{w_otD}2H
zzh^HF@Yl=!XQ1n-!qvo%7x%G!)-~HLpU<Z0@D=8D$X~RW#?9tGt$Tt~40x&CXMg!d
z<J^?~5xliSLEy1>Yt=hz^I|eN%9I~(@L6y7yArcww-1lmjHu0pHYz_}Dl1AUb$KP-
z&$C?dnOL73SM+RO&cj^=tnJYecN&G@@+fEMc&&y06^rKib+@UncOrbXqo2!&&v0vf
zVr(azuD~_zg-kFK@fSnVsk<};kHdXsjELASW#%zQ6+LO@E{7Ongvqp8rXb$&#PDj^
zK*>guQs=b0Vm}q#vo_IWGxFTQ(+*zCN+~10FnTKNW0BnihjVUhyf~+WqqxAin7YtH
z)51unV3*Fu)r9>ZCFD$$qG!I@g?RkI#R%2!q@=^4jWkzk!J7Ce*|r*|)&(77nUOlh
zwl;IVsm|GK<Gy70+(4CPLy0|<c}tDG*TUi?fJ;ls;AE$R)Y8_X$W}v1<7B*JmyG-^
zmEA*9ZmB&(H6^F!j;Ru-(e0$Y<F#aDKGLP4qv_sKM@s4LT3X$++tx*??Ot`Gqomoy
z!38H{IhAzT#&%ViZNT2Y&?UR-=U`<Nqa9-HoC)!nYZ-=7rOm=}17rPCi?#L!ohp}U
zb;-qW<Jlvd4Ly!tYp;dbN>N8n39pILX$(s>?IsF$14rRy8&|!xr;gne>FKLVyS3>?
zIxs`mEypcK$xR|#n~lF^HD%?rW_Y=_1Lw4>;d{1%chVbK<Gj(gMKOu?shI78+UaE;
z%ge_o6Cr8ojVTjhw5PK~JpDA2foFj&o5t$q;F_<}M~QRIr3Xu<bb{^Klr@`<_b7AC
zxyHKD?$5$-gX~s8Nu>$5_lpd`2vB{ZdhV04H{tqn?v3H)6LUBO#NFgE1iBio@XU`f
zn!JTpkGNELd=I$MS;qTGK+Ycz>TGiKXE!QkSXtqj%$&%L@eO-5m8%^My191l>pTl%
zob}Cl9=;lWGQ=JuZ394&#_2Iq#@c_H6Ekn`RTxp3saP7?uHzWWW~n-N!3;261s)zN
z@LL&c==F3d({#k$!&p78E=04o$`~oIJ+y<=zE0iomhJm%Y+V!Vtw~xw9UW~vORbs4
zes`z0&U%1rs;#b>F?dnim};fzZ%>86QT9b$kKKx$+WoHPR(gv_)pGgfu=@bTTWqP}
z7IzEUv7$ECYtP?Kzy%xN-5bw4;=-ZGH|VCSqscev_J@`x_pB4Qu`?|=h5j1e!innX
zxw<-)>gh!((~BDMc|ogI1^+SjV<%-IjKA?g^g!b42WjbT68|WNDb;A!<7}VT?2B1&
z&_v{Cy9_LK?JGu5(Zt!O2$9tRt)K51t6A0-zN8D;D_*|y5tLu>`~~ibTj&Va=(A70
z^btp|-icGp6QmGIR^mHR@c`#=FIf`vIzraM$HfHEk@VNdKjou)2sQH%rx-se^Ax8Z
zKP_vOhqL_lLHx_67dM<05xN_<P;`#($R`+`Gx9@B=w;^M6NRXA;ou6EGfVeNplm?n
ziXX>u%Qg?^1LIg*bOGxURd&gbb05dnV+Q>TseRQiQM6B!;8qRp=TKblJW8C<pQ8=|
zNs9e-ByrdSwdZK!Z`kQp7H)2EtbEp1uVtV>3$o)Sl=QyU3V332^o&k`#r;HdfVN4i
zlb!yfnchY_KSQh&gJwb_d0pHHi#MMbSmgL#Kym(K1Z#kxh}$E?gdk4#2WV*mb|+Xq
z?F=*MY+Yqg3+F7P>aA@mSaij47rHsZ$qY__z4?<pK@~EXm5`2#qP|ZV_aSG#kjio&
z*)nT}%W+ved4(dlR_L2!+3Xl7@hrAS|1(u;G;W197O=*;ToUnLaODWZBZX(xSBR~u
z3B)6OtXjC}1f!m2vg4cNysla?7AKdhY9&(z*$;%O35JmsQQ4{qXk678RT+3;^IB)1
zN@Aty4_O5EWtD}fDON|<gX2C*lRQh+?Rzt<v$V=XtoAxf+wFDxTJ7dG%Rk!%j`@}f
z+f?JekNc1{h;Gt7o;0c0oQ$Rpl`zpX%<~#1i0cD>$FY?>DlsD*p1)}wmnJGAMudwy
zCpI_&?^$DpZg`@N%mcmYDzT%rEw_Liwkl4^y$(D8ejtZLy9SzNRzZY{6?Q3g{;fz)
zW`(w=esGyA&8!~LUK!R@1j^(EwPMD=K@6J3^ynnDYSgmz!6h2j>4W1IOvhSw7I0nb
zQjf8{JvYnL_|mWbj#b_PSFK}-cbZ|qy${pqr%@my5{=Psl;ANKGE8D=sE~X!VFm>#
zQ)q?_-VbKDy9MTfv^s_{O<tPD22~;$Dbxar2tf`_5mPh~IfW*e9i-|46?NX~0t(Fn
zq#Qwan95R$=Z%WX0MH$E&Q7lxZt@#mJ(oEh9UcCy4_lXV-Z<CSh>n_-);GycTcFoY
z4ctXGLXKfThTB_3hwbW{k5;Gc3Z&12j$1~J;l~gq&w+n!JI)GXYm*z!g&1M<r*}Hy
z=Jt6ZpPF0NN0Hoxt`+~D)s<{Z>|002!ugR8H&=xHYB$1}@snpkTvf^{xlgC=(`qe+
z#76t$Sr6}q$D_qo&!ym7m7SkkxX-3rUFW(lfF16n>&m<}y3l8|(@I=(G~K(j1BZwg
zwtR(s&f@RAU@5$nMQh*iH^3ZsyYSYMEq&^4=Be!-lQ;85wswkLjTg7-+@&tvs9UEO
zd+S{5^(#$kEz`z_c0BfjC%jt4i0dNzl`={PBxhvCqK`nNJjVs!yCt{q;Evkb(&8nt
z`@u5rDo3rUYwmu<;`t@>x~hxNle<n$$H@b7jV|pm-z;n8unvGjf%YtCUz=*pCs=9e
z^zux*Q*(`X+NB(Rqj4P}`7B3Ib&XEtvIn-DTinTOQQ+Uug%Wq5sckPd+=vt8Qg*+v
zt@;IQiM`lTcR$>>aYCBfl`R+2;~2_TLHy~|2JJ%9_G{j#-}^Gq^SAntj-ni-RD0#A
z`Y0TGaSp6z8`gtiT|}l5J!I?YiOqv%ovsmVYu+Xl+g+3=GsUgKX?0#?tjg676~6x1
zzzgq$t!IFWcLhHeaCrK8FOd6L`fGKYj&Cg&cYV<Ay7cGMP3HSqPh9~0buA>_(z6q{
z<cpynev!%Nz_xGBLu!{Uqy=ZulCRb^q25_7G{PPHXUDce&K)~M>|KK%RL<^(uh}<p
z`nA_z6z|a9iw6t7<10AbZMWA}H{~0j&&|ubcipecZBpO9tu2ea(D%Rp*e)nT-ys9l
zUVeS;Y%6c*e8q21Rg!&~i~aVS@?+w7vh4YizJ9C}`MlW%D>~w)d58WoMg%`e#y?!5
z`g+Kr_-yifedt$P`)K5?e^2x4ArIg`>Rn45(u4cQTmF9FUrwIbi_S1e@n<!$y8Gdd
z9qfh|=Q%TAh<?4lGBroWJ$YWKZ!4kHGlDgi_zm-Id~<jJ=1P3&2?m{o@6HX3lGlWz
z=c(=)ud7sZuc(DP=n1{24~8OcPO0)@32H<Dy=X2VE2i=F5`IOk9x#sKiCyP*Z@;S5
zi-Z9L62n><e4q%hcqU~O`$i%?a9iTfE#jR%h2?J+QyLc$n-gma@e7C*LLRHX65SJi
zKxO+I9t*!R-Xmp8@`vM>FrSqEBfd{Prq36HCk>G+X#SNFCYgl!D-0Nt@Y@&lhB(RE
zmVrGFF#~7XE+6&I_KuK>-EZlg_#W#{&gi$iSQIB2qz|{LkTiY=RJFmczXiVpO;P_Y
z=Y__>^ZHlF^HvDJAHz4HeZa4Vb1BfjLZ1qL1^UK}{G%_UxL2ae@I>mC8kUchM@<$t
zQ6!rXTqzSP$F2yMEI3!jXpVtV^ihUx4t+&#4t|9^9bGho+hXxfbY!M0Nxo&ckcK=k
z3Y@}G_V-BiNVGKDH2sY6%zk0IL#s&SoPty0ol-c&vxL0kJ@ithzXLzaEn^=CK=@2~
z9Fi}tO`#o9J-AJw-ceWNzQEt%So*)<-4QHqG5hIn7C(ydVBb(YG>7>yXOw}DU>dQx
z^gmbKXq=|p5RXJJUPaMkMwV^iL`D}cc8;V*AFvoTVe-r1MAu^CSTx47M>r=aut6N7
z?pcixenj2S?%}^0jdYI?y?X2cq6eKRKSTUYqer8@1ht|QM<g^Eb(wSvvqvcRP%qeJ
zaY|48Z(2vR?%DRbZV)~?ZV*R)c2FaW{N}=x5Ua`e`b`j~E!B(l;%*G{aWJ+xX8lSX
zKP!s<Z!q2@9{<(YSZhD^IDIT&3{=Q@Uw<C}hbW34?LB&Jzt1n~J9}-uUp{t)lknRQ
ziPKg*CM)b+FC=QLGQO9=I_&*vYzv!BbdzZ=WSXqsc}-vIZasr+aMnmS%p)LN1Ql5x
zY2G{u?k)z#!XGORYD^4EL@na*Ag@d5axIJaDj9O0=p~NlH^CZ>?PY?UH6Pv9y0_(B
zl($q*A>nYDuw4#yOoALL0G%8S1Ecd`;Wo`%wueG5r4|hXq!m;DmB!%p3Q43}syotr
z+l7XyuX%JFgFfsN;saiIZmXyl8W3_~M-2X<^V&%f=zU{Y<R|@wnSSh7@`d%jOMd?o
zRYYz+ks{+0>x20^CU=2f%=DG(<7%6@H{TDOk4f$eGJ;ti0%jOzoBuwHXh2^WI>cOv
zMbk>0fg}$Ra~XTNKzPt7gycSrXdx~fpImR41m_mcgJL+&ZcI!L69$exPnl<sg7!6a
zu2=Zv-={fMOcbtcJWDj#cQF|1X(=}oO}24UPF>j~rF}R~shN28i5JITdCDzgD%Swj
zcKjNa$%69)m3E!W1h=uyecoF>k6v$i{E+)HZ*4x(+@I2882eJUDjt$K0n|>nHXcOl
zNeICT1xf0p26GA9))fg@rYjQ=CW(q5W|4z5W#`J66j~*9lFf>p=I}73V-eqQxF<@F
zf>@$h@*zn=6Jd_hocUQHTv#U3oTb{z6M0{Y8Nbp7CAX34pp?O5$2A$iCBcm3AzplP
zXzIl84H!^Xf3!dx1c>B&*FnnvT7@fop=4lwWl@Lo{JE5;t_+I~dAi__FFLJ%Q}(m{
zAMseI@;!wo{5kkBtbTZ&q+P-2zcu~XLi#|`!rB6&`#<;ab>#mH>Xh#hfQiQh{qz6a
z`se4K<}A#&FxAN@wngqyGlah)mcP4ZQm_}q3*rNr24_0|3*4qR`jg%hoz~wcsGwZD
zDIfyu=ejU26wI@Oe4ly}BurY^ZMpF&^gZ;c#HqynZwf;)DlnO*yy?7f*0Qu$8kJDp
zg41%(d&-J<OJS4!w}w>80AzViQU&CSJWWdW2KluzgrUGd*L=%=|M2f&9w3^*eL_x)
zJ?G5E0cOp4rKA6j$`mY7KhRtfUUSO=xP(4XEQ@@_Kag0J_zOnjv#(Pj(U9Wx!6JT-
z?=!W>S>L90iTCRv=c6limgBWcXP3w>M)Z;k+Ah#7XpI?RGx@;3Nb9lt;Jp~wmj2_}
z@ui!>M=k|n_UG)g=?jDipZg_pZQ&r9_3LP8Z8va8TtTraiI7yHT(KmH)+UZE01YIf
zm?=EDqFA&1&n}6EqZDYl5R4>uF`q>(3n9EjXwk2eG-p9B+GvTRK03+NVyk)hlM-jC
z4r1aJ3Na}k$E+?@*_4I-!CNkm?kwt~@nFYrZMwC6>~>k(A1KD9=gDh*Tn879wOv}5
zsgMWY`eOSEFC^FLF-X5P2~mBAy9h9)!1=!_pFfz?;S4-z3|@qS4iHgNMp07u1=Vu|
z)O%9uc;f5c83%4j25yZ9ZV{1FN|91ZkyH33)N@4Db7a+X{-}Qv4cwOg;{b9EJd{EM
z8leD<&;Wkvww@gO4~>C`Sfm<1)Hc~d?SZS<U*FgSyt1U=SB#B!P>s3dQ#0gxQoez8
z?f!KyKL-v42M#d;rq}u)bqjUD364S8dWC`7f<SG_ZjtVvpZ=UW5Lus)*N{_(jsvE!
ztOz`&<<OR38Zvq;KEGC^!An4!hVN+?TJ@6!hg(K%Lp>rw>is|zE?u_`So6^TfoyMU
zW8j+j;~;@J_qF3q2^mIr{>gaTBQ&w~x{PqKm9=)BoF8!9b}HC*orEKtkTMFBbrXpB
z*y}S9uI&`Ec7i+zBHivCmVJ`tgpNC94PV>vaXch|q)fbEjqJYczJ++wb!heS&)ec9
zu>(VO-;?M8W>TbjC=LC2BD(SS5;jd0_^f#}4GY~E-CuqB^Orqx(P79ZP=C=!ljj6K
zkrSSSKF1+9@!&s79G*m0E_%XZe;jS39`wC|r=pN=0EVb9aU4e-!vGuX!xm4poNc(f
zRc|p}PSCqukQ<1aXW(ALo%n^qUIl8w<0zqXtGJkbaZ@?XPr>eT4N1omUi3{70YsF;
zjhDXLj<1N4SUC?rG;*{9apmwuE2-_F2z35_N>y9x3$GqiCf)LqQtw#a5hO?O99)Gi
zKlarx*YrV`FB%coxmy-d$!#!MKd@~6^^C29o5nx#5xRFLO)b5^FUyfF-)Q{6ullZZ
zCU^BAaCvtq&dt+VtdsMp0t(pg-i*HWXU|Pq+r#RjKfl9OPv&mxA?hQti*MR;diEuZ
zb(bpsn?oFl`4~k9rpFJ#vC|y)Zef?qbGSi;_mD+$p#%Do)ta*(>owCwuphZ;`qH4L
ztvX6M`^@zH9as<gB?CaZbzLzZWTx12VnaTvwOO;YdY99--TqtWR=XEcjdx)_$?Oq-
z%KdPVXzS(@%HoZQcDb3U$N}c|62>CV@ct4S5HFGwG;3w9d(Ws?(ETQ8qq^JmHn=9-
zWE=`<z}Ip)@4nI@_GECb_6G6>Udp(og$Nb`ZbZb_iXTkOBc^f2TSnp)n#^*gV3PgR
z*0AXXGm1e9@Iuce_xX#NzwbeAPon_Sjgf?WMOwV>rBd%vnuL87rFfJ*xEk|T#o}p4
z9q0yn*0_7m7y-a2ZhA2cr!$fXt(WKWfmY{EzUU#*uAM)VQgMA_O7_)jVLD#R!@agq
zM0kTqBJMHd=^=sGN%J4IUvyIAJfR+RkmdxxA!nJ{lLvSZM4k}>$b6P2(DZ0yxbr!1
z_{1Vz438N}QDN;n?X8t--msG_2ui13_lG@34(cBV*QxLLS{(rx_VYamrQ;YwM_Hy}
zJ1*GvT_X-&SXr9dt|Oh?;yfWoL57Tc$RK{=TdG6q-b40e9f$_o&zKRFL>x-%<P7LW
zBr)lp)^M@OlZHk3<U;nQ-<22D#SICDgv?Uj$RKuTW1JeXvp9RQ(^9_^NchZp?C8fa
zULdlHdx!=!{vnnQyNzia;1B^?USr~oy03y7SKP4Qs+I1e4g7w8IKIqqs%(jvbzU*u
zM8**ucZ4-Bt{ilRxXiSJH%UDGI-=WxuhM${jDy(R)1rR2RM2zY8gS9yaK60BalE|S
z7_!msB1nbwbGm%maKyjga6qUW^H65ximjY$+YnC8L!42v%(|<p7!G+_An4Yafz}xn
zdgVk_6}4kNIfLQVJx5&LLE1dixXLe`fqlJ6Fhial{;hgy+@@;i17~5}Mz+g1^svqJ
zj2#tlSD|LZi_Z~y)b^mf{rl4FY^CpDIlQlV88!gN__E&g0CK%L6^#An_2(Tzs!ca`
zo5(Uw-KBXp%sP=3OqB)m8WJ6fCQ8$c4Rg!pCVKRq-`PM5N0p1MDbAdr+hU6`+<D<8
z(8l62$mVQaVr|(7&$ZNc(#6bnau7S>VLrRNI&QtwKx=$A1G?7Zo)xBCsuo<&$!=A3
zGXuG7<N~Jp3>^SLDTOVKq&awOg{X~DUZ|g0eGtO`bF0yvpAPX=`g5eK&j`fF3B#_E
zXg0vb2rA!YmuY=g6RDN9sRULFKnqrTB&gnA16w_(s*%|~$<lST3Rl}b0MK)vM$>c)
zuC2G%y6J9{HkWqZa+EC}-{&YS;XGP&8FIVMAm3MOU3!@L$%;`JtZ=7UusD#S-dsfb
zht^I)(dI|FrHoXGCdSNDigk0m{$DEnFUyr8E-e^kJE{8BWyKQLnnSzikGx=&)>h@p
zZrbM4%M^%a{(U>zEUvb+)FtpAwhs&tkKHN$o<+q%c%-9wo=p3HX}On}X?;%JCv_j*
z3%&yMn&HY4i+F`j(W*3PLl@6D9)tV=NwmbL&XbHTDfcfyTw9Ks-I2|(XJV6Sxg(6E
z$~^~JTZ@i!cDC*3v3Bi;azozM?I*M5?FX}#?R&EhL|>v^boN*uFKzfdzBT54@zgVV
zlFKa&Up39Xk<=@CB5{XX5u>=V*;d)To6VbB=MxW+H9WnrR;`u)Y7=frKV8+@dnZlq
zuKKJ5)S~^=#4~kVK6&%o_AT$PoS;8Ho_&T69uW83VAM*#+N?Uik}3gy%gt;20i$zE
zSH1pQV)o~*c-MO0Meh;bO0Ri3W1h|G^x8!~oN5w3*J_wQe*)b79kLOH+sVM|IeHSU
z)WD#DN8<RcZ=QtXta#!s(-2G&Ye(QKHJt(Q?lW2^eI=?&c_2@fOSs>^iy<a8lR>B#
zKod>>%(k9}THIA%$v`tVpN6)t#sO!V>nsq+Yi9Wu&>lGod!$7hKzPV}C}^dkZ+5mU
zK!7hMOgzD3+Y|Or?-TD}_Hs+X^xyh?FU0kY_%{3Pi}x?R39V-;UuwNs_PgI#fyxJK
zFYX(+&>hcs-UYUu&%Ez^zWjc11c$M=qc2MD8oq(O@;*7eLwX0L&se@Oz0+nVu1WfT
z^q+C3gD8kp#gP&!MuU}!?vg!;-jb;d{?<uQAVmZ-1)x;~Yvu>Y%}JXhar}XBy2HwV
z2F(|Og5eJ4o9A2qt&OZVIQy4;d*c(*EMO=1oqh%02aBf&?3}0p2V2Zlh=8m!KQ?aT
z-;c#8j(ZB^KIHM7V<Tg^dxr+{*FO#98G?_(xrAN?atXY1EZ>{5kHY-IkHXB~QcA{h
z&Uh;*J{jLYi~&c{h1M*fk2EVN(?nhc1pi@DuY&gD)MK?{qho-6=Ge^f==jX>ow3<H
zim_Rf|9Mo8fUBrpQ9`+~vaqWtdt&ySVFU9k@(LC$5qDuO33p-fx2V#$Xw<4`cgRFJ
zpd6q;x`JggK2w%_9%cKjL1p`D>rZaUX8z_M)^AznZ*Kf%rzzJ%c;(QqS!?B4T%*lD
z@Y@?^^2APmU(hTe=yO8ri{dbvX&sh)VGn?ID_8bm%#L&V4(pn9=~8>k4rlG!bg^lv
zR(o9S7yF*{t(j*>5bfaW2A5Fml2vikI}@BZYC=^pMbTLx7DQ<%IEU~bEZ2uv+3XJc
zFKLV{Q*)vIylK>MQGN(@kWRzmZOG8lD{#02+(%aac&vRyQ?Zax`~~B-FMt2h<EI6!
zAi-+8qdW(BAVJb#g7FzZ3>Dh_<rTz?6TrNtnEJBVrrkvQ0-1X01slAs;ukgL4L=X!
zM_}fUP8i26m9J+Qm5W=EA-#JgNuOgmbyCKYBximlN>jixQM65)b1|-cv#^AmGDJ@w
zHXEZcP0YSPRNBgq$$toAI>@*kI3!N>7|ZFLZ}WW1<DJzt$6(pZxbVmdo7QcZ=Sb~d
zw_S)*x?p|8uECqBVyKCfY67svuHf`Hak<46E?mN6wN7rj);f5J!)HHUbUZk|g<Z5h
z34Rh5bzZUB0yhzTpjHA7^W$ij*W2c=djnPx*J6RCtSCR;%52HiGQ81W9YvWv2Ka0V
zQt4S@t6ARZ%OCIb6ZO^V#+BwhI1qNZSrX080ax{cZ-hMrn)$KTcVVWtSw72rXB@C6
z-EKOmc56o$ZWuNVFPdY5q#UpK+!J`Ma_o@pN*&otGwhR3j~SWU(pesJd8qf5F;W_)
z7$B)_?uOy|Y7cix>u^O__JAzg*7l!tR>doC9wC!Eg>BK=d~AH^PnbBledIUg?#nOI
zX)j)0f_E$0ztlR+(Q7Q{S}aHGw%G&FkS<g1hP|;4!DbC-u9wmXylEE~1UxeboV;0W
zQMLpuQypZ|C<jP-HhB)y5_F8$G3=?bMv138UqH6{Az!k+b9rO8tXglt<)4uJpbqPQ
z)x-jEUX1#l*gk*wWf1Jm-e9~;zO#Np_@Oi=_6~0aTpOVl1alZv$I%o8h@}WoyTP78
zVPFS82-d`rqr%L&X3GCg64C)$NyLhev+a`qBknh?{bd=%l|PpQYi;}Y)hR$L_))hX
zx}B$=y6Mj<nKR5<u&zPtKRNGqQDy^q4gt?KGF)_oyQP6&*Q(aK2Fe_iSwwPw$)We;
zw>)_08R)t-C3Yh0b<$d%U>h^O3=o@Iq3^s|qb6ARfAACrcOtAB>>}ft%Ev^<xQ9Zg
zWkWH;HXevO7;`k>a`x46rGc*2&&6L+fX$F{N%qrdcM%I25hf8j{S0~e%L#sjtKwfB
z<0;0BE5f07VBf!0QHba6GBI}m+yNc{_kfT#7WU_(*85g?ka&YJg)w_Udrk~@Z8=IY
zjWLbai_qqrqfRlfF;aa7)+~A#Z7^<Wd5AADl%sG>x_2|2UbTB{z(B&jk3sGDG5cae
z)ayCHS2psI2<U&aiqDbgiO+nPnYzKCb_6PUs1yJ++gxNT{z4Mqg1}F*WD@y^Gsy~G
zneiWbIkx!7uf-dEeO7sSd7+Vd+NgKrNlf}Hn1_YLImZhmQ^ROw1d;;LRf_N~2HnJP
z%aX{tJ4UrW+U3o93fSk-FlN075A1@KH9#{oEXPm-RLhG(Z}1nzLU6yiKg#y&4rtWr
z^N`-@`#3=wCbbP}Y041J55ZOgZA`*B5OR*%Huw%x`mBRS5GEMCcXhLW&5#cUR)6w_
zSZy0LK6bW|8d626lBu_}{aOD3gN6z_6nIEzPbxx#K3PY$0xP0Q<IkCcQaP*{s$spY
zNN7F2?mI^dF@(SfrREypV_4CqhKm$hHyRO&OXd(Xi4ptfgM4Vg5ZMfQbjWE}B$Pt8
z1$LK}PNAz`2hA>`b%;C0)InG<K_SA`d4+q}%CN$x6_vai4I&^IXFS=MQU**fd0DDm
zF-Msq8RTefTeICb(XxmOdPEnQq<@p1leBh`%w@G!e63hFZH}c}4?77#JhZ)f{#TC>
zcCxIbS&_p@7Yn6Me2vrFcM;=O7T7zM@#*bazcwtaGmGD1Jzx!X<XfPm6O;^QV%Gox
z@ANG2h=s^r=mvscvJ)b&YJZ+H^GxZ)&|jDgvb-_&VSKQL@RoYvSA}{IxK7i4SC*T7
z-sZfRJ>{%K8Q%sAffbcm@E2s5%6l(>0Fi)1b@3(fo@U*N`?0KeZ`xl+ubD7?vi>_x
zrTrs)+uAlRHZBY8B~C?C!zGcmx?T^O3kM~W*SM?eW}jN_qBI`0fA+gW$n01k8g5O-
zaAbaXq%tNX+mU=P;@#3&_dgCmZ$FV`RC`PtZlj5)x72SBZ;?FAJTMjN;p=~&pu9lT
zQ)0a;LyfX<q%a^RXIoEn5+nfzZs7FadF^$D+N<)dZ}}X4+WVkMTTvhmI6QvJZ$gfG
z;JLAONn4p~R^m+}f{GH_fu&uEyg+k|^zu)P-g6<l6oD|Q5?Z0{SM`nXgTD9|sK~?A
zRRva{0X_Zda)OO`^ImufE$d{>-B(<4<v}m5;Lm<?xNZ=rZ_i9}JD<<ji~W5_@C|yY
z*A0H>>-+TT2b<O9d;YAG1vMq)uiB&7eul}?{As49zbglVA1PG{@?>U-_8mT_zX`qI
zam;|)_CjuJ{shB(aD;sdbu>lWWI1!$=Gx1XUi`=h^KRuy$&15989<^+EFl1ZE(`Hl
zoM`NnjV;9-lwZY0@CfYOzD+W#5x(gvCxJ{5^@2K+YjCSBR&C}y3BHgC^ixqlBvpgC
za#EcR+;eN&xm3fQsEZga6!a)V$xJ>F4<%lEz)wq=M`alpo#||rh{!-6nT&<HY&D3`
zI&7xYWi1%<t$}3wU-)m9@Jt4x>ruTn-?hnch$_Qb))zs$%R6A&|6qXe|5OuL|NR>C
z23ubNwu`!a1k=_Ec3IxX6<27*g%26VtxivE+U!Y9n8N~EOM}EulSheOHVNjUf&6d-
zAAKZBE33(LkLk*8os}PDQm6{qV+u;!ifVDuVV0vhHD|~JJ-twcjzgRGhMq<)wKV@x
z)Ftw^24-Xjir4DDr6JrsmClf*_mg_>_MR$DC!%(T@jLB^p(?6A-~A;wJn=<l(#XJK
zK@kov(k+D-o1QlBE9JuzpTi7m*$3|VKdNv6wb}Erc}pqK({{8NEPewY4gQ~+0)Dhg
z8G1qQghi3+Qnbt&Grw%+eTE#h7U;dd3Lt8(tCM}v=2PSBG@NNi-fNAU*g`JJ5Bj&L
zc0MKDWl4EDk?(7nRIJ$NNRNd`7uC|Mx1M~ln-oXY7Rux^)#mm@NN9I>n=gItQD=oX
zF6YMWt7#Ax#u#`>OxTZ2CYl)gux+H44uL7<4+{{pjej`T$S!!6X{hZ-A)ewNq<U1B
zA!Z5B;MLuL_C9Yeyhbjzr&eHEtRO6)qkdX{Yn-xFYh{-GeHITPet_U*Agl>2SaWBx
zeEjHcdN_Hyw9(XLzOdAsSMVrD@SbJ^xwxEPYgP<ZGr!)&CMz0j&>cmpil2D!5`5ab
zReIf;e#PAG!JD653jL$~^QjU2+)`6>;rn=P0Ii`OrfSWZpjFe?)atq5!tDcKsifFN
z&7H;yaMg{<M%H1cl5!$;?zSWoX_XVFrvgS!h2soDKxHsRZSYC;P2A2PkW_ATM_wkm
zG2Iz{Dg!)f13W4N&uTGUp}hfYs`%i2oiYa&eZYiXl^obfy+sEN@W<{6D}S8Vo5KV|
z)lD$}&H8VrFmJX>!3q(l+5#P?bT|j;IwK+Y0XMViAwAfAx@MsX_6)L9H<B{{mZl1z
zt{z%nhhQYd!q>nCQdO$1zE>B$+To9O@2UT;uAW$@D-(P3-dGo+&+TFj7{QIji@aKc
z_iz5eU1q`VB|wj81%<whbY9j1VJt^y!5j%d@zgdn;O)-=Y>EM?SGj+}GA0CLjt_JM
zbXP_fCNFP(hiWYu&0JMCt2|mLti25b+(l@+`DnYjXs0cLRgH&MH`&_M^WF$Y4xQBu
zwW?tr%T(1Ds_&PowbSirsVL398ucLoy&7vSGEf$D=4oiX{5!ATxVg{S7P%#Es_Quh
z(VgyH_M4u{N6hy9FngA~#nHqsOoPV0+w^*-?=Kf=jAv;J&w6SnjQ6xbzm-6+{AmOb
z^oa@i&((iW{8R_|b~F4v1(*eXw1H6N;r;sw1O@&Cf&(Feh#X}`nD(glxb`si=nSB3
zAZ<U|VA8;*Kn@3DS_eOM1;&Oz3P9@pe+VEGqQyavL0E%WgQ0>%fSQ1y%fpw!bF+bP
z_`}(QgZU!}Al0G#g9O52g1~_yfQo{Qf{=rhf*Scd`A7Os`hWMPf2O~dKQ~ksjQ$V*
z)ar2Xs-Glhex<a@dW{Hm_;Ijf;Ham5sUQ=eYy$9k2>+mvKxT@G@pD;q1+;+mD0RH&
zKv*E2>p3JG7y<|ac+7h^rcOX2*9^$W;6%0_sJ9KW{kLUE_AF_x*JXxHgIw3)5}gA<
zc}35hMXxWe3a&P6ZFulERW;VBnrLa%IY)5C==`3@y);8?7(7>a<nW5%os{+0(WkFh
zTcLCf$u_cUgjF5EHi>Q~Ln6^os!m_FK7%+TvkGViYC?=?R#rDJLr_DK{cU%F^>^|A
z+3%|P2I5r>zD#sRRQIdSNT0k<_HVSttOmU%y;iM;ow}W-oyHX~ZrVJuWq4(IHNnQB
z#iiw;MO!PU`k$&Hb?b^XYYUfFp$wt@YF7(epzNA!pzfM&pl{uuHPAJKjTo9k`_C{N
z<<>-fGwZ#UJA2=G*I=N_T9eH(n_XvT@TTFa;U;n~se@F+#dQi?6s?AqBO#Nw{*s=d
zz$-mt+88~faJ-&j7+LR-{x>5@`Gyn4ydw+oypV?cxRrv7P1w?Z_HUm%{}Y?;b9ix#
zbqAOZog<$jKD^4CK2*4S`d2ztI?XSTe8_kg8@KenfC*z0&N#$S#yf(0M{`QpJHc@O
z<uFM>6_YUDN?mwt5i~!|wF?@~CE&2|$6=xI-UuqM=OnM=f2sJ@Lw?iw|3&w%-PWnP
z__^R{vRlPp-D3QK*rk85O9|k-$S54SC>&oM?wt=<fYt}z2RbRHGF4dqv^g@yN<cWa
z$Y}%iz)>6RLnn=GCr$(1(!ed+JD#*k%v)I8u=hs@8DFnK{l|>%Fvebk&4AxiUxV-H
z5hT5Xzid7$UO=V>Tc@@}V>4sZxBgHbCLUfDD&J|`Au5Q%;RzK^rG=$I-78DWN+W1K
zZE15iUt=Ba#VrflhrJGdjlA$r#l6co@_`;<;1j;Qhf#?G7!Kn2aOMz9e5cz8b5U;C
z#`l=U_c!&J<%IZ{ca@4}XvRhp?ou(S%Nyb6DHQpF$Ag@$enj^EjgTiIm@SHb?1DIf
zqP#P4q#ys<=`7;K+vkzHrH_A?BKi77Mle4ThMqtlaDPYg#a8}e_Zyq2+Bk>&MNK^Y
zNaB@oop}CGMw)7T&yy{#vNrCW+H<^AB15*uH>qe=V1j8j9yRq>I);R%^r=To(ery_
zh}(@iBkK4UF2Lv+tH@7eb)~OMz|uFqC{u#lNc@$d2u+$z0+3ib6nAfs&?Bx`?Tvmy
zd1=HsZb$9`+kR%l#K*bcCB`3n*D0}C89PPhI3lv@f5(^58uxxA@nRR3Kwy*;?5y<z
z@g#IiMNF9bWDfrwbx>CkyhkkpljH?7A(!w4kAz=P^hzY5M_80FmxnYr>4idqUse?H
z?!rdYN`>5le1>1_RxbYDBSA8VQ!z+Tl27awzODI}tGHg6JETGrQa#H2dl+GnA0B9R
z@dn8kg#<iFc9j3)f=(OB1Cqp3LZ_p6guSJEbP{fqJNP{DFTJ39Xz!4Yn7hTR@g-ly
z&&Hy6knu16<r!Y>Qp<}kqZ!Ua?`2V0PTFyzDw0xMMJi=+QVGp`Wb~E>^xtL@Hk`#O
zl4Z2kc92Vwl%-i*;q&Ruq-aztk|zSi>a(7sPs};|n`fT2Tg_{|TUV=q2Zt-K^}QUU
zb)zV+D8^hf-sTXM>lb*ohYRkQ=JU)LUYq)y-<;1-wnF?vzUM%llt1X_V%10<iI}W?
zOo%=K=YLu7mw($8u%yms0NqM1|2%i%?c8q|YT&mHW@im?qrsp24Y+X~t+feQU`dMR
z{AK5uaeHkqx`(L~l^enk+VNsfRE3c%aRMSD0VhXz6{t68bsmjfxOfs1sdNc};hUC~
zl!aPo0cGbnn<03=Z0LdbPT$5x>5vtwji-yi?Y>(LzR9&+4gT1x_)40wVZNOI5^5?g
zFX3qK6OvEC-(P&Y#{wTOl}2mZ68g8S84Qtj4$~OL54zamN93H{to(;gus71Bz#Xv-
zpLnL*zX6qSt;sn^;XHh&2hH=zewd~^;rBdK!i)!dsSqNcq}lJBuwAd}GA=gb&5jlk
zCu0J<`=VYxNgaJXo~)3p-EdOjZ8tY)`}n6Q#J*N_joC^T)oRahtqldX#@#lWzr5E_
zJos1oB_9=<&*4n?vIBU}JkW023mOom{}Rv>re&9y$gfrZxNN+8<L97OPYN1rAJy&W
z@uY<Au?w@Xm%ef>$M*VbV#o~F5nWh__sY(P;IeR<JDQut<Q#}oc8}GIY5UndRuc1-
zxb&l7C_eFMK(r2cj;mX52F?y9@&H6=ynlMVq7COX!1au*0mfkCFp!EbG~4O+EJ~(j
zZA?YnEfLt0tYZ{kv0hbptbRG7-K(V0suVd8YxRW*JOD)6{GsBogaIMoO{3$7HoMwG
zJUj%tvOUu=xsLB-Cx_}`pJkW=t-Cpf2t3tO{-*3H?Bz8tG07?z{ItX7zi%7d`7Yd=
z3)r4}b35?rzrfnDyjN;r8}2ok9{H9PBwv-`rwfeR4Zm~XI$YC!r=KTgIg?jJreDCP
z+vSG0pr4h|XQ=E46(%UD&WRtcd{ogS%Mw=<F3s3$RCJ1xFX85{L`gZ_s<3gEa<-FZ
zX8p@Dlc)*xroH{W|5X1K>^nW|L~EEJhtCbw`ETHTC|h^HD`7dNc`0E#Xn&h^q}%6|
zruoO4=Qz2rZu4?}y6mK$*-~o}eX|PohJ>#>OeSj&UGYO)?Kd2Ersf5Zt1{}AKf~G`
z#p#^PaR$L+UANrKrPvut?mTdv!G*VRtU9lb)7q>T&}jZ8VvfD)Q+2R~%iXZ-E4wa1
z=q=>gno$&M*qRZ@vu|_GZPau%1gW7U+Ptf~pF;4@II)w@<UuFSv7KF?6e7jrHhlzO
zl24$H!5?Ra`<EjTl;p^4OjA_Xym^E^xwVe)bG$zA`29R@89_C%Vfojqiqb`_BQO>5
zZK}L`?OnWwDzDT_1^Zm0{m$6EG&aOhlY_>kz0n(ea<Hkl`qrBzV^b$<yw!78x$Pgb
z$5=f_{83|Kah6TefvkK7wa_i%ZS(lnn5@kh$gck)Ru<i3JUA;IwMz$73$U9<q1!fJ
z!JZsGxn|^+We%6nizU{K<D>NvW|ZK9VMMLlypTMjmh}7e;t~F_8Tvl}vp`J0Vf>5h
zS61w9so_ufY0b&10Ws{vQ+C34tveqE_v7ImpP6Y%5BQ75C}>1xzKOl#P2}A$FLr0w
zus8m58O^%*@hxYU3HHEA*cYkS!5?-seVpXj*zQtZ!sZELcv$TW7UN;5`W{zTl;SF4
zv_SLL<u~Uo`a!ZChdfR#kFH_Fv&neBWip=T+o|#v)lm!Go~vG0reB}i&zyXYecQ<|
zNMl~1CFero7TiHg_Rza_$i48;*}Btv*vab5Fi*1E-4wCUu*`|7I{AB^asoc%XFDF+
z+Ubmocx9}dU}@p$JaH}dE9^Gb$UY(_PDlR>9@^n;Jn{haTjRa7S?l69oip8ea-8FQ
z?F+$9+sXOAK56Cp_y@Iav$ryKS_=cI+nHEB87msa8XY$q#m978F{`OnKe--W02{+H
zun(N;=uhlDv1|={CQXzxB?lj6*cg_9eP9!Eo$L$oR*0rMn*On}bQX29^mNC@ung=2
zW#1Odepqhu<jk3epFCP#fLxG~8^bcN56mSa^>Y#Hzzrge&otiFdY|?g&3XLf;wKkB
zx%kP&PcG5OmA9y~ETgMoA6kA8KL?SwA#bDo^^=`M!_)V4C#`~UIehM<?gdc#NwK>f
zhvi|__%brmrQ|@DH^QsYKOzR(kZ*}QvEIcZG`p~@N>6Lq7aXTZ4nr~Oikt@vR4b|^
zx;;yED^qI|{=Y*rQfo8Jjn88~D~1m!Vo68!G}$8B$5hMyrqg?TSaLFr^GsV}IFZ<f
z*mtDvZdUZU+~9h|9f(yPQOYAqc|<9Xk;)@VlHa5~1F(;f>l5b!(M6Bh8(*zi8uz9b
zZl?$yv9CH!t<1djGqVh{(a*`o%&s!Jbuy+6(C6VZ4cBI<opEhyEcUXgsZn$Dp$Wb7
z^z)$!HjOEri)JpZ9phHtw8*W>biUmH-MPKw1HDIz{;qcs(e}8%i{$yr_I9x3XeE3I
z{qlH};}Tg0*t^q$qpd^TE5&3OmaoMwVs@L}7e)K=aGl<n*ou_CM6D;p)M@Ce;o&4K
z!oEK@>nR%XXtgqVv={j@*h;i@bsx89aPOXp{VR;=Cu00KHmxMvnzD>$kx#xyzLnCm
zD6JtTo$%n_02INlJgb8;VYEbVLZU9(bEB`~R~%<@2ic-~L9|sjdUw`xHbG&0m*X-q
znvCWiogCsL_}L7L;XmOg_&EUIhvRH1dUu+N)`{_J$W!3U-1mRwcK;G*X71zBhKwAF
zI_X*N=9as;D|P!z(w6uaV95>Fo}Wx`d=(Ghd#bKuF&fofiOt`!KPinpiH7rP{4l%Z
z!<<wn!9AQpKjO5xgd2TYXHGYBv?_b?l-0_maW)>ZWgkyOp6F%Obu32XJj8#~Jv|lD
z{wS{IcolxWrBzpIMce1_P(DNXDUYA>#Njzw{+!|vpD#HzCV2#o*Brpl1W%&(7yK8g
zr_oqWcOQG|<mUJmd>)>}#$~GHQpWUdEW5<+RuV5r>Nsx~>Gm3}k=|DKln2M>;YrwC
zy`z*HdbCxVXc=`6Y4ru4adN%`&WEpalAOvtcLw*|yEr2iauVPTKyXB-zHlj?YaoB9
zTY1zzPHT;zZzVtWOSRu}8n=Tz(GRAzgK6zxT3e`A+0nX>C+|_qC~riy=sS1$=vugr
z^T12=Xg;^{xtzY<#eY*zp3;=3H03Exv42-lwKMdrq;)(QD)OtSRn-&C)kNc0B6d99
z$DD7+9QM?lY^K|{n{Q5&jEtEZ$hXj=39Ow7*nb><!-#k)!nJi1w^o{XpxsCdB~L}J
zO8cv#smyF#2z$p>oVNqIN5>Z@g-)|m`gjqgoyBMa@=@8?O5D4*U{fsnxC}SYI<OD-
z=;ydW|0u@UI+eu}RV!)FQ##`FZPwc7cwULOyJ30V*6kWfpI|jrfv2kUFI6<>v-)xu
zD^)g*^OVO@uaT>}NDe>cUf-5Ab&~b6#IIsB2_8<!XI5Xk*wv~;w*Or%bdlHSl<2PQ
z@=`YA(j4jzzL-1svyz=<bC}IaZw|8=ujWv7pGcGk_R|L5a@bx;E$wAwr)_WoIi!JZ
z>-G!X(Cv$&+wU~HwkJ<8&$Y(4AfKccOQ^e_Ot@N_WQTG^G7SA|a1i-nKXtEz->1%j
z)3wt{6Q?wzQm0{G4L*TS@@KSMcW`@|?izLgtisNFeY}L(bqv|rC%w@R;Lf#yTV5V(
z?W-i4J<jRlDWY40x)Z(0sp$t<+PlaD({#2^J<57Ku5nDdF`5rclUy1rKDBh8bu(N!
zjkk#55;66t_L^viR$nw$H*QDuVh!>dR`*QFuCAv_n^IbbmF49LYJ+X1r?@@T-NNjJ
z+{Hdtj*5y!w}PH$$2`Vfsr%75^(B5^J89C3?D`Ws{xa?nL%FH_u6w%Wy=b&lH}r6Z
zGJJBY+8iGtCu}CW4j=;mlpG#_?^AkhQUU6oJ5IC6jl}`&yp&FXN60fTQ;YYjQFYzZ
zT}E0-%U3GPC2r2!Qy7b;a3G^L*(%?@2}|kw*NjeWY`D=!bKxv_4f<T}YsKoRy&O$_
z<TmyL{OguS+=5SuMmeH!I=Am>y1Cm)_B+?Y!PL4^=cxD)vt^6Dfn22iZlLZ4>R!og
zsYT=u!<n>aJ!5wox5fJy@t4_UmNVAv(LAr4g5~aMH)G!gZ!d}QPUKbO_5^tf_h|2-
z9lTrjdiyzR`Ba@tZ4b3Gj^jnj7_{?IX3Kicgm*?;o&JC#nfz0;)a^v#bkTlgH7-w(
z=O;;yzlpWiuV%N}hs{tj;UDD5fs|Gjqerw$#<SJJ<SHWYIj!BTo4zfpn|?H!`||g+
zsyn@|L%%w!Rq;DS;Cl2gsu$7g*4+#2WBUBjE{Z;(4Nguz#{Vwt2Q$ipb?bNYTu=N6
zeSPG=XKdtij&A*l5$#gl{cTU_lX0|RF7~x__YZ%>e?Qn0{TF!XAvt~sxuJgw@9Ubf
zD%l^CPl?rf$cZ<422O^4Jyzwsx`}v3_ERS})~*z7A$kjVM_QSubb}p<*mg2Q3EAv8
z@tFlLV~#cBHnbj|n~^VojbRzshf;UDiSOgA{vDS0!qxF|=f53tQ&^Z`V^{{t!(~|3
z<}P`sH1<w3)zBQ_4m+D$<WkrNe#mW|_JmJyr+bjM2gh{(a%;`i3ZKOC7|*>!CtkY@
zpUYI&-h+HF!wX<zSO%&kKk3%*?za70B%9L5wfgKh`WHSM!~XC!-ED0nyv@q+0@xUq
zp|lTl5wjo2bMmU*b2>ihJiI}z1{o?!FXFkYqT%9vH4zi<r|-4(#=!N$Y2wfIKEXXj
z@@L2mczOeA><Zd;p%@*t?gky*W?#{|i06>mRC=7!U*N51?$F&iS^<Yi6L-RXJh80<
zkBKfbyrA6~c^N#YT5*YJci}Tn`e+88>%#BI53}ql$G()dA;L@HT-jvhC<0l;A-<n`
z<xzIeU6NBH*h5!PdLI$KljvOp?_rM3$3u>MX1%BrQSu<S&JDVQN8>Yd+ufI==QHzD
z?;Lou5zdh8{Nyp>c|=%p8@+$9<9Nzq`ElpQW||4i+nTTe?ODRJ2E~;eTZ&P4;yHye
z-3y0de<${5Adh48uahQepcxWBj=mMFK|5zj4!_64y~&O6XN?^;cWCsJPLys!b0I#9
z&|E{y#}V__q)%Q=PNB`G5REZz9o<sub^+6<RPQUEEq%`MY4|XlU-}esGwA%JH=$nu
z=VdIPrq<KQ%aE60^C0qr=v|&qzf`&fz4y5Sc?I&LJgZ3GLMi<mSsVd3m+p4F0r_F0
z^HP4P-i5Y@_rS5RI*j0MI9&`Xi6)JvB{X7mC-O453fA*-TJN+EQ1=9yMertSEk$k(
zt6=jDa(!3}_C)^?+=gZd?2aaj_I!^fM6(Ic4bbGl0`$Jk1+-@^axScieP?VA!r#$%
zLq3k2AU8?3*W1Ok@@GSyOOMQ3(gcU`b20Wgup#<|)b%aFKG+2ppvh0S)!atDR&rP!
z-VXnP|9!}Ve6%G8@1q$Bm%&wOWq=R-s9`e?zD?;Op0djK4mlh7MM_)vz9284&F@Jz
z)D0MmpoG#d@P8F@PFkO{+)U{ZH0KeYESQI;As$+$yVBEK+U96Vkmtjh(7@`H{tGz^
zRuWyzT^<O}=joS2+8@3~%uk~YM`2B#*aew+6&1p>=ye-vVHtKzyE9MVdvvRxpXmxZ
zC89}*sTyK3PqgpB^A(@uztCq%j@D)7d0S@hV14rIXKz}cfBk|yH{HO=zoyTnFKvm&
zL9IB^Jy*OR%XTGu92?X3_Gx#62zw)sMebCx9Zgxrv8-+rlul2d4a@2?ee@Ti@1a`3
zmzfAl-mTJT0GdL$4A0Z3)dtPASbj+4KZhsKe2z{3bQeZV@)X!XHqqT!?t|apv$^jP
zyvVP$wBD_CB-%e`)`*Kz_=aC2B`2Ibjv2U8n)nZ&F{H6+^k0|oT??YUAgy=o<<S>Q
z4hu?jBdCD4$B6c)SWZMgMRZTmO^xgkol4!~#D5|73mBdH)cU<dpD$EQ>l2ETMBrz7
zcZl948Vjc{%d9R-UoK~*lw~z(j1FUeSoVe(8e$l=&CG52Nn!sJmN)a1X~+{{UWU^5
z!RI%`zY_8u{P?<mgA=eUfm_mUcMHoCjnzcbuaw60?%Q-l#~(AJaK4jS9gccq&-@P_
zg73qS$h@vNM;FW9Q5rIB)CoU3;iFou0Xs|Z37KRM^S^$&zGDyc3(>zRjX8wA0xZWE
zJ?-ZMW7->^b<unc_rPz{CmAnyatkJ5!`>8-6M`b<hMzxV;IJ9`p7=jZdlsW_p*d-p
zZ}xy{#W|%eGLg^EAE{N*4~nE6hdhq{UW2#ayk|wjQLR0d(mLoXL%$=OgZ&F++Rth8
zxoCcZKIhP{uos%ok=d0(A6v3ez)lxDgXU7$7UCzoGVM-lA^9gd9m^Gvy*u0i2f&%=
zA5gB2$ZX*TG;`re__mKZ<1*j3R<eB#c`~(b^Lr&TAz@xMfeEz^An&5I4f4v&xJ!oN
zHowoJ`3OyW*q>Ovi+&G$82ts%?=J=E4_*7&5rRo*a$yD5!Zvo3W2})r@DlVpko_5;
zD)gt9TkyjU8~Q!Emfur|XIE@KXCJBL$5%T@SR0#7en<9uCEU**aRuZAWrsob=$H{t
zICn*U1pCm(ZKe85s-s`6>CTFhA2nYJpU&hc?I1nLU7O%-evC>Eu{zY#V`P{r^tTLh
z8R}Lcd%OfcB6qdJrhB>r*;V>1^wrRZ<dY@%d^jU3kFh(u5fMA%zcaNeqp6JLBh-4D
z(gx(NTx`zcDJR)G&dJ#1l8a<noo^rgop;E8PmXJy^6l9c$zj=}Ka-RBQ+(^G8{Z=P
zJ=Ql>zUJF{pYUyy34Hz)A*cCvtCv4Y^maWjX=?OoqholOcXUVj9F0%b!fdhhg|MBI
zXUBSbR?gm{JFH#nxKMKVq1E?T7K>4_)tz*^EX@uv7)q_KXg(9;&1imxhpgUD*3I~o
zx3RpXY3;qqCb<I3)?&B^R<<=AUySq}lBtnCXDNr=34M+jHIDY;)5&Hj{KMB0?QU$^
z!>-YNYCj&9i@`B{N8PogCM^-O#JC3@iePuRF)E@ZdLx$=6{;n1Us^R%e)R2Y=UIO(
zGCp$mRx?Ko$Euc#PhYi!y34U&7j1xRl&_*?_+N=PXK!ENS-s(G>4ROOeG(5Jig9h^
zd^iuEuOoMYmE|)yhP*XHwQ3c9X7a2fVss<=C=5isUos(b80uSyQLvd(edGOafxcgn
zAI?_R3TLRzp+31@EIBwD>U)N}LcQOf6HalQ9=iM-G?#s_3cd@^7Nf`TP#n%ut`7By
z|2@$#I7_({O*S@Lc;ao;+Kk*2HVU(pf3T?^y0cAKD?C*Z2=ysvSINOPSfu|VXV^U~
z1FLDh!%^@7SYC`8;2}?PSP<6MIttw^4M#{0D~Ikb8LUOW3Cmn8Yf`s!pwn82w}Zj6
zTA{&Vt?}SnCl@1E3iJ)hNOI65Y=MpT=zg|}PE9HeVmLe02`xKZ=R9AT@gwGB<UNil
z(foq9g|G$w8wOtyLl>X$L@-(7g63;HFTf@xnj@-Zep5@_NVpZ3F19YamR8ie1t)*u
z<eIwmr;FpV$ZgR-FFF3y&81J0#~mlb3&pss82t+tp~;5j#PAIGB=-HW87L-cY&yeR
zD7^&v4&=MAd<*`H{(STs#8gM*p|BA)JCQGg=b?EAc`ow(us51Tw5KBU&yA5!(yFd#
zw!uBrDnZ^08=@HjC!wLgwheV>BU?(}gGbR^iQES{#j|FL!EeYudLQHAZfveXzZ?BI
z$Xk)$CJsa+dJb-f&8YQBDqo*{_;HaOmxZVM(Lv6J<=~}$bR^ri{TNA(2EyCmSiDW~
zBSo!xe!P%J`H{l%E%+<?^Tkw0JU2qWleV?Op1#=od}Od0fE@XlNE42xJ+)}LFZ~1d
zB}$u-M`BY69-`JR?EN^_hSg~;V;vKv*v|pq@`s>r)u*)F&*7i298KHS<9`VB^KB3_
zkhUeaV#%|j58&(A+z1DwIgDIh%-SoTS<K|*Eb12E4VzRC^sQ;hS$@3`y~EUc6PqgN
z4^p>2GTx%^kh>t?gIosL&#1}xDPk1T^y?D10S<)^VtF&Q)*v%OlHv5-ug3#CcLs7h
z^xtDiG*T0gLu%zB-|pu&Pk-9S8P=ih<H(FxNc57&;1V=GSIqV61rO&i%3EP2+T0DB
zJjj}g8z3_-_G;J`57#00gI8cv4EIwy40`>UkQ@@SmhH3fa{RvrpMndqAs>cIsr4;$
z_y`)tBBU>NC1lOoi?Lh<{|Q&%tts*^*z|%op&`d6*eB$o)D75^S8amKQxfv3JqB4L
z(GSS<C?1D~{Asa_h;YaZjJ`x>mBp*ESq^<pn}yzI+Ls~Y82PA9hh)Y0E93?6FSP0c
zESW_S>ms6s5xavOLoGiO_Ms;ZDKbFZ6a7Z?tik9a$l6byr_K40nPcgNWn?W;4Sg^C
z__8}BWLoRTi@KJ~5cy}VgFB#~MLxs$Oz8KcdubbciuL;%vm!bLxhiC(BtA1=#_YYH
zd0UZryN5N7AIqwYiF5QGrDS+}HuQOb@r{|!(R|u79{&$OW<oR(`rY{p<liBlv&gPl
zv^jo>TCBK~&uPz~XLJ%u?Hkl3H%24WDq~99!5Z*6?Ko+D!Z;aTD8^;Q=wGl1O*Ski
zhG)PhvG0$~Kru;U(;41E=_SZ_Am4@MTku!(=cC^sraB@Ig^jS;iF_G656wHsbCK_d
zz0oY9Jr$vUZj5}AR&_<Q4ep^<3G!ap5X}fU2@U<VZKyjN*;4u*Jc{N@<UYtLo;6bp
zena-r`xp;*V{;Yy-RRFj-irJ-aUdGeb8tIsM%~two(?a?5BAY*a4ecBl-7fzsMQKR
z{_TBm0E~F<XjlsmUjGN|OWn=LBeAIj55Zm7`*_xd)p;T@k7;e}$AUK4hoEoCr<D4+
z^b;~|u<P+W1p09w#7v-V$*oxOtmp&yIyN`L!DtR6mlv}b%`9eAau#(9@P<vQ2O9KQ
zZ=$I}-Gk`sBU3l}4!H~RJ;-H{{Wv}dZ$`5QnQ=*m(+fYt58!hKay#_jV@bbK6Ocn{
z<s#pX<<rP@uzwtxXovJYc?>Q=<5wK3z;;8<gUrCV0W#6ESHrf{x(>M?yaJnIxS!Ht
z(Cg2HthkVwZ=Z#i<Nr1I6kLc6*&|#^t#8HP2pVD-(q_97GQ;h~SgwNqge&mY6!{ly
zdcm8}kdYGX6IO2O2JFc~HbLeo30cS<gUsaU2V{B_k3&PYu~<e#GGv}aUm~*>;?>wJ
zhdu+$Lhtj^%aB<e`KV5Z<dFC)<OT3AwCVyZnIRFgH=>0RxzvuKmLKtb=!rv$H4^tk
zzY#qvCAtW*LX+odb3SB-SbAX@SxZzy-wQv!<kEz^Wc_$i*Rp;i|EzUz2lTVZ=K-H>
zeD=PVwvmCY-vyWz(J9DPA*&$qnZeupNRsR9*^u>U8M~Od8qMcf<Ei@qWR#<c(C<@U
zApZ{WnMG#HqCN3T)MC}7d{%h|J&{i+wQo?D>}1A7)t&q^-=9fhy=T~{cSPYHy~Bxy
zMEc~tC-0Fir*v@~J561_eY%i0X`wXXH|Pt|Z<nPxC`~X5eS0z9A=;Ygk6}5I(qb{`
zh1?Ui#^(`l$<uqo+4}W>sGQ!Lg;UYo1dr?cPUZ>8Zo86Z5AV}f@lLD?@5d%m`nc8m
z|K(`vQaT*_58+mLKySAk^{(s;-j!A3E!m-Htt_QCrHW5*YUWLsvo~MF!}Y98^u*)%
z$?~Okk)p?2vMtogr*tuI(vFGgk)^*nO^;H2i)mx2-dOhL)Bg`82ThRsQrZc56Y_2>
zCrb{}c*vpj4QlN|uI#;``7*6HY&9}^d1wI#QhH4K;14vDsMP?=Cy*PXPtbHgo`Jp{
zPv3xt{gjTEobD;wZoU^r-^D#HIjX=@&Ojb1T6_lO(QL<lkC<3WX+zW)hHx)7S;*y(
z=ZS8#q$x(ToF^{MlxCw*X*IY^G(RE_!Deixo#KnM=UwFPv|$UDJ*oAKzMl{dOmEPe
z+qB-|cFnY3^L!4qregVqqU~~>VoqOzG~O=3TU}pErC~n$is`2`f^aKsJ|Njepsn`D
zjJ?wYSEL^!E4rDJ__@)J(g)Id?>baAQ8n0FjE&LyZGp|hsugaO-u%e3=BY=n7q0!L
zuROaMqLp|ft*R<HoGs6B7y7kXZ8meT?3GroxK#el-ST7pplz-7l;8}N+FYLdEu{yE
z-fTFPZ+aX<&O%OOvje$&dI>EoV!Wy_n&c=`L2n@G^^wfDNPhrsrG-oJ(2-fhY<Fwe
z$KTmRua@4fb71LrjwPA#Dnonpth%hD<FFQ-4O3zkqn2W}xK(X98M--;oU2lI@+s1L
z_|iWZyOpqrwWhkK`IbmFpD`<bDg8$CnK>|!r)*5WN=$gi?$;^t=?=%zul?zsTG8nt
zSPo&%EMvcu&vW4}EO)8YWj&&oiTM!fs`PcZE~EFeVi`}7O*=~8r8GxvvoFx{xA1?3
zW`%trGwUYGn@W=vw7Iu>;ZC`)Du+<_OTVtQYFz0W+NLa8EZNpf^SOX5UGLT~Tf7aQ
zT!{8pzv?sXTtiFt(rYqp`YMeVZC;`HxX6sek34jsU!7=q6S$w5b|^F7MiRqf#zh{c
z!%=W3?1Q(BMB_s=k075;tvSfO8NubHClnLp{iY|U%{63NX{HjxXBg!)t=gKIt1&TD
z-N%u4vF?tjZaklvbD`|*cdF~|N?P6hW$$)e&BmJeUz{1iHH?e6&X0&@xXT;TOlJKK
zr$;MT>4n|~Z{z)HMIVyE+M5gIjrQdDc2YW$j4@t*VsdHRl8m%Szgy+jxc(aME7P8n
zlG8`iG!LVbK8K?z(i7dhI>8L7z#6YYHm;(%N31rd3(2lpxmWNMgNH)evoW(@wA7iz
z%%QbTw!5+U*=2E;&E((h9r`x@jYN2z&uN()(uI9WpSm6?Jx}Wzn`88G7<H#%c>sNR
zjaR~M<+7jV(xa5t@_UVX9Uckwt<KGUmtjN>(4J|Gbw6fHzSct270tO~%s27ed9RpR
zTFi`<rmko&VK3OtxbKD2*bAB<7m>+ZkkvP1c{`;YDP2e&UY}{9vfLUXwuW9<#-c7U
zuR&{%sBLbZtYLmKdws^p?4fRNGV^I$dq(6L_P&;s-snGhCr^5A^z#$WBqy``yHlWH
z#ciiA?1Pz%q*>aJ))I%HF#V{}TaJ;GYPFt{v0uhKFNPz@TFh!RkD}>B`)6aHBTZ?W
z(k~g)p7ceZJ{J*(8kzk|WAT~q3sJhBx>JolO&dt7-r-ZH0{JQZRll$0IM7+%#(S+p
zyouuNUlyOam@=|)9H{qBXqdz41+l*EIY0SDzm$dC2>Ep6tC7z{zAWD8I5FAd*jb;U
zrwjD?yDOcc?~x`&$kO!H-$ka+<nymVsWy0aC$w}o^wr#0xwBdFPsc89)#|t1K6YHF
zPw>r!sq6H6Vu^mQY<_CKexpo(TbKScwOqeAC%NQz$?46B8<F%=sUP$iYpOatu5Ym>
zUpp@IvVLE}$-g7Z<{#*HCTjEBiGKO**+k#A{a5M=>New-%C<R<g$49?Bz&0Ojfl6P
zY2|ot;!f=8XHpHQRS4yOI2-|&Bu5>W!VyU$wE;i(>aT3lg~)};EXVtjc4}K{D7|js
zxHZ+!aYy2ENNI(X+tbr`CpnJW&@WBgd`KTm<)YUw&b^h=ujjpzyn(&W!2d|}J8}oJ
zDkwflOZ7U{pSmrnD|vM?)$v41-wmFjzw1oDr@!G!k3-&sJR-S<QN9Mb0Zb`+sSd~&
zArC{YhkP|rx=_zz=KKSWNMgpKH}Uxq&G+gxvuH$85w>DP<Y6^jkkVL;frH@$xF8kb
zEkd4yEIu25g#Vq4Zz=83@6nA;){80aL{0flohdmYOMT<TQIRY_(+Bn~QQP{Y^PyX(
z>AOnYj-S4vWV2)M^g#5pU{%%4P;t8f_DN5I@}F1oAa%dO|28!1(Y%Ca58TIdUv_Mn
z4)G(NQ}PL=KT~?hu@3q^>3Xc?GQs@6bTd)jgi-mX%3ntf9%k;&A8`9{vrfC#wLLGX
z>vm96T5779awajgOnp<?G&5~XJ9DwQ()2dUbv?}>bE_F?#+u3IZZp#qW@?;bQs#8i
zz?^EDn{&+t<`UD*^f5QP=U!_Dn_=cQGtS&${$^&G`}uG9`dZ~pmdjTST~2S|cD4)6
zrRFNr*Yr1`>1BqPd^3vw;_x&x+dSZ`qsx2r=xVz4y!xuTW=OA|SJpL)@l%7}<F4cK
zeU7PW&M_C6PNu8rZf-CGOyqX?>&#zGff;Qkm^;lq=3X<GT4hXKbEfm!(wygZ|IX%W
zbGCVql5A7amDV#gO(Rp?v@++L4sQ3o-1IOvnt`tMO-!yC>N4`}W}=yDrn~+8p-ej}
znX={#bDBBJ$*oOCbD6oqTw`uBd2Z)vYOXi8m=R`-nPl!VGt7Nvo_RR0<><U<Dx3))
zfD7SLxIAw_{_W8Va6Q}t--o;5mw5w5501WrKf~iNEm{l9<mDBNv=w1(*aWtNU12U9
zG${X;zuJ*-ESx-O_=o~~H=GFz;XL>#Tne8YGHO7cErM&{t8hCkhI`>5=Xikq86Jme
zF}C@`#}ve6U`1FB)`DliMzC4_h`ju`HEahjfn8yDXEG}81^dGOa0twYqu}@v@-_ud
zgR|iSa6ViFmyH-TXn4FFu7ImXO1~by3b(>{;SRVP?j7w$Dn0<eg+IgNFfAs@=v#&l
zNy@>>um-FR8^Fe+3-U%LEnqv?33i9Q;lR<OTbz^R!`tCxI1SE$^Bh|yi{Rt12(E$~
z;TFeM$-A%^eg+S~@8B`V*2zgR6~Zi79#(-h9owYp!W`HHwuI-w_M^uP9G&U}uYf&Z
zF1!&A96e^_=+sa+9NrEm!l`ij?JnA>Iq*Ta5H5y~!)KuGg`vwmRsVy3Be%M1xlH$e
zBe}EHzh&(Hm$+P-#gC!?|M`EG|L5hv)cs#9|0fx_>{iZY`u{g6Fm?V9JoQgAVniZ#
zlECo3jU6s?Vl`#|G%NpU*8X3t^ru;m_FDc8{s-0a|Ea6+ZyC8AtGe5v{xhitQt0-k
z`v1|t4cy-RpZuHScGN%rZ{YUVf6uf21pj^90#ox(u;QO$E4TZPcW0l4X1O~%y=8Wr
zL*{sp71RhC1?L4_gWkc=V0<t$SQso1)&*|`yMsf)@h~f_5w;BbhlSzda7DN|d_Ual
zZs6&td{jGX7PXJMNByGV(Uhn#S{$v2Hvcz!-vOpYv8-LyJ@a*cGd(@9>=KroB*T)H
zoO6(zbIu3|>QO-yK@sCIiwSe$U``}KNrEC`0t6&y5Rjn6zozyRcUSzc_k{c0=RVR8
zUEPzm`>pD#w|nNBk!xxEMt@Id*tWbXTYXx#`h(f(i?h|2WUAA+kvlTgW8^X_g2GI7
zZ&ud2`8n(PVcV?NPktk7J*8XL>!*y$R-c^h_@}bf-^y0sk+q&XEnEGjZ1oqj)z@Zi
ze}Pk3_ZLdaS}!>>TYXlhI*r?scV*kZmFt4Mcv40WOU=!YrN{FghkR&m@*G!WY%Nnh
zA=4AGVM4aO+|lK1Lgr1#VhLF>Yb(ml&DzWIJ+juTG|qZ_l_#>+s~5{!PdC}>He3DG
zZ1uU>>MOF<S7oao%37~6EtAzzq4xA_^=w+L{c^T?_Wkp-)fZ-~FV3pfdh;o_gw$Ys
z2!`Pk9AySk0(=l3j8=o(6xtSjb6C2bYuq3@0tM2!{EcJeZyZNQBtgvF8ya&@=!LOR
z)0P+>#=~^nQ9Me=9mnG!@FboDX>Yf;gJbWocTl8`EJ(;^vSrjFktCwOmjhh#6S-uH
zEGN^b?#e(?ER{KA4nUbKlj)4IvMfkhNmioPBUYpy<)&HH)$jzYfNgLFlc^_~`j%`S
z0b%Yjk5YcGd5rS=2!k9HBZ`p6O{3Xc-LN7^k%QV@iKPkCNTyJ|GD{N{0711vl$)>!
z<q=|$-KRpa@CuOBUoR}h(uAc+YO0rEX)+yIHgROR#F6C_M^;E2`D=Us&h5RQ+xq~w
z_t!lS@}7ry&%>GbggLl{N!-F@ZsD(ca`T?NyeF0S2vC9&4PIYFzbMHe=xmWf$V+pV
zxf>j6T?|Nvq(w#7K@r`T&R_+=-&PpNItA7y;u$<cn!Sh@2`yK+;P7=_zHW@Kt3;|u
z1ucq+Vh|UlMQQM4E7=NscZ@p*jC+-P6$I{hcRW~^W+@Q5likUX!@bG9339qOyEj9U
z9cG6?E<3`GfMh$$j)D|B#*Ts9_9}Z7<gw%Jc*tw7wpT+wJIPLhRC}$xmcQ9?JruAv
z+8d#uonogzAv@Jhg~Ik0dkYk?x7u5wsGVVFKryz-;%t*8?A`WmC~2Rw&%qV;75fU5
zvai|KptSvm{Rfn>Z`rq?tbND6LvHFl`yQ0H^X+`7U>DkjP|+^7i=mQTW|u*lU13*1
zWxLw0hAQ@R`#Ds#U)V38nq6<#Lv{PL{hA!iclJA|VK>^1P}6>IzlU0Oi`@dX?GN?`
zsAIR=?NHb5v^$}m-EDV6eY@B0g$8!N-46}zL3<Dy*~9iQG`2t5AEAjoW{*Kr`;+|%
zn%PtK6g0O#+n=F@J!8*6OMA|qgI4x}y#TGlh$gfNWhkL7>-$R9cRR8b589Kh80ZjM
zvX+iv4zjLJVG>za=P;S9t4o-htg366m#nH=m`YaFJuE<Dq(@kY#z@bw2#t|mVTrH=
z^ycqn^a-nn)uC@#Bdh`a!dhW1=pWVz>+rhAG#Ve%$dW<~VJfC#LAaUy%5?07eP9NT
z!Lcxtzn4A>C*UNw6KCNpxR<!bV{jiH!((tip2Ab`0G`FO@L=SK;2{wcF?d)QVc-#w
zQ{;q4MQ)KB9uxURewZzai{kLOC?m?i6CzD?fG5QyaSbdM*NN+3iMT=B087ObaT9zj
zri<yYOx!MRhvniy@gS@akBCQLrFdR^2dl^@SvV)F$!c&xHkM7{Vr0`O<dgDAl+GmQ
z8FbvS?pUnij&sLhRd<3r0js$a-HBM;o#IZxba$#d6>GS+xVK<UcT4PktmQrCy@Wq{
zpZhKFg6U@N6xW+)%r5bI@M`de_$gQ(tQTi&OWRIrJKPSJp&e;Q${cpI9W8U(v39IX
zvg7PHnafVF6J)ZTXeY`PdyTzD=C;?_>tr5#gS|oKwUg~+na|#2Z<49@W_z>DZ>QO5
zvVfg#r^|x&HhY^aWM|r$vap?HXUQV=9(#{0YM-~y%VPFb`>HH%=i0flgq>&S$&&VM
z`?kEozH8r=rR@9meOcNrunS}vyT~q*W$j1yBU#Qax65UDyV9<d73><jMpm?I?OIvM
zuCwc8n*GXtB`e!+>^HKC-C#G!s&<pzB&*rYcC)N*x7w{T-EOnnWDUE+?vOR@F1t(C
zvU}_vS=;Wj`(zz^z#fow?IC+e*0V?K5n10JwMS(Gd)ywE4ebegLN>Ce?P=NA{$hWT
zP3&2FRyMWg?RnYEUbGiwb231bEkY-BWXn*6O128)VO+Kj{m_?f!XOM}+mQarE5n>&
zPT4NZ73Pxd!;~;Zb_nx?d1S{hUzksJ3iF5gW#_P9SWtEe3x|be*RW_<RCWtXh9zb9
zuxeOU_6XC%blEek8P=4&!rEbN**mNo){}jBo`=k*s<E#v7sWp8i+ySHP#g;AyzjgZ
zLTRNz>gjqqjh?@}@n7Ef-{Xycv%XZezKF3492wjFmyP{pWB(=_Lw6K${v23LRFln}
z9#8;kLt|(SouC)ZIz|zHzk&F`EVv(L!?W-zyan^&V^|IAVH50t18|&}Jzxw?d@;!Q
zhw=IGk612<FJZYbzLe#n_$MUiQ)wB?`SIl}7sOYvTo_-;a#8$Kk_+g#)hy@7*RWg=
z|BU6r_~$Ga#lIlAkd9l&a(?_vmJ8zRSuTu!#d1;n8<LCYxNlj`kAKH<L3{(th4GCn
z7sWpYL3>wGz97Dq@`drQDPQz2Ao4x;{KNR>1TtF^$ZSm@^FsoeZ3$$yClJ|@KxAhE
zk=+SI_9PJ5n?Ph=0+Ia*L=GkpIg~);Z~~Dd2}FKOAaX2$$ngXsKP3=3kwD~R0+CJB
z{}1E47?A^v$kBfhk<$r8eoi3rO9GKI2}I5&5ILVf<U+z$E@mL(K?X7&W+3B<3}if+
zfsE&5AmX_hh<GXk5l?3z;>9x%@w^N~JU;^wFUUZ|vl)nZVFn^zjtoS+oC!ouF(T(8
zOYve6BA)rz5b<(lAmSxwAmXKDAmZiDK*Y<Ffrytc0}(GZ0}(HO0+9j<L<%MlDV#v0
zNCJ_f8MfjTOCVD`flP@6G9?qpT#-PgR05GQ2}H^!5Gj{Hq<jLA3K@uaNf9DmUPh!)
zWGP<he-V*N2}IHoh*VA>QYC>%)dV8d6NscI5UG(sq-Fw<S_wqzBoL{aK%`y*k@^Wl
z8YB>Dlt83$0+A*OM4BdSrC9=*<_Tn4B#>#DK&Dj!nTm`^HAbX1BhoOkl;}&&QM-AK
zt_PIC_2OySR<@VJ<ZwAkj+PVUHS#)ny__Ov$~)vNd8fQf-c56t9df7KC3nj`a<AMc
z_sawFpgbfG%Omnfc~l;g$K_A*gghBcj=r&o>u??Yfv2M1=gT&-4G7szwgV}L$f4lK
z5ppEN<kj+O&~lQT1aWz-yq1{2-{jxGmy_jWF!CmOD+Ka!`8ec~^X2D|9NZY(2&7eF
zA)ZsnDeM$+iaN!d;!X*tq;rK+D(V@v=p?W8BjnArHc=s3<&tBfBk0Uhi6aVRI-+8x
zeKeZo7&;o9WG8yFaA~JB_=&%p?4&rkojgunC!dq*<aY|t5x@Q2=ng>WBssYp*NHjG
z(N5g)9N#fc;8>bM<ZyCE_dlp_Q>h8jIl`&u)Cc1<avDLj0+SAT<%{xVIaj_em&xUF
zg<L6D$xr2Kxki2_KffH}(TbXULB2p&d`U*nkG&>eBfRIydDM^j@)P=dJLJJjSAT(y
zdX4tZmkZ=VxkxUSAIT+hsr*=eaycFI)nAk^($!y<(fdK>%DHs)*X8SU^<|_Nhx-v-
zy&@!E_NtfZ2V=G)fmw9kpR_JMFR}(Y&%H{#1GmC-m;txJ?JyJWpmBXC+{ND?zZdR<
zztbpxAbPq09)?HYQFx5T{NwNhJPA+1(=Z2~ArJ5zJP$9xi|`V>46l$scn#*lKVTlb
z4sXDl<Q?9Ici>%k58j6l;6w5i3t%BEg2nI=EP<uuIX;19upCyvN>~M-k{?+EpTXy_
z7QTRW@FjVbui$I=2EK*wU;}I<AM-tIhApraet>PTojlG?*af>`5A20~u%G<TK{y15
z;RyT)N8uQGqo3deoP<+w8h(af;0&CFb8sFmz(q1>6dgq;(OGm6T}3z1UGxw=MK94?
z^bvhUKha+d5Cg>^F<1-{L&Y#LT#OJS#V9daj1gnSRbreNFD8gNVuRQyHi_@WX0b(V
z6+eh=V!PNOc8XnMx7Z{0ihW|gI3Ny+L(&t6#S!U?AH`8|OdJ<Ki4)?aI3-StpT#fY
zj5sUKiSy!uxJY3TrI1oO(v>l(q?U2nQFfA@Wf$2;_LT$VKsi=UkkjQ1d7HdlJ|G{H
zPslgqoAPb>j{HD=DA&p_<U0AKTra<pU(0XgxAHr=L2i_r<o9y3+#<KiALKT<-Kpc$
zjlS&eeC>SWeCvGYY;ZO@o1E{R&CV8QtMh}i&DrkkaCSPooZZeIXRou*+3y^14myXN
z!_E=sN9U+>%sKA-<eYF$I;Wh|&d<&-&Kc*dbIv*MTyQSBIo;f<t-4aRQ|(m;)lqd)
zomCgrRdrL{RS(ru^-{f6AJtd&Q~lKdHBb#wgVhi<R1H(Z)d)3GjZ&l47&TU1MQJ>x
zt0_%V*QjgNb?R^GdUb=kQB77;)J<xtx>?<#rm0)ibTxz0?P{jFL(Nims=L(P>K=8k
zx=;OG-LD={52}aM!|D<BsCrDzR*$PE)RXEd^|YF!o>9-L=hXA+1@)qONxiIIQLn1k
z)LiusHBY^+-c#?Z57dWhzFMFbszqwC`baHNOQY|?t7U4rTA@~|Rq9i<TCGu^sn69~
z^@UoezEtbgSL$o^jrvx7r#7gKYLoh2ZB|><R`rA0rnajcYNy(zcB?&VuiB^fs{`tw
zI;0M(BkD(WR2@^t)lce#I;l>n)9PpSi#nsus&neRmfF#-j%lT}j%!c*+Nd|wo9Zp~
zwt7dst1hUE8Z>I*E%rY0mUv6OkG)U4W!`dcg}2gM<$da{_SSfx`Ahwe{ZIU5{&IhX
zztUgjf9kLHKl4BL*ZN=h>-;bM_5N4>*Zw#DxBfPNyT8NV>F@G)`+NMo{yu-df51QJ
zAMy|TNBkfCqy91fC;x<h(m&;&_J8(&@z3~YjcZ~?8ExXmGrln<hskMjnPih<a+^FR
zugPapO@33r6f&hu8B@+wFqKSYQ{B`swM=bO$J90TOnuY9G&GG&W7E_$GtEs4)6%pu
ztxX%#HYgL64ax=Og9<^#pi+<)R1T^HRfB3l^&mZ{5!4K71+{}ZLEWHUP(Nr8Gz=OA
zje{mZ)1X<<JZKTL3|a-PgEm3i;L4y~&_3u8bPPHLor5kx*PvU_J?Ihi40;8<gFZpu
zpkL5G7!V8$1_gtIA;HjKSTH;o5sVB*1*3y8!S-NBurt^d><;z>dxL$!{@_4xFgO$(
z4vvuDEt;_+%PXT(#nXa3D6e-uBU@8^|3+R(@%=m5OZJA1vY+e^-*XJzBFD?|u$3a-
zE%1Z9U)~Qp<)iXZ*u{~3H^;3#9Jlsz+}g)+YrlL?z7GdDLL72xIkgdZ-Bh^NwV386
zyUAFYS4OME4#tk+K2=9Gz$3g$`jhv$w_OPDpzn%2e(2X1Rd}s*5U-NHNYVZ{#EBgg
zgYwXh7|?8r0E@{x)1UCyfCxh_9p_SXk0uA?h5{y_dO<@`E-Y+9%8Qz$Uyn7!0K(`Q
zlO(!oAz}b!GwvRl!qIk9l=7UWIOVxaNy<}9)#yyyJG!Fn6J62vjjqVoYQk4d+@rDW
zspi`bln1tBmOWj0PdDDvJ<Fbcyr)0!8Nho4#7S#uq`R6T`b}LOQ3r%*E{H*jR-zR+
zqP=JjuD8+K2r=)xcOI0V?x)lBg!{7i@;?+~vqsqe+wt{(Cc;KB^v}l4|76U}t;VSd
zYNEQ0B2W}LJ5bE*&e5z7MW)9%P7bCR8AZp8*f{=AM#bCzi+K3^X!tzE!QUca=IHXj
zEE@h6?X;vA{$iG>*p}Ew#62>YN5ngNt6tj4;2k<ftYZi<j#rp-ysAcPm#nrMS!(~t
zE`N=kVr<s9X}X#2ribZidYRs)kLhdrnf_*g8E6KX!DfgVYKEENW`r4OMw!uOj2UaL
zGULqn%SPKZmyfr$z3pH-{;8;Y{P%I!cD3DX_uoa|z*rM<3{JXi6fQ_{xUeZ|ikp(Z
z#$(&Z_T`vd^$(+Rli$Z>+t2p51OBP#oHaH#`5%bR?NML~O=VNDG$dmO>;lF4PHAcE
zheM$p4#(k86-VMosD`6)EL6vFcmveL$@ma7#o72I^uu@Y3m7D>7L#C#xK>Poo5fUd
z3(OR^ire8%afi4Y?i2Tl`{5zJ=lPg;Sdh2pIsQ}9$Rv20pTKxg=9XpQC0Slpf`ziO
zYzj*_;(yH%{~MmYed|2yd;tgC6gLI)#vlfmFD7CFQ)4u3#{987u{>BH_CV|rEEsz%
z_9PaIJso=%OU0g#y@cgruf*QLO0oB1i?L2@No*Z9jjfMu!mhDxv2EBdwllUH`^Wai
z_T!+~K?OKe38nEy<q<=erW&c{_<?GvTH|6pPLIc>`f7a*exk3_*WpS%Sx?4Qda9m^
zpGJ4laJ9Zo--c`SOg$4n(|75+@N<2yz8BZ(`}O_!g`TZv<2wDMeiFabbMzcsuV2uw
z;8*%}{W@-lw~n{Qjo!=NE4ayf&6|gty*Ir1xXoMWEyRNqZMWkg@4WBgNs6}h@q*vd
ze?}<(Ie&>5Xm$ss#nj-dV4L_P<4G8rlg{J&E`4!WV#|A(wjk6d7&92i6~t_+(f$`G
zMfp791~0ITYKs!JMO52DDS95K9F`;7sff{67i(fox@HS(K_R9MwgCqp#Yg#hoK-N;
zE#a1QuW(DbrQI@aS+|^9-mTzPbSt@OZe_QMTh*=RR(I3g8g5OumRsAc<JNWS;aB)I
zeuLlQcenvJ;wJnaH{%xEia+2s+>SeNC+@=CxCi&*KHQH7@E{&?q~pj_^0fR}{vyxF
zv+|rgFE7Z8|H?Lpy5b04Z*cgD*_?b&D=#Gp1t>ZEJf=(Nl?MftC}~2qHnGLJlsu?U
z$%m%U3=FiPWT88y5PCu{Vu}4ICBYC%xnKmPWS9t(AO)_68z2u%rIe4Kk4nW5b3lF?
zsi{y93t=HB#7{O9<|n3#(5USNMfu)tF&?kQaSV=u68x+~NxTNHg)49hPN9)~2i^f?
z@J_r7%Hn-^AC#wYJR2&|IDQu@;u2g6m2d^Fgv$6Ceg;)})u|efzjS8St$FRKAFn+P
z;1#jdOe<oQ__?b(f*2|k6qQ9~;*aUk8zV(i(UkVI7Ojatb`qV4KXw=0!6g<n6k^1G
zMuYO!dh0-Y>%DKm_YQf7A&2*)cN~)Z0)9cr?HBfoL0-S4Uj_<LG+72kDVD5;5>cFh
zG88BFLb=GRLnZR+1)wtd^5RgP{CP=8Cy!nRYLHhi2Q_J?RRL;|XRidc$-7sEI^^N2
zlCHA%C5`*iN{phu6w1<<TA~*1iFzbO2b$S9+#{EJ6eG6R3l#TD6PKF+aqgGL{R+5W
zN!+hw?}T>>@_Ije=O91#u?Y9Em|wxK1XuW#{p!@OsHYXVr<J*<>D<$r6b%nTU5bUr
zp#k^08TYycMX9>bhGJ9`nx|ykgKbOWa|rjSa@0ri;L*5;OItFY78Ya;4`13Qa6P_C
zwd703(FnK<26YAD#z;7<TbJ>OF&>KX(2Pf%*l%C(7!{wjZ5W%td)j*%EX~iCK}d73
z4W#o;-gYS99VAprco%$^dK?lG_5B)teHcni;&T{FoZ(xzfjGi(m_`iXEIdRJzc4(>
zI{$!m{vpNjQZS!2zkoHrkTt)EHNTiO{}F3`3B~v7u#{qa4fvSid=vPDqIz3cOH8L9
zd`s+RIBX?GGamL3H|YpRh+}kzV-)EJ&^&-VA<dH}07UahXdJCIK*#8r8|dsWHFv^V
zI%hCG_NR~I_uc-7u6oHHfPbY5RoLc-WwM7Vzu5!-Qtj7mf@X17XR?PX(R#PH!#e=r
z$9xNMzXAQtq-ZP8^)uR2lv|Sa2U~yb>3{!>+T;)aiTFTgrX-#=jl3zcH<j#79rmU!
zd(#+uQ^np?vp0>iH}%+?`s_^&dsEBaG-Pj@gS}}Id(&L(O_SN1rm#27!`?Ld65)m@
z;)-^1iM!BU;jV**|K*(}fgUDNTZ>^?tb(<%F}B7|)W$(L3diHM#KxxKOuPplq`y4}
zU&Oii7Jh(>aT%`0b%fAnLSr8u!4r6f0$EHLktFhpLZXByOBknPS;C++AyR>5FN)-m
z?2ENn_QTpN`(quJ1F$a3fmn~_Ags@FFg9R01RJs(ij7zf!=@}pVsn;bh#f?79JXgU
z+sz+I=RLOo%lF-akqjH@Jdt$s=)94P&C~f<uGFb4S7|<vCOmweifcYkdAd*}iHQ|v
zIU{Vre`geyA+Ht^XAx8@PkAq5E)fr^M0r0Xo1;FGpQ9d<byNSUQa%WY6H(u)Q$7UK
zDIbb8C?AH6qo-N03FV`)8RcV$`v~e)OUlP%E6OKeYs#<2wv^AtD=B{h+fn|wn->K2
zHy`EiyU|m$jdTEldTL2M^K?l0N}Yr9RXS(%e3qthMg7Y~xu=ssP~TE0p8;i{3-lrG
zForn8WS9<j!GrJwJP&i>9asp<;4}CdHp4DBM1Cr9hmtHQFIjvEvZXXk$GT)qEwLST
zAv6Y1uf~wqm(<$Q_!`T;IG1HV{0GbaIFIE3e4XVWe1qj+e3Ruse2e7}e4FJ^e23*Q
zT_%#$$H>}dQ!mT0T&c^mT%{xHn@xSK$TF@gvGjCWB&o-hS<b+xSbtBm=H{^Go?*>B
z%bI(Rb@n{#>;=~1i>$eqSaUD4=3a^Pp^Gr$MH%s8jCgTIyaXd&k`cdx5iiAvmuAFk
z{RyPcp+h()V*x_BJXX65##iIt@Ftv&v!a+wR`D#pjPvjvoKGHO1$m0~<kPm2|2lw2
z@szF#()BUa=`4Hc#w`2lCM^5urY!sGW-JHj<}3&57AyzpmMjPBR*@7*x;58_>NYHg
z>2@qf>JBW&=&mfs>7FcS>%oyEtcFCA&>G5er5?s|l^z~R!fXV~xE{&U)1x9u$c<(>
zLr0@3)HI%`7LBJ~IvPoRbu@G6r)x!8)U_im>N=6;blpgox?ZG9T|d&IZV+ivH;lBX
zqfs?dN26-AZXb<5-7y+}x>Gd%bmwUN=`PXu)7@C#-J|iRdqm?;_hQ}mX5IH;-S=hP
z_ha4nXWb8A-4A5l4`SUTI68OKVlFlMwG=kzUq84UL4f@~5?(%?AN~A7hRx}S=q)Pk
z_;)F#DR$QVb=?(nvmeUC{v&VH&ghDm?^0<*)XON!Q^a|g{RrpL{b0;NF$^$;X7I?d
zN^k^<xZ4x3hA^(8tLkdHx=z<MbWL4L*Vc7(U0qMt*9~+--B>r#O?5NfT({6Ibt~Ok
zx6y6&mAaj7uRG|Dx|8m#yXdaEo9?cA=$_aWyJJu6f!%O~_Y|?VIT?3V#5Lk3F;hGw
zXUkXQTW%q@uv^3}>K1d0hmFG~VN-=+Gu=z~)_rte-B0(|1N1;WNH@}h^$<N&57Wc-
z2t87d(xZt@?DTedyS+W$UT>eb-#b9eLiyT{`=0On#t(cO*0U{bE8E((v2E>@wjHsK
zhJGWzvERgR>NoS7`z`$M{0;s_f0O^czuDj7Z}orh&-v&53;snz5E@~maZC|Y%#<)!
zn9`=KDQ_y8G*iV?GwG(Lxze;V?M(;M(R4DMO&8PEOfXlQiDr_y#$0QzGk-JJn;XoH
zX0n-LZZcEN&E^&}&D?6Hn;GUdbGw;o?l7~=owk$hY`fSVwx{hC)(;zm4edZX$POmG
zl_5LnLVAnVRw~f!q7CutQDO{K7L&vzs3xX}DNvoC5>Mw9lN!7ZQj_m?)RJ$?H=(wh
zmttg{*oU$C&?vSvwiKGE=!ZB>qaR|`oo7@OOV{sFNs^=Ftde1-Cn6w{l^hHpIU_kq
z63I!BAVG2v4uU93Qs5wxM9CnCfMg^JNX`hieV*ri?|bN8>wdcHuG?Rj*;9L0{j0j`
zSG9YFzJ}t^nz83BVYt>~TR=d(f9c2#apkUf;G^Ta=G}?Eb0Seah_FYf35%%oJQs1)
z{9&rZNmknC@6Jpv)43yV)O<v$giL4WKCN|k9N_N%IBnCRKMBA2<2l><%zPSuz(=Wl
zi;)cP4Y!~Behb?+9!Hu#w`6i_RIh9@tDB;KJhq_wk(%Qw(kT6=L0WS@+iND<Yl=l~
z_wjwEK_wIIzufHik~ThR32X|qI}HXnJY)H$aHqBH-8l!z1Pr^y!@J*XS`RuK4?5cp
z)XX2wnLoT-aaC6@r$#@=M=!@mKWASr=fz)DAL3=c9Q3NUfAv+ZsQXwQCq-)@RyxaT
z@Y=K^`H{PObq$b}kutP($s}QlugQA3CvRKX^rh!;G2@8)*2o+E-o1&H9^ipcSU|VD
ztFS7)GZAM{fzQ`lGwZhnEegovrUa!jOot`Fn?xoIOjee{Uaus(vnDk>3afR;43=Fa
z`(oc&tl%XZH7W;(mX;|!%j??49SVmRcd(NE-Q~MO^D8esUuW4&yj%UgyK=U+)!#B@
zB-t~@$bNA6%`(n2WXuvbQsS90X67|4?U^HON<GZCQzY%AIn=+y^x#`|6_Y$gmR8t$
zFLell!acmEDG8yOD&EO;fr30ju{ptP03i+De4tu7-uBor(X=@k@sCRm(ffkHX%0p1
zeSIvmy+pskgco|p-|tN1u_ZEAz`uShquFodOBMH;=jS8;wA;M-qK>Va#&>&~>AzH2
zDcsjijJ1^;`5qmcm$4vt5Xm#6{W;P3_~PG(4{I34*1Izog!Fa0CJGmhz2_Ll)axDW
z5=1d^zuwy1SP96<JN%VKzdcJ$r&uEL=pYlb{oXK7AmtLRioULlM*Tp9rE0Ta%s~kH
z*zFOo-M6oz20wE|V_MVce*gGpZ8-I2yF*3~e87c@_6IR!!a|9r(H^DF@C4^JqU%2R
zePuJwF3<U9Iz8FVvF*~JHPs)5a>unkT>(PQCp|MMMg@;=BPjQu*{t8Xl6M0gop(JY
zW8Ub+k>nP@+$AVEDSy+Snd{j`K64%UuApB;`|5Pu&8tzLuT8riYka#Qr8wKaN3Psi
zar0^fQ<0yxf{7q~6Hm0e;^X$H`kh&F`PplsN70L!H#O+K7$9{OoP_3SzhngID*6jC
z(I~z!RAVS~JFiWaw;G-N%uWBeTu(wfwtZI7N9Ya>W09e@!m75Pp_Ilfzrxn-pZqO}
zH~m%KMUE@paMf@B=ERwvuf(oILml;@ZoF~jdc~H;FI%BFSAHFzga>@d{IykDK6kg~
zq<4*XjfE!WUq9bq^`cCc=_iig)2w7o&Y1gDw7JlJ^EF)nJ>vNGk!bvS)ww1iJS#g9
z3ws4wuia8eWq2y)JI_bFrCuB}cb`-ZQDmtVo)xj~l-`;_t#UMdg2M)PD#Z_zS|1EZ
z0Bo|>e60?IX))Xtw3h$*;C~w}E42{(vU3+(GYQiYx!vh3HG(^D#7mq9{{J*?EV0Fk
z)vXF(e1%N_=diC%;D5c8Y?-!lw)YuXBuGw0iM~DWXva+>e0Xm?)u3DD$xpfO4XJm;
z!l^V~^7N+lgU{W)yRT+ICS|ZNch+ySN~|(M7D4;zi6jSE;zEE2s@nhV7d0mLgp>|q
zb?4fh)v!2D7QYF$k_%W{#N6WGoSN#3cx+c%B38XSlaGjOin4Qe_}u8S*}cXBr99QH
znrs99+AC#-dG_<|HGOVMj9DE^S6!wfpWLB52^dK8kxDW;`E2uPC>;G*y4<=W)&7&Q
z<wTR7lDxoh3PLU9W&*9syQui4_##s6q?K4Ht2WMJ173aA@{20|gA2ER4sMR_Zhrn<
zYf@it{b9oWwY!n~hn&r;IZG5_GjWP%*|#pDqK3bZb;ZrBhL4evenF8k#MM*@r+Gxq
z$kGn*Jvn#X(k2S$9Y)Bl<ZN^8ypw~MJJTia2L~bfQFnhX5*X}b&C2u$$R`OD*)@ha
zDHzWzSJ6a99vNgi(l>w}@{L`hA|->hsH2Qu1dKu-T)T50(+~>@C?nzmwV!FVR?0gv
z7tXx2eV)Sk@>A8mohje!ay84wYeZP;RjCrR33bIn_9KoaGfJnOu@ou6Z-p+0GwW8f
zPQh9e94|{QIC6Rw3JsYFm&Ym+A-U39I&!|25sH2!zWDb}UG&(MCq?{=))O4`PiLws
z5PM}MDns6w1ie(OyKheLNPSd+-mdfgS)VuhpEFYZ$-WWX9JP_;E>9c%ZlImp$(SW;
zA^$kr>$={%8jk>th8wtSVO2fh7jmqOf`R#DJ<>6Yw6z6K+#`nbG&c@Bj^u{>XD{84
zK6*4fUH5IXe#z1lf6kEPvWa29DnGF@9m7i}eKZxV(_%H-{!9O&?AFNvi3eJZXKVwJ
zf#kd?WQ@c%3Ix}J+y&oLc2jYu>Rr=D0RRd?(6n`t#J0AkO3%I1wf)wS=ifmnxr+JV
zu`$Eole=faa3QAQ&5azt2)X6rE=?X0te*dMp?iJqwVSb|ZDMgSulTA_MKmdG;PqAR
zvsDD0XZjry9rA6@iIZJ2B_aNyvU6+A;7wkza2qwfOK(PY3t{{XC)w9Y^30{JxiqpY
z!DJq1zxGDyp{bH`&kmh0H3_g5V2CB@3>;fR5=4)0e-@RKlk>k%?zIuXp0UwiZjmd@
z-y_>nMVd3!wH?Jk-myk?Z|y!`N2YJ_y-EI_fJ$ZJ5Z3Xfih^wQ7rdTU8%`T+*2_gb
zel+hTPlk^<)Y4j$?KAAe^cSDpmQEC>e9M*bL`2&uW)$~(8J7^%=Db5XLLCtf%o~@b
zu8fA=Tk(~0<l!tOWePIFbQP(2NVPmmSbo`R=u^@vRGWXiOX&JKJzUm~>&ZJjB9Y%N
zTERG5?D6wGV(ZbIv=Zu}oRiTW!vV1|shhR(_i}!}%gEL>SPNIX<XX;K)A~`WMdT4b
zmor;<U8bkHDlpcf7brL-KJuVIFCxC7DN>;WvtkO+>r{uo<^7w{*g;fHJuyaIJu2<J
zABp8x>3D64rN`zB)uo^ML}gGyGtN_iL+QN@VLc~xW1mKPIMj3TheUq-47pLdpU$Y@
zUtP)4!pCba@z7}R1jq{9GaVUpd0C(B6__Hae>2CF+wNM!suoV`mi)^X0*iTP6z@M=
z#$KCV5~n+u73Zx^45>33J4vz~6O}wKp?^@L?37A>?tB@~;H@66h+lVW&U9QdG*}T~
zbPl~3L$t5C8K>-$%X*l_^OkqGQF1C{GG=W#xW||9GAp}(%8DUtr{aoH9Pc3b1C9LE
zC<=#s9fgVm!(_1<=F4Bl{r1tiznkAm3$Ix4<hK`j#s0YeX<n3YJ9Xu&d2@dCL;j2_
zYH?b>4gU6_Ds{=x5OeAM{^hSrtaA}%^c427w_Z9G-P!%AJaS&;eX@M{Q1mD5&2i7?
zteMevj#@G7qe-5x$_~3bJmgNyo`wz5nRkkP*||D?R``r6VL@bzqh8QLDyn{^rrK>x
zEzPFIjJIHsm`DBFjjPVKBi2=)hUpe_@8^{TqnfJE7(b)4s8oOZV5V-*%BU#2&Rt%}
zZbzm;MQ-tju6;AXM}rm3#+>$dDQJNdM`DK$O=Jp;1bIRu+;>;&gTXHm`Z5kikrumA
z-tuJAA_^u$j0XzE)Q1<F#H#HxHtPE;isv6pl9DVFyfEN<xD&a$elw{+if`hAWx>@I
z&rzwey5|b7M!S0SivoQ8?50L5jj8JWn>RLU^CV-ZUid$++P->2lFPbG;`ZM+Gs6W6
zrK+#SzVoBmxkRC<x|;m-MfI?ZUOKa2b}yFcU^s2$jZ^WqWt*u}@;Qr^zq*2>OW$nW
zy3;><r*gKqv55TFcxZxT&^;#|PE5=yhf#4)x4khi5awWa$71Gb`H4~N7xXB<QAxn0
zmam3EW`X5g@(ZGpq2?0o;^8|V!!KqDf><9dr>vtnB9Xq8XrG?qd)+p}^gV@doowIV
zk{U4N_s?y1<$q78ojq6hq`rCDoIfe0|I%%KW{*3M2e|8Azv@@jR&j|j9?Dsqtqdn3
zT#|UvKW{TTmV5R+g{f%iS%L}b8{eD@n(~5HOa{wlcJDi=^9IEe*w3#_t^8DTWg0l2
z=l!I0JgFC>awagH_X3IB4O$W%vR&oK{D_mkS`JZPM|oH8GZ2ja3>D|3VH{AWzP$JA
zd!MSEqmPWwnyQfa#_S}O%3r2Lm)Ul$w-xKejHl1DY#0t-aQ%D#c~RTZ<2%o4?)e$3
z7u_=rr`@bbb__`g(Rgbj^B31R)4Jbl>)W#`iTRDIEsE*lR_}F)HaA-%B3Jhlly4^`
zwhh-cY8c2<@aBK@mZXwEjBi%P_SDYC_*`z-nPpe>#4}r<8Yq{44>7Km_w~(KM!tP7
z9K-sB_<LLVb(ZyrV(%`8OzS?2bXMIYzU=GCPb@y(O5M?~j=lfPXq?S9ma+WWRpvfG
zl4JTW(jUsNSF<q=cLuaNM5tXme{?){o>IGLH!5xkKCQ}Fxy#>0X*sBCs~{qejYlc)
z%+XLow#fnaJIoISFZEvA!01QYaaE+80-3IkrY@3uPeZ;a>o0zst}QUv4ez5`7HLR$
zZFh4w|4fi`R<)VSP6;XL89KrbJ`1uQ{()@DJlla-?JL{c*snG<JcK+}tF4R;8^WV%
z1bhwL2I2<%cbDEYuNa_MlCW7S_NEoX1Xzm(n%)Tl?AsG!hb^M~-TPlpRz8?&wHj|5
zP3eTU=w4jW8FkDNq<S0>)Ha=@+iOsfwQ#kL_no*Xy{*G*g(YN1CB69}83t*+>qZut
zVoY@N*3$rrI!8I<QOpbaajB2p^J58KHyG+Vt@i`>n19=O-MQbO*Z7=0Txz<bT~Bvp
zm|;wHb$(pEKI(#YU(rS5OrGlsZAQ<?vbZ#?FJyCk3V584iOb*Up5}5~RJmB#N_1dF
z>d%nQv*r6P>dh50neIm~pL}5asq(d_%=bO|iM=v=Yaq*lMdn=2*z&XKBN>w$vN38t
zaYh|a-aM@2Xq(E8KlbCXNmGp)FcRJWP5Wf*R+jw7_1I>nJ&uedpDf~T@{EhQ_R&dO
zVb7mP1;;-;*G^^bc#m4YFdsiHa)j6N?y@NVl+v2z{-JAkf^g=0b_JzsY|prPr)m9A
z_R^!=nHTRBE%rELz$a<W-6&wq{(5Q2U_I*nF9Qj4l6djaxf_n*(qn$~&!{J7$8u&!
z6wOiOv^iRR-xc{(<p-N6U#3zs*KqZIN?G{OST9OWwW2Igc5ptcA&SC%h~oY8hrW)X
zB5tY%Z)a}dZ+{l>w8Seaf3KbLGgr~|3kV<TQjblsc5_mCpjdvG`!bkXE>xVMYlHK5
z1Dl}F?#)`wAleJ=>$`V?(jUhE5L3!>EKC>LPmyR{-*v}Cn|;6fa-4-J{0UL3+bz|n
z<HYKL?H?&N4#%$4`_v_U+Y{Z=Tmz@jB!c*%_9%ietKiFtoI+=})^aN91C&-p(w!G4
z-G8{deWns3r5K>7w^OT1C>60|oBXWml>Mu76)l`cke8|3sp+8Ot(H)=kX@TLM|xd4
zgq>aH?&chNb54;8zb7;z)R!l~;_l-)u6zA>^Glg-Q=-M5;rEB<<=l_TWhL!DA5X{9
z8F_d2-J00UehAdF(W&G~8h0=YU1w4<ST3{XGK)W%NlYT#``o!gBqq+asxHdLq$+(}
zMvnQcBfC~1hP&PlgfC+^CX=3S3tZ<|w2m6es_+1E`Xe)v)9-JrWH+1SGKGoi=W$<e
zSaWP4Ki^zTVw>@5x+LO$DNhMYh$LT6f2LVg7%ti0xU-tbkskL}-^kpdh{?*JaF^0W
zY2$>xF5n(TKrYUW4}6L>VdV8gvWdux+`Pwwdj&PduE!&@Hx$D!toM1^%rmBOlxNr|
z309xfKRY%lFP}8z)3sn@XW6<%e7QYZF1sr1ZkoI*qd*Xq|8fzV<6C8VVMgC-x9KB8
zAxAS&Z|x+jg9h3avyo!++GsiXrrw37;^qpQE91+d8q|ZAd6~Id*r<DGyop7eGTB(7
zcYWNZk8L+Z=r2c^O~1<g%e$eFI!BqRP}t$FB_~zU+-DOFd?a__&AzYVK6z{<_{&D@
zZ@v4wBkd?r<kL^@meq!orH`~Z#9cmzzLQT=)aV=P-lS%7X@cQc%{zZ%=XcG0-2pR)
zzm*@5T9)0*t@&A6n}05ey0Poa_G3v$*&nYXj96Gv?-&@z>=fDS+2fZDik!Y}@>Kr1
zaze{A>?OfcuA;^hET*1r@LQn><v>0A^80qXv3TA2+TTA_&M4N<O)v{IUSjNgZpOi6
z>s<8N$msTM^I!V{s$Sa)MMIC&I2$YsQ|#*}^VM9-sOlcA(BInpRI(xcyPDow$L&*s
z#!li#uRA7xnK+Hh7C(xAj&Ri=i5{@hT2&nx72N(JrB3cCwp;k@^*1A2`V?=;$7w(3
zhb)!84E$eawB7ab;T@FEABl};=t=PI9C+TSu-`Xh`^3pX)X_AP@V*(>UM@~}{;D)n
z2pQeyNiw~o3XbV_16K8t!y?}#-wxz0PFJ>dC>BXBq78=lR+aOQ6Zc;@>J8tDRU-N9
zzbRUIY^C=6X%pvoh<ec|qX=U*nby?2nU(+z?I!iXEEknsJ=dnSvQ%zurHo}qd!W^X
zcR0oP?t_ovvjo_88@<w#2VpKEt-LXj30o|LWu@cxPo2Hr1C-&drNpCH!=~6vXR*U>
z{FdBvG|rL2p%gqN9P$sY3D9UqQeI@BBT&jV9cKa84Cf1OWW^s<*(cGlUfZ}RN#Y$A
zbzGU!@Ivc4(SwQZ%=8!Rd(pmcl(<HIg`d;64C$@N@BYbHc!=Ai>!sXqdhT4oQIveF
z7qu(w_^Xz$VoLZ}t}a=uYgo5E_^?=eKia}8$<Qd7u#bMUGsk4%v&Twid@Opf(?>_{
zDUWCE(obis@MWQ|g}I5=TsGr|vsaqrD;Y+`zQ<&(@~|S*HhM&>f32)|>X&}IAR{K<
z{b<7a-da%1+oII6fo0%BJJLQ+K8@8lAMd+cZRk$@Ae3|Wi@s*o1M=5}B~>}wGd@CD
zB8M~M*6PP?($W2v<0O9{Mtsnsrh58WA*<r`Q)lV1)~C}z->nhn!B#(|dTwE}t8I8a
zv@TKl>e^(`f-5WIWeP1bwy2KKf+iZ%sC(*<wNHlTPMUq#H@S2=$4S<lzw(Ui%1Gr-
za@4;?nB)56+6k;)3GHbV=aHtT=2-1r?kc+|b20IywLr0^g(OzEvIMopkL@RFGGTk(
zY?N1jB>w&)rSI*G%ED@cHt&sx?R9*}r$IKv7d#DyzrV}>`)2EdzJ4FCR{(pJpPu-T
zn+k_uxJ27_rbrXJtLyrwgt8RpiK~%GmSlG(JoH1;OkOlN<gaV>Cr%#LQHmY}@t%~M
z*eP`5%=nhF)4z@nsPW8>;&qTU=?J@}(KqV!eJVp3LOu0Ir1eZT*WBvp?fs`O%!sd|
z=SE7d{<P3ZxntE5_U4-J!@do_A&k(gmNquy5q+F+fRSWz)|SrjUcRj05m`q@XoLYB
zf}X0xkvR0%7mn=lo3iRjoKx@j_3|S=ldTk_j(!;h>}$(i-XBR#wr|i#Fsxs`cH!(k
z7gc%!Jtdiylcl?do0Xa4zg{|<+fkAM5?F2o_rG3BNr~U|aj_ED)3LG^*S+U!#SMNa
ze#d|t$&Ka)jJU;hoSi+uHwbPW@f%Lo&fFNxzh5gDNFi`?2%H2;7C^}>NhqL^5(p$(
z0)ayU02V2)gaWSqpG$xhDBW}L0RJbwl7pFtm4cOpv!#`|nw67{hb=c23~`l`?7v#?
zorxJ3G@x=}Xjre}d4wJq884?x*g>o6W`tq|qrzzg)7m<pzXIs3l38?aSSE@YR<ChY
zHyvh+&rkbhPi!7_w@5I}3osP#Z7Rzr$1sp#W_yKg)5)wg5ZtL==iAYHRP{vBzTmG5
zsK{;)1mAyQ`a@{wyIh><pxDqIGODTI{120sBKQp1s>wdVY9XRkIon{KMt%+<LKBi!
z`Xe2p0D4>cvp+){gm{XslRD8(w}<Xg@bKtd7okb83!Aa#nT?3o5N5e5_nhg7u6%)~
zR;krhm+~%VgS&-)kHTb<k0K;MroQ;68|6uT<+XEYSvI9WDhd*#-jEVg(tOj4kBJ{5
z2v7)OJ_Hdx^SRhuLibV<$x;HgQbOTUVgr{z*GUQu#0A3!#>>rw%+!gdyw!~!sb_y7
zD4z$D5H?b*g%Yfhh_4Yjubq)01s|1nwh=)uXLg}8q6R_IWXc&T&!`|r=n&LZN|47x
zX3j&Lz|A?$O$$DtLx-E?LZh4>@x4;!r%iON;oz@~L|Q|oTEp1&&UBbzW}3n8%Mz8I
ziOQw<CeM=8z^X^yqD8i3N}trMR1~OE6z*8cL2O2{99maOzSH1T6m)lp<Zz0BJyc$c
zM0tvoJ-pwAF1FDXf2MGf7ky3IFQmeSIDJwoGeoJHAY~G37;asC_RbWmVFcDTh|Pum
z?$m|RpjsE|@6XQtYCgvt9I-~4Ez2(z&cDXsJ4qxJA+``c*h~Iq^3s;9j9(ybjf!|u
z^!=TceRD4f`b*h%=<lMTu}YY`jb?I@wAJUIaoSZLZiV`v!(5@=m-9%X;bYR|e<vIB
z8X$^#cI(+5Ie}Z30_-K^?Pg_7NrnKg799BJKL-ZOjm2P4816qG{pUd9xc~Kv+v&e;
zNC3Qs{v7|q1|R^44TFN%Fjy=k9tMvFug`zR!y@qDC4R~VpzshI3M&D%NkGeCFwk;X
z6bj;t$3e8=5NN0kz(aK4&{#-391e*%T?Y=2hv>zFlg{aKcrZZ-v0-3rIOrJRC2){F
zkbvnw2{aPY&k|VdX&Vw8iPQ0rXf*nCpCZv1#OXc&ZJ5)2g+yZ|PWKBEjRT-IXkUSI
z^q)EWALj-VgZzVpQ#KS1(mo6Z4XFcz!$RU=5l|gi0DXEqkXQ`%bUXlw!k+Fc0Evaf
z1CV&s>3#tKByd^>0HBfRQ`!Ik2f5zBWHRz}-vb!1meamq7o0x-01SBDL(1XN5ML|;
zoFo3(&j1#z1!6-(+5&ok=K*AX!Qf$R5>Ol1&k$cM62=C=*ibMwG>i=cV}qF!!8r`t
z78o7i+yp6ygVBM5(Sd`}frHV3gV6!bVbFSEbl_lgfb#~_7e)sjMh7^rL45HrI`A+$
z@Gv^?FgidkK<j|ffrrt7htUDfLy&k9Fghe)bV$JHkbu!40iy$)ub}n9=m1#;EeF*B
z&d`u@Nbov8?TZBG4X6#O1Brm@Kq8<zkO-&_Bm$}f3GxG4FN_Y5mymKu7#&C$9pIb;
z^@Y)agwX+V5b6t~1DsEx<zRGxEQ6E-V03^yhn9oU0l?@0*I`g!7##qN4gf|60HXs1
zqXPw_16=Dt+5)bxpf(sC;EEGk4n_yaOK3S59Vi$bAon4@;JOoPgVBM8(Se510j?9F
z@nCeIVRV43h5Ewiz`*Fhz~}&(42g$<(Sd={0j>q0zA!pqc#eeOITBoZL*l{k90|j7
zBo;;oxXy;ggV6!5>!9UebinW&39jLwzA!pqc#eeOITD8FNEn_YVR(*&;W-iqqXUNL
zNEn_Y!F4f28w}5pFg!=X@Elyo!o-6a4;Y>!VR()N_g2vM!HfqC&%q=P)E9>5NEn_Y
zVR(*&;W-k9=YRGekTy%e=z!rlQUW?201VFo7@q&xcb~2o0QVYD8+1GX7@h+#JO^NS
z4#4mnK)~pL;W+@qb8zDWZ8Hqd0dOw_(FVhFaK{Bx4muux_D9foFgjp(4(`^VzA!uo
zzvlx}4n_wI&%s<Ij4zB17@h+#JO_7)(0DLB2Vi&(!0;SE!RUbDIe>!E0mJh@ISR;l
z!0;S^;W@ZbhWdhgc1S!Jo&zvE2Vi&(pkZ{t@Em~QIRNHMAZ>x+IRL}+KYMJbFU)xb
z!*c+J=irVXCLYXr1;cXyhUWkb&%rc0v<?`a128-XurTKp49@{DR|V-87@h+#JO^O*
z=U`$58V`o&01VFo7@h+#JO^NS4#4mnfZ;g+!*ejRa;nXM1bCdv$)FH_#^WEk8zd5i
z1nW3$!+>r6hYd_=Ax`JWKpOyO0~vbS7jrtdghHZGr}LAb4G(hlAHHZLDECyG!Nd~g
zbWRJj;lchp<%>pwO!<cmgF=7_F{tfy9uq8w1sU}ZUo0A2uKf>f9&Tp$9IV_Z$-p~M
z|GDpk`@ep(>EE}L%-lTwoxaDS!OIv=Np|UyqNWlh*?;Bq5tL;APg*Cg<!0r{{qIKo
W>xP`Jha>p*PrpGLj>rCY!~Yjnf`OO-

literal 0
HcmV?d00001


From 2e87be2162ac9b0248fb9ccb9c983ab296d40b9c Mon Sep 17 00:00:00 2001
From: "kevin.w.wall" <kevin.w.wall@69e6d614-4441-0410-9a8b-65af957f44db>
Date: Tue, 8 Oct 2013 02:36:18 +0000
Subject: [PATCH 029/812] Update security bulletin with references to NIST NVD
 and new CVE identifier.

---
 documentation/ESAPI-security-bulletin1.docx | Bin 25167 -> 24998 bytes
 documentation/ESAPI-security-bulletin1.pdf  | Bin 648851 -> 649591 bytes
 2 files changed, 0 insertions(+), 0 deletions(-)

diff --git a/documentation/ESAPI-security-bulletin1.docx b/documentation/ESAPI-security-bulletin1.docx
index 9ab49c9bb04429a0448236f727e503faba0709e9..65d941b93774eb9b5aeee19940177fcf1299748b 100644
GIT binary patch
delta 12612
zcmZ9TQ*b3<v#w)nV%y0|GO=yjwl%R<Y$uaUII(Tpwv!dx&P3<myH4$c@20<t?!M}`
z>aFUhXNSN`2EpszU=Z5P>^NN@!N3er8zEuo!GTj+4o+FpXkUhBUm;<s0cJST52`go
z&6ny8sq9H9&w{n-KX(u>7q+4Izy4(ndz|araXIo_^z^Yru6z6D;_W<<#B^zeaEgu(
zA<FDN3A_GA$e`LOeMkLjUu8=hPd$<q-3Rn}eZ~kGc4rCCFb0?(7qAO7kt^&^R|Cvs
zk%523`jJ$qr2W{`I*hSN+$H5kNVH+t5rWk!xE#E2X6>IxZ1&GwqEA4~vixr+Ez9=Q
z+_9Lo2#L?IQgb}I3+;)h)~RPmmnk|(c+w^6X^?vrc~lz6Y{jVIzX!gvmSYjj=vmmI
zC&hPgY+MPmYp(PUPNF>DtVQI~d>=>aLxH2;i^kk3GOw9fM}Lj<)vJdz9A$UMz1%RN
zYoNS38>cj3!t?;C*d9Uq&13!A_9&?l6|^eJ*hg8C!6WYm8kq9Tx>>!cP2U}m2#lo~
zcaTe>$>Hpbvmh(QGklX?2&YOXvNlc0Y5PsRNkR8d?`J}Yr8Q{k2WFF#^hP{qJK)MF
z&5ma+9J!rdVGdErtg8uO6_Ik<E;bx<I!{Na0s@C59`Sn!ePwL12%5wRjk)9e0~VMO
zT=ppo_$R>wgQWF%e|>N{RdYu&D!W0w{AAFiGl)CwwtZn&it;gOD-iFtxWPEmzsWb;
zFAtwM^pzI?LWjSwuSu#$M9Dum141Gt+0?MI3I(uhLNe%9bv~E&zagMa6Bf<V$8a%l
zHzxk$c6cgqOL@d`{;}6~&BWqX8R+EgKw{&I>}lC5M`EraFLLmFH=RJU%tV8tViHoR
zu*gmj+Ujv1#)$2aQ4ZR$P+cC=uYa`3NvaAoAK#ERq`Xx-^tjhZoiqS@0ftyNlU(9F
z$fT2Tv2;V))$?(}9E7`Sg@oq#Gzh$%q9nP?7EKzJ*y<u$TN@m?cJuJ!rEl(?$n_G%
z)0A2{y~x?F(OtHV-ZP>Y5{SK4o&HLDKu8A`Z^mnX^K-{Ld7k40_YZI3(afecz1U|u
z&8?=`YH4+yEx<n*IMr};0`*VXQQub@!agfv2^lg8B~C(S@34rFwu_^M7EJu)M(+|)
zlzU>GoWk8)u|R%#DP;5!g?j3sg#82x-t3`Ow@aoF89#T-?$7Gy(<au<#Q{6gus-i?
zraFF%FLmi?-E_R**-uUhW+(>#XDz=wR4_2G?{7#jWjRPFOfVR*lvzj^gwmV~a861v
zu)aSjxrn$x|4qjO&CKghuy-Ojt`ZgS305U^Do;IuCAuTGWY&q_Q12BYGEGxVvg#?R
z8Z#O~Lt98J1Z%Ub2@6WBpzm4<+az+jjT$jkIMb{M_t#aR;N2|ntqr9aR!A|}`j@+<
z+audFh_S$;PRAhU^D)3<M`$s5X_K*=W#d)LDj@*q`kcP^{njdU!<;^E+WO2@9!|zN
zeiYEz#@ng1cy%-^(a`p?YPg^S8^bMI(Am@&xq>slZBTd1{H)T|#o{h@0%~z-x=n$4
zi0hsXNzWeNTNy2s&;y3FUl({?70b{>YvI^2f7NZ~nmtyh!#t28El9;yzciQ>R5luP
zwWk6Rd1rCNYxSd{$4S-+?&g{3kFlH-DWSYZV%AXW!>v=cU^fRjbNTRFy#4~t@@+6s
zFIapXdpRx(-|hjeJRvfdS1y<l;0fWCU?ZwsO(@WWr+%oVy2SHyS)3F~q2XhzbC&SK
zJdMArx{Xs%ANc3W`k*Dcpn7}b3b#3pW;lUf>(;ATsBhZhf0VQ{cFZQ!TGRM#0x1@{
zyI)$qGFlAv4Qn}7E~mw+tew{IO%B)5rc8+eBxfg@gGZCqIKHcsm29xz)ZIP)BU)<T
zW|;=Xd~H7PBTasu?j;x3ON2^NZ^co-ldFN$Yx${~!Wf+vuAd6%F(eN$dw-b^jb4En
z+f$O=;Kdgm4!R`{_xKEkn?@yrt-WonTpN!o-R&!VzD+k>uuAWLzd^@BnSxj`yY9=3
zD5yVHJLOw;AObf>0`^Byzt)u*P;ZBtS7UuHm_2@S7auc`1XD(n7;(p?i)6l}S109F
z@^x_FatOCth5=awCzExFy-kE(67+yVC?V6ZfF7j4#=9r<1q+}z2_>B{Y(8B}x`W<S
zK54Od<twK@l0W~`ZkU#pQ-jKEU=b-Qv<AGz4(L6zuT!Tf<d&*kH4qMs!3dXPEiIf*
zHC^Cb;h#ZBBn*4HO1gtbwasdstE#GXSsSdk*SbX5;Xe$2-VAe!tvNVNP(6^wA0~{l
z$-!jsCWQTQ*pf;(*@(?}jdQz<R3psrJeS(~b2q+O1%S@r^~XUXd;X^@r$WP1vN$4V
z@{cXSn$-Y&SVRY1Zk)O-`(!m|hxYbq@_;SP9N==4UPw<h!4S`H3>rh(?}i7{0Qy-5
zy(-r>&DHER9-qiTtaRLAC?_C*_?iGj5jUSW`o~4rN04aedPR9LdQ|N4&&`b3n;25o
z%pmznBJCR|N*cs3=XabcFVwjOOI5V_<&0Lj!jI>d9kV962Vc*AsqfqC7nMiw)<0nG
zn@2ydgSllu61WR_WMWER?rl8r1KXLY2bTdJK_u(qPLj$AN70<~v-`kWBus6W9<~kG
zE03_hxR8zWRR*2RnnrC~s|r2x5az^|P9;ALCnO3Ee?mu9cvc53Ubxq<z#w_e7C5mq
z>idpRX31vCA8-ZKb<lvZrrJ-YT4f5=??UR082}EwZ#i$%xRZ~hlrGQukwccL2^_%f
z`V$(#kI<-cEfg(hrgDIswSRwdgL(oZgZpQu=HLDFp%_MtEoy%{8FN3Y0+&hOG4HXM
z^|9d$j9G{hprom^UvY)NwUH)S6$Z&-?YLKzz|$bj%z7}YO`Uv=B)VKL9>s(oDIIk!
zf$TrEqwLm(oN&0Fde{h_B<muLoZ%#@s{5x&3XYf_d#ML9x`Tl8Y^6nK?Agnu!rYow
zh(#Izv5X$urD3h37wBQdu*=XHVzh(y5RXrVy>W;iLf|RxX6AbFa-t33yuAkUEifH|
zS?;}kXB}C{m}_CZADLs9j~yKXXDFEo7e{0I<!8R%ubru08L>nIZx%ThpT8Cth#{1$
zQ%^9yMM4H4(nf%?h$ed07DY2ppCM!e^ahP&3pqUDdUZ|&NIw#Vd!)~l^NRacTV9d@
zzFRHeQ)Id)VSl|gcm2+U64_>XJv}Q8k_}HgY@R!F-rb1OWB?#A6`IM|7O;1Ab-Ol4
z;BlLI>jzW$3SKNxAs_j0iODCk)PWm!{HH}CwNZ+t?>0~b#M*Iu0=k?Qh;;0H;^0#B
zchVZsU8AGK%R3Sf5q>O5b3_^G)l<KiVQk!7><#QW+u44Lsg1Ec?sEoceM6K{XGdB}
zeXsZfh~Qrf)!aP5r*p%8{TsuL^W6pkX4XIJ1^>t^(rWw-?UrysDthmbjVkB6?RVRJ
zwT<Q+>;#tTc8G4{W?vll11&tzE*1^xIEnRjSW(L65q&@lf0;afO%g!R|GM{-nrXXm
zQ~IOOYhbb70<+y?)2fp8a3wTLb?1Oty-VJsn4DAlxo0N}x;8d%KW;+)2JYnox>qF^
zsV;f;TyHuwaRdc4nZi8JZ8Dh(b^@%1rTX$0u7J>X-6x{6pL_*^IN&+*uJw;<w0%Gk
zcCbq33&c@fN8S(i(8D#$T0Wwj+qlngcpLkf5oKe&GB;-NiaX}TT3G=$GvV)^G09l~
zWUQaO2*h3$B!v}9vLAj`<E}#Pv?WbdJcwz9hs}TCMoGzQNT=G1Zsn7IxhDPA1=cf&
z1PD}sYU+IMBkE0Di2hMPp+xoiQ;J-ivD)tOvVM39=lEcD@s}oVhk%vxaRQC|<_9Jw
z(LnuU1|&%Un*==NC6B=ehTM1;o)KSFewHMVG`OZz{>ATIiZ_&lEmq|xOX=lrB6_Iz
zO}(p?2zn{-FRgajRhxxl6qQ(2?NZi&e&De)@v^B_CHj#qPVWT)+&^MiNwf=mvKQDl
zYkvFC-9$KXheUtLS(@Gn>8z>WySQ8A2!-0nP~l$&!~;GXSr4=dg-;Kbam!=tizUdM
zaO!VPxm>kgZzm^R@=`ibZ~PzIVaj_>ZsKkAXrfn{{ymJ(+C-up`c_qP^J(i0Bfu(9
z>%U|8LHS#Jw2QG^I72le+@s+=YlI+`u;A!DrEN~h>pt5;&l5SVb?37JQ@RPhDk3u;
zgbU4U>E}CRTMFj8=1mDqAqIruJg07($rhg#xV!7cfa!&=&`UZ4zkem2ITV1eqSOf*
zjUx3`LIQs%o-D3=Z<bLH>cxzMCSbklL$Q{zNH{(MT7tQ}0-EBY?cy?R+73Gd+xs3z
zvKLOdM`sp|5zO7?dK+lj*9i44Tk(7RTm?l6`p&*{lMOaRv!+*Ry20n!ngtr1i$dUH
z^=$!Y7RmM5hFnPcB>wf9E-u`<+1xo}6_^9{MCak;o?G+xq_m8bG+QDi11LbuMbUq<
z=ch?h9-&yN9_Dv;g;qy}rgIc<Q`<V`htm6J?oz2Fd`D;x$p>Y<d8>K5UI_kXVH>X@
zi`q!S8oy(HxfDf*ymYEzHj;O7S`1B!prZKA_0{YT#*o(gwbtgp(gBh|A_c28`3Ffs
z)Qhu>?Tnv|LXc>^e-^^j*?_KEfM(_ze;xt7*3QCODZjt6?+qpXzUIFq{ULGQ_;IZ}
zP@;_<X9I%(!+m;Qf4W$fLP2Mfr&nn_98%r=RT+ms*oIk;X>jc^_+Q@-#_^8R)c=Nf
z$vi6q%htl_li?`h@4!$(|Nbye*!MxsUpabZ2L(B<sm+1lhaV1^I)EV=Wu%jZo)MIM
z2nS2y#N!RWyLj1hEWi^@UZlv|dsrv0;&j2FfXc_^#A%CP`}SM96h8M`<y(K5dwZQn
zAA7ft5^xSCvtlkL@4{k0rRiKwqc}G`y?%V1UR)!?cZV?PASEVXwtg(g;LF)X;rkcJ
zAi#**%wF8!rWATw1t`oQRNaA2YX))TYMja)CU|}}GDKeVBOEM9Q}kzN5ovoDg={K5
zdVficjXV{#<%~F#%44n|Z~xy-Rj;_!?5*5ZJ?7fRF*{CrIYuP&+&>ttP#9)aFEqHl
zU@3l55b_A}jN8}a8%ZC1(EF91;)%vJn4UqG5kfuwKy~)vDPZA7y<2(QM_6l!kZO?<
zbX0hC0sez~VXsV0x5+N1ghvcq#vX|ppu>($JDkv+4_TJ4JK<Sj$;Bs1H_>*DnX`9E
zv;L-dukbi3mM1RF=w3fExk;Sj8}I0cngKrqO;%IkC&;?gyMA{0vvW<)q>p_8+pujd
z-+p_QKVW>c3}{#}{AD1m<BcC(ZtV(@04A6TIp*3FFDVhd!|!ve^BQs@#4;<?)m>W8
zU!>{dBHB1@<7K2LHRd?7urgobcuQSYj#6bCJOBLBzn=>hA#)ThvCee9kkpe66F|;d
zJM8#zq!7@p_6I-qZ485PA3jt|0@Quh22)Y12=@zH0{HY((EB8EbxC1^=*jXK3VNy(
zu=bC!LCN5b>mHj#v&;j;$PlOlqqmx&V>Zd5dzsg!$bnkpRjS`eD^_Sr_QD`)=pAG$
z*5V=zp3uee@Ax0V0Etp(jQ@ADqycIZ<;F1LNBzr5=(0)OZihZ#e23f;y|9iM>G&r-
zF*KmM8;IJ+Iahx}C5^a??wUt-UZE^Pe`=bbU0oYCzmqUqACG!|8kNT;;_v<D%?X*-
z_K1<X2Jc$Zo>>~L(uBWl!tqw1f)7dl7Re6W$DQb5`DLTYEKlAQx!@)o9+)C-Qa2Re
zfNrs~H3BkIK@Grl7%x_lP_`hfqplH<%-mgc0SdeBi;kaT{0NZ~{6r3(*@ZNYrMO*3
zB^5^3aN?SJkF=u_d?kA|M&b6}hzeiy6Mpn4pC*|^8+^M|5r)l$bp9z}J)A1HyUi;N
z8B7~55?_>G^ptxq9cYaE-1mzk5KEQ#<xdjCC9ML`T+wLkTSZc0n6>(=^NyWB0NYEZ
z3YY^m5bslKJqgFKCf*lA#FC|qBLLTAA?)3-XO_k0<^%I4x&f6Jy|nSwMvpj2V3*Lp
zsv_LALLJZ$8Pa00RKk<h{^|NJ)~0{u)W!Zek3-OtA(%=druKp_tutcqhxwmFsuPH?
zCjZ18yMuXL2zU4vw};icD-uG73qUzG0kFNBWim*>t=*S`8G@k9f0(N_Ulbq{=Ofnq
zFr?|4Dz-6Z$NPo+Gr9RiTD7xpM2^1a5_&Gr%7NnXrT=H7H)m#RQ5B|XB47kip}$=&
zh#$wZ!-QPYF!5Uw0OO#2d7{1eQSYb_?4Prx!IA4M1wrokbjjXisO!hQAu$-=4{Yw+
z{PVtO9Ez6Ts{`KJm*ggyddbUV?_sjWgD=QO#ad)uirp^^G81Q+=ro2dekh9pS1va(
zxw6s`@2o4c%f`hc(wq|rU)U3Y48Z<^j265cKqk~>MQ?i~d&$Vmt3XF%{gr>spYW_y
zRDA2CZ1A>B4OR!y{h0rDkXXOM4h*w|CNd2YQguSEC;tNmKz8N19oW@M{2*W35t|G%
zP&416n$SS4z#nwICNH6L!8IkD5|W-DK}aj0Nob*UQW=hqTFl}tppfTP{}Iw2vg-!o
zK+dc2fiu+HDo|dV{1@h+WI$<|s{XJ8hQ-E&W3$ZqsP->RKW@vUd0z*46WB@+xlXBT
zW$AGLr|2tFH#QHXORE<JpQ6yOl=dlVjxm-6rV;2Cz)3%rubZr*Nn8X^fu&1^=PEod
zkVGoq3%tx@W8pOyhbjRF$J!F0_bPu&H0U#I;V?mVjcQ37A->-=u1eD?B3G8#kA}>Y
zmw)UwZdYEEwUG>c{lShQ3RLHebAq6=zmG=9<|YQhQ46p8NSs(kwdA%>jQk!~SgEbT
zpNCT_LIyS6Sk-7NR}JiE9&@*c<WDejRhHD}w(m5M<k>{0lqn<M@~(<5s?&I~G2XY^
zy4e+MO+~>FQ2Ywof+o{(&0GDgq{<8>MNR+~Jea`sQQEqD9Xq#U2t3K8S|G$m`z?yU
z_ldP}85Ew?LPIuwK_F`$l$UJhy)<VJ6UL!H5i8}hnwXKsVeI5%FwhDv92~Um>ueQd
z)-M3<&ml?A@+VumE-vdWxuY*1ktn-~D0pu&ZF#B+AtiXuh*PUYMWL^N{|~po`2Hjp
zTa7sWoQ<)VvR9oDF0dVLYp4*8K&KyqHwj#9HM&eSSFHf!{ed_0S@YEThhc29uQg3=
z)Xi@rpMB9^vnT9M)WJ^^?lw+4y}k2a^$#YK_VbHqUs?^1WVWv(5T7Mu%d~y)eDsZ_
zM>FfR1J)Ua>DINk^ya2;MnCvVp_zrh=C}f<m~1FpT|k^aw1GIc@O94j0y2pWA@H5S
zFP5XXy_;dK&~c2CRD1XkQ`$(9qj-J5+g%YFDqiU(9`xvRU75I%5a%S4_OxaWs|847
zZlP>)69{K$?4kW6eU?YAVZ1%pWBK{eEA@T-{qiMPiWEV6*5U*Cull-wYK{g6m@W@%
zI5V~4zFr@+xxnhG94AUWU{GpQ*g3=ds?c{#*CQ^%H;uIK(ZjfyMnqqM$Ukc{^Se|q
zA6;{mV8(|x5-F<(4)p!LCT{ED^SyLRmFAHv?T{#kY<fv6D=(SHa*>i?z1k{$p=|<6
zRec1ce9NcfC1;;T)oE={b{GA0q7T@yR88Q7VcB`M7tp$frfSbbQi_=1;AsaEMeiBl
z%m2HG$p>?Qf=+-*d7h0}bXhpr4ds{&FIk*3uW1?O12NYbjqd$-<Opk_$f;N9^eeh$
zsx#c1<(sS>uJoSuZHKY3*)8fCmUCqIWhMeXRv7jGtfYMEW!`h5FCsZUV_6?E8;-8X
z{P<Hg0&uMEK?B!W!U?u1q8P?#V*pmj_Q-YjmEfIii3^QT_(dk0gal$0cVI;+!3_~c
z8`)Xz(U3O>+nC{R`~)ci`e+DEwsQSh81{onrvgQpnx<2RVucNqJMv(*s<?6l)K6<z
zmn9>HPfho%TEi&n#KI@j=;XFcnf1l~p^PTm-#}Wf%<4C`hBc#t*AO^2%xB$h$TkG2
z=U4T0(cg*O!<I1wOmZmWT8{mvXw=luNb#|;DrsU&!Fmk|IqW6A(SC8GLW#*QSFaHR
zOmdXP<fmvRVhFP7f1Sv+S*Iput)!%@dRYWV9TG=%0`hGjyaGhXkGRfD%K9%iw@c9U
zgMms<)huYeSsxm|csHu}gLcmYNd)H1u%nQI(E8`^Q{3h7dYFXPn-rqme*di{X!l8Z
z2g8d$A{*l5r2H8qdT2t%j<D_~$=wQ;isT}>gmj}qAl8lg$tiw4Rni^BL+{NbAp~-j
z0tL4`@)X*(o<{l}PS#T2F=2B!D_Xp;MFCM^Is{06%h75fq|on}*ruhQB0+Izk!&gH
z4Xvm5ut0?3ixE>h?imWs+V4{=OaxzXABpjBG|%=+ztpLJv`x!+ATQ!Q`a0YbM!#z)
zHF%XGMajm!`ieh0<!!o9XsJ+lu2)M~YN81$6PV7U@$`BkV=3!TcHmCpoJJ1EBm+Yf
zjVZ%^FnT99y?%v#gJGekvD9mL<jy^@BzvR(DuTLv^U-h$ZI~tYp2qN0R#dAT`XE<V
z_rhbc@|Y;B4$=Z6LeBZC!WQo_)l!W?ilR3iM?UOaDAx7JiC6}!WtHkyAJ}OUrc}7=
zYQQHcTDc$^hM5(Y!_+cf#+a{HmJbA~rPI;#vA3M+HKv}Vw$`loX}D0~Z#vVIJy6vZ
zJ=oQKQt%%FgEgEj?w!8d{)IGjLkxq7@>oN4S;G#emgU;$ICjRjQ_VG%d@;v9AdizT
z6P{Xy9-;js6>alBz$fR=x?D*$P!B9E;D_tNZ4+qC;&H+DL~JbG+$HsV2m_jI0n&MO
zZMU}p*pQRAcknSgefM+qt^7r3szmIO`E@MQa>xQ?4Z9Wv9OD773#?nokYZm<tnUFn
zFa9UASJ-qeM=2gtU-s-Hu1Y8QpNfjSM20cago9Dux&)lHvsGV1S2?G|x8y-D<f&F^
zJ-tv;PP50rjX*XQ+^?tEZ(z+n{`bF=Z?hK%@b?NVh(T7%ZkNg#Q!4Q!^*edMUJRr|
zFgN00?EPNo`JE?oKsDX%#VxdApV{m_^Wyy5Q$iymE#ZPj?AK$Fg}qo)O^F|2G!6w6
z(qJEIzO(4+G0rHcv$d7$`kl*x1v9SF-6|OO!$uX5sZwDK*r6lP2LA4IlwZP+NsD#H
zqR@)zsKm;FU2Y5I2dp}j5~60;%mCmLeoqb%<&#IsF(yGn`lD*nb@bHZgmcsA52g}I
zF;I&kONnR=i^N<<7on*TAbYLtiZiXc9}cL^GtkDhY6hXb))r<oQ{e*yrr#Nw!(5g4
z*6-qf!$Ea3B}Yt40P$})NthaLI_uxX+<aTg5s3wJu-{MC_S?61d7SD}0^}zj|K8kz
zP1w@CA?pR%A!Uc?Ks2vmBy~VzQ>zqF(`lEL-c0*c$rVfeW`DEAjMP&=(~=x&rv<1P
z`oICyTTClO7RHdulfYp_<zhq;B=ilGzP6V@VlqPsn@e(@K=^?6D9E;&1*wmJkP_Z%
zso=XWE}Ce8Akg)Xhhe2Re{AAL1-U^aOa!+-(&vgTeulvXXulCWvvrSbK%Y(EPLN4`
z7}eoXvN;(%W5EX15JMVt9)#OD2SRP)IA3Y>2*#&Ly;vQWrV*)P%G7Rn2rT`sV)C?0
z5I^`P)Vy5ufT3>OFX7w$gkZVv(m*H<<9LqyfqVejRL+~3j!^J(ns?IXtv&&f@;il<
z>S4Pi&^A*bq#AyN3F55kCYH$2vz%04;GJG@<`VHdVi_a<o_h0Ds*dWGkv8}ULsh9w
zs1b%OqgKOzAo%F_C|YTDy>LGog{-$IHNE~GJa@q<ur*E%&|5hp#8$oTMoQb^^95A_
z+p`y9oYO1P^^-ULPfRnKZ^_}vVvmixBKLLQhRKo$irf^%N3akvc<B8A!D$|3dkG~5
z>joA%Jv(wp!>_TqzOCs}iYvW(5plNMI?}d^#A%_I2V<4o+$;;cVB3`)>a}PHvNZ2(
zZQA=L;I33Z7k$*&L`ub|C%(U7{+aE`>(r8nJe-f7$0I>QIUr=6IZNlb5Pp@ZlYuq^
zzcYZ3pnioarR41(|BFlN-JaV4X~DxmEC~fUF8-opqBg1!aQ`QHjt|-FO87#WLbwz?
zmDM<Ez^>mX=KKiz3<2%DVJVixIuaV)lk(CSc+XU8Brtl`w0SX(s<=GIT7gP#Uc;mp
zQtLzL2I6D(d0a*gUNCHt-*8xjD^;R|v|6Ms?bn$0(MYUh$R8U1CvN{#y~vjG4zUC=
zIskA@fhRTvcuV3i4rBXHQe$;g^Ikb;9&Nfgy8*({Lm@U#ozzj1+#<cA1ibe^+(Q>Y
z=5g6-<A$l1Ymc9tKdd&aP6%ooyEcn4sj>Aa@GR@nQ&N3U;H7mW-$#q(!KmVvDjF_r
z50?#pv>TESTU3zEsz0X`3t4C_izrD2VBD)pD+I9=M>En77EBOlBUZ)}O-smfQ&EXb
zoFL2+uD=Vaeh%M9z1<u;!)+h9-$IrHxs&Gh_|4RNp-I}2uEDYK{G)3R5esfQBuP#w
zrj+^3x`vI$4x6x_S#m$GHY20K!|Zr`Jtn?1|D{=8+ZGQpbf8@2hQL5?U8~zv%wOrn
zF9M3~Uq-3*D~rY&M~d1|VmxiPdN&JNo6pq39plwDkYk0MaY?la<d%td*;;vl^jZj<
zt%4FpZ#{~?*G$ifzT@6Y?3A&V=N)%ZvQgHI^ZoA~4+oJ1&-k!~j`jOENoWSrr%U$x
zONp!s5j#>K*`PHF5A`OD17{$b#Qw8zSEL@swW4ENfsg2eeNBn+&J*XwfQGK`ER0Hx
z%itkMbvLp|Sl9<R#+*O4ofbO+&Fjap2i0$Ks=`M{Dhd{onsc2Zr`R(%TyK`EbDan3
zeHN3H18qf|G2f<V+91kxYwKXhE#Aw<Zf&zU7Vj`gjLAPV;P9Vkp~6+>q3HY7$WHfj
zZ0)RGbJ+>#gZD%15D&lwhv-bQQPP83E2v2sBFUqq{sm$Z)E(^=D<SFwe;rn#bs-gE
zF{;ezOaEoXBK&)PP8$*Bwx2z(mQO2B?w60PWfbM(Mb=;p6LOQXDqAQoak#agVkVUq
z8_iGAw3BNY6lux=CSMU`m)HcoXbquga;Yt=dwIW>ldZsEkHx=~^R<MRI<fEjnmFpE
zE4#~3u+#}*W3FsHB5Z*QT)2~&E{DHOOb|qYCn=X$L^eI!AzFYOGMdUu5KUmGpz76>
zApbknJWAe)y0;DXHxYY<c?kyn=CwYbdhhaR%|#eaTf<Wof_6f1(M09kWErn2KDYWv
z`xNz%d7NoRSJs>uTg6@15Q$8eQ!~sh1h;HY^C&2qK_d+0d^G$E7#&1(UX>oP?9$WJ
z%UJHYyfw2hKRU)PtDs3Zd8(j5H7;UuJ*<IOvYpcw%4(4#IRW8aIt4)m!PzG>5Anw>
z0(LX8S&Ce+Utrg5Dw|lC_{S_LB@IrDgZg>EKxfW@5<*r5kDpy-0izFR+>71q6BJ~4
zcp|5~tJuR`mtCa=93bR5i+M*$e#Sx#wSEYG@n%)hBc+3TAUxkzPL%P%*}Lc$Oq6;&
zPix=i!f&{}DJ*`D_SXwN%UGzrOK<%Hytit7Z4JX2UHV4xm!HcHq8AKpFm=0JT^l8q
zZXXd){e>wej6-av>UHSG{v$asQC8Su-OVhaBtEdX&TLEtc;64i+$I!{8X#UT?UD@l
zMZtsjt0^s90VnqFNrlBkG{Y0N?QyoGf9hz0O1)2}uN|D0P=QUxYQpwGh&YV!lz+dc
zqd%s)@Q(tJugSDP+@$Q3J=S7FcZ)uSjtSrx#bS``mQxJtq7-)h-Rm-@gud^R9A|oN
z@-r@F9E?u|s$z%#TEknT&t$B+4%5;C*D_Qi%Z+BgYnGj6H+)#FK_N0*yQSmFEe`o1
zGZ?G_QL$fHvIG(xnyjxfJ!6>(%$I&%E`V#XjSo^xX2Q=%qAog>`u)a)K8Kfwd8Tec
zPFs3!PW*XjA8~P<Y9Q_gYY;^y#>>-BoYs6UWoM!a9Q?<INhZ*#h(yb;jr9|Hv0SrF
zd75c+-@UMPr@yXB{TJR|e;#o9S<BT(>-<07%udTlE*`5XUDXLs)J7e4gxJN`<{KS6
z@}I~x8JHEKdW-;A{1@l$SPVKWr4iZKPcCZj&8fZd#a!qx>jKD#Z}7L|fDf(jByO^u
z)aZhJAf1)J3jN1`v_R}6#(>&W+QNyaOR%b>37)b(Q8pGivV#K}SEAPXNO2l~Rn79@
zj|2GDkLc7=xFR@-S>uZ+ZlaYs33gMZ3}^PHIg+80Hw*0aCiE@@1;ToDI&$^(AMb<@
zRxn}*c0iDd1nw_?2qInRBqBxG5-G$nzjpOa;JD#ia%oBC$)9i@;<h8DhxL&4qMNp1
zO=pRj`<g(~D_oV;`8x%z_`_7(q=|z{_&0&Mpy)MH@n4tah1>;Jco37=)S8te!|~me
zw+3`Q=&tn6Si0Mc&|vKA!g%C?%Pz~@_*{N@W@ZzXG*oZ28a}~{dkXg$66NG|FgDPM
zz;kK6TBh-728}<eMIn26Vj_$y4$;D;glch^z3tQz70G?y|FNmrH|JuS)j=cqP%`nc
z=caEujRcx@ZM?E2%fAp{?qV%gLPXu&2XQj3Q;2NLicq@|13s~!68czZ9bp&3M4<jy
zNvJ{T(7HCy4LfMgd#G<AI^fbk#RO4D01+a-bnzO;*n1%AD$kUqR>}n>_Xlj&jbx)$
z&4G6_lQ}szewq&|-`l3JmY~cj9}8Hk=4aLcE3k5>&m@~gdOfX)c5ILbzc#N%2FcXU
zf(CD4!**q3?=%^r;9Nx}x|gr%Rdnv0DbbKzgZ?&bZ%BYq{VYh;s4DouyRKau*ryXB
z;dc9CwB{7x{G{b43;<0f&J>g5EVjTZQ%+_qKH{m#`PuF7+UK5*7*FU(S+F&FmBM5R
zF6%h20ExD!9<UkwIS=QXY8$<^Jvh<M$Gm;oyx=}Qp<Pxlf8{>DKi!{))%~5hOxj_f
zT0ML1nb-CsJ^=HjY`Z87Y1GRH9x}_q655u92waQ|yH6Yl15TtVb(^Ii!qATEO!;0`
zq;PY3T90q47jPh%AA82w`Dpm6a0jNBC~uc%{5w!4_0K2`+}tPe6sU_S2}@&ketzzd
z1&I3+<Nh<&94|a18WF>OA2bc$C|<dbX@Mz*TV*8xKLV}OI86TRA{KlFZV<Tyq?j&<
z4&vrt-t@V{?GF2?axAJ_v_tHgHLVw+N{ok2$z9ccL0$$M@oq4i`+fYB|5ooqE>;#9
z|1g`V9P|bMvMPP^&x3Y<&JkF7AgSaCE)CralL&HWfJ4-weSRL*u(`vFiEvEX8OoUB
zhgk<)FKP_SbQ)}bMdLgJ51lwwRzy$3L7o08`@xI4pI|5GWvm;rK(;vM?OEQ|NzuS`
z!AP$*z@+)%wy$-;;haaP?>m#|?!Vg;+X!=vk8zWoPb$I1NJHH8`^mURgie<vD_N40
zK_Ue4EoFt{<&5P?(?Qb%#*5?m`y}AFs#?T1!+*G>{|zRkj6)(d*0OBEKv%wcuu!HX
zaH#-GDhF|D1zV@jgDOSF9PQRUhjj01lABNC^)3!zJL0RB^K`TtB|ZG?1n&ENp6*wT
z4E2+P?2t_d5#-&(7BuxPiroL&bBej|0|>6oXZehYi)=H(rQElg<o$VHE@WE-7EPJ)
z^GUc+$bvYslJqXBI?Ori9VLnnNl`b-DDQ#JXjp&0v5}uB0%)d1HBZt!eIDCXx`J@c
zxw6HD7*{sFZIM;^0g}W$=|f_hjIKCYeoC&2FXS4ZMRyc?cwvU)(WsE@Wez27dej{>
zY%MQSb86)`c}rR2FC%{-+_Pd!?GD8r<Vnt+mxfzSYyV_!AVC@zSXUlC)u%*X5#RzV
zVy<+UO$vIX*K3$$W;LJ{f?X(wHgF}UQ7^YnQSEyd8(@=QVZOwyEVXD#w2Rv}o~nXl
zf34e4Wl7Ye0cCRrhv;a>%$+lZ%zSvSN_1f2;+xUt#dA&`3|F=wR&=7QWPpv<k|wd}
zt^~jOh-AE8Qp<RXR&H|w?772sJ@<i#N}d0vz2_jP1F{$XM(+B8-_Cdiz&f2rjOMD%
zJmO6}3h@x|i4e?#5Q~d^wwLEl{<^p5WLj^)$5aug4H~JQ7bAya#*-ws<4Imlkde6@
z*jFq7Mm_j@rBzT^Tyc(y0_0VMJn)Z)B;Cuz4&V;B<HZC>j$Uh&=HRmXnCyW|2`TFt
z5tirZ%(t}1qfa>lVxMg)r&!iYOwCtF%Xbi5&$3gfZlj}iyXlmZuIdpRD)B2DrG~f>
ze-w9p9mCI|@==A<Y1}9Mb~sxx(2D}_3Nv7Agwvp(nRBM{d2~ZaY1-qSY1~3s#mo@J
zL|K~<P4G%4|Fy@F7Li5G!Gi-8kFm6o3kZ7_e@@Uz>+JF_#nELdi3=nbu9#*GVOA?%
z`u;Es;eL!tSRsv%!YOozRJ<${h%3+9zY&%HB&=0De+NgdJ1<HSqkuh1RWvME9(Sdg
zom*qYAEDyyZYP3j`^)dDN)QJ~;D-g`^mRKG3IHOB(yaxdUGxdAY)pV+Cv#W#SJnEV
zB6tPMbmXgppugl#q9og^68LT4xv1v&2lZI-F*k_|LGtt73?X@at*#lo9#M|<4UZvU
zae=%{fca=uno!)j@&c7V5oY$c7VNbGeyE#6eTy%)Ja~!qwlsmsjUKg7dfNnGh|0wZ
z&*y5?9bvsEV7qUt+1n}he29#BbzwhIoU)coPZ0xfr#WBbiE2Hp;KNkG@4CGkEaphH
zdKtX0X`FC||H1R86!K93w+tlFp3~e%p($=1KV7VZe^`Ym!uGeUfb2hyyXRqE=gV^1
z?{9rqUIK+g9Dz-(niTOg4g?&?N*wzBBN3nT8QwEvAvA*oB-$3q&}VPPP$d-7(-92Q
z2G-ZVVfq4+A8Ocv`EOdfb#uGt?lOvCU+NScN`cPlh501ri(`nu+HdVhy$d`W`hm!+
zg~qhE*d|bn?NG8=R5->34^nW@9ZLc$9z0tOi6$!iH&Wo=RnbBJMjZD^L4uE)SUtNm
z$F)NK3j!Upakv+*C5>rzH|vic2glU>RcDv(xM6)}dhmx%U;CF;y}|8NO$wOq0|9-O
zCUxb+AB*3d_x8*<<rYu)ft1;jyipI?FlTLnv4wBpANM3FeUMm<xBQQo@E9q}ofqI>
zVCRijDgba`bWENMq|R`n>8Xhx<dDN`raaAnxlH0(-uh}nLzeiNN2byt#pmOr^j&A`
z4yG@h3ZGv3vbip{@o&54?Uf_7hbLPV>>tGr#V*+A_h9v17=MNC+?|ObY$Ksn*0j_4
z#Cy#dD~KLh70c|)7ux6KirDQlE_kbVcgk0Z85=HuXOH3i1i=pZ-S;#DuIBpJcR(4v
z(&V1kEkb^H?5?04f+*4eN*>Dv-b)_7{4SUOU>?3`%YePo*xDoPf<G>tFdxHVoYA(N
zy?getZ?-fc>e9r~!&L<<NV`T|T)HxpzQdl?!7(+1`z|a6(ooq)fb6ODKp$j$RMQEa
z+<PbBMsgZYznS=c@D|LOXHlfN6&;Ay##n+lQZW-QI|uv=jCI-*z#((&tA8z$k0`O!
zYcsHFai=CJJ+pjd2m=5lhm<?Whp)Xxim>A&yQn!#MX)$cnh9Vm&k6Tin33ahDDSCm
zJB#{Vo;tpw)@v|%%(2K$ADZu-#iCX*torKOpax^}@-iUD-4e;<en%_yxV+f-?sRuS
zH9~vMw{3crTg$h`@N7SKA?QRoS)1h*uM@-1f&ocEAu^>4y&i~H^(Qx?x-}<vXA6>w
zC6CCPZbQ}-icYd0;3@r(n9$8hZ3b42NE(#jz|dqPxj`1pVGwk$*tl<2)3!N-11!Do
ze1G4>P;26rLq8`#X6vt$Q)W%GTK}l?%;(WoN>PlOh7YW=?h>n*iEtup^0NMzLAYT|
zv5;6Ur@E`|3OcJBOdR&xmBK`3=rY1eg`+SY_(mgTImU{)wUc~`an(98eFfx2qUP2L
zu%cjuco~H&)qjp?H!_h=KPW#NKUyyjge2}J;>t;yrKG_NW`!$TCX639NIC>EgsfNq
zqHtRrR)z9#d6dd+{mg1qB;29_z#QCpA;s6nm^?(hIy`;sYd(e9cbW#?r#6Pt<&|i@
zVGxEsat5{LTV(7fEwpH>I%u}sR)YnY0>5m&9IUNUsalxRlvMczpSzmT7r<sI&_@I_
z-uIf|PR7lX(eAIQH{^U%;?6VA?jc?-Yh+gCYwh<VMopsv?n{VjJ=^`Ssv+w-s-8%G
zQVM2ZQOfS0X0AcH;{5y9dt~(ABFoYO!Tw(d2PvUO!UX?^bp`|b@n5Fne_n11$Vd<z
zGKJWfmh!)y2Q(O%)qi;D|2J!g6AaAL$<>_sSIV^sK}wi0KKRd+JY#+c3(1rnV@87i
z(e!_A9MJx!_kVq;Qm9NQ2>yEt{-gOWi2uK{WQv)IAjF|&O5uNkrB2F$i7+^B3Z*F(
KjFjPj)&DQHd|D|0

delta 12791
zcmZ9zQ*@_I(69ZEZQJHV6Whkbwr$>%iEZ1-#I`-LGqG(=oc+A}!(MCGQ6E&-L04DT
zuh+V&bP#N22(0b}8ueYrl0zE;1WH5(fe1mcU`f{ogpE`%uwcN3roH1j7wV^=(N{le
zygvpV-IQE2eJ)wq&%k21?5YoWHOq`BaT`ji;kQS=KOSdQ^;u0i$`4U){QaZ8-npIk
zoxA?pi1@RTv>9Gxa9v>1HEd+}LvQy_-M|@Av^kq;NMgK~9P8H2#fssULV*!BV1`}D
z2GK;Wu*XzYZ34(5848ahs$faKvuSpiVaM^7VeNY|!r(*oe_LAT>S~nYf=Ob$eV`nC
zb4<h9dUs#95yT-JiCm$QejCDa3ruw*J0QY0=Y@GQ!WM&0WJtjgZlkxBP@j-L3^Go+
z`7%K&8c4@Soa$p!L6k@(gdQc}OMAW_;_GeAr()oLbpsf8cTw;WE!p4zQ}f5SZRX#K
zd%sz+Zp_#O!@)Jd{Wi5MY=Z`xv1JiD#cx$HjTnDH9R5hblASN~Taul9?x~naJT<qx
z&q`co06&sl)8%3?QfnXbRYn^+tC_$2tw-0UAvt9qmWc&Ubf-uhl!f0p#Nm(b;VhU3
z(Ry_MVF>uG9gmKmla`~7pe?HyN$3U+(V_iwlL$w|k7nb4ka9O5kP9M>RE!%NFo9lK
z^r5CIT!B03wKH(-F6!Rzw5DwCNcH5<{TEl$Sv}yt|9tIQ(jO;%V!94)(U<n;7unNR
z59`5KXK0P0#<1rstc=clL*X-pr)=0<+RK`)y9OY<%^mMmc`w)$R@48<vDrJLWu`wZ
zyr2A;Jq@$e6Wt>zic|x#Uw3GZi%FWffHTg^c&*9EtI)uXG)FNtY(P&`M;X!(1{WGs
zl=(zkva#4Bj9GSlF#ksKi06XPNKl78SI=qDlKcije>xk#I+%e^NgCemuE*E<tDy8<
z*$Qy#ApUj<UOZzH#lpbd82{3iab|wlGVPeb(YDqj$&#QTSqvdjga3!X6gDqSY#QER
zf27I{CT?ov^3}FATrdgG@huumP1oU4WHZ5I#)(99>)|x$1-y)4N)X3KVbCF3Q2$R2
zR8{3zeg3$J8}BQw;jGFTvHN>q=`Cl@5S=zrfgiD<VTqd$nqha@0%pqTGyYQR{_|jZ
z>B4iO;)W?l3=48$>vl-20Yf7nQx}*j{DFNd{+-@4I~m&94x88w|AlID0RO*EqT7?_
zAuKzX>C+-0(eevCsUHFpu%|{LxS#}qW(q(cG!O{n>F8p{V&-V-Zg1}3#_VNpx2XR&
zc6}tXhs0<r@Wcq&uCMxtTII~OihU8=(_|E>HOZ(3T(*#MB)L5P$HZkN|Ih{^E5u~u
zWYK}l(OYHYk9u*{i(!v>)(s}rs>AKp*OxdTKrd{qnuJEA$=e&SXnJ6u+MX=*uG8+}
zf4luS=<+S4s%XvdHEy~!%-wt$|10$N^~&<KYB*i=*WuDp6-mr4apJ?{>CP^tbbTT!
z%B<yX#b90srjc8=P+~1p;ylW#9@gS>STOP!r_|x(qSl^p>YcLRPt4KvoXXOq?eW%X
zZh70NMgp_8o5LEAxV<yE947Htca83OoHxP`7V!zIe^lg>f4H;5abzC;HGK~?N0H_y
zvZwhZ?$;ER=>3vJ0S3mkFL4p3CDtUP(f?Ez6BZlFRMSAUxop4ZL1eML?uhhe)#Epz
z;KUl)Euid-dt=pxZZ!EKb{;<%c;nmmo42rF#a_}VICKnHnKgqO=4ni+>NZM3xo4dn
z>w}Ww5AErVDca;RoaXY{u+q#zdC?k5|EHC)Wt>gp$ke_9lB)7;yleT)Xvx(#VEV3d
zp&(Xe<+zHka-dBzV1hq&eezFZ@Nl9U$5-<{%@R34GN;CWq^9(9l%rGD)9DfYm-Xk>
zVMa}-sVg@?e2^yjIj|l=w~3cwFLm5#S8JL{dDL5q^8x6ED?KwgC>EVSM8sq*MyXAr
z8WF|&yiLTkj{F8*xbVFiQ7pYuHKuy`wkGc#8wi|Rnry=n^jj4sniN{*65Ic!S$|#5
zTun7|^*Gnoa=@})@?9@4d|m@t??nQ|el&KjSbV@xnzWk%wXS2Rzn!Vj?Y{0;Rc!^t
zhU+C((bjXLKB9AF`~5m;#9pVA;=cKb$=k%T^z0JR<{6SrzHa@1WAsczaVRazg{6Dz
z<38)E->iwG)9n%=y$#R~pNN?sbac2r(K2-$PpccR?w7O`BG}`89>OwXU|s}olX8+H
zeFS{`S>fJPC?w+GrYi#%7uI?izzwvAdy>FzhRIQBwMRV;bY{nHo@(KAAi%yPvs9_y
zxIo_y5;pKq*;~JoCW({$3%e3*U3tD*#0(L#vutlXcpb#?@L~ZaoT!AyYM13ec<;-2
zE4S1Nr{lO$z*SCZ5`o-Ujrp|VlvtfcsRPuZ{n|Nl=zdz@PPg6%Hvlczp=Y)t*B~8l
zPVRNu<9$xBIy`o?IK)4vuquLQ1hDyiD`31yVbTz-S>lrNP$VX7e@CbI#+)BD=6~pG
z=7A3$lfhVaUG|Z+i7(n2PMmmpam9hz`&@U*!KjLKTI9HIG))K73XDYl12NfCLjf4w
z{P!N#$=d;!n-YBUNbg(Z&nG0g{zy4Lb)&)D*Ue2Ce{sufOW@AulZh$$@oo@G?m8%7
zdw2+S_Ngm9*nkLhtE@0ShJ?)X`y%gi<^-);<=#hd(_<{`*Y$f|2M%i-8YYT`OO2n*
z@b?Q$OH&pbwpx4?%N9m-Y-x7{)BykPh{H9Ek%o$$agKmPm<cSfc#-iI`M`yD0`}0l
zjMXLiogjM%CFi;sAs;`bRtH?h?|-e>+Xw@)k!VAe%~E+XxiLKTdIKc;;T>f#FXRck
zCuSw;OfVTQQ)E(_gdS7@?V>lzCv(0lLu}j}HP!+tP%$PWVvG_9d$2)%0dNZ6vzdLx
zG~$8fqV_B_zp&RdpJZrJ?By0$nlCl?fT0M|{>7Q~d_P~h<xU+m4RUy-h*vINgJ1K*
znDQ+6;)I*Nc!-YWp_VIy)>IO4nyh24(`ZLFe^)nV7F5d(Lm^-q`KCgNBR#&1QlP!V
z<<w4T)|bw(LhJCruLt*X3Pd(TQto539^~ObGmS<0vc@<d+D$mikgSmI%}j7;D6P;W
zJ>ig2dNu}D^WPsECOKv+>b6Q<8VGa{&wMXY4EeWSE81>x))i-z<6h%AqafFb#P86R
zivx?1szu>o&AUI=YtIpokcA&>(C-?K-7ltVL*~b(fCb&2=jODN4$$dc_chbR?qctO
zb0QNy^Mtj9AI++wo^1Gzr-tygf^A6a9Eaq2t?&3<ZL3l)@p^hr=qDPSbXa?=SF3j*
zBkT;$zCcSuvW+jH>U@-;iG-ee(8S7pZW*dV@^lxNHo=&oE?0fs^224ZJspc=`YC`d
zTL0@vo#PUEvzXAn1$>|sHyr#qU6$lWiv7PU`a5dw{G<n?f*cdWvbD53wQzh+D>-`_
zVp}KrKxl)!GTEK!VOGx)7;M)2xL0$}8}*(_{j7cy9rC#;P>+@pOg?%D{D$kX254tC
zc8Ya>$IoGv%o9(PbVe+E>ln$d;Db$S&I(?LblB{CgQjT90G9byro_VM?8wS01(G(L
z#0eyNG>c#!YD%^Z2ao&FP6ik=7KphATNVU&|9*PsAg-S^cb0ArjgPg?>|6blSZq~k
z636_am+|O%np*ksaJkjzGUbf%@--%)>r)n?qOj;n&M@y$%{5Rn8G8se^oF-o?r@_k
z7Yd$=zHPt?0lZ~rE%uUs^F%|nNQ`RF8(99NVGGvs@6V>?EMI_0|HJcxO47xyae){`
zF_`6RD4K(VMr`#DQq`#68;WW1?#zDe9|4RaDIr6%qT^IB5y4`9<hU}?cy_o%{+Q<$
z)SEncY8t|9A(kZ`4FAQ;SS3oPbnRQM-*47c`cny^umE--37`PpwC*uOB$&7mDbrPC
z#CGsa4*S;4a{XjgEDFxh>$gzMOvc>Y6}N!8AUP)tolFGM>#%8wGZ*fmgbU+X;mkY@
z@;u`s;c!IVe$(w>S|XHUkH?YB_ZWw`<6$KUxVuY|2tivD+#r*yA8QO@ltzGS(dIMj
zVL9}^HsCPdd{)I1i}GqX-j!0Cj{AByM1hba7cpi*w_Fq0<wq<sqvj(mg{-_E(jmrW
z7yM2%gXN%XF1@WJ7-3dUYiVpfuZ<~LpIwRcA(3m|wVkv;t5EbfXc2RGaP(1%#5G3s
zT1(8u0z8+6@ynMp{_?~BJZ#v2wddvcR2_3^1*VugC;w^X9&+hfmLn{szA%gwuQzub
z!Hq^w;Ip3h5j$(E<#t*`LD;~z+eQRM;@NC+K|9RYn0Ow`r484)sJI9Z5m^wK@+6+5
zUd5k;KDTi;2c|u*O)*B2B-5JZJ9b%5wD2y2sNl-P%Kv<}U8yi{0SlMQ30Q!t++mU|
zp!3@vIfnUe_L1O)KiQP8=yu3C)2rfTUap*!0tqf$ino-XyK=WI|6IiEuT}B#xrO;a
z4-jH<sr`HNqI5isjNg~-qUCXVg@V6qiRmYz%dSYU<@#mp-*Zm*4}s>fv(=z2Ttq#k
zhsmBAiooa}J<z)`LJotp(gFdBJ96mxz`Db_{V{u=;?LLQwpN{gtuwBSvWY1Dg>ys1
z$mbC|_tJuuQD@3!Dx5Ms4;G2FWT+X_e%H0F<xVKQ>GKz{BcWRYXox<r>zo_Sn+<v5
z9;a83P*z2?g&atmR_CT+{0V9fe=R9<ZjZRai;!|MUR@qc(<zEwI<GX>U)AQ~fL-Jf
z47<_*iae<Yx5=lW^wm7DaKp(HQBKm3%A+-$)}HLx>h;V171N%whMp?t72?&4S+N+*
z7k*5u4rFAW)4V`%g5QCy;jG@q<+p7MY4z(&u6D@0-7*3bUr=s&mze_L@fcU1#|4C&
znb8jk?xNSJU@B~L=H$DIdf39x034i0$wTwb=8sUqYaG5=Bwxf&K4Y)k)#0(`oR*0~
zZf~BAg50=y?vx6tJG+poX?|SdWL!KC&%PO<WbDQ6#2G6vHtph$S`FNhzilas4?$%v
zK!>0IF7j#b<{=8s;KX@U<-~4CRPSioienhgwSi$zj$RkR-ky_N%*3@6kR}w(9D2>X
zt*18!Ty;*YKrtvgzvf|cNWoPT>Z+G5Mx#Yf<Q7Q7`_InBBuI!45`lqN|1|NCA$M^O
z%OkIp(Tmn!z(tUq{1qWxctYgwBr5p*@FudHCq%%p#UKEaT1Z392Yy8OFoMSgD;-y?
zn{VJ5D*b?O&nVHz<kUk7AiN%jOUCH&3!{N6oqyr0^ZyEKy^fo1{<f<^tktmy{W-Z#
zMm#=I_Dg(F!`bLb!oEwUs@q}*^O)2Ujs8riRHw;`O-qtcoewEFr>4-K$TQoZ5WD!S
zBQ}!AIoyINPjC!dMx1G87G?)D+}=<)e~bLMpk9=+FRMG!lNRa;WR6a}a{Q`CH`tXT
zz=-+f_d`=b0Y858Z!y!QP+`u|u%InxeN;Eq<UGf`g#q_^LD;Wa?+Y@LBA*KEx2Sko
z7*4`JMKNf|JR$jNA>7NW^Cxwc|2;hZ76qgY{u7uByQcy%hXubEqcAe<We4BZctxAP
zr?$j$4fkjLtVQER1}cAqPU1zf(uSSW8}%4MHKwqQ2-K|^K`SGZQeaQcl$(MtW|sx#
z)vbN0Es*3SB%I0`hyarb$1}C}c=$*LiVYzJx*>t^N3ep*%$WhVYDL3c(Wh<D$U?cS
zi|HAGcqR9NRKq?}KE*ckPx<WiQYR!%yu2#<WY3E*4i#_%06Gx^mjus1V8jilu5IbZ
z+Vl{<PR*PV%&_|(BZe)NIK-%?)(xp$yxXoe;p37PXW{XxE|&hsCD)kb@Ro4@uMo)`
zxhBfBVRpaOH#Kx<V^-7Ay=F?^NKA=n*JfkZ80VezsQl)CU=JvGm%ebaf?6;ztk5zC
zoGz<F9KHv;fIn08Q-EKryI;JNQk&PFD8uz<{M1jX=?_R6y>`sv_Or4`XA6EEBhHsX
zXFWu_H?%Sd=~>ygfyqBr2I=Bns5xXHJa9$ykbXiw@KPRHt3U!EPGa-bxT(ZR9Z#%+
z!>GT5xDfK;lY_L$Zg=Qe04^w}?ddx$?N9zdK|Emrz#jyWh<E2P_yZd5Z72*s@O2D~
zrY^^-?}&-*-qqfxOce3?@BTY|F=^j0w<tsE!mq1k5qwnfK<ICYp%{k@ztO-0jaP%v
zXF(cTPHm$PD1EWhsGjm7*fyQTDs!wqHNG~TvSWx{J1AqMecYrzlA64OvFylahmn&N
zileYefi?bo{F9p+IOLpI5$77}@nP~-E-6iG!?3lYuUQoC-ri-&0Jf;0Qhh{uS2pKP
z8|!52{<w>}uD5;)uM>?nX?o3NO$3V?!uY|ztmAxwPU!PbA|3OgL1Y*4JVW!3{|2)h
z3GL6PDzL!MTF_j;9%m1qn%iJ)@~^(l820h!0!b0?kvf{FD@T-JiTOCepGa_t&7M*t
ziXt@hS6NoWDyCwN6b~oh_|N<VQ(0=mXmDfD`xaav%ZDc|62#C+1f1zQ8^tn}AQ4;a
zH=bpV?n)iCLH(2kI9piJNv3^8vA3qbVMY3j7r3ej4KXqRel#rk!*{t^Y|6xGSgOug
z03k~sw<R`orcQjh{G??F>clr1R-_#^wQeacGyG?=4fe8Ms&*4XRLe+2!rTrlQT|Ce
zgje5;YA5O3x_+BTovNAlvEYN?KDE{}Wbh<b)xh!GXGAmQ3sQ|5Ni_uMp6^JIkeU?F
zRzXcmqmIntIo`*%9E%y!%6fJp5C=LB=(}q)>io5dl-Eq#hBcjnrmkq*?zX!?iykTt
zn?z#vY6|7Lr74$Hp_^P`df+yK>^PSEWIkXtA1K#xeFhz`xf#aD;84FY(sWrLRY)+*
zasA+g|HmBWh92sb?oG5x@}h3zhB54N9cj@Hy}B`8!X>TvGn4n7Qu;Q+<LAZ#kaCiA
z8c@>!ci{e$UYK_@2GJ!w^<d(6(4tE55JRyTGG#jrcJS!?Ix-goMObtMDMx<(ui+f=
zv`myus55hB-fSx;I6V6LFnp=!=d(yNa8(XwsaY$t!b`*j1gxA%>Y;Fwes;1S=9|yd
z;RB`N-^(KQZ{JYCe?(L~*@0Mc0n(y{$}0T~FaE3}FZ07-NjGv)68E<NQazqgS@If(
z*d)G_i946ZDuVOCb9D*~ceQNF5SO1qf~(Fhdo-~>vxCihY0a@D$cbx{2(-Phi50QY
zbs))J65_Gt^4uI?y`_m^7gI?bSEU?BUONXo{1VoiY4bBgR9yALkJGFc|LcGApg22!
zf05tHNhVC5_`C|cV;Y;VgMnLI;z*8A^XJ4uNTkeyn#3mY@oC|713IxPX2@t0a;^J5
z6|^jM*8>owx=}{YZRSf+e+G(C+2gVp*2_nX3y??ZX)vRG*pnj6fE;M9#blW4Ff^RN
zEJ{ih3ifMZ#RI{)X7Y-1z!l!b<aR2xwEGa-BpAlj9%}srN=E;&z?Yc=MU!Fwr<>9P
z&hJdxBtqG(NAb9zH+KF$`o6MmpRZ4yH~Ztk-St9m29q~T<Um1-?-nN!QfMZz?%Y}0
zvm&J7-m$n$>;V{;c*G&QsO0&f<$h#85`j}5)HXSrl7Twgta8R(zzPvnr4*FY#~(ES
z_6+NMiJQUbQJ^JKO^Nv{D@L1)hD|1XPJ|w|VZ(=YBSIg;J~HyPz4RIXncPKO${N9b
zDmD>hM9PjzfW|0|@34FkyZ7TE1N~CkvQG6hnCG6-=%rPa<WA#2igpXtQWAXO1eg&+
z?IU*}KGt5Pm?Jg@ROnCQm!};_Q-#E)X62D-KX2av6%RPEUEo(!*&fZz5;5C3G~Q)%
z#iQDvyMPLJum;Aw;ySpED8HECgI`lL6oxA4hYk^@kCH9UzX>2FaB1;%rW>$L@_xg(
ze8uC{-qMd{MJ{ET4xY*<izQw5k2&k7Lh%?QX*yO^b)FXhV6-TB5A1?>T0@1rL!$Ix
z=Fv}1j9NMWR3uh4f=hNr&Dert2jP}^o@Wp2G1h-Br1Fii6eIK%Gd@f5r+RB_pb8S5
zE7OV<ka?G2ffxV8=bwgJMZJTV#wi>ji`s^2ev*eEf>UCV^{AVsg@%;_Cod;OYUDQU
zC!Uz9M<1&LU^)M}M3Ir<^0*>_jb@;DFVZp(x^yz0PzVJg!t)-01Bh@J@l4?4rwMRB
zXmYRuH0u^XcJv-*0(!ID#Pd+%k?trQ=_u>f1R}W&*}1T4?i6FTC&$?X3j)RA{d{9{
z06o%`x_yry6+TVuNEDsTo(q|IoG*ptVtG#Gs#ObcG(&3w#O|T+6Z}}UeL+T5B3d0(
zJNEdKJXEo&?mYPW2-W2f`j^9qXg}uVIAlp?+TMI375SKnj*5>Hx1X5gR_oyR5Pf<^
zDhw-<_N7E#sGdalOtP=~+h@l15K)WAK;DR-H{4p{{^UjI^UQbH^cvoc>zHg#upZrq
z0T-S?(KTmTiNYdW+Ygxc69gh^aut7c@}R1KMjN^hoU`xeEi$LVk8kP}X^t)=`9qpS
zzZ^})@G-dfLkhy9MUQqVj`cyZlH3qyh2CXI##><l7}TEB`_p5Dw7dFSu6mce26d@|
zmS?xn`kis;#D|PqBZWTG75hxl!@dHWR|(_5a14WtG}bk%19loLj646sKK3xIYaSoi
zMsxuyq3=|1<cyt3%GH~;1bCg_361ba5$imBZY0U~ezSGf9D~+{V%*|3L%gJ6K6*-7
zro9zfpe@uMM%YgCJ^R_B^{6C5#7nMv-h1KceG5xoIDqNAiJ6!b^ByJylBiz>o&pje
zlwR1A5c*`2m-ZT<)X<I&s|ib>rOqgHFqx@I<AhN`piy2Ga`Cmvv7kG|DIgz27{>Xr
z#;B|dR{OJiBsh~g-@MEI95Q@R!?jG>Wdk-MZOa1se&-NRy>t>4OM8z<xlM2BHF-={
zn|8${i7fRwUe$UIsaa&dw7pMlt1|-VUJUW{FsYuMKF&{EE;D-jUX1pMT)R^;{`q=&
z_<jBfo)7}|Fn{-k+=3BX*j;|YCCmL$LwF(mt(Wz`|NdffWo%x2r+7d(?(R{F?G2$v
zgRUB!23T(5ZQp6(vB!o7_D}|sg@sfrnF#hmhB4!jE0Mq<cGTZ0OFTh?#)VTro46yg
zQp|;FNi>Y|PtHQuB0mm2f(o@xlGQUA{~!|->(F+W&BLf?t*(^&@x>#$ggl>xCmXIw
zds)=uCwaQ!n<l^h_|A}-4#u}yrK+p3%WSK>TiTF+w27AFM2_xj)mc$5B;Vr^5fOp+
z&uw$n{kZL~Fo_I=MNJ1(+|+NtDI!7hvKp*}(=bGJFbi@M+Pny&#Se}#g*e0R=Md`t
z+F|B8dI@apcW-{~-dAH6upqJE$XjHj2DTP5pDndHbgHEUnlRIyFjj73+eVnM+Rdyi
z+kYRG)R>X6|2o)33kIw;m^xG%OqjM*h^kbLRx}!syp>dgBUNT4FQKA<{va0}(QjGj
zT<o#Fin^8p+;K4z14ItwH*zrhiQVjxtpa8$xQW@YNNP}I)#-$se{T2br8pc}WTDX>
z6GVcMM9dzI)N1&tI)B;ZFd)Gye(`qf=yolveiZf&=qP9LMyAG1h6_7fk+*N^72i7C
z?~?l_P$2*}(`Q`GfkS)%x#<_7E<X+dza@cP35i<D*S!F-uyzeq9y^OuOdy(@*~!dL
z9Xoj0OE!cgX`LiQMvmkYd0tDsbI!mvbr@%BabuAlUwldq*1wV6T;t^I!4lB8P7F-&
zbXd1{HV=-apTx(fHwZK=^ZLJpYW6_|l@G{3Pl1_RBn9=eZ#ogc)xYidPg-HW)hi5>
zpixF?1`!k84Y#Y3wQ?_t0!F*SY4mJ{|FZMH6xti1ix(bpsBGP2doo+fU|-nak$%Y0
zU0FHD0<aO&?@T!wfkjfc8mkSBL}zUM8Fl8g{g5+AJO#=KURSiWt|Ruj^TtrJjD(YS
zi)tjCg*(ub^^(9Xe-)M4exny-W1La9xyk`G+lnN@&Q%{CmU#_l#zXdPxXmC6T!_pH
z9&gol<zn$~9Y3tz=^>m+l*&Q&SNEP<6jZr*ZB|Hi#PNw!#i}iF%;pr+^eBFJ#Mnc5
zNS8od6@A=4?r88zq-d^Hzi0m3E6LlkT{*`x=LrR#2L1!0$+V9h;~k@8G2Z-`D03^o
zAKdJ8axnt=!aca%X9s`Xh4-MwNr8*#dm)iD<*yV+%1L^JM8hi#3jakPCKw|$y`s1v
zJRCi33-Q~FyiVQVGWRY~iY4gw3L}b3fAuz@tM#1z!_{wW>xg0ZBEnfpqFqAG;wLr<
z#d1Xz`Xd#<oG2Gmu$h@HXmgJ?^hU*y3}jj}e9F*eM&FLh(#CwgWo1RMS9a(1`0!ve
z!p<xgwRHUPlt*&e7|O;fz0myV?axys<k6$-A8p!08;1$yjX$y`!km8qviEo5f|NTz
zL$=r-LvuD*13?HAdYc)Rj}s(PQk@wU3hVbqkKO`po2TJ8C+ar>v998@P`Tfs4PUse
z)V&R&KPLzvH3c0qn$|ne6iq21EH`P(`qi0B&EqE+3S?)`{&>7pEU>GULu~va9YTui
zh9mZ45}n?(zM&_$V9H9)GP-LD8_2^}UNNGbroAZ&D7dGRiAql!O2YXZnD770=3he(
zoIC)wOmIvwoGmI^avRlJqV#3y%zHTJJ)xt*6CwKMVMMRzKAq{*G-MKVCq4)}_w#k3
z&ixtOwX8jvMy(k*w>AqRSWO+2rHz~Raw3&aT4sA%mQ7t<)2&yWg8M{3Mi{kISG$|b
zys;ga?@IpBX^3v_ys1E4NT~h-=gI0)!U_;NyV^Dy{qLPKd2b?EcNc(%i9p`jFIgH4
z9(Dh#4&DT7Zdv5ofeyhAPnU+{NSB535hKf;%wbWW&W3L68;S1eN6u?mD?OD2O<p%b
z7u^2oUTh;jDWlX3Q6gZG#b6hO{8X>TrcQCMz=d1tcWoxJy+kags{AzeqTE6ChaN~q
zN?BuTz)Chw=}Hc(sp!2+wl?+F8a<1K*;p(WA5jt1Al@lB|J@gJ)=X>50`<55-8V9X
z4odiNev%Mn)axAYTP@|3JO;}mF*jr50AU{bkj#7)Y{y%h!1Z`)fvZ_`GKr#*XxO5v
zGztqTHfG|}F>ND#M+%BmJiikZCo4daf<qLMo^sGg&#sx^?$ayIH}Qa#SZ&-Ce2mzR
zJAYn4_xNYXM4VI8EbTa#JLfY5A*?lE|BPLOo@|kN!-Ja`(|n=40lj3>i>Tmi4U>yi
zxc1#Sm79*5C12WxlF!-?_K9}~b0jvTWt2H?aQp9%l4~vv4D;A4w^2o<Q+HstKg%=J
zv}C7F`sErPoNIsAM>64w)Q!|ViKb6X?o}Aw;5~+!XJ<yvG0+A2GlFie=m*`D^l*oH
z#sVRo0_S<WCIvYW(ax;EzvW#P{yvy#(43n^mn?eNTf(NLN*<A1e4tGwZ6FFm|F=sV
zCKBP2HptV?ln!vD!PqlTe0bop2ufX1)H%FLKpuN;PpV*P3cbi|Fj-5Pm6M(_j#n8C
zy&-VP(C0SUB{ppE>wfS|%fCa&(TrS|7r!hcbbe{PK6-jJIZ{@-0=8LSFU5H6QpJFl
z)RH&SP?J-^LY!DfU`Z>Jv+#JwtqjwaJYqnCoV-{20FJOfiv9`BBpV0^4N<adJJL2`
zME21v)`4w7;g#bCce#kId?9ft^e;nJ<I<AC^JKa|rtcZ`*)0u#q0luAW-07?b7hoG
zDQARuBh#=uyQL$3qR+gA>n!zrmolV9F^FmOlxl_Kp`~=^K+HNensC~z8u^OLEgWA8
zb4Z8xsoA9+rO&jT(E@%Z4~ZQi*<5^t$XC>-;WYGG7!a!AsBq|r5@7Of4psXVnfHQ-
zpLUu!uMz-K?{Hov-*{Qfg*kDzqg~~oZYf*6S<$U|nYW$o+a9`i?rCDGNxPV62bW3s
zJ!2Zp3YoA`rGlfL?`o5M_2J=iH2c<Y+#E{ZNQmlHW%U!l%K(Y_R$;S%w%KCGxq5H-
z^T~P%vq@*{-0P%VBT~(v2Z=OI^pv3-BAn~ZgW7MEi7Y85+CDvFn+=n6I69i#-{NAX
z9ktu?z>@X&En4KA*@)hx;*t&{j}f?C+MSbfmUp)!IX<V2r#NEwl1m;m4;x{*e_RK3
z2Xr)*H@W3P<N%gpg5Wxk3?6!XGqW5fvtidMW$^e4cTEI`6;OmYJJeuWfxWOfYhO3A
zcs~nQwZWnXrGf7f1SRCvX?)^Vg%^ckH0^?kVn1|FOO->+j#D7TDK$D;IbE)K%PL<@
z{1;sw)_zsL4QcDqOfew6j9@G92)Sm2N6`MvpH)Cc90%~@V~98lRRtlMIh3hX=#JG@
z{DW>pUM3k}*MBo{LhF86XU~n?r#Ob>&{$?h9d;VlwdpkcKJ&iIn3}ueEM4@D=Eg5;
zHH~9rM7yB;JU;H!4#N|V)efo?V=pRPE**kNtQLO{qhxRVO*@=!K4@JS^l}d!vKR2)
z4bbSR?E=oSbfQOIky@d=%vq?$|61J~tZ-<!ZKi{We<%n0V5KKm`Gf{nwEamfQPwa`
zJW3|DT@!qSHeCu;7~xM{AEij8fE9gVZj3kb>2rUewB;1NMqZU4D?vZdrp-lo6j-9i
zKx`ZBuOB3~XyFJ%j3a;gX@e6e^OrTsUn6B06AXx{{pcuS@0=_)VOL36<|l7mD}pk^
z<FG;Rb18^9qgNOteA0Wo?DueFJL7ez*R@xH=wc9NS$KJbFS<PO8WfmlK4xoRm5+hA
zCw7w?jYcaUAJ-G{6{H^5S1FEXidLe~WG3|e@g~<yfz3yw$0@gvGMIW83`!Zw%*+3p
zg#knflH?dU#WTn<ZVT>FxI9(fTz`w~;>cTMUoc-^#^+IC!bhGa1_eRgH`u5_^1>-#
zQQtjcdDG4MoeaVP7OBoKY#je7+q{KM6%~=#%n@NzI6boOvm4*|{$)SfnF>Pi_0l5?
z*84D{JKR^LBxW1gSvwTQcpRL?H{LQoKLBuva3y>@ZA2_VpvgwlYDjI5ty1ugwyF0#
zBKL@&m57LBBf?38LZVsHaD<aN^q|fS$pvR-VUoh8i>8>;<Z4+)&93`r%niQ0VbH8}
zaX<284QHm?Vv}xr3Qu2F<mnQxly$4*F<o$~!_Did7&db)X7X>c3@^E~(_nmtE`a~d
z9KPf+P($5wsBmzF`L8R|vWRu#1;=ppw&?nwRmcC~Q(6$G%leN@LT@;*=LU{}hDMC$
zYp<#A3p8EHKPJ}qBLrsoWZ`OJS3t-wy2Z$J%7j64Fku||;tGbCI2U>vL>npY@ZPbF
zrw|6Qf3s;R&E$7YS~ZrX#IgJwfhhwyMV966+0HKF$L#D`lUvEs-(+Vxm2O18vz^hu
z+i$u+7bU3vK5m)|tz73ZTb4onhuHm{?hwN{OodD>^TUMbykz-i_?rJsAIb~)uy-|U
zduc-o=32rL1#$QzB$Z&tiM29(`aW>@w=0h<L!$u9Gb&Nksefc)?z8IK7SJp4aCw~i
z#IAh?AT0FaSc&mYQ;w7Jj;hc(azB&kC42;8FRrydY0dPqtkC+<z_T#I?}?FXjhXhe
z_A;dmTbe+>GIhtY_bYJdK>kI#T2QAWs@LE08-VcrbC=HjF8MaReaS2Y3uDK$P3i+%
z6Wu~SA+{e?95>C2VsK|Ft{k?$$C}gD`HNHBnlg+g1sjcC356t$FF9kEg3q(HcW6Bt
zO|Ju!g}YQr>ke$`<N;ZCqu^niGiM{f+rqtJ(8q6IeoL|Fh3Jif!RY#{7nIZoft93V
zh}uZTIspxZNDYSlJ?WN91(3YE8LphMZ}i!*L2X#qc_OOU=&Ceh>eyd?eGaUlu;sK`
zUaCqU+SZBlt25|+e@w$kGuzP#TCD@e*o<#lTIRLhq{*66&heTE<@<Y&oDNf=Q@X20
z^qom9Z~CJn(SD|BHA?biG)7F?Xv*SXnYWTTL!nAng^p(|h>JdgA0QMTKJJwe`v~8b
zX^dZLKg=N(aKLmVh5m~~Glvq@{M4%xgsBvj5Oz&<JIfWdF-*Okl)ca`tuAE!F6|{*
zpxLlD2tu;SqT5W3xEhbX6kvb&amGjcXmQv5tyFlEdjAanWtM+Iszbp2wtAJJw3KTQ
zluo-w@9lq4Z1M&j3Y?kvF3Y8tv#7RI%FVl~izFEl!qszyf{l+2DzZ-n3OsaKkGxdj
zPxq}-@z5_1nAulHu$?Ww_f5xq_C4`2`J(z5p}L+-QdeTARn6;N`e+0;>v`ymTO?E-
z=BXaDmcU1HLw%d7g0s}QEPa8AiEWM_7SFMKHCWyd_t4nW1`2w#t%_JB;T~~a`-o&#
zYh@P+Rc)UYg}AasZ}@IQ%Je^u_^rS?&9X1@!gqYZZl=8gU^?FhO=svVUlGk;^Ri=d
z@?%b}LsV6}uWZs|^4wdrGp*L(!VCo%qk4-M<p^Nu2!$wJ*`rre#6<T-{?l2yv6o%}
z35A442h4wDfWhol+Av;@Sk~Bm?!|kR*y~rw$9+f-<D!7<$!UHLk~FVCsc%9x*O<g-
zqcNhj!bKhx_Lk+bIBoTsCIR^{f(8)1l-j99yo<3eO|F8E1KdMy;M=b3KWJe6p9^>^
zbdT;cT=-x_&eFbRTE|11@vME8B=K-a*`gj$w$6P90}jd-R(8hH(xDz?jDv1GW)2jv
z*3#r|qCb<op)`VM!wC2#d7$VJ^ujv6N!&-2OSvrS*d?VGE=BmW4A`QE3Es}(4}H5e
zX>#a`@NX*n=C0<)GPF2zdsf^-G7G9y#OL8~QC2)Xpwh`<^t?liVJb4#D_qE07y0=%
zPC?T=2dv(Wx!!bxuKWoutwjh|B>6N~XGtCqU!LG}gGKNPIcdpP20djGd<x=nyCv}3
zz=$~yF!t-QVx#gfOCT}|)zqOy0`t1f&sM2?G*U`PAgv%5ovkA@l6lF7eoi6B4Db`0
z2I)@QIkc^>4fQSjv(d)utFxi0OK9|{h1A_7fCM4b6(v>i;xm%|4*3>qm9=Pcf)Ic^
z#r02~sMf<0E<_cqyW6|Le3n$Rm%;mr#t~=u6%ID(j+X-H(w7u|Om!bU>^a_i-Jb>#
zPDAG)|FW;{{rfuQTZE)ssKR%Du=}s-8cgoj#;28IwIrd^8kY@zkB!%BG|5{L`+ar-
zjA7{afVw}F2=n&?u<~;8nK+u6owFMZNIyR)kM*rTMel2yj0*Y}&J(jiV|2nxd7x@$
zIWeKJ(gYm9;Hw_Bb(wwsM=)Ahi6zrL9%nDkQaHjWIugyYD=s9&xG}Lg8@ffbU==a?
zCmu+sHYD_)1<P5gKiBg%-b|@>hjH9pm7`e<6~)H3vL@%kY{4z|`Ub67?Jk%z!30%>
zH<eL<XWZrID|lPhyv<O)XII$huT*$=w!Qmp$=pj^s^%&K2-@H!X&UF;1yUju(tWD{
zvfg)?|G`Hah4>#Z;i~D@D=xu6pwmWv6(%r1wxLQ6LUK6X<iuDPV#t0bTb^dXOeTIY
z|L;m%B*Exkk4&Wl3IzcH!Tw8I+em?s@*Mrtq`5Z6F?vngPW{xlrL;<K?V;cn$$dtq
z35el4jUE8ze1|`zm=2qNV8py#Zk#1J+(wFN1TBq86CX!MK0CD9Nuda9ljm_hQNaY@
zB{oFxQ82UpUF#=QcR|hkbP9wmE1Cz~R`7aJGZqvs6UbBcTJl=_=v@4DqEfCWs&<-s
z5WFiG$mu}$2QQrYrzOrAElnfJ#`198nz3+-mMBl2o{|V6==q|14j!YDq1PHq&rN}z
zIF=XF8x(GgP{&1}$|6!0L>PoydZP~L9=Qm>%t^>I?{MXBe=Ew8uU9fInw^cLibu+n
zCY=UtU>rTxsIZ%_mJR3ra486X#bNQ%!4_gw#dgrX`exM>0X1o_?-CsoM>i%*GuYU^
zd^qZ~$`$>{XgkqOsK;edx8D~c=P`=0CpPFQ_eIKwmnh(JQjUCrIPe)QR9d5}cRoi<
z`NqQ=6{`6hYBmLoNEx<w+U0&{V(AYA%XMF~=chMVm>N~O$ZW)drdq8tEkD}Kh0X<Q
zv)l|CFT3mYkbA5+z82+LQTyleH=*boAoV?m)kFNN_`vahx*L>N{MfvHqxKI<Fd#e8
zP-&19b9h_f9U1AG>GBhIrAfcgf~CVOLf68N!l@Mvf$Hb^(`AWUwfpM<1<&y(_dj7S
zp$InaUtC>@JhFwjP^8wwZ5zi{jRwL0XjxOGCI85Z#!ef}cC~enm&;n07?&_Wt+}uU
zQphB!rW6G=(+{uCLcp4kAIB?hr~^8v=dnI<SOp|zC|;POo?1VtqP2bz7?t~wcaY*;
zCY-6I5%<xCqC-mCI-yfNuiJ_s+#mncgjVdo)NapVb`G<X)UEf-L%fc0*Oz)+9d&xa
zcyICZeyj}D<I-0VmKd>;<wVsz-NTF3gI=dyO>CIF5w_N0jHs8>e2#_i<<>IH0thnk
zF2kpyu!;~-;)one+MD_!RkEW8y|Ael+}Y%4k~m_wKg3<FEnQUn+3gLC0@pe1vrdyQ
zpKq<Zg;)NggU<B=3_Wd8Fw>ep6)r#_C?EH|Scd;|&W(2(+c5C|XD%XX-9VV&|Hifd
zBewrv3r*rO6a+6|O(J2%Ns2K<CH&vo0}2GPMEQTn?*Gpb1oHcy)NUvMwwLtJkRKdd
zDk)HskU?1v44ess34#W}{^v*r`u}VCznKiw|FiYK)pC-b5e32jz6Af(d>8ot9sMP#
k!$=T3Ml(?pGYQ$49vnp{iPu;dtUt-um<syF;D2KMFW>udf&c&j

diff --git a/documentation/ESAPI-security-bulletin1.pdf b/documentation/ESAPI-security-bulletin1.pdf
index 9f09e49cc4085fb22c0e9e4e84ce8b40494af8ce..38abe25149ea1b83b41fb290333a49664dd34801 100644
GIT binary patch
delta 13200
zcmch-Wk8%wlQtUM2?Tey0AUzma0?#X2@+fq+<lNB!C^>n2<|$#6Wj?d!7X@j3*?Y@
zcfZ|z-tYW8r~lmDS6^LKciq$7Q`HS0WxJkai_<`YR%?DBg_F>{fPW|5g5%K=BKpX%
zk&vM9@8oSr0*F`&Atd-4Awu{PWiq^hmIxk7wf3*J2X!XAp7{lwjb<BJ00_sYEkWXg
zH_@IT3xE+Nba-e_5*nFrk@yicESW^`9AP53nLrt`00coOD1h{rq$s3=^rRq97>o)N
z;Nuq+#lv=Sb+$0E!^8GW&(Jq?Sdy#pdmi^^qEi}uQhKE7c2r`PEM{}WvU&lFZ)G`b
zOLT(R!liqlnVF>j&*N<IF>8xOU5*|uYeCUtSw)4QTM4s~A93ZojyuQO$8yZ^@!qtC
zq>a(bbF0dge90kt#h%N%TM&ojok|2u82cMLp_eYY9&1I12#hpB|M&UQxfNsHtlF!J
zgYigq-N(wt$Ki7;9dIIL1wX)m5dD)7b(;+AH19rpCUO1oy(rJ)!o`s{1rKeK)v09E
z&9yxTT$<_E&EEL1trJ6UjqbFEQd{Es#zED6{Rml3Z<q<p6r{x*`88^}c;5|1^WBl+
z5}(&o^0@%5f;aoGs&+lr$hYcDgLFC<PSTM$O2dizJCT>o6>r{?ZszBaDYYt+#Zy2)
zxo6j(^R~}R2M~+QLqT9S9V#vstgT_>hgT=o45Kv$)2;Wm49)K3Y1?`|!$cQK5Nuy+
zc~8QR9-fST$a*QLH4{Y36PVYqVT3DhOznoxVt>Q7UJb!T3}3|hNOeyudUd&dG2v)@
zssBOSNi`*ALdS3AQZ1|7*bbh2gWn{vT}k;TKY$d(`7Po;ppE_Re1ch;xLKO{sXH#7
zAjZk}f(PEe!(5jswqg&OXCBTs9zwVHqO|5domQ-$FD6Ws5SAFM9#sy*a9I${12`T<
zxxi2O15%-A+;Zl6)IFaT$0)dYxy<`oN|fOdiFyQ<V*t_Ot*~ZzPD|;{Z$VrHW1^RP
zW-I>oHp?IR)zBLDag94*)N4JX^sHV_Kc^V6GwjM+t#qSo5~D#Nt_68E6FR@xcA~i+
zy8K?5mD7&KC;&TR+HM#I&2)H46-9q>89gb!)4wagRn7h~2)qJMPE;TuAaXY}ildKk
zp`b}HPHz_y10_UZUus?91BK*e)Fdje%w07fHkkI4wj|<5_sKZ7TLcVmCwrdW*+4$m
z*X4RVvH{@sAcF5u%FR)+gC2S)u{K<)LiQ%*mFUK8+l|LehdB&B|8@9Tq_*AQY+ZY>
ziVbjYY)=bN<EQ$frCc4bi2Wyj!KNZ9S*tefls0oM-WFSbk*2(Z><{BR7c`%<KG2)=
zZ3*v<hz()fh&Gb8KU5139+l0ctSh@#32}+}u0r25>ijffnco^Y{=szUvM(T8iU}>H
zUu@3i4tF=-LwtlaL4FvW0|ZiOeJ<_<T&A6fd-|fm%M-tnxkmuXsl5GMLZWlS9UJGp
zZ12zZHqnd>|14M~=kjBHo6gw&IVwlp`2{oO@PNJ8L!p9c(wIBkT&kUO%<K+2s_=c4
z*8Bc?6>zyNBCMdoSU^Onza6;Qi~jbkKAR>+YY9*E)AkG43k2(*L8Hm6AeBRwtlu}d
z!eTrXb=ScPU|d>ji#L9Y{%dNvvFaJLd}PfZ&wD_Q!|2e){UZ%`jK*)zT(d^qEW=4m
z#Fs)rZ%yp11-Xif(c6zqgFUccLYOy@eja}MC~8+a%A9u?z!3$<_2?$VTRH!J1{YK=
z^QQi6!6^P4#+hmKU2g+s)bko*+jh-^=WK=lheZX`Ewp-xbdoZLvL01|=K(b0lX^uZ
zfrtQxW2-L-zwkT%y>QpDY?2MKA>8tDzHPnnxXid@Zrnclkmm7*^H9^EGfOWU`9Tk5
zK?hEA8^gwqC4~u^KKZiWtMfk5$$_?DMS`Z$17YF{(~drB+vmOvAAOcS%&6e$#F4@i
zOA#%}ALwN!%Vpog+H3!I)yz(T&aW+j-2E;OYk*m{dP?)2ys{%s!gXUFRTJc4>lghK
zJHEDcm<RDySV>f#{J7E*q1ix(v54DsgR(>sn^N(+vs^J@;&Y^3CA$Fw4Z)0Mz6eHX
zXpNL0Y$Zpa4l*3g%cPN)LF`wYF_w+<O)v{-qhC5yn!1g~by^Kv`Rjb6;ogSVmu4P#
zmVOdu5+;XNaMGa&rcAw=J`mbuj2n|;4#=Wt-XPd{V;<Lx^JwNCQ(p(Gb66-9XrP-D
zS!_98+DqMdAbd^n891QsfiUuwk>KbpP+kg!mF0~~_0?eJOp0A`;WKei^hm0&$#1aH
zd|k`CD3OpFczN}9PzU~wnZ$bj=9F`8{YBXWo$wsV@kExK(mcwe<jujKUyPw~Y<{=-
zd`K|a4bAsjfA&Q1!__Wu_DMPLa$yyC?Hjq)M(lU5K|EP~?|<Owu0&cF7Z`{AXt?%^
zg!RUV*WC%d{}bq-TDW`zV36ZV3mq%-;vq4f9;$+nW*pVmZ=W}I_?$5HeyEZ|HS7L)
z<CnOFF~x>)T4i%bRy*Qlk~L7c6=mvWL6W=rZjnS@?+uHPC1U6`8P~4ofL_q(u{^dN
zA+4XD_lY+ln!I`JSEiSII&KY9sN}F7Hy9C#{+Eu4O)<V-ez`%q`v&Bmfhr}s+rJWS
zIb>X;#;%fcG#J;C57iQuKA>8~?d)0&Dq<BSyL)TK^E@7&qM0O591OdBs^qYhAsCrP
z4iAQMNbd6c1sB~JD8!_Uzq#Xs4Ksi*H8%^_y($WaK$+MN97Q|y`YMrq)4Yf~Sy-<;
zgGa)yM1p|+m5)>nS?>xVx(Vyd_ti?jWpPyt4CNIe6?uk?7UmE|#|qnmv?F#_s;)16
zCnx6Q%;pC<nApCD{wyEyB7R(X%*b%&>(;%-!+_$J$GB>uR_YB3k&r#(z<DM*D;e`E
za78GY==<VUezNIZ!Ad+s1ce5>r8kWB>ie1liR1GEEDve{b>oODs^c!EcUVzl)!a;~
z+7D@=d-_JsN?)dU^&W_=ebex~5HA|FvzvnbK!@|8v68*j_(V(I#ZH)YaRFP4ArF8<
zjB)-$Z`{S3pp_c>wgsvU{?}Br07G3=lgx>L#tw?C3e+M`a>vC?=|l<ABRtsp3kcg}
zyZ}G9Px9Q5uvDssrf^F0iaF7c$kpk-0wS)rX=~iUgzP7ih>`MW!GTIWGToqRc3ta8
zol?XM>RC{Vh?zBRp}=@#tgtmuzvd&}!nEW9FL^c5U>ovHKj9YrEc0VMn~&&p^rw`U
zo|b-cJbt^9LKsb3xc!<Q*}kxwUY3go^!*3x+6qeFbg36%Dl$GCi+IbnDq)G`@F^s+
zF5`jrw*0j5v9f(sq5ACOV;eV_gEo&)+|MGf5J_sx3+Cwk6_mXsHa1kc=x;{rvyB-M
z)TLMPs2W!sZHu8o2c$><ShlIU-Id%+UnHO(Qcyl03sFNcJEGbyGzq3yb;@=k@#1XI
z#pf~$Vy|Yk8)=ln=;7^UMITObGOFs<ZI1Z-g*{D}ifw*AyNv<K4X?CVP)BVYr}s}(
zI!5V!rQGo4OHNBl<!UOScv1jq&S6P>bPe49f{tUr*T&Zv2U}b%;eAEs_lv5`<YC%d
zg)s47->SiZJRYn!HO4U6u2u|$=E^YJIncAFwdH*=7*&DqLt03;?+;6S;3CCHnr-wT
zb&`Km)zqEkn4`tSYI7DmI?3Tx(~R}6;2WA2|LZ>Yy|#JnMlfZ3LdCfe`VN{`iNgR~
zy;eD^ZQ8XjyB?t%g#PHsKN!hI^U^$&&1&U&I<DR92kACiUPjpIinu6G8Y@RmC%h*X
zB)h}^_=%_d*V<G@RX`vj%p?&kk>I3C)<Zqc>@w+IoT#v@Wp}*nqox}*_+I%$4DjoF
zXa#6%$WlShCHH+>{eTfXTMzPKXPY3~l_`1I)8z1-%p<I?prSYZFcL_Lg0IZu<-III
zOXz06YW%gf^asq&=5SE>k|_{e`H^W$GX2;V_oB943LSx@%tI%cq^4-~6Kruham8n*
zuQM+QH|GqT`UG<qRAJ|YR`+_zTh(U~(@A+nq~aFhPzAe%<eJm`5@L=Z&uLrkT4$l{
zw33ZgZ+@^;-z)OJ85j~~f8!wzql`j|n)>n!Gp!k#6bQSixtX4iVbj(k8EgOHDK2mp
zA9Hw05avO?Bl*FkM*+nt9wLTDGf80;GUee^SA5^kU79fT0}b=fqM!e0a6?zPv`=Jp
z%^hyr>$mSJp4nxV(66pp*}Oe#Kn)G7-81Fjw`;F+-Xs&0ft5Nnep?mPF4QZqGCtEB
z{V0~?Y>5uD7EU?L|E{$*K0eKltI>lx*fc^63KaV;gpZRjM@r|IFkyyWjg=sz-Z0*7
zA^cU{;y?gOKilHJC75lrJL?$FEhu<XLp*0+)?#^Hbzn6#kC$^bOtpnH*{5B@g}z>#
z0<(M&NV@No;MzD+)@(ez>2PQa_&|^w5m&uv;;aj6ZEIej-=Fwm^Q*u_4W7`9pex0B
zlU|RnCeuEp)2SA4?{>!#6hcE%wqIHGCFxJA>0X1QB_11Y|CemzH@lLn-lN0|x0B1k
z(9swDMWil^FW*CSc8Ps*5yS>VHt;-_C8ZX-_d|;{pJs?X4z<yDK-k-wKKWm<uQ}ps
zUyxG6NOQaJk2+JAg7WZtdU>sJFBKZUNcyZ;>R*yflL4f0sS9UYG6m#E@((xhHiPYR
z+DL3ahKkf0ve~oF2MwdqJ-ezwxdi=yaE2t}ZKeEV#h27149yXyJ9eC|HnE&NdVYD-
z*$e=Q?Xx;N8O+^8uDM>#E}S?;NN1|+5=>RW^ls^hNe#-hnKfP<J`{X=6ig0`jR=-}
z@%7t^dz3Fn&ddr(|K^)FvAWup75A>yQlxS*Bpe&L@=X5t_*!Z7=NR|Zgm-DJhSdo!
zsn5JC5w`JHvD0}$q<Q<s@aIt95Cu_u%SF0qd1T49vbC>mS;_4w(!$vQq&gWRU5z1n
zn97j|)2s%63g7)qp&l?S#i`k=E0QbNpxI7;BCGMa=(hs##h$&I@r0Uksq|2$UuvTU
z=09-}XA2>!jOL;?vNp*9$1aN-?a<K?TAy;2#Hox_DL)me<h?~7_>4`M<z?*`CGW4Q
zt<e3`Hw0O(SP7=>nsX7Sv)Po?whtsDFmP7RYu<<KO^ISvy+)1dMX~ML@yvw9JuZ&w
zW2L<@DA5v!cG}1tJ?{8%)uPMka_rH^2#oss$FrdHlZdvJBv}HVCtDwWikjLrEV(N-
z%#@htsR{SMB|)srG;ym+`b}D&QHCa5HNGNK_-T!W*f68r##nQje4OCIK0Qi>xdldj
znHD&853cGz;Lk>1MS2AZS8Ix|c92NtJvy_H__DTM!GeGvo3zH9zsP&8t;=1wwGQ~M
zYRDu=JK^JMLp(6O96e`;ys~z9*yo=kxQjq6m3YoIQ)E_1M_7;TEpnc@;mgR!D3IuC
z9@L*70p!W81acqt^BY(sRZh@hS&LCys<XN?GBPIkp*qpdgT6&dty`4UuH|F(5*b*-
zu(h*+H*V>{8(6w_<QjWWs-w9?BJ<F$y5yE^DQV3WaUndl4de2uR}@!gT$GKA%f#x}
zU4-I4beqp6s=1?@fNvb4g$jSpO&>jZ&Ia#Tnh~k7^NpGH`Y;gth1nI1gy8{mZ{@J`
zQ@@w0u~Bnyx-N2t{MLO&=EOt^M!wPV`zj_%m&Z|b=u+czJ~Y#rDuRt*Npkl(>}5&~
zhmGi^4d#%wwk6M!vAuQ0oRRL%9~cgdgfNP^NPA%I;*gUCW?=<Ii9<mGn$Wwvasg+2
zM8~cPT^S~ln8jPBvv_ZqB0+Mv1bRgry=*BSV+g({slKzPLPcGLzSik<=&0~JDI07l
zg0(gRdp%;S)h1;#>yD{_t8wQNCVa_+YDGn@$q9gr@$Pht0?~az$+|NNpJj&wrOEA5
zb}y)3A^IDcH~flp_MuimIh^z0orfJFWokAVZdUxd=~Gjg{Sp*buW^~(#lQPj+sei0
zwVGUoMAgzu_Ydi2GvWx6yfYUGA{!C^B<XO!t(Qn}BZ-XYf)T3O1|K2Do0{YeBbX@_
z8{E+%^le;q(GWBRU@~;3hl}@Nz=2FV*>os2C@vGZc;KSgQ!?Z2DvB0_`ZuPzMD5^?
zc~r*NYzFEc#==i9BH^~$h}@YIR@bh5P0kc$&1XKp*-%7pIq+_8O&25I#GN@H73gSa
z+c-=3FUZKpk!qVG6W@JJpI>%<e83p}J)uJJaZpoS=x1e(4`Osvag!-2{@kLe{tOFD
zsgHsdSHf{V+8Xp7?QuO5s0_f?xWuXow~LfLk{>62H)>J>!&YoCh}XFsKw)C+jk=fE
zCQ97nG*C4AM&a{~k^n+YXe(zl7nDX<C4)!QZ0Ry=gW1<6ldF|6%1^OZEGT=b0F9+5
zN|jJtSp4iGsx1--%vWlt=M5Km99g$z6_s<82MU0=-jBg-qeLiu`d5mGTL_Q7Bz7n3
zIS^1~hYpj%qB?3{;yIUY%cB`!S`PQ@xz+k};^Al}y&YcQSp}y0Z6y!$55Rl&D)*g5
z49|iNT+8gE)`v77Y=@y5gcvp(?iy)6V#;}o*rHqa#0qEeHnI+3`egwcy;a!Rjgs*u
zLpm8Xhiu=h3QvUegWK3|_lfQde0?1xFndu-a!^QMm5`aQwa1|x1$U)dzV6kaL3KXS
z2odvP47NY&il2)o6F(pn(&%w~cslt^GqZk?2$VFAs`-Jntf{k|mb=}ZtH|1N)JQZX
z*6MdQ=t5lZIQf3#Rt^Jk^MuOD(599L7#qr|0uO8Tx9Nfx#CrH|4(JUx&kc7^1^I^y
zD(wqs@nU0r+>QT)?Wp`*y#rIS#iNR7{HdVmeiVb^WpO9Pw;+)qJT;EdQ0O5LIJY<l
zJW?+R1_b>hY4=%g$$qJi)DOA_BVTKc3lZ7)^%C7?vBwFg0aH1ivhew!7r6#gWE~d{
zv&GEA-EmzQF%N?UiS&zz^x^ihwyV_Q<OkN3_6)z~=3DkwkCUFTSe=dTquYhULOFJp
zHq{@m#>W$X{S;%#QDruI3ER~DA)1-xwLuGe@b$myZPLTO{<CqFbdLCt8cmWaP_44*
zbKcI+b8N9D+>{iLa6yr6EQWutoL`uzv~6>FZ6%>%X)3*auReOuseDxNTb1=8dqzR0
zLOsUQDR(wpGSR$mcp50r2oEH(u=vsA<;wF~w#;?!C2SIV_1YW&fNkQ_Qlgqp_0iWJ
z*qIQJnxEfj9hY=+m^A2xTeXhWb&kLPJoQt3%c2S7>Ga)0F|o8;;ij!mGBPk5ku@#X
z{QC2dm!t5+rZ^Udv;;W3#UDV;<y`lcVttI}oa}cc_UP?ADeDxVdgwHbd!;eLa>8sw
zkuge@qL6{!1ln8(fTc!rxPEr{NhlU#RN31{PvC>Z#GioMEeqWdE6A}W^<o`i-JCz4
z<4)5^Go88!s6Fpj*VO$WO$WBrM0R-h^Bk^^0n5)SpYkA|7`(1v-ZbSqmfT9SReGL`
zv^JGAkZNcmJPU2TfTWSSDl+-ZH%cm_vZeO}qwbOJKJKNyhN)Id_f}S%QKS6me7*8V
zw-(-%exF-sfLZ4HaPL#|2<7)@TBaOVnYA7&<S0qMy0jzh0luS(=Q&7i6*krhar<qG
zowbhDJ)y_7r{K)t>-N~P#cu(~sVfGPc}n=;Dwws*+GoT@AY|xzHdJ3pVY%G91~!d6
zm$wq6z#xcZg;5o-pDSyUL5#tw115r`Q~Yrfy8Xliz6;vvi6Oe30}&+|$N_%C4!;7E
zBl>EaJ8c>;d?D16&QTNt^?u4B)gw4>%TSYhXywf!Im<ksCF_zKj~^Jvc4+(>>>Sem
z#bCr(SXpfWX3an&aI=~ZGmV(<W>4^+c;36cHQy9933KS4t^8p`d*xLp7&q?9C|Tg$
zVro*)u9!iQ+AnO&N0NMC(ky_MyrQ4a8Y$+%*VAm?^XzoC%3*1J<qL~TsI~7Jq1`cL
zwuZxgmVjbo*jK8@rhnm9c+QkqetN`);q^OzH#T3a9Nhx7)g=3^p36c`20?5|H)1Jh
z-Zb8~P#BNB4jy)=c;?imcIcFxRHz6W&7Q!^sC=?(sLu#i?)8^ECggLDwl^$Y&;!Mx
zNM=*_qnPCnL2}YR8$QQDAl2)W(hT#|^BXhI?cjn{ZFX0ZJOIH;{He>g)OkqWER^}H
zpNx&1tvQcx!kPb6-35$z%Fs7bLv2Gs(Ff;lN@2)|y83!Z3!k@B+1pmst`Z^PYa5)A
z^1cgy=;nCH*zAvRv_Zf;M(7BwI4fl?81AFzly-c|EniFaIK5wC!ueG!!(QId8hJhs
zTWb=!;?8-@Bx?EQxqYIsA}68h@APa&jCD(DLqs5F&+JV#&HE&V9|^q0#07B*hWabs
z60jE?Lh@G9V7*Hk33ZPzS!_k{o<rlYiwVsuyAR*%{fliBb-6!BsVAEhsi3ece2$_t
z0sgetp{w8@h*jd{wzVf(`kFikq3Vj*5t(#$3nbM}QmZ%3;nL+h7vJ#bvo`rcxf=yR
z2wZdA)Q+6k@SvyV%a!8idA^H?z3DC4B7h+ecc)30r-|;urlwZy=Lf=Oh|237(k3ce
zjkk75mzzYuwkZ+A36T^FOahvE$igqX85y%`$ppKH-@j`2Y`y8^(hQ*1;e5-DXYoA1
z$8F8<#w=4$UPlNs4&oW4XBsbdGFx}u7xApSJc}6le#r2c-VL$wwJx?~j{}V=FB2A(
z)7~K461OVUA39AgGghreux8u6tGmbfZtWxK#Hw0)#D@Rjk(KD4f9TvBl<>F}WBg}1
zL-Ha7*$~%ys=CMP@)c@oOl5&^*_ZK7N6$LUa&HGIBe1ImrRP`IOk|3Zkr=t+nrO&B
z9nLdZYOU!kt48=p;<K7x-zGX#hq=JS`x9*13QR=<F8Wp=&+7O@ayjfSnBthLKm7bX
z5fGmJULaZg{9)!#MPbb18hj0$<||0dA`jzo>5xs<^u#Ox$ZPnzExtmcdF(C{<NLP3
zdz7%oAQHOcD5Zgx%>%FPFelUGrYC2QR~%TlrFIccxyb?SS`DA{b&*AXXavA6^A#{0
zh45=cUU;z`5RvBMB{IjKww7&)(8(~~qaiY%lhIhNmQBxbAuI{Mex1C%!?<e@+d{YX
zC8qyzFZ4)_B8LpP?90TC(=1>+elZar*f~vg&-3g>EHX2))zz1DR5>}+1GakSoH?Wf
z#b?Yh7B3z+0~{+iStGR>8NQ>yoNp^@-m8d7VI=WhqStc!h-s@_+2n;eMbHLW8v26@
zp@>jUg*Laql25oys`7I;OxBpYK)gG%Yfez2SJ=91OmZRHE2V^y*gG@5EL{#25&m)4
zULE@G(iXn$OwI2$OK1!ksTc(_9{3MLA+`MlcZV&a=-s!NT#`AN*-BF|KpwsXH!z%J
zC#tJznJc5yxQIS1ENMy%(P>)v4BSp%?fk2N%j2gY0oR|dNGJh6QrlT7GV!|%oyEE{
znX)b$@DbI;TR5wQz|Tovj`p<!8n5vh;C`coQjLqO!MMcdQC%Kc*B8ARSMCWvOha8h
zY!G&ON)g(?%Cd)2UvjF#-lk_Z)~ggo7KvS{JdBhOKaQ4ZzEZ<S$FEcBRL~LZDj84+
zX>Gc{6BXAKpE~`H6Io3axtM?jP+Ix&(PSWf>C%k)5W*KkEFJDoT%z-<;x|^OM&KxX
zwvT6QX5FZ8k|K3${jMll+wb9FXZ~~Enb}_dGG04>hh*sz>nOCx2v%jgySYl&Xbii5
zn~iD~A_>5qYG*V1d}jQdS(Bhuz~f`vkEwRC*=x2Uq=U?n%$os!uJhdH2>j-si@`;+
zDKO~50m|>y45K2}7ppgvYeq`(70-8>QvP5hqn;!E>rW3n$TSZH1OUJ}%<i9_yl^)2
zM>G%^`U(o?v=C(XurPgP?{5Ce-p0lCm6d}#kGqY92amg(tv!#qg{z5;t=QkXyg7Wx
zoB`fq!3~emM#lp~cwg}Y>A}3vS0H})y@ep$!a@t~Z^=Un2ET$lbpZLEI_SY*&?_+g
z6B!=J0E5$6QNew*iQr|Hm;?a8D*-S)h!^mmRJfBl7yOqc;5qQ`8LEZ7xr6C@JZuOb
zoX6@t7cT$+1p+}J0FWC1W&;4&IOutl9L%LmTrJq81c3nFCprJcfcIJ{vV-XX^#2kd
zEX<?n<!Hg9V)|ag)s9D*9tec;$k;f$xY7dwARzoyj|v6?@q+*N!EL$zussd*#WKc#
z*oCuYzU3(%DpG<|konmQTNDJjIm42NZL|f4syY4by+D}Zp$|9w@M@GRZ|BIe+Ndz%
zkWpv=tiqtUqR61kq1dI;*T<13Zz+TZ`sAUJ&c@l8JSZb3os#aNF#sRFv0#He&%vZ5
zDhwwSrviDev%YPF?{Me|1%g?^b`nKWfhk_-Du8qp`<6j+BKBZja&XEZW}h6zT+}^Q
zP!rf<qG>^e;vplJ9A_?yS7Mh%#hUW@1~nTIy-y#%6TU{KQwV@!Q#JMDZZSYM><}eC
za11mr;gn*64;p5c5$6{Ie}yTH!Na$s`PcW^1t~NAP6sIPQKkgQ`^lqr(GKa$Rhi8I
zjseGg#%tj*eQRpWoGAF8$^akp<ecY4^{qdgneV1p%3FIbzGfYMhpt@BI;l=e8>A}3
zMTxX2mt02T9y-TW9{s&MH|GW00bZ{$(?pdgG4*|b&R6*^^7ham(k<90rfy3<w1n4D
zxY<!?k%~V0VoeL{@k;RA=8ti~R1?n>j0NxT@tzF^L?dEWK-LpV_!*JL<lnr!I|EBF
z(ZgDv;jO&~KV!b}bS5N5k8`uxp@~YjCUppuOP;-<z)MAoIR$+LlGC7^E2Gbf6i;qp
zIibKjvA%xG;vq%Z_p64H8}HHdfRX4uq^P+LL~h7$MlkLoyNDQ1jJM=q683bTxITuc
zOcN7sA{YpGo$*_PZ&KDd8AV0{SO5{vf*A0a<O77ebzkJ5S!2$|z08)VrB7UYr7AHb
zenHiVW4%iwLvQ#jAWVFnP=G<|8;xfCPie)F4GmO7IVqeRrY#_herxa}oh?nI3a>Y_
zGae(4x*>{?OlU!%y&8EVK<VSA6Gn!iv6WN@8&8;%?}i;S20At}L`FuyfR5;w2|)s{
ziK-MGFwE>C@U@JrAp2;{AZAKHc0{LC_Zhx(D2JvT<2OaLT$V+70=+@jtHA-zszC92
zDIu)ZIBT{Z2;~}#OO+dKT&{m0zB*z;j<*V=%WQ(O$(*da<|K#x(iq4ajpc7{i6^1D
zLm|Vq2<lQIvQS{d)F3AdVsHh5is?}i+X0xB2FxGJYjTC_w`BPM#>PR$+Bore!V%$g
z5`gU<MU#|?0O4vy<!`b-(?#Hf=v;iYBgzQQ+fRG=t!OYA85~j44VQwEjbz-E;}H9-
zka`Q{WQy`{acMMp#6iTOfqDk=_VL^WqtBjUnSHR#i(qTObc;h<Q1De~cNM(-il!((
z*p?#vMOY!_le~sG{z#fjHn)6yZIt%wU2Ki0b%*tykTSFu!khu6Dl#U#%(b=zQ!K0?
zB93lF777N~*K7d|v>=)niLKGkIz`Tm-;?ezbpPOr-((s37A|crj*L$Fb;KuA;0tMl
z;;4nFi7A04yUFnjWO0R8J1}|Q_eife5E=O_6v~d+Z=)p1Nlg^h$A5I8W)YNX>N}gh
zH7Vg6!BMQ%WIoqseba|XV;b!-X4&ev+1N-x+zE@c!93kh4;xCCB6ner?v0*Tj(;Av
zyP?o953;06HvP;$fYEpUx3^aG9ESe4cUdYt{$8i69A66S(%hT2hD=tAcI4F2Zcp#7
zj%1m|ey4E~xvov3CcP^}pK2=^h&R_x7-p5#<G<TZXpTBp?sI1w)Zw99dABSq_WSf#
z!`=yzG|UP1sdBa0kxQkio|A0vrGf1282D&5=ab1mlf1gx#cz3dLFC6|nbt{xR_CNS
zqoQ4=Po=Gyd|uq*?-JL7nz{uB<=%jxHY2K|<}D*X;!*^{Qci$NRD&{Cly1CVO1j7*
zX%84&qwFSosxu7_x0bz|Ew3O=pZ&!SnOuaVtza!l4S#f3jAF(jz0MPOUFL@FNuJB5
zn(Pln!pO>RzRjJV%<DuNzy78aziF@dim;u%FX=n}hYDJmuePkU>0uGh4?irR%3QZx
z?#m+y*JGx@6G$0l*?aYsg_a@wT^1WwzV_Lex}%L)mOw%=f!KG@UTS&h=!fexXptV-
zGX$*pyO~3%Zo*D;=yptYa{&(Ptg_7S-(J6)K{N5LQ>`WqUeP)3-}4g#n-BY~-@hu=
z-KQvBl7$~?L+h-VrZS^-OBV$k?d7J@Vs(i*SrgkaJW9=XiE^A|NH5oNv^YB5L>kv|
z_jYX%9tt&<VprfiX;9GxC}k@i&sGR7PYEmia9`Y$%FwYhX`A-$nq^n6*~X}0sWo!6
z<W+v$qSoB=89OWB0pIiy%J;q})|+L%j>jBJmSynCG1}+FvVHZJV<K1fQ3X4x5ojaX
z%@wh%Py?&^ot%iz$Gjc>uFdNsYpD)lOTW>temF)?L4psMzCAbGSbW3VvHoJ!;}fjm
zwf_-n{a|Is^bcVCT;AHfeAjcetwn(e2hW*nwXJ^k_dKh7w;8dFmF#DJ#38&9i(VjG
zPsoKDaUc8p-BBg~-CTC|2uV6=lc=1l5?))+x_8Ntr@DK^@|K5aL~Ww&9g88+lbFJT
z#`PJ0>CZke6#w>&3g};%<w&qn1H0qb#JBFvD@BM@f3>-&(&qouJ5^#Z$}mYF{RB*f
z>S$m{$F9_VAv<xRTiSQga}T>NA8i$4D7o5ik7lXUo!r)=)U`j^pSUN=F(D|{wis?1
zcBc+KGH>4l_+gDcc%*TcvEcRl2d-?H<o7nfy;q8Sw?ttb-0|ne+y>>pfA9B>X15t=
zzVq^Xet9SK(_uMridc8E^)BZn-_8o(bPDI6{Y{CX^4GSK-q+gk?Y){ALu!%u_nQ&9
zRxXfiNhLGz0nS0$6=Z0_8Z&Yhr)>YEnS6B-Y^&@<MO8a0V5yjE`z2z;XniEP$k6x0
z<iJ~llWb!c1OEc|Bf#o|-dD((_K<<BJD!uby#Dk#Fe?#%Oy~WHb}bhbx>l)kO<}+P
zs`~|-08eH&dqx*~7Fs_Z!Sicty8E%|rpNxu6QhTPinng;b69`wuU6#gcuR}K>N)(v
z&eXW_EV+dD6VozY4Lg-*6hW>&mdp+|6C$R^hmopb+wYs*<3=fu)zBNDuC<|@jDGDK
z^{o};`Y-OVvT1}KY9}8F?S6b*Oi|RxD$Zy~RtU491=U%0YSt$&f>IU(y>vM1<Vj)*
zSx#hM+kVVHE-0cat=f!#I`DKGslQyw{!p|jd}dPCa+$vy98c#~Gpd}l?YgCWmCfJ+
zrPGau$(DMpyGFaVqnYXpH1s3;s}xRv;7h4TIuuid$?|hmId5#f>pXK>|6@|o3iWxV
z&rE{5{q@k9q^+-lpNhy)DA#`U@+h&ft0ZHRFMN^1Cb)=ZkV@(iH|KrZ4M$WT*e>!-
z@XzjvUk9(Qa^rg)Xe{+GMfq`Feu!_QqP&~sgsr;{d5w5~fFNpC+TwntRw<XRG9l!~
zxl9gb%s-E25iBSntV1!g9lp3FD$SZy>IJbDO+{P}aMgeKvTXf{O)Aa$dun(O(%WzL
zwRy{yYPCJIZ(j{l++^6gEPbi48Xk3NJQ%RFADDs`C}ULb9;!?ZCAZB+VFSyD25dgx
zGQl2OoN8&4{mivjK?gf(KQ<@o8C2)WylHimaZ+It<;xsO2f-yew>>%itCbjx6~}ao
z+l9c;4S%FS?Zcr$rC}``3q7(x1U8`bnYWbM&YeN-fVCKR<0o2dqTEtu5$Xb-IJeVx
zq8M*0+%EGr1!;6}N^;UhH{1*=FO2rw3SnBUF(+>6Umt=Vwd?Zj^U^my@Xnpzcdzd)
zFL(D&wWM{c=yWIvYIK!_EuFbe+8`2<O2uXi#poVAZ`Ob9o(60*kRM(huRETC{`k4v
z@81NkDz-M>Z*DBCZ+G{4gq7-q-RCQ%E<Qe9?c81cIvgdD-iofY=lwR*eYsrz*baj=
zK8}-6ZqIcbAFsAIw)ps*ZXIvmdk~cTxP2I1|5YWvSy-BM?ZMXZ=M?>qioaM>dvlYI
zpY!Iz=w)fQ{A$Sa=C<|@Z;#WX%Y*A{jG4>b>l6R}MJshg+8rcfI(Mv|?}zt~kxG3U
z6T99sUIKla^5X3}&CYR+4^xS;Aqp^!SuH?^cDYhRMaZqhTf0y*(3jXK1yFe;rvHK_
z+t@9?Ub0yzoboeHc+Bc5moJH9xr65HyuP=Lmg`=VIr+n)xXR-}%J0kR8)uEz5S=vZ
zVtvkd@9;+2<MJ^3gS|QLmvxz><^6mIPDAk5fp@-j&XDRDv%0LA(~A(Padp_tYo*I7
zH4#+J=eyHHJeSN0A}eaKhSLb#%P5KE#!9Mvx1{D{+BxopX05l^bO*<V%gUuo`flSz
z_94?EpZY0I=RUnUF6@2#I0Md;`Evm-zQ`H>pcFMyr>!+CTbH8|$;H;BiQzP4>&H@d
zeNei=w*8hQC&|&x{d=#6;npm*mX+c1%=YYHP`0R!$t;D+=MvD$Zq~!|?};e}e*;J|
zBuJ8)3OYGl!R;ssB8kEpZ0O!#=#JF>Ith0Km9;^l8OaJMiEs>+Eo{66sbRbY+4p0T
zgCaV9lAbt9Q<91bIz9owkp91;I-me=13&@=6)7oO4V^vAKoX_FKoYg`Q_@><OzZ}d
z5!Cy?cWaaIMo?M8pkt^F&@nWq|I@A821iBoHDn~dh9_$*o^JOhHK?K={8h{vHt@7~
z4X9zj`;Y{Z49GDl{>HmWp5&N9$RGf`TAVd(i5#<Gi5zRc8uk=L{xdq%RkyI@(XjEh
zpnvM*(b1>pr3cdk4e5E*9UNSr8UT8A9(j992YLwKf7GS)h4}@5Ab>PjTIw}WiVpzh
z=LZOYr9u2s02#1=3>XR({eNL#|2HK`c^Hch2Il+U!6#&PS07K6y7SbBa}X0Rdda9p
zR=Y)0o4pv!oNJf>RFG28mXsSB$YhXWW+;_ZkYV1UfqndOfA4IRKJJpan|{90dP^H3
zDROt0xW6EtJrRdd9`vQ!c;gvO&>l_~7peDptg#VV2dY+su^O|kB@9P<ET|4ri^+Ex
zWEW^m#y)?5gC81{iv`9}RtiF-tfgX+Wy?D1W8DU|(Bxs!@&*+WPGcKc1bJky!C7u*
zF-=Y-J*%qbmBPbG8C^n(6d0P{gx_=Y=wM=POPc1z<pr%up1Cnd`_+B9+x8=QmyOXb
z0lf%@33Zf?=Qsa;2eS!&Q7evt9`Nb{Lxdc2$%Gs?R04o{VZxpqz(5|rOWx&Jg#iMf
z=~p4SR3Ve-2C(P`(?p@lItCD~p^gD)WxCnPam<XV6$3v3kPM7pD5BFPqib~G2%88t
z26HwBVt95dCL^`4J@+Sgc5ci!64V61K+Yy0?ev{T*Eb<Vg}o;D*eMwv0Kg3CCBWw;
zK#Q+J%`rji`KGRmKTJ=!Va&oTE}SO;WR`fD*GVZCrWJ=&YC>c#!MY`hZyQiog+Ke6
z&-NpC97Y-g9rjmD_fF*-q!wf7VVH<2a&HycRTmO_NU$R&{%Z>A5NCd5wsn3@aTe-e
zB1bG`36hI%6fk}~vUTe85FAI^SKWq<$aCv2HM=2=NOh_x&~?%up+c${*K4BF-6+-p
zVZVqd*9nD#Sv_%8);MZA-+1Ele5F`igVcWG^h7yX=WY#l{~4fsgG~1oNAw%pO_{QU
z`=><a-8giM;0x`AqFjk3mBpf?ETmpZ@nZChdh=`%!(a;g2~LK*x0n#ry_U=pd_gpv
z%dB;tXp4Ede<hE|Je@5p@vs3;GXwPW_|F1?Hqeb>Nu$7?e);tO!szY)vlqzA4-)t%
z1_VGs|AvA1o+jeo^50{Dd=S9DVFFKyq<`>0z`rx`>G<k@4u(LW|27x`h5VahzNcK#
zKLzpupCtW52_NVwL-kLL@9*mIxBSa!mcKP1A5`GqEaVe_{2wnggiT^85sCnz0`z<k
z2na&|*P;JWfc${}3&#8JSd!B;77-bcAN22C{NSYSO)RFTg^dpY`5(sp)c^wU^Znyx
zd3iz5Co%uh|6iWx<puLTS@ORyATNjy`n2}_E&s)P!ubDhn84G!K7EV-Nd)uq{bTS`
znoWTJA07qqLLh*D@W8yFCoTV5G5E<q;6KJbVc@46<X^Ra4b=aaPoF?2??1i<1jNe=
z{D;857~~(`dcuIb|KRa~pYo0ZNn+brPl-YR=>Lly;lDQoQA7Iw*b7XYUH@a=@qt0S
z{QP*>EG*J0NekOg+r|GMM)0UQTe#Ezhi;y~o8wdN^r`vR6V(4^pa2-~p9aeOKYR=U
ALjV8(

delta 12657
zcmcJ0Wk4Ox(kAY1!8N!Y!6CT2ySoH;0-PYhgB@IhyAwRPyGw8lZV7~-%X{zr_Ph7}
zcK_|ppP6~OYU=5l?wYPTeSXg}LMIsGHDGz_G#!ZGc=@3{M89AG4NY%IVPS#L8RBoS
z;D$I7L0DK2bd0nVj*koKNp|&mV?$mI?IOa1GE(eA8{gnTDJe6c9%OjXQOXVI2q}I;
zJJllsl!yWsI{fwsib;vv&`TeS51k^$gPQYK!SV4o;0o}=zDnXX7z)b3z8WbM;zEG%
zf<eN<m}u@EZdPWFm}ov($p#M2tD`f|l+-U~LA1!~xZt(@Z?aFl3E6W5N-C=DXW@HK
zq8dpP8F^ZXQE@K;HrAYLMUC~rA^2+Z#x^!NzSh<g8v$k)n_Ukb_Z}m?KizM)-3El$
zIs$LbEqeK|d(+n68+Yxng}(5ON#a1F(yYvI3z^&hJl|^#pI_#hm~@%bG!l`tmvwST
z);>bKel9K5RGTvK8wQ%T2w|9e^Z9&!S~31DQNi5%$G(%}S?l+NH3@r8s?ALB=evui
z#G&Yn?cE!bl%t*C2CL4}^Ar1#zJb2lht6@L${x->fAe?ATfVB2=b8(}cmP8P+BXSu
zp|EfaDm0(rD>L`@m^Xys(pjC=+b5(%Z;n$?zm5}SDrpf;v-PHu8_&;x^ibZ}m&+7w
zDqxM3==3&x*DVxFY^lIZAxF4&40_W3T^sMG$HwwKpv}|~9CLH6IDJk0s2+>a6-zA?
z)GH{IAQ03T0iRP5>0}l<w69kWA(qj-qC4GvxMnj3_#l%FZ2zj0Y(#2ezxaYXo-h)a
zxpL7$O7QmS4qlse>N@vD*RAu8Oc-f1rPE!(H~!5z+}T8J#T4rx8`)M0=6Iv<#5MIB
zc_l`pxIp=(Y_UM&rK)q2H@O1wtAG^8vB8IoNe6UsRvFFx<G@aicLXZC5bCk@yx37m
z@_1BicU>HXIi?8n)@-n@dD_n;FRdH~!pS*m#cVTw^${#jWGQc*tD6AgV&CD0UqXRY
z*9%d?iDU6U27KW}!qkSNqklG_n3!bkB6syJ{bG@?t|jc;ks`iUHI*UXdQ8&Tk;3i&
z)Q~ffuEH&WyBE2d!j{9941u9T2?&tFyF9%U3a4j~q<lN0Xr84Y_9e|_X#f$0R^-P{
zJVL?V?w|CO!r^_DBblTXIS?LyN5;ru>AjT9Jm+MvQ1(1$;;8qBwrl!2@bFYxp>}84
z!_ok~xY0{Qc(aylRPhQ;{5#;|)$zUg2z20$|8xJd#;r3dp2I1K8j_!E(A_rZeTk|#
zxX%9#4QV-C-n=;(4ap!+C5__1FS?<=n2c%$UkJV!XZGCm>D>eGT?T7E6gx*Rp9?(^
zUx&cTEPhJ+*U`nt2dd4lnBpB%Q~fkd3fo?iDht0nxr1%(dY-_3=x*S5t4#pI$owk%
zWjF`vL}9r!{esnsTu4m8k!zf>NJ*Rko><|!>^c_r=M`#<T{-+8X_hiS+V05$yIR5+
zmP|M<7bZ;nyV>&jQ1HD|3Q}+dL)oo`a!!~^z2T}QnCgj8IJ&*1^blSc?0W9oC7fTb
zSe3u|Nyg2FL~Mr+O8afu&g7*SF4p$dz5m|BSQk^!UpZp3tN^*D{nP)=axhM%|L4h$
zw6BO}WX3Rj<@++_RTUwYQ#!2@nQ<wj-k<$8d+ZeYE-R}gr&unZ;6J`|aA%03cM&D)
zi>!+0nP=xH<v_0YTHF?tOSZ?k`gr<YMSN+s9xN`8Eow$kVoMfld-;xn{oTlJzgAp<
zBm;Fnq_@P|CFKqx!oE{R-emls5ImmV=e!53odme8<~N2FbQ2ZKy1!t|<%|a++G`sl
z&?0}GKsY&Bs^NingiB@1T~lX{?4Rt2>|@VDw_=-W02f%=%cCtHJE7u;$L+NB7Z|aR
z-He)e1T?*>T?V6Xu&0@dHn<eON_c+R@RT{NB+ryt$*h3jp1}HYL^2f*(8HKe5);x0
z1ld{0;OO8KE-O{Y7-r7PnAGrzX9?TEeYC{oS4xh%x<{vsz#l@&&uFt?1;gRP+4-iL
z6pFcK`0oI+YKjfyPln*D!c8A3n!%JI)u$h|23-$F2L@SDbVQMLSE`bKP%p&G7Vfa8
zY2@h@_h3N2$nrDasqtq^Ac+g)(hkI36TESq7uYKOl%{>>d392thmj6XLpSlqj@XO1
zjON#qm`p)ltjf1e@F@JbA_ANb>fyCS7UzN34#(XO7px|3-ZQ~#``DX;*68$B=g;Xo
z4|Jl;Xq1JK?RuOdAzuj0HA);YnT|q+BYp%iJzA(hcBT_|#QOOVa;O8RVNsOPYDiH`
zwG-aZZ<2JOu&CnS&9E+Q!&N<r_*cs}=81%4#3Mf<-Yr3{q(a4c?ynV!;Gc>5nHS3M
ze=-VDo6k6Z$&4pOdRem#l#)^FN;tw!_HCscbLHK--iRp53MO~k6uQOa@RHQ72n@N+
z9SPQl><=RMQM;}HJnSdh6GPRQ`?To<wwrpd?bbFsZc(mCY4N6)Rmq!WumS-qf)ORv
z=bPQ2l21k<DkBjCv!n9nU0qxb@%4%Fei#i=5=bd(LVIjIljp7|jzFRNreELvID&PT
z=}IG_w#x0jSzx72X4Z7&hOc#e9&N%qos$S43OVSwoa2nig>H9=*BbqY5!n+UsS?R<
z+%2`N6^H&TvBd1$0S$T4!NvnM>CQXg*qcx@j2fLE<dCphk`PmQcGI0LiQqi<B>(Qx
z`z-gU^eOZ^?)E|)QoqqF=%tW`h845Yrze`yVrm1W=+Ai;_BU_-$kBLbS&3x{7~Fn<
zNOnj2dxeUnx%vKzBQxPuR4qbQ-VjuQrO9r8JEC}Lh+2GdHjE*SGkf<$fgM6ztBj(#
zWpPUg&pQlW-Av9_mv3?kL!(#&aIwrL;C774Z;Z9Tq=O`SW%Olnh3kJ4ZHIDuT_>ie
zbyj=9NaDJprKjhF1uQ-qAgzTsiBrfxq6nCz9w^SX(iP!kN|sZInaZ9Wm5vPb-4KV5
zM75paK40L+FFAx+6WWuVo|wrH3xi081k#rWGf8Fg4#=5X-ORd9PLU`0PW{LmZxO#q
zVflf{c6`EkgkX$XP_~5f7+fJs!bWJS2WEhhGd)S%LUW$b%u;?JMY@^t807)vTPSj#
zTNFrzVS)^hmu5v(Q>{q^68Z7#3C|U_vv+rt3w(gB8)O1oTFY%>g$AYNhwb_@o`Xc1
zJ(qPbP{U;_M5CuDYOOCzE`cKmY)z$maYf*-#f<1Wf}IL4Uj%AI=IBw(8f><9PXb%_
zFl5Tk4eu|b36CGx%YQd4wz)wr_uuX?t&yFvI|$UiR|yZD9y$6L_J!Yab1i5e3T8Es
zj&&^kE~A^h=vOlVqq?%Ieyfh698W?H=8j-Z>_yV0Rk&#iGo}4XUU8ius&T;lZM0Z0
z6A9k*UTm-s?N*e<5~d9F(X{MK{~nLk===A_+wAnqhh$I}&tf-c?Ad#W{OAV^6lNIB
za@8KKcv#yH3jLY$lB3CzirwR*3CF7R)%sYBknAlTWtmf0-?!&Q1EeTAC^26?h<H=E
z*O`lFJBZAi5_8N2*P|`s7f|ppd|0-am`2_Cmc$e}lPiGlZ-Aq#aUKMcGKSyM!#!oc
z=rkPF=nctHUfU7xd^8V(pqkkLoO{4<vTToTG(%TLA&>gtS|t&}M{O$YdHZ?ctf#Q{
z=er)Sig&9ir7cl}!JRY4NTU-onwxdnsJLMN-^Jk?Xx`Za!GU)cvwUN}1(I~Lxv{=d
zl~U_D^MIaw`{N5%M1@sS`%$IM86&Bt$Say>(4Q;&k#o;O`GaF1?=XOb66n%<q>ER?
z=^;(-WtyYGZ}-}~5)AaBZ#2yzwAXpv#S5shlLVj2)LK_`QFV;y^_Ix$Kg8gD$8D&X
z5w}o96ZY8&=ddR+X25TPr_9o?_gxpJ!u3Q*XaSttH-D<bgdE9G%NwJjSIY3M3&Ow8
zZcY=$ZJiq%N^FgQY++;<zolF@=H=0fG$@f=$k;xT<jkHl{yxmkq2@T9e)b6+hF0Oy
zICSn)x2eXCS|XN@o(@8#(YRN*GUIJLhhXsT+8HmsSL|^(r&$`J)Hc>3rxb3a%Xc_N
z>e7c=wB_ajPa}o)jGd3;>#1WSMPQ2U;T-J!87vK@d3}UBi1?ghrD1OG^j6H=+EIJU
zarv{aLiyVY8`v<@38A6=?T)l$yoLeYWY7FAno3S+AxOdUOBFxc68n)3b>XmAPwm^H
zg)aS@BXmMW6BZ6O{@SQiGoqg{9efGk?V%`@8UC1|T|H(4q|IL#pZfq}#+11~HLZ~^
zCH&voQ+73*L$0BrlwxV<jmrsb0k@b}uzJ<s7614)t=!P9FC1wFpkuDcqatsnoDP2G
z<wd}550qbR3mSinf)$D9t4n7491ku%6|~wY%ej{fdOO&`&N{Pm_0n0apb1ZAl@wJ$
z5!07{rsWwvZsIQD%$%fPSZ5<bNqDVcpO>(ui}mM^KICw~Z#`zXiLxE<_gwyb=Ws2_
z&lGwm9~ntl*%r7=kL_s5%k$So-<Yr6hn=KrTY^EcIuob6s)}Kfwi`Pyl?@3HrIyQd
z^+}lnrY#;PsEk*u!B(KnJJfEK+gO<PeCg5nqzy5rd7vmm2AY+IN5wd=e&rXsgiatd
zjQ3$m7V??C>f?m)-DM^`D#x0Wape!Gc-Lmf5E3#=#ZF@IkYdf8Rn9U^_~%BVxb9Sn
zf)8qw0EgV<Fmk#Ws8^C`0h8CNdGOcjlF-yQ=#t9KnTqusO(4ZM0o-+r8^4!(%-=q-
zwmiqKbP>uxxP(D`>$PDfHK0L%!7(h<&Lc`$6Y{7r6w*u<wU!+<A1H$9-IN=yz#u2q
zUFb~azoe<lumjVNT&xkIOzYIf`RidZ9z~I_Uxp>0<a<=ZMzaixvSy3plcnsJCP7Do
zQ5?<sQKPY1#|tNnPnTGX_7mFYmUS9%N)A30qlaQ`d{J#h;X?UUz*;>)yG9x#nCYGJ
z7|4>xFy4wNe_0g5vg$^6q3sFPVYEYADGgn!*(sSKw`$V8BdqMD$0p3_TX5>KI!kgr
z1q0f4@dhxh^jnpl0=!=w2QIA2+PY6oyR@9RjScVZk42DxV0#q?Hrv>x#{~Y{F6AZT
zgJ_0xEVra`(fsdRRnFnAhSb^K(hpExI>=B$*$3X1IFhS8@zjn<dg>Ou?@!fCA(lgB
z>Ay^^R!iYv%fYI-Qyv8l^l|R-W`t#!_Tx~$Ip!{gY-&VH4)gOA1~=Aku5x(hT8sK6
z0b?^{DbkSyr3*^MXaODwcG~?$zNM-#J%+urMP5H}*bXZOEi6Fh2)+SIttxwn8<0{J
zbP)vESs5k`pDCvG)z%E3EaZORC&A&!W*&`LdifGYd)t*wbJE|+2^88VKWhXV-=7Ji
zpe?sC&`2VG0-UmpcsLl*{+?Z9QkK2!bUdwacWb%p`RUOHK4cHvVob?HS|lyh0>~`9
zXK7a3X#!hm3l3Fnk^gLj_LZ3BDnjt=lpuk1Js31P7UsRk1&KlBZCiGPwDs2gHcg0e
zjEDwh?OvK+%qg~o^k|o)94pVd%+9s2%8At-eQg7~Ki=lzCCLaOO!bQ5$K^4^icXf1
z6fxX->gA1LqKpTg*jxWu&Fit*Q-;}|*EyTn=qcunE+oy7d?|N4b}Db&&Vmq-QONHr
z^9D5qI0|Y}k;Q=80&OlPqVf4l%F7lsi{S>DrzlFNu?Pa&f?x&WAhK}&0fqI&lTy0_
zFv%vBax0W)K3l8iT&U8V0$X(-@uP1L-+V5a1s_rOB+*y8q|EOwp|i@){H71a$${el
z#}$8PovOS@&{!b22Pl%Tc0-ECzh+N_(U5ocPV@tXzkPLbAC2BP4$E#`OD@e@ig|q6
z`1ry5rDyDiHK!9#BnM}v4g;bydAvyzF!`vY1%dw%>S6YK?5I~@{Bb_hqoN0O9_uct
zl$T}$-g-3mXoEF<^mDTRrx_Hqx9?b#%3`l4_1_$Fetrw0p-pq+2jN1<B4zevrYzm!
zf;CA}oQ}}cRxGyBcGa?6Db>$i6*rYC-om8-@fSY=`*3@r_+;Ip9RmlYSW>1J*D2^7
zBX8}KQ+VN};b)4!NM(#W<pNVxvB#5|7tdk!2vt!FJ=^P;Bi=nH?OianZ;UGP3$$_5
zI~KopE!nm`rD#cz5@Uy~vfG9u={aMtUM@z`k-Rv@za2g;W;7D$v2BW2caq`Eerp!1
zvvW!~!I^D)BkZ+EbIDrL-l2GSl(6s7YI-d7wpw;CH{<SLq<}gy+t|$^S2~Q|w!fPD
zKAwspsSvCYxPjFy3qL_GLn1y?#FEd9UEVvF89Jq`C$!zeCf^BZ8x($HBCLlYUd(Ql
ztv%@A$uIl0y@){L#&kWkb@}K!UQb-duGDh4@H0C&^{A!OOkSWWgl$dGbnYGV8Ty|n
zTH2nmko$bjN!3v4<ee(l+Bd`xa!s1E_teHm;jYGIfsr*oX+!(mif`&o0kN;)Y8}P0
zgq-#1DJsDGaf=GTRqB8$qPbEa<*oO7ziQ?3P6$5u&*tFqmry3md}mL6QpN*OD!iBK
z$i8RntC{1u1{F<sBq&gn9vY}03;}}p|Fe4aS$EZGb&x24cMC$i)e-;c-A=rOI>u~c
z<Sv07ZWb-KGF76mVrjyFehOk@{c+&aiUYP(0#_Mv7^3k(J*Pv>w=nbDcAqD|+oR*%
z54at^bQ|Bg@GhJtr>v>W^O7(cTl8{rnQ^Cc@#=`|;zuBFae06LunB4znBx3lW6}|)
zu>C^s6!=c0y?8};8^DNa=kL7n=3=BPrUUr}bn6wkhbr>Ztxcf=bAA6LyXG6B(Mlwt
z7O_0{MGfEAcC@dG4-zNIWdTJ(S9?P;bn<EmBq|zXg=LD!%9>wqG%hx}=5ut@M|HLf
z3C)OyZA}Luygs(L5feb9?^Vs8#B}2)c4a=*(AEU6d(lu{wE*CnZ_2;SBr}!U+gxqs
zU!;|4pUJnFSmX_KPp=?zCpuMu_~Vq3{m7Xz)CmScS~3O4dT4b{k_n&J8eY0z+PJdf
z9PQlU@lW7>zrPyP;R@l<aK<wW9eq3ZF?97XrPr1h(!}Lim#46X)?gg{S&I4=PTJ)y
zN!ahe-j}B0_bE~wrwl)qf3C7;&ZX_ldW1Lr9Fw2db&%r3u%3rg$vwOY*+hU?QD)C=
z0=_^mjHCwX->-dQ;`x)o0f6r=;jII=5BgL(`yM&)upg&M-`2VoWue68Fsd^?!36Yr
z^wE^AK=QA7O%QVsowjH$AS~aH3@7_$^f?f<+n#sX^<D(YUznbdrm!b%M@!gGf^RX6
zi2Cbw4b<2&GdkYaRe0cch4$L`_5wVx6pB*}(M-O*aPTYh$MAjETtOH5@(!t}&WNmQ
zL}o&-;EnlA3c6bFnvszy$4`mx>B@t!{X6lP1`us2#`0(+020$4AUnzqZ$y?Ch=`Ee
z#LZ|$Lj<TVwl9G(-8?1{#?f#ER581JKf`in4{s#3K&p2%Q8i<WP9&;;VW^XtUEU#O
zZGyo^M?XcRIKBFSCQPE+j^?yWkLH)jCv7pS2cx#h_Moba+a7B{BK@Rls2rO;#`l4;
z2@<$}dtJ+Utfe447dfqX<1{eqq?X3e%oXRm>|_sETK8~|0(@(hmmq>%7)B@!M8NK3
zn@z25ZzR*Zhw<HY)5W&(>W&rN)rJk@njFy4D)UZG{Ak50kj*z!p2G<Evygj9ABCSj
z5Ma`lfWMSm9eT)wvY>{u9<R<jjojIy2cb}fK|<@GYzAdX(}GU<S7fKu1QNt%H%~jM
zV>Sd5V^POBkBnG8=Tw22IcL*Wz6yFdqtJ5aZEA@JmPTTxa-j9>cN5mM3i6btoEbH|
zu@0J%T36<En30G7CC@cli{F#KGrhQWg)7(TdjE0UN0PdQocH~wASC9+yRx45G7y6}
z?)D~Y*K++}f*yMTq2G4M<5fMs0(p0ribj^!A`nLa%gABl7orSE1sKo|TJD+WSL||)
zjDeo>Mt$0%FWF9VMz(Ovg=kvec{e;+&*^Ba$6%Z^O%)k&RUfnR>S4AI$c@^ASo;@S
zR<OQ~;W!<oY0i=qsxPH1i6t>O8$${k%rh$QW2wsoho<o7<;=YRHh#7Y4^0#^O@a2d
zihS(JvFd47r7G}DlSwhyy_VDK)f+~x@fX+wjV`T9Mj__LyzdcMGn!?`77+DyHKhMU
zMb=xcjKfDhtbF-oM4AO&96wkq*_x|wDf&kIK9)9HAb!V@eq%RQOO6a~s1K4URgfwC
z=4E!Ft5bM5d;z|yNrWfQ$g^jdle`Vx+jbd5s6+S$TrcBR>V@E=9yTB;tjFn*lFDu9
zKjL#0q*n^VU#;9IKstH>^Sf=|=+1&lPi{#NC7#<SSkGKd=zQ_>@5M-%v8r4GxQ9`r
z>f|=x75g)&y`OxKv>x?t%LU|YgoEIAvMz(PZ<wDamNv`rj+|A35G`w(_Wm<eF{#-?
zMdYX4Z*YgPzG&z#BzG7bEv4fi;;Ouc_0k*2`-x&tYQGUNA?-3nQsg@lvI(6@Rn3nI
z9KFwIZ@}UM7&vA@<7eISmO~W46FhGv31(+h{<Qc_B8^UZ*hyFlg<{A}hWs7OEZM^u
zjH=BXUB>L-8oV4{yZuE8d<1cMYzQisi1E{f-*G9XaHO%dhHQ8~*IAs^IW`Iu?ad4U
zgPnY-ag%~%IE3Q&(4ekRo{_qtWyy4<43}1+M7s48eft*yxZohXv81f*DIjCK9h3Zr
zz@|qta{sHAusJ;@Egs0nRl9g#GB7-t`7MF2B*%-!f{d%eN~dD!uO9jHpE6+n!UWhs
z=C%l|lWQpdyL5^#s_9j6HFWqSi*+$`)mMzuUw(k1?=60_3ZCwqxg<vZJpH7gF@(AM
ztm`DAT!uS9)LQl@RPYhxuINjx^;myKs}!CeWH*se&q-XQF)#s{u?|2B8$n^?qH(aD
zdyBz6<C7M}q?QIo>f5zGLO_B_7GE_u$91{9SeC$W3BR;Cz0{R^Q4{_uc-iV<{Z$h|
zi5Lz?VDjyv_R7DXIE%Z!^WA2F=`1EZ)`3b6x^Tys0THI_5PE+1<eP45tf=>c_Dsd@
zNS(S)jIHcuTvSRBp`g@{>d>1ZeU{3y@~Fd@OiNBf!MA6`zlWY3DfQgDyVCK+3CnwW
zX#%^&r%>?)a;N1|$i!Ul>aQ$9OFtGtHPR*q0TqM<KM|4`;(GNRBI0w%c2z}0B?>kR
z`fP6~8Y@iU&L`&=2RS#iKG@bM#r{-&aNHuUJXk%b(Adm`Xr>JVj+`zB9x%mY=z|^}
ze=|CO7H=UtCr2k2Ns*+2kF4T(llM6>grnISnVQ%g{J%rKt<80c@P=C?eRNkj!1kvU
zyrG~acgXOF8kx0Ga|FFu*U!n^d2FIDNbZoC6kzOC$TlARkv(|9&h-cZVWL?%S^n2=
zWmZm5V@+h}u0;Vnh@T4@Y5DMa=7xq_J)?2~c{#v*)Z74Qtu8M#+(rwEVZ(tB<l^Gs
z22pcy13CC!Ph4OQE~t`?0Q6Fr4(eyi2wk_~fKJ&WV}f}8QU(J7e~ChaXgHyGb^vIe
zEh*H{&V&uX599`Nb8&G2*a2LO001L1HK&rZrKFjM6_ca@2ml2Cw*>Tuogx#M8bIxA
zZjXs3B*dxd>te;JVs5YD;mD~>4FZ8UrS06@J*a{Fe85!PPFOMs7{tx>pKGcr1BE#9
zX53EXVaOJcU#Z~^2?O5CvM<*1Lmpwg#8#hdhAdf?SLh8&{BuC3`I`^=tipanu!R)L
zywNw$vPAsG6>`2MS=t*Fhsn+InP2=>xk&aIr6yT&lV~b>3l&{hY^~TSrLFKg6WoZY
zAs;o7KP^#m!ad_s?!X#{7Ulz4bP4I6q4JYurO7$PUoIt8wn#tE>PsMnPnl|FB{9U{
z(h1||Afs3p$bV^oYM?$<p|b>S?4V1|#3sszs$gK@ozZ;g<uii|=w%F*BMvVLsuln>
zpi(6EMI$6Lx@4kY>Po2SCoFymp-1Uwfk;V7K6bN$4ohfINQMfwk{2q`*=)>&-<b)?
z2*pUj^GuV%e@MO2><8K5s9shA`6Mw9Na3YxXGx1ykm|R~(g8@7!AM+-g~?_bb|Bks
ze$q)Gf}Sami#&6j*&;%)&o1mUs#MG;F)mAxas%<2sZ?I#RSG7SaSpo!S34;hL>x}l
z!ZIX*P6io?Tdsk(o3>6cM$4<-eM^@og@+PzS(6L_)sBJJmKxM3^@~{HRFZ4ifhfDd
zbdmYQR0NZEl`U=HW6ryeGiI9cbgGWErw;Mq{VD)A%LY-yOjDjvc+&SovRe$p`P($S
zt_a;+vEfV9E(pjDfUs22{jY8-5c9j8`hgBLEZY1a;%5HZL^mv2Ta+I{57F*J$brEL
z@DJ#n-a!Q<gKi1j0}iPSu_7^9LL%Gq!DQU^Ln^WuxA``7cFJ#e()KiIV~I-7K3lWw
z6>ZzX1~p%{N@sl-<A}%_I1L^~9p>0Fyk!%@8~T7zoM0#1-G}nwE$0J)I^=$M25#;y
z2{}|KvJd-;v|c68YwP2JDZVb_=NL4}tiWMAxKGMiYgq!*Jl$qKaE&hG=y(XqGPW_I
z-dXnD2+DqMnZ^;chlg=i_=mgWai}T-Wr>61&0WR)adt$M`6WpBW2O!X^qh9q7=|!0
zakj}VG{q|OabY>bOkjhSl_8;*5$_rIxJhw>L~-5)M;35}WgTr13V9<%%dU0v;S$k=
znk&kZiE9t+f!JWo_<qcAD%A>adzybmy;Wr6TxG#sQ;w*%j37I-@DW8&9K{2<>7@)=
z`s^WD5bwf`r}=Lo8TU;3e1fI3KvoAx4cadQgGfjZv&cnyKCXn3zd*XN!-^t-n8Tvv
z$@s`bJ>f7y(iC2|2>s&GS24>?DPkE7gz<x-NNU3_BIv1!R!Qzb1{j%?XwZqnVLHJB
zqA!T9y^5#qloYb4X6~kRbiRRRPLaL<Q$;=NA=`ATgK<fjz`?^|90_vMjBkorw;2yO
z$P9o{aIYJBt3nQN5>nspKd6s|Iw>rQ<Y562uNDk5cQW(ek(6fHA?ZWDj>!cgT7ZG&
zblJom=?3+RV|0wM<MBNy5>O~64RRTAT?Fi>Es>94|H1N}B2jcCW8_hcBg&a{S3w$C
z-C>etlCAh_au7y7O{fqJT_?`Srhh~G4zr*7l=o8m3HC!fWIcL{3akBO?rBJ;gvtr~
z!du5VY2+fe{Aktr<^E0l9!FQe%hZqdP2*>sPmfI=P!63AjAfp3VJLxE&idN7hp4@y
zF5mPZtd7a<p^Nffj|!H?`0fnwh*okz4*&N*bX+7upJOJZ6EBRjh0mQ$$c3|?i=V4?
z2_8!B+N#igK$<&L$EezhE<vLzZ32p)8CocRsM0g5{o0XBE+#>x`Q<a9;4{EbQ<ax9
z`L_7d&v>63`MwgNCXg(v;M}gPgk@r03%|iNI{gSVmkMZ5vNizg&1n}*4&rh9q)wZ!
zV^TPlb9L6(fW2m|-#HQnc$W8Eqz2fQOL*j0b*wL4Lz(~r69-CQ^Wx&<X4dm5?Q?OR
zj3+^df%fJU$U|oa;t3v>6jr8%+vKGla6_-Da$&(x=ZbBhI;X?Y(PcNlA<n2R!U$h?
zc2O>-xXLU0Op9RT;i9;DT`#h{c2MxTvwq@m_bece%4o0#6<{-)=Q*K$5;YOU(W*XU
zUelfjkzCMvU6{8WA6v7zQWOqNy~^>cWXpvg++<Ev(A(P>xyhA`bW$lTND-zw-XAv=
zMDkRSowz4dPe~bif9G>4mz~S_+|r$_B<qOnq&=d@ihm26-XGGS-I})eYpa`NKFsc$
zr#Q&(!>OFSgP5v49mzlrrXs}%6UMxwL}WUo?XeuafktF*Z71v1=-12%!PUyc#OQn_
zPe+|~fkYCpYBNQ|p!XlGW)F+N3Hph258I82G3GkG8G4;KgHuP5jB*8*>QT>yuV=RP
z>z-j{)nzUA>pzwzl~=P#-g`Rp9W2%T=;qd5#Au?xtv<msFo{|TQZQVlk8OKAhT(zi
zEg9R#D()c=7?Kef@<zR<fM4&fsHTvrrjokZUya|~SKE6VWhfZsFA{a!a)e}jbH;T2
z#8kd}@Q)_?DF1&pRY;3m+PAY+1iXsr3hsIP63Ef$HKVr){3<BLS_<4+@Oqa#btUj<
zNKqaB$Pq_d1`}=Qnb58V**kW5S6YAUC8zV-p{*KgNg^;+CPC9qs`?nGj!fzmFxy&K
zj>tzAtm6N2AD~z@r6qi{-o)eXC8c?~u=ZK1PB&>^?^M_6<aoN3P>nZIvclhg-Evi>
zPaqAOf+2Hyd1E!koLyd^Y3!$fCo6k3*0G)HA6dshx&#dycEd`@qxsAAt*Qw}R88fn
zM7F>8wNdOI0-Qq58xw+o`?Zs>HkW-)VP(f*qcGyIUk4$yD+2`C*Iy%%9)3m@Sh)l9
zLNoSk6ERQT-Y)d2Dxg8<(PIvsGl0SZph{)eg58y&Ih4%S>N+jHb;j~Ho8?@M^NR**
z0Q}0ysILA~Ut|*qg)c(-*l-iAGJ2z&kjh-ShfAxv0d~HfFej7#zJUPy?J8CQ)qaNy
zYJm@IfrlC&R&dJ)@rP;ew(*;(PLa-M!y0{Vrc~6IANMPAg62eOxeLsWA=hFY{q`I}
zhe_qx)z=FZpVcZRqRQt-GDyHnQ$MY09$PuK1L^xp!#<=ydYqIf%C_;2cuYWaH3~5k
z;PI&Vdu0=y?_K#feX8y8c835Zy5f22n1EtydoZ_O|GeRFl0XKBb~%|`udC5@AfTU`
zeV<F}Q8)A~PE!W33Rtz>q|sXaDRgaBy=pc0b6^--Al<&C!hg<{?t@7}Yb3Jt^$ZF}
z<&tcw0rfm2xxs*KtI6Y<9lSF0zH6A6%7Q_!FOjWCt_j9+{iV;)j@54xy%G=O&+N%#
z+5Q~w0EuF^rzFM1ji)SmZMnqvkEK|0@cDiW*b!@pk^_F*z?ge3&uEQLhhy_DW6ZZ9
z2_v7+>xb*c?-`ibrEab5hpST`{YHI<{Teg$bYD|iSw7fG&zp7|BK!1#xF&|^_fArh
zbPck&A3Gc}2jV!0*eaj28+>3(JqI3Gn=-$t4Y}H6G?6FcrX*NMWfij*Z7JmKpU5zO
zC2<Tu1x8+ae)~i7P|F|X@l@T`z+S-d_4I1GjaGHF928mU&<_!3|8B2cwjW{q#~XqD
z*@^!*WOFn3I5}M?%*Wm<o}l=;#`Qp@44J+Rc?47FnSSz-xuL|6q(JUbSWcvjHDN7)
zmOUD_6`uZ~uzql&%QRhNj8<&$E2w%NQ*KgoWTZv;Fnf9|h?bvZbA-?M-uI7jtoouW
zcjnQ+)Ar?~kI-2Tl{0qNsR$G7>xL(n)J>Lj2w_WG3)@pla~Gv>b`GVm1UJcp42GAt
z5QSIQbuQJpac<WoHk>h~$XPXZjdFV~*27ZxL+b=r(bLcMvx)WX`?DOWJ><=Gv(Trb
z10TlC3l-j%m4bw>rxTx-^Zlzkr{8;bucbwl<lM)rTNl0wnyazrg(ugWCo1PF@0+I)
z$i(yQo%PMu{q4bx*@E{$h?DdA?+b5{jgCJ)5F8`O)7>++;+gz-)tCx<>Dn%Lky+}h
zrc>G8LlNOMr%?-GYNDFHSMQ_7@V>dmGrgkIZ2j=A$?K=fD8=uOjMD6{9|w=<8EY|P
z<YjZd#%Yr-#R_PX3GUBQBjbws6}J`95c-*e9I<-mbABrL;V0kLF^=Z()DP1?B}T>)
zQxap{$eImf*xzW6NzJ+yG^{nU@luaz^}9*Ac+Mzoa2B)gn~@C3iqP$j&>Ea0Cr1nH
z!zr~ct8-)}8IbRLNwwCiR^ui8{Nv_ij8!m3<I3;L&X~WSR!9Dl4F2jys}&nDYLcMD
zkIcOPq;3O2fpoEYxst&v$Y}s%VxD~z3H%a&7ftq!7d@-X(-z6Ap&_$wv8|GuHNAJ=
zYh_=}m4U55nGx4Xm$wwtBXY8$_cX?gXt(69&6q?Z9qK)Wh<z68Nxk?6``50^hIns8
zSXe+RtR@nDNV`vSyAN!q1hh_+p*gn$*5-Bd<v&`&**amH**f6@LSezF<>K&zlzd$O
zl}#DErcVGP>VKq!|46SueB8~k67UGH&?Fzm@K#Cq=2l6B+Q?L&4p_$K_(_Bf*i^($
zSf=olX@usKX+)mD)KYPH?B-Qvq&YZP05sm4xOqqoNeMRfvjjY5DvbuxW-3$?o-v$J
z6RDX|6FG5^;(upyueN#l{=+suSLz}uieT!PG7@?!swNUuxF8uyvmhDjVI2g-&+}iT
z|0@O5RkyO{)UfljqJC}U)G?q2Qgcy*jHo%)ot<B^!B=s0PB|xQXKHTle_l%(2myG-
z0lfTRF%VcnnqQI&$PWN=@dJ2)AP^5wLi%+d>HkFn^WQ{_sQ;N|^89_<DfhyX0hS9v
z_f<1ZB-g^~Mm=8QEti5uW+)GHR2VLE`p9^3B?#XtnM7UA63SuNa!J+F`;f!=W5+*d
z^XKE_0RNjGOa$e3KV>A6KNFyF?@zPZW}sOs1E|xyQAfG%u(}YV{qC4`vCy;^f<4P1
zrn@Z5-^JrhmpGPn(6F|H3p%$f+4wTWnzv?|TUZb;#BGCVdKf8K5KNGV@gLO@A^5iV
zaL1wDEHtIEC{DOLqoH>gG&Jh6Y&ePbpZ2V2_QT_qSxJP&i{Cur)gRKdOAothVCr*U
zQx7oSVVG>uVT3?Ly2_8;FkiYFMd7(1Vr0@Eu`rO0rbDVsQ3_1o#vla%V88$*IshU*
zF?{S71ov8G!CDxyS_IZwBm<X^u3H$&03yR~LWVvBVr-}>ZA*_w8r(Smvp5(Tp$FqK
z6y_3{^Aged5>^BybOi^l2Y@ebMl>GY3PA2Pr3{rIloUsJA2d-5lTU+YPJ;wVq^8`V
z#>Jy1RHr5(>JisPva2Od>BSok!;lSU8x9p3{zR?|J7&hc*C(%wh*%37^#x~9f+VS%
zR2O|f745_nKdDc;^rL)fm}4ykk{R-8=(k$*+is`QApK?Jhiw@0PzhCJnQavEusIjJ
z*dA9t*pe+;F41@XAq_4_8Cyb-tPtrInA9yE!!YX>IGt@$!*CwkATk$x{cWPPpmrDR
z?|Ja&eelG=;g={mVvIszjF$v{TZls89EV{`)95u@^uNSJ{6F$uVj*p@cj%n`G56-j
zr_ZtH`pzC2E6uInV<sMf+k%=$Y2WzpD>M+ETLAZuxJMEW-5V9gCb7@e7$C%`JgvMt
zbQre@$yAeRR0?bmKQAU4;9mzfPjmD%suVl~%)>|h4~*LBU#%b@58!nk{&oBt#s}v8
zI|c%RUZ>rE%7M6mukqt=7%u?ycMSYm#rX?^{JRlu5b%GH;pPIoPS*c?AUDrnllE^I
zAJ_lT<pFU24}v_P*8<gl>*D@(3F6`UC!4>>q(Y`qDVv|>Q6+FwTMkh1UW3c)@oy@B
zX@FmK{zeN31Os{h=A&1PoA+=20KJy4c>YHJ6$AaBF#cB`y?W@see^2G{rA3ufm~qT
zzxDkU<KzFE5ia0sNc|h>*M4*V-RG|uAMbzr4f2mM^ZHtWz<+n#D=BU;;Ps9Dr)U1c
zxc=s?SBwYvH@R1j^Me0vlzF(B*}b=N`$q}yUs0R)pP?G^s`>vgR{uw+{%0A`%+15c
z&B_`RjfV@w&BKR@Mo%xLBK`VTfq#IhgNLX@uY=%UbpAiG;Z$|A@}mAH3C_R1U#~UH
S*W14wMgBjS^6~s{rvD3FKBe&h


From fd9c26e96ec099ec0308e4ee966e3c78d295e6c4 Mon Sep 17 00:00:00 2001
From: "erluko@gmail.com"
 <erluko@gmail.com@69e6d614-4441-0410-9a8b-65af957f44db>
Date: Tue, 19 Nov 2013 20:43:53 +0000
Subject: [PATCH 030/812] Allowing multi-valued Validator.ConfigurationFile
 property as requested in Issue 86 "Need validation configuration
 enhancements"

---
 .../DefaultSecurityConfiguration.java         | 135 ++---
 .../DefaultSecurityConfigurationTest.java     |  28 ++
 ...ESAPI-CommaValidatorFileChecker.properties | 466 ++++++++++++++++++
 .../ESAPI-DualValidatorFileChecker.properties | 466 ++++++++++++++++++
 ...SAPI-QuotedValidatorFileChecker.properties | 466 ++++++++++++++++++
 ...SAPI-SingleValidatorFileChecker.properties | 466 ++++++++++++++++++
 .../esapi/validation-test,comma.properties    |   1 +
 .../esapi/validation-test1.properties         |   1 +
 .../esapi/validation-test2.properties         |   1 +
 9 files changed, 1973 insertions(+), 57 deletions(-)
 create mode 100644 src/test/resources/esapi/ESAPI-CommaValidatorFileChecker.properties
 create mode 100644 src/test/resources/esapi/ESAPI-DualValidatorFileChecker.properties
 create mode 100644 src/test/resources/esapi/ESAPI-QuotedValidatorFileChecker.properties
 create mode 100644 src/test/resources/esapi/ESAPI-SingleValidatorFileChecker.properties
 create mode 100644 src/test/resources/esapi/validation-test,comma.properties
 create mode 100644 src/test/resources/esapi/validation-test1.properties
 create mode 100644 src/test/resources/esapi/validation-test2.properties

diff --git a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
index c2e382108..995ad7007 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
@@ -23,6 +23,7 @@
 import java.net.URL;
 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.Collections;
 import java.util.HashMap;
 import java.util.Iterator;
 import java.util.List;
@@ -31,6 +32,7 @@
 import java.util.regex.Pattern;
 import java.util.regex.PatternSyntaxException;
 
+import org.apache.commons.lang.text.StrTokenizer;
 import org.owasp.esapi.ESAPI;
 import org.owasp.esapi.Logger;
 import org.owasp.esapi.SecurityConfiguration;
@@ -84,7 +86,7 @@ public static SecurityConfiguration getInstance() {
     private String cipherXformCurrent = null;		// New in ESAPI 2.0
 
 	/** The name of the ESAPI property file */
-	public static final String RESOURCE_FILE = "ESAPI.properties";
+	public static final String DEFAULT_RESOURCE_FILE = "ESAPI.properties";
 	
     public static final String REMEMBER_TOKEN_DURATION = "Authenticator.RememberTokenDuration";
     public static final String IDLE_TIMEOUT_DURATION = "Authenticator.IdleTimeoutDuration";
@@ -147,6 +149,7 @@ public static SecurityConfiguration getInstance() {
     public static final String LOG_APPLICATION_NAME = "Logger.LogApplicationName";
     public static final String LOG_SERVER_IP = "Logger.LogServerIP";
     public static final String VALIDATION_PROPERTIES = "Validator.ConfigurationFile";
+    public static final String VALIDATION_PROPERTIES_MULTIVALUED = "Validator.ConfigurationFile.MultiValued";
     public static final String ACCEPT_LENIENT_DATES = "Validator.AcceptLenientDates";
 
 
@@ -215,13 +218,15 @@ public static SecurityConfiguration getInstance() {
      * be used to load the file.
      */
     private String resourceDirectory = ".esapi";	// For backward compatibility (vs. "esapi")
+	private final String resourceFile;
 
 //    private static long lastModified = -1;
 
     /**
      * Instantiates a new configuration.
      */
-    public DefaultSecurityConfiguration() {
+    protected DefaultSecurityConfiguration(String resourceFile) {
+    	this.resourceFile = resourceFile;
     	// load security configuration
     	try {
         	loadConfiguration();
@@ -241,11 +246,17 @@ public DefaultSecurityConfiguration() {
      * @param properties
      */
     public DefaultSecurityConfiguration(Properties properties) {
-    	super();
+    	resourceFile = DEFAULT_RESOURCE_FILE;
     	this.properties = properties; 
     	this.setCipherXProperties();
     }
     
+    /**
+     * 
+     */
+    public DefaultSecurityConfiguration(){
+    	this(DEFAULT_RESOURCE_FILE);
+    }
     private void setCipherXProperties() {
 		// TODO: FUTURE: Replace by future CryptoControls class???
 		// See SecurityConfiguration.setCipherTransformation() for
@@ -422,74 +433,84 @@ private Properties loadPropertiesFromStream( InputStream is, String name ) throw
 	 *             if the file is inaccessible
 	 */
 	protected void loadConfiguration() throws IOException {
-		
 		try {
 		    //first attempt file IO loading of properties
-			logSpecial("Attempting to load " + RESOURCE_FILE + " via file I/O.");
-			properties = loadPropertiesFromStream(getResourceStream(RESOURCE_FILE), RESOURCE_FILE);
+			logSpecial("Attempting to load " + resourceFile + " via file I/O.");
+			properties = loadPropertiesFromStream(getResourceStream(resourceFile), resourceFile);
 			
 		} catch (Exception iae) {
 		    //if file I/O loading fails, attempt classpath based loading next
-		    logSpecial("Loading " + RESOURCE_FILE + " via file I/O failed. Exception was: " + iae);
-			logSpecial("Attempting to load " + RESOURCE_FILE + " via the classpath.");
+		    logSpecial("Loading " + resourceFile + " via file I/O failed. Exception was: " + iae);
+			logSpecial("Attempting to load " + resourceFile + " via the classpath.");
 			try {
-				properties = loadConfigurationFromClasspath(RESOURCE_FILE);
+				properties = loadConfigurationFromClasspath(resourceFile);
 			} catch (Exception e) {				
-				logSpecial(RESOURCE_FILE + " could not be loaded by any means. Fail.", e);
-				throw new ConfigurationException(RESOURCE_FILE + " could not be loaded by any means. Fail.", e);
+				logSpecial(resourceFile + " could not be loaded by any means. Fail.", e);
+				throw new ConfigurationException(resourceFile + " could not be loaded by any means. Fail.", e);
 			}			
 		}
 		
 		// if properties loaded properly above, get validation properties and merge them into the main properties
 		if (properties != null) {
+			final Iterator<String> validationPropFileNames;
 			
-			String validationPropFileName = getESAPIProperty(VALIDATION_PROPERTIES, "validation.properties");
-			Properties validationProperties = null;
-
-			//clear any cached validation patterns so they can be reloaded from validation.properties
-			patternCache.clear();
-			
-			try {
-			    //first attempt file IO loading of properties
-				logSpecial("Attempting to load " + validationPropFileName + " via file I/O.");
-				validationProperties = loadPropertiesFromStream(getResourceStream(validationPropFileName), validationPropFileName);
-				
-			} catch (Exception iae) {
-			    //if file I/O loading fails, attempt classpath based loading next
-			    logSpecial("Loading " + validationPropFileName + " via file I/O failed.");
-				logSpecial("Attempting to load " + validationPropFileName + " via the classpath.");		
-				try {
-					validationProperties = loadConfigurationFromClasspath(validationPropFileName);
-				} catch (Exception e) {				
-					logSpecial(validationPropFileName + " could not be loaded by any means. fail.", e);
-				}			
-			}
+			//defaults to single-valued for backwards compatibility
+			final boolean multivalued= getESAPIProperty(VALIDATION_PROPERTIES_MULTIVALUED, false);
+			final String validationPropValue = getESAPIProperty(VALIDATION_PROPERTIES, "validation.properties");
 			
-			if (validationProperties != null) {
-		    	Iterator<?> i = validationProperties.keySet().iterator();
-		    	while( i.hasNext() ) {
-		    		String key = (String)i.next();
-		    		String value = validationProperties.getProperty(key);
-		    		properties.put( key, value);
-		    	}
+			if(multivalued){
+				// the following cast warning goes away if the apache commons lib is updated to current version				
+				validationPropFileNames = StrTokenizer.getCSVInstance(validationPropValue);
+			} else {
+				validationPropFileNames = Collections.singletonList(validationPropValue).iterator();
 			}
 			
-	        if ( shouldPrintProperties() ) {
-	    	
-	    	//FIXME - make this chunk configurable
-	    	/*
-	        logSpecial("  ========Master Configuration========", null);
-	        //logSpecial( "  ResourceDirectory: " + DefaultSecurityConfiguration.resourceDirectory );
-	        Iterator j = new TreeSet( properties.keySet() ).iterator();
-	        while (j.hasNext()) {
-	            String key = (String)j.next();
-	            // print out properties, but not sensitive ones like MasterKey and MasterSalt
-	            if ( !key.contains( "Master" ) ) {
-	            		logSpecial("  |   " + key + "=" + properties.get(key), null);
-	        	}
-	        }
-	        */
-	        	
+			//clear any cached validation patterns so they can be reloaded from validation.properties
+			patternCache.clear();
+			while(validationPropFileNames.hasNext()){
+				String validationPropFileName = validationPropFileNames.next();
+				Properties validationProperties = null;
+				try {
+				    //first attempt file IO loading of properties
+					logSpecial("Attempting to load " + validationPropFileName + " via file I/O.");
+					validationProperties = loadPropertiesFromStream(getResourceStream(validationPropFileName), validationPropFileName);
+					
+				} catch (Exception iae) {
+				    //if file I/O loading fails, attempt classpath based loading next
+				    logSpecial("Loading " + validationPropFileName + " via file I/O failed.");
+					logSpecial("Attempting to load " + validationPropFileName + " via the classpath.");		
+					try {
+						validationProperties = loadConfigurationFromClasspath(validationPropFileName);
+					} catch (Exception e) {				
+						logSpecial(validationPropFileName + " could not be loaded by any means. fail.", e);
+					}			
+				}
+				
+				if (validationProperties != null) {
+			    	Iterator<?> i = validationProperties.keySet().iterator();
+			    	while( i.hasNext() ) {
+			    		String key = (String)i.next();
+			    		String value = validationProperties.getProperty(key);
+			    		properties.put( key, value);
+			    	}
+				}
+				
+		        if ( shouldPrintProperties() ) {
+		    	
+		    	//FIXME - make this chunk configurable
+		    	/*
+		        logSpecial("  ========Master Configuration========", null);
+		        //logSpecial( "  ResourceDirectory: " + DefaultSecurityConfiguration.resourceDirectory );
+		        Iterator j = new TreeSet( properties.keySet() ).iterator();
+		        while (j.hasNext()) {
+		            String key = (String)j.next();
+		            // print out properties, but not sensitive ones like MasterKey and MasterSalt
+		            if ( !key.contains( "Master" ) ) {
+		            		logSpecial("  |   " + key + "=" + properties.get(key), null);
+		        	}
+		        }
+		        */
+		        }   	
 	        }
 		}
 	}	
@@ -541,7 +562,7 @@ public File getResourceFile(String filename) {
 		}
 
 		// if not found, then try the programmatically set resource directory
-		// (this defaults to SystemResource directory/RESOURCE_FILE
+		// (this defaults to SystemResource directory/resourceFile
 		URL fileUrl = ClassLoader.getSystemResource(resourceDirectory + "/" + filename);
         if ( fileUrl == null ) {
             fileUrl = ClassLoader.getSystemResource("esapi/" + filename);
@@ -664,7 +685,7 @@ private Properties loadConfigurationFromClasspath(String fileName) throws Illega
 
 		if (result == null) {
 			// CHECKME: This is odd...why not ConfigurationException?
-		    throw new IllegalArgumentException("Failed to load " + RESOURCE_FILE + " as a classloader resource.");
+		    throw new IllegalArgumentException("Failed to load " + resourceFile + " as a classloader resource.");
 		}
 
 		return result;
diff --git a/src/test/java/org/owasp/esapi/reference/DefaultSecurityConfigurationTest.java b/src/test/java/org/owasp/esapi/reference/DefaultSecurityConfigurationTest.java
index 4e1d1fee3..b25d8e4dd 100644
--- a/src/test/java/org/owasp/esapi/reference/DefaultSecurityConfigurationTest.java
+++ b/src/test/java/org/owasp/esapi/reference/DefaultSecurityConfigurationTest.java
@@ -1,5 +1,7 @@
 package org.owasp.esapi.reference;
 
+import java.util.regex.Pattern;
+
 import junit.framework.Assert;
 
 import org.junit.Test;
@@ -385,6 +387,32 @@ public void testGetMaxLogFileSize() {
 		secConf = this.createWithProperty(DefaultSecurityConfiguration.MAX_LOG_FILE_SIZE, String.valueOf(maxLogSize));
 		Assert.assertEquals(maxLogSize, secConf.getMaxLogFileSize());
 	}
+	
+	private String patternOrNull(Pattern p){
+		return null==p?null:p.pattern();
+	}
 
+	@Test
+	public void testValidationsPropertiesFileOptions(){
+		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration("ESAPI-SingleValidatorFileChecker.properties");
+		Assert.assertEquals(patternOrNull(secConf.getValidationPattern("Test1")), "ValueFromFile1");
+		Assert.assertNull(secConf.getValidationPattern("Test2"));
+		Assert.assertNull(secConf.getValidationPattern("TestC"));
+		
+		secConf = new DefaultSecurityConfiguration("ESAPI-DualValidatorFileChecker.properties");
+		Assert.assertEquals(patternOrNull(secConf.getValidationPattern("Test1")), "ValueFromFile1");
+		Assert.assertEquals(patternOrNull(secConf.getValidationPattern("Test2")), "ValueFromFile2");
+		Assert.assertNull(secConf.getValidationPattern("TestC"));
+
+		secConf = new DefaultSecurityConfiguration("ESAPI-CommaValidatorFileChecker.properties");
+		Assert.assertEquals(patternOrNull(secConf.getValidationPattern("TestC")), "ValueFromCommaFile");
+		Assert.assertNull(secConf.getValidationPattern("Test1"));
+		Assert.assertNull(secConf.getValidationPattern("Test2"));
+
+		secConf = new DefaultSecurityConfiguration("ESAPI-QuotedValidatorFileChecker.properties");
+		Assert.assertEquals(patternOrNull(secConf.getValidationPattern("Test1")), "ValueFromFile1");
+		Assert.assertEquals(patternOrNull(secConf.getValidationPattern("Test2")), "ValueFromFile2");
+		Assert.assertEquals(patternOrNull(secConf.getValidationPattern("TestC")), "ValueFromCommaFile");
+	}
 	
 }
diff --git a/src/test/resources/esapi/ESAPI-CommaValidatorFileChecker.properties b/src/test/resources/esapi/ESAPI-CommaValidatorFileChecker.properties
new file mode 100644
index 000000000..837d5a9d3
--- /dev/null
+++ b/src/test/resources/esapi/ESAPI-CommaValidatorFileChecker.properties
@@ -0,0 +1,466 @@
+#
+# OWASP Enterprise Security API (ESAPI) Properties file -- TEST Version
+# 
+# This file is part of the Open Web Application Security Project (OWASP)
+# Enterprise Security API (ESAPI) project. For details, please see
+# http://www.owasp.org/index.php/ESAPI.
+#
+# Copyright (c) 2008,2009 - The OWASP Foundation
+#
+# DISCUSS: This may cause a major backwards compatibility issue, etc. but
+#		   from a name space perspective, we probably should have prefaced
+#		   all the property names with ESAPI or at least OWASP. Otherwise
+#		   there could be problems is someone loads this properties file into
+#		   the System properties.  We could also put this file into the
+#		   esapi.jar file (perhaps as a ResourceBundle) and then allow an external
+#		   ESAPI properties be defined that would overwrite these defaults.
+#		   That keeps the application's properties relatively simple as usually
+#		   they will only want to override a few properties. If looks like we
+#		   already support multiple override levels of this in the
+#		   DefaultSecurityConfiguration class, but I'm suggesting placing the
+#		   defaults in the esapi.jar itself. That way, if the jar is signed,
+#		   we could detect if those properties had been tampered with. (The
+#		   code to check the jar signatures is pretty simple... maybe 70-90 LOC,
+#		   but off course there is an execution penalty (similar to the way
+#		   that the separate sunjce.jar used to be when a class from it was
+#		   first loaded). Thoughts?
+###############################################################################
+#
+# WARNING: Operating system protection should be used to lock down the .esapi
+# resources directory and all the files inside and all the directories all the
+# way up to the root directory of the file system.  Note that if you are using
+# file-based implementations, that some files may need to be read-write as they
+# get updated dynamically.
+#
+# Before using, be sure to update the MasterKey and MasterSalt as described below.
+# N.B.: If you had stored data that you have previously encrypted with ESAPI 1.4,
+#		you *must* FIRST decrypt it using ESAPI 1.4 and then (if so desired)
+#		re-encrypt it with ESAPI 2.0. If you fail to do this, you will NOT be
+#		able to decrypt your data with ESAPI 2.0.
+#
+#		YOU HAVE BEEN WARNED!!! More details are in the ESAPI 2.0 Release Notes.
+#
+#===========================================================================
+# ESAPI Configuration
+#
+# If true, then print all the ESAPI properties set here when they are loaded.
+# If false, they are not printed. Useful to reduce output when running JUnit tests.
+# If you need to troubleshoot a properties related problem, turning this on may help,
+# but we leave it off for running JUnit tests. (It will be 'true' in the one delivered
+# as part of production ESAPI, mostly for backward compatibility.)
+ESAPI.printProperties=false
+
+# ESAPI is designed to be easily extensible. You can use the reference implementation
+# or implement your own providers to take advantage of your enterprise's security
+# infrastructure. The functions in ESAPI are referenced using the ESAPI locator, like:
+#
+#    String ciphertext =
+#		ESAPI.encryptor().encrypt("Secret message");   // Deprecated in 2.0
+#    CipherText cipherText =
+#		ESAPI.encryptor().encrypt(new PlainText("Secret message")); // Preferred
+#
+# Below you can specify the classname for the provider that you wish to use in your
+# application. The only requirement is that it implement the appropriate ESAPI interface.
+# This allows you to switch security implementations in the future without rewriting the
+# entire application.
+#
+# ExperimentalAccessController requires ESAPI-AccessControlPolicy.xml in .esapi directory
+ESAPI.AccessControl=org.owasp.esapi.reference.DefaultAccessController
+# FileBasedAuthenticator requires users.txt file in .esapi directory
+ESAPI.Authenticator=org.owasp.esapi.reference.FileBasedAuthenticator
+ESAPI.Encoder=org.owasp.esapi.reference.DefaultEncoder
+ESAPI.Encryptor=org.owasp.esapi.reference.crypto.JavaEncryptor
+
+ESAPI.Executor=org.owasp.esapi.reference.DefaultExecutor
+ESAPI.HTTPUtilities=org.owasp.esapi.reference.DefaultHTTPUtilities
+ESAPI.IntrusionDetector=org.owasp.esapi.reference.DefaultIntrusionDetector
+# Log4JFactory Requires log4j.xml or log4j.properties in classpath - http://www.laliluna.de/log4j-tutorial.html
+ESAPI.Logger=org.owasp.esapi.reference.Log4JLogFactory
+#ESAPI.Logger=org.owasp.esapi.reference.JavaLogFactory
+#ESAPI.Logger=org.owasp.esapi.reference.ExampleExtendedLog4JLogFactory
+ESAPI.Randomizer=org.owasp.esapi.reference.DefaultRandomizer
+ESAPI.Validator=org.owasp.esapi.reference.DefaultValidator
+
+#===========================================================================
+# ESAPI Authenticator
+#
+Authenticator.AllowedLoginAttempts=3
+Authenticator.MaxOldPasswordHashes=13
+Authenticator.UsernameParameterName=username
+Authenticator.PasswordParameterName=password
+# RememberTokenDuration (in days)
+Authenticator.RememberTokenDuration=14
+# Session Timeouts (in minutes)
+Authenticator.IdleTimeoutDuration=20
+Authenticator.AbsoluteTimeoutDuration=120
+
+#===========================================================================
+# ESAPI Encoder
+#
+# ESAPI canonicalizes input before validation to prevent bypassing filters with encoded attacks.
+# Failure to canonicalize input is a very common mistake when implementing validation schemes.
+# Canonicalization is automatic when using the ESAPI Validator, but you can also use the
+# following code to canonicalize data.
+#
+#      ESAPI.Encoder().canonicalize( "%22hello world&#x22;" );
+#  
+# Multiple encoding is when a single encoding format is applied multiple times. Allowing
+# multiple encoding is strongly discouraged.
+Encoder.AllowMultipleEncoding=false
+
+# Mixed encoding is when multiple different encoding formats are applied, or when
+# multiple formats are nested. Allowing multiple encoding is strongly discouraged.
+Encoder.AllowMixedEncoding=false
+
+# The default list of codecs to apply when canonicalizing untrusted data. The list should include the codecs
+# for all downstream interpreters or decoders. For example, if the data is likely to end up in a URL, HTML, or
+# inside JavaScript, then the list of codecs below is appropriate. The order of the list is not terribly important.
+Encoder.DefaultCodecList=HTMLEntityCodec,PercentCodec,JavaScriptCodec
+
+
+#===========================================================================
+# ESAPI Encryption
+#
+# The ESAPI Encryptor provides basic cryptographic functions with a simplified API.
+# To get started, generate a new key using java -classpath esapi.jar org.owasp.esapi.reference.crypto.JavaEncryptor
+# There is not currently any support for key rotation, so be careful when changing your key and salt as it
+# will invalidate all signed, encrypted, and hashed data.
+#
+# WARNING: Not all combinations of algorithms and key lengths are supported.
+# If you choose to use a key length greater than 128, you MUST download the
+# unlimited strength policy files and install in the lib directory of your JRE/JDK.
+# See http://java.sun.com/javase/downloads/index.jsp for more information.
+#
+# Backward compatibility with ESAPI Java 1.4 is supported by the two deprecated API
+# methods, Encryptor.encrypt(String) and Encryptor.decrypt(String). However, whenever
+# possible, these methods should be avoided as they use ECB cipher mode, which in almost
+# all circumstances a poor choice because of it's weakness. CBC cipher mode is the default
+# for the new Encryptor encrypt / decrypt methods for ESAPI Java 2.0.  In general, you
+# should only use this compatibility setting if you have persistent data encrypted with
+# version 1.4 and even then, you should ONLY set this compatibility mode UNTIL
+# you have decrypted all of your old encrypted data and then re-encrypted it with
+# ESAPI 2.0 using CBC mode. If you have some reason to mix the deprecated 1.4 mode
+# with the new 2.0 methods, make sure that you use the same cipher algorithm for both
+# (256-bit AES was the default for 1.4; 128-bit is the default for 2.0; see below for
+# more details.) Otherwise, you will have to use the new 2.0 encrypt / decrypt methods
+# where you can specify a SecretKey. (Note that if you are using the 256-bit AES,
+# that requires downloading the special jurisdiction policy files mentioned above.)
+#
+#		***** IMPORTANT: These are for JUnit testing. Test files may have been
+#						 encrypted using these values so do not change these or
+#						 those tests will fail. The version under
+#							src/main/resources/.esapi/ESAPI.properties
+#						 will be delivered with Encryptor.MasterKey and
+#						 Encryptor.MasterSalt set to the empty string.
+#
+#						 FINAL NOTE:
+#                           If Maven changes these when run, that needs to be fixed.
+#       256-bit key... requires unlimited strength jurisdiction policy files
+### Encryptor.MasterKey=pJhlri8JbuFYDgkqtHmm9s0Ziug2PE7ovZDyEPm4j14=
+#       128-bit key
+Encryptor.MasterKey=a6H9is3hEVGKB4Jut+lOVA==
+Encryptor.MasterSalt=SbftnvmEWD5ZHHP+pX3fqugNysc=
+# Encryptor.MasterSalt=
+
+# Provides the default JCE provider that ESAPI will "prefer" for its symmetric
+# encryption and hashing. (That is it will look to this provider first, but it
+# will defer to other providers if the requested algorithm is not implemented
+# by this provider.) If left unset, ESAPI will just use your Java VM's current
+# preferred JCE provider, which is generally set in the file
+# "$JAVA_HOME/jre/lib/security/java.security".
+#
+# The main intent of this is to allow ESAPI symmetric encryption to be
+# used with a FIPS 140-2 compliant crypto-module. For details, see the section
+# "Using ESAPI Symmetric Encryption with FIPS 140-2 Cryptographic Modules" in
+# the ESAPI 2.0 Symmetric Encryption User Guide, at:
+# http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html
+# However, this property also allows you to easily use an alternate JCE provider
+# such as "Bouncy Castle" without having to make changes to "java.security".
+# See Javadoc for SecurityProviderLoader for further details. If you wish to use
+# a provider that is not known to SecurityProviderLoader, you may specify the
+# fully-qualified class name of the JCE provider class that implements
+# java.security.Provider. If the name contains a '.', this is interpreted as
+# a fully-qualified class name that implements java.security.Provider.
+#
+# NOTE: Setting this property has the side-effect of changing it in your application
+#       as well, so if you are using JCE in your application directly rather than
+#       through ESAPI (you wouldn't do that, would you? ;-), it will change the
+#       preferred JCE provider there as well.
+#
+# Default: Keeps the JCE provider set to whatever JVM sets it to.
+Encryptor.PreferredJCEProvider=
+
+# AES is the most widely used and strongest encryption algorithm. This
+# should agree with your Encryptor.CipherTransformation property.
+# By default, ESAPI Java 1.4 uses "PBEWithMD5AndDES" and which is
+# very weak. It is essentially a password-based encryption key, hashed
+# with MD5 around 1K times and then encrypted with the weak DES algorithm
+# (56-bits) using ECB mode and an unspecified padding (it is
+# JCE provider specific, but most likely "NoPadding"). However, 2.0 uses
+# "AES/CBC/PKCSPadding". If you want to change these, change them here.
+# Warning: This property does not control the default reference implementation for
+#		   ESAPI 2.0 using JavaEncryptor. Also, this property will be dropped
+#		   in the future.
+# @deprecated
+Encryptor.EncryptionAlgorithm=AES
+#		For ESAPI Java 2.0 - New encrypt / decrypt methods use this.
+Encryptor.CipherTransformation=AES/CBC/PKCS5Padding
+
+# Applies to ESAPI 2.0 and later only!
+# Comma-separated list of cipher modes that provide *BOTH*
+# confidentiality *AND* message authenticity. (NIST refers to such cipher
+# modes as "combined modes" so that's what we shall call them.) If any of these
+# cipher modes are used then no MAC is calculated and stored
+# in the CipherText upon encryption. Likewise, if one of these
+# cipher modes is used with decryption, no attempt will be made
+# to validate the MAC contained in the CipherText object regardless
+# of whether it contains one or not. Since the expectation is that
+# these cipher modes support support message authenticity already,
+# injecting a MAC in the CipherText object would be at best redundant.
+#
+# Note that as of JDK 1.5, the SunJCE provider does not support *any*
+# of these cipher modes. Of these listed, only GCM and CCM are currently
+# NIST approved. YMMV for other JCE providers. E.g., Bouncy Castle supports
+# GCM and CCM with "NoPadding" mode, but not with "PKCS5Padding" or other
+# padding modes.
+Encryptor.cipher_modes.combined_modes=GCM,CCM,IAPM,EAX,OCB,CWC
+
+# Applies to ESAPI 2.0 and later only!
+# Additional cipher modes allowed for ESAPI 2.0 encryption. These
+# cipher modes are in _addition_ to those specified by the property
+# 'Encryptor.cipher_modes.combined_modes'.
+# Note: We will add support for streaming modes like CFB & OFB once
+# we add support for 'specified' to the property 'Encryptor.ChooseIVMethod'
+# (probably in ESAPI 2.1).
+#
+#	IMPORTANT NOTE:	In the official ESAPI.properties we do *NOT* include ECB
+#					here as this is an extremely weak mode. However, we *must*
+#					allow it here so we can test ECB mode. That is important
+#					since the logic is somewhat different (i.e., ECB mode does
+#					not use an IV).
+# DISCUSS: Better name?
+#	NOTE: ECB added only for testing purposes. Don't try this at home!
+Encryptor.cipher_modes.additional_allowed=CBC,ECB
+
+# 128-bit is almost always sufficient and appears to be more resistant to
+# related key attacks than is 256-bit AES. Use '_' to use default key size
+# for cipher algorithms (where it makes sense because the algorithm supports
+# a variable key size). Key length must agree to what's provided as the
+# cipher transformation, otherwise this will be ignored after logging a
+# warning.
+#
+# NOTE: This is what applies BOTH ESAPI 1.4 and 2.0. See warning above about mixing!
+Encryptor.EncryptionKeyLength=128
+
+# Because 2.0 uses CBC mode by default, it requires an initialization vector (IV).
+# (All cipher modes except ECB require an IV.) There are two choices: we can either
+# use a fixed IV known to both parties or allow ESAPI to choose a random IV. While
+# the IV does not need to be hidden from adversaries, it is important that the
+# adversary not be allowed to choose it. Also, random IVs are generally much more
+# secure than fixed IVs. (In fact, it is essential that feed-back cipher modes
+# such as CFB and OFB use a different IV for each encryption with a given key so
+# in such cases, random IVs are much preferred. By default, ESAPI 2.0 uses random
+# IVs. If you wish to use 'fixed' IVs, set 'Encryptor.ChooseIVMethod=fixed' and
+# uncomment the Encryptor.fixedIV.
+#
+# Valid values:		random|fixed|specified		'specified' not yet implemented; planned for 2.1
+Encryptor.ChooseIVMethod=random
+# If you choose to use a fixed IV, then you must place a fixed IV here that
+# is known to all others who are sharing your secret key. The format should
+# be a hex string that is the same length as the cipher block size for the
+# cipher algorithm that you are using. The following is an example for AES
+# from an AES test vector for AES-128/CBC as described in:
+# NIST Special Publication 800-38A (2001 Edition)
+# "Recommendation for Block Cipher Modes of Operation".
+# (Note that the block size for AES is 16 bytes == 128 bits.)
+#
+Encryptor.fixedIV=0x000102030405060708090a0b0c0d0e0f
+
+# Whether or not CipherText should use a message authentication code (MAC) with it.
+# This prevents an adversary from altering the IV as well as allowing a more
+# fool-proof way of determining the decryption failed because of an incorrect
+# key being supplied. This refers to the "separate" MAC calculated and stored
+# in CipherText, not part of any MAC that is calculated as a result of a
+# "combined mode" cipher mode.
+#
+# If you are using ESAPI with a FIPS 140-2 cryptographic module, you *must* also
+# set this property to false.
+Encryptor.CipherText.useMAC=true
+
+# Whether or not the PlainText object may be overwritten and then marked
+# eligible for garbage collection. If not set, this is still treated as 'true'.
+Encryptor.PlainText.overwrite=true
+
+# Do not use DES except in a legacy situations. 56-bit is way too small key size.
+#Encryptor.EncryptionKeyLength=56
+#Encryptor.EncryptionAlgorithm=DES
+
+# TripleDES is considered strong enough for most purposes.
+#	Note:	There is also a 112-bit version of DESede. Using the 168-bit version
+#			requires downloading the special jurisdiction policy from Sun.
+#Encryptor.EncryptionKeyLength=168
+#Encryptor.EncryptionAlgorithm=DESede
+
+Encryptor.HashAlgorithm=SHA-512
+Encryptor.HashIterations=1024
+Encryptor.DigitalSignatureAlgorithm=SHA1withDSA
+Encryptor.DigitalSignatureKeyLength=1024
+Encryptor.RandomAlgorithm=SHA1PRNG
+Encryptor.CharacterEncoding=UTF-8
+# Currently supported choices for JDK 1.5 and 1.6 are:
+#	HmacSHA1 (160 bits), HmacSHA256 (256 bits), HmacSHA384 (384 bits), and
+#	HmacSHA512 (512 bits).
+# Note that HmacMD5 is *not* supported for the PRF used by the KDF even though
+# these JDKs support it.
+Encryptor.KDF.PRF=HmacSHA256
+
+#===========================================================================
+# ESAPI HttpUtilties
+#
+# The HttpUtilities provide basic protections to HTTP requests and responses. Primarily these methods 
+# protect against malicious data from attackers, such as unprintable characters, escaped characters,
+# and other simple attacks. The HttpUtilities also provides utility methods for dealing with cookies,
+# headers, and CSRF tokens.
+#
+# Default file upload location (remember to escape backslashes with \\)
+HttpUtilities.UploadDir=C:\\ESAPI\\testUpload
+# let this default to java.io.tmpdir for testing
+#HttpUtilities.UploadTempDir=C:\\temp
+# Force flags on cookies, if you use HttpUtilities to set cookies
+HttpUtilities.ForceHttpOnlySession=false
+HttpUtilities.ForceSecureSession=false
+HttpUtilities.ForceHttpOnlyCookies=true
+HttpUtilities.ForceSecureCookies=true
+# Maximum size of HTTP headers
+HttpUtilities.MaxHeaderSize=4096
+# File upload configuration
+HttpUtilities.ApprovedUploadExtensions=.zip,.pdf,.doc,.docx,.ppt,.pptx,.tar,.gz,.tgz,.rar,.war,.jar,.ear,.xls,.rtf,.properties,.java,.class,.txt,.xml,.jsp,.jsf,.exe,.dll
+HttpUtilities.MaxUploadFileBytes=500000000
+# Using UTF-8 throughout your stack is highly recommended. That includes your database driver,
+# container, and any other technologies you may be using. Failure to do this may expose you
+# to Unicode transcoding injection attacks. Use of UTF-8 does not hinder internationalization.
+HttpUtilities.ResponseContentType=text/html; charset=UTF-8
+# This is the name of the cookie used to represent the HTTP session
+# Typically this will be the default "JSESSIONID" 
+HttpUtilities.HttpSessionIdName=JSESSIONID
+
+
+
+#===========================================================================
+# ESAPI Executor
+# CHECKME - Not sure what this is used for, but surely it should be made OS independent.
+Executor.WorkingDirectory=C:\\Windows\\Temp
+Executor.ApprovedExecutables=C:\\Windows\\System32\\cmd.exe,C:\\Windows\\System32\\runas.exe
+
+
+#===========================================================================
+# ESAPI Logging
+# Set the application name if these logs are combined with other applications
+Logger.ApplicationName=ExampleApplication
+# If you use an HTML log viewer that does not properly HTML escape log data, you can set LogEncodingRequired to true
+Logger.LogEncodingRequired=false
+# Determines whether ESAPI should log the application name. This might be clutter in some single-server/single-app environments.
+Logger.LogApplicationName=true
+# Determines whether ESAPI should log the server IP and port. This might be clutter in some single-server environments.
+Logger.LogServerIP=true
+# LogFileName, the name of the logging file. Provide a full directory path (e.g., C:\\ESAPI\\ESAPI_logging_file) if you
+# want to place it in a specific directory.
+Logger.LogFileName=ESAPI_logging_file
+# MaxLogFileSize, the max size (in bytes) of a single log file before it cuts over to a new one (default is 10,000,000)
+Logger.MaxLogFileSize=10000000
+
+
+#===========================================================================
+# ESAPI Intrusion Detection
+#
+# Each event has a base to which .count, .interval, and .action are added
+# The IntrusionException will fire if we receive "count" events within "interval" seconds
+# The IntrusionDetector is configurable to take the following actions: log, logout, and disable
+#  (multiple actions separated by commas are allowed e.g. event.test.actions=log,disable
+#
+# Custom Events
+# Names must start with "event." as the base
+# Use IntrusionDetector.addEvent( "test" ) in your code to trigger "event.test" here
+# You can also disable intrusion detection completely by changing
+# the following parameter to true
+#
+IntrusionDetector.Disable=false
+#
+IntrusionDetector.event.test.count=2
+IntrusionDetector.event.test.interval=10
+IntrusionDetector.event.test.actions=disable,log
+
+# Exception Events
+# All EnterpriseSecurityExceptions are registered automatically
+# Call IntrusionDetector.getInstance().addException(e) for Exceptions that do not extend EnterpriseSecurityException
+# Use the fully qualified classname of the exception as the base
+
+# any intrusion is an attack
+IntrusionDetector.org.owasp.esapi.errors.IntrusionException.count=1
+IntrusionDetector.org.owasp.esapi.errors.IntrusionException.interval=1
+IntrusionDetector.org.owasp.esapi.errors.IntrusionException.actions=log,disable,logout
+
+# for test purposes
+# CHECKME: Shouldn't there be something in the property name itself that designates
+#		   that these are for testing???
+IntrusionDetector.org.owasp.esapi.errors.IntegrityException.count=10
+IntrusionDetector.org.owasp.esapi.errors.IntegrityException.interval=5
+IntrusionDetector.org.owasp.esapi.errors.IntegrityException.actions=log,disable,logout
+
+# rapid validation errors indicate scans or attacks in progress
+# org.owasp.esapi.errors.ValidationException.count=10
+# org.owasp.esapi.errors.ValidationException.interval=10
+# org.owasp.esapi.errors.ValidationException.actions=log,logout
+
+# sessions jumping between hosts indicates session hijacking
+IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.count=2
+IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.interval=10
+IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.actions=log,logout
+
+
+#===========================================================================
+# ESAPI Validation
+#
+# The ESAPI Validator works on regular expressions with defined names. You can define names
+# either here, or you may define application specific patterns in a separate file defined below.
+# This allows enterprises to specify both organizational standards as well as application specific
+# validation rules.
+#
+#Validator.ConfigurationFile.MultiValued=false
+Validator.ConfigurationFile=validation-test,comma.properties
+
+# Validators used by ESAPI
+Validator.AccountName=^[a-zA-Z0-9]{3,20}$
+Validator.SystemCommand=^[a-zA-Z\\-\\/]{1,64}$
+Validator.RoleName=^[a-z]{1,20}$
+Validator.Redirect=^\\/test.*$
+
+# Global HTTP Validation Rules
+# Values with Base64 encoded data (e.g. encrypted state) will need at least [a-zA-Z0-9\/+=]
+Validator.HTTPScheme=^(http|https)$
+Validator.HTTPServerName=^[a-zA-Z0-9_.\\-]*$
+Validator.HTTPCookieName=^[a-zA-Z0-9\\-_]{1,32}$
+Validator.HTTPCookieValue=^[a-zA-Z0-9\\-\\/+=_ ]*$
+Validator.HTTPHeaderName=^[a-zA-Z0-9\\-_]{1,32}$
+Validator.HTTPHeaderValue=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$
+Validator.HTTPServletPath=^[a-zA-Z0-9.\\-\\/_]*$
+Validator.HTTPPath=^[a-zA-Z0-9.\\-_]*$
+Validator.HTTPURL=^.*$
+Validator.HTTPJSESSIONID=^[A-Z0-9]{10,30}$
+
+# Contributed by Fraenku@gmx.ch
+# Googlecode Issue 116 (http://code.google.com/p/owasp-esapi-java/issues/detail?id=116)
+Validator.HTTPParameterName=^[a-zA-Z0-9_\\-]{1,32}$
+Validator.HTTPParameterValue=^[\\p{L}\\p{N}.\\-/+=_ !$*?@]{0,1000}$
+Validator.HTTPContextPath=^/[a-zA-Z0-9.\\-_]*$
+Validator.HTTPQueryString=^([a-zA-Z0-9_\\-]{1,32}=[\\p{L}\\p{N}.\\-/+=_ !$*?@%]*&?)*$
+Validator.HTTPURI=^/([a-zA-Z0-9.\\-_]*/?)*$
+
+
+# Validation of file related input
+Validator.FileName=^[a-zA-Z0-9!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
+Validator.DirectoryName=^[a-zA-Z0-9:/\\\\!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
+
+# Validation of dates. Controls whether or not 'lenient' dates are accepted.
+# See DataFormat.setLenient(boolean flag) for further details.
+Validator.AcceptLenientDates=false
\ No newline at end of file
diff --git a/src/test/resources/esapi/ESAPI-DualValidatorFileChecker.properties b/src/test/resources/esapi/ESAPI-DualValidatorFileChecker.properties
new file mode 100644
index 000000000..afa1d75f0
--- /dev/null
+++ b/src/test/resources/esapi/ESAPI-DualValidatorFileChecker.properties
@@ -0,0 +1,466 @@
+#
+# OWASP Enterprise Security API (ESAPI) Properties file -- TEST Version
+# 
+# This file is part of the Open Web Application Security Project (OWASP)
+# Enterprise Security API (ESAPI) project. For details, please see
+# http://www.owasp.org/index.php/ESAPI.
+#
+# Copyright (c) 2008,2009 - The OWASP Foundation
+#
+# DISCUSS: This may cause a major backwards compatibility issue, etc. but
+#		   from a name space perspective, we probably should have prefaced
+#		   all the property names with ESAPI or at least OWASP. Otherwise
+#		   there could be problems is someone loads this properties file into
+#		   the System properties.  We could also put this file into the
+#		   esapi.jar file (perhaps as a ResourceBundle) and then allow an external
+#		   ESAPI properties be defined that would overwrite these defaults.
+#		   That keeps the application's properties relatively simple as usually
+#		   they will only want to override a few properties. If looks like we
+#		   already support multiple override levels of this in the
+#		   DefaultSecurityConfiguration class, but I'm suggesting placing the
+#		   defaults in the esapi.jar itself. That way, if the jar is signed,
+#		   we could detect if those properties had been tampered with. (The
+#		   code to check the jar signatures is pretty simple... maybe 70-90 LOC,
+#		   but off course there is an execution penalty (similar to the way
+#		   that the separate sunjce.jar used to be when a class from it was
+#		   first loaded). Thoughts?
+###############################################################################
+#
+# WARNING: Operating system protection should be used to lock down the .esapi
+# resources directory and all the files inside and all the directories all the
+# way up to the root directory of the file system.  Note that if you are using
+# file-based implementations, that some files may need to be read-write as they
+# get updated dynamically.
+#
+# Before using, be sure to update the MasterKey and MasterSalt as described below.
+# N.B.: If you had stored data that you have previously encrypted with ESAPI 1.4,
+#		you *must* FIRST decrypt it using ESAPI 1.4 and then (if so desired)
+#		re-encrypt it with ESAPI 2.0. If you fail to do this, you will NOT be
+#		able to decrypt your data with ESAPI 2.0.
+#
+#		YOU HAVE BEEN WARNED!!! More details are in the ESAPI 2.0 Release Notes.
+#
+#===========================================================================
+# ESAPI Configuration
+#
+# If true, then print all the ESAPI properties set here when they are loaded.
+# If false, they are not printed. Useful to reduce output when running JUnit tests.
+# If you need to troubleshoot a properties related problem, turning this on may help,
+# but we leave it off for running JUnit tests. (It will be 'true' in the one delivered
+# as part of production ESAPI, mostly for backward compatibility.)
+ESAPI.printProperties=false
+
+# ESAPI is designed to be easily extensible. You can use the reference implementation
+# or implement your own providers to take advantage of your enterprise's security
+# infrastructure. The functions in ESAPI are referenced using the ESAPI locator, like:
+#
+#    String ciphertext =
+#		ESAPI.encryptor().encrypt("Secret message");   // Deprecated in 2.0
+#    CipherText cipherText =
+#		ESAPI.encryptor().encrypt(new PlainText("Secret message")); // Preferred
+#
+# Below you can specify the classname for the provider that you wish to use in your
+# application. The only requirement is that it implement the appropriate ESAPI interface.
+# This allows you to switch security implementations in the future without rewriting the
+# entire application.
+#
+# ExperimentalAccessController requires ESAPI-AccessControlPolicy.xml in .esapi directory
+ESAPI.AccessControl=org.owasp.esapi.reference.DefaultAccessController
+# FileBasedAuthenticator requires users.txt file in .esapi directory
+ESAPI.Authenticator=org.owasp.esapi.reference.FileBasedAuthenticator
+ESAPI.Encoder=org.owasp.esapi.reference.DefaultEncoder
+ESAPI.Encryptor=org.owasp.esapi.reference.crypto.JavaEncryptor
+
+ESAPI.Executor=org.owasp.esapi.reference.DefaultExecutor
+ESAPI.HTTPUtilities=org.owasp.esapi.reference.DefaultHTTPUtilities
+ESAPI.IntrusionDetector=org.owasp.esapi.reference.DefaultIntrusionDetector
+# Log4JFactory Requires log4j.xml or log4j.properties in classpath - http://www.laliluna.de/log4j-tutorial.html
+ESAPI.Logger=org.owasp.esapi.reference.Log4JLogFactory
+#ESAPI.Logger=org.owasp.esapi.reference.JavaLogFactory
+#ESAPI.Logger=org.owasp.esapi.reference.ExampleExtendedLog4JLogFactory
+ESAPI.Randomizer=org.owasp.esapi.reference.DefaultRandomizer
+ESAPI.Validator=org.owasp.esapi.reference.DefaultValidator
+
+#===========================================================================
+# ESAPI Authenticator
+#
+Authenticator.AllowedLoginAttempts=3
+Authenticator.MaxOldPasswordHashes=13
+Authenticator.UsernameParameterName=username
+Authenticator.PasswordParameterName=password
+# RememberTokenDuration (in days)
+Authenticator.RememberTokenDuration=14
+# Session Timeouts (in minutes)
+Authenticator.IdleTimeoutDuration=20
+Authenticator.AbsoluteTimeoutDuration=120
+
+#===========================================================================
+# ESAPI Encoder
+#
+# ESAPI canonicalizes input before validation to prevent bypassing filters with encoded attacks.
+# Failure to canonicalize input is a very common mistake when implementing validation schemes.
+# Canonicalization is automatic when using the ESAPI Validator, but you can also use the
+# following code to canonicalize data.
+#
+#      ESAPI.Encoder().canonicalize( "%22hello world&#x22;" );
+#  
+# Multiple encoding is when a single encoding format is applied multiple times. Allowing
+# multiple encoding is strongly discouraged.
+Encoder.AllowMultipleEncoding=false
+
+# Mixed encoding is when multiple different encoding formats are applied, or when
+# multiple formats are nested. Allowing multiple encoding is strongly discouraged.
+Encoder.AllowMixedEncoding=false
+
+# The default list of codecs to apply when canonicalizing untrusted data. The list should include the codecs
+# for all downstream interpreters or decoders. For example, if the data is likely to end up in a URL, HTML, or
+# inside JavaScript, then the list of codecs below is appropriate. The order of the list is not terribly important.
+Encoder.DefaultCodecList=HTMLEntityCodec,PercentCodec,JavaScriptCodec
+
+
+#===========================================================================
+# ESAPI Encryption
+#
+# The ESAPI Encryptor provides basic cryptographic functions with a simplified API.
+# To get started, generate a new key using java -classpath esapi.jar org.owasp.esapi.reference.crypto.JavaEncryptor
+# There is not currently any support for key rotation, so be careful when changing your key and salt as it
+# will invalidate all signed, encrypted, and hashed data.
+#
+# WARNING: Not all combinations of algorithms and key lengths are supported.
+# If you choose to use a key length greater than 128, you MUST download the
+# unlimited strength policy files and install in the lib directory of your JRE/JDK.
+# See http://java.sun.com/javase/downloads/index.jsp for more information.
+#
+# Backward compatibility with ESAPI Java 1.4 is supported by the two deprecated API
+# methods, Encryptor.encrypt(String) and Encryptor.decrypt(String). However, whenever
+# possible, these methods should be avoided as they use ECB cipher mode, which in almost
+# all circumstances a poor choice because of it's weakness. CBC cipher mode is the default
+# for the new Encryptor encrypt / decrypt methods for ESAPI Java 2.0.  In general, you
+# should only use this compatibility setting if you have persistent data encrypted with
+# version 1.4 and even then, you should ONLY set this compatibility mode UNTIL
+# you have decrypted all of your old encrypted data and then re-encrypted it with
+# ESAPI 2.0 using CBC mode. If you have some reason to mix the deprecated 1.4 mode
+# with the new 2.0 methods, make sure that you use the same cipher algorithm for both
+# (256-bit AES was the default for 1.4; 128-bit is the default for 2.0; see below for
+# more details.) Otherwise, you will have to use the new 2.0 encrypt / decrypt methods
+# where you can specify a SecretKey. (Note that if you are using the 256-bit AES,
+# that requires downloading the special jurisdiction policy files mentioned above.)
+#
+#		***** IMPORTANT: These are for JUnit testing. Test files may have been
+#						 encrypted using these values so do not change these or
+#						 those tests will fail. The version under
+#							src/main/resources/.esapi/ESAPI.properties
+#						 will be delivered with Encryptor.MasterKey and
+#						 Encryptor.MasterSalt set to the empty string.
+#
+#						 FINAL NOTE:
+#                           If Maven changes these when run, that needs to be fixed.
+#       256-bit key... requires unlimited strength jurisdiction policy files
+### Encryptor.MasterKey=pJhlri8JbuFYDgkqtHmm9s0Ziug2PE7ovZDyEPm4j14=
+#       128-bit key
+Encryptor.MasterKey=a6H9is3hEVGKB4Jut+lOVA==
+Encryptor.MasterSalt=SbftnvmEWD5ZHHP+pX3fqugNysc=
+# Encryptor.MasterSalt=
+
+# Provides the default JCE provider that ESAPI will "prefer" for its symmetric
+# encryption and hashing. (That is it will look to this provider first, but it
+# will defer to other providers if the requested algorithm is not implemented
+# by this provider.) If left unset, ESAPI will just use your Java VM's current
+# preferred JCE provider, which is generally set in the file
+# "$JAVA_HOME/jre/lib/security/java.security".
+#
+# The main intent of this is to allow ESAPI symmetric encryption to be
+# used with a FIPS 140-2 compliant crypto-module. For details, see the section
+# "Using ESAPI Symmetric Encryption with FIPS 140-2 Cryptographic Modules" in
+# the ESAPI 2.0 Symmetric Encryption User Guide, at:
+# http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html
+# However, this property also allows you to easily use an alternate JCE provider
+# such as "Bouncy Castle" without having to make changes to "java.security".
+# See Javadoc for SecurityProviderLoader for further details. If you wish to use
+# a provider that is not known to SecurityProviderLoader, you may specify the
+# fully-qualified class name of the JCE provider class that implements
+# java.security.Provider. If the name contains a '.', this is interpreted as
+# a fully-qualified class name that implements java.security.Provider.
+#
+# NOTE: Setting this property has the side-effect of changing it in your application
+#       as well, so if you are using JCE in your application directly rather than
+#       through ESAPI (you wouldn't do that, would you? ;-), it will change the
+#       preferred JCE provider there as well.
+#
+# Default: Keeps the JCE provider set to whatever JVM sets it to.
+Encryptor.PreferredJCEProvider=
+
+# AES is the most widely used and strongest encryption algorithm. This
+# should agree with your Encryptor.CipherTransformation property.
+# By default, ESAPI Java 1.4 uses "PBEWithMD5AndDES" and which is
+# very weak. It is essentially a password-based encryption key, hashed
+# with MD5 around 1K times and then encrypted with the weak DES algorithm
+# (56-bits) using ECB mode and an unspecified padding (it is
+# JCE provider specific, but most likely "NoPadding"). However, 2.0 uses
+# "AES/CBC/PKCSPadding". If you want to change these, change them here.
+# Warning: This property does not control the default reference implementation for
+#		   ESAPI 2.0 using JavaEncryptor. Also, this property will be dropped
+#		   in the future.
+# @deprecated
+Encryptor.EncryptionAlgorithm=AES
+#		For ESAPI Java 2.0 - New encrypt / decrypt methods use this.
+Encryptor.CipherTransformation=AES/CBC/PKCS5Padding
+
+# Applies to ESAPI 2.0 and later only!
+# Comma-separated list of cipher modes that provide *BOTH*
+# confidentiality *AND* message authenticity. (NIST refers to such cipher
+# modes as "combined modes" so that's what we shall call them.) If any of these
+# cipher modes are used then no MAC is calculated and stored
+# in the CipherText upon encryption. Likewise, if one of these
+# cipher modes is used with decryption, no attempt will be made
+# to validate the MAC contained in the CipherText object regardless
+# of whether it contains one or not. Since the expectation is that
+# these cipher modes support support message authenticity already,
+# injecting a MAC in the CipherText object would be at best redundant.
+#
+# Note that as of JDK 1.5, the SunJCE provider does not support *any*
+# of these cipher modes. Of these listed, only GCM and CCM are currently
+# NIST approved. YMMV for other JCE providers. E.g., Bouncy Castle supports
+# GCM and CCM with "NoPadding" mode, but not with "PKCS5Padding" or other
+# padding modes.
+Encryptor.cipher_modes.combined_modes=GCM,CCM,IAPM,EAX,OCB,CWC
+
+# Applies to ESAPI 2.0 and later only!
+# Additional cipher modes allowed for ESAPI 2.0 encryption. These
+# cipher modes are in _addition_ to those specified by the property
+# 'Encryptor.cipher_modes.combined_modes'.
+# Note: We will add support for streaming modes like CFB & OFB once
+# we add support for 'specified' to the property 'Encryptor.ChooseIVMethod'
+# (probably in ESAPI 2.1).
+#
+#	IMPORTANT NOTE:	In the official ESAPI.properties we do *NOT* include ECB
+#					here as this is an extremely weak mode. However, we *must*
+#					allow it here so we can test ECB mode. That is important
+#					since the logic is somewhat different (i.e., ECB mode does
+#					not use an IV).
+# DISCUSS: Better name?
+#	NOTE: ECB added only for testing purposes. Don't try this at home!
+Encryptor.cipher_modes.additional_allowed=CBC,ECB
+
+# 128-bit is almost always sufficient and appears to be more resistant to
+# related key attacks than is 256-bit AES. Use '_' to use default key size
+# for cipher algorithms (where it makes sense because the algorithm supports
+# a variable key size). Key length must agree to what's provided as the
+# cipher transformation, otherwise this will be ignored after logging a
+# warning.
+#
+# NOTE: This is what applies BOTH ESAPI 1.4 and 2.0. See warning above about mixing!
+Encryptor.EncryptionKeyLength=128
+
+# Because 2.0 uses CBC mode by default, it requires an initialization vector (IV).
+# (All cipher modes except ECB require an IV.) There are two choices: we can either
+# use a fixed IV known to both parties or allow ESAPI to choose a random IV. While
+# the IV does not need to be hidden from adversaries, it is important that the
+# adversary not be allowed to choose it. Also, random IVs are generally much more
+# secure than fixed IVs. (In fact, it is essential that feed-back cipher modes
+# such as CFB and OFB use a different IV for each encryption with a given key so
+# in such cases, random IVs are much preferred. By default, ESAPI 2.0 uses random
+# IVs. If you wish to use 'fixed' IVs, set 'Encryptor.ChooseIVMethod=fixed' and
+# uncomment the Encryptor.fixedIV.
+#
+# Valid values:		random|fixed|specified		'specified' not yet implemented; planned for 2.1
+Encryptor.ChooseIVMethod=random
+# If you choose to use a fixed IV, then you must place a fixed IV here that
+# is known to all others who are sharing your secret key. The format should
+# be a hex string that is the same length as the cipher block size for the
+# cipher algorithm that you are using. The following is an example for AES
+# from an AES test vector for AES-128/CBC as described in:
+# NIST Special Publication 800-38A (2001 Edition)
+# "Recommendation for Block Cipher Modes of Operation".
+# (Note that the block size for AES is 16 bytes == 128 bits.)
+#
+Encryptor.fixedIV=0x000102030405060708090a0b0c0d0e0f
+
+# Whether or not CipherText should use a message authentication code (MAC) with it.
+# This prevents an adversary from altering the IV as well as allowing a more
+# fool-proof way of determining the decryption failed because of an incorrect
+# key being supplied. This refers to the "separate" MAC calculated and stored
+# in CipherText, not part of any MAC that is calculated as a result of a
+# "combined mode" cipher mode.
+#
+# If you are using ESAPI with a FIPS 140-2 cryptographic module, you *must* also
+# set this property to false.
+Encryptor.CipherText.useMAC=true
+
+# Whether or not the PlainText object may be overwritten and then marked
+# eligible for garbage collection. If not set, this is still treated as 'true'.
+Encryptor.PlainText.overwrite=true
+
+# Do not use DES except in a legacy situations. 56-bit is way too small key size.
+#Encryptor.EncryptionKeyLength=56
+#Encryptor.EncryptionAlgorithm=DES
+
+# TripleDES is considered strong enough for most purposes.
+#	Note:	There is also a 112-bit version of DESede. Using the 168-bit version
+#			requires downloading the special jurisdiction policy from Sun.
+#Encryptor.EncryptionKeyLength=168
+#Encryptor.EncryptionAlgorithm=DESede
+
+Encryptor.HashAlgorithm=SHA-512
+Encryptor.HashIterations=1024
+Encryptor.DigitalSignatureAlgorithm=SHA1withDSA
+Encryptor.DigitalSignatureKeyLength=1024
+Encryptor.RandomAlgorithm=SHA1PRNG
+Encryptor.CharacterEncoding=UTF-8
+# Currently supported choices for JDK 1.5 and 1.6 are:
+#	HmacSHA1 (160 bits), HmacSHA256 (256 bits), HmacSHA384 (384 bits), and
+#	HmacSHA512 (512 bits).
+# Note that HmacMD5 is *not* supported for the PRF used by the KDF even though
+# these JDKs support it.
+Encryptor.KDF.PRF=HmacSHA256
+
+#===========================================================================
+# ESAPI HttpUtilties
+#
+# The HttpUtilities provide basic protections to HTTP requests and responses. Primarily these methods 
+# protect against malicious data from attackers, such as unprintable characters, escaped characters,
+# and other simple attacks. The HttpUtilities also provides utility methods for dealing with cookies,
+# headers, and CSRF tokens.
+#
+# Default file upload location (remember to escape backslashes with \\)
+HttpUtilities.UploadDir=C:\\ESAPI\\testUpload
+# let this default to java.io.tmpdir for testing
+#HttpUtilities.UploadTempDir=C:\\temp
+# Force flags on cookies, if you use HttpUtilities to set cookies
+HttpUtilities.ForceHttpOnlySession=false
+HttpUtilities.ForceSecureSession=false
+HttpUtilities.ForceHttpOnlyCookies=true
+HttpUtilities.ForceSecureCookies=true
+# Maximum size of HTTP headers
+HttpUtilities.MaxHeaderSize=4096
+# File upload configuration
+HttpUtilities.ApprovedUploadExtensions=.zip,.pdf,.doc,.docx,.ppt,.pptx,.tar,.gz,.tgz,.rar,.war,.jar,.ear,.xls,.rtf,.properties,.java,.class,.txt,.xml,.jsp,.jsf,.exe,.dll
+HttpUtilities.MaxUploadFileBytes=500000000
+# Using UTF-8 throughout your stack is highly recommended. That includes your database driver,
+# container, and any other technologies you may be using. Failure to do this may expose you
+# to Unicode transcoding injection attacks. Use of UTF-8 does not hinder internationalization.
+HttpUtilities.ResponseContentType=text/html; charset=UTF-8
+# This is the name of the cookie used to represent the HTTP session
+# Typically this will be the default "JSESSIONID" 
+HttpUtilities.HttpSessionIdName=JSESSIONID
+
+
+
+#===========================================================================
+# ESAPI Executor
+# CHECKME - Not sure what this is used for, but surely it should be made OS independent.
+Executor.WorkingDirectory=C:\\Windows\\Temp
+Executor.ApprovedExecutables=C:\\Windows\\System32\\cmd.exe,C:\\Windows\\System32\\runas.exe
+
+
+#===========================================================================
+# ESAPI Logging
+# Set the application name if these logs are combined with other applications
+Logger.ApplicationName=ExampleApplication
+# If you use an HTML log viewer that does not properly HTML escape log data, you can set LogEncodingRequired to true
+Logger.LogEncodingRequired=false
+# Determines whether ESAPI should log the application name. This might be clutter in some single-server/single-app environments.
+Logger.LogApplicationName=true
+# Determines whether ESAPI should log the server IP and port. This might be clutter in some single-server environments.
+Logger.LogServerIP=true
+# LogFileName, the name of the logging file. Provide a full directory path (e.g., C:\\ESAPI\\ESAPI_logging_file) if you
+# want to place it in a specific directory.
+Logger.LogFileName=ESAPI_logging_file
+# MaxLogFileSize, the max size (in bytes) of a single log file before it cuts over to a new one (default is 10,000,000)
+Logger.MaxLogFileSize=10000000
+
+
+#===========================================================================
+# ESAPI Intrusion Detection
+#
+# Each event has a base to which .count, .interval, and .action are added
+# The IntrusionException will fire if we receive "count" events within "interval" seconds
+# The IntrusionDetector is configurable to take the following actions: log, logout, and disable
+#  (multiple actions separated by commas are allowed e.g. event.test.actions=log,disable
+#
+# Custom Events
+# Names must start with "event." as the base
+# Use IntrusionDetector.addEvent( "test" ) in your code to trigger "event.test" here
+# You can also disable intrusion detection completely by changing
+# the following parameter to true
+#
+IntrusionDetector.Disable=false
+#
+IntrusionDetector.event.test.count=2
+IntrusionDetector.event.test.interval=10
+IntrusionDetector.event.test.actions=disable,log
+
+# Exception Events
+# All EnterpriseSecurityExceptions are registered automatically
+# Call IntrusionDetector.getInstance().addException(e) for Exceptions that do not extend EnterpriseSecurityException
+# Use the fully qualified classname of the exception as the base
+
+# any intrusion is an attack
+IntrusionDetector.org.owasp.esapi.errors.IntrusionException.count=1
+IntrusionDetector.org.owasp.esapi.errors.IntrusionException.interval=1
+IntrusionDetector.org.owasp.esapi.errors.IntrusionException.actions=log,disable,logout
+
+# for test purposes
+# CHECKME: Shouldn't there be something in the property name itself that designates
+#		   that these are for testing???
+IntrusionDetector.org.owasp.esapi.errors.IntegrityException.count=10
+IntrusionDetector.org.owasp.esapi.errors.IntegrityException.interval=5
+IntrusionDetector.org.owasp.esapi.errors.IntegrityException.actions=log,disable,logout
+
+# rapid validation errors indicate scans or attacks in progress
+# org.owasp.esapi.errors.ValidationException.count=10
+# org.owasp.esapi.errors.ValidationException.interval=10
+# org.owasp.esapi.errors.ValidationException.actions=log,logout
+
+# sessions jumping between hosts indicates session hijacking
+IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.count=2
+IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.interval=10
+IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.actions=log,logout
+
+
+#===========================================================================
+# ESAPI Validation
+#
+# The ESAPI Validator works on regular expressions with defined names. You can define names
+# either here, or you may define application specific patterns in a separate file defined below.
+# This allows enterprises to specify both organizational standards as well as application specific
+# validation rules.
+#
+Validator.ConfigurationFile.MultiValued=true
+Validator.ConfigurationFile=validation-test1.properties,validation-test2.properties
+
+# Validators used by ESAPI
+Validator.AccountName=^[a-zA-Z0-9]{3,20}$
+Validator.SystemCommand=^[a-zA-Z\\-\\/]{1,64}$
+Validator.RoleName=^[a-z]{1,20}$
+Validator.Redirect=^\\/test.*$
+
+# Global HTTP Validation Rules
+# Values with Base64 encoded data (e.g. encrypted state) will need at least [a-zA-Z0-9\/+=]
+Validator.HTTPScheme=^(http|https)$
+Validator.HTTPServerName=^[a-zA-Z0-9_.\\-]*$
+Validator.HTTPCookieName=^[a-zA-Z0-9\\-_]{1,32}$
+Validator.HTTPCookieValue=^[a-zA-Z0-9\\-\\/+=_ ]*$
+Validator.HTTPHeaderName=^[a-zA-Z0-9\\-_]{1,32}$
+Validator.HTTPHeaderValue=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$
+Validator.HTTPServletPath=^[a-zA-Z0-9.\\-\\/_]*$
+Validator.HTTPPath=^[a-zA-Z0-9.\\-_]*$
+Validator.HTTPURL=^.*$
+Validator.HTTPJSESSIONID=^[A-Z0-9]{10,30}$
+
+# Contributed by Fraenku@gmx.ch
+# Googlecode Issue 116 (http://code.google.com/p/owasp-esapi-java/issues/detail?id=116)
+Validator.HTTPParameterName=^[a-zA-Z0-9_\\-]{1,32}$
+Validator.HTTPParameterValue=^[\\p{L}\\p{N}.\\-/+=_ !$*?@]{0,1000}$
+Validator.HTTPContextPath=^/[a-zA-Z0-9.\\-_]*$
+Validator.HTTPQueryString=^([a-zA-Z0-9_\\-]{1,32}=[\\p{L}\\p{N}.\\-/+=_ !$*?@%]*&?)*$
+Validator.HTTPURI=^/([a-zA-Z0-9.\\-_]*/?)*$
+
+
+# Validation of file related input
+Validator.FileName=^[a-zA-Z0-9!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
+Validator.DirectoryName=^[a-zA-Z0-9:/\\\\!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
+
+# Validation of dates. Controls whether or not 'lenient' dates are accepted.
+# See DataFormat.setLenient(boolean flag) for further details.
+Validator.AcceptLenientDates=false
\ No newline at end of file
diff --git a/src/test/resources/esapi/ESAPI-QuotedValidatorFileChecker.properties b/src/test/resources/esapi/ESAPI-QuotedValidatorFileChecker.properties
new file mode 100644
index 000000000..2dc8c5d15
--- /dev/null
+++ b/src/test/resources/esapi/ESAPI-QuotedValidatorFileChecker.properties
@@ -0,0 +1,466 @@
+#
+# OWASP Enterprise Security API (ESAPI) Properties file -- TEST Version
+# 
+# This file is part of the Open Web Application Security Project (OWASP)
+# Enterprise Security API (ESAPI) project. For details, please see
+# http://www.owasp.org/index.php/ESAPI.
+#
+# Copyright (c) 2008,2009 - The OWASP Foundation
+#
+# DISCUSS: This may cause a major backwards compatibility issue, etc. but
+#		   from a name space perspective, we probably should have prefaced
+#		   all the property names with ESAPI or at least OWASP. Otherwise
+#		   there could be problems is someone loads this properties file into
+#		   the System properties.  We could also put this file into the
+#		   esapi.jar file (perhaps as a ResourceBundle) and then allow an external
+#		   ESAPI properties be defined that would overwrite these defaults.
+#		   That keeps the application's properties relatively simple as usually
+#		   they will only want to override a few properties. If looks like we
+#		   already support multiple override levels of this in the
+#		   DefaultSecurityConfiguration class, but I'm suggesting placing the
+#		   defaults in the esapi.jar itself. That way, if the jar is signed,
+#		   we could detect if those properties had been tampered with. (The
+#		   code to check the jar signatures is pretty simple... maybe 70-90 LOC,
+#		   but off course there is an execution penalty (similar to the way
+#		   that the separate sunjce.jar used to be when a class from it was
+#		   first loaded). Thoughts?
+###############################################################################
+#
+# WARNING: Operating system protection should be used to lock down the .esapi
+# resources directory and all the files inside and all the directories all the
+# way up to the root directory of the file system.  Note that if you are using
+# file-based implementations, that some files may need to be read-write as they
+# get updated dynamically.
+#
+# Before using, be sure to update the MasterKey and MasterSalt as described below.
+# N.B.: If you had stored data that you have previously encrypted with ESAPI 1.4,
+#		you *must* FIRST decrypt it using ESAPI 1.4 and then (if so desired)
+#		re-encrypt it with ESAPI 2.0. If you fail to do this, you will NOT be
+#		able to decrypt your data with ESAPI 2.0.
+#
+#		YOU HAVE BEEN WARNED!!! More details are in the ESAPI 2.0 Release Notes.
+#
+#===========================================================================
+# ESAPI Configuration
+#
+# If true, then print all the ESAPI properties set here when they are loaded.
+# If false, they are not printed. Useful to reduce output when running JUnit tests.
+# If you need to troubleshoot a properties related problem, turning this on may help,
+# but we leave it off for running JUnit tests. (It will be 'true' in the one delivered
+# as part of production ESAPI, mostly for backward compatibility.)
+ESAPI.printProperties=false
+
+# ESAPI is designed to be easily extensible. You can use the reference implementation
+# or implement your own providers to take advantage of your enterprise's security
+# infrastructure. The functions in ESAPI are referenced using the ESAPI locator, like:
+#
+#    String ciphertext =
+#		ESAPI.encryptor().encrypt("Secret message");   // Deprecated in 2.0
+#    CipherText cipherText =
+#		ESAPI.encryptor().encrypt(new PlainText("Secret message")); // Preferred
+#
+# Below you can specify the classname for the provider that you wish to use in your
+# application. The only requirement is that it implement the appropriate ESAPI interface.
+# This allows you to switch security implementations in the future without rewriting the
+# entire application.
+#
+# ExperimentalAccessController requires ESAPI-AccessControlPolicy.xml in .esapi directory
+ESAPI.AccessControl=org.owasp.esapi.reference.DefaultAccessController
+# FileBasedAuthenticator requires users.txt file in .esapi directory
+ESAPI.Authenticator=org.owasp.esapi.reference.FileBasedAuthenticator
+ESAPI.Encoder=org.owasp.esapi.reference.DefaultEncoder
+ESAPI.Encryptor=org.owasp.esapi.reference.crypto.JavaEncryptor
+
+ESAPI.Executor=org.owasp.esapi.reference.DefaultExecutor
+ESAPI.HTTPUtilities=org.owasp.esapi.reference.DefaultHTTPUtilities
+ESAPI.IntrusionDetector=org.owasp.esapi.reference.DefaultIntrusionDetector
+# Log4JFactory Requires log4j.xml or log4j.properties in classpath - http://www.laliluna.de/log4j-tutorial.html
+ESAPI.Logger=org.owasp.esapi.reference.Log4JLogFactory
+#ESAPI.Logger=org.owasp.esapi.reference.JavaLogFactory
+#ESAPI.Logger=org.owasp.esapi.reference.ExampleExtendedLog4JLogFactory
+ESAPI.Randomizer=org.owasp.esapi.reference.DefaultRandomizer
+ESAPI.Validator=org.owasp.esapi.reference.DefaultValidator
+
+#===========================================================================
+# ESAPI Authenticator
+#
+Authenticator.AllowedLoginAttempts=3
+Authenticator.MaxOldPasswordHashes=13
+Authenticator.UsernameParameterName=username
+Authenticator.PasswordParameterName=password
+# RememberTokenDuration (in days)
+Authenticator.RememberTokenDuration=14
+# Session Timeouts (in minutes)
+Authenticator.IdleTimeoutDuration=20
+Authenticator.AbsoluteTimeoutDuration=120
+
+#===========================================================================
+# ESAPI Encoder
+#
+# ESAPI canonicalizes input before validation to prevent bypassing filters with encoded attacks.
+# Failure to canonicalize input is a very common mistake when implementing validation schemes.
+# Canonicalization is automatic when using the ESAPI Validator, but you can also use the
+# following code to canonicalize data.
+#
+#      ESAPI.Encoder().canonicalize( "%22hello world&#x22;" );
+#  
+# Multiple encoding is when a single encoding format is applied multiple times. Allowing
+# multiple encoding is strongly discouraged.
+Encoder.AllowMultipleEncoding=false
+
+# Mixed encoding is when multiple different encoding formats are applied, or when
+# multiple formats are nested. Allowing multiple encoding is strongly discouraged.
+Encoder.AllowMixedEncoding=false
+
+# The default list of codecs to apply when canonicalizing untrusted data. The list should include the codecs
+# for all downstream interpreters or decoders. For example, if the data is likely to end up in a URL, HTML, or
+# inside JavaScript, then the list of codecs below is appropriate. The order of the list is not terribly important.
+Encoder.DefaultCodecList=HTMLEntityCodec,PercentCodec,JavaScriptCodec
+
+
+#===========================================================================
+# ESAPI Encryption
+#
+# The ESAPI Encryptor provides basic cryptographic functions with a simplified API.
+# To get started, generate a new key using java -classpath esapi.jar org.owasp.esapi.reference.crypto.JavaEncryptor
+# There is not currently any support for key rotation, so be careful when changing your key and salt as it
+# will invalidate all signed, encrypted, and hashed data.
+#
+# WARNING: Not all combinations of algorithms and key lengths are supported.
+# If you choose to use a key length greater than 128, you MUST download the
+# unlimited strength policy files and install in the lib directory of your JRE/JDK.
+# See http://java.sun.com/javase/downloads/index.jsp for more information.
+#
+# Backward compatibility with ESAPI Java 1.4 is supported by the two deprecated API
+# methods, Encryptor.encrypt(String) and Encryptor.decrypt(String). However, whenever
+# possible, these methods should be avoided as they use ECB cipher mode, which in almost
+# all circumstances a poor choice because of it's weakness. CBC cipher mode is the default
+# for the new Encryptor encrypt / decrypt methods for ESAPI Java 2.0.  In general, you
+# should only use this compatibility setting if you have persistent data encrypted with
+# version 1.4 and even then, you should ONLY set this compatibility mode UNTIL
+# you have decrypted all of your old encrypted data and then re-encrypted it with
+# ESAPI 2.0 using CBC mode. If you have some reason to mix the deprecated 1.4 mode
+# with the new 2.0 methods, make sure that you use the same cipher algorithm for both
+# (256-bit AES was the default for 1.4; 128-bit is the default for 2.0; see below for
+# more details.) Otherwise, you will have to use the new 2.0 encrypt / decrypt methods
+# where you can specify a SecretKey. (Note that if you are using the 256-bit AES,
+# that requires downloading the special jurisdiction policy files mentioned above.)
+#
+#		***** IMPORTANT: These are for JUnit testing. Test files may have been
+#						 encrypted using these values so do not change these or
+#						 those tests will fail. The version under
+#							src/main/resources/.esapi/ESAPI.properties
+#						 will be delivered with Encryptor.MasterKey and
+#						 Encryptor.MasterSalt set to the empty string.
+#
+#						 FINAL NOTE:
+#                           If Maven changes these when run, that needs to be fixed.
+#       256-bit key... requires unlimited strength jurisdiction policy files
+### Encryptor.MasterKey=pJhlri8JbuFYDgkqtHmm9s0Ziug2PE7ovZDyEPm4j14=
+#       128-bit key
+Encryptor.MasterKey=a6H9is3hEVGKB4Jut+lOVA==
+Encryptor.MasterSalt=SbftnvmEWD5ZHHP+pX3fqugNysc=
+# Encryptor.MasterSalt=
+
+# Provides the default JCE provider that ESAPI will "prefer" for its symmetric
+# encryption and hashing. (That is it will look to this provider first, but it
+# will defer to other providers if the requested algorithm is not implemented
+# by this provider.) If left unset, ESAPI will just use your Java VM's current
+# preferred JCE provider, which is generally set in the file
+# "$JAVA_HOME/jre/lib/security/java.security".
+#
+# The main intent of this is to allow ESAPI symmetric encryption to be
+# used with a FIPS 140-2 compliant crypto-module. For details, see the section
+# "Using ESAPI Symmetric Encryption with FIPS 140-2 Cryptographic Modules" in
+# the ESAPI 2.0 Symmetric Encryption User Guide, at:
+# http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html
+# However, this property also allows you to easily use an alternate JCE provider
+# such as "Bouncy Castle" without having to make changes to "java.security".
+# See Javadoc for SecurityProviderLoader for further details. If you wish to use
+# a provider that is not known to SecurityProviderLoader, you may specify the
+# fully-qualified class name of the JCE provider class that implements
+# java.security.Provider. If the name contains a '.', this is interpreted as
+# a fully-qualified class name that implements java.security.Provider.
+#
+# NOTE: Setting this property has the side-effect of changing it in your application
+#       as well, so if you are using JCE in your application directly rather than
+#       through ESAPI (you wouldn't do that, would you? ;-), it will change the
+#       preferred JCE provider there as well.
+#
+# Default: Keeps the JCE provider set to whatever JVM sets it to.
+Encryptor.PreferredJCEProvider=
+
+# AES is the most widely used and strongest encryption algorithm. This
+# should agree with your Encryptor.CipherTransformation property.
+# By default, ESAPI Java 1.4 uses "PBEWithMD5AndDES" and which is
+# very weak. It is essentially a password-based encryption key, hashed
+# with MD5 around 1K times and then encrypted with the weak DES algorithm
+# (56-bits) using ECB mode and an unspecified padding (it is
+# JCE provider specific, but most likely "NoPadding"). However, 2.0 uses
+# "AES/CBC/PKCSPadding". If you want to change these, change them here.
+# Warning: This property does not control the default reference implementation for
+#		   ESAPI 2.0 using JavaEncryptor. Also, this property will be dropped
+#		   in the future.
+# @deprecated
+Encryptor.EncryptionAlgorithm=AES
+#		For ESAPI Java 2.0 - New encrypt / decrypt methods use this.
+Encryptor.CipherTransformation=AES/CBC/PKCS5Padding
+
+# Applies to ESAPI 2.0 and later only!
+# Comma-separated list of cipher modes that provide *BOTH*
+# confidentiality *AND* message authenticity. (NIST refers to such cipher
+# modes as "combined modes" so that's what we shall call them.) If any of these
+# cipher modes are used then no MAC is calculated and stored
+# in the CipherText upon encryption. Likewise, if one of these
+# cipher modes is used with decryption, no attempt will be made
+# to validate the MAC contained in the CipherText object regardless
+# of whether it contains one or not. Since the expectation is that
+# these cipher modes support support message authenticity already,
+# injecting a MAC in the CipherText object would be at best redundant.
+#
+# Note that as of JDK 1.5, the SunJCE provider does not support *any*
+# of these cipher modes. Of these listed, only GCM and CCM are currently
+# NIST approved. YMMV for other JCE providers. E.g., Bouncy Castle supports
+# GCM and CCM with "NoPadding" mode, but not with "PKCS5Padding" or other
+# padding modes.
+Encryptor.cipher_modes.combined_modes=GCM,CCM,IAPM,EAX,OCB,CWC
+
+# Applies to ESAPI 2.0 and later only!
+# Additional cipher modes allowed for ESAPI 2.0 encryption. These
+# cipher modes are in _addition_ to those specified by the property
+# 'Encryptor.cipher_modes.combined_modes'.
+# Note: We will add support for streaming modes like CFB & OFB once
+# we add support for 'specified' to the property 'Encryptor.ChooseIVMethod'
+# (probably in ESAPI 2.1).
+#
+#	IMPORTANT NOTE:	In the official ESAPI.properties we do *NOT* include ECB
+#					here as this is an extremely weak mode. However, we *must*
+#					allow it here so we can test ECB mode. That is important
+#					since the logic is somewhat different (i.e., ECB mode does
+#					not use an IV).
+# DISCUSS: Better name?
+#	NOTE: ECB added only for testing purposes. Don't try this at home!
+Encryptor.cipher_modes.additional_allowed=CBC,ECB
+
+# 128-bit is almost always sufficient and appears to be more resistant to
+# related key attacks than is 256-bit AES. Use '_' to use default key size
+# for cipher algorithms (where it makes sense because the algorithm supports
+# a variable key size). Key length must agree to what's provided as the
+# cipher transformation, otherwise this will be ignored after logging a
+# warning.
+#
+# NOTE: This is what applies BOTH ESAPI 1.4 and 2.0. See warning above about mixing!
+Encryptor.EncryptionKeyLength=128
+
+# Because 2.0 uses CBC mode by default, it requires an initialization vector (IV).
+# (All cipher modes except ECB require an IV.) There are two choices: we can either
+# use a fixed IV known to both parties or allow ESAPI to choose a random IV. While
+# the IV does not need to be hidden from adversaries, it is important that the
+# adversary not be allowed to choose it. Also, random IVs are generally much more
+# secure than fixed IVs. (In fact, it is essential that feed-back cipher modes
+# such as CFB and OFB use a different IV for each encryption with a given key so
+# in such cases, random IVs are much preferred. By default, ESAPI 2.0 uses random
+# IVs. If you wish to use 'fixed' IVs, set 'Encryptor.ChooseIVMethod=fixed' and
+# uncomment the Encryptor.fixedIV.
+#
+# Valid values:		random|fixed|specified		'specified' not yet implemented; planned for 2.1
+Encryptor.ChooseIVMethod=random
+# If you choose to use a fixed IV, then you must place a fixed IV here that
+# is known to all others who are sharing your secret key. The format should
+# be a hex string that is the same length as the cipher block size for the
+# cipher algorithm that you are using. The following is an example for AES
+# from an AES test vector for AES-128/CBC as described in:
+# NIST Special Publication 800-38A (2001 Edition)
+# "Recommendation for Block Cipher Modes of Operation".
+# (Note that the block size for AES is 16 bytes == 128 bits.)
+#
+Encryptor.fixedIV=0x000102030405060708090a0b0c0d0e0f
+
+# Whether or not CipherText should use a message authentication code (MAC) with it.
+# This prevents an adversary from altering the IV as well as allowing a more
+# fool-proof way of determining the decryption failed because of an incorrect
+# key being supplied. This refers to the "separate" MAC calculated and stored
+# in CipherText, not part of any MAC that is calculated as a result of a
+# "combined mode" cipher mode.
+#
+# If you are using ESAPI with a FIPS 140-2 cryptographic module, you *must* also
+# set this property to false.
+Encryptor.CipherText.useMAC=true
+
+# Whether or not the PlainText object may be overwritten and then marked
+# eligible for garbage collection. If not set, this is still treated as 'true'.
+Encryptor.PlainText.overwrite=true
+
+# Do not use DES except in a legacy situations. 56-bit is way too small key size.
+#Encryptor.EncryptionKeyLength=56
+#Encryptor.EncryptionAlgorithm=DES
+
+# TripleDES is considered strong enough for most purposes.
+#	Note:	There is also a 112-bit version of DESede. Using the 168-bit version
+#			requires downloading the special jurisdiction policy from Sun.
+#Encryptor.EncryptionKeyLength=168
+#Encryptor.EncryptionAlgorithm=DESede
+
+Encryptor.HashAlgorithm=SHA-512
+Encryptor.HashIterations=1024
+Encryptor.DigitalSignatureAlgorithm=SHA1withDSA
+Encryptor.DigitalSignatureKeyLength=1024
+Encryptor.RandomAlgorithm=SHA1PRNG
+Encryptor.CharacterEncoding=UTF-8
+# Currently supported choices for JDK 1.5 and 1.6 are:
+#	HmacSHA1 (160 bits), HmacSHA256 (256 bits), HmacSHA384 (384 bits), and
+#	HmacSHA512 (512 bits).
+# Note that HmacMD5 is *not* supported for the PRF used by the KDF even though
+# these JDKs support it.
+Encryptor.KDF.PRF=HmacSHA256
+
+#===========================================================================
+# ESAPI HttpUtilties
+#
+# The HttpUtilities provide basic protections to HTTP requests and responses. Primarily these methods 
+# protect against malicious data from attackers, such as unprintable characters, escaped characters,
+# and other simple attacks. The HttpUtilities also provides utility methods for dealing with cookies,
+# headers, and CSRF tokens.
+#
+# Default file upload location (remember to escape backslashes with \\)
+HttpUtilities.UploadDir=C:\\ESAPI\\testUpload
+# let this default to java.io.tmpdir for testing
+#HttpUtilities.UploadTempDir=C:\\temp
+# Force flags on cookies, if you use HttpUtilities to set cookies
+HttpUtilities.ForceHttpOnlySession=false
+HttpUtilities.ForceSecureSession=false
+HttpUtilities.ForceHttpOnlyCookies=true
+HttpUtilities.ForceSecureCookies=true
+# Maximum size of HTTP headers
+HttpUtilities.MaxHeaderSize=4096
+# File upload configuration
+HttpUtilities.ApprovedUploadExtensions=.zip,.pdf,.doc,.docx,.ppt,.pptx,.tar,.gz,.tgz,.rar,.war,.jar,.ear,.xls,.rtf,.properties,.java,.class,.txt,.xml,.jsp,.jsf,.exe,.dll
+HttpUtilities.MaxUploadFileBytes=500000000
+# Using UTF-8 throughout your stack is highly recommended. That includes your database driver,
+# container, and any other technologies you may be using. Failure to do this may expose you
+# to Unicode transcoding injection attacks. Use of UTF-8 does not hinder internationalization.
+HttpUtilities.ResponseContentType=text/html; charset=UTF-8
+# This is the name of the cookie used to represent the HTTP session
+# Typically this will be the default "JSESSIONID" 
+HttpUtilities.HttpSessionIdName=JSESSIONID
+
+
+
+#===========================================================================
+# ESAPI Executor
+# CHECKME - Not sure what this is used for, but surely it should be made OS independent.
+Executor.WorkingDirectory=C:\\Windows\\Temp
+Executor.ApprovedExecutables=C:\\Windows\\System32\\cmd.exe,C:\\Windows\\System32\\runas.exe
+
+
+#===========================================================================
+# ESAPI Logging
+# Set the application name if these logs are combined with other applications
+Logger.ApplicationName=ExampleApplication
+# If you use an HTML log viewer that does not properly HTML escape log data, you can set LogEncodingRequired to true
+Logger.LogEncodingRequired=false
+# Determines whether ESAPI should log the application name. This might be clutter in some single-server/single-app environments.
+Logger.LogApplicationName=true
+# Determines whether ESAPI should log the server IP and port. This might be clutter in some single-server environments.
+Logger.LogServerIP=true
+# LogFileName, the name of the logging file. Provide a full directory path (e.g., C:\\ESAPI\\ESAPI_logging_file) if you
+# want to place it in a specific directory.
+Logger.LogFileName=ESAPI_logging_file
+# MaxLogFileSize, the max size (in bytes) of a single log file before it cuts over to a new one (default is 10,000,000)
+Logger.MaxLogFileSize=10000000
+
+
+#===========================================================================
+# ESAPI Intrusion Detection
+#
+# Each event has a base to which .count, .interval, and .action are added
+# The IntrusionException will fire if we receive "count" events within "interval" seconds
+# The IntrusionDetector is configurable to take the following actions: log, logout, and disable
+#  (multiple actions separated by commas are allowed e.g. event.test.actions=log,disable
+#
+# Custom Events
+# Names must start with "event." as the base
+# Use IntrusionDetector.addEvent( "test" ) in your code to trigger "event.test" here
+# You can also disable intrusion detection completely by changing
+# the following parameter to true
+#
+IntrusionDetector.Disable=false
+#
+IntrusionDetector.event.test.count=2
+IntrusionDetector.event.test.interval=10
+IntrusionDetector.event.test.actions=disable,log
+
+# Exception Events
+# All EnterpriseSecurityExceptions are registered automatically
+# Call IntrusionDetector.getInstance().addException(e) for Exceptions that do not extend EnterpriseSecurityException
+# Use the fully qualified classname of the exception as the base
+
+# any intrusion is an attack
+IntrusionDetector.org.owasp.esapi.errors.IntrusionException.count=1
+IntrusionDetector.org.owasp.esapi.errors.IntrusionException.interval=1
+IntrusionDetector.org.owasp.esapi.errors.IntrusionException.actions=log,disable,logout
+
+# for test purposes
+# CHECKME: Shouldn't there be something in the property name itself that designates
+#		   that these are for testing???
+IntrusionDetector.org.owasp.esapi.errors.IntegrityException.count=10
+IntrusionDetector.org.owasp.esapi.errors.IntegrityException.interval=5
+IntrusionDetector.org.owasp.esapi.errors.IntegrityException.actions=log,disable,logout
+
+# rapid validation errors indicate scans or attacks in progress
+# org.owasp.esapi.errors.ValidationException.count=10
+# org.owasp.esapi.errors.ValidationException.interval=10
+# org.owasp.esapi.errors.ValidationException.actions=log,logout
+
+# sessions jumping between hosts indicates session hijacking
+IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.count=2
+IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.interval=10
+IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.actions=log,logout
+
+
+#===========================================================================
+# ESAPI Validation
+#
+# The ESAPI Validator works on regular expressions with defined names. You can define names
+# either here, or you may define application specific patterns in a separate file defined below.
+# This allows enterprises to specify both organizational standards as well as application specific
+# validation rules.
+#
+Validator.ConfigurationFile.MultiValued=true
+Validator.ConfigurationFile="validation-test,comma.properties",validation-test1.properties,validation-test2.properties
+
+# Validators used by ESAPI
+Validator.AccountName=^[a-zA-Z0-9]{3,20}$
+Validator.SystemCommand=^[a-zA-Z\\-\\/]{1,64}$
+Validator.RoleName=^[a-z]{1,20}$
+Validator.Redirect=^\\/test.*$
+
+# Global HTTP Validation Rules
+# Values with Base64 encoded data (e.g. encrypted state) will need at least [a-zA-Z0-9\/+=]
+Validator.HTTPScheme=^(http|https)$
+Validator.HTTPServerName=^[a-zA-Z0-9_.\\-]*$
+Validator.HTTPCookieName=^[a-zA-Z0-9\\-_]{1,32}$
+Validator.HTTPCookieValue=^[a-zA-Z0-9\\-\\/+=_ ]*$
+Validator.HTTPHeaderName=^[a-zA-Z0-9\\-_]{1,32}$
+Validator.HTTPHeaderValue=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$
+Validator.HTTPServletPath=^[a-zA-Z0-9.\\-\\/_]*$
+Validator.HTTPPath=^[a-zA-Z0-9.\\-_]*$
+Validator.HTTPURL=^.*$
+Validator.HTTPJSESSIONID=^[A-Z0-9]{10,30}$
+
+# Contributed by Fraenku@gmx.ch
+# Googlecode Issue 116 (http://code.google.com/p/owasp-esapi-java/issues/detail?id=116)
+Validator.HTTPParameterName=^[a-zA-Z0-9_\\-]{1,32}$
+Validator.HTTPParameterValue=^[\\p{L}\\p{N}.\\-/+=_ !$*?@]{0,1000}$
+Validator.HTTPContextPath=^/[a-zA-Z0-9.\\-_]*$
+Validator.HTTPQueryString=^([a-zA-Z0-9_\\-]{1,32}=[\\p{L}\\p{N}.\\-/+=_ !$*?@%]*&?)*$
+Validator.HTTPURI=^/([a-zA-Z0-9.\\-_]*/?)*$
+
+
+# Validation of file related input
+Validator.FileName=^[a-zA-Z0-9!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
+Validator.DirectoryName=^[a-zA-Z0-9:/\\\\!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
+
+# Validation of dates. Controls whether or not 'lenient' dates are accepted.
+# See DataFormat.setLenient(boolean flag) for further details.
+Validator.AcceptLenientDates=false
\ No newline at end of file
diff --git a/src/test/resources/esapi/ESAPI-SingleValidatorFileChecker.properties b/src/test/resources/esapi/ESAPI-SingleValidatorFileChecker.properties
new file mode 100644
index 000000000..95cdb0056
--- /dev/null
+++ b/src/test/resources/esapi/ESAPI-SingleValidatorFileChecker.properties
@@ -0,0 +1,466 @@
+#
+# OWASP Enterprise Security API (ESAPI) Properties file -- TEST Version
+# 
+# This file is part of the Open Web Application Security Project (OWASP)
+# Enterprise Security API (ESAPI) project. For details, please see
+# http://www.owasp.org/index.php/ESAPI.
+#
+# Copyright (c) 2008,2009 - The OWASP Foundation
+#
+# DISCUSS: This may cause a major backwards compatibility issue, etc. but
+#		   from a name space perspective, we probably should have prefaced
+#		   all the property names with ESAPI or at least OWASP. Otherwise
+#		   there could be problems is someone loads this properties file into
+#		   the System properties.  We could also put this file into the
+#		   esapi.jar file (perhaps as a ResourceBundle) and then allow an external
+#		   ESAPI properties be defined that would overwrite these defaults.
+#		   That keeps the application's properties relatively simple as usually
+#		   they will only want to override a few properties. If looks like we
+#		   already support multiple override levels of this in the
+#		   DefaultSecurityConfiguration class, but I'm suggesting placing the
+#		   defaults in the esapi.jar itself. That way, if the jar is signed,
+#		   we could detect if those properties had been tampered with. (The
+#		   code to check the jar signatures is pretty simple... maybe 70-90 LOC,
+#		   but off course there is an execution penalty (similar to the way
+#		   that the separate sunjce.jar used to be when a class from it was
+#		   first loaded). Thoughts?
+###############################################################################
+#
+# WARNING: Operating system protection should be used to lock down the .esapi
+# resources directory and all the files inside and all the directories all the
+# way up to the root directory of the file system.  Note that if you are using
+# file-based implementations, that some files may need to be read-write as they
+# get updated dynamically.
+#
+# Before using, be sure to update the MasterKey and MasterSalt as described below.
+# N.B.: If you had stored data that you have previously encrypted with ESAPI 1.4,
+#		you *must* FIRST decrypt it using ESAPI 1.4 and then (if so desired)
+#		re-encrypt it with ESAPI 2.0. If you fail to do this, you will NOT be
+#		able to decrypt your data with ESAPI 2.0.
+#
+#		YOU HAVE BEEN WARNED!!! More details are in the ESAPI 2.0 Release Notes.
+#
+#===========================================================================
+# ESAPI Configuration
+#
+# If true, then print all the ESAPI properties set here when they are loaded.
+# If false, they are not printed. Useful to reduce output when running JUnit tests.
+# If you need to troubleshoot a properties related problem, turning this on may help,
+# but we leave it off for running JUnit tests. (It will be 'true' in the one delivered
+# as part of production ESAPI, mostly for backward compatibility.)
+ESAPI.printProperties=false
+
+# ESAPI is designed to be easily extensible. You can use the reference implementation
+# or implement your own providers to take advantage of your enterprise's security
+# infrastructure. The functions in ESAPI are referenced using the ESAPI locator, like:
+#
+#    String ciphertext =
+#		ESAPI.encryptor().encrypt("Secret message");   // Deprecated in 2.0
+#    CipherText cipherText =
+#		ESAPI.encryptor().encrypt(new PlainText("Secret message")); // Preferred
+#
+# Below you can specify the classname for the provider that you wish to use in your
+# application. The only requirement is that it implement the appropriate ESAPI interface.
+# This allows you to switch security implementations in the future without rewriting the
+# entire application.
+#
+# ExperimentalAccessController requires ESAPI-AccessControlPolicy.xml in .esapi directory
+ESAPI.AccessControl=org.owasp.esapi.reference.DefaultAccessController
+# FileBasedAuthenticator requires users.txt file in .esapi directory
+ESAPI.Authenticator=org.owasp.esapi.reference.FileBasedAuthenticator
+ESAPI.Encoder=org.owasp.esapi.reference.DefaultEncoder
+ESAPI.Encryptor=org.owasp.esapi.reference.crypto.JavaEncryptor
+
+ESAPI.Executor=org.owasp.esapi.reference.DefaultExecutor
+ESAPI.HTTPUtilities=org.owasp.esapi.reference.DefaultHTTPUtilities
+ESAPI.IntrusionDetector=org.owasp.esapi.reference.DefaultIntrusionDetector
+# Log4JFactory Requires log4j.xml or log4j.properties in classpath - http://www.laliluna.de/log4j-tutorial.html
+ESAPI.Logger=org.owasp.esapi.reference.Log4JLogFactory
+#ESAPI.Logger=org.owasp.esapi.reference.JavaLogFactory
+#ESAPI.Logger=org.owasp.esapi.reference.ExampleExtendedLog4JLogFactory
+ESAPI.Randomizer=org.owasp.esapi.reference.DefaultRandomizer
+ESAPI.Validator=org.owasp.esapi.reference.DefaultValidator
+
+#===========================================================================
+# ESAPI Authenticator
+#
+Authenticator.AllowedLoginAttempts=3
+Authenticator.MaxOldPasswordHashes=13
+Authenticator.UsernameParameterName=username
+Authenticator.PasswordParameterName=password
+# RememberTokenDuration (in days)
+Authenticator.RememberTokenDuration=14
+# Session Timeouts (in minutes)
+Authenticator.IdleTimeoutDuration=20
+Authenticator.AbsoluteTimeoutDuration=120
+
+#===========================================================================
+# ESAPI Encoder
+#
+# ESAPI canonicalizes input before validation to prevent bypassing filters with encoded attacks.
+# Failure to canonicalize input is a very common mistake when implementing validation schemes.
+# Canonicalization is automatic when using the ESAPI Validator, but you can also use the
+# following code to canonicalize data.
+#
+#      ESAPI.Encoder().canonicalize( "%22hello world&#x22;" );
+#  
+# Multiple encoding is when a single encoding format is applied multiple times. Allowing
+# multiple encoding is strongly discouraged.
+Encoder.AllowMultipleEncoding=false
+
+# Mixed encoding is when multiple different encoding formats are applied, or when
+# multiple formats are nested. Allowing multiple encoding is strongly discouraged.
+Encoder.AllowMixedEncoding=false
+
+# The default list of codecs to apply when canonicalizing untrusted data. The list should include the codecs
+# for all downstream interpreters or decoders. For example, if the data is likely to end up in a URL, HTML, or
+# inside JavaScript, then the list of codecs below is appropriate. The order of the list is not terribly important.
+Encoder.DefaultCodecList=HTMLEntityCodec,PercentCodec,JavaScriptCodec
+
+
+#===========================================================================
+# ESAPI Encryption
+#
+# The ESAPI Encryptor provides basic cryptographic functions with a simplified API.
+# To get started, generate a new key using java -classpath esapi.jar org.owasp.esapi.reference.crypto.JavaEncryptor
+# There is not currently any support for key rotation, so be careful when changing your key and salt as it
+# will invalidate all signed, encrypted, and hashed data.
+#
+# WARNING: Not all combinations of algorithms and key lengths are supported.
+# If you choose to use a key length greater than 128, you MUST download the
+# unlimited strength policy files and install in the lib directory of your JRE/JDK.
+# See http://java.sun.com/javase/downloads/index.jsp for more information.
+#
+# Backward compatibility with ESAPI Java 1.4 is supported by the two deprecated API
+# methods, Encryptor.encrypt(String) and Encryptor.decrypt(String). However, whenever
+# possible, these methods should be avoided as they use ECB cipher mode, which in almost
+# all circumstances a poor choice because of it's weakness. CBC cipher mode is the default
+# for the new Encryptor encrypt / decrypt methods for ESAPI Java 2.0.  In general, you
+# should only use this compatibility setting if you have persistent data encrypted with
+# version 1.4 and even then, you should ONLY set this compatibility mode UNTIL
+# you have decrypted all of your old encrypted data and then re-encrypted it with
+# ESAPI 2.0 using CBC mode. If you have some reason to mix the deprecated 1.4 mode
+# with the new 2.0 methods, make sure that you use the same cipher algorithm for both
+# (256-bit AES was the default for 1.4; 128-bit is the default for 2.0; see below for
+# more details.) Otherwise, you will have to use the new 2.0 encrypt / decrypt methods
+# where you can specify a SecretKey. (Note that if you are using the 256-bit AES,
+# that requires downloading the special jurisdiction policy files mentioned above.)
+#
+#		***** IMPORTANT: These are for JUnit testing. Test files may have been
+#						 encrypted using these values so do not change these or
+#						 those tests will fail. The version under
+#							src/main/resources/.esapi/ESAPI.properties
+#						 will be delivered with Encryptor.MasterKey and
+#						 Encryptor.MasterSalt set to the empty string.
+#
+#						 FINAL NOTE:
+#                           If Maven changes these when run, that needs to be fixed.
+#       256-bit key... requires unlimited strength jurisdiction policy files
+### Encryptor.MasterKey=pJhlri8JbuFYDgkqtHmm9s0Ziug2PE7ovZDyEPm4j14=
+#       128-bit key
+Encryptor.MasterKey=a6H9is3hEVGKB4Jut+lOVA==
+Encryptor.MasterSalt=SbftnvmEWD5ZHHP+pX3fqugNysc=
+# Encryptor.MasterSalt=
+
+# Provides the default JCE provider that ESAPI will "prefer" for its symmetric
+# encryption and hashing. (That is it will look to this provider first, but it
+# will defer to other providers if the requested algorithm is not implemented
+# by this provider.) If left unset, ESAPI will just use your Java VM's current
+# preferred JCE provider, which is generally set in the file
+# "$JAVA_HOME/jre/lib/security/java.security".
+#
+# The main intent of this is to allow ESAPI symmetric encryption to be
+# used with a FIPS 140-2 compliant crypto-module. For details, see the section
+# "Using ESAPI Symmetric Encryption with FIPS 140-2 Cryptographic Modules" in
+# the ESAPI 2.0 Symmetric Encryption User Guide, at:
+# http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html
+# However, this property also allows you to easily use an alternate JCE provider
+# such as "Bouncy Castle" without having to make changes to "java.security".
+# See Javadoc for SecurityProviderLoader for further details. If you wish to use
+# a provider that is not known to SecurityProviderLoader, you may specify the
+# fully-qualified class name of the JCE provider class that implements
+# java.security.Provider. If the name contains a '.', this is interpreted as
+# a fully-qualified class name that implements java.security.Provider.
+#
+# NOTE: Setting this property has the side-effect of changing it in your application
+#       as well, so if you are using JCE in your application directly rather than
+#       through ESAPI (you wouldn't do that, would you? ;-), it will change the
+#       preferred JCE provider there as well.
+#
+# Default: Keeps the JCE provider set to whatever JVM sets it to.
+Encryptor.PreferredJCEProvider=
+
+# AES is the most widely used and strongest encryption algorithm. This
+# should agree with your Encryptor.CipherTransformation property.
+# By default, ESAPI Java 1.4 uses "PBEWithMD5AndDES" and which is
+# very weak. It is essentially a password-based encryption key, hashed
+# with MD5 around 1K times and then encrypted with the weak DES algorithm
+# (56-bits) using ECB mode and an unspecified padding (it is
+# JCE provider specific, but most likely "NoPadding"). However, 2.0 uses
+# "AES/CBC/PKCSPadding". If you want to change these, change them here.
+# Warning: This property does not control the default reference implementation for
+#		   ESAPI 2.0 using JavaEncryptor. Also, this property will be dropped
+#		   in the future.
+# @deprecated
+Encryptor.EncryptionAlgorithm=AES
+#		For ESAPI Java 2.0 - New encrypt / decrypt methods use this.
+Encryptor.CipherTransformation=AES/CBC/PKCS5Padding
+
+# Applies to ESAPI 2.0 and later only!
+# Comma-separated list of cipher modes that provide *BOTH*
+# confidentiality *AND* message authenticity. (NIST refers to such cipher
+# modes as "combined modes" so that's what we shall call them.) If any of these
+# cipher modes are used then no MAC is calculated and stored
+# in the CipherText upon encryption. Likewise, if one of these
+# cipher modes is used with decryption, no attempt will be made
+# to validate the MAC contained in the CipherText object regardless
+# of whether it contains one or not. Since the expectation is that
+# these cipher modes support support message authenticity already,
+# injecting a MAC in the CipherText object would be at best redundant.
+#
+# Note that as of JDK 1.5, the SunJCE provider does not support *any*
+# of these cipher modes. Of these listed, only GCM and CCM are currently
+# NIST approved. YMMV for other JCE providers. E.g., Bouncy Castle supports
+# GCM and CCM with "NoPadding" mode, but not with "PKCS5Padding" or other
+# padding modes.
+Encryptor.cipher_modes.combined_modes=GCM,CCM,IAPM,EAX,OCB,CWC
+
+# Applies to ESAPI 2.0 and later only!
+# Additional cipher modes allowed for ESAPI 2.0 encryption. These
+# cipher modes are in _addition_ to those specified by the property
+# 'Encryptor.cipher_modes.combined_modes'.
+# Note: We will add support for streaming modes like CFB & OFB once
+# we add support for 'specified' to the property 'Encryptor.ChooseIVMethod'
+# (probably in ESAPI 2.1).
+#
+#	IMPORTANT NOTE:	In the official ESAPI.properties we do *NOT* include ECB
+#					here as this is an extremely weak mode. However, we *must*
+#					allow it here so we can test ECB mode. That is important
+#					since the logic is somewhat different (i.e., ECB mode does
+#					not use an IV).
+# DISCUSS: Better name?
+#	NOTE: ECB added only for testing purposes. Don't try this at home!
+Encryptor.cipher_modes.additional_allowed=CBC,ECB
+
+# 128-bit is almost always sufficient and appears to be more resistant to
+# related key attacks than is 256-bit AES. Use '_' to use default key size
+# for cipher algorithms (where it makes sense because the algorithm supports
+# a variable key size). Key length must agree to what's provided as the
+# cipher transformation, otherwise this will be ignored after logging a
+# warning.
+#
+# NOTE: This is what applies BOTH ESAPI 1.4 and 2.0. See warning above about mixing!
+Encryptor.EncryptionKeyLength=128
+
+# Because 2.0 uses CBC mode by default, it requires an initialization vector (IV).
+# (All cipher modes except ECB require an IV.) There are two choices: we can either
+# use a fixed IV known to both parties or allow ESAPI to choose a random IV. While
+# the IV does not need to be hidden from adversaries, it is important that the
+# adversary not be allowed to choose it. Also, random IVs are generally much more
+# secure than fixed IVs. (In fact, it is essential that feed-back cipher modes
+# such as CFB and OFB use a different IV for each encryption with a given key so
+# in such cases, random IVs are much preferred. By default, ESAPI 2.0 uses random
+# IVs. If you wish to use 'fixed' IVs, set 'Encryptor.ChooseIVMethod=fixed' and
+# uncomment the Encryptor.fixedIV.
+#
+# Valid values:		random|fixed|specified		'specified' not yet implemented; planned for 2.1
+Encryptor.ChooseIVMethod=random
+# If you choose to use a fixed IV, then you must place a fixed IV here that
+# is known to all others who are sharing your secret key. The format should
+# be a hex string that is the same length as the cipher block size for the
+# cipher algorithm that you are using. The following is an example for AES
+# from an AES test vector for AES-128/CBC as described in:
+# NIST Special Publication 800-38A (2001 Edition)
+# "Recommendation for Block Cipher Modes of Operation".
+# (Note that the block size for AES is 16 bytes == 128 bits.)
+#
+Encryptor.fixedIV=0x000102030405060708090a0b0c0d0e0f
+
+# Whether or not CipherText should use a message authentication code (MAC) with it.
+# This prevents an adversary from altering the IV as well as allowing a more
+# fool-proof way of determining the decryption failed because of an incorrect
+# key being supplied. This refers to the "separate" MAC calculated and stored
+# in CipherText, not part of any MAC that is calculated as a result of a
+# "combined mode" cipher mode.
+#
+# If you are using ESAPI with a FIPS 140-2 cryptographic module, you *must* also
+# set this property to false.
+Encryptor.CipherText.useMAC=true
+
+# Whether or not the PlainText object may be overwritten and then marked
+# eligible for garbage collection. If not set, this is still treated as 'true'.
+Encryptor.PlainText.overwrite=true
+
+# Do not use DES except in a legacy situations. 56-bit is way too small key size.
+#Encryptor.EncryptionKeyLength=56
+#Encryptor.EncryptionAlgorithm=DES
+
+# TripleDES is considered strong enough for most purposes.
+#	Note:	There is also a 112-bit version of DESede. Using the 168-bit version
+#			requires downloading the special jurisdiction policy from Sun.
+#Encryptor.EncryptionKeyLength=168
+#Encryptor.EncryptionAlgorithm=DESede
+
+Encryptor.HashAlgorithm=SHA-512
+Encryptor.HashIterations=1024
+Encryptor.DigitalSignatureAlgorithm=SHA1withDSA
+Encryptor.DigitalSignatureKeyLength=1024
+Encryptor.RandomAlgorithm=SHA1PRNG
+Encryptor.CharacterEncoding=UTF-8
+# Currently supported choices for JDK 1.5 and 1.6 are:
+#	HmacSHA1 (160 bits), HmacSHA256 (256 bits), HmacSHA384 (384 bits), and
+#	HmacSHA512 (512 bits).
+# Note that HmacMD5 is *not* supported for the PRF used by the KDF even though
+# these JDKs support it.
+Encryptor.KDF.PRF=HmacSHA256
+
+#===========================================================================
+# ESAPI HttpUtilties
+#
+# The HttpUtilities provide basic protections to HTTP requests and responses. Primarily these methods 
+# protect against malicious data from attackers, such as unprintable characters, escaped characters,
+# and other simple attacks. The HttpUtilities also provides utility methods for dealing with cookies,
+# headers, and CSRF tokens.
+#
+# Default file upload location (remember to escape backslashes with \\)
+HttpUtilities.UploadDir=C:\\ESAPI\\testUpload
+# let this default to java.io.tmpdir for testing
+#HttpUtilities.UploadTempDir=C:\\temp
+# Force flags on cookies, if you use HttpUtilities to set cookies
+HttpUtilities.ForceHttpOnlySession=false
+HttpUtilities.ForceSecureSession=false
+HttpUtilities.ForceHttpOnlyCookies=true
+HttpUtilities.ForceSecureCookies=true
+# Maximum size of HTTP headers
+HttpUtilities.MaxHeaderSize=4096
+# File upload configuration
+HttpUtilities.ApprovedUploadExtensions=.zip,.pdf,.doc,.docx,.ppt,.pptx,.tar,.gz,.tgz,.rar,.war,.jar,.ear,.xls,.rtf,.properties,.java,.class,.txt,.xml,.jsp,.jsf,.exe,.dll
+HttpUtilities.MaxUploadFileBytes=500000000
+# Using UTF-8 throughout your stack is highly recommended. That includes your database driver,
+# container, and any other technologies you may be using. Failure to do this may expose you
+# to Unicode transcoding injection attacks. Use of UTF-8 does not hinder internationalization.
+HttpUtilities.ResponseContentType=text/html; charset=UTF-8
+# This is the name of the cookie used to represent the HTTP session
+# Typically this will be the default "JSESSIONID" 
+HttpUtilities.HttpSessionIdName=JSESSIONID
+
+
+
+#===========================================================================
+# ESAPI Executor
+# CHECKME - Not sure what this is used for, but surely it should be made OS independent.
+Executor.WorkingDirectory=C:\\Windows\\Temp
+Executor.ApprovedExecutables=C:\\Windows\\System32\\cmd.exe,C:\\Windows\\System32\\runas.exe
+
+
+#===========================================================================
+# ESAPI Logging
+# Set the application name if these logs are combined with other applications
+Logger.ApplicationName=ExampleApplication
+# If you use an HTML log viewer that does not properly HTML escape log data, you can set LogEncodingRequired to true
+Logger.LogEncodingRequired=false
+# Determines whether ESAPI should log the application name. This might be clutter in some single-server/single-app environments.
+Logger.LogApplicationName=true
+# Determines whether ESAPI should log the server IP and port. This might be clutter in some single-server environments.
+Logger.LogServerIP=true
+# LogFileName, the name of the logging file. Provide a full directory path (e.g., C:\\ESAPI\\ESAPI_logging_file) if you
+# want to place it in a specific directory.
+Logger.LogFileName=ESAPI_logging_file
+# MaxLogFileSize, the max size (in bytes) of a single log file before it cuts over to a new one (default is 10,000,000)
+Logger.MaxLogFileSize=10000000
+
+
+#===========================================================================
+# ESAPI Intrusion Detection
+#
+# Each event has a base to which .count, .interval, and .action are added
+# The IntrusionException will fire if we receive "count" events within "interval" seconds
+# The IntrusionDetector is configurable to take the following actions: log, logout, and disable
+#  (multiple actions separated by commas are allowed e.g. event.test.actions=log,disable
+#
+# Custom Events
+# Names must start with "event." as the base
+# Use IntrusionDetector.addEvent( "test" ) in your code to trigger "event.test" here
+# You can also disable intrusion detection completely by changing
+# the following parameter to true
+#
+IntrusionDetector.Disable=false
+#
+IntrusionDetector.event.test.count=2
+IntrusionDetector.event.test.interval=10
+IntrusionDetector.event.test.actions=disable,log
+
+# Exception Events
+# All EnterpriseSecurityExceptions are registered automatically
+# Call IntrusionDetector.getInstance().addException(e) for Exceptions that do not extend EnterpriseSecurityException
+# Use the fully qualified classname of the exception as the base
+
+# any intrusion is an attack
+IntrusionDetector.org.owasp.esapi.errors.IntrusionException.count=1
+IntrusionDetector.org.owasp.esapi.errors.IntrusionException.interval=1
+IntrusionDetector.org.owasp.esapi.errors.IntrusionException.actions=log,disable,logout
+
+# for test purposes
+# CHECKME: Shouldn't there be something in the property name itself that designates
+#		   that these are for testing???
+IntrusionDetector.org.owasp.esapi.errors.IntegrityException.count=10
+IntrusionDetector.org.owasp.esapi.errors.IntegrityException.interval=5
+IntrusionDetector.org.owasp.esapi.errors.IntegrityException.actions=log,disable,logout
+
+# rapid validation errors indicate scans or attacks in progress
+# org.owasp.esapi.errors.ValidationException.count=10
+# org.owasp.esapi.errors.ValidationException.interval=10
+# org.owasp.esapi.errors.ValidationException.actions=log,logout
+
+# sessions jumping between hosts indicates session hijacking
+IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.count=2
+IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.interval=10
+IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.actions=log,logout
+
+
+#===========================================================================
+# ESAPI Validation
+#
+# The ESAPI Validator works on regular expressions with defined names. You can define names
+# either here, or you may define application specific patterns in a separate file defined below.
+# This allows enterprises to specify both organizational standards as well as application specific
+# validation rules.
+#
+#Validator.ConfigurationFile.MultiValued=false
+Validator.ConfigurationFile=validation-test1.properties
+
+# Validators used by ESAPI
+Validator.AccountName=^[a-zA-Z0-9]{3,20}$
+Validator.SystemCommand=^[a-zA-Z\\-\\/]{1,64}$
+Validator.RoleName=^[a-z]{1,20}$
+Validator.Redirect=^\\/test.*$
+
+# Global HTTP Validation Rules
+# Values with Base64 encoded data (e.g. encrypted state) will need at least [a-zA-Z0-9\/+=]
+Validator.HTTPScheme=^(http|https)$
+Validator.HTTPServerName=^[a-zA-Z0-9_.\\-]*$
+Validator.HTTPCookieName=^[a-zA-Z0-9\\-_]{1,32}$
+Validator.HTTPCookieValue=^[a-zA-Z0-9\\-\\/+=_ ]*$
+Validator.HTTPHeaderName=^[a-zA-Z0-9\\-_]{1,32}$
+Validator.HTTPHeaderValue=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$
+Validator.HTTPServletPath=^[a-zA-Z0-9.\\-\\/_]*$
+Validator.HTTPPath=^[a-zA-Z0-9.\\-_]*$
+Validator.HTTPURL=^.*$
+Validator.HTTPJSESSIONID=^[A-Z0-9]{10,30}$
+
+# Contributed by Fraenku@gmx.ch
+# Googlecode Issue 116 (http://code.google.com/p/owasp-esapi-java/issues/detail?id=116)
+Validator.HTTPParameterName=^[a-zA-Z0-9_\\-]{1,32}$
+Validator.HTTPParameterValue=^[\\p{L}\\p{N}.\\-/+=_ !$*?@]{0,1000}$
+Validator.HTTPContextPath=^/[a-zA-Z0-9.\\-_]*$
+Validator.HTTPQueryString=^([a-zA-Z0-9_\\-]{1,32}=[\\p{L}\\p{N}.\\-/+=_ !$*?@%]*&?)*$
+Validator.HTTPURI=^/([a-zA-Z0-9.\\-_]*/?)*$
+
+
+# Validation of file related input
+Validator.FileName=^[a-zA-Z0-9!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
+Validator.DirectoryName=^[a-zA-Z0-9:/\\\\!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
+
+# Validation of dates. Controls whether or not 'lenient' dates are accepted.
+# See DataFormat.setLenient(boolean flag) for further details.
+Validator.AcceptLenientDates=false
\ No newline at end of file
diff --git a/src/test/resources/esapi/validation-test,comma.properties b/src/test/resources/esapi/validation-test,comma.properties
new file mode 100644
index 000000000..99956e509
--- /dev/null
+++ b/src/test/resources/esapi/validation-test,comma.properties
@@ -0,0 +1 @@
+Validator.TestC=ValueFromCommaFile
\ No newline at end of file
diff --git a/src/test/resources/esapi/validation-test1.properties b/src/test/resources/esapi/validation-test1.properties
new file mode 100644
index 000000000..ad678536d
--- /dev/null
+++ b/src/test/resources/esapi/validation-test1.properties
@@ -0,0 +1 @@
+Validator.Test1=ValueFromFile1
\ No newline at end of file
diff --git a/src/test/resources/esapi/validation-test2.properties b/src/test/resources/esapi/validation-test2.properties
new file mode 100644
index 000000000..08146e85d
--- /dev/null
+++ b/src/test/resources/esapi/validation-test2.properties
@@ -0,0 +1 @@
+Validator.Test2=ValueFromFile2
\ No newline at end of file

From 423ebdaa0f20c8054523b0450373793875443dc8 Mon Sep 17 00:00:00 2001
From: "erluko@gmail.com"
 <erluko@gmail.com@69e6d614-4441-0410-9a8b-65af957f44db>
Date: Tue, 19 Nov 2013 20:50:32 +0000
Subject: [PATCH 031/812] Fixed javadoc for change in r1917

---
 .../esapi/reference/DefaultSecurityConfiguration.java     | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
index 995ad7007..fd95f04a6 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
@@ -223,9 +223,11 @@ public static SecurityConfiguration getInstance() {
 //    private static long lastModified = -1;
 
     /**
-     * Instantiates a new configuration.
+     * Instantiates a new configuration, using the provided property file name
+     * 
+     * @param resourceFile The name of the property file to load
      */
-    protected DefaultSecurityConfiguration(String resourceFile) {
+    DefaultSecurityConfiguration(String resourceFile) {
     	this.resourceFile = resourceFile;
     	// load security configuration
     	try {
@@ -252,7 +254,7 @@ public DefaultSecurityConfiguration(Properties properties) {
     }
     
     /**
-     * 
+     * Instantiates a new configuration.
      */
     public DefaultSecurityConfiguration(){
     	this(DEFAULT_RESOURCE_FILE);

From 3d284ec8930f0f13a939a23a97a2ab0c0bcdaa5d Mon Sep 17 00:00:00 2001
From: "kevin.w.wall@gmail.com"
 <kevin.w.wall@gmail.com@69e6d614-4441-0410-9a8b-65af957f44db>
Date: Thu, 21 Nov 2013 17:20:14 +0000
Subject: [PATCH 032/812] Fix for Google Issue # 307.

---
 configuration/esapi/ESAPI.properties | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/configuration/esapi/ESAPI.properties b/configuration/esapi/ESAPI.properties
index 49e63c608..35c9d0870 100644
--- a/configuration/esapi/ESAPI.properties
+++ b/configuration/esapi/ESAPI.properties
@@ -336,9 +336,16 @@ HttpUtilities.HttpSessionIdName=JSESSIONID
 
 #===========================================================================
 # ESAPI Executor
-# CHECKME - Not sure what this is used for, but surely it should be made OS independent.
-Executor.WorkingDirectory=C:\\Windows\\Temp
-Executor.ApprovedExecutables=C:\\Windows\\System32\\cmd.exe,C:\\Windows\\System32\\runas.exe
+# CHECKME - This should be made OS independent. Don't use unsafe defaults.
+# # Examples only -- do NOT blindly copy!
+#   For Windows:
+#     Executor.WorkingDirectory=C:\\Windows\\Temp
+#     Executor.ApprovedExecutables=C:\\Windows\\System32\\cmd.exe,C:\\Windows\\System32\\runas.exe
+#   For *nux, MacOS:
+#     Executor.WorkingDirectory=/tmp
+#     Executor.ApprovedExecutables=/bin/bash
+Executor.WorkingDirectory=
+Executor.ApprovedExecutables=
 
 
 #===========================================================================

From 4f5b1e364a67293d4eeeb668facd9ba4cc741023 Mon Sep 17 00:00:00 2001
From: "kevin.w.wall@gmail.com"
 <kevin.w.wall@gmail.com@69e6d614-4441-0410-9a8b-65af957f44db>
Date: Fri, 2 May 2014 04:22:39 +0000
Subject: [PATCH 033/812] Fix for Google Issue 327. Thanks to Matt Seil for the
 fix.

---
 src/main/java/org/owasp/esapi/reference/Log4JLogger.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/main/java/org/owasp/esapi/reference/Log4JLogger.java b/src/main/java/org/owasp/esapi/reference/Log4JLogger.java
index 3b4aa950a..7782f89c7 100644
--- a/src/main/java/org/owasp/esapi/reference/Log4JLogger.java
+++ b/src/main/java/org/owasp/esapi/reference/Log4JLogger.java
@@ -107,7 +107,8 @@ public void setLevel(int level) {
 	 * Hence we renamed it to {@code getESAPILevel()}.
 	 */
 	public int getESAPILevel() {
-		return super.getLevel().toInt();
+		Level level = super.getLevel();
+    return (level == null ) ? Level.OFF_INT : level.toInt();
 	}
 
 	/**

From 3ca93c5c1ee7ecc342b34d9eebf118701f9b9306 Mon Sep 17 00:00:00 2001
From: "planetlevel@gmail.com"
 <planetlevel@gmail.com@69e6d614-4441-0410-9a8b-65af957f44db>
Date: Sat, 28 Jun 2014 02:03:28 +0000
Subject: [PATCH 034/812] Fix issue 323 - ESAPI Random Number Generation and
 CSRF Protection Broken

Problem was introduced in r722 - https://code.google.com/p/owasp-esapi-java/source/diff?spec=svn1942&r=722&format=side&path=/trunk/src/main/java/org/owasp/esapi/StringUtilities.java&old_path=/trunk/src/main/java/org/owasp/esapi/StringUtilities.java&old=561
---
 .../java/org/owasp/esapi/StringUtilities.java | 12 +++---
 .../org/owasp/esapi/StringUtilitiesTest.java  | 17 ++++++++
 .../owasp/esapi/reference/RandomizerTest.java | 41 +++++++++++++++++--
 3 files changed, 60 insertions(+), 10 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/StringUtilities.java b/src/main/java/org/owasp/esapi/StringUtilities.java
index e41dd03e8..9d79a3ec4 100644
--- a/src/main/java/org/owasp/esapi/StringUtilities.java
+++ b/src/main/java/org/owasp/esapi/StringUtilities.java
@@ -61,12 +61,12 @@ public static String stripControls( String input ) {
     public static char[] union(char[]... list) {
     	StringBuilder sb = new StringBuilder();
     	
-    	for (char[] characters : list) {
-	        for (int i = 0; i < list.length; i++) {
-	            if (!contains(sb, characters[i]))
-	                sb.append(list[i]);
-	        }
-    	}
+		for (char[] characters : list) {
+			for ( char c : characters ) {
+				if ( !contains( sb, c ) )
+					sb.append( c );
+			}
+		}
 
         char[] toReturn = new char[sb.length()];
         sb.getChars(0, sb.length(), toReturn, 0);
diff --git a/src/test/java/org/owasp/esapi/StringUtilitiesTest.java b/src/test/java/org/owasp/esapi/StringUtilitiesTest.java
index de82b65f8..967b63263 100644
--- a/src/test/java/org/owasp/esapi/StringUtilitiesTest.java
+++ b/src/test/java/org/owasp/esapi/StringUtilitiesTest.java
@@ -1,5 +1,7 @@
 package org.owasp.esapi;
 
+import java.util.Arrays;
+
 import junit.framework.Test;
 import junit.framework.TestCase;
 import junit.framework.TestSuite;
@@ -42,7 +44,22 @@ public void testGetLevenshteinDistance() {
     		assertTrue( ex.getClass().getName().equals( IllegalArgumentException.class.getName() ));
     	}
     }
+
+    /** Test the union() method. */
+    public void testUnion() {
+		char[] a1 = { 'a', 'b', 'c' };
+		char[] a2 = { 'c', 'd', 'e' };
+		char[] union = StringUtilities.union(a1, a2);
+		assertTrue( Arrays.equals( union, new char[] {'a','b','c','d','e' } ) );
+    }
     
+    /** Test the contains() method. */
+    public void contains() {
+		StringBuilder sb = new StringBuilder( "abc" );
+		assertTrue( StringUtilities.contains(sb, 'b') );
+		assertFalse( StringUtilities.contains(sb, 'x') );
+    }
+
     /** Test the notNullOrEmpty() method. */
     public void testNotNullOrEmpty() {
     	String str = "A string";
diff --git a/src/test/java/org/owasp/esapi/reference/RandomizerTest.java b/src/test/java/org/owasp/esapi/reference/RandomizerTest.java
index 2fc27f9de..605dfb3e8 100644
--- a/src/test/java/org/owasp/esapi/reference/RandomizerTest.java
+++ b/src/test/java/org/owasp/esapi/reference/RandomizerTest.java
@@ -15,6 +15,8 @@
  */
 package org.owasp.esapi.reference;
 
+import java.io.FileWriter;
+import java.io.IOException;
 import java.util.ArrayList;
 
 import junit.framework.Test;
@@ -76,16 +78,28 @@ public static Test suite() {
     public void testGetRandomString() {
         System.out.println("getRandomString");
         int length = 20;
+        int trials = 1000;
         Randomizer instance = ESAPI.randomizer();
-        for ( int i = 0; i < 100; i++ ) {
+        int[] counts = new int[128];
+        for ( int i = 0; i < 1000; i++ ) {
             String result = instance.getRandomString(length, EncoderConstants.CHAR_ALPHANUMERICS );
             for ( int j=0;j<result.length();j++ ) {
-            	if ( !Codec.containsCharacter( result.charAt(j), EncoderConstants.CHAR_ALPHANUMERICS) ) {
-            		fail();
-            	}
+            	char c = result.charAt(j);
+            	counts[c]++;
             }
             assertEquals(length, result.length());
         }
+        
+        // Simple check to see if the overall character counts are within 10% of each other
+        int min=Integer.MAX_VALUE;
+        int max=0;
+        for ( int i = 0; i < 128; i++ ) {
+        	if ( counts[i] > max ) { max = counts[i]; } 
+        	if ( counts[i] > 0 && counts[i] < min ) { min = counts[i]; }
+        	if ( max - min > trials/10 ) {
+        		fail( "getRandomString randomness counts are off" );
+        	}
+        }
     }
 
     /**
@@ -140,5 +154,24 @@ public void testGetRandomGUID() throws EncryptionException {
         }
     }
 
+    
+    /**
+     * Run this class to generate a file named "tokens.txt" with 20,000 random 20 character ALPHANUMERIC tokens.
+     * Use Burp Pro sequencer to load this file and run a series of randomness tests.
+     * 
+     * NOTE: be careful not to include any CRLF characters (10 or 13 ASCII) because they'll create new tokens
+     * Check to be sure your analysis tool loads exactly 20,000 tokens of 20 characters each.
+     */
+    
+	public static void main(String[] args) throws IOException {
+		FileWriter fw = new FileWriter("tokens.txt");
+		for (int i = 0; i < 20000; i++) {
+			String token = ESAPI.randomizer().getRandomString(20, EncoderConstants.CHAR_ALPHANUMERICS);
+			fw.write(token + "\n");
+		}
+		fw.close();
+	}
+
+
      
 }

From aea19ecfcfcc63af459adaf358cfc23fcba9cbbe Mon Sep 17 00:00:00 2001
From: "chris.schmidt@owasp.org"
 <chris.schmidt@owasp.org@69e6d614-4441-0410-9a8b-65af957f44db>
Date: Tue, 1 Jul 2014 04:35:29 +0000
Subject: [PATCH 035/812] pom.xml 1) Updated dependencies 2) Added OWASP
 Dependency Check plugin 3) Added Surefire Report Plugin 4) Updated all
 plugins to latest version 5) Updated req'd minimum Java Version to 1.6

MockServletContext.java
1) Added getContextPath() method to account for new servlet spec method.
---
 pom.xml                                       | 116 +++++++++---------
 .../owasp/esapi/http/MockServletContext.java  |   5 +
 2 files changed, 61 insertions(+), 60 deletions(-)

diff --git a/pom.xml b/pom.xml
index 5e0fdd4bb..89c9b250d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -81,28 +81,14 @@
             <name>Jeff Williams</name>
             <organization>Aspect Security</organization>
             <roles>
-                <role>Project Owner</role>
-                <role>Architect</role>
-                <role>Developer</role>
-            </roles>
-        </developer>
-        <developer>
-            <name>Jim Manico</name>
-            <roles>
-                <role>Project Manager</role>
-                <role>BuildMaster</role>
-                <role>Developer</role>
-                <role>Architect</role>
+                <role>Project Inventor</role>
             </roles>
         </developer>
         <developer>
             <name>Chris Schmidt</name>
             <organization>Aspect Security</organization>
             <roles>
-                <role>Project Manager</role>
-                <role>Continuous Integration Admin</role>
-                <role>Architect</role>
-                <role>Developer</role>
+                <role>Project Owner</role>
             </roles>
         </developer>
         <developer>
@@ -110,9 +96,6 @@
             <organization>Wells Fargo</organization>
             <roles>
                 <role>Project Manager</role>
-                <role>Architect</role>
-                <role>Developer</role>
-                <role>Crypto Guy</role>
             </roles>
         </developer>
     </developers>
@@ -121,11 +104,9 @@
         <contributor>
             <name>Dave Wichers</name>
             <organization>Aspect Security</organization>
-            <roles>
-                <role>Documentation and Examples</role>
-                <role>Minor Code Contributions</role>
-                <role>Project Guidance</role>
-            </roles>
+        </contributor>
+        <contributor>
+            <name>Jim Manico</name>
         </contributor>
     </contributors>
 
@@ -137,23 +118,23 @@
         <dependency>
             <groupId>commons-configuration</groupId>
             <artifactId>commons-configuration</artifactId>
-            <version>1.5</version>
+            <version>1.10</version>
         </dependency>
         <dependency>
             <groupId>commons-beanutils</groupId>
             <artifactId>commons-beanutils-core</artifactId>
-            <version>1.7.0</version>
+            <version>1.8.3</version>
         </dependency>
         <dependency>
             <groupId>junit</groupId>
             <artifactId>junit</artifactId>
-            <version>4.4</version>
+            <version>4.5</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>javax.servlet</groupId>
             <artifactId>servlet-api</artifactId>
-            <version>2.4</version>
+            <version>2.5</version>
             <scope>provided</scope>
         </dependency>
         <dependency>
@@ -165,23 +146,19 @@
         <dependency>
             <groupId>commons-fileupload</groupId>
             <artifactId>commons-fileupload</artifactId>
-            <version>1.2</version>
+            <version>1.3.1</version>
             <scope>compile</scope>
         </dependency>
-        <!-- unused according to dependancy:analyze
-           this is a optional dependency of commons-fileupload which
-           is at least needed for testing...
-        -->
         <dependency>
             <groupId>commons-io</groupId>
             <artifactId>commons-io</artifactId>
-            <version>1.3</version>
+            <version>2.4</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>commons-collections</groupId>
             <artifactId>commons-collections</artifactId>
-            <version>3.2</version>
+            <version>3.2.1</version>
             <scope>compile</scope>
         </dependency>
         <dependency>
@@ -204,7 +181,7 @@
         <dependency>
             <groupId>org.owasp.antisamy</groupId>
             <artifactId>antisamy</artifactId>
-            <version>1.4.3</version>
+            <version>1.5.3</version>
         </dependency>
     </dependencies>
 
@@ -212,10 +189,10 @@
         <plugins>
             <plugin>
                 <artifactId>maven-compiler-plugin</artifactId>
-                <version>2.3.2</version>
+                <version>3.1</version>
                 <configuration>
-                    <source>1.5</source>
-                    <target>1.5</target>
+                    <source>1.6</source>
+                    <target>1.6</target>
                     <debug>true</debug>
                     <showWarnings>true</showWarnings>
                     <showDeprecation>false</showDeprecation>
@@ -225,7 +202,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-eclipse-plugin</artifactId>
-                <version>2.8</version>
+                <version>2.9</version>
                 <configuration>
                     <downloadSources>true</downloadSources>
                 </configuration>
@@ -233,7 +210,7 @@
 
             <plugin>
                 <artifactId>maven-jar-plugin</artifactId>
-                <version>2.3.1</version>
+                <version>2.4</version>
                 <configuration>
                     <archive>
                         <manifest>
@@ -245,24 +222,23 @@
             </plugin>
 
             <!-- Check for updates to dependencies and report on them. -->
-<!--
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>versions-maven-plugin</artifactId>
-                <version>1.2</version>
+                <version>2.1</version>
                 <executions>
                     <execution>
                         <id>check-for-dependency-updates</id>
-                        <phase>compile</phase> &lt;!&ndash; Eclipse q4e plugin needs this &ndash;&gt;
+                        <phase>compile</phase> <!-- Eclipse q4e plugin needs this -->
                         <goals>
                             <goal>display-dependency-updates</goal>
                             <goal>display-plugin-updates</goal>
-                            <goal>display-property-updates</goal>
+                            <!--<goal>display-property-updates</goal>-->
                         </goals>
                     </execution>
                 </executions>
             </plugin>
--->
+
         </plugins>
     </build>
 
@@ -271,7 +247,7 @@
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>findbugs-maven-plugin</artifactId>
-                <version>2.3.1</version>
+                <version>2.5.3</version>
                 <configuration>
                     <findbugsXmlOutput>true</findbugsXmlOutput>
                     <findbugsXmlWithMessages>true</findbugsXmlWithMessages>
@@ -284,7 +260,7 @@
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>cobertura-maven-plugin</artifactId>
-                <version>2.4</version>
+                <version>2.6</version>
                 <configuration>
                     <formats>
                         <format>html</format>
@@ -295,11 +271,11 @@
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>jdepend-maven-plugin</artifactId>
-                <version>2.0-beta-2</version>
+                <version>2.0</version>
             </plugin>
             <plugin>
                 <artifactId>maven-pmd-plugin</artifactId>
-                <version>2.5</version>
+                <version>3.1</version>
                 <configuration>
                     <targetJdk>1.5</targetJdk>
                     <sourceEncoding>utf-8</sourceEncoding>
@@ -308,7 +284,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-javadoc-plugin</artifactId>
-                <version>2.7</version>
+                <version>2.9.1</version>
                 <configuration>
                     <detectJavaApiLink>false</detectJavaApiLink>
                     <detectLinks>false</detectLinks>
@@ -328,14 +304,14 @@
                     <issueLinkUrl>http://code.google.com/p/owasp-esapi-java/issues/detail?id=%ISSUE%</issueLinkUrl>
                     <type>date</type>
                     <dates>
-                        <date>2011-05-11 00:00:00</date>
+                        <date>2013-09-02 00:00:00</date>
                     </dates>
                 </configuration>
             </plugin>
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>versions-maven-plugin</artifactId>
-                <version>1.2</version>
+                <version>2.1</version>
                 <reportSets>
                     <reportSet>
                         <reports>
@@ -346,6 +322,19 @@
                     </reportSet>
                 </reportSets>
             </plugin>
+            <plugin>
+                <groupId>org.owasp</groupId>
+                <artifactId>dependency-check-maven</artifactId>
+                <version>1.1.4</version>
+                <configuration>
+                    <externalReport>false</externalReport>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-surefire-report-plugin</artifactId>
+                <version>2.17</version>
+            </plugin>
         </plugins>
     </reporting>
 
@@ -383,6 +372,7 @@
                     <plugin>
                         <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-gpg-plugin</artifactId>
+                        <version>1.5</version>
                         <executions>
                             <execution>
                                 <id>sign-artifacts</id>
@@ -400,7 +390,8 @@
 					<plugin>
 						<groupId>org.apache.maven.plugins</groupId>
 						<artifactId>maven-jar-plugin</artifactId>
-						<version>2.3.1</version>
+						<version>2.4</version>
+<!--
 						<executions>
 							<execution>
 								<phase>package</phase>
@@ -409,10 +400,13 @@
 								</goals>
 							</execution>
 						</executions>
+-->
 						<configuration>
+<!--
 							<keystore>codesign.keystore</keystore>
 							<alias>owasp foundation, inc.'s godaddy.com, inc. id</alias>
 							<verify>true</verify>
+-->
 							<archive>
 								<manifest>
 									<addDefaultImplementationEntries>true</addDefaultImplementationEntries>
@@ -425,11 +419,12 @@
 						</configuration>
 					</plugin>
 					
-                    <!-- Baseline for ESAPI 2.0 is JDK1.5 - Enforces that a JDK1.5 compiler is being
+                    <!-- Baseline for ESAPI 2.1 is JDK1.6 - Enforces that a JDK1.6 compiler is being
                          used to build this release -->
                     <plugin>
                         <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-enforcer-plugin</artifactId>
+                        <version>1.3.1</version>
                         <executions>
                             <execution>
                                 <id>enforce-jdk-version</id>
@@ -439,10 +434,10 @@
                                 <configuration>
                                     <rules>
                                         <requireJavaVersion>
-                                            <version>1.5</version>
+                                            <version>1.6</version>
                                             <message>
-                                                ESAPI 2.0 uses the JDK1.5 for it's baseline. Please make sure that your
-                                                JAVA_HOME environment variable is pointed to a JDK1.5 distribution.
+                                                ESAPI 2.1 uses the JDK1.6 for it's baseline. Please make sure that your
+                                                JAVA_HOME environment variable is pointed to a JDK1.6 distribution.
                                             </message>
                                         </requireJavaVersion>
                                     </rules>
@@ -455,6 +450,7 @@
                     <plugin>
                         <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-javadoc-plugin</artifactId>
+                        <version>2.9.1</version>
                         <executions>
                             <execution>
                                 <id>attach-javadocs</id>
@@ -469,7 +465,7 @@
                     <plugin>
                         <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-assembly-plugin</artifactId>
-                        <version>2.2</version>
+                        <version>2.4</version>
                         <configuration>
                             <descriptors>
                                 <descriptor>src/main/assembly/dist.xml</descriptor>
@@ -491,7 +487,7 @@
                     <plugin>
                         <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-release-plugin</artifactId>
-                        <version>2.1</version>
+                        <version>2.5</version>
                         <configuration>
                             <tagBase>https://owasp-esapi-java.googlecode.com/svn/tags/releases/</tagBase>
                         </configuration>
diff --git a/src/test/java/org/owasp/esapi/http/MockServletContext.java b/src/test/java/org/owasp/esapi/http/MockServletContext.java
index 8c2c4f281..b577ab2bb 100644
--- a/src/test/java/org/owasp/esapi/http/MockServletContext.java
+++ b/src/test/java/org/owasp/esapi/http/MockServletContext.java
@@ -57,6 +57,11 @@
  * @version $Rev: 46019 $ $Date: 2004-09-14 04:56:06 -0500 (Tue, 14 Sep 2004) $
  */
 public class MockServletContext implements ServletContext {
+    @Override
+    public String getContextPath() {
+        return "/";
+    }
+
     /**
      * Returns a <code>ServletContext</code> object that
      * corresponds to a specified URL on the server.

From 50fdef49ea86cbdaa89db20e2231af73c84412e5 Mon Sep 17 00:00:00 2001
From: "planetlevel@gmail.com"
 <planetlevel@gmail.com@69e6d614-4441-0410-9a8b-65af957f44db>
Date: Tue, 1 Jul 2014 18:36:45 +0000
Subject: [PATCH 036/812] Grammatical error in error message

---
 src/main/java/org/owasp/esapi/crypto/CipherTextSerializer.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/org/owasp/esapi/crypto/CipherTextSerializer.java b/src/main/java/org/owasp/esapi/crypto/CipherTextSerializer.java
index 2a6caebff..06a822607 100644
--- a/src/main/java/org/owasp/esapi/crypto/CipherTextSerializer.java
+++ b/src/main/java/org/owasp/esapi/crypto/CipherTextSerializer.java
@@ -302,7 +302,7 @@ private CipherText convertToCipherText(byte[] cipherTextSerializedBytes)
             
             debug("convertToCipherText: kdfPrf = " + kdfPrf + ", kdfVers = " + kdfVers);
             if ( ! versionIsCompatible( kdfVers) ) {
-            	throw new EncryptionException("This version of ESAPI does is not compatible with the version of ESAPI that encrypted your data.",
+            	throw new EncryptionException("This version of ESAPI is not compatible with the version of ESAPI that encrypted your data.",
             			"KDF version " + kdfVers + " from serialized ciphertext not compatibile with current KDF version of " + 
             			KeyDerivationFunction.kdfVersion);
             }

From 95d85be952ddb64e2a8997f6b862d6208d8ea9f2 Mon Sep 17 00:00:00 2001
From: "jim@manico.net" <jim@manico.net@69e6d614-4441-0410-9a8b-65af957f44db>
Date: Sat, 5 Jul 2014 07:47:33 +0000
Subject: [PATCH 037/812] Fixing JavaDoc URL's in setNoCacheHeaders to satisfy
 bug report https://code.google.com/p/owasp-esapi-java/issues/detail?id=22

---
 src/main/java/org/owasp/esapi/HTTPUtilities.java | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/HTTPUtilities.java b/src/main/java/org/owasp/esapi/HTTPUtilities.java
index f3eb169d8..77fcd8284 100644
--- a/src/main/java/org/owasp/esapi/HTTPUtilities.java
+++ b/src/main/java/org/owasp/esapi/HTTPUtilities.java
@@ -528,14 +528,14 @@ public interface HTTPUtilities
      * Note that the header "pragma: no-cache" is intended only for use in HTTP requests, not HTTP responses. However, Microsoft has chosen to
      * directly violate the standards, so we need to include that header here. For more information, please refer to the relevant standards:
      * <UL>
-     * <LI><a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html">HTTP/1.1 Cache-Control "no-cache"</a>
-     * <LI><a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9.1">HTTP/1.1 Cache-Control "no-store"</a>
-     * <LI><a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9.2">HTTP/1.0 Pragma "no-cache"</a>
-     * <LI><a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.32">HTTP/1.0 Expires</a>
-     * <LI><a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.21">IE6 Caching Issues</a>
-     * <LI><a href="http://support.microsoft.com/kb/937479">Firefox browser.cache.disk_cache_ssl</a>
+     * <LI><a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9.1">HTTP/1.1 Cache-Control "no-cache"</a>
+     * <LI><a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9.2">HTTP/1.1 Cache-Control "no-store"</a>
+     * <LI><a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.32">HTTP/1.0 Pragma "no-cache"</a>
+     * <LI><a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.21">HTTP/1.0 Expires</a>
+     * <LI><a href="http://support.microsoft.com/kb/937479">IE6 Caching Issues</a>
      * <LI><a href="http://support.microsoft.com/kb/234067">Microsoft directly violates specification for pragma: no-cache</a>
-     * <LI><a href="http://www.mozilla.org/quality/networking/docs/netprefs.html">Mozilla</a>
+     * <LI><a href="https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Mozilla_networking_preferences#Cache">Firefox browser.cache.disk_cache_ssl</a>
+     * <LI><a href="https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Mozilla_networking_preferences">Mozilla</a>
      * </UL>
      *
      * @param response

From 02c95cd460af3254dc870a66f20dc82ad7064e21 Mon Sep 17 00:00:00 2001
From: karansanwal <karansanwal@gmail.com>
Date: Tue, 21 Oct 2014 17:14:53 +0530
Subject: [PATCH 038/812] Fix Issue # 195 :
 BaseValidationRule.assertValid(String context, String input) causes NPE if
 input is not valid.

Made changes as required, also getvalid(string,string) should be called instead.
Could not test the changes.
Let me know if the error persists.
Contact : karansanwal@gmail.com
---
 .../esapi/reference/validation/BaseValidationRule.java    | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/validation/BaseValidationRule.java b/src/main/java/org/owasp/esapi/reference/validation/BaseValidationRule.java
index 1929ff02a..538c658c4 100644
--- a/src/main/java/org/owasp/esapi/reference/validation/BaseValidationRule.java
+++ b/src/main/java/org/owasp/esapi/reference/validation/BaseValidationRule.java
@@ -89,7 +89,7 @@ public final void setEncoder( Encoder encoder ) {
      * {@inheritDoc}
 	 */
 	public void assertValid( String context, String input ) throws ValidationException {
-		getValid( context, input, null );
+		getValid( context, input );
 	}
 
     /**
@@ -100,7 +100,11 @@ public Object getValid( String context, String input, ValidationErrorList errorL
 		try {
 			valid = getValid( context, input );
 		} catch (ValidationException e) {
-			errorList.addError(context, e);
+			if( errorList == null { 
+				throw e;
+			} else {
+				errorList.addError(context, e);
+			}
 		}
 		return valid;
 	}

From 82715bf4e806fd8d5e7775c60f44cfa3e303ec69 Mon Sep 17 00:00:00 2001
From: karansanwal <karansanwal@gmail.com>
Date: Wed, 22 Oct 2014 19:07:29 +0530
Subject: [PATCH 039/812] Fix to Google Issue 212

to know if an uncaught exception is a security exception or usual runtime exception.
---
 src/main/java/org/owasp/esapi/errors/IntrusionException.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/org/owasp/esapi/errors/IntrusionException.java b/src/main/java/org/owasp/esapi/errors/IntrusionException.java
index 4af7f4122..6332f297b 100644
--- a/src/main/java/org/owasp/esapi/errors/IntrusionException.java
+++ b/src/main/java/org/owasp/esapi/errors/IntrusionException.java
@@ -28,7 +28,7 @@
  * 
  * @author Jeff Williams (jeff.williams@aspectsecurity.com)
  */
-public class IntrusionException extends RuntimeException {
+public class IntrusionException extends EnterpriseSecurityException {
 
     /** The Constant serialVersionUID. */
     private static final long serialVersionUID = 1L;

From c9120d595131af60cef043b5ccd75026061e0f25 Mon Sep 17 00:00:00 2001
From: Chris Schmidt <chrisisbeef@users.noreply.github.com>
Date: Thu, 23 Oct 2014 23:54:01 -0600
Subject: [PATCH 040/812] Create README.md

---
 README.md | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 README.md

diff --git a/README.md b/README.md
new file mode 100644
index 000000000..48c8d3749
--- /dev/null
+++ b/README.md
@@ -0,0 +1,20 @@
+esapi-java-legacy
+=================
+
+OWASP ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications. The ESAPI for Java library is designed to make it easier for programmers to retrofit security into existing applications. ESAPI for Java also serves as a solid foundation for new development.
+
+For more information, please visit our Wiki.
+
+You can view the latest version of our Javadocs here.
+
+You can see the status of what we are working on for the next release here.
+
+View Contributed ESAPI Components
+
+Realtime Support available on our IRC Channel:
+
+Server: irc.freenode.net
+
+Channel: #esapi
+
+Webchat http://webchat.freenode.net/

From 2364af13bf815799d376d79f96fb02a03922d0ea Mon Sep 17 00:00:00 2001
From: Chris Schmidt <chrisisbeef@users.noreply.github.com>
Date: Fri, 24 Oct 2014 00:03:10 -0600
Subject: [PATCH 041/812] Update README.md

---
 README.md | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 48c8d3749..1f63f0154 100644
--- a/README.md
+++ b/README.md
@@ -3,13 +3,12 @@ esapi-java-legacy
 
 OWASP ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications. The ESAPI for Java library is designed to make it easier for programmers to retrofit security into existing applications. ESAPI for Java also serves as a solid foundation for new development.
 
-For more information, please visit our Wiki.
+Wiki: https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API
 
-You can view the latest version of our Javadocs here.
+Nightly Build: https://esapi.ci.cloudbees.com
 
-You can see the status of what we are working on for the next release here.
+JIRA: Coming Soon
 
-View Contributed ESAPI Components
 
 Realtime Support available on our IRC Channel:
 

From ec4d528bb0199e51f7aec854ea08b4f476ba1cc2 Mon Sep 17 00:00:00 2001
From: Chris Schmidt <chrisisbeef@users.noreply.github.com>
Date: Sun, 26 Oct 2014 10:11:09 -0600
Subject: [PATCH 042/812] Update README.md

---
 README.md | 26 ++++++++++++++++++--------
 1 file changed, 18 insertions(+), 8 deletions(-)

diff --git a/README.md b/README.md
index 1f63f0154..c016c94f1 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,19 @@
-esapi-java-legacy
+Enterprise Security API for Java (Legacy)
 =================
+<table border=0>
+<tr>
+<td wdith=100><img src="https://raw.githubusercontent.com/ESAPI/esapi-java/master/static/ESAPI%20Logo.png" width="100" height="100" /></td><td>
+OWASP ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications. The ESAPI for Java library is designed to make it easier for programmers to retrofit security into existing applications. ESAPI for Java also serves as a solid foundation for new development.</td>
+</tr></table>
 
-OWASP ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications. The ESAPI for Java library is designed to make it easier for programmers to retrofit security into existing applications. ESAPI for Java also serves as a solid foundation for new development.
+<b>What does Legacy mean?</b><br/>
+<p>This is the legacy branch of ESAPI which means it is an actively maintained branch of the project, however feature development for this branch will not be done. Features that have already been scheduled for the 2.x branch will move forward, but the main focus will be working on the ESAPI 3.x branch.
+
+<b>Where can I find ESAPI 3.x</b><br/>
+https://github.com/ESAPI/esapi-java
+
+<b>How can I contribute or fix bugs?</b><br/>
+Fork and submit a pull request! Simple as pi!
 
 Wiki: https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API
 
@@ -10,10 +22,8 @@ Nightly Build: https://esapi.ci.cloudbees.com
 JIRA: Coming Soon
 
 
-Realtime Support available on our IRC Channel:
-
-Server: irc.freenode.net
-
-Channel: #esapi
-
+Realtime Support available on our IRC Channel:<br/>
+Server: irc.freenode.net<br/>
+Channel: #esapi<br/>
 Webchat http://webchat.freenode.net/
+

From 8ccc872f09d51f6a0ea2ad6b37fef143cbad3f51 Mon Sep 17 00:00:00 2001
From: Chris Schmidt <chrisisbeef@users.noreply.github.com>
Date: Sun, 26 Oct 2014 10:12:21 -0600
Subject: [PATCH 043/812] Update README.md

---
 README.md | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index c016c94f1..09d6a76c1 100644
--- a/README.md
+++ b/README.md
@@ -2,9 +2,11 @@ Enterprise Security API for Java (Legacy)
 =================
 <table border=0>
 <tr>
-<td wdith=100><img src="https://raw.githubusercontent.com/ESAPI/esapi-java/master/static/ESAPI%20Logo.png" width="100" height="100" /></td><td>
-OWASP ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications. The ESAPI for Java library is designed to make it easier for programmers to retrofit security into existing applications. ESAPI for Java also serves as a solid foundation for new development.</td>
-</tr></table>
+<td>
+OWASP ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications. The ESAPI for Java library is designed to make it easier for programmers to retrofit security into existing applications. ESAPI for Java also serves as a solid foundation for new development.
+</td>
+</tr>
+</table>
 
 <b>What does Legacy mean?</b><br/>
 <p>This is the legacy branch of ESAPI which means it is an actively maintained branch of the project, however feature development for this branch will not be done. Features that have already been scheduled for the 2.x branch will move forward, but the main focus will be working on the ESAPI 3.x branch.

From 7ac1c84151564c33706796a090084cb86db9b2ac Mon Sep 17 00:00:00 2001
From: karansanwal <karansanwal@gmail.com>
Date: Tue, 28 Oct 2014 00:43:49 +0530
Subject: [PATCH 044/812] Fix to Issue # 190

---
 .../java/org/owasp/esapi/reference/DefaultHTTPUtilities.java    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java b/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java
index dc99d76b3..767a49438 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java
@@ -811,7 +811,7 @@ public void sendForward( String location )  throws AccessControlException,Servle
     public void sendRedirect(HttpServletResponse response, String location) throws AccessControlException, IOException {
         if (!ESAPI.validator().isValidRedirectLocation("Redirect", location, false)) {
             logger.fatal(Logger.SECURITY_FAILURE, "Bad redirect location: " + location);
-            throw new IOException("Redirect failed");
+            throw new AccessControlException("Redirect failed");
         }
         response.sendRedirect(location);
     }

From 374e54264aae3d1628ae1a6732bd8874ff3cec81 Mon Sep 17 00:00:00 2001
From: Chris Schmidt <chrisisbeef@users.noreply.github.com>
Date: Mon, 10 Nov 2014 14:34:30 -0700
Subject: [PATCH 045/812] Update README.md

---
 README.md | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 09d6a76c1..e4c8a3e3b 100644
--- a/README.md
+++ b/README.md
@@ -17,12 +17,19 @@ https://github.com/ESAPI/esapi-java
 <b>How can I contribute or fix bugs?</b><br/>
 Fork and submit a pull request! Simple as pi!
 
+<b>What happened to Google code?</b><br/>
+In mid-2014 ESAPI Migrated all code to GitHub, in November we started using JIRA/Confluence. 
+
+<b>What about the issues still located on Google Code</b><br/>
+We will be migrating the issues from Google Code to JIRA as time allows, in the meantime - if you would like to work on a Google Code issue, please create a new issue in JIRA and reference the Google Code issue in the issue Description.
+
 Wiki: https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API
 
 Nightly Build: https://esapi.ci.cloudbees.com
 
-JIRA: Coming Soon
+JIRA: https://owasp-esapi.atlassian.net/browse/ESAPILEG
 
+Documentation: https://owasp-esapi.atlassian.net/wiki/display/ESAPILEG/ESAPI+Legacy (Coming Soon)
 
 Realtime Support available on our IRC Channel:<br/>
 Server: irc.freenode.net<br/>

From 764dad9c96b2bc765a3cd7f3ca62706622724ae2 Mon Sep 17 00:00:00 2001
From: Constantino Cronemberger <constantino.cronemberger@db.com>
Date: Mon, 8 Dec 2014 14:13:34 -0200
Subject: [PATCH 046/812] fix issue 268:
 https://code.google.com/p/owasp-esapi-java/issues/detail?id=268
 Log4JLogger.java doesn't output correct file & line number because FQCN isn't
 forwarded to Log4J

---
 src/main/java/org/owasp/esapi/reference/Log4JLogger.java | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/main/java/org/owasp/esapi/reference/Log4JLogger.java b/src/main/java/org/owasp/esapi/reference/Log4JLogger.java
index 7782f89c7..af7045663 100644
--- a/src/main/java/org/owasp/esapi/reference/Log4JLogger.java
+++ b/src/main/java/org/owasp/esapi/reference/Log4JLogger.java
@@ -447,7 +447,9 @@ private void log(Level level, EventType type, String message, Throwable throwabl
 		}
 
 		// log the message
-		log(level, "[" + typeInfo + getUserInfo() + " -> " + appInfo + "] " + clean, throwable);
+		// Fix for https://code.google.com/p/owasp-esapi-java/issues/detail?id=268
+		// need to pass callerFQCN so the log is not generated as if it were always generated from this wrapper class
+		log(Log4JLogger.class.getName(), level, "[" + typeInfo + getUserInfo() + " -> " + appInfo + "] " + clean, throwable);
 	}
 
 	/**

From a543edb00bf22adc1ee08097389b0b9fbe4cedf4 Mon Sep 17 00:00:00 2001
From: Constantino Cronemberger <constantino.cronemberger@db.com>
Date: Mon, 8 Dec 2014 15:36:09 -0200
Subject: [PATCH 047/812] fix issue 268: test for this issue

---
 .../esapi/reference/Log4JLoggerTest.java      | 23 +++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/src/test/java/org/owasp/esapi/reference/Log4JLoggerTest.java b/src/test/java/org/owasp/esapi/reference/Log4JLoggerTest.java
index cddf71e20..55734a9c8 100644
--- a/src/test/java/org/owasp/esapi/reference/Log4JLoggerTest.java
+++ b/src/test/java/org/owasp/esapi/reference/Log4JLoggerTest.java
@@ -16,12 +16,15 @@
 package org.owasp.esapi.reference;
 
 import java.io.IOException;
+import java.io.StringWriter;
 import java.util.Arrays;
 
 import junit.framework.Test;
 import junit.framework.TestCase;
 import junit.framework.TestSuite;
 
+import org.apache.log4j.*;
+import org.apache.log4j.xml.XMLLayout;
 import org.owasp.esapi.ESAPI;
 import org.owasp.esapi.Logger;
 import org.owasp.esapi.errors.AuthenticationException;
@@ -460,4 +463,24 @@ public void testAlways() {
         }
 	}
 
+	/**
+	 * Validation for issue: https://code.google.com/p/owasp-esapi-java/issues/detail?id=268
+	 * Line number must be the line of the caller and not of the wrapper.
+	 */
+	public void testLine() {
+		StringWriter sw = new StringWriter();
+		Layout layout = new PatternLayout("%d{ISO8601}%5p [%t] %C:%L - %m%n");
+		Appender appender = new WriterAppender(layout, sw);
+		log4JLogger.addAppender(appender);
+		try {
+			log4JLogger.fatal("testLine");
+			String generatedLine = sw.toString();
+			System.out.println("-> " + generatedLine + " <-");
+			assertTrue("generated line should not have the name of the wrapper class",
+					// need to add the ":" sufix otherwise the test would also fail with this test class name
+					!generatedLine.contains(Log4JLogger.class.getName()+":"));
+		} finally {
+			log4JLogger.removeAppender(appender);
+		}
+	}
 }

From bc3b476ade2ccfb8b95ad1cb6b69614f9d1ccb7e Mon Sep 17 00:00:00 2001
From: Constantino Cronemberger <constantino.cronemberger@db.com>
Date: Mon, 8 Dec 2014 16:31:40 -0200
Subject: [PATCH 048/812] using a special Layout instance to make sure this
 test is more robust

---
 .../esapi/reference/Log4JLoggerTest.java      | 40 +++++++++++++------
 1 file changed, 27 insertions(+), 13 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/reference/Log4JLoggerTest.java b/src/test/java/org/owasp/esapi/reference/Log4JLoggerTest.java
index 55734a9c8..99c5faaf0 100644
--- a/src/test/java/org/owasp/esapi/reference/Log4JLoggerTest.java
+++ b/src/test/java/org/owasp/esapi/reference/Log4JLoggerTest.java
@@ -15,16 +15,13 @@
  */
 package org.owasp.esapi.reference;
 
-import java.io.IOException;
-import java.io.StringWriter;
-import java.util.Arrays;
-
 import junit.framework.Test;
 import junit.framework.TestCase;
 import junit.framework.TestSuite;
-
-import org.apache.log4j.*;
-import org.apache.log4j.xml.XMLLayout;
+import org.apache.log4j.Appender;
+import org.apache.log4j.Layout;
+import org.apache.log4j.WriterAppender;
+import org.apache.log4j.spi.LoggingEvent;
 import org.owasp.esapi.ESAPI;
 import org.owasp.esapi.Logger;
 import org.owasp.esapi.errors.AuthenticationException;
@@ -32,6 +29,10 @@
 import org.owasp.esapi.http.MockHttpServletRequest;
 import org.owasp.esapi.http.MockHttpServletResponse;
 
+import java.io.IOException;
+import java.io.StringWriter;
+import java.util.Arrays;
+
 /**
  * The Class LoggerTest.
  * 
@@ -468,17 +469,30 @@ public void testAlways() {
 	 * Line number must be the line of the caller and not of the wrapper.
 	 */
 	public void testLine() {
+		final String message = "testing only";
 		StringWriter sw = new StringWriter();
-		Layout layout = new PatternLayout("%d{ISO8601}%5p [%t] %C:%L - %m%n");
+		Layout layout = new Layout() {
+			@Override
+			public String format(LoggingEvent event) {
+				assertEquals("the calling class is this test class", Log4JLoggerTest.class.getName(),event.getLocationInformation().getClassName());
+				return message;
+			}
+
+			@Override
+			public boolean ignoresThrowable() {
+				return false;
+			}
+
+			@Override
+			public void activateOptions() {
+
+			}
+		};
 		Appender appender = new WriterAppender(layout, sw);
 		log4JLogger.addAppender(appender);
 		try {
 			log4JLogger.fatal("testLine");
-			String generatedLine = sw.toString();
-			System.out.println("-> " + generatedLine + " <-");
-			assertTrue("generated line should not have the name of the wrapper class",
-					// need to add the ":" sufix otherwise the test would also fail with this test class name
-					!generatedLine.contains(Log4JLogger.class.getName()+":"));
+			assertEquals("message not generated as expected", message, sw.toString());
 		} finally {
 			log4JLogger.removeAppender(appender);
 		}

From a0cf3e11d45b9abf64a93173ed24c00701e5e4c7 Mon Sep 17 00:00:00 2001
From: karansanwal <karansanwal@gmail.com>
Date: Tue, 16 Dec 2014 12:50:32 +0530
Subject: [PATCH 049/812] Update BaseValidationRule.java

A minor mistake in previous commit
---
 .../owasp/esapi/reference/validation/BaseValidationRule.java    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/org/owasp/esapi/reference/validation/BaseValidationRule.java b/src/main/java/org/owasp/esapi/reference/validation/BaseValidationRule.java
index 538c658c4..8201aafd7 100644
--- a/src/main/java/org/owasp/esapi/reference/validation/BaseValidationRule.java
+++ b/src/main/java/org/owasp/esapi/reference/validation/BaseValidationRule.java
@@ -100,7 +100,7 @@ public Object getValid( String context, String input, ValidationErrorList errorL
 		try {
 			valid = getValid( context, input );
 		} catch (ValidationException e) {
-			if( errorList == null { 
+			if( errorList == null) { 
 				throw e;
 			} else {
 				errorList.addError(context, e);

From 2dbb419112227e12b315c51ca21df9b61a808e0e Mon Sep 17 00:00:00 2001
From: Arpit Gupta <arpitgup@10ddb1d55079.ant.amazon.com>
Date: Thu, 1 Jan 2015 17:31:33 +0530
Subject: [PATCH 050/812] Fix for issue #289

https://github.com/ESAPI/esapi-java-legacy/issues/289

When using ClickJackFilter, In some cases response header is not set.

http://stackoverflow.com/questions/11371755/clickjacking-filter-to-add-x
-frame-options-in-response
---
 src/main/java/org/owasp/esapi/filters/ClickjackFilter.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/org/owasp/esapi/filters/ClickjackFilter.java b/src/main/java/org/owasp/esapi/filters/ClickjackFilter.java
index 735d21ec0..86025b1dd 100644
--- a/src/main/java/org/owasp/esapi/filters/ClickjackFilter.java
+++ b/src/main/java/org/owasp/esapi/filters/ClickjackFilter.java
@@ -95,8 +95,8 @@ public void init(FilterConfig filterConfig) {
 	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException
 	{
         HttpServletResponse res = (HttpServletResponse)response;
-        chain.doFilter(request, response);
         res.addHeader("X-FRAME-OPTIONS", mode );
+        chain.doFilter(request, response);
 	}
 
 	/**

From 92c2e839f6fbab80318d29840e3eb69000f2b3eb Mon Sep 17 00:00:00 2001
From: Ben Sleek <Benjamin.Sleek@spartasystems.com>
Date: Fri, 10 Apr 2015 15:13:13 -0400
Subject: [PATCH 051/812] Added test for Issue #195

---
 .../validation/BaseValidationRuleTest.java    | 101 ++++++++++++++++++
 1 file changed, 101 insertions(+)
 create mode 100644 src/test/java/org/owasp/esapi/reference/validation/BaseValidationRuleTest.java

diff --git a/src/test/java/org/owasp/esapi/reference/validation/BaseValidationRuleTest.java b/src/test/java/org/owasp/esapi/reference/validation/BaseValidationRuleTest.java
new file mode 100644
index 000000000..f7adfccdb
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/reference/validation/BaseValidationRuleTest.java
@@ -0,0 +1,101 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Ben Sleek <a href="http://www.spartasystems.com">Sparta Systems</a>
+ * @created 2015
+ */
+package org.owasp.esapi.reference.validation;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+import org.owasp.esapi.Encoder;
+import org.owasp.esapi.errors.ValidationException;
+
+public class BaseValidationRuleTest extends TestCase {
+
+	/**
+	 * Instantiates a new base validation rule test.
+	 * 
+	 * @param testName
+	 *            the test name
+	 */
+	public BaseValidationRuleTest(String testName) {
+		super(testName);
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * 
+	 * @throws Exception
+	 */
+	protected void setUp() throws Exception {
+		// none
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * 
+	 * @throws Exception
+	 */
+	protected void tearDown() throws Exception {
+		// none
+	}
+
+	/**
+	 * Suite.
+	 * 
+	 * @return the test
+	 */
+	public static Test suite() {
+		TestSuite suite = new TestSuite(BaseValidationRuleTest.class);
+		return suite;
+	}
+
+	/**
+	 * Verifies assertValid throws ValidationException on invalid input
+	 * Validates fix for Google issue #195
+	 * 
+	 * @throws ValidationException
+	 */
+	public void testAssertValid() throws ValidationException {
+		SampleValidationRule rule = new SampleValidationRule("UnitTest");
+		try {
+			rule.assertValid("testcontext", "badinput");
+			fail();
+		} catch (ValidationException e) {
+			// success
+		}
+	}
+
+	public class SampleValidationRule extends BaseValidationRule {
+
+		public SampleValidationRule(String typeName, Encoder encoder) {
+			super(typeName, encoder);
+		}
+
+		public SampleValidationRule(String typeName) {
+			super(typeName);
+		}
+
+		@Override
+		protected Object sanitize(String context, String input) {
+			return null;
+		}
+
+		public Object getValid(String context, String input) throws ValidationException {
+			throw new ValidationException("Demonstration Exception", "Demonstration Exception");
+		}
+
+	}
+}

From 2e08dac45f166de8d3b4f86148897b1b6986e216 Mon Sep 17 00:00:00 2001
From: taringamberini <taringamberini@users.noreply.github.com>
Date: Sat, 25 Apr 2015 20:02:35 +0200
Subject: [PATCH 052/812] Set the locale suitable for US dates

PROBLEM

The org.owasp.esapi.errors.ValidationException is thrown with a logMessage:

    Invalid date: context=datetest1,
    format=java.text.SimpleDateFormat@2aca24a9, input=September 11, 2001

and a detailMessage:

    datetest1: Invalid date must follow the java.text.DecimalFormat@674dc
    format

CAUSE

The SimpleDateFormat.getDateInstance() is default locale dependent, so
the date September 11, 2001 can't be correctly formatted on my Java Virtual
Machine Locale which is it_IT.

SOLUTION

Use the US locale.

Fixes ESAPI/esapi-java-legacy#345
---
 src/test/java/org/owasp/esapi/reference/ValidatorTest.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
index 9402630bb..f1bf4b914 100644
--- a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
+++ b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
@@ -323,7 +323,7 @@ public void testIsInvalidFilename() {
     public void testIsValidDate() {
         System.out.println("isValidDate");
         Validator instance = ESAPI.validator();
-        DateFormat format = SimpleDateFormat.getDateInstance();
+        DateFormat format = SimpleDateFormat.getDateInstance(SimpleDateFormat.MEDIUM, Locale.US);
         assertTrue(instance.isValidDate("datetest1", "September 11, 2001", format, true));
         assertFalse(instance.isValidDate("datetest2", null, format, false));
         assertFalse(instance.isValidDate("datetest3", "", format, false));

From 948592a763bece1434bc99c0ed2007cb27106a4e Mon Sep 17 00:00:00 2001
From: Kad DEMBELE <kad@thesoftwarecraftsman.org>
Date: Mon, 27 Apr 2015 21:48:53 +0200
Subject: [PATCH 053/812] Fix for issue #344

---
 src/test/java/org/owasp/esapi/reference/ValidatorTest.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
index 9402630bb..946962d6f 100644
--- a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
+++ b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
@@ -297,7 +297,7 @@ public void testGetValidSafeHTML() throws Exception {
 
         assertEquals("Test. &lt;<div>load=alert()</div>", rule.getSafe("test", "Test. <<div on<script></script>load=alert()"));
         assertEquals("Test. <div>b</div>", rule.getSafe("test", "Test. <div style={xss:expression(xss)}>b</div>"));
-        assertEquals("Test.", rule.getSafe("test", "Test. <s%00cript>alert(document.cookie)</script>"));
+        assertEquals("Test.", rule.getSafe("test", "Test. <script>alert(document.cookie)</script>"));
         assertEquals("Test. alert(document.cookie)", rule.getSafe("test", "Test. <s\tcript>alert(document.cookie)</script>"));
         assertEquals("Test. alert(document.cookie)", rule.getSafe("test", "Test. <s\tcript>alert(document.cookie)</script>"));
         // TODO: ENHANCE waiting for a way to validate text headed for an attribute for scripts

From db106031cf3babe086dfb0b5e7d971a2d10fc242 Mon Sep 17 00:00:00 2001
From: Kad DEMBELE <kad@thesoftwarecraftsman.org>
Date: Mon, 27 Apr 2015 23:14:02 +0200
Subject: [PATCH 054/812] Using the right AccessControlException class to throw
 Exception

---
 .../esapi/reference/DefaultHTTPUtilities.java | 48 +++++++++++++------
 1 file changed, 34 insertions(+), 14 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java b/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java
index 767a49438..6c56ce2e9 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java
@@ -15,15 +15,17 @@
  */
 package org.owasp.esapi.reference;
 
-import org.apache.commons.fileupload.FileItem;
-import org.apache.commons.fileupload.ProgressListener;
-import org.apache.commons.fileupload.disk.DiskFileItemFactory;
-import org.apache.commons.fileupload.servlet.ServletFileUpload;
-import org.owasp.esapi.*;
-import org.owasp.esapi.codecs.Hex;
-import org.owasp.esapi.crypto.CipherText;
-import org.owasp.esapi.crypto.PlainText;
-import org.owasp.esapi.errors.*;
+import java.io.File;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.TreeMap;
+import java.util.concurrent.ConcurrentHashMap;
 
 import javax.servlet.RequestDispatcher;
 import javax.servlet.ServletException;
@@ -31,10 +33,28 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
-import java.io.File;
-import java.io.IOException;
-import java.util.*;
-import java.util.concurrent.ConcurrentHashMap;
+
+import org.apache.commons.fileupload.FileItem;
+import org.apache.commons.fileupload.ProgressListener;
+import org.apache.commons.fileupload.disk.DiskFileItemFactory;
+import org.apache.commons.fileupload.servlet.ServletFileUpload;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.HTTPUtilities;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.StringUtilities;
+import org.owasp.esapi.User;
+import org.owasp.esapi.ValidationErrorList;
+import org.owasp.esapi.codecs.Hex;
+import org.owasp.esapi.crypto.CipherText;
+import org.owasp.esapi.crypto.PlainText;
+import org.owasp.esapi.errors.AccessControlException;
+import org.owasp.esapi.errors.AuthenticationException;
+import org.owasp.esapi.errors.EncodingException;
+import org.owasp.esapi.errors.EncryptionException;
+import org.owasp.esapi.errors.IntegrityException;
+import org.owasp.esapi.errors.IntrusionException;
+import org.owasp.esapi.errors.ValidationException;
+import org.owasp.esapi.errors.ValidationUploadException;
 
 /**
  * Reference implementation of the HTTPUtilities interface. This implementation
@@ -811,7 +831,7 @@ public void sendForward( String location )  throws AccessControlException,Servle
     public void sendRedirect(HttpServletResponse response, String location) throws AccessControlException, IOException {
         if (!ESAPI.validator().isValidRedirectLocation("Redirect", location, false)) {
             logger.fatal(Logger.SECURITY_FAILURE, "Bad redirect location: " + location);
-            throw new AccessControlException("Redirect failed");
+            throw new AccessControlException("Redirect failed", "Bad Redirect location: " + location);
         }
         response.sendRedirect(location);
     }

From fc101e4ca88b47fe0a8ab16a505bcf3ab4ccc4be Mon Sep 17 00:00:00 2001
From: Kad DEMBELE <kad@thesoftwarecraftsman.org>
Date: Tue, 28 Apr 2015 00:30:32 +0200
Subject: [PATCH 055/812] Update ValidatorTest.java

---
 src/test/java/org/owasp/esapi/reference/ValidatorTest.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
index dbb754221..e272289f4 100644
--- a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
+++ b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
@@ -297,7 +297,7 @@ public void testGetValidSafeHTML() throws Exception {
 
         assertEquals("Test. &lt;<div>load=alert()</div>", rule.getSafe("test", "Test. <<div on<script></script>load=alert()"));
         assertEquals("Test. <div>b</div>", rule.getSafe("test", "Test. <div style={xss:expression(xss)}>b</div>"));
-        assertEquals("Test.", rule.getSafe("test", "Test. <script>alert(document.cookie)</script>"));
+        assertEquals("Test.alert(document.cookie)", rule.getSafe("test", "Test. <s%00cript>alert(document.cookie)</script>"));
         assertEquals("Test. alert(document.cookie)", rule.getSafe("test", "Test. <s\tcript>alert(document.cookie)</script>"));
         assertEquals("Test. alert(document.cookie)", rule.getSafe("test", "Test. <s\tcript>alert(document.cookie)</script>"));
         // TODO: ENHANCE waiting for a way to validate text headed for an attribute for scripts

From 2bca895904eb6b2fd8a06c6d813110d331cfcdd2 Mon Sep 17 00:00:00 2001
From: Kad DEMBELE <kad@thesoftwarecraftsman.org>
Date: Tue, 28 Apr 2015 00:34:21 +0200
Subject: [PATCH 056/812] Update ValidatorTest.java

---
 src/test/java/org/owasp/esapi/reference/ValidatorTest.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
index e272289f4..8a5359211 100644
--- a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
+++ b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
@@ -297,7 +297,7 @@ public void testGetValidSafeHTML() throws Exception {
 
         assertEquals("Test. &lt;<div>load=alert()</div>", rule.getSafe("test", "Test. <<div on<script></script>load=alert()"));
         assertEquals("Test. <div>b</div>", rule.getSafe("test", "Test. <div style={xss:expression(xss)}>b</div>"));
-        assertEquals("Test.alert(document.cookie)", rule.getSafe("test", "Test. <s%00cript>alert(document.cookie)</script>"));
+        assertEquals("Test. alert(document.cookie)", rule.getSafe("test", "Test. <s%00cript>alert(document.cookie)</script>"));
         assertEquals("Test. alert(document.cookie)", rule.getSafe("test", "Test. <s\tcript>alert(document.cookie)</script>"));
         assertEquals("Test. alert(document.cookie)", rule.getSafe("test", "Test. <s\tcript>alert(document.cookie)</script>"));
         // TODO: ENHANCE waiting for a way to validate text headed for an attribute for scripts

From 20438dbae5ecf8a51f454f38d1e0525fe4b61eb6 Mon Sep 17 00:00:00 2001
From: Chris Schmidt <chrisisbeef@gmail.com>
Date: Sat, 30 May 2015 16:25:20 +0000
Subject: [PATCH 057/812] Fixed unit tests and DefaultHttpUtilities

---
 .codenvy/project.json                         |    1 +
 .../esapi/errors/AccessControlException.java  |  114 +-
 .../esapi/reference/DefaultHTTPUtilities.java | 2044 +++++++--------
 .../esapi/reference/HTTPUtilitiesTest.java    | 1015 ++++----
 .../owasp/esapi/reference/ValidatorTest.java  | 2300 ++++++++---------
 5 files changed, 2738 insertions(+), 2736 deletions(-)
 create mode 100644 .codenvy/project.json

diff --git a/.codenvy/project.json b/.codenvy/project.json
new file mode 100644
index 000000000..df32873a0
--- /dev/null
+++ b/.codenvy/project.json
@@ -0,0 +1 @@
+{"builders":{"configs":{},"default":"maven"},"mixinTypes":["contribution"],"runners":{"configs":{"system:/java/codenvy-cli":{"ram":1000,"variables":{},"options":{}}},"default":"system:/java/codenvy-cli"},"type":"maven","attributes":{"languageVersion":["1.6"],"language":["java"],"contribute_branch":["master"],"contribute_mode":["contribute"]}}
\ No newline at end of file
diff --git a/src/main/java/org/owasp/esapi/errors/AccessControlException.java b/src/main/java/org/owasp/esapi/errors/AccessControlException.java
index 2c54417ab..96eaf80c5 100644
--- a/src/main/java/org/owasp/esapi/errors/AccessControlException.java
+++ b/src/main/java/org/owasp/esapi/errors/AccessControlException.java
@@ -1,57 +1,57 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.errors;
-
-/**
- * An AccessControlException should be thrown when a user attempts to access a
- * resource that they are not authorized for.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class AccessControlException extends EnterpriseSecurityException {
-
-	/** The Constant serialVersionUID. */
-	private static final long serialVersionUID = 1L;
-
-	/**
-	 * Instantiates a new access control exception.
-	 */
-	protected AccessControlException() {
-		// hidden
-	}
-
-	/**
-	 * Creates a new instance of {@code AccessControlException}.
-     *
-     * @param userMessage
-     * @param logMessage
-     */
-	public AccessControlException(String userMessage, String logMessage) {
-		super(userMessage, logMessage);
-	}
-
-	/**
-	 * Instantiates a new access control exception.
-	 * 
-	 * @param userMessage the message displayed to the user
-	 * @param logMessage the message logged
-	 * @param cause the root cause
-	 */
-	public AccessControlException(String userMessage, String logMessage, Throwable cause) {
-		super(userMessage, logMessage, cause);
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.errors;
+
+/**
+ * An AccessControlException should be thrown when a user attempts to access a
+ * resource that they are not authorized for.
+ * 
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class AccessControlException extends EnterpriseSecurityException {
+
+	/** The Constant serialVersionUID. */
+	private static final long serialVersionUID = 1L;
+
+	/**
+	 * Instantiates a new access control exception.
+	 */
+	protected AccessControlException() {
+		// hidden
+	}
+
+	/**
+	 * Creates a new instance of {@code AccessControlException}.
+     *
+     * @param userMessage
+     * @param logMessage
+     */
+	public AccessControlException(String userMessage, String logMessage) {
+		super(userMessage, logMessage);
+	}
+
+	/**
+	 * Instantiates a new access control exception.
+	 * 
+	 * @param userMessage the message displayed to the user
+	 * @param logMessage the message logged
+	 * @param cause the root cause
+	 */
+	public AccessControlException(String userMessage, String logMessage, Throwable cause) {
+		super(userMessage, logMessage, cause);
+	}
+
+}
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java b/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java
index 767a49438..654a7216a 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java
@@ -1,1022 +1,1022 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- *
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- *
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- *
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference;
-
-import org.apache.commons.fileupload.FileItem;
-import org.apache.commons.fileupload.ProgressListener;
-import org.apache.commons.fileupload.disk.DiskFileItemFactory;
-import org.apache.commons.fileupload.servlet.ServletFileUpload;
-import org.owasp.esapi.*;
-import org.owasp.esapi.codecs.Hex;
-import org.owasp.esapi.crypto.CipherText;
-import org.owasp.esapi.crypto.PlainText;
-import org.owasp.esapi.errors.*;
-
-import javax.servlet.RequestDispatcher;
-import javax.servlet.ServletException;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-import java.io.File;
-import java.io.IOException;
-import java.util.*;
-import java.util.concurrent.ConcurrentHashMap;
-
-/**
- * Reference implementation of the HTTPUtilities interface. This implementation
- * uses the Apache Commons FileUploader library, which in turn uses the Apache
- * Commons IO library.
- * <P>
- * To simplify the interface, some methods use the current request and response that
- * are tracked by ThreadLocal variables in the Authenticator. This means that you
- * must have called ESAPI.authenticator().setCurrentHTTP(request, response) before
- * calling these methods.
- * <P>
- * Typically, this is done by calling the Authenticator.login() method, which
- * calls setCurrentHTTP() automatically. However if you want to use these methods
- * in another application, you should explicitly call setCurrentHTTP() in your
- * own code. In either case, you *must* call ESAPI.clearCurrent() to clear threadlocal
- * variables before the thread is reused. The advantages of having identity everywhere
- * outweigh the disadvantages of this approach.
- *
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- * @see org.owasp.esapi.HTTPUtilities
- */
-public class DefaultHTTPUtilities implements org.owasp.esapi.HTTPUtilities {
-    private static volatile HTTPUtilities instance = null;
-
-    public static HTTPUtilities getInstance() {
-        if ( instance == null ) {
-            synchronized ( DefaultHTTPUtilities.class ) {
-                if ( instance == null ) {
-                    instance = new DefaultHTTPUtilities();
-                }
-            }
-        }
-        return instance;
-    }
-
-	/**
-     * Defines the ThreadLocalRequest to store the current request for this thread.
-     */
-    private class ThreadLocalRequest extends InheritableThreadLocal<HttpServletRequest> {
-
-        public HttpServletRequest getRequest() {
-            return super.get();
-        }
-
-        public HttpServletRequest initialValue() {
-        	return null;
-        }
-
-        public void setRequest(HttpServletRequest newRequest) {
-            super.set(newRequest);
-        }
-    }
-
-	/**
-     * Defines the ThreadLocalResponse to store the current response for this thread.
-     */
-    private class ThreadLocalResponse extends InheritableThreadLocal<HttpServletResponse> {
-
-        public HttpServletResponse getResponse() {
-            return super.get();
-        }
-
-        public HttpServletResponse initialValue() {
-        	return null;
-        }
-
-        public void setResponse(HttpServletResponse newResponse) {
-            super.set(newResponse);
-        }
-    }
-
-    /** The logger. */
-	private final Logger logger = ESAPI.getLogger("HTTPUtilities");
-
-    /** The max bytes. */
-	static final int maxBytes = ESAPI.securityConfiguration().getAllowedFileUploadSize();
-
-
-    /*
-     * The currentRequest ThreadLocal variable is used to make the currentRequest available to any call in any part of an
-     * application. This enables API's for actions that require the request to be much simpler. For example, the logout()
-     * method in the Authenticator class requires the currentRequest to get the session in order to invalidate it.
-     */
-    private ThreadLocalRequest currentRequest = new ThreadLocalRequest();
-
-	/*
-     * The currentResponse ThreadLocal variable is used to make the currentResponse available to any call in any part of an
-     * application. This enables API's for actions that require the response to be much simpler. For example, the logout()
-     * method in the Authenticator class requires the currentResponse to kill the Session ID cookie.
-     */
-    private ThreadLocalResponse currentResponse = new ThreadLocalResponse();
-
-
-
-	/**
-     * No arg constructor.
-     */
-    public DefaultHTTPUtilities() {
-	}
-
-
-	/**
-	 * {@inheritDoc}
-     * This implementation uses a custom "set-cookie" header rather than Java's
-     * cookie interface which doesn't allow the use of HttpOnly. Configure the
-     * HttpOnly and Secure settings in ESAPI.properties.
-	 */
-	public void addCookie( Cookie cookie ) {
-		addCookie( getCurrentResponse(), cookie );
-    }
-
-    /**
-	 * {@inheritDoc}
-     * This implementation uses a custom "set-cookie" header rather than Java's
-     * cookie interface which doesn't allow the use of HttpOnly. Configure the
-     * HttpOnly and Secure settings in ESAPI.properties.
-	 */
-    public void addCookie(HttpServletResponse response, Cookie cookie) {
-        String name = cookie.getName();
-        String value = cookie.getValue();
-        int maxAge = cookie.getMaxAge();
-        String domain = cookie.getDomain();
-        String path = cookie.getPath();
-        boolean secure = cookie.getSecure();
-
-        // validate the name and value
-        ValidationErrorList errors = new ValidationErrorList();
-        String cookieName = ESAPI.validator().getValidInput("cookie name", name, "HTTPCookieName", 50, false, errors);
-        String cookieValue = ESAPI.validator().getValidInput("cookie value", value, "HTTPCookieValue", 5000, false, errors);
-
-        // if there are no errors, then set the cookie either with a header or normally
-        if (errors.size() == 0) {
-        	if ( ESAPI.securityConfiguration().getForceHttpOnlyCookies() ) {
-	            String header = createCookieHeader(cookieName, cookieValue, maxAge, domain, path, secure);
-	            addHeader(response, "Set-Cookie", header);
-        	} else {
-                // Issue 23 - If the ESAPI Configuration is set to force secure cookies, force the secure flag on the cookie before setting it
-                cookie.setSecure( secure || ESAPI.securityConfiguration().getForceSecureCookies() );
-        		response.addCookie(cookie);
-        	}
-            return;
-        }
-        logger.warning(Logger.SECURITY_FAILURE, "Attempt to add unsafe data to cookie (skip mode). Skipping cookie and continuing.");
-    }
-
-
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public String addCSRFToken(String href) {
-		User user = ESAPI.authenticator().getCurrentUser();
-		if (user.isAnonymous()) {
-			return href;
-		}
-
-		// if there are already parameters append with &, otherwise append with ?
-		String token = CSRF_TOKEN_NAME + "=" + user.getCSRFToken();
-		return href.indexOf( '?') != -1 ? href + "&" + token : href + "?" + token;
-	}
-
-    /**
-	 * {@inheritDoc}
-     */
-    public void addHeader(String name, String value) {
-    	addHeader( getCurrentResponse(), name, value );
-    }
-
-    /**
-	 * {@inheritDoc}
-     */
-    public void addHeader(HttpServletResponse response, String name, String value) {
-        try {
-            String strippedName = StringUtilities.replaceLinearWhiteSpace(name);
-            String strippedValue = StringUtilities.replaceLinearWhiteSpace(value);
-            String safeName = ESAPI.validator().getValidInput("addHeader", strippedName, "HTTPHeaderName", 20, false);
-            String safeValue = ESAPI.validator().getValidInput("addHeader", strippedValue, "HTTPHeaderValue", 500, false);
-            response.addHeader(safeName, safeValue);
-        } catch (ValidationException e) {
-            logger.warning(Logger.SECURITY_FAILURE, "Attempt to add invalid header denied", e);
-        }
-    }
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void assertSecureChannel() throws AccessControlException {
-    	assertSecureChannel( getCurrentRequest() );
-    }
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * This implementation ignores the built-in isSecure() method
-	 * and uses the URL to determine if the request was transmitted over SSL.
-	 * This is because SSL may have been terminated somewhere outside the
-	 * container.
-	 */
-	public void assertSecureChannel(HttpServletRequest request) throws AccessControlException {
-	    if ( request == null ) {
-	    	throw new AccessControlException( "Insecure request received", "HTTP request was null" );
-	    }
-	    StringBuffer sb = request.getRequestURL();
-	    if ( sb == null ) {
-	    	throw new AccessControlException( "Insecure request received", "HTTP request URL was null" );
-	    }
-	    String url = sb.toString();
-	    if ( !url.startsWith( "https" ) ) {
-	    	throw new AccessControlException( "Insecure request received", "HTTP request did not use SSL" );
-	    }
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void assertSecureRequest() throws AccessControlException {
-    	assertSecureRequest( getCurrentRequest() );
-    }
-
-	/**
-	 * {@inheritDoc}
-     */
-	public void assertSecureRequest(HttpServletRequest request) throws AccessControlException {
-		assertSecureChannel( request );
-		String receivedMethod = request.getMethod();
-		String requiredMethod = "POST";
-		if ( !receivedMethod.equals( requiredMethod ) ) {
-			throw new AccessControlException( "Insecure request received", "Received request using " + receivedMethod + " when only " + requiredMethod + " is allowed" );
-		}
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public HttpSession changeSessionIdentifier() throws AuthenticationException {
-    	return changeSessionIdentifier( getCurrentRequest() );
-    }
-
-	/**
-	 * {@inheritDoc}
-     */
-	public HttpSession changeSessionIdentifier(HttpServletRequest request) throws AuthenticationException {
-
-		// get the current session
-		HttpSession oldSession = request.getSession();
-
-		// make a copy of the session content
-		Map<String,Object> temp = new ConcurrentHashMap<String,Object>();
-		Enumeration e = oldSession.getAttributeNames();
-		while (e != null && e.hasMoreElements()) {
-			String name = (String) e.nextElement();
-			Object value = oldSession.getAttribute(name);
-			temp.put(name, value);
-		}
-
-		// kill the old session and create a new one
-		oldSession.invalidate();
-		HttpSession newSession = request.getSession();
-		User user = ESAPI.authenticator().getCurrentUser();
-		user.addSession( newSession );
-		user.removeSession( oldSession );
-
-		// copy back the session content
-      for (Map.Entry<String, Object> stringObjectEntry : temp.entrySet())
-      {
-         newSession.setAttribute(stringObjectEntry.getKey(), stringObjectEntry.getValue());
-		}
-		return newSession;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-    public void clearCurrent() {
-		currentRequest.set(null);
-		currentResponse.set(null);
-	}
-
-	private String createCookieHeader(String name, String value, int maxAge, String domain, String path, boolean secure) {
-        // create the special cookie header instead of creating a Java cookie
-        // Set-Cookie:<name>=<value>[; <name>=<value>][; expires=<date>][;
-        // domain=<domain_name>][; path=<some_path>][; secure][;HttpOnly]
-        String header = name + "=" + value;
-        header += "; Max-Age=" + maxAge;
-        if (domain != null) {
-            header += "; Domain=" + domain;
-        }
-        if (path != null) {
-            header += "; Path=" + path;
-        }
-        if ( secure || ESAPI.securityConfiguration().getForceSecureCookies() ) {
-            header += "; Secure";
-        }
-        if ( ESAPI.securityConfiguration().getForceHttpOnlyCookies() ) {
-            header += "; HttpOnly";
-        }
-        return header;
-    }
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public String decryptHiddenField(String encrypted) {
-    	try {
-    		return decryptString(encrypted);
-    	} catch( EncryptionException e ) {
-    		throw new IntrusionException("Invalid request","Tampering detected. Hidden field data did not decrypt properly.", e);
-    	}
-    }
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public Map<String,String> decryptQueryString(String encrypted) throws EncryptionException {
-        String plaintext = decryptString(encrypted);
-		return queryToMap(plaintext);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public Map<String,String> decryptStateFromCookie() throws EncryptionException {
-		return decryptStateFromCookie( getCurrentRequest() );
-    }
-
-	/**
-	 * {@inheritDoc}
-     *
-     * @param request
-     */
-    public Map<String,String> decryptStateFromCookie(HttpServletRequest request) throws EncryptionException {
-    	try {
-    		String encrypted = getCookie( request, ESAPI_STATE );
-    		if ( encrypted == null ) return new HashMap<String,String>();
-    		String plaintext = decryptString(encrypted);
-    		return queryToMap( plaintext );
-    	} catch( ValidationException e ) {
-        	return null;
-    	}
-    }
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public String encryptHiddenField(String value) throws EncryptionException {
-    	return encryptString(value);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public String encryptQueryString(String query) throws EncryptionException {
-	    return encryptString(query);
-	}
-
-	/**
-	 * {@inheritDoc}
-     */
-    public void encryptStateInCookie(HttpServletResponse response, Map<String,String> cleartext) throws EncryptionException {
-    	StringBuilder sb = new StringBuilder();
-    	Iterator i = cleartext.entrySet().iterator();
-    	while ( i.hasNext() ) {
-    		try {
-	    		Map.Entry entry = (Map.Entry)i.next();
-	    		
-	    		    // What do these need to be URL encoded? They are encrypted!
-	    		String name = ESAPI.encoder().encodeForURL( entry.getKey().toString() );
-	    		String value = ESAPI.encoder().encodeForURL( entry.getValue().toString() );
-             sb.append(name).append("=").append(value);
-	    		if ( i.hasNext() ) sb.append( "&" );
-    		} catch( EncodingException e ) {
-    			logger.error(Logger.SECURITY_FAILURE, "Problem encrypting state in cookie - skipping entry", e );
-    		}
-    	}
-
-		String encrypted = encryptString(sb.toString());
-
-		if ( encrypted.length() > (MAX_COOKIE_LEN ) ) {
-			logger.error(Logger.SECURITY_FAILURE, "Problem encrypting state in cookie - skipping entry");
-			throw new EncryptionException("Encryption failure", "Encrypted cookie state of " + encrypted.length() + " longer than allowed " + MAX_COOKIE_LEN );
-		}
-
-    	Cookie cookie = new Cookie( ESAPI_STATE, encrypted );
-    	addCookie( response, cookie );
-    }
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void encryptStateInCookie( Map<String,String> cleartext ) throws EncryptionException {
-		encryptStateInCookie( getCurrentResponse(), cleartext );
-    }
-
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public String getCookie( HttpServletRequest request, String name ) throws ValidationException {
-        Cookie c = getFirstCookie( request, name );
-        if ( c == null ) return null;
-		String value = c.getValue();
-		return ESAPI.validator().getValidInput("HTTP cookie value: " + value, value, "HTTPCookieValue", 1000, false);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-    public String getCookie( String name ) throws ValidationException {
-    	return getCookie( getCurrentRequest(), name );
-    }
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public String getCSRFToken() {
-		User user = ESAPI.authenticator().getCurrentUser();
-		if (user == null) return null;
-		return user.getCSRFToken();
-	}
-
-
-	/**
-	 * {@inheritDoc}
-	 */
-    public HttpServletRequest getCurrentRequest() {
-    	return currentRequest.getRequest();
-    }
-
-
-	/**
-	 * {@inheritDoc}
-	 */
-    public HttpServletResponse getCurrentResponse() {
-        return currentResponse.getResponse();
-    }
-
-	/**
-	 * {@inheritDoc}
-	 */
-    public List<File> getFileUploads() throws ValidationException {
-    	return getFileUploads( getCurrentRequest(), ESAPI.securityConfiguration().getUploadDirectory(), ESAPI.securityConfiguration().getAllowedFileExtensions() );
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public List<File> getFileUploads(HttpServletRequest request) throws ValidationException {
-    	return getFileUploads(request, ESAPI.securityConfiguration().getUploadDirectory(), ESAPI.securityConfiguration().getAllowedFileExtensions());
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public List<File> getFileUploads(HttpServletRequest request, File finalDir ) throws ValidationException {
-    	return getFileUploads(request, finalDir, ESAPI.securityConfiguration().getAllowedFileExtensions());
-    }
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public List<File> getFileUploads(HttpServletRequest request, File finalDir, List allowedExtensions) throws ValidationException {
-        File tempDir = ESAPI.securityConfiguration().getUploadTempDirectory();
-		if ( !tempDir.exists() ) {
-		    if ( !tempDir.mkdirs() ) throw new ValidationUploadException( "Upload failed", "Could not create temp directory: " + tempDir.getAbsolutePath() );
-		}
-
-		if( finalDir != null){
-			if ( !finalDir.exists() ) {
-				if ( !finalDir.mkdirs() ) throw new ValidationUploadException( "Upload failed", "Could not create final upload directory: " + finalDir.getAbsolutePath() );
-			}
-		}
-		else {
-			if ( !ESAPI.securityConfiguration().getUploadDirectory().exists()) {
-				if ( !ESAPI.securityConfiguration().getUploadDirectory().mkdirs() ) throw new ValidationUploadException( "Upload failed", "Could not create final upload directory: " + ESAPI.securityConfiguration().getUploadDirectory().getAbsolutePath() );
-			}
-			finalDir = ESAPI.securityConfiguration().getUploadDirectory();
-		}
-
-		List<File> newFiles = new ArrayList<File>();
-		try {
-			final HttpSession session = request.getSession(false);
-			if (!ServletFileUpload.isMultipartContent(request)) {
-				throw new ValidationUploadException("Upload failed", "Not a multipart request");
-			}
-
-			// this factory will store ALL files in the temp directory,
-			// regardless of size
-			DiskFileItemFactory factory = new DiskFileItemFactory(0, tempDir);
-			ServletFileUpload upload = new ServletFileUpload(factory);
-			upload.setSizeMax(maxBytes);
-
-			// Create a progress listener
-			ProgressListener progressListener = new ProgressListener() {
-				private long megaBytes = -1;
-				private long progress = 0;
-
-				public void update(long pBytesRead, long pContentLength, int pItems) {
-					if (pItems == 0)
-						return;
-					long mBytes = pBytesRead / 1000000;
-					if (megaBytes == mBytes)
-						return;
-					megaBytes = mBytes;
-					progress = (long) (((double) pBytesRead / (double) pContentLength) * 100);
-					if ( session != null ) {
-					    session.setAttribute("progress", Long.toString(progress));
-					}
-					// logger.logSuccess(Logger.SECURITY, "   Item " + pItems + " (" + progress + "% of " + pContentLength + " bytes]");
-				}
-			};
-			upload.setProgressListener(progressListener);
-
-			List<FileItem> items = upload.parseRequest(request);
-         for (FileItem item : items)
-         {
-            if (!item.isFormField() && item.getName() != null && !(item.getName().equals("")))
-            {
-					String[] fparts = item.getName().split("[\\/\\\\]");
-					String filename = fparts[fparts.length - 1];
-
-               if (!ESAPI.validator().isValidFileName("upload", filename, allowedExtensions, false))
-               {
-						throw new ValidationUploadException("Upload only simple filenames with the following extensions " + allowedExtensions, "Upload failed isValidFileName check");
-					}
-
-					logger.info(Logger.SECURITY_SUCCESS, "File upload requested: " + filename);
-					File f = new File(finalDir, filename);
-               if (f.exists())
-               {
-						String[] parts = filename.split("\\/.");
-						String extension = "";
-                  if (parts.length > 1)
-                  {
-							extension = parts[parts.length - 1];
-						}
-						String filenm = filename.substring(0, filename.length() - extension.length());
-						f = File.createTempFile(filenm, "." + extension, finalDir);
-					}
-					item.write(f);
-               newFiles.add(f);
-					// delete temporary file
-					item.delete();
-					logger.fatal(Logger.SECURITY_SUCCESS, "File successfully uploaded: " + f);
-               if (session != null)
-               {
-					    session.setAttribute("progress", Long.toString(0));
-					}
-				}
-			}
-		} catch (Exception e) {
-			if (e instanceof ValidationUploadException) {
-				throw (ValidationException)e;
-			}
-			throw new ValidationUploadException("Upload failure", "Problem during upload:" + e.getMessage(), e);
-		}
-		return Collections.synchronizedList(newFiles);
-	}
-
-
-
-	/**
-     * Utility to return the first cookie matching the provided name.
-     * @param request
-     * @param name
-     */
-	private Cookie getFirstCookie(HttpServletRequest request, String name) {
-		Cookie[] cookies = request.getCookies();
-		if (cookies != null) {
-         for (Cookie cookie : cookies)
-         {
-            if (cookie.getName().equals(name))
-            {
-					return cookie;
-				}
-			}
-		}
-		return null;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public String getHeader( HttpServletRequest request, String name ) throws ValidationException {
-        String value = request.getHeader(name);
-        return ESAPI.validator().getValidInput("HTTP header value: " + value, value, "HTTPHeaderValue", 150, false);
-	}
-
-
-	/**
-	 * {@inheritDoc}
-	 */
-    public String getHeader( String name ) throws ValidationException {
-    	return getHeader( getCurrentRequest(), name );
-    }
-
-
-    /**
-	 * {@inheritDoc}
-	 */
-	public String getParameter( HttpServletRequest request, String name ) throws ValidationException {
-	    String value = request.getParameter(name);
-	    return ESAPI.validator().getValidInput("HTTP parameter value: " + value, value, "HTTPParameterValue", 2000, true);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-    public String getParameter( String name ) throws ValidationException {
-    	return getParameter( getCurrentRequest(), name );
-    }
-
-	/**
-	 * {@inheritDoc}
-	 */
-    public void killAllCookies() {
-    	killAllCookies( getCurrentRequest(), getCurrentResponse() );
-    }
-
-	/**
-	 * {@inheritDoc}
-     *
-     * @param request
-     * @param response
-     */
-	public void killAllCookies(HttpServletRequest request, HttpServletResponse response) {
-		Cookie[] cookies = request.getCookies();
-		if (cookies != null) {
-         for (Cookie cookie : cookies)
-         {
-				killCookie(request, response, cookie.getName());
-			}
-		}
-	}
-
-
-	/**
-	 * {@inheritDoc}
-     *
-     * @param request
-     * @param response
-     * @param name
-     */
-	public void killCookie(HttpServletRequest request, HttpServletResponse response, String name) {
-		String path = "//";
-		String domain="";
-		Cookie cookie = getFirstCookie(request, name);
-		if ( cookie != null ) {
-			path = cookie.getPath();
-			domain = cookie.getDomain();
-		}
-		Cookie deleter = new Cookie( name, "deleted" );
-		deleter.setMaxAge( 0 );
-		if ( domain != null ) deleter.setDomain( domain );
-		if ( path != null ) deleter.setPath( path );
-		response.addCookie( deleter );
-	}
-
-
-	/**
-	 * {@inheritDoc}
-	 */
-    public void killCookie( String name ) {
-    	killCookie( getCurrentRequest(), getCurrentResponse(), name );
-    }
-
-
-	/**
-	 * {@inheritDoc}
-	 */
-    public void logHTTPRequest() {
-    	logHTTPRequest( getCurrentRequest(), logger, null );
-    }
-
-	/**
-	 * {@inheritDoc}
-	 */
-    public void logHTTPRequest(HttpServletRequest request, Logger logger) {
-    	logHTTPRequest( request, logger, null );
-    }
-
-		/**
-		 * Formats an HTTP request into a log suitable string. This implementation logs the remote host IP address (or
-		 * hostname if available), the request method (GET/POST), the URL, and all the querystring and form parameters. All
-		 * the parameters are presented as though they were in the URL even if they were in a form. Any parameters that
-		 * match items in the parameterNamesToObfuscate are shown as eight asterisks.
-		 *
-		 *
-		 * @param request
-		 */
-		public void logHTTPRequest(HttpServletRequest request, Logger logger, List parameterNamesToObfuscate) {
-			StringBuilder params = new StringBuilder();
-		    Iterator i = request.getParameterMap().keySet().iterator();
-		    while (i.hasNext()) {
-		        String key = (String) i.next();
-		        String[] value = (String[]) request.getParameterMap().get(key);
-		        for (int j = 0; j < value.length; j++) {
-                 params.append(key).append("=");
-		            if (parameterNamesToObfuscate != null && parameterNamesToObfuscate.contains(key)) {
-		                params.append("********");
-		            } else {
-		                params.append(value[j]);
-		            }
-		            if (j < value.length - 1) {
-		                params.append("&");
-		            }
-		        }
-		        if (i.hasNext())
-		            params.append("&");
-		    }
-		    Cookie[] cookies = request.getCookies();
-		    if ( cookies != null ) {
-             for (Cookie cooky : cookies)
-             {
-                if (!cooky.getName().equals(ESAPI.securityConfiguration().getHttpSessionIdName())) 
-                {
-                   params.append("+").append(cooky.getName()).append("=").append(cooky.getValue());
-		                    }
-		            }
-		    }
-		    String msg = request.getMethod() + " " + request.getRequestURL() + (params.length() > 0 ? "?" + params : "");
-		    logger.info(Logger.SECURITY_SUCCESS, msg);
-		}
-
-	private Map<String,String> queryToMap(String query) {
-		TreeMap<String,String> map = new TreeMap<String,String>();
-		String[] parts = query.split("&");
-      for (String part : parts)
-      {
-         try
-         {
-            String[] nvpair = part.split("=");
-				String name = ESAPI.encoder().decodeFromURL(nvpair[0]);
-				String value = ESAPI.encoder().decodeFromURL(nvpair[1]);
-            map.put(name, value);
-         }
-         catch (EncodingException e)
-         {
-				// skip the nvpair with the encoding problem - note this is already logged.
-			}
-		}
-		return map;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 *
-	 * This implementation simply checks to make sure that the forward location starts with "WEB-INF" and
-	 * is intended for use in frameworks that forward to JSP files inside the WEB-INF folder.
-	 */
-	public void sendForward(HttpServletRequest request, HttpServletResponse response, String location) throws AccessControlException,ServletException,IOException {
-		if (!location.startsWith("WEB-INF")) {
-			throw new AccessControlException("Forward failed", "Bad forward location: " + location);
-		}
-		RequestDispatcher dispatcher = request.getRequestDispatcher(location);
-		dispatcher.forward( request, response );
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-    public void sendForward( String location )  throws AccessControlException,ServletException,IOException {
-    	sendForward( getCurrentRequest(), getCurrentResponse(), location);
-    }
-
-	/**
-	 * {@inheritDoc}
-	 *
-	 * This implementation checks against the list of safe redirect locations defined in ESAPI.properties.
-     *
-     * @param response
-     */
-    public void sendRedirect(HttpServletResponse response, String location) throws AccessControlException, IOException {
-        if (!ESAPI.validator().isValidRedirectLocation("Redirect", location, false)) {
-            logger.fatal(Logger.SECURITY_FAILURE, "Bad redirect location: " + location);
-            throw new AccessControlException("Redirect failed");
-        }
-        response.sendRedirect(location);
-    }
-
-	/**
-	 * {@inheritDoc}
-	 */
-    public void sendRedirect( String location )  throws AccessControlException,IOException {
-    	sendRedirect( getCurrentResponse(), location);
-    }
-
-	/**
-	 * {@inheritDoc}
-	 */
-    public void setContentType() {
-    	setContentType( getCurrentResponse() );
-    }
-
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void setContentType(HttpServletResponse response) {
-		response.setContentType((ESAPI.securityConfiguration()).getResponseContentType());
-	}
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public void setCurrentHTTP(HttpServletRequest request, HttpServletResponse response) {
-     	currentRequest.setRequest(request);
-        currentResponse.setResponse(response);
-    }
-
-    /**
-	 * {@inheritDoc}
-     */
-    public void setHeader(HttpServletResponse response, String name, String value) {
-        try {
-            String strippedName = StringUtilities.replaceLinearWhiteSpace(name);
-            String strippedValue = StringUtilities.replaceLinearWhiteSpace(value);
-            String safeName = ESAPI.validator().getValidInput("setHeader", strippedName, "HTTPHeaderName", 20, false);
-            String safeValue = ESAPI.validator().getValidInput("setHeader", strippedValue, "HTTPHeaderValue", 500, false);
-            response.setHeader(safeName, safeValue);
-        } catch (ValidationException e) {
-            logger.warning(Logger.SECURITY_FAILURE, "Attempt to set invalid header denied", e);
-        }
-    }
-
-
-	/**
-	 * {@inheritDoc}
-	 */
-    public void setHeader( String name, String value ) {
-    	setHeader( getCurrentResponse(), name, value );
-    }
-
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public void setNoCacheHeaders() {
-    	setNoCacheHeaders( getCurrentResponse() );
-    }
-
-	/**
-	 * {@inheritDoc}
-     *
-     * @param response
-     */
-	public void setNoCacheHeaders(HttpServletResponse response) {
-		// HTTP 1.1
-		response.setHeader("Cache-Control", "no-store, no-cache, must-revalidate");
-
-		// HTTP 1.0
-		response.setHeader("Pragma","no-cache");
-		response.setDateHeader("Expires", -1);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 *
-	 * Save the user's remember me data in an encrypted cookie and send it to the user.
-	 * Any old remember me cookie is destroyed first. Setting this cookie will keep the user
-	 * logged in until the maxAge passes, the password is changed, or the cookie is deleted.
-	 * If the cookie exists for the current user, it will automatically be used by ESAPI to
-	 * log the user in, if the data is valid and not expired.
-     *
-     * @param request
-     * @param response
-     */
-	public String setRememberToken( HttpServletRequest request, HttpServletResponse response, String password, int maxAge, String domain, String path ) {
-		User user = ESAPI.authenticator().getCurrentUser();
-		try {
-			killCookie(request, response, REMEMBER_TOKEN_COOKIE_NAME );
-			// seal already contains random data
-			String clearToken = user.getAccountName() + "|" + password;
-			long expiry = ESAPI.encryptor().getRelativeTimeStamp(maxAge * 1000);
-			String cryptToken = ESAPI.encryptor().seal(clearToken, expiry);
-
-            // Do NOT URLEncode cryptToken before creating cookie. See Google Issue # 144,
-			// which was marked as "WontFix".
-
-			Cookie cookie = new Cookie( REMEMBER_TOKEN_COOKIE_NAME, cryptToken );
-			cookie.setMaxAge( maxAge );
-			cookie.setDomain( domain );
-			cookie.setPath( path );
-			response.addCookie( cookie );
-			logger.info(Logger.SECURITY_SUCCESS, "Enabled remember me token for " + user.getAccountName() );
-			return cryptToken;
-		} catch( IntegrityException e ) {
-			logger.warning(Logger.SECURITY_FAILURE, "Attempt to set remember me token failed for " + user.getAccountName(), e );
-			return null;
-		}
-	}
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public String setRememberToken( String password, int maxAge, String domain, String path ) {
-    	return setRememberToken( getCurrentRequest(), getCurrentResponse(), password, maxAge, domain, path );
-    }
-
-
-    /**
-	 * {@inheritDoc}
-	 */
-	public void verifyCSRFToken() throws IntrusionException {
-    	verifyCSRFToken( getCurrentRequest() );
-    }
-
-    /**
-	 * {@inheritDoc}
-	 *
-	 * This implementation uses the CSRF_TOKEN_NAME parameter for the token.
-     *
-     * @param request
-     */
-	public void verifyCSRFToken(HttpServletRequest request) throws IntrusionException {
-		User user = ESAPI.authenticator().getCurrentUser();
-
-		// check if user authenticated with this request - no CSRF protection required
-		if( request.getAttribute(user.getCSRFToken()) != null ) {
-			return;
-		}
-		String token = request.getParameter(CSRF_TOKEN_NAME);
-		if ( !user.getCSRFToken().equals( token ) ) {
-			throw new IntrusionException("Authentication failed", "Possibly forged HTTP request without proper CSRF token detected");
-		}
-	}
-
-    /**
-     * {@inheritDoc}
-     */
-    public <T> T getSessionAttribute( String key ) {
-        final HttpSession session = ESAPI.currentRequest().getSession(false);
-        if ( session != null )
-            return (T) session.getAttribute(key);
-        return null;
-    }
-
-    /**
-     * {@inheritDoc}
-     */
-    public <T> T getSessionAttribute(HttpSession session, String key)
-    {
-        return (T) session.getAttribute(key);
-    }
-
-    /**
-     * {@inheritDoc}
-     */
-    public <T> T getRequestAttribute(String key)
-    {
-        return (T)  ESAPI.currentRequest().getAttribute(key);
-    }
-
-    /**
-     * {@inheritDoc}
-     */
-    public <T> T getRequestAttribute(HttpServletRequest request, String key)
-    {
-        return (T) request.getAttribute( key );
-    }
-    
-    /////////////////////
-    
-    /* Helper method to encrypt using new Encryptor encryption methods and
-     * return the serialized ciphertext as a hex-encoded string.
-     */
-    private String encryptString(String plaintext) throws EncryptionException {
-        PlainText pt = new PlainText(plaintext);
-        CipherText ct = ESAPI.encryptor().encrypt(pt);
-        byte[] serializedCiphertext = ct.asPortableSerializedByteArray();
-        return Hex.encode(serializedCiphertext, false);
-    }
-    
-    /* Helper method to decrypt a hex-encode serialized ciphertext string and
-     * to decrypt it using the new Encryptor decryption methods.
-     */
-    private String decryptString(String ciphertext) throws EncryptionException {
-        byte[] serializedCiphertext = Hex.decode(ciphertext);
-        CipherText restoredCipherText =
-            CipherText.fromPortableSerializedBytes(serializedCiphertext);
-        PlainText plaintext = ESAPI.encryptor().decrypt(restoredCipherText);
-        return plaintext.toString();
-    }
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference;
+
+import org.apache.commons.fileupload.FileItem;
+import org.apache.commons.fileupload.ProgressListener;
+import org.apache.commons.fileupload.disk.DiskFileItemFactory;
+import org.apache.commons.fileupload.servlet.ServletFileUpload;
+import org.owasp.esapi.*;
+import org.owasp.esapi.codecs.Hex;
+import org.owasp.esapi.crypto.CipherText;
+import org.owasp.esapi.crypto.PlainText;
+import org.owasp.esapi.errors.*;
+
+import javax.servlet.RequestDispatcher;
+import javax.servlet.ServletException;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+import java.io.File;
+import java.io.IOException;
+import java.util.*;
+import java.util.concurrent.ConcurrentHashMap;
+
+/**
+ * Reference implementation of the HTTPUtilities interface. This implementation
+ * uses the Apache Commons FileUploader library, which in turn uses the Apache
+ * Commons IO library.
+ * <P>
+ * To simplify the interface, some methods use the current request and response that
+ * are tracked by ThreadLocal variables in the Authenticator. This means that you
+ * must have called ESAPI.authenticator().setCurrentHTTP(request, response) before
+ * calling these methods.
+ * <P>
+ * Typically, this is done by calling the Authenticator.login() method, which
+ * calls setCurrentHTTP() automatically. However if you want to use these methods
+ * in another application, you should explicitly call setCurrentHTTP() in your
+ * own code. In either case, you *must* call ESAPI.clearCurrent() to clear threadlocal
+ * variables before the thread is reused. The advantages of having identity everywhere
+ * outweigh the disadvantages of this approach.
+ *
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ * @see org.owasp.esapi.HTTPUtilities
+ */
+public class DefaultHTTPUtilities implements org.owasp.esapi.HTTPUtilities {
+    private static volatile HTTPUtilities instance = null;
+
+    public static HTTPUtilities getInstance() {
+        if ( instance == null ) {
+            synchronized ( DefaultHTTPUtilities.class ) {
+                if ( instance == null ) {
+                    instance = new DefaultHTTPUtilities();
+                }
+            }
+        }
+        return instance;
+    }
+
+	/**
+     * Defines the ThreadLocalRequest to store the current request for this thread.
+     */
+    private class ThreadLocalRequest extends InheritableThreadLocal<HttpServletRequest> {
+
+        public HttpServletRequest getRequest() {
+            return super.get();
+        }
+
+        public HttpServletRequest initialValue() {
+        	return null;
+        }
+
+        public void setRequest(HttpServletRequest newRequest) {
+            super.set(newRequest);
+        }
+    }
+
+	/**
+     * Defines the ThreadLocalResponse to store the current response for this thread.
+     */
+    private class ThreadLocalResponse extends InheritableThreadLocal<HttpServletResponse> {
+
+        public HttpServletResponse getResponse() {
+            return super.get();
+        }
+
+        public HttpServletResponse initialValue() {
+        	return null;
+        }
+
+        public void setResponse(HttpServletResponse newResponse) {
+            super.set(newResponse);
+        }
+    }
+
+    /** The logger. */
+	private final Logger logger = ESAPI.getLogger("HTTPUtilities");
+
+    /** The max bytes. */
+	static final int maxBytes = ESAPI.securityConfiguration().getAllowedFileUploadSize();
+
+
+    /*
+     * The currentRequest ThreadLocal variable is used to make the currentRequest available to any call in any part of an
+     * application. This enables API's for actions that require the request to be much simpler. For example, the logout()
+     * method in the Authenticator class requires the currentRequest to get the session in order to invalidate it.
+     */
+    private ThreadLocalRequest currentRequest = new ThreadLocalRequest();
+
+	/*
+     * The currentResponse ThreadLocal variable is used to make the currentResponse available to any call in any part of an
+     * application. This enables API's for actions that require the response to be much simpler. For example, the logout()
+     * method in the Authenticator class requires the currentResponse to kill the Session ID cookie.
+     */
+    private ThreadLocalResponse currentResponse = new ThreadLocalResponse();
+
+
+
+	/**
+     * No arg constructor.
+     */
+    public DefaultHTTPUtilities() {
+	}
+
+
+	/**
+	 * {@inheritDoc}
+     * This implementation uses a custom "set-cookie" header rather than Java's
+     * cookie interface which doesn't allow the use of HttpOnly. Configure the
+     * HttpOnly and Secure settings in ESAPI.properties.
+	 */
+	public void addCookie( Cookie cookie ) {
+		addCookie( getCurrentResponse(), cookie );
+    }
+
+    /**
+	 * {@inheritDoc}
+     * This implementation uses a custom "set-cookie" header rather than Java's
+     * cookie interface which doesn't allow the use of HttpOnly. Configure the
+     * HttpOnly and Secure settings in ESAPI.properties.
+	 */
+    public void addCookie(HttpServletResponse response, Cookie cookie) {
+        String name = cookie.getName();
+        String value = cookie.getValue();
+        int maxAge = cookie.getMaxAge();
+        String domain = cookie.getDomain();
+        String path = cookie.getPath();
+        boolean secure = cookie.getSecure();
+
+        // validate the name and value
+        ValidationErrorList errors = new ValidationErrorList();
+        String cookieName = ESAPI.validator().getValidInput("cookie name", name, "HTTPCookieName", 50, false, errors);
+        String cookieValue = ESAPI.validator().getValidInput("cookie value", value, "HTTPCookieValue", 5000, false, errors);
+
+        // if there are no errors, then set the cookie either with a header or normally
+        if (errors.size() == 0) {
+        	if ( ESAPI.securityConfiguration().getForceHttpOnlyCookies() ) {
+	            String header = createCookieHeader(cookieName, cookieValue, maxAge, domain, path, secure);
+	            addHeader(response, "Set-Cookie", header);
+        	} else {
+                // Issue 23 - If the ESAPI Configuration is set to force secure cookies, force the secure flag on the cookie before setting it
+                cookie.setSecure( secure || ESAPI.securityConfiguration().getForceSecureCookies() );
+        		response.addCookie(cookie);
+        	}
+            return;
+        }
+        logger.warning(Logger.SECURITY_FAILURE, "Attempt to add unsafe data to cookie (skip mode). Skipping cookie and continuing.");
+    }
+
+
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public String addCSRFToken(String href) {
+		User user = ESAPI.authenticator().getCurrentUser();
+		if (user.isAnonymous()) {
+			return href;
+		}
+
+		// if there are already parameters append with &, otherwise append with ?
+		String token = CSRF_TOKEN_NAME + "=" + user.getCSRFToken();
+		return href.indexOf( '?') != -1 ? href + "&" + token : href + "?" + token;
+	}
+
+    /**
+	 * {@inheritDoc}
+     */
+    public void addHeader(String name, String value) {
+    	addHeader( getCurrentResponse(), name, value );
+    }
+
+    /**
+	 * {@inheritDoc}
+     */
+    public void addHeader(HttpServletResponse response, String name, String value) {
+        try {
+            String strippedName = StringUtilities.replaceLinearWhiteSpace(name);
+            String strippedValue = StringUtilities.replaceLinearWhiteSpace(value);
+            String safeName = ESAPI.validator().getValidInput("addHeader", strippedName, "HTTPHeaderName", 20, false);
+            String safeValue = ESAPI.validator().getValidInput("addHeader", strippedValue, "HTTPHeaderValue", 500, false);
+            response.addHeader(safeName, safeValue);
+        } catch (ValidationException e) {
+            logger.warning(Logger.SECURITY_FAILURE, "Attempt to add invalid header denied", e);
+        }
+    }
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public void assertSecureChannel() throws AccessControlException {
+    	assertSecureChannel( getCurrentRequest() );
+    }
+
+	/**
+	 * {@inheritDoc}
+	 * 
+	 * This implementation ignores the built-in isSecure() method
+	 * and uses the URL to determine if the request was transmitted over SSL.
+	 * This is because SSL may have been terminated somewhere outside the
+	 * container.
+	 */
+	public void assertSecureChannel(HttpServletRequest request) throws AccessControlException {
+	    if ( request == null ) {
+	    	throw new AccessControlException( "Insecure request received", "HTTP request was null" );
+	    }
+	    StringBuffer sb = request.getRequestURL();
+	    if ( sb == null ) {
+	    	throw new AccessControlException( "Insecure request received", "HTTP request URL was null" );
+	    }
+	    String url = sb.toString();
+	    if ( !url.startsWith( "https" ) ) {
+	    	throw new AccessControlException( "Insecure request received", "HTTP request did not use SSL" );
+	    }
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public void assertSecureRequest() throws AccessControlException {
+    	assertSecureRequest( getCurrentRequest() );
+    }
+
+	/**
+	 * {@inheritDoc}
+     */
+	public void assertSecureRequest(HttpServletRequest request) throws AccessControlException {
+		assertSecureChannel( request );
+		String receivedMethod = request.getMethod();
+		String requiredMethod = "POST";
+		if ( !receivedMethod.equals( requiredMethod ) ) {
+			throw new AccessControlException( "Insecure request received", "Received request using " + receivedMethod + " when only " + requiredMethod + " is allowed" );
+		}
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public HttpSession changeSessionIdentifier() throws AuthenticationException {
+    	return changeSessionIdentifier( getCurrentRequest() );
+    }
+
+	/**
+	 * {@inheritDoc}
+     */
+	public HttpSession changeSessionIdentifier(HttpServletRequest request) throws AuthenticationException {
+
+		// get the current session
+		HttpSession oldSession = request.getSession();
+
+		// make a copy of the session content
+		Map<String,Object> temp = new ConcurrentHashMap<String,Object>();
+		Enumeration e = oldSession.getAttributeNames();
+		while (e != null && e.hasMoreElements()) {
+			String name = (String) e.nextElement();
+			Object value = oldSession.getAttribute(name);
+			temp.put(name, value);
+		}
+
+		// kill the old session and create a new one
+		oldSession.invalidate();
+		HttpSession newSession = request.getSession();
+		User user = ESAPI.authenticator().getCurrentUser();
+		user.addSession( newSession );
+		user.removeSession( oldSession );
+
+		// copy back the session content
+      for (Map.Entry<String, Object> stringObjectEntry : temp.entrySet())
+      {
+         newSession.setAttribute(stringObjectEntry.getKey(), stringObjectEntry.getValue());
+		}
+		return newSession;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+    public void clearCurrent() {
+		currentRequest.set(null);
+		currentResponse.set(null);
+	}
+
+	private String createCookieHeader(String name, String value, int maxAge, String domain, String path, boolean secure) {
+        // create the special cookie header instead of creating a Java cookie
+        // Set-Cookie:<name>=<value>[; <name>=<value>][; expires=<date>][;
+        // domain=<domain_name>][; path=<some_path>][; secure][;HttpOnly]
+        String header = name + "=" + value;
+        header += "; Max-Age=" + maxAge;
+        if (domain != null) {
+            header += "; Domain=" + domain;
+        }
+        if (path != null) {
+            header += "; Path=" + path;
+        }
+        if ( secure || ESAPI.securityConfiguration().getForceSecureCookies() ) {
+            header += "; Secure";
+        }
+        if ( ESAPI.securityConfiguration().getForceHttpOnlyCookies() ) {
+            header += "; HttpOnly";
+        }
+        return header;
+    }
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public String decryptHiddenField(String encrypted) {
+    	try {
+    		return decryptString(encrypted);
+    	} catch( EncryptionException e ) {
+    		throw new IntrusionException("Invalid request","Tampering detected. Hidden field data did not decrypt properly.", e);
+    	}
+    }
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public Map<String,String> decryptQueryString(String encrypted) throws EncryptionException {
+        String plaintext = decryptString(encrypted);
+		return queryToMap(plaintext);
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public Map<String,String> decryptStateFromCookie() throws EncryptionException {
+		return decryptStateFromCookie( getCurrentRequest() );
+    }
+
+	/**
+	 * {@inheritDoc}
+     *
+     * @param request
+     */
+    public Map<String,String> decryptStateFromCookie(HttpServletRequest request) throws EncryptionException {
+    	try {
+    		String encrypted = getCookie( request, ESAPI_STATE );
+    		if ( encrypted == null ) return new HashMap<String,String>();
+    		String plaintext = decryptString(encrypted);
+    		return queryToMap( plaintext );
+    	} catch( ValidationException e ) {
+        	return null;
+    	}
+    }
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public String encryptHiddenField(String value) throws EncryptionException {
+    	return encryptString(value);
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public String encryptQueryString(String query) throws EncryptionException {
+	    return encryptString(query);
+	}
+
+	/**
+	 * {@inheritDoc}
+     */
+    public void encryptStateInCookie(HttpServletResponse response, Map<String,String> cleartext) throws EncryptionException {
+    	StringBuilder sb = new StringBuilder();
+    	Iterator i = cleartext.entrySet().iterator();
+    	while ( i.hasNext() ) {
+    		try {
+	    		Map.Entry entry = (Map.Entry)i.next();
+	    		
+	    		    // What do these need to be URL encoded? They are encrypted!
+	    		String name = ESAPI.encoder().encodeForURL( entry.getKey().toString() );
+	    		String value = ESAPI.encoder().encodeForURL( entry.getValue().toString() );
+             sb.append(name).append("=").append(value);
+	    		if ( i.hasNext() ) sb.append( "&" );
+    		} catch( EncodingException e ) {
+    			logger.error(Logger.SECURITY_FAILURE, "Problem encrypting state in cookie - skipping entry", e );
+    		}
+    	}
+
+		String encrypted = encryptString(sb.toString());
+
+		if ( encrypted.length() > (MAX_COOKIE_LEN ) ) {
+			logger.error(Logger.SECURITY_FAILURE, "Problem encrypting state in cookie - skipping entry");
+			throw new EncryptionException("Encryption failure", "Encrypted cookie state of " + encrypted.length() + " longer than allowed " + MAX_COOKIE_LEN );
+		}
+
+    	Cookie cookie = new Cookie( ESAPI_STATE, encrypted );
+    	addCookie( response, cookie );
+    }
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public void encryptStateInCookie( Map<String,String> cleartext ) throws EncryptionException {
+		encryptStateInCookie( getCurrentResponse(), cleartext );
+    }
+
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public String getCookie( HttpServletRequest request, String name ) throws ValidationException {
+        Cookie c = getFirstCookie( request, name );
+        if ( c == null ) return null;
+		String value = c.getValue();
+		return ESAPI.validator().getValidInput("HTTP cookie value: " + value, value, "HTTPCookieValue", 1000, false);
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+    public String getCookie( String name ) throws ValidationException {
+    	return getCookie( getCurrentRequest(), name );
+    }
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public String getCSRFToken() {
+		User user = ESAPI.authenticator().getCurrentUser();
+		if (user == null) return null;
+		return user.getCSRFToken();
+	}
+
+
+	/**
+	 * {@inheritDoc}
+	 */
+    public HttpServletRequest getCurrentRequest() {
+    	return currentRequest.getRequest();
+    }
+
+
+	/**
+	 * {@inheritDoc}
+	 */
+    public HttpServletResponse getCurrentResponse() {
+        return currentResponse.getResponse();
+    }
+
+	/**
+	 * {@inheritDoc}
+	 */
+    public List<File> getFileUploads() throws ValidationException {
+    	return getFileUploads( getCurrentRequest(), ESAPI.securityConfiguration().getUploadDirectory(), ESAPI.securityConfiguration().getAllowedFileExtensions() );
+    }
+
+    /**
+	 * {@inheritDoc}
+	 */
+    public List<File> getFileUploads(HttpServletRequest request) throws ValidationException {
+    	return getFileUploads(request, ESAPI.securityConfiguration().getUploadDirectory(), ESAPI.securityConfiguration().getAllowedFileExtensions());
+    }
+
+    /**
+	 * {@inheritDoc}
+	 */
+    public List<File> getFileUploads(HttpServletRequest request, File finalDir ) throws ValidationException {
+    	return getFileUploads(request, finalDir, ESAPI.securityConfiguration().getAllowedFileExtensions());
+    }
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public List<File> getFileUploads(HttpServletRequest request, File finalDir, List allowedExtensions) throws ValidationException {
+        File tempDir = ESAPI.securityConfiguration().getUploadTempDirectory();
+		if ( !tempDir.exists() ) {
+		    if ( !tempDir.mkdirs() ) throw new ValidationUploadException( "Upload failed", "Could not create temp directory: " + tempDir.getAbsolutePath() );
+		}
+
+		if( finalDir != null){
+			if ( !finalDir.exists() ) {
+				if ( !finalDir.mkdirs() ) throw new ValidationUploadException( "Upload failed", "Could not create final upload directory: " + finalDir.getAbsolutePath() );
+			}
+		}
+		else {
+			if ( !ESAPI.securityConfiguration().getUploadDirectory().exists()) {
+				if ( !ESAPI.securityConfiguration().getUploadDirectory().mkdirs() ) throw new ValidationUploadException( "Upload failed", "Could not create final upload directory: " + ESAPI.securityConfiguration().getUploadDirectory().getAbsolutePath() );
+			}
+			finalDir = ESAPI.securityConfiguration().getUploadDirectory();
+		}
+
+		List<File> newFiles = new ArrayList<File>();
+		try {
+			final HttpSession session = request.getSession(false);
+			if (!ServletFileUpload.isMultipartContent(request)) {
+				throw new ValidationUploadException("Upload failed", "Not a multipart request");
+			}
+
+			// this factory will store ALL files in the temp directory,
+			// regardless of size
+			DiskFileItemFactory factory = new DiskFileItemFactory(0, tempDir);
+			ServletFileUpload upload = new ServletFileUpload(factory);
+			upload.setSizeMax(maxBytes);
+
+			// Create a progress listener
+			ProgressListener progressListener = new ProgressListener() {
+				private long megaBytes = -1;
+				private long progress = 0;
+
+				public void update(long pBytesRead, long pContentLength, int pItems) {
+					if (pItems == 0)
+						return;
+					long mBytes = pBytesRead / 1000000;
+					if (megaBytes == mBytes)
+						return;
+					megaBytes = mBytes;
+					progress = (long) (((double) pBytesRead / (double) pContentLength) * 100);
+					if ( session != null ) {
+					    session.setAttribute("progress", Long.toString(progress));
+					}
+					// logger.logSuccess(Logger.SECURITY, "   Item " + pItems + " (" + progress + "% of " + pContentLength + " bytes]");
+				}
+			};
+			upload.setProgressListener(progressListener);
+
+			List<FileItem> items = upload.parseRequest(request);
+         for (FileItem item : items)
+         {
+            if (!item.isFormField() && item.getName() != null && !(item.getName().equals("")))
+            {
+					String[] fparts = item.getName().split("[\\/\\\\]");
+					String filename = fparts[fparts.length - 1];
+
+               if (!ESAPI.validator().isValidFileName("upload", filename, allowedExtensions, false))
+               {
+						throw new ValidationUploadException("Upload only simple filenames with the following extensions " + allowedExtensions, "Upload failed isValidFileName check");
+					}
+
+					logger.info(Logger.SECURITY_SUCCESS, "File upload requested: " + filename);
+					File f = new File(finalDir, filename);
+               if (f.exists())
+               {
+						String[] parts = filename.split("\\/.");
+						String extension = "";
+                  if (parts.length > 1)
+                  {
+							extension = parts[parts.length - 1];
+						}
+						String filenm = filename.substring(0, filename.length() - extension.length());
+						f = File.createTempFile(filenm, "." + extension, finalDir);
+					}
+					item.write(f);
+               newFiles.add(f);
+					// delete temporary file
+					item.delete();
+					logger.fatal(Logger.SECURITY_SUCCESS, "File successfully uploaded: " + f);
+               if (session != null)
+               {
+					    session.setAttribute("progress", Long.toString(0));
+					}
+				}
+			}
+		} catch (Exception e) {
+			if (e instanceof ValidationUploadException) {
+				throw (ValidationException)e;
+			}
+			throw new ValidationUploadException("Upload failure", "Problem during upload:" + e.getMessage(), e);
+		}
+		return Collections.synchronizedList(newFiles);
+	}
+
+
+
+	/**
+     * Utility to return the first cookie matching the provided name.
+     * @param request
+     * @param name
+     */
+	private Cookie getFirstCookie(HttpServletRequest request, String name) {
+		Cookie[] cookies = request.getCookies();
+		if (cookies != null) {
+         for (Cookie cookie : cookies)
+         {
+            if (cookie.getName().equals(name))
+            {
+					return cookie;
+				}
+			}
+		}
+		return null;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public String getHeader( HttpServletRequest request, String name ) throws ValidationException {
+        String value = request.getHeader(name);
+        return ESAPI.validator().getValidInput("HTTP header value: " + value, value, "HTTPHeaderValue", 150, false);
+	}
+
+
+	/**
+	 * {@inheritDoc}
+	 */
+    public String getHeader( String name ) throws ValidationException {
+    	return getHeader( getCurrentRequest(), name );
+    }
+
+
+    /**
+	 * {@inheritDoc}
+	 */
+	public String getParameter( HttpServletRequest request, String name ) throws ValidationException {
+	    String value = request.getParameter(name);
+	    return ESAPI.validator().getValidInput("HTTP parameter value: " + value, value, "HTTPParameterValue", 2000, true);
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+    public String getParameter( String name ) throws ValidationException {
+    	return getParameter( getCurrentRequest(), name );
+    }
+
+	/**
+	 * {@inheritDoc}
+	 */
+    public void killAllCookies() {
+    	killAllCookies( getCurrentRequest(), getCurrentResponse() );
+    }
+
+	/**
+	 * {@inheritDoc}
+     *
+     * @param request
+     * @param response
+     */
+	public void killAllCookies(HttpServletRequest request, HttpServletResponse response) {
+		Cookie[] cookies = request.getCookies();
+		if (cookies != null) {
+         for (Cookie cookie : cookies)
+         {
+				killCookie(request, response, cookie.getName());
+			}
+		}
+	}
+
+
+	/**
+	 * {@inheritDoc}
+     *
+     * @param request
+     * @param response
+     * @param name
+     */
+	public void killCookie(HttpServletRequest request, HttpServletResponse response, String name) {
+		String path = "//";
+		String domain="";
+		Cookie cookie = getFirstCookie(request, name);
+		if ( cookie != null ) {
+			path = cookie.getPath();
+			domain = cookie.getDomain();
+		}
+		Cookie deleter = new Cookie( name, "deleted" );
+		deleter.setMaxAge( 0 );
+		if ( domain != null ) deleter.setDomain( domain );
+		if ( path != null ) deleter.setPath( path );
+		response.addCookie( deleter );
+	}
+
+
+	/**
+	 * {@inheritDoc}
+	 */
+    public void killCookie( String name ) {
+    	killCookie( getCurrentRequest(), getCurrentResponse(), name );
+    }
+
+
+	/**
+	 * {@inheritDoc}
+	 */
+    public void logHTTPRequest() {
+    	logHTTPRequest( getCurrentRequest(), logger, null );
+    }
+
+	/**
+	 * {@inheritDoc}
+	 */
+    public void logHTTPRequest(HttpServletRequest request, Logger logger) {
+    	logHTTPRequest( request, logger, null );
+    }
+
+		/**
+		 * Formats an HTTP request into a log suitable string. This implementation logs the remote host IP address (or
+		 * hostname if available), the request method (GET/POST), the URL, and all the querystring and form parameters. All
+		 * the parameters are presented as though they were in the URL even if they were in a form. Any parameters that
+		 * match items in the parameterNamesToObfuscate are shown as eight asterisks.
+		 *
+		 *
+		 * @param request
+		 */
+		public void logHTTPRequest(HttpServletRequest request, Logger logger, List parameterNamesToObfuscate) {
+			StringBuilder params = new StringBuilder();
+		    Iterator i = request.getParameterMap().keySet().iterator();
+		    while (i.hasNext()) {
+		        String key = (String) i.next();
+		        String[] value = (String[]) request.getParameterMap().get(key);
+		        for (int j = 0; j < value.length; j++) {
+                 params.append(key).append("=");
+		            if (parameterNamesToObfuscate != null && parameterNamesToObfuscate.contains(key)) {
+		                params.append("********");
+		            } else {
+		                params.append(value[j]);
+		            }
+		            if (j < value.length - 1) {
+		                params.append("&");
+		            }
+		        }
+		        if (i.hasNext())
+		            params.append("&");
+		    }
+		    Cookie[] cookies = request.getCookies();
+		    if ( cookies != null ) {
+             for (Cookie cooky : cookies)
+             {
+                if (!cooky.getName().equals(ESAPI.securityConfiguration().getHttpSessionIdName())) 
+                {
+                   params.append("+").append(cooky.getName()).append("=").append(cooky.getValue());
+		                    }
+		            }
+		    }
+		    String msg = request.getMethod() + " " + request.getRequestURL() + (params.length() > 0 ? "?" + params : "");
+		    logger.info(Logger.SECURITY_SUCCESS, msg);
+		}
+
+	private Map<String,String> queryToMap(String query) {
+		TreeMap<String,String> map = new TreeMap<String,String>();
+		String[] parts = query.split("&");
+      for (String part : parts)
+      {
+         try
+         {
+            String[] nvpair = part.split("=");
+				String name = ESAPI.encoder().decodeFromURL(nvpair[0]);
+				String value = ESAPI.encoder().decodeFromURL(nvpair[1]);
+            map.put(name, value);
+         }
+         catch (EncodingException e)
+         {
+				// skip the nvpair with the encoding problem - note this is already logged.
+			}
+		}
+		return map;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 *
+	 * This implementation simply checks to make sure that the forward location starts with "WEB-INF" and
+	 * is intended for use in frameworks that forward to JSP files inside the WEB-INF folder.
+	 */
+	public void sendForward(HttpServletRequest request, HttpServletResponse response, String location) throws AccessControlException,ServletException,IOException {
+		if (!location.startsWith("WEB-INF")) {
+			throw new AccessControlException("Forward failed", "Bad forward location: " + location);
+		}
+		RequestDispatcher dispatcher = request.getRequestDispatcher(location);
+		dispatcher.forward( request, response );
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+    public void sendForward( String location )  throws AccessControlException,ServletException,IOException {
+    	sendForward( getCurrentRequest(), getCurrentResponse(), location);
+    }
+
+	/**
+	 * {@inheritDoc}
+	 *
+	 * This implementation checks against the list of safe redirect locations defined in ESAPI.properties.
+     *
+     * @param response
+     */
+    public void sendRedirect(HttpServletResponse response, String location) throws AccessControlException, IOException {
+        if (!ESAPI.validator().isValidRedirectLocation("Redirect", location, false)) {
+            logger.fatal(Logger.SECURITY_FAILURE, "Bad redirect location: " + location);
+            throw new AccessControlException("Redirect failed", "Bad redirect location: " + location);
+        }
+        response.sendRedirect(location);
+    }
+
+	/**
+	 * {@inheritDoc}
+	 */
+    public void sendRedirect( String location )  throws AccessControlException,IOException {
+    	sendRedirect( getCurrentResponse(), location);
+    }
+
+	/**
+	 * {@inheritDoc}
+	 */
+    public void setContentType() {
+    	setContentType( getCurrentResponse() );
+    }
+
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public void setContentType(HttpServletResponse response) {
+		response.setContentType((ESAPI.securityConfiguration()).getResponseContentType());
+	}
+
+    /**
+	 * {@inheritDoc}
+	 */
+    public void setCurrentHTTP(HttpServletRequest request, HttpServletResponse response) {
+     	currentRequest.setRequest(request);
+        currentResponse.setResponse(response);
+    }
+
+    /**
+	 * {@inheritDoc}
+     */
+    public void setHeader(HttpServletResponse response, String name, String value) {
+        try {
+            String strippedName = StringUtilities.replaceLinearWhiteSpace(name);
+            String strippedValue = StringUtilities.replaceLinearWhiteSpace(value);
+            String safeName = ESAPI.validator().getValidInput("setHeader", strippedName, "HTTPHeaderName", 20, false);
+            String safeValue = ESAPI.validator().getValidInput("setHeader", strippedValue, "HTTPHeaderValue", 500, false);
+            response.setHeader(safeName, safeValue);
+        } catch (ValidationException e) {
+            logger.warning(Logger.SECURITY_FAILURE, "Attempt to set invalid header denied", e);
+        }
+    }
+
+
+	/**
+	 * {@inheritDoc}
+	 */
+    public void setHeader( String name, String value ) {
+    	setHeader( getCurrentResponse(), name, value );
+    }
+
+
+    /**
+	 * {@inheritDoc}
+	 */
+    public void setNoCacheHeaders() {
+    	setNoCacheHeaders( getCurrentResponse() );
+    }
+
+	/**
+	 * {@inheritDoc}
+     *
+     * @param response
+     */
+	public void setNoCacheHeaders(HttpServletResponse response) {
+		// HTTP 1.1
+		response.setHeader("Cache-Control", "no-store, no-cache, must-revalidate");
+
+		// HTTP 1.0
+		response.setHeader("Pragma","no-cache");
+		response.setDateHeader("Expires", -1);
+	}
+
+	/**
+	 * {@inheritDoc}
+	 *
+	 * Save the user's remember me data in an encrypted cookie and send it to the user.
+	 * Any old remember me cookie is destroyed first. Setting this cookie will keep the user
+	 * logged in until the maxAge passes, the password is changed, or the cookie is deleted.
+	 * If the cookie exists for the current user, it will automatically be used by ESAPI to
+	 * log the user in, if the data is valid and not expired.
+     *
+     * @param request
+     * @param response
+     */
+	public String setRememberToken( HttpServletRequest request, HttpServletResponse response, String password, int maxAge, String domain, String path ) {
+		User user = ESAPI.authenticator().getCurrentUser();
+		try {
+			killCookie(request, response, REMEMBER_TOKEN_COOKIE_NAME );
+			// seal already contains random data
+			String clearToken = user.getAccountName() + "|" + password;
+			long expiry = ESAPI.encryptor().getRelativeTimeStamp(maxAge * 1000);
+			String cryptToken = ESAPI.encryptor().seal(clearToken, expiry);
+
+            // Do NOT URLEncode cryptToken before creating cookie. See Google Issue # 144,
+			// which was marked as "WontFix".
+
+			Cookie cookie = new Cookie( REMEMBER_TOKEN_COOKIE_NAME, cryptToken );
+			cookie.setMaxAge( maxAge );
+			cookie.setDomain( domain );
+			cookie.setPath( path );
+			response.addCookie( cookie );
+			logger.info(Logger.SECURITY_SUCCESS, "Enabled remember me token for " + user.getAccountName() );
+			return cryptToken;
+		} catch( IntegrityException e ) {
+			logger.warning(Logger.SECURITY_FAILURE, "Attempt to set remember me token failed for " + user.getAccountName(), e );
+			return null;
+		}
+	}
+
+    /**
+	 * {@inheritDoc}
+	 */
+    public String setRememberToken( String password, int maxAge, String domain, String path ) {
+    	return setRememberToken( getCurrentRequest(), getCurrentResponse(), password, maxAge, domain, path );
+    }
+
+
+    /**
+	 * {@inheritDoc}
+	 */
+	public void verifyCSRFToken() throws IntrusionException {
+    	verifyCSRFToken( getCurrentRequest() );
+    }
+
+    /**
+	 * {@inheritDoc}
+	 *
+	 * This implementation uses the CSRF_TOKEN_NAME parameter for the token.
+     *
+     * @param request
+     */
+	public void verifyCSRFToken(HttpServletRequest request) throws IntrusionException {
+		User user = ESAPI.authenticator().getCurrentUser();
+
+		// check if user authenticated with this request - no CSRF protection required
+		if( request.getAttribute(user.getCSRFToken()) != null ) {
+			return;
+		}
+		String token = request.getParameter(CSRF_TOKEN_NAME);
+		if ( !user.getCSRFToken().equals( token ) ) {
+			throw new IntrusionException("Authentication failed", "Possibly forged HTTP request without proper CSRF token detected");
+		}
+	}
+
+    /**
+     * {@inheritDoc}
+     */
+    public <T> T getSessionAttribute( String key ) {
+        final HttpSession session = ESAPI.currentRequest().getSession(false);
+        if ( session != null )
+            return (T) session.getAttribute(key);
+        return null;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public <T> T getSessionAttribute(HttpSession session, String key)
+    {
+        return (T) session.getAttribute(key);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public <T> T getRequestAttribute(String key)
+    {
+        return (T)  ESAPI.currentRequest().getAttribute(key);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public <T> T getRequestAttribute(HttpServletRequest request, String key)
+    {
+        return (T) request.getAttribute( key );
+    }
+    
+    /////////////////////
+    
+    /* Helper method to encrypt using new Encryptor encryption methods and
+     * return the serialized ciphertext as a hex-encoded string.
+     */
+    private String encryptString(String plaintext) throws EncryptionException {
+        PlainText pt = new PlainText(plaintext);
+        CipherText ct = ESAPI.encryptor().encrypt(pt);
+        byte[] serializedCiphertext = ct.asPortableSerializedByteArray();
+        return Hex.encode(serializedCiphertext, false);
+    }
+    
+    /* Helper method to decrypt a hex-encode serialized ciphertext string and
+     * to decrypt it using the new Encryptor decryption methods.
+     */
+    private String decryptString(String ciphertext) throws EncryptionException {
+        byte[] serializedCiphertext = Hex.decode(ciphertext);
+        CipherText restoredCipherText =
+            CipherText.fromPortableSerializedBytes(serializedCiphertext);
+        PlainText plaintext = ESAPI.encryptor().decrypt(restoredCipherText);
+        return plaintext.toString();
+    }
+}
diff --git a/src/test/java/org/owasp/esapi/reference/HTTPUtilitiesTest.java b/src/test/java/org/owasp/esapi/reference/HTTPUtilitiesTest.java
index 40f9e219e..2c89a8e10 100644
--- a/src/test/java/org/owasp/esapi/reference/HTTPUtilitiesTest.java
+++ b/src/test/java/org/owasp/esapi/reference/HTTPUtilitiesTest.java
@@ -1,507 +1,508 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-import org.owasp.esapi.Authenticator;
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.EncoderConstants;
-import org.owasp.esapi.HTTPUtilities;
-import org.owasp.esapi.User;
-import org.owasp.esapi.codecs.Hex;
-import org.owasp.esapi.crypto.CipherText;
-import org.owasp.esapi.crypto.PlainText;
-import org.owasp.esapi.errors.AuthenticationException;
-import org.owasp.esapi.errors.EncryptionException;
-import org.owasp.esapi.errors.EnterpriseSecurityException;
-import org.owasp.esapi.errors.ValidationException;
-import org.owasp.esapi.http.MockHttpServletRequest;
-import org.owasp.esapi.http.MockHttpServletResponse;
-import org.owasp.esapi.http.MockHttpSession;
-import org.owasp.esapi.util.FileTestUtils;
-
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
-import java.io.File;
-import java.io.IOException;
-import java.util.*;
-
-/**
- * The Class HTTPUtilitiesTest.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class HTTPUtilitiesTest extends TestCase
-{
-	private static final Class<HTTPUtilitiesTest> CLASS = HTTPUtilitiesTest.class;
-	private static final String CLASS_NAME = CLASS.getName();
-
-	/**
-	 * Suite.
-	 * 
-	 * @return the test
-	 */
-	public static Test suite() {
-		return new TestSuite(HTTPUtilitiesTest.class);
-	}
-
-	/**
-	 * Instantiates a new HTTP utilities test.
-	 * 
-	 * @param testName the test name
-	 */
-	public HTTPUtilitiesTest(String testName) {
-		super(testName);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @throws Exception
-	 */
-	protected void setUp() throws Exception {
-		// none
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @throws Exception
-	 */
-	protected void tearDown() throws Exception {
-		// none
-	}
-
-	public void testCSRFToken() throws Exception {
-		System.out.println( "CSRFToken");
-		String username = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-		User user = ESAPI.authenticator().createUser(username, "addCSRFToken", "addCSRFToken");
-		ESAPI.authenticator().setCurrentUser( user );
-		String token = ESAPI.httpUtilities().getCSRFToken();
-		assertEquals( 8, token.length() );
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		try {
-			ESAPI.httpUtilities().verifyCSRFToken(request);
-			fail();
-		} catch( Exception e ) {
-			// expected
-		}
-		request.addParameter( DefaultHTTPUtilities.CSRF_TOKEN_NAME, token );
-		ESAPI.httpUtilities().verifyCSRFToken(request);
-	}
-
-	/**
-	 * Test of addCSRFToken method, of class org.owasp.esapi.HTTPUtilities.
-	 * @throws AuthenticationException 
-	 */
-	public void testAddCSRFToken() throws AuthenticationException {
-		Authenticator instance = ESAPI.authenticator();
-		String username = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-		User user = instance.createUser(username, "addCSRFToken", "addCSRFToken");
-		instance.setCurrentUser( user );
-
-		System.out.println("addCSRFToken");
-		String csrf1=ESAPI.httpUtilities().addCSRFToken("/test1");
-		System.out.println( "CSRF1:" + csrf1);
-		assertTrue(csrf1.indexOf("?") > -1);
-
-		String csrf2=ESAPI.httpUtilities().addCSRFToken("/test1?one=two");
-		System.out.println( "CSRF1:" + csrf1);
-		assertTrue(csrf2.indexOf("&") > -1);
-	}
-
-
-	/**
-	 * Test of assertSecureRequest method, of class org.owasp.esapi.HTTPUtilities.
-	 */
-	public void testAssertSecureRequest() {
-		System.out.println("assertSecureRequest");
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		try {
-			request.setRequestURL( "http://example.com");
-			ESAPI.httpUtilities().assertSecureRequest( request );
-			fail();
-		} catch( Exception e ) {
-			// pass
-		}
-		try {
-			request.setRequestURL( "ftp://example.com");
-			ESAPI.httpUtilities().assertSecureRequest( request );
-			fail();
-		} catch( Exception e ) {
-			// pass
-		}
-		try {
-			request.setRequestURL( "");
-			ESAPI.httpUtilities().assertSecureRequest( request );
-			fail();
-		} catch( Exception e ) {
-			// pass
-		}
-		try {
-			request.setRequestURL( null );
-			ESAPI.httpUtilities().assertSecureRequest( request );
-			fail();
-		} catch( Exception e ) {
-			// pass
-		}
-		try {
-			request.setRequestURL( "https://example.com");
-			ESAPI.httpUtilities().assertSecureRequest( request );
-			// pass
-		} catch( Exception e ) {
-			fail();
-		}
-	}
-
-
-	/**
-	 * Test of sendRedirect method, of class org.owasp.esapi.HTTPUtilities.
-	 * 
-	 * @throws EnterpriseSecurityException
-	 */
-	public void testChangeSessionIdentifier() throws EnterpriseSecurityException {
-		System.out.println("changeSessionIdentifier");
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		MockHttpServletResponse response = new MockHttpServletResponse();
-		MockHttpSession session = (MockHttpSession) request.getSession();
-		ESAPI.httpUtilities().setCurrentHTTP(request, response);
-		session.setAttribute("one", "one");
-		session.setAttribute("two", "two");
-		session.setAttribute("three", "three");
-		String id1 = session.getId();
-		session = (MockHttpSession) ESAPI.httpUtilities().changeSessionIdentifier( request );
-		String id2 = session.getId();
-		assertTrue(!id1.equals(id2));
-		assertEquals("one", (String) session.getAttribute("one"));
-	}
-
-	/**
-	 * Test of formatHttpRequestForLog method, of class org.owasp.esapi.HTTPUtilities.
-	 * @throws IOException 
-	 */
-	public void testGetFileUploads() throws IOException {
-		File home = null;
-
-		try
-		{
-			home = FileTestUtils.createTmpDirectory(CLASS_NAME);
-			String content = "--ridiculous\r\nContent-Disposition: form-data; name=\"upload\"; filename=\"testupload.txt\"\r\nContent-Type: application/octet-stream\r\n\r\nThis is a test of the multipart broadcast system.\r\nThis is only a test.\r\nStop.\r\n\r\n--ridiculous\r\nContent-Disposition: form-data; name=\"submit\"\r\n\r\nSubmit Query\r\n--ridiculous--\r\nEpilogue";
-
-			MockHttpServletResponse response = new MockHttpServletResponse();    
-			MockHttpServletRequest request1 = new MockHttpServletRequest("/test", content.getBytes(response.getCharacterEncoding()));
-			ESAPI.httpUtilities().setCurrentHTTP(request1, response);
-			try {
-				ESAPI.httpUtilities().getFileUploads(request1, home);
-				fail();
-			} catch( ValidationException e ) {
-				// expected
-			}
-
-			MockHttpServletRequest request2 = new MockHttpServletRequest("/test", content.getBytes(response.getCharacterEncoding()));
-			request2.setContentType( "multipart/form-data; boundary=ridiculous");
-			ESAPI.httpUtilities().setCurrentHTTP(request2, response);
-			try {
-				List list = ESAPI.httpUtilities().getFileUploads(request2, home);
-				Iterator i = list.iterator();
-				while ( i.hasNext() ) {
-					File f = (File)i.next();
-					System.out.println( "  " + f.getAbsolutePath() );
-				}
-				assertTrue( list.size() > 0 );
-			} catch (ValidationException e) {
-				fail();
-			}
-
-			MockHttpServletRequest request4 = new MockHttpServletRequest("/test", content.getBytes(response.getCharacterEncoding()));
-			request4.setContentType( "multipart/form-data; boundary=ridiculous");
-			ESAPI.httpUtilities().setCurrentHTTP(request4, response);
-			System.err.println("UPLOAD DIRECTORY: " + ESAPI.securityConfiguration().getUploadDirectory());
-			try {
-				List list = ESAPI.httpUtilities().getFileUploads(request4, home);
-				Iterator i = list.iterator();
-				while ( i.hasNext() ) {
-					File f = (File)i.next();
-					System.out.println( "  " + f.getAbsolutePath() );
-				}
-				assertTrue( list.size() > 0 );
-			} catch (ValidationException e) {
-				System.err.println("ERROR: " + e.toString());
-				fail();
-			}
-
-			MockHttpServletRequest request3 = new MockHttpServletRequest("/test", content.replaceAll("txt", "ridiculous").getBytes(response.getCharacterEncoding()));
-			request3.setContentType( "multipart/form-data; boundary=ridiculous");
-			ESAPI.httpUtilities().setCurrentHTTP(request3, response);
-			try {
-				ESAPI.httpUtilities().getFileUploads(request3, home);
-				fail();
-			} catch (ValidationException e) {
-				// expected
-			}
-		}
-		finally
-		{
-			FileTestUtils.deleteRecursively(home);
-		}
-
-	}
-
-
-
-	/**
-	 * Test of killAllCookies method, of class org.owasp.esapi.HTTPUtilities.
-	 */
-	public void testKillAllCookies() {
-		System.out.println("killAllCookies");
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		MockHttpServletResponse response = new MockHttpServletResponse();
-		assertTrue(response.getCookies().isEmpty());
-		ArrayList list = new ArrayList();
-		list.add(new Cookie("test1", "1"));
-		list.add(new Cookie("test2", "2"));
-		list.add(new Cookie("test3", "3"));
-		request.setCookies(list);
-		ESAPI.httpUtilities().killAllCookies(request, response);
-		assertTrue(response.getCookies().size() == 3);
-	}
-
-	/**
-	 * Test of killCookie method, of class org.owasp.esapi.HTTPUtilities.
-	 */
-	public void testKillCookie() {
-		System.out.println("killCookie");
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		MockHttpServletResponse response = new MockHttpServletResponse();
-		ESAPI.httpUtilities().setCurrentHTTP(request, response);
-		assertTrue(response.getCookies().isEmpty());
-		ArrayList list = new ArrayList();
-		list.add(new Cookie("test1", "1"));
-		list.add(new Cookie("test2", "2"));
-		list.add(new Cookie("test3", "3"));
-		request.setCookies(list);
-		ESAPI.httpUtilities().killCookie( request, response, "test1" );
-		assertTrue(response.getCookies().size() == 1);
-	}
-
-	/**
-	 * Test of sendRedirect method, of class org.owasp.esapi.HTTPUtilities.
-	 * 
-	 * @throws ValidationException the validation exception
-	 * @throws IOException Signals that an I/O exception has occurred.
-	 */
-	public void testSendSafeRedirect() throws Exception {
-		System.out.println("sendSafeRedirect");
-		MockHttpServletResponse response = new MockHttpServletResponse();
-		try {
-			ESAPI.httpUtilities().sendRedirect(response, "/test1/abcdefg");
-			ESAPI.httpUtilities().sendRedirect(response,"/test2/1234567");
-		} catch (IOException e) {
-			fail();
-		}
-		try {
-			ESAPI.httpUtilities().sendRedirect(response,"http://www.aspectsecurity.com");
-			fail();
-		} catch (IOException e) {
-			// expected
-		}
-		try {
-			ESAPI.httpUtilities().sendRedirect(response,"/ridiculous");
-			fail();
-		} catch (IOException e) {
-			// expected
-		}
-	}
-
-	/**
-	 * Test of setCookie method, of class org.owasp.esapi.HTTPUtilities.
-	 */
-	public void testSetCookie() {
-		System.out.println("setCookie");
-		HTTPUtilities instance = ESAPI.httpUtilities(); 
-		MockHttpServletResponse response = new MockHttpServletResponse();
-		assertTrue(response.getHeaderNames().isEmpty());
-
-		instance.addCookie( response, new Cookie( "test1", "test1" ) );
-		assertTrue(response.getHeaderNames().size() == 1);
-
-		instance.addCookie( response, new Cookie( "test2", "test2" ) );
-		assertTrue(response.getHeaderNames().size() == 2);
-
-		// test illegal name
-		instance.addCookie( response, new Cookie( "tes<t3", "test3" ) );
-		assertTrue(response.getHeaderNames().size() == 2);
-
-		// test illegal value
-		instance.addCookie( response, new Cookie( "test3", "tes<t3" ) );
-		assertTrue(response.getHeaderNames().size() == 2);
-	}
-
-	/**
-	 *
-	 * @throws java.lang.Exception
-	 */
-	public void testGetStateFromEncryptedCookie() throws Exception {
-		System.out.println("getStateFromEncryptedCookie");
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		MockHttpServletResponse response = new MockHttpServletResponse();
-
-		// test null cookie array
-		Map empty = ESAPI.httpUtilities().decryptStateFromCookie(request);
-		assertTrue( empty.isEmpty() );
-
-		HashMap map = new HashMap();
-		map.put( "one", "aspect" );
-		map.put( "two", "ridiculous" );
-		map.put( "test_hard", "&(@#*!^|;,." );
-		try {
-			ESAPI.httpUtilities().encryptStateInCookie(response, map);
-			String value = response.getHeader( "Set-Cookie" );
-			String encrypted = value.substring(value.indexOf("=")+1, value.indexOf(";"));
-			request.setCookie( DefaultHTTPUtilities.ESAPI_STATE, encrypted );
-			Map state = ESAPI.httpUtilities().decryptStateFromCookie(request);
-			Iterator i = map.entrySet().iterator();
-			while ( i.hasNext() ) {
-				Map.Entry entry = (Map.Entry)i.next();
-				String origname = (String)entry.getKey();
-				String origvalue = (String)entry.getValue();
-				if( !state.get( origname ).equals( origvalue ) ) {
-					fail();
-				}
-			}
-		} catch( EncryptionException e ) {
-			fail();
-		}
-	}
-
-	/**
-	 *
-	 */
-	public void testSaveStateInEncryptedCookie() {
-		System.out.println("saveStateInEncryptedCookie");
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		MockHttpServletResponse response = new MockHttpServletResponse();
-		ESAPI.httpUtilities().setCurrentHTTP(request, response);
-		HashMap map = new HashMap();
-		map.put( "one", "aspect" );
-		map.put( "two", "ridiculous" );
-		map.put( "test_hard", "&(@#*!^|;,." );
-		try {
-			ESAPI.httpUtilities().encryptStateInCookie(response,map);
-			String value = response.getHeader( "Set-Cookie" );
-			String encrypted = value.substring(value.indexOf("=")+1, value.indexOf(";"));
-			byte[] serializedCiphertext = Hex.decode(encrypted);
-	        CipherText restoredCipherText =
-	            CipherText.fromPortableSerializedBytes(serializedCiphertext);
-	        ESAPI.encryptor().decrypt(restoredCipherText);
-		} catch( EncryptionException e ) {
-			fail();
-		}
-	}
-
-
-	/**
-	 *
-	 */
-	public void testSaveTooLongStateInEncryptedCookieException() {
-		System.out.println("saveTooLongStateInEncryptedCookie");
-
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		MockHttpServletResponse response = new MockHttpServletResponse();
-		ESAPI.httpUtilities().setCurrentHTTP(request, response);
-
-		String foo = ESAPI.randomizer().getRandomString(4096, EncoderConstants.CHAR_ALPHANUMERICS);
-
-		HashMap map = new HashMap();
-		map.put("long", foo);
-		try {
-			ESAPI.httpUtilities().encryptStateInCookie(response, map);
-			fail("Should have thrown an exception");
-		}
-		catch (EncryptionException expected) {
-			//expected
-		}    	
-	}
-
-	/**
-	 * Test set no cache headers.
-	 */
-	public void testSetNoCacheHeaders() {
-		System.out.println("setNoCacheHeaders");
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		MockHttpServletResponse response = new MockHttpServletResponse();
-		ESAPI.httpUtilities().setCurrentHTTP(request, response);
-		assertTrue(response.getHeaderNames().isEmpty());
-		response.addHeader("test1", "1");
-		response.addHeader("test2", "2");
-		response.addHeader("test3", "3");
-		assertFalse(response.getHeaderNames().isEmpty());
-		ESAPI.httpUtilities().setNoCacheHeaders( response );
-		assertTrue(response.containsHeader("Cache-Control"));
-		assertTrue(response.containsHeader("Expires"));
-	}
-
-	/**
-	 *
-	 * @throws org.owasp.esapi.errors.AuthenticationException
-	 */
-	public void testSetRememberToken() throws AuthenticationException {
-		System.out.println("setRememberToken");
-		Authenticator instance = (Authenticator)ESAPI.authenticator();
-		String accountName=ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-		String password = instance.generateStrongPassword();
-		User user = instance.createUser(accountName, password, password);
-		user.enable();
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		request.addParameter("username", accountName);
-		request.addParameter("password", password);
-		MockHttpServletResponse response = new MockHttpServletResponse();
-		instance.login( request, response);
-
-		int maxAge = ( 60 * 60 * 24 * 14 );
-		ESAPI.httpUtilities().setRememberToken( request, response, password, maxAge, "domain", "/" );
-		// Can't test this because we're using safeSetCookie, which sets a header, not a real cookie!
-		// String value = response.getCookie( Authenticator.REMEMBER_TOKEN_COOKIE_NAME ).getValue();
-		// assertEquals( user.getRememberToken(), value );
-	}
-
-	public void testGetSessionAttribute() throws Exception {
-		HttpServletRequest request = new MockHttpServletRequest();
-		HttpSession session = request.getSession();
-		session.setAttribute("testAttribute", 43f);
-
-		try {
-			Integer test1 = ESAPI.httpUtilities().getSessionAttribute( session, "testAttribute" );
-			fail();
-		} catch ( ClassCastException cce ) {}
-
-		Float test2 = ESAPI.httpUtilities().getSessionAttribute( session, "testAttribute" );
-		assertEquals( test2, 43f );
-	}
-
-	public void testGetRequestAttribute() throws Exception {
-		HttpServletRequest request = new MockHttpServletRequest();
-		request.setAttribute( "testAttribute", 43f );
-		try {
-			Integer test1 = ESAPI.httpUtilities().getRequestAttribute( request, "testAttribute" );
-			fail();
-		} catch ( ClassCastException cce ) {}
-
-		Float test2 = ESAPI.httpUtilities().getRequestAttribute( request, "testAttribute" );
-		assertEquals( test2, 43f );
-	}
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+import org.owasp.esapi.Authenticator;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.EncoderConstants;
+import org.owasp.esapi.HTTPUtilities;
+import org.owasp.esapi.User;
+import org.owasp.esapi.codecs.Hex;
+import org.owasp.esapi.crypto.CipherText;
+import org.owasp.esapi.crypto.PlainText;
+import org.owasp.esapi.errors.AccessControlException;
+import org.owasp.esapi.errors.AuthenticationException;
+import org.owasp.esapi.errors.EncryptionException;
+import org.owasp.esapi.errors.EnterpriseSecurityException;
+import org.owasp.esapi.errors.ValidationException;
+import org.owasp.esapi.http.MockHttpServletRequest;
+import org.owasp.esapi.http.MockHttpServletResponse;
+import org.owasp.esapi.http.MockHttpSession;
+import org.owasp.esapi.util.FileTestUtils;
+
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+import java.io.File;
+import java.io.IOException;
+import java.util.*;
+
+/**
+ * The Class HTTPUtilitiesTest.
+ * 
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class HTTPUtilitiesTest extends TestCase
+{
+	private static final Class<HTTPUtilitiesTest> CLASS = HTTPUtilitiesTest.class;
+	private static final String CLASS_NAME = CLASS.getName();
+
+	/**
+	 * Suite.
+	 * 
+	 * @return the test
+	 */
+	public static Test suite() {
+		return new TestSuite(HTTPUtilitiesTest.class);
+	}
+
+	/**
+	 * Instantiates a new HTTP utilities test.
+	 * 
+	 * @param testName the test name
+	 */
+	public HTTPUtilitiesTest(String testName) {
+		super(testName);
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @throws Exception
+	 */
+	protected void setUp() throws Exception {
+		// none
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @throws Exception
+	 */
+	protected void tearDown() throws Exception {
+		// none
+	}
+
+	public void testCSRFToken() throws Exception {
+		System.out.println( "CSRFToken");
+		String username = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+		User user = ESAPI.authenticator().createUser(username, "addCSRFToken", "addCSRFToken");
+		ESAPI.authenticator().setCurrentUser( user );
+		String token = ESAPI.httpUtilities().getCSRFToken();
+		assertEquals( 8, token.length() );
+		MockHttpServletRequest request = new MockHttpServletRequest();
+		try {
+			ESAPI.httpUtilities().verifyCSRFToken(request);
+			fail();
+		} catch( Exception e ) {
+			// expected
+		}
+		request.addParameter( DefaultHTTPUtilities.CSRF_TOKEN_NAME, token );
+		ESAPI.httpUtilities().verifyCSRFToken(request);
+	}
+
+	/**
+	 * Test of addCSRFToken method, of class org.owasp.esapi.HTTPUtilities.
+	 * @throws AuthenticationException 
+	 */
+	public void testAddCSRFToken() throws AuthenticationException {
+		Authenticator instance = ESAPI.authenticator();
+		String username = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+		User user = instance.createUser(username, "addCSRFToken", "addCSRFToken");
+		instance.setCurrentUser( user );
+
+		System.out.println("addCSRFToken");
+		String csrf1=ESAPI.httpUtilities().addCSRFToken("/test1");
+		System.out.println( "CSRF1:" + csrf1);
+		assertTrue(csrf1.indexOf("?") > -1);
+
+		String csrf2=ESAPI.httpUtilities().addCSRFToken("/test1?one=two");
+		System.out.println( "CSRF1:" + csrf1);
+		assertTrue(csrf2.indexOf("&") > -1);
+	}
+
+
+	/**
+	 * Test of assertSecureRequest method, of class org.owasp.esapi.HTTPUtilities.
+	 */
+	public void testAssertSecureRequest() {
+		System.out.println("assertSecureRequest");
+		MockHttpServletRequest request = new MockHttpServletRequest();
+		try {
+			request.setRequestURL( "http://example.com");
+			ESAPI.httpUtilities().assertSecureRequest( request );
+			fail();
+		} catch( Exception e ) {
+			// pass
+		}
+		try {
+			request.setRequestURL( "ftp://example.com");
+			ESAPI.httpUtilities().assertSecureRequest( request );
+			fail();
+		} catch( Exception e ) {
+			// pass
+		}
+		try {
+			request.setRequestURL( "");
+			ESAPI.httpUtilities().assertSecureRequest( request );
+			fail();
+		} catch( Exception e ) {
+			// pass
+		}
+		try {
+			request.setRequestURL( null );
+			ESAPI.httpUtilities().assertSecureRequest( request );
+			fail();
+		} catch( Exception e ) {
+			// pass
+		}
+		try {
+			request.setRequestURL( "https://example.com");
+			ESAPI.httpUtilities().assertSecureRequest( request );
+			// pass
+		} catch( Exception e ) {
+			fail();
+		}
+	}
+
+
+	/**
+	 * Test of sendRedirect method, of class org.owasp.esapi.HTTPUtilities.
+	 * 
+	 * @throws EnterpriseSecurityException
+	 */
+	public void testChangeSessionIdentifier() throws EnterpriseSecurityException {
+		System.out.println("changeSessionIdentifier");
+		MockHttpServletRequest request = new MockHttpServletRequest();
+		MockHttpServletResponse response = new MockHttpServletResponse();
+		MockHttpSession session = (MockHttpSession) request.getSession();
+		ESAPI.httpUtilities().setCurrentHTTP(request, response);
+		session.setAttribute("one", "one");
+		session.setAttribute("two", "two");
+		session.setAttribute("three", "three");
+		String id1 = session.getId();
+		session = (MockHttpSession) ESAPI.httpUtilities().changeSessionIdentifier( request );
+		String id2 = session.getId();
+		assertTrue(!id1.equals(id2));
+		assertEquals("one", (String) session.getAttribute("one"));
+	}
+
+	/**
+	 * Test of formatHttpRequestForLog method, of class org.owasp.esapi.HTTPUtilities.
+	 * @throws IOException 
+	 */
+	public void testGetFileUploads() throws IOException {
+		File home = null;
+
+		try
+		{
+			home = FileTestUtils.createTmpDirectory(CLASS_NAME);
+			String content = "--ridiculous\r\nContent-Disposition: form-data; name=\"upload\"; filename=\"testupload.txt\"\r\nContent-Type: application/octet-stream\r\n\r\nThis is a test of the multipart broadcast system.\r\nThis is only a test.\r\nStop.\r\n\r\n--ridiculous\r\nContent-Disposition: form-data; name=\"submit\"\r\n\r\nSubmit Query\r\n--ridiculous--\r\nEpilogue";
+
+			MockHttpServletResponse response = new MockHttpServletResponse();    
+			MockHttpServletRequest request1 = new MockHttpServletRequest("/test", content.getBytes(response.getCharacterEncoding()));
+			ESAPI.httpUtilities().setCurrentHTTP(request1, response);
+			try {
+				ESAPI.httpUtilities().getFileUploads(request1, home);
+				fail();
+			} catch( ValidationException e ) {
+				// expected
+			}
+
+			MockHttpServletRequest request2 = new MockHttpServletRequest("/test", content.getBytes(response.getCharacterEncoding()));
+			request2.setContentType( "multipart/form-data; boundary=ridiculous");
+			ESAPI.httpUtilities().setCurrentHTTP(request2, response);
+			try {
+				List list = ESAPI.httpUtilities().getFileUploads(request2, home);
+				Iterator i = list.iterator();
+				while ( i.hasNext() ) {
+					File f = (File)i.next();
+					System.out.println( "  " + f.getAbsolutePath() );
+				}
+				assertTrue( list.size() > 0 );
+			} catch (ValidationException e) {
+				fail();
+			}
+
+			MockHttpServletRequest request4 = new MockHttpServletRequest("/test", content.getBytes(response.getCharacterEncoding()));
+			request4.setContentType( "multipart/form-data; boundary=ridiculous");
+			ESAPI.httpUtilities().setCurrentHTTP(request4, response);
+			System.err.println("UPLOAD DIRECTORY: " + ESAPI.securityConfiguration().getUploadDirectory());
+			try {
+				List list = ESAPI.httpUtilities().getFileUploads(request4, home);
+				Iterator i = list.iterator();
+				while ( i.hasNext() ) {
+					File f = (File)i.next();
+					System.out.println( "  " + f.getAbsolutePath() );
+				}
+				assertTrue( list.size() > 0 );
+			} catch (ValidationException e) {
+				System.err.println("ERROR: " + e.toString());
+				fail();
+			}
+
+			MockHttpServletRequest request3 = new MockHttpServletRequest("/test", content.replaceAll("txt", "ridiculous").getBytes(response.getCharacterEncoding()));
+			request3.setContentType( "multipart/form-data; boundary=ridiculous");
+			ESAPI.httpUtilities().setCurrentHTTP(request3, response);
+			try {
+				ESAPI.httpUtilities().getFileUploads(request3, home);
+				fail();
+			} catch (ValidationException e) {
+				// expected
+			}
+		}
+		finally
+		{
+			FileTestUtils.deleteRecursively(home);
+		}
+
+	}
+
+
+
+	/**
+	 * Test of killAllCookies method, of class org.owasp.esapi.HTTPUtilities.
+	 */
+	public void testKillAllCookies() {
+		System.out.println("killAllCookies");
+		MockHttpServletRequest request = new MockHttpServletRequest();
+		MockHttpServletResponse response = new MockHttpServletResponse();
+		assertTrue(response.getCookies().isEmpty());
+		ArrayList list = new ArrayList();
+		list.add(new Cookie("test1", "1"));
+		list.add(new Cookie("test2", "2"));
+		list.add(new Cookie("test3", "3"));
+		request.setCookies(list);
+		ESAPI.httpUtilities().killAllCookies(request, response);
+		assertTrue(response.getCookies().size() == 3);
+	}
+
+	/**
+	 * Test of killCookie method, of class org.owasp.esapi.HTTPUtilities.
+	 */
+	public void testKillCookie() {
+		System.out.println("killCookie");
+		MockHttpServletRequest request = new MockHttpServletRequest();
+		MockHttpServletResponse response = new MockHttpServletResponse();
+		ESAPI.httpUtilities().setCurrentHTTP(request, response);
+		assertTrue(response.getCookies().isEmpty());
+		ArrayList list = new ArrayList();
+		list.add(new Cookie("test1", "1"));
+		list.add(new Cookie("test2", "2"));
+		list.add(new Cookie("test3", "3"));
+		request.setCookies(list);
+		ESAPI.httpUtilities().killCookie( request, response, "test1" );
+		assertTrue(response.getCookies().size() == 1);
+	}
+
+	/**
+	 * Test of sendRedirect method, of class org.owasp.esapi.HTTPUtilities.
+	 * 
+	 * @throws ValidationException the validation exception
+	 * @throws IOException Signals that an I/O exception has occurred.
+	 */
+	public void testSendSafeRedirect() throws Exception {
+		System.out.println("sendSafeRedirect");
+		MockHttpServletResponse response = new MockHttpServletResponse();
+		try {
+			ESAPI.httpUtilities().sendRedirect(response, "/test1/abcdefg");
+			ESAPI.httpUtilities().sendRedirect(response,"/test2/1234567");
+		} catch (AccessControlException e) {
+			fail();
+		}
+		try {
+			ESAPI.httpUtilities().sendRedirect(response,"http://www.aspectsecurity.com");
+			fail();
+		} catch (AccessControlException e) {
+			// expected
+		}
+		try {
+			ESAPI.httpUtilities().sendRedirect(response,"/ridiculous");
+			fail();
+		} catch (AccessControlException e) {
+			// expected
+		}
+	}
+
+	/**
+	 * Test of setCookie method, of class org.owasp.esapi.HTTPUtilities.
+	 */
+	public void testSetCookie() {
+		System.out.println("setCookie");
+		HTTPUtilities instance = ESAPI.httpUtilities(); 
+		MockHttpServletResponse response = new MockHttpServletResponse();
+		assertTrue(response.getHeaderNames().isEmpty());
+
+		instance.addCookie( response, new Cookie( "test1", "test1" ) );
+		assertTrue(response.getHeaderNames().size() == 1);
+
+		instance.addCookie( response, new Cookie( "test2", "test2" ) );
+		assertTrue(response.getHeaderNames().size() == 2);
+
+		// test illegal name
+		instance.addCookie( response, new Cookie( "tes<t3", "test3" ) );
+		assertTrue(response.getHeaderNames().size() == 2);
+
+		// test illegal value
+		instance.addCookie( response, new Cookie( "test3", "tes<t3" ) );
+		assertTrue(response.getHeaderNames().size() == 2);
+	}
+
+	/**
+	 *
+	 * @throws java.lang.Exception
+	 */
+	public void testGetStateFromEncryptedCookie() throws Exception {
+		System.out.println("getStateFromEncryptedCookie");
+		MockHttpServletRequest request = new MockHttpServletRequest();
+		MockHttpServletResponse response = new MockHttpServletResponse();
+
+		// test null cookie array
+		Map empty = ESAPI.httpUtilities().decryptStateFromCookie(request);
+		assertTrue( empty.isEmpty() );
+
+		HashMap map = new HashMap();
+		map.put( "one", "aspect" );
+		map.put( "two", "ridiculous" );
+		map.put( "test_hard", "&(@#*!^|;,." );
+		try {
+			ESAPI.httpUtilities().encryptStateInCookie(response, map);
+			String value = response.getHeader( "Set-Cookie" );
+			String encrypted = value.substring(value.indexOf("=")+1, value.indexOf(";"));
+			request.setCookie( DefaultHTTPUtilities.ESAPI_STATE, encrypted );
+			Map state = ESAPI.httpUtilities().decryptStateFromCookie(request);
+			Iterator i = map.entrySet().iterator();
+			while ( i.hasNext() ) {
+				Map.Entry entry = (Map.Entry)i.next();
+				String origname = (String)entry.getKey();
+				String origvalue = (String)entry.getValue();
+				if( !state.get( origname ).equals( origvalue ) ) {
+					fail();
+				}
+			}
+		} catch( EncryptionException e ) {
+			fail();
+		}
+	}
+
+	/**
+	 *
+	 */
+	public void testSaveStateInEncryptedCookie() {
+		System.out.println("saveStateInEncryptedCookie");
+		MockHttpServletRequest request = new MockHttpServletRequest();
+		MockHttpServletResponse response = new MockHttpServletResponse();
+		ESAPI.httpUtilities().setCurrentHTTP(request, response);
+		HashMap map = new HashMap();
+		map.put( "one", "aspect" );
+		map.put( "two", "ridiculous" );
+		map.put( "test_hard", "&(@#*!^|;,." );
+		try {
+			ESAPI.httpUtilities().encryptStateInCookie(response,map);
+			String value = response.getHeader( "Set-Cookie" );
+			String encrypted = value.substring(value.indexOf("=")+1, value.indexOf(";"));
+			byte[] serializedCiphertext = Hex.decode(encrypted);
+	        CipherText restoredCipherText =
+	            CipherText.fromPortableSerializedBytes(serializedCiphertext);
+	        ESAPI.encryptor().decrypt(restoredCipherText);
+		} catch( EncryptionException e ) {
+			fail();
+		}
+	}
+
+
+	/**
+	 *
+	 */
+	public void testSaveTooLongStateInEncryptedCookieException() {
+		System.out.println("saveTooLongStateInEncryptedCookie");
+
+		MockHttpServletRequest request = new MockHttpServletRequest();
+		MockHttpServletResponse response = new MockHttpServletResponse();
+		ESAPI.httpUtilities().setCurrentHTTP(request, response);
+
+		String foo = ESAPI.randomizer().getRandomString(4096, EncoderConstants.CHAR_ALPHANUMERICS);
+
+		HashMap map = new HashMap();
+		map.put("long", foo);
+		try {
+			ESAPI.httpUtilities().encryptStateInCookie(response, map);
+			fail("Should have thrown an exception");
+		}
+		catch (EncryptionException expected) {
+			//expected
+		}    	
+	}
+
+	/**
+	 * Test set no cache headers.
+	 */
+	public void testSetNoCacheHeaders() {
+		System.out.println("setNoCacheHeaders");
+		MockHttpServletRequest request = new MockHttpServletRequest();
+		MockHttpServletResponse response = new MockHttpServletResponse();
+		ESAPI.httpUtilities().setCurrentHTTP(request, response);
+		assertTrue(response.getHeaderNames().isEmpty());
+		response.addHeader("test1", "1");
+		response.addHeader("test2", "2");
+		response.addHeader("test3", "3");
+		assertFalse(response.getHeaderNames().isEmpty());
+		ESAPI.httpUtilities().setNoCacheHeaders( response );
+		assertTrue(response.containsHeader("Cache-Control"));
+		assertTrue(response.containsHeader("Expires"));
+	}
+
+	/**
+	 *
+	 * @throws org.owasp.esapi.errors.AuthenticationException
+	 */
+	public void testSetRememberToken() throws AuthenticationException {
+		System.out.println("setRememberToken");
+		Authenticator instance = (Authenticator)ESAPI.authenticator();
+		String accountName=ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+		String password = instance.generateStrongPassword();
+		User user = instance.createUser(accountName, password, password);
+		user.enable();
+		MockHttpServletRequest request = new MockHttpServletRequest();
+		request.addParameter("username", accountName);
+		request.addParameter("password", password);
+		MockHttpServletResponse response = new MockHttpServletResponse();
+		instance.login( request, response);
+
+		int maxAge = ( 60 * 60 * 24 * 14 );
+		ESAPI.httpUtilities().setRememberToken( request, response, password, maxAge, "domain", "/" );
+		// Can't test this because we're using safeSetCookie, which sets a header, not a real cookie!
+		// String value = response.getCookie( Authenticator.REMEMBER_TOKEN_COOKIE_NAME ).getValue();
+		// assertEquals( user.getRememberToken(), value );
+	}
+
+	public void testGetSessionAttribute() throws Exception {
+		HttpServletRequest request = new MockHttpServletRequest();
+		HttpSession session = request.getSession();
+		session.setAttribute("testAttribute", 43f);
+
+		try {
+			Integer test1 = ESAPI.httpUtilities().getSessionAttribute( session, "testAttribute" );
+			fail();
+		} catch ( ClassCastException cce ) {}
+
+		Float test2 = ESAPI.httpUtilities().getSessionAttribute( session, "testAttribute" );
+		assertEquals( test2, 43f );
+	}
+
+	public void testGetRequestAttribute() throws Exception {
+		HttpServletRequest request = new MockHttpServletRequest();
+		request.setAttribute( "testAttribute", 43f );
+		try {
+			Integer test1 = ESAPI.httpUtilities().getRequestAttribute( request, "testAttribute" );
+			fail();
+		} catch ( ClassCastException cce ) {}
+
+		Float test2 = ESAPI.httpUtilities().getRequestAttribute( request, "testAttribute" );
+		assertEquals( test2, 43f );
+	}
+}
diff --git a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
index f1bf4b914..8ac1e26b9 100644
--- a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
+++ b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
@@ -1,1150 +1,1150 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- *
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- *
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- *
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference;
-
-import java.io.BufferedReader;
-import java.io.ByteArrayInputStream;
-import java.io.File;
-import java.io.IOException;
-import java.io.InputStreamReader;
-import java.io.UnsupportedEncodingException;
-import java.text.DateFormat;
-import java.text.SimpleDateFormat;
-import java.util.*;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-
-import org.owasp.esapi.*;
-import org.owasp.esapi.errors.ValidationException;
-import org.owasp.esapi.filters.SecurityWrapperRequest;
-import org.owasp.esapi.http.MockHttpServletRequest;
-import org.owasp.esapi.http.MockHttpServletResponse;
-import org.owasp.esapi.reference.validation.HTMLValidationRule;
-import org.owasp.esapi.reference.validation.StringValidationRule;
-
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-
-/**
- * The Class ValidatorTest.
- *
- * @author Mike Fauzy (mike.fauzy@aspectsecurity.com)
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class ValidatorTest extends TestCase {
-
-    private static final String PREFERRED_ENCODING = "UTF-8";
-
-    public static Test suite() {
-        return new TestSuite(ValidatorTest.class);
-    }
-
-    /**
-     * Instantiates a new HTTP utilities test.
-     *
-     * @param testName the test name
-     */
-    public ValidatorTest(String testName) {
-        super(testName);
-    }
-
-    /**
-     * {@inheritDoc}
-     *
-     * @throws Exception
-     */
-    protected void setUp() throws Exception {
-        // none
-    }
-
-    /**
-     * {@inheritDoc}
-     *
-     * @throws Exception
-     */
-    protected void tearDown() throws Exception {
-        // none
-    }
-
-    public void testAddRule() {
-        Validator validator = ESAPI.validator();
-        ValidationRule rule = new StringValidationRule("ridiculous");
-        validator.addRule(rule);
-        assertEquals(rule, validator.getRule("ridiculous"));
-    }
-
-    public void testAssertValidFileUpload() {
-        //		assertValidFileUpload(String, String, String, byte[], int, boolean, ValidationErrorList)
-    }
-
-    public void testGetPrintable1() {
-        //		getValidPrintable(String, char[], int, boolean, ValidationErrorList)
-    }
-
-    public void testGetPrintable2() {
-        //		getValidPrintable(String, String, int, boolean, ValidationErrorList)
-    }
-
-    public void testGetRule() {
-        Validator validator = ESAPI.validator();
-        ValidationRule rule = new StringValidationRule("rule");
-        validator.addRule(rule);
-        assertEquals(rule, validator.getRule("rule"));
-        assertFalse(rule == validator.getRule("ridiculous"));
-    }
-
-    public void testGetValidCreditCard() {
-        System.out.println("getValidCreditCard");
-        Validator instance = ESAPI.validator();
-        ValidationErrorList errors = new ValidationErrorList();
-
-        assertTrue(instance.isValidCreditCard("cctest1", "1234 9876 0000 0008", false));
-        assertTrue(instance.isValidCreditCard("cctest2", "1234987600000008", false));
-        assertFalse(instance.isValidCreditCard("cctest3", "12349876000000081", false));
-        assertFalse(instance.isValidCreditCard("cctest4", "4417 1234 5678 9112", false));
-
-        instance.getValidCreditCard("cctest5", "1234 9876 0000 0008", false, errors);
-        assertEquals(0, errors.size());
-        instance.getValidCreditCard("cctest6", "1234987600000008", false, errors);
-        assertEquals(0, errors.size());
-        instance.getValidCreditCard("cctest7", "12349876000000081", false, errors);
-        assertEquals(1, errors.size());
-        instance.getValidCreditCard("cctest8", "4417 1234 5678 9112", false, errors);
-        assertEquals(2, errors.size());
-
-        assertTrue(instance.isValidCreditCard("cctest1", "1234 9876 0000 0008", false, errors));
-        assertTrue(errors.size()==2);
-        assertTrue(instance.isValidCreditCard("cctest2", "1234987600000008", false, errors));
-        assertTrue(errors.size()==2);
-        assertFalse(instance.isValidCreditCard("cctest3", "12349876000000081", false, errors));
-        assertTrue(errors.size()==3);
-        assertFalse(instance.isValidCreditCard("cctest4", "4417 1234 5678 9112", false, errors));
-        assertTrue(errors.size()==4);
-    }
-
-    public void testGetValidDate() throws Exception {
-    	System.out.println("getValidDate");
-    	Validator instance = ESAPI.validator();
-    	ValidationErrorList errors = new ValidationErrorList();
-    	assertTrue(instance.getValidDate("datetest1", "June 23, 1967", DateFormat.getDateInstance(DateFormat.MEDIUM, Locale.US), false) != null);
-    	instance.getValidDate("datetest2", "freakshow", DateFormat.getDateInstance(), false, errors);
-    	assertEquals(1, errors.size());
-
-    	// TODO: This test case fails due to an apparent bug in SimpleDateFormat
-    	// Note: This seems to be fixed in JDK 6. Will leave it commented out since
-    	//		 we only require JDK 5. -kww
-    	instance.getValidDate("test", "June 32, 2008", DateFormat.getDateInstance(), false, errors);
-    	// assertEquals( 2, errors.size() );
-    }
-    
-    // FIXME: Should probably use SecurityConfigurationWrapper and force
-    //		  Validator.AcceptLenientDates to be false.
-    public void testLenientDate() {
-    	System.out.println("testLenientDate");
-    	boolean acceptLenientDates = ESAPI.securityConfiguration().getLenientDatesAccepted();
-    	if ( acceptLenientDates ) {
-    		assertTrue("Lenient date test skipped because Validator.AcceptLenientDates set to true", true);
-    		return;
-    	}
-
-    	Date lenientDateTest = null;
-    	try {
-    		// lenientDateTest will be null when Validator.AcceptLenientDates
-    		// is set to false (the default).
-    		Validator instance = ESAPI.validator();
-    		lenientDateTest = instance.getValidDate("datatest3-lenient", "15/2/2009 11:83:00",
-    				                                DateFormat.getDateInstance(DateFormat.SHORT, Locale.US),
-    				                                false);
-    		fail("Failed to throw expected ValidationException when Validator.AcceptLenientDates set to false.");
-    	} catch (ValidationException ve) {
-    		assertNull( lenientDateTest );
-    		Throwable cause = ve.getCause();
-    		assertTrue( cause.getClass().getName().equals("java.text.ParseException") );
-    	} catch (Exception e) {
-    		fail("Caught unexpected exception: " + e.getClass().getName() + "; msg: " + e);
-    	}
-    }
-
-    public void testGetValidDirectoryPath() throws Exception {
-        System.out.println("getValidDirectoryPath");
-        Validator instance = ESAPI.validator();
-        ValidationErrorList errors = new ValidationErrorList();
-        // find a directory that exists
-        File parent = new File("/");
-        String path = ESAPI.securityConfiguration().getResourceFile("ESAPI.properties").getParentFile().getCanonicalPath();
-        instance.getValidDirectoryPath("dirtest1", path, parent, true, errors);
-        assertEquals(0, errors.size());
-        instance.getValidDirectoryPath("dirtest2", null, parent, false, errors);
-        assertEquals(1, errors.size());
-        instance.getValidDirectoryPath("dirtest3", "ridicul%00ous", parent, false, errors);
-        assertEquals(2, errors.size());
-    }
-
-    public void testGetValidDouble() {
-        System.out.println("getValidDouble");
-        Validator instance = ESAPI.validator();
-        ValidationErrorList errors = new ValidationErrorList();
-        instance.getValidDouble("dtest1", "1.0", 0, 20, true, errors);
-        assertEquals(0, errors.size());
-        instance.getValidDouble("dtest2", null, 0, 20, true, errors);
-        assertEquals(0, errors.size());
-        instance.getValidDouble("dtest3", null, 0, 20, false, errors);
-        assertEquals(1, errors.size());
-        instance.getValidDouble("dtest4", "ridiculous", 0, 20, true, errors);
-        assertEquals(2, errors.size());
-        instance.getValidDouble("dtest5", "" + (Double.MAX_VALUE), 0, 20, true, errors);
-        assertEquals(3, errors.size());
-        instance.getValidDouble("dtest6", "" + (Double.MAX_VALUE + .00001), 0, 20, true, errors);
-        assertEquals(4, errors.size());
-    }
-
-    public void testGetValidFileContent() {
-        System.out.println("getValidFileContent");
-        Validator instance = ESAPI.validator();
-        ValidationErrorList errors = new ValidationErrorList();
-        byte[] bytes = null;
-        try {
-            bytes = "12345".getBytes(PREFERRED_ENCODING);
-        }
-        catch (UnsupportedEncodingException e) {
-            fail(PREFERRED_ENCODING + " not a supported encoding?!?!!");
-        }
-        instance.getValidFileContent("test", bytes, 5, true, errors);
-        assertEquals(0, errors.size());
-        instance.getValidFileContent("test", bytes, 4, true, errors);
-        assertEquals(1, errors.size());
-    }
-
-    public void testGetValidFileName() throws Exception {
-        System.out.println("getValidFileName");
-        Validator instance = ESAPI.validator();
-        ValidationErrorList errors = new ValidationErrorList();
-        String testName = "aspe%20ct.jar";
-        assertEquals("Percent encoding is not changed", testName, instance.getValidFileName("test", testName, ESAPI.securityConfiguration().getAllowedFileExtensions(), false, errors));
-    }
-
-    public void testGetValidInput() {
-        System.out.println("getValidInput");
-        Validator instance = ESAPI.validator();
-        ValidationErrorList errors = new ValidationErrorList();
-        // instance.getValidInput(String, String, String, int, boolean, ValidationErrorList)
-    }
-
-    public void testGetValidInteger() {
-        System.out.println("getValidInteger");
-        Validator instance = ESAPI.validator();
-        ValidationErrorList errors = new ValidationErrorList();
-        // instance.getValidInteger(String, String, int, int, boolean, ValidationErrorList)
-    }
-
-    public void testGetValidListItem() {
-        System.out.println("getValidListItem");
-        Validator instance = ESAPI.validator();
-        ValidationErrorList errors = new ValidationErrorList();
-        // instance.getValidListItem(String, String, List, ValidationErrorList)
-    }
-
-    public void testGetValidNumber() {
-        System.out.println("getValidNumber");
-        Validator instance = ESAPI.validator();
-        ValidationErrorList errors = new ValidationErrorList();
-        // instance.getValidNumber(String, String, long, long, boolean, ValidationErrorList)
-    }
-
-    public void testGetValidRedirectLocation() {
-        System.out.println("getValidRedirectLocation");
-        Validator instance = ESAPI.validator();
-        ValidationErrorList errors = new ValidationErrorList();
-        // instance.getValidRedirectLocation(String, String, boolean, ValidationErrorList)
-    }
-
-    public void testGetValidSafeHTML() throws Exception {
-        System.out.println("getValidSafeHTML");
-        Validator instance = ESAPI.validator();
-        ValidationErrorList errors = new ValidationErrorList();
-
-        // new school test case setup
-        HTMLValidationRule rule = new HTMLValidationRule("test");
-        ESAPI.validator().addRule(rule);
-
-        assertEquals("Test.", ESAPI.validator().getRule("test").getValid("test", "Test. <script>alert(document.cookie)</script>"));
-
-        String test1 = "<b>Jeff</b>";
-        String result1 = instance.getValidSafeHTML("test", test1, 100, false, errors);
-        assertEquals(test1, result1);
-
-        String test2 = "<a href=\"http://www.aspectsecurity.com\">Aspect Security</a>";
-        String result2 = instance.getValidSafeHTML("test", test2, 100, false, errors);
-        assertEquals(test2, result2);
-
-        String test3 = "Test. <script>alert(document.cookie)</script>";
-        assertEquals("Test.", rule.getSafe("test", test3));
-
-        assertEquals("Test. &lt;<div>load=alert()</div>", rule.getSafe("test", "Test. <<div on<script></script>load=alert()"));
-        assertEquals("Test. <div>b</div>", rule.getSafe("test", "Test. <div style={xss:expression(xss)}>b</div>"));
-        assertEquals("Test.", rule.getSafe("test", "Test. <s%00cript>alert(document.cookie)</script>"));
-        assertEquals("Test. alert(document.cookie)", rule.getSafe("test", "Test. <s\tcript>alert(document.cookie)</script>"));
-        assertEquals("Test. alert(document.cookie)", rule.getSafe("test", "Test. <s\tcript>alert(document.cookie)</script>"));
-        // TODO: ENHANCE waiting for a way to validate text headed for an attribute for scripts
-        // This would be nice to catch, but just looks like text to AntiSamy
-        // assertFalse(instance.isValidSafeHTML("test", "\" onload=\"alert(document.cookie)\" "));
-        // String result4 = instance.getValidSafeHTML("test", test4);
-        // assertEquals("", result4);
-    }
-
-    public void testIsInvalidFilename() {
-        System.out.println("testIsInvalidFilename");
-        Validator instance = ESAPI.validator();
-        char invalidChars[] = "/\\:*?\"<>|".toCharArray();
-        for (int i = 0; i < invalidChars.length; i++) {
-            assertFalse(invalidChars[i] + " is an invalid character for a filename",
-                    instance.isValidFileName("test", "as" + invalidChars[i] + "pect.jar", false));
-        }
-        assertFalse("Files must have an extension", instance.isValidFileName("test", "", false));
-        assertFalse("Files must have a valid extension", instance.isValidFileName("test.invalidExtension", "", false));
-        assertFalse("Filennames cannot be the empty string", instance.isValidFileName("test", "", false));
-    }
-
-    public void testIsValidDate() {
-        System.out.println("isValidDate");
-        Validator instance = ESAPI.validator();
-        DateFormat format = SimpleDateFormat.getDateInstance(SimpleDateFormat.MEDIUM, Locale.US);
-        assertTrue(instance.isValidDate("datetest1", "September 11, 2001", format, true));
-        assertFalse(instance.isValidDate("datetest2", null, format, false));
-        assertFalse(instance.isValidDate("datetest3", "", format, false));
-
-        ValidationErrorList errors = new ValidationErrorList();
-        assertTrue(instance.isValidDate("datetest1", "September 11, 2001", format, true, errors));
-        assertTrue(errors.size()==0);
-        assertFalse(instance.isValidDate("datetest2", null, format, false, errors));
-        assertTrue(errors.size()==1);
-        assertFalse(instance.isValidDate("datetest3", "", format, false, errors));
-        assertTrue(errors.size()==2);
-
-    }
-
-    public void testIsValidDirectoryPath() throws IOException {
-        System.out.println("isValidDirectoryPath");
-
-        // get an encoder with a special list of codecs and make a validator out of it
-        List list = new ArrayList();
-        list.add("HTMLEntityCodec");
-        Encoder encoder = new DefaultEncoder(list);
-        Validator instance = new DefaultValidator(encoder);
-
-        boolean isWindows = (System.getProperty("os.name").indexOf("Windows") != -1) ? true : false;
-        File parent = new File("/");
-
-        ValidationErrorList errors = new ValidationErrorList();
-
-        if (isWindows) {
-            String sysRoot = new File(System.getenv("SystemRoot")).getCanonicalPath();
-            // Windows paths that don't exist and thus should fail
-            assertFalse(instance.isValidDirectoryPath("test", "c:\\ridiculous", parent, false));
-            assertFalse(instance.isValidDirectoryPath("test", "c:\\jeff", parent, false));
-            assertFalse(instance.isValidDirectoryPath("test", "c:\\temp\\..\\etc", parent, false));
-
-            // Windows paths
-            assertTrue(instance.isValidDirectoryPath("test", "C:\\", parent, false));                        // Windows root directory
-            assertTrue(instance.isValidDirectoryPath("test", sysRoot, parent, false));                  // Windows always exist directory
-            assertFalse(instance.isValidDirectoryPath("test", sysRoot + "\\System32\\cmd.exe", parent, false));      // Windows command shell
-
-            // Unix specific paths should not pass
-            assertFalse(instance.isValidDirectoryPath("test", "/tmp", parent, false));      // Unix Temporary directory
-            assertFalse(instance.isValidDirectoryPath("test", "/bin/sh", parent, false));   // Unix Standard shell
-            assertFalse(instance.isValidDirectoryPath("test", "/etc/config", parent, false));
-
-            // Unix specific paths that should not exist or work
-            assertFalse(instance.isValidDirectoryPath("test", "/etc/ridiculous", parent, false));
-            assertFalse(instance.isValidDirectoryPath("test", "/tmp/../etc", parent, false));
-
-            assertFalse(instance.isValidDirectoryPath("test1", "c:\\ridiculous", parent, false, errors));
-            assertTrue(errors.size()==1);
-            assertFalse(instance.isValidDirectoryPath("test2", "c:\\jeff", parent, false, errors));
-            assertTrue(errors.size()==2);
-            assertFalse(instance.isValidDirectoryPath("test3", "c:\\temp\\..\\etc", parent, false, errors));
-            assertTrue(errors.size()==3);
-
-            // Windows paths
-            assertTrue(instance.isValidDirectoryPath("test4", "C:\\", parent, false, errors));                        // Windows root directory
-            assertTrue(errors.size()==3);
-            assertTrue(instance.isValidDirectoryPath("test5", sysRoot, parent, false, errors));                  // Windows always exist directory
-            assertTrue(errors.size()==3);
-            assertFalse(instance.isValidDirectoryPath("test6", sysRoot + "\\System32\\cmd.exe", parent, false, errors));      // Windows command shell
-            assertTrue(errors.size()==4);
-
-            // Unix specific paths should not pass
-            assertFalse(instance.isValidDirectoryPath("test7", "/tmp", parent, false, errors));      // Unix Temporary directory
-            assertTrue(errors.size()==5);
-            assertFalse(instance.isValidDirectoryPath("test8", "/bin/sh", parent, false, errors));   // Unix Standard shell
-            assertTrue(errors.size()==6);
-            assertFalse(instance.isValidDirectoryPath("test9", "/etc/config", parent, false, errors));
-            assertTrue(errors.size()==7);
-
-            // Unix specific paths that should not exist or work
-            assertFalse(instance.isValidDirectoryPath("test10", "/etc/ridiculous", parent, false, errors));
-            assertTrue(errors.size()==8);
-            assertFalse(instance.isValidDirectoryPath("test11", "/tmp/../etc", parent, false, errors));
-            assertTrue(errors.size()==9);
-
-        } else {
-            // Windows paths should fail
-            assertFalse(instance.isValidDirectoryPath("test", "c:\\ridiculous", parent, false));
-            assertFalse(instance.isValidDirectoryPath("test", "c:\\temp\\..\\etc", parent, false));
-
-            // Standard Windows locations should fail
-            assertFalse(instance.isValidDirectoryPath("test", "c:\\", parent, false));                        // Windows root directory
-            assertFalse(instance.isValidDirectoryPath("test", "c:\\Windows\\temp", parent, false));               // Windows temporary directory
-            assertFalse(instance.isValidDirectoryPath("test", "c:\\Windows\\System32\\cmd.exe", parent, false));   // Windows command shell
-
-            // Unix specific paths should pass
-            assertTrue(instance.isValidDirectoryPath("test", "/", parent, false));         // Root directory
-            assertTrue(instance.isValidDirectoryPath("test", "/bin", parent, false));      // Always exist directory
-
-            // Unix specific paths that should not exist or work
-            assertFalse(instance.isValidDirectoryPath("test", "/bin/sh", parent, false));   // Standard shell, not dir
-            assertFalse(instance.isValidDirectoryPath("test", "/etc/ridiculous", parent, false));
-            assertFalse(instance.isValidDirectoryPath("test", "/tmp/../etc", parent, false));
-
-            // Windows paths should fail
-            assertFalse(instance.isValidDirectoryPath("test1", "c:\\ridiculous", parent, false, errors));
-            assertTrue(errors.size()==1);
-            assertFalse(instance.isValidDirectoryPath("test2", "c:\\temp\\..\\etc", parent, false, errors));
-            assertTrue(errors.size()==2);
-
-            // Standard Windows locations should fail
-            assertFalse(instance.isValidDirectoryPath("test3", "c:\\", parent, false, errors));                        // Windows root directory
-            assertTrue(errors.size()==3);
-            assertFalse(instance.isValidDirectoryPath("test4", "c:\\Windows\\temp", parent, false, errors));               // Windows temporary directory
-            assertTrue(errors.size()==4);
-            assertFalse(instance.isValidDirectoryPath("test5", "c:\\Windows\\System32\\cmd.exe", parent, false, errors));   // Windows command shell
-            assertTrue(errors.size()==5);
-
-            // Unix specific paths should pass
-            assertTrue(instance.isValidDirectoryPath("test6", "/", parent, false, errors));         // Root directory
-            assertTrue(errors.size()==5);
-            assertTrue(instance.isValidDirectoryPath("test7", "/bin", parent, false, errors));      // Always exist directory
-            assertTrue(errors.size()==5);
-
-            // Unix specific paths that should not exist or work
-            assertFalse(instance.isValidDirectoryPath("test8", "/bin/sh", parent, false, errors));   // Standard shell, not dir
-            assertTrue(errors.size()==6);
-            assertFalse(instance.isValidDirectoryPath("test9", "/etc/ridiculous", parent, false, errors));
-            assertTrue(errors.size()==7);
-            assertFalse(instance.isValidDirectoryPath("test10", "/tmp/../etc", parent, false, errors));
-            assertTrue(errors.size()==8);
-        }
-    }
-
-    public void TestIsValidDirectoryPath() {
-        // isValidDirectoryPath(String, String, boolean)
-    }
-
-    public void testIsValidDouble() {
-        // isValidDouble(String, String, double, double, boolean)
-    	Validator instance = ESAPI.validator();
-    	ValidationErrorList errors = new ValidationErrorList();
-    	//testing negative range
-        assertFalse(instance.isValidDouble("test1", "-4", 1, 10, false, errors));
-        assertTrue(errors.size() == 1);
-        assertTrue(instance.isValidDouble("test2", "-4", -10, 10, false, errors));
-        assertTrue(errors.size() == 1);
-        //testing null value
-        assertTrue(instance.isValidDouble("test3", null, -10, 10, true, errors));
-        assertTrue(errors.size() == 1);
-        assertFalse(instance.isValidDouble("test4", null, -10, 10, false, errors));
-        assertTrue(errors.size() == 2);
-        //testing empty string
-        assertTrue(instance.isValidDouble("test5", "", -10, 10, true, errors));
-        assertTrue(errors.size() == 2);
-        assertFalse(instance.isValidDouble("test6", "", -10, 10, false, errors));
-        assertTrue(errors.size() == 3);
-        //testing improper range
-        assertFalse(instance.isValidDouble("test7", "50.0", 10, -10, false, errors));
-        assertTrue(errors.size() == 4);
-        //testing non-integers
-        assertTrue(instance.isValidDouble("test8", "4.3214", -10, 10, true, errors));
-        assertTrue(errors.size() == 4);
-        assertTrue(instance.isValidDouble("test9", "-1.65", -10, 10, true, errors));
-        assertTrue(errors.size() == 4);
-        //other testing
-        assertTrue(instance.isValidDouble("test10", "4", 1, 10, false, errors));
-        assertTrue(errors.size() == 4);
-        assertTrue(instance.isValidDouble("test11", "400", 1, 10000, false, errors));
-        assertTrue(errors.size() == 4);
-        assertTrue(instance.isValidDouble("test12", "400000000", 1, 400000000, false, errors));
-        assertTrue(errors.size() == 4);
-        assertFalse(instance.isValidDouble("test13", "4000000000000", 1, 10000, false, errors));
-        assertTrue(errors.size() == 5);
-        assertFalse(instance.isValidDouble("test14", "alsdkf", 10, 10000, false, errors));
-        assertTrue(errors.size() == 6);
-        assertFalse(instance.isValidDouble("test15", "--10", 10, 10000, false, errors));
-        assertTrue(errors.size() == 7);
-        assertFalse(instance.isValidDouble("test16", "14.1414234x", 10, 10000, false, errors));
-        assertTrue(errors.size() == 8);
-        assertFalse(instance.isValidDouble("test17", "Infinity", 10, 10000, false, errors));
-        assertTrue(errors.size() == 9);
-        assertFalse(instance.isValidDouble("test18", "-Infinity", 10, 10000, false, errors));
-        assertTrue(errors.size() == 10);
-        assertFalse(instance.isValidDouble("test19", "NaN", 10, 10000, false, errors));
-        assertTrue(errors.size() == 11);
-        assertFalse(instance.isValidDouble("test20", "-NaN", 10, 10000, false, errors));
-        assertTrue(errors.size() == 12);
-        assertFalse(instance.isValidDouble("test21", "+NaN", 10, 10000, false, errors));
-        assertTrue(errors.size() == 13);
-        assertTrue(instance.isValidDouble("test22", "1e-6", -999999999, 999999999, false, errors));
-        assertTrue(errors.size() == 13);
-        assertTrue(instance.isValidDouble("test23", "-1e-6", -999999999, 999999999, false, errors));
-        assertTrue(errors.size() == 13);
-    }
-
-    public void testIsValidFileContent() {
-        System.out.println("isValidFileContent");
-        byte[] content = null;
-        try {
-            content = "This is some file content".getBytes(PREFERRED_ENCODING);
-        }
-        catch (UnsupportedEncodingException e) {
-            fail(PREFERRED_ENCODING + " not a supported encoding?!?!!!");
-        }
-        Validator instance = ESAPI.validator();
-        assertTrue(instance.isValidFileContent("test", content, 100, false));
-    }
-
-    public void testIsValidFileName() {
-        System.out.println("isValidFileName");
-        Validator instance = ESAPI.validator();
-        assertTrue("Simple valid filename with a valid extension", instance.isValidFileName("test", "aspect.jar", false));
-        assertTrue("All valid filename characters are accepted", instance.isValidFileName("test", "!@#$%^&{}[]()_+-=,.~'` abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890.jar", false));
-        assertTrue("Legal filenames that decode to legal filenames are accepted", instance.isValidFileName("test", "aspe%20ct.jar", false));
-
-        ValidationErrorList errors = new ValidationErrorList();
-        assertTrue("Simple valid filename with a valid extension", instance.isValidFileName("test", "aspect.jar", false, errors));
-        assertTrue("All valid filename characters are accepted", instance.isValidFileName("test", "!@#$%^&{}[]()_+-=,.~'` abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890.jar", false, errors));
-        assertTrue("Legal filenames that decode to legal filenames are accepted", instance.isValidFileName("test", "aspe%20ct.jar", false, errors));
-        assertTrue(errors.size() == 0);
-    }
-
-    public void testIsValidFileUpload() throws IOException {
-        System.out.println("isValidFileUpload");
-        String filepath = new File(System.getProperty("user.dir")).getCanonicalPath();
-        String filename = "aspect.jar";
-        File parent = new File("/").getCanonicalFile();
-        ValidationErrorList errors = new ValidationErrorList();
-        byte[] content = null;
-        try {
-            content = "This is some file content".getBytes(PREFERRED_ENCODING);
-        }
-        catch (UnsupportedEncodingException e) {
-            fail(PREFERRED_ENCODING + " not a supported encoding?!?!!!");
-        }
-        Validator instance = ESAPI.validator();
-        assertTrue(instance.isValidFileUpload("test", filepath, filename, parent, content, 100, false));
-        assertTrue(instance.isValidFileUpload("test", filepath, filename, parent, content, 100, false, errors));
-        assertTrue(errors.size() == 0);
-
-        filepath = "/ridiculous";
-        filename = "aspect.jar";
-        try {
-            content = "This is some file content".getBytes(PREFERRED_ENCODING);
-        }
-        catch (UnsupportedEncodingException e) {
-            fail(PREFERRED_ENCODING + " not a supported encoding?!?!!!");
-        }
-        assertFalse(instance.isValidFileUpload("test", filepath, filename, parent, content, 100, false));
-        assertFalse(instance.isValidFileUpload("test", filepath, filename, parent, content, 100, false, errors));
-        assertTrue(errors.size() == 1);
-    }
-
-    public void testIsValidHTTPRequestParameterSet() {
-        //		isValidHTTPRequestParameterSet(String, Set, Set)
-    }
-
-    public void testisValidInput() {
-        System.out.println("isValidInput");
-        Validator instance = ESAPI.validator();
-        assertTrue(instance.isValidInput("test", "jeff.williams@aspectsecurity.com", "Email", 100, false));
-        assertFalse(instance.isValidInput("test", "jeff.williams@@aspectsecurity.com", "Email", 100, false));
-        assertFalse(instance.isValidInput("test", "jeff.williams@aspectsecurity", "Email", 100, false));
-        assertTrue(instance.isValidInput("test", "jeff.wil'liams@aspectsecurity.com", "Email", 100, false));
-        assertTrue(instance.isValidInput("test", "jeff.wil''liams@aspectsecurity.com", "Email", 100, false));
-        assertTrue(instance.isValidInput("test", "123.168.100.234", "IPAddress", 100, false));
-        assertTrue(instance.isValidInput("test", "192.168.1.234", "IPAddress", 100, false));
-        assertFalse(instance.isValidInput("test", "..168.1.234", "IPAddress", 100, false));
-        assertFalse(instance.isValidInput("test", "10.x.1.234", "IPAddress", 100, false));
-        assertTrue(instance.isValidInput("test", "http://www.aspectsecurity.com", "URL", 100, false));
-        assertFalse(instance.isValidInput("test", "http:///www.aspectsecurity.com", "URL", 100, false));
-        assertFalse(instance.isValidInput("test", "http://www.aspect security.com", "URL", 100, false));
-        assertTrue(instance.isValidInput("test", "078-05-1120", "SSN", 100, false));
-        assertTrue(instance.isValidInput("test", "078 05 1120", "SSN", 100, false));
-        assertTrue(instance.isValidInput("test", "078051120", "SSN", 100, false));
-        assertFalse(instance.isValidInput("test", "987-65-4320", "SSN", 100, false));
-        assertFalse(instance.isValidInput("test", "000-00-0000", "SSN", 100, false));
-        assertFalse(instance.isValidInput("test", "(555) 555-5555", "SSN", 100, false));
-        assertFalse(instance.isValidInput("test", "test", "SSN", 100, false));
-        assertTrue(instance.isValidInput("test", "jeffWILLIAMS123", "HTTPParameterValue", 100, false));
-        assertTrue(instance.isValidInput("test", "jeff .-/+=@_ WILLIAMS", "HTTPParameterValue", 100, false));
-        // Removed per Issue 116 - The '*' character is valid as a parameter character
-//        assertFalse(instance.isValidInput("test", "jeff*WILLIAMS", "HTTPParameterValue", 100, false));
-        assertFalse(instance.isValidInput("test", "jeff^WILLIAMS", "HTTPParameterValue", 100, false));
-        assertFalse(instance.isValidInput("test", "jeff\\WILLIAMS", "HTTPParameterValue", 100, false));
-
-        assertTrue(instance.isValidInput("test", null, "Email", 100, true));
-        assertFalse(instance.isValidInput("test", null, "Email", 100, false));
-
-        ValidationErrorList errors = new ValidationErrorList();
-
-        assertTrue(instance.isValidInput("test1", "jeff.williams@aspectsecurity.com", "Email", 100, false, errors));
-        assertTrue(errors.size()==0);
-        assertFalse(instance.isValidInput("test2", "jeff.williams@@aspectsecurity.com", "Email", 100, false, errors));
-        assertTrue(errors.size()==1);
-        assertFalse(instance.isValidInput("test3", "jeff.williams@aspectsecurity", "Email", 100, false, errors));
-        assertTrue(errors.size()==2);
-        assertTrue(instance.isValidInput("test4", "jeff.wil'liams@aspectsecurity.com", "Email", 100, false, errors));
-        assertTrue(errors.size()==2);
-        assertTrue(instance.isValidInput("test5", "jeff.wil''liams@aspectsecurity.com", "Email", 100, false, errors));
-        assertTrue(errors.size()==2);
-        assertTrue(instance.isValidInput("test6", "123.168.100.234", "IPAddress", 100, false, errors));
-        assertTrue(errors.size()==2);
-        assertTrue(instance.isValidInput("test7", "192.168.1.234", "IPAddress", 100, false, errors));
-        assertTrue(errors.size()==2);
-        assertFalse(instance.isValidInput("test8", "..168.1.234", "IPAddress", 100, false, errors));
-        assertTrue(errors.size()==3);
-        assertFalse(instance.isValidInput("test9", "10.x.1.234", "IPAddress", 100, false, errors));
-        assertTrue(errors.size()==4);
-        assertTrue(instance.isValidInput("test10", "http://www.aspectsecurity.com", "URL", 100, false, errors));
-        assertTrue(errors.size()==4);
-        assertFalse(instance.isValidInput("test11", "http:///www.aspectsecurity.com", "URL", 100, false, errors));
-        assertTrue(errors.size()==5);
-        assertFalse(instance.isValidInput("test12", "http://www.aspect security.com", "URL", 100, false, errors));
-        assertTrue(errors.size()==6);
-        assertTrue(instance.isValidInput("test13", "078-05-1120", "SSN", 100, false, errors));
-        assertTrue(errors.size()==6);
-        assertTrue(instance.isValidInput("test14", "078 05 1120", "SSN", 100, false, errors));
-        assertTrue(errors.size()==6);
-        assertTrue(instance.isValidInput("test15", "078051120", "SSN", 100, false, errors));
-        assertTrue(errors.size()==6);
-        assertFalse(instance.isValidInput("test16", "987-65-4320", "SSN", 100, false, errors));
-        assertTrue(errors.size()==7);
-        assertFalse(instance.isValidInput("test17", "000-00-0000", "SSN", 100, false, errors));
-        assertTrue(errors.size()==8);
-        assertFalse(instance.isValidInput("test18", "(555) 555-5555", "SSN", 100, false, errors));
-        assertTrue(errors.size()==9);
-        assertFalse(instance.isValidInput("test19", "test", "SSN", 100, false, errors));
-        assertTrue(errors.size()==10);
-        assertTrue(instance.isValidInput("test20", "jeffWILLIAMS123", "HTTPParameterValue", 100, false, errors));
-        assertTrue(errors.size()==10);
-        assertTrue(instance.isValidInput("test21", "jeff .-/+=@_ WILLIAMS", "HTTPParameterValue", 100, false, errors));
-        assertTrue(errors.size()==10);
-        // Removed per Issue 116 - The '*' character is valid as a parameter character
-//        assertFalse(instance.isValidInput("test", "jeff*WILLIAMS", "HTTPParameterValue", 100, false));
-        assertFalse(instance.isValidInput("test22", "jeff^WILLIAMS", "HTTPParameterValue", 100, false, errors));
-        assertTrue(errors.size()==11);
-        assertFalse(instance.isValidInput("test23", "jeff\\WILLIAMS", "HTTPParameterValue", 100, false, errors));
-        assertTrue(errors.size()==12);
-
-        assertTrue(instance.isValidInput("test", null, "Email", 100, true, errors));
-        assertFalse(instance.isValidInput("test", null, "Email", 100, false, errors));
-    }
-
-    public void testIsValidInteger() {
-        System.out.println("isValidInteger");
-        Validator instance = ESAPI.validator();
-        //testing negative range
-        assertFalse(instance.isValidInteger("test", "-4", 1, 10, false));
-        assertTrue(instance.isValidInteger("test", "-4", -10, 10, false));
-        //testing null value
-        assertTrue(instance.isValidInteger("test", null, -10, 10, true));
-        assertFalse(instance.isValidInteger("test", null, -10, 10, false));
-        //testing empty string
-        assertTrue(instance.isValidInteger("test", "", -10, 10, true));
-        assertFalse(instance.isValidInteger("test", "", -10, 10, false));
-        //testing improper range
-        assertFalse(instance.isValidInteger("test", "50", 10, -10, false));
-        //testing non-integers
-        assertFalse(instance.isValidInteger("test", "4.3214", -10, 10, true));
-        assertFalse(instance.isValidInteger("test", "-1.65", -10, 10, true));
-        //other testing
-        assertTrue(instance.isValidInteger("test", "4", 1, 10, false));
-        assertTrue(instance.isValidInteger("test", "400", 1, 10000, false));
-        assertTrue(instance.isValidInteger("test", "400000000", 1, 400000000, false));
-        assertFalse(instance.isValidInteger("test", "4000000000000", 1, 10000, false));
-        assertFalse(instance.isValidInteger("test", "alsdkf", 10, 10000, false));
-        assertFalse(instance.isValidInteger("test", "--10", 10, 10000, false));
-        assertFalse(instance.isValidInteger("test", "14.1414234x", 10, 10000, false));
-        assertFalse(instance.isValidInteger("test", "Infinity", 10, 10000, false));
-        assertFalse(instance.isValidInteger("test", "-Infinity", 10, 10000, false));
-        assertFalse(instance.isValidInteger("test", "NaN", 10, 10000, false));
-        assertFalse(instance.isValidInteger("test", "-NaN", 10, 10000, false));
-        assertFalse(instance.isValidInteger("test", "+NaN", 10, 10000, false));
-        assertFalse(instance.isValidInteger("test", "1e-6", -999999999, 999999999, false));
-        assertFalse(instance.isValidInteger("test", "-1e-6", -999999999, 999999999, false));
-
-        ValidationErrorList errors = new ValidationErrorList();
-        //testing negative range
-        assertFalse(instance.isValidInteger("test1", "-4", 1, 10, false, errors));
-        assertTrue(errors.size() == 1);
-        assertTrue(instance.isValidInteger("test2", "-4", -10, 10, false, errors));
-        assertTrue(errors.size() == 1);
-        //testing null value
-        assertTrue(instance.isValidInteger("test3", null, -10, 10, true, errors));
-        assertTrue(errors.size() == 1);
-        assertFalse(instance.isValidInteger("test4", null, -10, 10, false, errors));
-        assertTrue(errors.size() == 2);
-        //testing empty string
-        assertTrue(instance.isValidInteger("test5", "", -10, 10, true, errors));
-        assertTrue(errors.size() == 2);
-        assertFalse(instance.isValidInteger("test6", "", -10, 10, false, errors));
-        assertTrue(errors.size() == 3);
-        //testing improper range
-        assertFalse(instance.isValidInteger("test7", "50", 10, -10, false, errors));
-        assertTrue(errors.size() == 4);
-        //testing non-integers
-        assertFalse(instance.isValidInteger("test8", "4.3214", -10, 10, true, errors));
-        assertTrue(errors.size() == 5);
-        assertFalse(instance.isValidInteger("test9", "-1.65", -10, 10, true, errors));
-        assertTrue(errors.size() == 6);
-        //other testing
-        assertTrue(instance.isValidInteger("test10", "4", 1, 10, false, errors));
-        assertTrue(errors.size() == 6);
-        assertTrue(instance.isValidInteger("test11", "400", 1, 10000, false, errors));
-        assertTrue(errors.size() == 6);
-        assertTrue(instance.isValidInteger("test12", "400000000", 1, 400000000, false, errors));
-        assertTrue(errors.size() == 6);
-        assertFalse(instance.isValidInteger("test13", "4000000000000", 1, 10000, false, errors));
-        assertTrue(errors.size() == 7);
-        assertFalse(instance.isValidInteger("test14", "alsdkf", 10, 10000, false, errors));
-        assertTrue(errors.size() == 8);
-        assertFalse(instance.isValidInteger("test15", "--10", 10, 10000, false, errors));
-        assertTrue(errors.size() == 9);
-        assertFalse(instance.isValidInteger("test16", "14.1414234x", 10, 10000, false, errors));
-        assertTrue(errors.size() == 10);
-        assertFalse(instance.isValidInteger("test17", "Infinity", 10, 10000, false, errors));
-        assertTrue(errors.size() == 11);
-        assertFalse(instance.isValidInteger("test18", "-Infinity", 10, 10000, false, errors));
-        assertTrue(errors.size() == 12);
-        assertFalse(instance.isValidInteger("test19", "NaN", 10, 10000, false, errors));
-        assertTrue(errors.size() == 13);
-        assertFalse(instance.isValidInteger("test20", "-NaN", 10, 10000, false, errors));
-        assertTrue(errors.size() == 14);
-        assertFalse(instance.isValidInteger("test21", "+NaN", 10, 10000, false, errors));
-        assertTrue(errors.size() == 15);
-        assertFalse(instance.isValidInteger("test22", "1e-6", -999999999, 999999999, false, errors));
-        assertTrue(errors.size() == 16);
-        assertFalse(instance.isValidInteger("test23", "-1e-6", -999999999, 999999999, false, errors));
-        assertTrue(errors.size() == 17);
-
-    }
-
-    public void testIsValidListItem() {
-        System.out.println("isValidListItem");
-        Validator instance = ESAPI.validator();
-        List list = new ArrayList();
-        list.add("one");
-        list.add("two");
-        assertTrue(instance.isValidListItem("test", "one", list));
-        assertFalse(instance.isValidListItem("test", "three", list));
-
-        ValidationErrorList errors = new ValidationErrorList();
-        assertTrue(instance.isValidListItem("test1", "one", list, errors));
-        assertTrue(errors.size()==0);
-        assertFalse(instance.isValidListItem("test2", "three", list, errors));
-        assertTrue(errors.size()==1);
-    }
-
-    public void testIsValidNumber() {
-        System.out.println("isValidNumber");
-        Validator instance = ESAPI.validator();
-        //testing negative range
-        assertFalse(instance.isValidNumber("test", "-4", 1, 10, false));
-        assertTrue(instance.isValidNumber("test", "-4", -10, 10, false));
-        //testing null value
-        assertTrue(instance.isValidNumber("test", null, -10, 10, true));
-        assertFalse(instance.isValidNumber("test", null, -10, 10, false));
-        //testing empty string
-        assertTrue(instance.isValidNumber("test", "", -10, 10, true));
-        assertFalse(instance.isValidNumber("test", "", -10, 10, false));
-        //testing improper range
-        assertFalse(instance.isValidNumber("test", "5", 10, -10, false));
-        //testing non-integers
-        assertTrue(instance.isValidNumber("test", "4.3214", -10, 10, true));
-        assertTrue(instance.isValidNumber("test", "-1.65", -10, 10, true));
-        //other testing
-        assertTrue(instance.isValidNumber("test", "4", 1, 10, false));
-        assertTrue(instance.isValidNumber("test", "400", 1, 10000, false));
-        assertTrue(instance.isValidNumber("test", "400000000", 1, 400000000, false));
-        assertFalse(instance.isValidNumber("test", "4000000000000", 1, 10000, false));
-        assertFalse(instance.isValidNumber("test", "alsdkf", 10, 10000, false));
-        assertFalse(instance.isValidNumber("test", "--10", 10, 10000, false));
-        assertFalse(instance.isValidNumber("test", "14.1414234x", 10, 10000, false));
-        assertFalse(instance.isValidNumber("test", "Infinity", 10, 10000, false));
-        assertFalse(instance.isValidNumber("test", "-Infinity", 10, 10000, false));
-        assertFalse(instance.isValidNumber("test", "NaN", 10, 10000, false));
-        assertFalse(instance.isValidNumber("test", "-NaN", 10, 10000, false));
-        assertFalse(instance.isValidNumber("test", "+NaN", 10, 10000, false));
-        assertTrue(instance.isValidNumber("test", "1e-6", -999999999, 999999999, false));
-        assertTrue(instance.isValidNumber("test", "-1e-6", -999999999, 999999999, false));
-
-        ValidationErrorList errors = new ValidationErrorList();
-      //testing negative range
-        assertFalse(instance.isValidNumber("test1", "-4", 1, 10, false, errors));
-        assertTrue(errors.size()==1);
-        assertTrue(instance.isValidNumber("test2", "-4", -10, 10, false, errors));
-        assertTrue(errors.size()==1);
-        //testing null value
-        assertTrue(instance.isValidNumber("test3", null, -10, 10, true, errors));
-        assertTrue(errors.size()==1);
-        assertFalse(instance.isValidNumber("test4", null, -10, 10, false, errors));
-        assertTrue(errors.size()==2);
-        //testing empty string
-        assertTrue(instance.isValidNumber("test5", "", -10, 10, true, errors));
-        assertTrue(errors.size()==2);
-        assertFalse(instance.isValidNumber("test6", "", -10, 10, false, errors));
-        assertTrue(errors.size()==3);
-        //testing improper range
-        assertFalse(instance.isValidNumber("test7", "5", 10, -10, false, errors));
-        assertTrue(errors.size()==4);
-        //testing non-integers
-        assertTrue(instance.isValidNumber("test8", "4.3214", -10, 10, true, errors));
-        assertTrue(errors.size()==4);
-        assertTrue(instance.isValidNumber("test9", "-1.65", -10, 10, true, errors));
-        assertTrue(errors.size()==4);
-        //other testing
-        assertTrue(instance.isValidNumber("test10", "4", 1, 10, false, errors));
-        assertTrue(errors.size()==4);
-        assertTrue(instance.isValidNumber("test11", "400", 1, 10000, false, errors));
-        assertTrue(errors.size()==4);
-        assertTrue(instance.isValidNumber("test12", "400000000", 1, 400000000, false, errors));
-        assertTrue(errors.size()==4);
-        assertFalse(instance.isValidNumber("test13", "4000000000000", 1, 10000, false, errors));
-        assertTrue(errors.size()==5);
-        assertFalse(instance.isValidNumber("test14", "alsdkf", 10, 10000, false, errors));
-        assertTrue(errors.size()==6);
-        assertFalse(instance.isValidNumber("test15", "--10", 10, 10000, false, errors));
-        assertTrue(errors.size()==7);
-        assertFalse(instance.isValidNumber("test16", "14.1414234x", 10, 10000, false, errors));
-        assertTrue(errors.size()==8);
-        assertFalse(instance.isValidNumber("test17", "Infinity", 10, 10000, false, errors));
-        assertTrue(errors.size()==9);
-        assertFalse(instance.isValidNumber("test18", "-Infinity", 10, 10000, false, errors));
-        assertTrue(errors.size()==10);
-        assertFalse(instance.isValidNumber("test19", "NaN", 10, 10000, false, errors));
-        assertTrue(errors.size()==11);
-        assertFalse(instance.isValidNumber("test20", "-NaN", 10, 10000, false, errors));
-        assertTrue(errors.size()==12);
-        assertFalse(instance.isValidNumber("test21", "+NaN", 10, 10000, false, errors));
-        assertTrue(errors.size()==13);
-        assertTrue(instance.isValidNumber("test22", "1e-6", -999999999, 999999999, false, errors));
-        assertTrue(errors.size()==13);
-        assertTrue(instance.isValidNumber("test23", "-1e-6", -999999999, 999999999, false, errors));
-        assertTrue(errors.size()==13);
-    }
-
-    public void testIsValidParameterSet() {
-        System.out.println("isValidParameterSet");
-        Set requiredNames = new HashSet();
-        requiredNames.add("p1");
-        requiredNames.add("p2");
-        requiredNames.add("p3");
-        Set optionalNames = new HashSet();
-        optionalNames.add("p4");
-        optionalNames.add("p5");
-        optionalNames.add("p6");
-        MockHttpServletRequest request = new MockHttpServletRequest();
-        MockHttpServletResponse response = new MockHttpServletResponse();
-        request.addParameter("p1", "value");
-        request.addParameter("p2", "value");
-        request.addParameter("p3", "value");
-        ESAPI.httpUtilities().setCurrentHTTP(request, response);
-        Validator instance = ESAPI.validator();
-        ValidationErrorList errors = new ValidationErrorList();
-        assertTrue(instance.isValidHTTPRequestParameterSet("HTTPParameters", request, requiredNames, optionalNames));
-        assertTrue(instance.isValidHTTPRequestParameterSet("HTTPParameters", request, requiredNames, optionalNames,errors));
-        assertTrue(errors.size()==0);
-        request.addParameter("p4", "value");
-        request.addParameter("p5", "value");
-        request.addParameter("p6", "value");
-        assertTrue(instance.isValidHTTPRequestParameterSet("HTTPParameters", request, requiredNames, optionalNames));
-        assertTrue(instance.isValidHTTPRequestParameterSet("HTTPParameters", request, requiredNames, optionalNames, errors));
-        assertTrue(errors.size()==0);
-        request.removeParameter("p1");
-        assertFalse(instance.isValidHTTPRequestParameterSet("HTTPParameters", request, requiredNames, optionalNames));
-        assertFalse(instance.isValidHTTPRequestParameterSet("HTTPParameters", request, requiredNames, optionalNames, errors));
-        assertTrue(errors.size() ==1);
-    }
-
-    public void testIsValidPrintable() {
-        System.out.println("isValidPrintable");
-        Validator instance = ESAPI.validator();
-        assertTrue(instance.isValidPrintable("name", "abcDEF", 100, false));
-        assertTrue(instance.isValidPrintable("name", "!@#R()*$;><()", 100, false));
-        char[] chars = {0x60, (char) 0xFF, 0x10, 0x25};
-        assertFalse(instance.isValidPrintable("name", chars, 100, false));
-        assertFalse(instance.isValidPrintable("name", "%08", 100, false));
-
-        ValidationErrorList errors = new ValidationErrorList();
-        assertTrue(instance.isValidPrintable("name1", "abcDEF", 100, false, errors));
-        assertTrue(errors.size()==0);
-        assertTrue(instance.isValidPrintable("name2", "!@#R()*$;><()", 100, false, errors));
-        assertTrue(errors.size()==0);
-        assertFalse(instance.isValidPrintable("name3", chars, 100, false, errors));
-        assertTrue(errors.size()==1);
-        assertFalse(instance.isValidPrintable("name4", "%08", 100, false, errors));
-        assertTrue(errors.size()==2);
-
-    }
-
-    public void testIsValidRedirectLocation() {
-        //		isValidRedirectLocation(String, String, boolean)
-    }
-
-    public void testIsValidSafeHTML() {
-        System.out.println("isValidSafeHTML");
-        Validator instance = ESAPI.validator();
-
-        assertTrue(instance.isValidSafeHTML("test", "<b>Jeff</b>", 100, false));
-        assertTrue(instance.isValidSafeHTML("test", "<a href=\"http://www.aspectsecurity.com\">Aspect Security</a>", 100, false));
-        assertTrue(instance.isValidSafeHTML("test", "Test. <script>alert(document.cookie)</script>", 100, false));
-        assertTrue(instance.isValidSafeHTML("test", "Test. <div style={xss:expression(xss)}>", 100, false));
-        assertTrue(instance.isValidSafeHTML("test", "Test. <s%00cript>alert(document.cookie)</script>", 100, false));
-        assertTrue(instance.isValidSafeHTML("test", "Test. <s\tcript>alert(document.cookie)</script>", 100, false));
-        assertTrue(instance.isValidSafeHTML("test", "Test. <s\r\n\0cript>alert(document.cookie)</script>", 100, false));
-
-        // TODO: waiting for a way to validate text headed for an attribute for scripts
-        // This would be nice to catch, but just looks like text to AntiSamy
-        // assertFalse(instance.isValidSafeHTML("test", "\" onload=\"alert(document.cookie)\" "));
-        ValidationErrorList errors = new ValidationErrorList();
-        assertTrue(instance.isValidSafeHTML("test1", "<b>Jeff</b>", 100, false, errors));
-        assertTrue(instance.isValidSafeHTML("test2", "<a href=\"http://www.aspectsecurity.com\">Aspect Security</a>", 100, false, errors));
-        assertTrue(instance.isValidSafeHTML("test3", "Test. <script>alert(document.cookie)</script>", 100, false, errors));
-        assertTrue(instance.isValidSafeHTML("test4", "Test. <div style={xss:expression(xss)}>", 100, false, errors));
-        assertTrue(instance.isValidSafeHTML("test5", "Test. <s%00cript>alert(document.cookie)</script>", 100, false, errors));
-        assertTrue(instance.isValidSafeHTML("test6", "Test. <s\tcript>alert(document.cookie)</script>", 100, false, errors));
-        assertTrue(instance.isValidSafeHTML("test7", "Test. <s\r\n\0cript>alert(document.cookie)</script>", 100, false, errors));
-        assertTrue(errors.size() == 0);
-
-    }
-
-    public void testSafeReadLine() {
-        System.out.println("safeReadLine");
-
-        byte[] bytes = null;
-        try {
-            bytes = "testString".getBytes(PREFERRED_ENCODING);
-        }
-        catch (UnsupportedEncodingException e1) {
-            fail(PREFERRED_ENCODING + " not a supported encoding?!?!!!");
-        }
-        ByteArrayInputStream s = new ByteArrayInputStream(bytes);
-        Validator instance = ESAPI.validator();
-        try {
-            instance.safeReadLine(s, -1);
-            fail();
-        }
-        catch (ValidationException e) {
-            // Expected
-        }
-        s.reset();
-        try {
-            instance.safeReadLine(s, 4);
-            fail();
-        }
-        catch (ValidationException e) {
-            // Expected
-        }
-        s.reset();
-        try {
-            String u = instance.safeReadLine(s, 20);
-            assertEquals("testString", u);
-        }
-        catch (ValidationException e) {
-            fail();
-        }
-
-        // This sub-test attempts to validate that BufferedReader.readLine() and safeReadLine() are similar in operation
-        // for the nominal case
-        try {
-            s.reset();
-            InputStreamReader isr = new InputStreamReader(s);
-            BufferedReader br = new BufferedReader(isr);
-            String u = br.readLine();
-            s.reset();
-            String v = instance.safeReadLine(s, 20);
-            assertEquals(u, v);
-        }
-        catch (IOException e) {
-            fail();
-        }
-        catch (ValidationException e) {
-            fail();
-        }
-    }
-
-    public void testIssue82_SafeString_Bad_Regex() {
-        Validator instance = ESAPI.validator();
-        try {
-            instance.getValidInput("address", "55 main st. pasadena ak", "SafeString", 512, false);
-        }
-        catch (ValidationException e) {
-            fail(e.getLogMessage());
-        }
-    }
-
-    public void testGetParameterMap() {
-//testing Validator.HTTPParameterName and Validator.HTTPParameterValue
-        MockHttpServletRequest request = new MockHttpServletRequest();
-        SecurityWrapperRequest safeRequest = new SecurityWrapperRequest(request);
-//an example of a parameter from displaytag, should pass
-        request.addParameter("d-49653-p", "pass");
-        request.addParameter("<img ", "fail");
-        request.addParameter(generateStringOfLength(32), "pass");
-        request.addParameter(generateStringOfLength(33), "fail");
-        assertEquals(safeRequest.getParameterMap().size(), 2);
-        assertNull(safeRequest.getParameterMap().get("<img"));
-        assertNull(safeRequest.getParameterMap().get(generateStringOfLength(33)));
-    }
-
-    public void testGetParameterNames() {
-//testing Validator.HTTPParameterName
-        MockHttpServletRequest request = new MockHttpServletRequest();
-        SecurityWrapperRequest safeRequest = new SecurityWrapperRequest(request);
-//an example of a parameter from displaytag, should pass
-        request.addParameter("d-49653-p", "pass");
-        request.addParameter("<img ", "fail");
-        request.addParameter(generateStringOfLength(32), "pass");
-        request.addParameter(generateStringOfLength(33), "fail");
-        assertEquals(Collections.list(safeRequest.getParameterNames()).size(), 2);
-    }
-
-    public void testGetParameter() {
-//testing Validator.HTTPParameterValue
-        MockHttpServletRequest request = new MockHttpServletRequest();
-        SecurityWrapperRequest safeRequest = new SecurityWrapperRequest(request);
-        request.addParameter("p1", "Alice");
-        request.addParameter("p2", "bob@alice.com");//mail-address from a submit-form
-        request.addParameter("p3", ESAPI.authenticator().generateStrongPassword());
-        request.addParameter("p4", new String(EncoderConstants.CHAR_PASSWORD_SPECIALS));
-        //TODO - I think this should fair request.addParameter("p5", "�������?����"); //some special characters from european languages;
-        request.addParameter("f1", "<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>");
-        request.addParameter("f2", "<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>");
-        request.addParameter("f3", "<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>");
-        for (int i = 1; i <= 4; i++) {
-            assertTrue(safeRequest.getParameter("p" + i).equals(request.getParameter("p" + i)));
-        }
-        for (int i = 1; i <= 2; i++) {
-        	boolean testResult = false;
-        	try {
-        		testResult = safeRequest.getParameter("f" + i).equals(request.getParameter("f" + i));
-        	} catch (NullPointerException npe) {
-        		//the test is this block SHOULD fail. a NPE is an acceptable failure state
-        		testResult = false; //redundant, just being descriptive here
-        	}
-        	assertFalse(testResult);
-        }
-        assertNull(safeRequest.getParameter("e1"));
-
-        //This is revealing problems with Jeff's original SafeRequest
-        //mishandling of the AllowNull parameter. I'm adding a new Google code
-        //bug to track this.
-        //
-        //assertNotNull(safeRequest.getParameter("e1", false));
-    }
-
-    public void testGetCookies() {
-//testing Validator.HTTPCookieName and Validator.HTTPCookieValue
-        MockHttpServletRequest request = new MockHttpServletRequest();
-        SecurityWrapperRequest safeRequest = new SecurityWrapperRequest(request);
-//should support a base64-encode value
-        request.setCookie("p1", "34=VJhjv7jiDu7tsdLrQQ2KcUwpfWUM2_mBae6UA8ttk4wBHdxxQ-1IBxyCOn3LWE08SDhpnBcJ7N5Vze48F2t8a1R_hXt7PX1BvgTM0pn-T4JkqGTm_tlmV4RmU3GT-dgn");
-        request.setCookie("f1", "<A HREF=\"http://66.102.7.147/\">XSS</A>");
-        request.setCookie("load-balancing", "pass");
-        request.setCookie("'bypass", "fail");
-        Cookie[] cookies = safeRequest.getCookies();
-        assertEquals(cookies[0].getValue(), request.getCookies()[0].getValue());
-        assertEquals(cookies[1].getName(), request.getCookies()[2].getName());
-        assertTrue(cookies.length == 2);
-    }
-
-    public void testGetHeader() {
-//testing Validator.HTTPHeaderValue
-        MockHttpServletRequest request = new MockHttpServletRequest();
-        SecurityWrapperRequest safeRequest = new SecurityWrapperRequest(request);
-        request.addHeader("p1", "login");
-        request.addHeader("f1", "<A HREF=\"http://0x42.0x0000066.0x7.0x93/\">XSS</A>");
-        request.addHeader("p2", generateStringOfLength(150));
-        request.addHeader("f2", generateStringOfLength(151));
-        assertEquals(safeRequest.getHeader("p1"), request.getHeader("p1"));
-        assertEquals(safeRequest.getHeader("p2"), request.getHeader("p2"));
-        assertFalse(safeRequest.getHeader("f1").equals(request.getHeader("f1")));
-        assertFalse(safeRequest.getHeader("f2").equals(request.getHeader("f2")));
-        assertNull(safeRequest.getHeader("p3"));
-    }
-
-    public void testGetHeaderNames() {
-//testing Validator.HTTPHeaderName
-        MockHttpServletRequest request = new MockHttpServletRequest();
-        SecurityWrapperRequest safeRequest = new SecurityWrapperRequest(request);
-        request.addHeader("d-49653-p", "pass");
-        request.addHeader("<img ", "fail");
-        request.addHeader(generateStringOfLength(32), "pass");
-        request.addHeader(generateStringOfLength(33), "fail");
-        assertEquals(Collections.list(safeRequest.getHeaderNames()).size(), 2);
-    }
-
-    public void testGetQueryString() {
-//testing Validator.HTTPQueryString
-        MockHttpServletRequest request = new MockHttpServletRequest();
-        SecurityWrapperRequest safeRequest = new SecurityWrapperRequest(request);
-        request.setQueryString("mail=bob@alice.com&passwd=" + new String(EncoderConstants.CHAR_PASSWORD_SPECIALS));// TODO, fix this + "&special=�����");
-        assertEquals(safeRequest.getQueryString(), request.getQueryString());
-        request.setQueryString("mail=<IMG SRC=\"jav\tascript:alert('XSS');\">");
-        assertFalse(safeRequest.getQueryString().equals(request.getQueryString()));
-        request.setQueryString("mail=bob@alice.com-passwd=johny");
-        assertTrue(safeRequest.getQueryString().equals(request.getQueryString()));
-        request.setQueryString("mail=bob@alice.com-passwd=johny&special"); //= is missing!
-        assertFalse(safeRequest.getQueryString().equals(request.getQueryString()));
-    }
-
-    public void testGetRequestURI() {
-//testing Validator.HTTPURI
-        MockHttpServletRequest request = new MockHttpServletRequest();
-        SecurityWrapperRequest safeRequest = new SecurityWrapperRequest(request);
-        try {
-            request.setRequestURI("/app/page.jsp");
-        } catch (UnsupportedEncodingException ignored) {
-        }
-        assertEquals(safeRequest.getRequestURI(), request.getRequestURI());
-    }
-
-    private String generateStringOfLength(int length) {
-        StringBuilder longString = new StringBuilder();
-        for (int i = 0; i < length; i++) {
-            longString.append("a");
-        }
-        return longString.toString();
-    }
-
-    public void testGetContextPath() {
-        // Root Context Path ("")
-        assertTrue(ESAPI.validator().isValidInput("HTTPContextPath", "", "HTTPContextPath", 512, true));
-        // Deployed Context Path ("/context")
-        assertTrue(ESAPI.validator().isValidInput("HTTPContextPath", "/context", "HTTPContextPath", 512, true));
-        // Fail-case - URL Splitting
-        assertFalse(ESAPI.validator().isValidInput("HTTPContextPath", "/\\nGET http://evil.com", "HTTPContextPath", 512, true));
-    }
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference;
+
+import java.io.BufferedReader;
+import java.io.ByteArrayInputStream;
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.io.UnsupportedEncodingException;
+import java.text.DateFormat;
+import java.text.SimpleDateFormat;
+import java.util.*;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+import org.owasp.esapi.*;
+import org.owasp.esapi.errors.ValidationException;
+import org.owasp.esapi.filters.SecurityWrapperRequest;
+import org.owasp.esapi.http.MockHttpServletRequest;
+import org.owasp.esapi.http.MockHttpServletResponse;
+import org.owasp.esapi.reference.validation.HTMLValidationRule;
+import org.owasp.esapi.reference.validation.StringValidationRule;
+
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+
+/**
+ * The Class ValidatorTest.
+ *
+ * @author Mike Fauzy (mike.fauzy@aspectsecurity.com)
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class ValidatorTest extends TestCase {
+
+    private static final String PREFERRED_ENCODING = "UTF-8";
+
+    public static Test suite() {
+        return new TestSuite(ValidatorTest.class);
+    }
+
+    /**
+     * Instantiates a new HTTP utilities test.
+     *
+     * @param testName the test name
+     */
+    public ValidatorTest(String testName) {
+        super(testName);
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * @throws Exception
+     */
+    protected void setUp() throws Exception {
+        // none
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * @throws Exception
+     */
+    protected void tearDown() throws Exception {
+        // none
+    }
+
+    public void testAddRule() {
+        Validator validator = ESAPI.validator();
+        ValidationRule rule = new StringValidationRule("ridiculous");
+        validator.addRule(rule);
+        assertEquals(rule, validator.getRule("ridiculous"));
+    }
+
+    public void testAssertValidFileUpload() {
+        //		assertValidFileUpload(String, String, String, byte[], int, boolean, ValidationErrorList)
+    }
+
+    public void testGetPrintable1() {
+        //		getValidPrintable(String, char[], int, boolean, ValidationErrorList)
+    }
+
+    public void testGetPrintable2() {
+        //		getValidPrintable(String, String, int, boolean, ValidationErrorList)
+    }
+
+    public void testGetRule() {
+        Validator validator = ESAPI.validator();
+        ValidationRule rule = new StringValidationRule("rule");
+        validator.addRule(rule);
+        assertEquals(rule, validator.getRule("rule"));
+        assertFalse(rule == validator.getRule("ridiculous"));
+    }
+
+    public void testGetValidCreditCard() {
+        System.out.println("getValidCreditCard");
+        Validator instance = ESAPI.validator();
+        ValidationErrorList errors = new ValidationErrorList();
+
+        assertTrue(instance.isValidCreditCard("cctest1", "1234 9876 0000 0008", false));
+        assertTrue(instance.isValidCreditCard("cctest2", "1234987600000008", false));
+        assertFalse(instance.isValidCreditCard("cctest3", "12349876000000081", false));
+        assertFalse(instance.isValidCreditCard("cctest4", "4417 1234 5678 9112", false));
+
+        instance.getValidCreditCard("cctest5", "1234 9876 0000 0008", false, errors);
+        assertEquals(0, errors.size());
+        instance.getValidCreditCard("cctest6", "1234987600000008", false, errors);
+        assertEquals(0, errors.size());
+        instance.getValidCreditCard("cctest7", "12349876000000081", false, errors);
+        assertEquals(1, errors.size());
+        instance.getValidCreditCard("cctest8", "4417 1234 5678 9112", false, errors);
+        assertEquals(2, errors.size());
+
+        assertTrue(instance.isValidCreditCard("cctest1", "1234 9876 0000 0008", false, errors));
+        assertTrue(errors.size()==2);
+        assertTrue(instance.isValidCreditCard("cctest2", "1234987600000008", false, errors));
+        assertTrue(errors.size()==2);
+        assertFalse(instance.isValidCreditCard("cctest3", "12349876000000081", false, errors));
+        assertTrue(errors.size()==3);
+        assertFalse(instance.isValidCreditCard("cctest4", "4417 1234 5678 9112", false, errors));
+        assertTrue(errors.size()==4);
+    }
+
+    public void testGetValidDate() throws Exception {
+    	System.out.println("getValidDate");
+    	Validator instance = ESAPI.validator();
+    	ValidationErrorList errors = new ValidationErrorList();
+    	assertTrue(instance.getValidDate("datetest1", "June 23, 1967", DateFormat.getDateInstance(DateFormat.MEDIUM, Locale.US), false) != null);
+    	instance.getValidDate("datetest2", "freakshow", DateFormat.getDateInstance(), false, errors);
+    	assertEquals(1, errors.size());
+
+    	// TODO: This test case fails due to an apparent bug in SimpleDateFormat
+    	// Note: This seems to be fixed in JDK 6. Will leave it commented out since
+    	//		 we only require JDK 5. -kww
+    	instance.getValidDate("test", "June 32, 2008", DateFormat.getDateInstance(), false, errors);
+    	// assertEquals( 2, errors.size() );
+    }
+    
+    // FIXME: Should probably use SecurityConfigurationWrapper and force
+    //		  Validator.AcceptLenientDates to be false.
+    public void testLenientDate() {
+    	System.out.println("testLenientDate");
+    	boolean acceptLenientDates = ESAPI.securityConfiguration().getLenientDatesAccepted();
+    	if ( acceptLenientDates ) {
+    		assertTrue("Lenient date test skipped because Validator.AcceptLenientDates set to true", true);
+    		return;
+    	}
+
+    	Date lenientDateTest = null;
+    	try {
+    		// lenientDateTest will be null when Validator.AcceptLenientDates
+    		// is set to false (the default).
+    		Validator instance = ESAPI.validator();
+    		lenientDateTest = instance.getValidDate("datatest3-lenient", "15/2/2009 11:83:00",
+    				                                DateFormat.getDateInstance(DateFormat.SHORT, Locale.US),
+    				                                false);
+    		fail("Failed to throw expected ValidationException when Validator.AcceptLenientDates set to false.");
+    	} catch (ValidationException ve) {
+    		assertNull( lenientDateTest );
+    		Throwable cause = ve.getCause();
+    		assertTrue( cause.getClass().getName().equals("java.text.ParseException") );
+    	} catch (Exception e) {
+    		fail("Caught unexpected exception: " + e.getClass().getName() + "; msg: " + e);
+    	}
+    }
+
+    public void testGetValidDirectoryPath() throws Exception {
+        System.out.println("getValidDirectoryPath");
+        Validator instance = ESAPI.validator();
+        ValidationErrorList errors = new ValidationErrorList();
+        // find a directory that exists
+        File parent = new File("/");
+        String path = ESAPI.securityConfiguration().getResourceFile("ESAPI.properties").getParentFile().getCanonicalPath();
+        instance.getValidDirectoryPath("dirtest1", path, parent, true, errors);
+        assertEquals(0, errors.size());
+        instance.getValidDirectoryPath("dirtest2", null, parent, false, errors);
+        assertEquals(1, errors.size());
+        instance.getValidDirectoryPath("dirtest3", "ridicul%00ous", parent, false, errors);
+        assertEquals(2, errors.size());
+    }
+
+    public void testGetValidDouble() {
+        System.out.println("getValidDouble");
+        Validator instance = ESAPI.validator();
+        ValidationErrorList errors = new ValidationErrorList();
+        instance.getValidDouble("dtest1", "1.0", 0, 20, true, errors);
+        assertEquals(0, errors.size());
+        instance.getValidDouble("dtest2", null, 0, 20, true, errors);
+        assertEquals(0, errors.size());
+        instance.getValidDouble("dtest3", null, 0, 20, false, errors);
+        assertEquals(1, errors.size());
+        instance.getValidDouble("dtest4", "ridiculous", 0, 20, true, errors);
+        assertEquals(2, errors.size());
+        instance.getValidDouble("dtest5", "" + (Double.MAX_VALUE), 0, 20, true, errors);
+        assertEquals(3, errors.size());
+        instance.getValidDouble("dtest6", "" + (Double.MAX_VALUE + .00001), 0, 20, true, errors);
+        assertEquals(4, errors.size());
+    }
+
+    public void testGetValidFileContent() {
+        System.out.println("getValidFileContent");
+        Validator instance = ESAPI.validator();
+        ValidationErrorList errors = new ValidationErrorList();
+        byte[] bytes = null;
+        try {
+            bytes = "12345".getBytes(PREFERRED_ENCODING);
+        }
+        catch (UnsupportedEncodingException e) {
+            fail(PREFERRED_ENCODING + " not a supported encoding?!?!!");
+        }
+        instance.getValidFileContent("test", bytes, 5, true, errors);
+        assertEquals(0, errors.size());
+        instance.getValidFileContent("test", bytes, 4, true, errors);
+        assertEquals(1, errors.size());
+    }
+
+    public void testGetValidFileName() throws Exception {
+        System.out.println("getValidFileName");
+        Validator instance = ESAPI.validator();
+        ValidationErrorList errors = new ValidationErrorList();
+        String testName = "aspe%20ct.jar";
+        assertEquals("Percent encoding is not changed", testName, instance.getValidFileName("test", testName, ESAPI.securityConfiguration().getAllowedFileExtensions(), false, errors));
+    }
+
+    public void testGetValidInput() {
+        System.out.println("getValidInput");
+        Validator instance = ESAPI.validator();
+        ValidationErrorList errors = new ValidationErrorList();
+        // instance.getValidInput(String, String, String, int, boolean, ValidationErrorList)
+    }
+
+    public void testGetValidInteger() {
+        System.out.println("getValidInteger");
+        Validator instance = ESAPI.validator();
+        ValidationErrorList errors = new ValidationErrorList();
+        // instance.getValidInteger(String, String, int, int, boolean, ValidationErrorList)
+    }
+
+    public void testGetValidListItem() {
+        System.out.println("getValidListItem");
+        Validator instance = ESAPI.validator();
+        ValidationErrorList errors = new ValidationErrorList();
+        // instance.getValidListItem(String, String, List, ValidationErrorList)
+    }
+
+    public void testGetValidNumber() {
+        System.out.println("getValidNumber");
+        Validator instance = ESAPI.validator();
+        ValidationErrorList errors = new ValidationErrorList();
+        // instance.getValidNumber(String, String, long, long, boolean, ValidationErrorList)
+    }
+
+    public void testGetValidRedirectLocation() {
+        System.out.println("getValidRedirectLocation");
+        Validator instance = ESAPI.validator();
+        ValidationErrorList errors = new ValidationErrorList();
+        // instance.getValidRedirectLocation(String, String, boolean, ValidationErrorList)
+    }
+
+    public void testGetValidSafeHTML() throws Exception {
+        System.out.println("getValidSafeHTML");
+        Validator instance = ESAPI.validator();
+        ValidationErrorList errors = new ValidationErrorList();
+
+        // new school test case setup
+        HTMLValidationRule rule = new HTMLValidationRule("test");
+        ESAPI.validator().addRule(rule);
+
+        assertEquals("Test.", ESAPI.validator().getRule("test").getValid("test", "Test. <script>alert(document.cookie)</script>"));
+
+        String test1 = "<b>Jeff</b>";
+        String result1 = instance.getValidSafeHTML("test", test1, 100, false, errors);
+        assertEquals(test1, result1);
+
+        String test2 = "<a href=\"http://www.aspectsecurity.com\">Aspect Security</a>";
+        String result2 = instance.getValidSafeHTML("test", test2, 100, false, errors);
+        assertEquals(test2, result2);
+
+        String test3 = "Test. <script>alert(document.cookie)</script>";
+        assertEquals("Test.", rule.getSafe("test", test3));
+
+        assertEquals("Test. &lt;<div>load=alert()</div>", rule.getSafe("test", "Test. <<div on<script></script>load=alert()"));
+        assertEquals("Test. <div>b</div>", rule.getSafe("test", "Test. <div style={xss:expression(xss)}>b</div>"));
+        assertEquals("Test. alert(document.cookie)", rule.getSafe("test", "Test. <s%00cript>alert(document.cookie)</script>"));
+        assertEquals("Test. alert(document.cookie)", rule.getSafe("test", "Test. <s\tcript>alert(document.cookie)</script>"));
+        assertEquals("Test. alert(document.cookie)", rule.getSafe("test", "Test. <s\tcript>alert(document.cookie)</script>"));
+        // TODO: ENHANCE waiting for a way to validate text headed for an attribute for scripts
+        // This would be nice to catch, but just looks like text to AntiSamy
+        // assertFalse(instance.isValidSafeHTML("test", "\" onload=\"alert(document.cookie)\" "));
+        // String result4 = instance.getValidSafeHTML("test", test4);
+        // assertEquals("", result4);
+    }
+
+    public void testIsInvalidFilename() {
+        System.out.println("testIsInvalidFilename");
+        Validator instance = ESAPI.validator();
+        char invalidChars[] = "/\\:*?\"<>|".toCharArray();
+        for (int i = 0; i < invalidChars.length; i++) {
+            assertFalse(invalidChars[i] + " is an invalid character for a filename",
+                    instance.isValidFileName("test", "as" + invalidChars[i] + "pect.jar", false));
+        }
+        assertFalse("Files must have an extension", instance.isValidFileName("test", "", false));
+        assertFalse("Files must have a valid extension", instance.isValidFileName("test.invalidExtension", "", false));
+        assertFalse("Filennames cannot be the empty string", instance.isValidFileName("test", "", false));
+    }
+
+    public void testIsValidDate() {
+        System.out.println("isValidDate");
+        Validator instance = ESAPI.validator();
+        DateFormat format = SimpleDateFormat.getDateInstance(SimpleDateFormat.MEDIUM, Locale.US);
+        assertTrue(instance.isValidDate("datetest1", "September 11, 2001", format, true));
+        assertFalse(instance.isValidDate("datetest2", null, format, false));
+        assertFalse(instance.isValidDate("datetest3", "", format, false));
+
+        ValidationErrorList errors = new ValidationErrorList();
+        assertTrue(instance.isValidDate("datetest1", "September 11, 2001", format, true, errors));
+        assertTrue(errors.size()==0);
+        assertFalse(instance.isValidDate("datetest2", null, format, false, errors));
+        assertTrue(errors.size()==1);
+        assertFalse(instance.isValidDate("datetest3", "", format, false, errors));
+        assertTrue(errors.size()==2);
+
+    }
+
+    public void testIsValidDirectoryPath() throws IOException {
+        System.out.println("isValidDirectoryPath");
+
+        // get an encoder with a special list of codecs and make a validator out of it
+        List list = new ArrayList();
+        list.add("HTMLEntityCodec");
+        Encoder encoder = new DefaultEncoder(list);
+        Validator instance = new DefaultValidator(encoder);
+
+        boolean isWindows = (System.getProperty("os.name").indexOf("Windows") != -1) ? true : false;
+        File parent = new File("/");
+
+        ValidationErrorList errors = new ValidationErrorList();
+
+        if (isWindows) {
+            String sysRoot = new File(System.getenv("SystemRoot")).getCanonicalPath();
+            // Windows paths that don't exist and thus should fail
+            assertFalse(instance.isValidDirectoryPath("test", "c:\\ridiculous", parent, false));
+            assertFalse(instance.isValidDirectoryPath("test", "c:\\jeff", parent, false));
+            assertFalse(instance.isValidDirectoryPath("test", "c:\\temp\\..\\etc", parent, false));
+
+            // Windows paths
+            assertTrue(instance.isValidDirectoryPath("test", "C:\\", parent, false));                        // Windows root directory
+            assertTrue(instance.isValidDirectoryPath("test", sysRoot, parent, false));                  // Windows always exist directory
+            assertFalse(instance.isValidDirectoryPath("test", sysRoot + "\\System32\\cmd.exe", parent, false));      // Windows command shell
+
+            // Unix specific paths should not pass
+            assertFalse(instance.isValidDirectoryPath("test", "/tmp", parent, false));      // Unix Temporary directory
+            assertFalse(instance.isValidDirectoryPath("test", "/bin/sh", parent, false));   // Unix Standard shell
+            assertFalse(instance.isValidDirectoryPath("test", "/etc/config", parent, false));
+
+            // Unix specific paths that should not exist or work
+            assertFalse(instance.isValidDirectoryPath("test", "/etc/ridiculous", parent, false));
+            assertFalse(instance.isValidDirectoryPath("test", "/tmp/../etc", parent, false));
+
+            assertFalse(instance.isValidDirectoryPath("test1", "c:\\ridiculous", parent, false, errors));
+            assertTrue(errors.size()==1);
+            assertFalse(instance.isValidDirectoryPath("test2", "c:\\jeff", parent, false, errors));
+            assertTrue(errors.size()==2);
+            assertFalse(instance.isValidDirectoryPath("test3", "c:\\temp\\..\\etc", parent, false, errors));
+            assertTrue(errors.size()==3);
+
+            // Windows paths
+            assertTrue(instance.isValidDirectoryPath("test4", "C:\\", parent, false, errors));                        // Windows root directory
+            assertTrue(errors.size()==3);
+            assertTrue(instance.isValidDirectoryPath("test5", sysRoot, parent, false, errors));                  // Windows always exist directory
+            assertTrue(errors.size()==3);
+            assertFalse(instance.isValidDirectoryPath("test6", sysRoot + "\\System32\\cmd.exe", parent, false, errors));      // Windows command shell
+            assertTrue(errors.size()==4);
+
+            // Unix specific paths should not pass
+            assertFalse(instance.isValidDirectoryPath("test7", "/tmp", parent, false, errors));      // Unix Temporary directory
+            assertTrue(errors.size()==5);
+            assertFalse(instance.isValidDirectoryPath("test8", "/bin/sh", parent, false, errors));   // Unix Standard shell
+            assertTrue(errors.size()==6);
+            assertFalse(instance.isValidDirectoryPath("test9", "/etc/config", parent, false, errors));
+            assertTrue(errors.size()==7);
+
+            // Unix specific paths that should not exist or work
+            assertFalse(instance.isValidDirectoryPath("test10", "/etc/ridiculous", parent, false, errors));
+            assertTrue(errors.size()==8);
+            assertFalse(instance.isValidDirectoryPath("test11", "/tmp/../etc", parent, false, errors));
+            assertTrue(errors.size()==9);
+
+        } else {
+            // Windows paths should fail
+            assertFalse(instance.isValidDirectoryPath("test", "c:\\ridiculous", parent, false));
+            assertFalse(instance.isValidDirectoryPath("test", "c:\\temp\\..\\etc", parent, false));
+
+            // Standard Windows locations should fail
+            assertFalse(instance.isValidDirectoryPath("test", "c:\\", parent, false));                        // Windows root directory
+            assertFalse(instance.isValidDirectoryPath("test", "c:\\Windows\\temp", parent, false));               // Windows temporary directory
+            assertFalse(instance.isValidDirectoryPath("test", "c:\\Windows\\System32\\cmd.exe", parent, false));   // Windows command shell
+
+            // Unix specific paths should pass
+            assertTrue(instance.isValidDirectoryPath("test", "/", parent, false));         // Root directory
+            assertTrue(instance.isValidDirectoryPath("test", "/bin", parent, false));      // Always exist directory
+
+            // Unix specific paths that should not exist or work
+            assertFalse(instance.isValidDirectoryPath("test", "/bin/sh", parent, false));   // Standard shell, not dir
+            assertFalse(instance.isValidDirectoryPath("test", "/etc/ridiculous", parent, false));
+            assertFalse(instance.isValidDirectoryPath("test", "/tmp/../etc", parent, false));
+
+            // Windows paths should fail
+            assertFalse(instance.isValidDirectoryPath("test1", "c:\\ridiculous", parent, false, errors));
+            assertTrue(errors.size()==1);
+            assertFalse(instance.isValidDirectoryPath("test2", "c:\\temp\\..\\etc", parent, false, errors));
+            assertTrue(errors.size()==2);
+
+            // Standard Windows locations should fail
+            assertFalse(instance.isValidDirectoryPath("test3", "c:\\", parent, false, errors));                        // Windows root directory
+            assertTrue(errors.size()==3);
+            assertFalse(instance.isValidDirectoryPath("test4", "c:\\Windows\\temp", parent, false, errors));               // Windows temporary directory
+            assertTrue(errors.size()==4);
+            assertFalse(instance.isValidDirectoryPath("test5", "c:\\Windows\\System32\\cmd.exe", parent, false, errors));   // Windows command shell
+            assertTrue(errors.size()==5);
+
+            // Unix specific paths should pass
+            assertTrue(instance.isValidDirectoryPath("test6", "/", parent, false, errors));         // Root directory
+            assertTrue(errors.size()==5);
+            assertTrue(instance.isValidDirectoryPath("test7", "/bin", parent, false, errors));      // Always exist directory
+            assertTrue(errors.size()==5);
+
+            // Unix specific paths that should not exist or work
+            assertFalse(instance.isValidDirectoryPath("test8", "/bin/sh", parent, false, errors));   // Standard shell, not dir
+            assertTrue(errors.size()==6);
+            assertFalse(instance.isValidDirectoryPath("test9", "/etc/ridiculous", parent, false, errors));
+            assertTrue(errors.size()==7);
+            assertFalse(instance.isValidDirectoryPath("test10", "/tmp/../etc", parent, false, errors));
+            assertTrue(errors.size()==8);
+        }
+    }
+
+    public void TestIsValidDirectoryPath() {
+        // isValidDirectoryPath(String, String, boolean)
+    }
+
+    public void testIsValidDouble() {
+        // isValidDouble(String, String, double, double, boolean)
+    	Validator instance = ESAPI.validator();
+    	ValidationErrorList errors = new ValidationErrorList();
+    	//testing negative range
+        assertFalse(instance.isValidDouble("test1", "-4", 1, 10, false, errors));
+        assertTrue(errors.size() == 1);
+        assertTrue(instance.isValidDouble("test2", "-4", -10, 10, false, errors));
+        assertTrue(errors.size() == 1);
+        //testing null value
+        assertTrue(instance.isValidDouble("test3", null, -10, 10, true, errors));
+        assertTrue(errors.size() == 1);
+        assertFalse(instance.isValidDouble("test4", null, -10, 10, false, errors));
+        assertTrue(errors.size() == 2);
+        //testing empty string
+        assertTrue(instance.isValidDouble("test5", "", -10, 10, true, errors));
+        assertTrue(errors.size() == 2);
+        assertFalse(instance.isValidDouble("test6", "", -10, 10, false, errors));
+        assertTrue(errors.size() == 3);
+        //testing improper range
+        assertFalse(instance.isValidDouble("test7", "50.0", 10, -10, false, errors));
+        assertTrue(errors.size() == 4);
+        //testing non-integers
+        assertTrue(instance.isValidDouble("test8", "4.3214", -10, 10, true, errors));
+        assertTrue(errors.size() == 4);
+        assertTrue(instance.isValidDouble("test9", "-1.65", -10, 10, true, errors));
+        assertTrue(errors.size() == 4);
+        //other testing
+        assertTrue(instance.isValidDouble("test10", "4", 1, 10, false, errors));
+        assertTrue(errors.size() == 4);
+        assertTrue(instance.isValidDouble("test11", "400", 1, 10000, false, errors));
+        assertTrue(errors.size() == 4);
+        assertTrue(instance.isValidDouble("test12", "400000000", 1, 400000000, false, errors));
+        assertTrue(errors.size() == 4);
+        assertFalse(instance.isValidDouble("test13", "4000000000000", 1, 10000, false, errors));
+        assertTrue(errors.size() == 5);
+        assertFalse(instance.isValidDouble("test14", "alsdkf", 10, 10000, false, errors));
+        assertTrue(errors.size() == 6);
+        assertFalse(instance.isValidDouble("test15", "--10", 10, 10000, false, errors));
+        assertTrue(errors.size() == 7);
+        assertFalse(instance.isValidDouble("test16", "14.1414234x", 10, 10000, false, errors));
+        assertTrue(errors.size() == 8);
+        assertFalse(instance.isValidDouble("test17", "Infinity", 10, 10000, false, errors));
+        assertTrue(errors.size() == 9);
+        assertFalse(instance.isValidDouble("test18", "-Infinity", 10, 10000, false, errors));
+        assertTrue(errors.size() == 10);
+        assertFalse(instance.isValidDouble("test19", "NaN", 10, 10000, false, errors));
+        assertTrue(errors.size() == 11);
+        assertFalse(instance.isValidDouble("test20", "-NaN", 10, 10000, false, errors));
+        assertTrue(errors.size() == 12);
+        assertFalse(instance.isValidDouble("test21", "+NaN", 10, 10000, false, errors));
+        assertTrue(errors.size() == 13);
+        assertTrue(instance.isValidDouble("test22", "1e-6", -999999999, 999999999, false, errors));
+        assertTrue(errors.size() == 13);
+        assertTrue(instance.isValidDouble("test23", "-1e-6", -999999999, 999999999, false, errors));
+        assertTrue(errors.size() == 13);
+    }
+
+    public void testIsValidFileContent() {
+        System.out.println("isValidFileContent");
+        byte[] content = null;
+        try {
+            content = "This is some file content".getBytes(PREFERRED_ENCODING);
+        }
+        catch (UnsupportedEncodingException e) {
+            fail(PREFERRED_ENCODING + " not a supported encoding?!?!!!");
+        }
+        Validator instance = ESAPI.validator();
+        assertTrue(instance.isValidFileContent("test", content, 100, false));
+    }
+
+    public void testIsValidFileName() {
+        System.out.println("isValidFileName");
+        Validator instance = ESAPI.validator();
+        assertTrue("Simple valid filename with a valid extension", instance.isValidFileName("test", "aspect.jar", false));
+        assertTrue("All valid filename characters are accepted", instance.isValidFileName("test", "!@#$%^&{}[]()_+-=,.~'` abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890.jar", false));
+        assertTrue("Legal filenames that decode to legal filenames are accepted", instance.isValidFileName("test", "aspe%20ct.jar", false));
+
+        ValidationErrorList errors = new ValidationErrorList();
+        assertTrue("Simple valid filename with a valid extension", instance.isValidFileName("test", "aspect.jar", false, errors));
+        assertTrue("All valid filename characters are accepted", instance.isValidFileName("test", "!@#$%^&{}[]()_+-=,.~'` abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890.jar", false, errors));
+        assertTrue("Legal filenames that decode to legal filenames are accepted", instance.isValidFileName("test", "aspe%20ct.jar", false, errors));
+        assertTrue(errors.size() == 0);
+    }
+
+    public void testIsValidFileUpload() throws IOException {
+        System.out.println("isValidFileUpload");
+        String filepath = new File(System.getProperty("user.dir")).getCanonicalPath();
+        String filename = "aspect.jar";
+        File parent = new File("/").getCanonicalFile();
+        ValidationErrorList errors = new ValidationErrorList();
+        byte[] content = null;
+        try {
+            content = "This is some file content".getBytes(PREFERRED_ENCODING);
+        }
+        catch (UnsupportedEncodingException e) {
+            fail(PREFERRED_ENCODING + " not a supported encoding?!?!!!");
+        }
+        Validator instance = ESAPI.validator();
+        assertTrue(instance.isValidFileUpload("test", filepath, filename, parent, content, 100, false));
+        assertTrue(instance.isValidFileUpload("test", filepath, filename, parent, content, 100, false, errors));
+        assertTrue(errors.size() == 0);
+
+        filepath = "/ridiculous";
+        filename = "aspect.jar";
+        try {
+            content = "This is some file content".getBytes(PREFERRED_ENCODING);
+        }
+        catch (UnsupportedEncodingException e) {
+            fail(PREFERRED_ENCODING + " not a supported encoding?!?!!!");
+        }
+        assertFalse(instance.isValidFileUpload("test", filepath, filename, parent, content, 100, false));
+        assertFalse(instance.isValidFileUpload("test", filepath, filename, parent, content, 100, false, errors));
+        assertTrue(errors.size() == 1);
+    }
+
+    public void testIsValidHTTPRequestParameterSet() {
+        //		isValidHTTPRequestParameterSet(String, Set, Set)
+    }
+
+    public void testisValidInput() {
+        System.out.println("isValidInput");
+        Validator instance = ESAPI.validator();
+        assertTrue(instance.isValidInput("test", "jeff.williams@aspectsecurity.com", "Email", 100, false));
+        assertFalse(instance.isValidInput("test", "jeff.williams@@aspectsecurity.com", "Email", 100, false));
+        assertFalse(instance.isValidInput("test", "jeff.williams@aspectsecurity", "Email", 100, false));
+        assertTrue(instance.isValidInput("test", "jeff.wil'liams@aspectsecurity.com", "Email", 100, false));
+        assertTrue(instance.isValidInput("test", "jeff.wil''liams@aspectsecurity.com", "Email", 100, false));
+        assertTrue(instance.isValidInput("test", "123.168.100.234", "IPAddress", 100, false));
+        assertTrue(instance.isValidInput("test", "192.168.1.234", "IPAddress", 100, false));
+        assertFalse(instance.isValidInput("test", "..168.1.234", "IPAddress", 100, false));
+        assertFalse(instance.isValidInput("test", "10.x.1.234", "IPAddress", 100, false));
+        assertTrue(instance.isValidInput("test", "http://www.aspectsecurity.com", "URL", 100, false));
+        assertFalse(instance.isValidInput("test", "http:///www.aspectsecurity.com", "URL", 100, false));
+        assertFalse(instance.isValidInput("test", "http://www.aspect security.com", "URL", 100, false));
+        assertTrue(instance.isValidInput("test", "078-05-1120", "SSN", 100, false));
+        assertTrue(instance.isValidInput("test", "078 05 1120", "SSN", 100, false));
+        assertTrue(instance.isValidInput("test", "078051120", "SSN", 100, false));
+        assertFalse(instance.isValidInput("test", "987-65-4320", "SSN", 100, false));
+        assertFalse(instance.isValidInput("test", "000-00-0000", "SSN", 100, false));
+        assertFalse(instance.isValidInput("test", "(555) 555-5555", "SSN", 100, false));
+        assertFalse(instance.isValidInput("test", "test", "SSN", 100, false));
+        assertTrue(instance.isValidInput("test", "jeffWILLIAMS123", "HTTPParameterValue", 100, false));
+        assertTrue(instance.isValidInput("test", "jeff .-/+=@_ WILLIAMS", "HTTPParameterValue", 100, false));
+        // Removed per Issue 116 - The '*' character is valid as a parameter character
+//        assertFalse(instance.isValidInput("test", "jeff*WILLIAMS", "HTTPParameterValue", 100, false));
+        assertFalse(instance.isValidInput("test", "jeff^WILLIAMS", "HTTPParameterValue", 100, false));
+        assertFalse(instance.isValidInput("test", "jeff\\WILLIAMS", "HTTPParameterValue", 100, false));
+
+        assertTrue(instance.isValidInput("test", null, "Email", 100, true));
+        assertFalse(instance.isValidInput("test", null, "Email", 100, false));
+
+        ValidationErrorList errors = new ValidationErrorList();
+
+        assertTrue(instance.isValidInput("test1", "jeff.williams@aspectsecurity.com", "Email", 100, false, errors));
+        assertTrue(errors.size()==0);
+        assertFalse(instance.isValidInput("test2", "jeff.williams@@aspectsecurity.com", "Email", 100, false, errors));
+        assertTrue(errors.size()==1);
+        assertFalse(instance.isValidInput("test3", "jeff.williams@aspectsecurity", "Email", 100, false, errors));
+        assertTrue(errors.size()==2);
+        assertTrue(instance.isValidInput("test4", "jeff.wil'liams@aspectsecurity.com", "Email", 100, false, errors));
+        assertTrue(errors.size()==2);
+        assertTrue(instance.isValidInput("test5", "jeff.wil''liams@aspectsecurity.com", "Email", 100, false, errors));
+        assertTrue(errors.size()==2);
+        assertTrue(instance.isValidInput("test6", "123.168.100.234", "IPAddress", 100, false, errors));
+        assertTrue(errors.size()==2);
+        assertTrue(instance.isValidInput("test7", "192.168.1.234", "IPAddress", 100, false, errors));
+        assertTrue(errors.size()==2);
+        assertFalse(instance.isValidInput("test8", "..168.1.234", "IPAddress", 100, false, errors));
+        assertTrue(errors.size()==3);
+        assertFalse(instance.isValidInput("test9", "10.x.1.234", "IPAddress", 100, false, errors));
+        assertTrue(errors.size()==4);
+        assertTrue(instance.isValidInput("test10", "http://www.aspectsecurity.com", "URL", 100, false, errors));
+        assertTrue(errors.size()==4);
+        assertFalse(instance.isValidInput("test11", "http:///www.aspectsecurity.com", "URL", 100, false, errors));
+        assertTrue(errors.size()==5);
+        assertFalse(instance.isValidInput("test12", "http://www.aspect security.com", "URL", 100, false, errors));
+        assertTrue(errors.size()==6);
+        assertTrue(instance.isValidInput("test13", "078-05-1120", "SSN", 100, false, errors));
+        assertTrue(errors.size()==6);
+        assertTrue(instance.isValidInput("test14", "078 05 1120", "SSN", 100, false, errors));
+        assertTrue(errors.size()==6);
+        assertTrue(instance.isValidInput("test15", "078051120", "SSN", 100, false, errors));
+        assertTrue(errors.size()==6);
+        assertFalse(instance.isValidInput("test16", "987-65-4320", "SSN", 100, false, errors));
+        assertTrue(errors.size()==7);
+        assertFalse(instance.isValidInput("test17", "000-00-0000", "SSN", 100, false, errors));
+        assertTrue(errors.size()==8);
+        assertFalse(instance.isValidInput("test18", "(555) 555-5555", "SSN", 100, false, errors));
+        assertTrue(errors.size()==9);
+        assertFalse(instance.isValidInput("test19", "test", "SSN", 100, false, errors));
+        assertTrue(errors.size()==10);
+        assertTrue(instance.isValidInput("test20", "jeffWILLIAMS123", "HTTPParameterValue", 100, false, errors));
+        assertTrue(errors.size()==10);
+        assertTrue(instance.isValidInput("test21", "jeff .-/+=@_ WILLIAMS", "HTTPParameterValue", 100, false, errors));
+        assertTrue(errors.size()==10);
+        // Removed per Issue 116 - The '*' character is valid as a parameter character
+//        assertFalse(instance.isValidInput("test", "jeff*WILLIAMS", "HTTPParameterValue", 100, false));
+        assertFalse(instance.isValidInput("test22", "jeff^WILLIAMS", "HTTPParameterValue", 100, false, errors));
+        assertTrue(errors.size()==11);
+        assertFalse(instance.isValidInput("test23", "jeff\\WILLIAMS", "HTTPParameterValue", 100, false, errors));
+        assertTrue(errors.size()==12);
+
+        assertTrue(instance.isValidInput("test", null, "Email", 100, true, errors));
+        assertFalse(instance.isValidInput("test", null, "Email", 100, false, errors));
+    }
+
+    public void testIsValidInteger() {
+        System.out.println("isValidInteger");
+        Validator instance = ESAPI.validator();
+        //testing negative range
+        assertFalse(instance.isValidInteger("test", "-4", 1, 10, false));
+        assertTrue(instance.isValidInteger("test", "-4", -10, 10, false));
+        //testing null value
+        assertTrue(instance.isValidInteger("test", null, -10, 10, true));
+        assertFalse(instance.isValidInteger("test", null, -10, 10, false));
+        //testing empty string
+        assertTrue(instance.isValidInteger("test", "", -10, 10, true));
+        assertFalse(instance.isValidInteger("test", "", -10, 10, false));
+        //testing improper range
+        assertFalse(instance.isValidInteger("test", "50", 10, -10, false));
+        //testing non-integers
+        assertFalse(instance.isValidInteger("test", "4.3214", -10, 10, true));
+        assertFalse(instance.isValidInteger("test", "-1.65", -10, 10, true));
+        //other testing
+        assertTrue(instance.isValidInteger("test", "4", 1, 10, false));
+        assertTrue(instance.isValidInteger("test", "400", 1, 10000, false));
+        assertTrue(instance.isValidInteger("test", "400000000", 1, 400000000, false));
+        assertFalse(instance.isValidInteger("test", "4000000000000", 1, 10000, false));
+        assertFalse(instance.isValidInteger("test", "alsdkf", 10, 10000, false));
+        assertFalse(instance.isValidInteger("test", "--10", 10, 10000, false));
+        assertFalse(instance.isValidInteger("test", "14.1414234x", 10, 10000, false));
+        assertFalse(instance.isValidInteger("test", "Infinity", 10, 10000, false));
+        assertFalse(instance.isValidInteger("test", "-Infinity", 10, 10000, false));
+        assertFalse(instance.isValidInteger("test", "NaN", 10, 10000, false));
+        assertFalse(instance.isValidInteger("test", "-NaN", 10, 10000, false));
+        assertFalse(instance.isValidInteger("test", "+NaN", 10, 10000, false));
+        assertFalse(instance.isValidInteger("test", "1e-6", -999999999, 999999999, false));
+        assertFalse(instance.isValidInteger("test", "-1e-6", -999999999, 999999999, false));
+
+        ValidationErrorList errors = new ValidationErrorList();
+        //testing negative range
+        assertFalse(instance.isValidInteger("test1", "-4", 1, 10, false, errors));
+        assertTrue(errors.size() == 1);
+        assertTrue(instance.isValidInteger("test2", "-4", -10, 10, false, errors));
+        assertTrue(errors.size() == 1);
+        //testing null value
+        assertTrue(instance.isValidInteger("test3", null, -10, 10, true, errors));
+        assertTrue(errors.size() == 1);
+        assertFalse(instance.isValidInteger("test4", null, -10, 10, false, errors));
+        assertTrue(errors.size() == 2);
+        //testing empty string
+        assertTrue(instance.isValidInteger("test5", "", -10, 10, true, errors));
+        assertTrue(errors.size() == 2);
+        assertFalse(instance.isValidInteger("test6", "", -10, 10, false, errors));
+        assertTrue(errors.size() == 3);
+        //testing improper range
+        assertFalse(instance.isValidInteger("test7", "50", 10, -10, false, errors));
+        assertTrue(errors.size() == 4);
+        //testing non-integers
+        assertFalse(instance.isValidInteger("test8", "4.3214", -10, 10, true, errors));
+        assertTrue(errors.size() == 5);
+        assertFalse(instance.isValidInteger("test9", "-1.65", -10, 10, true, errors));
+        assertTrue(errors.size() == 6);
+        //other testing
+        assertTrue(instance.isValidInteger("test10", "4", 1, 10, false, errors));
+        assertTrue(errors.size() == 6);
+        assertTrue(instance.isValidInteger("test11", "400", 1, 10000, false, errors));
+        assertTrue(errors.size() == 6);
+        assertTrue(instance.isValidInteger("test12", "400000000", 1, 400000000, false, errors));
+        assertTrue(errors.size() == 6);
+        assertFalse(instance.isValidInteger("test13", "4000000000000", 1, 10000, false, errors));
+        assertTrue(errors.size() == 7);
+        assertFalse(instance.isValidInteger("test14", "alsdkf", 10, 10000, false, errors));
+        assertTrue(errors.size() == 8);
+        assertFalse(instance.isValidInteger("test15", "--10", 10, 10000, false, errors));
+        assertTrue(errors.size() == 9);
+        assertFalse(instance.isValidInteger("test16", "14.1414234x", 10, 10000, false, errors));
+        assertTrue(errors.size() == 10);
+        assertFalse(instance.isValidInteger("test17", "Infinity", 10, 10000, false, errors));
+        assertTrue(errors.size() == 11);
+        assertFalse(instance.isValidInteger("test18", "-Infinity", 10, 10000, false, errors));
+        assertTrue(errors.size() == 12);
+        assertFalse(instance.isValidInteger("test19", "NaN", 10, 10000, false, errors));
+        assertTrue(errors.size() == 13);
+        assertFalse(instance.isValidInteger("test20", "-NaN", 10, 10000, false, errors));
+        assertTrue(errors.size() == 14);
+        assertFalse(instance.isValidInteger("test21", "+NaN", 10, 10000, false, errors));
+        assertTrue(errors.size() == 15);
+        assertFalse(instance.isValidInteger("test22", "1e-6", -999999999, 999999999, false, errors));
+        assertTrue(errors.size() == 16);
+        assertFalse(instance.isValidInteger("test23", "-1e-6", -999999999, 999999999, false, errors));
+        assertTrue(errors.size() == 17);
+
+    }
+
+    public void testIsValidListItem() {
+        System.out.println("isValidListItem");
+        Validator instance = ESAPI.validator();
+        List list = new ArrayList();
+        list.add("one");
+        list.add("two");
+        assertTrue(instance.isValidListItem("test", "one", list));
+        assertFalse(instance.isValidListItem("test", "three", list));
+
+        ValidationErrorList errors = new ValidationErrorList();
+        assertTrue(instance.isValidListItem("test1", "one", list, errors));
+        assertTrue(errors.size()==0);
+        assertFalse(instance.isValidListItem("test2", "three", list, errors));
+        assertTrue(errors.size()==1);
+    }
+
+    public void testIsValidNumber() {
+        System.out.println("isValidNumber");
+        Validator instance = ESAPI.validator();
+        //testing negative range
+        assertFalse(instance.isValidNumber("test", "-4", 1, 10, false));
+        assertTrue(instance.isValidNumber("test", "-4", -10, 10, false));
+        //testing null value
+        assertTrue(instance.isValidNumber("test", null, -10, 10, true));
+        assertFalse(instance.isValidNumber("test", null, -10, 10, false));
+        //testing empty string
+        assertTrue(instance.isValidNumber("test", "", -10, 10, true));
+        assertFalse(instance.isValidNumber("test", "", -10, 10, false));
+        //testing improper range
+        assertFalse(instance.isValidNumber("test", "5", 10, -10, false));
+        //testing non-integers
+        assertTrue(instance.isValidNumber("test", "4.3214", -10, 10, true));
+        assertTrue(instance.isValidNumber("test", "-1.65", -10, 10, true));
+        //other testing
+        assertTrue(instance.isValidNumber("test", "4", 1, 10, false));
+        assertTrue(instance.isValidNumber("test", "400", 1, 10000, false));
+        assertTrue(instance.isValidNumber("test", "400000000", 1, 400000000, false));
+        assertFalse(instance.isValidNumber("test", "4000000000000", 1, 10000, false));
+        assertFalse(instance.isValidNumber("test", "alsdkf", 10, 10000, false));
+        assertFalse(instance.isValidNumber("test", "--10", 10, 10000, false));
+        assertFalse(instance.isValidNumber("test", "14.1414234x", 10, 10000, false));
+        assertFalse(instance.isValidNumber("test", "Infinity", 10, 10000, false));
+        assertFalse(instance.isValidNumber("test", "-Infinity", 10, 10000, false));
+        assertFalse(instance.isValidNumber("test", "NaN", 10, 10000, false));
+        assertFalse(instance.isValidNumber("test", "-NaN", 10, 10000, false));
+        assertFalse(instance.isValidNumber("test", "+NaN", 10, 10000, false));
+        assertTrue(instance.isValidNumber("test", "1e-6", -999999999, 999999999, false));
+        assertTrue(instance.isValidNumber("test", "-1e-6", -999999999, 999999999, false));
+
+        ValidationErrorList errors = new ValidationErrorList();
+      //testing negative range
+        assertFalse(instance.isValidNumber("test1", "-4", 1, 10, false, errors));
+        assertTrue(errors.size()==1);
+        assertTrue(instance.isValidNumber("test2", "-4", -10, 10, false, errors));
+        assertTrue(errors.size()==1);
+        //testing null value
+        assertTrue(instance.isValidNumber("test3", null, -10, 10, true, errors));
+        assertTrue(errors.size()==1);
+        assertFalse(instance.isValidNumber("test4", null, -10, 10, false, errors));
+        assertTrue(errors.size()==2);
+        //testing empty string
+        assertTrue(instance.isValidNumber("test5", "", -10, 10, true, errors));
+        assertTrue(errors.size()==2);
+        assertFalse(instance.isValidNumber("test6", "", -10, 10, false, errors));
+        assertTrue(errors.size()==3);
+        //testing improper range
+        assertFalse(instance.isValidNumber("test7", "5", 10, -10, false, errors));
+        assertTrue(errors.size()==4);
+        //testing non-integers
+        assertTrue(instance.isValidNumber("test8", "4.3214", -10, 10, true, errors));
+        assertTrue(errors.size()==4);
+        assertTrue(instance.isValidNumber("test9", "-1.65", -10, 10, true, errors));
+        assertTrue(errors.size()==4);
+        //other testing
+        assertTrue(instance.isValidNumber("test10", "4", 1, 10, false, errors));
+        assertTrue(errors.size()==4);
+        assertTrue(instance.isValidNumber("test11", "400", 1, 10000, false, errors));
+        assertTrue(errors.size()==4);
+        assertTrue(instance.isValidNumber("test12", "400000000", 1, 400000000, false, errors));
+        assertTrue(errors.size()==4);
+        assertFalse(instance.isValidNumber("test13", "4000000000000", 1, 10000, false, errors));
+        assertTrue(errors.size()==5);
+        assertFalse(instance.isValidNumber("test14", "alsdkf", 10, 10000, false, errors));
+        assertTrue(errors.size()==6);
+        assertFalse(instance.isValidNumber("test15", "--10", 10, 10000, false, errors));
+        assertTrue(errors.size()==7);
+        assertFalse(instance.isValidNumber("test16", "14.1414234x", 10, 10000, false, errors));
+        assertTrue(errors.size()==8);
+        assertFalse(instance.isValidNumber("test17", "Infinity", 10, 10000, false, errors));
+        assertTrue(errors.size()==9);
+        assertFalse(instance.isValidNumber("test18", "-Infinity", 10, 10000, false, errors));
+        assertTrue(errors.size()==10);
+        assertFalse(instance.isValidNumber("test19", "NaN", 10, 10000, false, errors));
+        assertTrue(errors.size()==11);
+        assertFalse(instance.isValidNumber("test20", "-NaN", 10, 10000, false, errors));
+        assertTrue(errors.size()==12);
+        assertFalse(instance.isValidNumber("test21", "+NaN", 10, 10000, false, errors));
+        assertTrue(errors.size()==13);
+        assertTrue(instance.isValidNumber("test22", "1e-6", -999999999, 999999999, false, errors));
+        assertTrue(errors.size()==13);
+        assertTrue(instance.isValidNumber("test23", "-1e-6", -999999999, 999999999, false, errors));
+        assertTrue(errors.size()==13);
+    }
+
+    public void testIsValidParameterSet() {
+        System.out.println("isValidParameterSet");
+        Set requiredNames = new HashSet();
+        requiredNames.add("p1");
+        requiredNames.add("p2");
+        requiredNames.add("p3");
+        Set optionalNames = new HashSet();
+        optionalNames.add("p4");
+        optionalNames.add("p5");
+        optionalNames.add("p6");
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        MockHttpServletResponse response = new MockHttpServletResponse();
+        request.addParameter("p1", "value");
+        request.addParameter("p2", "value");
+        request.addParameter("p3", "value");
+        ESAPI.httpUtilities().setCurrentHTTP(request, response);
+        Validator instance = ESAPI.validator();
+        ValidationErrorList errors = new ValidationErrorList();
+        assertTrue(instance.isValidHTTPRequestParameterSet("HTTPParameters", request, requiredNames, optionalNames));
+        assertTrue(instance.isValidHTTPRequestParameterSet("HTTPParameters", request, requiredNames, optionalNames,errors));
+        assertTrue(errors.size()==0);
+        request.addParameter("p4", "value");
+        request.addParameter("p5", "value");
+        request.addParameter("p6", "value");
+        assertTrue(instance.isValidHTTPRequestParameterSet("HTTPParameters", request, requiredNames, optionalNames));
+        assertTrue(instance.isValidHTTPRequestParameterSet("HTTPParameters", request, requiredNames, optionalNames, errors));
+        assertTrue(errors.size()==0);
+        request.removeParameter("p1");
+        assertFalse(instance.isValidHTTPRequestParameterSet("HTTPParameters", request, requiredNames, optionalNames));
+        assertFalse(instance.isValidHTTPRequestParameterSet("HTTPParameters", request, requiredNames, optionalNames, errors));
+        assertTrue(errors.size() ==1);
+    }
+
+    public void testIsValidPrintable() {
+        System.out.println("isValidPrintable");
+        Validator instance = ESAPI.validator();
+        assertTrue(instance.isValidPrintable("name", "abcDEF", 100, false));
+        assertTrue(instance.isValidPrintable("name", "!@#R()*$;><()", 100, false));
+        char[] chars = {0x60, (char) 0xFF, 0x10, 0x25};
+        assertFalse(instance.isValidPrintable("name", chars, 100, false));
+        assertFalse(instance.isValidPrintable("name", "%08", 100, false));
+
+        ValidationErrorList errors = new ValidationErrorList();
+        assertTrue(instance.isValidPrintable("name1", "abcDEF", 100, false, errors));
+        assertTrue(errors.size()==0);
+        assertTrue(instance.isValidPrintable("name2", "!@#R()*$;><()", 100, false, errors));
+        assertTrue(errors.size()==0);
+        assertFalse(instance.isValidPrintable("name3", chars, 100, false, errors));
+        assertTrue(errors.size()==1);
+        assertFalse(instance.isValidPrintable("name4", "%08", 100, false, errors));
+        assertTrue(errors.size()==2);
+
+    }
+
+    public void testIsValidRedirectLocation() {
+        //		isValidRedirectLocation(String, String, boolean)
+    }
+
+    public void testIsValidSafeHTML() {
+        System.out.println("isValidSafeHTML");
+        Validator instance = ESAPI.validator();
+
+        assertTrue(instance.isValidSafeHTML("test", "<b>Jeff</b>", 100, false));
+        assertTrue(instance.isValidSafeHTML("test", "<a href=\"http://www.aspectsecurity.com\">Aspect Security</a>", 100, false));
+        assertTrue(instance.isValidSafeHTML("test", "Test. <script>alert(document.cookie)</script>", 100, false));
+        assertTrue(instance.isValidSafeHTML("test", "Test. <div style={xss:expression(xss)}>", 100, false));
+        assertTrue(instance.isValidSafeHTML("test", "Test. <s%00cript>alert(document.cookie)</script>", 100, false));
+        assertTrue(instance.isValidSafeHTML("test", "Test. <s\tcript>alert(document.cookie)</script>", 100, false));
+        assertTrue(instance.isValidSafeHTML("test", "Test. <s\r\n\0cript>alert(document.cookie)</script>", 100, false));
+
+        // TODO: waiting for a way to validate text headed for an attribute for scripts
+        // This would be nice to catch, but just looks like text to AntiSamy
+        // assertFalse(instance.isValidSafeHTML("test", "\" onload=\"alert(document.cookie)\" "));
+        ValidationErrorList errors = new ValidationErrorList();
+        assertTrue(instance.isValidSafeHTML("test1", "<b>Jeff</b>", 100, false, errors));
+        assertTrue(instance.isValidSafeHTML("test2", "<a href=\"http://www.aspectsecurity.com\">Aspect Security</a>", 100, false, errors));
+        assertTrue(instance.isValidSafeHTML("test3", "Test. <script>alert(document.cookie)</script>", 100, false, errors));
+        assertTrue(instance.isValidSafeHTML("test4", "Test. <div style={xss:expression(xss)}>", 100, false, errors));
+        assertTrue(instance.isValidSafeHTML("test5", "Test. <s%00cript>alert(document.cookie)</script>", 100, false, errors));
+        assertTrue(instance.isValidSafeHTML("test6", "Test. <s\tcript>alert(document.cookie)</script>", 100, false, errors));
+        assertTrue(instance.isValidSafeHTML("test7", "Test. <s\r\n\0cript>alert(document.cookie)</script>", 100, false, errors));
+        assertTrue(errors.size() == 0);
+
+    }
+
+    public void testSafeReadLine() {
+        System.out.println("safeReadLine");
+
+        byte[] bytes = null;
+        try {
+            bytes = "testString".getBytes(PREFERRED_ENCODING);
+        }
+        catch (UnsupportedEncodingException e1) {
+            fail(PREFERRED_ENCODING + " not a supported encoding?!?!!!");
+        }
+        ByteArrayInputStream s = new ByteArrayInputStream(bytes);
+        Validator instance = ESAPI.validator();
+        try {
+            instance.safeReadLine(s, -1);
+            fail();
+        }
+        catch (ValidationException e) {
+            // Expected
+        }
+        s.reset();
+        try {
+            instance.safeReadLine(s, 4);
+            fail();
+        }
+        catch (ValidationException e) {
+            // Expected
+        }
+        s.reset();
+        try {
+            String u = instance.safeReadLine(s, 20);
+            assertEquals("testString", u);
+        }
+        catch (ValidationException e) {
+            fail();
+        }
+
+        // This sub-test attempts to validate that BufferedReader.readLine() and safeReadLine() are similar in operation
+        // for the nominal case
+        try {
+            s.reset();
+            InputStreamReader isr = new InputStreamReader(s);
+            BufferedReader br = new BufferedReader(isr);
+            String u = br.readLine();
+            s.reset();
+            String v = instance.safeReadLine(s, 20);
+            assertEquals(u, v);
+        }
+        catch (IOException e) {
+            fail();
+        }
+        catch (ValidationException e) {
+            fail();
+        }
+    }
+
+    public void testIssue82_SafeString_Bad_Regex() {
+        Validator instance = ESAPI.validator();
+        try {
+            instance.getValidInput("address", "55 main st. pasadena ak", "SafeString", 512, false);
+        }
+        catch (ValidationException e) {
+            fail(e.getLogMessage());
+        }
+    }
+
+    public void testGetParameterMap() {
+//testing Validator.HTTPParameterName and Validator.HTTPParameterValue
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        SecurityWrapperRequest safeRequest = new SecurityWrapperRequest(request);
+//an example of a parameter from displaytag, should pass
+        request.addParameter("d-49653-p", "pass");
+        request.addParameter("<img ", "fail");
+        request.addParameter(generateStringOfLength(32), "pass");
+        request.addParameter(generateStringOfLength(33), "fail");
+        assertEquals(safeRequest.getParameterMap().size(), 2);
+        assertNull(safeRequest.getParameterMap().get("<img"));
+        assertNull(safeRequest.getParameterMap().get(generateStringOfLength(33)));
+    }
+
+    public void testGetParameterNames() {
+//testing Validator.HTTPParameterName
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        SecurityWrapperRequest safeRequest = new SecurityWrapperRequest(request);
+//an example of a parameter from displaytag, should pass
+        request.addParameter("d-49653-p", "pass");
+        request.addParameter("<img ", "fail");
+        request.addParameter(generateStringOfLength(32), "pass");
+        request.addParameter(generateStringOfLength(33), "fail");
+        assertEquals(Collections.list(safeRequest.getParameterNames()).size(), 2);
+    }
+
+    public void testGetParameter() {
+//testing Validator.HTTPParameterValue
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        SecurityWrapperRequest safeRequest = new SecurityWrapperRequest(request);
+        request.addParameter("p1", "Alice");
+        request.addParameter("p2", "bob@alice.com");//mail-address from a submit-form
+        request.addParameter("p3", ESAPI.authenticator().generateStrongPassword());
+        request.addParameter("p4", new String(EncoderConstants.CHAR_PASSWORD_SPECIALS));
+        //TODO - I think this should fair request.addParameter("p5", "�������?����"); //some special characters from european languages;
+        request.addParameter("f1", "<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>");
+        request.addParameter("f2", "<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>");
+        request.addParameter("f3", "<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>");
+        for (int i = 1; i <= 4; i++) {
+            assertTrue(safeRequest.getParameter("p" + i).equals(request.getParameter("p" + i)));
+        }
+        for (int i = 1; i <= 2; i++) {
+        	boolean testResult = false;
+        	try {
+        		testResult = safeRequest.getParameter("f" + i).equals(request.getParameter("f" + i));
+        	} catch (NullPointerException npe) {
+        		//the test is this block SHOULD fail. a NPE is an acceptable failure state
+        		testResult = false; //redundant, just being descriptive here
+        	}
+        	assertFalse(testResult);
+        }
+        assertNull(safeRequest.getParameter("e1"));
+
+        //This is revealing problems with Jeff's original SafeRequest
+        //mishandling of the AllowNull parameter. I'm adding a new Google code
+        //bug to track this.
+        //
+        //assertNotNull(safeRequest.getParameter("e1", false));
+    }
+
+    public void testGetCookies() {
+//testing Validator.HTTPCookieName and Validator.HTTPCookieValue
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        SecurityWrapperRequest safeRequest = new SecurityWrapperRequest(request);
+//should support a base64-encode value
+        request.setCookie("p1", "34=VJhjv7jiDu7tsdLrQQ2KcUwpfWUM2_mBae6UA8ttk4wBHdxxQ-1IBxyCOn3LWE08SDhpnBcJ7N5Vze48F2t8a1R_hXt7PX1BvgTM0pn-T4JkqGTm_tlmV4RmU3GT-dgn");
+        request.setCookie("f1", "<A HREF=\"http://66.102.7.147/\">XSS</A>");
+        request.setCookie("load-balancing", "pass");
+        request.setCookie("'bypass", "fail");
+        Cookie[] cookies = safeRequest.getCookies();
+        assertEquals(cookies[0].getValue(), request.getCookies()[0].getValue());
+        assertEquals(cookies[1].getName(), request.getCookies()[2].getName());
+        assertTrue(cookies.length == 2);
+    }
+
+    public void testGetHeader() {
+//testing Validator.HTTPHeaderValue
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        SecurityWrapperRequest safeRequest = new SecurityWrapperRequest(request);
+        request.addHeader("p1", "login");
+        request.addHeader("f1", "<A HREF=\"http://0x42.0x0000066.0x7.0x93/\">XSS</A>");
+        request.addHeader("p2", generateStringOfLength(150));
+        request.addHeader("f2", generateStringOfLength(151));
+        assertEquals(safeRequest.getHeader("p1"), request.getHeader("p1"));
+        assertEquals(safeRequest.getHeader("p2"), request.getHeader("p2"));
+        assertFalse(safeRequest.getHeader("f1").equals(request.getHeader("f1")));
+        assertFalse(safeRequest.getHeader("f2").equals(request.getHeader("f2")));
+        assertNull(safeRequest.getHeader("p3"));
+    }
+
+    public void testGetHeaderNames() {
+//testing Validator.HTTPHeaderName
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        SecurityWrapperRequest safeRequest = new SecurityWrapperRequest(request);
+        request.addHeader("d-49653-p", "pass");
+        request.addHeader("<img ", "fail");
+        request.addHeader(generateStringOfLength(32), "pass");
+        request.addHeader(generateStringOfLength(33), "fail");
+        assertEquals(Collections.list(safeRequest.getHeaderNames()).size(), 2);
+    }
+
+    public void testGetQueryString() {
+//testing Validator.HTTPQueryString
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        SecurityWrapperRequest safeRequest = new SecurityWrapperRequest(request);
+        request.setQueryString("mail=bob@alice.com&passwd=" + new String(EncoderConstants.CHAR_PASSWORD_SPECIALS));// TODO, fix this + "&special=�����");
+        assertEquals(safeRequest.getQueryString(), request.getQueryString());
+        request.setQueryString("mail=<IMG SRC=\"jav\tascript:alert('XSS');\">");
+        assertFalse(safeRequest.getQueryString().equals(request.getQueryString()));
+        request.setQueryString("mail=bob@alice.com-passwd=johny");
+        assertTrue(safeRequest.getQueryString().equals(request.getQueryString()));
+        request.setQueryString("mail=bob@alice.com-passwd=johny&special"); //= is missing!
+        assertFalse(safeRequest.getQueryString().equals(request.getQueryString()));
+    }
+
+    public void testGetRequestURI() {
+//testing Validator.HTTPURI
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        SecurityWrapperRequest safeRequest = new SecurityWrapperRequest(request);
+        try {
+            request.setRequestURI("/app/page.jsp");
+        } catch (UnsupportedEncodingException ignored) {
+        }
+        assertEquals(safeRequest.getRequestURI(), request.getRequestURI());
+    }
+
+    private String generateStringOfLength(int length) {
+        StringBuilder longString = new StringBuilder();
+        for (int i = 0; i < length; i++) {
+            longString.append("a");
+        }
+        return longString.toString();
+    }
+
+    public void testGetContextPath() {
+        // Root Context Path ("")
+        assertTrue(ESAPI.validator().isValidInput("HTTPContextPath", "", "HTTPContextPath", 512, true));
+        // Deployed Context Path ("/context")
+        assertTrue(ESAPI.validator().isValidInput("HTTPContextPath", "/context", "HTTPContextPath", 512, true));
+        // Fail-case - URL Splitting
+        assertFalse(ESAPI.validator().isValidInput("HTTPContextPath", "/\\nGET http://evil.com", "HTTPContextPath", 512, true));
+    }
+}

From 7b50eb7794827e4d08b0df89cd6b3055a84a3d2c Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Wed, 30 Dec 2015 00:42:39 -0500
Subject: [PATCH 058/812] Specified minimum version # of 3.0 for Maven based on
 this error message:     [ERROR] Project does not define required minimum
 version of Maven.     [ERROR] Update the pom.xml to contain     [ERROR]    
 <prerequisites>     [ERROR]       <maven>3.0</maven>     [ERROR]    
 </prerequisites>

---
 pom.xml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/pom.xml b/pom.xml
index 89c9b250d..8ef61a99f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -6,6 +6,10 @@
     <version>2.1.1-SNAPSHOT</version>
     <packaging>jar</packaging>
 
+    <prerequisites>
+        <maven>3.0</maven>
+    </prerequisites>
+
     <parent>
         <groupId>org.sonatype.oss</groupId>
         <artifactId>oss-parent</artifactId>

From ffe93c79ed386f70d4c0c06acfac5c41e19e1bac Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Wed, 30 Dec 2015 00:45:03 -0500
Subject: [PATCH 059/812] Added protected CTORs taking (String userMessage) and
 (String userMessage, Throwable cause) arguments so that classes (e.g., such
 as IntrusionException) could sub-class these classes without compilation
 errors.

---
 .../errors/EnterpriseSecurityException.java   | 28 +++++++++++++++++-
 .../EnterpriseSecurityRuntimeException.java   | 29 ++++++++++++++++++-
 2 files changed, 55 insertions(+), 2 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/errors/EnterpriseSecurityException.java b/src/main/java/org/owasp/esapi/errors/EnterpriseSecurityException.java
index a09df2c41..8c6d46114 100644
--- a/src/main/java/org/owasp/esapi/errors/EnterpriseSecurityException.java
+++ b/src/main/java/org/owasp/esapi/errors/EnterpriseSecurityException.java
@@ -48,12 +48,38 @@ public class EnterpriseSecurityException extends Exception {
     protected String logMessage = null;
 
     /**
-     * Instantiates a new security exception.
+     * Instantiates a new enterprise security exception.
      */
     protected EnterpriseSecurityException() {
         // hidden
     }
 
+    /**
+     * Instantiates a new enterprise security exception with a user message.
+     * (Needed by anything which subclasses this.)
+     *
+     * @param userMessage Message displayed to user.
+     */
+     protected EnterpriseSecurityException(String userMessage) {
+        // hidden
+        super(userMessage);
+     }
+
+    /**
+     * Instantiates a new enterprise security exception with a user message
+     * and cause. (Needed by anything which subclasses this.)
+     *
+     * @param userMessage Message displayed to user.
+     * @param cause The cause (which is saved for later retrieval by the
+     * getCause() method). (A null value is permitted, and indicates that the
+     * cause is nonexistent or unknown.)
+     */
+     protected EnterpriseSecurityException(String userMessage, Throwable cause)
+     {
+        // hidden
+        super(userMessage, cause);
+     }
+
     /**
      * Creates a new instance of EnterpriseSecurityException. This exception is automatically logged, so that simply by
      * using this API, applications will generate an extensive security log. In addition, this exception is
diff --git a/src/main/java/org/owasp/esapi/errors/EnterpriseSecurityRuntimeException.java b/src/main/java/org/owasp/esapi/errors/EnterpriseSecurityRuntimeException.java
index 5f746f4b6..6dab2a54c 100644
--- a/src/main/java/org/owasp/esapi/errors/EnterpriseSecurityRuntimeException.java
+++ b/src/main/java/org/owasp/esapi/errors/EnterpriseSecurityRuntimeException.java
@@ -50,12 +50,39 @@ public class EnterpriseSecurityRuntimeException extends java.lang.RuntimeExcepti
     protected String logMessage = null;
 
     /**
-     * Instantiates a new security exception.
+     * Instantiates a new enterprise security runtime exception.
      */
     protected EnterpriseSecurityRuntimeException() {
         // hidden
     }
 
+    /**
+     * Instantiates a new enterprise security runtime exception with a user
+     * message. (Needed by anything which subclasses this.)
+     *
+     * @param userMessage Message displayed to user.
+     */
+    protected EnterpriseSecurityRuntimeException(String userMessage) {
+        super(userMessage);
+    }
+
+    /**
+     * Instantiates a new enterprise security runtime exception with a
+     * user message and cause. (Needed by anything which subclasses this.)
+     *
+     * @param userMessage Message displayed to user.
+     * @param cause The cause (which is saved for later retrieval by the
+     * getCause() method). (A null value is permitted, and indicates that the
+     * cause is nonexistent or unknown.)
+     */
+    protected EnterpriseSecurityRuntimeException(String userMessage,
+                                                  Throwable cause)
+    {
+        // hidden
+        super(userMessage, cause);
+    }
+
+
     /**
      * Creates a new instance of EnterpriseSecurityException. This exception is automatically logged, so that simply by
      * using this API, applications will generate an extensive security log. In addition, this exception is

From cd9d412fe51bf0a2826fdbc0abfdce23faf2fffe Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Wed, 30 Dec 2015 00:50:27 -0500
Subject: [PATCH 060/812] To properly fix Google Issue #212 (i.e., GitHub issue
 #229), IntrusionException needed to subclass
 EnterpriseSecurityRuntimeException, not EnterpriseSecurityException.

---
 src/main/java/org/owasp/esapi/errors/IntrusionException.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/org/owasp/esapi/errors/IntrusionException.java b/src/main/java/org/owasp/esapi/errors/IntrusionException.java
index 6332f297b..718f8a7c3 100644
--- a/src/main/java/org/owasp/esapi/errors/IntrusionException.java
+++ b/src/main/java/org/owasp/esapi/errors/IntrusionException.java
@@ -28,7 +28,7 @@
  * 
  * @author Jeff Williams (jeff.williams@aspectsecurity.com)
  */
-public class IntrusionException extends EnterpriseSecurityException {
+public class IntrusionException extends EnterpriseSecurityRuntimeException {
 
     /** The Constant serialVersionUID. */
     private static final long serialVersionUID = 1L;

From c644f320d1d0f2bad11340845bf55d7747025200 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Thu, 31 Dec 2015 01:00:27 -0500
Subject: [PATCH 061/812]                     Changes being committed:

Modified files:

pom.xml
    Updated to newer version of dependency-check and some 3rd party
    jars have been updated.
src/main/java/org/owasp/esapi/HTTPUtilities.java
    Javadoc updated.
src/main/java/org/owasp/esapi/SecurityConfiguration.java
    Changed to extend the new EsapiPropertyLoader class. Deprecated many
    methods in favor of the new API to that the interface is not so bloated.
src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java
    Minor changes to import statements and sendRedirect(HttpServletResponse,String) method.
src/test/java/org/owasp/esapi/SecurityConfigurationWrapper.java
    Implements the 4 new methods (getIntProp(), getByteArrayProp(), etc.) from EsapiPropertyLoader interface.
src/test/java/org/owasp/esapi/reference/ValidatorTest.java
    Cleanup of import statements.
src/test/java/org/owasp/esapi/reference/HTTPUtilitiesTest.java
    Cleanup of import statements.

========================
New files:

documentation/ESAPI-configuration-user-guide.md
    User documentation for new configuration features.

src/main/java/org/owasp/esapi/configuration/AbstractPrioritizedPropertyLoader.java
src/main/java/org/owasp/esapi/configuration/EsapiPropertyLoader.java
src/main/java/org/owasp/esapi/configuration/EsapiPropertyLoaderFactory.java
src/main/java/org/owasp/esapi/configuration/EsapiPropertyManager.java
src/main/java/org/owasp/esapi/configuration/StandardEsapiPropertyLoader.java
src/main/java/org/owasp/esapi/configuration/XmlEsapiPropertyLoader.java
src/main/java/org/owasp/esapi/configuration/consts/EsapiConfiguration.java
src/main/java/org/owasp/esapi/configuration/consts/EsapiConfigurationType.java
src/main/resources/ESAPI-properties.xsd
src/test/java/org/owasp/esapi/configuration/EsapiPropertyManagerTest.java
src/test/java/org/owasp/esapi/configuration/StandardEsapiPropertyLoaderTest.java
src/test/java/org/owasp/esapi/configuration/XmlEsapiPropertyLoaderTest.java
src/test/resources/ESAPI-properties.xsd
src/test/resources/esapi/ESAPI-test-2.properties
src/test/resources/esapi/ESAPI-test-2.xml
src/test/resources/esapi/ESAPI-test-invalid-content.xml
src/test/resources/esapi/ESAPI-test.properties
src/test/resources/esapi/ESAPI-test.xml
    Files used in implementing or testing new configuration properties.
---
 .../ESAPI-configuration-user-guide.md         | 138 ++++++++
 pom.xml                                       |  10 +-
 .../java/org/owasp/esapi/HTTPUtilities.java   |   1 -
 .../owasp/esapi/SecurityConfiguration.java    | 132 ++++++-
 .../AbstractPrioritizedPropertyLoader.java    |  62 ++++
 .../configuration/EsapiPropertyLoader.java    |  43 +++
 .../EsapiPropertyLoaderFactory.java           |  36 ++
 .../configuration/EsapiPropertyManager.java   |  99 ++++++
 .../StandardEsapiPropertyLoader.java          | 105 ++++++
 .../configuration/XmlEsapiPropertyLoader.java | 134 +++++++
 .../consts/EsapiConfiguration.java            |  33 ++
 .../consts/EsapiConfigurationType.java        |  19 +
 .../esapi/reference/DefaultHTTPUtilities.java |   5 +-
 .../DefaultSecurityConfiguration.java         | 130 +++++--
 src/main/resources/ESAPI-properties.xsd       |  17 +
 .../esapi/SecurityConfigurationWrapper.java   |  22 ++
 .../EsapiPropertyManagerTest.java             | 327 ++++++++++++++++++
 .../StandardEsapiPropertyLoaderTest.java      | 268 ++++++++++++++
 .../XmlEsapiPropertyLoaderTest.java           | 269 ++++++++++++++
 .../esapi/reference/HTTPUtilitiesTest.java    |  14 +-
 .../owasp/esapi/reference/ValidatorTest.java  |  17 +-
 src/test/resources/ESAPI-properties.xsd       |  17 +
 .../resources/esapi/ESAPI-test-2.properties   |   5 +
 src/test/resources/esapi/ESAPI-test-2.xml     |   6 +
 .../esapi/ESAPI-test-invalid-content.xml      |   7 +
 .../resources/esapi/ESAPI-test.properties     |   8 +
 src/test/resources/esapi/ESAPI-test.xml       |  10 +
 27 files changed, 1875 insertions(+), 59 deletions(-)
 create mode 100644 documentation/ESAPI-configuration-user-guide.md
 create mode 100644 src/main/java/org/owasp/esapi/configuration/AbstractPrioritizedPropertyLoader.java
 create mode 100644 src/main/java/org/owasp/esapi/configuration/EsapiPropertyLoader.java
 create mode 100644 src/main/java/org/owasp/esapi/configuration/EsapiPropertyLoaderFactory.java
 create mode 100644 src/main/java/org/owasp/esapi/configuration/EsapiPropertyManager.java
 create mode 100644 src/main/java/org/owasp/esapi/configuration/StandardEsapiPropertyLoader.java
 create mode 100644 src/main/java/org/owasp/esapi/configuration/XmlEsapiPropertyLoader.java
 create mode 100644 src/main/java/org/owasp/esapi/configuration/consts/EsapiConfiguration.java
 create mode 100644 src/main/java/org/owasp/esapi/configuration/consts/EsapiConfigurationType.java
 create mode 100644 src/main/resources/ESAPI-properties.xsd
 create mode 100644 src/test/java/org/owasp/esapi/configuration/EsapiPropertyManagerTest.java
 create mode 100644 src/test/java/org/owasp/esapi/configuration/StandardEsapiPropertyLoaderTest.java
 create mode 100644 src/test/java/org/owasp/esapi/configuration/XmlEsapiPropertyLoaderTest.java
 create mode 100644 src/test/resources/ESAPI-properties.xsd
 create mode 100644 src/test/resources/esapi/ESAPI-test-2.properties
 create mode 100644 src/test/resources/esapi/ESAPI-test-2.xml
 create mode 100644 src/test/resources/esapi/ESAPI-test-invalid-content.xml
 create mode 100644 src/test/resources/esapi/ESAPI-test.properties
 create mode 100644 src/test/resources/esapi/ESAPI-test.xml

diff --git a/documentation/ESAPI-configuration-user-guide.md b/documentation/ESAPI-configuration-user-guide.md
new file mode 100644
index 000000000..72694bb05
--- /dev/null
+++ b/documentation/ESAPI-configuration-user-guide.md
@@ -0,0 +1,138 @@
+# ESAPI security configuration API enhancements - user guide
+
+## Motivation
+High number of open Google Issues against security configuration component
+highlighted problem with ESAPI configuration. Moreover, the rules for how and
+where the ESAPI.properties file is found are overly complicated making questions
+about it one of the most frequently asked questions.
+
+The ESAPI interface for its configuration (SecurityConfiguration) is overly
+complicated; it has a 'getter' method specific to almost every ESAPI
+configuration property. This complication leads to a unduly intricate,
+non-modular reference implementation (DefaultSecurityConfiguration) that makes
+it difficult to extend in terms of new functionality; e.g., when desiring to
+introduce a new ESAPI property name in ESAPI.properties.
+
+A new, simpler security configuration interface and implementation is needed.
+Such an implementation would not only be useful for ESAPI 2.x, but could very
+well be used to build the configurator needed by ESAPI 3.
+
+This document describes following changes to ESAPI security API:
+
+1. API simplification
+2. XML configuration support.
+3. Multiple configuration files support.
+
+## API simplification
+
+New interface is introduced: EsapiPropertyLoader, which contains four general
+methods for extraction of configuration properties:
+
+```
+public int getIntProp(String propertyName) throws ConfigurationException;
+public byte[] getByteArrayProp(String propertyName) throws ConfigurationException;
+public Boolean getBooleanProp(String propertyName) throws ConfigurationException;
+public String getStringProp(String propertyName) throws ConfigurationException;
+```
+
+SecurityConfiguration interface is extended with this new contract. Old methods
+have been deprecated as a result, in favor of these new methods. (TBD how long
+until these deprecated methods are removed, but it will be a minumum of 2 years
+or 1 major release [e.g., 3.x], whichever comes first. Also, we may not
+necessarily remove all of them at once, depending on community feedback.)
+
+DefaultSecurityConfiguration implements the new contract. New contract methods implementations work as described in 
+'Multiple configuration files support' paragraph.
+
+## Multiple configuration files support
+
+EsapiPropertyManager is the new implementation for getting properties, which uses prioritized property loaders (each one associated with a specific configuration file). This allows to have multiple configuration files existing with priority connected to each one. At this moment, there
+are two configuration files possible to use, the path to them is set through following Java
+system properties:
+ 
+* org.owasp.esapi.opsteam = <full_path_to_file> (higher priority config)
+* org.owasp.esapi.devteam = <full_path_to_file> (lower priority config)
+
+The first is intended for deployment by an operations team responsible for
+enforcing security for configuration management enterprise-wide. The intent here
+is to allow this operations team to enforce global / company-wide policies such
+as the minimum encryption key size or permitted cryptographic algorithms.
+
+The second is intended for deployment by development teams and is more likely to
+be useful and be tailored for each individual project based on project needs.
+
+If an ESAPI property is set via the configuration file identified by
+org.owasp.esapi.opsteam then that property takes precedence over any property
+set by the configuration file identified by org.owasp.esapi.devteam system
+property. (A warning message will be logged if a property defined in the higher
+priority configuration file is also defined in the configuration file of lower
+priority.)
+
+The DefaultSecurityConfiguration class now uses this mechanism through the new
+API for retrieving  properties.
+
+It is not mandatory to have both files configured or even any of them for
+DefaultSecurityConfiguration to work property. It can still use the single
+ESAPI.properties to search for a property. In case of any of the configurations
+or both of the existing,  ESAPI.properties has LOWEST priority, so it will be
+searched as last.
+
+### Example properties extraction through DefaultSecurityConfiguration
+
+```java
+ESAPI.securityConfiguration().getBooleanProp("propertyXXX");
+```
+
+where "propertyXXX" is some property name relevant to ESAPI (and
+in this case, one that would hold a boolean value). See ESAPI.properties
+for a list of current property names known to ESAPI.
+ 
+In above example, following happens:
+  
+1. org.owasp.esapi.opsteam configuration is used to get propertyXXX and return it as boolean.
+2. If (1) fails to find property, org.owasp.esapi.devteam is used to get propertyXXX and return it as boolean.
+3. If (2) fails to find property, ESAPI.properties is used to get propertyXXX and return it as boolean.
+4. If (3) fails to find property, unchecked ConfigurationException will be thrown.
+
+A ConfigurationException will be also thrown if propertyXXX was found in one
+of the configurations, but it is impossible to convert it to boolean value.
+
+## XML configuration support
+
+XML configuration storage is supported. Both org.owasp.esapi.opsteam and
+org.owasp.esapi.devteam can be XML files, but they must comply to the
+following XSD schema:
+
+```xml
+<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+    <xs:element name="properties">
+        <xs:complexType>
+            <xs:sequence>
+                <xs:element name="property" maxOccurs="unbounded" minOccurs="0">
+                    <xs:complexType>
+                        <xs:simpleContent>
+                            <xs:extension base="xs:string">
+                                <xs:attribute type="xs:string" name="name" use="optional"/>
+                            </xs:extension>
+                        </xs:simpleContent>
+                    </xs:complexType>
+                </xs:element>
+            </xs:sequence>
+        </xs:complexType>
+    </xs:element>
+</xs:schema>
+```
+
+### XML configuration example:
+```
+<?xml version="1.0" encoding="UTF-8"?>
+<properties>
+    <property name="string_property" type="string">test_string_property</property>
+    <property name="int_property" type="int">5</property>
+    <property name="invalid_int_property" type="int">invalid int</property>
+    <property name="boolean_property" type="boolean">true</property>
+    <property name="boolean_yes_property" type="boolean">yes</property>
+    <property name="boolean_no_property" type="boolean">no</property>
+    <property name="invalid_boolean_property" type="boolean">invalid boolean</property>
+</properties>
+```
diff --git a/pom.xml b/pom.xml
index 8ef61a99f..79f870d2f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -187,6 +187,14 @@
             <artifactId>antisamy</artifactId>
             <version>1.5.3</version>
         </dependency>
+
+        <dependency>
+            <groupId>org.apache.xmlgraphics</groupId>
+            <artifactId>batik-css</artifactId>
+            <version>1.8</version>
+        </dependency>
+
+
     </dependencies>
 
     <build>
@@ -329,7 +337,7 @@
             <plugin>
                 <groupId>org.owasp</groupId>
                 <artifactId>dependency-check-maven</artifactId>
-                <version>1.1.4</version>
+                <version>1.2.11</version>
                 <configuration>
                     <externalReport>false</externalReport>
                 </configuration>
diff --git a/src/main/java/org/owasp/esapi/HTTPUtilities.java b/src/main/java/org/owasp/esapi/HTTPUtilities.java
index 77fcd8284..6402796c8 100644
--- a/src/main/java/org/owasp/esapi/HTTPUtilities.java
+++ b/src/main/java/org/owasp/esapi/HTTPUtilities.java
@@ -445,7 +445,6 @@ public interface HTTPUtilities
      * @param response
      * @param location the URL to forward to, including parameters
      * @throws AccessControlException
-     * @throws ServletException
      * @throws IOException
      */
     void sendRedirect(HttpServletResponse response, String location) throws AccessControlException, IOException;
diff --git a/src/main/java/org/owasp/esapi/SecurityConfiguration.java b/src/main/java/org/owasp/esapi/SecurityConfiguration.java
index 9c54acb9c..9d37c2580 100644
--- a/src/main/java/org/owasp/esapi/SecurityConfiguration.java
+++ b/src/main/java/org/owasp/esapi/SecurityConfiguration.java
@@ -16,6 +16,8 @@
  */
 package org.owasp.esapi;
 
+import org.owasp.esapi.configuration.EsapiPropertyLoader;
+
 import java.io.File;
 import java.io.IOException;
 import java.io.InputStream;
@@ -48,53 +50,71 @@
  *         href="http://www.aspectsecurity.com">Aspect Security</a>
  * @since June 1, 2007
  */
-public interface SecurityConfiguration {
+public interface SecurityConfiguration extends EsapiPropertyLoader {
 
 	/**
 	 * Gets the application name, used for logging
 	 * 
 	 * @return the name of the current application
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
 	 */
+	@Deprecated
 	public String getApplicationName();
 	
 	/**
 	 * Returns the fully qualified classname of the ESAPI Logging implementation.
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
 	 */
+	@Deprecated
 	public String getLogImplementation();
 	
 	/**
 	 * Returns the fully qualified classname of the ESAPI Authentication implementation.
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
 	 */
+	@Deprecated
 	public String getAuthenticationImplementation();
 	
 	/**
 	 * Returns the fully qualified classname of the ESAPI Encoder implementation.
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
 	 */
+	@Deprecated
 	public String getEncoderImplementation();
 	
 	/**
 	 * Returns the fully qualified classname of the ESAPI Access Control implementation.
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
 	 */
+	@Deprecated
 	public String getAccessControlImplementation();
 	
 	/**
 	 * Returns the fully qualified classname of the ESAPI Intrusion Detection implementation.
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
 	 */
+	@Deprecated
 	public String getIntrusionDetectionImplementation();
 	
 	/**
 	 * Returns the fully qualified classname of the ESAPI Randomizer implementation.
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
 	 */
+	@Deprecated
 	public String getRandomizerImplementation();
 	
 	/**
 	 * Returns the fully qualified classname of the ESAPI Encryption implementation.
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
 	 */
+	@Deprecated
 	public String getEncryptionImplementation();
 	
 	/**
 	 * Returns the fully qualified classname of the ESAPI Validation implementation.
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
 	 */
+	@Deprecated
 	public String getValidationImplementation();
 	
 	/**
@@ -112,17 +132,23 @@ public interface SecurityConfiguration {
      * 
      * @return True if lenient dates are accepted; false otherwise.
      * @see java.text.DateFormat#setLenient(boolean)
+     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
      */
+	@Deprecated
     public boolean getLenientDatesAccepted();
 	
 	/**
 	 * Returns the fully qualified classname of the ESAPI OS Execution implementation.
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
 	 */
+	@Deprecated
 	public String getExecutorImplementation();
 	
 	/**
 	 * Returns the fully qualified classname of the ESAPI HTTPUtilities implementation.
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
 	 */
+	@Deprecated
 	public String getHTTPUtilitiesImplementation();
 	
 	/**
@@ -130,7 +156,9 @@ public interface SecurityConfiguration {
 	 * of data that need to be protected by your application.
 	 * 
 	 * @return the current master key
+     * @deprecated Use SecurityConfiguration.getByteArrayProp("appropriate_esapi_prop_name") instead.
 	 */
+	@Deprecated
 	public byte[] getMasterKey();
 
 	/**
@@ -149,7 +177,9 @@ public interface SecurityConfiguration {
 	 * Gets the key length to use in cryptographic operations declared in the ESAPI properties file.
 	 * 
 	 * @return the key length.
+     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
 	 */
+	@Deprecated
     public int getEncryptionKeyLength();
     
 	/**
@@ -157,7 +187,9 @@ public interface SecurityConfiguration {
 	 * where a salt is needed.
 	 * 
 	 * @return the current master salt
+     * @deprecated Use SecurityConfiguration.getByteArrayProp("appropriate_esapi_prop_name") instead.
 	 */
+	@Deprecated
 	public byte[] getMasterSalt();
 
 	/**
@@ -178,21 +210,27 @@ public interface SecurityConfiguration {
 	 * Gets the maximum allowed file upload size.
 	 * 
 	 * @return the current allowed file upload size
+     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
 	 */
+	@Deprecated
 	public int getAllowedFileUploadSize();
 
 	/**
 	 * Gets the name of the password parameter used during user authentication.
 	 * 
 	 * @return the name of the password parameter
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
 	 */
+	@Deprecated
 	public String getPasswordParameterName();
 
 	/**
 	 * Gets the name of the username parameter used during user authentication.
 	 * 
 	 * @return the name of the username parameter
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
 	 */
+	@Deprecated
 	public String getUsernameParameterName();
 
 	/**
@@ -202,7 +240,9 @@ public interface SecurityConfiguration {
 	 * and padding schemes.
 	 * 
 	 * @return the current encryption algorithm
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
 	 */
+	@Deprecated
 	public String getEncryptionAlgorithm();
 
 	/**
@@ -244,7 +284,9 @@ public interface SecurityConfiguration {
 	 * not the reference JCE implementation of "SunJCE"), and therefore it
 	 * should be avoided.
 	 * @return	The cipher transformation.
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
 	 */
+	@Deprecated
     public String getCipherTransformation();
     
     /**
@@ -269,7 +311,9 @@ public interface SecurityConfiguration {
      * 			completed the encryption / decryption with the new cipher
      * 			transformation.
      * @deprecated To be replaced by new class in ESAPI 2.1, but here if you need it
-     *          until then. Details of replacement forthcoming to ESAPI-Dev list.
+     *          until then. Details of replacement forthcoming to ESAPI-Dev
+     *          list. Most likely to be replaced by a new public CTOR for
+     *          JavaEncryptor that takes a list of properties to override.
      */
     @Deprecated
     public String setCipherTransformation(String cipherXform);
@@ -289,7 +333,9 @@ public interface SecurityConfiguration {
      * changed.
      * @return The property {@code Encryptor.PreferredJCEProvider} is returned.
      * @see org.owasp.esapi.crypto.SecurityProviderLoader
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
      */
+	@Deprecated
     public String getPreferredJCEProvider();
     
 // TODO - DISCUSS: Where should this web page (below) go? Maybe with the Javadoc? But where?
@@ -306,7 +352,9 @@ public interface SecurityConfiguration {
      * "Why Is OWASP Changing ESAPI Encryption?"</a>.
      * </p>
      * @return	{@code true} if a you want a MAC to be used, otherwise {@code false}.
+     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
      */
+	@Deprecated
     public boolean useMACforCipherText();
 
     /**
@@ -322,7 +370,9 @@ public interface SecurityConfiguration {
      * </p>
      * @return	True if it is OK to overwrite the {@code PlainText} objects
      *			after encrypting, false otherwise.
+     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
      */
+	@Deprecated
     public boolean overwritePlainText();
     
     /**
@@ -335,14 +385,23 @@ public interface SecurityConfiguration {
      * @return A string specifying the IV type. Should be "random" or "fixed".
      * 
      * @see #getFixedIV()
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
      */
+	@Deprecated
     public String getIVType();
     
     /**
      * If a "fixed" (i.e., static) Initialization Vector (IV) is to be used,
      * this will return the IV value as a hex-encoded string.
      * @return The fixed IV as a hex-encoded string.
+     * @deprecated Short term: use SecurityConfiguration.getByteArrayProp("appropriate_esapi_prop_name")
+     *             instead. Longer term: There will be a more general method in JavaEncryptor
+     *             to explicitly set an IV. This whole concept of a single fixed IV has
+     *             always been a kludge at best, as a concession to those who have used
+     *             a single fixed IV in the past. It's time to put it to death
+     *             as it was never intended for production in the first place.
      */
+	@Deprecated
     public String getFixedIV();
     
     /**
@@ -366,7 +425,7 @@ public interface SecurityConfiguration {
     /**
      * Return {@code List} of strings of additional cipher modes that are
      * permitted (i.e., in <i>addition<i> to those returned by
-     * {@link #getPreferredCipherModes()}) to be used for encryption and
+     * {@link #getCombinedCipherModes()}) to be used for encryption and
      * decryption operations.
      * </p><p>
      * The list is taken from the comma-separated list of cipher modes specified
@@ -377,7 +436,7 @@ public interface SecurityConfiguration {
      * was specified in {@code ESAPI.properties}; otherwise the empty list is
      * returned.
      *
-     * @see #getPreferredCipherModes() 
+     * @see #getCombinedCipherModes()
      */
     public List<String> getAdditionalAllowedCipherModes();
 
@@ -385,14 +444,18 @@ public interface SecurityConfiguration {
 	 * Gets the hashing algorithm used by ESAPI to hash data.
 	 * 
 	 * @return the current hashing algorithm
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
 	 */
+	@Deprecated
 	public String getHashAlgorithm();
 
 	/**
 	 * Gets the hash iterations used by ESAPI to hash data.
 	 * 
 	 * @return the current hashing algorithm
+     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
 	 */
+	@Deprecated
 	public int getHashIterations();
 
 	/**
@@ -400,7 +463,9 @@ public interface SecurityConfiguration {
 	 * Key Derivation Function (KDF).
 	 * 
 	 * @return	The KDF PRF algorithm name.
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
 	 */
+	@Deprecated
 	public String getKDFPseudoRandomFunction();
 	
 	/**
@@ -413,21 +478,27 @@ public interface SecurityConfiguration {
 	 * getResponseContentType().
 	 * 
 	 * @return the current character encoding scheme
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
 	 */
+	@Deprecated
 	public String getCharacterEncoding();
 
 	/**
 	 * Return true if multiple encoding is allowed
 	 *
 	 * @return whether multiple encoding is allowed when canonicalizing data
+     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
 	 */
+	@Deprecated
 	public boolean getAllowMultipleEncoding();
 
 	/**
 	 * Return true if mixed encoding is allowed
 	 *
 	 * @return whether mixed encoding is allowed when canonicalizing data
+     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
 	 */
+	@Deprecated
 	public boolean getAllowMixedEncoding();
 
 	/**
@@ -441,21 +512,27 @@ public interface SecurityConfiguration {
 	 * Gets the digital signature algorithm used by ESAPI to generate and verify signatures.
 	 * 
 	 * @return the current digital signature algorithm
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
 	 */
+	@Deprecated
 	public String getDigitalSignatureAlgorithm();
 
 	/**
 	 * Gets the digital signature key length used by ESAPI to generate and verify signatures.
 	 * 
 	 * @return the current digital signature key length
+     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
 	 */
+	@Deprecated
 	public int getDigitalSignatureKeyLength();
 		   
 	/**
 	 * Gets the random number generation algorithm used to generate random numbers where needed.
 	 * 
 	 * @return the current random number generation algorithm
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
 	 */
+	@Deprecated
 	public String getRandomAlgorithm();
 
 	/**
@@ -463,7 +540,9 @@ public interface SecurityConfiguration {
 	 * many failures are detected within the alloted time period, the user's account will be locked.
 	 * 
 	 * @return the number of failed login attempts that cause an account to be locked
+     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
 	 */
+	@Deprecated
 	public int getAllowedLoginAttempts();
 
 	/**
@@ -472,14 +551,18 @@ public interface SecurityConfiguration {
 	 * when they change their password.
 	 * 
 	 * @return the number of old hashed passwords to retain
+     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
 	 */
+	@Deprecated
 	public int getMaxOldPasswordHashes();
 
 	/**
 	 * Allows for complete disabling of all intrusion detection mechanisms
 	 * 
 	 * @return true if intrusion detection should be disabled
+     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
 	 */
+	@Deprecated
 	public boolean getDisableIntrusionDetection();
 	
 	/**
@@ -500,28 +583,38 @@ public interface SecurityConfiguration {
     public File getResourceFile( String filename );
     
 	/**
-	 * Forces new cookies to have HttpOnly flag set.
+	 * Returns true if session cookies are required to have HttpOnly flag set.
+     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
      */
+	@Deprecated
     public boolean getForceHttpOnlySession() ;
 
 	/**
-	 * Forces session cookies to have Secure flag set.
+	 * Returns true if session cookies are required to have Secure flag set.
+     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
      */
+	@Deprecated
     public boolean getForceSecureSession() ;
 
 	/**
-	 * Forces new cookies to have HttpOnly flag set.
+	 * Returns true if new cookies are required to have HttpOnly flag set.
+     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
      */
+	@Deprecated
     public boolean getForceHttpOnlyCookies() ;
 
 	/**
-	 * Forces new cookies to have Secure flag set.
+	 * Returns true if new cookies are required to have Secure flag set.
+     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
      */
+	@Deprecated
     public boolean getForceSecureCookies() ;
 
 	/**
 	 * Returns the maximum allowable HTTP header size.
+     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
 	 */
+	@Deprecated
 	public int getMaxHttpHeaderSize() ;
 
 	/**
@@ -548,7 +641,9 @@ public interface SecurityConfiguration {
 	 * getCharacterEncoding().
 	 * 
 	 * @return The current content-type set for responses.
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
 	 */
+	@Deprecated
 	public String getResponseContentType();
 
 	/**
@@ -556,14 +651,17 @@ public interface SecurityConfiguration {
 	 * likely "JSESSIONID" though this can be overridden.
 	 * 
 	 * @return The name of the session identifier, like "JSESSIONID"
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
 	 */
+	@Deprecated
 	public String getHttpSessionIdName();
 	
 	/**
 	 * Gets the length of the time to live window for remember me tokens (in milliseconds).
 	 * 
-	 * @return The time to live length for generated remember me tokens.
+	 * @return The time to live length for generated "remember me" tokens.
 	 */
+    // OPEN ISSUE: Can we replace w/ SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead?
 	public long getRememberTokenDuration();
 
 	
@@ -573,7 +671,9 @@ public interface SecurityConfiguration {
 	 * function that enables a session to continue after reauthentication.
 	 * 
 	 * @return The session idle timeout length.
+     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
 	 */
+	@Deprecated
 	public int getSessionIdleTimeoutLength();
 	
 	/**
@@ -582,7 +682,9 @@ public interface SecurityConfiguration {
 	 * provide a reauthenticate function that enables a session to continue after reauthentication.
 	 * 
 	 * @return The session absolute timeout length.
+     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
 	 */
+	@Deprecated
 	public int getSessionAbsoluteTimeoutLength();
 	
 	
@@ -590,7 +692,9 @@ public interface SecurityConfiguration {
 	 * Returns whether HTML entity encoding should be applied to log entries.
 	 * 
 	 * @return True if log entries are to be HTML Entity encoded. False otherwise.
+     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
 	 */
+	@Deprecated
 	public boolean getLogEncodingRequired();
 	
 	/**
@@ -598,7 +702,9 @@ public interface SecurityConfiguration {
 	 * single-server/single-app environments.
 	 * 
 	 * @return True if ESAPI should log the application name, False otherwise
+     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
 	 */
+	@Deprecated
 	public boolean getLogApplicationName();
 
 	/**
@@ -606,13 +712,17 @@ public interface SecurityConfiguration {
 	 * single-server environments.
 	 * 
 	 * @return True if ESAPI should log the server IP and port, False otherwise
+     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
 	 */
+	@Deprecated
 	public boolean getLogServerIP();
 
 	/**
 	 * Returns the current log level.
 	 * @return	An integer representing the current log level.
+     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
 	 */
+	@Deprecated
     public int getLogLevel();
 	
     /**
@@ -620,7 +730,9 @@ public interface SecurityConfiguration {
      * if it is not specified.
      * 
      * @return the log file name defined in the properties file.
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
      */
+	@Deprecated
     public String getLogFileName();
 
     /**
@@ -628,7 +740,9 @@ public interface SecurityConfiguration {
      * if it is not specified. Once the log hits this file size, it will roll over into a new log.
      * 
      * @return the maximum size of a single log file (in bytes).
+     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
      */
+	@Deprecated
     public int getMaxLogFileSize();
 
 	/**
diff --git a/src/main/java/org/owasp/esapi/configuration/AbstractPrioritizedPropertyLoader.java b/src/main/java/org/owasp/esapi/configuration/AbstractPrioritizedPropertyLoader.java
new file mode 100644
index 000000000..75e6497c7
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/configuration/AbstractPrioritizedPropertyLoader.java
@@ -0,0 +1,62 @@
+package org.owasp.esapi.configuration;
+
+
+import java.io.File;
+import java.util.Properties;
+
+public abstract class AbstractPrioritizedPropertyLoader implements EsapiPropertyLoader,
+        Comparable<AbstractPrioritizedPropertyLoader> {
+
+    protected final String filename;
+    protected Properties properties;
+
+    private final int priority;
+
+    public AbstractPrioritizedPropertyLoader(String filename, int priority) {
+        this.priority = priority;
+        this.filename = filename;
+        initProperties();
+    }
+
+    /**
+     * Get priority of this property loader. If two and more loaders can return value for the same property key,
+     * the one with highest priority will be chosen.
+     * @return priority of this property loader
+     */
+    public int priority() {
+        return priority;
+    }
+
+    @Override
+    public int compareTo(AbstractPrioritizedPropertyLoader compared) {
+        if (this.priority > compared.priority()) {
+            return 1;
+        } else if (this.priority < compared.priority()) {
+            return -1;
+        }
+        return 0;
+    }
+
+    public String name() {
+        return filename;
+    }
+
+    /**
+     * Initializes properties object and fills it with data from configuration file.
+     */
+    protected void initProperties() {
+        properties = new Properties();
+        File file = new File(filename);
+        if (file.exists() && file.isFile()) {
+            loadPropertiesFromFile(file);
+        } else {
+            System.err.println("Configuration file " + filename + " does not exist");
+        }
+    }
+
+    /**
+     * Method that loads the data from configuration file to properties object.
+     * @param file
+     */
+    protected abstract void loadPropertiesFromFile(File file);
+}
diff --git a/src/main/java/org/owasp/esapi/configuration/EsapiPropertyLoader.java b/src/main/java/org/owasp/esapi/configuration/EsapiPropertyLoader.java
new file mode 100644
index 000000000..aafa89012
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/configuration/EsapiPropertyLoader.java
@@ -0,0 +1,43 @@
+package org.owasp.esapi.configuration;
+
+import org.owasp.esapi.errors.ConfigurationException;
+
+/**
+ * Generic interface for loading security configuration properties.
+ */
+public interface EsapiPropertyLoader {
+
+    /**
+     * Get any int type property from security configuration.
+     *
+     * @return property value.
+     * @throws ConfigurationException when property does not exist in configuration or has incorrect type.
+     */
+    public int getIntProp(String propertyName) throws ConfigurationException;
+
+    /**
+     * Get any byte array type property from security configuration.
+     *
+     * @return property value.
+     * @throws ConfigurationException when property does not exist in configuration or has incorrect type.
+     */
+    public byte[] getByteArrayProp(String propertyName) throws ConfigurationException;
+
+    /**
+     * Get any Boolean type property from security configuration.
+     *
+     * @return property value.
+     * @throws ConfigurationException when property does not exist in configuration or has incorrect type.
+     */
+    public Boolean getBooleanProp(String propertyName) throws ConfigurationException;
+
+    /**
+     * Get any property from security configuration. As every property can be returned as string, this method
+     * throws exception only when property does not exist.
+     *
+     * @return property value.
+     * @throws ConfigurationException when property does not exist in configuration.
+     */
+    public String getStringProp(String propertyName) throws ConfigurationException;
+
+}
diff --git a/src/main/java/org/owasp/esapi/configuration/EsapiPropertyLoaderFactory.java b/src/main/java/org/owasp/esapi/configuration/EsapiPropertyLoaderFactory.java
new file mode 100644
index 000000000..19bc581bd
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/configuration/EsapiPropertyLoaderFactory.java
@@ -0,0 +1,36 @@
+package org.owasp.esapi.configuration;
+
+import org.owasp.esapi.configuration.consts.EsapiConfiguration;
+import org.owasp.esapi.errors.ConfigurationException;
+
+import java.io.FileNotFoundException;
+
+import static org.owasp.esapi.configuration.consts.EsapiConfigurationType.PROPERTIES;
+import static org.owasp.esapi.configuration.consts.EsapiConfigurationType.XML;
+
+/**
+ * Factory class that takes care of initialization of proper instance of EsapiPropertyLoader
+ * based on EsapiPropertiesStore
+ */
+public class EsapiPropertyLoaderFactory {
+
+    public static AbstractPrioritizedPropertyLoader createPropertyLoader(EsapiConfiguration cfg)
+            throws ConfigurationException, FileNotFoundException {
+        String cfgPath = System.getProperty(cfg.getConfigName());
+        if (cfgPath == null) {
+            throw new ConfigurationException("System property [" + cfg.getConfigName() + "] is not set");
+        }
+        String fileExtension = cfgPath.substring(cfgPath.lastIndexOf('.') + 1);
+
+        if (XML.getTypeName().equals(fileExtension)) {
+            return new XmlEsapiPropertyLoader(cfgPath, cfg.getPriority());
+        }
+        if (PROPERTIES.getTypeName().equals(fileExtension)) {
+            return new StandardEsapiPropertyLoader(cfgPath, cfg.getPriority());
+        } else {
+            throw new ConfigurationException("Configuration storage type [" + fileExtension + "] is not " +
+                    "supported");
+        }
+    }
+    
+}
diff --git a/src/main/java/org/owasp/esapi/configuration/EsapiPropertyManager.java b/src/main/java/org/owasp/esapi/configuration/EsapiPropertyManager.java
new file mode 100644
index 000000000..d4020aeed
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/configuration/EsapiPropertyManager.java
@@ -0,0 +1,99 @@
+package org.owasp.esapi.configuration;
+
+import org.owasp.esapi.configuration.consts.EsapiConfiguration;
+import org.owasp.esapi.errors.ConfigurationException;
+
+import java.util.TreeSet;
+
+import static org.owasp.esapi.configuration.EsapiPropertyLoaderFactory.createPropertyLoader;
+
+/**
+ * Manager used for loading security configuration properties. Does all the logic to obtain the correct property from
+ * correct source. Uses following system properties to find configuration files:
+ * - org.owasp.esapi.devteam - lower priority dev file path
+ * - org.owasp.esapi.opsteam - higher priority ops file path
+ */
+public class EsapiPropertyManager implements EsapiPropertyLoader {
+
+    protected TreeSet<AbstractPrioritizedPropertyLoader> loaders;
+
+    public EsapiPropertyManager() {
+        initLoaders();
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public int getIntProp(String propertyName) throws ConfigurationException {
+        for (AbstractPrioritizedPropertyLoader loader : loaders) {
+            try {
+                return loader.getIntProp(propertyName);
+            } catch (ConfigurationException e) {
+                System.err.println("Property not found in " + loader.name());
+            }
+        }
+        throw new ConfigurationException("Could not find property " + propertyName + " in configuration");
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public byte[] getByteArrayProp(String propertyName) throws ConfigurationException {
+        for (AbstractPrioritizedPropertyLoader loader : loaders) {
+            try {
+                return loader.getByteArrayProp(propertyName);
+            } catch (ConfigurationException e) {
+                System.err.println("Property not found in " + loader.name());
+            }
+        }
+        throw new ConfigurationException("Could not find property " + propertyName + " in configuration");
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public Boolean getBooleanProp(String propertyName) throws ConfigurationException {
+        for (AbstractPrioritizedPropertyLoader loader : loaders) {
+            try {
+                return loader.getBooleanProp(propertyName);
+            } catch (ConfigurationException e) {
+                System.err.println("Property not found in " + loader.name());
+            }
+        }
+        throw new ConfigurationException("Could not find property " + propertyName + " in configuration");
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public String getStringProp(String propertyName) throws ConfigurationException {
+        for (AbstractPrioritizedPropertyLoader loader : loaders) {
+            try {
+                return loader.getStringProp(propertyName);
+            } catch (ConfigurationException e) {
+                System.err.println("Property : " + propertyName + " not found in " + loader.name());
+            }
+        }
+        throw new ConfigurationException("Could not find property " + propertyName + " in configuration");
+    }
+
+    private void initLoaders() {
+        loaders = new TreeSet<AbstractPrioritizedPropertyLoader>();
+        try {
+            loaders.add(createPropertyLoader(EsapiConfiguration.OPSTEAM_ESAPI_CFG));
+        } catch (Exception e) {
+            System.err.println(e.getMessage());
+        }
+        try {
+            loaders.add(createPropertyLoader(EsapiConfiguration.DEVTEAM_ESAPI_CFG));
+        } catch (Exception e) {
+            System.err.println(e.getMessage());
+        }
+    }
+
+
+}
diff --git a/src/main/java/org/owasp/esapi/configuration/StandardEsapiPropertyLoader.java b/src/main/java/org/owasp/esapi/configuration/StandardEsapiPropertyLoader.java
new file mode 100644
index 000000000..6a896a2cd
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/configuration/StandardEsapiPropertyLoader.java
@@ -0,0 +1,105 @@
+package org.owasp.esapi.configuration;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.errors.ConfigurationException;
+
+import java.io.*;
+
+/**
+ * Loader capable of loading single security configuration property from standard java properties configuration file.
+ */
+public class StandardEsapiPropertyLoader extends AbstractPrioritizedPropertyLoader {
+
+    public StandardEsapiPropertyLoader(String filename, int priority) {
+        super(filename, priority);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public int getIntProp(String propertyName) throws ConfigurationException {
+        String property = properties.getProperty(propertyName);
+        if (property == null) {
+            throw new ConfigurationException("Property : " + propertyName + "not found in configuration");
+        }
+        try {
+            return Integer.parseInt(property);
+        } catch (NumberFormatException e) {
+            throw new ConfigurationException("Incorrect type of : " + propertyName + ". Value " + property +
+                    "cannot be converted to integer", e);
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public byte[] getByteArrayProp(String propertyName) throws ConfigurationException {
+        String property = properties.getProperty(propertyName);
+        if (property == null) {
+            throw new ConfigurationException("Property : " + propertyName + "not found in default configuration");
+        }
+        try {
+            return ESAPI.encoder().decodeFromBase64(property);
+        } catch (IOException e) {
+            throw new ConfigurationException("Incorrect type of : " + propertyName + ". Value " + property +
+                    "cannot be converted to byte array", e);
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public Boolean getBooleanProp(String propertyName) throws ConfigurationException {
+        String property = properties.getProperty(propertyName);
+        if (property == null) {
+            throw new ConfigurationException("Property : " + propertyName + "not found in default configuration");
+        }
+        if (property.equalsIgnoreCase("true") || property.equalsIgnoreCase("yes")) {
+            return true;
+        }
+        if (property.equalsIgnoreCase("false") || property.equalsIgnoreCase("no")) {
+            return false;
+        } else {
+            throw new ConfigurationException("Incorrect type of : " + propertyName + ". Value " + property +
+                    "cannot be converted to boolean");
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public String getStringProp(String propertyName) throws ConfigurationException {
+        String property = properties.getProperty(propertyName);
+        if (property == null) {
+            throw new ConfigurationException("Property : " + propertyName + "not found in default configuration");
+        }
+        return property;
+    }
+
+    /**
+     * Methods loads configuration from .properties file. 
+     * @param file
+     */
+    protected void loadPropertiesFromFile(File file) {
+        InputStream input = null;
+        try {
+            input = new FileInputStream(file);
+            properties.load(input);
+        } catch (IOException ex) {
+            System.err.println("Loading " + file.getName() + " via file I/O failed. Exception was: " + ex);
+        } finally {
+            if (input != null) {
+                try {
+                    input.close();
+                } catch (IOException e) {
+                    System.err.println("Could not close stream");
+                }
+            }
+        }
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/configuration/XmlEsapiPropertyLoader.java b/src/main/java/org/owasp/esapi/configuration/XmlEsapiPropertyLoader.java
new file mode 100644
index 000000000..c48be38fc
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/configuration/XmlEsapiPropertyLoader.java
@@ -0,0 +1,134 @@
+package org.owasp.esapi.configuration;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.errors.ConfigurationException;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+import javax.xml.XMLConstants;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.transform.stream.StreamSource;
+import javax.xml.validation.Schema;
+import javax.xml.validation.SchemaFactory;
+import javax.xml.validation.Validator;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+
+/**
+ * Loader capable of loading single security configuration property from xml configuration file.
+ */
+public class XmlEsapiPropertyLoader extends AbstractPrioritizedPropertyLoader {
+
+    public XmlEsapiPropertyLoader(String filename, int priority) {
+        super(filename, priority);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public int getIntProp(String propertyName) throws ConfigurationException {
+        String property = properties.getProperty(propertyName);
+        if (property == null) {
+            throw new ConfigurationException("Property : " + propertyName + " not found in default configuration");
+        }
+        try {
+            return Integer.parseInt(property);
+        } catch (NumberFormatException e) {
+            throw new ConfigurationException("Incorrect type of : " + propertyName + ". Value " + property +
+                    "cannot be converted to integer", e);
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public byte[] getByteArrayProp(String propertyName) throws ConfigurationException {
+        String property = properties.getProperty(propertyName);
+        if (property == null) {
+            throw new ConfigurationException("Property : " + propertyName + " not found in default configuration");
+        }
+        try {
+            return ESAPI.encoder().decodeFromBase64(property);
+        } catch (IOException e) {
+            throw new ConfigurationException("Incorrect type of : " + propertyName + ". Value " + property +
+                    "cannot be converted to byte array", e);
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public Boolean getBooleanProp(String propertyName) throws ConfigurationException {
+        String property = properties.getProperty(propertyName);
+        if (property == null) {
+            throw new ConfigurationException("Property : " + propertyName + " not found in default configuration");
+        }
+        if (property.equalsIgnoreCase("true") || property.equalsIgnoreCase("yes")) {
+            return true;
+        }
+        if (property.equalsIgnoreCase("false") || property.equalsIgnoreCase("no")) {
+            return false;
+        } else {
+            throw new ConfigurationException("Incorrect type of : " + propertyName + ". Value " + property +
+                    "cannot be converted to boolean");
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public String getStringProp(String propertyName) throws ConfigurationException {
+        String property = properties.getProperty(propertyName);
+        if (property == null) {
+            throw new ConfigurationException("Property : " + propertyName + " not found in default configuration");
+        }
+        return property;
+    }
+
+    /**
+     * Methods loads configuration from .xml file. 
+     * @param file
+     */
+    protected void loadPropertiesFromFile(File file) throws ConfigurationException {
+        try {
+            validateAgainstXSD(new FileInputStream(file));
+
+            DocumentBuilderFactory dbFactory = DocumentBuilderFactory.newInstance();
+            DocumentBuilder dBuilder = dbFactory.newDocumentBuilder();
+            Document doc = dBuilder.parse(file);
+            doc.getDocumentElement().normalize();
+
+            NodeList nodeList = doc.getElementsByTagName("property");
+            for (int i = 0; i < nodeList.getLength(); i++) {
+                Node node = nodeList.item(i);
+                if (node.getNodeType() == Node.ELEMENT_NODE) {
+                    Element element = (Element) node;
+                    String propertyKey = element.getAttribute("name");
+                    String propertyValue = element.getTextContent();
+                    properties.put(propertyKey, propertyValue);
+                }
+            }
+        } catch (Exception e) {
+            throw new ConfigurationException("Configuration file : " + filename + " has invalid schema." + e.getMessage(), e);
+        }
+    }
+
+    private void validateAgainstXSD(InputStream xml) throws Exception {
+        InputStream xsd = getClass().getResourceAsStream("/ESAPI-properties.xsd");
+        SchemaFactory factory =
+                SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
+        Schema schema = factory.newSchema(new StreamSource(xsd));
+        Validator validator = schema.newValidator();
+        validator.validate(new StreamSource(xml));
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/configuration/consts/EsapiConfiguration.java b/src/main/java/org/owasp/esapi/configuration/consts/EsapiConfiguration.java
new file mode 100644
index 000000000..025700e76
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/configuration/consts/EsapiConfiguration.java
@@ -0,0 +1,33 @@
+package org.owasp.esapi.configuration.consts;
+
+/**
+ * Enum used for initialization of esapi configuration files. 
+ */
+public enum EsapiConfiguration {
+
+    OPSTEAM_ESAPI_CFG("org.owasp.esapi.opsteam", 1),
+    DEVTEAM_ESAPI_CFG("org.owasp.esapi.devteam", 2);
+
+    /**
+     * Key of system property pointing to path esapi to configuration file. 
+     */
+    String configName;
+
+    /**
+     * Priority of configuration (higher numer - higher priority).
+     */
+    int priority;
+
+    EsapiConfiguration(String configName, int priority) {
+        this.configName = configName;
+        this.priority = priority;
+    }
+
+    public String getConfigName() {
+        return configName;
+    }
+
+    public int getPriority() {
+        return priority;
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/configuration/consts/EsapiConfigurationType.java b/src/main/java/org/owasp/esapi/configuration/consts/EsapiConfigurationType.java
new file mode 100644
index 000000000..df3899c8a
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/configuration/consts/EsapiConfigurationType.java
@@ -0,0 +1,19 @@
+package org.owasp.esapi.configuration.consts;
+
+
+/**
+ * Supported esapi configuration file types.
+ */
+public enum EsapiConfigurationType {
+    PROPERTIES("properties"), XML("xml");
+
+    String typeName;
+
+    EsapiConfigurationType(String typeName) {
+        this.typeName = typeName;
+    }
+
+    public String getTypeName() {
+        return typeName;
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java b/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java
index dddf41c95..b68c613bc 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java
@@ -825,13 +825,11 @@ public void sendForward( String location )  throws AccessControlException,Servle
 	 * {@inheritDoc}
 	 *
 	 * This implementation checks against the list of safe redirect locations defined in ESAPI.properties.
-     *
-     * @param response
      */
     public void sendRedirect(HttpServletResponse response, String location) throws AccessControlException, IOException {
         if (!ESAPI.validator().isValidRedirectLocation("Redirect", location, false)) {
             logger.fatal(Logger.SECURITY_FAILURE, "Bad redirect location: " + location);
-            throw new AccessControlException("Redirect failed", "Bad Redirect location: " + location);
+            throw new AccessControlException("Redirect failed", "Bad redirect location: " + location);
         }
         response.sendRedirect(location);
     }
@@ -1040,3 +1038,4 @@ private String decryptString(String ciphertext) throws EncryptionException {
         return plaintext.toString();
     }
 }
+
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
index fd95f04a6..21a5cb345 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
@@ -15,29 +15,19 @@
  */
 package org.owasp.esapi.reference;
 
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.IOException;
-import java.io.InputStream;
-import java.net.URL;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.Properties;
-import java.util.regex.Pattern;
-import java.util.regex.PatternSyntaxException;
-
 import org.apache.commons.lang.text.StrTokenizer;
 import org.owasp.esapi.ESAPI;
 import org.owasp.esapi.Logger;
 import org.owasp.esapi.SecurityConfiguration;
+import org.owasp.esapi.configuration.EsapiPropertyManager;
 import org.owasp.esapi.errors.ConfigurationException;
 
+import java.io.*;
+import java.net.URL;
+import java.util.*;
+import java.util.regex.Pattern;
+import java.util.regex.PatternSyntaxException;
+
 /**
  * The reference {@code SecurityConfiguration} manages all the settings used by the ESAPI in a single place. In this reference
  * implementation, resources can be put in several locations, which are searched in the following order:
@@ -219,6 +209,7 @@ public static SecurityConfiguration getInstance() {
      */
     private String resourceDirectory = ".esapi";	// For backward compatibility (vs. "esapi")
 	private final String resourceFile;
+    private EsapiPropertyManager esapiPropertyManager;
 
 //    private static long lastModified = -1;
 
@@ -229,6 +220,7 @@ public static SecurityConfiguration getInstance() {
      */
     DefaultSecurityConfiguration(String resourceFile) {
     	this.resourceFile = resourceFile;
+        this.esapiPropertyManager = new EsapiPropertyManager();
     	// load security configuration
     	try {
         	loadConfiguration();
@@ -661,8 +653,8 @@ private Properties loadConfigurationFromClasspath(String fileName) throws Illega
 					
 					// try resources folder
 					if (in == null) {
-						currentClasspathSearchLocation = "resources/";
-						in = currentLoader.getResourceAsStream("resources/" + fileName);
+						currentClasspathSearchLocation = "src/main/resources/";
+						in = currentLoader.getResourceAsStream("src/main/resources/" + fileName);
 					}
 		
 					// now load the properties
@@ -998,8 +990,7 @@ public String getLogFileName() {
     public int getMaxLogFileSize() {
     	return getESAPIProperty( MAX_LOG_FILE_SIZE, DEFAULT_MAX_LOG_FILE_SIZE );
     }
-
-
+    
     /**
 	 * {@inheritDoc}
 	 */
@@ -1237,7 +1228,102 @@ protected List<String> getESAPIProperty( String key, List<String> def ) {
 	    return Arrays.asList( parts );
 	}
 
-	protected boolean shouldPrintProperties() {
+    /**
+     * {@inheritDoc}
+     * Looks for property in three configuration files in following order:
+     * 1.) In file defined as org.owasp.esapi.opsteam system property 
+     * 2.) In file defined as org.owasp.esapi.devteam system property 
+     * 3.) In ESAPI.properties* 
+     */
+    @Override
+    public int getIntProp(String propertyName) throws ConfigurationException {
+        try {
+            return esapiPropertyManager.getIntProp(propertyName);
+        } catch (ConfigurationException ex) {
+            String property = properties.getProperty(propertyName);
+            try {
+                return Integer.parseInt(property);
+            } catch (NumberFormatException e) {
+                throw new ConfigurationException( "SecurityConfiguration for " + propertyName + " has incorrect " +
+                        "type");
+            }
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     * Looks for property in three configuration files in following order:
+     * 1.) In file defined as org.owasp.esapi.opsteam system property 
+     * 2.) In file defined as org.owasp.esapi.devteam system property 
+     * 3.) In ESAPI.properties
+     */
+    @Override
+    public byte[] getByteArrayProp(String propertyName) throws ConfigurationException {
+        try {
+            return esapiPropertyManager.getByteArrayProp(propertyName);
+        } catch (ConfigurationException ex) {
+            String property = properties.getProperty(propertyName);
+            if ( property == null ) {
+                throw new ConfigurationException( "SecurityConfiguration for " + propertyName + " not found in ESAPI.properties");
+            }
+            try {
+                return ESAPI.encoder().decodeFromBase64(property);
+            } catch( IOException e ) {
+                throw new ConfigurationException( "SecurityConfiguration for " + propertyName + " has incorrect " +
+                        "type");
+            }
+        }
+    }
+
+    /**
+     * {@inheritDoc}  
+     * Looks for property in three configuration files in following order:
+     * 1.) In file defined as org.owasp.esapi.opsteam system property 
+     * 2.) In file defined as org.owasp.esapi.devteam system property 
+     * 3.) In ESAPI.properties
+     */
+    @Override
+    public Boolean getBooleanProp(String propertyName) throws ConfigurationException {
+        try {
+            return esapiPropertyManager.getBooleanProp(propertyName);
+        } catch (ConfigurationException ex) {
+            String property = properties.getProperty( propertyName );
+            if ( property == null ) {
+                throw new ConfigurationException( "SecurityConfiguration for " + propertyName + " not found in ESAPI.properties");
+            }
+            if ( property.equalsIgnoreCase("true") || property.equalsIgnoreCase("yes" ) ) {
+                return true;
+            }
+            if ( property.equalsIgnoreCase("false") || property.equalsIgnoreCase( "no" ) ) {
+                return false;
+            }
+            throw new ConfigurationException( "SecurityConfiguration for " + propertyName + " has incorrect " +
+                    "type");
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     * Looks for property in three configuration files in following order:
+     * 1.) In file defined as org.owasp.esapi.opsteam system property
+     * 2.) In file defined as org.owasp.esapi.devteam system property
+     * 3.) In ESAPI.properties
+     */
+    @Override
+    public String getStringProp(String propertyName) throws ConfigurationException {
+        try {
+            return esapiPropertyManager.getStringProp(propertyName);
+        } catch (ConfigurationException ex) {
+            String property = properties.getProperty( propertyName );
+            if ( property == null ) {
+                throw new ConfigurationException( "SecurityConfiguration for " + propertyName + " not found in ESAPI.properties");
+            }
+            return property;
+        }
+    }
+
+
+    protected boolean shouldPrintProperties() {
         return getESAPIProperty(PRINT_PROPERTIES_WHEN_LOADED, false);
 	}
 
diff --git a/src/main/resources/ESAPI-properties.xsd b/src/main/resources/ESAPI-properties.xsd
new file mode 100644
index 000000000..523d3a124
--- /dev/null
+++ b/src/main/resources/ESAPI-properties.xsd
@@ -0,0 +1,17 @@
+<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+    <xs:element name="properties">
+        <xs:complexType>
+            <xs:sequence>
+                <xs:element name="property" maxOccurs="unbounded" minOccurs="0">
+                    <xs:complexType>
+                        <xs:simpleContent>
+                            <xs:extension base="xs:string">
+                                <xs:attribute type="xs:string" name="name" use="optional"/>
+                            </xs:extension>
+                        </xs:simpleContent>
+                    </xs:complexType>
+                </xs:element>
+            </xs:sequence>
+        </xs:complexType>
+    </xs:element>
+</xs:schema>
\ No newline at end of file
diff --git a/src/test/java/org/owasp/esapi/SecurityConfigurationWrapper.java b/src/test/java/org/owasp/esapi/SecurityConfigurationWrapper.java
index eb9c0c9f9..769c9eced 100644
--- a/src/test/java/org/owasp/esapi/SecurityConfigurationWrapper.java
+++ b/src/test/java/org/owasp/esapi/SecurityConfigurationWrapper.java
@@ -1,5 +1,7 @@
 package org.owasp.esapi;
 
+import org.owasp.esapi.errors.ConfigurationException;
+
 import java.io.File;
 import java.io.IOException;
 import java.io.InputStream;
@@ -576,6 +578,26 @@ public int getMaxLogFileSize()
 	 	return wrapped.getMaxLogFileSize();
 	}
 
+	@Override
+	public int getIntProp(String propertyName) throws ConfigurationException {
+		return wrapped.getIntProp(propertyName);
+	}
+
+	@Override
+	public byte[] getByteArrayProp(String propertyName) throws ConfigurationException {
+		return wrapped.getByteArrayProp(propertyName);
+	}
+
+	@Override
+	public Boolean getBooleanProp(String propertyName) throws ConfigurationException {
+		return wrapped.getBooleanProp(propertyName);
+	}
+
+	@Override
+	public String getStringProp(String propertyName) throws ConfigurationException {
+		return wrapped.getStringProp(propertyName);
+	}
+
 	/**
 	 * {@inheritDoc}
 	 */
diff --git a/src/test/java/org/owasp/esapi/configuration/EsapiPropertyManagerTest.java b/src/test/java/org/owasp/esapi/configuration/EsapiPropertyManagerTest.java
new file mode 100644
index 000000000..09096a424
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/configuration/EsapiPropertyManagerTest.java
@@ -0,0 +1,327 @@
+package org.owasp.esapi.configuration;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.configuration.consts.EsapiConfiguration;
+import org.owasp.esapi.errors.ConfigurationException;
+
+import java.io.File;
+import java.io.IOException;
+
+import static junit.framework.Assert.*;
+
+public class EsapiPropertyManagerTest {
+
+    private static String propFilename1;
+    private static String propFilename2;
+    private static String xmlFilename1;
+    private static String xmlFilename2;
+
+    private EsapiPropertyManager testPropertyManager;
+
+    @Before
+    public void init() {
+        System.setProperty(EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName(), "");
+        System.setProperty(EsapiConfiguration.OPSTEAM_ESAPI_CFG.getConfigName(), "");
+        propFilename1 = "src" + File.separator + "test" + File.separator + "resources" + File.separator +
+                "esapi" + File.separator + "ESAPI-test.properties";
+        propFilename2 = "src" + File.separator + "test" + File.separator + "resources" + File.separator +
+                "esapi" + File.separator + "ESAPI-test-2.properties";
+        xmlFilename1 = "src" + File.separator + "test" + File.separator + "resources" + File.separator +
+                "esapi" + File.separator + "ESAPI-test.xml";
+        xmlFilename2 = "src" + File.separator + "test" + File.separator + "resources" + File.separator +
+                "esapi" + File.separator + "ESAPI-test-2.xml";
+    }
+
+    @Test
+    public void testPropertyManagerInitialized() {
+        // given
+        System.setProperty(EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName(), propFilename1);
+        System.setProperty(EsapiConfiguration.OPSTEAM_ESAPI_CFG.getConfigName(), propFilename2);
+
+        // when
+         testPropertyManager = new EsapiPropertyManager();
+
+        // then
+        assertNotNull(testPropertyManager.loaders);
+        assertNotSame(0, testPropertyManager.loaders.size());
+    }
+
+    @Test
+    public void testStringPropFoundInLoader() {
+        // given
+        System.setProperty(EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName(), xmlFilename1);
+        String propertyKey = "string_property";
+        String expectedPropertyValue = "test_string_property";
+
+        // when
+        testPropertyManager = new EsapiPropertyManager();
+        String propertyValue = testPropertyManager.getStringProp(propertyKey);
+
+        // then
+        assertEquals(expectedPropertyValue, propertyValue);
+    }
+
+    @Test
+    public void testStringPropertyLoadedFromFileWithHigherPriority() {
+        // given
+        System.setProperty(EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName(), propFilename1);
+        System.setProperty(EsapiConfiguration.OPSTEAM_ESAPI_CFG.getConfigName(), xmlFilename2);
+
+        String propertyKey = "string_property";
+        String expectedValue = "test_string_property_2";
+
+        // when
+        testPropertyManager = new EsapiPropertyManager();
+        String propertyValue = testPropertyManager.getStringProp(propertyKey);
+
+        // then
+        assertEquals(expectedValue, propertyValue);
+    }
+
+    @Test
+    public void testStringPropertyLoadedFromPropFileWithHigherPriority() {
+        // given
+        System.setProperty(EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName(), propFilename1);
+        System.setProperty(EsapiConfiguration.OPSTEAM_ESAPI_CFG.getConfigName(), propFilename2);
+        String propertyKey = "string_property";
+        String expectedValue = "test_string_property_2";
+
+        // when
+        testPropertyManager = new EsapiPropertyManager();
+        String propertyValue = testPropertyManager.getStringProp(propertyKey);
+
+        // then
+        assertEquals(expectedValue, propertyValue);
+    }
+
+    @Test
+    public void testStringPropertyLoadedFromXmlFileWithHigherPriority() {
+        // given
+        System.setProperty(EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName(), xmlFilename1);
+        System.setProperty(EsapiConfiguration.OPSTEAM_ESAPI_CFG.getConfigName(), xmlFilename2);
+        String propertyKey = "string_property";
+        String expectedValue = "test_string_property_2";
+
+        // when
+        testPropertyManager = new EsapiPropertyManager();
+        String propertyValue = testPropertyManager.getStringProp(propertyKey);
+
+        // then
+        assertEquals(expectedValue, propertyValue);
+    }
+
+
+    @Test(expected = ConfigurationException.class)
+    public void testStringPropertyNotFoundByLoaderAndThrowException() {
+        // given
+        System.setProperty(EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName(), propFilename1);
+        String propertyKey = "non.existing.property";
+
+        // when
+        testPropertyManager = new EsapiPropertyManager();
+        testPropertyManager.getStringProp(propertyKey);
+
+        // then expect exception
+    }
+
+    @Test
+    public void testIntPropFoundInLoader() {
+        // given
+        System.setProperty(EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName(), xmlFilename1);
+        String propertyKey = "int_property";
+        int expectedPropertyValue = 5;
+
+        // when
+        testPropertyManager = new EsapiPropertyManager();
+        int propertyValue = testPropertyManager.getIntProp(propertyKey);
+
+        // then
+        assertEquals(expectedPropertyValue, propertyValue);
+    }
+
+    @Test
+    public void testIntPropertyLoadedFromFileWithHigherPriority() {
+        // given
+        System.setProperty(EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName(), propFilename1);
+        System.setProperty(EsapiConfiguration.OPSTEAM_ESAPI_CFG.getConfigName(), xmlFilename2);
+        String propertyKey = "int_property";
+        int expectedValue = 52;
+
+        // when
+        testPropertyManager = new EsapiPropertyManager();
+        int propertyValue = testPropertyManager.getIntProp(propertyKey);
+
+        // then
+        assertEquals(expectedValue, propertyValue);
+    }
+
+    @Test
+    public void testIntPropertyLoadedFromPropFileWithHigherPriority() {
+        // given
+        System.setProperty(EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName(), propFilename1);
+        System.setProperty(EsapiConfiguration.OPSTEAM_ESAPI_CFG.getConfigName(), propFilename2);
+        String propertyKey = "int_property";
+        int expectedValue = 52;    // value from ESAPI-test-2.properties file
+
+        // when
+        testPropertyManager = new EsapiPropertyManager();
+        int propertyValue = testPropertyManager.getIntProp(propertyKey);
+
+        // then
+        assertEquals(expectedValue, propertyValue);
+    }
+
+    @Test
+    public void testIntPropertyLoadedFromXmlFileWithHigherPriority() {
+        // given
+        System.setProperty(EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName(), xmlFilename1);
+        System.setProperty(EsapiConfiguration.OPSTEAM_ESAPI_CFG.getConfigName(), xmlFilename2);
+        String propertyKey = "int_property";
+        int expectedValue = 52;
+
+        // when
+        testPropertyManager = new EsapiPropertyManager();
+        int propertyValue = testPropertyManager.getIntProp(propertyKey);
+
+        // then
+        assertEquals(expectedValue, propertyValue);
+    }
+
+
+    @Test(expected = ConfigurationException.class)
+    public void testIntPropertyNotFoundByLoaderAndThrowException() {
+        // given
+        String propertyKey = "non.existing.property";
+
+        // when
+        testPropertyManager = new EsapiPropertyManager();
+        testPropertyManager.getIntProp(propertyKey);
+
+        // then expect exception
+    }
+
+    @Test
+    public void testBooleanPropFoundInLoader() {
+        // given
+        System.setProperty(EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName(), xmlFilename1);
+        String propertyKey = "boolean_property";
+        boolean expectedPropertyValue = true;
+
+        // when
+        testPropertyManager = new EsapiPropertyManager();
+        boolean propertyValue = testPropertyManager.getBooleanProp(propertyKey);
+
+        // then
+        assertEquals(expectedPropertyValue, propertyValue);
+    }
+
+    @Test(expected = ConfigurationException.class)
+    public void testBooleanPropertyNotFoundByLoaderAndThrowException() {
+        // given
+        String propertyKey = "non.existing.property";
+
+        // when
+        testPropertyManager = new EsapiPropertyManager();
+        testPropertyManager.getBooleanProp(propertyKey);
+
+        // then expect exception
+    }
+
+    @Test
+    public void testByteArrayPropFoundInLoader() {
+        // given
+        System.setProperty(EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName(), propFilename1);
+        String propertyKey = "string_property";
+        byte[] expectedValue = new byte[0];
+        try {
+            expectedValue = ESAPI.encoder().decodeFromBase64("test_string_property");
+        } catch (IOException e) {
+            fail(e.getMessage());
+        }
+
+        // when
+        testPropertyManager = new EsapiPropertyManager();
+        byte[] propertyValue = testPropertyManager.getByteArrayProp(propertyKey);
+
+        // then
+        assertEquals(expectedValue, propertyValue);
+    }
+
+    @Test
+    public void testByteArrayPropertyLoadedFromFileWithHigherPriority() {
+        // given
+        System.setProperty(EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName(), propFilename1);
+        System.setProperty(EsapiConfiguration.OPSTEAM_ESAPI_CFG.getConfigName(), xmlFilename2);
+        String propertyKey = "string_property";
+        byte[] expectedValue = new byte[0];
+        try {
+            expectedValue = ESAPI.encoder().decodeFromBase64("test_string_property_2");
+        } catch (IOException e) {
+            fail(e.getMessage());
+        }
+
+        // when
+        testPropertyManager = new EsapiPropertyManager();
+        byte[] propertyValue = testPropertyManager.getByteArrayProp(propertyKey);
+
+        // then
+        assertEquals(expectedValue, propertyValue);
+    }
+
+    @Test
+    public void testByteArrayPropertyLoadedFromPropFileWithHigherPriority() {
+        // given
+        System.setProperty(EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName(), propFilename1);
+        System.setProperty(EsapiConfiguration.OPSTEAM_ESAPI_CFG.getConfigName(), propFilename2);
+        String propertyKey = "string_property";
+        byte[] expectedValue = new byte[0];
+        try {
+            expectedValue = ESAPI.encoder().decodeFromBase64("test_string_property_2");
+        } catch (IOException e) {
+            fail(e.getMessage());
+        }
+
+        // when
+        testPropertyManager = new EsapiPropertyManager();
+        byte[] propertyValue = testPropertyManager.getByteArrayProp(propertyKey);
+
+        // then
+        assertEquals(expectedValue, propertyValue);
+    }
+
+    @Test
+    public void testByteArrayPropertyLoadedFromXmlFileWithHigherPriority() {
+        // given
+        System.setProperty(EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName(), xmlFilename1);
+        System.setProperty(EsapiConfiguration.OPSTEAM_ESAPI_CFG.getConfigName(), xmlFilename2);
+        String propertyKey = "string_property";
+        byte[] expectedValue = new byte[0];
+        try {
+            expectedValue = ESAPI.encoder().decodeFromBase64("test_string_property_2");
+        } catch (IOException e) {
+            fail(e.getMessage());
+        }
+
+        // when
+        testPropertyManager = new EsapiPropertyManager();
+        byte[] propertyValue = testPropertyManager.getByteArrayProp(propertyKey);
+
+        // then
+        assertEquals(expectedValue, propertyValue);
+    }
+
+    @Test(expected = ConfigurationException.class)
+    public void testByteArrayPropertyNotFoundByLoaderAndThrowException() {
+        // given
+        String propertyKey = "non.existing.property";
+
+        // when
+        testPropertyManager = new EsapiPropertyManager();
+        testPropertyManager.getByteArrayProp(propertyKey);
+
+        // then expect exception
+    }
+
+}
diff --git a/src/test/java/org/owasp/esapi/configuration/StandardEsapiPropertyLoaderTest.java b/src/test/java/org/owasp/esapi/configuration/StandardEsapiPropertyLoaderTest.java
new file mode 100644
index 000000000..cf0cffca9
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/configuration/StandardEsapiPropertyLoaderTest.java
@@ -0,0 +1,268 @@
+package org.owasp.esapi.configuration;
+
+
+import org.junit.Before;
+import org.junit.Test;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.configuration.consts.EsapiConfiguration;
+import org.owasp.esapi.errors.ConfigurationException;
+
+import java.io.File;
+import java.io.IOException;
+
+import static junit.framework.Assert.*;
+
+public class StandardEsapiPropertyLoaderTest {
+
+    private static String filename;
+    private static int priority;
+
+    private StandardEsapiPropertyLoader testPropertyLoader;
+
+    @Before
+    public void init() {
+        System.setProperty(EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName(), "");
+        System.setProperty(EsapiConfiguration.OPSTEAM_ESAPI_CFG.getConfigName(), "");
+        filename = "src" + File.separator + "test" + File.separator + "resources" + File.separator +
+                "esapi" + File.separator + "ESAPI-test.properties";
+        priority = 1;
+    }
+
+    @Test
+    public void testPropertiesLoaded() {
+        // when
+        testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        
+        // then
+        assertFalse(testPropertyLoader.properties.isEmpty());
+    }
+
+    @Test
+    public void testPriority() {
+        // given
+        int expectedValue = 1;
+
+        // when
+        testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        int value = testPropertyLoader.priority();
+
+        // then
+        assertEquals(expectedValue, value);
+    }
+
+    @Test
+    public void testLoadersAreEqual() {
+        // given
+        int expectedValue = 0;
+
+        // when
+        testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        StandardEsapiPropertyLoader otherPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        int value = testPropertyLoader.compareTo(otherPropertyLoader);
+
+        // then
+        assertEquals(expectedValue, value);
+    }
+
+    @Test
+    public void testCompareWithOtherLoaderWithHigherPriority() {
+        // given
+        int expectedValue = -1;
+        int higherPriority = 2;
+
+        // when
+        testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        StandardEsapiPropertyLoader otherPropertyLoader = new StandardEsapiPropertyLoader(filename, higherPriority);
+        int value = testPropertyLoader.compareTo(otherPropertyLoader);
+
+        // then
+        assertEquals(expectedValue, value);
+    }
+
+    @Test
+    public void testCompareWithOtherLoaderWithLowerPriority() {
+        // given
+        int expectedValue = 1;
+        int lowerPriority = 0;
+
+        // when
+        testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        StandardEsapiPropertyLoader otherPropertyLoader = new StandardEsapiPropertyLoader(filename, lowerPriority);
+        int value = testPropertyLoader.compareTo(otherPropertyLoader);
+
+        // then
+        assertEquals(expectedValue, value);
+    }
+
+    @Test
+    public void testGetIntProp() {
+        // given
+        String propertyKey = "int_property";
+        
+        // when
+        testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        int propertyValue = testPropertyLoader.getIntProp(propertyKey);
+
+        // then
+        assertEquals(5, propertyValue);
+    }
+
+    @Test(expected = ConfigurationException.class)
+    public void testIntPropertyNotFound() throws ConfigurationException {
+        // given
+        String propertyKey = "non-existing-key";
+        
+        // when
+        testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        testPropertyLoader.getIntProp(propertyKey);
+
+        // then expect exception
+    }
+
+    @Test(expected = ConfigurationException.class)
+    public void testIncorrectIntPropertyType() {
+        // given
+        String key = "invalid_int_property";
+
+        // when
+        testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        testPropertyLoader.getIntProp(key);
+
+        // then expect exception
+    }
+
+    @Test
+    public void testGetStringProp() {
+        // given
+        String propertyKey = "string_property";
+        String expectedValue = "test_string_property";
+        
+        // when
+        testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        String propertyValue = testPropertyLoader.getStringProp(propertyKey);
+        
+        // then
+        assertEquals(expectedValue, propertyValue);
+    }
+
+    @Test(expected = ConfigurationException.class)
+    public void testStringPropertyNotFound() throws ConfigurationException {
+        // given
+        String propertyKey = "non-existing-key";
+        
+        // when
+        testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        testPropertyLoader.getStringProp(propertyKey);
+
+        // then expect exception
+    }
+
+    @Test
+    public void testGetBooleanProp() {
+        // given
+        String filename = "src" + File.separator + "test" + File.separator + "resources" + File.separator +
+                "esapi" + File.separator + "ESAPI-test.properties";
+        int priority = 1;
+        String propertyKey = "boolean_property";
+        boolean expectedValue = true;
+        
+        // when
+        testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        boolean value = testPropertyLoader.getBooleanProp(propertyKey);
+        
+        // then
+        assertEquals(expectedValue, value);
+    }
+
+    @Test
+    public void testGetBooleanYesProperty() {
+        // given
+        String key = "boolean_yes_property";
+        boolean expectedValue = true;
+
+        // when
+        testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        boolean value = testPropertyLoader.getBooleanProp(key);
+
+        // then
+        assertEquals(expectedValue, value);
+    }
+
+    @Test
+    public void testGetBooleanNoProperty() {
+        // given
+        String key = "boolean_no_property";
+        boolean expectedValue = false;
+
+        // when
+        testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        boolean value = testPropertyLoader.getBooleanProp(key);
+
+        // then
+        assertEquals(expectedValue, value);
+    }
+
+    @Test(expected = ConfigurationException.class)
+    public void testBooleanPropertyNotFound() throws ConfigurationException {
+        // given
+        String filename = "src" + File.separator + "test" + File.separator + "src/main/resources" + File.separator +
+                "esapi" + File.separator + "ESAPI-test.properties";        int priority = 1;
+        String propertyKey = "non-existing-key";
+        
+        // when
+        testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        testPropertyLoader.getBooleanProp(propertyKey);
+
+        // then expect exception
+    }
+
+    @Test(expected = ConfigurationException.class)
+    public void testIncorrectBooleanPropertyType() throws ConfigurationException {
+        // given
+        String key = "invalid_boolean_property";
+
+        // when
+        testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        testPropertyLoader.getBooleanProp(key);
+
+        // then expect exception
+    }
+
+    @Test
+    public void testGetByteArrayProp() {
+        // given
+        String filename = "src" + File.separator + "test" + File.separator + "resources" + File.separator +
+                "esapi" + File.separator + "ESAPI-test.properties";
+        int priority = 1;
+        String propertyKey = "string_property";
+        
+        byte[] expectedValue = new byte[0];
+        try {
+            expectedValue = ESAPI.encoder().decodeFromBase64("test_string_property");
+        } catch (IOException e) {
+            fail(e.getMessage());
+        }
+        
+        // when
+        testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        byte[] value = testPropertyLoader.getByteArrayProp(propertyKey);
+        
+        // then
+        assertEquals(expectedValue, value);
+    }
+
+    @Test(expected = ConfigurationException.class)
+    public void testByteArrayPropertyNotFound() throws ConfigurationException {
+        // given
+        String filename = "src" + File.separator + "test" + File.separator + "src/main/resources" + File.separator +
+                "esapi" + File.separator + "ESAPI-test.properties";        int priority = 1;
+        String propertyKey = "non-existing-key";
+        
+        // when
+        testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        testPropertyLoader.getByteArrayProp(propertyKey);
+
+        // then expect exception
+    }
+
+}
diff --git a/src/test/java/org/owasp/esapi/configuration/XmlEsapiPropertyLoaderTest.java b/src/test/java/org/owasp/esapi/configuration/XmlEsapiPropertyLoaderTest.java
new file mode 100644
index 000000000..9a60f182b
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/configuration/XmlEsapiPropertyLoaderTest.java
@@ -0,0 +1,269 @@
+package org.owasp.esapi.configuration;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.configuration.consts.EsapiConfiguration;
+import org.owasp.esapi.errors.ConfigurationException;
+
+import java.io.File;
+import java.io.IOException;
+
+import static junit.framework.Assert.*;
+
+public class XmlEsapiPropertyLoaderTest {
+
+    private static String filename;
+    private static int priority;
+
+    private XmlEsapiPropertyLoader testPropertyLoader;
+
+    @Before
+    public void init() {
+        System.setProperty(EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName(), "");
+        System.setProperty(EsapiConfiguration.OPSTEAM_ESAPI_CFG.getConfigName(), "");
+        filename = "src" + File.separator + "test" + File.separator + "resources" + File.separator +
+                "esapi" + File.separator + "ESAPI-test.xml";
+        priority = 1;
+    }
+
+    @Test
+    public void testPropertiesLoaded() {
+        // when
+        testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+
+        // then
+        assertFalse(testPropertyLoader.properties.isEmpty());
+    }
+
+    @Test(expected = ConfigurationException.class)
+    public void testInvalidPropertyFile() {
+        // given
+        String invalidFilename = "src" + File.separator + "test" + File.separator + "resources" + File.separator +
+                "esapi" + File.separator + "ESAPI-test-invalid-content.xml";
+
+        // when
+        testPropertyLoader = new XmlEsapiPropertyLoader(invalidFilename, priority);
+
+        // then expect exception
+    }
+
+    @Test
+    public void testPriority() {
+        // given
+        int expectedValue = 1;
+
+        // when
+        testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+        int value = testPropertyLoader.priority();
+
+        // then
+        assertEquals(expectedValue, value);
+    }
+
+    @Test
+    public void testLoadersAreEqual() {
+        // given
+        int expectedValue = 0;
+
+        // when
+        testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+        StandardEsapiPropertyLoader otherPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        int value = testPropertyLoader.compareTo(otherPropertyLoader);
+
+        // then
+        assertEquals(expectedValue, value);
+    }
+
+    @Test
+    public void testCompareWithOtherLoaderWithHigherPriority() {
+        // given
+        int expectedValue = -1;
+        int higherPriority = 2;
+
+        // when
+        testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+        StandardEsapiPropertyLoader otherPropertyLoader = new StandardEsapiPropertyLoader(filename, higherPriority);
+        int value = testPropertyLoader.compareTo(otherPropertyLoader);
+
+        // then
+        assertEquals(expectedValue, value);
+    }
+
+    @Test
+    public void testCompareWithOtherLoaderWithLowerPriority() {
+        // given
+        int expectedValue = 1;
+        int lowerPriority = 0;
+
+        // when
+        testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+        StandardEsapiPropertyLoader otherPropertyLoader = new StandardEsapiPropertyLoader(filename, lowerPriority);
+        int value = testPropertyLoader.compareTo(otherPropertyLoader);
+
+        // then
+        assertEquals(expectedValue, value);
+    }
+
+    @Test
+    public void testGetIntProp() {
+        // given
+        String key = "int_property";
+        int expectedValue = 5;
+
+        // when
+        testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+        int value = testPropertyLoader.getIntProp(key);
+
+        // then
+        assertEquals(expectedValue, value);
+    }
+
+    @Test(expected = ConfigurationException.class)
+    public void testIntPropertyNotFound() throws ConfigurationException {
+        // given
+        String key = "non-existing-key";
+
+        // when
+        testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+        testPropertyLoader.getIntProp(key);
+
+        // then expect exception
+    }
+
+    @Test(expected = ConfigurationException.class)
+    public void testIncorrectIntPropertyType() {
+        // given
+        String key = "invalid_int_property";
+
+        // when
+        testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+        testPropertyLoader.getIntProp(key);
+
+        // then expect exception
+    }
+
+    @Test
+    public void testGetStringProp() {
+        // given
+        String key = "string_property";
+        String expectedValue = "test_string_property";
+
+        // when
+        testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+        String value = testPropertyLoader.getStringProp(key);
+
+        // then
+        assertEquals(expectedValue, value);
+    }
+
+    @Test(expected = ConfigurationException.class)
+    public void testStringPropertyNotFound() throws ConfigurationException {
+        // given
+        String key = "non-existing-key";
+
+        // when
+        testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+        testPropertyLoader.getStringProp(key);
+
+        // then expect exception
+    }
+
+    @Test
+    public void testGetBooleanProp() {
+        // given
+        String key = "boolean_property";
+        boolean expectedValue = true;
+
+        // when
+        testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+        boolean value = testPropertyLoader.getBooleanProp(key);
+
+        // then
+        assertEquals(expectedValue, value);
+    }
+
+    @Test
+    public void testGetBooleanYesProperty() {
+        // given
+        String key = "boolean_yes_property";
+        boolean expectedValue = true;
+
+        // when
+        testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+        boolean value = testPropertyLoader.getBooleanProp(key);
+
+        // then
+        assertEquals(expectedValue, value);
+    }
+
+    @Test
+    public void testGetBooleanNoProperty() {
+        // given
+        String key = "boolean_no_property";
+        boolean expectedValue = false;
+
+        // when
+        testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+        boolean value = testPropertyLoader.getBooleanProp(key);
+
+        // then
+        assertEquals(expectedValue, value);
+    }
+
+    @Test(expected = ConfigurationException.class)
+    public void testBooleanPropertyNotFound() throws ConfigurationException {
+        // given
+        String key = "non-existing-key";
+
+        // when
+        testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+        testPropertyLoader.getBooleanProp(key);
+
+        // then expect exception
+    }
+
+    @Test(expected = ConfigurationException.class)
+    public void testIncorrectBooleanPropertyType() throws ConfigurationException {
+        // given
+        String key = "invalid_boolean_property";
+
+        // when
+        testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+        testPropertyLoader.getBooleanProp(key);
+
+        // then expect exception
+    }
+
+    @Test
+    public void testGetByteArrayProp() {
+        // given
+        String key = "string_property";
+        byte[] expectedValue = new byte[0];
+        try {
+            expectedValue = ESAPI.encoder().decodeFromBase64("test_string_property");
+        } catch (IOException e) {
+            fail(e.getMessage());
+        }
+
+        // when
+        testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+        byte[] value = testPropertyLoader.getByteArrayProp(key);
+
+        // then
+        assertEquals(expectedValue, value);
+    }
+
+    @Test(expected = ConfigurationException.class)
+    public void testByteArrayPropertyNotFound() throws ConfigurationException {
+        // given
+        String key = "non-existing-key";
+
+        // when
+        testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+        testPropertyLoader.getByteArrayProp(key);
+
+        // then expect exception
+    }
+
+}
diff --git a/src/test/java/org/owasp/esapi/reference/HTTPUtilitiesTest.java b/src/test/java/org/owasp/esapi/reference/HTTPUtilitiesTest.java
index 2c89a8e10..d86f98ba4 100644
--- a/src/test/java/org/owasp/esapi/reference/HTTPUtilitiesTest.java
+++ b/src/test/java/org/owasp/esapi/reference/HTTPUtilitiesTest.java
@@ -18,19 +18,10 @@
 import junit.framework.Test;
 import junit.framework.TestCase;
 import junit.framework.TestSuite;
-import org.owasp.esapi.Authenticator;
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.EncoderConstants;
-import org.owasp.esapi.HTTPUtilities;
-import org.owasp.esapi.User;
+import org.owasp.esapi.*;
 import org.owasp.esapi.codecs.Hex;
 import org.owasp.esapi.crypto.CipherText;
-import org.owasp.esapi.crypto.PlainText;
-import org.owasp.esapi.errors.AccessControlException;
-import org.owasp.esapi.errors.AuthenticationException;
-import org.owasp.esapi.errors.EncryptionException;
-import org.owasp.esapi.errors.EnterpriseSecurityException;
-import org.owasp.esapi.errors.ValidationException;
+import org.owasp.esapi.errors.*;
 import org.owasp.esapi.http.MockHttpServletRequest;
 import org.owasp.esapi.http.MockHttpServletResponse;
 import org.owasp.esapi.http.MockHttpSession;
@@ -506,3 +497,4 @@ public void testGetRequestAttribute() throws Exception {
 		assertEquals( test2, 43f );
 	}
 }
+
diff --git a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
index 8ac1e26b9..1c3916a41 100644
--- a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
+++ b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
@@ -15,20 +15,9 @@
  */
 package org.owasp.esapi.reference;
 
-import java.io.BufferedReader;
-import java.io.ByteArrayInputStream;
-import java.io.File;
-import java.io.IOException;
-import java.io.InputStreamReader;
-import java.io.UnsupportedEncodingException;
-import java.text.DateFormat;
-import java.text.SimpleDateFormat;
-import java.util.*;
-
 import junit.framework.Test;
 import junit.framework.TestCase;
 import junit.framework.TestSuite;
-
 import org.owasp.esapi.*;
 import org.owasp.esapi.errors.ValidationException;
 import org.owasp.esapi.filters.SecurityWrapperRequest;
@@ -38,7 +27,10 @@
 import org.owasp.esapi.reference.validation.StringValidationRule;
 
 import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
+import java.io.*;
+import java.text.DateFormat;
+import java.text.SimpleDateFormat;
+import java.util.*;
 
 /**
  * The Class ValidatorTest.
@@ -1148,3 +1140,4 @@ public void testGetContextPath() {
         assertFalse(ESAPI.validator().isValidInput("HTTPContextPath", "/\\nGET http://evil.com", "HTTPContextPath", 512, true));
     }
 }
+
diff --git a/src/test/resources/ESAPI-properties.xsd b/src/test/resources/ESAPI-properties.xsd
new file mode 100644
index 000000000..523d3a124
--- /dev/null
+++ b/src/test/resources/ESAPI-properties.xsd
@@ -0,0 +1,17 @@
+<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+    <xs:element name="properties">
+        <xs:complexType>
+            <xs:sequence>
+                <xs:element name="property" maxOccurs="unbounded" minOccurs="0">
+                    <xs:complexType>
+                        <xs:simpleContent>
+                            <xs:extension base="xs:string">
+                                <xs:attribute type="xs:string" name="name" use="optional"/>
+                            </xs:extension>
+                        </xs:simpleContent>
+                    </xs:complexType>
+                </xs:element>
+            </xs:sequence>
+        </xs:complexType>
+    </xs:element>
+</xs:schema>
\ No newline at end of file
diff --git a/src/test/resources/esapi/ESAPI-test-2.properties b/src/test/resources/esapi/ESAPI-test-2.properties
new file mode 100644
index 000000000..fb2e582b6
--- /dev/null
+++ b/src/test/resources/esapi/ESAPI-test-2.properties
@@ -0,0 +1,5 @@
+# Random properties for test purpose - all property keys could be found in ESAPI-test.properties but with
+# different values. Used for test property files priorities.
+string_property=test_string_property_2
+int_property=52
+boolean_property=false
diff --git a/src/test/resources/esapi/ESAPI-test-2.xml b/src/test/resources/esapi/ESAPI-test-2.xml
new file mode 100644
index 000000000..bec5597a4
--- /dev/null
+++ b/src/test/resources/esapi/ESAPI-test-2.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<properties>
+    <property name="string_property">test_string_property_2</property>
+    <property name="int_property">52</property>
+    <property name="boolean_property">false</property>
+</properties>
\ No newline at end of file
diff --git a/src/test/resources/esapi/ESAPI-test-invalid-content.xml b/src/test/resources/esapi/ESAPI-test-invalid-content.xml
new file mode 100644
index 000000000..d6dc1f74b
--- /dev/null
+++ b/src/test/resources/esapi/ESAPI-test-invalid-content.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<properties>
+    <property name="string_property">test_string_property</property>
+    <property name="int_property">5</property>
+    <property name="boolean_property">true</property>
+    <invalid name="invalid_property">invalid</invalid>
+</properties>
\ No newline at end of file
diff --git a/src/test/resources/esapi/ESAPI-test.properties b/src/test/resources/esapi/ESAPI-test.properties
new file mode 100644
index 000000000..72dd9e50a
--- /dev/null
+++ b/src/test/resources/esapi/ESAPI-test.properties
@@ -0,0 +1,8 @@
+# random properties for test purpose
+string_property=test_string_property
+int_property=5
+invalid_int_property=invalid int
+boolean_property=true
+boolean_yes_property=yes
+boolean_no_property=no
+invalid_boolean_property=invalid boolean
\ No newline at end of file
diff --git a/src/test/resources/esapi/ESAPI-test.xml b/src/test/resources/esapi/ESAPI-test.xml
new file mode 100644
index 000000000..097f87eaf
--- /dev/null
+++ b/src/test/resources/esapi/ESAPI-test.xml
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<properties>
+    <property name="string_property">test_string_property</property>
+    <property name="int_property">5</property>
+    <property name="invalid_int_property">invalid int</property>
+    <property name="boolean_property">true</property>
+    <property name="boolean_yes_property">yes</property>
+    <property name="boolean_no_property">no</property>
+    <property name="invalid_boolean_property">invalid boolean</property>
+</properties>
\ No newline at end of file

From 6de54c2c88a9bf857dc967e08bdfdbf6a7ebc712 Mon Sep 17 00:00:00 2001
From: "Kevin W. Wall" <kevin.w.wall@gmail.com>
Date: Thu, 7 Jan 2016 22:37:36 -0500
Subject: [PATCH 062/812] updated how to create issues for
 ESAPI/esapi-java/legacy

No one appears to be using JIRA, so until / unless the Atlassian JIRA instance is automatically synchronized with the GitHub issues (which is apparently possible; any volunteers?), I'm striking out the instructions to use if for bug tracking and enhancement requests.
---
 README.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index e4c8a3e3b..96ce300c8 100644
--- a/README.md
+++ b/README.md
@@ -27,7 +27,8 @@ Wiki: https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API
 
 Nightly Build: https://esapi.ci.cloudbees.com
 
-JIRA: https://owasp-esapi.atlassian.net/browse/ESAPILEG
+~~JIRA: https://owasp-esapi.atlassian.net/browse/ESAPILEG~~<br />Issues: Until further notice, use the GitHub issues for reporting bugs and enhancement requests.
+
 
 Documentation: https://owasp-esapi.atlassian.net/wiki/display/ESAPILEG/ESAPI+Legacy (Coming Soon)
 

From 00cd34b8c87018d44f898d20f3608caeb7dc184d Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Thu, 7 Jan 2016 22:56:27 -0500
Subject: [PATCH 063/812] Fix #354.

---
 .../java/org/owasp/esapi/codecs/Base64.java   | 23 +++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/codecs/Base64.java b/src/main/java/org/owasp/esapi/codecs/Base64.java
index 3f2d384da..e470ac6e8 100644
--- a/src/main/java/org/owasp/esapi/codecs/Base64.java
+++ b/src/main/java/org/owasp/esapi/codecs/Base64.java
@@ -12,7 +12,8 @@
 
 /**
  * <p>Encodes and decodes to and from Base64 notation.</p>
- * <p>Homepage: <a href="http://iharder.net/base64">http://iharder.net/base64</a>.</p>
+ * <p>Homepage: <a href="http://iharder.net/base64">http://iharder.net/base64</a>
+ * (based on version 2.2.2).</p>
  *
  * <p>The <tt>options</tt> parameter, which appears in a few places, is used to pass 
  * several pieces of information to the encoder. In the "higher level" methods such as 
@@ -30,7 +31,7 @@
  *
  *
  * <p>
- * Change Log:
+ * Original change Log:
  * </p>
  * <ul>
  *  <li>v2.2.2 - Fixed encodeFileToFile and decodeFileToFile to use the
@@ -1085,10 +1086,28 @@ public static byte[] decode( String s, int options )
      * Attempts to decode Base64 data and deserialize a Java
      * Object within. Returns <tt>null</tt> if there was an error.
      *
+     * <p>
+     * <b>WARNING:</b> Using this method to decode non-validated /
+     *      untrusted data from a string and deserialize it into
+     *      an object can potentially result in remote command
+     *      injection vulnerabilities. Use at your own risk!
+     * </p>
+     *
      * @param encodedObject The Base64 data to decode
      * @return The decoded and deserialized object
      * @since 1.5
+     *
+     * @deprecated  Because of security issues, this method will be
+     *      removed from ESAPI in a future release and no substitute
+     *      is planned. Because as of JDK 8 (in 1Q2016) there is
+     *      currently no way to restrict which objects
+     *      <code>ObjectInputStream.readObject()</code>
+     *      may safely deserialize in the general case. Oracle
+     *      may decide to address this deficiency in a future Java
+     *      release, but until they do, there is no <i>simple</i> way for
+     *      a general class library like ESAPI to address this.
      */
+    @Deprecated
     public static Object decodeToObject( String encodedObject )
     {
         // Decode and gunzip if necessary

From 426ea65acaecf286665428cf931b41421f4a062b Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Thu, 7 Jan 2016 23:03:58 -0500
Subject: [PATCH 064/812] Fix #351 as suggested by xeno6696. This really should
 probably be a tunable property in the ESAPI.properties file, but saving that
 for a different day.

---
 .../java/org/owasp/esapi/filters/SecurityWrapperRequest.java   | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/main/java/org/owasp/esapi/filters/SecurityWrapperRequest.java b/src/main/java/org/owasp/esapi/filters/SecurityWrapperRequest.java
index 2777e4253..acf5375a2 100644
--- a/src/main/java/org/owasp/esapi/filters/SecurityWrapperRequest.java
+++ b/src/main/java/org/owasp/esapi/filters/SecurityWrapperRequest.java
@@ -192,7 +192,8 @@ public String getHeader(String name) {
         String value = getHttpServletRequest().getHeader(name);
         String clean = "";
         try {
-            clean = ESAPI.validator().getValidInput("HTTP header value: " + value, value, "HTTPHeaderValue", 150, true);
+            clean = ESAPI.validator().getValidInput("HTTP header value: " +
+            value, value, "HTTPHeaderValue", 200, true);
         } catch (ValidationException e) {
             // already logged
         }

From 068cecb6a05edefe7d4c940303f26b0057fe98ee Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Thu, 7 Jan 2016 23:09:42 -0500
Subject: [PATCH 065/812] Fix #341 as per xeno6696 patch.

---
 src/main/assembly/dist.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/main/assembly/dist.xml b/src/main/assembly/dist.xml
index b192b906f..3b2ee8e57 100644
--- a/src/main/assembly/dist.xml
+++ b/src/main/assembly/dist.xml
@@ -37,7 +37,7 @@
             <directory>configuration</directory>
             <outputDirectory>configuration</outputDirectory>
             <includes>
-                <include>.esapi/**/*</include>
+                <include>esapi/**/*</include>
                 <include>log4j.dtd</include>
                 <include>log4j.xml</include>
                 <include>properties/**/*</include>
@@ -52,4 +52,4 @@
             <useProjectArtifact>false</useProjectArtifact>
         </dependencySet>
     </dependencySets>
-</assembly>
\ No newline at end of file
+</assembly>

From 2f65182d3c7e46e5912514899e539c130a674075 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Thu, 7 Jan 2016 23:30:48 -0500
Subject: [PATCH 066/812] Sort of fixed #330. Changed allowed HTTP name name
 length from 20 to 50.

---
 .../java/org/owasp/esapi/filters/SecurityWrapperResponse.java   | 2 +-
 .../java/org/owasp/esapi/reference/DefaultHTTPUtilities.java    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java b/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java
index efc001372..71a9e7080 100644
--- a/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java
+++ b/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java
@@ -444,7 +444,7 @@ public void setHeader(String name, String value) {
         try {
             String strippedName = StringUtilities.stripControls(name);
             String strippedValue = StringUtilities.stripControls(value);
-            String safeName = ESAPI.validator().getValidInput("setHeader", strippedName, "HTTPHeaderName", 20, false);
+            String safeName = ESAPI.validator().getValidInput("setHeader", strippedName, "HTTPHeaderName", 50, false);
             String safeValue = ESAPI.validator().getValidInput("setHeader", strippedValue, "HTTPHeaderValue", ESAPI.securityConfiguration().getMaxHttpHeaderSize(), false);
             getHttpServletResponse().setHeader(safeName, safeValue);
         } catch (ValidationException e) {
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java b/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java
index b68c613bc..afad650cd 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java
@@ -871,7 +871,7 @@ public void setHeader(HttpServletResponse response, String name, String value) {
         try {
             String strippedName = StringUtilities.replaceLinearWhiteSpace(name);
             String strippedValue = StringUtilities.replaceLinearWhiteSpace(value);
-            String safeName = ESAPI.validator().getValidInput("setHeader", strippedName, "HTTPHeaderName", 20, false);
+            String safeName = ESAPI.validator().getValidInput("setHeader", strippedName, "HTTPHeaderName", 50, false);
             String safeValue = ESAPI.validator().getValidInput("setHeader", strippedValue, "HTTPHeaderValue", 500, false);
             response.setHeader(safeName, safeValue);
         } catch (ValidationException e) {

From 165a00d8ece0f5ebcaf8aa913981fd0dddc16f72 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Fri, 8 Jan 2016 02:35:47 -0500
Subject: [PATCH 067/812] Upgrade log4j from 1.2.16 6o 1.2.17. Upgrade Apache
 Commons Collection from 3.2.1 to 3.2.2 to pick up patch for COLLECTIONS-580
 issue.

---
 pom.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index 79f870d2f..dea265185 100644
--- a/pom.xml
+++ b/pom.xml
@@ -162,13 +162,13 @@
         <dependency>
             <groupId>commons-collections</groupId>
             <artifactId>commons-collections</artifactId>
-            <version>3.2.1</version>
+            <version>3.2.2</version>
             <scope>compile</scope>
         </dependency>
         <dependency>
             <groupId>log4j</groupId>
             <artifactId>log4j</artifactId>
-            <version>1.2.16</version>
+            <version>1.2.17</version>
             <scope>compile</scope>
             <type>jar</type>
         </dependency>

From b108050e5dca3552d2d78db0958ecdfa9da5f285 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Fri, 8 Jan 2016 03:07:04 -0500
Subject: [PATCH 068/812] Changed regex for Validation.HTTPHeaderName to allow
 50 char header name for fix #351.

---
 configuration/esapi/ESAPI.properties      | 5 +++--
 src/test/resources/esapi/ESAPI.properties | 5 +++--
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/configuration/esapi/ESAPI.properties b/configuration/esapi/ESAPI.properties
index 35c9d0870..6511f0e15 100644
--- a/configuration/esapi/ESAPI.properties
+++ b/configuration/esapi/ESAPI.properties
@@ -440,7 +440,8 @@ Validator.HTTPParameterName=^[a-zA-Z0-9_]{1,32}$
 Validator.HTTPParameterValue=^[a-zA-Z0-9.\\-\\/+=@_ ]*$
 Validator.HTTPCookieName=^[a-zA-Z0-9\\-_]{1,32}$
 Validator.HTTPCookieValue=^[a-zA-Z0-9\\-\\/+=_ ]*$
-Validator.HTTPHeaderName=^[a-zA-Z0-9\\-_]{1,32}$
+# Note that max header name capped at 150 in SecurityRequestWrapper!
+Validator.HTTPHeaderName=^[a-zA-Z0-9\\-_]{1,50}$
 Validator.HTTPHeaderValue=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$
 Validator.HTTPContextPath=^\\/?[a-zA-Z0-9.\\-\\/_]*$
 Validator.HTTPServletPath=^[a-zA-Z0-9.\\-\\/_]*$
@@ -456,4 +457,4 @@ Validator.DirectoryName=^[a-zA-Z0-9:/\\\\!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
 
 # Validation of dates. Controls whether or not 'lenient' dates are accepted.
 # See DataFormat.setLenient(boolean flag) for further details.
-Validator.AcceptLenientDates=false
\ No newline at end of file
+Validator.AcceptLenientDates=false
diff --git a/src/test/resources/esapi/ESAPI.properties b/src/test/resources/esapi/ESAPI.properties
index 1435b7c6d..a33b532fa 100644
--- a/src/test/resources/esapi/ESAPI.properties
+++ b/src/test/resources/esapi/ESAPI.properties
@@ -440,7 +440,8 @@ Validator.HTTPScheme=^(http|https)$
 Validator.HTTPServerName=^[a-zA-Z0-9_.\\-]*$
 Validator.HTTPCookieName=^[a-zA-Z0-9\\-_]{1,32}$
 Validator.HTTPCookieValue=^[a-zA-Z0-9\\-\\/+=_ ]*$
-Validator.HTTPHeaderName=^[a-zA-Z0-9\\-_]{1,32}$
+# Note that max header name capped at 150 in SecurityRequestWrapper!
+Validator.HTTPHeaderName=^[a-zA-Z0-9\\-_]{1,50}$
 Validator.HTTPHeaderValue=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$
 Validator.HTTPServletPath=^[a-zA-Z0-9.\\-\\/_]*$
 Validator.HTTPPath=^[a-zA-Z0-9.\\-_]*$
@@ -462,4 +463,4 @@ Validator.DirectoryName=^[a-zA-Z0-9:/\\\\!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
 
 # Validation of dates. Controls whether or not 'lenient' dates are accepted.
 # See DataFormat.setLenient(boolean flag) for further details.
-Validator.AcceptLenientDates=false
\ No newline at end of file
+Validator.AcceptLenientDates=false

From f2dd5d7050034a8c1b7c6f76dbf5ad2edf8daa1c Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Fri, 8 Jan 2016 03:19:49 -0500
Subject: [PATCH 069/812] Fix #330. Fix #351.

---
 .../esapi/filters/SecurityWrapperRequest.java     | 15 ++++++++++++---
 .../org/owasp/esapi/reference/ValidatorTest.java  | 14 +++++++++-----
 2 files changed, 21 insertions(+), 8 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/filters/SecurityWrapperRequest.java b/src/main/java/org/owasp/esapi/filters/SecurityWrapperRequest.java
index acf5375a2..f9b3a7cf0 100644
--- a/src/main/java/org/owasp/esapi/filters/SecurityWrapperRequest.java
+++ b/src/main/java/org/owasp/esapi/filters/SecurityWrapperRequest.java
@@ -38,6 +38,12 @@
 import org.owasp.esapi.errors.ValidationException;
 import org.owasp.esapi.errors.AccessControlException;
 
+// TODO: Parameterize these various lengths in calls to ESAPI.validator().getValidInput()
+// so that they can be placed in ESAPI.properties file (or other property file,
+// such as Validator.properties) rather than being hard-coded. This is desirable
+// because many of the values are well less than the commonly accepted maximum
+// values.
+
 /**
  * This request wrapper simply overrides unsafe methods in the
  * HttpServletRequest API with safe versions that return canonicalized data
@@ -157,9 +163,13 @@ public Cookie[] getCookies() {
                 n.setMaxAge(maxAge);
 
                 if (domain != null) {
+                    // kww TODO: HTTPHeaderValue seems way too liberal of a regex for cookie domain
+                    // as it allows invalid characters for a domain name. Maybe create a new custom
+                    // HTTPCookieDomain regex???
                     n.setDomain(ESAPI.validator().getValidInput("Cookie domain: " + domain, domain, "HTTPHeaderValue", 200, false));
                 }
                 if (path != null) {
+                    // kww TODO: OPEN ISSUE: Would not HTTPServletPath make more sense here???
                     n.setPath(ESAPI.validator().getValidInput("Cookie path: " + path, path, "HTTPHeaderValue", 200, false));
                 }
                 newCookies.add(n);
@@ -192,8 +202,7 @@ public String getHeader(String name) {
         String value = getHttpServletRequest().getHeader(name);
         String clean = "";
         try {
-            clean = ESAPI.validator().getValidInput("HTTP header value: " +
-            value, value, "HTTPHeaderValue", 200, true);
+            clean = ESAPI.validator().getValidInput("HTTP header value: " + value, value, "HTTPHeaderValue", 200, true);
         } catch (ValidationException e) {
             // already logged
         }
@@ -233,7 +242,7 @@ public Enumeration getHeaders(String name) {
         while (en.hasMoreElements()) {
             try {
                 String value = (String) en.nextElement();
-                String clean = ESAPI.validator().getValidInput("HTTP header value (" + name + "): " + value, value, "HTTPHeaderValue", 150, true);
+                String clean = ESAPI.validator().getValidInput("HTTP header value (" + name + "): " + value, value, "HTTPHeaderValue", 200, true);
                 v.add(clean);
             } catch (ValidationException e) {
                 // already logged
diff --git a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
index 1c3916a41..8c37835d9 100644
--- a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
+++ b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
@@ -1078,8 +1078,8 @@ public void testGetHeader() {
         SecurityWrapperRequest safeRequest = new SecurityWrapperRequest(request);
         request.addHeader("p1", "login");
         request.addHeader("f1", "<A HREF=\"http://0x42.0x0000066.0x7.0x93/\">XSS</A>");
-        request.addHeader("p2", generateStringOfLength(150));
-        request.addHeader("f2", generateStringOfLength(151));
+        request.addHeader("p2", generateStringOfLength(200));   // Upper limit increased from 150 -> 200, GitHub issue #351
+        request.addHeader("f2", generateStringOfLength(201));
         assertEquals(safeRequest.getHeader("p1"), request.getHeader("p1"));
         assertEquals(safeRequest.getHeader("p2"), request.getHeader("p2"));
         assertFalse(safeRequest.getHeader("f1").equals(request.getHeader("f1")));
@@ -1093,8 +1093,11 @@ public void testGetHeaderNames() {
         SecurityWrapperRequest safeRequest = new SecurityWrapperRequest(request);
         request.addHeader("d-49653-p", "pass");
         request.addHeader("<img ", "fail");
-        request.addHeader(generateStringOfLength(32), "pass");
-        request.addHeader(generateStringOfLength(33), "fail");
+            // Note: Max length in ESAPI.properties as per
+            // Validator.HTTPHeaderName regex is 50, but upper
+            // bound of 150 imposed by SecurityRequestWrapper.
+        request.addHeader(generateStringOfLength(50), "pass");
+        request.addHeader(generateStringOfLength(51), "fail");
         assertEquals(Collections.list(safeRequest.getHeaderNames()).size(), 2);
     }
 
@@ -1124,7 +1127,8 @@ public void testGetRequestURI() {
     }
 
     private String generateStringOfLength(int length) {
-        StringBuilder longString = new StringBuilder();
+        assert length >= 0 : "length must be >= 0";
+        StringBuilder longString = new StringBuilder(length);
         for (int i = 0; i < length; i++) {
             longString.append("a");
         }

From 02aa0c7e49b5cb8171e0df2a0636a25fea9050a1 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Wed, 13 Jan 2016 02:00:01 -0500
Subject: [PATCH 070/812] Comments to help w/ Unicode regex matching as
 mentioned in issue #334.

---
 configuration/esapi/ESAPI.properties      | 5 +++++
 src/test/resources/esapi/ESAPI.properties | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/configuration/esapi/ESAPI.properties b/configuration/esapi/ESAPI.properties
index 6511f0e15..baa8e6933 100644
--- a/configuration/esapi/ESAPI.properties
+++ b/configuration/esapi/ESAPI.properties
@@ -421,6 +421,11 @@ IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.actions=log
 # This allows enterprises to specify both organizational standards as well as application specific
 # validation rules.
 #
+# Use '\p{L}' (without the quotes) within the character class to match
+# any Unicode LETTER. You can also use a range, like:  \u00C0-\u017F
+# You can also use any of the regex flags as documented at
+# https://docs.oracle.com/javase/tutorial/essential/regex/pattern.html, e.g. (?u)
+#
 Validator.ConfigurationFile=validation.properties
 
 # Validators used by ESAPI
diff --git a/src/test/resources/esapi/ESAPI.properties b/src/test/resources/esapi/ESAPI.properties
index a33b532fa..1a0506ebf 100644
--- a/src/test/resources/esapi/ESAPI.properties
+++ b/src/test/resources/esapi/ESAPI.properties
@@ -426,6 +426,11 @@ IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.actions=log
 # This allows enterprises to specify both organizational standards as well as application specific
 # validation rules.
 #
+# Use '\p{L}' (without the quotes) within the character class to match
+# any Unicode LETTER. You can also use a range, like:  \u00C0-\u017F
+# You can also use any of the regex flags as documented at
+# https://docs.oracle.com/javase/tutorial/essential/regex/pattern.html, e.g. (?u)
+#
 Validator.ConfigurationFile=validation.properties
 
 # Validators used by ESAPI

From c45325d0b51da5aa5faecab20cd4b5b2caaedf13 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Wed, 13 Jan 2016 02:01:42 -0500
Subject: [PATCH 071/812] Change assertions into what should have been explicit
 runtime checks and throw an appropriate exception if violated.

---
 .../org/owasp/esapi/crypto/CipherSpec.java    | 34 +++++++++++++++----
 .../org/owasp/esapi/crypto/CipherText.java    | 25 ++++++++++++--
 2 files changed, 51 insertions(+), 8 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/crypto/CipherSpec.java b/src/main/java/org/owasp/esapi/crypto/CipherSpec.java
index 556ef8edb..e8836a38b 100644
--- a/src/main/java/org/owasp/esapi/crypto/CipherSpec.java
+++ b/src/main/java/org/owasp/esapi/crypto/CipherSpec.java
@@ -45,6 +45,8 @@ public final class CipherSpec implements Serializable {
 	private int     keySize_        = ESAPI.securityConfiguration().getEncryptionKeyLength(); // In bits
 	private int     blockSize_      = 16;   // In bytes! I.e., 128 bits!!!
 	private byte[]  iv_             = null;
+
+	private boolean blockSizeExplicitlySet = false;	// Used for check in setIV().
 	
 	// Cipher transformation component. Format is ALG/MODE/PADDING
     private enum CipherTransformationComponent { ALG, MODE, PADDING }
@@ -72,7 +74,7 @@ public CipherSpec(String cipherXform, int keySize, int blockSize, final byte[] i
 	public CipherSpec(String cipherXform, int keySize, int blockSize) {
 		// Note: Do NOT use
 		//			this(cipherXform, keySize, blockSize, null);
-		// because of assertion in setIV().
+		// because of checks in setIV().
 		//
 		setCipherTransformation(cipherXform);
 		setKeySize(keySize);
@@ -194,7 +196,9 @@ public String getCipherTransformation() {
 	 * @return	This current {@code CipherSpec} object.
 	 */
 	public CipherSpec setKeySize(int keySize) {
-		assert keySize > 0 : "keySize must be > 0; keySize=" + keySize;
+		if ( keySize <= 0 ) {
+			throw new IllegalArgumentException("keySize must be > 0; keySize=" + keySize);
+		}
 		this.keySize_ = keySize;
 		return this;
 	}
@@ -209,12 +213,16 @@ public int getKeySize() {
 
 	/**
 	 * Set the block size for this {@code CipherSpec}.
-	 * @param blockSize	The block size, in bytes. Must be positive integer.
+	 * @param blockSize	The block size, in bytes. Must be positive integer appropriate
+	 * 					for the specified cipher algorithm.
 	 * @return	This current {@code CipherSpec} object.
 	 */
 	public CipherSpec setBlockSize(int blockSize) {
-		assert blockSize > 0 : "blockSize must be > 0; blockSize=" + blockSize;
+		if ( blockSize <= 0 ) {
+			throw new IllegalArgumentException("blockSize must be > 0; blockSize=" + blockSize);
+		}
 		this.blockSize_ = blockSize;
+		blockSizeExplicitlySet = true;
 		return this;
 	}
 
@@ -266,9 +274,23 @@ public byte[] getIV() {
 	 * @return		This current {@code CipherSpec} object.
 	 */
 	public CipherSpec setIV(final byte[] iv) {
-		assert requiresIV() && (iv != null && iv.length != 0) : "Required IV cannot be null or 0 length";
-		// Don't store a reference, but make a copy!
+		if ( ! ( requiresIV() && (iv != null && iv.length != 0) ) ) {
+			throw new IllegalArgumentException("Required IV cannot be null or 0 length.");
+		}
+		
+		// Don't store a reference, but make a copy! When an IV is provided, it generally should
+		// be the same length as the block size of the cipher.
 		if ( iv != null ) {	// Allow null IV for ECB mode.
+			  // TODO: FIXME: As per email from Jeff Walton to Kevin Wall dated 12/03/2013,
+			  //			  this is not always true. E.g., for CCM, the IV length is supposed
+			  //			  to be 7, 8, 9, 10, 11, 12, or 13 octets because of
+			  //			  it's formatting function.
+/***
+			if ( iv.length != this.getBlockSize() && blockSizeExplicitlySet ) {
+				throw new IllegalArgumentException("IV must be same length as cipher block size (" +
+													this.getBlockSize() + " bytes)");
+			}
+***/
 			iv_ = new byte[ iv.length ];
 			CryptoHelper.copyByteArray(iv, iv_);
 		}
diff --git a/src/main/java/org/owasp/esapi/crypto/CipherText.java b/src/main/java/org/owasp/esapi/crypto/CipherText.java
index 47e6fc78f..66242d78f 100644
--- a/src/main/java/org/owasp/esapi/crypto/CipherText.java
+++ b/src/main/java/org/owasp/esapi/crypto/CipherText.java
@@ -26,6 +26,7 @@
 import org.owasp.esapi.Encryptor;
 import org.owasp.esapi.Logger;
 import org.owasp.esapi.errors.EncryptionException;
+import org.owasp.esapi.errors.EnterpriseSecurityRuntimeException;
 
 // CHECKME: Some of these assertions probably should be actual runtime checks
 //          with suitable exceptions to account for cases where programmers
@@ -457,7 +458,18 @@ public boolean validateMAC(SecretKey authKey) {
 	        // compare to stored value (separate_mac_). If same, then return true,
 	        // else return false.
 	        byte[] mac = computeMAC(authKey);
-	        assert mac.length == separate_mac_.length : "MACs are of differnt lengths. Should both be the same.";
+	        if ( mac.length != separate_mac_.length ) {
+                    // Note: We want some type of unchecked exception
+                    //       here so this will not require code changes.
+                    //       Unfortunately, EncryptionException, which might
+                    //       make more sense here, is not a RuntimeException.
+                    String exm = "MACs are of different lengths. " +
+                                 "Should both be the same length";
+                    throw new EnterpriseSecurityRuntimeException(exm,
+                                "Possible tampering of MAC? " + exm +
+                                "computed MAC len: " + mac.length +
+                                ", received MAC len: " + separate_mac_.length);
+            }
 	        return CryptoHelper.arrayCompare(mac, separate_mac_); // Safe compare!!!
 	    } else if ( ! requiresMAC ) {           // Doesn't require a MAC
 	        return true;
@@ -593,6 +605,9 @@ int kdfPRFAsInt() {
     
     public void setKDF_PRF(int prfSelection) {
         assert prfSelection >= 0 && prfSelection <= 15 : "kdfPrf == " + prfSelection + " must be between 0 and 15.";
+        if ( prfSelection < 0 || prfSelection > 15 ) {
+            throw new IllegalArgumentException("kdfPrf == " + prfSelection + " must be between 0 and 15, inclusive.");
+        }
     	kdfPrfSelection_ = prfSelection;
     }
     
@@ -629,7 +644,9 @@ private void setEncryptionTimestamp() {
      *                  January 1, 1970 GMT).
      */ // Package level access. ESAPI jar should be sealed and signed.
     void setEncryptionTimestamp(long timestamp) {
-        assert timestamp > 0 : "Timestamp must be greater than zero.";
+        if ( timestamp <= 0 ) {
+            throw new IllegalArgumentException("Timestamp must be greater than zero.");
+        }
         if ( encryption_timestamp_ == 0 ) {     // Only set it if it's not yet been set.
             logger.warning(Logger.EVENT_FAILURE, "Attempt to reset non-zero " +
                            "CipherText encryption timestamp to " + new Date(timestamp) + "!");
@@ -767,6 +784,10 @@ protected boolean canEqual(Object other) {
      * @return The value for the MAC.
      */ 
     private byte[] computeMAC(SecretKey authKey) {
+        // These assertions are okay and leaving them as assertions rather than
+        // changing the to conditional statements that throw should be all right
+        // because this is private method and presumably we should have already
+        // checked things in the public or protected methods where appropriate.
         assert raw_ciphertext_ != null && raw_ciphertext_.length != 0 : "Raw ciphertext may not be null or empty.";
         assert authKey != null && authKey.getEncoded().length != 0 : "Authenticity secret key may not be null or zero length.";
         try {

From 79a3f593abf8dcf0b26a12b712be65e756bcde11 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Wed, 13 Jan 2016 02:07:25 -0500
Subject: [PATCH 072/812] Closes #318.

---
 src/main/java/org/owasp/esapi/waf/rules/RuleUtil.java | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/waf/rules/RuleUtil.java b/src/main/java/org/owasp/esapi/waf/rules/RuleUtil.java
index 45201014f..e2a216707 100644
--- a/src/main/java/org/owasp/esapi/waf/rules/RuleUtil.java
+++ b/src/main/java/org/owasp/esapi/waf/rules/RuleUtil.java
@@ -76,7 +76,7 @@ public static boolean isInList(Collection c, String s) {
 			} else if ( o instanceof Double ) {
 
 				try {
-					if ( Double.parseDouble(s) == ((Double)o).doubleValue() ) {
+					if ( Double.compare(Double.parseDouble(s), ((Double)o).doubleValue()) ==  0 ) {
 						return true;
 					}
 				} catch (Exception e) {}
@@ -121,7 +121,7 @@ public static boolean isInList(Enumeration en, String s) {
 			} else if ( o instanceof Double ) {
 
 				try {
-					if ( Double.parseDouble(s) == ((Double)o).doubleValue() ) {
+					if ( Double.compare(Double.parseDouble(s), ((Double)o).doubleValue()) ==  0 ) {
 						return true;
 					}
 				} catch (Exception e) {}

From dffaddbb59946fb4ba46d5fb97830af277b408d7 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Wed, 13 Jan 2016 02:14:11 -0500
Subject: [PATCH 073/812] Closes issue #319.

---
 .../ESAPIWebApplicationFirewallFilter.java    | 973 +++++++++---------
 1 file changed, 507 insertions(+), 466 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/waf/ESAPIWebApplicationFirewallFilter.java b/src/main/java/org/owasp/esapi/waf/ESAPIWebApplicationFirewallFilter.java
index 4563c0d57..82bd7e079 100644
--- a/src/main/java/org/owasp/esapi/waf/ESAPIWebApplicationFirewallFilter.java
+++ b/src/main/java/org/owasp/esapi/waf/ESAPIWebApplicationFirewallFilter.java
@@ -1,466 +1,507 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf;
-
-import java.io.File;
-
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.IOException;
-import java.util.List;
-
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.fileupload.FileUploadException;
-import org.apache.log4j.xml.DOMConfigurator;
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.Logger;
-import org.owasp.esapi.waf.actions.Action;
-import org.owasp.esapi.waf.actions.BlockAction;
-import org.owasp.esapi.waf.actions.DefaultAction;
-import org.owasp.esapi.waf.actions.RedirectAction;
-import org.owasp.esapi.waf.configuration.AppGuardianConfiguration;
-import org.owasp.esapi.waf.configuration.ConfigurationParser;
-import org.owasp.esapi.waf.internal.InterceptingHTTPServletRequest;
-import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
-import org.owasp.esapi.waf.rules.Rule;
-
-/**
- * This is the main class for the ESAPI Web Application Firewall (WAF). It is a standard J2EE servlet filter
- * that, in different methods, invokes the reading of the configuration file and handles the runtime processing
- * and enforcing of the developer-specified rules.
- * 
- * Ideally the filter should be configured to catch all requests (/*) in web.xml. If there are URL segments that
- * need to be extremely fast and don't require any protection, the pattern may be modified with extreme caution.
- *  
- * @author Arshan Dabirsiaghi
- *
- */
-public class ESAPIWebApplicationFirewallFilter implements Filter {
-
-	private AppGuardianConfiguration appGuardConfig;
-
-	private static final String CONFIGURATION_FILE_PARAM = "configuration";
-	private static final String LOGGING_FILE_PARAM = "log_settings";
-	private static final String POLLING_TIME_PARAM = "polling_time";
-	
-	private static final int DEFAULT_POLLING_TIME = 30000;
-	
-	private String configurationFilename = null;
-
-    private long pollingTime;
-	
-	private long lastConfigReadTime;
-	
-	//private static final String FAUX_SESSION_COOKIE = "FAUXSC";
-	//private static final String SESSION_COOKIE_CANARY = "org.owasp.esapi.waf.canary";
-
-	private FilterConfig fc;
-	
-	private final Logger logger = ESAPI.getLogger(ESAPIWebApplicationFirewallFilter.class);
-
-	/**
-	 * This function is used in testing to dynamically alter the configuration.
-	 * @param policyFilePath The path to the policy file
-	 * @param webRootDir The root directory of the web application.
-     * @throws FileNotFoundException if the policy file cannot be located
-	 */
-	public void setConfiguration( String policyFilePath, String webRootDir ) throws FileNotFoundException {
-		try {
-			appGuardConfig = ConfigurationParser.readConfigurationFile(new FileInputStream(new File(policyFilePath)), webRootDir);
-			lastConfigReadTime = System.currentTimeMillis();
-			configurationFilename = policyFilePath;
-		} catch (ConfigurationException e ) {
-            // TODO: It would be ideal if this method through the ConfigurationException rather than catching it and
-            // writing the error to the console.
-			e.printStackTrace();
-		}
-	}
-	
-	public AppGuardianConfiguration getConfiguration() {
-		return appGuardConfig;
-	}
-	
-	
-	/**
-	 * 
-	 * This function is invoked at application startup and when the configuration file
-	 * polling period has elapsed and a change in the configuration file has been detected.
-	 * 
-	 * It's main purpose is to read the configuration file and establish the configuration
-	 * object model for use at runtime during the <code>doFilter()</code> method. 
-	 */
-	public void init(FilterConfig fc) throws ServletException {
-
-		/*
-		 * This variable is saved so that we can retrieve it later to re-invoke this function.
-		 */
-		this.fc = fc;
-		
-		logger.debug(Logger.EVENT_SUCCESS, ">> Initializing WAF" );
-		/*
-		 * Pull logging file.
-		 */
-
-        // Demoted scope to a local since this is the only place it is referenced
-        String logSettingsFilename = fc.getInitParameter(LOGGING_FILE_PARAM);
-
-		String realLogSettingsFilename = fc.getServletContext().getRealPath(logSettingsFilename);
-		
-		if ( realLogSettingsFilename == null || (! new File(realLogSettingsFilename).exists()) ) {
-			throw new ServletException("[ESAPI WAF] Could not find log file at resolved path: " + realLogSettingsFilename);
-		}
-
-		/*
-		 * Pull main configuration file.
-		 */
-
-		configurationFilename = fc.getInitParameter(CONFIGURATION_FILE_PARAM);
-
-		configurationFilename = fc.getServletContext().getRealPath(configurationFilename);
-		
-		if ( configurationFilename == null || ! new File(configurationFilename).exists() ) {
-			throw new ServletException("[ESAPI WAF] Could not find configuration file at resolved path: " + configurationFilename);
-		}
-
-		/*
-		 * Find out polling time from a parameter. If none is provided, use
-		 * the default (10 seconds).
-		 */
-		
-		String sPollingTime = fc.getInitParameter(POLLING_TIME_PARAM);
-		
-		if ( sPollingTime != null ) {
-			pollingTime = Long.parseLong(sPollingTime);
-		} else {
-			pollingTime = DEFAULT_POLLING_TIME;
-		}
-		
-		/*
-		 * Open up configuration file and populate the AppGuardian configuration object.
-		 */
-
-		try {
-
-			String webRootDir = fc.getServletContext().getRealPath("/");
-			appGuardConfig = ConfigurationParser.readConfigurationFile(new FileInputStream(configurationFilename),webRootDir);
-
-			DOMConfigurator.configure(realLogSettingsFilename);
-
-			lastConfigReadTime = System.currentTimeMillis();
-			
-		} catch (FileNotFoundException e) {
-			throw new ServletException(e);
-		} catch (ConfigurationException e) {
-			throw new ServletException(e);
-		}
-
-	}
-
-
-	/**
-	 * This is the where the main interception and rule-checking logic of the WAF resides.
-	 */
-	public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse,
-			FilterChain chain) throws IOException, ServletException {
-
-		/*
-		 * Check to see if polling time has elapsed. If it has, that means
-		 * we should check to see if the config file has been changed. If
-		 * it has, then re-read it.
-		 *
-		 * // TODO: Any reason this logic shouldn't be moved into a polling thread class?
-		 */
-		
-		if ( (System.currentTimeMillis() - lastConfigReadTime) > pollingTime ) {
-			File f = new File(configurationFilename);
-			long lastModified = f.lastModified();
-			if ( lastModified > lastConfigReadTime ) {
-				/*
-				 * The file has been altered since it was
-				 * read in the last time. Must re-read it.
-				 */
-				logger.debug(Logger.EVENT_SUCCESS, ">> Re-reading WAF policy");
-				init(fc);
-			}
-		}
-		
-		logger.debug(Logger.EVENT_SUCCESS, ">>In WAF doFilter");
-
-		HttpServletRequest httpRequest = (HttpServletRequest)servletRequest;
-		HttpServletResponse httpResponse = (HttpServletResponse)servletResponse;
-
-		InterceptingHTTPServletRequest request = null;
-		InterceptingHTTPServletResponse response = null;
-
-		/*
-		 * First thing to do is create the InterceptingHTTPServletResponse, since
-		 * we'll need that possibly before the InterceptingHTTPServletRequest.
-		 *
-		 * The normal HttpRequest-type objects will suffice us until we get to
-		 * stage 2.
-		 *
-		 * 1st argument = the response to base the instance on
-		 * 2nd argument = should we bother intercepting the egress response?
-		 * 3rd argument = cookie rules because thats where they mostly get acted on
-		 */
-		
-		if ( 	appGuardConfig.getCookieRules().size() + 
-				appGuardConfig.getBeforeResponseRules().size() > 0) {
-			response = new InterceptingHTTPServletResponse(httpResponse, true, appGuardConfig.getCookieRules());
-		}
-		
-		/*
-		 * Stage 1: Rules that do not need the request body.
-		 */
-		logger.debug(Logger.EVENT_SUCCESS, ">> Starting stage 1" );
-
-		List<Rule> rules = this.appGuardConfig.getBeforeBodyRules();
-
-		for(int i=0;i<rules.size();i++) {
-
-			Rule rule = rules.get(i);
-			logger.debug(Logger.EVENT_SUCCESS,  "  Applying BEFORE rule:  " + rule.getClass().getName() );
-			
-			/*
-			 * The rules execute in check(). The check() method will also log. All we have
-			 * to do is decide what other actions to take.
-			 */
-			Action action = rule.check(httpRequest, response, httpResponse);
-
-			if ( action.isActionNecessary() ) {
-
-				if ( action instanceof BlockAction ) {
-					if ( response != null ) {
-						response.setStatus(appGuardConfig.getDefaultResponseCode());
-					} else {
-						httpResponse.setStatus(appGuardConfig.getDefaultResponseCode());
-					}
-					return;
-
-				} else if ( action instanceof RedirectAction ) {
-					sendRedirect(response, httpResponse, ((RedirectAction)action).getRedirectURL()); 
-					return;
-
-				} else if ( action instanceof DefaultAction ) {
-
-					switch ( AppGuardianConfiguration.DEFAULT_FAIL_ACTION) {
-						case AppGuardianConfiguration.BLOCK:
-							if ( response != null ) {
-								response.setStatus(appGuardConfig.getDefaultResponseCode());
-							} else {
-								httpResponse.setStatus(appGuardConfig.getDefaultResponseCode());
-							}
-							return;
-							
-						case AppGuardianConfiguration.REDIRECT:
-							sendRedirect(response, httpResponse);
-							return;
-					}
-				}
-			}
-		}
-
-		/*
-		 * Create the InterceptingHTTPServletRequest.
-		 */
-		
-		try {
-			request = new InterceptingHTTPServletRequest((HttpServletRequest)servletRequest);
-		} catch (FileUploadException fue) {
-			logger.error(Logger.EVENT_SUCCESS,  "Error Wrapping Request", fue );
-		}
-
-		/*
-		 * Stage 2: After the body has been read, but before the the application has gotten it.
-		 */
-		logger.debug(Logger.EVENT_SUCCESS, ">> Starting Stage 2" );
-
-		rules = this.appGuardConfig.getAfterBodyRules();
-
-		for(int i=0;i<rules.size();i++) {
-
-			Rule rule = rules.get(i);
-			logger.debug(Logger.EVENT_SUCCESS,  "  Applying BEFORE CHAIN rule:  " + rule.getClass().getName() );
-
-			/*
-			 * The rules execute in check(). The check() method will take care of logging. 
-			 * All we have to do is decide what other actions to take.
-			 */
-			Action action = rule.check(request, response, httpResponse);
-
-			if ( action.isActionNecessary() ) {
-
-				if ( action instanceof BlockAction ) {
-					if ( response != null ) {
-						response.setStatus(appGuardConfig.getDefaultResponseCode());
-					} else {
-						httpResponse.setStatus(appGuardConfig.getDefaultResponseCode());
-					}
-					return;
-
-				} else if ( action instanceof RedirectAction ) {
-					sendRedirect(response, httpResponse, ((RedirectAction)action).getRedirectURL());
-					return;
-
-				} else if ( action instanceof DefaultAction ) {
-
-					switch ( AppGuardianConfiguration.DEFAULT_FAIL_ACTION) {
-						case AppGuardianConfiguration.BLOCK:
-							if ( response != null ) {
-								response.setStatus(appGuardConfig.getDefaultResponseCode());
-							} else {
-								httpResponse.setStatus(appGuardConfig.getDefaultResponseCode());
-							}
-							return;
-
-						case AppGuardianConfiguration.REDIRECT:
-							sendRedirect(response, httpResponse);
-							return;
-					}
-				}
-			}
-		}
-
-		/*
-		 * In between stages 2 and 3 is the application's processing of the input.
-		 */
-		logger.debug(Logger.EVENT_SUCCESS, ">> Calling the FilterChain: " + chain );
-		chain.doFilter(request, response != null ? response : httpResponse);
-
-		/*
-		 * Stage 3: Before the response has been sent back to the user.
-		 */
-		logger.debug(Logger.EVENT_SUCCESS, ">> Starting Stage 3" );
-
-		rules = this.appGuardConfig.getBeforeResponseRules();
-
-		for(int i=0;i<rules.size();i++) {
-
-			Rule rule = rules.get(i);
-			logger.debug(Logger.EVENT_SUCCESS,  "  Applying AFTER CHAIN rule:  " + rule.getClass().getName() );
-
-			/*
-			 * The rules execute in check(). The check() method will also log. All we have
-			 * to do is decide what other actions to take.
-			 */
-			Action action = rule.check(request, response, httpResponse);
-
-			if ( action.isActionNecessary() ) {
-
-				if ( action instanceof BlockAction ) {
-					if ( response != null ) {
-						response.setStatus(appGuardConfig.getDefaultResponseCode());
-					} else {
-						httpResponse.setStatus(appGuardConfig.getDefaultResponseCode());
-					}
-					return;
-
-				} else if ( action instanceof RedirectAction ) {
-					sendRedirect(response, httpResponse, ((RedirectAction)action).getRedirectURL());
-					return;
-
-				} else if ( action instanceof DefaultAction ) {
-
-					switch ( AppGuardianConfiguration.DEFAULT_FAIL_ACTION) {
-						case AppGuardianConfiguration.BLOCK:
-							if ( response != null ) {
-								response.setStatus(appGuardConfig.getDefaultResponseCode());
-							} else {
-								httpResponse.setStatus(appGuardConfig.getDefaultResponseCode());
-							}
-							return;
-
-						case AppGuardianConfiguration.REDIRECT:
-							sendRedirect(response, httpResponse);
-							return;
-					}
-				}
-			}
-		}
-
-		/*
-		 * Now that we've run our last set of rules we can allow the response to go through if
-		 * we were intercepting.
-		 */
-		
-		if ( response != null ) {
-			logger.debug(Logger.EVENT_SUCCESS, ">>> committing reponse" );
-			response.commit();
-		}
-	}
-
-	/*
-	 * Utility method to send HTTP redirects that automatically determines which response class to use.
-	 */
-	private void sendRedirect(InterceptingHTTPServletResponse response,
-			HttpServletResponse httpResponse, String redirectURL) throws IOException {
-		
-		if ( response != null ) { // if we've been buffering everything we clean it all out before sending back.
-			response.reset();
-			response.resetBuffer();
-			response.sendRedirect(redirectURL);
-			response.commit();
-		} else {
-			httpResponse.sendRedirect(redirectURL);
-		}
-		
-	}
-
-	public void destroy() {
-		/*
-		 * Any cleanup necessary?
-		 */
-	}
-
-	
-	private void sendRedirect(InterceptingHTTPServletResponse response, HttpServletResponse httpResponse) throws IOException {
-        /* [chrisisbeef] - commented out as this is not currently used. Minor performance tweak.
-		String finalJavaScript = AppGuardianConfiguration.JAVASCRIPT_REDIRECT;
-		finalJavaScript = finalJavaScript.replaceAll(AppGuardianConfiguration.JAVASCRIPT_TARGET_TOKEN, appGuardConfig.getDefaultErrorPage());
-        */
-
-		if ( response != null ) {
-			response.reset();
-			response.resetBuffer();
-			/*
-			response.setStatus(appGuardConfig.getDefaultResponseCode());
-			response.getOutputStream().write(finalJavaScript.getBytes());
-			*/
-			response.sendRedirect(appGuardConfig.getDefaultErrorPage());
-			
-		} else {
-			if ( ! httpResponse.isCommitted() ) {
-				httpResponse.sendRedirect(appGuardConfig.getDefaultErrorPage());
-			} else {
-				/*
-				 * Can't send redirect because response is already committed. I'm not sure 
-				 * how this could happen, but I didn't want to cause IOExceptions in case
-				 * if it ever does. 
-				 */
-			}
-			
-		}
-	}
-	
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf;
+
+import java.io.File;
+
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.util.List;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.fileupload.FileUploadException;
+import org.apache.log4j.xml.DOMConfigurator;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.waf.actions.Action;
+import org.owasp.esapi.waf.actions.BlockAction;
+import org.owasp.esapi.waf.actions.DefaultAction;
+import org.owasp.esapi.waf.actions.RedirectAction;
+import org.owasp.esapi.waf.configuration.AppGuardianConfiguration;
+import org.owasp.esapi.waf.configuration.ConfigurationParser;
+import org.owasp.esapi.waf.internal.InterceptingHTTPServletRequest;
+import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
+import org.owasp.esapi.waf.rules.Rule;
+
+/**
+ * This is the main class for the ESAPI Web Application Firewall (WAF). It is a
+ * standard J2EE servlet filter that, in different methods, invokes the reading
+ * of the configuration file and handles the runtime processing and enforcing of
+ * the developer-specified rules.
+ * 
+ * Ideally the filter should be configured to catch all requests (/*) in
+ * web.xml. If there are URL segments that need to be extremely fast and don't
+ * require any protection, the pattern may be modified with extreme caution.
+ * 
+ * @author Arshan Dabirsiaghi
+ *
+ */
+public class ESAPIWebApplicationFirewallFilter implements Filter {
+
+	private AppGuardianConfiguration appGuardConfig;
+
+	private static final String CONFIGURATION_FILE_PARAM = "configuration";
+	private static final String LOGGING_FILE_PARAM = "log_settings";
+	private static final String POLLING_TIME_PARAM = "polling_time";
+
+	private static final int DEFAULT_POLLING_TIME = 30000;
+
+	private String configurationFilename = null;
+
+	private long pollingTime;
+
+	private long lastConfigReadTime;
+
+	// private static final String FAUX_SESSION_COOKIE = "FAUXSC";
+	// private static final String SESSION_COOKIE_CANARY =
+	// "org.owasp.esapi.waf.canary";
+
+	private FilterConfig fc;
+
+	private final Logger logger = ESAPI.getLogger(ESAPIWebApplicationFirewallFilter.class);
+
+	/**
+	 * This function is used in testing to dynamically alter the configuration.
+	 * 
+	 * @param policyFilePath
+	 *            The path to the policy file
+	 * @param webRootDir
+	 *            The root directory of the web application.
+	 * @throws FileNotFoundException
+	 *             if the policy file cannot be located
+	 */
+	public void setConfiguration(String policyFilePath, String webRootDir) throws FileNotFoundException {
+
+		FileInputStream inputStream = null;
+
+		try {
+			inputStream = new FileInputStream(new File(policyFilePath));
+			appGuardConfig = ConfigurationParser.readConfigurationFile(inputStream, webRootDir);
+			lastConfigReadTime = System.currentTimeMillis();
+			configurationFilename = policyFilePath;
+		} catch (ConfigurationException e) {
+			// TODO: It would be ideal if this method through the
+			// ConfigurationException rather than catching it and
+			// writing the error to the console.
+			e.printStackTrace();
+		} finally {
+			if (inputStream != null) {
+				try {
+					inputStream.close();
+				} catch (IOException e) {
+					e.printStackTrace();
+				}
+			}
+		}
+	}
+
+	public AppGuardianConfiguration getConfiguration() {
+		return appGuardConfig;
+	}
+
+	/**
+	 * 
+	 * This function is invoked at application startup and when the
+	 * configuration file polling period has elapsed and a change in the
+	 * configuration file has been detected.
+	 * 
+	 * It's main purpose is to read the configuration file and establish the
+	 * configuration object model for use at runtime during the
+	 * <code>doFilter()</code> method.
+	 */
+	public void init(FilterConfig fc) throws ServletException {
+
+		/*
+		 * This variable is saved so that we can retrieve it later to re-invoke
+		 * this function.
+		 */
+		this.fc = fc;
+
+		logger.debug(Logger.EVENT_SUCCESS, ">> Initializing WAF");
+		/*
+		 * Pull logging file.
+		 */
+
+		// Demoted scope to a local since this is the only place it is
+		// referenced
+		String logSettingsFilename = fc.getInitParameter(LOGGING_FILE_PARAM);
+
+		String realLogSettingsFilename = fc.getServletContext().getRealPath(logSettingsFilename);
+
+		if (realLogSettingsFilename == null || (!new File(realLogSettingsFilename).exists())) {
+			throw new ServletException(
+					"[ESAPI WAF] Could not find log file at resolved path: " + realLogSettingsFilename);
+		}
+
+		/*
+		 * Pull main configuration file.
+		 */
+
+		configurationFilename = fc.getInitParameter(CONFIGURATION_FILE_PARAM);
+
+		configurationFilename = fc.getServletContext().getRealPath(configurationFilename);
+
+		if (configurationFilename == null || !new File(configurationFilename).exists()) {
+			throw new ServletException(
+					"[ESAPI WAF] Could not find configuration file at resolved path: " + configurationFilename);
+		}
+
+		/*
+		 * Find out polling time from a parameter. If none is provided, use the
+		 * default (10 seconds).
+		 */
+
+		String sPollingTime = fc.getInitParameter(POLLING_TIME_PARAM);
+
+		if (sPollingTime != null) {
+			pollingTime = Long.parseLong(sPollingTime);
+		} else {
+			pollingTime = DEFAULT_POLLING_TIME;
+		}
+
+		/*
+		 * Open up configuration file and populate the AppGuardian configuration
+		 * object.
+		 */
+
+		FileInputStream inputStream = null;
+
+		try {
+			String webRootDir = fc.getServletContext().getRealPath("/");
+			inputStream = new FileInputStream(configurationFilename);
+			appGuardConfig = ConfigurationParser.readConfigurationFile(inputStream, webRootDir);
+			DOMConfigurator.configure(realLogSettingsFilename);
+			lastConfigReadTime = System.currentTimeMillis();
+		} catch (FileNotFoundException e) {
+			throw new ServletException(e);
+		} catch (ConfigurationException e) {
+			throw new ServletException(e);
+		} finally {
+			if (inputStream != null) {
+				try {
+					inputStream.close();
+				} catch (IOException e) {
+					e.printStackTrace();
+				}
+			}
+		}
+	}
+
+	/**
+	 * This is the where the main interception and rule-checking logic of the
+	 * WAF resides.
+	 */
+	public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain)
+			throws IOException, ServletException {
+
+		/*
+		 * Check to see if polling time has elapsed. If it has, that means we
+		 * should check to see if the config file has been changed. If it has,
+		 * then re-read it.
+		 *
+		 * // TODO: Any reason this logic shouldn't be moved into a polling
+		 * thread class?
+		 */
+
+		if ((System.currentTimeMillis() - lastConfigReadTime) > pollingTime) {
+			File f = new File(configurationFilename);
+			long lastModified = f.lastModified();
+			if (lastModified > lastConfigReadTime) {
+				/*
+				 * The file has been altered since it was read in the last time.
+				 * Must re-read it.
+				 */
+				logger.debug(Logger.EVENT_SUCCESS, ">> Re-reading WAF policy");
+				init(fc);
+			}
+		}
+
+		logger.debug(Logger.EVENT_SUCCESS, ">>In WAF doFilter");
+
+		HttpServletRequest httpRequest = (HttpServletRequest) servletRequest;
+		HttpServletResponse httpResponse = (HttpServletResponse) servletResponse;
+
+		InterceptingHTTPServletRequest request = null;
+		InterceptingHTTPServletResponse response = null;
+
+		/*
+		 * First thing to do is create the InterceptingHTTPServletResponse,
+		 * since we'll need that possibly before the
+		 * InterceptingHTTPServletRequest.
+		 *
+		 * The normal HttpRequest-type objects will suffice us until we get to
+		 * stage 2.
+		 *
+		 * 1st argument = the response to base the instance on 2nd argument =
+		 * should we bother intercepting the egress response? 3rd argument =
+		 * cookie rules because thats where they mostly get acted on
+		 */
+
+		if (appGuardConfig.getCookieRules().size() + appGuardConfig.getBeforeResponseRules().size() > 0) {
+			response = new InterceptingHTTPServletResponse(httpResponse, true, appGuardConfig.getCookieRules());
+		}
+
+		/*
+		 * Stage 1: Rules that do not need the request body.
+		 */
+		logger.debug(Logger.EVENT_SUCCESS, ">> Starting stage 1");
+
+		List<Rule> rules = this.appGuardConfig.getBeforeBodyRules();
+
+		for (int i = 0; i < rules.size(); i++) {
+
+			Rule rule = rules.get(i);
+			logger.debug(Logger.EVENT_SUCCESS, "  Applying BEFORE rule:  " + rule.getClass().getName());
+
+			/*
+			 * The rules execute in check(). The check() method will also log.
+			 * All we have to do is decide what other actions to take.
+			 */
+			Action action = rule.check(httpRequest, response, httpResponse);
+
+			if (action.isActionNecessary()) {
+
+				if (action instanceof BlockAction) {
+					if (response != null) {
+						response.setStatus(appGuardConfig.getDefaultResponseCode());
+					} else {
+						httpResponse.setStatus(appGuardConfig.getDefaultResponseCode());
+					}
+					return;
+
+				} else if (action instanceof RedirectAction) {
+					sendRedirect(response, httpResponse, ((RedirectAction) action).getRedirectURL());
+					return;
+
+				} else if (action instanceof DefaultAction) {
+
+					switch (AppGuardianConfiguration.DEFAULT_FAIL_ACTION) {
+					case AppGuardianConfiguration.BLOCK:
+						if (response != null) {
+							response.setStatus(appGuardConfig.getDefaultResponseCode());
+						} else {
+							httpResponse.setStatus(appGuardConfig.getDefaultResponseCode());
+						}
+						return;
+
+					case AppGuardianConfiguration.REDIRECT:
+						sendRedirect(response, httpResponse);
+						return;
+					}
+				}
+			}
+		}
+
+		/*
+		 * Create the InterceptingHTTPServletRequest.
+		 */
+
+		try {
+			request = new InterceptingHTTPServletRequest((HttpServletRequest) servletRequest);
+		} catch (FileUploadException fue) {
+			logger.error(Logger.EVENT_SUCCESS, "Error Wrapping Request", fue);
+		}
+
+		/*
+		 * Stage 2: After the body has been read, but before the the application
+		 * has gotten it.
+		 */
+		logger.debug(Logger.EVENT_SUCCESS, ">> Starting Stage 2");
+
+		rules = this.appGuardConfig.getAfterBodyRules();
+
+		for (int i = 0; i < rules.size(); i++) {
+
+			Rule rule = rules.get(i);
+			logger.debug(Logger.EVENT_SUCCESS, "  Applying BEFORE CHAIN rule:  " + rule.getClass().getName());
+
+			/*
+			 * The rules execute in check(). The check() method will take care
+			 * of logging. All we have to do is decide what other actions to
+			 * take.
+			 */
+			Action action = rule.check(request, response, httpResponse);
+
+			if (action.isActionNecessary()) {
+
+				if (action instanceof BlockAction) {
+					if (response != null) {
+						response.setStatus(appGuardConfig.getDefaultResponseCode());
+					} else {
+						httpResponse.setStatus(appGuardConfig.getDefaultResponseCode());
+					}
+					return;
+
+				} else if (action instanceof RedirectAction) {
+					sendRedirect(response, httpResponse, ((RedirectAction) action).getRedirectURL());
+					return;
+
+				} else if (action instanceof DefaultAction) {
+
+					switch (AppGuardianConfiguration.DEFAULT_FAIL_ACTION) {
+					case AppGuardianConfiguration.BLOCK:
+						if (response != null) {
+							response.setStatus(appGuardConfig.getDefaultResponseCode());
+						} else {
+							httpResponse.setStatus(appGuardConfig.getDefaultResponseCode());
+						}
+						return;
+
+					case AppGuardianConfiguration.REDIRECT:
+						sendRedirect(response, httpResponse);
+						return;
+					}
+				}
+			}
+		}
+
+		/*
+		 * In between stages 2 and 3 is the application's processing of the
+		 * input.
+		 */
+		logger.debug(Logger.EVENT_SUCCESS, ">> Calling the FilterChain: " + chain);
+		chain.doFilter(request, response != null ? response : httpResponse);
+
+		/*
+		 * Stage 3: Before the response has been sent back to the user.
+		 */
+		logger.debug(Logger.EVENT_SUCCESS, ">> Starting Stage 3");
+
+		rules = this.appGuardConfig.getBeforeResponseRules();
+
+		for (int i = 0; i < rules.size(); i++) {
+
+			Rule rule = rules.get(i);
+			logger.debug(Logger.EVENT_SUCCESS, "  Applying AFTER CHAIN rule:  " + rule.getClass().getName());
+
+			/*
+			 * The rules execute in check(). The check() method will also log.
+			 * All we have to do is decide what other actions to take.
+			 */
+			Action action = rule.check(request, response, httpResponse);
+
+			if (action.isActionNecessary()) {
+
+				if (action instanceof BlockAction) {
+					if (response != null) {
+						response.setStatus(appGuardConfig.getDefaultResponseCode());
+					} else {
+						httpResponse.setStatus(appGuardConfig.getDefaultResponseCode());
+					}
+					return;
+
+				} else if (action instanceof RedirectAction) {
+					sendRedirect(response, httpResponse, ((RedirectAction) action).getRedirectURL());
+					return;
+
+				} else if (action instanceof DefaultAction) {
+
+					switch (AppGuardianConfiguration.DEFAULT_FAIL_ACTION) {
+					case AppGuardianConfiguration.BLOCK:
+						if (response != null) {
+							response.setStatus(appGuardConfig.getDefaultResponseCode());
+						} else {
+							httpResponse.setStatus(appGuardConfig.getDefaultResponseCode());
+						}
+						return;
+
+					case AppGuardianConfiguration.REDIRECT:
+						sendRedirect(response, httpResponse);
+						return;
+					}
+				}
+			}
+		}
+
+		/*
+		 * Now that we've run our last set of rules we can allow the response to
+		 * go through if we were intercepting.
+		 */
+
+		if (response != null) {
+			logger.debug(Logger.EVENT_SUCCESS, ">>> committing reponse");
+			response.commit();
+		}
+	}
+
+	/*
+	 * Utility method to send HTTP redirects that automatically determines which
+	 * response class to use.
+	 */
+	private void sendRedirect(InterceptingHTTPServletResponse response, HttpServletResponse httpResponse,
+			String redirectURL) throws IOException {
+
+		if (response != null) { // if we've been buffering everything we clean
+								// it all out before sending back.
+			response.reset();
+			response.resetBuffer();
+			response.sendRedirect(redirectURL);
+			response.commit();
+		} else {
+			httpResponse.sendRedirect(redirectURL);
+		}
+
+	}
+
+	public void destroy() {
+		/*
+		 * Any cleanup necessary?
+		 */
+	}
+
+	private void sendRedirect(InterceptingHTTPServletResponse response, HttpServletResponse httpResponse)
+			throws IOException {
+		/*
+		 * [chrisisbeef] - commented out as this is not currently used. Minor
+		 * performance tweak. String finalJavaScript =
+		 * AppGuardianConfiguration.JAVASCRIPT_REDIRECT; finalJavaScript =
+		 * finalJavaScript.replaceAll(AppGuardianConfiguration.
+		 * JAVASCRIPT_TARGET_TOKEN, appGuardConfig.getDefaultErrorPage());
+		 */
+
+		if (response != null) {
+			response.reset();
+			response.resetBuffer();
+			/*
+			 * response.setStatus(appGuardConfig.getDefaultResponseCode());
+			 * response.getOutputStream().write(finalJavaScript.getBytes());
+			 */
+			response.sendRedirect(appGuardConfig.getDefaultErrorPage());
+
+		} else {
+			if (!httpResponse.isCommitted()) {
+				httpResponse.sendRedirect(appGuardConfig.getDefaultErrorPage());
+			} else {
+				/*
+				 * Can't send redirect because response is already committed.
+				 * I'm not sure how this could happen, but I didn't want to
+				 * cause IOExceptions in case if it ever does.
+				 */
+			}
+
+		}
+	}
+
+}

From 12ac88ccd92a606593bfb1bfe678a70b3cf0d80e Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sat, 16 Jan 2016 15:13:27 -0500
Subject: [PATCH 074/812] Make getProperty(String,String) synchronized. Closes
 #321.

---
 .../esapi/reference/crypto/ReferenceEncryptedProperties.java    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/org/owasp/esapi/reference/crypto/ReferenceEncryptedProperties.java b/src/main/java/org/owasp/esapi/reference/crypto/ReferenceEncryptedProperties.java
index cffc14963..0d35b25dd 100644
--- a/src/main/java/org/owasp/esapi/reference/crypto/ReferenceEncryptedProperties.java
+++ b/src/main/java/org/owasp/esapi/reference/crypto/ReferenceEncryptedProperties.java
@@ -129,7 +129,7 @@ public synchronized String getProperty(String key) throws EncryptionRuntimeExcep
 	 * @throws EncryptionRuntimeException Thrown if decryption fails.
 	 */
 	@Override
-	public String getProperty(String key, String defaultValue) throws EncryptionRuntimeException {
+	public synchronized String getProperty(String key, String defaultValue) throws EncryptionRuntimeException {
 		String value = getProperty(key);
 
 		if (value == null) return defaultValue;

From 644cd4d36be35ec756ddbce9588c65f6358d1ed6 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sat, 16 Jan 2016 17:51:26 -0500
Subject: [PATCH 075/812] Applied patches from Eric Citaire and Matt Seil.
 Fixes #322.

---
 .../filters/RequestRateThrottleFilter.java    | 43 ++++++++-----------
 1 file changed, 19 insertions(+), 24 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/filters/RequestRateThrottleFilter.java b/src/main/java/org/owasp/esapi/filters/RequestRateThrottleFilter.java
index 0ca121ec6..4ac188979 100644
--- a/src/main/java/org/owasp/esapi/filters/RequestRateThrottleFilter.java
+++ b/src/main/java/org/owasp/esapi/filters/RequestRateThrottleFilter.java
@@ -53,8 +53,8 @@ public class RequestRateThrottleFilter implements Filter
      */
     public void init(FilterConfig filterConfig)
     {
-        hits = Integer.parseInt(filterConfig.getInitParameter(HITS));
-        period = Integer.parseInt(filterConfig.getInitParameter(PERIOD));
+        hits = filterConfig.getInitParameter(HITS) == null ? 5 : Integer.parseInt(filterConfig.getInitParameter(HITS));
+        period = filterConfig.getInitParameter(PERIOD) == null ? 10 : Integer.parseInt(filterConfig.getInitParameter(PERIOD));
     }
 
     /**
@@ -75,27 +75,22 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
         HttpSession session = httpRequest.getSession(true);
         
         synchronized( session.getId().intern() ) {
-	        Stack<Date> times = ESAPI.httpUtilities().getSessionAttribute("times");
-	        if (times == null)
-	        {
-	            times = new Stack<Date>();
-	            times.push(new Date(0));
-	            session.setAttribute("times", times);
-	        }
-	        times.push(new Date());
-	        if (times.size() >= hits)
-	        {
-	            times.removeElementAt(0);
-	        }
-	        Date newest = times.get(times.size() - 1);
-	        Date oldest = times.get(0);
-	        long elapsed = newest.getTime() - oldest.getTime();        
-	        if (elapsed < period * 1000) // seconds
-	        {
-	            response.getWriter().println("Request rate too high");
-	            return;
-	        }
-        }        
+            List<Long> times = ESAPI.httpUtilities().getSessionAttribute("times");
+            if (times == null) {
+                times = new LinkedList<Long>();
+                session.setAttribute("times", times);
+            }
+            Long newest = System.currentTimeMillis();
+            times.add(newest);
+            if (times.size() > hits) {
+                Long oldest = times.remove(0);
+                long elapsed = newest - oldest;
+                if (elapsed < period * 1000) {
+                    response.getWriter().println("Request rate too high");
+                    return;
+                }
+            }
+        }
         chain.doFilter(request, response);
     }
 
@@ -111,4 +106,4 @@ public void destroy()
         // finalize
     }
 
-}
\ No newline at end of file
+}

From 14fd61a7a29824c2bd3ee27e755ccf4253bdf141 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sat, 16 Jan 2016 21:32:49 -0500
Subject: [PATCH 076/812] JUnit changes made because of changes to CipherSpec
 class and changing assertions to exlicit runtime checks resulting in
 IllegalArgumentExceptions.

---
 .../owasp/esapi/crypto/CipherSpecTest.java    | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/crypto/CipherSpecTest.java b/src/test/java/org/owasp/esapi/crypto/CipherSpecTest.java
index b842aaec6..8f808880f 100644
--- a/src/test/java/org/owasp/esapi/crypto/CipherSpecTest.java
+++ b/src/test/java/org/owasp/esapi/crypto/CipherSpecTest.java
@@ -144,14 +144,14 @@ public class CipherSpecTest extends TestCase {
 	/** Test setBlockSize() */
 	@Test public void testSetBlockSize() {
 		try {
-			cipherSpec.setBlockSize(0); // Throws AssertionError
-		} catch (AssertionError e) {
-			assertTrue(true);	// Doesn't work w/ @Test(expected=AssertionError.class)
+			cipherSpec.setBlockSize(0); // Throws IllegalArgumentException
+		} catch (IllegalArgumentException e) {
+			assertTrue(true);
 		}
 		try {
-			cipherSpec.setBlockSize(-1); // Throws AssertionError
-		} catch (AssertionError e) {
-			assertTrue(true);	// Doesn't work w/ @Test(expected=AssertionError.class)
+			cipherSpec.setBlockSize(-1); // Throws IllegalArgumentException
+		} catch (IllegalArgumentException e) {
+			assertTrue(true);
 		}
 		assertTrue( cipherSpec.setBlockSize(4).getBlockSize() == 4 );
 	}
@@ -181,9 +181,10 @@ public class CipherSpecTest extends TestCase {
 		try {
 			// Test that ECB mode allows a null IV
 			cipherSpec = new CipherSpec(dfltECBCipher);
+            assertTrue( cipherSpec.getCipherMode().equals("ECB") );
 			cipherSpec.setIV(null);
 			assertTrue(true);
-		} catch ( AssertionError e) {
+		} catch ( IllegalArgumentException e) {
 			assertFalse("Test failed; unexpected exception", false);
 		}
 		try {
@@ -191,7 +192,7 @@ public class CipherSpecTest extends TestCase {
 			cipherSpec = new CipherSpec(dfltAESCipher);
 			cipherSpec.setIV(null);
 			assertFalse("Test failed; Expected exception not thrown", false);
-		} catch ( AssertionError e) {
+		} catch ( IllegalArgumentException e) {
 			assertTrue(true);
 		}
 	}
@@ -270,4 +271,4 @@ public static junit.framework.Test suite() {
 
         return suite;
     }
-}
\ No newline at end of file
+}

From 3c8e18d726095fbc88dc42c1c7a7c5e8d5943e45 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sat, 16 Jan 2016 21:34:50 -0500
Subject: [PATCH 077/812] Forgot to add imports for List and LinkedList. Fixes
 issue #322.

---
 .../org/owasp/esapi/filters/RequestRateThrottleFilter.java     | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/main/java/org/owasp/esapi/filters/RequestRateThrottleFilter.java b/src/main/java/org/owasp/esapi/filters/RequestRateThrottleFilter.java
index 4ac188979..4d78551fd 100644
--- a/src/main/java/org/owasp/esapi/filters/RequestRateThrottleFilter.java
+++ b/src/main/java/org/owasp/esapi/filters/RequestRateThrottleFilter.java
@@ -22,7 +22,8 @@
 import javax.servlet.http.HttpSession;
 import java.io.IOException;
 import java.util.Date;
-import java.util.Stack;
+import java.util.List;
+import java.util.LinkedList;
 
 /**
  * A simple servlet filter that limits the request rate to a certain threshold of requests per second.

From 86c6fa54bde1aca91c7bd08b9ee96c1a5fdb99e5 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sat, 16 Jan 2016 22:08:06 -0500
Subject: [PATCH 078/812] Ignore everything in 'target' directory.

---
 .gitignore | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 .gitignore

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 000000000..ea8c4bf7f
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+/target

From e0220902fc0e1a5ecb96587b1ae39931d11fcffb Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sat, 16 Jan 2016 22:17:10 -0500
Subject: [PATCH 079/812] Configure line endings and file types for common file
 extensions as discussed with Matt Seil via Gmail on 12/31/2015.

---
 .gitattributes | 40 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 .gitattributes

diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 000000000..596f92708
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1,40 @@
+# Set the default behavior, in case people don't have core.autocrlf set.
+* text=auto
+
+# Explicitly declare text files you want to always be normalized and converted
+# to native line endings on checkout.
+*.java text
+*.properties text
+*.xml text
+*.xsd text
+*.dtd text
+*.MF text
+*.md text
+*.html text
+*.tld text
+*.json text
+
+# Declare files that will always have CRLF line endings on checkout.
+*.cmd text eol=crlf
+*.bat text eol=crlf
+# Because *nix editors / paginators can handle either way, but braindead
+# Windoze notepad, the default to open .txt files, not so much.
+*.txt text eol=crlf
+
+# Declare files that will always have LF line endings on checkout
+*.sh text eol=lf
+*.bsh text eol=lf
+
+# Denote all files that are truly binary and should not be modified,
+# or simply replaced in whole if committed.
+*.jpg binary
+*.JPG binary
+*.jks binary
+*.ser binary
+*.doc binary
+*.docx binary
+*.xls binary
+*.xlsx binary
+*.pptx binary
+*.odt binary
+*.pdf binary

From e3f09d8ec48986b5fcc9f675bb3933a0467e152c Mon Sep 17 00:00:00 2001
From: Matt <mseil@acm.org>
Date: Mon, 18 Jan 2016 09:46:04 -0600
Subject: [PATCH 080/812] Commented text=auto in .gitattributes.

---
 .gitattributes | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.gitattributes b/.gitattributes
index 596f92708..82f8b6ca8 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,5 +1,5 @@
 # Set the default behavior, in case people don't have core.autocrlf set.
-* text=auto
+#* text=auto
 
 # Explicitly declare text files you want to always be normalized and converted
 # to native line endings on checkout.

From 84dfcb75e9fb819c5a00814d81923b2c124db966 Mon Sep 17 00:00:00 2001
From: Matt <mseil@acm.org>
Date: Mon, 18 Jan 2016 13:12:06 -0600
Subject: [PATCH 081/812] Removed comment from .gitattribute

---
 .gitattributes | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.gitattributes b/.gitattributes
index 82f8b6ca8..596f92708 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,5 +1,5 @@
 # Set the default behavior, in case people don't have core.autocrlf set.
-#* text=auto
+* text=auto
 
 # Explicitly declare text files you want to always be normalized and converted
 # to native line endings on checkout.

From 2d810cebb1093a795f375e7bc947b8030624d01c Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Mon, 18 Jan 2016 13:25:28 -0600
Subject: [PATCH 082/812] Changed java eol to 'LF'

---
 .gitattributes | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.gitattributes b/.gitattributes
index 596f92708..b22d37b11 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -3,7 +3,7 @@
 
 # Explicitly declare text files you want to always be normalized and converted
 # to native line endings on checkout.
-*.java text
+*.java eol=lf
 *.properties text
 *.xml text
 *.xsd text

From 5092bbf5f7177779bbe20dd7d5931814c3a80a60 Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Mon, 18 Jan 2016 13:27:50 -0600
Subject: [PATCH 083/812] Changed .java to crlf for testing.

---
 .gitattributes | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.gitattributes b/.gitattributes
index b22d37b11..2b98a25d6 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -3,7 +3,7 @@
 
 # Explicitly declare text files you want to always be normalized and converted
 # to native line endings on checkout.
-*.java eol=lf
+*.java eol=crlf
 *.properties text
 *.xml text
 *.xsd text

From 54fca07bbb54195c94f4e95290d353436239be04 Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Mon, 18 Jan 2016 14:54:42 -0600
Subject: [PATCH 084/812] Revert "Changed .java to crlf for testing."

This reverts commit 5092bbf5f7177779bbe20dd7d5931814c3a80a60.
---
 .gitattributes | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.gitattributes b/.gitattributes
index 2b98a25d6..b22d37b11 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -3,7 +3,7 @@
 
 # Explicitly declare text files you want to always be normalized and converted
 # to native line endings on checkout.
-*.java eol=crlf
+*.java eol=lf
 *.properties text
 *.xml text
 *.xsd text

From 38053aae32f648170ceada2a24b7ef4c1a324bfe Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 22:54:09 -0500
Subject: [PATCH 085/812] Try to fix the CRLF mess that we're in via
 .gitattributes.

---
 .gitattributes | 24 +++++++++++++++++++++---
 1 file changed, 21 insertions(+), 3 deletions(-)

diff --git a/.gitattributes b/.gitattributes
index b22d37b11..a90ca1d70 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,9 +1,22 @@
-# Set the default behavior, in case people don't have core.autocrlf set.
+# Autodetect text files
+#
+# In addition:
+#   Windows developers should set:
+#       git config --global core.autocrlf true
+#   UNIX / MacOS develoers should set:
+#       git config --global core.autocrlf input
 * text=auto
 
+# And configure default EOL terminators.
+#
+# Force the following filetypes to have Unix eols, so Windows does not break them
+# Those that are not explicitly set to use Windows EOL will use LF as EOL terminator.
+# (e.g., see *.bat, below).
+*.* text eol=lf
+
 # Explicitly declare text files you want to always be normalized and converted
 # to native line endings on checkout.
-*.java eol=lf
+*.java text
 *.properties text
 *.xml text
 *.xsd text
@@ -18,17 +31,22 @@
 *.cmd text eol=crlf
 *.bat text eol=crlf
 # Because *nix editors / paginators can handle either way, but braindead
-# Windoze notepad, the default to open .txt files, not so much.
+# Windoze notepad which is used by default to handle text files in Windows,
+# not so much, we also make the concession here to use CRLF for EOL.
 *.txt text eol=crlf
+# Ditto for Eclipse related preferences
+*.prefs text eol=crlf
 
 # Declare files that will always have LF line endings on checkout
 *.sh text eol=lf
 *.bsh text eol=lf
+*.ksh text eol=lf
 
 # Denote all files that are truly binary and should not be modified,
 # or simply replaced in whole if committed.
 *.jpg binary
 *.JPG binary
+*.png binary
 *.jks binary
 *.ser binary
 *.doc binary

From ca5723b81c6a4ccaccd6f02c4ff5c98628096f4b Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:26:01 -0500
Subject: [PATCH 086/812] Test case for issue 356. If this works, will do mass
 updates.

---
 .../org/owasp/esapi/waf/WAFTestUtility.java   | 182 +++++++++---------
 1 file changed, 91 insertions(+), 91 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/waf/WAFTestUtility.java b/src/test/java/org/owasp/esapi/waf/WAFTestUtility.java
index 3a58b387c..205d0d564 100644
--- a/src/test/java/org/owasp/esapi/waf/WAFTestUtility.java
+++ b/src/test/java/org/owasp/esapi/waf/WAFTestUtility.java
@@ -1,91 +1,91 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * 
- * @created 2009
- */
-package org.owasp.esapi.waf;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.InputStream;
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.servlet.FilterConfig;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.http.MockFilterChain;
-import org.owasp.esapi.http.MockFilterConfig;
-import org.owasp.esapi.http.MockHttpServletRequest;
-import org.owasp.esapi.http.MockHttpServletResponse;
-
-/**
- * This class holds a number of static utilities to make writing WAF test cases easy. Definitely not useful
- * for anything other than testing.
- */
-public class WAFTestUtility {
-
-    public static void setWAFPolicy( ESAPIWebApplicationFirewallFilter waf, String policyFile ) throws Exception {
-        Map map = new HashMap();
-    	map.put( "configuration", policyFile );
-    	map.put( "log_settings", "../log4j.xml");
-    	FilterConfig mfc = new MockWafFilterConfig( map );
-    	waf.init( mfc );
-    }
-    
-    public static int checkWAFResult( ESAPIWebApplicationFirewallFilter waf, MockHttpServletRequest request, MockHttpServletResponse response, MockFilterChain chain ) throws Exception {
-
-        //request.dump();
-    	waf.doFilter(request, response, chain);
-        //response.dump();
-        
-        return response.getStatus();
-       
-    }  
-
-    public static int createAndExecuteWAFTransaction ( ESAPIWebApplicationFirewallFilter waf, MockHttpServletRequest request, MockHttpServletResponse response ) throws Exception {
-
-		MockFilterChain chain = new MockFilterChain();
-		
-		return WAFTestUtility.checkWAFResult(waf, request, response, chain);
-		
-	}
-
-    public static int createAndExecuteWAFTransaction ( ESAPIWebApplicationFirewallFilter waf, MockHttpServletRequest request, MockHttpServletResponse response, MockFilterChain filterChain ) throws Exception {
-
-
-    	return WAFTestUtility.checkWAFResult(waf, request, response, filterChain);
-		
-	}
-    
-    public static int createAndExecuteWAFTransaction ( String policy, MockHttpServletRequest request, MockHttpServletResponse response ) throws Exception {
-
-    	ESAPIWebApplicationFirewallFilter waf = new ESAPIWebApplicationFirewallFilter();
-    	File f = ESAPI.securityConfiguration().getResourceFile(policy);
-    	waf.setConfiguration(f.getAbsolutePath(),"");
-
-		return createAndExecuteWAFTransaction(waf, request, response );
-		
-	}
-    
-    public static int createAndExecuteWAFTransaction ( String policy, MockHttpServletRequest request, MockHttpServletResponse response, MockFilterChain filterChain ) throws Exception {
-
-    	ESAPIWebApplicationFirewallFilter waf = new ESAPIWebApplicationFirewallFilter();
-    	File f = ESAPI.securityConfiguration().getResourceFile(policy);        
-    	waf.setConfiguration(f.getAbsolutePath(),"");
-
-		return createAndExecuteWAFTransaction(waf, request, response, filterChain );
-		
-	}
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * 
+ * @created 2009
+ */
+package org.owasp.esapi.waf;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.InputStream;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.servlet.FilterConfig;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.http.MockFilterChain;
+import org.owasp.esapi.http.MockFilterConfig;
+import org.owasp.esapi.http.MockHttpServletRequest;
+import org.owasp.esapi.http.MockHttpServletResponse;
+
+/**
+ * This class holds a number of static utilities to make writing WAF test cases easy. Definitely not useful
+ * for anything other than testing.
+ */
+public class WAFTestUtility {
+
+    public static void setWAFPolicy( ESAPIWebApplicationFirewallFilter waf, String policyFile ) throws Exception {
+        Map map = new HashMap();
+    	map.put( "configuration", policyFile );
+    	map.put( "log_settings", "../log4j.xml");
+    	FilterConfig mfc = new MockWafFilterConfig( map );
+    	waf.init( mfc );
+    }
+    
+    public static int checkWAFResult( ESAPIWebApplicationFirewallFilter waf, MockHttpServletRequest request, MockHttpServletResponse response, MockFilterChain chain ) throws Exception {
+
+        //request.dump();
+    	waf.doFilter(request, response, chain);
+        //response.dump();
+        
+        return response.getStatus();
+       
+    }  
+
+    public static int createAndExecuteWAFTransaction ( ESAPIWebApplicationFirewallFilter waf, MockHttpServletRequest request, MockHttpServletResponse response ) throws Exception {
+
+		MockFilterChain chain = new MockFilterChain();
+		
+		return WAFTestUtility.checkWAFResult(waf, request, response, chain);
+		
+	}
+
+    public static int createAndExecuteWAFTransaction ( ESAPIWebApplicationFirewallFilter waf, MockHttpServletRequest request, MockHttpServletResponse response, MockFilterChain filterChain ) throws Exception {
+
+
+    	return WAFTestUtility.checkWAFResult(waf, request, response, filterChain);
+		
+	}
+    
+    public static int createAndExecuteWAFTransaction ( String policy, MockHttpServletRequest request, MockHttpServletResponse response ) throws Exception {
+
+    	ESAPIWebApplicationFirewallFilter waf = new ESAPIWebApplicationFirewallFilter();
+    	File f = ESAPI.securityConfiguration().getResourceFile(policy);
+    	waf.setConfiguration(f.getAbsolutePath(),"");
+
+		return createAndExecuteWAFTransaction(waf, request, response );
+		
+	}
+    
+    public static int createAndExecuteWAFTransaction ( String policy, MockHttpServletRequest request, MockHttpServletResponse response, MockFilterChain filterChain ) throws Exception {
+
+    	ESAPIWebApplicationFirewallFilter waf = new ESAPIWebApplicationFirewallFilter();
+    	File f = ESAPI.securityConfiguration().getResourceFile(policy);        
+    	waf.setConfiguration(f.getAbsolutePath(),"");
+
+		return createAndExecuteWAFTransaction(waf, request, response, filterChain );
+		
+	}
+}

From f5a66275bdd3d5be246d0bc024077ddb0d050287 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:47 -0500
Subject: [PATCH 087/812] Change CRLF to LF for issue 356.

---
 .../org/owasp/esapi/AccessController.java     | 702 +++++++++---------
 1 file changed, 351 insertions(+), 351 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/AccessController.java b/src/main/java/org/owasp/esapi/AccessController.java
index e6269e1d5..2d9e4dac8 100644
--- a/src/main/java/org/owasp/esapi/AccessController.java
+++ b/src/main/java/org/owasp/esapi/AccessController.java
@@ -1,351 +1,351 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi;
-
-import org.owasp.esapi.errors.AccessControlException;
-
-
-
-/**
- * The AccessController interface defines a set of methods that can be used in a wide variety of applications to
- * enforce access control. In most applications, access control must be performed in multiple different locations across
- * the various application layers. This class provides access control for URLs, business functions, data, services, and
- * files.
- * <P>
- * The implementation of this interface will need to access the current User object (from Authenticator.getCurrentUser())
- * to determine roles or permissions. In addition, the implementation
- * will also need information about the resources that are being accessed. Using the user information and the resource
- * information, the implementation should return an access control decision. 
- * <P>
- * Implementers are encouraged to implement the ESAPI access control rules, like assertAuthorizedForFunction() using 
- * existing access control mechanisms, such as methods like isUserInRole() or hasPrivilege(). While powerful, 
- * methods like isUserInRole() can be confusing for developers, as users may be in multiple roles or possess multiple 
- * overlapping privileges. Direct use of these finer grained access control methods encourages the use of complex boolean 
- * tests throughout the code, which can easily lead to developer mistakes.
- * <P>
- * The point of the ESAPI access control interface is to centralize access control logic behind easy to use calls like 
- * assertAuthorized() so that access control is easy to use and easy to verify. Here is an example of a very 
- * straightforward to implement, understand, and verify ESAPI access control check: 
- * 
- * <pre>
- * try {
- *     ESAPI.accessController().assertAuthorized("businessFunction", runtimeData);
- *     // execute BUSINESS_FUNCTION
- * } catch (AccessControlException ace) {
- * ... attack in progress
- * }
- * </pre>
- * 
- * Note that in the user interface layer, access control checks can be used to control whether particular controls are
- * rendered or not. These checks are supposed to fail when an unauthorized user is logged in, and do not represent
- * attacks. Remember that regardless of how the user interface appears, an attacker can attempt to invoke any business
- * function or access any data in your application. Therefore, access control checks in the user interface should be
- * repeated in both the business logic and data layers.
- * 
- * <pre>
- * &lt;% if ( ESAPI.accessController().isAuthorized( "businessFunction", runtimeData ) ) { %&gt;
- * &lt;a href=&quot;/doAdminFunction&quot;&gt;ADMIN&lt;/a&gt;
- * &lt;% } else { %&gt;
- * &lt;a href=&quot;/doNormalFunction&quot;&gt;NORMAL&lt;/a&gt;
- * &lt;% } %&gt;
- * </pre>
- * 
- * @author Mike H. Fauzy (mike.fauzy@aspectsecurity.com) ESAPI v1.6-
- * @author Jeff Williams (jeff.williams@aspectsecurity.com) ESAPI v0-1.5
- */
-public interface AccessController {
-
-	/**
-	 * <code>isAuthorized</code> executes the <code>AccessControlRule</code> 
-	 * that is identified by <code>key</code> and listed in the 
-	 * <code>resources/ESAPI-AccessControlPolicy.xml</code> file. It returns 
-	 * true if the <code>AccessControlRule</code> decides that the operation 
-	 * should be allowed. Otherwise, it returns false. Any exception thrown by 
-	 * the <code>AccessControlRule</code> must result in false. If 
-	 * <code>key</code> does not map to an <code>AccessControlRule</code>, then 
-	 * false is returned. 
-	 *  
-	 * Developers should call isAuthorized to control execution flow. For 
-	 * example, if you want to decide whether to display a UI widget in the 
-	 * browser using the same logic that you will use to enforce permissions
-	 * on the server, then isAuthorized is the method that you want to use.
-	 * 
-	 * Typically, assertAuthorized should be used to enforce permissions on the 
-	 * server.
-	 *  
-	 * @param key <code>key</code> maps to 
-	 * <code>&lt;AccessControlPolicy&gt;&lt;AccessControlRules&gt;
-	 *     &lt;AccessControlRule name="key"</code>
-	 * @param runtimeParameter runtimeParameter can contain anything that 
-	 *        the AccessControlRule needs from the runtime system. 
-	 * @return Returns <code>true</code> if and only if the AccessControlRule specified 
-	 *        by <code>key</code> exists and returned <code>true</code>. 
-	 *        Otherwise returns <code>false</code> 
-	 */
-	public boolean isAuthorized(Object key, Object runtimeParameter);
-	
-	/**
-	 * <code>assertAuthorized</code> executes the <code>AccessControlRule</code> 
-	 * that is identified by <code>key</code> and listed in the 
-	 * <code>resources/ESAPI-AccessControlPolicy.xml</code> file. It does 
-	 * nothing if the <code>AccessControlRule</code> decides that the operation 
-	 * should be allowed. Otherwise, it throws an 
-	 * <code>org.owasp.esapi.errors.AccessControlException</code>. Any exception
-	 * thrown by the <code>AccessControlRule</code> will also result in an 
-	 * <code>AccesControlException</code>. If <code>key</code> does not map to 
-	 * an <code>AccessControlRule</code>, then an <code>AccessControlException
-	 * </code> is thrown.  
-	 *  
-	 * Developers should call {@code assertAuthorized} to enforce privileged access to 
-	 * the system. It should be used to answer the question: "Should execution 
-	 * continue." Ideally, the call to <code>assertAuthorized</code> should
-	 * be integrated into the application framework so that it is called 
-	 * automatically. 
-	 *  
-	 * @param key <code>key</code> maps to 
-	 * &lt;AccessControlPolicy&gt;&lt;AccessControlRules&gt;
-	 *     &lt;AccessControlRule name="key"
-	 * @param runtimeParameter runtimeParameter can contain anything that 
-	 *        the AccessControlRule needs from the runtime system.
-	 */
-	public void assertAuthorized(Object key, Object runtimeParameter)
-		throws AccessControlException;
-
-		
-
-	
-	/*** Below this line has been deprecated as of ESAPI 1.6 ***/ 
-	
-	
-	
-	
-    /**
-     * Checks if the current user is authorized to access the referenced URL. Generally, this method should be invoked in the
-     * application's controller or a filter as follows:
-     * <PRE>ESAPI.accessController().isAuthorizedForURL(request.getRequestURI().toString());</PRE>
-     * 
-     * The implementation of this method should call assertAuthorizedForURL(String url), and if an AccessControlException is 
-     * not thrown, this method should return true. This way, if the user is not authorized, false would be returned, and the 
-     * exception would be logged.
-     * 
-     * @param url 
-     * 		the URL as returned by request.getRequestURI().toString()
-     * 
-     * @return 
-     * 		true, if is authorized for URL
-     */
-    boolean isAuthorizedForURL(String url);
-
-    /**
-     * Checks if the current user is authorized to access the referenced function. 
-     * 
-     * The implementation of this method should call assertAuthorizedForFunction(String functionName), and if an 
-     * AccessControlException is not thrown, this method should return true.
-     * 
-     * @param functionName 
-     * 		the name of the function
-     * 
-     * @return 
-     * 		true, if is authorized for function
-     */
-    boolean isAuthorizedForFunction(String functionName);
-
-
-    /**
-     * Checks if the current user is authorized to access the referenced data, represented as an Object. 
-     * 
-     * The implementation of this method should call assertAuthorizedForData(String action, Object data), and if an 
-     * AccessControlException is not thrown, this method should return true.
-     * 
-     * @param action
-     *      The action to verify for an access control decision, such as a role, or an action being performed on the object 
-     *      (e.g., Read, Write, etc.), or the name of the function the data is being passed to.
-     * 
-     * @param data
-     * 		The actual object or object identifier being accessed or a reference to the object being accessed.
-     * 
-     * @return 
-     * 		true, if is authorized for the data
-     */
-    boolean isAuthorizedForData(String action, Object data);
-    
-    /**
-     * Checks if the current user is authorized to access the referenced file. 
-     * 
-     * The implementation of this method should call assertAuthorizedForFile(String filepath), and if an AccessControlException 
-     * is not thrown, this method should return true.
-     *   
-     * @param filepath 
-     * 		the path of the file to be checked, including filename
-     * 
-     * @return 
-     * 		true, if is authorized for the file
-     */
-    boolean isAuthorizedForFile(String filepath);
-
-    /**
-     * Checks if the current user is authorized to access the referenced service. This can be used in applications that
-     * provide access to a variety of back end services.
-     * 
-     * The implementation of this method should call assertAuthorizedForService(String serviceName), and if an 
-     * AccessControlException is not thrown, this method should return true.
-     * 
-     * @param serviceName 
-     * 		the service name
-     * 
-     * @return 
-     * 		true, if is authorized for the service
-     */
-    boolean isAuthorizedForService(String serviceName);
-
-    /**
-     * Checks if the current user is authorized to access the referenced URL. The implementation should allow
-     * access to be granted to any part of the URL. Generally, this method should be invoked in the
-     * application's controller or a filter as follows:
-     * <PRE>ESAPI.accessController().assertAuthorizedForURL(request.getRequestURI().toString());</PRE> 
-     * 
-     * This method throws an AccessControlException if access is not authorized, or if the referenced URL does not exist.
-     * If the User is authorized, this method simply returns.
-     * <P>
-     * Specification:  The implementation should do the following:
-     * <ol>
-     * <li>Check to see if the resource exists and if not, throw an AccessControlException</li>
-     * <li>Use available information to make an access control decision</li>
-     *      <ol type="a">
-     *      <li>Ideally, this policy would be data driven</li>
-     * 		<li>You can use the current User, roles, data type, data name, time of day, etc.</li>
-     *  	<li>Access control decisions must deny by default</li>
-     *      </ol>
-     * <li>If access is not permitted, throw an AccessControlException with details</li>
-     * </ol> 
-     * @param url 
-     * 		the URL as returned by request.getRequestURI().toString()
-     * 
-     * @throws AccessControlException 
-     * 		if access is not permitted
-     */
-    void assertAuthorizedForURL(String url) throws AccessControlException;
-    
-    /**
-     * Checks if the current user is authorized to access the referenced function. The implementation should define the
-     * function "namespace" to be enforced. Choosing something simple like the class name of action classes or menu item
-     * names will make this implementation easier to use.
-     * <P>
-     * This method throws an AccessControlException if access is not authorized, or if the referenced function does not exist.
-     * If the User is authorized, this method simply returns.
-     * <P>
-     * Specification:  The implementation should do the following:
-     * <ol>
-     * <li>Check to see if the function exists and if not, throw an AccessControlException</li>
-     * <li>Use available information to make an access control decision</li>
-     *      <ol type="a">
-     *      <li>Ideally, this policy would be data driven</li>
-     * 		<li>You can use the current User, roles, data type, data name, time of day, etc.</li>
-     *  	<li>Access control decisions must deny by default</li>
-     *      </ol>
-     * <li>If access is not permitted, throw an AccessControlException with details</li>
-     * </ol> 
-     * 
-     * @param functionName 
-     * 		the function name
-     * 
-     * @throws AccessControlException 
-     * 		if access is not permitted
-     */
-    void assertAuthorizedForFunction(String functionName) throws AccessControlException;
-    
-
-    /**
-     * Checks if the current user is authorized to access the referenced data.  This method simply returns if access is authorized.  
-     * It throws an AccessControlException if access is not authorized, or if the referenced data does not exist.
-     * <P>
-     * Specification:  The implementation should do the following:
-     * <ol>
-     * <li>Check to see if the resource exists and if not, throw an AccessControlException</li>
-     * <li>Use available information to make an access control decision</li>
-     *      <ol type="a">
-     *      <li>Ideally, this policy would be data driven</li>
-     * 		<li>You can use the current User, roles, data type, data name, time of day, etc.</li>
-     *  	<li>Access control decisions must deny by default</li>
-     *      </ol>
-     * <li>If access is not permitted, throw an AccessControlException with details</li>
-     * </ol> 
-     * 
-     * @param action
-     *      The action to verify for an access control decision, such as a role, or an action being performed on the object 
-     *      (e.g., Read, Write, etc.), or the name of the function the data is being passed to.
-     * 
-     * @param data
-     * 		The actual object or object identifier being accessed or a reference to the object being accessed.
-     * 
-     * @throws AccessControlException 
-     * 		if access is not permitted
-     */
-    void assertAuthorizedForData(String action, Object data) throws AccessControlException;
-   
-    /**
-     * Checks if the current user is authorized to access the referenced file. The implementation should validate and canonicalize the 
-     * input to be sure the filepath is not malicious.
-     * <P>
-     * This method throws an AccessControlException if access is not authorized, or if the referenced File does not exist.
-     * If the User is authorized, this method simply returns.
-     * <P>
-     * Specification:  The implementation should do the following:
-     * <ol>
-     * <li>Check to see if the File exists and if not, throw an AccessControlException</li>
-     * <li>Use available information to make an access control decision</li>
-     *      <ol type="a">
-     *      <li>Ideally, this policy would be data driven</li>
-     * 		<li>You can use the current User, roles, data type, data name, time of day, etc.</li>
-     *  	<li>Access control decisions must deny by default</li>
-     *      </ol>
-     * <li>If access is not permitted, throw an AccessControlException with details</li>
-     * </ol> 
-     * 
-     * @param filepath
-     * 			Path to the file to be checked
-     * @throws AccessControlException if access is denied
-     */
-    void assertAuthorizedForFile(String filepath) throws AccessControlException;
-    
-    /**
-     * Checks if the current user is authorized to access the referenced service. This can be used in applications that
-     * provide access to a variety of backend services.
-     * <P>
-     * This method throws an AccessControlException if access is not authorized, or if the referenced service does not exist.
-     * If the User is authorized, this method simply returns.
-     * <P>
-     * Specification:  The implementation should do the following:
-     * <ol>
-     * <li>Check to see if the service exists and if not, throw an AccessControlException</li>
-     * <li>Use available information to make an access control decision</li>
-     *      <ol type="a">
-     *      <li>Ideally, this policy would be data driven</li>
-     * 		<li>You can use the current User, roles, data type, data name, time of day, etc.</li>
-     *  	<li>Access control decisions must deny by default</li>
-     *      </ol>
-     * <li>If access is not permitted, throw an AccessControlException with details</li>
-     * </ol> 
-     * 
-     * @param serviceName 
-     * 		the service name
-     * 
-     * @throws AccessControlException
-     * 		if access is not permitted
-     */				
-    void assertAuthorizedForService(String serviceName) throws AccessControlException;
-    
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi;
+
+import org.owasp.esapi.errors.AccessControlException;
+
+
+
+/**
+ * The AccessController interface defines a set of methods that can be used in a wide variety of applications to
+ * enforce access control. In most applications, access control must be performed in multiple different locations across
+ * the various application layers. This class provides access control for URLs, business functions, data, services, and
+ * files.
+ * <P>
+ * The implementation of this interface will need to access the current User object (from Authenticator.getCurrentUser())
+ * to determine roles or permissions. In addition, the implementation
+ * will also need information about the resources that are being accessed. Using the user information and the resource
+ * information, the implementation should return an access control decision. 
+ * <P>
+ * Implementers are encouraged to implement the ESAPI access control rules, like assertAuthorizedForFunction() using 
+ * existing access control mechanisms, such as methods like isUserInRole() or hasPrivilege(). While powerful, 
+ * methods like isUserInRole() can be confusing for developers, as users may be in multiple roles or possess multiple 
+ * overlapping privileges. Direct use of these finer grained access control methods encourages the use of complex boolean 
+ * tests throughout the code, which can easily lead to developer mistakes.
+ * <P>
+ * The point of the ESAPI access control interface is to centralize access control logic behind easy to use calls like 
+ * assertAuthorized() so that access control is easy to use and easy to verify. Here is an example of a very 
+ * straightforward to implement, understand, and verify ESAPI access control check: 
+ * 
+ * <pre>
+ * try {
+ *     ESAPI.accessController().assertAuthorized("businessFunction", runtimeData);
+ *     // execute BUSINESS_FUNCTION
+ * } catch (AccessControlException ace) {
+ * ... attack in progress
+ * }
+ * </pre>
+ * 
+ * Note that in the user interface layer, access control checks can be used to control whether particular controls are
+ * rendered or not. These checks are supposed to fail when an unauthorized user is logged in, and do not represent
+ * attacks. Remember that regardless of how the user interface appears, an attacker can attempt to invoke any business
+ * function or access any data in your application. Therefore, access control checks in the user interface should be
+ * repeated in both the business logic and data layers.
+ * 
+ * <pre>
+ * &lt;% if ( ESAPI.accessController().isAuthorized( "businessFunction", runtimeData ) ) { %&gt;
+ * &lt;a href=&quot;/doAdminFunction&quot;&gt;ADMIN&lt;/a&gt;
+ * &lt;% } else { %&gt;
+ * &lt;a href=&quot;/doNormalFunction&quot;&gt;NORMAL&lt;/a&gt;
+ * &lt;% } %&gt;
+ * </pre>
+ * 
+ * @author Mike H. Fauzy (mike.fauzy@aspectsecurity.com) ESAPI v1.6-
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com) ESAPI v0-1.5
+ */
+public interface AccessController {
+
+	/**
+	 * <code>isAuthorized</code> executes the <code>AccessControlRule</code> 
+	 * that is identified by <code>key</code> and listed in the 
+	 * <code>resources/ESAPI-AccessControlPolicy.xml</code> file. It returns 
+	 * true if the <code>AccessControlRule</code> decides that the operation 
+	 * should be allowed. Otherwise, it returns false. Any exception thrown by 
+	 * the <code>AccessControlRule</code> must result in false. If 
+	 * <code>key</code> does not map to an <code>AccessControlRule</code>, then 
+	 * false is returned. 
+	 *  
+	 * Developers should call isAuthorized to control execution flow. For 
+	 * example, if you want to decide whether to display a UI widget in the 
+	 * browser using the same logic that you will use to enforce permissions
+	 * on the server, then isAuthorized is the method that you want to use.
+	 * 
+	 * Typically, assertAuthorized should be used to enforce permissions on the 
+	 * server.
+	 *  
+	 * @param key <code>key</code> maps to 
+	 * <code>&lt;AccessControlPolicy&gt;&lt;AccessControlRules&gt;
+	 *     &lt;AccessControlRule name="key"</code>
+	 * @param runtimeParameter runtimeParameter can contain anything that 
+	 *        the AccessControlRule needs from the runtime system. 
+	 * @return Returns <code>true</code> if and only if the AccessControlRule specified 
+	 *        by <code>key</code> exists and returned <code>true</code>. 
+	 *        Otherwise returns <code>false</code> 
+	 */
+	public boolean isAuthorized(Object key, Object runtimeParameter);
+	
+	/**
+	 * <code>assertAuthorized</code> executes the <code>AccessControlRule</code> 
+	 * that is identified by <code>key</code> and listed in the 
+	 * <code>resources/ESAPI-AccessControlPolicy.xml</code> file. It does 
+	 * nothing if the <code>AccessControlRule</code> decides that the operation 
+	 * should be allowed. Otherwise, it throws an 
+	 * <code>org.owasp.esapi.errors.AccessControlException</code>. Any exception
+	 * thrown by the <code>AccessControlRule</code> will also result in an 
+	 * <code>AccesControlException</code>. If <code>key</code> does not map to 
+	 * an <code>AccessControlRule</code>, then an <code>AccessControlException
+	 * </code> is thrown.  
+	 *  
+	 * Developers should call {@code assertAuthorized} to enforce privileged access to 
+	 * the system. It should be used to answer the question: "Should execution 
+	 * continue." Ideally, the call to <code>assertAuthorized</code> should
+	 * be integrated into the application framework so that it is called 
+	 * automatically. 
+	 *  
+	 * @param key <code>key</code> maps to 
+	 * &lt;AccessControlPolicy&gt;&lt;AccessControlRules&gt;
+	 *     &lt;AccessControlRule name="key"
+	 * @param runtimeParameter runtimeParameter can contain anything that 
+	 *        the AccessControlRule needs from the runtime system.
+	 */
+	public void assertAuthorized(Object key, Object runtimeParameter)
+		throws AccessControlException;
+
+		
+
+	
+	/*** Below this line has been deprecated as of ESAPI 1.6 ***/ 
+	
+	
+	
+	
+    /**
+     * Checks if the current user is authorized to access the referenced URL. Generally, this method should be invoked in the
+     * application's controller or a filter as follows:
+     * <PRE>ESAPI.accessController().isAuthorizedForURL(request.getRequestURI().toString());</PRE>
+     * 
+     * The implementation of this method should call assertAuthorizedForURL(String url), and if an AccessControlException is 
+     * not thrown, this method should return true. This way, if the user is not authorized, false would be returned, and the 
+     * exception would be logged.
+     * 
+     * @param url 
+     * 		the URL as returned by request.getRequestURI().toString()
+     * 
+     * @return 
+     * 		true, if is authorized for URL
+     */
+    boolean isAuthorizedForURL(String url);
+
+    /**
+     * Checks if the current user is authorized to access the referenced function. 
+     * 
+     * The implementation of this method should call assertAuthorizedForFunction(String functionName), and if an 
+     * AccessControlException is not thrown, this method should return true.
+     * 
+     * @param functionName 
+     * 		the name of the function
+     * 
+     * @return 
+     * 		true, if is authorized for function
+     */
+    boolean isAuthorizedForFunction(String functionName);
+
+
+    /**
+     * Checks if the current user is authorized to access the referenced data, represented as an Object. 
+     * 
+     * The implementation of this method should call assertAuthorizedForData(String action, Object data), and if an 
+     * AccessControlException is not thrown, this method should return true.
+     * 
+     * @param action
+     *      The action to verify for an access control decision, such as a role, or an action being performed on the object 
+     *      (e.g., Read, Write, etc.), or the name of the function the data is being passed to.
+     * 
+     * @param data
+     * 		The actual object or object identifier being accessed or a reference to the object being accessed.
+     * 
+     * @return 
+     * 		true, if is authorized for the data
+     */
+    boolean isAuthorizedForData(String action, Object data);
+    
+    /**
+     * Checks if the current user is authorized to access the referenced file. 
+     * 
+     * The implementation of this method should call assertAuthorizedForFile(String filepath), and if an AccessControlException 
+     * is not thrown, this method should return true.
+     *   
+     * @param filepath 
+     * 		the path of the file to be checked, including filename
+     * 
+     * @return 
+     * 		true, if is authorized for the file
+     */
+    boolean isAuthorizedForFile(String filepath);
+
+    /**
+     * Checks if the current user is authorized to access the referenced service. This can be used in applications that
+     * provide access to a variety of back end services.
+     * 
+     * The implementation of this method should call assertAuthorizedForService(String serviceName), and if an 
+     * AccessControlException is not thrown, this method should return true.
+     * 
+     * @param serviceName 
+     * 		the service name
+     * 
+     * @return 
+     * 		true, if is authorized for the service
+     */
+    boolean isAuthorizedForService(String serviceName);
+
+    /**
+     * Checks if the current user is authorized to access the referenced URL. The implementation should allow
+     * access to be granted to any part of the URL. Generally, this method should be invoked in the
+     * application's controller or a filter as follows:
+     * <PRE>ESAPI.accessController().assertAuthorizedForURL(request.getRequestURI().toString());</PRE> 
+     * 
+     * This method throws an AccessControlException if access is not authorized, or if the referenced URL does not exist.
+     * If the User is authorized, this method simply returns.
+     * <P>
+     * Specification:  The implementation should do the following:
+     * <ol>
+     * <li>Check to see if the resource exists and if not, throw an AccessControlException</li>
+     * <li>Use available information to make an access control decision</li>
+     *      <ol type="a">
+     *      <li>Ideally, this policy would be data driven</li>
+     * 		<li>You can use the current User, roles, data type, data name, time of day, etc.</li>
+     *  	<li>Access control decisions must deny by default</li>
+     *      </ol>
+     * <li>If access is not permitted, throw an AccessControlException with details</li>
+     * </ol> 
+     * @param url 
+     * 		the URL as returned by request.getRequestURI().toString()
+     * 
+     * @throws AccessControlException 
+     * 		if access is not permitted
+     */
+    void assertAuthorizedForURL(String url) throws AccessControlException;
+    
+    /**
+     * Checks if the current user is authorized to access the referenced function. The implementation should define the
+     * function "namespace" to be enforced. Choosing something simple like the class name of action classes or menu item
+     * names will make this implementation easier to use.
+     * <P>
+     * This method throws an AccessControlException if access is not authorized, or if the referenced function does not exist.
+     * If the User is authorized, this method simply returns.
+     * <P>
+     * Specification:  The implementation should do the following:
+     * <ol>
+     * <li>Check to see if the function exists and if not, throw an AccessControlException</li>
+     * <li>Use available information to make an access control decision</li>
+     *      <ol type="a">
+     *      <li>Ideally, this policy would be data driven</li>
+     * 		<li>You can use the current User, roles, data type, data name, time of day, etc.</li>
+     *  	<li>Access control decisions must deny by default</li>
+     *      </ol>
+     * <li>If access is not permitted, throw an AccessControlException with details</li>
+     * </ol> 
+     * 
+     * @param functionName 
+     * 		the function name
+     * 
+     * @throws AccessControlException 
+     * 		if access is not permitted
+     */
+    void assertAuthorizedForFunction(String functionName) throws AccessControlException;
+    
+
+    /**
+     * Checks if the current user is authorized to access the referenced data.  This method simply returns if access is authorized.  
+     * It throws an AccessControlException if access is not authorized, or if the referenced data does not exist.
+     * <P>
+     * Specification:  The implementation should do the following:
+     * <ol>
+     * <li>Check to see if the resource exists and if not, throw an AccessControlException</li>
+     * <li>Use available information to make an access control decision</li>
+     *      <ol type="a">
+     *      <li>Ideally, this policy would be data driven</li>
+     * 		<li>You can use the current User, roles, data type, data name, time of day, etc.</li>
+     *  	<li>Access control decisions must deny by default</li>
+     *      </ol>
+     * <li>If access is not permitted, throw an AccessControlException with details</li>
+     * </ol> 
+     * 
+     * @param action
+     *      The action to verify for an access control decision, such as a role, or an action being performed on the object 
+     *      (e.g., Read, Write, etc.), or the name of the function the data is being passed to.
+     * 
+     * @param data
+     * 		The actual object or object identifier being accessed or a reference to the object being accessed.
+     * 
+     * @throws AccessControlException 
+     * 		if access is not permitted
+     */
+    void assertAuthorizedForData(String action, Object data) throws AccessControlException;
+   
+    /**
+     * Checks if the current user is authorized to access the referenced file. The implementation should validate and canonicalize the 
+     * input to be sure the filepath is not malicious.
+     * <P>
+     * This method throws an AccessControlException if access is not authorized, or if the referenced File does not exist.
+     * If the User is authorized, this method simply returns.
+     * <P>
+     * Specification:  The implementation should do the following:
+     * <ol>
+     * <li>Check to see if the File exists and if not, throw an AccessControlException</li>
+     * <li>Use available information to make an access control decision</li>
+     *      <ol type="a">
+     *      <li>Ideally, this policy would be data driven</li>
+     * 		<li>You can use the current User, roles, data type, data name, time of day, etc.</li>
+     *  	<li>Access control decisions must deny by default</li>
+     *      </ol>
+     * <li>If access is not permitted, throw an AccessControlException with details</li>
+     * </ol> 
+     * 
+     * @param filepath
+     * 			Path to the file to be checked
+     * @throws AccessControlException if access is denied
+     */
+    void assertAuthorizedForFile(String filepath) throws AccessControlException;
+    
+    /**
+     * Checks if the current user is authorized to access the referenced service. This can be used in applications that
+     * provide access to a variety of backend services.
+     * <P>
+     * This method throws an AccessControlException if access is not authorized, or if the referenced service does not exist.
+     * If the User is authorized, this method simply returns.
+     * <P>
+     * Specification:  The implementation should do the following:
+     * <ol>
+     * <li>Check to see if the service exists and if not, throw an AccessControlException</li>
+     * <li>Use available information to make an access control decision</li>
+     *      <ol type="a">
+     *      <li>Ideally, this policy would be data driven</li>
+     * 		<li>You can use the current User, roles, data type, data name, time of day, etc.</li>
+     *  	<li>Access control decisions must deny by default</li>
+     *      </ol>
+     * <li>If access is not permitted, throw an AccessControlException with details</li>
+     * </ol> 
+     * 
+     * @param serviceName 
+     * 		the service name
+     * 
+     * @throws AccessControlException
+     * 		if access is not permitted
+     */				
+    void assertAuthorizedForService(String serviceName) throws AccessControlException;
+    
+}

From b7859f80e540b37d8ada9967eb47abe4645ec3ce Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:47 -0500
Subject: [PATCH 088/812] Change CRLF to LF for issue 356.

---
 .../java/org/owasp/esapi/AccessControlRule.java  | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/AccessControlRule.java b/src/main/java/org/owasp/esapi/AccessControlRule.java
index becdb9971..b10940369 100644
--- a/src/main/java/org/owasp/esapi/AccessControlRule.java
+++ b/src/main/java/org/owasp/esapi/AccessControlRule.java
@@ -1,8 +1,8 @@
-package org.owasp.esapi;
-
-
-public interface AccessControlRule<P, R> {
-	public void setPolicyParameters(P policyParameter);
-	public P getPolicyParameters();
-	public boolean isAuthorized(R runtimeParameter) throws Exception;
-}
+package org.owasp.esapi;
+
+
+public interface AccessControlRule<P, R> {
+	public void setPolicyParameters(P policyParameter);
+	public P getPolicyParameters();
+	public boolean isAuthorized(R runtimeParameter) throws Exception;
+}

From 4c731447a5481207b8ff6c7a09debb91cef6351c Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:47 -0500
Subject: [PATCH 089/812] Change CRLF to LF for issue 356.

---
 .../org/owasp/esapi/AccessReferenceMap.java   | 352 +++++++++---------
 1 file changed, 176 insertions(+), 176 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/AccessReferenceMap.java b/src/main/java/org/owasp/esapi/AccessReferenceMap.java
index a20338e18..4fd74e01e 100644
--- a/src/main/java/org/owasp/esapi/AccessReferenceMap.java
+++ b/src/main/java/org/owasp/esapi/AccessReferenceMap.java
@@ -1,176 +1,176 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi;
-
-import org.owasp.esapi.errors.AccessControlException;
-
-import java.io.Serializable;
-import java.util.Iterator;
-import java.util.Set;
-
-
-/**
- * The AccessReferenceMap interface is used to map from a set of internal
- * direct object references to a set of indirect references that are safe to
- * disclose publicly. This can be used to help protect database keys,
- * filenames, and other types of direct object references. As a rule, developers
- * should not expose their direct object references as it enables attackers to
- * attempt to manipulate them.
- * <P>
- * Indirect references are handled as strings, to facilitate their use in HTML.
- * Implementations can generate simple integers or more complicated random
- * character strings as indirect references. Implementations should probably add
- * a constructor that takes a list of direct references.
- * <P>
- * Note that in addition to defeating all forms of parameter tampering attacks,
- * there is a side benefit of the AccessReferenceMap. Using random strings as indirect object
- * references, as opposed to simple integers makes it impossible for an attacker to
- * guess valid identifiers. So if per-user AccessReferenceMaps are used, then request
- * forgery (CSRF) attacks will also be prevented.
- * 
- * <pre>
- * Set fileSet = new HashSet();
- * fileSet.addAll(...); // add direct references (e.g. File objects)
- * AccessReferenceMap map = new AccessReferenceMap( fileSet );
- * // store the map somewhere safe - like the session!
- * String indRef = map.getIndirectReference( file1 );
- * String href = &quot;http://www.aspectsecurity.com/esapi?file=&quot; + indRef );
- * ...
- * // if the indirect reference doesn't exist, it's likely an attack
- * // getDirectReference throws an AccessControlException
- * // you should handle as appropriate
- * String indref = request.getParameter( &quot;file&quot; );
- * File file = (File)map.getDirectReference( indref );
- * </pre>
- * 
- * <P>
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- * @author Chris Schmidt (chrisisbeef@gmail.com)
- */
-public interface AccessReferenceMap<K> extends Serializable {
-
-	/**
-	 * Get an iterator through the direct object references. No guarantee is made as 
-	 * to the order of items returned.
-	 * 
-	 * @return the iterator
-	 */
-	Iterator iterator();
-
-	/**
-	 * Get a safe indirect reference to use in place of a potentially sensitive
-	 * direct object reference. Developers should use this call when building
-	 * URL's, form fields, hidden fields, etc... to help protect their private
-	 * implementation information.
-	 * 
-	 * @param directReference
-	 * 		the direct reference
-	 * 
-	 * @return 
-	 * 		the indirect reference
-	 */
-	<T> K getIndirectReference(T directReference);
-
-	/**
-	 * Get the original direct object reference from an indirect reference.
-	 * Developers should use this when they get an indirect reference from a
-	 * request to translate it back into the real direct reference. If an
-	 * invalid indirect reference is requested, then an AccessControlException is
-	 * thrown.
-    *
-    * If a type is implied the requested object will be cast to that type, if the
-    * object is not of the requested type, a AccessControlException will be thrown to
-    * the caller.
-    *
-    * For example:
-    * <pre>
-    * UserProfile profile = arm.getDirectReference( indirectRef );
-    * </pre>
-    *
-    * Will throw a AccessControlException if the object stored in memory is not of type
-    * UserProfile.
-    *
-    * However,
-    * <pre>
-    * Object uncastObject = arm.getDirectReference( indirectRef );
-    * </pre>
-    *
-    * Will never throw a AccessControlException as long as the object exists. If you are
-    * unsure of the object type of that an indirect reference references you should get
-    * the uncast object and test for type in the calling code.
-    * <pre>
-    * Object uncastProfile = arm.getDirectReference( indirectRef );
-    * if ( uncastProfile instanceof UserProfile ) {
-    *     UserProfile userProfile = (UserProfile) uncastProfile;
-    *     // ...
-    * } else {
-    *     EmployeeProfile employeeProfile = (EmployeeProfile) uncastProfile;
-    *     // ...
-    * }
-    * </pre>
-	 * 
-	 * @param indirectReference
-	 * 		the indirect reference
-	 * 
-	 * @return 
-	 * 		the direct reference
-	 * 
-	 * @throws AccessControlException 
-	 * 		if no direct reference exists for the specified indirect reference
-    * @throws ClassCastException
-    *       if the implied type is not the same as the referenced object type
-	 */
-	<T> T getDirectReference(K indirectReference) throws AccessControlException;
-
-	/**
-	 * Adds a direct reference to the AccessReferenceMap, then generates and returns 
-	 * an associated indirect reference.
-	 *  
-	 * @param direct 
-	 * 		the direct reference
-	 * 
-	 * @return 
-	 * 		the corresponding indirect reference
-	 */
-	<T> K addDirectReference(T direct);
-	
-	/**
-	 * Removes a direct reference and its associated indirect reference from the AccessReferenceMap.
-	 * 
-	 * @param direct 
-	 * 		the direct reference to remove
-	 * 
-	 * @return 
-	 * 		the corresponding indirect reference
-	 * 
-	 * @throws AccessControlException
-    *          if the reference does not exist.
-	 */
-	<T> K removeDirectReference(T direct) throws AccessControlException;
-
-	/**
-	 * Updates the access reference map with a new set of direct references, maintaining
-	 * any existing indirect references associated with items that are in the new list.
-	 * New indirect references could be generated every time, but that
-	 * might mess up anything that previously used an indirect reference, such
-	 * as a URL parameter. 
-	 * 
-	 * @param directReferences
-	 * 		a Set of direct references to add
-	 */
-	void update(Set directReferences);
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi;
+
+import org.owasp.esapi.errors.AccessControlException;
+
+import java.io.Serializable;
+import java.util.Iterator;
+import java.util.Set;
+
+
+/**
+ * The AccessReferenceMap interface is used to map from a set of internal
+ * direct object references to a set of indirect references that are safe to
+ * disclose publicly. This can be used to help protect database keys,
+ * filenames, and other types of direct object references. As a rule, developers
+ * should not expose their direct object references as it enables attackers to
+ * attempt to manipulate them.
+ * <P>
+ * Indirect references are handled as strings, to facilitate their use in HTML.
+ * Implementations can generate simple integers or more complicated random
+ * character strings as indirect references. Implementations should probably add
+ * a constructor that takes a list of direct references.
+ * <P>
+ * Note that in addition to defeating all forms of parameter tampering attacks,
+ * there is a side benefit of the AccessReferenceMap. Using random strings as indirect object
+ * references, as opposed to simple integers makes it impossible for an attacker to
+ * guess valid identifiers. So if per-user AccessReferenceMaps are used, then request
+ * forgery (CSRF) attacks will also be prevented.
+ * 
+ * <pre>
+ * Set fileSet = new HashSet();
+ * fileSet.addAll(...); // add direct references (e.g. File objects)
+ * AccessReferenceMap map = new AccessReferenceMap( fileSet );
+ * // store the map somewhere safe - like the session!
+ * String indRef = map.getIndirectReference( file1 );
+ * String href = &quot;http://www.aspectsecurity.com/esapi?file=&quot; + indRef );
+ * ...
+ * // if the indirect reference doesn't exist, it's likely an attack
+ * // getDirectReference throws an AccessControlException
+ * // you should handle as appropriate
+ * String indref = request.getParameter( &quot;file&quot; );
+ * File file = (File)map.getDirectReference( indref );
+ * </pre>
+ * 
+ * <P>
+ * 
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ * @author Chris Schmidt (chrisisbeef@gmail.com)
+ */
+public interface AccessReferenceMap<K> extends Serializable {
+
+	/**
+	 * Get an iterator through the direct object references. No guarantee is made as 
+	 * to the order of items returned.
+	 * 
+	 * @return the iterator
+	 */
+	Iterator iterator();
+
+	/**
+	 * Get a safe indirect reference to use in place of a potentially sensitive
+	 * direct object reference. Developers should use this call when building
+	 * URL's, form fields, hidden fields, etc... to help protect their private
+	 * implementation information.
+	 * 
+	 * @param directReference
+	 * 		the direct reference
+	 * 
+	 * @return 
+	 * 		the indirect reference
+	 */
+	<T> K getIndirectReference(T directReference);
+
+	/**
+	 * Get the original direct object reference from an indirect reference.
+	 * Developers should use this when they get an indirect reference from a
+	 * request to translate it back into the real direct reference. If an
+	 * invalid indirect reference is requested, then an AccessControlException is
+	 * thrown.
+    *
+    * If a type is implied the requested object will be cast to that type, if the
+    * object is not of the requested type, a AccessControlException will be thrown to
+    * the caller.
+    *
+    * For example:
+    * <pre>
+    * UserProfile profile = arm.getDirectReference( indirectRef );
+    * </pre>
+    *
+    * Will throw a AccessControlException if the object stored in memory is not of type
+    * UserProfile.
+    *
+    * However,
+    * <pre>
+    * Object uncastObject = arm.getDirectReference( indirectRef );
+    * </pre>
+    *
+    * Will never throw a AccessControlException as long as the object exists. If you are
+    * unsure of the object type of that an indirect reference references you should get
+    * the uncast object and test for type in the calling code.
+    * <pre>
+    * Object uncastProfile = arm.getDirectReference( indirectRef );
+    * if ( uncastProfile instanceof UserProfile ) {
+    *     UserProfile userProfile = (UserProfile) uncastProfile;
+    *     // ...
+    * } else {
+    *     EmployeeProfile employeeProfile = (EmployeeProfile) uncastProfile;
+    *     // ...
+    * }
+    * </pre>
+	 * 
+	 * @param indirectReference
+	 * 		the indirect reference
+	 * 
+	 * @return 
+	 * 		the direct reference
+	 * 
+	 * @throws AccessControlException 
+	 * 		if no direct reference exists for the specified indirect reference
+    * @throws ClassCastException
+    *       if the implied type is not the same as the referenced object type
+	 */
+	<T> T getDirectReference(K indirectReference) throws AccessControlException;
+
+	/**
+	 * Adds a direct reference to the AccessReferenceMap, then generates and returns 
+	 * an associated indirect reference.
+	 *  
+	 * @param direct 
+	 * 		the direct reference
+	 * 
+	 * @return 
+	 * 		the corresponding indirect reference
+	 */
+	<T> K addDirectReference(T direct);
+	
+	/**
+	 * Removes a direct reference and its associated indirect reference from the AccessReferenceMap.
+	 * 
+	 * @param direct 
+	 * 		the direct reference to remove
+	 * 
+	 * @return 
+	 * 		the corresponding indirect reference
+	 * 
+	 * @throws AccessControlException
+    *          if the reference does not exist.
+	 */
+	<T> K removeDirectReference(T direct) throws AccessControlException;
+
+	/**
+	 * Updates the access reference map with a new set of direct references, maintaining
+	 * any existing indirect references associated with items that are in the new list.
+	 * New indirect references could be generated every time, but that
+	 * might mess up anything that previously used an indirect reference, such
+	 * as a URL parameter. 
+	 * 
+	 * @param directReferences
+	 * 		a Set of direct references to add
+	 */
+	void update(Set directReferences);
+}

From cb65cf0d83cca62a011f33cc1b2de730529182e4 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:47 -0500
Subject: [PATCH 090/812] Change CRLF to LF for issue 356.

---
 .../java/org/owasp/esapi/Authenticator.java   | 648 +++++++++---------
 1 file changed, 324 insertions(+), 324 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/Authenticator.java b/src/main/java/org/owasp/esapi/Authenticator.java
index 9cb401345..907739db1 100644
--- a/src/main/java/org/owasp/esapi/Authenticator.java
+++ b/src/main/java/org/owasp/esapi/Authenticator.java
@@ -1,324 +1,324 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi;
-
-import org.owasp.esapi.errors.AuthenticationException;
-import org.owasp.esapi.errors.EncryptionException;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.util.Set;
-
-
-/**
- * The Authenticator interface defines a set of methods for generating and
- * handling account credentials and session identifiers. The goal of this
- * interface is to encourage developers to protect credentials from disclosure
- * to the maximum extent possible.
- * <P>
- * One possible implementation relies on the use of a thread local variable to
- * store the current user's identity. The application is responsible for calling
- * setCurrentUser() as soon as possible after each HTTP request is received. The
- * value of getCurrentUser() is used in several other places in this API. This
- * eliminates the need to pass a user object to methods throughout the library.
- * For example, all of the logging, access control, and exception calls need
- * access to the currently logged in user.
- * <P>
- * The goal is to minimize the responsibility of the developer for
- * authentication. In this example, the user simply calls authenticate with the
- * current request and the name of the parameters containing the username and
- * password. The implementation should verify the password if necessary, create
- * a session if necessary, and set the user as the current user.
- * 
- * <pre>
- * public void doPost(ServletRequest request, ServletResponse response) {
- * try {
- * User user = ESAPI.authenticator().login(request, response);
- * // continue with authenticated user
- * } catch (AuthenticationException e) {
- * // handle failed authentication (it's already been logged)
- * }
- * </pre>
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- */
-public interface Authenticator {
-
-	/**
-	 * Clears the current User. This allows the thread to be reused safely.
-     * 
-     * This clears all threadlocal variables from the thread. This should ONLY be called after
-     * all possible ESAPI operations have concluded. If you clear too early, many calls will
-     * fail, including logging, which requires the user identity.  
-	 */
-	void clearCurrent();
-
-	/**
-	 * Calls login with the *current* request and response.
-	 * @return Authenticated {@code User} if login is successful.
-	 * @see HTTPUtilities#setCurrentHTTP(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
-	 */
-	User login() throws AuthenticationException;
-	
-	/**
-	 * This method should be called for every HTTP request, to login the current user either from the session of HTTP
-     * request. This method will set the current user so that getCurrentUser() will work properly. 
-	 * 
-	 * Authenticates the user's credentials from the HttpServletRequest if
-	 * necessary, creates a session if necessary, and sets the user as the
-	 * current user.
-	 * 
-	 * Specification:  The implementation should do the following:
-     * 	1) Check if the User is already stored in the session
-     * 		a. If so, check that session absolute and inactivity timeout have not expired
-     * 		b. Step 2 may not be required if 1a has been satisfied
-     * 	2) Verify User credentials
-     * 		a. It is recommended that you use 
-     * 			loginWithUsernameAndPassword(HttpServletRequest, HttpServletResponse) to verify credentials
-     * 	3) Set the last host of the User (ex.  user.setLastHostAddress(address) )
-     * 	4) Verify that the request is secure (ex. over SSL)
-     * 	5) Verify the User account is allowed to be logged in
-     * 		a. Verify the User is not disabled, expired or locked
-     * 	6) Assign User to session variable      	
-	 * 
-	 * @param request
-	 *            the current HTTP request
-	 * @param response
-	 *            the HTTP response
-	 * 
-	 * @return 
-	 * 		the User
-	 * 
-	 * @throws AuthenticationException
-	 *             if the credentials are not verified, or if the account is disabled, locked, expired, or timed out
-	 */
-	User login(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException;
-
-	/**
-	 * Verify that the supplied password matches the password for this user. Password should
-	 * be stored as a hash. It is recommended you use the hashPassword(password, accountName) method
-	 * in this class.
-	 * This method is typically used for "reauthentication" for the most sensitive functions, such
-	 * as transactions, changing email address, and changing other account information.
-	 * 
-	 * @param user 
-	 * 		the user who requires verification
-	 * @param password 
-	 * 		the hashed user-supplied password
-	 * 
-	 * @return 
-	 * 		true, if the password is correct for the specified user
-	 */
-	boolean verifyPassword(User user, String password);
-	
-	/**
-	 * Logs out the current user.
-	 * 
-	 * This is usually done by calling User.logout on the current User. 
-	 */
-    void logout();
-
-	/**
-	 * Creates a new User with the information provided. Implementations should check
-	 * accountName and password for proper format and strength against brute force 
-	 * attacks ( verifyAccountNameStrength(String), verifyPasswordStrength(String, String)  ).
-	 * 
-	 * Two copies of the new password are required to encourage user interface designers to
-	 * include a "re-type password" field in their forms. Implementations should verify that 
-	 * both are the same. 
-	 * 
-	 * @param accountName 
-	 * 		the account name of the new user
-	 * @param password1 
-	 * 		the password of the new user
-	 * @param password2 
-	 * 		the password of the new user.  This field is to encourage user interface designers to include two password fields in their forms.
-	 * 
-	 * @return 
-	 * 		the User that has been created 
-	 * 
-	 * @throws AuthenticationException 
-	 * 		if user creation fails due to any of the qualifications listed in this method's description
-	 */
-	User createUser(String accountName, String password1, String password2) throws AuthenticationException;
-
-	/**
-	 * Generate a strong password. Implementations should use a large character set that does not
-	 * include confusing characters, such as i I 1 l 0 o and O.  There are many algorithms to
-	 * generate strong memorable passwords that have been studied in the past.
-	 * 
-	 * @return 
-	 * 		a password with strong password strength
-	 */
-	String generateStrongPassword();
-
-	/**
-	 * Generate strong password that takes into account the user's information and old password. Implementations
-	 * should verify that the new password does not include information such as the username, fragments of the
-	 * old password, and other information that could be used to weaken the strength of the password.
-	 * 
-	 * @param user 
-	 * 		the user whose information to use when generating password
-	 * @param oldPassword 
-	 * 		the old password to use when verifying strength of new password.  The new password may be checked for fragments of oldPassword.
-	 * 
-	 * @return 
-	 * 		a password with strong password strength
-	 */
-	String generateStrongPassword(User user, String oldPassword);
-
-	/**
-	 * Changes the password for the specified user. This requires the current password, as well as 
-	 * the password to replace it with. The new password should be checked against old hashes to be sure the new password does not closely resemble or equal any recent passwords for that User.
-	 * Password strength should also be verified.  This new password must be repeated to ensure that the user has typed it in correctly.
-	 * 
-	 * @param user 
-	 * 		the user to change the password for
-	 * @param currentPassword 
-	 * 		the current password for the specified user
-	 * @param newPassword 
-	 * 		the new password to use
-	 * @param newPassword2 
-	 * 		a verification copy of the new password
-	 * 
-	 * @throws AuthenticationException 
-	 * 		if any errors occur
-	 */
-	void changePassword(User user, String currentPassword, String newPassword, String newPassword2) throws AuthenticationException;
-	
-	/**
-	 * Returns the User matching the provided accountId.  If the accoundId is not found, an Anonymous
-	 * User or null may be returned.
-	 * 
-	 * @param accountId
-	 *            the account id
-	 * 
-	 * @return 
-	 * 		the matching User object, or the Anonymous User if no match exists
-	 */
-	User getUser(long accountId);
-		
-	/**
-	 * Returns the User matching the provided accountName.  If the accoundId is not found, an Anonymous
-	 * User or null may be returned.
-	 * 
-	 * @param accountName
-	 *            the account name
-	 * 
-	 * @return 
-	 * 		the matching User object, or the Anonymous User if no match exists
-	 */
-	User getUser(String accountName);
-
-	/**
-	 * Gets a collection containing all the existing user names.
-	 * 
-	 * @return 
-	 * 		a set of all user names
-	 */
-	Set getUserNames();
-
-	/**
-	 * Returns the currently logged in User.
-	 * 
-	 * @return 
-	 * 		the matching User object, or the Anonymous User if no match
-	 *         exists
-	 */
-	User getCurrentUser();
-
-	/**
-	 * Sets the currently logged in User.
-	 * 
-	 * @param user
-	 *          the user to set as the current user
-	 */
-	void setCurrentUser(User user);
-
-	/**
-	 * Returns a string representation of the hashed password, using the
-	 * accountName as the salt. The salt helps to prevent against "rainbow"
-	 * table attacks where the attacker pre-calculates hashes for known strings.
-	 * This method specifies the use of the user's account name as the "salt"
-	 * value. The Encryptor.hash method can be used if a different salt is
-	 * required.
-	 * 
-	 * @param password
-	 *            the password to hash
-	 * @param accountName
-	 *            the account name to use as the salt
-	 * 
-	 * @return 
-     * 		the hashed password
-     * @throws EncryptionException
-	 */
-	String hashPassword(String password, String accountName) throws EncryptionException;
-
-	/**
-	 * Removes the account of the specified accountName.
-	 * 
-	 * @param accountName
-	 *            the account name to remove
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception if user does not exist
-	 */
-	void removeUser(String accountName) throws AuthenticationException;
-
-	/**
-	 * Ensures that the account name passes site-specific complexity requirements, like minimum length.
-	 * 
-	 * @param accountName
-	 *            the account name
-	 * 
-	 * @throws AuthenticationException
-	 *             if account name does not meet complexity requirements
-	 */
-	void verifyAccountNameStrength(String accountName) throws AuthenticationException;
-
-	/**
-	 * Ensures that the password meets site-specific complexity requirements, like length or number 
-	 * of character sets. This method takes the old password so that the algorithm can analyze the 
-	 * new password to see if it is too similar to the old password. Note that this has to be
-	 * invoked when the user has entered the old password, as the list of old
-	 * credentials stored by ESAPI is all hashed.
-	 * Additionally, the user object is taken in order to verify the password and account name differ.
-	 * 
-	 * @param oldPassword
-	 *            the old password
-	 * @param newPassword
-	 *            the new password
-	 * @param user
-	 * 			  the user
-	 * 
-	 * @throws AuthenticationException
-	 *				if newPassword is too similar to oldPassword or if newPassword does not meet complexity requirements
-	 */
-	void verifyPasswordStrength(String oldPassword, String newPassword, User user) throws AuthenticationException;
-
-	/**
-	 * Determine if the account exists.
-	 * 
-	 * @param accountName
-	 *            the account name
-	 * 
-	 * @return true, if the account exists
-	 */
-	boolean exists(String accountName);
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi;
+
+import org.owasp.esapi.errors.AuthenticationException;
+import org.owasp.esapi.errors.EncryptionException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.util.Set;
+
+
+/**
+ * The Authenticator interface defines a set of methods for generating and
+ * handling account credentials and session identifiers. The goal of this
+ * interface is to encourage developers to protect credentials from disclosure
+ * to the maximum extent possible.
+ * <P>
+ * One possible implementation relies on the use of a thread local variable to
+ * store the current user's identity. The application is responsible for calling
+ * setCurrentUser() as soon as possible after each HTTP request is received. The
+ * value of getCurrentUser() is used in several other places in this API. This
+ * eliminates the need to pass a user object to methods throughout the library.
+ * For example, all of the logging, access control, and exception calls need
+ * access to the currently logged in user.
+ * <P>
+ * The goal is to minimize the responsibility of the developer for
+ * authentication. In this example, the user simply calls authenticate with the
+ * current request and the name of the parameters containing the username and
+ * password. The implementation should verify the password if necessary, create
+ * a session if necessary, and set the user as the current user.
+ * 
+ * <pre>
+ * public void doPost(ServletRequest request, ServletResponse response) {
+ * try {
+ * User user = ESAPI.authenticator().login(request, response);
+ * // continue with authenticated user
+ * } catch (AuthenticationException e) {
+ * // handle failed authentication (it's already been logged)
+ * }
+ * </pre>
+ * 
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ */
+public interface Authenticator {
+
+	/**
+	 * Clears the current User. This allows the thread to be reused safely.
+     * 
+     * This clears all threadlocal variables from the thread. This should ONLY be called after
+     * all possible ESAPI operations have concluded. If you clear too early, many calls will
+     * fail, including logging, which requires the user identity.  
+	 */
+	void clearCurrent();
+
+	/**
+	 * Calls login with the *current* request and response.
+	 * @return Authenticated {@code User} if login is successful.
+	 * @see HTTPUtilities#setCurrentHTTP(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+	 */
+	User login() throws AuthenticationException;
+	
+	/**
+	 * This method should be called for every HTTP request, to login the current user either from the session of HTTP
+     * request. This method will set the current user so that getCurrentUser() will work properly. 
+	 * 
+	 * Authenticates the user's credentials from the HttpServletRequest if
+	 * necessary, creates a session if necessary, and sets the user as the
+	 * current user.
+	 * 
+	 * Specification:  The implementation should do the following:
+     * 	1) Check if the User is already stored in the session
+     * 		a. If so, check that session absolute and inactivity timeout have not expired
+     * 		b. Step 2 may not be required if 1a has been satisfied
+     * 	2) Verify User credentials
+     * 		a. It is recommended that you use 
+     * 			loginWithUsernameAndPassword(HttpServletRequest, HttpServletResponse) to verify credentials
+     * 	3) Set the last host of the User (ex.  user.setLastHostAddress(address) )
+     * 	4) Verify that the request is secure (ex. over SSL)
+     * 	5) Verify the User account is allowed to be logged in
+     * 		a. Verify the User is not disabled, expired or locked
+     * 	6) Assign User to session variable      	
+	 * 
+	 * @param request
+	 *            the current HTTP request
+	 * @param response
+	 *            the HTTP response
+	 * 
+	 * @return 
+	 * 		the User
+	 * 
+	 * @throws AuthenticationException
+	 *             if the credentials are not verified, or if the account is disabled, locked, expired, or timed out
+	 */
+	User login(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException;
+
+	/**
+	 * Verify that the supplied password matches the password for this user. Password should
+	 * be stored as a hash. It is recommended you use the hashPassword(password, accountName) method
+	 * in this class.
+	 * This method is typically used for "reauthentication" for the most sensitive functions, such
+	 * as transactions, changing email address, and changing other account information.
+	 * 
+	 * @param user 
+	 * 		the user who requires verification
+	 * @param password 
+	 * 		the hashed user-supplied password
+	 * 
+	 * @return 
+	 * 		true, if the password is correct for the specified user
+	 */
+	boolean verifyPassword(User user, String password);
+	
+	/**
+	 * Logs out the current user.
+	 * 
+	 * This is usually done by calling User.logout on the current User. 
+	 */
+    void logout();
+
+	/**
+	 * Creates a new User with the information provided. Implementations should check
+	 * accountName and password for proper format and strength against brute force 
+	 * attacks ( verifyAccountNameStrength(String), verifyPasswordStrength(String, String)  ).
+	 * 
+	 * Two copies of the new password are required to encourage user interface designers to
+	 * include a "re-type password" field in their forms. Implementations should verify that 
+	 * both are the same. 
+	 * 
+	 * @param accountName 
+	 * 		the account name of the new user
+	 * @param password1 
+	 * 		the password of the new user
+	 * @param password2 
+	 * 		the password of the new user.  This field is to encourage user interface designers to include two password fields in their forms.
+	 * 
+	 * @return 
+	 * 		the User that has been created 
+	 * 
+	 * @throws AuthenticationException 
+	 * 		if user creation fails due to any of the qualifications listed in this method's description
+	 */
+	User createUser(String accountName, String password1, String password2) throws AuthenticationException;
+
+	/**
+	 * Generate a strong password. Implementations should use a large character set that does not
+	 * include confusing characters, such as i I 1 l 0 o and O.  There are many algorithms to
+	 * generate strong memorable passwords that have been studied in the past.
+	 * 
+	 * @return 
+	 * 		a password with strong password strength
+	 */
+	String generateStrongPassword();
+
+	/**
+	 * Generate strong password that takes into account the user's information and old password. Implementations
+	 * should verify that the new password does not include information such as the username, fragments of the
+	 * old password, and other information that could be used to weaken the strength of the password.
+	 * 
+	 * @param user 
+	 * 		the user whose information to use when generating password
+	 * @param oldPassword 
+	 * 		the old password to use when verifying strength of new password.  The new password may be checked for fragments of oldPassword.
+	 * 
+	 * @return 
+	 * 		a password with strong password strength
+	 */
+	String generateStrongPassword(User user, String oldPassword);
+
+	/**
+	 * Changes the password for the specified user. This requires the current password, as well as 
+	 * the password to replace it with. The new password should be checked against old hashes to be sure the new password does not closely resemble or equal any recent passwords for that User.
+	 * Password strength should also be verified.  This new password must be repeated to ensure that the user has typed it in correctly.
+	 * 
+	 * @param user 
+	 * 		the user to change the password for
+	 * @param currentPassword 
+	 * 		the current password for the specified user
+	 * @param newPassword 
+	 * 		the new password to use
+	 * @param newPassword2 
+	 * 		a verification copy of the new password
+	 * 
+	 * @throws AuthenticationException 
+	 * 		if any errors occur
+	 */
+	void changePassword(User user, String currentPassword, String newPassword, String newPassword2) throws AuthenticationException;
+	
+	/**
+	 * Returns the User matching the provided accountId.  If the accoundId is not found, an Anonymous
+	 * User or null may be returned.
+	 * 
+	 * @param accountId
+	 *            the account id
+	 * 
+	 * @return 
+	 * 		the matching User object, or the Anonymous User if no match exists
+	 */
+	User getUser(long accountId);
+		
+	/**
+	 * Returns the User matching the provided accountName.  If the accoundId is not found, an Anonymous
+	 * User or null may be returned.
+	 * 
+	 * @param accountName
+	 *            the account name
+	 * 
+	 * @return 
+	 * 		the matching User object, or the Anonymous User if no match exists
+	 */
+	User getUser(String accountName);
+
+	/**
+	 * Gets a collection containing all the existing user names.
+	 * 
+	 * @return 
+	 * 		a set of all user names
+	 */
+	Set getUserNames();
+
+	/**
+	 * Returns the currently logged in User.
+	 * 
+	 * @return 
+	 * 		the matching User object, or the Anonymous User if no match
+	 *         exists
+	 */
+	User getCurrentUser();
+
+	/**
+	 * Sets the currently logged in User.
+	 * 
+	 * @param user
+	 *          the user to set as the current user
+	 */
+	void setCurrentUser(User user);
+
+	/**
+	 * Returns a string representation of the hashed password, using the
+	 * accountName as the salt. The salt helps to prevent against "rainbow"
+	 * table attacks where the attacker pre-calculates hashes for known strings.
+	 * This method specifies the use of the user's account name as the "salt"
+	 * value. The Encryptor.hash method can be used if a different salt is
+	 * required.
+	 * 
+	 * @param password
+	 *            the password to hash
+	 * @param accountName
+	 *            the account name to use as the salt
+	 * 
+	 * @return 
+     * 		the hashed password
+     * @throws EncryptionException
+	 */
+	String hashPassword(String password, String accountName) throws EncryptionException;
+
+	/**
+	 * Removes the account of the specified accountName.
+	 * 
+	 * @param accountName
+	 *            the account name to remove
+	 * 
+	 * @throws AuthenticationException
+	 *             the authentication exception if user does not exist
+	 */
+	void removeUser(String accountName) throws AuthenticationException;
+
+	/**
+	 * Ensures that the account name passes site-specific complexity requirements, like minimum length.
+	 * 
+	 * @param accountName
+	 *            the account name
+	 * 
+	 * @throws AuthenticationException
+	 *             if account name does not meet complexity requirements
+	 */
+	void verifyAccountNameStrength(String accountName) throws AuthenticationException;
+
+	/**
+	 * Ensures that the password meets site-specific complexity requirements, like length or number 
+	 * of character sets. This method takes the old password so that the algorithm can analyze the 
+	 * new password to see if it is too similar to the old password. Note that this has to be
+	 * invoked when the user has entered the old password, as the list of old
+	 * credentials stored by ESAPI is all hashed.
+	 * Additionally, the user object is taken in order to verify the password and account name differ.
+	 * 
+	 * @param oldPassword
+	 *            the old password
+	 * @param newPassword
+	 *            the new password
+	 * @param user
+	 * 			  the user
+	 * 
+	 * @throws AuthenticationException
+	 *				if newPassword is too similar to oldPassword or if newPassword does not meet complexity requirements
+	 */
+	void verifyPasswordStrength(String oldPassword, String newPassword, User user) throws AuthenticationException;
+
+	/**
+	 * Determine if the account exists.
+	 * 
+	 * @param accountName
+	 *            the account name
+	 * 
+	 * @return true, if the account exists
+	 */
+	boolean exists(String accountName);
+
+}

From 5762feafcab321a134f71765827405596c8c3282 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:47 -0500
Subject: [PATCH 091/812] Change CRLF to LF for issue 356.

---
 .../java/org/owasp/esapi/codecs/Base64.java   | 3748 ++++++++---------
 1 file changed, 1874 insertions(+), 1874 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/codecs/Base64.java b/src/main/java/org/owasp/esapi/codecs/Base64.java
index e470ac6e8..624d23c3d 100644
--- a/src/main/java/org/owasp/esapi/codecs/Base64.java
+++ b/src/main/java/org/owasp/esapi/codecs/Base64.java
@@ -1,1874 +1,1874 @@
-package org.owasp.esapi.codecs;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.Logger;
-
-// CHECKME: Version at http://iharder.net/base64 is up to v2.3.3. Some semantic changes
-// starting with v2.3. Should we upgrade and then add ESAPI logging or stay at 2.2.2 base?
-// I think that really depends on how much OWASP ESAPI plans on tracking changes to this
-// version vs. if the plan was just to fork from it and maintain OWASP's own version.
-// At this point, I think I prefer split from tracking Harder's original, but I'm easily
-// persuaded otherwise. - Kevin Wall
-
-/**
- * <p>Encodes and decodes to and from Base64 notation.</p>
- * <p>Homepage: <a href="http://iharder.net/base64">http://iharder.net/base64</a>
- * (based on version 2.2.2).</p>
- *
- * <p>The <tt>options</tt> parameter, which appears in a few places, is used to pass 
- * several pieces of information to the encoder. In the "higher level" methods such as 
- * encodeBytes( bytes, options ) the options parameter can be used to indicate such 
- * things as first gzipping the bytes before encoding them, not inserting linefeeds 
- * (though that breaks strict Base64 compatibility), and encoding using the URL-safe 
- * and Ordered dialects.</p>
- *
- * <p>The constants defined in Base64 can be OR-ed together to combine options, so you 
- * might make a call like this:</p>
- *
- * <code>String encoded = Base64.encodeBytes( mybytes, Base64.GZIP | Base64.DONT_BREAK_LINES );</code>
- *
- * <p>to compress the data before encoding it and then making the output have no newline characters.</p>
- *
- *
- * <p>
- * Original change Log:
- * </p>
- * <ul>
- *  <li>v2.2.2 - Fixed encodeFileToFile and decodeFileToFile to use the
- *   Base64.InputStream class to encode and decode on the fly which uses
- *   less memory than encoding/decoding an entire file into memory before writing.</li>
- *  <li>v2.2.1 - Fixed bug using URL_SAFE and ORDERED encodings. Fixed bug
- *   when using very small files (~< 40 bytes).</li>
- *  <li>v2.2 - Added some helper methods for encoding/decoding directly from
- *   one file to the next. Also added a main() method to support command line
- *   encoding/decoding from one file to the next. Also added these Base64 dialects:
- *   <ol>
- *   <li>The default is RFC3548 format.</li>
- *   <li>Calling Base64.setFormat(Base64.BASE64_FORMAT.URLSAFE_FORMAT) generates
- *   URL and file name friendly format as described in Section 4 of RFC3548.
- *   http://www.faqs.org/rfcs/rfc3548.html</li>
- *   <li>Calling Base64.setFormat(Base64.BASE64_FORMAT.ORDERED_FORMAT) generates
- *   URL and file name friendly format that preserves lexical ordering as described
- *   in http://www.faqs.org/qa/rfcc-1940.html</li>
- *   </ol>
- *   Special thanks to Jim Kellerman at <a href="http://www.powerset.com/">http://www.powerset.com/</a>
- *   for contributing the new Base64 dialects.
- *  </li>
- * 
- *  <li>v2.1 - Cleaned up javadoc comments and unused variables and methods. Added
- *   some convenience methods for reading and writing to and from files.</li>
- *  <li>v2.0.2 - Now specifies UTF-8 encoding in places where the code fails on systems
- *   with other encodings (like EBCDIC).</li>
- *  <li>v2.0.1 - Fixed an error when decoding a single byte, that is, when the
- *   encoded data was a single byte.</li>
- *  <li>v2.0 - I got rid of methods that used booleans to set options. 
- *   Now everything is more consolidated and cleaner. The code now detects
- *   when data that's being decoded is gzip-compressed and will decompress it
- *   automatically. Generally things are cleaner. You'll probably have to
- *   change some method calls that you were making to support the new
- *   options format (<tt>int</tt>s that you "OR" together).</li>
- *  <li>v1.5.1 - Fixed bug when decompressing and decoding to a             
- *   byte[] using <tt>decode( String s, boolean gzipCompressed )</tt>.      
- *   Added the ability to "suspend" encoding in the Output Stream so        
- *   you can turn on and off the encoding if you need to embed base64       
- *   data in an otherwise "normal" stream (like an XML file).</li>  
- *  <li>v1.5 - Output stream pases on flush() command but doesn't do anything itself.
- *      This helps when using GZIP streams.
- *      Added the ability to GZip-compress objects before encoding them.</li>
- *  <li>v1.4 - Added helper methods to read/write files.</li>
- *  <li>v1.3.6 - Fixed OutputStream.flush() so that 'position' is reset.</li>
- *  <li>v1.3.5 - Added flag to turn on and off line breaks. Fixed bug in input stream
- *      where last buffer being read, if not completely full, was not returned.</li>
- *  <li>v1.3.4 - Fixed when "improperly padded stream" error was thrown at the wrong time.</li>
- *  <li>v1.3.3 - Fixed I/O streams which were totally messed up.</li>
- * </ul>
- *
- * <p>
- * I am placing this code in the Public Domain. Do with it as you will.
- * This software comes with no guarantees or warranties but with
- * plenty of well-wishing instead!
- * Please visit <a href="http://iharder.net/base64">http://iharder.net/base64</a>
- * periodically to check for updates or to contribute improvements.
- * </p>
- *
- * @author Robert Harder
- * @author rob@iharder.net
- * @version 2.2.2
- */
-public class Base64
-{
-    
-/* ********  P U B L I C   F I E L D S  ******** */   
-    
-    
-    /** No options specified. Value is zero. */
-    public final static int NO_OPTIONS = 0;
-    
-    /** Specify encoding. */
-    public final static int ENCODE = 1;
-    
-    
-    /** Specify decoding. */
-    public final static int DECODE = 0;
-    
-    
-    /** Specify that data should be gzip-compressed. */
-    public final static int GZIP = 2;
-    
-    
-    /** Don't break lines when encoding (violates strict Base64 specification) */
-    public final static int DONT_BREAK_LINES = 8;
-	
-	/** 
-	 * Encode using Base64-like encoding that is URL- and Filename-safe as described
-	 * in Section 4 of RFC3548: 
-	 * <a href="http://www.faqs.org/rfcs/rfc3548.html">http://www.faqs.org/rfcs/rfc3548.html</a>.
-	 * It is important to note that data encoded this way is <em>not</em> officially valid Base64, 
-	 * or at the very least should not be called Base64 without also specifying that is
-	 * was encoded using the URL- and Filename-safe dialect.
-	 */
-	 public final static int URL_SAFE = 16;
-	 
-	 
-	 /**
-	  * Encode using the special "ordered" dialect of Base64 described here:
-	  * <a href="http://www.faqs.org/qa/rfcc-1940.html">http://www.faqs.org/qa/rfcc-1940.html</a>.
-	  */
-	 public final static int ORDERED = 32;
-    
-    
-/* ********  P R I V A T E   F I E L D S  ******** */  
-    
-    
-    /** Maximum line length (76) of Base64 output. */
-    private final static int MAX_LINE_LENGTH = 76;
-    
-    
-    /** The equals sign (=) as a byte. */
-    private final static byte EQUALS_SIGN = (byte)'=';
-    
-    
-    /** The new line character (\n) as a byte. */
-    private final static byte NEW_LINE = (byte)'\n';
-    
-    
-    /** Preferred encoding. */
-    private final static String PREFERRED_ENCODING = "UTF-8";
-    
-    /** End of line character. */
-    private final static String EOL = System.getProperty("line.separator", "\n");
-	
-	
-    // I think I end up not using the BAD_ENCODING indicator.
-    //private final static byte BAD_ENCODING    = -9; // Indicates error in encoding
-    private final static byte WHITE_SPACE_ENC = -5; // Indicates white space in encoding
-    private final static byte EQUALS_SIGN_ENC = -1; // Indicates equals sign in encoding
-	
-    private static final Logger logger = ESAPI.getLogger("Base64");
-    
-	
-/* ********  S T A N D A R D   B A S E 6 4   A L P H A B E T  ******** */	
-    
-    /** The 64 valid Base64 values. */
-    //private final static byte[] ALPHABET;
-	/* Host platform me be something funny like EBCDIC, so we hard code these values. */
-	private final static byte[] _STANDARD_ALPHABET =
-    {
-        (byte)'A', (byte)'B', (byte)'C', (byte)'D', (byte)'E', (byte)'F', (byte)'G',
-        (byte)'H', (byte)'I', (byte)'J', (byte)'K', (byte)'L', (byte)'M', (byte)'N',
-        (byte)'O', (byte)'P', (byte)'Q', (byte)'R', (byte)'S', (byte)'T', (byte)'U', 
-        (byte)'V', (byte)'W', (byte)'X', (byte)'Y', (byte)'Z',
-        (byte)'a', (byte)'b', (byte)'c', (byte)'d', (byte)'e', (byte)'f', (byte)'g',
-        (byte)'h', (byte)'i', (byte)'j', (byte)'k', (byte)'l', (byte)'m', (byte)'n',
-        (byte)'o', (byte)'p', (byte)'q', (byte)'r', (byte)'s', (byte)'t', (byte)'u', 
-        (byte)'v', (byte)'w', (byte)'x', (byte)'y', (byte)'z',
-        (byte)'0', (byte)'1', (byte)'2', (byte)'3', (byte)'4', (byte)'5', 
-        (byte)'6', (byte)'7', (byte)'8', (byte)'9', (byte)'+', (byte)'/'
-    };
-	
-    
-    /** 
-     * Translates a Base64 value to either its 6-bit reconstruction value
-     * or a negative number indicating some other meaning.
-     **/
-    private final static byte[] _STANDARD_DECODABET =
-    {   
-        -9,-9,-9,-9,-9,-9,-9,-9,-9,                 // Decimal  0 -  8
-        -5,-5,                                      // Whitespace: Tab and Linefeed
-        -9,-9,                                      // Decimal 11 - 12
-        -5,                                         // Whitespace: Carriage Return
-        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 14 - 26
-        -9,-9,-9,-9,-9,                             // Decimal 27 - 31
-        -5,                                         // Whitespace: Space
-        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,              // Decimal 33 - 42
-        62,                                         // Plus sign at decimal 43
-        -9,-9,-9,                                   // Decimal 44 - 46
-        63,                                         // Slash at decimal 47
-        52,53,54,55,56,57,58,59,60,61,              // Numbers zero through nine
-        -9,-9,-9,                                   // Decimal 58 - 60
-        -1,                                         // Equals sign at decimal 61
-        -9,-9,-9,                                      // Decimal 62 - 64
-        0,1,2,3,4,5,6,7,8,9,10,11,12,13,            // Letters 'A' through 'N'
-        14,15,16,17,18,19,20,21,22,23,24,25,        // Letters 'O' through 'Z'
-        -9,-9,-9,-9,-9,-9,                          // Decimal 91 - 96
-        26,27,28,29,30,31,32,33,34,35,36,37,38,     // Letters 'a' through 'm'
-        39,40,41,42,43,44,45,46,47,48,49,50,51,     // Letters 'n' through 'z'
-        -9,-9,-9,-9                                 // Decimal 123 - 126
-        /*,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 127 - 139
-        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 140 - 152
-        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 153 - 165
-        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 166 - 178
-        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 179 - 191
-        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 192 - 204
-        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 205 - 217
-        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 218 - 230
-        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 231 - 243
-        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9         // Decimal 244 - 255 */
-    };
-	
-	
-/* ********  U R L   S A F E   B A S E 6 4   A L P H A B E T  ******** */
-	
-	/**
-	 * Used in the URL- and Filename-safe dialect described in Section 4 of RFC3548: 
-	 * <a href="http://www.faqs.org/rfcs/rfc3548.html">http://www.faqs.org/rfcs/rfc3548.html</a>.
-	 * Notice that the last two bytes become "hyphen" and "underscore" instead of "plus" and "slash."
-	 */
-    private final static byte[] _URL_SAFE_ALPHABET =
-    {
-      (byte)'A', (byte)'B', (byte)'C', (byte)'D', (byte)'E', (byte)'F', (byte)'G',
-      (byte)'H', (byte)'I', (byte)'J', (byte)'K', (byte)'L', (byte)'M', (byte)'N',
-      (byte)'O', (byte)'P', (byte)'Q', (byte)'R', (byte)'S', (byte)'T', (byte)'U', 
-      (byte)'V', (byte)'W', (byte)'X', (byte)'Y', (byte)'Z',
-      (byte)'a', (byte)'b', (byte)'c', (byte)'d', (byte)'e', (byte)'f', (byte)'g',
-      (byte)'h', (byte)'i', (byte)'j', (byte)'k', (byte)'l', (byte)'m', (byte)'n',
-      (byte)'o', (byte)'p', (byte)'q', (byte)'r', (byte)'s', (byte)'t', (byte)'u', 
-      (byte)'v', (byte)'w', (byte)'x', (byte)'y', (byte)'z',
-      (byte)'0', (byte)'1', (byte)'2', (byte)'3', (byte)'4', (byte)'5', 
-      (byte)'6', (byte)'7', (byte)'8', (byte)'9', (byte)'-', (byte)'_'
-    };
-	
-	/**
-	 * Used in decoding URL- and Filename-safe dialects of Base64.
-	 */
-    private final static byte[] _URL_SAFE_DECODABET =
-    {   
-      -9,-9,-9,-9,-9,-9,-9,-9,-9,                 // Decimal  0 -  8
-      -5,-5,                                      // Whitespace: Tab and Linefeed
-      -9,-9,                                      // Decimal 11 - 12
-      -5,                                         // Whitespace: Carriage Return
-      -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 14 - 26
-      -9,-9,-9,-9,-9,                             // Decimal 27 - 31
-      -5,                                         // Whitespace: Space
-      -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,              // Decimal 33 - 42
-      -9,                                         // Plus sign at decimal 43
-      -9,                                         // Decimal 44
-      62,                                         // Minus sign at decimal 45
-      -9,                                         // Decimal 46
-      -9,                                         // Slash at decimal 47
-      52,53,54,55,56,57,58,59,60,61,              // Numbers zero through nine
-      -9,-9,-9,                                   // Decimal 58 - 60
-      -1,                                         // Equals sign at decimal 61
-      -9,-9,-9,                                   // Decimal 62 - 64
-      0,1,2,3,4,5,6,7,8,9,10,11,12,13,            // Letters 'A' through 'N'
-      14,15,16,17,18,19,20,21,22,23,24,25,        // Letters 'O' through 'Z'
-      -9,-9,-9,-9,                                // Decimal 91 - 94
-      63,                                         // Underscore at decimal 95
-      -9,                                         // Decimal 96
-      26,27,28,29,30,31,32,33,34,35,36,37,38,     // Letters 'a' through 'm'
-      39,40,41,42,43,44,45,46,47,48,49,50,51,     // Letters 'n' through 'z'
-      -9,-9,-9,-9                                 // Decimal 123 - 126
-      /*,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 127 - 139
-      -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 140 - 152
-      -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 153 - 165
-      -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 166 - 178
-      -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 179 - 191
-      -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 192 - 204
-      -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 205 - 217
-      -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 218 - 230
-      -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 231 - 243
-      -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9         // Decimal 244 - 255 */
-    };
-
-
-
-/* ********  O R D E R E D   B A S E 6 4   A L P H A B E T  ******** */
-
-	/**
-	 * I don't get the point of this technique, but it is described here:
-	 * <a href="http://www.faqs.org/qa/rfcc-1940.html">http://www.faqs.org/qa/rfcc-1940.html</a>.
-	 */
-    private final static byte[] _ORDERED_ALPHABET =
-    {
-      (byte)'-',
-      (byte)'0', (byte)'1', (byte)'2', (byte)'3', (byte)'4',
-      (byte)'5', (byte)'6', (byte)'7', (byte)'8', (byte)'9',
-      (byte)'A', (byte)'B', (byte)'C', (byte)'D', (byte)'E', (byte)'F', (byte)'G',
-      (byte)'H', (byte)'I', (byte)'J', (byte)'K', (byte)'L', (byte)'M', (byte)'N',
-      (byte)'O', (byte)'P', (byte)'Q', (byte)'R', (byte)'S', (byte)'T', (byte)'U',
-      (byte)'V', (byte)'W', (byte)'X', (byte)'Y', (byte)'Z',
-      (byte)'_',
-      (byte)'a', (byte)'b', (byte)'c', (byte)'d', (byte)'e', (byte)'f', (byte)'g',
-      (byte)'h', (byte)'i', (byte)'j', (byte)'k', (byte)'l', (byte)'m', (byte)'n',
-      (byte)'o', (byte)'p', (byte)'q', (byte)'r', (byte)'s', (byte)'t', (byte)'u',
-      (byte)'v', (byte)'w', (byte)'x', (byte)'y', (byte)'z'
-    };
-	
-	/**
-	 * Used in decoding the "ordered" dialect of Base64.
-	 */
-    private final static byte[] _ORDERED_DECODABET =
-    {   
-      -9,-9,-9,-9,-9,-9,-9,-9,-9,                 // Decimal  0 -  8
-      -5,-5,                                      // Whitespace: Tab and Linefeed
-      -9,-9,                                      // Decimal 11 - 12
-      -5,                                         // Whitespace: Carriage Return
-      -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 14 - 26
-      -9,-9,-9,-9,-9,                             // Decimal 27 - 31
-      -5,                                         // Whitespace: Space
-      -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,              // Decimal 33 - 42
-      -9,                                         // Plus sign at decimal 43
-      -9,                                         // Decimal 44
-      0,                                          // Minus sign at decimal 45
-      -9,                                         // Decimal 46
-      -9,                                         // Slash at decimal 47
-      1,2,3,4,5,6,7,8,9,10,                       // Numbers zero through nine
-      -9,-9,-9,                                   // Decimal 58 - 60
-      -1,                                         // Equals sign at decimal 61
-      -9,-9,-9,                                   // Decimal 62 - 64
-      11,12,13,14,15,16,17,18,19,20,21,22,23,     // Letters 'A' through 'M'
-      24,25,26,27,28,29,30,31,32,33,34,35,36,     // Letters 'N' through 'Z'
-      -9,-9,-9,-9,                                // Decimal 91 - 94
-      37,                                         // Underscore at decimal 95
-      -9,                                         // Decimal 96
-      38,39,40,41,42,43,44,45,46,47,48,49,50,     // Letters 'a' through 'm'
-      51,52,53,54,55,56,57,58,59,60,61,62,63,     // Letters 'n' through 'z'
-      -9,-9,-9,-9                                 // Decimal 123 - 126
-      /*,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 127 - 139
-        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 140 - 152
-        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 153 - 165
-        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 166 - 178
-        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 179 - 191
-        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 192 - 204
-        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 205 - 217
-        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 218 - 230
-        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 231 - 243
-        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9         // Decimal 244 - 255 */
-    };
-
-	
-/* ********  D E T E R M I N E   W H I C H   A L H A B E T  ******** */
-
-
-	/**
-	 * Returns one of the _SOMETHING_ALPHABET byte arrays depending on
-	 * the options specified.
-	 * It's possible, though silly, to specify ORDERED and URLSAFE
-	 * in which case one of them will be picked, though there is
-	 * no guarantee as to which one will be picked.
-	 */
-	private final static byte[] getAlphabet( int options )
-	{
-		if( (options & URL_SAFE) == URL_SAFE ) return _URL_SAFE_ALPHABET;
-		else if( (options & ORDERED) == ORDERED ) return _ORDERED_ALPHABET;
-		else return _STANDARD_ALPHABET;
-		
-	}	// end getAlphabet
-	
-	
-	/**
-	 * Returns one of the _SOMETHING_DECODABET byte arrays depending on
-	 * the options specified.
-	 * It's possible, though silly, to specify ORDERED and URL_SAFE
-	 * in which case one of them will be picked, though there is
-	 * no guarantee as to which one will be picked.
-	 */
-	private final static byte[] getDecodabet( int options )
-	{
-		if( (options & URL_SAFE) == URL_SAFE ) return _URL_SAFE_DECODABET;
-		else if( (options & ORDERED) == ORDERED ) return _ORDERED_DECODABET;
-		else return _STANDARD_DECODABET;
-		
-	}	// end getAlphabet
-        
-
-    
-    /** Defeats instantiation. */
-    private Base64(){}
-    
-
-    /**
-     * Encodes or decodes two files from the command line;
-     * <strong>feel free to delete this method (in fact you probably should)
-     * if you're embedding this code into a larger program</strong>.
-     * @param args
-     */
-    public final static void main( String[] args )
-    {
-        if( args.length < 3 ){
-            usage("Not enough arguments.");
-        }   // end if: args.length < 3
-        else {
-            String flag = args[0];
-            String infile = args[1];
-            String outfile = args[2];
-            if( flag.equals( "-e" ) ){
-                Base64.encodeFileToFile( infile, outfile );
-            }   // end if: encode
-            else if( flag.equals( "-d" ) ) {
-                Base64.decodeFileToFile( infile, outfile );
-            }   // end else if: decode    
-            else {
-                usage( "Unknown flag: " + flag );
-            }   // end else    
-        }   // end else
-    }   // end main
-
-    /**
-     * Prints command line usage.
-     *
-     * @param msg A message to include with usage info.
-     */
-    private final static void usage( String msg )
-    {
-        System.err.println( msg );
-        System.err.println( "Usage: java Base64 -e|-d inputfile outputfile" );
-    }   // end usage
-    
-    
-/* ********  E N C O D I N G   M E T H O D S  ******** */    
-    
-    
-    /**
-     * Encodes up to the first three bytes of array <var>threeBytes</var>
-     * and returns a four-byte array in Base64 notation.
-     * The actual number of significant bytes in your array is
-     * given by <var>numSigBytes</var>.
-     * The array <var>threeBytes</var> needs only be as big as
-     * <var>numSigBytes</var>.
-     * Code can reuse a byte array by passing a four-byte array as <var>b4</var>.
-     *
-     * @param b4 A reusable byte array to reduce array instantiation
-     * @param threeBytes the array to convert
-     * @param numSigBytes the number of significant bytes in your array
-     * @return four byte array in Base64 notation.
-     * @since 1.5.1
-     */
-    private static byte[] encode3to4( byte[] b4, byte[] threeBytes, int numSigBytes, int options )
-    {
-        encode3to4( threeBytes, 0, numSigBytes, b4, 0, options );
-        return b4;
-    }   // end encode3to4
-
-    
-    /**
-     * <p>Encodes up to three bytes of the array <var>source</var>
-     * and writes the resulting four Base64 bytes to <var>destination</var>.
-     * The source and destination arrays can be manipulated
-     * anywhere along their length by specifying 
-     * <var>srcOffset</var> and <var>destOffset</var>.
-     * This method does not check to make sure your arrays
-     * are large enough to accomodate <var>srcOffset</var> + 3 for
-     * the <var>source</var> array or <var>destOffset</var> + 4 for
-     * the <var>destination</var> array.
-     * The actual number of significant bytes in your array is
-     * given by <var>numSigBytes</var>.</p>
-	 * <p>This is the lowest level of the encoding methods with
-	 * all possible parameters.</p>
-     *
-     * @param source the array to convert
-     * @param srcOffset the index where conversion begins
-     * @param numSigBytes the number of significant bytes in your array
-     * @param destination the array to hold the conversion
-     * @param destOffset the index where output will be put
-     * @return the <var>destination</var> array
-     * @since 1.3
-     */
-    private static byte[] encode3to4( 
-     byte[] source, int srcOffset, int numSigBytes,
-     byte[] destination, int destOffset, int options )
-    {
-		byte[] ALPHABET = getAlphabet( options ); 
-	
-        //           1         2         3  
-        // 01234567890123456789012345678901 Bit position
-        // --------000000001111111122222222 Array position from threeBytes
-        // --------|    ||    ||    ||    | Six bit groups to index ALPHABET
-        //          >>18  >>12  >> 6  >> 0  Right shift necessary
-        //                0x3f  0x3f  0x3f  Additional AND
-        
-        // Create buffer with zero-padding if there are only one or two
-        // significant bytes passed in the array.
-        // We have to shift left 24 in order to flush out the 1's that appear
-        // when Java treats a value as negative that is cast from a byte to an int.
-        int inBuff =   ( numSigBytes > 0 ? ((source[ srcOffset     ] << 24) >>>  8) : 0 )
-                     | ( numSigBytes > 1 ? ((source[ srcOffset + 1 ] << 24) >>> 16) : 0 )
-                     | ( numSigBytes > 2 ? ((source[ srcOffset + 2 ] << 24) >>> 24) : 0 );
-
-        switch( numSigBytes )
-        {
-            case 3:
-                destination[ destOffset     ] = ALPHABET[ (inBuff >>> 18)        ];
-                destination[ destOffset + 1 ] = ALPHABET[ (inBuff >>> 12) & 0x3f ];
-                destination[ destOffset + 2 ] = ALPHABET[ (inBuff >>>  6) & 0x3f ];
-                destination[ destOffset + 3 ] = ALPHABET[ (inBuff       ) & 0x3f ];
-                return destination;
-                
-            case 2:
-                destination[ destOffset     ] = ALPHABET[ (inBuff >>> 18)        ];
-                destination[ destOffset + 1 ] = ALPHABET[ (inBuff >>> 12) & 0x3f ];
-                destination[ destOffset + 2 ] = ALPHABET[ (inBuff >>>  6) & 0x3f ];
-                destination[ destOffset + 3 ] = EQUALS_SIGN;
-                return destination;
-                
-            case 1:
-                destination[ destOffset     ] = ALPHABET[ (inBuff >>> 18)        ];
-                destination[ destOffset + 1 ] = ALPHABET[ (inBuff >>> 12) & 0x3f ];
-                destination[ destOffset + 2 ] = EQUALS_SIGN;
-                destination[ destOffset + 3 ] = EQUALS_SIGN;
-                return destination;
-                
-            default:
-                return destination;
-        }   // end switch
-    }   // end encode3to4
-    
-    
-    
-    /**
-     * Serializes an object and returns the Base64-encoded
-     * version of that serialized object. If the object
-     * cannot be serialized or there is another error,
-     * the method will return <tt>null</tt>.
-     * The object is not GZip-compressed before being encoded.
-     *
-     * @param serializableObject The object to encode
-     * @return The Base64-encoded object
-     * @since 1.4
-     */
-    public static String encodeObject( java.io.Serializable serializableObject )
-    {
-        return encodeObject( serializableObject, NO_OPTIONS );
-    }   // end encodeObject
-    
-
-
-    /**
-     * Serializes an object and returns the Base64-encoded
-     * version of that serialized object. If the object
-     * cannot be serialized or there is another error,
-     * the method will return <tt>null</tt>.
-     * <p>
-     * Valid options:<pre>
-     *   GZIP: gzip-compresses object before encoding it.
-     *   DONT_BREAK_LINES: don't break lines at 76 characters
-     *     <i>Note: Technically, this makes your encoding non-compliant.</i>
-     * </pre>
-     * <p>
-     * Example: <code>encodeObject( myObj, Base64.GZIP )</code> or
-     * <p>
-     * Example: <code>encodeObject( myObj, Base64.GZIP | Base64.DONT_BREAK_LINES )</code>
-     *
-     * @param serializableObject The object to encode
-     * @param options Specified options
-     * @return The Base64-encoded object
-     * @see Base64#GZIP
-     * @see Base64#DONT_BREAK_LINES
-     * @since 2.0
-     */
-    public static String encodeObject( java.io.Serializable serializableObject, int options )
-    {
-        // Streams
-        java.io.ByteArrayOutputStream  baos  = null; 
-        java.io.OutputStream           b64os = null; 
-        java.io.ObjectOutputStream     oos   = null; 
-        java.util.zip.GZIPOutputStream gzos  = null;
-        
-        // Isolate options
-        int gzip           = (options & GZIP);
-        //int dontBreakLines = (options & DONT_BREAK_LINES);
-        
-        try
-        {
-            // ObjectOutputStream -> (GZIP) -> Base64 -> ByteArrayOutputStream
-            baos  = new java.io.ByteArrayOutputStream();
-            b64os = new Base64.OutputStream( baos, ENCODE | options );
-    
-            // GZip?
-            if( gzip == GZIP )
-            {
-                gzos = new java.util.zip.GZIPOutputStream( b64os );
-                oos  = new java.io.ObjectOutputStream( gzos );
-            }   // end if: gzip
-            else
-                oos   = new java.io.ObjectOutputStream( b64os );
-            
-            oos.writeObject( serializableObject );
-        }   // end try
-        catch( java.io.IOException e )
-        {
-            logger.error( Logger.SECURITY_FAILURE, "Problem writing object", e );
-            return null;
-        }   // end catch
-        finally
-        {
-            try{ oos.close();   } catch( Exception e ){}
-            try{ gzos.close();  } catch( Exception e ){}
-            try{ b64os.close(); } catch( Exception e ){}
-            try{ baos.close();  } catch( Exception e ){}
-        }   // end finally
-        
-        // Return value according to relevant encoding.
-        try 
-        {
-            return new String( baos.toByteArray(), PREFERRED_ENCODING );
-        }   // end try
-        catch (java.io.UnsupportedEncodingException uue)
-        {
-            return new String( baos.toByteArray() );
-        }   // end catch
-        
-    }   // end encode
-    
-    
-
-    /**
-     * Encodes a byte array into Base64 notation.
-     * Does not GZip-compress data.
-     *
-     * @param source The data to convert
-     * @return The Base64-encoded resulting string
-     * @since 1.4
-     */
-    public static String encodeBytes( byte[] source )
-    {
-        return encodeBytes( source, 0, source.length, NO_OPTIONS );
-    }   // end encodeBytes
-    
-
-
-    /**
-     * Encodes a byte array into Base64 notation.
-     * <p>
-     * Valid options:<pre>
-     *   GZIP: gzip-compresses object before encoding it.
-     *   DONT_BREAK_LINES: don't break lines at 76 characters
-     *     <i>Note: Technically, this makes your encoding non-compliant.</i>
-     * </pre>
-     * <p>
-     * Example: <code>encodeBytes( myData, Base64.GZIP )</code> or
-     * <p>
-     * Example: <code>encodeBytes( myData, Base64.GZIP | Base64.DONT_BREAK_LINES )</code>
-     *
-     *
-     * @param source The data to convert
-     * @param options Specified options
-     * @return The Base64-encoded resulting string
-     * @see Base64#GZIP
-     * @see Base64#DONT_BREAK_LINES
-     * @since 2.0
-     */
-    public static String encodeBytes( byte[] source, int options )
-    {   
-        return encodeBytes( source, 0, source.length, options );
-    }   // end encodeBytes
-    
-    
-    /**
-     * Encodes a byte array into Base64 notation.
-     * Does not GZip-compress data.
-     *
-     * @param source The data to convert
-     * @param off Offset in array where conversion should begin
-     * @param len Length of data to convert
-     * @return The Base64-encoded resulting string
-     * @since 1.4
-     */
-    public static String encodeBytes( byte[] source, int off, int len )
-    {
-        return encodeBytes( source, off, len, NO_OPTIONS );
-    }   // end encodeBytes
-    
-    
-
-    /**
-     * Encodes a byte array into Base64 notation.
-     * <p>
-     * Valid options:<pre>
-     *   GZIP: gzip-compresses object before encoding it.
-     *   DONT_BREAK_LINES: don't break lines at 76 characters
-     *     <i>Note: Technically, this makes your encoding non-compliant.</i>
-     * </pre>
-     * <p>
-     * Example: <code>encodeBytes( myData, Base64.GZIP )</code> or
-     * <p>
-     * Example: <code>encodeBytes( myData, Base64.GZIP | Base64.DONT_BREAK_LINES )</code>
-     *
-     *
-     * @param source The data to convert
-     * @param off Offset in array where conversion should begin
-     * @param len Length of data to convert
-     * @param options alphabet type is pulled from this (standard, url-safe, ordered)
-     * @return The Base64-encoded resulting string
-     * @see Base64#GZIP
-     * @see Base64#DONT_BREAK_LINES
-     * @since 2.0
-     */
-    public static String encodeBytes( byte[] source, int off, int len, int options )
-    {
-        // Isolate options
-        int dontBreakLines = ( options & DONT_BREAK_LINES );
-        int gzip           = ( options & GZIP   );
-        
-        // Compress?
-        if( gzip == GZIP )
-        {
-            java.io.ByteArrayOutputStream  baos  = null;
-            java.util.zip.GZIPOutputStream gzos  = null;
-            Base64.OutputStream            b64os = null;
-            
-    
-            try
-            {
-                // GZip -> Base64 -> ByteArray
-                baos = new java.io.ByteArrayOutputStream();
-                b64os = new Base64.OutputStream( baos, ENCODE | options );
-                gzos  = new java.util.zip.GZIPOutputStream( b64os ); 
-            
-                gzos.write( source, off, len );
-                gzos.close();
-            }   // end try
-            catch( java.io.IOException e )
-            {
-                logger.error( Logger.SECURITY_FAILURE, "Problem writing gzip stream", e );
-                return null;
-            }   // end catch
-            finally
-            {
-                try{ gzos.close();  } catch( Exception e ){}
-                try{ b64os.close(); } catch( Exception e ){}
-                try{ baos.close();  } catch( Exception e ){}
-            }   // end finally
-
-            // Return value according to relevant encoding.
-            try
-            {
-                return new String( baos.toByteArray(), PREFERRED_ENCODING );
-            }   // end try
-            catch (java.io.UnsupportedEncodingException uue)
-            {
-                return new String( baos.toByteArray() );
-            }   // end catch
-        }   // end if: compress
-        
-        // Else, don't compress. Better not to use streams at all then.
-        else
-        {
-            // Convert option to boolean in way that code likes it.
-            boolean breakLines = dontBreakLines == 0;
-            
-            int    len43   = len * 4 / 3;
-            byte[] outBuff = new byte[   ( len43 )                      // Main 4:3
-                                       + ( (len % 3) > 0 ? 4 : 0 )      // Account for padding
-                                       + (breakLines ? ( len43 / MAX_LINE_LENGTH ) : 0) ]; // New lines      
-            int d = 0;
-            int e = 0;
-            int len2 = len - 2;
-            int lineLength = 0;
-            for( ; d < len2; d+=3, e+=4 )
-            {
-                encode3to4( source, d+off, 3, outBuff, e, options );
-
-                lineLength += 4;
-                if( breakLines && lineLength == MAX_LINE_LENGTH )
-                {   
-                    outBuff[e+4] = NEW_LINE;
-                    e++;
-                    lineLength = 0;
-                }   // end if: end of line
-            }   // en dfor: each piece of array
-
-            if( d < len )
-            {
-                encode3to4( source, d+off, len - d, outBuff, e, options );
-                e += 4;
-            }   // end if: some padding needed
-
-            
-            // Return value according to relevant encoding.
-            try
-            {
-                return new String( outBuff, 0, e, PREFERRED_ENCODING );
-            }   // end try
-            catch (java.io.UnsupportedEncodingException uue)
-            {
-                return new String( outBuff, 0, e );
-            }   // end catch
-            
-        }   // end else: don't compress
-        
-    }   // end encodeBytes
-    
-
-    
-    
-    
-/* ********  D E C O D I N G   M E T H O D S  ******** */
-    
-    
-    /**
-     * Decodes four bytes from array <var>source</var>
-     * and writes the resulting bytes (up to three of them)
-     * to <var>destination</var>.
-     * The source and destination arrays can be manipulated
-     * anywhere along their length by specifying 
-     * <var>srcOffset</var> and <var>destOffset</var>.
-     * This method does not check to make sure your arrays
-     * are large enough to accomodate <var>srcOffset</var> + 4 for
-     * the <var>source</var> array or <var>destOffset</var> + 3 for
-     * the <var>destination</var> array.
-     * This method returns the actual number of bytes that 
-     * were converted from the Base64 encoding.
-	 * <p>This is the lowest level of the decoding methods with
-	 * all possible parameters.</p>
-     * 
-     *
-     * @param source the array to convert
-     * @param srcOffset the index where conversion begins
-     * @param destination the array to hold the conversion
-     * @param destOffset the index where output will be put
-	 * @param options alphabet type is pulled from this (standard, url-safe, ordered)
-     * @return the number of decoded bytes converted
-     * @since 1.3
-     */
-    private static int decode4to3( byte[] source, int srcOffset, byte[] destination, int destOffset, int options )
-    {
-		byte[] DECODABET = getDecodabet( options ); 
-	
-        // Example: Dk==
-        if( source[ srcOffset + 2] == EQUALS_SIGN )
-        {
-            // Two ways to do the same thing. Don't know which way I like best.
-            //int outBuff =   ( ( DECODABET[ source[ srcOffset    ] ] << 24 ) >>>  6 )
-            //              | ( ( DECODABET[ source[ srcOffset + 1] ] << 24 ) >>> 12 );
-            int outBuff =   ( ( DECODABET[ source[ srcOffset    ] ] & 0xFF ) << 18 )
-                          | ( ( DECODABET[ source[ srcOffset + 1] ] & 0xFF ) << 12 );
-            
-            destination[ destOffset ] = (byte)( outBuff >>> 16 );
-            return 1;
-        }
-        
-        // Example: DkL=
-        else if( source[ srcOffset + 3 ] == EQUALS_SIGN )
-        {
-            // Two ways to do the same thing. Don't know which way I like best.
-            //int outBuff =   ( ( DECODABET[ source[ srcOffset     ] ] << 24 ) >>>  6 )
-            //              | ( ( DECODABET[ source[ srcOffset + 1 ] ] << 24 ) >>> 12 )
-            //              | ( ( DECODABET[ source[ srcOffset + 2 ] ] << 24 ) >>> 18 );
-            int outBuff =   ( ( DECODABET[ source[ srcOffset     ] ] & 0xFF ) << 18 )
-                          | ( ( DECODABET[ source[ srcOffset + 1 ] ] & 0xFF ) << 12 )
-                          | ( ( DECODABET[ source[ srcOffset + 2 ] ] & 0xFF ) <<  6 );
-            
-            destination[ destOffset     ] = (byte)( outBuff >>> 16 );
-            destination[ destOffset + 1 ] = (byte)( outBuff >>>  8 );
-            return 2;
-        }
-        
-        // Example: DkLE
-        else
-        {
-            try{
-            // Two ways to do the same thing. Don't know which way I like best.
-            //int outBuff =   ( ( DECODABET[ source[ srcOffset     ] ] << 24 ) >>>  6 )
-            //              | ( ( DECODABET[ source[ srcOffset + 1 ] ] << 24 ) >>> 12 )
-            //              | ( ( DECODABET[ source[ srcOffset + 2 ] ] << 24 ) >>> 18 )
-            //              | ( ( DECODABET[ source[ srcOffset + 3 ] ] << 24 ) >>> 24 );
-            int outBuff =   ( ( DECODABET[ source[ srcOffset     ] ] & 0xFF ) << 18 )
-                          | ( ( DECODABET[ source[ srcOffset + 1 ] ] & 0xFF ) << 12 )
-                          | ( ( DECODABET[ source[ srcOffset + 2 ] ] & 0xFF ) <<  6)
-                          | ( ( DECODABET[ source[ srcOffset + 3 ] ] & 0xFF )      );
-
-            
-            destination[ destOffset     ] = (byte)( outBuff >> 16 );
-            destination[ destOffset + 1 ] = (byte)( outBuff >>  8 );
-            destination[ destOffset + 2 ] = (byte)( outBuff       );
-
-            return 3;
-            }catch( Exception e){
-            	
-        // Remove these after checking -- for context only.
-                // logger.error( Logger.SECURITY_FAILURE, "Problem writing object", e );
-                // logger.error( Logger.SECURITY_FAILURE, ""+source[srcOffset]+ ": " + ( DECODABET[ source[ srcOffset     ] ]  ) );
-                // logger.error( Logger.SECURITY_FAILURE, ""+source[srcOffset+1]+  ": " + ( DECODABET[ source[ srcOffset + 1 ] ]  ) );
-                // logger.error( Logger.SECURITY_FAILURE, ""+source[srcOffset+2]+  ": " + ( DECODABET[ source[ srcOffset + 2 ] ]  ) );
-                // logger.error( Logger.SECURITY_FAILURE, ""+source[srcOffset+3]+  ": " + ( DECODABET[ source[ srcOffset + 3 ] ]  ) );
-            	
-            	// CHECKME: I replaced the 5 separate logger.error() calls above with a single logger.error() call so they can't
-            	// become interleaved with other log entries from other threads. Normally this would have placed log entries
-            	// on separate lines, so I also added line terminators here as well. (Probably don't want it all on one single
-            	// really long log entry, do we?) Anyhow, somebody should check the formatting to ensure that it's
-            	// esthetically pleasing, etc. But this works for me. I'm also OK if you want to remove all the line terminators
-            	// in which case the declaration for EOL should be removed as well.		- Kevin Wall
-                
-                StringBuilder sb = new StringBuilder("Problem writing object:");
-                sb.append(EOL);
-                sb.append( source[srcOffset]   ).append(": ").append( ( DECODABET[ source[ srcOffset     ] ]  ) ).append(EOL);
-                sb.append( source[srcOffset+1] ).append(": ").append( ( DECODABET[ source[ srcOffset + 1 ] ]  ) ).append(EOL);
-                sb.append( source[srcOffset+2] ).append(": ").append( ( DECODABET[ source[ srcOffset + 2 ] ]  ) ).append(EOL);
-                sb.append( source[srcOffset+3] ).append(": ").append( ( DECODABET[ source[ srcOffset + 3 ] ]  ) ).append(EOL);
-                
-                logger.error( Logger.SECURITY_FAILURE, sb.toString(), e );
-                return -1;
-            }   // end catch
-        }
-    }   // end decodeToBytes
-    
-    
-    
-    
-    /**
-     * Very low-level access to decoding ASCII characters in
-     * the form of a byte array. Does not support automatically
-     * gunzipping or any other "fancy" features.
-     *
-     * @param source The Base64 encoded data
-     * @param off    The offset of where to begin decoding
-     * @param len    The length of characters to decode
-     * @param options
-     * @return decoded data
-     * @since 1.3
-     */
-    public static byte[] decode( byte[] source, int off, int len, int options )
-    {
-		byte[] DECODABET = getDecodabet( options );
-	
-        int    len34   = len * 3 / 4;
-        byte[] outBuff = new byte[ len34 ]; // Upper limit on size of output
-        int    outBuffPosn = 0;
-        
-        byte[] b4        = new byte[4];
-        int    b4Posn    = 0;
-        int    i         = 0;
-        byte   sbiCrop   = 0;
-        byte   sbiDecode = 0;
-        for( i = off; i < off+len; i++ )
-        {
-            sbiCrop = (byte)(source[i] & 0x7f); // Only the low seven bits
-            sbiDecode = DECODABET[ sbiCrop ];
-            
-            if( sbiDecode >= WHITE_SPACE_ENC ) // White space, Equals sign or better
-            {
-                if( sbiDecode >= EQUALS_SIGN_ENC )
-                {
-                    b4[ b4Posn++ ] = sbiCrop;
-                    if( b4Posn > 3 )
-                    {
-                        outBuffPosn += decode4to3( b4, 0, outBuff, outBuffPosn, options );
-                        b4Posn = 0;
-                        
-                        // If that was the equals sign, break out of 'for' loop
-                        if( sbiCrop == EQUALS_SIGN )
-                            break;
-                    }   // end if: quartet built
-                    
-                }   // end if: equals sign or better
-                
-            }   // end if: white space, equals sign or better
-            else
-            {
-            	logger.error( Logger.SECURITY_FAILURE, "Bad Base64 input character at " + i + ": " + source[i] + "(decimal)" );
-                return null;
-            }   // end else: 
-        }   // each input character
-                                   
-        byte[] out = new byte[ outBuffPosn ];
-        System.arraycopy( outBuff, 0, out, 0, outBuffPosn ); 
-        return out;
-    }   // end decode
-    
-    
-	
-	
-    /**
-     * Decodes data from Base64 notation, automatically
-     * detecting gzip-compressed data and decompressing it.
-     *
-     * @param s the string to decode
-     * @return the decoded data
-     * @since 1.4
-     */
-    public static byte[] decode( String s )
-	{
-		return decode( s, NO_OPTIONS );
-	}
-    
-    
-    /**
-     * Decodes data from Base64 notation, automatically
-     * detecting gzip-compressed data and decompressing it.
-     *
-     * @param s the string to decode
-	 * @param options encode options such as URL_SAFE
-     * @return the decoded data
-     * @since 1.4
-     */
-    public static byte[] decode( String s, int options )
-    {   
-        byte[] bytes;
-        try
-        {
-            bytes = s.getBytes( PREFERRED_ENCODING );
-        }
-        catch( java.io.UnsupportedEncodingException uee )
-        {
-            bytes = s.getBytes();	// Uses native encoding
-            // CHECKME: Is this correct? I think it should be a warning instead of an error since nothing
-            // is re-thrown. I do think that *some* sort of logging is in order here  especially since UTF-8 should
-            // always be available on all platforms. If it's not, then all bets are off on your runtime env. - Kevin Wall
-            logger.warning( Logger.SECURITY_FAILURE, "Problem decoding string using " +
-            			  PREFERRED_ENCODING + "; substituting native platform encoding instead", uee );
-        }
-        
-        // Decode
-        bytes = decode( bytes, 0, bytes.length, options );
-        
-        
-        // Check to see if it's gzip-compressed
-        // GZIP Magic Two-Byte Number: 0x8b1f (35615)
-        if( bytes != null && bytes.length >= 4 )
-        {
-            
-            int head = ((int)bytes[0] & 0xff) | ((bytes[1] << 8) & 0xff00);       
-            if( java.util.zip.GZIPInputStream.GZIP_MAGIC == head ) 
-            {
-                java.io.ByteArrayInputStream  bais = null;
-                java.util.zip.GZIPInputStream gzis = null;
-                java.io.ByteArrayOutputStream baos = null;
-                byte[] buffer = new byte[2048];
-                int    length = 0;
-
-                try
-                {
-                    baos = new java.io.ByteArrayOutputStream();
-                    bais = new java.io.ByteArrayInputStream( bytes );
-                    gzis = new java.util.zip.GZIPInputStream( bais );
-
-                    while( ( length = gzis.read( buffer ) ) >= 0 )
-                    {
-                        baos.write(buffer,0,length);
-                    }   // end while: reading input
-
-                    // No error? Get new bytes.
-                    bytes = baos.toByteArray();
-
-                }   // end try
-                catch( java.io.IOException e )
-                {
-                    // Just return originally-decoded bytes
-                }   // end catch
-                finally
-                {
-                    try{ baos.close(); } catch( Exception e ){}
-                    try{ gzis.close(); } catch( Exception e ){}
-                    try{ bais.close(); } catch( Exception e ){}
-                }   // end finally
-
-            }   // end if: gzipped
-        }   // end if: bytes.length >= 2
-        
-        return bytes;
-    }   // end decode
-
-
-    
-
-    /**
-     * Attempts to decode Base64 data and deserialize a Java
-     * Object within. Returns <tt>null</tt> if there was an error.
-     *
-     * <p>
-     * <b>WARNING:</b> Using this method to decode non-validated /
-     *      untrusted data from a string and deserialize it into
-     *      an object can potentially result in remote command
-     *      injection vulnerabilities. Use at your own risk!
-     * </p>
-     *
-     * @param encodedObject The Base64 data to decode
-     * @return The decoded and deserialized object
-     * @since 1.5
-     *
-     * @deprecated  Because of security issues, this method will be
-     *      removed from ESAPI in a future release and no substitute
-     *      is planned. Because as of JDK 8 (in 1Q2016) there is
-     *      currently no way to restrict which objects
-     *      <code>ObjectInputStream.readObject()</code>
-     *      may safely deserialize in the general case. Oracle
-     *      may decide to address this deficiency in a future Java
-     *      release, but until they do, there is no <i>simple</i> way for
-     *      a general class library like ESAPI to address this.
-     */
-    @Deprecated
-    public static Object decodeToObject( String encodedObject )
-    {
-        // Decode and gunzip if necessary
-        byte[] objBytes = decode( encodedObject );
-        
-        java.io.ByteArrayInputStream  bais = null;
-        java.io.ObjectInputStream     ois  = null;
-        Object obj = null;
-        
-        try
-        {
-            bais = new java.io.ByteArrayInputStream( objBytes );
-            ois  = new java.io.ObjectInputStream( bais );
-        
-            obj = ois.readObject();
-        }   // end try
-        catch( java.io.IOException e )
-        {
-            logger.error( Logger.SECURITY_FAILURE, "Problem reading object", e );
-            obj = null;
-        }   // end catch
-        catch( java.lang.ClassNotFoundException e )
-        {
-            logger.error( Logger.SECURITY_FAILURE, "Problem reading object", e );
-            obj = null;
-        }   // end catch
-        finally
-        {
-            try{ bais.close(); } catch( Exception e ){}
-            try{ ois.close();  } catch( Exception e ){}
-        }   // end finally
-        
-        return obj;
-    }   // end decodeObject
-    
-    
-    
-    /**
-     * Convenience method for encoding data to a file.
-     *
-     * @param dataToEncode byte array of data to encode in base64 form
-     * @param filename Filename for saving encoded data
-     * @return <tt>true</tt> if successful, <tt>false</tt> otherwise
-     *
-     * @since 2.1
-     */
-    public static boolean encodeToFile( byte[] dataToEncode, String filename )
-    {
-        boolean success = false;
-        Base64.OutputStream bos = null;
-        try
-        {
-            bos = new Base64.OutputStream( 
-                      new java.io.FileOutputStream( filename ), Base64.ENCODE );
-            bos.write( dataToEncode );
-            success = true;
-        }   // end try
-        catch( java.io.IOException e )
-        {
-            
-            success = false;
-        }   // end catch: IOException
-        finally
-        {
-            try{ bos.close(); } catch( Exception e ){}
-        }   // end finally
-        
-        return success;
-    }   // end encodeToFile
-    
-    
-    /**
-     * Convenience method for decoding data to a file.
-     *
-     * @param dataToDecode Base64-encoded data as a string
-     * @param filename Filename for saving decoded data
-     * @return <tt>true</tt> if successful, <tt>false</tt> otherwise
-     *
-     * @since 2.1
-     */
-    public static boolean decodeToFile( String dataToDecode, String filename )
-    {
-        boolean success = false;
-        Base64.OutputStream bos = null;
-        try
-        {
-                bos = new Base64.OutputStream( 
-                          new java.io.FileOutputStream( filename ), Base64.DECODE );
-                bos.write( dataToDecode.getBytes( PREFERRED_ENCODING ) );
-                success = true;
-        }   // end try
-        catch( java.io.IOException e )
-        {
-            success = false;
-        }   // end catch: IOException
-        finally
-        {
-                try{ bos.close(); } catch( Exception e ){}
-        }   // end finally
-        
-        return success;
-    }   // end decodeToFile
-    
-    
-    
-    
-    /**
-     * Convenience method for reading a base64-encoded
-     * file and decoding it.
-     *
-     * @param filename Filename for reading encoded data
-     * @return decoded byte array or null if unsuccessful
-     *
-     * @since 2.1
-     */
-    public static byte[] decodeFromFile( String filename )
-    {
-        byte[] decodedData = null;
-        Base64.InputStream bis = null;
-        try
-        {
-            // Set up some useful variables
-            java.io.File file = new java.io.File( filename );
-            byte[] buffer = null;
-            int length   = 0;
-            int numBytes = 0;
-            
-            // Check for size of file
-            if( file.length() > Integer.MAX_VALUE )
-            {
-                logger.error( Logger.SECURITY_FAILURE, "File is too big for this convenience method (" + file.length() + " bytes)." );
-                return null;
-            }   // end if: file too big for int index
-            buffer = new byte[ (int)file.length() ];
-            
-            // Open a stream
-            bis = new Base64.InputStream( 
-                      new java.io.BufferedInputStream( 
-                      new java.io.FileInputStream( file ) ), Base64.DECODE );
-            
-            // Read until done
-            while( ( numBytes = bis.read( buffer, length, 4096 ) ) >= 0 )
-                length += numBytes;
-            
-            // Save in a variable to return
-            decodedData = new byte[ length ];
-            System.arraycopy( buffer, 0, decodedData, 0, length );
-            
-        }   // end try
-        catch( java.io.IOException e )
-        {
-            logger.error( Logger.SECURITY_FAILURE, "Error decoding from file " + filename, e );
-        }   // end catch: IOException
-        finally
-        {
-            try{ if (bis != null ) bis.close(); } catch( Exception e) {}
-        }   // end finally
-        
-        return decodedData;
-    }   // end decodeFromFile
-    
-    
-    
-    /**
-     * Convenience method for reading a binary file
-     * and base64-encoding it.
-     *
-     * @param filename Filename for reading binary data
-     * @return base64-encoded string or null if unsuccessful
-     *
-     * @since 2.1
-     */
-    public static String encodeFromFile( String filename )
-    {
-        String encodedData = null;
-        Base64.InputStream bis = null;
-        try
-        {
-            // Set up some useful variables
-            java.io.File file = new java.io.File( filename );
-            byte[] buffer = new byte[ Math.max((int)(file.length() * 1.4),40) ]; // Need max() for math on small files (v2.2.1)
-            int length   = 0;
-            int numBytes = 0;
-            
-            // Open a stream
-            bis = new Base64.InputStream( 
-                      new java.io.BufferedInputStream( 
-                      new java.io.FileInputStream( file ) ), Base64.ENCODE );
-            
-            // Read until done
-            while( ( numBytes = bis.read( buffer, length, 4096 ) ) >= 0 )
-                length += numBytes;
-            
-            // Save in a variable to return
-            encodedData = new String( buffer, 0, length, Base64.PREFERRED_ENCODING );
-                
-        }   // end try
-        catch( java.io.IOException e )
-        {
-            logger.error( Logger.SECURITY_FAILURE, "Error encoding from file " + filename, e );
-        }   // end catch: IOException
-        finally
-        {
-            try{ bis.close(); } catch( Exception e) {}
-        }   // end finally
-        
-        return encodedData;
-        }   // end encodeFromFile
-    
-    
-    
-    
-    /**
-     * Reads <tt>infile</tt> and encodes it to <tt>outfile</tt>.
-     *
-     * @param infile Input file
-     * @param outfile Output file
-     * @return true if the operation is successful
-     * @since 2.2
-     */
-    public static boolean encodeFileToFile( String infile, String outfile )
-    {
-        boolean success = false;
-        java.io.InputStream in = null;
-        java.io.OutputStream out = null;
-        try{
-            in  = new Base64.InputStream( 
-                      new java.io.BufferedInputStream( 
-                      new java.io.FileInputStream( infile ) ), 
-                      Base64.ENCODE );
-            out = new java.io.BufferedOutputStream( new java.io.FileOutputStream( outfile ) );
-            byte[] buffer = new byte[65536]; // 64K
-            int read = -1;
-            while( ( read = in.read(buffer) ) >= 0 ){
-                out.write( buffer,0,read );
-            }   // end while: through file
-            success = true;
-        } catch( java.io.IOException exc ){
-            logger.error( Logger.SECURITY_FAILURE, "Problem encoding file to file", exc );
-        } finally{
-            try{ in.close();  } catch( Exception exc ){}
-            try{ out.close(); } catch( Exception exc ){}
-        }   // end finally
-        
-        return success;
-    }   // end encodeFileToFile
-    
-    
-    
-    /**
-     * Reads <tt>infile</tt> and decodes it to <tt>outfile</tt>.
-     *
-     * @param infile Input file
-     * @param outfile Output file
-     * @return true if the operation is successful
-     * @since 2.2
-     */
-    public static boolean decodeFileToFile( String infile, String outfile )
-    {
-        boolean success = false;
-        java.io.InputStream in = null;
-        java.io.OutputStream out = null;
-        try{
-            in  = new Base64.InputStream( 
-                      new java.io.BufferedInputStream( 
-                      new java.io.FileInputStream( infile ) ), 
-                      Base64.DECODE );
-            out = new java.io.BufferedOutputStream( new java.io.FileOutputStream( outfile ) );
-            byte[] buffer = new byte[65536]; // 64K
-            int read = -1;
-            while( ( read = in.read(buffer) ) >= 0 ){
-                out.write( buffer,0,read );
-            }   // end while: through file
-            success = true;
-        } catch( java.io.IOException exc ){
-            logger.error( Logger.SECURITY_FAILURE, "Problem decoding file to file", exc );
-        } finally{
-            try{ in.close();  } catch( Exception exc ){}
-            try{ out.close(); } catch( Exception exc ){}
-        }   // end finally
-        
-        return success;
-    }   // end decodeFileToFile
-    
-    
-    /* ********  I N N E R   C L A S S   I N P U T S T R E A M  ******** */
-    
-    
-    
-    /**
-     * A {@link Base64.InputStream} will read data from another
-     * <tt>java.io.InputStream</tt>, given in the constructor,
-     * and encode/decode to/from Base64 notation on the fly.
-     *
-     * @see Base64
-     * @since 1.3
-     */
-    public static class InputStream extends java.io.FilterInputStream
-    {
-        private boolean encode;         // Encoding or decoding
-        private int     position;       // Current position in the buffer
-        private byte[]  buffer;         // Small buffer holding converted data
-        private int     bufferLength;   // Length of buffer (3 or 4)
-        private int     numSigBytes;    // Number of meaningful bytes in the buffer
-        private int     lineLength;
-        private boolean breakLines;     // Break lines at less than 80 characters
-		private int     options;        // Record options used to create the stream.
-		private byte[]  decodabet;		// Local copies to avoid extra method calls
-        
-        
-        /**
-         * Constructs a {@link Base64.InputStream} in DECODE mode.
-         *
-         * @param in the <tt>java.io.InputStream</tt> from which to read data.
-         * @since 1.3
-         */
-        public InputStream( java.io.InputStream in )
-        {   
-            this( in, DECODE );
-        }   // end constructor
-        
-        
-        /**
-         * Constructs a {@link Base64.InputStream} in
-         * either ENCODE or DECODE mode.
-         * <p>
-         * Valid options:<pre>
-         *   ENCODE or DECODE: Encode or Decode as data is read.
-         *   DONT_BREAK_LINES: don't break lines at 76 characters
-         *     (only meaningful when encoding)
-         *     <i>Note: Technically, this makes your encoding non-compliant.</i>
-         * </pre>
-         * <p>
-         * Example: <code>new Base64.InputStream( in, Base64.DECODE )</code>
-         *
-         *
-         * @param in the <tt>java.io.InputStream</tt> from which to read data.
-         * @param options Specified options
-         * @see Base64#ENCODE
-         * @see Base64#DECODE
-         * @see Base64#DONT_BREAK_LINES
-         * @since 2.0
-         */
-        public InputStream( java.io.InputStream in, int options )
-        {   
-            super( in );
-            this.breakLines   = (options & DONT_BREAK_LINES) != DONT_BREAK_LINES;
-            this.encode       = (options & ENCODE) == ENCODE;
-            this.bufferLength = encode ? 4 : 3;
-            this.buffer       = new byte[ bufferLength ];
-            this.position     = -1;
-            this.lineLength   = 0;
-			this.options      = options; // Record for later, mostly to determine which alphabet to use
-			this.decodabet    = getDecodabet(options);
-        }   // end constructor
-        
-        /**
-         * Reads enough of the input stream to convert
-         * to/from Base64 and returns the next byte.
-         *
-         * @return next byte
-         * @throws java.io.IOException
-         * @since 1.3
-         */
-        public int read() throws java.io.IOException 
-        { 
-            // Do we need to get data?
-            if( position < 0 )
-            {
-                if( encode )
-                {
-                    byte[] b3 = new byte[3];
-                    int numBinaryBytes = 0;
-                    for( int i = 0; i < 3; i++ )
-                    {
-                        try
-                        { 
-                            int b = in.read();
-                            
-                            // If end of stream, b is -1.
-                            if( b >= 0 )
-                            {
-                                b3[i] = (byte)b;
-                                numBinaryBytes++;
-                            }   // end if: not end of stream
-                            
-                        }   // end try: read
-                        catch( java.io.IOException e )
-                        {   
-                            // Only a problem if we got no data at all.
-                            if( i == 0 )
-                                throw e;
-                            
-                        }   // end catch
-                    }   // end for: each needed input byte
-                    
-                    if( numBinaryBytes > 0 )
-                    {
-                        encode3to4( b3, 0, numBinaryBytes, buffer, 0, options );
-                        position = 0;
-                        numSigBytes = 4;
-                    }   // end if: got data
-                    else
-                    {
-                        return -1;
-                    }   // end else
-                }   // end if: encoding
-                
-                // Else decoding
-                else
-                {
-                    byte[] b4 = new byte[4];
-                    int i = 0;
-                    for( i = 0; i < 4; i++ )
-                    {
-                        // Read four "meaningful" bytes:
-                        int b = 0;
-                        do{ b = in.read(); }
-                        while( b >= 0 && decodabet[ b & 0x7f ] <= WHITE_SPACE_ENC );
-                        
-                        if( b < 0 )
-                            break; // Reads a -1 if end of stream
-                        
-                        b4[i] = (byte)b;
-                    }   // end for: each needed input byte
-                    
-                    if( i == 4 )
-                    {
-                        numSigBytes = decode4to3( b4, 0, buffer, 0, options );
-                        position = 0;
-                    }   // end if: got four characters
-                    else if( i == 0 ){
-                        return -1;
-                    }   // end else if: also padded correctly
-                    else
-                    {
-                        // Must have broken out from above.
-                        throw new java.io.IOException( "Improperly padded Base64 input." );
-                    }   // end 
-                    
-                }   // end else: decode
-            }   // end else: get data
-            
-            // Got data?
-            if( position >= 0 )
-            {
-                // End of relevant data?
-                if( /*!encode &&*/ position >= numSigBytes )
-                    return -1;
-                
-                if( encode && breakLines && lineLength >= MAX_LINE_LENGTH )
-                {
-                    lineLength = 0;
-                    return '\n';
-                }   // end if
-                else
-                {
-                    lineLength++;   // This isn't important when decoding
-                                    // but throwing an extra "if" seems
-                                    // just as wasteful.
-                    
-                    int b = buffer[ position++ ];
-
-                    if( position >= bufferLength )
-                        position = -1;
-
-                    return b & 0xFF; // This is how you "cast" a byte that's
-                                     // intended to be unsigned.
-                }   // end else
-            }   // end if: position >= 0
-            
-            // Else error
-            else
-            {   
-                // When JDK1.4 is more accepted, use an assertion here.
-                throw new java.io.IOException( "Error in Base64 code reading stream." );
-            }   // end else
-        }   // end read
-        
-        
-        /**
-         * Calls {@link #read()} repeatedly until the end of stream
-         * is reached or <var>len</var> bytes are read.
-         * Returns number of bytes read into array or -1 if
-         * end of stream is encountered.
-         *
-         * @param dest array to hold values
-         * @param off offset for array
-         * @param len max number of bytes to read into array
-         * @return bytes read into array or -1 if end of stream is encountered.
-         * @throws java.io.IOException
-         * @since 1.3
-         */
-        public int read( byte[] dest, int off, int len ) throws java.io.IOException
-        {
-            int i;
-            int b;
-            for( i = 0; i < len; i++ )
-            {
-                b = read();
-                
-                //if( b < 0 && i == 0 )
-                //    return -1;
-                
-                if( b >= 0 )
-                    dest[off + i] = (byte)b;
-                else if( i == 0 )
-                    return -1;
-                else
-                    break; // Out of 'for' loop
-            }   // end for: each byte read
-            return i;
-        }   // end read
-        
-    }   // end inner class InputStream
-    
-    
-    
-    
-    
-    
-    /* ********  I N N E R   C L A S S   O U T P U T S T R E A M  ******** */
-    
-    
-    
-    /**
-     * A {@link Base64.OutputStream} will write data to another
-     * <tt>java.io.OutputStream</tt>, given in the constructor,
-     * and encode/decode to/from Base64 notation on the fly.
-     *
-     * @see Base64
-     * @since 1.3
-     */
-    public static class OutputStream extends java.io.FilterOutputStream
-    {
-        private boolean encode;
-        private int     position;
-        private byte[]  buffer;
-        private int     bufferLength;
-        private int     lineLength;
-        private boolean breakLines;
-        private byte[]  b4; // Scratch used in a few places
-        private boolean suspendEncoding;
-		private int options; // Record for later
-		private byte[]  decodabet;		// Local copies to avoid extra method calls
-        
-        /**
-         * Constructs a {@link Base64.OutputStream} in ENCODE mode.
-         *
-         * @param out the <tt>java.io.OutputStream</tt> to which data will be written.
-         * @since 1.3
-         */
-        public OutputStream( java.io.OutputStream out )
-        {   
-            this( out, ENCODE );
-        }   // end constructor
-        
-        
-        /**
-         * Constructs a {@link Base64.OutputStream} in
-         * either ENCODE or DECODE mode.
-         * <p>
-         * Valid options:<pre>
-         *   ENCODE or DECODE: Encode or Decode as data is read.
-         *   DONT_BREAK_LINES: don't break lines at 76 characters
-         *     (only meaningful when encoding)
-         *     <i>Note: Technically, this makes your encoding non-compliant.</i>
-         * </pre>
-         * <p>
-         * Example: <code>new Base64.OutputStream( out, Base64.ENCODE )</code>
-         *
-         * @param out the <tt>java.io.OutputStream</tt> to which data will be written.
-         * @param options Specified options.
-         * @see Base64#ENCODE
-         * @see Base64#DECODE
-         * @see Base64#DONT_BREAK_LINES
-         * @since 1.3
-         */
-        public OutputStream( java.io.OutputStream out, int options )
-        {   
-            super( out );
-            this.breakLines   = (options & DONT_BREAK_LINES) != DONT_BREAK_LINES;
-            this.encode       = (options & ENCODE) == ENCODE;
-            this.bufferLength = encode ? 3 : 4;
-            this.buffer       = new byte[ bufferLength ];
-            this.position     = 0;
-            this.lineLength   = 0;
-            this.suspendEncoding = false;
-            this.b4           = new byte[4];
-			this.options      = options;
-			this.decodabet    = getDecodabet(options);
-        }   // end constructor
-        
-        
-        /**
-         * Writes the byte to the output stream after
-         * converting to/from Base64 notation.
-         * When encoding, bytes are buffered three
-         * at a time before the output stream actually
-         * gets a write() call.
-         * When decoding, bytes are buffered four
-         * at a time.
-         *
-         * @param theByte the byte to write
-         * @throws java.io.IOException
-         * @since 1.3
-         */
-        public void write(int theByte) throws java.io.IOException
-        {
-            // Encoding suspended?
-            if( suspendEncoding )
-            {
-                super.out.write( theByte );
-                return;
-            }   // end if: supsended
-            
-            // Encode?
-            if( encode )
-            {
-                buffer[ position++ ] = (byte)theByte;
-                if( position >= bufferLength )  // Enough to encode.
-                {
-                    out.write( encode3to4( b4, buffer, bufferLength, options ) );
-
-                    lineLength += 4;
-                    if( breakLines && lineLength >= MAX_LINE_LENGTH )
-                    {
-                        out.write( NEW_LINE );
-                        lineLength = 0;
-                    }   // end if: end of line
-
-                    position = 0;
-                }   // end if: enough to output
-            }   // end if: encoding
-
-            // Else, Decoding
-            else
-            {
-                // Meaningful Base64 character?
-                if( decodabet[ theByte & 0x7f ] > WHITE_SPACE_ENC )
-                {
-                    buffer[ position++ ] = (byte)theByte;
-                    if( position >= bufferLength )  // Enough to output.
-                    {
-                        int len = Base64.decode4to3( buffer, 0, b4, 0, options );
-                        out.write( b4, 0, len );
-                        //out.write( Base64.decode4to3( buffer ) );
-                        position = 0;
-                    }   // end if: enough to output
-                }   // end if: meaningful base64 character
-                else if( decodabet[ theByte & 0x7f ] != WHITE_SPACE_ENC )
-                {
-                    throw new java.io.IOException( "Invalid character in Base64 data." );
-                }   // end else: not white space either
-            }   // end else: decoding
-        }   // end write
-        
-        
-        
-        /**
-         * Calls {@link #write(int)} repeatedly until <var>len</var> 
-         * bytes are written.
-         *
-         * @param theBytes array from which to read bytes
-         * @param off offset for array
-         * @param len max number of bytes to read into array
-         * @throws java.io.IOException
-         * @since 1.3
-         */
-        public void write( byte[] theBytes, int off, int len ) throws java.io.IOException
-        {
-            // Encoding suspended?
-            if( suspendEncoding )
-            {
-                super.out.write( theBytes, off, len );
-                return;
-            }   // end if: supsended
-            
-            for( int i = 0; i < len; i++ )
-            {
-                write( theBytes[ off + i ] );
-            }   // end for: each byte written
-            
-        }   // end write
-        
-        
-        
-        /**
-         * Method added by PHIL. [Thanks, PHIL. -Rob]
-         * This pads the buffer without closing the stream.
-         * @throws java.io.IOException
-         */
-        public void flushBase64() throws java.io.IOException 
-        {
-            if( position > 0 )
-            {
-                if( encode )
-                {
-                    out.write( encode3to4( b4, buffer, position, options ) );
-                    position = 0;
-                }   // end if: encoding
-                else
-                {
-                    throw new java.io.IOException( "Base64 input not properly padded." );
-                }   // end else: decoding
-            }   // end if: buffer partially full
-
-        }   // end flush
-
-        
-        /** 
-         * Flushes and closes (I think, in the superclass) the stream. 
-         *
-         * @throws java.io.IOException
-         * @since 1.3
-         */
-        public void close() throws java.io.IOException
-        {
-            // 1. Ensure that pending characters are written
-            flushBase64();
-
-            // 2. Actually close the stream
-            // Base class both flushes and closes.
-            super.close();
-            
-            buffer = null;
-            out    = null;
-        }   // end close
-        
-        
-        
-        /**
-         * Suspends encoding of the stream.
-         * May be helpful if you need to embed a piece of
-         * base640-encoded data in a stream.
-         *
-         * @throws java.io.IOException
-         * @since 1.5.1
-         */
-        public void suspendEncoding() throws java.io.IOException 
-        {
-            flushBase64();
-            this.suspendEncoding = true;
-        }   // end suspendEncoding
-        
-        
-        /**
-         * Resumes encoding of the stream.
-         * May be helpful if you need to embed a piece of
-         * base640-encoded data in a stream.
-         *
-         * @since 1.5.1
-         */
-        public void resumeEncoding()
-        {
-            this.suspendEncoding = false;
-        }   // end resumeEncoding
-        
-        
-        
-    }   // end inner class OutputStream
-    
-    
-}   // end class Base64
+package org.owasp.esapi.codecs;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Logger;
+
+// CHECKME: Version at http://iharder.net/base64 is up to v2.3.3. Some semantic changes
+// starting with v2.3. Should we upgrade and then add ESAPI logging or stay at 2.2.2 base?
+// I think that really depends on how much OWASP ESAPI plans on tracking changes to this
+// version vs. if the plan was just to fork from it and maintain OWASP's own version.
+// At this point, I think I prefer split from tracking Harder's original, but I'm easily
+// persuaded otherwise. - Kevin Wall
+
+/**
+ * <p>Encodes and decodes to and from Base64 notation.</p>
+ * <p>Homepage: <a href="http://iharder.net/base64">http://iharder.net/base64</a>
+ * (based on version 2.2.2).</p>
+ *
+ * <p>The <tt>options</tt> parameter, which appears in a few places, is used to pass 
+ * several pieces of information to the encoder. In the "higher level" methods such as 
+ * encodeBytes( bytes, options ) the options parameter can be used to indicate such 
+ * things as first gzipping the bytes before encoding them, not inserting linefeeds 
+ * (though that breaks strict Base64 compatibility), and encoding using the URL-safe 
+ * and Ordered dialects.</p>
+ *
+ * <p>The constants defined in Base64 can be OR-ed together to combine options, so you 
+ * might make a call like this:</p>
+ *
+ * <code>String encoded = Base64.encodeBytes( mybytes, Base64.GZIP | Base64.DONT_BREAK_LINES );</code>
+ *
+ * <p>to compress the data before encoding it and then making the output have no newline characters.</p>
+ *
+ *
+ * <p>
+ * Original change Log:
+ * </p>
+ * <ul>
+ *  <li>v2.2.2 - Fixed encodeFileToFile and decodeFileToFile to use the
+ *   Base64.InputStream class to encode and decode on the fly which uses
+ *   less memory than encoding/decoding an entire file into memory before writing.</li>
+ *  <li>v2.2.1 - Fixed bug using URL_SAFE and ORDERED encodings. Fixed bug
+ *   when using very small files (~< 40 bytes).</li>
+ *  <li>v2.2 - Added some helper methods for encoding/decoding directly from
+ *   one file to the next. Also added a main() method to support command line
+ *   encoding/decoding from one file to the next. Also added these Base64 dialects:
+ *   <ol>
+ *   <li>The default is RFC3548 format.</li>
+ *   <li>Calling Base64.setFormat(Base64.BASE64_FORMAT.URLSAFE_FORMAT) generates
+ *   URL and file name friendly format as described in Section 4 of RFC3548.
+ *   http://www.faqs.org/rfcs/rfc3548.html</li>
+ *   <li>Calling Base64.setFormat(Base64.BASE64_FORMAT.ORDERED_FORMAT) generates
+ *   URL and file name friendly format that preserves lexical ordering as described
+ *   in http://www.faqs.org/qa/rfcc-1940.html</li>
+ *   </ol>
+ *   Special thanks to Jim Kellerman at <a href="http://www.powerset.com/">http://www.powerset.com/</a>
+ *   for contributing the new Base64 dialects.
+ *  </li>
+ * 
+ *  <li>v2.1 - Cleaned up javadoc comments and unused variables and methods. Added
+ *   some convenience methods for reading and writing to and from files.</li>
+ *  <li>v2.0.2 - Now specifies UTF-8 encoding in places where the code fails on systems
+ *   with other encodings (like EBCDIC).</li>
+ *  <li>v2.0.1 - Fixed an error when decoding a single byte, that is, when the
+ *   encoded data was a single byte.</li>
+ *  <li>v2.0 - I got rid of methods that used booleans to set options. 
+ *   Now everything is more consolidated and cleaner. The code now detects
+ *   when data that's being decoded is gzip-compressed and will decompress it
+ *   automatically. Generally things are cleaner. You'll probably have to
+ *   change some method calls that you were making to support the new
+ *   options format (<tt>int</tt>s that you "OR" together).</li>
+ *  <li>v1.5.1 - Fixed bug when decompressing and decoding to a             
+ *   byte[] using <tt>decode( String s, boolean gzipCompressed )</tt>.      
+ *   Added the ability to "suspend" encoding in the Output Stream so        
+ *   you can turn on and off the encoding if you need to embed base64       
+ *   data in an otherwise "normal" stream (like an XML file).</li>  
+ *  <li>v1.5 - Output stream pases on flush() command but doesn't do anything itself.
+ *      This helps when using GZIP streams.
+ *      Added the ability to GZip-compress objects before encoding them.</li>
+ *  <li>v1.4 - Added helper methods to read/write files.</li>
+ *  <li>v1.3.6 - Fixed OutputStream.flush() so that 'position' is reset.</li>
+ *  <li>v1.3.5 - Added flag to turn on and off line breaks. Fixed bug in input stream
+ *      where last buffer being read, if not completely full, was not returned.</li>
+ *  <li>v1.3.4 - Fixed when "improperly padded stream" error was thrown at the wrong time.</li>
+ *  <li>v1.3.3 - Fixed I/O streams which were totally messed up.</li>
+ * </ul>
+ *
+ * <p>
+ * I am placing this code in the Public Domain. Do with it as you will.
+ * This software comes with no guarantees or warranties but with
+ * plenty of well-wishing instead!
+ * Please visit <a href="http://iharder.net/base64">http://iharder.net/base64</a>
+ * periodically to check for updates or to contribute improvements.
+ * </p>
+ *
+ * @author Robert Harder
+ * @author rob@iharder.net
+ * @version 2.2.2
+ */
+public class Base64
+{
+    
+/* ********  P U B L I C   F I E L D S  ******** */   
+    
+    
+    /** No options specified. Value is zero. */
+    public final static int NO_OPTIONS = 0;
+    
+    /** Specify encoding. */
+    public final static int ENCODE = 1;
+    
+    
+    /** Specify decoding. */
+    public final static int DECODE = 0;
+    
+    
+    /** Specify that data should be gzip-compressed. */
+    public final static int GZIP = 2;
+    
+    
+    /** Don't break lines when encoding (violates strict Base64 specification) */
+    public final static int DONT_BREAK_LINES = 8;
+	
+	/** 
+	 * Encode using Base64-like encoding that is URL- and Filename-safe as described
+	 * in Section 4 of RFC3548: 
+	 * <a href="http://www.faqs.org/rfcs/rfc3548.html">http://www.faqs.org/rfcs/rfc3548.html</a>.
+	 * It is important to note that data encoded this way is <em>not</em> officially valid Base64, 
+	 * or at the very least should not be called Base64 without also specifying that is
+	 * was encoded using the URL- and Filename-safe dialect.
+	 */
+	 public final static int URL_SAFE = 16;
+	 
+	 
+	 /**
+	  * Encode using the special "ordered" dialect of Base64 described here:
+	  * <a href="http://www.faqs.org/qa/rfcc-1940.html">http://www.faqs.org/qa/rfcc-1940.html</a>.
+	  */
+	 public final static int ORDERED = 32;
+    
+    
+/* ********  P R I V A T E   F I E L D S  ******** */  
+    
+    
+    /** Maximum line length (76) of Base64 output. */
+    private final static int MAX_LINE_LENGTH = 76;
+    
+    
+    /** The equals sign (=) as a byte. */
+    private final static byte EQUALS_SIGN = (byte)'=';
+    
+    
+    /** The new line character (\n) as a byte. */
+    private final static byte NEW_LINE = (byte)'\n';
+    
+    
+    /** Preferred encoding. */
+    private final static String PREFERRED_ENCODING = "UTF-8";
+    
+    /** End of line character. */
+    private final static String EOL = System.getProperty("line.separator", "\n");
+	
+	
+    // I think I end up not using the BAD_ENCODING indicator.
+    //private final static byte BAD_ENCODING    = -9; // Indicates error in encoding
+    private final static byte WHITE_SPACE_ENC = -5; // Indicates white space in encoding
+    private final static byte EQUALS_SIGN_ENC = -1; // Indicates equals sign in encoding
+	
+    private static final Logger logger = ESAPI.getLogger("Base64");
+    
+	
+/* ********  S T A N D A R D   B A S E 6 4   A L P H A B E T  ******** */	
+    
+    /** The 64 valid Base64 values. */
+    //private final static byte[] ALPHABET;
+	/* Host platform me be something funny like EBCDIC, so we hard code these values. */
+	private final static byte[] _STANDARD_ALPHABET =
+    {
+        (byte)'A', (byte)'B', (byte)'C', (byte)'D', (byte)'E', (byte)'F', (byte)'G',
+        (byte)'H', (byte)'I', (byte)'J', (byte)'K', (byte)'L', (byte)'M', (byte)'N',
+        (byte)'O', (byte)'P', (byte)'Q', (byte)'R', (byte)'S', (byte)'T', (byte)'U', 
+        (byte)'V', (byte)'W', (byte)'X', (byte)'Y', (byte)'Z',
+        (byte)'a', (byte)'b', (byte)'c', (byte)'d', (byte)'e', (byte)'f', (byte)'g',
+        (byte)'h', (byte)'i', (byte)'j', (byte)'k', (byte)'l', (byte)'m', (byte)'n',
+        (byte)'o', (byte)'p', (byte)'q', (byte)'r', (byte)'s', (byte)'t', (byte)'u', 
+        (byte)'v', (byte)'w', (byte)'x', (byte)'y', (byte)'z',
+        (byte)'0', (byte)'1', (byte)'2', (byte)'3', (byte)'4', (byte)'5', 
+        (byte)'6', (byte)'7', (byte)'8', (byte)'9', (byte)'+', (byte)'/'
+    };
+	
+    
+    /** 
+     * Translates a Base64 value to either its 6-bit reconstruction value
+     * or a negative number indicating some other meaning.
+     **/
+    private final static byte[] _STANDARD_DECODABET =
+    {   
+        -9,-9,-9,-9,-9,-9,-9,-9,-9,                 // Decimal  0 -  8
+        -5,-5,                                      // Whitespace: Tab and Linefeed
+        -9,-9,                                      // Decimal 11 - 12
+        -5,                                         // Whitespace: Carriage Return
+        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 14 - 26
+        -9,-9,-9,-9,-9,                             // Decimal 27 - 31
+        -5,                                         // Whitespace: Space
+        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,              // Decimal 33 - 42
+        62,                                         // Plus sign at decimal 43
+        -9,-9,-9,                                   // Decimal 44 - 46
+        63,                                         // Slash at decimal 47
+        52,53,54,55,56,57,58,59,60,61,              // Numbers zero through nine
+        -9,-9,-9,                                   // Decimal 58 - 60
+        -1,                                         // Equals sign at decimal 61
+        -9,-9,-9,                                      // Decimal 62 - 64
+        0,1,2,3,4,5,6,7,8,9,10,11,12,13,            // Letters 'A' through 'N'
+        14,15,16,17,18,19,20,21,22,23,24,25,        // Letters 'O' through 'Z'
+        -9,-9,-9,-9,-9,-9,                          // Decimal 91 - 96
+        26,27,28,29,30,31,32,33,34,35,36,37,38,     // Letters 'a' through 'm'
+        39,40,41,42,43,44,45,46,47,48,49,50,51,     // Letters 'n' through 'z'
+        -9,-9,-9,-9                                 // Decimal 123 - 126
+        /*,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 127 - 139
+        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 140 - 152
+        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 153 - 165
+        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 166 - 178
+        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 179 - 191
+        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 192 - 204
+        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 205 - 217
+        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 218 - 230
+        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 231 - 243
+        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9         // Decimal 244 - 255 */
+    };
+	
+	
+/* ********  U R L   S A F E   B A S E 6 4   A L P H A B E T  ******** */
+	
+	/**
+	 * Used in the URL- and Filename-safe dialect described in Section 4 of RFC3548: 
+	 * <a href="http://www.faqs.org/rfcs/rfc3548.html">http://www.faqs.org/rfcs/rfc3548.html</a>.
+	 * Notice that the last two bytes become "hyphen" and "underscore" instead of "plus" and "slash."
+	 */
+    private final static byte[] _URL_SAFE_ALPHABET =
+    {
+      (byte)'A', (byte)'B', (byte)'C', (byte)'D', (byte)'E', (byte)'F', (byte)'G',
+      (byte)'H', (byte)'I', (byte)'J', (byte)'K', (byte)'L', (byte)'M', (byte)'N',
+      (byte)'O', (byte)'P', (byte)'Q', (byte)'R', (byte)'S', (byte)'T', (byte)'U', 
+      (byte)'V', (byte)'W', (byte)'X', (byte)'Y', (byte)'Z',
+      (byte)'a', (byte)'b', (byte)'c', (byte)'d', (byte)'e', (byte)'f', (byte)'g',
+      (byte)'h', (byte)'i', (byte)'j', (byte)'k', (byte)'l', (byte)'m', (byte)'n',
+      (byte)'o', (byte)'p', (byte)'q', (byte)'r', (byte)'s', (byte)'t', (byte)'u', 
+      (byte)'v', (byte)'w', (byte)'x', (byte)'y', (byte)'z',
+      (byte)'0', (byte)'1', (byte)'2', (byte)'3', (byte)'4', (byte)'5', 
+      (byte)'6', (byte)'7', (byte)'8', (byte)'9', (byte)'-', (byte)'_'
+    };
+	
+	/**
+	 * Used in decoding URL- and Filename-safe dialects of Base64.
+	 */
+    private final static byte[] _URL_SAFE_DECODABET =
+    {   
+      -9,-9,-9,-9,-9,-9,-9,-9,-9,                 // Decimal  0 -  8
+      -5,-5,                                      // Whitespace: Tab and Linefeed
+      -9,-9,                                      // Decimal 11 - 12
+      -5,                                         // Whitespace: Carriage Return
+      -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 14 - 26
+      -9,-9,-9,-9,-9,                             // Decimal 27 - 31
+      -5,                                         // Whitespace: Space
+      -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,              // Decimal 33 - 42
+      -9,                                         // Plus sign at decimal 43
+      -9,                                         // Decimal 44
+      62,                                         // Minus sign at decimal 45
+      -9,                                         // Decimal 46
+      -9,                                         // Slash at decimal 47
+      52,53,54,55,56,57,58,59,60,61,              // Numbers zero through nine
+      -9,-9,-9,                                   // Decimal 58 - 60
+      -1,                                         // Equals sign at decimal 61
+      -9,-9,-9,                                   // Decimal 62 - 64
+      0,1,2,3,4,5,6,7,8,9,10,11,12,13,            // Letters 'A' through 'N'
+      14,15,16,17,18,19,20,21,22,23,24,25,        // Letters 'O' through 'Z'
+      -9,-9,-9,-9,                                // Decimal 91 - 94
+      63,                                         // Underscore at decimal 95
+      -9,                                         // Decimal 96
+      26,27,28,29,30,31,32,33,34,35,36,37,38,     // Letters 'a' through 'm'
+      39,40,41,42,43,44,45,46,47,48,49,50,51,     // Letters 'n' through 'z'
+      -9,-9,-9,-9                                 // Decimal 123 - 126
+      /*,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 127 - 139
+      -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 140 - 152
+      -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 153 - 165
+      -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 166 - 178
+      -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 179 - 191
+      -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 192 - 204
+      -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 205 - 217
+      -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 218 - 230
+      -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 231 - 243
+      -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9         // Decimal 244 - 255 */
+    };
+
+
+
+/* ********  O R D E R E D   B A S E 6 4   A L P H A B E T  ******** */
+
+	/**
+	 * I don't get the point of this technique, but it is described here:
+	 * <a href="http://www.faqs.org/qa/rfcc-1940.html">http://www.faqs.org/qa/rfcc-1940.html</a>.
+	 */
+    private final static byte[] _ORDERED_ALPHABET =
+    {
+      (byte)'-',
+      (byte)'0', (byte)'1', (byte)'2', (byte)'3', (byte)'4',
+      (byte)'5', (byte)'6', (byte)'7', (byte)'8', (byte)'9',
+      (byte)'A', (byte)'B', (byte)'C', (byte)'D', (byte)'E', (byte)'F', (byte)'G',
+      (byte)'H', (byte)'I', (byte)'J', (byte)'K', (byte)'L', (byte)'M', (byte)'N',
+      (byte)'O', (byte)'P', (byte)'Q', (byte)'R', (byte)'S', (byte)'T', (byte)'U',
+      (byte)'V', (byte)'W', (byte)'X', (byte)'Y', (byte)'Z',
+      (byte)'_',
+      (byte)'a', (byte)'b', (byte)'c', (byte)'d', (byte)'e', (byte)'f', (byte)'g',
+      (byte)'h', (byte)'i', (byte)'j', (byte)'k', (byte)'l', (byte)'m', (byte)'n',
+      (byte)'o', (byte)'p', (byte)'q', (byte)'r', (byte)'s', (byte)'t', (byte)'u',
+      (byte)'v', (byte)'w', (byte)'x', (byte)'y', (byte)'z'
+    };
+	
+	/**
+	 * Used in decoding the "ordered" dialect of Base64.
+	 */
+    private final static byte[] _ORDERED_DECODABET =
+    {   
+      -9,-9,-9,-9,-9,-9,-9,-9,-9,                 // Decimal  0 -  8
+      -5,-5,                                      // Whitespace: Tab and Linefeed
+      -9,-9,                                      // Decimal 11 - 12
+      -5,                                         // Whitespace: Carriage Return
+      -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 14 - 26
+      -9,-9,-9,-9,-9,                             // Decimal 27 - 31
+      -5,                                         // Whitespace: Space
+      -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,              // Decimal 33 - 42
+      -9,                                         // Plus sign at decimal 43
+      -9,                                         // Decimal 44
+      0,                                          // Minus sign at decimal 45
+      -9,                                         // Decimal 46
+      -9,                                         // Slash at decimal 47
+      1,2,3,4,5,6,7,8,9,10,                       // Numbers zero through nine
+      -9,-9,-9,                                   // Decimal 58 - 60
+      -1,                                         // Equals sign at decimal 61
+      -9,-9,-9,                                   // Decimal 62 - 64
+      11,12,13,14,15,16,17,18,19,20,21,22,23,     // Letters 'A' through 'M'
+      24,25,26,27,28,29,30,31,32,33,34,35,36,     // Letters 'N' through 'Z'
+      -9,-9,-9,-9,                                // Decimal 91 - 94
+      37,                                         // Underscore at decimal 95
+      -9,                                         // Decimal 96
+      38,39,40,41,42,43,44,45,46,47,48,49,50,     // Letters 'a' through 'm'
+      51,52,53,54,55,56,57,58,59,60,61,62,63,     // Letters 'n' through 'z'
+      -9,-9,-9,-9                                 // Decimal 123 - 126
+      /*,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 127 - 139
+        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 140 - 152
+        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 153 - 165
+        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 166 - 178
+        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 179 - 191
+        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 192 - 204
+        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 205 - 217
+        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 218 - 230
+        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 231 - 243
+        -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9         // Decimal 244 - 255 */
+    };
+
+	
+/* ********  D E T E R M I N E   W H I C H   A L H A B E T  ******** */
+
+
+	/**
+	 * Returns one of the _SOMETHING_ALPHABET byte arrays depending on
+	 * the options specified.
+	 * It's possible, though silly, to specify ORDERED and URLSAFE
+	 * in which case one of them will be picked, though there is
+	 * no guarantee as to which one will be picked.
+	 */
+	private final static byte[] getAlphabet( int options )
+	{
+		if( (options & URL_SAFE) == URL_SAFE ) return _URL_SAFE_ALPHABET;
+		else if( (options & ORDERED) == ORDERED ) return _ORDERED_ALPHABET;
+		else return _STANDARD_ALPHABET;
+		
+	}	// end getAlphabet
+	
+	
+	/**
+	 * Returns one of the _SOMETHING_DECODABET byte arrays depending on
+	 * the options specified.
+	 * It's possible, though silly, to specify ORDERED and URL_SAFE
+	 * in which case one of them will be picked, though there is
+	 * no guarantee as to which one will be picked.
+	 */
+	private final static byte[] getDecodabet( int options )
+	{
+		if( (options & URL_SAFE) == URL_SAFE ) return _URL_SAFE_DECODABET;
+		else if( (options & ORDERED) == ORDERED ) return _ORDERED_DECODABET;
+		else return _STANDARD_DECODABET;
+		
+	}	// end getAlphabet
+        
+
+    
+    /** Defeats instantiation. */
+    private Base64(){}
+    
+
+    /**
+     * Encodes or decodes two files from the command line;
+     * <strong>feel free to delete this method (in fact you probably should)
+     * if you're embedding this code into a larger program</strong>.
+     * @param args
+     */
+    public final static void main( String[] args )
+    {
+        if( args.length < 3 ){
+            usage("Not enough arguments.");
+        }   // end if: args.length < 3
+        else {
+            String flag = args[0];
+            String infile = args[1];
+            String outfile = args[2];
+            if( flag.equals( "-e" ) ){
+                Base64.encodeFileToFile( infile, outfile );
+            }   // end if: encode
+            else if( flag.equals( "-d" ) ) {
+                Base64.decodeFileToFile( infile, outfile );
+            }   // end else if: decode    
+            else {
+                usage( "Unknown flag: " + flag );
+            }   // end else    
+        }   // end else
+    }   // end main
+
+    /**
+     * Prints command line usage.
+     *
+     * @param msg A message to include with usage info.
+     */
+    private final static void usage( String msg )
+    {
+        System.err.println( msg );
+        System.err.println( "Usage: java Base64 -e|-d inputfile outputfile" );
+    }   // end usage
+    
+    
+/* ********  E N C O D I N G   M E T H O D S  ******** */    
+    
+    
+    /**
+     * Encodes up to the first three bytes of array <var>threeBytes</var>
+     * and returns a four-byte array in Base64 notation.
+     * The actual number of significant bytes in your array is
+     * given by <var>numSigBytes</var>.
+     * The array <var>threeBytes</var> needs only be as big as
+     * <var>numSigBytes</var>.
+     * Code can reuse a byte array by passing a four-byte array as <var>b4</var>.
+     *
+     * @param b4 A reusable byte array to reduce array instantiation
+     * @param threeBytes the array to convert
+     * @param numSigBytes the number of significant bytes in your array
+     * @return four byte array in Base64 notation.
+     * @since 1.5.1
+     */
+    private static byte[] encode3to4( byte[] b4, byte[] threeBytes, int numSigBytes, int options )
+    {
+        encode3to4( threeBytes, 0, numSigBytes, b4, 0, options );
+        return b4;
+    }   // end encode3to4
+
+    
+    /**
+     * <p>Encodes up to three bytes of the array <var>source</var>
+     * and writes the resulting four Base64 bytes to <var>destination</var>.
+     * The source and destination arrays can be manipulated
+     * anywhere along their length by specifying 
+     * <var>srcOffset</var> and <var>destOffset</var>.
+     * This method does not check to make sure your arrays
+     * are large enough to accomodate <var>srcOffset</var> + 3 for
+     * the <var>source</var> array or <var>destOffset</var> + 4 for
+     * the <var>destination</var> array.
+     * The actual number of significant bytes in your array is
+     * given by <var>numSigBytes</var>.</p>
+	 * <p>This is the lowest level of the encoding methods with
+	 * all possible parameters.</p>
+     *
+     * @param source the array to convert
+     * @param srcOffset the index where conversion begins
+     * @param numSigBytes the number of significant bytes in your array
+     * @param destination the array to hold the conversion
+     * @param destOffset the index where output will be put
+     * @return the <var>destination</var> array
+     * @since 1.3
+     */
+    private static byte[] encode3to4( 
+     byte[] source, int srcOffset, int numSigBytes,
+     byte[] destination, int destOffset, int options )
+    {
+		byte[] ALPHABET = getAlphabet( options ); 
+	
+        //           1         2         3  
+        // 01234567890123456789012345678901 Bit position
+        // --------000000001111111122222222 Array position from threeBytes
+        // --------|    ||    ||    ||    | Six bit groups to index ALPHABET
+        //          >>18  >>12  >> 6  >> 0  Right shift necessary
+        //                0x3f  0x3f  0x3f  Additional AND
+        
+        // Create buffer with zero-padding if there are only one or two
+        // significant bytes passed in the array.
+        // We have to shift left 24 in order to flush out the 1's that appear
+        // when Java treats a value as negative that is cast from a byte to an int.
+        int inBuff =   ( numSigBytes > 0 ? ((source[ srcOffset     ] << 24) >>>  8) : 0 )
+                     | ( numSigBytes > 1 ? ((source[ srcOffset + 1 ] << 24) >>> 16) : 0 )
+                     | ( numSigBytes > 2 ? ((source[ srcOffset + 2 ] << 24) >>> 24) : 0 );
+
+        switch( numSigBytes )
+        {
+            case 3:
+                destination[ destOffset     ] = ALPHABET[ (inBuff >>> 18)        ];
+                destination[ destOffset + 1 ] = ALPHABET[ (inBuff >>> 12) & 0x3f ];
+                destination[ destOffset + 2 ] = ALPHABET[ (inBuff >>>  6) & 0x3f ];
+                destination[ destOffset + 3 ] = ALPHABET[ (inBuff       ) & 0x3f ];
+                return destination;
+                
+            case 2:
+                destination[ destOffset     ] = ALPHABET[ (inBuff >>> 18)        ];
+                destination[ destOffset + 1 ] = ALPHABET[ (inBuff >>> 12) & 0x3f ];
+                destination[ destOffset + 2 ] = ALPHABET[ (inBuff >>>  6) & 0x3f ];
+                destination[ destOffset + 3 ] = EQUALS_SIGN;
+                return destination;
+                
+            case 1:
+                destination[ destOffset     ] = ALPHABET[ (inBuff >>> 18)        ];
+                destination[ destOffset + 1 ] = ALPHABET[ (inBuff >>> 12) & 0x3f ];
+                destination[ destOffset + 2 ] = EQUALS_SIGN;
+                destination[ destOffset + 3 ] = EQUALS_SIGN;
+                return destination;
+                
+            default:
+                return destination;
+        }   // end switch
+    }   // end encode3to4
+    
+    
+    
+    /**
+     * Serializes an object and returns the Base64-encoded
+     * version of that serialized object. If the object
+     * cannot be serialized or there is another error,
+     * the method will return <tt>null</tt>.
+     * The object is not GZip-compressed before being encoded.
+     *
+     * @param serializableObject The object to encode
+     * @return The Base64-encoded object
+     * @since 1.4
+     */
+    public static String encodeObject( java.io.Serializable serializableObject )
+    {
+        return encodeObject( serializableObject, NO_OPTIONS );
+    }   // end encodeObject
+    
+
+
+    /**
+     * Serializes an object and returns the Base64-encoded
+     * version of that serialized object. If the object
+     * cannot be serialized or there is another error,
+     * the method will return <tt>null</tt>.
+     * <p>
+     * Valid options:<pre>
+     *   GZIP: gzip-compresses object before encoding it.
+     *   DONT_BREAK_LINES: don't break lines at 76 characters
+     *     <i>Note: Technically, this makes your encoding non-compliant.</i>
+     * </pre>
+     * <p>
+     * Example: <code>encodeObject( myObj, Base64.GZIP )</code> or
+     * <p>
+     * Example: <code>encodeObject( myObj, Base64.GZIP | Base64.DONT_BREAK_LINES )</code>
+     *
+     * @param serializableObject The object to encode
+     * @param options Specified options
+     * @return The Base64-encoded object
+     * @see Base64#GZIP
+     * @see Base64#DONT_BREAK_LINES
+     * @since 2.0
+     */
+    public static String encodeObject( java.io.Serializable serializableObject, int options )
+    {
+        // Streams
+        java.io.ByteArrayOutputStream  baos  = null; 
+        java.io.OutputStream           b64os = null; 
+        java.io.ObjectOutputStream     oos   = null; 
+        java.util.zip.GZIPOutputStream gzos  = null;
+        
+        // Isolate options
+        int gzip           = (options & GZIP);
+        //int dontBreakLines = (options & DONT_BREAK_LINES);
+        
+        try
+        {
+            // ObjectOutputStream -> (GZIP) -> Base64 -> ByteArrayOutputStream
+            baos  = new java.io.ByteArrayOutputStream();
+            b64os = new Base64.OutputStream( baos, ENCODE | options );
+    
+            // GZip?
+            if( gzip == GZIP )
+            {
+                gzos = new java.util.zip.GZIPOutputStream( b64os );
+                oos  = new java.io.ObjectOutputStream( gzos );
+            }   // end if: gzip
+            else
+                oos   = new java.io.ObjectOutputStream( b64os );
+            
+            oos.writeObject( serializableObject );
+        }   // end try
+        catch( java.io.IOException e )
+        {
+            logger.error( Logger.SECURITY_FAILURE, "Problem writing object", e );
+            return null;
+        }   // end catch
+        finally
+        {
+            try{ oos.close();   } catch( Exception e ){}
+            try{ gzos.close();  } catch( Exception e ){}
+            try{ b64os.close(); } catch( Exception e ){}
+            try{ baos.close();  } catch( Exception e ){}
+        }   // end finally
+        
+        // Return value according to relevant encoding.
+        try 
+        {
+            return new String( baos.toByteArray(), PREFERRED_ENCODING );
+        }   // end try
+        catch (java.io.UnsupportedEncodingException uue)
+        {
+            return new String( baos.toByteArray() );
+        }   // end catch
+        
+    }   // end encode
+    
+    
+
+    /**
+     * Encodes a byte array into Base64 notation.
+     * Does not GZip-compress data.
+     *
+     * @param source The data to convert
+     * @return The Base64-encoded resulting string
+     * @since 1.4
+     */
+    public static String encodeBytes( byte[] source )
+    {
+        return encodeBytes( source, 0, source.length, NO_OPTIONS );
+    }   // end encodeBytes
+    
+
+
+    /**
+     * Encodes a byte array into Base64 notation.
+     * <p>
+     * Valid options:<pre>
+     *   GZIP: gzip-compresses object before encoding it.
+     *   DONT_BREAK_LINES: don't break lines at 76 characters
+     *     <i>Note: Technically, this makes your encoding non-compliant.</i>
+     * </pre>
+     * <p>
+     * Example: <code>encodeBytes( myData, Base64.GZIP )</code> or
+     * <p>
+     * Example: <code>encodeBytes( myData, Base64.GZIP | Base64.DONT_BREAK_LINES )</code>
+     *
+     *
+     * @param source The data to convert
+     * @param options Specified options
+     * @return The Base64-encoded resulting string
+     * @see Base64#GZIP
+     * @see Base64#DONT_BREAK_LINES
+     * @since 2.0
+     */
+    public static String encodeBytes( byte[] source, int options )
+    {   
+        return encodeBytes( source, 0, source.length, options );
+    }   // end encodeBytes
+    
+    
+    /**
+     * Encodes a byte array into Base64 notation.
+     * Does not GZip-compress data.
+     *
+     * @param source The data to convert
+     * @param off Offset in array where conversion should begin
+     * @param len Length of data to convert
+     * @return The Base64-encoded resulting string
+     * @since 1.4
+     */
+    public static String encodeBytes( byte[] source, int off, int len )
+    {
+        return encodeBytes( source, off, len, NO_OPTIONS );
+    }   // end encodeBytes
+    
+    
+
+    /**
+     * Encodes a byte array into Base64 notation.
+     * <p>
+     * Valid options:<pre>
+     *   GZIP: gzip-compresses object before encoding it.
+     *   DONT_BREAK_LINES: don't break lines at 76 characters
+     *     <i>Note: Technically, this makes your encoding non-compliant.</i>
+     * </pre>
+     * <p>
+     * Example: <code>encodeBytes( myData, Base64.GZIP )</code> or
+     * <p>
+     * Example: <code>encodeBytes( myData, Base64.GZIP | Base64.DONT_BREAK_LINES )</code>
+     *
+     *
+     * @param source The data to convert
+     * @param off Offset in array where conversion should begin
+     * @param len Length of data to convert
+     * @param options alphabet type is pulled from this (standard, url-safe, ordered)
+     * @return The Base64-encoded resulting string
+     * @see Base64#GZIP
+     * @see Base64#DONT_BREAK_LINES
+     * @since 2.0
+     */
+    public static String encodeBytes( byte[] source, int off, int len, int options )
+    {
+        // Isolate options
+        int dontBreakLines = ( options & DONT_BREAK_LINES );
+        int gzip           = ( options & GZIP   );
+        
+        // Compress?
+        if( gzip == GZIP )
+        {
+            java.io.ByteArrayOutputStream  baos  = null;
+            java.util.zip.GZIPOutputStream gzos  = null;
+            Base64.OutputStream            b64os = null;
+            
+    
+            try
+            {
+                // GZip -> Base64 -> ByteArray
+                baos = new java.io.ByteArrayOutputStream();
+                b64os = new Base64.OutputStream( baos, ENCODE | options );
+                gzos  = new java.util.zip.GZIPOutputStream( b64os ); 
+            
+                gzos.write( source, off, len );
+                gzos.close();
+            }   // end try
+            catch( java.io.IOException e )
+            {
+                logger.error( Logger.SECURITY_FAILURE, "Problem writing gzip stream", e );
+                return null;
+            }   // end catch
+            finally
+            {
+                try{ gzos.close();  } catch( Exception e ){}
+                try{ b64os.close(); } catch( Exception e ){}
+                try{ baos.close();  } catch( Exception e ){}
+            }   // end finally
+
+            // Return value according to relevant encoding.
+            try
+            {
+                return new String( baos.toByteArray(), PREFERRED_ENCODING );
+            }   // end try
+            catch (java.io.UnsupportedEncodingException uue)
+            {
+                return new String( baos.toByteArray() );
+            }   // end catch
+        }   // end if: compress
+        
+        // Else, don't compress. Better not to use streams at all then.
+        else
+        {
+            // Convert option to boolean in way that code likes it.
+            boolean breakLines = dontBreakLines == 0;
+            
+            int    len43   = len * 4 / 3;
+            byte[] outBuff = new byte[   ( len43 )                      // Main 4:3
+                                       + ( (len % 3) > 0 ? 4 : 0 )      // Account for padding
+                                       + (breakLines ? ( len43 / MAX_LINE_LENGTH ) : 0) ]; // New lines      
+            int d = 0;
+            int e = 0;
+            int len2 = len - 2;
+            int lineLength = 0;
+            for( ; d < len2; d+=3, e+=4 )
+            {
+                encode3to4( source, d+off, 3, outBuff, e, options );
+
+                lineLength += 4;
+                if( breakLines && lineLength == MAX_LINE_LENGTH )
+                {   
+                    outBuff[e+4] = NEW_LINE;
+                    e++;
+                    lineLength = 0;
+                }   // end if: end of line
+            }   // en dfor: each piece of array
+
+            if( d < len )
+            {
+                encode3to4( source, d+off, len - d, outBuff, e, options );
+                e += 4;
+            }   // end if: some padding needed
+
+            
+            // Return value according to relevant encoding.
+            try
+            {
+                return new String( outBuff, 0, e, PREFERRED_ENCODING );
+            }   // end try
+            catch (java.io.UnsupportedEncodingException uue)
+            {
+                return new String( outBuff, 0, e );
+            }   // end catch
+            
+        }   // end else: don't compress
+        
+    }   // end encodeBytes
+    
+
+    
+    
+    
+/* ********  D E C O D I N G   M E T H O D S  ******** */
+    
+    
+    /**
+     * Decodes four bytes from array <var>source</var>
+     * and writes the resulting bytes (up to three of them)
+     * to <var>destination</var>.
+     * The source and destination arrays can be manipulated
+     * anywhere along their length by specifying 
+     * <var>srcOffset</var> and <var>destOffset</var>.
+     * This method does not check to make sure your arrays
+     * are large enough to accomodate <var>srcOffset</var> + 4 for
+     * the <var>source</var> array or <var>destOffset</var> + 3 for
+     * the <var>destination</var> array.
+     * This method returns the actual number of bytes that 
+     * were converted from the Base64 encoding.
+	 * <p>This is the lowest level of the decoding methods with
+	 * all possible parameters.</p>
+     * 
+     *
+     * @param source the array to convert
+     * @param srcOffset the index where conversion begins
+     * @param destination the array to hold the conversion
+     * @param destOffset the index where output will be put
+	 * @param options alphabet type is pulled from this (standard, url-safe, ordered)
+     * @return the number of decoded bytes converted
+     * @since 1.3
+     */
+    private static int decode4to3( byte[] source, int srcOffset, byte[] destination, int destOffset, int options )
+    {
+		byte[] DECODABET = getDecodabet( options ); 
+	
+        // Example: Dk==
+        if( source[ srcOffset + 2] == EQUALS_SIGN )
+        {
+            // Two ways to do the same thing. Don't know which way I like best.
+            //int outBuff =   ( ( DECODABET[ source[ srcOffset    ] ] << 24 ) >>>  6 )
+            //              | ( ( DECODABET[ source[ srcOffset + 1] ] << 24 ) >>> 12 );
+            int outBuff =   ( ( DECODABET[ source[ srcOffset    ] ] & 0xFF ) << 18 )
+                          | ( ( DECODABET[ source[ srcOffset + 1] ] & 0xFF ) << 12 );
+            
+            destination[ destOffset ] = (byte)( outBuff >>> 16 );
+            return 1;
+        }
+        
+        // Example: DkL=
+        else if( source[ srcOffset + 3 ] == EQUALS_SIGN )
+        {
+            // Two ways to do the same thing. Don't know which way I like best.
+            //int outBuff =   ( ( DECODABET[ source[ srcOffset     ] ] << 24 ) >>>  6 )
+            //              | ( ( DECODABET[ source[ srcOffset + 1 ] ] << 24 ) >>> 12 )
+            //              | ( ( DECODABET[ source[ srcOffset + 2 ] ] << 24 ) >>> 18 );
+            int outBuff =   ( ( DECODABET[ source[ srcOffset     ] ] & 0xFF ) << 18 )
+                          | ( ( DECODABET[ source[ srcOffset + 1 ] ] & 0xFF ) << 12 )
+                          | ( ( DECODABET[ source[ srcOffset + 2 ] ] & 0xFF ) <<  6 );
+            
+            destination[ destOffset     ] = (byte)( outBuff >>> 16 );
+            destination[ destOffset + 1 ] = (byte)( outBuff >>>  8 );
+            return 2;
+        }
+        
+        // Example: DkLE
+        else
+        {
+            try{
+            // Two ways to do the same thing. Don't know which way I like best.
+            //int outBuff =   ( ( DECODABET[ source[ srcOffset     ] ] << 24 ) >>>  6 )
+            //              | ( ( DECODABET[ source[ srcOffset + 1 ] ] << 24 ) >>> 12 )
+            //              | ( ( DECODABET[ source[ srcOffset + 2 ] ] << 24 ) >>> 18 )
+            //              | ( ( DECODABET[ source[ srcOffset + 3 ] ] << 24 ) >>> 24 );
+            int outBuff =   ( ( DECODABET[ source[ srcOffset     ] ] & 0xFF ) << 18 )
+                          | ( ( DECODABET[ source[ srcOffset + 1 ] ] & 0xFF ) << 12 )
+                          | ( ( DECODABET[ source[ srcOffset + 2 ] ] & 0xFF ) <<  6)
+                          | ( ( DECODABET[ source[ srcOffset + 3 ] ] & 0xFF )      );
+
+            
+            destination[ destOffset     ] = (byte)( outBuff >> 16 );
+            destination[ destOffset + 1 ] = (byte)( outBuff >>  8 );
+            destination[ destOffset + 2 ] = (byte)( outBuff       );
+
+            return 3;
+            }catch( Exception e){
+            	
+        // Remove these after checking -- for context only.
+                // logger.error( Logger.SECURITY_FAILURE, "Problem writing object", e );
+                // logger.error( Logger.SECURITY_FAILURE, ""+source[srcOffset]+ ": " + ( DECODABET[ source[ srcOffset     ] ]  ) );
+                // logger.error( Logger.SECURITY_FAILURE, ""+source[srcOffset+1]+  ": " + ( DECODABET[ source[ srcOffset + 1 ] ]  ) );
+                // logger.error( Logger.SECURITY_FAILURE, ""+source[srcOffset+2]+  ": " + ( DECODABET[ source[ srcOffset + 2 ] ]  ) );
+                // logger.error( Logger.SECURITY_FAILURE, ""+source[srcOffset+3]+  ": " + ( DECODABET[ source[ srcOffset + 3 ] ]  ) );
+            	
+            	// CHECKME: I replaced the 5 separate logger.error() calls above with a single logger.error() call so they can't
+            	// become interleaved with other log entries from other threads. Normally this would have placed log entries
+            	// on separate lines, so I also added line terminators here as well. (Probably don't want it all on one single
+            	// really long log entry, do we?) Anyhow, somebody should check the formatting to ensure that it's
+            	// esthetically pleasing, etc. But this works for me. I'm also OK if you want to remove all the line terminators
+            	// in which case the declaration for EOL should be removed as well.		- Kevin Wall
+                
+                StringBuilder sb = new StringBuilder("Problem writing object:");
+                sb.append(EOL);
+                sb.append( source[srcOffset]   ).append(": ").append( ( DECODABET[ source[ srcOffset     ] ]  ) ).append(EOL);
+                sb.append( source[srcOffset+1] ).append(": ").append( ( DECODABET[ source[ srcOffset + 1 ] ]  ) ).append(EOL);
+                sb.append( source[srcOffset+2] ).append(": ").append( ( DECODABET[ source[ srcOffset + 2 ] ]  ) ).append(EOL);
+                sb.append( source[srcOffset+3] ).append(": ").append( ( DECODABET[ source[ srcOffset + 3 ] ]  ) ).append(EOL);
+                
+                logger.error( Logger.SECURITY_FAILURE, sb.toString(), e );
+                return -1;
+            }   // end catch
+        }
+    }   // end decodeToBytes
+    
+    
+    
+    
+    /**
+     * Very low-level access to decoding ASCII characters in
+     * the form of a byte array. Does not support automatically
+     * gunzipping or any other "fancy" features.
+     *
+     * @param source The Base64 encoded data
+     * @param off    The offset of where to begin decoding
+     * @param len    The length of characters to decode
+     * @param options
+     * @return decoded data
+     * @since 1.3
+     */
+    public static byte[] decode( byte[] source, int off, int len, int options )
+    {
+		byte[] DECODABET = getDecodabet( options );
+	
+        int    len34   = len * 3 / 4;
+        byte[] outBuff = new byte[ len34 ]; // Upper limit on size of output
+        int    outBuffPosn = 0;
+        
+        byte[] b4        = new byte[4];
+        int    b4Posn    = 0;
+        int    i         = 0;
+        byte   sbiCrop   = 0;
+        byte   sbiDecode = 0;
+        for( i = off; i < off+len; i++ )
+        {
+            sbiCrop = (byte)(source[i] & 0x7f); // Only the low seven bits
+            sbiDecode = DECODABET[ sbiCrop ];
+            
+            if( sbiDecode >= WHITE_SPACE_ENC ) // White space, Equals sign or better
+            {
+                if( sbiDecode >= EQUALS_SIGN_ENC )
+                {
+                    b4[ b4Posn++ ] = sbiCrop;
+                    if( b4Posn > 3 )
+                    {
+                        outBuffPosn += decode4to3( b4, 0, outBuff, outBuffPosn, options );
+                        b4Posn = 0;
+                        
+                        // If that was the equals sign, break out of 'for' loop
+                        if( sbiCrop == EQUALS_SIGN )
+                            break;
+                    }   // end if: quartet built
+                    
+                }   // end if: equals sign or better
+                
+            }   // end if: white space, equals sign or better
+            else
+            {
+            	logger.error( Logger.SECURITY_FAILURE, "Bad Base64 input character at " + i + ": " + source[i] + "(decimal)" );
+                return null;
+            }   // end else: 
+        }   // each input character
+                                   
+        byte[] out = new byte[ outBuffPosn ];
+        System.arraycopy( outBuff, 0, out, 0, outBuffPosn ); 
+        return out;
+    }   // end decode
+    
+    
+	
+	
+    /**
+     * Decodes data from Base64 notation, automatically
+     * detecting gzip-compressed data and decompressing it.
+     *
+     * @param s the string to decode
+     * @return the decoded data
+     * @since 1.4
+     */
+    public static byte[] decode( String s )
+	{
+		return decode( s, NO_OPTIONS );
+	}
+    
+    
+    /**
+     * Decodes data from Base64 notation, automatically
+     * detecting gzip-compressed data and decompressing it.
+     *
+     * @param s the string to decode
+	 * @param options encode options such as URL_SAFE
+     * @return the decoded data
+     * @since 1.4
+     */
+    public static byte[] decode( String s, int options )
+    {   
+        byte[] bytes;
+        try
+        {
+            bytes = s.getBytes( PREFERRED_ENCODING );
+        }
+        catch( java.io.UnsupportedEncodingException uee )
+        {
+            bytes = s.getBytes();	// Uses native encoding
+            // CHECKME: Is this correct? I think it should be a warning instead of an error since nothing
+            // is re-thrown. I do think that *some* sort of logging is in order here  especially since UTF-8 should
+            // always be available on all platforms. If it's not, then all bets are off on your runtime env. - Kevin Wall
+            logger.warning( Logger.SECURITY_FAILURE, "Problem decoding string using " +
+            			  PREFERRED_ENCODING + "; substituting native platform encoding instead", uee );
+        }
+        
+        // Decode
+        bytes = decode( bytes, 0, bytes.length, options );
+        
+        
+        // Check to see if it's gzip-compressed
+        // GZIP Magic Two-Byte Number: 0x8b1f (35615)
+        if( bytes != null && bytes.length >= 4 )
+        {
+            
+            int head = ((int)bytes[0] & 0xff) | ((bytes[1] << 8) & 0xff00);       
+            if( java.util.zip.GZIPInputStream.GZIP_MAGIC == head ) 
+            {
+                java.io.ByteArrayInputStream  bais = null;
+                java.util.zip.GZIPInputStream gzis = null;
+                java.io.ByteArrayOutputStream baos = null;
+                byte[] buffer = new byte[2048];
+                int    length = 0;
+
+                try
+                {
+                    baos = new java.io.ByteArrayOutputStream();
+                    bais = new java.io.ByteArrayInputStream( bytes );
+                    gzis = new java.util.zip.GZIPInputStream( bais );
+
+                    while( ( length = gzis.read( buffer ) ) >= 0 )
+                    {
+                        baos.write(buffer,0,length);
+                    }   // end while: reading input
+
+                    // No error? Get new bytes.
+                    bytes = baos.toByteArray();
+
+                }   // end try
+                catch( java.io.IOException e )
+                {
+                    // Just return originally-decoded bytes
+                }   // end catch
+                finally
+                {
+                    try{ baos.close(); } catch( Exception e ){}
+                    try{ gzis.close(); } catch( Exception e ){}
+                    try{ bais.close(); } catch( Exception e ){}
+                }   // end finally
+
+            }   // end if: gzipped
+        }   // end if: bytes.length >= 2
+        
+        return bytes;
+    }   // end decode
+
+
+    
+
+    /**
+     * Attempts to decode Base64 data and deserialize a Java
+     * Object within. Returns <tt>null</tt> if there was an error.
+     *
+     * <p>
+     * <b>WARNING:</b> Using this method to decode non-validated /
+     *      untrusted data from a string and deserialize it into
+     *      an object can potentially result in remote command
+     *      injection vulnerabilities. Use at your own risk!
+     * </p>
+     *
+     * @param encodedObject The Base64 data to decode
+     * @return The decoded and deserialized object
+     * @since 1.5
+     *
+     * @deprecated  Because of security issues, this method will be
+     *      removed from ESAPI in a future release and no substitute
+     *      is planned. Because as of JDK 8 (in 1Q2016) there is
+     *      currently no way to restrict which objects
+     *      <code>ObjectInputStream.readObject()</code>
+     *      may safely deserialize in the general case. Oracle
+     *      may decide to address this deficiency in a future Java
+     *      release, but until they do, there is no <i>simple</i> way for
+     *      a general class library like ESAPI to address this.
+     */
+    @Deprecated
+    public static Object decodeToObject( String encodedObject )
+    {
+        // Decode and gunzip if necessary
+        byte[] objBytes = decode( encodedObject );
+        
+        java.io.ByteArrayInputStream  bais = null;
+        java.io.ObjectInputStream     ois  = null;
+        Object obj = null;
+        
+        try
+        {
+            bais = new java.io.ByteArrayInputStream( objBytes );
+            ois  = new java.io.ObjectInputStream( bais );
+        
+            obj = ois.readObject();
+        }   // end try
+        catch( java.io.IOException e )
+        {
+            logger.error( Logger.SECURITY_FAILURE, "Problem reading object", e );
+            obj = null;
+        }   // end catch
+        catch( java.lang.ClassNotFoundException e )
+        {
+            logger.error( Logger.SECURITY_FAILURE, "Problem reading object", e );
+            obj = null;
+        }   // end catch
+        finally
+        {
+            try{ bais.close(); } catch( Exception e ){}
+            try{ ois.close();  } catch( Exception e ){}
+        }   // end finally
+        
+        return obj;
+    }   // end decodeObject
+    
+    
+    
+    /**
+     * Convenience method for encoding data to a file.
+     *
+     * @param dataToEncode byte array of data to encode in base64 form
+     * @param filename Filename for saving encoded data
+     * @return <tt>true</tt> if successful, <tt>false</tt> otherwise
+     *
+     * @since 2.1
+     */
+    public static boolean encodeToFile( byte[] dataToEncode, String filename )
+    {
+        boolean success = false;
+        Base64.OutputStream bos = null;
+        try
+        {
+            bos = new Base64.OutputStream( 
+                      new java.io.FileOutputStream( filename ), Base64.ENCODE );
+            bos.write( dataToEncode );
+            success = true;
+        }   // end try
+        catch( java.io.IOException e )
+        {
+            
+            success = false;
+        }   // end catch: IOException
+        finally
+        {
+            try{ bos.close(); } catch( Exception e ){}
+        }   // end finally
+        
+        return success;
+    }   // end encodeToFile
+    
+    
+    /**
+     * Convenience method for decoding data to a file.
+     *
+     * @param dataToDecode Base64-encoded data as a string
+     * @param filename Filename for saving decoded data
+     * @return <tt>true</tt> if successful, <tt>false</tt> otherwise
+     *
+     * @since 2.1
+     */
+    public static boolean decodeToFile( String dataToDecode, String filename )
+    {
+        boolean success = false;
+        Base64.OutputStream bos = null;
+        try
+        {
+                bos = new Base64.OutputStream( 
+                          new java.io.FileOutputStream( filename ), Base64.DECODE );
+                bos.write( dataToDecode.getBytes( PREFERRED_ENCODING ) );
+                success = true;
+        }   // end try
+        catch( java.io.IOException e )
+        {
+            success = false;
+        }   // end catch: IOException
+        finally
+        {
+                try{ bos.close(); } catch( Exception e ){}
+        }   // end finally
+        
+        return success;
+    }   // end decodeToFile
+    
+    
+    
+    
+    /**
+     * Convenience method for reading a base64-encoded
+     * file and decoding it.
+     *
+     * @param filename Filename for reading encoded data
+     * @return decoded byte array or null if unsuccessful
+     *
+     * @since 2.1
+     */
+    public static byte[] decodeFromFile( String filename )
+    {
+        byte[] decodedData = null;
+        Base64.InputStream bis = null;
+        try
+        {
+            // Set up some useful variables
+            java.io.File file = new java.io.File( filename );
+            byte[] buffer = null;
+            int length   = 0;
+            int numBytes = 0;
+            
+            // Check for size of file
+            if( file.length() > Integer.MAX_VALUE )
+            {
+                logger.error( Logger.SECURITY_FAILURE, "File is too big for this convenience method (" + file.length() + " bytes)." );
+                return null;
+            }   // end if: file too big for int index
+            buffer = new byte[ (int)file.length() ];
+            
+            // Open a stream
+            bis = new Base64.InputStream( 
+                      new java.io.BufferedInputStream( 
+                      new java.io.FileInputStream( file ) ), Base64.DECODE );
+            
+            // Read until done
+            while( ( numBytes = bis.read( buffer, length, 4096 ) ) >= 0 )
+                length += numBytes;
+            
+            // Save in a variable to return
+            decodedData = new byte[ length ];
+            System.arraycopy( buffer, 0, decodedData, 0, length );
+            
+        }   // end try
+        catch( java.io.IOException e )
+        {
+            logger.error( Logger.SECURITY_FAILURE, "Error decoding from file " + filename, e );
+        }   // end catch: IOException
+        finally
+        {
+            try{ if (bis != null ) bis.close(); } catch( Exception e) {}
+        }   // end finally
+        
+        return decodedData;
+    }   // end decodeFromFile
+    
+    
+    
+    /**
+     * Convenience method for reading a binary file
+     * and base64-encoding it.
+     *
+     * @param filename Filename for reading binary data
+     * @return base64-encoded string or null if unsuccessful
+     *
+     * @since 2.1
+     */
+    public static String encodeFromFile( String filename )
+    {
+        String encodedData = null;
+        Base64.InputStream bis = null;
+        try
+        {
+            // Set up some useful variables
+            java.io.File file = new java.io.File( filename );
+            byte[] buffer = new byte[ Math.max((int)(file.length() * 1.4),40) ]; // Need max() for math on small files (v2.2.1)
+            int length   = 0;
+            int numBytes = 0;
+            
+            // Open a stream
+            bis = new Base64.InputStream( 
+                      new java.io.BufferedInputStream( 
+                      new java.io.FileInputStream( file ) ), Base64.ENCODE );
+            
+            // Read until done
+            while( ( numBytes = bis.read( buffer, length, 4096 ) ) >= 0 )
+                length += numBytes;
+            
+            // Save in a variable to return
+            encodedData = new String( buffer, 0, length, Base64.PREFERRED_ENCODING );
+                
+        }   // end try
+        catch( java.io.IOException e )
+        {
+            logger.error( Logger.SECURITY_FAILURE, "Error encoding from file " + filename, e );
+        }   // end catch: IOException
+        finally
+        {
+            try{ bis.close(); } catch( Exception e) {}
+        }   // end finally
+        
+        return encodedData;
+        }   // end encodeFromFile
+    
+    
+    
+    
+    /**
+     * Reads <tt>infile</tt> and encodes it to <tt>outfile</tt>.
+     *
+     * @param infile Input file
+     * @param outfile Output file
+     * @return true if the operation is successful
+     * @since 2.2
+     */
+    public static boolean encodeFileToFile( String infile, String outfile )
+    {
+        boolean success = false;
+        java.io.InputStream in = null;
+        java.io.OutputStream out = null;
+        try{
+            in  = new Base64.InputStream( 
+                      new java.io.BufferedInputStream( 
+                      new java.io.FileInputStream( infile ) ), 
+                      Base64.ENCODE );
+            out = new java.io.BufferedOutputStream( new java.io.FileOutputStream( outfile ) );
+            byte[] buffer = new byte[65536]; // 64K
+            int read = -1;
+            while( ( read = in.read(buffer) ) >= 0 ){
+                out.write( buffer,0,read );
+            }   // end while: through file
+            success = true;
+        } catch( java.io.IOException exc ){
+            logger.error( Logger.SECURITY_FAILURE, "Problem encoding file to file", exc );
+        } finally{
+            try{ in.close();  } catch( Exception exc ){}
+            try{ out.close(); } catch( Exception exc ){}
+        }   // end finally
+        
+        return success;
+    }   // end encodeFileToFile
+    
+    
+    
+    /**
+     * Reads <tt>infile</tt> and decodes it to <tt>outfile</tt>.
+     *
+     * @param infile Input file
+     * @param outfile Output file
+     * @return true if the operation is successful
+     * @since 2.2
+     */
+    public static boolean decodeFileToFile( String infile, String outfile )
+    {
+        boolean success = false;
+        java.io.InputStream in = null;
+        java.io.OutputStream out = null;
+        try{
+            in  = new Base64.InputStream( 
+                      new java.io.BufferedInputStream( 
+                      new java.io.FileInputStream( infile ) ), 
+                      Base64.DECODE );
+            out = new java.io.BufferedOutputStream( new java.io.FileOutputStream( outfile ) );
+            byte[] buffer = new byte[65536]; // 64K
+            int read = -1;
+            while( ( read = in.read(buffer) ) >= 0 ){
+                out.write( buffer,0,read );
+            }   // end while: through file
+            success = true;
+        } catch( java.io.IOException exc ){
+            logger.error( Logger.SECURITY_FAILURE, "Problem decoding file to file", exc );
+        } finally{
+            try{ in.close();  } catch( Exception exc ){}
+            try{ out.close(); } catch( Exception exc ){}
+        }   // end finally
+        
+        return success;
+    }   // end decodeFileToFile
+    
+    
+    /* ********  I N N E R   C L A S S   I N P U T S T R E A M  ******** */
+    
+    
+    
+    /**
+     * A {@link Base64.InputStream} will read data from another
+     * <tt>java.io.InputStream</tt>, given in the constructor,
+     * and encode/decode to/from Base64 notation on the fly.
+     *
+     * @see Base64
+     * @since 1.3
+     */
+    public static class InputStream extends java.io.FilterInputStream
+    {
+        private boolean encode;         // Encoding or decoding
+        private int     position;       // Current position in the buffer
+        private byte[]  buffer;         // Small buffer holding converted data
+        private int     bufferLength;   // Length of buffer (3 or 4)
+        private int     numSigBytes;    // Number of meaningful bytes in the buffer
+        private int     lineLength;
+        private boolean breakLines;     // Break lines at less than 80 characters
+		private int     options;        // Record options used to create the stream.
+		private byte[]  decodabet;		// Local copies to avoid extra method calls
+        
+        
+        /**
+         * Constructs a {@link Base64.InputStream} in DECODE mode.
+         *
+         * @param in the <tt>java.io.InputStream</tt> from which to read data.
+         * @since 1.3
+         */
+        public InputStream( java.io.InputStream in )
+        {   
+            this( in, DECODE );
+        }   // end constructor
+        
+        
+        /**
+         * Constructs a {@link Base64.InputStream} in
+         * either ENCODE or DECODE mode.
+         * <p>
+         * Valid options:<pre>
+         *   ENCODE or DECODE: Encode or Decode as data is read.
+         *   DONT_BREAK_LINES: don't break lines at 76 characters
+         *     (only meaningful when encoding)
+         *     <i>Note: Technically, this makes your encoding non-compliant.</i>
+         * </pre>
+         * <p>
+         * Example: <code>new Base64.InputStream( in, Base64.DECODE )</code>
+         *
+         *
+         * @param in the <tt>java.io.InputStream</tt> from which to read data.
+         * @param options Specified options
+         * @see Base64#ENCODE
+         * @see Base64#DECODE
+         * @see Base64#DONT_BREAK_LINES
+         * @since 2.0
+         */
+        public InputStream( java.io.InputStream in, int options )
+        {   
+            super( in );
+            this.breakLines   = (options & DONT_BREAK_LINES) != DONT_BREAK_LINES;
+            this.encode       = (options & ENCODE) == ENCODE;
+            this.bufferLength = encode ? 4 : 3;
+            this.buffer       = new byte[ bufferLength ];
+            this.position     = -1;
+            this.lineLength   = 0;
+			this.options      = options; // Record for later, mostly to determine which alphabet to use
+			this.decodabet    = getDecodabet(options);
+        }   // end constructor
+        
+        /**
+         * Reads enough of the input stream to convert
+         * to/from Base64 and returns the next byte.
+         *
+         * @return next byte
+         * @throws java.io.IOException
+         * @since 1.3
+         */
+        public int read() throws java.io.IOException 
+        { 
+            // Do we need to get data?
+            if( position < 0 )
+            {
+                if( encode )
+                {
+                    byte[] b3 = new byte[3];
+                    int numBinaryBytes = 0;
+                    for( int i = 0; i < 3; i++ )
+                    {
+                        try
+                        { 
+                            int b = in.read();
+                            
+                            // If end of stream, b is -1.
+                            if( b >= 0 )
+                            {
+                                b3[i] = (byte)b;
+                                numBinaryBytes++;
+                            }   // end if: not end of stream
+                            
+                        }   // end try: read
+                        catch( java.io.IOException e )
+                        {   
+                            // Only a problem if we got no data at all.
+                            if( i == 0 )
+                                throw e;
+                            
+                        }   // end catch
+                    }   // end for: each needed input byte
+                    
+                    if( numBinaryBytes > 0 )
+                    {
+                        encode3to4( b3, 0, numBinaryBytes, buffer, 0, options );
+                        position = 0;
+                        numSigBytes = 4;
+                    }   // end if: got data
+                    else
+                    {
+                        return -1;
+                    }   // end else
+                }   // end if: encoding
+                
+                // Else decoding
+                else
+                {
+                    byte[] b4 = new byte[4];
+                    int i = 0;
+                    for( i = 0; i < 4; i++ )
+                    {
+                        // Read four "meaningful" bytes:
+                        int b = 0;
+                        do{ b = in.read(); }
+                        while( b >= 0 && decodabet[ b & 0x7f ] <= WHITE_SPACE_ENC );
+                        
+                        if( b < 0 )
+                            break; // Reads a -1 if end of stream
+                        
+                        b4[i] = (byte)b;
+                    }   // end for: each needed input byte
+                    
+                    if( i == 4 )
+                    {
+                        numSigBytes = decode4to3( b4, 0, buffer, 0, options );
+                        position = 0;
+                    }   // end if: got four characters
+                    else if( i == 0 ){
+                        return -1;
+                    }   // end else if: also padded correctly
+                    else
+                    {
+                        // Must have broken out from above.
+                        throw new java.io.IOException( "Improperly padded Base64 input." );
+                    }   // end 
+                    
+                }   // end else: decode
+            }   // end else: get data
+            
+            // Got data?
+            if( position >= 0 )
+            {
+                // End of relevant data?
+                if( /*!encode &&*/ position >= numSigBytes )
+                    return -1;
+                
+                if( encode && breakLines && lineLength >= MAX_LINE_LENGTH )
+                {
+                    lineLength = 0;
+                    return '\n';
+                }   // end if
+                else
+                {
+                    lineLength++;   // This isn't important when decoding
+                                    // but throwing an extra "if" seems
+                                    // just as wasteful.
+                    
+                    int b = buffer[ position++ ];
+
+                    if( position >= bufferLength )
+                        position = -1;
+
+                    return b & 0xFF; // This is how you "cast" a byte that's
+                                     // intended to be unsigned.
+                }   // end else
+            }   // end if: position >= 0
+            
+            // Else error
+            else
+            {   
+                // When JDK1.4 is more accepted, use an assertion here.
+                throw new java.io.IOException( "Error in Base64 code reading stream." );
+            }   // end else
+        }   // end read
+        
+        
+        /**
+         * Calls {@link #read()} repeatedly until the end of stream
+         * is reached or <var>len</var> bytes are read.
+         * Returns number of bytes read into array or -1 if
+         * end of stream is encountered.
+         *
+         * @param dest array to hold values
+         * @param off offset for array
+         * @param len max number of bytes to read into array
+         * @return bytes read into array or -1 if end of stream is encountered.
+         * @throws java.io.IOException
+         * @since 1.3
+         */
+        public int read( byte[] dest, int off, int len ) throws java.io.IOException
+        {
+            int i;
+            int b;
+            for( i = 0; i < len; i++ )
+            {
+                b = read();
+                
+                //if( b < 0 && i == 0 )
+                //    return -1;
+                
+                if( b >= 0 )
+                    dest[off + i] = (byte)b;
+                else if( i == 0 )
+                    return -1;
+                else
+                    break; // Out of 'for' loop
+            }   // end for: each byte read
+            return i;
+        }   // end read
+        
+    }   // end inner class InputStream
+    
+    
+    
+    
+    
+    
+    /* ********  I N N E R   C L A S S   O U T P U T S T R E A M  ******** */
+    
+    
+    
+    /**
+     * A {@link Base64.OutputStream} will write data to another
+     * <tt>java.io.OutputStream</tt>, given in the constructor,
+     * and encode/decode to/from Base64 notation on the fly.
+     *
+     * @see Base64
+     * @since 1.3
+     */
+    public static class OutputStream extends java.io.FilterOutputStream
+    {
+        private boolean encode;
+        private int     position;
+        private byte[]  buffer;
+        private int     bufferLength;
+        private int     lineLength;
+        private boolean breakLines;
+        private byte[]  b4; // Scratch used in a few places
+        private boolean suspendEncoding;
+		private int options; // Record for later
+		private byte[]  decodabet;		// Local copies to avoid extra method calls
+        
+        /**
+         * Constructs a {@link Base64.OutputStream} in ENCODE mode.
+         *
+         * @param out the <tt>java.io.OutputStream</tt> to which data will be written.
+         * @since 1.3
+         */
+        public OutputStream( java.io.OutputStream out )
+        {   
+            this( out, ENCODE );
+        }   // end constructor
+        
+        
+        /**
+         * Constructs a {@link Base64.OutputStream} in
+         * either ENCODE or DECODE mode.
+         * <p>
+         * Valid options:<pre>
+         *   ENCODE or DECODE: Encode or Decode as data is read.
+         *   DONT_BREAK_LINES: don't break lines at 76 characters
+         *     (only meaningful when encoding)
+         *     <i>Note: Technically, this makes your encoding non-compliant.</i>
+         * </pre>
+         * <p>
+         * Example: <code>new Base64.OutputStream( out, Base64.ENCODE )</code>
+         *
+         * @param out the <tt>java.io.OutputStream</tt> to which data will be written.
+         * @param options Specified options.
+         * @see Base64#ENCODE
+         * @see Base64#DECODE
+         * @see Base64#DONT_BREAK_LINES
+         * @since 1.3
+         */
+        public OutputStream( java.io.OutputStream out, int options )
+        {   
+            super( out );
+            this.breakLines   = (options & DONT_BREAK_LINES) != DONT_BREAK_LINES;
+            this.encode       = (options & ENCODE) == ENCODE;
+            this.bufferLength = encode ? 3 : 4;
+            this.buffer       = new byte[ bufferLength ];
+            this.position     = 0;
+            this.lineLength   = 0;
+            this.suspendEncoding = false;
+            this.b4           = new byte[4];
+			this.options      = options;
+			this.decodabet    = getDecodabet(options);
+        }   // end constructor
+        
+        
+        /**
+         * Writes the byte to the output stream after
+         * converting to/from Base64 notation.
+         * When encoding, bytes are buffered three
+         * at a time before the output stream actually
+         * gets a write() call.
+         * When decoding, bytes are buffered four
+         * at a time.
+         *
+         * @param theByte the byte to write
+         * @throws java.io.IOException
+         * @since 1.3
+         */
+        public void write(int theByte) throws java.io.IOException
+        {
+            // Encoding suspended?
+            if( suspendEncoding )
+            {
+                super.out.write( theByte );
+                return;
+            }   // end if: supsended
+            
+            // Encode?
+            if( encode )
+            {
+                buffer[ position++ ] = (byte)theByte;
+                if( position >= bufferLength )  // Enough to encode.
+                {
+                    out.write( encode3to4( b4, buffer, bufferLength, options ) );
+
+                    lineLength += 4;
+                    if( breakLines && lineLength >= MAX_LINE_LENGTH )
+                    {
+                        out.write( NEW_LINE );
+                        lineLength = 0;
+                    }   // end if: end of line
+
+                    position = 0;
+                }   // end if: enough to output
+            }   // end if: encoding
+
+            // Else, Decoding
+            else
+            {
+                // Meaningful Base64 character?
+                if( decodabet[ theByte & 0x7f ] > WHITE_SPACE_ENC )
+                {
+                    buffer[ position++ ] = (byte)theByte;
+                    if( position >= bufferLength )  // Enough to output.
+                    {
+                        int len = Base64.decode4to3( buffer, 0, b4, 0, options );
+                        out.write( b4, 0, len );
+                        //out.write( Base64.decode4to3( buffer ) );
+                        position = 0;
+                    }   // end if: enough to output
+                }   // end if: meaningful base64 character
+                else if( decodabet[ theByte & 0x7f ] != WHITE_SPACE_ENC )
+                {
+                    throw new java.io.IOException( "Invalid character in Base64 data." );
+                }   // end else: not white space either
+            }   // end else: decoding
+        }   // end write
+        
+        
+        
+        /**
+         * Calls {@link #write(int)} repeatedly until <var>len</var> 
+         * bytes are written.
+         *
+         * @param theBytes array from which to read bytes
+         * @param off offset for array
+         * @param len max number of bytes to read into array
+         * @throws java.io.IOException
+         * @since 1.3
+         */
+        public void write( byte[] theBytes, int off, int len ) throws java.io.IOException
+        {
+            // Encoding suspended?
+            if( suspendEncoding )
+            {
+                super.out.write( theBytes, off, len );
+                return;
+            }   // end if: supsended
+            
+            for( int i = 0; i < len; i++ )
+            {
+                write( theBytes[ off + i ] );
+            }   // end for: each byte written
+            
+        }   // end write
+        
+        
+        
+        /**
+         * Method added by PHIL. [Thanks, PHIL. -Rob]
+         * This pads the buffer without closing the stream.
+         * @throws java.io.IOException
+         */
+        public void flushBase64() throws java.io.IOException 
+        {
+            if( position > 0 )
+            {
+                if( encode )
+                {
+                    out.write( encode3to4( b4, buffer, position, options ) );
+                    position = 0;
+                }   // end if: encoding
+                else
+                {
+                    throw new java.io.IOException( "Base64 input not properly padded." );
+                }   // end else: decoding
+            }   // end if: buffer partially full
+
+        }   // end flush
+
+        
+        /** 
+         * Flushes and closes (I think, in the superclass) the stream. 
+         *
+         * @throws java.io.IOException
+         * @since 1.3
+         */
+        public void close() throws java.io.IOException
+        {
+            // 1. Ensure that pending characters are written
+            flushBase64();
+
+            // 2. Actually close the stream
+            // Base class both flushes and closes.
+            super.close();
+            
+            buffer = null;
+            out    = null;
+        }   // end close
+        
+        
+        
+        /**
+         * Suspends encoding of the stream.
+         * May be helpful if you need to embed a piece of
+         * base640-encoded data in a stream.
+         *
+         * @throws java.io.IOException
+         * @since 1.5.1
+         */
+        public void suspendEncoding() throws java.io.IOException 
+        {
+            flushBase64();
+            this.suspendEncoding = true;
+        }   // end suspendEncoding
+        
+        
+        /**
+         * Resumes encoding of the stream.
+         * May be helpful if you need to embed a piece of
+         * base640-encoded data in a stream.
+         *
+         * @since 1.5.1
+         */
+        public void resumeEncoding()
+        {
+            this.suspendEncoding = false;
+        }   // end resumeEncoding
+        
+        
+        
+    }   // end inner class OutputStream
+    
+    
+}   // end class Base64

From 9bb8d205a0c28ece62a045dae24fd93d29d75585 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:47 -0500
Subject: [PATCH 092/812] Change CRLF to LF for issue 356.

---
 .../java/org/owasp/esapi/codecs/Codec.java    | 318 +++++++++---------
 1 file changed, 159 insertions(+), 159 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/codecs/Codec.java b/src/main/java/org/owasp/esapi/codecs/Codec.java
index 8e5fac8a3..ec02a806a 100644
--- a/src/main/java/org/owasp/esapi/codecs/Codec.java
+++ b/src/main/java/org/owasp/esapi/codecs/Codec.java
@@ -1,159 +1,159 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.codecs;
-
-
-/**
- * The Codec interface defines a set of methods for encoding and decoding application level encoding schemes,
- * such as HTML entity encoding and percent encoding (aka URL encoding). Codecs are used in output encoding
- * and canonicalization.  The design of these codecs allows for character-by-character decoding, which is
- * necessary to detect double-encoding and the use of multiple encoding schemes, both of which are techniques
- * used by attackers to bypass validation and bury encoded attacks in data.
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- * @see org.owasp.esapi.Encoder
- */
-public abstract class Codec {
-
-	/**
-	 * Initialize an array to mark which characters are to be encoded. Store the hex
-	 * string for that character to save time later. If the character shouldn't be
-	 * encoded, then store null.
-	 */
-	private static final String[] hex = new String[256];
-
-	static {
-		for ( char c = 0; c < 0xFF; c++ ) {
-			if ( c >= 0x30 && c <= 0x39 || c >= 0x41 && c <= 0x5A || c >= 0x61 && c <= 0x7A ) {
-				hex[c] = null;
-			} else {
-				hex[c] = toHex(c).intern();
-			}
-		}
-	}
-
-
-	/**
-	 * Default constructor
-	 */
-	public Codec() {
-	}
-
-	/**
-	 * Encode a String so that it can be safely used in a specific context.
-	 * 
-	 * @param immune
-	 * @param input
-	 * 		the String to encode
-	 * @return the encoded String
-	 */
-	public String encode(char[] immune, String input) {
-		StringBuilder sb = new StringBuilder();
-		for (int i = 0; i < input.length(); i++) {
-			char c = input.charAt(i);
-			sb.append(encodeCharacter(immune, c));
-		}
-		return sb.toString();
-	}
-
-	/**
-	 * Default implementation that should be overridden in specific codecs.
-	 * 
-	 * @param immune
-	 * @param c
-	 * 		the Character to encode
-	 * @return
-	 * 		the encoded Character
-	 */
-	public String encodeCharacter( char[] immune, Character c ) {
-		return ""+c;
-	}
-
-	/**
-	 * Decode a String that was encoded using the encode method in this Class
-	 * 
-	 * @param input
-	 * 		the String to decode
-	 * @return
-	 *		the decoded String
-	 */
-	public String decode(String input) {
-		StringBuilder sb = new StringBuilder();
-		PushbackString pbs = new PushbackString(input);
-		while (pbs.hasNext()) {
-			Character c = decodeCharacter(pbs);
-			if (c != null) {
-				sb.append(c);
-			} else {
-				sb.append(pbs.next());
-			}
-		}
-		return sb.toString();
-	}
-
-	/**
-	 * Returns the decoded version of the next character from the input string and advances the
-	 * current character in the PushbackString.  If the current character is not encoded, this 
-	 * method MUST reset the PushbackString.
-	 * 
-	 * @param input	the Character to decode
-	 * 
-	 * @return the decoded Character
-	 */
-	public Character decodeCharacter( PushbackString input ) {
-		return input.next();
-	}
-
-	/**
-	 * Lookup the hex value of any character that is not alphanumeric.
-	 * @param c The character to lookup.
-	 * @return, return null if alphanumeric or the character code
-	 * 	in hex.
-	 */
-	public static String getHexForNonAlphanumeric(char c)
-	{
-		if(c<0xFF)
-			return hex[c];
-		return toHex(c);
-	}
-
-	public static String toOctal(char c)
-	{
-		return Integer.toOctalString(c);
-	}
-
-	public static String toHex(char c)
-	{
-		return Integer.toHexString(c);
-	}
-
-	/**
-	 * Utility to search a char[] for a specific char.
-	 * 
-	 * @param c
-	 * @param array
-	 * @return
-	 */
-	public static boolean containsCharacter( char c, char[] array ) {
-		for (char ch : array) {
-			if (c == ch) return true;
-		}
-		return false;
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.codecs;
+
+
+/**
+ * The Codec interface defines a set of methods for encoding and decoding application level encoding schemes,
+ * such as HTML entity encoding and percent encoding (aka URL encoding). Codecs are used in output encoding
+ * and canonicalization.  The design of these codecs allows for character-by-character decoding, which is
+ * necessary to detect double-encoding and the use of multiple encoding schemes, both of which are techniques
+ * used by attackers to bypass validation and bury encoded attacks in data.
+ * 
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ * @see org.owasp.esapi.Encoder
+ */
+public abstract class Codec {
+
+	/**
+	 * Initialize an array to mark which characters are to be encoded. Store the hex
+	 * string for that character to save time later. If the character shouldn't be
+	 * encoded, then store null.
+	 */
+	private static final String[] hex = new String[256];
+
+	static {
+		for ( char c = 0; c < 0xFF; c++ ) {
+			if ( c >= 0x30 && c <= 0x39 || c >= 0x41 && c <= 0x5A || c >= 0x61 && c <= 0x7A ) {
+				hex[c] = null;
+			} else {
+				hex[c] = toHex(c).intern();
+			}
+		}
+	}
+
+
+	/**
+	 * Default constructor
+	 */
+	public Codec() {
+	}
+
+	/**
+	 * Encode a String so that it can be safely used in a specific context.
+	 * 
+	 * @param immune
+	 * @param input
+	 * 		the String to encode
+	 * @return the encoded String
+	 */
+	public String encode(char[] immune, String input) {
+		StringBuilder sb = new StringBuilder();
+		for (int i = 0; i < input.length(); i++) {
+			char c = input.charAt(i);
+			sb.append(encodeCharacter(immune, c));
+		}
+		return sb.toString();
+	}
+
+	/**
+	 * Default implementation that should be overridden in specific codecs.
+	 * 
+	 * @param immune
+	 * @param c
+	 * 		the Character to encode
+	 * @return
+	 * 		the encoded Character
+	 */
+	public String encodeCharacter( char[] immune, Character c ) {
+		return ""+c;
+	}
+
+	/**
+	 * Decode a String that was encoded using the encode method in this Class
+	 * 
+	 * @param input
+	 * 		the String to decode
+	 * @return
+	 *		the decoded String
+	 */
+	public String decode(String input) {
+		StringBuilder sb = new StringBuilder();
+		PushbackString pbs = new PushbackString(input);
+		while (pbs.hasNext()) {
+			Character c = decodeCharacter(pbs);
+			if (c != null) {
+				sb.append(c);
+			} else {
+				sb.append(pbs.next());
+			}
+		}
+		return sb.toString();
+	}
+
+	/**
+	 * Returns the decoded version of the next character from the input string and advances the
+	 * current character in the PushbackString.  If the current character is not encoded, this 
+	 * method MUST reset the PushbackString.
+	 * 
+	 * @param input	the Character to decode
+	 * 
+	 * @return the decoded Character
+	 */
+	public Character decodeCharacter( PushbackString input ) {
+		return input.next();
+	}
+
+	/**
+	 * Lookup the hex value of any character that is not alphanumeric.
+	 * @param c The character to lookup.
+	 * @return, return null if alphanumeric or the character code
+	 * 	in hex.
+	 */
+	public static String getHexForNonAlphanumeric(char c)
+	{
+		if(c<0xFF)
+			return hex[c];
+		return toHex(c);
+	}
+
+	public static String toOctal(char c)
+	{
+		return Integer.toOctalString(c);
+	}
+
+	public static String toHex(char c)
+	{
+		return Integer.toHexString(c);
+	}
+
+	/**
+	 * Utility to search a char[] for a specific char.
+	 * 
+	 * @param c
+	 * @param array
+	 * @return
+	 */
+	public static boolean containsCharacter( char c, char[] array ) {
+		for (char ch : array) {
+			if (c == ch) return true;
+		}
+		return false;
+	}
+
+}

From 53d1d2c32d75745f319eff01a86b6ac09d5c9f2f Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:47 -0500
Subject: [PATCH 093/812] Change CRLF to LF for issue 356.

---
 .../java/org/owasp/esapi/codecs/CSSCodec.java | 362 +++++++++---------
 1 file changed, 181 insertions(+), 181 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/codecs/CSSCodec.java b/src/main/java/org/owasp/esapi/codecs/CSSCodec.java
index 9e5d0af19..cee77ccaf 100644
--- a/src/main/java/org/owasp/esapi/codecs/CSSCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/CSSCodec.java
@@ -1,181 +1,181 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP) Enterprise Security API
- * (ESAPI) project. For details, please see <a
- * href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- * 
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the LICENSE
- * before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.codecs;
-
-/**
- * Implementation of the Codec interface for backslash encoding used in CSS.
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- * @see org.owasp.esapi.Encoder
- */
-public class CSSCodec extends Codec
-{
-	private static final Character REPLACEMENT = '\ufffd';
-
-
-    /**
-	 * {@inheritDoc}
-	 *
-     * Returns backslash encoded character.
-     *
-     * @param immune
-     */
-    public String encodeCharacter(char[] immune, Character c) {
-		// check for immune characters
-		if ( containsCharacter(c, immune ) ) {
-			return ""+c;
-		}
-		
-		// check for alphanumeric characters
-		String hex = Codec.getHexForNonAlphanumeric(c);
-		if ( hex == null ) {
-			return ""+c;
-		}
-		
-		// return the hex and end in whitespace to terminate
-        return "\\" + hex + " ";
-    }
-
-    
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * Returns the decoded version of the character starting at index,
-	 * or null if no decoding is possible.
-	 */
-	public Character decodeCharacter(PushbackString input)
-	{
-		input.mark();
-		Character first = input.next();
-		if (first == null || first != '\\')
-		{
-			input.reset();
-			return null;
-		}
-
-		Character second = input.next();
-		if (second == null) {
-			input.reset();
-			return null;
-		}
-
-		/* From css 2.1 spec:
-		 * http://www.w3.org/TR/CSS21/syndata.html#characters
-		 *
-		 * First, inside a string, a backslash followed by a
-		 * newline is ignored (i.e., the string is deemed not
-		 * to contain either the backslash or the newline).
-		 *
-		 * Second, it cancels the meaning of special CSS
-		 * characters. Except within CSS comments, any character
-		 * (except a hexadecimal digit, linefeed, carriage return,
-		 * or form feed) can be escaped with a backslash to
-		 * remove its special meaning. For example, "\"" is a string
-		 * consisting of one double quote. Style sheet
-		 * preprocessors must not remove these backslashes
-		 * from a style sheet since that would change the style
-		 * sheet's meaning.
-		 *
-		 * Third, backslash escapes allow authors to refer to
-		 * characters they cannot easily put in a document. In
-		 * this case, the backslash is followed by at most six
-		 * hexadecimal digits (0..9A..F), which stand for the ISO
-		 * 10646 ([ISO10646]) character with that number, which
-		 * must not be zero. (It is undefined in CSS 2.1 what
-		 * happens if a style sheet does contain a character with
-		 * Unicode codepoint zero.) If a character in the range
-		 * [0-9a-fA-F] follows the hexadecimal number, the end
-		 * of the number needs to be made clear. There are two
-		 * ways to do that:
-		 *
-		 *	1. with a space (or other white space character):
-		 *	"\26 B" ("&B"). In this case, user agents should
-		 *	treat a "CR/LF" pair (U+000D/U+000A) as a single
-		 *	white space character.
-		 *
-		 *	2. by providing exactly 6 hexadecimal digits:
-		 *	"\000026B" ("&B")
-		 *
-		 * In fact, these two methods may be combined. Only one
-		 * white space character is ignored after a hexadecimal
-		 * escape. Note that this means that a "real" space
-		 * after the escape sequence must itself either be
-		 * escaped or doubled.
-		 *
-		 * If the number is outside the range allowed by Unicode
-		 * (e.g., "\110000" is above the maximum 10FFFF allowed in
-		 * current Unicode), the UA may replace the escape with
-		 * the "replacement character" (U+FFFD). If the character
-		 * is to be displayed, the UA should show a visible
-		 * symbol, such as a "missing character" glyph (cf. 15.2,
-		 * point 5).
-		 */
-
-		switch(second)
-		{	// special whitespace cases. I assume they mean
-			// for all of these to qualify as a "new
-			// line." Otherwise there is no specification
-			// of what to do for \f
-			case '\r':
-				if(input.peek('\n'))
-					input.next();
-				// fall through
-			case '\n':
-			case '\f':
-				// bs follwed by new line replaced by nothing
-			case '\u0000':	// skip NUL for now too
-				return decodeCharacter(input);
-		}
-
-		if (!PushbackString.isHexDigit(second))
-		{	// non hex digit
-			return second;
-		}
-
-		// Search for up to 6 hex digits following until a space
-		StringBuilder sb = new StringBuilder();
-		sb.append(second);
-		for (int i = 0; i < 5; i++)
-		{
-			Character c = input.next();
-			if(c == null || Character.isWhitespace(c))
-				break;
-			if(PushbackString.isHexDigit(c))
-				sb.append(c);
-			else
-			{
-				input.pushback(c);
-				break;
-			}
-		}
-		try
-		{
-			// parse the hex digit and create a character
-			int i = Integer.parseInt(sb.toString(), 16);
-	
-			if (Character.isValidCodePoint(i))
-				return (char)i;
-			return REPLACEMENT;
-		}
-		catch (NumberFormatException e)
-		{
-			throw new IllegalStateException("Received a NumberFormateException parsing a string verified to be hex", e);
-        	}
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP) Enterprise Security API
+ * (ESAPI) project. For details, please see <a
+ * href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ * 
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the LICENSE
+ * before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.codecs;
+
+/**
+ * Implementation of the Codec interface for backslash encoding used in CSS.
+ * 
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ * @see org.owasp.esapi.Encoder
+ */
+public class CSSCodec extends Codec
+{
+	private static final Character REPLACEMENT = '\ufffd';
+
+
+    /**
+	 * {@inheritDoc}
+	 *
+     * Returns backslash encoded character.
+     *
+     * @param immune
+     */
+    public String encodeCharacter(char[] immune, Character c) {
+		// check for immune characters
+		if ( containsCharacter(c, immune ) ) {
+			return ""+c;
+		}
+		
+		// check for alphanumeric characters
+		String hex = Codec.getHexForNonAlphanumeric(c);
+		if ( hex == null ) {
+			return ""+c;
+		}
+		
+		// return the hex and end in whitespace to terminate
+        return "\\" + hex + " ";
+    }
+
+    
+	/**
+	 * {@inheritDoc}
+	 * 
+	 * Returns the decoded version of the character starting at index,
+	 * or null if no decoding is possible.
+	 */
+	public Character decodeCharacter(PushbackString input)
+	{
+		input.mark();
+		Character first = input.next();
+		if (first == null || first != '\\')
+		{
+			input.reset();
+			return null;
+		}
+
+		Character second = input.next();
+		if (second == null) {
+			input.reset();
+			return null;
+		}
+
+		/* From css 2.1 spec:
+		 * http://www.w3.org/TR/CSS21/syndata.html#characters
+		 *
+		 * First, inside a string, a backslash followed by a
+		 * newline is ignored (i.e., the string is deemed not
+		 * to contain either the backslash or the newline).
+		 *
+		 * Second, it cancels the meaning of special CSS
+		 * characters. Except within CSS comments, any character
+		 * (except a hexadecimal digit, linefeed, carriage return,
+		 * or form feed) can be escaped with a backslash to
+		 * remove its special meaning. For example, "\"" is a string
+		 * consisting of one double quote. Style sheet
+		 * preprocessors must not remove these backslashes
+		 * from a style sheet since that would change the style
+		 * sheet's meaning.
+		 *
+		 * Third, backslash escapes allow authors to refer to
+		 * characters they cannot easily put in a document. In
+		 * this case, the backslash is followed by at most six
+		 * hexadecimal digits (0..9A..F), which stand for the ISO
+		 * 10646 ([ISO10646]) character with that number, which
+		 * must not be zero. (It is undefined in CSS 2.1 what
+		 * happens if a style sheet does contain a character with
+		 * Unicode codepoint zero.) If a character in the range
+		 * [0-9a-fA-F] follows the hexadecimal number, the end
+		 * of the number needs to be made clear. There are two
+		 * ways to do that:
+		 *
+		 *	1. with a space (or other white space character):
+		 *	"\26 B" ("&B"). In this case, user agents should
+		 *	treat a "CR/LF" pair (U+000D/U+000A) as a single
+		 *	white space character.
+		 *
+		 *	2. by providing exactly 6 hexadecimal digits:
+		 *	"\000026B" ("&B")
+		 *
+		 * In fact, these two methods may be combined. Only one
+		 * white space character is ignored after a hexadecimal
+		 * escape. Note that this means that a "real" space
+		 * after the escape sequence must itself either be
+		 * escaped or doubled.
+		 *
+		 * If the number is outside the range allowed by Unicode
+		 * (e.g., "\110000" is above the maximum 10FFFF allowed in
+		 * current Unicode), the UA may replace the escape with
+		 * the "replacement character" (U+FFFD). If the character
+		 * is to be displayed, the UA should show a visible
+		 * symbol, such as a "missing character" glyph (cf. 15.2,
+		 * point 5).
+		 */
+
+		switch(second)
+		{	// special whitespace cases. I assume they mean
+			// for all of these to qualify as a "new
+			// line." Otherwise there is no specification
+			// of what to do for \f
+			case '\r':
+				if(input.peek('\n'))
+					input.next();
+				// fall through
+			case '\n':
+			case '\f':
+				// bs follwed by new line replaced by nothing
+			case '\u0000':	// skip NUL for now too
+				return decodeCharacter(input);
+		}
+
+		if (!PushbackString.isHexDigit(second))
+		{	// non hex digit
+			return second;
+		}
+
+		// Search for up to 6 hex digits following until a space
+		StringBuilder sb = new StringBuilder();
+		sb.append(second);
+		for (int i = 0; i < 5; i++)
+		{
+			Character c = input.next();
+			if(c == null || Character.isWhitespace(c))
+				break;
+			if(PushbackString.isHexDigit(c))
+				sb.append(c);
+			else
+			{
+				input.pushback(c);
+				break;
+			}
+		}
+		try
+		{
+			// parse the hex digit and create a character
+			int i = Integer.parseInt(sb.toString(), 16);
+	
+			if (Character.isValidCodePoint(i))
+				return (char)i;
+			return REPLACEMENT;
+		}
+		catch (NumberFormatException e)
+		{
+			throw new IllegalStateException("Received a NumberFormateException parsing a string verified to be hex", e);
+        	}
+	}
+
+}

From 4a984b0e7fca75fb0667fc03c16f11a193a53872 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:47 -0500
Subject: [PATCH 094/812] Change CRLF to LF for issue 356.

---
 .../java/org/owasp/esapi/codecs/DB2Codec.java | 134 +++++++++---------
 1 file changed, 67 insertions(+), 67 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/codecs/DB2Codec.java b/src/main/java/org/owasp/esapi/codecs/DB2Codec.java
index a99818c27..4ff63ea1a 100644
--- a/src/main/java/org/owasp/esapi/codecs/DB2Codec.java
+++ b/src/main/java/org/owasp/esapi/codecs/DB2Codec.java
@@ -1,68 +1,68 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- *
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- *
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- */
-package org.owasp.esapi.codecs;
-
-
-/**
- * Implementation of the Codec interface for DB2 strings. This function will only protect you from SQLi in limited situations.
- * 
- * @author Sivasankar Tanakala (stanakal@TRS.NYC.NY.US)
- * @since October 26, 2010
- * @see org.owasp.esapi.Encoder
- */
-public class DB2Codec extends Codec {
-
-	public String encodeCharacter(char[] immune, Character c) {
-
-		if (c.charValue() == '\'')
-			return "\'\'";
-
-		if (c.charValue() == ';')
-			return ".";
-
-		return "" + c;
-	}
-
-	public Character decodeCharacter(PushbackString input) {
-
-		input.mark();
-		Character first = input.next();
-
-		if (first == null) {
-			input.reset();
-			return null;
-		}
-
-		// if this is not an encoded character, return null
-
-		if (first.charValue() != '\'') {
-			input.reset();
-			return null;
-		}
-
-		Character second = input.next();
-
-		if (second == null) {
-			input.reset();
-			return null;
-		}
-
-		// if this is not an encoded character, return null
-		if (second.charValue() != '\'') {
-			input.reset();
-			return null;
-		}
-
-		return (Character.valueOf('\''));
-	}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ */
+package org.owasp.esapi.codecs;
+
+
+/**
+ * Implementation of the Codec interface for DB2 strings. This function will only protect you from SQLi in limited situations.
+ * 
+ * @author Sivasankar Tanakala (stanakal@TRS.NYC.NY.US)
+ * @since October 26, 2010
+ * @see org.owasp.esapi.Encoder
+ */
+public class DB2Codec extends Codec {
+
+	public String encodeCharacter(char[] immune, Character c) {
+
+		if (c.charValue() == '\'')
+			return "\'\'";
+
+		if (c.charValue() == ';')
+			return ".";
+
+		return "" + c;
+	}
+
+	public Character decodeCharacter(PushbackString input) {
+
+		input.mark();
+		Character first = input.next();
+
+		if (first == null) {
+			input.reset();
+			return null;
+		}
+
+		// if this is not an encoded character, return null
+
+		if (first.charValue() != '\'') {
+			input.reset();
+			return null;
+		}
+
+		Character second = input.next();
+
+		if (second == null) {
+			input.reset();
+			return null;
+		}
+
+		// if this is not an encoded character, return null
+		if (second.charValue() != '\'') {
+			input.reset();
+			return null;
+		}
+
+		return (Character.valueOf('\''));
+	}
 }
\ No newline at end of file

From 68db04bb6e323f3597e196e18e4b9909c60f8efd Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:47 -0500
Subject: [PATCH 095/812] Change CRLF to LF for issue 356.

---
 .../owasp/esapi/codecs/HTMLEntityCodec.java   | 1100 ++++++++---------
 1 file changed, 550 insertions(+), 550 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java b/src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java
index 36d5876a9..b4337968a 100644
--- a/src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java
@@ -1,550 +1,550 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.codecs;
-
-import java.util.HashMap;
-import java.util.Collections;
-import java.util.Map;
-
-/**
- * Implementation of the Codec interface for HTML entity encoding.
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- * @see org.owasp.esapi.Encoder
- */
-public class HTMLEntityCodec extends Codec
-{
-	private static final char REPLACEMENT_CHAR = '\ufffd';
-	private static final String REPLACEMENT_HEX = "fffd";
-	private static final String REPLACEMENT_STR = "" + REPLACEMENT_CHAR;
-	private static final Map<Character,String> characterToEntityMap = mkCharacterToEntityMap();
-
-	private static final Trie<Character> entityToCharacterTrie = mkEntityToCharacterTrie();
-
-    /**
-     *
-     */
-    public HTMLEntityCodec() {
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-     * Encodes a Character for safe use in an HTML entity field.
-     * @param immune
-     */
-	public String encodeCharacter( char[] immune, Character c ) {
-
-		// check for immune characters
-		if ( containsCharacter(c, immune ) ) {
-			return ""+c;
-		}
-		
-		// check for alphanumeric characters
-		String hex = Codec.getHexForNonAlphanumeric(c);
-		if ( hex == null ) {
-			return ""+c;
-		}
-		
-		// check for illegal characters
-		if ( ( c <= 0x1f && c != '\t' && c != '\n' && c != '\r' ) || ( c >= 0x7f && c <= 0x9f ) )
-		{
-			hex = REPLACEMENT_HEX;	// Let's entity encode this instead of returning it
-			c = REPLACEMENT_CHAR;
-		}
-		
-		// check if there's a defined entity
-		String entityName = (String) characterToEntityMap.get(c);
-		if (entityName != null) {
-			return "&" + entityName + ";";
-		}
-		
-		// return the hex entity as suggested in the spec
-		return "&#x" + hex + ";";
-	}
-	
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * Returns the decoded version of the character starting at index, or
-	 * null if no decoding is possible.
-	 * 
-	 * Formats all are legal both with and without semi-colon, upper/lower case:
-	 *   &#dddd;
-	 *   &#xhhhh;
-	 *   &name;
-	 */
-	public Character decodeCharacter( PushbackString input ) {
-		input.mark();
-		Character first = input.next();
-		if ( first == null ) {
-			input.reset();
-			return null;
-		}
-		
-		// if this is not an encoded character, return null
-		if (first != '&' ) {
-			input.reset();
-			return null;
-		}
-		
-		// test for numeric encodings
-		Character second = input.next();
-		if ( second == null ) {
-			input.reset();
-			return null;
-		}
-		
-		if (second == '#' ) {
-			// handle numbers
-			Character c = getNumericEntity( input );
-			if ( c != null ) return c;
-		} else if ( Character.isLetter( second.charValue() ) ) {
-			// handle entities
-			input.pushback( second );
-			Character c = getNamedEntity( input );
-			if ( c != null ) return c;
-		}
-		input.reset();
-		return null;
-	}
-	
-	/**
-	 * getNumericEntry checks input to see if it is a numeric entity
-	 * 
-	 * @param input
-	 * 			The input to test for being a numeric entity
-	 *  
-	 * @return
-	 * 			null if input is null, the character of input after decoding
-	 */
-	private Character getNumericEntity( PushbackString input ) {
-		Character first = input.peek();
-		if ( first == null ) return null;
-
-		if (first == 'x' || first == 'X' ) {
-			input.next();
-			return parseHex( input );
-		}
-		return parseNumber( input );
-	}
-
-	/**
-	 * Parse a decimal number, such as those from JavaScript's String.fromCharCode(value)
-	 * 
-	 * @param input
-	 * 			decimal encoded string, such as 65
-	 * @return
-	 * 			character representation of this decimal value, e.g. A 
-	 * @throws NumberFormatException
-	 */
-	private Character parseNumber( PushbackString input ) {
-		StringBuilder sb = new StringBuilder();
-		while( input.hasNext() ) {
-			Character c = input.peek();
-			
-			// if character is a digit then add it on and keep going
-			if ( Character.isDigit( c.charValue() ) ) {
-				sb.append( c );
-				input.next();
-				
-			// if character is a semi-colon, eat it and quit
-			} else if (c == ';' ) {
-				input.next();
-				break;
-				
-			// otherwise just quit
-			} else {
-				break;
-			}
-		}
-		try {
-			int i = Integer.parseInt(sb.toString());
-            if (Character.isValidCodePoint(i)) {
-                return (char) i;
-            }
-		} catch( NumberFormatException e ) {
-			// throw an exception for malformed entity?
-		}
-			return null;
-		}
-	
-	/**
-	 * Parse a hex encoded entity
-	 * 
-	 * @param input
-	 * 			Hex encoded input (such as 437ae;)
-	 * @return
-	 * 			A single character from the string
-	 * @throws NumberFormatException
-	 */
-	private Character parseHex( PushbackString input ) {
-		StringBuilder sb = new StringBuilder();
-		while( input.hasNext() ) {
-			Character c = input.peek();
-			
-			// if character is a hex digit then add it on and keep going
-			if ( "0123456789ABCDEFabcdef".indexOf(c) != -1 ) {
-				sb.append( c );
-				input.next();
-				
-			// if character is a semi-colon, eat it and quit
-			} else if (c == ';' ) {
-				input.next();
-				break;
-				
-			// otherwise just quit
-			} else {
-				break;
-			}
-		}
-		try {
-			int i = Integer.parseInt(sb.toString(), 16);
-            if (Character.isValidCodePoint(i)) {
-                return (char) i;
-            }
-		} catch( NumberFormatException e ) {
-			// throw an exception for malformed entity?
-		}
-			return null;
-		}
-	
-	/**
-	 * 
-	 * Returns the decoded version of the character starting at index, or
-	 * null if no decoding is possible.
-	 * 
-	 * Formats all are legal both with and without semi-colon, upper/lower case:
-	 *   &aa;
-	 *   &aaa;
-	 *   &aaaa;
-	 *   &aaaaa;
-	 *   &aaaaaa;
-	 *   &aaaaaaa;
-	 *
-	 * @param input
-	 * 		A string containing a named entity like &quot;
-	 * @return
-	 * 		Returns the decoded version of the character starting at index, or null if no decoding is possible.
-	 */
-	private Character getNamedEntity( PushbackString input ) {
-		StringBuilder possible = new StringBuilder();
-		Map.Entry<CharSequence,Character> entry;
-		int len;
-		
-		// kludge around PushbackString....
-		len = Math.min(input.remainder().length(), entityToCharacterTrie.getMaxKeyLength());
-		for(int i=0;i<len;i++)
-			possible.append(Character.toLowerCase(input.next()));
-
-		// look up the longest match
-		entry = entityToCharacterTrie.getLongestMatch(possible);
-		if(entry == null)
-			return null;	// no match, caller will reset input
-
-		// fixup input
-		input.reset();
-		input.next();	// read &
-		len = entry.getKey().length();	// what matched's length
-		for(int i=0;i<len;i++)
-			input.next();
-
-		// check for a trailing semicolen
-		if(input.peek(';'))
-			input.next();
-
-		return entry.getValue();
-	}
-
-	/**
-	 * Build a unmodifiable Map from entity Character to Name.
-	 * @return Unmodifiable map.
-	 */
-	private static synchronized Map<Character,String> mkCharacterToEntityMap()
-	{
-		Map<Character, String> map = new HashMap<Character,String>(252);
-
-		map.put((char)34,	"quot");	/* quotation mark */
-		map.put((char)38,	"amp");		/* ampersand */
-		map.put((char)60,	"lt");		/* less-than sign */
-		map.put((char)62,	"gt");		/* greater-than sign */
-		map.put((char)160,	"nbsp");	/* no-break space */
-		map.put((char)161,	"iexcl");	/* inverted exclamation mark */
-		map.put((char)162,	"cent");	/* cent sign */
-		map.put((char)163,	"pound");	/* pound sign */
-		map.put((char)164,	"curren");	/* currency sign */
-		map.put((char)165,	"yen");		/* yen sign */
-		map.put((char)166,	"brvbar");	/* broken bar */
-		map.put((char)167,	"sect");	/* section sign */
-		map.put((char)168,	"uml");		/* diaeresis */
-		map.put((char)169,	"copy");	/* copyright sign */
-		map.put((char)170,	"ordf");	/* feminine ordinal indicator */
-		map.put((char)171,	"laquo");	/* left-pointing double angle quotation mark */
-		map.put((char)172,	"not");		/* not sign */
-		map.put((char)173,	"shy");		/* soft hyphen */
-		map.put((char)174,	"reg");		/* registered sign */
-		map.put((char)175,	"macr");	/* macron */
-		map.put((char)176,	"deg");		/* degree sign */
-		map.put((char)177,	"plusmn");	/* plus-minus sign */
-		map.put((char)178,	"sup2");	/* superscript two */
-		map.put((char)179,	"sup3");	/* superscript three */
-		map.put((char)180,	"acute");	/* acute accent */
-		map.put((char)181,	"micro");	/* micro sign */
-		map.put((char)182,	"para");	/* pilcrow sign */
-		map.put((char)183,	"middot");	/* middle dot */
-		map.put((char)184,	"cedil");	/* cedilla */
-		map.put((char)185,	"sup1");	/* superscript one */
-		map.put((char)186,	"ordm");	/* masculine ordinal indicator */
-		map.put((char)187,	"raquo");	/* right-pointing double angle quotation mark */
-		map.put((char)188,	"frac14");	/* vulgar fraction one quarter */
-		map.put((char)189,	"frac12");	/* vulgar fraction one half */
-		map.put((char)190,	"frac34");	/* vulgar fraction three quarters */
-		map.put((char)191,	"iquest");	/* inverted question mark */
-		map.put((char)192,	"Agrave");	/* Latin capital letter a with grave */
-		map.put((char)193,	"Aacute");	/* Latin capital letter a with acute */
-		map.put((char)194,	"Acirc");	/* Latin capital letter a with circumflex */
-		map.put((char)195,	"Atilde");	/* Latin capital letter a with tilde */
-		map.put((char)196,	"Auml");	/* Latin capital letter a with diaeresis */
-		map.put((char)197,	"Aring");	/* Latin capital letter a with ring above */
-		map.put((char)198,	"AElig");	/* Latin capital letter ae */
-		map.put((char)199,	"Ccedil");	/* Latin capital letter c with cedilla */
-		map.put((char)200,	"Egrave");	/* Latin capital letter e with grave */
-		map.put((char)201,	"Eacute");	/* Latin capital letter e with acute */
-		map.put((char)202,	"Ecirc");	/* Latin capital letter e with circumflex */
-		map.put((char)203,	"Euml");	/* Latin capital letter e with diaeresis */
-		map.put((char)204,	"Igrave");	/* Latin capital letter i with grave */
-		map.put((char)205,	"Iacute");	/* Latin capital letter i with acute */
-		map.put((char)206,	"Icirc");	/* Latin capital letter i with circumflex */
-		map.put((char)207,	"Iuml");	/* Latin capital letter i with diaeresis */
-		map.put((char)208,	"ETH");		/* Latin capital letter eth */
-		map.put((char)209,	"Ntilde");	/* Latin capital letter n with tilde */
-		map.put((char)210,	"Ograve");	/* Latin capital letter o with grave */
-		map.put((char)211,	"Oacute");	/* Latin capital letter o with acute */
-		map.put((char)212,	"Ocirc");	/* Latin capital letter o with circumflex */
-		map.put((char)213,	"Otilde");	/* Latin capital letter o with tilde */
-		map.put((char)214,	"Ouml");	/* Latin capital letter o with diaeresis */
-		map.put((char)215,	"times");	/* multiplication sign */
-		map.put((char)216,	"Oslash");	/* Latin capital letter o with stroke */
-		map.put((char)217,	"Ugrave");	/* Latin capital letter u with grave */
-		map.put((char)218,	"Uacute");	/* Latin capital letter u with acute */
-		map.put((char)219,	"Ucirc");	/* Latin capital letter u with circumflex */
-		map.put((char)220,	"Uuml");	/* Latin capital letter u with diaeresis */
-		map.put((char)221,	"Yacute");	/* Latin capital letter y with acute */
-		map.put((char)222,	"THORN");	/* Latin capital letter thorn */
-		map.put((char)223,	"szlig");	/* Latin small letter sharp sXCOMMAX German Eszett */
-		map.put((char)224,	"agrave");	/* Latin small letter a with grave */
-		map.put((char)225,	"aacute");	/* Latin small letter a with acute */
-		map.put((char)226,	"acirc");	/* Latin small letter a with circumflex */
-		map.put((char)227,	"atilde");	/* Latin small letter a with tilde */
-		map.put((char)228,	"auml");	/* Latin small letter a with diaeresis */
-		map.put((char)229,	"aring");	/* Latin small letter a with ring above */
-		map.put((char)230,	"aelig");	/* Latin lowercase ligature ae */
-		map.put((char)231,	"ccedil");	/* Latin small letter c with cedilla */
-		map.put((char)232,	"egrave");	/* Latin small letter e with grave */
-		map.put((char)233,	"eacute");	/* Latin small letter e with acute */
-		map.put((char)234,	"ecirc");	/* Latin small letter e with circumflex */
-		map.put((char)235,	"euml");	/* Latin small letter e with diaeresis */
-		map.put((char)236,	"igrave");	/* Latin small letter i with grave */
-		map.put((char)237,	"iacute");	/* Latin small letter i with acute */
-		map.put((char)238,	"icirc");	/* Latin small letter i with circumflex */
-		map.put((char)239,	"iuml");	/* Latin small letter i with diaeresis */
-		map.put((char)240,	"eth");		/* Latin small letter eth */
-		map.put((char)241,	"ntilde");	/* Latin small letter n with tilde */
-		map.put((char)242,	"ograve");	/* Latin small letter o with grave */
-		map.put((char)243,	"oacute");	/* Latin small letter o with acute */
-		map.put((char)244,	"ocirc");	/* Latin small letter o with circumflex */
-		map.put((char)245,	"otilde");	/* Latin small letter o with tilde */
-		map.put((char)246,	"ouml");	/* Latin small letter o with diaeresis */
-		map.put((char)247,	"divide");	/* division sign */
-		map.put((char)248,	"oslash");	/* Latin small letter o with stroke */
-		map.put((char)249,	"ugrave");	/* Latin small letter u with grave */
-		map.put((char)250,	"uacute");	/* Latin small letter u with acute */
-		map.put((char)251,	"ucirc");	/* Latin small letter u with circumflex */
-		map.put((char)252,	"uuml");	/* Latin small letter u with diaeresis */
-		map.put((char)253,	"yacute");	/* Latin small letter y with acute */
-		map.put((char)254,	"thorn");	/* Latin small letter thorn */
-		map.put((char)255,	"yuml");	/* Latin small letter y with diaeresis */
-		map.put((char)338,	"OElig");	/* Latin capital ligature oe */
-		map.put((char)339,	"oelig");	/* Latin small ligature oe */
-		map.put((char)352,	"Scaron");	/* Latin capital letter s with caron */
-		map.put((char)353,	"scaron");	/* Latin small letter s with caron */
-		map.put((char)376,	"Yuml");	/* Latin capital letter y with diaeresis */
-		map.put((char)402,	"fnof");	/* Latin small letter f with hook */
-		map.put((char)710,	"circ");	/* modifier letter circumflex accent */
-		map.put((char)732,	"tilde");	/* small tilde */
-		map.put((char)913,	"Alpha");	/* Greek capital letter alpha */
-		map.put((char)914,	"Beta");	/* Greek capital letter beta */
-		map.put((char)915,	"Gamma");	/* Greek capital letter gamma */
-		map.put((char)916,	"Delta");	/* Greek capital letter delta */
-		map.put((char)917,	"Epsilon");	/* Greek capital letter epsilon */
-		map.put((char)918,	"Zeta");	/* Greek capital letter zeta */
-		map.put((char)919,	"Eta");		/* Greek capital letter eta */
-		map.put((char)920,	"Theta");	/* Greek capital letter theta */
-		map.put((char)921,	"Iota");	/* Greek capital letter iota */
-		map.put((char)922,	"Kappa");	/* Greek capital letter kappa */
-		map.put((char)923,	"Lambda");	/* Greek capital letter lambda */
-		map.put((char)924,	"Mu");		/* Greek capital letter mu */
-		map.put((char)925,	"Nu");		/* Greek capital letter nu */
-		map.put((char)926,	"Xi");		/* Greek capital letter xi */
-		map.put((char)927,	"Omicron");	/* Greek capital letter omicron */
-		map.put((char)928,	"Pi");		/* Greek capital letter pi */
-		map.put((char)929,	"Rho");		/* Greek capital letter rho */
-		map.put((char)931,	"Sigma");	/* Greek capital letter sigma */
-		map.put((char)932,	"Tau");		/* Greek capital letter tau */
-		map.put((char)933,	"Upsilon");	/* Greek capital letter upsilon */
-		map.put((char)934,	"Phi");		/* Greek capital letter phi */
-		map.put((char)935,	"Chi");		/* Greek capital letter chi */
-		map.put((char)936,	"Psi");		/* Greek capital letter psi */
-		map.put((char)937,	"Omega");	/* Greek capital letter omega */
-		map.put((char)945,	"alpha");	/* Greek small letter alpha */
-		map.put((char)946,	"beta");	/* Greek small letter beta */
-		map.put((char)947,	"gamma");	/* Greek small letter gamma */
-		map.put((char)948,	"delta");	/* Greek small letter delta */
-		map.put((char)949,	"epsilon");	/* Greek small letter epsilon */
-		map.put((char)950,	"zeta");	/* Greek small letter zeta */
-		map.put((char)951,	"eta");		/* Greek small letter eta */
-		map.put((char)952,	"theta");	/* Greek small letter theta */
-		map.put((char)953,	"iota");	/* Greek small letter iota */
-		map.put((char)954,	"kappa");	/* Greek small letter kappa */
-		map.put((char)955,	"lambda");	/* Greek small letter lambda */
-		map.put((char)956,	"mu");		/* Greek small letter mu */
-		map.put((char)957,	"nu");		/* Greek small letter nu */
-		map.put((char)958,	"xi");		/* Greek small letter xi */
-		map.put((char)959,	"omicron");	/* Greek small letter omicron */
-		map.put((char)960,	"pi");		/* Greek small letter pi */
-		map.put((char)961,	"rho");		/* Greek small letter rho */
-		map.put((char)962,	"sigmaf");	/* Greek small letter final sigma */
-		map.put((char)963,	"sigma");	/* Greek small letter sigma */
-		map.put((char)964,	"tau");		/* Greek small letter tau */
-		map.put((char)965,	"upsilon");	/* Greek small letter upsilon */
-		map.put((char)966,	"phi");		/* Greek small letter phi */
-		map.put((char)967,	"chi");		/* Greek small letter chi */
-		map.put((char)968,	"psi");		/* Greek small letter psi */
-		map.put((char)969,	"omega");	/* Greek small letter omega */
-		map.put((char)977,	"thetasym");	/* Greek theta symbol */
-		map.put((char)978,	"upsih");	/* Greek upsilon with hook symbol */
-		map.put((char)982,	"piv");		/* Greek pi symbol */
-		map.put((char)8194,	"ensp");	/* en space */
-		map.put((char)8195,	"emsp");	/* em space */
-		map.put((char)8201,	"thinsp");	/* thin space */
-		map.put((char)8204,	"zwnj");	/* zero width non-joiner */
-		map.put((char)8205,	"zwj");		/* zero width joiner */
-		map.put((char)8206,	"lrm");		/* left-to-right mark */
-		map.put((char)8207,	"rlm");		/* right-to-left mark */
-		map.put((char)8211,	"ndash");	/* en dash */
-		map.put((char)8212,	"mdash");	/* em dash */
-		map.put((char)8216,	"lsquo");	/* left single quotation mark */
-		map.put((char)8217,	"rsquo");	/* right single quotation mark */
-		map.put((char)8218,	"sbquo");	/* single low-9 quotation mark */
-		map.put((char)8220,	"ldquo");	/* left double quotation mark */
-		map.put((char)8221,	"rdquo");	/* right double quotation mark */
-		map.put((char)8222,	"bdquo");	/* double low-9 quotation mark */
-		map.put((char)8224,	"dagger");	/* dagger */
-		map.put((char)8225,	"Dagger");	/* double dagger */
-		map.put((char)8226,	"bull");	/* bullet */
-		map.put((char)8230,	"hellip");	/* horizontal ellipsis */
-		map.put((char)8240,	"permil");	/* per mille sign */
-		map.put((char)8242,	"prime");	/* prime */
-		map.put((char)8243,	"Prime");	/* double prime */
-		map.put((char)8249,	"lsaquo");	/* single left-pointing angle quotation mark */
-		map.put((char)8250,	"rsaquo");	/* single right-pointing angle quotation mark */
-		map.put((char)8254,	"oline");	/* overline */
-		map.put((char)8260,	"frasl");	/* fraction slash */
-		map.put((char)8364,	"euro");	/* euro sign */
-		map.put((char)8465,	"image");	/* black-letter capital i */
-		map.put((char)8472,	"weierp");	/* script capital pXCOMMAX Weierstrass p */
-		map.put((char)8476,	"real");	/* black-letter capital r */
-		map.put((char)8482,	"trade");	/* trademark sign */
-		map.put((char)8501,	"alefsym");	/* alef symbol */
-		map.put((char)8592,	"larr");	/* leftwards arrow */
-		map.put((char)8593,	"uarr");	/* upwards arrow */
-		map.put((char)8594,	"rarr");	/* rightwards arrow */
-		map.put((char)8595,	"darr");	/* downwards arrow */
-		map.put((char)8596,	"harr");	/* left right arrow */
-		map.put((char)8629,	"crarr");	/* downwards arrow with corner leftwards */
-		map.put((char)8656,	"lArr");	/* leftwards double arrow */
-		map.put((char)8657,	"uArr");	/* upwards double arrow */
-		map.put((char)8658,	"rArr");	/* rightwards double arrow */
-		map.put((char)8659,	"dArr");	/* downwards double arrow */
-		map.put((char)8660,	"hArr");	/* left right double arrow */
-		map.put((char)8704,	"forall");	/* for all */
-		map.put((char)8706,	"part");	/* partial differential */
-		map.put((char)8707,	"exist");	/* there exists */
-		map.put((char)8709,	"empty");	/* empty set */
-		map.put((char)8711,	"nabla");	/* nabla */
-		map.put((char)8712,	"isin");	/* element of */
-		map.put((char)8713,	"notin");	/* not an element of */
-		map.put((char)8715,	"ni");		/* contains as member */
-		map.put((char)8719,	"prod");	/* n-ary product */
-		map.put((char)8721,	"sum");		/* n-ary summation */
-		map.put((char)8722,	"minus");	/* minus sign */
-		map.put((char)8727,	"lowast");	/* asterisk operator */
-		map.put((char)8730,	"radic");	/* square root */
-		map.put((char)8733,	"prop");	/* proportional to */
-		map.put((char)8734,	"infin");	/* infinity */
-		map.put((char)8736,	"ang");		/* angle */
-		map.put((char)8743,	"and");		/* logical and */
-		map.put((char)8744,	"or");		/* logical or */
-		map.put((char)8745,	"cap");		/* intersection */
-		map.put((char)8746,	"cup");		/* union */
-		map.put((char)8747,	"int");		/* integral */
-		map.put((char)8756,	"there4");	/* therefore */
-		map.put((char)8764,	"sim");		/* tilde operator */
-		map.put((char)8773,	"cong");	/* congruent to */
-		map.put((char)8776,	"asymp");	/* almost equal to */
-		map.put((char)8800,	"ne");		/* not equal to */
-		map.put((char)8801,	"equiv");	/* identical toXCOMMAX equivalent to */
-		map.put((char)8804,	"le");		/* less-than or equal to */
-		map.put((char)8805,	"ge");		/* greater-than or equal to */
-		map.put((char)8834,	"sub");		/* subset of */
-		map.put((char)8835,	"sup");		/* superset of */
-		map.put((char)8836,	"nsub");	/* not a subset of */
-		map.put((char)8838,	"sube");	/* subset of or equal to */
-		map.put((char)8839,	"supe");	/* superset of or equal to */
-		map.put((char)8853,	"oplus");	/* circled plus */
-		map.put((char)8855,	"otimes");	/* circled times */
-		map.put((char)8869,	"perp");	/* up tack */
-		map.put((char)8901,	"sdot");	/* dot operator */
-		map.put((char)8968,	"lceil");	/* left ceiling */
-		map.put((char)8969,	"rceil");	/* right ceiling */
-		map.put((char)8970,	"lfloor");	/* left floor */
-		map.put((char)8971,	"rfloor");	/* right floor */
-		map.put((char)9001,	"lang");	/* left-pointing angle bracket */
-		map.put((char)9002,	"rang");	/* right-pointing angle bracket */
-		map.put((char)9674,	"loz");		/* lozenge */
-		map.put((char)9824,	"spades");	/* black spade suit */
-		map.put((char)9827,	"clubs");	/* black club suit */
-		map.put((char)9829,	"hearts");	/* black heart suit */
-		map.put((char)9830,	"diams");	/* black diamond suit */
-
-		return Collections.unmodifiableMap(map);
-	}
-
-	/**
-	 * Build a unmodifiable Trie from entitiy Name to Character
-	 * @return Unmodifiable trie.
-	 */
-	private static synchronized Trie<Character> mkEntityToCharacterTrie()
-	{
-		Trie<Character> trie = new HashTrie<Character>();
-
-		for(Map.Entry<Character,String> entry : characterToEntityMap.entrySet())
-			trie.put(entry.getValue(),entry.getKey());
-		return Trie.Util.unmodifiable(trie);
-	}
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.codecs;
+
+import java.util.HashMap;
+import java.util.Collections;
+import java.util.Map;
+
+/**
+ * Implementation of the Codec interface for HTML entity encoding.
+ * 
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ * @see org.owasp.esapi.Encoder
+ */
+public class HTMLEntityCodec extends Codec
+{
+	private static final char REPLACEMENT_CHAR = '\ufffd';
+	private static final String REPLACEMENT_HEX = "fffd";
+	private static final String REPLACEMENT_STR = "" + REPLACEMENT_CHAR;
+	private static final Map<Character,String> characterToEntityMap = mkCharacterToEntityMap();
+
+	private static final Trie<Character> entityToCharacterTrie = mkEntityToCharacterTrie();
+
+    /**
+     *
+     */
+    public HTMLEntityCodec() {
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * 
+     * Encodes a Character for safe use in an HTML entity field.
+     * @param immune
+     */
+	public String encodeCharacter( char[] immune, Character c ) {
+
+		// check for immune characters
+		if ( containsCharacter(c, immune ) ) {
+			return ""+c;
+		}
+		
+		// check for alphanumeric characters
+		String hex = Codec.getHexForNonAlphanumeric(c);
+		if ( hex == null ) {
+			return ""+c;
+		}
+		
+		// check for illegal characters
+		if ( ( c <= 0x1f && c != '\t' && c != '\n' && c != '\r' ) || ( c >= 0x7f && c <= 0x9f ) )
+		{
+			hex = REPLACEMENT_HEX;	// Let's entity encode this instead of returning it
+			c = REPLACEMENT_CHAR;
+		}
+		
+		// check if there's a defined entity
+		String entityName = (String) characterToEntityMap.get(c);
+		if (entityName != null) {
+			return "&" + entityName + ";";
+		}
+		
+		// return the hex entity as suggested in the spec
+		return "&#x" + hex + ";";
+	}
+	
+	/**
+	 * {@inheritDoc}
+	 * 
+	 * Returns the decoded version of the character starting at index, or
+	 * null if no decoding is possible.
+	 * 
+	 * Formats all are legal both with and without semi-colon, upper/lower case:
+	 *   &#dddd;
+	 *   &#xhhhh;
+	 *   &name;
+	 */
+	public Character decodeCharacter( PushbackString input ) {
+		input.mark();
+		Character first = input.next();
+		if ( first == null ) {
+			input.reset();
+			return null;
+		}
+		
+		// if this is not an encoded character, return null
+		if (first != '&' ) {
+			input.reset();
+			return null;
+		}
+		
+		// test for numeric encodings
+		Character second = input.next();
+		if ( second == null ) {
+			input.reset();
+			return null;
+		}
+		
+		if (second == '#' ) {
+			// handle numbers
+			Character c = getNumericEntity( input );
+			if ( c != null ) return c;
+		} else if ( Character.isLetter( second.charValue() ) ) {
+			// handle entities
+			input.pushback( second );
+			Character c = getNamedEntity( input );
+			if ( c != null ) return c;
+		}
+		input.reset();
+		return null;
+	}
+	
+	/**
+	 * getNumericEntry checks input to see if it is a numeric entity
+	 * 
+	 * @param input
+	 * 			The input to test for being a numeric entity
+	 *  
+	 * @return
+	 * 			null if input is null, the character of input after decoding
+	 */
+	private Character getNumericEntity( PushbackString input ) {
+		Character first = input.peek();
+		if ( first == null ) return null;
+
+		if (first == 'x' || first == 'X' ) {
+			input.next();
+			return parseHex( input );
+		}
+		return parseNumber( input );
+	}
+
+	/**
+	 * Parse a decimal number, such as those from JavaScript's String.fromCharCode(value)
+	 * 
+	 * @param input
+	 * 			decimal encoded string, such as 65
+	 * @return
+	 * 			character representation of this decimal value, e.g. A 
+	 * @throws NumberFormatException
+	 */
+	private Character parseNumber( PushbackString input ) {
+		StringBuilder sb = new StringBuilder();
+		while( input.hasNext() ) {
+			Character c = input.peek();
+			
+			// if character is a digit then add it on and keep going
+			if ( Character.isDigit( c.charValue() ) ) {
+				sb.append( c );
+				input.next();
+				
+			// if character is a semi-colon, eat it and quit
+			} else if (c == ';' ) {
+				input.next();
+				break;
+				
+			// otherwise just quit
+			} else {
+				break;
+			}
+		}
+		try {
+			int i = Integer.parseInt(sb.toString());
+            if (Character.isValidCodePoint(i)) {
+                return (char) i;
+            }
+		} catch( NumberFormatException e ) {
+			// throw an exception for malformed entity?
+		}
+			return null;
+		}
+	
+	/**
+	 * Parse a hex encoded entity
+	 * 
+	 * @param input
+	 * 			Hex encoded input (such as 437ae;)
+	 * @return
+	 * 			A single character from the string
+	 * @throws NumberFormatException
+	 */
+	private Character parseHex( PushbackString input ) {
+		StringBuilder sb = new StringBuilder();
+		while( input.hasNext() ) {
+			Character c = input.peek();
+			
+			// if character is a hex digit then add it on and keep going
+			if ( "0123456789ABCDEFabcdef".indexOf(c) != -1 ) {
+				sb.append( c );
+				input.next();
+				
+			// if character is a semi-colon, eat it and quit
+			} else if (c == ';' ) {
+				input.next();
+				break;
+				
+			// otherwise just quit
+			} else {
+				break;
+			}
+		}
+		try {
+			int i = Integer.parseInt(sb.toString(), 16);
+            if (Character.isValidCodePoint(i)) {
+                return (char) i;
+            }
+		} catch( NumberFormatException e ) {
+			// throw an exception for malformed entity?
+		}
+			return null;
+		}
+	
+	/**
+	 * 
+	 * Returns the decoded version of the character starting at index, or
+	 * null if no decoding is possible.
+	 * 
+	 * Formats all are legal both with and without semi-colon, upper/lower case:
+	 *   &aa;
+	 *   &aaa;
+	 *   &aaaa;
+	 *   &aaaaa;
+	 *   &aaaaaa;
+	 *   &aaaaaaa;
+	 *
+	 * @param input
+	 * 		A string containing a named entity like &quot;
+	 * @return
+	 * 		Returns the decoded version of the character starting at index, or null if no decoding is possible.
+	 */
+	private Character getNamedEntity( PushbackString input ) {
+		StringBuilder possible = new StringBuilder();
+		Map.Entry<CharSequence,Character> entry;
+		int len;
+		
+		// kludge around PushbackString....
+		len = Math.min(input.remainder().length(), entityToCharacterTrie.getMaxKeyLength());
+		for(int i=0;i<len;i++)
+			possible.append(Character.toLowerCase(input.next()));
+
+		// look up the longest match
+		entry = entityToCharacterTrie.getLongestMatch(possible);
+		if(entry == null)
+			return null;	// no match, caller will reset input
+
+		// fixup input
+		input.reset();
+		input.next();	// read &
+		len = entry.getKey().length();	// what matched's length
+		for(int i=0;i<len;i++)
+			input.next();
+
+		// check for a trailing semicolen
+		if(input.peek(';'))
+			input.next();
+
+		return entry.getValue();
+	}
+
+	/**
+	 * Build a unmodifiable Map from entity Character to Name.
+	 * @return Unmodifiable map.
+	 */
+	private static synchronized Map<Character,String> mkCharacterToEntityMap()
+	{
+		Map<Character, String> map = new HashMap<Character,String>(252);
+
+		map.put((char)34,	"quot");	/* quotation mark */
+		map.put((char)38,	"amp");		/* ampersand */
+		map.put((char)60,	"lt");		/* less-than sign */
+		map.put((char)62,	"gt");		/* greater-than sign */
+		map.put((char)160,	"nbsp");	/* no-break space */
+		map.put((char)161,	"iexcl");	/* inverted exclamation mark */
+		map.put((char)162,	"cent");	/* cent sign */
+		map.put((char)163,	"pound");	/* pound sign */
+		map.put((char)164,	"curren");	/* currency sign */
+		map.put((char)165,	"yen");		/* yen sign */
+		map.put((char)166,	"brvbar");	/* broken bar */
+		map.put((char)167,	"sect");	/* section sign */
+		map.put((char)168,	"uml");		/* diaeresis */
+		map.put((char)169,	"copy");	/* copyright sign */
+		map.put((char)170,	"ordf");	/* feminine ordinal indicator */
+		map.put((char)171,	"laquo");	/* left-pointing double angle quotation mark */
+		map.put((char)172,	"not");		/* not sign */
+		map.put((char)173,	"shy");		/* soft hyphen */
+		map.put((char)174,	"reg");		/* registered sign */
+		map.put((char)175,	"macr");	/* macron */
+		map.put((char)176,	"deg");		/* degree sign */
+		map.put((char)177,	"plusmn");	/* plus-minus sign */
+		map.put((char)178,	"sup2");	/* superscript two */
+		map.put((char)179,	"sup3");	/* superscript three */
+		map.put((char)180,	"acute");	/* acute accent */
+		map.put((char)181,	"micro");	/* micro sign */
+		map.put((char)182,	"para");	/* pilcrow sign */
+		map.put((char)183,	"middot");	/* middle dot */
+		map.put((char)184,	"cedil");	/* cedilla */
+		map.put((char)185,	"sup1");	/* superscript one */
+		map.put((char)186,	"ordm");	/* masculine ordinal indicator */
+		map.put((char)187,	"raquo");	/* right-pointing double angle quotation mark */
+		map.put((char)188,	"frac14");	/* vulgar fraction one quarter */
+		map.put((char)189,	"frac12");	/* vulgar fraction one half */
+		map.put((char)190,	"frac34");	/* vulgar fraction three quarters */
+		map.put((char)191,	"iquest");	/* inverted question mark */
+		map.put((char)192,	"Agrave");	/* Latin capital letter a with grave */
+		map.put((char)193,	"Aacute");	/* Latin capital letter a with acute */
+		map.put((char)194,	"Acirc");	/* Latin capital letter a with circumflex */
+		map.put((char)195,	"Atilde");	/* Latin capital letter a with tilde */
+		map.put((char)196,	"Auml");	/* Latin capital letter a with diaeresis */
+		map.put((char)197,	"Aring");	/* Latin capital letter a with ring above */
+		map.put((char)198,	"AElig");	/* Latin capital letter ae */
+		map.put((char)199,	"Ccedil");	/* Latin capital letter c with cedilla */
+		map.put((char)200,	"Egrave");	/* Latin capital letter e with grave */
+		map.put((char)201,	"Eacute");	/* Latin capital letter e with acute */
+		map.put((char)202,	"Ecirc");	/* Latin capital letter e with circumflex */
+		map.put((char)203,	"Euml");	/* Latin capital letter e with diaeresis */
+		map.put((char)204,	"Igrave");	/* Latin capital letter i with grave */
+		map.put((char)205,	"Iacute");	/* Latin capital letter i with acute */
+		map.put((char)206,	"Icirc");	/* Latin capital letter i with circumflex */
+		map.put((char)207,	"Iuml");	/* Latin capital letter i with diaeresis */
+		map.put((char)208,	"ETH");		/* Latin capital letter eth */
+		map.put((char)209,	"Ntilde");	/* Latin capital letter n with tilde */
+		map.put((char)210,	"Ograve");	/* Latin capital letter o with grave */
+		map.put((char)211,	"Oacute");	/* Latin capital letter o with acute */
+		map.put((char)212,	"Ocirc");	/* Latin capital letter o with circumflex */
+		map.put((char)213,	"Otilde");	/* Latin capital letter o with tilde */
+		map.put((char)214,	"Ouml");	/* Latin capital letter o with diaeresis */
+		map.put((char)215,	"times");	/* multiplication sign */
+		map.put((char)216,	"Oslash");	/* Latin capital letter o with stroke */
+		map.put((char)217,	"Ugrave");	/* Latin capital letter u with grave */
+		map.put((char)218,	"Uacute");	/* Latin capital letter u with acute */
+		map.put((char)219,	"Ucirc");	/* Latin capital letter u with circumflex */
+		map.put((char)220,	"Uuml");	/* Latin capital letter u with diaeresis */
+		map.put((char)221,	"Yacute");	/* Latin capital letter y with acute */
+		map.put((char)222,	"THORN");	/* Latin capital letter thorn */
+		map.put((char)223,	"szlig");	/* Latin small letter sharp sXCOMMAX German Eszett */
+		map.put((char)224,	"agrave");	/* Latin small letter a with grave */
+		map.put((char)225,	"aacute");	/* Latin small letter a with acute */
+		map.put((char)226,	"acirc");	/* Latin small letter a with circumflex */
+		map.put((char)227,	"atilde");	/* Latin small letter a with tilde */
+		map.put((char)228,	"auml");	/* Latin small letter a with diaeresis */
+		map.put((char)229,	"aring");	/* Latin small letter a with ring above */
+		map.put((char)230,	"aelig");	/* Latin lowercase ligature ae */
+		map.put((char)231,	"ccedil");	/* Latin small letter c with cedilla */
+		map.put((char)232,	"egrave");	/* Latin small letter e with grave */
+		map.put((char)233,	"eacute");	/* Latin small letter e with acute */
+		map.put((char)234,	"ecirc");	/* Latin small letter e with circumflex */
+		map.put((char)235,	"euml");	/* Latin small letter e with diaeresis */
+		map.put((char)236,	"igrave");	/* Latin small letter i with grave */
+		map.put((char)237,	"iacute");	/* Latin small letter i with acute */
+		map.put((char)238,	"icirc");	/* Latin small letter i with circumflex */
+		map.put((char)239,	"iuml");	/* Latin small letter i with diaeresis */
+		map.put((char)240,	"eth");		/* Latin small letter eth */
+		map.put((char)241,	"ntilde");	/* Latin small letter n with tilde */
+		map.put((char)242,	"ograve");	/* Latin small letter o with grave */
+		map.put((char)243,	"oacute");	/* Latin small letter o with acute */
+		map.put((char)244,	"ocirc");	/* Latin small letter o with circumflex */
+		map.put((char)245,	"otilde");	/* Latin small letter o with tilde */
+		map.put((char)246,	"ouml");	/* Latin small letter o with diaeresis */
+		map.put((char)247,	"divide");	/* division sign */
+		map.put((char)248,	"oslash");	/* Latin small letter o with stroke */
+		map.put((char)249,	"ugrave");	/* Latin small letter u with grave */
+		map.put((char)250,	"uacute");	/* Latin small letter u with acute */
+		map.put((char)251,	"ucirc");	/* Latin small letter u with circumflex */
+		map.put((char)252,	"uuml");	/* Latin small letter u with diaeresis */
+		map.put((char)253,	"yacute");	/* Latin small letter y with acute */
+		map.put((char)254,	"thorn");	/* Latin small letter thorn */
+		map.put((char)255,	"yuml");	/* Latin small letter y with diaeresis */
+		map.put((char)338,	"OElig");	/* Latin capital ligature oe */
+		map.put((char)339,	"oelig");	/* Latin small ligature oe */
+		map.put((char)352,	"Scaron");	/* Latin capital letter s with caron */
+		map.put((char)353,	"scaron");	/* Latin small letter s with caron */
+		map.put((char)376,	"Yuml");	/* Latin capital letter y with diaeresis */
+		map.put((char)402,	"fnof");	/* Latin small letter f with hook */
+		map.put((char)710,	"circ");	/* modifier letter circumflex accent */
+		map.put((char)732,	"tilde");	/* small tilde */
+		map.put((char)913,	"Alpha");	/* Greek capital letter alpha */
+		map.put((char)914,	"Beta");	/* Greek capital letter beta */
+		map.put((char)915,	"Gamma");	/* Greek capital letter gamma */
+		map.put((char)916,	"Delta");	/* Greek capital letter delta */
+		map.put((char)917,	"Epsilon");	/* Greek capital letter epsilon */
+		map.put((char)918,	"Zeta");	/* Greek capital letter zeta */
+		map.put((char)919,	"Eta");		/* Greek capital letter eta */
+		map.put((char)920,	"Theta");	/* Greek capital letter theta */
+		map.put((char)921,	"Iota");	/* Greek capital letter iota */
+		map.put((char)922,	"Kappa");	/* Greek capital letter kappa */
+		map.put((char)923,	"Lambda");	/* Greek capital letter lambda */
+		map.put((char)924,	"Mu");		/* Greek capital letter mu */
+		map.put((char)925,	"Nu");		/* Greek capital letter nu */
+		map.put((char)926,	"Xi");		/* Greek capital letter xi */
+		map.put((char)927,	"Omicron");	/* Greek capital letter omicron */
+		map.put((char)928,	"Pi");		/* Greek capital letter pi */
+		map.put((char)929,	"Rho");		/* Greek capital letter rho */
+		map.put((char)931,	"Sigma");	/* Greek capital letter sigma */
+		map.put((char)932,	"Tau");		/* Greek capital letter tau */
+		map.put((char)933,	"Upsilon");	/* Greek capital letter upsilon */
+		map.put((char)934,	"Phi");		/* Greek capital letter phi */
+		map.put((char)935,	"Chi");		/* Greek capital letter chi */
+		map.put((char)936,	"Psi");		/* Greek capital letter psi */
+		map.put((char)937,	"Omega");	/* Greek capital letter omega */
+		map.put((char)945,	"alpha");	/* Greek small letter alpha */
+		map.put((char)946,	"beta");	/* Greek small letter beta */
+		map.put((char)947,	"gamma");	/* Greek small letter gamma */
+		map.put((char)948,	"delta");	/* Greek small letter delta */
+		map.put((char)949,	"epsilon");	/* Greek small letter epsilon */
+		map.put((char)950,	"zeta");	/* Greek small letter zeta */
+		map.put((char)951,	"eta");		/* Greek small letter eta */
+		map.put((char)952,	"theta");	/* Greek small letter theta */
+		map.put((char)953,	"iota");	/* Greek small letter iota */
+		map.put((char)954,	"kappa");	/* Greek small letter kappa */
+		map.put((char)955,	"lambda");	/* Greek small letter lambda */
+		map.put((char)956,	"mu");		/* Greek small letter mu */
+		map.put((char)957,	"nu");		/* Greek small letter nu */
+		map.put((char)958,	"xi");		/* Greek small letter xi */
+		map.put((char)959,	"omicron");	/* Greek small letter omicron */
+		map.put((char)960,	"pi");		/* Greek small letter pi */
+		map.put((char)961,	"rho");		/* Greek small letter rho */
+		map.put((char)962,	"sigmaf");	/* Greek small letter final sigma */
+		map.put((char)963,	"sigma");	/* Greek small letter sigma */
+		map.put((char)964,	"tau");		/* Greek small letter tau */
+		map.put((char)965,	"upsilon");	/* Greek small letter upsilon */
+		map.put((char)966,	"phi");		/* Greek small letter phi */
+		map.put((char)967,	"chi");		/* Greek small letter chi */
+		map.put((char)968,	"psi");		/* Greek small letter psi */
+		map.put((char)969,	"omega");	/* Greek small letter omega */
+		map.put((char)977,	"thetasym");	/* Greek theta symbol */
+		map.put((char)978,	"upsih");	/* Greek upsilon with hook symbol */
+		map.put((char)982,	"piv");		/* Greek pi symbol */
+		map.put((char)8194,	"ensp");	/* en space */
+		map.put((char)8195,	"emsp");	/* em space */
+		map.put((char)8201,	"thinsp");	/* thin space */
+		map.put((char)8204,	"zwnj");	/* zero width non-joiner */
+		map.put((char)8205,	"zwj");		/* zero width joiner */
+		map.put((char)8206,	"lrm");		/* left-to-right mark */
+		map.put((char)8207,	"rlm");		/* right-to-left mark */
+		map.put((char)8211,	"ndash");	/* en dash */
+		map.put((char)8212,	"mdash");	/* em dash */
+		map.put((char)8216,	"lsquo");	/* left single quotation mark */
+		map.put((char)8217,	"rsquo");	/* right single quotation mark */
+		map.put((char)8218,	"sbquo");	/* single low-9 quotation mark */
+		map.put((char)8220,	"ldquo");	/* left double quotation mark */
+		map.put((char)8221,	"rdquo");	/* right double quotation mark */
+		map.put((char)8222,	"bdquo");	/* double low-9 quotation mark */
+		map.put((char)8224,	"dagger");	/* dagger */
+		map.put((char)8225,	"Dagger");	/* double dagger */
+		map.put((char)8226,	"bull");	/* bullet */
+		map.put((char)8230,	"hellip");	/* horizontal ellipsis */
+		map.put((char)8240,	"permil");	/* per mille sign */
+		map.put((char)8242,	"prime");	/* prime */
+		map.put((char)8243,	"Prime");	/* double prime */
+		map.put((char)8249,	"lsaquo");	/* single left-pointing angle quotation mark */
+		map.put((char)8250,	"rsaquo");	/* single right-pointing angle quotation mark */
+		map.put((char)8254,	"oline");	/* overline */
+		map.put((char)8260,	"frasl");	/* fraction slash */
+		map.put((char)8364,	"euro");	/* euro sign */
+		map.put((char)8465,	"image");	/* black-letter capital i */
+		map.put((char)8472,	"weierp");	/* script capital pXCOMMAX Weierstrass p */
+		map.put((char)8476,	"real");	/* black-letter capital r */
+		map.put((char)8482,	"trade");	/* trademark sign */
+		map.put((char)8501,	"alefsym");	/* alef symbol */
+		map.put((char)8592,	"larr");	/* leftwards arrow */
+		map.put((char)8593,	"uarr");	/* upwards arrow */
+		map.put((char)8594,	"rarr");	/* rightwards arrow */
+		map.put((char)8595,	"darr");	/* downwards arrow */
+		map.put((char)8596,	"harr");	/* left right arrow */
+		map.put((char)8629,	"crarr");	/* downwards arrow with corner leftwards */
+		map.put((char)8656,	"lArr");	/* leftwards double arrow */
+		map.put((char)8657,	"uArr");	/* upwards double arrow */
+		map.put((char)8658,	"rArr");	/* rightwards double arrow */
+		map.put((char)8659,	"dArr");	/* downwards double arrow */
+		map.put((char)8660,	"hArr");	/* left right double arrow */
+		map.put((char)8704,	"forall");	/* for all */
+		map.put((char)8706,	"part");	/* partial differential */
+		map.put((char)8707,	"exist");	/* there exists */
+		map.put((char)8709,	"empty");	/* empty set */
+		map.put((char)8711,	"nabla");	/* nabla */
+		map.put((char)8712,	"isin");	/* element of */
+		map.put((char)8713,	"notin");	/* not an element of */
+		map.put((char)8715,	"ni");		/* contains as member */
+		map.put((char)8719,	"prod");	/* n-ary product */
+		map.put((char)8721,	"sum");		/* n-ary summation */
+		map.put((char)8722,	"minus");	/* minus sign */
+		map.put((char)8727,	"lowast");	/* asterisk operator */
+		map.put((char)8730,	"radic");	/* square root */
+		map.put((char)8733,	"prop");	/* proportional to */
+		map.put((char)8734,	"infin");	/* infinity */
+		map.put((char)8736,	"ang");		/* angle */
+		map.put((char)8743,	"and");		/* logical and */
+		map.put((char)8744,	"or");		/* logical or */
+		map.put((char)8745,	"cap");		/* intersection */
+		map.put((char)8746,	"cup");		/* union */
+		map.put((char)8747,	"int");		/* integral */
+		map.put((char)8756,	"there4");	/* therefore */
+		map.put((char)8764,	"sim");		/* tilde operator */
+		map.put((char)8773,	"cong");	/* congruent to */
+		map.put((char)8776,	"asymp");	/* almost equal to */
+		map.put((char)8800,	"ne");		/* not equal to */
+		map.put((char)8801,	"equiv");	/* identical toXCOMMAX equivalent to */
+		map.put((char)8804,	"le");		/* less-than or equal to */
+		map.put((char)8805,	"ge");		/* greater-than or equal to */
+		map.put((char)8834,	"sub");		/* subset of */
+		map.put((char)8835,	"sup");		/* superset of */
+		map.put((char)8836,	"nsub");	/* not a subset of */
+		map.put((char)8838,	"sube");	/* subset of or equal to */
+		map.put((char)8839,	"supe");	/* superset of or equal to */
+		map.put((char)8853,	"oplus");	/* circled plus */
+		map.put((char)8855,	"otimes");	/* circled times */
+		map.put((char)8869,	"perp");	/* up tack */
+		map.put((char)8901,	"sdot");	/* dot operator */
+		map.put((char)8968,	"lceil");	/* left ceiling */
+		map.put((char)8969,	"rceil");	/* right ceiling */
+		map.put((char)8970,	"lfloor");	/* left floor */
+		map.put((char)8971,	"rfloor");	/* right floor */
+		map.put((char)9001,	"lang");	/* left-pointing angle bracket */
+		map.put((char)9002,	"rang");	/* right-pointing angle bracket */
+		map.put((char)9674,	"loz");		/* lozenge */
+		map.put((char)9824,	"spades");	/* black spade suit */
+		map.put((char)9827,	"clubs");	/* black club suit */
+		map.put((char)9829,	"hearts");	/* black heart suit */
+		map.put((char)9830,	"diams");	/* black diamond suit */
+
+		return Collections.unmodifiableMap(map);
+	}
+
+	/**
+	 * Build a unmodifiable Trie from entitiy Name to Character
+	 * @return Unmodifiable trie.
+	 */
+	private static synchronized Trie<Character> mkEntityToCharacterTrie()
+	{
+		Trie<Character> trie = new HashTrie<Character>();
+
+		for(Map.Entry<Character,String> entry : characterToEntityMap.entrySet())
+			trie.put(entry.getValue(),entry.getKey());
+		return Trie.Util.unmodifiable(trie);
+	}
+}

From d87f8dbb8f97a6cc28f488f4206264ea937735a6 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:47 -0500
Subject: [PATCH 096/812] Change CRLF to LF for issue 356.

---
 .../owasp/esapi/codecs/JavaScriptCodec.java   | 432 +++++++++---------
 1 file changed, 216 insertions(+), 216 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/codecs/JavaScriptCodec.java b/src/main/java/org/owasp/esapi/codecs/JavaScriptCodec.java
index 6d128e462..7980155e1 100644
--- a/src/main/java/org/owasp/esapi/codecs/JavaScriptCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/JavaScriptCodec.java
@@ -1,217 +1,217 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.codecs;
-
-
-/**
- * Implementation of the Codec interface for backslash encoding in JavaScript.
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- * @see org.owasp.esapi.Encoder
- */
-public class JavaScriptCodec extends Codec {
-
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * Returns backslash encoded numeric format. Does not use backslash character escapes
-	 * such as, \" or \' as these may cause parsing problems. For example, if a javascript
-	 * attribute, such as onmouseover, contains a \" that will close the entire attribute and
-	 * allow an attacker to inject another script attribute.
-     *
-     * @param immune
-     */
-	public String encodeCharacter( char[] immune, Character c ) {
-
-		// check for immune characters
-		if ( containsCharacter(c, immune ) ) {
-			return ""+c;
-		}
-		
-		// check for alphanumeric characters
-		String hex = Codec.getHexForNonAlphanumeric(c);
-		if ( hex == null ) {
-			return ""+c;
-		}
-				
-		// Do not use these shortcuts as they can be used to break out of a context
-		// if ( ch == 0x00 ) return "\\0";
-		// if ( ch == 0x08 ) return "\\b";
-		// if ( ch == 0x09 ) return "\\t";
-		// if ( ch == 0x0a ) return "\\n";
-		// if ( ch == 0x0b ) return "\\v";
-		// if ( ch == 0x0c ) return "\\f";
-		// if ( ch == 0x0d ) return "\\r";
-		// if ( ch == 0x22 ) return "\\\"";
-		// if ( ch == 0x27 ) return "\\'";
-		// if ( ch == 0x5c ) return "\\\\";
-
-		// encode up to 256 with \\xHH
-        String temp = Integer.toHexString(c);
-		if ( c < 256 ) {
-	        String pad = "00".substring(temp.length() );
-	        return "\\x" + pad + temp.toUpperCase();
-		}
-
-		// otherwise encode with \\uHHHH
-        String pad = "0000".substring(temp.length() );
-        return "\\u" + pad + temp.toUpperCase();
-	}
-
-	
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * Returns the decoded version of the character starting at index, or
-	 * null if no decoding is possible.
-	 * See http://www.planetpdf.com/codecuts/pdfs/tutorial/jsspec.pdf 
-	 * Formats all are legal both upper/lower case:
-	 *   \\a - special characters
-	 *   \\xHH
-	 *   \\uHHHH
-	 *   \\OOO (1, 2, or 3 digits)
-	 */
-	public Character decodeCharacter( PushbackString input ) {
-		input.mark();
-		Character first = input.next();
-		if ( first == null ) {
-			input.reset();
-			return null;
-		}
-		
-		// if this is not an encoded character, return null
-		if (first != '\\' ) {
-			input.reset();
-			return null;
-		}
-
-		Character second = input.next();
-		if ( second == null ) {
-			input.reset();
-			return null;
-		}
-		
-		// \0 collides with the octal decoder and is non-standard
-		// if ( second.charValue() == '0' ) {
-		//	return Character.valueOf( (char)0x00 );
-		if (second == 'b' ) {
-			return 0x08;
-		} else if (second == 't' ) {
-			return 0x09;
-		} else if (second == 'n' ) {
-			return 0x0a;
-		} else if (second == 'v' ) {
-			return 0x0b;
-		} else if (second == 'f' ) {
-			return 0x0c;
-		} else if (second == 'r' ) {
-			return 0x0d;
-		} else if (second == '\"' ) {
-			return 0x22;
-		} else if (second == '\'' ) {
-			return 0x27;
-		} else if (second == '\\' ) {
-			return 0x5c;
-			
-		// look for \\xXX format
-		} else if ( Character.toLowerCase( second.charValue() ) == 'x' ) {
-			// Search for exactly 2 hex digits following
-			StringBuilder sb = new StringBuilder();
-			for ( int i=0; i<2; i++ ) {
-				Character c = input.nextHex();
-				if ( c != null ) sb.append( c );
-				else {
-					input.reset();
-					return null;
-				}
-			}
-			try {
-				// parse the hex digit and create a character
-				int i = Integer.parseInt(sb.toString(), 16);
-                if (Character.isValidCodePoint(i)) {
-                    return (char) i;
-                }
-			} catch( NumberFormatException e ) {
-				// throw an exception for malformed entity?
-				input.reset();
-				return null;
-			}
-			
-		// look for \\uXXXX format
-		} else if ( Character.toLowerCase( second.charValue() ) == 'u') {
-			// Search for exactly 4 hex digits following
-			StringBuilder sb = new StringBuilder();
-			for ( int i=0; i<4; i++ ) {
-				Character c = input.nextHex();
-				if ( c != null ) sb.append( c );
-				else {
-					input.reset();
-					return null;
-				}
-			}
-			try {
-				// parse the hex string and create a character
-				int i = Integer.parseInt(sb.toString(), 16);
-                if (Character.isValidCodePoint(i)) {
-                    return (char) i;
-                }
-			} catch( NumberFormatException e ) {
-				// throw an exception for malformed entity?
-				input.reset();
-				return null;
-			}
-			
-		// look for one, two, or three octal digits
-		} else if ( PushbackString.isOctalDigit(second) ) {
-			StringBuilder sb = new StringBuilder();
-            // get digit 1
-            sb.append(second);
-            
-            // get digit 2 if present
-            Character c2 = input.next();
-            if ( !PushbackString.isOctalDigit(c2) ) {
-            	input.pushback( c2 );
-            } else {
-            	sb.append( c2 );
-	            // get digit 3 if present
-	            Character c3 = input.next();
-	            if ( !PushbackString.isOctalDigit(c3) ) {
-	            	input.pushback( c3 );
-	            } else {
-	            	sb.append( c3 );
-	            }
-            }
-			try {
-				// parse the octal string and create a character
-				int i = Integer.parseInt(sb.toString(), 8);
-                if (Character.isValidCodePoint(i)) {
-                    return (char) i;
-                }
-			} catch( NumberFormatException e ) {
-				// throw an exception for malformed entity?
-				input.reset();
-				return null;
-			}
-		}
-		
-		// ignore the backslash and return the character
-		return second;
-	}
-
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.codecs;
+
+
+/**
+ * Implementation of the Codec interface for backslash encoding in JavaScript.
+ * 
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ * @see org.owasp.esapi.Encoder
+ */
+public class JavaScriptCodec extends Codec {
+
+
+	/**
+	 * {@inheritDoc}
+	 * 
+	 * Returns backslash encoded numeric format. Does not use backslash character escapes
+	 * such as, \" or \' as these may cause parsing problems. For example, if a javascript
+	 * attribute, such as onmouseover, contains a \" that will close the entire attribute and
+	 * allow an attacker to inject another script attribute.
+     *
+     * @param immune
+     */
+	public String encodeCharacter( char[] immune, Character c ) {
+
+		// check for immune characters
+		if ( containsCharacter(c, immune ) ) {
+			return ""+c;
+		}
+		
+		// check for alphanumeric characters
+		String hex = Codec.getHexForNonAlphanumeric(c);
+		if ( hex == null ) {
+			return ""+c;
+		}
+				
+		// Do not use these shortcuts as they can be used to break out of a context
+		// if ( ch == 0x00 ) return "\\0";
+		// if ( ch == 0x08 ) return "\\b";
+		// if ( ch == 0x09 ) return "\\t";
+		// if ( ch == 0x0a ) return "\\n";
+		// if ( ch == 0x0b ) return "\\v";
+		// if ( ch == 0x0c ) return "\\f";
+		// if ( ch == 0x0d ) return "\\r";
+		// if ( ch == 0x22 ) return "\\\"";
+		// if ( ch == 0x27 ) return "\\'";
+		// if ( ch == 0x5c ) return "\\\\";
+
+		// encode up to 256 with \\xHH
+        String temp = Integer.toHexString(c);
+		if ( c < 256 ) {
+	        String pad = "00".substring(temp.length() );
+	        return "\\x" + pad + temp.toUpperCase();
+		}
+
+		// otherwise encode with \\uHHHH
+        String pad = "0000".substring(temp.length() );
+        return "\\u" + pad + temp.toUpperCase();
+	}
+
+	
+	/**
+	 * {@inheritDoc}
+	 * 
+	 * Returns the decoded version of the character starting at index, or
+	 * null if no decoding is possible.
+	 * See http://www.planetpdf.com/codecuts/pdfs/tutorial/jsspec.pdf 
+	 * Formats all are legal both upper/lower case:
+	 *   \\a - special characters
+	 *   \\xHH
+	 *   \\uHHHH
+	 *   \\OOO (1, 2, or 3 digits)
+	 */
+	public Character decodeCharacter( PushbackString input ) {
+		input.mark();
+		Character first = input.next();
+		if ( first == null ) {
+			input.reset();
+			return null;
+		}
+		
+		// if this is not an encoded character, return null
+		if (first != '\\' ) {
+			input.reset();
+			return null;
+		}
+
+		Character second = input.next();
+		if ( second == null ) {
+			input.reset();
+			return null;
+		}
+		
+		// \0 collides with the octal decoder and is non-standard
+		// if ( second.charValue() == '0' ) {
+		//	return Character.valueOf( (char)0x00 );
+		if (second == 'b' ) {
+			return 0x08;
+		} else if (second == 't' ) {
+			return 0x09;
+		} else if (second == 'n' ) {
+			return 0x0a;
+		} else if (second == 'v' ) {
+			return 0x0b;
+		} else if (second == 'f' ) {
+			return 0x0c;
+		} else if (second == 'r' ) {
+			return 0x0d;
+		} else if (second == '\"' ) {
+			return 0x22;
+		} else if (second == '\'' ) {
+			return 0x27;
+		} else if (second == '\\' ) {
+			return 0x5c;
+			
+		// look for \\xXX format
+		} else if ( Character.toLowerCase( second.charValue() ) == 'x' ) {
+			// Search for exactly 2 hex digits following
+			StringBuilder sb = new StringBuilder();
+			for ( int i=0; i<2; i++ ) {
+				Character c = input.nextHex();
+				if ( c != null ) sb.append( c );
+				else {
+					input.reset();
+					return null;
+				}
+			}
+			try {
+				// parse the hex digit and create a character
+				int i = Integer.parseInt(sb.toString(), 16);
+                if (Character.isValidCodePoint(i)) {
+                    return (char) i;
+                }
+			} catch( NumberFormatException e ) {
+				// throw an exception for malformed entity?
+				input.reset();
+				return null;
+			}
+			
+		// look for \\uXXXX format
+		} else if ( Character.toLowerCase( second.charValue() ) == 'u') {
+			// Search for exactly 4 hex digits following
+			StringBuilder sb = new StringBuilder();
+			for ( int i=0; i<4; i++ ) {
+				Character c = input.nextHex();
+				if ( c != null ) sb.append( c );
+				else {
+					input.reset();
+					return null;
+				}
+			}
+			try {
+				// parse the hex string and create a character
+				int i = Integer.parseInt(sb.toString(), 16);
+                if (Character.isValidCodePoint(i)) {
+                    return (char) i;
+                }
+			} catch( NumberFormatException e ) {
+				// throw an exception for malformed entity?
+				input.reset();
+				return null;
+			}
+			
+		// look for one, two, or three octal digits
+		} else if ( PushbackString.isOctalDigit(second) ) {
+			StringBuilder sb = new StringBuilder();
+            // get digit 1
+            sb.append(second);
+            
+            // get digit 2 if present
+            Character c2 = input.next();
+            if ( !PushbackString.isOctalDigit(c2) ) {
+            	input.pushback( c2 );
+            } else {
+            	sb.append( c2 );
+	            // get digit 3 if present
+	            Character c3 = input.next();
+	            if ( !PushbackString.isOctalDigit(c3) ) {
+	            	input.pushback( c3 );
+	            } else {
+	            	sb.append( c3 );
+	            }
+            }
+			try {
+				// parse the octal string and create a character
+				int i = Integer.parseInt(sb.toString(), 8);
+                if (Character.isValidCodePoint(i)) {
+                    return (char) i;
+                }
+			} catch( NumberFormatException e ) {
+				// throw an exception for malformed entity?
+				input.reset();
+				return null;
+			}
+		}
+		
+		// ignore the backslash and return the character
+		return second;
+	}
+
 }
\ No newline at end of file

From eae6bba8583221ea4eee72f26fdae0a0c68c2430 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:48 -0500
Subject: [PATCH 097/812] Change CRLF to LF for issue 356.

---
 .../org/owasp/esapi/codecs/MySQLCodec.java    | 526 +++++++++---------
 1 file changed, 263 insertions(+), 263 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/codecs/MySQLCodec.java b/src/main/java/org/owasp/esapi/codecs/MySQLCodec.java
index 01db4faf5..7d2aacbaa 100644
--- a/src/main/java/org/owasp/esapi/codecs/MySQLCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/MySQLCodec.java
@@ -1,264 +1,264 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.codecs;
-
-
-
-/**
- * Implementation of the Codec interface for MySQL strings. See http://mirror.yandex.ru/mirrors/ftp.mysql.com/doc/refman/5.0/en/string-syntax.html
- * for more information.
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- * @see org.owasp.esapi.Encoder
- */
-public class MySQLCodec extends Codec {
-    /**
-     * Specifies the SQL Mode the target MySQL Server is running with. For details about MySQL Server Modes
-     * please see the Manual at {@link http://dev.mysql.com/doc/refman/5.0/en/server-sql-mode.html#sqlmode_ansi}
-     *
-     * Currently the only supported modes are:
-     * ANSI
-     * STANDARD
-     */
-    public static enum Mode {
-        ANSI(1),STANDARD(0);
-
-        private int key;
-        private Mode(int key) { this.key = key; }
-
-        static Mode findByKey(int key) {
-            for ( Mode m : values() ) {
-                if ( m.key == key )
-                    return m;
-            }
-            return null;
-        }
-    }
-
-    /** Target MySQL Server is running in Standard MySQL (Default) mode. */
-    public static final int MYSQL_MODE = 0;
-    /** Target MySQL Server is running in {@link "http://dev.mysql.com/doc/refman/5.0/en/ansi-mode.html"} ANSI Mode */
-    public static final int ANSI_MODE = 1;
-	
-	//private int mode = 0;
-    private Mode mode;
-	
-	/**
-	 * Instantiate the MySQL codec
-	 * 
-	 * @param mode
-	 * 			Mode has to be one of {MYSQL_MODE|ANSI_MODE} to allow correct encoding
-     * @deprecated
-     * @see #MySQLCodec(org.owasp.esapi.codecs.MySQLCodec.Mode)
-	 */
-	public MySQLCodec( int mode ) {
-		this.mode = Mode.findByKey(mode);
-	}
-
-    /**
-     * Instantiate the MySQL Codec with the given SQL {@link Mode}.
-     * @param mode The mode the target server is running in
-     */
-    public MySQLCodec( Mode mode ) {
-        this.mode = mode;
-    }
-
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * Returns quote-encoded character
-     *
-     * @param immune
-     */
-	public String encodeCharacter( char[] immune, Character c ) {
-		char ch = c.charValue();
-		
-		// check for immune characters
-		if ( containsCharacter( ch, immune ) ) {
-			return ""+ch;
-		}
-		
-		// check for alphanumeric characters
-		String hex = Codec.getHexForNonAlphanumeric( ch );
-		if ( hex == null ) {
-			return ""+ch;
-		}
-		
-		switch( mode ) {
-			case ANSI: return encodeCharacterANSI( c );
-			case STANDARD: return encodeCharacterMySQL( c );
-		}
-		return null;
-	}
-	
-	/**
-	 * encodeCharacterANSI encodes for ANSI SQL. 
-	 * 
-	 * Apostrophe is encoded
-     *
-     * Bug ###: In ANSI Mode Strings can also be passed in using the quotation. In ANSI_QUOTES mode a quotation
-     * is considered to be an identifier, thus cannot be used at all in a value and will be dropped completely.
-	 * 
-	 * @param c 
-	 * 			character to encode
-	 * @return
-	 * 			String encoded to standards of MySQL running in ANSI mode
-	 */
-	private String encodeCharacterANSI( Character c ) {
-		if ( c == '\'' )
-        	return "\'\'";
-        if ( c == '\"' )
-            return "";
-        return ""+c;
-	}
-
-	/**
-	 * Encode a character suitable for MySQL
-	 * 
-	 * @param c
-	 * 			Character to encode
-	 * @return
-	 * 			Encoded Character
-	 */
-	private String encodeCharacterMySQL( Character c ) {
-		char ch = c.charValue();
-		if ( ch == 0x00 ) return "\\0";
-		if ( ch == 0x08 ) return "\\b";
-		if ( ch == 0x09 ) return "\\t";
-		if ( ch == 0x0a ) return "\\n";
-		if ( ch == 0x0d ) return "\\r";
-		if ( ch == 0x1a ) return "\\Z";
-		if ( ch == 0x22 ) return "\\\"";
-		if ( ch == 0x25 ) return "\\%";
-		if ( ch == 0x27 ) return "\\'";
-		if ( ch == 0x5c ) return "\\\\";
-		if ( ch == 0x5f ) return "\\_";
-	    return "\\" + c;
-	}
-	
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * Returns the decoded version of the character starting at index, or
-	 * null if no decoding is possible.
-	 * 
-	 * Formats all are legal (case sensitive)
-	 *   In ANSI_MODE '' decodes to '
-	 *   In MYSQL_MODE \x decodes to x (or a small list of specials)
-	 */
-	public Character decodeCharacter( PushbackString input ) {
-		switch( mode ) {
-			case ANSI: return decodeCharacterANSI( input );
-			case STANDARD: return decodeCharacterMySQL( input );
-		}
-		return null;
-	}
-
-	/**
-	 * decodeCharacterANSI decodes the next character from ANSI SQL escaping
-	 *  
-	 * @param input
-	 * 			A PushBackString containing characters you'd like decoded
-	 * @return
-	 * 			A single character, decoded
-	 */
-	private Character decodeCharacterANSI( PushbackString input ) {
-		input.mark();
-		Character first = input.next();
-		if ( first == null ) {
-			input.reset();
-			return null;
-		}
-		
-		// if this is not an encoded character, return null
-		if ( first.charValue() != '\'' ) {
-			input.reset();
-			return null;
-		}
-
-		Character second = input.next();
-		if ( second == null ) {
-			input.reset();
-			return null;
-		}
-		
-		// if this is not an encoded character, return null
-		if ( second.charValue() != '\'' ) {
-			input.reset();
-			return null;
-		}
-		return( Character.valueOf( '\'' ) );
-	}
-
-	/**
-	 * decodeCharacterMySQL decodes all the potential escaped characters that MySQL is prepared to escape
-	 * 
-	 * @param input
-	 * 			A string you'd like to be decoded
-	 * @return
-	 * 			A single character from that string, decoded.
-	 */
-	private Character decodeCharacterMySQL( PushbackString input ) {
-		input.mark();
-		Character first = input.next();
-		if ( first == null ) {
-			input.reset();
-			return null;
-		}
-		
-		// if this is not an encoded character, return null
-		if ( first.charValue() != '\\' ) {
-			input.reset();
-			return null;
-		}
-
-		Character second = input.next();
-		if ( second == null ) {
-			input.reset();
-			return null;
-		}
-		
-		if ( second.charValue() == '0' ) {
-			return Character.valueOf( (char)0x00 );
-		} else if ( second.charValue() == 'b' ) {
-			return Character.valueOf( (char)0x08 );
-		} else if ( second.charValue() == 't' ) {
-			return Character.valueOf( (char)0x09 );
-		} else if ( second.charValue() == 'n' ) {
-			return Character.valueOf( (char)0x0a );
-		} else if ( second.charValue() == 'r' ) {
-			return Character.valueOf( (char)0x0d );
-		} else if ( second.charValue() == 'z' ) {
-			return Character.valueOf( (char)0x1a );
-		} else if ( second.charValue() == '\"' ) {
-			return Character.valueOf( (char)0x22 );
-		} else if ( second.charValue() == '%' ) {
-			return Character.valueOf( (char)0x25 );
-		} else if ( second.charValue() == '\'' ) {
-			return Character.valueOf( (char)0x27 );
-		} else if ( second.charValue() == '\\' ) {
-			return Character.valueOf( (char)0x5c );
-		} else if ( second.charValue() == '_' ) {
-			return Character.valueOf( (char)0x5f );
-		} else {
-			return second;
-		}
-	}
-
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.codecs;
+
+
+
+/**
+ * Implementation of the Codec interface for MySQL strings. See http://mirror.yandex.ru/mirrors/ftp.mysql.com/doc/refman/5.0/en/string-syntax.html
+ * for more information.
+ * 
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ * @see org.owasp.esapi.Encoder
+ */
+public class MySQLCodec extends Codec {
+    /**
+     * Specifies the SQL Mode the target MySQL Server is running with. For details about MySQL Server Modes
+     * please see the Manual at {@link http://dev.mysql.com/doc/refman/5.0/en/server-sql-mode.html#sqlmode_ansi}
+     *
+     * Currently the only supported modes are:
+     * ANSI
+     * STANDARD
+     */
+    public static enum Mode {
+        ANSI(1),STANDARD(0);
+
+        private int key;
+        private Mode(int key) { this.key = key; }
+
+        static Mode findByKey(int key) {
+            for ( Mode m : values() ) {
+                if ( m.key == key )
+                    return m;
+            }
+            return null;
+        }
+    }
+
+    /** Target MySQL Server is running in Standard MySQL (Default) mode. */
+    public static final int MYSQL_MODE = 0;
+    /** Target MySQL Server is running in {@link "http://dev.mysql.com/doc/refman/5.0/en/ansi-mode.html"} ANSI Mode */
+    public static final int ANSI_MODE = 1;
+	
+	//private int mode = 0;
+    private Mode mode;
+	
+	/**
+	 * Instantiate the MySQL codec
+	 * 
+	 * @param mode
+	 * 			Mode has to be one of {MYSQL_MODE|ANSI_MODE} to allow correct encoding
+     * @deprecated
+     * @see #MySQLCodec(org.owasp.esapi.codecs.MySQLCodec.Mode)
+	 */
+	public MySQLCodec( int mode ) {
+		this.mode = Mode.findByKey(mode);
+	}
+
+    /**
+     * Instantiate the MySQL Codec with the given SQL {@link Mode}.
+     * @param mode The mode the target server is running in
+     */
+    public MySQLCodec( Mode mode ) {
+        this.mode = mode;
+    }
+
+
+	/**
+	 * {@inheritDoc}
+	 * 
+	 * Returns quote-encoded character
+     *
+     * @param immune
+     */
+	public String encodeCharacter( char[] immune, Character c ) {
+		char ch = c.charValue();
+		
+		// check for immune characters
+		if ( containsCharacter( ch, immune ) ) {
+			return ""+ch;
+		}
+		
+		// check for alphanumeric characters
+		String hex = Codec.getHexForNonAlphanumeric( ch );
+		if ( hex == null ) {
+			return ""+ch;
+		}
+		
+		switch( mode ) {
+			case ANSI: return encodeCharacterANSI( c );
+			case STANDARD: return encodeCharacterMySQL( c );
+		}
+		return null;
+	}
+	
+	/**
+	 * encodeCharacterANSI encodes for ANSI SQL. 
+	 * 
+	 * Apostrophe is encoded
+     *
+     * Bug ###: In ANSI Mode Strings can also be passed in using the quotation. In ANSI_QUOTES mode a quotation
+     * is considered to be an identifier, thus cannot be used at all in a value and will be dropped completely.
+	 * 
+	 * @param c 
+	 * 			character to encode
+	 * @return
+	 * 			String encoded to standards of MySQL running in ANSI mode
+	 */
+	private String encodeCharacterANSI( Character c ) {
+		if ( c == '\'' )
+        	return "\'\'";
+        if ( c == '\"' )
+            return "";
+        return ""+c;
+	}
+
+	/**
+	 * Encode a character suitable for MySQL
+	 * 
+	 * @param c
+	 * 			Character to encode
+	 * @return
+	 * 			Encoded Character
+	 */
+	private String encodeCharacterMySQL( Character c ) {
+		char ch = c.charValue();
+		if ( ch == 0x00 ) return "\\0";
+		if ( ch == 0x08 ) return "\\b";
+		if ( ch == 0x09 ) return "\\t";
+		if ( ch == 0x0a ) return "\\n";
+		if ( ch == 0x0d ) return "\\r";
+		if ( ch == 0x1a ) return "\\Z";
+		if ( ch == 0x22 ) return "\\\"";
+		if ( ch == 0x25 ) return "\\%";
+		if ( ch == 0x27 ) return "\\'";
+		if ( ch == 0x5c ) return "\\\\";
+		if ( ch == 0x5f ) return "\\_";
+	    return "\\" + c;
+	}
+	
+	/**
+	 * {@inheritDoc}
+	 * 
+	 * Returns the decoded version of the character starting at index, or
+	 * null if no decoding is possible.
+	 * 
+	 * Formats all are legal (case sensitive)
+	 *   In ANSI_MODE '' decodes to '
+	 *   In MYSQL_MODE \x decodes to x (or a small list of specials)
+	 */
+	public Character decodeCharacter( PushbackString input ) {
+		switch( mode ) {
+			case ANSI: return decodeCharacterANSI( input );
+			case STANDARD: return decodeCharacterMySQL( input );
+		}
+		return null;
+	}
+
+	/**
+	 * decodeCharacterANSI decodes the next character from ANSI SQL escaping
+	 *  
+	 * @param input
+	 * 			A PushBackString containing characters you'd like decoded
+	 * @return
+	 * 			A single character, decoded
+	 */
+	private Character decodeCharacterANSI( PushbackString input ) {
+		input.mark();
+		Character first = input.next();
+		if ( first == null ) {
+			input.reset();
+			return null;
+		}
+		
+		// if this is not an encoded character, return null
+		if ( first.charValue() != '\'' ) {
+			input.reset();
+			return null;
+		}
+
+		Character second = input.next();
+		if ( second == null ) {
+			input.reset();
+			return null;
+		}
+		
+		// if this is not an encoded character, return null
+		if ( second.charValue() != '\'' ) {
+			input.reset();
+			return null;
+		}
+		return( Character.valueOf( '\'' ) );
+	}
+
+	/**
+	 * decodeCharacterMySQL decodes all the potential escaped characters that MySQL is prepared to escape
+	 * 
+	 * @param input
+	 * 			A string you'd like to be decoded
+	 * @return
+	 * 			A single character from that string, decoded.
+	 */
+	private Character decodeCharacterMySQL( PushbackString input ) {
+		input.mark();
+		Character first = input.next();
+		if ( first == null ) {
+			input.reset();
+			return null;
+		}
+		
+		// if this is not an encoded character, return null
+		if ( first.charValue() != '\\' ) {
+			input.reset();
+			return null;
+		}
+
+		Character second = input.next();
+		if ( second == null ) {
+			input.reset();
+			return null;
+		}
+		
+		if ( second.charValue() == '0' ) {
+			return Character.valueOf( (char)0x00 );
+		} else if ( second.charValue() == 'b' ) {
+			return Character.valueOf( (char)0x08 );
+		} else if ( second.charValue() == 't' ) {
+			return Character.valueOf( (char)0x09 );
+		} else if ( second.charValue() == 'n' ) {
+			return Character.valueOf( (char)0x0a );
+		} else if ( second.charValue() == 'r' ) {
+			return Character.valueOf( (char)0x0d );
+		} else if ( second.charValue() == 'z' ) {
+			return Character.valueOf( (char)0x1a );
+		} else if ( second.charValue() == '\"' ) {
+			return Character.valueOf( (char)0x22 );
+		} else if ( second.charValue() == '%' ) {
+			return Character.valueOf( (char)0x25 );
+		} else if ( second.charValue() == '\'' ) {
+			return Character.valueOf( (char)0x27 );
+		} else if ( second.charValue() == '\\' ) {
+			return Character.valueOf( (char)0x5c );
+		} else if ( second.charValue() == '_' ) {
+			return Character.valueOf( (char)0x5f );
+		} else {
+			return second;
+		}
+	}
+
 }
\ No newline at end of file

From 0911b97f567a804d15c3b537e6d208abc747a364 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:48 -0500
Subject: [PATCH 098/812] Change CRLF to LF for issue 356.

---
 .../org/owasp/esapi/codecs/OracleCodec.java   | 178 +++++++++---------
 1 file changed, 89 insertions(+), 89 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/codecs/OracleCodec.java b/src/main/java/org/owasp/esapi/codecs/OracleCodec.java
index 953fece04..540920d24 100644
--- a/src/main/java/org/owasp/esapi/codecs/OracleCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/OracleCodec.java
@@ -1,90 +1,90 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- *
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- *
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- *
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.codecs;
-
-
-
-/**
- * Implementation of the Codec interface for Oracle strings. This function will only protect you from SQLi in the case of user data
- * bring placed within an Oracle quoted string such as:
- * 
- * select * from table where user_name='  USERDATA    ';
- * 
- * @see <a href="http://oraqa.com/2006/03/20/how-to-escape-single-quotes-in-strings/">how-to-escape-single-quotes-in-strings</a>
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @author Jim Manico (jim@manico.net) <a href="http://www.manico.net">Manico.net</a>
- * @since June 1, 2007
- * @see org.owasp.esapi.Encoder
- */
-public class OracleCodec extends Codec {
-
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * Encodes ' to ''
-     *
-	 * Encodes ' to ''
-     *
-     * @param immune
-     */
-	public String encodeCharacter( char[] immune, Character c ) {
-		if ( c.charValue() == '\'' )
-        	return "\'\'";
-        return ""+c;
-	}
-	
-
-
-	/**
-	 * {@inheritDoc}
-	 *
-	 * Returns the decoded version of the character starting at index, or
-	 * null if no decoding is possible.
-	 *
-	 * Formats all are legal
-	 *   '' decodes to '
-	 */
-	public Character decodeCharacter( PushbackString input ) {
-		input.mark();
-		Character first = input.next();
-		if ( first == null ) {
-			input.reset();
-			return null;
-		}
-
-		// if this is not an encoded character, return null
-		if ( first.charValue() != '\'' ) {
-			input.reset();
-			return null;
-		}
-
-		Character second = input.next();
-		if ( second == null ) {
-			input.reset();
-			return null;
-		}
-		
-		// if this is not an encoded character, return null
-		if ( second.charValue() != '\'' ) {
-			input.reset();
-			return null;
-		}
-		return( Character.valueOf( '\'' ) );
-	}
-
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.codecs;
+
+
+
+/**
+ * Implementation of the Codec interface for Oracle strings. This function will only protect you from SQLi in the case of user data
+ * bring placed within an Oracle quoted string such as:
+ * 
+ * select * from table where user_name='  USERDATA    ';
+ * 
+ * @see <a href="http://oraqa.com/2006/03/20/how-to-escape-single-quotes-in-strings/">how-to-escape-single-quotes-in-strings</a>
+ * 
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author Jim Manico (jim@manico.net) <a href="http://www.manico.net">Manico.net</a>
+ * @since June 1, 2007
+ * @see org.owasp.esapi.Encoder
+ */
+public class OracleCodec extends Codec {
+
+
+	/**
+	 * {@inheritDoc}
+	 * 
+	 * Encodes ' to ''
+     *
+	 * Encodes ' to ''
+     *
+     * @param immune
+     */
+	public String encodeCharacter( char[] immune, Character c ) {
+		if ( c.charValue() == '\'' )
+        	return "\'\'";
+        return ""+c;
+	}
+	
+
+
+	/**
+	 * {@inheritDoc}
+	 *
+	 * Returns the decoded version of the character starting at index, or
+	 * null if no decoding is possible.
+	 *
+	 * Formats all are legal
+	 *   '' decodes to '
+	 */
+	public Character decodeCharacter( PushbackString input ) {
+		input.mark();
+		Character first = input.next();
+		if ( first == null ) {
+			input.reset();
+			return null;
+		}
+
+		// if this is not an encoded character, return null
+		if ( first.charValue() != '\'' ) {
+			input.reset();
+			return null;
+		}
+
+		Character second = input.next();
+		if ( second == null ) {
+			input.reset();
+			return null;
+		}
+		
+		// if this is not an encoded character, return null
+		if ( second.charValue() != '\'' ) {
+			input.reset();
+			return null;
+		}
+		return( Character.valueOf( '\'' ) );
+	}
+
 }
\ No newline at end of file

From 6fa2265647a8b56f86f39c55c118234d79c24ac3 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:48 -0500
Subject: [PATCH 099/812] Change CRLF to LF for issue 356.

---
 .../org/owasp/esapi/codecs/PercentCodec.java  | 308 +++++++++---------
 1 file changed, 154 insertions(+), 154 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/codecs/PercentCodec.java b/src/main/java/org/owasp/esapi/codecs/PercentCodec.java
index 307da471a..3d1e76a86 100644
--- a/src/main/java/org/owasp/esapi/codecs/PercentCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/PercentCodec.java
@@ -1,154 +1,154 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.codecs;
-
-import java.io.UnsupportedEncodingException;
-import java.util.Set;
-
-import org.owasp.esapi.util.CollectionsUtil;
-
-/**
- * Implementation of the Codec interface for percent encoding (aka URL encoding).
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- * @see org.owasp.esapi.Encoder
- */
-public class PercentCodec extends Codec
-{
-	private static final String ALPHA_NUMERIC_STR = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
-	@SuppressWarnings("unused")
-	private static final String RFC3986_RESERVED_STR = ":/?#[]@!$&'()*+,;=";
-	private static final String RFC3986_NON_ALPHANUMERIC_UNRESERVED_STR = "-._~";
-		// rfc3986 2.3: For consistency, percent-encoded octets
-		// in the ranges of ALPHA (%41-%5A and %61-%7A), DIGIT
-		// (%30-%39), hyphen (%2D), period (%2E), underscore
-		// (%5F), or tilde (%7E) should not be created by URI
-		// producers
-	private static final boolean ENCODED_NON_ALPHA_NUMERIC_UNRESERVED = true;
-	private static final String UNENCODED_STR = ALPHA_NUMERIC_STR +
-		(ENCODED_NON_ALPHA_NUMERIC_UNRESERVED ? "" : RFC3986_NON_ALPHANUMERIC_UNRESERVED_STR);
-	private static final Set<Character> UNENCODED_SET = CollectionsUtil.strToUnmodifiableSet(UNENCODED_STR);
-
-	/**
-	 * Convinence method to encode a string into UTF-8. This
-	 * wraps the {@link UnsupportedEncodingException} that
-	 * {@link String#getBytes(String)} throws in a
-	 * {@link IllegalStateException} as UTF-8 support is required
-	 * by the Java spec and should never throw this exception.
-	 * @param str the string to encode
-	 * @return str encoded in UTF-8 as bytes.
-	 * @throws IllegalStateException wrapped {@link
-	 *	UnsupportedEncodingException} if
-	 *	{@link String.getBytes(String)} throws it.
-	 */
-	private static byte[] toUtf8Bytes(String str)
-	{
-		try
-		{
-			return str.getBytes("UTF-8");
-		}
-		catch(UnsupportedEncodingException e)
-		{
-			throw new IllegalStateException("The Java spec requires UTF-8 support.", e);
-		}
-	}
-
-	/**
-	 * Append the two upper case hex characters for a byte.
-	 * @param sb The string buffer to append to.
-	 * @param b The byte to hexify
-	 * @return sb with the hex characters appended.
-	 */
-	// rfc3986 2.1: For consistency, URI producers 
-	// should use uppercase hexadecimal digits for all percent-
-	// encodings.
-	private static StringBuilder appendTwoUpperHex(StringBuilder sb, int b)
-	{
-		if(b < Byte.MIN_VALUE || b > Byte.MAX_VALUE)
-			throw new IllegalArgumentException("b is not a byte (was " + b + ')');
-		b &= 0xFF;
-		if(b<0x10)
-			sb.append('0');
-		return sb.append(Integer.toHexString(b).toUpperCase());
-	}
-
-	/**
-	 * Encode a character for URLs
-	 * @param immune characters not to encode
-	 * @param c character to encode
-	 * @return the encoded string representing c
-	 */
-	public String encodeCharacter( char[] immune, Character c )
-	{
-		String cStr = String.valueOf(c.charValue());
-		byte[] bytes;
-		StringBuilder sb;
-
-		if(UNENCODED_SET.contains(c))
-			return cStr;
-
-		bytes = toUtf8Bytes(cStr);
-		sb = new StringBuilder(bytes.length * 3);
-		for(byte b : bytes)
-			appendTwoUpperHex(sb.append('%'), b);
-		return sb.toString();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * Formats all are legal both upper/lower case:
-	 *   %hh;
-	 *   
-	 * @param input
-	 * 			encoded character using percent characters (such as URL encoding)
-	 */
-	public Character decodeCharacter( PushbackString input ) {
-		input.mark();
-		Character first = input.next();
-		if ( first == null ) {
-			input.reset();
-			return null;
-		}
-
-		// if this is not an encoded character, return null
-		if (first != '%' ) {
-			input.reset();
-			return null;
-		}
-
-		// Search for exactly 2 hex digits following
-		StringBuilder sb = new StringBuilder();
-		for ( int i=0; i<2; i++ ) {
-			Character c = input.nextHex();
-			if ( c != null ) sb.append( c );
-		}
-		if ( sb.length() == 2 ) {
-			try {
-				// parse the hex digit and create a character
-				int i = Integer.parseInt(sb.toString(), 16);
-				if (Character.isValidCodePoint(i)) {
-					return (char) i;
-				}
-			} catch( NumberFormatException ignored ) { }
-		}
-		input.reset();
-		return null;
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.codecs;
+
+import java.io.UnsupportedEncodingException;
+import java.util.Set;
+
+import org.owasp.esapi.util.CollectionsUtil;
+
+/**
+ * Implementation of the Codec interface for percent encoding (aka URL encoding).
+ * 
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ * @see org.owasp.esapi.Encoder
+ */
+public class PercentCodec extends Codec
+{
+	private static final String ALPHA_NUMERIC_STR = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
+	@SuppressWarnings("unused")
+	private static final String RFC3986_RESERVED_STR = ":/?#[]@!$&'()*+,;=";
+	private static final String RFC3986_NON_ALPHANUMERIC_UNRESERVED_STR = "-._~";
+		// rfc3986 2.3: For consistency, percent-encoded octets
+		// in the ranges of ALPHA (%41-%5A and %61-%7A), DIGIT
+		// (%30-%39), hyphen (%2D), period (%2E), underscore
+		// (%5F), or tilde (%7E) should not be created by URI
+		// producers
+	private static final boolean ENCODED_NON_ALPHA_NUMERIC_UNRESERVED = true;
+	private static final String UNENCODED_STR = ALPHA_NUMERIC_STR +
+		(ENCODED_NON_ALPHA_NUMERIC_UNRESERVED ? "" : RFC3986_NON_ALPHANUMERIC_UNRESERVED_STR);
+	private static final Set<Character> UNENCODED_SET = CollectionsUtil.strToUnmodifiableSet(UNENCODED_STR);
+
+	/**
+	 * Convinence method to encode a string into UTF-8. This
+	 * wraps the {@link UnsupportedEncodingException} that
+	 * {@link String#getBytes(String)} throws in a
+	 * {@link IllegalStateException} as UTF-8 support is required
+	 * by the Java spec and should never throw this exception.
+	 * @param str the string to encode
+	 * @return str encoded in UTF-8 as bytes.
+	 * @throws IllegalStateException wrapped {@link
+	 *	UnsupportedEncodingException} if
+	 *	{@link String.getBytes(String)} throws it.
+	 */
+	private static byte[] toUtf8Bytes(String str)
+	{
+		try
+		{
+			return str.getBytes("UTF-8");
+		}
+		catch(UnsupportedEncodingException e)
+		{
+			throw new IllegalStateException("The Java spec requires UTF-8 support.", e);
+		}
+	}
+
+	/**
+	 * Append the two upper case hex characters for a byte.
+	 * @param sb The string buffer to append to.
+	 * @param b The byte to hexify
+	 * @return sb with the hex characters appended.
+	 */
+	// rfc3986 2.1: For consistency, URI producers 
+	// should use uppercase hexadecimal digits for all percent-
+	// encodings.
+	private static StringBuilder appendTwoUpperHex(StringBuilder sb, int b)
+	{
+		if(b < Byte.MIN_VALUE || b > Byte.MAX_VALUE)
+			throw new IllegalArgumentException("b is not a byte (was " + b + ')');
+		b &= 0xFF;
+		if(b<0x10)
+			sb.append('0');
+		return sb.append(Integer.toHexString(b).toUpperCase());
+	}
+
+	/**
+	 * Encode a character for URLs
+	 * @param immune characters not to encode
+	 * @param c character to encode
+	 * @return the encoded string representing c
+	 */
+	public String encodeCharacter( char[] immune, Character c )
+	{
+		String cStr = String.valueOf(c.charValue());
+		byte[] bytes;
+		StringBuilder sb;
+
+		if(UNENCODED_SET.contains(c))
+			return cStr;
+
+		bytes = toUtf8Bytes(cStr);
+		sb = new StringBuilder(bytes.length * 3);
+		for(byte b : bytes)
+			appendTwoUpperHex(sb.append('%'), b);
+		return sb.toString();
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * 
+	 * Formats all are legal both upper/lower case:
+	 *   %hh;
+	 *   
+	 * @param input
+	 * 			encoded character using percent characters (such as URL encoding)
+	 */
+	public Character decodeCharacter( PushbackString input ) {
+		input.mark();
+		Character first = input.next();
+		if ( first == null ) {
+			input.reset();
+			return null;
+		}
+
+		// if this is not an encoded character, return null
+		if (first != '%' ) {
+			input.reset();
+			return null;
+		}
+
+		// Search for exactly 2 hex digits following
+		StringBuilder sb = new StringBuilder();
+		for ( int i=0; i<2; i++ ) {
+			Character c = input.nextHex();
+			if ( c != null ) sb.append( c );
+		}
+		if ( sb.length() == 2 ) {
+			try {
+				// parse the hex digit and create a character
+				int i = Integer.parseInt(sb.toString(), 16);
+				if (Character.isValidCodePoint(i)) {
+					return (char) i;
+				}
+			} catch( NumberFormatException ignored ) { }
+		}
+		input.reset();
+		return null;
+	}
+
+}

From 327964c8b1433a959c534b7507cefdc38973776d Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:48 -0500
Subject: [PATCH 100/812] Change CRLF to LF for issue 356.

---
 .../owasp/esapi/codecs/PushbackString.java    | 368 +++++++++---------
 1 file changed, 184 insertions(+), 184 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/codecs/PushbackString.java b/src/main/java/org/owasp/esapi/codecs/PushbackString.java
index d218eb932..1119b223c 100644
--- a/src/main/java/org/owasp/esapi/codecs/PushbackString.java
+++ b/src/main/java/org/owasp/esapi/codecs/PushbackString.java
@@ -1,185 +1,185 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.codecs;
-
-
-/**
- * The pushback string is used by Codecs to allow them to push decoded characters back onto a string
- * for further decoding. This is necessary to detect double-encoding.
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- * @see org.owasp.esapi.Encoder
- */
-public class PushbackString {
-
-	private String input;
-	private Character pushback;
-	private Character temp;
-	private int index = 0;
-	private int mark = 0;
-	
-    /**
-     *
-     * @param input
-     */
-    public PushbackString( String input ) {
-		this.input = input;
-	}
-
-    /**
-     *
-     * @param c
-     */
-    public void pushback( Character c ) {
-		pushback = c;
-	}
-	
-
-    /**
-     * Get the current index of the PushbackString. Typically used in error messages.
-     * @return The current index of the PushbackString.
-     */
-    public int index() {
-		return index;
-	}
-	
-    /**
-     *
-     * @return
-     */
-    public boolean hasNext() {
-		if ( pushback != null ) return true;
-		if ( input == null ) return false;
-		if ( input.length() == 0 ) return false;
-		if ( index >= input.length() ) return false;
-		return true;		
-	}
-	
-    /**
-     *
-     * @return
-     */
-    public Character next() {
-		if ( pushback != null ) {
-			Character save = pushback;
-			pushback = null;
-			return save;
-		}
-		if ( input == null ) return null;
-		if ( input.length() == 0 ) return null;
-		if ( index >= input.length() ) return null;		
-		return Character.valueOf( input.charAt(index++) );
-	}
-	
-    /**
-    *
-    * @return
-    */
-   public Character nextHex() {
-		Character c = next();
-		if ( c == null ) return null;
-		if ( isHexDigit( c ) ) return c;
-		return null;
-	}
-
-   /**
-   *
-   * @return
-   */
-  public Character nextOctal() {
-		Character c = next();
-		if ( c == null ) return null;
-		if ( isOctalDigit( c ) ) return c;
-		return null;
-	}
-
-  /**
- * Returns true if the parameter character is a hexidecimal digit 0 through 9, a through f, or A through F.
-  * @param c
-  * @return
-  */
- public static boolean isHexDigit( Character c ) {
-		if ( c == null ) return false;
-		char ch = c.charValue();
-		return (ch >= '0' && ch <= '9' ) || (ch >= 'a' && ch <= 'f' ) || (ch >= 'A' && ch <= 'F' );
-	}
-
- /**
- * Returns true if the parameter character is an octal digit 0 through 7.
- * @param c
- * @return
- */
-public static boolean isOctalDigit( Character c ) {
-	if ( c == null ) return false;
-	char ch = c.charValue();
-	return ch >= '0' && ch <= '7';
-}
-
-    /**
-     * Return the next character without affecting the current index.
-     * @return
-     */
-    public Character peek() {
-		if ( pushback != null ) return pushback;
-		if ( input == null ) return null;
-		if ( input.length() == 0 ) return null;
-		if ( index >= input.length() ) return null;		
-		return Character.valueOf( input.charAt(index) );
-	}
-	
-    /**
-     * Test to see if the next character is a particular value without affecting the current index.
-     * @param c
-     * @return
-     */
-    public boolean peek( char c ) {
-		if ( pushback != null && pushback.charValue() == c ) return true;
-		if ( input == null ) return false;
-		if ( input.length() == 0 ) return false;
-		if ( index >= input.length() ) return false;		
-		return input.charAt(index) == c;
-	}	
-	
-    /**
-     *
-     */
-    public void mark() {
-		temp = pushback;
-		mark = index;
-	}
-
-    /**
-     *
-     */
-    public void reset() {
-		pushback = temp;
-		index = mark;
-	}
-	
-    /**
-     *
-     * @return
-     */
-    protected String remainder() {
-		String output = input.substring( index );
-		if ( pushback != null ) {
-			output = pushback + output;
-		}
-		return output;
-	}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.codecs;
+
+
+/**
+ * The pushback string is used by Codecs to allow them to push decoded characters back onto a string
+ * for further decoding. This is necessary to detect double-encoding.
+ * 
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ * @see org.owasp.esapi.Encoder
+ */
+public class PushbackString {
+
+	private String input;
+	private Character pushback;
+	private Character temp;
+	private int index = 0;
+	private int mark = 0;
+	
+    /**
+     *
+     * @param input
+     */
+    public PushbackString( String input ) {
+		this.input = input;
+	}
+
+    /**
+     *
+     * @param c
+     */
+    public void pushback( Character c ) {
+		pushback = c;
+	}
+	
+
+    /**
+     * Get the current index of the PushbackString. Typically used in error messages.
+     * @return The current index of the PushbackString.
+     */
+    public int index() {
+		return index;
+	}
+	
+    /**
+     *
+     * @return
+     */
+    public boolean hasNext() {
+		if ( pushback != null ) return true;
+		if ( input == null ) return false;
+		if ( input.length() == 0 ) return false;
+		if ( index >= input.length() ) return false;
+		return true;		
+	}
+	
+    /**
+     *
+     * @return
+     */
+    public Character next() {
+		if ( pushback != null ) {
+			Character save = pushback;
+			pushback = null;
+			return save;
+		}
+		if ( input == null ) return null;
+		if ( input.length() == 0 ) return null;
+		if ( index >= input.length() ) return null;		
+		return Character.valueOf( input.charAt(index++) );
+	}
+	
+    /**
+    *
+    * @return
+    */
+   public Character nextHex() {
+		Character c = next();
+		if ( c == null ) return null;
+		if ( isHexDigit( c ) ) return c;
+		return null;
+	}
+
+   /**
+   *
+   * @return
+   */
+  public Character nextOctal() {
+		Character c = next();
+		if ( c == null ) return null;
+		if ( isOctalDigit( c ) ) return c;
+		return null;
+	}
+
+  /**
+ * Returns true if the parameter character is a hexidecimal digit 0 through 9, a through f, or A through F.
+  * @param c
+  * @return
+  */
+ public static boolean isHexDigit( Character c ) {
+		if ( c == null ) return false;
+		char ch = c.charValue();
+		return (ch >= '0' && ch <= '9' ) || (ch >= 'a' && ch <= 'f' ) || (ch >= 'A' && ch <= 'F' );
+	}
+
+ /**
+ * Returns true if the parameter character is an octal digit 0 through 7.
+ * @param c
+ * @return
+ */
+public static boolean isOctalDigit( Character c ) {
+	if ( c == null ) return false;
+	char ch = c.charValue();
+	return ch >= '0' && ch <= '7';
+}
+
+    /**
+     * Return the next character without affecting the current index.
+     * @return
+     */
+    public Character peek() {
+		if ( pushback != null ) return pushback;
+		if ( input == null ) return null;
+		if ( input.length() == 0 ) return null;
+		if ( index >= input.length() ) return null;		
+		return Character.valueOf( input.charAt(index) );
+	}
+	
+    /**
+     * Test to see if the next character is a particular value without affecting the current index.
+     * @param c
+     * @return
+     */
+    public boolean peek( char c ) {
+		if ( pushback != null && pushback.charValue() == c ) return true;
+		if ( input == null ) return false;
+		if ( input.length() == 0 ) return false;
+		if ( index >= input.length() ) return false;		
+		return input.charAt(index) == c;
+	}	
+	
+    /**
+     *
+     */
+    public void mark() {
+		temp = pushback;
+		mark = index;
+	}
+
+    /**
+     *
+     */
+    public void reset() {
+		pushback = temp;
+		index = mark;
+	}
+	
+    /**
+     *
+     * @return
+     */
+    protected String remainder() {
+		String output = input.substring( index );
+		if ( pushback != null ) {
+			output = pushback + output;
+		}
+		return output;
+	}
 }
\ No newline at end of file

From a1ebee77067751fa133ef764f4f7147749c4fb69 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:48 -0500
Subject: [PATCH 101/812] Change CRLF to LF for issue 356.

---
 .../org/owasp/esapi/codecs/UnixCodec.java     | 162 +++++++++---------
 1 file changed, 81 insertions(+), 81 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/codecs/UnixCodec.java b/src/main/java/org/owasp/esapi/codecs/UnixCodec.java
index 19ecc80ca..489cf073b 100644
--- a/src/main/java/org/owasp/esapi/codecs/UnixCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/UnixCodec.java
@@ -1,82 +1,82 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.codecs;
-
-
-/**
- * Implementation of the Codec interface for '\' encoding from Unix command shell.
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- * @see org.owasp.esapi.Encoder
- */
-public class UnixCodec extends Codec {
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * Returns backslash-encoded character
-     *
-     * @param immune
-     */
-	public String encodeCharacter( char[] immune, Character c ) {
-		char ch = c.charValue();
-		
-		// check for immune characters
-		if ( containsCharacter( ch, immune ) ) {
-			return ""+ch;
-		}
-		
-		// check for alphanumeric characters
-		String hex = Codec.getHexForNonAlphanumeric( ch );
-		if ( hex == null ) {
-			return ""+ch;
-		}
-		
-        return "\\" + c;
-	}
-	
-	
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * Returns the decoded version of the character starting at index, or
-	 * null if no decoding is possible.
-	 * <p>
-	 * Formats all are legal both upper/lower case:
-	 *   \x - all special characters
-	 *   
-	 */
-	public Character decodeCharacter( PushbackString input ) {
-		input.mark();
-		Character first = input.next();
-		if ( first == null ) {
-			input.reset();
-			return null;
-		}
-		
-		// if this is not an encoded character, return null
-		if ( first.charValue() != '\\' ) {
-			input.reset();
-			return null;
-		}
-
-		Character second = input.next();
-		return second;
-	}
-
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.codecs;
+
+
+/**
+ * Implementation of the Codec interface for '\' encoding from Unix command shell.
+ * 
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ * @see org.owasp.esapi.Encoder
+ */
+public class UnixCodec extends Codec {
+
+	/**
+	 * {@inheritDoc}
+	 * 
+	 * Returns backslash-encoded character
+     *
+     * @param immune
+     */
+	public String encodeCharacter( char[] immune, Character c ) {
+		char ch = c.charValue();
+		
+		// check for immune characters
+		if ( containsCharacter( ch, immune ) ) {
+			return ""+ch;
+		}
+		
+		// check for alphanumeric characters
+		String hex = Codec.getHexForNonAlphanumeric( ch );
+		if ( hex == null ) {
+			return ""+ch;
+		}
+		
+        return "\\" + c;
+	}
+	
+	
+	/**
+	 * {@inheritDoc}
+	 * 
+	 * Returns the decoded version of the character starting at index, or
+	 * null if no decoding is possible.
+	 * <p>
+	 * Formats all are legal both upper/lower case:
+	 *   \x - all special characters
+	 *   
+	 */
+	public Character decodeCharacter( PushbackString input ) {
+		input.mark();
+		Character first = input.next();
+		if ( first == null ) {
+			input.reset();
+			return null;
+		}
+		
+		// if this is not an encoded character, return null
+		if ( first.charValue() != '\\' ) {
+			input.reset();
+			return null;
+		}
+
+		Character second = input.next();
+		return second;
+	}
+
 }
\ No newline at end of file

From 2ee8a833875a63a7c8d4f745ab9c32e16e551bc3 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:48 -0500
Subject: [PATCH 102/812] Change CRLF to LF for issue 356.

---
 .../org/owasp/esapi/codecs/VBScriptCodec.java | 232 +++++++++---------
 1 file changed, 116 insertions(+), 116 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/codecs/VBScriptCodec.java b/src/main/java/org/owasp/esapi/codecs/VBScriptCodec.java
index 2dccbbd81..31442127a 100644
--- a/src/main/java/org/owasp/esapi/codecs/VBScriptCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/VBScriptCodec.java
@@ -1,117 +1,117 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.codecs;
-
-import org.owasp.esapi.EncoderConstants;
-
-
-/**
- * Implementation of the Codec interface for 'quote' encoding from VBScript.
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- * @see org.owasp.esapi.Encoder
- */
-public class VBScriptCodec extends Codec {
-
-	/**
-	 * Encode a String so that it can be safely used in a specific context.
-	 * 
-     * @param immune
-     * @param input
-	 * 		the String to encode
-	 * @return the encoded String
-	 */
-    public String encode(char[] immune, String input) {
-    	StringBuilder sb = new StringBuilder();
-		boolean encoding = false;
-		boolean inquotes = false;
-		for ( int i=0; i<input.length(); i++ ) {
-			char c = input.charAt(i);
-			
-			// handle normal characters and surround them with quotes
-			if (containsCharacter(c, EncoderConstants.CHAR_ALPHANUMERICS) || containsCharacter(c, immune)) {
-				if ( encoding && i > 0 ) sb.append( "&" );
-				if ( !inquotes && i > 0 ) sb.append( "\"" );
-				sb.append( c );
-				inquotes = true;
-				encoding = false;
-				
-			// handle characters that need encoding
-			} else {
-				if ( inquotes && i < input.length() ) sb.append( "\"" );
-				if ( i > 0 ) sb.append( "&" );
-				sb.append( encodeCharacter( immune, Character.valueOf( c ) ) );
-				inquotes = false;
-				encoding = true;
-			}
-		}
-		return sb.toString();
-    }
-
-
-	/**
-	 * Returns quote-encoded character
-     *
-     * @param immune
-     */
-	public String encodeCharacter( char[] immune, Character c ) {
-		char ch = c.charValue();
-		
-		// check for immune characters
-		if ( containsCharacter( ch, immune ) ) {
-			return ""+ch;
-		}
-		
-		// check for alphanumeric characters
-		String hex = Codec.getHexForNonAlphanumeric( ch );
-		if ( hex == null ) {
-			return ""+ch;
-		}
-		
-        return "chrw(" + (int)c.charValue() + ")";
-	}
-	
-	
-	
-	/**
-	 * Returns the decoded version of the character starting at index, or
-	 * null if no decoding is possible.
-	 * 
-	 * Formats all are legal both upper/lower case:
-	 *   "x - all special characters
-	 *   " + chr(x) + "  - not supported yet
-	 */
-	public Character decodeCharacter( PushbackString input ) {
-		input.mark();
-		Character first = input.next();
-		if ( first == null ) {
-			input.reset();
-			return null;
-		}
-		
-		// if this is not an encoded character, return null
-		if ( first.charValue() != '\"' ) {
-			input.reset();
-			return null;
-		}
-
-		Character second = input.next();
-		return second;
-	}
-
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.codecs;
+
+import org.owasp.esapi.EncoderConstants;
+
+
+/**
+ * Implementation of the Codec interface for 'quote' encoding from VBScript.
+ * 
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ * @see org.owasp.esapi.Encoder
+ */
+public class VBScriptCodec extends Codec {
+
+	/**
+	 * Encode a String so that it can be safely used in a specific context.
+	 * 
+     * @param immune
+     * @param input
+	 * 		the String to encode
+	 * @return the encoded String
+	 */
+    public String encode(char[] immune, String input) {
+    	StringBuilder sb = new StringBuilder();
+		boolean encoding = false;
+		boolean inquotes = false;
+		for ( int i=0; i<input.length(); i++ ) {
+			char c = input.charAt(i);
+			
+			// handle normal characters and surround them with quotes
+			if (containsCharacter(c, EncoderConstants.CHAR_ALPHANUMERICS) || containsCharacter(c, immune)) {
+				if ( encoding && i > 0 ) sb.append( "&" );
+				if ( !inquotes && i > 0 ) sb.append( "\"" );
+				sb.append( c );
+				inquotes = true;
+				encoding = false;
+				
+			// handle characters that need encoding
+			} else {
+				if ( inquotes && i < input.length() ) sb.append( "\"" );
+				if ( i > 0 ) sb.append( "&" );
+				sb.append( encodeCharacter( immune, Character.valueOf( c ) ) );
+				inquotes = false;
+				encoding = true;
+			}
+		}
+		return sb.toString();
+    }
+
+
+	/**
+	 * Returns quote-encoded character
+     *
+     * @param immune
+     */
+	public String encodeCharacter( char[] immune, Character c ) {
+		char ch = c.charValue();
+		
+		// check for immune characters
+		if ( containsCharacter( ch, immune ) ) {
+			return ""+ch;
+		}
+		
+		// check for alphanumeric characters
+		String hex = Codec.getHexForNonAlphanumeric( ch );
+		if ( hex == null ) {
+			return ""+ch;
+		}
+		
+        return "chrw(" + (int)c.charValue() + ")";
+	}
+	
+	
+	
+	/**
+	 * Returns the decoded version of the character starting at index, or
+	 * null if no decoding is possible.
+	 * 
+	 * Formats all are legal both upper/lower case:
+	 *   "x - all special characters
+	 *   " + chr(x) + "  - not supported yet
+	 */
+	public Character decodeCharacter( PushbackString input ) {
+		input.mark();
+		Character first = input.next();
+		if ( first == null ) {
+			input.reset();
+			return null;
+		}
+		
+		// if this is not an encoded character, return null
+		if ( first.charValue() != '\"' ) {
+			input.reset();
+			return null;
+		}
+
+		Character second = input.next();
+		return second;
+	}
+
 }
\ No newline at end of file

From a2fa7eed4e429600b47444a3702cc700e8cd0233 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:48 -0500
Subject: [PATCH 103/812] Change CRLF to LF for issue 356.

---
 .../org/owasp/esapi/codecs/WindowsCodec.java  | 162 +++++++++---------
 1 file changed, 81 insertions(+), 81 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/codecs/WindowsCodec.java b/src/main/java/org/owasp/esapi/codecs/WindowsCodec.java
index 719f00907..f7abb3a4b 100644
--- a/src/main/java/org/owasp/esapi/codecs/WindowsCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/WindowsCodec.java
@@ -1,82 +1,82 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.codecs;
-
-
-/**
- * Implementation of the Codec interface for '^' encoding from Windows command shell.
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- * @see org.owasp.esapi.Encoder
- */
-public class WindowsCodec extends Codec {
-
-	
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * Returns Windows shell encoded character (which is ^)
-     *
-     * @param immune
-     */
-	public String encodeCharacter( char[] immune, Character c ) {
-		char ch = c.charValue();
-		
-		// check for immune characters
-		if ( containsCharacter( ch, immune ) ) {
-			return ""+ch;
-		}
-		
-		// check for alphanumeric characters
-		String hex = Codec.getHexForNonAlphanumeric( ch );
-		if ( hex == null ) {
-			return ""+ch;
-		}
-		
-        return "^" + c;
-	}
-	
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * Returns the decoded version of the character starting at index, or
-	 * null if no decoding is possible.
-	 * <p>
-	 * Formats all are legal both upper/lower case:
-	 *   ^x - all special characters
-	 */
-	public Character decodeCharacter( PushbackString input ) {
-		input.mark();
-		Character first = input.next();
-		if ( first == null ) {
-			input.reset();
-			return null;
-		}
-		
-		// if this is not an encoded character, return null
-		if ( first.charValue() != '^' ) {
-			input.reset();
-			return null;
-		}
-
-		Character second = input.next();
-		return second;
-	}
-
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.codecs;
+
+
+/**
+ * Implementation of the Codec interface for '^' encoding from Windows command shell.
+ * 
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ * @see org.owasp.esapi.Encoder
+ */
+public class WindowsCodec extends Codec {
+
+	
+	/**
+	 * {@inheritDoc}
+	 * 
+	 * Returns Windows shell encoded character (which is ^)
+     *
+     * @param immune
+     */
+	public String encodeCharacter( char[] immune, Character c ) {
+		char ch = c.charValue();
+		
+		// check for immune characters
+		if ( containsCharacter( ch, immune ) ) {
+			return ""+ch;
+		}
+		
+		// check for alphanumeric characters
+		String hex = Codec.getHexForNonAlphanumeric( ch );
+		if ( hex == null ) {
+			return ""+ch;
+		}
+		
+        return "^" + c;
+	}
+	
+
+	/**
+	 * {@inheritDoc}
+	 * 
+	 * Returns the decoded version of the character starting at index, or
+	 * null if no decoding is possible.
+	 * <p>
+	 * Formats all are legal both upper/lower case:
+	 *   ^x - all special characters
+	 */
+	public Character decodeCharacter( PushbackString input ) {
+		input.mark();
+		Character first = input.next();
+		if ( first == null ) {
+			input.reset();
+			return null;
+		}
+		
+		// if this is not an encoded character, return null
+		if ( first.charValue() != '^' ) {
+			input.reset();
+			return null;
+		}
+
+		Character second = input.next();
+		return second;
+	}
+
 }
\ No newline at end of file

From 910c6e83640b122ee7652b97f9fcd4a3ba5061e4 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:48 -0500
Subject: [PATCH 104/812] Change CRLF to LF for issue 356.

---
 .../org/owasp/esapi/EncoderConstants.java     | 234 +++++++++---------
 1 file changed, 117 insertions(+), 117 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/EncoderConstants.java b/src/main/java/org/owasp/esapi/EncoderConstants.java
index d1480276d..1498d5ea7 100644
--- a/src/main/java/org/owasp/esapi/EncoderConstants.java
+++ b/src/main/java/org/owasp/esapi/EncoderConstants.java
@@ -1,117 +1,117 @@
-package org.owasp.esapi;
-
-import java.util.Set;
-
-import org.owasp.esapi.util.CollectionsUtil;
-
-/**
- * Common character classes used for input validation, output encoding, verifying password strength
- * CSRF token generation, generating salts, etc
- * @author Neil Matatall (neil.matatall .at. gmail.com)
- * @see User
- */
-public class EncoderConstants {
-	/**
-	 * !$*-.=?@_
-	 */
-	public final static char[] CHAR_PASSWORD_SPECIALS = { '!', '$', '*', '-', '.', '=', '?', '@', '_' };
-	public final static Set<Character> PASSWORD_SPECIALS;
-	static {
-		PASSWORD_SPECIALS = CollectionsUtil.arrayToSet(CHAR_PASSWORD_SPECIALS);
-	}
-	
-	/**
-	 * a-b
-	 */
-	public final static char[] CHAR_LOWERS = { 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z' };
-	public final static Set<Character> LOWERS;
-	static {
-		LOWERS = CollectionsUtil.arrayToSet(CHAR_PASSWORD_SPECIALS);
-	}
-	
-	/**
-	 * A-Z
-	 */
-	public final static char[] CHAR_UPPERS = { 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z' };
-	public final static Set<Character> UPPERS;
-	static {
-		UPPERS = CollectionsUtil.arrayToSet(CHAR_UPPERS);
-	}
-	/**
-	 * 0-9
-	 */
-	public final static char[] CHAR_DIGITS = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9' };
-	public final static Set<Character> DIGITS;
-	static {
-		DIGITS = CollectionsUtil.arrayToSet(CHAR_DIGITS);
-	}
-	
-	/**
-	 * !$*+-.=?@^_|~
-	 */
-	public final static char[] CHAR_SPECIALS = { '!', '$', '*', '+', '-', '.', '=', '?', '@', '^', '_', '|', '~' };
-	public final static Set<Character> SPECIALS;
-	static {
-		SPECIALS = CollectionsUtil.arrayToSet(CHAR_SPECIALS);
-	}
-	
-	/**
-	 * CHAR_LOWERS union CHAR_UPPERS
-	 */
-	public final static char[] CHAR_LETTERS = StringUtilities.union(CHAR_LOWERS, CHAR_UPPERS);
-	public final static Set<Character> LETTERS;
-	static {
-		LETTERS = CollectionsUtil.arrayToSet(CHAR_LETTERS);
-	}
-	
-	/**
-	 * CHAR_LETTERS union CHAR_DIGITS
-	 */
-	public final static char[] CHAR_ALPHANUMERICS = StringUtilities.union(CHAR_LETTERS, CHAR_DIGITS);
-	public final static Set<Character> ALPHANUMERICS;
-	static {
-		ALPHANUMERICS = CollectionsUtil.arrayToSet(CHAR_ALPHANUMERICS);
-	}
-	
-	/**
-	 * Password character set, is alphanumerics (without l, i, I, o, O, and 0)
-	 * selected specials like + (bad for URL encoding, | is like i and 1,
-	 * etc...)
-	 */
-	public final static char[] CHAR_PASSWORD_LOWERS = { 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'j', 'k', 'm', 'n', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z' };
-	public final static Set<Character> PASSWORD_LOWERS;
-	static {
-		PASSWORD_LOWERS = CollectionsUtil.arrayToSet(CHAR_ALPHANUMERICS);
-	}
-	
-	/**
-	 * 
-	 */
-	public final static char[] CHAR_PASSWORD_UPPERS = { 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'J', 'K', 'L', 'M', 'N', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z' };
-	public final static Set<Character> PASSWORD_UPPERS;
-	static {
-		PASSWORD_UPPERS = CollectionsUtil.arrayToSet(CHAR_PASSWORD_UPPERS);
-	}
-	
-	/**
-	 * 2-9
-	 */
-	public final static char[] CHAR_PASSWORD_DIGITS = { '2', '3', '4', '5', '6', '7', '8', '9' };
-	public final static Set<Character> PASSWORD_DIGITS;
-	static {
-		PASSWORD_DIGITS = CollectionsUtil.arrayToSet(CHAR_PASSWORD_DIGITS);
-	}
-	
-	/**
-	 * CHAR_PASSWORD_LOWERS union CHAR_PASSWORD_UPPERS
-	 */
-	public final static char[] CHAR_PASSWORD_LETTERS = StringUtilities.union( CHAR_PASSWORD_LOWERS, CHAR_PASSWORD_UPPERS );
-	public final static Set<Character> PASSWORD_LETTERS;
-	static {
-		PASSWORD_LETTERS = CollectionsUtil.arrayToSet(CHAR_PASSWORD_LETTERS);
-	}
-
-	private EncoderConstants() {
-		// prevent instantiation
-	}
-}
+package org.owasp.esapi;
+
+import java.util.Set;
+
+import org.owasp.esapi.util.CollectionsUtil;
+
+/**
+ * Common character classes used for input validation, output encoding, verifying password strength
+ * CSRF token generation, generating salts, etc
+ * @author Neil Matatall (neil.matatall .at. gmail.com)
+ * @see User
+ */
+public class EncoderConstants {
+	/**
+	 * !$*-.=?@_
+	 */
+	public final static char[] CHAR_PASSWORD_SPECIALS = { '!', '$', '*', '-', '.', '=', '?', '@', '_' };
+	public final static Set<Character> PASSWORD_SPECIALS;
+	static {
+		PASSWORD_SPECIALS = CollectionsUtil.arrayToSet(CHAR_PASSWORD_SPECIALS);
+	}
+	
+	/**
+	 * a-b
+	 */
+	public final static char[] CHAR_LOWERS = { 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z' };
+	public final static Set<Character> LOWERS;
+	static {
+		LOWERS = CollectionsUtil.arrayToSet(CHAR_PASSWORD_SPECIALS);
+	}
+	
+	/**
+	 * A-Z
+	 */
+	public final static char[] CHAR_UPPERS = { 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z' };
+	public final static Set<Character> UPPERS;
+	static {
+		UPPERS = CollectionsUtil.arrayToSet(CHAR_UPPERS);
+	}
+	/**
+	 * 0-9
+	 */
+	public final static char[] CHAR_DIGITS = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9' };
+	public final static Set<Character> DIGITS;
+	static {
+		DIGITS = CollectionsUtil.arrayToSet(CHAR_DIGITS);
+	}
+	
+	/**
+	 * !$*+-.=?@^_|~
+	 */
+	public final static char[] CHAR_SPECIALS = { '!', '$', '*', '+', '-', '.', '=', '?', '@', '^', '_', '|', '~' };
+	public final static Set<Character> SPECIALS;
+	static {
+		SPECIALS = CollectionsUtil.arrayToSet(CHAR_SPECIALS);
+	}
+	
+	/**
+	 * CHAR_LOWERS union CHAR_UPPERS
+	 */
+	public final static char[] CHAR_LETTERS = StringUtilities.union(CHAR_LOWERS, CHAR_UPPERS);
+	public final static Set<Character> LETTERS;
+	static {
+		LETTERS = CollectionsUtil.arrayToSet(CHAR_LETTERS);
+	}
+	
+	/**
+	 * CHAR_LETTERS union CHAR_DIGITS
+	 */
+	public final static char[] CHAR_ALPHANUMERICS = StringUtilities.union(CHAR_LETTERS, CHAR_DIGITS);
+	public final static Set<Character> ALPHANUMERICS;
+	static {
+		ALPHANUMERICS = CollectionsUtil.arrayToSet(CHAR_ALPHANUMERICS);
+	}
+	
+	/**
+	 * Password character set, is alphanumerics (without l, i, I, o, O, and 0)
+	 * selected specials like + (bad for URL encoding, | is like i and 1,
+	 * etc...)
+	 */
+	public final static char[] CHAR_PASSWORD_LOWERS = { 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'j', 'k', 'm', 'n', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z' };
+	public final static Set<Character> PASSWORD_LOWERS;
+	static {
+		PASSWORD_LOWERS = CollectionsUtil.arrayToSet(CHAR_ALPHANUMERICS);
+	}
+	
+	/**
+	 * 
+	 */
+	public final static char[] CHAR_PASSWORD_UPPERS = { 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'J', 'K', 'L', 'M', 'N', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z' };
+	public final static Set<Character> PASSWORD_UPPERS;
+	static {
+		PASSWORD_UPPERS = CollectionsUtil.arrayToSet(CHAR_PASSWORD_UPPERS);
+	}
+	
+	/**
+	 * 2-9
+	 */
+	public final static char[] CHAR_PASSWORD_DIGITS = { '2', '3', '4', '5', '6', '7', '8', '9' };
+	public final static Set<Character> PASSWORD_DIGITS;
+	static {
+		PASSWORD_DIGITS = CollectionsUtil.arrayToSet(CHAR_PASSWORD_DIGITS);
+	}
+	
+	/**
+	 * CHAR_PASSWORD_LOWERS union CHAR_PASSWORD_UPPERS
+	 */
+	public final static char[] CHAR_PASSWORD_LETTERS = StringUtilities.union( CHAR_PASSWORD_LOWERS, CHAR_PASSWORD_UPPERS );
+	public final static Set<Character> PASSWORD_LETTERS;
+	static {
+		PASSWORD_LETTERS = CollectionsUtil.arrayToSet(CHAR_PASSWORD_LETTERS);
+	}
+
+	private EncoderConstants() {
+		// prevent instantiation
+	}
+}

From 464d4bad42378ea0808677ce591ccb6345f40af4 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:48 -0500
Subject: [PATCH 105/812] Change CRLF to LF for issue 356.

---
 src/main/java/org/owasp/esapi/Encoder.java | 1032 ++++++++++----------
 1 file changed, 516 insertions(+), 516 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/Encoder.java b/src/main/java/org/owasp/esapi/Encoder.java
index 3bce42fc4..2d2bfb7b9 100644
--- a/src/main/java/org/owasp/esapi/Encoder.java
+++ b/src/main/java/org/owasp/esapi/Encoder.java
@@ -1,516 +1,516 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi;
-
-import java.io.IOException;
-
-import org.owasp.esapi.codecs.Codec;
-import org.owasp.esapi.errors.EncodingException;
-
-
-/**
- * The Encoder interface contains a number of methods for decoding input and encoding output
- * so that it will be safe for a variety of interpreters. To prevent
- * double-encoding, callers should make sure input does not already contain encoded characters
- * by calling canonicalize. Validator implementations should call canonicalize on user input
- * <b>before</b> validating to prevent encoded attacks.
- * <p>
- * All of the methods must use a "whitelist" or "positive" security model.
- * For the encoding methods, this means that all characters should be encoded, except for a specific list of
- * "immune" characters that are known to be safe.
- * <p>
- * The Encoder performs two key functions, encoding and decoding. These functions rely
- * on a set of codecs that can be found in the org.owasp.esapi.codecs package. These include:
- * <ul><li>CSS Escaping</li>
- * <li>HTMLEntity Encoding</li>
- * <li>JavaScript Escaping</li>
- * <li>MySQL Escaping</li>
- * <li>Oracle Escaping</li>
- * <li>Percent Encoding (aka URL Encoding)</li>
- * <li>Unix Escaping</li>
- * <li>VBScript Escaping</li>
- * <li>Windows Encoding</li></ul>
- * <p>
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- */
-public interface Encoder {
-	
-	/**
-	 * Standard character sets
-	 */
-
-	/**  
-	 * @deprecated Use {@link EncoderConstants#CHAR_LOWERS} instead
-	 */
-	@Deprecated
-	public final static char[] CHAR_LOWERS = EncoderConstants.CHAR_LOWERS;
-    /**
-	 * @deprecated Use {@link EncoderConstants#CHAR_UPPERS} instead
-	 *
-	 */
-	@Deprecated
-	public final static char[] CHAR_UPPERS = EncoderConstants.CHAR_UPPERS;
-    /**
-	 * @deprecated Use {@link EncoderConstants#CHAR_DIGITS} instead
-	 *
-	 */
-	@Deprecated
-	public final static char[] CHAR_DIGITS = EncoderConstants.CHAR_DIGITS;
-    /**
-	 * @deprecated Use {@link EncoderConstants#CHAR_SPECIALS} instead
-	 *
-	 */
-	@Deprecated
-	public final static char[] CHAR_SPECIALS = EncoderConstants.CHAR_SPECIALS;
-    /**
-	 * @deprecated Use {@link EncoderConstants#CHAR_LETTERS} instead
-	 *
-	 */
-	@Deprecated
-	public final static char[] CHAR_LETTERS = EncoderConstants.CHAR_LETTERS;
-    /**
-	 * @deprecated Use {@link EncoderConstants#CHAR_ALPHANUMERICS} instead
-	 *
-	 */
-	@Deprecated
-	public final static char[] CHAR_ALPHANUMERICS = EncoderConstants.CHAR_ALPHANUMERICS;
-	
-	
-	/**
-	 * Password character set, is alphanumerics (without l, i, I, o, O, and 0)
-	 * selected specials like + (bad for URL encoding, | is like i and 1,
-	 * etc...)
-	 * @deprecated Use {@link EncoderConstants#CHAR_PASSWORD_LOWERS} instead
-	 */
-	@Deprecated
-	public final static char[] CHAR_PASSWORD_LOWERS = EncoderConstants.CHAR_PASSWORD_LOWERS;
-    /**
-	 * @deprecated Use {@link EncoderConstants#CHAR_PASSWORD_UPPERS} instead
-	 *
-	 */
-	@Deprecated
-	public final static char[] CHAR_PASSWORD_UPPERS = EncoderConstants.CHAR_PASSWORD_UPPERS;
-    /**
-	 * @deprecated Use {@link EncoderConstants#CHAR_PASSWORD_DIGITS} instead
-	 *
-	 */
-	@Deprecated
-	public final static char[] CHAR_PASSWORD_DIGITS = EncoderConstants.CHAR_PASSWORD_DIGITS;
-    /**
-	 * @deprecated Use {@link EncoderConstants#CHAR_PASSWORD_SPECIALS} instead
-	 *
-	 */
-	@Deprecated
-	public final static char[] CHAR_PASSWORD_SPECIALS = EncoderConstants.CHAR_PASSWORD_SPECIALS;
-    /**
-	 * @deprecated Use {@link EncoderConstants#CHAR_PASSWORD_LETTERS} instead
-	 *
-	 */
-	@Deprecated
-	public final static char[] CHAR_PASSWORD_LETTERS = EncoderConstants.CHAR_PASSWORD_LETTERS;
-    
-
-
-	/**
-	 * This method is equivalent to calling <pre>Encoder.canonicalize(input, restrictMultiple, restrictMixed);</pre>
-	 *
-	 * The default values for restrictMultiple and restrictMixed come from ESAPI.properties
-	 * <pre>
-	 * Encoder.AllowMultipleEncoding=false
-	 * Encoder.AllowMixedEncoding=false
-	 * </pre>
-	 *
-	 * @see Encoder#canonicalize(String, boolean, boolean) canonicalize
-	 * @see <a href="http://www.w3.org/TR/html4/interact/forms.html#h-17.13.4">W3C specifications</a>
-	 * 
-	 * @param input the text to canonicalize
-	 * @return a String containing the canonicalized text
-	 */
-	String canonicalize(String input);
-	
-	/**
-	 * This method is the equivalent to calling <pre>Encoder.canonicalize(input, strict, strict);</pre>
-	 *
-	 * @see Encoder#canonicalize(String, boolean, boolean) canonicalize
-	 * @see <a href="http://www.w3.org/TR/html4/interact/forms.html#h-17.13.4">W3C specifications</a>
-	 *  
-	 * @param input 
-	 * 		the text to canonicalize
-	 * @param strict 
-	 * 		true if checking for multiple and mixed encoding is desired, false otherwise
-	 * 
-	 * @return a String containing the canonicalized text
-	 */
-	String canonicalize(String input, boolean strict);
-
-	/**
-	 * Canonicalization is simply the operation of reducing a possibly encoded
-	 * string down to its simplest form. This is important, because attackers
-	 * frequently use encoding to change their input in a way that will bypass
-	 * validation filters, but still be interpreted properly by the target of
-	 * the attack. Note that data encoded more than once is not something that a
-	 * normal user would generate and should be regarded as an attack.
-	 * <p>
-     * Everyone <a href="http://cwe.mitre.org/data/definitions/180.html">says</a> you shouldn't do validation
-     * without canonicalizing the data first. This is easier said than done. The canonicalize method can
-     * be used to simplify just about any input down to its most basic form. Note that canonicalize doesn't
-     * handle Unicode issues, it focuses on higher level encoding and escaping schemes. In addition to simple
-     * decoding, canonicalize also handles:
-     * <ul><li>Perverse but legal variants of escaping schemes</li>
-     * <li>Multiple escaping (%2526 or &#x26;lt;)</li>
-     * <li>Mixed escaping (%26lt;)</li>
-     * <li>Nested escaping (%%316 or &%6ct;)</li>
-     * <li>All combinations of multiple, mixed, and nested encoding/escaping (%2&#x35;3c or &#x2526gt;)</li></ul>
-     * <p>
-     * Using canonicalize is simple. The default is just...
-     * <pre>
-     *     String clean = ESAPI.encoder().canonicalize( request.getParameter("input"));
-     * </pre>
-     * You need to decode untrusted data so that it's safe for ANY downstream interpreter or decoder. For
-     * example, if your data goes into a Windows command shell, then into a database, and then to a browser,
-     * you're going to need to decode for all of those systems. You can build a custom encoder to canonicalize
-     * for your application like this...
-     * <pre>
-     *     ArrayList list = new ArrayList();
-     *     list.add( new WindowsCodec() );
-     *     list.add( new MySQLCodec() );
-     *     list.add( new PercentCodec() );
-     *     Encoder encoder = new DefaultEncoder( list );
-     *     String clean = encoder.canonicalize( request.getParameter( "input" ));
-     * </pre>
-     * In ESAPI, the Validator uses the canonicalize method before it does validation.  So all you need to
-     * do is to validate as normal and you'll be protected against a host of encoded attacks.
-     * <pre>
-     *     String input = request.getParameter( "name" );
-     *     String name = ESAPI.validator().isValidInput( "test", input, "FirstName", 20, false);
-     * </pre>
-     * However, the default canonicalize() method only decodes HTMLEntity, percent (URL) encoding, and JavaScript
-     * encoding. If you'd like to use a custom canonicalizer with your validator, that's pretty easy too.
-     * <pre>
-     *     ... setup custom encoder as above
-     *     Validator validator = new DefaultValidator( encoder );
-     *     String input = request.getParameter( "name" );
-     *     String name = validator.isValidInput( "test", input, "name", 20, false);
-     * </pre>
-     * Although ESAPI is able to canonicalize multiple, mixed, or nested encoding, it's safer to not accept
-     * this stuff in the first place. In ESAPI, the default is "strict" mode that throws an IntrusionException
-     * if it receives anything not single-encoded with a single scheme. This is configurable
-     * in ESAPI.properties using the properties:
-	 * <pre>
-	 * Encoder.AllowMultipleEncoding=false
-	 * Encoder.AllowMixedEncoding=false
-	 * </pre>
-	 * This method allows you to override the default behavior by directly specifying whether to restrict
-	 * multiple or mixed encoding. Even if you disable restrictions, you'll still get
-     * warning messages in the log about each multiple encoding and mixed encoding received.
-     * <pre>
-     *     // disabling strict mode to allow mixed encoding
-     *     String url = ESAPI.encoder().canonicalize( request.getParameter("url"), false, false);
-     * </pre>
-	 *
-	 * @see <a href="http://www.w3.org/TR/html4/interact/forms.html#h-17.13.4">W3C specifications</a>
-	 *
-	 * @param input
-	 * 		the text to canonicalize
-	 * @param restrictMultiple
-	 * 		true if checking for multiple encoding is desired, false otherwise
-	 * @param restrictMixed
-	 * 		true if checking for mixed encoding is desired, false otherwise
-	 *
-	 * @return a String containing the canonicalized text
-	 */
-	String canonicalize(String input, boolean restrictMultiple, boolean restrictMixed);
-
-	/**
-	 * Encode data for use in Cascading Style Sheets (CSS) content.
-	 * 
-	 * @see <a href="http://www.w3.org/TR/CSS21/syndata.html#escaped-characters">CSS Syntax [w3.org]</a>
-	 * 
-	 * @param input 
-	 * 		the text to encode for CSS
-	 * 
-	 * @return input encoded for CSS
-	 */
-	String encodeForCSS(String input);
-
-	/**
-	 * Encode data for use in HTML using HTML entity encoding
-	 * <p> 
-	 * Note that the following characters:
-	 * 00-08, 0B-0C, 0E-1F, and 7F-9F
-	 * <p>cannot be used in HTML. 
-	 * 
-	 * @see <a href="http://en.wikipedia.org/wiki/Character_encodings_in_HTML">HTML Encodings [wikipedia.org]</a> 
-	 * @see <a href="http://www.w3.org/TR/html4/sgml/sgmldecl.html">SGML Specification [w3.org]</a>
-     * @see <a href="http://www.w3.org/TR/REC-xml/#charsets">XML Specification [w3.org]</a>
-	 * 
-	 * @param input 
-	 * 		the text to encode for HTML
-	 * 
-	 * @return input encoded for HTML
-	 */
-	String encodeForHTML(String input);
-
-	/**
-     * Decodes HTML entities.
-     * @param input the <code>String</code> to decode
-     * @return the newly decoded <code>String</code>
-     */
-	String decodeForHTML(String input);
-		
-	/**
-	 * Encode data for use in HTML attributes.
-	 * 
-	 * @param input 
-	 * 		the text to encode for an HTML attribute
-	 * 
-	 * @return input encoded for use as an HTML attribute
-	 */
-	String encodeForHTMLAttribute(String input);
-
-
-    /**
-     * Encode data for insertion inside a data value or function argument in JavaScript. Including user data 
-     * directly inside a script is quite dangerous. Great care must be taken to prevent including user data
-     * directly into script code itself, as no amount of encoding will prevent attacks there.
-     * 
-     * Please note there are some JavaScript functions that can never safely receive untrusted data 
-     * as input – even if the user input is encoded.
-     * 
-     * For example:
-     * <pre>
-     *  &lt;script&gt;
-     *    &nbsp;&nbsp;window.setInterval('&lt;%= EVEN IF YOU ENCODE UNTRUSTED DATA YOU ARE XSSED HERE %&gt;');
-     *  &lt;/script&gt;
-     * </pre>
-     * @param input 
-     *          the text to encode for JavaScript
-     * 
-     * @return input encoded for use in JavaScript
-     */
-	String encodeForJavaScript(String input);
-
-	/**
-	 * Encode data for insertion inside a data value in a Visual Basic script. Putting user data directly
-	 * inside a script is quite dangerous. Great care must be taken to prevent putting user data
-	 * directly into script code itself, as no amount of encoding will prevent attacks there.
-	 * 
-	 * This method is not recommended as VBScript is only supported by Internet Explorer
-	 * 
-	 * @param input 
-	 * 		the text to encode for VBScript
-	 * 
-	 * @return input encoded for use in VBScript
-	 */
-	String encodeForVBScript(String input);
-
-
-	/**
-	 * Encode input for use in a SQL query, according to the selected codec 
-	 * (appropriate codecs include the MySQLCodec and OracleCodec).
-	 * 
-	 * This method is not recommended. The use of the PreparedStatement 
-	 * interface is the preferred approach. However, if for some reason 
-	 * this is impossible, then this method is provided as a weaker 
-	 * alternative. 
-	 * 
-	 * The best approach is to make sure any single-quotes are double-quoted.
-	 * Another possible approach is to use the {escape} syntax described in the
-	 * JDBC specification in section 1.5.6.
-	 * 
-	 * However, this syntax does not work with all drivers, and requires
-	 * modification of all queries.
-	 * 
-	 * @see <a href="http://java.sun.com/j2se/1.4.2/docs/guide/jdbc/getstart/statement.html">JDBC Specification</a>
-	 *  
-	 * @param codec 
-	 * 		a Codec that declares which database 'input' is being encoded for (ie. MySQL, Oracle, etc.)
-	 * @param input 
-	 * 		the text to encode for SQL
-	 * 
-	 * @return input encoded for use in SQL
-	 */
-	String encodeForSQL(Codec codec, String input);
-
-    /**
-     * Encode for an operating system command shell according to the selected codec (appropriate codecs include the WindowsCodec and UnixCodec). 
-     *
-     * Please note the following recommendations before choosing to use this method: 
-     * 
-     * 1)      It is strongly recommended that applications avoid making direct OS system calls if possible as such calls are not portable, and they are potentially unsafe. Please use language provided features if at all possible, rather than native OS calls to implement the desired feature.
-     * 2)      If an OS call cannot be avoided, then it is recommended that the program to be invoked be invoked directly (e.g., System.exec("nameofcommand" + "parameterstocommand");) as this avoids the use of the command shell. The "parameterstocommand" should of course be validated before passing them to the OS command.
-     * 3)      If you must use this method, then we recommend validating all user supplied input passed to the command shell as well, in addition to using this method in order to make the command shell invocation safe.
-     *  
-     * An example use of this method would be: System.exec("dir " + ESAPI.encodeForOS(WindowsCodec, "parameter(s)tocommandwithuserinput");
-     * 
-     * @param codec 
-     *      a Codec that declares which operating system 'input' is being encoded for (ie. Windows, Unix, etc.)
-     * @param input 
-     *      the text to encode for the command shell
-     * 
-     * @return input encoded for use in command shell
-     */
-	String encodeForOS(Codec codec, String input);
-
-	/**
-	 * Encode data for use in LDAP queries.
-	 * 
-	 * @param input 
-	 * 		the text to encode for LDAP
-	 * 
-	 * @return input encoded for use in LDAP
-	 */
-	String encodeForLDAP(String input);
-
-	/**
-	 * Encode data for use in an LDAP distinguished name.
-	 * 
-	 *  @param input 
-	 *  		the text to encode for an LDAP distinguished name
-	 * 
-	 *  @return input encoded for use in an LDAP distinguished name
-	 */
-	String encodeForDN(String input);
-
-	/**
-	 * Encode data for use in an XPath query.
-	 * 
-	 * NB: The reference implementation encodes almost everything and may over-encode. 
-	 * 
-	 * The difficulty with XPath encoding is that XPath has no built in mechanism for escaping
-	 * characters. It is possible to use XQuery in a parameterized way to
-	 * prevent injection. 
-	 * 
-	 * For more information, refer to <a
-	 * href="http://www.ibm.com/developerworks/xml/library/x-xpathinjection.html">this
-	 * article</a> which specifies the following list of characters as the most
-	 * dangerous: ^&"*';<>(). <a
-	 * href="http://www.packetstormsecurity.org/papers/bypass/Blind_XPath_Injection_20040518.pdf">This
-	 * paper</a> suggests disallowing ' and " in queries.
-	 * 
-	 * @see <a href="http://www.ibm.com/developerworks/xml/library/x-xpathinjection.html">XPath Injection [ibm.com]</a>
-	 * @see <a href="http://www.packetstormsecurity.org/papers/bypass/Blind_XPath_Injection_20040518.pdf">Blind XPath Injection [packetstormsecurity.org]</a>
-	 *  
-	 * @param input
-	 *      the text to encode for XPath
-	 * @return 
-	 * 		input encoded for use in XPath
-	 */
-	String encodeForXPath(String input);
-
-	/**
-	 * Encode data for use in an XML element. The implementation should follow the <a
-	 * href="http://www.w3schools.com/xml/xml_encoding.asp">XML Encoding
-	 * Standard</a> from the W3C.
-	 * <p>
-	 * The use of a real XML parser is strongly encouraged. However, in the
-	 * hopefully rare case that you need to make sure that data is safe for
-	 * inclusion in an XML document and cannot use a parse, this method provides
-	 * a safe mechanism to do so.
-	 * 
-	 * @see <a href="http://www.w3schools.com/xml/xml_encoding.asp">XML Encoding Standard</a>
-	 * 
-	 * @param input
-	 * 			the text to encode for XML
-	 * 
-	 * @return
-	 *			input encoded for use in XML
-	 */
-	String encodeForXML(String input);
-
-	/**
-	 * Encode data for use in an XML attribute. The implementation should follow
-	 * the <a href="http://www.w3schools.com/xml/xml_encoding.asp">XML Encoding
-	 * Standard</a> from the W3C.
-	 * <p>
-	 * The use of a real XML parser is highly encouraged. However, in the
-	 * hopefully rare case that you need to make sure that data is safe for
-	 * inclusion in an XML document and cannot use a parse, this method provides
-	 * a safe mechanism to do so.
-	 * 
-	 * @see <a href="http://www.w3schools.com/xml/xml_encoding.asp">XML Encoding Standard</a>
-	 * 
-	 * @param input
-	 * 			the text to encode for use as an XML attribute
-	 * 
-	 * @return 
-	 * 			input encoded for use in an XML attribute
-	 */
-	String encodeForXMLAttribute(String input);
-
-	/**
-	 * Encode for use in a URL. This method performs <a
-	 * href="http://en.wikipedia.org/wiki/Percent-encoding">URL encoding</a>
-	 * on the entire string.
-	 * 
-	 * @see <a href="http://en.wikipedia.org/wiki/Percent-encoding">URL encoding</a>
-	 * 
-	 * @param input 
-	 * 		the text to encode for use in a URL
-	 * 
-	 * @return input 
-	 * 		encoded for use in a URL
-	 * 
-	 * @throws EncodingException 
-	 * 		if encoding fails
-	 */
-	String encodeForURL(String input) throws EncodingException;
-
-	/**
-	 * Decode from URL. Implementations should first canonicalize and
-	 * detect any double-encoding. If this check passes, then the data is decoded using URL
-	 * decoding.
-	 * 
-	 * @param input 
-	 * 		the text to decode from an encoded URL
-	 * 
-	 * @return 
-	 * 		the decoded URL value
-	 * 
-	 * @throws EncodingException 
-	 * 		if decoding fails
-	 */
-	String decodeFromURL(String input) throws EncodingException;
-
-	/**
-	 * Encode for Base64.
-	 * 
-	 * @param input 
-	 * 		the text to encode for Base64
-	 * @param wrap
-	 * 		the encoder will wrap lines every 64 characters of output
-	 * 
-	 * @return input encoded for Base64
-	 */
-	String encodeForBase64(byte[] input, boolean wrap);
-
-	/**
-	 * Decode data encoded with BASE-64 encoding.
-	 * 
-	 * @param input 
-	 * 		the Base64 text to decode
-	 * 
-	 * @return input 
-	 * 		decoded from Base64
-	 * 
-	 * @throws IOException
-	 */
-	byte[] decodeFromBase64(String input) throws IOException;
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi;
+
+import java.io.IOException;
+
+import org.owasp.esapi.codecs.Codec;
+import org.owasp.esapi.errors.EncodingException;
+
+
+/**
+ * The Encoder interface contains a number of methods for decoding input and encoding output
+ * so that it will be safe for a variety of interpreters. To prevent
+ * double-encoding, callers should make sure input does not already contain encoded characters
+ * by calling canonicalize. Validator implementations should call canonicalize on user input
+ * <b>before</b> validating to prevent encoded attacks.
+ * <p>
+ * All of the methods must use a "whitelist" or "positive" security model.
+ * For the encoding methods, this means that all characters should be encoded, except for a specific list of
+ * "immune" characters that are known to be safe.
+ * <p>
+ * The Encoder performs two key functions, encoding and decoding. These functions rely
+ * on a set of codecs that can be found in the org.owasp.esapi.codecs package. These include:
+ * <ul><li>CSS Escaping</li>
+ * <li>HTMLEntity Encoding</li>
+ * <li>JavaScript Escaping</li>
+ * <li>MySQL Escaping</li>
+ * <li>Oracle Escaping</li>
+ * <li>Percent Encoding (aka URL Encoding)</li>
+ * <li>Unix Escaping</li>
+ * <li>VBScript Escaping</li>
+ * <li>Windows Encoding</li></ul>
+ * <p>
+ * 
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ */
+public interface Encoder {
+	
+	/**
+	 * Standard character sets
+	 */
+
+	/**  
+	 * @deprecated Use {@link EncoderConstants#CHAR_LOWERS} instead
+	 */
+	@Deprecated
+	public final static char[] CHAR_LOWERS = EncoderConstants.CHAR_LOWERS;
+    /**
+	 * @deprecated Use {@link EncoderConstants#CHAR_UPPERS} instead
+	 *
+	 */
+	@Deprecated
+	public final static char[] CHAR_UPPERS = EncoderConstants.CHAR_UPPERS;
+    /**
+	 * @deprecated Use {@link EncoderConstants#CHAR_DIGITS} instead
+	 *
+	 */
+	@Deprecated
+	public final static char[] CHAR_DIGITS = EncoderConstants.CHAR_DIGITS;
+    /**
+	 * @deprecated Use {@link EncoderConstants#CHAR_SPECIALS} instead
+	 *
+	 */
+	@Deprecated
+	public final static char[] CHAR_SPECIALS = EncoderConstants.CHAR_SPECIALS;
+    /**
+	 * @deprecated Use {@link EncoderConstants#CHAR_LETTERS} instead
+	 *
+	 */
+	@Deprecated
+	public final static char[] CHAR_LETTERS = EncoderConstants.CHAR_LETTERS;
+    /**
+	 * @deprecated Use {@link EncoderConstants#CHAR_ALPHANUMERICS} instead
+	 *
+	 */
+	@Deprecated
+	public final static char[] CHAR_ALPHANUMERICS = EncoderConstants.CHAR_ALPHANUMERICS;
+	
+	
+	/**
+	 * Password character set, is alphanumerics (without l, i, I, o, O, and 0)
+	 * selected specials like + (bad for URL encoding, | is like i and 1,
+	 * etc...)
+	 * @deprecated Use {@link EncoderConstants#CHAR_PASSWORD_LOWERS} instead
+	 */
+	@Deprecated
+	public final static char[] CHAR_PASSWORD_LOWERS = EncoderConstants.CHAR_PASSWORD_LOWERS;
+    /**
+	 * @deprecated Use {@link EncoderConstants#CHAR_PASSWORD_UPPERS} instead
+	 *
+	 */
+	@Deprecated
+	public final static char[] CHAR_PASSWORD_UPPERS = EncoderConstants.CHAR_PASSWORD_UPPERS;
+    /**
+	 * @deprecated Use {@link EncoderConstants#CHAR_PASSWORD_DIGITS} instead
+	 *
+	 */
+	@Deprecated
+	public final static char[] CHAR_PASSWORD_DIGITS = EncoderConstants.CHAR_PASSWORD_DIGITS;
+    /**
+	 * @deprecated Use {@link EncoderConstants#CHAR_PASSWORD_SPECIALS} instead
+	 *
+	 */
+	@Deprecated
+	public final static char[] CHAR_PASSWORD_SPECIALS = EncoderConstants.CHAR_PASSWORD_SPECIALS;
+    /**
+	 * @deprecated Use {@link EncoderConstants#CHAR_PASSWORD_LETTERS} instead
+	 *
+	 */
+	@Deprecated
+	public final static char[] CHAR_PASSWORD_LETTERS = EncoderConstants.CHAR_PASSWORD_LETTERS;
+    
+
+
+	/**
+	 * This method is equivalent to calling <pre>Encoder.canonicalize(input, restrictMultiple, restrictMixed);</pre>
+	 *
+	 * The default values for restrictMultiple and restrictMixed come from ESAPI.properties
+	 * <pre>
+	 * Encoder.AllowMultipleEncoding=false
+	 * Encoder.AllowMixedEncoding=false
+	 * </pre>
+	 *
+	 * @see Encoder#canonicalize(String, boolean, boolean) canonicalize
+	 * @see <a href="http://www.w3.org/TR/html4/interact/forms.html#h-17.13.4">W3C specifications</a>
+	 * 
+	 * @param input the text to canonicalize
+	 * @return a String containing the canonicalized text
+	 */
+	String canonicalize(String input);
+	
+	/**
+	 * This method is the equivalent to calling <pre>Encoder.canonicalize(input, strict, strict);</pre>
+	 *
+	 * @see Encoder#canonicalize(String, boolean, boolean) canonicalize
+	 * @see <a href="http://www.w3.org/TR/html4/interact/forms.html#h-17.13.4">W3C specifications</a>
+	 *  
+	 * @param input 
+	 * 		the text to canonicalize
+	 * @param strict 
+	 * 		true if checking for multiple and mixed encoding is desired, false otherwise
+	 * 
+	 * @return a String containing the canonicalized text
+	 */
+	String canonicalize(String input, boolean strict);
+
+	/**
+	 * Canonicalization is simply the operation of reducing a possibly encoded
+	 * string down to its simplest form. This is important, because attackers
+	 * frequently use encoding to change their input in a way that will bypass
+	 * validation filters, but still be interpreted properly by the target of
+	 * the attack. Note that data encoded more than once is not something that a
+	 * normal user would generate and should be regarded as an attack.
+	 * <p>
+     * Everyone <a href="http://cwe.mitre.org/data/definitions/180.html">says</a> you shouldn't do validation
+     * without canonicalizing the data first. This is easier said than done. The canonicalize method can
+     * be used to simplify just about any input down to its most basic form. Note that canonicalize doesn't
+     * handle Unicode issues, it focuses on higher level encoding and escaping schemes. In addition to simple
+     * decoding, canonicalize also handles:
+     * <ul><li>Perverse but legal variants of escaping schemes</li>
+     * <li>Multiple escaping (%2526 or &#x26;lt;)</li>
+     * <li>Mixed escaping (%26lt;)</li>
+     * <li>Nested escaping (%%316 or &%6ct;)</li>
+     * <li>All combinations of multiple, mixed, and nested encoding/escaping (%2&#x35;3c or &#x2526gt;)</li></ul>
+     * <p>
+     * Using canonicalize is simple. The default is just...
+     * <pre>
+     *     String clean = ESAPI.encoder().canonicalize( request.getParameter("input"));
+     * </pre>
+     * You need to decode untrusted data so that it's safe for ANY downstream interpreter or decoder. For
+     * example, if your data goes into a Windows command shell, then into a database, and then to a browser,
+     * you're going to need to decode for all of those systems. You can build a custom encoder to canonicalize
+     * for your application like this...
+     * <pre>
+     *     ArrayList list = new ArrayList();
+     *     list.add( new WindowsCodec() );
+     *     list.add( new MySQLCodec() );
+     *     list.add( new PercentCodec() );
+     *     Encoder encoder = new DefaultEncoder( list );
+     *     String clean = encoder.canonicalize( request.getParameter( "input" ));
+     * </pre>
+     * In ESAPI, the Validator uses the canonicalize method before it does validation.  So all you need to
+     * do is to validate as normal and you'll be protected against a host of encoded attacks.
+     * <pre>
+     *     String input = request.getParameter( "name" );
+     *     String name = ESAPI.validator().isValidInput( "test", input, "FirstName", 20, false);
+     * </pre>
+     * However, the default canonicalize() method only decodes HTMLEntity, percent (URL) encoding, and JavaScript
+     * encoding. If you'd like to use a custom canonicalizer with your validator, that's pretty easy too.
+     * <pre>
+     *     ... setup custom encoder as above
+     *     Validator validator = new DefaultValidator( encoder );
+     *     String input = request.getParameter( "name" );
+     *     String name = validator.isValidInput( "test", input, "name", 20, false);
+     * </pre>
+     * Although ESAPI is able to canonicalize multiple, mixed, or nested encoding, it's safer to not accept
+     * this stuff in the first place. In ESAPI, the default is "strict" mode that throws an IntrusionException
+     * if it receives anything not single-encoded with a single scheme. This is configurable
+     * in ESAPI.properties using the properties:
+	 * <pre>
+	 * Encoder.AllowMultipleEncoding=false
+	 * Encoder.AllowMixedEncoding=false
+	 * </pre>
+	 * This method allows you to override the default behavior by directly specifying whether to restrict
+	 * multiple or mixed encoding. Even if you disable restrictions, you'll still get
+     * warning messages in the log about each multiple encoding and mixed encoding received.
+     * <pre>
+     *     // disabling strict mode to allow mixed encoding
+     *     String url = ESAPI.encoder().canonicalize( request.getParameter("url"), false, false);
+     * </pre>
+	 *
+	 * @see <a href="http://www.w3.org/TR/html4/interact/forms.html#h-17.13.4">W3C specifications</a>
+	 *
+	 * @param input
+	 * 		the text to canonicalize
+	 * @param restrictMultiple
+	 * 		true if checking for multiple encoding is desired, false otherwise
+	 * @param restrictMixed
+	 * 		true if checking for mixed encoding is desired, false otherwise
+	 *
+	 * @return a String containing the canonicalized text
+	 */
+	String canonicalize(String input, boolean restrictMultiple, boolean restrictMixed);
+
+	/**
+	 * Encode data for use in Cascading Style Sheets (CSS) content.
+	 * 
+	 * @see <a href="http://www.w3.org/TR/CSS21/syndata.html#escaped-characters">CSS Syntax [w3.org]</a>
+	 * 
+	 * @param input 
+	 * 		the text to encode for CSS
+	 * 
+	 * @return input encoded for CSS
+	 */
+	String encodeForCSS(String input);
+
+	/**
+	 * Encode data for use in HTML using HTML entity encoding
+	 * <p> 
+	 * Note that the following characters:
+	 * 00-08, 0B-0C, 0E-1F, and 7F-9F
+	 * <p>cannot be used in HTML. 
+	 * 
+	 * @see <a href="http://en.wikipedia.org/wiki/Character_encodings_in_HTML">HTML Encodings [wikipedia.org]</a> 
+	 * @see <a href="http://www.w3.org/TR/html4/sgml/sgmldecl.html">SGML Specification [w3.org]</a>
+     * @see <a href="http://www.w3.org/TR/REC-xml/#charsets">XML Specification [w3.org]</a>
+	 * 
+	 * @param input 
+	 * 		the text to encode for HTML
+	 * 
+	 * @return input encoded for HTML
+	 */
+	String encodeForHTML(String input);
+
+	/**
+     * Decodes HTML entities.
+     * @param input the <code>String</code> to decode
+     * @return the newly decoded <code>String</code>
+     */
+	String decodeForHTML(String input);
+		
+	/**
+	 * Encode data for use in HTML attributes.
+	 * 
+	 * @param input 
+	 * 		the text to encode for an HTML attribute
+	 * 
+	 * @return input encoded for use as an HTML attribute
+	 */
+	String encodeForHTMLAttribute(String input);
+
+
+    /**
+     * Encode data for insertion inside a data value or function argument in JavaScript. Including user data 
+     * directly inside a script is quite dangerous. Great care must be taken to prevent including user data
+     * directly into script code itself, as no amount of encoding will prevent attacks there.
+     * 
+     * Please note there are some JavaScript functions that can never safely receive untrusted data 
+     * as input – even if the user input is encoded.
+     * 
+     * For example:
+     * <pre>
+     *  &lt;script&gt;
+     *    &nbsp;&nbsp;window.setInterval('&lt;%= EVEN IF YOU ENCODE UNTRUSTED DATA YOU ARE XSSED HERE %&gt;');
+     *  &lt;/script&gt;
+     * </pre>
+     * @param input 
+     *          the text to encode for JavaScript
+     * 
+     * @return input encoded for use in JavaScript
+     */
+	String encodeForJavaScript(String input);
+
+	/**
+	 * Encode data for insertion inside a data value in a Visual Basic script. Putting user data directly
+	 * inside a script is quite dangerous. Great care must be taken to prevent putting user data
+	 * directly into script code itself, as no amount of encoding will prevent attacks there.
+	 * 
+	 * This method is not recommended as VBScript is only supported by Internet Explorer
+	 * 
+	 * @param input 
+	 * 		the text to encode for VBScript
+	 * 
+	 * @return input encoded for use in VBScript
+	 */
+	String encodeForVBScript(String input);
+
+
+	/**
+	 * Encode input for use in a SQL query, according to the selected codec 
+	 * (appropriate codecs include the MySQLCodec and OracleCodec).
+	 * 
+	 * This method is not recommended. The use of the PreparedStatement 
+	 * interface is the preferred approach. However, if for some reason 
+	 * this is impossible, then this method is provided as a weaker 
+	 * alternative. 
+	 * 
+	 * The best approach is to make sure any single-quotes are double-quoted.
+	 * Another possible approach is to use the {escape} syntax described in the
+	 * JDBC specification in section 1.5.6.
+	 * 
+	 * However, this syntax does not work with all drivers, and requires
+	 * modification of all queries.
+	 * 
+	 * @see <a href="http://java.sun.com/j2se/1.4.2/docs/guide/jdbc/getstart/statement.html">JDBC Specification</a>
+	 *  
+	 * @param codec 
+	 * 		a Codec that declares which database 'input' is being encoded for (ie. MySQL, Oracle, etc.)
+	 * @param input 
+	 * 		the text to encode for SQL
+	 * 
+	 * @return input encoded for use in SQL
+	 */
+	String encodeForSQL(Codec codec, String input);
+
+    /**
+     * Encode for an operating system command shell according to the selected codec (appropriate codecs include the WindowsCodec and UnixCodec). 
+     *
+     * Please note the following recommendations before choosing to use this method: 
+     * 
+     * 1)      It is strongly recommended that applications avoid making direct OS system calls if possible as such calls are not portable, and they are potentially unsafe. Please use language provided features if at all possible, rather than native OS calls to implement the desired feature.
+     * 2)      If an OS call cannot be avoided, then it is recommended that the program to be invoked be invoked directly (e.g., System.exec("nameofcommand" + "parameterstocommand");) as this avoids the use of the command shell. The "parameterstocommand" should of course be validated before passing them to the OS command.
+     * 3)      If you must use this method, then we recommend validating all user supplied input passed to the command shell as well, in addition to using this method in order to make the command shell invocation safe.
+     *  
+     * An example use of this method would be: System.exec("dir " + ESAPI.encodeForOS(WindowsCodec, "parameter(s)tocommandwithuserinput");
+     * 
+     * @param codec 
+     *      a Codec that declares which operating system 'input' is being encoded for (ie. Windows, Unix, etc.)
+     * @param input 
+     *      the text to encode for the command shell
+     * 
+     * @return input encoded for use in command shell
+     */
+	String encodeForOS(Codec codec, String input);
+
+	/**
+	 * Encode data for use in LDAP queries.
+	 * 
+	 * @param input 
+	 * 		the text to encode for LDAP
+	 * 
+	 * @return input encoded for use in LDAP
+	 */
+	String encodeForLDAP(String input);
+
+	/**
+	 * Encode data for use in an LDAP distinguished name.
+	 * 
+	 *  @param input 
+	 *  		the text to encode for an LDAP distinguished name
+	 * 
+	 *  @return input encoded for use in an LDAP distinguished name
+	 */
+	String encodeForDN(String input);
+
+	/**
+	 * Encode data for use in an XPath query.
+	 * 
+	 * NB: The reference implementation encodes almost everything and may over-encode. 
+	 * 
+	 * The difficulty with XPath encoding is that XPath has no built in mechanism for escaping
+	 * characters. It is possible to use XQuery in a parameterized way to
+	 * prevent injection. 
+	 * 
+	 * For more information, refer to <a
+	 * href="http://www.ibm.com/developerworks/xml/library/x-xpathinjection.html">this
+	 * article</a> which specifies the following list of characters as the most
+	 * dangerous: ^&"*';<>(). <a
+	 * href="http://www.packetstormsecurity.org/papers/bypass/Blind_XPath_Injection_20040518.pdf">This
+	 * paper</a> suggests disallowing ' and " in queries.
+	 * 
+	 * @see <a href="http://www.ibm.com/developerworks/xml/library/x-xpathinjection.html">XPath Injection [ibm.com]</a>
+	 * @see <a href="http://www.packetstormsecurity.org/papers/bypass/Blind_XPath_Injection_20040518.pdf">Blind XPath Injection [packetstormsecurity.org]</a>
+	 *  
+	 * @param input
+	 *      the text to encode for XPath
+	 * @return 
+	 * 		input encoded for use in XPath
+	 */
+	String encodeForXPath(String input);
+
+	/**
+	 * Encode data for use in an XML element. The implementation should follow the <a
+	 * href="http://www.w3schools.com/xml/xml_encoding.asp">XML Encoding
+	 * Standard</a> from the W3C.
+	 * <p>
+	 * The use of a real XML parser is strongly encouraged. However, in the
+	 * hopefully rare case that you need to make sure that data is safe for
+	 * inclusion in an XML document and cannot use a parse, this method provides
+	 * a safe mechanism to do so.
+	 * 
+	 * @see <a href="http://www.w3schools.com/xml/xml_encoding.asp">XML Encoding Standard</a>
+	 * 
+	 * @param input
+	 * 			the text to encode for XML
+	 * 
+	 * @return
+	 *			input encoded for use in XML
+	 */
+	String encodeForXML(String input);
+
+	/**
+	 * Encode data for use in an XML attribute. The implementation should follow
+	 * the <a href="http://www.w3schools.com/xml/xml_encoding.asp">XML Encoding
+	 * Standard</a> from the W3C.
+	 * <p>
+	 * The use of a real XML parser is highly encouraged. However, in the
+	 * hopefully rare case that you need to make sure that data is safe for
+	 * inclusion in an XML document and cannot use a parse, this method provides
+	 * a safe mechanism to do so.
+	 * 
+	 * @see <a href="http://www.w3schools.com/xml/xml_encoding.asp">XML Encoding Standard</a>
+	 * 
+	 * @param input
+	 * 			the text to encode for use as an XML attribute
+	 * 
+	 * @return 
+	 * 			input encoded for use in an XML attribute
+	 */
+	String encodeForXMLAttribute(String input);
+
+	/**
+	 * Encode for use in a URL. This method performs <a
+	 * href="http://en.wikipedia.org/wiki/Percent-encoding">URL encoding</a>
+	 * on the entire string.
+	 * 
+	 * @see <a href="http://en.wikipedia.org/wiki/Percent-encoding">URL encoding</a>
+	 * 
+	 * @param input 
+	 * 		the text to encode for use in a URL
+	 * 
+	 * @return input 
+	 * 		encoded for use in a URL
+	 * 
+	 * @throws EncodingException 
+	 * 		if encoding fails
+	 */
+	String encodeForURL(String input) throws EncodingException;
+
+	/**
+	 * Decode from URL. Implementations should first canonicalize and
+	 * detect any double-encoding. If this check passes, then the data is decoded using URL
+	 * decoding.
+	 * 
+	 * @param input 
+	 * 		the text to decode from an encoded URL
+	 * 
+	 * @return 
+	 * 		the decoded URL value
+	 * 
+	 * @throws EncodingException 
+	 * 		if decoding fails
+	 */
+	String decodeFromURL(String input) throws EncodingException;
+
+	/**
+	 * Encode for Base64.
+	 * 
+	 * @param input 
+	 * 		the text to encode for Base64
+	 * @param wrap
+	 * 		the encoder will wrap lines every 64 characters of output
+	 * 
+	 * @return input encoded for Base64
+	 */
+	String encodeForBase64(byte[] input, boolean wrap);
+
+	/**
+	 * Decode data encoded with BASE-64 encoding.
+	 * 
+	 * @param input 
+	 * 		the Base64 text to decode
+	 * 
+	 * @return input 
+	 * 		decoded from Base64
+	 * 
+	 * @throws IOException
+	 */
+	byte[] decodeFromBase64(String input) throws IOException;
+
+}

From 9b8c23eedc363039e10df109697fc2dbf44b10b8 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:48 -0500
Subject: [PATCH 106/812] Change CRLF to LF for issue 356.

---
 .../org/owasp/esapi/EncryptedProperties.java  | 224 +++++++++---------
 1 file changed, 112 insertions(+), 112 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/EncryptedProperties.java b/src/main/java/org/owasp/esapi/EncryptedProperties.java
index e95b1b858..b3a7cd006 100644
--- a/src/main/java/org/owasp/esapi/EncryptedProperties.java
+++ b/src/main/java/org/owasp/esapi/EncryptedProperties.java
@@ -1,112 +1,112 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.util.Set;
-
-import org.owasp.esapi.errors.EncryptionException;
-
-
-/**
- * The {@code EncryptedProperties} interface represents a properties file
- * where all the data is encrypted before it is added, and decrypted when it
- * retrieved. This interface can be implemented in a number of ways, the
- * simplest being extending {@link java.util.Properties} and overloading
- * the {@code getProperty} and {@code setProperty} methods. In all cases,
- * the master encryption key, as given by the {@code Encryptor.MasterKey}
- * property in <b><code>ESAPI.properties</code></b> file.
- *
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- */
-public interface EncryptedProperties {
-
-	/**
-	 * Gets the property value from the encrypted store, decrypts it, and
-	 * returns the plaintext value to the caller.
-	 * 
-	 * @param key
-	 *      the name of the property to get 
-	 * 
-	 * @return 
-	 * 	The decrypted property value. null if the key is not set.
-	 * 
-	 * @throws EncryptionException
-	 *      if the property could not be decrypted
-	 */
-	String getProperty(String key) throws EncryptionException;
-
-	/**
-	 * Encrypts the plaintext property value and stores the ciphertext value
-	 * in the encrypted store.
-	 * 
-	 * @param key
-	 *      the name of the property to set
-	 * @param value
-	 * 		the value of the property to set
-	 * 
-	 * @return 
-	 * 		the previously encrypted property value for the specified key, or
-	 *      {@code null} if it did not have one.
-	 * 
-	 * @throws EncryptionException
-	 *      if the property could not be encrypted
-	 */
-	String setProperty(String key, String value) throws EncryptionException;
-	
-	/**
-	 * Returns a {@code Set} view of properties. The {@code Set} is backed by a
-	 * {@code java.util.Hashtable}, so changes to the {@code Hashtable} are
-	 * reflected in the {@code Set}, and vice-versa. The {@code Set} supports element 
-	 * removal (which removes the corresponding entry from the {@code Hashtable),
-	 * but not element addition.
-	 * 
-	 * @return 
-	 * 		a set view of the properties contained in this map.
-	 */
-	public Set<?> keySet();
-		
-	/**
-	 * Reads a property list (key and element pairs) from the input stream.
-	 * 
-	 * @param in
-	 * 		the input stream that contains the properties file
-	 * 
-	 * @throws IOException
-	 *      Signals that an I/O exception has occurred.
-	 */
-	public void load(InputStream in) throws IOException;
-	
-	/**
-	 * Writes this property list (key and element pairs) in this Properties table to 
-	 * the output stream in a format suitable for loading into a Properties table using the load method. 
-	 * 
-	 * @param out
-	 * 		the output stream that contains the properties file
-	 * @param comments
-	 *            a description of the property list (ex. "Encrypted Properties File").
-	 * 
-	 * @throws IOException
-	 *             Signals that an I/O exception has occurred.
-	 */
-	public void store(OutputStream out, String comments) throws IOException;	
-	
-	
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.util.Set;
+
+import org.owasp.esapi.errors.EncryptionException;
+
+
+/**
+ * The {@code EncryptedProperties} interface represents a properties file
+ * where all the data is encrypted before it is added, and decrypted when it
+ * retrieved. This interface can be implemented in a number of ways, the
+ * simplest being extending {@link java.util.Properties} and overloading
+ * the {@code getProperty} and {@code setProperty} methods. In all cases,
+ * the master encryption key, as given by the {@code Encryptor.MasterKey}
+ * property in <b><code>ESAPI.properties</code></b> file.
+ *
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ */
+public interface EncryptedProperties {
+
+	/**
+	 * Gets the property value from the encrypted store, decrypts it, and
+	 * returns the plaintext value to the caller.
+	 * 
+	 * @param key
+	 *      the name of the property to get 
+	 * 
+	 * @return 
+	 * 	The decrypted property value. null if the key is not set.
+	 * 
+	 * @throws EncryptionException
+	 *      if the property could not be decrypted
+	 */
+	String getProperty(String key) throws EncryptionException;
+
+	/**
+	 * Encrypts the plaintext property value and stores the ciphertext value
+	 * in the encrypted store.
+	 * 
+	 * @param key
+	 *      the name of the property to set
+	 * @param value
+	 * 		the value of the property to set
+	 * 
+	 * @return 
+	 * 		the previously encrypted property value for the specified key, or
+	 *      {@code null} if it did not have one.
+	 * 
+	 * @throws EncryptionException
+	 *      if the property could not be encrypted
+	 */
+	String setProperty(String key, String value) throws EncryptionException;
+	
+	/**
+	 * Returns a {@code Set} view of properties. The {@code Set} is backed by a
+	 * {@code java.util.Hashtable}, so changes to the {@code Hashtable} are
+	 * reflected in the {@code Set}, and vice-versa. The {@code Set} supports element 
+	 * removal (which removes the corresponding entry from the {@code Hashtable),
+	 * but not element addition.
+	 * 
+	 * @return 
+	 * 		a set view of the properties contained in this map.
+	 */
+	public Set<?> keySet();
+		
+	/**
+	 * Reads a property list (key and element pairs) from the input stream.
+	 * 
+	 * @param in
+	 * 		the input stream that contains the properties file
+	 * 
+	 * @throws IOException
+	 *      Signals that an I/O exception has occurred.
+	 */
+	public void load(InputStream in) throws IOException;
+	
+	/**
+	 * Writes this property list (key and element pairs) in this Properties table to 
+	 * the output stream in a format suitable for loading into a Properties table using the load method. 
+	 * 
+	 * @param out
+	 * 		the output stream that contains the properties file
+	 * @param comments
+	 *            a description of the property list (ex. "Encrypted Properties File").
+	 * 
+	 * @throws IOException
+	 *             Signals that an I/O exception has occurred.
+	 */
+	public void store(OutputStream out, String comments) throws IOException;	
+	
+	
+}

From cf3039aef11fac00c3aeabb776337db915e96c88 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:48 -0500
Subject: [PATCH 107/812] Change CRLF to LF for issue 356.

---
 src/main/java/org/owasp/esapi/Encryptor.java | 634 +++++++++----------
 1 file changed, 317 insertions(+), 317 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/Encryptor.java b/src/main/java/org/owasp/esapi/Encryptor.java
index 35bf094dd..979140c86 100644
--- a/src/main/java/org/owasp/esapi/Encryptor.java
+++ b/src/main/java/org/owasp/esapi/Encryptor.java
@@ -1,318 +1,318 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright &copy; 2007,2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @author kevin.w.wall@gmail.com
- * @created 2007
- */
-package org.owasp.esapi;
-
-import javax.crypto.SecretKey;
-
-import org.owasp.esapi.crypto.CipherText;
-import org.owasp.esapi.crypto.PlainText;
-import org.owasp.esapi.errors.EncryptionException;
-import org.owasp.esapi.errors.IntegrityException;
-
-
-/**
- * The Encryptor interface provides a set of methods for performing common
- * encryption, random number, and hashing operations. Implementations should
- * rely on a strong cryptographic implementation, such as JCE or BouncyCastle.
- * Implementors should take care to ensure that they initialize their
- * implementation with a strong "master key", and that they protect this secret
- * as much as possible.
- * <P>
- * The main property controlling the selection of the implementation class is the
- * property {@code ESAPI.Encryptor} in {@code ESAPI.properties}. Most of the
- * the other encryption related properties have property names that start with
- * the string "Encryptor.". These properties all you to do things such as
- * select the encryption algorithms, the preferred JCE provider, etc.
- * </P><P>
- * In addition, there are two important properties (initially delivered as unset
- * from the ESAPI download) named {@code Encryptor.MasterKey} and
- * {@code Encryptor.MasterSalt} that must be set before using ESAPI encryption.
- * There is a <i>bash</i>(1) shell script provided with the standard ESAPI distribution
- * called 'setMasterKey.sh' that will assist you in setting these two properties. The
- * script is in 'src/examples/scripts/setMasterKey.sh'.
- * </P><P>
- * Possible future enhancements (depending on feedback) are discussed in
- * section 4 of
- * <a href="http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/esapi4java-core-2.0-crypto-design-goals.doc">
- * Design Goals in OWASP ESAPI Cryptography</a>.
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- * @see <a href="http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html">User Guide for Symmetric Encryption in ESAPI 2.0</a>
- */
-public interface Encryptor {
-
-	/**
-	 * Returns a string representation of the hash of the provided plaintext and
-	 * salt. The salt helps to protect against a rainbow table attack by mixing
-	 * in some extra data with the plaintext. Some good choices for a salt might
-	 * be an account name or some other string that is known to the application
-	 * but not to an attacker.
-	 * See <a href="http://www.matasano.com/log/958/enough-with-the-rainbow-tables-what-you-need-to-know-about-secure-password-schemes/">
-	 * this article</a> for more information about hashing as it pertains to password schemes.
-	 * 
-	 * @param plaintext
-	 * 		the plaintext String to encrypt
-	 * @param salt
-	 *      the salt to add to the plaintext String before hashing
-	 * 
-	 * @return 
-	 * 		the encrypted hash of 'plaintext' stored as a String
-	 * 
-	 * @throws EncryptionException
-	 *      if the specified hash algorithm could not be found or another problem exists with 
-	 *      the hashing of 'plaintext'
-	 */
-	String hash(String plaintext, String salt) throws EncryptionException;
-
-	/**
-	 * Returns a string representation of the hash of the provided plaintext and
-	 * salt. The salt helps to protect against a rainbow table attack by mixing
-	 * in some extra data with the plaintext. Some good choices for a salt might
-	 * be an account name or some other string that is known to the application
-	 * but not to an attacker. 
-	 * See <a href="http://www.matasano.com/log/958/enough-with-the-rainbow-tables-what-you-need-to-know-about-secure-password-schemes/">
-	 * this article</a> for more information about hashing as it pertains to password schemes.
-	 * 
-	 * @param plaintext
-	 * 		the plaintext String to encrypt
-	 * @param salt
-	 *      the salt to add to the plaintext String before hashing
-	 * @param iterations
-	 *      the number of times to iterate the hash
-	 * 
-	 * @return 
-	 * 		the encrypted hash of 'plaintext' stored as a String
-	 * 
-	 * @throws EncryptionException
-	 *      if the specified hash algorithm could not be found or another problem exists with 
-	 *      the hashing of 'plaintext'
-	 */
-	String hash(String plaintext, String salt, int iterations) throws EncryptionException;
-	
-	/**
-	 * Encrypts the provided plaintext bytes using the cipher transformation
-	 * specified by the property <code>Encryptor.CipherTransformation</code>
-	 * and the <i>master encryption key</i> as specified by the property
-	 * {@code Encryptor.MasterKey} as defined in the <code>ESAPI.properties</code> file.
-	 * </p>
-	 * 
-	 * @param plaintext	The {@code PlainText} to be encrypted.
-	 * @return the {@code CipherText} object from which the raw ciphertext, the
-	 * 				IV, the cipher transformation, and many other aspects about
-	 * 				the encryption detail may be extracted.
-	 * @throws EncryptionException Thrown if something should go wrong such as
-	 * 				the JCE provider cannot be found, the cipher algorithm,
-	 * 				cipher mode, or padding scheme not being supported, specifying
-	 * 				an unsupported key size, specifying an IV of incorrect length,
-	 * 				etc.
-	 * @see #encrypt(SecretKey, PlainText)
-	 * @since 2.0
-	 */
-	 CipherText encrypt(PlainText plaintext) throws EncryptionException;
-
-
-	 /**
-	  * Encrypts the provided plaintext bytes using the cipher transformation
-	  * specified by the property <code>Encryptor.CipherTransformation</code>
-	  * as defined in the <code>ESAPI.properties</code> file and the
-	  * <i>specified secret key</i>.
-	  * </p><p>
-	  * This method is similar to {@link #encrypt(PlainText)} except that it
-	  * permits a specific {@code SecretKey} to be used for encryption.
-	  *
-	  * @param key		The {@code SecretKey} to use for encrypting the plaintext.
-	  * @param plaintext	The byte stream to be encrypted. Note if a Java
-	  * 				{@code String} is to be encrypted, it should be converted
-	  * 				using {@code "some string".getBytes("UTF-8")}.
-	  * @return the {@code CipherText} object from which the raw ciphertext, the
-	  * 				IV, the cipher transformation, and many other aspects about
-	  * 				the encryption detail may be extracted.
-	  * @throws EncryptionException Thrown if something should go wrong such as
-	  * 				the JCE provider cannot be found, the cipher algorithm,
-	  * 				cipher mode, or padding scheme not being supported, specifying
-	  * 				an unsupported key size, specifying an IV of incorrect length,
-	  * 				etc.
-	  * @see #encrypt(PlainText)
-	  * @since 2.0
-	  */
-	 CipherText encrypt(SecretKey key, PlainText plaintext)
-	 		throws EncryptionException;
-
-	/**
-	 * Decrypts the provided {@link CipherText} using the information from it
-	 * and the <i>master encryption key</i> as specified by the property
-	 * {@code Encryptor.MasterKey} as defined in the {@code ESAPI.properties}
-	 * file.
-	 * </p>
-	 * @param ciphertext The {@code CipherText} object to be decrypted.
-	 * @return The {@code PlainText} object resulting from decrypting the specified
-	 * 		   ciphertext. Note that it it is desired to convert the returned
-	 * 		   plaintext byte array to a Java String is should be done using
-	 * 		   {@code new String(byte[], "UTF-8");} rather than simply using
-	 * 		   {@code new String(byte[]);} which uses native encoding and may
-	 * 		   not be portable across hardware and/or OS platforms.
-	 * @throws EncryptionException  Thrown if something should go wrong such as
-	 * 				the JCE provider cannot be found, the cipher algorithm,
-	 * 				cipher mode, or padding scheme not being supported, specifying
-	 * 				an unsupported key size, or incorrect encryption key was
-	 * 				specified or a {@code PaddingException} occurs.
-	 * @see #decrypt(SecretKey, CipherText)
-	 */
-	PlainText decrypt(CipherText ciphertext) throws EncryptionException;
-	
-	/**
-	 * Decrypts the provided {@link CipherText} using the information from it
-	 * and the <i>specified secret key</i>.
-	 * </p><p>
-	 * This decrypt method is similar to {@link #decrypt(CipherText)} except that
-	 * it allows decrypting with a secret key other than the <i>master secret key</i>.
-	 * </p>
-	 * @param key		The {@code SecretKey} to use for encrypting the plaintext.
-	 * @param ciphertext The {@code CipherText} object to be decrypted.
-	 * @return The {@code PlainText} object resulting from decrypting the specified
-	 * 		   ciphertext. Note that it it is desired to convert the returned
-	 * 		   plaintext byte array to a Java String is should be done using
-	 * 		   {@code new String(byte[], "UTF-8");} rather than simply using
-	 * 		   {@code new String(byte[]);} which uses native encoding and may
-	 * 		   not be portable across hardware and/or OS platforms.
-	 * @throws EncryptionException  Thrown if something should go wrong such as
-	 * 				the JCE provider cannot be found, the cipher algorithm,
-	 * 				cipher mode, or padding scheme not being supported, specifying
-	 * 				an unsupported key size, or incorrect encryption key was
-	 * 				specified or a {@code PaddingException} occurs.
-	 * @see #decrypt(CipherText)
-	 */
-	PlainText decrypt(SecretKey key, CipherText ciphertext) throws EncryptionException;
-	
-	/**
-	 * Create a digital signature for the provided data and return it in a
-	 * string.
-	 * <p>
-	 * <b>Limitations:</b> A new public/private key pair used for ESAPI 2.0 digital
-	 * signatures with this method and {@link #verifySignature(String, String)}
-	 * are dynamically created when the default reference implementation class,
-	 * {@link org.owasp.esapi.reference.crypto.JavaEncryptor} is first created.
-	 * Because this key pair is not persisted nor is the public key shared,
-	 * this method and the corresponding {@link #verifySignature(String, String)}
-	 * can not be used with expected results across JVM instances. This limitation
-	 * will be addressed in ESAPI 2.1.
-	 * </p>
-	 * 
-	 * @param data
-	 *      the data to sign
-	 * 
-	 * @return 
-	 * 		the digital signature stored as a String
-	 * 
-	 * @throws EncryptionException
-	 * 		if the specified signature algorithm cannot be found
-	 */
-	String sign(String data) throws EncryptionException;
-
-	/**
-	 * Verifies a digital signature (created with the sign method) and returns
-	 * the boolean result.
-     * <p>
-     * <b>Limitations:</b> A new public/private key pair used for ESAPI 2.0 digital
-     * signatures with this method and {@link #sign(String)}
-     * are dynamically created when the default reference implementation class,
-     * {@link org.owasp.esapi.reference.crypto.JavaEncryptor} is first created.
-     * Because this key pair is not persisted nor is the public key shared,
-     * this method and the corresponding {@link #sign(String)}
-     * can not be used with expected results across JVM instances. This limitation
-     * will be addressed in ESAPI 2.1.
-     * </p>
-	 * @param signature
-	 *      the signature to verify against 'data'
-	 * @param data
-	 *      the data to verify against 'signature'
-	 * 
-	 * @return 
-	 * 		true, if the signature is verified, false otherwise
-	 * 
-	 */
-	boolean verifySignature(String signature, String data);
-
-	/**
-	 * Creates a seal that binds a set of data and includes an expiration timestamp.
-	 * 
-	 * @param data
-	 *      the data to seal
-	 * @param timestamp
-	 *      the absolute expiration date of the data, expressed as seconds since the epoch
-	 * 
-	 * @return 
-     * 		the seal
-     * @throws IntegrityException
-	 * 
-	 */
-	String seal(String data, long timestamp) throws IntegrityException;
-
-	/**
-	 * Unseals data (created with the seal method) and throws an exception
-	 * describing any of the various problems that could exist with a seal, such
-	 * as an invalid seal format, expired timestamp, or decryption error.
-	 * 
-	 * @param seal
-	 *      the sealed data
-	 * 
-	 * @return 
-	 * 		the original (unsealed) data
-	 * 
-	 * @throws EncryptionException 
-	 * 		if the unsealed data cannot be retrieved for any reason
-	 */
-	String unseal( String seal ) throws EncryptionException;
-	
-	/**
-	 * Verifies a seal (created with the seal method) and throws an exception
-	 * describing any of the various problems that could exist with a seal, such
-	 * as an invalid seal format, expired timestamp, or data mismatch.
-	 * 
-	 * @param seal
-	 *      the seal to verify
-	 * 
-	 * @return 
-	 * 		true, if the seal is valid.  False otherwise
-	 */
-	boolean verifySeal(String seal);
-	
-	/**
-	 * Gets an absolute timestamp representing an offset from the current time to be used by
-	 * other functions in the library.
-	 * 
-	 * @param offset 
-	 * 		the offset to add to the current time
-	 * 
-	 * @return 
-	 * 		the absolute timestamp
-	 */
-	public long getRelativeTimeStamp( long offset );
-	
-	
-	/**
-	 * Gets a timestamp representing the current date and time to be used by
-	 * other functions in the library.
-	 * 
-	 * @return 
-	 * 		a timestamp representing the current time
-	 */
-	long getTimeStamp();
-
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright &copy; 2007,2009 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author kevin.w.wall@gmail.com
+ * @created 2007
+ */
+package org.owasp.esapi;
+
+import javax.crypto.SecretKey;
+
+import org.owasp.esapi.crypto.CipherText;
+import org.owasp.esapi.crypto.PlainText;
+import org.owasp.esapi.errors.EncryptionException;
+import org.owasp.esapi.errors.IntegrityException;
+
+
+/**
+ * The Encryptor interface provides a set of methods for performing common
+ * encryption, random number, and hashing operations. Implementations should
+ * rely on a strong cryptographic implementation, such as JCE or BouncyCastle.
+ * Implementors should take care to ensure that they initialize their
+ * implementation with a strong "master key", and that they protect this secret
+ * as much as possible.
+ * <P>
+ * The main property controlling the selection of the implementation class is the
+ * property {@code ESAPI.Encryptor} in {@code ESAPI.properties}. Most of the
+ * the other encryption related properties have property names that start with
+ * the string "Encryptor.". These properties all you to do things such as
+ * select the encryption algorithms, the preferred JCE provider, etc.
+ * </P><P>
+ * In addition, there are two important properties (initially delivered as unset
+ * from the ESAPI download) named {@code Encryptor.MasterKey} and
+ * {@code Encryptor.MasterSalt} that must be set before using ESAPI encryption.
+ * There is a <i>bash</i>(1) shell script provided with the standard ESAPI distribution
+ * called 'setMasterKey.sh' that will assist you in setting these two properties. The
+ * script is in 'src/examples/scripts/setMasterKey.sh'.
+ * </P><P>
+ * Possible future enhancements (depending on feedback) are discussed in
+ * section 4 of
+ * <a href="http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/esapi4java-core-2.0-crypto-design-goals.doc">
+ * Design Goals in OWASP ESAPI Cryptography</a>.
+ * 
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ * @see <a href="http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html">User Guide for Symmetric Encryption in ESAPI 2.0</a>
+ */
+public interface Encryptor {
+
+	/**
+	 * Returns a string representation of the hash of the provided plaintext and
+	 * salt. The salt helps to protect against a rainbow table attack by mixing
+	 * in some extra data with the plaintext. Some good choices for a salt might
+	 * be an account name or some other string that is known to the application
+	 * but not to an attacker.
+	 * See <a href="http://www.matasano.com/log/958/enough-with-the-rainbow-tables-what-you-need-to-know-about-secure-password-schemes/">
+	 * this article</a> for more information about hashing as it pertains to password schemes.
+	 * 
+	 * @param plaintext
+	 * 		the plaintext String to encrypt
+	 * @param salt
+	 *      the salt to add to the plaintext String before hashing
+	 * 
+	 * @return 
+	 * 		the encrypted hash of 'plaintext' stored as a String
+	 * 
+	 * @throws EncryptionException
+	 *      if the specified hash algorithm could not be found or another problem exists with 
+	 *      the hashing of 'plaintext'
+	 */
+	String hash(String plaintext, String salt) throws EncryptionException;
+
+	/**
+	 * Returns a string representation of the hash of the provided plaintext and
+	 * salt. The salt helps to protect against a rainbow table attack by mixing
+	 * in some extra data with the plaintext. Some good choices for a salt might
+	 * be an account name or some other string that is known to the application
+	 * but not to an attacker. 
+	 * See <a href="http://www.matasano.com/log/958/enough-with-the-rainbow-tables-what-you-need-to-know-about-secure-password-schemes/">
+	 * this article</a> for more information about hashing as it pertains to password schemes.
+	 * 
+	 * @param plaintext
+	 * 		the plaintext String to encrypt
+	 * @param salt
+	 *      the salt to add to the plaintext String before hashing
+	 * @param iterations
+	 *      the number of times to iterate the hash
+	 * 
+	 * @return 
+	 * 		the encrypted hash of 'plaintext' stored as a String
+	 * 
+	 * @throws EncryptionException
+	 *      if the specified hash algorithm could not be found or another problem exists with 
+	 *      the hashing of 'plaintext'
+	 */
+	String hash(String plaintext, String salt, int iterations) throws EncryptionException;
+	
+	/**
+	 * Encrypts the provided plaintext bytes using the cipher transformation
+	 * specified by the property <code>Encryptor.CipherTransformation</code>
+	 * and the <i>master encryption key</i> as specified by the property
+	 * {@code Encryptor.MasterKey} as defined in the <code>ESAPI.properties</code> file.
+	 * </p>
+	 * 
+	 * @param plaintext	The {@code PlainText} to be encrypted.
+	 * @return the {@code CipherText} object from which the raw ciphertext, the
+	 * 				IV, the cipher transformation, and many other aspects about
+	 * 				the encryption detail may be extracted.
+	 * @throws EncryptionException Thrown if something should go wrong such as
+	 * 				the JCE provider cannot be found, the cipher algorithm,
+	 * 				cipher mode, or padding scheme not being supported, specifying
+	 * 				an unsupported key size, specifying an IV of incorrect length,
+	 * 				etc.
+	 * @see #encrypt(SecretKey, PlainText)
+	 * @since 2.0
+	 */
+	 CipherText encrypt(PlainText plaintext) throws EncryptionException;
+
+
+	 /**
+	  * Encrypts the provided plaintext bytes using the cipher transformation
+	  * specified by the property <code>Encryptor.CipherTransformation</code>
+	  * as defined in the <code>ESAPI.properties</code> file and the
+	  * <i>specified secret key</i>.
+	  * </p><p>
+	  * This method is similar to {@link #encrypt(PlainText)} except that it
+	  * permits a specific {@code SecretKey} to be used for encryption.
+	  *
+	  * @param key		The {@code SecretKey} to use for encrypting the plaintext.
+	  * @param plaintext	The byte stream to be encrypted. Note if a Java
+	  * 				{@code String} is to be encrypted, it should be converted
+	  * 				using {@code "some string".getBytes("UTF-8")}.
+	  * @return the {@code CipherText} object from which the raw ciphertext, the
+	  * 				IV, the cipher transformation, and many other aspects about
+	  * 				the encryption detail may be extracted.
+	  * @throws EncryptionException Thrown if something should go wrong such as
+	  * 				the JCE provider cannot be found, the cipher algorithm,
+	  * 				cipher mode, or padding scheme not being supported, specifying
+	  * 				an unsupported key size, specifying an IV of incorrect length,
+	  * 				etc.
+	  * @see #encrypt(PlainText)
+	  * @since 2.0
+	  */
+	 CipherText encrypt(SecretKey key, PlainText plaintext)
+	 		throws EncryptionException;
+
+	/**
+	 * Decrypts the provided {@link CipherText} using the information from it
+	 * and the <i>master encryption key</i> as specified by the property
+	 * {@code Encryptor.MasterKey} as defined in the {@code ESAPI.properties}
+	 * file.
+	 * </p>
+	 * @param ciphertext The {@code CipherText} object to be decrypted.
+	 * @return The {@code PlainText} object resulting from decrypting the specified
+	 * 		   ciphertext. Note that it it is desired to convert the returned
+	 * 		   plaintext byte array to a Java String is should be done using
+	 * 		   {@code new String(byte[], "UTF-8");} rather than simply using
+	 * 		   {@code new String(byte[]);} which uses native encoding and may
+	 * 		   not be portable across hardware and/or OS platforms.
+	 * @throws EncryptionException  Thrown if something should go wrong such as
+	 * 				the JCE provider cannot be found, the cipher algorithm,
+	 * 				cipher mode, or padding scheme not being supported, specifying
+	 * 				an unsupported key size, or incorrect encryption key was
+	 * 				specified or a {@code PaddingException} occurs.
+	 * @see #decrypt(SecretKey, CipherText)
+	 */
+	PlainText decrypt(CipherText ciphertext) throws EncryptionException;
+	
+	/**
+	 * Decrypts the provided {@link CipherText} using the information from it
+	 * and the <i>specified secret key</i>.
+	 * </p><p>
+	 * This decrypt method is similar to {@link #decrypt(CipherText)} except that
+	 * it allows decrypting with a secret key other than the <i>master secret key</i>.
+	 * </p>
+	 * @param key		The {@code SecretKey} to use for encrypting the plaintext.
+	 * @param ciphertext The {@code CipherText} object to be decrypted.
+	 * @return The {@code PlainText} object resulting from decrypting the specified
+	 * 		   ciphertext. Note that it it is desired to convert the returned
+	 * 		   plaintext byte array to a Java String is should be done using
+	 * 		   {@code new String(byte[], "UTF-8");} rather than simply using
+	 * 		   {@code new String(byte[]);} which uses native encoding and may
+	 * 		   not be portable across hardware and/or OS platforms.
+	 * @throws EncryptionException  Thrown if something should go wrong such as
+	 * 				the JCE provider cannot be found, the cipher algorithm,
+	 * 				cipher mode, or padding scheme not being supported, specifying
+	 * 				an unsupported key size, or incorrect encryption key was
+	 * 				specified or a {@code PaddingException} occurs.
+	 * @see #decrypt(CipherText)
+	 */
+	PlainText decrypt(SecretKey key, CipherText ciphertext) throws EncryptionException;
+	
+	/**
+	 * Create a digital signature for the provided data and return it in a
+	 * string.
+	 * <p>
+	 * <b>Limitations:</b> A new public/private key pair used for ESAPI 2.0 digital
+	 * signatures with this method and {@link #verifySignature(String, String)}
+	 * are dynamically created when the default reference implementation class,
+	 * {@link org.owasp.esapi.reference.crypto.JavaEncryptor} is first created.
+	 * Because this key pair is not persisted nor is the public key shared,
+	 * this method and the corresponding {@link #verifySignature(String, String)}
+	 * can not be used with expected results across JVM instances. This limitation
+	 * will be addressed in ESAPI 2.1.
+	 * </p>
+	 * 
+	 * @param data
+	 *      the data to sign
+	 * 
+	 * @return 
+	 * 		the digital signature stored as a String
+	 * 
+	 * @throws EncryptionException
+	 * 		if the specified signature algorithm cannot be found
+	 */
+	String sign(String data) throws EncryptionException;
+
+	/**
+	 * Verifies a digital signature (created with the sign method) and returns
+	 * the boolean result.
+     * <p>
+     * <b>Limitations:</b> A new public/private key pair used for ESAPI 2.0 digital
+     * signatures with this method and {@link #sign(String)}
+     * are dynamically created when the default reference implementation class,
+     * {@link org.owasp.esapi.reference.crypto.JavaEncryptor} is first created.
+     * Because this key pair is not persisted nor is the public key shared,
+     * this method and the corresponding {@link #sign(String)}
+     * can not be used with expected results across JVM instances. This limitation
+     * will be addressed in ESAPI 2.1.
+     * </p>
+	 * @param signature
+	 *      the signature to verify against 'data'
+	 * @param data
+	 *      the data to verify against 'signature'
+	 * 
+	 * @return 
+	 * 		true, if the signature is verified, false otherwise
+	 * 
+	 */
+	boolean verifySignature(String signature, String data);
+
+	/**
+	 * Creates a seal that binds a set of data and includes an expiration timestamp.
+	 * 
+	 * @param data
+	 *      the data to seal
+	 * @param timestamp
+	 *      the absolute expiration date of the data, expressed as seconds since the epoch
+	 * 
+	 * @return 
+     * 		the seal
+     * @throws IntegrityException
+	 * 
+	 */
+	String seal(String data, long timestamp) throws IntegrityException;
+
+	/**
+	 * Unseals data (created with the seal method) and throws an exception
+	 * describing any of the various problems that could exist with a seal, such
+	 * as an invalid seal format, expired timestamp, or decryption error.
+	 * 
+	 * @param seal
+	 *      the sealed data
+	 * 
+	 * @return 
+	 * 		the original (unsealed) data
+	 * 
+	 * @throws EncryptionException 
+	 * 		if the unsealed data cannot be retrieved for any reason
+	 */
+	String unseal( String seal ) throws EncryptionException;
+	
+	/**
+	 * Verifies a seal (created with the seal method) and throws an exception
+	 * describing any of the various problems that could exist with a seal, such
+	 * as an invalid seal format, expired timestamp, or data mismatch.
+	 * 
+	 * @param seal
+	 *      the seal to verify
+	 * 
+	 * @return 
+	 * 		true, if the seal is valid.  False otherwise
+	 */
+	boolean verifySeal(String seal);
+	
+	/**
+	 * Gets an absolute timestamp representing an offset from the current time to be used by
+	 * other functions in the library.
+	 * 
+	 * @param offset 
+	 * 		the offset to add to the current time
+	 * 
+	 * @return 
+	 * 		the absolute timestamp
+	 */
+	public long getRelativeTimeStamp( long offset );
+	
+	
+	/**
+	 * Gets a timestamp representing the current date and time to be used by
+	 * other functions in the library.
+	 * 
+	 * @return 
+	 * 		a timestamp representing the current time
+	 */
+	long getTimeStamp();
+
 }
\ No newline at end of file

From 2fea8174b8820d62decbfefc5dc51ecbb5ddcd96 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:48 -0500
Subject: [PATCH 108/812] Change CRLF to LF for issue 356.

---
 .../AuthenticationAccountsException.java      | 118 +++++++++---------
 1 file changed, 59 insertions(+), 59 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/errors/AuthenticationAccountsException.java b/src/main/java/org/owasp/esapi/errors/AuthenticationAccountsException.java
index 98954db6f..c81ff844b 100644
--- a/src/main/java/org/owasp/esapi/errors/AuthenticationAccountsException.java
+++ b/src/main/java/org/owasp/esapi/errors/AuthenticationAccountsException.java
@@ -1,59 +1,59 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.errors;
-
-/**
- * An AuthenticationException should be thrown when anything goes wrong during
- * login or logout. They are also appropriate for any problems related to
- * identity management.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class AuthenticationAccountsException extends AuthenticationException {
-
-	/** The Constant serialVersionUID. */
-	private static final long serialVersionUID = 1L;
-
-	/**
-	 * Instantiates a new authentication exception.
-	 */
-	protected AuthenticationAccountsException() {
-		// hidden
-	}
-
-	/**
-	 * Creates a new instance of {@code AuthenticationAccountsException}.
-	 * 
-	 * @param userMessage the message displayed to the user
-	 * @param logMessage the message logged     
-	 *       
-	 */
-	public AuthenticationAccountsException(String userMessage, String logMessage) {
-		super(userMessage, logMessage);
-	}
-
-	/**
-	 * Instantiates a new authentication exception.
-	 * 
-	 * @param userMessage the message displayed to the user
-	 * @param logMessage the message logged
-	 * @param cause the root cause
-	 */
-	public AuthenticationAccountsException(String userMessage, String logMessage, Throwable cause) {
-		super(userMessage, logMessage, cause);
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.errors;
+
+/**
+ * An AuthenticationException should be thrown when anything goes wrong during
+ * login or logout. They are also appropriate for any problems related to
+ * identity management.
+ * 
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class AuthenticationAccountsException extends AuthenticationException {
+
+	/** The Constant serialVersionUID. */
+	private static final long serialVersionUID = 1L;
+
+	/**
+	 * Instantiates a new authentication exception.
+	 */
+	protected AuthenticationAccountsException() {
+		// hidden
+	}
+
+	/**
+	 * Creates a new instance of {@code AuthenticationAccountsException}.
+	 * 
+	 * @param userMessage the message displayed to the user
+	 * @param logMessage the message logged     
+	 *       
+	 */
+	public AuthenticationAccountsException(String userMessage, String logMessage) {
+		super(userMessage, logMessage);
+	}
+
+	/**
+	 * Instantiates a new authentication exception.
+	 * 
+	 * @param userMessage the message displayed to the user
+	 * @param logMessage the message logged
+	 * @param cause the root cause
+	 */
+	public AuthenticationAccountsException(String userMessage, String logMessage, Throwable cause) {
+		super(userMessage, logMessage, cause);
+	}
+
+}

From 4cd63092d4f8f98f9bbc3e5a139a735d81d8a3a6 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:48 -0500
Subject: [PATCH 109/812] Change CRLF to LF for issue 356.

---
 .../AuthenticationCredentialsException.java   | 116 +++++++++---------
 1 file changed, 58 insertions(+), 58 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/errors/AuthenticationCredentialsException.java b/src/main/java/org/owasp/esapi/errors/AuthenticationCredentialsException.java
index 0bcd0a70f..e48187739 100644
--- a/src/main/java/org/owasp/esapi/errors/AuthenticationCredentialsException.java
+++ b/src/main/java/org/owasp/esapi/errors/AuthenticationCredentialsException.java
@@ -1,58 +1,58 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.errors;
-
-/**
- * An AuthenticationException should be thrown when anything goes wrong during
- * login or logout. They are also appropriate for any problems related to
- * identity management.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class AuthenticationCredentialsException extends AuthenticationException {
-
-	/** The Constant serialVersionUID. */
-	private static final long serialVersionUID = 1L;
-
-	/**
-	 * Instantiates a new authentication exception.
-	 */
-	protected AuthenticationCredentialsException() {
-		// hidden
-	}
-
-	/**
-	 * Creates a new instance of {@code AuthenticationCredentialsException}.
-	 * 
-	 * @param userMessage the message displayed to the user
-	 * @param logMessage the message logged
-	 */
-	public AuthenticationCredentialsException(String userMessage, String logMessage) {
-		super(userMessage, logMessage);
-	}
-
-	/**
-	 * Instantiates a new authentication exception.
-	 * 
-	 * @param userMessage the message displayed to the user
-	 * @param logMessage the message logged
-	 * @param cause the root cause
-	 */
-	public AuthenticationCredentialsException(String userMessage, String logMessage, Throwable cause) {
-		super(userMessage, logMessage, cause);
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.errors;
+
+/**
+ * An AuthenticationException should be thrown when anything goes wrong during
+ * login or logout. They are also appropriate for any problems related to
+ * identity management.
+ * 
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class AuthenticationCredentialsException extends AuthenticationException {
+
+	/** The Constant serialVersionUID. */
+	private static final long serialVersionUID = 1L;
+
+	/**
+	 * Instantiates a new authentication exception.
+	 */
+	protected AuthenticationCredentialsException() {
+		// hidden
+	}
+
+	/**
+	 * Creates a new instance of {@code AuthenticationCredentialsException}.
+	 * 
+	 * @param userMessage the message displayed to the user
+	 * @param logMessage the message logged
+	 */
+	public AuthenticationCredentialsException(String userMessage, String logMessage) {
+		super(userMessage, logMessage);
+	}
+
+	/**
+	 * Instantiates a new authentication exception.
+	 * 
+	 * @param userMessage the message displayed to the user
+	 * @param logMessage the message logged
+	 * @param cause the root cause
+	 */
+	public AuthenticationCredentialsException(String userMessage, String logMessage, Throwable cause) {
+		super(userMessage, logMessage, cause);
+	}
+
+}

From 085618183e6e37ffeee359f974c2e61721bce7e7 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:48 -0500
Subject: [PATCH 110/812] Change CRLF to LF for issue 356.

---
 .../esapi/errors/AuthenticationException.java | 116 +++++++++---------
 1 file changed, 58 insertions(+), 58 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/errors/AuthenticationException.java b/src/main/java/org/owasp/esapi/errors/AuthenticationException.java
index 12ef63e9e..c8198f57f 100644
--- a/src/main/java/org/owasp/esapi/errors/AuthenticationException.java
+++ b/src/main/java/org/owasp/esapi/errors/AuthenticationException.java
@@ -1,58 +1,58 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.errors;
-
-/**
- * An AuthenticationException should be thrown when anything goes wrong during
- * login or logout. They are also appropriate for any problems related to
- * identity management.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class AuthenticationException extends EnterpriseSecurityException {
-
-	/** The Constant serialVersionUID. */
-	private static final long serialVersionUID = 1L;
-
-	/**
-	 * Instantiates a new authentication exception.
-	 */
-	protected AuthenticationException() {
-		// hidden
-	}
-
-    /**
-     * Creates a new instance of {@code AuthenticationException}.
-     * 
-     * @param userMessage the message displayed to the user
-     * @param logMessage the message logged
-     */
-    public AuthenticationException(String userMessage, String logMessage) {
-        super(userMessage, logMessage);
-    }
-
-    /**
-     * Instantiates a new authentication exception.
-     * 
-     * @param userMessage the message displayed to the user
-     * @param logMessage the message logged
-     * @param cause the root cause
-     */
-    public AuthenticationException(String userMessage, String logMessage, Throwable cause) {
-        super(userMessage, logMessage, cause);
-    }
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.errors;
+
+/**
+ * An AuthenticationException should be thrown when anything goes wrong during
+ * login or logout. They are also appropriate for any problems related to
+ * identity management.
+ * 
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class AuthenticationException extends EnterpriseSecurityException {
+
+	/** The Constant serialVersionUID. */
+	private static final long serialVersionUID = 1L;
+
+	/**
+	 * Instantiates a new authentication exception.
+	 */
+	protected AuthenticationException() {
+		// hidden
+	}
+
+    /**
+     * Creates a new instance of {@code AuthenticationException}.
+     * 
+     * @param userMessage the message displayed to the user
+     * @param logMessage the message logged
+     */
+    public AuthenticationException(String userMessage, String logMessage) {
+        super(userMessage, logMessage);
+    }
+
+    /**
+     * Instantiates a new authentication exception.
+     * 
+     * @param userMessage the message displayed to the user
+     * @param logMessage the message logged
+     * @param cause the root cause
+     */
+    public AuthenticationException(String userMessage, String logMessage, Throwable cause) {
+        super(userMessage, logMessage, cause);
+    }
+
+}

From ae57d5a3a2a81eb05b5617bfc3503e9041088144 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:48 -0500
Subject: [PATCH 111/812] Change CRLF to LF for issue 356.

---
 .../errors/AuthenticationHostException.java   | 114 +++++++++---------
 1 file changed, 57 insertions(+), 57 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/errors/AuthenticationHostException.java b/src/main/java/org/owasp/esapi/errors/AuthenticationHostException.java
index 159a60b67..1deac4b72 100644
--- a/src/main/java/org/owasp/esapi/errors/AuthenticationHostException.java
+++ b/src/main/java/org/owasp/esapi/errors/AuthenticationHostException.java
@@ -1,57 +1,57 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.errors;
-
-/**
- * An AuthenticationHostException should be thrown when there is a problem with
- * the host involved with authentication, particularly if the host changes unexpectedly.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class AuthenticationHostException extends AuthenticationException {
-
-	/** The Constant serialVersionUID. */
-	private static final long serialVersionUID = 1L;
-
-	/**
-	 * Instantiates a new authentication exception.
-	 */
-	protected AuthenticationHostException() {
-		// hidden
-	}
-
-	/**
-	 * Creates a new instance of AuthenticationHostException.
-	 * 
-	 * @param userMessage the message displayed to the user
-	 * @param logMessage the message logged
-	 */
-	public AuthenticationHostException(String userMessage, String logMessage) {
-		super(userMessage, logMessage);
-	}
-
-	/**
-	 * Instantiates a new authentication exception.
-	 * 
-	 * @param userMessage the message displayed to the user
-	 * @param logMessage the message logged
-	 * @param cause the cause
-	 */
-	public AuthenticationHostException(String userMessage, String logMessage, Throwable cause) {
-		super(userMessage, logMessage, cause);
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.errors;
+
+/**
+ * An AuthenticationHostException should be thrown when there is a problem with
+ * the host involved with authentication, particularly if the host changes unexpectedly.
+ * 
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class AuthenticationHostException extends AuthenticationException {
+
+	/** The Constant serialVersionUID. */
+	private static final long serialVersionUID = 1L;
+
+	/**
+	 * Instantiates a new authentication exception.
+	 */
+	protected AuthenticationHostException() {
+		// hidden
+	}
+
+	/**
+	 * Creates a new instance of AuthenticationHostException.
+	 * 
+	 * @param userMessage the message displayed to the user
+	 * @param logMessage the message logged
+	 */
+	public AuthenticationHostException(String userMessage, String logMessage) {
+		super(userMessage, logMessage);
+	}
+
+	/**
+	 * Instantiates a new authentication exception.
+	 * 
+	 * @param userMessage the message displayed to the user
+	 * @param logMessage the message logged
+	 * @param cause the cause
+	 */
+	public AuthenticationHostException(String userMessage, String logMessage, Throwable cause) {
+		super(userMessage, logMessage, cause);
+	}
+
+}

From 8fa2fec8cc2a392da648388cdca3a42b13a7213d Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:48 -0500
Subject: [PATCH 112/812] Change CRLF to LF for issue 356.

---
 .../errors/AuthenticationLoginException.java  | 116 +++++++++---------
 1 file changed, 58 insertions(+), 58 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/errors/AuthenticationLoginException.java b/src/main/java/org/owasp/esapi/errors/AuthenticationLoginException.java
index 6effd2af9..d389591bc 100644
--- a/src/main/java/org/owasp/esapi/errors/AuthenticationLoginException.java
+++ b/src/main/java/org/owasp/esapi/errors/AuthenticationLoginException.java
@@ -1,58 +1,58 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.errors;
-
-/**
- * An AuthenticationException should be thrown when anything goes wrong during
- * login or logout. They are also appropriate for any problems related to
- * identity management.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class AuthenticationLoginException extends AuthenticationException {
-
-	/** The Constant serialVersionUID. */
-	private static final long serialVersionUID = 1L;
-
-	/**
-	 * Instantiates a new authentication exception.
-	 */
-	protected AuthenticationLoginException() {
-		// hidden
-	}
-
-	/**
-	 * Creates a new instance of EnterpriseSecurityException.
-	 * 
-	 * @param userMessage the message displayed to the user
-	 * @param logMessage the message logged
-	 */
-	public AuthenticationLoginException(String userMessage, String logMessage) {
-		super(userMessage, logMessage);
-	}
-
-	/**
-	 * Instantiates a new authentication exception.
-	 * 
-	 * @param userMessage the message displayed to the user
-	 * @param logMessage the message logged
-	 * @param cause the cause
-	 */
-	public AuthenticationLoginException(String userMessage, String logMessage, Throwable cause) {
-		super(userMessage, logMessage, cause);
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.errors;
+
+/**
+ * An AuthenticationException should be thrown when anything goes wrong during
+ * login or logout. They are also appropriate for any problems related to
+ * identity management.
+ * 
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class AuthenticationLoginException extends AuthenticationException {
+
+	/** The Constant serialVersionUID. */
+	private static final long serialVersionUID = 1L;
+
+	/**
+	 * Instantiates a new authentication exception.
+	 */
+	protected AuthenticationLoginException() {
+		// hidden
+	}
+
+	/**
+	 * Creates a new instance of EnterpriseSecurityException.
+	 * 
+	 * @param userMessage the message displayed to the user
+	 * @param logMessage the message logged
+	 */
+	public AuthenticationLoginException(String userMessage, String logMessage) {
+		super(userMessage, logMessage);
+	}
+
+	/**
+	 * Instantiates a new authentication exception.
+	 * 
+	 * @param userMessage the message displayed to the user
+	 * @param logMessage the message logged
+	 * @param cause the cause
+	 */
+	public AuthenticationLoginException(String userMessage, String logMessage, Throwable cause) {
+		super(userMessage, logMessage, cause);
+	}
+
+}

From eaa5d7493f6eb0ffd936730e6f5314de53d09fa0 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:48 -0500
Subject: [PATCH 113/812] Change CRLF to LF for issue 356.

---
 .../esapi/errors/AvailabilityException.java   | 114 +++++++++---------
 1 file changed, 57 insertions(+), 57 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/errors/AvailabilityException.java b/src/main/java/org/owasp/esapi/errors/AvailabilityException.java
index 3530cc3a2..3ec04b677 100644
--- a/src/main/java/org/owasp/esapi/errors/AvailabilityException.java
+++ b/src/main/java/org/owasp/esapi/errors/AvailabilityException.java
@@ -1,57 +1,57 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.errors;
-
-/**
- * An AvailabilityException should be thrown when the availability of a limited
- * resource is in jeopardy. For example, if a database connection pool runs out
- * of connections, an availability exception should be thrown.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class AvailabilityException extends EnterpriseSecurityException {
-
-	/** The Constant serialVersionUID. */
-	private static final long serialVersionUID = 1L;
-
-	/**
-	 * Instantiates a new availability exception.
-	 */
-	protected AvailabilityException() {
-		// hidden
-	}
-
-    /**
-     * Creates a new instance of AvailabilityException.
-     * 
-     * @param userMessage the message displayed to the user
-     * @param logMessage the message logged
-     */
-    public AvailabilityException(String userMessage, String logMessage) {
-        super(userMessage, logMessage);
-    }
-
-    /**
-     * Instantiates a new AvailabilityException.
-     * 
-     * @param userMessage the message displayed to the user
-     * @param logMessage the message logged
-     * @param cause the cause
-     */
-    public AvailabilityException(String userMessage, String logMessage, Throwable cause) {
-        super(userMessage, logMessage, cause);
-    }
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.errors;
+
+/**
+ * An AvailabilityException should be thrown when the availability of a limited
+ * resource is in jeopardy. For example, if a database connection pool runs out
+ * of connections, an availability exception should be thrown.
+ * 
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class AvailabilityException extends EnterpriseSecurityException {
+
+	/** The Constant serialVersionUID. */
+	private static final long serialVersionUID = 1L;
+
+	/**
+	 * Instantiates a new availability exception.
+	 */
+	protected AvailabilityException() {
+		// hidden
+	}
+
+    /**
+     * Creates a new instance of AvailabilityException.
+     * 
+     * @param userMessage the message displayed to the user
+     * @param logMessage the message logged
+     */
+    public AvailabilityException(String userMessage, String logMessage) {
+        super(userMessage, logMessage);
+    }
+
+    /**
+     * Instantiates a new AvailabilityException.
+     * 
+     * @param userMessage the message displayed to the user
+     * @param logMessage the message logged
+     * @param cause the cause
+     */
+    public AvailabilityException(String userMessage, String logMessage, Throwable cause) {
+        super(userMessage, logMessage, cause);
+    }
+}

From 4eccc3c2c999ee98165a89f4672537579a25835a Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:48 -0500
Subject: [PATCH 114/812] Change CRLF to LF for issue 356.

---
 .../esapi/errors/CertificateException.java    | 112 +++++++++---------
 1 file changed, 56 insertions(+), 56 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/errors/CertificateException.java b/src/main/java/org/owasp/esapi/errors/CertificateException.java
index 957d32aac..2f84b2c01 100644
--- a/src/main/java/org/owasp/esapi/errors/CertificateException.java
+++ b/src/main/java/org/owasp/esapi/errors/CertificateException.java
@@ -1,56 +1,56 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.errors;
-
-/**
- * A CertificateException should be thrown for any problems that arise during
- * processing of digital certificates.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class CertificateException extends EnterpriseSecurityException {
-
-	/** The Constant serialVersionUID. */
-	private static final long serialVersionUID = 1L;
-
-	/**
-	 * Instantiates a new certificate exception.
-	 */
-	protected CertificateException() {
-		// hidden
-	}
-
-    /**
-     * Creates a new instance of CertificateException.
-     * 
-     * @param userMessage the message displayed to the user
-     * @param logMessage the message logged
-     */
-    public CertificateException(String userMessage, String logMessage) {
-        super(userMessage, logMessage);
-    }
-
-    /**
-     * Instantiates a new CertificateException.
-     * 
-     * @param userMessage the message displayed to the user
-     * @param logMessage the message logged
-     * @param cause the cause
-     */
-    public CertificateException(String userMessage, String logMessage, Throwable cause) {
-        super(userMessage, logMessage, cause);
-    }
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.errors;
+
+/**
+ * A CertificateException should be thrown for any problems that arise during
+ * processing of digital certificates.
+ * 
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class CertificateException extends EnterpriseSecurityException {
+
+	/** The Constant serialVersionUID. */
+	private static final long serialVersionUID = 1L;
+
+	/**
+	 * Instantiates a new certificate exception.
+	 */
+	protected CertificateException() {
+		// hidden
+	}
+
+    /**
+     * Creates a new instance of CertificateException.
+     * 
+     * @param userMessage the message displayed to the user
+     * @param logMessage the message logged
+     */
+    public CertificateException(String userMessage, String logMessage) {
+        super(userMessage, logMessage);
+    }
+
+    /**
+     * Instantiates a new CertificateException.
+     * 
+     * @param userMessage the message displayed to the user
+     * @param logMessage the message logged
+     * @param cause the cause
+     */
+    public CertificateException(String userMessage, String logMessage, Throwable cause) {
+        super(userMessage, logMessage, cause);
+    }
+}

From 3e0fccfb1040715dbcb7d61314b86906892eff04 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:48 -0500
Subject: [PATCH 115/812] Change CRLF to LF for issue 356.

---
 .../esapi/errors/ConfigurationException.java  | 68 +++++++++----------
 1 file changed, 34 insertions(+), 34 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/errors/ConfigurationException.java b/src/main/java/org/owasp/esapi/errors/ConfigurationException.java
index f34c25a36..4e6a38130 100644
--- a/src/main/java/org/owasp/esapi/errors/ConfigurationException.java
+++ b/src/main/java/org/owasp/esapi/errors/ConfigurationException.java
@@ -1,34 +1,34 @@
-package org.owasp.esapi.errors;
-
-/**
- * A {@code ConfigurationException} should be thrown when a problem arises because of
- * a problem in one of ESAPI's configuration files, such as a missing required
- * property or invalid setting of a property, or missing or unreadable
- * configuration file, etc.
- * <p>
- * A {@code ConfigurationException} is a {@code RuntimeException}
- * because 1) configuration properties can, for the most part, only be checked
- * at run-time, and 2) we want this to be an unchecked exception to make ESAPI
- * easy to use and not cluttered with catching a bunch of try/catch blocks.
- * </p>
- */
-public class ConfigurationException extends RuntimeException {
-
-	protected static final long serialVersionUID = 1L;
-
-	public ConfigurationException(Exception e) {
-		super(e);
-	}
-
-	public ConfigurationException(String s) {
-		super(s);
-	}
-	
-	public ConfigurationException(String s, Throwable cause) {
-		super(s, cause);
-	}
-	
-	public ConfigurationException(Throwable cause) {
-		super(cause);
-	}
-}
+package org.owasp.esapi.errors;
+
+/**
+ * A {@code ConfigurationException} should be thrown when a problem arises because of
+ * a problem in one of ESAPI's configuration files, such as a missing required
+ * property or invalid setting of a property, or missing or unreadable
+ * configuration file, etc.
+ * <p>
+ * A {@code ConfigurationException} is a {@code RuntimeException}
+ * because 1) configuration properties can, for the most part, only be checked
+ * at run-time, and 2) we want this to be an unchecked exception to make ESAPI
+ * easy to use and not cluttered with catching a bunch of try/catch blocks.
+ * </p>
+ */
+public class ConfigurationException extends RuntimeException {
+
+	protected static final long serialVersionUID = 1L;
+
+	public ConfigurationException(Exception e) {
+		super(e);
+	}
+
+	public ConfigurationException(String s) {
+		super(s);
+	}
+	
+	public ConfigurationException(String s, Throwable cause) {
+		super(s, cause);
+	}
+	
+	public ConfigurationException(Throwable cause) {
+		super(cause);
+	}
+}

From 43643d7e1255baa403e81ede0c0d2aeadcd00a61 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:48 -0500
Subject: [PATCH 116/812] Change CRLF to LF for issue 356.

---
 .../owasp/esapi/errors/EncodingException.java | 124 +++++++++---------
 1 file changed, 62 insertions(+), 62 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/errors/EncodingException.java b/src/main/java/org/owasp/esapi/errors/EncodingException.java
index 9335004a1..f2b269445 100644
--- a/src/main/java/org/owasp/esapi/errors/EncodingException.java
+++ b/src/main/java/org/owasp/esapi/errors/EncodingException.java
@@ -1,62 +1,62 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.errors;
-
-/**
- * An EncodingException should be thrown for any problems that occur when
- * encoding or decoding data.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class EncodingException extends EnterpriseSecurityException {
-
-	/** The Constant serialVersionUID. */
-	private static final long serialVersionUID = 1L;
-
-	/**
-	 * Instantiates a new service exception.
-	 */
-	protected EncodingException() {
-		// hidden
-	}
-
-       /**
-     * Creates a new instance of EncodingException.
-     * 
-     * @param userMessage
-     *            the message displayed to the user
-     * @param logMessage
-	 * 			  the message logged
-     */
-    public EncodingException(String userMessage, String logMessage) {
-        super(userMessage, logMessage);
-    }
-
-    /**
-     * Instantiates a new EncodingException.
-     * 
-     * @param userMessage
-     *            the message displayed to the user
-     * @param logMessage
-	 * 			  the message logged
-     * @param cause
-     *            the cause
-     */
-    public EncodingException(String userMessage, String logMessage, Throwable cause) {
-        super(userMessage, logMessage, cause);
-    }
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.errors;
+
+/**
+ * An EncodingException should be thrown for any problems that occur when
+ * encoding or decoding data.
+ * 
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class EncodingException extends EnterpriseSecurityException {
+
+	/** The Constant serialVersionUID. */
+	private static final long serialVersionUID = 1L;
+
+	/**
+	 * Instantiates a new service exception.
+	 */
+	protected EncodingException() {
+		// hidden
+	}
+
+       /**
+     * Creates a new instance of EncodingException.
+     * 
+     * @param userMessage
+     *            the message displayed to the user
+     * @param logMessage
+	 * 			  the message logged
+     */
+    public EncodingException(String userMessage, String logMessage) {
+        super(userMessage, logMessage);
+    }
+
+    /**
+     * Instantiates a new EncodingException.
+     * 
+     * @param userMessage
+     *            the message displayed to the user
+     * @param logMessage
+	 * 			  the message logged
+     * @param cause
+     *            the cause
+     */
+    public EncodingException(String userMessage, String logMessage, Throwable cause) {
+        super(userMessage, logMessage, cause);
+    }
+
+}

From 0b856339cfcf20a3c0b72f99ebfa349ed6b945b1 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:48 -0500
Subject: [PATCH 117/812] Change CRLF to LF for issue 356.

---
 .../esapi/errors/EncryptionException.java     | 122 +++++++++---------
 1 file changed, 61 insertions(+), 61 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/errors/EncryptionException.java b/src/main/java/org/owasp/esapi/errors/EncryptionException.java
index 965a52e24..163a1d228 100644
--- a/src/main/java/org/owasp/esapi/errors/EncryptionException.java
+++ b/src/main/java/org/owasp/esapi/errors/EncryptionException.java
@@ -1,61 +1,61 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.errors;
-
-/**
- * An EncryptionException should be thrown for any problems related to
- * encryption, hashing, or digital signatures.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class EncryptionException extends EnterpriseSecurityException {
-
-	/** The Constant serialVersionUID. */
-	private static final long serialVersionUID = 1L;
-
-	/**
-	 * Instantiates a new EncryptionException.
-	 */
-	protected EncryptionException() {
-		// hidden
-	}
-
-    /**
-     * Creates a new instance of EncryptionException.
-     * 
-     * @param userMessage
-     *            the message displayed to the user
-     * @param logMessage
-	 * 			  the message logged
-     */
-    public EncryptionException(String userMessage, String logMessage) {
-        super(userMessage, logMessage);
-    }
-
-    /**
-     * Instantiates a new EncryptionException.
-     * 
-     * @param userMessage
-     *            the message displayed to the user
-     * @param logMessage
-	 * 			  the message logged
-     * @param cause
-     *            the cause
-     */
-    public EncryptionException(String userMessage, String logMessage, Throwable cause) {
-        super(userMessage, logMessage, cause);
-    }
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.errors;
+
+/**
+ * An EncryptionException should be thrown for any problems related to
+ * encryption, hashing, or digital signatures.
+ * 
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class EncryptionException extends EnterpriseSecurityException {
+
+	/** The Constant serialVersionUID. */
+	private static final long serialVersionUID = 1L;
+
+	/**
+	 * Instantiates a new EncryptionException.
+	 */
+	protected EncryptionException() {
+		// hidden
+	}
+
+    /**
+     * Creates a new instance of EncryptionException.
+     * 
+     * @param userMessage
+     *            the message displayed to the user
+     * @param logMessage
+	 * 			  the message logged
+     */
+    public EncryptionException(String userMessage, String logMessage) {
+        super(userMessage, logMessage);
+    }
+
+    /**
+     * Instantiates a new EncryptionException.
+     * 
+     * @param userMessage
+     *            the message displayed to the user
+     * @param logMessage
+	 * 			  the message logged
+     * @param cause
+     *            the cause
+     */
+    public EncryptionException(String userMessage, String logMessage, Throwable cause) {
+        super(userMessage, logMessage, cause);
+    }
+}

From 778d48f75f5130e03173ad613c47ab673da0c01a Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:48 -0500
Subject: [PATCH 118/812] Change CRLF to LF for issue 356.

---
 .../errors/EnterpriseSecurityException.java   | 300 +++++++++---------
 1 file changed, 150 insertions(+), 150 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/errors/EnterpriseSecurityException.java b/src/main/java/org/owasp/esapi/errors/EnterpriseSecurityException.java
index 8c6d46114..93ee30191 100644
--- a/src/main/java/org/owasp/esapi/errors/EnterpriseSecurityException.java
+++ b/src/main/java/org/owasp/esapi/errors/EnterpriseSecurityException.java
@@ -1,150 +1,150 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.errors;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.Logger;
-
-
-/**
- * EnterpriseSecurityException is the base class for all security related exceptions. You should pass in the root cause
- * exception where possible. Constructors for classes extending EnterpriseSecurityException should be sure to call the
- * appropriate super() method in order to ensure that logging and intrusion detection occur properly.
- * <P>
- * All EnterpriseSecurityExceptions have two messages, one for the user and one for the log file. This way, a message
- * can be shown to the user that doesn't contain sensitive information or unnecessary implementation details. Meanwhile,
- * all the critical information can be included in the exception so that it gets logged.
- * <P>
- * Note that the "logMessage" for ALL EnterpriseSecurityExceptions is logged in the log file. This feature should be
- * used extensively throughout ESAPI implementations and the result is a fairly complete set of security log records.
- * ALL EnterpriseSecurityExceptions are also sent to the IntrusionDetector for use in detecting anomalous patterns of
- * application usage.
- * <P>
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class EnterpriseSecurityException extends Exception {
-
-    protected static final long serialVersionUID = 1L;
-
-    /** The logger. */
-    protected final transient Logger logger = ESAPI.getLogger("EnterpriseSecurityException");
-
-    /**
-     *
-     */
-    protected String logMessage = null;
-
-    /**
-     * Instantiates a new enterprise security exception.
-     */
-    protected EnterpriseSecurityException() {
-        // hidden
-    }
-
-    /**
-     * Instantiates a new enterprise security exception with a user message.
-     * (Needed by anything which subclasses this.)
-     *
-     * @param userMessage Message displayed to user.
-     */
-     protected EnterpriseSecurityException(String userMessage) {
-        // hidden
-        super(userMessage);
-     }
-
-    /**
-     * Instantiates a new enterprise security exception with a user message
-     * and cause. (Needed by anything which subclasses this.)
-     *
-     * @param userMessage Message displayed to user.
-     * @param cause The cause (which is saved for later retrieval by the
-     * getCause() method). (A null value is permitted, and indicates that the
-     * cause is nonexistent or unknown.)
-     */
-     protected EnterpriseSecurityException(String userMessage, Throwable cause)
-     {
-        // hidden
-        super(userMessage, cause);
-     }
-
-    /**
-     * Creates a new instance of EnterpriseSecurityException. This exception is automatically logged, so that simply by
-     * using this API, applications will generate an extensive security log. In addition, this exception is
-     * automatically registered with the IntrusionDetector, so that quotas can be checked.
-     *
-     * It should be noted that messages that are intended to be displayed to the user should be safe for display. In
-     * other words, don't pass in unsanitized data here. Also could hold true for the logging message depending on the
-     * context of the exception.
-     * 
-     * @param userMessage 
-     * 			  the message displayed to the user
-     * @param logMessage
-	 * 			  the message logged
-     */
-    public EnterpriseSecurityException(String userMessage, String logMessage) {
-    	super(userMessage);
-        this.logMessage = logMessage;
-        if (!ESAPI.securityConfiguration().getDisableIntrusionDetection()) {
-        	ESAPI.intrusionDetector().addException(this);
-        }
-    }
-
-    /**
-     * Creates a new instance of EnterpriseSecurityException that includes a root cause Throwable.
-     * 
-     * It should be noted that messages that are intended to be displayed to the user should be safe for display. In
-     * other words, don't pass in unsanitized data here. Also could hold true for the logging message depending on the
-     * context of the exception.
-     *
-     * @param userMessage
-     * 			  the message displayed to the user
-     * @param logMessage
-	 * 			  the message logged
-     * @param cause the cause
-     */
-    public EnterpriseSecurityException(String userMessage, String logMessage, Throwable cause) {
-        super(userMessage, cause);
-        this.logMessage = logMessage;
-        if (!ESAPI.securityConfiguration().getDisableIntrusionDetection()) {
-        	ESAPI.intrusionDetector().addException(this);
-        }
-    }
-    
-    /**
-     * Returns message meant for display to users
-     *
-     * Note that if you are unsure of what set this message, it would probably
-     * be a good idea to encode this message before displaying it to the end user.
-     * 
-     * @return a String containing a message that is safe to display to users
-     */
-    public String getUserMessage() {
-        return getMessage();
-    }
-
-    /**
-     * Returns a message that is safe to display in logs, but may contain
-     * sensitive information and therefore probably should not be displayed to
-     * users.
-     * 
-     * @return a String containing a message that is safe to display in logs,
-     * but probably not to users as it may contain sensitive information.
-     */
-    public String getLogMessage() {
-        return logMessage;
-    }
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.errors;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Logger;
+
+
+/**
+ * EnterpriseSecurityException is the base class for all security related exceptions. You should pass in the root cause
+ * exception where possible. Constructors for classes extending EnterpriseSecurityException should be sure to call the
+ * appropriate super() method in order to ensure that logging and intrusion detection occur properly.
+ * <P>
+ * All EnterpriseSecurityExceptions have two messages, one for the user and one for the log file. This way, a message
+ * can be shown to the user that doesn't contain sensitive information or unnecessary implementation details. Meanwhile,
+ * all the critical information can be included in the exception so that it gets logged.
+ * <P>
+ * Note that the "logMessage" for ALL EnterpriseSecurityExceptions is logged in the log file. This feature should be
+ * used extensively throughout ESAPI implementations and the result is a fairly complete set of security log records.
+ * ALL EnterpriseSecurityExceptions are also sent to the IntrusionDetector for use in detecting anomalous patterns of
+ * application usage.
+ * <P>
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class EnterpriseSecurityException extends Exception {
+
+    protected static final long serialVersionUID = 1L;
+
+    /** The logger. */
+    protected final transient Logger logger = ESAPI.getLogger("EnterpriseSecurityException");
+
+    /**
+     *
+     */
+    protected String logMessage = null;
+
+    /**
+     * Instantiates a new enterprise security exception.
+     */
+    protected EnterpriseSecurityException() {
+        // hidden
+    }
+
+    /**
+     * Instantiates a new enterprise security exception with a user message.
+     * (Needed by anything which subclasses this.)
+     *
+     * @param userMessage Message displayed to user.
+     */
+     protected EnterpriseSecurityException(String userMessage) {
+        // hidden
+        super(userMessage);
+     }
+
+    /**
+     * Instantiates a new enterprise security exception with a user message
+     * and cause. (Needed by anything which subclasses this.)
+     *
+     * @param userMessage Message displayed to user.
+     * @param cause The cause (which is saved for later retrieval by the
+     * getCause() method). (A null value is permitted, and indicates that the
+     * cause is nonexistent or unknown.)
+     */
+     protected EnterpriseSecurityException(String userMessage, Throwable cause)
+     {
+        // hidden
+        super(userMessage, cause);
+     }
+
+    /**
+     * Creates a new instance of EnterpriseSecurityException. This exception is automatically logged, so that simply by
+     * using this API, applications will generate an extensive security log. In addition, this exception is
+     * automatically registered with the IntrusionDetector, so that quotas can be checked.
+     *
+     * It should be noted that messages that are intended to be displayed to the user should be safe for display. In
+     * other words, don't pass in unsanitized data here. Also could hold true for the logging message depending on the
+     * context of the exception.
+     * 
+     * @param userMessage 
+     * 			  the message displayed to the user
+     * @param logMessage
+	 * 			  the message logged
+     */
+    public EnterpriseSecurityException(String userMessage, String logMessage) {
+    	super(userMessage);
+        this.logMessage = logMessage;
+        if (!ESAPI.securityConfiguration().getDisableIntrusionDetection()) {
+        	ESAPI.intrusionDetector().addException(this);
+        }
+    }
+
+    /**
+     * Creates a new instance of EnterpriseSecurityException that includes a root cause Throwable.
+     * 
+     * It should be noted that messages that are intended to be displayed to the user should be safe for display. In
+     * other words, don't pass in unsanitized data here. Also could hold true for the logging message depending on the
+     * context of the exception.
+     *
+     * @param userMessage
+     * 			  the message displayed to the user
+     * @param logMessage
+	 * 			  the message logged
+     * @param cause the cause
+     */
+    public EnterpriseSecurityException(String userMessage, String logMessage, Throwable cause) {
+        super(userMessage, cause);
+        this.logMessage = logMessage;
+        if (!ESAPI.securityConfiguration().getDisableIntrusionDetection()) {
+        	ESAPI.intrusionDetector().addException(this);
+        }
+    }
+    
+    /**
+     * Returns message meant for display to users
+     *
+     * Note that if you are unsure of what set this message, it would probably
+     * be a good idea to encode this message before displaying it to the end user.
+     * 
+     * @return a String containing a message that is safe to display to users
+     */
+    public String getUserMessage() {
+        return getMessage();
+    }
+
+    /**
+     * Returns a message that is safe to display in logs, but may contain
+     * sensitive information and therefore probably should not be displayed to
+     * users.
+     * 
+     * @return a String containing a message that is safe to display in logs,
+     * but probably not to users as it may contain sensitive information.
+     */
+    public String getLogMessage() {
+        return logMessage;
+    }
+
+}

From 9d864eaf3240701272d166888a889962bdb8620c Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:48 -0500
Subject: [PATCH 119/812] Change CRLF to LF for issue 356.

---
 .../owasp/esapi/errors/ExecutorException.java | 124 +++++++++---------
 1 file changed, 62 insertions(+), 62 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/errors/ExecutorException.java b/src/main/java/org/owasp/esapi/errors/ExecutorException.java
index d453129cd..a27c74fa3 100644
--- a/src/main/java/org/owasp/esapi/errors/ExecutorException.java
+++ b/src/main/java/org/owasp/esapi/errors/ExecutorException.java
@@ -1,62 +1,62 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.errors;
-
-/**
- * An ExecutorException should be thrown for any problems that arise during the
- * execution of a system executable.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class ExecutorException extends EnterpriseSecurityException {
-
-	/** The Constant serialVersionUID. */
-	private static final long serialVersionUID = 1L;
-
-	/**
-	 * Instantiates a new ExecutorException.
-	 */
-	protected ExecutorException() {
-		// hidden
-	}
-
-    /**
-     * Creates a new instance of ExecutorException.
-     * 
-     * @param userMessage
-     *            the message to display to users
-     * @param logMessage
-	 * 			  the message logged
-     */
-    public ExecutorException(String userMessage, String logMessage) {
-        super(userMessage, logMessage);
-    }
-
-    /**
-     * Instantiates a new ExecutorException.
-     * 
-     * @param userMessage
-     *            the message to display to users
-     * @param logMessage
-	 * 			  the message logged
-     * @param cause
-     *            the cause
-     */
-    public ExecutorException(String userMessage, String logMessage, Throwable cause) {
-        super(userMessage, logMessage, cause);
-    }
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.errors;
+
+/**
+ * An ExecutorException should be thrown for any problems that arise during the
+ * execution of a system executable.
+ * 
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class ExecutorException extends EnterpriseSecurityException {
+
+	/** The Constant serialVersionUID. */
+	private static final long serialVersionUID = 1L;
+
+	/**
+	 * Instantiates a new ExecutorException.
+	 */
+	protected ExecutorException() {
+		// hidden
+	}
+
+    /**
+     * Creates a new instance of ExecutorException.
+     * 
+     * @param userMessage
+     *            the message to display to users
+     * @param logMessage
+	 * 			  the message logged
+     */
+    public ExecutorException(String userMessage, String logMessage) {
+        super(userMessage, logMessage);
+    }
+
+    /**
+     * Instantiates a new ExecutorException.
+     * 
+     * @param userMessage
+     *            the message to display to users
+     * @param logMessage
+	 * 			  the message logged
+     * @param cause
+     *            the cause
+     */
+    public ExecutorException(String userMessage, String logMessage, Throwable cause) {
+        super(userMessage, logMessage, cause);
+    }
+
+}

From e3066d0fb2fa08b5abbe6e37023837b59f866324 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:48 -0500
Subject: [PATCH 120/812] Change CRLF to LF for issue 356.

---
 .../esapi/errors/IntegrityException.java      | 124 +++++++++---------
 1 file changed, 62 insertions(+), 62 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/errors/IntegrityException.java b/src/main/java/org/owasp/esapi/errors/IntegrityException.java
index 02e37979a..59d97a189 100644
--- a/src/main/java/org/owasp/esapi/errors/IntegrityException.java
+++ b/src/main/java/org/owasp/esapi/errors/IntegrityException.java
@@ -1,62 +1,62 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.errors;
-
-/**
- * An IntegrityException should be thrown when a problem with the integrity of data
- * has been detected. For example, if a financial account cannot be reconciled after
- * a transaction has been performed, an integrity exception should be thrown.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class IntegrityException extends EnterpriseSecurityException {
-
-	/** The Constant serialVersionUID. */
-	private static final long serialVersionUID = 1L;
-
-	/**
-	 * Instantiates a new availability exception.
-	 */
-	protected IntegrityException() {
-		// hidden
-	}
-
-    /**
-     * Creates a new instance of IntegrityException.
-     * 
-     * @param userMessage
-     *            the message to display to users
-     * @param logMessage
-	 * 			  the message logged
-     */
-    public IntegrityException(String userMessage, String logMessage) {
-        super(userMessage, logMessage);
-    }
-
-    /**
-     * Instantiates a new IntegrityException.
-     * 
-     * @param userMessage
-     *            the message to display to users
-     * @param logMessage
-	 * 			  the message logged
-     * @param cause
-     *            the cause
-     */
-    public IntegrityException(String userMessage, String logMessage, Throwable cause) {
-        super(userMessage, logMessage, cause);
-    }
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.errors;
+
+/**
+ * An IntegrityException should be thrown when a problem with the integrity of data
+ * has been detected. For example, if a financial account cannot be reconciled after
+ * a transaction has been performed, an integrity exception should be thrown.
+ * 
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class IntegrityException extends EnterpriseSecurityException {
+
+	/** The Constant serialVersionUID. */
+	private static final long serialVersionUID = 1L;
+
+	/**
+	 * Instantiates a new availability exception.
+	 */
+	protected IntegrityException() {
+		// hidden
+	}
+
+    /**
+     * Creates a new instance of IntegrityException.
+     * 
+     * @param userMessage
+     *            the message to display to users
+     * @param logMessage
+	 * 			  the message logged
+     */
+    public IntegrityException(String userMessage, String logMessage) {
+        super(userMessage, logMessage);
+    }
+
+    /**
+     * Instantiates a new IntegrityException.
+     * 
+     * @param userMessage
+     *            the message to display to users
+     * @param logMessage
+	 * 			  the message logged
+     * @param cause
+     *            the cause
+     */
+    public IntegrityException(String userMessage, String logMessage, Throwable cause) {
+        super(userMessage, logMessage, cause);
+    }
+}

From a687babed82b92ce30eefe33314d7907d3a0c549 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:48 -0500
Subject: [PATCH 121/812] Change CRLF to LF for issue 356.

---
 .../esapi/errors/IntrusionException.java      | 184 +++++++++---------
 1 file changed, 92 insertions(+), 92 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/errors/IntrusionException.java b/src/main/java/org/owasp/esapi/errors/IntrusionException.java
index 718f8a7c3..b5253ea28 100644
--- a/src/main/java/org/owasp/esapi/errors/IntrusionException.java
+++ b/src/main/java/org/owasp/esapi/errors/IntrusionException.java
@@ -1,92 +1,92 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.errors;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.Logger;
-
-/**
- * An IntrusionException should be thrown anytime an error condition arises that is likely to be the result of an attack
- * in progress. IntrusionExceptions are handled specially by the IntrusionDetector, which is equipped to respond by
- * either specially logging the event, logging out the current user, or invalidating the current user's account.
- * <P>
- * Unlike other exceptions in the ESAPI, the IntrusionException is a RuntimeException so that it can be thrown from
- * anywhere and will not require a lot of special exception handling.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class IntrusionException extends EnterpriseSecurityRuntimeException {
-
-    /** The Constant serialVersionUID. */
-    private static final long serialVersionUID = 1L;
-
-    /** The logger. */
-    protected final transient Logger logger = ESAPI.getLogger("IntrusionException");
-
-    /**
-     *
-     */
-    protected String logMessage = null;
-
-    /**
-     * Creates a new instance of IntrusionException.
-     * 
-     * @param userMessage
-     *            the message to display to users
-     * @param logMessage
-	 * 			  the message logged
-     */
-    public IntrusionException(String userMessage, String logMessage) {
-        super(userMessage);
-        this.logMessage = logMessage;
-        logger.error(Logger.SECURITY_FAILURE, "INTRUSION - " + logMessage);
-    }
-
-    /**
-     * Instantiates a new intrusion exception.
-     * 
-     * @param userMessage
-     *            the message to display to users
-     * @param logMessage
-	 * 			  the message logged
-     * @param cause 
-     *			  the cause
-     */
-    public IntrusionException(String userMessage, String logMessage, Throwable cause) {
-        super(userMessage, cause);
-        this.logMessage = logMessage;
-        logger.error(Logger.SECURITY_FAILURE, "INTRUSION - " + logMessage, cause);
-    }
-
-    /**
-     * Returns a String containing a message that is safe to display to users
-     * 
-     * @return a String containing a message that is safe to display to users
-     */
-    public String getUserMessage() {
-        return getMessage();
-    }
-
-    /**
-     * Returns a String that is safe to display in logs, but probably not to users
-     * 
-     * @return a String containing a message that is safe to display in logs, but probably not to users
-     */
-    public String getLogMessage() {
-        return logMessage;
-    }
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.errors;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Logger;
+
+/**
+ * An IntrusionException should be thrown anytime an error condition arises that is likely to be the result of an attack
+ * in progress. IntrusionExceptions are handled specially by the IntrusionDetector, which is equipped to respond by
+ * either specially logging the event, logging out the current user, or invalidating the current user's account.
+ * <P>
+ * Unlike other exceptions in the ESAPI, the IntrusionException is a RuntimeException so that it can be thrown from
+ * anywhere and will not require a lot of special exception handling.
+ * 
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class IntrusionException extends EnterpriseSecurityRuntimeException {
+
+    /** The Constant serialVersionUID. */
+    private static final long serialVersionUID = 1L;
+
+    /** The logger. */
+    protected final transient Logger logger = ESAPI.getLogger("IntrusionException");
+
+    /**
+     *
+     */
+    protected String logMessage = null;
+
+    /**
+     * Creates a new instance of IntrusionException.
+     * 
+     * @param userMessage
+     *            the message to display to users
+     * @param logMessage
+	 * 			  the message logged
+     */
+    public IntrusionException(String userMessage, String logMessage) {
+        super(userMessage);
+        this.logMessage = logMessage;
+        logger.error(Logger.SECURITY_FAILURE, "INTRUSION - " + logMessage);
+    }
+
+    /**
+     * Instantiates a new intrusion exception.
+     * 
+     * @param userMessage
+     *            the message to display to users
+     * @param logMessage
+	 * 			  the message logged
+     * @param cause 
+     *			  the cause
+     */
+    public IntrusionException(String userMessage, String logMessage, Throwable cause) {
+        super(userMessage, cause);
+        this.logMessage = logMessage;
+        logger.error(Logger.SECURITY_FAILURE, "INTRUSION - " + logMessage, cause);
+    }
+
+    /**
+     * Returns a String containing a message that is safe to display to users
+     * 
+     * @return a String containing a message that is safe to display to users
+     */
+    public String getUserMessage() {
+        return getMessage();
+    }
+
+    /**
+     * Returns a String that is safe to display in logs, but probably not to users
+     * 
+     * @return a String containing a message that is safe to display in logs, but probably not to users
+     */
+    public String getLogMessage() {
+        return logMessage;
+    }
+
+}

From dd7e5732ee6ba7fafe349284509f5f2c8612e829 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:48 -0500
Subject: [PATCH 122/812] Change CRLF to LF for issue 356.

---
 .../ValidationAvailabilityException.java      | 114 +++++++++---------
 1 file changed, 57 insertions(+), 57 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/errors/ValidationAvailabilityException.java b/src/main/java/org/owasp/esapi/errors/ValidationAvailabilityException.java
index d749e4f04..4e4a1d48b 100644
--- a/src/main/java/org/owasp/esapi/errors/ValidationAvailabilityException.java
+++ b/src/main/java/org/owasp/esapi/errors/ValidationAvailabilityException.java
@@ -1,57 +1,57 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.errors;
-
-/**
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class ValidationAvailabilityException extends ValidationException {
-
-	/** The Constant serialVersionUID. */
-	private static final long serialVersionUID = 1L;
-
-	/**
-	 * Instantiates a new validation exception.
-	 */
-	protected ValidationAvailabilityException() {
-		// hidden
-	}
-
-    /**
-     * Create a new ValidationException
-     * @param userMessage
-     *            the message to display to users
-     * @param logMessage
-	 * 			  the message logged
-     */
-	public ValidationAvailabilityException(String userMessage, String logMessage) {
-		super(userMessage, logMessage);
-	}
-
-    /**
-     * Create a new ValidationException
-     * @param userMessage
-     *            the message to display to users
-     * @param logMessage
-	 * 			  the message logged
-     * @param cause
-     * 			  the cause
-     */			  
-	public ValidationAvailabilityException(String userMessage, String logMessage, Throwable cause) {
-		super(userMessage, logMessage, cause);
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.errors;
+
+/**
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class ValidationAvailabilityException extends ValidationException {
+
+	/** The Constant serialVersionUID. */
+	private static final long serialVersionUID = 1L;
+
+	/**
+	 * Instantiates a new validation exception.
+	 */
+	protected ValidationAvailabilityException() {
+		// hidden
+	}
+
+    /**
+     * Create a new ValidationException
+     * @param userMessage
+     *            the message to display to users
+     * @param logMessage
+	 * 			  the message logged
+     */
+	public ValidationAvailabilityException(String userMessage, String logMessage) {
+		super(userMessage, logMessage);
+	}
+
+    /**
+     * Create a new ValidationException
+     * @param userMessage
+     *            the message to display to users
+     * @param logMessage
+	 * 			  the message logged
+     * @param cause
+     * 			  the cause
+     */			  
+	public ValidationAvailabilityException(String userMessage, String logMessage, Throwable cause) {
+		super(userMessage, logMessage, cause);
+	}
+
+}

From 0041a07432ec4d1133be6e6bdf2671944d50f19a Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:48 -0500
Subject: [PATCH 123/812] Change CRLF to LF for issue 356.

---
 .../esapi/errors/ValidationException.java     | 230 +++++++++---------
 1 file changed, 115 insertions(+), 115 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/errors/ValidationException.java b/src/main/java/org/owasp/esapi/errors/ValidationException.java
index b6ebcb9c3..a33562f96 100644
--- a/src/main/java/org/owasp/esapi/errors/ValidationException.java
+++ b/src/main/java/org/owasp/esapi/errors/ValidationException.java
@@ -1,115 +1,115 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.errors;
-
-/**
- * A ValidationException should be thrown to indicate that the data provided by
- * the user or from some other external source does not match the validation
- * rules that have been specified for that data.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class ValidationException extends EnterpriseSecurityException {
-
-    protected static final long serialVersionUID = 1L;
-
-	/** The UI reference that caused this ValidationException */
-	private String context;
-
-	/**
-	 * Instantiates a new validation exception.
-	 */
-	protected ValidationException() {
-		// hidden
-	}
-
-    /**
-     * Creates a new instance of ValidationException.
-     * 
-     * @param userMessage
-     *            the message to display to users
-     * @param logMessage
-	 * 			  the message logged
-     */
-    public ValidationException(String userMessage, String logMessage) {
-        super(userMessage, logMessage);
-    }
-
-    /**
-     * Instantiates a new ValidationException.
-     * 
-     * @param userMessage
-     *            the message to display to users
-     * @param logMessage
-	 * 			  the message logged
-     * @param cause
-     *            the cause
-     */
-    public ValidationException(String userMessage, String logMessage, Throwable cause) {
-        super(userMessage, logMessage, cause);
-    }
-    
-    /**
-     * Creates a new instance of ValidationException.
-     * 
-     * @param userMessage
-     *            the message to display to users
-     * @param logMessage
-	 * 			  the message logged
-     * @param context
-     *            the source that caused this exception
-     */
-    public ValidationException(String userMessage, String logMessage, String context) {
-        super(userMessage, logMessage);
-        setContext(context);
-    }
-    
-    /**
-     * Instantiates a new ValidationException.
-     * 
-     * @param userMessage
-     *            the message to display to users
-     * @param logMessage
-	 * 			  the message logged
-     * @param cause
-     *            the cause
-     * @param context
-     *            the source that caused this exception
-     */
-    public ValidationException(String userMessage, String logMessage, Throwable cause, String context) {
-        super(userMessage, logMessage, cause);
-    	setContext(context);
-    }
-    
-	/**
-	 * Returns the UI reference that caused this ValidationException
-	 *  
-	 * @return context, the source that caused the exception, stored as a string
-	 */
-	public String getContext() {
-		return context;
-	}
-
-	/**
-	 * Set's the UI reference that caused this ValidationException
-	 *  
-	 * @param context
-	 * 			the context to set, passed as a String
-	 */
-	public void setContext(String context) {
-		this.context = context;
-	}
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.errors;
+
+/**
+ * A ValidationException should be thrown to indicate that the data provided by
+ * the user or from some other external source does not match the validation
+ * rules that have been specified for that data.
+ * 
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class ValidationException extends EnterpriseSecurityException {
+
+    protected static final long serialVersionUID = 1L;
+
+	/** The UI reference that caused this ValidationException */
+	private String context;
+
+	/**
+	 * Instantiates a new validation exception.
+	 */
+	protected ValidationException() {
+		// hidden
+	}
+
+    /**
+     * Creates a new instance of ValidationException.
+     * 
+     * @param userMessage
+     *            the message to display to users
+     * @param logMessage
+	 * 			  the message logged
+     */
+    public ValidationException(String userMessage, String logMessage) {
+        super(userMessage, logMessage);
+    }
+
+    /**
+     * Instantiates a new ValidationException.
+     * 
+     * @param userMessage
+     *            the message to display to users
+     * @param logMessage
+	 * 			  the message logged
+     * @param cause
+     *            the cause
+     */
+    public ValidationException(String userMessage, String logMessage, Throwable cause) {
+        super(userMessage, logMessage, cause);
+    }
+    
+    /**
+     * Creates a new instance of ValidationException.
+     * 
+     * @param userMessage
+     *            the message to display to users
+     * @param logMessage
+	 * 			  the message logged
+     * @param context
+     *            the source that caused this exception
+     */
+    public ValidationException(String userMessage, String logMessage, String context) {
+        super(userMessage, logMessage);
+        setContext(context);
+    }
+    
+    /**
+     * Instantiates a new ValidationException.
+     * 
+     * @param userMessage
+     *            the message to display to users
+     * @param logMessage
+	 * 			  the message logged
+     * @param cause
+     *            the cause
+     * @param context
+     *            the source that caused this exception
+     */
+    public ValidationException(String userMessage, String logMessage, Throwable cause, String context) {
+        super(userMessage, logMessage, cause);
+    	setContext(context);
+    }
+    
+	/**
+	 * Returns the UI reference that caused this ValidationException
+	 *  
+	 * @return context, the source that caused the exception, stored as a string
+	 */
+	public String getContext() {
+		return context;
+	}
+
+	/**
+	 * Set's the UI reference that caused this ValidationException
+	 *  
+	 * @param context
+	 * 			the context to set, passed as a String
+	 */
+	public void setContext(String context) {
+		this.context = context;
+	}
+}

From 855eefcf40ec294bfb0b086449ce8c6a34365faf Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:48 -0500
Subject: [PATCH 124/812] Change CRLF to LF for issue 356.

---
 .../errors/ValidationUploadException.java     | 118 +++++++++---------
 1 file changed, 59 insertions(+), 59 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/errors/ValidationUploadException.java b/src/main/java/org/owasp/esapi/errors/ValidationUploadException.java
index 0541e42cf..4a04de2eb 100644
--- a/src/main/java/org/owasp/esapi/errors/ValidationUploadException.java
+++ b/src/main/java/org/owasp/esapi/errors/ValidationUploadException.java
@@ -1,59 +1,59 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.errors;
-
-/**
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class ValidationUploadException extends ValidationException {
-
-	/** The Constant serialVersionUID. */
-	private static final long serialVersionUID = 1L;
-
-	/**
-	 * Instantiates a new validation exception.
-	 */
-	protected ValidationUploadException() {
-		// hidden
-	}
-
-    /**
-     * Create a new ValidationException
-     * 
-     * @param userMessage
-     *            the message to display to users
-     * @param logMessage
-	 * 			  the message logged
-     */
-	public ValidationUploadException(String userMessage, String logMessage) {
-		super(userMessage, logMessage);
-	}
-
-    /**
-     * Create a new ValidationException
-     * 
-     * @param userMessage
-     *            the message to display to users
-     * @param logMessage
-	 * 			  the message logged
-     * @param cause
-     * 			  the cause
-     */
-	public ValidationUploadException(String userMessage, String logMessage, Throwable cause) {
-		super(userMessage, logMessage, cause);
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.errors;
+
+/**
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class ValidationUploadException extends ValidationException {
+
+	/** The Constant serialVersionUID. */
+	private static final long serialVersionUID = 1L;
+
+	/**
+	 * Instantiates a new validation exception.
+	 */
+	protected ValidationUploadException() {
+		// hidden
+	}
+
+    /**
+     * Create a new ValidationException
+     * 
+     * @param userMessage
+     *            the message to display to users
+     * @param logMessage
+	 * 			  the message logged
+     */
+	public ValidationUploadException(String userMessage, String logMessage) {
+		super(userMessage, logMessage);
+	}
+
+    /**
+     * Create a new ValidationException
+     * 
+     * @param userMessage
+     *            the message to display to users
+     * @param logMessage
+	 * 			  the message logged
+     * @param cause
+     * 			  the cause
+     */
+	public ValidationUploadException(String userMessage, String logMessage, Throwable cause) {
+		super(userMessage, logMessage, cause);
+	}
+
+}

From fc745071b3c034e9993e49a75147b5d344677d8d Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:48 -0500
Subject: [PATCH 125/812] Change CRLF to LF for issue 356.

---
 src/main/java/org/owasp/esapi/Executor.java | 156 ++++++++++----------
 1 file changed, 78 insertions(+), 78 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/Executor.java b/src/main/java/org/owasp/esapi/Executor.java
index 6286741ed..b475da90d 100644
--- a/src/main/java/org/owasp/esapi/Executor.java
+++ b/src/main/java/org/owasp/esapi/Executor.java
@@ -1,78 +1,78 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi;
-
-import java.io.File;
-import java.util.List;
-
-import org.owasp.esapi.codecs.Codec;
-import org.owasp.esapi.errors.ExecutorException;
-
-/**
- * The Executor interface is used to run an OS command with reduced security risk.
- * 
- * <p>Implementations should do as much as possible to minimize the risk of
- * injection into either the command or parameters. In addition, implementations
- * should timeout after a specified time period in order to help prevent denial
- * of service attacks.</p> 
- * 
- * <p>The class should perform logging and error handling as
- * well. Finally, implementation should handle errors and generate an
- * ExecutorException with all the necessary information.</p>
- *
- * <p>The reference implementation does all of the above.</p>
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- */
-public interface Executor {
-
-	/**
-	 * Invokes the specified executable with default workdir and codec and not logging parameters.
-	 * 
-	 * @param executable
-	 *            the command to execute
-	 * @param params
-	 *            the parameters of the command being executed
-	 */
-	ExecuteResult executeSystemCommand(File executable, List params) throws ExecutorException;
-
-	/**
-	 * Executes a system command after checking that the executable exists and
-	 * escaping all the parameters to ensure that injection is impossible.
-	 * Implementations must change to the specified working
-	 * directory before invoking the command.
-	 *
-	 * @param executable
-	 *            the command to execute
-	 * @param params
-	 *            the parameters of the command being executed
-	 * @param workdir
-	 *            the working directory
-	 * @param codec
-	 *            the codec to use to encode for the particular OS in use
-	 * @param logParams
-	 *            use false if any parameters contains sensitive or confidential information
-	 *
-	 * @return the output of the command being run
-	 *
-	 * @throws ExecutorException
-	 *             the service exception
-	 */
-	ExecuteResult executeSystemCommand(File executable, List params, File workdir, Codec codec, boolean logParams, boolean redirectErrorStream) throws ExecutorException;
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi;
+
+import java.io.File;
+import java.util.List;
+
+import org.owasp.esapi.codecs.Codec;
+import org.owasp.esapi.errors.ExecutorException;
+
+/**
+ * The Executor interface is used to run an OS command with reduced security risk.
+ * 
+ * <p>Implementations should do as much as possible to minimize the risk of
+ * injection into either the command or parameters. In addition, implementations
+ * should timeout after a specified time period in order to help prevent denial
+ * of service attacks.</p> 
+ * 
+ * <p>The class should perform logging and error handling as
+ * well. Finally, implementation should handle errors and generate an
+ * ExecutorException with all the necessary information.</p>
+ *
+ * <p>The reference implementation does all of the above.</p>
+ * 
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ */
+public interface Executor {
+
+	/**
+	 * Invokes the specified executable with default workdir and codec and not logging parameters.
+	 * 
+	 * @param executable
+	 *            the command to execute
+	 * @param params
+	 *            the parameters of the command being executed
+	 */
+	ExecuteResult executeSystemCommand(File executable, List params) throws ExecutorException;
+
+	/**
+	 * Executes a system command after checking that the executable exists and
+	 * escaping all the parameters to ensure that injection is impossible.
+	 * Implementations must change to the specified working
+	 * directory before invoking the command.
+	 *
+	 * @param executable
+	 *            the command to execute
+	 * @param params
+	 *            the parameters of the command being executed
+	 * @param workdir
+	 *            the working directory
+	 * @param codec
+	 *            the codec to use to encode for the particular OS in use
+	 * @param logParams
+	 *            use false if any parameters contains sensitive or confidential information
+	 *
+	 * @return the output of the command being run
+	 *
+	 * @throws ExecutorException
+	 *             the service exception
+	 */
+	ExecuteResult executeSystemCommand(File executable, List params, File workdir, Codec codec, boolean logParams, boolean redirectErrorStream) throws ExecutorException;
+
+}

From a5c5d3c56373254da11b9e64cca60f0aaf268129 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:48 -0500
Subject: [PATCH 126/812] Change CRLF to LF for issue 356.

---
 .../owasp/esapi/filters/ClickjackFilter.java  | 216 +++++++++---------
 1 file changed, 108 insertions(+), 108 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/filters/ClickjackFilter.java b/src/main/java/org/owasp/esapi/filters/ClickjackFilter.java
index 86025b1dd..8f1038691 100644
--- a/src/main/java/org/owasp/esapi/filters/ClickjackFilter.java
+++ b/src/main/java/org/owasp/esapi/filters/ClickjackFilter.java
@@ -1,108 +1,108 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author     Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created    February 6, 2009
- */
-
-package org.owasp.esapi.filters;
-import java.io.IOException;
-
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletResponse;
-
-/**
- * The {@code ClickjackFilter} is discussed at
- * {@link http://www.owasp.org/index.php/ClickjackFilter_for_Java_EE}.
- * <pre>
- *     <filter>
- *            <filter-name>ClickjackFilterDeny</filter-name>
- *            <filter-class>org.owasp.filters.ClickjackFilter</filter-class>
- *            <init-param>
- *                <param-name>mode</param-name>
- *                 <param-value>DENY</param-value>
- *             </init-param>
- *         </filter>
- *         
- *         <filter>
- *             <filter-name>ClickjackFilterSameOrigin</filter-name>
- *             <filter-class>org.owasp.filters.ClickjackFilter</filter-class>
- *             <init-param>
- *                 <param-name>mode</param-name>
- *                 <param-value>SAMEORIGIN</param-value>
- *             </init-param>
- *         </filter>
- *        
- *        <!--  use the Deny version to prevent anyone, including yourself, from framing the page -->
- *        <filter-mapping> 
- *            <filter-name>ClickjackFilterDeny</filter-name>
- *            <url-pattern>/*</url-pattern>
- *        </filter-mapping>
- *         
- *         <!-- use the SameOrigin version to allow your application to frame, but nobody else
- *         <filter-mapping> 
- *            <filter-name>ClickjackFilterSameOrigin</filter-name>
- *             <url-pattern>/*</url-pattern>
- *         </filter-mapping>
- * </pre>
- */
-public class ClickjackFilter implements Filter 
-{
-
-	private String mode = "DENY";
-
-	/**
-	 * Initialize "mode" parameter from web.xml. Valid values are "DENY" and "SAMEORIGIN". 
-	 * If you leave this parameter out, the default is to use the DENY mode.
-	 * 
-	 * @param filterConfig A filter configuration object used by a servlet container
-	 *                     to pass information to a filter during initialization. 
-	 */
-	public void init(FilterConfig filterConfig) {
-		String configMode = filterConfig.getInitParameter("mode");
-		if ( configMode != null && ( configMode.equals( "DENY" ) || configMode.equals( "SAMEORIGIN" ) ) ) {
-			mode = configMode;
-		}
-	}
-	
-	/**
-	 * Add X-FRAME-OPTIONS response header to tell IE8 (and any other browsers who
-	 * decide to implement) not to display this content in a frame. For details, please
-	 * refer to
-	 * {@link http://blogs.msdn.com/sdl/archive/2009/02/05/clickjacking-defense-in-ie8.aspx}.
-	 * 
-	 * @param request The request object.
-	 * @param response The response object.
-	 * @param chain Refers to the {@code FilterChain} object to pass control to the
-	 *              next {@code Filter}.
-	 * @throws IOException
-	 * @throws ServletException
-	 */
-	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException
-	{
-        HttpServletResponse res = (HttpServletResponse)response;
-        res.addHeader("X-FRAME-OPTIONS", mode );
-        chain.doFilter(request, response);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void destroy() {
-	}
-	
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author     Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created    February 6, 2009
+ */
+
+package org.owasp.esapi.filters;
+import java.io.IOException;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * The {@code ClickjackFilter} is discussed at
+ * {@link http://www.owasp.org/index.php/ClickjackFilter_for_Java_EE}.
+ * <pre>
+ *     <filter>
+ *            <filter-name>ClickjackFilterDeny</filter-name>
+ *            <filter-class>org.owasp.filters.ClickjackFilter</filter-class>
+ *            <init-param>
+ *                <param-name>mode</param-name>
+ *                 <param-value>DENY</param-value>
+ *             </init-param>
+ *         </filter>
+ *         
+ *         <filter>
+ *             <filter-name>ClickjackFilterSameOrigin</filter-name>
+ *             <filter-class>org.owasp.filters.ClickjackFilter</filter-class>
+ *             <init-param>
+ *                 <param-name>mode</param-name>
+ *                 <param-value>SAMEORIGIN</param-value>
+ *             </init-param>
+ *         </filter>
+ *        
+ *        <!--  use the Deny version to prevent anyone, including yourself, from framing the page -->
+ *        <filter-mapping> 
+ *            <filter-name>ClickjackFilterDeny</filter-name>
+ *            <url-pattern>/*</url-pattern>
+ *        </filter-mapping>
+ *         
+ *         <!-- use the SameOrigin version to allow your application to frame, but nobody else
+ *         <filter-mapping> 
+ *            <filter-name>ClickjackFilterSameOrigin</filter-name>
+ *             <url-pattern>/*</url-pattern>
+ *         </filter-mapping>
+ * </pre>
+ */
+public class ClickjackFilter implements Filter 
+{
+
+	private String mode = "DENY";
+
+	/**
+	 * Initialize "mode" parameter from web.xml. Valid values are "DENY" and "SAMEORIGIN". 
+	 * If you leave this parameter out, the default is to use the DENY mode.
+	 * 
+	 * @param filterConfig A filter configuration object used by a servlet container
+	 *                     to pass information to a filter during initialization. 
+	 */
+	public void init(FilterConfig filterConfig) {
+		String configMode = filterConfig.getInitParameter("mode");
+		if ( configMode != null && ( configMode.equals( "DENY" ) || configMode.equals( "SAMEORIGIN" ) ) ) {
+			mode = configMode;
+		}
+	}
+	
+	/**
+	 * Add X-FRAME-OPTIONS response header to tell IE8 (and any other browsers who
+	 * decide to implement) not to display this content in a frame. For details, please
+	 * refer to
+	 * {@link http://blogs.msdn.com/sdl/archive/2009/02/05/clickjacking-defense-in-ie8.aspx}.
+	 * 
+	 * @param request The request object.
+	 * @param response The response object.
+	 * @param chain Refers to the {@code FilterChain} object to pass control to the
+	 *              next {@code Filter}.
+	 * @throws IOException
+	 * @throws ServletException
+	 */
+	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException
+	{
+        HttpServletResponse res = (HttpServletResponse)response;
+        res.addHeader("X-FRAME-OPTIONS", mode );
+        chain.doFilter(request, response);
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public void destroy() {
+	}
+	
+}

From 48e7db7725c738ebd34c413a403c1301754645a4 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:48 -0500
Subject: [PATCH 127/812] Change CRLF to LF for issue 356.

---
 .../org/owasp/esapi/filters/ESAPIFilter.java  | 280 +++++++++---------
 1 file changed, 140 insertions(+), 140 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/filters/ESAPIFilter.java b/src/main/java/org/owasp/esapi/filters/ESAPIFilter.java
index 840d17bdd..5fa374e1a 100644
--- a/src/main/java/org/owasp/esapi/filters/ESAPIFilter.java
+++ b/src/main/java/org/owasp/esapi/filters/ESAPIFilter.java
@@ -1,141 +1,141 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.filters;
-
-import java.io.IOException;
-import java.util.Arrays;
-
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.RequestDispatcher;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.Logger;
-import org.owasp.esapi.errors.AuthenticationException;
-
-/**
- *
- * @author jwilliams
- */
-public class ESAPIFilter implements Filter {
-
-	private final Logger logger = ESAPI.getLogger("ESAPIFilter");
-
-	private static final String[] obfuscate = { "password" };
-
-	/**
-	 * Called by the web container to indicate to a filter that it is being
-	 * placed into service. The servlet container calls the init method exactly
-	 * once after instantiating the filter. The init method must complete
-	 * successfully before the filter is asked to do any filtering work.
-	 * 
-	 * @param filterConfig
-	 *            configuration object
-	 */
-	public void init(FilterConfig filterConfig) {
-		String path = filterConfig.getInitParameter("resourceDirectory");
-		if ( path != null ) {
-			ESAPI.securityConfiguration().setResourceDirectory( path );
-		}
-	}
-
-	/**
-	 * The doFilter method of the Filter is called by the container each time a
-	 * request/response pair is passed through the chain due to a client request
-	 * for a resource at the end of the chain. The FilterChain passed in to this
-	 * method allows the Filter to pass on the request and response to the next
-	 * entity in the chain.
-	 * 
-	 * @param req
-	 *            Request object to be processed
-	 * @param resp
-	 *            Response object
-	 * @param chain
-	 *            current FilterChain
-	 * @exception IOException
-	 *                if any occurs
-	 */
-	public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException {
-		HttpServletRequest request = (HttpServletRequest) req;
-		HttpServletResponse response = (HttpServletResponse) resp;
-		ESAPI.httpUtilities().setCurrentHTTP(request, response);
-		
-		try {
-			// figure out who the current user is
-			try {
-				ESAPI.authenticator().login(request, response);
-			} catch( AuthenticationException e ) {
-				ESAPI.authenticator().logout();
-				request.setAttribute("message", "Authentication failed");
-				RequestDispatcher dispatcher = request.getRequestDispatcher("WEB-INF/login.jsp");
-				dispatcher.forward(request, response);
-				return;
-			}
-
-			// log this request, obfuscating any parameter named password
-			ESAPI.httpUtilities().logHTTPRequest(request, logger, Arrays.asList(obfuscate));
-
-			// check access to this URL
-			if ( !ESAPI.accessController().isAuthorizedForURL(request.getRequestURI()) ) {
-				request.setAttribute("message", "Unauthorized" );
-				RequestDispatcher dispatcher = request.getRequestDispatcher("WEB-INF/index.jsp");
-				dispatcher.forward(request, response);
-				return;
-			}
-
-			// check for CSRF attacks
-			// ESAPI.httpUtilities().checkCSRFToken();
-			
-			// forward this request on to the web application
-			chain.doFilter(request, response);
-
-			// set up response with content type
-			ESAPI.httpUtilities().setContentType( response );
-
-            // set no-cache headers on every response
-            // only do this if the entire site should not be cached
-            // otherwise you should do this strategically in your controller or actions
-			ESAPI.httpUtilities().setNoCacheHeaders( response );
-            
-		} catch (Exception e) {
-			logger.error( Logger.SECURITY_FAILURE, "Error in ESAPI security filter: " + e.getMessage(), e );
-			request.setAttribute("message", e.getMessage() );
-			
-		} finally {
-			// VERY IMPORTANT
-			// clear out the ThreadLocal variables in the authenticator
-			// some containers could possibly reuse this thread without clearing the User
-			ESAPI.clearCurrent();
-		}
-	}
-
-	/**
-	 * Called by the web container to indicate to a filter that it is being
-	 * taken out of service. This method is only called once all threads within
-	 * the filter's doFilter method have exited or after a timeout period has
-	 * passed. After the web container calls this method, it will not call the
-	 * doFilter method again on this instance of the filter.
-	 */
-	public void destroy() {
-		// finalize
-	}
-
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.filters;
+
+import java.io.IOException;
+import java.util.Arrays;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.RequestDispatcher;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.errors.AuthenticationException;
+
+/**
+ *
+ * @author jwilliams
+ */
+public class ESAPIFilter implements Filter {
+
+	private final Logger logger = ESAPI.getLogger("ESAPIFilter");
+
+	private static final String[] obfuscate = { "password" };
+
+	/**
+	 * Called by the web container to indicate to a filter that it is being
+	 * placed into service. The servlet container calls the init method exactly
+	 * once after instantiating the filter. The init method must complete
+	 * successfully before the filter is asked to do any filtering work.
+	 * 
+	 * @param filterConfig
+	 *            configuration object
+	 */
+	public void init(FilterConfig filterConfig) {
+		String path = filterConfig.getInitParameter("resourceDirectory");
+		if ( path != null ) {
+			ESAPI.securityConfiguration().setResourceDirectory( path );
+		}
+	}
+
+	/**
+	 * The doFilter method of the Filter is called by the container each time a
+	 * request/response pair is passed through the chain due to a client request
+	 * for a resource at the end of the chain. The FilterChain passed in to this
+	 * method allows the Filter to pass on the request and response to the next
+	 * entity in the chain.
+	 * 
+	 * @param req
+	 *            Request object to be processed
+	 * @param resp
+	 *            Response object
+	 * @param chain
+	 *            current FilterChain
+	 * @exception IOException
+	 *                if any occurs
+	 */
+	public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException {
+		HttpServletRequest request = (HttpServletRequest) req;
+		HttpServletResponse response = (HttpServletResponse) resp;
+		ESAPI.httpUtilities().setCurrentHTTP(request, response);
+		
+		try {
+			// figure out who the current user is
+			try {
+				ESAPI.authenticator().login(request, response);
+			} catch( AuthenticationException e ) {
+				ESAPI.authenticator().logout();
+				request.setAttribute("message", "Authentication failed");
+				RequestDispatcher dispatcher = request.getRequestDispatcher("WEB-INF/login.jsp");
+				dispatcher.forward(request, response);
+				return;
+			}
+
+			// log this request, obfuscating any parameter named password
+			ESAPI.httpUtilities().logHTTPRequest(request, logger, Arrays.asList(obfuscate));
+
+			// check access to this URL
+			if ( !ESAPI.accessController().isAuthorizedForURL(request.getRequestURI()) ) {
+				request.setAttribute("message", "Unauthorized" );
+				RequestDispatcher dispatcher = request.getRequestDispatcher("WEB-INF/index.jsp");
+				dispatcher.forward(request, response);
+				return;
+			}
+
+			// check for CSRF attacks
+			// ESAPI.httpUtilities().checkCSRFToken();
+			
+			// forward this request on to the web application
+			chain.doFilter(request, response);
+
+			// set up response with content type
+			ESAPI.httpUtilities().setContentType( response );
+
+            // set no-cache headers on every response
+            // only do this if the entire site should not be cached
+            // otherwise you should do this strategically in your controller or actions
+			ESAPI.httpUtilities().setNoCacheHeaders( response );
+            
+		} catch (Exception e) {
+			logger.error( Logger.SECURITY_FAILURE, "Error in ESAPI security filter: " + e.getMessage(), e );
+			request.setAttribute("message", e.getMessage() );
+			
+		} finally {
+			// VERY IMPORTANT
+			// clear out the ThreadLocal variables in the authenticator
+			// some containers could possibly reuse this thread without clearing the User
+			ESAPI.clearCurrent();
+		}
+	}
+
+	/**
+	 * Called by the web container to indicate to a filter that it is being
+	 * taken out of service. This method is only called once all threads within
+	 * the filter's doFilter method have exited or after a timeout period has
+	 * passed. After the web container calls this method, it will not call the
+	 * doFilter method again on this instance of the filter.
+	 */
+	public void destroy() {
+		// finalize
+	}
+
 }
\ No newline at end of file

From d8104603f992b0e45a1cbf4d4f774cc552dd0ccf Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:48 -0500
Subject: [PATCH 128/812] Change CRLF to LF for issue 356.

---
 .../filters/RequestRateThrottleFilter.java    | 220 +++++++++---------
 1 file changed, 110 insertions(+), 110 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/filters/RequestRateThrottleFilter.java b/src/main/java/org/owasp/esapi/filters/RequestRateThrottleFilter.java
index 4d78551fd..31fbfef6e 100644
--- a/src/main/java/org/owasp/esapi/filters/RequestRateThrottleFilter.java
+++ b/src/main/java/org/owasp/esapi/filters/RequestRateThrottleFilter.java
@@ -1,110 +1,110 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.filters;
-
-import org.owasp.esapi.ESAPI;
-
-import javax.servlet.*;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
-import java.io.IOException;
-import java.util.Date;
-import java.util.List;
-import java.util.LinkedList;
-
-/**
- * A simple servlet filter that limits the request rate to a certain threshold of requests per second.
- * The default rate is 5 hits in 10 seconds. This can be overridden in the web.xml file by adding
- * parameters named "hits" and "period" with the desired values. When the rate is exceeded, a short
- * string is written to the response output stream and the chain method is not invoked. Otherwise,
- * processing proceeds as normal.
- */
-public class RequestRateThrottleFilter implements Filter
-{
-
-    private int hits = 5;
-
-    private int period = 10;
-
-    private static final String HITS = "hits";
-
-    private static final String PERIOD = "period";
-
-    /**
-     * Called by the web container to indicate to a filter that it is being
-     * placed into service. The servlet container calls the init method exactly
-     * once after instantiating the filter. The init method must complete
-     * successfully before the filter is asked to do any filtering work.
-     * 
-     * @param filterConfig
-     *            configuration object
-     */
-    public void init(FilterConfig filterConfig)
-    {
-        hits = filterConfig.getInitParameter(HITS) == null ? 5 : Integer.parseInt(filterConfig.getInitParameter(HITS));
-        period = filterConfig.getInitParameter(PERIOD) == null ? 10 : Integer.parseInt(filterConfig.getInitParameter(PERIOD));
-    }
-
-    /**
-     * Checks to see if the current session has exceeded the allowed number
-     * of requests in the specified time period. If the threshold has been
-     * exceeded, then a short error message is written to the output stream and
-     * no further processing is done on the request. Otherwise the request is
-     * processed as normal.
-     * @param request 
-     * @param response 
-     * @param chain 
-     * @throws IOException
-     * @throws ServletException
-     */
-    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException
-    {
-        HttpServletRequest httpRequest = (HttpServletRequest) request;
-        HttpSession session = httpRequest.getSession(true);
-        
-        synchronized( session.getId().intern() ) {
-            List<Long> times = ESAPI.httpUtilities().getSessionAttribute("times");
-            if (times == null) {
-                times = new LinkedList<Long>();
-                session.setAttribute("times", times);
-            }
-            Long newest = System.currentTimeMillis();
-            times.add(newest);
-            if (times.size() > hits) {
-                Long oldest = times.remove(0);
-                long elapsed = newest - oldest;
-                if (elapsed < period * 1000) {
-                    response.getWriter().println("Request rate too high");
-                    return;
-                }
-            }
-        }
-        chain.doFilter(request, response);
-    }
-
-    /**
-     * Called by the web container to indicate to a filter that it is being
-     * taken out of service. This method is only called once all threads within
-     * the filter's doFilter method have exited or after a timeout period has
-     * passed. After the web container calls this method, it will not call the
-     * doFilter method again on this instance of the filter.
-     */
-    public void destroy()
-    {
-        // finalize
-    }
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.filters;
+
+import org.owasp.esapi.ESAPI;
+
+import javax.servlet.*;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+import java.io.IOException;
+import java.util.Date;
+import java.util.List;
+import java.util.LinkedList;
+
+/**
+ * A simple servlet filter that limits the request rate to a certain threshold of requests per second.
+ * The default rate is 5 hits in 10 seconds. This can be overridden in the web.xml file by adding
+ * parameters named "hits" and "period" with the desired values. When the rate is exceeded, a short
+ * string is written to the response output stream and the chain method is not invoked. Otherwise,
+ * processing proceeds as normal.
+ */
+public class RequestRateThrottleFilter implements Filter
+{
+
+    private int hits = 5;
+
+    private int period = 10;
+
+    private static final String HITS = "hits";
+
+    private static final String PERIOD = "period";
+
+    /**
+     * Called by the web container to indicate to a filter that it is being
+     * placed into service. The servlet container calls the init method exactly
+     * once after instantiating the filter. The init method must complete
+     * successfully before the filter is asked to do any filtering work.
+     * 
+     * @param filterConfig
+     *            configuration object
+     */
+    public void init(FilterConfig filterConfig)
+    {
+        hits = filterConfig.getInitParameter(HITS) == null ? 5 : Integer.parseInt(filterConfig.getInitParameter(HITS));
+        period = filterConfig.getInitParameter(PERIOD) == null ? 10 : Integer.parseInt(filterConfig.getInitParameter(PERIOD));
+    }
+
+    /**
+     * Checks to see if the current session has exceeded the allowed number
+     * of requests in the specified time period. If the threshold has been
+     * exceeded, then a short error message is written to the output stream and
+     * no further processing is done on the request. Otherwise the request is
+     * processed as normal.
+     * @param request 
+     * @param response 
+     * @param chain 
+     * @throws IOException
+     * @throws ServletException
+     */
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException
+    {
+        HttpServletRequest httpRequest = (HttpServletRequest) request;
+        HttpSession session = httpRequest.getSession(true);
+        
+        synchronized( session.getId().intern() ) {
+            List<Long> times = ESAPI.httpUtilities().getSessionAttribute("times");
+            if (times == null) {
+                times = new LinkedList<Long>();
+                session.setAttribute("times", times);
+            }
+            Long newest = System.currentTimeMillis();
+            times.add(newest);
+            if (times.size() > hits) {
+                Long oldest = times.remove(0);
+                long elapsed = newest - oldest;
+                if (elapsed < period * 1000) {
+                    response.getWriter().println("Request rate too high");
+                    return;
+                }
+            }
+        }
+        chain.doFilter(request, response);
+    }
+
+    /**
+     * Called by the web container to indicate to a filter that it is being
+     * taken out of service. This method is only called once all threads within
+     * the filter's doFilter method have exited or after a timeout period has
+     * passed. After the web container calls this method, it will not call the
+     * doFilter method again on this instance of the filter.
+     */
+    public void destroy()
+    {
+        // finalize
+    }
+
+}

From 359efa250bae802309559ef256c4702400b733f1 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:48 -0500
Subject: [PATCH 129/812] Change CRLF to LF for issue 356.

---
 .../owasp/esapi/filters/SecurityWrapper.java  | 272 +++++++++---------
 1 file changed, 136 insertions(+), 136 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/filters/SecurityWrapper.java b/src/main/java/org/owasp/esapi/filters/SecurityWrapper.java
index ba32981b6..82d6ce1f4 100644
--- a/src/main/java/org/owasp/esapi/filters/SecurityWrapper.java
+++ b/src/main/java/org/owasp/esapi/filters/SecurityWrapper.java
@@ -1,136 +1,136 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.filters;
-
-import java.io.IOException;
-
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.Logger;
-import org.owasp.esapi.StringUtilities;
-
-
-/**
- * This filter wraps the incoming request and outgoing response and overrides
- * many methods with safer versions. Many of the safer versions simply validate
- * parts of the request or response for unwanted characters before allowing the
- * call to complete. Some examples of attacks that use these
- * vectors include request splitting, response splitting, and file download
- * injection. Attackers use techniques like CRLF injection and null byte injection
- * to confuse the parsing of requests and responses.
- * <p/>
- * <b>Example Configuration #1 (Default Configuration allows /WEB-INF):</b>
- * <pre>
- * &lt;filter&gt;
- *    &lt;filter-name&gt;SecurityWrapperDefault&lt;/filter-name&gt;
- *    &lt;filter-class&gt;org.owasp.filters.SecurityWrapper&lt;/filter-class&gt;
- * &lt;/filter&gt;
- * </pre>
- * <p/>
- * <b>Example Configuration #2 (Allows /servlet)</b>
- * <pre>
- * &lt;filter&gt;
- *    &lt;filter-name&gt;SecurityWrapperForServlet&lt;/filter-name&gt;
- *    &lt;filter-class&gt;org.owasp.filters.SecurityWrapper&lt;/filter-class&gt;
- *    &lt;init-param&gt;
- *       &lt;param-name&gt;allowableResourceRoot&lt;/param-name&gt;
- *       &lt;param-value&gt;/servlet&lt;/param-value&gt;
- *    &lt;/init-param&gt;
- * &lt;/filter&gt;
- * </pre>
- *
- * @author  Chris Schmidt (chrisisbeef@gmail.com)
- */
-public class SecurityWrapper implements Filter {
-
-    private final Logger logger = ESAPI.getLogger("SecurityWrapper");
-
-    /**
-     * This is the root path of what resources this filter will allow a RequestDispatcher to be dispatched to. This
-     * defaults to WEB-INF as best practice dictates that dispatched requests should be done to resources that are
-     * not browsable and everything behind WEB-INF is protected by the container. However, it is possible and sometimes
-     * required to dispatch requests to places outside of the WEB-INF path (such as to another servlet).
-     *
-     * See <a href="http://code.google.com/p/owasp-esapi-java/issues/detail?id=70">http://code.google.com/p/owasp-esapi-java/issues/detail?id=70</a>
-     * and <a href="https://lists.owasp.org/pipermail/owasp-esapi/2009-December/001672.html">https://lists.owasp.org/pipermail/owasp-esapi/2009-December/001672.html</a>
-     * for details.
-     */
-    private String allowableResourcesRoot = "WEB-INF";
-
-    /**
-     *
-     * @param request
-     * @param response
-     * @param chain
-     * @throws java.io.IOException
-     * @throws javax.servlet.ServletException
-     */
-    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
-        if (!(request instanceof HttpServletRequest)) {
-            chain.doFilter(request, response);
-            return;
-        }
-
-        try {
-            HttpServletRequest hrequest = (HttpServletRequest)request;
-            HttpServletResponse hresponse = (HttpServletResponse)response;
-
-            SecurityWrapperRequest secureRequest = new SecurityWrapperRequest(hrequest);
-            SecurityWrapperResponse secureResponse = new SecurityWrapperResponse(hresponse);
-
-            // Set the configuration on the wrapped request
-            secureRequest.setAllowableContentRoot(allowableResourcesRoot);
-
-            ESAPI.httpUtilities().setCurrentHTTP(secureRequest, secureResponse);
-
-            chain.doFilter(ESAPI.currentRequest(), ESAPI.currentResponse());
-        } catch (Exception e) {
-            logger.error( Logger.SECURITY_FAILURE, "Error in SecurityWrapper: " + e.getMessage(), e );
-            request.setAttribute("message", e.getMessage() );
-        } finally {
-            // VERY IMPORTANT
-            // clear out the ThreadLocal variables in the authenticator
-            // some containers could possibly reuse this thread without clearing the User
-            // Issue 70 - http://code.google.com/p/owasp-esapi-java/issues/detail?id=70
-            ESAPI.httpUtilities().clearCurrent();
-        }
-    }
-
-    /**
-     *
-     */
-    public void destroy() {
-		// no special action
-	}
-
-    /**
-     *
-     * @param filterConfig
-     * @throws javax.servlet.ServletException
-     */
-    public void init(FilterConfig filterConfig) throws ServletException {
-		this.allowableResourcesRoot = StringUtilities.replaceNull( filterConfig.getInitParameter( "allowableResourcesRoot" ), allowableResourcesRoot );
-	}
-	
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.filters;
+
+import java.io.IOException;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.StringUtilities;
+
+
+/**
+ * This filter wraps the incoming request and outgoing response and overrides
+ * many methods with safer versions. Many of the safer versions simply validate
+ * parts of the request or response for unwanted characters before allowing the
+ * call to complete. Some examples of attacks that use these
+ * vectors include request splitting, response splitting, and file download
+ * injection. Attackers use techniques like CRLF injection and null byte injection
+ * to confuse the parsing of requests and responses.
+ * <p/>
+ * <b>Example Configuration #1 (Default Configuration allows /WEB-INF):</b>
+ * <pre>
+ * &lt;filter&gt;
+ *    &lt;filter-name&gt;SecurityWrapperDefault&lt;/filter-name&gt;
+ *    &lt;filter-class&gt;org.owasp.filters.SecurityWrapper&lt;/filter-class&gt;
+ * &lt;/filter&gt;
+ * </pre>
+ * <p/>
+ * <b>Example Configuration #2 (Allows /servlet)</b>
+ * <pre>
+ * &lt;filter&gt;
+ *    &lt;filter-name&gt;SecurityWrapperForServlet&lt;/filter-name&gt;
+ *    &lt;filter-class&gt;org.owasp.filters.SecurityWrapper&lt;/filter-class&gt;
+ *    &lt;init-param&gt;
+ *       &lt;param-name&gt;allowableResourceRoot&lt;/param-name&gt;
+ *       &lt;param-value&gt;/servlet&lt;/param-value&gt;
+ *    &lt;/init-param&gt;
+ * &lt;/filter&gt;
+ * </pre>
+ *
+ * @author  Chris Schmidt (chrisisbeef@gmail.com)
+ */
+public class SecurityWrapper implements Filter {
+
+    private final Logger logger = ESAPI.getLogger("SecurityWrapper");
+
+    /**
+     * This is the root path of what resources this filter will allow a RequestDispatcher to be dispatched to. This
+     * defaults to WEB-INF as best practice dictates that dispatched requests should be done to resources that are
+     * not browsable and everything behind WEB-INF is protected by the container. However, it is possible and sometimes
+     * required to dispatch requests to places outside of the WEB-INF path (such as to another servlet).
+     *
+     * See <a href="http://code.google.com/p/owasp-esapi-java/issues/detail?id=70">http://code.google.com/p/owasp-esapi-java/issues/detail?id=70</a>
+     * and <a href="https://lists.owasp.org/pipermail/owasp-esapi/2009-December/001672.html">https://lists.owasp.org/pipermail/owasp-esapi/2009-December/001672.html</a>
+     * for details.
+     */
+    private String allowableResourcesRoot = "WEB-INF";
+
+    /**
+     *
+     * @param request
+     * @param response
+     * @param chain
+     * @throws java.io.IOException
+     * @throws javax.servlet.ServletException
+     */
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
+        if (!(request instanceof HttpServletRequest)) {
+            chain.doFilter(request, response);
+            return;
+        }
+
+        try {
+            HttpServletRequest hrequest = (HttpServletRequest)request;
+            HttpServletResponse hresponse = (HttpServletResponse)response;
+
+            SecurityWrapperRequest secureRequest = new SecurityWrapperRequest(hrequest);
+            SecurityWrapperResponse secureResponse = new SecurityWrapperResponse(hresponse);
+
+            // Set the configuration on the wrapped request
+            secureRequest.setAllowableContentRoot(allowableResourcesRoot);
+
+            ESAPI.httpUtilities().setCurrentHTTP(secureRequest, secureResponse);
+
+            chain.doFilter(ESAPI.currentRequest(), ESAPI.currentResponse());
+        } catch (Exception e) {
+            logger.error( Logger.SECURITY_FAILURE, "Error in SecurityWrapper: " + e.getMessage(), e );
+            request.setAttribute("message", e.getMessage() );
+        } finally {
+            // VERY IMPORTANT
+            // clear out the ThreadLocal variables in the authenticator
+            // some containers could possibly reuse this thread without clearing the User
+            // Issue 70 - http://code.google.com/p/owasp-esapi-java/issues/detail?id=70
+            ESAPI.httpUtilities().clearCurrent();
+        }
+    }
+
+    /**
+     *
+     */
+    public void destroy() {
+		// no special action
+	}
+
+    /**
+     *
+     * @param filterConfig
+     * @throws javax.servlet.ServletException
+     */
+    public void init(FilterConfig filterConfig) throws ServletException {
+		this.allowableResourcesRoot = StringUtilities.replaceNull( filterConfig.getInitParameter( "allowableResourcesRoot" ), allowableResourcesRoot );
+	}
+	
+}

From a2e44a9bffcee86bbb80e86801f98e9ab10a9016 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:48 -0500
Subject: [PATCH 130/812] Change CRLF to LF for issue 356.

---
 .../esapi/filters/SecurityWrapperRequest.java | 1692 ++++++++---------
 1 file changed, 846 insertions(+), 846 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/filters/SecurityWrapperRequest.java b/src/main/java/org/owasp/esapi/filters/SecurityWrapperRequest.java
index f9b3a7cf0..c267361c2 100644
--- a/src/main/java/org/owasp/esapi/filters/SecurityWrapperRequest.java
+++ b/src/main/java/org/owasp/esapi/filters/SecurityWrapperRequest.java
@@ -1,846 +1,846 @@
-/**
- * OWASP Enterprise Security API (ESAPI) This file is part of the Open Web
- * Application Security Project (OWASP) Enterprise Security API (ESAPI) project.
- * For details, please see <a
- * href="http://www.owasp.org/index.php/ESAPI">http://
- * www.owasp.org/index.php/ESAPI</a>. Copyright (c) 2007 - The OWASP Foundation
- * The ESAPI is published by OWASP under the BSD license. You should read and
- * accept the LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect
- *         Security</a>
- * @created 2007
- */
-package org.owasp.esapi.filters;
-
-import java.io.BufferedReader;
-import java.io.IOException;
-import java.io.UnsupportedEncodingException;
-import java.security.Principal;
-import java.util.ArrayList;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Locale;
-import java.util.Map;
-import java.util.Vector;
-
-import javax.servlet.RequestDispatcher;
-import javax.servlet.ServletInputStream;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletRequestWrapper;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.Logger;
-import org.owasp.esapi.errors.ValidationException;
-import org.owasp.esapi.errors.AccessControlException;
-
-// TODO: Parameterize these various lengths in calls to ESAPI.validator().getValidInput()
-// so that they can be placed in ESAPI.properties file (or other property file,
-// such as Validator.properties) rather than being hard-coded. This is desirable
-// because many of the values are well less than the commonly accepted maximum
-// values.
-
-/**
- * This request wrapper simply overrides unsafe methods in the
- * HttpServletRequest API with safe versions that return canonicalized data
- * where possible. The wrapper returns a safe value when a validation error is
- * detected, including stripped or empty strings.
- */
-public class SecurityWrapperRequest extends HttpServletRequestWrapper implements HttpServletRequest {
-
-    private final Logger logger = ESAPI.getLogger("SecurityWrapperRequest");
-
-    private String allowableContentRoot = "WEB-INF";
-
-    /** 
-     * Construct a safe request that overrides the default request methods with
-     * safer versions.
-     * 
-     * @param request The {@code HttpServletRequest} we are wrapping.
-     */
-    public SecurityWrapperRequest(HttpServletRequest request) {
-    	super( request );
-    }
-
-    private HttpServletRequest getHttpServletRequest() {
-    	return (HttpServletRequest)super.getRequest();
-    }
-    
-    /**
-     * Same as HttpServletRequest, no security changes required.
-     * @param name The attribute name
-     * @return The attribute value
-     */
-    public Object getAttribute(String name) {
-        return getHttpServletRequest().getAttribute(name);
-    }
-
-    /**
-     * Same as HttpServletRequest, no security changes required.
-     * @return An {@code Enumeration} of attribute names.
-     */
-    public Enumeration getAttributeNames() {
-        return getHttpServletRequest().getAttributeNames();
-    }
-
-    /**
-     * Same as HttpServletRequest, no security changes required.
-     * @return The authentication type
-     */
-    public String getAuthType() {
-        return getHttpServletRequest().getAuthType();
-    }
-
-    /**
-     * Same as HttpServletRequest, no security changes required.
-     * @return  The character-encoding for this {@code HttpServletRequest}
-     */
-    public String getCharacterEncoding() {
-        return getHttpServletRequest().getCharacterEncoding();
-    }
-
-    /**
-     * Same as HttpServletRequest, no security changes required.
-     * @return The content-length for this {@code HttpServletRequest}
-     */
-    public int getContentLength() {
-        return getHttpServletRequest().getContentLength();
-    }
-
-    /**
-     * Same as HttpServletRequest, no security changes required.
-     * @return The content-type for this {@code HttpServletRequest}
-     */
-    public String getContentType() {
-        return getHttpServletRequest().getContentType();
-    }
-
-    /**
-     * Returns the context path from the HttpServletRequest after canonicalizing
-     * and filtering out any dangerous characters.
-     * @return The context path for this {@code HttpServletRequest}
-     */
-    public String getContextPath() {
-        String path = getHttpServletRequest().getContextPath();
-
-		//Return empty String for the ROOT context
-		if (path == null || "".equals(path.trim())) return "";
-
-        String clean = "";
-        try {
-            clean = ESAPI.validator().getValidInput("HTTP context path: " + path, path, "HTTPContextPath", 150, false);
-        } catch (ValidationException e) {
-            // already logged
-        }
-        return clean;
-    }
-
-    /**
-     * Returns the array of Cookies from the HttpServletRequest after
-     * canonicalizing and filtering out any dangerous characters.
-     * @return An array of {@code Cookie}s for this {@code HttpServletRequest}
-     */
-    public Cookie[] getCookies() {
-        Cookie[] cookies = getHttpServletRequest().getCookies();
-        if (cookies == null) return new Cookie[0];
-        
-        List<Cookie> newCookies = new ArrayList<Cookie>();
-        for (Cookie c : cookies) {
-            // build a new clean cookie
-            try {
-                // get data from original cookie
-                String name = ESAPI.validator().getValidInput("Cookie name: " + c.getName(), c.getName(), "HTTPCookieName", 150, true);
-                String value = ESAPI.validator().getValidInput("Cookie value: " + c.getValue(), c.getValue(), "HTTPCookieValue", 1000, true);
-                int maxAge = c.getMaxAge();
-                String domain = c.getDomain();
-                String path = c.getPath();
-				
-                Cookie n = new Cookie(name, value);
-                n.setMaxAge(maxAge);
-
-                if (domain != null) {
-                    // kww TODO: HTTPHeaderValue seems way too liberal of a regex for cookie domain
-                    // as it allows invalid characters for a domain name. Maybe create a new custom
-                    // HTTPCookieDomain regex???
-                    n.setDomain(ESAPI.validator().getValidInput("Cookie domain: " + domain, domain, "HTTPHeaderValue", 200, false));
-                }
-                if (path != null) {
-                    // kww TODO: OPEN ISSUE: Would not HTTPServletPath make more sense here???
-                    n.setPath(ESAPI.validator().getValidInput("Cookie path: " + path, path, "HTTPHeaderValue", 200, false));
-                }
-                newCookies.add(n);
-            } catch (ValidationException e) {
-                logger.warning(Logger.SECURITY_FAILURE, "Skipping bad cookie: " + c.getName() + "=" + c.getValue(), e );
-            }
-        }
-        return newCookies.toArray(new Cookie[newCookies.size()]);
-    }
-
-    /**
-     * Same as HttpServletRequest, no security changes required.
-     * @param name Specifies the name of the HTTP request header; e.g.,
-     *             {@code If-Modified-Since}.
-     * @return a long value representing the date specified in the header
-     * expressed as the number of milliseconds since {@code January 1, 1970 GMT},
-     * or {@code -1} if the named header was not included with the request.
-     */
-    public long getDateHeader(String name) {
-        return getHttpServletRequest().getDateHeader(name);
-    }
-
-    /**
-     * Returns the named header from the HttpServletRequest after canonicalizing
-     * and filtering out any dangerous characters.
-     * @param name The name of an HTTP request header
-     * @return The specified header value is returned.
-     */
-    public String getHeader(String name) {
-        String value = getHttpServletRequest().getHeader(name);
-        String clean = "";
-        try {
-            clean = ESAPI.validator().getValidInput("HTTP header value: " + value, value, "HTTPHeaderValue", 200, true);
-        } catch (ValidationException e) {
-            // already logged
-        }
-        return clean;
-    }
-
-    /**
-     * Returns the enumeration of header names from the HttpServletRequest after
-     * canonicalizing and filtering out any dangerous characters.
-     * @return An {@code Enumeration} of header names associated with this request.
-     */
-    public Enumeration getHeaderNames() {
-        Vector<String> v = new Vector<String>();
-        Enumeration en = getHttpServletRequest().getHeaderNames();
-        while (en.hasMoreElements()) {
-            try {
-                String name = (String) en.nextElement();
-                String clean = ESAPI.validator().getValidInput("HTTP header name: " + name, name, "HTTPHeaderName", 150, true);
-                v.add(clean);
-            } catch (ValidationException e) {
-                // already logged
-            }
-        }
-        return v.elements();
-    }
-
-    /**
-     * Returns the enumeration of headers from the HttpServletRequest after
-     * canonicalizing and filtering out any dangerous characters.
-     * @param name The name of an HTTP request header.
-     * @return An {@code Enumeration} of headers from the request after
-     *         canonicalizing and filtering has been performed.
-     */
-    public Enumeration getHeaders(String name) {
-        Vector<String> v = new Vector<String>();
-        Enumeration en = getHttpServletRequest().getHeaders(name);
-        while (en.hasMoreElements()) {
-            try {
-                String value = (String) en.nextElement();
-                String clean = ESAPI.validator().getValidInput("HTTP header value (" + name + "): " + value, value, "HTTPHeaderValue", 200, true);
-                v.add(clean);
-            } catch (ValidationException e) {
-                // already logged
-            }
-        }
-        return v.elements();
-    }
-
-    /**
-     * Same as HttpServletRequest, no security changes required. Note that this
-     * input stream may contain attacks and the developer is responsible for
-     * canonicalizing, validating, and encoding any data from this stream.
-     * @return The {@code ServletInputStream} associated with this
-     *         {@code HttpServletRequest}.
-     * @throws IOException Thrown if an input exception is thrown, such as the
-     *         remote peer closing the connection.
-     */
-    public ServletInputStream getInputStream() throws IOException {
-        return getHttpServletRequest().getInputStream();
-    }
-
-    /**
-     * Same as HttpServletRequest, no security changes required.
-     * @param name The name of an HTTP request header.
-     * @return Returns the value of the specified request header as an {@code int}.
-     */
-    public int getIntHeader(String name) {
-        return getHttpServletRequest().getIntHeader(name);
-    }
-
-    /**
-     * Same as HttpServletRequest, no security changes required.
-     * @return A {@code String} containing the IP address on which the
-     *         request was received.
-     */
-    public String getLocalAddr() {
-        return getHttpServletRequest().getLocalAddr();
-    }
-
-    /**
-     * Same as HttpServletRequest, no security changes required.
-     * @return The preferred {@code Locale} for the client.
-     */
-    public Locale getLocale() {
-        return getHttpServletRequest().getLocale();
-    }
-
-    /**
-     * Same as HttpServletRequest, no security changes required.
-     * @return An {@code Enumeration} of preferred {@code Locale}
-     *         objects for the client.
-     */
-    public Enumeration getLocales() {
-        return getHttpServletRequest().getLocales();
-    }
-
-    /**
-     * Same as HttpServletRequest, no security changes required.
-     * @return A {@code String} containing the host name of the IP on which
-     *         the request was received.
-     */
-    public String getLocalName() {
-        return getHttpServletRequest().getLocalName();
-    }
-
-    /**
-     * Same as HttpServletRequest, no security changes required.
-     * @return Returns the Internet Protocol (IP) port number of the interface
-     *         on which the request was received.
-     */
-    public int getLocalPort() {
-        return getHttpServletRequest().getLocalPort();
-    }
-
-    /**
-     * Same as HttpServletRequest, no security changes required.
-     * @return Returns the name of the HTTP method with which this request was made.
-     */
-    public String getMethod() {
-        return getHttpServletRequest().getMethod();
-    }
-
-    /**
-     * Returns the named parameter from the HttpServletRequest after
-     * canonicalizing and filtering out any dangerous characters.
-     * @param name The parameter name for the request
-     * @return The "scrubbed" parameter value.
-     */
-    public String getParameter(String name) {
-        return getParameter(name, true);
-    }
-
-    /**
-     * Returns the named parameter from the HttpServletRequest after
-     * canonicalizing and filtering out any dangerous characters.
-     * @param name The parameter name for the request
-     * @param allowNull Whether null values are allowed
-     * @return The "scrubbed" parameter value.
-     */
-    public String getParameter(String name, boolean allowNull) {
-        return getParameter(name, allowNull, 2000, "HTTPParameterValue");
-    }
-
-    /**
-     * Returns the named parameter from the HttpServletRequest after
-     * canonicalizing and filtering out any dangerous characters.
-     * @param name The parameter name for the request
-     * @param allowNull Whether null values are allowed
-     * @param maxLength The maximum length allowed
-     * @return The "scrubbed" parameter value.
-     */
-    public String getParameter(String name, boolean allowNull, int maxLength) {
-        return getParameter(name,allowNull,maxLength,"HTTPParameterValue");
-    }
-
-    /**
-     * Returns the named parameter from the HttpServletRequest after
-     * canonicalizing and filtering out any dangerous characters.
-     * @param name The parameter name for the request
-     * @param allowNull Whether null values are allowed
-     * @param maxLength The maximum length allowed
-     * @param regexName The name of the regex mapped from ESAPI.properties
-     * @return The "scrubbed" parameter value.
-     */
-    public String getParameter(String name, boolean allowNull, int maxLength, String regexName) {
-        String orig = getHttpServletRequest().getParameter(name);
-        String clean = null;
-        try {
-            clean = ESAPI.validator().getValidInput("HTTP parameter name: " + name, orig, regexName, maxLength, allowNull);
-        } catch (ValidationException e) {
-            // already logged
-        }
-        return clean;
-    }
-
-    /**
-     * Returns the parameter map from the HttpServletRequest after
-     * canonicalizing and filtering out any dangerous characters.
-     * @return A {@code Map} containing scrubbed parameter names / value pairs.
-     */
-    public Map getParameterMap() {
-        @SuppressWarnings({"unchecked"})
-        Map<String,String[]> map = getHttpServletRequest().getParameterMap();
-        Map<String,String[]> cleanMap = new HashMap<String,String[]>();
-        for (Object o : map.entrySet()) {
-            try {
-                Map.Entry e = (Map.Entry) o;
-                String name = (String) e.getKey();
-                String cleanName = ESAPI.validator().getValidInput("HTTP parameter name: " + name, name, "HTTPParameterName", 100, true);
-
-                String[] value = (String[]) e.getValue();
-                String[] cleanValues = new String[value.length];
-                for (int j = 0; j < value.length; j++) {
-                    String cleanValue = ESAPI.validator().getValidInput("HTTP parameter value: " + value[j], value[j], "HTTPParameterValue", 2000, true);
-                    cleanValues[j] = cleanValue;
-                }
-                cleanMap.put(cleanName, cleanValues);
-            } catch (ValidationException e) {
-                // already logged
-            }
-        }
-        return cleanMap;
-    }
-
-    /**
-     * Returns the enumeration of parameter names from the HttpServletRequest
-     * after canonicalizing and filtering out any dangerous characters.
-     * @return An {@code Enumeration} of properly "scrubbed" parameter names.
-     */
-    public Enumeration getParameterNames() {
-        Vector<String> v = new Vector<String>();
-        Enumeration en = getHttpServletRequest().getParameterNames();
-        while (en.hasMoreElements()) {
-            try {
-                String name = (String) en.nextElement();
-                String clean = ESAPI.validator().getValidInput("HTTP parameter name: " + name, name, "HTTPParameterName", 150, true);
-                v.add(clean);
-            } catch (ValidationException e) {
-                // already logged
-            }
-        }
-        return v.elements();
-    }
-
-    /**
-     * Returns the array of matching parameter values from the
-     * HttpServletRequest after canonicalizing and filtering out any dangerous
-     * characters.
-     * @param name The parameter name
-     * @return An array of matching "scrubbed" parameter values or
-     * <code>null</code> if the parameter does not exist.
-     */
-    public String[] getParameterValues(String name) {
-        String[] values = getHttpServletRequest().getParameterValues(name);
-        List<String> newValues;
-
-	if(values == null)
-		return null;
-        newValues = new ArrayList<String>();
-        for (String value : values) {
-            try {
-                String cleanValue = ESAPI.validator().getValidInput("HTTP parameter value: " + value, value, "HTTPParameterValue", 2000, true);
-                newValues.add(cleanValue);
-            } catch (ValidationException e) {
-                logger.warning(Logger.SECURITY_FAILURE, "Skipping bad parameter");
-            }
-        }
-        return newValues.toArray(new String[newValues.size()]);
-    }
-
-    /**
-     * Returns the path info from the HttpServletRequest after canonicalizing
-     * and filtering out any dangerous characters.
-     * @return Returns any extra path information, appropriately scrubbed,
-     *         associated with the URL the client sent when it made this request.
-     */
-    public String getPathInfo() {
-        String path = getHttpServletRequest().getPathInfo();
-		if (path == null) return null;
-        String clean = "";
-        try {
-            clean = ESAPI.validator().getValidInput("HTTP path: " + path, path, "HTTPPath", 150, true);
-        } catch (ValidationException e) {
-            // already logged
-        }
-        return clean;
-    }
-
-    /**
-     * Same as HttpServletRequest, no security changes required.
-     * @return Returns any extra path information, appropriate scrubbed,
-     *         after the servlet name but before the query string, and
-     *         translates it to a real path.
-     */
-    public String getPathTranslated() {
-        return getHttpServletRequest().getPathTranslated();
-    }
-
-    /**
-     * Same as HttpServletRequest, no security changes required.
-     * @return Returns the name and version of the protocol the request uses in
-     *       the form protocol/majorVersion.minorVersion, for example, HTTP/1.1.
-     */
-    public String getProtocol() {
-        return getHttpServletRequest().getProtocol();
-    }
-
-    /**
-     * Returns the query string from the HttpServletRequest after canonicalizing
-     * and filtering out any dangerous characters.
-     * @return The scrubbed query string is returned.
-     */
-    public String getQueryString() {
-        String query = getHttpServletRequest().getQueryString();
-        String clean = "";
-        try {
-            clean = ESAPI.validator().getValidInput("HTTP query string: " + query, query, "HTTPQueryString", 2000, true);
-        } catch (ValidationException e) {
-            // already logged
-        }
-        return clean;
-    }
-
-    /**
-     * Same as HttpServletRequest, no security changes required. Note that this
-     * reader may contain attacks and the developer is responsible for
-     * canonicalizing, validating, and encoding any data from this stream.
-     * @return aA {@code BufferedReader} containing the body of the request. 
-     * @throws IOException If an input error occurred while reading the request
-     *                     body (e.g., premature EOF).
-     */
-    public BufferedReader getReader() throws IOException {
-        return getHttpServletRequest().getReader();
-    }
-
-    // CHECKME: Should this be deprecated since ServletRequest.getRealPath(String)
-    //          is deprecated? Should use ServletContext.getRealPath(String) instead.
-    /**
-     * Same as HttpServletRequest, no security changes required.
-     * @param path A virtual path on a web or application server; e.g., "/index.htm".
-     * @return Returns a String containing the real path for a given virtual path.
-     * @deprecated in servlet spec 2.1. Use {@link javax.servlet.ServletContext#getRealPath(String)} instead.
-     */
-    @SuppressWarnings({"deprecation"})
-    @Deprecated
-    public String getRealPath(String path) {
-        return getHttpServletRequest().getRealPath(path);
-    }
-
-    /**
-     * Same as HttpServletRequest, no security changes required.
-     * @return Returns the IP address of the client or last proxy that sent the request.
-     */
-    public String getRemoteAddr() {
-        return getHttpServletRequest().getRemoteAddr();
-    }
-
-    /**
-     * Same as HttpServletRequest, no security changes required.
-     * @return The remote host
-     */
-    public String getRemoteHost() {
-        return getHttpServletRequest().getRemoteHost();
-    }
-
-    /**
-     * Same as HttpServletRequest, no security changes required.
-     * @return The remote port
-     */
-    public int getRemotePort() {
-        return getHttpServletRequest().getRemotePort();
-    }
-
-    /**
-     * Returns the name of the ESAPI user associated with this getHttpServletRequest().
-     * @return Returns the fully qualified name of the client or the last proxy
-     *         that sent the request
-     */
-    public String getRemoteUser() {
-        return ESAPI.authenticator().getCurrentUser().getAccountName();
-    }
-
-    /**
-     * Checks to make sure the path to forward to is within the WEB-INF
-     * directory and then returns the dispatcher. Otherwise returns null.
-     * @param path The path to create a request dispatcher for
-     * @return A {@code RequestDispatcher} object that acts as a wrapper for the
-     *         resource at the specified path, or null if the servlet container
-     *         cannot return a {@code RequestDispatcher}.
-     */
-    public RequestDispatcher getRequestDispatcher(String path) {
-        if (path.startsWith(allowableContentRoot)) {
-            return getHttpServletRequest().getRequestDispatcher(path);
-        }
-        return null;
-    }
-
-    /**
-     * Returns the URI from the HttpServletRequest after canonicalizing and
-     * filtering out any dangerous characters. Code must be very careful not to
-     * depend on the value of a requested session id reported by the user.
-     * @return The requested Session ID
-     */
-    public String getRequestedSessionId() {
-        String id = getHttpServletRequest().getRequestedSessionId();
-        String clean = "";
-        try {
-            clean = ESAPI.validator().getValidInput("Requested cookie: " + id, id, "HTTPJSESSIONID", 50, false);
-        } catch (ValidationException e) {
-            // already logged
-        }
-        return clean;
-    }
-
-    /**
-     * Returns the URI from the HttpServletRequest after canonicalizing and
-     * filtering out any dangerous characters.
-     * @return The current request URI
-     */
-    public String getRequestURI() {
-        String uri = getHttpServletRequest().getRequestURI();
-        String clean = "";
-        try {
-            clean = ESAPI.validator().getValidInput("HTTP URI: " + uri, uri, "HTTPURI", 2000, false);
-        } catch (ValidationException e) {
-            // already logged
-        }
-        return clean;
-    }
-
-    /**
-     * Returns the URL from the HttpServletRequest after canonicalizing and
-     * filtering out any dangerous characters.
-     * @return The currect request URL
-     */
-    public StringBuffer getRequestURL() {
-        String url = getHttpServletRequest().getRequestURL().toString();
-        String clean = "";
-        try {
-            clean = ESAPI.validator().getValidInput("HTTP URL: " + url, url, "HTTPURL", 2000, false);
-        } catch (ValidationException e) {
-            // already logged
-        }
-        return new StringBuffer(clean);
-    }
-
-    /**
-     * Returns the scheme from the HttpServletRequest after canonicalizing and
-     * filtering out any dangerous characters.
-     * @return The scheme of the current request
-     */
-    public String getScheme() {
-        String scheme = getHttpServletRequest().getScheme();
-        String clean = "";
-        try {
-            clean = ESAPI.validator().getValidInput("HTTP scheme: " + scheme, scheme, "HTTPScheme", 10, false);
-        } catch (ValidationException e) {
-            // already logged
-        }
-        return clean;
-    }
-
-    /**
-     * Returns the server name (host header) from the HttpServletRequest after
-     * canonicalizing and filtering out any dangerous characters.
-     * @return The local server name
-     */
-    public String getServerName() {
-        String name = getHttpServletRequest().getServerName();
-        String clean = "";
-        try {
-            clean = ESAPI.validator().getValidInput("HTTP server name: " + name, name, "HTTPServerName", 100, false);
-        } catch (ValidationException e) {
-            // already logged
-        }
-        return clean;
-    }
-
-    /**
-     * Returns the server port (after the : in the host header) from the
-     * HttpServletRequest after parsing and checking the range 0-65536.
-     * @return The local server port
-     */
-	public int getServerPort() {
-		int port = getHttpServletRequest().getServerPort();
-		if ( port < 0 || port > 0xFFFF ) {
-			logger.warning( Logger.SECURITY_FAILURE, "HTTP server port out of range: " + port );
-			port = 0;
-		}
-		return port;
-	}
- 	
-
-    /**
-     * Returns the server path from the HttpServletRequest after canonicalizing
-     * and filtering out any dangerous characters.
-     * @return The servlet path
-     */
-    public String getServletPath() {
-        String path = getHttpServletRequest().getServletPath();
-        String clean = "";
-        try {
-            clean = ESAPI.validator().getValidInput("HTTP servlet path: " + path, path, "HTTPServletPath", 100, false);
-        } catch (ValidationException e) {
-            // already logged
-        }
-        return clean;
-    }
-
-    /**
-     * Returns a session, creating it if necessary, and sets the HttpOnly flag
-     * on the Session ID cookie.
-     * @return The current session
-     */
-    public HttpSession getSession() {
-		HttpSession session = getHttpServletRequest().getSession();
-
-		// send a new cookie header with HttpOnly on first and second responses
-	    if (ESAPI.securityConfiguration().getForceHttpOnlySession()) {
-	        if (session.getAttribute("HTTP_ONLY") == null) {
-				session.setAttribute("HTTP_ONLY", "set");
-				Cookie cookie = new Cookie(ESAPI.securityConfiguration().getHttpSessionIdName(), session.getId());
-				cookie.setPath( getHttpServletRequest().getContextPath() );
-				cookie.setMaxAge(-1); // session cookie
-	            HttpServletResponse response = ESAPI.currentResponse();
-	            if (response != null) {
-	                ESAPI.currentResponse().addCookie(cookie);
-	            }
-	        }
-	    }
-        return session;
-    }
-
-    /**
-     * Returns a session, creating it if necessary, and sets the HttpOnly flag
-     * on the Session ID cookie.
-     * @param create Create a new session if one doesn't exist
-     * @return The current session
-     */
-    public HttpSession getSession(boolean create) {
-        HttpSession session = getHttpServletRequest().getSession(create);
-        if (session == null) {
-            return null;
-        }
-
-        // send a new cookie header with HttpOnly on first and second responses
-        if (ESAPI.securityConfiguration().getForceHttpOnlySession()) {
-	        if (session.getAttribute("HTTP_ONLY") == null) {
-	            session.setAttribute("HTTP_ONLY", "set");
-	            Cookie cookie = new Cookie(ESAPI.securityConfiguration().getHttpSessionIdName(), session.getId());
-	            cookie.setMaxAge(-1); // session cookie
-	            cookie.setPath( getHttpServletRequest().getContextPath() );
-	            HttpServletResponse response = ESAPI.currentResponse();
-	            if (response != null) {
-	                ESAPI.currentResponse().addCookie(cookie);
-	            }
-	        }
-        }
-        return session;
-    }
-
-    /**
-     * Returns the ESAPI User associated with this getHttpServletRequest().
-     * @return The ESAPI User
-     */
-    public Principal getUserPrincipal() {
-        return ESAPI.authenticator().getCurrentUser();
-    }
-
-    /**
-     * Same as HttpServletRequest, no security changes required.
-     * @return if requested session id is from a cookie
-     */
-    public boolean isRequestedSessionIdFromCookie() {
-        return getHttpServletRequest().isRequestedSessionIdFromCookie();
-    }
-
-    /**
-     * Same as HttpServletRequest, no security changes required.
-     * @return Whether the requested session id is from the URL
-     * @deprecated in servlet spec 2.1. Use {@link #isRequestedSessionIdFromURL()} instead.
-     */
-    @SuppressWarnings({"deprecation"})
-    @Deprecated
-    public boolean isRequestedSessionIdFromUrl() {
-        return getHttpServletRequest().isRequestedSessionIdFromUrl();
-    }
-
-    /**
-     * Same as HttpServletRequest, no security changes required.
-     * @return Whether the requested session id is from the URL
-     */
-    public boolean isRequestedSessionIdFromURL() {
-        return getHttpServletRequest().isRequestedSessionIdFromURL();
-    }
-
-    /**
-     * Same as HttpServletRequest, no security changes required.
-     * @return Whether the requested session id is valid
-     */
-    public boolean isRequestedSessionIdValid() {
-        return getHttpServletRequest().isRequestedSessionIdValid();
-    }
-
-    /**
-     * Same as HttpServletRequest, no security changes required.
-     * @return Whether the current request is secure
-     */
-    public boolean isSecure() {
-        try {
-            ESAPI.httpUtilities().assertSecureChannel();
-        } catch (AccessControlException e) {
-            return false;
-        }
-        return true;
-    }
-
-    /**
-     * Returns true if the ESAPI User associated with this request has the
-     * specified role.
-     * @param role The role to check
-     * @return Whether the current user is in the passed role
-     */
-    public boolean isUserInRole(String role) {
-        return ESAPI.authenticator().getCurrentUser().isInRole(role);
-    }
-
-    /**
-     * Same as HttpServletRequest, no security changes required.
-     * @param name The attribute name
-     */
-    public void removeAttribute(String name) {
-        getHttpServletRequest().removeAttribute(name);
-    }
-
-    /**
-     * Same as HttpServletRequest, no security changes required.
-     * @param name The attribute name
-     * @param o The attribute value
-     */
-    public void setAttribute(String name, Object o) {
-        getHttpServletRequest().setAttribute(name, o);
-    }
-
-    /**
-     * Sets the character encoding scheme to the ESAPI configured encoding scheme.
-     * @param enc The encoding scheme
-     * @throws UnsupportedEncodingException
-     */
-    public void setCharacterEncoding(String enc) throws UnsupportedEncodingException {
-        getHttpServletRequest().setCharacterEncoding(ESAPI.securityConfiguration().getCharacterEncoding());
-    }
-
-    public String getAllowableContentRoot() {
-        return allowableContentRoot;
-    }
-
-    public void setAllowableContentRoot(String allowableContentRoot) {
-        this.allowableContentRoot = allowableContentRoot.startsWith( "/" ) ? allowableContentRoot : "/" + allowableContentRoot;
-    }
-}
+/**
+ * OWASP Enterprise Security API (ESAPI) This file is part of the Open Web
+ * Application Security Project (OWASP) Enterprise Security API (ESAPI) project.
+ * For details, please see <a
+ * href="http://www.owasp.org/index.php/ESAPI">http://
+ * www.owasp.org/index.php/ESAPI</a>. Copyright (c) 2007 - The OWASP Foundation
+ * The ESAPI is published by OWASP under the BSD license. You should read and
+ * accept the LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect
+ *         Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.filters;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Locale;
+import java.util.Map;
+import java.util.Vector;
+
+import javax.servlet.RequestDispatcher;
+import javax.servlet.ServletInputStream;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletRequestWrapper;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.errors.ValidationException;
+import org.owasp.esapi.errors.AccessControlException;
+
+// TODO: Parameterize these various lengths in calls to ESAPI.validator().getValidInput()
+// so that they can be placed in ESAPI.properties file (or other property file,
+// such as Validator.properties) rather than being hard-coded. This is desirable
+// because many of the values are well less than the commonly accepted maximum
+// values.
+
+/**
+ * This request wrapper simply overrides unsafe methods in the
+ * HttpServletRequest API with safe versions that return canonicalized data
+ * where possible. The wrapper returns a safe value when a validation error is
+ * detected, including stripped or empty strings.
+ */
+public class SecurityWrapperRequest extends HttpServletRequestWrapper implements HttpServletRequest {
+
+    private final Logger logger = ESAPI.getLogger("SecurityWrapperRequest");
+
+    private String allowableContentRoot = "WEB-INF";
+
+    /** 
+     * Construct a safe request that overrides the default request methods with
+     * safer versions.
+     * 
+     * @param request The {@code HttpServletRequest} we are wrapping.
+     */
+    public SecurityWrapperRequest(HttpServletRequest request) {
+    	super( request );
+    }
+
+    private HttpServletRequest getHttpServletRequest() {
+    	return (HttpServletRequest)super.getRequest();
+    }
+    
+    /**
+     * Same as HttpServletRequest, no security changes required.
+     * @param name The attribute name
+     * @return The attribute value
+     */
+    public Object getAttribute(String name) {
+        return getHttpServletRequest().getAttribute(name);
+    }
+
+    /**
+     * Same as HttpServletRequest, no security changes required.
+     * @return An {@code Enumeration} of attribute names.
+     */
+    public Enumeration getAttributeNames() {
+        return getHttpServletRequest().getAttributeNames();
+    }
+
+    /**
+     * Same as HttpServletRequest, no security changes required.
+     * @return The authentication type
+     */
+    public String getAuthType() {
+        return getHttpServletRequest().getAuthType();
+    }
+
+    /**
+     * Same as HttpServletRequest, no security changes required.
+     * @return  The character-encoding for this {@code HttpServletRequest}
+     */
+    public String getCharacterEncoding() {
+        return getHttpServletRequest().getCharacterEncoding();
+    }
+
+    /**
+     * Same as HttpServletRequest, no security changes required.
+     * @return The content-length for this {@code HttpServletRequest}
+     */
+    public int getContentLength() {
+        return getHttpServletRequest().getContentLength();
+    }
+
+    /**
+     * Same as HttpServletRequest, no security changes required.
+     * @return The content-type for this {@code HttpServletRequest}
+     */
+    public String getContentType() {
+        return getHttpServletRequest().getContentType();
+    }
+
+    /**
+     * Returns the context path from the HttpServletRequest after canonicalizing
+     * and filtering out any dangerous characters.
+     * @return The context path for this {@code HttpServletRequest}
+     */
+    public String getContextPath() {
+        String path = getHttpServletRequest().getContextPath();
+
+		//Return empty String for the ROOT context
+		if (path == null || "".equals(path.trim())) return "";
+
+        String clean = "";
+        try {
+            clean = ESAPI.validator().getValidInput("HTTP context path: " + path, path, "HTTPContextPath", 150, false);
+        } catch (ValidationException e) {
+            // already logged
+        }
+        return clean;
+    }
+
+    /**
+     * Returns the array of Cookies from the HttpServletRequest after
+     * canonicalizing and filtering out any dangerous characters.
+     * @return An array of {@code Cookie}s for this {@code HttpServletRequest}
+     */
+    public Cookie[] getCookies() {
+        Cookie[] cookies = getHttpServletRequest().getCookies();
+        if (cookies == null) return new Cookie[0];
+        
+        List<Cookie> newCookies = new ArrayList<Cookie>();
+        for (Cookie c : cookies) {
+            // build a new clean cookie
+            try {
+                // get data from original cookie
+                String name = ESAPI.validator().getValidInput("Cookie name: " + c.getName(), c.getName(), "HTTPCookieName", 150, true);
+                String value = ESAPI.validator().getValidInput("Cookie value: " + c.getValue(), c.getValue(), "HTTPCookieValue", 1000, true);
+                int maxAge = c.getMaxAge();
+                String domain = c.getDomain();
+                String path = c.getPath();
+				
+                Cookie n = new Cookie(name, value);
+                n.setMaxAge(maxAge);
+
+                if (domain != null) {
+                    // kww TODO: HTTPHeaderValue seems way too liberal of a regex for cookie domain
+                    // as it allows invalid characters for a domain name. Maybe create a new custom
+                    // HTTPCookieDomain regex???
+                    n.setDomain(ESAPI.validator().getValidInput("Cookie domain: " + domain, domain, "HTTPHeaderValue", 200, false));
+                }
+                if (path != null) {
+                    // kww TODO: OPEN ISSUE: Would not HTTPServletPath make more sense here???
+                    n.setPath(ESAPI.validator().getValidInput("Cookie path: " + path, path, "HTTPHeaderValue", 200, false));
+                }
+                newCookies.add(n);
+            } catch (ValidationException e) {
+                logger.warning(Logger.SECURITY_FAILURE, "Skipping bad cookie: " + c.getName() + "=" + c.getValue(), e );
+            }
+        }
+        return newCookies.toArray(new Cookie[newCookies.size()]);
+    }
+
+    /**
+     * Same as HttpServletRequest, no security changes required.
+     * @param name Specifies the name of the HTTP request header; e.g.,
+     *             {@code If-Modified-Since}.
+     * @return a long value representing the date specified in the header
+     * expressed as the number of milliseconds since {@code January 1, 1970 GMT},
+     * or {@code -1} if the named header was not included with the request.
+     */
+    public long getDateHeader(String name) {
+        return getHttpServletRequest().getDateHeader(name);
+    }
+
+    /**
+     * Returns the named header from the HttpServletRequest after canonicalizing
+     * and filtering out any dangerous characters.
+     * @param name The name of an HTTP request header
+     * @return The specified header value is returned.
+     */
+    public String getHeader(String name) {
+        String value = getHttpServletRequest().getHeader(name);
+        String clean = "";
+        try {
+            clean = ESAPI.validator().getValidInput("HTTP header value: " + value, value, "HTTPHeaderValue", 200, true);
+        } catch (ValidationException e) {
+            // already logged
+        }
+        return clean;
+    }
+
+    /**
+     * Returns the enumeration of header names from the HttpServletRequest after
+     * canonicalizing and filtering out any dangerous characters.
+     * @return An {@code Enumeration} of header names associated with this request.
+     */
+    public Enumeration getHeaderNames() {
+        Vector<String> v = new Vector<String>();
+        Enumeration en = getHttpServletRequest().getHeaderNames();
+        while (en.hasMoreElements()) {
+            try {
+                String name = (String) en.nextElement();
+                String clean = ESAPI.validator().getValidInput("HTTP header name: " + name, name, "HTTPHeaderName", 150, true);
+                v.add(clean);
+            } catch (ValidationException e) {
+                // already logged
+            }
+        }
+        return v.elements();
+    }
+
+    /**
+     * Returns the enumeration of headers from the HttpServletRequest after
+     * canonicalizing and filtering out any dangerous characters.
+     * @param name The name of an HTTP request header.
+     * @return An {@code Enumeration} of headers from the request after
+     *         canonicalizing and filtering has been performed.
+     */
+    public Enumeration getHeaders(String name) {
+        Vector<String> v = new Vector<String>();
+        Enumeration en = getHttpServletRequest().getHeaders(name);
+        while (en.hasMoreElements()) {
+            try {
+                String value = (String) en.nextElement();
+                String clean = ESAPI.validator().getValidInput("HTTP header value (" + name + "): " + value, value, "HTTPHeaderValue", 200, true);
+                v.add(clean);
+            } catch (ValidationException e) {
+                // already logged
+            }
+        }
+        return v.elements();
+    }
+
+    /**
+     * Same as HttpServletRequest, no security changes required. Note that this
+     * input stream may contain attacks and the developer is responsible for
+     * canonicalizing, validating, and encoding any data from this stream.
+     * @return The {@code ServletInputStream} associated with this
+     *         {@code HttpServletRequest}.
+     * @throws IOException Thrown if an input exception is thrown, such as the
+     *         remote peer closing the connection.
+     */
+    public ServletInputStream getInputStream() throws IOException {
+        return getHttpServletRequest().getInputStream();
+    }
+
+    /**
+     * Same as HttpServletRequest, no security changes required.
+     * @param name The name of an HTTP request header.
+     * @return Returns the value of the specified request header as an {@code int}.
+     */
+    public int getIntHeader(String name) {
+        return getHttpServletRequest().getIntHeader(name);
+    }
+
+    /**
+     * Same as HttpServletRequest, no security changes required.
+     * @return A {@code String} containing the IP address on which the
+     *         request was received.
+     */
+    public String getLocalAddr() {
+        return getHttpServletRequest().getLocalAddr();
+    }
+
+    /**
+     * Same as HttpServletRequest, no security changes required.
+     * @return The preferred {@code Locale} for the client.
+     */
+    public Locale getLocale() {
+        return getHttpServletRequest().getLocale();
+    }
+
+    /**
+     * Same as HttpServletRequest, no security changes required.
+     * @return An {@code Enumeration} of preferred {@code Locale}
+     *         objects for the client.
+     */
+    public Enumeration getLocales() {
+        return getHttpServletRequest().getLocales();
+    }
+
+    /**
+     * Same as HttpServletRequest, no security changes required.
+     * @return A {@code String} containing the host name of the IP on which
+     *         the request was received.
+     */
+    public String getLocalName() {
+        return getHttpServletRequest().getLocalName();
+    }
+
+    /**
+     * Same as HttpServletRequest, no security changes required.
+     * @return Returns the Internet Protocol (IP) port number of the interface
+     *         on which the request was received.
+     */
+    public int getLocalPort() {
+        return getHttpServletRequest().getLocalPort();
+    }
+
+    /**
+     * Same as HttpServletRequest, no security changes required.
+     * @return Returns the name of the HTTP method with which this request was made.
+     */
+    public String getMethod() {
+        return getHttpServletRequest().getMethod();
+    }
+
+    /**
+     * Returns the named parameter from the HttpServletRequest after
+     * canonicalizing and filtering out any dangerous characters.
+     * @param name The parameter name for the request
+     * @return The "scrubbed" parameter value.
+     */
+    public String getParameter(String name) {
+        return getParameter(name, true);
+    }
+
+    /**
+     * Returns the named parameter from the HttpServletRequest after
+     * canonicalizing and filtering out any dangerous characters.
+     * @param name The parameter name for the request
+     * @param allowNull Whether null values are allowed
+     * @return The "scrubbed" parameter value.
+     */
+    public String getParameter(String name, boolean allowNull) {
+        return getParameter(name, allowNull, 2000, "HTTPParameterValue");
+    }
+
+    /**
+     * Returns the named parameter from the HttpServletRequest after
+     * canonicalizing and filtering out any dangerous characters.
+     * @param name The parameter name for the request
+     * @param allowNull Whether null values are allowed
+     * @param maxLength The maximum length allowed
+     * @return The "scrubbed" parameter value.
+     */
+    public String getParameter(String name, boolean allowNull, int maxLength) {
+        return getParameter(name,allowNull,maxLength,"HTTPParameterValue");
+    }
+
+    /**
+     * Returns the named parameter from the HttpServletRequest after
+     * canonicalizing and filtering out any dangerous characters.
+     * @param name The parameter name for the request
+     * @param allowNull Whether null values are allowed
+     * @param maxLength The maximum length allowed
+     * @param regexName The name of the regex mapped from ESAPI.properties
+     * @return The "scrubbed" parameter value.
+     */
+    public String getParameter(String name, boolean allowNull, int maxLength, String regexName) {
+        String orig = getHttpServletRequest().getParameter(name);
+        String clean = null;
+        try {
+            clean = ESAPI.validator().getValidInput("HTTP parameter name: " + name, orig, regexName, maxLength, allowNull);
+        } catch (ValidationException e) {
+            // already logged
+        }
+        return clean;
+    }
+
+    /**
+     * Returns the parameter map from the HttpServletRequest after
+     * canonicalizing and filtering out any dangerous characters.
+     * @return A {@code Map} containing scrubbed parameter names / value pairs.
+     */
+    public Map getParameterMap() {
+        @SuppressWarnings({"unchecked"})
+        Map<String,String[]> map = getHttpServletRequest().getParameterMap();
+        Map<String,String[]> cleanMap = new HashMap<String,String[]>();
+        for (Object o : map.entrySet()) {
+            try {
+                Map.Entry e = (Map.Entry) o;
+                String name = (String) e.getKey();
+                String cleanName = ESAPI.validator().getValidInput("HTTP parameter name: " + name, name, "HTTPParameterName", 100, true);
+
+                String[] value = (String[]) e.getValue();
+                String[] cleanValues = new String[value.length];
+                for (int j = 0; j < value.length; j++) {
+                    String cleanValue = ESAPI.validator().getValidInput("HTTP parameter value: " + value[j], value[j], "HTTPParameterValue", 2000, true);
+                    cleanValues[j] = cleanValue;
+                }
+                cleanMap.put(cleanName, cleanValues);
+            } catch (ValidationException e) {
+                // already logged
+            }
+        }
+        return cleanMap;
+    }
+
+    /**
+     * Returns the enumeration of parameter names from the HttpServletRequest
+     * after canonicalizing and filtering out any dangerous characters.
+     * @return An {@code Enumeration} of properly "scrubbed" parameter names.
+     */
+    public Enumeration getParameterNames() {
+        Vector<String> v = new Vector<String>();
+        Enumeration en = getHttpServletRequest().getParameterNames();
+        while (en.hasMoreElements()) {
+            try {
+                String name = (String) en.nextElement();
+                String clean = ESAPI.validator().getValidInput("HTTP parameter name: " + name, name, "HTTPParameterName", 150, true);
+                v.add(clean);
+            } catch (ValidationException e) {
+                // already logged
+            }
+        }
+        return v.elements();
+    }
+
+    /**
+     * Returns the array of matching parameter values from the
+     * HttpServletRequest after canonicalizing and filtering out any dangerous
+     * characters.
+     * @param name The parameter name
+     * @return An array of matching "scrubbed" parameter values or
+     * <code>null</code> if the parameter does not exist.
+     */
+    public String[] getParameterValues(String name) {
+        String[] values = getHttpServletRequest().getParameterValues(name);
+        List<String> newValues;
+
+	if(values == null)
+		return null;
+        newValues = new ArrayList<String>();
+        for (String value : values) {
+            try {
+                String cleanValue = ESAPI.validator().getValidInput("HTTP parameter value: " + value, value, "HTTPParameterValue", 2000, true);
+                newValues.add(cleanValue);
+            } catch (ValidationException e) {
+                logger.warning(Logger.SECURITY_FAILURE, "Skipping bad parameter");
+            }
+        }
+        return newValues.toArray(new String[newValues.size()]);
+    }
+
+    /**
+     * Returns the path info from the HttpServletRequest after canonicalizing
+     * and filtering out any dangerous characters.
+     * @return Returns any extra path information, appropriately scrubbed,
+     *         associated with the URL the client sent when it made this request.
+     */
+    public String getPathInfo() {
+        String path = getHttpServletRequest().getPathInfo();
+		if (path == null) return null;
+        String clean = "";
+        try {
+            clean = ESAPI.validator().getValidInput("HTTP path: " + path, path, "HTTPPath", 150, true);
+        } catch (ValidationException e) {
+            // already logged
+        }
+        return clean;
+    }
+
+    /**
+     * Same as HttpServletRequest, no security changes required.
+     * @return Returns any extra path information, appropriate scrubbed,
+     *         after the servlet name but before the query string, and
+     *         translates it to a real path.
+     */
+    public String getPathTranslated() {
+        return getHttpServletRequest().getPathTranslated();
+    }
+
+    /**
+     * Same as HttpServletRequest, no security changes required.
+     * @return Returns the name and version of the protocol the request uses in
+     *       the form protocol/majorVersion.minorVersion, for example, HTTP/1.1.
+     */
+    public String getProtocol() {
+        return getHttpServletRequest().getProtocol();
+    }
+
+    /**
+     * Returns the query string from the HttpServletRequest after canonicalizing
+     * and filtering out any dangerous characters.
+     * @return The scrubbed query string is returned.
+     */
+    public String getQueryString() {
+        String query = getHttpServletRequest().getQueryString();
+        String clean = "";
+        try {
+            clean = ESAPI.validator().getValidInput("HTTP query string: " + query, query, "HTTPQueryString", 2000, true);
+        } catch (ValidationException e) {
+            // already logged
+        }
+        return clean;
+    }
+
+    /**
+     * Same as HttpServletRequest, no security changes required. Note that this
+     * reader may contain attacks and the developer is responsible for
+     * canonicalizing, validating, and encoding any data from this stream.
+     * @return aA {@code BufferedReader} containing the body of the request. 
+     * @throws IOException If an input error occurred while reading the request
+     *                     body (e.g., premature EOF).
+     */
+    public BufferedReader getReader() throws IOException {
+        return getHttpServletRequest().getReader();
+    }
+
+    // CHECKME: Should this be deprecated since ServletRequest.getRealPath(String)
+    //          is deprecated? Should use ServletContext.getRealPath(String) instead.
+    /**
+     * Same as HttpServletRequest, no security changes required.
+     * @param path A virtual path on a web or application server; e.g., "/index.htm".
+     * @return Returns a String containing the real path for a given virtual path.
+     * @deprecated in servlet spec 2.1. Use {@link javax.servlet.ServletContext#getRealPath(String)} instead.
+     */
+    @SuppressWarnings({"deprecation"})
+    @Deprecated
+    public String getRealPath(String path) {
+        return getHttpServletRequest().getRealPath(path);
+    }
+
+    /**
+     * Same as HttpServletRequest, no security changes required.
+     * @return Returns the IP address of the client or last proxy that sent the request.
+     */
+    public String getRemoteAddr() {
+        return getHttpServletRequest().getRemoteAddr();
+    }
+
+    /**
+     * Same as HttpServletRequest, no security changes required.
+     * @return The remote host
+     */
+    public String getRemoteHost() {
+        return getHttpServletRequest().getRemoteHost();
+    }
+
+    /**
+     * Same as HttpServletRequest, no security changes required.
+     * @return The remote port
+     */
+    public int getRemotePort() {
+        return getHttpServletRequest().getRemotePort();
+    }
+
+    /**
+     * Returns the name of the ESAPI user associated with this getHttpServletRequest().
+     * @return Returns the fully qualified name of the client or the last proxy
+     *         that sent the request
+     */
+    public String getRemoteUser() {
+        return ESAPI.authenticator().getCurrentUser().getAccountName();
+    }
+
+    /**
+     * Checks to make sure the path to forward to is within the WEB-INF
+     * directory and then returns the dispatcher. Otherwise returns null.
+     * @param path The path to create a request dispatcher for
+     * @return A {@code RequestDispatcher} object that acts as a wrapper for the
+     *         resource at the specified path, or null if the servlet container
+     *         cannot return a {@code RequestDispatcher}.
+     */
+    public RequestDispatcher getRequestDispatcher(String path) {
+        if (path.startsWith(allowableContentRoot)) {
+            return getHttpServletRequest().getRequestDispatcher(path);
+        }
+        return null;
+    }
+
+    /**
+     * Returns the URI from the HttpServletRequest after canonicalizing and
+     * filtering out any dangerous characters. Code must be very careful not to
+     * depend on the value of a requested session id reported by the user.
+     * @return The requested Session ID
+     */
+    public String getRequestedSessionId() {
+        String id = getHttpServletRequest().getRequestedSessionId();
+        String clean = "";
+        try {
+            clean = ESAPI.validator().getValidInput("Requested cookie: " + id, id, "HTTPJSESSIONID", 50, false);
+        } catch (ValidationException e) {
+            // already logged
+        }
+        return clean;
+    }
+
+    /**
+     * Returns the URI from the HttpServletRequest after canonicalizing and
+     * filtering out any dangerous characters.
+     * @return The current request URI
+     */
+    public String getRequestURI() {
+        String uri = getHttpServletRequest().getRequestURI();
+        String clean = "";
+        try {
+            clean = ESAPI.validator().getValidInput("HTTP URI: " + uri, uri, "HTTPURI", 2000, false);
+        } catch (ValidationException e) {
+            // already logged
+        }
+        return clean;
+    }
+
+    /**
+     * Returns the URL from the HttpServletRequest after canonicalizing and
+     * filtering out any dangerous characters.
+     * @return The currect request URL
+     */
+    public StringBuffer getRequestURL() {
+        String url = getHttpServletRequest().getRequestURL().toString();
+        String clean = "";
+        try {
+            clean = ESAPI.validator().getValidInput("HTTP URL: " + url, url, "HTTPURL", 2000, false);
+        } catch (ValidationException e) {
+            // already logged
+        }
+        return new StringBuffer(clean);
+    }
+
+    /**
+     * Returns the scheme from the HttpServletRequest after canonicalizing and
+     * filtering out any dangerous characters.
+     * @return The scheme of the current request
+     */
+    public String getScheme() {
+        String scheme = getHttpServletRequest().getScheme();
+        String clean = "";
+        try {
+            clean = ESAPI.validator().getValidInput("HTTP scheme: " + scheme, scheme, "HTTPScheme", 10, false);
+        } catch (ValidationException e) {
+            // already logged
+        }
+        return clean;
+    }
+
+    /**
+     * Returns the server name (host header) from the HttpServletRequest after
+     * canonicalizing and filtering out any dangerous characters.
+     * @return The local server name
+     */
+    public String getServerName() {
+        String name = getHttpServletRequest().getServerName();
+        String clean = "";
+        try {
+            clean = ESAPI.validator().getValidInput("HTTP server name: " + name, name, "HTTPServerName", 100, false);
+        } catch (ValidationException e) {
+            // already logged
+        }
+        return clean;
+    }
+
+    /**
+     * Returns the server port (after the : in the host header) from the
+     * HttpServletRequest after parsing and checking the range 0-65536.
+     * @return The local server port
+     */
+	public int getServerPort() {
+		int port = getHttpServletRequest().getServerPort();
+		if ( port < 0 || port > 0xFFFF ) {
+			logger.warning( Logger.SECURITY_FAILURE, "HTTP server port out of range: " + port );
+			port = 0;
+		}
+		return port;
+	}
+ 	
+
+    /**
+     * Returns the server path from the HttpServletRequest after canonicalizing
+     * and filtering out any dangerous characters.
+     * @return The servlet path
+     */
+    public String getServletPath() {
+        String path = getHttpServletRequest().getServletPath();
+        String clean = "";
+        try {
+            clean = ESAPI.validator().getValidInput("HTTP servlet path: " + path, path, "HTTPServletPath", 100, false);
+        } catch (ValidationException e) {
+            // already logged
+        }
+        return clean;
+    }
+
+    /**
+     * Returns a session, creating it if necessary, and sets the HttpOnly flag
+     * on the Session ID cookie.
+     * @return The current session
+     */
+    public HttpSession getSession() {
+		HttpSession session = getHttpServletRequest().getSession();
+
+		// send a new cookie header with HttpOnly on first and second responses
+	    if (ESAPI.securityConfiguration().getForceHttpOnlySession()) {
+	        if (session.getAttribute("HTTP_ONLY") == null) {
+				session.setAttribute("HTTP_ONLY", "set");
+				Cookie cookie = new Cookie(ESAPI.securityConfiguration().getHttpSessionIdName(), session.getId());
+				cookie.setPath( getHttpServletRequest().getContextPath() );
+				cookie.setMaxAge(-1); // session cookie
+	            HttpServletResponse response = ESAPI.currentResponse();
+	            if (response != null) {
+	                ESAPI.currentResponse().addCookie(cookie);
+	            }
+	        }
+	    }
+        return session;
+    }
+
+    /**
+     * Returns a session, creating it if necessary, and sets the HttpOnly flag
+     * on the Session ID cookie.
+     * @param create Create a new session if one doesn't exist
+     * @return The current session
+     */
+    public HttpSession getSession(boolean create) {
+        HttpSession session = getHttpServletRequest().getSession(create);
+        if (session == null) {
+            return null;
+        }
+
+        // send a new cookie header with HttpOnly on first and second responses
+        if (ESAPI.securityConfiguration().getForceHttpOnlySession()) {
+	        if (session.getAttribute("HTTP_ONLY") == null) {
+	            session.setAttribute("HTTP_ONLY", "set");
+	            Cookie cookie = new Cookie(ESAPI.securityConfiguration().getHttpSessionIdName(), session.getId());
+	            cookie.setMaxAge(-1); // session cookie
+	            cookie.setPath( getHttpServletRequest().getContextPath() );
+	            HttpServletResponse response = ESAPI.currentResponse();
+	            if (response != null) {
+	                ESAPI.currentResponse().addCookie(cookie);
+	            }
+	        }
+        }
+        return session;
+    }
+
+    /**
+     * Returns the ESAPI User associated with this getHttpServletRequest().
+     * @return The ESAPI User
+     */
+    public Principal getUserPrincipal() {
+        return ESAPI.authenticator().getCurrentUser();
+    }
+
+    /**
+     * Same as HttpServletRequest, no security changes required.
+     * @return if requested session id is from a cookie
+     */
+    public boolean isRequestedSessionIdFromCookie() {
+        return getHttpServletRequest().isRequestedSessionIdFromCookie();
+    }
+
+    /**
+     * Same as HttpServletRequest, no security changes required.
+     * @return Whether the requested session id is from the URL
+     * @deprecated in servlet spec 2.1. Use {@link #isRequestedSessionIdFromURL()} instead.
+     */
+    @SuppressWarnings({"deprecation"})
+    @Deprecated
+    public boolean isRequestedSessionIdFromUrl() {
+        return getHttpServletRequest().isRequestedSessionIdFromUrl();
+    }
+
+    /**
+     * Same as HttpServletRequest, no security changes required.
+     * @return Whether the requested session id is from the URL
+     */
+    public boolean isRequestedSessionIdFromURL() {
+        return getHttpServletRequest().isRequestedSessionIdFromURL();
+    }
+
+    /**
+     * Same as HttpServletRequest, no security changes required.
+     * @return Whether the requested session id is valid
+     */
+    public boolean isRequestedSessionIdValid() {
+        return getHttpServletRequest().isRequestedSessionIdValid();
+    }
+
+    /**
+     * Same as HttpServletRequest, no security changes required.
+     * @return Whether the current request is secure
+     */
+    public boolean isSecure() {
+        try {
+            ESAPI.httpUtilities().assertSecureChannel();
+        } catch (AccessControlException e) {
+            return false;
+        }
+        return true;
+    }
+
+    /**
+     * Returns true if the ESAPI User associated with this request has the
+     * specified role.
+     * @param role The role to check
+     * @return Whether the current user is in the passed role
+     */
+    public boolean isUserInRole(String role) {
+        return ESAPI.authenticator().getCurrentUser().isInRole(role);
+    }
+
+    /**
+     * Same as HttpServletRequest, no security changes required.
+     * @param name The attribute name
+     */
+    public void removeAttribute(String name) {
+        getHttpServletRequest().removeAttribute(name);
+    }
+
+    /**
+     * Same as HttpServletRequest, no security changes required.
+     * @param name The attribute name
+     * @param o The attribute value
+     */
+    public void setAttribute(String name, Object o) {
+        getHttpServletRequest().setAttribute(name, o);
+    }
+
+    /**
+     * Sets the character encoding scheme to the ESAPI configured encoding scheme.
+     * @param enc The encoding scheme
+     * @throws UnsupportedEncodingException
+     */
+    public void setCharacterEncoding(String enc) throws UnsupportedEncodingException {
+        getHttpServletRequest().setCharacterEncoding(ESAPI.securityConfiguration().getCharacterEncoding());
+    }
+
+    public String getAllowableContentRoot() {
+        return allowableContentRoot;
+    }
+
+    public void setAllowableContentRoot(String allowableContentRoot) {
+        this.allowableContentRoot = allowableContentRoot.startsWith( "/" ) ? allowableContentRoot : "/" + allowableContentRoot;
+    }
+}

From 2ac58369dcc4134fc95131ab7ae026bdc5ea25ef Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:48 -0500
Subject: [PATCH 131/812] Change CRLF to LF for issue 356.

---
 .../filters/SecurityWrapperResponse.java      | 1026 ++++++++---------
 1 file changed, 513 insertions(+), 513 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java b/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java
index 71a9e7080..a57e743f5 100644
--- a/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java
+++ b/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java
@@ -1,513 +1,513 @@
-/**
- * OWASP Enterprise Security API (ESAPI) This file is part of the Open Web
- * Application Security Project (OWASP) Enterprise Security API (ESAPI) project.
- * For details, please see <a
- * href="http://www.owasp.org/index.php/ESAPI">http://
- * www.owasp.org/index.php/ESAPI</a>. Copyright (c) 2007 - The OWASP Foundation
- * The ESAPI is published by OWASP under the BSD license. You should read and
- * accept the LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect
- *         Security</a>
- * @created 2007
- */
-package org.owasp.esapi.filters;
-
-import java.io.IOException;
-import java.io.PrintWriter;
-import java.util.Locale;
-
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpServletResponseWrapper;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.Logger;
-import org.owasp.esapi.StringUtilities;
-import org.owasp.esapi.ValidationErrorList;
-import org.owasp.esapi.errors.IntrusionException;
-import org.owasp.esapi.errors.ValidationException;
-
-/**
- * This response wrapper simply overrides unsafe methods in the
- * HttpServletResponse API with safe versions.
- */
-public class SecurityWrapperResponse extends HttpServletResponseWrapper implements HttpServletResponse {
-
-    private final Logger logger = ESAPI.getLogger("SecurityWrapperResponse");
-
-    // modes are "log", "skip", "sanitize", "throw"
-    // TODO: move this to SecurityConfiguration
-    private String mode = "log";
-
-    /**
-     * Construct a safe response that overrides the default response methods
-     * with safer versions. 
-     * 
-     * @param response
-     */
-    public SecurityWrapperResponse(HttpServletResponse response) {
-    	super( response );
-    }
-
-    /**
-     *
-     * @param response
-     * @param mode
-     */
-    public SecurityWrapperResponse(HttpServletResponse response, String mode) {
-    	super( response );
-        this.mode = mode;
-    }
-
-
-    private HttpServletResponse getHttpServletResponse() {
-    	return (HttpServletResponse)super.getResponse();
-    }
-
-    /**
-     * Add a cookie to the response after ensuring that there are no encoded or
-     * illegal characters in the name and name and value. This method also sets
-     * the secure and HttpOnly flags on the cookie. This implementation uses a
-     * custom "set-cookie" header instead of using Java's cookie interface which
-     * doesn't allow the use of HttpOnly.
-     * @param cookie
-     */
-    public void addCookie(Cookie cookie) {
-        String name = cookie.getName();
-        String value = cookie.getValue();
-        int maxAge = cookie.getMaxAge();
-        String domain = cookie.getDomain();
-        String path = cookie.getPath();
-        boolean secure = cookie.getSecure();
-
-        // validate the name and value
-        ValidationErrorList errors = new ValidationErrorList();
-        String cookieName = ESAPI.validator().getValidInput("cookie name", name, "HTTPCookieName", 50, false, errors);
-        String cookieValue = ESAPI.validator().getValidInput("cookie value", value, "HTTPCookieValue", ESAPI.securityConfiguration().getMaxHttpHeaderSize(), false, errors);
-
-        // if there are no errors, then just set a cookie header
-        if (errors.size() == 0) {
-            String header = createCookieHeader(name, value, maxAge, domain, path, secure);
-            this.addHeader("Set-Cookie", header);
-            return;
-        }
-
-        // if there was an error
-        if (mode.equals("skip")) {
-            logger.warning(Logger.SECURITY_FAILURE, "Attempt to add unsafe data to cookie (skip mode). Skipping cookie and continuing.");
-            return;
-        }
-
-        // add the original cookie to the response and continue
-        if (mode.equals("log")) {
-            logger.warning(Logger.SECURITY_FAILURE, "Attempt to add unsafe data to cookie (log mode). Adding unsafe cookie anyway and continuing.");
-            getHttpServletResponse().addCookie(cookie);
-            return;
-        }
-
-        // create a sanitized cookie header and continue
-        if (mode.equals("sanitize")) {
-            logger.warning(Logger.SECURITY_FAILURE, "Attempt to add unsafe data to cookie (sanitize mode). Sanitizing cookie and continuing.");
-            String header = createCookieHeader(cookieName, cookieValue, maxAge, domain, path, secure);
-            this.addHeader("Set-Cookie", header);
-            return;
-        }
-
-        // throw an exception if necessary or add original cookie header
-        throw new IntrusionException("Security error", "Attempt to add unsafe data to cookie (throw mode)");
-    }
-
-    private String createCookieHeader(String name, String value, int maxAge, String domain, String path, boolean secure) {
-        // create the special cookie header instead of creating a Java cookie
-        // Set-Cookie:<name>=<value>[; <name>=<value>][; expires=<date>][;
-        // domain=<domain_name>][; path=<some_path>][; secure][;HttpOnly
-        String header = name + "=" + value;
-        header += "; Max-Age=" + maxAge;
-        if (domain != null) {
-            header += "; Domain=" + domain;
-        }
-        if (path != null) {
-            header += "; Path=" + path;
-        }
-        if ( secure || ESAPI.securityConfiguration().getForceSecureCookies() ) {
-			header += "; Secure";
-        }
-        if ( ESAPI.securityConfiguration().getForceHttpOnlyCookies() ) {
-			header += "; HttpOnly";
-        }
-        return header;
-    }
-
-    /**
-     * Add a cookie to the response after ensuring that there are no encoded or
-     * illegal characters in the name.
-     * @param name 
-     * @param date
-     */
-    public void addDateHeader(String name, long date) {
-        try {
-            String safeName = ESAPI.validator().getValidInput("safeSetDateHeader", name, "HTTPHeaderName", 20, false);
-            getHttpServletResponse().addDateHeader(safeName, date);
-        } catch (ValidationException e) {
-            logger.warning(Logger.SECURITY_FAILURE, "Attempt to set invalid date header name denied", e);
-        }
-    }
-
-    /**
-     * Add a header to the response after ensuring that there are no encoded or
-     * illegal characters in the name and name and value. This implementation
-     * follows the following recommendation: "A recipient MAY replace any linear
-     * white space with a single SP before interpreting the field value or
-     * forwarding the message downstream."
-     * http://www.w3.org/Protocols/rfc2616/rfc2616-sec2.html#sec2.2
-     * @param name
-     * @param value
-     */
-    public void addHeader(String name, String value) {
-        try {
-            // TODO: make stripping a global config
-            String strippedName = StringUtilities.stripControls(name);
-            String strippedValue = StringUtilities.stripControls(value);
-            String safeName = ESAPI.validator().getValidInput("addHeader", strippedName, "HTTPHeaderName", 20, false);
-            String safeValue = ESAPI.validator().getValidInput("addHeader", strippedValue, "HTTPHeaderValue", ESAPI.securityConfiguration().getMaxHttpHeaderSize(), false);
-            getHttpServletResponse().setHeader(safeName, safeValue);
-        } catch (ValidationException e) {
-            logger.warning(Logger.SECURITY_FAILURE, "Attempt to add invalid header denied", e);
-        }
-    }
-
-    /**
-     * Add an int header to the response after ensuring that there are no
-     * encoded or illegal characters in the name and name.
-     * @param name 
-     * @param value
-     */
-    public void addIntHeader(String name, int value) {
-        try {
-            String safeName = ESAPI.validator().getValidInput("safeSetDateHeader", name, "HTTPHeaderName", 20, false);
-            getHttpServletResponse().addIntHeader(safeName, value);
-        } catch (ValidationException e) {
-            logger.warning(Logger.SECURITY_FAILURE, "Attempt to set invalid int header name denied", e);
-        }
-    }
-
-    /**
-     * Same as HttpServletResponse, no security changes required.
-     * @param name
-     * @return
-     */
-    public boolean containsHeader(String name) {
-        return getHttpServletResponse().containsHeader(name);
-    }
-
-    /**
-     * Return the URL without any changes, to prevent disclosure of the
-     * Session ID. The default implementation of this method can add the
-     * Session ID to the URL if support for cookies is not detected. This
-     * exposes the Session ID credential in bookmarks, referer headers, server
-     * logs, and more.
-     * 
-     * @param url
-     * @return original url
-     * @deprecated in servlet spec 2.1. Use
-     * {@link #encodeRedirectUrl(String)} instead.
-     */
-    @Deprecated
-    public String encodeRedirectUrl(String url) {
-        return url;
-    }
-
-    /**
-     * Return the URL without any changes, to prevent disclosure of the
-     * Session ID The default implementation of this method can add the
-     * Session ID to the URL if support for cookies is not detected. This
-     * exposes the Session ID credential in bookmarks, referer headers, server
-     * logs, and more.
-     * 
-     * @param url
-     * @return original url
-     */
-    public String encodeRedirectURL(String url) {
-        return url;
-    }
-
-    /**
-     * Return the URL without any changes, to prevent disclosure of the
-     * Session ID The default implementation of this method can add the
-     * Session ID to the URL if support for cookies is not detected. This
-     * exposes the Session ID credential in bookmarks, referer headers, server
-     * logs, and more.
-     * 
-     * @param url
-     * @return original url
-     * @deprecated in servlet spec 2.1. Use
-     * {@link #encodeURL(String)} instead.
-     */
-    @Deprecated
-    public String encodeUrl(String url) {
-        return url;
-    }
-
-    /**
-     * Return the URL without any changes, to prevent disclosure of the
-     * Session ID The default implementation of this method can add the
-     * Session ID to the URL if support for cookies is not detected. This
-     * exposes the Session ID credential in bookmarks, referer headers, server
-     * logs, and more.
-     * 
-     * @param url
-     * @return original url
-     */
-    public String encodeURL(String url) {
-        return url;
-    }
-
-    /**
-     * Same as HttpServletResponse, no security changes required.
-     * @throws IOException
-     */
-    public void flushBuffer() throws IOException {
-        getHttpServletResponse().flushBuffer();
-    }
-
-    /**
-     * Same as HttpServletResponse, no security changes required.
-     * @return
-     */
-    public int getBufferSize() {
-        return getHttpServletResponse().getBufferSize();
-    }
-
-    /**
-     * Same as HttpServletResponse, no security changes required.
-     * @return
-     */
-    public String getCharacterEncoding() {
-        return getHttpServletResponse().getCharacterEncoding();
-    }
-
-    /**
-     * Same as HttpServletResponse, no security changes required.
-     * @return
-     */
-    public String getContentType() {
-        return getHttpServletResponse().getContentType();
-    }
-
-    /**
-     * Same as HttpServletResponse, no security changes required.
-     * @return
-     */
-    public Locale getLocale() {
-        return getHttpServletResponse().getLocale();
-    }
-
-    /**
-     * Same as HttpServletResponse, no security changes required.
-     * @return 
-     * @throws IOException
-     */
-    public ServletOutputStream getOutputStream() throws IOException {
-        return getHttpServletResponse().getOutputStream();
-    }
-
-    /**
-     * Same as HttpServletResponse, no security changes required.
-     * @return 
-     * @throws IOException
-     */
-    public PrintWriter getWriter() throws IOException {
-        return getHttpServletResponse().getWriter();
-    }
-
-    /**
-     * Same as HttpServletResponse, no security changes required.
-     * @return
-     */
-    public boolean isCommitted() {
-        return getHttpServletResponse().isCommitted();
-    }
-
-    /**
-     * Same as HttpServletResponse, no security changes required.
-     */
-    public void reset() {
-        getHttpServletResponse().reset();
-    }
-
-    /**
-     * Same as HttpServletResponse, no security changes required.
-     */
-    public void resetBuffer() {
-        getHttpServletResponse().resetBuffer();
-    }
-
-    /**
-     * Override the error code with a 200 in order to confound attackers using
-     * automated scanners.
-     * @param sc 
-     * @throws IOException
-     */
-    public void sendError(int sc) throws IOException {
-        getHttpServletResponse().sendError(HttpServletResponse.SC_OK, getHTTPMessage(sc));
-    }
-
-    /**
-     * Override the error code with a 200 in order to confound attackers using
-     * automated scanners. The message is canonicalized and filtered for
-     * dangerous characters.
-     * @param sc 
-     * @param msg
-     * @throws IOException
-     */
-    public void sendError(int sc, String msg) throws IOException {
-        getHttpServletResponse().sendError(HttpServletResponse.SC_OK, ESAPI.encoder().encodeForHTML(msg));
-    }
-
-    /**
-     * This method generates a redirect response that can only be used to
-     * redirect the browser to safe locations, as configured in the ESAPI
-     * security configuration. This method does not that redirect requests can
-     * be modified by attackers, so do not rely information contained within
-     * redirect requests, and do not include sensitive information in a
-     * redirect.
-     * @param location 
-     * @throws IOException
-     */
-    public void sendRedirect(String location) throws IOException {
-        if (!ESAPI.validator().isValidRedirectLocation("Redirect", location, false)) {
-            logger.fatal(Logger.SECURITY_FAILURE, "Bad redirect location: " + location);
-            throw new IOException("Redirect failed");
-        }
-        getHttpServletResponse().sendRedirect(location);
-    }
-
-    /**
-     * Same as HttpServletResponse, no security changes required.
-     * @param size
-     */
-    public void setBufferSize(int size) {
-        getHttpServletResponse().setBufferSize(size);
-    }
-
-    /**
-     * Sets the character encoding to the ESAPI configured encoding.
-     * @param charset
-     */
-    public void setCharacterEncoding(String charset) {
-        getHttpServletResponse().setCharacterEncoding(ESAPI.securityConfiguration().getCharacterEncoding());
-    }
-
-    /**
-     * Same as HttpServletResponse, no security changes required.
-     * @param len
-     */
-    public void setContentLength(int len) {
-        getHttpServletResponse().setContentLength(len);
-    }
-
-    /**
-     * Same as HttpServletResponse, no security changes required.
-     * @param type
-     */
-    public void setContentType(String type) {
-        getHttpServletResponse().setContentType(type);
-    }
-
-    /**
-     * Add a date header to the response after ensuring that there are no
-     * encoded or illegal characters in the name.
-     * @param name 
-     * @param date
-     */
-    public void setDateHeader(String name, long date) {
-        try {
-            String safeName = ESAPI.validator().getValidInput("safeSetDateHeader", name, "HTTPHeaderName", 20, false);
-            getHttpServletResponse().setDateHeader(safeName, date);
-        } catch (ValidationException e) {
-            logger.warning(Logger.SECURITY_FAILURE, "Attempt to set invalid date header name denied", e);
-        }
-    }
-
-    /**
-     * Add a header to the response after ensuring that there are no encoded or
-     * illegal characters in the name and value. "A recipient MAY replace any
-     * linear white space with a single SP before interpreting the field value
-     * or forwarding the message downstream."
-     * http://www.w3.org/Protocols/rfc2616/rfc2616-sec2.html#sec2.2
-     * @param name 
-     * @param value
-     */
-    public void setHeader(String name, String value) {
-        try {
-            String strippedName = StringUtilities.stripControls(name);
-            String strippedValue = StringUtilities.stripControls(value);
-            String safeName = ESAPI.validator().getValidInput("setHeader", strippedName, "HTTPHeaderName", 50, false);
-            String safeValue = ESAPI.validator().getValidInput("setHeader", strippedValue, "HTTPHeaderValue", ESAPI.securityConfiguration().getMaxHttpHeaderSize(), false);
-            getHttpServletResponse().setHeader(safeName, safeValue);
-        } catch (ValidationException e) {
-            logger.warning(Logger.SECURITY_FAILURE, "Attempt to set invalid header denied", e);
-        }
-    }
-
-    /**
-     * Add an int header to the response after ensuring that there are no
-     * encoded or illegal characters in the name.
-     * @param name 
-     * @param value
-     */
-    public void setIntHeader(String name, int value) {
-        try {
-            String safeName = ESAPI.validator().getValidInput("safeSetDateHeader", name, "HTTPHeaderName", 20, false);
-            getHttpServletResponse().setIntHeader(safeName, value);
-        } catch (ValidationException e) {
-            logger.warning(Logger.SECURITY_FAILURE, "Attempt to set invalid int header name denied", e);
-        }
-    }
-
-    /**
-     * Same as HttpServletResponse, no security changes required.
-     * @param loc
-     */
-    public void setLocale(Locale loc) {
-        // TODO investigate the character set issues here
-        getHttpServletResponse().setLocale(loc);
-    }
-
-    /**
-     * Override the status code with a 200 in order to confound attackers using
-     * automated scanners.
-     * @param sc
-     */
-    public void setStatus(int sc) {
-        getHttpServletResponse().setStatus(HttpServletResponse.SC_OK);
-    }
-
-    /**
-     * Override the status code with a 200 in order to confound attackers using
-     * automated scanners. The message is canonicalized and filtered for
-     * dangerous characters.
-     * @param sc 
-     * @param sm
-     * @deprecated In Servlet spec 2.1.
-     */
-    @Deprecated
-    public void setStatus(int sc, String sm) {
-        try {
-            // setStatus is deprecated so use sendError instead
-            sendError(HttpServletResponse.SC_OK, sm);
-        } catch (IOException e) {
-            logger.warning(Logger.SECURITY_FAILURE, "Attempt to set response status failed", e);
-        }
-    }
-
-    /**
-     * returns a text message for the HTTP response code
-     */
-    private String getHTTPMessage(int sc) {
-        return "HTTP error code: " + sc;
-    }
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI) This file is part of the Open Web
+ * Application Security Project (OWASP) Enterprise Security API (ESAPI) project.
+ * For details, please see <a
+ * href="http://www.owasp.org/index.php/ESAPI">http://
+ * www.owasp.org/index.php/ESAPI</a>. Copyright (c) 2007 - The OWASP Foundation
+ * The ESAPI is published by OWASP under the BSD license. You should read and
+ * accept the LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect
+ *         Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.filters;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.util.Locale;
+
+import javax.servlet.ServletOutputStream;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpServletResponseWrapper;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.StringUtilities;
+import org.owasp.esapi.ValidationErrorList;
+import org.owasp.esapi.errors.IntrusionException;
+import org.owasp.esapi.errors.ValidationException;
+
+/**
+ * This response wrapper simply overrides unsafe methods in the
+ * HttpServletResponse API with safe versions.
+ */
+public class SecurityWrapperResponse extends HttpServletResponseWrapper implements HttpServletResponse {
+
+    private final Logger logger = ESAPI.getLogger("SecurityWrapperResponse");
+
+    // modes are "log", "skip", "sanitize", "throw"
+    // TODO: move this to SecurityConfiguration
+    private String mode = "log";
+
+    /**
+     * Construct a safe response that overrides the default response methods
+     * with safer versions. 
+     * 
+     * @param response
+     */
+    public SecurityWrapperResponse(HttpServletResponse response) {
+    	super( response );
+    }
+
+    /**
+     *
+     * @param response
+     * @param mode
+     */
+    public SecurityWrapperResponse(HttpServletResponse response, String mode) {
+    	super( response );
+        this.mode = mode;
+    }
+
+
+    private HttpServletResponse getHttpServletResponse() {
+    	return (HttpServletResponse)super.getResponse();
+    }
+
+    /**
+     * Add a cookie to the response after ensuring that there are no encoded or
+     * illegal characters in the name and name and value. This method also sets
+     * the secure and HttpOnly flags on the cookie. This implementation uses a
+     * custom "set-cookie" header instead of using Java's cookie interface which
+     * doesn't allow the use of HttpOnly.
+     * @param cookie
+     */
+    public void addCookie(Cookie cookie) {
+        String name = cookie.getName();
+        String value = cookie.getValue();
+        int maxAge = cookie.getMaxAge();
+        String domain = cookie.getDomain();
+        String path = cookie.getPath();
+        boolean secure = cookie.getSecure();
+
+        // validate the name and value
+        ValidationErrorList errors = new ValidationErrorList();
+        String cookieName = ESAPI.validator().getValidInput("cookie name", name, "HTTPCookieName", 50, false, errors);
+        String cookieValue = ESAPI.validator().getValidInput("cookie value", value, "HTTPCookieValue", ESAPI.securityConfiguration().getMaxHttpHeaderSize(), false, errors);
+
+        // if there are no errors, then just set a cookie header
+        if (errors.size() == 0) {
+            String header = createCookieHeader(name, value, maxAge, domain, path, secure);
+            this.addHeader("Set-Cookie", header);
+            return;
+        }
+
+        // if there was an error
+        if (mode.equals("skip")) {
+            logger.warning(Logger.SECURITY_FAILURE, "Attempt to add unsafe data to cookie (skip mode). Skipping cookie and continuing.");
+            return;
+        }
+
+        // add the original cookie to the response and continue
+        if (mode.equals("log")) {
+            logger.warning(Logger.SECURITY_FAILURE, "Attempt to add unsafe data to cookie (log mode). Adding unsafe cookie anyway and continuing.");
+            getHttpServletResponse().addCookie(cookie);
+            return;
+        }
+
+        // create a sanitized cookie header and continue
+        if (mode.equals("sanitize")) {
+            logger.warning(Logger.SECURITY_FAILURE, "Attempt to add unsafe data to cookie (sanitize mode). Sanitizing cookie and continuing.");
+            String header = createCookieHeader(cookieName, cookieValue, maxAge, domain, path, secure);
+            this.addHeader("Set-Cookie", header);
+            return;
+        }
+
+        // throw an exception if necessary or add original cookie header
+        throw new IntrusionException("Security error", "Attempt to add unsafe data to cookie (throw mode)");
+    }
+
+    private String createCookieHeader(String name, String value, int maxAge, String domain, String path, boolean secure) {
+        // create the special cookie header instead of creating a Java cookie
+        // Set-Cookie:<name>=<value>[; <name>=<value>][; expires=<date>][;
+        // domain=<domain_name>][; path=<some_path>][; secure][;HttpOnly
+        String header = name + "=" + value;
+        header += "; Max-Age=" + maxAge;
+        if (domain != null) {
+            header += "; Domain=" + domain;
+        }
+        if (path != null) {
+            header += "; Path=" + path;
+        }
+        if ( secure || ESAPI.securityConfiguration().getForceSecureCookies() ) {
+			header += "; Secure";
+        }
+        if ( ESAPI.securityConfiguration().getForceHttpOnlyCookies() ) {
+			header += "; HttpOnly";
+        }
+        return header;
+    }
+
+    /**
+     * Add a cookie to the response after ensuring that there are no encoded or
+     * illegal characters in the name.
+     * @param name 
+     * @param date
+     */
+    public void addDateHeader(String name, long date) {
+        try {
+            String safeName = ESAPI.validator().getValidInput("safeSetDateHeader", name, "HTTPHeaderName", 20, false);
+            getHttpServletResponse().addDateHeader(safeName, date);
+        } catch (ValidationException e) {
+            logger.warning(Logger.SECURITY_FAILURE, "Attempt to set invalid date header name denied", e);
+        }
+    }
+
+    /**
+     * Add a header to the response after ensuring that there are no encoded or
+     * illegal characters in the name and name and value. This implementation
+     * follows the following recommendation: "A recipient MAY replace any linear
+     * white space with a single SP before interpreting the field value or
+     * forwarding the message downstream."
+     * http://www.w3.org/Protocols/rfc2616/rfc2616-sec2.html#sec2.2
+     * @param name
+     * @param value
+     */
+    public void addHeader(String name, String value) {
+        try {
+            // TODO: make stripping a global config
+            String strippedName = StringUtilities.stripControls(name);
+            String strippedValue = StringUtilities.stripControls(value);
+            String safeName = ESAPI.validator().getValidInput("addHeader", strippedName, "HTTPHeaderName", 20, false);
+            String safeValue = ESAPI.validator().getValidInput("addHeader", strippedValue, "HTTPHeaderValue", ESAPI.securityConfiguration().getMaxHttpHeaderSize(), false);
+            getHttpServletResponse().setHeader(safeName, safeValue);
+        } catch (ValidationException e) {
+            logger.warning(Logger.SECURITY_FAILURE, "Attempt to add invalid header denied", e);
+        }
+    }
+
+    /**
+     * Add an int header to the response after ensuring that there are no
+     * encoded or illegal characters in the name and name.
+     * @param name 
+     * @param value
+     */
+    public void addIntHeader(String name, int value) {
+        try {
+            String safeName = ESAPI.validator().getValidInput("safeSetDateHeader", name, "HTTPHeaderName", 20, false);
+            getHttpServletResponse().addIntHeader(safeName, value);
+        } catch (ValidationException e) {
+            logger.warning(Logger.SECURITY_FAILURE, "Attempt to set invalid int header name denied", e);
+        }
+    }
+
+    /**
+     * Same as HttpServletResponse, no security changes required.
+     * @param name
+     * @return
+     */
+    public boolean containsHeader(String name) {
+        return getHttpServletResponse().containsHeader(name);
+    }
+
+    /**
+     * Return the URL without any changes, to prevent disclosure of the
+     * Session ID. The default implementation of this method can add the
+     * Session ID to the URL if support for cookies is not detected. This
+     * exposes the Session ID credential in bookmarks, referer headers, server
+     * logs, and more.
+     * 
+     * @param url
+     * @return original url
+     * @deprecated in servlet spec 2.1. Use
+     * {@link #encodeRedirectUrl(String)} instead.
+     */
+    @Deprecated
+    public String encodeRedirectUrl(String url) {
+        return url;
+    }
+
+    /**
+     * Return the URL without any changes, to prevent disclosure of the
+     * Session ID The default implementation of this method can add the
+     * Session ID to the URL if support for cookies is not detected. This
+     * exposes the Session ID credential in bookmarks, referer headers, server
+     * logs, and more.
+     * 
+     * @param url
+     * @return original url
+     */
+    public String encodeRedirectURL(String url) {
+        return url;
+    }
+
+    /**
+     * Return the URL without any changes, to prevent disclosure of the
+     * Session ID The default implementation of this method can add the
+     * Session ID to the URL if support for cookies is not detected. This
+     * exposes the Session ID credential in bookmarks, referer headers, server
+     * logs, and more.
+     * 
+     * @param url
+     * @return original url
+     * @deprecated in servlet spec 2.1. Use
+     * {@link #encodeURL(String)} instead.
+     */
+    @Deprecated
+    public String encodeUrl(String url) {
+        return url;
+    }
+
+    /**
+     * Return the URL without any changes, to prevent disclosure of the
+     * Session ID The default implementation of this method can add the
+     * Session ID to the URL if support for cookies is not detected. This
+     * exposes the Session ID credential in bookmarks, referer headers, server
+     * logs, and more.
+     * 
+     * @param url
+     * @return original url
+     */
+    public String encodeURL(String url) {
+        return url;
+    }
+
+    /**
+     * Same as HttpServletResponse, no security changes required.
+     * @throws IOException
+     */
+    public void flushBuffer() throws IOException {
+        getHttpServletResponse().flushBuffer();
+    }
+
+    /**
+     * Same as HttpServletResponse, no security changes required.
+     * @return
+     */
+    public int getBufferSize() {
+        return getHttpServletResponse().getBufferSize();
+    }
+
+    /**
+     * Same as HttpServletResponse, no security changes required.
+     * @return
+     */
+    public String getCharacterEncoding() {
+        return getHttpServletResponse().getCharacterEncoding();
+    }
+
+    /**
+     * Same as HttpServletResponse, no security changes required.
+     * @return
+     */
+    public String getContentType() {
+        return getHttpServletResponse().getContentType();
+    }
+
+    /**
+     * Same as HttpServletResponse, no security changes required.
+     * @return
+     */
+    public Locale getLocale() {
+        return getHttpServletResponse().getLocale();
+    }
+
+    /**
+     * Same as HttpServletResponse, no security changes required.
+     * @return 
+     * @throws IOException
+     */
+    public ServletOutputStream getOutputStream() throws IOException {
+        return getHttpServletResponse().getOutputStream();
+    }
+
+    /**
+     * Same as HttpServletResponse, no security changes required.
+     * @return 
+     * @throws IOException
+     */
+    public PrintWriter getWriter() throws IOException {
+        return getHttpServletResponse().getWriter();
+    }
+
+    /**
+     * Same as HttpServletResponse, no security changes required.
+     * @return
+     */
+    public boolean isCommitted() {
+        return getHttpServletResponse().isCommitted();
+    }
+
+    /**
+     * Same as HttpServletResponse, no security changes required.
+     */
+    public void reset() {
+        getHttpServletResponse().reset();
+    }
+
+    /**
+     * Same as HttpServletResponse, no security changes required.
+     */
+    public void resetBuffer() {
+        getHttpServletResponse().resetBuffer();
+    }
+
+    /**
+     * Override the error code with a 200 in order to confound attackers using
+     * automated scanners.
+     * @param sc 
+     * @throws IOException
+     */
+    public void sendError(int sc) throws IOException {
+        getHttpServletResponse().sendError(HttpServletResponse.SC_OK, getHTTPMessage(sc));
+    }
+
+    /**
+     * Override the error code with a 200 in order to confound attackers using
+     * automated scanners. The message is canonicalized and filtered for
+     * dangerous characters.
+     * @param sc 
+     * @param msg
+     * @throws IOException
+     */
+    public void sendError(int sc, String msg) throws IOException {
+        getHttpServletResponse().sendError(HttpServletResponse.SC_OK, ESAPI.encoder().encodeForHTML(msg));
+    }
+
+    /**
+     * This method generates a redirect response that can only be used to
+     * redirect the browser to safe locations, as configured in the ESAPI
+     * security configuration. This method does not that redirect requests can
+     * be modified by attackers, so do not rely information contained within
+     * redirect requests, and do not include sensitive information in a
+     * redirect.
+     * @param location 
+     * @throws IOException
+     */
+    public void sendRedirect(String location) throws IOException {
+        if (!ESAPI.validator().isValidRedirectLocation("Redirect", location, false)) {
+            logger.fatal(Logger.SECURITY_FAILURE, "Bad redirect location: " + location);
+            throw new IOException("Redirect failed");
+        }
+        getHttpServletResponse().sendRedirect(location);
+    }
+
+    /**
+     * Same as HttpServletResponse, no security changes required.
+     * @param size
+     */
+    public void setBufferSize(int size) {
+        getHttpServletResponse().setBufferSize(size);
+    }
+
+    /**
+     * Sets the character encoding to the ESAPI configured encoding.
+     * @param charset
+     */
+    public void setCharacterEncoding(String charset) {
+        getHttpServletResponse().setCharacterEncoding(ESAPI.securityConfiguration().getCharacterEncoding());
+    }
+
+    /**
+     * Same as HttpServletResponse, no security changes required.
+     * @param len
+     */
+    public void setContentLength(int len) {
+        getHttpServletResponse().setContentLength(len);
+    }
+
+    /**
+     * Same as HttpServletResponse, no security changes required.
+     * @param type
+     */
+    public void setContentType(String type) {
+        getHttpServletResponse().setContentType(type);
+    }
+
+    /**
+     * Add a date header to the response after ensuring that there are no
+     * encoded or illegal characters in the name.
+     * @param name 
+     * @param date
+     */
+    public void setDateHeader(String name, long date) {
+        try {
+            String safeName = ESAPI.validator().getValidInput("safeSetDateHeader", name, "HTTPHeaderName", 20, false);
+            getHttpServletResponse().setDateHeader(safeName, date);
+        } catch (ValidationException e) {
+            logger.warning(Logger.SECURITY_FAILURE, "Attempt to set invalid date header name denied", e);
+        }
+    }
+
+    /**
+     * Add a header to the response after ensuring that there are no encoded or
+     * illegal characters in the name and value. "A recipient MAY replace any
+     * linear white space with a single SP before interpreting the field value
+     * or forwarding the message downstream."
+     * http://www.w3.org/Protocols/rfc2616/rfc2616-sec2.html#sec2.2
+     * @param name 
+     * @param value
+     */
+    public void setHeader(String name, String value) {
+        try {
+            String strippedName = StringUtilities.stripControls(name);
+            String strippedValue = StringUtilities.stripControls(value);
+            String safeName = ESAPI.validator().getValidInput("setHeader", strippedName, "HTTPHeaderName", 50, false);
+            String safeValue = ESAPI.validator().getValidInput("setHeader", strippedValue, "HTTPHeaderValue", ESAPI.securityConfiguration().getMaxHttpHeaderSize(), false);
+            getHttpServletResponse().setHeader(safeName, safeValue);
+        } catch (ValidationException e) {
+            logger.warning(Logger.SECURITY_FAILURE, "Attempt to set invalid header denied", e);
+        }
+    }
+
+    /**
+     * Add an int header to the response after ensuring that there are no
+     * encoded or illegal characters in the name.
+     * @param name 
+     * @param value
+     */
+    public void setIntHeader(String name, int value) {
+        try {
+            String safeName = ESAPI.validator().getValidInput("safeSetDateHeader", name, "HTTPHeaderName", 20, false);
+            getHttpServletResponse().setIntHeader(safeName, value);
+        } catch (ValidationException e) {
+            logger.warning(Logger.SECURITY_FAILURE, "Attempt to set invalid int header name denied", e);
+        }
+    }
+
+    /**
+     * Same as HttpServletResponse, no security changes required.
+     * @param loc
+     */
+    public void setLocale(Locale loc) {
+        // TODO investigate the character set issues here
+        getHttpServletResponse().setLocale(loc);
+    }
+
+    /**
+     * Override the status code with a 200 in order to confound attackers using
+     * automated scanners.
+     * @param sc
+     */
+    public void setStatus(int sc) {
+        getHttpServletResponse().setStatus(HttpServletResponse.SC_OK);
+    }
+
+    /**
+     * Override the status code with a 200 in order to confound attackers using
+     * automated scanners. The message is canonicalized and filtered for
+     * dangerous characters.
+     * @param sc 
+     * @param sm
+     * @deprecated In Servlet spec 2.1.
+     */
+    @Deprecated
+    public void setStatus(int sc, String sm) {
+        try {
+            // setStatus is deprecated so use sendError instead
+            sendError(HttpServletResponse.SC_OK, sm);
+        } catch (IOException e) {
+            logger.warning(Logger.SECURITY_FAILURE, "Attempt to set response status failed", e);
+        }
+    }
+
+    /**
+     * returns a text message for the HTTP response code
+     */
+    private String getHTTPMessage(int sc) {
+        return "HTTP error code: " + sc;
+    }
+
+}

From 777d4e166813d180ce870bc717ca38853e6b8af9 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:49 -0500
Subject: [PATCH 132/812] Change CRLF to LF for issue 356.

---
 .../java/org/owasp/esapi/HTTPUtilities.java   | 1296 ++++++++---------
 1 file changed, 648 insertions(+), 648 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/HTTPUtilities.java b/src/main/java/org/owasp/esapi/HTTPUtilities.java
index 6402796c8..951dea23b 100644
--- a/src/main/java/org/owasp/esapi/HTTPUtilities.java
+++ b/src/main/java/org/owasp/esapi/HTTPUtilities.java
@@ -1,648 +1,648 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- *
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- *
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- *
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi;
-
-import org.owasp.esapi.errors.*;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-import java.io.File;
-import java.io.IOException;
-import java.util.List;
-import java.util.Map;
-
-
-/**
- * The HTTPUtilities interface is a collection of methods that provide additional security related to HTTP requests,
- * responses, sessions, cookies, headers, and logging.
- *
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- */
-public interface HTTPUtilities
-{
-
-    final static String REMEMBER_TOKEN_COOKIE_NAME = "rtoken";
-    final static int MAX_COOKIE_LEN = 4096;            // From RFC 2109
-	final static int MAX_COOKIE_PAIRS = 20;			// From RFC 2109
-	final static String CSRF_TOKEN_NAME = "ctoken";
-	final static String ESAPI_STATE = "estate";
-
-	final static int PARAMETER = 0;
-	final static int HEADER = 1;
-	final static int COOKIE = 2;
-
-
-	/**
-     * Calls addCookie with the *current* request.
-     *
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
-     */
-    void addCookie(Cookie cookie);
-
-	/**
-     * Add a cookie to the response after ensuring that there are no encoded or
-     * illegal characters in the name and name and value. This method also sets
-     * the secure and HttpOnly flags on the cookie.
-     *
-     * @param cookie
-     */
-    void addCookie(HttpServletResponse response, Cookie cookie);
-
-	/**
-     * Adds the current user's CSRF token (see User.getCSRFToken()) to the URL for purposes of preventing CSRF attacks.
-     * This method should be used on all URLs to be put into all links and forms the application generates.
-     *
-     * @param href the URL to which the CSRF token will be appended
-     * @return the updated URL with the CSRF token parameter added
-     */
-    String addCSRFToken(String href);
-
-    /**
-     * Calls addHeader with the *current* request.
-     *
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
-     */
-    void addHeader(String name, String value);
-
-    /**
-     * Add a header to the response after ensuring that there are no encoded or
-     * illegal characters in the name and name and value. This implementation
-     * follows the following recommendation: "A recipient MAY replace any linear
-     * white space with a single SP before interpreting the field value or
-     * forwarding the message downstream."
-     * http://www.w3.org/Protocols/rfc2616/rfc2616-sec2.html#sec2.2
-     *
-     * @param name
-     * @param value
-     */
-    void addHeader(HttpServletResponse response, String name, String value);
-
-	/**
-     * Calls assertSecureRequest with the *current* request.
-	 * @see {@link HTTPUtilities#assertSecureRequest(HttpServletRequest)}
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
-	 */
-	void assertSecureRequest() throws AccessControlException;
-
-	/**
-     * Calls assertSecureChannel with the *current* request.
-	 * @see {@link HTTPUtilities#assertSecureChannel(HttpServletRequest)}
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
-	 */
-	void assertSecureChannel() throws AccessControlException;
-
-	/**
-	 * Ensures that the request uses both SSL and POST to protect any sensitive parameters
-	 * in the querystring from being sniffed, logged, bookmarked, included in referer header, etc...
-	 * This method should be called for any request that contains sensitive data from a web form.
-     *
-     * @param request
-     * @throws AccessControlException if security constraints are not met
-	 */
-    void assertSecureRequest(HttpServletRequest request) throws AccessControlException;
-
-	/**
-	 * Ensures the use of SSL to protect any sensitive parameters in the request and
-	 * any sensitive data in the response. This method should be called for any request
-	 * that contains sensitive data from a web form or will result in sensitive data in the
-	 * response page.
-     *
-     * @param request
-     * @throws AccessControlException if security constraints are not met
-	 */
-    void assertSecureChannel(HttpServletRequest request) throws AccessControlException;
-
-	/**
-     * Calls changeSessionIdentifier with the *current* request.
-     *
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
-     */
-	HttpSession changeSessionIdentifier() throws AuthenticationException;
-
-	/**
-     * Invalidate the existing session after copying all of its contents to a newly created session with a new session id.
-     * Note that this is different from logging out and creating a new session identifier that does not contain the
-     * existing session contents. Care should be taken to use this only when the existing session does not contain
-     * hazardous contents.
-     *
-     * @param request
-     * @return the new HttpSession with a changed id
-     * @throws AuthenticationException the exception
-     */
-    HttpSession changeSessionIdentifier(HttpServletRequest request) throws AuthenticationException;
-
-    /**
-	 * Clears the current HttpRequest and HttpResponse associated with the current thread.
-     *
-	 * @see ESAPI#clearCurrent()
-	 */
-    void clearCurrent();
-
-    /**
-	 * Decrypts an encrypted hidden field value and returns the cleartext. If the field does not decrypt properly,
-	 * an IntrusionException is thrown to indicate tampering.
-     *
-	 * @param encrypted hidden field value to decrypt
-	 * @return decrypted hidden field value stored as a String
-	 */
-	String decryptHiddenField(String encrypted);
-
-    /**
-	 * Takes an encrypted querystring and returns a Map containing the original parameters.
-     *
-	 * @param encrypted the encrypted querystring to decrypt
-	 * @return a Map object containing the decrypted querystring
-	 * @throws EncryptionException
-	 */
-    Map<String, String> decryptQueryString(String encrypted) throws EncryptionException;
-
-    /**
-     * Calls decryptStateFromCookie with the *current* request.
-     *
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
-     */
-    Map<String, String> decryptStateFromCookie() throws EncryptionException;
-
-    /**
-     * Retrieves a map of data from a cookie encrypted with encryptStateInCookie().
-     *
-     * @param request
-     * @return a map containing the decrypted cookie state value
-	 * @throws EncryptionException
-     */
-    Map<String, String> decryptStateFromCookie(HttpServletRequest request) throws EncryptionException;
-
-    /**
-     * Encrypts a hidden field value for use in HTML.
-     *
-     * @param value the cleartext value of the hidden field
-     * @return the encrypted value of the hidden field
-     * @throws EncryptionException
-     */
-	String encryptHiddenField(String value) throws EncryptionException;
-
-	/**
-	 * Takes a querystring (everything after the question mark in the URL) and returns an encrypted string containing the parameters.
-     *
-	 * @param query the querystring to encrypt
-	 * @return encrypted querystring stored as a String
-	 * @throws EncryptionException
-	 */
-	String encryptQueryString(String query) throws EncryptionException;
-
-	/**
-	 * Calls encryptStateInCookie with the *current* response.
-     *
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
-	 */
-    void encryptStateInCookie(Map<String, String> cleartext) throws EncryptionException;
-
-    /**
-     * Stores a Map of data in an encrypted cookie. Generally the session is a better
-     * place to store state information, as it does not expose it to the user at all.
-     * If there is a requirement not to use sessions, or the data should be stored
-     * across sessions (for a long time), the use of encrypted cookies is an effective
-     * way to prevent the exposure.
-     *
-     * @param response
-     * @param cleartext
-     * @throws EncryptionException
-     */
-    void encryptStateInCookie(HttpServletResponse response, Map<String, String> cleartext) throws EncryptionException;
-
-    /**
-	 * Calls getCookie with the *current* response.
-     *
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
-	 */
-	String getCookie(String name) throws ValidationException;
-
-	/**
-     * A safer replacement for getCookies() in HttpServletRequest that returns the canonicalized
-     * value of the named cookie after "global" validation against the
-     * general type defined in ESAPI.properties. This should not be considered a replacement for
-     * more specific validation.
-     *
-     * @param request
-     * @param name
-     * @return the requested cookie value
-     */
-	String getCookie(HttpServletRequest request, String name) throws ValidationException;
-
-    /**
-     * Returns the current user's CSRF token. If there is no current user then return null.
-     *
-     * @return the current users CSRF token
-     */
-    String getCSRFToken();
-
-	/**
-     * Retrieves the current HttpServletRequest
-     *
-     * @return the current request
-     */
-    HttpServletRequest getCurrentRequest();
-
-	/**
-     * Retrieves the current HttpServletResponse
-     *
-     * @return the current response
-     */
-    HttpServletResponse getCurrentResponse();
-
-	/**
-	 * Calls getFileUploads with the *current* request, default upload directory, and default allowed file extensions
-     *
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
-	 */
-	List getFileUploads() throws ValidationException;
-
-    /**
-	 * Call getFileUploads with the specified request, default upload directory, and default allowed file extensions
-	 */
-	List getFileUploads(HttpServletRequest request) throws ValidationException;
-
-    /**
-	 * Call getFileUploads with the specified request, specified upload directory, and default allowed file extensions
-	 */
-    List getFileUploads(HttpServletRequest request, File finalDir) throws ValidationException;
-
-
-    /**
-     * Extract uploaded files from a multipart HTTP requests. Implementations must check the content to ensure that it
-     * is safe before making a permanent copy on the local filesystem. Checks should include length and content checks,
-     * possibly virus checking, and path and name checks. Refer to the file checking methods in Validator for more
-     * information.
-     * <p/>
-	 * This method uses {@link HTTPUtilities#getCurrentRequest()} to obtain the {@link HttpServletRequest} object
-     *
-     * @param request
-     * @return List of new File objects from upload
-     * @throws ValidationException if the file fails validation
-     */
-    List getFileUploads(HttpServletRequest request, File destinationDir, List allowedExtensions) throws ValidationException;
-
-
-	/**
-	 * Calls getHeader with the *current* request.
-     *
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
-	 */
-	String getHeader(String name) throws ValidationException;
-
-    /**
-     * A safer replacement for getHeader() in HttpServletRequest that returns the canonicalized
-     * value of the named header after "global" validation against the
-     * general type defined in ESAPI.properties. This should not be considered a replacement for
-     * more specific validation.
-     *
-     * @param request
-     * @param name
-     * @return the requested header value
-     */
-	String getHeader(HttpServletRequest request, String name) throws ValidationException;
-
-	/**
-	 * Calls getParameter with the *current* request.
-     *
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
-	 */
-	String getParameter(String name) throws ValidationException;
-
-    /**
-     * A safer replacement for getParameter() in HttpServletRequest that returns the canonicalized
-     * value of the named parameter after "global" validation against the
-     * general type defined in ESAPI.properties. This should not be considered a replacement for
-     * more specific validation.
-     *
-     * @param request
-     * @param name
-     * @return the requested parameter value
-     */
-    String getParameter(HttpServletRequest request, String name) throws ValidationException;
-
-	/**
-	 * Calls killAllCookies with the *current* request and response.
-     *
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
-	 */
-	void killAllCookies();
-
-    /**
-     * Kill all cookies received in the last request from the browser. Note that new cookies set by the application in
-     * this response may not be killed by this method.
-     *
-     * @param request
-     * @param response
-     */
-    void killAllCookies(HttpServletRequest request, HttpServletResponse response);
-
-	/**
-	 * Calls killCookie with the *current* request and response.
-     *
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
-	 */
-	void killCookie(String name);
-
-    /**
-     * Kills the specified cookie by setting a new cookie that expires immediately. Note that this
-     * method does not delete new cookies that are being set by the application for this response.
-     *
-     * @param request
-     * @param name
-     * @param response
-     */
-    void killCookie(HttpServletRequest request, HttpServletResponse response, String name);
-
-	/**
-	 * Calls logHTTPRequest with the *current* request and logger.
-     *
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
-	 */
-	void logHTTPRequest();
-
-    /**
-     * Format the Source IP address, URL, URL parameters, and all form
-     * parameters into a string suitable for the log file. Be careful not
-     * to log sensitive information, and consider masking with the
-     * logHTTPRequest( List parameterNamesToObfuscate ) method.
-     *
-     * @param request
-     * @param logger the logger to write the request to
-     */
-    void logHTTPRequest(HttpServletRequest request, Logger logger);
-
-    /**
-     * Format the Source IP address, URL, URL parameters, and all form
-     * parameters into a string suitable for the log file. The list of parameters to
-     * obfuscate should be specified in order to prevent sensitive information
-     * from being logged. If a null list is provided, then all parameters will
-     * be logged. If HTTP request logging is done in a central place, the
-     * parameterNamesToObfuscate could be made a configuration parameter. We
-     * include it here in case different parts of the application need to obfuscate
-     * different parameters.
-     *
-     * @param request
-     * @param logger the logger to write the request to
-     * @param parameterNamesToObfuscate the sensitive parameters
-     */
-    void logHTTPRequest(HttpServletRequest request, Logger logger, List parameterNamesToObfuscate);
-
-	/**
-	 * Calls sendForward with the *current* request and response.
-     *
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
-	 */
-    void sendForward(String location) throws AccessControlException, ServletException, IOException;
-
-    /**
-     * This method performs a forward to any resource located inside the WEB-INF directory. Forwarding to
-     * publicly accessible resources can be dangerous, as the request will have already passed the URL
-     * based access control check. This method ensures that you can only forward to non-publicly
-     * accessible resources.
-     *
-     * @param request
-     * @param response
-     * @param location the URL to forward to, including parameters
-     * @throws AccessControlException
-     * @throws ServletException
-     * @throws IOException
-     */
-    void sendForward(HttpServletRequest request, HttpServletResponse response, String location) throws AccessControlException, ServletException, IOException;
-
-
-	/**
-	 * Calls sendRedirect with the *current* response.
-     *
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
-	 */
-    void sendRedirect(String location) throws AccessControlException, IOException;
-
-
-    /**
-     * This method performs a forward to any resource located inside the WEB-INF directory. Forwarding to
-     * publicly accessible resources can be dangerous, as the request will have already passed the URL
-     * based access control check. This method ensures that you can only forward to non-publicly
-     * accessible resources.
-     *
-     * @param response
-     * @param location the URL to forward to, including parameters
-     * @throws AccessControlException
-     * @throws IOException
-     */
-    void sendRedirect(HttpServletResponse response, String location) throws AccessControlException, IOException;
-
-	/**
-	 * Calls setContentType with the *current* request and response.
-     *
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
-	 */
-    void setContentType();
-
-     /**
-	 * Set the content type character encoding header on every HttpServletResponse in order to limit
-	 * the ways in which the input data can be represented. This prevents
-	 * malicious users from using encoding and multi-byte escape sequences to
-	 * bypass input validation routines.
-     * <p/>
-	 * Implementations of this method should set the content type header to a safe value for your environment.
-     * The default is text/html; charset=UTF-8 character encoding, which is the default in early
-	 * versions of HTML and HTTP. See RFC 2047 (http://ds.internic.net/rfc/rfc2045.txt) for more
-	 * information about character encoding and MIME.
-     * <p/>
-	 * The DefaultHTTPUtilities reference implementation sets the content type as specified.
-     *
-     * @param response The servlet response to set the content type for.
-     */
-    void setContentType(HttpServletResponse response);
-
-    /**
-     * Stores the current HttpRequest and HttpResponse so that they may be readily accessed throughout
-     * ESAPI (and elsewhere)
-     *
-     * @param request  the current request
-     * @param response the current response
-     */
-    void setCurrentHTTP(HttpServletRequest request, HttpServletResponse response);
-
-
-	/**
-	 * Calls setHeader with the *current* response.
-     *
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
-	 */
-    void setHeader(String name, String value);
-
-    /**
-     * Add a header to the response after ensuring that there are no encoded or
-     * illegal characters in the name and value. "A recipient MAY replace any
-     * linear white space with a single SP before interpreting the field value
-     * or forwarding the message downstream."
-     * http://www.w3.org/Protocols/rfc2616/rfc2616-sec2.html#sec2.2
-     *
-     * @param name
-     * @param value
-     */
-    void setHeader(HttpServletResponse response, String name, String value);
-
-
-	/**
-	 * Calls setNoCacheHeaders with the *current* response.
-     *
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
-	 */
-    void setNoCacheHeaders();
-
-
-    /**
-     * Set headers to protect sensitive information against being cached in the browser. Developers should make this
-     * call for any HTTP responses that contain any sensitive data that should not be cached within the browser or any
-     * intermediate proxies or caches. Implementations should set headers for the expected browsers. The safest approach
-     * is to set all relevant headers to their most restrictive setting. These include:
-     * <p/>
-     * <PRE>
-     * Cache-Control: no-store<BR>
-     * Cache-Control: no-cache<BR>
-     * Cache-Control: must-revalidate<BR>
-     * Expires: -1<BR>
-     * </PRE>
-     * <p/>
-     * Note that the header "pragma: no-cache" is intended only for use in HTTP requests, not HTTP responses. However, Microsoft has chosen to
-     * directly violate the standards, so we need to include that header here. For more information, please refer to the relevant standards:
-     * <UL>
-     * <LI><a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9.1">HTTP/1.1 Cache-Control "no-cache"</a>
-     * <LI><a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9.2">HTTP/1.1 Cache-Control "no-store"</a>
-     * <LI><a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.32">HTTP/1.0 Pragma "no-cache"</a>
-     * <LI><a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.21">HTTP/1.0 Expires</a>
-     * <LI><a href="http://support.microsoft.com/kb/937479">IE6 Caching Issues</a>
-     * <LI><a href="http://support.microsoft.com/kb/234067">Microsoft directly violates specification for pragma: no-cache</a>
-     * <LI><a href="https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Mozilla_networking_preferences#Cache">Firefox browser.cache.disk_cache_ssl</a>
-     * <LI><a href="https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Mozilla_networking_preferences">Mozilla</a>
-     * </UL>
-     *
-     * @param response
-     */
-    void setNoCacheHeaders(HttpServletResponse response);
-
-	/**
-	 * Calls setNoCacheHeaders with the *current* response.
-     *
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
-	 */
-    String setRememberToken(String password, int maxAge, String domain, String path);
-
-
-    /**
-	 * Set a cookie containing the current User's remember me token for automatic authentication. The use of remember me tokens
-	 * is generally not recommended, but this method will help do it as safely as possible. The user interface should strongly warn
-     * the user that this should only be enabled on computers where no other users will have access.
-     * <p/>
-     * Implementations should save the user's remember me data in an encrypted cookie and send it to the user.
-     * Any old remember me cookie should be destroyed first. Setting this cookie should keep the user
-	 * logged in until the maxAge passes, the password is changed, or the cookie is deleted.
-	 * If the cookie exists for the current user, it should automatically be used by ESAPI to
-     * log the user in, if the data is valid and not expired.
-     * <p/>
-	 * The ESAPI reference implementation, DefaultHTTPUtilities.setRememberToken() implements all these suggestions.
-     * <p/>
-     * The username can be retrieved with: User username = ESAPI.authenticator().getCurrentUser();
-     *
-     * @param request
-     * @param password the user's password
-     * @param response
-     * @param maxAge the length of time that the token should be valid for in relative seconds
-	 * @param domain the domain to restrict the token to or null
-	 * @param path the path to restrict the token to or null
-	 * @return encrypted "Remember Me" token stored as a String
-	 */
-    String setRememberToken(HttpServletRequest request, HttpServletResponse response, String password, int maxAge, String domain, String path);
-
-
-	/**
-	 * Calls verifyCSRFToken with the *current* request.
-     *
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
-	 */
-    void verifyCSRFToken();
-
-    /**
-     * Checks the CSRF token in the URL (see User.getCSRFToken()) against the user's CSRF token and
-	 * throws an IntrusionException if it is missing.
-     *
-     * @param request
-     * @throws IntrusionException if CSRF token is missing or incorrect
-	 */
-    void verifyCSRFToken(HttpServletRequest request) throws IntrusionException;
-
-   /**
-    * Gets a typed attribute from the session associated with the calling thread. If the
-    * object referenced by the passed in key is not of the implied type, a ClassCastException
-    * will be thrown to the calling code.
-    *
-    * @param    key
-    *           The key that references the session attribute
-    * @param    <T>
-    *           The implied type of object expected.
-    * @return
-    *           The requested object.
-    * @see      #getSessionAttribute(javax.servlet.http.HttpSession, String)
-    */
-    <T> T getSessionAttribute( String key );
-
-    /**
-     * Gets a typed attribute from the passed in session. This method has the same
-     * responsibility as {link #getSessionAttribute(String} however only it references
-     * the passed in session and thus performs slightly better since it does not need
-     * to return to the Thread to get the {@link HttpSession} associated with the current
-     * thread.
-     *
-     * @param session
-     *          The session to retrieve the attribute from
-     * @param key
-     *          The key that references the requested object
-     * @param <T>
-     *          The implied type of object expected
-     * @return  The requested object
-     */
-    <T> T getSessionAttribute( HttpSession session, String key );
-
-    /**
-     * Gets a typed attribute from the {@link HttpServletRequest} associated
-     * with the caller thread. If the attribute on the request is not of the implied
-     * type, a ClassCastException will be thrown back to the caller.
-     *
-     * @param key The key that references the request attribute.
-     * @param <T> The implied type of the object expected
-     * @return The requested object
-     */
-    <T> T getRequestAttribute( String key );
-
-    /**
-     * Gets a typed attribute from the {@link HttpServletRequest} associated
-     * with the passed in request. If the attribute on the request is not of the implied
-     * type, a ClassCastException will be thrown back to the caller.
-     *
-     * @param request The request to retrieve the attribute from
-     * @param key The key that references the request attribute.
-     * @param <T> The implied type of the object expected
-     * @return The requested object
-     */
-    <T> T getRequestAttribute( HttpServletRequest request, String key );
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi;
+
+import org.owasp.esapi.errors.*;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+import java.io.File;
+import java.io.IOException;
+import java.util.List;
+import java.util.Map;
+
+
+/**
+ * The HTTPUtilities interface is a collection of methods that provide additional security related to HTTP requests,
+ * responses, sessions, cookies, headers, and logging.
+ *
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ */
+public interface HTTPUtilities
+{
+
+    final static String REMEMBER_TOKEN_COOKIE_NAME = "rtoken";
+    final static int MAX_COOKIE_LEN = 4096;            // From RFC 2109
+	final static int MAX_COOKIE_PAIRS = 20;			// From RFC 2109
+	final static String CSRF_TOKEN_NAME = "ctoken";
+	final static String ESAPI_STATE = "estate";
+
+	final static int PARAMETER = 0;
+	final static int HEADER = 1;
+	final static int COOKIE = 2;
+
+
+	/**
+     * Calls addCookie with the *current* request.
+     *
+	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
+     */
+    void addCookie(Cookie cookie);
+
+	/**
+     * Add a cookie to the response after ensuring that there are no encoded or
+     * illegal characters in the name and name and value. This method also sets
+     * the secure and HttpOnly flags on the cookie.
+     *
+     * @param cookie
+     */
+    void addCookie(HttpServletResponse response, Cookie cookie);
+
+	/**
+     * Adds the current user's CSRF token (see User.getCSRFToken()) to the URL for purposes of preventing CSRF attacks.
+     * This method should be used on all URLs to be put into all links and forms the application generates.
+     *
+     * @param href the URL to which the CSRF token will be appended
+     * @return the updated URL with the CSRF token parameter added
+     */
+    String addCSRFToken(String href);
+
+    /**
+     * Calls addHeader with the *current* request.
+     *
+	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
+     */
+    void addHeader(String name, String value);
+
+    /**
+     * Add a header to the response after ensuring that there are no encoded or
+     * illegal characters in the name and name and value. This implementation
+     * follows the following recommendation: "A recipient MAY replace any linear
+     * white space with a single SP before interpreting the field value or
+     * forwarding the message downstream."
+     * http://www.w3.org/Protocols/rfc2616/rfc2616-sec2.html#sec2.2
+     *
+     * @param name
+     * @param value
+     */
+    void addHeader(HttpServletResponse response, String name, String value);
+
+	/**
+     * Calls assertSecureRequest with the *current* request.
+	 * @see {@link HTTPUtilities#assertSecureRequest(HttpServletRequest)}
+	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
+	 */
+	void assertSecureRequest() throws AccessControlException;
+
+	/**
+     * Calls assertSecureChannel with the *current* request.
+	 * @see {@link HTTPUtilities#assertSecureChannel(HttpServletRequest)}
+	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
+	 */
+	void assertSecureChannel() throws AccessControlException;
+
+	/**
+	 * Ensures that the request uses both SSL and POST to protect any sensitive parameters
+	 * in the querystring from being sniffed, logged, bookmarked, included in referer header, etc...
+	 * This method should be called for any request that contains sensitive data from a web form.
+     *
+     * @param request
+     * @throws AccessControlException if security constraints are not met
+	 */
+    void assertSecureRequest(HttpServletRequest request) throws AccessControlException;
+
+	/**
+	 * Ensures the use of SSL to protect any sensitive parameters in the request and
+	 * any sensitive data in the response. This method should be called for any request
+	 * that contains sensitive data from a web form or will result in sensitive data in the
+	 * response page.
+     *
+     * @param request
+     * @throws AccessControlException if security constraints are not met
+	 */
+    void assertSecureChannel(HttpServletRequest request) throws AccessControlException;
+
+	/**
+     * Calls changeSessionIdentifier with the *current* request.
+     *
+	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
+     */
+	HttpSession changeSessionIdentifier() throws AuthenticationException;
+
+	/**
+     * Invalidate the existing session after copying all of its contents to a newly created session with a new session id.
+     * Note that this is different from logging out and creating a new session identifier that does not contain the
+     * existing session contents. Care should be taken to use this only when the existing session does not contain
+     * hazardous contents.
+     *
+     * @param request
+     * @return the new HttpSession with a changed id
+     * @throws AuthenticationException the exception
+     */
+    HttpSession changeSessionIdentifier(HttpServletRequest request) throws AuthenticationException;
+
+    /**
+	 * Clears the current HttpRequest and HttpResponse associated with the current thread.
+     *
+	 * @see ESAPI#clearCurrent()
+	 */
+    void clearCurrent();
+
+    /**
+	 * Decrypts an encrypted hidden field value and returns the cleartext. If the field does not decrypt properly,
+	 * an IntrusionException is thrown to indicate tampering.
+     *
+	 * @param encrypted hidden field value to decrypt
+	 * @return decrypted hidden field value stored as a String
+	 */
+	String decryptHiddenField(String encrypted);
+
+    /**
+	 * Takes an encrypted querystring and returns a Map containing the original parameters.
+     *
+	 * @param encrypted the encrypted querystring to decrypt
+	 * @return a Map object containing the decrypted querystring
+	 * @throws EncryptionException
+	 */
+    Map<String, String> decryptQueryString(String encrypted) throws EncryptionException;
+
+    /**
+     * Calls decryptStateFromCookie with the *current* request.
+     *
+	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
+     */
+    Map<String, String> decryptStateFromCookie() throws EncryptionException;
+
+    /**
+     * Retrieves a map of data from a cookie encrypted with encryptStateInCookie().
+     *
+     * @param request
+     * @return a map containing the decrypted cookie state value
+	 * @throws EncryptionException
+     */
+    Map<String, String> decryptStateFromCookie(HttpServletRequest request) throws EncryptionException;
+
+    /**
+     * Encrypts a hidden field value for use in HTML.
+     *
+     * @param value the cleartext value of the hidden field
+     * @return the encrypted value of the hidden field
+     * @throws EncryptionException
+     */
+	String encryptHiddenField(String value) throws EncryptionException;
+
+	/**
+	 * Takes a querystring (everything after the question mark in the URL) and returns an encrypted string containing the parameters.
+     *
+	 * @param query the querystring to encrypt
+	 * @return encrypted querystring stored as a String
+	 * @throws EncryptionException
+	 */
+	String encryptQueryString(String query) throws EncryptionException;
+
+	/**
+	 * Calls encryptStateInCookie with the *current* response.
+     *
+	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
+	 */
+    void encryptStateInCookie(Map<String, String> cleartext) throws EncryptionException;
+
+    /**
+     * Stores a Map of data in an encrypted cookie. Generally the session is a better
+     * place to store state information, as it does not expose it to the user at all.
+     * If there is a requirement not to use sessions, or the data should be stored
+     * across sessions (for a long time), the use of encrypted cookies is an effective
+     * way to prevent the exposure.
+     *
+     * @param response
+     * @param cleartext
+     * @throws EncryptionException
+     */
+    void encryptStateInCookie(HttpServletResponse response, Map<String, String> cleartext) throws EncryptionException;
+
+    /**
+	 * Calls getCookie with the *current* response.
+     *
+	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
+	 */
+	String getCookie(String name) throws ValidationException;
+
+	/**
+     * A safer replacement for getCookies() in HttpServletRequest that returns the canonicalized
+     * value of the named cookie after "global" validation against the
+     * general type defined in ESAPI.properties. This should not be considered a replacement for
+     * more specific validation.
+     *
+     * @param request
+     * @param name
+     * @return the requested cookie value
+     */
+	String getCookie(HttpServletRequest request, String name) throws ValidationException;
+
+    /**
+     * Returns the current user's CSRF token. If there is no current user then return null.
+     *
+     * @return the current users CSRF token
+     */
+    String getCSRFToken();
+
+	/**
+     * Retrieves the current HttpServletRequest
+     *
+     * @return the current request
+     */
+    HttpServletRequest getCurrentRequest();
+
+	/**
+     * Retrieves the current HttpServletResponse
+     *
+     * @return the current response
+     */
+    HttpServletResponse getCurrentResponse();
+
+	/**
+	 * Calls getFileUploads with the *current* request, default upload directory, and default allowed file extensions
+     *
+	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
+	 */
+	List getFileUploads() throws ValidationException;
+
+    /**
+	 * Call getFileUploads with the specified request, default upload directory, and default allowed file extensions
+	 */
+	List getFileUploads(HttpServletRequest request) throws ValidationException;
+
+    /**
+	 * Call getFileUploads with the specified request, specified upload directory, and default allowed file extensions
+	 */
+    List getFileUploads(HttpServletRequest request, File finalDir) throws ValidationException;
+
+
+    /**
+     * Extract uploaded files from a multipart HTTP requests. Implementations must check the content to ensure that it
+     * is safe before making a permanent copy on the local filesystem. Checks should include length and content checks,
+     * possibly virus checking, and path and name checks. Refer to the file checking methods in Validator for more
+     * information.
+     * <p/>
+	 * This method uses {@link HTTPUtilities#getCurrentRequest()} to obtain the {@link HttpServletRequest} object
+     *
+     * @param request
+     * @return List of new File objects from upload
+     * @throws ValidationException if the file fails validation
+     */
+    List getFileUploads(HttpServletRequest request, File destinationDir, List allowedExtensions) throws ValidationException;
+
+
+	/**
+	 * Calls getHeader with the *current* request.
+     *
+	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
+	 */
+	String getHeader(String name) throws ValidationException;
+
+    /**
+     * A safer replacement for getHeader() in HttpServletRequest that returns the canonicalized
+     * value of the named header after "global" validation against the
+     * general type defined in ESAPI.properties. This should not be considered a replacement for
+     * more specific validation.
+     *
+     * @param request
+     * @param name
+     * @return the requested header value
+     */
+	String getHeader(HttpServletRequest request, String name) throws ValidationException;
+
+	/**
+	 * Calls getParameter with the *current* request.
+     *
+	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
+	 */
+	String getParameter(String name) throws ValidationException;
+
+    /**
+     * A safer replacement for getParameter() in HttpServletRequest that returns the canonicalized
+     * value of the named parameter after "global" validation against the
+     * general type defined in ESAPI.properties. This should not be considered a replacement for
+     * more specific validation.
+     *
+     * @param request
+     * @param name
+     * @return the requested parameter value
+     */
+    String getParameter(HttpServletRequest request, String name) throws ValidationException;
+
+	/**
+	 * Calls killAllCookies with the *current* request and response.
+     *
+	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
+	 */
+	void killAllCookies();
+
+    /**
+     * Kill all cookies received in the last request from the browser. Note that new cookies set by the application in
+     * this response may not be killed by this method.
+     *
+     * @param request
+     * @param response
+     */
+    void killAllCookies(HttpServletRequest request, HttpServletResponse response);
+
+	/**
+	 * Calls killCookie with the *current* request and response.
+     *
+	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
+	 */
+	void killCookie(String name);
+
+    /**
+     * Kills the specified cookie by setting a new cookie that expires immediately. Note that this
+     * method does not delete new cookies that are being set by the application for this response.
+     *
+     * @param request
+     * @param name
+     * @param response
+     */
+    void killCookie(HttpServletRequest request, HttpServletResponse response, String name);
+
+	/**
+	 * Calls logHTTPRequest with the *current* request and logger.
+     *
+	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
+	 */
+	void logHTTPRequest();
+
+    /**
+     * Format the Source IP address, URL, URL parameters, and all form
+     * parameters into a string suitable for the log file. Be careful not
+     * to log sensitive information, and consider masking with the
+     * logHTTPRequest( List parameterNamesToObfuscate ) method.
+     *
+     * @param request
+     * @param logger the logger to write the request to
+     */
+    void logHTTPRequest(HttpServletRequest request, Logger logger);
+
+    /**
+     * Format the Source IP address, URL, URL parameters, and all form
+     * parameters into a string suitable for the log file. The list of parameters to
+     * obfuscate should be specified in order to prevent sensitive information
+     * from being logged. If a null list is provided, then all parameters will
+     * be logged. If HTTP request logging is done in a central place, the
+     * parameterNamesToObfuscate could be made a configuration parameter. We
+     * include it here in case different parts of the application need to obfuscate
+     * different parameters.
+     *
+     * @param request
+     * @param logger the logger to write the request to
+     * @param parameterNamesToObfuscate the sensitive parameters
+     */
+    void logHTTPRequest(HttpServletRequest request, Logger logger, List parameterNamesToObfuscate);
+
+	/**
+	 * Calls sendForward with the *current* request and response.
+     *
+	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
+	 */
+    void sendForward(String location) throws AccessControlException, ServletException, IOException;
+
+    /**
+     * This method performs a forward to any resource located inside the WEB-INF directory. Forwarding to
+     * publicly accessible resources can be dangerous, as the request will have already passed the URL
+     * based access control check. This method ensures that you can only forward to non-publicly
+     * accessible resources.
+     *
+     * @param request
+     * @param response
+     * @param location the URL to forward to, including parameters
+     * @throws AccessControlException
+     * @throws ServletException
+     * @throws IOException
+     */
+    void sendForward(HttpServletRequest request, HttpServletResponse response, String location) throws AccessControlException, ServletException, IOException;
+
+
+	/**
+	 * Calls sendRedirect with the *current* response.
+     *
+	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
+	 */
+    void sendRedirect(String location) throws AccessControlException, IOException;
+
+
+    /**
+     * This method performs a forward to any resource located inside the WEB-INF directory. Forwarding to
+     * publicly accessible resources can be dangerous, as the request will have already passed the URL
+     * based access control check. This method ensures that you can only forward to non-publicly
+     * accessible resources.
+     *
+     * @param response
+     * @param location the URL to forward to, including parameters
+     * @throws AccessControlException
+     * @throws IOException
+     */
+    void sendRedirect(HttpServletResponse response, String location) throws AccessControlException, IOException;
+
+	/**
+	 * Calls setContentType with the *current* request and response.
+     *
+	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
+	 */
+    void setContentType();
+
+     /**
+	 * Set the content type character encoding header on every HttpServletResponse in order to limit
+	 * the ways in which the input data can be represented. This prevents
+	 * malicious users from using encoding and multi-byte escape sequences to
+	 * bypass input validation routines.
+     * <p/>
+	 * Implementations of this method should set the content type header to a safe value for your environment.
+     * The default is text/html; charset=UTF-8 character encoding, which is the default in early
+	 * versions of HTML and HTTP. See RFC 2047 (http://ds.internic.net/rfc/rfc2045.txt) for more
+	 * information about character encoding and MIME.
+     * <p/>
+	 * The DefaultHTTPUtilities reference implementation sets the content type as specified.
+     *
+     * @param response The servlet response to set the content type for.
+     */
+    void setContentType(HttpServletResponse response);
+
+    /**
+     * Stores the current HttpRequest and HttpResponse so that they may be readily accessed throughout
+     * ESAPI (and elsewhere)
+     *
+     * @param request  the current request
+     * @param response the current response
+     */
+    void setCurrentHTTP(HttpServletRequest request, HttpServletResponse response);
+
+
+	/**
+	 * Calls setHeader with the *current* response.
+     *
+	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
+	 */
+    void setHeader(String name, String value);
+
+    /**
+     * Add a header to the response after ensuring that there are no encoded or
+     * illegal characters in the name and value. "A recipient MAY replace any
+     * linear white space with a single SP before interpreting the field value
+     * or forwarding the message downstream."
+     * http://www.w3.org/Protocols/rfc2616/rfc2616-sec2.html#sec2.2
+     *
+     * @param name
+     * @param value
+     */
+    void setHeader(HttpServletResponse response, String name, String value);
+
+
+	/**
+	 * Calls setNoCacheHeaders with the *current* response.
+     *
+	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
+	 */
+    void setNoCacheHeaders();
+
+
+    /**
+     * Set headers to protect sensitive information against being cached in the browser. Developers should make this
+     * call for any HTTP responses that contain any sensitive data that should not be cached within the browser or any
+     * intermediate proxies or caches. Implementations should set headers for the expected browsers. The safest approach
+     * is to set all relevant headers to their most restrictive setting. These include:
+     * <p/>
+     * <PRE>
+     * Cache-Control: no-store<BR>
+     * Cache-Control: no-cache<BR>
+     * Cache-Control: must-revalidate<BR>
+     * Expires: -1<BR>
+     * </PRE>
+     * <p/>
+     * Note that the header "pragma: no-cache" is intended only for use in HTTP requests, not HTTP responses. However, Microsoft has chosen to
+     * directly violate the standards, so we need to include that header here. For more information, please refer to the relevant standards:
+     * <UL>
+     * <LI><a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9.1">HTTP/1.1 Cache-Control "no-cache"</a>
+     * <LI><a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9.2">HTTP/1.1 Cache-Control "no-store"</a>
+     * <LI><a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.32">HTTP/1.0 Pragma "no-cache"</a>
+     * <LI><a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.21">HTTP/1.0 Expires</a>
+     * <LI><a href="http://support.microsoft.com/kb/937479">IE6 Caching Issues</a>
+     * <LI><a href="http://support.microsoft.com/kb/234067">Microsoft directly violates specification for pragma: no-cache</a>
+     * <LI><a href="https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Mozilla_networking_preferences#Cache">Firefox browser.cache.disk_cache_ssl</a>
+     * <LI><a href="https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Mozilla_networking_preferences">Mozilla</a>
+     * </UL>
+     *
+     * @param response
+     */
+    void setNoCacheHeaders(HttpServletResponse response);
+
+	/**
+	 * Calls setNoCacheHeaders with the *current* response.
+     *
+	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
+	 */
+    String setRememberToken(String password, int maxAge, String domain, String path);
+
+
+    /**
+	 * Set a cookie containing the current User's remember me token for automatic authentication. The use of remember me tokens
+	 * is generally not recommended, but this method will help do it as safely as possible. The user interface should strongly warn
+     * the user that this should only be enabled on computers where no other users will have access.
+     * <p/>
+     * Implementations should save the user's remember me data in an encrypted cookie and send it to the user.
+     * Any old remember me cookie should be destroyed first. Setting this cookie should keep the user
+	 * logged in until the maxAge passes, the password is changed, or the cookie is deleted.
+	 * If the cookie exists for the current user, it should automatically be used by ESAPI to
+     * log the user in, if the data is valid and not expired.
+     * <p/>
+	 * The ESAPI reference implementation, DefaultHTTPUtilities.setRememberToken() implements all these suggestions.
+     * <p/>
+     * The username can be retrieved with: User username = ESAPI.authenticator().getCurrentUser();
+     *
+     * @param request
+     * @param password the user's password
+     * @param response
+     * @param maxAge the length of time that the token should be valid for in relative seconds
+	 * @param domain the domain to restrict the token to or null
+	 * @param path the path to restrict the token to or null
+	 * @return encrypted "Remember Me" token stored as a String
+	 */
+    String setRememberToken(HttpServletRequest request, HttpServletResponse response, String password, int maxAge, String domain, String path);
+
+
+	/**
+	 * Calls verifyCSRFToken with the *current* request.
+     *
+	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
+	 */
+    void verifyCSRFToken();
+
+    /**
+     * Checks the CSRF token in the URL (see User.getCSRFToken()) against the user's CSRF token and
+	 * throws an IntrusionException if it is missing.
+     *
+     * @param request
+     * @throws IntrusionException if CSRF token is missing or incorrect
+	 */
+    void verifyCSRFToken(HttpServletRequest request) throws IntrusionException;
+
+   /**
+    * Gets a typed attribute from the session associated with the calling thread. If the
+    * object referenced by the passed in key is not of the implied type, a ClassCastException
+    * will be thrown to the calling code.
+    *
+    * @param    key
+    *           The key that references the session attribute
+    * @param    <T>
+    *           The implied type of object expected.
+    * @return
+    *           The requested object.
+    * @see      #getSessionAttribute(javax.servlet.http.HttpSession, String)
+    */
+    <T> T getSessionAttribute( String key );
+
+    /**
+     * Gets a typed attribute from the passed in session. This method has the same
+     * responsibility as {link #getSessionAttribute(String} however only it references
+     * the passed in session and thus performs slightly better since it does not need
+     * to return to the Thread to get the {@link HttpSession} associated with the current
+     * thread.
+     *
+     * @param session
+     *          The session to retrieve the attribute from
+     * @param key
+     *          The key that references the requested object
+     * @param <T>
+     *          The implied type of object expected
+     * @return  The requested object
+     */
+    <T> T getSessionAttribute( HttpSession session, String key );
+
+    /**
+     * Gets a typed attribute from the {@link HttpServletRequest} associated
+     * with the caller thread. If the attribute on the request is not of the implied
+     * type, a ClassCastException will be thrown back to the caller.
+     *
+     * @param key The key that references the request attribute.
+     * @param <T> The implied type of the object expected
+     * @return The requested object
+     */
+    <T> T getRequestAttribute( String key );
+
+    /**
+     * Gets a typed attribute from the {@link HttpServletRequest} associated
+     * with the passed in request. If the attribute on the request is not of the implied
+     * type, a ClassCastException will be thrown back to the caller.
+     *
+     * @param request The request to retrieve the attribute from
+     * @param key The key that references the request attribute.
+     * @param <T> The implied type of the object expected
+     * @return The requested object
+     */
+    <T> T getRequestAttribute( HttpServletRequest request, String key );
+}

From 15ea65cbff8450cac4aa0d259dd9dcbb268a78cc Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:49 -0500
Subject: [PATCH 133/812] Change CRLF to LF for issue 356.

---
 .../org/owasp/esapi/IntrusionDetector.java    | 126 +++++++++---------
 1 file changed, 63 insertions(+), 63 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/IntrusionDetector.java b/src/main/java/org/owasp/esapi/IntrusionDetector.java
index 57ea32b8e..6a14ec3c3 100644
--- a/src/main/java/org/owasp/esapi/IntrusionDetector.java
+++ b/src/main/java/org/owasp/esapi/IntrusionDetector.java
@@ -1,63 +1,63 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi;
-
-import org.owasp.esapi.errors.IntrusionException;
-
-
-/**
- * The IntrusionDetector interface is intended to track security relevant events and identify attack behavior. The
- * implementation can use as much state as necessary to detect attacks, but note that storing too much state will burden
- * your system.
- * <P>
- * The interface is currently designed to accept exceptions as well as custom events. Implementations can use this
- * stream of information to detect both normal and abnormal behavior.
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- */
-public interface IntrusionDetector {
-
-    /**
-     * Adds the exception to the IntrusionDetector.  This method should immediately log the exception so that developers throwing an 
-     * IntrusionException do not have to remember to log every error.  The implementation should store the exception somewhere for the current user
-     * in order to check if the User has reached the threshold for any Enterprise Security Exceptions.  The User object is the recommended location for storing
-     * the current user's security exceptions.  If the User has reached any security thresholds, the appropriate security action can be taken and logged.
-     * 
-     * @param exception 
-     * 		the exception thrown
-     * 
-     * @throws IntrusionException 
-     * 		the intrusion exception
-     */
-    void addException(Exception exception) throws IntrusionException;
-
-    /**
-     * Adds the event to the IntrusionDetector.  This method should immediately log the event.  The implementation should store the event somewhere for the current user
-     * in order to check if the User has reached the threshold for any Enterprise Security Exceptions.  The User object is the recommended location for storing
-     * the current user's security event.  If the User has reached any security thresholds, the appropriate security action can be taken and logged.
-     * 
-     * @param eventName 
-     * 		the event to add
-     * @param logMessage 
-     * 		the message to log with the event
-     * 
-     * @throws IntrusionException 
-     * 		the intrusion exception
-     */
-    void addEvent(String eventName, String logMessage) throws IntrusionException;
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi;
+
+import org.owasp.esapi.errors.IntrusionException;
+
+
+/**
+ * The IntrusionDetector interface is intended to track security relevant events and identify attack behavior. The
+ * implementation can use as much state as necessary to detect attacks, but note that storing too much state will burden
+ * your system.
+ * <P>
+ * The interface is currently designed to accept exceptions as well as custom events. Implementations can use this
+ * stream of information to detect both normal and abnormal behavior.
+ * 
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ */
+public interface IntrusionDetector {
+
+    /**
+     * Adds the exception to the IntrusionDetector.  This method should immediately log the exception so that developers throwing an 
+     * IntrusionException do not have to remember to log every error.  The implementation should store the exception somewhere for the current user
+     * in order to check if the User has reached the threshold for any Enterprise Security Exceptions.  The User object is the recommended location for storing
+     * the current user's security exceptions.  If the User has reached any security thresholds, the appropriate security action can be taken and logged.
+     * 
+     * @param exception 
+     * 		the exception thrown
+     * 
+     * @throws IntrusionException 
+     * 		the intrusion exception
+     */
+    void addException(Exception exception) throws IntrusionException;
+
+    /**
+     * Adds the event to the IntrusionDetector.  This method should immediately log the event.  The implementation should store the event somewhere for the current user
+     * in order to check if the User has reached the threshold for any Enterprise Security Exceptions.  The User object is the recommended location for storing
+     * the current user's security event.  If the User has reached any security thresholds, the appropriate security action can be taken and logged.
+     * 
+     * @param eventName 
+     * 		the event to add
+     * @param logMessage 
+     * 		the message to log with the event
+     * 
+     * @throws IntrusionException 
+     * 		the intrusion exception
+     */
+    void addEvent(String eventName, String logMessage) throws IntrusionException;
+
+}

From c2282adcb3c6e6886286ab3d57712f64f4d95448 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:49 -0500
Subject: [PATCH 134/812] Change CRLF to LF for issue 356.

---
 src/main/java/org/owasp/esapi/Logger.java | 846 +++++++++++-----------
 1 file changed, 423 insertions(+), 423 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/Logger.java b/src/main/java/org/owasp/esapi/Logger.java
index 0bd951763..2910d4392 100644
--- a/src/main/java/org/owasp/esapi/Logger.java
+++ b/src/main/java/org/owasp/esapi/Logger.java
@@ -1,423 +1,423 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi;
-
-
-/**
- * The Logger interface defines a set of methods that can be used to log
- * security events. It supports a hierarchy of logging levels which can be configured at runtime to determine
- * the severity of events that are logged, and those below the current threshold that are discarded.
- * Implementors should use a well established logging library
- * as it is quite difficult to create a high-performance logger.
- * <P>
- * The logging levels defined by this interface (in descending order) are:
- * <ul>
- * <li>fatal (highest value)</li>
- * <li>error</li>
- * <li>warning</li>
- * <li>info</li>
- * <li>debug</li>
- * <li>trace (lowest value)</li>
- * </ul>
- * There are also several variations of {@code always()} methods that will <i>always</i>
- * log a message regardless of the log level.
- * <p>
- * ESAPI also allows for the definition of the type of log event that is being generated.
- * The Logger interface predefines 6 types of Log events:
- * <ul>
- * <li>SECURITY_SUCCESS</li>
- * <li>SECURITY_FAILURE</li>
- * <li>SECURITY_AUDIT</li>
- * <li>EVENT_SUCCESS</li>
- * <li>EVENT_FAILURE</li>
- * <li>EVENT_UNSPECIFIED</li>
- * </ul>
- * <p>
- * Your implementation can extend or change this list if desired. 
- * <p>
- * This Logger allows callers to determine which logging levels are enabled, and to submit events 
- * at different severity levels.<br>
- * <br>Implementors of this interface should:
- * 
- * <ol>
- * <li>provide a mechanism for setting the logging level threshold that is currently enabled. This usually works by logging all 
- * events at and above that severity level, and discarding all events below that level.
- * This is usually done via configuration, but can also be made accessible programmatically.</li>
- * <li>ensure that dangerous HTML characters are encoded before they are logged to defend against malicious injection into logs 
- * that might be viewed in an HTML based log viewer.</li>
- * <li>encode any CRLF characters included in log data in order to prevent log injection attacks.</li>
- * <li>avoid logging the user's session ID. Rather, they should log something equivalent like a 
- * generated logging session ID, or a hashed value of the session ID so they can track session specific 
- * events without risking the exposure of a live session's ID.</li> 
- * <li>record the following information with each event:</li>
- *   <ol type="a">
- *   <li>identity of the user that caused the event,</li>
- *   <li>a description of the event (supplied by the caller),</li>
- *   <li>whether the event succeeded or failed (indicated by the caller),</li>
- *   <li>severity level of the event (indicated by the caller),</li>
- *   <li>that this is a security relevant event (indicated by the caller),</li>
- *   <li>hostname or IP where the event occurred (and ideally the user's source IP as well),</li>
- *   <li>a time stamp</li>
- *   </ol>
- * </ol>
- *  
- * Custom logger implementations might also:
- * <ol start="6">
- * <li>filter out any sensitive data specific to the current application or organization, such as credit cards, 
- * social security numbers, etc.</li>
- * </ol>
- * 
- * There are both Log4j and native Java Logging default implementations. JavaLogger uses the java.util.logging package as the basis for its logging 
- * implementation. Both default implementations implements requirements #1 thru #5 above.<br>
- * <br>
- * Customization: It is expected that most organizations will implement their own custom Logger class in 
- * order to integrate ESAPI logging with their logging infrastructure. The ESAPI Reference Implementation 
- * is intended to provide a simple functional example of an implementation.
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- * href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- */
-public interface Logger {
-
-	/**
-     * A security type of log event that has succeeded. This is one of 6 predefined
-     * ESAPI logging events. New events can be added.
-     */
-	public static final EventType SECURITY_SUCCESS = new EventType( "SECURITY SUCCESS", true);
-
-	/**
-     * A security type of log event that has failed. This is one of 6 predefined
-     * ESAPI logging events. New events can be added.
-     */
-	public static final EventType SECURITY_FAILURE = new EventType( "SECURITY FAILURE", false);
-
-	/**
-	 * A security type of log event that is associated with an audit trail of some type,
-	 * but the log event is not specifically something that has either succeeded or failed
-	 * or that is irrelevant in the case of this logged message.
-	 */
-	// CHECKME: Should the Boolean for this be 'null' or 'true'? See EVENT_UNSPECIFIED.
-	public static final EventType SECURITY_AUDIT = new EventType( "SECURITY AUDIT", null);
-
-	/**
-     * A non-security type of log event that has succeeded. This is one of 6 predefined
-     * ESAPI logging events. New events can be added.
-     */
-	public static final EventType EVENT_SUCCESS = new EventType( "EVENT SUCCESS", true);
-	
-	/**
-     * A non-security type of log event that has failed. This is one of 6 predefined
-     * ESAPI logging events. New events can be added.
-     */
-	public static final EventType EVENT_FAILURE = new EventType( "EVENT FAILURE", false);
-
-	/**
-     * A non-security type of log event that is unspecified. This is one of 6 predefined
-     * ESAPI logging events. New events can be added.
-     */
-	public static final EventType EVENT_UNSPECIFIED = new EventType( "EVENT UNSPECIFIED", null);
-
-	/**
-	 * Defines the type of log event that is being generated. The Logger interface defines 6 types of Log events:
-	 * SECURITY_SUCCESS, SECURITY_FAILURE, EVENT_SUCCESS, EVENT_FAILURE, EVENT_UNSPECIFIED.
-     * Your implementation can extend or change this list if desired. 
-	 */
-	public class EventType {
-		
-		private String type;
-		private Boolean success = null;
-		
-		public EventType (String name, Boolean newSuccess) {
-			this.type = name;
-			this.success = newSuccess;
-		}
-		
-		public Boolean isSuccess() {
-			return success;
-		}
-		
-        /**
-         * Convert the {@code EventType} to a string.
-         * @return The event type name.
-         */
-		@Override
-        public String toString() {
-			return this.type;
-		}
-	}
-	
-	/*
-     * The Logger interface defines 6 logging levels: FATAL, ERROR, WARNING, INFO, DEBUG, TRACE. It also 
-     * supports ALL, which logs all events, and OFF, which disables all logging.
-     * Your implementation can extend or change this list if desired. 
-     */
-	
-	/** OFF indicates that no messages should be logged. This level is initialized to Integer.MAX_VALUE. */
-	public static final int OFF = Integer.MAX_VALUE;
-
-	/** FATAL indicates that only FATAL messages should be logged. This level is initialized to 1000. */
-	public static final int FATAL = 1000;
-
-	/** ERROR indicates that ERROR messages and above should be logged. 
-	 * This level is initialized to 800. */
-    public static final int ERROR = 800;
-
-    /** WARNING indicates that WARNING messages and above should be logged. 
-     * This level is initialized to 600. */
-    public static final int WARNING = 600;
-
-    /** INFO indicates that INFO messages and above should be logged. 
-     * This level is initialized to 400. */
-    public static final int INFO = 400;
-
-    /** DEBUG indicates that DEBUG messages and above should be logged. 
-     * This level is initialized to 200. */
-    public static final int DEBUG = 200;
-
-    /** TRACE indicates that TRACE messages and above should be logged. 
-     * This level is initialized to 100. */
-    public static final int TRACE = 100;
-
-    /** ALL indicates that all messages should be logged. This level is initialized to Integer.MIN_VALUE. */
-    public static final int ALL = Integer.MIN_VALUE;
-    
-
-    /**
-     * Dynamically set the ESAPI logging severity level. All events of this level and higher will be logged from 
-     * this point forward for all logs. All events below this level will be discarded.
-     * 
-     * @param level The level to set the logging level to. 
-     */
-    void setLevel(int level);
-    
-    /** Retrieve the current ESAPI logging level for this logger. See
-     * {@link org.owasp.esapi.reference.Log4JLogger} for an explanation of
-     * why this method is not simply called {@code getLevel()}.
-     * 
-     * @return The current logging level.
-     */
-    int getESAPILevel();
-    
-	/**
-     * Log a fatal event if 'fatal' level logging is enabled.
-     * 
-     * @param type 
-     * 		the type of event
-     * @param message 
-     * 		the message to log
-     */
-	void fatal(EventType type, String message);
-	
-	/**
-     * Log a fatal level security event if 'fatal' level logging is enabled 
-     * and also record the stack trace associated with the event.
-     * 
-     * @param type 
-     * 		the type of event
-     * @param message 
-     * 		the message to log
-     * @param throwable 
-     * 		the exception to be logged
-     */
-	void fatal(EventType type, String message, Throwable throwable);
-
-	/**
-	 * Allows the caller to determine if messages logged at this level
-	 * will be discarded, to avoid performing expensive processing.
-	 * 
-	 * @return true if fatal level messages will be output to the log
-	 */
-	boolean isFatalEnabled();
-
-	/**
-     * Log an error level security event if 'error' level logging is enabled.
-     * 
-     * @param type 
-     * 		the type of event 
-     * @param message 
-     * 		the message to log
-     */
-	void error(EventType type, String message);
-	
-	/**
-     * Log an error level security event if 'error' level logging is enabled 
-     * and also record the stack trace associated with the event.
-     * 
-     * @param type 
-     * 		the type of event
-     * @param message 
-     * 		the message to log
-     * @param throwable 
-     * 		the exception to be logged
-     */
-	void error(EventType type, String message, Throwable throwable);
-
-	/**
-	 * Allows the caller to determine if messages logged at this level
-	 * will be discarded, to avoid performing expensive processing.
-	 * 
-	 * @return true if error level messages will be output to the log
-	 */
-	boolean isErrorEnabled();
-
-	/**
-     * Log a warning level security event if 'warning' level logging is enabled.
-     * 
-     * @param type 
-     * 		the type of event 
-     * @param message 
-     * 		the message to log
-     */
-	void warning(EventType type, String message);
-	
-	/**
-     * Log a warning level security event if 'warning' level logging is enabled 
-     * and also record the stack trace associated with the event.
-     * 
-     * @param type 
-     * 		the type of event 
-     * @param message 
-     * 		the message to log
-     * @param throwable 
-     * 		the exception to be logged
-     */
-	void warning(EventType type, String message, Throwable throwable);
-
-	/**
-	 * Allows the caller to determine if messages logged at this level
-	 * will be discarded, to avoid performing expensive processing.
-	 * 
-	 * @return true if warning level messages will be output to the log
-	 */
-	boolean isWarningEnabled();
-
-	/**
-     * Log an info level security event if 'info' level logging is enabled.
-     * 
-     * @param type 
-     * 		the type of event 
-     * @param message 
-     * 		the message to log
-     */
-	void info(EventType type, String message);
-	
-	/**
-     * Log an info level security event if 'info' level logging is enabled 
-     * and also record the stack trace associated with the event.
-     * 
-     * @param type 
-     * 		the type of event
-     * @param message 
-     * 		the message to log
-     * @param throwable 
-     * 		the exception to be logged
-     */
-	void info(EventType type, String message, Throwable throwable);
-
-	/**
-	 * Allows the caller to determine if messages logged at this level
-	 * will be discarded, to avoid performing expensive processing.
-	 * 
-	 * @return true if info level messages will be output to the log
-	 */
-	boolean isInfoEnabled();
-
-	/**
-     * Log a debug level security event if 'debug' level logging is enabled.
-     * 
-     * @param type 
-     * 		the type of event
-     * @param message 
-     * 		the message to log
-     */
-	void debug(EventType type, String message);
-	
-	/**
-     * Log a debug level security event if 'debug' level logging is enabled 
-     * and also record the stack trace associated with the event.
-     * 
-     * @param type 
-     * 		the type of event
-     * @param message 
-     * 		the message to log
-     * @param throwable 
-     * 		the exception to be logged
-     */
-	void debug(EventType type, String message, Throwable throwable);
-
-	/**
-	 * Allows the caller to determine if messages logged at this level
-	 * will be discarded, to avoid performing expensive processing.
-	 * 
-	 * @return true if debug level messages will be output to the log
-	 */
-	boolean isDebugEnabled();
-
-	/**
-     * Log a trace level security event if 'trace' level logging is enabled.
-     * 
-     * @param type 
-     * 		the type of event
-     * @param message 
-     * 		the message to log
-     */
-	void trace(EventType type, String message);
-	
-	/**
-     * Log a trace level security event if 'trace' level logging is enabled 
-     * and also record the stack trace associated with the event.
-     * 
-     * @param type 
-     * 		the type of event 
-     * @param message 
-     * 		the message to log
-     * @param throwable 
-     * 		the exception to be logged
-     */
-	void trace(EventType type, String message, Throwable throwable);
-
-	/**
-	 * Allows the caller to determine if messages logged at this level
-	 * will be discarded, to avoid performing expensive processing.
-	 * 
-	 * @return true if trace level messages will be output to the log
-	 */
-	boolean isTraceEnabled();
-
-	/**
-     * Log an event regardless of what logging level is enabled.
-     * 
-     * @param type 
-     * 		the type of event
-     * @param message 
-     * 		the message to log
-     */
-	void always(EventType type, String message);
-	
-	/**
-     * Log an event regardless of what logging level is enabled
-     * and also record the stack trace associated with the event.
-     * 
-     * @param type 
-     * 		the type of event 
-     * @param message 
-     * 		the message to log
-     * @param throwable 
-     * 		the exception to be logged
-     */
-	void always(EventType type, String message, Throwable throwable);
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi;
+
+
+/**
+ * The Logger interface defines a set of methods that can be used to log
+ * security events. It supports a hierarchy of logging levels which can be configured at runtime to determine
+ * the severity of events that are logged, and those below the current threshold that are discarded.
+ * Implementors should use a well established logging library
+ * as it is quite difficult to create a high-performance logger.
+ * <P>
+ * The logging levels defined by this interface (in descending order) are:
+ * <ul>
+ * <li>fatal (highest value)</li>
+ * <li>error</li>
+ * <li>warning</li>
+ * <li>info</li>
+ * <li>debug</li>
+ * <li>trace (lowest value)</li>
+ * </ul>
+ * There are also several variations of {@code always()} methods that will <i>always</i>
+ * log a message regardless of the log level.
+ * <p>
+ * ESAPI also allows for the definition of the type of log event that is being generated.
+ * The Logger interface predefines 6 types of Log events:
+ * <ul>
+ * <li>SECURITY_SUCCESS</li>
+ * <li>SECURITY_FAILURE</li>
+ * <li>SECURITY_AUDIT</li>
+ * <li>EVENT_SUCCESS</li>
+ * <li>EVENT_FAILURE</li>
+ * <li>EVENT_UNSPECIFIED</li>
+ * </ul>
+ * <p>
+ * Your implementation can extend or change this list if desired. 
+ * <p>
+ * This Logger allows callers to determine which logging levels are enabled, and to submit events 
+ * at different severity levels.<br>
+ * <br>Implementors of this interface should:
+ * 
+ * <ol>
+ * <li>provide a mechanism for setting the logging level threshold that is currently enabled. This usually works by logging all 
+ * events at and above that severity level, and discarding all events below that level.
+ * This is usually done via configuration, but can also be made accessible programmatically.</li>
+ * <li>ensure that dangerous HTML characters are encoded before they are logged to defend against malicious injection into logs 
+ * that might be viewed in an HTML based log viewer.</li>
+ * <li>encode any CRLF characters included in log data in order to prevent log injection attacks.</li>
+ * <li>avoid logging the user's session ID. Rather, they should log something equivalent like a 
+ * generated logging session ID, or a hashed value of the session ID so they can track session specific 
+ * events without risking the exposure of a live session's ID.</li> 
+ * <li>record the following information with each event:</li>
+ *   <ol type="a">
+ *   <li>identity of the user that caused the event,</li>
+ *   <li>a description of the event (supplied by the caller),</li>
+ *   <li>whether the event succeeded or failed (indicated by the caller),</li>
+ *   <li>severity level of the event (indicated by the caller),</li>
+ *   <li>that this is a security relevant event (indicated by the caller),</li>
+ *   <li>hostname or IP where the event occurred (and ideally the user's source IP as well),</li>
+ *   <li>a time stamp</li>
+ *   </ol>
+ * </ol>
+ *  
+ * Custom logger implementations might also:
+ * <ol start="6">
+ * <li>filter out any sensitive data specific to the current application or organization, such as credit cards, 
+ * social security numbers, etc.</li>
+ * </ol>
+ * 
+ * There are both Log4j and native Java Logging default implementations. JavaLogger uses the java.util.logging package as the basis for its logging 
+ * implementation. Both default implementations implements requirements #1 thru #5 above.<br>
+ * <br>
+ * Customization: It is expected that most organizations will implement their own custom Logger class in 
+ * order to integrate ESAPI logging with their logging infrastructure. The ESAPI Reference Implementation 
+ * is intended to provide a simple functional example of an implementation.
+ * 
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ * href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ */
+public interface Logger {
+
+	/**
+     * A security type of log event that has succeeded. This is one of 6 predefined
+     * ESAPI logging events. New events can be added.
+     */
+	public static final EventType SECURITY_SUCCESS = new EventType( "SECURITY SUCCESS", true);
+
+	/**
+     * A security type of log event that has failed. This is one of 6 predefined
+     * ESAPI logging events. New events can be added.
+     */
+	public static final EventType SECURITY_FAILURE = new EventType( "SECURITY FAILURE", false);
+
+	/**
+	 * A security type of log event that is associated with an audit trail of some type,
+	 * but the log event is not specifically something that has either succeeded or failed
+	 * or that is irrelevant in the case of this logged message.
+	 */
+	// CHECKME: Should the Boolean for this be 'null' or 'true'? See EVENT_UNSPECIFIED.
+	public static final EventType SECURITY_AUDIT = new EventType( "SECURITY AUDIT", null);
+
+	/**
+     * A non-security type of log event that has succeeded. This is one of 6 predefined
+     * ESAPI logging events. New events can be added.
+     */
+	public static final EventType EVENT_SUCCESS = new EventType( "EVENT SUCCESS", true);
+	
+	/**
+     * A non-security type of log event that has failed. This is one of 6 predefined
+     * ESAPI logging events. New events can be added.
+     */
+	public static final EventType EVENT_FAILURE = new EventType( "EVENT FAILURE", false);
+
+	/**
+     * A non-security type of log event that is unspecified. This is one of 6 predefined
+     * ESAPI logging events. New events can be added.
+     */
+	public static final EventType EVENT_UNSPECIFIED = new EventType( "EVENT UNSPECIFIED", null);
+
+	/**
+	 * Defines the type of log event that is being generated. The Logger interface defines 6 types of Log events:
+	 * SECURITY_SUCCESS, SECURITY_FAILURE, EVENT_SUCCESS, EVENT_FAILURE, EVENT_UNSPECIFIED.
+     * Your implementation can extend or change this list if desired. 
+	 */
+	public class EventType {
+		
+		private String type;
+		private Boolean success = null;
+		
+		public EventType (String name, Boolean newSuccess) {
+			this.type = name;
+			this.success = newSuccess;
+		}
+		
+		public Boolean isSuccess() {
+			return success;
+		}
+		
+        /**
+         * Convert the {@code EventType} to a string.
+         * @return The event type name.
+         */
+		@Override
+        public String toString() {
+			return this.type;
+		}
+	}
+	
+	/*
+     * The Logger interface defines 6 logging levels: FATAL, ERROR, WARNING, INFO, DEBUG, TRACE. It also 
+     * supports ALL, which logs all events, and OFF, which disables all logging.
+     * Your implementation can extend or change this list if desired. 
+     */
+	
+	/** OFF indicates that no messages should be logged. This level is initialized to Integer.MAX_VALUE. */
+	public static final int OFF = Integer.MAX_VALUE;
+
+	/** FATAL indicates that only FATAL messages should be logged. This level is initialized to 1000. */
+	public static final int FATAL = 1000;
+
+	/** ERROR indicates that ERROR messages and above should be logged. 
+	 * This level is initialized to 800. */
+    public static final int ERROR = 800;
+
+    /** WARNING indicates that WARNING messages and above should be logged. 
+     * This level is initialized to 600. */
+    public static final int WARNING = 600;
+
+    /** INFO indicates that INFO messages and above should be logged. 
+     * This level is initialized to 400. */
+    public static final int INFO = 400;
+
+    /** DEBUG indicates that DEBUG messages and above should be logged. 
+     * This level is initialized to 200. */
+    public static final int DEBUG = 200;
+
+    /** TRACE indicates that TRACE messages and above should be logged. 
+     * This level is initialized to 100. */
+    public static final int TRACE = 100;
+
+    /** ALL indicates that all messages should be logged. This level is initialized to Integer.MIN_VALUE. */
+    public static final int ALL = Integer.MIN_VALUE;
+    
+
+    /**
+     * Dynamically set the ESAPI logging severity level. All events of this level and higher will be logged from 
+     * this point forward for all logs. All events below this level will be discarded.
+     * 
+     * @param level The level to set the logging level to. 
+     */
+    void setLevel(int level);
+    
+    /** Retrieve the current ESAPI logging level for this logger. See
+     * {@link org.owasp.esapi.reference.Log4JLogger} for an explanation of
+     * why this method is not simply called {@code getLevel()}.
+     * 
+     * @return The current logging level.
+     */
+    int getESAPILevel();
+    
+	/**
+     * Log a fatal event if 'fatal' level logging is enabled.
+     * 
+     * @param type 
+     * 		the type of event
+     * @param message 
+     * 		the message to log
+     */
+	void fatal(EventType type, String message);
+	
+	/**
+     * Log a fatal level security event if 'fatal' level logging is enabled 
+     * and also record the stack trace associated with the event.
+     * 
+     * @param type 
+     * 		the type of event
+     * @param message 
+     * 		the message to log
+     * @param throwable 
+     * 		the exception to be logged
+     */
+	void fatal(EventType type, String message, Throwable throwable);
+
+	/**
+	 * Allows the caller to determine if messages logged at this level
+	 * will be discarded, to avoid performing expensive processing.
+	 * 
+	 * @return true if fatal level messages will be output to the log
+	 */
+	boolean isFatalEnabled();
+
+	/**
+     * Log an error level security event if 'error' level logging is enabled.
+     * 
+     * @param type 
+     * 		the type of event 
+     * @param message 
+     * 		the message to log
+     */
+	void error(EventType type, String message);
+	
+	/**
+     * Log an error level security event if 'error' level logging is enabled 
+     * and also record the stack trace associated with the event.
+     * 
+     * @param type 
+     * 		the type of event
+     * @param message 
+     * 		the message to log
+     * @param throwable 
+     * 		the exception to be logged
+     */
+	void error(EventType type, String message, Throwable throwable);
+
+	/**
+	 * Allows the caller to determine if messages logged at this level
+	 * will be discarded, to avoid performing expensive processing.
+	 * 
+	 * @return true if error level messages will be output to the log
+	 */
+	boolean isErrorEnabled();
+
+	/**
+     * Log a warning level security event if 'warning' level logging is enabled.
+     * 
+     * @param type 
+     * 		the type of event 
+     * @param message 
+     * 		the message to log
+     */
+	void warning(EventType type, String message);
+	
+	/**
+     * Log a warning level security event if 'warning' level logging is enabled 
+     * and also record the stack trace associated with the event.
+     * 
+     * @param type 
+     * 		the type of event 
+     * @param message 
+     * 		the message to log
+     * @param throwable 
+     * 		the exception to be logged
+     */
+	void warning(EventType type, String message, Throwable throwable);
+
+	/**
+	 * Allows the caller to determine if messages logged at this level
+	 * will be discarded, to avoid performing expensive processing.
+	 * 
+	 * @return true if warning level messages will be output to the log
+	 */
+	boolean isWarningEnabled();
+
+	/**
+     * Log an info level security event if 'info' level logging is enabled.
+     * 
+     * @param type 
+     * 		the type of event 
+     * @param message 
+     * 		the message to log
+     */
+	void info(EventType type, String message);
+	
+	/**
+     * Log an info level security event if 'info' level logging is enabled 
+     * and also record the stack trace associated with the event.
+     * 
+     * @param type 
+     * 		the type of event
+     * @param message 
+     * 		the message to log
+     * @param throwable 
+     * 		the exception to be logged
+     */
+	void info(EventType type, String message, Throwable throwable);
+
+	/**
+	 * Allows the caller to determine if messages logged at this level
+	 * will be discarded, to avoid performing expensive processing.
+	 * 
+	 * @return true if info level messages will be output to the log
+	 */
+	boolean isInfoEnabled();
+
+	/**
+     * Log a debug level security event if 'debug' level logging is enabled.
+     * 
+     * @param type 
+     * 		the type of event
+     * @param message 
+     * 		the message to log
+     */
+	void debug(EventType type, String message);
+	
+	/**
+     * Log a debug level security event if 'debug' level logging is enabled 
+     * and also record the stack trace associated with the event.
+     * 
+     * @param type 
+     * 		the type of event
+     * @param message 
+     * 		the message to log
+     * @param throwable 
+     * 		the exception to be logged
+     */
+	void debug(EventType type, String message, Throwable throwable);
+
+	/**
+	 * Allows the caller to determine if messages logged at this level
+	 * will be discarded, to avoid performing expensive processing.
+	 * 
+	 * @return true if debug level messages will be output to the log
+	 */
+	boolean isDebugEnabled();
+
+	/**
+     * Log a trace level security event if 'trace' level logging is enabled.
+     * 
+     * @param type 
+     * 		the type of event
+     * @param message 
+     * 		the message to log
+     */
+	void trace(EventType type, String message);
+	
+	/**
+     * Log a trace level security event if 'trace' level logging is enabled 
+     * and also record the stack trace associated with the event.
+     * 
+     * @param type 
+     * 		the type of event 
+     * @param message 
+     * 		the message to log
+     * @param throwable 
+     * 		the exception to be logged
+     */
+	void trace(EventType type, String message, Throwable throwable);
+
+	/**
+	 * Allows the caller to determine if messages logged at this level
+	 * will be discarded, to avoid performing expensive processing.
+	 * 
+	 * @return true if trace level messages will be output to the log
+	 */
+	boolean isTraceEnabled();
+
+	/**
+     * Log an event regardless of what logging level is enabled.
+     * 
+     * @param type 
+     * 		the type of event
+     * @param message 
+     * 		the message to log
+     */
+	void always(EventType type, String message);
+	
+	/**
+     * Log an event regardless of what logging level is enabled
+     * and also record the stack trace associated with the event.
+     * 
+     * @param type 
+     * 		the type of event 
+     * @param message 
+     * 		the message to log
+     * @param throwable 
+     * 		the exception to be logged
+     */
+	void always(EventType type, String message, Throwable throwable);
+}

From b35399dcc965b8d59b9acc714f997f415b41fcaa Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:49 -0500
Subject: [PATCH 135/812] Change CRLF to LF for issue 356.

---
 .../java/org/owasp/esapi/PreparedString.java  | 278 +++++++++---------
 1 file changed, 139 insertions(+), 139 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/PreparedString.java b/src/main/java/org/owasp/esapi/PreparedString.java
index 4e300be3c..3dccff055 100644
--- a/src/main/java/org/owasp/esapi/PreparedString.java
+++ b/src/main/java/org/owasp/esapi/PreparedString.java
@@ -1,139 +1,139 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi;
-
-import java.util.ArrayList;
-import org.owasp.esapi.codecs.Codec;
-import org.owasp.esapi.codecs.HTMLEntityCodec;
-
-
-/**
- * A parameterized string that uses escaping to make untrusted data safe before combining it with
- * a command or query intended for use in an interpreter.
- * <pre> 
- * PreparedString div = new PreparedString( "&lt;a href=\"http:\\\\example.com?id=?\" onmouseover=\"alert('?')\"&gt;test&lt;/a&gt;", new HTMLEntityCodec() );
- * div.setURL( 1, request.getParameter( "url" ), new PercentCodec() );
- * div.set( 2, request.getParameter( "message" ), new JavaScriptCodec() );
- * out.println( div.toString() );
- * 
- * // escaping for SQL
- * PreparedString query = new PreparedString( "SELECT * FROM users WHERE name='?' AND password='?'", new OracleCodec() );
- * query.set( 1, request.getParameter( "name" ) );
- * query.set( 2, request.getParameter( "pass" ) );
- * stmt.execute( query.toString() );
- * </pre>
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- */
-public class PreparedString {
-	char parameterCharacter = '?';
-	Codec codec = null;
-	String[] parameters = null;
-	ArrayList parts = new ArrayList();
-	private final static char[] IMMUNE = {};
-
-	/**
-	 * Create a PreparedString with the supplied template and Codec. The template should use the 
-	 * default parameter placeholder character (?) in the place where actual parameters are to be inserted.
-	 * The supplied Codec will be used to escape characters in calls to set, unless a specific Codec is
-	 * provided to override it.
-	 * @param template
-	 * @param codec
-	 */
-	public PreparedString( String template, Codec codec ) {
-		this.codec = codec;
-		split( template, parameterCharacter );
-	}
-
-	/**
-	 * Create a PreparedString with the supplied template, parameter placeholder character, and Codec. The parameter character
-	 * can be any character, but should not be one that will be used in the template. The parameter character can safely
-	 * be used in a parameter passed into the set methods.
-	 * @param template
-	 * @param parameterCharacter
-	 * @param codec
-	 */
-	public PreparedString( String template, char parameterCharacter, Codec codec ) {
-		this.codec = codec;
-		this.parameterCharacter = parameterCharacter;
-		split( template, parameterCharacter );
-	}
-
-	/**
-	 * Split a string with a particular character.
-	 * @param str
-	 * @param c
-	 */
-	private void split( String str, char c ) {
-		int index = 0;
-		int pcount = 0;
-		for ( int i = 0; i < str.length(); i++ ) {
-			if ( str.charAt(i) == c ) {
-				pcount++;
-				parts.add( str.substring(index,i) );
-				index = i + 1;
-			}
-		}
-		parts.add( str.substring(index) );
-		parameters = new String[pcount];
-	}
-	
-	/**
-	 * Set the parameter at index with supplied value using the default Codec to escape. 
-	 * @param index
-	 * @param value
-	 */
-	public void set( int index, String value ) {
-		if ( index < 1 || index > parameters.length ) {
-			throw new IllegalArgumentException( "Attempt to set parameter " + index + " on a PreparedString with only " + parameters.length + " placeholders" );
-		}
-		String encoded = codec.encode( IMMUNE, value );
-		parameters[index-1] = encoded;
-	}
-	
-	/**
-	 * Set the parameter at index with supplied value using the supplied Codec to escape. 
-	 * @param index
-	 * @param value
-	 * @param codec
-	 */
-	public void set( int index, String value, Codec codec ) {
-		if ( index < 1 || index > parameters.length ) {
-			throw new IllegalArgumentException( "Attempt to set parameter " + index + " on a PreparedString with only " + parameters.length + " placeholders" );
-		}
-		String encoded = codec.encode( IMMUNE, value );
-		parameters[index-1] = encoded;
-	}
-	
-	/**
-	 * Render the PreparedString by combining the template with properly escaped parameters.
-	 */
-	public String toString() {
-		for ( int ix = 0; ix < parameters.length; ix++ ) {
-			if ( parameters[ix] == null ) {
-				throw new RuntimeException( "Attempt to render PreparedString without setting parameter " + ( ix + 1 ));
-			}
-		}
-		StringBuilder sb = new StringBuilder();
-		int i = 0;
-		for ( int p=0; p < parts.size(); p++ ) {
-			sb.append( parts.get( p ) );
-			if ( i < parameters.length ) sb.append( parameters[i++] );
-		}
-		return sb.toString();
-	}
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi;
+
+import java.util.ArrayList;
+import org.owasp.esapi.codecs.Codec;
+import org.owasp.esapi.codecs.HTMLEntityCodec;
+
+
+/**
+ * A parameterized string that uses escaping to make untrusted data safe before combining it with
+ * a command or query intended for use in an interpreter.
+ * <pre> 
+ * PreparedString div = new PreparedString( "&lt;a href=\"http:\\\\example.com?id=?\" onmouseover=\"alert('?')\"&gt;test&lt;/a&gt;", new HTMLEntityCodec() );
+ * div.setURL( 1, request.getParameter( "url" ), new PercentCodec() );
+ * div.set( 2, request.getParameter( "message" ), new JavaScriptCodec() );
+ * out.println( div.toString() );
+ * 
+ * // escaping for SQL
+ * PreparedString query = new PreparedString( "SELECT * FROM users WHERE name='?' AND password='?'", new OracleCodec() );
+ * query.set( 1, request.getParameter( "name" ) );
+ * query.set( 2, request.getParameter( "pass" ) );
+ * stmt.execute( query.toString() );
+ * </pre>
+ * 
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ */
+public class PreparedString {
+	char parameterCharacter = '?';
+	Codec codec = null;
+	String[] parameters = null;
+	ArrayList parts = new ArrayList();
+	private final static char[] IMMUNE = {};
+
+	/**
+	 * Create a PreparedString with the supplied template and Codec. The template should use the 
+	 * default parameter placeholder character (?) in the place where actual parameters are to be inserted.
+	 * The supplied Codec will be used to escape characters in calls to set, unless a specific Codec is
+	 * provided to override it.
+	 * @param template
+	 * @param codec
+	 */
+	public PreparedString( String template, Codec codec ) {
+		this.codec = codec;
+		split( template, parameterCharacter );
+	}
+
+	/**
+	 * Create a PreparedString with the supplied template, parameter placeholder character, and Codec. The parameter character
+	 * can be any character, but should not be one that will be used in the template. The parameter character can safely
+	 * be used in a parameter passed into the set methods.
+	 * @param template
+	 * @param parameterCharacter
+	 * @param codec
+	 */
+	public PreparedString( String template, char parameterCharacter, Codec codec ) {
+		this.codec = codec;
+		this.parameterCharacter = parameterCharacter;
+		split( template, parameterCharacter );
+	}
+
+	/**
+	 * Split a string with a particular character.
+	 * @param str
+	 * @param c
+	 */
+	private void split( String str, char c ) {
+		int index = 0;
+		int pcount = 0;
+		for ( int i = 0; i < str.length(); i++ ) {
+			if ( str.charAt(i) == c ) {
+				pcount++;
+				parts.add( str.substring(index,i) );
+				index = i + 1;
+			}
+		}
+		parts.add( str.substring(index) );
+		parameters = new String[pcount];
+	}
+	
+	/**
+	 * Set the parameter at index with supplied value using the default Codec to escape. 
+	 * @param index
+	 * @param value
+	 */
+	public void set( int index, String value ) {
+		if ( index < 1 || index > parameters.length ) {
+			throw new IllegalArgumentException( "Attempt to set parameter " + index + " on a PreparedString with only " + parameters.length + " placeholders" );
+		}
+		String encoded = codec.encode( IMMUNE, value );
+		parameters[index-1] = encoded;
+	}
+	
+	/**
+	 * Set the parameter at index with supplied value using the supplied Codec to escape. 
+	 * @param index
+	 * @param value
+	 * @param codec
+	 */
+	public void set( int index, String value, Codec codec ) {
+		if ( index < 1 || index > parameters.length ) {
+			throw new IllegalArgumentException( "Attempt to set parameter " + index + " on a PreparedString with only " + parameters.length + " placeholders" );
+		}
+		String encoded = codec.encode( IMMUNE, value );
+		parameters[index-1] = encoded;
+	}
+	
+	/**
+	 * Render the PreparedString by combining the template with properly escaped parameters.
+	 */
+	public String toString() {
+		for ( int ix = 0; ix < parameters.length; ix++ ) {
+			if ( parameters[ix] == null ) {
+				throw new RuntimeException( "Attempt to render PreparedString without setting parameter " + ( ix + 1 ));
+			}
+		}
+		StringBuilder sb = new StringBuilder();
+		int i = 0;
+		for ( int p=0; p < parts.size(); p++ ) {
+			sb.append( parts.get( p ) );
+			if ( i < parameters.length ) sb.append( parameters[i++] );
+		}
+		return sb.toString();
+	}
+}

From 1ee31d6e4621254c069c15c665d86ce426fc0f51 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:49 -0500
Subject: [PATCH 136/812] Change CRLF to LF for issue 356.

---
 src/main/java/org/owasp/esapi/Randomizer.java | 296 +++++++++---------
 1 file changed, 148 insertions(+), 148 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/Randomizer.java b/src/main/java/org/owasp/esapi/Randomizer.java
index 17532c359..82d083667 100644
--- a/src/main/java/org/owasp/esapi/Randomizer.java
+++ b/src/main/java/org/owasp/esapi/Randomizer.java
@@ -1,148 +1,148 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi;
-
-import org.owasp.esapi.errors.EncryptionException;
-
-
-/**
- * The Randomizer interface defines a set of methods for creating
- * cryptographically random numbers and strings. Implementers should be sure to
- * use a strong cryptographic implementation, such as the JCE or BouncyCastle.
- * Weak sources of randomness can undermine a wide variety of security
- * mechanisms. The specific algorithm used is configurable in ESAPI.properties.
- *
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- */
-public interface Randomizer {
-
-	/**
-	 * Gets a random string of a desired length and character set.  The use of java.security.SecureRandom
-	 * is recommended because it provides a cryptographically strong pseudo-random number generator. 
-	 * If SecureRandom is not used, the pseudo-random number gernerator used should comply with the 
-	 * statistical random number generator tests specified in <a href="http://csrc.nist.gov/cryptval/140-2.htm">
-	 * FIPS 140-2, Security Requirements for Cryptographic Modules</a>, section 4.9.1.
-	 * 
-	 * @param length 
-	 * 		the length of the string
-	 * @param characterSet 
-	 * 		the set of characters to include in the created random string
-	 * 
-	 * @return 
-	 * 		the random string of the desired length and character set
-	 */
-	String getRandomString(int length, char[] characterSet);
-
-	/**
-	 * Returns a random boolean.  The use of java.security.SecureRandom
-	 * is recommended because it provides a cryptographically strong pseudo-random number generator. 
-	 * If SecureRandom is not used, the pseudo-random number gernerator used should comply with the 
-	 * statistical random number generator tests specified in <a href="http://csrc.nist.gov/cryptval/140-2.htm">
-	 * FIPS 140-2, Security Requirements for Cryptographic Modules</a>, section 4.9.1.
-	 * 
-	 * @return 
-	 * 		true or false, randomly
-	 */
-	boolean getRandomBoolean();
-	
-	/**
-	 * Gets the random integer. The use of java.security.SecureRandom
-	 * is recommended because it provides a cryptographically strong pseudo-random number generator. 
-	 * If SecureRandom is not used, the pseudo-random number gernerator used should comply with the 
-	 * statistical random number generator tests specified in <a href="http://csrc.nist.gov/cryptval/140-2.htm">
-	 * FIPS 140-2, Security Requirements for Cryptographic Modules</a>, section 4.9.1.
-	 * 
-	 * @param min 
-	 * 		the minimum integer that will be returned
-	 * @param max 
-	 * 		the maximum integer that will be returned
-	 * 
-	 * @return 
-	 * 		the random integer
-	 */
-	int getRandomInteger(int min, int max);
-
-	
-	/**
-	 * Gets the random long. The use of java.security.SecureRandom
-	 * is recommended because it provides a cryptographically strong pseudo-random number generator. 
-	 * If SecureRandom is not used, the pseudo-random number gernerator used should comply with the 
-	 * statistical random number generator tests specified in <a href="http://csrc.nist.gov/cryptval/140-2.htm">
-	 * FIPS 140-2, Security Requirements for Cryptographic Modules</a>, section 4.9.1.
-	 * 
-	 * @return 
-	 * 		the random long
-	 */
-    public long getRandomLong();
-	
-	
-    /**
-     * Returns an unguessable random filename with the specified extension.  This method could call
-     * getRandomString(length, charset) from this Class with the desired length and alphanumerics as the charset 
-     * then merely append "." + extension.
-     * 
-     * @param extension 
-     * 		extension to add to the random filename
-     * 
-     * @return 
-     * 		a random unguessable filename ending with the specified extension
-     */
-    public String getRandomFilename( String extension );
-    
-    
-	/**
-	 * Gets the random real.  The use of java.security.SecureRandom
-	 * is recommended because it provides a cryptographically strong pseudo-random number generator. 
-	 * If SecureRandom is not used, the pseudo-random number gernerator used should comply with the 
-	 * statistical random number generator tests specified in <a href="http://csrc.nist.gov/cryptval/140-2.htm">
-	 * FIPS 140-2, Security Requirements for Cryptographic Modules</a>, section 4.9.1.
-	 * 
-	 * @param min 
-	 * 		the minimum real number that will be returned
-	 * @param max 
-	 * 		the maximum real number that will be returned
-	 * 
-	 * @return 
-	 * 		the random real
-	 */
-	float getRandomReal(float min, float max);
-
-    /**
-     * Generates a random GUID.  This method could use a hash of random Strings, the current time,
-     * and any other random data available.  The format is a well-defined sequence of 32 hex digits 
-     * grouped into chunks of 8-4-4-4-12.
-     * <p>
-     * For more information including algorithms used to create <tt>UUID</tt>s,
-     * see the Internet-Draft <a href="http://www.ietf.org/internet-drafts/draft-mealling-uuid-urn-03.txt">UUIDs and GUIDs</a>
-     * or the standards body definition at <a href="http://www.iso.ch/cate/d2229.html">ISO/IEC 11578:1996</a>.
-     * @return 
-     * 		the GUID
-     * 
-     * @throws 
-     * 		EncryptionException if hashing or encryption fails 
-     */
-    String getRandomGUID() throws EncryptionException;
-           
-    /**
-     * Generates a specified number of random bytes.
-     * @param n	The requested number of random bytes.
-     * @return The {@code n} random bytes are returned.
-     */
-    public byte[] getRandomBytes(int n);
-           
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi;
+
+import org.owasp.esapi.errors.EncryptionException;
+
+
+/**
+ * The Randomizer interface defines a set of methods for creating
+ * cryptographically random numbers and strings. Implementers should be sure to
+ * use a strong cryptographic implementation, such as the JCE or BouncyCastle.
+ * Weak sources of randomness can undermine a wide variety of security
+ * mechanisms. The specific algorithm used is configurable in ESAPI.properties.
+ *
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ */
+public interface Randomizer {
+
+	/**
+	 * Gets a random string of a desired length and character set.  The use of java.security.SecureRandom
+	 * is recommended because it provides a cryptographically strong pseudo-random number generator. 
+	 * If SecureRandom is not used, the pseudo-random number gernerator used should comply with the 
+	 * statistical random number generator tests specified in <a href="http://csrc.nist.gov/cryptval/140-2.htm">
+	 * FIPS 140-2, Security Requirements for Cryptographic Modules</a>, section 4.9.1.
+	 * 
+	 * @param length 
+	 * 		the length of the string
+	 * @param characterSet 
+	 * 		the set of characters to include in the created random string
+	 * 
+	 * @return 
+	 * 		the random string of the desired length and character set
+	 */
+	String getRandomString(int length, char[] characterSet);
+
+	/**
+	 * Returns a random boolean.  The use of java.security.SecureRandom
+	 * is recommended because it provides a cryptographically strong pseudo-random number generator. 
+	 * If SecureRandom is not used, the pseudo-random number gernerator used should comply with the 
+	 * statistical random number generator tests specified in <a href="http://csrc.nist.gov/cryptval/140-2.htm">
+	 * FIPS 140-2, Security Requirements for Cryptographic Modules</a>, section 4.9.1.
+	 * 
+	 * @return 
+	 * 		true or false, randomly
+	 */
+	boolean getRandomBoolean();
+	
+	/**
+	 * Gets the random integer. The use of java.security.SecureRandom
+	 * is recommended because it provides a cryptographically strong pseudo-random number generator. 
+	 * If SecureRandom is not used, the pseudo-random number gernerator used should comply with the 
+	 * statistical random number generator tests specified in <a href="http://csrc.nist.gov/cryptval/140-2.htm">
+	 * FIPS 140-2, Security Requirements for Cryptographic Modules</a>, section 4.9.1.
+	 * 
+	 * @param min 
+	 * 		the minimum integer that will be returned
+	 * @param max 
+	 * 		the maximum integer that will be returned
+	 * 
+	 * @return 
+	 * 		the random integer
+	 */
+	int getRandomInteger(int min, int max);
+
+	
+	/**
+	 * Gets the random long. The use of java.security.SecureRandom
+	 * is recommended because it provides a cryptographically strong pseudo-random number generator. 
+	 * If SecureRandom is not used, the pseudo-random number gernerator used should comply with the 
+	 * statistical random number generator tests specified in <a href="http://csrc.nist.gov/cryptval/140-2.htm">
+	 * FIPS 140-2, Security Requirements for Cryptographic Modules</a>, section 4.9.1.
+	 * 
+	 * @return 
+	 * 		the random long
+	 */
+    public long getRandomLong();
+	
+	
+    /**
+     * Returns an unguessable random filename with the specified extension.  This method could call
+     * getRandomString(length, charset) from this Class with the desired length and alphanumerics as the charset 
+     * then merely append "." + extension.
+     * 
+     * @param extension 
+     * 		extension to add to the random filename
+     * 
+     * @return 
+     * 		a random unguessable filename ending with the specified extension
+     */
+    public String getRandomFilename( String extension );
+    
+    
+	/**
+	 * Gets the random real.  The use of java.security.SecureRandom
+	 * is recommended because it provides a cryptographically strong pseudo-random number generator. 
+	 * If SecureRandom is not used, the pseudo-random number gernerator used should comply with the 
+	 * statistical random number generator tests specified in <a href="http://csrc.nist.gov/cryptval/140-2.htm">
+	 * FIPS 140-2, Security Requirements for Cryptographic Modules</a>, section 4.9.1.
+	 * 
+	 * @param min 
+	 * 		the minimum real number that will be returned
+	 * @param max 
+	 * 		the maximum real number that will be returned
+	 * 
+	 * @return 
+	 * 		the random real
+	 */
+	float getRandomReal(float min, float max);
+
+    /**
+     * Generates a random GUID.  This method could use a hash of random Strings, the current time,
+     * and any other random data available.  The format is a well-defined sequence of 32 hex digits 
+     * grouped into chunks of 8-4-4-4-12.
+     * <p>
+     * For more information including algorithms used to create <tt>UUID</tt>s,
+     * see the Internet-Draft <a href="http://www.ietf.org/internet-drafts/draft-mealling-uuid-urn-03.txt">UUIDs and GUIDs</a>
+     * or the standards body definition at <a href="http://www.iso.ch/cate/d2229.html">ISO/IEC 11578:1996</a>.
+     * @return 
+     * 		the GUID
+     * 
+     * @throws 
+     * 		EncryptionException if hashing or encryption fails 
+     */
+    String getRandomGUID() throws EncryptionException;
+           
+    /**
+     * Generates a specified number of random bytes.
+     * @param n	The requested number of random bytes.
+     * @return The {@code n} random bytes are returned.
+     */
+    public byte[] getRandomBytes(int n);
+           
+}

From 8a12576e03471e0aa9c28f30af41dedac4a1dc0a Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:49 -0500
Subject: [PATCH 137/812] Change CRLF to LF for issue 356.

---
 .../reference/AbstractAuthenticator.java      | 594 +++++++++---------
 1 file changed, 297 insertions(+), 297 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/AbstractAuthenticator.java b/src/main/java/org/owasp/esapi/reference/AbstractAuthenticator.java
index 4876da49d..780181971 100644
--- a/src/main/java/org/owasp/esapi/reference/AbstractAuthenticator.java
+++ b/src/main/java/org/owasp/esapi/reference/AbstractAuthenticator.java
@@ -1,297 +1,297 @@
-package org.owasp.esapi.reference;
-
-import java.util.Date;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.HTTPUtilities;
-import org.owasp.esapi.Logger;
-import org.owasp.esapi.User;
-import org.owasp.esapi.errors.AccessControlException;
-import org.owasp.esapi.errors.AuthenticationCredentialsException;
-import org.owasp.esapi.errors.AuthenticationException;
-import org.owasp.esapi.errors.AuthenticationLoginException;
-import org.owasp.esapi.errors.EnterpriseSecurityException;
-/**
- * A partial implementation of the Authenticator interface.
- * This class should not implement any methods that would be meant
- * to modify a User object, since that's probably implementation specific.
- *
- */
-public abstract class AbstractAuthenticator implements org.owasp.esapi.Authenticator {
-
-	/**
-     * Key for user in session
-     */
-    protected static final String USER = "ESAPIUserSessionKey";
-    
-    private final Logger logger = ESAPI.getLogger("Authenticator");
-    
-    /**
-     * The currentUser ThreadLocal variable is used to make the currentUser available to any call in any part of an
-     * application. Otherwise, each thread would have to pass the User object through the calltree to any methods that
-     * need it. Because we want exceptions and log calls to contain user data, that could be almost anywhere. Therefore,
-     * the ThreadLocal approach simplifies things greatly. <P> As a possible extension, one could create a delegation
-     * framework by adding another ThreadLocal to hold the delegating user identity.
-     */
-    private final ThreadLocalUser currentUser = new ThreadLocalUser();
-
-    private class ThreadLocalUser extends InheritableThreadLocal<User> {
-
-        public User initialValue() {
-            return User.ANONYMOUS;
-        }
-
-        public User getUser() {
-            return super.get();
-        }
-
-        public void setUser(User newUser) {
-            super.set(newUser);
-        }
-    }
-    
-	/**
-	 *
-	 */
-	public AbstractAuthenticator() {
-		super();
-	}
-	
-    /**
-     * {@inheritDoc}
-     */
-    public void clearCurrent() {
-        // logger.logWarning(Logger.SECURITY, "************Clearing threadlocals. Thread" + Thread.currentThread().getName() );
-        currentUser.setUser(null);
-    }
-    
-    /**
-     * {@inheritDoc}
-     */
-    public boolean exists(String accountName) {
-        return getUser(accountName) != null;
-    }
-    
-    /**
-     * {@inheritDoc}
-     * <p/>
-     * Returns the currently logged user as set by the setCurrentUser() methods. Must not log in this method because the
-     * logger calls getCurrentUser() and this could cause a loop.
-     */
-    public User getCurrentUser() {
-        User user = currentUser.get();
-        if (user == null) {
-            user = User.ANONYMOUS;
-        }
-        return user;
-    }
-    
-    /**
-     * Gets the user from session.
-     *
-     * @return the user from session or null if no user is found in the session
-     */
-    protected User getUserFromSession() {
-        HttpSession session = ESAPI.httpUtilities().getCurrentRequest().getSession(false);
-        if (session == null) return null;
-        return ESAPI.httpUtilities().getSessionAttribute(USER);
-    }
-    
-    /**
-     * Returns the user if a matching remember token is found, or null if the token
-     * is missing, token is corrupt, token is expired, account name does not match
-     * and existing account, or hashed password does not match user's hashed password.
-     *
-     * @return the user if a matching remember token is found, or null if the token
-     *         is missing, token is corrupt, token is expired, account name does not match
-     *         and existing account, or hashed password does not match user's hashed password.
-     */
-    protected DefaultUser getUserFromRememberToken() {
-        try {
-            String token = ESAPI.httpUtilities().getCookie(ESAPI.currentRequest(), HTTPUtilities.REMEMBER_TOKEN_COOKIE_NAME);
-            if (token == null) return null;
-            
-            // See Google Issue 144 regarding first URLDecode the token and THEN unsealing.
-            // Note that this Google Issue was marked as "WontFix".
-
-            String[] data = ESAPI.encryptor().unseal(token).split("\\|");
-            if (data.length != 2) {
-                logger.warning(Logger.SECURITY_FAILURE, "Found corrupt or expired remember token");
-                ESAPI.httpUtilities().killCookie(ESAPI.currentRequest(), ESAPI.currentResponse(), HTTPUtilities.REMEMBER_TOKEN_COOKIE_NAME);
-                return null;
-            }
-
-            String username = data[0];
-            String password = data[1];
-            DefaultUser user = (DefaultUser) getUser(username);
-            if (user == null) {
-                logger.warning(Logger.SECURITY_FAILURE, "Found valid remember token but no user matching " + username);
-                return null;
-            }
-
-            logger.info(Logger.SECURITY_SUCCESS, "Logging in user with remember token: " + user.getAccountName());
-            user.loginWithPassword(password);
-            return user;
-        } catch (AuthenticationException ae) {
-            logger.warning(Logger.SECURITY_FAILURE, "Login via remember me cookie failed", ae);
-        } catch (EnterpriseSecurityException e) {
-            logger.warning(Logger.SECURITY_FAILURE, "Remember token was missing, corrupt, or expired");
-        }
-        ESAPI.httpUtilities().killCookie(ESAPI.currentRequest(), ESAPI.currentResponse(), HTTPUtilities.REMEMBER_TOKEN_COOKIE_NAME);
-        return null;
-    }
-    
-    /**
-     * Utility method to extract credentials and verify them.
-     *
-     * @param request The current HTTP request
-     * @return The user that successfully authenticated
-     * @throws AuthenticationException if the submitted credentials are invalid.
-     */
-    private User loginWithUsernameAndPassword(HttpServletRequest request) throws AuthenticationException {
-
-        String username = request.getParameter(ESAPI.securityConfiguration().getUsernameParameterName());
-        String password = request.getParameter(ESAPI.securityConfiguration().getPasswordParameterName());
-
-        // if a logged-in user is requesting to login, log them out first
-        User user = getCurrentUser();
-        if (user != null && !user.isAnonymous()) {
-            logger.warning(Logger.SECURITY_SUCCESS, "User requested relogin. Performing logout then authentication");
-            user.logout();
-        }
-
-        // now authenticate with username and password
-        if (username == null || password == null) {
-            if (username == null) {
-                username = "unspecified user";
-            }
-            throw new AuthenticationCredentialsException("Authentication failed", "Authentication failed for " + username + " because of null username or password");
-        }
-        user = getUser(username);
-        if (user == null) {
-            throw new AuthenticationCredentialsException("Authentication failed", "Authentication failed because user " + username + " doesn't exist");
-        }
-        user.loginWithPassword(password);
-
-        request.setAttribute(user.getCSRFToken(), "authenticated");
-        return user;
-    }
-    
-    /**
-     * {@inheritDoc}
-     */
-    public User login() throws AuthenticationException {
-        return login(ESAPI.currentRequest(), ESAPI.currentResponse());
-    }
-    
-    /**
-     * {@inheritDoc}
-     */
-    public User login(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
-
-        if (request == null || response == null) {
-            throw new AuthenticationCredentialsException("Invalid request", "Request or response objects were null");
-        }
-
-        // if there's a user in the session then use that
-        DefaultUser user = (DefaultUser) getUserFromSession();
-
-        // else if there's a remember token then use that
-        if (user == null) {
-            user = getUserFromRememberToken();
-        }
-
-        // else try to verify credentials - throws exception if login fails
-        if (user == null) {
-            user = (DefaultUser) loginWithUsernameAndPassword(request);
-        }
-
-        // set last host address
-        user.setLastHostAddress(request.getRemoteHost());
-
-        // warn if this authentication request was not POST or non-SSL connection, exposing credentials or session id
-        try {
-            ESAPI.httpUtilities().assertSecureRequest(ESAPI.currentRequest());
-        } catch (AccessControlException e) {
-            throw new AuthenticationException("Attempt to login with an insecure request", e.getLogMessage(), e);
-        }
-
-        // don't let anonymous user log in
-        if (user.isAnonymous()) {
-            user.logout();
-            throw new AuthenticationLoginException("Login failed", "Anonymous user cannot be set to current user. User: " + user.getAccountName());
-        }
-
-        // don't let disabled users log in
-        if (!user.isEnabled()) {
-            user.logout();
-            user.incrementFailedLoginCount();
-            user.setLastFailedLoginTime(new Date());
-            throw new AuthenticationLoginException("Login failed", "Disabled user cannot be set to current user. User: " + user.getAccountName());
-        }
-
-        // don't let locked users log in
-        if (user.isLocked()) {
-            user.logout();
-            user.incrementFailedLoginCount();
-            user.setLastFailedLoginTime(new Date());
-            throw new AuthenticationLoginException("Login failed", "Locked user cannot be set to current user. User: " + user.getAccountName());
-        }
-
-        // don't let expired users log in
-        if (user.isExpired()) {
-            user.logout();
-            user.incrementFailedLoginCount();
-            user.setLastFailedLoginTime(new Date());
-            throw new AuthenticationLoginException("Login failed", "Expired user cannot be set to current user. User: " + user.getAccountName());
-        }
-
-        // check session inactivity timeout
-        if (user.isSessionTimeout()) {
-            user.logout();
-            user.incrementFailedLoginCount();
-            user.setLastFailedLoginTime(new Date());
-            throw new AuthenticationLoginException("Login failed", "Session inactivity timeout: " + user.getAccountName());
-        }
-
-        // check session absolute timeout
-        if (user.isSessionAbsoluteTimeout()) {
-            user.logout();
-            user.incrementFailedLoginCount();
-            user.setLastFailedLoginTime(new Date());
-            throw new AuthenticationLoginException("Login failed", "Session absolute timeout: " + user.getAccountName());
-        }
-
-        //set Locale to the user object in the session from request
-        user.setLocale(request.getLocale());
-
-        // create new session for this User
-        HttpSession session = request.getSession();
-        user.addSession(session);
-        session.setAttribute(USER, user);
-        setCurrentUser(user);
-        return user;
-    }
-    
-    /**
-     * {@inheritDoc}
-     */
-    public void logout() {
-        User user = getCurrentUser();
-        if (user != null && !user.isAnonymous()) {
-            user.logout();
-        }
-    }
-
-    /**
-     * {@inheritDoc}
-     */
-    public void setCurrentUser(User user) {
-        currentUser.setUser(user);
-    }
-
-}
+package org.owasp.esapi.reference;
+
+import java.util.Date;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.HTTPUtilities;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.User;
+import org.owasp.esapi.errors.AccessControlException;
+import org.owasp.esapi.errors.AuthenticationCredentialsException;
+import org.owasp.esapi.errors.AuthenticationException;
+import org.owasp.esapi.errors.AuthenticationLoginException;
+import org.owasp.esapi.errors.EnterpriseSecurityException;
+/**
+ * A partial implementation of the Authenticator interface.
+ * This class should not implement any methods that would be meant
+ * to modify a User object, since that's probably implementation specific.
+ *
+ */
+public abstract class AbstractAuthenticator implements org.owasp.esapi.Authenticator {
+
+	/**
+     * Key for user in session
+     */
+    protected static final String USER = "ESAPIUserSessionKey";
+    
+    private final Logger logger = ESAPI.getLogger("Authenticator");
+    
+    /**
+     * The currentUser ThreadLocal variable is used to make the currentUser available to any call in any part of an
+     * application. Otherwise, each thread would have to pass the User object through the calltree to any methods that
+     * need it. Because we want exceptions and log calls to contain user data, that could be almost anywhere. Therefore,
+     * the ThreadLocal approach simplifies things greatly. <P> As a possible extension, one could create a delegation
+     * framework by adding another ThreadLocal to hold the delegating user identity.
+     */
+    private final ThreadLocalUser currentUser = new ThreadLocalUser();
+
+    private class ThreadLocalUser extends InheritableThreadLocal<User> {
+
+        public User initialValue() {
+            return User.ANONYMOUS;
+        }
+
+        public User getUser() {
+            return super.get();
+        }
+
+        public void setUser(User newUser) {
+            super.set(newUser);
+        }
+    }
+    
+	/**
+	 *
+	 */
+	public AbstractAuthenticator() {
+		super();
+	}
+	
+    /**
+     * {@inheritDoc}
+     */
+    public void clearCurrent() {
+        // logger.logWarning(Logger.SECURITY, "************Clearing threadlocals. Thread" + Thread.currentThread().getName() );
+        currentUser.setUser(null);
+    }
+    
+    /**
+     * {@inheritDoc}
+     */
+    public boolean exists(String accountName) {
+        return getUser(accountName) != null;
+    }
+    
+    /**
+     * {@inheritDoc}
+     * <p/>
+     * Returns the currently logged user as set by the setCurrentUser() methods. Must not log in this method because the
+     * logger calls getCurrentUser() and this could cause a loop.
+     */
+    public User getCurrentUser() {
+        User user = currentUser.get();
+        if (user == null) {
+            user = User.ANONYMOUS;
+        }
+        return user;
+    }
+    
+    /**
+     * Gets the user from session.
+     *
+     * @return the user from session or null if no user is found in the session
+     */
+    protected User getUserFromSession() {
+        HttpSession session = ESAPI.httpUtilities().getCurrentRequest().getSession(false);
+        if (session == null) return null;
+        return ESAPI.httpUtilities().getSessionAttribute(USER);
+    }
+    
+    /**
+     * Returns the user if a matching remember token is found, or null if the token
+     * is missing, token is corrupt, token is expired, account name does not match
+     * and existing account, or hashed password does not match user's hashed password.
+     *
+     * @return the user if a matching remember token is found, or null if the token
+     *         is missing, token is corrupt, token is expired, account name does not match
+     *         and existing account, or hashed password does not match user's hashed password.
+     */
+    protected DefaultUser getUserFromRememberToken() {
+        try {
+            String token = ESAPI.httpUtilities().getCookie(ESAPI.currentRequest(), HTTPUtilities.REMEMBER_TOKEN_COOKIE_NAME);
+            if (token == null) return null;
+            
+            // See Google Issue 144 regarding first URLDecode the token and THEN unsealing.
+            // Note that this Google Issue was marked as "WontFix".
+
+            String[] data = ESAPI.encryptor().unseal(token).split("\\|");
+            if (data.length != 2) {
+                logger.warning(Logger.SECURITY_FAILURE, "Found corrupt or expired remember token");
+                ESAPI.httpUtilities().killCookie(ESAPI.currentRequest(), ESAPI.currentResponse(), HTTPUtilities.REMEMBER_TOKEN_COOKIE_NAME);
+                return null;
+            }
+
+            String username = data[0];
+            String password = data[1];
+            DefaultUser user = (DefaultUser) getUser(username);
+            if (user == null) {
+                logger.warning(Logger.SECURITY_FAILURE, "Found valid remember token but no user matching " + username);
+                return null;
+            }
+
+            logger.info(Logger.SECURITY_SUCCESS, "Logging in user with remember token: " + user.getAccountName());
+            user.loginWithPassword(password);
+            return user;
+        } catch (AuthenticationException ae) {
+            logger.warning(Logger.SECURITY_FAILURE, "Login via remember me cookie failed", ae);
+        } catch (EnterpriseSecurityException e) {
+            logger.warning(Logger.SECURITY_FAILURE, "Remember token was missing, corrupt, or expired");
+        }
+        ESAPI.httpUtilities().killCookie(ESAPI.currentRequest(), ESAPI.currentResponse(), HTTPUtilities.REMEMBER_TOKEN_COOKIE_NAME);
+        return null;
+    }
+    
+    /**
+     * Utility method to extract credentials and verify them.
+     *
+     * @param request The current HTTP request
+     * @return The user that successfully authenticated
+     * @throws AuthenticationException if the submitted credentials are invalid.
+     */
+    private User loginWithUsernameAndPassword(HttpServletRequest request) throws AuthenticationException {
+
+        String username = request.getParameter(ESAPI.securityConfiguration().getUsernameParameterName());
+        String password = request.getParameter(ESAPI.securityConfiguration().getPasswordParameterName());
+
+        // if a logged-in user is requesting to login, log them out first
+        User user = getCurrentUser();
+        if (user != null && !user.isAnonymous()) {
+            logger.warning(Logger.SECURITY_SUCCESS, "User requested relogin. Performing logout then authentication");
+            user.logout();
+        }
+
+        // now authenticate with username and password
+        if (username == null || password == null) {
+            if (username == null) {
+                username = "unspecified user";
+            }
+            throw new AuthenticationCredentialsException("Authentication failed", "Authentication failed for " + username + " because of null username or password");
+        }
+        user = getUser(username);
+        if (user == null) {
+            throw new AuthenticationCredentialsException("Authentication failed", "Authentication failed because user " + username + " doesn't exist");
+        }
+        user.loginWithPassword(password);
+
+        request.setAttribute(user.getCSRFToken(), "authenticated");
+        return user;
+    }
+    
+    /**
+     * {@inheritDoc}
+     */
+    public User login() throws AuthenticationException {
+        return login(ESAPI.currentRequest(), ESAPI.currentResponse());
+    }
+    
+    /**
+     * {@inheritDoc}
+     */
+    public User login(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
+
+        if (request == null || response == null) {
+            throw new AuthenticationCredentialsException("Invalid request", "Request or response objects were null");
+        }
+
+        // if there's a user in the session then use that
+        DefaultUser user = (DefaultUser) getUserFromSession();
+
+        // else if there's a remember token then use that
+        if (user == null) {
+            user = getUserFromRememberToken();
+        }
+
+        // else try to verify credentials - throws exception if login fails
+        if (user == null) {
+            user = (DefaultUser) loginWithUsernameAndPassword(request);
+        }
+
+        // set last host address
+        user.setLastHostAddress(request.getRemoteHost());
+
+        // warn if this authentication request was not POST or non-SSL connection, exposing credentials or session id
+        try {
+            ESAPI.httpUtilities().assertSecureRequest(ESAPI.currentRequest());
+        } catch (AccessControlException e) {
+            throw new AuthenticationException("Attempt to login with an insecure request", e.getLogMessage(), e);
+        }
+
+        // don't let anonymous user log in
+        if (user.isAnonymous()) {
+            user.logout();
+            throw new AuthenticationLoginException("Login failed", "Anonymous user cannot be set to current user. User: " + user.getAccountName());
+        }
+
+        // don't let disabled users log in
+        if (!user.isEnabled()) {
+            user.logout();
+            user.incrementFailedLoginCount();
+            user.setLastFailedLoginTime(new Date());
+            throw new AuthenticationLoginException("Login failed", "Disabled user cannot be set to current user. User: " + user.getAccountName());
+        }
+
+        // don't let locked users log in
+        if (user.isLocked()) {
+            user.logout();
+            user.incrementFailedLoginCount();
+            user.setLastFailedLoginTime(new Date());
+            throw new AuthenticationLoginException("Login failed", "Locked user cannot be set to current user. User: " + user.getAccountName());
+        }
+
+        // don't let expired users log in
+        if (user.isExpired()) {
+            user.logout();
+            user.incrementFailedLoginCount();
+            user.setLastFailedLoginTime(new Date());
+            throw new AuthenticationLoginException("Login failed", "Expired user cannot be set to current user. User: " + user.getAccountName());
+        }
+
+        // check session inactivity timeout
+        if (user.isSessionTimeout()) {
+            user.logout();
+            user.incrementFailedLoginCount();
+            user.setLastFailedLoginTime(new Date());
+            throw new AuthenticationLoginException("Login failed", "Session inactivity timeout: " + user.getAccountName());
+        }
+
+        // check session absolute timeout
+        if (user.isSessionAbsoluteTimeout()) {
+            user.logout();
+            user.incrementFailedLoginCount();
+            user.setLastFailedLoginTime(new Date());
+            throw new AuthenticationLoginException("Login failed", "Session absolute timeout: " + user.getAccountName());
+        }
+
+        //set Locale to the user object in the session from request
+        user.setLocale(request.getLocale());
+
+        // create new session for this User
+        HttpSession session = request.getSession();
+        user.addSession(session);
+        session.setAttribute(USER, user);
+        setCurrentUser(user);
+        return user;
+    }
+    
+    /**
+     * {@inheritDoc}
+     */
+    public void logout() {
+        User user = getCurrentUser();
+        if (user != null && !user.isAnonymous()) {
+            user.logout();
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void setCurrentUser(User user) {
+        currentUser.setUser(user);
+    }
+
+}

From 26d88b5af46e04ee9a660cda7b5e9aacdf2d15d0 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:49 -0500
Subject: [PATCH 138/812] Change CRLF to LF for issue 356.

---
 .../accesscontrol/AlwaysFalseACR.java          | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/accesscontrol/AlwaysFalseACR.java b/src/main/java/org/owasp/esapi/reference/accesscontrol/AlwaysFalseACR.java
index 9d3863dd1..af22587e4 100644
--- a/src/main/java/org/owasp/esapi/reference/accesscontrol/AlwaysFalseACR.java
+++ b/src/main/java/org/owasp/esapi/reference/accesscontrol/AlwaysFalseACR.java
@@ -1,9 +1,9 @@
-package org.owasp.esapi.reference.accesscontrol;
-
-public class AlwaysFalseACR extends BaseACR<Object, Object> {
-
-//	@Override
-	public boolean isAuthorized(Object runtimeParameter) {
-		return false;
-	}
-}
+package org.owasp.esapi.reference.accesscontrol;
+
+public class AlwaysFalseACR extends BaseACR<Object, Object> {
+
+//	@Override
+	public boolean isAuthorized(Object runtimeParameter) {
+		return false;
+	}
+}

From 9de86c9f9bb9512ce26857ffa0ce7274d37d6349 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:49 -0500
Subject: [PATCH 139/812] Change CRLF to LF for issue 356.

---
 .../reference/accesscontrol/AlwaysTrueACR.java | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/accesscontrol/AlwaysTrueACR.java b/src/main/java/org/owasp/esapi/reference/accesscontrol/AlwaysTrueACR.java
index d7cab33b5..0c0c9de18 100644
--- a/src/main/java/org/owasp/esapi/reference/accesscontrol/AlwaysTrueACR.java
+++ b/src/main/java/org/owasp/esapi/reference/accesscontrol/AlwaysTrueACR.java
@@ -1,9 +1,9 @@
-package org.owasp.esapi.reference.accesscontrol;
-
-public class AlwaysTrueACR extends BaseACR<Object, Object> {
-	
-//	@Override
-	public boolean isAuthorized(Object runtimeParameter) {
-		return true;
-	}
-}
+package org.owasp.esapi.reference.accesscontrol;
+
+public class AlwaysTrueACR extends BaseACR<Object, Object> {
+	
+//	@Override
+	public boolean isAuthorized(Object runtimeParameter) {
+		return true;
+	}
+}

From d943350755f5efdeeeaf81478ecc8639d21b288a Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:49 -0500
Subject: [PATCH 140/812] Change CRLF to LF for issue 356.

---
 .../reference/accesscontrol/BaseACR.java      | 36 +++++++++----------
 1 file changed, 18 insertions(+), 18 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/accesscontrol/BaseACR.java b/src/main/java/org/owasp/esapi/reference/accesscontrol/BaseACR.java
index f2221e086..f1699020c 100644
--- a/src/main/java/org/owasp/esapi/reference/accesscontrol/BaseACR.java
+++ b/src/main/java/org/owasp/esapi/reference/accesscontrol/BaseACR.java
@@ -1,18 +1,18 @@
-package org.owasp.esapi.reference.accesscontrol;
-
-import org.owasp.esapi.AccessControlRule;
-
-abstract public class BaseACR<P, R> implements AccessControlRule<P, R> {
-
-	protected P policyParameters;
-	
-//	@Override
-	public void setPolicyParameters(P policyParameter) {
-		this.policyParameters = policyParameter;
-	}
-	
-//	@Override
-	public P getPolicyParameters() {
-		return policyParameters;
-	}
-}
+package org.owasp.esapi.reference.accesscontrol;
+
+import org.owasp.esapi.AccessControlRule;
+
+abstract public class BaseACR<P, R> implements AccessControlRule<P, R> {
+
+	protected P policyParameters;
+	
+//	@Override
+	public void setPolicyParameters(P policyParameter) {
+		this.policyParameters = policyParameter;
+	}
+	
+//	@Override
+	public P getPolicyParameters() {
+		return policyParameters;
+	}
+}

From 028a0d21b9391809d2dfcc51e24d14e2090d602e Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:49 -0500
Subject: [PATCH 141/812] Change CRLF to LF for issue 356.

---
 .../accesscontrol/DelegatingACR.java          | 198 +++++++++---------
 1 file changed, 99 insertions(+), 99 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/accesscontrol/DelegatingACR.java b/src/main/java/org/owasp/esapi/reference/accesscontrol/DelegatingACR.java
index 193f91ef7..fa532ddaf 100644
--- a/src/main/java/org/owasp/esapi/reference/accesscontrol/DelegatingACR.java
+++ b/src/main/java/org/owasp/esapi/reference/accesscontrol/DelegatingACR.java
@@ -1,99 +1,99 @@
-package org.owasp.esapi.reference.accesscontrol;
-
-import java.lang.reflect.Method;
-import java.lang.reflect.Modifier;
-import java.util.Iterator;
-import java.util.Vector;
-
-import org.apache.commons.collections.iterators.ArrayListIterator;
-
-public class DelegatingACR extends BaseACR<DynaBeanACRParameter, Object[]> {
-	protected Method delegateMethod;
-	protected Object delegateInstance;
-	
-	@Override
-	public void setPolicyParameters(DynaBeanACRParameter policyParameter) {
-		String delegateClassName = policyParameter.getString("delegateClass", "").trim();
-		String methodName = policyParameter.getString("delegateMethod", "").trim();
-		String[] parameterClassNames = policyParameter.getStringArray("parameterClasses");
-
-		//Convert the classNames into Classes and get the delegate method.
-		Class delegateClass = getClass(delegateClassName, "delegate");
-		Class parameterClasses[] = getParameters(parameterClassNames);
-		try {
-			this.delegateMethod = delegateClass.getMethod(methodName, parameterClasses);
-		} catch (SecurityException e) {
-			throw new IllegalArgumentException(e.getMessage() + 
-					" delegateClass.delegateMethod(parameterClasses): \"" +  
-					delegateClassName + "." + methodName + "(" + parameterClassNames +
-					")\" must be public.", e);
-		} catch (NoSuchMethodException e) {
-			throw new IllegalArgumentException(e.getMessage() + 
-					" delegateClass.delegateMethod(parameterClasses): \"" +  
-					delegateClassName + "." + methodName + "(" + parameterClassNames +
-					")\" does not exist.", e);
-		}
-	
-		//static methods do not need a delegateInstance. Non-static methods do.
-		if(!Modifier.isStatic(this.delegateMethod.getModifiers())) {
-			try {
-				this.delegateInstance = delegateClass.newInstance();
-			} catch (InstantiationException ex) {
-				throw new IllegalArgumentException( 
-						" Delegate class \"" + delegateClassName + 
-						"\" must be concrete, because method " +
-						delegateClassName + "." + methodName + "(" + parameterClassNames +
-						") is not static.", ex);
-			} catch (IllegalAccessException ex) {
-				new IllegalArgumentException( 
-						" Delegate class \"" + delegateClassName + 
-						"\" must must have a zero-argument constructor, because " +
-						"method delegateClass.delegateMethod(parameterClasses): \"" +  
-						delegateClassName + "." + methodName + "(" + parameterClassNames +
-						")\" is not static.", ex);
-			}	
-		} else {
-			this.delegateInstance = null;
-		}
-	}
-	/**
-	 * Convert an array of fully qualified class names into an array of Class objects
-	 * @param parameterClassNames
-	 * @return
-	 */
-	protected final Class[] getParameters(String[] parameterClassNames) {
-		if(parameterClassNames == null) {
-			return new Class[0];
-		}
-		Vector<Class> classes = new Vector<Class>();
-		Iterator<String> classNames = new ArrayListIterator(parameterClassNames);
-		while(classNames.hasNext()) {
-			classes.add(getClass(classNames.next(), "parameter"));
-		}
-		return classes.toArray(new Class[classes.size()]);
-	}
-	/**
-	 * Convert a single fully qualified class name into a Class object
-	 * @param className
-	 * @param purpose
-	 * @return
-	 */
-	protected final Class getClass(String className, String purpose) {
-		try {
-	        Class theClass = Class.forName(className);
-	        return theClass;
-	    } catch ( ClassNotFoundException ex ) {
-			throw new IllegalArgumentException(ex.getMessage() + 
-					" " + purpose + " Class " + className + 
-					" must be in the classpath", ex);
-	    } 
-	}
-	/**
-	 * Delegates to the method specified in setPolicyParameters
-	 */
-	public boolean isAuthorized(Object[] runtimeParameters) throws Exception {
-		return ((Boolean)delegateMethod.invoke(delegateInstance, runtimeParameters)).booleanValue();
-	}
-}
-
-
+package org.owasp.esapi.reference.accesscontrol;
+
+import java.lang.reflect.Method;
+import java.lang.reflect.Modifier;
+import java.util.Iterator;
+import java.util.Vector;
+
+import org.apache.commons.collections.iterators.ArrayListIterator;
+
+public class DelegatingACR extends BaseACR<DynaBeanACRParameter, Object[]> {
+	protected Method delegateMethod;
+	protected Object delegateInstance;
+	
+	@Override
+	public void setPolicyParameters(DynaBeanACRParameter policyParameter) {
+		String delegateClassName = policyParameter.getString("delegateClass", "").trim();
+		String methodName = policyParameter.getString("delegateMethod", "").trim();
+		String[] parameterClassNames = policyParameter.getStringArray("parameterClasses");
+
+		//Convert the classNames into Classes and get the delegate method.
+		Class delegateClass = getClass(delegateClassName, "delegate");
+		Class parameterClasses[] = getParameters(parameterClassNames);
+		try {
+			this.delegateMethod = delegateClass.getMethod(methodName, parameterClasses);
+		} catch (SecurityException e) {
+			throw new IllegalArgumentException(e.getMessage() + 
+					" delegateClass.delegateMethod(parameterClasses): \"" +  
+					delegateClassName + "." + methodName + "(" + parameterClassNames +
+					")\" must be public.", e);
+		} catch (NoSuchMethodException e) {
+			throw new IllegalArgumentException(e.getMessage() + 
+					" delegateClass.delegateMethod(parameterClasses): \"" +  
+					delegateClassName + "." + methodName + "(" + parameterClassNames +
+					")\" does not exist.", e);
+		}
+	
+		//static methods do not need a delegateInstance. Non-static methods do.
+		if(!Modifier.isStatic(this.delegateMethod.getModifiers())) {
+			try {
+				this.delegateInstance = delegateClass.newInstance();
+			} catch (InstantiationException ex) {
+				throw new IllegalArgumentException( 
+						" Delegate class \"" + delegateClassName + 
+						"\" must be concrete, because method " +
+						delegateClassName + "." + methodName + "(" + parameterClassNames +
+						") is not static.", ex);
+			} catch (IllegalAccessException ex) {
+				new IllegalArgumentException( 
+						" Delegate class \"" + delegateClassName + 
+						"\" must must have a zero-argument constructor, because " +
+						"method delegateClass.delegateMethod(parameterClasses): \"" +  
+						delegateClassName + "." + methodName + "(" + parameterClassNames +
+						")\" is not static.", ex);
+			}	
+		} else {
+			this.delegateInstance = null;
+		}
+	}
+	/**
+	 * Convert an array of fully qualified class names into an array of Class objects
+	 * @param parameterClassNames
+	 * @return
+	 */
+	protected final Class[] getParameters(String[] parameterClassNames) {
+		if(parameterClassNames == null) {
+			return new Class[0];
+		}
+		Vector<Class> classes = new Vector<Class>();
+		Iterator<String> classNames = new ArrayListIterator(parameterClassNames);
+		while(classNames.hasNext()) {
+			classes.add(getClass(classNames.next(), "parameter"));
+		}
+		return classes.toArray(new Class[classes.size()]);
+	}
+	/**
+	 * Convert a single fully qualified class name into a Class object
+	 * @param className
+	 * @param purpose
+	 * @return
+	 */
+	protected final Class getClass(String className, String purpose) {
+		try {
+	        Class theClass = Class.forName(className);
+	        return theClass;
+	    } catch ( ClassNotFoundException ex ) {
+			throw new IllegalArgumentException(ex.getMessage() + 
+					" " + purpose + " Class " + className + 
+					" must be in the classpath", ex);
+	    } 
+	}
+	/**
+	 * Delegates to the method specified in setPolicyParameters
+	 */
+	public boolean isAuthorized(Object[] runtimeParameters) throws Exception {
+		return ((Boolean)delegateMethod.invoke(delegateInstance, runtimeParameters)).booleanValue();
+	}
+}
+
+

From b7460b7a15e66b18249012fe6673c5cb72acc1b4 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:49 -0500
Subject: [PATCH 142/812] Change CRLF to LF for issue 356.

---
 .../accesscontrol/DynaBeanACRParameter.java   | 372 +++++++++---------
 1 file changed, 186 insertions(+), 186 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/accesscontrol/DynaBeanACRParameter.java b/src/main/java/org/owasp/esapi/reference/accesscontrol/DynaBeanACRParameter.java
index 7c4879e7b..84e6aec1e 100644
--- a/src/main/java/org/owasp/esapi/reference/accesscontrol/DynaBeanACRParameter.java
+++ b/src/main/java/org/owasp/esapi/reference/accesscontrol/DynaBeanACRParameter.java
@@ -1,186 +1,186 @@
-package org.owasp.esapi.reference.accesscontrol;
-
-import java.math.BigDecimal;
-import java.math.BigInteger;
-import java.util.Date;
-import java.util.Iterator;
-
-import org.apache.commons.beanutils.*;
-import org.owasp.esapi.reference.accesscontrol.policyloader.PolicyParameters;
-
-/**
- * A DynaBean comes from the apache bean utils. It is basically a 
- * convenient way to dynamically assign getters and setters. Essentially, 
- * the way we use DynaBean is a HashMap that can be set to read only.
- * @author Mike H. Fauzy
- */
-public class DynaBeanACRParameter implements PolicyParameters {
-	protected LazyDynaMap policyProperties;
-	
-	public DynaBeanACRParameter() {
-		policyProperties = new LazyDynaMap();
-	}
-	
-	/* (non-Javadoc)
-	 * @see org.owasp.esapi.reference.accesscontrol.policyloader.PolicyParameters#get(java.lang.String)
-	 */
-	public Object get(String key) {
-		return policyProperties.get(key);
-	}
-	/**
-	 * Convenience method to avoid common casts.
-	 * @param key
-	 * @return
-	 */
-	public boolean getBoolean(String key) {
-		return ((Boolean)get(key)).booleanValue();
-	}
-	/**
-	 * Convenience method to avoid common casts.
-	 * @param key
-	 * @return
-	 */
-	public byte getByte(String key) {
-		return ((Byte)get(key)).byteValue();
-	}
-	/**
-	 * Convenience method to avoid common casts.
-	 * @param key
-	 * @return
-	 */
-	public char getChar(String key) {
-		return ((Character)get(key)).charValue();
-	}
-	/**
-	 * Convenience method to avoid common casts.
-	 * @param key
-	 * @return
-	 */
-	public int getInt(String key) {
-		return ((Integer)get(key)).intValue();
-	}
-	/**
-	 * Convenience method to avoid common casts.
-	 * @param key
-	 * @return
-	 */
-	public long getLong(String key) {
-		return ((Long)get(key)).longValue();
-	}
-	/**
-	 * Convenience method to avoid common casts.
-	 * @param key
-	 * @return
-	 */
-	public float getFloat(String key) {
-		return ((Float)get(key)).floatValue();
-	}
-	/**
-	 * Convenience method to avoid common casts.
-	 * @param key
-	 * @return
-	 */
-	public double getDouble(String key) {
-		return ((Double)get(key)).doubleValue();
-	}
-	/**
-	 * Convenience method to avoid common casts.
-	 * @param key
-	 * @return
-	 */
-	public BigDecimal getBigDecimal(String key) {
-		return (BigDecimal)get(key);
-	}
-	/**
-	 * Convenience method to avoid common casts.
-	 * @param key
-	 * @return
-	 */
-	public BigInteger getBigInteger(String key) {
-		return (BigInteger)get(key);
-	}
-	/**
-	 * Convenience method to avoid common casts.
-	 * @param key
-	 * @return
-	 */
-	public Date getDate(String key) {
-		return (Date)get(key);
-	}
-	
-	/**
-	 * Convenience method to avoid common casts. Note that the time object
-	 * is the same as a date object
-	 * @param key
-	 * @return
-	 */
-	public Date getTime(String key) {
-		return (Date)get(key);
-	}
-	
-	/**
-	 * Convenience method to avoid common casts.
-	 * @param key
-	 * @return
-	 */
-	public String getString(String key) {
-		return (String)get(key);
-	}
-	
-	public String getString(String key, String defaultValue) {
-		return (String)get(key) == null ? defaultValue : (String)get(key);
-	}
-	
-	public String[] getStringArray(String key) {
-		return (String[])get(key);
-	}
-	
-	/**
-	 * Convenience method to avoid common casts.
-	 * @param key
-	 * @return
-	 */
-	public Object getObject(String key) {
-		return get(key);
-	}	
-
-	/* (non-Javadoc)
-	 * @see org.owasp.esapi.reference.accesscontrol.policyloader.PolicyParameters#set(java.lang.String, java.lang.Object)
-	 */
-	public void set(String key, Object value) throws IllegalArgumentException {
-		policyProperties.set(key, value);
-	}
-	/* (non-Javadoc)
-	 * @see org.owasp.esapi.reference.accesscontrol.policyloader.PolicyParameters#put(java.lang.String, java.lang.Object)
-	 */
-	public void put(String key, Object value) throws IllegalArgumentException {
-		set(key, value);
-	}
-	
-	/**
-	 * This makes the map itself read only, but the mutability of objects 
-	 * that this map contains is not affected. Specifically, properties 
-	 * cannot be added or removed and the reference cannot be changed to 
-	 * a different object, but this does not change whether the values that the 
-	 * object contains can be changed. 
-	 */
-	public void lock() {
-		policyProperties.setRestricted(true);
-	}
-	
-	public String toString() {
-		StringBuilder sb = new StringBuilder();
-		Iterator keys = policyProperties.getMap().keySet().iterator();
-		String currentKey;
-		while(keys.hasNext()) {
-			currentKey = (String)keys.next();
-			sb.append(currentKey);
-			sb.append("=");
-			sb.append(policyProperties.get(currentKey));
-			if(keys.hasNext()) {
-				sb.append(",");
-			}
-		}
-		return sb.toString();
-	}
-}
+package org.owasp.esapi.reference.accesscontrol;
+
+import java.math.BigDecimal;
+import java.math.BigInteger;
+import java.util.Date;
+import java.util.Iterator;
+
+import org.apache.commons.beanutils.*;
+import org.owasp.esapi.reference.accesscontrol.policyloader.PolicyParameters;
+
+/**
+ * A DynaBean comes from the apache bean utils. It is basically a 
+ * convenient way to dynamically assign getters and setters. Essentially, 
+ * the way we use DynaBean is a HashMap that can be set to read only.
+ * @author Mike H. Fauzy
+ */
+public class DynaBeanACRParameter implements PolicyParameters {
+	protected LazyDynaMap policyProperties;
+	
+	public DynaBeanACRParameter() {
+		policyProperties = new LazyDynaMap();
+	}
+	
+	/* (non-Javadoc)
+	 * @see org.owasp.esapi.reference.accesscontrol.policyloader.PolicyParameters#get(java.lang.String)
+	 */
+	public Object get(String key) {
+		return policyProperties.get(key);
+	}
+	/**
+	 * Convenience method to avoid common casts.
+	 * @param key
+	 * @return
+	 */
+	public boolean getBoolean(String key) {
+		return ((Boolean)get(key)).booleanValue();
+	}
+	/**
+	 * Convenience method to avoid common casts.
+	 * @param key
+	 * @return
+	 */
+	public byte getByte(String key) {
+		return ((Byte)get(key)).byteValue();
+	}
+	/**
+	 * Convenience method to avoid common casts.
+	 * @param key
+	 * @return
+	 */
+	public char getChar(String key) {
+		return ((Character)get(key)).charValue();
+	}
+	/**
+	 * Convenience method to avoid common casts.
+	 * @param key
+	 * @return
+	 */
+	public int getInt(String key) {
+		return ((Integer)get(key)).intValue();
+	}
+	/**
+	 * Convenience method to avoid common casts.
+	 * @param key
+	 * @return
+	 */
+	public long getLong(String key) {
+		return ((Long)get(key)).longValue();
+	}
+	/**
+	 * Convenience method to avoid common casts.
+	 * @param key
+	 * @return
+	 */
+	public float getFloat(String key) {
+		return ((Float)get(key)).floatValue();
+	}
+	/**
+	 * Convenience method to avoid common casts.
+	 * @param key
+	 * @return
+	 */
+	public double getDouble(String key) {
+		return ((Double)get(key)).doubleValue();
+	}
+	/**
+	 * Convenience method to avoid common casts.
+	 * @param key
+	 * @return
+	 */
+	public BigDecimal getBigDecimal(String key) {
+		return (BigDecimal)get(key);
+	}
+	/**
+	 * Convenience method to avoid common casts.
+	 * @param key
+	 * @return
+	 */
+	public BigInteger getBigInteger(String key) {
+		return (BigInteger)get(key);
+	}
+	/**
+	 * Convenience method to avoid common casts.
+	 * @param key
+	 * @return
+	 */
+	public Date getDate(String key) {
+		return (Date)get(key);
+	}
+	
+	/**
+	 * Convenience method to avoid common casts. Note that the time object
+	 * is the same as a date object
+	 * @param key
+	 * @return
+	 */
+	public Date getTime(String key) {
+		return (Date)get(key);
+	}
+	
+	/**
+	 * Convenience method to avoid common casts.
+	 * @param key
+	 * @return
+	 */
+	public String getString(String key) {
+		return (String)get(key);
+	}
+	
+	public String getString(String key, String defaultValue) {
+		return (String)get(key) == null ? defaultValue : (String)get(key);
+	}
+	
+	public String[] getStringArray(String key) {
+		return (String[])get(key);
+	}
+	
+	/**
+	 * Convenience method to avoid common casts.
+	 * @param key
+	 * @return
+	 */
+	public Object getObject(String key) {
+		return get(key);
+	}	
+
+	/* (non-Javadoc)
+	 * @see org.owasp.esapi.reference.accesscontrol.policyloader.PolicyParameters#set(java.lang.String, java.lang.Object)
+	 */
+	public void set(String key, Object value) throws IllegalArgumentException {
+		policyProperties.set(key, value);
+	}
+	/* (non-Javadoc)
+	 * @see org.owasp.esapi.reference.accesscontrol.policyloader.PolicyParameters#put(java.lang.String, java.lang.Object)
+	 */
+	public void put(String key, Object value) throws IllegalArgumentException {
+		set(key, value);
+	}
+	
+	/**
+	 * This makes the map itself read only, but the mutability of objects 
+	 * that this map contains is not affected. Specifically, properties 
+	 * cannot be added or removed and the reference cannot be changed to 
+	 * a different object, but this does not change whether the values that the 
+	 * object contains can be changed. 
+	 */
+	public void lock() {
+		policyProperties.setRestricted(true);
+	}
+	
+	public String toString() {
+		StringBuilder sb = new StringBuilder();
+		Iterator keys = policyProperties.getMap().keySet().iterator();
+		String currentKey;
+		while(keys.hasNext()) {
+			currentKey = (String)keys.next();
+			sb.append(currentKey);
+			sb.append("=");
+			sb.append(policyProperties.get(currentKey));
+			if(keys.hasNext()) {
+				sb.append(",");
+			}
+		}
+		return sb.toString();
+	}
+}

From a582da29f828284ed771f408376ce2dfa3d36c06 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:49 -0500
Subject: [PATCH 143/812] Change CRLF to LF for issue 356.

---
 .../EchoRuntimeParameterACR.java              | 24 +++++++++----------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/accesscontrol/EchoRuntimeParameterACR.java b/src/main/java/org/owasp/esapi/reference/accesscontrol/EchoRuntimeParameterACR.java
index bbc816898..b33007707 100644
--- a/src/main/java/org/owasp/esapi/reference/accesscontrol/EchoRuntimeParameterACR.java
+++ b/src/main/java/org/owasp/esapi/reference/accesscontrol/EchoRuntimeParameterACR.java
@@ -1,13 +1,13 @@
-package org.owasp.esapi.reference.accesscontrol;
-
-public class EchoRuntimeParameterACR extends BaseACR<Object, Boolean>{
-
-	/**
-	 * Returns true iff runtimeParameter is a Boolean true.
-	 * throws ClassCastException if runtimeParameter is not a Boolean.
-	 */
-	public boolean isAuthorized(Boolean runtimeParameter) throws ClassCastException{
-		return runtimeParameter.booleanValue();
-	}
-
+package org.owasp.esapi.reference.accesscontrol;
+
+public class EchoRuntimeParameterACR extends BaseACR<Object, Boolean>{
+
+	/**
+	 * Returns true iff runtimeParameter is a Boolean true.
+	 * throws ClassCastException if runtimeParameter is not a Boolean.
+	 */
+	public boolean isAuthorized(Boolean runtimeParameter) throws ClassCastException{
+		return runtimeParameter.booleanValue();
+	}
+
 }
\ No newline at end of file

From 6fb5a7d1594c7836e2f7999f1c9b755d28e10834 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:49 -0500
Subject: [PATCH 144/812] Change CRLF to LF for issue 356.

---
 .../ExperimentalAccessController.java         | 368 +++++++++---------
 1 file changed, 184 insertions(+), 184 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/accesscontrol/ExperimentalAccessController.java b/src/main/java/org/owasp/esapi/reference/accesscontrol/ExperimentalAccessController.java
index f97b22677..36d231b8d 100644
--- a/src/main/java/org/owasp/esapi/reference/accesscontrol/ExperimentalAccessController.java
+++ b/src/main/java/org/owasp/esapi/reference/accesscontrol/ExperimentalAccessController.java
@@ -1,184 +1,184 @@
-package org.owasp.esapi.reference.accesscontrol;
-
-import java.util.Map;
-
-import org.owasp.esapi.AccessControlRule;
-import org.owasp.esapi.AccessController;
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.Logger;
-import org.owasp.esapi.errors.AccessControlException;
-import org.owasp.esapi.reference.accesscontrol.policyloader.ACRPolicyFileLoader;
-import org.owasp.esapi.reference.accesscontrol.policyloader.PolicyDTO;
-
-public class ExperimentalAccessController implements AccessController {
-	private Map ruleMap;
-
-	protected final Logger logger = ESAPI.getLogger("DefaultAccessController");
-	
-	public ExperimentalAccessController(Map ruleMap) {
-		this.ruleMap = ruleMap;	
-	}
-	public ExperimentalAccessController() throws AccessControlException {
-		ACRPolicyFileLoader policyDescriptor = new ACRPolicyFileLoader();
-		PolicyDTO policyDTO = policyDescriptor.load();		
-		ruleMap = policyDTO.getAccessControlRules();
-	}
-	
-	public boolean isAuthorized(Object key, Object runtimeParameter) {
-		try {
-			AccessControlRule rule = (AccessControlRule)ruleMap.get(key);
-			if(rule == null) {
-				throw new AccessControlException("Access Denied",
-						"AccessControlRule was not found for key: " + key); 
-			}
-			if(logger.isDebugEnabled()){ logger.debug(Logger.EVENT_SUCCESS, "Evaluating Authorization Rule \"" + key + "\" Using class: " + rule.getClass().getCanonicalName()); }
-			return rule.isAuthorized(runtimeParameter);
-		} catch(Exception e) {
-			try {
-				//Log the exception by throwing and then catching it.
-				//TODO figure out what which string goes where.		
-				throw new AccessControlException("Access Denied",
-					"An unhandled Exception was " +
-					"caught, so access is denied.",  
-					e);	
-			} catch(AccessControlException ace) {
-				//the exception was just logged. There's nothing left to do.
-			}
-			return false; //fail closed
-		}
-	}
-
-	public void assertAuthorized(Object key, Object runtimeParameter)
-		throws AccessControlException {
-		boolean isAuthorized = false;
-		try {
-			AccessControlRule rule = (AccessControlRule)ruleMap.get(key);
-			if(rule == null) {
-				throw new AccessControlException("Access Denied", 
-						"AccessControlRule was not found for key: " + key); 
-			}
-			if(logger.isDebugEnabled()){ logger.debug(Logger.EVENT_SUCCESS, "Asserting Authorization Rule \"" + key + "\" Using class: " + rule.getClass().getCanonicalName()); }
-			isAuthorized = rule.isAuthorized(runtimeParameter);
-		} catch(Exception e) {
-			//TODO figure out what which string goes where.		
-			throw new AccessControlException("Access Denied", "An unhandled Exception was " +
-					"caught, so access is denied." +
-					"AccessControlException.",
-					e);
-		}
-		if(!isAuthorized) {
-			throw new AccessControlException("Access Denied", 
-					"Access Denied for key: " + key + 
-					" runtimeParameter: " + runtimeParameter);
-		}
-	}
-	
-	/**** Below this line is legacy support ****/
-	
-	/**
-	 * @param action
-	 * @param data
-	 * @throws AccessControlException
-	 * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#assertAuthorizedForData(java.lang.String, java.lang.Object)
-	 * @deprecated
-	 */
-	public void assertAuthorizedForData(String action, Object data)
-			throws AccessControlException {
-		this.assertAuthorized("AC 1.0 Data", new Object[] {action, data});
-	}
-
-	/**
-	 * @param filepath
-	 * @throws AccessControlException
-	 * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#assertAuthorizedForFile(java.lang.String)
-	 * @deprecated
-	 */
-	public void assertAuthorizedForFile(String filepath)
-			throws AccessControlException {
-		this.assertAuthorized("AC 1.0 File", new Object[] {filepath});
-	}
-
-	/**
-	 * @param functionName
-	 * @throws AccessControlException
-	 * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#assertAuthorizedForFunction(java.lang.String)
-	 * @deprecated
-	 */
-	public void assertAuthorizedForFunction(String functionName)
-			throws AccessControlException {
-		this.assertAuthorized("AC 1.0 Function", new Object[] {functionName});
-	}
-
-	/**
-	 * @param serviceName
-	 * @throws AccessControlException
-	 * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#assertAuthorizedForService(java.lang.String)
-	 * @deprecated
-	 */
-	public void assertAuthorizedForService(String serviceName)
-			throws AccessControlException {
-		this.assertAuthorized("AC 1.0 Service", new Object[] {serviceName});
-	}
-
-	/**
-	 * @param url
-	 * @throws AccessControlException
-	 * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#assertAuthorizedForURL(java.lang.String)
-	 * @deprecated
-	 */
-	public void assertAuthorizedForURL(String url)
-			throws AccessControlException {
-		this.assertAuthorized("AC 1.0 URL", new Object[] {url});
-	}
-
-	/**
-	 * @param action
-	 * @param data
-	 * @return {@code true} if access is permitted; {@code false} otherwise.
-	 * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#isAuthorizedForData(java.lang.String, java.lang.Object)
-	 * @deprecated
-	 */
-	public boolean isAuthorizedForData(String action, Object data) {
-		return this.isAuthorized("AC 1.0 Data", new Object[] {action, data});
-	}
-
-	/**
-	 * @param filepath
-     * @return {@code true} if access is permitted; {@code false} otherwise.
-	 * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#isAuthorizedForFile(java.lang.String)
-	 * @deprecated
-	 */
-	public boolean isAuthorizedForFile(String filepath) {
-		return this.isAuthorized("AC 1.0 File", new Object[] {filepath});
-	}
-
-	/**
-	 * @param functionName
-     * @return {@code true} if access is permitted; {@code false} otherwise.
-	 * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#isAuthorizedForFunction(java.lang.String)
-	 * @deprecated
-	 */
-	public boolean isAuthorizedForFunction(String functionName) {
-		return this.isAuthorized("AC 1.0 Function", new Object[] {functionName});
-	}
-
-	/**
-	 * @param serviceName
-     * @return {@code true} if access is permitted; {@code false} otherwise.
-	 * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#isAuthorizedForService(java.lang.String)
-	 * @deprecated
-	 */
-	public boolean isAuthorizedForService(String serviceName) {
-		return this.isAuthorized("AC 1.0 Service", new Object[] {serviceName});
-	}
-
-	/**
-	 * @param url
-     * @return {@code true} if access is permitted; {@code false} otherwise.
-	 * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#isAuthorizedForURL(java.lang.String)
-	 * @deprecated
-	 */
-	public boolean isAuthorizedForURL(String url) {
-		return this.isAuthorized("AC 1.0 URL", new Object[] {url});
-	}
-}
+package org.owasp.esapi.reference.accesscontrol;
+
+import java.util.Map;
+
+import org.owasp.esapi.AccessControlRule;
+import org.owasp.esapi.AccessController;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.errors.AccessControlException;
+import org.owasp.esapi.reference.accesscontrol.policyloader.ACRPolicyFileLoader;
+import org.owasp.esapi.reference.accesscontrol.policyloader.PolicyDTO;
+
+public class ExperimentalAccessController implements AccessController {
+	private Map ruleMap;
+
+	protected final Logger logger = ESAPI.getLogger("DefaultAccessController");
+	
+	public ExperimentalAccessController(Map ruleMap) {
+		this.ruleMap = ruleMap;	
+	}
+	public ExperimentalAccessController() throws AccessControlException {
+		ACRPolicyFileLoader policyDescriptor = new ACRPolicyFileLoader();
+		PolicyDTO policyDTO = policyDescriptor.load();		
+		ruleMap = policyDTO.getAccessControlRules();
+	}
+	
+	public boolean isAuthorized(Object key, Object runtimeParameter) {
+		try {
+			AccessControlRule rule = (AccessControlRule)ruleMap.get(key);
+			if(rule == null) {
+				throw new AccessControlException("Access Denied",
+						"AccessControlRule was not found for key: " + key); 
+			}
+			if(logger.isDebugEnabled()){ logger.debug(Logger.EVENT_SUCCESS, "Evaluating Authorization Rule \"" + key + "\" Using class: " + rule.getClass().getCanonicalName()); }
+			return rule.isAuthorized(runtimeParameter);
+		} catch(Exception e) {
+			try {
+				//Log the exception by throwing and then catching it.
+				//TODO figure out what which string goes where.		
+				throw new AccessControlException("Access Denied",
+					"An unhandled Exception was " +
+					"caught, so access is denied.",  
+					e);	
+			} catch(AccessControlException ace) {
+				//the exception was just logged. There's nothing left to do.
+			}
+			return false; //fail closed
+		}
+	}
+
+	public void assertAuthorized(Object key, Object runtimeParameter)
+		throws AccessControlException {
+		boolean isAuthorized = false;
+		try {
+			AccessControlRule rule = (AccessControlRule)ruleMap.get(key);
+			if(rule == null) {
+				throw new AccessControlException("Access Denied", 
+						"AccessControlRule was not found for key: " + key); 
+			}
+			if(logger.isDebugEnabled()){ logger.debug(Logger.EVENT_SUCCESS, "Asserting Authorization Rule \"" + key + "\" Using class: " + rule.getClass().getCanonicalName()); }
+			isAuthorized = rule.isAuthorized(runtimeParameter);
+		} catch(Exception e) {
+			//TODO figure out what which string goes where.		
+			throw new AccessControlException("Access Denied", "An unhandled Exception was " +
+					"caught, so access is denied." +
+					"AccessControlException.",
+					e);
+		}
+		if(!isAuthorized) {
+			throw new AccessControlException("Access Denied", 
+					"Access Denied for key: " + key + 
+					" runtimeParameter: " + runtimeParameter);
+		}
+	}
+	
+	/**** Below this line is legacy support ****/
+	
+	/**
+	 * @param action
+	 * @param data
+	 * @throws AccessControlException
+	 * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#assertAuthorizedForData(java.lang.String, java.lang.Object)
+	 * @deprecated
+	 */
+	public void assertAuthorizedForData(String action, Object data)
+			throws AccessControlException {
+		this.assertAuthorized("AC 1.0 Data", new Object[] {action, data});
+	}
+
+	/**
+	 * @param filepath
+	 * @throws AccessControlException
+	 * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#assertAuthorizedForFile(java.lang.String)
+	 * @deprecated
+	 */
+	public void assertAuthorizedForFile(String filepath)
+			throws AccessControlException {
+		this.assertAuthorized("AC 1.0 File", new Object[] {filepath});
+	}
+
+	/**
+	 * @param functionName
+	 * @throws AccessControlException
+	 * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#assertAuthorizedForFunction(java.lang.String)
+	 * @deprecated
+	 */
+	public void assertAuthorizedForFunction(String functionName)
+			throws AccessControlException {
+		this.assertAuthorized("AC 1.0 Function", new Object[] {functionName});
+	}
+
+	/**
+	 * @param serviceName
+	 * @throws AccessControlException
+	 * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#assertAuthorizedForService(java.lang.String)
+	 * @deprecated
+	 */
+	public void assertAuthorizedForService(String serviceName)
+			throws AccessControlException {
+		this.assertAuthorized("AC 1.0 Service", new Object[] {serviceName});
+	}
+
+	/**
+	 * @param url
+	 * @throws AccessControlException
+	 * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#assertAuthorizedForURL(java.lang.String)
+	 * @deprecated
+	 */
+	public void assertAuthorizedForURL(String url)
+			throws AccessControlException {
+		this.assertAuthorized("AC 1.0 URL", new Object[] {url});
+	}
+
+	/**
+	 * @param action
+	 * @param data
+	 * @return {@code true} if access is permitted; {@code false} otherwise.
+	 * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#isAuthorizedForData(java.lang.String, java.lang.Object)
+	 * @deprecated
+	 */
+	public boolean isAuthorizedForData(String action, Object data) {
+		return this.isAuthorized("AC 1.0 Data", new Object[] {action, data});
+	}
+
+	/**
+	 * @param filepath
+     * @return {@code true} if access is permitted; {@code false} otherwise.
+	 * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#isAuthorizedForFile(java.lang.String)
+	 * @deprecated
+	 */
+	public boolean isAuthorizedForFile(String filepath) {
+		return this.isAuthorized("AC 1.0 File", new Object[] {filepath});
+	}
+
+	/**
+	 * @param functionName
+     * @return {@code true} if access is permitted; {@code false} otherwise.
+	 * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#isAuthorizedForFunction(java.lang.String)
+	 * @deprecated
+	 */
+	public boolean isAuthorizedForFunction(String functionName) {
+		return this.isAuthorized("AC 1.0 Function", new Object[] {functionName});
+	}
+
+	/**
+	 * @param serviceName
+     * @return {@code true} if access is permitted; {@code false} otherwise.
+	 * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#isAuthorizedForService(java.lang.String)
+	 * @deprecated
+	 */
+	public boolean isAuthorizedForService(String serviceName) {
+		return this.isAuthorized("AC 1.0 Service", new Object[] {serviceName});
+	}
+
+	/**
+	 * @param url
+     * @return {@code true} if access is permitted; {@code false} otherwise.
+	 * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#isAuthorizedForURL(java.lang.String)
+	 * @deprecated
+	 */
+	public boolean isAuthorizedForURL(String url) {
+		return this.isAuthorized("AC 1.0 URL", new Object[] {url});
+	}
+}

From 30e513084552b71195ec6071fa2e926f961cd196 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:49 -0500
Subject: [PATCH 145/812] Change CRLF to LF for issue 356.

---
 .../accesscontrol/FileBasedACRs.java          | 1118 ++++++++---------
 1 file changed, 559 insertions(+), 559 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/accesscontrol/FileBasedACRs.java b/src/main/java/org/owasp/esapi/reference/accesscontrol/FileBasedACRs.java
index c788b875c..0e2d8fe3e 100644
--- a/src/main/java/org/owasp/esapi/reference/accesscontrol/FileBasedACRs.java
+++ b/src/main/java/org/owasp/esapi/reference/accesscontrol/FileBasedACRs.java
@@ -1,559 +1,559 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Mike Fauzy <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference.accesscontrol;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.Logger;
-import org.owasp.esapi.User;
-import org.owasp.esapi.errors.AccessControlException;
-import org.owasp.esapi.errors.EncodingException;
-import org.owasp.esapi.errors.IntrusionException;
-
-// CHECKME: If this exists for backward compatibility, should this
-//          class be deprecated??? If so, mark it using annotation.
-/**
- * This class exists for backwards compatibility with the AccessController 1.0 
- * reference implementation.
- *
- * This reference implementation uses a simple model for specifying a set of
- * access control rules. Many organizations will want to create their own
- * implementation of the methods provided in the AccessController interface.
- * <P>
- * This reference implementation uses a simple scheme for specifying the rules.
- * The first step is to create a namespace for the resources being accessed. For
- * files and URL's, this is easy as they already have a namespace. Be extremely
- * careful about canonicalizing when relying on information from the user in an
- * access control decision.
- * <P>
- * For functions, data, and services, you will have to come up with your own
- * namespace for the resources being accessed. You might simply define a flat
- * namespace with a list of category names. For example, you might specify
- * 'FunctionA', 'FunctionB', and 'FunctionC'. Or you can create a richer
- * namespace with a hierarchical structure, such as:
- * <P>
- * /functions
- * <ul>
- * <li>purchasing</li>
- * <li>shipping</li>
- * <li>inventory</li>
- * </ul>
- * /admin
- * <ul>
- * <li>createUser</li>
- * <li>deleteUser</li>
- * </ul>
- * Once you've defined your namespace, you have to work out the rules that
- * govern access to the different parts of the namespace. This implementation
- * allows you to attach a simple access control list (ACL) to any part of the
- * namespace tree. The ACL lists a set of roles that are either allowed or
- * denied access to a part of the tree. You specify these rules in a textfile
- * with a simple format.
- * <P>
- * There is a single configuration file supporting each of the five methods in
- * the AccessController interface. These files are located in the ESAPI
- * resources directory as specified when the JVM was started. The use of a
- * default deny rule is STRONGLY recommended. The file format is as follows:
- * 
- * <pre>
- * path          | role,role   | allow/deny | comment
- * ------------------------------------------------------------------------------------
- * /banking/*    | user,admin  | allow      | authenticated users can access /banking
- * /admin        | admin       | allow      | only admin role can access /admin
- * /             | any         | deny       | default deny rule
- * </pre>
- * 
- * To find the matching rules, this implementation follows the general approach
- * used in Java EE when matching HTTP requests to servlets in web.xml. The four
- * mapping rules are used in the following order:
- * <ul>
- * <li>exact match, e.g. /access/login</li>
- * <li>longest path prefix match, beginning / and ending /*, e.g. /access/* or
- * /*</li>
- * <li>extension match, beginning *., e.g. *.css</li>
- * <li>default rule, specified by the single character pattern /</li>
- * </ul>
- * 
- * @author Mike Fauzy (mike.fauzy@aspectsecurity.com)
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- * @since June 1, 2007
- */
-public class FileBasedACRs {
-
-	/** The url map. */
-	private Map urlMap = new HashMap();
-
-	/** The function map. */
-	private Map functionMap = new HashMap();
-
-	/** The data map. */
-	private Map dataMap = new HashMap();
-
-	/** The file map. */
-	private Map fileMap = new HashMap();
-
-	/** The service map. */
-	private Map serviceMap = new HashMap();
-
-	/** A rule containing "deny". */
-	private Rule deny = new Rule();
-
-	/** The logger. */
-	private Logger logger = ESAPI.getLogger("FileBasedACRs");
-
-    /**
-	* Check if URL is authorized.
-	* @param url The URL tested for authorization
-	* @return {@code true} if access is allowed, {@code false} otherwise.
-	*/
-    public boolean isAuthorizedForURL(String url) {
-		if (urlMap==null || urlMap.isEmpty()) {
-			urlMap = loadRules("URLAccessRules.txt");
-		}
-		return matchRule(urlMap, url);
-	}
-
-    /**
-	* TODO Javadoc
-	*/
-    public boolean isAuthorizedForFunction(String functionName) throws AccessControlException {
-    	if (functionMap==null || functionMap.isEmpty()) {
-			functionMap = loadRules("FunctionAccessRules.txt");
-		}
-		return matchRule(functionMap, functionName);
-	}
-  
-    /**
-	* TODO Javadoc
-	*/
-    public boolean isAuthorizedForData(String action, Object data) throws AccessControlException{
-    	if (dataMap==null || dataMap.isEmpty()) {
-			dataMap = loadDataRules("DataAccessRules.txt");
-    	}		
-    	return matchRule(dataMap, (Class)data, action);    	
-    }
-    
-    /**
-	* TODO Javadoc
-	*/
-    public boolean isAuthorizedForFile(String filepath) throws AccessControlException {
-		if (fileMap==null || fileMap.isEmpty()) {
-			fileMap = loadRules("FileAccessRules.txt");
-		}
-		return matchRule(fileMap, filepath.replaceAll("\\\\","/"));
-	}
-
-    /**
-	* TODO Javadoc
-	*/
-    public boolean isAuthorizedForService(String serviceName) throws AccessControlException {    	
-		if (serviceMap==null || serviceMap.isEmpty()) {
-			serviceMap = loadRules("ServiceAccessRules.txt");
-		}
-		return matchRule(serviceMap, serviceName);
-	}
-
-	/**
-	 * Checks to see if the current user has access to the specified data, File, Object, etc.
-	 * If the User has access, as specified by the map parameter, this method returns true.  If the 
-	 * User does not have access or an exception is thrown, false is returned.
-	 * 
-	 * @param map
-	 *       the map containing access rules
-	 * @param path
-	 *       the path of the requested File, URL, Object, etc.
-	 * 
-	 * @return 
-	 * 		true, if the user has access, false otherwise
-	 * 
-	 */
-	private boolean matchRule(Map map, String path) {
-		// get users roles
-		User user = ESAPI.authenticator().getCurrentUser();
-		Set roles = user.getRoles();
-		// search for the first rule that matches the path and rules
-		Rule rule = searchForRule(map, roles, path);
-		return rule.allow;
-	}
-	
-	/**
-	 * Checks to see if the current user has access to the specified Class and action.
-	 * If the User has access, as specified by the map parameter, this method returns true.
-     * If the User does not have access or an exception is thrown, false is returned.
-	 * 
-	 * @param map
-	 *       the map containing access rules
-	 * @param clazz
-	 *       the Class being requested for access
-	 * @param action
-	 * 		 the action the User has asked to perform
-	 * @return 
-	 * 		true, if the user has access, false otherwise
-	 * 
-	 */
-	private boolean matchRule(Map map, Class clazz, String action) {
-		// get users roles
-		User user = ESAPI.authenticator().getCurrentUser();
-		Set roles = user.getRoles();
-		// search for the first rule that matches the path and rules
-		Rule rule = searchForRule(map, roles, clazz, action);
-		return rule != null;
-	}
-
-	/**
-	 * Search for rule. Four mapping rules are used in order: - exact match,
-	 * e.g. /access/login - longest path prefix match, beginning / and ending
-	 * /*, e.g. /access/* or /* - extension match, beginning *., e.g. *.css -
-	 * default servlet, specified by the single character pattern /
-	 * 
-	 * @param map
-	 *       the map containing access rules
-	 * @param roles
-	 *       the roles of the User being checked for access
-	 * @param path
-	 *       the File, URL, Object, etc. being checked for access
-	 * 
-	 * @return 
-	 *       the rule stating whether to allow or deny access
-	 * 
-	 */
-	private Rule searchForRule(Map map, Set roles, String path) {
-		String canonical = ESAPI.encoder().canonicalize(path);
-
-		String part = canonical;
-        if ( part == null ) {
-            part = "";
-        }
-        
-		while (part.endsWith("/")) {
-			part = part.substring(0, part.length() - 1);
-		}
-
-		if (part.indexOf("..") != -1) {
-			throw new IntrusionException("Attempt to manipulate access control path", "Attempt to manipulate access control path: " + path );
-		}
-		
-		// extract extension if any
-		String extension = "";
-		int extIndex = part.lastIndexOf(".");
-		if (extIndex != -1) {
-			extension = part.substring(extIndex + 1);
-		}
-
-		// Check for exact match - ignore any ending slash
-		Rule rule = (Rule) map.get(part);
-
-		// Check for ending with /*
-		if (rule == null)
-			rule = (Rule) map.get(part + "/*");
-
-		// Check for matching extension rule *.ext
-		if (rule == null)
-			rule = (Rule) map.get("*." + extension);
-
-		// if rule found and user's roles match rules' roles, return the rule
-		if (rule != null && overlap(rule.roles, roles))
-			return rule;
-
-		// rule hasn't been found - if there are no more parts, return a deny
-		int slash = part.lastIndexOf('/');
-		if ( slash == -1 ) {
-			return deny;
-		}
-		
-		// if there are more parts, strip off the last part and recurse
-		part = part.substring(0, part.lastIndexOf('/'));
-		
-		// return default deny
-		if (part.length() <= 1) {
-			return deny;
-		}
-		
-		return searchForRule(map, roles, part);
-	}
-	
-	/**
-	 * Search for rule. Searches the specified access map to see if any of the roles specified have 
-	 * access to perform the specified action on the specified Class.
-	 * 
-	 * @param map
-	 *      the map containing access rules
-	 * @param roles
-	 *      the roles used to determine access level
-	 * @param clazz
-	 *      the Class being requested for access
-	 * @param action
-	 * 		the action the User has asked to perform
-	 * 
-	 * @return 
-	 * 		the rule that allows the specified roles access to perform the requested action on the specified Class, or null if access is not granted
-	 * 
-	 */
-	private Rule searchForRule(Map map, Set roles, Class clazz, String action) {
-
-		// Check for exact match - ignore any ending slash
-		Rule rule = (Rule) map.get(clazz);
-		if( ( rule != null ) && ( overlap(rule.actions, action) ) && ( overlap(rule.roles, roles) )){
-			return rule;
-		}
-		return null;
-	}
-
-	/**
-	 * Return true if there is overlap between the two sets.  This method merely checks to see if 
-	 * ruleRoles contains any of the roles listed in userRoles.
-	 * 
-	 * @param ruleRoles
-	 *      the rule roles
-	 * @param userRoles
-	 *      the user roles
-	 * 
-	 * @return 
-	 * 		true, if any roles exist in both Sets.  False otherwise.
-	 */
-	private boolean overlap(Set ruleRoles, Set userRoles) {
-		if (ruleRoles.contains("any")) {
-			return true;
-		}
-		Iterator i = userRoles.iterator();
-		while (i.hasNext()) {
-			String role = (String) i.next();
-			if (ruleRoles.contains(role)) {
-				return true;
-			}
-		}
-		return false;
-	}
-	
-	/**
-	 * This method merely checks to see if ruleActions contains the action requested.
-	 * 
-	 * @param ruleActions
-	 *      actions listed for a rule
-	 * @param action
-	 *      the action requested that will be searched for in ruleActions
-	 * 
-	 * @return 
-	 * 		true, if any action exists in ruleActions.  False otherwise.
-	 */
-	private boolean overlap( List ruleActions, String action){
-		if( ruleActions.contains(action) )
-			return true;
-		return false;
-	}
-		
-	/**
-	 * Checks that the roles passed in contain only letters, numbers, and underscores.  Also checks that
-	 * roles are no more than 10 characters long.  If a role does not pass validation, it is not included in the 
-	 * list of roles returned by this method.  A log warning is also generated for any invalid roles.
-	 * 
-	 * @param roles
-	 * 		roles to validate according to criteria started above
-	 * @return
-	 * 		a List of roles that are valid according to the criteria stated above.
-	 * 
-	 */
-	private List validateRoles(List roles){
-		List ret = new ArrayList();	
-		for(int x = 0; x < roles.size(); x++){
-			String canonical = ESAPI.encoder().canonicalize(((String)roles.get(x)).trim());
-
-			if(!ESAPI.validator().isValidInput("Validating user roles in FileBasedAccessController", canonical, "RoleName", 20, false)) {
-				logger.warning( Logger.SECURITY_FAILURE, "Role: " + ((String)roles.get(x)).trim() + " is invalid, so was not added to the list of roles for this Rule.");
-			} else { 
-				ret.add(canonical.trim());
-			}
-		}
-		return ret;
-	}
-	
-	/**
-	 * Loads access rules by storing them in a hashmap.  This method begins reading the File specified by
-	 * the ruleset parameter, ignoring any lines that begin with '#' characters as comments.  Sections of the access rules file
-	 * are split by the pipe character ('|').  The method loads all paths, replacing '\' characters with '/' for uniformity then loads
-	 * the list of comma separated roles. The roles are validated to be sure they are within a 
-	 * length and character set, specified in the validateRoles(String) method.  Then the permissions are stored for each item in the rules list.
-	 * If the word "allow" appears on the line, the specified roles are granted access to the data - otherwise, they will be denied access.
-	 * 
-	 * Each path may only appear once in the access rules file.  Any entry, after the first, containing the same path will be logged and ignored. 
-	 *  
-	 * @param ruleset
-	 *      the name of the data that contains access rules
-	 * 
-	 * @return 
-	 * 		a hash map containing the ruleset
-	 */
-	private Map loadRules(String ruleset) {
-		ruleset = "fbac-policies/" + ruleset;
-		Map map = new HashMap();
-		InputStream is = null;
-		try {
-			is = ESAPI.securityConfiguration().getResourceStream(ruleset);
-			String line = "";
-			while ((line = ESAPI.validator().safeReadLine(is, 500)) != null) {
-				if (line.length() > 0 && line.charAt(0) != '#') {
-					Rule rule = new Rule();
-					String[] parts = line.split("\\|");
-					// fix Windows paths
-					rule.path = parts[0].trim().replaceAll("\\\\", "/");
-					
-					List roles = commaSplit(parts[1].trim().toLowerCase());
-					roles = validateRoles(roles);
-					for(int x = 0; x < roles.size(); x++)
-						rule.roles.add(((String)roles.get(x)).trim());
-					
-					String action = parts[2].trim();
-					rule.allow = action.equalsIgnoreCase("allow");
-					if (map.containsKey(rule.path)) {
-						logger.warning( Logger.SECURITY_FAILURE, "Problem in access control file. Duplicate rule ignored: " + rule);
-					} else {
-						map.put(rule.path, rule);
-					}
-				}
-			}
-		} catch (Exception e) {
-			logger.warning( Logger.SECURITY_FAILURE, "Problem in access control file: " + ruleset, e );
-		} finally {
-			try {
-				if (is != null) {
-					is.close();
-				}
-			} catch (IOException e) {
-				logger.warning(Logger.SECURITY_FAILURE, "Failure closing access control file: " + ruleset, e);
-			}
-		}
-		return map;
-	}
-	
-	/**
-	 * Loads access rules by storing them in a hashmap.  This method begins reading the File specified by
-	 * the ruleset parameter, ignoring any lines that begin with '#' characters as comments.  Sections of the access rules file
-	 * are split by the pipe character ('|').  The method then loads all Classes, loads the list of comma separated roles, then the list of comma separated actions.  
-	 * The roles are validated to be sure they are within a length and character set, specified in the validateRoles(String) method.  
-	 * 
-	 * Each path may only appear once in the access rules file.  Any entry, after the first, containing the same path will be logged and ignored. 
-	 *  
-	 * @param ruleset
-	 *      the name of the data that contains access rules
-	 * 
-	 * @return 
-	 * 		a hash map containing the ruleset
-	 */
-	private Map loadDataRules(String ruleset) {
-		Map map = new HashMap();
-		InputStream is = null;
-
-		try {
-			ruleset = "fbac-policies/" + ruleset;
-			is = ESAPI.securityConfiguration().getResourceStream(ruleset);
-			String line = "";
-			while ((line = ESAPI.validator().safeReadLine(is, 500)) != null) {
-				if (line.length() > 0 && line.charAt(0) != '#') {
-					Rule rule = new Rule();
-					String[] parts = line.split("\\|");
-					rule.clazz = Class.forName(parts[0].trim());
-					
-					List roles = commaSplit(parts[1].trim().toLowerCase());
-					roles = validateRoles(roles);
-					for(int x = 0; x < roles.size(); x++)
-						rule.roles.add(((String)roles.get(x)).trim());
-					
-					List action = commaSplit(parts[2].trim().toLowerCase());
-					for(int x = 0; x < action.size(); x++)
-						rule.actions.add(((String) action.get(x)).trim());
-					
-					if (map.containsKey(rule.path)) {
-						logger.warning( Logger.SECURITY_FAILURE, "Problem in access control file. Duplicate rule ignored: " + rule);
-					} else {
-						map.put(rule.clazz, rule);		
-					}
-				}
-			}
-		} catch (Exception e) {
-			logger.warning( Logger.SECURITY_FAILURE, "Problem in access control file : " + ruleset, e );
-		} finally {
-			
-			try {
-				if (is != null) {
-					is.close();
-				}
-			} catch (IOException e) {
-				logger.warning(Logger.SECURITY_FAILURE, "Failure closing access control file : " + ruleset, e);
-			}
-		}
-		return map;
-	}
-
-	/**
-	 * This method splits a String by the ',' and returns the result as a List.
-	 * 
-	 * @param input
-	 * 		the String to split by ','
-	 * @return
-	 * 		a List where each entry was on either side of a ',' in the original String
-	 */
-	private List commaSplit(String input){
-		String[] array = input.split(",");
-		return Arrays.asList(array);
-	}
-	
-	/**
-	 * The Class Rule.
-	 */
-	private class Rule {
-
-		
-		protected String path = "";
-
-		
-		protected Set roles = new HashSet();
-
-		
-		protected boolean allow = false;
-		
-		
-		protected Class clazz = null;
-		
-		
-		protected List actions = new ArrayList();
-
-		/**
-		 * 
-		 * Creates a new Rule object.
-		 */
-		protected Rule() {
-			// to replace synthetic accessor method
-		}
-
-		/**
-	     * {@inheritDoc}
-		 */
-		public String toString() {
-			return "URL:" + path + " | " + roles + " | " + (allow ? "allow" : "deny");
-		}
-	}
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Mike Fauzy <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference.accesscontrol;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.User;
+import org.owasp.esapi.errors.AccessControlException;
+import org.owasp.esapi.errors.EncodingException;
+import org.owasp.esapi.errors.IntrusionException;
+
+// CHECKME: If this exists for backward compatibility, should this
+//          class be deprecated??? If so, mark it using annotation.
+/**
+ * This class exists for backwards compatibility with the AccessController 1.0 
+ * reference implementation.
+ *
+ * This reference implementation uses a simple model for specifying a set of
+ * access control rules. Many organizations will want to create their own
+ * implementation of the methods provided in the AccessController interface.
+ * <P>
+ * This reference implementation uses a simple scheme for specifying the rules.
+ * The first step is to create a namespace for the resources being accessed. For
+ * files and URL's, this is easy as they already have a namespace. Be extremely
+ * careful about canonicalizing when relying on information from the user in an
+ * access control decision.
+ * <P>
+ * For functions, data, and services, you will have to come up with your own
+ * namespace for the resources being accessed. You might simply define a flat
+ * namespace with a list of category names. For example, you might specify
+ * 'FunctionA', 'FunctionB', and 'FunctionC'. Or you can create a richer
+ * namespace with a hierarchical structure, such as:
+ * <P>
+ * /functions
+ * <ul>
+ * <li>purchasing</li>
+ * <li>shipping</li>
+ * <li>inventory</li>
+ * </ul>
+ * /admin
+ * <ul>
+ * <li>createUser</li>
+ * <li>deleteUser</li>
+ * </ul>
+ * Once you've defined your namespace, you have to work out the rules that
+ * govern access to the different parts of the namespace. This implementation
+ * allows you to attach a simple access control list (ACL) to any part of the
+ * namespace tree. The ACL lists a set of roles that are either allowed or
+ * denied access to a part of the tree. You specify these rules in a textfile
+ * with a simple format.
+ * <P>
+ * There is a single configuration file supporting each of the five methods in
+ * the AccessController interface. These files are located in the ESAPI
+ * resources directory as specified when the JVM was started. The use of a
+ * default deny rule is STRONGLY recommended. The file format is as follows:
+ * 
+ * <pre>
+ * path          | role,role   | allow/deny | comment
+ * ------------------------------------------------------------------------------------
+ * /banking/*    | user,admin  | allow      | authenticated users can access /banking
+ * /admin        | admin       | allow      | only admin role can access /admin
+ * /             | any         | deny       | default deny rule
+ * </pre>
+ * 
+ * To find the matching rules, this implementation follows the general approach
+ * used in Java EE when matching HTTP requests to servlets in web.xml. The four
+ * mapping rules are used in the following order:
+ * <ul>
+ * <li>exact match, e.g. /access/login</li>
+ * <li>longest path prefix match, beginning / and ending /*, e.g. /access/* or
+ * /*</li>
+ * <li>extension match, beginning *., e.g. *.css</li>
+ * <li>default rule, specified by the single character pattern /</li>
+ * </ul>
+ * 
+ * @author Mike Fauzy (mike.fauzy@aspectsecurity.com)
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ * @since June 1, 2007
+ */
+public class FileBasedACRs {
+
+	/** The url map. */
+	private Map urlMap = new HashMap();
+
+	/** The function map. */
+	private Map functionMap = new HashMap();
+
+	/** The data map. */
+	private Map dataMap = new HashMap();
+
+	/** The file map. */
+	private Map fileMap = new HashMap();
+
+	/** The service map. */
+	private Map serviceMap = new HashMap();
+
+	/** A rule containing "deny". */
+	private Rule deny = new Rule();
+
+	/** The logger. */
+	private Logger logger = ESAPI.getLogger("FileBasedACRs");
+
+    /**
+	* Check if URL is authorized.
+	* @param url The URL tested for authorization
+	* @return {@code true} if access is allowed, {@code false} otherwise.
+	*/
+    public boolean isAuthorizedForURL(String url) {
+		if (urlMap==null || urlMap.isEmpty()) {
+			urlMap = loadRules("URLAccessRules.txt");
+		}
+		return matchRule(urlMap, url);
+	}
+
+    /**
+	* TODO Javadoc
+	*/
+    public boolean isAuthorizedForFunction(String functionName) throws AccessControlException {
+    	if (functionMap==null || functionMap.isEmpty()) {
+			functionMap = loadRules("FunctionAccessRules.txt");
+		}
+		return matchRule(functionMap, functionName);
+	}
+  
+    /**
+	* TODO Javadoc
+	*/
+    public boolean isAuthorizedForData(String action, Object data) throws AccessControlException{
+    	if (dataMap==null || dataMap.isEmpty()) {
+			dataMap = loadDataRules("DataAccessRules.txt");
+    	}		
+    	return matchRule(dataMap, (Class)data, action);    	
+    }
+    
+    /**
+	* TODO Javadoc
+	*/
+    public boolean isAuthorizedForFile(String filepath) throws AccessControlException {
+		if (fileMap==null || fileMap.isEmpty()) {
+			fileMap = loadRules("FileAccessRules.txt");
+		}
+		return matchRule(fileMap, filepath.replaceAll("\\\\","/"));
+	}
+
+    /**
+	* TODO Javadoc
+	*/
+    public boolean isAuthorizedForService(String serviceName) throws AccessControlException {    	
+		if (serviceMap==null || serviceMap.isEmpty()) {
+			serviceMap = loadRules("ServiceAccessRules.txt");
+		}
+		return matchRule(serviceMap, serviceName);
+	}
+
+	/**
+	 * Checks to see if the current user has access to the specified data, File, Object, etc.
+	 * If the User has access, as specified by the map parameter, this method returns true.  If the 
+	 * User does not have access or an exception is thrown, false is returned.
+	 * 
+	 * @param map
+	 *       the map containing access rules
+	 * @param path
+	 *       the path of the requested File, URL, Object, etc.
+	 * 
+	 * @return 
+	 * 		true, if the user has access, false otherwise
+	 * 
+	 */
+	private boolean matchRule(Map map, String path) {
+		// get users roles
+		User user = ESAPI.authenticator().getCurrentUser();
+		Set roles = user.getRoles();
+		// search for the first rule that matches the path and rules
+		Rule rule = searchForRule(map, roles, path);
+		return rule.allow;
+	}
+	
+	/**
+	 * Checks to see if the current user has access to the specified Class and action.
+	 * If the User has access, as specified by the map parameter, this method returns true.
+     * If the User does not have access or an exception is thrown, false is returned.
+	 * 
+	 * @param map
+	 *       the map containing access rules
+	 * @param clazz
+	 *       the Class being requested for access
+	 * @param action
+	 * 		 the action the User has asked to perform
+	 * @return 
+	 * 		true, if the user has access, false otherwise
+	 * 
+	 */
+	private boolean matchRule(Map map, Class clazz, String action) {
+		// get users roles
+		User user = ESAPI.authenticator().getCurrentUser();
+		Set roles = user.getRoles();
+		// search for the first rule that matches the path and rules
+		Rule rule = searchForRule(map, roles, clazz, action);
+		return rule != null;
+	}
+
+	/**
+	 * Search for rule. Four mapping rules are used in order: - exact match,
+	 * e.g. /access/login - longest path prefix match, beginning / and ending
+	 * /*, e.g. /access/* or /* - extension match, beginning *., e.g. *.css -
+	 * default servlet, specified by the single character pattern /
+	 * 
+	 * @param map
+	 *       the map containing access rules
+	 * @param roles
+	 *       the roles of the User being checked for access
+	 * @param path
+	 *       the File, URL, Object, etc. being checked for access
+	 * 
+	 * @return 
+	 *       the rule stating whether to allow or deny access
+	 * 
+	 */
+	private Rule searchForRule(Map map, Set roles, String path) {
+		String canonical = ESAPI.encoder().canonicalize(path);
+
+		String part = canonical;
+        if ( part == null ) {
+            part = "";
+        }
+        
+		while (part.endsWith("/")) {
+			part = part.substring(0, part.length() - 1);
+		}
+
+		if (part.indexOf("..") != -1) {
+			throw new IntrusionException("Attempt to manipulate access control path", "Attempt to manipulate access control path: " + path );
+		}
+		
+		// extract extension if any
+		String extension = "";
+		int extIndex = part.lastIndexOf(".");
+		if (extIndex != -1) {
+			extension = part.substring(extIndex + 1);
+		}
+
+		// Check for exact match - ignore any ending slash
+		Rule rule = (Rule) map.get(part);
+
+		// Check for ending with /*
+		if (rule == null)
+			rule = (Rule) map.get(part + "/*");
+
+		// Check for matching extension rule *.ext
+		if (rule == null)
+			rule = (Rule) map.get("*." + extension);
+
+		// if rule found and user's roles match rules' roles, return the rule
+		if (rule != null && overlap(rule.roles, roles))
+			return rule;
+
+		// rule hasn't been found - if there are no more parts, return a deny
+		int slash = part.lastIndexOf('/');
+		if ( slash == -1 ) {
+			return deny;
+		}
+		
+		// if there are more parts, strip off the last part and recurse
+		part = part.substring(0, part.lastIndexOf('/'));
+		
+		// return default deny
+		if (part.length() <= 1) {
+			return deny;
+		}
+		
+		return searchForRule(map, roles, part);
+	}
+	
+	/**
+	 * Search for rule. Searches the specified access map to see if any of the roles specified have 
+	 * access to perform the specified action on the specified Class.
+	 * 
+	 * @param map
+	 *      the map containing access rules
+	 * @param roles
+	 *      the roles used to determine access level
+	 * @param clazz
+	 *      the Class being requested for access
+	 * @param action
+	 * 		the action the User has asked to perform
+	 * 
+	 * @return 
+	 * 		the rule that allows the specified roles access to perform the requested action on the specified Class, or null if access is not granted
+	 * 
+	 */
+	private Rule searchForRule(Map map, Set roles, Class clazz, String action) {
+
+		// Check for exact match - ignore any ending slash
+		Rule rule = (Rule) map.get(clazz);
+		if( ( rule != null ) && ( overlap(rule.actions, action) ) && ( overlap(rule.roles, roles) )){
+			return rule;
+		}
+		return null;
+	}
+
+	/**
+	 * Return true if there is overlap between the two sets.  This method merely checks to see if 
+	 * ruleRoles contains any of the roles listed in userRoles.
+	 * 
+	 * @param ruleRoles
+	 *      the rule roles
+	 * @param userRoles
+	 *      the user roles
+	 * 
+	 * @return 
+	 * 		true, if any roles exist in both Sets.  False otherwise.
+	 */
+	private boolean overlap(Set ruleRoles, Set userRoles) {
+		if (ruleRoles.contains("any")) {
+			return true;
+		}
+		Iterator i = userRoles.iterator();
+		while (i.hasNext()) {
+			String role = (String) i.next();
+			if (ruleRoles.contains(role)) {
+				return true;
+			}
+		}
+		return false;
+	}
+	
+	/**
+	 * This method merely checks to see if ruleActions contains the action requested.
+	 * 
+	 * @param ruleActions
+	 *      actions listed for a rule
+	 * @param action
+	 *      the action requested that will be searched for in ruleActions
+	 * 
+	 * @return 
+	 * 		true, if any action exists in ruleActions.  False otherwise.
+	 */
+	private boolean overlap( List ruleActions, String action){
+		if( ruleActions.contains(action) )
+			return true;
+		return false;
+	}
+		
+	/**
+	 * Checks that the roles passed in contain only letters, numbers, and underscores.  Also checks that
+	 * roles are no more than 10 characters long.  If a role does not pass validation, it is not included in the 
+	 * list of roles returned by this method.  A log warning is also generated for any invalid roles.
+	 * 
+	 * @param roles
+	 * 		roles to validate according to criteria started above
+	 * @return
+	 * 		a List of roles that are valid according to the criteria stated above.
+	 * 
+	 */
+	private List validateRoles(List roles){
+		List ret = new ArrayList();	
+		for(int x = 0; x < roles.size(); x++){
+			String canonical = ESAPI.encoder().canonicalize(((String)roles.get(x)).trim());
+
+			if(!ESAPI.validator().isValidInput("Validating user roles in FileBasedAccessController", canonical, "RoleName", 20, false)) {
+				logger.warning( Logger.SECURITY_FAILURE, "Role: " + ((String)roles.get(x)).trim() + " is invalid, so was not added to the list of roles for this Rule.");
+			} else { 
+				ret.add(canonical.trim());
+			}
+		}
+		return ret;
+	}
+	
+	/**
+	 * Loads access rules by storing them in a hashmap.  This method begins reading the File specified by
+	 * the ruleset parameter, ignoring any lines that begin with '#' characters as comments.  Sections of the access rules file
+	 * are split by the pipe character ('|').  The method loads all paths, replacing '\' characters with '/' for uniformity then loads
+	 * the list of comma separated roles. The roles are validated to be sure they are within a 
+	 * length and character set, specified in the validateRoles(String) method.  Then the permissions are stored for each item in the rules list.
+	 * If the word "allow" appears on the line, the specified roles are granted access to the data - otherwise, they will be denied access.
+	 * 
+	 * Each path may only appear once in the access rules file.  Any entry, after the first, containing the same path will be logged and ignored. 
+	 *  
+	 * @param ruleset
+	 *      the name of the data that contains access rules
+	 * 
+	 * @return 
+	 * 		a hash map containing the ruleset
+	 */
+	private Map loadRules(String ruleset) {
+		ruleset = "fbac-policies/" + ruleset;
+		Map map = new HashMap();
+		InputStream is = null;
+		try {
+			is = ESAPI.securityConfiguration().getResourceStream(ruleset);
+			String line = "";
+			while ((line = ESAPI.validator().safeReadLine(is, 500)) != null) {
+				if (line.length() > 0 && line.charAt(0) != '#') {
+					Rule rule = new Rule();
+					String[] parts = line.split("\\|");
+					// fix Windows paths
+					rule.path = parts[0].trim().replaceAll("\\\\", "/");
+					
+					List roles = commaSplit(parts[1].trim().toLowerCase());
+					roles = validateRoles(roles);
+					for(int x = 0; x < roles.size(); x++)
+						rule.roles.add(((String)roles.get(x)).trim());
+					
+					String action = parts[2].trim();
+					rule.allow = action.equalsIgnoreCase("allow");
+					if (map.containsKey(rule.path)) {
+						logger.warning( Logger.SECURITY_FAILURE, "Problem in access control file. Duplicate rule ignored: " + rule);
+					} else {
+						map.put(rule.path, rule);
+					}
+				}
+			}
+		} catch (Exception e) {
+			logger.warning( Logger.SECURITY_FAILURE, "Problem in access control file: " + ruleset, e );
+		} finally {
+			try {
+				if (is != null) {
+					is.close();
+				}
+			} catch (IOException e) {
+				logger.warning(Logger.SECURITY_FAILURE, "Failure closing access control file: " + ruleset, e);
+			}
+		}
+		return map;
+	}
+	
+	/**
+	 * Loads access rules by storing them in a hashmap.  This method begins reading the File specified by
+	 * the ruleset parameter, ignoring any lines that begin with '#' characters as comments.  Sections of the access rules file
+	 * are split by the pipe character ('|').  The method then loads all Classes, loads the list of comma separated roles, then the list of comma separated actions.  
+	 * The roles are validated to be sure they are within a length and character set, specified in the validateRoles(String) method.  
+	 * 
+	 * Each path may only appear once in the access rules file.  Any entry, after the first, containing the same path will be logged and ignored. 
+	 *  
+	 * @param ruleset
+	 *      the name of the data that contains access rules
+	 * 
+	 * @return 
+	 * 		a hash map containing the ruleset
+	 */
+	private Map loadDataRules(String ruleset) {
+		Map map = new HashMap();
+		InputStream is = null;
+
+		try {
+			ruleset = "fbac-policies/" + ruleset;
+			is = ESAPI.securityConfiguration().getResourceStream(ruleset);
+			String line = "";
+			while ((line = ESAPI.validator().safeReadLine(is, 500)) != null) {
+				if (line.length() > 0 && line.charAt(0) != '#') {
+					Rule rule = new Rule();
+					String[] parts = line.split("\\|");
+					rule.clazz = Class.forName(parts[0].trim());
+					
+					List roles = commaSplit(parts[1].trim().toLowerCase());
+					roles = validateRoles(roles);
+					for(int x = 0; x < roles.size(); x++)
+						rule.roles.add(((String)roles.get(x)).trim());
+					
+					List action = commaSplit(parts[2].trim().toLowerCase());
+					for(int x = 0; x < action.size(); x++)
+						rule.actions.add(((String) action.get(x)).trim());
+					
+					if (map.containsKey(rule.path)) {
+						logger.warning( Logger.SECURITY_FAILURE, "Problem in access control file. Duplicate rule ignored: " + rule);
+					} else {
+						map.put(rule.clazz, rule);		
+					}
+				}
+			}
+		} catch (Exception e) {
+			logger.warning( Logger.SECURITY_FAILURE, "Problem in access control file : " + ruleset, e );
+		} finally {
+			
+			try {
+				if (is != null) {
+					is.close();
+				}
+			} catch (IOException e) {
+				logger.warning(Logger.SECURITY_FAILURE, "Failure closing access control file : " + ruleset, e);
+			}
+		}
+		return map;
+	}
+
+	/**
+	 * This method splits a String by the ',' and returns the result as a List.
+	 * 
+	 * @param input
+	 * 		the String to split by ','
+	 * @return
+	 * 		a List where each entry was on either side of a ',' in the original String
+	 */
+	private List commaSplit(String input){
+		String[] array = input.split(",");
+		return Arrays.asList(array);
+	}
+	
+	/**
+	 * The Class Rule.
+	 */
+	private class Rule {
+
+		
+		protected String path = "";
+
+		
+		protected Set roles = new HashSet();
+
+		
+		protected boolean allow = false;
+		
+		
+		protected Class clazz = null;
+		
+		
+		protected List actions = new ArrayList();
+
+		/**
+		 * 
+		 * Creates a new Rule object.
+		 */
+		protected Rule() {
+			// to replace synthetic accessor method
+		}
+
+		/**
+	     * {@inheritDoc}
+		 */
+		public String toString() {
+			return "URL:" + path + " | " + roles + " | " + (allow ? "allow" : "deny");
+		}
+	}
+}

From bc4aca0c458d102eedcd61a85148b18e9bae2cd6 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:49 -0500
Subject: [PATCH 146/812] Change CRLF to LF for issue 356.

---
 .../ACRParameterLoaderHelper.java             | 92 +++++++++----------
 1 file changed, 46 insertions(+), 46 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRParameterLoaderHelper.java b/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRParameterLoaderHelper.java
index 720dcc3cf..22be7f0f3 100644
--- a/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRParameterLoaderHelper.java
+++ b/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRParameterLoaderHelper.java
@@ -1,46 +1,46 @@
-package org.owasp.esapi.reference.accesscontrol.policyloader;
-
-import org.apache.commons.configuration.XMLConfiguration;
-
-final public class ACRParameterLoaderHelper {
-	
-	public static Object getParameterValue(XMLConfiguration config, int currentRule, int currentParameter, String parameterType) throws Exception {
-		String key = "AccessControlRules.AccessControlRule(" + 
-			currentRule + ").Parameters.Parameter(" + currentParameter + ")[@value]";
-		Object parameterValue;
-		if("String".equalsIgnoreCase(parameterType)) {
-			parameterValue = config.getString(key);
-		} else if("StringArray".equalsIgnoreCase(parameterType)) {
-			parameterValue = config.getStringArray(key);
-		} else if("Boolean".equalsIgnoreCase(parameterType)){ 
-			parameterValue = config.getBoolean(key);
-		} else if("Byte".equalsIgnoreCase(parameterType)){ 
-			parameterValue = config.getByte(key);
-		} else if("Int".equalsIgnoreCase(parameterType)){ 
-			parameterValue = config.getInt(key);
-		} else if("Long".equalsIgnoreCase(parameterType)){ 
-			parameterValue = config.getLong(key);
-		} else if("Float".equalsIgnoreCase(parameterType)){ 
-			parameterValue = config.getFloat(key);
-		} else if("Double".equalsIgnoreCase(parameterType)){ 
-			parameterValue = config.getDouble(key);
-		} else if("BigDecimal".equalsIgnoreCase(parameterType)){ 
-			parameterValue = config.getBigDecimal(key);
-		} else if("BigInteger".equalsIgnoreCase(parameterType)){ 
-			parameterValue = config.getBigInteger(key);
-		} else if("Date".equalsIgnoreCase(parameterType)){
-			parameterValue = java.text.DateFormat.getDateInstance().parse(config.getString(key));
-		} else if("Time".equalsIgnoreCase(parameterType)){
-			java.text.SimpleDateFormat sdf = new java.text.SimpleDateFormat("h:mm a");
-			parameterValue = sdf.parseObject(config.getString(key)); 
-//			parameterValue = java.text.DateFormat.getTimeInstance().parse(config.getString(key));
-		}		
-		//add timestamp. check for other stuff.
-		else {
-			throw new IllegalArgumentException("Unable to load the key \"" + key 
-					+ "\", because " + "the type \"" + parameterType + 
-					"\" was not recognized." );
-		}
-		return parameterValue;
-	}	
-}
+package org.owasp.esapi.reference.accesscontrol.policyloader;
+
+import org.apache.commons.configuration.XMLConfiguration;
+
+final public class ACRParameterLoaderHelper {
+	
+	public static Object getParameterValue(XMLConfiguration config, int currentRule, int currentParameter, String parameterType) throws Exception {
+		String key = "AccessControlRules.AccessControlRule(" + 
+			currentRule + ").Parameters.Parameter(" + currentParameter + ")[@value]";
+		Object parameterValue;
+		if("String".equalsIgnoreCase(parameterType)) {
+			parameterValue = config.getString(key);
+		} else if("StringArray".equalsIgnoreCase(parameterType)) {
+			parameterValue = config.getStringArray(key);
+		} else if("Boolean".equalsIgnoreCase(parameterType)){ 
+			parameterValue = config.getBoolean(key);
+		} else if("Byte".equalsIgnoreCase(parameterType)){ 
+			parameterValue = config.getByte(key);
+		} else if("Int".equalsIgnoreCase(parameterType)){ 
+			parameterValue = config.getInt(key);
+		} else if("Long".equalsIgnoreCase(parameterType)){ 
+			parameterValue = config.getLong(key);
+		} else if("Float".equalsIgnoreCase(parameterType)){ 
+			parameterValue = config.getFloat(key);
+		} else if("Double".equalsIgnoreCase(parameterType)){ 
+			parameterValue = config.getDouble(key);
+		} else if("BigDecimal".equalsIgnoreCase(parameterType)){ 
+			parameterValue = config.getBigDecimal(key);
+		} else if("BigInteger".equalsIgnoreCase(parameterType)){ 
+			parameterValue = config.getBigInteger(key);
+		} else if("Date".equalsIgnoreCase(parameterType)){
+			parameterValue = java.text.DateFormat.getDateInstance().parse(config.getString(key));
+		} else if("Time".equalsIgnoreCase(parameterType)){
+			java.text.SimpleDateFormat sdf = new java.text.SimpleDateFormat("h:mm a");
+			parameterValue = sdf.parseObject(config.getString(key)); 
+//			parameterValue = java.text.DateFormat.getTimeInstance().parse(config.getString(key));
+		}		
+		//add timestamp. check for other stuff.
+		else {
+			throw new IllegalArgumentException("Unable to load the key \"" + key 
+					+ "\", because " + "the type \"" + parameterType + 
+					"\" was not recognized." );
+		}
+		return parameterValue;
+	}	
+}

From c8d082d22d111ee05d21daf31f65e4271a98c87b Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:49 -0500
Subject: [PATCH 147/812] Change CRLF to LF for issue 356.

---
 .../policyloader/ACRParameterLoader.java       | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRParameterLoader.java b/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRParameterLoader.java
index 7de31d940..c4456619c 100644
--- a/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRParameterLoader.java
+++ b/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRParameterLoader.java
@@ -1,9 +1,9 @@
-package org.owasp.esapi.reference.accesscontrol.policyloader;
-
-import org.apache.commons.configuration.XMLConfiguration;
-
-
-public interface ACRParameterLoader <T> {
-	public abstract T getParameters(XMLConfiguration config, int currentRule)
-		throws java.lang.Exception; //TODO this exception could be more specific
-}
+package org.owasp.esapi.reference.accesscontrol.policyloader;
+
+import org.apache.commons.configuration.XMLConfiguration;
+
+
+public interface ACRParameterLoader <T> {
+	public abstract T getParameters(XMLConfiguration config, int currentRule)
+		throws java.lang.Exception; //TODO this exception could be more specific
+}

From 52a4461d697e2a77aae89b3f4ff8d2f7a9df2427 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:49 -0500
Subject: [PATCH 148/812] Change CRLF to LF for issue 356.

---
 .../policyloader/ACRPolicyFileLoader.java     | 196 +++++++++---------
 1 file changed, 98 insertions(+), 98 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRPolicyFileLoader.java b/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRPolicyFileLoader.java
index d0ce3615c..17f0aa079 100644
--- a/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRPolicyFileLoader.java
+++ b/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRPolicyFileLoader.java
@@ -1,99 +1,99 @@
-package org.owasp.esapi.reference.accesscontrol.policyloader;
-
-import java.io.File;
-import java.util.Collection;
-
-import org.apache.commons.configuration.ConfigurationException;
-import org.apache.commons.configuration.XMLConfiguration;
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.Logger;
-import org.owasp.esapi.errors.AccessControlException;
-
-final public class ACRPolicyFileLoader {
-	protected final Logger logger = ESAPI.getLogger("ACRPolicyFileLoader");
-	
-	public PolicyDTO load() throws AccessControlException {
-		PolicyDTO policyDTO = new PolicyDTO();
-		XMLConfiguration config;
-		File file = ESAPI.securityConfiguration().getResourceFile("ESAPI-AccessControlPolicy.xml"); 
-		try
-		{
-		    config = new XMLConfiguration(file);		    
-		}
-		catch(ConfigurationException cex)
-		{
-			if(file == null) {
-				throw new AccessControlException("Unable to load configuration file for the following: " + "ESAPI-AccessControlPolicy.xml", "", cex);
-			}
-		    throw new AccessControlException("Unable to load configuration file from the following location: " + file.getAbsolutePath(), "", cex);
-		} 
-
-		Object property = config.getProperty("AccessControlRules.AccessControlRule[@name]");
-		logger.info(Logger.EVENT_SUCCESS, "Loading Property: " + property);
-		int numberOfRules = 0;
-		if(property instanceof Collection) {
-			numberOfRules = ((Collection)property).size();
-		} //implied else property == null -> return new PolicyDTO
-				 
-		String ruleName = "";
-		String ruleClass = "";
-		Object rulePolicyParameter = null;
-		int currentRule = 0;
-	    try {	    	
-	    	logger.info(Logger.EVENT_SUCCESS, "Number of rules: " + numberOfRules);
-			for(currentRule = 0; currentRule < numberOfRules; currentRule++) {
-				logger.trace(Logger.EVENT_SUCCESS, "----");
-				ruleName = config.getString("AccessControlRules.AccessControlRule(" + currentRule + ")[@name]");
-				logger.trace(Logger.EVENT_SUCCESS, "Rule name: " + ruleName);
-				ruleClass = config.getString("AccessControlRules.AccessControlRule(" + currentRule + ")[@class]");
-				logger.trace(Logger.EVENT_SUCCESS, "Rule Class: " + ruleClass);
-				rulePolicyParameter = getPolicyParameter(config, currentRule);
-				logger.trace(Logger.EVENT_SUCCESS, "rulePolicyParameters: " + rulePolicyParameter);
-				policyDTO.addAccessControlRule(
-						ruleName,
-						ruleClass,
-						rulePolicyParameter);		    	
-			}
-			logger.info(Logger.EVENT_SUCCESS, "policyDTO loaded: " + policyDTO);
-		} catch (Exception e) {
-			throw new AccessControlException("Unable to load AccessControlRule parameter. " + 
-					" Rule number: " + currentRule + 
-					" Probably: Rule.name: " + ruleName +
-					" Probably: Rule.class: " + ruleClass +
-					e.getMessage(), "", e);
-		}
-		return policyDTO;
-	}
-
-	protected Object getPolicyParameter(XMLConfiguration config, int currentRule)
-		throws ClassNotFoundException, IllegalAccessException, InstantiationException, Exception {
-		//If there aren't any properties: short circuit and return null.
-//		Properties tempParameters = config.getProperties("AccessControlRules.AccessControlRule(" + currentRule + ").Parameters.Parameter[@name]");
-		Object property = config.getProperty("AccessControlRules.AccessControlRule(" + currentRule + ").Parameters.Parameter[@name]");
-		if(property == null) {
-			return null;
-		}
-		
-		int numberOfProperties = 0;		
-		if(property instanceof Collection) {
-			numberOfProperties = ((Collection)property).size(); 
-		} else {
-			numberOfProperties = 1;
-		}
-		logger.info(Logger.EVENT_SUCCESS, "Number of properties: " + numberOfProperties);
-		
-		if(numberOfProperties < 1) {
-			return null;
-		}
-		String parametersLoaderClassName = config.getString("AccessControlRules.AccessControlRule(" + currentRule + ").Parameters[@parametersLoader]");
-		if("".equals(parametersLoaderClassName) || parametersLoaderClassName == null) {
-			//this default should have a properties file override option
-			parametersLoaderClassName = "org.owasp.esapi.reference.accesscontrol.policyloader.DynaBeanACRParameterLoader";
-		}
-		logger.info(Logger.EVENT_SUCCESS, "Parameters Loader:" + parametersLoaderClassName);
-		ACRParameterLoader acrParamaterLoader = 
-			(ACRParameterLoader)
-			Class.forName(parametersLoaderClassName).newInstance();
-		return acrParamaterLoader.getParameters(config, currentRule);		
-	}
+package org.owasp.esapi.reference.accesscontrol.policyloader;
+
+import java.io.File;
+import java.util.Collection;
+
+import org.apache.commons.configuration.ConfigurationException;
+import org.apache.commons.configuration.XMLConfiguration;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.errors.AccessControlException;
+
+final public class ACRPolicyFileLoader {
+	protected final Logger logger = ESAPI.getLogger("ACRPolicyFileLoader");
+	
+	public PolicyDTO load() throws AccessControlException {
+		PolicyDTO policyDTO = new PolicyDTO();
+		XMLConfiguration config;
+		File file = ESAPI.securityConfiguration().getResourceFile("ESAPI-AccessControlPolicy.xml"); 
+		try
+		{
+		    config = new XMLConfiguration(file);		    
+		}
+		catch(ConfigurationException cex)
+		{
+			if(file == null) {
+				throw new AccessControlException("Unable to load configuration file for the following: " + "ESAPI-AccessControlPolicy.xml", "", cex);
+			}
+		    throw new AccessControlException("Unable to load configuration file from the following location: " + file.getAbsolutePath(), "", cex);
+		} 
+
+		Object property = config.getProperty("AccessControlRules.AccessControlRule[@name]");
+		logger.info(Logger.EVENT_SUCCESS, "Loading Property: " + property);
+		int numberOfRules = 0;
+		if(property instanceof Collection) {
+			numberOfRules = ((Collection)property).size();
+		} //implied else property == null -> return new PolicyDTO
+				 
+		String ruleName = "";
+		String ruleClass = "";
+		Object rulePolicyParameter = null;
+		int currentRule = 0;
+	    try {	    	
+	    	logger.info(Logger.EVENT_SUCCESS, "Number of rules: " + numberOfRules);
+			for(currentRule = 0; currentRule < numberOfRules; currentRule++) {
+				logger.trace(Logger.EVENT_SUCCESS, "----");
+				ruleName = config.getString("AccessControlRules.AccessControlRule(" + currentRule + ")[@name]");
+				logger.trace(Logger.EVENT_SUCCESS, "Rule name: " + ruleName);
+				ruleClass = config.getString("AccessControlRules.AccessControlRule(" + currentRule + ")[@class]");
+				logger.trace(Logger.EVENT_SUCCESS, "Rule Class: " + ruleClass);
+				rulePolicyParameter = getPolicyParameter(config, currentRule);
+				logger.trace(Logger.EVENT_SUCCESS, "rulePolicyParameters: " + rulePolicyParameter);
+				policyDTO.addAccessControlRule(
+						ruleName,
+						ruleClass,
+						rulePolicyParameter);		    	
+			}
+			logger.info(Logger.EVENT_SUCCESS, "policyDTO loaded: " + policyDTO);
+		} catch (Exception e) {
+			throw new AccessControlException("Unable to load AccessControlRule parameter. " + 
+					" Rule number: " + currentRule + 
+					" Probably: Rule.name: " + ruleName +
+					" Probably: Rule.class: " + ruleClass +
+					e.getMessage(), "", e);
+		}
+		return policyDTO;
+	}
+
+	protected Object getPolicyParameter(XMLConfiguration config, int currentRule)
+		throws ClassNotFoundException, IllegalAccessException, InstantiationException, Exception {
+		//If there aren't any properties: short circuit and return null.
+//		Properties tempParameters = config.getProperties("AccessControlRules.AccessControlRule(" + currentRule + ").Parameters.Parameter[@name]");
+		Object property = config.getProperty("AccessControlRules.AccessControlRule(" + currentRule + ").Parameters.Parameter[@name]");
+		if(property == null) {
+			return null;
+		}
+		
+		int numberOfProperties = 0;		
+		if(property instanceof Collection) {
+			numberOfProperties = ((Collection)property).size(); 
+		} else {
+			numberOfProperties = 1;
+		}
+		logger.info(Logger.EVENT_SUCCESS, "Number of properties: " + numberOfProperties);
+		
+		if(numberOfProperties < 1) {
+			return null;
+		}
+		String parametersLoaderClassName = config.getString("AccessControlRules.AccessControlRule(" + currentRule + ").Parameters[@parametersLoader]");
+		if("".equals(parametersLoaderClassName) || parametersLoaderClassName == null) {
+			//this default should have a properties file override option
+			parametersLoaderClassName = "org.owasp.esapi.reference.accesscontrol.policyloader.DynaBeanACRParameterLoader";
+		}
+		logger.info(Logger.EVENT_SUCCESS, "Parameters Loader:" + parametersLoaderClassName);
+		ACRParameterLoader acrParamaterLoader = 
+			(ACRParameterLoader)
+			Class.forName(parametersLoaderClassName).newInstance();
+		return acrParamaterLoader.getParameters(config, currentRule);		
+	}
 }
\ No newline at end of file

From 10272b8a1c319f1f8bd4735880d936eadc88c20a Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:49 -0500
Subject: [PATCH 149/812] Change CRLF to LF for issue 356.

---
 .../DynaBeanACRParameterLoader.java           | 60 +++++++++----------
 1 file changed, 30 insertions(+), 30 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/DynaBeanACRParameterLoader.java b/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/DynaBeanACRParameterLoader.java
index acf7c1096..d57b48872 100644
--- a/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/DynaBeanACRParameterLoader.java
+++ b/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/DynaBeanACRParameterLoader.java
@@ -1,30 +1,30 @@
-package org.owasp.esapi.reference.accesscontrol.policyloader;
-
-import org.apache.commons.configuration.XMLConfiguration;
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.Logger;
-import org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter;
-
-import static org.owasp.esapi.reference.accesscontrol.policyloader.ACRParameterLoaderHelper.getParameterValue;
-
-final public class DynaBeanACRParameterLoader  
-	implements ACRParameterLoader<DynaBeanACRParameter> {
-	
-	Logger logger = ESAPI.getLogger(this.getClass());
-	
-//	@Override
-	public DynaBeanACRParameter getParameters(XMLConfiguration config, int currentRule) throws java.lang.Exception { //TODO reduce the exception
-		DynaBeanACRParameter policyParameter = new DynaBeanACRParameter();
-		int numberOfParameters = config.getList("AccessControlRules.AccessControlRule(" + currentRule + ").Parameters.Parameter[@name]").size();
-		for(int currentParameter = 0; currentParameter < numberOfParameters; currentParameter++) {
-			String parameterName = config.getString("AccessControlRules.AccessControlRule(" + currentRule + ").Parameters.Parameter(" + currentParameter + ")[@name]");
-			String parameterType = config.getString("AccessControlRules.AccessControlRule(" + currentRule + ").Parameters.Parameter(" + currentParameter + ")[@type]");
-			Object parameterValue = getParameterValue(config, currentRule, currentParameter, parameterType);
-			policyParameter.set(parameterName, parameterValue);
-		}
-		policyParameter.lock(); //This line makes the policyParameter read only. 
-		logger.info(Logger.SECURITY_SUCCESS, "Loaded " + numberOfParameters + 
-				" parameters: " + policyParameter.toString());
-		return policyParameter;
-	}
-}
+package org.owasp.esapi.reference.accesscontrol.policyloader;
+
+import org.apache.commons.configuration.XMLConfiguration;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter;
+
+import static org.owasp.esapi.reference.accesscontrol.policyloader.ACRParameterLoaderHelper.getParameterValue;
+
+final public class DynaBeanACRParameterLoader  
+	implements ACRParameterLoader<DynaBeanACRParameter> {
+	
+	Logger logger = ESAPI.getLogger(this.getClass());
+	
+//	@Override
+	public DynaBeanACRParameter getParameters(XMLConfiguration config, int currentRule) throws java.lang.Exception { //TODO reduce the exception
+		DynaBeanACRParameter policyParameter = new DynaBeanACRParameter();
+		int numberOfParameters = config.getList("AccessControlRules.AccessControlRule(" + currentRule + ").Parameters.Parameter[@name]").size();
+		for(int currentParameter = 0; currentParameter < numberOfParameters; currentParameter++) {
+			String parameterName = config.getString("AccessControlRules.AccessControlRule(" + currentRule + ").Parameters.Parameter(" + currentParameter + ")[@name]");
+			String parameterType = config.getString("AccessControlRules.AccessControlRule(" + currentRule + ").Parameters.Parameter(" + currentParameter + ")[@type]");
+			Object parameterValue = getParameterValue(config, currentRule, currentParameter, parameterType);
+			policyParameter.set(parameterName, parameterValue);
+		}
+		policyParameter.lock(); //This line makes the policyParameter read only. 
+		logger.info(Logger.SECURITY_SUCCESS, "Loaded " + numberOfParameters + 
+				" parameters: " + policyParameter.toString());
+		return policyParameter;
+	}
+}

From 725788a42cdcb14f18134fac5e8e946eb49e923d Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:49 -0500
Subject: [PATCH 150/812] Change CRLF to LF for issue 356.

---
 .../EchoDynaBeanPolicyParameterACR.java       | 28 +++++++++----------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/EchoDynaBeanPolicyParameterACR.java b/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/EchoDynaBeanPolicyParameterACR.java
index ad35cefb4..b89aaaef1 100644
--- a/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/EchoDynaBeanPolicyParameterACR.java
+++ b/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/EchoDynaBeanPolicyParameterACR.java
@@ -1,15 +1,15 @@
-package org.owasp.esapi.reference.accesscontrol.policyloader;
-
-import org.owasp.esapi.reference.accesscontrol.BaseACR;
-import org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter;
-
-//public class EchoDynaBeanPolicyParameterACR extends BaseDynaBeanACR {
-public class EchoDynaBeanPolicyParameterACR extends BaseACR<DynaBeanACRParameter, Object> {
-	/**
-	 * Returns true if runtimeParameter is a Boolean true.
-	 * throws ClassCastException if runtimeParameter is not a Boolean.
-	 */
-	public boolean isAuthorized(Object runtimeParameter) throws ClassCastException{		
-		return getPolicyParameters().getBoolean("isTrue");
-	}
+package org.owasp.esapi.reference.accesscontrol.policyloader;
+
+import org.owasp.esapi.reference.accesscontrol.BaseACR;
+import org.owasp.esapi.reference.accesscontrol.DynaBeanACRParameter;
+
+//public class EchoDynaBeanPolicyParameterACR extends BaseDynaBeanACR {
+public class EchoDynaBeanPolicyParameterACR extends BaseACR<DynaBeanACRParameter, Object> {
+	/**
+	 * Returns true if runtimeParameter is a Boolean true.
+	 * throws ClassCastException if runtimeParameter is not a Boolean.
+	 */
+	public boolean isAuthorized(Object runtimeParameter) throws ClassCastException{		
+		return getPolicyParameters().getBoolean("isTrue");
+	}
 }
\ No newline at end of file

From 90c4cd510d662afc8aaf0f7c718ccd40ab14f1a5 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:49 -0500
Subject: [PATCH 151/812] Change CRLF to LF for issue 356.

---
 .../accesscontrol/policyloader/PolicyDTO.java | 110 +++++++++---------
 1 file changed, 55 insertions(+), 55 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/PolicyDTO.java b/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/PolicyDTO.java
index 78b5f61d5..cfb1e279f 100644
--- a/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/PolicyDTO.java
+++ b/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/PolicyDTO.java
@@ -1,55 +1,55 @@
-package org.owasp.esapi.reference.accesscontrol.policyloader;
-
-import java.lang.reflect.Constructor;
-import java.util.HashMap;
-import java.util.Map;
-
-import org.owasp.esapi.AccessControlRule;
-import org.owasp.esapi.errors.AccessControlException;
-
-/**
- * The point of the loaders is to create this
- * @author Mike H. Fauzy
- *
- */
-final public class PolicyDTO {
-	private Map accessControlRules;
-
-	public PolicyDTO() {
-		this.accessControlRules = new HashMap();
-	}
-	
-	public Map getAccessControlRules() {
-		return accessControlRules;
-	}
-
-	public void addAccessControlRule(String key, String accessControlRuleClassName,
-			Object policyParameter) throws AccessControlException {
-		if (accessControlRules.get(key) != null) {
-			throw new AccessControlException("Duplicate keys are not allowed. "
-					+ "Key: " + key, "");
-		}
-		Constructor accessControlRuleConstructor;
-		try {
-			
-			
-			Class accessControlRuleClass = Class.forName(accessControlRuleClassName, false, this.getClass().getClassLoader());
-			accessControlRuleConstructor = accessControlRuleClass
-					.getConstructor();
-			AccessControlRule accessControlRule = 
-				(AccessControlRule) accessControlRuleConstructor
-					.newInstance();
-			accessControlRule.setPolicyParameters(policyParameter);
-			accessControlRules.put(key, accessControlRule);
-		} catch (Exception e) {
-			throw new AccessControlException(
-					"Unable to create Access Control Rule for key: \"" + key
-							+ "\" with policyParameters: \"" + policyParameter + "\"",
-					"", 
-					e);
-		}
-	}
-	public String toString() {
-		return accessControlRules.toString();
-	}
-}
+package org.owasp.esapi.reference.accesscontrol.policyloader;
+
+import java.lang.reflect.Constructor;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.owasp.esapi.AccessControlRule;
+import org.owasp.esapi.errors.AccessControlException;
+
+/**
+ * The point of the loaders is to create this
+ * @author Mike H. Fauzy
+ *
+ */
+final public class PolicyDTO {
+	private Map accessControlRules;
+
+	public PolicyDTO() {
+		this.accessControlRules = new HashMap();
+	}
+	
+	public Map getAccessControlRules() {
+		return accessControlRules;
+	}
+
+	public void addAccessControlRule(String key, String accessControlRuleClassName,
+			Object policyParameter) throws AccessControlException {
+		if (accessControlRules.get(key) != null) {
+			throw new AccessControlException("Duplicate keys are not allowed. "
+					+ "Key: " + key, "");
+		}
+		Constructor accessControlRuleConstructor;
+		try {
+			
+			
+			Class accessControlRuleClass = Class.forName(accessControlRuleClassName, false, this.getClass().getClassLoader());
+			accessControlRuleConstructor = accessControlRuleClass
+					.getConstructor();
+			AccessControlRule accessControlRule = 
+				(AccessControlRule) accessControlRuleConstructor
+					.newInstance();
+			accessControlRule.setPolicyParameters(policyParameter);
+			accessControlRules.put(key, accessControlRule);
+		} catch (Exception e) {
+			throw new AccessControlException(
+					"Unable to create Access Control Rule for key: \"" + key
+							+ "\" with policyParameters: \"" + policyParameter + "\"",
+					"", 
+					e);
+		}
+	}
+	public String toString() {
+		return accessControlRules.toString();
+	}
+}

From 494a41948ef27ce332e25d0d73803bb4bea16afc Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:49 -0500
Subject: [PATCH 152/812] Change CRLF to LF for issue 356.

---
 .../policyloader/PolicyParameters.java        | 82 +++++++++----------
 1 file changed, 41 insertions(+), 41 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/PolicyParameters.java b/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/PolicyParameters.java
index 0bcbe8570..86077549d 100644
--- a/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/PolicyParameters.java
+++ b/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/PolicyParameters.java
@@ -1,42 +1,42 @@
-package org.owasp.esapi.reference.accesscontrol.policyloader;
-
-public interface PolicyParameters {
-
-	/**
-	 * Follows the contract for java.util.Map;
-	 * @param key
-	 * @return
-	 * @see java.util.Map
-	 */
-	public abstract Object get(String key);
-
-	/**
-	 * This works just like a Map, except it will throw an exception if lock()
-	 * has been called. 
-	 * @param key
-	 * @param value
-	 * @throws IllegalArgumentException if this DynaBeanACRParameter instance 
-	 * has already been locked.
-	 */
-	public abstract void set(String key, Object value)
-			throws IllegalArgumentException;
-
-	/**
-	 * This is a convenience method for developers that prefer to think of this
-	 * as a map instead of being bean-like. 
-	 * 
-	 * @see set(String, Object)
-	 */
-	public abstract void put(String key, Object value)
-			throws IllegalArgumentException;
-
-	/**
-	 * This makes the map itself read only, but the mutability of objects 
-	 * that this map contains is not affected. Specifically, properties 
-	 * cannot be added or removed and the reference cannot be changed to 
-	 * a different object, but this does not change whether the values that the 
-	 * object contains can be changed.
-	 */
-	public abstract void lock();
-	
+package org.owasp.esapi.reference.accesscontrol.policyloader;
+
+public interface PolicyParameters {
+
+	/**
+	 * Follows the contract for java.util.Map;
+	 * @param key
+	 * @return
+	 * @see java.util.Map
+	 */
+	public abstract Object get(String key);
+
+	/**
+	 * This works just like a Map, except it will throw an exception if lock()
+	 * has been called. 
+	 * @param key
+	 * @param value
+	 * @throws IllegalArgumentException if this DynaBeanACRParameter instance 
+	 * has already been locked.
+	 */
+	public abstract void set(String key, Object value)
+			throws IllegalArgumentException;
+
+	/**
+	 * This is a convenience method for developers that prefer to think of this
+	 * as a map instead of being bean-like. 
+	 * 
+	 * @see set(String, Object)
+	 */
+	public abstract void put(String key, Object value)
+			throws IllegalArgumentException;
+
+	/**
+	 * This makes the map itself read only, but the mutability of objects 
+	 * that this map contains is not affected. Specifically, properties 
+	 * cannot be added or removed and the reference cannot be changed to 
+	 * a different object, but this does not change whether the values that the 
+	 * object contains can be changed.
+	 */
+	public abstract void lock();
+	
 }
\ No newline at end of file

From 36e8f88f89d7c3b166692d8c9bfef598f97670a6 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:49 -0500
Subject: [PATCH 153/812] Change CRLF to LF for issue 356.

---
 .../crypto/DefaultEncryptedProperties.java    | 428 +++++++++---------
 1 file changed, 214 insertions(+), 214 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/crypto/DefaultEncryptedProperties.java b/src/main/java/org/owasp/esapi/reference/crypto/DefaultEncryptedProperties.java
index 4f6d1a381..4cc2faacb 100644
--- a/src/main/java/org/owasp/esapi/reference/crypto/DefaultEncryptedProperties.java
+++ b/src/main/java/org/owasp/esapi/reference/crypto/DefaultEncryptedProperties.java
@@ -1,214 +1,214 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference.crypto;
-
-import java.io.BufferedReader;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.io.OutputStream;
-import java.util.Iterator;
-import java.util.Properties;
-import java.util.Set;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.Logger;
-import org.owasp.esapi.crypto.CipherText;
-import org.owasp.esapi.crypto.PlainText;
-import org.owasp.esapi.errors.EncryptionException;
-
-/**
- * Reference implementation of the {@code EncryptedProperties} interface. This
- * implementation wraps a normal properties file, and creates surrogates for the
- * {@code getProperty} and {@code setProperty} methods that perform encryption
- * and decryption based on {@code Encryptor}.
- * <p>
- * A very simple main program is provided that can be used to create an
- * encrypted properties file. A better approach would be to allow unencrypted
- * properties in the file and to encrypt them the first time the file is
- * accessed.
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @author kevin.w.wall@gmail.com
- * @since June 1, 2007
- * @see org.owasp.esapi.EncryptedProperties
- * @see org.owasp.esapi.reference.crypto.ReferenceEncryptedProperties
- */
-public class DefaultEncryptedProperties implements org.owasp.esapi.EncryptedProperties {
-
-	/** The properties. */
-	private final Properties properties = new Properties();
-
-	/** The logger. */
-	private final Logger logger = ESAPI.getLogger("EncryptedProperties");
-
-	/**
-	 * Instantiates a new encrypted properties.
-	 */
-	public DefaultEncryptedProperties() {
-		// hidden
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public synchronized String getProperty(String key) throws EncryptionException {
-	    String[] errorMsgs = new String[] {
-	            ": failed decoding from base64",
-	            ": failed to deserialize properly",
-	            ": failed to decrypt properly"
-	        };
-
-	    int progressMark = 0;
-	    try {
-	        String encryptedValue = properties.getProperty(key);
-
-	        if(encryptedValue==null)
-	            return null;
-
-	        progressMark = 0;
-	        byte[] serializedCiphertext   = ESAPI.encoder().decodeFromBase64(encryptedValue);
-	        progressMark++;
-	        CipherText restoredCipherText = CipherText.fromPortableSerializedBytes(serializedCiphertext);
-	        progressMark++;
-	        PlainText plaintext           = ESAPI.encryptor().decrypt(restoredCipherText);
-	        
-	        return plaintext.toString();
-	    } catch (Exception e) {
-	        throw new EncryptionException("Property retrieval failure",
-	                                      "Couldn't retrieve encrypted property for property " + key +
-	                                      errorMsgs[progressMark], e);
-	    }
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public synchronized String setProperty(String key, String value) throws EncryptionException {
-	    String[] errorMsgs = new String[] {
-	            ": failed to encrypt properly",
-	            ": failed to serialize correctly",
-	            ": failed to base64-encode properly",
-	            ": failed to set base64-encoded value as property. Illegal key name?"
-	    };
-
-	    int progressMark = 0;
-	    try {
-	        if ( key == null ) {
-	            throw new NullPointerException("Property name may not be null.");
-	        }
-	        if ( value == null ) {
-	            throw new NullPointerException("Property value may not be null.");
-	        }
-	        // NOTE: Not backward compatible w/ ESAPI 1.4.
-	        PlainText pt = new PlainText(value);
-	        CipherText ct = ESAPI.encryptor().encrypt(pt);
-	        progressMark++;
-	        byte[] serializedCiphertext = ct.asPortableSerializedByteArray();
-	        progressMark++;
-	        String b64str = ESAPI.encoder().encodeForBase64(serializedCiphertext, false);
-	        progressMark++;
-	        String encryptedValue = (String)properties.setProperty(key, b64str);
-	        progressMark++;
-	        return encryptedValue;
-	    } catch (Exception e) {
-	        throw new EncryptionException("Property setting failure",
-	                                      "Couldn't set encrypted property " + key +
-	                                      errorMsgs[progressMark], e);
-	    }
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public Set<?> keySet() {
-		return properties.keySet();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void load(InputStream in) throws IOException {
-		properties.load(in);
-		logger.trace(Logger.SECURITY_SUCCESS, "Encrypted properties loaded successfully");
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void store(OutputStream out, String comments) throws IOException {
-		properties.store(out, comments);
-	}
-
-	/**
-	 * Loads encrypted properties file based on the location passed in args then prompts the 
-	 * user to input key-value pairs.  When the user enters a null or blank key, the values 
-	 * are stored to the properties file.
-	 * 
-	 * @param args
-	 *            the location of the properties file to load and write to
-	 * 
-	 * @throws Exception
-	 *             Any exception thrown
-	 * @deprecated Use {@code EncryptedPropertiesUtils} instead, which allows creating, reading,
-	 *			   and writing encrypted properties.
-	 */
-	public static void main(String[] args) throws Exception {
-		File f = new File(args[0]);
-		ESAPI.getLogger( "EncryptedProperties.main" ).debug(Logger.SECURITY_SUCCESS, "Loading encrypted properties from " + f.getAbsolutePath() );
-		if ( !f.exists() ) throw new IOException( "Properties file not found: " + f.getAbsolutePath() );
-		ESAPI.getLogger( "EncryptedProperties.main" ).debug(Logger.SECURITY_SUCCESS, "Encrypted properties found in " + f.getAbsolutePath() );
-		DefaultEncryptedProperties ep = new DefaultEncryptedProperties();
-
-		FileInputStream in = null;
-		FileOutputStream out = null;
-		try {
-    		in = new FileInputStream(f);
-            out = new FileOutputStream(f);
-
-            ep.load(in);   
-    		BufferedReader br = new BufferedReader(new InputStreamReader(System.in));
-    		String key = null;
-    		do {
-    			System.out.print("Enter key: ");
-    			key = br.readLine();
-    			System.out.print("Enter value: ");
-    			String value = br.readLine();
-    			if (key != null && key.length() > 0 && value != null && value.length() > 0) {
-    				ep.setProperty(key, value);
-    			}
-    		} while (key != null && key.length() > 0);
-    		ep.store(out, "Encrypted Properties File");
-		} finally {
-		    // FindBugs and PMD both complain about these next lines, that they may
-		    // ignore thrown exceptions. Really!!! That's the whole point.
-    		try { if ( in != null ) in.close(); } catch( Exception e ) {}
-    		try { if ( out != null ) out.close(); } catch( Exception e ) {}
-		}
-		
-		Iterator<?> i = ep.keySet().iterator();
-		while (i.hasNext()) {
-			String k = (String) i.next();
-			String value = ep.getProperty(k);
-			System.out.println("   " + k + "=" + value);
-		}
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference.crypto;
+
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.io.OutputStream;
+import java.util.Iterator;
+import java.util.Properties;
+import java.util.Set;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.crypto.CipherText;
+import org.owasp.esapi.crypto.PlainText;
+import org.owasp.esapi.errors.EncryptionException;
+
+/**
+ * Reference implementation of the {@code EncryptedProperties} interface. This
+ * implementation wraps a normal properties file, and creates surrogates for the
+ * {@code getProperty} and {@code setProperty} methods that perform encryption
+ * and decryption based on {@code Encryptor}.
+ * <p>
+ * A very simple main program is provided that can be used to create an
+ * encrypted properties file. A better approach would be to allow unencrypted
+ * properties in the file and to encrypt them the first time the file is
+ * accessed.
+ * 
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author kevin.w.wall@gmail.com
+ * @since June 1, 2007
+ * @see org.owasp.esapi.EncryptedProperties
+ * @see org.owasp.esapi.reference.crypto.ReferenceEncryptedProperties
+ */
+public class DefaultEncryptedProperties implements org.owasp.esapi.EncryptedProperties {
+
+	/** The properties. */
+	private final Properties properties = new Properties();
+
+	/** The logger. */
+	private final Logger logger = ESAPI.getLogger("EncryptedProperties");
+
+	/**
+	 * Instantiates a new encrypted properties.
+	 */
+	public DefaultEncryptedProperties() {
+		// hidden
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public synchronized String getProperty(String key) throws EncryptionException {
+	    String[] errorMsgs = new String[] {
+	            ": failed decoding from base64",
+	            ": failed to deserialize properly",
+	            ": failed to decrypt properly"
+	        };
+
+	    int progressMark = 0;
+	    try {
+	        String encryptedValue = properties.getProperty(key);
+
+	        if(encryptedValue==null)
+	            return null;
+
+	        progressMark = 0;
+	        byte[] serializedCiphertext   = ESAPI.encoder().decodeFromBase64(encryptedValue);
+	        progressMark++;
+	        CipherText restoredCipherText = CipherText.fromPortableSerializedBytes(serializedCiphertext);
+	        progressMark++;
+	        PlainText plaintext           = ESAPI.encryptor().decrypt(restoredCipherText);
+	        
+	        return plaintext.toString();
+	    } catch (Exception e) {
+	        throw new EncryptionException("Property retrieval failure",
+	                                      "Couldn't retrieve encrypted property for property " + key +
+	                                      errorMsgs[progressMark], e);
+	    }
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public synchronized String setProperty(String key, String value) throws EncryptionException {
+	    String[] errorMsgs = new String[] {
+	            ": failed to encrypt properly",
+	            ": failed to serialize correctly",
+	            ": failed to base64-encode properly",
+	            ": failed to set base64-encoded value as property. Illegal key name?"
+	    };
+
+	    int progressMark = 0;
+	    try {
+	        if ( key == null ) {
+	            throw new NullPointerException("Property name may not be null.");
+	        }
+	        if ( value == null ) {
+	            throw new NullPointerException("Property value may not be null.");
+	        }
+	        // NOTE: Not backward compatible w/ ESAPI 1.4.
+	        PlainText pt = new PlainText(value);
+	        CipherText ct = ESAPI.encryptor().encrypt(pt);
+	        progressMark++;
+	        byte[] serializedCiphertext = ct.asPortableSerializedByteArray();
+	        progressMark++;
+	        String b64str = ESAPI.encoder().encodeForBase64(serializedCiphertext, false);
+	        progressMark++;
+	        String encryptedValue = (String)properties.setProperty(key, b64str);
+	        progressMark++;
+	        return encryptedValue;
+	    } catch (Exception e) {
+	        throw new EncryptionException("Property setting failure",
+	                                      "Couldn't set encrypted property " + key +
+	                                      errorMsgs[progressMark], e);
+	    }
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public Set<?> keySet() {
+		return properties.keySet();
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public void load(InputStream in) throws IOException {
+		properties.load(in);
+		logger.trace(Logger.SECURITY_SUCCESS, "Encrypted properties loaded successfully");
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public void store(OutputStream out, String comments) throws IOException {
+		properties.store(out, comments);
+	}
+
+	/**
+	 * Loads encrypted properties file based on the location passed in args then prompts the 
+	 * user to input key-value pairs.  When the user enters a null or blank key, the values 
+	 * are stored to the properties file.
+	 * 
+	 * @param args
+	 *            the location of the properties file to load and write to
+	 * 
+	 * @throws Exception
+	 *             Any exception thrown
+	 * @deprecated Use {@code EncryptedPropertiesUtils} instead, which allows creating, reading,
+	 *			   and writing encrypted properties.
+	 */
+	public static void main(String[] args) throws Exception {
+		File f = new File(args[0]);
+		ESAPI.getLogger( "EncryptedProperties.main" ).debug(Logger.SECURITY_SUCCESS, "Loading encrypted properties from " + f.getAbsolutePath() );
+		if ( !f.exists() ) throw new IOException( "Properties file not found: " + f.getAbsolutePath() );
+		ESAPI.getLogger( "EncryptedProperties.main" ).debug(Logger.SECURITY_SUCCESS, "Encrypted properties found in " + f.getAbsolutePath() );
+		DefaultEncryptedProperties ep = new DefaultEncryptedProperties();
+
+		FileInputStream in = null;
+		FileOutputStream out = null;
+		try {
+    		in = new FileInputStream(f);
+            out = new FileOutputStream(f);
+
+            ep.load(in);   
+    		BufferedReader br = new BufferedReader(new InputStreamReader(System.in));
+    		String key = null;
+    		do {
+    			System.out.print("Enter key: ");
+    			key = br.readLine();
+    			System.out.print("Enter value: ");
+    			String value = br.readLine();
+    			if (key != null && key.length() > 0 && value != null && value.length() > 0) {
+    				ep.setProperty(key, value);
+    			}
+    		} while (key != null && key.length() > 0);
+    		ep.store(out, "Encrypted Properties File");
+		} finally {
+		    // FindBugs and PMD both complain about these next lines, that they may
+		    // ignore thrown exceptions. Really!!! That's the whole point.
+    		try { if ( in != null ) in.close(); } catch( Exception e ) {}
+    		try { if ( out != null ) out.close(); } catch( Exception e ) {}
+		}
+		
+		Iterator<?> i = ep.keySet().iterator();
+		while (i.hasNext()) {
+			String k = (String) i.next();
+			String value = ep.getProperty(k);
+			System.out.println("   " + k + "=" + value);
+		}
+	}
+
+}

From 46e2e5c5180f4a65c2e0fe897fa97a8eac4a97dc Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:49 -0500
Subject: [PATCH 154/812] Change CRLF to LF for issue 356.

---
 .../esapi/reference/crypto/JavaEncryptor.java | 2100 ++++++++---------
 1 file changed, 1050 insertions(+), 1050 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/crypto/JavaEncryptor.java b/src/main/java/org/owasp/esapi/reference/crypto/JavaEncryptor.java
index a20c6122f..8190dab4a 100644
--- a/src/main/java/org/owasp/esapi/reference/crypto/JavaEncryptor.java
+++ b/src/main/java/org/owasp/esapi/reference/crypto/JavaEncryptor.java
@@ -1,1050 +1,1050 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- *
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @author kevin.w.wall@gmail.com
- * @created 2007
- */
-package org.owasp.esapi.reference.crypto;
-
-import java.io.IOException;
-import java.io.UnsupportedEncodingException;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.KeyPair;
-import java.security.KeyPairGenerator;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.Provider;
-import java.security.PublicKey;
-import java.security.SecureRandom;
-import java.security.Security;
-import java.security.Signature;
-import java.util.Date;
-import java.util.Iterator;
-import java.util.Map;
-import java.util.Set;
-import java.util.TreeMap;
-import java.util.Map.Entry;
-
-import javax.crypto.BadPaddingException;
-import javax.crypto.Cipher;
-import javax.crypto.IllegalBlockSizeException;
-// import javax.crypto.Mac;			// Uncomment if computeHMAC() is included.
-import javax.crypto.NoSuchPaddingException;
-import javax.crypto.SecretKey;
-import javax.crypto.spec.SecretKeySpec;
-import javax.crypto.spec.IvParameterSpec;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.EncoderConstants;
-import org.owasp.esapi.Encryptor;
-import org.owasp.esapi.Logger;
-import org.owasp.esapi.codecs.Hex;
-import org.owasp.esapi.crypto.CipherSpec;
-import org.owasp.esapi.crypto.CipherText;
-import org.owasp.esapi.crypto.CryptoHelper;
-import org.owasp.esapi.crypto.KeyDerivationFunction;
-import org.owasp.esapi.crypto.PlainText;
-import org.owasp.esapi.crypto.SecurityProviderLoader;
-import org.owasp.esapi.errors.ConfigurationException;
-import org.owasp.esapi.errors.EncryptionException;
-import org.owasp.esapi.errors.IntegrityException;
-import org.owasp.esapi.reference.DefaultSecurityConfiguration;
-
-/**
- * Reference implementation of the {@code Encryptor} interface. This implementation
- * layers on the JCE provided cryptographic package. Algorithms used are
- * configurable in the {@code ESAPI.properties} file. The main property
- * controlling the selection of this class is {@code ESAPI.Encryptor}. Most of
- * the other encryption related properties have property names that start with
- * the string "Encryptor.".
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @author kevin.w.wall@gmail.com
- * @author Chris Schmidt (chrisisbeef .at. gmail.com)
- * @since June 1, 2007; some methods since ESAPI Java 2.0
- * @see org.owasp.esapi.Encryptor
- */
-public final class JavaEncryptor implements Encryptor {
-    private static volatile Encryptor singletonInstance;
-
-    // Note: This double-check pattern only works because singletonInstance
-    //       is declared to be volatile.  Usually this method is called
-    //       via ESAPI.encryptor() rather than directly.
-    public static Encryptor getInstance() throws EncryptionException {
-        if ( singletonInstance == null ) {
-            synchronized ( JavaEncryptor.class ) {
-                if ( singletonInstance == null ) {
-                    singletonInstance = new JavaEncryptor();
-                }
-            }
-        }
-        return singletonInstance;
-    }
-
-    private static boolean initialized = false;
-    
-    // encryption
-    private static SecretKeySpec secretKeySpec = null; // DISCUSS: Why static? Implies one key?!?
-    private static String encryptAlgorithm = "AES";
-    private static String encoding = "UTF-8"; 
-    private static int encryptionKeyLength = 128;
-    
-    // digital signatures
-    private static PrivateKey privateKey = null;
-	private static PublicKey publicKey = null;
-	private static String signatureAlgorithm = "SHA1withDSA";
-    private static String randomAlgorithm = "SHA1PRNG";
-	private static int signatureKeyLength = 1024;
-	
-	// hashing
-	private static String hashAlgorithm = "SHA-512";
-	private static int hashIterations = 1024;
-	
-	// Logging - DISCUSS: This "sticks" us with a specific logger to whatever it was when
-	//					  this class is first loaded. Is this a big limitation? Since there
-	//                    is no method to reset it, we may has well make it 'final' also.
-	private static Logger logger = ESAPI.getLogger("JavaEncryptor");
-	    // Used to print out warnings about deprecated methods.
-	private static int encryptCounter = 0;
-	private static int decryptCounter = 0;
-        // DISCUSS: OK to not have a property for this to set the frequency?
-        //          The desire is to persuade people to move away from these
-	    //          two deprecated encrypt(String) / decrypt(String) methods,
-        //          so perhaps the annoyance factor of not being able to
-        //          change it will help. For now, it is just hard-coded here.
-        //          We could be mean and just print a warning *every* time.
-	private static final int logEveryNthUse = 25;
-	
-    // *Only* use this string for user messages for EncryptionException when
-    // decryption fails. This is to prevent information leakage that may be
-    // valuable in various forms of ciphertext attacks, such as the
-	// Padded Oracle attack described by Rizzo and Duong.
-    private static final String DECRYPTION_FAILED =
-        "Decryption failed; see logs for details.";
-
-    // # of seconds that all failed decryption attempts will take. Used to
-    // help prevent side-channel timing attacks.
-    private static int N_SECS = 2;
-
-	// Load the preferred JCE provider if one has been specified.
-	static {
-	    try {
-            SecurityProviderLoader.loadESAPIPreferredJCEProvider();
-        } catch (NoSuchProviderException ex) {
-        	// Note that audit logging is done elsewhere in called method.
-            logger.fatal(Logger.SECURITY_FAILURE,
-                         "JavaEncryptor failed to load preferred JCE provider.", ex);
-            throw new ExceptionInInitializerError(ex);
-        }
-        setupAlgorithms();
-	}
-	
-    /**
-     * Generates a new strongly random secret key and salt that can be
-     * copy and pasted in the <b>ESAPI.properties</b> file.
-     * 
-     * @param args Set first argument to "-print" to display available algorithms on standard output.
-     * @throws java.lang.Exception	To cover a multitude of sins, mostly in configuring ESAPI.properties.
-     */
-    public static void main( String[] args ) throws Exception {
-		System.out.println( "Generating a new secret master key" );
-		
-		// print out available ciphers
-		if ( args.length == 1 && args[0].equalsIgnoreCase("-print" ) ) {
-			System.out.println( "AVAILABLE ALGORITHMS" );
-
-			Provider[] providers = Security.getProviders();
-			TreeMap<String, String> tm = new TreeMap<String, String>();
-			// DISCUSS: Note: We go through multiple providers, yet nowhere do I
-			//			see where we print out the PROVIDER NAME. Not all providers
-			//			will implement the same algorithms and some "partner" with
-			//			whom we are exchanging different cryptographic messages may
-			//			have _different_ providers in their java.security file. So
-			//			it would be useful to know the provider name where each
-			//			algorithm is implemented. Might be good to prepend the provider
-			//			name to the 'key' with something like "providerName: ". Thoughts?
-			for (int i = 0; i != providers.length; i++) {
-				// DISCUSS: Print security provider name here???
-					// Note: For some odd reason, Provider.keySet() returns
-					//		 Set<Object> of the property keys (which are Strings)
-					//		 contained in this provider, but Set<String> seems
-					//		 more appropriate. But that's why we need the cast below.
-	            System.out.println("===== Provider " + i + ":" + providers[i].getName() + " ======");
-				Iterator<Object> it = providers[i].keySet().iterator();
-				while (it.hasNext()) {
-					String key = (String)it.next();
-		            String value = providers[i].getProperty( key );
-		            tm.put(key, value);
-	                System.out.println("\t\t   " + key + " -> "+ value );
-				}
-			}
-
-			Set< Entry<String,String> > keyValueSet = tm.entrySet();
-			Iterator<Entry<String, String>> it = keyValueSet.iterator();
-			while( it.hasNext() ) {
-				Map.Entry<String,String> entry = it.next();
-				String key = entry.getKey();
-				String value = entry.getValue();
-	        	System.out.println( "   " + key + " -> "+ value );
-			}
-		} else {
-				// Used to print a similar line to use '-print' even when it was specified.
-			System.out.println( "\tuse '-print' to also show available crypto algorithms from all the security providers" );
-		}
-		
-        // setup algorithms -- Each of these have defaults if not set, although
-		//					   someone could set them to something invalid. If
-		//					   so a suitable exception will be thrown and displayed.
-        encryptAlgorithm = ESAPI.securityConfiguration().getEncryptionAlgorithm();
-		encryptionKeyLength = ESAPI.securityConfiguration().getEncryptionKeyLength();
-		randomAlgorithm = ESAPI.securityConfiguration().getRandomAlgorithm();
-
-		SecureRandom random = SecureRandom.getInstance(randomAlgorithm);
-		SecretKey secretKey = CryptoHelper.generateSecretKey(encryptAlgorithm, encryptionKeyLength);
-        byte[] raw = secretKey.getEncoded();
-        byte[] salt = new byte[20];	// Or 160-bits; big enough for SHA1, but not SHA-256 or SHA-512.
-        random.nextBytes( salt );
-        String eol = System.getProperty("line.separator", "\n"); // So it works on Windows too.
-        System.out.println( eol + "Copy and paste these lines into your ESAPI.properties" + eol);
-        System.out.println( "#==============================================================");
-        System.out.println( "Encryptor.MasterKey=" + ESAPI.encoder().encodeForBase64(raw, false) );
-        System.out.println( "Encryptor.MasterSalt=" + ESAPI.encoder().encodeForBase64(salt, false) );
-        System.out.println( "#==============================================================" + eol);
-    }
-	
-    
-    /**
-     * Private CTOR for {@code JavaEncryptor}, called by {@code getInstance()}.
-     * @throws EncryptionException if can't construct this object for some reason.
-     * 					Original exception will be attached as the 'cause'.
-     */
-    private JavaEncryptor() throws EncryptionException {
-        byte[] salt = ESAPI.securityConfiguration().getMasterSalt();
-        byte[] skey = ESAPI.securityConfiguration().getMasterKey();
-
-        assert salt != null : "Can't obtain master salt, Encryptor.MasterSalt";
-        assert salt.length >= 16 : "Encryptor.MasterSalt must be at least 16 bytes. " +
-                                   "Length is: " + salt.length + " bytes.";
-        assert skey != null : "Can't obtain master key, Encryptor.MasterKey";
-        assert skey.length >= 7 : "Encryptor.MasterKey must be at least 7 bytes. " +
-                                  "Length is: " + skey.length + " bytes.";
-        
-        // Set up secretKeySpec for use for symmetric encryption and decryption,
-        // and set up the public/private keys for asymmetric encryption /
-        // decryption.
-        // TODO: Note: If we dump ESAPI 1.4 crypto backward compatibility,
-        //       then we probably will ditch the Encryptor.EncryptionAlgorithm
-        //       property. If so, encryptAlgorithm should probably use
-        //       Encryptor.CipherTransformation and just pull off the cipher
-        //       algorithm name so we can use it here.
-        synchronized(JavaEncryptor.class) {
-            if ( ! initialized ) {
-                //
-                // For symmetric encryption
-                //
-                //      NOTE: FindBugs complains about this
-                //            (ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD) but
-                //            it should be OK since it is synchronized and only
-                //            done once. While we could separate this out and
-                //            handle in a static initializer, it just seems to
-                //            fit better here.
-                secretKeySpec = new SecretKeySpec(skey, encryptAlgorithm );
-                
-                //
-                // For asymmetric encryption (i.e., public/private key)
-                //
-                try {
-                    SecureRandom prng = SecureRandom.getInstance(randomAlgorithm);
-
-                    // Because hash() is not static (but it could be were in not
-                    // for the interface method specification in Encryptor), we
-                    // cannot do this initialization in a static method or static
-                    // initializer.
-                    byte[] seed = hash(new String(skey, encoding),new String(salt, encoding)).getBytes(encoding);
-                    prng.setSeed(seed);
-                    initKeyPair(prng);
-                } catch (Exception e) {
-                    throw new EncryptionException("Encryption failure", "Error creating Encryptor", e);
-                }             
-                
-                // Mark everything as initialized.
-                initialized = true;
-            }
-        }
-    }
-     
-
-
-	/**
-     * {@inheritDoc}
-     * 
-	 * Hashes the data with the supplied salt and the number of iterations specified in
-	 * the ESAPI SecurityConfiguration.
-	 */
-	public String hash(String plaintext, String salt) throws EncryptionException {
-		return hash( plaintext, salt, hashIterations );
-	}
-	
-	/**
-     * {@inheritDoc}
-     * 
-	 * Hashes the data using the specified algorithm and the Java MessageDigest class. This method
-	 * first adds the salt, a separator (":"), and the data, and then rehashes the specified number of iterations
-	 * in order to help strengthen weak passwords.
-	 */
-	public String hash(String plaintext, String salt, int iterations) throws EncryptionException {
-		byte[] bytes = null;
-		try {
-			MessageDigest digest = MessageDigest.getInstance(hashAlgorithm);
-			digest.reset();
-			digest.update(ESAPI.securityConfiguration().getMasterSalt());
-			digest.update(salt.getBytes(encoding));
-			digest.update(plaintext.getBytes(encoding));
-
-			// rehash a number of times to help strengthen weak passwords
-			bytes = digest.digest();
-			for (int i = 0; i < iterations; i++) {
-				digest.reset();
-				bytes = digest.digest(bytes);
-			}
-			String encoded = ESAPI.encoder().encodeForBase64(bytes,false);
-			return encoded;
-		} catch (NoSuchAlgorithmException e) {
-			throw new EncryptionException("Internal error", "Can't find hash algorithm " + hashAlgorithm, e);
-		} catch (UnsupportedEncodingException ex) {
-			throw new EncryptionException("Internal error", "Can't find encoding for " + encoding, ex);
-		}
-	}
-
-	/**
-	* {@inheritDoc}
-	*/
-	 public CipherText encrypt(PlainText plaintext) throws EncryptionException {
-		 // Now more of a convenience function for using the master key.
-		 return encrypt(secretKeySpec, plaintext);
-	 }
-	 
-	 /**
-	  * {@inheritDoc}
-	  */
-	 public CipherText encrypt(SecretKey key, PlainText plain)
-	 			throws EncryptionException
-	 {
-		 if ( key == null ) {
-			 throw new IllegalArgumentException("(Master) encryption key arg may not be null. Is Encryptor.MasterKey set?");
-		 }
-		 if ( plain == null ) {
-			 throw new IllegalArgumentException("PlainText may arg not be null");
-		 }
-		 byte[] plaintext = plain.asBytes();
-		 boolean overwritePlaintext = ESAPI.securityConfiguration().overwritePlainText();
-
-		 boolean success = false;	// Used in 'finally' clause.
-		 String xform = null;
-		 int keySize = key.getEncoded().length * 8;	// Convert to # bits
-
-		try {
-			 xform = ESAPI.securityConfiguration().getCipherTransformation();
-             String[] parts = xform.split("/");
-             assert parts.length == 3 : "Malformed cipher transformation: " + xform;
-             String cipherMode = parts[1];
-             
-             // This way we can prevent modes like OFB and CFB where the IV should never
-             // be repeated with the same encryption key (at least until we support
-             // Encryptor.ChooseIVMethod=specified and allow us to specify some mechanism
-             // to ensure the IV will never be repeated (such as a time stamp or other
-             // monotonically increasing function).
-             // DISCUSS: Should we include the permitted cipher modes in the exception msg?
-             if ( ! CryptoHelper.isAllowedCipherMode(cipherMode) ) {
-                 throw new EncryptionException("Encryption failure: invalid cipher mode ( " + cipherMode + ") for encryption",
-                             "Encryption failure: Cipher transformation " + xform + " specifies invalid " +
-                             "cipher mode " + cipherMode);
-             }
-             
-			 // Note - Cipher is not thread-safe so we create one locally
-			 //        Also, we need to change this eventually so other algorithms can
-			 //        be supported. Eventually, there will be an encrypt() method that
-			 //        takes a (new class) CryptoControls, as something like this:
-			 //          public CipherText encrypt(CryptoControls ctrl, SecretKey skey, PlainText plaintext)
-			 //        and this method will just call that one.
-			 Cipher encrypter = Cipher.getInstance(xform);
-			 String cipherAlg = encrypter.getAlgorithm();
-			 int keyLen = ESAPI.securityConfiguration().getEncryptionKeyLength();
-
-			 // DISCUSS: OK, what do we want to do here if keyLen != keySize? If use keyLen, encryption
-			 //		     could fail with an exception, but perhaps that's what we want. Or we may just be
-			 //			 OK with silently using keySize as long as keySize >= keyLen, which then interprets
-			 //			 ESAPI.EncryptionKeyLength as the *minimum* key size, but as long as we have something
-			 //			 stronger it's OK to use it. For now, I am just going to log warning if different, but use
-			 //			 keySize unless keySize is SMALLER than ESAPI.EncryptionKeyLength, in which case I'm going
-			 //			 to log an error.
-			 //
-			 //			 IMPORTANT NOTE:	When we generate key sizes for both DES and DESede the result of
-			 //								SecretKey.getEncoding().length includes the TRUE key size (i.e.,
-			 //								*with* the even parity bits) rather than the EFFECTIVE key size
-			 //								(which incidentally is what KeyGenerator.init() expects for DES
-			 //								and DESede; duh! Nothing like being consistent). This leads to
-			 //								the following dilemma:
-			 //
-			 //													EFFECTIVE Key Size		TRUE Key Size
-			 //													(KeyGenerator.init())	(SecretKey.getEncoding().length)
-			 //									========================================================================
-			 //									For DES:			56 bits					64 bits
-			 //									For DESede:			112 bits / 168 bits		192 bits (always)
-			 //
-			 //								We are trying to automatically determine the key size from SecretKey
-			 //								based on 8 * SecretKey.getEncoding().length, but as you can see, the
-			 //								2 key 3DES and the 3 key 3DES both use the same key size (192 bits)
-			 //								regardless of what is passed to KeyGenerator.init(). There are no advertised
-			 //								methods to get the key size specified by the init() method so I'm not sure how
-			 //								this is actually working internally. However, it does present a problem if we
-			 //								wish to communicate the 3DES key size to a recipient for later decryption as
-			 //								they would not be able to distinguish 2 key 3DES from 3 key 3DES.
-			 //
-			 //								The only workaround I know is to pass the explicit key size down. However, if
-			 //								we are going to do that, I'd propose passing in a CipherSpec object so we could
-			 //								tell what cipher transformation to use as well instead of just the key size. Then
-			 //								we would extract keySize from the CipherSpec object of from the SecretKey object.
-			 //
-			 if ( keySize != keyLen ) {
-				 // DISCUSS: Technically this is not a security "failure" per se, but not really a "success" either.
-				 logger.warning(Logger.SECURITY_FAILURE, "Encryption key length mismatch. ESAPI.EncryptionKeyLength is " +
-						 keyLen + " bits, but length of actual encryption key is " + keySize +
-				 		" bits.  Did you remember to regenerate your master key (if that is what you are using)???");
-			 }
-			 // DISCUSS: Reconsider these warnings. If thousands of encryptions are done in tight loop, no one needs
-			 //          more than 1 warning. Should we do something more intelligent here?
-			 if ( keySize < keyLen ) {
-				 // ESAPI.EncryptionKeyLength defaults to 128, but that means that we could not use DES (as weak as it
-				 // is), even for legacy code. Therefore, this has been changed to simple log a warning rather than
-				 //	throw the following exception.
-				 //				 throw new ConfigurationException("Actual key size of " + keySize + " bits smaller than specified " +
-				 //						  "encryption key length (ESAPI.EncryptionKeyLength) of " + keyLen + " bits.");
-				 logger.warning(Logger.SECURITY_FAILURE, "Actual key size of " + keySize + " bits SMALLER THAN specified " +
-						 "encryption key length (ESAPI.EncryptionKeyLength) of " + keyLen + " bits with cipher algorithm " + cipherAlg);
-			 }
-			 if ( keySize < 112 ) {		// NIST Special Pub 800-57 considers 112-bits to be the minimally safe key size from 2010-2030.
-				 						// Note that 112 bits 'just happens' to be size of 2-key Triple DES!
-				 logger.warning(Logger.SECURITY_FAILURE, "Potentially unsecure encryption. Key size of " + keySize + "bits " +
-				                "not sufficiently long for " + cipherAlg + ". Should use appropriate algorithm with key size " +
-				                "of *at least* 112 bits except when required by legacy apps. See NIST Special Pub 800-57.");
-			 }
-			 // Check if algorithm mentioned in SecretKey is same as that being used for Cipher object.
-			 // They should be the same. If they are different, things could fail. (E.g., DES and DESede
-			 // require keys with even parity. Even if key was sufficient size, if it didn't have the correct
-			 // parity it could fail.)
-			 //
-			 String skeyAlg = key.getAlgorithm();
-			 if ( !( cipherAlg.startsWith( skeyAlg + "/" ) || cipherAlg.equals( skeyAlg ) ) ) {
-				 // DISCUSS: Should we thrown a ConfigurationException here or just log a warning??? I'm game for
-				 //			 either, but personally I'd prefer the squeaky wheel to the annoying throwing of
-				 //			 a ConfigurationException (which is a RuntimeException). Less likely to upset
-				 //			 the development community.
-				 logger.warning(Logger.SECURITY_FAILURE, "Encryption mismatch between cipher algorithm (" +
-						 cipherAlg + ") and SecretKey algorithm (" + skeyAlg + "). Cipher will use algorithm " + cipherAlg);
-			 }
-
-			 byte[] ivBytes = null;
-			 CipherSpec cipherSpec = new CipherSpec(encrypter, keySize);	// Could pass the ACTUAL (intended) key size
-			 
-             // Using cipher mode that supports *both* confidentiality *and* authenticity? If so, then
-             // use the specified SecretKey as-is rather than computing a derived key from it. We also
-             // don't expect a separate MAC in the specified CipherText object so therefore don't try
-             // to validate it.
-             boolean preferredCipherMode = CryptoHelper.isCombinedCipherMode( cipherMode );
-             SecretKey encKey = null;
-			 if ( preferredCipherMode ) {
-			     encKey = key;
-			 } else {
-			     encKey = computeDerivedKey(KeyDerivationFunction.kdfVersion, getDefaultPRF(),
-			    		 				    key, keySize, "encryption");
-			 }
-			 
-			 if ( cipherSpec.requiresIV() ) {
-				 String ivType = ESAPI.securityConfiguration().getIVType();
-				 IvParameterSpec ivSpec = null;
-				 if ( ivType.equalsIgnoreCase("random") ) {
-					 ivBytes = ESAPI.randomizer().getRandomBytes(encrypter.getBlockSize());
-				 } else if ( ivType.equalsIgnoreCase("fixed") ) {
-					 String fixedIVAsHex = ESAPI.securityConfiguration().getFixedIV();
-					 ivBytes = Hex.decode(fixedIVAsHex);
-					 /* FUTURE		 } else if ( ivType.equalsIgnoreCase("specified")) {
-					 		// FUTURE - TODO  - Create instance of specified class to use for IV generation and
-					 		//					 use it to create the ivBytes. (The intent is to make sure that
-					 		//				     1) IVs are never repeated for cipher modes like OFB and CFB, and
-					 		//					 2) to screen for weak IVs for the particular cipher algorithm.
-					 		//		In meantime, use 'random' for block cipher in feedback mode. Unlikely they will
-					 		//		be repeated unless you are salting SecureRandom with same value each time. Anything
-					 		//		monotonically increasing should be suitable, like a counter, but need to remember
-					 		//		it across JVM restarts. Was thinking of using System.currentTimeMillis(). While
-					 		//		it's not perfect it probably is good enough. Could even all (advanced) developers
-					 		//      to define their own class to create a unique IV to allow them some choice, but
-					 		//      definitely need to provide a safe, default implementation.
-					  */
-				 } else {
-					 // TODO: Update to add 'specified' once that is supported and added above.
-					 throw new ConfigurationException("Property Encryptor.ChooseIVMethod must be set to 'random' or 'fixed'");
-				 }
-				 ivSpec = new IvParameterSpec(ivBytes);
-				 cipherSpec.setIV(ivBytes);
-				 encrypter.init(Cipher.ENCRYPT_MODE, encKey, ivSpec);
-			 } else {
-				 encrypter.init(Cipher.ENCRYPT_MODE, encKey);
-			 }
-			 logger.debug(Logger.EVENT_SUCCESS, "Encrypting with " + cipherSpec);
-			 byte[] raw = encrypter.doFinal(plaintext);
-                 // Convert to CipherText.
-             CipherText ciphertext = new CipherText(cipherSpec, raw);
-			 
-			 // If we are using a "preferred" cipher mode--i.e., one that supports *both* confidentiality and
-			 // authenticity, there is no point to store a separate MAC in the CipherText object. Thus we only
-             // do this when we are not using such a cipher mode.
-			 if ( !preferredCipherMode ) {
-			     // Compute derived key, and then use it to compute and store separate MAC in CipherText object.
-			     SecretKey authKey = computeDerivedKey(KeyDerivationFunction.kdfVersion, getDefaultPRF(),
-			    		 							   key, keySize, "authenticity");
-			     ciphertext.computeAndStoreMAC(  authKey );
-			 }
-			 logger.debug(Logger.EVENT_SUCCESS, "JavaEncryptor.encrypt(SecretKey,byte[],boolean,boolean) -- success!");
-			 success = true;	// W00t!!!
-			 return ciphertext;
-		} catch (InvalidKeyException ike) {
-			 throw new EncryptionException("Encryption failure: Invalid key exception.",
-					 "Requested key size: " + keySize + "bits greater than 128 bits. Must install unlimited strength crypto extension from Sun: " +
-					 ike.getMessage(), ike);
-		 } catch (ConfigurationException cex) {
-			 throw new EncryptionException("Encryption failure: Configuration error. Details in log.", "Key size mismatch or unsupported IV method. " +
-					 "Check encryption key size vs. ESAPI.EncryptionKeyLength or Encryptor.ChooseIVMethod property.", cex);
-		 } catch (InvalidAlgorithmParameterException e) {
-			 throw new EncryptionException("Encryption failure (invalid IV)",
-					 "Encryption problem: Invalid IV spec: " + e.getMessage(), e);
-		 } catch (IllegalBlockSizeException e) {
-			 throw new EncryptionException("Encryption failure (no padding used; invalid input size)",
-					 "Encryption problem: Invalid input size without padding (" + xform + "). " + e.getMessage(), e);
-		 } catch (BadPaddingException e) {
-			 throw new EncryptionException("Encryption failure",
-					 "[Note: Should NEVER happen in encryption mode.] Encryption problem: " + e.getMessage(), e);
-		 } catch (NoSuchAlgorithmException e) {
-			 throw new EncryptionException("Encryption failure (unavailable cipher requested)",
-					 "Encryption problem: specified algorithm in cipher xform " + xform + " not available: " + e.getMessage(), e);
-		 } catch (NoSuchPaddingException e) {
-			 throw new EncryptionException("Encryption failure (unavailable padding scheme requested)",
-					 "Encryption problem: specified padding scheme in cipher xform " + xform + " not available: " + e.getMessage(), e);
-		 } finally {
-			 // Don't overwrite anything in the case of exceptions because they may wish to retry.
-			 if ( success && overwritePlaintext ) {
-				 plain.overwrite();		// Note: Same as overwriting 'plaintext' byte array.
-		}
-	}
-	 }
-
-	/**
-	* {@inheritDoc}
-	*/
-	public PlainText decrypt(CipherText ciphertext) throws EncryptionException {
-		 // Now more of a convenience function for using the master key.
-		 return decrypt(secretKeySpec, ciphertext);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public PlainText decrypt(SecretKey key, CipherText ciphertext)
-	    throws EncryptionException, IllegalArgumentException
-	{
-	    long start = System.nanoTime();  // Current time in nanosecs; used to prevent timing attacks
-	    if ( key == null ) {
-	        throw new IllegalArgumentException("SecretKey arg may not be null");
-	    }
-	    if ( ciphertext == null ) {
-	        throw new IllegalArgumentException("Ciphertext may arg not be null");
-	    }
-
-	    if ( ! CryptoHelper.isAllowedCipherMode(ciphertext.getCipherMode()) ) {
-	        // This really should be an illegal argument exception, but it could
-	        // mean that a partner encrypted something using a cipher mode that
-	        // you do not accept, so it's a bit more complex than that. Also
-	        // throwing an IllegalArgumentException doesn't allow us to provide
-	        // the two separate error messages or automatically log it.
-	        throw new EncryptionException(DECRYPTION_FAILED,
-	                "Invalid cipher mode " + ciphertext.getCipherMode() +
-	        " not permitted for decryption or encryption operations.");
-	    }
-	    logger.debug(Logger.EVENT_SUCCESS,
-	            "Args valid for JavaEncryptor.decrypt(SecretKey,CipherText): " +
-	            ciphertext);
-
-	    PlainText plaintext = null;
-	    boolean caughtException = false;
-	    int progressMark = 0;
-	    try {
-	        // First we validate the MAC.
-	        boolean valid = CryptoHelper.isCipherTextMACvalid(key, ciphertext);
-	        if ( !valid ) {
-	            try {
-	                // This is going to fail, but we want the same processing
-	                // to occur as much as possible so as to prevent timing
-	                // attacks. We _could_ just be satisfied by the additional
-	                // sleep in the 'finally' clause, but an attacker on the
-	                // same server who can run something like 'ps' can tell
-	                // CPU time versus when the process is sleeping. Hence we
-	                // try to make this as close as possible. Since we know
-	                // it is going to fail, we ignore the result and ignore
-	                // the (expected) exception.
-	                handleDecryption(key, ciphertext); // Ignore return (should fail).
-	            } catch(Exception ex) {
-	                ;   // Ignore
-	            }
-	            throw new EncryptionException(DECRYPTION_FAILED,
-	                    "Decryption failed because MAC invalid for " +
-	                    ciphertext);
-	        }
-	        progressMark++;
-	        // The decryption only counts if the MAC was valid.
-	        plaintext = handleDecryption(key, ciphertext);
-	        progressMark++;
-	    } catch(EncryptionException ex) {
-	        caughtException = true;
-	        String logMsg = null;
-	        switch( progressMark ) {
-	        case 1:
-	            logMsg = "Decryption failed because MAC invalid. See logged exception for details.";
-	            break;
-	        case 2:
-	            logMsg = "Decryption failed because handleDecryption() failed. See logged exception for details.";
-	            break;
-	        default:
-	            logMsg = "Programming error: unexpected progress mark == " + progressMark;
-	        break;
-	        }
-	        logger.error(Logger.SECURITY_FAILURE, logMsg);
-	        throw ex;           // Re-throw
-	    }
-	    finally {
-	        if ( caughtException ) {
-	            // The rest of this code is to try to account for any minute differences
-	            // in the time it might take for the various reasons that decryption fails
-	            // in order to prevent any other possible timing attacks. Perhaps it is
-	            // going overboard. If nothing else, if N_SECS is large enough, it might
-	            // deter attempted repeated attacks by making them take much longer.
-	            long now = System.nanoTime();
-	            long elapsed = now - start;
-	            final long NANOSECS_IN_SEC = 1000000000L; // nanosec is 10**-9 sec
-	            long nSecs = N_SECS * NANOSECS_IN_SEC;  // N seconds in nano seconds
-	            if ( elapsed < nSecs ) {
-	                // Want to sleep so total time taken is N seconds.
-	                long extraSleep = nSecs - elapsed;
-
-	                // 'extraSleep' is in nanoseconds. Need to convert to a millisec
-	                // part and nanosec part. Nanosec is 10**-9, millsec is
-	                // 10**-3, so divide by (10**-9 / 10**-3), or 10**6 to
-	                // convert to from nanoseconds to milliseconds.
-	                long millis = extraSleep / 1000000L;
-	                long nanos  = (extraSleep - (millis * 1000000L));
-	                assert nanos >= 0 && nanos <= Integer.MAX_VALUE :
-                            "Nanosecs out of bounds; nanos = " + nanos;
-	                try {
-	                    Thread.sleep(millis, (int)nanos);
-	                } catch(InterruptedException ex) {
-	                    ;   // Ignore
-	                }
-	            } // Else ... time already exceeds N_SECS sec, so do not sleep.
-	        }
-	    }
-	    return plaintext;
-	}
-
-    // Handle the actual decryption portion. At this point it is assumed that
-    // any MAC has already been validated. (But see "DISCUSS" issue, below.)
-    private PlainText handleDecryption(SecretKey key, CipherText ciphertext)
-        throws EncryptionException
-    {
-        int keySize = 0;
-        try {
-            Cipher decrypter = Cipher.getInstance(ciphertext.getCipherTransformation());
-            keySize = key.getEncoded().length * 8;  // Convert to # bits
-
-            // Using cipher mode that supports *both* confidentiality *and* authenticity? If so, then
-            // use the specified SecretKey as-is rather than computing a derived key from it. We also
-            // don't expect a separate MAC in the specified CipherText object so therefore don't try
-            // to validate it.
-            boolean preferredCipherMode = CryptoHelper.isCombinedCipherMode( ciphertext.getCipherMode() );
-            SecretKey encKey = null;
-            if ( preferredCipherMode ) {
-                encKey = key;
-            } else {
-                // TODO: PERFORMANCE: Calculate avg time this takes and consider caching for very short interval
-                //       (e.g., 2 to 5 sec tops). Otherwise doing lots of encryptions in a loop could take a LOT longer.
-                //       But remember Jon Bentley's "Rule #1 on performance: First make it right, then make it fast."
-            	//		 This would be a security trade-off as it would leave keys in memory a bit longer, so it
-            	//		 should probably be off by default and controlled via a property.
-            	//
-            	// TODO: Feed in some additional parms here to use as the 'context' for the
-            	//		 KeyDerivationFunction...especially the KDF version. We would have to
-            	//		 store that in the CipherText object. We *possibly* could make it
-            	//		 transient so it would not be serialized with the CipherText object,
-            	//		 otherwise we would have to implement readObject() and writeObject()
-            	//		 methods there to support backward compatibility. Anyhow the intent
-            	//		 is to prevent down grade attacks when we finally re-design and
-            	//		 re-implement the MAC. Think about this in version 2.1.1.
-                encKey = computeDerivedKey( ciphertext.getKDFVersion(), ciphertext.getKDF_PRF(),
-                		                    key, keySize, "encryption");
-            }
-            if ( ciphertext.requiresIV() ) {
-                decrypter.init(Cipher.DECRYPT_MODE, encKey, new IvParameterSpec(ciphertext.getIV()));
-            } else {
-                decrypter.init(Cipher.DECRYPT_MODE, encKey);
-            }
-            byte[] output = decrypter.doFinal(ciphertext.getRawCipherText());
-            return new PlainText(output);
-
-        } catch (InvalidKeyException ike) {
-            throw new EncryptionException(DECRYPTION_FAILED, "Must install JCE Unlimited Strength Jurisdiction Policy Files from Sun", ike);
-        } catch (NoSuchAlgorithmException e) {
-            throw new EncryptionException(DECRYPTION_FAILED, "Invalid algorithm for available JCE providers - " +
-                    ciphertext.getCipherTransformation() + ": " + e.getMessage(), e);
-        } catch (NoSuchPaddingException e) {
-            throw new EncryptionException(DECRYPTION_FAILED, "Invalid padding scheme (" +
-                    ciphertext.getPaddingScheme() + ") for cipher transformation " + ciphertext.getCipherTransformation() +
-                    ": " + e.getMessage(), e);
-        } catch (InvalidAlgorithmParameterException e) {
-            throw new EncryptionException(DECRYPTION_FAILED, "Decryption problem: " + e.getMessage(), e);
-        } catch (IllegalBlockSizeException e) {
-            throw new EncryptionException(DECRYPTION_FAILED, "Decryption problem: " + e.getMessage(), e);
-        } catch (BadPaddingException e) {
-            //DISCUSS: This needs fixed. Already validated MAC in CryptoHelper.isCipherTextMACvalid() above.
-            //So only way we could get a padding exception is if invalid padding were used originally by
-            //the party doing the encryption. (This might happen with a buggy padding scheme for instance.)
-            //It *seems* harmless though, so will leave it for now, and technically, we need to either catch it
-            //or declare it in a throws class. Clearly we don't want to do the later. This should be discussed
-            //during a code inspection.
-            SecretKey authKey;
-            try {
-                authKey = computeDerivedKey( ciphertext.getKDFVersion(), ciphertext.getKDF_PRF(),
-                		                     key, keySize, "authenticity");
-            } catch (Exception e1) {
-                throw new EncryptionException(DECRYPTION_FAILED,
-                        "Decryption problem -- failed to compute derived key for authenticity: " + e1.getMessage(), e1);
-            }
-            boolean success = ciphertext.validateMAC( authKey );
-            if ( success ) {
-                throw new EncryptionException(DECRYPTION_FAILED, "Decryption problem: " + e.getMessage(), e);
-            } else {
-                throw new EncryptionException(DECRYPTION_FAILED,
-                        "Decryption problem: WARNING: Adversary may have tampered with " +
-                        "CipherText object orCipherText object mangled in transit: " + e.getMessage(), e);
-            }
-        }
-    }
-	
-	/**
-	* {@inheritDoc}
-	*/
-	public String sign(String data) throws EncryptionException {
-		try {
-			Signature signer = Signature.getInstance(signatureAlgorithm);
-			signer.initSign(privateKey);
-			signer.update(data.getBytes(encoding));
-			byte[] bytes = signer.sign();
-			return ESAPI.encoder().encodeForBase64(bytes, false);
-		} catch (InvalidKeyException ike) {
-			throw new EncryptionException("Encryption failure", "Must install unlimited strength crypto extension from Sun", ike);
-		} catch (Exception e) {
-			throw new EncryptionException("Signature failure", "Can't find signature algorithm " + signatureAlgorithm, e);
-		}
-	}
-		
-	/**
-	* {@inheritDoc}
-	*/
-	public boolean verifySignature(String signature, String data) {
-		try {
-			byte[] bytes = ESAPI.encoder().decodeFromBase64(signature);
-			Signature signer = Signature.getInstance(signatureAlgorithm);
-			signer.initVerify(publicKey);
-			signer.update(data.getBytes(encoding));
-			return signer.verify(bytes);
-		} catch (Exception e) {
-		    // NOTE: EncryptionException constructed *only* for side-effect of causing logging.
-		    // FindBugs complains about this and since it examines byte-code, there's no way to
-		    // shut it up.
-			new EncryptionException("Invalid signature", "Problem verifying signature: " + e.getMessage(), e);
-			return false;
-		}
-	}
-
-	/**
-	* {@inheritDoc}
-     *
-     * @param expiration
-     * @throws IntegrityException
-     */
-	public String seal(String data, long expiration) throws IntegrityException {
-	    if ( data == null ) {
-	        throw new IllegalArgumentException("Data to be sealed may not be null.");
-	    }
-	    
-		try {
-		    String b64data = null;
-            try {
-                b64data = ESAPI.encoder().encodeForBase64(data.getBytes("UTF-8"), false);
-            } catch (UnsupportedEncodingException e) {
-                ; // Ignore; should never happen since UTF-8 built into rt.jar
-            }
-			// mix in some random data so even identical data and timestamp produces different seals
-			String nonce = ESAPI.randomizer().getRandomString(10, EncoderConstants.CHAR_ALPHANUMERICS);
-			String plaintext = expiration + ":" + nonce + ":" + b64data;
-			// add integrity check; signature is already base64 encoded.
-			String sig = this.sign( plaintext );
-			CipherText ciphertext = this.encrypt( new PlainText(plaintext + ":" + sig) );
-			String sealedData = ESAPI.encoder().encodeForBase64(ciphertext.asPortableSerializedByteArray(), false);
-			return sealedData;
-		} catch( EncryptionException e ) {
-			throw new IntegrityException( e.getUserMessage(), e.getLogMessage(), e );
-		}
-	}
-
-	/**
-	* {@inheritDoc}
-	*/
-	public String unseal(String seal) throws EncryptionException {
-		PlainText plaintext = null;
-		try {
-		    byte[] encryptedBytes = ESAPI.encoder().decodeFromBase64(seal);
-		    CipherText cipherText = null;
-		    try {
-		        cipherText = CipherText.fromPortableSerializedBytes(encryptedBytes);
-		    } catch( AssertionError e) {
-	            // Some of the tests in EncryptorTest.testVerifySeal() are examples of
-		        // this if assertions are enabled.
-		        throw new EncryptionException("Invalid seal",
-	                                          "Seal passed garbarge data resulting in AssertionError: " + e);
-	        }
-			plaintext = this.decrypt(cipherText);
-
-			String[] parts = plaintext.toString().split(":");
-			if (parts.length != 4) {
-				throw new EncryptionException("Invalid seal", "Seal was not formatted properly.");
-			}
-	
-			String timestring = parts[0];
-			long now = new Date().getTime();
-			long expiration = Long.parseLong(timestring);
-			if (now > expiration) {
-				throw new EncryptionException("Invalid seal", "Seal expiration date of " + new Date(expiration) + " has past.");
-			}
-			String nonce = parts[1];
-			String b64data = parts[2];
-			String sig = parts[3];
-			if (!this.verifySignature(sig, timestring + ":" + nonce + ":" + b64data ) ) {
-				throw new EncryptionException("Invalid seal", "Seal integrity check failed");
-			}	
-			return new String(ESAPI.encoder().decodeFromBase64(b64data), "UTF-8");
-		} catch (EncryptionException e) {
-			throw e;
-		} catch (Exception e) {
-			throw new EncryptionException("Invalid seal", "Invalid seal:" + e.getMessage(), e);
-		}
-	}
-
-	
-	/**
-	* {@inheritDoc}
-	*/
-	public boolean verifySeal( String seal ) {
-		try {
-			unseal( seal );
-			return true;
-		} catch( EncryptionException e ) {
-			return false;
-		}
-	}
-	
-	/**
-	* {@inheritDoc}
-	*/
-	public long getTimeStamp() {
-		return new Date().getTime();
-	}
-
-	/**
-	* {@inheritDoc}
-	*/
-	public long getRelativeTimeStamp( long offset ) {
-		return new Date().getTime() + offset;
-	}
-
-	// DISCUSS: Why experimental? Would have to be added to Encryptor interface
-	//			but only 3 things I saw wrong with this was 1) it used HMacMD5 instead
-	//			of HMacSHA1 (see discussion below), 2) that the HMac key is the
-	//			same one used for encryption (also see comments), and 3) it caught
-	//			overly broad exceptions. Here it is with these specific areas
-	//			addressed, but no unit testing has been done at this point. -kww
-   /**
-    * Compute an HMAC for a String.  Experimental.
-    * @param input	The input for which to compute the HMac.
-    */
-/********************
-	public String computeHMAC( String input ) throws EncryptionException {
-		try {
-			Mac hmac = Mac.getInstance("HMacSHA1"); // DISCUSS: Changed to HMacSHA1. MD5 *badly* broken
-												   //          SHA1 should really be avoided, but using
-												   //		   for HMAC-SHA1 is acceptable for now. Plan
-												   //		   to migrate to SHA-256 or NIST replacement for
-												   //		   SHA1 in not too distant future.
-			// DISCUSS: Also not recommended that the HMac key is the same as the one
-			//			used for encryption (namely, Encryptor.MasterKey). If anything it
-			//			would be better to use Encryptor.MasterSalt for the HMac key, or
-			//			perhaps a derived key based on the master salt. (One could use
-			//			KeyDerivationFunction.computeDerivedKey().)
-			//
-			byte[] salt = ESAPI.securityConfiguration().getMasterSalt();
-			hmac.init( new SecretKeySpec(salt, "HMacSHA1") );	// Was:	hmac.init(secretKeySpec)	
-			byte[] inBytes;
-			try {
-				inBytes = input.getBytes("UTF-8");
-			} catch (UnsupportedEncodingException e) {
-				logger.warning(Logger.SECURITY_FAILURE, "computeHMAC(): Can't find UTF-8 encoding; using default encoding", e);
-				inBytes = input.getBytes();
-			}
-			byte[] bytes = hmac.doFinal( inBytes );
-			return ESAPI.encoder().encodeForBase64(bytes, false);
-		} catch (InvalidKeyException ike) {
-			throw new EncryptionException("Encryption failure", "Must install unlimited strength crypto extension from Sun", ike);
-	    } catch (NoSuchAlgorithmException e) {
-	    	throw new EncryptionException("Could not compute HMAC", "Can't find HMacSHA1 algorithm. " +
-	    															"Problem computing HMAC for " + input, e );
-	    }
-	}
-********************/
-
-    /**
-     * Log a security warning every Nth time one of the deprecated encrypt or
-     * decrypt methods are called. ('N' is hard-coded to be 25 by default, but
-     * may be changed via the system property
-     * {@code ESAPI.Encryptor.warnEveryNthUse}.) In other words, we nag
-     * them until the give in and change it. ;-)
-     * 
-     * @param where The string "encrypt" or "decrypt", corresponding to the
-     *              method that is being logged.
-     * @param msg   The message to log.
-     */
-    private void logWarning(String where, String msg) {
-        int counter = 0;
-        if ( where.equals("encrypt") ) {
-            counter = encryptCounter++;
-            where = "JavaEncryptor.encrypt(): [count=" + counter +"]";
-        } else if ( where.equals("decrypt") ) {
-            counter = decryptCounter++;
-            where = "JavaEncryptor.decrypt(): [count=" + counter +"]";
-        } else {
-            where = "JavaEncryptor: Unknown method: ";
-        }
-        // We log the very first time (note the use of post-increment on the
-        // counters) and then every Nth time thereafter. Logging every single
-        // time is likely to be way too much logging.
-        if ( (counter % logEveryNthUse) == 0 ) {
-            logger.warning(Logger.SECURITY_FAILURE, where + msg);
-        }
-    }
-    
-    private KeyDerivationFunction.PRF_ALGORITHMS getPRF(String name) {    	
-		String prfName = null;
-		if ( name == null ) {
-			prfName = ESAPI.securityConfiguration().getKDFPseudoRandomFunction();
-		} else {
-			prfName = name;
-		}
-		KeyDerivationFunction.PRF_ALGORITHMS prf = KeyDerivationFunction.convertNameToPRF(prfName);
-		return prf;
-    }
-    
-    private KeyDerivationFunction.PRF_ALGORITHMS getDefaultPRF() {
-		String prfName = ESAPI.securityConfiguration().getKDFPseudoRandomFunction();
-		return getPRF(prfName);
-    }
-    
-    // Private interface to call ESAPI's KDF to get key for encryption or authenticity.
-    private SecretKey computeDerivedKey(int kdfVersion, KeyDerivationFunction.PRF_ALGORITHMS prf,
-    									SecretKey kdk, int keySize, String purpose)
-    	throws NoSuchAlgorithmException, InvalidKeyException, EncryptionException
-    {
-    	// These really should be turned into actual runtime checks and an
-    	// IllegalArgumentException should be thrown if they are violated.
-    	// But this should be OK since this is a private method. Also, this method will
-    	// be called quite often so assertions are a big win as they can be disabled or
-    	// enabled at will.
-    	assert prf != null : "Pseudo Random Function for KDF cannot be null";
-    	assert kdk != null : "Key derivation key cannot be null.";
-    	// We would choose a larger minimum key size, but we want to be
-    	// able to accept DES for legacy encryption needs. NIST says 112-bits is min. If less than that,
-    	// we print warning.
-    	assert keySize >= 56 : "Key has size of " + keySize + ", which is less than minimum of 56-bits.";
-    	assert (keySize % 8) == 0 : "Key size (" + keySize + ") must be a even multiple of 8-bits.";
-    	assert purpose != null : "Purpose cannot be null. Should be 'encryption' or 'authenticity'.";
-    	assert purpose.equals("encryption") || purpose.equals("authenticity") :
-    		"Purpose must be \"encryption\" or \"authenticity\".";
-
-    	KeyDerivationFunction kdf = new KeyDerivationFunction(prf);
-    	if ( kdfVersion != 0 ) {
-    		kdf.setVersion(kdfVersion);
-    	}
-    	return kdf.computeDerivedKey(kdk, keySize, purpose);
-    }
-
-    // Get all the algorithms we will be using from ESAPI.properties.
-    private static void setupAlgorithms() {
-        // setup algorithms
-        encryptAlgorithm = ESAPI.securityConfiguration().getEncryptionAlgorithm();
-        signatureAlgorithm = ESAPI.securityConfiguration().getDigitalSignatureAlgorithm();
-        randomAlgorithm = ESAPI.securityConfiguration().getRandomAlgorithm();
-        hashAlgorithm = ESAPI.securityConfiguration().getHashAlgorithm();
-        hashIterations = ESAPI.securityConfiguration().getHashIterations();
-        encoding = ESAPI.securityConfiguration().getCharacterEncoding();
-        encryptionKeyLength = ESAPI.securityConfiguration().getEncryptionKeyLength();
-        signatureKeyLength = ESAPI.securityConfiguration().getDigitalSignatureKeyLength();
-    }
-    
-    // Set up signing key pair using the master password and salt. Called (once)
-    // from the JavaEncryptor CTOR.
-    private static void initKeyPair(SecureRandom prng) throws NoSuchAlgorithmException {
-        String sigAlg = signatureAlgorithm.toLowerCase();
-        if ( sigAlg.endsWith("withdsa") ) {
-            //
-            // Admittedly, this is a kludge. However for Sun JCE, even though
-            // "SHA1withDSA" is a valid signature algorithm name, if one calls
-            //      KeyPairGenerator kpg = KeyPairGenerator.getInstance("SHA1withDSA");
-            // that will throw a NoSuchAlgorithmException with an exception
-            // message of "SHA1withDSA KeyPairGenerator not available". Since
-            // SHA1withDSA and DSA keys should be identical, we use "DSA"
-            // in the case that SHA1withDSA or SHAwithDSA was specified. This is
-            // all just to make these 2 work as expected. Sigh. (Note:
-            // this was tested with JDK 1.6.0_21, but likely fails with earlier
-            // versions of the JDK as well.)
-            //
-            sigAlg = "DSA";
-        } else if ( sigAlg.endsWith("withrsa") ) {
-            // Ditto for RSA.
-            sigAlg = "RSA";
-        }
-        KeyPairGenerator keyGen = KeyPairGenerator.getInstance(sigAlg);
-        keyGen.initialize(signatureKeyLength, prng);
-        KeyPair pair = keyGen.generateKeyPair();
-        privateKey = pair.getPrivate();
-        publicKey = pair.getPublic();
-    }
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author kevin.w.wall@gmail.com
+ * @created 2007
+ */
+package org.owasp.esapi.reference.crypto;
+
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.PrivateKey;
+import java.security.Provider;
+import java.security.PublicKey;
+import java.security.SecureRandom;
+import java.security.Security;
+import java.security.Signature;
+import java.util.Date;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Set;
+import java.util.TreeMap;
+import java.util.Map.Entry;
+
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+// import javax.crypto.Mac;			// Uncomment if computeHMAC() is included.
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
+import javax.crypto.spec.IvParameterSpec;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.EncoderConstants;
+import org.owasp.esapi.Encryptor;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.codecs.Hex;
+import org.owasp.esapi.crypto.CipherSpec;
+import org.owasp.esapi.crypto.CipherText;
+import org.owasp.esapi.crypto.CryptoHelper;
+import org.owasp.esapi.crypto.KeyDerivationFunction;
+import org.owasp.esapi.crypto.PlainText;
+import org.owasp.esapi.crypto.SecurityProviderLoader;
+import org.owasp.esapi.errors.ConfigurationException;
+import org.owasp.esapi.errors.EncryptionException;
+import org.owasp.esapi.errors.IntegrityException;
+import org.owasp.esapi.reference.DefaultSecurityConfiguration;
+
+/**
+ * Reference implementation of the {@code Encryptor} interface. This implementation
+ * layers on the JCE provided cryptographic package. Algorithms used are
+ * configurable in the {@code ESAPI.properties} file. The main property
+ * controlling the selection of this class is {@code ESAPI.Encryptor}. Most of
+ * the other encryption related properties have property names that start with
+ * the string "Encryptor.".
+ * 
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author kevin.w.wall@gmail.com
+ * @author Chris Schmidt (chrisisbeef .at. gmail.com)
+ * @since June 1, 2007; some methods since ESAPI Java 2.0
+ * @see org.owasp.esapi.Encryptor
+ */
+public final class JavaEncryptor implements Encryptor {
+    private static volatile Encryptor singletonInstance;
+
+    // Note: This double-check pattern only works because singletonInstance
+    //       is declared to be volatile.  Usually this method is called
+    //       via ESAPI.encryptor() rather than directly.
+    public static Encryptor getInstance() throws EncryptionException {
+        if ( singletonInstance == null ) {
+            synchronized ( JavaEncryptor.class ) {
+                if ( singletonInstance == null ) {
+                    singletonInstance = new JavaEncryptor();
+                }
+            }
+        }
+        return singletonInstance;
+    }
+
+    private static boolean initialized = false;
+    
+    // encryption
+    private static SecretKeySpec secretKeySpec = null; // DISCUSS: Why static? Implies one key?!?
+    private static String encryptAlgorithm = "AES";
+    private static String encoding = "UTF-8"; 
+    private static int encryptionKeyLength = 128;
+    
+    // digital signatures
+    private static PrivateKey privateKey = null;
+	private static PublicKey publicKey = null;
+	private static String signatureAlgorithm = "SHA1withDSA";
+    private static String randomAlgorithm = "SHA1PRNG";
+	private static int signatureKeyLength = 1024;
+	
+	// hashing
+	private static String hashAlgorithm = "SHA-512";
+	private static int hashIterations = 1024;
+	
+	// Logging - DISCUSS: This "sticks" us with a specific logger to whatever it was when
+	//					  this class is first loaded. Is this a big limitation? Since there
+	//                    is no method to reset it, we may has well make it 'final' also.
+	private static Logger logger = ESAPI.getLogger("JavaEncryptor");
+	    // Used to print out warnings about deprecated methods.
+	private static int encryptCounter = 0;
+	private static int decryptCounter = 0;
+        // DISCUSS: OK to not have a property for this to set the frequency?
+        //          The desire is to persuade people to move away from these
+	    //          two deprecated encrypt(String) / decrypt(String) methods,
+        //          so perhaps the annoyance factor of not being able to
+        //          change it will help. For now, it is just hard-coded here.
+        //          We could be mean and just print a warning *every* time.
+	private static final int logEveryNthUse = 25;
+	
+    // *Only* use this string for user messages for EncryptionException when
+    // decryption fails. This is to prevent information leakage that may be
+    // valuable in various forms of ciphertext attacks, such as the
+	// Padded Oracle attack described by Rizzo and Duong.
+    private static final String DECRYPTION_FAILED =
+        "Decryption failed; see logs for details.";
+
+    // # of seconds that all failed decryption attempts will take. Used to
+    // help prevent side-channel timing attacks.
+    private static int N_SECS = 2;
+
+	// Load the preferred JCE provider if one has been specified.
+	static {
+	    try {
+            SecurityProviderLoader.loadESAPIPreferredJCEProvider();
+        } catch (NoSuchProviderException ex) {
+        	// Note that audit logging is done elsewhere in called method.
+            logger.fatal(Logger.SECURITY_FAILURE,
+                         "JavaEncryptor failed to load preferred JCE provider.", ex);
+            throw new ExceptionInInitializerError(ex);
+        }
+        setupAlgorithms();
+	}
+	
+    /**
+     * Generates a new strongly random secret key and salt that can be
+     * copy and pasted in the <b>ESAPI.properties</b> file.
+     * 
+     * @param args Set first argument to "-print" to display available algorithms on standard output.
+     * @throws java.lang.Exception	To cover a multitude of sins, mostly in configuring ESAPI.properties.
+     */
+    public static void main( String[] args ) throws Exception {
+		System.out.println( "Generating a new secret master key" );
+		
+		// print out available ciphers
+		if ( args.length == 1 && args[0].equalsIgnoreCase("-print" ) ) {
+			System.out.println( "AVAILABLE ALGORITHMS" );
+
+			Provider[] providers = Security.getProviders();
+			TreeMap<String, String> tm = new TreeMap<String, String>();
+			// DISCUSS: Note: We go through multiple providers, yet nowhere do I
+			//			see where we print out the PROVIDER NAME. Not all providers
+			//			will implement the same algorithms and some "partner" with
+			//			whom we are exchanging different cryptographic messages may
+			//			have _different_ providers in their java.security file. So
+			//			it would be useful to know the provider name where each
+			//			algorithm is implemented. Might be good to prepend the provider
+			//			name to the 'key' with something like "providerName: ". Thoughts?
+			for (int i = 0; i != providers.length; i++) {
+				// DISCUSS: Print security provider name here???
+					// Note: For some odd reason, Provider.keySet() returns
+					//		 Set<Object> of the property keys (which are Strings)
+					//		 contained in this provider, but Set<String> seems
+					//		 more appropriate. But that's why we need the cast below.
+	            System.out.println("===== Provider " + i + ":" + providers[i].getName() + " ======");
+				Iterator<Object> it = providers[i].keySet().iterator();
+				while (it.hasNext()) {
+					String key = (String)it.next();
+		            String value = providers[i].getProperty( key );
+		            tm.put(key, value);
+	                System.out.println("\t\t   " + key + " -> "+ value );
+				}
+			}
+
+			Set< Entry<String,String> > keyValueSet = tm.entrySet();
+			Iterator<Entry<String, String>> it = keyValueSet.iterator();
+			while( it.hasNext() ) {
+				Map.Entry<String,String> entry = it.next();
+				String key = entry.getKey();
+				String value = entry.getValue();
+	        	System.out.println( "   " + key + " -> "+ value );
+			}
+		} else {
+				// Used to print a similar line to use '-print' even when it was specified.
+			System.out.println( "\tuse '-print' to also show available crypto algorithms from all the security providers" );
+		}
+		
+        // setup algorithms -- Each of these have defaults if not set, although
+		//					   someone could set them to something invalid. If
+		//					   so a suitable exception will be thrown and displayed.
+        encryptAlgorithm = ESAPI.securityConfiguration().getEncryptionAlgorithm();
+		encryptionKeyLength = ESAPI.securityConfiguration().getEncryptionKeyLength();
+		randomAlgorithm = ESAPI.securityConfiguration().getRandomAlgorithm();
+
+		SecureRandom random = SecureRandom.getInstance(randomAlgorithm);
+		SecretKey secretKey = CryptoHelper.generateSecretKey(encryptAlgorithm, encryptionKeyLength);
+        byte[] raw = secretKey.getEncoded();
+        byte[] salt = new byte[20];	// Or 160-bits; big enough for SHA1, but not SHA-256 or SHA-512.
+        random.nextBytes( salt );
+        String eol = System.getProperty("line.separator", "\n"); // So it works on Windows too.
+        System.out.println( eol + "Copy and paste these lines into your ESAPI.properties" + eol);
+        System.out.println( "#==============================================================");
+        System.out.println( "Encryptor.MasterKey=" + ESAPI.encoder().encodeForBase64(raw, false) );
+        System.out.println( "Encryptor.MasterSalt=" + ESAPI.encoder().encodeForBase64(salt, false) );
+        System.out.println( "#==============================================================" + eol);
+    }
+	
+    
+    /**
+     * Private CTOR for {@code JavaEncryptor}, called by {@code getInstance()}.
+     * @throws EncryptionException if can't construct this object for some reason.
+     * 					Original exception will be attached as the 'cause'.
+     */
+    private JavaEncryptor() throws EncryptionException {
+        byte[] salt = ESAPI.securityConfiguration().getMasterSalt();
+        byte[] skey = ESAPI.securityConfiguration().getMasterKey();
+
+        assert salt != null : "Can't obtain master salt, Encryptor.MasterSalt";
+        assert salt.length >= 16 : "Encryptor.MasterSalt must be at least 16 bytes. " +
+                                   "Length is: " + salt.length + " bytes.";
+        assert skey != null : "Can't obtain master key, Encryptor.MasterKey";
+        assert skey.length >= 7 : "Encryptor.MasterKey must be at least 7 bytes. " +
+                                  "Length is: " + skey.length + " bytes.";
+        
+        // Set up secretKeySpec for use for symmetric encryption and decryption,
+        // and set up the public/private keys for asymmetric encryption /
+        // decryption.
+        // TODO: Note: If we dump ESAPI 1.4 crypto backward compatibility,
+        //       then we probably will ditch the Encryptor.EncryptionAlgorithm
+        //       property. If so, encryptAlgorithm should probably use
+        //       Encryptor.CipherTransformation and just pull off the cipher
+        //       algorithm name so we can use it here.
+        synchronized(JavaEncryptor.class) {
+            if ( ! initialized ) {
+                //
+                // For symmetric encryption
+                //
+                //      NOTE: FindBugs complains about this
+                //            (ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD) but
+                //            it should be OK since it is synchronized and only
+                //            done once. While we could separate this out and
+                //            handle in a static initializer, it just seems to
+                //            fit better here.
+                secretKeySpec = new SecretKeySpec(skey, encryptAlgorithm );
+                
+                //
+                // For asymmetric encryption (i.e., public/private key)
+                //
+                try {
+                    SecureRandom prng = SecureRandom.getInstance(randomAlgorithm);
+
+                    // Because hash() is not static (but it could be were in not
+                    // for the interface method specification in Encryptor), we
+                    // cannot do this initialization in a static method or static
+                    // initializer.
+                    byte[] seed = hash(new String(skey, encoding),new String(salt, encoding)).getBytes(encoding);
+                    prng.setSeed(seed);
+                    initKeyPair(prng);
+                } catch (Exception e) {
+                    throw new EncryptionException("Encryption failure", "Error creating Encryptor", e);
+                }             
+                
+                // Mark everything as initialized.
+                initialized = true;
+            }
+        }
+    }
+     
+
+
+	/**
+     * {@inheritDoc}
+     * 
+	 * Hashes the data with the supplied salt and the number of iterations specified in
+	 * the ESAPI SecurityConfiguration.
+	 */
+	public String hash(String plaintext, String salt) throws EncryptionException {
+		return hash( plaintext, salt, hashIterations );
+	}
+	
+	/**
+     * {@inheritDoc}
+     * 
+	 * Hashes the data using the specified algorithm and the Java MessageDigest class. This method
+	 * first adds the salt, a separator (":"), and the data, and then rehashes the specified number of iterations
+	 * in order to help strengthen weak passwords.
+	 */
+	public String hash(String plaintext, String salt, int iterations) throws EncryptionException {
+		byte[] bytes = null;
+		try {
+			MessageDigest digest = MessageDigest.getInstance(hashAlgorithm);
+			digest.reset();
+			digest.update(ESAPI.securityConfiguration().getMasterSalt());
+			digest.update(salt.getBytes(encoding));
+			digest.update(plaintext.getBytes(encoding));
+
+			// rehash a number of times to help strengthen weak passwords
+			bytes = digest.digest();
+			for (int i = 0; i < iterations; i++) {
+				digest.reset();
+				bytes = digest.digest(bytes);
+			}
+			String encoded = ESAPI.encoder().encodeForBase64(bytes,false);
+			return encoded;
+		} catch (NoSuchAlgorithmException e) {
+			throw new EncryptionException("Internal error", "Can't find hash algorithm " + hashAlgorithm, e);
+		} catch (UnsupportedEncodingException ex) {
+			throw new EncryptionException("Internal error", "Can't find encoding for " + encoding, ex);
+		}
+	}
+
+	/**
+	* {@inheritDoc}
+	*/
+	 public CipherText encrypt(PlainText plaintext) throws EncryptionException {
+		 // Now more of a convenience function for using the master key.
+		 return encrypt(secretKeySpec, plaintext);
+	 }
+	 
+	 /**
+	  * {@inheritDoc}
+	  */
+	 public CipherText encrypt(SecretKey key, PlainText plain)
+	 			throws EncryptionException
+	 {
+		 if ( key == null ) {
+			 throw new IllegalArgumentException("(Master) encryption key arg may not be null. Is Encryptor.MasterKey set?");
+		 }
+		 if ( plain == null ) {
+			 throw new IllegalArgumentException("PlainText may arg not be null");
+		 }
+		 byte[] plaintext = plain.asBytes();
+		 boolean overwritePlaintext = ESAPI.securityConfiguration().overwritePlainText();
+
+		 boolean success = false;	// Used in 'finally' clause.
+		 String xform = null;
+		 int keySize = key.getEncoded().length * 8;	// Convert to # bits
+
+		try {
+			 xform = ESAPI.securityConfiguration().getCipherTransformation();
+             String[] parts = xform.split("/");
+             assert parts.length == 3 : "Malformed cipher transformation: " + xform;
+             String cipherMode = parts[1];
+             
+             // This way we can prevent modes like OFB and CFB where the IV should never
+             // be repeated with the same encryption key (at least until we support
+             // Encryptor.ChooseIVMethod=specified and allow us to specify some mechanism
+             // to ensure the IV will never be repeated (such as a time stamp or other
+             // monotonically increasing function).
+             // DISCUSS: Should we include the permitted cipher modes in the exception msg?
+             if ( ! CryptoHelper.isAllowedCipherMode(cipherMode) ) {
+                 throw new EncryptionException("Encryption failure: invalid cipher mode ( " + cipherMode + ") for encryption",
+                             "Encryption failure: Cipher transformation " + xform + " specifies invalid " +
+                             "cipher mode " + cipherMode);
+             }
+             
+			 // Note - Cipher is not thread-safe so we create one locally
+			 //        Also, we need to change this eventually so other algorithms can
+			 //        be supported. Eventually, there will be an encrypt() method that
+			 //        takes a (new class) CryptoControls, as something like this:
+			 //          public CipherText encrypt(CryptoControls ctrl, SecretKey skey, PlainText plaintext)
+			 //        and this method will just call that one.
+			 Cipher encrypter = Cipher.getInstance(xform);
+			 String cipherAlg = encrypter.getAlgorithm();
+			 int keyLen = ESAPI.securityConfiguration().getEncryptionKeyLength();
+
+			 // DISCUSS: OK, what do we want to do here if keyLen != keySize? If use keyLen, encryption
+			 //		     could fail with an exception, but perhaps that's what we want. Or we may just be
+			 //			 OK with silently using keySize as long as keySize >= keyLen, which then interprets
+			 //			 ESAPI.EncryptionKeyLength as the *minimum* key size, but as long as we have something
+			 //			 stronger it's OK to use it. For now, I am just going to log warning if different, but use
+			 //			 keySize unless keySize is SMALLER than ESAPI.EncryptionKeyLength, in which case I'm going
+			 //			 to log an error.
+			 //
+			 //			 IMPORTANT NOTE:	When we generate key sizes for both DES and DESede the result of
+			 //								SecretKey.getEncoding().length includes the TRUE key size (i.e.,
+			 //								*with* the even parity bits) rather than the EFFECTIVE key size
+			 //								(which incidentally is what KeyGenerator.init() expects for DES
+			 //								and DESede; duh! Nothing like being consistent). This leads to
+			 //								the following dilemma:
+			 //
+			 //													EFFECTIVE Key Size		TRUE Key Size
+			 //													(KeyGenerator.init())	(SecretKey.getEncoding().length)
+			 //									========================================================================
+			 //									For DES:			56 bits					64 bits
+			 //									For DESede:			112 bits / 168 bits		192 bits (always)
+			 //
+			 //								We are trying to automatically determine the key size from SecretKey
+			 //								based on 8 * SecretKey.getEncoding().length, but as you can see, the
+			 //								2 key 3DES and the 3 key 3DES both use the same key size (192 bits)
+			 //								regardless of what is passed to KeyGenerator.init(). There are no advertised
+			 //								methods to get the key size specified by the init() method so I'm not sure how
+			 //								this is actually working internally. However, it does present a problem if we
+			 //								wish to communicate the 3DES key size to a recipient for later decryption as
+			 //								they would not be able to distinguish 2 key 3DES from 3 key 3DES.
+			 //
+			 //								The only workaround I know is to pass the explicit key size down. However, if
+			 //								we are going to do that, I'd propose passing in a CipherSpec object so we could
+			 //								tell what cipher transformation to use as well instead of just the key size. Then
+			 //								we would extract keySize from the CipherSpec object of from the SecretKey object.
+			 //
+			 if ( keySize != keyLen ) {
+				 // DISCUSS: Technically this is not a security "failure" per se, but not really a "success" either.
+				 logger.warning(Logger.SECURITY_FAILURE, "Encryption key length mismatch. ESAPI.EncryptionKeyLength is " +
+						 keyLen + " bits, but length of actual encryption key is " + keySize +
+				 		" bits.  Did you remember to regenerate your master key (if that is what you are using)???");
+			 }
+			 // DISCUSS: Reconsider these warnings. If thousands of encryptions are done in tight loop, no one needs
+			 //          more than 1 warning. Should we do something more intelligent here?
+			 if ( keySize < keyLen ) {
+				 // ESAPI.EncryptionKeyLength defaults to 128, but that means that we could not use DES (as weak as it
+				 // is), even for legacy code. Therefore, this has been changed to simple log a warning rather than
+				 //	throw the following exception.
+				 //				 throw new ConfigurationException("Actual key size of " + keySize + " bits smaller than specified " +
+				 //						  "encryption key length (ESAPI.EncryptionKeyLength) of " + keyLen + " bits.");
+				 logger.warning(Logger.SECURITY_FAILURE, "Actual key size of " + keySize + " bits SMALLER THAN specified " +
+						 "encryption key length (ESAPI.EncryptionKeyLength) of " + keyLen + " bits with cipher algorithm " + cipherAlg);
+			 }
+			 if ( keySize < 112 ) {		// NIST Special Pub 800-57 considers 112-bits to be the minimally safe key size from 2010-2030.
+				 						// Note that 112 bits 'just happens' to be size of 2-key Triple DES!
+				 logger.warning(Logger.SECURITY_FAILURE, "Potentially unsecure encryption. Key size of " + keySize + "bits " +
+				                "not sufficiently long for " + cipherAlg + ". Should use appropriate algorithm with key size " +
+				                "of *at least* 112 bits except when required by legacy apps. See NIST Special Pub 800-57.");
+			 }
+			 // Check if algorithm mentioned in SecretKey is same as that being used for Cipher object.
+			 // They should be the same. If they are different, things could fail. (E.g., DES and DESede
+			 // require keys with even parity. Even if key was sufficient size, if it didn't have the correct
+			 // parity it could fail.)
+			 //
+			 String skeyAlg = key.getAlgorithm();
+			 if ( !( cipherAlg.startsWith( skeyAlg + "/" ) || cipherAlg.equals( skeyAlg ) ) ) {
+				 // DISCUSS: Should we thrown a ConfigurationException here or just log a warning??? I'm game for
+				 //			 either, but personally I'd prefer the squeaky wheel to the annoying throwing of
+				 //			 a ConfigurationException (which is a RuntimeException). Less likely to upset
+				 //			 the development community.
+				 logger.warning(Logger.SECURITY_FAILURE, "Encryption mismatch between cipher algorithm (" +
+						 cipherAlg + ") and SecretKey algorithm (" + skeyAlg + "). Cipher will use algorithm " + cipherAlg);
+			 }
+
+			 byte[] ivBytes = null;
+			 CipherSpec cipherSpec = new CipherSpec(encrypter, keySize);	// Could pass the ACTUAL (intended) key size
+			 
+             // Using cipher mode that supports *both* confidentiality *and* authenticity? If so, then
+             // use the specified SecretKey as-is rather than computing a derived key from it. We also
+             // don't expect a separate MAC in the specified CipherText object so therefore don't try
+             // to validate it.
+             boolean preferredCipherMode = CryptoHelper.isCombinedCipherMode( cipherMode );
+             SecretKey encKey = null;
+			 if ( preferredCipherMode ) {
+			     encKey = key;
+			 } else {
+			     encKey = computeDerivedKey(KeyDerivationFunction.kdfVersion, getDefaultPRF(),
+			    		 				    key, keySize, "encryption");
+			 }
+			 
+			 if ( cipherSpec.requiresIV() ) {
+				 String ivType = ESAPI.securityConfiguration().getIVType();
+				 IvParameterSpec ivSpec = null;
+				 if ( ivType.equalsIgnoreCase("random") ) {
+					 ivBytes = ESAPI.randomizer().getRandomBytes(encrypter.getBlockSize());
+				 } else if ( ivType.equalsIgnoreCase("fixed") ) {
+					 String fixedIVAsHex = ESAPI.securityConfiguration().getFixedIV();
+					 ivBytes = Hex.decode(fixedIVAsHex);
+					 /* FUTURE		 } else if ( ivType.equalsIgnoreCase("specified")) {
+					 		// FUTURE - TODO  - Create instance of specified class to use for IV generation and
+					 		//					 use it to create the ivBytes. (The intent is to make sure that
+					 		//				     1) IVs are never repeated for cipher modes like OFB and CFB, and
+					 		//					 2) to screen for weak IVs for the particular cipher algorithm.
+					 		//		In meantime, use 'random' for block cipher in feedback mode. Unlikely they will
+					 		//		be repeated unless you are salting SecureRandom with same value each time. Anything
+					 		//		monotonically increasing should be suitable, like a counter, but need to remember
+					 		//		it across JVM restarts. Was thinking of using System.currentTimeMillis(). While
+					 		//		it's not perfect it probably is good enough. Could even all (advanced) developers
+					 		//      to define their own class to create a unique IV to allow them some choice, but
+					 		//      definitely need to provide a safe, default implementation.
+					  */
+				 } else {
+					 // TODO: Update to add 'specified' once that is supported and added above.
+					 throw new ConfigurationException("Property Encryptor.ChooseIVMethod must be set to 'random' or 'fixed'");
+				 }
+				 ivSpec = new IvParameterSpec(ivBytes);
+				 cipherSpec.setIV(ivBytes);
+				 encrypter.init(Cipher.ENCRYPT_MODE, encKey, ivSpec);
+			 } else {
+				 encrypter.init(Cipher.ENCRYPT_MODE, encKey);
+			 }
+			 logger.debug(Logger.EVENT_SUCCESS, "Encrypting with " + cipherSpec);
+			 byte[] raw = encrypter.doFinal(plaintext);
+                 // Convert to CipherText.
+             CipherText ciphertext = new CipherText(cipherSpec, raw);
+			 
+			 // If we are using a "preferred" cipher mode--i.e., one that supports *both* confidentiality and
+			 // authenticity, there is no point to store a separate MAC in the CipherText object. Thus we only
+             // do this when we are not using such a cipher mode.
+			 if ( !preferredCipherMode ) {
+			     // Compute derived key, and then use it to compute and store separate MAC in CipherText object.
+			     SecretKey authKey = computeDerivedKey(KeyDerivationFunction.kdfVersion, getDefaultPRF(),
+			    		 							   key, keySize, "authenticity");
+			     ciphertext.computeAndStoreMAC(  authKey );
+			 }
+			 logger.debug(Logger.EVENT_SUCCESS, "JavaEncryptor.encrypt(SecretKey,byte[],boolean,boolean) -- success!");
+			 success = true;	// W00t!!!
+			 return ciphertext;
+		} catch (InvalidKeyException ike) {
+			 throw new EncryptionException("Encryption failure: Invalid key exception.",
+					 "Requested key size: " + keySize + "bits greater than 128 bits. Must install unlimited strength crypto extension from Sun: " +
+					 ike.getMessage(), ike);
+		 } catch (ConfigurationException cex) {
+			 throw new EncryptionException("Encryption failure: Configuration error. Details in log.", "Key size mismatch or unsupported IV method. " +
+					 "Check encryption key size vs. ESAPI.EncryptionKeyLength or Encryptor.ChooseIVMethod property.", cex);
+		 } catch (InvalidAlgorithmParameterException e) {
+			 throw new EncryptionException("Encryption failure (invalid IV)",
+					 "Encryption problem: Invalid IV spec: " + e.getMessage(), e);
+		 } catch (IllegalBlockSizeException e) {
+			 throw new EncryptionException("Encryption failure (no padding used; invalid input size)",
+					 "Encryption problem: Invalid input size without padding (" + xform + "). " + e.getMessage(), e);
+		 } catch (BadPaddingException e) {
+			 throw new EncryptionException("Encryption failure",
+					 "[Note: Should NEVER happen in encryption mode.] Encryption problem: " + e.getMessage(), e);
+		 } catch (NoSuchAlgorithmException e) {
+			 throw new EncryptionException("Encryption failure (unavailable cipher requested)",
+					 "Encryption problem: specified algorithm in cipher xform " + xform + " not available: " + e.getMessage(), e);
+		 } catch (NoSuchPaddingException e) {
+			 throw new EncryptionException("Encryption failure (unavailable padding scheme requested)",
+					 "Encryption problem: specified padding scheme in cipher xform " + xform + " not available: " + e.getMessage(), e);
+		 } finally {
+			 // Don't overwrite anything in the case of exceptions because they may wish to retry.
+			 if ( success && overwritePlaintext ) {
+				 plain.overwrite();		// Note: Same as overwriting 'plaintext' byte array.
+		}
+	}
+	 }
+
+	/**
+	* {@inheritDoc}
+	*/
+	public PlainText decrypt(CipherText ciphertext) throws EncryptionException {
+		 // Now more of a convenience function for using the master key.
+		 return decrypt(secretKeySpec, ciphertext);
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public PlainText decrypt(SecretKey key, CipherText ciphertext)
+	    throws EncryptionException, IllegalArgumentException
+	{
+	    long start = System.nanoTime();  // Current time in nanosecs; used to prevent timing attacks
+	    if ( key == null ) {
+	        throw new IllegalArgumentException("SecretKey arg may not be null");
+	    }
+	    if ( ciphertext == null ) {
+	        throw new IllegalArgumentException("Ciphertext may arg not be null");
+	    }
+
+	    if ( ! CryptoHelper.isAllowedCipherMode(ciphertext.getCipherMode()) ) {
+	        // This really should be an illegal argument exception, but it could
+	        // mean that a partner encrypted something using a cipher mode that
+	        // you do not accept, so it's a bit more complex than that. Also
+	        // throwing an IllegalArgumentException doesn't allow us to provide
+	        // the two separate error messages or automatically log it.
+	        throw new EncryptionException(DECRYPTION_FAILED,
+	                "Invalid cipher mode " + ciphertext.getCipherMode() +
+	        " not permitted for decryption or encryption operations.");
+	    }
+	    logger.debug(Logger.EVENT_SUCCESS,
+	            "Args valid for JavaEncryptor.decrypt(SecretKey,CipherText): " +
+	            ciphertext);
+
+	    PlainText plaintext = null;
+	    boolean caughtException = false;
+	    int progressMark = 0;
+	    try {
+	        // First we validate the MAC.
+	        boolean valid = CryptoHelper.isCipherTextMACvalid(key, ciphertext);
+	        if ( !valid ) {
+	            try {
+	                // This is going to fail, but we want the same processing
+	                // to occur as much as possible so as to prevent timing
+	                // attacks. We _could_ just be satisfied by the additional
+	                // sleep in the 'finally' clause, but an attacker on the
+	                // same server who can run something like 'ps' can tell
+	                // CPU time versus when the process is sleeping. Hence we
+	                // try to make this as close as possible. Since we know
+	                // it is going to fail, we ignore the result and ignore
+	                // the (expected) exception.
+	                handleDecryption(key, ciphertext); // Ignore return (should fail).
+	            } catch(Exception ex) {
+	                ;   // Ignore
+	            }
+	            throw new EncryptionException(DECRYPTION_FAILED,
+	                    "Decryption failed because MAC invalid for " +
+	                    ciphertext);
+	        }
+	        progressMark++;
+	        // The decryption only counts if the MAC was valid.
+	        plaintext = handleDecryption(key, ciphertext);
+	        progressMark++;
+	    } catch(EncryptionException ex) {
+	        caughtException = true;
+	        String logMsg = null;
+	        switch( progressMark ) {
+	        case 1:
+	            logMsg = "Decryption failed because MAC invalid. See logged exception for details.";
+	            break;
+	        case 2:
+	            logMsg = "Decryption failed because handleDecryption() failed. See logged exception for details.";
+	            break;
+	        default:
+	            logMsg = "Programming error: unexpected progress mark == " + progressMark;
+	        break;
+	        }
+	        logger.error(Logger.SECURITY_FAILURE, logMsg);
+	        throw ex;           // Re-throw
+	    }
+	    finally {
+	        if ( caughtException ) {
+	            // The rest of this code is to try to account for any minute differences
+	            // in the time it might take for the various reasons that decryption fails
+	            // in order to prevent any other possible timing attacks. Perhaps it is
+	            // going overboard. If nothing else, if N_SECS is large enough, it might
+	            // deter attempted repeated attacks by making them take much longer.
+	            long now = System.nanoTime();
+	            long elapsed = now - start;
+	            final long NANOSECS_IN_SEC = 1000000000L; // nanosec is 10**-9 sec
+	            long nSecs = N_SECS * NANOSECS_IN_SEC;  // N seconds in nano seconds
+	            if ( elapsed < nSecs ) {
+	                // Want to sleep so total time taken is N seconds.
+	                long extraSleep = nSecs - elapsed;
+
+	                // 'extraSleep' is in nanoseconds. Need to convert to a millisec
+	                // part and nanosec part. Nanosec is 10**-9, millsec is
+	                // 10**-3, so divide by (10**-9 / 10**-3), or 10**6 to
+	                // convert to from nanoseconds to milliseconds.
+	                long millis = extraSleep / 1000000L;
+	                long nanos  = (extraSleep - (millis * 1000000L));
+	                assert nanos >= 0 && nanos <= Integer.MAX_VALUE :
+                            "Nanosecs out of bounds; nanos = " + nanos;
+	                try {
+	                    Thread.sleep(millis, (int)nanos);
+	                } catch(InterruptedException ex) {
+	                    ;   // Ignore
+	                }
+	            } // Else ... time already exceeds N_SECS sec, so do not sleep.
+	        }
+	    }
+	    return plaintext;
+	}
+
+    // Handle the actual decryption portion. At this point it is assumed that
+    // any MAC has already been validated. (But see "DISCUSS" issue, below.)
+    private PlainText handleDecryption(SecretKey key, CipherText ciphertext)
+        throws EncryptionException
+    {
+        int keySize = 0;
+        try {
+            Cipher decrypter = Cipher.getInstance(ciphertext.getCipherTransformation());
+            keySize = key.getEncoded().length * 8;  // Convert to # bits
+
+            // Using cipher mode that supports *both* confidentiality *and* authenticity? If so, then
+            // use the specified SecretKey as-is rather than computing a derived key from it. We also
+            // don't expect a separate MAC in the specified CipherText object so therefore don't try
+            // to validate it.
+            boolean preferredCipherMode = CryptoHelper.isCombinedCipherMode( ciphertext.getCipherMode() );
+            SecretKey encKey = null;
+            if ( preferredCipherMode ) {
+                encKey = key;
+            } else {
+                // TODO: PERFORMANCE: Calculate avg time this takes and consider caching for very short interval
+                //       (e.g., 2 to 5 sec tops). Otherwise doing lots of encryptions in a loop could take a LOT longer.
+                //       But remember Jon Bentley's "Rule #1 on performance: First make it right, then make it fast."
+            	//		 This would be a security trade-off as it would leave keys in memory a bit longer, so it
+            	//		 should probably be off by default and controlled via a property.
+            	//
+            	// TODO: Feed in some additional parms here to use as the 'context' for the
+            	//		 KeyDerivationFunction...especially the KDF version. We would have to
+            	//		 store that in the CipherText object. We *possibly* could make it
+            	//		 transient so it would not be serialized with the CipherText object,
+            	//		 otherwise we would have to implement readObject() and writeObject()
+            	//		 methods there to support backward compatibility. Anyhow the intent
+            	//		 is to prevent down grade attacks when we finally re-design and
+            	//		 re-implement the MAC. Think about this in version 2.1.1.
+                encKey = computeDerivedKey( ciphertext.getKDFVersion(), ciphertext.getKDF_PRF(),
+                		                    key, keySize, "encryption");
+            }
+            if ( ciphertext.requiresIV() ) {
+                decrypter.init(Cipher.DECRYPT_MODE, encKey, new IvParameterSpec(ciphertext.getIV()));
+            } else {
+                decrypter.init(Cipher.DECRYPT_MODE, encKey);
+            }
+            byte[] output = decrypter.doFinal(ciphertext.getRawCipherText());
+            return new PlainText(output);
+
+        } catch (InvalidKeyException ike) {
+            throw new EncryptionException(DECRYPTION_FAILED, "Must install JCE Unlimited Strength Jurisdiction Policy Files from Sun", ike);
+        } catch (NoSuchAlgorithmException e) {
+            throw new EncryptionException(DECRYPTION_FAILED, "Invalid algorithm for available JCE providers - " +
+                    ciphertext.getCipherTransformation() + ": " + e.getMessage(), e);
+        } catch (NoSuchPaddingException e) {
+            throw new EncryptionException(DECRYPTION_FAILED, "Invalid padding scheme (" +
+                    ciphertext.getPaddingScheme() + ") for cipher transformation " + ciphertext.getCipherTransformation() +
+                    ": " + e.getMessage(), e);
+        } catch (InvalidAlgorithmParameterException e) {
+            throw new EncryptionException(DECRYPTION_FAILED, "Decryption problem: " + e.getMessage(), e);
+        } catch (IllegalBlockSizeException e) {
+            throw new EncryptionException(DECRYPTION_FAILED, "Decryption problem: " + e.getMessage(), e);
+        } catch (BadPaddingException e) {
+            //DISCUSS: This needs fixed. Already validated MAC in CryptoHelper.isCipherTextMACvalid() above.
+            //So only way we could get a padding exception is if invalid padding were used originally by
+            //the party doing the encryption. (This might happen with a buggy padding scheme for instance.)
+            //It *seems* harmless though, so will leave it for now, and technically, we need to either catch it
+            //or declare it in a throws class. Clearly we don't want to do the later. This should be discussed
+            //during a code inspection.
+            SecretKey authKey;
+            try {
+                authKey = computeDerivedKey( ciphertext.getKDFVersion(), ciphertext.getKDF_PRF(),
+                		                     key, keySize, "authenticity");
+            } catch (Exception e1) {
+                throw new EncryptionException(DECRYPTION_FAILED,
+                        "Decryption problem -- failed to compute derived key for authenticity: " + e1.getMessage(), e1);
+            }
+            boolean success = ciphertext.validateMAC( authKey );
+            if ( success ) {
+                throw new EncryptionException(DECRYPTION_FAILED, "Decryption problem: " + e.getMessage(), e);
+            } else {
+                throw new EncryptionException(DECRYPTION_FAILED,
+                        "Decryption problem: WARNING: Adversary may have tampered with " +
+                        "CipherText object orCipherText object mangled in transit: " + e.getMessage(), e);
+            }
+        }
+    }
+	
+	/**
+	* {@inheritDoc}
+	*/
+	public String sign(String data) throws EncryptionException {
+		try {
+			Signature signer = Signature.getInstance(signatureAlgorithm);
+			signer.initSign(privateKey);
+			signer.update(data.getBytes(encoding));
+			byte[] bytes = signer.sign();
+			return ESAPI.encoder().encodeForBase64(bytes, false);
+		} catch (InvalidKeyException ike) {
+			throw new EncryptionException("Encryption failure", "Must install unlimited strength crypto extension from Sun", ike);
+		} catch (Exception e) {
+			throw new EncryptionException("Signature failure", "Can't find signature algorithm " + signatureAlgorithm, e);
+		}
+	}
+		
+	/**
+	* {@inheritDoc}
+	*/
+	public boolean verifySignature(String signature, String data) {
+		try {
+			byte[] bytes = ESAPI.encoder().decodeFromBase64(signature);
+			Signature signer = Signature.getInstance(signatureAlgorithm);
+			signer.initVerify(publicKey);
+			signer.update(data.getBytes(encoding));
+			return signer.verify(bytes);
+		} catch (Exception e) {
+		    // NOTE: EncryptionException constructed *only* for side-effect of causing logging.
+		    // FindBugs complains about this and since it examines byte-code, there's no way to
+		    // shut it up.
+			new EncryptionException("Invalid signature", "Problem verifying signature: " + e.getMessage(), e);
+			return false;
+		}
+	}
+
+	/**
+	* {@inheritDoc}
+     *
+     * @param expiration
+     * @throws IntegrityException
+     */
+	public String seal(String data, long expiration) throws IntegrityException {
+	    if ( data == null ) {
+	        throw new IllegalArgumentException("Data to be sealed may not be null.");
+	    }
+	    
+		try {
+		    String b64data = null;
+            try {
+                b64data = ESAPI.encoder().encodeForBase64(data.getBytes("UTF-8"), false);
+            } catch (UnsupportedEncodingException e) {
+                ; // Ignore; should never happen since UTF-8 built into rt.jar
+            }
+			// mix in some random data so even identical data and timestamp produces different seals
+			String nonce = ESAPI.randomizer().getRandomString(10, EncoderConstants.CHAR_ALPHANUMERICS);
+			String plaintext = expiration + ":" + nonce + ":" + b64data;
+			// add integrity check; signature is already base64 encoded.
+			String sig = this.sign( plaintext );
+			CipherText ciphertext = this.encrypt( new PlainText(plaintext + ":" + sig) );
+			String sealedData = ESAPI.encoder().encodeForBase64(ciphertext.asPortableSerializedByteArray(), false);
+			return sealedData;
+		} catch( EncryptionException e ) {
+			throw new IntegrityException( e.getUserMessage(), e.getLogMessage(), e );
+		}
+	}
+
+	/**
+	* {@inheritDoc}
+	*/
+	public String unseal(String seal) throws EncryptionException {
+		PlainText plaintext = null;
+		try {
+		    byte[] encryptedBytes = ESAPI.encoder().decodeFromBase64(seal);
+		    CipherText cipherText = null;
+		    try {
+		        cipherText = CipherText.fromPortableSerializedBytes(encryptedBytes);
+		    } catch( AssertionError e) {
+	            // Some of the tests in EncryptorTest.testVerifySeal() are examples of
+		        // this if assertions are enabled.
+		        throw new EncryptionException("Invalid seal",
+	                                          "Seal passed garbarge data resulting in AssertionError: " + e);
+	        }
+			plaintext = this.decrypt(cipherText);
+
+			String[] parts = plaintext.toString().split(":");
+			if (parts.length != 4) {
+				throw new EncryptionException("Invalid seal", "Seal was not formatted properly.");
+			}
+	
+			String timestring = parts[0];
+			long now = new Date().getTime();
+			long expiration = Long.parseLong(timestring);
+			if (now > expiration) {
+				throw new EncryptionException("Invalid seal", "Seal expiration date of " + new Date(expiration) + " has past.");
+			}
+			String nonce = parts[1];
+			String b64data = parts[2];
+			String sig = parts[3];
+			if (!this.verifySignature(sig, timestring + ":" + nonce + ":" + b64data ) ) {
+				throw new EncryptionException("Invalid seal", "Seal integrity check failed");
+			}	
+			return new String(ESAPI.encoder().decodeFromBase64(b64data), "UTF-8");
+		} catch (EncryptionException e) {
+			throw e;
+		} catch (Exception e) {
+			throw new EncryptionException("Invalid seal", "Invalid seal:" + e.getMessage(), e);
+		}
+	}
+
+	
+	/**
+	* {@inheritDoc}
+	*/
+	public boolean verifySeal( String seal ) {
+		try {
+			unseal( seal );
+			return true;
+		} catch( EncryptionException e ) {
+			return false;
+		}
+	}
+	
+	/**
+	* {@inheritDoc}
+	*/
+	public long getTimeStamp() {
+		return new Date().getTime();
+	}
+
+	/**
+	* {@inheritDoc}
+	*/
+	public long getRelativeTimeStamp( long offset ) {
+		return new Date().getTime() + offset;
+	}
+
+	// DISCUSS: Why experimental? Would have to be added to Encryptor interface
+	//			but only 3 things I saw wrong with this was 1) it used HMacMD5 instead
+	//			of HMacSHA1 (see discussion below), 2) that the HMac key is the
+	//			same one used for encryption (also see comments), and 3) it caught
+	//			overly broad exceptions. Here it is with these specific areas
+	//			addressed, but no unit testing has been done at this point. -kww
+   /**
+    * Compute an HMAC for a String.  Experimental.
+    * @param input	The input for which to compute the HMac.
+    */
+/********************
+	public String computeHMAC( String input ) throws EncryptionException {
+		try {
+			Mac hmac = Mac.getInstance("HMacSHA1"); // DISCUSS: Changed to HMacSHA1. MD5 *badly* broken
+												   //          SHA1 should really be avoided, but using
+												   //		   for HMAC-SHA1 is acceptable for now. Plan
+												   //		   to migrate to SHA-256 or NIST replacement for
+												   //		   SHA1 in not too distant future.
+			// DISCUSS: Also not recommended that the HMac key is the same as the one
+			//			used for encryption (namely, Encryptor.MasterKey). If anything it
+			//			would be better to use Encryptor.MasterSalt for the HMac key, or
+			//			perhaps a derived key based on the master salt. (One could use
+			//			KeyDerivationFunction.computeDerivedKey().)
+			//
+			byte[] salt = ESAPI.securityConfiguration().getMasterSalt();
+			hmac.init( new SecretKeySpec(salt, "HMacSHA1") );	// Was:	hmac.init(secretKeySpec)	
+			byte[] inBytes;
+			try {
+				inBytes = input.getBytes("UTF-8");
+			} catch (UnsupportedEncodingException e) {
+				logger.warning(Logger.SECURITY_FAILURE, "computeHMAC(): Can't find UTF-8 encoding; using default encoding", e);
+				inBytes = input.getBytes();
+			}
+			byte[] bytes = hmac.doFinal( inBytes );
+			return ESAPI.encoder().encodeForBase64(bytes, false);
+		} catch (InvalidKeyException ike) {
+			throw new EncryptionException("Encryption failure", "Must install unlimited strength crypto extension from Sun", ike);
+	    } catch (NoSuchAlgorithmException e) {
+	    	throw new EncryptionException("Could not compute HMAC", "Can't find HMacSHA1 algorithm. " +
+	    															"Problem computing HMAC for " + input, e );
+	    }
+	}
+********************/
+
+    /**
+     * Log a security warning every Nth time one of the deprecated encrypt or
+     * decrypt methods are called. ('N' is hard-coded to be 25 by default, but
+     * may be changed via the system property
+     * {@code ESAPI.Encryptor.warnEveryNthUse}.) In other words, we nag
+     * them until the give in and change it. ;-)
+     * 
+     * @param where The string "encrypt" or "decrypt", corresponding to the
+     *              method that is being logged.
+     * @param msg   The message to log.
+     */
+    private void logWarning(String where, String msg) {
+        int counter = 0;
+        if ( where.equals("encrypt") ) {
+            counter = encryptCounter++;
+            where = "JavaEncryptor.encrypt(): [count=" + counter +"]";
+        } else if ( where.equals("decrypt") ) {
+            counter = decryptCounter++;
+            where = "JavaEncryptor.decrypt(): [count=" + counter +"]";
+        } else {
+            where = "JavaEncryptor: Unknown method: ";
+        }
+        // We log the very first time (note the use of post-increment on the
+        // counters) and then every Nth time thereafter. Logging every single
+        // time is likely to be way too much logging.
+        if ( (counter % logEveryNthUse) == 0 ) {
+            logger.warning(Logger.SECURITY_FAILURE, where + msg);
+        }
+    }
+    
+    private KeyDerivationFunction.PRF_ALGORITHMS getPRF(String name) {    	
+		String prfName = null;
+		if ( name == null ) {
+			prfName = ESAPI.securityConfiguration().getKDFPseudoRandomFunction();
+		} else {
+			prfName = name;
+		}
+		KeyDerivationFunction.PRF_ALGORITHMS prf = KeyDerivationFunction.convertNameToPRF(prfName);
+		return prf;
+    }
+    
+    private KeyDerivationFunction.PRF_ALGORITHMS getDefaultPRF() {
+		String prfName = ESAPI.securityConfiguration().getKDFPseudoRandomFunction();
+		return getPRF(prfName);
+    }
+    
+    // Private interface to call ESAPI's KDF to get key for encryption or authenticity.
+    private SecretKey computeDerivedKey(int kdfVersion, KeyDerivationFunction.PRF_ALGORITHMS prf,
+    									SecretKey kdk, int keySize, String purpose)
+    	throws NoSuchAlgorithmException, InvalidKeyException, EncryptionException
+    {
+    	// These really should be turned into actual runtime checks and an
+    	// IllegalArgumentException should be thrown if they are violated.
+    	// But this should be OK since this is a private method. Also, this method will
+    	// be called quite often so assertions are a big win as they can be disabled or
+    	// enabled at will.
+    	assert prf != null : "Pseudo Random Function for KDF cannot be null";
+    	assert kdk != null : "Key derivation key cannot be null.";
+    	// We would choose a larger minimum key size, but we want to be
+    	// able to accept DES for legacy encryption needs. NIST says 112-bits is min. If less than that,
+    	// we print warning.
+    	assert keySize >= 56 : "Key has size of " + keySize + ", which is less than minimum of 56-bits.";
+    	assert (keySize % 8) == 0 : "Key size (" + keySize + ") must be a even multiple of 8-bits.";
+    	assert purpose != null : "Purpose cannot be null. Should be 'encryption' or 'authenticity'.";
+    	assert purpose.equals("encryption") || purpose.equals("authenticity") :
+    		"Purpose must be \"encryption\" or \"authenticity\".";
+
+    	KeyDerivationFunction kdf = new KeyDerivationFunction(prf);
+    	if ( kdfVersion != 0 ) {
+    		kdf.setVersion(kdfVersion);
+    	}
+    	return kdf.computeDerivedKey(kdk, keySize, purpose);
+    }
+
+    // Get all the algorithms we will be using from ESAPI.properties.
+    private static void setupAlgorithms() {
+        // setup algorithms
+        encryptAlgorithm = ESAPI.securityConfiguration().getEncryptionAlgorithm();
+        signatureAlgorithm = ESAPI.securityConfiguration().getDigitalSignatureAlgorithm();
+        randomAlgorithm = ESAPI.securityConfiguration().getRandomAlgorithm();
+        hashAlgorithm = ESAPI.securityConfiguration().getHashAlgorithm();
+        hashIterations = ESAPI.securityConfiguration().getHashIterations();
+        encoding = ESAPI.securityConfiguration().getCharacterEncoding();
+        encryptionKeyLength = ESAPI.securityConfiguration().getEncryptionKeyLength();
+        signatureKeyLength = ESAPI.securityConfiguration().getDigitalSignatureKeyLength();
+    }
+    
+    // Set up signing key pair using the master password and salt. Called (once)
+    // from the JavaEncryptor CTOR.
+    private static void initKeyPair(SecureRandom prng) throws NoSuchAlgorithmException {
+        String sigAlg = signatureAlgorithm.toLowerCase();
+        if ( sigAlg.endsWith("withdsa") ) {
+            //
+            // Admittedly, this is a kludge. However for Sun JCE, even though
+            // "SHA1withDSA" is a valid signature algorithm name, if one calls
+            //      KeyPairGenerator kpg = KeyPairGenerator.getInstance("SHA1withDSA");
+            // that will throw a NoSuchAlgorithmException with an exception
+            // message of "SHA1withDSA KeyPairGenerator not available". Since
+            // SHA1withDSA and DSA keys should be identical, we use "DSA"
+            // in the case that SHA1withDSA or SHAwithDSA was specified. This is
+            // all just to make these 2 work as expected. Sigh. (Note:
+            // this was tested with JDK 1.6.0_21, but likely fails with earlier
+            // versions of the JDK as well.)
+            //
+            sigAlg = "DSA";
+        } else if ( sigAlg.endsWith("withrsa") ) {
+            // Ditto for RSA.
+            sigAlg = "RSA";
+        }
+        KeyPairGenerator keyGen = KeyPairGenerator.getInstance(sigAlg);
+        keyGen.initialize(signatureKeyLength, prng);
+        KeyPair pair = keyGen.generateKeyPair();
+        privateKey = pair.getPrivate();
+        publicKey = pair.getPublic();
+    }
+}

From 1a25b0d0ccf20788a0a18d967f573450aac6bb71 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:49 -0500
Subject: [PATCH 155/812] Change CRLF to LF for issue 356.

---
 .../reference/DefaultAccessController.java    | 292 +++++++++---------
 1 file changed, 146 insertions(+), 146 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/DefaultAccessController.java b/src/main/java/org/owasp/esapi/reference/DefaultAccessController.java
index 3d51338c3..d7e8ed346 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultAccessController.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultAccessController.java
@@ -1,146 +1,146 @@
-package org.owasp.esapi.reference;
-
-import java.util.Map;
-
-import org.owasp.esapi.AccessControlRule;
-import org.owasp.esapi.AccessController;
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.Logger;
-import org.owasp.esapi.errors.AccessControlException;
-import org.owasp.esapi.reference.accesscontrol.policyloader.ACRPolicyFileLoader;
-import org.owasp.esapi.reference.accesscontrol.policyloader.PolicyDTO;
-
-public class DefaultAccessController implements AccessController {
-	private Map ruleMap;
-
-    private static volatile AccessController singletonInstance = null;
-
-    public static AccessController getInstance() throws AccessControlException {
-        if ( singletonInstance == null ) {
-            synchronized ( DefaultAccessController.class ) {
-                if ( singletonInstance == null ) {
-                    singletonInstance = new DefaultAccessController();
-                }
-            }
-        }
-        return singletonInstance;
-    }
-
-	protected final Logger logger = ESAPI.getLogger("DefaultAccessController");
-
-	private DefaultAccessController() throws AccessControlException {
-		ACRPolicyFileLoader policyDescriptor = new ACRPolicyFileLoader();
-		PolicyDTO policyDTO = policyDescriptor.load();		
-		ruleMap = policyDTO.getAccessControlRules();
-	}
-
-    /**
-     * {@inheritDoc}
-     */
-	public boolean isAuthorized(Object key, Object runtimeParameter) {
-		try {
-			AccessControlRule rule = (AccessControlRule)ruleMap.get(key);
-			if(rule == null) {
-				throw new AccessControlException("Access Denied",
-						"AccessControlRule was not found for key: " + key); 
-			}
-			if(logger.isDebugEnabled()){ logger.debug(Logger.EVENT_SUCCESS, "Evaluating Authorization Rule \"" + key + "\" Using class: " + rule.getClass().getCanonicalName()); }
-			return rule.isAuthorized(runtimeParameter);
-		} catch(Exception e) {
-			try {
-				//Log the exception by throwing and then catching it.
-				//TODO figure out what which string goes where.		
-				throw new AccessControlException("Access Denied",
-					"An unhandled Exception was " +
-					"caught, so access is denied.",  
-					e);	
-			} catch(AccessControlException ace) {
-				//the exception was just logged. There's nothing left to do.
-			}
-			return false; //fail closed
-		}
-	}
-
-    /** {@inheritDoc} */
-	public void assertAuthorized(Object key, Object runtimeParameter) throws AccessControlException {
-		boolean isAuthorized;
-		try {
-			AccessControlRule rule = (AccessControlRule)ruleMap.get(key);
-			if(rule == null) {
-				throw new AccessControlException("Access Denied", 
-						"AccessControlRule was not found for key: " + key); 
-			}
-			if(logger.isDebugEnabled()){ logger.debug(Logger.EVENT_SUCCESS, "Asserting Authorization Rule \"" + key + "\" Using class: " + rule.getClass().getCanonicalName()); }
-			isAuthorized = rule.isAuthorized(runtimeParameter);
-		} catch(Exception e) {
-			//TODO figure out what which string goes where.		
-			throw new AccessControlException("Access Denied", "An unhandled Exception was " +
-					"caught, so access is denied." +
-					"AccessControlException.",
-					e);
-		}
-		if(!isAuthorized) {
-			throw new AccessControlException("Access Denied", 
-					"Access Denied for key: " + key + 
-					" runtimeParameter: " + runtimeParameter);
-		}
-	}
-	
-    /** {@inheritDoc} */
-	public void assertAuthorizedForData(String action, Object data)
-			throws AccessControlException {
-		this.assertAuthorized("AC 1.0 Data", new Object[] {action, data});
-	}
-
-	/**
-     * {@inheritDoc}
-	 * @deprecated
-	 */
-	public void assertAuthorizedForFile(String filepath)
-			throws AccessControlException {
-		this.assertAuthorized("AC 1.0 File", new Object[] {filepath});
-	}
-
-    /** {@inheritDoc} */
-	public void assertAuthorizedForFunction(String functionName)
-			throws AccessControlException {
-		this.assertAuthorized("AC 1.0 Function", new Object[] {functionName});
-	}
-
-    /** {@inheritDoc} */
-	public void assertAuthorizedForService(String serviceName)
-			throws AccessControlException {
-		this.assertAuthorized("AC 1.0 Service", new Object[] {serviceName});
-	}
-
-    /** {@inheritDoc} */
-	public void assertAuthorizedForURL(String url)
-			throws AccessControlException {
-		this.assertAuthorized("AC 1.0 URL", new Object[] {url});
-	}
-
-    /** {@inheritDoc} */
-	public boolean isAuthorizedForData(String action, Object data) {
-		return this.isAuthorized("AC 1.0 Data", new Object[] {action, data});
-	}
-
-    /** {@inheritDoc} */
-	public boolean isAuthorizedForFile(String filepath) {
-		return this.isAuthorized("AC 1.0 File", new Object[] {filepath});
-	}
-
-    /** {@inheritDoc} */
-	public boolean isAuthorizedForFunction(String functionName) {
-		return this.isAuthorized("AC 1.0 Function", new Object[] {functionName});
-	}
-
-    /** {@inheritDoc} */
-	public boolean isAuthorizedForService(String serviceName) {
-		return this.isAuthorized("AC 1.0 Service", new Object[] {serviceName});
-	}
-
-    /** {@inheritDoc} */
-	public boolean isAuthorizedForURL(String url) {
-		return this.isAuthorized("AC 1.0 URL", new Object[] {url});
-	}
-}
+package org.owasp.esapi.reference;
+
+import java.util.Map;
+
+import org.owasp.esapi.AccessControlRule;
+import org.owasp.esapi.AccessController;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.errors.AccessControlException;
+import org.owasp.esapi.reference.accesscontrol.policyloader.ACRPolicyFileLoader;
+import org.owasp.esapi.reference.accesscontrol.policyloader.PolicyDTO;
+
+public class DefaultAccessController implements AccessController {
+	private Map ruleMap;
+
+    private static volatile AccessController singletonInstance = null;
+
+    public static AccessController getInstance() throws AccessControlException {
+        if ( singletonInstance == null ) {
+            synchronized ( DefaultAccessController.class ) {
+                if ( singletonInstance == null ) {
+                    singletonInstance = new DefaultAccessController();
+                }
+            }
+        }
+        return singletonInstance;
+    }
+
+	protected final Logger logger = ESAPI.getLogger("DefaultAccessController");
+
+	private DefaultAccessController() throws AccessControlException {
+		ACRPolicyFileLoader policyDescriptor = new ACRPolicyFileLoader();
+		PolicyDTO policyDTO = policyDescriptor.load();		
+		ruleMap = policyDTO.getAccessControlRules();
+	}
+
+    /**
+     * {@inheritDoc}
+     */
+	public boolean isAuthorized(Object key, Object runtimeParameter) {
+		try {
+			AccessControlRule rule = (AccessControlRule)ruleMap.get(key);
+			if(rule == null) {
+				throw new AccessControlException("Access Denied",
+						"AccessControlRule was not found for key: " + key); 
+			}
+			if(logger.isDebugEnabled()){ logger.debug(Logger.EVENT_SUCCESS, "Evaluating Authorization Rule \"" + key + "\" Using class: " + rule.getClass().getCanonicalName()); }
+			return rule.isAuthorized(runtimeParameter);
+		} catch(Exception e) {
+			try {
+				//Log the exception by throwing and then catching it.
+				//TODO figure out what which string goes where.		
+				throw new AccessControlException("Access Denied",
+					"An unhandled Exception was " +
+					"caught, so access is denied.",  
+					e);	
+			} catch(AccessControlException ace) {
+				//the exception was just logged. There's nothing left to do.
+			}
+			return false; //fail closed
+		}
+	}
+
+    /** {@inheritDoc} */
+	public void assertAuthorized(Object key, Object runtimeParameter) throws AccessControlException {
+		boolean isAuthorized;
+		try {
+			AccessControlRule rule = (AccessControlRule)ruleMap.get(key);
+			if(rule == null) {
+				throw new AccessControlException("Access Denied", 
+						"AccessControlRule was not found for key: " + key); 
+			}
+			if(logger.isDebugEnabled()){ logger.debug(Logger.EVENT_SUCCESS, "Asserting Authorization Rule \"" + key + "\" Using class: " + rule.getClass().getCanonicalName()); }
+			isAuthorized = rule.isAuthorized(runtimeParameter);
+		} catch(Exception e) {
+			//TODO figure out what which string goes where.		
+			throw new AccessControlException("Access Denied", "An unhandled Exception was " +
+					"caught, so access is denied." +
+					"AccessControlException.",
+					e);
+		}
+		if(!isAuthorized) {
+			throw new AccessControlException("Access Denied", 
+					"Access Denied for key: " + key + 
+					" runtimeParameter: " + runtimeParameter);
+		}
+	}
+	
+    /** {@inheritDoc} */
+	public void assertAuthorizedForData(String action, Object data)
+			throws AccessControlException {
+		this.assertAuthorized("AC 1.0 Data", new Object[] {action, data});
+	}
+
+	/**
+     * {@inheritDoc}
+	 * @deprecated
+	 */
+	public void assertAuthorizedForFile(String filepath)
+			throws AccessControlException {
+		this.assertAuthorized("AC 1.0 File", new Object[] {filepath});
+	}
+
+    /** {@inheritDoc} */
+	public void assertAuthorizedForFunction(String functionName)
+			throws AccessControlException {
+		this.assertAuthorized("AC 1.0 Function", new Object[] {functionName});
+	}
+
+    /** {@inheritDoc} */
+	public void assertAuthorizedForService(String serviceName)
+			throws AccessControlException {
+		this.assertAuthorized("AC 1.0 Service", new Object[] {serviceName});
+	}
+
+    /** {@inheritDoc} */
+	public void assertAuthorizedForURL(String url)
+			throws AccessControlException {
+		this.assertAuthorized("AC 1.0 URL", new Object[] {url});
+	}
+
+    /** {@inheritDoc} */
+	public boolean isAuthorizedForData(String action, Object data) {
+		return this.isAuthorized("AC 1.0 Data", new Object[] {action, data});
+	}
+
+    /** {@inheritDoc} */
+	public boolean isAuthorizedForFile(String filepath) {
+		return this.isAuthorized("AC 1.0 File", new Object[] {filepath});
+	}
+
+    /** {@inheritDoc} */
+	public boolean isAuthorizedForFunction(String functionName) {
+		return this.isAuthorized("AC 1.0 Function", new Object[] {functionName});
+	}
+
+    /** {@inheritDoc} */
+	public boolean isAuthorizedForService(String serviceName) {
+		return this.isAuthorized("AC 1.0 Service", new Object[] {serviceName});
+	}
+
+    /** {@inheritDoc} */
+	public boolean isAuthorizedForURL(String url) {
+		return this.isAuthorized("AC 1.0 URL", new Object[] {url});
+	}
+}

From 70ebdc55102e44c7642a2d76c23cab41895335c0 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:49 -0500
Subject: [PATCH 156/812] Change CRLF to LF for issue 356.

---
 .../owasp/esapi/reference/DefaultEncoder.java | 896 +++++++++---------
 1 file changed, 448 insertions(+), 448 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/DefaultEncoder.java b/src/main/java/org/owasp/esapi/reference/DefaultEncoder.java
index 4fadcf0f9..c40c0d60b 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultEncoder.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultEncoder.java
@@ -1,448 +1,448 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference;
-
-import java.io.IOException;
-import java.io.UnsupportedEncodingException;
-import java.net.URLDecoder;
-import java.net.URLEncoder;
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.List;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.Encoder;
-import org.owasp.esapi.Logger;
-import org.owasp.esapi.codecs.Base64;
-import org.owasp.esapi.codecs.CSSCodec;
-import org.owasp.esapi.codecs.Codec;
-import org.owasp.esapi.codecs.HTMLEntityCodec;
-import org.owasp.esapi.codecs.JavaScriptCodec;
-import org.owasp.esapi.codecs.PercentCodec;
-import org.owasp.esapi.codecs.VBScriptCodec;
-import org.owasp.esapi.codecs.XMLEntityCodec;
-import org.owasp.esapi.errors.EncodingException;
-import org.owasp.esapi.errors.IntrusionException;
-
-
-/**
- * Reference implementation of the Encoder interface. This implementation takes
- * a whitelist approach to encoding, meaning that everything not specifically identified in a
- * list of "immune" characters is encoded.
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- * @see org.owasp.esapi.Encoder
- */
-public class DefaultEncoder implements Encoder {
-
-    private static volatile Encoder singletonInstance;
-
-    public static Encoder getInstance() {
-        if ( singletonInstance == null ) {
-            synchronized ( DefaultEncoder.class ) {
-                if ( singletonInstance == null ) {
-                    singletonInstance = new DefaultEncoder();
-                }
-            }
-        }
-        return singletonInstance;
-    }
-
-	// Codecs
-	private List codecs = new ArrayList();
-	private HTMLEntityCodec htmlCodec = new HTMLEntityCodec();
-	private XMLEntityCodec xmlCodec = new XMLEntityCodec();
-	private PercentCodec percentCodec = new PercentCodec();
-	private JavaScriptCodec javaScriptCodec = new JavaScriptCodec();
-	private VBScriptCodec vbScriptCodec = new VBScriptCodec();
-	private CSSCodec cssCodec = new CSSCodec();
-
-	private final Logger logger = ESAPI.getLogger("Encoder");
-	
-	/**
-	 *  Character sets that define characters (in addition to alphanumerics) that are
-	 * immune from encoding in various formats
-	 */
-	private final static char[]     IMMUNE_HTML = { ',', '.', '-', '_', ' ' };
-	private final static char[] IMMUNE_HTMLATTR = { ',', '.', '-', '_' };
-	private final static char[] IMMUNE_CSS = {};
-	private final static char[] IMMUNE_JAVASCRIPT = { ',', '.', '_' };
-	private final static char[] IMMUNE_VBSCRIPT = { ',', '.', '_' };
-	private final static char[] IMMUNE_XML = { ',', '.', '-', '_', ' ' };
-	private final static char[] IMMUNE_SQL = { ' ' };
-	private final static char[] IMMUNE_OS = { '-' };
-	private final static char[] IMMUNE_XMLATTR = { ',', '.', '-', '_' };
-	private final static char[] IMMUNE_XPATH = { ',', '.', '-', '_', ' ' };
-	
-	
-	/**
-	 * Instantiates a new DefaultEncoder
-	 */
-	private DefaultEncoder() {
-		codecs.add( htmlCodec );
-		codecs.add( percentCodec );
-		codecs.add( javaScriptCodec );
-	}
-	
-	public DefaultEncoder( List<String> codecNames ) {
-		for ( String clazz : codecNames ) {
-			try {
-				if ( clazz.indexOf( '.' ) == -1 ) clazz = "org.owasp.esapi.codecs." + clazz;
-				codecs.add( Class.forName( clazz ).newInstance() );
-			} catch ( Exception e ) {
-				logger.warning( Logger.EVENT_FAILURE, "Codec " + clazz + " listed in ESAPI.properties not on classpath" );
-			}
-		}
-	}
-	
-	/**
-	 * {@inheritDoc}
-	 */
-	public String canonicalize( String input ) {
-		if ( input == null ) {
-			return null;
-		}
-
-        // Issue 231 - These are reverse boolean logic in the Encoder interface, so we need to invert these values - CS
-		return canonicalize(input, 
-							!ESAPI.securityConfiguration().getAllowMultipleEncoding(),
-							!ESAPI.securityConfiguration().getAllowMixedEncoding() );
-	}
-
-	
-	/**
-	 * {@inheritDoc}
-	 */
-	public String canonicalize( String input, boolean strict) {
-		return canonicalize(input, strict, strict);
-	}
-
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public String canonicalize( String input, boolean restrictMultiple, boolean restrictMixed ) {
-		if ( input == null ) {
-			return null;
-		}
-		
-        String working = input;
-        Codec codecFound = null;
-        int mixedCount = 1;
-        int foundCount = 0;
-        boolean clean = false;
-        while( !clean ) {
-            clean = true;
-            
-            // try each codec and keep track of which ones work
-            Iterator i = codecs.iterator();
-            while ( i.hasNext() ) {
-                Codec codec = (Codec)i.next();
-                String old = working;
-                working = codec.decode( working );
-                if ( !old.equals( working ) ) {
-                    if ( codecFound != null && codecFound != codec ) {
-                        mixedCount++;
-                    }
-                    codecFound = codec;
-                    if ( clean ) {
-                        foundCount++;
-                    }
-                    clean = false;
-                }
-            }
-        }
-        
-        // do strict tests and handle if any mixed, multiple, nested encoding were found
-        if ( foundCount >= 2 && mixedCount > 1 ) {
-            if ( restrictMultiple || restrictMixed ) {
-                throw new IntrusionException( "Input validation failure", "Multiple ("+ foundCount +"x) and mixed encoding ("+ mixedCount +"x) detected in " + input );
-            } else {
-                logger.warning( Logger.SECURITY_FAILURE, "Multiple ("+ foundCount +"x) and mixed encoding ("+ mixedCount +"x) detected in " + input );
-            }
-        }
-        else if ( foundCount >= 2 ) {
-            if ( restrictMultiple ) {
-                throw new IntrusionException( "Input validation failure", "Multiple ("+ foundCount +"x) encoding detected in " + input );
-            } else {
-                logger.warning( Logger.SECURITY_FAILURE, "Multiple ("+ foundCount +"x) encoding detected in " + input );
-            }
-        }
-        else if ( mixedCount > 1 ) {
-            if ( restrictMixed ) {
-                throw new IntrusionException( "Input validation failure", "Mixed encoding ("+ mixedCount +"x) detected in " + input );
-            } else {
-                logger.warning( Logger.SECURITY_FAILURE, "Mixed encoding ("+ mixedCount +"x) detected in " + input );
-            }
-        }
-        return working;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public String encodeForHTML(String input) {
-	    if( input == null ) {
-	    	return null;
-	    }
-	    return htmlCodec.encode( IMMUNE_HTML, input);	    
-	 }
-	
-	/**
-	 * {@inheritDoc}
-	 */
-	public String decodeForHTML(String input) {
-		
-		if( input == null ) {
-	    	return null;
-	    }
-	    return htmlCodec.decode( input);	 
-    }
-	 
-	/**
-	 * {@inheritDoc}
-	 */
-	public String encodeForHTMLAttribute(String input) {
-	    if( input == null ) {
-	    	return null;
-	    }
-	    return htmlCodec.encode( IMMUNE_HTMLATTR, input);
-	}
-
-	
-	/**
-	 * {@inheritDoc}
-	 */
-	public String encodeForCSS(String input) {
-	    if( input == null ) {
-	    	return null;
-	    }
-	    return cssCodec.encode( IMMUNE_CSS, input);
-	}
-
-	
-	/**
-	 * {@inheritDoc}
-	 */
-	public String encodeForJavaScript(String input) {
-	    if( input == null ) {
-	    	return null;
-	    }
-	    return javaScriptCodec.encode(IMMUNE_JAVASCRIPT, input);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public String encodeForVBScript(String input) {
-	    if( input == null ) {
-	    	return null;
-	    }
-	    return vbScriptCodec.encode(IMMUNE_VBSCRIPT, input);	    
-	}
-
-	
-	/**
-	 * {@inheritDoc}
-	 */
-	public String encodeForSQL(Codec codec, String input) {
-	    if( input == null ) {
-	    	return null;
-	    }
-	    return codec.encode(IMMUNE_SQL, input);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public String encodeForOS(Codec codec, String input) {
-	    if( input == null ) {
-	    	return null;	
-	    }
-	    return codec.encode( IMMUNE_OS, input);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public String encodeForLDAP(String input) {
-	    if( input == null ) {
-	    	return null;	
-	    }
-		// TODO: replace with LDAP codec
-	    StringBuilder sb = new StringBuilder();
-		for (int i = 0; i < input.length(); i++) {
-			char c = input.charAt(i);
-			switch (c) {
-			case '\\':
-				sb.append("\\5c");
-				break;
-			case '*':
-				sb.append("\\2a");
-				break;
-			case '(':
-				sb.append("\\28");
-				break;
-			case ')':
-				sb.append("\\29");
-				break;
-			case '\0':
-				sb.append("\\00");
-				break;
-			default:
-				sb.append(c);
-			}
-		}
-		return sb.toString();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public String encodeForDN(String input) {
-	    if( input == null ) {
-	    	return null;	
-	    }
-		// TODO: replace with DN codec
-	    StringBuilder sb = new StringBuilder();
-		if ((input.length() > 0) && ((input.charAt(0) == ' ') || (input.charAt(0) == '#'))) {
-			sb.append('\\'); // add the leading backslash if needed
-		}
-		for (int i = 0; i < input.length(); i++) {
-			char c = input.charAt(i);
-			switch (c) {
-			case '\\':
-				sb.append("\\\\");
-				break;
-			case ',':
-				sb.append("\\,");
-				break;
-			case '+':
-				sb.append("\\+");
-				break;
-			case '"':
-				sb.append("\\\"");
-				break;
-			case '<':
-				sb.append("\\<");
-				break;
-			case '>':
-				sb.append("\\>");
-				break;
-			case ';':
-				sb.append("\\;");
-				break;
-			default:
-				sb.append(c);
-			}
-		}
-		// add the trailing backslash if needed
-		if ((input.length() > 1) && (input.charAt(input.length() - 1) == ' ')) {
-			sb.insert(sb.length() - 1, '\\');
-		}
-		return sb.toString();
-	}
-
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public String encodeForXPath(String input) {
-	    if( input == null ) {
-	    	return null;	
-	    }
-	    return htmlCodec.encode( IMMUNE_XPATH, input);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public String encodeForXML(String input) {
-	    if( input == null ) {
-	    	return null;	
-	    }
-	    return xmlCodec.encode( IMMUNE_XML, input);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public String encodeForXMLAttribute(String input) {
-	    if( input == null ) {
-	    	return null;	
-	    }
-	    return xmlCodec.encode( IMMUNE_XMLATTR, input);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public String encodeForURL(String input) throws EncodingException {
-		if ( input == null ) {
-			return null;
-		}
-		try {
-			return URLEncoder.encode(input, ESAPI.securityConfiguration().getCharacterEncoding());
-		} catch (UnsupportedEncodingException ex) {
-			throw new EncodingException("Encoding failure", "Character encoding not supported", ex);
-		} catch (Exception e) {
-			throw new EncodingException("Encoding failure", "Problem URL encoding input", e);
-		}
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public String decodeFromURL(String input) throws EncodingException {
-		if ( input == null ) {
-			return null;
-		}
-		String canonical = canonicalize(input);
-		try {
-			return URLDecoder.decode(canonical, ESAPI.securityConfiguration().getCharacterEncoding());
-		} catch (UnsupportedEncodingException ex) {
-			throw new EncodingException("Decoding failed", "Character encoding not supported", ex);
-		} catch (Exception e) {
-			throw new EncodingException("Decoding failed", "Problem URL decoding input", e);
-		}
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public String encodeForBase64(byte[] input, boolean wrap) {
-		if ( input == null ) {
-			return null;
-		}
-		int options = 0;
-		if ( !wrap ) {
-			options |= Base64.DONT_BREAK_LINES;
-		}
-		return Base64.encodeBytes(input, options);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public byte[] decodeFromBase64(String input) throws IOException {
-		if ( input == null ) {
-			return null;
-		}
-		return Base64.decode( input );
-	}
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference;
+
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.net.URLDecoder;
+import java.net.URLEncoder;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Encoder;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.codecs.Base64;
+import org.owasp.esapi.codecs.CSSCodec;
+import org.owasp.esapi.codecs.Codec;
+import org.owasp.esapi.codecs.HTMLEntityCodec;
+import org.owasp.esapi.codecs.JavaScriptCodec;
+import org.owasp.esapi.codecs.PercentCodec;
+import org.owasp.esapi.codecs.VBScriptCodec;
+import org.owasp.esapi.codecs.XMLEntityCodec;
+import org.owasp.esapi.errors.EncodingException;
+import org.owasp.esapi.errors.IntrusionException;
+
+
+/**
+ * Reference implementation of the Encoder interface. This implementation takes
+ * a whitelist approach to encoding, meaning that everything not specifically identified in a
+ * list of "immune" characters is encoded.
+ * 
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ * @see org.owasp.esapi.Encoder
+ */
+public class DefaultEncoder implements Encoder {
+
+    private static volatile Encoder singletonInstance;
+
+    public static Encoder getInstance() {
+        if ( singletonInstance == null ) {
+            synchronized ( DefaultEncoder.class ) {
+                if ( singletonInstance == null ) {
+                    singletonInstance = new DefaultEncoder();
+                }
+            }
+        }
+        return singletonInstance;
+    }
+
+	// Codecs
+	private List codecs = new ArrayList();
+	private HTMLEntityCodec htmlCodec = new HTMLEntityCodec();
+	private XMLEntityCodec xmlCodec = new XMLEntityCodec();
+	private PercentCodec percentCodec = new PercentCodec();
+	private JavaScriptCodec javaScriptCodec = new JavaScriptCodec();
+	private VBScriptCodec vbScriptCodec = new VBScriptCodec();
+	private CSSCodec cssCodec = new CSSCodec();
+
+	private final Logger logger = ESAPI.getLogger("Encoder");
+	
+	/**
+	 *  Character sets that define characters (in addition to alphanumerics) that are
+	 * immune from encoding in various formats
+	 */
+	private final static char[]     IMMUNE_HTML = { ',', '.', '-', '_', ' ' };
+	private final static char[] IMMUNE_HTMLATTR = { ',', '.', '-', '_' };
+	private final static char[] IMMUNE_CSS = {};
+	private final static char[] IMMUNE_JAVASCRIPT = { ',', '.', '_' };
+	private final static char[] IMMUNE_VBSCRIPT = { ',', '.', '_' };
+	private final static char[] IMMUNE_XML = { ',', '.', '-', '_', ' ' };
+	private final static char[] IMMUNE_SQL = { ' ' };
+	private final static char[] IMMUNE_OS = { '-' };
+	private final static char[] IMMUNE_XMLATTR = { ',', '.', '-', '_' };
+	private final static char[] IMMUNE_XPATH = { ',', '.', '-', '_', ' ' };
+	
+	
+	/**
+	 * Instantiates a new DefaultEncoder
+	 */
+	private DefaultEncoder() {
+		codecs.add( htmlCodec );
+		codecs.add( percentCodec );
+		codecs.add( javaScriptCodec );
+	}
+	
+	public DefaultEncoder( List<String> codecNames ) {
+		for ( String clazz : codecNames ) {
+			try {
+				if ( clazz.indexOf( '.' ) == -1 ) clazz = "org.owasp.esapi.codecs." + clazz;
+				codecs.add( Class.forName( clazz ).newInstance() );
+			} catch ( Exception e ) {
+				logger.warning( Logger.EVENT_FAILURE, "Codec " + clazz + " listed in ESAPI.properties not on classpath" );
+			}
+		}
+	}
+	
+	/**
+	 * {@inheritDoc}
+	 */
+	public String canonicalize( String input ) {
+		if ( input == null ) {
+			return null;
+		}
+
+        // Issue 231 - These are reverse boolean logic in the Encoder interface, so we need to invert these values - CS
+		return canonicalize(input, 
+							!ESAPI.securityConfiguration().getAllowMultipleEncoding(),
+							!ESAPI.securityConfiguration().getAllowMixedEncoding() );
+	}
+
+	
+	/**
+	 * {@inheritDoc}
+	 */
+	public String canonicalize( String input, boolean strict) {
+		return canonicalize(input, strict, strict);
+	}
+
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public String canonicalize( String input, boolean restrictMultiple, boolean restrictMixed ) {
+		if ( input == null ) {
+			return null;
+		}
+		
+        String working = input;
+        Codec codecFound = null;
+        int mixedCount = 1;
+        int foundCount = 0;
+        boolean clean = false;
+        while( !clean ) {
+            clean = true;
+            
+            // try each codec and keep track of which ones work
+            Iterator i = codecs.iterator();
+            while ( i.hasNext() ) {
+                Codec codec = (Codec)i.next();
+                String old = working;
+                working = codec.decode( working );
+                if ( !old.equals( working ) ) {
+                    if ( codecFound != null && codecFound != codec ) {
+                        mixedCount++;
+                    }
+                    codecFound = codec;
+                    if ( clean ) {
+                        foundCount++;
+                    }
+                    clean = false;
+                }
+            }
+        }
+        
+        // do strict tests and handle if any mixed, multiple, nested encoding were found
+        if ( foundCount >= 2 && mixedCount > 1 ) {
+            if ( restrictMultiple || restrictMixed ) {
+                throw new IntrusionException( "Input validation failure", "Multiple ("+ foundCount +"x) and mixed encoding ("+ mixedCount +"x) detected in " + input );
+            } else {
+                logger.warning( Logger.SECURITY_FAILURE, "Multiple ("+ foundCount +"x) and mixed encoding ("+ mixedCount +"x) detected in " + input );
+            }
+        }
+        else if ( foundCount >= 2 ) {
+            if ( restrictMultiple ) {
+                throw new IntrusionException( "Input validation failure", "Multiple ("+ foundCount +"x) encoding detected in " + input );
+            } else {
+                logger.warning( Logger.SECURITY_FAILURE, "Multiple ("+ foundCount +"x) encoding detected in " + input );
+            }
+        }
+        else if ( mixedCount > 1 ) {
+            if ( restrictMixed ) {
+                throw new IntrusionException( "Input validation failure", "Mixed encoding ("+ mixedCount +"x) detected in " + input );
+            } else {
+                logger.warning( Logger.SECURITY_FAILURE, "Mixed encoding ("+ mixedCount +"x) detected in " + input );
+            }
+        }
+        return working;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public String encodeForHTML(String input) {
+	    if( input == null ) {
+	    	return null;
+	    }
+	    return htmlCodec.encode( IMMUNE_HTML, input);	    
+	 }
+	
+	/**
+	 * {@inheritDoc}
+	 */
+	public String decodeForHTML(String input) {
+		
+		if( input == null ) {
+	    	return null;
+	    }
+	    return htmlCodec.decode( input);	 
+    }
+	 
+	/**
+	 * {@inheritDoc}
+	 */
+	public String encodeForHTMLAttribute(String input) {
+	    if( input == null ) {
+	    	return null;
+	    }
+	    return htmlCodec.encode( IMMUNE_HTMLATTR, input);
+	}
+
+	
+	/**
+	 * {@inheritDoc}
+	 */
+	public String encodeForCSS(String input) {
+	    if( input == null ) {
+	    	return null;
+	    }
+	    return cssCodec.encode( IMMUNE_CSS, input);
+	}
+
+	
+	/**
+	 * {@inheritDoc}
+	 */
+	public String encodeForJavaScript(String input) {
+	    if( input == null ) {
+	    	return null;
+	    }
+	    return javaScriptCodec.encode(IMMUNE_JAVASCRIPT, input);
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public String encodeForVBScript(String input) {
+	    if( input == null ) {
+	    	return null;
+	    }
+	    return vbScriptCodec.encode(IMMUNE_VBSCRIPT, input);	    
+	}
+
+	
+	/**
+	 * {@inheritDoc}
+	 */
+	public String encodeForSQL(Codec codec, String input) {
+	    if( input == null ) {
+	    	return null;
+	    }
+	    return codec.encode(IMMUNE_SQL, input);
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public String encodeForOS(Codec codec, String input) {
+	    if( input == null ) {
+	    	return null;	
+	    }
+	    return codec.encode( IMMUNE_OS, input);
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public String encodeForLDAP(String input) {
+	    if( input == null ) {
+	    	return null;	
+	    }
+		// TODO: replace with LDAP codec
+	    StringBuilder sb = new StringBuilder();
+		for (int i = 0; i < input.length(); i++) {
+			char c = input.charAt(i);
+			switch (c) {
+			case '\\':
+				sb.append("\\5c");
+				break;
+			case '*':
+				sb.append("\\2a");
+				break;
+			case '(':
+				sb.append("\\28");
+				break;
+			case ')':
+				sb.append("\\29");
+				break;
+			case '\0':
+				sb.append("\\00");
+				break;
+			default:
+				sb.append(c);
+			}
+		}
+		return sb.toString();
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public String encodeForDN(String input) {
+	    if( input == null ) {
+	    	return null;	
+	    }
+		// TODO: replace with DN codec
+	    StringBuilder sb = new StringBuilder();
+		if ((input.length() > 0) && ((input.charAt(0) == ' ') || (input.charAt(0) == '#'))) {
+			sb.append('\\'); // add the leading backslash if needed
+		}
+		for (int i = 0; i < input.length(); i++) {
+			char c = input.charAt(i);
+			switch (c) {
+			case '\\':
+				sb.append("\\\\");
+				break;
+			case ',':
+				sb.append("\\,");
+				break;
+			case '+':
+				sb.append("\\+");
+				break;
+			case '"':
+				sb.append("\\\"");
+				break;
+			case '<':
+				sb.append("\\<");
+				break;
+			case '>':
+				sb.append("\\>");
+				break;
+			case ';':
+				sb.append("\\;");
+				break;
+			default:
+				sb.append(c);
+			}
+		}
+		// add the trailing backslash if needed
+		if ((input.length() > 1) && (input.charAt(input.length() - 1) == ' ')) {
+			sb.insert(sb.length() - 1, '\\');
+		}
+		return sb.toString();
+	}
+
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public String encodeForXPath(String input) {
+	    if( input == null ) {
+	    	return null;	
+	    }
+	    return htmlCodec.encode( IMMUNE_XPATH, input);
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public String encodeForXML(String input) {
+	    if( input == null ) {
+	    	return null;	
+	    }
+	    return xmlCodec.encode( IMMUNE_XML, input);
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public String encodeForXMLAttribute(String input) {
+	    if( input == null ) {
+	    	return null;	
+	    }
+	    return xmlCodec.encode( IMMUNE_XMLATTR, input);
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public String encodeForURL(String input) throws EncodingException {
+		if ( input == null ) {
+			return null;
+		}
+		try {
+			return URLEncoder.encode(input, ESAPI.securityConfiguration().getCharacterEncoding());
+		} catch (UnsupportedEncodingException ex) {
+			throw new EncodingException("Encoding failure", "Character encoding not supported", ex);
+		} catch (Exception e) {
+			throw new EncodingException("Encoding failure", "Problem URL encoding input", e);
+		}
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public String decodeFromURL(String input) throws EncodingException {
+		if ( input == null ) {
+			return null;
+		}
+		String canonical = canonicalize(input);
+		try {
+			return URLDecoder.decode(canonical, ESAPI.securityConfiguration().getCharacterEncoding());
+		} catch (UnsupportedEncodingException ex) {
+			throw new EncodingException("Decoding failed", "Character encoding not supported", ex);
+		} catch (Exception e) {
+			throw new EncodingException("Decoding failed", "Problem URL decoding input", e);
+		}
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public String encodeForBase64(byte[] input, boolean wrap) {
+		if ( input == null ) {
+			return null;
+		}
+		int options = 0;
+		if ( !wrap ) {
+			options |= Base64.DONT_BREAK_LINES;
+		}
+		return Base64.encodeBytes(input, options);
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public byte[] decodeFromBase64(String input) throws IOException {
+		if ( input == null ) {
+			return null;
+		}
+		return Base64.decode( input );
+	}
+}

From 85fa4b36db49f7e39c7943191c3dc9b131675f2f Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:49 -0500
Subject: [PATCH 157/812] Change CRLF to LF for issue 356.

---
 .../esapi/reference/DefaultExecutor.java      | 468 +++++++++---------
 1 file changed, 234 insertions(+), 234 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/DefaultExecutor.java b/src/main/java/org/owasp/esapi/reference/DefaultExecutor.java
index 9f4976591..f948ad8ca 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultExecutor.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultExecutor.java
@@ -1,234 +1,234 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference;
-
-import java.io.BufferedReader;
-import java.io.File;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.util.List;
-import java.util.Map;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.ExecuteResult;
-import org.owasp.esapi.Executor;
-import org.owasp.esapi.Logger;
-import org.owasp.esapi.codecs.Codec;
-import org.owasp.esapi.codecs.UnixCodec;
-import org.owasp.esapi.codecs.WindowsCodec;
-import org.owasp.esapi.errors.ExecutorException;
-
-/**
- * Reference implementation of the Executor interface. This implementation is very restrictive. Commands must exactly
- * equal the canonical path to an executable on the system. 
- * 
- * <p>Valid characters for parameters are codec dependent, but will usually only include alphanumeric, forward-slash, and dash.</p>
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- * @see org.owasp.esapi.Executor
- */
-public class DefaultExecutor implements org.owasp.esapi.Executor {
-    private static volatile Executor singletonInstance;
-
-    public static Executor getInstance() {
-        if ( singletonInstance == null ) {
-            synchronized ( DefaultExecutor.class ) {
-                if ( singletonInstance == null ) {
-                    singletonInstance = new DefaultExecutor();
-                }
-            }
-        }
-        return singletonInstance;
-    }
-
-    /** The logger. */
-    private final Logger logger = ESAPI.getLogger("Executor");
-    private Codec codec = null;
-    //private final int MAX_SYSTEM_COMMAND_LENGTH = 2500;
-    
-
-    /**
-     * Instantiate a new Executor
-     */
-    private DefaultExecutor() {
-		if ( System.getProperty("os.name").indexOf("Windows") != -1 ) {
-			logger.warning( Logger.SECURITY_SUCCESS, "Using WindowsCodec for Executor. If this is not running on Windows this could allow injection" );
-			codec = new WindowsCodec();
-		} else {
-			logger.warning( Logger.SECURITY_SUCCESS, "Using UnixCodec for Executor. If this is not running on Unix this could allow injection" );
-			codec = new UnixCodec();
-		}
-    }
-
-    /**
-     * {@inheritDoc}
-     */
-    public ExecuteResult executeSystemCommand(File executable, List params) throws ExecutorException {
-    	File workdir = ESAPI.securityConfiguration().getWorkingDirectory();
-    	boolean logParams = false;
-    	boolean redirectErrorStream = false;
-    	return executeSystemCommand( executable, params, workdir, codec, logParams, redirectErrorStream );
-    }
-
-    /**
-     * {@inheritDoc}
-     *
-     * The reference implementation sets the work directory, escapes the parameters as per the Codec in use,
-     * and then executes the command without using concatenation. The exact, absolute, canonical path of each
-     * executable must be listed as an approved executable in the ESAPI properties. The executable must also
-     * exist on the disk. All failures will be logged, along with parameters if specified. Set the logParams to false if
-     * you are going to invoke this interface with confidential information.
-     */
-    public ExecuteResult executeSystemCommand(File executable, List params, File workdir, Codec codec, boolean logParams, boolean redirectErrorStream ) throws ExecutorException {
-        try {
-            // executable must exist
-            if (!executable.exists()) {
-                throw new ExecutorException("Execution failure", "No such executable: " + executable);
-            }
-            
-            // executable must use canonical path
-            if ( !executable.isAbsolute() ) {
-                throw new ExecutorException("Execution failure", "Attempt to invoke an executable using a non-absolute path: " + executable);
-            }
-            
-            // executable must use canonical path
-            if ( !executable.getPath().equals( executable.getCanonicalPath() ) ) {
-            	throw new ExecutorException("Execution failure", "Attempt to invoke an executable using a non-canonical path: " + executable);
-        	}
-            
-            // exact, absolute, canonical path to executable must be listed in ESAPI configuration 
-            List approved = ESAPI.securityConfiguration().getAllowedExecutables();
-            if (!approved.contains(executable.getPath())) {
-                throw new ExecutorException("Execution failure", "Attempt to invoke executable that is not listed as an approved executable in ESAPI configuration: " + executable.getPath() + " not listed in " + approved );
-            }
-
-            // escape any special characters in the parameters
-            for ( int i = 0; i < params.size(); i++ ) {
-            	String param = (String)params.get(i);
-            	params.set( i, ESAPI.encoder().encodeForOS(codec, param));
-            }
-            
-            // working directory must exist
-            if (!workdir.exists()) {
-                throw new ExecutorException("Execution failure", "No such working directory for running executable: " + workdir.getPath());
-            }
-            
-            // set the command into the list and create command array
-            params.add(0, executable.getCanonicalPath());
-
-            // Legacy - this is how to implement in Java 1.4
-            // String[] command = (String[])params.toArray( new String[0] );
-            // Process process = Runtime.getRuntime().exec(command, new String[0], workdir);
-            
-            // The following is host to implement in Java 1.5+
-            ProcessBuilder pb = new ProcessBuilder(params);
-            Map env = pb.environment();
-            env.clear();  // Security check - clear environment variables!
-            pb.directory(workdir);
-            pb.redirectErrorStream(redirectErrorStream);
-
-            if ( logParams ) {
-            	logger.warning(Logger.SECURITY_SUCCESS, "Initiating executable: " + executable + " " + params + " in " + workdir);
-            } else {
-            	logger.warning(Logger.SECURITY_SUCCESS, "Initiating executable: " + executable + " [sensitive parameters obscured] in " + workdir);
-            }
-
-            final StringBuilder outputBuffer = new StringBuilder();
-            final StringBuilder errorsBuffer = new StringBuilder();
-            final Process process = pb.start();
-            try {
-                ReadThread errorReader;
-                if (!redirectErrorStream) {
-                	errorReader = new ReadThread(process.getErrorStream(), errorsBuffer);
-                	errorReader.start();
-                } else {
-                	errorReader = null;
-                }
-            	readStream( process.getInputStream(), outputBuffer );
-            	if (errorReader != null) {
-            		errorReader.join();
-            		if (errorReader.exception != null) {
-            			throw errorReader.exception;
-            		}
-            	}
-            	process.waitFor();
-            } catch (Throwable e) {
-            	process.destroy();
-            	throw new ExecutorException("Execution failure", "Exception thrown during execution of system command: " + e.getMessage(), e);
-            }
-
-            String output = outputBuffer.toString();
-            String errors = errorsBuffer.toString();
-            int exitValue = process.exitValue();
-            if ( errors != null && errors.length() > 0 ) {
-            	String logErrors = errors;
-            	final int MAX_LEN = 256;
-            	if (logErrors.length() > MAX_LEN) {
-            		logErrors = logErrors.substring(0, MAX_LEN) + "(truncated at "+MAX_LEN+" characters)";
-            	}
-            	logger.warning( Logger.SECURITY_SUCCESS, "Error during system command: " + logErrors );
-            }
-            if ( exitValue != 0 ) {
-            	logger.warning( Logger.EVENT_FAILURE, "System command exited with non-zero status: " + exitValue );
-            }
-
-            logger.warning(Logger.SECURITY_SUCCESS, "System command complete");
-            return new ExecuteResult(exitValue, output, errors);
-        } catch (IOException e) {
-            throw new ExecutorException("Execution failure", "Exception thrown during execution of system command: " + e.getMessage(), e);
-        }
-    }
-
-    /**
-     * readStream reads lines from an input stream and returns all of them in a single string
-     * 
-     * @param is
-     * 			input stream to read from
-     * @throws IOException
-     */
-    private static void readStream( InputStream is, StringBuilder sb ) throws IOException {
-	    InputStreamReader isr = new InputStreamReader(is);
-	    BufferedReader br = new BufferedReader(isr);
-	    String line;
-	    while ((line = br.readLine()) != null) {
-	        sb.append(line).append('\n');
-	    }
-    }
-    
-    private static class ReadThread extends Thread {
-    	volatile IOException exception;
-    	private final InputStream stream;
-    	private final StringBuilder buffer;
-
-    	ReadThread(InputStream stream, StringBuilder buffer) {
-    		this.stream = stream;
-    		this.buffer = buffer;
-    	}
-
-    	@Override
-		public void run() {
-    		try {
-    			readStream(stream, buffer);
-    		} catch (IOException e) {
-    			exception = e;
-    		}
-    	}
-
-    }
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference;
+
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.util.List;
+import java.util.Map;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.ExecuteResult;
+import org.owasp.esapi.Executor;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.codecs.Codec;
+import org.owasp.esapi.codecs.UnixCodec;
+import org.owasp.esapi.codecs.WindowsCodec;
+import org.owasp.esapi.errors.ExecutorException;
+
+/**
+ * Reference implementation of the Executor interface. This implementation is very restrictive. Commands must exactly
+ * equal the canonical path to an executable on the system. 
+ * 
+ * <p>Valid characters for parameters are codec dependent, but will usually only include alphanumeric, forward-slash, and dash.</p>
+ * 
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ * @see org.owasp.esapi.Executor
+ */
+public class DefaultExecutor implements org.owasp.esapi.Executor {
+    private static volatile Executor singletonInstance;
+
+    public static Executor getInstance() {
+        if ( singletonInstance == null ) {
+            synchronized ( DefaultExecutor.class ) {
+                if ( singletonInstance == null ) {
+                    singletonInstance = new DefaultExecutor();
+                }
+            }
+        }
+        return singletonInstance;
+    }
+
+    /** The logger. */
+    private final Logger logger = ESAPI.getLogger("Executor");
+    private Codec codec = null;
+    //private final int MAX_SYSTEM_COMMAND_LENGTH = 2500;
+    
+
+    /**
+     * Instantiate a new Executor
+     */
+    private DefaultExecutor() {
+		if ( System.getProperty("os.name").indexOf("Windows") != -1 ) {
+			logger.warning( Logger.SECURITY_SUCCESS, "Using WindowsCodec for Executor. If this is not running on Windows this could allow injection" );
+			codec = new WindowsCodec();
+		} else {
+			logger.warning( Logger.SECURITY_SUCCESS, "Using UnixCodec for Executor. If this is not running on Unix this could allow injection" );
+			codec = new UnixCodec();
+		}
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public ExecuteResult executeSystemCommand(File executable, List params) throws ExecutorException {
+    	File workdir = ESAPI.securityConfiguration().getWorkingDirectory();
+    	boolean logParams = false;
+    	boolean redirectErrorStream = false;
+    	return executeSystemCommand( executable, params, workdir, codec, logParams, redirectErrorStream );
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * The reference implementation sets the work directory, escapes the parameters as per the Codec in use,
+     * and then executes the command without using concatenation. The exact, absolute, canonical path of each
+     * executable must be listed as an approved executable in the ESAPI properties. The executable must also
+     * exist on the disk. All failures will be logged, along with parameters if specified. Set the logParams to false if
+     * you are going to invoke this interface with confidential information.
+     */
+    public ExecuteResult executeSystemCommand(File executable, List params, File workdir, Codec codec, boolean logParams, boolean redirectErrorStream ) throws ExecutorException {
+        try {
+            // executable must exist
+            if (!executable.exists()) {
+                throw new ExecutorException("Execution failure", "No such executable: " + executable);
+            }
+            
+            // executable must use canonical path
+            if ( !executable.isAbsolute() ) {
+                throw new ExecutorException("Execution failure", "Attempt to invoke an executable using a non-absolute path: " + executable);
+            }
+            
+            // executable must use canonical path
+            if ( !executable.getPath().equals( executable.getCanonicalPath() ) ) {
+            	throw new ExecutorException("Execution failure", "Attempt to invoke an executable using a non-canonical path: " + executable);
+        	}
+            
+            // exact, absolute, canonical path to executable must be listed in ESAPI configuration 
+            List approved = ESAPI.securityConfiguration().getAllowedExecutables();
+            if (!approved.contains(executable.getPath())) {
+                throw new ExecutorException("Execution failure", "Attempt to invoke executable that is not listed as an approved executable in ESAPI configuration: " + executable.getPath() + " not listed in " + approved );
+            }
+
+            // escape any special characters in the parameters
+            for ( int i = 0; i < params.size(); i++ ) {
+            	String param = (String)params.get(i);
+            	params.set( i, ESAPI.encoder().encodeForOS(codec, param));
+            }
+            
+            // working directory must exist
+            if (!workdir.exists()) {
+                throw new ExecutorException("Execution failure", "No such working directory for running executable: " + workdir.getPath());
+            }
+            
+            // set the command into the list and create command array
+            params.add(0, executable.getCanonicalPath());
+
+            // Legacy - this is how to implement in Java 1.4
+            // String[] command = (String[])params.toArray( new String[0] );
+            // Process process = Runtime.getRuntime().exec(command, new String[0], workdir);
+            
+            // The following is host to implement in Java 1.5+
+            ProcessBuilder pb = new ProcessBuilder(params);
+            Map env = pb.environment();
+            env.clear();  // Security check - clear environment variables!
+            pb.directory(workdir);
+            pb.redirectErrorStream(redirectErrorStream);
+
+            if ( logParams ) {
+            	logger.warning(Logger.SECURITY_SUCCESS, "Initiating executable: " + executable + " " + params + " in " + workdir);
+            } else {
+            	logger.warning(Logger.SECURITY_SUCCESS, "Initiating executable: " + executable + " [sensitive parameters obscured] in " + workdir);
+            }
+
+            final StringBuilder outputBuffer = new StringBuilder();
+            final StringBuilder errorsBuffer = new StringBuilder();
+            final Process process = pb.start();
+            try {
+                ReadThread errorReader;
+                if (!redirectErrorStream) {
+                	errorReader = new ReadThread(process.getErrorStream(), errorsBuffer);
+                	errorReader.start();
+                } else {
+                	errorReader = null;
+                }
+            	readStream( process.getInputStream(), outputBuffer );
+            	if (errorReader != null) {
+            		errorReader.join();
+            		if (errorReader.exception != null) {
+            			throw errorReader.exception;
+            		}
+            	}
+            	process.waitFor();
+            } catch (Throwable e) {
+            	process.destroy();
+            	throw new ExecutorException("Execution failure", "Exception thrown during execution of system command: " + e.getMessage(), e);
+            }
+
+            String output = outputBuffer.toString();
+            String errors = errorsBuffer.toString();
+            int exitValue = process.exitValue();
+            if ( errors != null && errors.length() > 0 ) {
+            	String logErrors = errors;
+            	final int MAX_LEN = 256;
+            	if (logErrors.length() > MAX_LEN) {
+            		logErrors = logErrors.substring(0, MAX_LEN) + "(truncated at "+MAX_LEN+" characters)";
+            	}
+            	logger.warning( Logger.SECURITY_SUCCESS, "Error during system command: " + logErrors );
+            }
+            if ( exitValue != 0 ) {
+            	logger.warning( Logger.EVENT_FAILURE, "System command exited with non-zero status: " + exitValue );
+            }
+
+            logger.warning(Logger.SECURITY_SUCCESS, "System command complete");
+            return new ExecuteResult(exitValue, output, errors);
+        } catch (IOException e) {
+            throw new ExecutorException("Execution failure", "Exception thrown during execution of system command: " + e.getMessage(), e);
+        }
+    }
+
+    /**
+     * readStream reads lines from an input stream and returns all of them in a single string
+     * 
+     * @param is
+     * 			input stream to read from
+     * @throws IOException
+     */
+    private static void readStream( InputStream is, StringBuilder sb ) throws IOException {
+	    InputStreamReader isr = new InputStreamReader(is);
+	    BufferedReader br = new BufferedReader(isr);
+	    String line;
+	    while ((line = br.readLine()) != null) {
+	        sb.append(line).append('\n');
+	    }
+    }
+    
+    private static class ReadThread extends Thread {
+    	volatile IOException exception;
+    	private final InputStream stream;
+    	private final StringBuilder buffer;
+
+    	ReadThread(InputStream stream, StringBuilder buffer) {
+    		this.stream = stream;
+    		this.buffer = buffer;
+    	}
+
+    	@Override
+		public void run() {
+    		try {
+    			readStream(stream, buffer);
+    		} catch (IOException e) {
+    			exception = e;
+    		}
+    	}
+
+    }
+
+}

From a2ecfda0dbf3e5629717b8aa102ee20efa27ec96 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:49 -0500
Subject: [PATCH 158/812] Change CRLF to LF for issue 356.

---
 .../reference/DefaultIntrusionDetector.java   | 386 +++++++++---------
 1 file changed, 193 insertions(+), 193 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/DefaultIntrusionDetector.java b/src/main/java/org/owasp/esapi/reference/DefaultIntrusionDetector.java
index 2a71e1483..d7b8f2b55 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultIntrusionDetector.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultIntrusionDetector.java
@@ -1,193 +1,193 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference;
-
-import java.util.Date;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.Stack;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.Logger;
-import org.owasp.esapi.User;
-import org.owasp.esapi.SecurityConfiguration.Threshold;
-import org.owasp.esapi.errors.EnterpriseSecurityException;
-import org.owasp.esapi.errors.IntrusionException;
-
-/**
- * Reference implementation of the IntrusionDetector interface. This
- * implementation monitors EnterpriseSecurityExceptions to see if any user
- * exceeds a configurable threshold in a configurable time period. For example,
- * it can monitor to see if a user exceeds 10 input validation issues in a 1
- * minute period. Or if there are more than 3 authentication problems in a 10
- * second period. More complex implementations are certainly possible, such as
- * one that establishes a baseline of expected behavior, and then detects
- * deviations from that baseline. This implementation stores state in the
- * user's session, so that it will be properly cleaned up when the session is
- * terminated. State is not otherwise persisted, so attacks that span sessions
- * will not be detectable.
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- * @see org.owasp.esapi.IntrusionDetector
- */
-public class DefaultIntrusionDetector implements org.owasp.esapi.IntrusionDetector {
-
-	/** The logger. */
-	private final Logger logger = ESAPI.getLogger("IntrusionDetector");
-
-    public DefaultIntrusionDetector() {
-	}
-	
-	/**
-	 * {@inheritDoc}
-     *
-     * @param e
-     */
-	public void addException(Exception e) {
-		if (ESAPI.securityConfiguration().getDisableIntrusionDetection()) return;
-		
-        if ( e instanceof EnterpriseSecurityException ) {
-            logger.warning( Logger.SECURITY_FAILURE, ((EnterpriseSecurityException)e).getLogMessage(), e );
-        } else {
-            logger.warning( Logger.SECURITY_FAILURE, e.getMessage(), e );
-        }
-
-        // add the exception to the current user, which may trigger a detector 
-		User user = ESAPI.authenticator().getCurrentUser();
-        String eventName = e.getClass().getName();
-
-        if ( e instanceof IntrusionException) {
-            return;
-        }
-        
-        // add the exception to the user's store, handle IntrusionException if thrown
-		try {
-			addSecurityEvent(user, eventName);
-		} catch( IntrusionException ex ) {
-            Threshold quota = ESAPI.securityConfiguration().getQuota(eventName);
-            Iterator i = quota.actions.iterator();
-            while ( i.hasNext() ) {
-                String action = (String)i.next();
-                String message = "User exceeded quota of " + quota.count + " per "+ quota.interval +" seconds for event " + eventName + ". Taking actions " + quota.actions;
-                takeSecurityAction( action, message );
-            }
-		}
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-    public void addEvent(String eventName, String logMessage) throws IntrusionException {
-    	if (ESAPI.securityConfiguration().getDisableIntrusionDetection()) return;
-    	
-        logger.warning( Logger.SECURITY_FAILURE, "Security event " + eventName + " received : " + logMessage );
-
-        // add the event to the current user, which may trigger a detector 
-        User user = ESAPI.authenticator().getCurrentUser();
-        try {
-            addSecurityEvent(user, "event." + eventName);
-        } catch( IntrusionException ex ) {
-            Threshold quota = ESAPI.securityConfiguration().getQuota("event." + eventName);
-            Iterator i = quota.actions.iterator();
-            while ( i.hasNext() ) {
-                String action = (String)i.next();
-                String message = "User exceeded quota of " + quota.count + " per "+ quota.interval +" seconds for event " + eventName + ". Taking actions " + quota.actions;
-                takeSecurityAction( action, message );
-            }
-        }
-    }
-
-    /**
-     * Take a specified security action.  In this implementation, acceptable
-     * actions are: log, disable, logout.
-     * 
-     * @param action
-     * 		the action to take (log, disable, logout)
-     * @param message
-     * 		the message to log if the action is "log"
-     */
-    private void takeSecurityAction( String action, String message ) {
-    	if (ESAPI.securityConfiguration().getDisableIntrusionDetection()) return;
-    	
-        if ( action.equals( "log" ) ) {
-            logger.fatal( Logger.SECURITY_FAILURE, "INTRUSION - " + message );
-        }
-        User user = ESAPI.authenticator().getCurrentUser();
-        if (user == User.ANONYMOUS)
-        	return;
-        if ( action.equals( "disable" ) ) {
-            user.disable();
-        }
-        if ( action.equals( "logout" ) ) {
-            user.logout();
-        }
-    }
-
-	 /**
-	 * Adds a security event to the user.  These events are used to check that the user has not
-	 * reached the security thresholds set in the properties file.
-	 * 
-	 * @param user
-	 * 			The user that caused the event.
-	 * @param eventName
-	 * 			The name of the event that occurred.
-	 */
-	private void addSecurityEvent(User user, String eventName) {
-		if (ESAPI.securityConfiguration().getDisableIntrusionDetection()) return;
-		
-		if ( user.isAnonymous() ) return;
-		
-		HashMap eventMap = user.getEventMap();
-		
-		// if there is a threshold, then track this event
-		Threshold threshold = ESAPI.securityConfiguration().getQuota( eventName );
-		if ( threshold != null ) {
-			Event event = (Event)eventMap.get( eventName );
-			if ( event == null ) {
-				event = new Event( eventName );
-				eventMap.put( eventName, event );
-			}
-			// increment
-			event.increment(threshold.count, threshold.interval);
-		}
-	}
-
-    private static class Event {
-        public String key;
-        public Stack times = new Stack();
-        //public long count = 0;
-        public Event( String key ) {
-            this.key = key;
-        }
-        public void increment(int count, long interval) throws IntrusionException {
-        	if (ESAPI.securityConfiguration().getDisableIntrusionDetection()) return;
-        	
-            Date now = new Date();
-            times.add( 0, now );
-            while ( times.size() > count ) times.remove( times.size()-1 );
-            if ( times.size() == count ) {
-                Date past = (Date)times.get( count-1 );
-                long plong = past.getTime();
-                long nlong = now.getTime(); 
-                if ( nlong - plong < interval * 1000 ) {
-                    throw new IntrusionException( "Threshold exceeded", "Exceeded threshold for " + key );
-                }
-            }
-        }
-    }
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference;
+
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Stack;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.User;
+import org.owasp.esapi.SecurityConfiguration.Threshold;
+import org.owasp.esapi.errors.EnterpriseSecurityException;
+import org.owasp.esapi.errors.IntrusionException;
+
+/**
+ * Reference implementation of the IntrusionDetector interface. This
+ * implementation monitors EnterpriseSecurityExceptions to see if any user
+ * exceeds a configurable threshold in a configurable time period. For example,
+ * it can monitor to see if a user exceeds 10 input validation issues in a 1
+ * minute period. Or if there are more than 3 authentication problems in a 10
+ * second period. More complex implementations are certainly possible, such as
+ * one that establishes a baseline of expected behavior, and then detects
+ * deviations from that baseline. This implementation stores state in the
+ * user's session, so that it will be properly cleaned up when the session is
+ * terminated. State is not otherwise persisted, so attacks that span sessions
+ * will not be detectable.
+ * 
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ * @see org.owasp.esapi.IntrusionDetector
+ */
+public class DefaultIntrusionDetector implements org.owasp.esapi.IntrusionDetector {
+
+	/** The logger. */
+	private final Logger logger = ESAPI.getLogger("IntrusionDetector");
+
+    public DefaultIntrusionDetector() {
+	}
+	
+	/**
+	 * {@inheritDoc}
+     *
+     * @param e
+     */
+	public void addException(Exception e) {
+		if (ESAPI.securityConfiguration().getDisableIntrusionDetection()) return;
+		
+        if ( e instanceof EnterpriseSecurityException ) {
+            logger.warning( Logger.SECURITY_FAILURE, ((EnterpriseSecurityException)e).getLogMessage(), e );
+        } else {
+            logger.warning( Logger.SECURITY_FAILURE, e.getMessage(), e );
+        }
+
+        // add the exception to the current user, which may trigger a detector 
+		User user = ESAPI.authenticator().getCurrentUser();
+        String eventName = e.getClass().getName();
+
+        if ( e instanceof IntrusionException) {
+            return;
+        }
+        
+        // add the exception to the user's store, handle IntrusionException if thrown
+		try {
+			addSecurityEvent(user, eventName);
+		} catch( IntrusionException ex ) {
+            Threshold quota = ESAPI.securityConfiguration().getQuota(eventName);
+            Iterator i = quota.actions.iterator();
+            while ( i.hasNext() ) {
+                String action = (String)i.next();
+                String message = "User exceeded quota of " + quota.count + " per "+ quota.interval +" seconds for event " + eventName + ". Taking actions " + quota.actions;
+                takeSecurityAction( action, message );
+            }
+		}
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+    public void addEvent(String eventName, String logMessage) throws IntrusionException {
+    	if (ESAPI.securityConfiguration().getDisableIntrusionDetection()) return;
+    	
+        logger.warning( Logger.SECURITY_FAILURE, "Security event " + eventName + " received : " + logMessage );
+
+        // add the event to the current user, which may trigger a detector 
+        User user = ESAPI.authenticator().getCurrentUser();
+        try {
+            addSecurityEvent(user, "event." + eventName);
+        } catch( IntrusionException ex ) {
+            Threshold quota = ESAPI.securityConfiguration().getQuota("event." + eventName);
+            Iterator i = quota.actions.iterator();
+            while ( i.hasNext() ) {
+                String action = (String)i.next();
+                String message = "User exceeded quota of " + quota.count + " per "+ quota.interval +" seconds for event " + eventName + ". Taking actions " + quota.actions;
+                takeSecurityAction( action, message );
+            }
+        }
+    }
+
+    /**
+     * Take a specified security action.  In this implementation, acceptable
+     * actions are: log, disable, logout.
+     * 
+     * @param action
+     * 		the action to take (log, disable, logout)
+     * @param message
+     * 		the message to log if the action is "log"
+     */
+    private void takeSecurityAction( String action, String message ) {
+    	if (ESAPI.securityConfiguration().getDisableIntrusionDetection()) return;
+    	
+        if ( action.equals( "log" ) ) {
+            logger.fatal( Logger.SECURITY_FAILURE, "INTRUSION - " + message );
+        }
+        User user = ESAPI.authenticator().getCurrentUser();
+        if (user == User.ANONYMOUS)
+        	return;
+        if ( action.equals( "disable" ) ) {
+            user.disable();
+        }
+        if ( action.equals( "logout" ) ) {
+            user.logout();
+        }
+    }
+
+	 /**
+	 * Adds a security event to the user.  These events are used to check that the user has not
+	 * reached the security thresholds set in the properties file.
+	 * 
+	 * @param user
+	 * 			The user that caused the event.
+	 * @param eventName
+	 * 			The name of the event that occurred.
+	 */
+	private void addSecurityEvent(User user, String eventName) {
+		if (ESAPI.securityConfiguration().getDisableIntrusionDetection()) return;
+		
+		if ( user.isAnonymous() ) return;
+		
+		HashMap eventMap = user.getEventMap();
+		
+		// if there is a threshold, then track this event
+		Threshold threshold = ESAPI.securityConfiguration().getQuota( eventName );
+		if ( threshold != null ) {
+			Event event = (Event)eventMap.get( eventName );
+			if ( event == null ) {
+				event = new Event( eventName );
+				eventMap.put( eventName, event );
+			}
+			// increment
+			event.increment(threshold.count, threshold.interval);
+		}
+	}
+
+    private static class Event {
+        public String key;
+        public Stack times = new Stack();
+        //public long count = 0;
+        public Event( String key ) {
+            this.key = key;
+        }
+        public void increment(int count, long interval) throws IntrusionException {
+        	if (ESAPI.securityConfiguration().getDisableIntrusionDetection()) return;
+        	
+            Date now = new Date();
+            times.add( 0, now );
+            while ( times.size() > count ) times.remove( times.size()-1 );
+            if ( times.size() == count ) {
+                Date past = (Date)times.get( count-1 );
+                long plong = past.getTime();
+                long nlong = now.getTime(); 
+                if ( nlong - plong < interval * 1000 ) {
+                    throw new IntrusionException( "Threshold exceeded", "Exceeded threshold for " + key );
+                }
+            }
+        }
+    }
+}

From af2e23409dfbe8287449e455be52746f33db7bf0 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:49 -0500
Subject: [PATCH 159/812] Change CRLF to LF for issue 356.

---
 .../esapi/reference/DefaultRandomizer.java    | 268 +++++++++---------
 1 file changed, 134 insertions(+), 134 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/DefaultRandomizer.java b/src/main/java/org/owasp/esapi/reference/DefaultRandomizer.java
index 3272a6946..d7731c57b 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultRandomizer.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultRandomizer.java
@@ -1,134 +1,134 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference;
-
-import java.security.NoSuchAlgorithmException;
-import java.security.SecureRandom;
-import java.util.UUID;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.EncoderConstants;
-import org.owasp.esapi.Logger;
-import org.owasp.esapi.Randomizer;
-import org.owasp.esapi.errors.EncryptionException;
-
-/**
- * Reference implementation of the Randomizer interface. This implementation builds on the JCE provider to provide a
- * cryptographically strong source of entropy. The specific algorithm used is configurable in ESAPI.properties.
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- * @see org.owasp.esapi.Randomizer
- */
-public class DefaultRandomizer implements org.owasp.esapi.Randomizer {
-    private static volatile Randomizer singletonInstance;
-
-    public static Randomizer getInstance() {
-        if ( singletonInstance == null ) {
-            synchronized ( DefaultRandomizer.class ) {
-                if ( singletonInstance == null ) {
-                    singletonInstance = new DefaultRandomizer();
-                }
-            }
-        }
-        return singletonInstance;
-    }
-
-    /** The sr. */
-    private SecureRandom secureRandom = null;
-
-    /** The logger. */
-    private final Logger logger = ESAPI.getLogger("Randomizer");
-
-    private DefaultRandomizer() {
-        String algorithm = ESAPI.securityConfiguration().getRandomAlgorithm();
-        try {
-            secureRandom = SecureRandom.getInstance(algorithm);
-        } catch (NoSuchAlgorithmException e) {
-            // Can't throw an exception from the constructor, but this will get
-            // it logged and tracked
-            new EncryptionException("Error creating randomizer", "Can't find random algorithm " + algorithm, e);
-        }
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public String getRandomString(int length, char[] characterSet) {
-    	StringBuilder sb = new StringBuilder();
-        for (int loop = 0; loop < length; loop++) {
-            int index = secureRandom.nextInt(characterSet.length);
-            sb.append(characterSet[index]);
-        }
-        String nonce = sb.toString();
-        return nonce;
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public boolean getRandomBoolean() {
-        return secureRandom.nextBoolean();
-    }
-    
-    /**
-	 * {@inheritDoc}
-	 */
-    public int getRandomInteger(int min, int max) {
-        return secureRandom.nextInt(max - min) + min;
-    }
-    
-    /**
-	 * {@inheritDoc}
-	 */
-    public long getRandomLong() {
-        return secureRandom.nextLong();    
-    }
-    
-    /**
-	 * {@inheritDoc}
-	 */
-    public float getRandomReal(float min, float max) {
-        float factor = max - min;
-        return secureRandom.nextFloat() * factor + min;
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public String getRandomFilename(String extension) {
-        String fn = getRandomString(12, EncoderConstants.CHAR_ALPHANUMERICS) + "." + extension;
-        logger.debug(Logger.SECURITY_SUCCESS, "Generated new random filename: " + fn );
-        return fn;
-    }
-    
-    /**
-	 * {@inheritDoc}
-	 */
-    public String getRandomGUID() throws EncryptionException {
-    	return UUID.randomUUID().toString();
-    }
-    	
-    /**
-     * {@inheritDoc}
-     */
-    public byte[] getRandomBytes(int n) {
-    	byte[] result = new byte[ n ];
-    	secureRandom.nextBytes(result);
-    	return result;
-    }
-    	
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference;
+
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.util.UUID;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.EncoderConstants;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.Randomizer;
+import org.owasp.esapi.errors.EncryptionException;
+
+/**
+ * Reference implementation of the Randomizer interface. This implementation builds on the JCE provider to provide a
+ * cryptographically strong source of entropy. The specific algorithm used is configurable in ESAPI.properties.
+ * 
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ * @see org.owasp.esapi.Randomizer
+ */
+public class DefaultRandomizer implements org.owasp.esapi.Randomizer {
+    private static volatile Randomizer singletonInstance;
+
+    public static Randomizer getInstance() {
+        if ( singletonInstance == null ) {
+            synchronized ( DefaultRandomizer.class ) {
+                if ( singletonInstance == null ) {
+                    singletonInstance = new DefaultRandomizer();
+                }
+            }
+        }
+        return singletonInstance;
+    }
+
+    /** The sr. */
+    private SecureRandom secureRandom = null;
+
+    /** The logger. */
+    private final Logger logger = ESAPI.getLogger("Randomizer");
+
+    private DefaultRandomizer() {
+        String algorithm = ESAPI.securityConfiguration().getRandomAlgorithm();
+        try {
+            secureRandom = SecureRandom.getInstance(algorithm);
+        } catch (NoSuchAlgorithmException e) {
+            // Can't throw an exception from the constructor, but this will get
+            // it logged and tracked
+            new EncryptionException("Error creating randomizer", "Can't find random algorithm " + algorithm, e);
+        }
+    }
+
+    /**
+	 * {@inheritDoc}
+	 */
+    public String getRandomString(int length, char[] characterSet) {
+    	StringBuilder sb = new StringBuilder();
+        for (int loop = 0; loop < length; loop++) {
+            int index = secureRandom.nextInt(characterSet.length);
+            sb.append(characterSet[index]);
+        }
+        String nonce = sb.toString();
+        return nonce;
+    }
+
+    /**
+	 * {@inheritDoc}
+	 */
+    public boolean getRandomBoolean() {
+        return secureRandom.nextBoolean();
+    }
+    
+    /**
+	 * {@inheritDoc}
+	 */
+    public int getRandomInteger(int min, int max) {
+        return secureRandom.nextInt(max - min) + min;
+    }
+    
+    /**
+	 * {@inheritDoc}
+	 */
+    public long getRandomLong() {
+        return secureRandom.nextLong();    
+    }
+    
+    /**
+	 * {@inheritDoc}
+	 */
+    public float getRandomReal(float min, float max) {
+        float factor = max - min;
+        return secureRandom.nextFloat() * factor + min;
+    }
+
+    /**
+	 * {@inheritDoc}
+	 */
+    public String getRandomFilename(String extension) {
+        String fn = getRandomString(12, EncoderConstants.CHAR_ALPHANUMERICS) + "." + extension;
+        logger.debug(Logger.SECURITY_SUCCESS, "Generated new random filename: " + fn );
+        return fn;
+    }
+    
+    /**
+	 * {@inheritDoc}
+	 */
+    public String getRandomGUID() throws EncryptionException {
+    	return UUID.randomUUID().toString();
+    }
+    	
+    /**
+     * {@inheritDoc}
+     */
+    public byte[] getRandomBytes(int n) {
+    	byte[] result = new byte[ n ];
+    	secureRandom.nextBytes(result);
+    	return result;
+    }
+    	
+}

From 6b7256bb119ed7a3a6baef1b8017d9981a88b548 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:49 -0500
Subject: [PATCH 160/812] Change CRLF to LF for issue 356.

---
 .../DefaultSecurityConfiguration.java         | 2666 ++++++++---------
 1 file changed, 1333 insertions(+), 1333 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
index 21a5cb345..22b0f2067 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
@@ -1,1333 +1,1333 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- *
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- *
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- *
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference;
-
-import org.apache.commons.lang.text.StrTokenizer;
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.Logger;
-import org.owasp.esapi.SecurityConfiguration;
-import org.owasp.esapi.configuration.EsapiPropertyManager;
-import org.owasp.esapi.errors.ConfigurationException;
-
-import java.io.*;
-import java.net.URL;
-import java.util.*;
-import java.util.regex.Pattern;
-import java.util.regex.PatternSyntaxException;
-
-/**
- * The reference {@code SecurityConfiguration} manages all the settings used by the ESAPI in a single place. In this reference
- * implementation, resources can be put in several locations, which are searched in the following order:
- * <p>
- * 1) Inside a directory set with a call to SecurityConfiguration.setResourceDirectory( "C:\temp\resources" ).
- * <p>
- * 2) Inside the System.getProperty( "org.owasp.esapi.resources" ) directory.
- * You can set this on the java command line as follows (for example):
- * <pre>
- * 		java -Dorg.owasp.esapi.resources="C:\temp\resources"
- * </pre>
- * You may have to add this to the start-up script that starts your web server. For example, for Tomcat,
- * in the "catalina" script that starts Tomcat, you can set the JAVA_OPTS variable to the {@code -D} string above.
- * <p>
- * 3) Inside the {@code System.getProperty( "user.home" ) + "/.esapi"} directory (supported for backward compatibility) or
- * inside the {@code System.getProperty( "user.home" ) + "/esapi"} directory.
- * <p>
- * 4) The first ".esapi" or "esapi" directory on the classpath. (The former for backward compatibility.)
- * <p>
- * Once the Configuration is initialized with a resource directory, you can edit it to set things like master
- * keys and passwords, logging locations, error thresholds, and allowed file extensions.
- * <p>
- * WARNING: Do not forget to update ESAPI.properties to change the master key and other security critical settings.
- *
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @author Jim Manico (jim .at. manico.net) <a href="http://www.manico.net">Manico.net</a>
- * @author Kevin Wall (kevin.w.wall .at. gmail.com)
- */
-
-public class DefaultSecurityConfiguration implements SecurityConfiguration {
-    private static volatile SecurityConfiguration instance = null;
-
-    public static SecurityConfiguration getInstance() {
-        if ( instance == null ) {
-            synchronized (DefaultSecurityConfiguration.class) {
-                if ( instance == null ) {
-                    instance = new DefaultSecurityConfiguration();
-                }
-            }
-        }
-        return instance;
-    }
-    
-    private Properties properties = null;
-    private String cipherXformFromESAPIProp = null;	// New in ESAPI 2.0
-    private String cipherXformCurrent = null;		// New in ESAPI 2.0
-
-	/** The name of the ESAPI property file */
-	public static final String DEFAULT_RESOURCE_FILE = "ESAPI.properties";
-	
-    public static final String REMEMBER_TOKEN_DURATION = "Authenticator.RememberTokenDuration";
-    public static final String IDLE_TIMEOUT_DURATION = "Authenticator.IdleTimeoutDuration";
-    public static final String ABSOLUTE_TIMEOUT_DURATION = "Authenticator.AbsoluteTimeoutDuration";
-    public static final String ALLOWED_LOGIN_ATTEMPTS = "Authenticator.AllowedLoginAttempts";
-    public static final String USERNAME_PARAMETER_NAME = "Authenticator.UsernameParameterName";
-    public static final String PASSWORD_PARAMETER_NAME = "Authenticator.PasswordParameterName";
-    public static final String MAX_OLD_PASSWORD_HASHES = "Authenticator.MaxOldPasswordHashes";
-
-    public static final String ALLOW_MULTIPLE_ENCODING = "Encoder.AllowMultipleEncoding";
-    public static final String ALLOW_MIXED_ENCODING	= "Encoder.AllowMixedEncoding";
-    public static final String CANONICALIZATION_CODECS = "Encoder.DefaultCodecList";
-
-    public static final String DISABLE_INTRUSION_DETECTION  = "IntrusionDetector.Disable";
-    
-    public static final String MASTER_KEY = "Encryptor.MasterKey";
-    public static final String MASTER_SALT = "Encryptor.MasterSalt";
-    public static final String KEY_LENGTH = "Encryptor.EncryptionKeyLength";
-    public static final String ENCRYPTION_ALGORITHM = "Encryptor.EncryptionAlgorithm";
-    public static final String HASH_ALGORITHM = "Encryptor.HashAlgorithm";
-    public static final String HASH_ITERATIONS = "Encryptor.HashIterations";
-    public static final String CHARACTER_ENCODING = "Encryptor.CharacterEncoding";
-    public static final String RANDOM_ALGORITHM = "Encryptor.RandomAlgorithm";
-    public static final String DIGITAL_SIGNATURE_ALGORITHM = "Encryptor.DigitalSignatureAlgorithm";
-    public static final String DIGITAL_SIGNATURE_KEY_LENGTH = "Encryptor.DigitalSignatureKeyLength";
-    			// ==================================//
-    			//		New in ESAPI Java 2.0		 //
-    			// ================================= //
-    public static final String PREFERRED_JCE_PROVIDER = "Encryptor.PreferredJCEProvider";
-    public static final String CIPHER_TRANSFORMATION_IMPLEMENTATION = "Encryptor.CipherTransformation";
-    public static final String CIPHERTEXT_USE_MAC = "Encryptor.CipherText.useMAC";
-    public static final String PLAINTEXT_OVERWRITE = "Encryptor.PlainText.overwrite";
-    public static final String IV_TYPE = "Encryptor.ChooseIVMethod";
-    public static final String FIXED_IV = "Encryptor.fixedIV";
-    public static final String COMBINED_CIPHER_MODES = "Encryptor.cipher_modes.combined_modes";
-    public static final String ADDITIONAL_ALLOWED_CIPHER_MODES = "Encryptor.cipher_modes.additional_allowed";
-    public static final String KDF_PRF_ALG = "Encryptor.KDF.PRF";
-	public static final String PRINT_PROPERTIES_WHEN_LOADED = "ESAPI.printProperties";
-
-    public static final String WORKING_DIRECTORY = "Executor.WorkingDirectory";
-    public static final String APPROVED_EXECUTABLES = "Executor.ApprovedExecutables";
-
-    public static final String FORCE_HTTPONLYSESSION = "HttpUtilities.ForceHttpOnlySession";
-    public static final String FORCE_SECURESESSION = "HttpUtilities.SecureSession";
-    public static final String FORCE_HTTPONLYCOOKIES = "HttpUtilities.ForceHttpOnlyCookies";
-    public static final String FORCE_SECURECOOKIES = "HttpUtilities.ForceSecureCookies";
-	public static final String MAX_HTTP_HEADER_SIZE = "HttpUtilities.MaxHeaderSize";
-    public static final String UPLOAD_DIRECTORY = "HttpUtilities.UploadDir";
-    public static final String UPLOAD_TEMP_DIRECTORY = "HttpUtilities.UploadTempDir";
-    public static final String APPROVED_UPLOAD_EXTENSIONS = "HttpUtilities.ApprovedUploadExtensions";
-    public static final String MAX_UPLOAD_FILE_BYTES = "HttpUtilities.MaxUploadFileBytes";
-    public static final String RESPONSE_CONTENT_TYPE = "HttpUtilities.ResponseContentType";
-    public static final String HTTP_SESSION_ID_NAME = "HttpUtilities.HttpSessionIdName";
-
-    public static final String APPLICATION_NAME = "Logger.ApplicationName";
-    public static final String LOG_LEVEL = "Logger.LogLevel";
-    public static final String LOG_FILE_NAME = "Logger.LogFileName";
-    public static final String MAX_LOG_FILE_SIZE = "Logger.MaxLogFileSize";
-    public static final String LOG_ENCODING_REQUIRED = "Logger.LogEncodingRequired";
-    public static final String LOG_APPLICATION_NAME = "Logger.LogApplicationName";
-    public static final String LOG_SERVER_IP = "Logger.LogServerIP";
-    public static final String VALIDATION_PROPERTIES = "Validator.ConfigurationFile";
-    public static final String VALIDATION_PROPERTIES_MULTIVALUED = "Validator.ConfigurationFile.MultiValued";
-    public static final String ACCEPT_LENIENT_DATES = "Validator.AcceptLenientDates";
-
-
-
-    /**
-	 * The default max log file size is set to 10,000,000 bytes (10 Meg). If the current log file exceeds the current
-	 * max log file size, the logger will move the old log data into another log file. There currently is a max of
-	 * 1000 log files of the same name. If that is exceeded it will presumably start discarding the oldest logs.
-	 */
-	public static final int DEFAULT_MAX_LOG_FILE_SIZE = 10000000;
-	
-    protected final int MAX_REDIRECT_LOCATION = 1000;
-    
-    /**
-     * @deprecated	It is not clear whether this is intended to be the max file name length for the basename(1) of
-     *				a file or the max full path name length of a canonical full path name. Since it is not used anywhere
-     *				in the ESAPI code it is being deprecated and scheduled to be removed in release 2.1.
-     */
-    protected final int MAX_FILE_NAME_LENGTH = 1000;	// DISCUSS: Is this for given directory or refer to canonicalized full path name?
-    													// Too long if the former! (Usually 255 is limit there.) Hard to tell since not used
-    													// here in this class and it's protected, so not sure what it's intent is. It's not
-    													// used anywhere in the ESAPI code base. I am going to deprecate it because of this. -kww
-
-    /*
-     * Implementation Keys
-     */
-    public static final String LOG_IMPLEMENTATION = "ESAPI.Logger";
-    public static final String AUTHENTICATION_IMPLEMENTATION = "ESAPI.Authenticator";
-    public static final String ENCODER_IMPLEMENTATION = "ESAPI.Encoder";
-    public static final String ACCESS_CONTROL_IMPLEMENTATION = "ESAPI.AccessControl";
-    public static final String ENCRYPTION_IMPLEMENTATION = "ESAPI.Encryptor";
-    public static final String INTRUSION_DETECTION_IMPLEMENTATION = "ESAPI.IntrusionDetector";
-    public static final String RANDOMIZER_IMPLEMENTATION = "ESAPI.Randomizer";
-	public static final String EXECUTOR_IMPLEMENTATION = "ESAPI.Executor";
-	public static final String VALIDATOR_IMPLEMENTATION = "ESAPI.Validator";
-	public static final String HTTP_UTILITIES_IMPLEMENTATION = "ESAPI.HTTPUtilities";
-
-    /*
-     * Default Implementations
-     */
-    public static final String DEFAULT_LOG_IMPLEMENTATION = "org.owasp.esapi.reference.JavaLogFactory";
-    public static final String DEFAULT_AUTHENTICATION_IMPLEMENTATION = "org.owasp.esapi.reference.FileBasedAuthenticator";
-    public static final String DEFAULT_ENCODER_IMPLEMENTATION = "org.owasp.esapi.reference.DefaultEncoder";
-    public static final String DEFAULT_ACCESS_CONTROL_IMPLEMENTATION = "org.owasp.esapi.reference.accesscontrol.DefaultAccessController";
-    public static final String DEFAULT_ENCRYPTION_IMPLEMENTATION = "org.owasp.esapi.reference.crypto.JavaEncryptor";
-    public static final String DEFAULT_INTRUSION_DETECTION_IMPLEMENTATION = "org.owasp.esapi.reference.DefaultIntrusionDetector";
-    public static final String DEFAULT_RANDOMIZER_IMPLEMENTATION = "org.owasp.esapi.reference.DefaultRandomizer";
-    public static final String DEFAULT_EXECUTOR_IMPLEMENTATION = "org.owasp.esapi.reference.DefaultExecutor";
-    public static final String DEFAULT_HTTP_UTILITIES_IMPLEMENTATION = "org.owasp.esapi.reference.DefaultHTTPUtilities";
-    public static final String DEFAULT_VALIDATOR_IMPLEMENTATION = "org.owasp.esapi.reference.DefaultValidator";
-
-    private static final Map<String, Pattern> patternCache = new HashMap<String, Pattern>();
-
-    /*
-     * Absolute path to the user.home. No longer includes the ESAPI portion as it used to.
-     */
-    private static final String userHome = System.getProperty("user.home" );
-    /*
-     * Absolute path to the customDirectory
-     */	// DISCUSS: Implicit assumption here that there is no SecurityManager installed enforcing the
-        //			prevention of reading system properties. Otherwise this will fail with SecurityException.
-    private static String customDirectory = System.getProperty("org.owasp.esapi.resources");
-    /*
-     * Relative path to the resourceDirectory. Relative to the classpath.
-     * Specifically, ClassLoader.getResource(resourceDirectory + filename) will
-     * be used to load the file.
-     */
-    private String resourceDirectory = ".esapi";	// For backward compatibility (vs. "esapi")
-	private final String resourceFile;
-    private EsapiPropertyManager esapiPropertyManager;
-
-//    private static long lastModified = -1;
-
-    /**
-     * Instantiates a new configuration, using the provided property file name
-     * 
-     * @param resourceFile The name of the property file to load
-     */
-    DefaultSecurityConfiguration(String resourceFile) {
-    	this.resourceFile = resourceFile;
-        this.esapiPropertyManager = new EsapiPropertyManager();
-    	// load security configuration
-    	try {
-        	loadConfiguration();
-        	this.setCipherXProperties();
-        } catch( IOException e ) {
-	        logSpecial("Failed to load security configuration", e );
-	        throw new ConfigurationException("Failed to load security configuration", e);
-        }
-    }
-    
-    /**
-     * Instantiates a new configuration with the supplied properties.
-     * 
-     * Warning - if the setResourceDirectory() method is invoked the properties will
-     * be re-loaded, replacing the supplied properties.
-     * 
-     * @param properties
-     */
-    public DefaultSecurityConfiguration(Properties properties) {
-    	resourceFile = DEFAULT_RESOURCE_FILE;
-    	this.properties = properties; 
-    	this.setCipherXProperties();
-    }
-    
-    /**
-     * Instantiates a new configuration.
-     */
-    public DefaultSecurityConfiguration(){
-    	this(DEFAULT_RESOURCE_FILE);
-    }
-    private void setCipherXProperties() {
-		// TODO: FUTURE: Replace by future CryptoControls class???
-		// See SecurityConfiguration.setCipherTransformation() for
-		// explanation of this.
-        // (Propose this in 2.1 via future email to ESAPI-DEV list.)
-		cipherXformFromESAPIProp =
-			getESAPIProperty(CIPHER_TRANSFORMATION_IMPLEMENTATION,
-							 "AES/CBC/PKCS5Padding");
-		cipherXformCurrent = cipherXformFromESAPIProp;
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public String getApplicationName() {
-    	return getESAPIProperty(APPLICATION_NAME, "DefaultName");
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public String getLogImplementation() {
-    	return getESAPIProperty(LOG_IMPLEMENTATION, DEFAULT_LOG_IMPLEMENTATION);
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public String getAuthenticationImplementation() {
-    	return getESAPIProperty(AUTHENTICATION_IMPLEMENTATION, DEFAULT_AUTHENTICATION_IMPLEMENTATION);
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public String getEncoderImplementation() {
-    	return getESAPIProperty(ENCODER_IMPLEMENTATION, DEFAULT_ENCODER_IMPLEMENTATION);
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public String getAccessControlImplementation() {
-    	return getESAPIProperty(ACCESS_CONTROL_IMPLEMENTATION, DEFAULT_ACCESS_CONTROL_IMPLEMENTATION);
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public String getEncryptionImplementation() {
-    	return getESAPIProperty(ENCRYPTION_IMPLEMENTATION, DEFAULT_ENCRYPTION_IMPLEMENTATION);
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public String getIntrusionDetectionImplementation() {
-    	return getESAPIProperty(INTRUSION_DETECTION_IMPLEMENTATION, DEFAULT_INTRUSION_DETECTION_IMPLEMENTATION);
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public String getRandomizerImplementation() {
-    	return getESAPIProperty(RANDOMIZER_IMPLEMENTATION, DEFAULT_RANDOMIZER_IMPLEMENTATION);
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public String getExecutorImplementation() {
-    	return getESAPIProperty(EXECUTOR_IMPLEMENTATION, DEFAULT_EXECUTOR_IMPLEMENTATION);
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public String getHTTPUtilitiesImplementation() {
-    	return getESAPIProperty(HTTP_UTILITIES_IMPLEMENTATION, DEFAULT_HTTP_UTILITIES_IMPLEMENTATION);
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public String getValidationImplementation() {
-    	return getESAPIProperty(VALIDATOR_IMPLEMENTATION, DEFAULT_VALIDATOR_IMPLEMENTATION);
-    }
-
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public byte[] getMasterKey() {
-    	byte[] key = getESAPIPropertyEncoded( MASTER_KEY, null );
-    	if ( key == null || key.length == 0 ) {
-    		throw new ConfigurationException("Property '" + MASTER_KEY +
-    							"' missing or empty in ESAPI.properties file.");
-    }
-    	return key;
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public void setResourceDirectory( String dir ) {
-    	resourceDirectory = dir;
-        logSpecial( "Reset resource directory to: " + dir, null );
-
-        // reload configuration if necessary
-    	try {
-    		this.loadConfiguration();
-    	} catch( IOException e ) {
-	        logSpecial("Failed to load security configuration from " + dir, e);
-    	}
-    }
-
-    public int getEncryptionKeyLength() {
-    	return getESAPIProperty(KEY_LENGTH, 128 );
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public byte[] getMasterSalt() {
-    	byte[] salt = getESAPIPropertyEncoded( MASTER_SALT, null );
-    	if ( salt == null || salt.length == 0 ) {
-    		throw new ConfigurationException("Property '" + MASTER_SALT +
-    							"' missing or empty in ESAPI.properties file.");
-    }
-    	return salt;
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-	public List<String> getAllowedExecutables() {
-    	String def = "";
-        String[] exList = getESAPIProperty(APPROVED_EXECUTABLES,def).split(",");
-        return Arrays.asList(exList);
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-	public List<String> getAllowedFileExtensions() {
-    	String def = ".zip,.pdf,.tar,.gz,.xls,.properties,.txt,.xml";
-        String[] extList = getESAPIProperty(APPROVED_UPLOAD_EXTENSIONS,def).split(",");
-        return Arrays.asList(extList);
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public int getAllowedFileUploadSize() {
-        return getESAPIProperty(MAX_UPLOAD_FILE_BYTES, 5000000);
-    }
-
-
-    private Properties loadPropertiesFromStream( InputStream is, String name ) throws IOException {
-    	Properties config = new Properties();
-        try {
-	        config.load(is);
-	        logSpecial("Loaded '" + name + "' properties file", null);
-        } finally {
-            if ( is != null ) try { is.close(); } catch( Exception e ) {}
-        }
-        return config;
-    }
-
-	/**
-	 * Load configuration. Never prints properties.
-	 * 
-	 * @throws java.io.IOException
-	 *             if the file is inaccessible
-	 */
-	protected void loadConfiguration() throws IOException {
-		try {
-		    //first attempt file IO loading of properties
-			logSpecial("Attempting to load " + resourceFile + " via file I/O.");
-			properties = loadPropertiesFromStream(getResourceStream(resourceFile), resourceFile);
-			
-		} catch (Exception iae) {
-		    //if file I/O loading fails, attempt classpath based loading next
-		    logSpecial("Loading " + resourceFile + " via file I/O failed. Exception was: " + iae);
-			logSpecial("Attempting to load " + resourceFile + " via the classpath.");
-			try {
-				properties = loadConfigurationFromClasspath(resourceFile);
-			} catch (Exception e) {				
-				logSpecial(resourceFile + " could not be loaded by any means. Fail.", e);
-				throw new ConfigurationException(resourceFile + " could not be loaded by any means. Fail.", e);
-			}			
-		}
-		
-		// if properties loaded properly above, get validation properties and merge them into the main properties
-		if (properties != null) {
-			final Iterator<String> validationPropFileNames;
-			
-			//defaults to single-valued for backwards compatibility
-			final boolean multivalued= getESAPIProperty(VALIDATION_PROPERTIES_MULTIVALUED, false);
-			final String validationPropValue = getESAPIProperty(VALIDATION_PROPERTIES, "validation.properties");
-			
-			if(multivalued){
-				// the following cast warning goes away if the apache commons lib is updated to current version				
-				validationPropFileNames = StrTokenizer.getCSVInstance(validationPropValue);
-			} else {
-				validationPropFileNames = Collections.singletonList(validationPropValue).iterator();
-			}
-			
-			//clear any cached validation patterns so they can be reloaded from validation.properties
-			patternCache.clear();
-			while(validationPropFileNames.hasNext()){
-				String validationPropFileName = validationPropFileNames.next();
-				Properties validationProperties = null;
-				try {
-				    //first attempt file IO loading of properties
-					logSpecial("Attempting to load " + validationPropFileName + " via file I/O.");
-					validationProperties = loadPropertiesFromStream(getResourceStream(validationPropFileName), validationPropFileName);
-					
-				} catch (Exception iae) {
-				    //if file I/O loading fails, attempt classpath based loading next
-				    logSpecial("Loading " + validationPropFileName + " via file I/O failed.");
-					logSpecial("Attempting to load " + validationPropFileName + " via the classpath.");		
-					try {
-						validationProperties = loadConfigurationFromClasspath(validationPropFileName);
-					} catch (Exception e) {				
-						logSpecial(validationPropFileName + " could not be loaded by any means. fail.", e);
-					}			
-				}
-				
-				if (validationProperties != null) {
-			    	Iterator<?> i = validationProperties.keySet().iterator();
-			    	while( i.hasNext() ) {
-			    		String key = (String)i.next();
-			    		String value = validationProperties.getProperty(key);
-			    		properties.put( key, value);
-			    	}
-				}
-				
-		        if ( shouldPrintProperties() ) {
-		    	
-		    	//FIXME - make this chunk configurable
-		    	/*
-		        logSpecial("  ========Master Configuration========", null);
-		        //logSpecial( "  ResourceDirectory: " + DefaultSecurityConfiguration.resourceDirectory );
-		        Iterator j = new TreeSet( properties.keySet() ).iterator();
-		        while (j.hasNext()) {
-		            String key = (String)j.next();
-		            // print out properties, but not sensitive ones like MasterKey and MasterSalt
-		            if ( !key.contains( "Master" ) ) {
-		            		logSpecial("  |   " + key + "=" + properties.get(key), null);
-		        	}
-		        }
-		        */
-		        }   	
-	        }
-		}
-	}	
-	
-	/**
-	 * @param filename
-	 * @return An {@code InputStream} associated with the specified file name as
-	 *         a resource stream.
-	 * @throws IOException
-	 *             If the file cannot be found or opened for reading.
-	 */
-	public InputStream getResourceStream(String filename) throws IOException {
-		if (filename == null) {
-			return null;
-		}
-
-		try {
-			File f = getResourceFile(filename);
-			if (f != null && f.exists()) {
-				return new FileInputStream(f);
-			}
-		} catch (Exception e) {
-		}
-
-		throw new FileNotFoundException();
-	}
-	
-	/**
-	 * {@inheritDoc}
-	 */
-	public File getResourceFile(String filename) {
-		logSpecial("Attempting to load " + filename + " as resource file via file I/O.");
-
-		if (filename == null) {
-			logSpecial("Failed to load properties via FileIO. Filename is null.");
-			return null; // not found.
-		}
-
-		File f = null;
-
-		// first, allow command line overrides. -Dorg.owasp.esapi.resources
-		// directory
-		f = new File(customDirectory, filename);
-		if (customDirectory != null && f.canRead()) {
-			logSpecial("Found in 'org.owasp.esapi.resources' directory: " + f.getAbsolutePath());
-			return f;
-		} else {
-			logSpecial("Not found in 'org.owasp.esapi.resources' directory or file not readable: " + f.getAbsolutePath());
-		}
-
-		// if not found, then try the programmatically set resource directory
-		// (this defaults to SystemResource directory/resourceFile
-		URL fileUrl = ClassLoader.getSystemResource(resourceDirectory + "/" + filename);
-        if ( fileUrl == null ) {
-            fileUrl = ClassLoader.getSystemResource("esapi/" + filename);
-        }
-
-		if (fileUrl != null) {
-			String fileLocation = fileUrl.getFile();
-			f = new File(fileLocation);
-			if (f.exists()) {
-				logSpecial("Found in SystemResource Directory/resourceDirectory: " + f.getAbsolutePath());
-				return f;
-			} else {
-				logSpecial("Not found in SystemResource Directory/resourceDirectory (this should never happen): " + f.getAbsolutePath());
-			}
-		} else {
-			logSpecial("Not found in SystemResource Directory/resourceDirectory: " + resourceDirectory + File.separator + filename);
-		}
-
-		// If not found, then try immediately under user's home directory first in
-		//		userHome + "/.esapi"		and secondly under
-		//		userHome + "/esapi"
-		// We look in that order because of backward compatibility issues.
-		String homeDir = userHome;
-		if ( homeDir == null ) {
-			homeDir = "";	// Without this,	homeDir + "/.esapi"	would produce
-							// the string		"null/.esapi"		which surely is not intended.
-		}
-		// First look under ".esapi" (for reasons of backward compatibility).
-		f = new File(homeDir + "/.esapi", filename);
-		if ( f.canRead() ) {
-			logSpecial("[Compatibility] Found in 'user.home' directory: " + f.getAbsolutePath());
-			return f;
-		} else {
-			// Didn't find it under old directory ".esapi" so now look under the "esapi" directory.
-			f = new File(homeDir + "/esapi", filename);
-			if ( f.canRead() ) {
-				logSpecial("Found in 'user.home' directory: " + f.getAbsolutePath());
-				return f;
-			} else {
-				logSpecial("Not found in 'user.home' (" + homeDir + ") directory: " + f.getAbsolutePath());
-			}
-		}
-
-		// return null if not found
-		return null;
-	}
-	
-    /**
-     * Used to load ESAPI.properties from a variety of different classpath locations.
-     *
-     * @param fileName The properties file filename.
-     */
-	private Properties loadConfigurationFromClasspath(String fileName) throws IllegalArgumentException {
-		Properties result = null;
-		InputStream in = null;
-
-		ClassLoader[] loaders = new ClassLoader[] {
-				Thread.currentThread().getContextClassLoader(),
-				ClassLoader.getSystemClassLoader(),
-				getClass().getClassLoader() 
-		};
-		String[] classLoaderNames = {
-				"current thread context class loader",
-				"system class loader",
-				"class loader for DefaultSecurityConfiguration class"
-		};
-
-		ClassLoader currentLoader = null;
-		for (int i = 0; i < loaders.length; i++) {
-			if (loaders[i] != null) {
-				currentLoader = loaders[i];
-				try {
-					// try root
-					String currentClasspathSearchLocation = "/ (root)";
-					in = loaders[i].getResourceAsStream(fileName);
-					
-					// try resourceDirectory folder
-					if (in == null) {
-						currentClasspathSearchLocation = resourceDirectory + "/";
-						in = currentLoader.getResourceAsStream(resourceDirectory + "/" + fileName);
-					}
-
-					// try .esapi folder. Look here first for backward compatibility.
-					if (in == null) {
-						currentClasspathSearchLocation = ".esapi/";
-						in = currentLoader.getResourceAsStream(".esapi/" + fileName);
-					} 
-					
-					// try esapi folder (new directory)
-					if (in == null) {
-						currentClasspathSearchLocation = "esapi/";
-						in = currentLoader.getResourceAsStream("esapi/" + fileName);
-					} 
-					
-					// try resources folder
-					if (in == null) {
-						currentClasspathSearchLocation = "src/main/resources/";
-						in = currentLoader.getResourceAsStream("src/main/resources/" + fileName);
-					}
-		
-					// now load the properties
-					if (in != null) {
-						result = new Properties();
-						result.load(in); // Can throw IOException
-						logSpecial("SUCCESSFULLY LOADED " + fileName + " via the CLASSPATH from '" +
-								currentClasspathSearchLocation + "' using " + classLoaderNames[i] + "!");
-						break;	// Outta here since we've found and loaded it.
-					}
-				} catch (Exception e) {
-					result = null;
-		
-				} finally {
-					try {
-						in.close();
-					} catch (Exception e) {
-					}
-				}
-			}
-		}
-
-		if (result == null) {
-			// CHECKME: This is odd...why not ConfigurationException?
-		    throw new IllegalArgumentException("Failed to load " + resourceFile + " as a classloader resource.");
-		}
-
-		return result;
-	}
-
-    /**
-     * Used to log errors to the console during the loading of the properties file itself. Can't use
-     * standard logging in this case, since the Logger may not be initialized yet. Output is sent to
-     * {@code PrintStream} {@code System.out}.
-     *
-     * @param message The message to send to the console.
-     * @param e The error that occurred. (This value printed via {@code e.toString()}.)
-     */
-    private void logSpecial(String message, Throwable e) {
-    	StringBuffer msg = new StringBuffer(message);
-    	if (e != null) {
-    		msg.append(" Exception was: ").append( e.toString() );
-    	}
-		System.out.println( msg.toString() );
-		// if ( e != null) e.printStackTrace();		// TODO ??? Do we want this?
-    }
-
-    /**
-     * Used to log errors to the console during the loading of the properties file itself. Can't use
-     * standard logging in this case, since the Logger may not be initialized yet. Output is sent to
-     * {@code PrintStream} {@code System.out}.
-     *
-     * @param message The message to send to the console.
-     */
-    private void logSpecial(String message) {
-		System.out.println(message);
-    }
-    
-    /**
-	 * {@inheritDoc}
-	 */
-    public String getPasswordParameterName() {
-        return getESAPIProperty(PASSWORD_PARAMETER_NAME, "password");
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public String getUsernameParameterName() {
-        return getESAPIProperty(USERNAME_PARAMETER_NAME, "username");
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public String getEncryptionAlgorithm() {
-        return getESAPIProperty(ENCRYPTION_ALGORITHM, "AES");
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public String getCipherTransformation() {
-    	assert cipherXformCurrent != null : "Current cipher transformation is null";
-    	return cipherXformCurrent;
-    }
-
-    /**
-     * {@inheritDoc}
-     */
-    public String setCipherTransformation(String cipherXform) {
-    	String previous = getCipherTransformation();
-    	if ( cipherXform == null ) {
-    		// Special case... means set it to original value from ESAPI.properties
-    		cipherXformCurrent = cipherXformFromESAPIProp;
-    	} else {
-    		assert ! cipherXform.trim().equals("") :
-    			"Cipher transformation cannot be just white space or empty string";
-    		cipherXformCurrent = cipherXform;	// Note: No other sanity checks!!!
-    	}
-    	return previous;
-    }
-
-    /**
-     * {@inheritDoc}
-     */
-    public boolean useMACforCipherText() {
-    	return getESAPIProperty(CIPHERTEXT_USE_MAC, true);
-    }
-
-    /**
-     * {@inheritDoc}
-     */
-    public boolean overwritePlainText() {
-    	return getESAPIProperty(PLAINTEXT_OVERWRITE, true);
-    }
-    
-    /**
-	 * {@inheritDoc}
-	 */
-    public String getIVType() {
-    	String value = getESAPIProperty(IV_TYPE, "random");
-    	if ( value.equalsIgnoreCase("fixed") || value.equalsIgnoreCase("random") ) {
-    		return value;
-    	} else if ( value.equalsIgnoreCase("specified") ) {
-    		// This is planned for future implementation where setting
-    		// Encryptor.ChooseIVMethod=specified   will require setting some
-    		// other TBD property that will specify an implementation class that
-    		// will generate appropriate IVs. The intent of this would be to use
-    		// such a class with various feedback modes where it is imperative
-    		// that for a given key, any particular IV is *NEVER* reused. For
-    		// now, we will assume that generating a random IV is usually going
-    		// to be sufficient to prevent this.
-    		throw new ConfigurationException("'" + IV_TYPE + "=specified' is not yet implemented. Use 'fixed' or 'random'");
-    	} else {
-    		// TODO: Once 'specified' is legal, adjust exception msg, below.
-    		// DISCUSS: Could just log this and then silently return "random" instead.
-    		throw new ConfigurationException(value + " is illegal value for " + IV_TYPE +
-    										 ". Use 'random' (preferred) or 'fixed'.");
-    	}
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public String getFixedIV() {
-    	if ( getIVType().equalsIgnoreCase("fixed") ) {
-    		String ivAsHex = getESAPIProperty(FIXED_IV, ""); // No default
-    		if ( ivAsHex == null || ivAsHex.trim().equals("") ) {
-    			throw new ConfigurationException("Fixed IV requires property " +
-    						FIXED_IV + " to be set, but it is not.");
-    		}
-    		return ivAsHex;		// We do no further checks here as we have no context.
-    	} else {
-    		// DISCUSS: Should we just log a warning here and return null instead?
-    		//			If so, may cause NullPointException somewhere later.
-    		throw new ConfigurationException("IV type not 'fixed' (set to '" +
-    										 getIVType() + "'), so no fixed IV applicable.");
-    	}
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public String getHashAlgorithm() {
-        return getESAPIProperty(HASH_ALGORITHM, "SHA-512");
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public int getHashIterations() {
-    	return getESAPIProperty(HASH_ITERATIONS, 1024);
-    }
-
-    /**
-     * {@inheritDoc}
-     */
-	public String getKDFPseudoRandomFunction() {
-		return getESAPIProperty(KDF_PRF_ALG, "HmacSHA256");  // NSA recommended SHA2 or better.
-	}
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public String getCharacterEncoding() {
-        return getESAPIProperty(CHARACTER_ENCODING, "UTF-8");
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-	public boolean getAllowMultipleEncoding() {
-		return getESAPIProperty( ALLOW_MULTIPLE_ENCODING, false );
-	}
-
-    /**
-	 * {@inheritDoc}
-	 */
-	public boolean getAllowMixedEncoding() {
-		return getESAPIProperty( ALLOW_MIXED_ENCODING, false );
-	}
-
-    /**
-	 * {@inheritDoc}
-	 */
-	public List<String> getDefaultCanonicalizationCodecs() {
-		List<String> def = new ArrayList<String>();
-		def.add( "org.owasp.esapi.codecs.HTMLEntityCodec" );
-		def.add( "org.owasp.esapi.codecs.PercentCodec" );
-		def.add( "org.owasp.esapi.codecs.JavaScriptCodec" );
-		return getESAPIProperty( CANONICALIZATION_CODECS, def );
-	}
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public String getDigitalSignatureAlgorithm() {
-        return getESAPIProperty(DIGITAL_SIGNATURE_ALGORITHM, "SHAwithDSA");
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public int getDigitalSignatureKeyLength() {
-        return getESAPIProperty(DIGITAL_SIGNATURE_KEY_LENGTH, 1024);
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public String getRandomAlgorithm() {
-        return getESAPIProperty(RANDOM_ALGORITHM, "SHA1PRNG");
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public int getAllowedLoginAttempts() {
-        return getESAPIProperty(ALLOWED_LOGIN_ATTEMPTS, 5);
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public int getMaxOldPasswordHashes() {
-        return getESAPIProperty(MAX_OLD_PASSWORD_HASHES, 12);
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public File getUploadDirectory() {
-    	String dir = getESAPIProperty( UPLOAD_DIRECTORY, "UploadDir");
-    	return new File( dir );
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public File getUploadTempDirectory() {
-    	String dir = getESAPIProperty(UPLOAD_TEMP_DIRECTORY,
-            System.getProperty("java.io.tmpdir","UploadTempDir"));
-    	return new File( dir );
-    }
-    
-    /**
-	 * {@inheritDoc}
-	 */
-	public boolean getDisableIntrusionDetection() {
-    	String value = properties.getProperty( DISABLE_INTRUSION_DETECTION );
-    	if ("true".equalsIgnoreCase(value)) return true;
-    	return false;	// Default result
-	}
-
-    /**
-	 * {@inheritDoc}
-	 */
-	public Threshold getQuota(String eventName) {
-        int count = getESAPIProperty("IntrusionDetector." + eventName + ".count", 0);
-        int interval =  getESAPIProperty("IntrusionDetector." + eventName + ".interval", 0);
-        List<String> actions = new ArrayList<String>();
-        String actionString = getESAPIProperty("IntrusionDetector." + eventName + ".actions", "");
-        if (actionString != null) {
-            String[] actionList = actionString.split(",");
-            actions = Arrays.asList(actionList);
-        }
-        if ( count > 0 && interval > 0 && actions.size() > 0 ) {
-        	return new Threshold(eventName, count, interval, actions);
-        }
-        return null;
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public int getLogLevel() {
-        String level = getESAPIProperty(LOG_LEVEL, "WARNING" );
-
-        if (level.equalsIgnoreCase("OFF"))
-            return Logger.OFF;
-        if (level.equalsIgnoreCase("FATAL"))
-            return Logger.FATAL;
-        if (level.equalsIgnoreCase("ERROR"))
-            return Logger.ERROR ;
-        if (level.equalsIgnoreCase("WARNING"))
-            return Logger.WARNING;
-        if (level.equalsIgnoreCase("INFO"))
-            return Logger.INFO;
-        if (level.equalsIgnoreCase("DEBUG"))
-            return Logger.DEBUG;
-        if (level.equalsIgnoreCase("TRACE"))
-            return Logger.TRACE;
-        if (level.equalsIgnoreCase("ALL"))
-            return Logger.ALL;
-
-		// This error is NOT logged the normal way because the logger constructor calls getLogLevel() and if this error occurred it would cause
-		// an infinite loop.
-        logSpecial("The LOG-LEVEL property in the ESAPI properties file has the unrecognized value: " + level + ". Using default: WARNING", null);
-        return Logger.WARNING;  // Note: The default logging level is WARNING.
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public String getLogFileName() {
-    	return getESAPIProperty( LOG_FILE_NAME, "ESAPI_logging_file" );
-    }
-
-	/**
-	 * {@inheritDoc}
-	 */
-    public int getMaxLogFileSize() {
-    	return getESAPIProperty( MAX_LOG_FILE_SIZE, DEFAULT_MAX_LOG_FILE_SIZE );
-    }
-    
-    /**
-	 * {@inheritDoc}
-	 */
-    public boolean getLogEncodingRequired() {
-    	return getESAPIProperty( LOG_ENCODING_REQUIRED, false );
-	}
-
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public boolean getLogApplicationName() {
-    	return getESAPIProperty( LOG_APPLICATION_NAME, true );
-	}
-
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public boolean getLogServerIP() {
-    	return getESAPIProperty( LOG_SERVER_IP, true );
-	}
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public boolean getForceHttpOnlySession() {
-    	return getESAPIProperty( FORCE_HTTPONLYSESSION, true );
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public boolean getForceSecureSession() {
-    	return getESAPIProperty( FORCE_SECURESESSION, true );
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public boolean getForceHttpOnlyCookies() {
-    	return getESAPIProperty( FORCE_HTTPONLYCOOKIES, true );
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public boolean getForceSecureCookies() {
-    	return getESAPIProperty( FORCE_SECURECOOKIES, true );
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-	public int getMaxHttpHeaderSize() {
-        return getESAPIProperty( MAX_HTTP_HEADER_SIZE, 4096 );
-	}
-
-    /**
-	 * {@inheritDoc}
-	 */
-	public String getResponseContentType() {
-        return getESAPIProperty( RESPONSE_CONTENT_TYPE, "text/html; charset=UTF-8" );
-    }
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public String getHttpSessionIdName() {
-        return getESAPIProperty( HTTP_SESSION_ID_NAME, "JSESSIONID" );
-    }
-	
-	/**
-	 * {@inheritDoc}
-	 */
-    public long getRememberTokenDuration() {
-        int days = getESAPIProperty( REMEMBER_TOKEN_DURATION, 14 );
-        return (long) (1000 * 60 * 60 * 24 * days);
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-	public int getSessionIdleTimeoutLength() {
-        int minutes = getESAPIProperty( IDLE_TIMEOUT_DURATION, 20 );
-        return 1000 * 60 * minutes;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public int getSessionAbsoluteTimeoutLength() {
-        int minutes = getESAPIProperty(ABSOLUTE_TIMEOUT_DURATION, 20 );
-        return 1000 * 60 * minutes;
-	}
-
-   /**
-    * getValidationPattern returns a single pattern based upon key
-    *
-    *  @param key
-    *  			validation pattern name you'd like
-    *  @return
-    *  			if key exists, the associated validation pattern, null otherwise
-	*/
-    public Pattern getValidationPattern( String key ) {
-    	String value = getESAPIProperty( "Validator." + key, "" );
-    	// check cache
-    	Pattern p = patternCache.get( value );
-    	if ( p != null ) return p;
-
-    	// compile a new pattern
-    	if ( value == null || value.equals( "" ) ) return null;
-    	try {
-    		Pattern q = Pattern.compile(value);
-    		patternCache.put( value, q );
-    		return q;
-    	} catch ( PatternSyntaxException e ) {
-    		logSpecial( "SecurityConfiguration for " + key + " not a valid regex in ESAPI.properties. Returning null", null );
-    		return null;
-    	}
-    }
-
-    /**
-     * getWorkingDirectory returns the default directory where processes will be executed
-     * by the Executor.
-     */
-	public File getWorkingDirectory() {
-		String dir = getESAPIProperty( WORKING_DIRECTORY, System.getProperty( "user.dir") );
-		if ( dir != null ) {
-			return new File( dir );
-		}
-		return null;
-	}
-	
-	/**
-	 * {@inheritDoc}
-	 */
-	public String getPreferredJCEProvider() {
-	    return properties.getProperty(PREFERRED_JCE_PROVIDER); // No default!
-	}  
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public List<String> getCombinedCipherModes()
-	{
-	    List<String> empty = new ArrayList<String>();     // Default is empty list
-	    return getESAPIProperty(COMBINED_CIPHER_MODES, empty);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public List<String> getAdditionalAllowedCipherModes()
-	{
-	    List<String> empty = new ArrayList<String>();     // Default is empty list
-	    return getESAPIProperty(ADDITIONAL_ALLOWED_CIPHER_MODES, empty);
-	}
-	
-	/**
-	 * {@inheritDoc}
-	 */
-	public boolean getLenientDatesAccepted() {
-		return getESAPIProperty( ACCEPT_LENIENT_DATES, false);
-	}
-
-	protected String getESAPIProperty( String key, String def ) {
-		String value = properties.getProperty(key);
-		if ( value == null ) {
-    		logSpecial( "SecurityConfiguration for " + key + " not found in ESAPI.properties. Using default: " + def, null );
-    		return def;
-		}
-		return value;
-	}
-
-	protected boolean getESAPIProperty( String key, boolean def ) {
-		String property = properties.getProperty(key);
-		if ( property == null ) {
-    		logSpecial( "SecurityConfiguration for " + key + " not found in ESAPI.properties. Using default: " + def, null );
-    		return def;
-		}
-		if ( property.equalsIgnoreCase("true") || property.equalsIgnoreCase("yes" ) ) {
-			return true;
-		}
-		if ( property.equalsIgnoreCase("false") || property.equalsIgnoreCase( "no" ) ) {
-			return false;
-		}
-		logSpecial( "SecurityConfiguration for " + key + " not either \"true\" or \"false\" in ESAPI.properties. Using default: " + def, null );
-		return def;
-	}
-
-	protected byte[] getESAPIPropertyEncoded( String key, byte[] def ) {
-		String property = properties.getProperty(key);
-		if ( property == null ) {
-    		logSpecial( "SecurityConfiguration for " + key + " not found in ESAPI.properties. Using default: " + def, null );
-    		return def;
-		}
-        try {
-            return ESAPI.encoder().decodeFromBase64(property);
-        } catch( IOException e ) {
-    		logSpecial( "SecurityConfiguration for " + key + " not properly Base64 encoded in ESAPI.properties. Using default: " + def, null );
-            return null;
-        }
-	}
-
-	protected int getESAPIProperty( String key, int def ) {
-		String property = properties.getProperty(key);
-		if ( property == null ) {
-    		logSpecial( "SecurityConfiguration for " + key + " not found in ESAPI.properties. Using default: " + def, null );
-    		return def;
-		}
-		try {
-            return Integer.parseInt( property );
-		} catch( NumberFormatException e ) {
-    		logSpecial( "SecurityConfiguration for " + key + " not an integer in ESAPI.properties. Using default: " + def, null );
-			return def;
-		}
-	}
-
-	/**
-     * Returns a {@code List} representing the parsed, comma-separated property.
-     * 
-	 * @param key  The specified property name
-	 * @param def  A default value for the property name to return if the property
-	 *             is not set.
-	 * @return A list of strings.
-	 */
-	protected List<String> getESAPIProperty( String key, List<String> def ) {
-	    String property = properties.getProperty( key );
-	    if ( property == null ) {
-	        logSpecial( "SecurityConfiguration for " + key + " not found in ESAPI.properties. Using default: " + def, null );
-	        return def;
-	    }
-	    String[] parts = property.split(",");
-	    return Arrays.asList( parts );
-	}
-
-    /**
-     * {@inheritDoc}
-     * Looks for property in three configuration files in following order:
-     * 1.) In file defined as org.owasp.esapi.opsteam system property 
-     * 2.) In file defined as org.owasp.esapi.devteam system property 
-     * 3.) In ESAPI.properties* 
-     */
-    @Override
-    public int getIntProp(String propertyName) throws ConfigurationException {
-        try {
-            return esapiPropertyManager.getIntProp(propertyName);
-        } catch (ConfigurationException ex) {
-            String property = properties.getProperty(propertyName);
-            try {
-                return Integer.parseInt(property);
-            } catch (NumberFormatException e) {
-                throw new ConfigurationException( "SecurityConfiguration for " + propertyName + " has incorrect " +
-                        "type");
-            }
-        }
-    }
-
-    /**
-     * {@inheritDoc}
-     * Looks for property in three configuration files in following order:
-     * 1.) In file defined as org.owasp.esapi.opsteam system property 
-     * 2.) In file defined as org.owasp.esapi.devteam system property 
-     * 3.) In ESAPI.properties
-     */
-    @Override
-    public byte[] getByteArrayProp(String propertyName) throws ConfigurationException {
-        try {
-            return esapiPropertyManager.getByteArrayProp(propertyName);
-        } catch (ConfigurationException ex) {
-            String property = properties.getProperty(propertyName);
-            if ( property == null ) {
-                throw new ConfigurationException( "SecurityConfiguration for " + propertyName + " not found in ESAPI.properties");
-            }
-            try {
-                return ESAPI.encoder().decodeFromBase64(property);
-            } catch( IOException e ) {
-                throw new ConfigurationException( "SecurityConfiguration for " + propertyName + " has incorrect " +
-                        "type");
-            }
-        }
-    }
-
-    /**
-     * {@inheritDoc}  
-     * Looks for property in three configuration files in following order:
-     * 1.) In file defined as org.owasp.esapi.opsteam system property 
-     * 2.) In file defined as org.owasp.esapi.devteam system property 
-     * 3.) In ESAPI.properties
-     */
-    @Override
-    public Boolean getBooleanProp(String propertyName) throws ConfigurationException {
-        try {
-            return esapiPropertyManager.getBooleanProp(propertyName);
-        } catch (ConfigurationException ex) {
-            String property = properties.getProperty( propertyName );
-            if ( property == null ) {
-                throw new ConfigurationException( "SecurityConfiguration for " + propertyName + " not found in ESAPI.properties");
-            }
-            if ( property.equalsIgnoreCase("true") || property.equalsIgnoreCase("yes" ) ) {
-                return true;
-            }
-            if ( property.equalsIgnoreCase("false") || property.equalsIgnoreCase( "no" ) ) {
-                return false;
-            }
-            throw new ConfigurationException( "SecurityConfiguration for " + propertyName + " has incorrect " +
-                    "type");
-        }
-    }
-
-    /**
-     * {@inheritDoc}
-     * Looks for property in three configuration files in following order:
-     * 1.) In file defined as org.owasp.esapi.opsteam system property
-     * 2.) In file defined as org.owasp.esapi.devteam system property
-     * 3.) In ESAPI.properties
-     */
-    @Override
-    public String getStringProp(String propertyName) throws ConfigurationException {
-        try {
-            return esapiPropertyManager.getStringProp(propertyName);
-        } catch (ConfigurationException ex) {
-            String property = properties.getProperty( propertyName );
-            if ( property == null ) {
-                throw new ConfigurationException( "SecurityConfiguration for " + propertyName + " not found in ESAPI.properties");
-            }
-            return property;
-        }
-    }
-
-
-    protected boolean shouldPrintProperties() {
-        return getESAPIProperty(PRINT_PROPERTIES_WHEN_LOADED, false);
-	}
-
-    protected Properties getESAPIProperties() {
-        return properties;
-    }
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference;
+
+import org.apache.commons.lang.text.StrTokenizer;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.SecurityConfiguration;
+import org.owasp.esapi.configuration.EsapiPropertyManager;
+import org.owasp.esapi.errors.ConfigurationException;
+
+import java.io.*;
+import java.net.URL;
+import java.util.*;
+import java.util.regex.Pattern;
+import java.util.regex.PatternSyntaxException;
+
+/**
+ * The reference {@code SecurityConfiguration} manages all the settings used by the ESAPI in a single place. In this reference
+ * implementation, resources can be put in several locations, which are searched in the following order:
+ * <p>
+ * 1) Inside a directory set with a call to SecurityConfiguration.setResourceDirectory( "C:\temp\resources" ).
+ * <p>
+ * 2) Inside the System.getProperty( "org.owasp.esapi.resources" ) directory.
+ * You can set this on the java command line as follows (for example):
+ * <pre>
+ * 		java -Dorg.owasp.esapi.resources="C:\temp\resources"
+ * </pre>
+ * You may have to add this to the start-up script that starts your web server. For example, for Tomcat,
+ * in the "catalina" script that starts Tomcat, you can set the JAVA_OPTS variable to the {@code -D} string above.
+ * <p>
+ * 3) Inside the {@code System.getProperty( "user.home" ) + "/.esapi"} directory (supported for backward compatibility) or
+ * inside the {@code System.getProperty( "user.home" ) + "/esapi"} directory.
+ * <p>
+ * 4) The first ".esapi" or "esapi" directory on the classpath. (The former for backward compatibility.)
+ * <p>
+ * Once the Configuration is initialized with a resource directory, you can edit it to set things like master
+ * keys and passwords, logging locations, error thresholds, and allowed file extensions.
+ * <p>
+ * WARNING: Do not forget to update ESAPI.properties to change the master key and other security critical settings.
+ *
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author Jim Manico (jim .at. manico.net) <a href="http://www.manico.net">Manico.net</a>
+ * @author Kevin Wall (kevin.w.wall .at. gmail.com)
+ */
+
+public class DefaultSecurityConfiguration implements SecurityConfiguration {
+    private static volatile SecurityConfiguration instance = null;
+
+    public static SecurityConfiguration getInstance() {
+        if ( instance == null ) {
+            synchronized (DefaultSecurityConfiguration.class) {
+                if ( instance == null ) {
+                    instance = new DefaultSecurityConfiguration();
+                }
+            }
+        }
+        return instance;
+    }
+    
+    private Properties properties = null;
+    private String cipherXformFromESAPIProp = null;	// New in ESAPI 2.0
+    private String cipherXformCurrent = null;		// New in ESAPI 2.0
+
+	/** The name of the ESAPI property file */
+	public static final String DEFAULT_RESOURCE_FILE = "ESAPI.properties";
+	
+    public static final String REMEMBER_TOKEN_DURATION = "Authenticator.RememberTokenDuration";
+    public static final String IDLE_TIMEOUT_DURATION = "Authenticator.IdleTimeoutDuration";
+    public static final String ABSOLUTE_TIMEOUT_DURATION = "Authenticator.AbsoluteTimeoutDuration";
+    public static final String ALLOWED_LOGIN_ATTEMPTS = "Authenticator.AllowedLoginAttempts";
+    public static final String USERNAME_PARAMETER_NAME = "Authenticator.UsernameParameterName";
+    public static final String PASSWORD_PARAMETER_NAME = "Authenticator.PasswordParameterName";
+    public static final String MAX_OLD_PASSWORD_HASHES = "Authenticator.MaxOldPasswordHashes";
+
+    public static final String ALLOW_MULTIPLE_ENCODING = "Encoder.AllowMultipleEncoding";
+    public static final String ALLOW_MIXED_ENCODING	= "Encoder.AllowMixedEncoding";
+    public static final String CANONICALIZATION_CODECS = "Encoder.DefaultCodecList";
+
+    public static final String DISABLE_INTRUSION_DETECTION  = "IntrusionDetector.Disable";
+    
+    public static final String MASTER_KEY = "Encryptor.MasterKey";
+    public static final String MASTER_SALT = "Encryptor.MasterSalt";
+    public static final String KEY_LENGTH = "Encryptor.EncryptionKeyLength";
+    public static final String ENCRYPTION_ALGORITHM = "Encryptor.EncryptionAlgorithm";
+    public static final String HASH_ALGORITHM = "Encryptor.HashAlgorithm";
+    public static final String HASH_ITERATIONS = "Encryptor.HashIterations";
+    public static final String CHARACTER_ENCODING = "Encryptor.CharacterEncoding";
+    public static final String RANDOM_ALGORITHM = "Encryptor.RandomAlgorithm";
+    public static final String DIGITAL_SIGNATURE_ALGORITHM = "Encryptor.DigitalSignatureAlgorithm";
+    public static final String DIGITAL_SIGNATURE_KEY_LENGTH = "Encryptor.DigitalSignatureKeyLength";
+    			// ==================================//
+    			//		New in ESAPI Java 2.0		 //
+    			// ================================= //
+    public static final String PREFERRED_JCE_PROVIDER = "Encryptor.PreferredJCEProvider";
+    public static final String CIPHER_TRANSFORMATION_IMPLEMENTATION = "Encryptor.CipherTransformation";
+    public static final String CIPHERTEXT_USE_MAC = "Encryptor.CipherText.useMAC";
+    public static final String PLAINTEXT_OVERWRITE = "Encryptor.PlainText.overwrite";
+    public static final String IV_TYPE = "Encryptor.ChooseIVMethod";
+    public static final String FIXED_IV = "Encryptor.fixedIV";
+    public static final String COMBINED_CIPHER_MODES = "Encryptor.cipher_modes.combined_modes";
+    public static final String ADDITIONAL_ALLOWED_CIPHER_MODES = "Encryptor.cipher_modes.additional_allowed";
+    public static final String KDF_PRF_ALG = "Encryptor.KDF.PRF";
+	public static final String PRINT_PROPERTIES_WHEN_LOADED = "ESAPI.printProperties";
+
+    public static final String WORKING_DIRECTORY = "Executor.WorkingDirectory";
+    public static final String APPROVED_EXECUTABLES = "Executor.ApprovedExecutables";
+
+    public static final String FORCE_HTTPONLYSESSION = "HttpUtilities.ForceHttpOnlySession";
+    public static final String FORCE_SECURESESSION = "HttpUtilities.SecureSession";
+    public static final String FORCE_HTTPONLYCOOKIES = "HttpUtilities.ForceHttpOnlyCookies";
+    public static final String FORCE_SECURECOOKIES = "HttpUtilities.ForceSecureCookies";
+	public static final String MAX_HTTP_HEADER_SIZE = "HttpUtilities.MaxHeaderSize";
+    public static final String UPLOAD_DIRECTORY = "HttpUtilities.UploadDir";
+    public static final String UPLOAD_TEMP_DIRECTORY = "HttpUtilities.UploadTempDir";
+    public static final String APPROVED_UPLOAD_EXTENSIONS = "HttpUtilities.ApprovedUploadExtensions";
+    public static final String MAX_UPLOAD_FILE_BYTES = "HttpUtilities.MaxUploadFileBytes";
+    public static final String RESPONSE_CONTENT_TYPE = "HttpUtilities.ResponseContentType";
+    public static final String HTTP_SESSION_ID_NAME = "HttpUtilities.HttpSessionIdName";
+
+    public static final String APPLICATION_NAME = "Logger.ApplicationName";
+    public static final String LOG_LEVEL = "Logger.LogLevel";
+    public static final String LOG_FILE_NAME = "Logger.LogFileName";
+    public static final String MAX_LOG_FILE_SIZE = "Logger.MaxLogFileSize";
+    public static final String LOG_ENCODING_REQUIRED = "Logger.LogEncodingRequired";
+    public static final String LOG_APPLICATION_NAME = "Logger.LogApplicationName";
+    public static final String LOG_SERVER_IP = "Logger.LogServerIP";
+    public static final String VALIDATION_PROPERTIES = "Validator.ConfigurationFile";
+    public static final String VALIDATION_PROPERTIES_MULTIVALUED = "Validator.ConfigurationFile.MultiValued";
+    public static final String ACCEPT_LENIENT_DATES = "Validator.AcceptLenientDates";
+
+
+
+    /**
+	 * The default max log file size is set to 10,000,000 bytes (10 Meg). If the current log file exceeds the current
+	 * max log file size, the logger will move the old log data into another log file. There currently is a max of
+	 * 1000 log files of the same name. If that is exceeded it will presumably start discarding the oldest logs.
+	 */
+	public static final int DEFAULT_MAX_LOG_FILE_SIZE = 10000000;
+	
+    protected final int MAX_REDIRECT_LOCATION = 1000;
+    
+    /**
+     * @deprecated	It is not clear whether this is intended to be the max file name length for the basename(1) of
+     *				a file or the max full path name length of a canonical full path name. Since it is not used anywhere
+     *				in the ESAPI code it is being deprecated and scheduled to be removed in release 2.1.
+     */
+    protected final int MAX_FILE_NAME_LENGTH = 1000;	// DISCUSS: Is this for given directory or refer to canonicalized full path name?
+    													// Too long if the former! (Usually 255 is limit there.) Hard to tell since not used
+    													// here in this class and it's protected, so not sure what it's intent is. It's not
+    													// used anywhere in the ESAPI code base. I am going to deprecate it because of this. -kww
+
+    /*
+     * Implementation Keys
+     */
+    public static final String LOG_IMPLEMENTATION = "ESAPI.Logger";
+    public static final String AUTHENTICATION_IMPLEMENTATION = "ESAPI.Authenticator";
+    public static final String ENCODER_IMPLEMENTATION = "ESAPI.Encoder";
+    public static final String ACCESS_CONTROL_IMPLEMENTATION = "ESAPI.AccessControl";
+    public static final String ENCRYPTION_IMPLEMENTATION = "ESAPI.Encryptor";
+    public static final String INTRUSION_DETECTION_IMPLEMENTATION = "ESAPI.IntrusionDetector";
+    public static final String RANDOMIZER_IMPLEMENTATION = "ESAPI.Randomizer";
+	public static final String EXECUTOR_IMPLEMENTATION = "ESAPI.Executor";
+	public static final String VALIDATOR_IMPLEMENTATION = "ESAPI.Validator";
+	public static final String HTTP_UTILITIES_IMPLEMENTATION = "ESAPI.HTTPUtilities";
+
+    /*
+     * Default Implementations
+     */
+    public static final String DEFAULT_LOG_IMPLEMENTATION = "org.owasp.esapi.reference.JavaLogFactory";
+    public static final String DEFAULT_AUTHENTICATION_IMPLEMENTATION = "org.owasp.esapi.reference.FileBasedAuthenticator";
+    public static final String DEFAULT_ENCODER_IMPLEMENTATION = "org.owasp.esapi.reference.DefaultEncoder";
+    public static final String DEFAULT_ACCESS_CONTROL_IMPLEMENTATION = "org.owasp.esapi.reference.accesscontrol.DefaultAccessController";
+    public static final String DEFAULT_ENCRYPTION_IMPLEMENTATION = "org.owasp.esapi.reference.crypto.JavaEncryptor";
+    public static final String DEFAULT_INTRUSION_DETECTION_IMPLEMENTATION = "org.owasp.esapi.reference.DefaultIntrusionDetector";
+    public static final String DEFAULT_RANDOMIZER_IMPLEMENTATION = "org.owasp.esapi.reference.DefaultRandomizer";
+    public static final String DEFAULT_EXECUTOR_IMPLEMENTATION = "org.owasp.esapi.reference.DefaultExecutor";
+    public static final String DEFAULT_HTTP_UTILITIES_IMPLEMENTATION = "org.owasp.esapi.reference.DefaultHTTPUtilities";
+    public static final String DEFAULT_VALIDATOR_IMPLEMENTATION = "org.owasp.esapi.reference.DefaultValidator";
+
+    private static final Map<String, Pattern> patternCache = new HashMap<String, Pattern>();
+
+    /*
+     * Absolute path to the user.home. No longer includes the ESAPI portion as it used to.
+     */
+    private static final String userHome = System.getProperty("user.home" );
+    /*
+     * Absolute path to the customDirectory
+     */	// DISCUSS: Implicit assumption here that there is no SecurityManager installed enforcing the
+        //			prevention of reading system properties. Otherwise this will fail with SecurityException.
+    private static String customDirectory = System.getProperty("org.owasp.esapi.resources");
+    /*
+     * Relative path to the resourceDirectory. Relative to the classpath.
+     * Specifically, ClassLoader.getResource(resourceDirectory + filename) will
+     * be used to load the file.
+     */
+    private String resourceDirectory = ".esapi";	// For backward compatibility (vs. "esapi")
+	private final String resourceFile;
+    private EsapiPropertyManager esapiPropertyManager;
+
+//    private static long lastModified = -1;
+
+    /**
+     * Instantiates a new configuration, using the provided property file name
+     * 
+     * @param resourceFile The name of the property file to load
+     */
+    DefaultSecurityConfiguration(String resourceFile) {
+    	this.resourceFile = resourceFile;
+        this.esapiPropertyManager = new EsapiPropertyManager();
+    	// load security configuration
+    	try {
+        	loadConfiguration();
+        	this.setCipherXProperties();
+        } catch( IOException e ) {
+	        logSpecial("Failed to load security configuration", e );
+	        throw new ConfigurationException("Failed to load security configuration", e);
+        }
+    }
+    
+    /**
+     * Instantiates a new configuration with the supplied properties.
+     * 
+     * Warning - if the setResourceDirectory() method is invoked the properties will
+     * be re-loaded, replacing the supplied properties.
+     * 
+     * @param properties
+     */
+    public DefaultSecurityConfiguration(Properties properties) {
+    	resourceFile = DEFAULT_RESOURCE_FILE;
+    	this.properties = properties; 
+    	this.setCipherXProperties();
+    }
+    
+    /**
+     * Instantiates a new configuration.
+     */
+    public DefaultSecurityConfiguration(){
+    	this(DEFAULT_RESOURCE_FILE);
+    }
+    private void setCipherXProperties() {
+		// TODO: FUTURE: Replace by future CryptoControls class???
+		// See SecurityConfiguration.setCipherTransformation() for
+		// explanation of this.
+        // (Propose this in 2.1 via future email to ESAPI-DEV list.)
+		cipherXformFromESAPIProp =
+			getESAPIProperty(CIPHER_TRANSFORMATION_IMPLEMENTATION,
+							 "AES/CBC/PKCS5Padding");
+		cipherXformCurrent = cipherXformFromESAPIProp;
+    }
+
+    /**
+	 * {@inheritDoc}
+	 */
+    public String getApplicationName() {
+    	return getESAPIProperty(APPLICATION_NAME, "DefaultName");
+    }
+
+    /**
+	 * {@inheritDoc}
+	 */
+    public String getLogImplementation() {
+    	return getESAPIProperty(LOG_IMPLEMENTATION, DEFAULT_LOG_IMPLEMENTATION);
+    }
+
+    /**
+	 * {@inheritDoc}
+	 */
+    public String getAuthenticationImplementation() {
+    	return getESAPIProperty(AUTHENTICATION_IMPLEMENTATION, DEFAULT_AUTHENTICATION_IMPLEMENTATION);
+    }
+
+    /**
+	 * {@inheritDoc}
+	 */
+    public String getEncoderImplementation() {
+    	return getESAPIProperty(ENCODER_IMPLEMENTATION, DEFAULT_ENCODER_IMPLEMENTATION);
+    }
+
+    /**
+	 * {@inheritDoc}
+	 */
+    public String getAccessControlImplementation() {
+    	return getESAPIProperty(ACCESS_CONTROL_IMPLEMENTATION, DEFAULT_ACCESS_CONTROL_IMPLEMENTATION);
+    }
+
+    /**
+	 * {@inheritDoc}
+	 */
+    public String getEncryptionImplementation() {
+    	return getESAPIProperty(ENCRYPTION_IMPLEMENTATION, DEFAULT_ENCRYPTION_IMPLEMENTATION);
+    }
+
+    /**
+	 * {@inheritDoc}
+	 */
+    public String getIntrusionDetectionImplementation() {
+    	return getESAPIProperty(INTRUSION_DETECTION_IMPLEMENTATION, DEFAULT_INTRUSION_DETECTION_IMPLEMENTATION);
+    }
+
+    /**
+	 * {@inheritDoc}
+	 */
+    public String getRandomizerImplementation() {
+    	return getESAPIProperty(RANDOMIZER_IMPLEMENTATION, DEFAULT_RANDOMIZER_IMPLEMENTATION);
+    }
+
+    /**
+	 * {@inheritDoc}
+	 */
+    public String getExecutorImplementation() {
+    	return getESAPIProperty(EXECUTOR_IMPLEMENTATION, DEFAULT_EXECUTOR_IMPLEMENTATION);
+    }
+
+    /**
+	 * {@inheritDoc}
+	 */
+    public String getHTTPUtilitiesImplementation() {
+    	return getESAPIProperty(HTTP_UTILITIES_IMPLEMENTATION, DEFAULT_HTTP_UTILITIES_IMPLEMENTATION);
+    }
+
+    /**
+	 * {@inheritDoc}
+	 */
+    public String getValidationImplementation() {
+    	return getESAPIProperty(VALIDATOR_IMPLEMENTATION, DEFAULT_VALIDATOR_IMPLEMENTATION);
+    }
+
+
+    /**
+	 * {@inheritDoc}
+	 */
+    public byte[] getMasterKey() {
+    	byte[] key = getESAPIPropertyEncoded( MASTER_KEY, null );
+    	if ( key == null || key.length == 0 ) {
+    		throw new ConfigurationException("Property '" + MASTER_KEY +
+    							"' missing or empty in ESAPI.properties file.");
+    }
+    	return key;
+    }
+
+    /**
+	 * {@inheritDoc}
+	 */
+    public void setResourceDirectory( String dir ) {
+    	resourceDirectory = dir;
+        logSpecial( "Reset resource directory to: " + dir, null );
+
+        // reload configuration if necessary
+    	try {
+    		this.loadConfiguration();
+    	} catch( IOException e ) {
+	        logSpecial("Failed to load security configuration from " + dir, e);
+    	}
+    }
+
+    public int getEncryptionKeyLength() {
+    	return getESAPIProperty(KEY_LENGTH, 128 );
+    }
+
+    /**
+	 * {@inheritDoc}
+	 */
+    public byte[] getMasterSalt() {
+    	byte[] salt = getESAPIPropertyEncoded( MASTER_SALT, null );
+    	if ( salt == null || salt.length == 0 ) {
+    		throw new ConfigurationException("Property '" + MASTER_SALT +
+    							"' missing or empty in ESAPI.properties file.");
+    }
+    	return salt;
+    }
+
+    /**
+	 * {@inheritDoc}
+	 */
+	public List<String> getAllowedExecutables() {
+    	String def = "";
+        String[] exList = getESAPIProperty(APPROVED_EXECUTABLES,def).split(",");
+        return Arrays.asList(exList);
+    }
+
+    /**
+	 * {@inheritDoc}
+	 */
+	public List<String> getAllowedFileExtensions() {
+    	String def = ".zip,.pdf,.tar,.gz,.xls,.properties,.txt,.xml";
+        String[] extList = getESAPIProperty(APPROVED_UPLOAD_EXTENSIONS,def).split(",");
+        return Arrays.asList(extList);
+    }
+
+    /**
+	 * {@inheritDoc}
+	 */
+    public int getAllowedFileUploadSize() {
+        return getESAPIProperty(MAX_UPLOAD_FILE_BYTES, 5000000);
+    }
+
+
+    private Properties loadPropertiesFromStream( InputStream is, String name ) throws IOException {
+    	Properties config = new Properties();
+        try {
+	        config.load(is);
+	        logSpecial("Loaded '" + name + "' properties file", null);
+        } finally {
+            if ( is != null ) try { is.close(); } catch( Exception e ) {}
+        }
+        return config;
+    }
+
+	/**
+	 * Load configuration. Never prints properties.
+	 * 
+	 * @throws java.io.IOException
+	 *             if the file is inaccessible
+	 */
+	protected void loadConfiguration() throws IOException {
+		try {
+		    //first attempt file IO loading of properties
+			logSpecial("Attempting to load " + resourceFile + " via file I/O.");
+			properties = loadPropertiesFromStream(getResourceStream(resourceFile), resourceFile);
+			
+		} catch (Exception iae) {
+		    //if file I/O loading fails, attempt classpath based loading next
+		    logSpecial("Loading " + resourceFile + " via file I/O failed. Exception was: " + iae);
+			logSpecial("Attempting to load " + resourceFile + " via the classpath.");
+			try {
+				properties = loadConfigurationFromClasspath(resourceFile);
+			} catch (Exception e) {				
+				logSpecial(resourceFile + " could not be loaded by any means. Fail.", e);
+				throw new ConfigurationException(resourceFile + " could not be loaded by any means. Fail.", e);
+			}			
+		}
+		
+		// if properties loaded properly above, get validation properties and merge them into the main properties
+		if (properties != null) {
+			final Iterator<String> validationPropFileNames;
+			
+			//defaults to single-valued for backwards compatibility
+			final boolean multivalued= getESAPIProperty(VALIDATION_PROPERTIES_MULTIVALUED, false);
+			final String validationPropValue = getESAPIProperty(VALIDATION_PROPERTIES, "validation.properties");
+			
+			if(multivalued){
+				// the following cast warning goes away if the apache commons lib is updated to current version				
+				validationPropFileNames = StrTokenizer.getCSVInstance(validationPropValue);
+			} else {
+				validationPropFileNames = Collections.singletonList(validationPropValue).iterator();
+			}
+			
+			//clear any cached validation patterns so they can be reloaded from validation.properties
+			patternCache.clear();
+			while(validationPropFileNames.hasNext()){
+				String validationPropFileName = validationPropFileNames.next();
+				Properties validationProperties = null;
+				try {
+				    //first attempt file IO loading of properties
+					logSpecial("Attempting to load " + validationPropFileName + " via file I/O.");
+					validationProperties = loadPropertiesFromStream(getResourceStream(validationPropFileName), validationPropFileName);
+					
+				} catch (Exception iae) {
+				    //if file I/O loading fails, attempt classpath based loading next
+				    logSpecial("Loading " + validationPropFileName + " via file I/O failed.");
+					logSpecial("Attempting to load " + validationPropFileName + " via the classpath.");		
+					try {
+						validationProperties = loadConfigurationFromClasspath(validationPropFileName);
+					} catch (Exception e) {				
+						logSpecial(validationPropFileName + " could not be loaded by any means. fail.", e);
+					}			
+				}
+				
+				if (validationProperties != null) {
+			    	Iterator<?> i = validationProperties.keySet().iterator();
+			    	while( i.hasNext() ) {
+			    		String key = (String)i.next();
+			    		String value = validationProperties.getProperty(key);
+			    		properties.put( key, value);
+			    	}
+				}
+				
+		        if ( shouldPrintProperties() ) {
+		    	
+		    	//FIXME - make this chunk configurable
+		    	/*
+		        logSpecial("  ========Master Configuration========", null);
+		        //logSpecial( "  ResourceDirectory: " + DefaultSecurityConfiguration.resourceDirectory );
+		        Iterator j = new TreeSet( properties.keySet() ).iterator();
+		        while (j.hasNext()) {
+		            String key = (String)j.next();
+		            // print out properties, but not sensitive ones like MasterKey and MasterSalt
+		            if ( !key.contains( "Master" ) ) {
+		            		logSpecial("  |   " + key + "=" + properties.get(key), null);
+		        	}
+		        }
+		        */
+		        }   	
+	        }
+		}
+	}	
+	
+	/**
+	 * @param filename
+	 * @return An {@code InputStream} associated with the specified file name as
+	 *         a resource stream.
+	 * @throws IOException
+	 *             If the file cannot be found or opened for reading.
+	 */
+	public InputStream getResourceStream(String filename) throws IOException {
+		if (filename == null) {
+			return null;
+		}
+
+		try {
+			File f = getResourceFile(filename);
+			if (f != null && f.exists()) {
+				return new FileInputStream(f);
+			}
+		} catch (Exception e) {
+		}
+
+		throw new FileNotFoundException();
+	}
+	
+	/**
+	 * {@inheritDoc}
+	 */
+	public File getResourceFile(String filename) {
+		logSpecial("Attempting to load " + filename + " as resource file via file I/O.");
+
+		if (filename == null) {
+			logSpecial("Failed to load properties via FileIO. Filename is null.");
+			return null; // not found.
+		}
+
+		File f = null;
+
+		// first, allow command line overrides. -Dorg.owasp.esapi.resources
+		// directory
+		f = new File(customDirectory, filename);
+		if (customDirectory != null && f.canRead()) {
+			logSpecial("Found in 'org.owasp.esapi.resources' directory: " + f.getAbsolutePath());
+			return f;
+		} else {
+			logSpecial("Not found in 'org.owasp.esapi.resources' directory or file not readable: " + f.getAbsolutePath());
+		}
+
+		// if not found, then try the programmatically set resource directory
+		// (this defaults to SystemResource directory/resourceFile
+		URL fileUrl = ClassLoader.getSystemResource(resourceDirectory + "/" + filename);
+        if ( fileUrl == null ) {
+            fileUrl = ClassLoader.getSystemResource("esapi/" + filename);
+        }
+
+		if (fileUrl != null) {
+			String fileLocation = fileUrl.getFile();
+			f = new File(fileLocation);
+			if (f.exists()) {
+				logSpecial("Found in SystemResource Directory/resourceDirectory: " + f.getAbsolutePath());
+				return f;
+			} else {
+				logSpecial("Not found in SystemResource Directory/resourceDirectory (this should never happen): " + f.getAbsolutePath());
+			}
+		} else {
+			logSpecial("Not found in SystemResource Directory/resourceDirectory: " + resourceDirectory + File.separator + filename);
+		}
+
+		// If not found, then try immediately under user's home directory first in
+		//		userHome + "/.esapi"		and secondly under
+		//		userHome + "/esapi"
+		// We look in that order because of backward compatibility issues.
+		String homeDir = userHome;
+		if ( homeDir == null ) {
+			homeDir = "";	// Without this,	homeDir + "/.esapi"	would produce
+							// the string		"null/.esapi"		which surely is not intended.
+		}
+		// First look under ".esapi" (for reasons of backward compatibility).
+		f = new File(homeDir + "/.esapi", filename);
+		if ( f.canRead() ) {
+			logSpecial("[Compatibility] Found in 'user.home' directory: " + f.getAbsolutePath());
+			return f;
+		} else {
+			// Didn't find it under old directory ".esapi" so now look under the "esapi" directory.
+			f = new File(homeDir + "/esapi", filename);
+			if ( f.canRead() ) {
+				logSpecial("Found in 'user.home' directory: " + f.getAbsolutePath());
+				return f;
+			} else {
+				logSpecial("Not found in 'user.home' (" + homeDir + ") directory: " + f.getAbsolutePath());
+			}
+		}
+
+		// return null if not found
+		return null;
+	}
+	
+    /**
+     * Used to load ESAPI.properties from a variety of different classpath locations.
+     *
+     * @param fileName The properties file filename.
+     */
+	private Properties loadConfigurationFromClasspath(String fileName) throws IllegalArgumentException {
+		Properties result = null;
+		InputStream in = null;
+
+		ClassLoader[] loaders = new ClassLoader[] {
+				Thread.currentThread().getContextClassLoader(),
+				ClassLoader.getSystemClassLoader(),
+				getClass().getClassLoader() 
+		};
+		String[] classLoaderNames = {
+				"current thread context class loader",
+				"system class loader",
+				"class loader for DefaultSecurityConfiguration class"
+		};
+
+		ClassLoader currentLoader = null;
+		for (int i = 0; i < loaders.length; i++) {
+			if (loaders[i] != null) {
+				currentLoader = loaders[i];
+				try {
+					// try root
+					String currentClasspathSearchLocation = "/ (root)";
+					in = loaders[i].getResourceAsStream(fileName);
+					
+					// try resourceDirectory folder
+					if (in == null) {
+						currentClasspathSearchLocation = resourceDirectory + "/";
+						in = currentLoader.getResourceAsStream(resourceDirectory + "/" + fileName);
+					}
+
+					// try .esapi folder. Look here first for backward compatibility.
+					if (in == null) {
+						currentClasspathSearchLocation = ".esapi/";
+						in = currentLoader.getResourceAsStream(".esapi/" + fileName);
+					} 
+					
+					// try esapi folder (new directory)
+					if (in == null) {
+						currentClasspathSearchLocation = "esapi/";
+						in = currentLoader.getResourceAsStream("esapi/" + fileName);
+					} 
+					
+					// try resources folder
+					if (in == null) {
+						currentClasspathSearchLocation = "src/main/resources/";
+						in = currentLoader.getResourceAsStream("src/main/resources/" + fileName);
+					}
+		
+					// now load the properties
+					if (in != null) {
+						result = new Properties();
+						result.load(in); // Can throw IOException
+						logSpecial("SUCCESSFULLY LOADED " + fileName + " via the CLASSPATH from '" +
+								currentClasspathSearchLocation + "' using " + classLoaderNames[i] + "!");
+						break;	// Outta here since we've found and loaded it.
+					}
+				} catch (Exception e) {
+					result = null;
+		
+				} finally {
+					try {
+						in.close();
+					} catch (Exception e) {
+					}
+				}
+			}
+		}
+
+		if (result == null) {
+			// CHECKME: This is odd...why not ConfigurationException?
+		    throw new IllegalArgumentException("Failed to load " + resourceFile + " as a classloader resource.");
+		}
+
+		return result;
+	}
+
+    /**
+     * Used to log errors to the console during the loading of the properties file itself. Can't use
+     * standard logging in this case, since the Logger may not be initialized yet. Output is sent to
+     * {@code PrintStream} {@code System.out}.
+     *
+     * @param message The message to send to the console.
+     * @param e The error that occurred. (This value printed via {@code e.toString()}.)
+     */
+    private void logSpecial(String message, Throwable e) {
+    	StringBuffer msg = new StringBuffer(message);
+    	if (e != null) {
+    		msg.append(" Exception was: ").append( e.toString() );
+    	}
+		System.out.println( msg.toString() );
+		// if ( e != null) e.printStackTrace();		// TODO ??? Do we want this?
+    }
+
+    /**
+     * Used to log errors to the console during the loading of the properties file itself. Can't use
+     * standard logging in this case, since the Logger may not be initialized yet. Output is sent to
+     * {@code PrintStream} {@code System.out}.
+     *
+     * @param message The message to send to the console.
+     */
+    private void logSpecial(String message) {
+		System.out.println(message);
+    }
+    
+    /**
+	 * {@inheritDoc}
+	 */
+    public String getPasswordParameterName() {
+        return getESAPIProperty(PASSWORD_PARAMETER_NAME, "password");
+    }
+
+    /**
+	 * {@inheritDoc}
+	 */
+    public String getUsernameParameterName() {
+        return getESAPIProperty(USERNAME_PARAMETER_NAME, "username");
+    }
+
+    /**
+	 * {@inheritDoc}
+	 */
+    public String getEncryptionAlgorithm() {
+        return getESAPIProperty(ENCRYPTION_ALGORITHM, "AES");
+    }
+
+    /**
+	 * {@inheritDoc}
+	 */
+    public String getCipherTransformation() {
+    	assert cipherXformCurrent != null : "Current cipher transformation is null";
+    	return cipherXformCurrent;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String setCipherTransformation(String cipherXform) {
+    	String previous = getCipherTransformation();
+    	if ( cipherXform == null ) {
+    		// Special case... means set it to original value from ESAPI.properties
+    		cipherXformCurrent = cipherXformFromESAPIProp;
+    	} else {
+    		assert ! cipherXform.trim().equals("") :
+    			"Cipher transformation cannot be just white space or empty string";
+    		cipherXformCurrent = cipherXform;	// Note: No other sanity checks!!!
+    	}
+    	return previous;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public boolean useMACforCipherText() {
+    	return getESAPIProperty(CIPHERTEXT_USE_MAC, true);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public boolean overwritePlainText() {
+    	return getESAPIProperty(PLAINTEXT_OVERWRITE, true);
+    }
+    
+    /**
+	 * {@inheritDoc}
+	 */
+    public String getIVType() {
+    	String value = getESAPIProperty(IV_TYPE, "random");
+    	if ( value.equalsIgnoreCase("fixed") || value.equalsIgnoreCase("random") ) {
+    		return value;
+    	} else if ( value.equalsIgnoreCase("specified") ) {
+    		// This is planned for future implementation where setting
+    		// Encryptor.ChooseIVMethod=specified   will require setting some
+    		// other TBD property that will specify an implementation class that
+    		// will generate appropriate IVs. The intent of this would be to use
+    		// such a class with various feedback modes where it is imperative
+    		// that for a given key, any particular IV is *NEVER* reused. For
+    		// now, we will assume that generating a random IV is usually going
+    		// to be sufficient to prevent this.
+    		throw new ConfigurationException("'" + IV_TYPE + "=specified' is not yet implemented. Use 'fixed' or 'random'");
+    	} else {
+    		// TODO: Once 'specified' is legal, adjust exception msg, below.
+    		// DISCUSS: Could just log this and then silently return "random" instead.
+    		throw new ConfigurationException(value + " is illegal value for " + IV_TYPE +
+    										 ". Use 'random' (preferred) or 'fixed'.");
+    	}
+    }
+
+    /**
+	 * {@inheritDoc}
+	 */
+    public String getFixedIV() {
+    	if ( getIVType().equalsIgnoreCase("fixed") ) {
+    		String ivAsHex = getESAPIProperty(FIXED_IV, ""); // No default
+    		if ( ivAsHex == null || ivAsHex.trim().equals("") ) {
+    			throw new ConfigurationException("Fixed IV requires property " +
+    						FIXED_IV + " to be set, but it is not.");
+    		}
+    		return ivAsHex;		// We do no further checks here as we have no context.
+    	} else {
+    		// DISCUSS: Should we just log a warning here and return null instead?
+    		//			If so, may cause NullPointException somewhere later.
+    		throw new ConfigurationException("IV type not 'fixed' (set to '" +
+    										 getIVType() + "'), so no fixed IV applicable.");
+    	}
+    }
+
+    /**
+	 * {@inheritDoc}
+	 */
+    public String getHashAlgorithm() {
+        return getESAPIProperty(HASH_ALGORITHM, "SHA-512");
+    }
+
+    /**
+	 * {@inheritDoc}
+	 */
+    public int getHashIterations() {
+    	return getESAPIProperty(HASH_ITERATIONS, 1024);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+	public String getKDFPseudoRandomFunction() {
+		return getESAPIProperty(KDF_PRF_ALG, "HmacSHA256");  // NSA recommended SHA2 or better.
+	}
+
+    /**
+	 * {@inheritDoc}
+	 */
+    public String getCharacterEncoding() {
+        return getESAPIProperty(CHARACTER_ENCODING, "UTF-8");
+    }
+
+    /**
+	 * {@inheritDoc}
+	 */
+	public boolean getAllowMultipleEncoding() {
+		return getESAPIProperty( ALLOW_MULTIPLE_ENCODING, false );
+	}
+
+    /**
+	 * {@inheritDoc}
+	 */
+	public boolean getAllowMixedEncoding() {
+		return getESAPIProperty( ALLOW_MIXED_ENCODING, false );
+	}
+
+    /**
+	 * {@inheritDoc}
+	 */
+	public List<String> getDefaultCanonicalizationCodecs() {
+		List<String> def = new ArrayList<String>();
+		def.add( "org.owasp.esapi.codecs.HTMLEntityCodec" );
+		def.add( "org.owasp.esapi.codecs.PercentCodec" );
+		def.add( "org.owasp.esapi.codecs.JavaScriptCodec" );
+		return getESAPIProperty( CANONICALIZATION_CODECS, def );
+	}
+
+    /**
+	 * {@inheritDoc}
+	 */
+    public String getDigitalSignatureAlgorithm() {
+        return getESAPIProperty(DIGITAL_SIGNATURE_ALGORITHM, "SHAwithDSA");
+    }
+
+    /**
+	 * {@inheritDoc}
+	 */
+    public int getDigitalSignatureKeyLength() {
+        return getESAPIProperty(DIGITAL_SIGNATURE_KEY_LENGTH, 1024);
+    }
+
+    /**
+	 * {@inheritDoc}
+	 */
+    public String getRandomAlgorithm() {
+        return getESAPIProperty(RANDOM_ALGORITHM, "SHA1PRNG");
+    }
+
+    /**
+	 * {@inheritDoc}
+	 */
+    public int getAllowedLoginAttempts() {
+        return getESAPIProperty(ALLOWED_LOGIN_ATTEMPTS, 5);
+    }
+
+    /**
+	 * {@inheritDoc}
+	 */
+    public int getMaxOldPasswordHashes() {
+        return getESAPIProperty(MAX_OLD_PASSWORD_HASHES, 12);
+    }
+
+    /**
+	 * {@inheritDoc}
+	 */
+    public File getUploadDirectory() {
+    	String dir = getESAPIProperty( UPLOAD_DIRECTORY, "UploadDir");
+    	return new File( dir );
+    }
+
+    /**
+	 * {@inheritDoc}
+	 */
+    public File getUploadTempDirectory() {
+    	String dir = getESAPIProperty(UPLOAD_TEMP_DIRECTORY,
+            System.getProperty("java.io.tmpdir","UploadTempDir"));
+    	return new File( dir );
+    }
+    
+    /**
+	 * {@inheritDoc}
+	 */
+	public boolean getDisableIntrusionDetection() {
+    	String value = properties.getProperty( DISABLE_INTRUSION_DETECTION );
+    	if ("true".equalsIgnoreCase(value)) return true;
+    	return false;	// Default result
+	}
+
+    /**
+	 * {@inheritDoc}
+	 */
+	public Threshold getQuota(String eventName) {
+        int count = getESAPIProperty("IntrusionDetector." + eventName + ".count", 0);
+        int interval =  getESAPIProperty("IntrusionDetector." + eventName + ".interval", 0);
+        List<String> actions = new ArrayList<String>();
+        String actionString = getESAPIProperty("IntrusionDetector." + eventName + ".actions", "");
+        if (actionString != null) {
+            String[] actionList = actionString.split(",");
+            actions = Arrays.asList(actionList);
+        }
+        if ( count > 0 && interval > 0 && actions.size() > 0 ) {
+        	return new Threshold(eventName, count, interval, actions);
+        }
+        return null;
+    }
+
+    /**
+	 * {@inheritDoc}
+	 */
+    public int getLogLevel() {
+        String level = getESAPIProperty(LOG_LEVEL, "WARNING" );
+
+        if (level.equalsIgnoreCase("OFF"))
+            return Logger.OFF;
+        if (level.equalsIgnoreCase("FATAL"))
+            return Logger.FATAL;
+        if (level.equalsIgnoreCase("ERROR"))
+            return Logger.ERROR ;
+        if (level.equalsIgnoreCase("WARNING"))
+            return Logger.WARNING;
+        if (level.equalsIgnoreCase("INFO"))
+            return Logger.INFO;
+        if (level.equalsIgnoreCase("DEBUG"))
+            return Logger.DEBUG;
+        if (level.equalsIgnoreCase("TRACE"))
+            return Logger.TRACE;
+        if (level.equalsIgnoreCase("ALL"))
+            return Logger.ALL;
+
+		// This error is NOT logged the normal way because the logger constructor calls getLogLevel() and if this error occurred it would cause
+		// an infinite loop.
+        logSpecial("The LOG-LEVEL property in the ESAPI properties file has the unrecognized value: " + level + ". Using default: WARNING", null);
+        return Logger.WARNING;  // Note: The default logging level is WARNING.
+    }
+
+    /**
+	 * {@inheritDoc}
+	 */
+    public String getLogFileName() {
+    	return getESAPIProperty( LOG_FILE_NAME, "ESAPI_logging_file" );
+    }
+
+	/**
+	 * {@inheritDoc}
+	 */
+    public int getMaxLogFileSize() {
+    	return getESAPIProperty( MAX_LOG_FILE_SIZE, DEFAULT_MAX_LOG_FILE_SIZE );
+    }
+    
+    /**
+	 * {@inheritDoc}
+	 */
+    public boolean getLogEncodingRequired() {
+    	return getESAPIProperty( LOG_ENCODING_REQUIRED, false );
+	}
+
+
+    /**
+	 * {@inheritDoc}
+	 */
+    public boolean getLogApplicationName() {
+    	return getESAPIProperty( LOG_APPLICATION_NAME, true );
+	}
+
+
+    /**
+	 * {@inheritDoc}
+	 */
+    public boolean getLogServerIP() {
+    	return getESAPIProperty( LOG_SERVER_IP, true );
+	}
+
+    /**
+	 * {@inheritDoc}
+	 */
+    public boolean getForceHttpOnlySession() {
+    	return getESAPIProperty( FORCE_HTTPONLYSESSION, true );
+    }
+
+    /**
+	 * {@inheritDoc}
+	 */
+    public boolean getForceSecureSession() {
+    	return getESAPIProperty( FORCE_SECURESESSION, true );
+    }
+
+    /**
+	 * {@inheritDoc}
+	 */
+    public boolean getForceHttpOnlyCookies() {
+    	return getESAPIProperty( FORCE_HTTPONLYCOOKIES, true );
+    }
+
+    /**
+	 * {@inheritDoc}
+	 */
+    public boolean getForceSecureCookies() {
+    	return getESAPIProperty( FORCE_SECURECOOKIES, true );
+    }
+
+    /**
+	 * {@inheritDoc}
+	 */
+	public int getMaxHttpHeaderSize() {
+        return getESAPIProperty( MAX_HTTP_HEADER_SIZE, 4096 );
+	}
+
+    /**
+	 * {@inheritDoc}
+	 */
+	public String getResponseContentType() {
+        return getESAPIProperty( RESPONSE_CONTENT_TYPE, "text/html; charset=UTF-8" );
+    }
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public String getHttpSessionIdName() {
+        return getESAPIProperty( HTTP_SESSION_ID_NAME, "JSESSIONID" );
+    }
+	
+	/**
+	 * {@inheritDoc}
+	 */
+    public long getRememberTokenDuration() {
+        int days = getESAPIProperty( REMEMBER_TOKEN_DURATION, 14 );
+        return (long) (1000 * 60 * 60 * 24 * days);
+    }
+
+    /**
+	 * {@inheritDoc}
+	 */
+	public int getSessionIdleTimeoutLength() {
+        int minutes = getESAPIProperty( IDLE_TIMEOUT_DURATION, 20 );
+        return 1000 * 60 * minutes;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public int getSessionAbsoluteTimeoutLength() {
+        int minutes = getESAPIProperty(ABSOLUTE_TIMEOUT_DURATION, 20 );
+        return 1000 * 60 * minutes;
+	}
+
+   /**
+    * getValidationPattern returns a single pattern based upon key
+    *
+    *  @param key
+    *  			validation pattern name you'd like
+    *  @return
+    *  			if key exists, the associated validation pattern, null otherwise
+	*/
+    public Pattern getValidationPattern( String key ) {
+    	String value = getESAPIProperty( "Validator." + key, "" );
+    	// check cache
+    	Pattern p = patternCache.get( value );
+    	if ( p != null ) return p;
+
+    	// compile a new pattern
+    	if ( value == null || value.equals( "" ) ) return null;
+    	try {
+    		Pattern q = Pattern.compile(value);
+    		patternCache.put( value, q );
+    		return q;
+    	} catch ( PatternSyntaxException e ) {
+    		logSpecial( "SecurityConfiguration for " + key + " not a valid regex in ESAPI.properties. Returning null", null );
+    		return null;
+    	}
+    }
+
+    /**
+     * getWorkingDirectory returns the default directory where processes will be executed
+     * by the Executor.
+     */
+	public File getWorkingDirectory() {
+		String dir = getESAPIProperty( WORKING_DIRECTORY, System.getProperty( "user.dir") );
+		if ( dir != null ) {
+			return new File( dir );
+		}
+		return null;
+	}
+	
+	/**
+	 * {@inheritDoc}
+	 */
+	public String getPreferredJCEProvider() {
+	    return properties.getProperty(PREFERRED_JCE_PROVIDER); // No default!
+	}  
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public List<String> getCombinedCipherModes()
+	{
+	    List<String> empty = new ArrayList<String>();     // Default is empty list
+	    return getESAPIProperty(COMBINED_CIPHER_MODES, empty);
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public List<String> getAdditionalAllowedCipherModes()
+	{
+	    List<String> empty = new ArrayList<String>();     // Default is empty list
+	    return getESAPIProperty(ADDITIONAL_ALLOWED_CIPHER_MODES, empty);
+	}
+	
+	/**
+	 * {@inheritDoc}
+	 */
+	public boolean getLenientDatesAccepted() {
+		return getESAPIProperty( ACCEPT_LENIENT_DATES, false);
+	}
+
+	protected String getESAPIProperty( String key, String def ) {
+		String value = properties.getProperty(key);
+		if ( value == null ) {
+    		logSpecial( "SecurityConfiguration for " + key + " not found in ESAPI.properties. Using default: " + def, null );
+    		return def;
+		}
+		return value;
+	}
+
+	protected boolean getESAPIProperty( String key, boolean def ) {
+		String property = properties.getProperty(key);
+		if ( property == null ) {
+    		logSpecial( "SecurityConfiguration for " + key + " not found in ESAPI.properties. Using default: " + def, null );
+    		return def;
+		}
+		if ( property.equalsIgnoreCase("true") || property.equalsIgnoreCase("yes" ) ) {
+			return true;
+		}
+		if ( property.equalsIgnoreCase("false") || property.equalsIgnoreCase( "no" ) ) {
+			return false;
+		}
+		logSpecial( "SecurityConfiguration for " + key + " not either \"true\" or \"false\" in ESAPI.properties. Using default: " + def, null );
+		return def;
+	}
+
+	protected byte[] getESAPIPropertyEncoded( String key, byte[] def ) {
+		String property = properties.getProperty(key);
+		if ( property == null ) {
+    		logSpecial( "SecurityConfiguration for " + key + " not found in ESAPI.properties. Using default: " + def, null );
+    		return def;
+		}
+        try {
+            return ESAPI.encoder().decodeFromBase64(property);
+        } catch( IOException e ) {
+    		logSpecial( "SecurityConfiguration for " + key + " not properly Base64 encoded in ESAPI.properties. Using default: " + def, null );
+            return null;
+        }
+	}
+
+	protected int getESAPIProperty( String key, int def ) {
+		String property = properties.getProperty(key);
+		if ( property == null ) {
+    		logSpecial( "SecurityConfiguration for " + key + " not found in ESAPI.properties. Using default: " + def, null );
+    		return def;
+		}
+		try {
+            return Integer.parseInt( property );
+		} catch( NumberFormatException e ) {
+    		logSpecial( "SecurityConfiguration for " + key + " not an integer in ESAPI.properties. Using default: " + def, null );
+			return def;
+		}
+	}
+
+	/**
+     * Returns a {@code List} representing the parsed, comma-separated property.
+     * 
+	 * @param key  The specified property name
+	 * @param def  A default value for the property name to return if the property
+	 *             is not set.
+	 * @return A list of strings.
+	 */
+	protected List<String> getESAPIProperty( String key, List<String> def ) {
+	    String property = properties.getProperty( key );
+	    if ( property == null ) {
+	        logSpecial( "SecurityConfiguration for " + key + " not found in ESAPI.properties. Using default: " + def, null );
+	        return def;
+	    }
+	    String[] parts = property.split(",");
+	    return Arrays.asList( parts );
+	}
+
+    /**
+     * {@inheritDoc}
+     * Looks for property in three configuration files in following order:
+     * 1.) In file defined as org.owasp.esapi.opsteam system property 
+     * 2.) In file defined as org.owasp.esapi.devteam system property 
+     * 3.) In ESAPI.properties* 
+     */
+    @Override
+    public int getIntProp(String propertyName) throws ConfigurationException {
+        try {
+            return esapiPropertyManager.getIntProp(propertyName);
+        } catch (ConfigurationException ex) {
+            String property = properties.getProperty(propertyName);
+            try {
+                return Integer.parseInt(property);
+            } catch (NumberFormatException e) {
+                throw new ConfigurationException( "SecurityConfiguration for " + propertyName + " has incorrect " +
+                        "type");
+            }
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     * Looks for property in three configuration files in following order:
+     * 1.) In file defined as org.owasp.esapi.opsteam system property 
+     * 2.) In file defined as org.owasp.esapi.devteam system property 
+     * 3.) In ESAPI.properties
+     */
+    @Override
+    public byte[] getByteArrayProp(String propertyName) throws ConfigurationException {
+        try {
+            return esapiPropertyManager.getByteArrayProp(propertyName);
+        } catch (ConfigurationException ex) {
+            String property = properties.getProperty(propertyName);
+            if ( property == null ) {
+                throw new ConfigurationException( "SecurityConfiguration for " + propertyName + " not found in ESAPI.properties");
+            }
+            try {
+                return ESAPI.encoder().decodeFromBase64(property);
+            } catch( IOException e ) {
+                throw new ConfigurationException( "SecurityConfiguration for " + propertyName + " has incorrect " +
+                        "type");
+            }
+        }
+    }
+
+    /**
+     * {@inheritDoc}  
+     * Looks for property in three configuration files in following order:
+     * 1.) In file defined as org.owasp.esapi.opsteam system property 
+     * 2.) In file defined as org.owasp.esapi.devteam system property 
+     * 3.) In ESAPI.properties
+     */
+    @Override
+    public Boolean getBooleanProp(String propertyName) throws ConfigurationException {
+        try {
+            return esapiPropertyManager.getBooleanProp(propertyName);
+        } catch (ConfigurationException ex) {
+            String property = properties.getProperty( propertyName );
+            if ( property == null ) {
+                throw new ConfigurationException( "SecurityConfiguration for " + propertyName + " not found in ESAPI.properties");
+            }
+            if ( property.equalsIgnoreCase("true") || property.equalsIgnoreCase("yes" ) ) {
+                return true;
+            }
+            if ( property.equalsIgnoreCase("false") || property.equalsIgnoreCase( "no" ) ) {
+                return false;
+            }
+            throw new ConfigurationException( "SecurityConfiguration for " + propertyName + " has incorrect " +
+                    "type");
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     * Looks for property in three configuration files in following order:
+     * 1.) In file defined as org.owasp.esapi.opsteam system property
+     * 2.) In file defined as org.owasp.esapi.devteam system property
+     * 3.) In ESAPI.properties
+     */
+    @Override
+    public String getStringProp(String propertyName) throws ConfigurationException {
+        try {
+            return esapiPropertyManager.getStringProp(propertyName);
+        } catch (ConfigurationException ex) {
+            String property = properties.getProperty( propertyName );
+            if ( property == null ) {
+                throw new ConfigurationException( "SecurityConfiguration for " + propertyName + " not found in ESAPI.properties");
+            }
+            return property;
+        }
+    }
+
+
+    protected boolean shouldPrintProperties() {
+        return getESAPIProperty(PRINT_PROPERTIES_WHEN_LOADED, false);
+	}
+
+    protected Properties getESAPIProperties() {
+        return properties;
+    }
+}

From 735ee8b2ed9adf886847db834795d32233393bf1 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:49 -0500
Subject: [PATCH 161/812] Change CRLF to LF for issue 356.

---
 .../owasp/esapi/reference/DefaultUser.java    | 1228 ++++++++---------
 1 file changed, 614 insertions(+), 614 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/DefaultUser.java b/src/main/java/org/owasp/esapi/reference/DefaultUser.java
index 6b24f1aae..0ff656a2b 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultUser.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultUser.java
@@ -1,614 +1,614 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.EncoderConstants;
-import org.owasp.esapi.HTTPUtilities;
-import org.owasp.esapi.Logger;
-import org.owasp.esapi.User;
-import org.owasp.esapi.errors.*;
-
-import javax.servlet.http.HttpSession;
-import java.io.Serializable;
-import java.util.Set;
-import java.util.HashSet;
-import java.util.Date;
-import java.util.Locale;
-import java.util.Collections;
-import java.util.HashMap;
-/**
- * Reference implementation of the User interface. This implementation is serialized into a flat file in a simple format.
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @author Chris Schmidt (chrisisbeef .at. gmail.com) <a href="http://www.digital-ritual.com">Digital Ritual Software</a>
- * @since June 1, 2007
- * @see org.owasp.esapi.User
- */
-public class DefaultUser implements User, Serializable {
-
-	/** The Constant serialVersionUID. */
-	private static final long serialVersionUID = 1L;
-
-	/** The idle timeout length specified in the ESAPI config file. */
-	private static final int IDLE_TIMEOUT_LENGTH = ESAPI.securityConfiguration().getSessionIdleTimeoutLength();
-	
-	/** The absolute timeout length specified in the ESAPI config file. */
-	private static final int ABSOLUTE_TIMEOUT_LENGTH = ESAPI.securityConfiguration().getSessionAbsoluteTimeoutLength();
-	
-	/** The logger used by the class. */
-	private transient final Logger logger = ESAPI.getLogger("DefaultUser");
-    
-	/** This user's account id. */
-	long accountId = 0;
-
-	/** This user's account name. */
-	private String accountName = "";
-
-	/** This user's screen name (account name alias). */
-	private String screenName = "";
-
-	/** This user's CSRF token. */
-	private String csrfToken = resetCSRFToken();
-
-	/** This user's assigned roles. */
-	private Set<String> roles = new HashSet<String>();
-
-	/** Whether this user's account is locked. */
-	private boolean locked = false;
-
-	/** Whether this user is logged in. */
-	private boolean loggedIn = true;
-
-    /** Whether this user's account is enabled. */
-	private boolean enabled = false;
-
-    /** The last host address used by this user. */
-    private String lastHostAddress;
-
-	/** The last password change time for this user. */
-	private Date lastPasswordChangeTime = new Date(0);
-
-	/** The last login time for this user. */
-	private Date lastLoginTime = new Date(0);
-
-	/** The last failed login time for this user. */
-	private Date lastFailedLoginTime = new Date(0);
-	
-	/** The expiration date/time for this user's account. */
-	private Date expirationTime = new Date(Long.MAX_VALUE);
-
-	/** The sessions this user is associated with */
-	private transient Set<HttpSession> sessions = new HashSet<HttpSession>();
-	
-	/** The event map for this User */ 
-	private transient HashMap eventMap = new HashMap();
-	
-	/* A flag to indicate that the password must be changed before the account can be used. */
-	// private boolean requiresPasswordChange = true;
-	
-	/** The failed login count for this user's account. */
-	private int failedLoginCount = 0;
-	
-	/** This user's Locale. */
-	private Locale locale;
-    
-    private static final int MAX_ROLE_LENGTH = 250;
-    
-	/**
-	 * Instantiates a new user.
-	 *
-	 * @param accountName
-	 * 		The name of this user's account.
-	 */
-	public DefaultUser(String accountName) {
-		this.accountName = accountName.toLowerCase();
-		while( true ) {
-			long id = Math.abs( ESAPI.randomizer().getRandomLong() );
-			if ( ESAPI.authenticator().getUser( id ) == null && id != 0 ) {
-				this.accountId = id;
-				break;
-			}
-		}
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void addRole(String role) throws AuthenticationException {
-		String roleName = role.toLowerCase();
-		if ( ESAPI.validator().isValidInput("addRole", roleName, "RoleName", MAX_ROLE_LENGTH, false) ) {
-			roles.add(roleName);
-			logger.info(Logger.SECURITY_SUCCESS, "Role " + roleName + " added to " + getAccountName() );
-		} else {
-			throw new AuthenticationAccountsException( "Add role failed", "Attempt to add invalid role " + roleName + " to " + getAccountName() );
-		}
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void addRoles(Set<String> newRoles) throws AuthenticationException {
-        for (String newRole : newRoles)
-        {
-            addRole(newRole);
-		}
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void changePassword(String oldPassword, String newPassword1, String newPassword2) throws AuthenticationException, EncryptionException {
-		ESAPI.authenticator().changePassword(this, oldPassword, newPassword1, newPassword2);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void disable() {
-		enabled = false;
-		logger.info( Logger.SECURITY_SUCCESS, "Account disabled: " + getAccountName() );
-	}
-	
-	/**
-	 * {@inheritDoc}
-	 */
-	public void enable() {
-		this.enabled = true;
-		logger.info( Logger.SECURITY_SUCCESS, "Account enabled: " + getAccountName() );
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-    public long getAccountId() {
-        return accountId;
-    }
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public String getAccountName() {
-		return accountName;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public String getCSRFToken() {
-		return csrfToken;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public Date getExpirationTime() {
-		return (Date)expirationTime.clone();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public int getFailedLoginCount() {
-		return failedLoginCount;
-	}
-	
-	/**
-	 * Set the failed login count
-	 * 
-	 * @param count
-	 * 			the number of failed logins
-	 */
-	void setFailedLoginCount(int count) {
-		failedLoginCount = count;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public Date getLastFailedLoginTime() {
-		return (Date)lastFailedLoginTime.clone();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public String getLastHostAddress() {
-		if ( lastHostAddress == null ) {
-			return "unknown";
-		}
-        return lastHostAddress;
-    }
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public Date getLastLoginTime() {
-		return (Date)lastLoginTime.clone();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public Date getLastPasswordChangeTime() {
-		return (Date)lastPasswordChangeTime.clone();
-	}
-
-	/**
-	 * {@inheritDoc}
-     *
-     * @return
-     */
-	public String getName() {
-		return this.getAccountName();
-	}
-	
-	/**
-	 * {@inheritDoc}
-	 */
-	public Set<String> getRoles() {
-		return Collections.unmodifiableSet(roles);
-	}
-	
-	/**
-	 * {@inheritDoc}
-	 */
-	public String getScreenName() {
-		return screenName;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-    public void addSession( HttpSession s ) {
-        sessions.add( s );
-    }
-    
-	/**
-	 * {@inheritDoc}
-	 */
-    public void removeSession( HttpSession s ) {
-        sessions.remove( s );
-    }
-    
-	/**
-	 * {@inheritDoc}
-     *
-     * @return
-     */
-	public Set getSessions() {
-	    return sessions;
-	}
-	
-	/**
-	 * {@inheritDoc}
-	 */
-	public void incrementFailedLoginCount() {
-		failedLoginCount++;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public boolean isAnonymous() {
-		// User cannot be anonymous, since we have a special User.ANONYMOUS instance
-		// for the anonymous user
-		return false;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public boolean isEnabled() {
-		return enabled;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public boolean isExpired() {
-		return getExpirationTime().before( new Date() );
-
-		// If expiration should happen automatically or based on lastPasswordChangeTime?
-		//		long from = lastPasswordChangeTime.getTime();
-		//		long to = new Date().getTime();
-		//		double difference = to - from;
-		//		long days = Math.round((difference / (1000 * 60 * 60 * 24)));
-		//		return days > 60;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public boolean isInRole(String role) {
-		return roles.contains(role.toLowerCase());
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public boolean isLocked() {
-		return locked;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public boolean isLoggedIn() {
-		return loggedIn;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public boolean isSessionAbsoluteTimeout() {
-		HttpSession session = ESAPI.httpUtilities().getCurrentRequest().getSession(false);
-		if ( session == null ) return true;
-		Date deadline = new Date( session.getCreationTime() + ABSOLUTE_TIMEOUT_LENGTH);
-		Date now = new Date();
-		return now.after(deadline);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public boolean isSessionTimeout() {
-		HttpSession session = ESAPI.httpUtilities().getCurrentRequest().getSession(false);
-		if ( session == null ) return true;
-		Date deadline = new Date( session.getLastAccessedTime() + IDLE_TIMEOUT_LENGTH);
-		Date now = new Date();
-		return now.after(deadline);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void lock() {
-		this.locked = true;
-		logger.info(Logger.SECURITY_SUCCESS, "Account locked: " + getAccountName() );
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void loginWithPassword(String password) throws AuthenticationException {
-		if ( password == null || password.equals("") ) {
-			setLastFailedLoginTime(new Date());
-			incrementFailedLoginCount();
-			throw new AuthenticationLoginException( "Login failed", "Missing password: " + accountName  );
-		}
-		
-		// don't let disabled users log in
-		if ( !isEnabled() ) {
-			setLastFailedLoginTime(new Date());
-			incrementFailedLoginCount();
-			throw new AuthenticationLoginException("Login failed", "Disabled user attempt to login: " + accountName );
-		}
-		
-		// don't let locked users log in
-		if ( isLocked() ) {
-			setLastFailedLoginTime(new Date());
-			incrementFailedLoginCount();
-			throw new AuthenticationLoginException("Login failed", "Locked user attempt to login: " + accountName );
-		}
-		
-		// don't let expired users log in
-		if ( isExpired() ) {
-			setLastFailedLoginTime(new Date());
-			incrementFailedLoginCount();
-			throw new AuthenticationLoginException("Login failed", "Expired user attempt to login: " + accountName );
-		}
-		
-		logout();
-
-		if ( verifyPassword( password ) ) {
-			loggedIn = true;
-			ESAPI.httpUtilities().changeSessionIdentifier( ESAPI.currentRequest() );
-			ESAPI.authenticator().setCurrentUser(this);
-			setLastLoginTime(new Date());
-            setLastHostAddress( ESAPI.httpUtilities().getCurrentRequest().getRemoteAddr() );
-			logger.trace(Logger.SECURITY_SUCCESS, "User logged in: " + accountName );
-		} else {
-			loggedIn = false;
-			setLastFailedLoginTime(new Date());
-			incrementFailedLoginCount();
-			if (getFailedLoginCount() >= ESAPI.securityConfiguration().getAllowedLoginAttempts()) {
-				lock();
-			}
-			throw new AuthenticationLoginException("Login failed", "Incorrect password provided for " + getAccountName() );
-		}
-	}
- 
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void logout() {
-		ESAPI.httpUtilities().killCookie( ESAPI.currentRequest(), ESAPI.currentResponse(), HTTPUtilities.REMEMBER_TOKEN_COOKIE_NAME );
-		
-		HttpSession session = ESAPI.currentRequest().getSession(false);
-		if (session != null) {
-            removeSession(session);
-			session.invalidate();
-		}
-		ESAPI.httpUtilities().killCookie(ESAPI.currentRequest(), ESAPI.currentResponse(), ESAPI.securityConfiguration().getHttpSessionIdName());
-		loggedIn = false;
-		logger.info(Logger.SECURITY_SUCCESS, "Logout successful" );
-		ESAPI.authenticator().setCurrentUser(User.ANONYMOUS);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void removeRole(String role) {
-		roles.remove(role.toLowerCase());
-		logger.trace(Logger.SECURITY_SUCCESS, "Role " + role + " removed from " + getAccountName() );
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * In this implementation, we have chosen to use a random token that is
-	 * stored in the User object. Note that it is possible to avoid the use of
-	 * server side state by using either the hash of the users's session id or
-	 * an encrypted token that includes a timestamp and the user's IP address.
-	 * user's IP address. A relatively short 8 character string has been chosen
-	 * because this token will appear in all links and forms.
-	 * 
-	 * @return the string
-	 */
-	public String resetCSRFToken() {
-		// user.csrfToken = ESAPI.encryptor().hash( session.getId(),user.name );
-		// user.csrfToken = ESAPI.encryptor().encrypt( address + ":" + ESAPI.encryptor().getTimeStamp();
-		csrfToken = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-		return csrfToken;
-	}
-
-	/**
-	 * Sets the account id for this user's account.
-	 */
-	private void setAccountId(long accountId) {
-		this.accountId = accountId;
-	}
-	
-	
-	/**
-	 * {@inheritDoc}
-	 */
-	public void setAccountName(String accountName) {
-		String old = getAccountName();
-		this.accountName = accountName.toLowerCase();
-		if (old != null) {
-			if ( old.equals( "" ) ) {
-				old = "[nothing]";
-			}
-			logger.info(Logger.SECURITY_SUCCESS, "Account name changed from " + old + " to " + getAccountName() );
-		}
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void setExpirationTime(Date expirationTime) {
-		this.expirationTime = new Date( expirationTime.getTime() );
-		logger.info(Logger.SECURITY_SUCCESS, "Account expiration time set to " + expirationTime + " for " + getAccountName() );
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void setLastFailedLoginTime(Date lastFailedLoginTime) {
-		this.lastFailedLoginTime = lastFailedLoginTime;
-		logger.info(Logger.SECURITY_SUCCESS, "Set last failed login time to " + lastFailedLoginTime + " for " + getAccountName() );
-	}
-	
-	/**
-	 * {@inheritDoc}
-	 */
-	public void setLastHostAddress(String remoteHost) throws AuthenticationHostException
-    {
-		if ( lastHostAddress != null && !lastHostAddress.equals(remoteHost)) {
-        	// returning remote address not remote hostname to prevent DNS lookup
-			throw new AuthenticationHostException("Host change", "User session just jumped from " + lastHostAddress + " to " + remoteHost );
-		}
-		lastHostAddress = remoteHost;
-    }
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void setLastLoginTime(Date lastLoginTime) {
-		this.lastLoginTime = lastLoginTime;
-		logger.info(Logger.SECURITY_SUCCESS, "Set last successful login time to " + lastLoginTime + " for " + getAccountName() );
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void setLastPasswordChangeTime(Date lastPasswordChangeTime) {
-		this.lastPasswordChangeTime = lastPasswordChangeTime;
-		logger.info(Logger.SECURITY_SUCCESS, "Set last password change time to " + lastPasswordChangeTime + " for " + getAccountName() );
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void setRoles(Set<String> roles) throws AuthenticationException {
-		this.roles = new HashSet<String>();
-		addRoles(roles);
-		logger.info(Logger.SECURITY_SUCCESS, "Adding roles " + roles + " to " + getAccountName() );
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void setScreenName(String screenName) {
-		this.screenName = screenName;
-		logger.info(Logger.SECURITY_SUCCESS, "ScreenName changed to " + screenName + " for " + getAccountName() );
-	}
-
-	/**
-	 * {@inheritDoc}
-     *
-     * @return
-     */
-	public String toString() {
-		return "USER:" + accountName;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void unlock() {
-		this.locked = false;
-		this.failedLoginCount = 0;
-		logger.info( Logger.SECURITY_SUCCESS, "Account unlocked: " + getAccountName() );
-	}
-	
-	/**
-	 * {@inheritDoc}
-	 */
-	public boolean verifyPassword(String password) {
-		return ESAPI.authenticator().verifyPassword(this, password);
-	}
-    
-    /**
-     * Override clone and make final to prevent duplicate user objects.
-     * @return 
-     * @throws java.lang.CloneNotSupportedException
-     */
-    public final Object clone() throws java.lang.CloneNotSupportedException {
-    	  throw new java.lang.CloneNotSupportedException();
-    }
-	/**
-	 * @return the locale
-	 */
-	public Locale getLocale() {
-		return locale;
-	}
-
-	/**
-	 * @param locale the locale to set
-	 */
-	public void setLocale(Locale locale) {
-		this.locale = locale;
-	}
-    
-    public HashMap getEventMap() {
-    	return eventMap;
-    }
-    
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.EncoderConstants;
+import org.owasp.esapi.HTTPUtilities;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.User;
+import org.owasp.esapi.errors.*;
+
+import javax.servlet.http.HttpSession;
+import java.io.Serializable;
+import java.util.Set;
+import java.util.HashSet;
+import java.util.Date;
+import java.util.Locale;
+import java.util.Collections;
+import java.util.HashMap;
+/**
+ * Reference implementation of the User interface. This implementation is serialized into a flat file in a simple format.
+ * 
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author Chris Schmidt (chrisisbeef .at. gmail.com) <a href="http://www.digital-ritual.com">Digital Ritual Software</a>
+ * @since June 1, 2007
+ * @see org.owasp.esapi.User
+ */
+public class DefaultUser implements User, Serializable {
+
+	/** The Constant serialVersionUID. */
+	private static final long serialVersionUID = 1L;
+
+	/** The idle timeout length specified in the ESAPI config file. */
+	private static final int IDLE_TIMEOUT_LENGTH = ESAPI.securityConfiguration().getSessionIdleTimeoutLength();
+	
+	/** The absolute timeout length specified in the ESAPI config file. */
+	private static final int ABSOLUTE_TIMEOUT_LENGTH = ESAPI.securityConfiguration().getSessionAbsoluteTimeoutLength();
+	
+	/** The logger used by the class. */
+	private transient final Logger logger = ESAPI.getLogger("DefaultUser");
+    
+	/** This user's account id. */
+	long accountId = 0;
+
+	/** This user's account name. */
+	private String accountName = "";
+
+	/** This user's screen name (account name alias). */
+	private String screenName = "";
+
+	/** This user's CSRF token. */
+	private String csrfToken = resetCSRFToken();
+
+	/** This user's assigned roles. */
+	private Set<String> roles = new HashSet<String>();
+
+	/** Whether this user's account is locked. */
+	private boolean locked = false;
+
+	/** Whether this user is logged in. */
+	private boolean loggedIn = true;
+
+    /** Whether this user's account is enabled. */
+	private boolean enabled = false;
+
+    /** The last host address used by this user. */
+    private String lastHostAddress;
+
+	/** The last password change time for this user. */
+	private Date lastPasswordChangeTime = new Date(0);
+
+	/** The last login time for this user. */
+	private Date lastLoginTime = new Date(0);
+
+	/** The last failed login time for this user. */
+	private Date lastFailedLoginTime = new Date(0);
+	
+	/** The expiration date/time for this user's account. */
+	private Date expirationTime = new Date(Long.MAX_VALUE);
+
+	/** The sessions this user is associated with */
+	private transient Set<HttpSession> sessions = new HashSet<HttpSession>();
+	
+	/** The event map for this User */ 
+	private transient HashMap eventMap = new HashMap();
+	
+	/* A flag to indicate that the password must be changed before the account can be used. */
+	// private boolean requiresPasswordChange = true;
+	
+	/** The failed login count for this user's account. */
+	private int failedLoginCount = 0;
+	
+	/** This user's Locale. */
+	private Locale locale;
+    
+    private static final int MAX_ROLE_LENGTH = 250;
+    
+	/**
+	 * Instantiates a new user.
+	 *
+	 * @param accountName
+	 * 		The name of this user's account.
+	 */
+	public DefaultUser(String accountName) {
+		this.accountName = accountName.toLowerCase();
+		while( true ) {
+			long id = Math.abs( ESAPI.randomizer().getRandomLong() );
+			if ( ESAPI.authenticator().getUser( id ) == null && id != 0 ) {
+				this.accountId = id;
+				break;
+			}
+		}
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public void addRole(String role) throws AuthenticationException {
+		String roleName = role.toLowerCase();
+		if ( ESAPI.validator().isValidInput("addRole", roleName, "RoleName", MAX_ROLE_LENGTH, false) ) {
+			roles.add(roleName);
+			logger.info(Logger.SECURITY_SUCCESS, "Role " + roleName + " added to " + getAccountName() );
+		} else {
+			throw new AuthenticationAccountsException( "Add role failed", "Attempt to add invalid role " + roleName + " to " + getAccountName() );
+		}
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public void addRoles(Set<String> newRoles) throws AuthenticationException {
+        for (String newRole : newRoles)
+        {
+            addRole(newRole);
+		}
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public void changePassword(String oldPassword, String newPassword1, String newPassword2) throws AuthenticationException, EncryptionException {
+		ESAPI.authenticator().changePassword(this, oldPassword, newPassword1, newPassword2);
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public void disable() {
+		enabled = false;
+		logger.info( Logger.SECURITY_SUCCESS, "Account disabled: " + getAccountName() );
+	}
+	
+	/**
+	 * {@inheritDoc}
+	 */
+	public void enable() {
+		this.enabled = true;
+		logger.info( Logger.SECURITY_SUCCESS, "Account enabled: " + getAccountName() );
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+    public long getAccountId() {
+        return accountId;
+    }
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public String getAccountName() {
+		return accountName;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public String getCSRFToken() {
+		return csrfToken;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public Date getExpirationTime() {
+		return (Date)expirationTime.clone();
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public int getFailedLoginCount() {
+		return failedLoginCount;
+	}
+	
+	/**
+	 * Set the failed login count
+	 * 
+	 * @param count
+	 * 			the number of failed logins
+	 */
+	void setFailedLoginCount(int count) {
+		failedLoginCount = count;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public Date getLastFailedLoginTime() {
+		return (Date)lastFailedLoginTime.clone();
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public String getLastHostAddress() {
+		if ( lastHostAddress == null ) {
+			return "unknown";
+		}
+        return lastHostAddress;
+    }
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public Date getLastLoginTime() {
+		return (Date)lastLoginTime.clone();
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public Date getLastPasswordChangeTime() {
+		return (Date)lastPasswordChangeTime.clone();
+	}
+
+	/**
+	 * {@inheritDoc}
+     *
+     * @return
+     */
+	public String getName() {
+		return this.getAccountName();
+	}
+	
+	/**
+	 * {@inheritDoc}
+	 */
+	public Set<String> getRoles() {
+		return Collections.unmodifiableSet(roles);
+	}
+	
+	/**
+	 * {@inheritDoc}
+	 */
+	public String getScreenName() {
+		return screenName;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+    public void addSession( HttpSession s ) {
+        sessions.add( s );
+    }
+    
+	/**
+	 * {@inheritDoc}
+	 */
+    public void removeSession( HttpSession s ) {
+        sessions.remove( s );
+    }
+    
+	/**
+	 * {@inheritDoc}
+     *
+     * @return
+     */
+	public Set getSessions() {
+	    return sessions;
+	}
+	
+	/**
+	 * {@inheritDoc}
+	 */
+	public void incrementFailedLoginCount() {
+		failedLoginCount++;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public boolean isAnonymous() {
+		// User cannot be anonymous, since we have a special User.ANONYMOUS instance
+		// for the anonymous user
+		return false;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public boolean isEnabled() {
+		return enabled;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public boolean isExpired() {
+		return getExpirationTime().before( new Date() );
+
+		// If expiration should happen automatically or based on lastPasswordChangeTime?
+		//		long from = lastPasswordChangeTime.getTime();
+		//		long to = new Date().getTime();
+		//		double difference = to - from;
+		//		long days = Math.round((difference / (1000 * 60 * 60 * 24)));
+		//		return days > 60;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public boolean isInRole(String role) {
+		return roles.contains(role.toLowerCase());
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public boolean isLocked() {
+		return locked;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public boolean isLoggedIn() {
+		return loggedIn;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public boolean isSessionAbsoluteTimeout() {
+		HttpSession session = ESAPI.httpUtilities().getCurrentRequest().getSession(false);
+		if ( session == null ) return true;
+		Date deadline = new Date( session.getCreationTime() + ABSOLUTE_TIMEOUT_LENGTH);
+		Date now = new Date();
+		return now.after(deadline);
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public boolean isSessionTimeout() {
+		HttpSession session = ESAPI.httpUtilities().getCurrentRequest().getSession(false);
+		if ( session == null ) return true;
+		Date deadline = new Date( session.getLastAccessedTime() + IDLE_TIMEOUT_LENGTH);
+		Date now = new Date();
+		return now.after(deadline);
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public void lock() {
+		this.locked = true;
+		logger.info(Logger.SECURITY_SUCCESS, "Account locked: " + getAccountName() );
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public void loginWithPassword(String password) throws AuthenticationException {
+		if ( password == null || password.equals("") ) {
+			setLastFailedLoginTime(new Date());
+			incrementFailedLoginCount();
+			throw new AuthenticationLoginException( "Login failed", "Missing password: " + accountName  );
+		}
+		
+		// don't let disabled users log in
+		if ( !isEnabled() ) {
+			setLastFailedLoginTime(new Date());
+			incrementFailedLoginCount();
+			throw new AuthenticationLoginException("Login failed", "Disabled user attempt to login: " + accountName );
+		}
+		
+		// don't let locked users log in
+		if ( isLocked() ) {
+			setLastFailedLoginTime(new Date());
+			incrementFailedLoginCount();
+			throw new AuthenticationLoginException("Login failed", "Locked user attempt to login: " + accountName );
+		}
+		
+		// don't let expired users log in
+		if ( isExpired() ) {
+			setLastFailedLoginTime(new Date());
+			incrementFailedLoginCount();
+			throw new AuthenticationLoginException("Login failed", "Expired user attempt to login: " + accountName );
+		}
+		
+		logout();
+
+		if ( verifyPassword( password ) ) {
+			loggedIn = true;
+			ESAPI.httpUtilities().changeSessionIdentifier( ESAPI.currentRequest() );
+			ESAPI.authenticator().setCurrentUser(this);
+			setLastLoginTime(new Date());
+            setLastHostAddress( ESAPI.httpUtilities().getCurrentRequest().getRemoteAddr() );
+			logger.trace(Logger.SECURITY_SUCCESS, "User logged in: " + accountName );
+		} else {
+			loggedIn = false;
+			setLastFailedLoginTime(new Date());
+			incrementFailedLoginCount();
+			if (getFailedLoginCount() >= ESAPI.securityConfiguration().getAllowedLoginAttempts()) {
+				lock();
+			}
+			throw new AuthenticationLoginException("Login failed", "Incorrect password provided for " + getAccountName() );
+		}
+	}
+ 
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public void logout() {
+		ESAPI.httpUtilities().killCookie( ESAPI.currentRequest(), ESAPI.currentResponse(), HTTPUtilities.REMEMBER_TOKEN_COOKIE_NAME );
+		
+		HttpSession session = ESAPI.currentRequest().getSession(false);
+		if (session != null) {
+            removeSession(session);
+			session.invalidate();
+		}
+		ESAPI.httpUtilities().killCookie(ESAPI.currentRequest(), ESAPI.currentResponse(), ESAPI.securityConfiguration().getHttpSessionIdName());
+		loggedIn = false;
+		logger.info(Logger.SECURITY_SUCCESS, "Logout successful" );
+		ESAPI.authenticator().setCurrentUser(User.ANONYMOUS);
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public void removeRole(String role) {
+		roles.remove(role.toLowerCase());
+		logger.trace(Logger.SECURITY_SUCCESS, "Role " + role + " removed from " + getAccountName() );
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * 
+	 * In this implementation, we have chosen to use a random token that is
+	 * stored in the User object. Note that it is possible to avoid the use of
+	 * server side state by using either the hash of the users's session id or
+	 * an encrypted token that includes a timestamp and the user's IP address.
+	 * user's IP address. A relatively short 8 character string has been chosen
+	 * because this token will appear in all links and forms.
+	 * 
+	 * @return the string
+	 */
+	public String resetCSRFToken() {
+		// user.csrfToken = ESAPI.encryptor().hash( session.getId(),user.name );
+		// user.csrfToken = ESAPI.encryptor().encrypt( address + ":" + ESAPI.encryptor().getTimeStamp();
+		csrfToken = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+		return csrfToken;
+	}
+
+	/**
+	 * Sets the account id for this user's account.
+	 */
+	private void setAccountId(long accountId) {
+		this.accountId = accountId;
+	}
+	
+	
+	/**
+	 * {@inheritDoc}
+	 */
+	public void setAccountName(String accountName) {
+		String old = getAccountName();
+		this.accountName = accountName.toLowerCase();
+		if (old != null) {
+			if ( old.equals( "" ) ) {
+				old = "[nothing]";
+			}
+			logger.info(Logger.SECURITY_SUCCESS, "Account name changed from " + old + " to " + getAccountName() );
+		}
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public void setExpirationTime(Date expirationTime) {
+		this.expirationTime = new Date( expirationTime.getTime() );
+		logger.info(Logger.SECURITY_SUCCESS, "Account expiration time set to " + expirationTime + " for " + getAccountName() );
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public void setLastFailedLoginTime(Date lastFailedLoginTime) {
+		this.lastFailedLoginTime = lastFailedLoginTime;
+		logger.info(Logger.SECURITY_SUCCESS, "Set last failed login time to " + lastFailedLoginTime + " for " + getAccountName() );
+	}
+	
+	/**
+	 * {@inheritDoc}
+	 */
+	public void setLastHostAddress(String remoteHost) throws AuthenticationHostException
+    {
+		if ( lastHostAddress != null && !lastHostAddress.equals(remoteHost)) {
+        	// returning remote address not remote hostname to prevent DNS lookup
+			throw new AuthenticationHostException("Host change", "User session just jumped from " + lastHostAddress + " to " + remoteHost );
+		}
+		lastHostAddress = remoteHost;
+    }
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public void setLastLoginTime(Date lastLoginTime) {
+		this.lastLoginTime = lastLoginTime;
+		logger.info(Logger.SECURITY_SUCCESS, "Set last successful login time to " + lastLoginTime + " for " + getAccountName() );
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public void setLastPasswordChangeTime(Date lastPasswordChangeTime) {
+		this.lastPasswordChangeTime = lastPasswordChangeTime;
+		logger.info(Logger.SECURITY_SUCCESS, "Set last password change time to " + lastPasswordChangeTime + " for " + getAccountName() );
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public void setRoles(Set<String> roles) throws AuthenticationException {
+		this.roles = new HashSet<String>();
+		addRoles(roles);
+		logger.info(Logger.SECURITY_SUCCESS, "Adding roles " + roles + " to " + getAccountName() );
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public void setScreenName(String screenName) {
+		this.screenName = screenName;
+		logger.info(Logger.SECURITY_SUCCESS, "ScreenName changed to " + screenName + " for " + getAccountName() );
+	}
+
+	/**
+	 * {@inheritDoc}
+     *
+     * @return
+     */
+	public String toString() {
+		return "USER:" + accountName;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public void unlock() {
+		this.locked = false;
+		this.failedLoginCount = 0;
+		logger.info( Logger.SECURITY_SUCCESS, "Account unlocked: " + getAccountName() );
+	}
+	
+	/**
+	 * {@inheritDoc}
+	 */
+	public boolean verifyPassword(String password) {
+		return ESAPI.authenticator().verifyPassword(this, password);
+	}
+    
+    /**
+     * Override clone and make final to prevent duplicate user objects.
+     * @return 
+     * @throws java.lang.CloneNotSupportedException
+     */
+    public final Object clone() throws java.lang.CloneNotSupportedException {
+    	  throw new java.lang.CloneNotSupportedException();
+    }
+	/**
+	 * @return the locale
+	 */
+	public Locale getLocale() {
+		return locale;
+	}
+
+	/**
+	 * @param locale the locale to set
+	 */
+	public void setLocale(Locale locale) {
+		this.locale = locale;
+	}
+    
+    public HashMap getEventMap() {
+    	return eventMap;
+    }
+    
+}

From 2ea1f97036a29176c657d4293693bba230feb181 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:49 -0500
Subject: [PATCH 162/812] Change CRLF to LF for issue 356.

---
 .../esapi/reference/DefaultValidator.java     | 2388 ++++++++---------
 1 file changed, 1194 insertions(+), 1194 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/DefaultValidator.java b/src/main/java/org/owasp/esapi/reference/DefaultValidator.java
index 85c334323..492444200 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultValidator.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultValidator.java
@@ -1,1194 +1,1194 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- *
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- *
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- *
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @author Jim Manico (jim@manico.net) <a href="http://www.manico.net">Manico.net</a>
- *
- * @created 2007
- */
-package org.owasp.esapi.reference;
-
-import java.io.File;
-import java.io.IOException;
-import java.io.InputStream;
-import java.text.DateFormat;
-import java.util.ArrayList;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import java.util.regex.Pattern;
-
-import javax.servlet.http.HttpServletRequest;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.Encoder;
-import org.owasp.esapi.ValidationErrorList;
-import org.owasp.esapi.ValidationRule;
-import org.owasp.esapi.Validator;
-import org.owasp.esapi.errors.IntrusionException;
-import org.owasp.esapi.errors.ValidationAvailabilityException;
-import org.owasp.esapi.errors.ValidationException;
-import org.owasp.esapi.reference.validation.CreditCardValidationRule;
-import org.owasp.esapi.reference.validation.DateValidationRule;
-import org.owasp.esapi.reference.validation.HTMLValidationRule;
-import org.owasp.esapi.reference.validation.IntegerValidationRule;
-import org.owasp.esapi.reference.validation.NumberValidationRule;
-import org.owasp.esapi.reference.validation.StringValidationRule;
-
-/**
- * Reference implementation of the Validator interface. This implementation
- * relies on the ESAPI Encoder, Java Pattern (regex), Date,
- * and several other classes to provide basic validation functions. This library
- * has a heavy emphasis on whitelist validation and canonicalization.
- *
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @author Jim Manico (jim@manico.net) <a href="http://www.manico.net">Manico.net</a>
- *
- * @since June 1, 2007
- * @see org.owasp.esapi.Validator
- */
-public class DefaultValidator implements org.owasp.esapi.Validator {
-    private static volatile Validator instance = null;
-
-    public static Validator getInstance() {
-        if ( instance == null ) {
-            synchronized ( Validator.class ) {
-                if ( instance == null ) {
-                    instance = new DefaultValidator();
-                }
-            }
-        }
-        return instance;
-    }
-
-	/** A map of validation rules */
-	private Map<String, ValidationRule> rules = new HashMap<String, ValidationRule>();
-
-	/** The encoder to use for canonicalization */
-	private Encoder encoder = null;
-
-	/** The encoder to use for file system */
-	private static Validator fileValidator = null;
-
-	/** Initialize file validator with an appropriate set of codecs */
-	static {
-		List<String> list = new ArrayList<String>();
-		list.add( "HTMLEntityCodec" );
-		list.add( "PercentCodec" );
-		Encoder fileEncoder = new DefaultEncoder( list );
-		fileValidator = new DefaultValidator( fileEncoder );
-	}
-
-
-	/**
-	 * Default constructor uses the ESAPI standard encoder for canonicalization.
-	 */
-	public DefaultValidator() {
-	    this.encoder = ESAPI.encoder();
-	}
-
-	/**
-	 * Construct a new DefaultValidator that will use the specified
-	 * Encoder for canonicalization.
-     *
-     * @param encoder
-     */
-	public DefaultValidator( Encoder encoder ) {
-	    this.encoder = encoder;
-	}
-
-
-	/**
-	 * Add a validation rule to the registry using the "type name" of the rule as the key.
-	 */
-	public void addRule( ValidationRule rule ) {
-		rules.put( rule.getTypeName(), rule );
-	}
-
-	/**
-	 * Get a validation rule from the registry with the "type name" of the rule as the key.
-	 */
-	public ValidationRule getRule( String name ) {
-		return rules.get( name );
-	}
-
-
-	/**
-	 * Returns true if data received from browser is valid. Double encoding is treated as an attack. The
-	 * default encoder supports html encoding, URL encoding, and javascript escaping. Input is canonicalized
-	 * by default before validation.
-	 *
-	 * @param context A descriptive name for the field to validate. This is used for error facing validation messages and element identification.
-	 * @param input The actual user input data to validate.
-	 * @param type The regular expression name while maps to the actual regular expression from "ESAPI.properties".
-	 * @param maxLength The maximum post-canonicalized String length allowed.
-	 * @param allowNull If allowNull is true then a input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
-	 * @return The canonicalized user input.
-	 * @throws IntrusionException
-	 */
-	public boolean isValidInput(String context, String input, String type, int maxLength, boolean allowNull) throws IntrusionException  {
-		return isValidInput(context, input, type, maxLength, allowNull, true);
-	}
-
-        public boolean isValidInput(String context, String input, String type, int maxLength, boolean allowNull, ValidationErrorList errors) throws IntrusionException  {
-		return isValidInput(context, input, type, maxLength, allowNull, true, errors);
-	}
-
-	public boolean isValidInput(String context, String input, String type, int maxLength, boolean allowNull, boolean canonicalize) throws IntrusionException  {
-		try {
-			getValidInput( context, input, type, maxLength, allowNull, canonicalize);
-			return true;
-		} catch( Exception e ) {
-			return false;
-		}
-	}
-
-        public boolean isValidInput(String context, String input, String type, int maxLength, boolean allowNull, boolean canonicalize, ValidationErrorList errors) throws IntrusionException  {
-		try {
-			getValidInput( context, input, type, maxLength, allowNull, canonicalize);
-			return true;
-		} catch( ValidationException e ) {
-			errors.addError( context, e );
-			return false;
-		}
-	}
-
-	/**
-	 * Validates data received from the browser and returns a safe version.
-	 * Double encoding is treated as an attack. The default encoder supports
-	 * html encoding, URL encoding, and javascript escaping. Input is
-	 * canonicalized by default before validation.
-	 *
-	 * @param context A descriptive name for the field to validate. This is used for error facing validation messages and element identification.
-	 * @param input The actual user input data to validate.
-	 * @param type The regular expression name which maps to the actual regular expression from "ESAPI.properties".
-	 * @param maxLength The maximum post-canonicalized String length allowed.
-	 * @param allowNull If allowNull is true then a input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
-	 * @return The canonicalized user input.
-	 * @throws ValidationException
-	 * @throws IntrusionException
-	 */
-	public String getValidInput(String context, String input, String type, int maxLength, boolean allowNull) throws ValidationException {
-		return getValidInput(context, input, type, maxLength, allowNull, true);
-	}
-
-	/**
-	 * Validates data received from the browser and returns a safe version. Only
-	 * URL encoding is supported. Double encoding is treated as an attack.
-	 *
-	 * @param context A descriptive name for the field to validate. This is used for error facing validation messages and element identification.
-	 * @param input The actual user input data to validate.
-	 * @param type The regular expression name which maps to the actual regular expression in the ESAPI validation configuration file
-	 * @param maxLength The maximum String length allowed. If input is canonicalized per the canonicalize argument, then maxLength must be verified after canonicalization
-     * @param allowNull If allowNull is true then a input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
-	 * @param canonicalize If canonicalize is true then input will be canonicalized before validation
-	 * @return The user input, may be canonicalized if canonicalize argument is true
-	 * @throws ValidationException
-	 * @throws IntrusionException
-	 */
-	public String getValidInput(String context, String input, String type, int maxLength, boolean allowNull, boolean canonicalize) throws ValidationException {
-		StringValidationRule rvr = new StringValidationRule( type, encoder );
-		Pattern p = ESAPI.securityConfiguration().getValidationPattern( type );
-		if ( p != null ) {
-			rvr.addWhitelistPattern( p );
-		} else {
-            // Issue 232 - Specify requested type in exception message - CS
-			throw new IllegalArgumentException("The selected type [" + type + "] was not set via the ESAPI validation configuration");
-		}
-		rvr.setMaximumLength(maxLength);
-		rvr.setAllowNull(allowNull);
-		rvr.setValidateInputAndCanonical(canonicalize);
-		return rvr.getValid(context, input);
-	}
-
-	/**
-	 * Validates data received from the browser and returns a safe version. Only
-	 * URL encoding is supported. Double encoding is treated as an attack. Input
-	 * is canonicalized by default before validation.
-	 *
-	 * @param context A descriptive name for the field to validate. This is used for error facing validation messages and element identification.
-	 * @param input The actual user input data to validate.
-	 * @param type The regular expression name while maps to the actual regular expression from "ESAPI.properties".
-	 * @param maxLength The maximum String length allowed. If input is canonicalized per the canonicalize argument, then maxLength must be verified after canonicalization
-	 * @param allowNull If allowNull is true then a input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
-	 * @param errors If ValidationException is thrown, then add to error list instead of throwing out to caller
-	 * @return The canonicalized user input.
-	 * @throws IntrusionException
-	 */
-	public String getValidInput(String context, String input, String type, int maxLength, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
-		return getValidInput(context, input, type, maxLength, allowNull, true, errors);
-	}
-
-	/**
-	 * Validates data received from the browser and returns a safe version. Only
-	 * URL encoding is supported. Double encoding is treated as an attack.
-	 *
-	 * @param context A descriptive name for the field to validate. This is used for error facing validation messages and element identification.
-	 * @param input The actual user input data to validate.
-	 * @param type The regular expression name while maps to the actual regular expression from "ESAPI.properties".
-	 * @param maxLength The maximum post-canonicalized String length allowed
-	 * @param allowNull If allowNull is true then a input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
-	 * @param canonicalize If canonicalize is true then input will be canonicalized before validation
-	 * @param errors If ValidationException is thrown, then add to error list instead of throwing out to caller
-	 * @return The user input, may be canonicalized if canonicalize argument is true
-	 * @throws IntrusionException
-	 */
-	public String getValidInput(String context, String input, String type, int maxLength, boolean allowNull, boolean canonicalize, ValidationErrorList errors) throws IntrusionException {
-		try {
-			return getValidInput(context,  input,  type,  maxLength,  allowNull, canonicalize);
-		} catch (ValidationException e) {
-			errors.addError(context, e);
-		}
-
-		return "";
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public boolean isValidDate(String context, String input, DateFormat format, boolean allowNull) throws IntrusionException {
-		try {
-			getValidDate( context, input, format, allowNull);
-			return true;
-		} catch( Exception e ) {
-			return false;
-		}
-	}
-
-        /**
-	 * {@inheritDoc}
-	 */
-	public boolean isValidDate(String context, String input, DateFormat format, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
-		try {
-			getValidDate( context, input, format, allowNull);
-			return true;
-		} catch( ValidationException e ) {
-            errors.addError(context, e);
-			return false;
-		}
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public Date getValidDate(String context, String input, DateFormat format, boolean allowNull) throws ValidationException, IntrusionException {
-		DateValidationRule dvr = new DateValidationRule( "SimpleDate", encoder, format);
-		dvr.setAllowNull(allowNull);
-		return dvr.getValid(context, input);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public Date getValidDate(String context, String input, DateFormat format, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
-		try {
-			return getValidDate(context, input, format, allowNull);
-		} catch (ValidationException e) {
-			errors.addError(context, e);
-		}
-		// error has been added to list, so return null
-		return null;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public boolean isValidSafeHTML(String context, String input, int maxLength, boolean allowNull) throws IntrusionException {
-		try {
-			getValidSafeHTML( context, input, maxLength, allowNull);
-			return true;
-		} catch( Exception e ) {
-			return false;
-		}
-	}
-
-        /**
-	 * {@inheritDoc}
-	 */
-	public boolean isValidSafeHTML(String context, String input, int maxLength, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
-		try {
-			getValidSafeHTML( context, input, maxLength, allowNull);
-			return true;
-		} catch( ValidationException e ) {
-            errors.addError(context, e);
-			return false;
-		}
-	}
-
-	/**
-	 * {@inheritDoc}
-	 *
-	 * This implementation relies on the OWASP AntiSamy project.
-	 */
-	public String getValidSafeHTML( String context, String input, int maxLength, boolean allowNull ) throws ValidationException, IntrusionException {
-		HTMLValidationRule hvr = new HTMLValidationRule( "safehtml", encoder );
-		hvr.setMaximumLength(maxLength);
-		hvr.setAllowNull(allowNull);
-		hvr.setValidateInputAndCanonical(false);
-		return hvr.getValid(context, input);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public String getValidSafeHTML(String context, String input, int maxLength, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
-		try {
-			return getValidSafeHTML(context, input, maxLength, allowNull);
-		} catch (ValidationException e) {
-			errors.addError(context, e);
-		}
-
-		return "";
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public boolean isValidCreditCard(String context, String input, boolean allowNull) throws IntrusionException {
-		try {
-			getValidCreditCard( context, input, allowNull);
-			return true;
-		} catch( Exception e ) {
-			return false;
-		}
-	}
-
-        /**
-	 * {@inheritDoc}
-	 */
-	public boolean isValidCreditCard(String context, String input, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
-		try {
-			getValidCreditCard( context, input, allowNull);
-			return true;
-		} catch( ValidationException e ) {
-            errors.addError(context, e);
-			return false;
-		}
-	}
-	/**
-	 * {@inheritDoc}
-	 */
-	public String getValidCreditCard(String context, String input, boolean allowNull) throws ValidationException, IntrusionException {
-		CreditCardValidationRule ccvr = new CreditCardValidationRule( "creditcard", encoder );
-		ccvr.setAllowNull(allowNull);
-		return ccvr.getValid(context, input);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public String getValidCreditCard(String context, String input, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
-		try {
-			return getValidCreditCard(context, input, allowNull);
-		} catch (ValidationException e) {
-			errors.addError(context, e);
-		}
-
-		return "";
-	}
-
-	/**
-	 * {@inheritDoc}
-	 *
-	 * <p><b>Note:</b> On platforms that support symlinks, this function will fail canonicalization if directorypath
-	 * is a symlink. For example, on MacOS X, /etc is actually /private/etc. If you mean to use /etc, use its real
-	 * path (/private/etc), not the symlink (/etc).</p>
-	 */
-	public boolean isValidDirectoryPath(String context, String input, File parent, boolean allowNull) throws IntrusionException {
-		try {
-			getValidDirectoryPath( context, input, parent, allowNull);
-			return true;
-		} catch( Exception e ) {
-			return false;
-		}
-	}
-
-        /**
-	 * {@inheritDoc}
-	 *
-	 * <p><b>Note:</b> On platforms that support symlinks, this function will fail canonicalization if directorypath
-	 * is a symlink. For example, on MacOS X, /etc is actually /private/etc. If you mean to use /etc, use its real
-	 * path (/private/etc), not the symlink (/etc).</p>
-	 */
-	public boolean isValidDirectoryPath(String context, String input, File parent, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
-		try {
-			getValidDirectoryPath( context, input, parent, allowNull);
-			return true;
-		} catch( ValidationException e ) {
-            errors.addError(context, e);
-			return false;
-		}
-	}
-	/**
-	 * {@inheritDoc}
-	 */
-	public String getValidDirectoryPath(String context, String input, File parent, boolean allowNull) throws ValidationException, IntrusionException {
-		try {
-			if (isEmpty(input)) {
-				if (allowNull) return null;
-       			throw new ValidationException( context + ": Input directory path required", "Input directory path required: context=" + context + ", input=" + input, context );
-			}
-
-			File dir = new File( input );
-
-			// check dir exists and parent exists and dir is inside parent
-			if ( !dir.exists() ) {
-				throw new ValidationException( context + ": Invalid directory name", "Invalid directory, does not exist: context=" + context + ", input=" + input );
-			}
-			if ( !dir.isDirectory() ) {
-				throw new ValidationException( context + ": Invalid directory name", "Invalid directory, not a directory: context=" + context + ", input=" + input );
-			}
-			if ( !parent.exists() ) {
-				throw new ValidationException( context + ": Invalid directory name", "Invalid directory, specified parent does not exist: context=" + context + ", input=" + input + ", parent=" + parent );
-			}
-			if ( !parent.isDirectory() ) {
-				throw new ValidationException( context + ": Invalid directory name", "Invalid directory, specified parent is not a directory: context=" + context + ", input=" + input + ", parent=" + parent );
-			}
-			if ( !dir.getCanonicalPath().startsWith(parent.getCanonicalPath() ) ) {
-				throw new ValidationException( context + ": Invalid directory name", "Invalid directory, not inside specified parent: context=" + context + ", input=" + input + ", parent=" + parent );
-			}
-
-			// check canonical form matches input
-			String canonicalPath = dir.getCanonicalPath();
-			String canonical = fileValidator.getValidInput( context, canonicalPath, "DirectoryName", 255, false);
-			if ( !canonical.equals( input ) ) {
-				throw new ValidationException( context + ": Invalid directory name", "Invalid directory name does not match the canonical path: context=" + context + ", input=" + input + ", canonical=" + canonical, context );
-			}
-			return canonical;
-		} catch (Exception e) {
-			throw new ValidationException( context + ": Invalid directory name", "Failure to validate directory path: context=" + context + ", input=" + input, e, context );
-		}
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public String getValidDirectoryPath(String context, String input, File parent, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
-
-		try {
-			return getValidDirectoryPath(context, input, parent, allowNull);
-		} catch (ValidationException e) {
-			errors.addError(context, e);
-		}
-
-		return "";
-	}
-
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public boolean isValidFileName(String context, String input, boolean allowNull) throws IntrusionException {
-		return isValidFileName( context, input, ESAPI.securityConfiguration().getAllowedFileExtensions(), allowNull );
-	}
-
-        /**
-	 * {@inheritDoc}
-	 */
-	public boolean isValidFileName(String context, String input, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
-		return isValidFileName( context, input, ESAPI.securityConfiguration().getAllowedFileExtensions(), allowNull, errors );
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public boolean isValidFileName(String context, String input, List<String> allowedExtensions, boolean allowNull) throws IntrusionException {
-		try {
-			getValidFileName( context, input, allowedExtensions, allowNull);
-			return true;
-		} catch( Exception e ) {
-			return false;
-		}
-	}
-
-        /**
-	 * {@inheritDoc}
-	 */
-	public boolean isValidFileName(String context, String input, List<String> allowedExtensions, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
-		try {
-			getValidFileName( context, input, allowedExtensions, allowNull);
-			return true;
-		} catch( ValidationException e ) {
-            errors.addError(context, e);
-			return false;
-		}
-	}
-	/**
-	 * {@inheritDoc}
-	 */
-	public String getValidFileName(String context, String input, List<String> allowedExtensions, boolean allowNull) throws ValidationException, IntrusionException {
-		if ((allowedExtensions == null) || (allowedExtensions.isEmpty())) {
-			throw new ValidationException( "Internal Error", "getValidFileName called with an empty or null list of allowed Extensions, therefore no files can be uploaded" );
-		}
-
-		String canonical = "";
-		// detect path manipulation
-		try {
-			if (isEmpty(input)) {
-				if (allowNull) return null;
-	   			throw new ValidationException( context + ": Input file name required", "Input required: context=" + context + ", input=" + input, context );
-			}
-
-			// do basic validation
-	        canonical = new File(input).getCanonicalFile().getName();
-	        getValidInput( context, input, "FileName", 255, true );
-
-			File f = new File(canonical);
-			String c = f.getCanonicalPath();
-			String cpath = c.substring(c.lastIndexOf(File.separator) + 1);
-
-
-			// the path is valid if the input matches the canonical path
-			if (!input.equals(cpath)) {
-				throw new ValidationException( context + ": Invalid file name", "Invalid directory name does not match the canonical path: context=" + context + ", input=" + input + ", canonical=" + canonical, context );
-			}
-
-		} catch (IOException e) {
-			throw new ValidationException( context + ": Invalid file name", "Invalid file name does not exist: context=" + context + ", canonical=" + canonical, e, context );
-		}
-
-		// verify extensions
-		Iterator<String> i = allowedExtensions.iterator();
-		while (i.hasNext()) {
-			String ext = i.next();
-			if (input.toLowerCase().endsWith(ext.toLowerCase())) {
-				return canonical;
-			}
-		}
-		throw new ValidationException( context + ": Invalid file name does not have valid extension ( "+allowedExtensions+")", "Invalid file name does not have valid extension ( "+allowedExtensions+"): context=" + context+", input=" + input, context );
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public String getValidFileName(String context, String input, List<String> allowedParameters, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
-		try {
-			return getValidFileName(context, input, allowedParameters, allowNull);
-		} catch (ValidationException e) {
-			errors.addError(context, e);
-		}
-
-		return "";
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public boolean isValidNumber(String context, String input, long minValue, long maxValue, boolean allowNull) throws IntrusionException {
-		try {
-			getValidNumber(context, input, minValue, maxValue, allowNull);
-			return true;
-		} catch( Exception e ) {
-			return false;
-		}
-	}
-
-        /**
-	 * {@inheritDoc}
-	 */
-	public boolean isValidNumber(String context, String input, long minValue, long maxValue, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
-		try {
-			getValidNumber(context, input, minValue, maxValue, allowNull);
-			return true;
-		} catch( ValidationException e ) {
-            errors.addError(context, e);
-			return false;
-		}
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public Double getValidNumber(String context, String input, long minValue, long maxValue, boolean allowNull) throws ValidationException, IntrusionException {
-		Double minDoubleValue = new Double(minValue);
-		Double maxDoubleValue = new Double(maxValue);
-		return getValidDouble(context, input, minDoubleValue.doubleValue(), maxDoubleValue.doubleValue(), allowNull);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public Double getValidNumber(String context, String input, long minValue, long maxValue, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
-		try {
-			return getValidNumber(context, input, minValue, maxValue, allowNull);
-		} catch (ValidationException e) {
-			errors.addError(context, e);
-		}
-
-		return null;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public boolean isValidDouble(String context, String input, double minValue, double maxValue, boolean allowNull) throws IntrusionException {
-        try {
-            getValidDouble( context, input, minValue, maxValue, allowNull );
-            return true;
-        } catch( Exception e ) {
-            return false;
-        }
-	}
-
-        /**
-	 * {@inheritDoc}
-	 */
-	public boolean isValidDouble(String context, String input, double minValue, double maxValue, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
-        try {
-            getValidDouble( context, input, minValue, maxValue, allowNull );
-            return true;
-        } catch( ValidationException e ) {
-            errors.addError(context, e);
-            return false;
-        }
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public Double getValidDouble(String context, String input, double minValue, double maxValue, boolean allowNull) throws ValidationException, IntrusionException {
-		NumberValidationRule nvr = new NumberValidationRule( "number", encoder, minValue, maxValue );
-		nvr.setAllowNull(allowNull);
-		return nvr.getValid(context, input);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public Double getValidDouble(String context, String input, double minValue, double maxValue, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
-		try {
-			return getValidDouble(context, input, minValue, maxValue, allowNull);
-		} catch (ValidationException e) {
-			errors.addError(context, e);
-		}
-
-		return new Double(Double.NaN);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public boolean isValidInteger(String context, String input, int minValue, int maxValue, boolean allowNull) throws IntrusionException {
-		try {
-			getValidInteger( context, input, minValue, maxValue, allowNull);
-			return true;
-		} catch( ValidationException e ) {
-			return false;
-		}
-	}
-
-        /**
-	 * {@inheritDoc}
-	 */
-	public boolean isValidInteger(String context, String input, int minValue, int maxValue, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
-		try {
-			getValidInteger( context, input, minValue, maxValue, allowNull);
-			return true;
-		} catch( ValidationException e ) {
-            errors.addError(context, e);
-			return false;
-		}
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public Integer getValidInteger(String context, String input, int minValue, int maxValue, boolean allowNull) throws ValidationException, IntrusionException {
-		IntegerValidationRule ivr = new IntegerValidationRule( "number", encoder, minValue, maxValue );
-		ivr.setAllowNull(allowNull);
-		return ivr.getValid(context, input);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public Integer getValidInteger(String context, String input, int minValue, int maxValue, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
-		try {
-			return getValidInteger(context, input, minValue, maxValue, allowNull);
-		} catch (ValidationException e) {
-			errors.addError(context, e);
-		}
-		// error has been added to list, so return original input
-		return null;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public boolean isValidFileContent(String context, byte[] input, int maxBytes, boolean allowNull) throws IntrusionException {
-		try {
-			getValidFileContent( context, input, maxBytes, allowNull);
-			return true;
-		} catch( Exception e ) {
-			return false;
-		}
-	}
-
-        /**
-	 * {@inheritDoc}
-	 */
-	public boolean isValidFileContent(String context, byte[] input, int maxBytes, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
-		try {
-			getValidFileContent( context, input, maxBytes, allowNull);
-			return true;
-		} catch( ValidationException e ) {
-            errors.addError(context, e);
-			return false;
-		}
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public byte[] getValidFileContent(String context, byte[] input, int maxBytes, boolean allowNull) throws ValidationException, IntrusionException {
-		if (isEmpty(input)) {
-			if (allowNull) return null;
-   			throw new ValidationException( context + ": Input required", "Input required: context=" + context + ", input=" + input, context );
-		}
-
-		long esapiMaxBytes = ESAPI.securityConfiguration().getAllowedFileUploadSize();
-		if (input.length > esapiMaxBytes ) throw new ValidationException( context + ": Invalid file content can not exceed " + esapiMaxBytes + " bytes", "Exceeded ESAPI max length", context );
-		if (input.length > maxBytes ) throw new ValidationException( context + ": Invalid file content can not exceed " + maxBytes + " bytes", "Exceeded maxBytes ( " + input.length + ")", context );
-
-		return input;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public byte[] getValidFileContent(String context, byte[] input, int maxBytes, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
-		try {
-			return getValidFileContent(context, input, maxBytes, allowNull);
-		} catch (ValidationException e) {
-			errors.addError(context, e);
-		}
-		// return empty byte array on error
-		return new byte[0];
-	}
-
-	/**
-	 * {@inheritDoc}
-	 *
-	 * <p><b>Note:</b> On platforms that support symlinks, this function will fail canonicalization if directorypath
-	 * is a symlink. For example, on MacOS X, /etc is actually /private/etc. If you mean to use /etc, use its real
-	 * path (/private/etc), not the symlink (/etc).</p>
-     */
-	public boolean isValidFileUpload(String context, String directorypath, String filename, File parent, byte[] content, int maxBytes, boolean allowNull) throws IntrusionException {
-		return( isValidFileName( context, filename, allowNull ) &&
-				isValidDirectoryPath( context, directorypath, parent, allowNull ) &&
-				isValidFileContent( context, content, maxBytes, allowNull ) );
-	}
-
-        /**
-	 * {@inheritDoc}
-	 *
-	 * <p><b>Note:</b> On platforms that support symlinks, this function will fail canonicalization if directorypath
-	 * is a symlink. For example, on MacOS X, /etc is actually /private/etc. If you mean to use /etc, use its real
-	 * path (/private/etc), not the symlink (/etc).</p>
-     */
-	public boolean isValidFileUpload(String context, String directorypath, String filename, File parent, byte[] content, int maxBytes, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
-		return( isValidFileName( context, filename, allowNull, errors ) &&
-				isValidDirectoryPath( context, directorypath, parent, allowNull, errors ) &&
-				isValidFileContent( context, content, maxBytes, allowNull, errors ) );
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void assertValidFileUpload(String context, String directorypath, String filename, File parent, byte[] content, int maxBytes, List<String> allowedExtensions, boolean allowNull) throws ValidationException, IntrusionException {
-		getValidFileName( context, filename, allowedExtensions, allowNull );
-		getValidDirectoryPath( context, directorypath, parent, allowNull );
-		getValidFileContent( context, content, maxBytes, allowNull );
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void assertValidFileUpload(String context, String filepath, String filename, File parent, byte[] content, int maxBytes, List<String> allowedExtensions, boolean allowNull, ValidationErrorList errors)
-		throws IntrusionException {
-		try {
-			assertValidFileUpload(context, filepath, filename, parent, content, maxBytes, allowedExtensions, allowNull);
-		} catch (ValidationException e) {
-			errors.addError(context, e);
-		}
-	}
-
-	 /**
-	 * {@inheritDoc}
-	 *
-	 * Returns true if input is a valid list item.
-	 */
-	public boolean isValidListItem(String context, String input, List<String> list) {
-		try {
-			getValidListItem( context, input, list);
-			return true;
-		} catch( Exception e ) {
-			return false;
-		}
-	}
-
-        /**
-	 * {@inheritDoc}
-	 *
-	 * Returns true if input is a valid list item.
-	 */
-	public boolean isValidListItem(String context, String input, List<String> list, ValidationErrorList errors) {
-		try {
-			getValidListItem( context, input, list);
-			return true;
-		} catch( ValidationException e ) {
-            errors.addError(context, e);
-			return false;
-		}
-	}
-
-	/**
-	 * Returns the list item that exactly matches the canonicalized input. Invalid or non-matching input
-	 * will generate a descriptive ValidationException, and input that is clearly an attack
-	 * will generate a descriptive IntrusionException.
-	 */
-	public String getValidListItem(String context, String input, List<String> list) throws ValidationException, IntrusionException {
-		if (list.contains(input)) return input;
-		throw new ValidationException( context + ": Invalid list item", "Invalid list item: context=" + context + ", input=" + input, context );
-	}
-
-
-	/**
-	 * ValidationErrorList variant of getValidListItem
-     *
-     * @param errors
-     */
-	public String getValidListItem(String context, String input, List<String> list, ValidationErrorList errors) throws IntrusionException {
-		try {
-			return getValidListItem(context, input, list);
-		} catch (ValidationException e) {
-			errors.addError(context, e);
-		}
-		// error has been added to list, so return original input
-		return input;
-	}
-
-	 /**
-	 * {@inheritDoc}
-     */
-	public boolean isValidHTTPRequestParameterSet(String context, HttpServletRequest request, Set<String> requiredNames, Set<String> optionalNames) {
-		try {
-			assertValidHTTPRequestParameterSet( context, request, requiredNames, optionalNames);
-			return true;
-		} catch( Exception e ) {
-			return false;
-		}
-	}
-
-         /**
-	 * {@inheritDoc}
-     */
-	public boolean isValidHTTPRequestParameterSet(String context, HttpServletRequest request, Set<String> requiredNames, Set<String> optionalNames, ValidationErrorList errors) {
-		try {
-			assertValidHTTPRequestParameterSet( context, request, requiredNames, optionalNames);
-			return true;
-		} catch( ValidationException e ) {
-            errors.addError(context, e);
-			return false;
-		}
-	}
-
-	/**
-	 * Validates that the parameters in the current request contain all required parameters and only optional ones in
-	 * addition. Invalid input will generate a descriptive ValidationException, and input that is clearly an attack
-	 * will generate a descriptive IntrusionException.
-	 *
-	 * Uses current HTTPRequest
-	 */
-	public void assertValidHTTPRequestParameterSet(String context, HttpServletRequest request, Set<String> required, Set<String> optional) throws ValidationException, IntrusionException {
-		Set<String> actualNames = request.getParameterMap().keySet();
-
-		// verify ALL required parameters are present
-		Set<String> missing = new HashSet<String>(required);
-		missing.removeAll(actualNames);
-		if (missing.size() > 0) {
-			throw new ValidationException( context + ": Invalid HTTP request missing parameters", "Invalid HTTP request missing parameters " + missing + ": context=" + context, context );
-		}
-
-		// verify ONLY optional + required parameters are present
-		Set<String> extra = new HashSet<String>(actualNames);
-		extra.removeAll(required);
-		extra.removeAll(optional);
-		if (extra.size() > 0) {
-			throw new ValidationException( context + ": Invalid HTTP request extra parameters " + extra, "Invalid HTTP request extra parameters " + extra + ": context=" + context, context );
-		}
-	}
-
-	/**
-	 * ValidationErrorList variant of assertIsValidHTTPRequestParameterSet
-     *
-	 * Uses current HTTPRequest saved in ESAPI Authenticator
-     * @param errors
-     */
-	public void assertValidHTTPRequestParameterSet(String context, HttpServletRequest request, Set<String> required, Set<String> optional, ValidationErrorList errors) throws IntrusionException {
-		try {
-			assertValidHTTPRequestParameterSet(context, request, required, optional);
-		} catch (ValidationException e) {
-			errors.addError(context, e);
-		}
-	}
-
-	/**
-     * {@inheritDoc}
-     *
-	 * Checks that all bytes are valid ASCII characters (between 33 and 126
-	 * inclusive). This implementation does no decoding. http://en.wikipedia.org/wiki/ASCII.
-	 */
-	public boolean isValidPrintable(String context, char[] input, int maxLength, boolean allowNull) throws IntrusionException {
-		try {
-			getValidPrintable( context, input, maxLength, allowNull);
-			return true;
-		} catch( Exception e ) {
-			return false;
-		}
-	}
-
-        /**
-     * {@inheritDoc}
-     *
-	 * Checks that all bytes are valid ASCII characters (between 33 and 126
-	 * inclusive). This implementation does no decoding. http://en.wikipedia.org/wiki/ASCII.
-	 */
-	public boolean isValidPrintable(String context, char[] input, int maxLength, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
-		try {
-			getValidPrintable( context, input, maxLength, allowNull);
-			return true;
-		} catch( ValidationException e ) {
-            errors.addError(context, e);
-			return false;
-		}
-	}
-
-	/**
-	 * Returns canonicalized and validated printable characters as a byte array. Invalid input will generate a descriptive ValidationException, and input that is clearly an attack
-	 * will generate a descriptive IntrusionException.
-     *
-     * @throws IntrusionException
-     */
-	public char[] getValidPrintable(String context, char[] input, int maxLength, boolean allowNull) throws ValidationException, IntrusionException {
-		if (isEmpty(input)) {
-			if (allowNull) return null;
-   			throw new ValidationException(context + ": Input bytes required", "Input bytes required: HTTP request is null", context );
-		}
-
-		if (input.length > maxLength) {
-			throw new ValidationException(context + ": Input bytes can not exceed " + maxLength + " bytes", "Input exceeds maximum allowed length of " + maxLength + " by " + (input.length-maxLength) + " bytes: context=" + context + ", input=" + new String( input ), context);
-		}
-
-		for (int i = 0; i < input.length; i++) {
-			if (input[i] <= 0x20 || input[i] >= 0x7E ) {
-				throw new ValidationException(context + ": Invalid input bytes: context=" + context, "Invalid non-ASCII input bytes, context=" + context + ", input=" + new String( input ), context);
-			}
-		}
-		return input;
-	}
-
-	/**
-	 * ValidationErrorList variant of getValidPrintable
-     *
-     * @param errors
-     */
-	public char[] getValidPrintable(String context, char[] input,int maxLength, boolean allowNull, ValidationErrorList errors)
-		throws IntrusionException {
-
-		try {
-			return getValidPrintable(context, input, maxLength, allowNull);
-		} catch (ValidationException e) {
-			errors.addError(context, e);
-		}
-		// error has been added to list, so return original input
-		return input;
-	}
-
-
-	 /**
-	 * {@inheritDoc}
-	 *
-	 * Returns true if input is valid printable ASCII characters (32-126).
-	 */
-	public boolean isValidPrintable(String context, String input, int maxLength, boolean allowNull) throws IntrusionException {
-		try {
-			getValidPrintable( context, input, maxLength, allowNull);
-			return true;
-		} catch( Exception e ) {
-			return false;
-		}
-	}
-
-        /**
-	 * {@inheritDoc}
-	 *
-	 * Returns true if input is valid printable ASCII characters (32-126).
-	 */
-	public boolean isValidPrintable(String context, String input, int maxLength, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
-		try {
-			getValidPrintable( context, input, maxLength, allowNull);
-			return true;
-		} catch( ValidationException e ) {
-            errors.addError(context, e);
-			return false;
-		}
-	}
-
-	/**
-	 * Returns canonicalized and validated printable characters as a String. Invalid input will generate a descriptive ValidationException, and input that is clearly an attack
-	 * will generate a descriptive IntrusionException.
-     *
-     * @throws IntrusionException
-     */
-	public String getValidPrintable(String context, String input, int maxLength, boolean allowNull) throws ValidationException, IntrusionException {
-		try {
-    		String canonical = encoder.canonicalize(input);
-    		return new String( getValidPrintable( context, canonical.toCharArray(), maxLength, allowNull) );
-	    //TODO - changed this to base Exception since we no longer need EncodingException
-    	//TODO - this is a bit lame: we need to re-think this function.
-		} catch (Exception e) {
-	        throw new ValidationException( context + ": Invalid printable input", "Invalid encoding of printable input, context=" + context + ", input=" + input, e, context);
-	    }
-	}
-
-	/**
-	 * ValidationErrorList variant of getValidPrintable
-     *
-     * @param errors
-     */
-	public String getValidPrintable(String context, String input,int maxLength, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
-		try {
-			return getValidPrintable(context, input, maxLength, allowNull);
-		} catch (ValidationException e) {
-			errors.addError(context, e);
-		}
-		// error has been added to list, so return original input
-		return input;
-	}
-
-
-	/**
-	 * Returns true if input is a valid redirect location.
-	 */
-	public boolean isValidRedirectLocation(String context, String input, boolean allowNull) throws IntrusionException {
-		return ESAPI.validator().isValidInput( context, input, "Redirect", 512, allowNull);
-	}
-
-        /**
-	 * Returns true if input is a valid redirect location.
-	 */
-	public boolean isValidRedirectLocation(String context, String input, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
-		return ESAPI.validator().isValidInput( context, input, "Redirect", 512, allowNull, errors);
-	}
-
-
-	/**
-	 * Returns a canonicalized and validated redirect location as a String. Invalid input will generate a descriptive ValidationException, and input that is clearly an attack
-	 * will generate a descriptive IntrusionException.
-	 */
-	public String getValidRedirectLocation(String context, String input, boolean allowNull) throws ValidationException, IntrusionException {
-		return ESAPI.validator().getValidInput( context, input, "Redirect", 512, allowNull);
-	}
-
-	/**
-	 * ValidationErrorList variant of getValidRedirectLocation
-     *
-     * @param errors
-     */
-	public String getValidRedirectLocation(String context, String input, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
-		try {
-			return getValidRedirectLocation(context, input, allowNull);
-		} catch (ValidationException e) {
-			errors.addError(context, e);
-		}
-		// error has been added to list, so return original input
-		return input;
-	}
-
-	/**
-     * {@inheritDoc}
-     *
-	 * This implementation reads until a newline or the specified number of
-	 * characters.
-     *
-     * @param in
-     * @param max
-     */
-	public String safeReadLine(InputStream in, int max) throws ValidationException {
-		if (max <= 0) {
-			throw new ValidationAvailabilityException( "Invalid input", "Invalid readline. Must read a positive number of bytes from the stream");
-		}
-
-		StringBuilder sb = new StringBuilder();
-		int count = 0;
-		int c;
-
-		try {
-			while (true) {
-				c = in.read();
-				if ( c == -1 ) {
-					if (sb.length() == 0) {
-						return null;
-					}
-					break;
-				}
-				if (c == '\n' || c == '\r') {
-					break;
-				}
-				count++;
-				if (count > max) {
-					throw new ValidationAvailabilityException( "Invalid input", "Invalid readLine. Read more than maximum characters allowed (" + max + ")");
-				}
-				sb.append((char) c);
-			}
-			return sb.toString();
-		} catch (IOException e) {
-			throw new ValidationAvailabilityException( "Invalid input", "Invalid readLine. Problem reading from input stream", e);
-		}
-	}
-
-	/**
-	 * Helper function to check if a String is empty
-	 *
-	 * @param input string input value
-	 * @return boolean response if input is empty or not
-	 */
-	private final boolean isEmpty(String input) {
-		return (input==null || input.trim().length() == 0);
-	}
-
-	/**
-	 * Helper function to check if a byte array is empty
-	 *
-	 * @param input string input value
-	 * @return boolean response if input is empty or not
-	 */
-	private final boolean isEmpty(byte[] input) {
-		return (input==null || input.length == 0);
-	}
-
-
-	/**
-	 * Helper function to check if a char array is empty
-	 *
-	 * @param input string input value
-	 * @return boolean response if input is empty or not
-	 */
-	private final boolean isEmpty(char[] input) {
-		return (input==null || input.length == 0);
-	}
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author Jim Manico (jim@manico.net) <a href="http://www.manico.net">Manico.net</a>
+ *
+ * @created 2007
+ */
+package org.owasp.esapi.reference;
+
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.text.DateFormat;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.regex.Pattern;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Encoder;
+import org.owasp.esapi.ValidationErrorList;
+import org.owasp.esapi.ValidationRule;
+import org.owasp.esapi.Validator;
+import org.owasp.esapi.errors.IntrusionException;
+import org.owasp.esapi.errors.ValidationAvailabilityException;
+import org.owasp.esapi.errors.ValidationException;
+import org.owasp.esapi.reference.validation.CreditCardValidationRule;
+import org.owasp.esapi.reference.validation.DateValidationRule;
+import org.owasp.esapi.reference.validation.HTMLValidationRule;
+import org.owasp.esapi.reference.validation.IntegerValidationRule;
+import org.owasp.esapi.reference.validation.NumberValidationRule;
+import org.owasp.esapi.reference.validation.StringValidationRule;
+
+/**
+ * Reference implementation of the Validator interface. This implementation
+ * relies on the ESAPI Encoder, Java Pattern (regex), Date,
+ * and several other classes to provide basic validation functions. This library
+ * has a heavy emphasis on whitelist validation and canonicalization.
+ *
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author Jim Manico (jim@manico.net) <a href="http://www.manico.net">Manico.net</a>
+ *
+ * @since June 1, 2007
+ * @see org.owasp.esapi.Validator
+ */
+public class DefaultValidator implements org.owasp.esapi.Validator {
+    private static volatile Validator instance = null;
+
+    public static Validator getInstance() {
+        if ( instance == null ) {
+            synchronized ( Validator.class ) {
+                if ( instance == null ) {
+                    instance = new DefaultValidator();
+                }
+            }
+        }
+        return instance;
+    }
+
+	/** A map of validation rules */
+	private Map<String, ValidationRule> rules = new HashMap<String, ValidationRule>();
+
+	/** The encoder to use for canonicalization */
+	private Encoder encoder = null;
+
+	/** The encoder to use for file system */
+	private static Validator fileValidator = null;
+
+	/** Initialize file validator with an appropriate set of codecs */
+	static {
+		List<String> list = new ArrayList<String>();
+		list.add( "HTMLEntityCodec" );
+		list.add( "PercentCodec" );
+		Encoder fileEncoder = new DefaultEncoder( list );
+		fileValidator = new DefaultValidator( fileEncoder );
+	}
+
+
+	/**
+	 * Default constructor uses the ESAPI standard encoder for canonicalization.
+	 */
+	public DefaultValidator() {
+	    this.encoder = ESAPI.encoder();
+	}
+
+	/**
+	 * Construct a new DefaultValidator that will use the specified
+	 * Encoder for canonicalization.
+     *
+     * @param encoder
+     */
+	public DefaultValidator( Encoder encoder ) {
+	    this.encoder = encoder;
+	}
+
+
+	/**
+	 * Add a validation rule to the registry using the "type name" of the rule as the key.
+	 */
+	public void addRule( ValidationRule rule ) {
+		rules.put( rule.getTypeName(), rule );
+	}
+
+	/**
+	 * Get a validation rule from the registry with the "type name" of the rule as the key.
+	 */
+	public ValidationRule getRule( String name ) {
+		return rules.get( name );
+	}
+
+
+	/**
+	 * Returns true if data received from browser is valid. Double encoding is treated as an attack. The
+	 * default encoder supports html encoding, URL encoding, and javascript escaping. Input is canonicalized
+	 * by default before validation.
+	 *
+	 * @param context A descriptive name for the field to validate. This is used for error facing validation messages and element identification.
+	 * @param input The actual user input data to validate.
+	 * @param type The regular expression name while maps to the actual regular expression from "ESAPI.properties".
+	 * @param maxLength The maximum post-canonicalized String length allowed.
+	 * @param allowNull If allowNull is true then a input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
+	 * @return The canonicalized user input.
+	 * @throws IntrusionException
+	 */
+	public boolean isValidInput(String context, String input, String type, int maxLength, boolean allowNull) throws IntrusionException  {
+		return isValidInput(context, input, type, maxLength, allowNull, true);
+	}
+
+        public boolean isValidInput(String context, String input, String type, int maxLength, boolean allowNull, ValidationErrorList errors) throws IntrusionException  {
+		return isValidInput(context, input, type, maxLength, allowNull, true, errors);
+	}
+
+	public boolean isValidInput(String context, String input, String type, int maxLength, boolean allowNull, boolean canonicalize) throws IntrusionException  {
+		try {
+			getValidInput( context, input, type, maxLength, allowNull, canonicalize);
+			return true;
+		} catch( Exception e ) {
+			return false;
+		}
+	}
+
+        public boolean isValidInput(String context, String input, String type, int maxLength, boolean allowNull, boolean canonicalize, ValidationErrorList errors) throws IntrusionException  {
+		try {
+			getValidInput( context, input, type, maxLength, allowNull, canonicalize);
+			return true;
+		} catch( ValidationException e ) {
+			errors.addError( context, e );
+			return false;
+		}
+	}
+
+	/**
+	 * Validates data received from the browser and returns a safe version.
+	 * Double encoding is treated as an attack. The default encoder supports
+	 * html encoding, URL encoding, and javascript escaping. Input is
+	 * canonicalized by default before validation.
+	 *
+	 * @param context A descriptive name for the field to validate. This is used for error facing validation messages and element identification.
+	 * @param input The actual user input data to validate.
+	 * @param type The regular expression name which maps to the actual regular expression from "ESAPI.properties".
+	 * @param maxLength The maximum post-canonicalized String length allowed.
+	 * @param allowNull If allowNull is true then a input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
+	 * @return The canonicalized user input.
+	 * @throws ValidationException
+	 * @throws IntrusionException
+	 */
+	public String getValidInput(String context, String input, String type, int maxLength, boolean allowNull) throws ValidationException {
+		return getValidInput(context, input, type, maxLength, allowNull, true);
+	}
+
+	/**
+	 * Validates data received from the browser and returns a safe version. Only
+	 * URL encoding is supported. Double encoding is treated as an attack.
+	 *
+	 * @param context A descriptive name for the field to validate. This is used for error facing validation messages and element identification.
+	 * @param input The actual user input data to validate.
+	 * @param type The regular expression name which maps to the actual regular expression in the ESAPI validation configuration file
+	 * @param maxLength The maximum String length allowed. If input is canonicalized per the canonicalize argument, then maxLength must be verified after canonicalization
+     * @param allowNull If allowNull is true then a input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
+	 * @param canonicalize If canonicalize is true then input will be canonicalized before validation
+	 * @return The user input, may be canonicalized if canonicalize argument is true
+	 * @throws ValidationException
+	 * @throws IntrusionException
+	 */
+	public String getValidInput(String context, String input, String type, int maxLength, boolean allowNull, boolean canonicalize) throws ValidationException {
+		StringValidationRule rvr = new StringValidationRule( type, encoder );
+		Pattern p = ESAPI.securityConfiguration().getValidationPattern( type );
+		if ( p != null ) {
+			rvr.addWhitelistPattern( p );
+		} else {
+            // Issue 232 - Specify requested type in exception message - CS
+			throw new IllegalArgumentException("The selected type [" + type + "] was not set via the ESAPI validation configuration");
+		}
+		rvr.setMaximumLength(maxLength);
+		rvr.setAllowNull(allowNull);
+		rvr.setValidateInputAndCanonical(canonicalize);
+		return rvr.getValid(context, input);
+	}
+
+	/**
+	 * Validates data received from the browser and returns a safe version. Only
+	 * URL encoding is supported. Double encoding is treated as an attack. Input
+	 * is canonicalized by default before validation.
+	 *
+	 * @param context A descriptive name for the field to validate. This is used for error facing validation messages and element identification.
+	 * @param input The actual user input data to validate.
+	 * @param type The regular expression name while maps to the actual regular expression from "ESAPI.properties".
+	 * @param maxLength The maximum String length allowed. If input is canonicalized per the canonicalize argument, then maxLength must be verified after canonicalization
+	 * @param allowNull If allowNull is true then a input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
+	 * @param errors If ValidationException is thrown, then add to error list instead of throwing out to caller
+	 * @return The canonicalized user input.
+	 * @throws IntrusionException
+	 */
+	public String getValidInput(String context, String input, String type, int maxLength, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
+		return getValidInput(context, input, type, maxLength, allowNull, true, errors);
+	}
+
+	/**
+	 * Validates data received from the browser and returns a safe version. Only
+	 * URL encoding is supported. Double encoding is treated as an attack.
+	 *
+	 * @param context A descriptive name for the field to validate. This is used for error facing validation messages and element identification.
+	 * @param input The actual user input data to validate.
+	 * @param type The regular expression name while maps to the actual regular expression from "ESAPI.properties".
+	 * @param maxLength The maximum post-canonicalized String length allowed
+	 * @param allowNull If allowNull is true then a input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
+	 * @param canonicalize If canonicalize is true then input will be canonicalized before validation
+	 * @param errors If ValidationException is thrown, then add to error list instead of throwing out to caller
+	 * @return The user input, may be canonicalized if canonicalize argument is true
+	 * @throws IntrusionException
+	 */
+	public String getValidInput(String context, String input, String type, int maxLength, boolean allowNull, boolean canonicalize, ValidationErrorList errors) throws IntrusionException {
+		try {
+			return getValidInput(context,  input,  type,  maxLength,  allowNull, canonicalize);
+		} catch (ValidationException e) {
+			errors.addError(context, e);
+		}
+
+		return "";
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public boolean isValidDate(String context, String input, DateFormat format, boolean allowNull) throws IntrusionException {
+		try {
+			getValidDate( context, input, format, allowNull);
+			return true;
+		} catch( Exception e ) {
+			return false;
+		}
+	}
+
+        /**
+	 * {@inheritDoc}
+	 */
+	public boolean isValidDate(String context, String input, DateFormat format, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
+		try {
+			getValidDate( context, input, format, allowNull);
+			return true;
+		} catch( ValidationException e ) {
+            errors.addError(context, e);
+			return false;
+		}
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public Date getValidDate(String context, String input, DateFormat format, boolean allowNull) throws ValidationException, IntrusionException {
+		DateValidationRule dvr = new DateValidationRule( "SimpleDate", encoder, format);
+		dvr.setAllowNull(allowNull);
+		return dvr.getValid(context, input);
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public Date getValidDate(String context, String input, DateFormat format, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
+		try {
+			return getValidDate(context, input, format, allowNull);
+		} catch (ValidationException e) {
+			errors.addError(context, e);
+		}
+		// error has been added to list, so return null
+		return null;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public boolean isValidSafeHTML(String context, String input, int maxLength, boolean allowNull) throws IntrusionException {
+		try {
+			getValidSafeHTML( context, input, maxLength, allowNull);
+			return true;
+		} catch( Exception e ) {
+			return false;
+		}
+	}
+
+        /**
+	 * {@inheritDoc}
+	 */
+	public boolean isValidSafeHTML(String context, String input, int maxLength, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
+		try {
+			getValidSafeHTML( context, input, maxLength, allowNull);
+			return true;
+		} catch( ValidationException e ) {
+            errors.addError(context, e);
+			return false;
+		}
+	}
+
+	/**
+	 * {@inheritDoc}
+	 *
+	 * This implementation relies on the OWASP AntiSamy project.
+	 */
+	public String getValidSafeHTML( String context, String input, int maxLength, boolean allowNull ) throws ValidationException, IntrusionException {
+		HTMLValidationRule hvr = new HTMLValidationRule( "safehtml", encoder );
+		hvr.setMaximumLength(maxLength);
+		hvr.setAllowNull(allowNull);
+		hvr.setValidateInputAndCanonical(false);
+		return hvr.getValid(context, input);
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public String getValidSafeHTML(String context, String input, int maxLength, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
+		try {
+			return getValidSafeHTML(context, input, maxLength, allowNull);
+		} catch (ValidationException e) {
+			errors.addError(context, e);
+		}
+
+		return "";
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public boolean isValidCreditCard(String context, String input, boolean allowNull) throws IntrusionException {
+		try {
+			getValidCreditCard( context, input, allowNull);
+			return true;
+		} catch( Exception e ) {
+			return false;
+		}
+	}
+
+        /**
+	 * {@inheritDoc}
+	 */
+	public boolean isValidCreditCard(String context, String input, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
+		try {
+			getValidCreditCard( context, input, allowNull);
+			return true;
+		} catch( ValidationException e ) {
+            errors.addError(context, e);
+			return false;
+		}
+	}
+	/**
+	 * {@inheritDoc}
+	 */
+	public String getValidCreditCard(String context, String input, boolean allowNull) throws ValidationException, IntrusionException {
+		CreditCardValidationRule ccvr = new CreditCardValidationRule( "creditcard", encoder );
+		ccvr.setAllowNull(allowNull);
+		return ccvr.getValid(context, input);
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public String getValidCreditCard(String context, String input, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
+		try {
+			return getValidCreditCard(context, input, allowNull);
+		} catch (ValidationException e) {
+			errors.addError(context, e);
+		}
+
+		return "";
+	}
+
+	/**
+	 * {@inheritDoc}
+	 *
+	 * <p><b>Note:</b> On platforms that support symlinks, this function will fail canonicalization if directorypath
+	 * is a symlink. For example, on MacOS X, /etc is actually /private/etc. If you mean to use /etc, use its real
+	 * path (/private/etc), not the symlink (/etc).</p>
+	 */
+	public boolean isValidDirectoryPath(String context, String input, File parent, boolean allowNull) throws IntrusionException {
+		try {
+			getValidDirectoryPath( context, input, parent, allowNull);
+			return true;
+		} catch( Exception e ) {
+			return false;
+		}
+	}
+
+        /**
+	 * {@inheritDoc}
+	 *
+	 * <p><b>Note:</b> On platforms that support symlinks, this function will fail canonicalization if directorypath
+	 * is a symlink. For example, on MacOS X, /etc is actually /private/etc. If you mean to use /etc, use its real
+	 * path (/private/etc), not the symlink (/etc).</p>
+	 */
+	public boolean isValidDirectoryPath(String context, String input, File parent, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
+		try {
+			getValidDirectoryPath( context, input, parent, allowNull);
+			return true;
+		} catch( ValidationException e ) {
+            errors.addError(context, e);
+			return false;
+		}
+	}
+	/**
+	 * {@inheritDoc}
+	 */
+	public String getValidDirectoryPath(String context, String input, File parent, boolean allowNull) throws ValidationException, IntrusionException {
+		try {
+			if (isEmpty(input)) {
+				if (allowNull) return null;
+       			throw new ValidationException( context + ": Input directory path required", "Input directory path required: context=" + context + ", input=" + input, context );
+			}
+
+			File dir = new File( input );
+
+			// check dir exists and parent exists and dir is inside parent
+			if ( !dir.exists() ) {
+				throw new ValidationException( context + ": Invalid directory name", "Invalid directory, does not exist: context=" + context + ", input=" + input );
+			}
+			if ( !dir.isDirectory() ) {
+				throw new ValidationException( context + ": Invalid directory name", "Invalid directory, not a directory: context=" + context + ", input=" + input );
+			}
+			if ( !parent.exists() ) {
+				throw new ValidationException( context + ": Invalid directory name", "Invalid directory, specified parent does not exist: context=" + context + ", input=" + input + ", parent=" + parent );
+			}
+			if ( !parent.isDirectory() ) {
+				throw new ValidationException( context + ": Invalid directory name", "Invalid directory, specified parent is not a directory: context=" + context + ", input=" + input + ", parent=" + parent );
+			}
+			if ( !dir.getCanonicalPath().startsWith(parent.getCanonicalPath() ) ) {
+				throw new ValidationException( context + ": Invalid directory name", "Invalid directory, not inside specified parent: context=" + context + ", input=" + input + ", parent=" + parent );
+			}
+
+			// check canonical form matches input
+			String canonicalPath = dir.getCanonicalPath();
+			String canonical = fileValidator.getValidInput( context, canonicalPath, "DirectoryName", 255, false);
+			if ( !canonical.equals( input ) ) {
+				throw new ValidationException( context + ": Invalid directory name", "Invalid directory name does not match the canonical path: context=" + context + ", input=" + input + ", canonical=" + canonical, context );
+			}
+			return canonical;
+		} catch (Exception e) {
+			throw new ValidationException( context + ": Invalid directory name", "Failure to validate directory path: context=" + context + ", input=" + input, e, context );
+		}
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public String getValidDirectoryPath(String context, String input, File parent, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
+
+		try {
+			return getValidDirectoryPath(context, input, parent, allowNull);
+		} catch (ValidationException e) {
+			errors.addError(context, e);
+		}
+
+		return "";
+	}
+
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public boolean isValidFileName(String context, String input, boolean allowNull) throws IntrusionException {
+		return isValidFileName( context, input, ESAPI.securityConfiguration().getAllowedFileExtensions(), allowNull );
+	}
+
+        /**
+	 * {@inheritDoc}
+	 */
+	public boolean isValidFileName(String context, String input, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
+		return isValidFileName( context, input, ESAPI.securityConfiguration().getAllowedFileExtensions(), allowNull, errors );
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public boolean isValidFileName(String context, String input, List<String> allowedExtensions, boolean allowNull) throws IntrusionException {
+		try {
+			getValidFileName( context, input, allowedExtensions, allowNull);
+			return true;
+		} catch( Exception e ) {
+			return false;
+		}
+	}
+
+        /**
+	 * {@inheritDoc}
+	 */
+	public boolean isValidFileName(String context, String input, List<String> allowedExtensions, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
+		try {
+			getValidFileName( context, input, allowedExtensions, allowNull);
+			return true;
+		} catch( ValidationException e ) {
+            errors.addError(context, e);
+			return false;
+		}
+	}
+	/**
+	 * {@inheritDoc}
+	 */
+	public String getValidFileName(String context, String input, List<String> allowedExtensions, boolean allowNull) throws ValidationException, IntrusionException {
+		if ((allowedExtensions == null) || (allowedExtensions.isEmpty())) {
+			throw new ValidationException( "Internal Error", "getValidFileName called with an empty or null list of allowed Extensions, therefore no files can be uploaded" );
+		}
+
+		String canonical = "";
+		// detect path manipulation
+		try {
+			if (isEmpty(input)) {
+				if (allowNull) return null;
+	   			throw new ValidationException( context + ": Input file name required", "Input required: context=" + context + ", input=" + input, context );
+			}
+
+			// do basic validation
+	        canonical = new File(input).getCanonicalFile().getName();
+	        getValidInput( context, input, "FileName", 255, true );
+
+			File f = new File(canonical);
+			String c = f.getCanonicalPath();
+			String cpath = c.substring(c.lastIndexOf(File.separator) + 1);
+
+
+			// the path is valid if the input matches the canonical path
+			if (!input.equals(cpath)) {
+				throw new ValidationException( context + ": Invalid file name", "Invalid directory name does not match the canonical path: context=" + context + ", input=" + input + ", canonical=" + canonical, context );
+			}
+
+		} catch (IOException e) {
+			throw new ValidationException( context + ": Invalid file name", "Invalid file name does not exist: context=" + context + ", canonical=" + canonical, e, context );
+		}
+
+		// verify extensions
+		Iterator<String> i = allowedExtensions.iterator();
+		while (i.hasNext()) {
+			String ext = i.next();
+			if (input.toLowerCase().endsWith(ext.toLowerCase())) {
+				return canonical;
+			}
+		}
+		throw new ValidationException( context + ": Invalid file name does not have valid extension ( "+allowedExtensions+")", "Invalid file name does not have valid extension ( "+allowedExtensions+"): context=" + context+", input=" + input, context );
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public String getValidFileName(String context, String input, List<String> allowedParameters, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
+		try {
+			return getValidFileName(context, input, allowedParameters, allowNull);
+		} catch (ValidationException e) {
+			errors.addError(context, e);
+		}
+
+		return "";
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public boolean isValidNumber(String context, String input, long minValue, long maxValue, boolean allowNull) throws IntrusionException {
+		try {
+			getValidNumber(context, input, minValue, maxValue, allowNull);
+			return true;
+		} catch( Exception e ) {
+			return false;
+		}
+	}
+
+        /**
+	 * {@inheritDoc}
+	 */
+	public boolean isValidNumber(String context, String input, long minValue, long maxValue, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
+		try {
+			getValidNumber(context, input, minValue, maxValue, allowNull);
+			return true;
+		} catch( ValidationException e ) {
+            errors.addError(context, e);
+			return false;
+		}
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public Double getValidNumber(String context, String input, long minValue, long maxValue, boolean allowNull) throws ValidationException, IntrusionException {
+		Double minDoubleValue = new Double(minValue);
+		Double maxDoubleValue = new Double(maxValue);
+		return getValidDouble(context, input, minDoubleValue.doubleValue(), maxDoubleValue.doubleValue(), allowNull);
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public Double getValidNumber(String context, String input, long minValue, long maxValue, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
+		try {
+			return getValidNumber(context, input, minValue, maxValue, allowNull);
+		} catch (ValidationException e) {
+			errors.addError(context, e);
+		}
+
+		return null;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public boolean isValidDouble(String context, String input, double minValue, double maxValue, boolean allowNull) throws IntrusionException {
+        try {
+            getValidDouble( context, input, minValue, maxValue, allowNull );
+            return true;
+        } catch( Exception e ) {
+            return false;
+        }
+	}
+
+        /**
+	 * {@inheritDoc}
+	 */
+	public boolean isValidDouble(String context, String input, double minValue, double maxValue, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
+        try {
+            getValidDouble( context, input, minValue, maxValue, allowNull );
+            return true;
+        } catch( ValidationException e ) {
+            errors.addError(context, e);
+            return false;
+        }
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public Double getValidDouble(String context, String input, double minValue, double maxValue, boolean allowNull) throws ValidationException, IntrusionException {
+		NumberValidationRule nvr = new NumberValidationRule( "number", encoder, minValue, maxValue );
+		nvr.setAllowNull(allowNull);
+		return nvr.getValid(context, input);
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public Double getValidDouble(String context, String input, double minValue, double maxValue, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
+		try {
+			return getValidDouble(context, input, minValue, maxValue, allowNull);
+		} catch (ValidationException e) {
+			errors.addError(context, e);
+		}
+
+		return new Double(Double.NaN);
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public boolean isValidInteger(String context, String input, int minValue, int maxValue, boolean allowNull) throws IntrusionException {
+		try {
+			getValidInteger( context, input, minValue, maxValue, allowNull);
+			return true;
+		} catch( ValidationException e ) {
+			return false;
+		}
+	}
+
+        /**
+	 * {@inheritDoc}
+	 */
+	public boolean isValidInteger(String context, String input, int minValue, int maxValue, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
+		try {
+			getValidInteger( context, input, minValue, maxValue, allowNull);
+			return true;
+		} catch( ValidationException e ) {
+            errors.addError(context, e);
+			return false;
+		}
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public Integer getValidInteger(String context, String input, int minValue, int maxValue, boolean allowNull) throws ValidationException, IntrusionException {
+		IntegerValidationRule ivr = new IntegerValidationRule( "number", encoder, minValue, maxValue );
+		ivr.setAllowNull(allowNull);
+		return ivr.getValid(context, input);
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public Integer getValidInteger(String context, String input, int minValue, int maxValue, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
+		try {
+			return getValidInteger(context, input, minValue, maxValue, allowNull);
+		} catch (ValidationException e) {
+			errors.addError(context, e);
+		}
+		// error has been added to list, so return original input
+		return null;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public boolean isValidFileContent(String context, byte[] input, int maxBytes, boolean allowNull) throws IntrusionException {
+		try {
+			getValidFileContent( context, input, maxBytes, allowNull);
+			return true;
+		} catch( Exception e ) {
+			return false;
+		}
+	}
+
+        /**
+	 * {@inheritDoc}
+	 */
+	public boolean isValidFileContent(String context, byte[] input, int maxBytes, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
+		try {
+			getValidFileContent( context, input, maxBytes, allowNull);
+			return true;
+		} catch( ValidationException e ) {
+            errors.addError(context, e);
+			return false;
+		}
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public byte[] getValidFileContent(String context, byte[] input, int maxBytes, boolean allowNull) throws ValidationException, IntrusionException {
+		if (isEmpty(input)) {
+			if (allowNull) return null;
+   			throw new ValidationException( context + ": Input required", "Input required: context=" + context + ", input=" + input, context );
+		}
+
+		long esapiMaxBytes = ESAPI.securityConfiguration().getAllowedFileUploadSize();
+		if (input.length > esapiMaxBytes ) throw new ValidationException( context + ": Invalid file content can not exceed " + esapiMaxBytes + " bytes", "Exceeded ESAPI max length", context );
+		if (input.length > maxBytes ) throw new ValidationException( context + ": Invalid file content can not exceed " + maxBytes + " bytes", "Exceeded maxBytes ( " + input.length + ")", context );
+
+		return input;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public byte[] getValidFileContent(String context, byte[] input, int maxBytes, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
+		try {
+			return getValidFileContent(context, input, maxBytes, allowNull);
+		} catch (ValidationException e) {
+			errors.addError(context, e);
+		}
+		// return empty byte array on error
+		return new byte[0];
+	}
+
+	/**
+	 * {@inheritDoc}
+	 *
+	 * <p><b>Note:</b> On platforms that support symlinks, this function will fail canonicalization if directorypath
+	 * is a symlink. For example, on MacOS X, /etc is actually /private/etc. If you mean to use /etc, use its real
+	 * path (/private/etc), not the symlink (/etc).</p>
+     */
+	public boolean isValidFileUpload(String context, String directorypath, String filename, File parent, byte[] content, int maxBytes, boolean allowNull) throws IntrusionException {
+		return( isValidFileName( context, filename, allowNull ) &&
+				isValidDirectoryPath( context, directorypath, parent, allowNull ) &&
+				isValidFileContent( context, content, maxBytes, allowNull ) );
+	}
+
+        /**
+	 * {@inheritDoc}
+	 *
+	 * <p><b>Note:</b> On platforms that support symlinks, this function will fail canonicalization if directorypath
+	 * is a symlink. For example, on MacOS X, /etc is actually /private/etc. If you mean to use /etc, use its real
+	 * path (/private/etc), not the symlink (/etc).</p>
+     */
+	public boolean isValidFileUpload(String context, String directorypath, String filename, File parent, byte[] content, int maxBytes, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
+		return( isValidFileName( context, filename, allowNull, errors ) &&
+				isValidDirectoryPath( context, directorypath, parent, allowNull, errors ) &&
+				isValidFileContent( context, content, maxBytes, allowNull, errors ) );
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public void assertValidFileUpload(String context, String directorypath, String filename, File parent, byte[] content, int maxBytes, List<String> allowedExtensions, boolean allowNull) throws ValidationException, IntrusionException {
+		getValidFileName( context, filename, allowedExtensions, allowNull );
+		getValidDirectoryPath( context, directorypath, parent, allowNull );
+		getValidFileContent( context, content, maxBytes, allowNull );
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public void assertValidFileUpload(String context, String filepath, String filename, File parent, byte[] content, int maxBytes, List<String> allowedExtensions, boolean allowNull, ValidationErrorList errors)
+		throws IntrusionException {
+		try {
+			assertValidFileUpload(context, filepath, filename, parent, content, maxBytes, allowedExtensions, allowNull);
+		} catch (ValidationException e) {
+			errors.addError(context, e);
+		}
+	}
+
+	 /**
+	 * {@inheritDoc}
+	 *
+	 * Returns true if input is a valid list item.
+	 */
+	public boolean isValidListItem(String context, String input, List<String> list) {
+		try {
+			getValidListItem( context, input, list);
+			return true;
+		} catch( Exception e ) {
+			return false;
+		}
+	}
+
+        /**
+	 * {@inheritDoc}
+	 *
+	 * Returns true if input is a valid list item.
+	 */
+	public boolean isValidListItem(String context, String input, List<String> list, ValidationErrorList errors) {
+		try {
+			getValidListItem( context, input, list);
+			return true;
+		} catch( ValidationException e ) {
+            errors.addError(context, e);
+			return false;
+		}
+	}
+
+	/**
+	 * Returns the list item that exactly matches the canonicalized input. Invalid or non-matching input
+	 * will generate a descriptive ValidationException, and input that is clearly an attack
+	 * will generate a descriptive IntrusionException.
+	 */
+	public String getValidListItem(String context, String input, List<String> list) throws ValidationException, IntrusionException {
+		if (list.contains(input)) return input;
+		throw new ValidationException( context + ": Invalid list item", "Invalid list item: context=" + context + ", input=" + input, context );
+	}
+
+
+	/**
+	 * ValidationErrorList variant of getValidListItem
+     *
+     * @param errors
+     */
+	public String getValidListItem(String context, String input, List<String> list, ValidationErrorList errors) throws IntrusionException {
+		try {
+			return getValidListItem(context, input, list);
+		} catch (ValidationException e) {
+			errors.addError(context, e);
+		}
+		// error has been added to list, so return original input
+		return input;
+	}
+
+	 /**
+	 * {@inheritDoc}
+     */
+	public boolean isValidHTTPRequestParameterSet(String context, HttpServletRequest request, Set<String> requiredNames, Set<String> optionalNames) {
+		try {
+			assertValidHTTPRequestParameterSet( context, request, requiredNames, optionalNames);
+			return true;
+		} catch( Exception e ) {
+			return false;
+		}
+	}
+
+         /**
+	 * {@inheritDoc}
+     */
+	public boolean isValidHTTPRequestParameterSet(String context, HttpServletRequest request, Set<String> requiredNames, Set<String> optionalNames, ValidationErrorList errors) {
+		try {
+			assertValidHTTPRequestParameterSet( context, request, requiredNames, optionalNames);
+			return true;
+		} catch( ValidationException e ) {
+            errors.addError(context, e);
+			return false;
+		}
+	}
+
+	/**
+	 * Validates that the parameters in the current request contain all required parameters and only optional ones in
+	 * addition. Invalid input will generate a descriptive ValidationException, and input that is clearly an attack
+	 * will generate a descriptive IntrusionException.
+	 *
+	 * Uses current HTTPRequest
+	 */
+	public void assertValidHTTPRequestParameterSet(String context, HttpServletRequest request, Set<String> required, Set<String> optional) throws ValidationException, IntrusionException {
+		Set<String> actualNames = request.getParameterMap().keySet();
+
+		// verify ALL required parameters are present
+		Set<String> missing = new HashSet<String>(required);
+		missing.removeAll(actualNames);
+		if (missing.size() > 0) {
+			throw new ValidationException( context + ": Invalid HTTP request missing parameters", "Invalid HTTP request missing parameters " + missing + ": context=" + context, context );
+		}
+
+		// verify ONLY optional + required parameters are present
+		Set<String> extra = new HashSet<String>(actualNames);
+		extra.removeAll(required);
+		extra.removeAll(optional);
+		if (extra.size() > 0) {
+			throw new ValidationException( context + ": Invalid HTTP request extra parameters " + extra, "Invalid HTTP request extra parameters " + extra + ": context=" + context, context );
+		}
+	}
+
+	/**
+	 * ValidationErrorList variant of assertIsValidHTTPRequestParameterSet
+     *
+	 * Uses current HTTPRequest saved in ESAPI Authenticator
+     * @param errors
+     */
+	public void assertValidHTTPRequestParameterSet(String context, HttpServletRequest request, Set<String> required, Set<String> optional, ValidationErrorList errors) throws IntrusionException {
+		try {
+			assertValidHTTPRequestParameterSet(context, request, required, optional);
+		} catch (ValidationException e) {
+			errors.addError(context, e);
+		}
+	}
+
+	/**
+     * {@inheritDoc}
+     *
+	 * Checks that all bytes are valid ASCII characters (between 33 and 126
+	 * inclusive). This implementation does no decoding. http://en.wikipedia.org/wiki/ASCII.
+	 */
+	public boolean isValidPrintable(String context, char[] input, int maxLength, boolean allowNull) throws IntrusionException {
+		try {
+			getValidPrintable( context, input, maxLength, allowNull);
+			return true;
+		} catch( Exception e ) {
+			return false;
+		}
+	}
+
+        /**
+     * {@inheritDoc}
+     *
+	 * Checks that all bytes are valid ASCII characters (between 33 and 126
+	 * inclusive). This implementation does no decoding. http://en.wikipedia.org/wiki/ASCII.
+	 */
+	public boolean isValidPrintable(String context, char[] input, int maxLength, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
+		try {
+			getValidPrintable( context, input, maxLength, allowNull);
+			return true;
+		} catch( ValidationException e ) {
+            errors.addError(context, e);
+			return false;
+		}
+	}
+
+	/**
+	 * Returns canonicalized and validated printable characters as a byte array. Invalid input will generate a descriptive ValidationException, and input that is clearly an attack
+	 * will generate a descriptive IntrusionException.
+     *
+     * @throws IntrusionException
+     */
+	public char[] getValidPrintable(String context, char[] input, int maxLength, boolean allowNull) throws ValidationException, IntrusionException {
+		if (isEmpty(input)) {
+			if (allowNull) return null;
+   			throw new ValidationException(context + ": Input bytes required", "Input bytes required: HTTP request is null", context );
+		}
+
+		if (input.length > maxLength) {
+			throw new ValidationException(context + ": Input bytes can not exceed " + maxLength + " bytes", "Input exceeds maximum allowed length of " + maxLength + " by " + (input.length-maxLength) + " bytes: context=" + context + ", input=" + new String( input ), context);
+		}
+
+		for (int i = 0; i < input.length; i++) {
+			if (input[i] <= 0x20 || input[i] >= 0x7E ) {
+				throw new ValidationException(context + ": Invalid input bytes: context=" + context, "Invalid non-ASCII input bytes, context=" + context + ", input=" + new String( input ), context);
+			}
+		}
+		return input;
+	}
+
+	/**
+	 * ValidationErrorList variant of getValidPrintable
+     *
+     * @param errors
+     */
+	public char[] getValidPrintable(String context, char[] input,int maxLength, boolean allowNull, ValidationErrorList errors)
+		throws IntrusionException {
+
+		try {
+			return getValidPrintable(context, input, maxLength, allowNull);
+		} catch (ValidationException e) {
+			errors.addError(context, e);
+		}
+		// error has been added to list, so return original input
+		return input;
+	}
+
+
+	 /**
+	 * {@inheritDoc}
+	 *
+	 * Returns true if input is valid printable ASCII characters (32-126).
+	 */
+	public boolean isValidPrintable(String context, String input, int maxLength, boolean allowNull) throws IntrusionException {
+		try {
+			getValidPrintable( context, input, maxLength, allowNull);
+			return true;
+		} catch( Exception e ) {
+			return false;
+		}
+	}
+
+        /**
+	 * {@inheritDoc}
+	 *
+	 * Returns true if input is valid printable ASCII characters (32-126).
+	 */
+	public boolean isValidPrintable(String context, String input, int maxLength, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
+		try {
+			getValidPrintable( context, input, maxLength, allowNull);
+			return true;
+		} catch( ValidationException e ) {
+            errors.addError(context, e);
+			return false;
+		}
+	}
+
+	/**
+	 * Returns canonicalized and validated printable characters as a String. Invalid input will generate a descriptive ValidationException, and input that is clearly an attack
+	 * will generate a descriptive IntrusionException.
+     *
+     * @throws IntrusionException
+     */
+	public String getValidPrintable(String context, String input, int maxLength, boolean allowNull) throws ValidationException, IntrusionException {
+		try {
+    		String canonical = encoder.canonicalize(input);
+    		return new String( getValidPrintable( context, canonical.toCharArray(), maxLength, allowNull) );
+	    //TODO - changed this to base Exception since we no longer need EncodingException
+    	//TODO - this is a bit lame: we need to re-think this function.
+		} catch (Exception e) {
+	        throw new ValidationException( context + ": Invalid printable input", "Invalid encoding of printable input, context=" + context + ", input=" + input, e, context);
+	    }
+	}
+
+	/**
+	 * ValidationErrorList variant of getValidPrintable
+     *
+     * @param errors
+     */
+	public String getValidPrintable(String context, String input,int maxLength, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
+		try {
+			return getValidPrintable(context, input, maxLength, allowNull);
+		} catch (ValidationException e) {
+			errors.addError(context, e);
+		}
+		// error has been added to list, so return original input
+		return input;
+	}
+
+
+	/**
+	 * Returns true if input is a valid redirect location.
+	 */
+	public boolean isValidRedirectLocation(String context, String input, boolean allowNull) throws IntrusionException {
+		return ESAPI.validator().isValidInput( context, input, "Redirect", 512, allowNull);
+	}
+
+        /**
+	 * Returns true if input is a valid redirect location.
+	 */
+	public boolean isValidRedirectLocation(String context, String input, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
+		return ESAPI.validator().isValidInput( context, input, "Redirect", 512, allowNull, errors);
+	}
+
+
+	/**
+	 * Returns a canonicalized and validated redirect location as a String. Invalid input will generate a descriptive ValidationException, and input that is clearly an attack
+	 * will generate a descriptive IntrusionException.
+	 */
+	public String getValidRedirectLocation(String context, String input, boolean allowNull) throws ValidationException, IntrusionException {
+		return ESAPI.validator().getValidInput( context, input, "Redirect", 512, allowNull);
+	}
+
+	/**
+	 * ValidationErrorList variant of getValidRedirectLocation
+     *
+     * @param errors
+     */
+	public String getValidRedirectLocation(String context, String input, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
+		try {
+			return getValidRedirectLocation(context, input, allowNull);
+		} catch (ValidationException e) {
+			errors.addError(context, e);
+		}
+		// error has been added to list, so return original input
+		return input;
+	}
+
+	/**
+     * {@inheritDoc}
+     *
+	 * This implementation reads until a newline or the specified number of
+	 * characters.
+     *
+     * @param in
+     * @param max
+     */
+	public String safeReadLine(InputStream in, int max) throws ValidationException {
+		if (max <= 0) {
+			throw new ValidationAvailabilityException( "Invalid input", "Invalid readline. Must read a positive number of bytes from the stream");
+		}
+
+		StringBuilder sb = new StringBuilder();
+		int count = 0;
+		int c;
+
+		try {
+			while (true) {
+				c = in.read();
+				if ( c == -1 ) {
+					if (sb.length() == 0) {
+						return null;
+					}
+					break;
+				}
+				if (c == '\n' || c == '\r') {
+					break;
+				}
+				count++;
+				if (count > max) {
+					throw new ValidationAvailabilityException( "Invalid input", "Invalid readLine. Read more than maximum characters allowed (" + max + ")");
+				}
+				sb.append((char) c);
+			}
+			return sb.toString();
+		} catch (IOException e) {
+			throw new ValidationAvailabilityException( "Invalid input", "Invalid readLine. Problem reading from input stream", e);
+		}
+	}
+
+	/**
+	 * Helper function to check if a String is empty
+	 *
+	 * @param input string input value
+	 * @return boolean response if input is empty or not
+	 */
+	private final boolean isEmpty(String input) {
+		return (input==null || input.trim().length() == 0);
+	}
+
+	/**
+	 * Helper function to check if a byte array is empty
+	 *
+	 * @param input string input value
+	 * @return boolean response if input is empty or not
+	 */
+	private final boolean isEmpty(byte[] input) {
+		return (input==null || input.length == 0);
+	}
+
+
+	/**
+	 * Helper function to check if a char array is empty
+	 *
+	 * @param input string input value
+	 * @return boolean response if input is empty or not
+	 */
+	private final boolean isEmpty(char[] input) {
+		return (input==null || input.length == 0);
+	}
+}

From 925dc1c1fa6664595cb52fc0534dbe28161d1cb6 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:49 -0500
Subject: [PATCH 163/812] Change CRLF to LF for issue 356.

---
 .../reference/FileBasedAuthenticator.java     | 1450 ++++++++---------
 1 file changed, 725 insertions(+), 725 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/FileBasedAuthenticator.java b/src/main/java/org/owasp/esapi/reference/FileBasedAuthenticator.java
index 6b76c5e91..0077e6908 100644
--- a/src/main/java/org/owasp/esapi/reference/FileBasedAuthenticator.java
+++ b/src/main/java/org/owasp/esapi/reference/FileBasedAuthenticator.java
@@ -1,725 +1,725 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- *
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- *
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- *
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference;
-
-import org.owasp.esapi.*;
-import org.owasp.esapi.errors.*;
-
-import java.io.*;
-import java.util.*;
-
-/**
- * Reference implementation of the Authenticator interface. This reference implementation is backed by a simple text
- * file that contains serialized information about users. Many organizations will want to create their own
- * implementation of the methods provided in the Authenticator interface backed by their own user repository. This
- * reference implementation captures information about users in a simple text file format that contains user information
- * separated by the pipe "|" character. Here's an example of a single line from the users.txt file:
- * <p/>
- * <PRE>
- * <p/>
- * account id | account name | hashed password | roles | lockout | status | old password hashes | last
- * hostname | last change | last login | last failed | expiration | failed
- * ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
- * 1203123710837 | mitch | 44k/NAzQUlrCq9musTGGkcMNmdzEGJ8w8qZTLzpxLuQ= | admin,user | unlocked | enabled |
- * u10dW4vTo3ZkoM5xP+blayWCz7KdPKyKUojOn9GJobg= | 192.168.1.255 | 1187201000926 | 1187200991568 | 1187200605330 |
- * 2187200605330 | 1
- * <p/>
- * </PRE>
- *
- * @author <a href="mailto:jeff.williams@aspectsecurity.com?subject=ESAPI question">Jeff Williams</a> at <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @author Chris Schmidt (chrisisbeef .at. gmail.com) <a href="http://www.digital-ritual.com">Digital Ritual Software</a>
- * @see org.owasp.esapi.Authenticator
- * @since June 1, 2007
- */
-public class FileBasedAuthenticator extends AbstractAuthenticator {
-
-    private static volatile Authenticator singletonInstance;
-
-    public static Authenticator getInstance()
-    {
-        if ( singletonInstance == null ) {
-            synchronized ( FileBasedAuthenticator.class ) {
-                if ( singletonInstance == null ) {
-                    singletonInstance = new FileBasedAuthenticator();
-                }
-            }
-        }
-        return singletonInstance;
-    }
-
-    /**
-     * The logger.
-     */
-    private final Logger logger = ESAPI.getLogger("Authenticator");
-
-    /**
-     * The file that contains the user db
-     */
-    private File userDB = null;
-
-    /**
-     * How frequently to check the user db for external modifications
-     */
-    private long checkInterval = 60 * 1000;
-
-    /**
-     * The last modified time we saw on the user db.
-     */
-    private long lastModified = 0;
-
-    /**
-     * The last time we checked if the user db had been modified externally
-     */
-    private long lastChecked = 0;
-
-    private static final int MAX_ACCOUNT_NAME_LENGTH = 250;
-
-    /**
-     * Fail safe main program to add or update an account in an emergency.
-     * <p/>
-     * Warning: this method does not perform the level of validation and checks
-     * generally required in ESAPI, and can therefore be used to create a username and password that do not comply
-     * with the username and password strength requirements.
-     * <p/>
-     * Example: Use this to add the alice account with the admin role to the users file:
-     * <PRE>
-     * <p/>
-     * java -Dorg.owasp.esapi.resources="/path/resources" -classpath esapi.jar org.owasp.esapi.Authenticator alice password admin
-     * <p/>
-     * </PRE>
-     *
-     * @param args the arguments (username, password, role)
-     * @throws Exception the exception
-     */
-    public static void main(String[] args) throws Exception {
-        if (args.length != 3) {
-            System.out.println("Usage: Authenticator accountname password role");
-            return;
-        }
-        FileBasedAuthenticator auth = new FileBasedAuthenticator();
-        String accountName = args[0].toLowerCase();
-        String password = args[1];
-        String role = args[2];
-        DefaultUser user = (DefaultUser) auth.getUser(args[0]);
-        if (user == null) {
-            user = new DefaultUser(accountName);
-            String newHash = auth.hashPassword(password, accountName);
-            auth.setHashedPassword(user, newHash);
-            user.addRole(role);
-            user.enable();
-            user.unlock();
-            auth.userMap.put(user.getAccountId(), user);
-            System.out.println("New user created: " + accountName);
-            auth.saveUsers();
-            System.out.println("User account " + user.getAccountName() + " updated");
-        } else {
-            System.err.println("User account " + user.getAccountName() + " already exists!");
-        }
-    }
-
-    /**
-     * Add a hash to a User's hashed password list.  This method is used to store a user's old password hashes
-     * to be sure that any new passwords are not too similar to old passwords.
-     *
-     * @param user the user to associate with the new hash
-     * @param hash the hash to store in the user's password hash list
-     */
-    private void setHashedPassword(User user, String hash) {
-        List<String> hashes = getAllHashedPasswords(user, true);
-        hashes.add(0, hash);
-        if (hashes.size() > ESAPI.securityConfiguration().getMaxOldPasswordHashes()) {
-            hashes.remove(hashes.size() - 1);
-        }
-        logger.info(Logger.SECURITY_SUCCESS, "New hashed password stored for " + user.getAccountName());
-    }
-
-    /**
-     * Return the specified User's current hashed password.
-     *
-     * @param user this User's current hashed password will be returned
-     * @return the specified User's current hashed password
-     */
-    String getHashedPassword(User user) {
-        List hashes = getAllHashedPasswords(user, false);
-        return (String) hashes.get(0);
-    }
-
-    /**
-     * Set the specified User's old password hashes.  This will not set the User's current password hash.
-     *
-     * @param user      the User whose old password hashes will be set
-     * @param oldHashes a list of the User's old password hashes     *
-     */
-    void setOldPasswordHashes(User user, List<String> oldHashes) {
-        List<String> hashes = getAllHashedPasswords(user, true);
-        if (hashes.size() > 1) {
-            hashes.removeAll(hashes.subList(1, hashes.size() - 1));
-        }
-        hashes.addAll(oldHashes);
-    }
-
-    /**
-     * Returns all of the specified User's hashed passwords.  If the User's list of passwords is null,
-     * and create is set to true, an empty password list will be associated with the specified User
-     * and then returned. If the User's password map is null and create is set to false, an exception
-     * will be thrown.
-     *
-     * @param user   the User whose old hashes should be returned
-     * @param create true - if no password list is associated with this user, create one
-     *               false - if no password list is associated with this user, do not create one
-     * @return a List containing all of the specified User's password hashes
-     */
-    List<String> getAllHashedPasswords(User user, boolean create) {
-        List<String> hashes = passwordMap.get(user);
-        if (hashes != null) {
-            return hashes;
-        }
-        if (create) {
-            hashes = new ArrayList<String>();
-            passwordMap.put(user, hashes);
-            return hashes;
-        }
-        throw new RuntimeException("No hashes found for " + user.getAccountName() + ". Is User.hashcode() and equals() implemented correctly?");
-    }
-
-    /**
-     * Get a List of the specified User's old password hashes.  This will not return the User's current
-     * password hash.
-     *
-     * @param user he user whose old password hashes should be returned
-     * @return the specified User's old password hashes
-     */
-    List<String> getOldPasswordHashes(User user) {
-        List<String> hashes = getAllHashedPasswords(user, false);
-        if (hashes.size() > 1) {
-            return Collections.unmodifiableList(hashes.subList(1, hashes.size() - 1));
-        }
-        return Collections.emptyList();
-    }
-
-    /**
-     * The user map.
-     */
-    private Map<Long, User> userMap = new HashMap<Long, User>();
-
-    // Map<User, List<String>>, where the strings are password hashes, with the current hash in entry 0
-    private Map<User, List<String>> passwordMap = new Hashtable<User, List<String>>();
-
-
-
-    /**
-     *
-     */
-    private FileBasedAuthenticator() {
-    	super();
-    }
-
-
-    /**
-     * {@inheritDoc}
-     */
-    public synchronized User createUser(String accountName, String password1, String password2) throws AuthenticationException {
-        loadUsersIfNecessary();
-        if (accountName == null) {
-            throw new AuthenticationAccountsException("Account creation failed", "Attempt to create user with null accountName");
-        }
-        if (getUser(accountName) != null) {
-            throw new AuthenticationAccountsException("Account creation failed", "Duplicate user creation denied for " + accountName);
-        }
-
-        verifyAccountNameStrength(accountName);
-
-        if (password1 == null) {
-            throw new AuthenticationCredentialsException("Invalid account name", "Attempt to create account " + accountName + " with a null password");
-        }
-        
-        DefaultUser user = new DefaultUser(accountName);
-        
-        verifyPasswordStrength(null, password1, user);
-
-        if (!password1.equals(password2)) {
-            throw new AuthenticationCredentialsException("Passwords do not match", "Passwords for " + accountName + " do not match");
-        }
-
-        try {
-            setHashedPassword(user, hashPassword(password1, accountName));
-        } catch (EncryptionException ee) {
-            throw new AuthenticationException("Internal error", "Error hashing password for " + accountName, ee);
-        }
-        userMap.put(user.getAccountId(), user);
-        logger.info(Logger.SECURITY_SUCCESS, "New user created: " + accountName);
-        saveUsers();
-        return user;
-    }
-
-    /**
-     * {@inheritDoc}
-     */
-    public String generateStrongPassword() {
-        return generateStrongPassword("");
-    }
-
-    /**
-     * Generate a strong password that is not similar to the specified old password.
-     *
-     * @param oldPassword the password to be compared to the new password for similarity
-     * @return a new strong password that is dissimilar to the specified old password
-     */
-    private String generateStrongPassword(String oldPassword) {
-        Randomizer r = ESAPI.randomizer();
-        int letters = r.getRandomInteger(4, 6);  // inclusive, exclusive
-        int digits = 7 - letters;
-        String passLetters = r.getRandomString(letters, EncoderConstants.CHAR_PASSWORD_LETTERS);
-        String passDigits = r.getRandomString(digits, EncoderConstants.CHAR_PASSWORD_DIGITS);
-        String passSpecial = r.getRandomString(1, EncoderConstants.CHAR_PASSWORD_SPECIALS);
-        String newPassword = passLetters + passSpecial + passDigits;
-        if (StringUtilities.getLevenshteinDistance(oldPassword, newPassword) > 5) {
-            return newPassword;
-        }
-        return generateStrongPassword(oldPassword);
-    }
-
-    /**
-     * {@inheritDoc}
-     */
-    public void changePassword(User user, String currentPassword,
-                               String newPassword, String newPassword2)
-            throws AuthenticationException {
-        String accountName = user.getAccountName();
-        try {
-            String currentHash = getHashedPassword(user);
-            String verifyHash = hashPassword(currentPassword, accountName);
-            if (!currentHash.equals(verifyHash)) {
-                throw new AuthenticationCredentialsException("Password change failed", "Authentication failed for password change on user: " + accountName);
-            }
-            if (newPassword == null || newPassword2 == null || !newPassword.equals(newPassword2)) {
-                throw new AuthenticationCredentialsException("Password change failed", "Passwords do not match for password change on user: " + accountName);
-            }
-            verifyPasswordStrength(currentPassword, newPassword, user);
-            user.setLastPasswordChangeTime(new Date());
-            String newHash = hashPassword(newPassword, accountName);
-            if (getOldPasswordHashes(user).contains(newHash)) {
-                throw new AuthenticationCredentialsException("Password change failed", "Password change matches a recent password for user: " + accountName);
-            }
-            setHashedPassword(user, newHash);
-            logger.info(Logger.SECURITY_SUCCESS, "Password changed for user: " + accountName);
-            // jtm - 11/2/2010 - added to resolve http://code.google.com/p/owasp-esapi-java/issues/detail?id=13
-            saveUsers();
-        } catch (EncryptionException ee) {
-            throw new AuthenticationException("Password change failed", "Encryption exception changing password for " + accountName, ee);
-        }
-    }
-
-    /**
-     * {@inheritDoc}
-     */
-    public boolean verifyPassword(User user, String password) {
-        String accountName = user.getAccountName();
-        try {
-            String hash = hashPassword(password, accountName);
-            String currentHash = getHashedPassword(user);
-            if (hash.equals(currentHash)) {
-                user.setLastLoginTime(new Date());
-                ((DefaultUser) user).setFailedLoginCount(0);
-                logger.info(Logger.SECURITY_SUCCESS, "Password verified for " + accountName);
-                return true;
-            }
-        } catch (EncryptionException e) {
-            logger.fatal(Logger.SECURITY_FAILURE, "Encryption error verifying password for " + accountName);
-        }
-        logger.fatal(Logger.SECURITY_FAILURE, "Password verification failed for " + accountName);
-        return false;
-    }
-
-    /**
-     * {@inheritDoc}
-     */
-    public String generateStrongPassword(User user, String oldPassword) {
-        String newPassword = generateStrongPassword(oldPassword);
-        if (newPassword != null) {
-            logger.info(Logger.SECURITY_SUCCESS, "Generated strong password for " + user.getAccountName());
-        }
-        return newPassword;
-    }
-
-    /**
-     * {@inheritDoc}
-     */
-    public synchronized User getUser(long accountId) {
-        if (accountId == 0) {
-            return User.ANONYMOUS;
-        }
-        loadUsersIfNecessary();
-        return userMap.get(accountId);
-    }
-
-    /**
-     * {@inheritDoc}
-     */
-    public synchronized User getUser(String accountName) {
-        if (accountName == null) {
-            return User.ANONYMOUS;
-        }
-        loadUsersIfNecessary();
-        for (User u : userMap.values()) {
-            if (u.getAccountName().equalsIgnoreCase(accountName)) {
-                return u;
-            }
-        }
-        return null;
-    }
-
- 
-
-    /**
-     * {@inheritDoc}
-     */
-    public synchronized Set getUserNames() {
-        loadUsersIfNecessary();
-        HashSet<String> results = new HashSet<String>();
-        for (User u : userMap.values()) {
-            results.add(u.getAccountName());
-        }
-        return results;
-    }
-
-    /**
-     * {@inheritDoc}
-     *
-     * @throws EncryptionException
-     */
-    public String hashPassword(String password, String accountName) throws EncryptionException {
-        String salt = accountName.toLowerCase();
-        return ESAPI.encryptor().hash(password, salt);
-    }
-
-    /**
-     * Load users if they haven't been loaded in a while.
-     */
-    protected void loadUsersIfNecessary() {
-        if (userDB == null) {
-            userDB = ESAPI.securityConfiguration().getResourceFile("users.txt");
-        }
-        if (userDB == null) {
-            userDB = new File(System.getProperty("user.home") + "/.esapi", "users.txt");
-            try {
-                if (!userDB.createNewFile()) throw new IOException("Unable to create the user file");
-                logger.warning(Logger.SECURITY_SUCCESS, "Created " + userDB.getAbsolutePath());
-            } catch (IOException e) {
-                logger.fatal(Logger.SECURITY_FAILURE, "Could not create " + userDB.getAbsolutePath(), e);
-            }
-        }
-
-        // We only check at most every checkInterval milliseconds
-        long now = System.currentTimeMillis();
-        if (now - lastChecked < checkInterval) {
-            return;
-        }
-        lastChecked = now;
-
-        if (lastModified == userDB.lastModified()) {
-            return;
-        }
-        loadUsersImmediately();
-    }
-
-    // file was touched so reload it
-    /**
-     *
-     */
-    protected void loadUsersImmediately() {
-        synchronized (this) {
-            logger.trace(Logger.SECURITY_SUCCESS, "Loading users from " + userDB.getAbsolutePath(), null);
-
-            BufferedReader reader = null;
-            try {
-                HashMap<Long, User> map = new HashMap<Long, User>();
-                reader = new BufferedReader(new FileReader(userDB));
-                String line;
-                while ((line = reader.readLine()) != null) {
-                    if (line.length() > 0 && line.charAt(0) != '#') {
-                        DefaultUser user = createUser(line);
-                        if (map.containsKey(new Long(user.getAccountId()))) {
-                            logger.fatal(Logger.SECURITY_FAILURE, "Problem in user file. Skipping duplicate user: " + user, null);
-                        }
-                        map.put(user.getAccountId(), user);
-                    }
-                }
-                userMap = map;
-                this.lastModified = System.currentTimeMillis();
-                logger.trace(Logger.SECURITY_SUCCESS, "User file reloaded: " + map.size(), null);
-            } catch (Exception e) {
-                logger.fatal(Logger.SECURITY_FAILURE, "Failure loading user file: " + userDB.getAbsolutePath(), e);
-            } finally {
-                try {
-                    if (reader != null) {
-                        reader.close();
-                    }
-                } catch (IOException e) {
-                    logger.fatal(Logger.SECURITY_FAILURE, "Failure closing user file: " + userDB.getAbsolutePath(), e);
-                }
-            }
-        }
-    }
-
-    /**
-     * Create a new user with all attributes from a String.  The format is:
-     * accountId | accountName | password | roles (comma separated) | unlocked | enabled | old password hashes (comma separated) | last host address | last password change time | last long time | last failed login time | expiration time | failed login count
-     * This method verifies the account name and password strength, creates a new CSRF token, then returns the newly created user.
-     *
-     * @param line parameters to set as attributes for the new User.
-     * @return the newly created User
-     * @throws AuthenticationException
-     */
-    private DefaultUser createUser(String line) throws AuthenticationException {
-        String[] parts = line.split(" *\\| *");
-        String accountIdString = parts[0];
-        long accountId = Long.parseLong(accountIdString);
-        String accountName = parts[1];
-
-        verifyAccountNameStrength(accountName);
-        DefaultUser user = new DefaultUser(accountName);
-        user.accountId = accountId;
-
-        String password = parts[2];
-        verifyPasswordStrength(null, password, user);
-        setHashedPassword(user, password);
-
-        String[] roles = parts[3].toLowerCase().split(" *, *");
-        for (String role : roles) {
-            if (!"".equals(role)) {
-                user.addRole(role);
-            }
-        }
-        if (!"unlocked".equalsIgnoreCase(parts[4])) {
-            user.lock();
-        }
-        if ("enabled".equalsIgnoreCase(parts[5])) {
-            user.enable();
-        } else {
-            user.disable();
-        }
-
-        // generate a new csrf token
-        user.resetCSRFToken();
-
-        setOldPasswordHashes(user, Arrays.asList(parts[6].split(" *, *")));
-        user.setLastHostAddress("null".equals(parts[7]) ? null : parts[7]);
-        user.setLastPasswordChangeTime(new Date(Long.parseLong(parts[8])));
-        user.setLastLoginTime(new Date(Long.parseLong(parts[9])));
-        user.setLastFailedLoginTime(new Date(Long.parseLong(parts[10])));
-        user.setExpirationTime(new Date(Long.parseLong(parts[11])));
-        user.setFailedLoginCount(Integer.parseInt(parts[12]));
-        return user;
-    }
-
-    /**
-     * {@inheritDoc}
-     */
-    public synchronized void removeUser(String accountName) throws AuthenticationException {
-        loadUsersIfNecessary();
-        User user = getUser(accountName);
-        if (user == null) {
-            throw new AuthenticationAccountsException("Remove user failed", "Can't remove invalid accountName " + accountName);
-        }
-        userMap.remove(user.getAccountId());
-        logger.info(Logger.SECURITY_SUCCESS, "Removing user " + user.getAccountName());
-        passwordMap.remove(user);
-        saveUsers();
-    }
-
-    /**
-     * Saves the user database to the file system. In this implementation you must call save to commit any changes to
-     * the user file. Otherwise changes will be lost when the program ends.
-     *
-     * @throws AuthenticationException if the user file could not be written
-     */
-    public synchronized void saveUsers() throws AuthenticationException {
-        PrintWriter writer = null;
-        try {
-            writer = new PrintWriter(new FileWriter(userDB));
-            writer.println("# This is the user file associated with the ESAPI library from http://www.owasp.org");
-            writer.println("# accountId | accountName | hashedPassword | roles | locked | enabled | csrfToken | oldPasswordHashes | lastPasswordChangeTime | lastLoginTime | lastFailedLoginTime | expirationTime | failedLoginCount");
-            writer.println();
-            saveUsers(writer);
-            writer.flush();
-            logger.info(Logger.SECURITY_SUCCESS, "User file written to disk");
-        } catch (IOException e) {
-            logger.fatal(Logger.SECURITY_FAILURE, "Problem saving user file " + userDB.getAbsolutePath(), e);
-            throw new AuthenticationException("Internal Error", "Problem saving user file " + userDB.getAbsolutePath(), e);
-        } finally {
-            if (writer != null) {
-                writer.close();
-                lastModified = userDB.lastModified();
-                lastChecked = lastModified;
-            }
-        }
-    }
-
-    /**
-     * Save users.
-     *
-     * @param writer the print writer to use for saving
-     */
-    protected synchronized void saveUsers(PrintWriter writer) throws AuthenticationCredentialsException {
-        for (Object o : getUserNames()) {
-            String accountName = (String) o;
-            DefaultUser u = (DefaultUser) getUser(accountName);
-            if (u != null && !u.isAnonymous()) {
-                writer.println(save(u));
-            } else {
-                throw new AuthenticationCredentialsException("Problem saving user", "Skipping save of user " + accountName);
-            }
-        }
-    }
-
-    /**
-     * Save.
-     *
-     * @param user the User to save
-     * @return a line containing properly formatted information to save regarding the user
-     */
-    private String save(DefaultUser user) {
-        StringBuilder sb = new StringBuilder();
-        sb.append(user.getAccountId());
-        sb.append(" | ");
-        sb.append(user.getAccountName());
-        sb.append(" | ");
-        sb.append(getHashedPassword(user));
-        sb.append(" | ");
-        sb.append(dump(user.getRoles()));
-        sb.append(" | ");
-        sb.append(user.isLocked() ? "locked" : "unlocked");
-        sb.append(" | ");
-        sb.append(user.isEnabled() ? "enabled" : "disabled");
-        sb.append(" | ");
-        sb.append(dump(getOldPasswordHashes(user)));
-        sb.append(" | ");
-        sb.append(user.getLastHostAddress());
-        sb.append(" | ");
-        sb.append(user.getLastPasswordChangeTime().getTime());
-        sb.append(" | ");
-        sb.append(user.getLastLoginTime().getTime());
-        sb.append(" | ");
-        sb.append(user.getLastFailedLoginTime().getTime());
-        sb.append(" | ");
-        sb.append(user.getExpirationTime().getTime());
-        sb.append(" | ");
-        sb.append(user.getFailedLoginCount());
-        return sb.toString();
-    }
-
-    /**
-     * Dump a collection as a comma-separated list.
-     *
-     * @param c the collection to convert to a comma separated list
-     * @return a comma separated list containing the values in c
-     */
-    private String dump(Collection<String> c) {
-        StringBuilder sb = new StringBuilder();
-        for (String s : c) {
-            sb.append(s).append(",");
-        }
-        if ( c.size() > 0) {
-        	return sb.toString().substring(0, sb.length() - 1);
-        }
-        return "";
-        
-    }
-
-    /**
-     * {@inheritDoc}
-     * <p/>
-     * This implementation simply verifies that account names are at least 5 characters long. This helps to defeat a
-     * brute force attack, however the real strength comes from the name length and complexity.
-     *
-     * @param newAccountName
-     */
-    public void verifyAccountNameStrength(String newAccountName) throws AuthenticationException {
-        if (newAccountName == null) {
-            throw new AuthenticationCredentialsException("Invalid account name", "Attempt to create account with a null account name");
-        }
-        if (!ESAPI.validator().isValidInput("verifyAccountNameStrength", newAccountName, "AccountName", MAX_ACCOUNT_NAME_LENGTH, false)) {
-            throw new AuthenticationCredentialsException("Invalid account name", "New account name is not valid: " + newAccountName);
-        }
-    }
-
-    /**
-     * {@inheritDoc}
-     * <p/>
-     * This implementation checks: - for any 3 character substrings of the old password - for use of a length *
-     * character sets > 16 (where character sets are upper, lower, digit, and special
-     * jtm - 11/16/2010 - added check to verify pw != username (fix for http://code.google.com/p/owasp-esapi-java/issues/detail?id=108)
-     */
-    public void verifyPasswordStrength(String oldPassword, String newPassword, User user) throws AuthenticationException {
-        if (newPassword == null) {
-            throw new AuthenticationCredentialsException("Invalid password", "New password cannot be null");
-        }
-
-        // can't change to a password that contains any 3 character substring of old password
-        if (oldPassword != null) {
-            int length = oldPassword.length();
-            for (int i = 0; i < length - 2; i++) {
-                String sub = oldPassword.substring(i, i + 3);
-                if (newPassword.indexOf(sub) > -1) {
-                    throw new AuthenticationCredentialsException("Invalid password", "New password cannot contain pieces of old password");
-                }
-            }
-        }
-
-        // new password must have enough character sets and length
-        int charsets = 0;
-        for (int i = 0; i < newPassword.length(); i++) {
-            if (Arrays.binarySearch(EncoderConstants.CHAR_LOWERS, newPassword.charAt(i)) >= 0) {
-                charsets++;
-                break;
-            }
-        }
-        for (int i = 0; i < newPassword.length(); i++) {
-            if (Arrays.binarySearch(EncoderConstants.CHAR_UPPERS, newPassword.charAt(i)) >= 0) {
-                charsets++;
-                break;
-            }
-        }
-        for (int i = 0; i < newPassword.length(); i++) {
-            if (Arrays.binarySearch(EncoderConstants.CHAR_DIGITS, newPassword.charAt(i)) >= 0) {
-                charsets++;
-                break;
-            }
-        }
-        for (int i = 0; i < newPassword.length(); i++) {
-            if (Arrays.binarySearch(EncoderConstants.CHAR_SPECIALS, newPassword.charAt(i)) >= 0) {
-                charsets++;
-                break;
-            }
-        }
-
-        // calculate and verify password strength
-        int strength = newPassword.length() * charsets;
-        if (strength < 16) {
-            throw new AuthenticationCredentialsException("Invalid password", "New password is not long and complex enough");
-        }
-        
-        String accountName = user.getAccountName();
-        
-        //jtm - 11/3/2010 - fix for bug http://code.google.com/p/owasp-esapi-java/issues/detail?id=108
-        if (accountName.equalsIgnoreCase(newPassword)) {
-        	//password can't be account name
-        	throw new AuthenticationCredentialsException("Invalid password", "Password matches account name, irrespective of case");
-        }
-    }
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference;
+
+import org.owasp.esapi.*;
+import org.owasp.esapi.errors.*;
+
+import java.io.*;
+import java.util.*;
+
+/**
+ * Reference implementation of the Authenticator interface. This reference implementation is backed by a simple text
+ * file that contains serialized information about users. Many organizations will want to create their own
+ * implementation of the methods provided in the Authenticator interface backed by their own user repository. This
+ * reference implementation captures information about users in a simple text file format that contains user information
+ * separated by the pipe "|" character. Here's an example of a single line from the users.txt file:
+ * <p/>
+ * <PRE>
+ * <p/>
+ * account id | account name | hashed password | roles | lockout | status | old password hashes | last
+ * hostname | last change | last login | last failed | expiration | failed
+ * ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+ * 1203123710837 | mitch | 44k/NAzQUlrCq9musTGGkcMNmdzEGJ8w8qZTLzpxLuQ= | admin,user | unlocked | enabled |
+ * u10dW4vTo3ZkoM5xP+blayWCz7KdPKyKUojOn9GJobg= | 192.168.1.255 | 1187201000926 | 1187200991568 | 1187200605330 |
+ * 2187200605330 | 1
+ * <p/>
+ * </PRE>
+ *
+ * @author <a href="mailto:jeff.williams@aspectsecurity.com?subject=ESAPI question">Jeff Williams</a> at <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author Chris Schmidt (chrisisbeef .at. gmail.com) <a href="http://www.digital-ritual.com">Digital Ritual Software</a>
+ * @see org.owasp.esapi.Authenticator
+ * @since June 1, 2007
+ */
+public class FileBasedAuthenticator extends AbstractAuthenticator {
+
+    private static volatile Authenticator singletonInstance;
+
+    public static Authenticator getInstance()
+    {
+        if ( singletonInstance == null ) {
+            synchronized ( FileBasedAuthenticator.class ) {
+                if ( singletonInstance == null ) {
+                    singletonInstance = new FileBasedAuthenticator();
+                }
+            }
+        }
+        return singletonInstance;
+    }
+
+    /**
+     * The logger.
+     */
+    private final Logger logger = ESAPI.getLogger("Authenticator");
+
+    /**
+     * The file that contains the user db
+     */
+    private File userDB = null;
+
+    /**
+     * How frequently to check the user db for external modifications
+     */
+    private long checkInterval = 60 * 1000;
+
+    /**
+     * The last modified time we saw on the user db.
+     */
+    private long lastModified = 0;
+
+    /**
+     * The last time we checked if the user db had been modified externally
+     */
+    private long lastChecked = 0;
+
+    private static final int MAX_ACCOUNT_NAME_LENGTH = 250;
+
+    /**
+     * Fail safe main program to add or update an account in an emergency.
+     * <p/>
+     * Warning: this method does not perform the level of validation and checks
+     * generally required in ESAPI, and can therefore be used to create a username and password that do not comply
+     * with the username and password strength requirements.
+     * <p/>
+     * Example: Use this to add the alice account with the admin role to the users file:
+     * <PRE>
+     * <p/>
+     * java -Dorg.owasp.esapi.resources="/path/resources" -classpath esapi.jar org.owasp.esapi.Authenticator alice password admin
+     * <p/>
+     * </PRE>
+     *
+     * @param args the arguments (username, password, role)
+     * @throws Exception the exception
+     */
+    public static void main(String[] args) throws Exception {
+        if (args.length != 3) {
+            System.out.println("Usage: Authenticator accountname password role");
+            return;
+        }
+        FileBasedAuthenticator auth = new FileBasedAuthenticator();
+        String accountName = args[0].toLowerCase();
+        String password = args[1];
+        String role = args[2];
+        DefaultUser user = (DefaultUser) auth.getUser(args[0]);
+        if (user == null) {
+            user = new DefaultUser(accountName);
+            String newHash = auth.hashPassword(password, accountName);
+            auth.setHashedPassword(user, newHash);
+            user.addRole(role);
+            user.enable();
+            user.unlock();
+            auth.userMap.put(user.getAccountId(), user);
+            System.out.println("New user created: " + accountName);
+            auth.saveUsers();
+            System.out.println("User account " + user.getAccountName() + " updated");
+        } else {
+            System.err.println("User account " + user.getAccountName() + " already exists!");
+        }
+    }
+
+    /**
+     * Add a hash to a User's hashed password list.  This method is used to store a user's old password hashes
+     * to be sure that any new passwords are not too similar to old passwords.
+     *
+     * @param user the user to associate with the new hash
+     * @param hash the hash to store in the user's password hash list
+     */
+    private void setHashedPassword(User user, String hash) {
+        List<String> hashes = getAllHashedPasswords(user, true);
+        hashes.add(0, hash);
+        if (hashes.size() > ESAPI.securityConfiguration().getMaxOldPasswordHashes()) {
+            hashes.remove(hashes.size() - 1);
+        }
+        logger.info(Logger.SECURITY_SUCCESS, "New hashed password stored for " + user.getAccountName());
+    }
+
+    /**
+     * Return the specified User's current hashed password.
+     *
+     * @param user this User's current hashed password will be returned
+     * @return the specified User's current hashed password
+     */
+    String getHashedPassword(User user) {
+        List hashes = getAllHashedPasswords(user, false);
+        return (String) hashes.get(0);
+    }
+
+    /**
+     * Set the specified User's old password hashes.  This will not set the User's current password hash.
+     *
+     * @param user      the User whose old password hashes will be set
+     * @param oldHashes a list of the User's old password hashes     *
+     */
+    void setOldPasswordHashes(User user, List<String> oldHashes) {
+        List<String> hashes = getAllHashedPasswords(user, true);
+        if (hashes.size() > 1) {
+            hashes.removeAll(hashes.subList(1, hashes.size() - 1));
+        }
+        hashes.addAll(oldHashes);
+    }
+
+    /**
+     * Returns all of the specified User's hashed passwords.  If the User's list of passwords is null,
+     * and create is set to true, an empty password list will be associated with the specified User
+     * and then returned. If the User's password map is null and create is set to false, an exception
+     * will be thrown.
+     *
+     * @param user   the User whose old hashes should be returned
+     * @param create true - if no password list is associated with this user, create one
+     *               false - if no password list is associated with this user, do not create one
+     * @return a List containing all of the specified User's password hashes
+     */
+    List<String> getAllHashedPasswords(User user, boolean create) {
+        List<String> hashes = passwordMap.get(user);
+        if (hashes != null) {
+            return hashes;
+        }
+        if (create) {
+            hashes = new ArrayList<String>();
+            passwordMap.put(user, hashes);
+            return hashes;
+        }
+        throw new RuntimeException("No hashes found for " + user.getAccountName() + ". Is User.hashcode() and equals() implemented correctly?");
+    }
+
+    /**
+     * Get a List of the specified User's old password hashes.  This will not return the User's current
+     * password hash.
+     *
+     * @param user he user whose old password hashes should be returned
+     * @return the specified User's old password hashes
+     */
+    List<String> getOldPasswordHashes(User user) {
+        List<String> hashes = getAllHashedPasswords(user, false);
+        if (hashes.size() > 1) {
+            return Collections.unmodifiableList(hashes.subList(1, hashes.size() - 1));
+        }
+        return Collections.emptyList();
+    }
+
+    /**
+     * The user map.
+     */
+    private Map<Long, User> userMap = new HashMap<Long, User>();
+
+    // Map<User, List<String>>, where the strings are password hashes, with the current hash in entry 0
+    private Map<User, List<String>> passwordMap = new Hashtable<User, List<String>>();
+
+
+
+    /**
+     *
+     */
+    private FileBasedAuthenticator() {
+    	super();
+    }
+
+
+    /**
+     * {@inheritDoc}
+     */
+    public synchronized User createUser(String accountName, String password1, String password2) throws AuthenticationException {
+        loadUsersIfNecessary();
+        if (accountName == null) {
+            throw new AuthenticationAccountsException("Account creation failed", "Attempt to create user with null accountName");
+        }
+        if (getUser(accountName) != null) {
+            throw new AuthenticationAccountsException("Account creation failed", "Duplicate user creation denied for " + accountName);
+        }
+
+        verifyAccountNameStrength(accountName);
+
+        if (password1 == null) {
+            throw new AuthenticationCredentialsException("Invalid account name", "Attempt to create account " + accountName + " with a null password");
+        }
+        
+        DefaultUser user = new DefaultUser(accountName);
+        
+        verifyPasswordStrength(null, password1, user);
+
+        if (!password1.equals(password2)) {
+            throw new AuthenticationCredentialsException("Passwords do not match", "Passwords for " + accountName + " do not match");
+        }
+
+        try {
+            setHashedPassword(user, hashPassword(password1, accountName));
+        } catch (EncryptionException ee) {
+            throw new AuthenticationException("Internal error", "Error hashing password for " + accountName, ee);
+        }
+        userMap.put(user.getAccountId(), user);
+        logger.info(Logger.SECURITY_SUCCESS, "New user created: " + accountName);
+        saveUsers();
+        return user;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String generateStrongPassword() {
+        return generateStrongPassword("");
+    }
+
+    /**
+     * Generate a strong password that is not similar to the specified old password.
+     *
+     * @param oldPassword the password to be compared to the new password for similarity
+     * @return a new strong password that is dissimilar to the specified old password
+     */
+    private String generateStrongPassword(String oldPassword) {
+        Randomizer r = ESAPI.randomizer();
+        int letters = r.getRandomInteger(4, 6);  // inclusive, exclusive
+        int digits = 7 - letters;
+        String passLetters = r.getRandomString(letters, EncoderConstants.CHAR_PASSWORD_LETTERS);
+        String passDigits = r.getRandomString(digits, EncoderConstants.CHAR_PASSWORD_DIGITS);
+        String passSpecial = r.getRandomString(1, EncoderConstants.CHAR_PASSWORD_SPECIALS);
+        String newPassword = passLetters + passSpecial + passDigits;
+        if (StringUtilities.getLevenshteinDistance(oldPassword, newPassword) > 5) {
+            return newPassword;
+        }
+        return generateStrongPassword(oldPassword);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void changePassword(User user, String currentPassword,
+                               String newPassword, String newPassword2)
+            throws AuthenticationException {
+        String accountName = user.getAccountName();
+        try {
+            String currentHash = getHashedPassword(user);
+            String verifyHash = hashPassword(currentPassword, accountName);
+            if (!currentHash.equals(verifyHash)) {
+                throw new AuthenticationCredentialsException("Password change failed", "Authentication failed for password change on user: " + accountName);
+            }
+            if (newPassword == null || newPassword2 == null || !newPassword.equals(newPassword2)) {
+                throw new AuthenticationCredentialsException("Password change failed", "Passwords do not match for password change on user: " + accountName);
+            }
+            verifyPasswordStrength(currentPassword, newPassword, user);
+            user.setLastPasswordChangeTime(new Date());
+            String newHash = hashPassword(newPassword, accountName);
+            if (getOldPasswordHashes(user).contains(newHash)) {
+                throw new AuthenticationCredentialsException("Password change failed", "Password change matches a recent password for user: " + accountName);
+            }
+            setHashedPassword(user, newHash);
+            logger.info(Logger.SECURITY_SUCCESS, "Password changed for user: " + accountName);
+            // jtm - 11/2/2010 - added to resolve http://code.google.com/p/owasp-esapi-java/issues/detail?id=13
+            saveUsers();
+        } catch (EncryptionException ee) {
+            throw new AuthenticationException("Password change failed", "Encryption exception changing password for " + accountName, ee);
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public boolean verifyPassword(User user, String password) {
+        String accountName = user.getAccountName();
+        try {
+            String hash = hashPassword(password, accountName);
+            String currentHash = getHashedPassword(user);
+            if (hash.equals(currentHash)) {
+                user.setLastLoginTime(new Date());
+                ((DefaultUser) user).setFailedLoginCount(0);
+                logger.info(Logger.SECURITY_SUCCESS, "Password verified for " + accountName);
+                return true;
+            }
+        } catch (EncryptionException e) {
+            logger.fatal(Logger.SECURITY_FAILURE, "Encryption error verifying password for " + accountName);
+        }
+        logger.fatal(Logger.SECURITY_FAILURE, "Password verification failed for " + accountName);
+        return false;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public String generateStrongPassword(User user, String oldPassword) {
+        String newPassword = generateStrongPassword(oldPassword);
+        if (newPassword != null) {
+            logger.info(Logger.SECURITY_SUCCESS, "Generated strong password for " + user.getAccountName());
+        }
+        return newPassword;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public synchronized User getUser(long accountId) {
+        if (accountId == 0) {
+            return User.ANONYMOUS;
+        }
+        loadUsersIfNecessary();
+        return userMap.get(accountId);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public synchronized User getUser(String accountName) {
+        if (accountName == null) {
+            return User.ANONYMOUS;
+        }
+        loadUsersIfNecessary();
+        for (User u : userMap.values()) {
+            if (u.getAccountName().equalsIgnoreCase(accountName)) {
+                return u;
+            }
+        }
+        return null;
+    }
+
+ 
+
+    /**
+     * {@inheritDoc}
+     */
+    public synchronized Set getUserNames() {
+        loadUsersIfNecessary();
+        HashSet<String> results = new HashSet<String>();
+        for (User u : userMap.values()) {
+            results.add(u.getAccountName());
+        }
+        return results;
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * @throws EncryptionException
+     */
+    public String hashPassword(String password, String accountName) throws EncryptionException {
+        String salt = accountName.toLowerCase();
+        return ESAPI.encryptor().hash(password, salt);
+    }
+
+    /**
+     * Load users if they haven't been loaded in a while.
+     */
+    protected void loadUsersIfNecessary() {
+        if (userDB == null) {
+            userDB = ESAPI.securityConfiguration().getResourceFile("users.txt");
+        }
+        if (userDB == null) {
+            userDB = new File(System.getProperty("user.home") + "/.esapi", "users.txt");
+            try {
+                if (!userDB.createNewFile()) throw new IOException("Unable to create the user file");
+                logger.warning(Logger.SECURITY_SUCCESS, "Created " + userDB.getAbsolutePath());
+            } catch (IOException e) {
+                logger.fatal(Logger.SECURITY_FAILURE, "Could not create " + userDB.getAbsolutePath(), e);
+            }
+        }
+
+        // We only check at most every checkInterval milliseconds
+        long now = System.currentTimeMillis();
+        if (now - lastChecked < checkInterval) {
+            return;
+        }
+        lastChecked = now;
+
+        if (lastModified == userDB.lastModified()) {
+            return;
+        }
+        loadUsersImmediately();
+    }
+
+    // file was touched so reload it
+    /**
+     *
+     */
+    protected void loadUsersImmediately() {
+        synchronized (this) {
+            logger.trace(Logger.SECURITY_SUCCESS, "Loading users from " + userDB.getAbsolutePath(), null);
+
+            BufferedReader reader = null;
+            try {
+                HashMap<Long, User> map = new HashMap<Long, User>();
+                reader = new BufferedReader(new FileReader(userDB));
+                String line;
+                while ((line = reader.readLine()) != null) {
+                    if (line.length() > 0 && line.charAt(0) != '#') {
+                        DefaultUser user = createUser(line);
+                        if (map.containsKey(new Long(user.getAccountId()))) {
+                            logger.fatal(Logger.SECURITY_FAILURE, "Problem in user file. Skipping duplicate user: " + user, null);
+                        }
+                        map.put(user.getAccountId(), user);
+                    }
+                }
+                userMap = map;
+                this.lastModified = System.currentTimeMillis();
+                logger.trace(Logger.SECURITY_SUCCESS, "User file reloaded: " + map.size(), null);
+            } catch (Exception e) {
+                logger.fatal(Logger.SECURITY_FAILURE, "Failure loading user file: " + userDB.getAbsolutePath(), e);
+            } finally {
+                try {
+                    if (reader != null) {
+                        reader.close();
+                    }
+                } catch (IOException e) {
+                    logger.fatal(Logger.SECURITY_FAILURE, "Failure closing user file: " + userDB.getAbsolutePath(), e);
+                }
+            }
+        }
+    }
+
+    /**
+     * Create a new user with all attributes from a String.  The format is:
+     * accountId | accountName | password | roles (comma separated) | unlocked | enabled | old password hashes (comma separated) | last host address | last password change time | last long time | last failed login time | expiration time | failed login count
+     * This method verifies the account name and password strength, creates a new CSRF token, then returns the newly created user.
+     *
+     * @param line parameters to set as attributes for the new User.
+     * @return the newly created User
+     * @throws AuthenticationException
+     */
+    private DefaultUser createUser(String line) throws AuthenticationException {
+        String[] parts = line.split(" *\\| *");
+        String accountIdString = parts[0];
+        long accountId = Long.parseLong(accountIdString);
+        String accountName = parts[1];
+
+        verifyAccountNameStrength(accountName);
+        DefaultUser user = new DefaultUser(accountName);
+        user.accountId = accountId;
+
+        String password = parts[2];
+        verifyPasswordStrength(null, password, user);
+        setHashedPassword(user, password);
+
+        String[] roles = parts[3].toLowerCase().split(" *, *");
+        for (String role : roles) {
+            if (!"".equals(role)) {
+                user.addRole(role);
+            }
+        }
+        if (!"unlocked".equalsIgnoreCase(parts[4])) {
+            user.lock();
+        }
+        if ("enabled".equalsIgnoreCase(parts[5])) {
+            user.enable();
+        } else {
+            user.disable();
+        }
+
+        // generate a new csrf token
+        user.resetCSRFToken();
+
+        setOldPasswordHashes(user, Arrays.asList(parts[6].split(" *, *")));
+        user.setLastHostAddress("null".equals(parts[7]) ? null : parts[7]);
+        user.setLastPasswordChangeTime(new Date(Long.parseLong(parts[8])));
+        user.setLastLoginTime(new Date(Long.parseLong(parts[9])));
+        user.setLastFailedLoginTime(new Date(Long.parseLong(parts[10])));
+        user.setExpirationTime(new Date(Long.parseLong(parts[11])));
+        user.setFailedLoginCount(Integer.parseInt(parts[12]));
+        return user;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public synchronized void removeUser(String accountName) throws AuthenticationException {
+        loadUsersIfNecessary();
+        User user = getUser(accountName);
+        if (user == null) {
+            throw new AuthenticationAccountsException("Remove user failed", "Can't remove invalid accountName " + accountName);
+        }
+        userMap.remove(user.getAccountId());
+        logger.info(Logger.SECURITY_SUCCESS, "Removing user " + user.getAccountName());
+        passwordMap.remove(user);
+        saveUsers();
+    }
+
+    /**
+     * Saves the user database to the file system. In this implementation you must call save to commit any changes to
+     * the user file. Otherwise changes will be lost when the program ends.
+     *
+     * @throws AuthenticationException if the user file could not be written
+     */
+    public synchronized void saveUsers() throws AuthenticationException {
+        PrintWriter writer = null;
+        try {
+            writer = new PrintWriter(new FileWriter(userDB));
+            writer.println("# This is the user file associated with the ESAPI library from http://www.owasp.org");
+            writer.println("# accountId | accountName | hashedPassword | roles | locked | enabled | csrfToken | oldPasswordHashes | lastPasswordChangeTime | lastLoginTime | lastFailedLoginTime | expirationTime | failedLoginCount");
+            writer.println();
+            saveUsers(writer);
+            writer.flush();
+            logger.info(Logger.SECURITY_SUCCESS, "User file written to disk");
+        } catch (IOException e) {
+            logger.fatal(Logger.SECURITY_FAILURE, "Problem saving user file " + userDB.getAbsolutePath(), e);
+            throw new AuthenticationException("Internal Error", "Problem saving user file " + userDB.getAbsolutePath(), e);
+        } finally {
+            if (writer != null) {
+                writer.close();
+                lastModified = userDB.lastModified();
+                lastChecked = lastModified;
+            }
+        }
+    }
+
+    /**
+     * Save users.
+     *
+     * @param writer the print writer to use for saving
+     */
+    protected synchronized void saveUsers(PrintWriter writer) throws AuthenticationCredentialsException {
+        for (Object o : getUserNames()) {
+            String accountName = (String) o;
+            DefaultUser u = (DefaultUser) getUser(accountName);
+            if (u != null && !u.isAnonymous()) {
+                writer.println(save(u));
+            } else {
+                throw new AuthenticationCredentialsException("Problem saving user", "Skipping save of user " + accountName);
+            }
+        }
+    }
+
+    /**
+     * Save.
+     *
+     * @param user the User to save
+     * @return a line containing properly formatted information to save regarding the user
+     */
+    private String save(DefaultUser user) {
+        StringBuilder sb = new StringBuilder();
+        sb.append(user.getAccountId());
+        sb.append(" | ");
+        sb.append(user.getAccountName());
+        sb.append(" | ");
+        sb.append(getHashedPassword(user));
+        sb.append(" | ");
+        sb.append(dump(user.getRoles()));
+        sb.append(" | ");
+        sb.append(user.isLocked() ? "locked" : "unlocked");
+        sb.append(" | ");
+        sb.append(user.isEnabled() ? "enabled" : "disabled");
+        sb.append(" | ");
+        sb.append(dump(getOldPasswordHashes(user)));
+        sb.append(" | ");
+        sb.append(user.getLastHostAddress());
+        sb.append(" | ");
+        sb.append(user.getLastPasswordChangeTime().getTime());
+        sb.append(" | ");
+        sb.append(user.getLastLoginTime().getTime());
+        sb.append(" | ");
+        sb.append(user.getLastFailedLoginTime().getTime());
+        sb.append(" | ");
+        sb.append(user.getExpirationTime().getTime());
+        sb.append(" | ");
+        sb.append(user.getFailedLoginCount());
+        return sb.toString();
+    }
+
+    /**
+     * Dump a collection as a comma-separated list.
+     *
+     * @param c the collection to convert to a comma separated list
+     * @return a comma separated list containing the values in c
+     */
+    private String dump(Collection<String> c) {
+        StringBuilder sb = new StringBuilder();
+        for (String s : c) {
+            sb.append(s).append(",");
+        }
+        if ( c.size() > 0) {
+        	return sb.toString().substring(0, sb.length() - 1);
+        }
+        return "";
+        
+    }
+
+    /**
+     * {@inheritDoc}
+     * <p/>
+     * This implementation simply verifies that account names are at least 5 characters long. This helps to defeat a
+     * brute force attack, however the real strength comes from the name length and complexity.
+     *
+     * @param newAccountName
+     */
+    public void verifyAccountNameStrength(String newAccountName) throws AuthenticationException {
+        if (newAccountName == null) {
+            throw new AuthenticationCredentialsException("Invalid account name", "Attempt to create account with a null account name");
+        }
+        if (!ESAPI.validator().isValidInput("verifyAccountNameStrength", newAccountName, "AccountName", MAX_ACCOUNT_NAME_LENGTH, false)) {
+            throw new AuthenticationCredentialsException("Invalid account name", "New account name is not valid: " + newAccountName);
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     * <p/>
+     * This implementation checks: - for any 3 character substrings of the old password - for use of a length *
+     * character sets > 16 (where character sets are upper, lower, digit, and special
+     * jtm - 11/16/2010 - added check to verify pw != username (fix for http://code.google.com/p/owasp-esapi-java/issues/detail?id=108)
+     */
+    public void verifyPasswordStrength(String oldPassword, String newPassword, User user) throws AuthenticationException {
+        if (newPassword == null) {
+            throw new AuthenticationCredentialsException("Invalid password", "New password cannot be null");
+        }
+
+        // can't change to a password that contains any 3 character substring of old password
+        if (oldPassword != null) {
+            int length = oldPassword.length();
+            for (int i = 0; i < length - 2; i++) {
+                String sub = oldPassword.substring(i, i + 3);
+                if (newPassword.indexOf(sub) > -1) {
+                    throw new AuthenticationCredentialsException("Invalid password", "New password cannot contain pieces of old password");
+                }
+            }
+        }
+
+        // new password must have enough character sets and length
+        int charsets = 0;
+        for (int i = 0; i < newPassword.length(); i++) {
+            if (Arrays.binarySearch(EncoderConstants.CHAR_LOWERS, newPassword.charAt(i)) >= 0) {
+                charsets++;
+                break;
+            }
+        }
+        for (int i = 0; i < newPassword.length(); i++) {
+            if (Arrays.binarySearch(EncoderConstants.CHAR_UPPERS, newPassword.charAt(i)) >= 0) {
+                charsets++;
+                break;
+            }
+        }
+        for (int i = 0; i < newPassword.length(); i++) {
+            if (Arrays.binarySearch(EncoderConstants.CHAR_DIGITS, newPassword.charAt(i)) >= 0) {
+                charsets++;
+                break;
+            }
+        }
+        for (int i = 0; i < newPassword.length(); i++) {
+            if (Arrays.binarySearch(EncoderConstants.CHAR_SPECIALS, newPassword.charAt(i)) >= 0) {
+                charsets++;
+                break;
+            }
+        }
+
+        // calculate and verify password strength
+        int strength = newPassword.length() * charsets;
+        if (strength < 16) {
+            throw new AuthenticationCredentialsException("Invalid password", "New password is not long and complex enough");
+        }
+        
+        String accountName = user.getAccountName();
+        
+        //jtm - 11/3/2010 - fix for bug http://code.google.com/p/owasp-esapi-java/issues/detail?id=108
+        if (accountName.equalsIgnoreCase(newPassword)) {
+        	//password can't be account name
+        	throw new AuthenticationCredentialsException("Invalid password", "Password matches account name, irrespective of case");
+        }
+    }
+
+}

From c9ad9348ce2f25b6d666f7058c1b8ba25e8096be Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:49 -0500
Subject: [PATCH 164/812] Change CRLF to LF for issue 356.

---
 .../reference/IntegerAccessReferenceMap.java  | 160 +++++++++---------
 1 file changed, 80 insertions(+), 80 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/IntegerAccessReferenceMap.java b/src/main/java/org/owasp/esapi/reference/IntegerAccessReferenceMap.java
index 8bb36d6d7..1dea6edc0 100644
--- a/src/main/java/org/owasp/esapi/reference/IntegerAccessReferenceMap.java
+++ b/src/main/java/org/owasp/esapi/reference/IntegerAccessReferenceMap.java
@@ -1,80 +1,80 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference;
-
-import java.util.Set;
-
-/**
- * Reference implementation of the AccessReferenceMap interface. This
- * implementation generates integers for indirect references.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- * @author Chris Schmidt (chrisisbeef@gmail.com)
- * @since June 1, 2007
- * @see org.owasp.esapi.AccessReferenceMap
- */
-public class IntegerAccessReferenceMap extends AbstractAccessReferenceMap<String> {
-
-	private static final long serialVersionUID = 5311769278372489771L;
-
-	int count = 1;
-
-	/**
-	 * TODO Javadoc
-	 */
-	public IntegerAccessReferenceMap()
-	{
-	}
-
-	/**
-	 * TODO Javadoc
-	 */
-	public IntegerAccessReferenceMap(int initialSize)
-	{
-		super(initialSize);
-	}
-
-	/**
-	 * TODO Javadoc
-	 */
-	public IntegerAccessReferenceMap(Set<Object> directReferences)
-	{
-		super(directReferences.size());
-		update(directReferences);
-	}
-
-	/**
-	 * TODO Javadoc
-	 */
-	public IntegerAccessReferenceMap(Set<Object> directReferences, int initialSize)
-	{
-		super(initialSize);
-		update(directReferences);
-	}
-
-	/**
-	 * TODO Javadoc
-	 * Note: this is final as redefinition by subclasses
-	 * can lead to use before initialization issues as
-	 * {@link #RandomAccessReferenceMap(Set)} and
-	 * {@link #RandomAccessReferenceMap(Set,int)} both call it
-	 * internally.
-	 */
-	protected final synchronized String getUniqueReference() {
-		return "" + count++;  // returns a string version of the counter
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference;
+
+import java.util.Set;
+
+/**
+ * Reference implementation of the AccessReferenceMap interface. This
+ * implementation generates integers for indirect references.
+ * 
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ * @author Chris Schmidt (chrisisbeef@gmail.com)
+ * @since June 1, 2007
+ * @see org.owasp.esapi.AccessReferenceMap
+ */
+public class IntegerAccessReferenceMap extends AbstractAccessReferenceMap<String> {
+
+	private static final long serialVersionUID = 5311769278372489771L;
+
+	int count = 1;
+
+	/**
+	 * TODO Javadoc
+	 */
+	public IntegerAccessReferenceMap()
+	{
+	}
+
+	/**
+	 * TODO Javadoc
+	 */
+	public IntegerAccessReferenceMap(int initialSize)
+	{
+		super(initialSize);
+	}
+
+	/**
+	 * TODO Javadoc
+	 */
+	public IntegerAccessReferenceMap(Set<Object> directReferences)
+	{
+		super(directReferences.size());
+		update(directReferences);
+	}
+
+	/**
+	 * TODO Javadoc
+	 */
+	public IntegerAccessReferenceMap(Set<Object> directReferences, int initialSize)
+	{
+		super(initialSize);
+		update(directReferences);
+	}
+
+	/**
+	 * TODO Javadoc
+	 * Note: this is final as redefinition by subclasses
+	 * can lead to use before initialization issues as
+	 * {@link #RandomAccessReferenceMap(Set)} and
+	 * {@link #RandomAccessReferenceMap(Set,int)} both call it
+	 * internally.
+	 */
+	protected final synchronized String getUniqueReference() {
+		return "" + count++;  // returns a string version of the counter
+	}
+
+}

From c56046978a851f54ad353fe30f6b310f1634695b Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:49 -0500
Subject: [PATCH 165/812] Change CRLF to LF for issue 356.

---
 .../reference/RandomAccessReferenceMap.java   | 170 +++++++++---------
 1 file changed, 85 insertions(+), 85 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/RandomAccessReferenceMap.java b/src/main/java/org/owasp/esapi/reference/RandomAccessReferenceMap.java
index 28c3cb87f..1018b64be 100644
--- a/src/main/java/org/owasp/esapi/reference/RandomAccessReferenceMap.java
+++ b/src/main/java/org/owasp/esapi/reference/RandomAccessReferenceMap.java
@@ -1,85 +1,85 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- *
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- *
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- *
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.EncoderConstants;
-
-import java.util.Set;
-
-/**
- * Reference implementation of the AccessReferenceMap interface. This
- * implementation generates random 6 character alphanumeric strings for indirect
- * references. It is possible to use simple integers as indirect references, but
- * the random string approach provides a certain level of protection from CSRF
- * attacks, because an attacker would have difficulty guessing the indirect
- * reference.
- *
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- * @author Chris Schmidt (chrisisbeef@gmail.com)
- * @see org.owasp.esapi.AccessReferenceMap
- * @since June 1, 2007
- */
-public class RandomAccessReferenceMap extends AbstractAccessReferenceMap<String>
-{
-
-   private static final long serialVersionUID = 8544133840739803001L;
-
-   public RandomAccessReferenceMap(int initialSize)
-   {
-      super(initialSize);
-   }
-
-   /**
-    * This AccessReferenceMap implementation uses short random strings to
-    * create a layer of indirection. Other possible implementations would use
-    * simple integers as indirect references.
-    */
-   public RandomAccessReferenceMap()
-   {
-      // call update to set up the references
-   }
-
-   public RandomAccessReferenceMap(Set<Object> directReferences)
-   {
-      super(directReferences.size());
-      update(directReferences);
-   }
-
-   public RandomAccessReferenceMap(Set<Object> directReferences, int initialSize)
-   {
-      super(initialSize);
-      update(directReferences);
-   }
-
-   /**
-    * {@inheritDoc}
-    * Note: this is final as redefinition by subclasses can lead to use
-    * before initialization issues as
-    * {@link #RandomAccessReferenceMap(Set)} and
-    * {@link #RandomAccessReferenceMap(Set,int)} both call it internally.
-    */
-   protected final synchronized String getUniqueReference()
-   {
-      String candidate;
-      do
-      {
-         candidate = ESAPI.randomizer().getRandomString(6, EncoderConstants.CHAR_ALPHANUMERICS);
-      }
-      while (itod.keySet().contains(candidate));
-      return candidate;
-   }
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.EncoderConstants;
+
+import java.util.Set;
+
+/**
+ * Reference implementation of the AccessReferenceMap interface. This
+ * implementation generates random 6 character alphanumeric strings for indirect
+ * references. It is possible to use simple integers as indirect references, but
+ * the random string approach provides a certain level of protection from CSRF
+ * attacks, because an attacker would have difficulty guessing the indirect
+ * reference.
+ *
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ * @author Chris Schmidt (chrisisbeef@gmail.com)
+ * @see org.owasp.esapi.AccessReferenceMap
+ * @since June 1, 2007
+ */
+public class RandomAccessReferenceMap extends AbstractAccessReferenceMap<String>
+{
+
+   private static final long serialVersionUID = 8544133840739803001L;
+
+   public RandomAccessReferenceMap(int initialSize)
+   {
+      super(initialSize);
+   }
+
+   /**
+    * This AccessReferenceMap implementation uses short random strings to
+    * create a layer of indirection. Other possible implementations would use
+    * simple integers as indirect references.
+    */
+   public RandomAccessReferenceMap()
+   {
+      // call update to set up the references
+   }
+
+   public RandomAccessReferenceMap(Set<Object> directReferences)
+   {
+      super(directReferences.size());
+      update(directReferences);
+   }
+
+   public RandomAccessReferenceMap(Set<Object> directReferences, int initialSize)
+   {
+      super(initialSize);
+      update(directReferences);
+   }
+
+   /**
+    * {@inheritDoc}
+    * Note: this is final as redefinition by subclasses can lead to use
+    * before initialization issues as
+    * {@link #RandomAccessReferenceMap(Set)} and
+    * {@link #RandomAccessReferenceMap(Set,int)} both call it internally.
+    */
+   protected final synchronized String getUniqueReference()
+   {
+      String candidate;
+      do
+      {
+         candidate = ESAPI.randomizer().getRandomString(6, EncoderConstants.CHAR_ALPHANUMERICS);
+      }
+      while (itod.keySet().contains(candidate));
+      return candidate;
+   }
+}

From b3fcbb72779a81ed6dc8458c7c78f5232fc16212 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:49 -0500
Subject: [PATCH 166/812] Change CRLF to LF for issue 356.

---
 .../validation/BaseValidationRule.java        | 404 +++++++++---------
 1 file changed, 202 insertions(+), 202 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/validation/BaseValidationRule.java b/src/main/java/org/owasp/esapi/reference/validation/BaseValidationRule.java
index 8201aafd7..031a35467 100644
--- a/src/main/java/org/owasp/esapi/reference/validation/BaseValidationRule.java
+++ b/src/main/java/org/owasp/esapi/reference/validation/BaseValidationRule.java
@@ -1,202 +1,202 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference.validation;
-
-
-import java.util.HashSet;
-import java.util.Set;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.Encoder;
-import org.owasp.esapi.ValidationErrorList;
-import org.owasp.esapi.ValidationRule;
-import org.owasp.esapi.errors.ValidationException;
-
-
-/**
- * A ValidationRule performs syntax and possibly semantic validation of a single
- * piece of data from an untrusted source.
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- * @see org.owasp.esapi.Validator
- */
-public abstract class BaseValidationRule implements ValidationRule {
-
-	private String typeName = null;
-	protected boolean allowNull = false;
-	protected Encoder encoder = null;
-	
-	private BaseValidationRule() {
-		// prevent use of no-arg constructor
-	}
-	
-	public BaseValidationRule( String typeName ) {
-		this();
-		setEncoder( ESAPI.encoder() );
-		setTypeName( typeName );
-	}
-	
-	public BaseValidationRule( String typeName, Encoder encoder ) {
-		this();
-		setEncoder( encoder );
-		setTypeName( typeName );
-	}
-	
-    /**
-     * {@inheritDoc}
-	 */
-	public void setAllowNull( boolean flag ) {
-		allowNull = flag;
-	}
-
-    /**
-     * {@inheritDoc}
-	 */
-	public String getTypeName() {
-		return typeName;
-	}
-	
-    /**
-     * {@inheritDoc}
-	 */
-	public final void setTypeName( String typeName ) {
-		this.typeName = typeName;
-	}
-	
-    /**
-     * {@inheritDoc}
-	 */
-	public final void setEncoder( Encoder encoder ) {
-		this.encoder = encoder;
-	}
-	
-    /**
-     * {@inheritDoc}
-	 */
-	public void assertValid( String context, String input ) throws ValidationException {
-		getValid( context, input );
-	}
-
-    /**
-     * {@inheritDoc}
-	 */
-	public Object getValid( String context, String input, ValidationErrorList errorList ) throws ValidationException {
-		Object valid = null;
-		try {
-			valid = getValid( context, input );
-		} catch (ValidationException e) {
-			if( errorList == null) { 
-				throw e;
-			} else {
-				errorList.addError(context, e);
-			}
-		}
-		return valid;
-	}
-	
-    /**
-     * {@inheritDoc}
-	 */
-	public Object getSafe( String context, String input ) {
-		Object valid = null;
-		try {
-			valid = getValid( context, input );
-		} catch ( ValidationException e ) {
-			return sanitize( context, input );
-		}
-		return valid;
-	}
-
-	/**
-	 * The method is similar to ValidationRuile.getSafe except that it returns a
-	 * harmless object that <b>may or may not have any similarity to the original
-	 * input (in some cases you may not care)</b>. In most cases this should be the
-	 * same as the getSafe method only instead of throwing an exception, return
-	 * some default value.
-	 * 
-	 * @param context
-	 * @param input
-	 * @return a parsed version of the input or a default value.
-	 */
-	protected abstract Object sanitize( String context, String input );
-	
-    /**
-     * {@inheritDoc}
-	 */
-	public boolean isValid( String context, String input ) {
-		boolean valid = false;
-		try {
-			getValid( context, input );
-			valid = true;
-		} catch( Exception e ) {
-			valid = false;
-		}
-		
-		return valid;
-	}
-
-    /**
-     * {@inheritDoc}
-	 */
-	public String whitelist( String input, char[] whitelist) {
-		return whitelist(input, charArrayToSet(whitelist));
-	}
-	
-	/**
-	 * Removes characters that aren't in the whitelist from the input String.  
-	 * O(input.length) whitelist performance
-	 * @param input String to be sanitized
-	 * @param whitelist allowed characters
-	 * @return input stripped of all chars that aren't in the whitelist 
-	 */
-	public String whitelist( String input, Set<Character> whitelist) {
-		StringBuilder stripped = new StringBuilder();
-		for (int i = 0; i < input.length(); i++) {
-			char c = input.charAt(i);
-			if (whitelist.contains(c)) {
-				stripped.append(c);
-			}
-		}
-		return stripped.toString();
-	}
-	
-	// CHECKME should be moved to some utility class (Would potentially be used by new EncoderConstants class)
-	// Is there a standard way to convert an array of primitives to a Collection
-	/**
-	 * Convert an array of characters to a {@code Set<Character>} (so duplicates
-	 * are removed).
-	 * @param array The character array.
-	 * @return A {@code Set<Character>} of the unique characters from {@code array}
-	 *         is returned.
-	 */
-	public static Set<Character> charArrayToSet(char[] array) {
-		Set<Character> toReturn = new HashSet<Character>(array.length);
-		for (char c : array) {
-			toReturn.add(c);
-		}
-		return toReturn;
-	}
-	
-	public boolean isAllowNull() {
-		return allowNull;
-	}
-
-	public Encoder getEncoder() {
-		return encoder;
-	}
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference.validation;
+
+
+import java.util.HashSet;
+import java.util.Set;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Encoder;
+import org.owasp.esapi.ValidationErrorList;
+import org.owasp.esapi.ValidationRule;
+import org.owasp.esapi.errors.ValidationException;
+
+
+/**
+ * A ValidationRule performs syntax and possibly semantic validation of a single
+ * piece of data from an untrusted source.
+ * 
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ * @see org.owasp.esapi.Validator
+ */
+public abstract class BaseValidationRule implements ValidationRule {
+
+	private String typeName = null;
+	protected boolean allowNull = false;
+	protected Encoder encoder = null;
+	
+	private BaseValidationRule() {
+		// prevent use of no-arg constructor
+	}
+	
+	public BaseValidationRule( String typeName ) {
+		this();
+		setEncoder( ESAPI.encoder() );
+		setTypeName( typeName );
+	}
+	
+	public BaseValidationRule( String typeName, Encoder encoder ) {
+		this();
+		setEncoder( encoder );
+		setTypeName( typeName );
+	}
+	
+    /**
+     * {@inheritDoc}
+	 */
+	public void setAllowNull( boolean flag ) {
+		allowNull = flag;
+	}
+
+    /**
+     * {@inheritDoc}
+	 */
+	public String getTypeName() {
+		return typeName;
+	}
+	
+    /**
+     * {@inheritDoc}
+	 */
+	public final void setTypeName( String typeName ) {
+		this.typeName = typeName;
+	}
+	
+    /**
+     * {@inheritDoc}
+	 */
+	public final void setEncoder( Encoder encoder ) {
+		this.encoder = encoder;
+	}
+	
+    /**
+     * {@inheritDoc}
+	 */
+	public void assertValid( String context, String input ) throws ValidationException {
+		getValid( context, input );
+	}
+
+    /**
+     * {@inheritDoc}
+	 */
+	public Object getValid( String context, String input, ValidationErrorList errorList ) throws ValidationException {
+		Object valid = null;
+		try {
+			valid = getValid( context, input );
+		} catch (ValidationException e) {
+			if( errorList == null) { 
+				throw e;
+			} else {
+				errorList.addError(context, e);
+			}
+		}
+		return valid;
+	}
+	
+    /**
+     * {@inheritDoc}
+	 */
+	public Object getSafe( String context, String input ) {
+		Object valid = null;
+		try {
+			valid = getValid( context, input );
+		} catch ( ValidationException e ) {
+			return sanitize( context, input );
+		}
+		return valid;
+	}
+
+	/**
+	 * The method is similar to ValidationRuile.getSafe except that it returns a
+	 * harmless object that <b>may or may not have any similarity to the original
+	 * input (in some cases you may not care)</b>. In most cases this should be the
+	 * same as the getSafe method only instead of throwing an exception, return
+	 * some default value.
+	 * 
+	 * @param context
+	 * @param input
+	 * @return a parsed version of the input or a default value.
+	 */
+	protected abstract Object sanitize( String context, String input );
+	
+    /**
+     * {@inheritDoc}
+	 */
+	public boolean isValid( String context, String input ) {
+		boolean valid = false;
+		try {
+			getValid( context, input );
+			valid = true;
+		} catch( Exception e ) {
+			valid = false;
+		}
+		
+		return valid;
+	}
+
+    /**
+     * {@inheritDoc}
+	 */
+	public String whitelist( String input, char[] whitelist) {
+		return whitelist(input, charArrayToSet(whitelist));
+	}
+	
+	/**
+	 * Removes characters that aren't in the whitelist from the input String.  
+	 * O(input.length) whitelist performance
+	 * @param input String to be sanitized
+	 * @param whitelist allowed characters
+	 * @return input stripped of all chars that aren't in the whitelist 
+	 */
+	public String whitelist( String input, Set<Character> whitelist) {
+		StringBuilder stripped = new StringBuilder();
+		for (int i = 0; i < input.length(); i++) {
+			char c = input.charAt(i);
+			if (whitelist.contains(c)) {
+				stripped.append(c);
+			}
+		}
+		return stripped.toString();
+	}
+	
+	// CHECKME should be moved to some utility class (Would potentially be used by new EncoderConstants class)
+	// Is there a standard way to convert an array of primitives to a Collection
+	/**
+	 * Convert an array of characters to a {@code Set<Character>} (so duplicates
+	 * are removed).
+	 * @param array The character array.
+	 * @return A {@code Set<Character>} of the unique characters from {@code array}
+	 *         is returned.
+	 */
+	public static Set<Character> charArrayToSet(char[] array) {
+		Set<Character> toReturn = new HashSet<Character>(array.length);
+		for (char c : array) {
+			toReturn.add(c);
+		}
+		return toReturn;
+	}
+	
+	public boolean isAllowNull() {
+		return allowNull;
+	}
+
+	public Encoder getEncoder() {
+		return encoder;
+	}
+}

From d240683f9c5a14b3e9eeea6627d9964356f19655 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:49 -0500
Subject: [PATCH 167/812] Change CRLF to LF for issue 356.

---
 .../validation/CreditCardValidationRule.java  | 330 +++++++++---------
 1 file changed, 165 insertions(+), 165 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/validation/CreditCardValidationRule.java b/src/main/java/org/owasp/esapi/reference/validation/CreditCardValidationRule.java
index 86f7d4c52..008f1a19a 100644
--- a/src/main/java/org/owasp/esapi/reference/validation/CreditCardValidationRule.java
+++ b/src/main/java/org/owasp/esapi/reference/validation/CreditCardValidationRule.java
@@ -1,165 +1,165 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference.validation;
-
-import java.util.regex.Pattern;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.Encoder;
-import org.owasp.esapi.EncoderConstants;
-import org.owasp.esapi.StringUtilities;
-import org.owasp.esapi.errors.ValidationException;
-
-/**
- * A validator performs syntax and possibly semantic validation of Credit Card
- * String from an untrusted source.
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- * @see org.owasp.esapi.Validator
- */
-public class CreditCardValidationRule extends BaseValidationRule {
-	private int maxCardLength = 19;
-	
-	/**
-	 * Key used to pull out encoder in configuration.  Prefixed with "Validator."
-	 */
-	protected static final String CREDIT_CARD_VALIDATOR_KEY = "CreditCard";
-	
-	private StringValidationRule ccrule = null; 
-	
-	/**
-	 * Creates a CreditCardValidator using the rule found in security configuration
-	 * @param typeName a description of the type of card being validated
-	 * @param encoder
-	 */
-	public CreditCardValidationRule( String typeName, Encoder encoder ) {
-		super( typeName, encoder );
-		ccrule = readDefaultCreditCardRule();
-	}
-	
-	public CreditCardValidationRule( String typeName, Encoder encoder, StringValidationRule validationRule ) {
-		super( typeName, encoder );
-		ccrule = validationRule;
-	}
-
-	private StringValidationRule readDefaultCreditCardRule() {
-		Pattern p = ESAPI.securityConfiguration().getValidationPattern( CREDIT_CARD_VALIDATOR_KEY );
-		StringValidationRule ccr = new StringValidationRule( "ccrule", encoder, p.pattern() );
-		ccr.setMaximumLength(getMaxCardLength());
-		ccr.setAllowNull( false );
-		return ccr;
-	}
-	
-    /**
-     * {@inheritDoc}
-     */
-	public String getValid( String context, String input ) throws ValidationException {
-		// CHECKME should this allow empty Strings? "   " us IsBlank instead?
-	    if ( StringUtilities.isEmpty(input) ) {
-			if (allowNull) {
-				return null;
-			}
-			throw new ValidationException( context + ": Input credit card required", "Input credit card required: context=" + context + ", input=" + input, context );
-	    }
-	    
-	    String canonical = ccrule.getValid( context, input );
-
-		if( ! validCreditCardFormat(canonical)) {
-			throw new ValidationException( context + ": Invalid credit card input", "Invalid credit card input: context=" + context, context );
-		}
-		
-		return canonical;	    
-	}
-
-	/**
-	 * Performs additional validation on the card nummber.
-	 * This implementation performs Luhn algorithm checking
-	 * @param ccNum number to be validated
-	 * @return true if the ccNum passes the Luhn Algorithm
-	 */
-	protected boolean validCreditCardFormat(String ccNum) {
-		
-	    StringBuilder digitsOnly = new StringBuilder();
-		char c;
-		for (int i = 0; i < ccNum.length(); i++) {
-			c = ccNum.charAt(i);
-			if (Character.isDigit(c)) {
-				digitsOnly.append(c);
-			}
-		}
-	
-		int sum = 0;
-		int digit = 0;
-		int addend = 0;
-		boolean timesTwo = false;
-	
-		for (int i = digitsOnly.length() - 1; i >= 0; i--) {
-			// guaranteed to be an int
-			digit = Integer.valueOf(digitsOnly.substring(i, i + 1));
-			if (timesTwo) {
-				addend = digit * 2;
-				if (addend > 9) {
-					addend -= 9;
-				}
-			} else {
-				addend = digit;
-			}
-			sum += addend;
-			timesTwo = !timesTwo;
-		}
-
-		return sum % 10 == 0; 
-	
-	}
-	
-    /**
-     * {@inheritDoc}
-     */
-	@Override
-	public String sanitize( String context, String input ) {
-		return whitelist( input, EncoderConstants.CHAR_DIGITS );
-	}
-
-	/**
-	 * @param ccrule the ccrule to set
-	 */
-	public void setStringValidatorRule(StringValidationRule ccrule) {
-		this.ccrule = ccrule;
-	}
-
-	/**
-	 * @return the ccrule
-	 */
-	public StringValidationRule getStringValidatorRule() {
-		return ccrule;
-	}
-
-	/**
-	 * @param maxCardLength the maxCardLength to set
-	 */
-	public void setMaxCardLength(int maxCardLength) {
-		this.maxCardLength = maxCardLength;
-	}
-
-	/**
-	 * @return the maxCardLength
-	 */
-	public int getMaxCardLength() {
-		return maxCardLength;
-	}
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference.validation;
+
+import java.util.regex.Pattern;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Encoder;
+import org.owasp.esapi.EncoderConstants;
+import org.owasp.esapi.StringUtilities;
+import org.owasp.esapi.errors.ValidationException;
+
+/**
+ * A validator performs syntax and possibly semantic validation of Credit Card
+ * String from an untrusted source.
+ * 
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ * @see org.owasp.esapi.Validator
+ */
+public class CreditCardValidationRule extends BaseValidationRule {
+	private int maxCardLength = 19;
+	
+	/**
+	 * Key used to pull out encoder in configuration.  Prefixed with "Validator."
+	 */
+	protected static final String CREDIT_CARD_VALIDATOR_KEY = "CreditCard";
+	
+	private StringValidationRule ccrule = null; 
+	
+	/**
+	 * Creates a CreditCardValidator using the rule found in security configuration
+	 * @param typeName a description of the type of card being validated
+	 * @param encoder
+	 */
+	public CreditCardValidationRule( String typeName, Encoder encoder ) {
+		super( typeName, encoder );
+		ccrule = readDefaultCreditCardRule();
+	}
+	
+	public CreditCardValidationRule( String typeName, Encoder encoder, StringValidationRule validationRule ) {
+		super( typeName, encoder );
+		ccrule = validationRule;
+	}
+
+	private StringValidationRule readDefaultCreditCardRule() {
+		Pattern p = ESAPI.securityConfiguration().getValidationPattern( CREDIT_CARD_VALIDATOR_KEY );
+		StringValidationRule ccr = new StringValidationRule( "ccrule", encoder, p.pattern() );
+		ccr.setMaximumLength(getMaxCardLength());
+		ccr.setAllowNull( false );
+		return ccr;
+	}
+	
+    /**
+     * {@inheritDoc}
+     */
+	public String getValid( String context, String input ) throws ValidationException {
+		// CHECKME should this allow empty Strings? "   " us IsBlank instead?
+	    if ( StringUtilities.isEmpty(input) ) {
+			if (allowNull) {
+				return null;
+			}
+			throw new ValidationException( context + ": Input credit card required", "Input credit card required: context=" + context + ", input=" + input, context );
+	    }
+	    
+	    String canonical = ccrule.getValid( context, input );
+
+		if( ! validCreditCardFormat(canonical)) {
+			throw new ValidationException( context + ": Invalid credit card input", "Invalid credit card input: context=" + context, context );
+		}
+		
+		return canonical;	    
+	}
+
+	/**
+	 * Performs additional validation on the card nummber.
+	 * This implementation performs Luhn algorithm checking
+	 * @param ccNum number to be validated
+	 * @return true if the ccNum passes the Luhn Algorithm
+	 */
+	protected boolean validCreditCardFormat(String ccNum) {
+		
+	    StringBuilder digitsOnly = new StringBuilder();
+		char c;
+		for (int i = 0; i < ccNum.length(); i++) {
+			c = ccNum.charAt(i);
+			if (Character.isDigit(c)) {
+				digitsOnly.append(c);
+			}
+		}
+	
+		int sum = 0;
+		int digit = 0;
+		int addend = 0;
+		boolean timesTwo = false;
+	
+		for (int i = digitsOnly.length() - 1; i >= 0; i--) {
+			// guaranteed to be an int
+			digit = Integer.valueOf(digitsOnly.substring(i, i + 1));
+			if (timesTwo) {
+				addend = digit * 2;
+				if (addend > 9) {
+					addend -= 9;
+				}
+			} else {
+				addend = digit;
+			}
+			sum += addend;
+			timesTwo = !timesTwo;
+		}
+
+		return sum % 10 == 0; 
+	
+	}
+	
+    /**
+     * {@inheritDoc}
+     */
+	@Override
+	public String sanitize( String context, String input ) {
+		return whitelist( input, EncoderConstants.CHAR_DIGITS );
+	}
+
+	/**
+	 * @param ccrule the ccrule to set
+	 */
+	public void setStringValidatorRule(StringValidationRule ccrule) {
+		this.ccrule = ccrule;
+	}
+
+	/**
+	 * @return the ccrule
+	 */
+	public StringValidationRule getStringValidatorRule() {
+		return ccrule;
+	}
+
+	/**
+	 * @param maxCardLength the maxCardLength to set
+	 */
+	public void setMaxCardLength(int maxCardLength) {
+		this.maxCardLength = maxCardLength;
+	}
+
+	/**
+	 * @return the maxCardLength
+	 */
+	public int getMaxCardLength() {
+		return maxCardLength;
+	}
+}

From ddedf0d7ba3dc471a9908e49f95b9d282951ad37 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:49 -0500
Subject: [PATCH 168/812] Change CRLF to LF for issue 356.

---
 .../validation/DateValidationRule.java        | 212 +++++++++---------
 1 file changed, 106 insertions(+), 106 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/validation/DateValidationRule.java b/src/main/java/org/owasp/esapi/reference/validation/DateValidationRule.java
index 7e66b207c..8d031a12f 100644
--- a/src/main/java/org/owasp/esapi/reference/validation/DateValidationRule.java
+++ b/src/main/java/org/owasp/esapi/reference/validation/DateValidationRule.java
@@ -1,106 +1,106 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference.validation;
-
-import java.text.DateFormat;
-import java.util.Date;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.Encoder;
-import org.owasp.esapi.StringUtilities;
-import org.owasp.esapi.errors.ValidationException;
-
-/**
- * A validator performs syntax and possibly semantic validation of a single
- * piece of data from an untrusted source.
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- * @see org.owasp.esapi.Validator
- */
-public class DateValidationRule extends BaseValidationRule {
-	private DateFormat format = DateFormat.getDateInstance();
-	
-	public DateValidationRule( String typeName, Encoder encoder, DateFormat newFormat ) {
-		super( typeName, encoder );      
-		setDateFormat( newFormat );
-	}
-	
-    public final void setDateFormat( DateFormat newFormat ) {
-        if (newFormat == null) {
-			throw new IllegalArgumentException("DateValidationRule.setDateFormat requires a non-null DateFormat");
-		}
-    	// CHECKME fail fast?
-/*		
-  		try {
-			newFormat.parse(new Date());
-		} catch (ParseException e) {
-			throw new IllegalArgumentException(e);
-		}
-*/
-        this.format = newFormat;
-        this.format.setLenient( ESAPI.securityConfiguration().getLenientDatesAccepted() );
-    }
-
-    /**
-     * {@inheritDoc}
-     */
-	public Date getValid( String context, String input ) throws ValidationException {
-		return safelyParse(context, input);
-	}
-
-    /**
-     * {@inheritDoc}
-     * 
-     * Calls sanitize(String, String, DateFormat) with DateFormat.getInstance()
-     */
-	@Override
-	public Date sanitize( String context, String input )  {
-		Date date = new Date(0);
-		try {
-			date = safelyParse(context, input);
-		} catch (ValidationException e) {
-			// do nothing
-	    }
-		return date;
-	}
-	    
-	private Date safelyParse(String context, String input)
-			throws ValidationException {
-		// CHECKME should this allow empty Strings? "   " use IsBlank instead?
-		if (StringUtilities.isEmpty(input)) {
-			if (allowNull) {
-				return null;
-			}
-			throw new ValidationException(context + ": Input date required",
-					"Input date required: context=" + context + ", input="
-							+ input, context);
-		}
-
-	    String canonical = encoder.canonicalize(input);
-
-		try {
-			return format.parse(canonical);
-		} catch (Exception e) {
-			throw new ValidationException(context
-					+ ": Invalid date must follow the "
-					+ format.getNumberFormat() + " format",
-					"Invalid date: context=" + context + ", format=" + format
-							+ ", input=" + input, e, context);
-		}
-	}
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference.validation;
+
+import java.text.DateFormat;
+import java.util.Date;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Encoder;
+import org.owasp.esapi.StringUtilities;
+import org.owasp.esapi.errors.ValidationException;
+
+/**
+ * A validator performs syntax and possibly semantic validation of a single
+ * piece of data from an untrusted source.
+ * 
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ * @see org.owasp.esapi.Validator
+ */
+public class DateValidationRule extends BaseValidationRule {
+	private DateFormat format = DateFormat.getDateInstance();
+	
+	public DateValidationRule( String typeName, Encoder encoder, DateFormat newFormat ) {
+		super( typeName, encoder );      
+		setDateFormat( newFormat );
+	}
+	
+    public final void setDateFormat( DateFormat newFormat ) {
+        if (newFormat == null) {
+			throw new IllegalArgumentException("DateValidationRule.setDateFormat requires a non-null DateFormat");
+		}
+    	// CHECKME fail fast?
+/*		
+  		try {
+			newFormat.parse(new Date());
+		} catch (ParseException e) {
+			throw new IllegalArgumentException(e);
+		}
+*/
+        this.format = newFormat;
+        this.format.setLenient( ESAPI.securityConfiguration().getLenientDatesAccepted() );
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+	public Date getValid( String context, String input ) throws ValidationException {
+		return safelyParse(context, input);
+	}
+
+    /**
+     * {@inheritDoc}
+     * 
+     * Calls sanitize(String, String, DateFormat) with DateFormat.getInstance()
+     */
+	@Override
+	public Date sanitize( String context, String input )  {
+		Date date = new Date(0);
+		try {
+			date = safelyParse(context, input);
+		} catch (ValidationException e) {
+			// do nothing
+	    }
+		return date;
+	}
+	    
+	private Date safelyParse(String context, String input)
+			throws ValidationException {
+		// CHECKME should this allow empty Strings? "   " use IsBlank instead?
+		if (StringUtilities.isEmpty(input)) {
+			if (allowNull) {
+				return null;
+			}
+			throw new ValidationException(context + ": Input date required",
+					"Input date required: context=" + context + ", input="
+							+ input, context);
+		}
+
+	    String canonical = encoder.canonicalize(input);
+
+		try {
+			return format.parse(canonical);
+		} catch (Exception e) {
+			throw new ValidationException(context
+					+ ": Invalid date must follow the "
+					+ format.getNumberFormat() + " format",
+					"Invalid date: context=" + context + ", format=" + format
+							+ ", input=" + input, e, context);
+		}
+	}
+}

From 3bb40edf657afa424e7f822b1d7ac62eb7e4dc7d Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:50 -0500
Subject: [PATCH 169/812] Change CRLF to LF for issue 356.

---
 .../validation/HTMLValidationRule.java        | 258 +++++++++---------
 1 file changed, 129 insertions(+), 129 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/validation/HTMLValidationRule.java b/src/main/java/org/owasp/esapi/reference/validation/HTMLValidationRule.java
index e08e2b0f5..ef450f263 100644
--- a/src/main/java/org/owasp/esapi/reference/validation/HTMLValidationRule.java
+++ b/src/main/java/org/owasp/esapi/reference/validation/HTMLValidationRule.java
@@ -1,129 +1,129 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference.validation;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.List;
-
-import org.owasp.esapi.errors.ConfigurationException;
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.Encoder;
-import org.owasp.esapi.Logger;
-import org.owasp.esapi.StringUtilities;
-import org.owasp.esapi.errors.ValidationException;
-import org.owasp.validator.html.AntiSamy;
-import org.owasp.validator.html.CleanResults;
-import org.owasp.validator.html.Policy;
-import org.owasp.validator.html.PolicyException;
-import org.owasp.validator.html.ScanException;
-
-
-/**
- * A validator performs syntax and possibly semantic validation of a single
- * piece of data from an untrusted source.
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- * @see org.owasp.esapi.Validator
- */
-public class HTMLValidationRule extends StringValidationRule {
-	
-	/** OWASP AntiSamy markup verification policy */
-	private static Policy antiSamyPolicy = null;
-	private static final Logger LOGGER = ESAPI.getLogger( "HTMLValidationRule" ); 
-	
-	static {
-        InputStream resourceStream = null;
-		try {
-			resourceStream = ESAPI.securityConfiguration().getResourceStream("antisamy-esapi.xml");
-		} catch (IOException e) {
-			throw new ConfigurationException("Couldn't find antisamy-esapi.xml", e);
-	            }
-        if (resourceStream != null) {
-        	try {
-				antiSamyPolicy = Policy.getInstance(resourceStream);
-			} catch (PolicyException e) {
-				throw new ConfigurationException("Couldn't parse antisamy policy", e);
-		        }
-			}
-		}
-
-	public HTMLValidationRule( String typeName ) {
-		super( typeName );
-	}
-	
-	public HTMLValidationRule( String typeName, Encoder encoder ) {
-		super( typeName, encoder );
-	}
-
-	public HTMLValidationRule( String typeName, Encoder encoder, String whitelistPattern ) {
-		super( typeName, encoder, whitelistPattern );
-	}
-	
-    /**
-     * {@inheritDoc}
-     */
-	@Override
-	public String getValid( String context, String input ) throws ValidationException {
-		return invokeAntiSamy( context, input );
-	}
-		
-    /**
-     * {@inheritDoc}
-     */
-	@Override
-	public String sanitize( String context, String input ) {
-		String safe = "";
-		try {
-			safe = invokeAntiSamy( context, input );
-		} catch( ValidationException e ) {
-			// just return safe
-		}
-		return safe;
-	}
-
-	private String invokeAntiSamy( String context, String input ) throws ValidationException {
-		// CHECKME should this allow empty Strings? "   " us IsBlank instead?
-	    if ( StringUtilities.isEmpty(input) ) {
-			if (allowNull) {
-				return null;
-			}
-			throw new ValidationException( context + " is required", "AntiSamy validation error: context=" + context + ", input=" + input, context );
-	    }
-	    
-		String canonical = super.getValid( context, input );
-
-		try {
-			AntiSamy as = new AntiSamy();
-			CleanResults test = as.scan(canonical, antiSamyPolicy);
-			
-			List<String> errors = test.getErrorMessages();
-			if ( !errors.isEmpty() ) {
-				LOGGER.info( Logger.SECURITY_FAILURE, "Cleaned up invalid HTML input: " + errors );
-			}
-			
-			return test.getCleanHTML().trim();
-			
-		} catch (ScanException e) {
-			throw new ValidationException( context + ": Invalid HTML input", "Invalid HTML input: context=" + context + " error=" + e.getMessage(), e, context );
-		} catch (PolicyException e) {
-			throw new ValidationException( context + ": Invalid HTML input", "Invalid HTML input does not follow rules in antisamy-esapi.xml: context=" + context + " error=" + e.getMessage(), e, context );
-		}
-	}
-}
-
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference.validation;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.List;
+
+import org.owasp.esapi.errors.ConfigurationException;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Encoder;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.StringUtilities;
+import org.owasp.esapi.errors.ValidationException;
+import org.owasp.validator.html.AntiSamy;
+import org.owasp.validator.html.CleanResults;
+import org.owasp.validator.html.Policy;
+import org.owasp.validator.html.PolicyException;
+import org.owasp.validator.html.ScanException;
+
+
+/**
+ * A validator performs syntax and possibly semantic validation of a single
+ * piece of data from an untrusted source.
+ * 
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ * @see org.owasp.esapi.Validator
+ */
+public class HTMLValidationRule extends StringValidationRule {
+	
+	/** OWASP AntiSamy markup verification policy */
+	private static Policy antiSamyPolicy = null;
+	private static final Logger LOGGER = ESAPI.getLogger( "HTMLValidationRule" ); 
+	
+	static {
+        InputStream resourceStream = null;
+		try {
+			resourceStream = ESAPI.securityConfiguration().getResourceStream("antisamy-esapi.xml");
+		} catch (IOException e) {
+			throw new ConfigurationException("Couldn't find antisamy-esapi.xml", e);
+	            }
+        if (resourceStream != null) {
+        	try {
+				antiSamyPolicy = Policy.getInstance(resourceStream);
+			} catch (PolicyException e) {
+				throw new ConfigurationException("Couldn't parse antisamy policy", e);
+		        }
+			}
+		}
+
+	public HTMLValidationRule( String typeName ) {
+		super( typeName );
+	}
+	
+	public HTMLValidationRule( String typeName, Encoder encoder ) {
+		super( typeName, encoder );
+	}
+
+	public HTMLValidationRule( String typeName, Encoder encoder, String whitelistPattern ) {
+		super( typeName, encoder, whitelistPattern );
+	}
+	
+    /**
+     * {@inheritDoc}
+     */
+	@Override
+	public String getValid( String context, String input ) throws ValidationException {
+		return invokeAntiSamy( context, input );
+	}
+		
+    /**
+     * {@inheritDoc}
+     */
+	@Override
+	public String sanitize( String context, String input ) {
+		String safe = "";
+		try {
+			safe = invokeAntiSamy( context, input );
+		} catch( ValidationException e ) {
+			// just return safe
+		}
+		return safe;
+	}
+
+	private String invokeAntiSamy( String context, String input ) throws ValidationException {
+		// CHECKME should this allow empty Strings? "   " us IsBlank instead?
+	    if ( StringUtilities.isEmpty(input) ) {
+			if (allowNull) {
+				return null;
+			}
+			throw new ValidationException( context + " is required", "AntiSamy validation error: context=" + context + ", input=" + input, context );
+	    }
+	    
+		String canonical = super.getValid( context, input );
+
+		try {
+			AntiSamy as = new AntiSamy();
+			CleanResults test = as.scan(canonical, antiSamyPolicy);
+			
+			List<String> errors = test.getErrorMessages();
+			if ( !errors.isEmpty() ) {
+				LOGGER.info( Logger.SECURITY_FAILURE, "Cleaned up invalid HTML input: " + errors );
+			}
+			
+			return test.getCleanHTML().trim();
+			
+		} catch (ScanException e) {
+			throw new ValidationException( context + ": Invalid HTML input", "Invalid HTML input: context=" + context + " error=" + e.getMessage(), e, context );
+		} catch (PolicyException e) {
+			throw new ValidationException( context + ": Invalid HTML input", "Invalid HTML input does not follow rules in antisamy-esapi.xml: context=" + context + " error=" + e.getMessage(), e, context );
+		}
+	}
+}
+

From eb26c877b6f6e19d351579e40c98c8536910740c Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:50 -0500
Subject: [PATCH 170/812] Change CRLF to LF for issue 356.

---
 .../validation/IntegerValidationRule.java     | 188 +++++++++---------
 1 file changed, 94 insertions(+), 94 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/validation/IntegerValidationRule.java b/src/main/java/org/owasp/esapi/reference/validation/IntegerValidationRule.java
index fe011cf46..e01037723 100644
--- a/src/main/java/org/owasp/esapi/reference/validation/IntegerValidationRule.java
+++ b/src/main/java/org/owasp/esapi/reference/validation/IntegerValidationRule.java
@@ -1,95 +1,95 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference.validation;
-
-import org.owasp.esapi.Encoder;
-import org.owasp.esapi.StringUtilities;
-import org.owasp.esapi.errors.ValidationException;
-
-
-/**
- * A validator performs syntax and possibly semantic validation of a single
- * piece of data from an untrusted source.
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- * @see org.owasp.esapi.Validator
- */
-public class IntegerValidationRule extends BaseValidationRule {
-	
-	private int minValue = Integer.MIN_VALUE;
-	private int maxValue = Integer.MAX_VALUE;
-	
-	public IntegerValidationRule( String typeName, Encoder encoder ) {
-		super( typeName, encoder );
-	}
-
-	public IntegerValidationRule( String typeName, Encoder encoder, int minValue, int maxValue ) {
-		super( typeName, encoder );
-		this.minValue = minValue;
-		this.maxValue = maxValue;
-	}
-
-	public Integer getValid( String context, String input ) throws ValidationException {
-		return safelyParse(context, input);
-	}
-
-	private Integer safelyParse(String context, String input) throws ValidationException {
-		// do not allow empty Strings such as "   " - so trim to ensure 
-		// isEmpty catches "    "
-		if (input != null) input = input.trim();
-		
-	    if ( StringUtilities.isEmpty(input) ) {
-			if (allowNull) {
-				return null;
-			}
-			throw new ValidationException( context + ": Input number required", "Input number required: context=" + context + ", input=" + input, context );
-	    }
-	    
-	    // canonicalize
-	    String canonical = encoder.canonicalize( input );
-
-		if (minValue > maxValue) {
-			throw new ValidationException( context + ": Invalid number input: context", "Validation parameter error for number: maxValue ( " + maxValue + ") must be greater than minValue ( " + minValue + ") for " + context, context );
-		}
-		
-		// validate min and max
-		try {
-			int i = Integer.valueOf(canonical);
-			if (i < minValue) {
-				throw new ValidationException( "Invalid number input must be between " + minValue + " and " + maxValue + ": context=" + context, "Invalid number input must be between " + minValue + " and " + maxValue + ": context=" + context + ", input=" + input, context );
-			}
-			if (i > maxValue) {
-				throw new ValidationException( "Invalid number input must be between " + minValue + " and " + maxValue + ": context=" + context, "Invalid number input must be between " + minValue + " and " + maxValue + ": context=" + context + ", input=" + input, context );
-			}			
-			return i;
-		} catch (NumberFormatException e) {
-			throw new ValidationException( context + ": Invalid number input", "Invalid number input format: context=" + context + ", input=" + input, e, context);
-		}
-	}
-
-	@Override
-	public Integer sanitize( String context, String input ) {
-		Integer toReturn = Integer.valueOf( 0 );
-		try {
-			toReturn = safelyParse(context, input);
-		} catch (ValidationException e ) {
-			// do nothing
-		}
-		return toReturn;
-	}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference.validation;
+
+import org.owasp.esapi.Encoder;
+import org.owasp.esapi.StringUtilities;
+import org.owasp.esapi.errors.ValidationException;
+
+
+/**
+ * A validator performs syntax and possibly semantic validation of a single
+ * piece of data from an untrusted source.
+ * 
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ * @see org.owasp.esapi.Validator
+ */
+public class IntegerValidationRule extends BaseValidationRule {
+	
+	private int minValue = Integer.MIN_VALUE;
+	private int maxValue = Integer.MAX_VALUE;
+	
+	public IntegerValidationRule( String typeName, Encoder encoder ) {
+		super( typeName, encoder );
+	}
+
+	public IntegerValidationRule( String typeName, Encoder encoder, int minValue, int maxValue ) {
+		super( typeName, encoder );
+		this.minValue = minValue;
+		this.maxValue = maxValue;
+	}
+
+	public Integer getValid( String context, String input ) throws ValidationException {
+		return safelyParse(context, input);
+	}
+
+	private Integer safelyParse(String context, String input) throws ValidationException {
+		// do not allow empty Strings such as "   " - so trim to ensure 
+		// isEmpty catches "    "
+		if (input != null) input = input.trim();
+		
+	    if ( StringUtilities.isEmpty(input) ) {
+			if (allowNull) {
+				return null;
+			}
+			throw new ValidationException( context + ": Input number required", "Input number required: context=" + context + ", input=" + input, context );
+	    }
+	    
+	    // canonicalize
+	    String canonical = encoder.canonicalize( input );
+
+		if (minValue > maxValue) {
+			throw new ValidationException( context + ": Invalid number input: context", "Validation parameter error for number: maxValue ( " + maxValue + ") must be greater than minValue ( " + minValue + ") for " + context, context );
+		}
+		
+		// validate min and max
+		try {
+			int i = Integer.valueOf(canonical);
+			if (i < minValue) {
+				throw new ValidationException( "Invalid number input must be between " + minValue + " and " + maxValue + ": context=" + context, "Invalid number input must be between " + minValue + " and " + maxValue + ": context=" + context + ", input=" + input, context );
+			}
+			if (i > maxValue) {
+				throw new ValidationException( "Invalid number input must be between " + minValue + " and " + maxValue + ": context=" + context, "Invalid number input must be between " + minValue + " and " + maxValue + ": context=" + context + ", input=" + input, context );
+			}			
+			return i;
+		} catch (NumberFormatException e) {
+			throw new ValidationException( context + ": Invalid number input", "Invalid number input format: context=" + context + ", input=" + input, e, context);
+		}
+	}
+
+	@Override
+	public Integer sanitize( String context, String input ) {
+		Integer toReturn = Integer.valueOf( 0 );
+		try {
+			toReturn = safelyParse(context, input);
+		} catch (ValidationException e ) {
+			// do nothing
+		}
+		return toReturn;
+	}
 }
\ No newline at end of file

From 887f90d022b448f37c7282b787d9992adaf50b9e Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:50 -0500
Subject: [PATCH 171/812] Change CRLF to LF for issue 356.

---
 .../validation/NumberValidationRule.java      | 292 +++++++++---------
 1 file changed, 146 insertions(+), 146 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/validation/NumberValidationRule.java b/src/main/java/org/owasp/esapi/reference/validation/NumberValidationRule.java
index d6cd8ff66..b5933a31f 100644
--- a/src/main/java/org/owasp/esapi/reference/validation/NumberValidationRule.java
+++ b/src/main/java/org/owasp/esapi/reference/validation/NumberValidationRule.java
@@ -1,146 +1,146 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference.validation;
-
-import java.math.BigDecimal;
-
-import org.owasp.esapi.Encoder;
-import org.owasp.esapi.StringUtilities;
-import org.owasp.esapi.errors.ValidationException;
-
-
-/**
- * A validator performs syntax and possibly semantic validation of a single
- * piece of data from an untrusted source.
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- * @see org.owasp.esapi.Validator
- */
-public class NumberValidationRule extends BaseValidationRule {
-	
-	private double minValue = Double.NEGATIVE_INFINITY;
-	private double maxValue = Double.POSITIVE_INFINITY;
-	
-	public NumberValidationRule( String typeName, Encoder encoder ) {
-		super( typeName, encoder );
-	}
-
-	public NumberValidationRule( String typeName, Encoder encoder, double minValue, double maxValue ) {
-		super( typeName, encoder );
-		this.minValue = minValue;
-		this.maxValue = maxValue;
-	}
-
-    /**
-     * {@inheritDoc}
-     */
-	public Double getValid( String context, String input ) throws ValidationException {
-		return safelyParse(context, input);
-	}
-	
-    /**
-     * {@inheritDoc}
-     */
-	@Override
-	public Double sanitize( String context, String input ) {
-		Double toReturn = Double.valueOf(0);
-		try {
-			toReturn = safelyParse(context, input);
-		} catch (ValidationException e) {
-			// do nothing
-		}
-		return toReturn;
-	}
-	//
-	// These statics needed to detect double parsing DOS bug in Java
-	//
-	private static BigDecimal bigBad;
-	private static BigDecimal smallBad;
-
-	static {
-		
-		BigDecimal one = new BigDecimal(1);
-		BigDecimal two = new BigDecimal(2);
-		
-		BigDecimal tiny = one.divide(two.pow(1022));
-		
-		// 2^(-1022) ­ 2^(-1076)
-		bigBad = tiny.subtract(one.divide(two.pow(1076)));
-		//2^(-1022) ­ 2^(-1075)
-		smallBad = tiny.subtract(one.divide(two.pow(1075)));
-	}	
-
-	private Double safelyParse(String context, String input) throws ValidationException {
-
-		// CHECKME should this allow empty Strings? "   " us IsBlank instead?
-	    if ( StringUtilities.isEmpty(input) ) {
-			if (allowNull) {
-				return null;
-			}
-			throw new ValidationException( context + ": Input number required", "Input number required: context=" + context + ", input=" + input, context );
-	    }
-	    
-	    // canonicalize
-	    String canonical = encoder.canonicalize( input );
-
-	    //if MinValue is greater than maxValue then programmer is likely calling this wrong
-		if (minValue > maxValue) {
-			throw new ValidationException( context + ": Invalid number input: context", "Validation parameter error for number: maxValue ( " + maxValue + ") must be greater than minValue ( " + minValue + ") for " + context, context );
-		}
-		
-		//convert to BigDecimal so we can safely parse dangerous numbers to 
-		//check if the number may DOS the double parser
-		BigDecimal bd;
-		try {
-			bd = new BigDecimal(canonical);
-		} catch (NumberFormatException e) {
-			throw new ValidationException( context + ": Invalid number input", "Invalid number input format: context=" + context + ", input=" + input, e, context);
-		}
-		
-		// Thanks to Brian Chess for this suggestion
-		// Check if string input is in the "dangerous" double parsing range
-		if (bd.compareTo(smallBad) >= 0 && bd.compareTo(bigBad) <= 0) {
-			// if you get here you know you're looking at a bad value. The final
-			// value for any double in this range is supposed to be the following safe #			
-			return new Double("2.2250738585072014E-308");
-		}
-		
-		// the number is safe to parseDouble
-		Double d;
-		// validate min and max
-		try {
-			d = Double.valueOf(Double.parseDouble( canonical ));
-		} catch (NumberFormatException e) {
-			throw new ValidationException( context + ": Invalid number input", "Invalid number input format: context=" + context + ", input=" + input, e, context);
-		}
-	
-		if (d.isInfinite()) {
-			throw new ValidationException( "Invalid number input: context=" + context, "Invalid double input is infinite: context=" + context + ", input=" + input, context );
-	}
-		if (d.isNaN()) {
-			throw new ValidationException( "Invalid number input: context=" + context, "Invalid double input is not a number: context=" + context + ", input=" + input, context );
-		}
-		if (d.doubleValue() < minValue) {
-			throw new ValidationException( "Invalid number input must be between " + minValue + " and " + maxValue + ": context=" + context, "Invalid number input must be between " + minValue + " and " + maxValue + ": context=" + context + ", input=" + input, context );
-		}
-		if (d.doubleValue() > maxValue) {
-			throw new ValidationException( "Invalid number input must be between " + minValue + " and " + maxValue + ": context=" + context, "Invalid number input must be between " + minValue + " and " + maxValue + ": context=" + context + ", input=" + input, context );
-		}			
-		return d;
-	}
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference.validation;
+
+import java.math.BigDecimal;
+
+import org.owasp.esapi.Encoder;
+import org.owasp.esapi.StringUtilities;
+import org.owasp.esapi.errors.ValidationException;
+
+
+/**
+ * A validator performs syntax and possibly semantic validation of a single
+ * piece of data from an untrusted source.
+ * 
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ * @see org.owasp.esapi.Validator
+ */
+public class NumberValidationRule extends BaseValidationRule {
+	
+	private double minValue = Double.NEGATIVE_INFINITY;
+	private double maxValue = Double.POSITIVE_INFINITY;
+	
+	public NumberValidationRule( String typeName, Encoder encoder ) {
+		super( typeName, encoder );
+	}
+
+	public NumberValidationRule( String typeName, Encoder encoder, double minValue, double maxValue ) {
+		super( typeName, encoder );
+		this.minValue = minValue;
+		this.maxValue = maxValue;
+	}
+
+    /**
+     * {@inheritDoc}
+     */
+	public Double getValid( String context, String input ) throws ValidationException {
+		return safelyParse(context, input);
+	}
+	
+    /**
+     * {@inheritDoc}
+     */
+	@Override
+	public Double sanitize( String context, String input ) {
+		Double toReturn = Double.valueOf(0);
+		try {
+			toReturn = safelyParse(context, input);
+		} catch (ValidationException e) {
+			// do nothing
+		}
+		return toReturn;
+	}
+	//
+	// These statics needed to detect double parsing DOS bug in Java
+	//
+	private static BigDecimal bigBad;
+	private static BigDecimal smallBad;
+
+	static {
+		
+		BigDecimal one = new BigDecimal(1);
+		BigDecimal two = new BigDecimal(2);
+		
+		BigDecimal tiny = one.divide(two.pow(1022));
+		
+		// 2^(-1022) ­ 2^(-1076)
+		bigBad = tiny.subtract(one.divide(two.pow(1076)));
+		//2^(-1022) ­ 2^(-1075)
+		smallBad = tiny.subtract(one.divide(two.pow(1075)));
+	}	
+
+	private Double safelyParse(String context, String input) throws ValidationException {
+
+		// CHECKME should this allow empty Strings? "   " us IsBlank instead?
+	    if ( StringUtilities.isEmpty(input) ) {
+			if (allowNull) {
+				return null;
+			}
+			throw new ValidationException( context + ": Input number required", "Input number required: context=" + context + ", input=" + input, context );
+	    }
+	    
+	    // canonicalize
+	    String canonical = encoder.canonicalize( input );
+
+	    //if MinValue is greater than maxValue then programmer is likely calling this wrong
+		if (minValue > maxValue) {
+			throw new ValidationException( context + ": Invalid number input: context", "Validation parameter error for number: maxValue ( " + maxValue + ") must be greater than minValue ( " + minValue + ") for " + context, context );
+		}
+		
+		//convert to BigDecimal so we can safely parse dangerous numbers to 
+		//check if the number may DOS the double parser
+		BigDecimal bd;
+		try {
+			bd = new BigDecimal(canonical);
+		} catch (NumberFormatException e) {
+			throw new ValidationException( context + ": Invalid number input", "Invalid number input format: context=" + context + ", input=" + input, e, context);
+		}
+		
+		// Thanks to Brian Chess for this suggestion
+		// Check if string input is in the "dangerous" double parsing range
+		if (bd.compareTo(smallBad) >= 0 && bd.compareTo(bigBad) <= 0) {
+			// if you get here you know you're looking at a bad value. The final
+			// value for any double in this range is supposed to be the following safe #			
+			return new Double("2.2250738585072014E-308");
+		}
+		
+		// the number is safe to parseDouble
+		Double d;
+		// validate min and max
+		try {
+			d = Double.valueOf(Double.parseDouble( canonical ));
+		} catch (NumberFormatException e) {
+			throw new ValidationException( context + ": Invalid number input", "Invalid number input format: context=" + context + ", input=" + input, e, context);
+		}
+	
+		if (d.isInfinite()) {
+			throw new ValidationException( "Invalid number input: context=" + context, "Invalid double input is infinite: context=" + context + ", input=" + input, context );
+	}
+		if (d.isNaN()) {
+			throw new ValidationException( "Invalid number input: context=" + context, "Invalid double input is not a number: context=" + context + ", input=" + input, context );
+		}
+		if (d.doubleValue() < minValue) {
+			throw new ValidationException( "Invalid number input must be between " + minValue + " and " + maxValue + ": context=" + context, "Invalid number input must be between " + minValue + " and " + maxValue + ": context=" + context + ", input=" + input, context );
+		}
+		if (d.doubleValue() > maxValue) {
+			throw new ValidationException( "Invalid number input must be between " + minValue + " and " + maxValue + ": context=" + context, "Invalid number input must be between " + minValue + " and " + maxValue + ": context=" + context + ", input=" + input, context );
+		}			
+		return d;
+	}
+}

From 266ccc27bd069a5cb3c742380d9a218f0d447392 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:50 -0500
Subject: [PATCH 172/812] Change CRLF to LF for issue 356.

---
 .../validation/StringValidationRule.java      | 648 +++++++++---------
 1 file changed, 324 insertions(+), 324 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/validation/StringValidationRule.java b/src/main/java/org/owasp/esapi/reference/validation/StringValidationRule.java
index 9024ac525..c48286cf5 100644
--- a/src/main/java/org/owasp/esapi/reference/validation/StringValidationRule.java
+++ b/src/main/java/org/owasp/esapi/reference/validation/StringValidationRule.java
@@ -1,324 +1,324 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference.validation;
-
-import java.util.ArrayList;
-import java.util.List;
-import java.util.regex.Pattern;
-import java.util.regex.PatternSyntaxException;
-
-import org.owasp.esapi.Encoder;
-import org.owasp.esapi.EncoderConstants;
-import org.owasp.esapi.StringUtilities;
-import org.owasp.esapi.errors.ValidationException;
-import org.owasp.esapi.util.NullSafe;
-
-
-/**
- * A validator performs syntax and possibly semantic validation of a single
- * piece of data from an untrusted source.
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- * @see org.owasp.esapi.Validator
- * 
- * http://en.wikipedia.org/wiki/Whitelist
- */
-public class StringValidationRule extends BaseValidationRule {
-
-	protected List<Pattern> whitelistPatterns = new ArrayList<Pattern>();
-	protected List<Pattern> blacklistPatterns = new ArrayList<Pattern>();
-	protected int minLength = 0;
-	protected int maxLength = Integer.MAX_VALUE;
-	protected boolean validateInputAndCanonical = true;
-
-	public StringValidationRule( String typeName ) {
-		super( typeName );
-	}
-
-	public StringValidationRule( String typeName, Encoder encoder ) {
-		super( typeName, encoder );
-	}
-
-	public StringValidationRule( String typeName, Encoder encoder, String whitelistPattern ) {
-		super( typeName, encoder );
-		addWhitelistPattern( whitelistPattern );
-	}
-
-	/**
-	 * @throws IllegalArgumentException if pattern is null
-	 */
-	public void addWhitelistPattern( String pattern ) {
-		if (pattern == null) {
-			throw new IllegalArgumentException("Pattern cannot be null");
-		}
-		try {
-			whitelistPatterns.add( Pattern.compile( pattern ) );
-		} catch( PatternSyntaxException e ) {
-			throw new IllegalArgumentException( "Validation misconfiguration, problem with specified pattern: " + pattern, e );
-		}
-	}
-
-	/**
-	 * @throws IllegalArgumentException if p is null
-	 */
-	public void addWhitelistPattern( Pattern p ) {
-		if (p == null) {
-			throw new IllegalArgumentException("Pattern cannot be null");
-		}
-		whitelistPatterns.add( p );
-	}
-
-	/**
-	 * @throws IllegalArgumentException if pattern is null
-	 */
-	public void addBlacklistPattern( String pattern ) {
-		if (pattern == null) {
-			throw new IllegalArgumentException("Pattern cannot be null");
-		}
-		try {
-			blacklistPatterns.add( Pattern.compile( pattern ) );
-		} catch( PatternSyntaxException e ) {
-			throw new IllegalArgumentException( "Validation misconfiguration, problem with specified pattern: " + pattern, e );
-		}
-	}
-
-	/**
-	 * @throws IllegalArgumentException if p is null
-	 */
-	public void addBlacklistPattern( Pattern p ) {
-		if (p == null) {
-			throw new IllegalArgumentException("Pattern cannot be null");
-		}
-		blacklistPatterns.add( p );
-	}
-
-	public void setMinimumLength( int length ) {
-		minLength = length;
-	}
-
-
-	public void setMaximumLength( int length ) {
-		maxLength = length;
-	}
-
-	/**
-	 * Set the flag which determines whether the in input itself is
-	 * checked as well as the canonical form of the input.
-	 * @param flag The value to set
-	 */
-	public void setValidateInputAndCanonical(boolean flag)
-	{
-		validateInputAndCanonical = flag;
-	}
-
-	/**
-	 * checks input against whitelists.
-	 * @param context The context to include in exception messages
-	 * @param input the input to check
-	 * @param orig A origional input to include in exception
-	 *	messages. This is not included if it is the same as
-	 *	input.
-	 * @return input upon a successful check
-	 * @throws ValidationException if the check fails.
-	 */
-	private String checkWhitelist(String context, String input, String orig) throws ValidationException
-	{
-		// check whitelist patterns
-		for (Pattern p : whitelistPatterns) {
-			if ( !p.matcher(input).matches() ) {
-				throw new ValidationException( context + ": Invalid input. Please conform to regex " + p.pattern() + ( maxLength == Integer.MAX_VALUE ? "" : " with a maximum length of " + maxLength ), "Invalid input: context=" + context + ", type(" + getTypeName() + ")=" + p.pattern() + ", input=" + input + (NullSafe.equals(orig,input) ? "" : ", orig=" + orig), context );
-			}
-		}
-
-		return input;
-	}
-
-	/**
-	 * checks input against whitelists.
-	 * @param context The context to include in exception messages
-	 * @param input the input to check
-	 * @return input upon a successful check
-	 * @throws ValidationException if the check fails.
-	 */
-	private String checkWhitelist(String context, String input) throws ValidationException
-	{
-		return checkWhitelist(context, input, input);
-	}
-
-	/**
-	 * checks input against blacklists.
-	 * @param context The context to include in exception messages
-	 * @param input the input to check
-	 * @param orig A origional input to include in exception
-	 *	messages. This is not included if it is the same as
-	 *	input.
-	 * @return input upon a successful check
-	 * @throws ValidationException if the check fails.
-	 */
-	private String checkBlacklist(String context, String input, String orig) throws ValidationException
-	{
-		// check blacklist patterns
-		for (Pattern p : blacklistPatterns) {
-			if ( p.matcher(input).matches() ) {
-				throw new ValidationException( context + ": Invalid input. Dangerous input matching " + p.pattern() + " detected.", "Dangerous input: context=" + context + ", type(" + getTypeName() + ")=" + p.pattern() + ", input=" + input + (NullSafe.equals(orig,input) ? "" : ", orig=" + orig), context );
-			}
-		}
-
-		return input;
-	}
-
-	/**
-	 * checks input against blacklists.
-	 * @param context The context to include in exception messages
-	 * @param input the input to check
-	 * @return input upon a successful check
-	 * @throws ValidationException if the check fails.
-	 */
-	private String checkBlacklist(String context, String input) throws ValidationException
-	{
-		return checkBlacklist(context, input, input);
-	}
-
-	/**
-	 * checks input lengths
-	 * @param context The context to include in exception messages
-	 * @param input the input to check
-	 * @param orig A origional input to include in exception
-	 *	messages. This is not included if it is the same as
-	 *	input.
-	 * @return input upon a successful check
-	 * @throws ValidationException if the check fails.
-	 */
-	private String checkLength(String context, String input, String orig) throws ValidationException
-	{
-		if (input.length() < minLength) {
-			throw new ValidationException( context + ": Invalid input. The minimum length of " + minLength + " characters was not met.", "Input does not meet the minimum length of " + minLength + " by " + (minLength - input.length()) + " characters: context=" + context + ", type=" + getTypeName() + "), input=" + input + (NullSafe.equals(input,orig) ? "" : ", orig=" + orig), context );
-		}
-
-		if (input.length() > maxLength) {
-			throw new ValidationException( context + ": Invalid input. The maximum length of " + maxLength + " characters was exceeded.", "Input exceeds maximum allowed length of " + maxLength + " by " + (input.length()-maxLength) + " characters: context=" + context + ", type=" + getTypeName() + ", orig=" + orig +", input=" + input, context );
-		}
-
-		return input;
-	}
-
-	/**
-	 * checks input lengths
-	 * @param context The context to include in exception messages
-	 * @param input the input to check
-	 * @return input upon a successful check
-	 * @throws ValidationException if the check fails.
-	 */
-	private String checkLength(String context, String input) throws ValidationException
-	{
-		return checkLength(context, input, input);
-	}
-
-	/**
-	 * checks input emptiness
-	 * @param context The context to include in exception messages
-	 * @param input the input to check
-	 * @param orig A origional input to include in exception
-	 *	messages. This is not included if it is the same as
-	 *	input.
-	 * @return input upon a successful check
-	 * @throws ValidationException if the check fails.
-	 */
-	private String checkEmpty(String context, String input, String orig) throws ValidationException
-	{
-		if(!StringUtilities.isEmpty(input))
-			return input;
-		if(allowNull)
-			return null;
-		throw new ValidationException( context + ": Input required.", "Input required: context=" + context + "), input=" + input + (NullSafe.equals(input,orig) ? "" : ", orig=" + orig), context );
-	}
-
-	/**
-	 * checks input emptiness
-	 * @param context The context to include in exception messages
-	 * @param input the input to check
-	 * @return input upon a successful check
-	 * @throws ValidationException if the check fails.
-	 */
-	private String checkEmpty(String context, String input) throws ValidationException
-	{
-		return checkEmpty(context, input, input);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public String getValid( String context, String input ) throws ValidationException
-	{
-		String data = null;
-
-		// checks on input itself
-
-		// check for empty/null
-		if(checkEmpty(context, input) == null)
-			return null;
-
-		if (validateInputAndCanonical)
-		{
-			//first validate pre-canonicalized data
-			
-			// check length
-			checkLength(context, input);
-
-			// check whitelist patterns
-			checkWhitelist(context, input);
-
-			// check blacklist patterns
-			checkBlacklist(context, input);
-			
-			// canonicalize
-			data = encoder.canonicalize( input );
-			
-		} else {
-			
-			//skip canonicalization
-			data = input;			
-		}
-
-		// check for empty/null
-		if(checkEmpty(context, data, input) == null)
-			return null;
-
-		// check length
-		checkLength(context, data, input);
-
-		// check whitelist patterns
-		checkWhitelist(context, data, input);
-
-		// check blacklist patterns
-		checkBlacklist(context, data, input);
-
-		// validation passed
-		return data;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	@Override
-		public String sanitize( String context, String input ) {
-			return whitelist( input, EncoderConstants.CHAR_ALPHANUMERICS );
-		}
-
-}
-
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference.validation;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.regex.Pattern;
+import java.util.regex.PatternSyntaxException;
+
+import org.owasp.esapi.Encoder;
+import org.owasp.esapi.EncoderConstants;
+import org.owasp.esapi.StringUtilities;
+import org.owasp.esapi.errors.ValidationException;
+import org.owasp.esapi.util.NullSafe;
+
+
+/**
+ * A validator performs syntax and possibly semantic validation of a single
+ * piece of data from an untrusted source.
+ * 
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ * @see org.owasp.esapi.Validator
+ * 
+ * http://en.wikipedia.org/wiki/Whitelist
+ */
+public class StringValidationRule extends BaseValidationRule {
+
+	protected List<Pattern> whitelistPatterns = new ArrayList<Pattern>();
+	protected List<Pattern> blacklistPatterns = new ArrayList<Pattern>();
+	protected int minLength = 0;
+	protected int maxLength = Integer.MAX_VALUE;
+	protected boolean validateInputAndCanonical = true;
+
+	public StringValidationRule( String typeName ) {
+		super( typeName );
+	}
+
+	public StringValidationRule( String typeName, Encoder encoder ) {
+		super( typeName, encoder );
+	}
+
+	public StringValidationRule( String typeName, Encoder encoder, String whitelistPattern ) {
+		super( typeName, encoder );
+		addWhitelistPattern( whitelistPattern );
+	}
+
+	/**
+	 * @throws IllegalArgumentException if pattern is null
+	 */
+	public void addWhitelistPattern( String pattern ) {
+		if (pattern == null) {
+			throw new IllegalArgumentException("Pattern cannot be null");
+		}
+		try {
+			whitelistPatterns.add( Pattern.compile( pattern ) );
+		} catch( PatternSyntaxException e ) {
+			throw new IllegalArgumentException( "Validation misconfiguration, problem with specified pattern: " + pattern, e );
+		}
+	}
+
+	/**
+	 * @throws IllegalArgumentException if p is null
+	 */
+	public void addWhitelistPattern( Pattern p ) {
+		if (p == null) {
+			throw new IllegalArgumentException("Pattern cannot be null");
+		}
+		whitelistPatterns.add( p );
+	}
+
+	/**
+	 * @throws IllegalArgumentException if pattern is null
+	 */
+	public void addBlacklistPattern( String pattern ) {
+		if (pattern == null) {
+			throw new IllegalArgumentException("Pattern cannot be null");
+		}
+		try {
+			blacklistPatterns.add( Pattern.compile( pattern ) );
+		} catch( PatternSyntaxException e ) {
+			throw new IllegalArgumentException( "Validation misconfiguration, problem with specified pattern: " + pattern, e );
+		}
+	}
+
+	/**
+	 * @throws IllegalArgumentException if p is null
+	 */
+	public void addBlacklistPattern( Pattern p ) {
+		if (p == null) {
+			throw new IllegalArgumentException("Pattern cannot be null");
+		}
+		blacklistPatterns.add( p );
+	}
+
+	public void setMinimumLength( int length ) {
+		minLength = length;
+	}
+
+
+	public void setMaximumLength( int length ) {
+		maxLength = length;
+	}
+
+	/**
+	 * Set the flag which determines whether the in input itself is
+	 * checked as well as the canonical form of the input.
+	 * @param flag The value to set
+	 */
+	public void setValidateInputAndCanonical(boolean flag)
+	{
+		validateInputAndCanonical = flag;
+	}
+
+	/**
+	 * checks input against whitelists.
+	 * @param context The context to include in exception messages
+	 * @param input the input to check
+	 * @param orig A origional input to include in exception
+	 *	messages. This is not included if it is the same as
+	 *	input.
+	 * @return input upon a successful check
+	 * @throws ValidationException if the check fails.
+	 */
+	private String checkWhitelist(String context, String input, String orig) throws ValidationException
+	{
+		// check whitelist patterns
+		for (Pattern p : whitelistPatterns) {
+			if ( !p.matcher(input).matches() ) {
+				throw new ValidationException( context + ": Invalid input. Please conform to regex " + p.pattern() + ( maxLength == Integer.MAX_VALUE ? "" : " with a maximum length of " + maxLength ), "Invalid input: context=" + context + ", type(" + getTypeName() + ")=" + p.pattern() + ", input=" + input + (NullSafe.equals(orig,input) ? "" : ", orig=" + orig), context );
+			}
+		}
+
+		return input;
+	}
+
+	/**
+	 * checks input against whitelists.
+	 * @param context The context to include in exception messages
+	 * @param input the input to check
+	 * @return input upon a successful check
+	 * @throws ValidationException if the check fails.
+	 */
+	private String checkWhitelist(String context, String input) throws ValidationException
+	{
+		return checkWhitelist(context, input, input);
+	}
+
+	/**
+	 * checks input against blacklists.
+	 * @param context The context to include in exception messages
+	 * @param input the input to check
+	 * @param orig A origional input to include in exception
+	 *	messages. This is not included if it is the same as
+	 *	input.
+	 * @return input upon a successful check
+	 * @throws ValidationException if the check fails.
+	 */
+	private String checkBlacklist(String context, String input, String orig) throws ValidationException
+	{
+		// check blacklist patterns
+		for (Pattern p : blacklistPatterns) {
+			if ( p.matcher(input).matches() ) {
+				throw new ValidationException( context + ": Invalid input. Dangerous input matching " + p.pattern() + " detected.", "Dangerous input: context=" + context + ", type(" + getTypeName() + ")=" + p.pattern() + ", input=" + input + (NullSafe.equals(orig,input) ? "" : ", orig=" + orig), context );
+			}
+		}
+
+		return input;
+	}
+
+	/**
+	 * checks input against blacklists.
+	 * @param context The context to include in exception messages
+	 * @param input the input to check
+	 * @return input upon a successful check
+	 * @throws ValidationException if the check fails.
+	 */
+	private String checkBlacklist(String context, String input) throws ValidationException
+	{
+		return checkBlacklist(context, input, input);
+	}
+
+	/**
+	 * checks input lengths
+	 * @param context The context to include in exception messages
+	 * @param input the input to check
+	 * @param orig A origional input to include in exception
+	 *	messages. This is not included if it is the same as
+	 *	input.
+	 * @return input upon a successful check
+	 * @throws ValidationException if the check fails.
+	 */
+	private String checkLength(String context, String input, String orig) throws ValidationException
+	{
+		if (input.length() < minLength) {
+			throw new ValidationException( context + ": Invalid input. The minimum length of " + minLength + " characters was not met.", "Input does not meet the minimum length of " + minLength + " by " + (minLength - input.length()) + " characters: context=" + context + ", type=" + getTypeName() + "), input=" + input + (NullSafe.equals(input,orig) ? "" : ", orig=" + orig), context );
+		}
+
+		if (input.length() > maxLength) {
+			throw new ValidationException( context + ": Invalid input. The maximum length of " + maxLength + " characters was exceeded.", "Input exceeds maximum allowed length of " + maxLength + " by " + (input.length()-maxLength) + " characters: context=" + context + ", type=" + getTypeName() + ", orig=" + orig +", input=" + input, context );
+		}
+
+		return input;
+	}
+
+	/**
+	 * checks input lengths
+	 * @param context The context to include in exception messages
+	 * @param input the input to check
+	 * @return input upon a successful check
+	 * @throws ValidationException if the check fails.
+	 */
+	private String checkLength(String context, String input) throws ValidationException
+	{
+		return checkLength(context, input, input);
+	}
+
+	/**
+	 * checks input emptiness
+	 * @param context The context to include in exception messages
+	 * @param input the input to check
+	 * @param orig A origional input to include in exception
+	 *	messages. This is not included if it is the same as
+	 *	input.
+	 * @return input upon a successful check
+	 * @throws ValidationException if the check fails.
+	 */
+	private String checkEmpty(String context, String input, String orig) throws ValidationException
+	{
+		if(!StringUtilities.isEmpty(input))
+			return input;
+		if(allowNull)
+			return null;
+		throw new ValidationException( context + ": Input required.", "Input required: context=" + context + "), input=" + input + (NullSafe.equals(input,orig) ? "" : ", orig=" + orig), context );
+	}
+
+	/**
+	 * checks input emptiness
+	 * @param context The context to include in exception messages
+	 * @param input the input to check
+	 * @return input upon a successful check
+	 * @throws ValidationException if the check fails.
+	 */
+	private String checkEmpty(String context, String input) throws ValidationException
+	{
+		return checkEmpty(context, input, input);
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public String getValid( String context, String input ) throws ValidationException
+	{
+		String data = null;
+
+		// checks on input itself
+
+		// check for empty/null
+		if(checkEmpty(context, input) == null)
+			return null;
+
+		if (validateInputAndCanonical)
+		{
+			//first validate pre-canonicalized data
+			
+			// check length
+			checkLength(context, input);
+
+			// check whitelist patterns
+			checkWhitelist(context, input);
+
+			// check blacklist patterns
+			checkBlacklist(context, input);
+			
+			// canonicalize
+			data = encoder.canonicalize( input );
+			
+		} else {
+			
+			//skip canonicalization
+			data = input;			
+		}
+
+		// check for empty/null
+		if(checkEmpty(context, data, input) == null)
+			return null;
+
+		// check length
+		checkLength(context, data, input);
+
+		// check whitelist patterns
+		checkWhitelist(context, data, input);
+
+		// check blacklist patterns
+		checkBlacklist(context, data, input);
+
+		// validation passed
+		return data;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	@Override
+		public String sanitize( String context, String input ) {
+			return whitelist( input, EncoderConstants.CHAR_ALPHANUMERICS );
+		}
+
+}
+

From b33fa23ad1c43434fe17996f314783f3061c4722 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:50 -0500
Subject: [PATCH 173/812] Change CRLF to LF for issue 356.

---
 src/main/java/org/owasp/esapi/SafeFile.java | 214 ++++++++++----------
 1 file changed, 107 insertions(+), 107 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/SafeFile.java b/src/main/java/org/owasp/esapi/SafeFile.java
index 73643c0b7..6a4f239c5 100644
--- a/src/main/java/org/owasp/esapi/SafeFile.java
+++ b/src/main/java/org/owasp/esapi/SafeFile.java
@@ -1,107 +1,107 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2008 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2008
- */
-package org.owasp.esapi;
-
-import java.io.File;
-import java.net.URI;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
-
-import org.owasp.esapi.errors.ValidationException;
-
-/**
- * Extension to java.io.File to prevent against null byte injections and
- * other unforeseen problems resulting from unprintable characters
- * causing problems in path lookups. This does _not_ prevent against
- * directory traversal attacks.
- */
-public class SafeFile extends File {
-
-	private static final long serialVersionUID = 1L;
-	private static final Pattern PERCENTS_PAT = Pattern.compile("(%)([0-9a-fA-F])([0-9a-fA-F])");	
-	private static final Pattern FILE_BLACKLIST_PAT = Pattern.compile("([\\\\/:*?<>|])");	
-	private static final Pattern DIR_BLACKLIST_PAT = Pattern.compile("([*?<>|])");
-
-	public SafeFile(String path) throws ValidationException {
-		super(path);
-		doDirCheck(this.getParent());
-		doFileCheck(this.getName());
-	}
-
-	public SafeFile(String parent, String child) throws ValidationException {
-		super(parent, child);
-		doDirCheck(this.getParent());
-		doFileCheck(this.getName());
-	}
-
-	public SafeFile(File parent, String child) throws ValidationException {
-		super(parent, child);
-		doDirCheck(this.getParent());
-		doFileCheck(this.getName());
-	}
-
-	public SafeFile(URI uri) throws ValidationException {
-		super(uri);
-		doDirCheck(this.getParent());
-		doFileCheck(this.getName());
-	}
-
-	
-	private void doDirCheck(String path) throws ValidationException {
-		Matcher m1 = DIR_BLACKLIST_PAT.matcher( path );
-		if ( m1.find() ) {
-			throw new ValidationException( "Invalid directory", "Directory path (" + path + ") contains illegal character: " + m1.group() );
-		}
-
-		Matcher m2 = PERCENTS_PAT.matcher( path );
-		if ( m2.find() ) {
-			throw new ValidationException( "Invalid directory", "Directory path (" + path + ") contains encoded characters: " + m2.group() );
-		}
-		
-		int ch = containsUnprintableCharacters(path);
-		if (ch != -1) {
-			throw new ValidationException("Invalid directory", "Directory path (" + path + ") contains unprintable character: " + ch);
-		}
-	}
-	
-	private void doFileCheck(String path) throws ValidationException {
-		Matcher m1 = FILE_BLACKLIST_PAT.matcher( path );
-		if ( m1.find() ) {
-			throw new ValidationException( "Invalid directory", "Directory path (" + path + ") contains illegal character: " + m1.group() );
-		}
-
-		Matcher m2 = PERCENTS_PAT.matcher( path );
-		if ( m2.find() ) {
-			throw new ValidationException( "Invalid file", "File path (" + path + ") contains encoded characters: " + m2.group() );
-		}
-		
-		int ch = containsUnprintableCharacters(path);
-		if (ch != -1) {
-			throw new ValidationException("Invalid file", "File path (" + path + ") contains unprintable character: " + ch);
-		}
-	}
-
-	private int containsUnprintableCharacters(String s) {
-		for (int i = 0; i < s.length(); i++) {
-			char ch = s.charAt(i);
-			if (((int) ch) < 32 || ((int) ch) > 126) {
-				return (int) ch;
-			}
-		}
-		return -1;
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2008 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2008
+ */
+package org.owasp.esapi;
+
+import java.io.File;
+import java.net.URI;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import org.owasp.esapi.errors.ValidationException;
+
+/**
+ * Extension to java.io.File to prevent against null byte injections and
+ * other unforeseen problems resulting from unprintable characters
+ * causing problems in path lookups. This does _not_ prevent against
+ * directory traversal attacks.
+ */
+public class SafeFile extends File {
+
+	private static final long serialVersionUID = 1L;
+	private static final Pattern PERCENTS_PAT = Pattern.compile("(%)([0-9a-fA-F])([0-9a-fA-F])");	
+	private static final Pattern FILE_BLACKLIST_PAT = Pattern.compile("([\\\\/:*?<>|])");	
+	private static final Pattern DIR_BLACKLIST_PAT = Pattern.compile("([*?<>|])");
+
+	public SafeFile(String path) throws ValidationException {
+		super(path);
+		doDirCheck(this.getParent());
+		doFileCheck(this.getName());
+	}
+
+	public SafeFile(String parent, String child) throws ValidationException {
+		super(parent, child);
+		doDirCheck(this.getParent());
+		doFileCheck(this.getName());
+	}
+
+	public SafeFile(File parent, String child) throws ValidationException {
+		super(parent, child);
+		doDirCheck(this.getParent());
+		doFileCheck(this.getName());
+	}
+
+	public SafeFile(URI uri) throws ValidationException {
+		super(uri);
+		doDirCheck(this.getParent());
+		doFileCheck(this.getName());
+	}
+
+	
+	private void doDirCheck(String path) throws ValidationException {
+		Matcher m1 = DIR_BLACKLIST_PAT.matcher( path );
+		if ( m1.find() ) {
+			throw new ValidationException( "Invalid directory", "Directory path (" + path + ") contains illegal character: " + m1.group() );
+		}
+
+		Matcher m2 = PERCENTS_PAT.matcher( path );
+		if ( m2.find() ) {
+			throw new ValidationException( "Invalid directory", "Directory path (" + path + ") contains encoded characters: " + m2.group() );
+		}
+		
+		int ch = containsUnprintableCharacters(path);
+		if (ch != -1) {
+			throw new ValidationException("Invalid directory", "Directory path (" + path + ") contains unprintable character: " + ch);
+		}
+	}
+	
+	private void doFileCheck(String path) throws ValidationException {
+		Matcher m1 = FILE_BLACKLIST_PAT.matcher( path );
+		if ( m1.find() ) {
+			throw new ValidationException( "Invalid directory", "Directory path (" + path + ") contains illegal character: " + m1.group() );
+		}
+
+		Matcher m2 = PERCENTS_PAT.matcher( path );
+		if ( m2.find() ) {
+			throw new ValidationException( "Invalid file", "File path (" + path + ") contains encoded characters: " + m2.group() );
+		}
+		
+		int ch = containsUnprintableCharacters(path);
+		if (ch != -1) {
+			throw new ValidationException("Invalid file", "File path (" + path + ") contains unprintable character: " + ch);
+		}
+	}
+
+	private int containsUnprintableCharacters(String s) {
+		for (int i = 0; i < s.length(); i++) {
+			char ch = s.charAt(i);
+			if (((int) ch) < 32 || ((int) ch) > 126) {
+				return (int) ch;
+			}
+		}
+		return -1;
+	}
+
+}

From d7506788a49ca92927e75883af40817d0b6770ac Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:50 -0500
Subject: [PATCH 174/812] Change CRLF to LF for issue 356.

---
 .../owasp/esapi/SecurityConfiguration.java    | 1592 ++++++++---------
 1 file changed, 796 insertions(+), 796 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/SecurityConfiguration.java b/src/main/java/org/owasp/esapi/SecurityConfiguration.java
index 9d37c2580..4d43d4834 100644
--- a/src/main/java/org/owasp/esapi/SecurityConfiguration.java
+++ b/src/main/java/org/owasp/esapi/SecurityConfiguration.java
@@ -1,796 +1,796 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Mike Fauzy <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi;
-
-import org.owasp.esapi.configuration.EsapiPropertyLoader;
-
-import java.io.File;
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.List;
-import java.util.regex.Pattern;
-
-/**
- * The {@code SecurityConfiguration} interface stores all configuration information
- * that directs the behavior of the ESAPI implementation.
- * <br><br>
- * Protection of this configuration information is critical to the secure
- * operation of the application using the ESAPI. You should use operating system
- * access controls to limit access to wherever the configuration information is
- * stored.
- * <br><br>
- * Please note that adding another layer of encryption does not make the
- * attackers job much more difficult. Somewhere there must be a master "secret"
- * that is stored unencrypted on the application platform (unless you are
- * willing to prompt for some passphrase when you application starts or insert
- * a USB thumb drive or an HSM card, etc., in which case this master "secret"
- * it would only be in memory). Creating another layer of indirection provides
- * additional obfuscation, but doesn't provide any real additional security.
- * It's up to the reference implementation to decide whether this file should
- * be encrypted or not.
- * <br><br>
- * The ESAPI reference implementation (DefaultSecurityConfiguration.java) does
- * <i>not</i> encrypt its properties file.
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- */
-public interface SecurityConfiguration extends EsapiPropertyLoader {
-
-	/**
-	 * Gets the application name, used for logging
-	 * 
-	 * @return the name of the current application
-     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public String getApplicationName();
-	
-	/**
-	 * Returns the fully qualified classname of the ESAPI Logging implementation.
-     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public String getLogImplementation();
-	
-	/**
-	 * Returns the fully qualified classname of the ESAPI Authentication implementation.
-     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public String getAuthenticationImplementation();
-	
-	/**
-	 * Returns the fully qualified classname of the ESAPI Encoder implementation.
-     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public String getEncoderImplementation();
-	
-	/**
-	 * Returns the fully qualified classname of the ESAPI Access Control implementation.
-     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public String getAccessControlImplementation();
-	
-	/**
-	 * Returns the fully qualified classname of the ESAPI Intrusion Detection implementation.
-     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public String getIntrusionDetectionImplementation();
-	
-	/**
-	 * Returns the fully qualified classname of the ESAPI Randomizer implementation.
-     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public String getRandomizerImplementation();
-	
-	/**
-	 * Returns the fully qualified classname of the ESAPI Encryption implementation.
-     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public String getEncryptionImplementation();
-	
-	/**
-	 * Returns the fully qualified classname of the ESAPI Validation implementation.
-     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public String getValidationImplementation();
-	
-	/**
-	 * Returns the validation pattern for a particular type
-	 * @param typeName
-	 * @return the validation pattern
-	 */
-    public Pattern getValidationPattern( String typeName );
-    
-    /**
-     * Determines whether ESAPI will accept "lenient" dates when attempt
-     * to parse dates. Controlled by ESAPI property
-     * {@code Validator.AcceptLenientDates}, which defaults to {@code false}
-     * if unset.
-     * 
-     * @return True if lenient dates are accepted; false otherwise.
-     * @see java.text.DateFormat#setLenient(boolean)
-     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
-     */
-	@Deprecated
-    public boolean getLenientDatesAccepted();
-	
-	/**
-	 * Returns the fully qualified classname of the ESAPI OS Execution implementation.
-     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public String getExecutorImplementation();
-	
-	/**
-	 * Returns the fully qualified classname of the ESAPI HTTPUtilities implementation.
-     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public String getHTTPUtilitiesImplementation();
-	
-	/**
-	 * Gets the master key. This password is used to encrypt/decrypt other files or types
-	 * of data that need to be protected by your application.
-	 * 
-	 * @return the current master key
-     * @deprecated Use SecurityConfiguration.getByteArrayProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public byte[] getMasterKey();
-
-	/**
-     * Retrieves the upload directory as specified in the ESAPI.properties file.
-     * @return the upload directory
-     */
-    public File getUploadDirectory();
-	
-    /**
-     * Retrieves the temp directory to use when uploading files, as specified in ESAPI.properties.
-     * @return the temp directory
-     */
-    public File getUploadTempDirectory();
-
-	/**
-	 * Gets the key length to use in cryptographic operations declared in the ESAPI properties file.
-	 * 
-	 * @return the key length.
-     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-    public int getEncryptionKeyLength();
-    
-	/**
-	 * Gets the master salt that is used to salt stored password hashes and any other location 
-	 * where a salt is needed.
-	 * 
-	 * @return the current master salt
-     * @deprecated Use SecurityConfiguration.getByteArrayProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public byte[] getMasterSalt();
-
-	/**
-	 * Gets the allowed executables to run with the Executor.
-	 * 
-	 * @return a list of the current allowed file extensions
-	 */
-	public List<String> getAllowedExecutables();
-
-	/**
-	 * Gets the allowed file extensions for files that are uploaded to this application.
-	 * 
-	 * @return a list of the current allowed file extensions
-	 */
-	public List<String> getAllowedFileExtensions();
-
-	/**
-	 * Gets the maximum allowed file upload size.
-	 * 
-	 * @return the current allowed file upload size
-     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public int getAllowedFileUploadSize();
-
-	/**
-	 * Gets the name of the password parameter used during user authentication.
-	 * 
-	 * @return the name of the password parameter
-     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public String getPasswordParameterName();
-
-	/**
-	 * Gets the name of the username parameter used during user authentication.
-	 * 
-	 * @return the name of the username parameter
-     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public String getUsernameParameterName();
-
-	/**
-	 * Gets the encryption algorithm used by ESAPI to protect data. This is
-	 * mostly used for compatibility with ESAPI 1.4; ESAPI 2.0 prefers to
-	 * use "cipher transformation" since it supports multiple cipher modes
-	 * and padding schemes.
-	 * 
-	 * @return the current encryption algorithm
-     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public String getEncryptionAlgorithm();
-
-	/**
-	 * Retrieve the <i>cipher transformation</i>. In general, the cipher transformation
-	 * is a specification of cipher algorithm, cipher mode, and padding scheme
-	 * and in general, is a {@code String} that takes the following form:
-	 * <pre>
-	 * 		<i>cipher_alg</i>/<i>cipher_mode[bits]</i>/<i>padding_scheme</i>
-	 * </pre>
-	 * where <i>cipher_alg</i> is the JCE cipher algorithm (e.g., "DESede"),
-	 * <i>cipher_mode</i> is the cipher mode (e.g., "CBC", "CFB", "CTR", etc.),
-	 * and <i>padding_scheme</i> is the cipher padding scheme (e.g., "NONE" for
-	 * no padding, "PKCS5Padding" for PKCS#5 padding, etc.) and where
-	 * <i>[bits]</i> is an optional bit size that applies to certain cipher
-	 * modes such as {@code CFB} and {@code OFB}. Using modes such as CFB and
-	 * OFB, block ciphers can encrypt data in units smaller than the cipher's
-	 * actual block size. When requesting such a mode, you may optionally
-	 * specify the number of bits to be processed at a time. This generally must
-	 * be an integral multiple of 8-bits so that it can specify a whole number
-	 * of octets. 
-	 * </p><p>
-	 * Examples are:
-	 * <pre>
-	 * 		"AES/ECB/NoPadding"		// Default for ESAPI Java 1.4 (insecure)
-	 * 		"AES/CBC/PKCS5Padding"	// Default for ESAPI Java 2.0
-	 * 		"DESede/OFB32/PKCS5Padding"
-	 * </pre>
-	 * <b>NOTE:</b> Occasionally, in cryptographic literature, you may also
-	 * see the key size (in bits) specified after the cipher algorithm in the
-	 * cipher transformation. Generally, this is done to account for cipher
-	 * algorithms that have variable key sizes. The Blowfish cipher for example
-	 * supports key sizes from 32 to 448 bits. So for Blowfish, you might see
-	 * a cipher transformation something like this:
-	 * <pre>
-	 * 		"Blowfish-192/CFB8/PKCS5Padding"
-	 * </pre>
-	 * in the cryptographic literature. It should be noted that the Java
-	 * Cryptography Extensions (JCE) do not generally support this (at least
-	 * not the reference JCE implementation of "SunJCE"), and therefore it
-	 * should be avoided.
-	 * @return	The cipher transformation.
-     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-    public String getCipherTransformation();
-    
-    /**
-     * Set the cipher transformation. This allows a different cipher transformation
-     * to be used without changing the {@code ESAPI.properties} file. For instance
-     * you may normally want to use AES/CBC/PKCS5Padding, but have some legacy
-     * encryption where you have ciphertext that was encrypted using 3DES.
-     * 
-     * @param cipherXform	The new cipher transformation. See
-     * 						{@link #getCipherTransformation} for format. If
-     * 						{@code null} is passed as the parameter, the cipher
-     * 						transformation will be set to the the default taken
-     * 						from the property {@code Encryptor.CipherTransformation}
-     * 						in the {@code ESAPI.properties} file. <b>BEWARE:</b>
-     * 						there is <b>NO</b> sanity checking here (other than
-     * 						the empty string, and then, only if Java assertions are
-     * 						enabled), so if you set this wrong, you will not get
-     * 						any errors until you later try to use it to encrypt
-     * 						or decrypt data.
-     * @return	The previous cipher transformation is returned for convenience,
-     * 			with the assumption that you may wish to restore it once you have
-     * 			completed the encryption / decryption with the new cipher
-     * 			transformation.
-     * @deprecated To be replaced by new class in ESAPI 2.1, but here if you need it
-     *          until then. Details of replacement forthcoming to ESAPI-Dev
-     *          list. Most likely to be replaced by a new public CTOR for
-     *          JavaEncryptor that takes a list of properties to override.
-     */
-    @Deprecated
-    public String setCipherTransformation(String cipherXform);
-
-    /**
-     * Retrieve the <i>preferred</i> JCE provider for ESAPI and your application.
-     * ESAPI 2.0 now allows setting the property
-     * {@code Encryptor.PreferredJCEProvider} in the
-     * {@code ESAPI.properties} file, which will cause the specified JCE
-     * provider to be automatically and dynamically loaded (assuming that
-     * {@code SecurityManager} permissions allow) as the Ii>preferred</i>
-     * JCE provider. (Note this only happens if the JCE provider is not already
-     * loaded.) This method returns the property {@code Encryptor.PreferredJCEProvider}.
-     * </p<p>
-     * By default, this {@code Encryptor.PreferredJCEProvider} property is set
-     * to an empty string, which means that the preferred JCE provider is not
-     * changed.
-     * @return The property {@code Encryptor.PreferredJCEProvider} is returned.
-     * @see org.owasp.esapi.crypto.SecurityProviderLoader
-     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
-     */
-	@Deprecated
-    public String getPreferredJCEProvider();
-    
-// TODO - DISCUSS: Where should this web page (below) go? Maybe with the Javadoc? But where?
-//				   Think it makes more sense as part of the release notes, but OTOH, I
-//				   really don't want to rewrite this as a Wiki page either.
-    /**
-     * Determines whether the {@code CipherText} should be used with a Message
-     * Authentication Code (MAC). Generally this makes for a more robust cryptographic
-     * scheme, but there are some minor performance implications. Controlled by
-     * the ESAPI property <i>Encryptor.CipherText.useMAC</i>.
-     * </p><p>
-     * For further details, see the "Advanced Usage" section of
-     * <a href="http://www.owasp.org/ESAPI_2.0_ReleaseNotes_CryptoChanges.html">
-     * "Why Is OWASP Changing ESAPI Encryption?"</a>.
-     * </p>
-     * @return	{@code true} if a you want a MAC to be used, otherwise {@code false}.
-     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
-     */
-	@Deprecated
-    public boolean useMACforCipherText();
-
-    /**
-     * Indicates whether the {@code PlainText} objects may be overwritten after
-     * they have been encrypted. Generally this is a good idea, especially if
-     * your VM is shared by multiple applications (e.g., multiple applications
-     * running in the same J2EE container) or if there is a possibility that
-     * your VM may leave a core dump (say because it is running non-native
-     * Java code.
-     * <p>
-     * Controlled by the property {@code Encryptor.PlainText.overwrite} in
-     * the {@code ESAPI.properties} file.
-     * </p>
-     * @return	True if it is OK to overwrite the {@code PlainText} objects
-     *			after encrypting, false otherwise.
-     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
-     */
-	@Deprecated
-    public boolean overwritePlainText();
-    
-    /**
-     * Get a string indicating how to compute an Initialization Vector (IV).
-     * Currently supported modes are "random" to generate a random IV or
-     * "fixed" to use a fixed (static) IV. If a "fixed" IV is chosen, then the
-     * the value of this fixed IV must be specified as the property
-     * {@code Encryptor.fixedIV} and be of the appropriate length.
-     * 
-     * @return A string specifying the IV type. Should be "random" or "fixed".
-     * 
-     * @see #getFixedIV()
-     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
-     */
-	@Deprecated
-    public String getIVType();
-    
-    /**
-     * If a "fixed" (i.e., static) Initialization Vector (IV) is to be used,
-     * this will return the IV value as a hex-encoded string.
-     * @return The fixed IV as a hex-encoded string.
-     * @deprecated Short term: use SecurityConfiguration.getByteArrayProp("appropriate_esapi_prop_name")
-     *             instead. Longer term: There will be a more general method in JavaEncryptor
-     *             to explicitly set an IV. This whole concept of a single fixed IV has
-     *             always been a kludge at best, as a concession to those who have used
-     *             a single fixed IV in the past. It's time to put it to death
-     *             as it was never intended for production in the first place.
-     */
-	@Deprecated
-    public String getFixedIV();
-    
-    /**
-     * Return a {@code List} of strings of combined cipher modes that support
-     * <b>both</b> confidentiality and authenticity. These would be preferred
-     * cipher modes to use if your JCE provider supports them. If such a
-     * cipher mode is used, no explicit <i>separate</i> MAC is calculated as part of
-     * the {@code CipherText} object upon encryption nor is any attempt made
-     * to verify the same on decryption.
-     * </p><p>
-     * The list is taken from the comma-separated list of cipher modes specified
-     * by the ESAPI property
-     * {@code Encryptor.cipher_modes.combined_modes}.
-     * 
-     * @return The parsed list of comma-separated cipher modes if the property
-     * was specified in {@code ESAPI.properties}; otherwise the empty list is
-     * returned.
-     */
-    public List<String> getCombinedCipherModes();
-
-    /**
-     * Return {@code List} of strings of additional cipher modes that are
-     * permitted (i.e., in <i>addition<i> to those returned by
-     * {@link #getCombinedCipherModes()}) to be used for encryption and
-     * decryption operations.
-     * </p><p>
-     * The list is taken from the comma-separated list of cipher modes specified
-     * by the ESAPI property
-     * {@code Encryptor.cipher_modes.additional_allowed}.
-     * 
-     * @return The parsed list of comma-separated cipher modes if the property
-     * was specified in {@code ESAPI.properties}; otherwise the empty list is
-     * returned.
-     *
-     * @see #getCombinedCipherModes()
-     */
-    public List<String> getAdditionalAllowedCipherModes();
-
-	/**
-	 * Gets the hashing algorithm used by ESAPI to hash data.
-	 * 
-	 * @return the current hashing algorithm
-     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public String getHashAlgorithm();
-
-	/**
-	 * Gets the hash iterations used by ESAPI to hash data.
-	 * 
-	 * @return the current hashing algorithm
-     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public int getHashIterations();
-
-	/**
-	 * Retrieve the Pseudo Random Function (PRF) used by the ESAPI
-	 * Key Derivation Function (KDF).
-	 * 
-	 * @return	The KDF PRF algorithm name.
-     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public String getKDFPseudoRandomFunction();
-	
-	/**
-	 * Gets the character encoding scheme supported by this application. This is used to set the
-	 * character encoding scheme on requests and responses when setCharacterEncoding() is called
-	 * on SafeRequests and SafeResponses. This scheme is also used for encoding/decoding URLs 
-	 * and any other place where the current encoding scheme needs to be known.
-	 * <br><br>
-	 * Note: This does not get the configured response content type. That is accessed by calling 
-	 * getResponseContentType().
-	 * 
-	 * @return the current character encoding scheme
-     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public String getCharacterEncoding();
-
-	/**
-	 * Return true if multiple encoding is allowed
-	 *
-	 * @return whether multiple encoding is allowed when canonicalizing data
-     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public boolean getAllowMultipleEncoding();
-
-	/**
-	 * Return true if mixed encoding is allowed
-	 *
-	 * @return whether mixed encoding is allowed when canonicalizing data
-     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public boolean getAllowMixedEncoding();
-
-	/**
-	 * Returns the List of Codecs to use when canonicalizing data
-	 * 
-	 * @return the codec list
-	 */
-	public List<String> getDefaultCanonicalizationCodecs();
-
-	/**
-	 * Gets the digital signature algorithm used by ESAPI to generate and verify signatures.
-	 * 
-	 * @return the current digital signature algorithm
-     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public String getDigitalSignatureAlgorithm();
-
-	/**
-	 * Gets the digital signature key length used by ESAPI to generate and verify signatures.
-	 * 
-	 * @return the current digital signature key length
-     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public int getDigitalSignatureKeyLength();
-		   
-	/**
-	 * Gets the random number generation algorithm used to generate random numbers where needed.
-	 * 
-	 * @return the current random number generation algorithm
-     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public String getRandomAlgorithm();
-
-	/**
-	 * Gets the number of login attempts allowed before the user's account is locked. If this 
-	 * many failures are detected within the alloted time period, the user's account will be locked.
-	 * 
-	 * @return the number of failed login attempts that cause an account to be locked
-     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public int getAllowedLoginAttempts();
-
-	/**
-	 * Gets the maximum number of old password hashes that should be retained. These hashes can 
-	 * be used to ensure that the user doesn't reuse the specified number of previous passwords
-	 * when they change their password.
-	 * 
-	 * @return the number of old hashed passwords to retain
-     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public int getMaxOldPasswordHashes();
-
-	/**
-	 * Allows for complete disabling of all intrusion detection mechanisms
-	 * 
-	 * @return true if intrusion detection should be disabled
-     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public boolean getDisableIntrusionDetection();
-	
-	/**
-	 * Gets the intrusion detection quota for the specified event.
-	 * 
-	 * @param eventName the name of the event whose quota is desired
-	 * 
-	 * @return the Quota that has been configured for the specified type of event
-	 */
-	public Threshold getQuota(String eventName);
-
-	/**
-	 * Gets a file from the resource directory
-     *
-     * @param filename The file name resource.
-     * @return A {@code File} object representing the specified file name or null if not found.
-     */
-    public File getResourceFile( String filename );
-    
-	/**
-	 * Returns true if session cookies are required to have HttpOnly flag set.
-     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
-     */
-	@Deprecated
-    public boolean getForceHttpOnlySession() ;
-
-	/**
-	 * Returns true if session cookies are required to have Secure flag set.
-     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
-     */
-	@Deprecated
-    public boolean getForceSecureSession() ;
-
-	/**
-	 * Returns true if new cookies are required to have HttpOnly flag set.
-     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
-     */
-	@Deprecated
-    public boolean getForceHttpOnlyCookies() ;
-
-	/**
-	 * Returns true if new cookies are required to have Secure flag set.
-     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
-     */
-	@Deprecated
-    public boolean getForceSecureCookies() ;
-
-	/**
-	 * Returns the maximum allowable HTTP header size.
-     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public int getMaxHttpHeaderSize() ;
-
-	/**
-	 * Gets an InputStream to a file in the resource directory
-     *
-     * @param filename A file name in the resource directory.
-     * @return An {@code InputStream} to the specified file name in the resource directory.
-     * @throws IOException If the specified file name cannot be found or opened for reading.
-     */
-    public InputStream getResourceStream( String filename ) throws IOException;
-
-    	
-	/**
-	 * Sets the ESAPI resource directory.
-	 * 
-	 * @param dir The location of the resource directory.
-	 */
-	public void setResourceDirectory(String dir);
-	
-	/**
-	 * Gets the content type for responses used when setSafeContentType() is called.
-	 * <br><br>
-	 * Note: This does not get the configured character encoding scheme. That is accessed by calling 
-	 * getCharacterEncoding().
-	 * 
-	 * @return The current content-type set for responses.
-     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public String getResponseContentType();
-
-	/**
-	 * This method returns the configured name of the session identifier, 
-	 * likely "JSESSIONID" though this can be overridden.
-	 * 
-	 * @return The name of the session identifier, like "JSESSIONID"
-     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public String getHttpSessionIdName();
-	
-	/**
-	 * Gets the length of the time to live window for remember me tokens (in milliseconds).
-	 * 
-	 * @return The time to live length for generated "remember me" tokens.
-	 */
-    // OPEN ISSUE: Can we replace w/ SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead?
-	public long getRememberTokenDuration();
-
-	
-	/**
-	 * Gets the idle timeout length for sessions (in milliseconds). This is the amount of time that a session
-	 * can live before it expires due to lack of activity. Applications or frameworks could provide a reauthenticate
-	 * function that enables a session to continue after reauthentication.
-	 * 
-	 * @return The session idle timeout length.
-     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public int getSessionIdleTimeoutLength();
-	
-	/**
-	 * Gets the absolute timeout length for sessions (in milliseconds). This is the amount of time that a session
-	 * can live before it expires regardless of the amount of user activity. Applications or frameworks could 
-	 * provide a reauthenticate function that enables a session to continue after reauthentication.
-	 * 
-	 * @return The session absolute timeout length.
-     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public int getSessionAbsoluteTimeoutLength();
-	
-	
-	/**
-	 * Returns whether HTML entity encoding should be applied to log entries.
-	 * 
-	 * @return True if log entries are to be HTML Entity encoded. False otherwise.
-     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public boolean getLogEncodingRequired();
-	
-	/**
-	 * Returns whether ESAPI should log the application name. This might be clutter in some
-	 * single-server/single-app environments.
-	 * 
-	 * @return True if ESAPI should log the application name, False otherwise
-     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public boolean getLogApplicationName();
-
-	/**
-	 * Returns whether ESAPI should log the server IP. This might be clutter in some
-	 * single-server environments.
-	 * 
-	 * @return True if ESAPI should log the server IP and port, False otherwise
-     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public boolean getLogServerIP();
-
-	/**
-	 * Returns the current log level.
-	 * @return	An integer representing the current log level.
-     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-    public int getLogLevel();
-	
-    /**
-     * Get the name of the log file specified in the ESAPI configuration properties file. Return a default value 
-     * if it is not specified.
-     * 
-     * @return the log file name defined in the properties file.
-     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
-     */
-	@Deprecated
-    public String getLogFileName();
-
-    /**
-     * Get the maximum size of a single log file from the ESAPI configuration properties file. Return a default value 
-     * if it is not specified. Once the log hits this file size, it will roll over into a new log.
-     * 
-     * @return the maximum size of a single log file (in bytes).
-     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
-     */
-	@Deprecated
-    public int getMaxLogFileSize();
-
-	/**
-	 * Models a simple threshold as a count and an interval, along with a set of actions to take if 
-	 * the threshold is exceeded. These thresholds are used to define when the accumulation of a particular event
-	 * has met a set number within the specified time period. Once a threshold value has been met, various
-	 * actions can be taken at that point.
-	 */
-	public static class Threshold {
-		
-		/** The name of this threshold. */
-		public String name = null;
-		
-		/** The count at which this threshold is triggered. */
-		public int count = 0;
-		
-		/** 
-		 * The time frame within which 'count' number of actions has to be detected in order to
-		 * trigger this threshold.
-		 */
-		public long interval = 0;
-		
-		/**
-		 * The list of actions to take if the threshold is met. It is expected that this is a list of Strings, but 
-		 * your implementation could have this be a list of any type of 'actions' you wish to define. 
-		 */
-		public List<String> actions = null;
-
-		/**
-		 * Constructs a threshold that is composed of its name, its threshold count, the time window for
-		 * the threshold, and the actions to take if the threshold is triggered.
-		 * 
-		 * @param name The name of this threshold.
-		 * @param count The count at which this threshold is triggered.
-		 * @param interval The time frame within which 'count' number of actions has to be detected in order to
-		 * trigger this threshold.
-		 * @param actions The list of actions to take if the threshold is met.
-		 */
-		public Threshold(String name, int count, long interval, List<String> actions) {
-			this.name = name;
-			this.count = count;
-			this.interval = interval;
-			this.actions = actions;
-		}
-	}
-
-	/**
-	 * Returns the default working directory for executing native processes with Runtime.exec().
-	 */
-	public File getWorkingDirectory();
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Mike Fauzy <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi;
+
+import org.owasp.esapi.configuration.EsapiPropertyLoader;
+
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.List;
+import java.util.regex.Pattern;
+
+/**
+ * The {@code SecurityConfiguration} interface stores all configuration information
+ * that directs the behavior of the ESAPI implementation.
+ * <br><br>
+ * Protection of this configuration information is critical to the secure
+ * operation of the application using the ESAPI. You should use operating system
+ * access controls to limit access to wherever the configuration information is
+ * stored.
+ * <br><br>
+ * Please note that adding another layer of encryption does not make the
+ * attackers job much more difficult. Somewhere there must be a master "secret"
+ * that is stored unencrypted on the application platform (unless you are
+ * willing to prompt for some passphrase when you application starts or insert
+ * a USB thumb drive or an HSM card, etc., in which case this master "secret"
+ * it would only be in memory). Creating another layer of indirection provides
+ * additional obfuscation, but doesn't provide any real additional security.
+ * It's up to the reference implementation to decide whether this file should
+ * be encrypted or not.
+ * <br><br>
+ * The ESAPI reference implementation (DefaultSecurityConfiguration.java) does
+ * <i>not</i> encrypt its properties file.
+ * 
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ */
+public interface SecurityConfiguration extends EsapiPropertyLoader {
+
+	/**
+	 * Gets the application name, used for logging
+	 * 
+	 * @return the name of the current application
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public String getApplicationName();
+	
+	/**
+	 * Returns the fully qualified classname of the ESAPI Logging implementation.
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public String getLogImplementation();
+	
+	/**
+	 * Returns the fully qualified classname of the ESAPI Authentication implementation.
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public String getAuthenticationImplementation();
+	
+	/**
+	 * Returns the fully qualified classname of the ESAPI Encoder implementation.
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public String getEncoderImplementation();
+	
+	/**
+	 * Returns the fully qualified classname of the ESAPI Access Control implementation.
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public String getAccessControlImplementation();
+	
+	/**
+	 * Returns the fully qualified classname of the ESAPI Intrusion Detection implementation.
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public String getIntrusionDetectionImplementation();
+	
+	/**
+	 * Returns the fully qualified classname of the ESAPI Randomizer implementation.
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public String getRandomizerImplementation();
+	
+	/**
+	 * Returns the fully qualified classname of the ESAPI Encryption implementation.
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public String getEncryptionImplementation();
+	
+	/**
+	 * Returns the fully qualified classname of the ESAPI Validation implementation.
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public String getValidationImplementation();
+	
+	/**
+	 * Returns the validation pattern for a particular type
+	 * @param typeName
+	 * @return the validation pattern
+	 */
+    public Pattern getValidationPattern( String typeName );
+    
+    /**
+     * Determines whether ESAPI will accept "lenient" dates when attempt
+     * to parse dates. Controlled by ESAPI property
+     * {@code Validator.AcceptLenientDates}, which defaults to {@code false}
+     * if unset.
+     * 
+     * @return True if lenient dates are accepted; false otherwise.
+     * @see java.text.DateFormat#setLenient(boolean)
+     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
+     */
+	@Deprecated
+    public boolean getLenientDatesAccepted();
+	
+	/**
+	 * Returns the fully qualified classname of the ESAPI OS Execution implementation.
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public String getExecutorImplementation();
+	
+	/**
+	 * Returns the fully qualified classname of the ESAPI HTTPUtilities implementation.
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public String getHTTPUtilitiesImplementation();
+	
+	/**
+	 * Gets the master key. This password is used to encrypt/decrypt other files or types
+	 * of data that need to be protected by your application.
+	 * 
+	 * @return the current master key
+     * @deprecated Use SecurityConfiguration.getByteArrayProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public byte[] getMasterKey();
+
+	/**
+     * Retrieves the upload directory as specified in the ESAPI.properties file.
+     * @return the upload directory
+     */
+    public File getUploadDirectory();
+	
+    /**
+     * Retrieves the temp directory to use when uploading files, as specified in ESAPI.properties.
+     * @return the temp directory
+     */
+    public File getUploadTempDirectory();
+
+	/**
+	 * Gets the key length to use in cryptographic operations declared in the ESAPI properties file.
+	 * 
+	 * @return the key length.
+     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+    public int getEncryptionKeyLength();
+    
+	/**
+	 * Gets the master salt that is used to salt stored password hashes and any other location 
+	 * where a salt is needed.
+	 * 
+	 * @return the current master salt
+     * @deprecated Use SecurityConfiguration.getByteArrayProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public byte[] getMasterSalt();
+
+	/**
+	 * Gets the allowed executables to run with the Executor.
+	 * 
+	 * @return a list of the current allowed file extensions
+	 */
+	public List<String> getAllowedExecutables();
+
+	/**
+	 * Gets the allowed file extensions for files that are uploaded to this application.
+	 * 
+	 * @return a list of the current allowed file extensions
+	 */
+	public List<String> getAllowedFileExtensions();
+
+	/**
+	 * Gets the maximum allowed file upload size.
+	 * 
+	 * @return the current allowed file upload size
+     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public int getAllowedFileUploadSize();
+
+	/**
+	 * Gets the name of the password parameter used during user authentication.
+	 * 
+	 * @return the name of the password parameter
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public String getPasswordParameterName();
+
+	/**
+	 * Gets the name of the username parameter used during user authentication.
+	 * 
+	 * @return the name of the username parameter
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public String getUsernameParameterName();
+
+	/**
+	 * Gets the encryption algorithm used by ESAPI to protect data. This is
+	 * mostly used for compatibility with ESAPI 1.4; ESAPI 2.0 prefers to
+	 * use "cipher transformation" since it supports multiple cipher modes
+	 * and padding schemes.
+	 * 
+	 * @return the current encryption algorithm
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public String getEncryptionAlgorithm();
+
+	/**
+	 * Retrieve the <i>cipher transformation</i>. In general, the cipher transformation
+	 * is a specification of cipher algorithm, cipher mode, and padding scheme
+	 * and in general, is a {@code String} that takes the following form:
+	 * <pre>
+	 * 		<i>cipher_alg</i>/<i>cipher_mode[bits]</i>/<i>padding_scheme</i>
+	 * </pre>
+	 * where <i>cipher_alg</i> is the JCE cipher algorithm (e.g., "DESede"),
+	 * <i>cipher_mode</i> is the cipher mode (e.g., "CBC", "CFB", "CTR", etc.),
+	 * and <i>padding_scheme</i> is the cipher padding scheme (e.g., "NONE" for
+	 * no padding, "PKCS5Padding" for PKCS#5 padding, etc.) and where
+	 * <i>[bits]</i> is an optional bit size that applies to certain cipher
+	 * modes such as {@code CFB} and {@code OFB}. Using modes such as CFB and
+	 * OFB, block ciphers can encrypt data in units smaller than the cipher's
+	 * actual block size. When requesting such a mode, you may optionally
+	 * specify the number of bits to be processed at a time. This generally must
+	 * be an integral multiple of 8-bits so that it can specify a whole number
+	 * of octets. 
+	 * </p><p>
+	 * Examples are:
+	 * <pre>
+	 * 		"AES/ECB/NoPadding"		// Default for ESAPI Java 1.4 (insecure)
+	 * 		"AES/CBC/PKCS5Padding"	// Default for ESAPI Java 2.0
+	 * 		"DESede/OFB32/PKCS5Padding"
+	 * </pre>
+	 * <b>NOTE:</b> Occasionally, in cryptographic literature, you may also
+	 * see the key size (in bits) specified after the cipher algorithm in the
+	 * cipher transformation. Generally, this is done to account for cipher
+	 * algorithms that have variable key sizes. The Blowfish cipher for example
+	 * supports key sizes from 32 to 448 bits. So for Blowfish, you might see
+	 * a cipher transformation something like this:
+	 * <pre>
+	 * 		"Blowfish-192/CFB8/PKCS5Padding"
+	 * </pre>
+	 * in the cryptographic literature. It should be noted that the Java
+	 * Cryptography Extensions (JCE) do not generally support this (at least
+	 * not the reference JCE implementation of "SunJCE"), and therefore it
+	 * should be avoided.
+	 * @return	The cipher transformation.
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+    public String getCipherTransformation();
+    
+    /**
+     * Set the cipher transformation. This allows a different cipher transformation
+     * to be used without changing the {@code ESAPI.properties} file. For instance
+     * you may normally want to use AES/CBC/PKCS5Padding, but have some legacy
+     * encryption where you have ciphertext that was encrypted using 3DES.
+     * 
+     * @param cipherXform	The new cipher transformation. See
+     * 						{@link #getCipherTransformation} for format. If
+     * 						{@code null} is passed as the parameter, the cipher
+     * 						transformation will be set to the the default taken
+     * 						from the property {@code Encryptor.CipherTransformation}
+     * 						in the {@code ESAPI.properties} file. <b>BEWARE:</b>
+     * 						there is <b>NO</b> sanity checking here (other than
+     * 						the empty string, and then, only if Java assertions are
+     * 						enabled), so if you set this wrong, you will not get
+     * 						any errors until you later try to use it to encrypt
+     * 						or decrypt data.
+     * @return	The previous cipher transformation is returned for convenience,
+     * 			with the assumption that you may wish to restore it once you have
+     * 			completed the encryption / decryption with the new cipher
+     * 			transformation.
+     * @deprecated To be replaced by new class in ESAPI 2.1, but here if you need it
+     *          until then. Details of replacement forthcoming to ESAPI-Dev
+     *          list. Most likely to be replaced by a new public CTOR for
+     *          JavaEncryptor that takes a list of properties to override.
+     */
+    @Deprecated
+    public String setCipherTransformation(String cipherXform);
+
+    /**
+     * Retrieve the <i>preferred</i> JCE provider for ESAPI and your application.
+     * ESAPI 2.0 now allows setting the property
+     * {@code Encryptor.PreferredJCEProvider} in the
+     * {@code ESAPI.properties} file, which will cause the specified JCE
+     * provider to be automatically and dynamically loaded (assuming that
+     * {@code SecurityManager} permissions allow) as the Ii>preferred</i>
+     * JCE provider. (Note this only happens if the JCE provider is not already
+     * loaded.) This method returns the property {@code Encryptor.PreferredJCEProvider}.
+     * </p<p>
+     * By default, this {@code Encryptor.PreferredJCEProvider} property is set
+     * to an empty string, which means that the preferred JCE provider is not
+     * changed.
+     * @return The property {@code Encryptor.PreferredJCEProvider} is returned.
+     * @see org.owasp.esapi.crypto.SecurityProviderLoader
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+     */
+	@Deprecated
+    public String getPreferredJCEProvider();
+    
+// TODO - DISCUSS: Where should this web page (below) go? Maybe with the Javadoc? But where?
+//				   Think it makes more sense as part of the release notes, but OTOH, I
+//				   really don't want to rewrite this as a Wiki page either.
+    /**
+     * Determines whether the {@code CipherText} should be used with a Message
+     * Authentication Code (MAC). Generally this makes for a more robust cryptographic
+     * scheme, but there are some minor performance implications. Controlled by
+     * the ESAPI property <i>Encryptor.CipherText.useMAC</i>.
+     * </p><p>
+     * For further details, see the "Advanced Usage" section of
+     * <a href="http://www.owasp.org/ESAPI_2.0_ReleaseNotes_CryptoChanges.html">
+     * "Why Is OWASP Changing ESAPI Encryption?"</a>.
+     * </p>
+     * @return	{@code true} if a you want a MAC to be used, otherwise {@code false}.
+     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
+     */
+	@Deprecated
+    public boolean useMACforCipherText();
+
+    /**
+     * Indicates whether the {@code PlainText} objects may be overwritten after
+     * they have been encrypted. Generally this is a good idea, especially if
+     * your VM is shared by multiple applications (e.g., multiple applications
+     * running in the same J2EE container) or if there is a possibility that
+     * your VM may leave a core dump (say because it is running non-native
+     * Java code.
+     * <p>
+     * Controlled by the property {@code Encryptor.PlainText.overwrite} in
+     * the {@code ESAPI.properties} file.
+     * </p>
+     * @return	True if it is OK to overwrite the {@code PlainText} objects
+     *			after encrypting, false otherwise.
+     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
+     */
+	@Deprecated
+    public boolean overwritePlainText();
+    
+    /**
+     * Get a string indicating how to compute an Initialization Vector (IV).
+     * Currently supported modes are "random" to generate a random IV or
+     * "fixed" to use a fixed (static) IV. If a "fixed" IV is chosen, then the
+     * the value of this fixed IV must be specified as the property
+     * {@code Encryptor.fixedIV} and be of the appropriate length.
+     * 
+     * @return A string specifying the IV type. Should be "random" or "fixed".
+     * 
+     * @see #getFixedIV()
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+     */
+	@Deprecated
+    public String getIVType();
+    
+    /**
+     * If a "fixed" (i.e., static) Initialization Vector (IV) is to be used,
+     * this will return the IV value as a hex-encoded string.
+     * @return The fixed IV as a hex-encoded string.
+     * @deprecated Short term: use SecurityConfiguration.getByteArrayProp("appropriate_esapi_prop_name")
+     *             instead. Longer term: There will be a more general method in JavaEncryptor
+     *             to explicitly set an IV. This whole concept of a single fixed IV has
+     *             always been a kludge at best, as a concession to those who have used
+     *             a single fixed IV in the past. It's time to put it to death
+     *             as it was never intended for production in the first place.
+     */
+	@Deprecated
+    public String getFixedIV();
+    
+    /**
+     * Return a {@code List} of strings of combined cipher modes that support
+     * <b>both</b> confidentiality and authenticity. These would be preferred
+     * cipher modes to use if your JCE provider supports them. If such a
+     * cipher mode is used, no explicit <i>separate</i> MAC is calculated as part of
+     * the {@code CipherText} object upon encryption nor is any attempt made
+     * to verify the same on decryption.
+     * </p><p>
+     * The list is taken from the comma-separated list of cipher modes specified
+     * by the ESAPI property
+     * {@code Encryptor.cipher_modes.combined_modes}.
+     * 
+     * @return The parsed list of comma-separated cipher modes if the property
+     * was specified in {@code ESAPI.properties}; otherwise the empty list is
+     * returned.
+     */
+    public List<String> getCombinedCipherModes();
+
+    /**
+     * Return {@code List} of strings of additional cipher modes that are
+     * permitted (i.e., in <i>addition<i> to those returned by
+     * {@link #getCombinedCipherModes()}) to be used for encryption and
+     * decryption operations.
+     * </p><p>
+     * The list is taken from the comma-separated list of cipher modes specified
+     * by the ESAPI property
+     * {@code Encryptor.cipher_modes.additional_allowed}.
+     * 
+     * @return The parsed list of comma-separated cipher modes if the property
+     * was specified in {@code ESAPI.properties}; otherwise the empty list is
+     * returned.
+     *
+     * @see #getCombinedCipherModes()
+     */
+    public List<String> getAdditionalAllowedCipherModes();
+
+	/**
+	 * Gets the hashing algorithm used by ESAPI to hash data.
+	 * 
+	 * @return the current hashing algorithm
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public String getHashAlgorithm();
+
+	/**
+	 * Gets the hash iterations used by ESAPI to hash data.
+	 * 
+	 * @return the current hashing algorithm
+     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public int getHashIterations();
+
+	/**
+	 * Retrieve the Pseudo Random Function (PRF) used by the ESAPI
+	 * Key Derivation Function (KDF).
+	 * 
+	 * @return	The KDF PRF algorithm name.
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public String getKDFPseudoRandomFunction();
+	
+	/**
+	 * Gets the character encoding scheme supported by this application. This is used to set the
+	 * character encoding scheme on requests and responses when setCharacterEncoding() is called
+	 * on SafeRequests and SafeResponses. This scheme is also used for encoding/decoding URLs 
+	 * and any other place where the current encoding scheme needs to be known.
+	 * <br><br>
+	 * Note: This does not get the configured response content type. That is accessed by calling 
+	 * getResponseContentType().
+	 * 
+	 * @return the current character encoding scheme
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public String getCharacterEncoding();
+
+	/**
+	 * Return true if multiple encoding is allowed
+	 *
+	 * @return whether multiple encoding is allowed when canonicalizing data
+     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public boolean getAllowMultipleEncoding();
+
+	/**
+	 * Return true if mixed encoding is allowed
+	 *
+	 * @return whether mixed encoding is allowed when canonicalizing data
+     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public boolean getAllowMixedEncoding();
+
+	/**
+	 * Returns the List of Codecs to use when canonicalizing data
+	 * 
+	 * @return the codec list
+	 */
+	public List<String> getDefaultCanonicalizationCodecs();
+
+	/**
+	 * Gets the digital signature algorithm used by ESAPI to generate and verify signatures.
+	 * 
+	 * @return the current digital signature algorithm
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public String getDigitalSignatureAlgorithm();
+
+	/**
+	 * Gets the digital signature key length used by ESAPI to generate and verify signatures.
+	 * 
+	 * @return the current digital signature key length
+     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public int getDigitalSignatureKeyLength();
+		   
+	/**
+	 * Gets the random number generation algorithm used to generate random numbers where needed.
+	 * 
+	 * @return the current random number generation algorithm
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public String getRandomAlgorithm();
+
+	/**
+	 * Gets the number of login attempts allowed before the user's account is locked. If this 
+	 * many failures are detected within the alloted time period, the user's account will be locked.
+	 * 
+	 * @return the number of failed login attempts that cause an account to be locked
+     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public int getAllowedLoginAttempts();
+
+	/**
+	 * Gets the maximum number of old password hashes that should be retained. These hashes can 
+	 * be used to ensure that the user doesn't reuse the specified number of previous passwords
+	 * when they change their password.
+	 * 
+	 * @return the number of old hashed passwords to retain
+     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public int getMaxOldPasswordHashes();
+
+	/**
+	 * Allows for complete disabling of all intrusion detection mechanisms
+	 * 
+	 * @return true if intrusion detection should be disabled
+     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public boolean getDisableIntrusionDetection();
+	
+	/**
+	 * Gets the intrusion detection quota for the specified event.
+	 * 
+	 * @param eventName the name of the event whose quota is desired
+	 * 
+	 * @return the Quota that has been configured for the specified type of event
+	 */
+	public Threshold getQuota(String eventName);
+
+	/**
+	 * Gets a file from the resource directory
+     *
+     * @param filename The file name resource.
+     * @return A {@code File} object representing the specified file name or null if not found.
+     */
+    public File getResourceFile( String filename );
+    
+	/**
+	 * Returns true if session cookies are required to have HttpOnly flag set.
+     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
+     */
+	@Deprecated
+    public boolean getForceHttpOnlySession() ;
+
+	/**
+	 * Returns true if session cookies are required to have Secure flag set.
+     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
+     */
+	@Deprecated
+    public boolean getForceSecureSession() ;
+
+	/**
+	 * Returns true if new cookies are required to have HttpOnly flag set.
+     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
+     */
+	@Deprecated
+    public boolean getForceHttpOnlyCookies() ;
+
+	/**
+	 * Returns true if new cookies are required to have Secure flag set.
+     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
+     */
+	@Deprecated
+    public boolean getForceSecureCookies() ;
+
+	/**
+	 * Returns the maximum allowable HTTP header size.
+     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public int getMaxHttpHeaderSize() ;
+
+	/**
+	 * Gets an InputStream to a file in the resource directory
+     *
+     * @param filename A file name in the resource directory.
+     * @return An {@code InputStream} to the specified file name in the resource directory.
+     * @throws IOException If the specified file name cannot be found or opened for reading.
+     */
+    public InputStream getResourceStream( String filename ) throws IOException;
+
+    	
+	/**
+	 * Sets the ESAPI resource directory.
+	 * 
+	 * @param dir The location of the resource directory.
+	 */
+	public void setResourceDirectory(String dir);
+	
+	/**
+	 * Gets the content type for responses used when setSafeContentType() is called.
+	 * <br><br>
+	 * Note: This does not get the configured character encoding scheme. That is accessed by calling 
+	 * getCharacterEncoding().
+	 * 
+	 * @return The current content-type set for responses.
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public String getResponseContentType();
+
+	/**
+	 * This method returns the configured name of the session identifier, 
+	 * likely "JSESSIONID" though this can be overridden.
+	 * 
+	 * @return The name of the session identifier, like "JSESSIONID"
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public String getHttpSessionIdName();
+	
+	/**
+	 * Gets the length of the time to live window for remember me tokens (in milliseconds).
+	 * 
+	 * @return The time to live length for generated "remember me" tokens.
+	 */
+    // OPEN ISSUE: Can we replace w/ SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead?
+	public long getRememberTokenDuration();
+
+	
+	/**
+	 * Gets the idle timeout length for sessions (in milliseconds). This is the amount of time that a session
+	 * can live before it expires due to lack of activity. Applications or frameworks could provide a reauthenticate
+	 * function that enables a session to continue after reauthentication.
+	 * 
+	 * @return The session idle timeout length.
+     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public int getSessionIdleTimeoutLength();
+	
+	/**
+	 * Gets the absolute timeout length for sessions (in milliseconds). This is the amount of time that a session
+	 * can live before it expires regardless of the amount of user activity. Applications or frameworks could 
+	 * provide a reauthenticate function that enables a session to continue after reauthentication.
+	 * 
+	 * @return The session absolute timeout length.
+     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public int getSessionAbsoluteTimeoutLength();
+	
+	
+	/**
+	 * Returns whether HTML entity encoding should be applied to log entries.
+	 * 
+	 * @return True if log entries are to be HTML Entity encoded. False otherwise.
+     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public boolean getLogEncodingRequired();
+	
+	/**
+	 * Returns whether ESAPI should log the application name. This might be clutter in some
+	 * single-server/single-app environments.
+	 * 
+	 * @return True if ESAPI should log the application name, False otherwise
+     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public boolean getLogApplicationName();
+
+	/**
+	 * Returns whether ESAPI should log the server IP. This might be clutter in some
+	 * single-server environments.
+	 * 
+	 * @return True if ESAPI should log the server IP and port, False otherwise
+     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public boolean getLogServerIP();
+
+	/**
+	 * Returns the current log level.
+	 * @return	An integer representing the current log level.
+     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+    public int getLogLevel();
+	
+    /**
+     * Get the name of the log file specified in the ESAPI configuration properties file. Return a default value 
+     * if it is not specified.
+     * 
+     * @return the log file name defined in the properties file.
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+     */
+	@Deprecated
+    public String getLogFileName();
+
+    /**
+     * Get the maximum size of a single log file from the ESAPI configuration properties file. Return a default value 
+     * if it is not specified. Once the log hits this file size, it will roll over into a new log.
+     * 
+     * @return the maximum size of a single log file (in bytes).
+     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
+     */
+	@Deprecated
+    public int getMaxLogFileSize();
+
+	/**
+	 * Models a simple threshold as a count and an interval, along with a set of actions to take if 
+	 * the threshold is exceeded. These thresholds are used to define when the accumulation of a particular event
+	 * has met a set number within the specified time period. Once a threshold value has been met, various
+	 * actions can be taken at that point.
+	 */
+	public static class Threshold {
+		
+		/** The name of this threshold. */
+		public String name = null;
+		
+		/** The count at which this threshold is triggered. */
+		public int count = 0;
+		
+		/** 
+		 * The time frame within which 'count' number of actions has to be detected in order to
+		 * trigger this threshold.
+		 */
+		public long interval = 0;
+		
+		/**
+		 * The list of actions to take if the threshold is met. It is expected that this is a list of Strings, but 
+		 * your implementation could have this be a list of any type of 'actions' you wish to define. 
+		 */
+		public List<String> actions = null;
+
+		/**
+		 * Constructs a threshold that is composed of its name, its threshold count, the time window for
+		 * the threshold, and the actions to take if the threshold is triggered.
+		 * 
+		 * @param name The name of this threshold.
+		 * @param count The count at which this threshold is triggered.
+		 * @param interval The time frame within which 'count' number of actions has to be detected in order to
+		 * trigger this threshold.
+		 * @param actions The list of actions to take if the threshold is met.
+		 */
+		public Threshold(String name, int count, long interval, List<String> actions) {
+			this.name = name;
+			this.count = count;
+			this.interval = interval;
+			this.actions = actions;
+		}
+	}
+
+	/**
+	 * Returns the default working directory for executing native processes with Runtime.exec().
+	 */
+	public File getWorkingDirectory();
+}

From 3d5337da06804596f3e2dfe69d9c5d6121d3e33a Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:50 -0500
Subject: [PATCH 175/812] Change CRLF to LF for issue 356.

---
 .../java/org/owasp/esapi/StringUtilities.java | 396 +++++++++---------
 1 file changed, 198 insertions(+), 198 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/StringUtilities.java b/src/main/java/org/owasp/esapi/StringUtilities.java
index 9d79a3ec4..35aba6a0a 100644
--- a/src/main/java/org/owasp/esapi/StringUtilities.java
+++ b/src/main/java/org/owasp/esapi/StringUtilities.java
@@ -1,199 +1,199 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi;
-
-import java.util.Arrays;
-import java.util.regex.Pattern;
-
-/**
- * String utilities used in various filters.
- * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- * href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- */
-public class StringUtilities {
-
-	private static final Pattern p = Pattern.compile( "\\s");
-	public static String replaceLinearWhiteSpace( String input ) {
-		return p.matcher(input).replaceAll( " " );
-	}
-	
-	/**
-	 * Removes all unprintable characters from a string 
-	 * and replaces with a space.
-	 * @param input
-	 * @return the stripped value
-	 */
-	public static String stripControls( String input ) {
-		StringBuilder sb = new StringBuilder();
-		for ( int i=0; i<input.length(); i++ ) {
-			char c = input.charAt( i );
-			if ( c > 0x20 && c < 0x7f ) {
-				sb.append( c );
-			} else {
-				sb.append( ' ' );
-			}
-		}
-		return sb.toString();
-	}
-
-	
-    /**
-     * Union multiple character arrays.
-     * 
-     * @param list the char[]s to union
-     * @return the union of the char[]s
-     */
-    public static char[] union(char[]... list) {
-    	StringBuilder sb = new StringBuilder();
-    	
-		for (char[] characters : list) {
-			for ( char c : characters ) {
-				if ( !contains( sb, c ) )
-					sb.append( c );
-			}
-		}
-
-        char[] toReturn = new char[sb.length()];
-        sb.getChars(0, sb.length(), toReturn, 0);
-        Arrays.sort(toReturn);
-        return toReturn;
-    }
-
-
-	/**
-     * Returns true if the character is contained in the provided StringBuilder.
-     * @param input 	The input
-     * @param c 		The character to check for to see if {@code input} contains.
-     * @return			True if the specified character is contained; false otherwise.
-     */
-    public static boolean contains(StringBuilder input, char c) {
-        for (int i = 0; i < input.length(); i++) {
-            if (input.charAt(i) == c)
-                return true;
-        }
-        return false;
-    }
-
-    /**
-     * Returns the replace value if the value of test is null, "null", or ""
-     *
-     * @param test The value to test
-     * @param replace The replacement value
-     * @return The correct value
-     */
-    public static String replaceNull( String test, String replace ) {
-        return ( test == null || "null".equalsIgnoreCase( test.trim() ) || "".equals( test.trim() ) ) ? replace : test;
-    }
-
-    /**
-     * Calculate the Edit Distance between 2 Strings as a measure of similarity.
-     *
-     * For example, if the strings GUMBO and GAMBOL are passed in, the edit distance
-     * is 2, since GUMBO transforms into GAMBOL by replacing the 'U' with an 'A' and
-     * adding an 'L'.
-     *
-     * Original Implementation of this algorithm by Michael Gilleland, adapted by
-     * Chas Emerick for the Apache-Commons project
-     * http://www.merriampark.com/ldjava.htm
-     *
-     * @param s The source string
-     * @param t The target String
-     * @return The edit distance between the 2 strings
-     */
-    public static int getLevenshteinDistance (String s, String t) {
-      if (s == null || t == null) {
-        throw new IllegalArgumentException("Strings must not be null");
-      }
-
-      int n = s.length(); // length of s
-      int m = t.length(); // length of t
-
-      if (n == 0) {
-        return m;
-      } else if (m == 0) {
-        return n;
-      }
-
-      int p[] = new int[n+1]; //'previous' cost array, horizontally
-      int d[] = new int[n+1]; // cost array, horizontally
-      int _d[]; //placeholder to assist in swapping p and d
-
-      // indexes into strings s and t
-      int i; // iterates through s
-      int j; // iterates through t
-
-      char t_j; // jth character of t
-
-      int cost; // cost
-
-      for (i = 0; i<=n; i++) {
-         p[i] = i;
-      }
-
-      for (j = 1; j<=m; j++) {
-         t_j = t.charAt(j-1);
-         d[0] = j;
-
-         for (i=1; i<=n; i++) {
-            cost = s.charAt(i-1)==t_j ? 0 : 1;
-            // minimum of cell to the left+1, to the top+1, diagonally left and up +cost
-            d[i] = Math.min(Math.min(d[i-1]+1, p[i]+1),  p[i-1]+cost);
-         }
-
-         // copy current distance counts to 'previous row' distance counts
-         _d = p;
-         p = d;
-         d = _d;
-      }
-
-      // our last action in the above loop was to switch d and p, so p now
-      // actually has the most recent cost counts
-      return p[n];
-    }
-
-    /**
-     * Check to ensure that a {@code String} is not null or empty (after optional
-     * trimming of leading and trailing whitespace). Usually used with
-     * assertions, as in
-     * <pre>
-     * 		assert StringUtils.notNullOrEmpty(cipherXform, true) :
-     * 								"Cipher transformation may not be null or empty!";
-     * </pre>
-     *
-     * @param str	The {@code String} to be checked.
-     * @param trim	If {@code true}, the string is first trimmed before checking
-     * 				to see if it is empty, otherwise it is not.
-     * @return		True if the string is null or empty (after possible
-     * 				trimming); otherwise false.
-     * @since 2.0
-     */
-    public static boolean notNullOrEmpty(String str, boolean trim) {
-    	if ( trim ) {
-    		return !( str == null || str.trim().equals("") );
-    	} else {
-    		return !( str == null || str.equals("") );
-    	}
-    }
-
-    /**
-     * Returns true if String is empty ("") or null.
-     */
-    public static boolean isEmpty(String str) {
-        return str == null || str.length() == 0;
-    }
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi;
+
+import java.util.Arrays;
+import java.util.regex.Pattern;
+
+/**
+ * String utilities used in various filters.
+ * 
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ * href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ */
+public class StringUtilities {
+
+	private static final Pattern p = Pattern.compile( "\\s");
+	public static String replaceLinearWhiteSpace( String input ) {
+		return p.matcher(input).replaceAll( " " );
+	}
+	
+	/**
+	 * Removes all unprintable characters from a string 
+	 * and replaces with a space.
+	 * @param input
+	 * @return the stripped value
+	 */
+	public static String stripControls( String input ) {
+		StringBuilder sb = new StringBuilder();
+		for ( int i=0; i<input.length(); i++ ) {
+			char c = input.charAt( i );
+			if ( c > 0x20 && c < 0x7f ) {
+				sb.append( c );
+			} else {
+				sb.append( ' ' );
+			}
+		}
+		return sb.toString();
+	}
+
+	
+    /**
+     * Union multiple character arrays.
+     * 
+     * @param list the char[]s to union
+     * @return the union of the char[]s
+     */
+    public static char[] union(char[]... list) {
+    	StringBuilder sb = new StringBuilder();
+    	
+		for (char[] characters : list) {
+			for ( char c : characters ) {
+				if ( !contains( sb, c ) )
+					sb.append( c );
+			}
+		}
+
+        char[] toReturn = new char[sb.length()];
+        sb.getChars(0, sb.length(), toReturn, 0);
+        Arrays.sort(toReturn);
+        return toReturn;
+    }
+
+
+	/**
+     * Returns true if the character is contained in the provided StringBuilder.
+     * @param input 	The input
+     * @param c 		The character to check for to see if {@code input} contains.
+     * @return			True if the specified character is contained; false otherwise.
+     */
+    public static boolean contains(StringBuilder input, char c) {
+        for (int i = 0; i < input.length(); i++) {
+            if (input.charAt(i) == c)
+                return true;
+        }
+        return false;
+    }
+
+    /**
+     * Returns the replace value if the value of test is null, "null", or ""
+     *
+     * @param test The value to test
+     * @param replace The replacement value
+     * @return The correct value
+     */
+    public static String replaceNull( String test, String replace ) {
+        return ( test == null || "null".equalsIgnoreCase( test.trim() ) || "".equals( test.trim() ) ) ? replace : test;
+    }
+
+    /**
+     * Calculate the Edit Distance between 2 Strings as a measure of similarity.
+     *
+     * For example, if the strings GUMBO and GAMBOL are passed in, the edit distance
+     * is 2, since GUMBO transforms into GAMBOL by replacing the 'U' with an 'A' and
+     * adding an 'L'.
+     *
+     * Original Implementation of this algorithm by Michael Gilleland, adapted by
+     * Chas Emerick for the Apache-Commons project
+     * http://www.merriampark.com/ldjava.htm
+     *
+     * @param s The source string
+     * @param t The target String
+     * @return The edit distance between the 2 strings
+     */
+    public static int getLevenshteinDistance (String s, String t) {
+      if (s == null || t == null) {
+        throw new IllegalArgumentException("Strings must not be null");
+      }
+
+      int n = s.length(); // length of s
+      int m = t.length(); // length of t
+
+      if (n == 0) {
+        return m;
+      } else if (m == 0) {
+        return n;
+      }
+
+      int p[] = new int[n+1]; //'previous' cost array, horizontally
+      int d[] = new int[n+1]; // cost array, horizontally
+      int _d[]; //placeholder to assist in swapping p and d
+
+      // indexes into strings s and t
+      int i; // iterates through s
+      int j; // iterates through t
+
+      char t_j; // jth character of t
+
+      int cost; // cost
+
+      for (i = 0; i<=n; i++) {
+         p[i] = i;
+      }
+
+      for (j = 1; j<=m; j++) {
+         t_j = t.charAt(j-1);
+         d[0] = j;
+
+         for (i=1; i<=n; i++) {
+            cost = s.charAt(i-1)==t_j ? 0 : 1;
+            // minimum of cell to the left+1, to the top+1, diagonally left and up +cost
+            d[i] = Math.min(Math.min(d[i-1]+1, p[i]+1),  p[i-1]+cost);
+         }
+
+         // copy current distance counts to 'previous row' distance counts
+         _d = p;
+         p = d;
+         d = _d;
+      }
+
+      // our last action in the above loop was to switch d and p, so p now
+      // actually has the most recent cost counts
+      return p[n];
+    }
+
+    /**
+     * Check to ensure that a {@code String} is not null or empty (after optional
+     * trimming of leading and trailing whitespace). Usually used with
+     * assertions, as in
+     * <pre>
+     * 		assert StringUtils.notNullOrEmpty(cipherXform, true) :
+     * 								"Cipher transformation may not be null or empty!";
+     * </pre>
+     *
+     * @param str	The {@code String} to be checked.
+     * @param trim	If {@code true}, the string is first trimmed before checking
+     * 				to see if it is empty, otherwise it is not.
+     * @return		True if the string is null or empty (after possible
+     * 				trimming); otherwise false.
+     * @since 2.0
+     */
+    public static boolean notNullOrEmpty(String str, boolean trim) {
+    	if ( trim ) {
+    		return !( str == null || str.trim().equals("") );
+    	} else {
+    		return !( str == null || str.equals("") );
+    	}
+    }
+
+    /**
+     * Returns true if String is empty ("") or null.
+     */
+    public static boolean isEmpty(String str) {
+        return str == null || str.length() == 0;
+    }
 }
\ No newline at end of file

From c90d9c21b562b2d8ebe13f07478e208572bfb277 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:50 -0500
Subject: [PATCH 176/812] Change CRLF to LF for issue 356.

---
 .../esapi/tags/EncodeForHTMLAttributeTag.java | 78 +++++++++----------
 1 file changed, 39 insertions(+), 39 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/tags/EncodeForHTMLAttributeTag.java b/src/main/java/org/owasp/esapi/tags/EncodeForHTMLAttributeTag.java
index e407e02c0..ed48c971c 100644
--- a/src/main/java/org/owasp/esapi/tags/EncodeForHTMLAttributeTag.java
+++ b/src/main/java/org/owasp/esapi/tags/EncodeForHTMLAttributeTag.java
@@ -1,39 +1,39 @@
-/*
- * OWASP Enterprise Security API (ESAPI)
- *
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- *
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- *
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-
-package org.owasp.esapi.tags;
-
-import org.owasp.esapi.Encoder;
-
-/**
- * JSP tag that encode's it's body for use in a HTML attribute.
- */
-public class EncodeForHTMLAttributeTag extends BaseEncodeTag
-{
-	private static final long serialVersionUID = 3L;
-
-	/**
-	 * Encode tag's content for usage as a HTML attribute.
-	 * @param content The tag's content as a String
-	 * @param enc Encoder used to call
-	 * 	{@link Encoder#encodeForHTMLAttribute(String)}
-	 * @return content encoded for usage as a HTML attribute
-	 */
-	protected String encode(String content, Encoder enc)
-	{
-		return enc.encodeForHTMLAttribute(content);
-	}
-}
+/*
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+
+package org.owasp.esapi.tags;
+
+import org.owasp.esapi.Encoder;
+
+/**
+ * JSP tag that encode's it's body for use in a HTML attribute.
+ */
+public class EncodeForHTMLAttributeTag extends BaseEncodeTag
+{
+	private static final long serialVersionUID = 3L;
+
+	/**
+	 * Encode tag's content for usage as a HTML attribute.
+	 * @param content The tag's content as a String
+	 * @param enc Encoder used to call
+	 * 	{@link Encoder#encodeForHTMLAttribute(String)}
+	 * @return content encoded for usage as a HTML attribute
+	 */
+	protected String encode(String content, Encoder enc)
+	{
+		return enc.encodeForHTMLAttribute(content);
+	}
+}

From d823864e9c112f621b137e7813b3168627e3dcb3 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:50 -0500
Subject: [PATCH 177/812] Change CRLF to LF for issue 356.

---
 .../owasp/esapi/tags/EncodeForHTMLTag.java    | 78 +++++++++----------
 1 file changed, 39 insertions(+), 39 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/tags/EncodeForHTMLTag.java b/src/main/java/org/owasp/esapi/tags/EncodeForHTMLTag.java
index d161c986a..ee7916f75 100644
--- a/src/main/java/org/owasp/esapi/tags/EncodeForHTMLTag.java
+++ b/src/main/java/org/owasp/esapi/tags/EncodeForHTMLTag.java
@@ -1,39 +1,39 @@
-/*
- * OWASP Enterprise Security API (ESAPI)
- *
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- *
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- *
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-
-package org.owasp.esapi.tags;
-
-import org.owasp.esapi.Encoder;
-
-/**
- * JSP tag that encode's it's body for use in HTML.
- */
-public class EncodeForHTMLTag extends BaseEncodeTag
-{
-	private static final long serialVersionUID = 3L;
-
-	/**
-	 * Encode tag's content for usage in HTML.
-	 * @param content The tag's content as a String
-	 * @param enc Encoder used to call
-	 * 	{@link Encoder#encodeForHTML(String)}
-	 * @return content encoded for usage in HTML
-	 */
-	protected String encode(String content, Encoder enc)
-	{
-		return enc.encodeForHTML(content);
-	}
-}
+/*
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+
+package org.owasp.esapi.tags;
+
+import org.owasp.esapi.Encoder;
+
+/**
+ * JSP tag that encode's it's body for use in HTML.
+ */
+public class EncodeForHTMLTag extends BaseEncodeTag
+{
+	private static final long serialVersionUID = 3L;
+
+	/**
+	 * Encode tag's content for usage in HTML.
+	 * @param content The tag's content as a String
+	 * @param enc Encoder used to call
+	 * 	{@link Encoder#encodeForHTML(String)}
+	 * @return content encoded for usage in HTML
+	 */
+	protected String encode(String content, Encoder enc)
+	{
+		return enc.encodeForHTML(content);
+	}
+}

From 0c81451229fd99c0275b6ea8d7c7f03b2cc20bfb Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:50 -0500
Subject: [PATCH 178/812] Change CRLF to LF for issue 356.

---
 .../esapi/tags/EncodeForJavaScriptTag.java    | 46 +++++++++----------
 1 file changed, 23 insertions(+), 23 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/tags/EncodeForJavaScriptTag.java b/src/main/java/org/owasp/esapi/tags/EncodeForJavaScriptTag.java
index 08997d777..8069401b8 100644
--- a/src/main/java/org/owasp/esapi/tags/EncodeForJavaScriptTag.java
+++ b/src/main/java/org/owasp/esapi/tags/EncodeForJavaScriptTag.java
@@ -1,23 +1,23 @@
-package org.owasp.esapi.tags;
-
-import org.owasp.esapi.Encoder;
-
-/**
- * JSP tag that encode's it's body for use in JavaScript.
- */
-public class EncodeForJavaScriptTag extends BaseEncodeTag
-{
-	private static final long serialVersionUID = 3L;
-
-	/**
-	 * Encode tag's content for usage in JavaScript
-	 * @param content The tag's content as a String
-	 * @param enc Encoder used to call
-	 * 	{@link Encoder#encodeForJavaScript(String)}
-	 * @return content encoded for usage in JavaScript
-	 */
-	protected String encode(String content, Encoder enc)
-	{
-		return enc.encodeForJavaScript(content);
-	}
-}
+package org.owasp.esapi.tags;
+
+import org.owasp.esapi.Encoder;
+
+/**
+ * JSP tag that encode's it's body for use in JavaScript.
+ */
+public class EncodeForJavaScriptTag extends BaseEncodeTag
+{
+	private static final long serialVersionUID = 3L;
+
+	/**
+	 * Encode tag's content for usage in JavaScript
+	 * @param content The tag's content as a String
+	 * @param enc Encoder used to call
+	 * 	{@link Encoder#encodeForJavaScript(String)}
+	 * @return content encoded for usage in JavaScript
+	 */
+	protected String encode(String content, Encoder enc)
+	{
+		return enc.encodeForJavaScript(content);
+	}
+}

From 676f25826b6fa9f2ac89085e199a165a6f23a368 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:50 -0500
Subject: [PATCH 179/812] Change CRLF to LF for issue 356.

---
 .../esapi/tags/EncodeForVBScriptTag.java      | 78 +++++++++----------
 1 file changed, 39 insertions(+), 39 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/tags/EncodeForVBScriptTag.java b/src/main/java/org/owasp/esapi/tags/EncodeForVBScriptTag.java
index d6b07fa7a..d090fad29 100644
--- a/src/main/java/org/owasp/esapi/tags/EncodeForVBScriptTag.java
+++ b/src/main/java/org/owasp/esapi/tags/EncodeForVBScriptTag.java
@@ -1,39 +1,39 @@
-/*
- * OWASP Enterprise Security API (ESAPI)
- *
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- *
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- *
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-
-package org.owasp.esapi.tags;
-
-import org.owasp.esapi.Encoder;
-
-/**
- * JSP tag that encode's it's body for use in VBScript.
- */
-public class EncodeForVBScriptTag extends BaseEncodeTag
-{
-	private static final long serialVersionUID = 3L;
-
-	/**
-	 * Encode tag's content for usage in VBScript.
-	 * @param content The tag's content as a String
-	 * @param enc Encoder used to call
-	 * 	{@link Encoder#encodeForVBScript(String)}
-	 * @return content encoded for usage in VBScript
-	 */
-	protected String encode(String content, Encoder enc)
-	{
-		return enc.encodeForVBScript(content);
-	}
-}
+/*
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+
+package org.owasp.esapi.tags;
+
+import org.owasp.esapi.Encoder;
+
+/**
+ * JSP tag that encode's it's body for use in VBScript.
+ */
+public class EncodeForVBScriptTag extends BaseEncodeTag
+{
+	private static final long serialVersionUID = 3L;
+
+	/**
+	 * Encode tag's content for usage in VBScript.
+	 * @param content The tag's content as a String
+	 * @param enc Encoder used to call
+	 * 	{@link Encoder#encodeForVBScript(String)}
+	 * @return content encoded for usage in VBScript
+	 */
+	protected String encode(String content, Encoder enc)
+	{
+		return enc.encodeForVBScript(content);
+	}
+}

From 56d8fd7859f48c1e5f8587e18e739c022f8fdfe8 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:50 -0500
Subject: [PATCH 180/812] Change CRLF to LF for issue 356.

---
 src/main/java/org/owasp/esapi/User.java | 1520 +++++++++++------------
 1 file changed, 760 insertions(+), 760 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/User.java b/src/main/java/org/owasp/esapi/User.java
index f6b9fa2d4..d0bd9a8a3 100644
--- a/src/main/java/org/owasp/esapi/User.java
+++ b/src/main/java/org/owasp/esapi/User.java
@@ -1,760 +1,760 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi;
-
-import org.owasp.esapi.errors.AuthenticationException;
-import org.owasp.esapi.errors.AuthenticationHostException;
-import org.owasp.esapi.errors.EncryptionException;
-
-import javax.servlet.http.HttpSession;
-import java.io.Serializable;
-import java.security.Principal;
-import java.util.*;
-
-/**
- * The User interface represents an application user or user account. There is quite a lot of information that an
- * application must store for each user in order to enforce security properly. There are also many rules that govern
- * authentication and identity management.
- * <P>
- * A user account can be in one of several states. When first created, a User should be disabled, not expired, and
- * unlocked. To start using the account, an administrator should enable the account. The account can be locked for a
- * number of reasons, most commonly because they have failed login for too many times. Finally, the account can expire
- * after the expiration date has been reached. The User must be enabled, not expired, and unlocked in order to pass
- * authentication.
- * 
- * @author <a href="mailto:jeff.williams@aspectsecurity.com?subject=ESAPI question">Jeff Williams</a> at <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @author Chris Schmidt (chrisisbeef .at. gmail.com) <a href="http://www.digital-ritual.com">Digital Ritual Software</a>
- * @since June 1, 2007
- */
-
-public interface User extends Principal, Serializable {
-	/**
-	 * @return the locale
-	 */
-	public Locale getLocale();
-
-	/**
-	 * @param locale the locale to set
-	 */
-	public void setLocale(Locale locale);
-
-    /**
-     * Adds a role to this user's account.
-     * 
-     * @param role 
-     * 		the role to add
-     * 
-     * @throws AuthenticationException 
-     * 		the authentication exception
-     */
-    void addRole(String role) throws AuthenticationException;
-
-    /**
-     * Adds a set of roles to this user's account.
-     * 
-     * @param newRoles 
-     * 		the new roles to add
-     * 
-     * @throws AuthenticationException 
-     * 		the authentication exception
-     */
-    void addRoles(Set<String> newRoles) throws AuthenticationException;
-
-    /**
-     * Sets the user's password, performing a verification of the user's old password, the equality of the two new
-     * passwords, and the strength of the new password.
-     * 
-     * @param oldPassword 
-     * 		the old password
-     * @param newPassword1 
-     * 		the new password
-     * @param newPassword2 
-     * 		the new password - used to verify that the new password was typed correctly
-     * 
-     * @throws AuthenticationException 
-     * 		if newPassword1 does not match newPassword2, if oldPassword does not match the stored old password, or if the new password does not meet complexity requirements 
-     * @throws EncryptionException 
-     */
-    void changePassword(String oldPassword, String newPassword1, String newPassword2) throws AuthenticationException, EncryptionException;
-
-    /**
-     * Disable this user's account.
-     */
-    void disable();
-
-    /**
-     * Enable this user's account.
-     */
-    void enable();
-
-    /**
-     * Gets this user's account id number.
-     * 
-     * @return the account id
-     */
-    long getAccountId();
-    
-    /**
-     * Gets this user's account name.
-     * 
-     * @return the account name
-     */
-    String getAccountName();
-
-    /**
-     * Gets the CSRF token for this user's current sessions.
-     * 
-     * @return the CSRF token
-     */
-    String getCSRFToken();
-
-    /**
-     * Returns the date that this user's account will expire.
-     *
-     * @return Date representing the account expiration time.
-     */
-    Date getExpirationTime();
-
-    /**
-     * Returns the number of failed login attempts since the last successful login for an account. This method is
-     * intended to be used as a part of the account lockout feature, to help protect against brute force attacks.
-     * However, the implementor should be aware that lockouts can be used to prevent access to an application by a
-     * legitimate user, and should consider the risk of denial of service.
-     * 
-     * @return the number of failed login attempts since the last successful login
-     */
-    int getFailedLoginCount();
-
-    /**
-     * Returns the last host address used by the user. This will be used in any log messages generated by the processing
-     * of this request.
-     * 
-     * @return the last host address used by the user
-     */
-    String getLastHostAddress();
-
-	/**
-     * Returns the date of the last failed login time for a user. This date should be used in a message to users after a
-     * successful login, to notify them of potential attack activity on their account.
-     * 
-     * @return date of the last failed login
-     * 
-     * @throws AuthenticationException 
-     * 		the authentication exception
-     */
-    Date getLastFailedLoginTime() throws AuthenticationException;
-
-    /**
-     * Returns the date of the last successful login time for a user. This date should be used in a message to users
-     * after a successful login, to notify them of potential attack activity on their account.
-     * 
-     * @return date of the last successful login
-     */
-    Date getLastLoginTime();
-
-    /**
-     * Gets the date of user's last password change.
-     * 
-     * @return the date of last password change
-     */
-    Date getLastPasswordChangeTime();
-
-    /**
-     * Gets the roles assigned to a particular account.
-     * 
-     * @return an immutable set of roles
-     */
-    Set<String> getRoles();
-
-    /**
-     * Gets the screen name (alias) for the current user.
-     * 
-     * @return the screen name
-     */
-    String getScreenName();
-
-    /**
-     * Adds a session for this User.
-     * 
-     * @param s
-     * 			The session to associate with this user.
-     */
-    void addSession( HttpSession s );
-    
-    /**
-     * Removes a session for this User.
-     * 
-     * @param s
-     * 			The session to remove from being associated with this user.
-     */
-    void removeSession( HttpSession s );
-    
-    /**
-     * Returns the list of sessions associated with this User.
-     * @return
-     */
-    Set getSessions();
-    
-    /**
-     * Increment failed login count.
-     */
-    void incrementFailedLoginCount();
-
-    /**
-     * Checks if user is anonymous.
-     * 
-     * @return true, if user is anonymous
-     */
-    boolean isAnonymous();
-
-    /**
-     * Checks if this user's account is currently enabled.
-     * 
-     * @return true, if account is enabled 
-     */
-    boolean isEnabled();
-
-    /**
-     * Checks if this user's account is expired.
-     * 
-     * @return true, if account is expired
-     */
-    boolean isExpired();
-
-    /**
-     * Checks if this user's account is assigned a particular role.
-     * 
-     * @param role 
-     * 		the role for which to check
-     * 
-     * @return true, if role has been assigned to user
-     */
-    boolean isInRole(String role);
-
-    /**
-     * Checks if this user's account is locked.
-     * 
-     * @return true, if account is locked
-     */
-    boolean isLocked();
-
-    /**
-     * Tests to see if the user is currently logged in.
-     * 
-     * @return true, if the user is logged in
-     */
-    boolean isLoggedIn();
-
-    /**
-     * Tests to see if this user's session has exceeded the absolute time out based 
-      * on ESAPI's configuration settings.
-     * 
-     * @return true, if user's session has exceeded the absolute time out
-     */
-    boolean isSessionAbsoluteTimeout();
-
-    /**
-      * Tests to see if the user's session has timed out from inactivity based 
-      * on ESAPI's configuration settings.
-      * 
-      * A session may timeout prior to ESAPI's configuration setting due to 
-      * the servlet container setting for session-timeout in web.xml. The 
-      * following is an example of a web.xml session-timeout set for one hour. 	
-      *
-      * <session-config>
-      *   <session-timeout>60</session-timeout> 
-      * </session-config>
-      * 
-      * @return true, if user's session has timed out from inactivity based 
-      *               on ESAPI configuration
-      */
-     boolean isSessionTimeout();
-
-    /**
-     * Lock this user's account.
-     */
-    void lock();
-
-    /**
-     * Login with password.
-     * 
-     * @param password 
-     * 		the password
-     * @throws AuthenticationException 
-     * 		if login fails
-     */
-    void loginWithPassword(String password) throws AuthenticationException;
-
-    /**
-     * Logout this user.
-     */
-    void logout();
-
-    /**
-     * Removes a role from this user's account.
-     * 
-     * @param role 
-     * 		the role to remove
-     * @throws AuthenticationException 
-     * 		the authentication exception
-     */
-    void removeRole(String role) throws AuthenticationException;
-
-    /**
-     * Returns a token to be used as a prevention against CSRF attacks. This token should be added to all links and
-     * forms. The application should verify that all requests contain the token, or they may have been generated by a
-     * CSRF attack. It is generally best to perform the check in a centralized location, either a filter or controller.
-     * See the verifyCSRFToken method.
-     * 
-     * @return the new CSRF token
-     * 
-     * @throws AuthenticationException 
-     * 		the authentication exception
-     */
-    String resetCSRFToken() throws AuthenticationException;
-
-    /**
-     * Sets this user's account name.
-     * 
-     * @param accountName the new account name
-     */
-    void setAccountName(String accountName);
-
-    /**
-     * Sets the date and time when this user's account will expire.
-     * 
-     * @param expirationTime the new expiration time
-     */
-	void setExpirationTime(Date expirationTime);
-
-	/**
-     * Sets the roles for this account.
-     * 
-     * @param roles 
-     * 		the new roles
-     * 
-     * @throws AuthenticationException 
-     * 		the authentication exception
-     */
-    void setRoles(Set<String> roles) throws AuthenticationException;
-
-    /**
-     * Sets the screen name (username alias) for this user.
-     * 
-     * @param screenName the new screen name
-     */
-    void setScreenName(String screenName);
-
-    /**
-     * Unlock this user's account.
-     */
-    void unlock();
-
-	/**
-	 * Verify that the supplied password matches the password for this user. This method
-	 * is typically used for "reauthentication" for the most sensitive functions, such
-	 * as transactions, changing email address, and changing other account information.
-	 * 
-	 * @param password 
-	 * 		the password that the user entered
-	 * 
-	 * @return true, if the password passed in matches the account's password
-	 * 
-	 * @throws EncryptionException 
-	 */
-	public boolean verifyPassword(String password) throws EncryptionException;
-
-	/**
-	 * Set the time of the last failed login for this user.
-	 * 
-	 * @param lastFailedLoginTime the date and time when the user just failed to login correctly.
-	 */
-	void setLastFailedLoginTime(Date lastFailedLoginTime);
-	
-	/**
-	 * Set the last remote host address used by this user.
-	 * 
-	 * @param remoteHost The address of the user's current source host.
-	 */
-	void setLastHostAddress(String remoteHost) throws AuthenticationHostException;
-	
-	/**
-	 * Set the time of the last successful login for this user.
-	 * 
-	 * @param lastLoginTime the date and time when the user just successfully logged in.
-	 */
-	void setLastLoginTime(Date lastLoginTime);
-	
-	/**
-	 * Set the time of the last password change for this user.
-	 * 
-	 * @param lastPasswordChangeTime the date and time when the user just successfully changed his/her password.
-	 */
-	void setLastPasswordChangeTime(Date lastPasswordChangeTime);
-
-	/**
-	 * Returns the hashmap used to store security events for this user. Used by the
-	 * IntrusionDetector.
-	 */
-	HashMap getEventMap();
-	
-
-	/**
-	 * The ANONYMOUS user is used to represent an unidentified user. Since there is
-	 * always a real user, the ANONYMOUS user is better than using null to represent
-	 * this.
-	 */
-    public final User ANONYMOUS = new User() {
-
-		private static final long serialVersionUID = -1850916950784965502L;
-
-		private String csrfToken = "";
-    	private Set sessions = new HashSet();
-		private Locale locale = null;
-    	
-    	/**
-         * {@inheritDoc}
-         */
-        public void addRole(String role) throws AuthenticationException {
-        	throw new RuntimeException("Invalid operation for the anonymous user");
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public void addRoles(Set newRoles) throws AuthenticationException {
-        	throw new RuntimeException("Invalid operation for the anonymous user");
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public void changePassword(String oldPassword, String newPassword1,
-                String newPassword2) throws AuthenticationException,
-                EncryptionException {
-        	throw new RuntimeException("Invalid operation for the anonymous user");
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public void disable() {
-        	throw new RuntimeException("Invalid operation for the anonymous user");
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public void enable() {
-        	throw new RuntimeException("Invalid operation for the anonymous user");
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public long getAccountId() {
-	        return 0;
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public String getAccountName() {
-	        return "Anonymous";
-        }
-
-		/**
-		 * Alias method that is equivalent to getAccountName()
-		 * 
-		 * @return the name of the current user's account
-         */
-        public String getName() {
-        	return getAccountName();
-        }
-        
-        /**
-         * {@inheritDoc}
-         */
-        public String getCSRFToken() {
-	        return csrfToken;
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public Date getExpirationTime() {
-	        return null;
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public int getFailedLoginCount() {
-	        return 0;
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public Date getLastFailedLoginTime() throws AuthenticationException {
-	        return null;
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public String getLastHostAddress() {
-	        return "unknown";
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public Date getLastLoginTime() {
-	        return null;
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public Date getLastPasswordChangeTime() {
-	        return null;
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public Set<String> getRoles() {
-	        return new HashSet<String>();
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public String getScreenName() {
-	        return "Anonymous";
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public void addSession(HttpSession s)  {
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public void removeSession(HttpSession s)  {
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public Set getSessions()  {
-            return sessions;
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public void incrementFailedLoginCount() {
-        	throw new RuntimeException("Invalid operation for the anonymous user");
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public boolean isAnonymous() {
-	        return true;
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public boolean isEnabled() {
-	        return false;
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public boolean isExpired() {
-	        return false;
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public boolean isInRole(String role) {
-	        return false;
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public boolean isLocked() {
-	        return false;
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public boolean isLoggedIn() {
-	        return false;
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public boolean isSessionAbsoluteTimeout() {
-	        return false;
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public boolean isSessionTimeout() {
-	        return false;
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public void lock() {
-        	throw new RuntimeException("Invalid operation for the anonymous user");
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public void loginWithPassword(String password)
-                throws AuthenticationException {
-        	throw new RuntimeException("Invalid operation for the anonymous user");
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public void logout() {
-        	throw new RuntimeException("Invalid operation for the anonymous user");
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public void removeRole(String role) throws AuthenticationException {
-        	throw new RuntimeException("Invalid operation for the anonymous user");
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public String resetCSRFToken() throws AuthenticationException {
-    		csrfToken = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-    		return csrfToken;
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public void setAccountName(String accountName) {
-        	throw new RuntimeException("Invalid operation for the anonymous user");
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-    	public void setExpirationTime(Date expirationTime) {
-        	throw new RuntimeException("Invalid operation for the anonymous user");
-        }
-        
-    	/**
-         * {@inheritDoc}
-         */
-        public void setRoles(Set roles) throws AuthenticationException {
-        	throw new RuntimeException("Invalid operation for the anonymous user");
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public void setScreenName(String screenName) {
-        	throw new RuntimeException("Invalid operation for the anonymous user");
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public void unlock() {
-        	throw new RuntimeException("Invalid operation for the anonymous user");
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public boolean verifyPassword(String password) throws EncryptionException {
-        	throw new RuntimeException("Invalid operation for the anonymous user");
-        }
-
-        /**
-         * {@inheritDoc}
-         */
-        public void setLastFailedLoginTime(Date lastFailedLoginTime) {
-        	throw new RuntimeException("Invalid operation for the anonymous user");
-        }
-        
-        /**
-         * {@inheritDoc}
-         */
-    	public void setLastLoginTime(Date lastLoginTime) {
-    		throw new RuntimeException("Invalid operation for the anonymous user");
-    	}
-
-    	/**
-         * {@inheritDoc}
-         */
-     	public void setLastHostAddress(String remoteHost) {
-        	throw new RuntimeException("Invalid operation for the anonymous user");
-        }
-                
-     	/**
-         * {@inheritDoc}
-         */
-        public void setLastPasswordChangeTime(Date lastPasswordChangeTime) {
-        	throw new RuntimeException("Invalid operation for the anonymous user");
-        }
-        
-        /**
-         *  {@inheritDoc}
-         */
-        public HashMap getEventMap() {
-        	throw new RuntimeException("Invalid operation for the anonymous user");
-        }
-         /**
-    	 * @return the locale
-    	 */
-    	public Locale getLocale() {
-    		return locale;
-    	}
-
-    	/**
-    	 * @param locale the locale to set
-    	 */
-    	public void setLocale(Locale locale) {
-    		this.locale = locale;
-    	}
-    };
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi;
+
+import org.owasp.esapi.errors.AuthenticationException;
+import org.owasp.esapi.errors.AuthenticationHostException;
+import org.owasp.esapi.errors.EncryptionException;
+
+import javax.servlet.http.HttpSession;
+import java.io.Serializable;
+import java.security.Principal;
+import java.util.*;
+
+/**
+ * The User interface represents an application user or user account. There is quite a lot of information that an
+ * application must store for each user in order to enforce security properly. There are also many rules that govern
+ * authentication and identity management.
+ * <P>
+ * A user account can be in one of several states. When first created, a User should be disabled, not expired, and
+ * unlocked. To start using the account, an administrator should enable the account. The account can be locked for a
+ * number of reasons, most commonly because they have failed login for too many times. Finally, the account can expire
+ * after the expiration date has been reached. The User must be enabled, not expired, and unlocked in order to pass
+ * authentication.
+ * 
+ * @author <a href="mailto:jeff.williams@aspectsecurity.com?subject=ESAPI question">Jeff Williams</a> at <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author Chris Schmidt (chrisisbeef .at. gmail.com) <a href="http://www.digital-ritual.com">Digital Ritual Software</a>
+ * @since June 1, 2007
+ */
+
+public interface User extends Principal, Serializable {
+	/**
+	 * @return the locale
+	 */
+	public Locale getLocale();
+
+	/**
+	 * @param locale the locale to set
+	 */
+	public void setLocale(Locale locale);
+
+    /**
+     * Adds a role to this user's account.
+     * 
+     * @param role 
+     * 		the role to add
+     * 
+     * @throws AuthenticationException 
+     * 		the authentication exception
+     */
+    void addRole(String role) throws AuthenticationException;
+
+    /**
+     * Adds a set of roles to this user's account.
+     * 
+     * @param newRoles 
+     * 		the new roles to add
+     * 
+     * @throws AuthenticationException 
+     * 		the authentication exception
+     */
+    void addRoles(Set<String> newRoles) throws AuthenticationException;
+
+    /**
+     * Sets the user's password, performing a verification of the user's old password, the equality of the two new
+     * passwords, and the strength of the new password.
+     * 
+     * @param oldPassword 
+     * 		the old password
+     * @param newPassword1 
+     * 		the new password
+     * @param newPassword2 
+     * 		the new password - used to verify that the new password was typed correctly
+     * 
+     * @throws AuthenticationException 
+     * 		if newPassword1 does not match newPassword2, if oldPassword does not match the stored old password, or if the new password does not meet complexity requirements 
+     * @throws EncryptionException 
+     */
+    void changePassword(String oldPassword, String newPassword1, String newPassword2) throws AuthenticationException, EncryptionException;
+
+    /**
+     * Disable this user's account.
+     */
+    void disable();
+
+    /**
+     * Enable this user's account.
+     */
+    void enable();
+
+    /**
+     * Gets this user's account id number.
+     * 
+     * @return the account id
+     */
+    long getAccountId();
+    
+    /**
+     * Gets this user's account name.
+     * 
+     * @return the account name
+     */
+    String getAccountName();
+
+    /**
+     * Gets the CSRF token for this user's current sessions.
+     * 
+     * @return the CSRF token
+     */
+    String getCSRFToken();
+
+    /**
+     * Returns the date that this user's account will expire.
+     *
+     * @return Date representing the account expiration time.
+     */
+    Date getExpirationTime();
+
+    /**
+     * Returns the number of failed login attempts since the last successful login for an account. This method is
+     * intended to be used as a part of the account lockout feature, to help protect against brute force attacks.
+     * However, the implementor should be aware that lockouts can be used to prevent access to an application by a
+     * legitimate user, and should consider the risk of denial of service.
+     * 
+     * @return the number of failed login attempts since the last successful login
+     */
+    int getFailedLoginCount();
+
+    /**
+     * Returns the last host address used by the user. This will be used in any log messages generated by the processing
+     * of this request.
+     * 
+     * @return the last host address used by the user
+     */
+    String getLastHostAddress();
+
+	/**
+     * Returns the date of the last failed login time for a user. This date should be used in a message to users after a
+     * successful login, to notify them of potential attack activity on their account.
+     * 
+     * @return date of the last failed login
+     * 
+     * @throws AuthenticationException 
+     * 		the authentication exception
+     */
+    Date getLastFailedLoginTime() throws AuthenticationException;
+
+    /**
+     * Returns the date of the last successful login time for a user. This date should be used in a message to users
+     * after a successful login, to notify them of potential attack activity on their account.
+     * 
+     * @return date of the last successful login
+     */
+    Date getLastLoginTime();
+
+    /**
+     * Gets the date of user's last password change.
+     * 
+     * @return the date of last password change
+     */
+    Date getLastPasswordChangeTime();
+
+    /**
+     * Gets the roles assigned to a particular account.
+     * 
+     * @return an immutable set of roles
+     */
+    Set<String> getRoles();
+
+    /**
+     * Gets the screen name (alias) for the current user.
+     * 
+     * @return the screen name
+     */
+    String getScreenName();
+
+    /**
+     * Adds a session for this User.
+     * 
+     * @param s
+     * 			The session to associate with this user.
+     */
+    void addSession( HttpSession s );
+    
+    /**
+     * Removes a session for this User.
+     * 
+     * @param s
+     * 			The session to remove from being associated with this user.
+     */
+    void removeSession( HttpSession s );
+    
+    /**
+     * Returns the list of sessions associated with this User.
+     * @return
+     */
+    Set getSessions();
+    
+    /**
+     * Increment failed login count.
+     */
+    void incrementFailedLoginCount();
+
+    /**
+     * Checks if user is anonymous.
+     * 
+     * @return true, if user is anonymous
+     */
+    boolean isAnonymous();
+
+    /**
+     * Checks if this user's account is currently enabled.
+     * 
+     * @return true, if account is enabled 
+     */
+    boolean isEnabled();
+
+    /**
+     * Checks if this user's account is expired.
+     * 
+     * @return true, if account is expired
+     */
+    boolean isExpired();
+
+    /**
+     * Checks if this user's account is assigned a particular role.
+     * 
+     * @param role 
+     * 		the role for which to check
+     * 
+     * @return true, if role has been assigned to user
+     */
+    boolean isInRole(String role);
+
+    /**
+     * Checks if this user's account is locked.
+     * 
+     * @return true, if account is locked
+     */
+    boolean isLocked();
+
+    /**
+     * Tests to see if the user is currently logged in.
+     * 
+     * @return true, if the user is logged in
+     */
+    boolean isLoggedIn();
+
+    /**
+     * Tests to see if this user's session has exceeded the absolute time out based 
+      * on ESAPI's configuration settings.
+     * 
+     * @return true, if user's session has exceeded the absolute time out
+     */
+    boolean isSessionAbsoluteTimeout();
+
+    /**
+      * Tests to see if the user's session has timed out from inactivity based 
+      * on ESAPI's configuration settings.
+      * 
+      * A session may timeout prior to ESAPI's configuration setting due to 
+      * the servlet container setting for session-timeout in web.xml. The 
+      * following is an example of a web.xml session-timeout set for one hour. 	
+      *
+      * <session-config>
+      *   <session-timeout>60</session-timeout> 
+      * </session-config>
+      * 
+      * @return true, if user's session has timed out from inactivity based 
+      *               on ESAPI configuration
+      */
+     boolean isSessionTimeout();
+
+    /**
+     * Lock this user's account.
+     */
+    void lock();
+
+    /**
+     * Login with password.
+     * 
+     * @param password 
+     * 		the password
+     * @throws AuthenticationException 
+     * 		if login fails
+     */
+    void loginWithPassword(String password) throws AuthenticationException;
+
+    /**
+     * Logout this user.
+     */
+    void logout();
+
+    /**
+     * Removes a role from this user's account.
+     * 
+     * @param role 
+     * 		the role to remove
+     * @throws AuthenticationException 
+     * 		the authentication exception
+     */
+    void removeRole(String role) throws AuthenticationException;
+
+    /**
+     * Returns a token to be used as a prevention against CSRF attacks. This token should be added to all links and
+     * forms. The application should verify that all requests contain the token, or they may have been generated by a
+     * CSRF attack. It is generally best to perform the check in a centralized location, either a filter or controller.
+     * See the verifyCSRFToken method.
+     * 
+     * @return the new CSRF token
+     * 
+     * @throws AuthenticationException 
+     * 		the authentication exception
+     */
+    String resetCSRFToken() throws AuthenticationException;
+
+    /**
+     * Sets this user's account name.
+     * 
+     * @param accountName the new account name
+     */
+    void setAccountName(String accountName);
+
+    /**
+     * Sets the date and time when this user's account will expire.
+     * 
+     * @param expirationTime the new expiration time
+     */
+	void setExpirationTime(Date expirationTime);
+
+	/**
+     * Sets the roles for this account.
+     * 
+     * @param roles 
+     * 		the new roles
+     * 
+     * @throws AuthenticationException 
+     * 		the authentication exception
+     */
+    void setRoles(Set<String> roles) throws AuthenticationException;
+
+    /**
+     * Sets the screen name (username alias) for this user.
+     * 
+     * @param screenName the new screen name
+     */
+    void setScreenName(String screenName);
+
+    /**
+     * Unlock this user's account.
+     */
+    void unlock();
+
+	/**
+	 * Verify that the supplied password matches the password for this user. This method
+	 * is typically used for "reauthentication" for the most sensitive functions, such
+	 * as transactions, changing email address, and changing other account information.
+	 * 
+	 * @param password 
+	 * 		the password that the user entered
+	 * 
+	 * @return true, if the password passed in matches the account's password
+	 * 
+	 * @throws EncryptionException 
+	 */
+	public boolean verifyPassword(String password) throws EncryptionException;
+
+	/**
+	 * Set the time of the last failed login for this user.
+	 * 
+	 * @param lastFailedLoginTime the date and time when the user just failed to login correctly.
+	 */
+	void setLastFailedLoginTime(Date lastFailedLoginTime);
+	
+	/**
+	 * Set the last remote host address used by this user.
+	 * 
+	 * @param remoteHost The address of the user's current source host.
+	 */
+	void setLastHostAddress(String remoteHost) throws AuthenticationHostException;
+	
+	/**
+	 * Set the time of the last successful login for this user.
+	 * 
+	 * @param lastLoginTime the date and time when the user just successfully logged in.
+	 */
+	void setLastLoginTime(Date lastLoginTime);
+	
+	/**
+	 * Set the time of the last password change for this user.
+	 * 
+	 * @param lastPasswordChangeTime the date and time when the user just successfully changed his/her password.
+	 */
+	void setLastPasswordChangeTime(Date lastPasswordChangeTime);
+
+	/**
+	 * Returns the hashmap used to store security events for this user. Used by the
+	 * IntrusionDetector.
+	 */
+	HashMap getEventMap();
+	
+
+	/**
+	 * The ANONYMOUS user is used to represent an unidentified user. Since there is
+	 * always a real user, the ANONYMOUS user is better than using null to represent
+	 * this.
+	 */
+    public final User ANONYMOUS = new User() {
+
+		private static final long serialVersionUID = -1850916950784965502L;
+
+		private String csrfToken = "";
+    	private Set sessions = new HashSet();
+		private Locale locale = null;
+    	
+    	/**
+         * {@inheritDoc}
+         */
+        public void addRole(String role) throws AuthenticationException {
+        	throw new RuntimeException("Invalid operation for the anonymous user");
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public void addRoles(Set newRoles) throws AuthenticationException {
+        	throw new RuntimeException("Invalid operation for the anonymous user");
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public void changePassword(String oldPassword, String newPassword1,
+                String newPassword2) throws AuthenticationException,
+                EncryptionException {
+        	throw new RuntimeException("Invalid operation for the anonymous user");
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public void disable() {
+        	throw new RuntimeException("Invalid operation for the anonymous user");
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public void enable() {
+        	throw new RuntimeException("Invalid operation for the anonymous user");
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public long getAccountId() {
+	        return 0;
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public String getAccountName() {
+	        return "Anonymous";
+        }
+
+		/**
+		 * Alias method that is equivalent to getAccountName()
+		 * 
+		 * @return the name of the current user's account
+         */
+        public String getName() {
+        	return getAccountName();
+        }
+        
+        /**
+         * {@inheritDoc}
+         */
+        public String getCSRFToken() {
+	        return csrfToken;
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public Date getExpirationTime() {
+	        return null;
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public int getFailedLoginCount() {
+	        return 0;
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public Date getLastFailedLoginTime() throws AuthenticationException {
+	        return null;
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public String getLastHostAddress() {
+	        return "unknown";
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public Date getLastLoginTime() {
+	        return null;
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public Date getLastPasswordChangeTime() {
+	        return null;
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public Set<String> getRoles() {
+	        return new HashSet<String>();
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public String getScreenName() {
+	        return "Anonymous";
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public void addSession(HttpSession s)  {
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public void removeSession(HttpSession s)  {
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public Set getSessions()  {
+            return sessions;
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public void incrementFailedLoginCount() {
+        	throw new RuntimeException("Invalid operation for the anonymous user");
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public boolean isAnonymous() {
+	        return true;
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public boolean isEnabled() {
+	        return false;
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public boolean isExpired() {
+	        return false;
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public boolean isInRole(String role) {
+	        return false;
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public boolean isLocked() {
+	        return false;
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public boolean isLoggedIn() {
+	        return false;
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public boolean isSessionAbsoluteTimeout() {
+	        return false;
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public boolean isSessionTimeout() {
+	        return false;
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public void lock() {
+        	throw new RuntimeException("Invalid operation for the anonymous user");
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public void loginWithPassword(String password)
+                throws AuthenticationException {
+        	throw new RuntimeException("Invalid operation for the anonymous user");
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public void logout() {
+        	throw new RuntimeException("Invalid operation for the anonymous user");
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public void removeRole(String role) throws AuthenticationException {
+        	throw new RuntimeException("Invalid operation for the anonymous user");
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public String resetCSRFToken() throws AuthenticationException {
+    		csrfToken = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+    		return csrfToken;
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public void setAccountName(String accountName) {
+        	throw new RuntimeException("Invalid operation for the anonymous user");
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+    	public void setExpirationTime(Date expirationTime) {
+        	throw new RuntimeException("Invalid operation for the anonymous user");
+        }
+        
+    	/**
+         * {@inheritDoc}
+         */
+        public void setRoles(Set roles) throws AuthenticationException {
+        	throw new RuntimeException("Invalid operation for the anonymous user");
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public void setScreenName(String screenName) {
+        	throw new RuntimeException("Invalid operation for the anonymous user");
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public void unlock() {
+        	throw new RuntimeException("Invalid operation for the anonymous user");
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public boolean verifyPassword(String password) throws EncryptionException {
+        	throw new RuntimeException("Invalid operation for the anonymous user");
+        }
+
+        /**
+         * {@inheritDoc}
+         */
+        public void setLastFailedLoginTime(Date lastFailedLoginTime) {
+        	throw new RuntimeException("Invalid operation for the anonymous user");
+        }
+        
+        /**
+         * {@inheritDoc}
+         */
+    	public void setLastLoginTime(Date lastLoginTime) {
+    		throw new RuntimeException("Invalid operation for the anonymous user");
+    	}
+
+    	/**
+         * {@inheritDoc}
+         */
+     	public void setLastHostAddress(String remoteHost) {
+        	throw new RuntimeException("Invalid operation for the anonymous user");
+        }
+                
+     	/**
+         * {@inheritDoc}
+         */
+        public void setLastPasswordChangeTime(Date lastPasswordChangeTime) {
+        	throw new RuntimeException("Invalid operation for the anonymous user");
+        }
+        
+        /**
+         *  {@inheritDoc}
+         */
+        public HashMap getEventMap() {
+        	throw new RuntimeException("Invalid operation for the anonymous user");
+        }
+         /**
+    	 * @return the locale
+    	 */
+    	public Locale getLocale() {
+    		return locale;
+    	}
+
+    	/**
+    	 * @param locale the locale to set
+    	 */
+    	public void setLocale(Locale locale) {
+    		this.locale = locale;
+    	}
+    };
+}

From dcd9096498b6afac384542099f06a56188cba009 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:50 -0500
Subject: [PATCH 181/812] Change CRLF to LF for issue 356.

---
 .../org/owasp/esapi/util/CollectionsUtil.java | 230 +++++++++---------
 1 file changed, 115 insertions(+), 115 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/util/CollectionsUtil.java b/src/main/java/org/owasp/esapi/util/CollectionsUtil.java
index 933da06b8..3cb2f2831 100644
--- a/src/main/java/org/owasp/esapi/util/CollectionsUtil.java
+++ b/src/main/java/org/owasp/esapi/util/CollectionsUtil.java
@@ -1,115 +1,115 @@
-/**
- * 
- */
-package org.owasp.esapi.util;
-
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.Set;
-
-/**
- * @author Neil Matatall (neil.matatall .at. gmail.com)
- * 
- * Are these necessary?  Are there any libraries or java.lang classes to take
- * care of the conversions?
- * 
- * FIXME: we can convert to using this, but it requires that the array be of Character, not char
- *      new HashSet(Arrays.asList(array))
- * 
- */
-public class CollectionsUtil
-{
-	private static final char[] EMPTY_CHAR_ARRAY = new char[0];
-
-	/**
-	 * Converts an array of chars to a Set of Characters. 
-	 * @param array the contents of the new Set
-	 * @return a Set containing the elements in the array
-	 */
-	public static Set<Character> arrayToSet(char...array)
-	{
-		Set<Character> toReturn;
-
-		if(array == null)
-			return new HashSet<Character>();
-		toReturn = new HashSet<Character>(array.length);
-		for (char c : array) {
-			toReturn.add(c);
-		}
-		return toReturn;
-	}
-
-	/**
-	 * Convert a char array to a unmodifiable Set.
-	 * @param array the contents of the new Set
-	 * @return a unmodifiable Set containing the elements in the
-	 * array.
-	 */
-	public static Set<Character> arrayToUnmodifiableSet(char...array)
-	{
-		if(array == null)
-			return Collections.emptySet();
-		if(array.length == 1)
-			return Collections.singleton(array[0]);
-		return Collections.unmodifiableSet(arrayToSet(array));
-	}
-
-	/**
-	 * Convert a String to a char array
-	 * @param str The string to convert
-	 * @return character array containing the characters in str. An
-	 * 	empty array is returned if str is null.
-	 */
-	public static char[] strToChars(String str)
-	{
-		int len;
-		char[] ret;
-
-		if(str == null)
-			return EMPTY_CHAR_ARRAY;
-		len = str.length();
-		ret = new char[len];
-		str.getChars(0,len,ret,0);
-		return ret;
-	}
-
-	/**
-	 * Convert a String to a set of characters.
-	 * @param str The string to convert
-	 * @return A set containing the characters in str. A empty set
-	 * 	is returned if str is null.
-	 */
-	public static Set<Character> strToSet(String str)
-	{
-		Set<Character> set;
-
-		if(str == null)
-			return new HashSet<Character>();
-		set = new HashSet<Character>(str.length());
-		for(int i=0;i<str.length();i++)
-			set.add(str.charAt(i));
-		return set;
-	}
-
-	/**
-	 * Convert a String to a unmodifiable set of characters.
-	 * @param str The string to convert
-	 * @return A set containing the characters in str. A empty set
-	 * 	is returned if str is null.
-	 */
-	public static Set<Character> strToUnmodifiableSet(String str)
-	{
-		if(str == null)
-			return Collections.emptySet();
-		if(str.length() == 1)
-			return Collections.singleton(str.charAt(0));
-		return Collections.unmodifiableSet(strToSet(str));
-	}
-
-	/**
-	 * Private constructor to prevent instantiation.
-	 */
-	private CollectionsUtil()
-	{
-	}
-}
+/**
+ * 
+ */
+package org.owasp.esapi.util;
+
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+
+/**
+ * @author Neil Matatall (neil.matatall .at. gmail.com)
+ * 
+ * Are these necessary?  Are there any libraries or java.lang classes to take
+ * care of the conversions?
+ * 
+ * FIXME: we can convert to using this, but it requires that the array be of Character, not char
+ *      new HashSet(Arrays.asList(array))
+ * 
+ */
+public class CollectionsUtil
+{
+	private static final char[] EMPTY_CHAR_ARRAY = new char[0];
+
+	/**
+	 * Converts an array of chars to a Set of Characters. 
+	 * @param array the contents of the new Set
+	 * @return a Set containing the elements in the array
+	 */
+	public static Set<Character> arrayToSet(char...array)
+	{
+		Set<Character> toReturn;
+
+		if(array == null)
+			return new HashSet<Character>();
+		toReturn = new HashSet<Character>(array.length);
+		for (char c : array) {
+			toReturn.add(c);
+		}
+		return toReturn;
+	}
+
+	/**
+	 * Convert a char array to a unmodifiable Set.
+	 * @param array the contents of the new Set
+	 * @return a unmodifiable Set containing the elements in the
+	 * array.
+	 */
+	public static Set<Character> arrayToUnmodifiableSet(char...array)
+	{
+		if(array == null)
+			return Collections.emptySet();
+		if(array.length == 1)
+			return Collections.singleton(array[0]);
+		return Collections.unmodifiableSet(arrayToSet(array));
+	}
+
+	/**
+	 * Convert a String to a char array
+	 * @param str The string to convert
+	 * @return character array containing the characters in str. An
+	 * 	empty array is returned if str is null.
+	 */
+	public static char[] strToChars(String str)
+	{
+		int len;
+		char[] ret;
+
+		if(str == null)
+			return EMPTY_CHAR_ARRAY;
+		len = str.length();
+		ret = new char[len];
+		str.getChars(0,len,ret,0);
+		return ret;
+	}
+
+	/**
+	 * Convert a String to a set of characters.
+	 * @param str The string to convert
+	 * @return A set containing the characters in str. A empty set
+	 * 	is returned if str is null.
+	 */
+	public static Set<Character> strToSet(String str)
+	{
+		Set<Character> set;
+
+		if(str == null)
+			return new HashSet<Character>();
+		set = new HashSet<Character>(str.length());
+		for(int i=0;i<str.length();i++)
+			set.add(str.charAt(i));
+		return set;
+	}
+
+	/**
+	 * Convert a String to a unmodifiable set of characters.
+	 * @param str The string to convert
+	 * @return A set containing the characters in str. A empty set
+	 * 	is returned if str is null.
+	 */
+	public static Set<Character> strToUnmodifiableSet(String str)
+	{
+		if(str == null)
+			return Collections.emptySet();
+		if(str.length() == 1)
+			return Collections.singleton(str.charAt(0));
+		return Collections.unmodifiableSet(strToSet(str));
+	}
+
+	/**
+	 * Private constructor to prevent instantiation.
+	 */
+	private CollectionsUtil()
+	{
+	}
+}

From ed6283cffb41288905899bcedd62ce098115d415 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:50 -0500
Subject: [PATCH 182/812] Change CRLF to LF for issue 356.

---
 .../owasp/esapi/util/DefaultMessageUtil.java  | 96 +++++++++----------
 1 file changed, 48 insertions(+), 48 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/util/DefaultMessageUtil.java b/src/main/java/org/owasp/esapi/util/DefaultMessageUtil.java
index bb0e21b56..1cce29627 100644
--- a/src/main/java/org/owasp/esapi/util/DefaultMessageUtil.java
+++ b/src/main/java/org/owasp/esapi/util/DefaultMessageUtil.java
@@ -1,49 +1,49 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Pawan Singh (pawan.singh@owasp.org) <a href="www.owasp.org">OWASP</a>
- * @created 2009
- */
-package org.owasp.esapi.util;
-
-import java.text.MessageFormat;
-import java.util.Locale;
-import java.util.ResourceBundle;
-
-import org.owasp.esapi.ESAPI;
-
-/**
- * @author Pawan Singh (pawan.singh@owasp.org)
- *
- */
-public class DefaultMessageUtil {
-
-    private final String DEFAULT_LOCALE_LANG = "en";
-    private final String DEFAULT_LOCALE_LOC = "US";
-    
-    private ResourceBundle messages = null;
-    
-    public void initialize() {
-    	try {
-                messages = ResourceBundle.getBundle("ESAPI", ESAPI.authenticator().getCurrentUser().getLocale());
-        } catch (Exception e) {
-                messages = ResourceBundle.getBundle("ESAPI", new Locale(DEFAULT_LOCALE_LANG,DEFAULT_LOCALE_LOC));
-        }
-    }
-
-
-	public String getMessage(String msgKey, Object[] arguments) {
-		
-		initialize();
-		return MessageFormat.format( messages.getString(msgKey), arguments );
-	}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Pawan Singh (pawan.singh@owasp.org) <a href="www.owasp.org">OWASP</a>
+ * @created 2009
+ */
+package org.owasp.esapi.util;
+
+import java.text.MessageFormat;
+import java.util.Locale;
+import java.util.ResourceBundle;
+
+import org.owasp.esapi.ESAPI;
+
+/**
+ * @author Pawan Singh (pawan.singh@owasp.org)
+ *
+ */
+public class DefaultMessageUtil {
+
+    private final String DEFAULT_LOCALE_LANG = "en";
+    private final String DEFAULT_LOCALE_LOC = "US";
+    
+    private ResourceBundle messages = null;
+    
+    public void initialize() {
+    	try {
+                messages = ResourceBundle.getBundle("ESAPI", ESAPI.authenticator().getCurrentUser().getLocale());
+        } catch (Exception e) {
+                messages = ResourceBundle.getBundle("ESAPI", new Locale(DEFAULT_LOCALE_LANG,DEFAULT_LOCALE_LOC));
+        }
+    }
+
+
+	public String getMessage(String msgKey, Object[] arguments) {
+		
+		initialize();
+		return MessageFormat.format( messages.getString(msgKey), arguments );
+	}
 }
\ No newline at end of file

From 35c59215aa3ece4cafe13b34d8443f8144855e94 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:50 -0500
Subject: [PATCH 183/812] Change CRLF to LF for issue 356.

---
 .../org/owasp/esapi/ValidationErrorList.java  | 274 +++++++++---------
 1 file changed, 137 insertions(+), 137 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/ValidationErrorList.java b/src/main/java/org/owasp/esapi/ValidationErrorList.java
index df194449a..2abeb70a6 100644
--- a/src/main/java/org/owasp/esapi/ValidationErrorList.java
+++ b/src/main/java/org/owasp/esapi/ValidationErrorList.java
@@ -1,137 +1,137 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * 
- * @created 2007
- */
-package org.owasp.esapi;
-
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-
-import org.owasp.esapi.errors.ValidationException;
-
-/**
- * The ValidationErrorList class defines a well-formed collection of 
- * ValidationExceptions so that groups of validation functions can be 
- * called in a non-blocking fashion.
- * <P>
- * To use the ValidationErrorList to execute groups of validation 
- * attempts, your controller code would look something like:
- * 
- * <PRE>
- * ValidationErrorList() errorList = new ValidationErrorList();.
- * String name  = getValidInput("Name", form.getName(), "SomeESAPIRegExName1", 255, false, errorList);
- * String address = getValidInput("Address", form.getAddress(), "SomeESAPIRegExName2", 255, false, errorList);
- * Integer weight = getValidInteger("Weight", form.getWeight(), 1, 1000000000, false, errorList);
- * Integer sortOrder = getValidInteger("Sort Order", form.getSortOrder(), -100000, +100000, false, errorList);
- * request.setAttribute( "ERROR_LIST", errorList );
- * </PRE>
- * 
- * The at your view layer you would be able to retrieve all
- * of your error messages via a helper function like:
- * 
- * <PRE>
- * public static ValidationErrorList getErrors() {          
- *     HttpServletRequest request = ESAPI.httpUtilities().getCurrentRequest();
- *     ValidationErrorList errors = new ValidationErrorList();
- *     if (request.getAttribute(Constants.ERROR_LIST) != null) {
- *        errors = (ValidationErrorList)request.getAttribute("ERROR_LIST");
- *     }
- * 	   return errors;
- * }
- * </PRE>
- * 
- * You can list all errors like:
- * 
- * <PRE>
- * <%
- *      for (Object vo : errorList.errors()) {
- *         ValidationException ve = (ValidationException)vo;
- * %>
- * <%= ESAPI.encoder().encodeForHTML(ve.getMessage()) %><br/>
- * <%
- *     }
- * %>
- * </PRE>
- * 
- * And even check if a specific UI component is in error via calls like:
- * 
- * <PRE>
- * ValidationException e = errorList.getError("Name");
- * </PRE>
- * 
- * @author Jim Manico (jim@manico.net) <a href="http://www.manico.net">Manico.net</a>
- * @since August 15, 2008
- */
-public class ValidationErrorList {
-
-	/**
-	 * Error list of ValidationException's
-	 */
-	private HashMap<String, ValidationException> errorList = new HashMap<String, ValidationException>();
-
-	/**
-	 * Adds a new error to list with a unique named context.
-	 * No action taken if either element is null. 
-	 * Existing contexts will be overwritten.
-	 * 
-	 * @param context Unique named context for this {@code ValidationErrorList}.
-	 * @param vex	A {@code ValidationException}.
-	 */
-	public void addError(String context, ValidationException vex) {
-		if ( context == null ) throw new RuntimeException( "Context for cannot be null: " + vex.getLogMessage(), vex );
-		if ( vex == null ) throw new RuntimeException( "Context (" + context + ") cannot be null" );
-		if (getError(context) != null) throw new RuntimeException("Context (" + context + ") already exists, must be unique");
-		errorList.put(context, vex);
-	}
-
-	/**
-	 * Returns list of ValidationException, or empty list of no errors exist.
-	 * 
-	 * @return List
-	 */
-	public List<ValidationException> errors() {
-		return new ArrayList<ValidationException>( errorList.values() );
-	}
-
-	/**
-	 * Retrieves ValidationException for given context if one exists.
-	 * 
-	 * @param context unique name for each error
-	 * @return ValidationException or null for given context
-	 */
-	public ValidationException getError(String context) {
-		if (context == null) return null;		
-		return errorList.get(context);
-	}
-
-	/**
-	 * Returns true if no error are present.
-	 * 
-	 * @return boolean
-	 */
-	public boolean isEmpty() {
-		return errorList.isEmpty();
-	}
-	
-	/**
-	 * Returns the numbers of errors present.
-	 * 
-	 * @return boolean
-	 */
-	public int size() {
-		return errorList.size();
-	}
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * 
+ * @created 2007
+ */
+package org.owasp.esapi;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+
+import org.owasp.esapi.errors.ValidationException;
+
+/**
+ * The ValidationErrorList class defines a well-formed collection of 
+ * ValidationExceptions so that groups of validation functions can be 
+ * called in a non-blocking fashion.
+ * <P>
+ * To use the ValidationErrorList to execute groups of validation 
+ * attempts, your controller code would look something like:
+ * 
+ * <PRE>
+ * ValidationErrorList() errorList = new ValidationErrorList();.
+ * String name  = getValidInput("Name", form.getName(), "SomeESAPIRegExName1", 255, false, errorList);
+ * String address = getValidInput("Address", form.getAddress(), "SomeESAPIRegExName2", 255, false, errorList);
+ * Integer weight = getValidInteger("Weight", form.getWeight(), 1, 1000000000, false, errorList);
+ * Integer sortOrder = getValidInteger("Sort Order", form.getSortOrder(), -100000, +100000, false, errorList);
+ * request.setAttribute( "ERROR_LIST", errorList );
+ * </PRE>
+ * 
+ * The at your view layer you would be able to retrieve all
+ * of your error messages via a helper function like:
+ * 
+ * <PRE>
+ * public static ValidationErrorList getErrors() {          
+ *     HttpServletRequest request = ESAPI.httpUtilities().getCurrentRequest();
+ *     ValidationErrorList errors = new ValidationErrorList();
+ *     if (request.getAttribute(Constants.ERROR_LIST) != null) {
+ *        errors = (ValidationErrorList)request.getAttribute("ERROR_LIST");
+ *     }
+ * 	   return errors;
+ * }
+ * </PRE>
+ * 
+ * You can list all errors like:
+ * 
+ * <PRE>
+ * <%
+ *      for (Object vo : errorList.errors()) {
+ *         ValidationException ve = (ValidationException)vo;
+ * %>
+ * <%= ESAPI.encoder().encodeForHTML(ve.getMessage()) %><br/>
+ * <%
+ *     }
+ * %>
+ * </PRE>
+ * 
+ * And even check if a specific UI component is in error via calls like:
+ * 
+ * <PRE>
+ * ValidationException e = errorList.getError("Name");
+ * </PRE>
+ * 
+ * @author Jim Manico (jim@manico.net) <a href="http://www.manico.net">Manico.net</a>
+ * @since August 15, 2008
+ */
+public class ValidationErrorList {
+
+	/**
+	 * Error list of ValidationException's
+	 */
+	private HashMap<String, ValidationException> errorList = new HashMap<String, ValidationException>();
+
+	/**
+	 * Adds a new error to list with a unique named context.
+	 * No action taken if either element is null. 
+	 * Existing contexts will be overwritten.
+	 * 
+	 * @param context Unique named context for this {@code ValidationErrorList}.
+	 * @param vex	A {@code ValidationException}.
+	 */
+	public void addError(String context, ValidationException vex) {
+		if ( context == null ) throw new RuntimeException( "Context for cannot be null: " + vex.getLogMessage(), vex );
+		if ( vex == null ) throw new RuntimeException( "Context (" + context + ") cannot be null" );
+		if (getError(context) != null) throw new RuntimeException("Context (" + context + ") already exists, must be unique");
+		errorList.put(context, vex);
+	}
+
+	/**
+	 * Returns list of ValidationException, or empty list of no errors exist.
+	 * 
+	 * @return List
+	 */
+	public List<ValidationException> errors() {
+		return new ArrayList<ValidationException>( errorList.values() );
+	}
+
+	/**
+	 * Retrieves ValidationException for given context if one exists.
+	 * 
+	 * @param context unique name for each error
+	 * @return ValidationException or null for given context
+	 */
+	public ValidationException getError(String context) {
+		if (context == null) return null;		
+		return errorList.get(context);
+	}
+
+	/**
+	 * Returns true if no error are present.
+	 * 
+	 * @return boolean
+	 */
+	public boolean isEmpty() {
+		return errorList.isEmpty();
+	}
+	
+	/**
+	 * Returns the numbers of errors present.
+	 * 
+	 * @return boolean
+	 */
+	public int size() {
+		return errorList.size();
+	}
+}

From 7a1e6da7f8b66d6502ced07f39b3d5d7e744d9f6 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:50 -0500
Subject: [PATCH 184/812] Change CRLF to LF for issue 356.

---
 .../java/org/owasp/esapi/ValidationRule.java  | 160 +++++++++---------
 1 file changed, 80 insertions(+), 80 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/ValidationRule.java b/src/main/java/org/owasp/esapi/ValidationRule.java
index b9b683527..25cc95ac1 100644
--- a/src/main/java/org/owasp/esapi/ValidationRule.java
+++ b/src/main/java/org/owasp/esapi/ValidationRule.java
@@ -1,81 +1,81 @@
-package org.owasp.esapi;
-
-import java.util.Set;
-
-import org.owasp.esapi.errors.ValidationException;
-
-public interface ValidationRule {
-
-	/**
-	 * Parse the input, throw exceptions if validation fails
-	 * 
-	 * @param context
-	 *            for logging
-	 * @param input
-	 *            the value to be parsed
-	 * @return a validated value
-	 * @throws ValidationException
-	 *             if any validation rules fail
-	 */
-	Object getValid(String context, String input)
-			throws ValidationException;
-
-	/**
-	 * Whether or not a valid valid can be null. getValid will throw an
-	 * Exception and getSafe will return the default value if flag is set to
-	 * true
-	 * 
-	 * @param flag
-	 *            whether or not null values are valid/safe
-	 */
-	void setAllowNull(boolean flag);
-
-	/**
-	 * Programmatically supplied name for the validator
-	 * @return a name, describing the validator
-	 */
-	String getTypeName();
-
-	/**
-	 * @param typeName a name, describing the validator
-	 */
-	void setTypeName(String typeName);
-
-	/**
-	 * @param encoder the encoder to use
-	 */
-	void setEncoder(Encoder encoder);
-
-	/**
-	 * Check if the input is valid, throw an Exception otherwise 
-	 */
-	void assertValid(String context, String input)
-			throws ValidationException;
-
-	/**
-	 * Get a validated value, add the errors to an existing error list
-	 */
-	Object getValid(String context, String input,
-			ValidationErrorList errorList) throws ValidationException;
-
-	/**
-	 * Try to call get valid, then call sanitize, finally return a default value
-	 */
-	Object getSafe(String context, String input);
-	
-	/**
-	 * @return true if the input passes validation
-	 */
-	boolean isValid(String context, String input);
-
-	/**
-	 * String the input of all chars contained in the list
-	 */
-	String whitelist(String input, char[] list);
-	
-	/**
-	 * String the input of all chars contained in the list
-	 */
-	String whitelist(String input, Set<Character> list);
-
+package org.owasp.esapi;
+
+import java.util.Set;
+
+import org.owasp.esapi.errors.ValidationException;
+
+public interface ValidationRule {
+
+	/**
+	 * Parse the input, throw exceptions if validation fails
+	 * 
+	 * @param context
+	 *            for logging
+	 * @param input
+	 *            the value to be parsed
+	 * @return a validated value
+	 * @throws ValidationException
+	 *             if any validation rules fail
+	 */
+	Object getValid(String context, String input)
+			throws ValidationException;
+
+	/**
+	 * Whether or not a valid valid can be null. getValid will throw an
+	 * Exception and getSafe will return the default value if flag is set to
+	 * true
+	 * 
+	 * @param flag
+	 *            whether or not null values are valid/safe
+	 */
+	void setAllowNull(boolean flag);
+
+	/**
+	 * Programmatically supplied name for the validator
+	 * @return a name, describing the validator
+	 */
+	String getTypeName();
+
+	/**
+	 * @param typeName a name, describing the validator
+	 */
+	void setTypeName(String typeName);
+
+	/**
+	 * @param encoder the encoder to use
+	 */
+	void setEncoder(Encoder encoder);
+
+	/**
+	 * Check if the input is valid, throw an Exception otherwise 
+	 */
+	void assertValid(String context, String input)
+			throws ValidationException;
+
+	/**
+	 * Get a validated value, add the errors to an existing error list
+	 */
+	Object getValid(String context, String input,
+			ValidationErrorList errorList) throws ValidationException;
+
+	/**
+	 * Try to call get valid, then call sanitize, finally return a default value
+	 */
+	Object getSafe(String context, String input);
+	
+	/**
+	 * @return true if the input passes validation
+	 */
+	boolean isValid(String context, String input);
+
+	/**
+	 * String the input of all chars contained in the list
+	 */
+	String whitelist(String input, char[] list);
+	
+	/**
+	 * String the input of all chars contained in the list
+	 */
+	String whitelist(String input, Set<Character> list);
+
 }
\ No newline at end of file

From 7388642e216fe4f817282d04e9b3ec09e8902ae3 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:50 -0500
Subject: [PATCH 185/812] Change CRLF to LF for issue 356.

---
 src/main/java/org/owasp/esapi/Validator.java | 1382 +++++++++---------
 1 file changed, 691 insertions(+), 691 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/Validator.java b/src/main/java/org/owasp/esapi/Validator.java
index 951d8c481..43bd5ac3c 100644
--- a/src/main/java/org/owasp/esapi/Validator.java
+++ b/src/main/java/org/owasp/esapi/Validator.java
@@ -1,691 +1,691 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- *
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- *
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- *
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi;
-
-import java.io.File;
-import java.io.InputStream;
-import java.text.DateFormat;
-import java.util.Date;
-import java.util.List;
-import java.util.Set;
-
-import javax.servlet.http.HttpServletRequest;
-
-import org.owasp.esapi.errors.IntrusionException;
-import org.owasp.esapi.errors.ValidationException;
-
-
-/**
- * The Validator interface defines a set of methods for canonicalizing and
- * validating untrusted input. Implementors should feel free to extend this
- * interface to accommodate their own data formats. Rather than throw exceptions,
- * this interface returns boolean results because not all validation problems
- * are security issues. Boolean returns allow developers to handle both valid
- * and invalid results more cleanly than exceptions.
- * <P>
- * Implementations must adopt a "whitelist" approach to validation where a
- * specific pattern or character set is matched. "Blacklist" approaches that
- * attempt to identify the invalid or disallowed characters are much more likely
- * to allow a bypass with encoding or other tricks.
- *
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- */
-public interface Validator {
-
-	void addRule( ValidationRule rule );
-
-	ValidationRule getRule( String name );
-
-	/**
-	 * Calls isValidInput and returns true if no exceptions are thrown.
-	 */
-	boolean isValidInput(String context, String input, String type, int maxLength, boolean allowNull) throws IntrusionException;
-
-	/**
-	 * Calls isValidInput and returns true if no exceptions are thrown.
-	 */
-	boolean isValidInput(String context, String input, String type, int maxLength, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Calls isValidInput and returns true if no exceptions are thrown.
-	 */
-	boolean isValidInput(String context, String input, String type, int maxLength, boolean allowNull, boolean canonicalize) throws IntrusionException;
-
-	/**
-	 * Calls isValidInput and returns true if no exceptions are thrown.
-	 */
-	boolean isValidInput(String context, String input, String type, int maxLength, boolean allowNull, boolean canonicalize, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Returns canonicalized and validated input as a String. Invalid input will generate a descriptive ValidationException,
-	 * and input that is clearly an attack will generate a descriptive IntrusionException.
-	 *
-	 * @param context
-	 * 		A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
-	 * @param input
-	 * 		The actual user input data to validate.
-	 * @param type
-	 * 		The regular expression name that maps to the actual regular expression from "ESAPI.properties".
-	 * @param maxLength
-	 * 		The maximum post-canonicalized String length allowed.
-	 * @param allowNull
-	 * 		If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
-	 *
-	 * @return The canonicalized user input.
-	 *
-	 * @throws ValidationException
-	 * @throws IntrusionException
-	 */
-	String getValidInput(String context, String input, String type, int maxLength, boolean allowNull) throws ValidationException, IntrusionException;
-
-	/**
-	 * Returns validated input as a String with optional canonicalization. Invalid input will generate a descriptive ValidationException,
-	 * and input that is clearly an attack will generate a descriptive IntrusionException.
-	 *
-	 * @param context
-	 * 		A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
-	 * @param input
-	 * 		The actual user input data to validate.
-	 * @param type
-	 * 		The regular expression name that maps to the actual regular expression from "ESAPI.properties".
-	 * @param maxLength
-	 * 		The maximum post-canonicalized String length allowed.
-	 * @param allowNull
-	 * 		If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
-	 * @param canonicalize
-	 *      If canonicalize is true then input will be canonicalized before validation
-	 *
-	 * @return The canonicalized user input.
-	 *
-	 * @throws ValidationException
-	 * @throws IntrusionException
-	 */
-	String getValidInput(String context, String input, String type, int maxLength, boolean allowNull, boolean canonicalize) throws ValidationException, IntrusionException;
-
-	/**
-	 * Calls getValidInput with the supplied errorList to capture ValidationExceptions
-	 */
-	String getValidInput(String context, String input, String type, int maxLength, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Calls getValidInput with the supplied errorList to capture ValidationExceptions
-	 */
-	String getValidInput(String context, String input, String type, int maxLength, boolean allowNull, boolean canonicalize, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Calls isValidDate and returns true if no exceptions are thrown.
-	 */
-	boolean isValidDate(String context, String input, DateFormat format, boolean allowNull) throws IntrusionException;
-
-	/**
-	 * Calls isValidDate and returns true if no exceptions are thrown.
-	 */
-	boolean isValidDate(String context, String input, DateFormat format, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Returns a valid date as a Date. Invalid input will generate a descriptive ValidationException, and input that is clearly an attack
-	 * will generate a descriptive IntrusionException.
-	 *
-	 * @param context
-	 * 		A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
-	 * @param input
-	 * 		The actual user input data to validate.
-	 * @param format
-	 * 		Required formatting of date inputted.
-	 * @param allowNull
-	 * 		If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
-	 *
-	 * @return A valid date as a Date
-	 *
-	 * @throws ValidationException
-	 * @throws IntrusionException
-	 */
-	Date getValidDate(String context, String input, DateFormat format, boolean allowNull) throws ValidationException, IntrusionException;
-
-	/**
-	 * Calls getValidDate with the supplied errorList to capture ValidationExceptions
-	 */
-	Date getValidDate(String context, String input, DateFormat format, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Calls getValidSafeHTML and returns true if no exceptions are thrown.
-	 */
-	boolean isValidSafeHTML(String context, String input, int maxLength, boolean allowNull) throws IntrusionException;
-
-	/**
-	 * Calls getValidSafeHTML and returns true if no exceptions are thrown.
-	 */
-	boolean isValidSafeHTML(String context, String input, int maxLength, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Returns canonicalized and validated "safe" HTML that does not contain unwanted scripts in the body, attributes, CSS, URLs, or anywhere else.
-	 * Implementors should reference the OWASP AntiSamy project for ideas
-	 * on how to do HTML validation in a whitelist way, as this is an extremely difficult problem.
-	 *
-	 * @param context
-	 * 		A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
-	 * @param input
-	 * 		The actual user input data to validate.
-	 * @param maxLength
-	 * 		The maximum String length allowed.
-	 * @param allowNull
-	 * 		If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
-	 *
-	 * @return Valid safe HTML
-	 *
-	 * @throws ValidationException
-	 * @throws IntrusionException
-	 */
-	String getValidSafeHTML(String context, String input, int maxLength, boolean allowNull) throws ValidationException, IntrusionException;
-
-	/**
-	 * Calls getValidSafeHTML with the supplied errorList to capture ValidationExceptions
-	 */
-	String getValidSafeHTML(String context, String input, int maxLength, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Calls getValidCreditCard and returns true if no exceptions are thrown.
-	 */
-	boolean isValidCreditCard(String context, String input, boolean allowNull) throws IntrusionException;
-
-	/**
-	 * Calls getValidCreditCard and returns true if no exceptions are thrown.
-	 */
-	boolean isValidCreditCard(String context, String input, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Returns a canonicalized and validated credit card number as a String. Invalid input
-	 * will generate a descriptive ValidationException, and input that is clearly an attack
-	 * will generate a descriptive IntrusionException.
-	 *
-	 * @param context
-	 * 		A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
-	 * @param input
-	 * 		The actual user input data to validate.
-	 * @param allowNull
-	 * 		If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
-	 *
-	 * @return A valid credit card number
-	 *
-	 * @throws ValidationException
-	 * @throws IntrusionException
-	 */
-	String getValidCreditCard(String context, String input, boolean allowNull) throws ValidationException, IntrusionException;
-
-	/**
-	 * Calls getValidCreditCard with the supplied errorList to capture ValidationExceptions
-	 */
-	String getValidCreditCard(String context, String input, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Calls getValidDirectoryPath and returns true if no exceptions are thrown.
-	 */
-	boolean isValidDirectoryPath(String context, String input, File parent, boolean allowNull) throws IntrusionException;
-
-	/**
-	 * Calls getValidDirectoryPath and returns true if no exceptions are thrown.
-	 */
-	boolean isValidDirectoryPath(String context, String input, File parent, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Returns a canonicalized and validated directory path as a String, provided that the input
-	 * maps to an existing directory that is an existing subdirectory (at any level) of the specified parent. Invalid input
-	 * will generate a descriptive ValidationException, and input that is clearly an attack
-	 * will generate a descriptive IntrusionException. Instead of throwing a ValidationException
-	 * on error, this variant will store the exception inside of the ValidationErrorList.
-	 *
-	 * @param context
-	 * 		A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
-	 * @param input
-	 * 		The actual input data to validate.
-	 * @param allowNull
-	 * 		If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
-	 *
-	 * @return A valid directory path
-	 *
-	 * @throws ValidationException
-	 * @throws IntrusionException
-	 */
-	String getValidDirectoryPath(String context, String input, File parent, boolean allowNull) throws ValidationException, IntrusionException;
-
-	/**
-	 * Calls getValidDirectoryPath with the supplied errorList to capture ValidationExceptions
-	 */
-	String getValidDirectoryPath(String context, String input, File parent, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Calls getValidFileName with the default list of allowedExtensions
-	 */
-	boolean isValidFileName(String context, String input, boolean allowNull) throws IntrusionException;
-
-	/**
-	 * Calls getValidFileName with the default list of allowedExtensions
-	 */
-	boolean isValidFileName(String context, String input, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Calls getValidFileName and returns true if no exceptions are thrown.
-	 */
-	boolean isValidFileName(String context, String input, List<String> allowedExtensions, boolean allowNull) throws IntrusionException;
-
-	/**
-	 * Calls getValidFileName and returns true if no exceptions are thrown.
-	 */
-	boolean isValidFileName(String context, String input, List<String> allowedExtensions, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Returns a canonicalized and validated file name as a String. Implementors should check for allowed file extensions here, as well as allowed file name characters, as declared in "ESAPI.properties". Invalid input
-	 * will generate a descriptive ValidationException, and input that is clearly an attack
-	 * will generate a descriptive IntrusionException.
-	 *
-	 * @param context
-	 * 		A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
-     * @param input
-     * 		The actual input data to validate.
-     * @param allowNull
-     * 		If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
-     *
-     * @return A valid file name
-     *
-     * @throws ValidationException
-     * @throws IntrusionException
-	 */
-	String getValidFileName(String context, String input, List<String> allowedExtensions, boolean allowNull) throws ValidationException, IntrusionException;
-
-	/**
-	 * Calls getValidFileName with the supplied errorList to capture ValidationExceptions
-	 */
-	String getValidFileName(String context, String input, List<String> allowedExtensions, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Calls getValidNumber and returns true if no exceptions are thrown.
-	 */
-	boolean isValidNumber(String context, String input, long minValue, long maxValue, boolean allowNull) throws IntrusionException;
-
-	/**
-	 * Calls getValidNumber and returns true if no exceptions are thrown.
-	 */
-	boolean isValidNumber(String context, String input, long minValue, long maxValue, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Returns a validated number as a double within the range of minValue to maxValue. Invalid input
-	 * will generate a descriptive ValidationException, and input that is clearly an attack
-	 * will generate a descriptive IntrusionException.
-	 *
-	 * @param context
-	 * 		A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
-     * @param input
-     * 		The actual input data to validate.
-     * @param allowNull
-     * 		If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
-     * @param minValue
-     * 		Lowest legal value for input.
-     * @param maxValue
-     * 		Highest legal value for input.
-     *
-     * @return A validated number as a double.
-     *
-     * @throws ValidationException
-     * @throws IntrusionException
-	 */
-	Double getValidNumber(String context, String input, long minValue, long maxValue, boolean allowNull) throws ValidationException, IntrusionException;
-
-	/**
-	 * Calls getValidSafeHTML with the supplied errorList to capture ValidationExceptions
-	 */
-	Double getValidNumber(String context, String input, long minValue, long maxValue, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Calls getValidInteger and returns true if no exceptions are thrown.
-	 */
-	boolean isValidInteger(String context, String input, int minValue, int maxValue, boolean allowNull) throws IntrusionException;
-
-	/**
-	 * Calls getValidInteger and returns true if no exceptions are thrown.
-	 */
-	boolean isValidInteger(String context, String input, int minValue, int maxValue, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Returns a validated integer. Invalid input
-	 * will generate a descriptive ValidationException, and input that is clearly an attack
-	 * will generate a descriptive IntrusionException.
-	 *
-	 * @param context
-	 * 		A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
-     * @param input
-     * 		The actual input data to validate.
-     * @param allowNull
-     * 		If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
-     * @param minValue
-     * 		Lowest legal value for input.
-     * @param maxValue
-     * 		Highest legal value for input.
-     *
-     * @return A validated number as an integer.
-     *
-     * @throws ValidationException
-     * @throws IntrusionException
-	 */
-	Integer getValidInteger(String context, String input, int minValue, int maxValue, boolean allowNull) throws ValidationException, IntrusionException;
-
-	/**
-	 * Calls getValidInteger with the supplied errorList to capture ValidationExceptions
-	 */
-	Integer getValidInteger(String context, String input, int minValue, int maxValue, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Calls getValidDouble and returns true if no exceptions are thrown.
-	 */
-	boolean isValidDouble(String context, String input, double minValue, double maxValue, boolean allowNull) throws IntrusionException;
-
-	/**
-	 * Calls getValidDouble and returns true if no exceptions are thrown.
-	 */
-	boolean isValidDouble(String context, String input, double minValue, double maxValue, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Returns a validated real number as a double. Invalid input
-	 * will generate a descriptive ValidationException, and input that is clearly an attack
-	 * will generate a descriptive IntrusionException.
-	 *
-	 * @param context
-	 * 		A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
-     * @param input
-     * 		The actual input data to validate.
-     * @param allowNull
-     * 		If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
-     * @param minValue
-     * 		Lowest legal value for input.
-     * @param maxValue
-     * 		Highest legal value for input.
-     *
-     * @return A validated real number as a double.
-     *
-     * @throws ValidationException
-     * @throws IntrusionException
-	 */
-	Double getValidDouble(String context, String input, double minValue, double maxValue, boolean allowNull) throws ValidationException, IntrusionException;
-
-	/**
-	 * Calls getValidDouble with the supplied errorList to capture ValidationExceptions
-	 */
-	Double getValidDouble(String context, String input, double minValue, double maxValue, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Calls getValidFileContent and returns true if no exceptions are thrown.
-	 */
-	boolean isValidFileContent(String context, byte[] input, int maxBytes, boolean allowNull) throws IntrusionException;
-
-	/**
-	 * Calls getValidFileContent and returns true if no exceptions are thrown.
-	 */
-	boolean isValidFileContent(String context, byte[] input, int maxBytes, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Returns validated file content as a byte array. This is a good place to check for max file size, allowed character sets, and do virus scans.  Invalid input
-	 * will generate a descriptive ValidationException, and input that is clearly an attack
-	 * will generate a descriptive IntrusionException.
-	 *
-	 * @param context
-	 * 		A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
-	 * @param input
-	 * 		The actual input data to validate.
-	 * @param maxBytes
-	 * 		The maximum number of bytes allowed in a legal file.
-	 * @param allowNull
-	 * 		If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
-	 *
-	 * @return A byte array containing valid file content.
-	 *
-	 * @throws ValidationException
-	 * @throws IntrusionException
-	 */
-	byte[] getValidFileContent(String context, byte[] input, int maxBytes, boolean allowNull) throws ValidationException, IntrusionException;
-
-	/**
-	 * Calls getValidFileContent with the supplied errorList to capture ValidationExceptions
-	 */
-	byte[] getValidFileContent(String context, byte[] input, int maxBytes, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Calls getValidFileUpload and returns true if no exceptions are thrown.
-	 */
-	boolean isValidFileUpload(String context, String filepath, String filename, File parent, byte[] content, int maxBytes, boolean allowNull) throws IntrusionException;
-
-	/**
-	 * Calls getValidFileUpload and returns true if no exceptions are thrown.
-	 */
-	boolean isValidFileUpload(String context, String filepath, String filename, File parent, byte[] content, int maxBytes, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Validates the filepath, filename, and content of a file. Invalid input
-	 * will generate a descriptive ValidationException, and input that is clearly an attack
-	 * will generate a descriptive IntrusionException.
-	 *
-	 * @param context
-	 * 		A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
-	 * @param filepath
-	 * 		The file path of the uploaded file.
-	 * @param filename
-	 * 		The filename of the uploaded file
-	 * @param content
-	 * 		A byte array containing the content of the uploaded file.
-	 * @param maxBytes
-	 * 		The max number of bytes allowed for a legal file upload.
-	 * @param allowNull
-	 * 		If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
-	 *
-	 * @throws ValidationException
-	 * @throws IntrusionException
-	 */
-	void assertValidFileUpload(String context, String filepath, String filename, File parent, byte[] content, int maxBytes, List<String> allowedExtensions, boolean allowNull) throws ValidationException, IntrusionException;
-
-	/**
-	 * Calls getValidFileUpload with the supplied errorList to capture ValidationExceptions
-	 */
-	void assertValidFileUpload(String context, String filepath, String filename, File parent, byte[] content, int maxBytes, List<String> allowedExtensions, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Calls getValidListItem and returns true if no exceptions are thrown.
-	 */
-	boolean isValidListItem(String context, String input, List<String> list) throws IntrusionException;
-
-	/**
-	 * Calls getValidListItem and returns true if no exceptions are thrown.
-	 */
-	boolean isValidListItem(String context, String input, List<String> list, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Returns the list item that exactly matches the canonicalized input. Invalid or non-matching input
-	 * will generate a descriptive ValidationException, and input that is clearly an attack
-	 * will generate a descriptive IntrusionException.
-	 *
-	 * @param context
-	 * 		A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
-	 * @param input
-	 * 		The value to search 'list' for.
-	 * @param list
-	 * 		The list to search for 'input'.
-	 *
-	 * @return The list item that exactly matches the canonicalized input.
-	 *
-	 * @throws ValidationException
-	 * @throws IntrusionException
-	 */
-	String getValidListItem(String context, String input, List<String> list) throws ValidationException, IntrusionException;
-
-	/**
-	 * Calls getValidListItem with the supplied errorList to capture ValidationExceptions
-	 */
-	String getValidListItem(String context, String input, List<String> list, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Calls assertValidHTTPRequestParameterSet and returns true if no exceptions are thrown.
-	 */
-	boolean isValidHTTPRequestParameterSet(String context, HttpServletRequest request, Set<String> required, Set<String> optional) throws IntrusionException;
-
-	/**
-	 * Calls assertValidHTTPRequestParameterSet and returns true if no exceptions are thrown.
-	 */
-	boolean isValidHTTPRequestParameterSet(String context, HttpServletRequest request, Set<String> required, Set<String> optional, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Validates that the parameters in the current request contain all required parameters and only optional ones in
-	 * addition. Invalid input will generate a descriptive ValidationException, and input that is clearly an attack
-	 * will generate a descriptive IntrusionException.
-	 *
-	 * @param context
-	 * 		A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
-	 * @param required
-	 * 		parameters that are required to be in HTTP request
-	 * @param optional
-	 * 		additional parameters that may be in HTTP request
-	 *
-	 * @throws ValidationException
-	 * @throws IntrusionException
-	 */
-	void assertValidHTTPRequestParameterSet(String context, HttpServletRequest request, Set<String> required, Set<String> optional) throws ValidationException, IntrusionException;
-
-	/**
-	 * Calls getValidHTTPRequestParameterSet with the supplied errorList to capture ValidationExceptions
-	 */
-	void assertValidHTTPRequestParameterSet(String context, HttpServletRequest request, Set<String> required, Set<String> optional, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Calls getValidPrintable and returns true if no exceptions are thrown.
-	 */
-	boolean isValidPrintable(String context, char[] input, int maxLength, boolean allowNull) throws IntrusionException;
-
-        /**
-	 * Calls getValidPrintable and returns true if no exceptions are thrown.
-	 */
-	boolean isValidPrintable(String context, char[] input, int maxLength, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Returns canonicalized and validated printable characters as a byte array. Invalid input will generate a descriptive ValidationException, and input that is clearly an attack
-	 * will generate a descriptive IntrusionException.
-	 *
-	 *  @param context
-	 *  		A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
-	 *  @param input
-	 *  		data to be returned as valid and printable
-	 *  @param maxLength
-	 *  		Maximum number of bytes stored in 'input'
-	 *  @param allowNull
-	 *  		If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
-	 *
-	 *  @return a byte array containing only printable characters, made up of data from 'input'
-	 *
-	 *  @throws ValidationException
-	 */
-	char[] getValidPrintable(String context, char[] input, int maxLength, boolean allowNull) throws ValidationException;
-
-	/**
-	 * Calls getValidPrintable with the supplied errorList to capture ValidationExceptions
-	 */
-	char[] getValidPrintable(String context, char[] input, int maxLength, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
-
-
-	/**
-	 * Calls getValidPrintable and returns true if no exceptions are thrown.
-	 */
-	boolean isValidPrintable(String context, String input, int maxLength, boolean allowNull) throws IntrusionException;
-
-        /**
-	 * Calls getValidPrintable and returns true if no exceptions are thrown.
-	 */
-	boolean isValidPrintable(String context, String input, int maxLength, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Returns canonicalized and validated printable characters as a String. Invalid input will generate a descriptive ValidationException, and input that is clearly an attack
-	 * will generate a descriptive IntrusionException.
-	 *
-	 *  @param context
-	 *  		A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
-	 *  @param input
-	 *  		data to be returned as valid and printable
-	 *  @param maxLength
-	 *  		Maximum number of bytes stored in 'input' after canonicalization
-	 *  @param allowNull
-	 *  		If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
-	 *
-	 *  @return a String containing only printable characters, made up of data from 'input'
-	 *
-	 *  @throws ValidationException
-	 */
-	String getValidPrintable(String context, String input, int maxLength, boolean allowNull) throws ValidationException;
-
-	/**
-	 * Calls getValidPrintable with the supplied errorList to capture ValidationExceptions
-	 */
-	String getValidPrintable(String context, String input, int maxLength, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Calls getValidRedirectLocation and returns true if no exceptions are thrown.
-	 */
-	boolean isValidRedirectLocation(String context, String input, boolean allowNull);
-
-        /**
-	 * Calls getValidRedirectLocation and returns true if no exceptions are thrown.
-	 */
-	boolean isValidRedirectLocation(String context, String input, boolean allowNull, ValidationErrorList errorList);
-
-	/**
-	 * Returns a canonicalized and validated redirect location as a String. Invalid input will generate a descriptive ValidationException, and input that is clearly an attack
-	 * will generate a descriptive IntrusionException.
-	 *
-	 *  @param context
-	 *  		A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
-	 *  @param input
-	 *  		redirect location to be returned as valid, according to encoding rules set in "ESAPI.properties"
-	 *  @param allowNull
-	 *  		If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
-	 *
-	 *  @return A canonicalized and validated redirect location, as defined in "ESAPI.properties"
-	 *
-	 *  @throws ValidationException
-	 *  @throws IntrusionException
-	 */
-	String getValidRedirectLocation(String context, String input, boolean allowNull) throws ValidationException, IntrusionException;
-
-	/**
-	 * Calls getValidRedirectLocation with the supplied errorList to capture ValidationExceptions
-	 */
-	String getValidRedirectLocation(String context, String input, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
-
-	/**
-	 * Reads from an input stream until end-of-line or a maximum number of
-	 * characters. This method protects against the inherent denial of service
-	 * attack in reading until the end of a line. If an attacker doesn't ever
-	 * send a newline character, then a normal input stream reader will read
-	 * until all memory is exhausted and the platform throws an OutOfMemoryError
-	 * and probably terminates.
-	 *
-	 * @param inputStream
-	 * 		The InputStream from which to read data
-	 * @param maxLength
-	 * 		Maximum characters allowed to be read in per line
-	 *
-	 * @return a String containing the current line of inputStream
-	 *
-	 * @throws ValidationException
-	 */
-	String safeReadLine(InputStream inputStream, int maxLength) throws ValidationException;
-
-}
-
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi;
+
+import java.io.File;
+import java.io.InputStream;
+import java.text.DateFormat;
+import java.util.Date;
+import java.util.List;
+import java.util.Set;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.owasp.esapi.errors.IntrusionException;
+import org.owasp.esapi.errors.ValidationException;
+
+
+/**
+ * The Validator interface defines a set of methods for canonicalizing and
+ * validating untrusted input. Implementors should feel free to extend this
+ * interface to accommodate their own data formats. Rather than throw exceptions,
+ * this interface returns boolean results because not all validation problems
+ * are security issues. Boolean returns allow developers to handle both valid
+ * and invalid results more cleanly than exceptions.
+ * <P>
+ * Implementations must adopt a "whitelist" approach to validation where a
+ * specific pattern or character set is matched. "Blacklist" approaches that
+ * attempt to identify the invalid or disallowed characters are much more likely
+ * to allow a bypass with encoding or other tricks.
+ *
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ */
+public interface Validator {
+
+	void addRule( ValidationRule rule );
+
+	ValidationRule getRule( String name );
+
+	/**
+	 * Calls isValidInput and returns true if no exceptions are thrown.
+	 */
+	boolean isValidInput(String context, String input, String type, int maxLength, boolean allowNull) throws IntrusionException;
+
+	/**
+	 * Calls isValidInput and returns true if no exceptions are thrown.
+	 */
+	boolean isValidInput(String context, String input, String type, int maxLength, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
+
+	/**
+	 * Calls isValidInput and returns true if no exceptions are thrown.
+	 */
+	boolean isValidInput(String context, String input, String type, int maxLength, boolean allowNull, boolean canonicalize) throws IntrusionException;
+
+	/**
+	 * Calls isValidInput and returns true if no exceptions are thrown.
+	 */
+	boolean isValidInput(String context, String input, String type, int maxLength, boolean allowNull, boolean canonicalize, ValidationErrorList errorList) throws IntrusionException;
+
+	/**
+	 * Returns canonicalized and validated input as a String. Invalid input will generate a descriptive ValidationException,
+	 * and input that is clearly an attack will generate a descriptive IntrusionException.
+	 *
+	 * @param context
+	 * 		A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
+	 * @param input
+	 * 		The actual user input data to validate.
+	 * @param type
+	 * 		The regular expression name that maps to the actual regular expression from "ESAPI.properties".
+	 * @param maxLength
+	 * 		The maximum post-canonicalized String length allowed.
+	 * @param allowNull
+	 * 		If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
+	 *
+	 * @return The canonicalized user input.
+	 *
+	 * @throws ValidationException
+	 * @throws IntrusionException
+	 */
+	String getValidInput(String context, String input, String type, int maxLength, boolean allowNull) throws ValidationException, IntrusionException;
+
+	/**
+	 * Returns validated input as a String with optional canonicalization. Invalid input will generate a descriptive ValidationException,
+	 * and input that is clearly an attack will generate a descriptive IntrusionException.
+	 *
+	 * @param context
+	 * 		A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
+	 * @param input
+	 * 		The actual user input data to validate.
+	 * @param type
+	 * 		The regular expression name that maps to the actual regular expression from "ESAPI.properties".
+	 * @param maxLength
+	 * 		The maximum post-canonicalized String length allowed.
+	 * @param allowNull
+	 * 		If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
+	 * @param canonicalize
+	 *      If canonicalize is true then input will be canonicalized before validation
+	 *
+	 * @return The canonicalized user input.
+	 *
+	 * @throws ValidationException
+	 * @throws IntrusionException
+	 */
+	String getValidInput(String context, String input, String type, int maxLength, boolean allowNull, boolean canonicalize) throws ValidationException, IntrusionException;
+
+	/**
+	 * Calls getValidInput with the supplied errorList to capture ValidationExceptions
+	 */
+	String getValidInput(String context, String input, String type, int maxLength, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
+
+	/**
+	 * Calls getValidInput with the supplied errorList to capture ValidationExceptions
+	 */
+	String getValidInput(String context, String input, String type, int maxLength, boolean allowNull, boolean canonicalize, ValidationErrorList errorList) throws IntrusionException;
+
+	/**
+	 * Calls isValidDate and returns true if no exceptions are thrown.
+	 */
+	boolean isValidDate(String context, String input, DateFormat format, boolean allowNull) throws IntrusionException;
+
+	/**
+	 * Calls isValidDate and returns true if no exceptions are thrown.
+	 */
+	boolean isValidDate(String context, String input, DateFormat format, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
+
+	/**
+	 * Returns a valid date as a Date. Invalid input will generate a descriptive ValidationException, and input that is clearly an attack
+	 * will generate a descriptive IntrusionException.
+	 *
+	 * @param context
+	 * 		A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
+	 * @param input
+	 * 		The actual user input data to validate.
+	 * @param format
+	 * 		Required formatting of date inputted.
+	 * @param allowNull
+	 * 		If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
+	 *
+	 * @return A valid date as a Date
+	 *
+	 * @throws ValidationException
+	 * @throws IntrusionException
+	 */
+	Date getValidDate(String context, String input, DateFormat format, boolean allowNull) throws ValidationException, IntrusionException;
+
+	/**
+	 * Calls getValidDate with the supplied errorList to capture ValidationExceptions
+	 */
+	Date getValidDate(String context, String input, DateFormat format, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
+
+	/**
+	 * Calls getValidSafeHTML and returns true if no exceptions are thrown.
+	 */
+	boolean isValidSafeHTML(String context, String input, int maxLength, boolean allowNull) throws IntrusionException;
+
+	/**
+	 * Calls getValidSafeHTML and returns true if no exceptions are thrown.
+	 */
+	boolean isValidSafeHTML(String context, String input, int maxLength, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
+
+	/**
+	 * Returns canonicalized and validated "safe" HTML that does not contain unwanted scripts in the body, attributes, CSS, URLs, or anywhere else.
+	 * Implementors should reference the OWASP AntiSamy project for ideas
+	 * on how to do HTML validation in a whitelist way, as this is an extremely difficult problem.
+	 *
+	 * @param context
+	 * 		A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
+	 * @param input
+	 * 		The actual user input data to validate.
+	 * @param maxLength
+	 * 		The maximum String length allowed.
+	 * @param allowNull
+	 * 		If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
+	 *
+	 * @return Valid safe HTML
+	 *
+	 * @throws ValidationException
+	 * @throws IntrusionException
+	 */
+	String getValidSafeHTML(String context, String input, int maxLength, boolean allowNull) throws ValidationException, IntrusionException;
+
+	/**
+	 * Calls getValidSafeHTML with the supplied errorList to capture ValidationExceptions
+	 */
+	String getValidSafeHTML(String context, String input, int maxLength, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
+
+	/**
+	 * Calls getValidCreditCard and returns true if no exceptions are thrown.
+	 */
+	boolean isValidCreditCard(String context, String input, boolean allowNull) throws IntrusionException;
+
+	/**
+	 * Calls getValidCreditCard and returns true if no exceptions are thrown.
+	 */
+	boolean isValidCreditCard(String context, String input, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
+
+	/**
+	 * Returns a canonicalized and validated credit card number as a String. Invalid input
+	 * will generate a descriptive ValidationException, and input that is clearly an attack
+	 * will generate a descriptive IntrusionException.
+	 *
+	 * @param context
+	 * 		A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
+	 * @param input
+	 * 		The actual user input data to validate.
+	 * @param allowNull
+	 * 		If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
+	 *
+	 * @return A valid credit card number
+	 *
+	 * @throws ValidationException
+	 * @throws IntrusionException
+	 */
+	String getValidCreditCard(String context, String input, boolean allowNull) throws ValidationException, IntrusionException;
+
+	/**
+	 * Calls getValidCreditCard with the supplied errorList to capture ValidationExceptions
+	 */
+	String getValidCreditCard(String context, String input, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
+
+	/**
+	 * Calls getValidDirectoryPath and returns true if no exceptions are thrown.
+	 */
+	boolean isValidDirectoryPath(String context, String input, File parent, boolean allowNull) throws IntrusionException;
+
+	/**
+	 * Calls getValidDirectoryPath and returns true if no exceptions are thrown.
+	 */
+	boolean isValidDirectoryPath(String context, String input, File parent, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
+
+	/**
+	 * Returns a canonicalized and validated directory path as a String, provided that the input
+	 * maps to an existing directory that is an existing subdirectory (at any level) of the specified parent. Invalid input
+	 * will generate a descriptive ValidationException, and input that is clearly an attack
+	 * will generate a descriptive IntrusionException. Instead of throwing a ValidationException
+	 * on error, this variant will store the exception inside of the ValidationErrorList.
+	 *
+	 * @param context
+	 * 		A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
+	 * @param input
+	 * 		The actual input data to validate.
+	 * @param allowNull
+	 * 		If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
+	 *
+	 * @return A valid directory path
+	 *
+	 * @throws ValidationException
+	 * @throws IntrusionException
+	 */
+	String getValidDirectoryPath(String context, String input, File parent, boolean allowNull) throws ValidationException, IntrusionException;
+
+	/**
+	 * Calls getValidDirectoryPath with the supplied errorList to capture ValidationExceptions
+	 */
+	String getValidDirectoryPath(String context, String input, File parent, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
+
+	/**
+	 * Calls getValidFileName with the default list of allowedExtensions
+	 */
+	boolean isValidFileName(String context, String input, boolean allowNull) throws IntrusionException;
+
+	/**
+	 * Calls getValidFileName with the default list of allowedExtensions
+	 */
+	boolean isValidFileName(String context, String input, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
+
+	/**
+	 * Calls getValidFileName and returns true if no exceptions are thrown.
+	 */
+	boolean isValidFileName(String context, String input, List<String> allowedExtensions, boolean allowNull) throws IntrusionException;
+
+	/**
+	 * Calls getValidFileName and returns true if no exceptions are thrown.
+	 */
+	boolean isValidFileName(String context, String input, List<String> allowedExtensions, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
+
+	/**
+	 * Returns a canonicalized and validated file name as a String. Implementors should check for allowed file extensions here, as well as allowed file name characters, as declared in "ESAPI.properties". Invalid input
+	 * will generate a descriptive ValidationException, and input that is clearly an attack
+	 * will generate a descriptive IntrusionException.
+	 *
+	 * @param context
+	 * 		A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
+     * @param input
+     * 		The actual input data to validate.
+     * @param allowNull
+     * 		If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
+     *
+     * @return A valid file name
+     *
+     * @throws ValidationException
+     * @throws IntrusionException
+	 */
+	String getValidFileName(String context, String input, List<String> allowedExtensions, boolean allowNull) throws ValidationException, IntrusionException;
+
+	/**
+	 * Calls getValidFileName with the supplied errorList to capture ValidationExceptions
+	 */
+	String getValidFileName(String context, String input, List<String> allowedExtensions, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
+
+	/**
+	 * Calls getValidNumber and returns true if no exceptions are thrown.
+	 */
+	boolean isValidNumber(String context, String input, long minValue, long maxValue, boolean allowNull) throws IntrusionException;
+
+	/**
+	 * Calls getValidNumber and returns true if no exceptions are thrown.
+	 */
+	boolean isValidNumber(String context, String input, long minValue, long maxValue, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
+
+	/**
+	 * Returns a validated number as a double within the range of minValue to maxValue. Invalid input
+	 * will generate a descriptive ValidationException, and input that is clearly an attack
+	 * will generate a descriptive IntrusionException.
+	 *
+	 * @param context
+	 * 		A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
+     * @param input
+     * 		The actual input data to validate.
+     * @param allowNull
+     * 		If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
+     * @param minValue
+     * 		Lowest legal value for input.
+     * @param maxValue
+     * 		Highest legal value for input.
+     *
+     * @return A validated number as a double.
+     *
+     * @throws ValidationException
+     * @throws IntrusionException
+	 */
+	Double getValidNumber(String context, String input, long minValue, long maxValue, boolean allowNull) throws ValidationException, IntrusionException;
+
+	/**
+	 * Calls getValidSafeHTML with the supplied errorList to capture ValidationExceptions
+	 */
+	Double getValidNumber(String context, String input, long minValue, long maxValue, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
+
+	/**
+	 * Calls getValidInteger and returns true if no exceptions are thrown.
+	 */
+	boolean isValidInteger(String context, String input, int minValue, int maxValue, boolean allowNull) throws IntrusionException;
+
+	/**
+	 * Calls getValidInteger and returns true if no exceptions are thrown.
+	 */
+	boolean isValidInteger(String context, String input, int minValue, int maxValue, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
+
+	/**
+	 * Returns a validated integer. Invalid input
+	 * will generate a descriptive ValidationException, and input that is clearly an attack
+	 * will generate a descriptive IntrusionException.
+	 *
+	 * @param context
+	 * 		A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
+     * @param input
+     * 		The actual input data to validate.
+     * @param allowNull
+     * 		If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
+     * @param minValue
+     * 		Lowest legal value for input.
+     * @param maxValue
+     * 		Highest legal value for input.
+     *
+     * @return A validated number as an integer.
+     *
+     * @throws ValidationException
+     * @throws IntrusionException
+	 */
+	Integer getValidInteger(String context, String input, int minValue, int maxValue, boolean allowNull) throws ValidationException, IntrusionException;
+
+	/**
+	 * Calls getValidInteger with the supplied errorList to capture ValidationExceptions
+	 */
+	Integer getValidInteger(String context, String input, int minValue, int maxValue, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
+
+	/**
+	 * Calls getValidDouble and returns true if no exceptions are thrown.
+	 */
+	boolean isValidDouble(String context, String input, double minValue, double maxValue, boolean allowNull) throws IntrusionException;
+
+	/**
+	 * Calls getValidDouble and returns true if no exceptions are thrown.
+	 */
+	boolean isValidDouble(String context, String input, double minValue, double maxValue, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
+
+	/**
+	 * Returns a validated real number as a double. Invalid input
+	 * will generate a descriptive ValidationException, and input that is clearly an attack
+	 * will generate a descriptive IntrusionException.
+	 *
+	 * @param context
+	 * 		A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
+     * @param input
+     * 		The actual input data to validate.
+     * @param allowNull
+     * 		If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
+     * @param minValue
+     * 		Lowest legal value for input.
+     * @param maxValue
+     * 		Highest legal value for input.
+     *
+     * @return A validated real number as a double.
+     *
+     * @throws ValidationException
+     * @throws IntrusionException
+	 */
+	Double getValidDouble(String context, String input, double minValue, double maxValue, boolean allowNull) throws ValidationException, IntrusionException;
+
+	/**
+	 * Calls getValidDouble with the supplied errorList to capture ValidationExceptions
+	 */
+	Double getValidDouble(String context, String input, double minValue, double maxValue, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
+
+	/**
+	 * Calls getValidFileContent and returns true if no exceptions are thrown.
+	 */
+	boolean isValidFileContent(String context, byte[] input, int maxBytes, boolean allowNull) throws IntrusionException;
+
+	/**
+	 * Calls getValidFileContent and returns true if no exceptions are thrown.
+	 */
+	boolean isValidFileContent(String context, byte[] input, int maxBytes, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
+
+	/**
+	 * Returns validated file content as a byte array. This is a good place to check for max file size, allowed character sets, and do virus scans.  Invalid input
+	 * will generate a descriptive ValidationException, and input that is clearly an attack
+	 * will generate a descriptive IntrusionException.
+	 *
+	 * @param context
+	 * 		A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
+	 * @param input
+	 * 		The actual input data to validate.
+	 * @param maxBytes
+	 * 		The maximum number of bytes allowed in a legal file.
+	 * @param allowNull
+	 * 		If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
+	 *
+	 * @return A byte array containing valid file content.
+	 *
+	 * @throws ValidationException
+	 * @throws IntrusionException
+	 */
+	byte[] getValidFileContent(String context, byte[] input, int maxBytes, boolean allowNull) throws ValidationException, IntrusionException;
+
+	/**
+	 * Calls getValidFileContent with the supplied errorList to capture ValidationExceptions
+	 */
+	byte[] getValidFileContent(String context, byte[] input, int maxBytes, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
+
+	/**
+	 * Calls getValidFileUpload and returns true if no exceptions are thrown.
+	 */
+	boolean isValidFileUpload(String context, String filepath, String filename, File parent, byte[] content, int maxBytes, boolean allowNull) throws IntrusionException;
+
+	/**
+	 * Calls getValidFileUpload and returns true if no exceptions are thrown.
+	 */
+	boolean isValidFileUpload(String context, String filepath, String filename, File parent, byte[] content, int maxBytes, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
+
+	/**
+	 * Validates the filepath, filename, and content of a file. Invalid input
+	 * will generate a descriptive ValidationException, and input that is clearly an attack
+	 * will generate a descriptive IntrusionException.
+	 *
+	 * @param context
+	 * 		A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
+	 * @param filepath
+	 * 		The file path of the uploaded file.
+	 * @param filename
+	 * 		The filename of the uploaded file
+	 * @param content
+	 * 		A byte array containing the content of the uploaded file.
+	 * @param maxBytes
+	 * 		The max number of bytes allowed for a legal file upload.
+	 * @param allowNull
+	 * 		If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
+	 *
+	 * @throws ValidationException
+	 * @throws IntrusionException
+	 */
+	void assertValidFileUpload(String context, String filepath, String filename, File parent, byte[] content, int maxBytes, List<String> allowedExtensions, boolean allowNull) throws ValidationException, IntrusionException;
+
+	/**
+	 * Calls getValidFileUpload with the supplied errorList to capture ValidationExceptions
+	 */
+	void assertValidFileUpload(String context, String filepath, String filename, File parent, byte[] content, int maxBytes, List<String> allowedExtensions, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
+
+	/**
+	 * Calls getValidListItem and returns true if no exceptions are thrown.
+	 */
+	boolean isValidListItem(String context, String input, List<String> list) throws IntrusionException;
+
+	/**
+	 * Calls getValidListItem and returns true if no exceptions are thrown.
+	 */
+	boolean isValidListItem(String context, String input, List<String> list, ValidationErrorList errorList) throws IntrusionException;
+
+	/**
+	 * Returns the list item that exactly matches the canonicalized input. Invalid or non-matching input
+	 * will generate a descriptive ValidationException, and input that is clearly an attack
+	 * will generate a descriptive IntrusionException.
+	 *
+	 * @param context
+	 * 		A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
+	 * @param input
+	 * 		The value to search 'list' for.
+	 * @param list
+	 * 		The list to search for 'input'.
+	 *
+	 * @return The list item that exactly matches the canonicalized input.
+	 *
+	 * @throws ValidationException
+	 * @throws IntrusionException
+	 */
+	String getValidListItem(String context, String input, List<String> list) throws ValidationException, IntrusionException;
+
+	/**
+	 * Calls getValidListItem with the supplied errorList to capture ValidationExceptions
+	 */
+	String getValidListItem(String context, String input, List<String> list, ValidationErrorList errorList) throws IntrusionException;
+
+	/**
+	 * Calls assertValidHTTPRequestParameterSet and returns true if no exceptions are thrown.
+	 */
+	boolean isValidHTTPRequestParameterSet(String context, HttpServletRequest request, Set<String> required, Set<String> optional) throws IntrusionException;
+
+	/**
+	 * Calls assertValidHTTPRequestParameterSet and returns true if no exceptions are thrown.
+	 */
+	boolean isValidHTTPRequestParameterSet(String context, HttpServletRequest request, Set<String> required, Set<String> optional, ValidationErrorList errorList) throws IntrusionException;
+
+	/**
+	 * Validates that the parameters in the current request contain all required parameters and only optional ones in
+	 * addition. Invalid input will generate a descriptive ValidationException, and input that is clearly an attack
+	 * will generate a descriptive IntrusionException.
+	 *
+	 * @param context
+	 * 		A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
+	 * @param required
+	 * 		parameters that are required to be in HTTP request
+	 * @param optional
+	 * 		additional parameters that may be in HTTP request
+	 *
+	 * @throws ValidationException
+	 * @throws IntrusionException
+	 */
+	void assertValidHTTPRequestParameterSet(String context, HttpServletRequest request, Set<String> required, Set<String> optional) throws ValidationException, IntrusionException;
+
+	/**
+	 * Calls getValidHTTPRequestParameterSet with the supplied errorList to capture ValidationExceptions
+	 */
+	void assertValidHTTPRequestParameterSet(String context, HttpServletRequest request, Set<String> required, Set<String> optional, ValidationErrorList errorList) throws IntrusionException;
+
+	/**
+	 * Calls getValidPrintable and returns true if no exceptions are thrown.
+	 */
+	boolean isValidPrintable(String context, char[] input, int maxLength, boolean allowNull) throws IntrusionException;
+
+        /**
+	 * Calls getValidPrintable and returns true if no exceptions are thrown.
+	 */
+	boolean isValidPrintable(String context, char[] input, int maxLength, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
+
+	/**
+	 * Returns canonicalized and validated printable characters as a byte array. Invalid input will generate a descriptive ValidationException, and input that is clearly an attack
+	 * will generate a descriptive IntrusionException.
+	 *
+	 *  @param context
+	 *  		A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
+	 *  @param input
+	 *  		data to be returned as valid and printable
+	 *  @param maxLength
+	 *  		Maximum number of bytes stored in 'input'
+	 *  @param allowNull
+	 *  		If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
+	 *
+	 *  @return a byte array containing only printable characters, made up of data from 'input'
+	 *
+	 *  @throws ValidationException
+	 */
+	char[] getValidPrintable(String context, char[] input, int maxLength, boolean allowNull) throws ValidationException;
+
+	/**
+	 * Calls getValidPrintable with the supplied errorList to capture ValidationExceptions
+	 */
+	char[] getValidPrintable(String context, char[] input, int maxLength, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
+
+
+	/**
+	 * Calls getValidPrintable and returns true if no exceptions are thrown.
+	 */
+	boolean isValidPrintable(String context, String input, int maxLength, boolean allowNull) throws IntrusionException;
+
+        /**
+	 * Calls getValidPrintable and returns true if no exceptions are thrown.
+	 */
+	boolean isValidPrintable(String context, String input, int maxLength, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
+
+	/**
+	 * Returns canonicalized and validated printable characters as a String. Invalid input will generate a descriptive ValidationException, and input that is clearly an attack
+	 * will generate a descriptive IntrusionException.
+	 *
+	 *  @param context
+	 *  		A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
+	 *  @param input
+	 *  		data to be returned as valid and printable
+	 *  @param maxLength
+	 *  		Maximum number of bytes stored in 'input' after canonicalization
+	 *  @param allowNull
+	 *  		If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
+	 *
+	 *  @return a String containing only printable characters, made up of data from 'input'
+	 *
+	 *  @throws ValidationException
+	 */
+	String getValidPrintable(String context, String input, int maxLength, boolean allowNull) throws ValidationException;
+
+	/**
+	 * Calls getValidPrintable with the supplied errorList to capture ValidationExceptions
+	 */
+	String getValidPrintable(String context, String input, int maxLength, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
+
+	/**
+	 * Calls getValidRedirectLocation and returns true if no exceptions are thrown.
+	 */
+	boolean isValidRedirectLocation(String context, String input, boolean allowNull);
+
+        /**
+	 * Calls getValidRedirectLocation and returns true if no exceptions are thrown.
+	 */
+	boolean isValidRedirectLocation(String context, String input, boolean allowNull, ValidationErrorList errorList);
+
+	/**
+	 * Returns a canonicalized and validated redirect location as a String. Invalid input will generate a descriptive ValidationException, and input that is clearly an attack
+	 * will generate a descriptive IntrusionException.
+	 *
+	 *  @param context
+	 *  		A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
+	 *  @param input
+	 *  		redirect location to be returned as valid, according to encoding rules set in "ESAPI.properties"
+	 *  @param allowNull
+	 *  		If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
+	 *
+	 *  @return A canonicalized and validated redirect location, as defined in "ESAPI.properties"
+	 *
+	 *  @throws ValidationException
+	 *  @throws IntrusionException
+	 */
+	String getValidRedirectLocation(String context, String input, boolean allowNull) throws ValidationException, IntrusionException;
+
+	/**
+	 * Calls getValidRedirectLocation with the supplied errorList to capture ValidationExceptions
+	 */
+	String getValidRedirectLocation(String context, String input, boolean allowNull, ValidationErrorList errorList) throws IntrusionException;
+
+	/**
+	 * Reads from an input stream until end-of-line or a maximum number of
+	 * characters. This method protects against the inherent denial of service
+	 * attack in reading until the end of a line. If an attacker doesn't ever
+	 * send a newline character, then a normal input stream reader will read
+	 * until all memory is exhausted and the platform throws an OutOfMemoryError
+	 * and probably terminates.
+	 *
+	 * @param inputStream
+	 * 		The InputStream from which to read data
+	 * @param maxLength
+	 * 		Maximum characters allowed to be read in per line
+	 *
+	 * @return a String containing the current line of inputStream
+	 *
+	 * @throws ValidationException
+	 */
+	String safeReadLine(InputStream inputStream, int maxLength) throws ValidationException;
+
+}
+

From c39cf80fec9b4451cf7cba5c421fc069614250d2 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:50 -0500
Subject: [PATCH 186/812] Change CRLF to LF for issue 356.

---
 .../org/owasp/esapi/waf/actions/Action.java   | 90 +++++++++----------
 1 file changed, 45 insertions(+), 45 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/waf/actions/Action.java b/src/main/java/org/owasp/esapi/waf/actions/Action.java
index 87c3905ee..b15498ad0 100644
--- a/src/main/java/org/owasp/esapi/waf/actions/Action.java
+++ b/src/main/java/org/owasp/esapi/waf/actions/Action.java
@@ -1,45 +1,45 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.actions;
-
-/**
- * The base class indicating what is to be done after a rule executes.
- * 
- * @author Arshan Dabirsiaghi
- * @see org.owasp.esapi.waf.rules.Rule
- */
-public abstract class Action {
-
-	protected boolean failed = true;
-	protected boolean actionNecessary = true;
-
-	public void setFailed(boolean didFail) {
-		failed = didFail;
-	}
-
-	public boolean failedRule() {
-		return failed;
-	}
-
-	public boolean isActionNecessary() {
-		return actionNecessary;
-	}
-
-	public void setActionNecessary(boolean b) {
-		this.actionNecessary = b;
-
-	}
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.actions;
+
+/**
+ * The base class indicating what is to be done after a rule executes.
+ * 
+ * @author Arshan Dabirsiaghi
+ * @see org.owasp.esapi.waf.rules.Rule
+ */
+public abstract class Action {
+
+	protected boolean failed = true;
+	protected boolean actionNecessary = true;
+
+	public void setFailed(boolean didFail) {
+		failed = didFail;
+	}
+
+	public boolean failedRule() {
+		return failed;
+	}
+
+	public boolean isActionNecessary() {
+		return actionNecessary;
+	}
+
+	public void setActionNecessary(boolean b) {
+		this.actionNecessary = b;
+
+	}
+}

From bd80a7063e34378b2366188f6f6bd6361d87d7f9 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:50 -0500
Subject: [PATCH 187/812] Change CRLF to LF for issue 356.

---
 .../owasp/esapi/waf/actions/BlockAction.java  | 70 +++++++++----------
 1 file changed, 35 insertions(+), 35 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/waf/actions/BlockAction.java b/src/main/java/org/owasp/esapi/waf/actions/BlockAction.java
index f2ce570e3..5acfcf157 100644
--- a/src/main/java/org/owasp/esapi/waf/actions/BlockAction.java
+++ b/src/main/java/org/owasp/esapi/waf/actions/BlockAction.java
@@ -1,35 +1,35 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.actions;
-
-/**
- * The class that indicates the request processing should be halted and that a blank response
- * should be returned.
- * 
- * @author Arshan Dabirsiaghi
- */
-public class BlockAction extends Action {
-
-	public boolean failedRule() {
-		return true;
-	}
-
-
-	public boolean isActionNecessary() {
-		return true;
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.actions;
+
+/**
+ * The class that indicates the request processing should be halted and that a blank response
+ * should be returned.
+ * 
+ * @author Arshan Dabirsiaghi
+ */
+public class BlockAction extends Action {
+
+	public boolean failedRule() {
+		return true;
+	}
+
+
+	public boolean isActionNecessary() {
+		return true;
+	}
+
+}

From 6ceea2137c7e956a54f338ab2b53b2421a5bba77 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:50 -0500
Subject: [PATCH 188/812] Change CRLF to LF for issue 356.

---
 .../esapi/waf/actions/DefaultAction.java      | 68 +++++++++----------
 1 file changed, 34 insertions(+), 34 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/waf/actions/DefaultAction.java b/src/main/java/org/owasp/esapi/waf/actions/DefaultAction.java
index c09156492..dd81431ea 100644
--- a/src/main/java/org/owasp/esapi/waf/actions/DefaultAction.java
+++ b/src/main/java/org/owasp/esapi/waf/actions/DefaultAction.java
@@ -1,34 +1,34 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.actions;
-
-/**
- * The class that indicates the default action as indicated by the policy file
- * should be executed.
- * 
- * @author Arshan Dabirsiaghi
- */
-public class DefaultAction extends Action {
-
-	public boolean failedRule() {
-		return true;
-	}
-
-	public boolean isActionNecessary() {
-		return true;
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.actions;
+
+/**
+ * The class that indicates the default action as indicated by the policy file
+ * should be executed.
+ * 
+ * @author Arshan Dabirsiaghi
+ */
+public class DefaultAction extends Action {
+
+	public boolean failedRule() {
+		return true;
+	}
+
+	public boolean isActionNecessary() {
+		return true;
+	}
+
+}

From 6ee13b9e6d856e2c20f4b28c817f74d4d1706e8c Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:50 -0500
Subject: [PATCH 189/812] Change CRLF to LF for issue 356.

---
 .../esapi/waf/actions/DoNothingAction.java    | 68 +++++++++----------
 1 file changed, 34 insertions(+), 34 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/waf/actions/DoNothingAction.java b/src/main/java/org/owasp/esapi/waf/actions/DoNothingAction.java
index 25dd05334..a75f58888 100644
--- a/src/main/java/org/owasp/esapi/waf/actions/DoNothingAction.java
+++ b/src/main/java/org/owasp/esapi/waf/actions/DoNothingAction.java
@@ -1,34 +1,34 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.actions;
-
-/**
- * The class that indicates that no further action is necessary.
- * 
- * @author Arshan Dabirsiaghi
- */
-public class DoNothingAction extends Action {
-
-	public boolean failedRule() {
-		return this.failed;
-	}
-
-
-	public boolean isActionNecessary() {
-		return false;
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.actions;
+
+/**
+ * The class that indicates that no further action is necessary.
+ * 
+ * @author Arshan Dabirsiaghi
+ */
+public class DoNothingAction extends Action {
+
+	public boolean failedRule() {
+		return this.failed;
+	}
+
+
+	public boolean isActionNecessary() {
+		return false;
+	}
+
+}

From b08b2eab84dc7c2065371346607c2dd32312dc61 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:50 -0500
Subject: [PATCH 190/812] Change CRLF to LF for issue 356.

---
 .../esapi/waf/actions/RedirectAction.java     | 78 +++++++++----------
 1 file changed, 39 insertions(+), 39 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/waf/actions/RedirectAction.java b/src/main/java/org/owasp/esapi/waf/actions/RedirectAction.java
index 86875109d..0993b4ad5 100644
--- a/src/main/java/org/owasp/esapi/waf/actions/RedirectAction.java
+++ b/src/main/java/org/owasp/esapi/waf/actions/RedirectAction.java
@@ -1,39 +1,39 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.actions;
-
-/**
- * The class that indicates the user should be redirected to another location.
- * 
- * @author Arshan Dabirsiaghi
- */
-public class RedirectAction extends Action {
-
-	private String url = null;
-
-	/*
-	 * Setting this overrides the default value read in the config file.
-	 */
-	public void setRedirectURL(String s) {
-		this.url = s;
-	}
-
-	public String getRedirectURL() {
-		return this.url;
-	}
-
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.actions;
+
+/**
+ * The class that indicates the user should be redirected to another location.
+ * 
+ * @author Arshan Dabirsiaghi
+ */
+public class RedirectAction extends Action {
+
+	private String url = null;
+
+	/*
+	 * Setting this overrides the default value read in the config file.
+	 */
+	public void setRedirectURL(String s) {
+		this.url = s;
+	}
+
+	public String getRedirectURL() {
+		return this.url;
+	}
+
+
+}

From 680f71ba9242abdb55ee9dc4fe9642753845b48f Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:50 -0500
Subject: [PATCH 191/812] Change CRLF to LF for issue 356.

---
 .../AppGuardianConfiguration.java             | 454 +++++++++---------
 1 file changed, 227 insertions(+), 227 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/waf/configuration/AppGuardianConfiguration.java b/src/main/java/org/owasp/esapi/waf/configuration/AppGuardianConfiguration.java
index 94ec57b11..36f5239fe 100644
--- a/src/main/java/org/owasp/esapi/waf/configuration/AppGuardianConfiguration.java
+++ b/src/main/java/org/owasp/esapi/waf/configuration/AppGuardianConfiguration.java
@@ -1,227 +1,227 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.configuration;
-
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-
-import org.apache.log4j.Level;
-import org.owasp.esapi.waf.rules.Rule;
-
-/**
- * This class is the object model of the policy file. Also holds a number of constants
- * used throughout the WAF.
- * 
- * @author Arshan Dabirsiaghi
- *
- */
-public class AppGuardianConfiguration {
-
-	/*
-	 * Fail modes (BLOCK blocks and logs the request, DONT_BLOCK simply logs)
-	 */
-	public static final int LOG = 0;
-	public static final int REDIRECT = 1;
-	public static final int BLOCK = 2;
-
-	/*
-	 * The operators.
-	 */
-	public static final int OPERATOR_EQ = 0;
-	public static final int OPERATOR_CONTAINS = 1;
-	public static final int OPERATOR_IN_LIST = 2;
-	public static final int OPERATOR_EXISTS = 3;
-
-	/*
-	 * We have static copies of the log settings so that the Rule objects
-	 * can access them, because they don't have access to the instance of
-	 * the configuration object.
-	 */
-	public static Level LOG_LEVEL = Level.INFO;	
-	public static String LOG_DIRECTORY = "/WEB-INF/logs";
-
-	/*
-	 * Logging settings.
-	 */
-	private Level logLevel = Level.INFO;
-	private String logDirectory = "/WEB-INF/logs";
-
-	/*
-	 * Default settings.
-	 */
-	public static int DEFAULT_FAIL_ACTION = LOG;
-
-	// TODO: use UTF-8
-	public static String DEFAULT_CHARACTER_ENCODING = "ISO-8859-1";
-	public static String DEFAULT_CONTENT_TYPE = "text/html; charset=" + DEFAULT_CHARACTER_ENCODING;
-
-	/*
-	 * The JavaScript to redirect users to the default error page. Have
-	 * to use this because response.sendRedirect() can't have an arbitrary
-	 * response code and that is a requirement.
-	 */
-	public static final String JAVASCRIPT_TARGET_TOKEN = "##1##";
-	public static final String JAVASCRIPT_REDIRECT = "<html><body><script>document.location='" + JAVASCRIPT_TARGET_TOKEN + "';</script></body></html>";
-
-	/*
-	 * The aliases declared in the beginning of the config file.
-	 */
-	private HashMap<String,Object> aliases;
-
-	/*
-	 * Fail response settings.
-	 */
-	private String defaultErrorPage;
-	private int defaultResponseCode;
-
-	private boolean forceHttpOnlyFlagToSession = false;
-	private boolean forceSecureFlagToSession = false;
-
-	private String sessionCookieName;
-	
-	public String getSessionCookieName() {
-		return sessionCookieName;
-	}
-
-	public void setSessionCookieName(String sessionCookieName) {
-		this.sessionCookieName = sessionCookieName;
-	}
-
-	/*
-	 * The object-level rules encapsulated by the stage in which they are executed.
-	 */
-	private List<Rule> beforeBodyRules;
-	private List<Rule> afterBodyRules;
-	private List<Rule> beforeResponseRules;
-	private List<Rule> cookieRules;
-
-	public AppGuardianConfiguration() {
-		beforeBodyRules = new ArrayList<Rule>();
-		afterBodyRules = new ArrayList<Rule>();
-		beforeResponseRules = new ArrayList<Rule>();
-		cookieRules = new ArrayList<Rule>();
-
-		aliases = new HashMap<String,Object>();
-	}
-
-	/*
-	 * The following methods are all deprecated because
-	 * we use ESAPI logging structures now.
-	 */
-	@Deprecated
-	public Level getLogLevel() {
-		return logLevel;
-	}
-	
-	@Deprecated
-	public void setLogLevel(Level level) {
-		LOG_LEVEL = level;
-		this.logLevel = level;
-	}
-	
-	@Deprecated
-	public void setLogDirectory(String dir) {
-		LOG_DIRECTORY = dir;
-		this.logDirectory = dir;
-	}
-	
-	@Deprecated
-	public String getLogDirectory() {
-		return logDirectory;
-	}
-	
-	public String getDefaultErrorPage() {
-		return defaultErrorPage;
-	}
-
-	public void setDefaultErrorPage(String defaultErrorPage) {
-		this.defaultErrorPage = defaultErrorPage;
-	}
-
-	public int getDefaultResponseCode() {
-		return defaultResponseCode;
-	}
-
-	public void setDefaultResponseCode(int defaultResponseCode) {
-		this.defaultResponseCode = defaultResponseCode;
-	}
-
-	public void addAlias(String key, Object obj) {
-		aliases.put(key, obj);
-	}
-
-	public List<Rule> getBeforeBodyRules() {
-		return beforeBodyRules;
-	}
-
-	public List<Rule> getAfterBodyRules() {
-		return afterBodyRules;
-	}
-
-	public List<Rule> getBeforeResponseRules() {
-		return beforeResponseRules;
-	}
-
-	public List<Rule> getCookieRules() {
-		return cookieRules;
-	}
-
-	public void addBeforeBodyRule(Rule r) {
-		beforeBodyRules.add(r);
-	}
-
-	public void addAfterBodyRule(Rule r) {
-		afterBodyRules.add(r);
-	}
-
-	public void addBeforeResponseRule(Rule r) {
-		beforeResponseRules.add(r);
-	}
-
-	public void addCookieRule(Rule r) {
-		cookieRules.add(r);
-	}
-
-	public void setApplyHTTPOnlyFlagToSessionCookie(boolean shouldApply) {
-		forceHttpOnlyFlagToSession = shouldApply;
-	}
-
-	public void setApplySecureFlagToSessionCookie(boolean shouldApply) {
-		forceSecureFlagToSession = shouldApply;
-	}
-	
-	public boolean isUsingHttpOnlyFlagOnSessionCookie() {
-		return forceHttpOnlyFlagToSession;
-	}
-
-	public boolean isUsingSecureFlagOnSessionCookie() {
-		return forceSecureFlagToSession;
-	}
-	
-	public String toString() {
-		StringBuilder sb = new StringBuilder( "WAF Configuration\n" );
-		sb.append( "Before body rules:\n" );
-		for ( Rule rule : beforeBodyRules ) sb.append( "  " + rule.toString() + "\n" );
-		sb.append( "After body rules:\n" );
-		for ( Rule rule : afterBodyRules ) sb.append( "  " + rule.toString() + "\n" );
-		sb.append( "Before response rules:\n" );
-		for ( Rule rule : beforeResponseRules ) sb.append( "  " + rule.toString() + "\n" );
-		sb.append( "Cookie rules:\n" );
-		for ( Rule rule : cookieRules ) sb.append( "  " + rule.toString() + "\n" );
-		return sb.toString();
-	}
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.configuration;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+
+import org.apache.log4j.Level;
+import org.owasp.esapi.waf.rules.Rule;
+
+/**
+ * This class is the object model of the policy file. Also holds a number of constants
+ * used throughout the WAF.
+ * 
+ * @author Arshan Dabirsiaghi
+ *
+ */
+public class AppGuardianConfiguration {
+
+	/*
+	 * Fail modes (BLOCK blocks and logs the request, DONT_BLOCK simply logs)
+	 */
+	public static final int LOG = 0;
+	public static final int REDIRECT = 1;
+	public static final int BLOCK = 2;
+
+	/*
+	 * The operators.
+	 */
+	public static final int OPERATOR_EQ = 0;
+	public static final int OPERATOR_CONTAINS = 1;
+	public static final int OPERATOR_IN_LIST = 2;
+	public static final int OPERATOR_EXISTS = 3;
+
+	/*
+	 * We have static copies of the log settings so that the Rule objects
+	 * can access them, because they don't have access to the instance of
+	 * the configuration object.
+	 */
+	public static Level LOG_LEVEL = Level.INFO;	
+	public static String LOG_DIRECTORY = "/WEB-INF/logs";
+
+	/*
+	 * Logging settings.
+	 */
+	private Level logLevel = Level.INFO;
+	private String logDirectory = "/WEB-INF/logs";
+
+	/*
+	 * Default settings.
+	 */
+	public static int DEFAULT_FAIL_ACTION = LOG;
+
+	// TODO: use UTF-8
+	public static String DEFAULT_CHARACTER_ENCODING = "ISO-8859-1";
+	public static String DEFAULT_CONTENT_TYPE = "text/html; charset=" + DEFAULT_CHARACTER_ENCODING;
+
+	/*
+	 * The JavaScript to redirect users to the default error page. Have
+	 * to use this because response.sendRedirect() can't have an arbitrary
+	 * response code and that is a requirement.
+	 */
+	public static final String JAVASCRIPT_TARGET_TOKEN = "##1##";
+	public static final String JAVASCRIPT_REDIRECT = "<html><body><script>document.location='" + JAVASCRIPT_TARGET_TOKEN + "';</script></body></html>";
+
+	/*
+	 * The aliases declared in the beginning of the config file.
+	 */
+	private HashMap<String,Object> aliases;
+
+	/*
+	 * Fail response settings.
+	 */
+	private String defaultErrorPage;
+	private int defaultResponseCode;
+
+	private boolean forceHttpOnlyFlagToSession = false;
+	private boolean forceSecureFlagToSession = false;
+
+	private String sessionCookieName;
+	
+	public String getSessionCookieName() {
+		return sessionCookieName;
+	}
+
+	public void setSessionCookieName(String sessionCookieName) {
+		this.sessionCookieName = sessionCookieName;
+	}
+
+	/*
+	 * The object-level rules encapsulated by the stage in which they are executed.
+	 */
+	private List<Rule> beforeBodyRules;
+	private List<Rule> afterBodyRules;
+	private List<Rule> beforeResponseRules;
+	private List<Rule> cookieRules;
+
+	public AppGuardianConfiguration() {
+		beforeBodyRules = new ArrayList<Rule>();
+		afterBodyRules = new ArrayList<Rule>();
+		beforeResponseRules = new ArrayList<Rule>();
+		cookieRules = new ArrayList<Rule>();
+
+		aliases = new HashMap<String,Object>();
+	}
+
+	/*
+	 * The following methods are all deprecated because
+	 * we use ESAPI logging structures now.
+	 */
+	@Deprecated
+	public Level getLogLevel() {
+		return logLevel;
+	}
+	
+	@Deprecated
+	public void setLogLevel(Level level) {
+		LOG_LEVEL = level;
+		this.logLevel = level;
+	}
+	
+	@Deprecated
+	public void setLogDirectory(String dir) {
+		LOG_DIRECTORY = dir;
+		this.logDirectory = dir;
+	}
+	
+	@Deprecated
+	public String getLogDirectory() {
+		return logDirectory;
+	}
+	
+	public String getDefaultErrorPage() {
+		return defaultErrorPage;
+	}
+
+	public void setDefaultErrorPage(String defaultErrorPage) {
+		this.defaultErrorPage = defaultErrorPage;
+	}
+
+	public int getDefaultResponseCode() {
+		return defaultResponseCode;
+	}
+
+	public void setDefaultResponseCode(int defaultResponseCode) {
+		this.defaultResponseCode = defaultResponseCode;
+	}
+
+	public void addAlias(String key, Object obj) {
+		aliases.put(key, obj);
+	}
+
+	public List<Rule> getBeforeBodyRules() {
+		return beforeBodyRules;
+	}
+
+	public List<Rule> getAfterBodyRules() {
+		return afterBodyRules;
+	}
+
+	public List<Rule> getBeforeResponseRules() {
+		return beforeResponseRules;
+	}
+
+	public List<Rule> getCookieRules() {
+		return cookieRules;
+	}
+
+	public void addBeforeBodyRule(Rule r) {
+		beforeBodyRules.add(r);
+	}
+
+	public void addAfterBodyRule(Rule r) {
+		afterBodyRules.add(r);
+	}
+
+	public void addBeforeResponseRule(Rule r) {
+		beforeResponseRules.add(r);
+	}
+
+	public void addCookieRule(Rule r) {
+		cookieRules.add(r);
+	}
+
+	public void setApplyHTTPOnlyFlagToSessionCookie(boolean shouldApply) {
+		forceHttpOnlyFlagToSession = shouldApply;
+	}
+
+	public void setApplySecureFlagToSessionCookie(boolean shouldApply) {
+		forceSecureFlagToSession = shouldApply;
+	}
+	
+	public boolean isUsingHttpOnlyFlagOnSessionCookie() {
+		return forceHttpOnlyFlagToSession;
+	}
+
+	public boolean isUsingSecureFlagOnSessionCookie() {
+		return forceSecureFlagToSession;
+	}
+	
+	public String toString() {
+		StringBuilder sb = new StringBuilder( "WAF Configuration\n" );
+		sb.append( "Before body rules:\n" );
+		for ( Rule rule : beforeBodyRules ) sb.append( "  " + rule.toString() + "\n" );
+		sb.append( "After body rules:\n" );
+		for ( Rule rule : afterBodyRules ) sb.append( "  " + rule.toString() + "\n" );
+		sb.append( "Before response rules:\n" );
+		for ( Rule rule : beforeResponseRules ) sb.append( "  " + rule.toString() + "\n" );
+		sb.append( "Cookie rules:\n" );
+		for ( Rule rule : cookieRules ) sb.append( "  " + rule.toString() + "\n" );
+		return sb.toString();
+	}
+}

From 1a59d099946435226c15b468ee1af7a1f98983a7 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:50 -0500
Subject: [PATCH 192/812] Change CRLF to LF for issue 356.

---
 .../configuration/ConfigurationParser.java    | 1254 ++++++++---------
 1 file changed, 627 insertions(+), 627 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/waf/configuration/ConfigurationParser.java b/src/main/java/org/owasp/esapi/waf/configuration/ConfigurationParser.java
index 2366fcdf5..4eba04e73 100644
--- a/src/main/java/org/owasp/esapi/waf/configuration/ConfigurationParser.java
+++ b/src/main/java/org/owasp/esapi/waf/configuration/ConfigurationParser.java
@@ -1,627 +1,627 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.configuration;
-
-import java.io.FileNotFoundException;
-import java.io.IOException;
-
-import java.io.InputStream;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.regex.Pattern;
-
-import nu.xom.Builder;
-import nu.xom.Document;
-import nu.xom.Element;
-import nu.xom.Elements;
-import nu.xom.ParsingException;
-import nu.xom.ValidityException;
-
-import org.apache.log4j.Level;
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.waf.ConfigurationException;
-import org.owasp.esapi.waf.rules.AddHTTPOnlyFlagRule;
-import org.owasp.esapi.waf.rules.AddHeaderRule;
-import org.owasp.esapi.waf.rules.AddSecureFlagRule;
-import org.owasp.esapi.waf.rules.AuthenticatedRule;
-import org.owasp.esapi.waf.rules.BeanShellRule;
-import org.owasp.esapi.waf.rules.DetectOutboundContentRule;
-import org.owasp.esapi.waf.rules.EnforceHTTPSRule;
-import org.owasp.esapi.waf.rules.HTTPMethodRule;
-import org.owasp.esapi.waf.rules.IPRule;
-import org.owasp.esapi.waf.rules.MustMatchRule;
-import org.owasp.esapi.waf.rules.PathExtensionRule;
-import org.owasp.esapi.waf.rules.ReplaceContentRule;
-import org.owasp.esapi.waf.rules.RestrictContentTypeRule;
-import org.owasp.esapi.waf.rules.RestrictUserAgentRule;
-import org.owasp.esapi.waf.rules.SimpleVirtualPatchRule;
-
-import bsh.EvalError;
-
-/**
- * 
- * The class used to turn a policy file's contents into an object model. 
- * 
- * @author Arshan Dabirsiaghi
- * @see org.owasp.esapi.waf.configuration.AppGuardianConfiguration
- */
-public class ConfigurationParser {
-
-	private static final String REGEX = "regex";
-	private static final String DEFAULT_PATH_APPLY_ALL = ".*";
-	private static final int DEFAULT_RESPONSE_CODE = 403;
-	private static final String DEFAULT_SESSION_COOKIE;
-	
-	static {
-		String sessionIdName = null;
-		try {
-			sessionIdName = ESAPI.securityConfiguration().getHttpSessionIdName();
-		} catch (Throwable t) {
-			sessionIdName = "JSESSIONID";	// If all else fails...
-		}
-		DEFAULT_SESSION_COOKIE = sessionIdName;
-	}
-	
-	private static final String[] STAGES = {
-		"before-request-body",
-		"after-request-body",
-		"before-response"
-	};
-	
-	public static AppGuardianConfiguration readConfigurationFile(InputStream stream, String webRootDir) throws ConfigurationException {
-
-		AppGuardianConfiguration config = new AppGuardianConfiguration();
-
-		Builder parser = new Builder();
-		Document doc;
-		Element root;
-
-		try {
-
-			doc = parser.build(stream);
-			root = doc.getRootElement();
-
-			Element aliasesRoot = root.getFirstChildElement("aliases");
-			Element settingsRoot = root.getFirstChildElement("settings");
-			Element authNRoot = root.getFirstChildElement("authentication-rules");
-			Element authZRoot = root.getFirstChildElement("authorization-rules");
-			Element urlRoot = root.getFirstChildElement("url-rules");
-			Element headerRoot = root.getFirstChildElement("header-rules");
-			Element customRulesRoot = root.getFirstChildElement("custom-rules");;
-			Element virtualPatchesRoot = root.getFirstChildElement("virtual-patches");
-			Element outboundRoot = root.getFirstChildElement("outbound-rules");
-			Element beanShellRoot = root.getFirstChildElement("bean-shell-rules");
-			
-			
-			/**
-			 * Parse the 'aliases' section.
-			 */
-			if ( aliasesRoot != null ) {
-				Elements aliases = aliasesRoot.getChildElements("alias");
-	
-				for(int i=0;i<aliases.size();i++) {
-					Element e = aliases.get(i);
-					String name = e.getAttributeValue("name");
-					String type = e.getAttributeValue("type");
-					String value = e.getValue();
-					if ( REGEX.equals(type) ) {
-						config.addAlias(name, Pattern.compile(value));
-					} else {
-						config.addAlias(name, value);
-					}
-				}
-			}
-			
-			/**
-			 * Parse the 'settings' section.
-			 */
-			if ( settingsRoot == null ) {
-				throw new ConfigurationException("", "The <settings> section is required");
-			} else if ( settingsRoot != null ) {
-				
-				
-				try {
-					String sessionCookieName = settingsRoot.getFirstChildElement("session-cookie-name").getValue();
-					if ( ! "".equals(sessionCookieName) ) {
-						config.setSessionCookieName(sessionCookieName);
-					}
-				} catch (NullPointerException npe) {
-					config.setSessionCookieName(DEFAULT_SESSION_COOKIE);
-				}
-
-				String mode = settingsRoot.getFirstChildElement("mode").getValue();
-				
-				if ( "block".equals(mode.toLowerCase() ) ) {
-					AppGuardianConfiguration.DEFAULT_FAIL_ACTION = AppGuardianConfiguration.BLOCK;
-				} else if ( "redirect".equals(mode.toLowerCase() ) ){
-					AppGuardianConfiguration.DEFAULT_FAIL_ACTION = AppGuardianConfiguration.REDIRECT;
-				} else {
-					AppGuardianConfiguration.DEFAULT_FAIL_ACTION = AppGuardianConfiguration.LOG;
-				}
-	
-				Element errorHandlingRoot = settingsRoot.getFirstChildElement("error-handling");
-	
-				config.setDefaultErrorPage( errorHandlingRoot.getFirstChildElement("default-redirect-page").getValue() );
-	
-				try {
-					config.setDefaultResponseCode( Integer.parseInt(errorHandlingRoot.getFirstChildElement("block-status").getValue()) );
-				} catch (Exception e) {
-					config.setDefaultResponseCode( DEFAULT_RESPONSE_CODE );
-				}
-			}
-			
-			/*
-			 * The WAF separate logging is going to be merged in the 2.0
-			 * release, so this is deprecated.
-			 */
-			Element loggingRoot = settingsRoot.getFirstChildElement("logging");
-			if ( loggingRoot != null ) {
-				config.setLogDirectory(loggingRoot.getFirstChildElement("log-directory").getValue());
-				config.setLogLevel(Level.toLevel(loggingRoot.getFirstChildElement("log-level").getValue()));
-			}
-			
-			/**
-			 * Parse the 'authentication-rules' section if they have one.
-			 */
-			if ( authNRoot != null ) {
-				String key = authNRoot.getAttributeValue("key");
-				String path = authNRoot.getAttributeValue("path");
-				String id = authNRoot.getAttributeValue("id");
-
-				if ( path != null && key != null ) {
-					config.addBeforeBodyRule(new AuthenticatedRule(id,key,Pattern.compile(path),getExceptionsFromElement(authNRoot)));
-				} else if ( key != null ) {
-					config.addBeforeBodyRule(new AuthenticatedRule(id,key,null,getExceptionsFromElement(authNRoot)));
-				} else {
-					throw new ConfigurationException("","The <authentication-rules> rule requires a 'key' attribute");
-				}
-			}
-
-			/**
-			 * Parse 'authorization-rules' section if they have one.
-			 */
-
-			if ( authZRoot != null ) {
-
-				Elements restrictNodes = authZRoot.getChildElements("restrict-source-ip");
-
-				for(int i=0;i<restrictNodes.size();i++) {
-
-					Element restrictNodeRoot = restrictNodes.get(i);
-					String id = restrictNodeRoot.getAttributeValue("id");
-					Pattern ips = Pattern.compile(restrictNodeRoot.getAttributeValue("ip-regex"));
-					String ipHeader = restrictNodeRoot.getAttributeValue("ip-header");
-					if ( REGEX.equalsIgnoreCase(restrictNodeRoot.getAttributeValue("type")) ) {
-						config.addBeforeBodyRule( new IPRule(id, ips, Pattern.compile(restrictNodeRoot.getValue()),ipHeader));
-					} else {
-						config.addBeforeBodyRule( new IPRule(id, ips, restrictNodeRoot.getValue()) );
-					}
-
-				}
-
-				Elements mustMatchNodes = authZRoot.getChildElements("must-match");
-
-				for(int i=0;i<mustMatchNodes.size();i++) {
-
-					Element e = mustMatchNodes.get(i);
-					Pattern path = Pattern.compile(e.getAttributeValue("path"));
-					String variable = e.getAttributeValue("variable");
-					String value = e.getAttributeValue("value");
-					String operator = e.getAttributeValue("operator");
-					String id = e.getAttributeValue("id");
-					int op = AppGuardianConfiguration.OPERATOR_EQ;
-
-					if ( "exists".equalsIgnoreCase(operator)) {
-						op = AppGuardianConfiguration.OPERATOR_EXISTS;
-					} else if ( "inList".equalsIgnoreCase(operator)) {
-						op = AppGuardianConfiguration.OPERATOR_IN_LIST;
-					} else if ( "contains".equalsIgnoreCase(operator)) {
-						op = AppGuardianConfiguration.OPERATOR_CONTAINS;
-					}
-
-					config.addAfterBodyRule( new MustMatchRule(id, path,variable,op,value) );
-				}
-
-			}
-
-			/**
-			 * Parse the 'url-rules' section if they have one.
-			 */
-			if ( urlRoot != null ) {
-
-				Elements restrictExtensionNodes = urlRoot.getChildElements("restrict-extension");
-				Elements restrictMethodNodes = urlRoot.getChildElements("restrict-method");
-				Elements enforceHttpsNodes = urlRoot.getChildElements("enforce-https");
-
-				/*
-				 * Read in rules that allow an app to restrict by extension.
-				 * E.g., you may want to explicitly only allow:
-				 *  .jsp, .jpg, .gif, .css, .js, etc.
-				 *
-				 * You may also want to instead explicitly deny:
-				 * .bak, .log, .txt, etc.
-				 */
-
-				for (int i=0;i<restrictExtensionNodes.size();i++) {
-
-					Element e = restrictExtensionNodes.get(i);
-					String allow = e.getAttributeValue("allow");
-					String deny = e.getAttributeValue("deny");
-					String id = e.getAttributeValue("id");
-
-					if ( allow != null && deny != null ) {
-						throw new ConfigurationException("", "restrict-extension rules can't have both 'allow' and 'deny'" );
-					}
-
-					if ( allow != null ) {
-
-						config.addBeforeBodyRule( new PathExtensionRule(id,Pattern.compile( ".*\\" + allow + "$"),null) );
-
-					} else if ( deny != null ) {
-
-						config.addBeforeBodyRule( new PathExtensionRule(id, null,Pattern.compile( ".*\\" + deny + "$")) );
-
-					} else {
-						throw new ConfigurationException("", "restrict extension rule should have either a 'deny' or 'allow' attribute");
-					}
-				}
-
-				/*
-				 * Read in rules that allow the site to control
-				 * which HTTP methods are allowed to reach the
-				 * app.
-				 *
-				 * 99% of the time, you'll only need POST and
-				 * GET.
-				 */
-				for (int i=0;i<restrictMethodNodes.size();i++) {
-
-					Element e = restrictMethodNodes.get(i);
-
-					String allow = e.getAttributeValue("allow");
-					String deny = e.getAttributeValue("deny");
-					String path = e.getAttributeValue("path");
-					String id = e.getAttributeValue("id");
-
-					if ( path == null ) {
-						path = DEFAULT_PATH_APPLY_ALL;
-					}
-
-					if ( allow != null && deny != null ) {
-						throw new ConfigurationException("", "restrict-method rule should not have both 'allow' and 'deny' values");
-					}
-
-					if ( allow != null ) {
-
-						config.addBeforeBodyRule( new HTTPMethodRule(id, Pattern.compile(allow), null, Pattern.compile(path)) );
-
-					} else if ( deny != null ) {
-
-						config.addBeforeBodyRule( new HTTPMethodRule(id, null, Pattern.compile(deny), Pattern.compile(path)) );
-
-					} else {
-						throw new ConfigurationException("", "restrict-method rule should have either an 'allow' or 'deny' value");
-					}
-				}
-
-				for (int i=0;i<enforceHttpsNodes.size();i++) {
-
-					Element e = (Element)enforceHttpsNodes.get(i);
-					String path = e.getAttributeValue("path");
-					String action = e.getAttributeValue("action");
-					String id = e.getAttributeValue("id");
-					List<Object> exceptions = getExceptionsFromElement(e);
-
-					config.addBeforeBodyRule( new EnforceHTTPSRule(id, Pattern.compile(path), exceptions, action) );
-				}
-
-			}
-
-			if ( headerRoot != null ) {
-
-				Elements restrictContentTypes = headerRoot.getChildElements("restrict-content-type");
-				Elements restrictUserAgents = headerRoot.getChildElements("restrict-user-agent");
-
-				for(int i=0;i<restrictContentTypes.size();i++) {
-
-					Element e = restrictContentTypes.get(i);
-					String allow = e.getAttributeValue("allow");
-					String deny = e.getAttributeValue("deny");
-					String id = e.getAttributeValue("id");
-
-					if ( allow != null && deny != null ) {
-						throw new ConfigurationException("", "restrict-content-type rule should not have both 'allow' and 'deny' values");
-					}
-
-					if ( allow != null ) {
-
-						config.addBeforeBodyRule( new RestrictContentTypeRule(id, Pattern.compile(allow), null) );
-
-					} else if ( deny != null ) {
-
-						config.addBeforeBodyRule( new RestrictContentTypeRule(id, null, Pattern.compile(deny)) );
-
-					} else {
-						throw new ConfigurationException("", "restrict-content-type rule should have either an 'allow' or 'deny' value");
-					}
-				}
-
-				for(int i=0;i<restrictUserAgents.size();i++) {
-					Element e = restrictUserAgents.get(i);
-					String id = e.getAttributeValue("id");
-					String allow = e.getAttributeValue("allow");
-					String deny = e.getAttributeValue("deny");
-					if ( allow != null && deny != null ) {
-						throw new ConfigurationException("", "restrict-user-agent rule should not have both 'allow' and 'deny' values");
-					}
-
-					if ( allow != null ) {
-						
-						config.addBeforeBodyRule( new RestrictUserAgentRule(id, Pattern.compile(allow), null) );
-
-					} else if ( deny != null ) {
-
-						config.addBeforeBodyRule( new RestrictUserAgentRule(id, null, Pattern.compile(deny)) );
-
-					} else {
-						throw new ConfigurationException("", "restrict-user-agent rule should have either an 'allow' or 'deny' value");
-					}
-				}
-
-			}
-
-			if ( virtualPatchesRoot != null ) {
-				Elements virtualPatchNodes = virtualPatchesRoot.getChildElements("virtual-patch");
-				for(int i=0;i<virtualPatchNodes.size();i++) {
-					Element e = virtualPatchNodes.get(i);
-					String id = e.getAttributeValue("id");
-					String path = e.getAttributeValue("path");
-					String variable = e.getAttributeValue("variable");
-					String pattern = e.getAttributeValue("pattern");
-					String message = e.getAttributeValue("message");
-
-					config.addAfterBodyRule( new SimpleVirtualPatchRule(id, Pattern.compile(path), variable, Pattern.compile(pattern), message) );
-				}
-			}
-
-			// Haven't implemented this yet. Not sure what we want those rules to look like.
-			/*
-			if ( customRulesRoot != null ) {
-				Elements rules = customRulesRoot.getChildElements("rule");
-				
-				 // Parse the complex rules.
-				 
-			}
-			*/
-			
-			if ( outboundRoot != null ) {
-
-				/*
-				 * Parse the <add-header> rules. This could be used to add:
-				 * - X-I-DONT-WANT-TO-BE-FRAMED
-				 * - Caching prevention headers
-				 * - Custom application headers
-				 */
-
-				Elements addHeaderNodes = outboundRoot.getChildElements("add-header");
-
-				for(int i=0;i<addHeaderNodes.size();i++) {
-					Element e = addHeaderNodes.get(i);
-					String name = e.getAttributeValue("name");
-					String value = e.getAttributeValue("value");
-					String path = e.getAttributeValue("path");
-					String id = e.getAttributeValue("id");
-
-					if ( path == null ) {
-						path = DEFAULT_PATH_APPLY_ALL;
-					}
-
-					AddHeaderRule ahr = new AddHeaderRule(id, name, value, Pattern.compile(path), getExceptionsFromElement(e));
-					config.addBeforeResponseRule(ahr);
-
-				}
-
-				/*
-				 * Parse the <add-http-only-flag> rules that allow
-				 * us to add the HTTPOnly flag to cookies, both
-				 * custom and app server.
-				 */
-				Elements addHTTPOnlyFlagNodes = outboundRoot.getChildElements("add-http-only-flag");
-
-				for(int i=0;i<addHTTPOnlyFlagNodes.size();i++) {
-					Element e = addHTTPOnlyFlagNodes.get(i);
-
-					Elements cookiePatterns = e.getChildElements("cookie");
-					String id = e.getAttributeValue("id");
-					ArrayList<Pattern> patterns = new ArrayList<Pattern>();
-
-					for(int j=0;j<cookiePatterns.size();j++) {
-						Element cookie = cookiePatterns.get(j);
-						patterns.add(Pattern.compile(cookie.getAttributeValue("name")));
-					}
-
-					AddHTTPOnlyFlagRule ahfr = new AddHTTPOnlyFlagRule(id, patterns);
-					config.addCookieRule(ahfr);
-
-					if ( ahfr.doesCookieMatch(config.getSessionCookieName()) ) {
-						config.setApplyHTTPOnlyFlagToSessionCookie(true);
-					}
-				}
-
-				/*
-				 * Parse the <add-secure-flag> rules that allow
-				 * us to add the secure flag to cookies, both
-				 * custom and app server.
-				 */
-				Elements addSecureFlagNodes = outboundRoot.getChildElements("add-secure-flag");
-
-				for(int i=0;i<addSecureFlagNodes.size();i++) {
-					Element e = addSecureFlagNodes.get(i);
-					String id = e.getAttributeValue("id");
-					Elements cookiePatterns = e.getChildElements("cookie");
-					ArrayList<Pattern> patterns = new ArrayList<Pattern>();
-
-					for(int j=0;j<cookiePatterns.size();j++) {
-						Element cookie = cookiePatterns.get(j);
-						patterns.add(Pattern.compile(cookie.getAttributeValue("name")));
-					}
-
-					AddSecureFlagRule asfr = new AddSecureFlagRule(id, patterns);
-					config.addCookieRule(asfr);
-
-					if ( asfr.doesCookieMatch(config.getSessionCookieName()) ) {
-						config.setApplySecureFlagToSessionCookie(true);
-					}
-
-				}
-
-				/*
-				 * Parse dynamic-insertion nodes that allow us to dynamically
-				 * insert stuff into responses.
-				 */
-				Elements dynamicInsertionNodes = outboundRoot.getChildElements("dynamic-insertion");
-
-				for(int i=0;i<dynamicInsertionNodes.size();i++) {
-
-					Element e = dynamicInsertionNodes.get(i);
-					String pattern = e.getAttributeValue("pattern");
-					String id = e.getAttributeValue("id");
-					String contentType = e.getAttributeValue("content-type");
-					String urlPaths = e.getAttributeValue("path");
-					Element replacement = e.getFirstChildElement("replacement");
-
-					ReplaceContentRule rcr = new ReplaceContentRule(
-							id, 
-							Pattern.compile(pattern,Pattern.DOTALL), 
-							replacement.getValue(),
-							contentType != null ? Pattern.compile(contentType) : null,
-							urlPaths != null ? Pattern.compile(urlPaths) : null);
-					
-					config.addBeforeResponseRule(rcr);
-
-				}
-
-				/*
-				 * Parse detect-content nodes that allow us to simply detect data
-				 * leaving in responses.
-				 */
-				Elements detectContentNodes = outboundRoot.getChildElements("detect-content");
-
-				for(int i=0;i<detectContentNodes.size();i++) {
-
-					Element e = detectContentNodes.get(i);
-					String token = e.getAttributeValue("pattern");
-					String contentType = e.getAttributeValue("content-type");
-					String id = e.getAttributeValue("id");
-					String path = e.getAttributeValue("path");
-
-					if ( token == null ) {
-						throw new ConfigurationException("", "<detect-content> rules must contain a 'pattern' attribute");
-					} else if ( contentType == null ) {
-						throw new ConfigurationException("", "<detect-content> rules must contain a 'content-type' attribute");
-					}
-
-					DetectOutboundContentRule docr = new DetectOutboundContentRule(
-							id, 
-							Pattern.compile(contentType),
-							Pattern.compile(token,Pattern.DOTALL),
-							path != null ? Pattern.compile(path) : null);
-					
-					config.addBeforeResponseRule(docr);
-
-				}
-
-			}
-			
-			/**
-			 * Parse the 'bean-shell-rules' section.
-			 */
-			
-			if ( beanShellRoot != null ) {
-			
-				Elements beanShellRules = beanShellRoot.getChildElements("bean-shell-script");
-				
-				for (int i=0;i<beanShellRules.size(); i++) {
-
-					Element e = beanShellRules.get(i);
-					
-					String id = e.getAttributeValue("id");
-					String fileName = e.getAttributeValue("file");
-					String stage = e.getAttributeValue("stage"); //
-					String path = e.getAttributeValue("path");
-					
-					if ( id == null ) {
-						throw new ConfigurationException("", "bean shell rules all require a unique 'id' attribute");
-					}
-					
-					if ( fileName == null ) {
-						throw new ConfigurationException("", "bean shell rules all require a unique 'file' attribute that has the location of the .bsh script" );
-					}
-					
-					try {
-						
-						BeanShellRule bsr = new BeanShellRule(
-								webRootDir + fileName, 
-								id,
-								path != null ? Pattern.compile(path) : null);
-						
-						if ( STAGES[0].equals(stage) ) {
-							config.addBeforeBodyRule(bsr);
-						} else if ( STAGES[1].equals(stage)) {
-							config.addAfterBodyRule(bsr);
-						} else if ( STAGES[2].equals(stage)) {
-							config.addBeforeResponseRule(bsr);
-						} else {
-							throw new ConfigurationException("", "bean shell rules all require a 'stage' attribute when the rule should be fired (valid values are " + STAGES[0] + ", " + STAGES[1] + ", or " + STAGES[2] + ")" );
-						}
-												
-					} catch (FileNotFoundException fnfe) {
-						throw new ConfigurationException ("", "bean shell rule '" + id + "' had a source file that could not be found (" + fileName + "), web directory = " + webRootDir );
-					} catch (EvalError ee) {
-						throw new ConfigurationException ("", "bean shell rule '" + id + "' contained an error (" + ee.getErrorText() + "): " + ee.getScriptStackTrace());
-					}
-					
-				}
-			}
-
-		} catch (ValidityException e) {
-			throw new ConfigurationException("", "Problem validating WAF XML file", e);
-		} catch (ParsingException e) {
-			throw new ConfigurationException("", "Problem parsing WAF XML file", e);
-		} catch (IOException e) {
-			throw new ConfigurationException("", "I/O problem reading WAF XML file", e);
-		}
-
-		return config;
-
-	}
-
-	private static List<Object> getExceptionsFromElement(Element root) {
-		Elements exceptions = root.getChildElements("path-exception");
-		ArrayList<Object> exceptionList = new ArrayList<Object>();
-
-		for(int i=0;i<exceptions.size();i++) {
-			Element e = exceptions.get(i);
-			if ( REGEX.equalsIgnoreCase(e.getAttributeValue("type"))) {
-				exceptionList.add( Pattern.compile(e.getValue()) );
-			} else {
-				exceptionList.add( e.getValue() );
-			}
-		}
-		return exceptionList;
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.configuration;
+
+import java.io.FileNotFoundException;
+import java.io.IOException;
+
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.regex.Pattern;
+
+import nu.xom.Builder;
+import nu.xom.Document;
+import nu.xom.Element;
+import nu.xom.Elements;
+import nu.xom.ParsingException;
+import nu.xom.ValidityException;
+
+import org.apache.log4j.Level;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.waf.ConfigurationException;
+import org.owasp.esapi.waf.rules.AddHTTPOnlyFlagRule;
+import org.owasp.esapi.waf.rules.AddHeaderRule;
+import org.owasp.esapi.waf.rules.AddSecureFlagRule;
+import org.owasp.esapi.waf.rules.AuthenticatedRule;
+import org.owasp.esapi.waf.rules.BeanShellRule;
+import org.owasp.esapi.waf.rules.DetectOutboundContentRule;
+import org.owasp.esapi.waf.rules.EnforceHTTPSRule;
+import org.owasp.esapi.waf.rules.HTTPMethodRule;
+import org.owasp.esapi.waf.rules.IPRule;
+import org.owasp.esapi.waf.rules.MustMatchRule;
+import org.owasp.esapi.waf.rules.PathExtensionRule;
+import org.owasp.esapi.waf.rules.ReplaceContentRule;
+import org.owasp.esapi.waf.rules.RestrictContentTypeRule;
+import org.owasp.esapi.waf.rules.RestrictUserAgentRule;
+import org.owasp.esapi.waf.rules.SimpleVirtualPatchRule;
+
+import bsh.EvalError;
+
+/**
+ * 
+ * The class used to turn a policy file's contents into an object model. 
+ * 
+ * @author Arshan Dabirsiaghi
+ * @see org.owasp.esapi.waf.configuration.AppGuardianConfiguration
+ */
+public class ConfigurationParser {
+
+	private static final String REGEX = "regex";
+	private static final String DEFAULT_PATH_APPLY_ALL = ".*";
+	private static final int DEFAULT_RESPONSE_CODE = 403;
+	private static final String DEFAULT_SESSION_COOKIE;
+	
+	static {
+		String sessionIdName = null;
+		try {
+			sessionIdName = ESAPI.securityConfiguration().getHttpSessionIdName();
+		} catch (Throwable t) {
+			sessionIdName = "JSESSIONID";	// If all else fails...
+		}
+		DEFAULT_SESSION_COOKIE = sessionIdName;
+	}
+	
+	private static final String[] STAGES = {
+		"before-request-body",
+		"after-request-body",
+		"before-response"
+	};
+	
+	public static AppGuardianConfiguration readConfigurationFile(InputStream stream, String webRootDir) throws ConfigurationException {
+
+		AppGuardianConfiguration config = new AppGuardianConfiguration();
+
+		Builder parser = new Builder();
+		Document doc;
+		Element root;
+
+		try {
+
+			doc = parser.build(stream);
+			root = doc.getRootElement();
+
+			Element aliasesRoot = root.getFirstChildElement("aliases");
+			Element settingsRoot = root.getFirstChildElement("settings");
+			Element authNRoot = root.getFirstChildElement("authentication-rules");
+			Element authZRoot = root.getFirstChildElement("authorization-rules");
+			Element urlRoot = root.getFirstChildElement("url-rules");
+			Element headerRoot = root.getFirstChildElement("header-rules");
+			Element customRulesRoot = root.getFirstChildElement("custom-rules");;
+			Element virtualPatchesRoot = root.getFirstChildElement("virtual-patches");
+			Element outboundRoot = root.getFirstChildElement("outbound-rules");
+			Element beanShellRoot = root.getFirstChildElement("bean-shell-rules");
+			
+			
+			/**
+			 * Parse the 'aliases' section.
+			 */
+			if ( aliasesRoot != null ) {
+				Elements aliases = aliasesRoot.getChildElements("alias");
+	
+				for(int i=0;i<aliases.size();i++) {
+					Element e = aliases.get(i);
+					String name = e.getAttributeValue("name");
+					String type = e.getAttributeValue("type");
+					String value = e.getValue();
+					if ( REGEX.equals(type) ) {
+						config.addAlias(name, Pattern.compile(value));
+					} else {
+						config.addAlias(name, value);
+					}
+				}
+			}
+			
+			/**
+			 * Parse the 'settings' section.
+			 */
+			if ( settingsRoot == null ) {
+				throw new ConfigurationException("", "The <settings> section is required");
+			} else if ( settingsRoot != null ) {
+				
+				
+				try {
+					String sessionCookieName = settingsRoot.getFirstChildElement("session-cookie-name").getValue();
+					if ( ! "".equals(sessionCookieName) ) {
+						config.setSessionCookieName(sessionCookieName);
+					}
+				} catch (NullPointerException npe) {
+					config.setSessionCookieName(DEFAULT_SESSION_COOKIE);
+				}
+
+				String mode = settingsRoot.getFirstChildElement("mode").getValue();
+				
+				if ( "block".equals(mode.toLowerCase() ) ) {
+					AppGuardianConfiguration.DEFAULT_FAIL_ACTION = AppGuardianConfiguration.BLOCK;
+				} else if ( "redirect".equals(mode.toLowerCase() ) ){
+					AppGuardianConfiguration.DEFAULT_FAIL_ACTION = AppGuardianConfiguration.REDIRECT;
+				} else {
+					AppGuardianConfiguration.DEFAULT_FAIL_ACTION = AppGuardianConfiguration.LOG;
+				}
+	
+				Element errorHandlingRoot = settingsRoot.getFirstChildElement("error-handling");
+	
+				config.setDefaultErrorPage( errorHandlingRoot.getFirstChildElement("default-redirect-page").getValue() );
+	
+				try {
+					config.setDefaultResponseCode( Integer.parseInt(errorHandlingRoot.getFirstChildElement("block-status").getValue()) );
+				} catch (Exception e) {
+					config.setDefaultResponseCode( DEFAULT_RESPONSE_CODE );
+				}
+			}
+			
+			/*
+			 * The WAF separate logging is going to be merged in the 2.0
+			 * release, so this is deprecated.
+			 */
+			Element loggingRoot = settingsRoot.getFirstChildElement("logging");
+			if ( loggingRoot != null ) {
+				config.setLogDirectory(loggingRoot.getFirstChildElement("log-directory").getValue());
+				config.setLogLevel(Level.toLevel(loggingRoot.getFirstChildElement("log-level").getValue()));
+			}
+			
+			/**
+			 * Parse the 'authentication-rules' section if they have one.
+			 */
+			if ( authNRoot != null ) {
+				String key = authNRoot.getAttributeValue("key");
+				String path = authNRoot.getAttributeValue("path");
+				String id = authNRoot.getAttributeValue("id");
+
+				if ( path != null && key != null ) {
+					config.addBeforeBodyRule(new AuthenticatedRule(id,key,Pattern.compile(path),getExceptionsFromElement(authNRoot)));
+				} else if ( key != null ) {
+					config.addBeforeBodyRule(new AuthenticatedRule(id,key,null,getExceptionsFromElement(authNRoot)));
+				} else {
+					throw new ConfigurationException("","The <authentication-rules> rule requires a 'key' attribute");
+				}
+			}
+
+			/**
+			 * Parse 'authorization-rules' section if they have one.
+			 */
+
+			if ( authZRoot != null ) {
+
+				Elements restrictNodes = authZRoot.getChildElements("restrict-source-ip");
+
+				for(int i=0;i<restrictNodes.size();i++) {
+
+					Element restrictNodeRoot = restrictNodes.get(i);
+					String id = restrictNodeRoot.getAttributeValue("id");
+					Pattern ips = Pattern.compile(restrictNodeRoot.getAttributeValue("ip-regex"));
+					String ipHeader = restrictNodeRoot.getAttributeValue("ip-header");
+					if ( REGEX.equalsIgnoreCase(restrictNodeRoot.getAttributeValue("type")) ) {
+						config.addBeforeBodyRule( new IPRule(id, ips, Pattern.compile(restrictNodeRoot.getValue()),ipHeader));
+					} else {
+						config.addBeforeBodyRule( new IPRule(id, ips, restrictNodeRoot.getValue()) );
+					}
+
+				}
+
+				Elements mustMatchNodes = authZRoot.getChildElements("must-match");
+
+				for(int i=0;i<mustMatchNodes.size();i++) {
+
+					Element e = mustMatchNodes.get(i);
+					Pattern path = Pattern.compile(e.getAttributeValue("path"));
+					String variable = e.getAttributeValue("variable");
+					String value = e.getAttributeValue("value");
+					String operator = e.getAttributeValue("operator");
+					String id = e.getAttributeValue("id");
+					int op = AppGuardianConfiguration.OPERATOR_EQ;
+
+					if ( "exists".equalsIgnoreCase(operator)) {
+						op = AppGuardianConfiguration.OPERATOR_EXISTS;
+					} else if ( "inList".equalsIgnoreCase(operator)) {
+						op = AppGuardianConfiguration.OPERATOR_IN_LIST;
+					} else if ( "contains".equalsIgnoreCase(operator)) {
+						op = AppGuardianConfiguration.OPERATOR_CONTAINS;
+					}
+
+					config.addAfterBodyRule( new MustMatchRule(id, path,variable,op,value) );
+				}
+
+			}
+
+			/**
+			 * Parse the 'url-rules' section if they have one.
+			 */
+			if ( urlRoot != null ) {
+
+				Elements restrictExtensionNodes = urlRoot.getChildElements("restrict-extension");
+				Elements restrictMethodNodes = urlRoot.getChildElements("restrict-method");
+				Elements enforceHttpsNodes = urlRoot.getChildElements("enforce-https");
+
+				/*
+				 * Read in rules that allow an app to restrict by extension.
+				 * E.g., you may want to explicitly only allow:
+				 *  .jsp, .jpg, .gif, .css, .js, etc.
+				 *
+				 * You may also want to instead explicitly deny:
+				 * .bak, .log, .txt, etc.
+				 */
+
+				for (int i=0;i<restrictExtensionNodes.size();i++) {
+
+					Element e = restrictExtensionNodes.get(i);
+					String allow = e.getAttributeValue("allow");
+					String deny = e.getAttributeValue("deny");
+					String id = e.getAttributeValue("id");
+
+					if ( allow != null && deny != null ) {
+						throw new ConfigurationException("", "restrict-extension rules can't have both 'allow' and 'deny'" );
+					}
+
+					if ( allow != null ) {
+
+						config.addBeforeBodyRule( new PathExtensionRule(id,Pattern.compile( ".*\\" + allow + "$"),null) );
+
+					} else if ( deny != null ) {
+
+						config.addBeforeBodyRule( new PathExtensionRule(id, null,Pattern.compile( ".*\\" + deny + "$")) );
+
+					} else {
+						throw new ConfigurationException("", "restrict extension rule should have either a 'deny' or 'allow' attribute");
+					}
+				}
+
+				/*
+				 * Read in rules that allow the site to control
+				 * which HTTP methods are allowed to reach the
+				 * app.
+				 *
+				 * 99% of the time, you'll only need POST and
+				 * GET.
+				 */
+				for (int i=0;i<restrictMethodNodes.size();i++) {
+
+					Element e = restrictMethodNodes.get(i);
+
+					String allow = e.getAttributeValue("allow");
+					String deny = e.getAttributeValue("deny");
+					String path = e.getAttributeValue("path");
+					String id = e.getAttributeValue("id");
+
+					if ( path == null ) {
+						path = DEFAULT_PATH_APPLY_ALL;
+					}
+
+					if ( allow != null && deny != null ) {
+						throw new ConfigurationException("", "restrict-method rule should not have both 'allow' and 'deny' values");
+					}
+
+					if ( allow != null ) {
+
+						config.addBeforeBodyRule( new HTTPMethodRule(id, Pattern.compile(allow), null, Pattern.compile(path)) );
+
+					} else if ( deny != null ) {
+
+						config.addBeforeBodyRule( new HTTPMethodRule(id, null, Pattern.compile(deny), Pattern.compile(path)) );
+
+					} else {
+						throw new ConfigurationException("", "restrict-method rule should have either an 'allow' or 'deny' value");
+					}
+				}
+
+				for (int i=0;i<enforceHttpsNodes.size();i++) {
+
+					Element e = (Element)enforceHttpsNodes.get(i);
+					String path = e.getAttributeValue("path");
+					String action = e.getAttributeValue("action");
+					String id = e.getAttributeValue("id");
+					List<Object> exceptions = getExceptionsFromElement(e);
+
+					config.addBeforeBodyRule( new EnforceHTTPSRule(id, Pattern.compile(path), exceptions, action) );
+				}
+
+			}
+
+			if ( headerRoot != null ) {
+
+				Elements restrictContentTypes = headerRoot.getChildElements("restrict-content-type");
+				Elements restrictUserAgents = headerRoot.getChildElements("restrict-user-agent");
+
+				for(int i=0;i<restrictContentTypes.size();i++) {
+
+					Element e = restrictContentTypes.get(i);
+					String allow = e.getAttributeValue("allow");
+					String deny = e.getAttributeValue("deny");
+					String id = e.getAttributeValue("id");
+
+					if ( allow != null && deny != null ) {
+						throw new ConfigurationException("", "restrict-content-type rule should not have both 'allow' and 'deny' values");
+					}
+
+					if ( allow != null ) {
+
+						config.addBeforeBodyRule( new RestrictContentTypeRule(id, Pattern.compile(allow), null) );
+
+					} else if ( deny != null ) {
+
+						config.addBeforeBodyRule( new RestrictContentTypeRule(id, null, Pattern.compile(deny)) );
+
+					} else {
+						throw new ConfigurationException("", "restrict-content-type rule should have either an 'allow' or 'deny' value");
+					}
+				}
+
+				for(int i=0;i<restrictUserAgents.size();i++) {
+					Element e = restrictUserAgents.get(i);
+					String id = e.getAttributeValue("id");
+					String allow = e.getAttributeValue("allow");
+					String deny = e.getAttributeValue("deny");
+					if ( allow != null && deny != null ) {
+						throw new ConfigurationException("", "restrict-user-agent rule should not have both 'allow' and 'deny' values");
+					}
+
+					if ( allow != null ) {
+						
+						config.addBeforeBodyRule( new RestrictUserAgentRule(id, Pattern.compile(allow), null) );
+
+					} else if ( deny != null ) {
+
+						config.addBeforeBodyRule( new RestrictUserAgentRule(id, null, Pattern.compile(deny)) );
+
+					} else {
+						throw new ConfigurationException("", "restrict-user-agent rule should have either an 'allow' or 'deny' value");
+					}
+				}
+
+			}
+
+			if ( virtualPatchesRoot != null ) {
+				Elements virtualPatchNodes = virtualPatchesRoot.getChildElements("virtual-patch");
+				for(int i=0;i<virtualPatchNodes.size();i++) {
+					Element e = virtualPatchNodes.get(i);
+					String id = e.getAttributeValue("id");
+					String path = e.getAttributeValue("path");
+					String variable = e.getAttributeValue("variable");
+					String pattern = e.getAttributeValue("pattern");
+					String message = e.getAttributeValue("message");
+
+					config.addAfterBodyRule( new SimpleVirtualPatchRule(id, Pattern.compile(path), variable, Pattern.compile(pattern), message) );
+				}
+			}
+
+			// Haven't implemented this yet. Not sure what we want those rules to look like.
+			/*
+			if ( customRulesRoot != null ) {
+				Elements rules = customRulesRoot.getChildElements("rule");
+				
+				 // Parse the complex rules.
+				 
+			}
+			*/
+			
+			if ( outboundRoot != null ) {
+
+				/*
+				 * Parse the <add-header> rules. This could be used to add:
+				 * - X-I-DONT-WANT-TO-BE-FRAMED
+				 * - Caching prevention headers
+				 * - Custom application headers
+				 */
+
+				Elements addHeaderNodes = outboundRoot.getChildElements("add-header");
+
+				for(int i=0;i<addHeaderNodes.size();i++) {
+					Element e = addHeaderNodes.get(i);
+					String name = e.getAttributeValue("name");
+					String value = e.getAttributeValue("value");
+					String path = e.getAttributeValue("path");
+					String id = e.getAttributeValue("id");
+
+					if ( path == null ) {
+						path = DEFAULT_PATH_APPLY_ALL;
+					}
+
+					AddHeaderRule ahr = new AddHeaderRule(id, name, value, Pattern.compile(path), getExceptionsFromElement(e));
+					config.addBeforeResponseRule(ahr);
+
+				}
+
+				/*
+				 * Parse the <add-http-only-flag> rules that allow
+				 * us to add the HTTPOnly flag to cookies, both
+				 * custom and app server.
+				 */
+				Elements addHTTPOnlyFlagNodes = outboundRoot.getChildElements("add-http-only-flag");
+
+				for(int i=0;i<addHTTPOnlyFlagNodes.size();i++) {
+					Element e = addHTTPOnlyFlagNodes.get(i);
+
+					Elements cookiePatterns = e.getChildElements("cookie");
+					String id = e.getAttributeValue("id");
+					ArrayList<Pattern> patterns = new ArrayList<Pattern>();
+
+					for(int j=0;j<cookiePatterns.size();j++) {
+						Element cookie = cookiePatterns.get(j);
+						patterns.add(Pattern.compile(cookie.getAttributeValue("name")));
+					}
+
+					AddHTTPOnlyFlagRule ahfr = new AddHTTPOnlyFlagRule(id, patterns);
+					config.addCookieRule(ahfr);
+
+					if ( ahfr.doesCookieMatch(config.getSessionCookieName()) ) {
+						config.setApplyHTTPOnlyFlagToSessionCookie(true);
+					}
+				}
+
+				/*
+				 * Parse the <add-secure-flag> rules that allow
+				 * us to add the secure flag to cookies, both
+				 * custom and app server.
+				 */
+				Elements addSecureFlagNodes = outboundRoot.getChildElements("add-secure-flag");
+
+				for(int i=0;i<addSecureFlagNodes.size();i++) {
+					Element e = addSecureFlagNodes.get(i);
+					String id = e.getAttributeValue("id");
+					Elements cookiePatterns = e.getChildElements("cookie");
+					ArrayList<Pattern> patterns = new ArrayList<Pattern>();
+
+					for(int j=0;j<cookiePatterns.size();j++) {
+						Element cookie = cookiePatterns.get(j);
+						patterns.add(Pattern.compile(cookie.getAttributeValue("name")));
+					}
+
+					AddSecureFlagRule asfr = new AddSecureFlagRule(id, patterns);
+					config.addCookieRule(asfr);
+
+					if ( asfr.doesCookieMatch(config.getSessionCookieName()) ) {
+						config.setApplySecureFlagToSessionCookie(true);
+					}
+
+				}
+
+				/*
+				 * Parse dynamic-insertion nodes that allow us to dynamically
+				 * insert stuff into responses.
+				 */
+				Elements dynamicInsertionNodes = outboundRoot.getChildElements("dynamic-insertion");
+
+				for(int i=0;i<dynamicInsertionNodes.size();i++) {
+
+					Element e = dynamicInsertionNodes.get(i);
+					String pattern = e.getAttributeValue("pattern");
+					String id = e.getAttributeValue("id");
+					String contentType = e.getAttributeValue("content-type");
+					String urlPaths = e.getAttributeValue("path");
+					Element replacement = e.getFirstChildElement("replacement");
+
+					ReplaceContentRule rcr = new ReplaceContentRule(
+							id, 
+							Pattern.compile(pattern,Pattern.DOTALL), 
+							replacement.getValue(),
+							contentType != null ? Pattern.compile(contentType) : null,
+							urlPaths != null ? Pattern.compile(urlPaths) : null);
+					
+					config.addBeforeResponseRule(rcr);
+
+				}
+
+				/*
+				 * Parse detect-content nodes that allow us to simply detect data
+				 * leaving in responses.
+				 */
+				Elements detectContentNodes = outboundRoot.getChildElements("detect-content");
+
+				for(int i=0;i<detectContentNodes.size();i++) {
+
+					Element e = detectContentNodes.get(i);
+					String token = e.getAttributeValue("pattern");
+					String contentType = e.getAttributeValue("content-type");
+					String id = e.getAttributeValue("id");
+					String path = e.getAttributeValue("path");
+
+					if ( token == null ) {
+						throw new ConfigurationException("", "<detect-content> rules must contain a 'pattern' attribute");
+					} else if ( contentType == null ) {
+						throw new ConfigurationException("", "<detect-content> rules must contain a 'content-type' attribute");
+					}
+
+					DetectOutboundContentRule docr = new DetectOutboundContentRule(
+							id, 
+							Pattern.compile(contentType),
+							Pattern.compile(token,Pattern.DOTALL),
+							path != null ? Pattern.compile(path) : null);
+					
+					config.addBeforeResponseRule(docr);
+
+				}
+
+			}
+			
+			/**
+			 * Parse the 'bean-shell-rules' section.
+			 */
+			
+			if ( beanShellRoot != null ) {
+			
+				Elements beanShellRules = beanShellRoot.getChildElements("bean-shell-script");
+				
+				for (int i=0;i<beanShellRules.size(); i++) {
+
+					Element e = beanShellRules.get(i);
+					
+					String id = e.getAttributeValue("id");
+					String fileName = e.getAttributeValue("file");
+					String stage = e.getAttributeValue("stage"); //
+					String path = e.getAttributeValue("path");
+					
+					if ( id == null ) {
+						throw new ConfigurationException("", "bean shell rules all require a unique 'id' attribute");
+					}
+					
+					if ( fileName == null ) {
+						throw new ConfigurationException("", "bean shell rules all require a unique 'file' attribute that has the location of the .bsh script" );
+					}
+					
+					try {
+						
+						BeanShellRule bsr = new BeanShellRule(
+								webRootDir + fileName, 
+								id,
+								path != null ? Pattern.compile(path) : null);
+						
+						if ( STAGES[0].equals(stage) ) {
+							config.addBeforeBodyRule(bsr);
+						} else if ( STAGES[1].equals(stage)) {
+							config.addAfterBodyRule(bsr);
+						} else if ( STAGES[2].equals(stage)) {
+							config.addBeforeResponseRule(bsr);
+						} else {
+							throw new ConfigurationException("", "bean shell rules all require a 'stage' attribute when the rule should be fired (valid values are " + STAGES[0] + ", " + STAGES[1] + ", or " + STAGES[2] + ")" );
+						}
+												
+					} catch (FileNotFoundException fnfe) {
+						throw new ConfigurationException ("", "bean shell rule '" + id + "' had a source file that could not be found (" + fileName + "), web directory = " + webRootDir );
+					} catch (EvalError ee) {
+						throw new ConfigurationException ("", "bean shell rule '" + id + "' contained an error (" + ee.getErrorText() + "): " + ee.getScriptStackTrace());
+					}
+					
+				}
+			}
+
+		} catch (ValidityException e) {
+			throw new ConfigurationException("", "Problem validating WAF XML file", e);
+		} catch (ParsingException e) {
+			throw new ConfigurationException("", "Problem parsing WAF XML file", e);
+		} catch (IOException e) {
+			throw new ConfigurationException("", "I/O problem reading WAF XML file", e);
+		}
+
+		return config;
+
+	}
+
+	private static List<Object> getExceptionsFromElement(Element root) {
+		Elements exceptions = root.getChildElements("path-exception");
+		ArrayList<Object> exceptionList = new ArrayList<Object>();
+
+		for(int i=0;i<exceptions.size();i++) {
+			Element e = exceptions.get(i);
+			if ( REGEX.equalsIgnoreCase(e.getAttributeValue("type"))) {
+				exceptionList.add( Pattern.compile(e.getValue()) );
+			} else {
+				exceptionList.add( e.getValue() );
+			}
+		}
+		return exceptionList;
+	}
+
+}

From bec5b4776617181d94efff93a95ffa63772ca84f Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:50 -0500
Subject: [PATCH 193/812] Change CRLF to LF for issue 356.

---
 .../esapi/waf/ConfigurationException.java     | 80 +++++++++----------
 1 file changed, 40 insertions(+), 40 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/waf/ConfigurationException.java b/src/main/java/org/owasp/esapi/waf/ConfigurationException.java
index 9ea04fd7b..e674e811b 100644
--- a/src/main/java/org/owasp/esapi/waf/ConfigurationException.java
+++ b/src/main/java/org/owasp/esapi/waf/ConfigurationException.java
@@ -1,40 +1,40 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf;
-
-import nu.xom.ValidityException;
-
-import org.owasp.esapi.errors.EnterpriseSecurityException;
-
-/**
- * The Exception to be thrown when there is an error parsing a policy file.
- * 
- * @author Arshan Dabirsiaghi
- * @see org.owasp.esapi.waf.configuration.ConfigurationParser
- *
- */
-public class ConfigurationException extends EnterpriseSecurityException {
-
-	public ConfigurationException(String userMsg, String logMsg) {
-		super(userMsg,logMsg);
-	}
-
-	public ConfigurationException(String userMsg, String logMsg,
-			Throwable t) {
-		super(userMsg,logMsg,t);
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf;
+
+import nu.xom.ValidityException;
+
+import org.owasp.esapi.errors.EnterpriseSecurityException;
+
+/**
+ * The Exception to be thrown when there is an error parsing a policy file.
+ * 
+ * @author Arshan Dabirsiaghi
+ * @see org.owasp.esapi.waf.configuration.ConfigurationParser
+ *
+ */
+public class ConfigurationException extends EnterpriseSecurityException {
+
+	public ConfigurationException(String userMsg, String logMsg) {
+		super(userMsg,logMsg);
+	}
+
+	public ConfigurationException(String userMsg, String logMsg,
+			Throwable t) {
+		super(userMsg,logMsg,t);
+	}
+
+}

From 827b719381dd3631655454b40ed25fcbf8d0e10e Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:50 -0500
Subject: [PATCH 194/812] Change CRLF to LF for issue 356.

---
 .../InterceptingHTTPServletRequest.java       | 378 +++++++++---------
 1 file changed, 189 insertions(+), 189 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/waf/internal/InterceptingHTTPServletRequest.java b/src/main/java/org/owasp/esapi/waf/internal/InterceptingHTTPServletRequest.java
index 6766f74e4..097b9d4a8 100644
--- a/src/main/java/org/owasp/esapi/waf/internal/InterceptingHTTPServletRequest.java
+++ b/src/main/java/org/owasp/esapi/waf/internal/InterceptingHTTPServletRequest.java
@@ -1,189 +1,189 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.internal;
-
-import java.io.BufferedReader;
-import java.io.File;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.io.RandomAccessFile;
-import java.util.Enumeration;
-import java.util.Vector;
-
-import javax.servlet.ServletInputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletRequestWrapper;
-
-import org.apache.commons.fileupload.FileItemIterator;
-import org.apache.commons.fileupload.FileItemStream;
-import org.apache.commons.fileupload.FileUploadException;
-import org.apache.commons.fileupload.servlet.ServletFileUpload;
-import org.apache.commons.fileupload.util.Streams;
-
-/**
- * The wrapper for the HttpServletRequest object which will be passed to the application
- * being protected by the WAF. It contains logic for parsing multipart parameters out of
- * the request and provided downstream application logic a way of accessing it like it 
- * hasn't been touched.
- * 
- * @author Arshan Dabirsiaghi
- *
- */
-public class InterceptingHTTPServletRequest extends HttpServletRequestWrapper {
-
-	private Vector<Parameter> allParameters;
-	private Vector<String> allParameterNames;
-	private static int CHUNKED_BUFFER_SIZE = 1024;
-	
-	private boolean isMultipart = false;
-	private RandomAccessFile requestBody;
-	private RAFInputStream is;
-	
-	public ServletInputStream getInputStream() throws IOException {
-		
-		if ( isMultipart ) {
-			return is;	
-		} else {
-			return super.getInputStream();
-		}
-        
-    }
-	
-	public BufferedReader getReader() throws IOException {
-        String enc = getCharacterEncoding();
-        if(enc == null) enc = "UTF-8";
-        return new BufferedReader(new InputStreamReader(getInputStream(), enc));
-    }
-	
-	public InterceptingHTTPServletRequest(HttpServletRequest request) throws FileUploadException, IOException {
-
-		super(request);
-
-		allParameters = new Vector<Parameter>();
-		allParameterNames = new Vector<String>();
-
-
-		/*
-		 * Get all the regular parameters.
-		 */
-
-		Enumeration e = request.getParameterNames();
-
-		while(e.hasMoreElements()) {
-			String param = (String)e.nextElement();
-			allParameters.add(new Parameter(param,request.getParameter(param),false));
-			allParameterNames.add(param);
-		}
-
-
-		/*
-		 * Get all the multipart fields.
-		 */
-
-		isMultipart = ServletFileUpload.isMultipartContent(request);
-
-		if ( isMultipart ) {
-
-			requestBody = new RandomAccessFile( File.createTempFile("oew","mpc"), "rw");
-	    	
-	    	byte buffer[] = new byte[CHUNKED_BUFFER_SIZE];
-
-	    	long size = 0;
-	    	int len = 0;
-
-	    	while ( len != -1 && size <= Integer.MAX_VALUE) {
-	    		len = request.getInputStream().read(buffer, 0, CHUNKED_BUFFER_SIZE);
-	    		if ( len != -1 ) {
-	    			size += len;
-	    			requestBody.write(buffer,0,len);	
-	    		}
-	    	}
-			
-	    	is = new RAFInputStream(requestBody);
-	    	
-			ServletFileUpload sfu = new ServletFileUpload();
-			FileItemIterator iter = sfu.getItemIterator(this);
-
-			while(iter.hasNext()) {
-				FileItemStream item = iter.next();
-				String name = item.getFieldName();
-				InputStream stream = item.openStream();
-
-				/*
-				 * If this is a regular form field, add it to our
-				 * parameter collection.
-				 */
-
-				if (item.isFormField()) {
-
-					String value = Streams.asString(stream);
-
-					allParameters.add(new Parameter(name,value,true));
-			    	allParameterNames.add(name);
-
-			    } else {
-			    	/*
-			    	 * This is a multipart content that is not a
-			    	 * regular form field. Nothing to do here.
-			    	 */
-			    	
-			    }
-
-			}
-			
-			requestBody.seek(0);
-			
-		}
-
-	}
-
-	public String getDictionaryParameter(String s) {
-
-		for(int i=0;i<allParameters.size();i++) {
-			Parameter p = allParameters.get(i);
-			if ( p.getName().equals(s) ) {
-				return p.getValue();
-			}
-		}
-		
-		return null;
-	}
-
-	public Enumeration getDictionaryParameterNames() {
-		return allParameterNames.elements();
-	}
-	
-	
-	private class RAFInputStream extends ServletInputStream {
-		
-		RandomAccessFile raf;
-		
-		public RAFInputStream(RandomAccessFile raf) throws IOException {
-			this.raf = raf;
-			this.raf.seek(0);
-		}
-
-		public int read() throws IOException {
-			return raf.read();
-		}
-		
-		public synchronized void reset() throws IOException {
-			raf.seek(0);
-		}
-	}
-	
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.internal;
+
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.io.RandomAccessFile;
+import java.util.Enumeration;
+import java.util.Vector;
+
+import javax.servlet.ServletInputStream;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletRequestWrapper;
+
+import org.apache.commons.fileupload.FileItemIterator;
+import org.apache.commons.fileupload.FileItemStream;
+import org.apache.commons.fileupload.FileUploadException;
+import org.apache.commons.fileupload.servlet.ServletFileUpload;
+import org.apache.commons.fileupload.util.Streams;
+
+/**
+ * The wrapper for the HttpServletRequest object which will be passed to the application
+ * being protected by the WAF. It contains logic for parsing multipart parameters out of
+ * the request and provided downstream application logic a way of accessing it like it 
+ * hasn't been touched.
+ * 
+ * @author Arshan Dabirsiaghi
+ *
+ */
+public class InterceptingHTTPServletRequest extends HttpServletRequestWrapper {
+
+	private Vector<Parameter> allParameters;
+	private Vector<String> allParameterNames;
+	private static int CHUNKED_BUFFER_SIZE = 1024;
+	
+	private boolean isMultipart = false;
+	private RandomAccessFile requestBody;
+	private RAFInputStream is;
+	
+	public ServletInputStream getInputStream() throws IOException {
+		
+		if ( isMultipart ) {
+			return is;	
+		} else {
+			return super.getInputStream();
+		}
+        
+    }
+	
+	public BufferedReader getReader() throws IOException {
+        String enc = getCharacterEncoding();
+        if(enc == null) enc = "UTF-8";
+        return new BufferedReader(new InputStreamReader(getInputStream(), enc));
+    }
+	
+	public InterceptingHTTPServletRequest(HttpServletRequest request) throws FileUploadException, IOException {
+
+		super(request);
+
+		allParameters = new Vector<Parameter>();
+		allParameterNames = new Vector<String>();
+
+
+		/*
+		 * Get all the regular parameters.
+		 */
+
+		Enumeration e = request.getParameterNames();
+
+		while(e.hasMoreElements()) {
+			String param = (String)e.nextElement();
+			allParameters.add(new Parameter(param,request.getParameter(param),false));
+			allParameterNames.add(param);
+		}
+
+
+		/*
+		 * Get all the multipart fields.
+		 */
+
+		isMultipart = ServletFileUpload.isMultipartContent(request);
+
+		if ( isMultipart ) {
+
+			requestBody = new RandomAccessFile( File.createTempFile("oew","mpc"), "rw");
+	    	
+	    	byte buffer[] = new byte[CHUNKED_BUFFER_SIZE];
+
+	    	long size = 0;
+	    	int len = 0;
+
+	    	while ( len != -1 && size <= Integer.MAX_VALUE) {
+	    		len = request.getInputStream().read(buffer, 0, CHUNKED_BUFFER_SIZE);
+	    		if ( len != -1 ) {
+	    			size += len;
+	    			requestBody.write(buffer,0,len);	
+	    		}
+	    	}
+			
+	    	is = new RAFInputStream(requestBody);
+	    	
+			ServletFileUpload sfu = new ServletFileUpload();
+			FileItemIterator iter = sfu.getItemIterator(this);
+
+			while(iter.hasNext()) {
+				FileItemStream item = iter.next();
+				String name = item.getFieldName();
+				InputStream stream = item.openStream();
+
+				/*
+				 * If this is a regular form field, add it to our
+				 * parameter collection.
+				 */
+
+				if (item.isFormField()) {
+
+					String value = Streams.asString(stream);
+
+					allParameters.add(new Parameter(name,value,true));
+			    	allParameterNames.add(name);
+
+			    } else {
+			    	/*
+			    	 * This is a multipart content that is not a
+			    	 * regular form field. Nothing to do here.
+			    	 */
+			    	
+			    }
+
+			}
+			
+			requestBody.seek(0);
+			
+		}
+
+	}
+
+	public String getDictionaryParameter(String s) {
+
+		for(int i=0;i<allParameters.size();i++) {
+			Parameter p = allParameters.get(i);
+			if ( p.getName().equals(s) ) {
+				return p.getValue();
+			}
+		}
+		
+		return null;
+	}
+
+	public Enumeration getDictionaryParameterNames() {
+		return allParameterNames.elements();
+	}
+	
+	
+	private class RAFInputStream extends ServletInputStream {
+		
+		RandomAccessFile raf;
+		
+		public RAFInputStream(RandomAccessFile raf) throws IOException {
+			this.raf = raf;
+			this.raf.seek(0);
+		}
+
+		public int read() throws IOException {
+			return raf.read();
+		}
+		
+		public synchronized void reset() throws IOException {
+			raf.seek(0);
+		}
+	}
+	
+}

From c1065356d52511616751936057e0882e8fa81a24 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:50 -0500
Subject: [PATCH 195/812] Change CRLF to LF for issue 356.

---
 .../InterceptingHTTPServletResponse.java      | 372 +++++++++---------
 1 file changed, 186 insertions(+), 186 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/waf/internal/InterceptingHTTPServletResponse.java b/src/main/java/org/owasp/esapi/waf/internal/InterceptingHTTPServletResponse.java
index 2cd41a38f..dac1738b2 100644
--- a/src/main/java/org/owasp/esapi/waf/internal/InterceptingHTTPServletResponse.java
+++ b/src/main/java/org/owasp/esapi/waf/internal/InterceptingHTTPServletResponse.java
@@ -1,186 +1,186 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.internal;
-
-import java.io.IOException;
-import java.io.PrintWriter;
-import java.util.ArrayList;
-import java.util.List;
-
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpServletResponseWrapper;
-
-import org.owasp.esapi.waf.rules.AddHTTPOnlyFlagRule;
-import org.owasp.esapi.waf.rules.AddSecureFlagRule;
-import org.owasp.esapi.waf.rules.Rule;
-
-/**
- * The wrapper for the HttpServletResponse object which will be passed to the application
- * being protected by the WAF. It contains logic for the response building API in order
- * to allow the WAF rules regarding responses to work. Much of the work is delegated to
- * other classes, especially InterceptingServletOutputStream
- * 
- * @author Arshan Dabirsiaghi
- *
- */
-public class InterceptingHTTPServletResponse extends HttpServletResponseWrapper {
-
-	private InterceptingPrintWriter ipw;
-	private InterceptingServletOutputStream isos;
-	private String contentType;
-
-	private List<AddSecureFlagRule> addSecureFlagRules = null;
-	private List<AddHTTPOnlyFlagRule> addHTTPOnlyFlagRules = null;
-	private boolean alreadyCalledWriter = false;
-	private boolean alreadyCalledOutputStream = false;
-
-	public InterceptingHTTPServletResponse(HttpServletResponse response, boolean buffering, List<Rule> cookieRules) throws IOException {
-
-		super(response);
-		
-		this.contentType = response.getContentType();
-		
-		this.isos = new InterceptingServletOutputStream(response.getOutputStream(), buffering);
-		this.ipw = new InterceptingPrintWriter(new PrintWriter(isos));
-
-		addSecureFlagRules = new ArrayList<AddSecureFlagRule>();
-		addHTTPOnlyFlagRules = new ArrayList<AddHTTPOnlyFlagRule>();
-
-		for(int i=0;i<cookieRules.size();i++) {
-			Rule r = cookieRules.get(i);
-			if ( r instanceof AddSecureFlagRule ) {
-				addSecureFlagRules.add((AddSecureFlagRule)r);
-			} else if ( r instanceof AddHTTPOnlyFlagRule ) {
-				addHTTPOnlyFlagRules.add((AddHTTPOnlyFlagRule)r);
-			}
-		}
-	}
-
-	public boolean isUsingWriter() {
-		return alreadyCalledWriter;
-	}
-
-	public InterceptingServletOutputStream getInterceptingServletOutputStream() {
-		return isos;
-	}
-
-	public ServletOutputStream getOutputStream() throws IllegalStateException, IOException {
-		if ( alreadyCalledWriter == true ) {
-			throw new IllegalStateException();
-		}
-
-		alreadyCalledOutputStream = true;
-
-		return isos;
-    }
-
-	public PrintWriter getWriter() throws IOException {
-		if ( alreadyCalledOutputStream == true ) {
-			throw new IllegalStateException();
-		}
-		alreadyCalledWriter = true;
-
-		return ipw;
-	}
-
-    public String getContentType() {
-        return contentType;
-    }
-
-    public void setContentType(String s) {
-    	contentType = s;
-    }
-
-    public void flush() {
-    	ipw.flush();
-    }
-
-    public void commit() throws IOException {
-
-    	if ( alreadyCalledWriter ) {
-    		ipw.flush();
-    	}
-
-    	isos.commit();
-    }
-
-    public void addCookie(Cookie cookie) {
-    	addCookie(cookie, cookie.getMaxAge()<=0);
-    }
-    
-	public void addCookie(Cookie cookie, boolean isSession) {
-
-		boolean addSecureFlag = cookie.getSecure();
-		boolean addHTTPOnlyFlag = false;
-
-		if ( ! cookie.getSecure() && addSecureFlagRules != null ) {
-			for(int i=0;i<addSecureFlagRules.size();i++) {
-				AddSecureFlagRule asfr = addSecureFlagRules.get(i);
-				if ( asfr.doesCookieMatch(cookie.getName())) {
-					addSecureFlag = true;
-				}
-			}
-		}
-
-		if ( addHTTPOnlyFlagRules != null ) {
-			for(int i=0;i<addHTTPOnlyFlagRules.size();i++) {
-				AddHTTPOnlyFlagRule ashr = addHTTPOnlyFlagRules.get(i);
-				if ( ashr.doesCookieMatch(cookie.getName())) {
-					addHTTPOnlyFlag = true;
-				}
-			}
-		}
-
-		String cookieValue = createCookieHeader(cookie.getName(),cookie.getValue(),
-												cookie.getMaxAge(),cookie.getDomain(),
-												cookie.getPath(), addSecureFlag,
-												addHTTPOnlyFlag, isSession);
-		addHeader("Set-Cookie", cookieValue);
-
-
-	}
-
-	private String createCookieHeader(String name, String value, int maxAge, String domain, String path, boolean secure, boolean httpOnly, boolean isTemporary) {
-        // create the special cookie header instead of creating a Java cookie
-        // Set-Cookie:<name>=<value>[; <name>=<value>][; expires=<date>][;
-        // domain=<domain_name>][; path=<some_path>][; secure][;HttpOnly
-        String header = name + "=" + value;
-
-        if ( ! isTemporary ) {
-        	header += "; Max-Age=" + maxAge;
-        }
-
-        if (domain != null) {
-            header += "; Domain=" + domain;
-        }
-        if (path != null) {
-            header += "; Path=" + path;
-        }
-
-        if ( secure ) {
-        	header += "; Secure";
-        }
-
-        if (httpOnly) {
-        	header += "; HttpOnly";
-        }
-
-        return header;
-    }
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.internal;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.servlet.ServletOutputStream;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpServletResponseWrapper;
+
+import org.owasp.esapi.waf.rules.AddHTTPOnlyFlagRule;
+import org.owasp.esapi.waf.rules.AddSecureFlagRule;
+import org.owasp.esapi.waf.rules.Rule;
+
+/**
+ * The wrapper for the HttpServletResponse object which will be passed to the application
+ * being protected by the WAF. It contains logic for the response building API in order
+ * to allow the WAF rules regarding responses to work. Much of the work is delegated to
+ * other classes, especially InterceptingServletOutputStream
+ * 
+ * @author Arshan Dabirsiaghi
+ *
+ */
+public class InterceptingHTTPServletResponse extends HttpServletResponseWrapper {
+
+	private InterceptingPrintWriter ipw;
+	private InterceptingServletOutputStream isos;
+	private String contentType;
+
+	private List<AddSecureFlagRule> addSecureFlagRules = null;
+	private List<AddHTTPOnlyFlagRule> addHTTPOnlyFlagRules = null;
+	private boolean alreadyCalledWriter = false;
+	private boolean alreadyCalledOutputStream = false;
+
+	public InterceptingHTTPServletResponse(HttpServletResponse response, boolean buffering, List<Rule> cookieRules) throws IOException {
+
+		super(response);
+		
+		this.contentType = response.getContentType();
+		
+		this.isos = new InterceptingServletOutputStream(response.getOutputStream(), buffering);
+		this.ipw = new InterceptingPrintWriter(new PrintWriter(isos));
+
+		addSecureFlagRules = new ArrayList<AddSecureFlagRule>();
+		addHTTPOnlyFlagRules = new ArrayList<AddHTTPOnlyFlagRule>();
+
+		for(int i=0;i<cookieRules.size();i++) {
+			Rule r = cookieRules.get(i);
+			if ( r instanceof AddSecureFlagRule ) {
+				addSecureFlagRules.add((AddSecureFlagRule)r);
+			} else if ( r instanceof AddHTTPOnlyFlagRule ) {
+				addHTTPOnlyFlagRules.add((AddHTTPOnlyFlagRule)r);
+			}
+		}
+	}
+
+	public boolean isUsingWriter() {
+		return alreadyCalledWriter;
+	}
+
+	public InterceptingServletOutputStream getInterceptingServletOutputStream() {
+		return isos;
+	}
+
+	public ServletOutputStream getOutputStream() throws IllegalStateException, IOException {
+		if ( alreadyCalledWriter == true ) {
+			throw new IllegalStateException();
+		}
+
+		alreadyCalledOutputStream = true;
+
+		return isos;
+    }
+
+	public PrintWriter getWriter() throws IOException {
+		if ( alreadyCalledOutputStream == true ) {
+			throw new IllegalStateException();
+		}
+		alreadyCalledWriter = true;
+
+		return ipw;
+	}
+
+    public String getContentType() {
+        return contentType;
+    }
+
+    public void setContentType(String s) {
+    	contentType = s;
+    }
+
+    public void flush() {
+    	ipw.flush();
+    }
+
+    public void commit() throws IOException {
+
+    	if ( alreadyCalledWriter ) {
+    		ipw.flush();
+    	}
+
+    	isos.commit();
+    }
+
+    public void addCookie(Cookie cookie) {
+    	addCookie(cookie, cookie.getMaxAge()<=0);
+    }
+    
+	public void addCookie(Cookie cookie, boolean isSession) {
+
+		boolean addSecureFlag = cookie.getSecure();
+		boolean addHTTPOnlyFlag = false;
+
+		if ( ! cookie.getSecure() && addSecureFlagRules != null ) {
+			for(int i=0;i<addSecureFlagRules.size();i++) {
+				AddSecureFlagRule asfr = addSecureFlagRules.get(i);
+				if ( asfr.doesCookieMatch(cookie.getName())) {
+					addSecureFlag = true;
+				}
+			}
+		}
+
+		if ( addHTTPOnlyFlagRules != null ) {
+			for(int i=0;i<addHTTPOnlyFlagRules.size();i++) {
+				AddHTTPOnlyFlagRule ashr = addHTTPOnlyFlagRules.get(i);
+				if ( ashr.doesCookieMatch(cookie.getName())) {
+					addHTTPOnlyFlag = true;
+				}
+			}
+		}
+
+		String cookieValue = createCookieHeader(cookie.getName(),cookie.getValue(),
+												cookie.getMaxAge(),cookie.getDomain(),
+												cookie.getPath(), addSecureFlag,
+												addHTTPOnlyFlag, isSession);
+		addHeader("Set-Cookie", cookieValue);
+
+
+	}
+
+	private String createCookieHeader(String name, String value, int maxAge, String domain, String path, boolean secure, boolean httpOnly, boolean isTemporary) {
+        // create the special cookie header instead of creating a Java cookie
+        // Set-Cookie:<name>=<value>[; <name>=<value>][; expires=<date>][;
+        // domain=<domain_name>][; path=<some_path>][; secure][;HttpOnly
+        String header = name + "=" + value;
+
+        if ( ! isTemporary ) {
+        	header += "; Max-Age=" + maxAge;
+        }
+
+        if (domain != null) {
+            header += "; Domain=" + domain;
+        }
+        if (path != null) {
+            header += "; Path=" + path;
+        }
+
+        if ( secure ) {
+        	header += "; Secure";
+        }
+
+        if (httpOnly) {
+        	header += "; HttpOnly";
+        }
+
+        return header;
+    }
+
+}

From b518ab7cb28054935c722e10abb6998302cb4a69 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:50 -0500
Subject: [PATCH 196/812] Change CRLF to LF for issue 356.

---
 .../waf/internal/InterceptingPrintWriter.java | 364 +++++++++---------
 1 file changed, 182 insertions(+), 182 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/waf/internal/InterceptingPrintWriter.java b/src/main/java/org/owasp/esapi/waf/internal/InterceptingPrintWriter.java
index d73b8bfd5..a1564509c 100644
--- a/src/main/java/org/owasp/esapi/waf/internal/InterceptingPrintWriter.java
+++ b/src/main/java/org/owasp/esapi/waf/internal/InterceptingPrintWriter.java
@@ -1,182 +1,182 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.internal;
-
-import java.io.PrintWriter;
-import java.io.Writer;
-import java.util.Locale;
-
-/**
- * The PrintWriter needed to buffer outbound data generated by the application
- * being protected by the WAF. Currently no logic is needed here right now due
- * to the WAF things have been architected in the main file, 
- * InterceptingHTTPServletResponse.
- * 
- * @author Arshan Dabirsiaghi
- * @see org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse
- */
-public class InterceptingPrintWriter extends PrintWriter {
-
-	public InterceptingPrintWriter(Writer out) {
-		super(out);
-	}
-
-	public PrintWriter append(char c) {
-		return super.append(c);
-	}
-
-	public PrintWriter append(CharSequence csq, int start, int end) {
-		return super.append(csq, start, end);
-	}
-
-	public PrintWriter append(CharSequence csq) {
-		return super.append(csq);
-	}
-
-	public boolean checkError() {
-		return super.checkError();
-	}
-
-// Java 1.6 only
-//	protected void clearError() {
-//		super.clearError();
-//	}
-
-	public void close() {
-		super.close();
-	}
-
-	public void flush() {
-		super.flush();
-	}
-
-	public PrintWriter format(Locale l, String format, Object... args) {
-		return super.format(l, format, args);
-	}
-
-	public PrintWriter format(String format, Object... args) {
-		return super.format(format, args);
-	}
-
-	public void print(boolean b) {
-		super.print(b);
-	}
-
-	public void print(char c) {
-		super.print(c);
-	}
-
-	public void print(char[] s) {
-		super.print(s);
-	}
-
-	public void print(double d) {
-		super.print(d);
-	}
-
-	public void print(float f) {
-		super.print(f);
-	}
-
-	public void print(int i) {
-		super.print(i);
-	}
-
-	public void print(long l) {
-		super.print(l);
-	}
-
-	public void print(Object obj) {
-		super.print(obj);
-	}
-
-	public void print(String s) {
-		super.print(s);
-	}
-
-	public PrintWriter printf(Locale l, String format, Object... args) {
-		return super.printf(l, format, args);
-	}
-
-	public PrintWriter printf(String format, Object... args) {
-		return super.printf(format, args);
-	}
-
-	public void println() {
-		super.println();
-	}
-
-	public void println(boolean x) {
-		super.println(x);
-	}
-
-	public void println(char x) {
-		super.println(x);
-	}
-
-	public void println(char[] x) {
-		super.println(x);
-	}
-
-	public void println(double x) {
-		super.println(x);
-	}
-
-	public void println(float x) {
-		super.println(x);
-	}
-
-	public void println(int x) {
-		super.println(x);
-	}
-
-	public void println(long x) {
-		super.println(x);
-	}
-
-	public void println(Object x) {
-		super.println(x);
-	}
-
-	public void println(String x) {
-		super.println(x);
-	}
-
-	protected void setError() {
-		super.setError();
-	}
-
-	public void write(char[] buf, int off, int len) {
-		super.write(buf, off, len);
-	}
-
-	public void write(char[] buf) {
-		super.write(buf);
-	}
-
-	public void write(int c) {
-		super.write(c);
-	}
-
-	public void write(String s, int off, int len) {
-		super.write(s, off, len);
-	}
-
-	public void write(String s) {
-		super.write(s);
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.internal;
+
+import java.io.PrintWriter;
+import java.io.Writer;
+import java.util.Locale;
+
+/**
+ * The PrintWriter needed to buffer outbound data generated by the application
+ * being protected by the WAF. Currently no logic is needed here right now due
+ * to the WAF things have been architected in the main file, 
+ * InterceptingHTTPServletResponse.
+ * 
+ * @author Arshan Dabirsiaghi
+ * @see org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse
+ */
+public class InterceptingPrintWriter extends PrintWriter {
+
+	public InterceptingPrintWriter(Writer out) {
+		super(out);
+	}
+
+	public PrintWriter append(char c) {
+		return super.append(c);
+	}
+
+	public PrintWriter append(CharSequence csq, int start, int end) {
+		return super.append(csq, start, end);
+	}
+
+	public PrintWriter append(CharSequence csq) {
+		return super.append(csq);
+	}
+
+	public boolean checkError() {
+		return super.checkError();
+	}
+
+// Java 1.6 only
+//	protected void clearError() {
+//		super.clearError();
+//	}
+
+	public void close() {
+		super.close();
+	}
+
+	public void flush() {
+		super.flush();
+	}
+
+	public PrintWriter format(Locale l, String format, Object... args) {
+		return super.format(l, format, args);
+	}
+
+	public PrintWriter format(String format, Object... args) {
+		return super.format(format, args);
+	}
+
+	public void print(boolean b) {
+		super.print(b);
+	}
+
+	public void print(char c) {
+		super.print(c);
+	}
+
+	public void print(char[] s) {
+		super.print(s);
+	}
+
+	public void print(double d) {
+		super.print(d);
+	}
+
+	public void print(float f) {
+		super.print(f);
+	}
+
+	public void print(int i) {
+		super.print(i);
+	}
+
+	public void print(long l) {
+		super.print(l);
+	}
+
+	public void print(Object obj) {
+		super.print(obj);
+	}
+
+	public void print(String s) {
+		super.print(s);
+	}
+
+	public PrintWriter printf(Locale l, String format, Object... args) {
+		return super.printf(l, format, args);
+	}
+
+	public PrintWriter printf(String format, Object... args) {
+		return super.printf(format, args);
+	}
+
+	public void println() {
+		super.println();
+	}
+
+	public void println(boolean x) {
+		super.println(x);
+	}
+
+	public void println(char x) {
+		super.println(x);
+	}
+
+	public void println(char[] x) {
+		super.println(x);
+	}
+
+	public void println(double x) {
+		super.println(x);
+	}
+
+	public void println(float x) {
+		super.println(x);
+	}
+
+	public void println(int x) {
+		super.println(x);
+	}
+
+	public void println(long x) {
+		super.println(x);
+	}
+
+	public void println(Object x) {
+		super.println(x);
+	}
+
+	public void println(String x) {
+		super.println(x);
+	}
+
+	protected void setError() {
+		super.setError();
+	}
+
+	public void write(char[] buf, int off, int len) {
+		super.write(buf, off, len);
+	}
+
+	public void write(char[] buf) {
+		super.write(buf);
+	}
+
+	public void write(int c) {
+		super.write(c);
+	}
+
+	public void write(String s, int off, int len) {
+		super.write(s, off, len);
+	}
+
+	public void write(String s) {
+		super.write(s);
+	}
+
+}

From 4aa4f7e1e6d26e743b241de38fee51457468103d Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:50 -0500
Subject: [PATCH 197/812] Change CRLF to LF for issue 356.

---
 .../InterceptingServletOutputStream.java      | 322 +++++++++---------
 1 file changed, 161 insertions(+), 161 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/waf/internal/InterceptingServletOutputStream.java b/src/main/java/org/owasp/esapi/waf/internal/InterceptingServletOutputStream.java
index 9c42a4fe8..693c11112 100644
--- a/src/main/java/org/owasp/esapi/waf/internal/InterceptingServletOutputStream.java
+++ b/src/main/java/org/owasp/esapi/waf/internal/InterceptingServletOutputStream.java
@@ -1,161 +1,161 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.internal;
-
-import java.io.File;
-import java.io.FileNotFoundException;
-import java.io.IOException;
-import java.io.RandomAccessFile;
-
-import javax.servlet.ServletOutputStream;
-
-/**
- * This class was inspired by ModSecurity for Java by Ivan Ristic. We hook
- * the response stream and queue up all outbound data so that we can apply
- * egress rules. For efficiency, we decide off the bat if we need to buffer
- * responses to accomplish any of the rules in the policy file.
- *
- * If not, we just forward everything through, otherwise we write data to our
- * byte stream that we will eventually forward en totale to the user agent.
- * 
- * @author Arshan Dabirsiaghi
- */
-
-public class InterceptingServletOutputStream extends ServletOutputStream {
-
-	private static final int FLUSH_BLOCK_SIZE = 1024;
-	private ServletOutputStream os;
-	private boolean buffering;
-	private boolean committed;
-	private boolean closed;
-	
-	private RandomAccessFile out;
-	
-	public InterceptingServletOutputStream(ServletOutputStream os, boolean buffered) throws FileNotFoundException, IOException {
-		super();
-		this.os = os;
-		this.buffering = buffered;
-		this.committed = false;
-		this.closed = false;
-		
-		/*
-		 * Creating a RandomAccessFile to keep track of output generated. I made
-		 * the prefix and suffix small for less processing. The "oew" is intended
-		 * to stand for "OWASP ESAPI WAF" and the "hop" for HTTP output.
-		 */
-		this.out = new RandomAccessFile ( File.createTempFile("oew", ".hop"), "rw" ); 
-	}
-
-	public void reset() throws IOException {
-		out.setLength(0L);
-	}
-
-	public byte[] getResponseBytes() throws IOException {
-		
-		byte[] buffer = new byte[(int) out.length()];
-		out.seek(0);
-		out.read(buffer, 0, (int)out.length());
-		out.seek(out.length());
-		return buffer;
-		
-	}
-
-	public void setResponseBytes(byte[] responseBytes) throws IOException {
-		
-		if ( ! buffering && out.length() > 0 ) {
-			throw new IOException("Already committed response because not currently buffering");
-		}
-
-		out.setLength(0L);
-		out.write(responseBytes);
-	}
-
-	public void write(int i) throws IOException {
-		if (!buffering) {
-			os.write(i);
-		}
-		out.write(i);
-	}
-
-	public void write(byte[] b) throws IOException {
-        if (!buffering) {
-        	os.write(b, 0, b.length);
-        }
-        out.write(b, 0, b.length);
-    }
-
-	public void write(byte[] b, int off, int len) throws IOException {
-        if (!buffering) {
-        	os.write(b, off, len);
-        }
-        out.write(b, off, len);
-    }
-
-	public void flush() throws IOException {
-		
-		if (buffering) {
-		
-			synchronized(out) {
-
-				out.seek(0);
-				
-				byte[] buff = new byte[FLUSH_BLOCK_SIZE];
-				
-				for(int i=0;i<out.length();) {
-					
-					long currentPos = out.getFilePointer();
-					long totalSize = out.length();
-					int amountToWrite = FLUSH_BLOCK_SIZE;
-					
-					if ( (totalSize - currentPos) < FLUSH_BLOCK_SIZE ) {
-						amountToWrite = (int) (totalSize - currentPos);
-					}
-			
-					out.read(buff, 0, (int)amountToWrite);
-					
-					os.write(buff,0,amountToWrite);
-					
-					i+=amountToWrite;
-					
-				}
-				
-				out.setLength(0);
-				
-			}
-		}
-
-	}
-
-	public void commit() throws IOException {
-		
-		if (!buffering) { // || committed || closed
-        	return;
-        } else {
-        	flush();
-        }
-		committed = true;
-    }
-
-    public void close() throws IOException {
-    	
-        if (!buffering)  {
-        	os.close();
-        }
-        closed = true;
-
-    }
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.internal;
+
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.RandomAccessFile;
+
+import javax.servlet.ServletOutputStream;
+
+/**
+ * This class was inspired by ModSecurity for Java by Ivan Ristic. We hook
+ * the response stream and queue up all outbound data so that we can apply
+ * egress rules. For efficiency, we decide off the bat if we need to buffer
+ * responses to accomplish any of the rules in the policy file.
+ *
+ * If not, we just forward everything through, otherwise we write data to our
+ * byte stream that we will eventually forward en totale to the user agent.
+ * 
+ * @author Arshan Dabirsiaghi
+ */
+
+public class InterceptingServletOutputStream extends ServletOutputStream {
+
+	private static final int FLUSH_BLOCK_SIZE = 1024;
+	private ServletOutputStream os;
+	private boolean buffering;
+	private boolean committed;
+	private boolean closed;
+	
+	private RandomAccessFile out;
+	
+	public InterceptingServletOutputStream(ServletOutputStream os, boolean buffered) throws FileNotFoundException, IOException {
+		super();
+		this.os = os;
+		this.buffering = buffered;
+		this.committed = false;
+		this.closed = false;
+		
+		/*
+		 * Creating a RandomAccessFile to keep track of output generated. I made
+		 * the prefix and suffix small for less processing. The "oew" is intended
+		 * to stand for "OWASP ESAPI WAF" and the "hop" for HTTP output.
+		 */
+		this.out = new RandomAccessFile ( File.createTempFile("oew", ".hop"), "rw" ); 
+	}
+
+	public void reset() throws IOException {
+		out.setLength(0L);
+	}
+
+	public byte[] getResponseBytes() throws IOException {
+		
+		byte[] buffer = new byte[(int) out.length()];
+		out.seek(0);
+		out.read(buffer, 0, (int)out.length());
+		out.seek(out.length());
+		return buffer;
+		
+	}
+
+	public void setResponseBytes(byte[] responseBytes) throws IOException {
+		
+		if ( ! buffering && out.length() > 0 ) {
+			throw new IOException("Already committed response because not currently buffering");
+		}
+
+		out.setLength(0L);
+		out.write(responseBytes);
+	}
+
+	public void write(int i) throws IOException {
+		if (!buffering) {
+			os.write(i);
+		}
+		out.write(i);
+	}
+
+	public void write(byte[] b) throws IOException {
+        if (!buffering) {
+        	os.write(b, 0, b.length);
+        }
+        out.write(b, 0, b.length);
+    }
+
+	public void write(byte[] b, int off, int len) throws IOException {
+        if (!buffering) {
+        	os.write(b, off, len);
+        }
+        out.write(b, off, len);
+    }
+
+	public void flush() throws IOException {
+		
+		if (buffering) {
+		
+			synchronized(out) {
+
+				out.seek(0);
+				
+				byte[] buff = new byte[FLUSH_BLOCK_SIZE];
+				
+				for(int i=0;i<out.length();) {
+					
+					long currentPos = out.getFilePointer();
+					long totalSize = out.length();
+					int amountToWrite = FLUSH_BLOCK_SIZE;
+					
+					if ( (totalSize - currentPos) < FLUSH_BLOCK_SIZE ) {
+						amountToWrite = (int) (totalSize - currentPos);
+					}
+			
+					out.read(buff, 0, (int)amountToWrite);
+					
+					os.write(buff,0,amountToWrite);
+					
+					i+=amountToWrite;
+					
+				}
+				
+				out.setLength(0);
+				
+			}
+		}
+
+	}
+
+	public void commit() throws IOException {
+		
+		if (!buffering) { // || committed || closed
+        	return;
+        } else {
+        	flush();
+        }
+		committed = true;
+    }
+
+    public void close() throws IOException {
+    	
+        if (!buffering)  {
+        	os.close();
+        }
+        closed = true;
+
+    }
+
+}

From 0a3c6d19b3dba7f7dc4d67038f85dc4fd4732c11 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:50 -0500
Subject: [PATCH 198/812] Change CRLF to LF for issue 356.

---
 .../owasp/esapi/waf/internal/Parameter.java   | 98 +++++++++----------
 1 file changed, 49 insertions(+), 49 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/waf/internal/Parameter.java b/src/main/java/org/owasp/esapi/waf/internal/Parameter.java
index 81d16a161..1cae3dc2f 100644
--- a/src/main/java/org/owasp/esapi/waf/internal/Parameter.java
+++ b/src/main/java/org/owasp/esapi/waf/internal/Parameter.java
@@ -1,49 +1,49 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.internal;
-
-/**
- * A simple object to represent a name=value HTTP parameter.
- * 
- * @author Arshan Dabirsiaghi
- *
- */
-public class Parameter {
-
-	private String name;
-	private String value;
-	private boolean fromMultipart;
-
-	public Parameter(String name, String value, boolean fromMultipart) {
-		this.name = name;
-		this.value = value;
-		this.fromMultipart = fromMultipart;
-	}
-
-	public String getName() {
-		return name;
-	}
-	public void setName(String name) {
-		this.name = name;
-	}
-	public String getValue() {
-		return value;
-	}
-	public void setValue(String value) {
-		this.value = value;
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.internal;
+
+/**
+ * A simple object to represent a name=value HTTP parameter.
+ * 
+ * @author Arshan Dabirsiaghi
+ *
+ */
+public class Parameter {
+
+	private String name;
+	private String value;
+	private boolean fromMultipart;
+
+	public Parameter(String name, String value, boolean fromMultipart) {
+		this.name = name;
+		this.value = value;
+		this.fromMultipart = fromMultipart;
+	}
+
+	public String getName() {
+		return name;
+	}
+	public void setName(String name) {
+		this.name = name;
+	}
+	public String getValue() {
+		return value;
+	}
+	public void setValue(String value) {
+		this.value = value;
+	}
+
+}

From 6d5a808d4af30d2c388004f2f4951ffdac477684 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:50 -0500
Subject: [PATCH 199/812] Change CRLF to LF for issue 356.

---
 .../owasp/esapi/waf/rules/AddHeaderRule.java  | 184 +++++++++---------
 1 file changed, 92 insertions(+), 92 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/waf/rules/AddHeaderRule.java b/src/main/java/org/owasp/esapi/waf/rules/AddHeaderRule.java
index d235b5977..88c2686e1 100644
--- a/src/main/java/org/owasp/esapi/waf/rules/AddHeaderRule.java
+++ b/src/main/java/org/owasp/esapi/waf/rules/AddHeaderRule.java
@@ -1,92 +1,92 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.rules;
-
-import java.util.List;
-import java.util.regex.Pattern;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.owasp.esapi.waf.actions.Action;
-import org.owasp.esapi.waf.actions.DoNothingAction;
-import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
-
-/**
- * This is the Rule subclass executed for &lt;add-header&gt; rules.
- * @author Arshan Dabirsiaghi
- *
- */
-public class AddHeaderRule extends Rule {
-
-	private String header;
-	private String value;
-	private Pattern path;
-	private List<Object> exceptions;
-
-	public AddHeaderRule(String id, String header, String value, Pattern path, List<Object> exceptions) {
-		setId(id);
-		this.header = header;
-		this.value = value;
-		this.path = path;
-		this.exceptions = exceptions;
-	}
-
-	public Action check(
-			HttpServletRequest request, 
-			InterceptingHTTPServletResponse response, 
-			HttpServletResponse httpResponse) {
-
-		DoNothingAction action = new DoNothingAction();
-
-		if ( path.matcher(request.getRequestURI()).matches() ) {
-
-			for(int i=0;i<exceptions.size();i++) {
-
-				Object o = exceptions.get(i);
-
-				if ( o instanceof String ) {
-					if ( request.getRequestURI().equals((String)o)) {
-						action.setFailed(false);
-						action.setActionNecessary(false);
-						return action;
-					}
-				} else if ( o instanceof Pattern ) {
-					if ( ((Pattern)o).matcher(request.getRequestURI()).matches() ) {
-						action.setFailed(false);
-						action.setActionNecessary(false);
-						return action;					
-					}
-				}
-
-			}
-
-
-			action.setFailed(true);
-			action.setActionNecessary(false);
-
-			if ( response != null ) {
-				response.setHeader(header, value);
-			} else {
-				httpResponse.setHeader(header, value);
-			}
-
-		}
-
-		return action;
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.rules;
+
+import java.util.List;
+import java.util.regex.Pattern;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.owasp.esapi.waf.actions.Action;
+import org.owasp.esapi.waf.actions.DoNothingAction;
+import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
+
+/**
+ * This is the Rule subclass executed for &lt;add-header&gt; rules.
+ * @author Arshan Dabirsiaghi
+ *
+ */
+public class AddHeaderRule extends Rule {
+
+	private String header;
+	private String value;
+	private Pattern path;
+	private List<Object> exceptions;
+
+	public AddHeaderRule(String id, String header, String value, Pattern path, List<Object> exceptions) {
+		setId(id);
+		this.header = header;
+		this.value = value;
+		this.path = path;
+		this.exceptions = exceptions;
+	}
+
+	public Action check(
+			HttpServletRequest request, 
+			InterceptingHTTPServletResponse response, 
+			HttpServletResponse httpResponse) {
+
+		DoNothingAction action = new DoNothingAction();
+
+		if ( path.matcher(request.getRequestURI()).matches() ) {
+
+			for(int i=0;i<exceptions.size();i++) {
+
+				Object o = exceptions.get(i);
+
+				if ( o instanceof String ) {
+					if ( request.getRequestURI().equals((String)o)) {
+						action.setFailed(false);
+						action.setActionNecessary(false);
+						return action;
+					}
+				} else if ( o instanceof Pattern ) {
+					if ( ((Pattern)o).matcher(request.getRequestURI()).matches() ) {
+						action.setFailed(false);
+						action.setActionNecessary(false);
+						return action;					
+					}
+				}
+
+			}
+
+
+			action.setFailed(true);
+			action.setActionNecessary(false);
+
+			if ( response != null ) {
+				response.setHeader(header, value);
+			} else {
+				httpResponse.setHeader(header, value);
+			}
+
+		}
+
+		return action;
+	}
+
+}

From 92748beac8834a33bd44d0b6083160f01495e773 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:50 -0500
Subject: [PATCH 200/812] Change CRLF to LF for issue 356.

---
 .../esapi/waf/rules/AddHTTPOnlyFlagRule.java  | 126 +++++++++---------
 1 file changed, 63 insertions(+), 63 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/waf/rules/AddHTTPOnlyFlagRule.java b/src/main/java/org/owasp/esapi/waf/rules/AddHTTPOnlyFlagRule.java
index 6a382fa81..36e6bc8e2 100644
--- a/src/main/java/org/owasp/esapi/waf/rules/AddHTTPOnlyFlagRule.java
+++ b/src/main/java/org/owasp/esapi/waf/rules/AddHTTPOnlyFlagRule.java
@@ -1,63 +1,63 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.rules;
-
-import java.util.List;
-import java.util.regex.Pattern;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.owasp.esapi.waf.actions.Action;
-import org.owasp.esapi.waf.actions.DoNothingAction;
-import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
-
-/**
- * This is the Rule subclass executed for &lt;add-http-only-flag&gt; rules.
- * @author Arshan Dabirsiaghi
- *
- */
-public class AddHTTPOnlyFlagRule extends Rule {
-
-	private List<Pattern> name;
-
-	public AddHTTPOnlyFlagRule(String id, List<Pattern> name) {
-		setId(id);
-		this.name = name;
-	}
-
-	public Action check(HttpServletRequest request,
-			InterceptingHTTPServletResponse response, 
-			HttpServletResponse httpResponse) {
-
-		DoNothingAction action = new DoNothingAction();
-
-		return action;
-	}
-
-	public boolean doesCookieMatch(String cookieName) {
-
-		for(int i=0;i<name.size();i++) {
-			Pattern p = name.get(i);
-			if ( p.matcher(cookieName).matches() ) {
-				return true;
-			}
-		}
-
-		return false;
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.rules;
+
+import java.util.List;
+import java.util.regex.Pattern;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.owasp.esapi.waf.actions.Action;
+import org.owasp.esapi.waf.actions.DoNothingAction;
+import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
+
+/**
+ * This is the Rule subclass executed for &lt;add-http-only-flag&gt; rules.
+ * @author Arshan Dabirsiaghi
+ *
+ */
+public class AddHTTPOnlyFlagRule extends Rule {
+
+	private List<Pattern> name;
+
+	public AddHTTPOnlyFlagRule(String id, List<Pattern> name) {
+		setId(id);
+		this.name = name;
+	}
+
+	public Action check(HttpServletRequest request,
+			InterceptingHTTPServletResponse response, 
+			HttpServletResponse httpResponse) {
+
+		DoNothingAction action = new DoNothingAction();
+
+		return action;
+	}
+
+	public boolean doesCookieMatch(String cookieName) {
+
+		for(int i=0;i<name.size();i++) {
+			Pattern p = name.get(i);
+			if ( p.matcher(cookieName).matches() ) {
+				return true;
+			}
+		}
+
+		return false;
+	}
+
+}

From a0e42be56c6aba679ac54c4bf9d7fcd69535cba6 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:50 -0500
Subject: [PATCH 201/812] Change CRLF to LF for issue 356.

---
 .../esapi/waf/rules/AddSecureFlagRule.java    | 126 +++++++++---------
 1 file changed, 63 insertions(+), 63 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/waf/rules/AddSecureFlagRule.java b/src/main/java/org/owasp/esapi/waf/rules/AddSecureFlagRule.java
index 6dabe53a0..6a85f3833 100644
--- a/src/main/java/org/owasp/esapi/waf/rules/AddSecureFlagRule.java
+++ b/src/main/java/org/owasp/esapi/waf/rules/AddSecureFlagRule.java
@@ -1,63 +1,63 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.rules;
-
-import java.util.List;
-import java.util.regex.Pattern;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.owasp.esapi.waf.actions.Action;
-import org.owasp.esapi.waf.actions.DoNothingAction;
-import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
-
-/**
- * This is the Rule subclass executed for &lt;add-secure-flag&gt; rules.
- * @author Arshan Dabirsiaghi
- *
- */
-public class AddSecureFlagRule extends Rule {
-
-	private List<Pattern> name;
-
-	public AddSecureFlagRule(String id, List<Pattern> name) {
-		this.name = name;
-		setId(id);
-	}
-
-	public Action check(HttpServletRequest request,
-			InterceptingHTTPServletResponse response, 
-			HttpServletResponse httpResponse) {
-		
-		DoNothingAction action = new DoNothingAction();
-
-		return action;
-	}
-
-	public boolean doesCookieMatch(String cookieName) {
-
-		for(int i=0;i<name.size();i++) {
-			Pattern p = name.get(i);
-			if ( p.matcher(cookieName).matches() ) {
-				return true;
-			}
-		}
-
-		return false;
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.rules;
+
+import java.util.List;
+import java.util.regex.Pattern;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.owasp.esapi.waf.actions.Action;
+import org.owasp.esapi.waf.actions.DoNothingAction;
+import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
+
+/**
+ * This is the Rule subclass executed for &lt;add-secure-flag&gt; rules.
+ * @author Arshan Dabirsiaghi
+ *
+ */
+public class AddSecureFlagRule extends Rule {
+
+	private List<Pattern> name;
+
+	public AddSecureFlagRule(String id, List<Pattern> name) {
+		this.name = name;
+		setId(id);
+	}
+
+	public Action check(HttpServletRequest request,
+			InterceptingHTTPServletResponse response, 
+			HttpServletResponse httpResponse) {
+		
+		DoNothingAction action = new DoNothingAction();
+
+		return action;
+	}
+
+	public boolean doesCookieMatch(String cookieName) {
+
+		for(int i=0;i<name.size();i++) {
+			Pattern p = name.get(i);
+			if ( p.matcher(cookieName).matches() ) {
+				return true;
+			}
+		}
+
+		return false;
+	}
+
+}

From 1479c5a38473a20547ba1a0947762155e4419dad Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:50 -0500
Subject: [PATCH 202/812] Change CRLF to LF for issue 356.

---
 .../esapi/waf/rules/AuthenticatedRule.java    | 184 +++++++++---------
 1 file changed, 92 insertions(+), 92 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/waf/rules/AuthenticatedRule.java b/src/main/java/org/owasp/esapi/waf/rules/AuthenticatedRule.java
index 747a0f680..b42f95e63 100644
--- a/src/main/java/org/owasp/esapi/waf/rules/AuthenticatedRule.java
+++ b/src/main/java/org/owasp/esapi/waf/rules/AuthenticatedRule.java
@@ -1,92 +1,92 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.rules;
-
-import java.util.Iterator;
-import java.util.List;
-import java.util.regex.Pattern;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-
-import org.owasp.esapi.waf.actions.Action;
-import org.owasp.esapi.waf.actions.DefaultAction;
-import org.owasp.esapi.waf.actions.DoNothingAction;
-import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
-
-/**
- * This is the Rule subclass executed for &lt;authentication-rules&gt; rules.
- * @author Arshan Dabirsiaghi
- *
- */
-public class AuthenticatedRule extends Rule {
-
-	private String sessionAttribute;
-	private Pattern path;
-	private List<Object> exceptions;
-
-	public AuthenticatedRule(String id, String sessionAttribute, Pattern path, List<Object> exceptions) {
-		this.sessionAttribute = sessionAttribute;
-		this.path = path;
-		this.exceptions = exceptions;
-		setId(id);
-	}
-
-	public Action check(HttpServletRequest request,
-			InterceptingHTTPServletResponse response, 
-			HttpServletResponse httpResponse) {
-
-		HttpSession session = request.getSession();
-		String uri = request.getRequestURI();
-
-		if ( path != null && ! path.matcher(uri).matches() ) {
-			return new DoNothingAction();
-		}
-
-		if ( session != null && session.getAttribute(sessionAttribute) != null ) {
-
-			return new DoNothingAction();
-
-		} else { /* check if it's one of the exceptions */
-
-			Iterator<Object> it = exceptions.iterator();
-
-			while(it.hasNext()) {
-				Object o = it.next();
-				if ( o instanceof Pattern ) {
-
-					Pattern p = (Pattern)o;
-					if ( p.matcher(uri).matches() ) {
-						return new DoNothingAction();
-					}
-
-				} else if ( o instanceof String ) {
-
-					if ( uri.equals((String)o)) {
-						return new DoNothingAction();
-					}
-
-				}
-			}
-		}
-
-		log(request, "User requested unauthenticated access to URI '" + request.getRequestURI() + "' [querystring="+request.getQueryString()+"]");
-
-		return new DefaultAction();
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.rules;
+
+import java.util.Iterator;
+import java.util.List;
+import java.util.regex.Pattern;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.owasp.esapi.waf.actions.Action;
+import org.owasp.esapi.waf.actions.DefaultAction;
+import org.owasp.esapi.waf.actions.DoNothingAction;
+import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
+
+/**
+ * This is the Rule subclass executed for &lt;authentication-rules&gt; rules.
+ * @author Arshan Dabirsiaghi
+ *
+ */
+public class AuthenticatedRule extends Rule {
+
+	private String sessionAttribute;
+	private Pattern path;
+	private List<Object> exceptions;
+
+	public AuthenticatedRule(String id, String sessionAttribute, Pattern path, List<Object> exceptions) {
+		this.sessionAttribute = sessionAttribute;
+		this.path = path;
+		this.exceptions = exceptions;
+		setId(id);
+	}
+
+	public Action check(HttpServletRequest request,
+			InterceptingHTTPServletResponse response, 
+			HttpServletResponse httpResponse) {
+
+		HttpSession session = request.getSession();
+		String uri = request.getRequestURI();
+
+		if ( path != null && ! path.matcher(uri).matches() ) {
+			return new DoNothingAction();
+		}
+
+		if ( session != null && session.getAttribute(sessionAttribute) != null ) {
+
+			return new DoNothingAction();
+
+		} else { /* check if it's one of the exceptions */
+
+			Iterator<Object> it = exceptions.iterator();
+
+			while(it.hasNext()) {
+				Object o = it.next();
+				if ( o instanceof Pattern ) {
+
+					Pattern p = (Pattern)o;
+					if ( p.matcher(uri).matches() ) {
+						return new DoNothingAction();
+					}
+
+				} else if ( o instanceof String ) {
+
+					if ( uri.equals((String)o)) {
+						return new DoNothingAction();
+					}
+
+				}
+			}
+		}
+
+		log(request, "User requested unauthenticated access to URI '" + request.getRequestURI() + "' [querystring="+request.getQueryString()+"]");
+
+		return new DefaultAction();
+	}
+
+}

From 0633af6e9aae9c8487810323c152bd785152990a Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:50 -0500
Subject: [PATCH 203/812] Change CRLF to LF for issue 356.

---
 .../owasp/esapi/waf/rules/BeanShellRule.java  | 232 +++++++++---------
 1 file changed, 116 insertions(+), 116 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/waf/rules/BeanShellRule.java b/src/main/java/org/owasp/esapi/waf/rules/BeanShellRule.java
index f54589f65..ea0caa786 100644
--- a/src/main/java/org/owasp/esapi/waf/rules/BeanShellRule.java
+++ b/src/main/java/org/owasp/esapi/waf/rules/BeanShellRule.java
@@ -1,116 +1,116 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.rules;
-
-import java.io.BufferedReader;
-import java.io.File;
-import java.io.FileReader;
-import java.io.IOException;
-import java.util.regex.Pattern;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.waf.actions.Action;
-import org.owasp.esapi.waf.actions.DoNothingAction;
-import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
-
-import bsh.EvalError;
-import bsh.Interpreter;
-
-/**
- * This is the Rule subclass executed for &lt;bean-shell-script&gt; rules.
- * @author Arshan Dabirsiaghi
- *
- */
-public class BeanShellRule extends Rule {
-
-	private Interpreter i;
-	private String script;
-	private Pattern path;
-	
-	public BeanShellRule(String fileLocation, String id, Pattern path) throws IOException, EvalError { 
-		i = new Interpreter();
-		i.set("logger", logger);
-		this.script = getFileContents( ESAPI.securityConfiguration().getResourceFile(fileLocation));
-		this.id = id;
-		this.path = path;
-	}
-	
-	public Action check(HttpServletRequest request,
-			InterceptingHTTPServletResponse response, 
-			HttpServletResponse httpResponse) {
-
-		/*
-		 * Early fail: if the URL doesn't match one we're interested in.
-		 */
-		
-		if ( path != null && ! path.matcher(request.getRequestURI()).matches() ) {
-			return new DoNothingAction();
-		}
-		
-		/*
-		 * Run the beanshell that we've already parsed
-		 * and pre-compiled. Populate the "request"
-		 * and "response" objects so the script has
-		 * access to the same variables we do here.
-		 */
-		
-		try {
-		
-			Action a = null;
-			
-			i.set("action", a);
-			i.set("request", request);
-			
-			if ( response != null ) {
-				i.set("response", response);	
-			} else {
-				i.set("response", httpResponse);
-			}
-
-			i.set("session", request.getSession());
-			i.eval(script);
-
-			a = (Action)i.get("action");
-	
-			if ( a != null ) {
-				return a;
-			}
-			
-		} catch (EvalError e) {
-			log(request,"Error running custom beanshell rule (" + id + ") - " + e.getMessage());
-		}
-	
-		return new DoNothingAction();
-	}
-	
-	private String getFileContents(File f) throws IOException {
-		
-		FileReader fr = new FileReader(f);
-		StringBuffer sb = new StringBuffer();
-		String line;
-		BufferedReader br = new BufferedReader(fr);
-		
-		while( (line=br.readLine()) != null ) {
-			sb.append(line + System.getProperty("line.separator"));
-		}
-		
-		return sb.toString();
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.rules;
+
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.FileReader;
+import java.io.IOException;
+import java.util.regex.Pattern;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.waf.actions.Action;
+import org.owasp.esapi.waf.actions.DoNothingAction;
+import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
+
+import bsh.EvalError;
+import bsh.Interpreter;
+
+/**
+ * This is the Rule subclass executed for &lt;bean-shell-script&gt; rules.
+ * @author Arshan Dabirsiaghi
+ *
+ */
+public class BeanShellRule extends Rule {
+
+	private Interpreter i;
+	private String script;
+	private Pattern path;
+	
+	public BeanShellRule(String fileLocation, String id, Pattern path) throws IOException, EvalError { 
+		i = new Interpreter();
+		i.set("logger", logger);
+		this.script = getFileContents( ESAPI.securityConfiguration().getResourceFile(fileLocation));
+		this.id = id;
+		this.path = path;
+	}
+	
+	public Action check(HttpServletRequest request,
+			InterceptingHTTPServletResponse response, 
+			HttpServletResponse httpResponse) {
+
+		/*
+		 * Early fail: if the URL doesn't match one we're interested in.
+		 */
+		
+		if ( path != null && ! path.matcher(request.getRequestURI()).matches() ) {
+			return new DoNothingAction();
+		}
+		
+		/*
+		 * Run the beanshell that we've already parsed
+		 * and pre-compiled. Populate the "request"
+		 * and "response" objects so the script has
+		 * access to the same variables we do here.
+		 */
+		
+		try {
+		
+			Action a = null;
+			
+			i.set("action", a);
+			i.set("request", request);
+			
+			if ( response != null ) {
+				i.set("response", response);	
+			} else {
+				i.set("response", httpResponse);
+			}
+
+			i.set("session", request.getSession());
+			i.eval(script);
+
+			a = (Action)i.get("action");
+	
+			if ( a != null ) {
+				return a;
+			}
+			
+		} catch (EvalError e) {
+			log(request,"Error running custom beanshell rule (" + id + ") - " + e.getMessage());
+		}
+	
+		return new DoNothingAction();
+	}
+	
+	private String getFileContents(File f) throws IOException {
+		
+		FileReader fr = new FileReader(f);
+		StringBuffer sb = new StringBuffer();
+		String line;
+		BufferedReader br = new BufferedReader(fr);
+		
+		while( (line=br.readLine()) != null ) {
+			sb.append(line + System.getProperty("line.separator"));
+		}
+		
+		return sb.toString();
+	}
+
+}

From 6815e118260f73586440ec2f6b6b8131974aa8a9 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:50 -0500
Subject: [PATCH 204/812] Change CRLF to LF for issue 356.

---
 .../waf/rules/DetectOutboundContentRule.java  | 232 +++++++++---------
 1 file changed, 116 insertions(+), 116 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/waf/rules/DetectOutboundContentRule.java b/src/main/java/org/owasp/esapi/waf/rules/DetectOutboundContentRule.java
index 96fe3c110..d4f68f549 100644
--- a/src/main/java/org/owasp/esapi/waf/rules/DetectOutboundContentRule.java
+++ b/src/main/java/org/owasp/esapi/waf/rules/DetectOutboundContentRule.java
@@ -1,116 +1,116 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.rules;
-
-import java.io.IOException;
-import java.io.UnsupportedEncodingException;
-import java.util.regex.Pattern;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.owasp.esapi.waf.actions.Action;
-import org.owasp.esapi.waf.actions.DefaultAction;
-import org.owasp.esapi.waf.actions.DoNothingAction;
-import org.owasp.esapi.waf.configuration.AppGuardianConfiguration;
-import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
-
-/**
- * This is the Rule subclass executed for &lt;detect-content&gt; rules.
- * @author Arshan Dabirsiaghi
- *
- */
-public class DetectOutboundContentRule extends Rule {
-
-	private Pattern contentType;
-	private Pattern pattern;
-	private Pattern uri;
-	
-	public DetectOutboundContentRule(String id, Pattern contentType, Pattern pattern, Pattern uri) {
-		this.contentType = contentType;
-		this.pattern = pattern;
-		this.uri = uri;
-		setId(id);
-	}
-
-	public Action check(HttpServletRequest request,
-			InterceptingHTTPServletResponse response, 
-			HttpServletResponse httpResponse) {
-
-		/*
-		 * Early fail: if URI doesn't match.
-		 */
-		if ( uri != null && ! uri.matcher(request.getRequestURI()).matches() ) {
-			return new DoNothingAction(); 
-		}
-
-		/*
-		 * Early fail: if the content type is one we'd like to search for output patterns.
-		 */
-
-		String inboundContentType;
-		String charEnc;
-		
-		if ( response != null ) {
-			if ( response.getContentType() == null ) {
-				response.setContentType(AppGuardianConfiguration.DEFAULT_CONTENT_TYPE);
-			}
-			inboundContentType = response.getContentType();
-			charEnc = response.getCharacterEncoding();
-			
-		} else {
-			if ( httpResponse.getContentType() == null ) {
-				httpResponse.setContentType(AppGuardianConfiguration.DEFAULT_CONTENT_TYPE);
-			}
-			inboundContentType = httpResponse.getContentType();
-			charEnc = httpResponse.getCharacterEncoding();
-		}
-	
-		if ( contentType.matcher(inboundContentType).matches() ) {
-			/*
-			 * Depending on the encoding, search through the bytes
-			 * for the pattern.
-			 */
-			try {
-
-				byte[] bytes = null;
-				
-				try {
-					bytes = response.getInterceptingServletOutputStream().getResponseBytes();
-				} catch (IOException ioe) {
-					log(request,"Error matching pattern '" + pattern.pattern() + "', IOException encountered (possibly too large?): " + ioe.getMessage() + " (in response to URL: '" + request.getRequestURL() + "')");
-					return new DoNothingAction(); // yes this is a fail open!
-				}
-
-				String s = new String(bytes,charEnc);
-
-				if ( pattern.matcher(s).matches() ) {
-
-					log(request,"Content pattern '" + pattern.pattern() + "' was found in response to URL: '" + request.getRequestURL() + "'");
-					return new DefaultAction();
-
-				}
-
-			} catch (UnsupportedEncodingException uee) {
-				log(request,"Content pattern '" + pattern.pattern() + "' could not be found due to encoding error: " + uee.getMessage());
-			}
-		}
-
-		return new DoNothingAction();
-
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.rules;
+
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.util.regex.Pattern;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.owasp.esapi.waf.actions.Action;
+import org.owasp.esapi.waf.actions.DefaultAction;
+import org.owasp.esapi.waf.actions.DoNothingAction;
+import org.owasp.esapi.waf.configuration.AppGuardianConfiguration;
+import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
+
+/**
+ * This is the Rule subclass executed for &lt;detect-content&gt; rules.
+ * @author Arshan Dabirsiaghi
+ *
+ */
+public class DetectOutboundContentRule extends Rule {
+
+	private Pattern contentType;
+	private Pattern pattern;
+	private Pattern uri;
+	
+	public DetectOutboundContentRule(String id, Pattern contentType, Pattern pattern, Pattern uri) {
+		this.contentType = contentType;
+		this.pattern = pattern;
+		this.uri = uri;
+		setId(id);
+	}
+
+	public Action check(HttpServletRequest request,
+			InterceptingHTTPServletResponse response, 
+			HttpServletResponse httpResponse) {
+
+		/*
+		 * Early fail: if URI doesn't match.
+		 */
+		if ( uri != null && ! uri.matcher(request.getRequestURI()).matches() ) {
+			return new DoNothingAction(); 
+		}
+
+		/*
+		 * Early fail: if the content type is one we'd like to search for output patterns.
+		 */
+
+		String inboundContentType;
+		String charEnc;
+		
+		if ( response != null ) {
+			if ( response.getContentType() == null ) {
+				response.setContentType(AppGuardianConfiguration.DEFAULT_CONTENT_TYPE);
+			}
+			inboundContentType = response.getContentType();
+			charEnc = response.getCharacterEncoding();
+			
+		} else {
+			if ( httpResponse.getContentType() == null ) {
+				httpResponse.setContentType(AppGuardianConfiguration.DEFAULT_CONTENT_TYPE);
+			}
+			inboundContentType = httpResponse.getContentType();
+			charEnc = httpResponse.getCharacterEncoding();
+		}
+	
+		if ( contentType.matcher(inboundContentType).matches() ) {
+			/*
+			 * Depending on the encoding, search through the bytes
+			 * for the pattern.
+			 */
+			try {
+
+				byte[] bytes = null;
+				
+				try {
+					bytes = response.getInterceptingServletOutputStream().getResponseBytes();
+				} catch (IOException ioe) {
+					log(request,"Error matching pattern '" + pattern.pattern() + "', IOException encountered (possibly too large?): " + ioe.getMessage() + " (in response to URL: '" + request.getRequestURL() + "')");
+					return new DoNothingAction(); // yes this is a fail open!
+				}
+
+				String s = new String(bytes,charEnc);
+
+				if ( pattern.matcher(s).matches() ) {
+
+					log(request,"Content pattern '" + pattern.pattern() + "' was found in response to URL: '" + request.getRequestURL() + "'");
+					return new DefaultAction();
+
+				}
+
+			} catch (UnsupportedEncodingException uee) {
+				log(request,"Content pattern '" + pattern.pattern() + "' could not be found due to encoding error: " + uee.getMessage());
+			}
+		}
+
+		return new DoNothingAction();
+
+	}
+
+}

From c0deb9d876aef742fc0ae4ac23a88eb5a230eaca Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:50 -0500
Subject: [PATCH 205/812] Change CRLF to LF for issue 356.

---
 .../esapi/waf/rules/EnforceHTTPSRule.java     | 190 +++++++++---------
 1 file changed, 95 insertions(+), 95 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/waf/rules/EnforceHTTPSRule.java b/src/main/java/org/owasp/esapi/waf/rules/EnforceHTTPSRule.java
index 9da25bdda..d15875580 100644
--- a/src/main/java/org/owasp/esapi/waf/rules/EnforceHTTPSRule.java
+++ b/src/main/java/org/owasp/esapi/waf/rules/EnforceHTTPSRule.java
@@ -1,95 +1,95 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.rules;
-
-import java.util.Iterator;
-import java.util.List;
-import java.util.regex.Pattern;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.owasp.esapi.waf.actions.Action;
-import org.owasp.esapi.waf.actions.DefaultAction;
-import org.owasp.esapi.waf.actions.DoNothingAction;
-import org.owasp.esapi.waf.actions.RedirectAction;
-import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
-
-/**
- * This is the Rule subclass executed for &lt;enforce-https&gt; rules.
- * @author Arshan Dabirsiaghi
- *
- */
-public class EnforceHTTPSRule extends Rule {
-
-	private Pattern path;
-	private List<Object> exceptions;
-	private String action;
-
-	/*
-	 * action = [ redirect | block ] [=default (redirect will redirect to error page]
-	 */
-
-	public EnforceHTTPSRule(String id, Pattern path, List<Object> exceptions, String action) {
-		this.path = path;
-		this.exceptions = exceptions;
-		this.action = action;
-		setId(id);
-	}
-
-	public Action check(HttpServletRequest request,
-			InterceptingHTTPServletResponse response, 
-			HttpServletResponse httpResponse) {
-
-		if ( ! request.isSecure() ) {
-
-			if ( path.matcher(request.getRequestURI()).matches() ) {
-
-				Iterator<Object> it = exceptions.iterator();
-
-				while(it.hasNext()){
-
-					Object o = it.next();
-
-					if ( o instanceof String ) {
-						if ( ((String)o).equalsIgnoreCase(request.getRequestURI()) ) {
-							return new DoNothingAction();
-						}
-					} else if ( o instanceof Pattern ) {
-						if ( ((Pattern)o).matcher(request.getRequestURI()).matches() ) {
-							return new DoNothingAction();
-						}
-					}
-
-				}
-
-				log(request,"Insecure request to resource detected in URL: '" + request.getRequestURL() + "'");
-
-				if ( "redirect".equals(action) ) {
-					RedirectAction ra = new RedirectAction();
-					ra.setRedirectURL(request.getRequestURL().toString().replaceFirst("http", "https"));
-					return ra;
-				}
-
-				return new DefaultAction();
-
-			}
-		}
-
-		return new DoNothingAction();
-
-	}
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.rules;
+
+import java.util.Iterator;
+import java.util.List;
+import java.util.regex.Pattern;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.owasp.esapi.waf.actions.Action;
+import org.owasp.esapi.waf.actions.DefaultAction;
+import org.owasp.esapi.waf.actions.DoNothingAction;
+import org.owasp.esapi.waf.actions.RedirectAction;
+import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
+
+/**
+ * This is the Rule subclass executed for &lt;enforce-https&gt; rules.
+ * @author Arshan Dabirsiaghi
+ *
+ */
+public class EnforceHTTPSRule extends Rule {
+
+	private Pattern path;
+	private List<Object> exceptions;
+	private String action;
+
+	/*
+	 * action = [ redirect | block ] [=default (redirect will redirect to error page]
+	 */
+
+	public EnforceHTTPSRule(String id, Pattern path, List<Object> exceptions, String action) {
+		this.path = path;
+		this.exceptions = exceptions;
+		this.action = action;
+		setId(id);
+	}
+
+	public Action check(HttpServletRequest request,
+			InterceptingHTTPServletResponse response, 
+			HttpServletResponse httpResponse) {
+
+		if ( ! request.isSecure() ) {
+
+			if ( path.matcher(request.getRequestURI()).matches() ) {
+
+				Iterator<Object> it = exceptions.iterator();
+
+				while(it.hasNext()){
+
+					Object o = it.next();
+
+					if ( o instanceof String ) {
+						if ( ((String)o).equalsIgnoreCase(request.getRequestURI()) ) {
+							return new DoNothingAction();
+						}
+					} else if ( o instanceof Pattern ) {
+						if ( ((Pattern)o).matcher(request.getRequestURI()).matches() ) {
+							return new DoNothingAction();
+						}
+					}
+
+				}
+
+				log(request,"Insecure request to resource detected in URL: '" + request.getRequestURL() + "'");
+
+				if ( "redirect".equals(action) ) {
+					RedirectAction ra = new RedirectAction();
+					ra.setRedirectURL(request.getRequestURL().toString().replaceFirst("http", "https"));
+					return ra;
+				}
+
+				return new DefaultAction();
+
+			}
+		}
+
+		return new DoNothingAction();
+
+	}
+}

From c0cf023d58aa3c52f6c3b5cf73f8459f8b54f4f0 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:50 -0500
Subject: [PATCH 206/812] Change CRLF to LF for issue 356.

---
 .../waf/rules/GeneralAttackSignatureRule.java | 126 +++++++++---------
 1 file changed, 63 insertions(+), 63 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/waf/rules/GeneralAttackSignatureRule.java b/src/main/java/org/owasp/esapi/waf/rules/GeneralAttackSignatureRule.java
index 1c5355094..56fad6c19 100644
--- a/src/main/java/org/owasp/esapi/waf/rules/GeneralAttackSignatureRule.java
+++ b/src/main/java/org/owasp/esapi/waf/rules/GeneralAttackSignatureRule.java
@@ -1,63 +1,63 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.rules;
-
-import java.util.Enumeration;
-import java.util.regex.Pattern;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.owasp.esapi.waf.actions.Action;
-import org.owasp.esapi.waf.actions.DefaultAction;
-import org.owasp.esapi.waf.actions.DoNothingAction;
-import org.owasp.esapi.waf.internal.InterceptingHTTPServletRequest;
-import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
-
-/**
- * This is the Rule subclass executed for &lt;general-attack-signature&gt; rules, which 
- * are not currently implemented.
- * @author Arshan Dabirsiaghi
- *
- */
-public class GeneralAttackSignatureRule extends Rule {
-
-	private Pattern signature;
-
-	public GeneralAttackSignatureRule(String id, Pattern signature) {
-		this.signature = signature;
-		setId(id);
-	}
-
-	public Action check(HttpServletRequest req,
-			InterceptingHTTPServletResponse response, 
-			HttpServletResponse httpResponse) {
-
-		InterceptingHTTPServletRequest request = (InterceptingHTTPServletRequest)req;
-		Enumeration e = request.getParameterNames();
-
-		while(e.hasMoreElements()) {
-			String param = (String)e.nextElement();
-			if ( signature.matcher(request.getDictionaryParameter(param)).matches() ) {
-				log(request,"General attack signature detected in parameter '" + param + "' value '" + request.getDictionaryParameter(param) + "'");
-				return new DefaultAction();
-			}
-		}
-
-		return new DoNothingAction();
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.rules;
+
+import java.util.Enumeration;
+import java.util.regex.Pattern;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.owasp.esapi.waf.actions.Action;
+import org.owasp.esapi.waf.actions.DefaultAction;
+import org.owasp.esapi.waf.actions.DoNothingAction;
+import org.owasp.esapi.waf.internal.InterceptingHTTPServletRequest;
+import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
+
+/**
+ * This is the Rule subclass executed for &lt;general-attack-signature&gt; rules, which 
+ * are not currently implemented.
+ * @author Arshan Dabirsiaghi
+ *
+ */
+public class GeneralAttackSignatureRule extends Rule {
+
+	private Pattern signature;
+
+	public GeneralAttackSignatureRule(String id, Pattern signature) {
+		this.signature = signature;
+		setId(id);
+	}
+
+	public Action check(HttpServletRequest req,
+			InterceptingHTTPServletResponse response, 
+			HttpServletResponse httpResponse) {
+
+		InterceptingHTTPServletRequest request = (InterceptingHTTPServletRequest)req;
+		Enumeration e = request.getParameterNames();
+
+		while(e.hasMoreElements()) {
+			String param = (String)e.nextElement();
+			if ( signature.matcher(request.getDictionaryParameter(param)).matches() ) {
+				log(request,"General attack signature detected in parameter '" + param + "' value '" + request.getDictionaryParameter(param) + "'");
+				return new DefaultAction();
+			}
+		}
+
+		return new DoNothingAction();
+	}
+
+}

From 0065ae0115adef7b997a339d19451ae05faf3223 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:50 -0500
Subject: [PATCH 207/812] Change CRLF to LF for issue 356.

---
 .../owasp/esapi/waf/rules/HTTPMethodRule.java | 156 +++++++++---------
 1 file changed, 78 insertions(+), 78 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/waf/rules/HTTPMethodRule.java b/src/main/java/org/owasp/esapi/waf/rules/HTTPMethodRule.java
index 5aa132fdf..cd9e603a1 100644
--- a/src/main/java/org/owasp/esapi/waf/rules/HTTPMethodRule.java
+++ b/src/main/java/org/owasp/esapi/waf/rules/HTTPMethodRule.java
@@ -1,78 +1,78 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.rules;
-
-import java.util.regex.Pattern;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.owasp.esapi.waf.actions.Action;
-import org.owasp.esapi.waf.actions.DefaultAction;
-import org.owasp.esapi.waf.actions.DoNothingAction;
-import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
-
-/**
- * This is the Rule subclass executed for &lt;restrict-method&gt; rules.
- * @author Arshan Dabirsiaghi
- *
- */
-public class HTTPMethodRule extends Rule {
-
-	private Pattern allowedMethods;
-	private Pattern deniedMethods;
-	private Pattern path;
-
-	public HTTPMethodRule(String id, Pattern allowedMethods, Pattern deniedMethods, Pattern path) {
-		this.allowedMethods = allowedMethods;
-		this.deniedMethods = deniedMethods;
-		this.path = path;
-		setId(id);
-	}
-
-	public Action check(HttpServletRequest request,
-			InterceptingHTTPServletResponse response, 
-			HttpServletResponse httpResponse) {
-
-		/*
-		 * If no path is specified, apply rule globally.
-		 */
-		String uri = request.getRequestURI();
-		String method = request.getMethod();
-
-		if ( path == null || path.matcher(uri).matches() ) {
-			/*
-			 *	Order allow, deny.
-			 */
-
-			if ( allowedMethods != null && allowedMethods.matcher(method).matches() ) {
-				return new DoNothingAction();
-			} else if ( allowedMethods != null ) {
-				log(request,"Disallowed HTTP method '" + request.getMethod() + "' found for URL: " + request.getRequestURL());
-				return new DefaultAction();
-			}
-
-			if ( deniedMethods != null && deniedMethods.matcher(method).matches() ) {
-				log(request,"Disallowed HTTP method '" + request.getMethod() + "' found for URL: " + request.getRequestURL());
-				return new DefaultAction();
-			}
-
-		}
-
-		return new DoNothingAction();
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.rules;
+
+import java.util.regex.Pattern;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.owasp.esapi.waf.actions.Action;
+import org.owasp.esapi.waf.actions.DefaultAction;
+import org.owasp.esapi.waf.actions.DoNothingAction;
+import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
+
+/**
+ * This is the Rule subclass executed for &lt;restrict-method&gt; rules.
+ * @author Arshan Dabirsiaghi
+ *
+ */
+public class HTTPMethodRule extends Rule {
+
+	private Pattern allowedMethods;
+	private Pattern deniedMethods;
+	private Pattern path;
+
+	public HTTPMethodRule(String id, Pattern allowedMethods, Pattern deniedMethods, Pattern path) {
+		this.allowedMethods = allowedMethods;
+		this.deniedMethods = deniedMethods;
+		this.path = path;
+		setId(id);
+	}
+
+	public Action check(HttpServletRequest request,
+			InterceptingHTTPServletResponse response, 
+			HttpServletResponse httpResponse) {
+
+		/*
+		 * If no path is specified, apply rule globally.
+		 */
+		String uri = request.getRequestURI();
+		String method = request.getMethod();
+
+		if ( path == null || path.matcher(uri).matches() ) {
+			/*
+			 *	Order allow, deny.
+			 */
+
+			if ( allowedMethods != null && allowedMethods.matcher(method).matches() ) {
+				return new DoNothingAction();
+			} else if ( allowedMethods != null ) {
+				log(request,"Disallowed HTTP method '" + request.getMethod() + "' found for URL: " + request.getRequestURL());
+				return new DefaultAction();
+			}
+
+			if ( deniedMethods != null && deniedMethods.matcher(method).matches() ) {
+				log(request,"Disallowed HTTP method '" + request.getMethod() + "' found for URL: " + request.getRequestURL());
+				return new DefaultAction();
+			}
+
+		}
+
+		return new DoNothingAction();
+	}
+
+}

From 23ef598bc9840f93a33102ed62c90cc7c54ba9f5 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:50 -0500
Subject: [PATCH 208/812] Change CRLF to LF for issue 356.

---
 .../org/owasp/esapi/waf/rules/IPRule.java     | 158 +++++++++---------
 1 file changed, 79 insertions(+), 79 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/waf/rules/IPRule.java b/src/main/java/org/owasp/esapi/waf/rules/IPRule.java
index e6a15c81f..3381afe05 100644
--- a/src/main/java/org/owasp/esapi/waf/rules/IPRule.java
+++ b/src/main/java/org/owasp/esapi/waf/rules/IPRule.java
@@ -1,79 +1,79 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.rules;
-
-import java.util.regex.Pattern;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.owasp.esapi.waf.actions.Action;
-import org.owasp.esapi.waf.actions.DefaultAction;
-import org.owasp.esapi.waf.actions.DoNothingAction;
-import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
-
-/**
- * This is the Rule subclass executed for &lt;detect-source-ip&gt; rules.
- * @author Arshan Dabirsiaghi
- *
- */
-public class IPRule extends Rule {
-
-	private Pattern allowedIP;
-	private String exactPath;
-	private Pattern path;
-	private boolean useExactPath = false;
-	private String ipHeader;
-
-	public IPRule(String id, Pattern allowedIP, Pattern path, String ipHeader) {
-		this.allowedIP = allowedIP;
-		this.path = path;
-		this.useExactPath = false;
-		this.ipHeader = ipHeader;
-		setId(id);
-	}
-
-	public IPRule(String id, Pattern allowedIP, String exactPath) {
-		this.path = null;
-		this.exactPath = exactPath;
-		this.useExactPath = true;
-		setId(id);
-	}
-
-	public Action check(HttpServletRequest request,
-			InterceptingHTTPServletResponse response, 
-			HttpServletResponse httpResponse) {
-
-		String uri = request.getRequestURI();
-
-		if ( (!useExactPath && path.matcher(uri).matches()) ||
-			 ( useExactPath && exactPath.equals(uri)) ) {
-			
-			String sourceIP = request.getRemoteAddr() + "";
-			
-			if ( ipHeader != null ) {
-				sourceIP = request.getHeader(ipHeader);
-			}
-			
-			if ( ! allowedIP.matcher(sourceIP).matches() ) {
-				log(request, "IP not allowed to access URI '" + uri + "'");
-				return new DefaultAction();
-			}
-		}
-
-		return new DoNothingAction();
-	}
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.rules;
+
+import java.util.regex.Pattern;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.owasp.esapi.waf.actions.Action;
+import org.owasp.esapi.waf.actions.DefaultAction;
+import org.owasp.esapi.waf.actions.DoNothingAction;
+import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
+
+/**
+ * This is the Rule subclass executed for &lt;detect-source-ip&gt; rules.
+ * @author Arshan Dabirsiaghi
+ *
+ */
+public class IPRule extends Rule {
+
+	private Pattern allowedIP;
+	private String exactPath;
+	private Pattern path;
+	private boolean useExactPath = false;
+	private String ipHeader;
+
+	public IPRule(String id, Pattern allowedIP, Pattern path, String ipHeader) {
+		this.allowedIP = allowedIP;
+		this.path = path;
+		this.useExactPath = false;
+		this.ipHeader = ipHeader;
+		setId(id);
+	}
+
+	public IPRule(String id, Pattern allowedIP, String exactPath) {
+		this.path = null;
+		this.exactPath = exactPath;
+		this.useExactPath = true;
+		setId(id);
+	}
+
+	public Action check(HttpServletRequest request,
+			InterceptingHTTPServletResponse response, 
+			HttpServletResponse httpResponse) {
+
+		String uri = request.getRequestURI();
+
+		if ( (!useExactPath && path.matcher(uri).matches()) ||
+			 ( useExactPath && exactPath.equals(uri)) ) {
+			
+			String sourceIP = request.getRemoteAddr() + "";
+			
+			if ( ipHeader != null ) {
+				sourceIP = request.getHeader(ipHeader);
+			}
+			
+			if ( ! allowedIP.matcher(sourceIP).matches() ) {
+				log(request, "IP not allowed to access URI '" + uri + "'");
+				return new DefaultAction();
+			}
+		}
+
+		return new DoNothingAction();
+	}
+}

From aebb77ad653b99b8edfc655beb5b189144e1f780 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:50 -0500
Subject: [PATCH 209/812] Change CRLF to LF for issue 356.

---
 .../owasp/esapi/waf/rules/MustMatchRule.java  | 672 +++++++++---------
 1 file changed, 336 insertions(+), 336 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/waf/rules/MustMatchRule.java b/src/main/java/org/owasp/esapi/waf/rules/MustMatchRule.java
index 44e09cd11..b761e2358 100644
--- a/src/main/java/org/owasp/esapi/waf/rules/MustMatchRule.java
+++ b/src/main/java/org/owasp/esapi/waf/rules/MustMatchRule.java
@@ -1,336 +1,336 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.rules;
-
-import java.util.Collection;
-import java.util.Enumeration;
-import java.util.Map;
-import java.util.regex.Pattern;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.owasp.esapi.waf.actions.Action;
-import org.owasp.esapi.waf.actions.DefaultAction;
-import org.owasp.esapi.waf.actions.DoNothingAction;
-import org.owasp.esapi.waf.configuration.AppGuardianConfiguration;
-import org.owasp.esapi.waf.internal.InterceptingHTTPServletRequest;
-import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
-
-/**
- * This is the Rule subclass executed for &lt;must-match&gt; rules.
- * @author Arshan Dabirsiaghi
- *
- */
-public class MustMatchRule extends Rule {
-
-	private static final String REQUEST_PARAMETERS = "request.parameters.";
-	private static final String REQUEST_HEADERS = "request.headers.";
-	private static final String REQUEST_URI = "request.uri";
-	private static final String REQUEST_URL = "request.url";
-	private static final String SESSION_ATTRIBUTES = "session.";
-
-	private Pattern path;
-	private String variable;
-	private int operator;
-	private String value;
-
-	public MustMatchRule(String id, Pattern path, String variable, int operator, String value) {
-		this.path = path;
-		this.variable = variable;
-		this.operator = operator;
-		this.value = value;
-		setId(id);
-	}
-
-	public Action check(HttpServletRequest req,
-			InterceptingHTTPServletResponse response,
-			HttpServletResponse httpResponse) {
-
-		InterceptingHTTPServletRequest request = (InterceptingHTTPServletRequest)req;
-
-		String uri = request.getRequestURI();
-		if ( ! path.matcher(uri).matches() ) {
-
-			return new DoNothingAction();
-
-		} else {
-
-			String target = null;
-
-			/*
-			 * First check if we're going to be dealing with request parameters
-			 */
-			if ( variable.startsWith( REQUEST_PARAMETERS ) ) {
-
-				if ( operator == AppGuardianConfiguration.OPERATOR_EXISTS ) {
-
-					target = variable.substring(REQUEST_PARAMETERS.length());
-
-					if ( request.getParameter(target) != null ) {
-						return new DoNothingAction();
-					}
-
-				} else if ( operator == AppGuardianConfiguration.OPERATOR_IN_LIST ) {
-
-					/*
-					 * This doesn't make sense. The variable to test is a request parameter
-					 * but the rule is looking for a List. Let the control fall through
-					 * to the bottom where we'll return false.
-					 */
-
-				} else if ( operator == AppGuardianConfiguration.OPERATOR_EQ || operator == AppGuardianConfiguration.OPERATOR_CONTAINS ) {
-
-					/**
-					 * Working with request parameters. If we detect
-					 * simple regex characters, we treat it as a regex.
-					 * Otherwise we treat it as a single parameter.
-					 */
-					target = variable.substring(REQUEST_PARAMETERS.length());
-
-					if ( target.contains("*") || target.contains("?") ) {
-
-						target = target.replaceAll("*", ".*");
-						Pattern p = Pattern.compile(target);
-
-						Enumeration e = request.getParameterNames();
-
-						while(e.hasMoreElements()) {
-							String param = (String)e.nextElement();
-
-							if ( p.matcher(param).matches() ) {
-								String s = request.getParameter(param);
-								if ( ! RuleUtil.testValue(s, value, operator) ) {
-									log(request, "MustMatch rule failed (operator="+operator+"), value='" + value + "', input='" + s + "' parameter='"+param+"'");
-									return new DefaultAction();
-								}
-							}
-						}
-
-					} else {
-
-						String s = request.getParameter(target);
-
-						if ( ! RuleUtil.testValue(s, value, operator) ) {
-							log(request, "MustMatch rule failed (operator="+operator+"), value='" + value + "', input='" + s + "', parameter='"+target+"'");
-							return new DefaultAction();
-						}
-
-					}
-				}
-
-			} else if ( variable.startsWith( REQUEST_HEADERS ) ) {
-
-				/**
-				 * Do the same for request headers.
-				 */
-
-				if ( operator == AppGuardianConfiguration.OPERATOR_EXISTS ) {
-
-					target = variable.substring(REQUEST_HEADERS.length());
-
-					if ( request.getHeader(target) != null ) {
-						return new DoNothingAction();
-					}
-
-				} else if ( operator == AppGuardianConfiguration.OPERATOR_IN_LIST ) {
-
-					/*
-					 * This doesn't make sense. The variable to test is a request header
-					 * but the rule is looking for a List. Let the control fall through
-					 * to the bottom where we'll return false.
-					 */
-
-				} else if ( operator == AppGuardianConfiguration.OPERATOR_EQ || operator == AppGuardianConfiguration.OPERATOR_CONTAINS ) {
-
-					target = variable.substring(REQUEST_HEADERS.length());
-
-					if ( target.contains("*") || target.contains("?") ) {
-
-						target = target.replaceAll("*", ".*");
-						Pattern p = Pattern.compile(target);
-
-						Enumeration e = request.getHeaderNames();
-
-						while(e.hasMoreElements()) {
-							String header = (String)e.nextElement();
-							if ( p.matcher(header).matches() ) {
-								String s = request.getHeader(header);
-								if ( ! RuleUtil.testValue(s, value, operator) ) {
-									log(request, "MustMatch rule failed (operator="+operator+"), value='" + value + "', input='" + s + "', header='"+header+"'");
-									return new DefaultAction();
-								}
-							}
-						}
-
-						return new DoNothingAction();
-
-					} else {
-
-						String s = request.getHeader(target);
-
-						if ( s == null || ! RuleUtil.testValue(s, value, operator) ) {
-							log(request, "MustMatch rule failed (operator="+operator+"), value='" + value + "', input='" + s + "', header='"+target+"'");
-							return new DefaultAction();
-						}
-
-						return new DoNothingAction();
-
-					}
-
-				}
-
-			} else if ( variable.startsWith(SESSION_ATTRIBUTES) ) {
-
-				/**
-				 * Do the same for session attributes. Can't possibly match
-				 * ANY rule if there is no session object.
-				 */
-				if ( request.getSession(false) == null ) {
-					return new DefaultAction();
-				}
-
-				target = variable.substring(SESSION_ATTRIBUTES.length()+1);
-
-				if ( operator == AppGuardianConfiguration.OPERATOR_IN_LIST ) {
-
-					/*
-					 * Want to check if the List/Enumeration/whatever stored
-					 * in "target" contains the value in "value".
-					 */
-
-					Object o = request.getSession(false).getAttribute(target);
-
-					if ( o instanceof Collection ) {
-						if ( RuleUtil.isInList((Collection)o, value) ) {
-							return new DoNothingAction();
-						} else {
-							log(request, "MustMatch rule failed - looking for value='" + value + "', in session Collection attribute '" + target + "']");
-							return new DefaultAction();
-						}
-					} else if ( o instanceof Map ) {
-						if ( RuleUtil.isInList((Map)o, value) ) {
-							return new DoNothingAction();
-						} else {
-							log(request, "MustMatch rule failed - looking for value='" + value + "', in session Map attribute '" + target + "']");
-							return new DefaultAction();
-						}
-					} else if ( o instanceof Enumeration ) {
-						if ( RuleUtil.isInList((Enumeration)o, value) ) {
-							return new DoNothingAction();
-						} else {
-							log(request, "MustMatch rule failed - looking for value='" + value + "', in session Enumeration attribute '" + target + "']");
-							return new DefaultAction();
-						}
-					}
-
-					/*
-					 * The attribute was not a common list-type of Java object s
-					 * let the control fall through to the bottom where it will
-					 * fail.
-					 */
-
-				} else if ( operator == AppGuardianConfiguration.OPERATOR_EXISTS) {
-
-					Object o = request.getSession(false).getAttribute(target);
-
-					if ( o != null ) {
-						return new DoNothingAction();
-					} else {
-						log(request, "MustMatch rule failed - couldn't find required session attribute='" + target + "'");
-						return new DefaultAction();
-					}
-
-				} else if ( operator == AppGuardianConfiguration.OPERATOR_EQ || operator == AppGuardianConfiguration.OPERATOR_CONTAINS ) {
-
-					if ( target.contains("*") || target.contains("?") ) {
-
-						target = target.replaceAll("\\*", ".*");
-						Pattern p = Pattern.compile(target);
-
-						Enumeration e = request.getSession(false).getAttributeNames();
-
-						while(e.hasMoreElements()) {
-
-							String attr = (String)e.nextElement();
-
-							if (p.matcher(attr).matches() ) {
-
-								Object o = request.getSession(false).getAttribute(attr);
-
-								if ( ! RuleUtil.testValue((String)o, value, operator) ) {
-									log(request, "MustMatch rule failed (operator="+operator+"), value='" + value + "', session attribute='" + attr + "', attribute value='"+(String)o+"'");
-									return new DefaultAction();
-								} else {
-									return new DoNothingAction();
-								}
-							}
-						}
-
-					} else {
-
-						Object o = request.getSession(false).getAttribute(target);
-
-						if ( ! RuleUtil.testValue((String)o, value, operator) ) {
-							log(request, "MustMatch rule failed (operator="+operator+"), value='" + value + "', session attribute='" + target + "', attribute value='"+(String)o+"'");
-							return new DefaultAction();
-						} else {
-							return new DoNothingAction();
-						}
-
-					}
-
-				}
-
-			} else if ( variable.equals( REQUEST_URI ) ) {
-
-				if ( operator == AppGuardianConfiguration.OPERATOR_EQ || operator == AppGuardianConfiguration.OPERATOR_CONTAINS ) {
-					if ( RuleUtil.testValue(request.getRequestURI(), value, operator) ) {
-						return new DoNothingAction();
-					} else {
-						log(request, "MustMatch rule on request URI failed (operator="+operator+"), requestURI='" + request.getRequestURI() + "', value='" + value+ "'");
-						return new DefaultAction();
-					}
-				}
-
-				/*
-				 * Any other operator doesn't make sense.
-				 */
-
-			} else if ( variable.equals( REQUEST_URL ) ) {
-
-				if ( operator == AppGuardianConfiguration.OPERATOR_EQ || operator == AppGuardianConfiguration.OPERATOR_CONTAINS ) {
-					if ( RuleUtil.testValue(request.getRequestURL().toString(), value, operator) ) {
-						return new DoNothingAction();
-					} else {
-						log(request, "MustMatch rule on request URL failed (operator="+operator+"), requestURL='" + request.getRequestURL() + "', value='" + value+ "'");
-						return new DefaultAction();
-					}
-				}
-
-				/*
-				 * Any other operator doesn't make sense.
-				 */
-			}
-
-		}
-
-		log(request, "MustMatch rule failed close on URL '" + request.getRequestURL() + "'");
-		return new DefaultAction();
-
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.rules;
+
+import java.util.Collection;
+import java.util.Enumeration;
+import java.util.Map;
+import java.util.regex.Pattern;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.owasp.esapi.waf.actions.Action;
+import org.owasp.esapi.waf.actions.DefaultAction;
+import org.owasp.esapi.waf.actions.DoNothingAction;
+import org.owasp.esapi.waf.configuration.AppGuardianConfiguration;
+import org.owasp.esapi.waf.internal.InterceptingHTTPServletRequest;
+import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
+
+/**
+ * This is the Rule subclass executed for &lt;must-match&gt; rules.
+ * @author Arshan Dabirsiaghi
+ *
+ */
+public class MustMatchRule extends Rule {
+
+	private static final String REQUEST_PARAMETERS = "request.parameters.";
+	private static final String REQUEST_HEADERS = "request.headers.";
+	private static final String REQUEST_URI = "request.uri";
+	private static final String REQUEST_URL = "request.url";
+	private static final String SESSION_ATTRIBUTES = "session.";
+
+	private Pattern path;
+	private String variable;
+	private int operator;
+	private String value;
+
+	public MustMatchRule(String id, Pattern path, String variable, int operator, String value) {
+		this.path = path;
+		this.variable = variable;
+		this.operator = operator;
+		this.value = value;
+		setId(id);
+	}
+
+	public Action check(HttpServletRequest req,
+			InterceptingHTTPServletResponse response,
+			HttpServletResponse httpResponse) {
+
+		InterceptingHTTPServletRequest request = (InterceptingHTTPServletRequest)req;
+
+		String uri = request.getRequestURI();
+		if ( ! path.matcher(uri).matches() ) {
+
+			return new DoNothingAction();
+
+		} else {
+
+			String target = null;
+
+			/*
+			 * First check if we're going to be dealing with request parameters
+			 */
+			if ( variable.startsWith( REQUEST_PARAMETERS ) ) {
+
+				if ( operator == AppGuardianConfiguration.OPERATOR_EXISTS ) {
+
+					target = variable.substring(REQUEST_PARAMETERS.length());
+
+					if ( request.getParameter(target) != null ) {
+						return new DoNothingAction();
+					}
+
+				} else if ( operator == AppGuardianConfiguration.OPERATOR_IN_LIST ) {
+
+					/*
+					 * This doesn't make sense. The variable to test is a request parameter
+					 * but the rule is looking for a List. Let the control fall through
+					 * to the bottom where we'll return false.
+					 */
+
+				} else if ( operator == AppGuardianConfiguration.OPERATOR_EQ || operator == AppGuardianConfiguration.OPERATOR_CONTAINS ) {
+
+					/**
+					 * Working with request parameters. If we detect
+					 * simple regex characters, we treat it as a regex.
+					 * Otherwise we treat it as a single parameter.
+					 */
+					target = variable.substring(REQUEST_PARAMETERS.length());
+
+					if ( target.contains("*") || target.contains("?") ) {
+
+						target = target.replaceAll("*", ".*");
+						Pattern p = Pattern.compile(target);
+
+						Enumeration e = request.getParameterNames();
+
+						while(e.hasMoreElements()) {
+							String param = (String)e.nextElement();
+
+							if ( p.matcher(param).matches() ) {
+								String s = request.getParameter(param);
+								if ( ! RuleUtil.testValue(s, value, operator) ) {
+									log(request, "MustMatch rule failed (operator="+operator+"), value='" + value + "', input='" + s + "' parameter='"+param+"'");
+									return new DefaultAction();
+								}
+							}
+						}
+
+					} else {
+
+						String s = request.getParameter(target);
+
+						if ( ! RuleUtil.testValue(s, value, operator) ) {
+							log(request, "MustMatch rule failed (operator="+operator+"), value='" + value + "', input='" + s + "', parameter='"+target+"'");
+							return new DefaultAction();
+						}
+
+					}
+				}
+
+			} else if ( variable.startsWith( REQUEST_HEADERS ) ) {
+
+				/**
+				 * Do the same for request headers.
+				 */
+
+				if ( operator == AppGuardianConfiguration.OPERATOR_EXISTS ) {
+
+					target = variable.substring(REQUEST_HEADERS.length());
+
+					if ( request.getHeader(target) != null ) {
+						return new DoNothingAction();
+					}
+
+				} else if ( operator == AppGuardianConfiguration.OPERATOR_IN_LIST ) {
+
+					/*
+					 * This doesn't make sense. The variable to test is a request header
+					 * but the rule is looking for a List. Let the control fall through
+					 * to the bottom where we'll return false.
+					 */
+
+				} else if ( operator == AppGuardianConfiguration.OPERATOR_EQ || operator == AppGuardianConfiguration.OPERATOR_CONTAINS ) {
+
+					target = variable.substring(REQUEST_HEADERS.length());
+
+					if ( target.contains("*") || target.contains("?") ) {
+
+						target = target.replaceAll("*", ".*");
+						Pattern p = Pattern.compile(target);
+
+						Enumeration e = request.getHeaderNames();
+
+						while(e.hasMoreElements()) {
+							String header = (String)e.nextElement();
+							if ( p.matcher(header).matches() ) {
+								String s = request.getHeader(header);
+								if ( ! RuleUtil.testValue(s, value, operator) ) {
+									log(request, "MustMatch rule failed (operator="+operator+"), value='" + value + "', input='" + s + "', header='"+header+"'");
+									return new DefaultAction();
+								}
+							}
+						}
+
+						return new DoNothingAction();
+
+					} else {
+
+						String s = request.getHeader(target);
+
+						if ( s == null || ! RuleUtil.testValue(s, value, operator) ) {
+							log(request, "MustMatch rule failed (operator="+operator+"), value='" + value + "', input='" + s + "', header='"+target+"'");
+							return new DefaultAction();
+						}
+
+						return new DoNothingAction();
+
+					}
+
+				}
+
+			} else if ( variable.startsWith(SESSION_ATTRIBUTES) ) {
+
+				/**
+				 * Do the same for session attributes. Can't possibly match
+				 * ANY rule if there is no session object.
+				 */
+				if ( request.getSession(false) == null ) {
+					return new DefaultAction();
+				}
+
+				target = variable.substring(SESSION_ATTRIBUTES.length()+1);
+
+				if ( operator == AppGuardianConfiguration.OPERATOR_IN_LIST ) {
+
+					/*
+					 * Want to check if the List/Enumeration/whatever stored
+					 * in "target" contains the value in "value".
+					 */
+
+					Object o = request.getSession(false).getAttribute(target);
+
+					if ( o instanceof Collection ) {
+						if ( RuleUtil.isInList((Collection)o, value) ) {
+							return new DoNothingAction();
+						} else {
+							log(request, "MustMatch rule failed - looking for value='" + value + "', in session Collection attribute '" + target + "']");
+							return new DefaultAction();
+						}
+					} else if ( o instanceof Map ) {
+						if ( RuleUtil.isInList((Map)o, value) ) {
+							return new DoNothingAction();
+						} else {
+							log(request, "MustMatch rule failed - looking for value='" + value + "', in session Map attribute '" + target + "']");
+							return new DefaultAction();
+						}
+					} else if ( o instanceof Enumeration ) {
+						if ( RuleUtil.isInList((Enumeration)o, value) ) {
+							return new DoNothingAction();
+						} else {
+							log(request, "MustMatch rule failed - looking for value='" + value + "', in session Enumeration attribute '" + target + "']");
+							return new DefaultAction();
+						}
+					}
+
+					/*
+					 * The attribute was not a common list-type of Java object s
+					 * let the control fall through to the bottom where it will
+					 * fail.
+					 */
+
+				} else if ( operator == AppGuardianConfiguration.OPERATOR_EXISTS) {
+
+					Object o = request.getSession(false).getAttribute(target);
+
+					if ( o != null ) {
+						return new DoNothingAction();
+					} else {
+						log(request, "MustMatch rule failed - couldn't find required session attribute='" + target + "'");
+						return new DefaultAction();
+					}
+
+				} else if ( operator == AppGuardianConfiguration.OPERATOR_EQ || operator == AppGuardianConfiguration.OPERATOR_CONTAINS ) {
+
+					if ( target.contains("*") || target.contains("?") ) {
+
+						target = target.replaceAll("\\*", ".*");
+						Pattern p = Pattern.compile(target);
+
+						Enumeration e = request.getSession(false).getAttributeNames();
+
+						while(e.hasMoreElements()) {
+
+							String attr = (String)e.nextElement();
+
+							if (p.matcher(attr).matches() ) {
+
+								Object o = request.getSession(false).getAttribute(attr);
+
+								if ( ! RuleUtil.testValue((String)o, value, operator) ) {
+									log(request, "MustMatch rule failed (operator="+operator+"), value='" + value + "', session attribute='" + attr + "', attribute value='"+(String)o+"'");
+									return new DefaultAction();
+								} else {
+									return new DoNothingAction();
+								}
+							}
+						}
+
+					} else {
+
+						Object o = request.getSession(false).getAttribute(target);
+
+						if ( ! RuleUtil.testValue((String)o, value, operator) ) {
+							log(request, "MustMatch rule failed (operator="+operator+"), value='" + value + "', session attribute='" + target + "', attribute value='"+(String)o+"'");
+							return new DefaultAction();
+						} else {
+							return new DoNothingAction();
+						}
+
+					}
+
+				}
+
+			} else if ( variable.equals( REQUEST_URI ) ) {
+
+				if ( operator == AppGuardianConfiguration.OPERATOR_EQ || operator == AppGuardianConfiguration.OPERATOR_CONTAINS ) {
+					if ( RuleUtil.testValue(request.getRequestURI(), value, operator) ) {
+						return new DoNothingAction();
+					} else {
+						log(request, "MustMatch rule on request URI failed (operator="+operator+"), requestURI='" + request.getRequestURI() + "', value='" + value+ "'");
+						return new DefaultAction();
+					}
+				}
+
+				/*
+				 * Any other operator doesn't make sense.
+				 */
+
+			} else if ( variable.equals( REQUEST_URL ) ) {
+
+				if ( operator == AppGuardianConfiguration.OPERATOR_EQ || operator == AppGuardianConfiguration.OPERATOR_CONTAINS ) {
+					if ( RuleUtil.testValue(request.getRequestURL().toString(), value, operator) ) {
+						return new DoNothingAction();
+					} else {
+						log(request, "MustMatch rule on request URL failed (operator="+operator+"), requestURL='" + request.getRequestURL() + "', value='" + value+ "'");
+						return new DefaultAction();
+					}
+				}
+
+				/*
+				 * Any other operator doesn't make sense.
+				 */
+			}
+
+		}
+
+		log(request, "MustMatch rule failed close on URL '" + request.getRequestURL() + "'");
+		return new DefaultAction();
+
+	}
+
+}

From 0600202c9bd9ec8179338bb0c63d9db0b6269946 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:50 -0500
Subject: [PATCH 210/812] Change CRLF to LF for issue 356.

---
 .../esapi/waf/rules/PathExtensionRule.java    | 120 +++++++++---------
 1 file changed, 60 insertions(+), 60 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/waf/rules/PathExtensionRule.java b/src/main/java/org/owasp/esapi/waf/rules/PathExtensionRule.java
index f27fc4fd9..06b13e2fd 100644
--- a/src/main/java/org/owasp/esapi/waf/rules/PathExtensionRule.java
+++ b/src/main/java/org/owasp/esapi/waf/rules/PathExtensionRule.java
@@ -1,60 +1,60 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.rules;
-
-import java.util.regex.Pattern;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.owasp.esapi.waf.actions.Action;
-import org.owasp.esapi.waf.actions.DefaultAction;
-import org.owasp.esapi.waf.actions.DoNothingAction;
-import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
-
-/**
- * This is the Rule subclass executed for &lt;restrict-extension&gt; rules.
- * @author Arshan Dabirsiaghi
- *
- */
-public class PathExtensionRule extends Rule {
-
-	private Pattern allow;
-	private Pattern deny;
-
-	public PathExtensionRule (String id, Pattern allow, Pattern deny) {
-		this.allow = allow;
-		this.deny = deny;
-		setId(id);
-	}
-
-	public Action check(HttpServletRequest request,
-			InterceptingHTTPServletResponse response, 
-			HttpServletResponse httpResponse) {
-
-		if ( allow != null && allow.matcher(request.getRequestURI()).matches() ) {
-			return new DoNothingAction();
-		} else if ( deny != null && deny.matcher(request.getRequestURI()).matches() ) {
-
-			log(request, "Disallowed extension pattern '" + deny.pattern() + "' found on URI '" + request.getRequestURI() + "'");
-
-			return new DefaultAction();
-		}
-
-		return new DoNothingAction();
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.rules;
+
+import java.util.regex.Pattern;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.owasp.esapi.waf.actions.Action;
+import org.owasp.esapi.waf.actions.DefaultAction;
+import org.owasp.esapi.waf.actions.DoNothingAction;
+import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
+
+/**
+ * This is the Rule subclass executed for &lt;restrict-extension&gt; rules.
+ * @author Arshan Dabirsiaghi
+ *
+ */
+public class PathExtensionRule extends Rule {
+
+	private Pattern allow;
+	private Pattern deny;
+
+	public PathExtensionRule (String id, Pattern allow, Pattern deny) {
+		this.allow = allow;
+		this.deny = deny;
+		setId(id);
+	}
+
+	public Action check(HttpServletRequest request,
+			InterceptingHTTPServletResponse response, 
+			HttpServletResponse httpResponse) {
+
+		if ( allow != null && allow.matcher(request.getRequestURI()).matches() ) {
+			return new DoNothingAction();
+		} else if ( deny != null && deny.matcher(request.getRequestURI()).matches() ) {
+
+			log(request, "Disallowed extension pattern '" + deny.pattern() + "' found on URI '" + request.getRequestURI() + "'");
+
+			return new DefaultAction();
+		}
+
+		return new DoNothingAction();
+	}
+
+}

From 79173f9ad8effe0a1645fc1236338c2b0152b061 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:51 -0500
Subject: [PATCH 211/812] Change CRLF to LF for issue 356.

---
 .../esapi/waf/rules/ReplaceContentRule.java   | 226 +++++++++---------
 1 file changed, 113 insertions(+), 113 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/waf/rules/ReplaceContentRule.java b/src/main/java/org/owasp/esapi/waf/rules/ReplaceContentRule.java
index f8c996a6c..fd308ccac 100644
--- a/src/main/java/org/owasp/esapi/waf/rules/ReplaceContentRule.java
+++ b/src/main/java/org/owasp/esapi/waf/rules/ReplaceContentRule.java
@@ -1,113 +1,113 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.rules;
-
-import java.io.IOException;
-import java.io.UnsupportedEncodingException;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.owasp.esapi.Logger;
-import org.owasp.esapi.waf.actions.Action;
-import org.owasp.esapi.waf.actions.DoNothingAction;
-import org.owasp.esapi.waf.configuration.AppGuardianConfiguration;
-import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
-
-/**
- * This is the Rule subclass executed for &lt;dynamic-insertion&gt; rules.
- * @author Arshan Dabirsiaghi
- *
- */
-public class ReplaceContentRule extends Rule {
-
-	private Pattern pattern;
-	private String replacement;
-	private Pattern contentType;
-	private Pattern path;
-	
-	public ReplaceContentRule(String id, Pattern pattern, String replacement, Pattern contentType, Pattern path) {
-		this.pattern = pattern;
-		this.replacement = replacement;
-		this.path = path;
-		this.contentType = contentType;
-		setId(id);
-	}
-
-	/*
-	 * Use regular expressions with capturing parentheses to perform replacement.
-	 */
-
-	public Action check(HttpServletRequest request,
-			InterceptingHTTPServletResponse response, 
-			HttpServletResponse httpResponse) {
-
-		/*
-		 * First early fail: if the URI doesn't match the paths we're interested in.
-		 */
-		String uri = request.getRequestURI();
-		if ( path != null && ! path.matcher(uri).matches() ) {
-			return new DoNothingAction();
-		}
-		
-		/*
-		 * Second early fail: if the content type is one we'd like to search for output patterns.
-		 */
-
-		if ( contentType != null ) {
-			if ( response.getContentType() != null && ! contentType.matcher(response.getContentType()).matches() ) {
-				return new DoNothingAction();
-			}
-		}
-
-		byte[] bytes = null;
-
-		try {
-			bytes = response.getInterceptingServletOutputStream().getResponseBytes();
-		} catch (IOException ioe) {
-			log(request,"Error matching pattern '" + pattern.pattern() + "', IOException encountered (possibly too large?): " + ioe.getMessage() + " (in response to URL: '" + request.getRequestURL() + "')");
-			return new DoNothingAction(); // yes this is a fail open!
-		}
-
-		
-		try {
-
-			String s = new String(bytes,response.getCharacterEncoding());
-
-			Matcher m = pattern.matcher(s);
-			String canary = m.replaceAll(replacement);
-			
-			try {
-				
-				if ( ! s.equals(canary) ) {
-					response.getInterceptingServletOutputStream().setResponseBytes(canary.getBytes(response.getCharacterEncoding()));
-					logger.debug(Logger.SECURITY_SUCCESS, "Successfully replaced pattern '" + pattern.pattern() + "' on response to URL '" + request.getRequestURL() + "'");
-				}
-				
-			} catch (IOException ioe) {
-				logger.error(Logger.SECURITY_FAILURE, "Failed to replace pattern '" + pattern.pattern() + "' on response to URL '" + request.getRequestURL() + "' due to [" + ioe.getMessage() + "]");
-			}
-
-		} catch(UnsupportedEncodingException uee) {
-			logger.error(Logger.SECURITY_FAILURE, "Failed to replace pattern '" + pattern.pattern() + "' on response to URL '" + request.getRequestURL() + "' due to [" + uee.getMessage() + "]");
-		}
-
-		return new DoNothingAction();
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.rules;
+
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.waf.actions.Action;
+import org.owasp.esapi.waf.actions.DoNothingAction;
+import org.owasp.esapi.waf.configuration.AppGuardianConfiguration;
+import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
+
+/**
+ * This is the Rule subclass executed for &lt;dynamic-insertion&gt; rules.
+ * @author Arshan Dabirsiaghi
+ *
+ */
+public class ReplaceContentRule extends Rule {
+
+	private Pattern pattern;
+	private String replacement;
+	private Pattern contentType;
+	private Pattern path;
+	
+	public ReplaceContentRule(String id, Pattern pattern, String replacement, Pattern contentType, Pattern path) {
+		this.pattern = pattern;
+		this.replacement = replacement;
+		this.path = path;
+		this.contentType = contentType;
+		setId(id);
+	}
+
+	/*
+	 * Use regular expressions with capturing parentheses to perform replacement.
+	 */
+
+	public Action check(HttpServletRequest request,
+			InterceptingHTTPServletResponse response, 
+			HttpServletResponse httpResponse) {
+
+		/*
+		 * First early fail: if the URI doesn't match the paths we're interested in.
+		 */
+		String uri = request.getRequestURI();
+		if ( path != null && ! path.matcher(uri).matches() ) {
+			return new DoNothingAction();
+		}
+		
+		/*
+		 * Second early fail: if the content type is one we'd like to search for output patterns.
+		 */
+
+		if ( contentType != null ) {
+			if ( response.getContentType() != null && ! contentType.matcher(response.getContentType()).matches() ) {
+				return new DoNothingAction();
+			}
+		}
+
+		byte[] bytes = null;
+
+		try {
+			bytes = response.getInterceptingServletOutputStream().getResponseBytes();
+		} catch (IOException ioe) {
+			log(request,"Error matching pattern '" + pattern.pattern() + "', IOException encountered (possibly too large?): " + ioe.getMessage() + " (in response to URL: '" + request.getRequestURL() + "')");
+			return new DoNothingAction(); // yes this is a fail open!
+		}
+
+		
+		try {
+
+			String s = new String(bytes,response.getCharacterEncoding());
+
+			Matcher m = pattern.matcher(s);
+			String canary = m.replaceAll(replacement);
+			
+			try {
+				
+				if ( ! s.equals(canary) ) {
+					response.getInterceptingServletOutputStream().setResponseBytes(canary.getBytes(response.getCharacterEncoding()));
+					logger.debug(Logger.SECURITY_SUCCESS, "Successfully replaced pattern '" + pattern.pattern() + "' on response to URL '" + request.getRequestURL() + "'");
+				}
+				
+			} catch (IOException ioe) {
+				logger.error(Logger.SECURITY_FAILURE, "Failed to replace pattern '" + pattern.pattern() + "' on response to URL '" + request.getRequestURL() + "' due to [" + ioe.getMessage() + "]");
+			}
+
+		} catch(UnsupportedEncodingException uee) {
+			logger.error(Logger.SECURITY_FAILURE, "Failed to replace pattern '" + pattern.pattern() + "' on response to URL '" + request.getRequestURL() + "' due to [" + uee.getMessage() + "]");
+		}
+
+		return new DoNothingAction();
+	}
+
+}

From 06b6d9740cc86c1b5847d8fd4aefff0ee74128b7 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:51 -0500
Subject: [PATCH 212/812] Change CRLF to LF for issue 356.

---
 .../waf/rules/RestrictContentTypeRule.java    | 140 +++++++++---------
 1 file changed, 70 insertions(+), 70 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/waf/rules/RestrictContentTypeRule.java b/src/main/java/org/owasp/esapi/waf/rules/RestrictContentTypeRule.java
index d4544696b..298df3342 100644
--- a/src/main/java/org/owasp/esapi/waf/rules/RestrictContentTypeRule.java
+++ b/src/main/java/org/owasp/esapi/waf/rules/RestrictContentTypeRule.java
@@ -1,70 +1,70 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.rules;
-
-import java.util.regex.Pattern;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.owasp.esapi.waf.actions.Action;
-import org.owasp.esapi.waf.actions.DefaultAction;
-import org.owasp.esapi.waf.actions.DoNothingAction;
-import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
-
-/**
- * This is the Rule subclass executed for &lt;dynamic-insertion&gt; rules.
- * @author Arshan Dabirsiaghi
- *
- */
-public class RestrictContentTypeRule extends Rule {
-
-	private Pattern allow;
-	private Pattern deny;
-
-	public RestrictContentTypeRule(String id, Pattern allow, Pattern deny) {
-		this.allow = allow;
-		this.deny = deny;
-		setId(id);
-	}
-
-	public Action check(HttpServletRequest request,
-			InterceptingHTTPServletResponse response, 
-			HttpServletResponse httpResponse) {
-
-		/* can't check content type if it's not available */
-		if ( request.getContentType() == null ) {
-			return new DoNothingAction();
-		}
-
-		if ( allow != null ) {
-			if ( allow.matcher(request.getContentType()).matches() ) {
-				return new DoNothingAction();
-			}
-			log(request, "Disallowed content type based on allow pattern '" + allow.pattern() + "' found on URI '" + request.getRequestURI() + "' (value was '" + request.getContentType() +"')");
-		} else if ( deny != null ) {
-			if ( ! deny.matcher(request.getContentType()).matches() ) {
-				return new DoNothingAction();
-			}
-			log(request, "Disallowed content type based on deny pattern '" + deny.pattern() + "' found on URI '" + request.getRequestURI() + "' (value was '" + request.getContentType() + ")'");
-		}
-
-
-		return new DefaultAction();
-
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.rules;
+
+import java.util.regex.Pattern;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.owasp.esapi.waf.actions.Action;
+import org.owasp.esapi.waf.actions.DefaultAction;
+import org.owasp.esapi.waf.actions.DoNothingAction;
+import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
+
+/**
+ * This is the Rule subclass executed for &lt;dynamic-insertion&gt; rules.
+ * @author Arshan Dabirsiaghi
+ *
+ */
+public class RestrictContentTypeRule extends Rule {
+
+	private Pattern allow;
+	private Pattern deny;
+
+	public RestrictContentTypeRule(String id, Pattern allow, Pattern deny) {
+		this.allow = allow;
+		this.deny = deny;
+		setId(id);
+	}
+
+	public Action check(HttpServletRequest request,
+			InterceptingHTTPServletResponse response, 
+			HttpServletResponse httpResponse) {
+
+		/* can't check content type if it's not available */
+		if ( request.getContentType() == null ) {
+			return new DoNothingAction();
+		}
+
+		if ( allow != null ) {
+			if ( allow.matcher(request.getContentType()).matches() ) {
+				return new DoNothingAction();
+			}
+			log(request, "Disallowed content type based on allow pattern '" + allow.pattern() + "' found on URI '" + request.getRequestURI() + "' (value was '" + request.getContentType() +"')");
+		} else if ( deny != null ) {
+			if ( ! deny.matcher(request.getContentType()).matches() ) {
+				return new DoNothingAction();
+			}
+			log(request, "Disallowed content type based on deny pattern '" + deny.pattern() + "' found on URI '" + request.getRequestURI() + "' (value was '" + request.getContentType() + ")'");
+		}
+
+
+		return new DefaultAction();
+
+	}
+
+}

From 2887f46750851899b92b3610f1ddc7e7e8f4b41f Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:51 -0500
Subject: [PATCH 213/812] Change CRLF to LF for issue 356.

---
 .../waf/rules/RestrictUserAgentRule.java      | 160 +++++++++---------
 1 file changed, 80 insertions(+), 80 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/waf/rules/RestrictUserAgentRule.java b/src/main/java/org/owasp/esapi/waf/rules/RestrictUserAgentRule.java
index 33dfc17aa..55988530b 100644
--- a/src/main/java/org/owasp/esapi/waf/rules/RestrictUserAgentRule.java
+++ b/src/main/java/org/owasp/esapi/waf/rules/RestrictUserAgentRule.java
@@ -1,80 +1,80 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.rules;
-
-import java.util.regex.Pattern;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.owasp.esapi.waf.actions.Action;
-import org.owasp.esapi.waf.actions.BlockAction;
-import org.owasp.esapi.waf.actions.DefaultAction;
-import org.owasp.esapi.waf.actions.DoNothingAction;
-import org.owasp.esapi.waf.configuration.AppGuardianConfiguration;
-import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
-
-/**
- * This is the Rule subclass executed for &lt;restrict-user-agent&gt; rules.
- * @author Arshan Dabirsiaghi
- *
- */
-public class RestrictUserAgentRule extends Rule {
-
-	private static final String USER_AGENT_HEADER = "User-Agent";
-
-	private Pattern allow;
-	private Pattern deny;
-
-	public RestrictUserAgentRule(String id, Pattern allow, Pattern deny) {
-		this.allow = allow;
-		this.deny = deny;
-		setId(id);
-	}
-
-	public Action check(HttpServletRequest request, InterceptingHTTPServletResponse response, HttpServletResponse httpResponse) {
-		
-		String userAgent = request.getHeader( USER_AGENT_HEADER );
-		
-		if ( userAgent == null ) userAgent="";
-		
-		if ( allow != null ) {
-			if ( allow.matcher(userAgent).matches() ) {
-				return new DoNothingAction();
-			}
-		} else if ( deny != null ) {
-			if ( ! deny.matcher(userAgent).matches() ) {
-				return new DoNothingAction();
-			}
-		}
-
-		log(request, "Disallowed user agent pattern '" + deny.pattern() + "' found in user agent '" + request.getHeader(USER_AGENT_HEADER) + "'");
-	
-		/*
-		 * If we don't force this to "block", the user will be in an infinite loop, possibly
-		 * eating our bandwidth, and in the case of a dread false positive, really piss them
-		 * off.
-		 * 
-		 * Better to just reject.
-		 */
-		if ( AppGuardianConfiguration.DEFAULT_FAIL_ACTION == AppGuardianConfiguration.REDIRECT ) {
-			return new BlockAction();
-		}
-
-		return new DefaultAction();
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.rules;
+
+import java.util.regex.Pattern;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.owasp.esapi.waf.actions.Action;
+import org.owasp.esapi.waf.actions.BlockAction;
+import org.owasp.esapi.waf.actions.DefaultAction;
+import org.owasp.esapi.waf.actions.DoNothingAction;
+import org.owasp.esapi.waf.configuration.AppGuardianConfiguration;
+import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
+
+/**
+ * This is the Rule subclass executed for &lt;restrict-user-agent&gt; rules.
+ * @author Arshan Dabirsiaghi
+ *
+ */
+public class RestrictUserAgentRule extends Rule {
+
+	private static final String USER_AGENT_HEADER = "User-Agent";
+
+	private Pattern allow;
+	private Pattern deny;
+
+	public RestrictUserAgentRule(String id, Pattern allow, Pattern deny) {
+		this.allow = allow;
+		this.deny = deny;
+		setId(id);
+	}
+
+	public Action check(HttpServletRequest request, InterceptingHTTPServletResponse response, HttpServletResponse httpResponse) {
+		
+		String userAgent = request.getHeader( USER_AGENT_HEADER );
+		
+		if ( userAgent == null ) userAgent="";
+		
+		if ( allow != null ) {
+			if ( allow.matcher(userAgent).matches() ) {
+				return new DoNothingAction();
+			}
+		} else if ( deny != null ) {
+			if ( ! deny.matcher(userAgent).matches() ) {
+				return new DoNothingAction();
+			}
+		}
+
+		log(request, "Disallowed user agent pattern '" + deny.pattern() + "' found in user agent '" + request.getHeader(USER_AGENT_HEADER) + "'");
+	
+		/*
+		 * If we don't force this to "block", the user will be in an infinite loop, possibly
+		 * eating our bandwidth, and in the case of a dread false positive, really piss them
+		 * off.
+		 * 
+		 * Better to just reject.
+		 */
+		if ( AppGuardianConfiguration.DEFAULT_FAIL_ACTION == AppGuardianConfiguration.REDIRECT ) {
+			return new BlockAction();
+		}
+
+		return new DefaultAction();
+	}
+
+}

From 6022f23f5638a0e4fc40013aead82053a3f12e1c Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:51 -0500
Subject: [PATCH 214/812] Change CRLF to LF for issue 356.

---
 .../java/org/owasp/esapi/waf/rules/Rule.java  | 110 +++++++++---------
 1 file changed, 55 insertions(+), 55 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/waf/rules/Rule.java b/src/main/java/org/owasp/esapi/waf/rules/Rule.java
index fe57c494e..c4773a514 100644
--- a/src/main/java/org/owasp/esapi/waf/rules/Rule.java
+++ b/src/main/java/org/owasp/esapi/waf/rules/Rule.java
@@ -1,55 +1,55 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.rules;
-
-import javax.servlet.http.HttpServletRequest;
-
-import javax.servlet.http.HttpServletResponse;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.Logger;
-import org.owasp.esapi.waf.actions.Action;
-import org.owasp.esapi.waf.configuration.AppGuardianConfiguration;
-import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
-
-/**
- * This is the base class for the WAF rules.
- * @author Arshan Dabirsiaghi
- *
- */
-public abstract class Rule {
-
-	protected String id = "(no rule ID)";
-	protected static Logger logger = ESAPI.getLogger(Rule.class);
-
-	public abstract Action check( HttpServletRequest request, InterceptingHTTPServletResponse response, HttpServletResponse httpResponse );
-
-	public void log( HttpServletRequest request, String message ) {
-		logger.warning(Logger.SECURITY_FAILURE,"[IP=" + request.getRemoteAddr() +
-				",Rule=" + this.getClass().getSimpleName() + ",ID="+id+"] " + message);
-	}
-
-	protected void setId(String id) {
-		if ( id == null || "".equals(id) )
-			return;
-
-		this.id = id;
-	}
-
-	public String toString() {
-		return "Rule:" + this.getClass().getName();
-	}
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.rules;
+
+import javax.servlet.http.HttpServletRequest;
+
+import javax.servlet.http.HttpServletResponse;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.waf.actions.Action;
+import org.owasp.esapi.waf.configuration.AppGuardianConfiguration;
+import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
+
+/**
+ * This is the base class for the WAF rules.
+ * @author Arshan Dabirsiaghi
+ *
+ */
+public abstract class Rule {
+
+	protected String id = "(no rule ID)";
+	protected static Logger logger = ESAPI.getLogger(Rule.class);
+
+	public abstract Action check( HttpServletRequest request, InterceptingHTTPServletResponse response, HttpServletResponse httpResponse );
+
+	public void log( HttpServletRequest request, String message ) {
+		logger.warning(Logger.SECURITY_FAILURE,"[IP=" + request.getRemoteAddr() +
+				",Rule=" + this.getClass().getSimpleName() + ",ID="+id+"] " + message);
+	}
+
+	protected void setId(String id) {
+		if ( id == null || "".equals(id) )
+			return;
+
+		this.id = id;
+	}
+
+	public String toString() {
+		return "Rule:" + this.getClass().getName();
+	}
+}

From 7ca90991767c3633d2b8bc023ed50ac41ee532c1 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:51 -0500
Subject: [PATCH 215/812] Change CRLF to LF for issue 356.

---
 .../org/owasp/esapi/waf/rules/RuleUtil.java   | 302 +++++++++---------
 1 file changed, 151 insertions(+), 151 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/waf/rules/RuleUtil.java b/src/main/java/org/owasp/esapi/waf/rules/RuleUtil.java
index e2a216707..3213d1275 100644
--- a/src/main/java/org/owasp/esapi/waf/rules/RuleUtil.java
+++ b/src/main/java/org/owasp/esapi/waf/rules/RuleUtil.java
@@ -1,151 +1,151 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.rules;
-
-import java.util.Collection;
-import java.util.Enumeration;
-import java.util.Iterator;
-import java.util.Map;
-
-import org.owasp.esapi.waf.configuration.AppGuardianConfiguration;
-
-/**
- * This is a small utility class for use by Rule subclasses.
- * @author Arshan Dabirsiaghi
- *
- */
-public class RuleUtil {
-
-	public static boolean isInList(Map m, String s) {
-
-		Iterator it = m.keySet().iterator();
-
-		while( it.hasNext() ) {
-			String key = (String)it.next();
-			if ( key.equals(s) ) {
-				return true;
-			}
-		}
-
-		return false;
-	}
-
-	public static boolean isInList(Collection c, String s) {
-
-		Iterator it = c.iterator();
-
-		while(it.hasNext()) {
-
-			Object o = it.next();
-
-			if ( o instanceof String ) {
-
-				if ( s.equals((String)o)) {
-					return true;
-				}
-
-			} else if ( o instanceof Integer ) {
-
-				try {
-					if ( Integer.parseInt(s) == ((Integer)o).intValue() ) {
-						return true;
-					}
-				} catch (Exception e) {}
-
-			} else if ( o instanceof Long ) {
-
-				try {
-					if ( Long.parseLong(s) == ((Long)o).longValue() ) {
-						return true;
-					}
-				} catch (Exception e) {}
-
-			} else if ( o instanceof Double ) {
-
-				try {
-					if ( Double.compare(Double.parseDouble(s), ((Double)o).doubleValue()) ==  0 ) {
-						return true;
-					}
-				} catch (Exception e) {}
-			}
-
-		}
-
-		return false;
-	}
-
-	/*
-	 * Enumeration
-	 */
-	public static boolean isInList(Enumeration en, String s) {
-
-		for(; en.hasMoreElements();) {
-
-			Object o = en.nextElement();
-
-			if ( o instanceof String ) {
-
-				if ( s.equals((String)o)) {
-					return true;
-				}
-
-			} else if ( o instanceof Integer ) {
-
-				try {
-					if ( Integer.parseInt(s) == ((Integer)o).intValue() ) {
-						return true;
-					}
-				} catch (Exception e) {}
-
-			} else if ( o instanceof Long ) {
-
-				try {
-					if ( Long.parseLong(s) == ((Long)o).longValue() ) {
-						return true;
-					}
-				} catch (Exception e) {}
-
-			} else if ( o instanceof Double ) {
-
-				try {
-					if ( Double.compare(Double.parseDouble(s), ((Double)o).doubleValue()) ==  0 ) {
-						return true;
-					}
-				} catch (Exception e) {}
-			}
-
-		}
-
-		return false;
-	}
-
-	public static boolean testValue(String s, String test, int operator) {
-
-		switch(operator) {
-			case AppGuardianConfiguration.OPERATOR_EQ:
-
-				return test.equals(s);
-
-			case AppGuardianConfiguration.OPERATOR_CONTAINS:
-
-				return test.contains(s);
-
-		}
-
-		return false;
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.rules;
+
+import java.util.Collection;
+import java.util.Enumeration;
+import java.util.Iterator;
+import java.util.Map;
+
+import org.owasp.esapi.waf.configuration.AppGuardianConfiguration;
+
+/**
+ * This is a small utility class for use by Rule subclasses.
+ * @author Arshan Dabirsiaghi
+ *
+ */
+public class RuleUtil {
+
+	public static boolean isInList(Map m, String s) {
+
+		Iterator it = m.keySet().iterator();
+
+		while( it.hasNext() ) {
+			String key = (String)it.next();
+			if ( key.equals(s) ) {
+				return true;
+			}
+		}
+
+		return false;
+	}
+
+	public static boolean isInList(Collection c, String s) {
+
+		Iterator it = c.iterator();
+
+		while(it.hasNext()) {
+
+			Object o = it.next();
+
+			if ( o instanceof String ) {
+
+				if ( s.equals((String)o)) {
+					return true;
+				}
+
+			} else if ( o instanceof Integer ) {
+
+				try {
+					if ( Integer.parseInt(s) == ((Integer)o).intValue() ) {
+						return true;
+					}
+				} catch (Exception e) {}
+
+			} else if ( o instanceof Long ) {
+
+				try {
+					if ( Long.parseLong(s) == ((Long)o).longValue() ) {
+						return true;
+					}
+				} catch (Exception e) {}
+
+			} else if ( o instanceof Double ) {
+
+				try {
+					if ( Double.compare(Double.parseDouble(s), ((Double)o).doubleValue()) ==  0 ) {
+						return true;
+					}
+				} catch (Exception e) {}
+			}
+
+		}
+
+		return false;
+	}
+
+	/*
+	 * Enumeration
+	 */
+	public static boolean isInList(Enumeration en, String s) {
+
+		for(; en.hasMoreElements();) {
+
+			Object o = en.nextElement();
+
+			if ( o instanceof String ) {
+
+				if ( s.equals((String)o)) {
+					return true;
+				}
+
+			} else if ( o instanceof Integer ) {
+
+				try {
+					if ( Integer.parseInt(s) == ((Integer)o).intValue() ) {
+						return true;
+					}
+				} catch (Exception e) {}
+
+			} else if ( o instanceof Long ) {
+
+				try {
+					if ( Long.parseLong(s) == ((Long)o).longValue() ) {
+						return true;
+					}
+				} catch (Exception e) {}
+
+			} else if ( o instanceof Double ) {
+
+				try {
+					if ( Double.compare(Double.parseDouble(s), ((Double)o).doubleValue()) ==  0 ) {
+						return true;
+					}
+				} catch (Exception e) {}
+			}
+
+		}
+
+		return false;
+	}
+
+	public static boolean testValue(String s, String test, int operator) {
+
+		switch(operator) {
+			case AppGuardianConfiguration.OPERATOR_EQ:
+
+				return test.equals(s);
+
+			case AppGuardianConfiguration.OPERATOR_CONTAINS:
+
+				return test.contains(s);
+
+		}
+
+		return false;
+	}
+
+}

From 1c8b43526f5770da35085ce915b4a5fd5444d315 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:51 -0500
Subject: [PATCH 216/812] Change CRLF to LF for issue 356.

---
 .../waf/rules/SimpleVirtualPatchRule.java     | 278 +++++++++---------
 1 file changed, 139 insertions(+), 139 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/waf/rules/SimpleVirtualPatchRule.java b/src/main/java/org/owasp/esapi/waf/rules/SimpleVirtualPatchRule.java
index f7886cf3a..b4834fe28 100644
--- a/src/main/java/org/owasp/esapi/waf/rules/SimpleVirtualPatchRule.java
+++ b/src/main/java/org/owasp/esapi/waf/rules/SimpleVirtualPatchRule.java
@@ -1,139 +1,139 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf.rules;
-
-import java.util.Enumeration;
-import java.util.regex.Pattern;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.owasp.esapi.waf.actions.Action;
-import org.owasp.esapi.waf.actions.DefaultAction;
-import org.owasp.esapi.waf.actions.DoNothingAction;
-import org.owasp.esapi.waf.internal.InterceptingHTTPServletRequest;
-import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
-
-/**
- * This is the Rule subclass executed for &lt;virtual-patch&gt; rules.
- * @author Arshan Dabirsiaghi
- *
- */
-public class SimpleVirtualPatchRule extends Rule {
-
-	private static final String REQUEST_PARAMETERS = "request.parameters.";
-	private static final String REQUEST_HEADERS = "request.headers.";
-
-	private Pattern path;
-	private String variable;
-	private Pattern valid;
-	private String message;
-
-	public SimpleVirtualPatchRule(String id, Pattern path, String variable, Pattern valid, String message) {
-		setId(id);
-		this.path = path;
-		this.variable = variable;
-		this.valid = valid;
-		this.message = message;
-	}
-
-	public Action check(HttpServletRequest req,
-			InterceptingHTTPServletResponse response, 
-			HttpServletResponse httpResponse) {
-
-		InterceptingHTTPServletRequest request = (InterceptingHTTPServletRequest)req;
-
-		String uri = request.getRequestURI();
-		if ( ! path.matcher(uri).matches() ) {
-
-			return new DoNothingAction();
-
-		} else {
-
-			/*
-			 * Decide which parameters/headers to act on.
-			 */
-			String target = null;
-			Enumeration en = null;
-			boolean parameter = true;
-
-			if ( variable.startsWith(REQUEST_PARAMETERS)) {
-
-				target = variable.substring(REQUEST_PARAMETERS.length());
-				en = request.getParameterNames();
-
-			} else if ( variable.startsWith(REQUEST_HEADERS) ) {
-
-				parameter = false;
-				target = variable.substring(REQUEST_HEADERS.length());
-				en = request.getHeaderNames();
-
-			} else {
-				log(request, "Patch failed (improperly configured variable '" + variable + "')");
-				return new DefaultAction();
-			}
-
-			/*
-			 * If it contains a regex character, it's a regex. Loop through elements and grab any matches.
-			 */
-			if ( target.contains("*") || target.contains("?") ) {
-
-				target = target.replaceAll("\\*", ".*");
-				Pattern p = Pattern.compile(target);
-				while (en.hasMoreElements() ) {
-					String s = (String)en.nextElement();
-					String value = null;
-					if ( p.matcher(s).matches() ) {
-						if ( parameter ) {
-							value = request.getDictionaryParameter(s);
-						} else {
-							value = request.getHeader(s);
-						}
-						if ( value != null && ! valid.matcher(value).matches() ) {
-							log(request, "Virtual patch tripped on variable '" + variable + "' (specifically '" + s + "'). User input was '" + value + "' and legal pattern was '" + valid.pattern() + "': " + message);
-							return new DefaultAction();
-						}
-					}
-				}
-				
-				return new DoNothingAction();
-
-			} else {
-
-				if ( parameter ) {
-					String value = request.getDictionaryParameter(target);
-					if ( value == null || valid.matcher(value).matches() ) {
-						return new DoNothingAction();
-					} else {
-						log(request, "Virtual patch tripped on parameter '" + target + "'. User input was '" + value + "' and legal pattern was '" + valid.pattern() + "': " + message);
-						return new DefaultAction();
-					}
-				} else {
-					String value = request.getHeader(target);
-					if ( value == null || valid.matcher(value).matches() ) {
-						return new DoNothingAction();
-					} else {
-						log(request, "Virtual patch tripped on header '" + target + "'. User input was '" + value + "' and legal pattern was '" + valid.pattern() + "': " + message);
-						return new DefaultAction();
-					}
-				}
-			}
-
-		}
-
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf.rules;
+
+import java.util.Enumeration;
+import java.util.regex.Pattern;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.owasp.esapi.waf.actions.Action;
+import org.owasp.esapi.waf.actions.DefaultAction;
+import org.owasp.esapi.waf.actions.DoNothingAction;
+import org.owasp.esapi.waf.internal.InterceptingHTTPServletRequest;
+import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
+
+/**
+ * This is the Rule subclass executed for &lt;virtual-patch&gt; rules.
+ * @author Arshan Dabirsiaghi
+ *
+ */
+public class SimpleVirtualPatchRule extends Rule {
+
+	private static final String REQUEST_PARAMETERS = "request.parameters.";
+	private static final String REQUEST_HEADERS = "request.headers.";
+
+	private Pattern path;
+	private String variable;
+	private Pattern valid;
+	private String message;
+
+	public SimpleVirtualPatchRule(String id, Pattern path, String variable, Pattern valid, String message) {
+		setId(id);
+		this.path = path;
+		this.variable = variable;
+		this.valid = valid;
+		this.message = message;
+	}
+
+	public Action check(HttpServletRequest req,
+			InterceptingHTTPServletResponse response, 
+			HttpServletResponse httpResponse) {
+
+		InterceptingHTTPServletRequest request = (InterceptingHTTPServletRequest)req;
+
+		String uri = request.getRequestURI();
+		if ( ! path.matcher(uri).matches() ) {
+
+			return new DoNothingAction();
+
+		} else {
+
+			/*
+			 * Decide which parameters/headers to act on.
+			 */
+			String target = null;
+			Enumeration en = null;
+			boolean parameter = true;
+
+			if ( variable.startsWith(REQUEST_PARAMETERS)) {
+
+				target = variable.substring(REQUEST_PARAMETERS.length());
+				en = request.getParameterNames();
+
+			} else if ( variable.startsWith(REQUEST_HEADERS) ) {
+
+				parameter = false;
+				target = variable.substring(REQUEST_HEADERS.length());
+				en = request.getHeaderNames();
+
+			} else {
+				log(request, "Patch failed (improperly configured variable '" + variable + "')");
+				return new DefaultAction();
+			}
+
+			/*
+			 * If it contains a regex character, it's a regex. Loop through elements and grab any matches.
+			 */
+			if ( target.contains("*") || target.contains("?") ) {
+
+				target = target.replaceAll("\\*", ".*");
+				Pattern p = Pattern.compile(target);
+				while (en.hasMoreElements() ) {
+					String s = (String)en.nextElement();
+					String value = null;
+					if ( p.matcher(s).matches() ) {
+						if ( parameter ) {
+							value = request.getDictionaryParameter(s);
+						} else {
+							value = request.getHeader(s);
+						}
+						if ( value != null && ! valid.matcher(value).matches() ) {
+							log(request, "Virtual patch tripped on variable '" + variable + "' (specifically '" + s + "'). User input was '" + value + "' and legal pattern was '" + valid.pattern() + "': " + message);
+							return new DefaultAction();
+						}
+					}
+				}
+				
+				return new DoNothingAction();
+
+			} else {
+
+				if ( parameter ) {
+					String value = request.getDictionaryParameter(target);
+					if ( value == null || valid.matcher(value).matches() ) {
+						return new DoNothingAction();
+					} else {
+						log(request, "Virtual patch tripped on parameter '" + target + "'. User input was '" + value + "' and legal pattern was '" + valid.pattern() + "': " + message);
+						return new DefaultAction();
+					}
+				} else {
+					String value = request.getHeader(target);
+					if ( value == null || valid.matcher(value).matches() ) {
+						return new DoNothingAction();
+					} else {
+						log(request, "Virtual patch tripped on header '" + target + "'. User input was '" + value + "' and legal pattern was '" + valid.pattern() + "': " + message);
+						return new DefaultAction();
+					}
+				}
+			}
+
+		}
+
+	}
+
+}

From 83bbe2a316664ed3abfb37d56abd032b711f2767 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:51 -0500
Subject: [PATCH 217/812] Change CRLF to LF for issue 356.

---
 .../org/owasp/esapi/codecs/CodecTest.java     | 1248 ++++++++---------
 1 file changed, 624 insertions(+), 624 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/codecs/CodecTest.java b/src/test/java/org/owasp/esapi/codecs/CodecTest.java
index 9aaa760b8..8a7a225ba 100644
--- a/src/test/java/org/owasp/esapi/codecs/CodecTest.java
+++ b/src/test/java/org/owasp/esapi/codecs/CodecTest.java
@@ -1,624 +1,624 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.codecs;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-
-
-
-/**
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- */
-public class CodecTest extends TestCase {
-
-    private static final char[] EMPTY_CHAR_ARRAY = new char[0];
-    private static final Character LESS_THAN = Character.valueOf('<');
-    private static final Character SINGLE_QUOTE = Character.valueOf('\'');
-    private HTMLEntityCodec htmlCodec = new HTMLEntityCodec();
-    private PercentCodec percentCodec = new PercentCodec();
-    private JavaScriptCodec javaScriptCodec = new JavaScriptCodec();
-    private VBScriptCodec vbScriptCodec = new VBScriptCodec();
-    private CSSCodec cssCodec = new CSSCodec();
-    private MySQLCodec mySQLCodecANSI = new MySQLCodec( MySQLCodec.ANSI_MODE );
-    private MySQLCodec mySQLCodecStandard = new MySQLCodec( MySQLCodec.MYSQL_MODE );
-    private OracleCodec oracleCodec = new OracleCodec();
-    private UnixCodec unixCodec = new UnixCodec();
-    private WindowsCodec windowsCodec = new WindowsCodec();
-
-    /**
-     * Instantiates a new access reference map test.
-     * 
-     * @param testName
-     *            the test name
-     */
-    public CodecTest(String testName) {
-        super(testName);
-    }
-
-    /**
-     * {@inheritDoc}
-     * @throws Exception
-     */
-    protected void setUp() throws Exception {
-        // none
-    }
-
-    /**
-     * {@inheritDoc}
-     * @throws Exception
-     */
-    protected void tearDown() throws Exception {
-        // none
-    }
-
-    /**
-     * Suite.
-     * 
-     * @return the test
-     */
-    public static Test suite() {
-        TestSuite suite = new TestSuite(CodecTest.class);
-        return suite;
-    }
-
-	public void testHtmlEncode()
-	{
-        	assertEquals( "test", htmlCodec.encode( EMPTY_CHAR_ARRAY, "test") );
-	}
-
-	public void testPercentEncode()
-	{
-        	assertEquals( "%3C", percentCodec.encode(EMPTY_CHAR_ARRAY, "<") );
-	}
-
-
-	public void testJavaScriptEncode()
-	{
-        	assertEquals( "\\x3C", javaScriptCodec.encode(EMPTY_CHAR_ARRAY, "<") );
-	}
-
-	public void testVBScriptEncode()
-	{
-        	assertEquals( "chrw(60)", vbScriptCodec.encode(EMPTY_CHAR_ARRAY, "<") );
-	}
-
-	public void testCSSEncode()
-	{
-        	assertEquals( "\\3c ", cssCodec.encode(EMPTY_CHAR_ARRAY, "<") );
-	}
-
-	public void testCSSInvalidCodepointDecode()
-	{
-		assertEquals("\uFFFDg", cssCodec.decode("\\abcdefg") );
-	}
-
-	public void testMySQLANSCIEncode()
-	{
-        	assertEquals( "\'\'", mySQLCodecANSI.encode(EMPTY_CHAR_ARRAY, "\'") );
-	}
-
-	public void testMySQLStandardEncode()
-	{
-        	assertEquals( "\\<", mySQLCodecStandard.encode(EMPTY_CHAR_ARRAY, "<") );
-	}
-
-	public void testOracleEncode()
-	{
-        	assertEquals( "\'\'", oracleCodec.encode(EMPTY_CHAR_ARRAY, "\'") );
-	}
-
-	public void testUnixEncode()
-	{
-        	assertEquals( "\\<", unixCodec.encode(EMPTY_CHAR_ARRAY, "<") );
-	}
-
-	public void testWindowsEncode()
-	{
-        	assertEquals( "^<", windowsCodec.encode(EMPTY_CHAR_ARRAY, "<") );
-	}
-
-	
-	public void testHtmlEncodeChar()
-	{
-        	assertEquals( "&lt;", htmlCodec.encodeCharacter(EMPTY_CHAR_ARRAY, LESS_THAN) );
-	}
-
-	public void testHtmlEncodeChar0x100()
-	{
-		char in = 0x100;
-		String inStr = Character.toString(in);
-		String expected = "&#x100;";
-		String result;
-
-        	result = htmlCodec.encodeCharacter(EMPTY_CHAR_ARRAY, in);
-		// this should be escaped
-        	assertFalse(inStr.equals(result));
-		// UTF-8 encoded and then percent escaped
-        	assertEquals(expected, result);
-	}
-
-	public void testHtmlEncodeStr0x100()
-	{
-		char in = 0x100;
-		String inStr = Character.toString(in);
-		String expected = "&#x100;";
-		String result;
-
-        	result = htmlCodec.encode(EMPTY_CHAR_ARRAY, inStr);
-		// this should be escaped
-        	assertFalse(inStr.equals(result));
-		// UTF-8 encoded and then percent escaped
-        	assertEquals(expected, result);
-	}
-
-	public void testPercentEncodeChar()
-	{
-        	assertEquals( "%3C", percentCodec.encodeCharacter(EMPTY_CHAR_ARRAY, LESS_THAN) );
-	}
-
-	public void testPercentEncodeChar0x100()
-	{
-		char in = 0x100;
-		String inStr = Character.toString(in);
-		String expected = "%C4%80";
-		String result;
-
-        	result = percentCodec.encodeCharacter(EMPTY_CHAR_ARRAY, in);
-		// this should be escaped
-        	assertFalse(inStr.equals(result));
-		// UTF-8 encoded and then percent escaped
-        	assertEquals(expected, result);
-	}
-
-	public void testPercentEncodeStr0x100()
-	{
-		char in = 0x100;
-		String inStr = Character.toString(in);
-		String expected = "%C4%80";
-		String result;
-
-        	result = percentCodec.encode(EMPTY_CHAR_ARRAY, inStr);
-		// this should be escaped
-        	assertFalse(inStr.equals(result));
-		// UTF-8 encoded and then percent escaped
-        	assertEquals(expected, result);
-	}
-
-	public void testJavaScriptEncodeChar()
-	{
-        	assertEquals( "\\x3C", javaScriptCodec.encodeCharacter(EMPTY_CHAR_ARRAY, LESS_THAN) );
-	}
-
-	public void testJavaScriptEncodeChar0x100()
-	{
-		char in = 0x100;
-		String inStr = Character.toString(in);
-		String expected = "\\u0100";
-		String result;
-
-        	result = javaScriptCodec.encodeCharacter(EMPTY_CHAR_ARRAY, in);
-		// this should be escaped
-        	assertFalse(inStr.equals(result));
-        	assertEquals(expected,result);
-	}
-
-	public void testJavaScriptEncodeStr0x100()
-	{
-		char in = 0x100;
-		String inStr = Character.toString(in);
-		String expected = "\\u0100";
-		String result;
-
-        	result = javaScriptCodec.encode(EMPTY_CHAR_ARRAY, inStr);
-		// this should be escaped
-        	assertFalse(inStr.equals(result));
-        	assertEquals(expected,result);
-	}
-        
-	public void testVBScriptEncodeChar()
-	{
-        	assertEquals( "chrw(60)", vbScriptCodec.encodeCharacter(EMPTY_CHAR_ARRAY, LESS_THAN) );
-	}
-
-	public void testVBScriptEncodeChar0x100()
-	{
-		char in = 0x100;
-		String inStr = Character.toString(in);
-		// FIXME I don't know vb...
-		// String expected = "\\u0100";
-		String result;
-
-        	result = vbScriptCodec.encodeCharacter(EMPTY_CHAR_ARRAY, in);
-		// this should be escaped
-        	assertFalse(inStr.equals(result));
-        	//assertEquals(expected,result);
-	}
-
-	public void testVBScriptEncodeStr0x100()
-	{
-		char in = 0x100;
-		String inStr = Character.toString(in);
-		// FIXME I don't know vb...
-		// String expected = "chrw(0x100)";
-		String result;
-
-        	result = vbScriptCodec.encode(EMPTY_CHAR_ARRAY, inStr);
-		// this should be escaped
-        	assertFalse(inStr.equals(result));
-        	// assertEquals(expected,result);
-	}
-
-	public void testCSSEncodeChar()
-	{
-        	assertEquals( "\\3c ", cssCodec.encodeCharacter(EMPTY_CHAR_ARRAY, LESS_THAN) );
-	}
-
-	public void testCSSEncodeChar0x100()
-	{
-		char in = 0x100;
-		String inStr = Character.toString(in);
-		String expected = "\\100 ";
-		String result;
-
-        	result = cssCodec.encodeCharacter(EMPTY_CHAR_ARRAY, in);
-		// this should be escaped
-        	assertFalse(inStr.equals(result));
-        	assertEquals(expected,result);
-	}
-
-	public void testCSSEncodeStr0x100()
-	{
-		char in = 0x100;
-		String inStr = Character.toString(in);
-		String expected = "\\100 ";
-		String result;
-
-        	result = cssCodec.encode(EMPTY_CHAR_ARRAY, inStr);
-		// this should be escaped
-        	assertFalse(inStr.equals(result));
-        	assertEquals(expected,result);
-	}
-
-	public void testMySQLANSIEncodeChar()
-	{
-        	assertEquals( "\'\'", mySQLCodecANSI.encodeCharacter(EMPTY_CHAR_ARRAY, SINGLE_QUOTE));
-	}
-
-	public void testMySQLStandardEncodeChar0x100()
-	{
-		char in = 0x100;
-		String inStr = Character.toString(in);
-		String expected = "\\" + in;
-		String result;
-
-        	result = mySQLCodecStandard.encodeCharacter(EMPTY_CHAR_ARRAY, in);
-		// this should be escaped
-        	assertFalse(inStr.equals(result));
-        	assertEquals(expected,result);
-	}
-
-	public void testMySQLStandardEncodeStr0x100()
-	{
-		char in = 0x100;
-		String inStr = Character.toString(in);
-		String expected = "\\" + in;
-		String result;
-
-        	result = mySQLCodecStandard.encode(EMPTY_CHAR_ARRAY, inStr);
-		// this should be escaped
-        	assertFalse(inStr.equals(result));
-        	assertEquals(expected,result);
-	}
-
-	public void testMySQLStandardEncodeChar()
-	{
-        	assertEquals( "\\<", mySQLCodecStandard.encodeCharacter(EMPTY_CHAR_ARRAY, LESS_THAN) );
-	}
-
-	public void testOracleEncodeChar()
-	{
-        	assertEquals( "\'\'", oracleCodec.encodeCharacter(EMPTY_CHAR_ARRAY, SINGLE_QUOTE) );
-	}
-
-	public void testUnixEncodeChar()
-	{
-        	assertEquals( "\\<", unixCodec.encodeCharacter(EMPTY_CHAR_ARRAY, LESS_THAN) );
-	}
-
-	public void testUnixEncodeChar0x100()
-	{
-		char in = 0x100;
-		String inStr = Character.toString(in);
-		String expected = "\\" + in;
-		String result;
-
-        	result = unixCodec.encodeCharacter(EMPTY_CHAR_ARRAY, in);
-		// this should be escaped
-        	assertFalse(inStr.equals(result));
-        	assertEquals(expected,result);
-	}
-
-	public void testUnixEncodeStr0x100()
-	{
-		char in = 0x100;
-		String inStr = Character.toString(in);
-		String expected = "\\" + in;
-		String result;
-
-        	result = unixCodec.encode(EMPTY_CHAR_ARRAY, inStr);
-		// this should be escaped
-        	assertFalse(inStr.equals(result));
-        	assertEquals(expected,result);
-	}
-
-	public void testWindowsEncodeChar()
-	{
-        	assertEquals( "^<", windowsCodec.encodeCharacter(EMPTY_CHAR_ARRAY, LESS_THAN) );
-	}
-
-	public void testWindowsEncodeChar0x100()
-	{
-		char in = 0x100;
-		String inStr = Character.toString(in);
-		String expected = "^" + in;
-		String result;
-
-        	result = windowsCodec.encodeCharacter(EMPTY_CHAR_ARRAY, in);
-		// this should be escaped
-        	assertFalse(inStr.equals(result));
-        	assertEquals(expected,result);
-	}
-
-	public void testWindowsEncodeStr0x100()
-	{
-		char in = 0x100;
-		String inStr = Character.toString(in);
-		String expected = "^" + in;
-		String result;
-
-        	result = windowsCodec.encode(EMPTY_CHAR_ARRAY, inStr);
-		// this should be escaped
-        	assertFalse(inStr.equals(result));
-        	assertEquals(expected,result);
-	}
-	
-	public void testHtmlDecodeDecimalEntities()
-	{
-        	assertEquals( "test!", htmlCodec.decode("&#116;&#101;&#115;&#116;!") );
-	}
-
-	public void testHtmlDecodeHexEntitites()
-	{
-        	assertEquals( "test!", htmlCodec.decode("&#x74;&#x65;&#x73;&#x74;!") );
-	}
-
-	public void testHtmlDecodeInvalidAttribute()
-	{
-        	assertEquals( "&jeff;", htmlCodec.decode("&jeff;") );
-	}
-
-	public void testHtmlDecodeAmp()
-	{
-		assertEquals("&", htmlCodec.decode("&amp;"));
-		assertEquals("&X", htmlCodec.decode("&amp;X"));
-		assertEquals("&", htmlCodec.decode("&amp"));
-		assertEquals("&X", htmlCodec.decode("&ampX"));
-	}
-
-	public void testHtmlDecodeLt()
-	{
-		assertEquals("<", htmlCodec.decode("&lt;"));
-		assertEquals("<X", htmlCodec.decode("&lt;X"));
-		assertEquals("<", htmlCodec.decode("&lt"));
-		assertEquals("<X", htmlCodec.decode("&ltX"));
-	}
-
-	public void testHtmlDecodeSup1()
-	{
-		assertEquals("\u00B9", htmlCodec.decode("&sup1;"));
-		assertEquals("\u00B9X", htmlCodec.decode("&sup1;X"));
-		assertEquals("\u00B9", htmlCodec.decode("&sup1"));
-		assertEquals("\u00B9X", htmlCodec.decode("&sup1X"));
-	}
-
-	public void testHtmlDecodeSup2()
-	{
-		assertEquals("\u00B2", htmlCodec.decode("&sup2;"));
-		assertEquals("\u00B2X", htmlCodec.decode("&sup2;X"));
-		assertEquals("\u00B2", htmlCodec.decode("&sup2"));
-		assertEquals("\u00B2X", htmlCodec.decode("&sup2X"));
-	}
-
-	public void testHtmlDecodeSup3()
-	{
-		assertEquals("\u00B3", htmlCodec.decode("&sup3;"));
-		assertEquals("\u00B3X", htmlCodec.decode("&sup3;X"));
-		assertEquals("\u00B3", htmlCodec.decode("&sup3"));
-		assertEquals("\u00B3X", htmlCodec.decode("&sup3X"));
-	}
-
-	public void testHtmlDecodeSup()
-	{
-		assertEquals("\u2283", htmlCodec.decode("&sup;"));
-		assertEquals("\u2283X", htmlCodec.decode("&sup;X"));
-		assertEquals("\u2283", htmlCodec.decode("&sup"));
-		assertEquals("\u2283X", htmlCodec.decode("&supX"));
-	}
-
-	public void testHtmlDecodeSupe()
-	{
-		assertEquals("\u2287", htmlCodec.decode("&supe;"));
-		assertEquals("\u2287X", htmlCodec.decode("&supe;X"));
-		assertEquals("\u2287", htmlCodec.decode("&supe"));
-		assertEquals("\u2287X", htmlCodec.decode("&supeX"));
-	}
-
-	public void testHtmlDecodePi()
-	{
-		assertEquals("\u03C0", htmlCodec.decode("&pi;"));
-		assertEquals("\u03C0X", htmlCodec.decode("&pi;X"));
-		assertEquals("\u03C0", htmlCodec.decode("&pi"));
-		assertEquals("\u03C0X", htmlCodec.decode("&piX"));
-	}
-
-	public void testHtmlDecodePiv()
-	{
-		assertEquals("\u03D6", htmlCodec.decode("&piv;"));
-		assertEquals("\u03D6X", htmlCodec.decode("&piv;X"));
-		assertEquals("\u03D6", htmlCodec.decode("&piv"));
-		assertEquals("\u03D6X", htmlCodec.decode("&pivX"));
-	}
-
-	public void testHtmlDecodeTheta()
-	{
-		assertEquals("\u03B8", htmlCodec.decode("&theta;"));
-		assertEquals("\u03B8X", htmlCodec.decode("&theta;X"));
-		assertEquals("\u03B8", htmlCodec.decode("&theta"));
-		assertEquals("\u03B8X", htmlCodec.decode("&thetaX"));
-	}
-
-	public void testHtmlDecodeThetasym()
-	{
-		assertEquals("\u03D1", htmlCodec.decode("&thetasym;"));
-		assertEquals("\u03D1X", htmlCodec.decode("&thetasym;X"));
-		assertEquals("\u03D1", htmlCodec.decode("&thetasym"));
-		assertEquals("\u03D1X", htmlCodec.decode("&thetasymX"));
-	}
-
-	public void testPercentDecode()
-	{
-        	assertEquals( "<", percentCodec.decode("%3c") );
-	}
-
-	public void testJavaScriptDecodeBackSlashHex()
-	{
-        	assertEquals( "<", javaScriptCodec.decode("\\x3c") );
-	}
-        
-	public void testVBScriptDecode()
-	{
-        	assertEquals( "<", vbScriptCodec.decode("\"<") );
-	}
-
-	public void testCSSDecode()
-	{
-        	assertEquals("<", cssCodec.decode("\\<") );
-	}
-
-	public void testCSSDecodeHexNoSpace()
-	{
-        	assertEquals("Axyz", cssCodec.decode("\\41xyz") );
-	}
-
-	public void testCSSDecodeZeroHexNoSpace()
-	{
-        	assertEquals("Aabc", cssCodec.decode("\\000041abc") );
-	}
-
-	public void testCSSDecodeHexSpace()
-	{
-        	assertEquals("Aabc", cssCodec.decode("\\41 abc") );
-	}
-
-	public void testCSSDecodeNL()
-	{
-        	assertEquals("abcxyz", cssCodec.decode("abc\\\nxyz") );
-	}
-
-	public void testCSSDecodeCRNL()
-	{
-        	assertEquals("abcxyz", cssCodec.decode("abc\\\r\nxyz") );
-	}
-
-	public void testMySQLANSIDecode()
-	{
-        	assertEquals( "\'", mySQLCodecANSI.decode("\'\'") );
-	}
-
-	public void testMySQLStandardDecode()
-	{
-        	assertEquals( "<", mySQLCodecStandard.decode("\\<") );
-	}
-
-	public void testOracleDecode()
-	{
-        	assertEquals( "\'", oracleCodec.decode("\'\'") );
-	}
-
-	public void testUnixDecode()
-	{
-        	assertEquals( "<", unixCodec.decode("\\<") );
-	}
-
-        public void testWindowsDecode()
-	{
-        	assertEquals( "<", windowsCodec.decode("^<") );
-	}
-	
-	public void testHtmlDecodeCharLessThan()
-	{
-        	assertEquals( LESS_THAN, htmlCodec.decodeCharacter(new PushbackString("&lt;")) );
-	}
-
-	public void testPercentDecodeChar()
-	{
-        	assertEquals( LESS_THAN, percentCodec.decodeCharacter(new PushbackString("%3c") ));
-	}
-
-        public void testJavaScriptDecodeCharBackSlashHex()
-	{
-        	assertEquals( LESS_THAN, javaScriptCodec.decodeCharacter(new PushbackString("\\x3c") ));
-	}
-        
-	public void testVBScriptDecodeChar()
-	{
-        	assertEquals( LESS_THAN, vbScriptCodec.decodeCharacter(new PushbackString("\"<") ));
-	}
-
-	public void testCSSDecodeCharBackSlashHex()
-	{
-        	assertEquals( LESS_THAN, cssCodec.decodeCharacter(new PushbackString("\\3c") ));
-	}
-
-	public void testMySQLANSIDecodCharQuoteQuote()
-	{
-        	assertEquals( SINGLE_QUOTE, mySQLCodecANSI.decodeCharacter(new PushbackString("\'\'") ));
-	}
-
-        public void testMySQLStandardDecodeCharBackSlashLessThan()
-	{
-        	assertEquals( LESS_THAN, mySQLCodecStandard.decodeCharacter(new PushbackString("\\<") ));
-	}
-
-	public void testOracleDecodeCharBackSlashLessThan()
-	{
-        	assertEquals( SINGLE_QUOTE, oracleCodec.decodeCharacter(new PushbackString("\'\'") ));
-	}
-
-        public void testUnixDecodeCharBackSlashLessThan()
-	{
-        	assertEquals( LESS_THAN, unixCodec.decodeCharacter(new PushbackString("\\<") ));
-	}
-
-        public void testWindowsDecodeCharCarrotLessThan()
-	{
-        	assertEquals( LESS_THAN, windowsCodec.decodeCharacter(new PushbackString("^<") ));
-	}
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.codecs;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+
+
+/**
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ */
+public class CodecTest extends TestCase {
+
+    private static final char[] EMPTY_CHAR_ARRAY = new char[0];
+    private static final Character LESS_THAN = Character.valueOf('<');
+    private static final Character SINGLE_QUOTE = Character.valueOf('\'');
+    private HTMLEntityCodec htmlCodec = new HTMLEntityCodec();
+    private PercentCodec percentCodec = new PercentCodec();
+    private JavaScriptCodec javaScriptCodec = new JavaScriptCodec();
+    private VBScriptCodec vbScriptCodec = new VBScriptCodec();
+    private CSSCodec cssCodec = new CSSCodec();
+    private MySQLCodec mySQLCodecANSI = new MySQLCodec( MySQLCodec.ANSI_MODE );
+    private MySQLCodec mySQLCodecStandard = new MySQLCodec( MySQLCodec.MYSQL_MODE );
+    private OracleCodec oracleCodec = new OracleCodec();
+    private UnixCodec unixCodec = new UnixCodec();
+    private WindowsCodec windowsCodec = new WindowsCodec();
+
+    /**
+     * Instantiates a new access reference map test.
+     * 
+     * @param testName
+     *            the test name
+     */
+    public CodecTest(String testName) {
+        super(testName);
+    }
+
+    /**
+     * {@inheritDoc}
+     * @throws Exception
+     */
+    protected void setUp() throws Exception {
+        // none
+    }
+
+    /**
+     * {@inheritDoc}
+     * @throws Exception
+     */
+    protected void tearDown() throws Exception {
+        // none
+    }
+
+    /**
+     * Suite.
+     * 
+     * @return the test
+     */
+    public static Test suite() {
+        TestSuite suite = new TestSuite(CodecTest.class);
+        return suite;
+    }
+
+	public void testHtmlEncode()
+	{
+        	assertEquals( "test", htmlCodec.encode( EMPTY_CHAR_ARRAY, "test") );
+	}
+
+	public void testPercentEncode()
+	{
+        	assertEquals( "%3C", percentCodec.encode(EMPTY_CHAR_ARRAY, "<") );
+	}
+
+
+	public void testJavaScriptEncode()
+	{
+        	assertEquals( "\\x3C", javaScriptCodec.encode(EMPTY_CHAR_ARRAY, "<") );
+	}
+
+	public void testVBScriptEncode()
+	{
+        	assertEquals( "chrw(60)", vbScriptCodec.encode(EMPTY_CHAR_ARRAY, "<") );
+	}
+
+	public void testCSSEncode()
+	{
+        	assertEquals( "\\3c ", cssCodec.encode(EMPTY_CHAR_ARRAY, "<") );
+	}
+
+	public void testCSSInvalidCodepointDecode()
+	{
+		assertEquals("\uFFFDg", cssCodec.decode("\\abcdefg") );
+	}
+
+	public void testMySQLANSCIEncode()
+	{
+        	assertEquals( "\'\'", mySQLCodecANSI.encode(EMPTY_CHAR_ARRAY, "\'") );
+	}
+
+	public void testMySQLStandardEncode()
+	{
+        	assertEquals( "\\<", mySQLCodecStandard.encode(EMPTY_CHAR_ARRAY, "<") );
+	}
+
+	public void testOracleEncode()
+	{
+        	assertEquals( "\'\'", oracleCodec.encode(EMPTY_CHAR_ARRAY, "\'") );
+	}
+
+	public void testUnixEncode()
+	{
+        	assertEquals( "\\<", unixCodec.encode(EMPTY_CHAR_ARRAY, "<") );
+	}
+
+	public void testWindowsEncode()
+	{
+        	assertEquals( "^<", windowsCodec.encode(EMPTY_CHAR_ARRAY, "<") );
+	}
+
+	
+	public void testHtmlEncodeChar()
+	{
+        	assertEquals( "&lt;", htmlCodec.encodeCharacter(EMPTY_CHAR_ARRAY, LESS_THAN) );
+	}
+
+	public void testHtmlEncodeChar0x100()
+	{
+		char in = 0x100;
+		String inStr = Character.toString(in);
+		String expected = "&#x100;";
+		String result;
+
+        	result = htmlCodec.encodeCharacter(EMPTY_CHAR_ARRAY, in);
+		// this should be escaped
+        	assertFalse(inStr.equals(result));
+		// UTF-8 encoded and then percent escaped
+        	assertEquals(expected, result);
+	}
+
+	public void testHtmlEncodeStr0x100()
+	{
+		char in = 0x100;
+		String inStr = Character.toString(in);
+		String expected = "&#x100;";
+		String result;
+
+        	result = htmlCodec.encode(EMPTY_CHAR_ARRAY, inStr);
+		// this should be escaped
+        	assertFalse(inStr.equals(result));
+		// UTF-8 encoded and then percent escaped
+        	assertEquals(expected, result);
+	}
+
+	public void testPercentEncodeChar()
+	{
+        	assertEquals( "%3C", percentCodec.encodeCharacter(EMPTY_CHAR_ARRAY, LESS_THAN) );
+	}
+
+	public void testPercentEncodeChar0x100()
+	{
+		char in = 0x100;
+		String inStr = Character.toString(in);
+		String expected = "%C4%80";
+		String result;
+
+        	result = percentCodec.encodeCharacter(EMPTY_CHAR_ARRAY, in);
+		// this should be escaped
+        	assertFalse(inStr.equals(result));
+		// UTF-8 encoded and then percent escaped
+        	assertEquals(expected, result);
+	}
+
+	public void testPercentEncodeStr0x100()
+	{
+		char in = 0x100;
+		String inStr = Character.toString(in);
+		String expected = "%C4%80";
+		String result;
+
+        	result = percentCodec.encode(EMPTY_CHAR_ARRAY, inStr);
+		// this should be escaped
+        	assertFalse(inStr.equals(result));
+		// UTF-8 encoded and then percent escaped
+        	assertEquals(expected, result);
+	}
+
+	public void testJavaScriptEncodeChar()
+	{
+        	assertEquals( "\\x3C", javaScriptCodec.encodeCharacter(EMPTY_CHAR_ARRAY, LESS_THAN) );
+	}
+
+	public void testJavaScriptEncodeChar0x100()
+	{
+		char in = 0x100;
+		String inStr = Character.toString(in);
+		String expected = "\\u0100";
+		String result;
+
+        	result = javaScriptCodec.encodeCharacter(EMPTY_CHAR_ARRAY, in);
+		// this should be escaped
+        	assertFalse(inStr.equals(result));
+        	assertEquals(expected,result);
+	}
+
+	public void testJavaScriptEncodeStr0x100()
+	{
+		char in = 0x100;
+		String inStr = Character.toString(in);
+		String expected = "\\u0100";
+		String result;
+
+        	result = javaScriptCodec.encode(EMPTY_CHAR_ARRAY, inStr);
+		// this should be escaped
+        	assertFalse(inStr.equals(result));
+        	assertEquals(expected,result);
+	}
+        
+	public void testVBScriptEncodeChar()
+	{
+        	assertEquals( "chrw(60)", vbScriptCodec.encodeCharacter(EMPTY_CHAR_ARRAY, LESS_THAN) );
+	}
+
+	public void testVBScriptEncodeChar0x100()
+	{
+		char in = 0x100;
+		String inStr = Character.toString(in);
+		// FIXME I don't know vb...
+		// String expected = "\\u0100";
+		String result;
+
+        	result = vbScriptCodec.encodeCharacter(EMPTY_CHAR_ARRAY, in);
+		// this should be escaped
+        	assertFalse(inStr.equals(result));
+        	//assertEquals(expected,result);
+	}
+
+	public void testVBScriptEncodeStr0x100()
+	{
+		char in = 0x100;
+		String inStr = Character.toString(in);
+		// FIXME I don't know vb...
+		// String expected = "chrw(0x100)";
+		String result;
+
+        	result = vbScriptCodec.encode(EMPTY_CHAR_ARRAY, inStr);
+		// this should be escaped
+        	assertFalse(inStr.equals(result));
+        	// assertEquals(expected,result);
+	}
+
+	public void testCSSEncodeChar()
+	{
+        	assertEquals( "\\3c ", cssCodec.encodeCharacter(EMPTY_CHAR_ARRAY, LESS_THAN) );
+	}
+
+	public void testCSSEncodeChar0x100()
+	{
+		char in = 0x100;
+		String inStr = Character.toString(in);
+		String expected = "\\100 ";
+		String result;
+
+        	result = cssCodec.encodeCharacter(EMPTY_CHAR_ARRAY, in);
+		// this should be escaped
+        	assertFalse(inStr.equals(result));
+        	assertEquals(expected,result);
+	}
+
+	public void testCSSEncodeStr0x100()
+	{
+		char in = 0x100;
+		String inStr = Character.toString(in);
+		String expected = "\\100 ";
+		String result;
+
+        	result = cssCodec.encode(EMPTY_CHAR_ARRAY, inStr);
+		// this should be escaped
+        	assertFalse(inStr.equals(result));
+        	assertEquals(expected,result);
+	}
+
+	public void testMySQLANSIEncodeChar()
+	{
+        	assertEquals( "\'\'", mySQLCodecANSI.encodeCharacter(EMPTY_CHAR_ARRAY, SINGLE_QUOTE));
+	}
+
+	public void testMySQLStandardEncodeChar0x100()
+	{
+		char in = 0x100;
+		String inStr = Character.toString(in);
+		String expected = "\\" + in;
+		String result;
+
+        	result = mySQLCodecStandard.encodeCharacter(EMPTY_CHAR_ARRAY, in);
+		// this should be escaped
+        	assertFalse(inStr.equals(result));
+        	assertEquals(expected,result);
+	}
+
+	public void testMySQLStandardEncodeStr0x100()
+	{
+		char in = 0x100;
+		String inStr = Character.toString(in);
+		String expected = "\\" + in;
+		String result;
+
+        	result = mySQLCodecStandard.encode(EMPTY_CHAR_ARRAY, inStr);
+		// this should be escaped
+        	assertFalse(inStr.equals(result));
+        	assertEquals(expected,result);
+	}
+
+	public void testMySQLStandardEncodeChar()
+	{
+        	assertEquals( "\\<", mySQLCodecStandard.encodeCharacter(EMPTY_CHAR_ARRAY, LESS_THAN) );
+	}
+
+	public void testOracleEncodeChar()
+	{
+        	assertEquals( "\'\'", oracleCodec.encodeCharacter(EMPTY_CHAR_ARRAY, SINGLE_QUOTE) );
+	}
+
+	public void testUnixEncodeChar()
+	{
+        	assertEquals( "\\<", unixCodec.encodeCharacter(EMPTY_CHAR_ARRAY, LESS_THAN) );
+	}
+
+	public void testUnixEncodeChar0x100()
+	{
+		char in = 0x100;
+		String inStr = Character.toString(in);
+		String expected = "\\" + in;
+		String result;
+
+        	result = unixCodec.encodeCharacter(EMPTY_CHAR_ARRAY, in);
+		// this should be escaped
+        	assertFalse(inStr.equals(result));
+        	assertEquals(expected,result);
+	}
+
+	public void testUnixEncodeStr0x100()
+	{
+		char in = 0x100;
+		String inStr = Character.toString(in);
+		String expected = "\\" + in;
+		String result;
+
+        	result = unixCodec.encode(EMPTY_CHAR_ARRAY, inStr);
+		// this should be escaped
+        	assertFalse(inStr.equals(result));
+        	assertEquals(expected,result);
+	}
+
+	public void testWindowsEncodeChar()
+	{
+        	assertEquals( "^<", windowsCodec.encodeCharacter(EMPTY_CHAR_ARRAY, LESS_THAN) );
+	}
+
+	public void testWindowsEncodeChar0x100()
+	{
+		char in = 0x100;
+		String inStr = Character.toString(in);
+		String expected = "^" + in;
+		String result;
+
+        	result = windowsCodec.encodeCharacter(EMPTY_CHAR_ARRAY, in);
+		// this should be escaped
+        	assertFalse(inStr.equals(result));
+        	assertEquals(expected,result);
+	}
+
+	public void testWindowsEncodeStr0x100()
+	{
+		char in = 0x100;
+		String inStr = Character.toString(in);
+		String expected = "^" + in;
+		String result;
+
+        	result = windowsCodec.encode(EMPTY_CHAR_ARRAY, inStr);
+		// this should be escaped
+        	assertFalse(inStr.equals(result));
+        	assertEquals(expected,result);
+	}
+	
+	public void testHtmlDecodeDecimalEntities()
+	{
+        	assertEquals( "test!", htmlCodec.decode("&#116;&#101;&#115;&#116;!") );
+	}
+
+	public void testHtmlDecodeHexEntitites()
+	{
+        	assertEquals( "test!", htmlCodec.decode("&#x74;&#x65;&#x73;&#x74;!") );
+	}
+
+	public void testHtmlDecodeInvalidAttribute()
+	{
+        	assertEquals( "&jeff;", htmlCodec.decode("&jeff;") );
+	}
+
+	public void testHtmlDecodeAmp()
+	{
+		assertEquals("&", htmlCodec.decode("&amp;"));
+		assertEquals("&X", htmlCodec.decode("&amp;X"));
+		assertEquals("&", htmlCodec.decode("&amp"));
+		assertEquals("&X", htmlCodec.decode("&ampX"));
+	}
+
+	public void testHtmlDecodeLt()
+	{
+		assertEquals("<", htmlCodec.decode("&lt;"));
+		assertEquals("<X", htmlCodec.decode("&lt;X"));
+		assertEquals("<", htmlCodec.decode("&lt"));
+		assertEquals("<X", htmlCodec.decode("&ltX"));
+	}
+
+	public void testHtmlDecodeSup1()
+	{
+		assertEquals("\u00B9", htmlCodec.decode("&sup1;"));
+		assertEquals("\u00B9X", htmlCodec.decode("&sup1;X"));
+		assertEquals("\u00B9", htmlCodec.decode("&sup1"));
+		assertEquals("\u00B9X", htmlCodec.decode("&sup1X"));
+	}
+
+	public void testHtmlDecodeSup2()
+	{
+		assertEquals("\u00B2", htmlCodec.decode("&sup2;"));
+		assertEquals("\u00B2X", htmlCodec.decode("&sup2;X"));
+		assertEquals("\u00B2", htmlCodec.decode("&sup2"));
+		assertEquals("\u00B2X", htmlCodec.decode("&sup2X"));
+	}
+
+	public void testHtmlDecodeSup3()
+	{
+		assertEquals("\u00B3", htmlCodec.decode("&sup3;"));
+		assertEquals("\u00B3X", htmlCodec.decode("&sup3;X"));
+		assertEquals("\u00B3", htmlCodec.decode("&sup3"));
+		assertEquals("\u00B3X", htmlCodec.decode("&sup3X"));
+	}
+
+	public void testHtmlDecodeSup()
+	{
+		assertEquals("\u2283", htmlCodec.decode("&sup;"));
+		assertEquals("\u2283X", htmlCodec.decode("&sup;X"));
+		assertEquals("\u2283", htmlCodec.decode("&sup"));
+		assertEquals("\u2283X", htmlCodec.decode("&supX"));
+	}
+
+	public void testHtmlDecodeSupe()
+	{
+		assertEquals("\u2287", htmlCodec.decode("&supe;"));
+		assertEquals("\u2287X", htmlCodec.decode("&supe;X"));
+		assertEquals("\u2287", htmlCodec.decode("&supe"));
+		assertEquals("\u2287X", htmlCodec.decode("&supeX"));
+	}
+
+	public void testHtmlDecodePi()
+	{
+		assertEquals("\u03C0", htmlCodec.decode("&pi;"));
+		assertEquals("\u03C0X", htmlCodec.decode("&pi;X"));
+		assertEquals("\u03C0", htmlCodec.decode("&pi"));
+		assertEquals("\u03C0X", htmlCodec.decode("&piX"));
+	}
+
+	public void testHtmlDecodePiv()
+	{
+		assertEquals("\u03D6", htmlCodec.decode("&piv;"));
+		assertEquals("\u03D6X", htmlCodec.decode("&piv;X"));
+		assertEquals("\u03D6", htmlCodec.decode("&piv"));
+		assertEquals("\u03D6X", htmlCodec.decode("&pivX"));
+	}
+
+	public void testHtmlDecodeTheta()
+	{
+		assertEquals("\u03B8", htmlCodec.decode("&theta;"));
+		assertEquals("\u03B8X", htmlCodec.decode("&theta;X"));
+		assertEquals("\u03B8", htmlCodec.decode("&theta"));
+		assertEquals("\u03B8X", htmlCodec.decode("&thetaX"));
+	}
+
+	public void testHtmlDecodeThetasym()
+	{
+		assertEquals("\u03D1", htmlCodec.decode("&thetasym;"));
+		assertEquals("\u03D1X", htmlCodec.decode("&thetasym;X"));
+		assertEquals("\u03D1", htmlCodec.decode("&thetasym"));
+		assertEquals("\u03D1X", htmlCodec.decode("&thetasymX"));
+	}
+
+	public void testPercentDecode()
+	{
+        	assertEquals( "<", percentCodec.decode("%3c") );
+	}
+
+	public void testJavaScriptDecodeBackSlashHex()
+	{
+        	assertEquals( "<", javaScriptCodec.decode("\\x3c") );
+	}
+        
+	public void testVBScriptDecode()
+	{
+        	assertEquals( "<", vbScriptCodec.decode("\"<") );
+	}
+
+	public void testCSSDecode()
+	{
+        	assertEquals("<", cssCodec.decode("\\<") );
+	}
+
+	public void testCSSDecodeHexNoSpace()
+	{
+        	assertEquals("Axyz", cssCodec.decode("\\41xyz") );
+	}
+
+	public void testCSSDecodeZeroHexNoSpace()
+	{
+        	assertEquals("Aabc", cssCodec.decode("\\000041abc") );
+	}
+
+	public void testCSSDecodeHexSpace()
+	{
+        	assertEquals("Aabc", cssCodec.decode("\\41 abc") );
+	}
+
+	public void testCSSDecodeNL()
+	{
+        	assertEquals("abcxyz", cssCodec.decode("abc\\\nxyz") );
+	}
+
+	public void testCSSDecodeCRNL()
+	{
+        	assertEquals("abcxyz", cssCodec.decode("abc\\\r\nxyz") );
+	}
+
+	public void testMySQLANSIDecode()
+	{
+        	assertEquals( "\'", mySQLCodecANSI.decode("\'\'") );
+	}
+
+	public void testMySQLStandardDecode()
+	{
+        	assertEquals( "<", mySQLCodecStandard.decode("\\<") );
+	}
+
+	public void testOracleDecode()
+	{
+        	assertEquals( "\'", oracleCodec.decode("\'\'") );
+	}
+
+	public void testUnixDecode()
+	{
+        	assertEquals( "<", unixCodec.decode("\\<") );
+	}
+
+        public void testWindowsDecode()
+	{
+        	assertEquals( "<", windowsCodec.decode("^<") );
+	}
+	
+	public void testHtmlDecodeCharLessThan()
+	{
+        	assertEquals( LESS_THAN, htmlCodec.decodeCharacter(new PushbackString("&lt;")) );
+	}
+
+	public void testPercentDecodeChar()
+	{
+        	assertEquals( LESS_THAN, percentCodec.decodeCharacter(new PushbackString("%3c") ));
+	}
+
+        public void testJavaScriptDecodeCharBackSlashHex()
+	{
+        	assertEquals( LESS_THAN, javaScriptCodec.decodeCharacter(new PushbackString("\\x3c") ));
+	}
+        
+	public void testVBScriptDecodeChar()
+	{
+        	assertEquals( LESS_THAN, vbScriptCodec.decodeCharacter(new PushbackString("\"<") ));
+	}
+
+	public void testCSSDecodeCharBackSlashHex()
+	{
+        	assertEquals( LESS_THAN, cssCodec.decodeCharacter(new PushbackString("\\3c") ));
+	}
+
+	public void testMySQLANSIDecodCharQuoteQuote()
+	{
+        	assertEquals( SINGLE_QUOTE, mySQLCodecANSI.decodeCharacter(new PushbackString("\'\'") ));
+	}
+
+        public void testMySQLStandardDecodeCharBackSlashLessThan()
+	{
+        	assertEquals( LESS_THAN, mySQLCodecStandard.decodeCharacter(new PushbackString("\\<") ));
+	}
+
+	public void testOracleDecodeCharBackSlashLessThan()
+	{
+        	assertEquals( SINGLE_QUOTE, oracleCodec.decodeCharacter(new PushbackString("\'\'") ));
+	}
+
+        public void testUnixDecodeCharBackSlashLessThan()
+	{
+        	assertEquals( LESS_THAN, unixCodec.decodeCharacter(new PushbackString("\\<") ));
+	}
+
+        public void testWindowsDecodeCharCarrotLessThan()
+	{
+        	assertEquals( LESS_THAN, windowsCodec.decodeCharacter(new PushbackString("^<") ));
+	}
+}

From 22606305ad1933ee95c4bb92da6fa868d3968d96 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:51 -0500
Subject: [PATCH 218/812] Change CRLF to LF for issue 356.

---
 .../crypto/ESAPICryptoMACByPassTest.java      | 460 +++++++++---------
 1 file changed, 230 insertions(+), 230 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/crypto/ESAPICryptoMACByPassTest.java b/src/test/java/org/owasp/esapi/crypto/ESAPICryptoMACByPassTest.java
index e54ad33f8..36e796d10 100644
--- a/src/test/java/org/owasp/esapi/crypto/ESAPICryptoMACByPassTest.java
+++ b/src/test/java/org/owasp/esapi/crypto/ESAPICryptoMACByPassTest.java
@@ -1,231 +1,231 @@
-/*
- * OWASP Enterprise Security API (ESAPI) - Google issue # 306.
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2013 - The OWASP Foundation
- * ESAPI is published by OWASP under the new BSD license. You should read
- * and accept the LICENSE before you use, modify, and/or redistribute this
- * software.
- * 
- * Full credit for this JUnit to illustrate what is now Google Issue # 306
- * goes to Philippe Arteau <philippe.arteau@gmail.com>. Originally
- * published 2013/08/21 to ESAPI-DEV mailing list. Shows that both
- * ESAPI 2.0 and 2.0.1 is vulnerable. Minor tweaks by Kevin W. Wall.
- *
- * Original class name: SignatureByPassTest.
- * 
- * NOTE: If this test fails, your version of ESAPI is vulnerable (or you have
- * 		 it configured not to require a MAC which you should NOT do).
- */
-
-package org.owasp.esapi.crypto;
-
-import org.apache.commons.codec.binary.Hex;
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.crypto.CipherText;
-import org.owasp.esapi.crypto.PlainText;
-import org.owasp.esapi.errors.EncryptionException;
-import org.owasp.esapi.util.ByteConversionUtil;
-
-import javax.crypto.SecretKey;
-import javax.crypto.spec.SecretKeySpec;
-import java.io.ByteArrayOutputStream;
-import java.io.UnsupportedEncodingException;
-import java.lang.reflect.Field;
-import java.security.NoSuchAlgorithmException;
-import java.security.spec.InvalidKeySpecException;
-import java.util.Date;
-
-import static org.junit.Assert.*;
-import org.junit.Before;
-import org.junit.Test;
-
-
-public class ESAPICryptoMACByPassTest {
-
-    @Before
-    public void setUp() throws NoSuchAlgorithmException, InvalidKeySpecException {
-    	; // Do any prerequisite setup here.
-    }
-
-    @Test
-    public void testMacBypass() throws EncryptionException, NoSuchFieldException, IllegalAccessException {
-
-        byte[] bkey = {0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0xA,0x0B,0x0C,0x0D,0x0E,0x0F}; //Truly random key. ;-)
-        SecretKey sk = new SecretKeySpec(bkey,"AES");
-
-        //Encryption with MAC
-        String originalMessage = "Cryptography!?!?";
-        System.out.printf("Encrypting the message '%s'\n", originalMessage);
-        	// Until there is a better way to do this. But this is much easier
-        	// than having to set up a custom ESAPI.properties file just for
-        	// this test.
-        	//
-        	// NOTE: Philippe Arteau's original exploit used "AES/OFB/NoPadding"
-            //       so that one could see that the effect of the decryption would
-        	//		 be "Craptography!?!?". However, if you wish to do that, then
-        	//		 you must also change the ESAPI.properties file used by ESAPI
-        	//		 JUnit tests sp that "OFB" is accepted as an allowed cipher
-        	//		 mode. The easiest way to do that (if you are still not convinced)
-        	//		 is to add "OFB" mode to Encryptor.cipher_modes.additional_allowed;
-        	//		 e.g.,  Encryptor.cipher_modes.additional_allowed=CBC,OFB
-        	//
-        String origCipherXform =
-        	ESAPI.securityConfiguration().setCipherTransformation("AES/CBC/NoPadding");
-        CipherText ct = ESAPI.encryptor().encrypt(sk,new PlainText(originalMessage));
-
-        //Serialize the ciphertext in order to send it over the wire..
-        byte[] serializedCt = ct.asPortableSerializedByteArray();
-
-        //Malicious modification
-        byte[] modifiedCt = tamperCipherText(serializedCt);
-
-        //Decrypt
-        CipherText modifierCtObj = CipherText.fromPortableSerializedBytes(modifiedCt);
-        try {
-        	ESAPI.securityConfiguration().setCipherTransformation(origCipherXform);
-        		// This decryption should fail by throwing an EncryptionException
-        		// if ESAPI crypto is NOT vulnerable and you never get to the
-        		// subsequent lines in the try block.
-            PlainText pt = ESAPI.encryptor().decrypt(sk,modifierCtObj);
-            System.out.printf("Decrypting to '%s' (probably will look like garbage!)\n", new String(pt.asBytes()));
-            System.out.println("This ESAPI version vulnerable to MAC by-pass described in Google issue # 306! Upgrade to latest version.");
-            fail("This ESAPI version is vulnerable to MAC by-pass described in Google issue # 306! Upgrade to latest version.");
-        } catch(EncryptionException eex) {
-        	String errMsg = eex.getMessage();
-        		// See private String DECRYPTION_FAILED in JavaEncryptor.
-        	String expectedError = "Decryption failed; see logs for details.";
-        	assertTrue( errMsg.equals(expectedError) );
-        	System.out.println("testMacByPass(): Attempted decryption after MAC tampering failed.");
-            System.out.println("Fix of issue # 306 successful. Crypto MAC by-pass test failed; exception was: [" + eex + "]");
-        }
-    }
-
-    /**
-     * The modification of the ciphertext is done in a separate method to show that only the generate CipherText object is use.
-     * @param serializeCt
-     */
-    private byte[] tamperCipherText(byte[] serializeCt) throws EncryptionException, NoSuchFieldException, IllegalAccessException {
-        CipherText ct = CipherText.fromPortableSerializedBytes(serializeCt);
-
-        //Ciphertext metadata
-        //System.out.println(ct.toString());
-
-        byte[] cipherTextMod = ct.getRawCipherText();
-
-        System.out.printf("Original ciphertext\t'%s'\n",String.valueOf(Hex.encodeHex(cipherTextMod)));
-
-        cipherTextMod[2] ^= 'y' ^ 'a'; //Alter the 3rd character
-
-        System.out.printf("Modify ciphertext\t'%s'\n",String.valueOf(Hex.encodeHex(cipherTextMod)));
-
-        //MAC ... what MAC ?
-        Field f2 = ct.getClass().getDeclaredField("separate_mac_");
-        f2.setAccessible(true);
-        f2.set(ct,null); //mac byte array set to null
-
-        //Changing CT
-        Field f3 = ct.getClass().getDeclaredField("raw_ciphertext_");
-        f3.setAccessible(true);
-        f3.set(ct,cipherTextMod);
-
-        //return ct.asPortableSerializedByteArray(); //Will complain about missing mac
-        //return new CipherTextSerializer(ct).asSerializedByteArray(); //NPE on mac.length
-        return serialize(ct); //Modify version of CipherTextSerializer.asSerializedByteArray()
-    }
-
-    /////////////////////////////////////////////////////////////////////
-    // The following code is a modified version of CipherTextSerializer
-    /////////////////////////////////////////////////////////////////////
-
-    private byte[] serialize(CipherText cipherText_) {
-        int kdfInfo = cipherText_.getKDFInfo();
-
-        long timestamp = cipherText_.getEncryptionTimestamp();
-        String cipherXform = cipherText_.getCipherTransformation();
-
-        short keySize = (short) cipherText_.getKeySize();
-
-        short blockSize = (short)cipherText_.getBlockSize();
-        byte[] iv = cipherText_.getIV();
-
-        short ivLen = (short)iv.length;
-        byte[] rawCiphertext = cipherText_.getRawCipherText();
-        int ciphertextLen = rawCiphertext.length;
-
-        byte[] mac = cipherText_.getSeparateMAC();
-
-        short macLen = 0;//(short)mac.length; //<-------------- The only modification to the serialization
-
-        return computeSerialization(kdfInfo, timestamp, cipherXform, keySize, blockSize, ivLen, iv, ciphertextLen, rawCiphertext, macLen, mac);
-    }
-
-    private byte[] computeSerialization(int kdfInfo, long timestamp, String cipherXform, short keySize, short blockSize, short ivLen, byte[] iv, int ciphertextLen, byte[] rawCiphertext, short macLen, byte[] mac)
-    {
-        debug("computeSerialization: kdfInfo = " + kdfInfo);
-        debug("computeSerialization: timestamp = " + new Date(timestamp));
-        debug("computeSerialization: cipherXform = " + cipherXform);
-        debug("computeSerialization: keySize = " + keySize);
-        debug("computeSerialization: blockSize = " + blockSize);
-        debug("computeSerialization: ivLen = " + ivLen);
-        debug("computeSerialization: ciphertextLen = " + ciphertextLen);
-        debug("computeSerialization: macLen = " + macLen);
-
-        ByteArrayOutputStream baos = new ByteArrayOutputStream();
-        writeInt(baos, kdfInfo);
-        writeLong(baos, timestamp);
-        String[] parts = cipherXform.split("/");
-        assert (parts.length == 3) : "Malformed cipher transformation";
-        writeString(baos, cipherXform);
-        writeShort(baos, keySize);
-        writeShort(baos, blockSize);
-        writeShort(baos, ivLen);
-        if (ivLen > 0) baos.write(iv, 0, iv.length);
-        writeInt(baos, ciphertextLen);
-        baos.write(rawCiphertext, 0, rawCiphertext.length);
-        writeShort(baos, macLen);
-        if (macLen > 0) baos.write(mac, 0, mac.length);
-        return baos.toByteArray();
-    }
-
-    private static void debug(String msg) {
-        // System.err.println(msg);
-    }
-
-    private void writeShort(ByteArrayOutputStream baos, short s) {
-        byte[] shortAsByteArray = ByteConversionUtil.fromShort(s);
-        assert (shortAsByteArray.length == 2);
-        baos.write(shortAsByteArray, 0, 2);
-    }
-
-    private void writeInt(ByteArrayOutputStream baos, int i) {
-        byte[] intAsByteArray = ByteConversionUtil.fromInt(i);
-        baos.write(intAsByteArray, 0, 4);
-    }
-
-    private void writeLong(ByteArrayOutputStream baos, long l) {
-        byte[] longAsByteArray = ByteConversionUtil.fromLong(l);
-        assert (longAsByteArray.length == 8);
-        baos.write(longAsByteArray, 0, 8);
-    }
-
-    private void writeString(ByteArrayOutputStream baos, String str)
-    {
-        try
-        {
-            assert ((str != null) && (str.length() > 0));
-            byte[] bytes = str.getBytes("UTF8");
-            assert (bytes.length < 32767) : "writeString: String exceeds max length";
-            writeShort(baos, (short)bytes.length);
-            baos.write(bytes, 0, bytes.length);
-        }
-        catch (UnsupportedEncodingException e)
-        {
-            System.err.println("writeString: " + e.getMessage());
-        }
-    }
-
+/*
+ * OWASP Enterprise Security API (ESAPI) - Google issue # 306.
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2013 - The OWASP Foundation
+ * ESAPI is published by OWASP under the new BSD license. You should read
+ * and accept the LICENSE before you use, modify, and/or redistribute this
+ * software.
+ * 
+ * Full credit for this JUnit to illustrate what is now Google Issue # 306
+ * goes to Philippe Arteau <philippe.arteau@gmail.com>. Originally
+ * published 2013/08/21 to ESAPI-DEV mailing list. Shows that both
+ * ESAPI 2.0 and 2.0.1 is vulnerable. Minor tweaks by Kevin W. Wall.
+ *
+ * Original class name: SignatureByPassTest.
+ * 
+ * NOTE: If this test fails, your version of ESAPI is vulnerable (or you have
+ * 		 it configured not to require a MAC which you should NOT do).
+ */
+
+package org.owasp.esapi.crypto;
+
+import org.apache.commons.codec.binary.Hex;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.crypto.CipherText;
+import org.owasp.esapi.crypto.PlainText;
+import org.owasp.esapi.errors.EncryptionException;
+import org.owasp.esapi.util.ByteConversionUtil;
+
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
+import java.io.ByteArrayOutputStream;
+import java.io.UnsupportedEncodingException;
+import java.lang.reflect.Field;
+import java.security.NoSuchAlgorithmException;
+import java.security.spec.InvalidKeySpecException;
+import java.util.Date;
+
+import static org.junit.Assert.*;
+import org.junit.Before;
+import org.junit.Test;
+
+
+public class ESAPICryptoMACByPassTest {
+
+    @Before
+    public void setUp() throws NoSuchAlgorithmException, InvalidKeySpecException {
+    	; // Do any prerequisite setup here.
+    }
+
+    @Test
+    public void testMacBypass() throws EncryptionException, NoSuchFieldException, IllegalAccessException {
+
+        byte[] bkey = {0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0xA,0x0B,0x0C,0x0D,0x0E,0x0F}; //Truly random key. ;-)
+        SecretKey sk = new SecretKeySpec(bkey,"AES");
+
+        //Encryption with MAC
+        String originalMessage = "Cryptography!?!?";
+        System.out.printf("Encrypting the message '%s'\n", originalMessage);
+        	// Until there is a better way to do this. But this is much easier
+        	// than having to set up a custom ESAPI.properties file just for
+        	// this test.
+        	//
+        	// NOTE: Philippe Arteau's original exploit used "AES/OFB/NoPadding"
+            //       so that one could see that the effect of the decryption would
+        	//		 be "Craptography!?!?". However, if you wish to do that, then
+        	//		 you must also change the ESAPI.properties file used by ESAPI
+        	//		 JUnit tests sp that "OFB" is accepted as an allowed cipher
+        	//		 mode. The easiest way to do that (if you are still not convinced)
+        	//		 is to add "OFB" mode to Encryptor.cipher_modes.additional_allowed;
+        	//		 e.g.,  Encryptor.cipher_modes.additional_allowed=CBC,OFB
+        	//
+        String origCipherXform =
+        	ESAPI.securityConfiguration().setCipherTransformation("AES/CBC/NoPadding");
+        CipherText ct = ESAPI.encryptor().encrypt(sk,new PlainText(originalMessage));
+
+        //Serialize the ciphertext in order to send it over the wire..
+        byte[] serializedCt = ct.asPortableSerializedByteArray();
+
+        //Malicious modification
+        byte[] modifiedCt = tamperCipherText(serializedCt);
+
+        //Decrypt
+        CipherText modifierCtObj = CipherText.fromPortableSerializedBytes(modifiedCt);
+        try {
+        	ESAPI.securityConfiguration().setCipherTransformation(origCipherXform);
+        		// This decryption should fail by throwing an EncryptionException
+        		// if ESAPI crypto is NOT vulnerable and you never get to the
+        		// subsequent lines in the try block.
+            PlainText pt = ESAPI.encryptor().decrypt(sk,modifierCtObj);
+            System.out.printf("Decrypting to '%s' (probably will look like garbage!)\n", new String(pt.asBytes()));
+            System.out.println("This ESAPI version vulnerable to MAC by-pass described in Google issue # 306! Upgrade to latest version.");
+            fail("This ESAPI version is vulnerable to MAC by-pass described in Google issue # 306! Upgrade to latest version.");
+        } catch(EncryptionException eex) {
+        	String errMsg = eex.getMessage();
+        		// See private String DECRYPTION_FAILED in JavaEncryptor.
+        	String expectedError = "Decryption failed; see logs for details.";
+        	assertTrue( errMsg.equals(expectedError) );
+        	System.out.println("testMacByPass(): Attempted decryption after MAC tampering failed.");
+            System.out.println("Fix of issue # 306 successful. Crypto MAC by-pass test failed; exception was: [" + eex + "]");
+        }
+    }
+
+    /**
+     * The modification of the ciphertext is done in a separate method to show that only the generate CipherText object is use.
+     * @param serializeCt
+     */
+    private byte[] tamperCipherText(byte[] serializeCt) throws EncryptionException, NoSuchFieldException, IllegalAccessException {
+        CipherText ct = CipherText.fromPortableSerializedBytes(serializeCt);
+
+        //Ciphertext metadata
+        //System.out.println(ct.toString());
+
+        byte[] cipherTextMod = ct.getRawCipherText();
+
+        System.out.printf("Original ciphertext\t'%s'\n",String.valueOf(Hex.encodeHex(cipherTextMod)));
+
+        cipherTextMod[2] ^= 'y' ^ 'a'; //Alter the 3rd character
+
+        System.out.printf("Modify ciphertext\t'%s'\n",String.valueOf(Hex.encodeHex(cipherTextMod)));
+
+        //MAC ... what MAC ?
+        Field f2 = ct.getClass().getDeclaredField("separate_mac_");
+        f2.setAccessible(true);
+        f2.set(ct,null); //mac byte array set to null
+
+        //Changing CT
+        Field f3 = ct.getClass().getDeclaredField("raw_ciphertext_");
+        f3.setAccessible(true);
+        f3.set(ct,cipherTextMod);
+
+        //return ct.asPortableSerializedByteArray(); //Will complain about missing mac
+        //return new CipherTextSerializer(ct).asSerializedByteArray(); //NPE on mac.length
+        return serialize(ct); //Modify version of CipherTextSerializer.asSerializedByteArray()
+    }
+
+    /////////////////////////////////////////////////////////////////////
+    // The following code is a modified version of CipherTextSerializer
+    /////////////////////////////////////////////////////////////////////
+
+    private byte[] serialize(CipherText cipherText_) {
+        int kdfInfo = cipherText_.getKDFInfo();
+
+        long timestamp = cipherText_.getEncryptionTimestamp();
+        String cipherXform = cipherText_.getCipherTransformation();
+
+        short keySize = (short) cipherText_.getKeySize();
+
+        short blockSize = (short)cipherText_.getBlockSize();
+        byte[] iv = cipherText_.getIV();
+
+        short ivLen = (short)iv.length;
+        byte[] rawCiphertext = cipherText_.getRawCipherText();
+        int ciphertextLen = rawCiphertext.length;
+
+        byte[] mac = cipherText_.getSeparateMAC();
+
+        short macLen = 0;//(short)mac.length; //<-------------- The only modification to the serialization
+
+        return computeSerialization(kdfInfo, timestamp, cipherXform, keySize, blockSize, ivLen, iv, ciphertextLen, rawCiphertext, macLen, mac);
+    }
+
+    private byte[] computeSerialization(int kdfInfo, long timestamp, String cipherXform, short keySize, short blockSize, short ivLen, byte[] iv, int ciphertextLen, byte[] rawCiphertext, short macLen, byte[] mac)
+    {
+        debug("computeSerialization: kdfInfo = " + kdfInfo);
+        debug("computeSerialization: timestamp = " + new Date(timestamp));
+        debug("computeSerialization: cipherXform = " + cipherXform);
+        debug("computeSerialization: keySize = " + keySize);
+        debug("computeSerialization: blockSize = " + blockSize);
+        debug("computeSerialization: ivLen = " + ivLen);
+        debug("computeSerialization: ciphertextLen = " + ciphertextLen);
+        debug("computeSerialization: macLen = " + macLen);
+
+        ByteArrayOutputStream baos = new ByteArrayOutputStream();
+        writeInt(baos, kdfInfo);
+        writeLong(baos, timestamp);
+        String[] parts = cipherXform.split("/");
+        assert (parts.length == 3) : "Malformed cipher transformation";
+        writeString(baos, cipherXform);
+        writeShort(baos, keySize);
+        writeShort(baos, blockSize);
+        writeShort(baos, ivLen);
+        if (ivLen > 0) baos.write(iv, 0, iv.length);
+        writeInt(baos, ciphertextLen);
+        baos.write(rawCiphertext, 0, rawCiphertext.length);
+        writeShort(baos, macLen);
+        if (macLen > 0) baos.write(mac, 0, mac.length);
+        return baos.toByteArray();
+    }
+
+    private static void debug(String msg) {
+        // System.err.println(msg);
+    }
+
+    private void writeShort(ByteArrayOutputStream baos, short s) {
+        byte[] shortAsByteArray = ByteConversionUtil.fromShort(s);
+        assert (shortAsByteArray.length == 2);
+        baos.write(shortAsByteArray, 0, 2);
+    }
+
+    private void writeInt(ByteArrayOutputStream baos, int i) {
+        byte[] intAsByteArray = ByteConversionUtil.fromInt(i);
+        baos.write(intAsByteArray, 0, 4);
+    }
+
+    private void writeLong(ByteArrayOutputStream baos, long l) {
+        byte[] longAsByteArray = ByteConversionUtil.fromLong(l);
+        assert (longAsByteArray.length == 8);
+        baos.write(longAsByteArray, 0, 8);
+    }
+
+    private void writeString(ByteArrayOutputStream baos, String str)
+    {
+        try
+        {
+            assert ((str != null) && (str.length() > 0));
+            byte[] bytes = str.getBytes("UTF8");
+            assert (bytes.length < 32767) : "writeString: String exceeds max length";
+            writeShort(baos, (short)bytes.length);
+            baos.write(bytes, 0, bytes.length);
+        }
+        catch (UnsupportedEncodingException e)
+        {
+            System.err.println("writeString: " + e.getMessage());
+        }
+    }
+
 }
\ No newline at end of file

From 9c4b021cdd85db34547fe26b04a323e38f6ac67c Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:51 -0500
Subject: [PATCH 219/812] Change CRLF to LF for issue 356.

---
 .../EnterpriseSecurityExceptionTest.java      | 314 +++++++++---------
 1 file changed, 157 insertions(+), 157 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/errors/EnterpriseSecurityExceptionTest.java b/src/test/java/org/owasp/esapi/errors/EnterpriseSecurityExceptionTest.java
index f981a0c18..bfd96514d 100644
--- a/src/test/java/org/owasp/esapi/errors/EnterpriseSecurityExceptionTest.java
+++ b/src/test/java/org/owasp/esapi/errors/EnterpriseSecurityExceptionTest.java
@@ -1,157 +1,157 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.errors;
-
-import org.owasp.esapi.errors.AccessControlException;
-import org.owasp.esapi.errors.AuthenticationAccountsException;
-import org.owasp.esapi.errors.AuthenticationCredentialsException;
-import org.owasp.esapi.errors.AuthenticationException;
-import org.owasp.esapi.errors.AuthenticationHostException;
-import org.owasp.esapi.errors.AuthenticationLoginException;
-import org.owasp.esapi.errors.AvailabilityException;
-import org.owasp.esapi.errors.CertificateException;
-import org.owasp.esapi.errors.EncodingException;
-import org.owasp.esapi.errors.EncryptionException;
-import org.owasp.esapi.errors.EnterpriseSecurityException;
-import org.owasp.esapi.errors.ExecutorException;
-import org.owasp.esapi.errors.IntegrityException;
-import org.owasp.esapi.errors.IntrusionException;
-import org.owasp.esapi.errors.ValidationAvailabilityException;
-import org.owasp.esapi.errors.ValidationException;
-import org.owasp.esapi.errors.ValidationUploadException;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-
-/**
- * The Class AccessReferenceMapTest.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class EnterpriseSecurityExceptionTest extends TestCase {
-    
-    /**
-	 * Instantiates a new access reference map test.
-	 * 
-	 * @param testName
-	 *            the test name
-	 */
-    public EnterpriseSecurityExceptionTest(String testName) {
-        super(testName);
-    }
-
-    /**
-     * {@inheritDoc}
-     * @throws Exception
-     */
-    protected void setUp() throws Exception {
-    	// none
-    }
-
-    /**
-     * {@inheritDoc}
-     * @throws Exception
-     */
-    protected void tearDown() throws Exception {
-    	// none
-    }
-
-    /**
-	 * Suite.
-	 * 
-	 * @return the test
-	 */
-    public static Test suite() {
-        TestSuite suite = new TestSuite(EnterpriseSecurityExceptionTest.class);
-        return suite;
-    }
-
-    
-    /**
-	 * Test of update method, of class org.owasp.esapi.AccessReferenceMap.
-	 * 
-	 */
-    public void testExceptions() {
-        System.out.println("exceptions");
-        EnterpriseSecurityException e = null;
-        e = new EnterpriseSecurityException();
-        e = new EnterpriseSecurityException("m1","m2");
-        e = new EnterpriseSecurityException("m1","m2",new Throwable());
-        assertEquals( e.getUserMessage(), "m1" );
-        assertEquals( e.getLogMessage(), "m2" );
-        e = new AccessControlException();
-        e = new AccessControlException("m1","m2");
-        e = new AccessControlException("m1","m2",new Throwable());
-        e = new AuthenticationException();
-        e = new AuthenticationException("m1","m2");
-        e = new AuthenticationException("m1","m2",new Throwable());
-        e = new AvailabilityException();
-        e = new AvailabilityException("m1","m2");
-        e = new AvailabilityException("m1","m2",new Throwable());
-        e = new CertificateException();
-        e = new CertificateException("m1","m2");
-        e = new CertificateException("m1","m2",new Throwable());
-        e = new EncodingException();
-        e = new EncodingException("m1","m2");
-        e = new EncodingException("m1","m2",new Throwable());
-        e = new EncryptionException();
-        e = new EncryptionException("m1","m2");
-        e = new EncryptionException("m1","m2",new Throwable());
-        e = new ExecutorException();
-        e = new ExecutorException("m1","m2");
-        e = new ExecutorException("m1","m2",new Throwable());
-        e = new ValidationException();
-        e = new ValidationException("m1","m2");
-        e = new ValidationException("m1","m2",new Throwable());
-        e = new ValidationException("m1","m2","context");
-        e = new ValidationException("m1","m2",new Throwable(),"context");
-         
-        e = new IntegrityException();
-        e = new IntegrityException("m1","m2");
-        e = new IntegrityException("m1","m2",new Throwable());
-        e = new AuthenticationHostException();
-        e = new AuthenticationHostException("m1","m2");
-        e = new AuthenticationHostException("m1","m2",new Throwable());
-
-        e = new AuthenticationAccountsException();
-        e = new AuthenticationAccountsException("m1","m2");
-        e = new AuthenticationAccountsException("m1","m2",new Throwable());
-        e = new AuthenticationCredentialsException();
-        e = new AuthenticationCredentialsException("m1","m2");
-        e = new AuthenticationCredentialsException("m1","m2",new Throwable());
-        e = new AuthenticationLoginException();
-        e = new AuthenticationLoginException("m1","m2");
-        e = new AuthenticationLoginException("m1","m2",new Throwable());
-        e = new ValidationAvailabilityException();
-        e = new ValidationAvailabilityException("m1","m2");
-        e = new ValidationAvailabilityException("m1","m2",new Throwable());
-        e = new ValidationUploadException();
-        e = new ValidationUploadException("m1","m2");
-        e = new ValidationUploadException("m1","m2",new Throwable());
-
-        ValidationException ve = new ValidationException();
-        ve.setContext("test");
-        assertEquals( "test", ve.getContext() );
-
-        IntrusionException ex = new IntrusionException( "test", "test details");
-        ex = new IntrusionException("m1","m2");
-        ex = new IntrusionException("m1","m2", new Throwable());
-        assertEquals( ex.getUserMessage(), "m1" );
-        assertEquals( ex.getLogMessage(), "m2" );
-    }
-    
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.errors;
+
+import org.owasp.esapi.errors.AccessControlException;
+import org.owasp.esapi.errors.AuthenticationAccountsException;
+import org.owasp.esapi.errors.AuthenticationCredentialsException;
+import org.owasp.esapi.errors.AuthenticationException;
+import org.owasp.esapi.errors.AuthenticationHostException;
+import org.owasp.esapi.errors.AuthenticationLoginException;
+import org.owasp.esapi.errors.AvailabilityException;
+import org.owasp.esapi.errors.CertificateException;
+import org.owasp.esapi.errors.EncodingException;
+import org.owasp.esapi.errors.EncryptionException;
+import org.owasp.esapi.errors.EnterpriseSecurityException;
+import org.owasp.esapi.errors.ExecutorException;
+import org.owasp.esapi.errors.IntegrityException;
+import org.owasp.esapi.errors.IntrusionException;
+import org.owasp.esapi.errors.ValidationAvailabilityException;
+import org.owasp.esapi.errors.ValidationException;
+import org.owasp.esapi.errors.ValidationUploadException;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+/**
+ * The Class AccessReferenceMapTest.
+ * 
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class EnterpriseSecurityExceptionTest extends TestCase {
+    
+    /**
+	 * Instantiates a new access reference map test.
+	 * 
+	 * @param testName
+	 *            the test name
+	 */
+    public EnterpriseSecurityExceptionTest(String testName) {
+        super(testName);
+    }
+
+    /**
+     * {@inheritDoc}
+     * @throws Exception
+     */
+    protected void setUp() throws Exception {
+    	// none
+    }
+
+    /**
+     * {@inheritDoc}
+     * @throws Exception
+     */
+    protected void tearDown() throws Exception {
+    	// none
+    }
+
+    /**
+	 * Suite.
+	 * 
+	 * @return the test
+	 */
+    public static Test suite() {
+        TestSuite suite = new TestSuite(EnterpriseSecurityExceptionTest.class);
+        return suite;
+    }
+
+    
+    /**
+	 * Test of update method, of class org.owasp.esapi.AccessReferenceMap.
+	 * 
+	 */
+    public void testExceptions() {
+        System.out.println("exceptions");
+        EnterpriseSecurityException e = null;
+        e = new EnterpriseSecurityException();
+        e = new EnterpriseSecurityException("m1","m2");
+        e = new EnterpriseSecurityException("m1","m2",new Throwable());
+        assertEquals( e.getUserMessage(), "m1" );
+        assertEquals( e.getLogMessage(), "m2" );
+        e = new AccessControlException();
+        e = new AccessControlException("m1","m2");
+        e = new AccessControlException("m1","m2",new Throwable());
+        e = new AuthenticationException();
+        e = new AuthenticationException("m1","m2");
+        e = new AuthenticationException("m1","m2",new Throwable());
+        e = new AvailabilityException();
+        e = new AvailabilityException("m1","m2");
+        e = new AvailabilityException("m1","m2",new Throwable());
+        e = new CertificateException();
+        e = new CertificateException("m1","m2");
+        e = new CertificateException("m1","m2",new Throwable());
+        e = new EncodingException();
+        e = new EncodingException("m1","m2");
+        e = new EncodingException("m1","m2",new Throwable());
+        e = new EncryptionException();
+        e = new EncryptionException("m1","m2");
+        e = new EncryptionException("m1","m2",new Throwable());
+        e = new ExecutorException();
+        e = new ExecutorException("m1","m2");
+        e = new ExecutorException("m1","m2",new Throwable());
+        e = new ValidationException();
+        e = new ValidationException("m1","m2");
+        e = new ValidationException("m1","m2",new Throwable());
+        e = new ValidationException("m1","m2","context");
+        e = new ValidationException("m1","m2",new Throwable(),"context");
+         
+        e = new IntegrityException();
+        e = new IntegrityException("m1","m2");
+        e = new IntegrityException("m1","m2",new Throwable());
+        e = new AuthenticationHostException();
+        e = new AuthenticationHostException("m1","m2");
+        e = new AuthenticationHostException("m1","m2",new Throwable());
+
+        e = new AuthenticationAccountsException();
+        e = new AuthenticationAccountsException("m1","m2");
+        e = new AuthenticationAccountsException("m1","m2",new Throwable());
+        e = new AuthenticationCredentialsException();
+        e = new AuthenticationCredentialsException("m1","m2");
+        e = new AuthenticationCredentialsException("m1","m2",new Throwable());
+        e = new AuthenticationLoginException();
+        e = new AuthenticationLoginException("m1","m2");
+        e = new AuthenticationLoginException("m1","m2",new Throwable());
+        e = new ValidationAvailabilityException();
+        e = new ValidationAvailabilityException("m1","m2");
+        e = new ValidationAvailabilityException("m1","m2",new Throwable());
+        e = new ValidationUploadException();
+        e = new ValidationUploadException("m1","m2");
+        e = new ValidationUploadException("m1","m2",new Throwable());
+
+        ValidationException ve = new ValidationException();
+        ve.setContext("test");
+        assertEquals( "test", ve.getContext() );
+
+        IntrusionException ex = new IntrusionException( "test", "test details");
+        ex = new IntrusionException("m1","m2");
+        ex = new IntrusionException("m1","m2", new Throwable());
+        assertEquals( ex.getUserMessage(), "m1" );
+        assertEquals( ex.getLogMessage(), "m2" );
+    }
+    
+}

From 8f899cfc7137f1e294b549043aaaf11ed0e574db Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:51 -0500
Subject: [PATCH 220/812] Change CRLF to LF for issue 356.

---
 .../esapi/filters/ClickjackFilterTest.java    | 212 +++++++++---------
 1 file changed, 106 insertions(+), 106 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/filters/ClickjackFilterTest.java b/src/test/java/org/owasp/esapi/filters/ClickjackFilterTest.java
index a14b80149..272dafbd8 100644
--- a/src/test/java/org/owasp/esapi/filters/ClickjackFilterTest.java
+++ b/src/test/java/org/owasp/esapi/filters/ClickjackFilterTest.java
@@ -1,106 +1,106 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.filters;
-
-import java.net.URL;
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.servlet.FilterConfig;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-
-import org.owasp.esapi.http.MockFilterChain;
-import org.owasp.esapi.http.MockFilterConfig;
-import org.owasp.esapi.http.MockHttpServletRequest;
-import org.owasp.esapi.http.MockHttpServletResponse;
-
-/**
- * The Class ClickjackFilterTest.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class ClickjackFilterTest extends TestCase {
-    
-    /**
-	 * @param testName
-	 *            the test name
-	 */
-    public ClickjackFilterTest(String testName) {
-        super(testName);
-    }
-
-    /**
-     * {@inheritDoc}
-     * @throws Exception
-     */
-    protected void setUp() throws Exception {
-    	// none
-    }
-
-    /**
-     * {@inheritDoc}
-     * @throws Exception
-     */
-    protected void tearDown() throws Exception {
-    	// none
-    }
-
-    /**
-	 * Suite.
-	 * 
-	 * @return the test
-	 */
-    public static Test suite() {
-        TestSuite suite = new TestSuite(ClickjackFilterTest.class);
-        return suite;
-    }
-
-    
-    /**
-	 * Test of update method, of class org.owasp.esapi.AccessReferenceMap.
-     * @throws Exception
-     */
-    public void testFilter() throws Exception {
-        System.out.println("ClickjackFilter");
-
-        Map map = new HashMap();
-    	FilterConfig mfc = new MockFilterConfig( map );
-    	ClickjackFilter filter = new ClickjackFilter();        
-    	filter.init( mfc );
-   	    MockHttpServletRequest request = new MockHttpServletRequest();
-		
-		// the mock filter chain writes the requested URI to the response body
-		MockFilterChain chain = new MockFilterChain();
-
-        URL url = new URL( "http://www.example.com/index.jsp" );
-		System.out.println( "\nTest request: " + url );
-        request = new MockHttpServletRequest( url );
-    	MockHttpServletResponse response = new MockHttpServletResponse();
-    	try {
-        	filter.doFilter(request, response, chain);
-        } catch( Exception e ) {
-        	e.printStackTrace();
-        	fail();
-        }
-        String header = response.getHeader( "X-FRAME-OPTIONS");
-        System.out.println(">>>" + header );
-        assertEquals( "DENY", header );
-    }
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.filters;
+
+import java.net.URL;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.servlet.FilterConfig;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+import org.owasp.esapi.http.MockFilterChain;
+import org.owasp.esapi.http.MockFilterConfig;
+import org.owasp.esapi.http.MockHttpServletRequest;
+import org.owasp.esapi.http.MockHttpServletResponse;
+
+/**
+ * The Class ClickjackFilterTest.
+ * 
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class ClickjackFilterTest extends TestCase {
+    
+    /**
+	 * @param testName
+	 *            the test name
+	 */
+    public ClickjackFilterTest(String testName) {
+        super(testName);
+    }
+
+    /**
+     * {@inheritDoc}
+     * @throws Exception
+     */
+    protected void setUp() throws Exception {
+    	// none
+    }
+
+    /**
+     * {@inheritDoc}
+     * @throws Exception
+     */
+    protected void tearDown() throws Exception {
+    	// none
+    }
+
+    /**
+	 * Suite.
+	 * 
+	 * @return the test
+	 */
+    public static Test suite() {
+        TestSuite suite = new TestSuite(ClickjackFilterTest.class);
+        return suite;
+    }
+
+    
+    /**
+	 * Test of update method, of class org.owasp.esapi.AccessReferenceMap.
+     * @throws Exception
+     */
+    public void testFilter() throws Exception {
+        System.out.println("ClickjackFilter");
+
+        Map map = new HashMap();
+    	FilterConfig mfc = new MockFilterConfig( map );
+    	ClickjackFilter filter = new ClickjackFilter();        
+    	filter.init( mfc );
+   	    MockHttpServletRequest request = new MockHttpServletRequest();
+		
+		// the mock filter chain writes the requested URI to the response body
+		MockFilterChain chain = new MockFilterChain();
+
+        URL url = new URL( "http://www.example.com/index.jsp" );
+		System.out.println( "\nTest request: " + url );
+        request = new MockHttpServletRequest( url );
+    	MockHttpServletResponse response = new MockHttpServletResponse();
+    	try {
+        	filter.doFilter(request, response, chain);
+        } catch( Exception e ) {
+        	e.printStackTrace();
+        	fail();
+        }
+        String header = response.getHeader( "X-FRAME-OPTIONS");
+        System.out.println(">>>" + header );
+        assertEquals( "DENY", header );
+    }
+
+}

From 26eb6441f439fe36c339f969cfa3c6e4e30c0e85 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:51 -0500
Subject: [PATCH 221/812] Change CRLF to LF for issue 356.

---
 .../owasp/esapi/filters/SafeRequestTest.java  | 406 +++++++++---------
 1 file changed, 203 insertions(+), 203 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/filters/SafeRequestTest.java b/src/test/java/org/owasp/esapi/filters/SafeRequestTest.java
index 2864d6b38..e4d55950d 100644
--- a/src/test/java/org/owasp/esapi/filters/SafeRequestTest.java
+++ b/src/test/java/org/owasp/esapi/filters/SafeRequestTest.java
@@ -1,203 +1,203 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.filters;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-
-import org.owasp.esapi.http.MockHttpServletRequest;
-
-
-/**
- * The Class SafeRequestTest.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class SafeRequestTest extends TestCase {
-
-	/**
-	 * Instantiates a new access controller test.
-	 * 
-	 * @param testName
-	 *            the test name
-	 * @throws Exception
-	 */
-	public SafeRequestTest(String testName) throws Exception {
-		super(testName);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 *
-	 * @throws Exception
-	 */
-	protected void setUp() throws Exception {
-	}
-
-	/**
-	 * {@inheritDoc}
-	 *
-	 * @throws Exception
-	 */
-	protected void tearDown() throws Exception {
-		// none
-	}
-
-	/**
-	 * Suite.
-	 * 
-	 * @return the test
-	 */
-	public static Test suite() {
-		TestSuite suite = new TestSuite(SafeRequestTest.class);
-		return suite;
-	}
-
-	/**
-	 *
-	 */
-	public void testGetRequestParameters() {
-		System.out.println( "getRequestParameters");
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		request.addParameter( "one","1" );
-		request.addParameter( "two","2" );
-		request.addParameter( "one","3" );
-		request.addParameter( "one","4" );
-		SecurityWrapperRequest safeRequest = new SecurityWrapperRequest( request );
-		String[] params = safeRequest.getParameterValues("one");
-		String out = "";
-		for (int i = 0; i < params.length; i++ ) out += params[i];
-		assertEquals( "134", out );
-	}
-
-	public void testGetQueryStringNull()
-	{
-		MockHttpServletRequest req = new MockHttpServletRequest();
-		SecurityWrapperRequest wrappedReq;
-
-		req.setQueryString(null);
-		wrappedReq = new SecurityWrapperRequest(req);
-		assertNull(wrappedReq.getQueryString());
-	}
-
-	public void testGetQueryStringNonNull()
-	{
-		MockHttpServletRequest req = new MockHttpServletRequest();
-		SecurityWrapperRequest wrappedReq;
-
-		req.setQueryString("a=b");
-		wrappedReq = new SecurityWrapperRequest(req);
-		assertEquals("a=b",wrappedReq.getQueryString());
-	}
-
-	public void testGetQueryStringNUL()
-	{
-		MockHttpServletRequest req = new MockHttpServletRequest();
-		SecurityWrapperRequest wrappedReq;
-
-		req.setQueryString("a=\u0000");
-		wrappedReq = new SecurityWrapperRequest(req);
-		assertEquals("",wrappedReq.getQueryString());
-	}
-
-	public void testGetQueryStringPercent()
-	{
-		MockHttpServletRequest req = new MockHttpServletRequest();
-		SecurityWrapperRequest wrappedReq;
-
-		req.setQueryString("a=%62");
-		wrappedReq = new SecurityWrapperRequest(req);
-		assertEquals("a=b",wrappedReq.getQueryString());
-	}
-	
-	public void testGetQueryStringPercentNUL()
-	{
-		MockHttpServletRequest req = new MockHttpServletRequest();
-		SecurityWrapperRequest wrappedReq;
-
-		req.setQueryString("a=%00");
-		wrappedReq = new SecurityWrapperRequest(req);
-		assertEquals("",wrappedReq.getQueryString());
-	}
-
-	/* these tests need to be enabled&changed based on the decisions
-	 * made regarding issue 125. Currently they fail.
-	public void testGetQueryStringPercentEquals()
-	{
-		MockHttpServletRequest req = new MockHttpServletRequest();
-		SecurityWrapperRequest wrappedReq;
-
-		req.setQueryString("a=%3d");
-		wrappedReq = new SecurityWrapperRequest(req);
-		assertEquals("a=%3d",wrappedReq.getQueryString());
-	}
-
-	public void testGetQueryStringPercentAmpersand()
-	{
-		MockHttpServletRequest req = new MockHttpServletRequest();
-		SecurityWrapperRequest wrappedReq;
-
-		req.setQueryString("a=%26b");
-		wrappedReq = new SecurityWrapperRequest(req);
-		assertEquals("a=%26b",wrappedReq.getQueryString());
-	}
-	*/
-
-	// Test to ensure null-value contract defined by ServletRequest.getParameterNames(String) is met.
-	public void testGetParameterValuesReturnsNullWhenParameterDoesNotExistInRequest() {
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		request.clearParameters();
- 
-		final String paramName = "nonExistentParameter";
-		assertNull(request.getParameterValues(paramName));
-
-		SecurityWrapperRequest safeRequest = new SecurityWrapperRequest(request);
-		assertNull("Expecting null value to be returned for non-existent parameter.", safeRequest.getParameterValues(paramName));
-	}
-
-	public void testGetParameterValuesReturnsCorrectValueWhenParameterExistsInRequest() {
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		request.clearParameters();
-
-		final String paramName = "existentParameter";
-		final String paramValue = "foobar";
-		request.addParameter(paramName, paramValue);
-		assertTrue(request.getParameterValues(paramName)[0].equals(paramValue));
-
-		SecurityWrapperRequest safeRequest = new SecurityWrapperRequest(request);
-		final String actualParamValue = safeRequest.getParameterValues(paramName)[0];
-		assertEquals(paramValue, actualParamValue);
-	}
-
-	public void testGetParameterValuesReturnsCorrectValuesWhenParameterExistsMultipleTimesInRequest() {
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		request.clearParameters();
-
-		final String paramName = "existentParameter";
-		final String paramValue_0 = "foobar";
-		final String paramValue_1 = "barfoo";
-		request.addParameter(paramName, paramValue_0);
-		request.addParameter(paramName, paramValue_1);
-		assertTrue(request.getParameterValues(paramName)[0].equals(paramValue_0));
-		assertTrue(request.getParameterValues(paramName)[1].equals(paramValue_1));
-
-		SecurityWrapperRequest safeRequest = new SecurityWrapperRequest(request);
-		final String[] actualParamValues = safeRequest.getParameterValues(paramName);
-		assertEquals(paramValue_0, actualParamValues[0]);
-		assertEquals(paramValue_1, actualParamValues[1]);
-	}
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.filters;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+import org.owasp.esapi.http.MockHttpServletRequest;
+
+
+/**
+ * The Class SafeRequestTest.
+ * 
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class SafeRequestTest extends TestCase {
+
+	/**
+	 * Instantiates a new access controller test.
+	 * 
+	 * @param testName
+	 *            the test name
+	 * @throws Exception
+	 */
+	public SafeRequestTest(String testName) throws Exception {
+		super(testName);
+	}
+
+	/**
+	 * {@inheritDoc}
+	 *
+	 * @throws Exception
+	 */
+	protected void setUp() throws Exception {
+	}
+
+	/**
+	 * {@inheritDoc}
+	 *
+	 * @throws Exception
+	 */
+	protected void tearDown() throws Exception {
+		// none
+	}
+
+	/**
+	 * Suite.
+	 * 
+	 * @return the test
+	 */
+	public static Test suite() {
+		TestSuite suite = new TestSuite(SafeRequestTest.class);
+		return suite;
+	}
+
+	/**
+	 *
+	 */
+	public void testGetRequestParameters() {
+		System.out.println( "getRequestParameters");
+		MockHttpServletRequest request = new MockHttpServletRequest();
+		request.addParameter( "one","1" );
+		request.addParameter( "two","2" );
+		request.addParameter( "one","3" );
+		request.addParameter( "one","4" );
+		SecurityWrapperRequest safeRequest = new SecurityWrapperRequest( request );
+		String[] params = safeRequest.getParameterValues("one");
+		String out = "";
+		for (int i = 0; i < params.length; i++ ) out += params[i];
+		assertEquals( "134", out );
+	}
+
+	public void testGetQueryStringNull()
+	{
+		MockHttpServletRequest req = new MockHttpServletRequest();
+		SecurityWrapperRequest wrappedReq;
+
+		req.setQueryString(null);
+		wrappedReq = new SecurityWrapperRequest(req);
+		assertNull(wrappedReq.getQueryString());
+	}
+
+	public void testGetQueryStringNonNull()
+	{
+		MockHttpServletRequest req = new MockHttpServletRequest();
+		SecurityWrapperRequest wrappedReq;
+
+		req.setQueryString("a=b");
+		wrappedReq = new SecurityWrapperRequest(req);
+		assertEquals("a=b",wrappedReq.getQueryString());
+	}
+
+	public void testGetQueryStringNUL()
+	{
+		MockHttpServletRequest req = new MockHttpServletRequest();
+		SecurityWrapperRequest wrappedReq;
+
+		req.setQueryString("a=\u0000");
+		wrappedReq = new SecurityWrapperRequest(req);
+		assertEquals("",wrappedReq.getQueryString());
+	}
+
+	public void testGetQueryStringPercent()
+	{
+		MockHttpServletRequest req = new MockHttpServletRequest();
+		SecurityWrapperRequest wrappedReq;
+
+		req.setQueryString("a=%62");
+		wrappedReq = new SecurityWrapperRequest(req);
+		assertEquals("a=b",wrappedReq.getQueryString());
+	}
+	
+	public void testGetQueryStringPercentNUL()
+	{
+		MockHttpServletRequest req = new MockHttpServletRequest();
+		SecurityWrapperRequest wrappedReq;
+
+		req.setQueryString("a=%00");
+		wrappedReq = new SecurityWrapperRequest(req);
+		assertEquals("",wrappedReq.getQueryString());
+	}
+
+	/* these tests need to be enabled&changed based on the decisions
+	 * made regarding issue 125. Currently they fail.
+	public void testGetQueryStringPercentEquals()
+	{
+		MockHttpServletRequest req = new MockHttpServletRequest();
+		SecurityWrapperRequest wrappedReq;
+
+		req.setQueryString("a=%3d");
+		wrappedReq = new SecurityWrapperRequest(req);
+		assertEquals("a=%3d",wrappedReq.getQueryString());
+	}
+
+	public void testGetQueryStringPercentAmpersand()
+	{
+		MockHttpServletRequest req = new MockHttpServletRequest();
+		SecurityWrapperRequest wrappedReq;
+
+		req.setQueryString("a=%26b");
+		wrappedReq = new SecurityWrapperRequest(req);
+		assertEquals("a=%26b",wrappedReq.getQueryString());
+	}
+	*/
+
+	// Test to ensure null-value contract defined by ServletRequest.getParameterNames(String) is met.
+	public void testGetParameterValuesReturnsNullWhenParameterDoesNotExistInRequest() {
+		MockHttpServletRequest request = new MockHttpServletRequest();
+		request.clearParameters();
+ 
+		final String paramName = "nonExistentParameter";
+		assertNull(request.getParameterValues(paramName));
+
+		SecurityWrapperRequest safeRequest = new SecurityWrapperRequest(request);
+		assertNull("Expecting null value to be returned for non-existent parameter.", safeRequest.getParameterValues(paramName));
+	}
+
+	public void testGetParameterValuesReturnsCorrectValueWhenParameterExistsInRequest() {
+		MockHttpServletRequest request = new MockHttpServletRequest();
+		request.clearParameters();
+
+		final String paramName = "existentParameter";
+		final String paramValue = "foobar";
+		request.addParameter(paramName, paramValue);
+		assertTrue(request.getParameterValues(paramName)[0].equals(paramValue));
+
+		SecurityWrapperRequest safeRequest = new SecurityWrapperRequest(request);
+		final String actualParamValue = safeRequest.getParameterValues(paramName)[0];
+		assertEquals(paramValue, actualParamValue);
+	}
+
+	public void testGetParameterValuesReturnsCorrectValuesWhenParameterExistsMultipleTimesInRequest() {
+		MockHttpServletRequest request = new MockHttpServletRequest();
+		request.clearParameters();
+
+		final String paramName = "existentParameter";
+		final String paramValue_0 = "foobar";
+		final String paramValue_1 = "barfoo";
+		request.addParameter(paramName, paramValue_0);
+		request.addParameter(paramName, paramValue_1);
+		assertTrue(request.getParameterValues(paramName)[0].equals(paramValue_0));
+		assertTrue(request.getParameterValues(paramName)[1].equals(paramValue_1));
+
+		SecurityWrapperRequest safeRequest = new SecurityWrapperRequest(request);
+		final String[] actualParamValues = safeRequest.getParameterValues(paramName);
+		assertEquals(paramValue_0, actualParamValues[0]);
+		assertEquals(paramValue_1, actualParamValues[1]);
+	}
+}

From bf6874b86ced92ea2505723df5a2362cedea7ac5 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:51 -0500
Subject: [PATCH 222/812] Change CRLF to LF for issue 356.

---
 .../org/owasp/esapi/http/MockFilterChain.java | 92 +++++++++----------
 1 file changed, 46 insertions(+), 46 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/http/MockFilterChain.java b/src/test/java/org/owasp/esapi/http/MockFilterChain.java
index 7bd05cab0..06951efa5 100644
--- a/src/test/java/org/owasp/esapi/http/MockFilterChain.java
+++ b/src/test/java/org/owasp/esapi/http/MockFilterChain.java
@@ -1,46 +1,46 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.http;
-
-import java.io.IOException;
-
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-/**
- *
- * @author jwilliams
- */
-public class MockFilterChain implements FilterChain {
-    /**
-     *
-     * @param request
-     * @param response
-     * @throws java.io.IOException
-     * @throws javax.servlet.ServletException
-     */
-    public void doFilter( ServletRequest request, ServletResponse response ) throws IOException, ServletException {
-    	System.out.println( "CHAIN received " + request.getClass().getName() + " and is issuing " + response.getClass().getName() );
-       	response.getOutputStream().println( "   This is the body of a response for " +  ((HttpServletRequest)request).getRequestURI() );
-           	((HttpServletResponse)response).addCookie( new Cookie( "name", "value" ) );
-    }
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.http;
+
+import java.io.IOException;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ *
+ * @author jwilliams
+ */
+public class MockFilterChain implements FilterChain {
+    /**
+     *
+     * @param request
+     * @param response
+     * @throws java.io.IOException
+     * @throws javax.servlet.ServletException
+     */
+    public void doFilter( ServletRequest request, ServletResponse response ) throws IOException, ServletException {
+    	System.out.println( "CHAIN received " + request.getClass().getName() + " and is issuing " + response.getClass().getName() );
+       	response.getOutputStream().println( "   This is the body of a response for " +  ((HttpServletRequest)request).getRequestURI() );
+           	((HttpServletResponse)response).addCookie( new Cookie( "name", "value" ) );
+    }
+
+}

From f57e77a052c4840af581083b7d50dfa95eee395c Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:51 -0500
Subject: [PATCH 223/812] Change CRLF to LF for issue 356.

---
 .../owasp/esapi/http/MockFilterConfig.java    | 132 +++++++++---------
 1 file changed, 66 insertions(+), 66 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/http/MockFilterConfig.java b/src/test/java/org/owasp/esapi/http/MockFilterConfig.java
index 6d5a3bf0f..b7715a478 100644
--- a/src/test/java/org/owasp/esapi/http/MockFilterConfig.java
+++ b/src/test/java/org/owasp/esapi/http/MockFilterConfig.java
@@ -1,66 +1,66 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.http;
-
-import java.util.Collections;
-import java.util.Enumeration;
-import java.util.Map;
-
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletContext;
-
-/**
- * A filter configuration object used by a servlet container
- * to pass information to a filter during initialization.
- */
-public class MockFilterConfig implements FilterConfig {
-	private Map map;
-
-	public MockFilterConfig( Map map ) {
-		this.map = map;
-	}
-	
-    public String getFilterName() {
-    	return "mock";
-    }
-
-    /**
-     * Returns a reference to the {@link ServletContext} in which the caller
-     * is executing.
-     */
-    public ServletContext getServletContext() {
-    	return new MockServletContext();
-    }
-
-    /**
-     * Returns a <code>String</code> containing the value of the
-     * named initialization parameter, or <code>null</code> if
-     * the parameter does not exist.
-     */
-    public String getInitParameter(String name) {
-    	return (String)map.get( name );
-    }
-
-    /**
-     * Returns the names of the filter's initialization parameters
-     * as an <code>Enumeration</code> of <code>String</code> objects,
-     * or an empty <code>Enumeration</code> if the filter has
-     * no initialization parameters.
-     */
-    public Enumeration getInitParameterNames() {
-    	return Collections.enumeration( map.keySet() );
-    }
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.http;
+
+import java.util.Collections;
+import java.util.Enumeration;
+import java.util.Map;
+
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletContext;
+
+/**
+ * A filter configuration object used by a servlet container
+ * to pass information to a filter during initialization.
+ */
+public class MockFilterConfig implements FilterConfig {
+	private Map map;
+
+	public MockFilterConfig( Map map ) {
+		this.map = map;
+	}
+	
+    public String getFilterName() {
+    	return "mock";
+    }
+
+    /**
+     * Returns a reference to the {@link ServletContext} in which the caller
+     * is executing.
+     */
+    public ServletContext getServletContext() {
+    	return new MockServletContext();
+    }
+
+    /**
+     * Returns a <code>String</code> containing the value of the
+     * named initialization parameter, or <code>null</code> if
+     * the parameter does not exist.
+     */
+    public String getInitParameter(String name) {
+    	return (String)map.get( name );
+    }
+
+    /**
+     * Returns the names of the filter's initialization parameters
+     * as an <code>Enumeration</code> of <code>String</code> objects,
+     * or an empty <code>Enumeration</code> if the filter has
+     * no initialization parameters.
+     */
+    public Enumeration getInitParameterNames() {
+    	return Collections.enumeration( map.keySet() );
+    }
+}

From 5ffdbea1f7086170ee2bea8df6278d30d00ce2a0 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:51 -0500
Subject: [PATCH 224/812] Change CRLF to LF for issue 356.

---
 .../esapi/http/MockHttpServletRequest.java    | 1564 ++++++++---------
 1 file changed, 782 insertions(+), 782 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/http/MockHttpServletRequest.java b/src/test/java/org/owasp/esapi/http/MockHttpServletRequest.java
index 87cb92f96..4910499f4 100644
--- a/src/test/java/org/owasp/esapi/http/MockHttpServletRequest.java
+++ b/src/test/java/org/owasp/esapi/http/MockHttpServletRequest.java
@@ -1,782 +1,782 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.http;
-
-import java.io.BufferedReader;
-import java.io.IOException;
-import java.io.UnsupportedEncodingException;
-import java.net.URL;
-import java.security.Principal;
-import java.text.ParseException;
-import java.text.SimpleDateFormat;
-import java.util.Arrays;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.Date;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Locale;
-import java.util.Map;
-import java.util.Vector;
-
-import javax.servlet.RequestDispatcher;
-import javax.servlet.ServletInputStream;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
-
-/**
- * The Class MockHttpServletRequest.
- * 
- * @author jwilliams
- */
-public class MockHttpServletRequest implements HttpServletRequest
-{
-	private static final String HDR_CONTENT_TYPE = "Content-Type";
-	private static final String[] EMPTY_STRING_ARRAY = new String[0];
-
-	/** The requestDispatcher */
-	private RequestDispatcher requestDispatcher = new MockRequestDispatcher();
-
-	/** The session. */
-	private MockHttpSession session = null;
-
-	/** The cookies. */
-	private ArrayList cookies = new ArrayList();
-
-	/** The parameters. */
-	private Map<String,String[]> parameters = new HashMap<String,String[]>();
-
-	/** The headers. */
-	private Map<String,List<String>> headers = new HashMap<String,List<String>>();
-
-	private byte[] body;
-
-	private String scheme = "https";
-
-	private String remoteHost = "64.14.103.52";
-
-	private String serverHost = "64.14.103.52";
-
-	private String uri = "/test";
-
-	private String url = "https://www.example.com" + uri;
-
-	private String queryString = "pid=1&qid=test";
-
-	private String method = "POST";
-
-	private Map<String,Object> attrs = new HashMap<String,Object>();
-
-	/**
-	 *
-	 */
-	public MockHttpServletRequest() {
-	}
-
-	/**
-	 *
-	 * @param uri
-	 * @param body
-	 */
-	public MockHttpServletRequest(String uri, byte[] body) {
-		this.body = body;
-		this.uri = uri;
-	}
-
-	public MockHttpServletRequest( URL url ) {
-		scheme = url.getProtocol();
-		serverHost = url.getHost();
-		uri = url.getPath();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public String getAuthType() {
-		return null;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public String getContextPath() {
-		return null;
-	}
-
-	/**
-	 * Adds the parameter.
-	 * 
-	 * @param name the name
-	 * @param value the value
-	 */
-	public void addParameter(String name, String value) {
-		String[] old = parameters.get(name);
-		if ( old == null ) {
-			old = new String[0];
-		}
-		String[] updated = new String[old.length + 1];
-		for ( int i = 0; i < old.length; i++ ) updated[i] = old[i];
-		updated[old.length] = value;
-		parameters.put(name, updated);
-	}
-
-	/**
-	 * removeParameter removes the parameter name from the parameters map if it exists
-	 *  
-	 * @param name
-	 * 			parameter name to be removed
-	 */
-	public void removeParameter( String name ) {
-		parameters.remove( name );
-	}
-
-	/**
-	 * Adds the header.
-	 * 
-	 * @param name the name
-	 * @param value the value
-	 */
-	public void addHeader(String name, String value)
-	{
-		List<String> values;
-
-		if((values = headers.get(name))==null)
-		{
-			values = new ArrayList<String>();
-			headers.put(name, values);
-		}
-		values.add(value);
-	}
-
-	/**
-	 * Set a header replacing any previous value(s).
-	 * @param name the header name
-	 * @param value the header value
-	 */
-	public void setHeader(String name, String value)
-	{
-		List<String> values = new ArrayList<String>();
-
-		values.add(value);
-		headers.put(name,values);
-	}
-
-	/**
-	 * Sets the cookies.
-	 * 
-	 * @param list the new cookies
-	 */
-	public void setCookies(ArrayList list) {
-		cookies = list;
-	}
-
-	/**
-	 *
-	 * @param name
-	 * @param value
-	 */
-	public void setCookie(String name, String value ) {
-		Cookie c = new Cookie( name, value );
-		cookies.add( c );
-	}
-
-	public boolean clearCookie(String name) {
-		return cookies.remove(name);
-	}
-
-	/**
-	 * @return 
-	 *
-	 */
-	public void clearCookies() {
-		cookies.clear();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public Cookie[] getCookies() {
-		if ( cookies.isEmpty() ) return null;
-		return (Cookie[]) cookies.toArray(new Cookie[0]);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @param name 
-	 * @return
-	 */
-	public long getDateHeader(String name) {
-		try {
-			Date date = SimpleDateFormat.getDateTimeInstance().parse( getParameter( name ) );
-			return date.getTime(); // TODO needs to be HTTP format
-		} catch( ParseException e ) {
-			return 0;
-		}
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @param name 
-	 * @return
-	 */
-	public String getHeader(String name) {
-		List<String> values;
-
-		if((values = headers.get(name))==null)
-			return null;
-		if(values.size() == 0)
-			return null;
-		return values.get(0);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return Enumeration of header names as strings
-	 */
-	public Enumeration getHeaderNames()
-	{
-		return Collections.enumeration(headers.keySet());
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @param name
-	 * @return
-	 */
-	public Enumeration getHeaders(String name) {
-		Vector v = new Vector();
-		v.add( getHeader( name ) );
-		return v.elements();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @param name 
-	 * @return
-	 */
-	public int getIntHeader(String name) {
-
-		return 0;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public String getMethod() {
-		return method;
-	}
-
-	/**
-	 *
-	 * @param value
-	 */
-	public void setMethod( String value ) {
-		method = value;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public String getPathInfo() {
-
-		return null;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public String getPathTranslated() {
-
-		return null;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public String getQueryString() {
-		return queryString;
-	}
-
-	/**
-	 * Set the query string to return.
-	 * @param str The query string to return.
-	 */
-	public void setQueryString(String str)
-	{
-		this.queryString = str;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public String getRemoteUser() {
-
-		return null;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public String getRequestURI() {
-		return uri;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public StringBuffer getRequestURL() {
-		return new StringBuffer( getScheme() + "://" + this.getServerName() + getRequestURI() + "?" + getQueryString() );
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public String getRequestedSessionId() {
-
-		return null;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public String getServletPath() {
-
-		return null;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public HttpSession getSession() {
-		if (session != null) {
-			return getSession(false);
-		}
-		return getSession(true);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @param create 
-	 * @return
-	 */
-	public HttpSession getSession(boolean create) {
-		if (session == null && create) {
-			session = new MockHttpSession();
-		} else if (session != null && session.getInvalidated()) {
-			session = new MockHttpSession();
-		}
-		return session;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public Principal getUserPrincipal() {
-
-		return null;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public boolean isRequestedSessionIdFromCookie() {
-
-		return false;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public boolean isRequestedSessionIdFromURL() {
-
-		return false;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 * @deprecated
-	 */
-	@Deprecated
-	public boolean isRequestedSessionIdFromUrl() {
-
-		return false;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public boolean isRequestedSessionIdValid() {
-
-		return false;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @param role 
-	 * @return
-	 */
-	public boolean isUserInRole(String role) {
-
-		return false;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @param name
-	 * @return
-	 */
-	public Object getAttribute(String name) {
-		return attrs.get(name);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public Enumeration getAttributeNames() {
-		return Collections.enumeration(attrs.keySet());
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public String getCharacterEncoding() {
-
-		return null;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public int getContentLength() {
-		return body.length;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public String getContentType() {
-		return getHeader(HDR_CONTENT_TYPE);
-	}
-
-	/**
-	 *
-	 * @param value
-	 */
-	public void setContentType( String value ) {
-		setHeader(HDR_CONTENT_TYPE, value);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 * @throws IOException
-	 */
-	public ServletInputStream getInputStream() throws IOException {
-		return new MockServletInputStream(body);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public String getLocalAddr() {
-		return "10.1.43.6";
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public String getLocalName() {
-		return "www.domain.com";
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public int getLocalPort() {
-		return 80;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public Locale getLocale() {
-		return null;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public Enumeration getLocales() {
-		return null;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @param name
-	 * @return
-	 */
-	public String getParameter(String name) {
-		String[] values = parameters.get(name);
-		if ( values == null ) return null;
-		return values[0];
-	}
-
-	public void clearParameter(String name) {
-		parameters.remove( name );
-	}
-
-	public void clearParameters() {
-		parameters.clear();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public Map getParameterMap() {
-		return parameters;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public Enumeration getParameterNames() {
-		return Collections.enumeration(parameters.keySet());
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @param name
-	 * @return
-	 */
-	public String[] getParameterValues(String name) {
-		return parameters.get(name);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public String getProtocol() {
-		return "HTTP/1.1";
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return 
-	 * @throws IOException
-	 */
-	public BufferedReader getReader() throws IOException {
-
-		return null;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @param path
-	 * @return
-	 * @deprecated
-	 */
-	@Deprecated
-	public String getRealPath(String path) {
-
-		return null;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public String getRemoteAddr() {
-		return remoteHost;
-	}
-
-	public void setRemoteAddr(String remoteHost) {
-		this.remoteHost = remoteHost;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public String getRemoteHost() {
-		return remoteHost;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public int getRemotePort() {
-
-		return 0;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @param path
-	 * @return
-	 */
-	public RequestDispatcher getRequestDispatcher(String path) {
-		return requestDispatcher;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public String getScheme() {
-		return scheme;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public String getServerName() {
-		return serverHost;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public int getServerPort() {
-
-		return 80;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
-	public boolean isSecure() {
-		return scheme.equals( "https" );
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @param name
-	 */
-	public void removeAttribute(String name) {
-		attrs.remove(name);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @param name 
-	 * @param o
-	 */
-	public void setAttribute(String name, Object o) {
-		attrs.put(name,o);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * @param env
-	 * @throws UnsupportedEncodingException
-	 */
-	public void setCharacterEncoding(String env) throws UnsupportedEncodingException {
-
-	}
-
-	/**
-	 *
-	 * @param uri
-	 * @throws java.io.UnsupportedEncodingException
-	 */
-	public void setRequestURI(String uri) throws UnsupportedEncodingException {
-		this.uri = uri;
-	}
-
-	/**
-	 *
-	 * @param url
-	 * @throws java.io.UnsupportedEncodingException
-	 */
-	public void setRequestURL(String url) throws UnsupportedEncodingException {
-		// get the scheme
-		int p = url.indexOf( ":" );
-		this.scheme = url.substring( 0, p );
-
-		// get the queryString
-		int q = url.indexOf( "?" );
-		if ( q != -1 )
-		{
-			queryString = url.substring( q+1 );
-			url = url.substring( 0, q );
-		}
-		else
-			queryString = null;
-		this.url = url;
-	}
-
-	public void setScheme( String scheme ) {
-		this.scheme = scheme;
-	}
-
-	public void dump()
-	{
-		String[] names;
-
-		System.out.println();
-		System.out.println( "  " + this.getMethod() + " " + this.getRequestURL() );
-
-		names = headers.keySet().toArray(EMPTY_STRING_ARRAY);
-		Arrays.sort(names);	// make debugging a bit easier...
-		for (String name : names)
-			for(String value : headers.get(name))
-				System.out.println( "  " + name + ": " + value);
-		names = parameters.keySet().toArray(EMPTY_STRING_ARRAY);
-		Arrays.sort(names);
-		for (String name : names) {
-			for(String value : parameters.get(name))
-				System.out.println( "  " + name + "=" + value);
-		}
-		System.out.println( "\n" );
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.http;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.net.URL;
+import java.security.Principal;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.Arrays;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Date;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Locale;
+import java.util.Map;
+import java.util.Vector;
+
+import javax.servlet.RequestDispatcher;
+import javax.servlet.ServletInputStream;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+
+/**
+ * The Class MockHttpServletRequest.
+ * 
+ * @author jwilliams
+ */
+public class MockHttpServletRequest implements HttpServletRequest
+{
+	private static final String HDR_CONTENT_TYPE = "Content-Type";
+	private static final String[] EMPTY_STRING_ARRAY = new String[0];
+
+	/** The requestDispatcher */
+	private RequestDispatcher requestDispatcher = new MockRequestDispatcher();
+
+	/** The session. */
+	private MockHttpSession session = null;
+
+	/** The cookies. */
+	private ArrayList cookies = new ArrayList();
+
+	/** The parameters. */
+	private Map<String,String[]> parameters = new HashMap<String,String[]>();
+
+	/** The headers. */
+	private Map<String,List<String>> headers = new HashMap<String,List<String>>();
+
+	private byte[] body;
+
+	private String scheme = "https";
+
+	private String remoteHost = "64.14.103.52";
+
+	private String serverHost = "64.14.103.52";
+
+	private String uri = "/test";
+
+	private String url = "https://www.example.com" + uri;
+
+	private String queryString = "pid=1&qid=test";
+
+	private String method = "POST";
+
+	private Map<String,Object> attrs = new HashMap<String,Object>();
+
+	/**
+	 *
+	 */
+	public MockHttpServletRequest() {
+	}
+
+	/**
+	 *
+	 * @param uri
+	 * @param body
+	 */
+	public MockHttpServletRequest(String uri, byte[] body) {
+		this.body = body;
+		this.uri = uri;
+	}
+
+	public MockHttpServletRequest( URL url ) {
+		scheme = url.getProtocol();
+		serverHost = url.getHost();
+		uri = url.getPath();
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @return
+	 */
+	public String getAuthType() {
+		return null;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @return
+	 */
+	public String getContextPath() {
+		return null;
+	}
+
+	/**
+	 * Adds the parameter.
+	 * 
+	 * @param name the name
+	 * @param value the value
+	 */
+	public void addParameter(String name, String value) {
+		String[] old = parameters.get(name);
+		if ( old == null ) {
+			old = new String[0];
+		}
+		String[] updated = new String[old.length + 1];
+		for ( int i = 0; i < old.length; i++ ) updated[i] = old[i];
+		updated[old.length] = value;
+		parameters.put(name, updated);
+	}
+
+	/**
+	 * removeParameter removes the parameter name from the parameters map if it exists
+	 *  
+	 * @param name
+	 * 			parameter name to be removed
+	 */
+	public void removeParameter( String name ) {
+		parameters.remove( name );
+	}
+
+	/**
+	 * Adds the header.
+	 * 
+	 * @param name the name
+	 * @param value the value
+	 */
+	public void addHeader(String name, String value)
+	{
+		List<String> values;
+
+		if((values = headers.get(name))==null)
+		{
+			values = new ArrayList<String>();
+			headers.put(name, values);
+		}
+		values.add(value);
+	}
+
+	/**
+	 * Set a header replacing any previous value(s).
+	 * @param name the header name
+	 * @param value the header value
+	 */
+	public void setHeader(String name, String value)
+	{
+		List<String> values = new ArrayList<String>();
+
+		values.add(value);
+		headers.put(name,values);
+	}
+
+	/**
+	 * Sets the cookies.
+	 * 
+	 * @param list the new cookies
+	 */
+	public void setCookies(ArrayList list) {
+		cookies = list;
+	}
+
+	/**
+	 *
+	 * @param name
+	 * @param value
+	 */
+	public void setCookie(String name, String value ) {
+		Cookie c = new Cookie( name, value );
+		cookies.add( c );
+	}
+
+	public boolean clearCookie(String name) {
+		return cookies.remove(name);
+	}
+
+	/**
+	 * @return 
+	 *
+	 */
+	public void clearCookies() {
+		cookies.clear();
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @return
+	 */
+	public Cookie[] getCookies() {
+		if ( cookies.isEmpty() ) return null;
+		return (Cookie[]) cookies.toArray(new Cookie[0]);
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @param name 
+	 * @return
+	 */
+	public long getDateHeader(String name) {
+		try {
+			Date date = SimpleDateFormat.getDateTimeInstance().parse( getParameter( name ) );
+			return date.getTime(); // TODO needs to be HTTP format
+		} catch( ParseException e ) {
+			return 0;
+		}
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @param name 
+	 * @return
+	 */
+	public String getHeader(String name) {
+		List<String> values;
+
+		if((values = headers.get(name))==null)
+			return null;
+		if(values.size() == 0)
+			return null;
+		return values.get(0);
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @return Enumeration of header names as strings
+	 */
+	public Enumeration getHeaderNames()
+	{
+		return Collections.enumeration(headers.keySet());
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @param name
+	 * @return
+	 */
+	public Enumeration getHeaders(String name) {
+		Vector v = new Vector();
+		v.add( getHeader( name ) );
+		return v.elements();
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @param name 
+	 * @return
+	 */
+	public int getIntHeader(String name) {
+
+		return 0;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @return
+	 */
+	public String getMethod() {
+		return method;
+	}
+
+	/**
+	 *
+	 * @param value
+	 */
+	public void setMethod( String value ) {
+		method = value;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @return
+	 */
+	public String getPathInfo() {
+
+		return null;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @return
+	 */
+	public String getPathTranslated() {
+
+		return null;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @return
+	 */
+	public String getQueryString() {
+		return queryString;
+	}
+
+	/**
+	 * Set the query string to return.
+	 * @param str The query string to return.
+	 */
+	public void setQueryString(String str)
+	{
+		this.queryString = str;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @return
+	 */
+	public String getRemoteUser() {
+
+		return null;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @return
+	 */
+	public String getRequestURI() {
+		return uri;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @return
+	 */
+	public StringBuffer getRequestURL() {
+		return new StringBuffer( getScheme() + "://" + this.getServerName() + getRequestURI() + "?" + getQueryString() );
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @return
+	 */
+	public String getRequestedSessionId() {
+
+		return null;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @return
+	 */
+	public String getServletPath() {
+
+		return null;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @return
+	 */
+	public HttpSession getSession() {
+		if (session != null) {
+			return getSession(false);
+		}
+		return getSession(true);
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @param create 
+	 * @return
+	 */
+	public HttpSession getSession(boolean create) {
+		if (session == null && create) {
+			session = new MockHttpSession();
+		} else if (session != null && session.getInvalidated()) {
+			session = new MockHttpSession();
+		}
+		return session;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @return
+	 */
+	public Principal getUserPrincipal() {
+
+		return null;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @return
+	 */
+	public boolean isRequestedSessionIdFromCookie() {
+
+		return false;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @return
+	 */
+	public boolean isRequestedSessionIdFromURL() {
+
+		return false;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @return
+	 * @deprecated
+	 */
+	@Deprecated
+	public boolean isRequestedSessionIdFromUrl() {
+
+		return false;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @return
+	 */
+	public boolean isRequestedSessionIdValid() {
+
+		return false;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @param role 
+	 * @return
+	 */
+	public boolean isUserInRole(String role) {
+
+		return false;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @param name
+	 * @return
+	 */
+	public Object getAttribute(String name) {
+		return attrs.get(name);
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @return
+	 */
+	public Enumeration getAttributeNames() {
+		return Collections.enumeration(attrs.keySet());
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @return
+	 */
+	public String getCharacterEncoding() {
+
+		return null;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @return
+	 */
+	public int getContentLength() {
+		return body.length;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @return
+	 */
+	public String getContentType() {
+		return getHeader(HDR_CONTENT_TYPE);
+	}
+
+	/**
+	 *
+	 * @param value
+	 */
+	public void setContentType( String value ) {
+		setHeader(HDR_CONTENT_TYPE, value);
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @return
+	 * @throws IOException
+	 */
+	public ServletInputStream getInputStream() throws IOException {
+		return new MockServletInputStream(body);
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @return
+	 */
+	public String getLocalAddr() {
+		return "10.1.43.6";
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @return
+	 */
+	public String getLocalName() {
+		return "www.domain.com";
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @return
+	 */
+	public int getLocalPort() {
+		return 80;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @return
+	 */
+	public Locale getLocale() {
+		return null;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @return
+	 */
+	public Enumeration getLocales() {
+		return null;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @param name
+	 * @return
+	 */
+	public String getParameter(String name) {
+		String[] values = parameters.get(name);
+		if ( values == null ) return null;
+		return values[0];
+	}
+
+	public void clearParameter(String name) {
+		parameters.remove( name );
+	}
+
+	public void clearParameters() {
+		parameters.clear();
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @return
+	 */
+	public Map getParameterMap() {
+		return parameters;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @return
+	 */
+	public Enumeration getParameterNames() {
+		return Collections.enumeration(parameters.keySet());
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @param name
+	 * @return
+	 */
+	public String[] getParameterValues(String name) {
+		return parameters.get(name);
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @return
+	 */
+	public String getProtocol() {
+		return "HTTP/1.1";
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @return 
+	 * @throws IOException
+	 */
+	public BufferedReader getReader() throws IOException {
+
+		return null;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @param path
+	 * @return
+	 * @deprecated
+	 */
+	@Deprecated
+	public String getRealPath(String path) {
+
+		return null;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @return
+	 */
+	public String getRemoteAddr() {
+		return remoteHost;
+	}
+
+	public void setRemoteAddr(String remoteHost) {
+		this.remoteHost = remoteHost;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @return
+	 */
+	public String getRemoteHost() {
+		return remoteHost;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @return
+	 */
+	public int getRemotePort() {
+
+		return 0;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @param path
+	 * @return
+	 */
+	public RequestDispatcher getRequestDispatcher(String path) {
+		return requestDispatcher;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @return
+	 */
+	public String getScheme() {
+		return scheme;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @return
+	 */
+	public String getServerName() {
+		return serverHost;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @return
+	 */
+	public int getServerPort() {
+
+		return 80;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @return
+	 */
+	public boolean isSecure() {
+		return scheme.equals( "https" );
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @param name
+	 */
+	public void removeAttribute(String name) {
+		attrs.remove(name);
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @param name 
+	 * @param o
+	 */
+	public void setAttribute(String name, Object o) {
+		attrs.put(name,o);
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * @param env
+	 * @throws UnsupportedEncodingException
+	 */
+	public void setCharacterEncoding(String env) throws UnsupportedEncodingException {
+
+	}
+
+	/**
+	 *
+	 * @param uri
+	 * @throws java.io.UnsupportedEncodingException
+	 */
+	public void setRequestURI(String uri) throws UnsupportedEncodingException {
+		this.uri = uri;
+	}
+
+	/**
+	 *
+	 * @param url
+	 * @throws java.io.UnsupportedEncodingException
+	 */
+	public void setRequestURL(String url) throws UnsupportedEncodingException {
+		// get the scheme
+		int p = url.indexOf( ":" );
+		this.scheme = url.substring( 0, p );
+
+		// get the queryString
+		int q = url.indexOf( "?" );
+		if ( q != -1 )
+		{
+			queryString = url.substring( q+1 );
+			url = url.substring( 0, q );
+		}
+		else
+			queryString = null;
+		this.url = url;
+	}
+
+	public void setScheme( String scheme ) {
+		this.scheme = scheme;
+	}
+
+	public void dump()
+	{
+		String[] names;
+
+		System.out.println();
+		System.out.println( "  " + this.getMethod() + " " + this.getRequestURL() );
+
+		names = headers.keySet().toArray(EMPTY_STRING_ARRAY);
+		Arrays.sort(names);	// make debugging a bit easier...
+		for (String name : names)
+			for(String value : headers.get(name))
+				System.out.println( "  " + name + ": " + value);
+		names = parameters.keySet().toArray(EMPTY_STRING_ARRAY);
+		Arrays.sort(names);
+		for (String name : names) {
+			for(String value : parameters.get(name))
+				System.out.println( "  " + name + "=" + value);
+		}
+		System.out.println( "\n" );
+	}
+
+}

From 2674f41782ade54a5b9b61e30e3b31e4a39980eb Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:51 -0500
Subject: [PATCH 225/812] Change CRLF to LF for issue 356.

---
 .../esapi/http/MockHttpServletResponse.java   | 926 +++++++++---------
 1 file changed, 463 insertions(+), 463 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/http/MockHttpServletResponse.java b/src/test/java/org/owasp/esapi/http/MockHttpServletResponse.java
index 43b4a7e7d..d45e3aa0b 100644
--- a/src/test/java/org/owasp/esapi/http/MockHttpServletResponse.java
+++ b/src/test/java/org/owasp/esapi/http/MockHttpServletResponse.java
@@ -1,463 +1,463 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.http;
-
-import java.io.IOException;
-import java.io.PrintWriter;
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Locale;
-
-import javax.servlet.ServletOutputStream;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletResponse;
-
-import org.owasp.esapi.ESAPI;
-
-/**
- * The Class MockHttpServletResponse.
- * 
- * @author jwilliams
- */
-public class MockHttpServletResponse implements HttpServletResponse {
-
-	/** The cookies. */
-	List cookies = new ArrayList();
-
-	/** The header names. */
-	List headerNames = new ArrayList();
-
-	/** The header values. */
-	List headerValues = new ArrayList();
-
-	/** The status. */
-	int status = 200;
-
-	StringBuffer body = new StringBuffer();
-
-	String contentType = "text/html; charset=ISO-8895-1";
-
-	public String getBody() {
-		return body.toString();
-	}
-	
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @param cookie
-	 */
-	public void addCookie(Cookie cookie) {
-		cookies.add(cookie);
-	}
-
-	/**
-	 * Gets the cookies.
-	 * 
-	 * @return the cookies
-	 */
-	public List getCookies() {
-		return cookies;
-	}
-
-	/**
-	 * 
-	 * @param name
-	 * @return
-	 */
-	public Cookie getCookie(String name) {
-		Iterator i = cookies.iterator();
-		while (i.hasNext()) {
-			Cookie c = (Cookie) i.next();
-			if (c.getName().equals(name)) {
-				return c;
-			}
-		}
-		return null;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @param name
-	 * @param date
-	 */
-	public void addDateHeader(String name, long date) {
-		headerNames.add(name);
-		headerValues.add("" + date);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @param name
-	 * @param value
-	 */
-	public void addHeader(String name, String value) {
-		headerNames.add(name);
-		headerValues.add(value);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @param name
-	 * @param value
-	 */
-	public void addIntHeader(String name, int value) {
-		headerNames.add(name);
-		headerValues.add("" + value);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @param name
-	 * @return
-	 */
-	public boolean containsHeader(String name) {
-		return headerNames.contains(name);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	/**
-	 * Gets the header.
-	 * 
-	 * @param name
-	 *            the name
-	 * 
-	 * @return the header
-	 */
-	public String getHeader(String name) {
-		int index = headerNames.indexOf(name);
-		if (index != -1) {
-			return (String) headerValues.get(index);
-		}
-		return null;
-	}
-
-	/**
-	 * Gets the header names.
-	 * 
-	 * @return the header names
-	 */
-	public List getHeaderNames() {
-		return headerNames;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @param url
-	 * @return
-	 */
-	public String encodeRedirectURL(String url) {
-		return null;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @param url
-	 * @return
-	 * @deprecated
-	 */
-	@Deprecated
-	public String encodeRedirectUrl(String url) {
-		return null;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @param url
-	 * @return
-	 */
-	public String encodeURL(String url) {
-		String enc = url;
-		try { enc = ESAPI.encoder().encodeForURL(url);
-		} catch( Exception e ) {}
-		return enc;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @param url
-	 * @return
-	 * @deprecated
-	 */
-	@Deprecated
-	public String encodeUrl(String url) {
-		return encodeURL( url );
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @param sc
-	 * @throws IOException
-	 */
-	public void sendError(int sc) throws IOException {
-		status = sc;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @param sc
-	 * @param msg
-	 * @throws IOException
-	 */
-	public void sendError(int sc, String msg) throws IOException {
-		status = sc;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @param location
-	 * @throws IOException
-	 */
-	public void sendRedirect(String location) throws IOException {
-		status = HttpServletResponse.SC_MOVED_PERMANENTLY;
-		body = new StringBuffer( "Redirect to " + location );
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @param name
-	 * @param date
-	 */
-	public void setDateHeader(String name, long date) {
-		headerNames.add(name);
-		headerValues.add("" + date);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @param name
-	 * @param value
-	 */
-	public void setHeader(String name, String value) {
-		headerNames.add(name);
-		headerValues.add(value);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @param name
-	 * @param value
-	 */
-	public void setIntHeader(String name, int value) {
-		headerNames.add(name);
-		headerValues.add("" + value);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @param sc
-	 */
-	public void setStatus(int sc) {
-		status = sc;
-	}
-
-	/**
-	 * Gets the status.
-	 * 
-	 * @return the status
-	 */
-	public int getStatus() {
-		return status;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @param sc
-	 * @param sm
-	 * @deprecated
-	 */
-	@Deprecated
-	public void setStatus(int sc, String sm) {
-		status = sc;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @throws IOException
-	 */
-	public void flushBuffer() throws IOException {
-
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @return
-	 */
-	public int getBufferSize() {
-		return body.length();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @return
-	 */
-	public String getCharacterEncoding() {
-		return "UTF-8";
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @return
-	 */
-	public String getContentType() {
-		return contentType;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @return
-	 */
-	public Locale getLocale() {
-
-		return null;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @return
-	 * @throws IOException
-	 */
-	public ServletOutputStream getOutputStream() throws IOException {
-		return new ServletOutputStream() {
-			public void write(int b) throws IOException {
-				body.append((char)b);
-			}
-		};
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @return
-	 * @throws IOException
-	 */
-	public PrintWriter getWriter() throws IOException {
-		return new PrintWriter( getOutputStream(), true );
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @return
-	 */
-	public boolean isCommitted() {
-
-		return false;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void reset() {
-		body = new StringBuffer();
-		cookies = new ArrayList();
-		headerNames = new ArrayList();
-		headerValues = new ArrayList();
-		status = 200;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void resetBuffer() {
-		body = new StringBuffer();
-	}
-
-	public void setBody( String value ) {
-		body = new StringBuffer( value );
-	}
-	
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @param size
-	 */
-	public void setBufferSize(int size) {
-
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @param charset
-	 */
-	public void setCharacterEncoding(String charset) {
-
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @param len
-	 */
-	public void setContentLength(int len) {
-
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @param type
-	 */
-	public void setContentType(String type) {
-		contentType = type;
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @param loc
-	 */
-	public void setLocale(Locale loc) {
-
-	}
-
-	/*
-	 * Dump the response in a semi-readable format close to a real HTTP response on the wire
-	 */
-	public void dump() {
-        System.out.println();
-		System.out.println( "  " + this.getStatus() + " " );
-        for ( Object name : getHeaderNames() ) System.out.println( "  " + name + "=" + getHeader( (String)name ) );
-        System.out.println( "  BODY: " + this.getBody() );
-        System.out.println();
-	}
-	
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.http;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Locale;
+
+import javax.servlet.ServletOutputStream;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletResponse;
+
+import org.owasp.esapi.ESAPI;
+
+/**
+ * The Class MockHttpServletResponse.
+ * 
+ * @author jwilliams
+ */
+public class MockHttpServletResponse implements HttpServletResponse {
+
+	/** The cookies. */
+	List cookies = new ArrayList();
+
+	/** The header names. */
+	List headerNames = new ArrayList();
+
+	/** The header values. */
+	List headerValues = new ArrayList();
+
+	/** The status. */
+	int status = 200;
+
+	StringBuffer body = new StringBuffer();
+
+	String contentType = "text/html; charset=ISO-8895-1";
+
+	public String getBody() {
+		return body.toString();
+	}
+	
+	/**
+	 * {@inheritDoc}
+	 * 
+	 * @param cookie
+	 */
+	public void addCookie(Cookie cookie) {
+		cookies.add(cookie);
+	}
+
+	/**
+	 * Gets the cookies.
+	 * 
+	 * @return the cookies
+	 */
+	public List getCookies() {
+		return cookies;
+	}
+
+	/**
+	 * 
+	 * @param name
+	 * @return
+	 */
+	public Cookie getCookie(String name) {
+		Iterator i = cookies.iterator();
+		while (i.hasNext()) {
+			Cookie c = (Cookie) i.next();
+			if (c.getName().equals(name)) {
+				return c;
+			}
+		}
+		return null;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * 
+	 * @param name
+	 * @param date
+	 */
+	public void addDateHeader(String name, long date) {
+		headerNames.add(name);
+		headerValues.add("" + date);
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * 
+	 * @param name
+	 * @param value
+	 */
+	public void addHeader(String name, String value) {
+		headerNames.add(name);
+		headerValues.add(value);
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * 
+	 * @param name
+	 * @param value
+	 */
+	public void addIntHeader(String name, int value) {
+		headerNames.add(name);
+		headerValues.add("" + value);
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * 
+	 * @param name
+	 * @return
+	 */
+	public boolean containsHeader(String name) {
+		return headerNames.contains(name);
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	/**
+	 * Gets the header.
+	 * 
+	 * @param name
+	 *            the name
+	 * 
+	 * @return the header
+	 */
+	public String getHeader(String name) {
+		int index = headerNames.indexOf(name);
+		if (index != -1) {
+			return (String) headerValues.get(index);
+		}
+		return null;
+	}
+
+	/**
+	 * Gets the header names.
+	 * 
+	 * @return the header names
+	 */
+	public List getHeaderNames() {
+		return headerNames;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * 
+	 * @param url
+	 * @return
+	 */
+	public String encodeRedirectURL(String url) {
+		return null;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * 
+	 * @param url
+	 * @return
+	 * @deprecated
+	 */
+	@Deprecated
+	public String encodeRedirectUrl(String url) {
+		return null;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * 
+	 * @param url
+	 * @return
+	 */
+	public String encodeURL(String url) {
+		String enc = url;
+		try { enc = ESAPI.encoder().encodeForURL(url);
+		} catch( Exception e ) {}
+		return enc;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * 
+	 * @param url
+	 * @return
+	 * @deprecated
+	 */
+	@Deprecated
+	public String encodeUrl(String url) {
+		return encodeURL( url );
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * 
+	 * @param sc
+	 * @throws IOException
+	 */
+	public void sendError(int sc) throws IOException {
+		status = sc;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * 
+	 * @param sc
+	 * @param msg
+	 * @throws IOException
+	 */
+	public void sendError(int sc, String msg) throws IOException {
+		status = sc;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * 
+	 * @param location
+	 * @throws IOException
+	 */
+	public void sendRedirect(String location) throws IOException {
+		status = HttpServletResponse.SC_MOVED_PERMANENTLY;
+		body = new StringBuffer( "Redirect to " + location );
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * 
+	 * @param name
+	 * @param date
+	 */
+	public void setDateHeader(String name, long date) {
+		headerNames.add(name);
+		headerValues.add("" + date);
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * 
+	 * @param name
+	 * @param value
+	 */
+	public void setHeader(String name, String value) {
+		headerNames.add(name);
+		headerValues.add(value);
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * 
+	 * @param name
+	 * @param value
+	 */
+	public void setIntHeader(String name, int value) {
+		headerNames.add(name);
+		headerValues.add("" + value);
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * 
+	 * @param sc
+	 */
+	public void setStatus(int sc) {
+		status = sc;
+	}
+
+	/**
+	 * Gets the status.
+	 * 
+	 * @return the status
+	 */
+	public int getStatus() {
+		return status;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * 
+	 * @param sc
+	 * @param sm
+	 * @deprecated
+	 */
+	@Deprecated
+	public void setStatus(int sc, String sm) {
+		status = sc;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * 
+	 * @throws IOException
+	 */
+	public void flushBuffer() throws IOException {
+
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * 
+	 * @return
+	 */
+	public int getBufferSize() {
+		return body.length();
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * 
+	 * @return
+	 */
+	public String getCharacterEncoding() {
+		return "UTF-8";
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * 
+	 * @return
+	 */
+	public String getContentType() {
+		return contentType;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * 
+	 * @return
+	 */
+	public Locale getLocale() {
+
+		return null;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * 
+	 * @return
+	 * @throws IOException
+	 */
+	public ServletOutputStream getOutputStream() throws IOException {
+		return new ServletOutputStream() {
+			public void write(int b) throws IOException {
+				body.append((char)b);
+			}
+		};
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * 
+	 * @return
+	 * @throws IOException
+	 */
+	public PrintWriter getWriter() throws IOException {
+		return new PrintWriter( getOutputStream(), true );
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * 
+	 * @return
+	 */
+	public boolean isCommitted() {
+
+		return false;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public void reset() {
+		body = new StringBuffer();
+		cookies = new ArrayList();
+		headerNames = new ArrayList();
+		headerValues = new ArrayList();
+		status = 200;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public void resetBuffer() {
+		body = new StringBuffer();
+	}
+
+	public void setBody( String value ) {
+		body = new StringBuffer( value );
+	}
+	
+	/**
+	 * {@inheritDoc}
+	 * 
+	 * @param size
+	 */
+	public void setBufferSize(int size) {
+
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * 
+	 * @param charset
+	 */
+	public void setCharacterEncoding(String charset) {
+
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * 
+	 * @param len
+	 */
+	public void setContentLength(int len) {
+
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * 
+	 * @param type
+	 */
+	public void setContentType(String type) {
+		contentType = type;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 * 
+	 * @param loc
+	 */
+	public void setLocale(Locale loc) {
+
+	}
+
+	/*
+	 * Dump the response in a semi-readable format close to a real HTTP response on the wire
+	 */
+	public void dump() {
+        System.out.println();
+		System.out.println( "  " + this.getStatus() + " " );
+        for ( Object name : getHeaderNames() ) System.out.println( "  " + name + "=" + getHeader( (String)name ) );
+        System.out.println( "  BODY: " + this.getBody() );
+        System.out.println();
+	}
+	
+}

From b836919cab41d8d66aee10b1cd5bc7d3d2bf7de2 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:51 -0500
Subject: [PATCH 226/812] Change CRLF to LF for issue 356.

---
 .../org/owasp/esapi/http/MockHttpSession.java | 534 +++++++++---------
 1 file changed, 267 insertions(+), 267 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/http/MockHttpSession.java b/src/test/java/org/owasp/esapi/http/MockHttpSession.java
index baaccf295..9ae25ced6 100644
--- a/src/test/java/org/owasp/esapi/http/MockHttpSession.java
+++ b/src/test/java/org/owasp/esapi/http/MockHttpSession.java
@@ -1,267 +1,267 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.http;
-
-import java.util.Date;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Vector;
-
-import javax.servlet.ServletContext;
-import javax.servlet.http.HttpSession;
-
-/**
- * The Class MockHttpSession.
- * 
- * @author jwilliams
- */
-public class MockHttpSession implements HttpSession {
-
-	/** The invalidated. */
-	boolean invalidated = false;
-	
-	/** The creation time. */
-	private long creationTime=new Date().getTime();
-	
-	/** The accessed time. */
-	private long accessedTime=new Date().getTime();
-	
-	/** The count. */
-	private static int count = 1;
-	
-	/** The sessionid. */
-	private int sessionid=count++;
-	
-	/** The attributes. */
-	private Map attributes = new HashMap();
-	
-	/**
-	 * Instantiates a new test http session.
-	 */
-	public MockHttpSession() {
-		// to replace synthetic accessor method
-	}
-	
-	/**
-	 * Instantiates a new test http session.
-	 * 
-	 * @param creationTime
-	 *            the creation time
-	 * @param accessedTime
-	 *            the accessed time
-	 */
-	public MockHttpSession( long creationTime, long accessedTime ) {
-		this.creationTime = creationTime;
-		this.accessedTime = accessedTime;
-	}
-
-    /**
-     * {@inheritDoc}
-     *
-     * @param string
-     * @return
-     */
-	public Object getAttribute(String string) {
-		return attributes.get( string );
-	}
-
-    /**
-     * {@inheritDoc}
-     * 
-     * @return
-     */
-	public Enumeration getAttributeNames() {
-		Vector v = new Vector( attributes.keySet() );
-		return v.elements();
-	}
-
-    /**
-     * {@inheritDoc}
-     *
-     * @return
-     */
-	public long getCreationTime() {
-		return creationTime;
-	}
-
-    /**
-     * {@inheritDoc}
-     *
-     * @return
-     */
-	public String getId() {
-		return ""+sessionid;
-	}
-
-	/**
-	 * Gets the invalidated.
-	 * 
-	 * @return the invalidated
-	 */
-	public boolean getInvalidated() {
-		return invalidated;
-	}
-
-    /**
-     * {@inheritDoc}
-     *
-     * @return
-     */
-	public long getLastAccessedTime() {
-		return accessedTime;
-	}
-
-    /**
-     * {@inheritDoc}
-     *
-     * @return
-     */
-	public int getMaxInactiveInterval() {
-		return 0;
-	}
-
-    /**
-     * {@inheritDoc}
-     *
-     * @return
-     */
-	public ServletContext getServletContext() {
-		return null;
-	}
-
-    /**
-     * {@inheritDoc}
-     *
-     * @return null
-     * @deprecated
-     */
-        @Deprecated
-	// need the full class here as for whatever stupid reason you can't
-	// seem to @SuppressWarnings{'deprecation'} on the import... *sigh*
-	public javax.servlet.http.HttpSessionContext getSessionContext() {
-		return null;
-	}
-
-    /**
-     * {@inheritDoc}
-     *
-     * @param string
-     * @return
-     * @deprecated
-     */
-     	@Deprecated
-	public Object getValue(String string) {
-		return null;
-	}
-
-    /**
-     * {@inheritDoc}
-     *
-     * @return
-     * @deprecated
-     */
-     	@Deprecated
-	public String[] getValueNames() {
-		return null;
-	}
-
-    /**
-     * {@inheritDoc}
-	 */
-	public void invalidate() {
-		invalidated = true;
-	}
-    
-    /**
-     * {@inheritDoc}
-     *
-     * @return
-     */
-	public boolean isNew() {
-		return true;
-	}
-
-	/**
-     * {@inheritDoc}
-     *
-     * @param string
-     * @param object
-     * @deprecated
-     */
-     	@Deprecated
-	public void putValue(String string, Object object) {
-		setAttribute( string, object );
-	}
-
-    /**
-     * {@inheritDoc}
-     *
-     * @param string
-     */
-	public void removeAttribute(String string) {
-		attributes.remove( string );
-	}
-
-    /**
-     * {@inheritDoc}
-     *
-     * @param string
-     * @deprecated
-     */
-     	@Deprecated
-	public void removeValue(String string) {
-		removeAttribute( string );
-	}
-
-    /**
-     * {@inheritDoc}
-     *
-     * @param string
-     * @param object
-     */
-	public void setAttribute(String string, Object object) {
-		attributes.put(string, object);
-	}
-
-    /**
-     * {@inheritDoc}
-     *
-     * @param i
-     */
-	public void setMaxInactiveInterval(int i) {
-		// stub
-	}
-	
-    /**
-     *
-     * @param time
-     */
-    public void setAccessedTime( long time ) {
-		this.accessedTime = time;
-	}
-
-	
-    /**
-     *
-     * @param time
-     */
-    public void setCreationTime( long time ) {
-		this.creationTime = time;
-	}
-
-}
-
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.http;
+
+import java.util.Date;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Vector;
+
+import javax.servlet.ServletContext;
+import javax.servlet.http.HttpSession;
+
+/**
+ * The Class MockHttpSession.
+ * 
+ * @author jwilliams
+ */
+public class MockHttpSession implements HttpSession {
+
+	/** The invalidated. */
+	boolean invalidated = false;
+	
+	/** The creation time. */
+	private long creationTime=new Date().getTime();
+	
+	/** The accessed time. */
+	private long accessedTime=new Date().getTime();
+	
+	/** The count. */
+	private static int count = 1;
+	
+	/** The sessionid. */
+	private int sessionid=count++;
+	
+	/** The attributes. */
+	private Map attributes = new HashMap();
+	
+	/**
+	 * Instantiates a new test http session.
+	 */
+	public MockHttpSession() {
+		// to replace synthetic accessor method
+	}
+	
+	/**
+	 * Instantiates a new test http session.
+	 * 
+	 * @param creationTime
+	 *            the creation time
+	 * @param accessedTime
+	 *            the accessed time
+	 */
+	public MockHttpSession( long creationTime, long accessedTime ) {
+		this.creationTime = creationTime;
+		this.accessedTime = accessedTime;
+	}
+
+    /**
+     * {@inheritDoc}
+     *
+     * @param string
+     * @return
+     */
+	public Object getAttribute(String string) {
+		return attributes.get( string );
+	}
+
+    /**
+     * {@inheritDoc}
+     * 
+     * @return
+     */
+	public Enumeration getAttributeNames() {
+		Vector v = new Vector( attributes.keySet() );
+		return v.elements();
+	}
+
+    /**
+     * {@inheritDoc}
+     *
+     * @return
+     */
+	public long getCreationTime() {
+		return creationTime;
+	}
+
+    /**
+     * {@inheritDoc}
+     *
+     * @return
+     */
+	public String getId() {
+		return ""+sessionid;
+	}
+
+	/**
+	 * Gets the invalidated.
+	 * 
+	 * @return the invalidated
+	 */
+	public boolean getInvalidated() {
+		return invalidated;
+	}
+
+    /**
+     * {@inheritDoc}
+     *
+     * @return
+     */
+	public long getLastAccessedTime() {
+		return accessedTime;
+	}
+
+    /**
+     * {@inheritDoc}
+     *
+     * @return
+     */
+	public int getMaxInactiveInterval() {
+		return 0;
+	}
+
+    /**
+     * {@inheritDoc}
+     *
+     * @return
+     */
+	public ServletContext getServletContext() {
+		return null;
+	}
+
+    /**
+     * {@inheritDoc}
+     *
+     * @return null
+     * @deprecated
+     */
+        @Deprecated
+	// need the full class here as for whatever stupid reason you can't
+	// seem to @SuppressWarnings{'deprecation'} on the import... *sigh*
+	public javax.servlet.http.HttpSessionContext getSessionContext() {
+		return null;
+	}
+
+    /**
+     * {@inheritDoc}
+     *
+     * @param string
+     * @return
+     * @deprecated
+     */
+     	@Deprecated
+	public Object getValue(String string) {
+		return null;
+	}
+
+    /**
+     * {@inheritDoc}
+     *
+     * @return
+     * @deprecated
+     */
+     	@Deprecated
+	public String[] getValueNames() {
+		return null;
+	}
+
+    /**
+     * {@inheritDoc}
+	 */
+	public void invalidate() {
+		invalidated = true;
+	}
+    
+    /**
+     * {@inheritDoc}
+     *
+     * @return
+     */
+	public boolean isNew() {
+		return true;
+	}
+
+	/**
+     * {@inheritDoc}
+     *
+     * @param string
+     * @param object
+     * @deprecated
+     */
+     	@Deprecated
+	public void putValue(String string, Object object) {
+		setAttribute( string, object );
+	}
+
+    /**
+     * {@inheritDoc}
+     *
+     * @param string
+     */
+	public void removeAttribute(String string) {
+		attributes.remove( string );
+	}
+
+    /**
+     * {@inheritDoc}
+     *
+     * @param string
+     * @deprecated
+     */
+     	@Deprecated
+	public void removeValue(String string) {
+		removeAttribute( string );
+	}
+
+    /**
+     * {@inheritDoc}
+     *
+     * @param string
+     * @param object
+     */
+	public void setAttribute(String string, Object object) {
+		attributes.put(string, object);
+	}
+
+    /**
+     * {@inheritDoc}
+     *
+     * @param i
+     */
+	public void setMaxInactiveInterval(int i) {
+		// stub
+	}
+	
+    /**
+     *
+     * @param time
+     */
+    public void setAccessedTime( long time ) {
+		this.accessedTime = time;
+	}
+
+	
+    /**
+     *
+     * @param time
+     */
+    public void setCreationTime( long time ) {
+		this.creationTime = time;
+	}
+
+}
+

From 2fb24de136c7c826a0d4ee301ad4e0fa5bd33bd2 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:51 -0500
Subject: [PATCH 227/812] Change CRLF to LF for issue 356.

---
 .../esapi/http/MockRequestDispatcher.java     | 108 +++++++++---------
 1 file changed, 54 insertions(+), 54 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/http/MockRequestDispatcher.java b/src/test/java/org/owasp/esapi/http/MockRequestDispatcher.java
index 3cec7a156..28f647157 100644
--- a/src/test/java/org/owasp/esapi/http/MockRequestDispatcher.java
+++ b/src/test/java/org/owasp/esapi/http/MockRequestDispatcher.java
@@ -1,54 +1,54 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.http;
-
-import java.io.IOException;
-
-import javax.servlet.RequestDispatcher;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-
-/**
- *
- * @author jwilliams
- */
-public class MockRequestDispatcher implements RequestDispatcher {
-
-    /**
-     *
-     * @param request
-     * @param response
-     * @throws javax.servlet.ServletException
-     * @throws java.io.IOException
-     */
-    public void forward(ServletRequest request, ServletResponse response) throws ServletException, IOException {
-    	System.out.println( "Forwarding" );
-    }
-    
-    /**
-     *
-     * @param request
-     * @param response
-     * @throws javax.servlet.ServletException
-     * @throws java.io.IOException
-     */
-    public void include(ServletRequest request, ServletResponse response) throws ServletException, IOException {
-    	System.out.println( "Including" );
-    }
-}
-
-
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.http;
+
+import java.io.IOException;
+
+import javax.servlet.RequestDispatcher;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+
+/**
+ *
+ * @author jwilliams
+ */
+public class MockRequestDispatcher implements RequestDispatcher {
+
+    /**
+     *
+     * @param request
+     * @param response
+     * @throws javax.servlet.ServletException
+     * @throws java.io.IOException
+     */
+    public void forward(ServletRequest request, ServletResponse response) throws ServletException, IOException {
+    	System.out.println( "Forwarding" );
+    }
+    
+    /**
+     *
+     * @param request
+     * @param response
+     * @throws javax.servlet.ServletException
+     * @throws java.io.IOException
+     */
+    public void include(ServletRequest request, ServletResponse response) throws ServletException, IOException {
+    	System.out.println( "Including" );
+    }
+}
+
+

From 92d8bd94c444476067543190ce30f2e4b598bf2c Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:51 -0500
Subject: [PATCH 228/812] Change CRLF to LF for issue 356.

---
 .../owasp/esapi/http/MockServletContext.java  | 1106 ++++++++---------
 1 file changed, 553 insertions(+), 553 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/http/MockServletContext.java b/src/test/java/org/owasp/esapi/http/MockServletContext.java
index b577ab2bb..dd1d01929 100644
--- a/src/test/java/org/owasp/esapi/http/MockServletContext.java
+++ b/src/test/java/org/owasp/esapi/http/MockServletContext.java
@@ -1,554 +1,554 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.http;
-
-import java.io.InputStream;
-import java.net.MalformedURLException;
-import java.net.URL;
-import java.util.Enumeration;
-import java.util.Set;
-
-import javax.servlet.RequestDispatcher;
-import javax.servlet.Servlet;
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletContext;
-import javax.servlet.ServletException;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.Logger;
-
-/**
- * Defines a set of methods that a servlet uses to communicate with its
- * servlet container, for example, to get the MIME type of a file, dispatch
- * requests, or write to a log file.
- *
- * <p>There is one context per "web application" per Java Virtual Machine.  (A
- * "web application" is a collection of servlets and content installed under a
- * specific subset of the server's URL namespace such as <code>/catalog</code>
- * and possibly installed via a <code>.war</code> file.)
- *
- * <p>In the case of a web
- * application marked "distributed" in its deployment descriptor, there will
- * be one context instance for each virtual machine.  In this situation, the
- * context cannot be used as a location to share global information (because
- * the information won't be truly global).  Use an external resource like
- * a database instead.
- *
- * <p>The <code>ServletContext</code> object is contained within
- * the {@link ServletConfig} object, which the Web server provides the
- * servlet when the servlet is initialized.
- *
- * @see Servlet#getServletConfig
- * @see ServletConfig#getServletContext
- *
- * @version $Rev: 46019 $ $Date: 2004-09-14 04:56:06 -0500 (Tue, 14 Sep 2004) $
- */
-public class MockServletContext implements ServletContext {
-    @Override
-    public String getContextPath() {
-        return "/";
-    }
-
-    /**
-     * Returns a <code>ServletContext</code> object that
-     * corresponds to a specified URL on the server.
-     *
-     * <p>This method allows servlets to gain
-     * access to the context for various parts of the server, and as
-     * needed obtain {@link RequestDispatcher} objects from the context.
-     * The given path must be begin with "/", is interpreted relative
-     * to the server's document root and is matched against the context roots of
-     * other web applications hosted on this container.
-     *
-     * <p>In a security conscious environment, the servlet container may
-     * return <code>null</code> for a given URL.
-     *
-     * @param uripath a <code>String</code> specifying the context path of
-     * another web application in the container.
-     * @return the <code>ServletContext</code> object that
-     * corresponds to the named URL, or null if either none exists or the
-     * container wishes to restrict this access.
-     *
-     * @see RequestDispatcher
-     */
-    public ServletContext getContext(String uripath) {
-    	return null;
-    }
-
-    /**
-     * Returns the major version of the Java Servlet API that this
-     * servlet container supports. All implementations that comply
-     * with Version 2.4 must have this method
-     * return the integer 2.
-     *
-     * @return 2
-     */
-    public int getMajorVersion() {
-    	return 2;
-    }
-
-    /**
-     * Returns the minor version of the Servlet API that this
-     * servlet container supports. All implementations that comply
-     * with Version 2.4 must have this method
-     * return the integer 4.
-     */
-    public int getMinorVersion() {
-    	return 4;
-    }
-
-    /**
-     * Returns the MIME type of the specified file, or <code>null</code> if
-     * the MIME type is not known. The MIME type is determined
-     * by the configuration of the servlet container, and may be specified
-     * in a web application deployment descriptor. Common MIME
-     * types are <code>"text/html"</code> and <code>"image/gif"</code>.
-     *
-     * @param file a <code>String</code> specifying the name
-     * of a file
-     *
-     * @return a <code>String</code> specifying the file's MIME type
-     */
-    public String getMimeType(String file) {
-    	return "text/html";
-    }
-
-    /**
-     * Returns a directory-like listing of all the paths to resources within
-     * the web application whose longest sub-path matches the supplied path
-     * argument. Paths indicating subdirectory paths end with a '/'. The
-     * returned paths are all relative to the root of the web application and
-     * have a leading '/'. For example, for a web application containing<br>
-     * <br>
-     * /welcome.html<br>
-     * /catalog/index.html<br>
-     * /catalog/products.html<br>
-     * /catalog/offers/books.html<br>
-     * /catalog/offers/music.html<br>
-     * /customer/login.jsp<br>
-     * /WEB-INF/web.xml<br>
-     * /WEB-INF/classes/com.acme.OrderServlet.class,<br><br>
-     *
-     * getResourcePaths("/") returns {"/welcome.html", "/catalog/", "/customer/", "/WEB-INF/"}<br>
-     * getResourcePaths("/catalog/") returns {"/catalog/index.html", "/catalog/products.html", "/catalog/offers/"}.<br>
-     *
-     * @param path the partial path used to match the resources,
-     *  which must start with a /
-     * @return a Set containing the directory listing, or null if there are no
-     * resources in the web application whose path begins with the supplied path.
-     *
-     * @since Servlet 2.3
-     */
-    public Set getResourcePaths(String path) {
-    	return null;
-    }
-
-    /**
-     * Returns a URL to the resource that is mapped to a specified
-     * path. The path must begin with a "/" and is interpreted
-     * as relative to the current context root.
-     *
-     * <p>This method allows the servlet container to make a resource
-     * available to servlets from any source. Resources
-     * can be located on a local or remote
-     * file system, in a database, or in a <code>.war</code> file.
-     *
-     * <p>The servlet container must implement the URL handlers
-     * and <code>URLConnection</code> objects that are necessary
-     * to access the resource.
-     *
-     * <p>This method returns <code>null</code>
-     * if no resource is mapped to the pathname.
-     *
-     * <p>Some containers may allow writing to the URL returned by
-     * this method using the methods of the URL class.
-     *
-     * <p>The resource content is returned directly, so be aware that
-     * requesting a <code>.jsp</code> page returns the JSP source code.
-     * Use a <code>RequestDispatcher</code> instead to include results of
-     * an execution.
-     *
-     * <p>This method has a different purpose than
-     * <code>java.lang.Class.getResource</code>,
-     * which looks up resources based on a class loader. This
-     * method does not use class loaders.
-     *
-     * @param path a <code>String</code> specifying the path to the resource
-     *
-     * @return the resource located at the named path, or <code>null</code>
-     * if there is no resource at that path
-     *
-     * @exception MalformedURLException if the pathname is not given in
-     * the correct form
-     */
-    public URL getResource(String path) throws MalformedURLException {
-    	return null;
-    }
-
-    /**
-     * Returns the resource located at the named path as
-     * an <code>InputStream</code> object.
-     *
-     * <p>The data in the <code>InputStream</code> can be
-     * of any type or length. The path must be specified according
-     * to the rules given in <code>getResource</code>.
-     * This method returns <code>null</code> if no resource exists at
-     * the specified path.
-     *
-     * <p>Meta-information such as content length and content type
-     * that is available via <code>getResource</code>
-     * method is lost when using this method.
-     *
-     * <p>The servlet container must implement the URL handlers
-     * and <code>URLConnection</code> objects necessary to access
-     * the resource.
-     *
-     * <p>This method is different from
-     * <code>java.lang.Class.getResourceAsStream</code>,
-     * which uses a class loader. This method allows servlet containers
-     * to make a resource available
-     * to a servlet from any location, without using a class loader.
-     *
-     * @param path a <code>String</code> specifying the path
-     * to the resource
-     *
-     * @return the <code>InputStream</code> returned to the
-     * servlet, or <code>null</code> if no resource exists at the
-     * specified path
-     */
-    public InputStream getResourceAsStream(String path) {
-    	return null;
-    }
-
-    /**
-     * Returns a {@link RequestDispatcher} object that acts
-     * as a wrapper for the resource located at the given path.
-     * A <code>RequestDispatcher</code> object can be used to forward
-     * a request to the resource or to include the resource in a response.
-     * The resource can be dynamic or static.
-     *
-     * <p>The pathname must begin with a "/" and is interpreted as relative
-     * to the current context root.  Use <code>getContext</code> to obtain
-     * a <code>RequestDispatcher</code> for resources in foreign contexts.
-     * This method returns <code>null</code> if the <code>ServletContext</code>
-     * cannot return a <code>RequestDispatcher</code>.
-     *
-     * @param path a <code>String</code> specifying the pathname
-     * to the resource
-     *
-     * @return a <code>RequestDispatcher</code> object that acts as a wrapper
-     * for the resource at the specified path, or <code>null</code> if the
-     * <code>ServletContext</code> cannot return a <code>RequestDispatcher</code>
-     *
-     * @see RequestDispatcher
-     * @see ServletContext#getContext
-     */
-    public RequestDispatcher getRequestDispatcher(String path) {
-    	return null;
-    }
-
-    /**
-     * Returns a {@link RequestDispatcher} object that acts
-     * as a wrapper for the named servlet.
-     *
-     * <p>Servlets (and JSP pages also) may be given names via server
-     * administration or via a web application deployment descriptor.
-     * A servlet instance can determine its name using
-     * {@link ServletConfig#getServletName}.
-     *
-     * <p>This method returns <code>null</code> if the
-     * <code>ServletContext</code>
-     * cannot return a <code>RequestDispatcher</code> for any reason.
-     *
-     * @param name a <code>String</code> specifying the name
-     * of a servlet to wrap
-     *
-     * @return a <code>RequestDispatcher</code> object
-     * that acts as a wrapper for the named servlet,
-     * or <code>null</code> if the <code>ServletContext</code>
-     * cannot return a <code>RequestDispatcher</code>
-     *
-     * @see RequestDispatcher
-     * @see ServletContext#getContext
-     * @see ServletConfig#getServletName
-     */
-    public RequestDispatcher getNamedDispatcher(String name) {
-    	return null;
-    }
-
-    /**
-     * @deprecated As of Java Servlet API 2.1, with no direct replacement.
-     *
-     * <p>This method was originally defined to retrieve a servlet
-     * from a <code>ServletContext</code>. In this version, this method
-     * always returns <code>null</code> and remains only to preserve
-     * binary compatibility. This method will be permanently removed
-     * in a future version of the Java Servlet API.
-     *
-     * <p>In lieu of this method, servlets can share information using the
-     * <code>ServletContext</code> class and can perform shared business logic
-     * by invoking methods on common non-servlet classes.
-     */
-    public Servlet getServlet(String name) throws ServletException {
-    	return null;
-    }
-
-    /**
-     * @deprecated As of Java Servlet API 2.0, with no replacement.
-     *
-     * <p>This method was originally defined to return an <code>Enumeration</code>
-     * of all the servlets known to this servlet context. In this
-     * version, this method always returns an empty enumeration and
-     * remains only to preserve binary compatibility. This method
-     * will be permanently removed in a future version of the Java
-     * Servlet API.
-     */
-    public Enumeration getServlets() {
-    	return null;
-    }
-
-    /**
-     * @deprecated As of Java Servlet API 2.1, with no replacement.
-     *
-     * <p>This method was originally defined to return an
-     * <code>Enumeration</code>
-     * of all the servlet names known to this context. In this version,
-     * this method always returns an empty <code>Enumeration</code> and
-     * remains only to preserve binary compatibility. This method will
-     * be permanently removed in a future version of the Java Servlet API.
-     */
-    public Enumeration getServletNames() {
-    	return null;
-    }
-
-    /**
-     * Writes the specified message to a servlet log file, usually
-     * an event log. The name and type of the servlet log file is
-     * specific to the servlet container.
-     *
-     * @param msg a <code>String</code> specifying the
-     * message to be written to the log file
-     */
-    public void log(String msg) {
-    	ESAPI.getLogger( "MockServletContext" ).warning( Logger.EVENT_FAILURE, msg );
-    }
-
-    /**
-     * @deprecated As of Java Servlet API 2.1, use
-     * {@link #log(String message, Throwable throwable)}
-     * instead.
-     *
-     * <p>This method was originally defined to write an
-     * exception's stack trace and an explanatory error message
-     * to the servlet log file.
-     */
-    public void log(Exception exception, String msg) {
-    	ESAPI.getLogger( "MockServletContext" ).warning( Logger.EVENT_FAILURE, msg, exception );
-    }
-
-    /**
-     * Writes an explanatory message and a stack trace
-     * for a given <code>Throwable</code> exception
-     * to the servlet log file. The name and type of the servlet log
-     * file is specific to the servlet container, usually an event log.
-     *
-     * @param message a <code>String</code> that
-     * describes the error or exception
-     *
-     * @param throwable the <code>Throwable</code> error
-     * or exception
-     */
-    public void log(String message, Throwable throwable) {
-    	ESAPI.getLogger( "MockServletContext" ).warning( Logger.EVENT_FAILURE, message, throwable );
-    }
-
-    /**
-     * Returns a <code>String</code> containing the real path
-     * for a given virtual path. For example, the path "/index.html"
-     * returns the absolute file path on the server's filesystem would be
-     * served by a request for "http://host/contextPath/index.html",
-     * where contextPath is the context path of this ServletContext..
-     *
-     * <p>The real path returned will be in a form
-     * appropriate to the computer and operating system on
-     * which the servlet container is running, including the
-     * proper path separators. This method returns <code>null</code>
-     * if the servlet container cannot translate the virtual path
-     * to a real path for any reason (such as when the content is
-     * being made available from a <code>.war</code> archive).
-     *
-     * @param path a <code>String</code> specifying a virtual path
-     *
-     * @return a <code>String</code> specifying the real path,
-     * or null if the translation cannot be performed
-     */
-    public String getRealPath(String path) {
-    	return ESAPI.securityConfiguration().getResourceFile( path ).getAbsolutePath();
-    }
-
-    /**
-     * Returns the name and version of the servlet container on which
-     * the servlet is running.
-     *
-     * <p>The form of the returned string is
-     * <i>servername</i>/<i>versionnumber</i>.
-     * For example, the JavaServer Web Development Kit may return the string
-     * <code>JavaServer Web Dev Kit/1.0</code>.
-     *
-     * <p>The servlet container may return other optional information
-     * after the primary string in parentheses, for example,
-     * <code>JavaServer Web Dev Kit/1.0 (JDK 1.1.6; Windows NT 4.0 x86)</code>.
-     *
-     * @return a <code>String</code> containing at least the
-     * servlet container name and version number
-     */
-    public String getServerInfo() {
-    	return null;
-    }
-
-    /**
-     * Returns a <code>String</code> containing the value of the named
-     * context-wide initialization parameter, or <code>null</code> if the
-     * parameter does not exist.
-     *
-     * <p>This method can make available configuration information useful
-     * to an entire "web application".  For example, it can provide a
-     * webmaster's email address or the name of a system that holds
-     * critical data.
-     *
-     * @param name a <code>String</code> containing the name of the
-     * parameter whose value is requested
-     *
-     * @return a <code>String</code> containing at least the
-     * servlet container name and version number
-     *
-     * @see ServletConfig#getInitParameter
-     */
-    public String getInitParameter(String name) {
-    	return null;
-    }
-
-    /**
-     * Returns the names of the context's initialization parameters as an
-     * <code>Enumeration</code> of <code>String</code> objects, or an
-     * empty <code>Enumeration</code> if the context has no initialization
-     * parameters.
-     *
-     * @return an <code>Enumeration</code> of <code>String</code>
-     * objects containing the names of the context's initialization parameters
-     *
-     * @see ServletConfig#getInitParameter
-     */
-    public Enumeration getInitParameterNames() {
-    	return null;
-    }
-
-
-    /**
-     * Returns the servlet container attribute with the given name,
-     * or <code>null</code> if there is no attribute by that name.
-     * An attribute allows a servlet container to give the
-     * servlet additional information not
-     * already provided by this interface. See your
-     * server documentation for information about its attributes.
-     * A list of supported attributes can be retrieved using
-     * <code>getAttributeNames</code>.
-     *
-     * <p>The attribute is returned as a <code>java.lang.Object</code>
-     * or some subclass.
-     * Attribute names should follow the same convention as package
-     * names. The Java Servlet API specification reserves names
-     * matching <code>java.*</code>, <code>javax.*</code>,
-     * and <code>sun.*</code>.
-     *
-     * @param name a <code>String</code> specifying the name
-     * of the attribute
-     *
-     * @return an <code>Object</code> containing the value
-     * of the attribute, or <code>null</code> if no attribute
-     * exists matching the given name
-     *
-     * @see ServletContext#getAttributeNames
-     */
-    public Object getAttribute(String name) {
-    	return null;
-    }
-
-    /**
-     * Returns an <code>Enumeration</code> containing the
-     * attribute names available
-     * within this servlet context. Use the
-     * {@link #getAttribute} method with an attribute name
-     * to get the value of an attribute.
-     *
-     * @return an <code>Enumeration</code> of attribute names
-     *
-     * @see #getAttribute
-     */
-    public Enumeration getAttributeNames() {
-    	return null;
-    }
-
-    /**
-     * Binds an object to a given attribute name in this servlet context. If
-     * the name specified is already used for an attribute, this
-     * method will replace the attribute with the new to the new attribute.
-     * <p>If listeners are configured on the <code>ServletContext</code> the
-     * container notifies them accordingly.
-     * <p>
-     * If a null value is passed, the effect is the same as calling
-     * <code>removeAttribute()</code>.
-     *
-     * <p>Attribute names should follow the same convention as package
-     * names. The Java Servlet API specification reserves names
-     * matching <code>java.*</code>, <code>javax.*</code>, and
-     * <code>sun.*</code>.
-     *
-     * @param name a <code>String</code> specifying the name
-     * of the attribute
-     *
-     * @param object an <code>Object</code> representing the
-     * attribute to be bound
-     */
-    public void setAttribute(String name, Object object) {
-    }
-
-    /**
-     * Removes the attribute with the given name from
-     * the servlet context. After removal, subsequent calls to
-     * {@link #getAttribute} to retrieve the attribute's value
-     * will return <code>null</code>.
-     *
-     * <p>If listeners are configured on the <code>ServletContext</code> the
-     * container notifies them accordingly.
-     *
-     * @param name a <code>String</code> specifying the name
-     * of the attribute to be removed
-     */
-    public void removeAttribute(String name) {
-    }
-
-    /**
-     * Returns the name of this web application correponding to this ServletContext as specified in the deployment
-     * descriptor for this web application by the display-name element.
-     *
-     * @return The name of the web application or null if no name has been declared in the deployment descriptor.
-     * @since Servlet 2.3
-     */
-    public String getServletContextName() {
-    	return null;
-    }
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.http;
+
+import java.io.InputStream;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.util.Enumeration;
+import java.util.Set;
+
+import javax.servlet.RequestDispatcher;
+import javax.servlet.Servlet;
+import javax.servlet.ServletConfig;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Logger;
+
+/**
+ * Defines a set of methods that a servlet uses to communicate with its
+ * servlet container, for example, to get the MIME type of a file, dispatch
+ * requests, or write to a log file.
+ *
+ * <p>There is one context per "web application" per Java Virtual Machine.  (A
+ * "web application" is a collection of servlets and content installed under a
+ * specific subset of the server's URL namespace such as <code>/catalog</code>
+ * and possibly installed via a <code>.war</code> file.)
+ *
+ * <p>In the case of a web
+ * application marked "distributed" in its deployment descriptor, there will
+ * be one context instance for each virtual machine.  In this situation, the
+ * context cannot be used as a location to share global information (because
+ * the information won't be truly global).  Use an external resource like
+ * a database instead.
+ *
+ * <p>The <code>ServletContext</code> object is contained within
+ * the {@link ServletConfig} object, which the Web server provides the
+ * servlet when the servlet is initialized.
+ *
+ * @see Servlet#getServletConfig
+ * @see ServletConfig#getServletContext
+ *
+ * @version $Rev: 46019 $ $Date: 2004-09-14 04:56:06 -0500 (Tue, 14 Sep 2004) $
+ */
+public class MockServletContext implements ServletContext {
+    @Override
+    public String getContextPath() {
+        return "/";
+    }
+
+    /**
+     * Returns a <code>ServletContext</code> object that
+     * corresponds to a specified URL on the server.
+     *
+     * <p>This method allows servlets to gain
+     * access to the context for various parts of the server, and as
+     * needed obtain {@link RequestDispatcher} objects from the context.
+     * The given path must be begin with "/", is interpreted relative
+     * to the server's document root and is matched against the context roots of
+     * other web applications hosted on this container.
+     *
+     * <p>In a security conscious environment, the servlet container may
+     * return <code>null</code> for a given URL.
+     *
+     * @param uripath a <code>String</code> specifying the context path of
+     * another web application in the container.
+     * @return the <code>ServletContext</code> object that
+     * corresponds to the named URL, or null if either none exists or the
+     * container wishes to restrict this access.
+     *
+     * @see RequestDispatcher
+     */
+    public ServletContext getContext(String uripath) {
+    	return null;
+    }
+
+    /**
+     * Returns the major version of the Java Servlet API that this
+     * servlet container supports. All implementations that comply
+     * with Version 2.4 must have this method
+     * return the integer 2.
+     *
+     * @return 2
+     */
+    public int getMajorVersion() {
+    	return 2;
+    }
+
+    /**
+     * Returns the minor version of the Servlet API that this
+     * servlet container supports. All implementations that comply
+     * with Version 2.4 must have this method
+     * return the integer 4.
+     */
+    public int getMinorVersion() {
+    	return 4;
+    }
+
+    /**
+     * Returns the MIME type of the specified file, or <code>null</code> if
+     * the MIME type is not known. The MIME type is determined
+     * by the configuration of the servlet container, and may be specified
+     * in a web application deployment descriptor. Common MIME
+     * types are <code>"text/html"</code> and <code>"image/gif"</code>.
+     *
+     * @param file a <code>String</code> specifying the name
+     * of a file
+     *
+     * @return a <code>String</code> specifying the file's MIME type
+     */
+    public String getMimeType(String file) {
+    	return "text/html";
+    }
+
+    /**
+     * Returns a directory-like listing of all the paths to resources within
+     * the web application whose longest sub-path matches the supplied path
+     * argument. Paths indicating subdirectory paths end with a '/'. The
+     * returned paths are all relative to the root of the web application and
+     * have a leading '/'. For example, for a web application containing<br>
+     * <br>
+     * /welcome.html<br>
+     * /catalog/index.html<br>
+     * /catalog/products.html<br>
+     * /catalog/offers/books.html<br>
+     * /catalog/offers/music.html<br>
+     * /customer/login.jsp<br>
+     * /WEB-INF/web.xml<br>
+     * /WEB-INF/classes/com.acme.OrderServlet.class,<br><br>
+     *
+     * getResourcePaths("/") returns {"/welcome.html", "/catalog/", "/customer/", "/WEB-INF/"}<br>
+     * getResourcePaths("/catalog/") returns {"/catalog/index.html", "/catalog/products.html", "/catalog/offers/"}.<br>
+     *
+     * @param path the partial path used to match the resources,
+     *  which must start with a /
+     * @return a Set containing the directory listing, or null if there are no
+     * resources in the web application whose path begins with the supplied path.
+     *
+     * @since Servlet 2.3
+     */
+    public Set getResourcePaths(String path) {
+    	return null;
+    }
+
+    /**
+     * Returns a URL to the resource that is mapped to a specified
+     * path. The path must begin with a "/" and is interpreted
+     * as relative to the current context root.
+     *
+     * <p>This method allows the servlet container to make a resource
+     * available to servlets from any source. Resources
+     * can be located on a local or remote
+     * file system, in a database, or in a <code>.war</code> file.
+     *
+     * <p>The servlet container must implement the URL handlers
+     * and <code>URLConnection</code> objects that are necessary
+     * to access the resource.
+     *
+     * <p>This method returns <code>null</code>
+     * if no resource is mapped to the pathname.
+     *
+     * <p>Some containers may allow writing to the URL returned by
+     * this method using the methods of the URL class.
+     *
+     * <p>The resource content is returned directly, so be aware that
+     * requesting a <code>.jsp</code> page returns the JSP source code.
+     * Use a <code>RequestDispatcher</code> instead to include results of
+     * an execution.
+     *
+     * <p>This method has a different purpose than
+     * <code>java.lang.Class.getResource</code>,
+     * which looks up resources based on a class loader. This
+     * method does not use class loaders.
+     *
+     * @param path a <code>String</code> specifying the path to the resource
+     *
+     * @return the resource located at the named path, or <code>null</code>
+     * if there is no resource at that path
+     *
+     * @exception MalformedURLException if the pathname is not given in
+     * the correct form
+     */
+    public URL getResource(String path) throws MalformedURLException {
+    	return null;
+    }
+
+    /**
+     * Returns the resource located at the named path as
+     * an <code>InputStream</code> object.
+     *
+     * <p>The data in the <code>InputStream</code> can be
+     * of any type or length. The path must be specified according
+     * to the rules given in <code>getResource</code>.
+     * This method returns <code>null</code> if no resource exists at
+     * the specified path.
+     *
+     * <p>Meta-information such as content length and content type
+     * that is available via <code>getResource</code>
+     * method is lost when using this method.
+     *
+     * <p>The servlet container must implement the URL handlers
+     * and <code>URLConnection</code> objects necessary to access
+     * the resource.
+     *
+     * <p>This method is different from
+     * <code>java.lang.Class.getResourceAsStream</code>,
+     * which uses a class loader. This method allows servlet containers
+     * to make a resource available
+     * to a servlet from any location, without using a class loader.
+     *
+     * @param path a <code>String</code> specifying the path
+     * to the resource
+     *
+     * @return the <code>InputStream</code> returned to the
+     * servlet, or <code>null</code> if no resource exists at the
+     * specified path
+     */
+    public InputStream getResourceAsStream(String path) {
+    	return null;
+    }
+
+    /**
+     * Returns a {@link RequestDispatcher} object that acts
+     * as a wrapper for the resource located at the given path.
+     * A <code>RequestDispatcher</code> object can be used to forward
+     * a request to the resource or to include the resource in a response.
+     * The resource can be dynamic or static.
+     *
+     * <p>The pathname must begin with a "/" and is interpreted as relative
+     * to the current context root.  Use <code>getContext</code> to obtain
+     * a <code>RequestDispatcher</code> for resources in foreign contexts.
+     * This method returns <code>null</code> if the <code>ServletContext</code>
+     * cannot return a <code>RequestDispatcher</code>.
+     *
+     * @param path a <code>String</code> specifying the pathname
+     * to the resource
+     *
+     * @return a <code>RequestDispatcher</code> object that acts as a wrapper
+     * for the resource at the specified path, or <code>null</code> if the
+     * <code>ServletContext</code> cannot return a <code>RequestDispatcher</code>
+     *
+     * @see RequestDispatcher
+     * @see ServletContext#getContext
+     */
+    public RequestDispatcher getRequestDispatcher(String path) {
+    	return null;
+    }
+
+    /**
+     * Returns a {@link RequestDispatcher} object that acts
+     * as a wrapper for the named servlet.
+     *
+     * <p>Servlets (and JSP pages also) may be given names via server
+     * administration or via a web application deployment descriptor.
+     * A servlet instance can determine its name using
+     * {@link ServletConfig#getServletName}.
+     *
+     * <p>This method returns <code>null</code> if the
+     * <code>ServletContext</code>
+     * cannot return a <code>RequestDispatcher</code> for any reason.
+     *
+     * @param name a <code>String</code> specifying the name
+     * of a servlet to wrap
+     *
+     * @return a <code>RequestDispatcher</code> object
+     * that acts as a wrapper for the named servlet,
+     * or <code>null</code> if the <code>ServletContext</code>
+     * cannot return a <code>RequestDispatcher</code>
+     *
+     * @see RequestDispatcher
+     * @see ServletContext#getContext
+     * @see ServletConfig#getServletName
+     */
+    public RequestDispatcher getNamedDispatcher(String name) {
+    	return null;
+    }
+
+    /**
+     * @deprecated As of Java Servlet API 2.1, with no direct replacement.
+     *
+     * <p>This method was originally defined to retrieve a servlet
+     * from a <code>ServletContext</code>. In this version, this method
+     * always returns <code>null</code> and remains only to preserve
+     * binary compatibility. This method will be permanently removed
+     * in a future version of the Java Servlet API.
+     *
+     * <p>In lieu of this method, servlets can share information using the
+     * <code>ServletContext</code> class and can perform shared business logic
+     * by invoking methods on common non-servlet classes.
+     */
+    public Servlet getServlet(String name) throws ServletException {
+    	return null;
+    }
+
+    /**
+     * @deprecated As of Java Servlet API 2.0, with no replacement.
+     *
+     * <p>This method was originally defined to return an <code>Enumeration</code>
+     * of all the servlets known to this servlet context. In this
+     * version, this method always returns an empty enumeration and
+     * remains only to preserve binary compatibility. This method
+     * will be permanently removed in a future version of the Java
+     * Servlet API.
+     */
+    public Enumeration getServlets() {
+    	return null;
+    }
+
+    /**
+     * @deprecated As of Java Servlet API 2.1, with no replacement.
+     *
+     * <p>This method was originally defined to return an
+     * <code>Enumeration</code>
+     * of all the servlet names known to this context. In this version,
+     * this method always returns an empty <code>Enumeration</code> and
+     * remains only to preserve binary compatibility. This method will
+     * be permanently removed in a future version of the Java Servlet API.
+     */
+    public Enumeration getServletNames() {
+    	return null;
+    }
+
+    /**
+     * Writes the specified message to a servlet log file, usually
+     * an event log. The name and type of the servlet log file is
+     * specific to the servlet container.
+     *
+     * @param msg a <code>String</code> specifying the
+     * message to be written to the log file
+     */
+    public void log(String msg) {
+    	ESAPI.getLogger( "MockServletContext" ).warning( Logger.EVENT_FAILURE, msg );
+    }
+
+    /**
+     * @deprecated As of Java Servlet API 2.1, use
+     * {@link #log(String message, Throwable throwable)}
+     * instead.
+     *
+     * <p>This method was originally defined to write an
+     * exception's stack trace and an explanatory error message
+     * to the servlet log file.
+     */
+    public void log(Exception exception, String msg) {
+    	ESAPI.getLogger( "MockServletContext" ).warning( Logger.EVENT_FAILURE, msg, exception );
+    }
+
+    /**
+     * Writes an explanatory message and a stack trace
+     * for a given <code>Throwable</code> exception
+     * to the servlet log file. The name and type of the servlet log
+     * file is specific to the servlet container, usually an event log.
+     *
+     * @param message a <code>String</code> that
+     * describes the error or exception
+     *
+     * @param throwable the <code>Throwable</code> error
+     * or exception
+     */
+    public void log(String message, Throwable throwable) {
+    	ESAPI.getLogger( "MockServletContext" ).warning( Logger.EVENT_FAILURE, message, throwable );
+    }
+
+    /**
+     * Returns a <code>String</code> containing the real path
+     * for a given virtual path. For example, the path "/index.html"
+     * returns the absolute file path on the server's filesystem would be
+     * served by a request for "http://host/contextPath/index.html",
+     * where contextPath is the context path of this ServletContext..
+     *
+     * <p>The real path returned will be in a form
+     * appropriate to the computer and operating system on
+     * which the servlet container is running, including the
+     * proper path separators. This method returns <code>null</code>
+     * if the servlet container cannot translate the virtual path
+     * to a real path for any reason (such as when the content is
+     * being made available from a <code>.war</code> archive).
+     *
+     * @param path a <code>String</code> specifying a virtual path
+     *
+     * @return a <code>String</code> specifying the real path,
+     * or null if the translation cannot be performed
+     */
+    public String getRealPath(String path) {
+    	return ESAPI.securityConfiguration().getResourceFile( path ).getAbsolutePath();
+    }
+
+    /**
+     * Returns the name and version of the servlet container on which
+     * the servlet is running.
+     *
+     * <p>The form of the returned string is
+     * <i>servername</i>/<i>versionnumber</i>.
+     * For example, the JavaServer Web Development Kit may return the string
+     * <code>JavaServer Web Dev Kit/1.0</code>.
+     *
+     * <p>The servlet container may return other optional information
+     * after the primary string in parentheses, for example,
+     * <code>JavaServer Web Dev Kit/1.0 (JDK 1.1.6; Windows NT 4.0 x86)</code>.
+     *
+     * @return a <code>String</code> containing at least the
+     * servlet container name and version number
+     */
+    public String getServerInfo() {
+    	return null;
+    }
+
+    /**
+     * Returns a <code>String</code> containing the value of the named
+     * context-wide initialization parameter, or <code>null</code> if the
+     * parameter does not exist.
+     *
+     * <p>This method can make available configuration information useful
+     * to an entire "web application".  For example, it can provide a
+     * webmaster's email address or the name of a system that holds
+     * critical data.
+     *
+     * @param name a <code>String</code> containing the name of the
+     * parameter whose value is requested
+     *
+     * @return a <code>String</code> containing at least the
+     * servlet container name and version number
+     *
+     * @see ServletConfig#getInitParameter
+     */
+    public String getInitParameter(String name) {
+    	return null;
+    }
+
+    /**
+     * Returns the names of the context's initialization parameters as an
+     * <code>Enumeration</code> of <code>String</code> objects, or an
+     * empty <code>Enumeration</code> if the context has no initialization
+     * parameters.
+     *
+     * @return an <code>Enumeration</code> of <code>String</code>
+     * objects containing the names of the context's initialization parameters
+     *
+     * @see ServletConfig#getInitParameter
+     */
+    public Enumeration getInitParameterNames() {
+    	return null;
+    }
+
+
+    /**
+     * Returns the servlet container attribute with the given name,
+     * or <code>null</code> if there is no attribute by that name.
+     * An attribute allows a servlet container to give the
+     * servlet additional information not
+     * already provided by this interface. See your
+     * server documentation for information about its attributes.
+     * A list of supported attributes can be retrieved using
+     * <code>getAttributeNames</code>.
+     *
+     * <p>The attribute is returned as a <code>java.lang.Object</code>
+     * or some subclass.
+     * Attribute names should follow the same convention as package
+     * names. The Java Servlet API specification reserves names
+     * matching <code>java.*</code>, <code>javax.*</code>,
+     * and <code>sun.*</code>.
+     *
+     * @param name a <code>String</code> specifying the name
+     * of the attribute
+     *
+     * @return an <code>Object</code> containing the value
+     * of the attribute, or <code>null</code> if no attribute
+     * exists matching the given name
+     *
+     * @see ServletContext#getAttributeNames
+     */
+    public Object getAttribute(String name) {
+    	return null;
+    }
+
+    /**
+     * Returns an <code>Enumeration</code> containing the
+     * attribute names available
+     * within this servlet context. Use the
+     * {@link #getAttribute} method with an attribute name
+     * to get the value of an attribute.
+     *
+     * @return an <code>Enumeration</code> of attribute names
+     *
+     * @see #getAttribute
+     */
+    public Enumeration getAttributeNames() {
+    	return null;
+    }
+
+    /**
+     * Binds an object to a given attribute name in this servlet context. If
+     * the name specified is already used for an attribute, this
+     * method will replace the attribute with the new to the new attribute.
+     * <p>If listeners are configured on the <code>ServletContext</code> the
+     * container notifies them accordingly.
+     * <p>
+     * If a null value is passed, the effect is the same as calling
+     * <code>removeAttribute()</code>.
+     *
+     * <p>Attribute names should follow the same convention as package
+     * names. The Java Servlet API specification reserves names
+     * matching <code>java.*</code>, <code>javax.*</code>, and
+     * <code>sun.*</code>.
+     *
+     * @param name a <code>String</code> specifying the name
+     * of the attribute
+     *
+     * @param object an <code>Object</code> representing the
+     * attribute to be bound
+     */
+    public void setAttribute(String name, Object object) {
+    }
+
+    /**
+     * Removes the attribute with the given name from
+     * the servlet context. After removal, subsequent calls to
+     * {@link #getAttribute} to retrieve the attribute's value
+     * will return <code>null</code>.
+     *
+     * <p>If listeners are configured on the <code>ServletContext</code> the
+     * container notifies them accordingly.
+     *
+     * @param name a <code>String</code> specifying the name
+     * of the attribute to be removed
+     */
+    public void removeAttribute(String name) {
+    }
+
+    /**
+     * Returns the name of this web application correponding to this ServletContext as specified in the deployment
+     * descriptor for this web application by the display-name element.
+     *
+     * @return The name of the web application or null if no name has been declared in the deployment descriptor.
+     * @since Servlet 2.3
+     */
+    public String getServletContextName() {
+    	return null;
+    }
 }
\ No newline at end of file

From 69d34bfe1b033005b366ef6876e4bb37bc7fc659 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:51 -0500
Subject: [PATCH 229/812] Change CRLF to LF for issue 356.

---
 .../esapi/http/MockServletInputStream.java    | 102 +++++++++---------
 1 file changed, 51 insertions(+), 51 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/http/MockServletInputStream.java b/src/test/java/org/owasp/esapi/http/MockServletInputStream.java
index 1e7c90389..3e4ed3d9a 100644
--- a/src/test/java/org/owasp/esapi/http/MockServletInputStream.java
+++ b/src/test/java/org/owasp/esapi/http/MockServletInputStream.java
@@ -1,51 +1,51 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.http;
-
-import javax.servlet.ServletInputStream;
-import java.io.IOException;
-
-/**
- *
- * @author jwilliams
- */
-public class MockServletInputStream extends ServletInputStream {
-
-    private byte[] body;
-
-    private int next;
-
-    /**
-     * constructor
-     * @param body
-     */
-    public MockServletInputStream(byte[] body) {
-        this.body = body;
-    }
-
-    /**
-     * read
-     * @return 
-     * @throws IOException
-     */
-    public int read() throws IOException {
-        if (next < body.length) {
-            return body[next++];
-        } else {
-            return -1;
-        }
-    }
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.http;
+
+import javax.servlet.ServletInputStream;
+import java.io.IOException;
+
+/**
+ *
+ * @author jwilliams
+ */
+public class MockServletInputStream extends ServletInputStream {
+
+    private byte[] body;
+
+    private int next;
+
+    /**
+     * constructor
+     * @param body
+     */
+    public MockServletInputStream(byte[] body) {
+        this.body = body;
+    }
+
+    /**
+     * read
+     * @return 
+     * @throws IOException
+     */
+    public int read() throws IOException {
+        if (next < body.length) {
+            return body[next++];
+        } else {
+            return -1;
+        }
+    }
+}

From 5629b46a62b051c211e7cbfd1b4c21a27f14b8ae Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:51 -0500
Subject: [PATCH 230/812] Change CRLF to LF for issue 356.

---
 .../accesscontrol/AccessControllerTest.java   | 256 +++++++++---------
 1 file changed, 128 insertions(+), 128 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/reference/accesscontrol/AccessControllerTest.java b/src/test/java/org/owasp/esapi/reference/accesscontrol/AccessControllerTest.java
index 1f3cc8998..7e5c8b75d 100644
--- a/src/test/java/org/owasp/esapi/reference/accesscontrol/AccessControllerTest.java
+++ b/src/test/java/org/owasp/esapi/reference/accesscontrol/AccessControllerTest.java
@@ -1,128 +1,128 @@
-package org.owasp.esapi.reference.accesscontrol;
-
-import static org.junit.Assert.assertEquals;
-
-import java.util.HashMap;
-import java.util.Map;
-
-import org.junit.Before;
-import org.junit.Test;
-import org.owasp.esapi.AccessController;
-import org.owasp.esapi.errors.AccessControlException;
-import org.owasp.esapi.reference.accesscontrol.AlwaysFalseACR;
-import org.owasp.esapi.reference.accesscontrol.AlwaysTrueACR;
-import org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController;
-
-/**
- * Answers the question: is the AccessController itself working properly?
- * @author Mike H. Fauzy
- *
- */
-public class AccessControllerTest {
-	
-	protected AccessController accessController;
-		
-	@Before
-	public void setup() {
-		Map accessControlRules = new HashMap(3);
-		accessControlRules.put("AlwaysTrue", new AlwaysTrueACR());
-		accessControlRules.put("AlwaysFalse", new AlwaysFalseACR());		
-		accessControlRules.put("EchoRuntimeParameter", new EchoRuntimeParameterACR());
-		accessController = new ExperimentalAccessController(accessControlRules);
-	}
-	
-	@Test 
-	public void isAuthorized() {
-		assertEquals("Rule Not Found: null", accessController.isAuthorized(null, null), false);
-		assertEquals("Rule Not Found: Invalid Key", accessController.isAuthorized("A key that does not map to a rule", null), false);		
-
-		assertEquals("AlwaysTrue", accessController.isAuthorized("AlwaysTrue", null), true);
-		assertEquals("AlwaysFalse", accessController.isAuthorized("AlwaysFalse", null), false);
-		
-		assertEquals("EchoRuntimeParameter: True", accessController.isAuthorized("EchoRuntimeParameter", Boolean.TRUE), true );
-		assertEquals("EchoRuntimeParameter: False", accessController.isAuthorized("EchoRuntimeParameter", Boolean.FALSE), false);
-		assertEquals("EchoRuntimeParameter: ClassCastException", accessController.isAuthorized("EchoRuntimeParameter", "This is not a boolean"), false);
-		assertEquals("EchoRuntimeParameter: null Runtime Parameter", accessController.isAuthorized("EchoRuntimeParameter", null), false);
-	}
-	
-	@Test (expected = AccessControlException.class)	 
-	public void enforceAuthorizationRuleNotFoundNullKey() throws Exception {		
-		accessController.assertAuthorized(null, null);
-	}
-	@Test (expected = AccessControlException.class)	 
-	public void enforceAuthorizationRuleAKeyThatDoesNotMapToARule() throws Exception {		
-		accessController.assertAuthorized("A key that does not map to a rule", null);
-	}
-	
-	
-	@Test  
-	//Should not throw an exception
-	public void enforceAuthorizationAlwaysTrue() throws Exception {		
-		accessController.assertAuthorized("AlwaysTrue", null);
-	}
-	
-	@Test (expected = AccessControlException.class)	 
-	public void enforceAuthorizationAlwaysFalse() throws Exception {		
-		accessController.assertAuthorized("AlwaysFalse", null);
-	}
-	
-	/**
-	 * Ensure that isAuthorized does nothing if enforceAuthorization 
-	 * is called and isAuthorized returns true
-	 */
-	@Test 
-	//Should not throw an exception
-	public void enforceAuthorizationEchoRuntimeParameterTrue() throws Exception {
-		accessController.assertAuthorized("EchoRuntimeParameter", Boolean.TRUE);
-	}
-	
-	/**
-	 * Ensure that isAuthorized translates into an exception if enforceAuthorization 
-	 * is called and isAuthorized returns false
-	 */
-	@Test (expected = AccessControlException.class)	 
-	public void enforceAuthorizationEchoRuntimeParameterFalse() throws Exception {		
-		accessController.assertAuthorized("EchoRuntimeParameter", Boolean.FALSE);
-	}
-	
-	@Test (expected = AccessControlException.class)	 
-	public void enforceAuthorizationEchoRuntimeParameterClassCastException() throws Exception {	
-		accessController.assertAuthorized("EchoRuntimeParameter", "This is not a boolean");
-	}
-	
-	@Test (expected = AccessControlException.class)	 
-	public void enforceAuthorizationEchoRuntimeParameterNullRuntimeParameter() throws Exception {		
-		accessController.assertAuthorized("EchoRuntimeParameter", null);
-	}
-	
-	@org.junit.Test
-	public void delegatingACR() throws Exception {
-		DelegatingACR delegatingACR = new DelegatingACR();
-		DynaBeanACRParameter policyParameter = new DynaBeanACRParameter();
-
-		delegatingACR = new DelegatingACR();
-		policyParameter = new DynaBeanACRParameter();
-		policyParameter.set("delegateClass", "java.lang.Object");
-		policyParameter.set("delegateMethod", "equals");
-		policyParameter.set("parameterClasses", new String[] {"java.lang.Object"});
-		delegatingACR.setPolicyParameters(policyParameter);
-		org.junit.Assert.assertFalse(delegatingACR.isAuthorized(new Object[] {new Object()}));
-		org.junit.Assert.assertFalse(delegatingACR.isAuthorized(new Object[] {delegatingACR}));
-
-		
-		policyParameter.set("delegateClass", "org.owasp.esapi.reference.accesscontrol.AlwaysTrueACR");
-		policyParameter.set("delegateMethod", "isAuthorized");
-		policyParameter.set("parameterClasses", new String[] {"java.lang.Object"});
-		delegatingACR.setPolicyParameters(policyParameter);
-		org.junit.Assert.assertTrue(delegatingACR.isAuthorized(new Object[] {null}));
-		
-		delegatingACR = new DelegatingACR();
-		policyParameter = new DynaBeanACRParameter();
-		policyParameter.set("delegateClass", "org.owasp.esapi.reference.accesscontrol.AlwaysFalseACR");
-		policyParameter.set("delegateMethod", "isAuthorized");
-		policyParameter.set("parameterClasses", new String[] {"java.lang.Object"});
-		delegatingACR.setPolicyParameters(policyParameter);
-		org.junit.Assert.assertFalse(delegatingACR.isAuthorized(new Object[] {null}));
-	}
-	
-}
+package org.owasp.esapi.reference.accesscontrol;
+
+import static org.junit.Assert.assertEquals;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.owasp.esapi.AccessController;
+import org.owasp.esapi.errors.AccessControlException;
+import org.owasp.esapi.reference.accesscontrol.AlwaysFalseACR;
+import org.owasp.esapi.reference.accesscontrol.AlwaysTrueACR;
+import org.owasp.esapi.reference.accesscontrol.ExperimentalAccessController;
+
+/**
+ * Answers the question: is the AccessController itself working properly?
+ * @author Mike H. Fauzy
+ *
+ */
+public class AccessControllerTest {
+	
+	protected AccessController accessController;
+		
+	@Before
+	public void setup() {
+		Map accessControlRules = new HashMap(3);
+		accessControlRules.put("AlwaysTrue", new AlwaysTrueACR());
+		accessControlRules.put("AlwaysFalse", new AlwaysFalseACR());		
+		accessControlRules.put("EchoRuntimeParameter", new EchoRuntimeParameterACR());
+		accessController = new ExperimentalAccessController(accessControlRules);
+	}
+	
+	@Test 
+	public void isAuthorized() {
+		assertEquals("Rule Not Found: null", accessController.isAuthorized(null, null), false);
+		assertEquals("Rule Not Found: Invalid Key", accessController.isAuthorized("A key that does not map to a rule", null), false);		
+
+		assertEquals("AlwaysTrue", accessController.isAuthorized("AlwaysTrue", null), true);
+		assertEquals("AlwaysFalse", accessController.isAuthorized("AlwaysFalse", null), false);
+		
+		assertEquals("EchoRuntimeParameter: True", accessController.isAuthorized("EchoRuntimeParameter", Boolean.TRUE), true );
+		assertEquals("EchoRuntimeParameter: False", accessController.isAuthorized("EchoRuntimeParameter", Boolean.FALSE), false);
+		assertEquals("EchoRuntimeParameter: ClassCastException", accessController.isAuthorized("EchoRuntimeParameter", "This is not a boolean"), false);
+		assertEquals("EchoRuntimeParameter: null Runtime Parameter", accessController.isAuthorized("EchoRuntimeParameter", null), false);
+	}
+	
+	@Test (expected = AccessControlException.class)	 
+	public void enforceAuthorizationRuleNotFoundNullKey() throws Exception {		
+		accessController.assertAuthorized(null, null);
+	}
+	@Test (expected = AccessControlException.class)	 
+	public void enforceAuthorizationRuleAKeyThatDoesNotMapToARule() throws Exception {		
+		accessController.assertAuthorized("A key that does not map to a rule", null);
+	}
+	
+	
+	@Test  
+	//Should not throw an exception
+	public void enforceAuthorizationAlwaysTrue() throws Exception {		
+		accessController.assertAuthorized("AlwaysTrue", null);
+	}
+	
+	@Test (expected = AccessControlException.class)	 
+	public void enforceAuthorizationAlwaysFalse() throws Exception {		
+		accessController.assertAuthorized("AlwaysFalse", null);
+	}
+	
+	/**
+	 * Ensure that isAuthorized does nothing if enforceAuthorization 
+	 * is called and isAuthorized returns true
+	 */
+	@Test 
+	//Should not throw an exception
+	public void enforceAuthorizationEchoRuntimeParameterTrue() throws Exception {
+		accessController.assertAuthorized("EchoRuntimeParameter", Boolean.TRUE);
+	}
+	
+	/**
+	 * Ensure that isAuthorized translates into an exception if enforceAuthorization 
+	 * is called and isAuthorized returns false
+	 */
+	@Test (expected = AccessControlException.class)	 
+	public void enforceAuthorizationEchoRuntimeParameterFalse() throws Exception {		
+		accessController.assertAuthorized("EchoRuntimeParameter", Boolean.FALSE);
+	}
+	
+	@Test (expected = AccessControlException.class)	 
+	public void enforceAuthorizationEchoRuntimeParameterClassCastException() throws Exception {	
+		accessController.assertAuthorized("EchoRuntimeParameter", "This is not a boolean");
+	}
+	
+	@Test (expected = AccessControlException.class)	 
+	public void enforceAuthorizationEchoRuntimeParameterNullRuntimeParameter() throws Exception {		
+		accessController.assertAuthorized("EchoRuntimeParameter", null);
+	}
+	
+	@org.junit.Test
+	public void delegatingACR() throws Exception {
+		DelegatingACR delegatingACR = new DelegatingACR();
+		DynaBeanACRParameter policyParameter = new DynaBeanACRParameter();
+
+		delegatingACR = new DelegatingACR();
+		policyParameter = new DynaBeanACRParameter();
+		policyParameter.set("delegateClass", "java.lang.Object");
+		policyParameter.set("delegateMethod", "equals");
+		policyParameter.set("parameterClasses", new String[] {"java.lang.Object"});
+		delegatingACR.setPolicyParameters(policyParameter);
+		org.junit.Assert.assertFalse(delegatingACR.isAuthorized(new Object[] {new Object()}));
+		org.junit.Assert.assertFalse(delegatingACR.isAuthorized(new Object[] {delegatingACR}));
+
+		
+		policyParameter.set("delegateClass", "org.owasp.esapi.reference.accesscontrol.AlwaysTrueACR");
+		policyParameter.set("delegateMethod", "isAuthorized");
+		policyParameter.set("parameterClasses", new String[] {"java.lang.Object"});
+		delegatingACR.setPolicyParameters(policyParameter);
+		org.junit.Assert.assertTrue(delegatingACR.isAuthorized(new Object[] {null}));
+		
+		delegatingACR = new DelegatingACR();
+		policyParameter = new DynaBeanACRParameter();
+		policyParameter.set("delegateClass", "org.owasp.esapi.reference.accesscontrol.AlwaysFalseACR");
+		policyParameter.set("delegateMethod", "isAuthorized");
+		policyParameter.set("parameterClasses", new String[] {"java.lang.Object"});
+		delegatingACR.setPolicyParameters(policyParameter);
+		org.junit.Assert.assertFalse(delegatingACR.isAuthorized(new Object[] {null}));
+	}
+	
+}

From 0abd4a1a06f0c55b81635b9f96ce3bad040f4e25 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:51 -0500
Subject: [PATCH 231/812] Change CRLF to LF for issue 356.

---
 .../esapi/reference/AccessControllerTest.java | 716 +++++++++---------
 1 file changed, 358 insertions(+), 358 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/reference/AccessControllerTest.java b/src/test/java/org/owasp/esapi/reference/AccessControllerTest.java
index b3c2a6d8b..ad53d9ea3 100644
--- a/src/test/java/org/owasp/esapi/reference/AccessControllerTest.java
+++ b/src/test/java/org/owasp/esapi/reference/AccessControllerTest.java
@@ -1,358 +1,358 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.AccessController;
-import org.owasp.esapi.Authenticator;
-import org.owasp.esapi.User;
-import org.owasp.esapi.errors.AccessControlException;
-
-
-/**
- * The Class AccessControllerTest.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class AccessControllerTest extends TestCase {
-
-	/**
-	 * Instantiates a new access controller test.
-	 * 
-	 * @param testName
-     *            the test name
-     * @throws Exception
-	 */
-	public AccessControllerTest(String testName) throws Exception {
-		super(testName);
-		
-		Authenticator authenticator = ESAPI.authenticator();
-		String password = authenticator.generateStrongPassword();
-
-		// create a user with the "user" role for this test
-		User alice = authenticator.getUser("testuser1");
-		if ( alice == null ) {
-			alice = authenticator.createUser( "testuser1", password, password);
-		}
-		alice.addRole("user");		
-
-		// create a user with the "admin" role for this test
-		User bob = authenticator.getUser("testuser2");
-		if ( bob == null ) {
-			bob = authenticator.createUser( "testuser2", password, password);
-		}
-		bob.addRole("admin");
-		
-		// create a user with the "user" and "admin" roles for this test
-		User mitch = authenticator.getUser("testuser3");
-		if ( mitch == null ) {
-			mitch = authenticator.createUser( "testuser3", password, password);
-		}
-		mitch.addRole("admin");
-		mitch.addRole("user");
-	}
-
-    /**
-     * {@inheritDoc}
-     *
-     * @throws Exception
-     */
-	protected void setUp() throws Exception {
-	}
-
-    /**
-     * {@inheritDoc}
-     *
-     * @throws Exception
-     */
-	protected void tearDown() throws Exception {
-		// none
-	}
-
-	/**
-	 * Suite.
-	 * 
-	 * @return the test
-	 */
-	public static Test suite() {
-		TestSuite suite = new TestSuite(AccessControllerTest.class);
-		return suite;
-	}
-
-    /**
-     *
-     */
-    public void testMatchRule() {
-		ESAPI.authenticator().setCurrentUser(null);
-		assertFalse(ESAPI.accessController().isAuthorizedForURL("/nobody"));
-	}
-	
-	/**
-	 * Test of isAuthorizedForURL method, of class
-	 * org.owasp.esapi.AccessController.
-     *
-     * @throws Exception
-     */
-	public void testIsAuthorizedForURL() throws Exception {
-		System.out.println("isAuthorizedForURL");
-		AccessController instance = ESAPI.accessController();
-		Authenticator auth = ESAPI.authenticator();
-		
-		auth.setCurrentUser( auth.getUser("testuser1") );
-		assertFalse(instance.isAuthorizedForURL("/nobody"));
-		assertFalse(instance.isAuthorizedForURL("/test/admin"));
-		assertTrue(instance.isAuthorizedForURL("/test/user"));
-		assertTrue(instance.isAuthorizedForURL("/test/all"));
-		assertFalse(instance.isAuthorizedForURL("/test/none"));
-		assertTrue(instance.isAuthorizedForURL("/test/none/test.gif"));
-		assertFalse(instance.isAuthorizedForURL("/test/none/test.exe"));
-		assertTrue(instance.isAuthorizedForURL("/test/none/test.png"));
-		assertFalse(instance.isAuthorizedForURL("/test/moderator"));
-		assertTrue(instance.isAuthorizedForURL("/test/profile"));
-		assertFalse(instance.isAuthorizedForURL("/upload"));
-
-		auth.setCurrentUser( auth.getUser("testuser2") );
-		assertFalse(instance.isAuthorizedForURL("/nobody"));
-		assertTrue(instance.isAuthorizedForURL("/test/admin"));
-		assertFalse(instance.isAuthorizedForURL("/test/user"));
-		assertTrue(instance.isAuthorizedForURL("/test/all"));
-		assertFalse(instance.isAuthorizedForURL("/test/none"));
-		assertTrue(instance.isAuthorizedForURL("/test/none/test.png"));
-		assertFalse(instance.isAuthorizedForURL("/test/moderator"));
-		assertTrue(instance.isAuthorizedForURL("/test/profile"));
-		assertFalse(instance.isAuthorizedForURL("/upload"));
-		
-		auth.setCurrentUser( auth.getUser("testuser3") );
-		assertFalse(instance.isAuthorizedForURL("/nobody"));
-		assertTrue(instance.isAuthorizedForURL("/test/admin"));
-		assertTrue(instance.isAuthorizedForURL("/test/user"));
-		assertTrue(instance.isAuthorizedForURL("/test/all"));
-		assertFalse(instance.isAuthorizedForURL("/test/none"));
-		assertTrue(instance.isAuthorizedForURL("/test/none/test.png"));
-		assertFalse(instance.isAuthorizedForURL("/test/moderator"));
-		assertTrue(instance.isAuthorizedForURL("/test/profile"));
-		assertFalse(instance.isAuthorizedForURL("/upload"));
-		
-		try {
-			instance.assertAuthorizedForURL("/test/admin");
-			instance.assertAuthorizedForURL( "/nobody" );
-			fail();
-		} catch ( AccessControlException e ) {
-			// expected
-		}
-	}
-
-	/**
-	 * Test of isAuthorizedForFunction method, of class
-	 * org.owasp.esapi.AccessController.
-	 */
-	public void testIsAuthorizedForFunction() {
-		System.out.println("isAuthorizedForFunction");
-		AccessController instance = ESAPI.accessController();
-		Authenticator auth = ESAPI.authenticator();
-		
-		auth.setCurrentUser( auth.getUser("testuser1") );
-		assertTrue(instance.isAuthorizedForFunction("/FunctionA"));
-		assertFalse(instance.isAuthorizedForFunction("/FunctionAdeny"));
-		assertFalse(instance.isAuthorizedForFunction("/FunctionB"));
-		assertFalse(instance.isAuthorizedForFunction("/FunctionBdeny"));
-		assertTrue(instance.isAuthorizedForFunction("/FunctionC"));
-		assertFalse(instance.isAuthorizedForFunction("/FunctionCdeny"));
-
-		auth.setCurrentUser( auth.getUser("testuser2") );
-		assertFalse(instance.isAuthorizedForFunction("/FunctionA"));
-		assertFalse(instance.isAuthorizedForFunction("/FunctionAdeny"));
-		assertTrue(instance.isAuthorizedForFunction("/FunctionB"));
-		assertFalse(instance.isAuthorizedForFunction("/FunctionBdeny"));
-		assertTrue(instance.isAuthorizedForFunction("/FunctionD"));
-		assertFalse(instance.isAuthorizedForFunction("/FunctionDdeny"));
-
-		auth.setCurrentUser( auth.getUser("testuser3") );
-		assertTrue(instance.isAuthorizedForFunction("/FunctionA"));
-		assertFalse(instance.isAuthorizedForFunction("/FunctionAdeny"));
-		assertTrue(instance.isAuthorizedForFunction("/FunctionB"));
-		assertFalse(instance.isAuthorizedForFunction("/FunctionBdeny"));
-		assertTrue(instance.isAuthorizedForFunction("/FunctionC"));
-		assertFalse(instance.isAuthorizedForFunction("/FunctionCdeny"));
-
-		try {
-			instance.assertAuthorizedForFunction("/FunctionA");
-			instance.assertAuthorizedForFunction( "/FunctionDdeny" );
-			fail();
-		} catch ( AccessControlException e ) {
-			// expected
-		}
-	}
-
-	/**
-	 * Test of isAuthorizedForData method, of class
-	 * org.owasp.esapi.AccessController.
-	 */
-	public void testIsAuthorizedForData() {
-		System.out.println("isAuthorizedForData");
-		AccessController instance = ESAPI.accessController();
-		Authenticator auth = ESAPI.authenticator();
-		
-		Class adminR = null;
-		Class adminRW = null;
-		Class userW = null;
-		Class userRW = null;
-		Class anyR = null;
-		Class userAdminR = null;
-		Class userAdminRW = null;
-		Class undefined = null;
-		
-		try{
-			adminR = Class.forName("java.util.ArrayList");
-			adminRW = Class.forName("java.lang.Math");
-			userW = Class.forName("java.util.Date");
-			userRW = Class.forName("java.lang.String");
-			anyR = Class.forName("java.io.BufferedReader");
-			userAdminR = Class.forName("java.util.Random");
-			userAdminRW = Class.forName("java.awt.event.MouseWheelEvent");
-			undefined = Class.forName("java.io.FileWriter");
-			
-		}catch(ClassNotFoundException cnf){
-			System.out.println("CLASS NOT FOUND.");
-			cnf.printStackTrace();
-		}
-		//test User
-		auth.setCurrentUser( auth.getUser("testuser1") );
-		assertTrue(instance.isAuthorizedForData("read", userRW));
-		assertFalse(instance.isAuthorizedForData("read", undefined));
-		assertFalse(instance.isAuthorizedForData("write", undefined));
-		assertFalse(instance.isAuthorizedForData("read", userW));
-		assertFalse(instance.isAuthorizedForData("read", adminRW));
-		assertTrue(instance.isAuthorizedForData("write", userRW));
-		assertTrue(instance.isAuthorizedForData("write", userW));
-		assertFalse(instance.isAuthorizedForData("write", anyR));
-		assertTrue(instance.isAuthorizedForData("read", anyR));
-		assertTrue(instance.isAuthorizedForData("read", userAdminR));
-		assertTrue(instance.isAuthorizedForData("write", userAdminRW));
-		
-		//test Admin
-		auth.setCurrentUser( auth.getUser("testuser2") );
-		assertTrue(instance.isAuthorizedForData("read", adminRW));
-		assertFalse(instance.isAuthorizedForData("read", undefined));
-		assertFalse(instance.isAuthorizedForData("write", undefined));
-		assertFalse(instance.isAuthorizedForData("read", userRW));
-		assertTrue(instance.isAuthorizedForData("write", adminRW));
-		assertFalse(instance.isAuthorizedForData("write", anyR));
-		assertTrue(instance.isAuthorizedForData("read", anyR));
-		assertTrue(instance.isAuthorizedForData("read", userAdminR));
-		assertTrue(instance.isAuthorizedForData("write", userAdminRW));
-		
-		//test User/Admin
-		auth.setCurrentUser( auth.getUser("testuser3") );
-		assertTrue(instance.isAuthorizedForData("read", userRW));
-		assertFalse(instance.isAuthorizedForData("read", undefined));
-		assertFalse(instance.isAuthorizedForData("write", undefined));
-		assertFalse(instance.isAuthorizedForData("read", userW));
-		assertTrue(instance.isAuthorizedForData("read", adminR));
-		assertTrue(instance.isAuthorizedForData("write", userRW));
-		assertTrue(instance.isAuthorizedForData("write", userW));
-		assertFalse(instance.isAuthorizedForData("write", anyR));
-		assertTrue(instance.isAuthorizedForData("read", anyR));
-		assertTrue(instance.isAuthorizedForData("read", userAdminR));
-		assertTrue(instance.isAuthorizedForData("write", userAdminRW));
-		try {
-			instance.assertAuthorizedForData("read", userRW);
-			instance.assertAuthorizedForData( "write", adminR );
-			fail();
-		} catch ( AccessControlException e ) {
-			// expected
-		}
-		
-	}
-
-	/**
-	 * Test of isAuthorizedForFile method, of class
-	 * org.owasp.esapi.AccessController.
-	 */
-	public void testIsAuthorizedForFile() {
-		System.out.println("isAuthorizedForFile");
-		AccessController instance = ESAPI.accessController();
-		Authenticator auth = ESAPI.authenticator();
-		
-		auth.setCurrentUser( auth.getUser("testuser1") );
-		assertTrue(instance.isAuthorizedForFile("/Dir/File1"));
-		assertFalse(instance.isAuthorizedForFile("/Dir/File2"));
-		assertTrue(instance.isAuthorizedForFile("/Dir/File3"));
-		assertFalse(instance.isAuthorizedForFile("/Dir/ridiculous"));
-
-		auth.setCurrentUser( auth.getUser("testuser2") );
-		assertFalse(instance.isAuthorizedForFile("/Dir/File1"));
-		assertTrue(instance.isAuthorizedForFile("/Dir/File2"));
-		assertTrue(instance.isAuthorizedForFile("/Dir/File4"));
-		assertFalse(instance.isAuthorizedForFile("/Dir/ridiculous"));
-
-		auth.setCurrentUser( auth.getUser("testuser3") );
-		assertTrue(instance.isAuthorizedForFile("/Dir/File1"));
-		assertTrue(instance.isAuthorizedForFile("/Dir/File2"));
-		assertFalse(instance.isAuthorizedForFile("/Dir/File5"));
-		assertFalse(instance.isAuthorizedForFile("/Dir/ridiculous"));
-
-		try {
-			instance.assertAuthorizedForFile("/Dir/File1");
-			instance.assertAuthorizedForFile( "/Dir/File6" );
-			fail();
-		} catch ( AccessControlException e ) {
-			// expected
-		}
-	}
-
-	/**
-	 * Test of isAuthorizedForService method, of class
-	 * org.owasp.esapi.AccessController.
-	 */
-	public void testIsAuthorizedForService() {
-		System.out.println("isAuthorizedForService");
-		AccessController instance = ESAPI.accessController();
-		Authenticator auth = ESAPI.authenticator();
-		
-		auth.setCurrentUser( auth.getUser("testuser1") );
-		assertTrue(instance.isAuthorizedForService("/services/ServiceA"));
-		assertFalse(instance.isAuthorizedForService("/services/ServiceB"));
-		assertTrue(instance.isAuthorizedForService("/services/ServiceC"));
-		
-		assertFalse(instance.isAuthorizedForService("/test/ridiculous"));
-
-		auth.setCurrentUser( auth.getUser("testuser2") );
-		assertFalse(instance.isAuthorizedForService("/services/ServiceA"));
-		assertTrue(instance.isAuthorizedForService("/services/ServiceB"));
-		assertFalse(instance.isAuthorizedForService("/services/ServiceF"));
-		assertFalse(instance.isAuthorizedForService("/test/ridiculous"));
-
-		auth.setCurrentUser( auth.getUser("testuser3") );
-		assertTrue(instance.isAuthorizedForService("/services/ServiceA"));
-		assertTrue(instance.isAuthorizedForService("/services/ServiceB"));
-		assertFalse(instance.isAuthorizedForService("/services/ServiceE"));
-		assertFalse(instance.isAuthorizedForService("/test/ridiculous"));
-
-		try {
-			instance.assertAuthorizedForService("/services/ServiceD");
-			instance.assertAuthorizedForService( "/test/ridiculous" );
-			fail();
-		} catch ( AccessControlException e ) {
-			// expected
-		}
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.AccessController;
+import org.owasp.esapi.Authenticator;
+import org.owasp.esapi.User;
+import org.owasp.esapi.errors.AccessControlException;
+
+
+/**
+ * The Class AccessControllerTest.
+ * 
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class AccessControllerTest extends TestCase {
+
+	/**
+	 * Instantiates a new access controller test.
+	 * 
+	 * @param testName
+     *            the test name
+     * @throws Exception
+	 */
+	public AccessControllerTest(String testName) throws Exception {
+		super(testName);
+		
+		Authenticator authenticator = ESAPI.authenticator();
+		String password = authenticator.generateStrongPassword();
+
+		// create a user with the "user" role for this test
+		User alice = authenticator.getUser("testuser1");
+		if ( alice == null ) {
+			alice = authenticator.createUser( "testuser1", password, password);
+		}
+		alice.addRole("user");		
+
+		// create a user with the "admin" role for this test
+		User bob = authenticator.getUser("testuser2");
+		if ( bob == null ) {
+			bob = authenticator.createUser( "testuser2", password, password);
+		}
+		bob.addRole("admin");
+		
+		// create a user with the "user" and "admin" roles for this test
+		User mitch = authenticator.getUser("testuser3");
+		if ( mitch == null ) {
+			mitch = authenticator.createUser( "testuser3", password, password);
+		}
+		mitch.addRole("admin");
+		mitch.addRole("user");
+	}
+
+    /**
+     * {@inheritDoc}
+     *
+     * @throws Exception
+     */
+	protected void setUp() throws Exception {
+	}
+
+    /**
+     * {@inheritDoc}
+     *
+     * @throws Exception
+     */
+	protected void tearDown() throws Exception {
+		// none
+	}
+
+	/**
+	 * Suite.
+	 * 
+	 * @return the test
+	 */
+	public static Test suite() {
+		TestSuite suite = new TestSuite(AccessControllerTest.class);
+		return suite;
+	}
+
+    /**
+     *
+     */
+    public void testMatchRule() {
+		ESAPI.authenticator().setCurrentUser(null);
+		assertFalse(ESAPI.accessController().isAuthorizedForURL("/nobody"));
+	}
+	
+	/**
+	 * Test of isAuthorizedForURL method, of class
+	 * org.owasp.esapi.AccessController.
+     *
+     * @throws Exception
+     */
+	public void testIsAuthorizedForURL() throws Exception {
+		System.out.println("isAuthorizedForURL");
+		AccessController instance = ESAPI.accessController();
+		Authenticator auth = ESAPI.authenticator();
+		
+		auth.setCurrentUser( auth.getUser("testuser1") );
+		assertFalse(instance.isAuthorizedForURL("/nobody"));
+		assertFalse(instance.isAuthorizedForURL("/test/admin"));
+		assertTrue(instance.isAuthorizedForURL("/test/user"));
+		assertTrue(instance.isAuthorizedForURL("/test/all"));
+		assertFalse(instance.isAuthorizedForURL("/test/none"));
+		assertTrue(instance.isAuthorizedForURL("/test/none/test.gif"));
+		assertFalse(instance.isAuthorizedForURL("/test/none/test.exe"));
+		assertTrue(instance.isAuthorizedForURL("/test/none/test.png"));
+		assertFalse(instance.isAuthorizedForURL("/test/moderator"));
+		assertTrue(instance.isAuthorizedForURL("/test/profile"));
+		assertFalse(instance.isAuthorizedForURL("/upload"));
+
+		auth.setCurrentUser( auth.getUser("testuser2") );
+		assertFalse(instance.isAuthorizedForURL("/nobody"));
+		assertTrue(instance.isAuthorizedForURL("/test/admin"));
+		assertFalse(instance.isAuthorizedForURL("/test/user"));
+		assertTrue(instance.isAuthorizedForURL("/test/all"));
+		assertFalse(instance.isAuthorizedForURL("/test/none"));
+		assertTrue(instance.isAuthorizedForURL("/test/none/test.png"));
+		assertFalse(instance.isAuthorizedForURL("/test/moderator"));
+		assertTrue(instance.isAuthorizedForURL("/test/profile"));
+		assertFalse(instance.isAuthorizedForURL("/upload"));
+		
+		auth.setCurrentUser( auth.getUser("testuser3") );
+		assertFalse(instance.isAuthorizedForURL("/nobody"));
+		assertTrue(instance.isAuthorizedForURL("/test/admin"));
+		assertTrue(instance.isAuthorizedForURL("/test/user"));
+		assertTrue(instance.isAuthorizedForURL("/test/all"));
+		assertFalse(instance.isAuthorizedForURL("/test/none"));
+		assertTrue(instance.isAuthorizedForURL("/test/none/test.png"));
+		assertFalse(instance.isAuthorizedForURL("/test/moderator"));
+		assertTrue(instance.isAuthorizedForURL("/test/profile"));
+		assertFalse(instance.isAuthorizedForURL("/upload"));
+		
+		try {
+			instance.assertAuthorizedForURL("/test/admin");
+			instance.assertAuthorizedForURL( "/nobody" );
+			fail();
+		} catch ( AccessControlException e ) {
+			// expected
+		}
+	}
+
+	/**
+	 * Test of isAuthorizedForFunction method, of class
+	 * org.owasp.esapi.AccessController.
+	 */
+	public void testIsAuthorizedForFunction() {
+		System.out.println("isAuthorizedForFunction");
+		AccessController instance = ESAPI.accessController();
+		Authenticator auth = ESAPI.authenticator();
+		
+		auth.setCurrentUser( auth.getUser("testuser1") );
+		assertTrue(instance.isAuthorizedForFunction("/FunctionA"));
+		assertFalse(instance.isAuthorizedForFunction("/FunctionAdeny"));
+		assertFalse(instance.isAuthorizedForFunction("/FunctionB"));
+		assertFalse(instance.isAuthorizedForFunction("/FunctionBdeny"));
+		assertTrue(instance.isAuthorizedForFunction("/FunctionC"));
+		assertFalse(instance.isAuthorizedForFunction("/FunctionCdeny"));
+
+		auth.setCurrentUser( auth.getUser("testuser2") );
+		assertFalse(instance.isAuthorizedForFunction("/FunctionA"));
+		assertFalse(instance.isAuthorizedForFunction("/FunctionAdeny"));
+		assertTrue(instance.isAuthorizedForFunction("/FunctionB"));
+		assertFalse(instance.isAuthorizedForFunction("/FunctionBdeny"));
+		assertTrue(instance.isAuthorizedForFunction("/FunctionD"));
+		assertFalse(instance.isAuthorizedForFunction("/FunctionDdeny"));
+
+		auth.setCurrentUser( auth.getUser("testuser3") );
+		assertTrue(instance.isAuthorizedForFunction("/FunctionA"));
+		assertFalse(instance.isAuthorizedForFunction("/FunctionAdeny"));
+		assertTrue(instance.isAuthorizedForFunction("/FunctionB"));
+		assertFalse(instance.isAuthorizedForFunction("/FunctionBdeny"));
+		assertTrue(instance.isAuthorizedForFunction("/FunctionC"));
+		assertFalse(instance.isAuthorizedForFunction("/FunctionCdeny"));
+
+		try {
+			instance.assertAuthorizedForFunction("/FunctionA");
+			instance.assertAuthorizedForFunction( "/FunctionDdeny" );
+			fail();
+		} catch ( AccessControlException e ) {
+			// expected
+		}
+	}
+
+	/**
+	 * Test of isAuthorizedForData method, of class
+	 * org.owasp.esapi.AccessController.
+	 */
+	public void testIsAuthorizedForData() {
+		System.out.println("isAuthorizedForData");
+		AccessController instance = ESAPI.accessController();
+		Authenticator auth = ESAPI.authenticator();
+		
+		Class adminR = null;
+		Class adminRW = null;
+		Class userW = null;
+		Class userRW = null;
+		Class anyR = null;
+		Class userAdminR = null;
+		Class userAdminRW = null;
+		Class undefined = null;
+		
+		try{
+			adminR = Class.forName("java.util.ArrayList");
+			adminRW = Class.forName("java.lang.Math");
+			userW = Class.forName("java.util.Date");
+			userRW = Class.forName("java.lang.String");
+			anyR = Class.forName("java.io.BufferedReader");
+			userAdminR = Class.forName("java.util.Random");
+			userAdminRW = Class.forName("java.awt.event.MouseWheelEvent");
+			undefined = Class.forName("java.io.FileWriter");
+			
+		}catch(ClassNotFoundException cnf){
+			System.out.println("CLASS NOT FOUND.");
+			cnf.printStackTrace();
+		}
+		//test User
+		auth.setCurrentUser( auth.getUser("testuser1") );
+		assertTrue(instance.isAuthorizedForData("read", userRW));
+		assertFalse(instance.isAuthorizedForData("read", undefined));
+		assertFalse(instance.isAuthorizedForData("write", undefined));
+		assertFalse(instance.isAuthorizedForData("read", userW));
+		assertFalse(instance.isAuthorizedForData("read", adminRW));
+		assertTrue(instance.isAuthorizedForData("write", userRW));
+		assertTrue(instance.isAuthorizedForData("write", userW));
+		assertFalse(instance.isAuthorizedForData("write", anyR));
+		assertTrue(instance.isAuthorizedForData("read", anyR));
+		assertTrue(instance.isAuthorizedForData("read", userAdminR));
+		assertTrue(instance.isAuthorizedForData("write", userAdminRW));
+		
+		//test Admin
+		auth.setCurrentUser( auth.getUser("testuser2") );
+		assertTrue(instance.isAuthorizedForData("read", adminRW));
+		assertFalse(instance.isAuthorizedForData("read", undefined));
+		assertFalse(instance.isAuthorizedForData("write", undefined));
+		assertFalse(instance.isAuthorizedForData("read", userRW));
+		assertTrue(instance.isAuthorizedForData("write", adminRW));
+		assertFalse(instance.isAuthorizedForData("write", anyR));
+		assertTrue(instance.isAuthorizedForData("read", anyR));
+		assertTrue(instance.isAuthorizedForData("read", userAdminR));
+		assertTrue(instance.isAuthorizedForData("write", userAdminRW));
+		
+		//test User/Admin
+		auth.setCurrentUser( auth.getUser("testuser3") );
+		assertTrue(instance.isAuthorizedForData("read", userRW));
+		assertFalse(instance.isAuthorizedForData("read", undefined));
+		assertFalse(instance.isAuthorizedForData("write", undefined));
+		assertFalse(instance.isAuthorizedForData("read", userW));
+		assertTrue(instance.isAuthorizedForData("read", adminR));
+		assertTrue(instance.isAuthorizedForData("write", userRW));
+		assertTrue(instance.isAuthorizedForData("write", userW));
+		assertFalse(instance.isAuthorizedForData("write", anyR));
+		assertTrue(instance.isAuthorizedForData("read", anyR));
+		assertTrue(instance.isAuthorizedForData("read", userAdminR));
+		assertTrue(instance.isAuthorizedForData("write", userAdminRW));
+		try {
+			instance.assertAuthorizedForData("read", userRW);
+			instance.assertAuthorizedForData( "write", adminR );
+			fail();
+		} catch ( AccessControlException e ) {
+			// expected
+		}
+		
+	}
+
+	/**
+	 * Test of isAuthorizedForFile method, of class
+	 * org.owasp.esapi.AccessController.
+	 */
+	public void testIsAuthorizedForFile() {
+		System.out.println("isAuthorizedForFile");
+		AccessController instance = ESAPI.accessController();
+		Authenticator auth = ESAPI.authenticator();
+		
+		auth.setCurrentUser( auth.getUser("testuser1") );
+		assertTrue(instance.isAuthorizedForFile("/Dir/File1"));
+		assertFalse(instance.isAuthorizedForFile("/Dir/File2"));
+		assertTrue(instance.isAuthorizedForFile("/Dir/File3"));
+		assertFalse(instance.isAuthorizedForFile("/Dir/ridiculous"));
+
+		auth.setCurrentUser( auth.getUser("testuser2") );
+		assertFalse(instance.isAuthorizedForFile("/Dir/File1"));
+		assertTrue(instance.isAuthorizedForFile("/Dir/File2"));
+		assertTrue(instance.isAuthorizedForFile("/Dir/File4"));
+		assertFalse(instance.isAuthorizedForFile("/Dir/ridiculous"));
+
+		auth.setCurrentUser( auth.getUser("testuser3") );
+		assertTrue(instance.isAuthorizedForFile("/Dir/File1"));
+		assertTrue(instance.isAuthorizedForFile("/Dir/File2"));
+		assertFalse(instance.isAuthorizedForFile("/Dir/File5"));
+		assertFalse(instance.isAuthorizedForFile("/Dir/ridiculous"));
+
+		try {
+			instance.assertAuthorizedForFile("/Dir/File1");
+			instance.assertAuthorizedForFile( "/Dir/File6" );
+			fail();
+		} catch ( AccessControlException e ) {
+			// expected
+		}
+	}
+
+	/**
+	 * Test of isAuthorizedForService method, of class
+	 * org.owasp.esapi.AccessController.
+	 */
+	public void testIsAuthorizedForService() {
+		System.out.println("isAuthorizedForService");
+		AccessController instance = ESAPI.accessController();
+		Authenticator auth = ESAPI.authenticator();
+		
+		auth.setCurrentUser( auth.getUser("testuser1") );
+		assertTrue(instance.isAuthorizedForService("/services/ServiceA"));
+		assertFalse(instance.isAuthorizedForService("/services/ServiceB"));
+		assertTrue(instance.isAuthorizedForService("/services/ServiceC"));
+		
+		assertFalse(instance.isAuthorizedForService("/test/ridiculous"));
+
+		auth.setCurrentUser( auth.getUser("testuser2") );
+		assertFalse(instance.isAuthorizedForService("/services/ServiceA"));
+		assertTrue(instance.isAuthorizedForService("/services/ServiceB"));
+		assertFalse(instance.isAuthorizedForService("/services/ServiceF"));
+		assertFalse(instance.isAuthorizedForService("/test/ridiculous"));
+
+		auth.setCurrentUser( auth.getUser("testuser3") );
+		assertTrue(instance.isAuthorizedForService("/services/ServiceA"));
+		assertTrue(instance.isAuthorizedForService("/services/ServiceB"));
+		assertFalse(instance.isAuthorizedForService("/services/ServiceE"));
+		assertFalse(instance.isAuthorizedForService("/test/ridiculous"));
+
+		try {
+			instance.assertAuthorizedForService("/services/ServiceD");
+			instance.assertAuthorizedForService( "/test/ridiculous" );
+			fail();
+		} catch ( AccessControlException e ) {
+			// expected
+		}
+	}
+
+}

From cb30cf71c585f4c6be049ebb34f0d8a8399296b1 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:51 -0500
Subject: [PATCH 232/812] Change CRLF to LF for issue 356.

---
 .../policyloader/ACRPolicyFileLoaderTest.java | 140 +++++++++---------
 1 file changed, 70 insertions(+), 70 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRPolicyFileLoaderTest.java b/src/test/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRPolicyFileLoaderTest.java
index 1dcc86b15..851364bf9 100644
--- a/src/test/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRPolicyFileLoaderTest.java
+++ b/src/test/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRPolicyFileLoaderTest.java
@@ -1,70 +1,70 @@
-package org.owasp.esapi.reference.accesscontrol.policyloader;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertTrue;
-
-import java.util.Map;
-
-import org.junit.Before;
-import org.junit.Test;
-import org.owasp.esapi.AccessController;
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.errors.AccessControlException;
-/**
- * Answers the question: Is the policy file being loaded properly?
- * @author Mike H. Fauzy
- */
-public class ACRPolicyFileLoaderTest {
-
-	protected AccessController accessController;
-
-	@Before
-	public void setUp() throws Exception {
-		accessController = ESAPI.accessController();
-	}
-
-	@Test
-	public void testSetup() throws AccessControlException {
-		/**
-		 * This tests the policy file
-		 */
-		ACRPolicyFileLoader policyDescriptor = new ACRPolicyFileLoader();
-		PolicyDTO policyDTO = policyDescriptor.load();
-		Map accessControlRules = policyDTO.getAccessControlRules();
-		assertTrue("Some AccessControlRules are loaded", !accessControlRules
-				.isEmpty());
-		assertTrue("Access Control Map Contains AlwaysTrue", accessControlRules
-				.containsKey("AlwaysTrue"));
-		assertTrue("Access Control Map Contains AlwaysFalse",
-				accessControlRules.containsKey("AlwaysFalse"));
-		assertTrue("Access Control Map Contains EchoRuntimeParameter",
-				accessControlRules.containsKey("EchoRuntimeParameter"));
-		assertTrue("Access Control Map Contains EchoPolicyParameter",
-				accessControlRules.containsKey("EchoPolicyParameter"));
-	}
-
-	@Test
-	public void isAuthorizedEchoPolicyParameter() {
-		assertEquals("EchoPolicyParameter", accessController
-				.isAuthorized("EchoPolicyParameter", null), true);
-		assertEquals("EchoRuntimeParameterClassCastException", accessController
-				.isAuthorized("EchoRuntimeParameterClassCastException", null),
-				false);
-		// Policy parameter value null, empty or missing. (TODO add more fail
-		// state tests
-		// assertEquals("EchoRuntimeParameterValueNull",
-		// accessController.isAuthorized("EchoRuntimeParameterValueNull", null),
-		// false);
-		// assertEquals("EchoRuntimeParameterValueEmpty",
-		// accessController.isAuthorized("EchoRuntimeParameterValueEmpty",
-		// null), false);
-		// assertEquals("EchoRuntimeParameterValueMissing",
-		// accessController.isAuthorized("EchoRuntimeParameterValueMissing",
-		// null), false);
-	}
-	
-	@Test(expected = AccessControlException.class)
-	public void enforceAuthorizationRuleNotFoundNullKey() throws AccessControlException {
-		accessController.assertAuthorized(null, null);
-	}
-}
+package org.owasp.esapi.reference.accesscontrol.policyloader;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+import java.util.Map;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.owasp.esapi.AccessController;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.errors.AccessControlException;
+/**
+ * Answers the question: Is the policy file being loaded properly?
+ * @author Mike H. Fauzy
+ */
+public class ACRPolicyFileLoaderTest {
+
+	protected AccessController accessController;
+
+	@Before
+	public void setUp() throws Exception {
+		accessController = ESAPI.accessController();
+	}
+
+	@Test
+	public void testSetup() throws AccessControlException {
+		/**
+		 * This tests the policy file
+		 */
+		ACRPolicyFileLoader policyDescriptor = new ACRPolicyFileLoader();
+		PolicyDTO policyDTO = policyDescriptor.load();
+		Map accessControlRules = policyDTO.getAccessControlRules();
+		assertTrue("Some AccessControlRules are loaded", !accessControlRules
+				.isEmpty());
+		assertTrue("Access Control Map Contains AlwaysTrue", accessControlRules
+				.containsKey("AlwaysTrue"));
+		assertTrue("Access Control Map Contains AlwaysFalse",
+				accessControlRules.containsKey("AlwaysFalse"));
+		assertTrue("Access Control Map Contains EchoRuntimeParameter",
+				accessControlRules.containsKey("EchoRuntimeParameter"));
+		assertTrue("Access Control Map Contains EchoPolicyParameter",
+				accessControlRules.containsKey("EchoPolicyParameter"));
+	}
+
+	@Test
+	public void isAuthorizedEchoPolicyParameter() {
+		assertEquals("EchoPolicyParameter", accessController
+				.isAuthorized("EchoPolicyParameter", null), true);
+		assertEquals("EchoRuntimeParameterClassCastException", accessController
+				.isAuthorized("EchoRuntimeParameterClassCastException", null),
+				false);
+		// Policy parameter value null, empty or missing. (TODO add more fail
+		// state tests
+		// assertEquals("EchoRuntimeParameterValueNull",
+		// accessController.isAuthorized("EchoRuntimeParameterValueNull", null),
+		// false);
+		// assertEquals("EchoRuntimeParameterValueEmpty",
+		// accessController.isAuthorized("EchoRuntimeParameterValueEmpty",
+		// null), false);
+		// assertEquals("EchoRuntimeParameterValueMissing",
+		// accessController.isAuthorized("EchoRuntimeParameterValueMissing",
+		// null), false);
+	}
+	
+	@Test(expected = AccessControlException.class)
+	public void enforceAuthorizationRuleNotFoundNullKey() throws AccessControlException {
+		accessController.assertAuthorized(null, null);
+	}
+}

From 303feba778cd44e4f7b37ec9261b13dddb794e00 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:51 -0500
Subject: [PATCH 233/812] Change CRLF to LF for issue 356.

---
 .../reference/AccessReferenceMapTest.java     | 446 +++++++++---------
 1 file changed, 223 insertions(+), 223 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/reference/AccessReferenceMapTest.java b/src/test/java/org/owasp/esapi/reference/AccessReferenceMapTest.java
index ec9832997..1a26077ec 100644
--- a/src/test/java/org/owasp/esapi/reference/AccessReferenceMapTest.java
+++ b/src/test/java/org/owasp/esapi/reference/AccessReferenceMapTest.java
@@ -1,223 +1,223 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference;
-
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.Set;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-
-import org.owasp.esapi.Authenticator;
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.User;
-import org.owasp.esapi.errors.AccessControlException;
-import org.owasp.esapi.errors.AuthenticationException;
-import org.owasp.esapi.errors.EncryptionException;
-
-
-/**
- * The Class AccessReferenceMapTest.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class AccessReferenceMapTest extends TestCase {
-    
-    /**
-	 * Instantiates a new access reference map test.
-	 * 
-	 * @param testName
-	 *            the test name
-	 */
-    public AccessReferenceMapTest(String testName) {
-        super(testName);
-    }
-
-    /**
-     * {@inheritDoc}
-     * @throws Exception
-     */
-    protected void setUp() throws Exception {
-    	// none
-    }
-
-    /**
-     * {@inheritDoc}
-     * @throws Exception
-     */
-    protected void tearDown() throws Exception {
-    	// none
-    }
-
-    /**
-	 * Suite.
-	 * 
-	 * @return the test
-	 */
-    public static Test suite() {
-        TestSuite suite = new TestSuite(AccessReferenceMapTest.class);
-        return suite;
-    }
-
-    
-    /**
-	 * Test of update method, of class org.owasp.esapi.AccessReferenceMap.
-	 * 
-	 * @throws AuthenticationException
-     *             the authentication exception
-     * @throws EncryptionException
-	 */
-    public void testUpdate() throws AuthenticationException, EncryptionException {
-        System.out.println("update");
-    	RandomAccessReferenceMap arm = new RandomAccessReferenceMap();
-    	Authenticator auth = ESAPI.authenticator();
-    	
-    	String pass = auth.generateStrongPassword();
-    	User u = auth.createUser( "armUpdate", pass, pass );
-    	
-    	// test to make sure update returns something
-		arm.update(auth.getUserNames());
-		String indirect = arm.getIndirectReference( u.getAccountName() );
-		if ( indirect == null ) fail();
-		
-		// test to make sure update removes items that are no longer in the list
-		auth.removeUser( u.getAccountName() );
-		arm.update(auth.getUserNames());
-		indirect = arm.getIndirectReference( u.getAccountName() );
-		if ( indirect != null ) fail();
-		
-		// test to make sure old indirect reference is maintained after an update
-		arm.update(auth.getUserNames());
-		String newIndirect = arm.getIndirectReference( u.getAccountName() );
-		assertEquals(indirect, newIndirect);
-    }
-    
-    
-    /**
-	 * Test of iterator method, of class org.owasp.esapi.AccessReferenceMap.
-	 */
-    public void testIterator() {
-        System.out.println("iterator");
-    	RandomAccessReferenceMap arm = new RandomAccessReferenceMap();
-        Authenticator auth = ESAPI.authenticator();
-        
-		arm.update(auth.getUserNames());
-
-		Iterator i = arm.iterator();
-		while ( i.hasNext() ) {
-			String userName = (String)i.next();
-			User u = auth.getUser( userName );
-			if ( u == null ) fail();
-		}
-    }
-    
-    /**
-	 * Test of getIndirectReference method, of class
-	 * org.owasp.esapi.AccessReferenceMap.
-	 */
-    public void testGetIndirectReference() {
-        System.out.println("getIndirectReference");
-        
-        String directReference = "234";
-        Set list = new HashSet();
-        list.add( "123" );
-        list.add( directReference );
-        list.add( "345" );
-        RandomAccessReferenceMap instance = new RandomAccessReferenceMap( list );
-        
-        String expResult = directReference;
-        String result = instance.getIndirectReference(directReference);
-        assertNotSame(expResult, result);        
-    }
-
-    /**
-	 * Test of getDirectReference method, of class
-	 * org.owasp.esapi.AccessReferenceMap.
-	 * 
-	 * @throws AccessControlException
-	 *             the access control exception
-	 */
-    public void testGetDirectReference() throws AccessControlException {
-        System.out.println("getDirectReference");
-        
-        String directReference = "234";
-        Set list = new HashSet();
-        list.add( "123" );
-        list.add( directReference );
-        list.add( "345" );
-        RandomAccessReferenceMap instance = new RandomAccessReferenceMap( list );
-        
-        String ind = instance.getIndirectReference(directReference);
-        String dir = (String)instance.getDirectReference(ind);
-        assertEquals(directReference, dir);
-        try {
-        	instance.getDirectReference("invalid");
-        	fail();
-        } catch( AccessControlException e ) {
-        	// success
-        }
-    }
-    
-    /**
-     *
-     * @throws org.owasp.esapi.errors.AccessControlException
-     */
-    public void testAddDirectReference() throws AccessControlException {
-        System.out.println("addDirectReference");
-        
-        String directReference = "234";
-        Set list = new HashSet();
-        list.add( "123" );
-        list.add( directReference );
-        list.add( "345" );
-        RandomAccessReferenceMap instance = new RandomAccessReferenceMap( list );
-        
-        String newDirect = instance.addDirectReference("newDirect");
-        assertNotNull( newDirect );
-        String ind = instance.addDirectReference(directReference);
-        String dir = (String)instance.getDirectReference(ind);
-        assertEquals(directReference, dir);
-    	String newInd = instance.addDirectReference(directReference);
-    	assertEquals(ind, newInd);
-    }
-
-    /**
-     *
-     * @throws org.owasp.esapi.errors.AccessControlException
-     */
-    public void testRemoveDirectReference() throws AccessControlException {
-        System.out.println("removeDirectReference");
-        
-        String directReference = "234";
-        Set list = new HashSet();
-        list.add( "123" );
-        list.add( directReference );
-        list.add( "345" );
-        RandomAccessReferenceMap instance = new RandomAccessReferenceMap( list );
-        
-        String indirect = instance.getIndirectReference(directReference);
-        assertNotNull(indirect);
-        String deleted = instance.removeDirectReference(directReference);
-        assertEquals(indirect,deleted);
-    	deleted = instance.removeDirectReference("ridiculous");
-    	assertNull(deleted);
-    }
-    
-    
-    
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference;
+
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+import org.owasp.esapi.Authenticator;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.User;
+import org.owasp.esapi.errors.AccessControlException;
+import org.owasp.esapi.errors.AuthenticationException;
+import org.owasp.esapi.errors.EncryptionException;
+
+
+/**
+ * The Class AccessReferenceMapTest.
+ * 
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class AccessReferenceMapTest extends TestCase {
+    
+    /**
+	 * Instantiates a new access reference map test.
+	 * 
+	 * @param testName
+	 *            the test name
+	 */
+    public AccessReferenceMapTest(String testName) {
+        super(testName);
+    }
+
+    /**
+     * {@inheritDoc}
+     * @throws Exception
+     */
+    protected void setUp() throws Exception {
+    	// none
+    }
+
+    /**
+     * {@inheritDoc}
+     * @throws Exception
+     */
+    protected void tearDown() throws Exception {
+    	// none
+    }
+
+    /**
+	 * Suite.
+	 * 
+	 * @return the test
+	 */
+    public static Test suite() {
+        TestSuite suite = new TestSuite(AccessReferenceMapTest.class);
+        return suite;
+    }
+
+    
+    /**
+	 * Test of update method, of class org.owasp.esapi.AccessReferenceMap.
+	 * 
+	 * @throws AuthenticationException
+     *             the authentication exception
+     * @throws EncryptionException
+	 */
+    public void testUpdate() throws AuthenticationException, EncryptionException {
+        System.out.println("update");
+    	RandomAccessReferenceMap arm = new RandomAccessReferenceMap();
+    	Authenticator auth = ESAPI.authenticator();
+    	
+    	String pass = auth.generateStrongPassword();
+    	User u = auth.createUser( "armUpdate", pass, pass );
+    	
+    	// test to make sure update returns something
+		arm.update(auth.getUserNames());
+		String indirect = arm.getIndirectReference( u.getAccountName() );
+		if ( indirect == null ) fail();
+		
+		// test to make sure update removes items that are no longer in the list
+		auth.removeUser( u.getAccountName() );
+		arm.update(auth.getUserNames());
+		indirect = arm.getIndirectReference( u.getAccountName() );
+		if ( indirect != null ) fail();
+		
+		// test to make sure old indirect reference is maintained after an update
+		arm.update(auth.getUserNames());
+		String newIndirect = arm.getIndirectReference( u.getAccountName() );
+		assertEquals(indirect, newIndirect);
+    }
+    
+    
+    /**
+	 * Test of iterator method, of class org.owasp.esapi.AccessReferenceMap.
+	 */
+    public void testIterator() {
+        System.out.println("iterator");
+    	RandomAccessReferenceMap arm = new RandomAccessReferenceMap();
+        Authenticator auth = ESAPI.authenticator();
+        
+		arm.update(auth.getUserNames());
+
+		Iterator i = arm.iterator();
+		while ( i.hasNext() ) {
+			String userName = (String)i.next();
+			User u = auth.getUser( userName );
+			if ( u == null ) fail();
+		}
+    }
+    
+    /**
+	 * Test of getIndirectReference method, of class
+	 * org.owasp.esapi.AccessReferenceMap.
+	 */
+    public void testGetIndirectReference() {
+        System.out.println("getIndirectReference");
+        
+        String directReference = "234";
+        Set list = new HashSet();
+        list.add( "123" );
+        list.add( directReference );
+        list.add( "345" );
+        RandomAccessReferenceMap instance = new RandomAccessReferenceMap( list );
+        
+        String expResult = directReference;
+        String result = instance.getIndirectReference(directReference);
+        assertNotSame(expResult, result);        
+    }
+
+    /**
+	 * Test of getDirectReference method, of class
+	 * org.owasp.esapi.AccessReferenceMap.
+	 * 
+	 * @throws AccessControlException
+	 *             the access control exception
+	 */
+    public void testGetDirectReference() throws AccessControlException {
+        System.out.println("getDirectReference");
+        
+        String directReference = "234";
+        Set list = new HashSet();
+        list.add( "123" );
+        list.add( directReference );
+        list.add( "345" );
+        RandomAccessReferenceMap instance = new RandomAccessReferenceMap( list );
+        
+        String ind = instance.getIndirectReference(directReference);
+        String dir = (String)instance.getDirectReference(ind);
+        assertEquals(directReference, dir);
+        try {
+        	instance.getDirectReference("invalid");
+        	fail();
+        } catch( AccessControlException e ) {
+        	// success
+        }
+    }
+    
+    /**
+     *
+     * @throws org.owasp.esapi.errors.AccessControlException
+     */
+    public void testAddDirectReference() throws AccessControlException {
+        System.out.println("addDirectReference");
+        
+        String directReference = "234";
+        Set list = new HashSet();
+        list.add( "123" );
+        list.add( directReference );
+        list.add( "345" );
+        RandomAccessReferenceMap instance = new RandomAccessReferenceMap( list );
+        
+        String newDirect = instance.addDirectReference("newDirect");
+        assertNotNull( newDirect );
+        String ind = instance.addDirectReference(directReference);
+        String dir = (String)instance.getDirectReference(ind);
+        assertEquals(directReference, dir);
+    	String newInd = instance.addDirectReference(directReference);
+    	assertEquals(ind, newInd);
+    }
+
+    /**
+     *
+     * @throws org.owasp.esapi.errors.AccessControlException
+     */
+    public void testRemoveDirectReference() throws AccessControlException {
+        System.out.println("removeDirectReference");
+        
+        String directReference = "234";
+        Set list = new HashSet();
+        list.add( "123" );
+        list.add( directReference );
+        list.add( "345" );
+        RandomAccessReferenceMap instance = new RandomAccessReferenceMap( list );
+        
+        String indirect = instance.getIndirectReference(directReference);
+        assertNotNull(indirect);
+        String deleted = instance.removeDirectReference(directReference);
+        assertEquals(indirect,deleted);
+    	deleted = instance.removeDirectReference("ridiculous");
+    	assertNull(deleted);
+    }
+    
+    
+    
+}

From a7d77bdd18a55e1e06234116ed915bdd0135325e Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:51 -0500
Subject: [PATCH 234/812] Change CRLF to LF for issue 356.

---
 .../esapi/reference/AuthenticatorTest.java    | 1234 ++++++++---------
 1 file changed, 617 insertions(+), 617 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/reference/AuthenticatorTest.java b/src/test/java/org/owasp/esapi/reference/AuthenticatorTest.java
index 31699ccfb..e6a660f4b 100644
--- a/src/test/java/org/owasp/esapi/reference/AuthenticatorTest.java
+++ b/src/test/java/org/owasp/esapi/reference/AuthenticatorTest.java
@@ -1,617 +1,617 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference;
-
-import java.util.Date;
-import java.util.Set;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-
-import org.owasp.esapi.Authenticator;
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.EncoderConstants;
-import org.owasp.esapi.HTTPUtilities;
-import org.owasp.esapi.Logger;
-import org.owasp.esapi.User;
-import org.owasp.esapi.errors.AuthenticationException;
-import org.owasp.esapi.errors.EncryptionException;
-import org.owasp.esapi.http.MockHttpServletRequest;
-import org.owasp.esapi.http.MockHttpServletResponse;
-
-/**
- * The Class AuthenticatorTest.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class AuthenticatorTest extends TestCase {
-
-
-	/**
-	 * Suite.
-	 * 
-	 * @return the test
-	 */
-	public static Test suite() {
-		TestSuite suite = new TestSuite(AuthenticatorTest.class);
-
-		return suite;
-	}
-
-	/**
-	 * Instantiates a new authenticator test.
-	 * 
-	 * @param testName
-	 *            the test name
-	 */
-	public AuthenticatorTest(String testName) {
-		super(testName);
-	}
-
-    /**
-     * {@inheritDoc}
-     *
-     * @throws Exception
-     */
-	protected void setUp() throws Exception {
-		// none
-	}
-
-    /**
-     * {@inheritDoc}
-     *
-     * @throws Exception
-     */
-	protected void tearDown() throws Exception {
-		// none
-	}
-
-	
-	/**
-	 * Test of createAccount method, of class org.owasp.esapi.Authenticator.
-	 * 
-	 * @throws AuthenticationException
-     *             the authentication exception
-     * @throws EncryptionException
-	 */
-	public void testCreateUser() throws AuthenticationException, EncryptionException {
-		System.out.println("createUser");
-		String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-		Authenticator instance = ESAPI.authenticator();
-		String password = instance.generateStrongPassword();
-		User user = instance.createUser(accountName, password, password);
-		assertTrue(user.verifyPassword(password));
-        try {
-            instance.createUser(accountName, password, password); // duplicate user
-            fail();
-        } catch (AuthenticationException e) {
-            // success
-        }
-        try {
-            instance.createUser(ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS), "password1", "password2"); // don't match
-            fail();
-        } catch (AuthenticationException e) {
-            // success
-        }
-        try {
-            instance.createUser(ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS), "weak1", "weak1");  // weak password
-            fail();
-        } catch (AuthenticationException e) {
-            // success
-        }
-        try {
-            instance.createUser(null, "weak1", "weak1");  // null username
-            fail();
-        } catch (AuthenticationException e) {
-            // success
-        }
-        try {
-            instance.createUser(ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS), null, null);  // null password
-            fail();
-        } catch (AuthenticationException e) {
-            // success
-        }
-        try {
-        	String uName = "ea234kEknr";	//sufficiently random password that also works as a username
-            instance.createUser(uName, uName, uName);  // using username as password
-            fail();
-        } catch (AuthenticationException e) {
-            // success
-        }
-	}
-
-	/**
-	 * Test of generateStrongPassword method, of class
-	 * org.owasp.esapi.Authenticator.
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 */
-	public void testGenerateStrongPassword() throws AuthenticationException {
-		System.out.println("generateStrongPassword");		
-		Authenticator instance = ESAPI.authenticator();
-		String oldPassword = "iiiiiiiiii";  // i is not allowed in passwords - this prevents failures from containing pieces of old password
-		String newPassword = null;
-		String username = "FictionalEsapiUser";
-		User user = new DefaultUser(username);
-		for (int i = 0; i < 100; i++) {
-            try {
-                newPassword = instance.generateStrongPassword();
-                instance.verifyPasswordStrength(oldPassword, newPassword, user);
-            } catch( AuthenticationException e ) {
-            	System.out.println( "  FAILED >> " + newPassword + " : " + e.getLogMessage());
-                fail();
-            }
-		}
-		try {
-			instance.verifyPasswordStrength("test56^$test", "abcdx56^$sl", user );
-		} catch( AuthenticationException e ) {
-			// expected
-		}
-	}
-
-
-	/**
-	 * Test of getCurrentUser method, of class org.owasp.esapi.Authenticator.
-	 * 
-     *
-     * @throws Exception
-     */
-	public void testGetCurrentUser() throws Exception {
-		System.out.println("getCurrentUser");
-        Authenticator instance = ESAPI.authenticator();
-		String username1 = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-		String username2 = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-		User user1 = instance.createUser(username1, "getCurrentUser", "getCurrentUser");
-		User user2 = instance.createUser(username2, "getCurrentUser", "getCurrentUser");		
-		user1.enable();
-	    MockHttpServletRequest request = new MockHttpServletRequest();
-		MockHttpServletResponse response = new MockHttpServletResponse();
-        ESAPI.httpUtilities().setCurrentHTTP(request, response);
-		user1.loginWithPassword("getCurrentUser");
-		User currentUser = instance.getCurrentUser();
-		assertEquals( currentUser, user1 );
-		instance.setCurrentUser( user2 );
-		assertFalse( currentUser.getAccountName().equals( user2.getAccountName() ) );
-		
-		Runnable echo = new Runnable() {
-			private int count = 1;
-            private boolean result = false;
-			public void run() {
-		        Authenticator auth = ESAPI.authenticator();
-				User a = null;
-				try {
-					String password = auth.generateStrongPassword();
-					String accountName = "TestAccount" + count++;
-					a = auth.getUser(accountName);
-					if ( a != null ) {
-						auth.removeUser(accountName);
-					}
-					a = auth.createUser(accountName, password, password);
-					auth.setCurrentUser(a);
-				} catch (AuthenticationException e) {
-					e.printStackTrace();
-				}
-				User b = auth.getCurrentUser();
-				result &= a.equals(b);
-			}
-		};
-        ThreadGroup tg = new ThreadGroup("test");
-		for ( int i = 0; i<10; i++ ) {
-			new Thread( tg, echo ).start();
-		}
-        while (tg.activeCount() > 0 ) {
-            Thread.sleep(100);
-        }
-	}
-
-	/**
-	 * Test of getUser method, of class org.owasp.esapi.Authenticator.
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 */
-	public void testGetUser() throws AuthenticationException {
-		System.out.println("getUser");
-        Authenticator instance = ESAPI.authenticator();
-		String password = instance.generateStrongPassword();
-		String accountName=ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-		instance.createUser(accountName, password, password);
-		assertNotNull(instance.getUser( accountName ));
-		assertNull(instance.getUser( ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS) ));
-	}
-	
-    /**
-     *
-     * @throws org.owasp.esapi.errors.AuthenticationException
-     */
-    public void testGetUserFromRememberToken() throws AuthenticationException {
-		System.out.println("getUserFromRememberToken");
-        Authenticator instance = ESAPI.authenticator();
-        instance.logout();  // in case anyone is logged in
-		String password = instance.generateStrongPassword();
-		String accountName=ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-		User user = instance.createUser(accountName, password, password);
-		user.enable();
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		MockHttpServletResponse response = new MockHttpServletResponse();
-		ESAPI.httpUtilities().setCurrentHTTP(request, response);
-		
-		System.out.println("getUserFromRememberToken - expecting failure");
-		request.setCookie( HTTPUtilities.REMEMBER_TOKEN_COOKIE_NAME, "ridiculous" );
-		try {
-			instance.login( request, response );  // wrong cookie will fail
-		} catch( AuthenticationException e ) {
-			// expected
-		}
-
-		System.out.println("getUserFromRememberToken - expecting success");
-		request = new MockHttpServletRequest();
-		ESAPI.httpUtilities().setCurrentHTTP(request, response);
-		ESAPI.authenticator().setCurrentUser(user);
-		String newToken = ESAPI.httpUtilities().setRememberToken(request, response, password, 10000, "test.com", request.getContextPath() );
-		request.setCookie( HTTPUtilities.REMEMBER_TOKEN_COOKIE_NAME, newToken );
-        user.logout();  // logout the current user so we can log them in with the remember cookie
-		User test2 = instance.login( request, response );
-		assertSame( user, test2 );
-	}
-	
-
-	
-	/**
-	 * Test get user from session.
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 */
-	public void testGetUserFromSession() throws AuthenticationException {
-		System.out.println("getUserFromSession");
-        FileBasedAuthenticator instance = (FileBasedAuthenticator)ESAPI.authenticator();
-        instance.logout();  // in case anyone is logged in
-		String accountName=ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-		String password = instance.generateStrongPassword();
-		User user = instance.createUser(accountName, password, password);
-		user.enable();
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		request.addParameter("username", accountName);
-		request.addParameter("password", password);
-		MockHttpServletResponse response = new MockHttpServletResponse();
-		ESAPI.httpUtilities().setCurrentHTTP( request, response );
-		instance.login( request, response);
-		User test = instance.getUserFromSession();
-		assertEquals( user, test );
-	}
-
-	/**
-	 * Test get user names.
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 */
-	public void testGetUserNames() throws AuthenticationException {
-		System.out.println("getUserNames");
-        Authenticator instance = ESAPI.authenticator();
-		String password = instance.generateStrongPassword();
-		String[] testnames = new String[10];
-		for(int i=0;i<testnames.length;i++) {
-			testnames[i] = ESAPI.randomizer().getRandomString(8,EncoderConstants.CHAR_ALPHANUMERICS);
-		}
-		for(int i=0;i<testnames.length;i++) {
-			instance.createUser(testnames[i], password, password);
-		}
-		Set names = instance.getUserNames();
-		for(int i=0;i<testnames.length;i++) {
-			assertTrue(names.contains(testnames[i].toLowerCase()));
-		}
-	}
-	
-	/**
-	 * Test of hashPassword method, of class org.owasp.esapi.Authenticator.
-     *
-     * @throws EncryptionException
-     */
-	public void testHashPassword() throws EncryptionException {
-		System.out.println("hashPassword");
-		String username = "Jeff";
-		String password = "test";
-        Authenticator instance = ESAPI.authenticator();
-		String result1 = instance.hashPassword(password, username);
-		String result2 = instance.hashPassword(password, username);
-		assertTrue(result1.equals(result2));
-	}
-
-	/**
-	 * Test of login method, of class org.owasp.esapi.Authenticator.
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 */
-	public void testLogin() throws AuthenticationException {
-		System.out.println("login");
-        Authenticator instance = ESAPI.authenticator();
-        String username = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-		String password = instance.generateStrongPassword();
-		User user = instance.createUser(username, password, password);
-		user.enable();
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		request.addParameter("username", username);
-		request.addParameter("password", password);
-		MockHttpServletResponse response = new MockHttpServletResponse();
-		User test = instance.login( request, response);
-		assertTrue( test.isLoggedIn() );
-	}
-	
-	/**
-	 * Test of removeAccount method, of class org.owasp.esapi.Authenticator.
-	 * 
-	 * @throws Exception
-	 *             the exception
-	 */
-	public void testRemoveUser() throws Exception {
-		System.out.println("removeUser");
-		String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-        Authenticator instance = ESAPI.authenticator();
-		String password = instance.generateStrongPassword();
-		instance.createUser(accountName, password, password);
-		assertTrue( instance.exists(accountName));
-		instance.removeUser(accountName);
-		assertFalse( instance.exists(accountName));
-	}
-
-	/**
-	 * Test of saveUsers method, of class org.owasp.esapi.Authenticator.
-	 * 
-	 * @throws Exception
-	 *             the exception
-	 */
-	public void testSaveUsers() throws Exception {
-		System.out.println("saveUsers");
-		String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-        FileBasedAuthenticator instance = (FileBasedAuthenticator)ESAPI.authenticator();
-		String password = instance.generateStrongPassword();
-		instance.createUser(accountName, password, password);
-		instance.saveUsers();
-		assertNotNull( instance.getUser(accountName) );
-		instance.removeUser(accountName);
-		assertNull( instance.getUser(accountName) );
-	}
-
-	
-	/**
-	 * Test of setCurrentUser method, of class org.owasp.esapi.Authenticator.
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 */
-	public void testSetCurrentUser() throws AuthenticationException {
-		System.out.println("setCurrentUser");
-        final Authenticator instance = ESAPI.authenticator();
-		String user1 = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_UPPERS);
-		String user2 = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_UPPERS);
-		User userOne = instance.createUser(user1, "getCurrentUser", "getCurrentUser");
-		userOne.enable();
-	    MockHttpServletRequest request = new MockHttpServletRequest();
-		MockHttpServletResponse response = new MockHttpServletResponse();
-		ESAPI.httpUtilities().setCurrentHTTP(request, response);
-		userOne.loginWithPassword("getCurrentUser");
-		User currentUser = instance.getCurrentUser();
-		assertEquals( currentUser, userOne );
-		User userTwo = instance.createUser(user2, "getCurrentUser", "getCurrentUser");		
-		instance.setCurrentUser( userTwo );
-		assertFalse( currentUser.getAccountName().equals( userTwo.getAccountName() ) );
-		
-		Runnable echo = new Runnable() {
-			private int count = 1;
-			public void run() {
-				User u=null;
-				try {
-					String password = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-					u = instance.createUser("test" + count++, password, password);
-					instance.setCurrentUser(u);
-					ESAPI.getLogger("test").info( Logger.SECURITY_SUCCESS, "Got current user" );
-					// ESAPI.authenticator().removeUser( u.getAccountName() );
-				} catch (AuthenticationException e) {
-					e.printStackTrace();
-				}
-			}
-		};
-		for ( int i = 0; i<10; i++ ) {
-			new Thread( echo ).start();
-		}
-	}
-	
-
-	/**
-	 * Test of setCurrentUser method, of class org.owasp.esapi.Authenticator.
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 */
-	public void testSetCurrentUserWithRequest() throws AuthenticationException {
-		System.out.println("setCurrentUser(req,resp)");
-        Authenticator instance = ESAPI.authenticator();
-        instance.logout();  // in case anyone is logged in
-		String password = instance.generateStrongPassword();
-		String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-		DefaultUser user = (DefaultUser) instance.createUser(accountName, password, password);
-		user.enable();
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		request.addParameter("username", accountName);
-		request.addParameter("password", password);
-		MockHttpServletResponse response = new MockHttpServletResponse();
-		instance.login( request, response );
-		assertEquals( user, instance.getCurrentUser() );
-		try {
-			user.disable();
-			instance.login( request, response );
-		} catch( Exception e ) {
-			// expected
-		}
-		try {
-			user.enable();
-			user.lock();
-			instance.login( request, response );
-		} catch( Exception e ) {
-			// expected
-		}
-		try {
-			user.unlock();
-			user.setExpirationTime( new Date() );
-			instance.login( request, response );
-		} catch( Exception e ) {
-			// expected
-		}
-	}
-	
-	
-	
-	/**
-	 * Test of validatePasswordStrength method, of class
-	 * org.owasp.esapi.Authenticator.
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 */
-	public void testValidatePasswordStrength() throws AuthenticationException {
-		System.out.println("validatePasswordStrength");
-        Authenticator instance = ESAPI.authenticator();
-        
-        String username = "FictionalEsapiUser";
-		User user = new DefaultUser(username);
-
-		// should fail
-		try {
-			instance.verifyPasswordStrength("password", "jeff", user);
-			fail();
-		} catch (AuthenticationException e) {
-			// success
-		}
-		try {
-			instance.verifyPasswordStrength("diff123bang", "same123string", user);
-			fail();
-		} catch (AuthenticationException e) {
-			// success
-		}
-		try {
-			instance.verifyPasswordStrength("password", "JEFF", user);
-			fail();
-		} catch (AuthenticationException e) {
-			// success
-		}
-		try {
-			instance.verifyPasswordStrength("password", "1234", user);
-			fail();
-		} catch (AuthenticationException e) {
-			// success
-		}
-		try {
-			instance.verifyPasswordStrength("password", "password", user);
-			fail();
-		} catch (AuthenticationException e) {
-			// success
-		}
-		try {
-			instance.verifyPasswordStrength("password", "-1", user);
-			fail();
-		} catch (AuthenticationException e) {
-			// success
-		}
-		try {
-			instance.verifyPasswordStrength("password", "password123", user);
-			fail();
-		} catch (AuthenticationException e) {
-			// success
-		}
-		try {
-			instance.verifyPasswordStrength("password", "test123", user);
-			fail();
-		} catch (AuthenticationException e) {
-			// success
-		}
-		//jtm - 11/16/2010 - fix for bug http://code.google.com/p/owasp-esapi-java/issues/detail?id=108
-		try {
-			instance.verifyPasswordStrength("password", "FictionalEsapiUser", user);
-			fail();
-		} catch (AuthenticationException e) {
-			// success
-		}
-		try {
-			instance.verifyPasswordStrength("password", "FICTIONALESAPIUSER", user);
-			fail();
-		} catch (AuthenticationException e) {
-			// success
-		}
-
-		// should pass
-		instance.verifyPasswordStrength("password", "jeffJEFF12!", user);
-		instance.verifyPasswordStrength("password", "super calif ragil istic", user);
-		instance.verifyPasswordStrength("password", "TONYTONYTONYTONY", user);
-		instance.verifyPasswordStrength("password", instance.generateStrongPassword(), user);
-
-        // chrisisbeef - Issue 65 - http://code.google.com/p/owasp-esapi-java/issues/detail?id=65
-        instance.verifyPasswordStrength("password", "b!gbr0ther", user);
-	}
-
-	/**
-	 * Test of exists method, of class org.owasp.esapi.Authenticator.
-	 * 
-	 * @throws Exception
-	 *             the exception
-	 */
-	public void testExists() throws Exception {
-		System.out.println("exists");
-		String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-        Authenticator instance = ESAPI.authenticator();
-		String password = instance.generateStrongPassword();
-		instance.createUser(accountName, password, password);
-		assertTrue(instance.exists(accountName));
-		instance.removeUser(accountName);
-		assertFalse(instance.exists(accountName));
-	}
-
-    /**
-     * Test of main method, of class org.owasp.esapi.Authenticator.
-     * @throws Exception
-     */
-    public void testMain() throws Exception {
-        System.out.println("Authenticator Main");
-        Authenticator instance = ESAPI.authenticator();
-        String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-        String password = instance.generateStrongPassword();
-        String role = "test";
-        
-        // test wrong parameters - missing role parameter
-        String[] badargs = { accountName, password };
-        FileBasedAuthenticator.main( badargs );
-        // load users since the new user was added in another instance
-        ((FileBasedAuthenticator)instance).loadUsersImmediately();
-        User u1 = instance.getUser(accountName);
-        assertNull( u1 );
-
-        // test good parameters
-        String[] args = { accountName, password, role };
-        FileBasedAuthenticator.main(args);
-        // load users since the new user was added in another instance
-        ((FileBasedAuthenticator)instance).loadUsersImmediately();
-        DefaultUser u2 = (DefaultUser) instance.getUser(accountName);
-        assertNotNull( u2 );
-        assertTrue( u2.isInRole(role));
-        assertEquals( instance.hashPassword(password, accountName), ((FileBasedAuthenticator)instance).getHashedPassword(u2) );
-    }
-    
-    
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference;
+
+import java.util.Date;
+import java.util.Set;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+import org.owasp.esapi.Authenticator;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.EncoderConstants;
+import org.owasp.esapi.HTTPUtilities;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.User;
+import org.owasp.esapi.errors.AuthenticationException;
+import org.owasp.esapi.errors.EncryptionException;
+import org.owasp.esapi.http.MockHttpServletRequest;
+import org.owasp.esapi.http.MockHttpServletResponse;
+
+/**
+ * The Class AuthenticatorTest.
+ * 
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class AuthenticatorTest extends TestCase {
+
+
+	/**
+	 * Suite.
+	 * 
+	 * @return the test
+	 */
+	public static Test suite() {
+		TestSuite suite = new TestSuite(AuthenticatorTest.class);
+
+		return suite;
+	}
+
+	/**
+	 * Instantiates a new authenticator test.
+	 * 
+	 * @param testName
+	 *            the test name
+	 */
+	public AuthenticatorTest(String testName) {
+		super(testName);
+	}
+
+    /**
+     * {@inheritDoc}
+     *
+     * @throws Exception
+     */
+	protected void setUp() throws Exception {
+		// none
+	}
+
+    /**
+     * {@inheritDoc}
+     *
+     * @throws Exception
+     */
+	protected void tearDown() throws Exception {
+		// none
+	}
+
+	
+	/**
+	 * Test of createAccount method, of class org.owasp.esapi.Authenticator.
+	 * 
+	 * @throws AuthenticationException
+     *             the authentication exception
+     * @throws EncryptionException
+	 */
+	public void testCreateUser() throws AuthenticationException, EncryptionException {
+		System.out.println("createUser");
+		String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+		Authenticator instance = ESAPI.authenticator();
+		String password = instance.generateStrongPassword();
+		User user = instance.createUser(accountName, password, password);
+		assertTrue(user.verifyPassword(password));
+        try {
+            instance.createUser(accountName, password, password); // duplicate user
+            fail();
+        } catch (AuthenticationException e) {
+            // success
+        }
+        try {
+            instance.createUser(ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS), "password1", "password2"); // don't match
+            fail();
+        } catch (AuthenticationException e) {
+            // success
+        }
+        try {
+            instance.createUser(ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS), "weak1", "weak1");  // weak password
+            fail();
+        } catch (AuthenticationException e) {
+            // success
+        }
+        try {
+            instance.createUser(null, "weak1", "weak1");  // null username
+            fail();
+        } catch (AuthenticationException e) {
+            // success
+        }
+        try {
+            instance.createUser(ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS), null, null);  // null password
+            fail();
+        } catch (AuthenticationException e) {
+            // success
+        }
+        try {
+        	String uName = "ea234kEknr";	//sufficiently random password that also works as a username
+            instance.createUser(uName, uName, uName);  // using username as password
+            fail();
+        } catch (AuthenticationException e) {
+            // success
+        }
+	}
+
+	/**
+	 * Test of generateStrongPassword method, of class
+	 * org.owasp.esapi.Authenticator.
+	 * 
+	 * @throws AuthenticationException
+	 *             the authentication exception
+	 */
+	public void testGenerateStrongPassword() throws AuthenticationException {
+		System.out.println("generateStrongPassword");		
+		Authenticator instance = ESAPI.authenticator();
+		String oldPassword = "iiiiiiiiii";  // i is not allowed in passwords - this prevents failures from containing pieces of old password
+		String newPassword = null;
+		String username = "FictionalEsapiUser";
+		User user = new DefaultUser(username);
+		for (int i = 0; i < 100; i++) {
+            try {
+                newPassword = instance.generateStrongPassword();
+                instance.verifyPasswordStrength(oldPassword, newPassword, user);
+            } catch( AuthenticationException e ) {
+            	System.out.println( "  FAILED >> " + newPassword + " : " + e.getLogMessage());
+                fail();
+            }
+		}
+		try {
+			instance.verifyPasswordStrength("test56^$test", "abcdx56^$sl", user );
+		} catch( AuthenticationException e ) {
+			// expected
+		}
+	}
+
+
+	/**
+	 * Test of getCurrentUser method, of class org.owasp.esapi.Authenticator.
+	 * 
+     *
+     * @throws Exception
+     */
+	public void testGetCurrentUser() throws Exception {
+		System.out.println("getCurrentUser");
+        Authenticator instance = ESAPI.authenticator();
+		String username1 = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+		String username2 = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+		User user1 = instance.createUser(username1, "getCurrentUser", "getCurrentUser");
+		User user2 = instance.createUser(username2, "getCurrentUser", "getCurrentUser");		
+		user1.enable();
+	    MockHttpServletRequest request = new MockHttpServletRequest();
+		MockHttpServletResponse response = new MockHttpServletResponse();
+        ESAPI.httpUtilities().setCurrentHTTP(request, response);
+		user1.loginWithPassword("getCurrentUser");
+		User currentUser = instance.getCurrentUser();
+		assertEquals( currentUser, user1 );
+		instance.setCurrentUser( user2 );
+		assertFalse( currentUser.getAccountName().equals( user2.getAccountName() ) );
+		
+		Runnable echo = new Runnable() {
+			private int count = 1;
+            private boolean result = false;
+			public void run() {
+		        Authenticator auth = ESAPI.authenticator();
+				User a = null;
+				try {
+					String password = auth.generateStrongPassword();
+					String accountName = "TestAccount" + count++;
+					a = auth.getUser(accountName);
+					if ( a != null ) {
+						auth.removeUser(accountName);
+					}
+					a = auth.createUser(accountName, password, password);
+					auth.setCurrentUser(a);
+				} catch (AuthenticationException e) {
+					e.printStackTrace();
+				}
+				User b = auth.getCurrentUser();
+				result &= a.equals(b);
+			}
+		};
+        ThreadGroup tg = new ThreadGroup("test");
+		for ( int i = 0; i<10; i++ ) {
+			new Thread( tg, echo ).start();
+		}
+        while (tg.activeCount() > 0 ) {
+            Thread.sleep(100);
+        }
+	}
+
+	/**
+	 * Test of getUser method, of class org.owasp.esapi.Authenticator.
+	 * 
+	 * @throws AuthenticationException
+	 *             the authentication exception
+	 */
+	public void testGetUser() throws AuthenticationException {
+		System.out.println("getUser");
+        Authenticator instance = ESAPI.authenticator();
+		String password = instance.generateStrongPassword();
+		String accountName=ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+		instance.createUser(accountName, password, password);
+		assertNotNull(instance.getUser( accountName ));
+		assertNull(instance.getUser( ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS) ));
+	}
+	
+    /**
+     *
+     * @throws org.owasp.esapi.errors.AuthenticationException
+     */
+    public void testGetUserFromRememberToken() throws AuthenticationException {
+		System.out.println("getUserFromRememberToken");
+        Authenticator instance = ESAPI.authenticator();
+        instance.logout();  // in case anyone is logged in
+		String password = instance.generateStrongPassword();
+		String accountName=ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+		User user = instance.createUser(accountName, password, password);
+		user.enable();
+		MockHttpServletRequest request = new MockHttpServletRequest();
+		MockHttpServletResponse response = new MockHttpServletResponse();
+		ESAPI.httpUtilities().setCurrentHTTP(request, response);
+		
+		System.out.println("getUserFromRememberToken - expecting failure");
+		request.setCookie( HTTPUtilities.REMEMBER_TOKEN_COOKIE_NAME, "ridiculous" );
+		try {
+			instance.login( request, response );  // wrong cookie will fail
+		} catch( AuthenticationException e ) {
+			// expected
+		}
+
+		System.out.println("getUserFromRememberToken - expecting success");
+		request = new MockHttpServletRequest();
+		ESAPI.httpUtilities().setCurrentHTTP(request, response);
+		ESAPI.authenticator().setCurrentUser(user);
+		String newToken = ESAPI.httpUtilities().setRememberToken(request, response, password, 10000, "test.com", request.getContextPath() );
+		request.setCookie( HTTPUtilities.REMEMBER_TOKEN_COOKIE_NAME, newToken );
+        user.logout();  // logout the current user so we can log them in with the remember cookie
+		User test2 = instance.login( request, response );
+		assertSame( user, test2 );
+	}
+	
+
+	
+	/**
+	 * Test get user from session.
+	 * 
+	 * @throws AuthenticationException
+	 *             the authentication exception
+	 */
+	public void testGetUserFromSession() throws AuthenticationException {
+		System.out.println("getUserFromSession");
+        FileBasedAuthenticator instance = (FileBasedAuthenticator)ESAPI.authenticator();
+        instance.logout();  // in case anyone is logged in
+		String accountName=ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+		String password = instance.generateStrongPassword();
+		User user = instance.createUser(accountName, password, password);
+		user.enable();
+		MockHttpServletRequest request = new MockHttpServletRequest();
+		request.addParameter("username", accountName);
+		request.addParameter("password", password);
+		MockHttpServletResponse response = new MockHttpServletResponse();
+		ESAPI.httpUtilities().setCurrentHTTP( request, response );
+		instance.login( request, response);
+		User test = instance.getUserFromSession();
+		assertEquals( user, test );
+	}
+
+	/**
+	 * Test get user names.
+	 * 
+	 * @throws AuthenticationException
+	 *             the authentication exception
+	 */
+	public void testGetUserNames() throws AuthenticationException {
+		System.out.println("getUserNames");
+        Authenticator instance = ESAPI.authenticator();
+		String password = instance.generateStrongPassword();
+		String[] testnames = new String[10];
+		for(int i=0;i<testnames.length;i++) {
+			testnames[i] = ESAPI.randomizer().getRandomString(8,EncoderConstants.CHAR_ALPHANUMERICS);
+		}
+		for(int i=0;i<testnames.length;i++) {
+			instance.createUser(testnames[i], password, password);
+		}
+		Set names = instance.getUserNames();
+		for(int i=0;i<testnames.length;i++) {
+			assertTrue(names.contains(testnames[i].toLowerCase()));
+		}
+	}
+	
+	/**
+	 * Test of hashPassword method, of class org.owasp.esapi.Authenticator.
+     *
+     * @throws EncryptionException
+     */
+	public void testHashPassword() throws EncryptionException {
+		System.out.println("hashPassword");
+		String username = "Jeff";
+		String password = "test";
+        Authenticator instance = ESAPI.authenticator();
+		String result1 = instance.hashPassword(password, username);
+		String result2 = instance.hashPassword(password, username);
+		assertTrue(result1.equals(result2));
+	}
+
+	/**
+	 * Test of login method, of class org.owasp.esapi.Authenticator.
+	 * 
+	 * @throws AuthenticationException
+	 *             the authentication exception
+	 */
+	public void testLogin() throws AuthenticationException {
+		System.out.println("login");
+        Authenticator instance = ESAPI.authenticator();
+        String username = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+		String password = instance.generateStrongPassword();
+		User user = instance.createUser(username, password, password);
+		user.enable();
+		MockHttpServletRequest request = new MockHttpServletRequest();
+		request.addParameter("username", username);
+		request.addParameter("password", password);
+		MockHttpServletResponse response = new MockHttpServletResponse();
+		User test = instance.login( request, response);
+		assertTrue( test.isLoggedIn() );
+	}
+	
+	/**
+	 * Test of removeAccount method, of class org.owasp.esapi.Authenticator.
+	 * 
+	 * @throws Exception
+	 *             the exception
+	 */
+	public void testRemoveUser() throws Exception {
+		System.out.println("removeUser");
+		String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+        Authenticator instance = ESAPI.authenticator();
+		String password = instance.generateStrongPassword();
+		instance.createUser(accountName, password, password);
+		assertTrue( instance.exists(accountName));
+		instance.removeUser(accountName);
+		assertFalse( instance.exists(accountName));
+	}
+
+	/**
+	 * Test of saveUsers method, of class org.owasp.esapi.Authenticator.
+	 * 
+	 * @throws Exception
+	 *             the exception
+	 */
+	public void testSaveUsers() throws Exception {
+		System.out.println("saveUsers");
+		String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+        FileBasedAuthenticator instance = (FileBasedAuthenticator)ESAPI.authenticator();
+		String password = instance.generateStrongPassword();
+		instance.createUser(accountName, password, password);
+		instance.saveUsers();
+		assertNotNull( instance.getUser(accountName) );
+		instance.removeUser(accountName);
+		assertNull( instance.getUser(accountName) );
+	}
+
+	
+	/**
+	 * Test of setCurrentUser method, of class org.owasp.esapi.Authenticator.
+	 * 
+	 * @throws AuthenticationException
+	 *             the authentication exception
+	 */
+	public void testSetCurrentUser() throws AuthenticationException {
+		System.out.println("setCurrentUser");
+        final Authenticator instance = ESAPI.authenticator();
+		String user1 = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_UPPERS);
+		String user2 = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_UPPERS);
+		User userOne = instance.createUser(user1, "getCurrentUser", "getCurrentUser");
+		userOne.enable();
+	    MockHttpServletRequest request = new MockHttpServletRequest();
+		MockHttpServletResponse response = new MockHttpServletResponse();
+		ESAPI.httpUtilities().setCurrentHTTP(request, response);
+		userOne.loginWithPassword("getCurrentUser");
+		User currentUser = instance.getCurrentUser();
+		assertEquals( currentUser, userOne );
+		User userTwo = instance.createUser(user2, "getCurrentUser", "getCurrentUser");		
+		instance.setCurrentUser( userTwo );
+		assertFalse( currentUser.getAccountName().equals( userTwo.getAccountName() ) );
+		
+		Runnable echo = new Runnable() {
+			private int count = 1;
+			public void run() {
+				User u=null;
+				try {
+					String password = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+					u = instance.createUser("test" + count++, password, password);
+					instance.setCurrentUser(u);
+					ESAPI.getLogger("test").info( Logger.SECURITY_SUCCESS, "Got current user" );
+					// ESAPI.authenticator().removeUser( u.getAccountName() );
+				} catch (AuthenticationException e) {
+					e.printStackTrace();
+				}
+			}
+		};
+		for ( int i = 0; i<10; i++ ) {
+			new Thread( echo ).start();
+		}
+	}
+	
+
+	/**
+	 * Test of setCurrentUser method, of class org.owasp.esapi.Authenticator.
+	 * 
+	 * @throws AuthenticationException
+	 *             the authentication exception
+	 */
+	public void testSetCurrentUserWithRequest() throws AuthenticationException {
+		System.out.println("setCurrentUser(req,resp)");
+        Authenticator instance = ESAPI.authenticator();
+        instance.logout();  // in case anyone is logged in
+		String password = instance.generateStrongPassword();
+		String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+		DefaultUser user = (DefaultUser) instance.createUser(accountName, password, password);
+		user.enable();
+		MockHttpServletRequest request = new MockHttpServletRequest();
+		request.addParameter("username", accountName);
+		request.addParameter("password", password);
+		MockHttpServletResponse response = new MockHttpServletResponse();
+		instance.login( request, response );
+		assertEquals( user, instance.getCurrentUser() );
+		try {
+			user.disable();
+			instance.login( request, response );
+		} catch( Exception e ) {
+			// expected
+		}
+		try {
+			user.enable();
+			user.lock();
+			instance.login( request, response );
+		} catch( Exception e ) {
+			// expected
+		}
+		try {
+			user.unlock();
+			user.setExpirationTime( new Date() );
+			instance.login( request, response );
+		} catch( Exception e ) {
+			// expected
+		}
+	}
+	
+	
+	
+	/**
+	 * Test of validatePasswordStrength method, of class
+	 * org.owasp.esapi.Authenticator.
+	 * 
+	 * @throws AuthenticationException
+	 *             the authentication exception
+	 */
+	public void testValidatePasswordStrength() throws AuthenticationException {
+		System.out.println("validatePasswordStrength");
+        Authenticator instance = ESAPI.authenticator();
+        
+        String username = "FictionalEsapiUser";
+		User user = new DefaultUser(username);
+
+		// should fail
+		try {
+			instance.verifyPasswordStrength("password", "jeff", user);
+			fail();
+		} catch (AuthenticationException e) {
+			// success
+		}
+		try {
+			instance.verifyPasswordStrength("diff123bang", "same123string", user);
+			fail();
+		} catch (AuthenticationException e) {
+			// success
+		}
+		try {
+			instance.verifyPasswordStrength("password", "JEFF", user);
+			fail();
+		} catch (AuthenticationException e) {
+			// success
+		}
+		try {
+			instance.verifyPasswordStrength("password", "1234", user);
+			fail();
+		} catch (AuthenticationException e) {
+			// success
+		}
+		try {
+			instance.verifyPasswordStrength("password", "password", user);
+			fail();
+		} catch (AuthenticationException e) {
+			// success
+		}
+		try {
+			instance.verifyPasswordStrength("password", "-1", user);
+			fail();
+		} catch (AuthenticationException e) {
+			// success
+		}
+		try {
+			instance.verifyPasswordStrength("password", "password123", user);
+			fail();
+		} catch (AuthenticationException e) {
+			// success
+		}
+		try {
+			instance.verifyPasswordStrength("password", "test123", user);
+			fail();
+		} catch (AuthenticationException e) {
+			// success
+		}
+		//jtm - 11/16/2010 - fix for bug http://code.google.com/p/owasp-esapi-java/issues/detail?id=108
+		try {
+			instance.verifyPasswordStrength("password", "FictionalEsapiUser", user);
+			fail();
+		} catch (AuthenticationException e) {
+			// success
+		}
+		try {
+			instance.verifyPasswordStrength("password", "FICTIONALESAPIUSER", user);
+			fail();
+		} catch (AuthenticationException e) {
+			// success
+		}
+
+		// should pass
+		instance.verifyPasswordStrength("password", "jeffJEFF12!", user);
+		instance.verifyPasswordStrength("password", "super calif ragil istic", user);
+		instance.verifyPasswordStrength("password", "TONYTONYTONYTONY", user);
+		instance.verifyPasswordStrength("password", instance.generateStrongPassword(), user);
+
+        // chrisisbeef - Issue 65 - http://code.google.com/p/owasp-esapi-java/issues/detail?id=65
+        instance.verifyPasswordStrength("password", "b!gbr0ther", user);
+	}
+
+	/**
+	 * Test of exists method, of class org.owasp.esapi.Authenticator.
+	 * 
+	 * @throws Exception
+	 *             the exception
+	 */
+	public void testExists() throws Exception {
+		System.out.println("exists");
+		String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+        Authenticator instance = ESAPI.authenticator();
+		String password = instance.generateStrongPassword();
+		instance.createUser(accountName, password, password);
+		assertTrue(instance.exists(accountName));
+		instance.removeUser(accountName);
+		assertFalse(instance.exists(accountName));
+	}
+
+    /**
+     * Test of main method, of class org.owasp.esapi.Authenticator.
+     * @throws Exception
+     */
+    public void testMain() throws Exception {
+        System.out.println("Authenticator Main");
+        Authenticator instance = ESAPI.authenticator();
+        String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+        String password = instance.generateStrongPassword();
+        String role = "test";
+        
+        // test wrong parameters - missing role parameter
+        String[] badargs = { accountName, password };
+        FileBasedAuthenticator.main( badargs );
+        // load users since the new user was added in another instance
+        ((FileBasedAuthenticator)instance).loadUsersImmediately();
+        User u1 = instance.getUser(accountName);
+        assertNull( u1 );
+
+        // test good parameters
+        String[] args = { accountName, password, role };
+        FileBasedAuthenticator.main(args);
+        // load users since the new user was added in another instance
+        ((FileBasedAuthenticator)instance).loadUsersImmediately();
+        DefaultUser u2 = (DefaultUser) instance.getUser(accountName);
+        assertNotNull( u2 );
+        assertTrue( u2.isInRole(role));
+        assertEquals( instance.hashPassword(password, accountName), ((FileBasedAuthenticator)instance).getHashedPassword(u2) );
+    }
+    
+    
+}

From 384c0a0fb0d3dea63cc7ebaba3a621c570396f5a Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:51 -0500
Subject: [PATCH 235/812] Change CRLF to LF for issue 356.

---
 .../crypto/EncryptedPropertiesTest.java       | 464 +++++++++---------
 1 file changed, 232 insertions(+), 232 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/reference/crypto/EncryptedPropertiesTest.java b/src/test/java/org/owasp/esapi/reference/crypto/EncryptedPropertiesTest.java
index d09713734..bd3526172 100644
--- a/src/test/java/org/owasp/esapi/reference/crypto/EncryptedPropertiesTest.java
+++ b/src/test/java/org/owasp/esapi/reference/crypto/EncryptedPropertiesTest.java
@@ -1,232 +1,232 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference.crypto;
-
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.InputStream;
-import java.io.StringBufferInputStream;
-import java.util.Iterator;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.errors.EncryptionException;
-import org.owasp.esapi.reference.crypto.DefaultEncryptedProperties;
-
-/**
- * The Class EncryptedPropertiesTest.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class EncryptedPropertiesTest extends TestCase {
-
-	/**
-	 * Instantiates a new encrypted properties test.
-	 * 
-	 * @param testName
-	 *            the test name
-	 */
-	public EncryptedPropertiesTest(String testName) {
-		super(testName);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	protected void setUp() throws Exception {
-		// none
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	protected void tearDown() throws Exception {
-		// none
-	}
-
-	/**
-	 * Suite.
-	 * 
-	 * @return the test
-	 */
-	public static Test suite() {
-		TestSuite suite = new TestSuite(EncryptedPropertiesTest.class);
-
-		return suite;
-	}
-
-	/**
-	 * Test of getProperty method, of class org.owasp.esapi.EncryptedProperties.
-	 * 
-	 * @throws EncryptionException
-	 *             the encryption exception
-	 */
-	public void testGetProperty() throws EncryptionException {
-		System.out.println("getProperty");
-		DefaultEncryptedProperties instance = new DefaultEncryptedProperties();
-		String name = "name";
-		String value = "value";
-		instance.setProperty(name, value);
-		String result = instance.getProperty(name);
-		assertEquals(value, result);
-		assertNull(instance.getProperty("ridiculous"));
-	}
-
-	/**
-	 * Test of setProperty method, of class org.owasp.esapi.EncryptedProperties.
-	 * 
-	 * @throws EncryptionException
-	 *             the encryption exception
-	 */
-	public void testSetProperty() throws EncryptionException {
-		System.out.println("setProperty");
-		DefaultEncryptedProperties instance = new DefaultEncryptedProperties();
-		String name = "name";
-		String value = "value";
-		instance.setProperty(name, value);
-		String result = instance.getProperty(name);
-		assertEquals(value, result);
-		
-        instance.setProperty(name, "");
-        result = instance.getProperty(name);
-        assertEquals(result, "");
-        
-        try {
-            instance.setProperty(null, value);
-            fail("testSetProperty(): Null property name did not result in expected exception.");
-        } catch( Exception e ) {
-            assertTrue( e instanceof EncryptionException );
-        }
-        try {
-            instance.setProperty(name, null);
-            fail("testSetProperty(): Null property value did not result in expected exception.");
-        } catch( Exception e ) {
-            assertTrue( e instanceof EncryptionException );
-        }
-		try {
-			instance.setProperty(null, null);			
-			fail("testSetProperty(): Null property name and valud did not result in expected exception.");
-		} catch( Exception e ) {
-		    assertTrue( e instanceof EncryptionException );
-		}
-	}
-
-	/**
-	 * Test the behavior when the requested key does not exist.
-	 */
-	public void testNonExistantKeyValue() throws Exception
-	{
-		DefaultEncryptedProperties instance = new DefaultEncryptedProperties();
-		assertNull(instance.getProperty("not.there"));
-	}
-
-	/**
-	 * Test of keySet method, of class org.owasp.esapi.EncryptedProperties.
-	 */
-	public void testKeySet() throws Exception
-	{
-		boolean sawTwo = false;
-		boolean sawOne = false;
-
-		System.out.println("keySet");
-		DefaultEncryptedProperties instance = new DefaultEncryptedProperties();
-		instance.setProperty("one", "two");
-		instance.setProperty("two", "three");
-		Iterator i = instance.keySet().iterator();
-		while(i.hasNext())
-		{
-			String key = (String)i.next();
-
-			assertNotNull("key returned from keySet() iterator was null", key);
-			if(key.equals("one"))
-				if(sawOne)
-					fail("Key one seen more than once.");
-				else
-					sawOne = true;
-			else if(key.equals("two"))
-				if(sawTwo)
-					fail("Key two seen more than once.");
-				else
-					sawTwo = true;
-			else
-				fail("Unset key " + key + " returned from keySet().iterator()");
-		}
-		assertTrue("Key one was never seen", sawOne);
-		assertTrue("Key two was never seen", sawTwo);
-	}
-
-	/**
-	 * Test storing and loading of encrypted properties.
-	 */
-	public void testStoreLoad() throws Exception
-	{
-		DefaultEncryptedProperties toLoad = new DefaultEncryptedProperties();
-		ByteArrayOutputStream baos = new ByteArrayOutputStream();
-		ByteArrayInputStream bais;
-		boolean sawOne = false;
-		boolean sawTwo = false;
-		boolean sawSeuss = false;
-
-	    DefaultEncryptedProperties toStore = new DefaultEncryptedProperties();
-		toStore.setProperty("one", "two");
-		toStore.setProperty("two", "three");
-		toStore.setProperty("seuss.schneier", "one fish, twofish, red fish, blowfish");
-		toStore.store(baos, "testStore");
-
-		bais = new ByteArrayInputStream(baos.toByteArray());
-		toLoad.load(bais);
-
-		for(Iterator i=toLoad.keySet().iterator();i.hasNext();)
-		{
-			String key = (String)i.next();
-
-			assertNotNull("key returned from keySet() iterator was null", key);
-			if(key.equals("one"))
-				if(sawOne)
-					fail("Key one seen more than once.");
-				else
-				{
-					sawOne = true;
-					assertEquals("Key one's value was not two", "two", toLoad.getProperty("one"));
-				}
-			else if(key.equals("two"))
-				if(sawTwo)
-					fail("Key two seen more than once.");
-				else
-				{
-					sawTwo = true;
-					assertEquals("Key two's value was not three", "three", toLoad.getProperty("two"));
-				}
-	         else if(key.equals("seuss.schneier"))
-	                if(sawSeuss)
-	                    fail("Key seuss.schneier seen more than once.");
-	                else
-	                {
-	                    sawSeuss = true;
-	                    assertEquals("Key seuss.schneier's value was not expected value",
-	                                 "one fish, twofish, red fish, blowfish",
-	                                 toStore.getProperty("seuss.schneier"));
-	                }
-			else
-				fail("Unset key " + key + " returned from keySet().iterator()");
-		}
-		assertTrue("Key one was never seen", sawOne);
-		assertTrue("Key two was never seen", sawTwo);
-	}
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference.crypto;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+import java.io.StringBufferInputStream;
+import java.util.Iterator;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.errors.EncryptionException;
+import org.owasp.esapi.reference.crypto.DefaultEncryptedProperties;
+
+/**
+ * The Class EncryptedPropertiesTest.
+ * 
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class EncryptedPropertiesTest extends TestCase {
+
+	/**
+	 * Instantiates a new encrypted properties test.
+	 * 
+	 * @param testName
+	 *            the test name
+	 */
+	public EncryptedPropertiesTest(String testName) {
+		super(testName);
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	protected void setUp() throws Exception {
+		// none
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	protected void tearDown() throws Exception {
+		// none
+	}
+
+	/**
+	 * Suite.
+	 * 
+	 * @return the test
+	 */
+	public static Test suite() {
+		TestSuite suite = new TestSuite(EncryptedPropertiesTest.class);
+
+		return suite;
+	}
+
+	/**
+	 * Test of getProperty method, of class org.owasp.esapi.EncryptedProperties.
+	 * 
+	 * @throws EncryptionException
+	 *             the encryption exception
+	 */
+	public void testGetProperty() throws EncryptionException {
+		System.out.println("getProperty");
+		DefaultEncryptedProperties instance = new DefaultEncryptedProperties();
+		String name = "name";
+		String value = "value";
+		instance.setProperty(name, value);
+		String result = instance.getProperty(name);
+		assertEquals(value, result);
+		assertNull(instance.getProperty("ridiculous"));
+	}
+
+	/**
+	 * Test of setProperty method, of class org.owasp.esapi.EncryptedProperties.
+	 * 
+	 * @throws EncryptionException
+	 *             the encryption exception
+	 */
+	public void testSetProperty() throws EncryptionException {
+		System.out.println("setProperty");
+		DefaultEncryptedProperties instance = new DefaultEncryptedProperties();
+		String name = "name";
+		String value = "value";
+		instance.setProperty(name, value);
+		String result = instance.getProperty(name);
+		assertEquals(value, result);
+		
+        instance.setProperty(name, "");
+        result = instance.getProperty(name);
+        assertEquals(result, "");
+        
+        try {
+            instance.setProperty(null, value);
+            fail("testSetProperty(): Null property name did not result in expected exception.");
+        } catch( Exception e ) {
+            assertTrue( e instanceof EncryptionException );
+        }
+        try {
+            instance.setProperty(name, null);
+            fail("testSetProperty(): Null property value did not result in expected exception.");
+        } catch( Exception e ) {
+            assertTrue( e instanceof EncryptionException );
+        }
+		try {
+			instance.setProperty(null, null);			
+			fail("testSetProperty(): Null property name and valud did not result in expected exception.");
+		} catch( Exception e ) {
+		    assertTrue( e instanceof EncryptionException );
+		}
+	}
+
+	/**
+	 * Test the behavior when the requested key does not exist.
+	 */
+	public void testNonExistantKeyValue() throws Exception
+	{
+		DefaultEncryptedProperties instance = new DefaultEncryptedProperties();
+		assertNull(instance.getProperty("not.there"));
+	}
+
+	/**
+	 * Test of keySet method, of class org.owasp.esapi.EncryptedProperties.
+	 */
+	public void testKeySet() throws Exception
+	{
+		boolean sawTwo = false;
+		boolean sawOne = false;
+
+		System.out.println("keySet");
+		DefaultEncryptedProperties instance = new DefaultEncryptedProperties();
+		instance.setProperty("one", "two");
+		instance.setProperty("two", "three");
+		Iterator i = instance.keySet().iterator();
+		while(i.hasNext())
+		{
+			String key = (String)i.next();
+
+			assertNotNull("key returned from keySet() iterator was null", key);
+			if(key.equals("one"))
+				if(sawOne)
+					fail("Key one seen more than once.");
+				else
+					sawOne = true;
+			else if(key.equals("two"))
+				if(sawTwo)
+					fail("Key two seen more than once.");
+				else
+					sawTwo = true;
+			else
+				fail("Unset key " + key + " returned from keySet().iterator()");
+		}
+		assertTrue("Key one was never seen", sawOne);
+		assertTrue("Key two was never seen", sawTwo);
+	}
+
+	/**
+	 * Test storing and loading of encrypted properties.
+	 */
+	public void testStoreLoad() throws Exception
+	{
+		DefaultEncryptedProperties toLoad = new DefaultEncryptedProperties();
+		ByteArrayOutputStream baos = new ByteArrayOutputStream();
+		ByteArrayInputStream bais;
+		boolean sawOne = false;
+		boolean sawTwo = false;
+		boolean sawSeuss = false;
+
+	    DefaultEncryptedProperties toStore = new DefaultEncryptedProperties();
+		toStore.setProperty("one", "two");
+		toStore.setProperty("two", "three");
+		toStore.setProperty("seuss.schneier", "one fish, twofish, red fish, blowfish");
+		toStore.store(baos, "testStore");
+
+		bais = new ByteArrayInputStream(baos.toByteArray());
+		toLoad.load(bais);
+
+		for(Iterator i=toLoad.keySet().iterator();i.hasNext();)
+		{
+			String key = (String)i.next();
+
+			assertNotNull("key returned from keySet() iterator was null", key);
+			if(key.equals("one"))
+				if(sawOne)
+					fail("Key one seen more than once.");
+				else
+				{
+					sawOne = true;
+					assertEquals("Key one's value was not two", "two", toLoad.getProperty("one"));
+				}
+			else if(key.equals("two"))
+				if(sawTwo)
+					fail("Key two seen more than once.");
+				else
+				{
+					sawTwo = true;
+					assertEquals("Key two's value was not three", "three", toLoad.getProperty("two"));
+				}
+	         else if(key.equals("seuss.schneier"))
+	                if(sawSeuss)
+	                    fail("Key seuss.schneier seen more than once.");
+	                else
+	                {
+	                    sawSeuss = true;
+	                    assertEquals("Key seuss.schneier's value was not expected value",
+	                                 "one fish, twofish, red fish, blowfish",
+	                                 toStore.getProperty("seuss.schneier"));
+	                }
+			else
+				fail("Unset key " + key + " returned from keySet().iterator()");
+		}
+		assertTrue("Key one was never seen", sawOne);
+		assertTrue("Key two was never seen", sawTwo);
+	}
+}

From 68f24d11e59f8ae3fe4fcab3625ae2e435a0c0b4 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:51 -0500
Subject: [PATCH 236/812] Change CRLF to LF for issue 356.

---
 .../esapi/reference/crypto/EncryptorTest.java | 1054 ++++++++---------
 1 file changed, 527 insertions(+), 527 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/reference/crypto/EncryptorTest.java b/src/test/java/org/owasp/esapi/reference/crypto/EncryptorTest.java
index 35709a21a..787464cb8 100644
--- a/src/test/java/org/owasp/esapi/reference/crypto/EncryptorTest.java
+++ b/src/test/java/org/owasp/esapi/reference/crypto/EncryptorTest.java
@@ -1,527 +1,527 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference.crypto;
-
-import java.io.UnsupportedEncodingException;
-
-import javax.crypto.SecretKey;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.EncoderConstants;
-import org.owasp.esapi.Encryptor;
-import org.owasp.esapi.crypto.CipherText;
-import org.owasp.esapi.crypto.CryptoHelper;
-import org.owasp.esapi.crypto.PlainText;
-import org.owasp.esapi.errors.EncryptionException;
-import org.owasp.esapi.errors.EnterpriseSecurityException;
-import org.owasp.esapi.errors.IntegrityException;
-import org.owasp.esapi.reference.crypto.JavaEncryptor;
-
-/**
- * The Class EncryptorTest.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- * @author kevin.w.wall@gmail.com
- */
-public class EncryptorTest extends TestCase {
-    
-    /**
-	 * Instantiates a new encryptor test.
-	 * 
-	 * @param testName
-	 *            the test name
-	 */
-    public EncryptorTest(String testName) {
-        super(testName);
-    }
-
-    /**
-     * {@inheritDoc}
-     * @throws Exception
-     */
-    @SuppressWarnings("deprecation")
-	protected void setUp() throws Exception {
-        // This is only mechanism to change this for now. Will do this with
-        // a soon to be CryptoControls class or equivalent mechanism in a
-    	// future release.
-        ESAPI.securityConfiguration().setCipherTransformation("AES/CBC/PKCS5Padding");
-    }
-
-    /**
-     * {@inheritDoc}
-     * @throws Exception
-     */
-    protected void tearDown() throws Exception {
-    	// none
-    }
-
-    /**
-     * Run all the test cases in this suite.
-     * This is to allow running from {@code org.owasp.esapi.AllTests}.
-     * 
-	 * @return the test
-	 */
-    public static Test suite() {
-        TestSuite suite = new TestSuite(EncryptorTest.class);
-        
-        return suite;
-    }
-
-    /**
-	 * Test of hash method, of class org.owasp.esapi.Encryptor.
-     *
-     * @throws EncryptionException
-     */
-    public void testHash() throws EncryptionException {
-        System.out.println("testHash()");
-        Encryptor instance = ESAPI.encryptor();
-        String hash1 = instance.hash("test1", "salt");
-        String hash2 = instance.hash("test2", "salt");
-        assertFalse(hash1.equals(hash2));
-        String hash3 = instance.hash("test", "salt1");
-        String hash4 = instance.hash("test", "salt2");
-        assertFalse(hash3.equals(hash4));
-    }
-
-    /**
-	 * Test of new encrypt / decrypt method for Strings whose length is
-	 * not a multiple of the cipher block size (16 bytes for AES).
-	 * 
-	 * @throws EncryptionException
-	 *             the encryption exception
-	 */
-    public void testEncryptDecrypt1() throws EncryptionException {
-        System.out.println("testEncryptDecrypt2()");
-        Encryptor instance = ESAPI.encryptor();
-        String plaintext = "test1234test1234tes"; // Not a multiple of block size (16 bytes)
-        try {
-            CipherText ct = instance.encrypt(new PlainText(plaintext));
-            PlainText pt = instance.decrypt(ct);
-            assertTrue( pt.toString().equals(plaintext) );
-        }
-        catch( EncryptionException e ) {
-        	fail("testEncryptDecrypt2(): Caught exception: " + e);
-        }
-    }
-
-    /**
-	 * Test of new encrypt / decrypt method for Strings whose length is
-	 * same as cipher block size (16 bytes for AES).
-	 */
-    public void testEncryptDecrypt2() {
-        System.out.println("testEncryptDecrypt2()");
-        Encryptor instance = ESAPI.encryptor();
-        String plaintext = "test1234test1234";
-        try {
-            CipherText ct = instance.encrypt(new PlainText(plaintext));
-            PlainText pt = instance.decrypt(ct);
-            assertTrue( pt.toString().equals(plaintext) );
-        }
-        catch( EncryptionException e ) {
-        	fail("testEncryptDecrypt2(): Caught exception: " + e);
-        }
-    }
-
-    /**
-     * Test of encrypt methods for empty String.
-     */
-    public void testEncryptEmptyStrings() {
-        System.out.println("testEncryptEmptyStrings()");
-        Encryptor instance = ESAPI.encryptor();
-        String plaintext = "";
-        try {
-            // System.out.println("New encryption methods");
-            CipherText ct = instance.encrypt(new PlainText(plaintext));
-            PlainText pt = instance.decrypt(ct);
-            assertTrue( pt.toString().equals("") );
-        } catch(Exception e) {
-            fail("testEncryptEmptyStrings() -- Caught exception: " + e);
-        }
-    }
-    
-    /**
-     * Test encryption method for null.
-     */
-    public void testEncryptNull() {
-        System.out.println("testEncryptNull()");
-        Encryptor instance = ESAPI.encryptor();
-        try {
-			CipherText ct = instance.encrypt( null );  // Should throw NPE or AssertionError
-            fail("New encrypt(PlainText) method did not throw. Result was: " + ct.toString());
-        } catch(Throwable t) {
-            // It should be one of these, depending on whether or not assertions are enabled.
-            assertTrue( t instanceof IllegalArgumentException || t instanceof AssertionError);
-        }
-    }
-
-    /**
-     * Test decryption method for null.
-     */
-    public void testDecryptNull() {
-        System.out.println("testDecryptNull()");
-        Encryptor instance = ESAPI.encryptor();
-        try {
-			PlainText pt = instance.decrypt( null );  // Should throw IllegalArgumentException or AssertionError
-            fail("New decrypt(PlainText) method did not throw. Result was: " + pt.toString());
-        } catch(Throwable t) {
-            // It should be one of these, depending on whether or not assertions are enabled.
-            assertTrue( t instanceof IllegalArgumentException || t instanceof AssertionError);
-        }
-    }
-    
-    /**
-     * Test of new encrypt / decrypt methods added in ESAPI 2.0.
-     */
-    public void testNewEncryptDecrypt() {
-    	System.out.println("testNewEncryptDecrypt()");
-    	try {
-
-    	    // Let's try it with a 2-key version of 3DES. This should work for all
-    	    // installations, whereas the 3-key Triple DES will only work for those
-    	    // who have the Unlimited Strength Jurisdiction Policy files installed.
-			runNewEncryptDecryptTestCase("DESede/CBC/PKCS5Padding", 112, "1234567890".getBytes("UTF-8"));
-			runNewEncryptDecryptTestCase("DESede/CBC/NoPadding", 112, "12345678".getBytes("UTF-8"));
-			
-			runNewEncryptDecryptTestCase("DES/ECB/NoPadding", 56, "test1234".getBytes("UTF-8"));
-			
-	        runNewEncryptDecryptTestCase("AES/CBC/PKCS5Padding", 128, "Encrypt the world!".getBytes("UTF-8"));
-	        
-	        // These tests are only valid (and run) if one has the JCE Unlimited
-	        // Strength Jurisdiction Policy files installed for this Java VM.
-	            // 256-bit AES
-            runNewEncryptDecryptTestCase("AES/ECB/NoPadding", 256, "test1234test1234".getBytes("UTF-8"));
-                // 168-bit (aka, 3-key) Triple DES
-            runNewEncryptDecryptTestCase("DESede/CBC/PKCS5Padding", 168, "Groucho's secret word".getBytes("UTF-8"));
-		} catch (UnsupportedEncodingException e) {
-			fail("OK, who stole UTF-8 encoding from the Java rt.jar ???");
-		}
-    	
-    }
-    
-    /**
-     * Helper method to test new encryption / decryption.
-     * @param cipherXform	Cipher transformation
-     * @param keySize	Size of key, in bits.
-     * @param plaintextBytes Byte array of plaintext.
-     * @return The base64-encoded IV+ciphertext (or just ciphertext if no IV) or
-     *         null if {@code keysize} is greater than 128 bits and unlimited
-     *         strength crypto is not available for this Java VM.
-     */
-    private String runNewEncryptDecryptTestCase(String cipherXform, int keySize, byte[] plaintextBytes) {
-    	System.out.println("New encrypt / decrypt: " + cipherXform);
-    	
-    	if ( keySize > 128 && !CryptoPolicy.isUnlimitedStrengthCryptoAvailable() ) {
-    	    System.out.println("Skipping test for cipher transformation " +
-    	                       cipherXform + " with key size of " + keySize +
-    	                       " bits because this requires JCE Unlimited Strength" +
-    	                       " Jurisdiction Policy files to be installed and they" +
-    	                       " are not.");
-    	    return null;
-    	}
-
-    	try {
-    		// Generate an appropriate random secret key
-			SecretKey skey = CryptoHelper.generateSecretKey(cipherXform, keySize);	
-			assertTrue( skey.getAlgorithm().equals(cipherXform.split("/")[0]) );
-			String cipherAlg = cipherXform.split("/")[0];
-			
-			// Adjust key size for DES and DESede specific oddities.
-			// NOTE: Key size that encrypt() method is using is 192 bits!!!
-    		//        which is 3 times 64 bits, but DES key size is only 56 bits.
-    		// See 'IMPORTANT NOTE', in JavaEncryptor, near line 376. It's a "feature"!!!
-			if ( cipherAlg.equals( "DESede" ) ) {
-				keySize = 192;
-			} else if ( cipherAlg.equals( "DES" ) ) {
-				keySize = 64;
-			} // Else... use specified keySize.
-			assertTrue( (keySize / 8) == skey.getEncoded().length );
-//			System.out.println("testNewEncryptDecrypt(): Skey length (bits) = " + 8 * skey.getEncoded().length);
-
-			// Change to a possibly different cipher. This is kludgey at best. Am thinking about an
-			// alternate way to do this using a new 'CryptoControls' class. Maybe not until release 2.1.
-			// Change the cipher transform from whatever it currently is to the specified cipherXform.
-	    	@SuppressWarnings("deprecation")
-			String oldCipherXform = ESAPI.securityConfiguration().setCipherTransformation(cipherXform);
-	    	if ( ! cipherXform.equals(oldCipherXform) ) {
-	    		System.out.println("Cipher xform changed from \"" + oldCipherXform + "\" to \"" + cipherXform + "\"");
-	    	}
-	    	
-	    	// Get an Encryptor instance with the specified, possibly new, cipher transformation.
-	    	Encryptor instance = ESAPI.encryptor();
-	    	PlainText plaintext = new PlainText(plaintextBytes);
-	    	PlainText origPlainText = new PlainText( plaintext.toString() ); // Make _copy_ of original for comparison.
-	    	
-	    	// Do the encryption with the new encrypt() method and get back the CipherText.
-	    	CipherText ciphertext = instance.encrypt(skey, plaintext);	// The new encrypt() method.
-	    	System.out.println("DEBUG: Encrypt(): CipherText object is -- " + ciphertext);
-	    	assertTrue( ciphertext != null );
-//	    	System.out.println("DEBUG: After encryption: base64-encoded IV+ciphertext: " + ciphertext.getEncodedIVCipherText());
-//	    	System.out.println("\t\tOr... " + ESAPI.encoder().decodeFromBase64(ciphertext.getEncodedIVCipherText()) );
-//	    	System.out.println("DEBUG: After encryption: base64-encoded raw ciphertext: " + ciphertext.getBase64EncodedRawCipherText());
-//	    	System.out.println("\t\tOr... " + ESAPI.encoder().decodeFromBase64(ciphertext.getBase64EncodedRawCipherText()) );
-
-	    	// If we are supposed to have overwritten the plaintext, check this to see
-	    	// if origPlainText was indeed overwritten.
-			boolean overwritePlaintext = ESAPI.securityConfiguration().overwritePlainText();
-			if ( overwritePlaintext ) {
-				assertTrue( isPlaintextOverwritten(plaintext) );
-			}
-	    	
-	    	// Take the resulting ciphertext and decrypt w/ new decryption method.
-	    	PlainText decryptedPlaintext  = instance.decrypt(skey, ciphertext);		// The new decrypt() method.
-	    	
-	    	// Make sure we got back the same thing we started with.
-	    	System.out.println("\tOriginal plaintext: " + origPlainText);
-	    	System.out.println("\tResult after decryption: " + decryptedPlaintext);
-			assertTrue( "Failed to decrypt properly.", origPlainText.toString().equals( decryptedPlaintext.toString() ) );
-	    	
-	    	// Restore the previous cipher transformation. For now, this is only way to do this.
-	    	@SuppressWarnings("deprecation")
-			String previousCipherXform = ESAPI.securityConfiguration().setCipherTransformation(null);
-	    	assertTrue( previousCipherXform.equals( cipherXform ) );
-	    	String defaultCipherXform = ESAPI.securityConfiguration().getCipherTransformation();
-	    	assertTrue( defaultCipherXform.equals( oldCipherXform ) );
-	    	
-	    	return ciphertext.getEncodedIVCipherText();
-		} catch (Exception e) {
-			// OK if not counted toward code coverage.
-			System.out.println("testNewEncryptDecrypt(): Caught unexpected exception: " + e.getClass().getName());
-			e.printStackTrace(System.out);
-			fail("Caught unexpected exception; msg was: " + e);
-		}
-		return null;
-    }
-    
-    private static boolean isPlaintextOverwritten(PlainText plaintext) {
-    	// Note: An assumption here that the original plaintext did not consist
-    	// entirely of all '*' characters.
-    	byte[] ptBytes = plaintext.asBytes();
-    	
-    	for ( int i = 0; i < ptBytes.length; i++ ) {
-    		if ( ptBytes[i] != '*' ) {
-    			return false;
-    		}
-    	}
-    	return true;
-    }
-    
-    // TODO - Because none of the encryption / decryption tests persists
-    //		  encrypted data across runs, that means everything is run
-    //		  under same JVM at same time thus always with the same
-    //		  _native_ byte encoding.
-    //
-    //		  Need test(s) such that data is persisted across JVM runs
-    //		  so we can test a run on (say) a Windows Intel box can decrypt
-    //		  encrypted data produced by the reference Encryptor on
-    //		  (say) a Solaris SPARC box. I.e., test that the change to
-    //		  JavaEncryptor to use UTF-8 encoding throughout works as
-    //		  desired.
-    //
-    //		  Files saved across tests need to be added to SVN (under
-    //		  resources or where) and they should be named so we know
-    //		  where and how they were created. E.g., WinOS-AES-ECB.dat,
-    //		  Sparc-Solaris-AEC-CBC-PKCS5Padding.dat, etc., but they should be
-    //		  able to be decrypted from any platform. May wish to place that
-    //		  under a separate JUnit test.
-    //
-    // TODO - Need to test rainy day paths of new encrypt / decrypt so can
-    //		  verify that exception handling working OK, etc. Maybe also in
-    //		  a separate JUnit test, since everything here seems to be sunny
-    //		  day path. (Note: Some of this no in new test case,
-    //		  org.owasp.esapi.crypto.ESAPICryptoMACByPassTest.)
-    //
-    //				-kevin wall
-    
-
-    /**
-	 * Test of sign method, of class org.owasp.esapi.Encryptor.
-	 * 
-	 * @throws EncryptionException
-	 *             the encryption exception
-	 */
-    public void testSign() throws EncryptionException {
-        System.out.println("testSign()");        
-        Encryptor instance = ESAPI.encryptor();
-        String plaintext = ESAPI.randomizer().getRandomString( 32, EncoderConstants.CHAR_ALPHANUMERICS );
-        String signature = instance.sign(plaintext);
-        assertTrue( instance.verifySignature( signature, plaintext ) );
-        assertFalse( instance.verifySignature( signature, "ridiculous" ) );
-        assertFalse( instance.verifySignature( "ridiculous", plaintext ) );
-    }
-
-    /**
-	 * Test of verifySignature method, of class org.owasp.esapi.Encryptor.
-	 * 
-	 * @throws EncryptionException
-	 *             the encryption exception
-	 */
-    public void testVerifySignature() throws EncryptionException {
-        System.out.println("testVerifySignature()");
-        Encryptor instance = ESAPI.encryptor();
-        String plaintext = ESAPI.randomizer().getRandomString( 32, EncoderConstants.CHAR_ALPHANUMERICS );
-        String signature = instance.sign(plaintext);
-        assertTrue( instance.verifySignature( signature, plaintext ) );
-    }
-    
- 
-    /**
-	 * Test of seal method, of class org.owasp.esapi.Encryptor.
-	 * 
-     * @throws IntegrityException
-	 */
-    public void testSeal() throws IntegrityException {
-        System.out.println("testSeal()");
-        Encryptor instance = ESAPI.encryptor(); 
-        String plaintext = ESAPI.randomizer().getRandomString( 32, EncoderConstants.CHAR_ALPHANUMERICS );
-        String seal = instance.seal( plaintext, instance.getTimeStamp() + 1000*60 );
-        instance.verifySeal( seal );
-        
-        int progressMark = 1;
-        boolean caughtExpectedEx = false;
-        try {
-            seal = instance.seal("", instance.getTimeStamp() + 1000*60);
-            progressMark++;
-            instance.verifySeal(seal);
-            progressMark++;
-        } catch(Exception e) {
-            fail("Failed empty string test: " + e + "; progress mark = " + progressMark);
-        }
-        try {
-            seal = instance.seal(null, instance.getTimeStamp() + 1000*60);
-            fail("Did not throw expected IllegalArgumentException");
-        } catch(IllegalArgumentException e) {
-            caughtExpectedEx = true;
-        } catch(Exception e) {
-            fail("Failed null string test; did not get expected IllegalArgumentException: " + e);
-        }
-        assertTrue(caughtExpectedEx);
-        
-        try {
-            seal = instance.seal("test", 0);
-            progressMark++;
-            // instance.verifySeal(seal);
-            progressMark++;
-        } catch(Exception e) {
-            fail("Fail test with 0 timestamp: " + e + "; progress mark = " + progressMark);
-        }
-        try {
-            seal = instance.seal("test", -1);
-            progressMark++;
-            // instance.verifySeal(seal);
-            progressMark++;
-        } catch(Exception e) {
-            fail("Fail test with -1 timestamp: " + e + "; progress mark = " + progressMark);
-        }
-    }
-
-    /**
-	 * Test of verifySeal method, of class org.owasp.esapi.Encryptor.
-	 * 
-     * @throws EnterpriseSecurityException
-	 */
-    public void testVerifySeal() throws EnterpriseSecurityException {
-        final int NSEC = 5;
-        System.out.println("testVerifySeal()");
-        Encryptor instance = ESAPI.encryptor(); 
-        String plaintext = "ridiculous:with:delimiters";    // Should now work w/ : (issue #28)
-        String seal = instance.seal( plaintext, instance.getRelativeTimeStamp( 1000 * NSEC ) );
-        try {
-        	assertNotNull("Encryptor.seal() returned null", seal );
-        	assertTrue("Failed to verify seal", instance.verifySeal( seal ) );
-        } catch ( Exception e ) {
-        	fail();
-        }
-        int progressMark = 1;
-        try {
-            // NOTE: I regrouped these all into a single try / catch since they
-            //       all test the same thing. Hence if one fails, they all should.
-            //       Also changed these tests so they no longer depend on the
-            //       deprecated encrypt() methods. IMO, *all these multiple
-            //       similar tests are not really required*, as they all are more
-            //       or less testing the same thing.
-            //                                              -kevin wall
-            // ================================================================
-            // Try to validate some invalid seals.
-            //
-            // All these should return false and log a warning with an Exception stack
-            // trace caused by an EncryptionException indicating "Invalid seal".
-        	assertFalse( instance.verifySeal( plaintext ) );
-        	progressMark++;      	
-            assertFalse( instance.verifySeal( instance.encrypt( new PlainText(plaintext) ).getBase64EncodedRawCipherText() ) );
-            progressMark++;            
-            assertFalse( instance.verifySeal( instance.encrypt( new PlainText(100 + ":" + plaintext) ).getBase64EncodedRawCipherText() ) );
-            progressMark++;
-            assertFalse( instance.verifySeal( instance.encrypt( new PlainText(Long.MAX_VALUE + ":" + plaintext) ).getBase64EncodedRawCipherText() ) );
-            progressMark++;
-            assertFalse( instance.verifySeal( instance.encrypt( new PlainText(Long.MAX_VALUE + ":random:" + plaintext) ).getBase64EncodedRawCipherText() ) );
-            progressMark++;
-            assertFalse( instance.verifySeal( instance.encrypt( new PlainText(Long.MAX_VALUE + ":random:" + plaintext+ ":badsig")  ).getBase64EncodedRawCipherText() ) );
-            progressMark++;
-            assertFalse( instance.verifySeal( instance.encrypt( new PlainText(Long.MAX_VALUE + ":random:" + plaintext + ":"+ instance.sign( Long.MAX_VALUE + ":random:" + plaintext) ) ).getBase64EncodedRawCipherText() ) );
-            progressMark++;
-        } catch ( Exception e ) {
-        	// fail("Failed invalid seal test # " + progressMark + " to verify seal.");
-            System.err.println("Failed seal verification at step # " + progressMark);
-            System.err.println("Exception was: " + e);
-            e.printStackTrace(System.err);
-        }
-        
-        try {
-            Thread.sleep(1000 * (NSEC + 1) );
-                // Seal now past expiration date.
-            assertFalse( instance.verifySeal( seal ) );
-        } catch ( Exception e ) {
-            fail("Failed expired seal test. Seal should be expired.");
-        }
-    }
-        
-
-    @SuppressWarnings("deprecation")
-    public void testEncryptionSerialization() throws EncryptionException {
-        String secretMsg = "Secret Message";
-        ESAPI.securityConfiguration().setCipherTransformation("AES/CBC/PKCS5Padding");
-        CipherText ct = ESAPI.encryptor().encrypt(new PlainText(secretMsg));
-        
-        byte[] serializedCipherText = ct.asPortableSerializedByteArray();
-        
-        PlainText plainText = ESAPI.encryptor().decrypt(
-                                CipherText.fromPortableSerializedBytes(serializedCipherText) );
-        
-        assertTrue( secretMsg.equals( plainText.toString() ) );
-    }
-    
-    /**
-     * Test of main method, of class org.owasp.esapi.Encryptor. Must be done by
-     * visual inspection for now. (Needs improvement.)
-     * @throws Exception
-     */
-    public void testMain() throws Exception {
-        System.out.println("testMain(): Encryptor Main with '-print' argument.");
-        String[] args = {};
-        JavaEncryptor.main( args );        
-        String[] args1 = {"-print"};
-        // TODO:
-        // It probably would be a better if System.out were changed to be
-        // a file or a byte stream so that the output could be slurped up
-        // and checked against (at least some of) the expected output.
-        // Left as an exercise to some future, ambitious ESAPI developer. ;-)
-        JavaEncryptor.main( args1 );        
-    }    
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference.crypto;
+
+import java.io.UnsupportedEncodingException;
+
+import javax.crypto.SecretKey;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.EncoderConstants;
+import org.owasp.esapi.Encryptor;
+import org.owasp.esapi.crypto.CipherText;
+import org.owasp.esapi.crypto.CryptoHelper;
+import org.owasp.esapi.crypto.PlainText;
+import org.owasp.esapi.errors.EncryptionException;
+import org.owasp.esapi.errors.EnterpriseSecurityException;
+import org.owasp.esapi.errors.IntegrityException;
+import org.owasp.esapi.reference.crypto.JavaEncryptor;
+
+/**
+ * The Class EncryptorTest.
+ * 
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ * @author kevin.w.wall@gmail.com
+ */
+public class EncryptorTest extends TestCase {
+    
+    /**
+	 * Instantiates a new encryptor test.
+	 * 
+	 * @param testName
+	 *            the test name
+	 */
+    public EncryptorTest(String testName) {
+        super(testName);
+    }
+
+    /**
+     * {@inheritDoc}
+     * @throws Exception
+     */
+    @SuppressWarnings("deprecation")
+	protected void setUp() throws Exception {
+        // This is only mechanism to change this for now. Will do this with
+        // a soon to be CryptoControls class or equivalent mechanism in a
+    	// future release.
+        ESAPI.securityConfiguration().setCipherTransformation("AES/CBC/PKCS5Padding");
+    }
+
+    /**
+     * {@inheritDoc}
+     * @throws Exception
+     */
+    protected void tearDown() throws Exception {
+    	// none
+    }
+
+    /**
+     * Run all the test cases in this suite.
+     * This is to allow running from {@code org.owasp.esapi.AllTests}.
+     * 
+	 * @return the test
+	 */
+    public static Test suite() {
+        TestSuite suite = new TestSuite(EncryptorTest.class);
+        
+        return suite;
+    }
+
+    /**
+	 * Test of hash method, of class org.owasp.esapi.Encryptor.
+     *
+     * @throws EncryptionException
+     */
+    public void testHash() throws EncryptionException {
+        System.out.println("testHash()");
+        Encryptor instance = ESAPI.encryptor();
+        String hash1 = instance.hash("test1", "salt");
+        String hash2 = instance.hash("test2", "salt");
+        assertFalse(hash1.equals(hash2));
+        String hash3 = instance.hash("test", "salt1");
+        String hash4 = instance.hash("test", "salt2");
+        assertFalse(hash3.equals(hash4));
+    }
+
+    /**
+	 * Test of new encrypt / decrypt method for Strings whose length is
+	 * not a multiple of the cipher block size (16 bytes for AES).
+	 * 
+	 * @throws EncryptionException
+	 *             the encryption exception
+	 */
+    public void testEncryptDecrypt1() throws EncryptionException {
+        System.out.println("testEncryptDecrypt2()");
+        Encryptor instance = ESAPI.encryptor();
+        String plaintext = "test1234test1234tes"; // Not a multiple of block size (16 bytes)
+        try {
+            CipherText ct = instance.encrypt(new PlainText(plaintext));
+            PlainText pt = instance.decrypt(ct);
+            assertTrue( pt.toString().equals(plaintext) );
+        }
+        catch( EncryptionException e ) {
+        	fail("testEncryptDecrypt2(): Caught exception: " + e);
+        }
+    }
+
+    /**
+	 * Test of new encrypt / decrypt method for Strings whose length is
+	 * same as cipher block size (16 bytes for AES).
+	 */
+    public void testEncryptDecrypt2() {
+        System.out.println("testEncryptDecrypt2()");
+        Encryptor instance = ESAPI.encryptor();
+        String plaintext = "test1234test1234";
+        try {
+            CipherText ct = instance.encrypt(new PlainText(plaintext));
+            PlainText pt = instance.decrypt(ct);
+            assertTrue( pt.toString().equals(plaintext) );
+        }
+        catch( EncryptionException e ) {
+        	fail("testEncryptDecrypt2(): Caught exception: " + e);
+        }
+    }
+
+    /**
+     * Test of encrypt methods for empty String.
+     */
+    public void testEncryptEmptyStrings() {
+        System.out.println("testEncryptEmptyStrings()");
+        Encryptor instance = ESAPI.encryptor();
+        String plaintext = "";
+        try {
+            // System.out.println("New encryption methods");
+            CipherText ct = instance.encrypt(new PlainText(plaintext));
+            PlainText pt = instance.decrypt(ct);
+            assertTrue( pt.toString().equals("") );
+        } catch(Exception e) {
+            fail("testEncryptEmptyStrings() -- Caught exception: " + e);
+        }
+    }
+    
+    /**
+     * Test encryption method for null.
+     */
+    public void testEncryptNull() {
+        System.out.println("testEncryptNull()");
+        Encryptor instance = ESAPI.encryptor();
+        try {
+			CipherText ct = instance.encrypt( null );  // Should throw NPE or AssertionError
+            fail("New encrypt(PlainText) method did not throw. Result was: " + ct.toString());
+        } catch(Throwable t) {
+            // It should be one of these, depending on whether or not assertions are enabled.
+            assertTrue( t instanceof IllegalArgumentException || t instanceof AssertionError);
+        }
+    }
+
+    /**
+     * Test decryption method for null.
+     */
+    public void testDecryptNull() {
+        System.out.println("testDecryptNull()");
+        Encryptor instance = ESAPI.encryptor();
+        try {
+			PlainText pt = instance.decrypt( null );  // Should throw IllegalArgumentException or AssertionError
+            fail("New decrypt(PlainText) method did not throw. Result was: " + pt.toString());
+        } catch(Throwable t) {
+            // It should be one of these, depending on whether or not assertions are enabled.
+            assertTrue( t instanceof IllegalArgumentException || t instanceof AssertionError);
+        }
+    }
+    
+    /**
+     * Test of new encrypt / decrypt methods added in ESAPI 2.0.
+     */
+    public void testNewEncryptDecrypt() {
+    	System.out.println("testNewEncryptDecrypt()");
+    	try {
+
+    	    // Let's try it with a 2-key version of 3DES. This should work for all
+    	    // installations, whereas the 3-key Triple DES will only work for those
+    	    // who have the Unlimited Strength Jurisdiction Policy files installed.
+			runNewEncryptDecryptTestCase("DESede/CBC/PKCS5Padding", 112, "1234567890".getBytes("UTF-8"));
+			runNewEncryptDecryptTestCase("DESede/CBC/NoPadding", 112, "12345678".getBytes("UTF-8"));
+			
+			runNewEncryptDecryptTestCase("DES/ECB/NoPadding", 56, "test1234".getBytes("UTF-8"));
+			
+	        runNewEncryptDecryptTestCase("AES/CBC/PKCS5Padding", 128, "Encrypt the world!".getBytes("UTF-8"));
+	        
+	        // These tests are only valid (and run) if one has the JCE Unlimited
+	        // Strength Jurisdiction Policy files installed for this Java VM.
+	            // 256-bit AES
+            runNewEncryptDecryptTestCase("AES/ECB/NoPadding", 256, "test1234test1234".getBytes("UTF-8"));
+                // 168-bit (aka, 3-key) Triple DES
+            runNewEncryptDecryptTestCase("DESede/CBC/PKCS5Padding", 168, "Groucho's secret word".getBytes("UTF-8"));
+		} catch (UnsupportedEncodingException e) {
+			fail("OK, who stole UTF-8 encoding from the Java rt.jar ???");
+		}
+    	
+    }
+    
+    /**
+     * Helper method to test new encryption / decryption.
+     * @param cipherXform	Cipher transformation
+     * @param keySize	Size of key, in bits.
+     * @param plaintextBytes Byte array of plaintext.
+     * @return The base64-encoded IV+ciphertext (or just ciphertext if no IV) or
+     *         null if {@code keysize} is greater than 128 bits and unlimited
+     *         strength crypto is not available for this Java VM.
+     */
+    private String runNewEncryptDecryptTestCase(String cipherXform, int keySize, byte[] plaintextBytes) {
+    	System.out.println("New encrypt / decrypt: " + cipherXform);
+    	
+    	if ( keySize > 128 && !CryptoPolicy.isUnlimitedStrengthCryptoAvailable() ) {
+    	    System.out.println("Skipping test for cipher transformation " +
+    	                       cipherXform + " with key size of " + keySize +
+    	                       " bits because this requires JCE Unlimited Strength" +
+    	                       " Jurisdiction Policy files to be installed and they" +
+    	                       " are not.");
+    	    return null;
+    	}
+
+    	try {
+    		// Generate an appropriate random secret key
+			SecretKey skey = CryptoHelper.generateSecretKey(cipherXform, keySize);	
+			assertTrue( skey.getAlgorithm().equals(cipherXform.split("/")[0]) );
+			String cipherAlg = cipherXform.split("/")[0];
+			
+			// Adjust key size for DES and DESede specific oddities.
+			// NOTE: Key size that encrypt() method is using is 192 bits!!!
+    		//        which is 3 times 64 bits, but DES key size is only 56 bits.
+    		// See 'IMPORTANT NOTE', in JavaEncryptor, near line 376. It's a "feature"!!!
+			if ( cipherAlg.equals( "DESede" ) ) {
+				keySize = 192;
+			} else if ( cipherAlg.equals( "DES" ) ) {
+				keySize = 64;
+			} // Else... use specified keySize.
+			assertTrue( (keySize / 8) == skey.getEncoded().length );
+//			System.out.println("testNewEncryptDecrypt(): Skey length (bits) = " + 8 * skey.getEncoded().length);
+
+			// Change to a possibly different cipher. This is kludgey at best. Am thinking about an
+			// alternate way to do this using a new 'CryptoControls' class. Maybe not until release 2.1.
+			// Change the cipher transform from whatever it currently is to the specified cipherXform.
+	    	@SuppressWarnings("deprecation")
+			String oldCipherXform = ESAPI.securityConfiguration().setCipherTransformation(cipherXform);
+	    	if ( ! cipherXform.equals(oldCipherXform) ) {
+	    		System.out.println("Cipher xform changed from \"" + oldCipherXform + "\" to \"" + cipherXform + "\"");
+	    	}
+	    	
+	    	// Get an Encryptor instance with the specified, possibly new, cipher transformation.
+	    	Encryptor instance = ESAPI.encryptor();
+	    	PlainText plaintext = new PlainText(plaintextBytes);
+	    	PlainText origPlainText = new PlainText( plaintext.toString() ); // Make _copy_ of original for comparison.
+	    	
+	    	// Do the encryption with the new encrypt() method and get back the CipherText.
+	    	CipherText ciphertext = instance.encrypt(skey, plaintext);	// The new encrypt() method.
+	    	System.out.println("DEBUG: Encrypt(): CipherText object is -- " + ciphertext);
+	    	assertTrue( ciphertext != null );
+//	    	System.out.println("DEBUG: After encryption: base64-encoded IV+ciphertext: " + ciphertext.getEncodedIVCipherText());
+//	    	System.out.println("\t\tOr... " + ESAPI.encoder().decodeFromBase64(ciphertext.getEncodedIVCipherText()) );
+//	    	System.out.println("DEBUG: After encryption: base64-encoded raw ciphertext: " + ciphertext.getBase64EncodedRawCipherText());
+//	    	System.out.println("\t\tOr... " + ESAPI.encoder().decodeFromBase64(ciphertext.getBase64EncodedRawCipherText()) );
+
+	    	// If we are supposed to have overwritten the plaintext, check this to see
+	    	// if origPlainText was indeed overwritten.
+			boolean overwritePlaintext = ESAPI.securityConfiguration().overwritePlainText();
+			if ( overwritePlaintext ) {
+				assertTrue( isPlaintextOverwritten(plaintext) );
+			}
+	    	
+	    	// Take the resulting ciphertext and decrypt w/ new decryption method.
+	    	PlainText decryptedPlaintext  = instance.decrypt(skey, ciphertext);		// The new decrypt() method.
+	    	
+	    	// Make sure we got back the same thing we started with.
+	    	System.out.println("\tOriginal plaintext: " + origPlainText);
+	    	System.out.println("\tResult after decryption: " + decryptedPlaintext);
+			assertTrue( "Failed to decrypt properly.", origPlainText.toString().equals( decryptedPlaintext.toString() ) );
+	    	
+	    	// Restore the previous cipher transformation. For now, this is only way to do this.
+	    	@SuppressWarnings("deprecation")
+			String previousCipherXform = ESAPI.securityConfiguration().setCipherTransformation(null);
+	    	assertTrue( previousCipherXform.equals( cipherXform ) );
+	    	String defaultCipherXform = ESAPI.securityConfiguration().getCipherTransformation();
+	    	assertTrue( defaultCipherXform.equals( oldCipherXform ) );
+	    	
+	    	return ciphertext.getEncodedIVCipherText();
+		} catch (Exception e) {
+			// OK if not counted toward code coverage.
+			System.out.println("testNewEncryptDecrypt(): Caught unexpected exception: " + e.getClass().getName());
+			e.printStackTrace(System.out);
+			fail("Caught unexpected exception; msg was: " + e);
+		}
+		return null;
+    }
+    
+    private static boolean isPlaintextOverwritten(PlainText plaintext) {
+    	// Note: An assumption here that the original plaintext did not consist
+    	// entirely of all '*' characters.
+    	byte[] ptBytes = plaintext.asBytes();
+    	
+    	for ( int i = 0; i < ptBytes.length; i++ ) {
+    		if ( ptBytes[i] != '*' ) {
+    			return false;
+    		}
+    	}
+    	return true;
+    }
+    
+    // TODO - Because none of the encryption / decryption tests persists
+    //		  encrypted data across runs, that means everything is run
+    //		  under same JVM at same time thus always with the same
+    //		  _native_ byte encoding.
+    //
+    //		  Need test(s) such that data is persisted across JVM runs
+    //		  so we can test a run on (say) a Windows Intel box can decrypt
+    //		  encrypted data produced by the reference Encryptor on
+    //		  (say) a Solaris SPARC box. I.e., test that the change to
+    //		  JavaEncryptor to use UTF-8 encoding throughout works as
+    //		  desired.
+    //
+    //		  Files saved across tests need to be added to SVN (under
+    //		  resources or where) and they should be named so we know
+    //		  where and how they were created. E.g., WinOS-AES-ECB.dat,
+    //		  Sparc-Solaris-AEC-CBC-PKCS5Padding.dat, etc., but they should be
+    //		  able to be decrypted from any platform. May wish to place that
+    //		  under a separate JUnit test.
+    //
+    // TODO - Need to test rainy day paths of new encrypt / decrypt so can
+    //		  verify that exception handling working OK, etc. Maybe also in
+    //		  a separate JUnit test, since everything here seems to be sunny
+    //		  day path. (Note: Some of this no in new test case,
+    //		  org.owasp.esapi.crypto.ESAPICryptoMACByPassTest.)
+    //
+    //				-kevin wall
+    
+
+    /**
+	 * Test of sign method, of class org.owasp.esapi.Encryptor.
+	 * 
+	 * @throws EncryptionException
+	 *             the encryption exception
+	 */
+    public void testSign() throws EncryptionException {
+        System.out.println("testSign()");        
+        Encryptor instance = ESAPI.encryptor();
+        String plaintext = ESAPI.randomizer().getRandomString( 32, EncoderConstants.CHAR_ALPHANUMERICS );
+        String signature = instance.sign(plaintext);
+        assertTrue( instance.verifySignature( signature, plaintext ) );
+        assertFalse( instance.verifySignature( signature, "ridiculous" ) );
+        assertFalse( instance.verifySignature( "ridiculous", plaintext ) );
+    }
+
+    /**
+	 * Test of verifySignature method, of class org.owasp.esapi.Encryptor.
+	 * 
+	 * @throws EncryptionException
+	 *             the encryption exception
+	 */
+    public void testVerifySignature() throws EncryptionException {
+        System.out.println("testVerifySignature()");
+        Encryptor instance = ESAPI.encryptor();
+        String plaintext = ESAPI.randomizer().getRandomString( 32, EncoderConstants.CHAR_ALPHANUMERICS );
+        String signature = instance.sign(plaintext);
+        assertTrue( instance.verifySignature( signature, plaintext ) );
+    }
+    
+ 
+    /**
+	 * Test of seal method, of class org.owasp.esapi.Encryptor.
+	 * 
+     * @throws IntegrityException
+	 */
+    public void testSeal() throws IntegrityException {
+        System.out.println("testSeal()");
+        Encryptor instance = ESAPI.encryptor(); 
+        String plaintext = ESAPI.randomizer().getRandomString( 32, EncoderConstants.CHAR_ALPHANUMERICS );
+        String seal = instance.seal( plaintext, instance.getTimeStamp() + 1000*60 );
+        instance.verifySeal( seal );
+        
+        int progressMark = 1;
+        boolean caughtExpectedEx = false;
+        try {
+            seal = instance.seal("", instance.getTimeStamp() + 1000*60);
+            progressMark++;
+            instance.verifySeal(seal);
+            progressMark++;
+        } catch(Exception e) {
+            fail("Failed empty string test: " + e + "; progress mark = " + progressMark);
+        }
+        try {
+            seal = instance.seal(null, instance.getTimeStamp() + 1000*60);
+            fail("Did not throw expected IllegalArgumentException");
+        } catch(IllegalArgumentException e) {
+            caughtExpectedEx = true;
+        } catch(Exception e) {
+            fail("Failed null string test; did not get expected IllegalArgumentException: " + e);
+        }
+        assertTrue(caughtExpectedEx);
+        
+        try {
+            seal = instance.seal("test", 0);
+            progressMark++;
+            // instance.verifySeal(seal);
+            progressMark++;
+        } catch(Exception e) {
+            fail("Fail test with 0 timestamp: " + e + "; progress mark = " + progressMark);
+        }
+        try {
+            seal = instance.seal("test", -1);
+            progressMark++;
+            // instance.verifySeal(seal);
+            progressMark++;
+        } catch(Exception e) {
+            fail("Fail test with -1 timestamp: " + e + "; progress mark = " + progressMark);
+        }
+    }
+
+    /**
+	 * Test of verifySeal method, of class org.owasp.esapi.Encryptor.
+	 * 
+     * @throws EnterpriseSecurityException
+	 */
+    public void testVerifySeal() throws EnterpriseSecurityException {
+        final int NSEC = 5;
+        System.out.println("testVerifySeal()");
+        Encryptor instance = ESAPI.encryptor(); 
+        String plaintext = "ridiculous:with:delimiters";    // Should now work w/ : (issue #28)
+        String seal = instance.seal( plaintext, instance.getRelativeTimeStamp( 1000 * NSEC ) );
+        try {
+        	assertNotNull("Encryptor.seal() returned null", seal );
+        	assertTrue("Failed to verify seal", instance.verifySeal( seal ) );
+        } catch ( Exception e ) {
+        	fail();
+        }
+        int progressMark = 1;
+        try {
+            // NOTE: I regrouped these all into a single try / catch since they
+            //       all test the same thing. Hence if one fails, they all should.
+            //       Also changed these tests so they no longer depend on the
+            //       deprecated encrypt() methods. IMO, *all these multiple
+            //       similar tests are not really required*, as they all are more
+            //       or less testing the same thing.
+            //                                              -kevin wall
+            // ================================================================
+            // Try to validate some invalid seals.
+            //
+            // All these should return false and log a warning with an Exception stack
+            // trace caused by an EncryptionException indicating "Invalid seal".
+        	assertFalse( instance.verifySeal( plaintext ) );
+        	progressMark++;      	
+            assertFalse( instance.verifySeal( instance.encrypt( new PlainText(plaintext) ).getBase64EncodedRawCipherText() ) );
+            progressMark++;            
+            assertFalse( instance.verifySeal( instance.encrypt( new PlainText(100 + ":" + plaintext) ).getBase64EncodedRawCipherText() ) );
+            progressMark++;
+            assertFalse( instance.verifySeal( instance.encrypt( new PlainText(Long.MAX_VALUE + ":" + plaintext) ).getBase64EncodedRawCipherText() ) );
+            progressMark++;
+            assertFalse( instance.verifySeal( instance.encrypt( new PlainText(Long.MAX_VALUE + ":random:" + plaintext) ).getBase64EncodedRawCipherText() ) );
+            progressMark++;
+            assertFalse( instance.verifySeal( instance.encrypt( new PlainText(Long.MAX_VALUE + ":random:" + plaintext+ ":badsig")  ).getBase64EncodedRawCipherText() ) );
+            progressMark++;
+            assertFalse( instance.verifySeal( instance.encrypt( new PlainText(Long.MAX_VALUE + ":random:" + plaintext + ":"+ instance.sign( Long.MAX_VALUE + ":random:" + plaintext) ) ).getBase64EncodedRawCipherText() ) );
+            progressMark++;
+        } catch ( Exception e ) {
+        	// fail("Failed invalid seal test # " + progressMark + " to verify seal.");
+            System.err.println("Failed seal verification at step # " + progressMark);
+            System.err.println("Exception was: " + e);
+            e.printStackTrace(System.err);
+        }
+        
+        try {
+            Thread.sleep(1000 * (NSEC + 1) );
+                // Seal now past expiration date.
+            assertFalse( instance.verifySeal( seal ) );
+        } catch ( Exception e ) {
+            fail("Failed expired seal test. Seal should be expired.");
+        }
+    }
+        
+
+    @SuppressWarnings("deprecation")
+    public void testEncryptionSerialization() throws EncryptionException {
+        String secretMsg = "Secret Message";
+        ESAPI.securityConfiguration().setCipherTransformation("AES/CBC/PKCS5Padding");
+        CipherText ct = ESAPI.encryptor().encrypt(new PlainText(secretMsg));
+        
+        byte[] serializedCipherText = ct.asPortableSerializedByteArray();
+        
+        PlainText plainText = ESAPI.encryptor().decrypt(
+                                CipherText.fromPortableSerializedBytes(serializedCipherText) );
+        
+        assertTrue( secretMsg.equals( plainText.toString() ) );
+    }
+    
+    /**
+     * Test of main method, of class org.owasp.esapi.Encryptor. Must be done by
+     * visual inspection for now. (Needs improvement.)
+     * @throws Exception
+     */
+    public void testMain() throws Exception {
+        System.out.println("testMain(): Encryptor Main with '-print' argument.");
+        String[] args = {};
+        JavaEncryptor.main( args );        
+        String[] args1 = {"-print"};
+        // TODO:
+        // It probably would be a better if System.out were changed to be
+        // a file or a byte stream so that the output could be slurped up
+        // and checked against (at least some of) the expected output.
+        // Left as an exercise to some future, ambitious ESAPI developer. ;-)
+        JavaEncryptor.main( args1 );        
+    }    
+}

From 81bb080c4096d52be78dccacfa85c24f189f5fc5 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:51 -0500
Subject: [PATCH 237/812] Change CRLF to LF for issue 356.

---
 .../DefaultSecurityConfigurationTest.java     | 836 +++++++++---------
 1 file changed, 418 insertions(+), 418 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/reference/DefaultSecurityConfigurationTest.java b/src/test/java/org/owasp/esapi/reference/DefaultSecurityConfigurationTest.java
index b25d8e4dd..0a7654871 100644
--- a/src/test/java/org/owasp/esapi/reference/DefaultSecurityConfigurationTest.java
+++ b/src/test/java/org/owasp/esapi/reference/DefaultSecurityConfigurationTest.java
@@ -1,418 +1,418 @@
-package org.owasp.esapi.reference;
-
-import java.util.regex.Pattern;
-
-import junit.framework.Assert;
-
-import org.junit.Test;
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.Logger;
-import org.owasp.esapi.errors.ConfigurationException;
-
-public class DefaultSecurityConfigurationTest {
-
-	private DefaultSecurityConfiguration createWithProperty(String key, String val) {
-		java.util.Properties properties = new java.util.Properties();
-		properties.setProperty(key, val);
-		return new DefaultSecurityConfiguration(properties);
-	}
-	
-	@Test
-	public void testGetApplicationName() {
-		final String expected = "ESAPI_UnitTests";
-		DefaultSecurityConfiguration secConf = this.createWithProperty(DefaultSecurityConfiguration.APPLICATION_NAME, expected);
-		Assert.assertEquals(expected, secConf.getApplicationName());
-	}
-	
-	@Test
-	public void testGetLogImplementation() {
-		//test the default
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertEquals(DefaultSecurityConfiguration.DEFAULT_LOG_IMPLEMENTATION, secConf.getLogImplementation());
-		
-		final String expected = "TestLogger";
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.LOG_IMPLEMENTATION, expected);
-		Assert.assertEquals(expected, secConf.getLogImplementation());
-	}
-	
-	@Test
-	public void testAuthenticationImplementation() {
-		//test the default
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertEquals(DefaultSecurityConfiguration.DEFAULT_AUTHENTICATION_IMPLEMENTATION, secConf.getAuthenticationImplementation());
-		
-		final String expected = "TestAuthentication";
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.AUTHENTICATION_IMPLEMENTATION, expected);
-		Assert.assertEquals(expected, secConf.getAuthenticationImplementation());
-	}
-	
-	@Test
-	public void testEncoderImplementation() {
-		//test the default
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertEquals(DefaultSecurityConfiguration.DEFAULT_ENCODER_IMPLEMENTATION, secConf.getEncoderImplementation());
-		
-		final String expected = "TestEncoder";
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.ENCODER_IMPLEMENTATION, expected);
-		Assert.assertEquals(expected, secConf.getEncoderImplementation());
-	}
-	
-	@Test
-	public void testAccessControlImplementation() {
-		//test the default
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertEquals(DefaultSecurityConfiguration.DEFAULT_ACCESS_CONTROL_IMPLEMENTATION, secConf.getAccessControlImplementation());
-		
-		final String expected = "TestAccessControl";
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.ACCESS_CONTROL_IMPLEMENTATION, expected);
-		Assert.assertEquals(expected, secConf.getAccessControlImplementation());
-	}
-	
-	@Test
-	public void testEncryptionImplementation() {
-		//test the default
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertEquals(DefaultSecurityConfiguration.DEFAULT_ENCRYPTION_IMPLEMENTATION, secConf.getEncryptionImplementation());
-		
-		final String expected = "TestEncryption";
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.ENCRYPTION_IMPLEMENTATION, expected);
-		Assert.assertEquals(expected, secConf.getEncryptionImplementation());
-	}
-	
-	@Test
-	public void testIntrusionDetectionImplementation() {
-		//test the default
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertEquals(DefaultSecurityConfiguration.DEFAULT_INTRUSION_DETECTION_IMPLEMENTATION, secConf.getIntrusionDetectionImplementation());
-		
-		final String expected = "TestIntrusionDetection";
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.INTRUSION_DETECTION_IMPLEMENTATION, expected);
-		Assert.assertEquals(expected, secConf.getIntrusionDetectionImplementation());
-	}
-	
-	@Test
-	public void testRandomizerImplementation() {
-		//test the default
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertEquals(DefaultSecurityConfiguration.DEFAULT_RANDOMIZER_IMPLEMENTATION, secConf.getRandomizerImplementation());
-		
-		final String expected = "TestRandomizer";
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.RANDOMIZER_IMPLEMENTATION, expected);
-		Assert.assertEquals(expected, secConf.getRandomizerImplementation());
-	}
-	
-	@Test
-	public void testExecutorImplementation() {
-		//test the default
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertEquals(DefaultSecurityConfiguration.DEFAULT_EXECUTOR_IMPLEMENTATION, secConf.getExecutorImplementation());
-		
-		final String expected = "TestExecutor";
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.EXECUTOR_IMPLEMENTATION, expected);
-		Assert.assertEquals(expected, secConf.getExecutorImplementation());
-	}
-	
-	@Test
-	public void testHTTPUtilitiesImplementation() {
-		//test the default
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertEquals(DefaultSecurityConfiguration.DEFAULT_HTTP_UTILITIES_IMPLEMENTATION, secConf.getHTTPUtilitiesImplementation());
-		
-		final String expected = "TestHTTPUtilities";
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.HTTP_UTILITIES_IMPLEMENTATION, expected);
-		Assert.assertEquals(expected, secConf.getHTTPUtilitiesImplementation());
-	}
-	
-	@Test
-	public void testValidationImplementation() {
-		//test the default
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertEquals(DefaultSecurityConfiguration.DEFAULT_VALIDATOR_IMPLEMENTATION, secConf.getValidationImplementation());
-		
-		final String expected = "TestValidation";
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.VALIDATOR_IMPLEMENTATION, expected);
-		Assert.assertEquals(expected, secConf.getValidationImplementation());
-	}
-	
-	@Test
-	public void testGetEncryptionKeyLength() {
-		// test the default
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertEquals(128, secConf.getEncryptionKeyLength());
-		
-		final int expected = 256;
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.KEY_LENGTH, String.valueOf(expected));
-		Assert.assertEquals(expected, secConf.getEncryptionKeyLength());
-	}
-	
-	@Test
-	public void testGetKDFPseudoRandomFunction() {
-		// test the default
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertEquals("HmacSHA256", secConf.getKDFPseudoRandomFunction());
-		
-		final String expected = "HmacSHA1";
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.KDF_PRF_ALG, expected);
-		Assert.assertEquals(expected, secConf.getKDFPseudoRandomFunction());
-	}
-	
-	@Test
-	public void testGetMasterSalt() {
-		try {
-			DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-			secConf.getMasterSalt();
-			Assert.fail("Expected Exception not thrown");
-		}
-		catch (ConfigurationException ce) {
-			Assert.assertNotNull(ce.getMessage());
-		}
-		
-		final String salt = "53081";
-		final String property = ESAPI.encoder().encodeForBase64(salt.getBytes(), false);
-		java.util.Properties properties = new java.util.Properties();
-		properties.setProperty(DefaultSecurityConfiguration.MASTER_SALT, property);
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(properties);
-		Assert.assertEquals(salt, new String(secConf.getMasterSalt()));
-	}
-	
-	@Test
-	public void testGetAllowedExecutables() {
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		java.util.List<String> allowedExecutables = secConf.getAllowedExecutables();
-		
-		//is this really what should be returned? what about an empty list?
-		Assert.assertEquals(1, allowedExecutables.size());
-		Assert.assertEquals("", allowedExecutables.get(0));
-		
-		
-		java.util.Properties properties = new java.util.Properties();
-		properties.setProperty(DefaultSecurityConfiguration.APPROVED_EXECUTABLES, String.valueOf("/bin/bzip2,/bin/diff, /bin/cvs"));
-		secConf = new DefaultSecurityConfiguration(properties);
-		allowedExecutables = secConf.getAllowedExecutables();
-		Assert.assertEquals(3, allowedExecutables.size());
-		Assert.assertEquals("/bin/bzip2", allowedExecutables.get(0));
-		Assert.assertEquals("/bin/diff", allowedExecutables.get(1));
-		
-		//this seems less than optimal, maybe each value should have a trim() done to it
-		//at least we know that this behavior exists, the property should'nt have spaces between values
-		Assert.assertEquals(" /bin/cvs", allowedExecutables.get(2));
-	}
-	
-	@Test
-	public void testGetAllowedFileExtensions() {
-		
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		java.util.List<String> allowedFileExtensions = secConf.getAllowedFileExtensions();
-		Assert.assertFalse(allowedFileExtensions.isEmpty());
-		
-		
-		java.util.Properties properties = new java.util.Properties();
-		properties.setProperty(DefaultSecurityConfiguration.APPROVED_UPLOAD_EXTENSIONS, String.valueOf(".txt,.xml,.html,.png"));
-		secConf = new DefaultSecurityConfiguration(properties);
-		allowedFileExtensions = secConf.getAllowedFileExtensions();
-		Assert.assertEquals(4, allowedFileExtensions.size());
-		Assert.assertEquals(".html", allowedFileExtensions.get(2));
-	}
-	
-	@Test
-	public void testGetAllowedFileUploadSize() {
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		//assert that the default is of some reasonable size
-		Assert.assertTrue(secConf.getAllowedFileUploadSize() > (1024 * 100));
-		
-		final int expected = (1024 * 1000);
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.MAX_UPLOAD_FILE_BYTES, String.valueOf(expected));
-		Assert.assertEquals(expected, secConf.getAllowedFileUploadSize());
-	}
-	
-	@Test
-	public void testGetParameterNames() {
-		//test the default
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertEquals("password", secConf.getPasswordParameterName());
-		Assert.assertEquals("username", secConf.getUsernameParameterName());
-		
-		java.util.Properties properties = new java.util.Properties();
-		properties.setProperty(DefaultSecurityConfiguration.PASSWORD_PARAMETER_NAME, "j_password");
-		properties.setProperty(DefaultSecurityConfiguration.USERNAME_PARAMETER_NAME, "j_username");
-		secConf = new DefaultSecurityConfiguration(properties);
-		Assert.assertEquals("j_password", secConf.getPasswordParameterName());
-		Assert.assertEquals("j_username", secConf.getUsernameParameterName());
-	}
-	
-	@Test
-	public void testGetEncryptionAlgorithm() {
-		//test the default
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertEquals("AES", secConf.getEncryptionAlgorithm());
-		
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.ENCRYPTION_ALGORITHM, "3DES");
-		Assert.assertEquals("3DES", secConf.getEncryptionAlgorithm());
-	}
-	
-	@Test
-	public void testGetCipherXProperties() {
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertEquals("AES/CBC/PKCS5Padding", secConf.getCipherTransformation());
-		//Assert.assertEquals("AES/CBC/PKCS5Padding", secConf.getC);
-		
-		java.util.Properties properties = new java.util.Properties();
-		properties.setProperty(DefaultSecurityConfiguration.CIPHER_TRANSFORMATION_IMPLEMENTATION, "Blowfish/CFB/ISO10126Padding");
-		secConf = new DefaultSecurityConfiguration(properties);
-		Assert.assertEquals("Blowfish/CFB/ISO10126Padding", secConf.getCipherTransformation());
-		
-		secConf.setCipherTransformation("DESede/PCBC/PKCS5Padding");
-		Assert.assertEquals("DESede/PCBC/PKCS5Padding", secConf.getCipherTransformation());
-		
-		secConf.setCipherTransformation(null);//sets it back to default
-		Assert.assertEquals("Blowfish/CFB/ISO10126Padding", secConf.getCipherTransformation());
-	}
-	
-	@Test
-	public void testIV() {
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertEquals("random", secConf.getIVType());
-		try {
-			secConf.getFixedIV();
-			Assert.fail();
-		}
-		catch (ConfigurationException ce) {
-			Assert.assertNotNull(ce.getMessage());
-		}
-		
-		java.util.Properties properties = new java.util.Properties();
-		properties.setProperty(DefaultSecurityConfiguration.IV_TYPE, "fixed");
-		properties.setProperty(DefaultSecurityConfiguration.FIXED_IV, "ivValue");
-		secConf = new DefaultSecurityConfiguration(properties);
-		Assert.assertEquals("fixed", secConf.getIVType());
-		Assert.assertEquals("ivValue", secConf.getFixedIV());
-		
-		properties.setProperty(DefaultSecurityConfiguration.IV_TYPE, "illegal");
-		secConf = new DefaultSecurityConfiguration(properties);
-		try {
-			secConf.getIVType();
-			Assert.fail();
-		}
-		catch (ConfigurationException ce) {
-			Assert.assertNotNull(ce.getMessage());
-		}
-		try {
-			secConf.getFixedIV();
-			Assert.fail();
-		}
-		catch (ConfigurationException ce) {
-			Assert.assertNotNull(ce.getMessage());
-		}
-	}
-	
-	@Test
-	public void testGetAllowMultipleEncoding() {
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertFalse(secConf.getAllowMultipleEncoding());
-		
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.ALLOW_MULTIPLE_ENCODING, "yes");
-		Assert.assertTrue(secConf.getAllowMultipleEncoding());
-		
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.ALLOW_MULTIPLE_ENCODING, "true");
-		Assert.assertTrue(secConf.getAllowMultipleEncoding());
-		
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.ALLOW_MULTIPLE_ENCODING, "no");
-		Assert.assertFalse(secConf.getAllowMultipleEncoding());
-	}
-	
-	@Test
-	public void testGetDefaultCanonicalizationCodecs() {
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertFalse(secConf.getDefaultCanonicalizationCodecs().isEmpty());
-		
-		String property = "org.owasp.esapi.codecs.TestCodec1,org.owasp.esapi.codecs.TestCodec2";
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.CANONICALIZATION_CODECS, property);
-		Assert.assertTrue(secConf.getDefaultCanonicalizationCodecs().contains("org.owasp.esapi.codecs.TestCodec1"));
-	}
-	
-	@Test
-	public void testGetDisableIntrusionDetection() {
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertFalse(secConf.getDisableIntrusionDetection());
-		
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.DISABLE_INTRUSION_DETECTION, "TRUE");
-		Assert.assertTrue(secConf.getDisableIntrusionDetection());
-		
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.DISABLE_INTRUSION_DETECTION, "true");
-		Assert.assertTrue(secConf.getDisableIntrusionDetection());
-		
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.DISABLE_INTRUSION_DETECTION, "false");
-		Assert.assertFalse(secConf.getDisableIntrusionDetection());
-	}
-	
-	@Test
-	public void testGetLogLevel() {
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertEquals(Logger.WARNING, secConf.getLogLevel());
-		
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.LOG_LEVEL, "trace");
-		Assert.assertEquals(Logger.TRACE, secConf.getLogLevel());
-		
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.LOG_LEVEL, "Off");
-		Assert.assertEquals(Logger.OFF, secConf.getLogLevel());
-		
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.LOG_LEVEL, "all");
-		Assert.assertEquals(Logger.ALL, secConf.getLogLevel());
-		
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.LOG_LEVEL, "DEBUG");
-		Assert.assertEquals(Logger.DEBUG, secConf.getLogLevel());
-		
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.LOG_LEVEL, "info");
-		Assert.assertEquals(Logger.INFO, secConf.getLogLevel());
-		
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.LOG_LEVEL, "ERROR");
-		Assert.assertEquals(Logger.ERROR, secConf.getLogLevel());
-	}
-	
-	@Test
-	public void testGetLogFileName() {
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertEquals("ESAPI_logging_file", secConf.getLogFileName());
-		
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.LOG_FILE_NAME, "log.txt");
-		Assert.assertEquals("log.txt", secConf.getLogFileName());
-	}
-	
-	@Test
-	public void testGetMaxLogFileSize() {
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertEquals(DefaultSecurityConfiguration.DEFAULT_MAX_LOG_FILE_SIZE, secConf.getMaxLogFileSize());
-		
-		int maxLogSize = (1024 * 1000);
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.MAX_LOG_FILE_SIZE, String.valueOf(maxLogSize));
-		Assert.assertEquals(maxLogSize, secConf.getMaxLogFileSize());
-	}
-	
-	private String patternOrNull(Pattern p){
-		return null==p?null:p.pattern();
-	}
-
-	@Test
-	public void testValidationsPropertiesFileOptions(){
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration("ESAPI-SingleValidatorFileChecker.properties");
-		Assert.assertEquals(patternOrNull(secConf.getValidationPattern("Test1")), "ValueFromFile1");
-		Assert.assertNull(secConf.getValidationPattern("Test2"));
-		Assert.assertNull(secConf.getValidationPattern("TestC"));
-		
-		secConf = new DefaultSecurityConfiguration("ESAPI-DualValidatorFileChecker.properties");
-		Assert.assertEquals(patternOrNull(secConf.getValidationPattern("Test1")), "ValueFromFile1");
-		Assert.assertEquals(patternOrNull(secConf.getValidationPattern("Test2")), "ValueFromFile2");
-		Assert.assertNull(secConf.getValidationPattern("TestC"));
-
-		secConf = new DefaultSecurityConfiguration("ESAPI-CommaValidatorFileChecker.properties");
-		Assert.assertEquals(patternOrNull(secConf.getValidationPattern("TestC")), "ValueFromCommaFile");
-		Assert.assertNull(secConf.getValidationPattern("Test1"));
-		Assert.assertNull(secConf.getValidationPattern("Test2"));
-
-		secConf = new DefaultSecurityConfiguration("ESAPI-QuotedValidatorFileChecker.properties");
-		Assert.assertEquals(patternOrNull(secConf.getValidationPattern("Test1")), "ValueFromFile1");
-		Assert.assertEquals(patternOrNull(secConf.getValidationPattern("Test2")), "ValueFromFile2");
-		Assert.assertEquals(patternOrNull(secConf.getValidationPattern("TestC")), "ValueFromCommaFile");
-	}
-	
-}
+package org.owasp.esapi.reference;
+
+import java.util.regex.Pattern;
+
+import junit.framework.Assert;
+
+import org.junit.Test;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.errors.ConfigurationException;
+
+public class DefaultSecurityConfigurationTest {
+
+	private DefaultSecurityConfiguration createWithProperty(String key, String val) {
+		java.util.Properties properties = new java.util.Properties();
+		properties.setProperty(key, val);
+		return new DefaultSecurityConfiguration(properties);
+	}
+	
+	@Test
+	public void testGetApplicationName() {
+		final String expected = "ESAPI_UnitTests";
+		DefaultSecurityConfiguration secConf = this.createWithProperty(DefaultSecurityConfiguration.APPLICATION_NAME, expected);
+		Assert.assertEquals(expected, secConf.getApplicationName());
+	}
+	
+	@Test
+	public void testGetLogImplementation() {
+		//test the default
+		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
+		Assert.assertEquals(DefaultSecurityConfiguration.DEFAULT_LOG_IMPLEMENTATION, secConf.getLogImplementation());
+		
+		final String expected = "TestLogger";
+		secConf = this.createWithProperty(DefaultSecurityConfiguration.LOG_IMPLEMENTATION, expected);
+		Assert.assertEquals(expected, secConf.getLogImplementation());
+	}
+	
+	@Test
+	public void testAuthenticationImplementation() {
+		//test the default
+		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
+		Assert.assertEquals(DefaultSecurityConfiguration.DEFAULT_AUTHENTICATION_IMPLEMENTATION, secConf.getAuthenticationImplementation());
+		
+		final String expected = "TestAuthentication";
+		secConf = this.createWithProperty(DefaultSecurityConfiguration.AUTHENTICATION_IMPLEMENTATION, expected);
+		Assert.assertEquals(expected, secConf.getAuthenticationImplementation());
+	}
+	
+	@Test
+	public void testEncoderImplementation() {
+		//test the default
+		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
+		Assert.assertEquals(DefaultSecurityConfiguration.DEFAULT_ENCODER_IMPLEMENTATION, secConf.getEncoderImplementation());
+		
+		final String expected = "TestEncoder";
+		secConf = this.createWithProperty(DefaultSecurityConfiguration.ENCODER_IMPLEMENTATION, expected);
+		Assert.assertEquals(expected, secConf.getEncoderImplementation());
+	}
+	
+	@Test
+	public void testAccessControlImplementation() {
+		//test the default
+		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
+		Assert.assertEquals(DefaultSecurityConfiguration.DEFAULT_ACCESS_CONTROL_IMPLEMENTATION, secConf.getAccessControlImplementation());
+		
+		final String expected = "TestAccessControl";
+		secConf = this.createWithProperty(DefaultSecurityConfiguration.ACCESS_CONTROL_IMPLEMENTATION, expected);
+		Assert.assertEquals(expected, secConf.getAccessControlImplementation());
+	}
+	
+	@Test
+	public void testEncryptionImplementation() {
+		//test the default
+		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
+		Assert.assertEquals(DefaultSecurityConfiguration.DEFAULT_ENCRYPTION_IMPLEMENTATION, secConf.getEncryptionImplementation());
+		
+		final String expected = "TestEncryption";
+		secConf = this.createWithProperty(DefaultSecurityConfiguration.ENCRYPTION_IMPLEMENTATION, expected);
+		Assert.assertEquals(expected, secConf.getEncryptionImplementation());
+	}
+	
+	@Test
+	public void testIntrusionDetectionImplementation() {
+		//test the default
+		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
+		Assert.assertEquals(DefaultSecurityConfiguration.DEFAULT_INTRUSION_DETECTION_IMPLEMENTATION, secConf.getIntrusionDetectionImplementation());
+		
+		final String expected = "TestIntrusionDetection";
+		secConf = this.createWithProperty(DefaultSecurityConfiguration.INTRUSION_DETECTION_IMPLEMENTATION, expected);
+		Assert.assertEquals(expected, secConf.getIntrusionDetectionImplementation());
+	}
+	
+	@Test
+	public void testRandomizerImplementation() {
+		//test the default
+		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
+		Assert.assertEquals(DefaultSecurityConfiguration.DEFAULT_RANDOMIZER_IMPLEMENTATION, secConf.getRandomizerImplementation());
+		
+		final String expected = "TestRandomizer";
+		secConf = this.createWithProperty(DefaultSecurityConfiguration.RANDOMIZER_IMPLEMENTATION, expected);
+		Assert.assertEquals(expected, secConf.getRandomizerImplementation());
+	}
+	
+	@Test
+	public void testExecutorImplementation() {
+		//test the default
+		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
+		Assert.assertEquals(DefaultSecurityConfiguration.DEFAULT_EXECUTOR_IMPLEMENTATION, secConf.getExecutorImplementation());
+		
+		final String expected = "TestExecutor";
+		secConf = this.createWithProperty(DefaultSecurityConfiguration.EXECUTOR_IMPLEMENTATION, expected);
+		Assert.assertEquals(expected, secConf.getExecutorImplementation());
+	}
+	
+	@Test
+	public void testHTTPUtilitiesImplementation() {
+		//test the default
+		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
+		Assert.assertEquals(DefaultSecurityConfiguration.DEFAULT_HTTP_UTILITIES_IMPLEMENTATION, secConf.getHTTPUtilitiesImplementation());
+		
+		final String expected = "TestHTTPUtilities";
+		secConf = this.createWithProperty(DefaultSecurityConfiguration.HTTP_UTILITIES_IMPLEMENTATION, expected);
+		Assert.assertEquals(expected, secConf.getHTTPUtilitiesImplementation());
+	}
+	
+	@Test
+	public void testValidationImplementation() {
+		//test the default
+		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
+		Assert.assertEquals(DefaultSecurityConfiguration.DEFAULT_VALIDATOR_IMPLEMENTATION, secConf.getValidationImplementation());
+		
+		final String expected = "TestValidation";
+		secConf = this.createWithProperty(DefaultSecurityConfiguration.VALIDATOR_IMPLEMENTATION, expected);
+		Assert.assertEquals(expected, secConf.getValidationImplementation());
+	}
+	
+	@Test
+	public void testGetEncryptionKeyLength() {
+		// test the default
+		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
+		Assert.assertEquals(128, secConf.getEncryptionKeyLength());
+		
+		final int expected = 256;
+		secConf = this.createWithProperty(DefaultSecurityConfiguration.KEY_LENGTH, String.valueOf(expected));
+		Assert.assertEquals(expected, secConf.getEncryptionKeyLength());
+	}
+	
+	@Test
+	public void testGetKDFPseudoRandomFunction() {
+		// test the default
+		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
+		Assert.assertEquals("HmacSHA256", secConf.getKDFPseudoRandomFunction());
+		
+		final String expected = "HmacSHA1";
+		secConf = this.createWithProperty(DefaultSecurityConfiguration.KDF_PRF_ALG, expected);
+		Assert.assertEquals(expected, secConf.getKDFPseudoRandomFunction());
+	}
+	
+	@Test
+	public void testGetMasterSalt() {
+		try {
+			DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
+			secConf.getMasterSalt();
+			Assert.fail("Expected Exception not thrown");
+		}
+		catch (ConfigurationException ce) {
+			Assert.assertNotNull(ce.getMessage());
+		}
+		
+		final String salt = "53081";
+		final String property = ESAPI.encoder().encodeForBase64(salt.getBytes(), false);
+		java.util.Properties properties = new java.util.Properties();
+		properties.setProperty(DefaultSecurityConfiguration.MASTER_SALT, property);
+		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(properties);
+		Assert.assertEquals(salt, new String(secConf.getMasterSalt()));
+	}
+	
+	@Test
+	public void testGetAllowedExecutables() {
+		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
+		java.util.List<String> allowedExecutables = secConf.getAllowedExecutables();
+		
+		//is this really what should be returned? what about an empty list?
+		Assert.assertEquals(1, allowedExecutables.size());
+		Assert.assertEquals("", allowedExecutables.get(0));
+		
+		
+		java.util.Properties properties = new java.util.Properties();
+		properties.setProperty(DefaultSecurityConfiguration.APPROVED_EXECUTABLES, String.valueOf("/bin/bzip2,/bin/diff, /bin/cvs"));
+		secConf = new DefaultSecurityConfiguration(properties);
+		allowedExecutables = secConf.getAllowedExecutables();
+		Assert.assertEquals(3, allowedExecutables.size());
+		Assert.assertEquals("/bin/bzip2", allowedExecutables.get(0));
+		Assert.assertEquals("/bin/diff", allowedExecutables.get(1));
+		
+		//this seems less than optimal, maybe each value should have a trim() done to it
+		//at least we know that this behavior exists, the property should'nt have spaces between values
+		Assert.assertEquals(" /bin/cvs", allowedExecutables.get(2));
+	}
+	
+	@Test
+	public void testGetAllowedFileExtensions() {
+		
+		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
+		java.util.List<String> allowedFileExtensions = secConf.getAllowedFileExtensions();
+		Assert.assertFalse(allowedFileExtensions.isEmpty());
+		
+		
+		java.util.Properties properties = new java.util.Properties();
+		properties.setProperty(DefaultSecurityConfiguration.APPROVED_UPLOAD_EXTENSIONS, String.valueOf(".txt,.xml,.html,.png"));
+		secConf = new DefaultSecurityConfiguration(properties);
+		allowedFileExtensions = secConf.getAllowedFileExtensions();
+		Assert.assertEquals(4, allowedFileExtensions.size());
+		Assert.assertEquals(".html", allowedFileExtensions.get(2));
+	}
+	
+	@Test
+	public void testGetAllowedFileUploadSize() {
+		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
+		//assert that the default is of some reasonable size
+		Assert.assertTrue(secConf.getAllowedFileUploadSize() > (1024 * 100));
+		
+		final int expected = (1024 * 1000);
+		secConf = this.createWithProperty(DefaultSecurityConfiguration.MAX_UPLOAD_FILE_BYTES, String.valueOf(expected));
+		Assert.assertEquals(expected, secConf.getAllowedFileUploadSize());
+	}
+	
+	@Test
+	public void testGetParameterNames() {
+		//test the default
+		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
+		Assert.assertEquals("password", secConf.getPasswordParameterName());
+		Assert.assertEquals("username", secConf.getUsernameParameterName());
+		
+		java.util.Properties properties = new java.util.Properties();
+		properties.setProperty(DefaultSecurityConfiguration.PASSWORD_PARAMETER_NAME, "j_password");
+		properties.setProperty(DefaultSecurityConfiguration.USERNAME_PARAMETER_NAME, "j_username");
+		secConf = new DefaultSecurityConfiguration(properties);
+		Assert.assertEquals("j_password", secConf.getPasswordParameterName());
+		Assert.assertEquals("j_username", secConf.getUsernameParameterName());
+	}
+	
+	@Test
+	public void testGetEncryptionAlgorithm() {
+		//test the default
+		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
+		Assert.assertEquals("AES", secConf.getEncryptionAlgorithm());
+		
+		secConf = this.createWithProperty(DefaultSecurityConfiguration.ENCRYPTION_ALGORITHM, "3DES");
+		Assert.assertEquals("3DES", secConf.getEncryptionAlgorithm());
+	}
+	
+	@Test
+	public void testGetCipherXProperties() {
+		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
+		Assert.assertEquals("AES/CBC/PKCS5Padding", secConf.getCipherTransformation());
+		//Assert.assertEquals("AES/CBC/PKCS5Padding", secConf.getC);
+		
+		java.util.Properties properties = new java.util.Properties();
+		properties.setProperty(DefaultSecurityConfiguration.CIPHER_TRANSFORMATION_IMPLEMENTATION, "Blowfish/CFB/ISO10126Padding");
+		secConf = new DefaultSecurityConfiguration(properties);
+		Assert.assertEquals("Blowfish/CFB/ISO10126Padding", secConf.getCipherTransformation());
+		
+		secConf.setCipherTransformation("DESede/PCBC/PKCS5Padding");
+		Assert.assertEquals("DESede/PCBC/PKCS5Padding", secConf.getCipherTransformation());
+		
+		secConf.setCipherTransformation(null);//sets it back to default
+		Assert.assertEquals("Blowfish/CFB/ISO10126Padding", secConf.getCipherTransformation());
+	}
+	
+	@Test
+	public void testIV() {
+		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
+		Assert.assertEquals("random", secConf.getIVType());
+		try {
+			secConf.getFixedIV();
+			Assert.fail();
+		}
+		catch (ConfigurationException ce) {
+			Assert.assertNotNull(ce.getMessage());
+		}
+		
+		java.util.Properties properties = new java.util.Properties();
+		properties.setProperty(DefaultSecurityConfiguration.IV_TYPE, "fixed");
+		properties.setProperty(DefaultSecurityConfiguration.FIXED_IV, "ivValue");
+		secConf = new DefaultSecurityConfiguration(properties);
+		Assert.assertEquals("fixed", secConf.getIVType());
+		Assert.assertEquals("ivValue", secConf.getFixedIV());
+		
+		properties.setProperty(DefaultSecurityConfiguration.IV_TYPE, "illegal");
+		secConf = new DefaultSecurityConfiguration(properties);
+		try {
+			secConf.getIVType();
+			Assert.fail();
+		}
+		catch (ConfigurationException ce) {
+			Assert.assertNotNull(ce.getMessage());
+		}
+		try {
+			secConf.getFixedIV();
+			Assert.fail();
+		}
+		catch (ConfigurationException ce) {
+			Assert.assertNotNull(ce.getMessage());
+		}
+	}
+	
+	@Test
+	public void testGetAllowMultipleEncoding() {
+		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
+		Assert.assertFalse(secConf.getAllowMultipleEncoding());
+		
+		secConf = this.createWithProperty(DefaultSecurityConfiguration.ALLOW_MULTIPLE_ENCODING, "yes");
+		Assert.assertTrue(secConf.getAllowMultipleEncoding());
+		
+		secConf = this.createWithProperty(DefaultSecurityConfiguration.ALLOW_MULTIPLE_ENCODING, "true");
+		Assert.assertTrue(secConf.getAllowMultipleEncoding());
+		
+		secConf = this.createWithProperty(DefaultSecurityConfiguration.ALLOW_MULTIPLE_ENCODING, "no");
+		Assert.assertFalse(secConf.getAllowMultipleEncoding());
+	}
+	
+	@Test
+	public void testGetDefaultCanonicalizationCodecs() {
+		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
+		Assert.assertFalse(secConf.getDefaultCanonicalizationCodecs().isEmpty());
+		
+		String property = "org.owasp.esapi.codecs.TestCodec1,org.owasp.esapi.codecs.TestCodec2";
+		secConf = this.createWithProperty(DefaultSecurityConfiguration.CANONICALIZATION_CODECS, property);
+		Assert.assertTrue(secConf.getDefaultCanonicalizationCodecs().contains("org.owasp.esapi.codecs.TestCodec1"));
+	}
+	
+	@Test
+	public void testGetDisableIntrusionDetection() {
+		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
+		Assert.assertFalse(secConf.getDisableIntrusionDetection());
+		
+		secConf = this.createWithProperty(DefaultSecurityConfiguration.DISABLE_INTRUSION_DETECTION, "TRUE");
+		Assert.assertTrue(secConf.getDisableIntrusionDetection());
+		
+		secConf = this.createWithProperty(DefaultSecurityConfiguration.DISABLE_INTRUSION_DETECTION, "true");
+		Assert.assertTrue(secConf.getDisableIntrusionDetection());
+		
+		secConf = this.createWithProperty(DefaultSecurityConfiguration.DISABLE_INTRUSION_DETECTION, "false");
+		Assert.assertFalse(secConf.getDisableIntrusionDetection());
+	}
+	
+	@Test
+	public void testGetLogLevel() {
+		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
+		Assert.assertEquals(Logger.WARNING, secConf.getLogLevel());
+		
+		secConf = this.createWithProperty(DefaultSecurityConfiguration.LOG_LEVEL, "trace");
+		Assert.assertEquals(Logger.TRACE, secConf.getLogLevel());
+		
+		secConf = this.createWithProperty(DefaultSecurityConfiguration.LOG_LEVEL, "Off");
+		Assert.assertEquals(Logger.OFF, secConf.getLogLevel());
+		
+		secConf = this.createWithProperty(DefaultSecurityConfiguration.LOG_LEVEL, "all");
+		Assert.assertEquals(Logger.ALL, secConf.getLogLevel());
+		
+		secConf = this.createWithProperty(DefaultSecurityConfiguration.LOG_LEVEL, "DEBUG");
+		Assert.assertEquals(Logger.DEBUG, secConf.getLogLevel());
+		
+		secConf = this.createWithProperty(DefaultSecurityConfiguration.LOG_LEVEL, "info");
+		Assert.assertEquals(Logger.INFO, secConf.getLogLevel());
+		
+		secConf = this.createWithProperty(DefaultSecurityConfiguration.LOG_LEVEL, "ERROR");
+		Assert.assertEquals(Logger.ERROR, secConf.getLogLevel());
+	}
+	
+	@Test
+	public void testGetLogFileName() {
+		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
+		Assert.assertEquals("ESAPI_logging_file", secConf.getLogFileName());
+		
+		secConf = this.createWithProperty(DefaultSecurityConfiguration.LOG_FILE_NAME, "log.txt");
+		Assert.assertEquals("log.txt", secConf.getLogFileName());
+	}
+	
+	@Test
+	public void testGetMaxLogFileSize() {
+		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
+		Assert.assertEquals(DefaultSecurityConfiguration.DEFAULT_MAX_LOG_FILE_SIZE, secConf.getMaxLogFileSize());
+		
+		int maxLogSize = (1024 * 1000);
+		secConf = this.createWithProperty(DefaultSecurityConfiguration.MAX_LOG_FILE_SIZE, String.valueOf(maxLogSize));
+		Assert.assertEquals(maxLogSize, secConf.getMaxLogFileSize());
+	}
+	
+	private String patternOrNull(Pattern p){
+		return null==p?null:p.pattern();
+	}
+
+	@Test
+	public void testValidationsPropertiesFileOptions(){
+		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration("ESAPI-SingleValidatorFileChecker.properties");
+		Assert.assertEquals(patternOrNull(secConf.getValidationPattern("Test1")), "ValueFromFile1");
+		Assert.assertNull(secConf.getValidationPattern("Test2"));
+		Assert.assertNull(secConf.getValidationPattern("TestC"));
+		
+		secConf = new DefaultSecurityConfiguration("ESAPI-DualValidatorFileChecker.properties");
+		Assert.assertEquals(patternOrNull(secConf.getValidationPattern("Test1")), "ValueFromFile1");
+		Assert.assertEquals(patternOrNull(secConf.getValidationPattern("Test2")), "ValueFromFile2");
+		Assert.assertNull(secConf.getValidationPattern("TestC"));
+
+		secConf = new DefaultSecurityConfiguration("ESAPI-CommaValidatorFileChecker.properties");
+		Assert.assertEquals(patternOrNull(secConf.getValidationPattern("TestC")), "ValueFromCommaFile");
+		Assert.assertNull(secConf.getValidationPattern("Test1"));
+		Assert.assertNull(secConf.getValidationPattern("Test2"));
+
+		secConf = new DefaultSecurityConfiguration("ESAPI-QuotedValidatorFileChecker.properties");
+		Assert.assertEquals(patternOrNull(secConf.getValidationPattern("Test1")), "ValueFromFile1");
+		Assert.assertEquals(patternOrNull(secConf.getValidationPattern("Test2")), "ValueFromFile2");
+		Assert.assertEquals(patternOrNull(secConf.getValidationPattern("TestC")), "ValueFromCommaFile");
+	}
+	
+}

From 61c957f0cf26bfad86a1c74ac834c034d8c8ea44 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:51 -0500
Subject: [PATCH 238/812] Change CRLF to LF for issue 356.

---
 .../owasp/esapi/reference/EncoderTest.java    | 1604 ++++++++---------
 1 file changed, 802 insertions(+), 802 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/reference/EncoderTest.java b/src/test/java/org/owasp/esapi/reference/EncoderTest.java
index 52feb91e7..3e8f17a6a 100644
--- a/src/test/java/org/owasp/esapi/reference/EncoderTest.java
+++ b/src/test/java/org/owasp/esapi/reference/EncoderTest.java
@@ -1,802 +1,802 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference;
-
-import java.io.IOException;
-import java.io.UnsupportedEncodingException;
-import java.util.ArrayList;
-import java.util.Arrays;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.Encoder;
-import org.owasp.esapi.EncoderConstants;
-import org.owasp.esapi.codecs.Codec;
-import org.owasp.esapi.codecs.MySQLCodec;
-import org.owasp.esapi.codecs.OracleCodec;
-import org.owasp.esapi.codecs.PushbackString;
-import org.owasp.esapi.codecs.UnixCodec;
-import org.owasp.esapi.codecs.WindowsCodec;
-import org.owasp.esapi.errors.EncodingException;
-import org.owasp.esapi.errors.IntrusionException;
-
-/**
- * The Class EncoderTest.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class EncoderTest extends TestCase {
-    
-	private static final String PREFERRED_ENCODING = "UTF-8";
-	
-    /**
-	 * Instantiates a new encoder test.
-	 * 
-	 * @param testName
-	 *            the test name
-	 */
-    public EncoderTest(String testName) {
-        super(testName);
-    }
-    
-    /**
-     * {@inheritDoc}
-     * @throws Exception 
-     */
-    protected void setUp() throws Exception {
-    	// none
-    }
-    
-    /**
-     * {@inheritDoc}s
-     * @throws Exception
-     */
-    protected void tearDown() throws Exception {
-    	// none
-    }
-    
-    /**
-	 * Suite.
-	 * 
-	 * @return the test
-	 */
-    public static Test suite() {
-        TestSuite suite = new TestSuite(EncoderTest.class);        
-        return suite;
-    }
-    
-	/**
-	 * Test of canonicalize method, of class org.owasp.esapi.Encoder.
-	 * 
-	 * @throws EncodingException
-	 */
-	public void testCanonicalize() throws EncodingException {
-		System.out.println("canonicalize");
-
-        ArrayList<String> list = new ArrayList<String>();
-        list.add( "HTMLEntityCodec" );
-	    list.add( "PercentCodec" );
-		Encoder instance = new DefaultEncoder( list );
-		
-		// Test null paths
-		assertEquals( null, instance.canonicalize(null));
-		assertEquals( null, instance.canonicalize(null, true));
-		assertEquals( null, instance.canonicalize(null, false));
-		assertEquals( null, instance.canonicalize(null, true, true));
-		assertEquals( null, instance.canonicalize(null, true, false));
-		assertEquals( null, instance.canonicalize(null, false, true));
-		assertEquals( null, instance.canonicalize(null, false, false));
-		
-		// test exception paths
-		assertEquals( "%", instance.canonicalize("%25", true));
-		assertEquals( "%", instance.canonicalize("%25", false));
-
-        assertEquals( "%", instance.canonicalize("%25"));
-        assertEquals( "%F", instance.canonicalize("%25F"));
-        assertEquals( "<", instance.canonicalize("%3c"));
-        assertEquals( "<", instance.canonicalize("%3C"));
-        assertEquals( "%X1", instance.canonicalize("%X1"));
-
-        assertEquals( "<", instance.canonicalize("&lt"));
-        assertEquals( "<", instance.canonicalize("&LT"));
-        assertEquals( "<", instance.canonicalize("&lt;"));
-        assertEquals( "<", instance.canonicalize("&LT;"));
-        
-        assertEquals( "%", instance.canonicalize("&#37;"));
-        assertEquals( "%", instance.canonicalize("&#37"));
-        assertEquals( "%b", instance.canonicalize("&#37b"));
-
-        assertEquals( "<", instance.canonicalize("&#x3c"));
-        assertEquals( "<", instance.canonicalize("&#x3c;"));
-        assertEquals( "<", instance.canonicalize("&#x3C"));
-        assertEquals( "<", instance.canonicalize("&#X3c"));
-        assertEquals( "<", instance.canonicalize("&#X3C"));
-        assertEquals( "<", instance.canonicalize("&#X3C;"));
-
-        // percent encoding
-        assertEquals( "<", instance.canonicalize("%3c"));
-        assertEquals( "<", instance.canonicalize("%3C"));
-
-        // html entity encoding
-        assertEquals( "<", instance.canonicalize("&#60"));
-        assertEquals( "<", instance.canonicalize("&#060"));
-        assertEquals( "<", instance.canonicalize("&#0060"));
-        assertEquals( "<", instance.canonicalize("&#00060"));
-        assertEquals( "<", instance.canonicalize("&#000060"));
-        assertEquals( "<", instance.canonicalize("&#0000060"));
-        assertEquals( "<", instance.canonicalize("&#60;"));
-        assertEquals( "<", instance.canonicalize("&#060;"));
-        assertEquals( "<", instance.canonicalize("&#0060;"));
-        assertEquals( "<", instance.canonicalize("&#00060;"));
-        assertEquals( "<", instance.canonicalize("&#000060;"));
-        assertEquals( "<", instance.canonicalize("&#0000060;"));
-        assertEquals( "<", instance.canonicalize("&#x3c"));
-        assertEquals( "<", instance.canonicalize("&#x03c"));
-        assertEquals( "<", instance.canonicalize("&#x003c"));
-        assertEquals( "<", instance.canonicalize("&#x0003c"));
-        assertEquals( "<", instance.canonicalize("&#x00003c"));
-        assertEquals( "<", instance.canonicalize("&#x000003c"));
-        assertEquals( "<", instance.canonicalize("&#x3c;"));
-        assertEquals( "<", instance.canonicalize("&#x03c;"));
-        assertEquals( "<", instance.canonicalize("&#x003c;"));
-        assertEquals( "<", instance.canonicalize("&#x0003c;"));
-        assertEquals( "<", instance.canonicalize("&#x00003c;"));
-        assertEquals( "<", instance.canonicalize("&#x000003c;"));
-        assertEquals( "<", instance.canonicalize("&#X3c"));
-        assertEquals( "<", instance.canonicalize("&#X03c"));
-        assertEquals( "<", instance.canonicalize("&#X003c"));
-        assertEquals( "<", instance.canonicalize("&#X0003c"));
-        assertEquals( "<", instance.canonicalize("&#X00003c"));
-        assertEquals( "<", instance.canonicalize("&#X000003c"));
-        assertEquals( "<", instance.canonicalize("&#X3c;"));
-        assertEquals( "<", instance.canonicalize("&#X03c;"));
-        assertEquals( "<", instance.canonicalize("&#X003c;"));
-        assertEquals( "<", instance.canonicalize("&#X0003c;"));
-        assertEquals( "<", instance.canonicalize("&#X00003c;"));
-        assertEquals( "<", instance.canonicalize("&#X000003c;"));
-        assertEquals( "<", instance.canonicalize("&#x3C"));
-        assertEquals( "<", instance.canonicalize("&#x03C"));
-        assertEquals( "<", instance.canonicalize("&#x003C"));
-        assertEquals( "<", instance.canonicalize("&#x0003C"));
-        assertEquals( "<", instance.canonicalize("&#x00003C"));
-        assertEquals( "<", instance.canonicalize("&#x000003C"));
-        assertEquals( "<", instance.canonicalize("&#x3C;"));
-        assertEquals( "<", instance.canonicalize("&#x03C;"));
-        assertEquals( "<", instance.canonicalize("&#x003C;"));
-        assertEquals( "<", instance.canonicalize("&#x0003C;"));
-        assertEquals( "<", instance.canonicalize("&#x00003C;"));
-        assertEquals( "<", instance.canonicalize("&#x000003C;"));
-        assertEquals( "<", instance.canonicalize("&#X3C"));
-        assertEquals( "<", instance.canonicalize("&#X03C"));
-        assertEquals( "<", instance.canonicalize("&#X003C"));
-        assertEquals( "<", instance.canonicalize("&#X0003C"));
-        assertEquals( "<", instance.canonicalize("&#X00003C"));
-        assertEquals( "<", instance.canonicalize("&#X000003C"));
-        assertEquals( "<", instance.canonicalize("&#X3C;"));
-        assertEquals( "<", instance.canonicalize("&#X03C;"));
-        assertEquals( "<", instance.canonicalize("&#X003C;"));
-        assertEquals( "<", instance.canonicalize("&#X0003C;"));
-        assertEquals( "<", instance.canonicalize("&#X00003C;"));
-        assertEquals( "<", instance.canonicalize("&#X000003C;"));
-        assertEquals( "<", instance.canonicalize("&lt"));
-        assertEquals( "<", instance.canonicalize("&lT"));
-        assertEquals( "<", instance.canonicalize("&Lt"));
-        assertEquals( "<", instance.canonicalize("&LT"));
-        assertEquals( "<", instance.canonicalize("&lt;"));
-        assertEquals( "<", instance.canonicalize("&lT;"));
-        assertEquals( "<", instance.canonicalize("&Lt;"));
-        assertEquals( "<", instance.canonicalize("&LT;"));
-        
-        assertEquals( "<script>alert(\"hello\");</script>", instance.canonicalize("%3Cscript%3Ealert%28%22hello%22%29%3B%3C%2Fscript%3E") );
-        assertEquals( "<script>alert(\"hello\");</script>", instance.canonicalize("%3Cscript&#x3E;alert%28%22hello&#34%29%3B%3C%2Fscript%3E", false) );
-        
-        // javascript escape syntax
-        ArrayList<String> js = new ArrayList<String>();
-        js.add( "JavaScriptCodec" );
-        instance = new DefaultEncoder( js );
-        System.out.println( "JavaScript Decoding" );
-
-        assertEquals( "\0", instance.canonicalize("\\0"));
-        assertEquals( "\b", instance.canonicalize("\\b"));
-        assertEquals( "\t", instance.canonicalize("\\t"));
-        assertEquals( "\n", instance.canonicalize("\\n"));
-        assertEquals( ""+(char)0x0b, instance.canonicalize("\\v"));
-        assertEquals( "\f", instance.canonicalize("\\f"));
-        assertEquals( "\r", instance.canonicalize("\\r"));
-        assertEquals( "\'", instance.canonicalize("\\'"));
-        assertEquals( "\"", instance.canonicalize("\\\""));
-        assertEquals( "\\", instance.canonicalize("\\\\"));
-        assertEquals( "<", instance.canonicalize("\\<"));
-        
-        assertEquals( "<", instance.canonicalize("\\u003c"));
-        assertEquals( "<", instance.canonicalize("\\U003c"));
-        assertEquals( "<", instance.canonicalize("\\u003C"));
-        assertEquals( "<", instance.canonicalize("\\U003C"));
-        assertEquals( "<", instance.canonicalize("\\x3c"));
-        assertEquals( "<", instance.canonicalize("\\X3c"));
-        assertEquals( "<", instance.canonicalize("\\x3C"));
-        assertEquals( "<", instance.canonicalize("\\X3C"));
-
-        // css escape syntax
-        // be careful because some codecs see \0 as null byte
-        ArrayList<String> css = new ArrayList<String>();
-        css.add( "CSSCodec" );
-        instance = new DefaultEncoder( css );
-        System.out.println( "CSS Decoding" );
-        assertEquals( "<", instance.canonicalize("\\3c"));  // add strings to prevent null byte
-        assertEquals( "<", instance.canonicalize("\\03c"));
-        assertEquals( "<", instance.canonicalize("\\003c"));
-        assertEquals( "<", instance.canonicalize("\\0003c"));
-        assertEquals( "<", instance.canonicalize("\\00003c"));
-        assertEquals( "<", instance.canonicalize("\\3C"));
-        assertEquals( "<", instance.canonicalize("\\03C"));
-        assertEquals( "<", instance.canonicalize("\\003C"));
-        assertEquals( "<", instance.canonicalize("\\0003C"));
-        assertEquals( "<", instance.canonicalize("\\00003C"));
-	}
-
-	
-    /**
-     * Test of canonicalize method, of class org.owasp.esapi.Encoder.
-     * 
-     * @throws EncodingException
-     */
-    public void testDoubleEncodingCanonicalization() throws EncodingException {
-        System.out.println("doubleEncodingCanonicalization");
-        Encoder instance = ESAPI.encoder();
-
-        // note these examples use the strict=false flag on canonicalize to allow
-        // full decoding without throwing an IntrusionException. Generally, you
-        // should use strict mode as allowing double-encoding is an abomination.
-        
-        // double encoding examples
-        assertEquals( "<", instance.canonicalize("&#x26;lt&#59", false )); //double entity
-        assertEquals( "\\", instance.canonicalize("%255c", false)); //double percent
-        assertEquals( "%", instance.canonicalize("%2525", false)); //double percent
-        
-        // double encoding with multiple schemes example
-        assertEquals( "<", instance.canonicalize("%26lt%3b", false)); //first entity, then percent
-        assertEquals( "&", instance.canonicalize("&#x25;26", false)); //first percent, then entity
-
-		//enforce multiple and mixed encoding detection
-		try {
-			instance.canonicalize("%26lt; %26lt; &#X25;3c &#x25;3c %2526lt%253B %2526lt%253B %2526lt%253B", true, true);
-			fail("Multiple and mixed encoding not detected");
-		} catch (IntrusionException ie) {}
-
-		//enforce multiple but not mixed encoding detection
-		try {
-			instance.canonicalize("%252525253C", true, false); 
-			fail("Multiple encoding not detected");
-		} catch (IntrusionException ie) {}
-
-		//enforce mixed but not multiple encoding detection
-		try {
-			instance.canonicalize("%25 %2526 %26#X3c;script&#x3e; &#37;3Cscript%25252525253e", false, true); 
-			fail("Mixed encoding not detected");
-		} catch (IntrusionException ie) {}
-
-		//enforce niether mixed nor multiple encoding detection -should canonicalize but not throw an error
-		assertEquals( "< < < < < < <", instance.canonicalize("%26lt; %26lt; &#X25;3c &#x25;3c %2526lt%253B %2526lt%253B %2526lt%253B", 
-															 false, false)); 
-
-        // nested encoding examples
-        assertEquals( "<", instance.canonicalize("%253c", false)); //nested encode % with percent
-        assertEquals( "<", instance.canonicalize("%%33%63", false)); //nested encode both nibbles with percent
-        assertEquals( "<", instance.canonicalize("%%33c", false)); // nested encode first nibble with percent
-        assertEquals( "<", instance.canonicalize("%3%63", false));  //nested encode second nibble with percent
-        assertEquals( "<", instance.canonicalize("&&#108;t;", false)); //nested encode l with entity
-        assertEquals( "<", instance.canonicalize("%2&#x35;3c", false)); //triple percent, percent, 5 with entity
-        
-        // nested encoding with multiple schemes examples
-        assertEquals( "<", instance.canonicalize("&%6ct;", false)); // nested encode l with percent
-        assertEquals( "<", instance.canonicalize("%&#x33;c", false)); //nested encode 3 with entity            
-        
-        // multiple encoding tests
-        assertEquals( "% & <script> <script>", instance.canonicalize( "%25 %2526 %26#X3c;script&#x3e; &#37;3Cscript%25252525253e", false ) );
-        assertEquals( "< < < < < < <", instance.canonicalize( "%26lt; %26lt; &#X25;3c &#x25;3c %2526lt%253B %2526lt%253B %2526lt%253B", false ) );
-
-        // test strict mode with both mixed and multiple encoding
-        try {
-            assertEquals( "< < < < < < <", instance.canonicalize( "%26lt; %26lt; &#X25;3c &#x25;3c %2526lt%253B %2526lt%253B %2526lt%253B" ) );
-        } catch( IntrusionException e ) {
-            // expected
-        }
-        
-        try {
-            assertEquals( "<script", instance.canonicalize("%253Cscript" ) );
-        } catch( IntrusionException e ) {
-            // expected
-        }
-        try {
-            assertEquals( "<script", instance.canonicalize("&#37;3Cscript" ) );
-        } catch( IntrusionException e ) {
-            // expected
-        }
-    }
-
-    /**
-	 * Test of encodeForHTML method, of class org.owasp.esapi.Encoder.
-     *
-     * @throws Exception
-     */
-    public void testEncodeForHTML() throws Exception {
-        System.out.println("encodeForHTML");
-        Encoder instance = ESAPI.encoder();
-        assertEquals(null, instance.encodeForHTML(null));
-        // test invalid characters are replaced with spaces
-        assertEquals("a&#xfffd;b&#xfffd;c&#xfffd;d&#xfffd;e&#xfffd;f&#x9;g", instance.encodeForHTML("a" + (char)0 + "b" + (char)4 + "c" + (char)128 + "d" + (char)150 + "e" +(char)159 + "f" + (char)9 + "g"));
-        
-        assertEquals("&lt;script&gt;", instance.encodeForHTML("<script>"));
-        assertEquals("&amp;lt&#x3b;script&amp;gt&#x3b;", instance.encodeForHTML("&lt;script&gt;"));
-        assertEquals("&#x21;&#x40;&#x24;&#x25;&#x28;&#x29;&#x3d;&#x2b;&#x7b;&#x7d;&#x5b;&#x5d;", instance.encodeForHTML("!@$%()=+{}[]"));
-        assertEquals("&#x21;&#x40;&#x24;&#x25;&#x28;&#x29;&#x3d;&#x2b;&#x7b;&#x7d;&#x5b;&#x5d;", instance.encodeForHTML(instance.canonicalize("&#33;&#64;&#36;&#37;&#40;&#41;&#61;&#43;&#123;&#125;&#91;&#93;") ) );
-        assertEquals(",.-_ ", instance.encodeForHTML(",.-_ "));
-        assertEquals("dir&amp;", instance.encodeForHTML("dir&"));
-        assertEquals("one&amp;two", instance.encodeForHTML("one&two"));
-        assertEquals("" + (char)12345 + (char)65533 + (char)1244, "" + (char)12345 + (char)65533 + (char)1244 );
-    }
-    
-    /**
-	 * Test of encodeForHTMLAttribute method, of class org.owasp.esapi.Encoder.
-	 */
-    public void testEncodeForHTMLAttribute() {
-        System.out.println("encodeForHTMLAttribute");
-        Encoder instance = ESAPI.encoder();
-        assertEquals(null, instance.encodeForHTMLAttribute(null));
-        assertEquals("&lt;script&gt;", instance.encodeForHTMLAttribute("<script>"));
-        assertEquals(",.-_", instance.encodeForHTMLAttribute(",.-_"));
-        assertEquals("&#x20;&#x21;&#x40;&#x24;&#x25;&#x28;&#x29;&#x3d;&#x2b;&#x7b;&#x7d;&#x5b;&#x5d;", instance.encodeForHTMLAttribute(" !@$%()=+{}[]"));
-    }
-    
-    
-    /**
-     *
-     */
-    public void testEncodeForCSS() {
-        System.out.println("encodeForCSS");
-        Encoder instance = ESAPI.encoder();
-        assertEquals(null, instance.encodeForCSS(null));
-        assertEquals("\\3c script\\3e ", instance.encodeForCSS("<script>"));
-        assertEquals("\\21 \\40 \\24 \\25 \\28 \\29 \\3d \\2b \\7b \\7d \\5b \\5d ", instance.encodeForCSS("!@$%()=+{}[]"));
-    }
-    
-
-    
-    /**
-	 * Test of encodeForJavaScript method, of class org.owasp.esapi.Encoder.
-	 */
-    public void testEncodeForJavascript() {
-        System.out.println("encodeForJavascript");
-        Encoder instance = ESAPI.encoder();
-        assertEquals(null, instance.encodeForJavaScript(null));
-        assertEquals("\\x3Cscript\\x3E", instance.encodeForJavaScript("<script>"));
-        assertEquals(",.\\x2D_\\x20", instance.encodeForJavaScript(",.-_ "));
-        assertEquals("\\x21\\x40\\x24\\x25\\x28\\x29\\x3D\\x2B\\x7B\\x7D\\x5B\\x5D", instance.encodeForJavaScript("!@$%()=+{}[]"));
-        // assertEquals( "\\0", instance.encodeForJavaScript("\0"));
-        // assertEquals( "\\b", instance.encodeForJavaScript("\b"));
-        // assertEquals( "\\t", instance.encodeForJavaScript("\t"));
-        // assertEquals( "\\n", instance.encodeForJavaScript("\n"));
-        // assertEquals( "\\v", instance.encodeForJavaScript("" + (char)0x0b));
-        // assertEquals( "\\f", instance.encodeForJavaScript("\f"));
-        // assertEquals( "\\r", instance.encodeForJavaScript("\r"));
-        // assertEquals( "\\'", instance.encodeForJavaScript("\'"));
-        // assertEquals( "\\\"", instance.encodeForJavaScript("\""));
-        // assertEquals( "\\\\", instance.encodeForJavaScript("\\"));
-    }
-        
-    /**
-     *
-     */
-    public void testEncodeForVBScript() {
-        System.out.println("encodeForVBScript");        
-        Encoder instance = ESAPI.encoder();
-        assertEquals(null, instance.encodeForVBScript(null));
-        assertEquals( "chrw(60)&\"script\"&chrw(62)", instance.encodeForVBScript("<script>"));
-        assertEquals( "x\"&chrw(32)&chrw(33)&chrw(64)&chrw(36)&chrw(37)&chrw(40)&chrw(41)&chrw(61)&chrw(43)&chrw(123)&chrw(125)&chrw(91)&chrw(93)", instance.encodeForVBScript("x !@$%()=+{}[]"));
-        assertEquals( "alert\"&chrw(40)&chrw(39)&\"ESAPI\"&chrw(32)&\"test\"&chrw(33)&chrw(39)&chrw(41)", instance.encodeForVBScript("alert('ESAPI test!')" ));
-        assertEquals( "jeff.williams\"&chrw(64)&\"aspectsecurity.com", instance.encodeForVBScript("jeff.williams@aspectsecurity.com"));
-        assertEquals( "test\"&chrw(32)&chrw(60)&chrw(62)&chrw(32)&\"test", instance.encodeForVBScript("test <> test" ));
-    }
-
-        
-    /**
-	 * Test of encodeForXPath method, of class org.owasp.esapi.Encoder.
-	 */
-    public void testEncodeForXPath() {
-        System.out.println("encodeForXPath");
-        Encoder instance = ESAPI.encoder();
-        assertEquals(null, instance.encodeForXPath(null));
-        assertEquals("&#x27;or 1&#x3d;1", instance.encodeForXPath("'or 1=1"));
-    }
-    
-
-    
-    /**
-	 * Test of encodeForSQL method, of class org.owasp.esapi.Encoder.
-	 */
-    public void testEncodeForSQL() {
-        System.out.println("encodeForSQL");
-        Encoder instance = ESAPI.encoder();
-
-        Codec mySQL1 = new MySQLCodec( MySQLCodec.ANSI_MODE );
-        assertEquals("ANSI_MODE", null, instance.encodeForSQL(mySQL1, null));
-        assertEquals("ANSI_MODE", "Jeff'' or ''1''=''1", instance.encodeForSQL(mySQL1, "Jeff' or '1'='1"));
-        
-        Codec mySQL2 = new MySQLCodec( MySQLCodec.MYSQL_MODE );
-        assertEquals("MYSQL_MODE", null, instance.encodeForSQL(mySQL2, null));
-        assertEquals("MYSQL_MODE", "Jeff\\' or \\'1\\'\\=\\'1", instance.encodeForSQL(mySQL2, "Jeff' or '1'='1"));
-
-        Codec oracle = new OracleCodec();
-        assertEquals("Oracle", null, instance.encodeForSQL(oracle, null));
-        assertEquals("Oracle", "Jeff'' or ''1''=''1", instance.encodeForSQL(oracle, "Jeff' or '1'='1"));
-    }
-
-    public void testMySQLANSIModeQuoteInjection() {
-        Encoder instance = ESAPI.encoder();
-        Codec c = new MySQLCodec(MySQLCodec.Mode.ANSI);
-        assertEquals("MySQL Ansi Quote Injection Bug", " or 1=1 -- -", instance.encodeForSQL(c, "\" or 1=1 -- -"));
-    }
-
-    
-    /**
-	 * Test of encodeForLDAP method, of class org.owasp.esapi.Encoder.
-	 */
-    public void testEncodeForLDAP() {
-        System.out.println("encodeForLDAP");
-        Encoder instance = ESAPI.encoder();
-        assertEquals(null, instance.encodeForLDAP(null));
-        assertEquals("No special characters to escape", "Hi This is a test #��", instance.encodeForLDAP("Hi This is a test #��"));
-        assertEquals("Zeros", "Hi \\00", instance.encodeForLDAP("Hi \u0000"));
-        assertEquals("LDAP Christams Tree", "Hi \\28This\\29 = is \\2a a \\5c test # � � �", instance.encodeForLDAP("Hi (This) = is * a \\ test # � � �"));
-    }
-    
-    /**
-	 * Test of encodeForLDAP method, of class org.owasp.esapi.Encoder.
-	 */
-    public void testEncodeForDN() {
-        System.out.println("encodeForDN");
-        Encoder instance = ESAPI.encoder();
-        assertEquals(null, instance.encodeForDN(null));
-        assertEquals("No special characters to escape", "Hello�", instance.encodeForDN("Hello�"));
-        assertEquals("leading #", "\\# Hello�", instance.encodeForDN("# Hello�"));
-        assertEquals("leading space", "\\ Hello�", instance.encodeForDN(" Hello�"));
-        assertEquals("trailing space", "Hello�\\ ", instance.encodeForDN("Hello� "));
-        assertEquals("less than greater than", "Hello\\<\\>", instance.encodeForDN("Hello<>"));
-        assertEquals("only 3 spaces", "\\  \\ ", instance.encodeForDN("   "));
-        assertEquals("Christmas Tree DN", "\\ Hello\\\\ \\+ \\, \\\"World\\\" \\;\\ ", instance.encodeForDN(" Hello\\ + , \"World\" ; "));
-    }
-    
-    public void testEncodeForXMLNull() {
-        Encoder instance = ESAPI.encoder();
-        assertEquals(null, instance.encodeForXML(null));
-    }
-
-    public void testEncodeForXMLSpace() {
-        Encoder instance = ESAPI.encoder();
-        assertEquals(" ", instance.encodeForXML(" "));
-    }
-
-    public void testEncodeForXMLScript() {
-        Encoder instance = ESAPI.encoder();
-        assertEquals("&#x3c;script&#x3e;", instance.encodeForXML("<script>"));
-    }
-
-    public void testEncodeForXMLImmune() {
-        System.out.println("encodeForXML");
-        Encoder instance = ESAPI.encoder();
-        assertEquals(",.-_", instance.encodeForXML(",.-_"));
-    }
-    
-    public void testEncodeForXMLSymbol() {
-        Encoder instance = ESAPI.encoder();
-        assertEquals("&#x21;&#x40;&#x24;&#x25;&#x28;&#x29;&#x3d;&#x2b;&#x7b;&#x7d;&#x5b;&#x5d;", instance.encodeForXML("!@$%()=+{}[]"));
-    }
-
-    public void testEncodeForXMLPound() {
-        System.out.println("encodeForXML");
-        Encoder instance = ESAPI.encoder();
-        assertEquals("&#xa3;", instance.encodeForXML("\u00A3"));
-    }
-    
-    public void testEncodeForXMLAttributeNull() {
-        Encoder instance = ESAPI.encoder();
-        assertEquals(null, instance.encodeForXMLAttribute(null));
-    }
-    
-    public void testEncodeForXMLAttributeSpace() {
-        Encoder instance = ESAPI.encoder();
-        assertEquals(" ", instance.encodeForXMLAttribute(" "));
-    }
-    
-    public void testEncodeForXMLAttributeScript() {
-        Encoder instance = ESAPI.encoder();
-        assertEquals("&#x3c;script&#x3e;", instance.encodeForXMLAttribute("<script>"));
-    }
-    
-    public void testEncodeForXMLAttributeImmune() {
-        Encoder instance = ESAPI.encoder();
-        assertEquals(",.-_", instance.encodeForXMLAttribute(",.-_"));
-    }
-    
-    public void testEncodeForXMLAttributeSymbol() {
-        Encoder instance = ESAPI.encoder();
-        assertEquals(" &#x21;&#x40;&#x24;&#x25;&#x28;&#x29;&#x3d;&#x2b;&#x7b;&#x7d;&#x5b;&#x5d;", instance.encodeForXMLAttribute(" !@$%()=+{}[]"));
-    }
-    
-    public void testEncodeForXMLAttributePound() {
-        Encoder instance = ESAPI.encoder();
-        assertEquals("&#xa3;", instance.encodeForXMLAttribute("\u00A3"));
-    }
-    
-    /**
-	 * Test of encodeForURL method, of class org.owasp.esapi.Encoder.
-     *
-     * @throws Exception
-     */
-    public void testEncodeForURL() throws Exception {
-        System.out.println("encodeForURL");
-        Encoder instance = ESAPI.encoder();
-        assertEquals(null, instance.encodeForURL(null));
-        assertEquals("%3Cscript%3E", instance.encodeForURL("<script>"));
-    }
-    
-    /**
-	 * Test of decodeFromURL method, of class org.owasp.esapi.Encoder.
-     *
-     * @throws Exception
-     */
-    public void testDecodeFromURL() throws Exception {
-        System.out.println("decodeFromURL");
-        Encoder instance = ESAPI.encoder();
-        try {
-        	assertEquals(null, instance.decodeFromURL(null));
-            assertEquals("<script>", instance.decodeFromURL("%3Cscript%3E"));
-            assertEquals("     ", instance.decodeFromURL("+++++") );
-        } catch ( Exception e ) {
-            fail();
-        }
-        try {
-        	instance.decodeFromURL( "%3xridiculous" );
-        	fail();
-        } catch( Exception e ) {
-        	// expected
-        }
-    }
-    
-    /**
-	 * Test of encodeForBase64 method, of class org.owasp.esapi.Encoder.
-	 */
-    public void testEncodeForBase64() {
-        System.out.println("encodeForBase64");
-        Encoder instance = ESAPI.encoder();
-        
-        try {
-        	assertEquals(null, instance.encodeForBase64(null, false));
-            assertEquals(null, instance.encodeForBase64(null, true));
-            assertEquals(null, instance.decodeFromBase64(null));
-            for ( int i=0; i < 100; i++ ) {
-                byte[] r = ESAPI.randomizer().getRandomString( 20, EncoderConstants.CHAR_SPECIALS ).getBytes(PREFERRED_ENCODING);
-                String encoded = instance.encodeForBase64( r, ESAPI.randomizer().getRandomBoolean() );
-                byte[] decoded = instance.decodeFromBase64( encoded );
-                assertTrue( Arrays.equals( r, decoded ) );
-            }
-        } catch ( IOException e ) {
-            fail();
-        }
-    }
-    
-    /**
-	 * Test of decodeFromBase64 method, of class org.owasp.esapi.Encoder.
-	 */
-    public void testDecodeFromBase64() {
-        System.out.println("decodeFromBase64");
-        Encoder instance = ESAPI.encoder();
-        for ( int i=0; i < 100; i++ ) {
-            try {
-                byte[] r = ESAPI.randomizer().getRandomString( 20, EncoderConstants.CHAR_SPECIALS ).getBytes(PREFERRED_ENCODING);
-                String encoded = instance.encodeForBase64( r, ESAPI.randomizer().getRandomBoolean() );
-                byte[] decoded = instance.decodeFromBase64( encoded );
-                assertTrue( Arrays.equals( r, decoded ) );
-            } catch ( IOException e ) {
-                fail();
-	        }
-        }
-        for ( int i=0; i < 100; i++ ) {
-            try {
-                byte[] r = ESAPI.randomizer().getRandomString( 20, EncoderConstants.CHAR_SPECIALS ).getBytes(PREFERRED_ENCODING);
-                String encoded = ESAPI.randomizer().getRandomString(1, EncoderConstants.CHAR_ALPHANUMERICS) + instance.encodeForBase64( r, ESAPI.randomizer().getRandomBoolean() );
-	            byte[] decoded = instance.decodeFromBase64( encoded );
-	            assertFalse( Arrays.equals(r, decoded) );
-            } catch( UnsupportedEncodingException ex) {
-            	fail();
-            } catch ( IOException e ) {
-            	// expected
-            }
-        }
-    }
-    
-
-    /**
-	 * Test of WindowsCodec
-	 */
-    public void testWindowsCodec() {
-        System.out.println("WindowsCodec");
-        Encoder instance = ESAPI.encoder();
-
-        Codec win = new WindowsCodec();
-        char[] immune = new char[0];
-        assertEquals(null, instance.encodeForOS(win, null));
-        
-        PushbackString npbs = new PushbackString("n");
-        assertEquals(null, win.decodeCharacter(npbs));
-
-        PushbackString epbs = new PushbackString("");
-        assertEquals(null, win.decodeCharacter(epbs));
-        
-        Character c = Character.valueOf('<');
-        PushbackString cpbs = new PushbackString(win.encodeCharacter(immune, c));
-        Character decoded = win.decodeCharacter(cpbs);
-        assertEquals(c, decoded);
-        
-        String orig = "c:\\jeff";
-        String enc = win.encode(EncoderConstants.CHAR_ALPHANUMERICS, orig);
-        assertEquals(orig, win.decode(enc));
-        assertEquals(orig, win.decode(orig));
-        
-     // TODO: Check that these are acceptable for Windows
-        assertEquals("c^:^\\jeff", instance.encodeForOS(win, "c:\\jeff"));		
-        assertEquals("c^:^\\jeff", win.encode(immune, "c:\\jeff"));
-        assertEquals("dir^ ^&^ foo", instance.encodeForOS(win, "dir & foo"));
-        assertEquals("dir^ ^&^ foo", win.encode(immune, "dir & foo"));
-    }
-
-    /**
-	 * Test of UnixCodec
-	 */
-    public void testUnixCodec() {
-        System.out.println("UnixCodec");
-        Encoder instance = ESAPI.encoder();
-
-        Codec unix = new UnixCodec();
-        char[] immune = new char[0];
-        assertEquals(null, instance.encodeForOS(unix, null));
-        
-        PushbackString npbs = new PushbackString("n");
-        assertEquals(null, unix.decodeCharacter(npbs));
-
-        Character c = Character.valueOf('<');
-        PushbackString cpbs = new PushbackString(unix.encodeCharacter(immune, c));
-        Character decoded = unix.decodeCharacter(cpbs);
-        assertEquals(c, decoded);
-        
-        PushbackString epbs = new PushbackString("");
-        assertEquals(null, unix.decodeCharacter(epbs));
-
-        String orig = "/etc/passwd";
-        String enc = unix.encode(immune, orig);
-        assertEquals(orig, unix.decode(enc));
-        assertEquals(orig, unix.decode(orig));
-        
-     // TODO: Check that these are acceptable for Unix hosts
-        assertEquals("c\\:\\\\jeff", instance.encodeForOS(unix, "c:\\jeff"));
-        assertEquals("c\\:\\\\jeff", unix.encode(immune, "c:\\jeff"));
-        assertEquals("dir\\ \\&\\ foo", instance.encodeForOS(unix, "dir & foo"));
-        assertEquals("dir\\ \\&\\ foo", unix.encode(immune, "dir & foo"));
-
-        // Unix paths (that must be encoded safely)
-        // TODO: Check that these are acceptable for Unix
-        assertEquals("\\/etc\\/hosts", instance.encodeForOS(unix, "/etc/hosts"));
-        assertEquals("\\/etc\\/hosts\\;\\ ls\\ -l", instance.encodeForOS(unix, "/etc/hosts; ls -l"));
-    }
-    
-    public void testCanonicalizePerformance() throws Exception {
-        System.out.println("Canonicalization Performance");
-    	Encoder encoder = ESAPI.encoder();
-    	int iterations = 100;
-    	String normal = "The quick brown fox jumped over the lazy dog";
-    	
-    	long start = System.currentTimeMillis();
-    	String temp = null;		// Trade in 1/2 doz warnings in Eclipse for one (never read)
-        for ( int i=0; i< iterations; i++ ) {
-        	temp = normal;
-        }
-    	long stop = System.currentTimeMillis();
-        System.out.println( "Normal: " + (stop-start) );
-        
-    	start = System.currentTimeMillis();
-        for ( int i=0; i< iterations; i++ ) {
-        	temp = encoder.canonicalize( normal, false );
-        }
-    	stop = System.currentTimeMillis();
-        System.out.println( "Normal Loose: " + (stop-start) );
-        
-    	start = System.currentTimeMillis();
-        for ( int i=0; i< iterations; i++ ) {
-        	temp = encoder.canonicalize( normal, true );
-        }
-    	stop = System.currentTimeMillis();
-        System.out.println( "Normal Strict: " + (stop-start) );
-
-    	String attack = "%2&#x35;2%3525&#x32;\\u0036lt;\r\n\r\n%&#x%%%3333\\u0033;&%23101;";
-    	
-    	start = System.currentTimeMillis();
-        for ( int i=0; i< iterations; i++ ) {
-        	temp = attack;
-        }
-    	stop = System.currentTimeMillis();
-        System.out.println( "Attack: " + (stop-start) );
-        
-    	start = System.currentTimeMillis();
-        for ( int i=0; i< iterations; i++ ) {
-        	temp = encoder.canonicalize( attack, false );
-        }
-    	stop = System.currentTimeMillis();
-        System.out.println( "Attack Loose: " + (stop-start) );
-        
-    	start = System.currentTimeMillis();
-        for ( int i=0; i< iterations; i++ ) {
-        	try {
-        		temp = encoder.canonicalize( attack, true );
-        	} catch( IntrusionException e ) { 
-        		// expected
-        	}
-        }
-    	stop = System.currentTimeMillis();
-        System.out.println( "Attack Strict: " + (stop-start) );
-    }
-    
-
-    public void testConcurrency() {
-        System.out.println("Encoder Concurrency");
-		for (int i = 0; i < 10; i++) {
-			new Thread( new EncoderConcurrencyMock( i )).start();
-		}
-	}
-
-    /**
-     *  A simple class that calls the Encoder to test thread safety
-     */
-    public class EncoderConcurrencyMock implements Runnable {
-    	public int num = 0;
-    	public EncoderConcurrencyMock( int num ) {
-    		this.num = num;
-    	}
-	    public void run() {
-			while( true ) {
-				String nonce = ESAPI.randomizer().getRandomString( 20, EncoderConstants.CHAR_SPECIALS );
-				String result = javaScriptEncode( nonce );
-				// randomize the threads
-				try {
-					Thread.sleep( ESAPI.randomizer().getRandomInteger( 100, 500 ) );
-				} catch (InterruptedException e) {
-					// just continue
-				}
-				assertTrue( result.equals ( javaScriptEncode( nonce ) ) );
-			}
-		}
-		
-	    public String javaScriptEncode(String str) {
-			Encoder encoder = DefaultEncoder.getInstance();
-			return encoder.encodeForJavaScript(str);
-		}
-    }
-    
-}
-
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference;
+
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.util.ArrayList;
+import java.util.Arrays;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Encoder;
+import org.owasp.esapi.EncoderConstants;
+import org.owasp.esapi.codecs.Codec;
+import org.owasp.esapi.codecs.MySQLCodec;
+import org.owasp.esapi.codecs.OracleCodec;
+import org.owasp.esapi.codecs.PushbackString;
+import org.owasp.esapi.codecs.UnixCodec;
+import org.owasp.esapi.codecs.WindowsCodec;
+import org.owasp.esapi.errors.EncodingException;
+import org.owasp.esapi.errors.IntrusionException;
+
+/**
+ * The Class EncoderTest.
+ * 
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class EncoderTest extends TestCase {
+    
+	private static final String PREFERRED_ENCODING = "UTF-8";
+	
+    /**
+	 * Instantiates a new encoder test.
+	 * 
+	 * @param testName
+	 *            the test name
+	 */
+    public EncoderTest(String testName) {
+        super(testName);
+    }
+    
+    /**
+     * {@inheritDoc}
+     * @throws Exception 
+     */
+    protected void setUp() throws Exception {
+    	// none
+    }
+    
+    /**
+     * {@inheritDoc}s
+     * @throws Exception
+     */
+    protected void tearDown() throws Exception {
+    	// none
+    }
+    
+    /**
+	 * Suite.
+	 * 
+	 * @return the test
+	 */
+    public static Test suite() {
+        TestSuite suite = new TestSuite(EncoderTest.class);        
+        return suite;
+    }
+    
+	/**
+	 * Test of canonicalize method, of class org.owasp.esapi.Encoder.
+	 * 
+	 * @throws EncodingException
+	 */
+	public void testCanonicalize() throws EncodingException {
+		System.out.println("canonicalize");
+
+        ArrayList<String> list = new ArrayList<String>();
+        list.add( "HTMLEntityCodec" );
+	    list.add( "PercentCodec" );
+		Encoder instance = new DefaultEncoder( list );
+		
+		// Test null paths
+		assertEquals( null, instance.canonicalize(null));
+		assertEquals( null, instance.canonicalize(null, true));
+		assertEquals( null, instance.canonicalize(null, false));
+		assertEquals( null, instance.canonicalize(null, true, true));
+		assertEquals( null, instance.canonicalize(null, true, false));
+		assertEquals( null, instance.canonicalize(null, false, true));
+		assertEquals( null, instance.canonicalize(null, false, false));
+		
+		// test exception paths
+		assertEquals( "%", instance.canonicalize("%25", true));
+		assertEquals( "%", instance.canonicalize("%25", false));
+
+        assertEquals( "%", instance.canonicalize("%25"));
+        assertEquals( "%F", instance.canonicalize("%25F"));
+        assertEquals( "<", instance.canonicalize("%3c"));
+        assertEquals( "<", instance.canonicalize("%3C"));
+        assertEquals( "%X1", instance.canonicalize("%X1"));
+
+        assertEquals( "<", instance.canonicalize("&lt"));
+        assertEquals( "<", instance.canonicalize("&LT"));
+        assertEquals( "<", instance.canonicalize("&lt;"));
+        assertEquals( "<", instance.canonicalize("&LT;"));
+        
+        assertEquals( "%", instance.canonicalize("&#37;"));
+        assertEquals( "%", instance.canonicalize("&#37"));
+        assertEquals( "%b", instance.canonicalize("&#37b"));
+
+        assertEquals( "<", instance.canonicalize("&#x3c"));
+        assertEquals( "<", instance.canonicalize("&#x3c;"));
+        assertEquals( "<", instance.canonicalize("&#x3C"));
+        assertEquals( "<", instance.canonicalize("&#X3c"));
+        assertEquals( "<", instance.canonicalize("&#X3C"));
+        assertEquals( "<", instance.canonicalize("&#X3C;"));
+
+        // percent encoding
+        assertEquals( "<", instance.canonicalize("%3c"));
+        assertEquals( "<", instance.canonicalize("%3C"));
+
+        // html entity encoding
+        assertEquals( "<", instance.canonicalize("&#60"));
+        assertEquals( "<", instance.canonicalize("&#060"));
+        assertEquals( "<", instance.canonicalize("&#0060"));
+        assertEquals( "<", instance.canonicalize("&#00060"));
+        assertEquals( "<", instance.canonicalize("&#000060"));
+        assertEquals( "<", instance.canonicalize("&#0000060"));
+        assertEquals( "<", instance.canonicalize("&#60;"));
+        assertEquals( "<", instance.canonicalize("&#060;"));
+        assertEquals( "<", instance.canonicalize("&#0060;"));
+        assertEquals( "<", instance.canonicalize("&#00060;"));
+        assertEquals( "<", instance.canonicalize("&#000060;"));
+        assertEquals( "<", instance.canonicalize("&#0000060;"));
+        assertEquals( "<", instance.canonicalize("&#x3c"));
+        assertEquals( "<", instance.canonicalize("&#x03c"));
+        assertEquals( "<", instance.canonicalize("&#x003c"));
+        assertEquals( "<", instance.canonicalize("&#x0003c"));
+        assertEquals( "<", instance.canonicalize("&#x00003c"));
+        assertEquals( "<", instance.canonicalize("&#x000003c"));
+        assertEquals( "<", instance.canonicalize("&#x3c;"));
+        assertEquals( "<", instance.canonicalize("&#x03c;"));
+        assertEquals( "<", instance.canonicalize("&#x003c;"));
+        assertEquals( "<", instance.canonicalize("&#x0003c;"));
+        assertEquals( "<", instance.canonicalize("&#x00003c;"));
+        assertEquals( "<", instance.canonicalize("&#x000003c;"));
+        assertEquals( "<", instance.canonicalize("&#X3c"));
+        assertEquals( "<", instance.canonicalize("&#X03c"));
+        assertEquals( "<", instance.canonicalize("&#X003c"));
+        assertEquals( "<", instance.canonicalize("&#X0003c"));
+        assertEquals( "<", instance.canonicalize("&#X00003c"));
+        assertEquals( "<", instance.canonicalize("&#X000003c"));
+        assertEquals( "<", instance.canonicalize("&#X3c;"));
+        assertEquals( "<", instance.canonicalize("&#X03c;"));
+        assertEquals( "<", instance.canonicalize("&#X003c;"));
+        assertEquals( "<", instance.canonicalize("&#X0003c;"));
+        assertEquals( "<", instance.canonicalize("&#X00003c;"));
+        assertEquals( "<", instance.canonicalize("&#X000003c;"));
+        assertEquals( "<", instance.canonicalize("&#x3C"));
+        assertEquals( "<", instance.canonicalize("&#x03C"));
+        assertEquals( "<", instance.canonicalize("&#x003C"));
+        assertEquals( "<", instance.canonicalize("&#x0003C"));
+        assertEquals( "<", instance.canonicalize("&#x00003C"));
+        assertEquals( "<", instance.canonicalize("&#x000003C"));
+        assertEquals( "<", instance.canonicalize("&#x3C;"));
+        assertEquals( "<", instance.canonicalize("&#x03C;"));
+        assertEquals( "<", instance.canonicalize("&#x003C;"));
+        assertEquals( "<", instance.canonicalize("&#x0003C;"));
+        assertEquals( "<", instance.canonicalize("&#x00003C;"));
+        assertEquals( "<", instance.canonicalize("&#x000003C;"));
+        assertEquals( "<", instance.canonicalize("&#X3C"));
+        assertEquals( "<", instance.canonicalize("&#X03C"));
+        assertEquals( "<", instance.canonicalize("&#X003C"));
+        assertEquals( "<", instance.canonicalize("&#X0003C"));
+        assertEquals( "<", instance.canonicalize("&#X00003C"));
+        assertEquals( "<", instance.canonicalize("&#X000003C"));
+        assertEquals( "<", instance.canonicalize("&#X3C;"));
+        assertEquals( "<", instance.canonicalize("&#X03C;"));
+        assertEquals( "<", instance.canonicalize("&#X003C;"));
+        assertEquals( "<", instance.canonicalize("&#X0003C;"));
+        assertEquals( "<", instance.canonicalize("&#X00003C;"));
+        assertEquals( "<", instance.canonicalize("&#X000003C;"));
+        assertEquals( "<", instance.canonicalize("&lt"));
+        assertEquals( "<", instance.canonicalize("&lT"));
+        assertEquals( "<", instance.canonicalize("&Lt"));
+        assertEquals( "<", instance.canonicalize("&LT"));
+        assertEquals( "<", instance.canonicalize("&lt;"));
+        assertEquals( "<", instance.canonicalize("&lT;"));
+        assertEquals( "<", instance.canonicalize("&Lt;"));
+        assertEquals( "<", instance.canonicalize("&LT;"));
+        
+        assertEquals( "<script>alert(\"hello\");</script>", instance.canonicalize("%3Cscript%3Ealert%28%22hello%22%29%3B%3C%2Fscript%3E") );
+        assertEquals( "<script>alert(\"hello\");</script>", instance.canonicalize("%3Cscript&#x3E;alert%28%22hello&#34%29%3B%3C%2Fscript%3E", false) );
+        
+        // javascript escape syntax
+        ArrayList<String> js = new ArrayList<String>();
+        js.add( "JavaScriptCodec" );
+        instance = new DefaultEncoder( js );
+        System.out.println( "JavaScript Decoding" );
+
+        assertEquals( "\0", instance.canonicalize("\\0"));
+        assertEquals( "\b", instance.canonicalize("\\b"));
+        assertEquals( "\t", instance.canonicalize("\\t"));
+        assertEquals( "\n", instance.canonicalize("\\n"));
+        assertEquals( ""+(char)0x0b, instance.canonicalize("\\v"));
+        assertEquals( "\f", instance.canonicalize("\\f"));
+        assertEquals( "\r", instance.canonicalize("\\r"));
+        assertEquals( "\'", instance.canonicalize("\\'"));
+        assertEquals( "\"", instance.canonicalize("\\\""));
+        assertEquals( "\\", instance.canonicalize("\\\\"));
+        assertEquals( "<", instance.canonicalize("\\<"));
+        
+        assertEquals( "<", instance.canonicalize("\\u003c"));
+        assertEquals( "<", instance.canonicalize("\\U003c"));
+        assertEquals( "<", instance.canonicalize("\\u003C"));
+        assertEquals( "<", instance.canonicalize("\\U003C"));
+        assertEquals( "<", instance.canonicalize("\\x3c"));
+        assertEquals( "<", instance.canonicalize("\\X3c"));
+        assertEquals( "<", instance.canonicalize("\\x3C"));
+        assertEquals( "<", instance.canonicalize("\\X3C"));
+
+        // css escape syntax
+        // be careful because some codecs see \0 as null byte
+        ArrayList<String> css = new ArrayList<String>();
+        css.add( "CSSCodec" );
+        instance = new DefaultEncoder( css );
+        System.out.println( "CSS Decoding" );
+        assertEquals( "<", instance.canonicalize("\\3c"));  // add strings to prevent null byte
+        assertEquals( "<", instance.canonicalize("\\03c"));
+        assertEquals( "<", instance.canonicalize("\\003c"));
+        assertEquals( "<", instance.canonicalize("\\0003c"));
+        assertEquals( "<", instance.canonicalize("\\00003c"));
+        assertEquals( "<", instance.canonicalize("\\3C"));
+        assertEquals( "<", instance.canonicalize("\\03C"));
+        assertEquals( "<", instance.canonicalize("\\003C"));
+        assertEquals( "<", instance.canonicalize("\\0003C"));
+        assertEquals( "<", instance.canonicalize("\\00003C"));
+	}
+
+	
+    /**
+     * Test of canonicalize method, of class org.owasp.esapi.Encoder.
+     * 
+     * @throws EncodingException
+     */
+    public void testDoubleEncodingCanonicalization() throws EncodingException {
+        System.out.println("doubleEncodingCanonicalization");
+        Encoder instance = ESAPI.encoder();
+
+        // note these examples use the strict=false flag on canonicalize to allow
+        // full decoding without throwing an IntrusionException. Generally, you
+        // should use strict mode as allowing double-encoding is an abomination.
+        
+        // double encoding examples
+        assertEquals( "<", instance.canonicalize("&#x26;lt&#59", false )); //double entity
+        assertEquals( "\\", instance.canonicalize("%255c", false)); //double percent
+        assertEquals( "%", instance.canonicalize("%2525", false)); //double percent
+        
+        // double encoding with multiple schemes example
+        assertEquals( "<", instance.canonicalize("%26lt%3b", false)); //first entity, then percent
+        assertEquals( "&", instance.canonicalize("&#x25;26", false)); //first percent, then entity
+
+		//enforce multiple and mixed encoding detection
+		try {
+			instance.canonicalize("%26lt; %26lt; &#X25;3c &#x25;3c %2526lt%253B %2526lt%253B %2526lt%253B", true, true);
+			fail("Multiple and mixed encoding not detected");
+		} catch (IntrusionException ie) {}
+
+		//enforce multiple but not mixed encoding detection
+		try {
+			instance.canonicalize("%252525253C", true, false); 
+			fail("Multiple encoding not detected");
+		} catch (IntrusionException ie) {}
+
+		//enforce mixed but not multiple encoding detection
+		try {
+			instance.canonicalize("%25 %2526 %26#X3c;script&#x3e; &#37;3Cscript%25252525253e", false, true); 
+			fail("Mixed encoding not detected");
+		} catch (IntrusionException ie) {}
+
+		//enforce niether mixed nor multiple encoding detection -should canonicalize but not throw an error
+		assertEquals( "< < < < < < <", instance.canonicalize("%26lt; %26lt; &#X25;3c &#x25;3c %2526lt%253B %2526lt%253B %2526lt%253B", 
+															 false, false)); 
+
+        // nested encoding examples
+        assertEquals( "<", instance.canonicalize("%253c", false)); //nested encode % with percent
+        assertEquals( "<", instance.canonicalize("%%33%63", false)); //nested encode both nibbles with percent
+        assertEquals( "<", instance.canonicalize("%%33c", false)); // nested encode first nibble with percent
+        assertEquals( "<", instance.canonicalize("%3%63", false));  //nested encode second nibble with percent
+        assertEquals( "<", instance.canonicalize("&&#108;t;", false)); //nested encode l with entity
+        assertEquals( "<", instance.canonicalize("%2&#x35;3c", false)); //triple percent, percent, 5 with entity
+        
+        // nested encoding with multiple schemes examples
+        assertEquals( "<", instance.canonicalize("&%6ct;", false)); // nested encode l with percent
+        assertEquals( "<", instance.canonicalize("%&#x33;c", false)); //nested encode 3 with entity            
+        
+        // multiple encoding tests
+        assertEquals( "% & <script> <script>", instance.canonicalize( "%25 %2526 %26#X3c;script&#x3e; &#37;3Cscript%25252525253e", false ) );
+        assertEquals( "< < < < < < <", instance.canonicalize( "%26lt; %26lt; &#X25;3c &#x25;3c %2526lt%253B %2526lt%253B %2526lt%253B", false ) );
+
+        // test strict mode with both mixed and multiple encoding
+        try {
+            assertEquals( "< < < < < < <", instance.canonicalize( "%26lt; %26lt; &#X25;3c &#x25;3c %2526lt%253B %2526lt%253B %2526lt%253B" ) );
+        } catch( IntrusionException e ) {
+            // expected
+        }
+        
+        try {
+            assertEquals( "<script", instance.canonicalize("%253Cscript" ) );
+        } catch( IntrusionException e ) {
+            // expected
+        }
+        try {
+            assertEquals( "<script", instance.canonicalize("&#37;3Cscript" ) );
+        } catch( IntrusionException e ) {
+            // expected
+        }
+    }
+
+    /**
+	 * Test of encodeForHTML method, of class org.owasp.esapi.Encoder.
+     *
+     * @throws Exception
+     */
+    public void testEncodeForHTML() throws Exception {
+        System.out.println("encodeForHTML");
+        Encoder instance = ESAPI.encoder();
+        assertEquals(null, instance.encodeForHTML(null));
+        // test invalid characters are replaced with spaces
+        assertEquals("a&#xfffd;b&#xfffd;c&#xfffd;d&#xfffd;e&#xfffd;f&#x9;g", instance.encodeForHTML("a" + (char)0 + "b" + (char)4 + "c" + (char)128 + "d" + (char)150 + "e" +(char)159 + "f" + (char)9 + "g"));
+        
+        assertEquals("&lt;script&gt;", instance.encodeForHTML("<script>"));
+        assertEquals("&amp;lt&#x3b;script&amp;gt&#x3b;", instance.encodeForHTML("&lt;script&gt;"));
+        assertEquals("&#x21;&#x40;&#x24;&#x25;&#x28;&#x29;&#x3d;&#x2b;&#x7b;&#x7d;&#x5b;&#x5d;", instance.encodeForHTML("!@$%()=+{}[]"));
+        assertEquals("&#x21;&#x40;&#x24;&#x25;&#x28;&#x29;&#x3d;&#x2b;&#x7b;&#x7d;&#x5b;&#x5d;", instance.encodeForHTML(instance.canonicalize("&#33;&#64;&#36;&#37;&#40;&#41;&#61;&#43;&#123;&#125;&#91;&#93;") ) );
+        assertEquals(",.-_ ", instance.encodeForHTML(",.-_ "));
+        assertEquals("dir&amp;", instance.encodeForHTML("dir&"));
+        assertEquals("one&amp;two", instance.encodeForHTML("one&two"));
+        assertEquals("" + (char)12345 + (char)65533 + (char)1244, "" + (char)12345 + (char)65533 + (char)1244 );
+    }
+    
+    /**
+	 * Test of encodeForHTMLAttribute method, of class org.owasp.esapi.Encoder.
+	 */
+    public void testEncodeForHTMLAttribute() {
+        System.out.println("encodeForHTMLAttribute");
+        Encoder instance = ESAPI.encoder();
+        assertEquals(null, instance.encodeForHTMLAttribute(null));
+        assertEquals("&lt;script&gt;", instance.encodeForHTMLAttribute("<script>"));
+        assertEquals(",.-_", instance.encodeForHTMLAttribute(",.-_"));
+        assertEquals("&#x20;&#x21;&#x40;&#x24;&#x25;&#x28;&#x29;&#x3d;&#x2b;&#x7b;&#x7d;&#x5b;&#x5d;", instance.encodeForHTMLAttribute(" !@$%()=+{}[]"));
+    }
+    
+    
+    /**
+     *
+     */
+    public void testEncodeForCSS() {
+        System.out.println("encodeForCSS");
+        Encoder instance = ESAPI.encoder();
+        assertEquals(null, instance.encodeForCSS(null));
+        assertEquals("\\3c script\\3e ", instance.encodeForCSS("<script>"));
+        assertEquals("\\21 \\40 \\24 \\25 \\28 \\29 \\3d \\2b \\7b \\7d \\5b \\5d ", instance.encodeForCSS("!@$%()=+{}[]"));
+    }
+    
+
+    
+    /**
+	 * Test of encodeForJavaScript method, of class org.owasp.esapi.Encoder.
+	 */
+    public void testEncodeForJavascript() {
+        System.out.println("encodeForJavascript");
+        Encoder instance = ESAPI.encoder();
+        assertEquals(null, instance.encodeForJavaScript(null));
+        assertEquals("\\x3Cscript\\x3E", instance.encodeForJavaScript("<script>"));
+        assertEquals(",.\\x2D_\\x20", instance.encodeForJavaScript(",.-_ "));
+        assertEquals("\\x21\\x40\\x24\\x25\\x28\\x29\\x3D\\x2B\\x7B\\x7D\\x5B\\x5D", instance.encodeForJavaScript("!@$%()=+{}[]"));
+        // assertEquals( "\\0", instance.encodeForJavaScript("\0"));
+        // assertEquals( "\\b", instance.encodeForJavaScript("\b"));
+        // assertEquals( "\\t", instance.encodeForJavaScript("\t"));
+        // assertEquals( "\\n", instance.encodeForJavaScript("\n"));
+        // assertEquals( "\\v", instance.encodeForJavaScript("" + (char)0x0b));
+        // assertEquals( "\\f", instance.encodeForJavaScript("\f"));
+        // assertEquals( "\\r", instance.encodeForJavaScript("\r"));
+        // assertEquals( "\\'", instance.encodeForJavaScript("\'"));
+        // assertEquals( "\\\"", instance.encodeForJavaScript("\""));
+        // assertEquals( "\\\\", instance.encodeForJavaScript("\\"));
+    }
+        
+    /**
+     *
+     */
+    public void testEncodeForVBScript() {
+        System.out.println("encodeForVBScript");        
+        Encoder instance = ESAPI.encoder();
+        assertEquals(null, instance.encodeForVBScript(null));
+        assertEquals( "chrw(60)&\"script\"&chrw(62)", instance.encodeForVBScript("<script>"));
+        assertEquals( "x\"&chrw(32)&chrw(33)&chrw(64)&chrw(36)&chrw(37)&chrw(40)&chrw(41)&chrw(61)&chrw(43)&chrw(123)&chrw(125)&chrw(91)&chrw(93)", instance.encodeForVBScript("x !@$%()=+{}[]"));
+        assertEquals( "alert\"&chrw(40)&chrw(39)&\"ESAPI\"&chrw(32)&\"test\"&chrw(33)&chrw(39)&chrw(41)", instance.encodeForVBScript("alert('ESAPI test!')" ));
+        assertEquals( "jeff.williams\"&chrw(64)&\"aspectsecurity.com", instance.encodeForVBScript("jeff.williams@aspectsecurity.com"));
+        assertEquals( "test\"&chrw(32)&chrw(60)&chrw(62)&chrw(32)&\"test", instance.encodeForVBScript("test <> test" ));
+    }
+
+        
+    /**
+	 * Test of encodeForXPath method, of class org.owasp.esapi.Encoder.
+	 */
+    public void testEncodeForXPath() {
+        System.out.println("encodeForXPath");
+        Encoder instance = ESAPI.encoder();
+        assertEquals(null, instance.encodeForXPath(null));
+        assertEquals("&#x27;or 1&#x3d;1", instance.encodeForXPath("'or 1=1"));
+    }
+    
+
+    
+    /**
+	 * Test of encodeForSQL method, of class org.owasp.esapi.Encoder.
+	 */
+    public void testEncodeForSQL() {
+        System.out.println("encodeForSQL");
+        Encoder instance = ESAPI.encoder();
+
+        Codec mySQL1 = new MySQLCodec( MySQLCodec.ANSI_MODE );
+        assertEquals("ANSI_MODE", null, instance.encodeForSQL(mySQL1, null));
+        assertEquals("ANSI_MODE", "Jeff'' or ''1''=''1", instance.encodeForSQL(mySQL1, "Jeff' or '1'='1"));
+        
+        Codec mySQL2 = new MySQLCodec( MySQLCodec.MYSQL_MODE );
+        assertEquals("MYSQL_MODE", null, instance.encodeForSQL(mySQL2, null));
+        assertEquals("MYSQL_MODE", "Jeff\\' or \\'1\\'\\=\\'1", instance.encodeForSQL(mySQL2, "Jeff' or '1'='1"));
+
+        Codec oracle = new OracleCodec();
+        assertEquals("Oracle", null, instance.encodeForSQL(oracle, null));
+        assertEquals("Oracle", "Jeff'' or ''1''=''1", instance.encodeForSQL(oracle, "Jeff' or '1'='1"));
+    }
+
+    public void testMySQLANSIModeQuoteInjection() {
+        Encoder instance = ESAPI.encoder();
+        Codec c = new MySQLCodec(MySQLCodec.Mode.ANSI);
+        assertEquals("MySQL Ansi Quote Injection Bug", " or 1=1 -- -", instance.encodeForSQL(c, "\" or 1=1 -- -"));
+    }
+
+    
+    /**
+	 * Test of encodeForLDAP method, of class org.owasp.esapi.Encoder.
+	 */
+    public void testEncodeForLDAP() {
+        System.out.println("encodeForLDAP");
+        Encoder instance = ESAPI.encoder();
+        assertEquals(null, instance.encodeForLDAP(null));
+        assertEquals("No special characters to escape", "Hi This is a test #��", instance.encodeForLDAP("Hi This is a test #��"));
+        assertEquals("Zeros", "Hi \\00", instance.encodeForLDAP("Hi \u0000"));
+        assertEquals("LDAP Christams Tree", "Hi \\28This\\29 = is \\2a a \\5c test # � � �", instance.encodeForLDAP("Hi (This) = is * a \\ test # � � �"));
+    }
+    
+    /**
+	 * Test of encodeForLDAP method, of class org.owasp.esapi.Encoder.
+	 */
+    public void testEncodeForDN() {
+        System.out.println("encodeForDN");
+        Encoder instance = ESAPI.encoder();
+        assertEquals(null, instance.encodeForDN(null));
+        assertEquals("No special characters to escape", "Hello�", instance.encodeForDN("Hello�"));
+        assertEquals("leading #", "\\# Hello�", instance.encodeForDN("# Hello�"));
+        assertEquals("leading space", "\\ Hello�", instance.encodeForDN(" Hello�"));
+        assertEquals("trailing space", "Hello�\\ ", instance.encodeForDN("Hello� "));
+        assertEquals("less than greater than", "Hello\\<\\>", instance.encodeForDN("Hello<>"));
+        assertEquals("only 3 spaces", "\\  \\ ", instance.encodeForDN("   "));
+        assertEquals("Christmas Tree DN", "\\ Hello\\\\ \\+ \\, \\\"World\\\" \\;\\ ", instance.encodeForDN(" Hello\\ + , \"World\" ; "));
+    }
+    
+    public void testEncodeForXMLNull() {
+        Encoder instance = ESAPI.encoder();
+        assertEquals(null, instance.encodeForXML(null));
+    }
+
+    public void testEncodeForXMLSpace() {
+        Encoder instance = ESAPI.encoder();
+        assertEquals(" ", instance.encodeForXML(" "));
+    }
+
+    public void testEncodeForXMLScript() {
+        Encoder instance = ESAPI.encoder();
+        assertEquals("&#x3c;script&#x3e;", instance.encodeForXML("<script>"));
+    }
+
+    public void testEncodeForXMLImmune() {
+        System.out.println("encodeForXML");
+        Encoder instance = ESAPI.encoder();
+        assertEquals(",.-_", instance.encodeForXML(",.-_"));
+    }
+    
+    public void testEncodeForXMLSymbol() {
+        Encoder instance = ESAPI.encoder();
+        assertEquals("&#x21;&#x40;&#x24;&#x25;&#x28;&#x29;&#x3d;&#x2b;&#x7b;&#x7d;&#x5b;&#x5d;", instance.encodeForXML("!@$%()=+{}[]"));
+    }
+
+    public void testEncodeForXMLPound() {
+        System.out.println("encodeForXML");
+        Encoder instance = ESAPI.encoder();
+        assertEquals("&#xa3;", instance.encodeForXML("\u00A3"));
+    }
+    
+    public void testEncodeForXMLAttributeNull() {
+        Encoder instance = ESAPI.encoder();
+        assertEquals(null, instance.encodeForXMLAttribute(null));
+    }
+    
+    public void testEncodeForXMLAttributeSpace() {
+        Encoder instance = ESAPI.encoder();
+        assertEquals(" ", instance.encodeForXMLAttribute(" "));
+    }
+    
+    public void testEncodeForXMLAttributeScript() {
+        Encoder instance = ESAPI.encoder();
+        assertEquals("&#x3c;script&#x3e;", instance.encodeForXMLAttribute("<script>"));
+    }
+    
+    public void testEncodeForXMLAttributeImmune() {
+        Encoder instance = ESAPI.encoder();
+        assertEquals(",.-_", instance.encodeForXMLAttribute(",.-_"));
+    }
+    
+    public void testEncodeForXMLAttributeSymbol() {
+        Encoder instance = ESAPI.encoder();
+        assertEquals(" &#x21;&#x40;&#x24;&#x25;&#x28;&#x29;&#x3d;&#x2b;&#x7b;&#x7d;&#x5b;&#x5d;", instance.encodeForXMLAttribute(" !@$%()=+{}[]"));
+    }
+    
+    public void testEncodeForXMLAttributePound() {
+        Encoder instance = ESAPI.encoder();
+        assertEquals("&#xa3;", instance.encodeForXMLAttribute("\u00A3"));
+    }
+    
+    /**
+	 * Test of encodeForURL method, of class org.owasp.esapi.Encoder.
+     *
+     * @throws Exception
+     */
+    public void testEncodeForURL() throws Exception {
+        System.out.println("encodeForURL");
+        Encoder instance = ESAPI.encoder();
+        assertEquals(null, instance.encodeForURL(null));
+        assertEquals("%3Cscript%3E", instance.encodeForURL("<script>"));
+    }
+    
+    /**
+	 * Test of decodeFromURL method, of class org.owasp.esapi.Encoder.
+     *
+     * @throws Exception
+     */
+    public void testDecodeFromURL() throws Exception {
+        System.out.println("decodeFromURL");
+        Encoder instance = ESAPI.encoder();
+        try {
+        	assertEquals(null, instance.decodeFromURL(null));
+            assertEquals("<script>", instance.decodeFromURL("%3Cscript%3E"));
+            assertEquals("     ", instance.decodeFromURL("+++++") );
+        } catch ( Exception e ) {
+            fail();
+        }
+        try {
+        	instance.decodeFromURL( "%3xridiculous" );
+        	fail();
+        } catch( Exception e ) {
+        	// expected
+        }
+    }
+    
+    /**
+	 * Test of encodeForBase64 method, of class org.owasp.esapi.Encoder.
+	 */
+    public void testEncodeForBase64() {
+        System.out.println("encodeForBase64");
+        Encoder instance = ESAPI.encoder();
+        
+        try {
+        	assertEquals(null, instance.encodeForBase64(null, false));
+            assertEquals(null, instance.encodeForBase64(null, true));
+            assertEquals(null, instance.decodeFromBase64(null));
+            for ( int i=0; i < 100; i++ ) {
+                byte[] r = ESAPI.randomizer().getRandomString( 20, EncoderConstants.CHAR_SPECIALS ).getBytes(PREFERRED_ENCODING);
+                String encoded = instance.encodeForBase64( r, ESAPI.randomizer().getRandomBoolean() );
+                byte[] decoded = instance.decodeFromBase64( encoded );
+                assertTrue( Arrays.equals( r, decoded ) );
+            }
+        } catch ( IOException e ) {
+            fail();
+        }
+    }
+    
+    /**
+	 * Test of decodeFromBase64 method, of class org.owasp.esapi.Encoder.
+	 */
+    public void testDecodeFromBase64() {
+        System.out.println("decodeFromBase64");
+        Encoder instance = ESAPI.encoder();
+        for ( int i=0; i < 100; i++ ) {
+            try {
+                byte[] r = ESAPI.randomizer().getRandomString( 20, EncoderConstants.CHAR_SPECIALS ).getBytes(PREFERRED_ENCODING);
+                String encoded = instance.encodeForBase64( r, ESAPI.randomizer().getRandomBoolean() );
+                byte[] decoded = instance.decodeFromBase64( encoded );
+                assertTrue( Arrays.equals( r, decoded ) );
+            } catch ( IOException e ) {
+                fail();
+	        }
+        }
+        for ( int i=0; i < 100; i++ ) {
+            try {
+                byte[] r = ESAPI.randomizer().getRandomString( 20, EncoderConstants.CHAR_SPECIALS ).getBytes(PREFERRED_ENCODING);
+                String encoded = ESAPI.randomizer().getRandomString(1, EncoderConstants.CHAR_ALPHANUMERICS) + instance.encodeForBase64( r, ESAPI.randomizer().getRandomBoolean() );
+	            byte[] decoded = instance.decodeFromBase64( encoded );
+	            assertFalse( Arrays.equals(r, decoded) );
+            } catch( UnsupportedEncodingException ex) {
+            	fail();
+            } catch ( IOException e ) {
+            	// expected
+            }
+        }
+    }
+    
+
+    /**
+	 * Test of WindowsCodec
+	 */
+    public void testWindowsCodec() {
+        System.out.println("WindowsCodec");
+        Encoder instance = ESAPI.encoder();
+
+        Codec win = new WindowsCodec();
+        char[] immune = new char[0];
+        assertEquals(null, instance.encodeForOS(win, null));
+        
+        PushbackString npbs = new PushbackString("n");
+        assertEquals(null, win.decodeCharacter(npbs));
+
+        PushbackString epbs = new PushbackString("");
+        assertEquals(null, win.decodeCharacter(epbs));
+        
+        Character c = Character.valueOf('<');
+        PushbackString cpbs = new PushbackString(win.encodeCharacter(immune, c));
+        Character decoded = win.decodeCharacter(cpbs);
+        assertEquals(c, decoded);
+        
+        String orig = "c:\\jeff";
+        String enc = win.encode(EncoderConstants.CHAR_ALPHANUMERICS, orig);
+        assertEquals(orig, win.decode(enc));
+        assertEquals(orig, win.decode(orig));
+        
+     // TODO: Check that these are acceptable for Windows
+        assertEquals("c^:^\\jeff", instance.encodeForOS(win, "c:\\jeff"));		
+        assertEquals("c^:^\\jeff", win.encode(immune, "c:\\jeff"));
+        assertEquals("dir^ ^&^ foo", instance.encodeForOS(win, "dir & foo"));
+        assertEquals("dir^ ^&^ foo", win.encode(immune, "dir & foo"));
+    }
+
+    /**
+	 * Test of UnixCodec
+	 */
+    public void testUnixCodec() {
+        System.out.println("UnixCodec");
+        Encoder instance = ESAPI.encoder();
+
+        Codec unix = new UnixCodec();
+        char[] immune = new char[0];
+        assertEquals(null, instance.encodeForOS(unix, null));
+        
+        PushbackString npbs = new PushbackString("n");
+        assertEquals(null, unix.decodeCharacter(npbs));
+
+        Character c = Character.valueOf('<');
+        PushbackString cpbs = new PushbackString(unix.encodeCharacter(immune, c));
+        Character decoded = unix.decodeCharacter(cpbs);
+        assertEquals(c, decoded);
+        
+        PushbackString epbs = new PushbackString("");
+        assertEquals(null, unix.decodeCharacter(epbs));
+
+        String orig = "/etc/passwd";
+        String enc = unix.encode(immune, orig);
+        assertEquals(orig, unix.decode(enc));
+        assertEquals(orig, unix.decode(orig));
+        
+     // TODO: Check that these are acceptable for Unix hosts
+        assertEquals("c\\:\\\\jeff", instance.encodeForOS(unix, "c:\\jeff"));
+        assertEquals("c\\:\\\\jeff", unix.encode(immune, "c:\\jeff"));
+        assertEquals("dir\\ \\&\\ foo", instance.encodeForOS(unix, "dir & foo"));
+        assertEquals("dir\\ \\&\\ foo", unix.encode(immune, "dir & foo"));
+
+        // Unix paths (that must be encoded safely)
+        // TODO: Check that these are acceptable for Unix
+        assertEquals("\\/etc\\/hosts", instance.encodeForOS(unix, "/etc/hosts"));
+        assertEquals("\\/etc\\/hosts\\;\\ ls\\ -l", instance.encodeForOS(unix, "/etc/hosts; ls -l"));
+    }
+    
+    public void testCanonicalizePerformance() throws Exception {
+        System.out.println("Canonicalization Performance");
+    	Encoder encoder = ESAPI.encoder();
+    	int iterations = 100;
+    	String normal = "The quick brown fox jumped over the lazy dog";
+    	
+    	long start = System.currentTimeMillis();
+    	String temp = null;		// Trade in 1/2 doz warnings in Eclipse for one (never read)
+        for ( int i=0; i< iterations; i++ ) {
+        	temp = normal;
+        }
+    	long stop = System.currentTimeMillis();
+        System.out.println( "Normal: " + (stop-start) );
+        
+    	start = System.currentTimeMillis();
+        for ( int i=0; i< iterations; i++ ) {
+        	temp = encoder.canonicalize( normal, false );
+        }
+    	stop = System.currentTimeMillis();
+        System.out.println( "Normal Loose: " + (stop-start) );
+        
+    	start = System.currentTimeMillis();
+        for ( int i=0; i< iterations; i++ ) {
+        	temp = encoder.canonicalize( normal, true );
+        }
+    	stop = System.currentTimeMillis();
+        System.out.println( "Normal Strict: " + (stop-start) );
+
+    	String attack = "%2&#x35;2%3525&#x32;\\u0036lt;\r\n\r\n%&#x%%%3333\\u0033;&%23101;";
+    	
+    	start = System.currentTimeMillis();
+        for ( int i=0; i< iterations; i++ ) {
+        	temp = attack;
+        }
+    	stop = System.currentTimeMillis();
+        System.out.println( "Attack: " + (stop-start) );
+        
+    	start = System.currentTimeMillis();
+        for ( int i=0; i< iterations; i++ ) {
+        	temp = encoder.canonicalize( attack, false );
+        }
+    	stop = System.currentTimeMillis();
+        System.out.println( "Attack Loose: " + (stop-start) );
+        
+    	start = System.currentTimeMillis();
+        for ( int i=0; i< iterations; i++ ) {
+        	try {
+        		temp = encoder.canonicalize( attack, true );
+        	} catch( IntrusionException e ) { 
+        		// expected
+        	}
+        }
+    	stop = System.currentTimeMillis();
+        System.out.println( "Attack Strict: " + (stop-start) );
+    }
+    
+
+    public void testConcurrency() {
+        System.out.println("Encoder Concurrency");
+		for (int i = 0; i < 10; i++) {
+			new Thread( new EncoderConcurrencyMock( i )).start();
+		}
+	}
+
+    /**
+     *  A simple class that calls the Encoder to test thread safety
+     */
+    public class EncoderConcurrencyMock implements Runnable {
+    	public int num = 0;
+    	public EncoderConcurrencyMock( int num ) {
+    		this.num = num;
+    	}
+	    public void run() {
+			while( true ) {
+				String nonce = ESAPI.randomizer().getRandomString( 20, EncoderConstants.CHAR_SPECIALS );
+				String result = javaScriptEncode( nonce );
+				// randomize the threads
+				try {
+					Thread.sleep( ESAPI.randomizer().getRandomInteger( 100, 500 ) );
+				} catch (InterruptedException e) {
+					// just continue
+				}
+				assertTrue( result.equals ( javaScriptEncode( nonce ) ) );
+			}
+		}
+		
+	    public String javaScriptEncode(String str) {
+			Encoder encoder = DefaultEncoder.getInstance();
+			return encoder.encodeForJavaScript(str);
+		}
+    }
+    
+}
+

From 3af1c9fec3d6857c405a27f03d7a543f02549023 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:51 -0500
Subject: [PATCH 239/812] Change CRLF to LF for issue 356.

---
 .../owasp/esapi/reference/ExecutorTest.java   | 538 +++++++++---------
 1 file changed, 269 insertions(+), 269 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/reference/ExecutorTest.java b/src/test/java/org/owasp/esapi/reference/ExecutorTest.java
index f97a81ce0..b904f4420 100644
--- a/src/test/java/org/owasp/esapi/reference/ExecutorTest.java
+++ b/src/test/java/org/owasp/esapi/reference/ExecutorTest.java
@@ -1,269 +1,269 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference;
-
-import java.io.File;
-import java.io.FileWriter;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.ExecuteResult;
-import org.owasp.esapi.Executor;
-import org.owasp.esapi.SecurityConfiguration;
-import org.owasp.esapi.SecurityConfigurationWrapper;
-import org.owasp.esapi.codecs.Codec;
-import org.owasp.esapi.codecs.UnixCodec;
-import org.owasp.esapi.codecs.WindowsCodec;
-
-/**
- * The Class ExecutorTest.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class ExecutorTest extends TestCase {
-
-	private SecurityConfiguration origConfig;
-
-	private static class Conf extends SecurityConfigurationWrapper
-	{
-		private final List allowedExes;
-		private final File workingDir;
-
-		Conf(SecurityConfiguration orig, List allowedExes, File workingDir)
-		{
-			super(orig);
-			this.allowedExes = allowedExes;
-			this.workingDir = workingDir;
-		}
-
-		@Override
-		public List getAllowedExecutables()
-		{
-			return allowedExes;
-		}
-
-		@Override
-		public File getWorkingDirectory()
-		{
-			return workingDir;
-		}
-	}
-
-	/**
-	 * Instantiates a new executor test.
-	 * 
-	 * @param testName
-	 *            the test name
-	 */
-	public ExecutorTest(String testName) {
-		super(testName);
-	}
-
-    @Override
-    protected void tearDown() throws Exception {
-        ESAPI.override(null);
-    }
-
-    /**
-	 * Suite.
-	 * 
-	 * @return the test
-	 */
-	public static Test suite() {
-		TestSuite suite = new TestSuite(ExecutorTest.class);
-		return suite;
-	}
-
-	/**
-	 * Test of executeOSCommand method, of class org.owasp.esapi.Executor
-	 * 
-	 * @throws Exception
-	 *             the exception
-	 */
-	public void testExecuteWindowsSystemCommand() throws Exception {
-		System.out.println("executeWindowsSystemCommand");
-
-		if ( System.getProperty("os.name").indexOf("Windows") == -1 ) {
-			System.out.println("testExecuteWindowsSystemCommand - on non-Windows platform, exiting");
-			return;	// Not windows, not going to execute this path
-		}
-		File tmpDir = new File(System.getProperty("java.io.tmpdir")).getCanonicalFile();
-		File sysRoot = new File(System.getenv("SystemRoot")).getCanonicalFile();
-		File sys32 = new File(sysRoot,"system32").getCanonicalFile();
-		File cmd = new File(sys32,"cmd.exe").getCanonicalFile();
-		ESAPI.override(
-			new Conf(
-				ESAPI.securityConfiguration(),
-				Collections.singletonList(cmd.getPath()),
-				tmpDir
-			)
-		);
-
-		Codec codec = new WindowsCodec();
-		System.out.println("executeSystemCommand");
-		Executor instance = ESAPI.executor();
-		List params = new ArrayList();
-		try {
-			params.add("/C");
-			params.add("dir");
-			ExecuteResult result = instance.executeSystemCommand(cmd, new ArrayList(params) );
-			System.out.println( "RESULT: " + result );
-			assertTrue(result.getOutput().length() > 0);
-		} catch (Exception e) {
-			e.printStackTrace();
-			fail();
-		}
-		try {
-			File exec2 = new File( cmd.getPath() + ";inject.exe" );
-			ExecuteResult result = instance.executeSystemCommand(exec2, new ArrayList(params) );
-			System.out.println( "RESULT: " + result );
-			fail();
-		} catch (Exception e) {
-			// expected
-		}
-		try {
-			File exec2 = new File( cmd.getPath() + "\\..\\cmd.exe" );
-			ExecuteResult result = instance.executeSystemCommand(exec2, new ArrayList(params) );
-			System.out.println( "RESULT: " + result );
-			fail();
-		} catch (Exception e) {
-			// expected
-		}
-		try {
-			File workdir = new File( "c:\\ridiculous" );
-			ExecuteResult result = instance.executeSystemCommand(cmd, new ArrayList(params), workdir, codec, false, false );
-			System.out.println( "RESULT: " + result );
-			fail();
-		} catch (Exception e) {
-			// expected
-		}
-		try {
-			params.add("&dir");
-			ExecuteResult result = instance.executeSystemCommand(cmd, new ArrayList(params) );
-			System.out.println( "RESULT: " + result );
-		} catch (Exception e) {
-			fail();
-		}
-
-		try {
-			params.set( params.size()-1, "c:\\autoexec.bat" );
-			ExecuteResult result = instance.executeSystemCommand(cmd, new ArrayList(params) );
-			System.out.println( "RESULT: " + result );
-		} catch (Exception e) {
-			fail();
-		}
-
-		try {
-			params.set( params.size()-1, "c:\\autoexec.bat c:\\config.sys" );
-			ExecuteResult result = instance.executeSystemCommand(cmd, new ArrayList(params) );
-			System.out.println( "RESULT: " + result );
-		} catch (Exception e) {
-			fail();
-		}
-	}
-
-	/**
-	 * Test of executeOSCommand method, of class org.owasp.esapi.Executor
-	 * 
-	 * @throws Exception
-	 *             the exception
-	 */
-	public void testExecuteUnixSystemCommand() throws Exception {
-		System.out.println("executeUnixSystemCommand");
-
-		if ( System.getProperty("os.name").indexOf("Windows") != -1 ) {
-			System.out.println("executeUnixSystemCommand - on Windows platform, exiting");
-			return;
-		}
-
-		// FIXME: need more test cases to use this codec
-		Codec codec = new UnixCodec();
-
-		// make sure we have what /bin/sh is pointing at in the allowed exes for the test
-		// and a usable working dir
-		File binSh = new File("/bin/sh").getCanonicalFile();
-		ESAPI.override(
-			new Conf(
-				ESAPI.securityConfiguration(),
-				Collections.singletonList(binSh.getPath()),
-				new File("/tmp")
-			)
-		);
-
-		Executor instance = ESAPI.executor();
-		File executable = binSh;
-		List params = new ArrayList();
-		try {
-			params.add("-c");
-			params.add("ls");
-			params.add("/");
-			ExecuteResult result = instance.executeSystemCommand(executable, new ArrayList(params) );
-			System.out.println( "RESULT: " + result );
-			assertTrue(result.getOutput().length() > 0);
-		} catch (Exception e) {
-			fail(e.getMessage());
-		}
-		try {
-			File exec2 = new File( executable.getPath() + ";./inject" );
-			ExecuteResult result = instance.executeSystemCommand(exec2, new ArrayList(params) );
-			System.out.println( "RESULT: " + result );
-			fail();
-		} catch (Exception e) {
-			// expected
-		}
-		try {
-			File exec2 = new File( executable.getPath() + "/../bin/sh" );
-			ExecuteResult result = instance.executeSystemCommand(exec2, new ArrayList(params) );
-			System.out.println( "RESULT: " + result );
-			fail();
-		} catch (Exception e) {
-			// expected
-		}
-		try {
-			params.add(";ls");
-			ExecuteResult result = instance.executeSystemCommand(executable, new ArrayList(params) );
-			System.out.println( "RESULT: " + result );
-		} catch (Exception e) {
-			fail();
-		}
-
-		try {
-			File cwd = new File(".");
-			File script = File.createTempFile("ESAPI-ExecutorTest", "sh", cwd);
-			script.deleteOnExit();
-			FileWriter output = new FileWriter(script);
-			try {
-				output.write("i=0\nwhile [ $i -lt 8192 ]\ndo\necho stdout data\necho stderr data >&2\ni=$((i+1))\ndone\n");
-			} finally {
-				output.close();
-			}
-			List deadlockParams = new ArrayList();
-			deadlockParams.add(script.getName());
-			ExecuteResult result = instance.executeSystemCommand(executable, deadlockParams, cwd, codec, true, false);
-			System.out.println( "RESULT: " + result.getExitValue() );
-			assertEquals(0, result.getExitValue());
-		} catch (Exception e) {
-			fail();
-		}
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference;
+
+import java.io.File;
+import java.io.FileWriter;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.ExecuteResult;
+import org.owasp.esapi.Executor;
+import org.owasp.esapi.SecurityConfiguration;
+import org.owasp.esapi.SecurityConfigurationWrapper;
+import org.owasp.esapi.codecs.Codec;
+import org.owasp.esapi.codecs.UnixCodec;
+import org.owasp.esapi.codecs.WindowsCodec;
+
+/**
+ * The Class ExecutorTest.
+ * 
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class ExecutorTest extends TestCase {
+
+	private SecurityConfiguration origConfig;
+
+	private static class Conf extends SecurityConfigurationWrapper
+	{
+		private final List allowedExes;
+		private final File workingDir;
+
+		Conf(SecurityConfiguration orig, List allowedExes, File workingDir)
+		{
+			super(orig);
+			this.allowedExes = allowedExes;
+			this.workingDir = workingDir;
+		}
+
+		@Override
+		public List getAllowedExecutables()
+		{
+			return allowedExes;
+		}
+
+		@Override
+		public File getWorkingDirectory()
+		{
+			return workingDir;
+		}
+	}
+
+	/**
+	 * Instantiates a new executor test.
+	 * 
+	 * @param testName
+	 *            the test name
+	 */
+	public ExecutorTest(String testName) {
+		super(testName);
+	}
+
+    @Override
+    protected void tearDown() throws Exception {
+        ESAPI.override(null);
+    }
+
+    /**
+	 * Suite.
+	 * 
+	 * @return the test
+	 */
+	public static Test suite() {
+		TestSuite suite = new TestSuite(ExecutorTest.class);
+		return suite;
+	}
+
+	/**
+	 * Test of executeOSCommand method, of class org.owasp.esapi.Executor
+	 * 
+	 * @throws Exception
+	 *             the exception
+	 */
+	public void testExecuteWindowsSystemCommand() throws Exception {
+		System.out.println("executeWindowsSystemCommand");
+
+		if ( System.getProperty("os.name").indexOf("Windows") == -1 ) {
+			System.out.println("testExecuteWindowsSystemCommand - on non-Windows platform, exiting");
+			return;	// Not windows, not going to execute this path
+		}
+		File tmpDir = new File(System.getProperty("java.io.tmpdir")).getCanonicalFile();
+		File sysRoot = new File(System.getenv("SystemRoot")).getCanonicalFile();
+		File sys32 = new File(sysRoot,"system32").getCanonicalFile();
+		File cmd = new File(sys32,"cmd.exe").getCanonicalFile();
+		ESAPI.override(
+			new Conf(
+				ESAPI.securityConfiguration(),
+				Collections.singletonList(cmd.getPath()),
+				tmpDir
+			)
+		);
+
+		Codec codec = new WindowsCodec();
+		System.out.println("executeSystemCommand");
+		Executor instance = ESAPI.executor();
+		List params = new ArrayList();
+		try {
+			params.add("/C");
+			params.add("dir");
+			ExecuteResult result = instance.executeSystemCommand(cmd, new ArrayList(params) );
+			System.out.println( "RESULT: " + result );
+			assertTrue(result.getOutput().length() > 0);
+		} catch (Exception e) {
+			e.printStackTrace();
+			fail();
+		}
+		try {
+			File exec2 = new File( cmd.getPath() + ";inject.exe" );
+			ExecuteResult result = instance.executeSystemCommand(exec2, new ArrayList(params) );
+			System.out.println( "RESULT: " + result );
+			fail();
+		} catch (Exception e) {
+			// expected
+		}
+		try {
+			File exec2 = new File( cmd.getPath() + "\\..\\cmd.exe" );
+			ExecuteResult result = instance.executeSystemCommand(exec2, new ArrayList(params) );
+			System.out.println( "RESULT: " + result );
+			fail();
+		} catch (Exception e) {
+			// expected
+		}
+		try {
+			File workdir = new File( "c:\\ridiculous" );
+			ExecuteResult result = instance.executeSystemCommand(cmd, new ArrayList(params), workdir, codec, false, false );
+			System.out.println( "RESULT: " + result );
+			fail();
+		} catch (Exception e) {
+			// expected
+		}
+		try {
+			params.add("&dir");
+			ExecuteResult result = instance.executeSystemCommand(cmd, new ArrayList(params) );
+			System.out.println( "RESULT: " + result );
+		} catch (Exception e) {
+			fail();
+		}
+
+		try {
+			params.set( params.size()-1, "c:\\autoexec.bat" );
+			ExecuteResult result = instance.executeSystemCommand(cmd, new ArrayList(params) );
+			System.out.println( "RESULT: " + result );
+		} catch (Exception e) {
+			fail();
+		}
+
+		try {
+			params.set( params.size()-1, "c:\\autoexec.bat c:\\config.sys" );
+			ExecuteResult result = instance.executeSystemCommand(cmd, new ArrayList(params) );
+			System.out.println( "RESULT: " + result );
+		} catch (Exception e) {
+			fail();
+		}
+	}
+
+	/**
+	 * Test of executeOSCommand method, of class org.owasp.esapi.Executor
+	 * 
+	 * @throws Exception
+	 *             the exception
+	 */
+	public void testExecuteUnixSystemCommand() throws Exception {
+		System.out.println("executeUnixSystemCommand");
+
+		if ( System.getProperty("os.name").indexOf("Windows") != -1 ) {
+			System.out.println("executeUnixSystemCommand - on Windows platform, exiting");
+			return;
+		}
+
+		// FIXME: need more test cases to use this codec
+		Codec codec = new UnixCodec();
+
+		// make sure we have what /bin/sh is pointing at in the allowed exes for the test
+		// and a usable working dir
+		File binSh = new File("/bin/sh").getCanonicalFile();
+		ESAPI.override(
+			new Conf(
+				ESAPI.securityConfiguration(),
+				Collections.singletonList(binSh.getPath()),
+				new File("/tmp")
+			)
+		);
+
+		Executor instance = ESAPI.executor();
+		File executable = binSh;
+		List params = new ArrayList();
+		try {
+			params.add("-c");
+			params.add("ls");
+			params.add("/");
+			ExecuteResult result = instance.executeSystemCommand(executable, new ArrayList(params) );
+			System.out.println( "RESULT: " + result );
+			assertTrue(result.getOutput().length() > 0);
+		} catch (Exception e) {
+			fail(e.getMessage());
+		}
+		try {
+			File exec2 = new File( executable.getPath() + ";./inject" );
+			ExecuteResult result = instance.executeSystemCommand(exec2, new ArrayList(params) );
+			System.out.println( "RESULT: " + result );
+			fail();
+		} catch (Exception e) {
+			// expected
+		}
+		try {
+			File exec2 = new File( executable.getPath() + "/../bin/sh" );
+			ExecuteResult result = instance.executeSystemCommand(exec2, new ArrayList(params) );
+			System.out.println( "RESULT: " + result );
+			fail();
+		} catch (Exception e) {
+			// expected
+		}
+		try {
+			params.add(";ls");
+			ExecuteResult result = instance.executeSystemCommand(executable, new ArrayList(params) );
+			System.out.println( "RESULT: " + result );
+		} catch (Exception e) {
+			fail();
+		}
+
+		try {
+			File cwd = new File(".");
+			File script = File.createTempFile("ESAPI-ExecutorTest", "sh", cwd);
+			script.deleteOnExit();
+			FileWriter output = new FileWriter(script);
+			try {
+				output.write("i=0\nwhile [ $i -lt 8192 ]\ndo\necho stdout data\necho stderr data >&2\ni=$((i+1))\ndone\n");
+			} finally {
+				output.close();
+			}
+			List deadlockParams = new ArrayList();
+			deadlockParams.add(script.getName());
+			ExecuteResult result = instance.executeSystemCommand(executable, deadlockParams, cwd, codec, true, false);
+			System.out.println( "RESULT: " + result.getExitValue() );
+			assertEquals(0, result.getExitValue());
+		} catch (Exception e) {
+			fail();
+		}
+	}
+
+}

From a80432a6ba42c6317d7de52a8521ffb61d1ee6ac Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:51 -0500
Subject: [PATCH 240/812] Change CRLF to LF for issue 356.

---
 .../IntegerAccessReferenceMapTest.java        | 446 +++++++++---------
 1 file changed, 223 insertions(+), 223 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/reference/IntegerAccessReferenceMapTest.java b/src/test/java/org/owasp/esapi/reference/IntegerAccessReferenceMapTest.java
index c4afc8eda..dacd2e2f3 100644
--- a/src/test/java/org/owasp/esapi/reference/IntegerAccessReferenceMapTest.java
+++ b/src/test/java/org/owasp/esapi/reference/IntegerAccessReferenceMapTest.java
@@ -1,223 +1,223 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference;
-
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.Set;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-
-import org.owasp.esapi.Authenticator;
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.User;
-import org.owasp.esapi.errors.AccessControlException;
-import org.owasp.esapi.errors.AuthenticationException;
-import org.owasp.esapi.errors.EncryptionException;
-
-
-/**
- * The Class AccessReferenceMapTest.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class IntegerAccessReferenceMapTest extends TestCase {
-    
-    /**
-	 * Instantiates a new access reference map test.
-	 * 
-	 * @param testName
-	 *            the test name
-	 */
-    public IntegerAccessReferenceMapTest(String testName) {
-        super(testName);
-    }
-
-    /**
-     * {@inheritDoc}
-     * @throws Exception
-     */
-    protected void setUp() throws Exception {
-    	// none
-    }
-
-    /**
-     * {@inheritDoc}
-     * @throws Exception
-     */
-    protected void tearDown() throws Exception {
-    	// none
-    }
-
-    /**
-	 * Suite.
-	 * 
-	 * @return the test
-	 */
-    public static Test suite() {
-        TestSuite suite = new TestSuite(IntegerAccessReferenceMapTest.class);
-        return suite;
-    }
-
-    
-    /**
-	 * Test of update method, of class org.owasp.esapi.AccessReferenceMap.
-	 * 
-	 * @throws AuthenticationException
-     *             the authentication exception
-     * @throws EncryptionException
-	 */
-    public void testUpdate() throws AuthenticationException, EncryptionException {
-        System.out.println("update");
-    	IntegerAccessReferenceMap arm = new IntegerAccessReferenceMap();
-    	Authenticator auth = ESAPI.authenticator();
-    	
-    	String pass = auth.generateStrongPassword();
-    	User u = auth.createUser( "armUpdate", pass, pass );
-    	
-    	// test to make sure update returns something
-		arm.update(auth.getUserNames());
-		String indirect = arm.getIndirectReference( u.getAccountName() );
-		if ( indirect == null ) fail();
-		
-		// test to make sure update removes items that are no longer in the list
-		auth.removeUser( u.getAccountName() );
-		arm.update(auth.getUserNames());
-		indirect = arm.getIndirectReference( u.getAccountName() );
-		if ( indirect != null ) fail();
-		
-		// test to make sure old indirect reference is maintained after an update
-		arm.update(auth.getUserNames());
-		String newIndirect = arm.getIndirectReference( u.getAccountName() );
-		assertEquals(indirect, newIndirect);
-    }
-    
-    
-    /**
-	 * Test of iterator method, of class org.owasp.esapi.AccessReferenceMap.
-	 */
-    public void testIterator() {
-        System.out.println("iterator");
-    	IntegerAccessReferenceMap arm = new IntegerAccessReferenceMap();
-        Authenticator auth = ESAPI.authenticator();
-        
-		arm.update(auth.getUserNames());
-
-		Iterator i = arm.iterator();
-		while ( i.hasNext() ) {
-			String userName = (String)i.next();
-			User u = auth.getUser( userName );
-			if ( u == null ) fail();
-		}
-    }
-    
-    /**
-	 * Test of getIndirectReference method, of class
-	 * org.owasp.esapi.AccessReferenceMap.
-	 */
-    public void testGetIndirectReference() {
-        System.out.println("getIndirectReference");
-        
-        String directReference = "234";
-        Set list = new HashSet();
-        list.add( "123" );
-        list.add( directReference );
-        list.add( "345" );
-        IntegerAccessReferenceMap instance = new IntegerAccessReferenceMap( list );
-        
-        String expResult = directReference;
-        String result = instance.getIndirectReference(directReference);
-        assertNotSame(expResult, result);        
-    }
-
-    /**
-	 * Test of getDirectReference method, of class
-	 * org.owasp.esapi.AccessReferenceMap.
-	 * 
-	 * @throws AccessControlException
-	 *             the access control exception
-	 */
-    public void testGetDirectReference() throws AccessControlException {
-        System.out.println("getDirectReference");
-        
-        String directReference = "234";
-        Set list = new HashSet();
-        list.add( "123" );
-        list.add( directReference );
-        list.add( "345" );
-        IntegerAccessReferenceMap instance = new IntegerAccessReferenceMap( list );
-        
-        String ind = instance.getIndirectReference(directReference);
-        String dir = (String)instance.getDirectReference(ind);
-        assertEquals(directReference, dir);
-        try {
-        	instance.getDirectReference("invalid");
-        	fail();
-        } catch( AccessControlException e ) {
-        	// success
-        }
-    }
-    
-    /**
-     *
-     * @throws org.owasp.esapi.errors.AccessControlException
-     */
-    public void testAddDirectReference() throws AccessControlException {
-        System.out.println("addDirectReference");
-        
-        String directReference = "234";
-        Set list = new HashSet();
-        list.add( "123" );
-        list.add( directReference );
-        list.add( "345" );
-        IntegerAccessReferenceMap instance = new IntegerAccessReferenceMap( list );
-        
-        String newDirect = instance.addDirectReference("newDirect");
-        assertNotNull( newDirect );
-        String ind = instance.addDirectReference(directReference);
-        String dir = (String)instance.getDirectReference(ind);
-        assertEquals(directReference, dir);
-    	String newInd = instance.addDirectReference(directReference);
-    	assertEquals(ind, newInd);
-    }
-
-    /**
-     *
-     * @throws org.owasp.esapi.errors.AccessControlException
-     */
-    public void testRemoveDirectReference() throws AccessControlException {
-        System.out.println("removeDirectReference");
-        
-        String directReference = "234";
-        Set list = new HashSet();
-        list.add( "123" );
-        list.add( directReference );
-        list.add( "345" );
-        IntegerAccessReferenceMap instance = new IntegerAccessReferenceMap( list );
-        
-        String indirect = instance.getIndirectReference(directReference);
-        assertNotNull(indirect);
-        String deleted = instance.removeDirectReference(directReference);
-        assertEquals(indirect,deleted);
-    	deleted = instance.removeDirectReference("ridiculous");
-    	assertNull(deleted);
-    }
-    
-    
-    
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference;
+
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+import org.owasp.esapi.Authenticator;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.User;
+import org.owasp.esapi.errors.AccessControlException;
+import org.owasp.esapi.errors.AuthenticationException;
+import org.owasp.esapi.errors.EncryptionException;
+
+
+/**
+ * The Class AccessReferenceMapTest.
+ * 
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class IntegerAccessReferenceMapTest extends TestCase {
+    
+    /**
+	 * Instantiates a new access reference map test.
+	 * 
+	 * @param testName
+	 *            the test name
+	 */
+    public IntegerAccessReferenceMapTest(String testName) {
+        super(testName);
+    }
+
+    /**
+     * {@inheritDoc}
+     * @throws Exception
+     */
+    protected void setUp() throws Exception {
+    	// none
+    }
+
+    /**
+     * {@inheritDoc}
+     * @throws Exception
+     */
+    protected void tearDown() throws Exception {
+    	// none
+    }
+
+    /**
+	 * Suite.
+	 * 
+	 * @return the test
+	 */
+    public static Test suite() {
+        TestSuite suite = new TestSuite(IntegerAccessReferenceMapTest.class);
+        return suite;
+    }
+
+    
+    /**
+	 * Test of update method, of class org.owasp.esapi.AccessReferenceMap.
+	 * 
+	 * @throws AuthenticationException
+     *             the authentication exception
+     * @throws EncryptionException
+	 */
+    public void testUpdate() throws AuthenticationException, EncryptionException {
+        System.out.println("update");
+    	IntegerAccessReferenceMap arm = new IntegerAccessReferenceMap();
+    	Authenticator auth = ESAPI.authenticator();
+    	
+    	String pass = auth.generateStrongPassword();
+    	User u = auth.createUser( "armUpdate", pass, pass );
+    	
+    	// test to make sure update returns something
+		arm.update(auth.getUserNames());
+		String indirect = arm.getIndirectReference( u.getAccountName() );
+		if ( indirect == null ) fail();
+		
+		// test to make sure update removes items that are no longer in the list
+		auth.removeUser( u.getAccountName() );
+		arm.update(auth.getUserNames());
+		indirect = arm.getIndirectReference( u.getAccountName() );
+		if ( indirect != null ) fail();
+		
+		// test to make sure old indirect reference is maintained after an update
+		arm.update(auth.getUserNames());
+		String newIndirect = arm.getIndirectReference( u.getAccountName() );
+		assertEquals(indirect, newIndirect);
+    }
+    
+    
+    /**
+	 * Test of iterator method, of class org.owasp.esapi.AccessReferenceMap.
+	 */
+    public void testIterator() {
+        System.out.println("iterator");
+    	IntegerAccessReferenceMap arm = new IntegerAccessReferenceMap();
+        Authenticator auth = ESAPI.authenticator();
+        
+		arm.update(auth.getUserNames());
+
+		Iterator i = arm.iterator();
+		while ( i.hasNext() ) {
+			String userName = (String)i.next();
+			User u = auth.getUser( userName );
+			if ( u == null ) fail();
+		}
+    }
+    
+    /**
+	 * Test of getIndirectReference method, of class
+	 * org.owasp.esapi.AccessReferenceMap.
+	 */
+    public void testGetIndirectReference() {
+        System.out.println("getIndirectReference");
+        
+        String directReference = "234";
+        Set list = new HashSet();
+        list.add( "123" );
+        list.add( directReference );
+        list.add( "345" );
+        IntegerAccessReferenceMap instance = new IntegerAccessReferenceMap( list );
+        
+        String expResult = directReference;
+        String result = instance.getIndirectReference(directReference);
+        assertNotSame(expResult, result);        
+    }
+
+    /**
+	 * Test of getDirectReference method, of class
+	 * org.owasp.esapi.AccessReferenceMap.
+	 * 
+	 * @throws AccessControlException
+	 *             the access control exception
+	 */
+    public void testGetDirectReference() throws AccessControlException {
+        System.out.println("getDirectReference");
+        
+        String directReference = "234";
+        Set list = new HashSet();
+        list.add( "123" );
+        list.add( directReference );
+        list.add( "345" );
+        IntegerAccessReferenceMap instance = new IntegerAccessReferenceMap( list );
+        
+        String ind = instance.getIndirectReference(directReference);
+        String dir = (String)instance.getDirectReference(ind);
+        assertEquals(directReference, dir);
+        try {
+        	instance.getDirectReference("invalid");
+        	fail();
+        } catch( AccessControlException e ) {
+        	// success
+        }
+    }
+    
+    /**
+     *
+     * @throws org.owasp.esapi.errors.AccessControlException
+     */
+    public void testAddDirectReference() throws AccessControlException {
+        System.out.println("addDirectReference");
+        
+        String directReference = "234";
+        Set list = new HashSet();
+        list.add( "123" );
+        list.add( directReference );
+        list.add( "345" );
+        IntegerAccessReferenceMap instance = new IntegerAccessReferenceMap( list );
+        
+        String newDirect = instance.addDirectReference("newDirect");
+        assertNotNull( newDirect );
+        String ind = instance.addDirectReference(directReference);
+        String dir = (String)instance.getDirectReference(ind);
+        assertEquals(directReference, dir);
+    	String newInd = instance.addDirectReference(directReference);
+    	assertEquals(ind, newInd);
+    }
+
+    /**
+     *
+     * @throws org.owasp.esapi.errors.AccessControlException
+     */
+    public void testRemoveDirectReference() throws AccessControlException {
+        System.out.println("removeDirectReference");
+        
+        String directReference = "234";
+        Set list = new HashSet();
+        list.add( "123" );
+        list.add( directReference );
+        list.add( "345" );
+        IntegerAccessReferenceMap instance = new IntegerAccessReferenceMap( list );
+        
+        String indirect = instance.getIndirectReference(directReference);
+        assertNotNull(indirect);
+        String deleted = instance.removeDirectReference(directReference);
+        assertEquals(indirect,deleted);
+    	deleted = instance.removeDirectReference("ridiculous");
+    	assertNull(deleted);
+    }
+    
+    
+    
+}

From d8095ebab01064e6ba1b74cd6d33c60ec8d09505 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:51 -0500
Subject: [PATCH 241/812] Change CRLF to LF for issue 356.

---
 .../reference/IntrusionDetectorTest.java      | 264 +++++++++---------
 1 file changed, 132 insertions(+), 132 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/reference/IntrusionDetectorTest.java b/src/test/java/org/owasp/esapi/reference/IntrusionDetectorTest.java
index e7f79d509..5ea853bcf 100644
--- a/src/test/java/org/owasp/esapi/reference/IntrusionDetectorTest.java
+++ b/src/test/java/org/owasp/esapi/reference/IntrusionDetectorTest.java
@@ -1,132 +1,132 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-
-import org.owasp.esapi.Authenticator;
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.EncoderConstants;
-import org.owasp.esapi.User;
-import org.owasp.esapi.errors.AuthenticationException;
-import org.owasp.esapi.errors.IntegrityException;
-import org.owasp.esapi.errors.IntrusionException;
-import org.owasp.esapi.errors.ValidationException;
-import org.owasp.esapi.http.MockHttpServletRequest;
-import org.owasp.esapi.http.MockHttpServletResponse;
-
-/**
- * The Class IntrusionDetectorTest.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class IntrusionDetectorTest extends TestCase {
-
-	/**
-	 * Instantiates a new intrusion detector test.
-	 * 
-	 * @param testName
-	 *            the test name
-	 */
-	public IntrusionDetectorTest(String testName) {
-		super(testName);
-	}
-
-	/**
-     * {@inheritDoc}
-     *
-     * @throws Exception
-     */
-	protected void setUp() throws Exception {
-		// none
-	}
-
-	/**
-     * {@inheritDoc}
-     *
-     * @throws Exception
-     */
-	protected void tearDown() throws Exception {
-		// none
-	}
-
-	/**
-	 * Suite.
-	 * 
-	 * @return the test
-	 */
-	public static Test suite() {
-		TestSuite suite = new TestSuite(IntrusionDetectorTest.class);
-
-		return suite;
-	}
-
-	/**
-	 * Test of addException method, of class org.owasp.esapi.IntrusionDetector.
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 */
-	public void testAddException() throws AuthenticationException {
-		System.out.println("addException");
-		ESAPI.intrusionDetector().addException( new RuntimeException("message") );
-		ESAPI.intrusionDetector().addException( new ValidationException("user message", "log message") );
-		ESAPI.intrusionDetector().addException( new IntrusionException("user message", "log message") );
-		String username = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-        Authenticator auth = ESAPI.authenticator();
-		User user = auth.createUser(username, "addException", "addException");
-		user.enable();
-	    MockHttpServletRequest request = new MockHttpServletRequest();
-		MockHttpServletResponse response = new MockHttpServletResponse();
-		ESAPI.httpUtilities().setCurrentHTTP(request, response);
-		user.loginWithPassword("addException");
-		
-		// Now generate some exceptions to disable account
-		for ( int i = 0; i < ESAPI.securityConfiguration().getQuota(IntegrityException.class.getName()).count; i++ ) {
-            // EnterpriseSecurityExceptions are added to IntrusionDetector automatically
-            new IntegrityException( "IntegrityException " + i, "IntegrityException " + i );
-		}
-        assertFalse( user.isLoggedIn() );
-	}
-
-    
-    /**
-     * Test of addEvent method, of class org.owasp.esapi.IntrusionDetector.
-     * 
-     * @throws AuthenticationException
-     *             the authentication exception
-     */
-    public void testAddEvent() throws AuthenticationException {
-        System.out.println("addEvent");
-		String username = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-        Authenticator auth = ESAPI.authenticator();
-		User user = auth.createUser(username, "addEvent", "addEvent");
-		user.enable();
-	    MockHttpServletRequest request = new MockHttpServletRequest();
-		MockHttpServletResponse response = new MockHttpServletResponse();
-		ESAPI.httpUtilities().setCurrentHTTP(request, response);
-		user.loginWithPassword("addEvent");
-        
-        // Now generate some events to disable user account
-        for ( int i = 0; i < ESAPI.securityConfiguration().getQuota("event.test").count; i++ ) {
-            ESAPI.intrusionDetector().addEvent("test", "test message");
-        }
-        assertFalse( user.isEnabled() );
-    }
-    
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+import org.owasp.esapi.Authenticator;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.EncoderConstants;
+import org.owasp.esapi.User;
+import org.owasp.esapi.errors.AuthenticationException;
+import org.owasp.esapi.errors.IntegrityException;
+import org.owasp.esapi.errors.IntrusionException;
+import org.owasp.esapi.errors.ValidationException;
+import org.owasp.esapi.http.MockHttpServletRequest;
+import org.owasp.esapi.http.MockHttpServletResponse;
+
+/**
+ * The Class IntrusionDetectorTest.
+ * 
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class IntrusionDetectorTest extends TestCase {
+
+	/**
+	 * Instantiates a new intrusion detector test.
+	 * 
+	 * @param testName
+	 *            the test name
+	 */
+	public IntrusionDetectorTest(String testName) {
+		super(testName);
+	}
+
+	/**
+     * {@inheritDoc}
+     *
+     * @throws Exception
+     */
+	protected void setUp() throws Exception {
+		// none
+	}
+
+	/**
+     * {@inheritDoc}
+     *
+     * @throws Exception
+     */
+	protected void tearDown() throws Exception {
+		// none
+	}
+
+	/**
+	 * Suite.
+	 * 
+	 * @return the test
+	 */
+	public static Test suite() {
+		TestSuite suite = new TestSuite(IntrusionDetectorTest.class);
+
+		return suite;
+	}
+
+	/**
+	 * Test of addException method, of class org.owasp.esapi.IntrusionDetector.
+	 * 
+	 * @throws AuthenticationException
+	 *             the authentication exception
+	 */
+	public void testAddException() throws AuthenticationException {
+		System.out.println("addException");
+		ESAPI.intrusionDetector().addException( new RuntimeException("message") );
+		ESAPI.intrusionDetector().addException( new ValidationException("user message", "log message") );
+		ESAPI.intrusionDetector().addException( new IntrusionException("user message", "log message") );
+		String username = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+        Authenticator auth = ESAPI.authenticator();
+		User user = auth.createUser(username, "addException", "addException");
+		user.enable();
+	    MockHttpServletRequest request = new MockHttpServletRequest();
+		MockHttpServletResponse response = new MockHttpServletResponse();
+		ESAPI.httpUtilities().setCurrentHTTP(request, response);
+		user.loginWithPassword("addException");
+		
+		// Now generate some exceptions to disable account
+		for ( int i = 0; i < ESAPI.securityConfiguration().getQuota(IntegrityException.class.getName()).count; i++ ) {
+            // EnterpriseSecurityExceptions are added to IntrusionDetector automatically
+            new IntegrityException( "IntegrityException " + i, "IntegrityException " + i );
+		}
+        assertFalse( user.isLoggedIn() );
+	}
+
+    
+    /**
+     * Test of addEvent method, of class org.owasp.esapi.IntrusionDetector.
+     * 
+     * @throws AuthenticationException
+     *             the authentication exception
+     */
+    public void testAddEvent() throws AuthenticationException {
+        System.out.println("addEvent");
+		String username = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+        Authenticator auth = ESAPI.authenticator();
+		User user = auth.createUser(username, "addEvent", "addEvent");
+		user.enable();
+	    MockHttpServletRequest request = new MockHttpServletRequest();
+		MockHttpServletResponse response = new MockHttpServletResponse();
+		ESAPI.httpUtilities().setCurrentHTTP(request, response);
+		user.loginWithPassword("addEvent");
+        
+        // Now generate some events to disable user account
+        for ( int i = 0; i < ESAPI.securityConfiguration().getQuota("event.test").count; i++ ) {
+            ESAPI.intrusionDetector().addEvent("test", "test message");
+        }
+        assertFalse( user.isEnabled() );
+    }
+    
+}

From 00722a8a2d06fb4550a150469cf1fc030b88b9b3 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:51 -0500
Subject: [PATCH 242/812] Change CRLF to LF for issue 356.

---
 .../owasp/esapi/reference/JavaLoggerTest.java | 564 +++++++++---------
 1 file changed, 282 insertions(+), 282 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/reference/JavaLoggerTest.java b/src/test/java/org/owasp/esapi/reference/JavaLoggerTest.java
index 88d42bc13..410316301 100644
--- a/src/test/java/org/owasp/esapi/reference/JavaLoggerTest.java
+++ b/src/test/java/org/owasp/esapi/reference/JavaLoggerTest.java
@@ -1,282 +1,282 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference;
-
-import java.io.IOException;
-import java.util.Arrays;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.Logger;
-import org.owasp.esapi.errors.AuthenticationException;
-import org.owasp.esapi.errors.ValidationException;
-import org.owasp.esapi.http.MockHttpServletRequest;
-import org.owasp.esapi.http.MockHttpServletResponse;
-
-/**
- * The Class LoggerTest.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class JavaLoggerTest extends TestCase {
-
-	private static int testCount = 0;
-	
-	private static Logger testLogger = null;
-
-	
-    /**
-	 * Instantiates a new logger test.
-	 * 
-	 * @param testName the test name
-	 */
-    public JavaLoggerTest(String testName) {
-        super(testName);
-    }
-
-    /**
-     * {@inheritDoc}
-     * @throws Exception
-     */
-    protected void setUp() throws Exception {
-        UnitTestSecurityConfiguration tmpConfig = new UnitTestSecurityConfiguration((DefaultSecurityConfiguration) ESAPI.securityConfiguration());
-        tmpConfig.setLogImplementation( JavaLogFactory.class.getName() );
-        ESAPI.override(tmpConfig);
-    	//This ensures a clean logger between tests
-    	testLogger = ESAPI.getLogger( "test" + testCount++ );
-    	System.out.println("Test logger: " + testLogger);
-    }
-
-    /**
-     * {@inheritDoc}
-     * @throws Exception
-     */
-    protected void tearDown() throws Exception {
-    	//this helps, with garbage collection
-    	testLogger = null;
-        ESAPI.override(null);
-    }
-
-    /**
-	 * Suite.
-	 * 
-	 * @return the test
-	 */
-    public static Test suite() {
-        TestSuite suite = new TestSuite(JavaLoggerTest.class);    
-        return suite;
-    }
-    
-    /**
-     * Test of logHTTPRequest method, of class org.owasp.esapi.Logger.
-     * 
-     * @throws ValidationException
-     *             the validation exception
-     * @throws IOException
-     *             Signals that an I/O exception has occurred.
-     * @throws AuthenticationException
-     *             the authentication exception
-     */
-    public void testLogHTTPRequest() throws ValidationException, IOException, AuthenticationException {
-        System.out.println("logHTTPRequest");
-        String[] ignore = {"password","ssn","ccn"};
-        MockHttpServletRequest request = new MockHttpServletRequest();
-        MockHttpServletResponse response = new MockHttpServletResponse();
-        ESAPI.httpUtilities().setCurrentHTTP(request, response);
-        Logger logger = ESAPI.getLogger("logger");
-        ESAPI.httpUtilities().logHTTPRequest( request, logger, Arrays.asList(ignore) );
-        request.addParameter("one","one");
-        request.addParameter("two","two1");
-        request.addParameter("two","two2");
-        request.addParameter("password","jwilliams");
-        ESAPI.httpUtilities().logHTTPRequest( request, logger, Arrays.asList(ignore) );
-    }    
-    
-    
-    /**
-     * Test of setLevel method of the inner class org.owasp.esapi.reference.JavaLogger that is defined in 
-     * org.owasp.esapi.reference.JavaLogFactory.
-     */
-    public void testSetLevel() {
-        System.out.println("setLevel");
-        
-        // The following tests that the default logging level is set to WARNING. Since the default might be changed
-        // in the ESAPI security configuration file, these are commented out.
-//       	assertTrue(testLogger.isWarningEnabled());
-//       	assertFalse(testLogger.isInfoEnabled());
-
-        // First, test all the different logging levels
-        testLogger.setLevel( Logger.ALL );
-    	assertTrue(testLogger.isFatalEnabled());
-       	assertTrue(testLogger.isErrorEnabled());
-       	assertTrue(testLogger.isWarningEnabled());
-       	assertTrue(testLogger.isInfoEnabled());
-       	assertTrue(testLogger.isDebugEnabled());
-       	assertTrue(testLogger.isTraceEnabled());
-
-       	testLogger.setLevel( Logger.TRACE );
-    	assertTrue(testLogger.isFatalEnabled());
-       	assertTrue(testLogger.isErrorEnabled());
-       	assertTrue(testLogger.isWarningEnabled());
-       	assertTrue(testLogger.isInfoEnabled());
-       	assertTrue(testLogger.isDebugEnabled());
-       	assertTrue(testLogger.isTraceEnabled());
-
-       	testLogger.setLevel( Logger.DEBUG );
-    	assertTrue(testLogger.isFatalEnabled());
-       	assertTrue(testLogger.isErrorEnabled());
-       	assertTrue(testLogger.isWarningEnabled());
-       	assertTrue(testLogger.isInfoEnabled());
-       	assertTrue(testLogger.isDebugEnabled());
-       	assertFalse(testLogger.isTraceEnabled());
-       	
-       	testLogger.setLevel( Logger.INFO );
-    	assertTrue(testLogger.isFatalEnabled());
-       	assertTrue(testLogger.isErrorEnabled());
-       	assertTrue(testLogger.isWarningEnabled());
-       	assertTrue(testLogger.isInfoEnabled());
-       	assertFalse(testLogger.isDebugEnabled());
-       	assertFalse(testLogger.isTraceEnabled());
-       	
-       	testLogger.setLevel( Logger.WARNING );
-    	assertTrue(testLogger.isFatalEnabled());
-       	assertTrue(testLogger.isErrorEnabled());
-       	assertTrue(testLogger.isWarningEnabled());
-       	assertFalse(testLogger.isInfoEnabled());
-       	assertFalse(testLogger.isDebugEnabled());
-       	assertFalse(testLogger.isTraceEnabled());
-       	
-       	testLogger.setLevel( Logger.ERROR );
-    	assertTrue(testLogger.isFatalEnabled());
-       	assertTrue(testLogger.isErrorEnabled());
-       	assertFalse(testLogger.isWarningEnabled());
-       	assertFalse(testLogger.isInfoEnabled());
-       	assertFalse(testLogger.isDebugEnabled());
-       	assertFalse(testLogger.isTraceEnabled());
-       	
-       	testLogger.setLevel( Logger.FATAL );
-    	assertTrue(testLogger.isFatalEnabled());
-       	assertFalse(testLogger.isErrorEnabled());
-       	assertFalse(testLogger.isWarningEnabled());
-       	assertFalse(testLogger.isInfoEnabled());
-       	assertFalse(testLogger.isDebugEnabled());
-       	assertFalse(testLogger.isTraceEnabled());
-       	
-       	testLogger.setLevel( Logger.OFF );
-    	assertFalse(testLogger.isFatalEnabled());
-       	assertFalse(testLogger.isErrorEnabled());
-       	assertFalse(testLogger.isWarningEnabled());
-       	assertFalse(testLogger.isInfoEnabled());
-       	assertFalse(testLogger.isDebugEnabled());
-       	assertFalse(testLogger.isTraceEnabled());
-       	
-       	//Now test to see if a change to the logging level in one log affects other logs
-       	Logger newLogger = ESAPI.getLogger( "test_num2" );
-       	testLogger.setLevel( Logger.OFF );
-       	newLogger.setLevel( Logger.INFO );
-    	assertFalse(testLogger.isFatalEnabled());
-       	assertFalse(testLogger.isErrorEnabled());
-       	assertFalse(testLogger.isWarningEnabled());
-       	assertFalse(testLogger.isInfoEnabled());
-       	assertFalse(testLogger.isDebugEnabled());
-       	assertFalse(testLogger.isTraceEnabled());
-       	
-       	assertTrue(newLogger.isFatalEnabled());
-       	assertTrue(newLogger.isErrorEnabled());
-       	assertTrue(newLogger.isWarningEnabled());
-       	assertTrue(newLogger.isInfoEnabled());
-       	assertFalse(newLogger.isDebugEnabled());
-       	assertFalse(newLogger.isTraceEnabled());
-    }
-
-    
-    /**
-	 * Test of info method, of class org.owasp.esapi.Logger.
-	 */
-    public void testInfo() {
-        System.out.println("info");
-        testLogger.info(Logger.SECURITY_SUCCESS, "test message" );
-        testLogger.info(Logger.SECURITY_SUCCESS, "test message", null );
-        testLogger.info(Logger.SECURITY_SUCCESS, "%3escript%3f test message", null );
-        testLogger.info(Logger.SECURITY_SUCCESS, "<script> test message", null );
-    }
-
-    /**
-	 * Test of trace method, of class org.owasp.esapi.Logger.
-	 */
-    public void testTrace() {
-        System.out.println("trace");
-        testLogger.trace(Logger.SECURITY_SUCCESS, "test message trace" );
-        testLogger.trace(Logger.SECURITY_SUCCESS, "test message trace", null );
-    }
-
-    /**
-	 * Test of debug method, of class org.owasp.esapi.Logger.
-	 */
-    public void testDebug() {
-        System.out.println("debug");
-        testLogger.debug(Logger.SECURITY_SUCCESS, "test message debug" );
-        testLogger.debug(Logger.SECURITY_SUCCESS, "test message debug", null );
-    }
-
-    /**
-	 * Test of error method, of class org.owasp.esapi.Logger.
-	 */
-    public void testError() {
-        System.out.println("error");
-        testLogger.error(Logger.SECURITY_SUCCESS, "test message error" );
-        testLogger.error(Logger.SECURITY_SUCCESS, "test message error", null );
-    }
-
-    /**
-	 * Test of warning method, of class org.owasp.esapi.Logger.
-	 */
-    public void testWarning() {
-        System.out.println("warning");
-        testLogger.warning(Logger.SECURITY_SUCCESS, "test message warning" );
-        testLogger.warning(Logger.SECURITY_SUCCESS, "test message warning", null );
-    }
-
-    /**
-	 * Test of fatal method, of class org.owasp.esapi.Logger.
-	 */
-    public void testFatal() {
-        System.out.println("fatal");
-        testLogger.fatal(Logger.SECURITY_SUCCESS, "test message fatal" );
-        testLogger.fatal(Logger.SECURITY_SUCCESS, "test message fatal", null );
-    }
-    
-    /**
-     * Test of always method, of class org.owasp.esapi.Logger.
-     */
-    public void testAlways() {
-
-        System.out.println("always");
-        testLogger.always(Logger.SECURITY_SUCCESS, "test message always 1 (SECURITY_SUCCESS)" );
-        testLogger.always(Logger.SECURITY_AUDIT,   "test message always 2 (SECURITY_AUDIT)" );
-        testLogger.always(Logger.SECURITY_SUCCESS, "test message always 3 (SECURITY_SUCCESS)", null );
-        testLogger.always(Logger.SECURITY_AUDIT,   "test message always 4 (SECURITY_AUDIT)", null );
-        try {
-        	throw new RuntimeException("What? You call that a 'throw'? My grandmother throws " +
-        							   "better than that and she's been dead for more than 10 years!");
-        } catch(RuntimeException rtex) {
-            testLogger.always(Logger.SECURITY_AUDIT,   "test message always 5", rtex );
-        }
-	}
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference;
+
+import java.io.IOException;
+import java.util.Arrays;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.errors.AuthenticationException;
+import org.owasp.esapi.errors.ValidationException;
+import org.owasp.esapi.http.MockHttpServletRequest;
+import org.owasp.esapi.http.MockHttpServletResponse;
+
+/**
+ * The Class LoggerTest.
+ * 
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class JavaLoggerTest extends TestCase {
+
+	private static int testCount = 0;
+	
+	private static Logger testLogger = null;
+
+	
+    /**
+	 * Instantiates a new logger test.
+	 * 
+	 * @param testName the test name
+	 */
+    public JavaLoggerTest(String testName) {
+        super(testName);
+    }
+
+    /**
+     * {@inheritDoc}
+     * @throws Exception
+     */
+    protected void setUp() throws Exception {
+        UnitTestSecurityConfiguration tmpConfig = new UnitTestSecurityConfiguration((DefaultSecurityConfiguration) ESAPI.securityConfiguration());
+        tmpConfig.setLogImplementation( JavaLogFactory.class.getName() );
+        ESAPI.override(tmpConfig);
+    	//This ensures a clean logger between tests
+    	testLogger = ESAPI.getLogger( "test" + testCount++ );
+    	System.out.println("Test logger: " + testLogger);
+    }
+
+    /**
+     * {@inheritDoc}
+     * @throws Exception
+     */
+    protected void tearDown() throws Exception {
+    	//this helps, with garbage collection
+    	testLogger = null;
+        ESAPI.override(null);
+    }
+
+    /**
+	 * Suite.
+	 * 
+	 * @return the test
+	 */
+    public static Test suite() {
+        TestSuite suite = new TestSuite(JavaLoggerTest.class);    
+        return suite;
+    }
+    
+    /**
+     * Test of logHTTPRequest method, of class org.owasp.esapi.Logger.
+     * 
+     * @throws ValidationException
+     *             the validation exception
+     * @throws IOException
+     *             Signals that an I/O exception has occurred.
+     * @throws AuthenticationException
+     *             the authentication exception
+     */
+    public void testLogHTTPRequest() throws ValidationException, IOException, AuthenticationException {
+        System.out.println("logHTTPRequest");
+        String[] ignore = {"password","ssn","ccn"};
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        MockHttpServletResponse response = new MockHttpServletResponse();
+        ESAPI.httpUtilities().setCurrentHTTP(request, response);
+        Logger logger = ESAPI.getLogger("logger");
+        ESAPI.httpUtilities().logHTTPRequest( request, logger, Arrays.asList(ignore) );
+        request.addParameter("one","one");
+        request.addParameter("two","two1");
+        request.addParameter("two","two2");
+        request.addParameter("password","jwilliams");
+        ESAPI.httpUtilities().logHTTPRequest( request, logger, Arrays.asList(ignore) );
+    }    
+    
+    
+    /**
+     * Test of setLevel method of the inner class org.owasp.esapi.reference.JavaLogger that is defined in 
+     * org.owasp.esapi.reference.JavaLogFactory.
+     */
+    public void testSetLevel() {
+        System.out.println("setLevel");
+        
+        // The following tests that the default logging level is set to WARNING. Since the default might be changed
+        // in the ESAPI security configuration file, these are commented out.
+//       	assertTrue(testLogger.isWarningEnabled());
+//       	assertFalse(testLogger.isInfoEnabled());
+
+        // First, test all the different logging levels
+        testLogger.setLevel( Logger.ALL );
+    	assertTrue(testLogger.isFatalEnabled());
+       	assertTrue(testLogger.isErrorEnabled());
+       	assertTrue(testLogger.isWarningEnabled());
+       	assertTrue(testLogger.isInfoEnabled());
+       	assertTrue(testLogger.isDebugEnabled());
+       	assertTrue(testLogger.isTraceEnabled());
+
+       	testLogger.setLevel( Logger.TRACE );
+    	assertTrue(testLogger.isFatalEnabled());
+       	assertTrue(testLogger.isErrorEnabled());
+       	assertTrue(testLogger.isWarningEnabled());
+       	assertTrue(testLogger.isInfoEnabled());
+       	assertTrue(testLogger.isDebugEnabled());
+       	assertTrue(testLogger.isTraceEnabled());
+
+       	testLogger.setLevel( Logger.DEBUG );
+    	assertTrue(testLogger.isFatalEnabled());
+       	assertTrue(testLogger.isErrorEnabled());
+       	assertTrue(testLogger.isWarningEnabled());
+       	assertTrue(testLogger.isInfoEnabled());
+       	assertTrue(testLogger.isDebugEnabled());
+       	assertFalse(testLogger.isTraceEnabled());
+       	
+       	testLogger.setLevel( Logger.INFO );
+    	assertTrue(testLogger.isFatalEnabled());
+       	assertTrue(testLogger.isErrorEnabled());
+       	assertTrue(testLogger.isWarningEnabled());
+       	assertTrue(testLogger.isInfoEnabled());
+       	assertFalse(testLogger.isDebugEnabled());
+       	assertFalse(testLogger.isTraceEnabled());
+       	
+       	testLogger.setLevel( Logger.WARNING );
+    	assertTrue(testLogger.isFatalEnabled());
+       	assertTrue(testLogger.isErrorEnabled());
+       	assertTrue(testLogger.isWarningEnabled());
+       	assertFalse(testLogger.isInfoEnabled());
+       	assertFalse(testLogger.isDebugEnabled());
+       	assertFalse(testLogger.isTraceEnabled());
+       	
+       	testLogger.setLevel( Logger.ERROR );
+    	assertTrue(testLogger.isFatalEnabled());
+       	assertTrue(testLogger.isErrorEnabled());
+       	assertFalse(testLogger.isWarningEnabled());
+       	assertFalse(testLogger.isInfoEnabled());
+       	assertFalse(testLogger.isDebugEnabled());
+       	assertFalse(testLogger.isTraceEnabled());
+       	
+       	testLogger.setLevel( Logger.FATAL );
+    	assertTrue(testLogger.isFatalEnabled());
+       	assertFalse(testLogger.isErrorEnabled());
+       	assertFalse(testLogger.isWarningEnabled());
+       	assertFalse(testLogger.isInfoEnabled());
+       	assertFalse(testLogger.isDebugEnabled());
+       	assertFalse(testLogger.isTraceEnabled());
+       	
+       	testLogger.setLevel( Logger.OFF );
+    	assertFalse(testLogger.isFatalEnabled());
+       	assertFalse(testLogger.isErrorEnabled());
+       	assertFalse(testLogger.isWarningEnabled());
+       	assertFalse(testLogger.isInfoEnabled());
+       	assertFalse(testLogger.isDebugEnabled());
+       	assertFalse(testLogger.isTraceEnabled());
+       	
+       	//Now test to see if a change to the logging level in one log affects other logs
+       	Logger newLogger = ESAPI.getLogger( "test_num2" );
+       	testLogger.setLevel( Logger.OFF );
+       	newLogger.setLevel( Logger.INFO );
+    	assertFalse(testLogger.isFatalEnabled());
+       	assertFalse(testLogger.isErrorEnabled());
+       	assertFalse(testLogger.isWarningEnabled());
+       	assertFalse(testLogger.isInfoEnabled());
+       	assertFalse(testLogger.isDebugEnabled());
+       	assertFalse(testLogger.isTraceEnabled());
+       	
+       	assertTrue(newLogger.isFatalEnabled());
+       	assertTrue(newLogger.isErrorEnabled());
+       	assertTrue(newLogger.isWarningEnabled());
+       	assertTrue(newLogger.isInfoEnabled());
+       	assertFalse(newLogger.isDebugEnabled());
+       	assertFalse(newLogger.isTraceEnabled());
+    }
+
+    
+    /**
+	 * Test of info method, of class org.owasp.esapi.Logger.
+	 */
+    public void testInfo() {
+        System.out.println("info");
+        testLogger.info(Logger.SECURITY_SUCCESS, "test message" );
+        testLogger.info(Logger.SECURITY_SUCCESS, "test message", null );
+        testLogger.info(Logger.SECURITY_SUCCESS, "%3escript%3f test message", null );
+        testLogger.info(Logger.SECURITY_SUCCESS, "<script> test message", null );
+    }
+
+    /**
+	 * Test of trace method, of class org.owasp.esapi.Logger.
+	 */
+    public void testTrace() {
+        System.out.println("trace");
+        testLogger.trace(Logger.SECURITY_SUCCESS, "test message trace" );
+        testLogger.trace(Logger.SECURITY_SUCCESS, "test message trace", null );
+    }
+
+    /**
+	 * Test of debug method, of class org.owasp.esapi.Logger.
+	 */
+    public void testDebug() {
+        System.out.println("debug");
+        testLogger.debug(Logger.SECURITY_SUCCESS, "test message debug" );
+        testLogger.debug(Logger.SECURITY_SUCCESS, "test message debug", null );
+    }
+
+    /**
+	 * Test of error method, of class org.owasp.esapi.Logger.
+	 */
+    public void testError() {
+        System.out.println("error");
+        testLogger.error(Logger.SECURITY_SUCCESS, "test message error" );
+        testLogger.error(Logger.SECURITY_SUCCESS, "test message error", null );
+    }
+
+    /**
+	 * Test of warning method, of class org.owasp.esapi.Logger.
+	 */
+    public void testWarning() {
+        System.out.println("warning");
+        testLogger.warning(Logger.SECURITY_SUCCESS, "test message warning" );
+        testLogger.warning(Logger.SECURITY_SUCCESS, "test message warning", null );
+    }
+
+    /**
+	 * Test of fatal method, of class org.owasp.esapi.Logger.
+	 */
+    public void testFatal() {
+        System.out.println("fatal");
+        testLogger.fatal(Logger.SECURITY_SUCCESS, "test message fatal" );
+        testLogger.fatal(Logger.SECURITY_SUCCESS, "test message fatal", null );
+    }
+    
+    /**
+     * Test of always method, of class org.owasp.esapi.Logger.
+     */
+    public void testAlways() {
+
+        System.out.println("always");
+        testLogger.always(Logger.SECURITY_SUCCESS, "test message always 1 (SECURITY_SUCCESS)" );
+        testLogger.always(Logger.SECURITY_AUDIT,   "test message always 2 (SECURITY_AUDIT)" );
+        testLogger.always(Logger.SECURITY_SUCCESS, "test message always 3 (SECURITY_SUCCESS)", null );
+        testLogger.always(Logger.SECURITY_AUDIT,   "test message always 4 (SECURITY_AUDIT)", null );
+        try {
+        	throw new RuntimeException("What? You call that a 'throw'? My grandmother throws " +
+        							   "better than that and she's been dead for more than 10 years!");
+        } catch(RuntimeException rtex) {
+            testLogger.always(Logger.SECURITY_AUDIT,   "test message always 5", rtex );
+        }
+	}
+}

From bbb9179c584d84e7b55da53ec3b0f0829c6a4b63 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:51 -0500
Subject: [PATCH 243/812] Change CRLF to LF for issue 356.

---
 .../esapi/reference/Log4JLoggerTest.java      | 1000 ++++++++---------
 1 file changed, 500 insertions(+), 500 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/reference/Log4JLoggerTest.java b/src/test/java/org/owasp/esapi/reference/Log4JLoggerTest.java
index 99c5faaf0..1c7abdc53 100644
--- a/src/test/java/org/owasp/esapi/reference/Log4JLoggerTest.java
+++ b/src/test/java/org/owasp/esapi/reference/Log4JLoggerTest.java
@@ -1,500 +1,500 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-import org.apache.log4j.Appender;
-import org.apache.log4j.Layout;
-import org.apache.log4j.WriterAppender;
-import org.apache.log4j.spi.LoggingEvent;
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.Logger;
-import org.owasp.esapi.errors.AuthenticationException;
-import org.owasp.esapi.errors.ValidationException;
-import org.owasp.esapi.http.MockHttpServletRequest;
-import org.owasp.esapi.http.MockHttpServletResponse;
-
-import java.io.IOException;
-import java.io.StringWriter;
-import java.util.Arrays;
-
-/**
- * The Class LoggerTest.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- * @author August Detlefsen (augustd at codemagi dot com) <a href="http://www.codemagi.com">CodeMagi, Inc.</a>
- */
-public class Log4JLoggerTest extends TestCase {
-	private static int testCount = 0;
-	
-	private static Logger testLogger = null;
-
-	//a logger for explicit tests of log4j logging methods
-	private static Log4JLogger log4JLogger = null;
-
-    /**
-	 * Instantiates a new logger test.
-	 * 
-	 * @param testName the test name
-	 */
-    public Log4JLoggerTest(String testName) {
-        super(testName);
-    }
-
-    /**
-     * {@inheritDoc}
-     * @throws Exception
-     */
-    protected void setUp() throws Exception {
-		//override default log configuration in ESAPI.properties to use Log4JLogFactory
-        UnitTestSecurityConfiguration tmpConfig = new UnitTestSecurityConfiguration((DefaultSecurityConfiguration) ESAPI.securityConfiguration());
-        tmpConfig.setLogImplementation( Log4JLogFactory.class.getName() );
-        ESAPI.override(tmpConfig);
-
-    	//This ensures a clean logger between tests
-    	testLogger = ESAPI.getLogger( "test ExampleExtendedLog4JLogFactory: " + testCount++ );
-    	System.out.println("Test ExampleExtendedLog4JLogFactory logger: " + testLogger);
-
-		//declare this one as Log4JLogger to be able to use Log4J logging methods
-		log4JLogger = (Log4JLogger)ESAPI.getLogger( "test Log4JLogFactory: " + testCount);
-		System.out.println("Test Log4JLogFactory logger: " + log4JLogger);
-
-    }
-
-    /**
-     * {@inheritDoc}
-     * @throws Exception
-     */
-    protected void tearDown() throws Exception {
-    	//this helps, with garbage collection
-    	testLogger = null;
-		log4JLogger = null;
-
-		ESAPI.override(null);
-	}
-
-    /**
-	 * Suite.
-	 * 
-	 * @return the test
-	 */
-    public static Test suite() {
-        TestSuite suite = new TestSuite(Log4JLoggerTest.class);    
-        return suite;
-    }
-    
-    /**
-     * Test of logHTTPRequest method, of class org.owasp.esapi.Logger.
-     * 
-     * @throws ValidationException
-     *             the validation exception
-     * @throws IOException
-     *             Signals that an I/O exception has occurred.
-     * @throws AuthenticationException
-     *             the authentication exception
-     */
-    public void testLogHTTPRequest() throws ValidationException, IOException, AuthenticationException {
-        System.out.println("logHTTPRequest");
-        String[] ignore = {"password","ssn","ccn"};
-        MockHttpServletRequest request = new MockHttpServletRequest();
-        MockHttpServletResponse response = new MockHttpServletResponse();
-        ESAPI.httpUtilities().setCurrentHTTP(request, response);
-        Logger logger = ESAPI.getLogger("logger");
-        ESAPI.httpUtilities().logHTTPRequest( request, logger, Arrays.asList(ignore) );
-        request.addParameter("one","one");
-        request.addParameter("two","two1");
-        request.addParameter("two","two2");
-        request.addParameter("password","jwilliams");
-        ESAPI.httpUtilities().logHTTPRequest( request, logger, Arrays.asList(ignore) );
-    } 
-    
-    
-    /**
-     * Test of setLevel method of the inner class org.owasp.esapi.reference.JavaLogger that is defined in 
-     * org.owasp.esapi.reference.JavaLogFactory.
-     */
-    public void testSetLevel() {
-        System.out.println("setLevel");
-        
-        // The following tests that the default logging level is set to WARNING. Since the default might be changed
-        // in the ESAPI security configuration file, these are commented out.
-//       	assertTrue(testLogger.isWarningEnabled());
-//       	assertFalse(testLogger.isInfoEnabled());
-
-        // First, test all the different logging levels
-        testLogger.setLevel( Logger.ALL );
-    	assertTrue(testLogger.isFatalEnabled());
-       	assertTrue(testLogger.isErrorEnabled());
-       	assertTrue(testLogger.isWarningEnabled());
-       	assertTrue(testLogger.isInfoEnabled());
-       	assertTrue(testLogger.isDebugEnabled());
-       	assertTrue(testLogger.isTraceEnabled());
-
-       	testLogger.setLevel( Logger.TRACE );
-    	assertTrue(testLogger.isFatalEnabled());
-       	assertTrue(testLogger.isErrorEnabled());
-       	assertTrue(testLogger.isWarningEnabled());
-       	assertTrue(testLogger.isInfoEnabled());
-       	assertTrue(testLogger.isDebugEnabled());
-       	assertTrue(testLogger.isTraceEnabled());
-
-       	testLogger.setLevel( Logger.DEBUG );
-    	assertTrue(testLogger.isFatalEnabled());
-       	assertTrue(testLogger.isErrorEnabled());
-       	assertTrue(testLogger.isWarningEnabled());
-       	assertTrue(testLogger.isInfoEnabled());
-       	assertTrue(testLogger.isDebugEnabled());
-       	assertFalse(testLogger.isTraceEnabled());
-       	
-       	testLogger.setLevel( Logger.INFO );
-    	assertTrue(testLogger.isFatalEnabled());
-       	assertTrue(testLogger.isErrorEnabled());
-       	assertTrue(testLogger.isWarningEnabled());
-       	assertTrue(testLogger.isInfoEnabled());
-       	assertFalse(testLogger.isDebugEnabled());
-       	assertFalse(testLogger.isTraceEnabled());
-       	
-       	testLogger.setLevel( Logger.WARNING );
-    	assertTrue(testLogger.isFatalEnabled());
-       	assertTrue(testLogger.isErrorEnabled());
-       	assertTrue(testLogger.isWarningEnabled());
-       	assertFalse(testLogger.isInfoEnabled());
-       	assertFalse(testLogger.isDebugEnabled());
-       	assertFalse(testLogger.isTraceEnabled());
-       	
-       	testLogger.setLevel( Logger.ERROR );
-    	assertTrue(testLogger.isFatalEnabled());
-       	assertTrue(testLogger.isErrorEnabled());
-       	assertFalse(testLogger.isWarningEnabled());
-       	assertFalse(testLogger.isInfoEnabled());
-       	assertFalse(testLogger.isDebugEnabled());
-       	assertFalse(testLogger.isTraceEnabled());
-       	
-       	testLogger.setLevel( Logger.FATAL );
-    	assertTrue(testLogger.isFatalEnabled());
-       	assertFalse(testLogger.isErrorEnabled());
-       	assertFalse(testLogger.isWarningEnabled());
-       	assertFalse(testLogger.isInfoEnabled());
-       	assertFalse(testLogger.isDebugEnabled());
-       	assertFalse(testLogger.isTraceEnabled());
-       	
-       	testLogger.setLevel( Logger.OFF );
-    	assertFalse(testLogger.isFatalEnabled());
-       	assertFalse(testLogger.isErrorEnabled());
-       	assertFalse(testLogger.isWarningEnabled());
-       	assertFalse(testLogger.isInfoEnabled());
-       	assertFalse(testLogger.isDebugEnabled());
-       	assertFalse(testLogger.isTraceEnabled());
-       	
-       	//Now test to see if a change to the logging level in one log affects other logs
-       	Logger newLogger = ESAPI.getLogger( "test_num2" );
-       	testLogger.setLevel( Logger.OFF );
-       	newLogger.setLevel( Logger.INFO );
-    	assertFalse(testLogger.isFatalEnabled());
-       	assertFalse(testLogger.isErrorEnabled());
-       	assertFalse(testLogger.isWarningEnabled());
-       	assertFalse(testLogger.isInfoEnabled());
-       	assertFalse(testLogger.isDebugEnabled());
-       	assertFalse(testLogger.isTraceEnabled());
-       	
-       	assertTrue(newLogger.isFatalEnabled());
-       	assertTrue(newLogger.isErrorEnabled());
-       	assertTrue(newLogger.isWarningEnabled());
-       	assertTrue(newLogger.isInfoEnabled());
-       	assertFalse(newLogger.isDebugEnabled());
-       	assertFalse(newLogger.isTraceEnabled());
-    }
-
-	/**
-	 * test of loggers without setting explicit log levels
-	 * (log levels set from log4j.xml configuration)
-	 */
-	public void testLogLevels() {
-
-		Logger traceLogger			= ESAPI.getLogger("org.owasp.esapi.reference.TestTrace");
-		Logger debugLogger			= ESAPI.getLogger("org.owasp.esapi.reference.TestDebug");
-		Logger infoLogger			= ESAPI.getLogger("org.owasp.esapi.reference.TestInfo");
-		Logger errorLogger			= ESAPI.getLogger("org.owasp.esapi.reference.TestError");
-		Logger warningLogger		= ESAPI.getLogger("org.owasp.esapi.reference.TestWarning");
-		Logger fatalLogger			= ESAPI.getLogger("org.owasp.esapi.reference.TestFatal");
-		Logger unspecifiedLogger	= ESAPI.getLogger("org.owasp.esapi.reference");  //should use package-wide log level configuration (info)
-
-
-		//traceLogger - all log levels should be enabled
-		assertTrue(traceLogger.isTraceEnabled());
-		assertTrue(traceLogger.isDebugEnabled());
-		assertTrue(traceLogger.isInfoEnabled());
-		assertTrue(traceLogger.isWarningEnabled());
-		assertTrue(traceLogger.isErrorEnabled());
-		assertTrue(traceLogger.isFatalEnabled());
-
-		//debugLogger - all log levels should be enabled EXCEPT trace
-		assertFalse(debugLogger.isTraceEnabled());
-		assertTrue(debugLogger.isDebugEnabled());
-		assertTrue(debugLogger.isInfoEnabled());
-		assertTrue(debugLogger.isWarningEnabled());
-		assertTrue(debugLogger.isErrorEnabled());
-		assertTrue(debugLogger.isFatalEnabled());
-
-		//infoLogger - all log levels should be enabled EXCEPT trace and debug
-		assertFalse(infoLogger.isTraceEnabled());
-		assertFalse(infoLogger.isDebugEnabled());
-		assertTrue(infoLogger.isInfoEnabled());
-		assertTrue(infoLogger.isWarningEnabled());
-		assertTrue(infoLogger.isErrorEnabled());
-		assertTrue(infoLogger.isFatalEnabled());
-
-		//warningLogger - all log levels should be enabled EXCEPT etc.
-		assertFalse(warningLogger.isTraceEnabled());
-		assertFalse(warningLogger.isDebugEnabled());
-		assertFalse(warningLogger.isInfoEnabled());
-		assertTrue(warningLogger.isWarningEnabled());
-		assertTrue(warningLogger.isErrorEnabled());
-		assertTrue(warningLogger.isFatalEnabled());
-
-		//errorLogger - all log levels should be enabled EXCEPT etc.
-		assertFalse(errorLogger.isTraceEnabled());
-		assertFalse(errorLogger.isDebugEnabled());
-		assertFalse(errorLogger.isInfoEnabled());
-		assertFalse(errorLogger.isWarningEnabled());
-		assertTrue(errorLogger.isErrorEnabled());
-		assertTrue(errorLogger.isFatalEnabled());
-
-		//fatalLogger - all log levels should be enabled EXCEPT etc.
-		assertFalse(fatalLogger.isTraceEnabled());
-		assertFalse(fatalLogger.isDebugEnabled());
-		assertFalse(fatalLogger.isInfoEnabled());
-		assertFalse(fatalLogger.isWarningEnabled());
-		assertFalse(fatalLogger.isErrorEnabled());
-		assertTrue(fatalLogger.isFatalEnabled());
-
-		//unspecifiedLogger - all log levels should be enabled EXCEPT trace and debug
-		assertFalse(unspecifiedLogger.isTraceEnabled());
-		assertFalse(unspecifiedLogger.isDebugEnabled());
-		assertTrue(unspecifiedLogger.isInfoEnabled());
-		assertTrue(unspecifiedLogger.isWarningEnabled());
-		assertTrue(unspecifiedLogger.isErrorEnabled());
-		assertTrue(unspecifiedLogger.isFatalEnabled());
-	}
-
-	/**
-	 * test of loggers without setting explicit log levels
-	 * (log levels set from log4j.xml configuration)
-	 */
-	public void testLogLevelsWithClass() {
-
-		Logger traceLogger			= ESAPI.getLogger(TestTrace.class);
-		Logger debugLogger			= ESAPI.getLogger(TestDebug.class);
-		Logger infoLogger			= ESAPI.getLogger(TestInfo.class);
-		Logger errorLogger			= ESAPI.getLogger(TestError.class);
-		Logger warningLogger		= ESAPI.getLogger(TestWarning.class);
-		Logger fatalLogger			= ESAPI.getLogger(TestFatal.class);
-		Logger unspecifiedLogger	= ESAPI.getLogger(TestUnspecified.class);  //should use package-wide log level configuration (info)
-
-		//traceLogger - all log levels should be enabled
-		assertTrue(traceLogger.isTraceEnabled());
-		assertTrue(traceLogger.isDebugEnabled());
-		assertTrue(traceLogger.isInfoEnabled());
-		assertTrue(traceLogger.isWarningEnabled());
-		assertTrue(traceLogger.isErrorEnabled());
-		assertTrue(traceLogger.isFatalEnabled());
-
-		//debugLogger - all log levels should be enabled EXCEPT trace
-		assertFalse(debugLogger.isTraceEnabled());
-		assertTrue(debugLogger.isDebugEnabled());
-		assertTrue(debugLogger.isInfoEnabled());
-		assertTrue(debugLogger.isWarningEnabled());
-		assertTrue(debugLogger.isErrorEnabled());
-		assertTrue(debugLogger.isFatalEnabled());
-
-		//infoLogger - all log levels should be enabled EXCEPT trace and debug
-		assertFalse(infoLogger.isTraceEnabled());
-		assertFalse(infoLogger.isDebugEnabled());
-		assertTrue(infoLogger.isInfoEnabled());
-		assertTrue(infoLogger.isWarningEnabled());
-		assertTrue(infoLogger.isErrorEnabled());
-		assertTrue(infoLogger.isFatalEnabled());
-
-		//warningLogger - all log levels should be enabled EXCEPT etc.
-		assertFalse(warningLogger.isTraceEnabled());
-		assertFalse(warningLogger.isDebugEnabled());
-		assertFalse(warningLogger.isInfoEnabled());
-		assertTrue(warningLogger.isWarningEnabled());
-		assertTrue(warningLogger.isErrorEnabled());
-		assertTrue(warningLogger.isFatalEnabled());
-
-		//errorLogger - all log levels should be enabled EXCEPT etc.
-		assertFalse(errorLogger.isTraceEnabled());
-		assertFalse(errorLogger.isDebugEnabled());
-		assertFalse(errorLogger.isInfoEnabled());
-		assertFalse(errorLogger.isWarningEnabled());
-		assertTrue(errorLogger.isErrorEnabled());
-		assertTrue(errorLogger.isFatalEnabled());
-
-		//fatalLogger - all log levels should be enabled EXCEPT etc.
-		assertFalse(fatalLogger.isTraceEnabled());
-		assertFalse(fatalLogger.isDebugEnabled());
-		assertFalse(fatalLogger.isInfoEnabled());
-		assertFalse(fatalLogger.isWarningEnabled());
-		assertFalse(fatalLogger.isErrorEnabled());
-		assertTrue(fatalLogger.isFatalEnabled());
-
-		//unspecifiedLogger - all log levels should be enabled EXCEPT trace and debug
-		assertFalse(unspecifiedLogger.isTraceEnabled());
-		assertFalse(unspecifiedLogger.isDebugEnabled());
-		assertTrue(unspecifiedLogger.isInfoEnabled());
-		assertTrue(unspecifiedLogger.isWarningEnabled());
-		assertTrue(unspecifiedLogger.isErrorEnabled());
-		assertTrue(unspecifiedLogger.isFatalEnabled());
-	}
-
-    /**
-	 * Test of info method, of class org.owasp.esapi.Logger.
-	 */
-    public void testInfo() {
-        System.out.println("info");
-        testLogger.info(Logger.SECURITY_SUCCESS, "test message" );
-        testLogger.info(Logger.SECURITY_SUCCESS, "test message", null );
-        testLogger.info(Logger.SECURITY_SUCCESS, "%3escript%3f test message", null );
-        testLogger.info(Logger.SECURITY_SUCCESS, "<script> test message", null );
-
-        log4JLogger.info("test message" );
-        log4JLogger.info("test message", null );
-        log4JLogger.info("%3escript%3f test message", null );
-        log4JLogger.info("<script> test message", null );
-
-        log4JLogger.info(Logger.SECURITY_SUCCESS, "test message" );
-        log4JLogger.info(Logger.SECURITY_SUCCESS, "test message", null );
-        log4JLogger.info(Logger.SECURITY_SUCCESS, "%3escript%3f test message", null );
-        log4JLogger.info(Logger.SECURITY_SUCCESS, "<script> test message", null );
-	}
-
-    /**
-	 * Test of trace method, of class org.owasp.esapi.Logger.
-	 */
-    public void testTrace() {
-        System.out.println("trace");
-        testLogger.trace(Logger.SECURITY_SUCCESS, "test message trace" );
-        testLogger.trace(Logger.SECURITY_SUCCESS, "test message trace", null );
-
-        log4JLogger.trace("test message trace" );
-        log4JLogger.trace("test message trace", null );
-	}
-
-    /**
-	 * Test of debug method, of class org.owasp.esapi.Logger.
-	 */
-    public void testDebug() {
-        System.out.println("debug");
-        testLogger.debug(Logger.SECURITY_SUCCESS, "test message debug" );
-        testLogger.debug(Logger.SECURITY_SUCCESS, "test message debug", null );
-
-	    log4JLogger.debug("test message debug" );
-		log4JLogger.debug("test message debug", null );
-	}
-
-    /**
-	 * Test of error method, of class org.owasp.esapi.Logger.
-	 */
-    public void testError() {
-        System.out.println("error");
-        testLogger.error(Logger.SECURITY_SUCCESS, "test message error" );
-        testLogger.error(Logger.SECURITY_SUCCESS, "test message error", null );
-
-	    log4JLogger.error("test message error" );
-		log4JLogger.error("test message error", null );
-	}
-
-    /**
-	 * Test of warning method, of class org.owasp.esapi.Logger.
-	 */
-    public void testWarning() {
-        System.out.println("warning");
-        testLogger.warning(Logger.SECURITY_SUCCESS, "test message warning" );
-        testLogger.warning(Logger.SECURITY_SUCCESS, "test message warning", null );
-
-	    log4JLogger.warn("test message warning" );
-		log4JLogger.warn("test message warning", null );
-    }
-
-    /**
-	 * Test of fatal method, of class org.owasp.esapi.Logger.
-	 */
-    public void testFatal() {
-        System.out.println("fatal");
-        testLogger.fatal(Logger.SECURITY_SUCCESS, "test message fatal" );
-        testLogger.fatal(Logger.SECURITY_SUCCESS, "test message fatal", null );
-
-	    log4JLogger.fatal("test message fatal" );
-		log4JLogger.fatal("test message fatal", null );    
-	}
-    
-    /**
-     * Test of always method, of class org.owasp.esapi.Logger.
-     */
-    public void testAlways() {
-        System.out.println("always");
-        testLogger.always(Logger.SECURITY_SUCCESS, "test message always 1 (SECURITY_SUCCESS)" );
-        testLogger.always(Logger.SECURITY_AUDIT, "test message always 2 (SECURITY_AUDIT)", null );
-
-	    log4JLogger.always("test message always 3" );
-		log4JLogger.always("test message always 4", null );
-
-        try {
-        	throw new RuntimeException("What? You call that a 'throw'??? You couldn't hit the " +
-        							   "broad side of a barn (assuming that barns wore bras).");
-        } catch(RuntimeException rtex) {
-            testLogger.always(Logger.SECURITY_AUDIT, "test message always 5", rtex );
-            log4JLogger.always("test message always 6", rtex);
-        }
-	}
-
-	/**
-	 * Validation for issue: https://code.google.com/p/owasp-esapi-java/issues/detail?id=268
-	 * Line number must be the line of the caller and not of the wrapper.
-	 */
-	public void testLine() {
-		final String message = "testing only";
-		StringWriter sw = new StringWriter();
-		Layout layout = new Layout() {
-			@Override
-			public String format(LoggingEvent event) {
-				assertEquals("the calling class is this test class", Log4JLoggerTest.class.getName(),event.getLocationInformation().getClassName());
-				return message;
-			}
-
-			@Override
-			public boolean ignoresThrowable() {
-				return false;
-			}
-
-			@Override
-			public void activateOptions() {
-
-			}
-		};
-		Appender appender = new WriterAppender(layout, sw);
-		log4JLogger.addAppender(appender);
-		try {
-			log4JLogger.fatal("testLine");
-			assertEquals("message not generated as expected", message, sw.toString());
-		} finally {
-			log4JLogger.removeAppender(appender);
-		}
-	}
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+import org.apache.log4j.Appender;
+import org.apache.log4j.Layout;
+import org.apache.log4j.WriterAppender;
+import org.apache.log4j.spi.LoggingEvent;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.errors.AuthenticationException;
+import org.owasp.esapi.errors.ValidationException;
+import org.owasp.esapi.http.MockHttpServletRequest;
+import org.owasp.esapi.http.MockHttpServletResponse;
+
+import java.io.IOException;
+import java.io.StringWriter;
+import java.util.Arrays;
+
+/**
+ * The Class LoggerTest.
+ * 
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ * @author August Detlefsen (augustd at codemagi dot com) <a href="http://www.codemagi.com">CodeMagi, Inc.</a>
+ */
+public class Log4JLoggerTest extends TestCase {
+	private static int testCount = 0;
+	
+	private static Logger testLogger = null;
+
+	//a logger for explicit tests of log4j logging methods
+	private static Log4JLogger log4JLogger = null;
+
+    /**
+	 * Instantiates a new logger test.
+	 * 
+	 * @param testName the test name
+	 */
+    public Log4JLoggerTest(String testName) {
+        super(testName);
+    }
+
+    /**
+     * {@inheritDoc}
+     * @throws Exception
+     */
+    protected void setUp() throws Exception {
+		//override default log configuration in ESAPI.properties to use Log4JLogFactory
+        UnitTestSecurityConfiguration tmpConfig = new UnitTestSecurityConfiguration((DefaultSecurityConfiguration) ESAPI.securityConfiguration());
+        tmpConfig.setLogImplementation( Log4JLogFactory.class.getName() );
+        ESAPI.override(tmpConfig);
+
+    	//This ensures a clean logger between tests
+    	testLogger = ESAPI.getLogger( "test ExampleExtendedLog4JLogFactory: " + testCount++ );
+    	System.out.println("Test ExampleExtendedLog4JLogFactory logger: " + testLogger);
+
+		//declare this one as Log4JLogger to be able to use Log4J logging methods
+		log4JLogger = (Log4JLogger)ESAPI.getLogger( "test Log4JLogFactory: " + testCount);
+		System.out.println("Test Log4JLogFactory logger: " + log4JLogger);
+
+    }
+
+    /**
+     * {@inheritDoc}
+     * @throws Exception
+     */
+    protected void tearDown() throws Exception {
+    	//this helps, with garbage collection
+    	testLogger = null;
+		log4JLogger = null;
+
+		ESAPI.override(null);
+	}
+
+    /**
+	 * Suite.
+	 * 
+	 * @return the test
+	 */
+    public static Test suite() {
+        TestSuite suite = new TestSuite(Log4JLoggerTest.class);    
+        return suite;
+    }
+    
+    /**
+     * Test of logHTTPRequest method, of class org.owasp.esapi.Logger.
+     * 
+     * @throws ValidationException
+     *             the validation exception
+     * @throws IOException
+     *             Signals that an I/O exception has occurred.
+     * @throws AuthenticationException
+     *             the authentication exception
+     */
+    public void testLogHTTPRequest() throws ValidationException, IOException, AuthenticationException {
+        System.out.println("logHTTPRequest");
+        String[] ignore = {"password","ssn","ccn"};
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        MockHttpServletResponse response = new MockHttpServletResponse();
+        ESAPI.httpUtilities().setCurrentHTTP(request, response);
+        Logger logger = ESAPI.getLogger("logger");
+        ESAPI.httpUtilities().logHTTPRequest( request, logger, Arrays.asList(ignore) );
+        request.addParameter("one","one");
+        request.addParameter("two","two1");
+        request.addParameter("two","two2");
+        request.addParameter("password","jwilliams");
+        ESAPI.httpUtilities().logHTTPRequest( request, logger, Arrays.asList(ignore) );
+    } 
+    
+    
+    /**
+     * Test of setLevel method of the inner class org.owasp.esapi.reference.JavaLogger that is defined in 
+     * org.owasp.esapi.reference.JavaLogFactory.
+     */
+    public void testSetLevel() {
+        System.out.println("setLevel");
+        
+        // The following tests that the default logging level is set to WARNING. Since the default might be changed
+        // in the ESAPI security configuration file, these are commented out.
+//       	assertTrue(testLogger.isWarningEnabled());
+//       	assertFalse(testLogger.isInfoEnabled());
+
+        // First, test all the different logging levels
+        testLogger.setLevel( Logger.ALL );
+    	assertTrue(testLogger.isFatalEnabled());
+       	assertTrue(testLogger.isErrorEnabled());
+       	assertTrue(testLogger.isWarningEnabled());
+       	assertTrue(testLogger.isInfoEnabled());
+       	assertTrue(testLogger.isDebugEnabled());
+       	assertTrue(testLogger.isTraceEnabled());
+
+       	testLogger.setLevel( Logger.TRACE );
+    	assertTrue(testLogger.isFatalEnabled());
+       	assertTrue(testLogger.isErrorEnabled());
+       	assertTrue(testLogger.isWarningEnabled());
+       	assertTrue(testLogger.isInfoEnabled());
+       	assertTrue(testLogger.isDebugEnabled());
+       	assertTrue(testLogger.isTraceEnabled());
+
+       	testLogger.setLevel( Logger.DEBUG );
+    	assertTrue(testLogger.isFatalEnabled());
+       	assertTrue(testLogger.isErrorEnabled());
+       	assertTrue(testLogger.isWarningEnabled());
+       	assertTrue(testLogger.isInfoEnabled());
+       	assertTrue(testLogger.isDebugEnabled());
+       	assertFalse(testLogger.isTraceEnabled());
+       	
+       	testLogger.setLevel( Logger.INFO );
+    	assertTrue(testLogger.isFatalEnabled());
+       	assertTrue(testLogger.isErrorEnabled());
+       	assertTrue(testLogger.isWarningEnabled());
+       	assertTrue(testLogger.isInfoEnabled());
+       	assertFalse(testLogger.isDebugEnabled());
+       	assertFalse(testLogger.isTraceEnabled());
+       	
+       	testLogger.setLevel( Logger.WARNING );
+    	assertTrue(testLogger.isFatalEnabled());
+       	assertTrue(testLogger.isErrorEnabled());
+       	assertTrue(testLogger.isWarningEnabled());
+       	assertFalse(testLogger.isInfoEnabled());
+       	assertFalse(testLogger.isDebugEnabled());
+       	assertFalse(testLogger.isTraceEnabled());
+       	
+       	testLogger.setLevel( Logger.ERROR );
+    	assertTrue(testLogger.isFatalEnabled());
+       	assertTrue(testLogger.isErrorEnabled());
+       	assertFalse(testLogger.isWarningEnabled());
+       	assertFalse(testLogger.isInfoEnabled());
+       	assertFalse(testLogger.isDebugEnabled());
+       	assertFalse(testLogger.isTraceEnabled());
+       	
+       	testLogger.setLevel( Logger.FATAL );
+    	assertTrue(testLogger.isFatalEnabled());
+       	assertFalse(testLogger.isErrorEnabled());
+       	assertFalse(testLogger.isWarningEnabled());
+       	assertFalse(testLogger.isInfoEnabled());
+       	assertFalse(testLogger.isDebugEnabled());
+       	assertFalse(testLogger.isTraceEnabled());
+       	
+       	testLogger.setLevel( Logger.OFF );
+    	assertFalse(testLogger.isFatalEnabled());
+       	assertFalse(testLogger.isErrorEnabled());
+       	assertFalse(testLogger.isWarningEnabled());
+       	assertFalse(testLogger.isInfoEnabled());
+       	assertFalse(testLogger.isDebugEnabled());
+       	assertFalse(testLogger.isTraceEnabled());
+       	
+       	//Now test to see if a change to the logging level in one log affects other logs
+       	Logger newLogger = ESAPI.getLogger( "test_num2" );
+       	testLogger.setLevel( Logger.OFF );
+       	newLogger.setLevel( Logger.INFO );
+    	assertFalse(testLogger.isFatalEnabled());
+       	assertFalse(testLogger.isErrorEnabled());
+       	assertFalse(testLogger.isWarningEnabled());
+       	assertFalse(testLogger.isInfoEnabled());
+       	assertFalse(testLogger.isDebugEnabled());
+       	assertFalse(testLogger.isTraceEnabled());
+       	
+       	assertTrue(newLogger.isFatalEnabled());
+       	assertTrue(newLogger.isErrorEnabled());
+       	assertTrue(newLogger.isWarningEnabled());
+       	assertTrue(newLogger.isInfoEnabled());
+       	assertFalse(newLogger.isDebugEnabled());
+       	assertFalse(newLogger.isTraceEnabled());
+    }
+
+	/**
+	 * test of loggers without setting explicit log levels
+	 * (log levels set from log4j.xml configuration)
+	 */
+	public void testLogLevels() {
+
+		Logger traceLogger			= ESAPI.getLogger("org.owasp.esapi.reference.TestTrace");
+		Logger debugLogger			= ESAPI.getLogger("org.owasp.esapi.reference.TestDebug");
+		Logger infoLogger			= ESAPI.getLogger("org.owasp.esapi.reference.TestInfo");
+		Logger errorLogger			= ESAPI.getLogger("org.owasp.esapi.reference.TestError");
+		Logger warningLogger		= ESAPI.getLogger("org.owasp.esapi.reference.TestWarning");
+		Logger fatalLogger			= ESAPI.getLogger("org.owasp.esapi.reference.TestFatal");
+		Logger unspecifiedLogger	= ESAPI.getLogger("org.owasp.esapi.reference");  //should use package-wide log level configuration (info)
+
+
+		//traceLogger - all log levels should be enabled
+		assertTrue(traceLogger.isTraceEnabled());
+		assertTrue(traceLogger.isDebugEnabled());
+		assertTrue(traceLogger.isInfoEnabled());
+		assertTrue(traceLogger.isWarningEnabled());
+		assertTrue(traceLogger.isErrorEnabled());
+		assertTrue(traceLogger.isFatalEnabled());
+
+		//debugLogger - all log levels should be enabled EXCEPT trace
+		assertFalse(debugLogger.isTraceEnabled());
+		assertTrue(debugLogger.isDebugEnabled());
+		assertTrue(debugLogger.isInfoEnabled());
+		assertTrue(debugLogger.isWarningEnabled());
+		assertTrue(debugLogger.isErrorEnabled());
+		assertTrue(debugLogger.isFatalEnabled());
+
+		//infoLogger - all log levels should be enabled EXCEPT trace and debug
+		assertFalse(infoLogger.isTraceEnabled());
+		assertFalse(infoLogger.isDebugEnabled());
+		assertTrue(infoLogger.isInfoEnabled());
+		assertTrue(infoLogger.isWarningEnabled());
+		assertTrue(infoLogger.isErrorEnabled());
+		assertTrue(infoLogger.isFatalEnabled());
+
+		//warningLogger - all log levels should be enabled EXCEPT etc.
+		assertFalse(warningLogger.isTraceEnabled());
+		assertFalse(warningLogger.isDebugEnabled());
+		assertFalse(warningLogger.isInfoEnabled());
+		assertTrue(warningLogger.isWarningEnabled());
+		assertTrue(warningLogger.isErrorEnabled());
+		assertTrue(warningLogger.isFatalEnabled());
+
+		//errorLogger - all log levels should be enabled EXCEPT etc.
+		assertFalse(errorLogger.isTraceEnabled());
+		assertFalse(errorLogger.isDebugEnabled());
+		assertFalse(errorLogger.isInfoEnabled());
+		assertFalse(errorLogger.isWarningEnabled());
+		assertTrue(errorLogger.isErrorEnabled());
+		assertTrue(errorLogger.isFatalEnabled());
+
+		//fatalLogger - all log levels should be enabled EXCEPT etc.
+		assertFalse(fatalLogger.isTraceEnabled());
+		assertFalse(fatalLogger.isDebugEnabled());
+		assertFalse(fatalLogger.isInfoEnabled());
+		assertFalse(fatalLogger.isWarningEnabled());
+		assertFalse(fatalLogger.isErrorEnabled());
+		assertTrue(fatalLogger.isFatalEnabled());
+
+		//unspecifiedLogger - all log levels should be enabled EXCEPT trace and debug
+		assertFalse(unspecifiedLogger.isTraceEnabled());
+		assertFalse(unspecifiedLogger.isDebugEnabled());
+		assertTrue(unspecifiedLogger.isInfoEnabled());
+		assertTrue(unspecifiedLogger.isWarningEnabled());
+		assertTrue(unspecifiedLogger.isErrorEnabled());
+		assertTrue(unspecifiedLogger.isFatalEnabled());
+	}
+
+	/**
+	 * test of loggers without setting explicit log levels
+	 * (log levels set from log4j.xml configuration)
+	 */
+	public void testLogLevelsWithClass() {
+
+		Logger traceLogger			= ESAPI.getLogger(TestTrace.class);
+		Logger debugLogger			= ESAPI.getLogger(TestDebug.class);
+		Logger infoLogger			= ESAPI.getLogger(TestInfo.class);
+		Logger errorLogger			= ESAPI.getLogger(TestError.class);
+		Logger warningLogger		= ESAPI.getLogger(TestWarning.class);
+		Logger fatalLogger			= ESAPI.getLogger(TestFatal.class);
+		Logger unspecifiedLogger	= ESAPI.getLogger(TestUnspecified.class);  //should use package-wide log level configuration (info)
+
+		//traceLogger - all log levels should be enabled
+		assertTrue(traceLogger.isTraceEnabled());
+		assertTrue(traceLogger.isDebugEnabled());
+		assertTrue(traceLogger.isInfoEnabled());
+		assertTrue(traceLogger.isWarningEnabled());
+		assertTrue(traceLogger.isErrorEnabled());
+		assertTrue(traceLogger.isFatalEnabled());
+
+		//debugLogger - all log levels should be enabled EXCEPT trace
+		assertFalse(debugLogger.isTraceEnabled());
+		assertTrue(debugLogger.isDebugEnabled());
+		assertTrue(debugLogger.isInfoEnabled());
+		assertTrue(debugLogger.isWarningEnabled());
+		assertTrue(debugLogger.isErrorEnabled());
+		assertTrue(debugLogger.isFatalEnabled());
+
+		//infoLogger - all log levels should be enabled EXCEPT trace and debug
+		assertFalse(infoLogger.isTraceEnabled());
+		assertFalse(infoLogger.isDebugEnabled());
+		assertTrue(infoLogger.isInfoEnabled());
+		assertTrue(infoLogger.isWarningEnabled());
+		assertTrue(infoLogger.isErrorEnabled());
+		assertTrue(infoLogger.isFatalEnabled());
+
+		//warningLogger - all log levels should be enabled EXCEPT etc.
+		assertFalse(warningLogger.isTraceEnabled());
+		assertFalse(warningLogger.isDebugEnabled());
+		assertFalse(warningLogger.isInfoEnabled());
+		assertTrue(warningLogger.isWarningEnabled());
+		assertTrue(warningLogger.isErrorEnabled());
+		assertTrue(warningLogger.isFatalEnabled());
+
+		//errorLogger - all log levels should be enabled EXCEPT etc.
+		assertFalse(errorLogger.isTraceEnabled());
+		assertFalse(errorLogger.isDebugEnabled());
+		assertFalse(errorLogger.isInfoEnabled());
+		assertFalse(errorLogger.isWarningEnabled());
+		assertTrue(errorLogger.isErrorEnabled());
+		assertTrue(errorLogger.isFatalEnabled());
+
+		//fatalLogger - all log levels should be enabled EXCEPT etc.
+		assertFalse(fatalLogger.isTraceEnabled());
+		assertFalse(fatalLogger.isDebugEnabled());
+		assertFalse(fatalLogger.isInfoEnabled());
+		assertFalse(fatalLogger.isWarningEnabled());
+		assertFalse(fatalLogger.isErrorEnabled());
+		assertTrue(fatalLogger.isFatalEnabled());
+
+		//unspecifiedLogger - all log levels should be enabled EXCEPT trace and debug
+		assertFalse(unspecifiedLogger.isTraceEnabled());
+		assertFalse(unspecifiedLogger.isDebugEnabled());
+		assertTrue(unspecifiedLogger.isInfoEnabled());
+		assertTrue(unspecifiedLogger.isWarningEnabled());
+		assertTrue(unspecifiedLogger.isErrorEnabled());
+		assertTrue(unspecifiedLogger.isFatalEnabled());
+	}
+
+    /**
+	 * Test of info method, of class org.owasp.esapi.Logger.
+	 */
+    public void testInfo() {
+        System.out.println("info");
+        testLogger.info(Logger.SECURITY_SUCCESS, "test message" );
+        testLogger.info(Logger.SECURITY_SUCCESS, "test message", null );
+        testLogger.info(Logger.SECURITY_SUCCESS, "%3escript%3f test message", null );
+        testLogger.info(Logger.SECURITY_SUCCESS, "<script> test message", null );
+
+        log4JLogger.info("test message" );
+        log4JLogger.info("test message", null );
+        log4JLogger.info("%3escript%3f test message", null );
+        log4JLogger.info("<script> test message", null );
+
+        log4JLogger.info(Logger.SECURITY_SUCCESS, "test message" );
+        log4JLogger.info(Logger.SECURITY_SUCCESS, "test message", null );
+        log4JLogger.info(Logger.SECURITY_SUCCESS, "%3escript%3f test message", null );
+        log4JLogger.info(Logger.SECURITY_SUCCESS, "<script> test message", null );
+	}
+
+    /**
+	 * Test of trace method, of class org.owasp.esapi.Logger.
+	 */
+    public void testTrace() {
+        System.out.println("trace");
+        testLogger.trace(Logger.SECURITY_SUCCESS, "test message trace" );
+        testLogger.trace(Logger.SECURITY_SUCCESS, "test message trace", null );
+
+        log4JLogger.trace("test message trace" );
+        log4JLogger.trace("test message trace", null );
+	}
+
+    /**
+	 * Test of debug method, of class org.owasp.esapi.Logger.
+	 */
+    public void testDebug() {
+        System.out.println("debug");
+        testLogger.debug(Logger.SECURITY_SUCCESS, "test message debug" );
+        testLogger.debug(Logger.SECURITY_SUCCESS, "test message debug", null );
+
+	    log4JLogger.debug("test message debug" );
+		log4JLogger.debug("test message debug", null );
+	}
+
+    /**
+	 * Test of error method, of class org.owasp.esapi.Logger.
+	 */
+    public void testError() {
+        System.out.println("error");
+        testLogger.error(Logger.SECURITY_SUCCESS, "test message error" );
+        testLogger.error(Logger.SECURITY_SUCCESS, "test message error", null );
+
+	    log4JLogger.error("test message error" );
+		log4JLogger.error("test message error", null );
+	}
+
+    /**
+	 * Test of warning method, of class org.owasp.esapi.Logger.
+	 */
+    public void testWarning() {
+        System.out.println("warning");
+        testLogger.warning(Logger.SECURITY_SUCCESS, "test message warning" );
+        testLogger.warning(Logger.SECURITY_SUCCESS, "test message warning", null );
+
+	    log4JLogger.warn("test message warning" );
+		log4JLogger.warn("test message warning", null );
+    }
+
+    /**
+	 * Test of fatal method, of class org.owasp.esapi.Logger.
+	 */
+    public void testFatal() {
+        System.out.println("fatal");
+        testLogger.fatal(Logger.SECURITY_SUCCESS, "test message fatal" );
+        testLogger.fatal(Logger.SECURITY_SUCCESS, "test message fatal", null );
+
+	    log4JLogger.fatal("test message fatal" );
+		log4JLogger.fatal("test message fatal", null );    
+	}
+    
+    /**
+     * Test of always method, of class org.owasp.esapi.Logger.
+     */
+    public void testAlways() {
+        System.out.println("always");
+        testLogger.always(Logger.SECURITY_SUCCESS, "test message always 1 (SECURITY_SUCCESS)" );
+        testLogger.always(Logger.SECURITY_AUDIT, "test message always 2 (SECURITY_AUDIT)", null );
+
+	    log4JLogger.always("test message always 3" );
+		log4JLogger.always("test message always 4", null );
+
+        try {
+        	throw new RuntimeException("What? You call that a 'throw'??? You couldn't hit the " +
+        							   "broad side of a barn (assuming that barns wore bras).");
+        } catch(RuntimeException rtex) {
+            testLogger.always(Logger.SECURITY_AUDIT, "test message always 5", rtex );
+            log4JLogger.always("test message always 6", rtex);
+        }
+	}
+
+	/**
+	 * Validation for issue: https://code.google.com/p/owasp-esapi-java/issues/detail?id=268
+	 * Line number must be the line of the caller and not of the wrapper.
+	 */
+	public void testLine() {
+		final String message = "testing only";
+		StringWriter sw = new StringWriter();
+		Layout layout = new Layout() {
+			@Override
+			public String format(LoggingEvent event) {
+				assertEquals("the calling class is this test class", Log4JLoggerTest.class.getName(),event.getLocationInformation().getClassName());
+				return message;
+			}
+
+			@Override
+			public boolean ignoresThrowable() {
+				return false;
+			}
+
+			@Override
+			public void activateOptions() {
+
+			}
+		};
+		Appender appender = new WriterAppender(layout, sw);
+		log4JLogger.addAppender(appender);
+		try {
+			log4JLogger.fatal("testLine");
+			assertEquals("message not generated as expected", message, sw.toString());
+		} finally {
+			log4JLogger.removeAppender(appender);
+		}
+	}
+}

From 04b0a206eaa3ca3a6e6f7655ee697cf39dc53c06 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:51 -0500
Subject: [PATCH 244/812] Change CRLF to LF for issue 356.

---
 .../owasp/esapi/reference/RandomizerTest.java | 354 +++++++++---------
 1 file changed, 177 insertions(+), 177 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/reference/RandomizerTest.java b/src/test/java/org/owasp/esapi/reference/RandomizerTest.java
index 605dfb3e8..32ce1cb0e 100644
--- a/src/test/java/org/owasp/esapi/reference/RandomizerTest.java
+++ b/src/test/java/org/owasp/esapi/reference/RandomizerTest.java
@@ -1,177 +1,177 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference;
-
-import java.io.FileWriter;
-import java.io.IOException;
-import java.util.ArrayList;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.EncoderConstants;
-import org.owasp.esapi.Randomizer;
-import org.owasp.esapi.codecs.Codec;
-import org.owasp.esapi.errors.EncryptionException;
-
-/**
- * The Class RandomizerTest.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class RandomizerTest extends TestCase {
-    
-    /**
-	 * Instantiates a new randomizer test.
-	 * 
-	 * @param testName
-	 *            the test name
-	 */
-    public RandomizerTest(String testName) {
-        super(testName);
-    }
-
-    /**
-     * {@inheritDoc}
-     * @throws Exception
-     */
-    protected void setUp() throws Exception {
-    	// none
-    }
-
-    /**
-     * {@inheritDoc}
-     * @throws Exception
-     */
-    protected void tearDown() throws Exception {
-    	// none
-    }
-
-    /**
-	 * Suite.
-	 * 
-	 * @return the test
-	 */
-    public static Test suite() {
-        TestSuite suite = new TestSuite(RandomizerTest.class);        
-        return suite;
-    }
-
-    /**
-	 * Test of getRandomString method, of class org.owasp.esapi.Randomizer.
-	 */
-    public void testGetRandomString() {
-        System.out.println("getRandomString");
-        int length = 20;
-        int trials = 1000;
-        Randomizer instance = ESAPI.randomizer();
-        int[] counts = new int[128];
-        for ( int i = 0; i < 1000; i++ ) {
-            String result = instance.getRandomString(length, EncoderConstants.CHAR_ALPHANUMERICS );
-            for ( int j=0;j<result.length();j++ ) {
-            	char c = result.charAt(j);
-            	counts[c]++;
-            }
-            assertEquals(length, result.length());
-        }
-        
-        // Simple check to see if the overall character counts are within 10% of each other
-        int min=Integer.MAX_VALUE;
-        int max=0;
-        for ( int i = 0; i < 128; i++ ) {
-        	if ( counts[i] > max ) { max = counts[i]; } 
-        	if ( counts[i] > 0 && counts[i] < min ) { min = counts[i]; }
-        	if ( max - min > trials/10 ) {
-        		fail( "getRandomString randomness counts are off" );
-        	}
-        }
-    }
-
-    /**
-	 * Test of getRandomInteger method, of class org.owasp.esapi.Randomizer.
-	 */
-    public void testGetRandomInteger() {
-        System.out.println("getRandomInteger");        
-        int min = -20;
-        int max = 100;
-        Randomizer instance = ESAPI.randomizer();        
-        int minResult = ( max - min ) / 2;
-        int maxResult = ( max - min ) / 2;
-        for ( int i = 0; i < 100; i++ ) {
-            int result = instance.getRandomInteger(min, max);
-            if ( result < minResult ) minResult = result;
-            if ( result > maxResult ) maxResult = result;
-        }
-        assertEquals(true, (minResult >= min && maxResult < max) );
-    }
-
-    /**
-	 * Test of getRandomReal method, of class org.owasp.esapi.Randomizer.
-	 */
-    public void testGetRandomReal() {
-        System.out.println("getRandomReal");
-        float min = -20.5234F;
-        float max = 100.12124F;
-        Randomizer instance = ESAPI.randomizer();
-        float minResult = ( max - min ) / 2;
-        float maxResult = ( max - min ) / 2;
-        for ( int i = 0; i < 100; i++ ) {
-            float result = instance.getRandomReal(min, max);
-            if ( result < minResult ) minResult = result;
-            if ( result > maxResult ) maxResult = result;
-        }
-        assertEquals(true, (minResult >= min && maxResult < max));
-    }
-    
-    
-    /**
-     * Test of getRandomGUID method, of class org.owasp.esapi.Randomizer.
-     * @throws EncryptionException
-     */
-    public void testGetRandomGUID() throws EncryptionException {
-        System.out.println("getRandomGUID");
-        Randomizer instance = ESAPI.randomizer();
-        ArrayList list = new ArrayList();
-        for ( int i = 0; i < 100; i++ ) {
-            String guid = instance.getRandomGUID();
-            if ( list.contains( guid ) ) fail();
-            list.add( guid );
-        }
-    }
-
-    
-    /**
-     * Run this class to generate a file named "tokens.txt" with 20,000 random 20 character ALPHANUMERIC tokens.
-     * Use Burp Pro sequencer to load this file and run a series of randomness tests.
-     * 
-     * NOTE: be careful not to include any CRLF characters (10 or 13 ASCII) because they'll create new tokens
-     * Check to be sure your analysis tool loads exactly 20,000 tokens of 20 characters each.
-     */
-    
-	public static void main(String[] args) throws IOException {
-		FileWriter fw = new FileWriter("tokens.txt");
-		for (int i = 0; i < 20000; i++) {
-			String token = ESAPI.randomizer().getRandomString(20, EncoderConstants.CHAR_ALPHANUMERICS);
-			fw.write(token + "\n");
-		}
-		fw.close();
-	}
-
-
-     
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference;
+
+import java.io.FileWriter;
+import java.io.IOException;
+import java.util.ArrayList;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.EncoderConstants;
+import org.owasp.esapi.Randomizer;
+import org.owasp.esapi.codecs.Codec;
+import org.owasp.esapi.errors.EncryptionException;
+
+/**
+ * The Class RandomizerTest.
+ * 
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class RandomizerTest extends TestCase {
+    
+    /**
+	 * Instantiates a new randomizer test.
+	 * 
+	 * @param testName
+	 *            the test name
+	 */
+    public RandomizerTest(String testName) {
+        super(testName);
+    }
+
+    /**
+     * {@inheritDoc}
+     * @throws Exception
+     */
+    protected void setUp() throws Exception {
+    	// none
+    }
+
+    /**
+     * {@inheritDoc}
+     * @throws Exception
+     */
+    protected void tearDown() throws Exception {
+    	// none
+    }
+
+    /**
+	 * Suite.
+	 * 
+	 * @return the test
+	 */
+    public static Test suite() {
+        TestSuite suite = new TestSuite(RandomizerTest.class);        
+        return suite;
+    }
+
+    /**
+	 * Test of getRandomString method, of class org.owasp.esapi.Randomizer.
+	 */
+    public void testGetRandomString() {
+        System.out.println("getRandomString");
+        int length = 20;
+        int trials = 1000;
+        Randomizer instance = ESAPI.randomizer();
+        int[] counts = new int[128];
+        for ( int i = 0; i < 1000; i++ ) {
+            String result = instance.getRandomString(length, EncoderConstants.CHAR_ALPHANUMERICS );
+            for ( int j=0;j<result.length();j++ ) {
+            	char c = result.charAt(j);
+            	counts[c]++;
+            }
+            assertEquals(length, result.length());
+        }
+        
+        // Simple check to see if the overall character counts are within 10% of each other
+        int min=Integer.MAX_VALUE;
+        int max=0;
+        for ( int i = 0; i < 128; i++ ) {
+        	if ( counts[i] > max ) { max = counts[i]; } 
+        	if ( counts[i] > 0 && counts[i] < min ) { min = counts[i]; }
+        	if ( max - min > trials/10 ) {
+        		fail( "getRandomString randomness counts are off" );
+        	}
+        }
+    }
+
+    /**
+	 * Test of getRandomInteger method, of class org.owasp.esapi.Randomizer.
+	 */
+    public void testGetRandomInteger() {
+        System.out.println("getRandomInteger");        
+        int min = -20;
+        int max = 100;
+        Randomizer instance = ESAPI.randomizer();        
+        int minResult = ( max - min ) / 2;
+        int maxResult = ( max - min ) / 2;
+        for ( int i = 0; i < 100; i++ ) {
+            int result = instance.getRandomInteger(min, max);
+            if ( result < minResult ) minResult = result;
+            if ( result > maxResult ) maxResult = result;
+        }
+        assertEquals(true, (minResult >= min && maxResult < max) );
+    }
+
+    /**
+	 * Test of getRandomReal method, of class org.owasp.esapi.Randomizer.
+	 */
+    public void testGetRandomReal() {
+        System.out.println("getRandomReal");
+        float min = -20.5234F;
+        float max = 100.12124F;
+        Randomizer instance = ESAPI.randomizer();
+        float minResult = ( max - min ) / 2;
+        float maxResult = ( max - min ) / 2;
+        for ( int i = 0; i < 100; i++ ) {
+            float result = instance.getRandomReal(min, max);
+            if ( result < minResult ) minResult = result;
+            if ( result > maxResult ) maxResult = result;
+        }
+        assertEquals(true, (minResult >= min && maxResult < max));
+    }
+    
+    
+    /**
+     * Test of getRandomGUID method, of class org.owasp.esapi.Randomizer.
+     * @throws EncryptionException
+     */
+    public void testGetRandomGUID() throws EncryptionException {
+        System.out.println("getRandomGUID");
+        Randomizer instance = ESAPI.randomizer();
+        ArrayList list = new ArrayList();
+        for ( int i = 0; i < 100; i++ ) {
+            String guid = instance.getRandomGUID();
+            if ( list.contains( guid ) ) fail();
+            list.add( guid );
+        }
+    }
+
+    
+    /**
+     * Run this class to generate a file named "tokens.txt" with 20,000 random 20 character ALPHANUMERIC tokens.
+     * Use Burp Pro sequencer to load this file and run a series of randomness tests.
+     * 
+     * NOTE: be careful not to include any CRLF characters (10 or 13 ASCII) because they'll create new tokens
+     * Check to be sure your analysis tool loads exactly 20,000 tokens of 20 characters each.
+     */
+    
+	public static void main(String[] args) throws IOException {
+		FileWriter fw = new FileWriter("tokens.txt");
+		for (int i = 0; i < 20000; i++) {
+			String token = ESAPI.randomizer().getRandomString(20, EncoderConstants.CHAR_ALPHANUMERICS);
+			fw.write(token + "\n");
+		}
+		fw.close();
+	}
+
+
+     
+}

From 0d989613f47fc1806f73c5c2dcfd15e616eb67ec Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:51 -0500
Subject: [PATCH 245/812] Change CRLF to LF for issue 356.

---
 .../owasp/esapi/reference/SafeFileTest.java   | 558 +++++++++---------
 1 file changed, 279 insertions(+), 279 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/reference/SafeFileTest.java b/src/test/java/org/owasp/esapi/reference/SafeFileTest.java
index ef24f4495..a946bdc7c 100644
--- a/src/test/java/org/owasp/esapi/reference/SafeFileTest.java
+++ b/src/test/java/org/owasp/esapi/reference/SafeFileTest.java
@@ -1,279 +1,279 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference;
-
-import java.io.File;
-import java.net.URI;
-import java.net.URLDecoder;
-import java.util.Iterator;
-import java.util.Set;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-
-import org.owasp.esapi.SafeFile;
-import org.owasp.esapi.errors.ValidationException;
-import org.owasp.esapi.util.FileTestUtils;
-import org.owasp.esapi.util.CollectionsUtil;
-
-/**
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class SafeFileTest extends TestCase
-{
-	private static final Class CLASS = SafeFileTest.class;
-	private static final String CLASS_NAME = CLASS.getName();
-	/** Name of the file in the temporary directory */
-	private static final String TEST_FILE_NAME = "test.file";
-	private static final Set GOOD_FILE_CHARS = CollectionsUtil.strToUnmodifiableSet("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-" /* + "." */);
-	private static final Set BAD_FILE_CHARS = CollectionsUtil.strToUnmodifiableSet("\u0000" + /*(File.separatorChar == '/' ? '\\' : '/') +*/ "*|<>?:" /*+ "~!@#$%^&(){}[],`;"*/);
-
-	private File testDir = null;
-	private File testFile = null;
-
-	String pathWithNullByte = "/temp/file.txt" + (char)0;
-
-	/**
-	 * {@inheritDoc}
-	 */
-	protected void setUp() throws Exception
-	{
-		// create a file to test with
-		testDir = FileTestUtils.createTmpDirectory(CLASS_NAME).getCanonicalFile();
-		testFile = new File(testDir, TEST_FILE_NAME);
-		testFile.createNewFile();
-		testFile = testFile.getCanonicalFile();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	protected void tearDown() throws Exception
-	{
-		FileTestUtils.deleteRecursively(testDir);
-	}
-
-	public static Test suite() {
-		TestSuite suite = new TestSuite(SafeFileTest.class);
-		return suite;
-	}
-
-	public void testEscapeCharactersInFilename() {
-		System.out.println("testEscapeCharactersInFilenameInjection");
-		File tf = testFile;
-		if ( tf.exists() ) {
-			System.out.println( "File is there: " + tf );
-		}
-
-		File sf = new File(testDir, "test^.file" );
-		if ( sf.exists() ) {
-			System.out.println( "  Injection allowed "+ sf.getAbsolutePath() );
-		} else {
-			System.out.println( "  Injection didn't work "+ sf.getAbsolutePath() );
-		}
-	}
-
-	public void testEscapeCharacterInDirectoryInjection() {
-		System.out.println("testEscapeCharacterInDirectoryInjection");
-		File sf = new File(testDir, "test\\^.^.\\file");
-		if ( sf.exists() ) {
-			System.out.println( "  Injection allowed "+ sf.getAbsolutePath() );
-		} else {
-			System.out.println( "  Injection didn't work "+ sf.getAbsolutePath() );
-		}
-	}
-
-	public void testJavaFileInjectionGood() throws ValidationException
-	{
-		for(Iterator i=GOOD_FILE_CHARS.iterator();i.hasNext();)
-		{
-			String ch = i.next().toString();	// avoids generic issues in 1.4&1.5
-			File sf = new SafeFile(testDir, TEST_FILE_NAME + ch);
-			assertFalse("File \"" + TEST_FILE_NAME + ch + "\" should not exist ((int)ch=" + (int)ch.charAt(0) + ").", sf.exists());
-			sf = new SafeFile(testDir, TEST_FILE_NAME + ch + "test");
-			assertFalse("File \"" + TEST_FILE_NAME + ch + "\" should not exist ((int)ch=" + (int)ch.charAt(0) + ").", sf.exists());
-		}		
-	}
-
-	public void testJavaFileInjectionBad()
-	{
-		for(Iterator i=BAD_FILE_CHARS.iterator();i.hasNext();)
-		{
-			String ch = i.next().toString();	// avoids generic issues in 1.4&1.5
-			try
-			{
-				File sf = new SafeFile(testDir, TEST_FILE_NAME + ch);
-				fail("Able to create SafeFile \"" + TEST_FILE_NAME + ch + "\" ((int)ch=" + (int)ch.charAt(0) + ").");
-			}
-			catch(ValidationException expected)
-			{
-			}
-			try
-			{
-				File sf = new SafeFile(testDir, TEST_FILE_NAME + ch  + "test");
-				fail("Able to create SafeFile \"" + TEST_FILE_NAME + ch + "\" ((int)ch=" + (int)ch.charAt(0) + ").");
-			}
-			catch(ValidationException expected)
-			{
-			}
-		}		
-	}
-
-	public void testMultipleJavaFileInjectionGood() throws ValidationException
-	{
-		for(Iterator i=GOOD_FILE_CHARS.iterator();i.hasNext();)
-		{
-			String ch = i.next().toString();	// avoids generic issues in 1.4&1.5
-			ch = ch + ch + ch;
-			File sf = new SafeFile(testDir, TEST_FILE_NAME + ch);
-			assertFalse("File \"" + TEST_FILE_NAME + ch + "\" should not exist ((int)ch=" + (int)ch.charAt(0) + ").", sf.exists());
-			sf = new SafeFile(testDir, TEST_FILE_NAME + ch + "test");
-			assertFalse("File \"" + TEST_FILE_NAME + ch + "\" should not exist ((int)ch=" + (int)ch.charAt(0) + ").", sf.exists());
-		}		
-	}
-
-	public void testMultipleJavaFileInjectionBad()
-	{
-		for(Iterator i=BAD_FILE_CHARS.iterator();i.hasNext();)
-		{
-			String ch = i.next().toString();	// avoids generic issues in 1.4&1.5
-			ch = ch + ch + ch;
-			try
-			{
-				File sf = new SafeFile(testDir, TEST_FILE_NAME + ch);
-				fail("Able to create SafeFile \"" + TEST_FILE_NAME + ch + "\" ((int)ch=" + (int)ch.charAt(0) + ").");
-			}
-			catch(ValidationException expected)
-			{
-			}
-			try
-			{
-				File sf = new SafeFile(testDir, TEST_FILE_NAME + ch  + "test");
-				fail("Able to create SafeFile \"" + TEST_FILE_NAME + ch + "\" ((int)ch=" + (int)ch.charAt(0) + ").");
-			}
-			catch(ValidationException expected)
-			{
-			}
-		}		
-	}
-
-	public void testAlternateDataStream() {
-		try
-		{
-			File sf = new SafeFile(testDir, TEST_FILE_NAME + ":secret.txt");
-			fail("Able to construct SafeFile for alternate data stream: " + sf.getPath());
-		}
-		catch(ValidationException expected)
-		{
-		}
-	}
-
-	static public String toHex(final byte b) {
-		final char hexDigit[] = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
-		final char[] array = { hexDigit[(b >> 4) & 0x0f], hexDigit[b & 0x0f] };
-		return new String(array);
-	}	
-
-	public void testCreatePath() throws Exception
-	{
-		SafeFile sf = new SafeFile(testFile.getPath());
-		assertTrue(sf.exists());
-	}
-
-	public void testCreateParentPathName() throws Exception
-	{
-		SafeFile sf = new SafeFile(testDir, testFile.getName());
-		assertTrue(sf.exists());
-	}
-
-	public void testCreateParentFileName() throws Exception
-	{
-		SafeFile sf = new SafeFile(testFile.getParentFile(), testFile.getName());
-		assertTrue(sf.exists());
-	}
-
-	public void testCreateURI() throws Exception
-	{
-		SafeFile sf = new SafeFile(testFile.toURI());
-		assertTrue(sf.exists());
-	}
-
-	public void testCreateFileNamePercentNull()
-	{
-		try
-		{
-			SafeFile sf = new SafeFile(testDir + File.separator + "file%00.txt");
-			fail("no exception thrown for file name with percent encoded null");
-		}
-		catch(ValidationException expected)
-		{
-		}
-	}
-
-	public void testCreateFileNameQuestion()
-	{
-		try
-		{
-			SafeFile sf = new SafeFile(testFile.getParent() + File.separator + "file?.txt");
-			fail("no exception thrown for file name with question mark in it");
-		}
-		catch(ValidationException e)
-		{
-			// expected
-		}
-	}
-
-	public void testCreateFileNameNull()
-	{
-		try
-		{
-			SafeFile sf = new SafeFile(testFile.getParent() + File.separator + "file" + ((char)0) + ".txt");
-			fail("no exception thrown for file name with null in it");
-		}
-		catch(ValidationException e)
-		{
-			// expected
-		}
-	}
-
-	public void testCreateFileHighByte()
-	{
-		try
-		{
-			SafeFile sf = new SafeFile(testFile.getParent() + File.separator + "file" + ((char)160) + ".txt");
-			fail("no exception thrown for file name with high byte in it");
-		}
-		catch(ValidationException e)
-		{
-			// expected
-		}
-	}
-
-	public void testCreateParentPercentNull()
-	{
-		try
-		{
-			SafeFile sf = new SafeFile(testFile.getParent() + File.separator + "file%00.txt");
-			fail("no exception thrown for file name with percent encoded null");
-		}
-		catch(ValidationException e)
-		{
-			// expected
-		}
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference;
+
+import java.io.File;
+import java.net.URI;
+import java.net.URLDecoder;
+import java.util.Iterator;
+import java.util.Set;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+import org.owasp.esapi.SafeFile;
+import org.owasp.esapi.errors.ValidationException;
+import org.owasp.esapi.util.FileTestUtils;
+import org.owasp.esapi.util.CollectionsUtil;
+
+/**
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class SafeFileTest extends TestCase
+{
+	private static final Class CLASS = SafeFileTest.class;
+	private static final String CLASS_NAME = CLASS.getName();
+	/** Name of the file in the temporary directory */
+	private static final String TEST_FILE_NAME = "test.file";
+	private static final Set GOOD_FILE_CHARS = CollectionsUtil.strToUnmodifiableSet("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-" /* + "." */);
+	private static final Set BAD_FILE_CHARS = CollectionsUtil.strToUnmodifiableSet("\u0000" + /*(File.separatorChar == '/' ? '\\' : '/') +*/ "*|<>?:" /*+ "~!@#$%^&(){}[],`;"*/);
+
+	private File testDir = null;
+	private File testFile = null;
+
+	String pathWithNullByte = "/temp/file.txt" + (char)0;
+
+	/**
+	 * {@inheritDoc}
+	 */
+	protected void setUp() throws Exception
+	{
+		// create a file to test with
+		testDir = FileTestUtils.createTmpDirectory(CLASS_NAME).getCanonicalFile();
+		testFile = new File(testDir, TEST_FILE_NAME);
+		testFile.createNewFile();
+		testFile = testFile.getCanonicalFile();
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	protected void tearDown() throws Exception
+	{
+		FileTestUtils.deleteRecursively(testDir);
+	}
+
+	public static Test suite() {
+		TestSuite suite = new TestSuite(SafeFileTest.class);
+		return suite;
+	}
+
+	public void testEscapeCharactersInFilename() {
+		System.out.println("testEscapeCharactersInFilenameInjection");
+		File tf = testFile;
+		if ( tf.exists() ) {
+			System.out.println( "File is there: " + tf );
+		}
+
+		File sf = new File(testDir, "test^.file" );
+		if ( sf.exists() ) {
+			System.out.println( "  Injection allowed "+ sf.getAbsolutePath() );
+		} else {
+			System.out.println( "  Injection didn't work "+ sf.getAbsolutePath() );
+		}
+	}
+
+	public void testEscapeCharacterInDirectoryInjection() {
+		System.out.println("testEscapeCharacterInDirectoryInjection");
+		File sf = new File(testDir, "test\\^.^.\\file");
+		if ( sf.exists() ) {
+			System.out.println( "  Injection allowed "+ sf.getAbsolutePath() );
+		} else {
+			System.out.println( "  Injection didn't work "+ sf.getAbsolutePath() );
+		}
+	}
+
+	public void testJavaFileInjectionGood() throws ValidationException
+	{
+		for(Iterator i=GOOD_FILE_CHARS.iterator();i.hasNext();)
+		{
+			String ch = i.next().toString();	// avoids generic issues in 1.4&1.5
+			File sf = new SafeFile(testDir, TEST_FILE_NAME + ch);
+			assertFalse("File \"" + TEST_FILE_NAME + ch + "\" should not exist ((int)ch=" + (int)ch.charAt(0) + ").", sf.exists());
+			sf = new SafeFile(testDir, TEST_FILE_NAME + ch + "test");
+			assertFalse("File \"" + TEST_FILE_NAME + ch + "\" should not exist ((int)ch=" + (int)ch.charAt(0) + ").", sf.exists());
+		}		
+	}
+
+	public void testJavaFileInjectionBad()
+	{
+		for(Iterator i=BAD_FILE_CHARS.iterator();i.hasNext();)
+		{
+			String ch = i.next().toString();	// avoids generic issues in 1.4&1.5
+			try
+			{
+				File sf = new SafeFile(testDir, TEST_FILE_NAME + ch);
+				fail("Able to create SafeFile \"" + TEST_FILE_NAME + ch + "\" ((int)ch=" + (int)ch.charAt(0) + ").");
+			}
+			catch(ValidationException expected)
+			{
+			}
+			try
+			{
+				File sf = new SafeFile(testDir, TEST_FILE_NAME + ch  + "test");
+				fail("Able to create SafeFile \"" + TEST_FILE_NAME + ch + "\" ((int)ch=" + (int)ch.charAt(0) + ").");
+			}
+			catch(ValidationException expected)
+			{
+			}
+		}		
+	}
+
+	public void testMultipleJavaFileInjectionGood() throws ValidationException
+	{
+		for(Iterator i=GOOD_FILE_CHARS.iterator();i.hasNext();)
+		{
+			String ch = i.next().toString();	// avoids generic issues in 1.4&1.5
+			ch = ch + ch + ch;
+			File sf = new SafeFile(testDir, TEST_FILE_NAME + ch);
+			assertFalse("File \"" + TEST_FILE_NAME + ch + "\" should not exist ((int)ch=" + (int)ch.charAt(0) + ").", sf.exists());
+			sf = new SafeFile(testDir, TEST_FILE_NAME + ch + "test");
+			assertFalse("File \"" + TEST_FILE_NAME + ch + "\" should not exist ((int)ch=" + (int)ch.charAt(0) + ").", sf.exists());
+		}		
+	}
+
+	public void testMultipleJavaFileInjectionBad()
+	{
+		for(Iterator i=BAD_FILE_CHARS.iterator();i.hasNext();)
+		{
+			String ch = i.next().toString();	// avoids generic issues in 1.4&1.5
+			ch = ch + ch + ch;
+			try
+			{
+				File sf = new SafeFile(testDir, TEST_FILE_NAME + ch);
+				fail("Able to create SafeFile \"" + TEST_FILE_NAME + ch + "\" ((int)ch=" + (int)ch.charAt(0) + ").");
+			}
+			catch(ValidationException expected)
+			{
+			}
+			try
+			{
+				File sf = new SafeFile(testDir, TEST_FILE_NAME + ch  + "test");
+				fail("Able to create SafeFile \"" + TEST_FILE_NAME + ch + "\" ((int)ch=" + (int)ch.charAt(0) + ").");
+			}
+			catch(ValidationException expected)
+			{
+			}
+		}		
+	}
+
+	public void testAlternateDataStream() {
+		try
+		{
+			File sf = new SafeFile(testDir, TEST_FILE_NAME + ":secret.txt");
+			fail("Able to construct SafeFile for alternate data stream: " + sf.getPath());
+		}
+		catch(ValidationException expected)
+		{
+		}
+	}
+
+	static public String toHex(final byte b) {
+		final char hexDigit[] = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
+		final char[] array = { hexDigit[(b >> 4) & 0x0f], hexDigit[b & 0x0f] };
+		return new String(array);
+	}	
+
+	public void testCreatePath() throws Exception
+	{
+		SafeFile sf = new SafeFile(testFile.getPath());
+		assertTrue(sf.exists());
+	}
+
+	public void testCreateParentPathName() throws Exception
+	{
+		SafeFile sf = new SafeFile(testDir, testFile.getName());
+		assertTrue(sf.exists());
+	}
+
+	public void testCreateParentFileName() throws Exception
+	{
+		SafeFile sf = new SafeFile(testFile.getParentFile(), testFile.getName());
+		assertTrue(sf.exists());
+	}
+
+	public void testCreateURI() throws Exception
+	{
+		SafeFile sf = new SafeFile(testFile.toURI());
+		assertTrue(sf.exists());
+	}
+
+	public void testCreateFileNamePercentNull()
+	{
+		try
+		{
+			SafeFile sf = new SafeFile(testDir + File.separator + "file%00.txt");
+			fail("no exception thrown for file name with percent encoded null");
+		}
+		catch(ValidationException expected)
+		{
+		}
+	}
+
+	public void testCreateFileNameQuestion()
+	{
+		try
+		{
+			SafeFile sf = new SafeFile(testFile.getParent() + File.separator + "file?.txt");
+			fail("no exception thrown for file name with question mark in it");
+		}
+		catch(ValidationException e)
+		{
+			// expected
+		}
+	}
+
+	public void testCreateFileNameNull()
+	{
+		try
+		{
+			SafeFile sf = new SafeFile(testFile.getParent() + File.separator + "file" + ((char)0) + ".txt");
+			fail("no exception thrown for file name with null in it");
+		}
+		catch(ValidationException e)
+		{
+			// expected
+		}
+	}
+
+	public void testCreateFileHighByte()
+	{
+		try
+		{
+			SafeFile sf = new SafeFile(testFile.getParent() + File.separator + "file" + ((char)160) + ".txt");
+			fail("no exception thrown for file name with high byte in it");
+		}
+		catch(ValidationException e)
+		{
+			// expected
+		}
+	}
+
+	public void testCreateParentPercentNull()
+	{
+		try
+		{
+			SafeFile sf = new SafeFile(testFile.getParent() + File.separator + "file%00.txt");
+			fail("no exception thrown for file name with percent encoded null");
+		}
+		catch(ValidationException e)
+		{
+			// expected
+		}
+	}
+
+}

From 9f9dce6dca6c00be92f943ef135c5c89f523f59c Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:51 -0500
Subject: [PATCH 246/812] Change CRLF to LF for issue 356.

---
 .../UnitTestSecurityConfiguration.java        | 174 +++++++++---------
 1 file changed, 87 insertions(+), 87 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/reference/UnitTestSecurityConfiguration.java b/src/test/java/org/owasp/esapi/reference/UnitTestSecurityConfiguration.java
index 82b842785..2bdaec755 100644
--- a/src/test/java/org/owasp/esapi/reference/UnitTestSecurityConfiguration.java
+++ b/src/test/java/org/owasp/esapi/reference/UnitTestSecurityConfiguration.java
@@ -1,87 +1,87 @@
-package org.owasp.esapi.reference;
-
-import java.util.Properties;
-
-public class UnitTestSecurityConfiguration extends DefaultSecurityConfiguration {
-    public UnitTestSecurityConfiguration(DefaultSecurityConfiguration cfg) {
-        super(cfg.getESAPIProperties());
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public void setApplicationName(String v) {
-    	getESAPIProperties().setProperty(APPLICATION_NAME, v);
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public void setLogImplementation(String v) {
-    	getESAPIProperties().setProperty(LOG_IMPLEMENTATION, v);
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public void setAuthenticationImplementation(String v) {
-    	getESAPIProperties().setProperty(AUTHENTICATION_IMPLEMENTATION, v);
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public void setEncoderImplementation(String v) {
-    	getESAPIProperties().setProperty(ENCODER_IMPLEMENTATION, v);
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public void setAccessControlImplementation(String v) {
-    	getESAPIProperties().setProperty(ACCESS_CONTROL_IMPLEMENTATION, v);
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public void setEncryptionImplementation(String v) {
-    	getESAPIProperties().setProperty(ENCRYPTION_IMPLEMENTATION, v);
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public void setIntrusionDetectionImplementation(String v) {
-    	getESAPIProperties().setProperty(INTRUSION_DETECTION_IMPLEMENTATION, v);
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public void setRandomizerImplementation(String v) {
-    	getESAPIProperties().setProperty(RANDOMIZER_IMPLEMENTATION, v);
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public void setExecutorImplementation(String v) {
-    	getESAPIProperties().setProperty(EXECUTOR_IMPLEMENTATION, v);
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public void setHTTPUtilitiesImplementation(String v) {
-    	getESAPIProperties().setProperty(HTTP_UTILITIES_IMPLEMENTATION, v);
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public void setValidationImplementation(String v) {
-    	getESAPIProperties().setProperty(VALIDATOR_IMPLEMENTATION, v);
-    }
-
-}
+package org.owasp.esapi.reference;
+
+import java.util.Properties;
+
+public class UnitTestSecurityConfiguration extends DefaultSecurityConfiguration {
+    public UnitTestSecurityConfiguration(DefaultSecurityConfiguration cfg) {
+        super(cfg.getESAPIProperties());
+    }
+
+    /**
+	 * {@inheritDoc}
+	 */
+    public void setApplicationName(String v) {
+    	getESAPIProperties().setProperty(APPLICATION_NAME, v);
+    }
+
+    /**
+	 * {@inheritDoc}
+	 */
+    public void setLogImplementation(String v) {
+    	getESAPIProperties().setProperty(LOG_IMPLEMENTATION, v);
+    }
+
+    /**
+	 * {@inheritDoc}
+	 */
+    public void setAuthenticationImplementation(String v) {
+    	getESAPIProperties().setProperty(AUTHENTICATION_IMPLEMENTATION, v);
+    }
+
+    /**
+	 * {@inheritDoc}
+	 */
+    public void setEncoderImplementation(String v) {
+    	getESAPIProperties().setProperty(ENCODER_IMPLEMENTATION, v);
+    }
+
+    /**
+	 * {@inheritDoc}
+	 */
+    public void setAccessControlImplementation(String v) {
+    	getESAPIProperties().setProperty(ACCESS_CONTROL_IMPLEMENTATION, v);
+    }
+
+    /**
+	 * {@inheritDoc}
+	 */
+    public void setEncryptionImplementation(String v) {
+    	getESAPIProperties().setProperty(ENCRYPTION_IMPLEMENTATION, v);
+    }
+
+    /**
+	 * {@inheritDoc}
+	 */
+    public void setIntrusionDetectionImplementation(String v) {
+    	getESAPIProperties().setProperty(INTRUSION_DETECTION_IMPLEMENTATION, v);
+    }
+
+    /**
+	 * {@inheritDoc}
+	 */
+    public void setRandomizerImplementation(String v) {
+    	getESAPIProperties().setProperty(RANDOMIZER_IMPLEMENTATION, v);
+    }
+
+    /**
+	 * {@inheritDoc}
+	 */
+    public void setExecutorImplementation(String v) {
+    	getESAPIProperties().setProperty(EXECUTOR_IMPLEMENTATION, v);
+    }
+
+    /**
+	 * {@inheritDoc}
+	 */
+    public void setHTTPUtilitiesImplementation(String v) {
+    	getESAPIProperties().setProperty(HTTP_UTILITIES_IMPLEMENTATION, v);
+    }
+
+    /**
+	 * {@inheritDoc}
+	 */
+    public void setValidationImplementation(String v) {
+    	getESAPIProperties().setProperty(VALIDATOR_IMPLEMENTATION, v);
+    }
+
+}

From 06ab524bbebaed4125bb28ec629cbf07577bb6b9 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:51 -0500
Subject: [PATCH 247/812] Change CRLF to LF for issue 356.

---
 .../org/owasp/esapi/reference/UserTest.java   | 1478 ++++++++---------
 1 file changed, 739 insertions(+), 739 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/reference/UserTest.java b/src/test/java/org/owasp/esapi/reference/UserTest.java
index 630976e7b..27e5b617c 100644
--- a/src/test/java/org/owasp/esapi/reference/UserTest.java
+++ b/src/test/java/org/owasp/esapi/reference/UserTest.java
@@ -1,739 +1,739 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference;
-
-import java.util.Date;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.Set;
-
-import javax.servlet.http.HttpSession;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-
-import org.owasp.esapi.Authenticator;
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.EncoderConstants;
-import org.owasp.esapi.User;
-import org.owasp.esapi.errors.AuthenticationException;
-import org.owasp.esapi.errors.EncryptionException;
-import org.owasp.esapi.http.MockHttpServletRequest;
-import org.owasp.esapi.http.MockHttpServletResponse;
-import org.owasp.esapi.http.MockHttpSession;
-
-/**
- * The Class UserTest.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class UserTest extends TestCase {
-
-	/**
-	 * Suite.
-	 * 
-	 * @return the test
-	 */
-	public static Test suite() {
-		TestSuite suite = new TestSuite(UserTest.class);
-		return suite;
-	}
-	
-	/**
-	 * Instantiates a new user test.
-	 * 
-	 * @param testName
-	 *            the test name
-	 */
-	public UserTest(String testName) {
-		super(testName);
-	}
-
-	/**
-	 * Creates the test user.
-	 * 
-	 * @param password
-	 *            the password
-	 * 
-	 * @return the user
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 */
-	private DefaultUser createTestUser(String password) throws AuthenticationException {
-		String username = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-		Exception e = new Exception();
-		System.out.println("Creating user " + username + " for " + e.getStackTrace()[1].getMethodName());
-		DefaultUser user = (DefaultUser) ESAPI.authenticator().createUser(username, password, password);
-		return user;
-	}
-
-	/**
-     * {@inheritDoc}
-     *
-     * @throws Exception
-     */
-	protected void setUp() throws Exception {
-		// none
-	}
-
-	/**
-     * {@inheritDoc}
-     *
-     * @throws Exception
-     */
-	protected void tearDown() throws Exception {
-		// none
-	}
-
-	/**
-	 * Test of testAddRole method, of class org.owasp.esapi.User.
-	 * 
-	 * @exception Exception
-	 * 				any Exception thrown by testing addRole()
-	 */
-	public void testAddRole() throws Exception {
-		System.out.println("addRole");
-		Authenticator instance = ESAPI.authenticator();
-		String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-		String password = ESAPI.authenticator().generateStrongPassword();
-		String role = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_LOWERS);
-		User user = instance.createUser(accountName, password, password);
-		user.addRole(role);
-		assertTrue(user.isInRole(role));
-		assertFalse(user.isInRole("ridiculous"));
-	}
-
-	/**
-	 * Test of addRoles method, of class org.owasp.esapi.User.
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 */
-	public void testAddRoles() throws AuthenticationException {
-		System.out.println("addRoles");
-		Authenticator instance = ESAPI.authenticator();
-		String oldPassword = instance.generateStrongPassword();
-		DefaultUser user = createTestUser(oldPassword);
-		Set set = new HashSet();
-		set.add("rolea");
-		set.add("roleb");
-		user.addRoles(set);
-		assertTrue(user.isInRole("rolea"));
-		assertTrue(user.isInRole("roleb"));
-		assertFalse(user.isInRole("ridiculous"));
-	}
-
-	/**
-	 * Test of changePassword method, of class org.owasp.esapi.User.
-	 * 
-	 * @throws Exception
-	 *             the exception
-	 */
-	public void testChangePassword() throws Exception {
-		System.out.println("changePassword");
-		Authenticator instance = ESAPI.authenticator();
-		String oldPassword = "Password12!@";
-		DefaultUser user = createTestUser(oldPassword);
-		System.out.println("Hash of " + oldPassword + " = " + ((FileBasedAuthenticator)instance).getHashedPassword(user));
-		String password1 = "SomethingElse34#$";
-		user.changePassword(oldPassword, password1, password1);
-		System.out.println("Hash of " + password1 + " = " + ((FileBasedAuthenticator)instance).getHashedPassword(user));
-		assertTrue(user.verifyPassword(password1));
-		String password2 = "YetAnother56%^";
-		user.changePassword(password1, password2, password2);
-		System.out.println("Hash of " + password2 + " = " + ((FileBasedAuthenticator)instance).getHashedPassword(user));
-		try {
-			user.changePassword(password2, password1, password1);
-			fail("Shouldn't be able to reuse a password");
-		} catch( AuthenticationException e ) {
-			// expected
-		}
-		assertTrue(user.verifyPassword(password2));
-		assertFalse(user.verifyPassword("badpass"));
-	}
-
-	/**
-	 * Test of disable method, of class org.owasp.esapi.User.
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 */
-	public void testDisable() throws AuthenticationException {
-		System.out.println("disable");
-		Authenticator instance = ESAPI.authenticator();
-		String oldPassword = instance.generateStrongPassword();
-		DefaultUser user = createTestUser(oldPassword);
-		user.enable();
-		assertTrue(user.isEnabled());
-		user.disable();
-		assertFalse(user.isEnabled());
-	}
-
-	/**
-	 * Test of enable method, of class org.owasp.esapi.User.
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 */
-	public void testEnable() throws AuthenticationException {
-		System.out.println("enable");
-		Authenticator instance = ESAPI.authenticator();
-		String oldPassword = instance.generateStrongPassword();
-		DefaultUser user = createTestUser(oldPassword);
-		user.enable();
-		assertTrue(user.isEnabled());
-		user.disable();
-		assertFalse(user.isEnabled());
-	}
-
-	/**
-	 * Test of failedLoginCount lockout, of class org.owasp.esapi.User.
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 * @throws EncryptionException
-	 *             any EncryptionExceptions thrown by testing failedLoginLockout()
-	 */
-	public void testFailedLoginLockout() throws AuthenticationException, EncryptionException {
-		System.out.println("failedLoginLockout");
-		DefaultUser user = createTestUser("failedLoginLockout");
-		user.enable();
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		MockHttpServletResponse response = new MockHttpServletResponse();
-		ESAPI.httpUtilities().setCurrentHTTP(request, response);
-        
-		user.loginWithPassword("failedLoginLockout");
-		
-		try {
-    		user.loginWithPassword("ridiculous");
-		} catch( AuthenticationException e ) { 
-    		// expected
-    	}
- 		System.out.println("FAILED: " + user.getFailedLoginCount());
-		assertFalse(user.isLocked());
-
-		try {
-    		user.loginWithPassword("ridiculous");
-		} catch( AuthenticationException e ) { 
-    		// expected
-    	}
-		System.out.println("FAILED: " + user.getFailedLoginCount());
-		assertFalse(user.isLocked());
-
-		try {
-    		user.loginWithPassword("ridiculous");
-		} catch( AuthenticationException e ) { 
-    		// expected
-    	}
-		System.out.println("FAILED: " + user.getFailedLoginCount());
-		assertTrue(user.isLocked());
-	}
-
-	/**
-	 * Test of getAccountName method, of class org.owasp.esapi.User.
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 */
-	public void testGetAccountName() throws AuthenticationException {
-		System.out.println("getAccountName");
-		DefaultUser user = createTestUser("getAccountName");
-		String accountName = ESAPI.randomizer().getRandomString(7, EncoderConstants.CHAR_ALPHANUMERICS);
-		user.setAccountName(accountName);
-		assertEquals(accountName.toLowerCase(), user.getAccountName());
-		assertFalse("ridiculous".equals(user.getAccountName()));
-	}
-
-	/**
-	 * Test get last failed login time.
-	 * 
-	 * @throws Exception
-	 *             the exception
-	 */
-	public void testGetLastFailedLoginTime() throws Exception {
-		System.out.println("getLastLoginTime");
-		Authenticator instance = ESAPI.authenticator();
-		String oldPassword = instance.generateStrongPassword();
-		DefaultUser user = createTestUser(oldPassword);
-		try {
-    		user.loginWithPassword("ridiculous");
-		} catch( AuthenticationException e ) { 
-    		// expected
-    	}
-		Date llt1 = user.getLastFailedLoginTime();
-		Thread.sleep(100); // need a short delay to separate attempts
-		try {
-    		user.loginWithPassword("ridiculous");
-		} catch( AuthenticationException e ) { 
-    		// expected
-    	}
-		Date llt2 = user.getLastFailedLoginTime();
-		assertTrue(llt1.before(llt2));
-	}
-
-	/**
-	 * Test get last login time.
-	 * 
-	 * @throws Exception
-	 *             the exception
-	 */
-	public void testGetLastLoginTime() throws Exception {
-		System.out.println("getLastLoginTime");
-		Authenticator instance = ESAPI.authenticator();
-		String oldPassword = instance.generateStrongPassword();
-		DefaultUser user = createTestUser(oldPassword);
-		user.verifyPassword(oldPassword);
-		Date llt1 = user.getLastLoginTime();
-		Thread.sleep(10); // need a short delay to separate attempts
-		user.verifyPassword(oldPassword);
-		Date llt2 = user.getLastLoginTime();
-		assertTrue(llt1.before(llt2));
-	}
-
-	/**
-	 * Test getLastPasswordChangeTime method, of class org.owasp.esapi.User.
-	 * 
-	 * @throws Exception
-	 *             the exception
-	 */
-	public void testGetLastPasswordChangeTime() throws Exception {
-		System.out.println("getLastPasswordChangeTime");
-		DefaultUser user = createTestUser("getLastPasswordChangeTime");
-		Date t1 = user.getLastPasswordChangeTime();
-		Thread.sleep(10); // need a short delay to separate attempts
-		String newPassword = ESAPI.authenticator().generateStrongPassword(user, "getLastPasswordChangeTime");
-		user.changePassword("getLastPasswordChangeTime", newPassword, newPassword);
-		Date t2 = user.getLastPasswordChangeTime();
-		assertTrue(t2.after(t1));
-	}
-
-	/**
-	 * Test of getRoles method, of class org.owasp.esapi.User.
-     *
-     * @throws Exception
-     */
-	public void testGetRoles() throws Exception {
-		System.out.println("getRoles");
-		Authenticator instance = ESAPI.authenticator();
-		String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-		String password = ESAPI.authenticator().generateStrongPassword();
-		String role = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_LOWERS);
-		User user = instance.createUser(accountName, password, password);
-		user.addRole(role);
-		Set roles = user.getRoles();
-		assertTrue(roles.size() > 0);
-	}
-
-	/**
-	 * Test of getScreenName method, of class org.owasp.esapi.User.
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 */
-	public void testGetScreenName() throws AuthenticationException {
-		System.out.println("getScreenName");
-		DefaultUser user = createTestUser("getScreenName");
-		String screenName = ESAPI.randomizer().getRandomString(7, EncoderConstants.CHAR_ALPHANUMERICS);
-		user.setScreenName(screenName);
-		assertEquals(screenName, user.getScreenName());
-		assertFalse("ridiculous".equals(user.getScreenName()));
-	}
-
-    /**
-     *
-     * @throws org.owasp.esapi.errors.AuthenticationException
-     */
-    public void testGetSessions() throws AuthenticationException {
-        System.out.println("getSessions");
-        Authenticator instance = ESAPI.authenticator();
-        String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-        String password = ESAPI.authenticator().generateStrongPassword();
-        User user = instance.createUser(accountName, password, password);
-        HttpSession session1 = new MockHttpSession();
-        user.addSession( session1 );
-        HttpSession session2 = new MockHttpSession();
-        user.addSession( session2 );
-        HttpSession session3 = new MockHttpSession();
-        user.addSession( session3 );
-        Set sessions = user.getSessions();
-        Iterator i = sessions.iterator();
-        while ( i.hasNext() ) {
-            HttpSession s = (HttpSession)i.next();
-            System.out.println( ">>>" + s.getId() );
-        }
-        assertTrue(sessions.size() == 3);
-	}
-	
-	
-    /**
-     *
-     */
-    public void testAddSession() {
-	    // TODO
-	}
-	
-    /**
-     *
-     */
-    public void testRemoveSession() {
-	    // TODO
-	}
-	
-	/**
-	 * Test of incrementFailedLoginCount method, of class org.owasp.esapi.User.
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 */
-	public void testIncrementFailedLoginCount() throws AuthenticationException {
-		System.out.println("incrementFailedLoginCount");
-		DefaultUser user = createTestUser("incrementFailedLoginCount");
-		user.enable();
-		assertEquals(0, user.getFailedLoginCount());
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		MockHttpServletResponse response = new MockHttpServletResponse();
-		ESAPI.httpUtilities().setCurrentHTTP(request, response);
-		try {
-			user.loginWithPassword("ridiculous");
-		} catch (AuthenticationException e) {
-			// expected
-		}
-		assertEquals(1, user.getFailedLoginCount());
-		try {
-			user.loginWithPassword("ridiculous");
-		} catch (AuthenticationException e) {
-			// expected
-		}
-		assertEquals(2, user.getFailedLoginCount());
-		try {
-			user.loginWithPassword("ridiculous");
-		} catch (AuthenticationException e) {
-			// expected
-		}
-		assertEquals(3, user.getFailedLoginCount());
-		try {
-			user.loginWithPassword("ridiculous");
-		} catch (AuthenticationException e) {
-			// expected
-		}
-		assertTrue(user.isLocked());
-	}
-
-	/**
-	 * Test of isEnabled method, of class org.owasp.esapi.User.
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 */
-	public void testIsEnabled() throws AuthenticationException {
-		System.out.println("isEnabled");
-		DefaultUser user = createTestUser("isEnabled");
-		user.disable();
-		assertFalse(user.isEnabled());
-		user.enable();
-		assertTrue(user.isEnabled());
-	}
-
-    
-    
-	/**
-	 * Test of isInRole method, of class org.owasp.esapi.User.
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 */
-	public void testIsInRole() throws AuthenticationException {
-		System.out.println("isInRole");
-		DefaultUser user = createTestUser("isInRole");
-		String role = "TestRole";
-		assertFalse(user.isInRole(role));
-		user.addRole(role);
-		assertTrue(user.isInRole(role));
-		assertFalse(user.isInRole("Ridiculous"));
-	}
-
-	/**
-	 * Test of isLocked method, of class org.owasp.esapi.User.
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 */
-	public void testIsLocked() throws AuthenticationException {
-		System.out.println("isLocked");
-		DefaultUser user = createTestUser("isLocked");
-		user.lock();
-		assertTrue(user.isLocked());
-		user.unlock();
-		assertFalse(user.isLocked());
-	}
-
-	/**
-	 * Test of isSessionAbsoluteTimeout method, of class
-	 * org.owasp.esapi.IntrusionDetector.
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 */
-	public void testIsSessionAbsoluteTimeout() throws AuthenticationException {
-		System.out.println("isSessionAbsoluteTimeout");
-		Authenticator instance = ESAPI.authenticator();
-		String oldPassword = instance.generateStrongPassword();
-		DefaultUser user = createTestUser(oldPassword);
-		long now = System.currentTimeMillis();
-		// setup request and response
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		MockHttpServletResponse response = new MockHttpServletResponse();
-		ESAPI.httpUtilities().setCurrentHTTP(request, response);
-		MockHttpSession session = (MockHttpSession)request.getSession();
-				
-		// set session creation -3 hours (default is 2 hour timeout)		
-		session.setCreationTime( now - (1000 * 60 * 60 * 3) );
-		assertTrue(user.isSessionAbsoluteTimeout());
-		
-		// set session creation -1 hour (default is 2 hour timeout)
-		session.setCreationTime( now - (1000 * 60 * 60 * 1) );
-		assertFalse(user.isSessionAbsoluteTimeout());
-	}
-
-	/**
-	 * Test of isSessionTimeout method, of class
-	 * org.owasp.esapi.IntrusionDetector.
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 */
-	public void testIsSessionTimeout() throws AuthenticationException {
-		System.out.println("isSessionTimeout");
-		Authenticator instance = ESAPI.authenticator();
-		String oldPassword = instance.generateStrongPassword();
-		DefaultUser user = createTestUser(oldPassword);
-		long now = System.currentTimeMillis();
-		// setup request and response
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		MockHttpServletResponse response = new MockHttpServletResponse();
-		ESAPI.httpUtilities().setCurrentHTTP(request, response);
-		MockHttpSession session = (MockHttpSession)request.getSession();
-		
-		// set creation -30 mins (default is 20 min timeout)
-		session.setAccessedTime( now - 1000 * 60 * 30 );
-		assertTrue(user.isSessionTimeout());
-		
-		// set creation -1 hour (default is 20 min timeout)
-		session.setAccessedTime( now - 1000 * 60 * 10 );
-		assertFalse(user.isSessionTimeout());
-	}
-
-	/**
-	 * Test of lockAccount method, of class org.owasp.esapi.User.
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 */
-	public void testLock() throws AuthenticationException {
-		System.out.println("lock");
-		Authenticator instance = ESAPI.authenticator();
-		String oldPassword = instance.generateStrongPassword();
-		DefaultUser user = createTestUser(oldPassword);
-		user.lock();
-		assertTrue(user.isLocked());
-		user.unlock();
-		assertFalse(user.isLocked());
-	}
-
-	/**
-	 * Test of loginWithPassword method, of class org.owasp.esapi.User.
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 */
-	public void testLoginWithPassword() throws AuthenticationException {
-		System.out.println("loginWithPassword");
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		MockHttpSession session = (MockHttpSession) request.getSession();
-		assertFalse(session.getInvalidated());
-		DefaultUser user = createTestUser("loginWithPassword");
-		user.enable();
-		user.loginWithPassword("loginWithPassword");
-		assertTrue(user.isLoggedIn());
-		user.logout();
-		assertFalse(user.isLoggedIn());
-		assertFalse(user.isLocked());
-		try {
-			user.loginWithPassword("ridiculous");
-		} catch (AuthenticationException e) {
-			// expected
-		}
-		assertFalse(user.isLoggedIn());
-		try {
-			user.loginWithPassword("ridiculous");
-		} catch (AuthenticationException e) {
-			// expected
-		}
-		try {
-			user.loginWithPassword("ridiculous");
-		} catch (AuthenticationException e) {
-			// expected
-		}
-		assertTrue(user.isLocked());
-		user.unlock();
-		assertTrue(user.getFailedLoginCount() == 0 );
-	}
-
-
-	/**
-	 * Test of logout method, of class org.owasp.esapi.User.
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 */
-	public void testLogout() throws AuthenticationException {
-		System.out.println("logout");
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		MockHttpServletResponse response = new MockHttpServletResponse();
-		MockHttpSession session = (MockHttpSession) request.getSession();
-		assertFalse(session.getInvalidated());
-		Authenticator instance = ESAPI.authenticator();
-		ESAPI.httpUtilities().setCurrentHTTP(request, response);
-		String oldPassword = instance.generateStrongPassword();
-		DefaultUser user = createTestUser(oldPassword);
-		user.enable();
-		System.out.println(user.getLastLoginTime());
-		user.loginWithPassword(oldPassword);
-		assertTrue(user.isLoggedIn());
-		// get new session after user logs in
-		session = (MockHttpSession) request.getSession();
-		assertFalse(session.getInvalidated());
-		user.logout();
-		assertFalse(user.isLoggedIn());
-		assertTrue(session.getInvalidated());
-	}
-
-	/**
-	 * Test of testRemoveRole method, of class org.owasp.esapi.User.
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 */
-	public void testRemoveRole() throws AuthenticationException {
-		System.out.println("removeRole");
-		String role = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_LOWERS);
-		DefaultUser user = createTestUser("removeRole");
-		user.addRole(role);
-		assertTrue(user.isInRole(role));
-		user.removeRole(role);
-		assertFalse(user.isInRole(role));
-	}
-
-	/**
-	 * Test of testResetCSRFToken method, of class org.owasp.esapi.User.
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 */
-	public void testResetCSRFToken() throws AuthenticationException {
-		System.out.println("resetCSRFToken");
-		DefaultUser user = createTestUser("resetCSRFToken");
-        String token1 = user.resetCSRFToken();
-        String token2 = user.resetCSRFToken();
-        assertFalse( token1.equals( token2 ) );
-	}
-	
-	/**
-	 * Test of setAccountName method, of class org.owasp.esapi.User.
-     *
-     * @throws AuthenticationException
-     */
-	public void testSetAccountName() throws AuthenticationException {
-		System.out.println("setAccountName");
-		DefaultUser user = createTestUser("setAccountName");
-		String accountName = ESAPI.randomizer().getRandomString(7, EncoderConstants.CHAR_ALPHANUMERICS);
-		user.setAccountName(accountName);
-		assertEquals(accountName.toLowerCase(), user.getAccountName());
-		assertFalse("ridiculous".equals(user.getAccountName()));
-	}
-
-	/**
-	 * Test of setExpirationTime method, of class org.owasp.esapi.User.
-     *
-     * @throws Exception
-     */
-	public void testSetExpirationTime() throws Exception {
-		Date longAgo = new Date(0);
-		Date now = new Date();
-		assertTrue("new Date(0) returned " + longAgo + " which is considered before new Date() " + now + ". Please report this output to the email list or as a issue", longAgo.before(now));
-		String password=ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-		DefaultUser user = createTestUser(password);
-		user.setExpirationTime(longAgo);
-		assertTrue( user.isExpired() );
-	}
-
-	
-	/**
-	 * Test of setRoles method, of class org.owasp.esapi.User.
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 */
-	public void testSetRoles() throws AuthenticationException {
-		System.out.println("setRoles");
-		DefaultUser user = createTestUser("setRoles");
-		user.addRole("user");
-		assertTrue(user.isInRole("user"));
-		Set set = new HashSet();
-		set.add("rolea");
-		set.add("roleb");
-		user.setRoles(set);
-		assertFalse(user.isInRole("user"));
-		assertTrue(user.isInRole("rolea"));
-		assertTrue(user.isInRole("roleb"));
-		assertFalse(user.isInRole("ridiculous"));
-	}
-
-	/**
-	 * Test of setScreenName method, of class org.owasp.esapi.User.
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 */
-	public void testSetScreenName() throws AuthenticationException {
-		System.out.println("setScreenName");
-		DefaultUser user = createTestUser("setScreenName");
-		String screenName = ESAPI.randomizer().getRandomString(7, EncoderConstants.CHAR_ALPHANUMERICS);
-		user.setScreenName(screenName);
-		assertEquals(screenName, user.getScreenName());
-		assertFalse("ridiculous".equals(user.getScreenName()));
-	}
-
-	/**
-	 * Test of unlockAccount method, of class org.owasp.esapi.User.
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 */
-	public void testUnlock() throws AuthenticationException {
-		System.out.println("unlockAccount");
-		Authenticator instance = ESAPI.authenticator();
-		String oldPassword = instance.generateStrongPassword();
-		DefaultUser user = createTestUser(oldPassword);
-		user.lock();
-		assertTrue(user.isLocked());
-		user.unlock();
-		assertFalse(user.isLocked());
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.reference;
+
+import java.util.Date;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+import javax.servlet.http.HttpSession;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+import org.owasp.esapi.Authenticator;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.EncoderConstants;
+import org.owasp.esapi.User;
+import org.owasp.esapi.errors.AuthenticationException;
+import org.owasp.esapi.errors.EncryptionException;
+import org.owasp.esapi.http.MockHttpServletRequest;
+import org.owasp.esapi.http.MockHttpServletResponse;
+import org.owasp.esapi.http.MockHttpSession;
+
+/**
+ * The Class UserTest.
+ * 
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class UserTest extends TestCase {
+
+	/**
+	 * Suite.
+	 * 
+	 * @return the test
+	 */
+	public static Test suite() {
+		TestSuite suite = new TestSuite(UserTest.class);
+		return suite;
+	}
+	
+	/**
+	 * Instantiates a new user test.
+	 * 
+	 * @param testName
+	 *            the test name
+	 */
+	public UserTest(String testName) {
+		super(testName);
+	}
+
+	/**
+	 * Creates the test user.
+	 * 
+	 * @param password
+	 *            the password
+	 * 
+	 * @return the user
+	 * 
+	 * @throws AuthenticationException
+	 *             the authentication exception
+	 */
+	private DefaultUser createTestUser(String password) throws AuthenticationException {
+		String username = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+		Exception e = new Exception();
+		System.out.println("Creating user " + username + " for " + e.getStackTrace()[1].getMethodName());
+		DefaultUser user = (DefaultUser) ESAPI.authenticator().createUser(username, password, password);
+		return user;
+	}
+
+	/**
+     * {@inheritDoc}
+     *
+     * @throws Exception
+     */
+	protected void setUp() throws Exception {
+		// none
+	}
+
+	/**
+     * {@inheritDoc}
+     *
+     * @throws Exception
+     */
+	protected void tearDown() throws Exception {
+		// none
+	}
+
+	/**
+	 * Test of testAddRole method, of class org.owasp.esapi.User.
+	 * 
+	 * @exception Exception
+	 * 				any Exception thrown by testing addRole()
+	 */
+	public void testAddRole() throws Exception {
+		System.out.println("addRole");
+		Authenticator instance = ESAPI.authenticator();
+		String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+		String password = ESAPI.authenticator().generateStrongPassword();
+		String role = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_LOWERS);
+		User user = instance.createUser(accountName, password, password);
+		user.addRole(role);
+		assertTrue(user.isInRole(role));
+		assertFalse(user.isInRole("ridiculous"));
+	}
+
+	/**
+	 * Test of addRoles method, of class org.owasp.esapi.User.
+	 * 
+	 * @throws AuthenticationException
+	 *             the authentication exception
+	 */
+	public void testAddRoles() throws AuthenticationException {
+		System.out.println("addRoles");
+		Authenticator instance = ESAPI.authenticator();
+		String oldPassword = instance.generateStrongPassword();
+		DefaultUser user = createTestUser(oldPassword);
+		Set set = new HashSet();
+		set.add("rolea");
+		set.add("roleb");
+		user.addRoles(set);
+		assertTrue(user.isInRole("rolea"));
+		assertTrue(user.isInRole("roleb"));
+		assertFalse(user.isInRole("ridiculous"));
+	}
+
+	/**
+	 * Test of changePassword method, of class org.owasp.esapi.User.
+	 * 
+	 * @throws Exception
+	 *             the exception
+	 */
+	public void testChangePassword() throws Exception {
+		System.out.println("changePassword");
+		Authenticator instance = ESAPI.authenticator();
+		String oldPassword = "Password12!@";
+		DefaultUser user = createTestUser(oldPassword);
+		System.out.println("Hash of " + oldPassword + " = " + ((FileBasedAuthenticator)instance).getHashedPassword(user));
+		String password1 = "SomethingElse34#$";
+		user.changePassword(oldPassword, password1, password1);
+		System.out.println("Hash of " + password1 + " = " + ((FileBasedAuthenticator)instance).getHashedPassword(user));
+		assertTrue(user.verifyPassword(password1));
+		String password2 = "YetAnother56%^";
+		user.changePassword(password1, password2, password2);
+		System.out.println("Hash of " + password2 + " = " + ((FileBasedAuthenticator)instance).getHashedPassword(user));
+		try {
+			user.changePassword(password2, password1, password1);
+			fail("Shouldn't be able to reuse a password");
+		} catch( AuthenticationException e ) {
+			// expected
+		}
+		assertTrue(user.verifyPassword(password2));
+		assertFalse(user.verifyPassword("badpass"));
+	}
+
+	/**
+	 * Test of disable method, of class org.owasp.esapi.User.
+	 * 
+	 * @throws AuthenticationException
+	 *             the authentication exception
+	 */
+	public void testDisable() throws AuthenticationException {
+		System.out.println("disable");
+		Authenticator instance = ESAPI.authenticator();
+		String oldPassword = instance.generateStrongPassword();
+		DefaultUser user = createTestUser(oldPassword);
+		user.enable();
+		assertTrue(user.isEnabled());
+		user.disable();
+		assertFalse(user.isEnabled());
+	}
+
+	/**
+	 * Test of enable method, of class org.owasp.esapi.User.
+	 * 
+	 * @throws AuthenticationException
+	 *             the authentication exception
+	 */
+	public void testEnable() throws AuthenticationException {
+		System.out.println("enable");
+		Authenticator instance = ESAPI.authenticator();
+		String oldPassword = instance.generateStrongPassword();
+		DefaultUser user = createTestUser(oldPassword);
+		user.enable();
+		assertTrue(user.isEnabled());
+		user.disable();
+		assertFalse(user.isEnabled());
+	}
+
+	/**
+	 * Test of failedLoginCount lockout, of class org.owasp.esapi.User.
+	 * 
+	 * @throws AuthenticationException
+	 *             the authentication exception
+	 * @throws EncryptionException
+	 *             any EncryptionExceptions thrown by testing failedLoginLockout()
+	 */
+	public void testFailedLoginLockout() throws AuthenticationException, EncryptionException {
+		System.out.println("failedLoginLockout");
+		DefaultUser user = createTestUser("failedLoginLockout");
+		user.enable();
+		MockHttpServletRequest request = new MockHttpServletRequest();
+		MockHttpServletResponse response = new MockHttpServletResponse();
+		ESAPI.httpUtilities().setCurrentHTTP(request, response);
+        
+		user.loginWithPassword("failedLoginLockout");
+		
+		try {
+    		user.loginWithPassword("ridiculous");
+		} catch( AuthenticationException e ) { 
+    		// expected
+    	}
+ 		System.out.println("FAILED: " + user.getFailedLoginCount());
+		assertFalse(user.isLocked());
+
+		try {
+    		user.loginWithPassword("ridiculous");
+		} catch( AuthenticationException e ) { 
+    		// expected
+    	}
+		System.out.println("FAILED: " + user.getFailedLoginCount());
+		assertFalse(user.isLocked());
+
+		try {
+    		user.loginWithPassword("ridiculous");
+		} catch( AuthenticationException e ) { 
+    		// expected
+    	}
+		System.out.println("FAILED: " + user.getFailedLoginCount());
+		assertTrue(user.isLocked());
+	}
+
+	/**
+	 * Test of getAccountName method, of class org.owasp.esapi.User.
+	 * 
+	 * @throws AuthenticationException
+	 *             the authentication exception
+	 */
+	public void testGetAccountName() throws AuthenticationException {
+		System.out.println("getAccountName");
+		DefaultUser user = createTestUser("getAccountName");
+		String accountName = ESAPI.randomizer().getRandomString(7, EncoderConstants.CHAR_ALPHANUMERICS);
+		user.setAccountName(accountName);
+		assertEquals(accountName.toLowerCase(), user.getAccountName());
+		assertFalse("ridiculous".equals(user.getAccountName()));
+	}
+
+	/**
+	 * Test get last failed login time.
+	 * 
+	 * @throws Exception
+	 *             the exception
+	 */
+	public void testGetLastFailedLoginTime() throws Exception {
+		System.out.println("getLastLoginTime");
+		Authenticator instance = ESAPI.authenticator();
+		String oldPassword = instance.generateStrongPassword();
+		DefaultUser user = createTestUser(oldPassword);
+		try {
+    		user.loginWithPassword("ridiculous");
+		} catch( AuthenticationException e ) { 
+    		// expected
+    	}
+		Date llt1 = user.getLastFailedLoginTime();
+		Thread.sleep(100); // need a short delay to separate attempts
+		try {
+    		user.loginWithPassword("ridiculous");
+		} catch( AuthenticationException e ) { 
+    		// expected
+    	}
+		Date llt2 = user.getLastFailedLoginTime();
+		assertTrue(llt1.before(llt2));
+	}
+
+	/**
+	 * Test get last login time.
+	 * 
+	 * @throws Exception
+	 *             the exception
+	 */
+	public void testGetLastLoginTime() throws Exception {
+		System.out.println("getLastLoginTime");
+		Authenticator instance = ESAPI.authenticator();
+		String oldPassword = instance.generateStrongPassword();
+		DefaultUser user = createTestUser(oldPassword);
+		user.verifyPassword(oldPassword);
+		Date llt1 = user.getLastLoginTime();
+		Thread.sleep(10); // need a short delay to separate attempts
+		user.verifyPassword(oldPassword);
+		Date llt2 = user.getLastLoginTime();
+		assertTrue(llt1.before(llt2));
+	}
+
+	/**
+	 * Test getLastPasswordChangeTime method, of class org.owasp.esapi.User.
+	 * 
+	 * @throws Exception
+	 *             the exception
+	 */
+	public void testGetLastPasswordChangeTime() throws Exception {
+		System.out.println("getLastPasswordChangeTime");
+		DefaultUser user = createTestUser("getLastPasswordChangeTime");
+		Date t1 = user.getLastPasswordChangeTime();
+		Thread.sleep(10); // need a short delay to separate attempts
+		String newPassword = ESAPI.authenticator().generateStrongPassword(user, "getLastPasswordChangeTime");
+		user.changePassword("getLastPasswordChangeTime", newPassword, newPassword);
+		Date t2 = user.getLastPasswordChangeTime();
+		assertTrue(t2.after(t1));
+	}
+
+	/**
+	 * Test of getRoles method, of class org.owasp.esapi.User.
+     *
+     * @throws Exception
+     */
+	public void testGetRoles() throws Exception {
+		System.out.println("getRoles");
+		Authenticator instance = ESAPI.authenticator();
+		String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+		String password = ESAPI.authenticator().generateStrongPassword();
+		String role = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_LOWERS);
+		User user = instance.createUser(accountName, password, password);
+		user.addRole(role);
+		Set roles = user.getRoles();
+		assertTrue(roles.size() > 0);
+	}
+
+	/**
+	 * Test of getScreenName method, of class org.owasp.esapi.User.
+	 * 
+	 * @throws AuthenticationException
+	 *             the authentication exception
+	 */
+	public void testGetScreenName() throws AuthenticationException {
+		System.out.println("getScreenName");
+		DefaultUser user = createTestUser("getScreenName");
+		String screenName = ESAPI.randomizer().getRandomString(7, EncoderConstants.CHAR_ALPHANUMERICS);
+		user.setScreenName(screenName);
+		assertEquals(screenName, user.getScreenName());
+		assertFalse("ridiculous".equals(user.getScreenName()));
+	}
+
+    /**
+     *
+     * @throws org.owasp.esapi.errors.AuthenticationException
+     */
+    public void testGetSessions() throws AuthenticationException {
+        System.out.println("getSessions");
+        Authenticator instance = ESAPI.authenticator();
+        String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+        String password = ESAPI.authenticator().generateStrongPassword();
+        User user = instance.createUser(accountName, password, password);
+        HttpSession session1 = new MockHttpSession();
+        user.addSession( session1 );
+        HttpSession session2 = new MockHttpSession();
+        user.addSession( session2 );
+        HttpSession session3 = new MockHttpSession();
+        user.addSession( session3 );
+        Set sessions = user.getSessions();
+        Iterator i = sessions.iterator();
+        while ( i.hasNext() ) {
+            HttpSession s = (HttpSession)i.next();
+            System.out.println( ">>>" + s.getId() );
+        }
+        assertTrue(sessions.size() == 3);
+	}
+	
+	
+    /**
+     *
+     */
+    public void testAddSession() {
+	    // TODO
+	}
+	
+    /**
+     *
+     */
+    public void testRemoveSession() {
+	    // TODO
+	}
+	
+	/**
+	 * Test of incrementFailedLoginCount method, of class org.owasp.esapi.User.
+	 * 
+	 * @throws AuthenticationException
+	 *             the authentication exception
+	 */
+	public void testIncrementFailedLoginCount() throws AuthenticationException {
+		System.out.println("incrementFailedLoginCount");
+		DefaultUser user = createTestUser("incrementFailedLoginCount");
+		user.enable();
+		assertEquals(0, user.getFailedLoginCount());
+		MockHttpServletRequest request = new MockHttpServletRequest();
+		MockHttpServletResponse response = new MockHttpServletResponse();
+		ESAPI.httpUtilities().setCurrentHTTP(request, response);
+		try {
+			user.loginWithPassword("ridiculous");
+		} catch (AuthenticationException e) {
+			// expected
+		}
+		assertEquals(1, user.getFailedLoginCount());
+		try {
+			user.loginWithPassword("ridiculous");
+		} catch (AuthenticationException e) {
+			// expected
+		}
+		assertEquals(2, user.getFailedLoginCount());
+		try {
+			user.loginWithPassword("ridiculous");
+		} catch (AuthenticationException e) {
+			// expected
+		}
+		assertEquals(3, user.getFailedLoginCount());
+		try {
+			user.loginWithPassword("ridiculous");
+		} catch (AuthenticationException e) {
+			// expected
+		}
+		assertTrue(user.isLocked());
+	}
+
+	/**
+	 * Test of isEnabled method, of class org.owasp.esapi.User.
+	 * 
+	 * @throws AuthenticationException
+	 *             the authentication exception
+	 */
+	public void testIsEnabled() throws AuthenticationException {
+		System.out.println("isEnabled");
+		DefaultUser user = createTestUser("isEnabled");
+		user.disable();
+		assertFalse(user.isEnabled());
+		user.enable();
+		assertTrue(user.isEnabled());
+	}
+
+    
+    
+	/**
+	 * Test of isInRole method, of class org.owasp.esapi.User.
+	 * 
+	 * @throws AuthenticationException
+	 *             the authentication exception
+	 */
+	public void testIsInRole() throws AuthenticationException {
+		System.out.println("isInRole");
+		DefaultUser user = createTestUser("isInRole");
+		String role = "TestRole";
+		assertFalse(user.isInRole(role));
+		user.addRole(role);
+		assertTrue(user.isInRole(role));
+		assertFalse(user.isInRole("Ridiculous"));
+	}
+
+	/**
+	 * Test of isLocked method, of class org.owasp.esapi.User.
+	 * 
+	 * @throws AuthenticationException
+	 *             the authentication exception
+	 */
+	public void testIsLocked() throws AuthenticationException {
+		System.out.println("isLocked");
+		DefaultUser user = createTestUser("isLocked");
+		user.lock();
+		assertTrue(user.isLocked());
+		user.unlock();
+		assertFalse(user.isLocked());
+	}
+
+	/**
+	 * Test of isSessionAbsoluteTimeout method, of class
+	 * org.owasp.esapi.IntrusionDetector.
+	 * 
+	 * @throws AuthenticationException
+	 *             the authentication exception
+	 */
+	public void testIsSessionAbsoluteTimeout() throws AuthenticationException {
+		System.out.println("isSessionAbsoluteTimeout");
+		Authenticator instance = ESAPI.authenticator();
+		String oldPassword = instance.generateStrongPassword();
+		DefaultUser user = createTestUser(oldPassword);
+		long now = System.currentTimeMillis();
+		// setup request and response
+		MockHttpServletRequest request = new MockHttpServletRequest();
+		MockHttpServletResponse response = new MockHttpServletResponse();
+		ESAPI.httpUtilities().setCurrentHTTP(request, response);
+		MockHttpSession session = (MockHttpSession)request.getSession();
+				
+		// set session creation -3 hours (default is 2 hour timeout)		
+		session.setCreationTime( now - (1000 * 60 * 60 * 3) );
+		assertTrue(user.isSessionAbsoluteTimeout());
+		
+		// set session creation -1 hour (default is 2 hour timeout)
+		session.setCreationTime( now - (1000 * 60 * 60 * 1) );
+		assertFalse(user.isSessionAbsoluteTimeout());
+	}
+
+	/**
+	 * Test of isSessionTimeout method, of class
+	 * org.owasp.esapi.IntrusionDetector.
+	 * 
+	 * @throws AuthenticationException
+	 *             the authentication exception
+	 */
+	public void testIsSessionTimeout() throws AuthenticationException {
+		System.out.println("isSessionTimeout");
+		Authenticator instance = ESAPI.authenticator();
+		String oldPassword = instance.generateStrongPassword();
+		DefaultUser user = createTestUser(oldPassword);
+		long now = System.currentTimeMillis();
+		// setup request and response
+		MockHttpServletRequest request = new MockHttpServletRequest();
+		MockHttpServletResponse response = new MockHttpServletResponse();
+		ESAPI.httpUtilities().setCurrentHTTP(request, response);
+		MockHttpSession session = (MockHttpSession)request.getSession();
+		
+		// set creation -30 mins (default is 20 min timeout)
+		session.setAccessedTime( now - 1000 * 60 * 30 );
+		assertTrue(user.isSessionTimeout());
+		
+		// set creation -1 hour (default is 20 min timeout)
+		session.setAccessedTime( now - 1000 * 60 * 10 );
+		assertFalse(user.isSessionTimeout());
+	}
+
+	/**
+	 * Test of lockAccount method, of class org.owasp.esapi.User.
+	 * 
+	 * @throws AuthenticationException
+	 *             the authentication exception
+	 */
+	public void testLock() throws AuthenticationException {
+		System.out.println("lock");
+		Authenticator instance = ESAPI.authenticator();
+		String oldPassword = instance.generateStrongPassword();
+		DefaultUser user = createTestUser(oldPassword);
+		user.lock();
+		assertTrue(user.isLocked());
+		user.unlock();
+		assertFalse(user.isLocked());
+	}
+
+	/**
+	 * Test of loginWithPassword method, of class org.owasp.esapi.User.
+	 * 
+	 * @throws AuthenticationException
+	 *             the authentication exception
+	 */
+	public void testLoginWithPassword() throws AuthenticationException {
+		System.out.println("loginWithPassword");
+		MockHttpServletRequest request = new MockHttpServletRequest();
+		MockHttpSession session = (MockHttpSession) request.getSession();
+		assertFalse(session.getInvalidated());
+		DefaultUser user = createTestUser("loginWithPassword");
+		user.enable();
+		user.loginWithPassword("loginWithPassword");
+		assertTrue(user.isLoggedIn());
+		user.logout();
+		assertFalse(user.isLoggedIn());
+		assertFalse(user.isLocked());
+		try {
+			user.loginWithPassword("ridiculous");
+		} catch (AuthenticationException e) {
+			// expected
+		}
+		assertFalse(user.isLoggedIn());
+		try {
+			user.loginWithPassword("ridiculous");
+		} catch (AuthenticationException e) {
+			// expected
+		}
+		try {
+			user.loginWithPassword("ridiculous");
+		} catch (AuthenticationException e) {
+			// expected
+		}
+		assertTrue(user.isLocked());
+		user.unlock();
+		assertTrue(user.getFailedLoginCount() == 0 );
+	}
+
+
+	/**
+	 * Test of logout method, of class org.owasp.esapi.User.
+	 * 
+	 * @throws AuthenticationException
+	 *             the authentication exception
+	 */
+	public void testLogout() throws AuthenticationException {
+		System.out.println("logout");
+		MockHttpServletRequest request = new MockHttpServletRequest();
+		MockHttpServletResponse response = new MockHttpServletResponse();
+		MockHttpSession session = (MockHttpSession) request.getSession();
+		assertFalse(session.getInvalidated());
+		Authenticator instance = ESAPI.authenticator();
+		ESAPI.httpUtilities().setCurrentHTTP(request, response);
+		String oldPassword = instance.generateStrongPassword();
+		DefaultUser user = createTestUser(oldPassword);
+		user.enable();
+		System.out.println(user.getLastLoginTime());
+		user.loginWithPassword(oldPassword);
+		assertTrue(user.isLoggedIn());
+		// get new session after user logs in
+		session = (MockHttpSession) request.getSession();
+		assertFalse(session.getInvalidated());
+		user.logout();
+		assertFalse(user.isLoggedIn());
+		assertTrue(session.getInvalidated());
+	}
+
+	/**
+	 * Test of testRemoveRole method, of class org.owasp.esapi.User.
+	 * 
+	 * @throws AuthenticationException
+	 *             the authentication exception
+	 */
+	public void testRemoveRole() throws AuthenticationException {
+		System.out.println("removeRole");
+		String role = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_LOWERS);
+		DefaultUser user = createTestUser("removeRole");
+		user.addRole(role);
+		assertTrue(user.isInRole(role));
+		user.removeRole(role);
+		assertFalse(user.isInRole(role));
+	}
+
+	/**
+	 * Test of testResetCSRFToken method, of class org.owasp.esapi.User.
+	 * 
+	 * @throws AuthenticationException
+	 *             the authentication exception
+	 */
+	public void testResetCSRFToken() throws AuthenticationException {
+		System.out.println("resetCSRFToken");
+		DefaultUser user = createTestUser("resetCSRFToken");
+        String token1 = user.resetCSRFToken();
+        String token2 = user.resetCSRFToken();
+        assertFalse( token1.equals( token2 ) );
+	}
+	
+	/**
+	 * Test of setAccountName method, of class org.owasp.esapi.User.
+     *
+     * @throws AuthenticationException
+     */
+	public void testSetAccountName() throws AuthenticationException {
+		System.out.println("setAccountName");
+		DefaultUser user = createTestUser("setAccountName");
+		String accountName = ESAPI.randomizer().getRandomString(7, EncoderConstants.CHAR_ALPHANUMERICS);
+		user.setAccountName(accountName);
+		assertEquals(accountName.toLowerCase(), user.getAccountName());
+		assertFalse("ridiculous".equals(user.getAccountName()));
+	}
+
+	/**
+	 * Test of setExpirationTime method, of class org.owasp.esapi.User.
+     *
+     * @throws Exception
+     */
+	public void testSetExpirationTime() throws Exception {
+		Date longAgo = new Date(0);
+		Date now = new Date();
+		assertTrue("new Date(0) returned " + longAgo + " which is considered before new Date() " + now + ". Please report this output to the email list or as a issue", longAgo.before(now));
+		String password=ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+		DefaultUser user = createTestUser(password);
+		user.setExpirationTime(longAgo);
+		assertTrue( user.isExpired() );
+	}
+
+	
+	/**
+	 * Test of setRoles method, of class org.owasp.esapi.User.
+	 * 
+	 * @throws AuthenticationException
+	 *             the authentication exception
+	 */
+	public void testSetRoles() throws AuthenticationException {
+		System.out.println("setRoles");
+		DefaultUser user = createTestUser("setRoles");
+		user.addRole("user");
+		assertTrue(user.isInRole("user"));
+		Set set = new HashSet();
+		set.add("rolea");
+		set.add("roleb");
+		user.setRoles(set);
+		assertFalse(user.isInRole("user"));
+		assertTrue(user.isInRole("rolea"));
+		assertTrue(user.isInRole("roleb"));
+		assertFalse(user.isInRole("ridiculous"));
+	}
+
+	/**
+	 * Test of setScreenName method, of class org.owasp.esapi.User.
+	 * 
+	 * @throws AuthenticationException
+	 *             the authentication exception
+	 */
+	public void testSetScreenName() throws AuthenticationException {
+		System.out.println("setScreenName");
+		DefaultUser user = createTestUser("setScreenName");
+		String screenName = ESAPI.randomizer().getRandomString(7, EncoderConstants.CHAR_ALPHANUMERICS);
+		user.setScreenName(screenName);
+		assertEquals(screenName, user.getScreenName());
+		assertFalse("ridiculous".equals(user.getScreenName()));
+	}
+
+	/**
+	 * Test of unlockAccount method, of class org.owasp.esapi.User.
+	 * 
+	 * @throws AuthenticationException
+	 *             the authentication exception
+	 */
+	public void testUnlock() throws AuthenticationException {
+		System.out.println("unlockAccount");
+		Authenticator instance = ESAPI.authenticator();
+		String oldPassword = instance.generateStrongPassword();
+		DefaultUser user = createTestUser(oldPassword);
+		user.lock();
+		assertTrue(user.isLocked());
+		user.unlock();
+		assertFalse(user.isLocked());
+	}
+
+}

From 2ba88b1ebac17a7e83b6bdacf36a80240b060948 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:51 -0500
Subject: [PATCH 248/812] Change CRLF to LF for issue 356.

---
 .../validation/StringValidationRuleTest.java  | 316 +++++++++---------
 1 file changed, 158 insertions(+), 158 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/reference/validation/StringValidationRuleTest.java b/src/test/java/org/owasp/esapi/reference/validation/StringValidationRuleTest.java
index 9ea806e65..d580d4cc7 100644
--- a/src/test/java/org/owasp/esapi/reference/validation/StringValidationRuleTest.java
+++ b/src/test/java/org/owasp/esapi/reference/validation/StringValidationRuleTest.java
@@ -1,158 +1,158 @@
-package org.owasp.esapi.reference.validation;
-
-import junit.framework.Assert;
-
-import org.junit.Test;
-import org.owasp.esapi.ValidationErrorList;
-import org.owasp.esapi.errors.ValidationException;
-
-public class StringValidationRuleTest {
-
-	@Test
-	public void testWhitelistPattern() throws ValidationException {
-		
-		StringValidationRule validationRule = new StringValidationRule("Alphabetic");
-		
-		Assert.assertEquals("Magnum44", validationRule.getValid("", "Magnum44"));
-		validationRule.addWhitelistPattern("^[a-zA-Z]*");
-		try {
-			validationRule.getValid("", "Magnum44");
-			Assert.fail("Expected Exception not thrown");
-		}
-		catch (ValidationException ve) {
-			Assert.assertNotNull(ve.getMessage());
-		}
-		Assert.assertEquals("MagnumPI", validationRule.getValid("", "MagnumPI"));
-		
-	}
-	
-	@Test
-	public void testWhitelistPattern_Invalid() throws ValidationException {
-		
-		StringValidationRule validationRule = new StringValidationRule("");
-		
-		//null white list patterns throw IllegalArgumentException
-		try {
-			String pattern = null;
-			validationRule.addWhitelistPattern(pattern);
-			Assert.fail("Expected Exception not thrown");
-		}
-		catch (IllegalArgumentException ie) {
-			Assert.assertNotNull(ie.getMessage());
-		}
-		
-		try {
-			java.util.regex.Pattern pattern = null;
-			validationRule.addWhitelistPattern(pattern);
-			Assert.fail("Expected Exception not thrown");
-		}
-		catch (IllegalArgumentException ie) {
-			Assert.assertNotNull(ie.getMessage());
-		}
-		
-		//invalid white list patterns throw PatternSyntaxException
-		try {
-			String pattern = "_][0}[";
-			validationRule.addWhitelistPattern(pattern);
-			Assert.fail("Expected Exception not thrown");
-		}
-		catch (IllegalArgumentException ie) {
-			Assert.assertNotNull(ie.getMessage());
-		}
-	}
-	
-	@Test
-	public void testWhitelist() {
-		StringValidationRule validationRule = new StringValidationRule("");
-		
-		char[] whitelistArray = new char[] {'a', 'b', 'c'};
-		Assert.assertEquals("abc", validationRule.whitelist("12345abcdef", whitelistArray));
-	}
-	
-	@Test
-	public void testBlacklistPattern() throws ValidationException {
-		
-		StringValidationRule validationRule = new StringValidationRule("NoAngleBrackets");
-		
-		Assert.assertEquals("beg <script> end", validationRule.getValid("", "beg <script> end"));
-		validationRule.addBlacklistPattern("^.*(<|>).*");
-		try {
-			validationRule.getValid("", "beg <script> end");
-			Assert.fail("Expected Exception not thrown");
-		}
-		catch (ValidationException ve) {
-			Assert.assertNotNull(ve.getMessage());
-		}
-		Assert.assertEquals("beg script end", validationRule.getValid("", "beg script end"));
-	}
-	
-	@Test
-	public void testBlacklistPattern_Invalid() throws ValidationException {
-		
-		StringValidationRule validationRule = new StringValidationRule("");
-		
-		//null black list patterns throw IllegalArgumentException
-		try {
-			String pattern = null;
-			validationRule.addBlacklistPattern(pattern);
-			Assert.fail("Expected Exception not thrown");
-		}
-		catch (IllegalArgumentException ie) {
-			Assert.assertNotNull(ie.getMessage());
-		}
-		
-		try {
-			java.util.regex.Pattern pattern = null;
-			validationRule.addBlacklistPattern(pattern);
-			Assert.fail("Expected Exception not thrown");
-		}
-		catch (IllegalArgumentException ie) {
-			Assert.assertNotNull(ie.getMessage());
-		}
-		
-		//invalid black list patterns throw PatternSyntaxException
-		try {
-			String pattern = "_][0}[";
-			validationRule.addBlacklistPattern(pattern);
-			Assert.fail("Expected Exception not thrown");
-		}
-		catch (IllegalArgumentException ie) {
-			Assert.assertNotNull(ie.getMessage());
-		}
-	}	
-	
-	@Test
-	public void testCheckLengths() throws ValidationException {
-		
-		StringValidationRule validationRule = new StringValidationRule("Max12_Min2");
-		validationRule.setMinimumLength(2);
-		validationRule.setMaximumLength(12);
-		
-		Assert.assertTrue(validationRule.isValid("", "12"));
-		Assert.assertTrue(validationRule.isValid("", "123456"));
-		Assert.assertTrue(validationRule.isValid("", "ABCDEFGHIJKL"));
-		
-		Assert.assertFalse(validationRule.isValid("", "1"));
-		Assert.assertFalse(validationRule.isValid("", "ABCDEFGHIJKLM"));
-		
-		ValidationErrorList errorList = new ValidationErrorList();
-		Assert.assertEquals("1234567890", validationRule.getValid("", "1234567890", errorList));
-		Assert.assertEquals(0, errorList.size());
-		Assert.assertEquals(null, validationRule.getValid("", "123456789012345", errorList));
-		Assert.assertEquals(1, errorList.size());
-	}
-	
-	@Test
-	public void testAllowNull() throws ValidationException {
-		
-		StringValidationRule validationRule = new StringValidationRule("");
-		
-		Assert.assertFalse(validationRule.isAllowNull());
-		Assert.assertFalse(validationRule.isValid("", null));
-		
-		validationRule.setAllowNull(true);
-		Assert.assertTrue(validationRule.isAllowNull());
-		Assert.assertTrue(validationRule.isValid("", null));
-	}
-	
-}
+package org.owasp.esapi.reference.validation;
+
+import junit.framework.Assert;
+
+import org.junit.Test;
+import org.owasp.esapi.ValidationErrorList;
+import org.owasp.esapi.errors.ValidationException;
+
+public class StringValidationRuleTest {
+
+	@Test
+	public void testWhitelistPattern() throws ValidationException {
+		
+		StringValidationRule validationRule = new StringValidationRule("Alphabetic");
+		
+		Assert.assertEquals("Magnum44", validationRule.getValid("", "Magnum44"));
+		validationRule.addWhitelistPattern("^[a-zA-Z]*");
+		try {
+			validationRule.getValid("", "Magnum44");
+			Assert.fail("Expected Exception not thrown");
+		}
+		catch (ValidationException ve) {
+			Assert.assertNotNull(ve.getMessage());
+		}
+		Assert.assertEquals("MagnumPI", validationRule.getValid("", "MagnumPI"));
+		
+	}
+	
+	@Test
+	public void testWhitelistPattern_Invalid() throws ValidationException {
+		
+		StringValidationRule validationRule = new StringValidationRule("");
+		
+		//null white list patterns throw IllegalArgumentException
+		try {
+			String pattern = null;
+			validationRule.addWhitelistPattern(pattern);
+			Assert.fail("Expected Exception not thrown");
+		}
+		catch (IllegalArgumentException ie) {
+			Assert.assertNotNull(ie.getMessage());
+		}
+		
+		try {
+			java.util.regex.Pattern pattern = null;
+			validationRule.addWhitelistPattern(pattern);
+			Assert.fail("Expected Exception not thrown");
+		}
+		catch (IllegalArgumentException ie) {
+			Assert.assertNotNull(ie.getMessage());
+		}
+		
+		//invalid white list patterns throw PatternSyntaxException
+		try {
+			String pattern = "_][0}[";
+			validationRule.addWhitelistPattern(pattern);
+			Assert.fail("Expected Exception not thrown");
+		}
+		catch (IllegalArgumentException ie) {
+			Assert.assertNotNull(ie.getMessage());
+		}
+	}
+	
+	@Test
+	public void testWhitelist() {
+		StringValidationRule validationRule = new StringValidationRule("");
+		
+		char[] whitelistArray = new char[] {'a', 'b', 'c'};
+		Assert.assertEquals("abc", validationRule.whitelist("12345abcdef", whitelistArray));
+	}
+	
+	@Test
+	public void testBlacklistPattern() throws ValidationException {
+		
+		StringValidationRule validationRule = new StringValidationRule("NoAngleBrackets");
+		
+		Assert.assertEquals("beg <script> end", validationRule.getValid("", "beg <script> end"));
+		validationRule.addBlacklistPattern("^.*(<|>).*");
+		try {
+			validationRule.getValid("", "beg <script> end");
+			Assert.fail("Expected Exception not thrown");
+		}
+		catch (ValidationException ve) {
+			Assert.assertNotNull(ve.getMessage());
+		}
+		Assert.assertEquals("beg script end", validationRule.getValid("", "beg script end"));
+	}
+	
+	@Test
+	public void testBlacklistPattern_Invalid() throws ValidationException {
+		
+		StringValidationRule validationRule = new StringValidationRule("");
+		
+		//null black list patterns throw IllegalArgumentException
+		try {
+			String pattern = null;
+			validationRule.addBlacklistPattern(pattern);
+			Assert.fail("Expected Exception not thrown");
+		}
+		catch (IllegalArgumentException ie) {
+			Assert.assertNotNull(ie.getMessage());
+		}
+		
+		try {
+			java.util.regex.Pattern pattern = null;
+			validationRule.addBlacklistPattern(pattern);
+			Assert.fail("Expected Exception not thrown");
+		}
+		catch (IllegalArgumentException ie) {
+			Assert.assertNotNull(ie.getMessage());
+		}
+		
+		//invalid black list patterns throw PatternSyntaxException
+		try {
+			String pattern = "_][0}[";
+			validationRule.addBlacklistPattern(pattern);
+			Assert.fail("Expected Exception not thrown");
+		}
+		catch (IllegalArgumentException ie) {
+			Assert.assertNotNull(ie.getMessage());
+		}
+	}	
+	
+	@Test
+	public void testCheckLengths() throws ValidationException {
+		
+		StringValidationRule validationRule = new StringValidationRule("Max12_Min2");
+		validationRule.setMinimumLength(2);
+		validationRule.setMaximumLength(12);
+		
+		Assert.assertTrue(validationRule.isValid("", "12"));
+		Assert.assertTrue(validationRule.isValid("", "123456"));
+		Assert.assertTrue(validationRule.isValid("", "ABCDEFGHIJKL"));
+		
+		Assert.assertFalse(validationRule.isValid("", "1"));
+		Assert.assertFalse(validationRule.isValid("", "ABCDEFGHIJKLM"));
+		
+		ValidationErrorList errorList = new ValidationErrorList();
+		Assert.assertEquals("1234567890", validationRule.getValid("", "1234567890", errorList));
+		Assert.assertEquals(0, errorList.size());
+		Assert.assertEquals(null, validationRule.getValid("", "123456789012345", errorList));
+		Assert.assertEquals(1, errorList.size());
+	}
+	
+	@Test
+	public void testAllowNull() throws ValidationException {
+		
+		StringValidationRule validationRule = new StringValidationRule("");
+		
+		Assert.assertFalse(validationRule.isAllowNull());
+		Assert.assertFalse(validationRule.isValid("", null));
+		
+		validationRule.setAllowNull(true);
+		Assert.assertTrue(validationRule.isAllowNull());
+		Assert.assertTrue(validationRule.isValid("", null));
+	}
+	
+}

From c328e39b3ee54214a70099bb5ddcce7fe12d1ccf Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:51 -0500
Subject: [PATCH 249/812] Change CRLF to LF for issue 356.

---
 src/test/java/org/owasp/esapi/UserTest.java | 212 ++++++++++----------
 1 file changed, 106 insertions(+), 106 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/UserTest.java b/src/test/java/org/owasp/esapi/UserTest.java
index ab31d4808..62b465bec 100644
--- a/src/test/java/org/owasp/esapi/UserTest.java
+++ b/src/test/java/org/owasp/esapi/UserTest.java
@@ -1,106 +1,106 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-
-/**
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class UserTest extends TestCase {
-
-	public UserTest(String testName) {
-		super(testName);
-	}
-
-	protected void setUp() throws Exception {
-		// none
-	}
-
-	protected void tearDown() throws Exception {
-		// none
-	}
-
-	public static Test suite() {
-		TestSuite suite = new TestSuite(UserTest.class);
-		return suite;
-	}
-	
-	public void testAllMethods() throws Exception {
-		// create a user to test Anonymous
-		String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-		Authenticator instance = ESAPI.authenticator();
-		String password = instance.generateStrongPassword();
-		
-			// Probably could skip the assignment here, but maybe someone had
-			// future plans to use this. So will just suppress warning for now.
-		@SuppressWarnings("unused")
-		User user = instance.createUser(accountName, password, password);
-		
-		// test the rest of the Anonymous user
-		try { User.ANONYMOUS.addRole(null); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.addRoles(null); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.changePassword(null, null, null); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.disable(); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.enable(); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.getAccountId(); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.getAccountName(); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.getName(); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.getCSRFToken(); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.getExpirationTime(); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.getFailedLoginCount(); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.getLastFailedLoginTime(); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.getLastLoginTime(); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.getLastPasswordChangeTime(); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.getRoles(); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.getScreenName(); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.addSession(null); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.removeSession(null); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.incrementFailedLoginCount(); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.isAnonymous(); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.isEnabled(); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.isExpired(); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.isInRole(null); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.isLocked(); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.isLoggedIn(); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.isSessionAbsoluteTimeout(); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.isSessionTimeout(); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.lock(); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.loginWithPassword(null); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.logout(); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.removeRole(null); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.resetCSRFToken(); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.setAccountName(null); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.setExpirationTime(null); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.setRoles(null); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.setScreenName(null); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.unlock(); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.verifyPassword(null); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.setLastFailedLoginTime(null); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.setLastLoginTime(null); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.setLastHostAddress(null); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.setLastPasswordChangeTime(null); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.getEventMap(); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.getLocale(); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.setLocale(null); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.getAccountName(); } catch( RuntimeException e ) {}
-		try { User.ANONYMOUS.getAccountName(); } catch( RuntimeException e ) {}
-	}
-}
-
-
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+/**
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class UserTest extends TestCase {
+
+	public UserTest(String testName) {
+		super(testName);
+	}
+
+	protected void setUp() throws Exception {
+		// none
+	}
+
+	protected void tearDown() throws Exception {
+		// none
+	}
+
+	public static Test suite() {
+		TestSuite suite = new TestSuite(UserTest.class);
+		return suite;
+	}
+	
+	public void testAllMethods() throws Exception {
+		// create a user to test Anonymous
+		String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+		Authenticator instance = ESAPI.authenticator();
+		String password = instance.generateStrongPassword();
+		
+			// Probably could skip the assignment here, but maybe someone had
+			// future plans to use this. So will just suppress warning for now.
+		@SuppressWarnings("unused")
+		User user = instance.createUser(accountName, password, password);
+		
+		// test the rest of the Anonymous user
+		try { User.ANONYMOUS.addRole(null); } catch( RuntimeException e ) {}
+		try { User.ANONYMOUS.addRoles(null); } catch( RuntimeException e ) {}
+		try { User.ANONYMOUS.changePassword(null, null, null); } catch( RuntimeException e ) {}
+		try { User.ANONYMOUS.disable(); } catch( RuntimeException e ) {}
+		try { User.ANONYMOUS.enable(); } catch( RuntimeException e ) {}
+		try { User.ANONYMOUS.getAccountId(); } catch( RuntimeException e ) {}
+		try { User.ANONYMOUS.getAccountName(); } catch( RuntimeException e ) {}
+		try { User.ANONYMOUS.getName(); } catch( RuntimeException e ) {}
+		try { User.ANONYMOUS.getCSRFToken(); } catch( RuntimeException e ) {}
+		try { User.ANONYMOUS.getExpirationTime(); } catch( RuntimeException e ) {}
+		try { User.ANONYMOUS.getFailedLoginCount(); } catch( RuntimeException e ) {}
+		try { User.ANONYMOUS.getLastFailedLoginTime(); } catch( RuntimeException e ) {}
+		try { User.ANONYMOUS.getLastLoginTime(); } catch( RuntimeException e ) {}
+		try { User.ANONYMOUS.getLastPasswordChangeTime(); } catch( RuntimeException e ) {}
+		try { User.ANONYMOUS.getRoles(); } catch( RuntimeException e ) {}
+		try { User.ANONYMOUS.getScreenName(); } catch( RuntimeException e ) {}
+		try { User.ANONYMOUS.addSession(null); } catch( RuntimeException e ) {}
+		try { User.ANONYMOUS.removeSession(null); } catch( RuntimeException e ) {}
+		try { User.ANONYMOUS.incrementFailedLoginCount(); } catch( RuntimeException e ) {}
+		try { User.ANONYMOUS.isAnonymous(); } catch( RuntimeException e ) {}
+		try { User.ANONYMOUS.isEnabled(); } catch( RuntimeException e ) {}
+		try { User.ANONYMOUS.isExpired(); } catch( RuntimeException e ) {}
+		try { User.ANONYMOUS.isInRole(null); } catch( RuntimeException e ) {}
+		try { User.ANONYMOUS.isLocked(); } catch( RuntimeException e ) {}
+		try { User.ANONYMOUS.isLoggedIn(); } catch( RuntimeException e ) {}
+		try { User.ANONYMOUS.isSessionAbsoluteTimeout(); } catch( RuntimeException e ) {}
+		try { User.ANONYMOUS.isSessionTimeout(); } catch( RuntimeException e ) {}
+		try { User.ANONYMOUS.lock(); } catch( RuntimeException e ) {}
+		try { User.ANONYMOUS.loginWithPassword(null); } catch( RuntimeException e ) {}
+		try { User.ANONYMOUS.logout(); } catch( RuntimeException e ) {}
+		try { User.ANONYMOUS.removeRole(null); } catch( RuntimeException e ) {}
+		try { User.ANONYMOUS.resetCSRFToken(); } catch( RuntimeException e ) {}
+		try { User.ANONYMOUS.setAccountName(null); } catch( RuntimeException e ) {}
+		try { User.ANONYMOUS.setExpirationTime(null); } catch( RuntimeException e ) {}
+		try { User.ANONYMOUS.setRoles(null); } catch( RuntimeException e ) {}
+		try { User.ANONYMOUS.setScreenName(null); } catch( RuntimeException e ) {}
+		try { User.ANONYMOUS.unlock(); } catch( RuntimeException e ) {}
+		try { User.ANONYMOUS.verifyPassword(null); } catch( RuntimeException e ) {}
+		try { User.ANONYMOUS.setLastFailedLoginTime(null); } catch( RuntimeException e ) {}
+		try { User.ANONYMOUS.setLastLoginTime(null); } catch( RuntimeException e ) {}
+		try { User.ANONYMOUS.setLastHostAddress(null); } catch( RuntimeException e ) {}
+		try { User.ANONYMOUS.setLastPasswordChangeTime(null); } catch( RuntimeException e ) {}
+		try { User.ANONYMOUS.getEventMap(); } catch( RuntimeException e ) {}
+		try { User.ANONYMOUS.getLocale(); } catch( RuntimeException e ) {}
+		try { User.ANONYMOUS.setLocale(null); } catch( RuntimeException e ) {}
+		try { User.ANONYMOUS.getAccountName(); } catch( RuntimeException e ) {}
+		try { User.ANONYMOUS.getAccountName(); } catch( RuntimeException e ) {}
+	}
+}
+
+

From d9d99baed44476f6099f16c93afcfa3a11aeed04 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:51 -0500
Subject: [PATCH 250/812] Change CRLF to LF for issue 356.

---
 .../owasp/esapi/ValidationErrorListTest.java  | 280 +++++++++---------
 1 file changed, 140 insertions(+), 140 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/ValidationErrorListTest.java b/src/test/java/org/owasp/esapi/ValidationErrorListTest.java
index 2880cd73c..230e54130 100644
--- a/src/test/java/org/owasp/esapi/ValidationErrorListTest.java
+++ b/src/test/java/org/owasp/esapi/ValidationErrorListTest.java
@@ -1,140 +1,140 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-
-import org.owasp.esapi.errors.IntrusionException;
-import org.owasp.esapi.errors.ValidationException;
-
-/**
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class ValidationErrorListTest extends TestCase {
-
-	/**
-	 * Instantiates a new executor test.
-	 * 
-	 * @param testName
-	 *            the test name
-	 */
-	public ValidationErrorListTest(String testName) {
-		super(testName);
-	}
-
-	/**
-     * {@inheritDoc}
-     *
-     * @throws Exception
-     */
-	protected void setUp() throws Exception {
-		// none
-	}
-
-	/**
-     * {@inheritDoc}
-     *
-     * @throws Exception
-     */
-	protected void tearDown() throws Exception {
-		// none
-	}
-
-	/**
-	 * Suite.
-	 * 
-	 * @return the test
-	 */
-	public static Test suite() {
-		TestSuite suite = new TestSuite(ValidationErrorListTest.class);
-		return suite;
-	}
-	
-	public void testAddError() throws Exception {
-		System.out.println("testAddError");
-		ValidationErrorList vel = new ValidationErrorList();
-		ValidationException vex = createValidationException();
-		vel.addError("context", vex );
-		try {
-			vel.addError(null, vex );
-			fail();
-		} catch( Exception e ) {
-			// expected
-		}
-		try {
-			vel.addError("context1", null );
-			fail();
-		} catch( Exception e ) {
-			// expected
-		}
-		try {
-			vel.addError("context", vex );  // add the same context again
-			fail();
-		} catch( Exception e ) {
-			// expected
-		}
-	}
-
-	public void testErrors() throws Exception {
-		System.out.println("testErrors");
-		ValidationErrorList vel = new ValidationErrorList();
-		ValidationException vex = createValidationException();
-		vel.addError("context",  vex );
-		assertTrue( vel.errors().get(0) == vex );
-	}
-
-	public void testGetError() throws Exception {
-		System.out.println("testGetError");
-		ValidationErrorList vel = new ValidationErrorList();
-		ValidationException vex = createValidationException();
-		vel.addError("context",  vex );
-		assertTrue( vel.getError( "context" ) == vex );
-		assertTrue( vel.getError( "ridiculous" ) == null );
-	}
-
-	public void testIsEmpty() throws Exception {
-		System.out.println("testIsEmpty");
-		ValidationErrorList vel = new ValidationErrorList();
-		assertTrue( vel.isEmpty() );
-		ValidationException vex = createValidationException();
-		vel.addError("context",  vex );
-		assertFalse( vel.isEmpty() );
-	}
-
-	public void testSize() throws Exception {
-		System.out.println("testSize");
-		ValidationErrorList vel = new ValidationErrorList();
-		assertTrue( vel.size() == 0 );
-		ValidationException vex = createValidationException();
-		vel.addError("context",  vex );
-		assertTrue( vel.size() == 1 );
-	}
-
-	private ValidationException createValidationException() {
-		ValidationException vex = null;
-		try {
-			vex = new ValidationException("User message", "Log Message");
-		} catch( IntrusionException e ) {
-			// expected occasionally
-		}
-		return vex;
-	}
-	
-}
-
-
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+import org.owasp.esapi.errors.IntrusionException;
+import org.owasp.esapi.errors.ValidationException;
+
+/**
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class ValidationErrorListTest extends TestCase {
+
+	/**
+	 * Instantiates a new executor test.
+	 * 
+	 * @param testName
+	 *            the test name
+	 */
+	public ValidationErrorListTest(String testName) {
+		super(testName);
+	}
+
+	/**
+     * {@inheritDoc}
+     *
+     * @throws Exception
+     */
+	protected void setUp() throws Exception {
+		// none
+	}
+
+	/**
+     * {@inheritDoc}
+     *
+     * @throws Exception
+     */
+	protected void tearDown() throws Exception {
+		// none
+	}
+
+	/**
+	 * Suite.
+	 * 
+	 * @return the test
+	 */
+	public static Test suite() {
+		TestSuite suite = new TestSuite(ValidationErrorListTest.class);
+		return suite;
+	}
+	
+	public void testAddError() throws Exception {
+		System.out.println("testAddError");
+		ValidationErrorList vel = new ValidationErrorList();
+		ValidationException vex = createValidationException();
+		vel.addError("context", vex );
+		try {
+			vel.addError(null, vex );
+			fail();
+		} catch( Exception e ) {
+			// expected
+		}
+		try {
+			vel.addError("context1", null );
+			fail();
+		} catch( Exception e ) {
+			// expected
+		}
+		try {
+			vel.addError("context", vex );  // add the same context again
+			fail();
+		} catch( Exception e ) {
+			// expected
+		}
+	}
+
+	public void testErrors() throws Exception {
+		System.out.println("testErrors");
+		ValidationErrorList vel = new ValidationErrorList();
+		ValidationException vex = createValidationException();
+		vel.addError("context",  vex );
+		assertTrue( vel.errors().get(0) == vex );
+	}
+
+	public void testGetError() throws Exception {
+		System.out.println("testGetError");
+		ValidationErrorList vel = new ValidationErrorList();
+		ValidationException vex = createValidationException();
+		vel.addError("context",  vex );
+		assertTrue( vel.getError( "context" ) == vex );
+		assertTrue( vel.getError( "ridiculous" ) == null );
+	}
+
+	public void testIsEmpty() throws Exception {
+		System.out.println("testIsEmpty");
+		ValidationErrorList vel = new ValidationErrorList();
+		assertTrue( vel.isEmpty() );
+		ValidationException vex = createValidationException();
+		vel.addError("context",  vex );
+		assertFalse( vel.isEmpty() );
+	}
+
+	public void testSize() throws Exception {
+		System.out.println("testSize");
+		ValidationErrorList vel = new ValidationErrorList();
+		assertTrue( vel.size() == 0 );
+		ValidationException vex = createValidationException();
+		vel.addError("context",  vex );
+		assertTrue( vel.size() == 1 );
+	}
+
+	private ValidationException createValidationException() {
+		ValidationException vex = null;
+		try {
+			vex = new ValidationException("User message", "Log Message");
+		} catch( IntrusionException e ) {
+			// expected occasionally
+		}
+		return vex;
+	}
+	
+}
+
+

From 2110fc4efa16217ac835125c39e222503dd2b728 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:51 -0500
Subject: [PATCH 251/812] Change CRLF to LF for issue 356.

---
 .../org/owasp/esapi/waf/AddHeaderTest.java    | 118 +++++++++---------
 1 file changed, 59 insertions(+), 59 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/waf/AddHeaderTest.java b/src/test/java/org/owasp/esapi/waf/AddHeaderTest.java
index 0e4d69292..36c1bde45 100644
--- a/src/test/java/org/owasp/esapi/waf/AddHeaderTest.java
+++ b/src/test/java/org/owasp/esapi/waf/AddHeaderTest.java
@@ -1,59 +1,59 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf;
-
-import java.net.URL;
-
-import org.owasp.esapi.http.MockHttpServletRequest;
-
-import junit.framework.TestSuite;
-
-public class AddHeaderTest extends WAFTestCase {
-	
-	public static TestSuite suite() {
-		return new TestSuite(AddHeaderTest.class);
-	}
-	
-    /*
-     * Test whether or not the WAF correctly adds the header to the response when it should and
-     * when it shouldn't, based on paths specified in the WAF rules.
-     */
-    public void testShouldAddHeader() throws Exception {
-        
-    	System.out.println("addHeaderPolicy - Response should have FOO=BAR header added" );
-
-    	request = new MockHttpServletRequest( new URL( "http://www.example.com/addheader" ) );
-    	
-    	WAFTestUtility.createAndExecuteWAFTransaction("waf-policies/add-header-policy.xml", request, response );
-    	
-        String foo = response.getHeader( "FOO" );
-        assertTrue( foo != null && foo.equals( "BAR" ) );
-        
-    }
-    
-    public void testShouldNotAddHeader() throws Exception {
-    	System.out.println("addHeaderPolicy - Response should have FOO=BAR header added" );
-
-    	request = new MockHttpServletRequest( new URL( "http://www.example.com/marketing/foo" ) );
-    	
-    	WAFTestUtility.createAndExecuteWAFTransaction("waf-policies/add-header-policy.xml", request, response );
-    	
-        String foo = response.getHeader( "FOO" );
-        assertTrue( foo == null );
-        
-    }
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf;
+
+import java.net.URL;
+
+import org.owasp.esapi.http.MockHttpServletRequest;
+
+import junit.framework.TestSuite;
+
+public class AddHeaderTest extends WAFTestCase {
+	
+	public static TestSuite suite() {
+		return new TestSuite(AddHeaderTest.class);
+	}
+	
+    /*
+     * Test whether or not the WAF correctly adds the header to the response when it should and
+     * when it shouldn't, based on paths specified in the WAF rules.
+     */
+    public void testShouldAddHeader() throws Exception {
+        
+    	System.out.println("addHeaderPolicy - Response should have FOO=BAR header added" );
+
+    	request = new MockHttpServletRequest( new URL( "http://www.example.com/addheader" ) );
+    	
+    	WAFTestUtility.createAndExecuteWAFTransaction("waf-policies/add-header-policy.xml", request, response );
+    	
+        String foo = response.getHeader( "FOO" );
+        assertTrue( foo != null && foo.equals( "BAR" ) );
+        
+    }
+    
+    public void testShouldNotAddHeader() throws Exception {
+    	System.out.println("addHeaderPolicy - Response should have FOO=BAR header added" );
+
+    	request = new MockHttpServletRequest( new URL( "http://www.example.com/marketing/foo" ) );
+    	
+    	WAFTestUtility.createAndExecuteWAFTransaction("waf-policies/add-header-policy.xml", request, response );
+    	
+        String foo = response.getHeader( "FOO" );
+        assertTrue( foo == null );
+        
+    }
+
+}

From 307b6aedff46babafc8bc18ce25ef576ee7925f3 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:51 -0500
Subject: [PATCH 252/812] Change CRLF to LF for issue 356.

---
 .../org/owasp/esapi/waf/BeanShellTest.java    | 94 +++++++++----------
 1 file changed, 47 insertions(+), 47 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/waf/BeanShellTest.java b/src/test/java/org/owasp/esapi/waf/BeanShellTest.java
index 94e8a93a4..65bdd478c 100644
--- a/src/test/java/org/owasp/esapi/waf/BeanShellTest.java
+++ b/src/test/java/org/owasp/esapi/waf/BeanShellTest.java
@@ -1,47 +1,47 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf;
-
-import java.net.URL;
-
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-
-import org.owasp.esapi.http.MockFilterChain;
-import org.owasp.esapi.http.MockHttpServletRequest;
-
-import junit.framework.TestSuite;
-
-public class BeanShellTest extends WAFTestCase {
-
-	public static TestSuite suite() {
-		return new TestSuite(BeanShellTest.class);
-	}
-
-	public void testRedirectBeanShellRule() throws Exception {
-
-		request = new MockHttpServletRequest( new URL( "http://www.example.com/beanshelltest" ) );
-
-    	WAFTestUtility.createAndExecuteWAFTransaction("waf-policies/bean-shell-policy.xml", request, response, new MockFilterChain() );
-    	
-    	HttpSession session = request.getSession();
-    	
-    	assert(session.getAttribute("simple_waf_test") != null);
-    	assert(response.getStatus() == HttpServletResponse.SC_MOVED_PERMANENTLY);
-
-	}
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf;
+
+import java.net.URL;
+
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.owasp.esapi.http.MockFilterChain;
+import org.owasp.esapi.http.MockHttpServletRequest;
+
+import junit.framework.TestSuite;
+
+public class BeanShellTest extends WAFTestCase {
+
+	public static TestSuite suite() {
+		return new TestSuite(BeanShellTest.class);
+	}
+
+	public void testRedirectBeanShellRule() throws Exception {
+
+		request = new MockHttpServletRequest( new URL( "http://www.example.com/beanshelltest" ) );
+
+    	WAFTestUtility.createAndExecuteWAFTransaction("waf-policies/bean-shell-policy.xml", request, response, new MockFilterChain() );
+    	
+    	HttpSession session = request.getSession();
+    	
+    	assert(session.getAttribute("simple_waf_test") != null);
+    	assert(response.getStatus() == HttpServletResponse.SC_MOVED_PERMANENTLY);
+
+	}
+
+}

From 12498e257bff315d14c375f00869354b00398844 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:51 -0500
Subject: [PATCH 253/812] Change CRLF to LF for issue 356.

---
 .../owasp/esapi/waf/DetectOutboundTest.java   | 126 +++++++++---------
 1 file changed, 63 insertions(+), 63 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/waf/DetectOutboundTest.java b/src/test/java/org/owasp/esapi/waf/DetectOutboundTest.java
index 54eefb8de..af71b49b9 100644
--- a/src/test/java/org/owasp/esapi/waf/DetectOutboundTest.java
+++ b/src/test/java/org/owasp/esapi/waf/DetectOutboundTest.java
@@ -1,63 +1,63 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf;
-
-import java.net.URL;
-
-import javax.servlet.http.HttpServletResponse;
-
-import junit.framework.TestSuite;
-
-import org.owasp.esapi.http.MockHttpServletRequest;
-import org.owasp.esapi.http.MockHttpServletResponse;
-
-public class DetectOutboundTest extends WAFTestCase {
-	
-	public static TestSuite suite() {
-		return new TestSuite(DetectOutboundTest.class);
-	}
-	
-	public void testBadDetectOutbound() throws Exception {
-	       
-    	System.out.println("detectOutboundPolicy - Fires if response has \"2008\" in it" );
-   	    
-    	request = new MockHttpServletRequest( new URL( "http://www.example.com/here_is_the_2008" ) );
-    	
-    	// this setting of the body gets overridden in the MockFilterChain =(. For a hack we put it in
-    	// the URI above, which gets reflected into the response body.
-    	response.setBody( "Now is the time for all good men 2008 to come to the aid of their country" );
-        
-    	WAFTestUtility.createAndExecuteWAFTransaction( "waf-policies/detect-outbound-policy.xml", request, response );
-    	
-    	assertTrue( response.getStatus() == HttpServletResponse.SC_MOVED_PERMANENTLY );
-        
-    }
-	
-	public void testGoodDetectOutbound() throws Exception {
-	       
-    	System.out.println("detectOutboundPolicy - should not fire even if response has \"2008\" in it because the content type is image/jpeg" );
-   	    
-    	request = new MockHttpServletRequest( new URL( "http://www.example.com/here_is_the_2008" ) );
-    	response = new MockHttpServletResponse();
-    	response.setContentType("image/jpeg");
-    	response.setBody( "Now is the time for all good men 2008 to come to the aid of their country" );
-        
-    	WAFTestUtility.createAndExecuteWAFTransaction( "waf-policies/detect-outbound-policy.xml", request, response );
-    	
-    	assertTrue( response.getStatus() == HttpServletResponse.SC_OK );
-        
-    }
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf;
+
+import java.net.URL;
+
+import javax.servlet.http.HttpServletResponse;
+
+import junit.framework.TestSuite;
+
+import org.owasp.esapi.http.MockHttpServletRequest;
+import org.owasp.esapi.http.MockHttpServletResponse;
+
+public class DetectOutboundTest extends WAFTestCase {
+	
+	public static TestSuite suite() {
+		return new TestSuite(DetectOutboundTest.class);
+	}
+	
+	public void testBadDetectOutbound() throws Exception {
+	       
+    	System.out.println("detectOutboundPolicy - Fires if response has \"2008\" in it" );
+   	    
+    	request = new MockHttpServletRequest( new URL( "http://www.example.com/here_is_the_2008" ) );
+    	
+    	// this setting of the body gets overridden in the MockFilterChain =(. For a hack we put it in
+    	// the URI above, which gets reflected into the response body.
+    	response.setBody( "Now is the time for all good men 2008 to come to the aid of their country" );
+        
+    	WAFTestUtility.createAndExecuteWAFTransaction( "waf-policies/detect-outbound-policy.xml", request, response );
+    	
+    	assertTrue( response.getStatus() == HttpServletResponse.SC_MOVED_PERMANENTLY );
+        
+    }
+	
+	public void testGoodDetectOutbound() throws Exception {
+	       
+    	System.out.println("detectOutboundPolicy - should not fire even if response has \"2008\" in it because the content type is image/jpeg" );
+   	    
+    	request = new MockHttpServletRequest( new URL( "http://www.example.com/here_is_the_2008" ) );
+    	response = new MockHttpServletResponse();
+    	response.setContentType("image/jpeg");
+    	response.setBody( "Now is the time for all good men 2008 to come to the aid of their country" );
+        
+    	WAFTestUtility.createAndExecuteWAFTransaction( "waf-policies/detect-outbound-policy.xml", request, response );
+    	
+    	assertTrue( response.getStatus() == HttpServletResponse.SC_OK );
+        
+    }
+}

From f6736f7419fee5b002acf13b8b303dbebf1dabfd Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:51 -0500
Subject: [PATCH 254/812] Change CRLF to LF for issue 356.

---
 .../owasp/esapi/waf/DynamicInsertionTest.java | 140 +++++++++---------
 1 file changed, 70 insertions(+), 70 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/waf/DynamicInsertionTest.java b/src/test/java/org/owasp/esapi/waf/DynamicInsertionTest.java
index 300da4b50..0d67dc557 100644
--- a/src/test/java/org/owasp/esapi/waf/DynamicInsertionTest.java
+++ b/src/test/java/org/owasp/esapi/waf/DynamicInsertionTest.java
@@ -1,70 +1,70 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf;
-
-import java.io.IOException;
-import java.net.URL;
-
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletResponse;
-
-import org.owasp.esapi.http.MockFilterChain;
-import org.owasp.esapi.http.MockHttpServletRequest;
-
-import junit.framework.TestSuite;
-
-public class DynamicInsertionTest extends WAFTestCase {
-
-	public static TestSuite suite() {
-		return new TestSuite(DynamicInsertionTest.class);
-	}
-	
-	public void testShouldReplaceContent() throws Exception {
-		
-    	System.out.println("dynamicInsertionPolicy - replaces </body> with 'this is a test'" );
-   	    
-    	request = new MockHttpServletRequest( new URL( "https://www.example.com/here+</body>+there+everywhere" ) );
-        request.setScheme("https");
-        request.getSession(true).setAttribute("ESAPIUserSessionKey", user);
-    	WAFTestUtility.createAndExecuteWAFTransaction( "waf-policies/dynamic-insertion-policy.xml", request, response );
-    	
-    	assertTrue ( response.getStatus() == HttpServletResponse.SC_OK );
-    	String body = response.getBody();
-    	assertTrue ( body.indexOf("test") > -1 );
-    	System.out.println( body );
-   	
-	}
-	
-	public void testShouldNotReplaceContent() throws Exception {
-		
-		System.out.println("dynamicInsertionPolicy - should not replace '< /body>' or </body > or </bo dy> with anything" );
-   	    
-    	request = new MockHttpServletRequest( new URL( "https://www.example.com/here+<+/body></bo+dy>+</body+>+there+everywhere" ) );
-    	request.setScheme("https");
-    	request.getSession(true).setAttribute("ESAPIUserSessionKey", user);
-    	WAFTestUtility.createAndExecuteWAFTransaction( "waf-policies/dynamic-insertion-policy.xml", request, response );
-    	
-    	assertTrue ( response.getStatus() == HttpServletResponse.SC_OK );
-    	assertTrue ( response.getBody().indexOf("test") == -1 );
-    	System.out.println( response.getBody() );
-   		
-    	
-	}
-	
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf;
+
+import java.io.IOException;
+import java.net.URL;
+
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletResponse;
+
+import org.owasp.esapi.http.MockFilterChain;
+import org.owasp.esapi.http.MockHttpServletRequest;
+
+import junit.framework.TestSuite;
+
+public class DynamicInsertionTest extends WAFTestCase {
+
+	public static TestSuite suite() {
+		return new TestSuite(DynamicInsertionTest.class);
+	}
+	
+	public void testShouldReplaceContent() throws Exception {
+		
+    	System.out.println("dynamicInsertionPolicy - replaces </body> with 'this is a test'" );
+   	    
+    	request = new MockHttpServletRequest( new URL( "https://www.example.com/here+</body>+there+everywhere" ) );
+        request.setScheme("https");
+        request.getSession(true).setAttribute("ESAPIUserSessionKey", user);
+    	WAFTestUtility.createAndExecuteWAFTransaction( "waf-policies/dynamic-insertion-policy.xml", request, response );
+    	
+    	assertTrue ( response.getStatus() == HttpServletResponse.SC_OK );
+    	String body = response.getBody();
+    	assertTrue ( body.indexOf("test") > -1 );
+    	System.out.println( body );
+   	
+	}
+	
+	public void testShouldNotReplaceContent() throws Exception {
+		
+		System.out.println("dynamicInsertionPolicy - should not replace '< /body>' or </body > or </bo dy> with anything" );
+   	    
+    	request = new MockHttpServletRequest( new URL( "https://www.example.com/here+<+/body></bo+dy>+</body+>+there+everywhere" ) );
+    	request.setScheme("https");
+    	request.getSession(true).setAttribute("ESAPIUserSessionKey", user);
+    	WAFTestUtility.createAndExecuteWAFTransaction( "waf-policies/dynamic-insertion-policy.xml", request, response );
+    	
+    	assertTrue ( response.getStatus() == HttpServletResponse.SC_OK );
+    	assertTrue ( response.getBody().indexOf("test") == -1 );
+    	System.out.println( response.getBody() );
+   		
+    	
+	}
+	
+}

From 24b89f793ee0a9c334289e1837aa819ca3b69725 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:51 -0500
Subject: [PATCH 255/812] Change CRLF to LF for issue 356.

---
 .../esapi/waf/EnforceAuthenticationTest.java  | 102 +++++++++---------
 1 file changed, 51 insertions(+), 51 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/waf/EnforceAuthenticationTest.java b/src/test/java/org/owasp/esapi/waf/EnforceAuthenticationTest.java
index 2b833121b..69169b458 100644
--- a/src/test/java/org/owasp/esapi/waf/EnforceAuthenticationTest.java
+++ b/src/test/java/org/owasp/esapi/waf/EnforceAuthenticationTest.java
@@ -1,52 +1,52 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf;
-
-import java.net.URL;
-
-import javax.servlet.http.HttpServletResponse;
-
-import junit.framework.TestSuite;
-
-import org.owasp.esapi.http.MockHttpServletRequest;
-import org.owasp.esapi.http.MockHttpServletResponse;
-
-public class EnforceAuthenticationTest extends WAFTestCase {
-
-	public static TestSuite suite() {
-		return new TestSuite(EnforceAuthenticationTest.class);
-	}
-	
-	public void testAuthenticatedRequest() throws Exception {
-		// authentication test
-	    url = new URL( "https://www.example.com/authenticated" );
-		System.out.println( "\nTest good request (user in session): " + url );
-	    request = new MockHttpServletRequest( url );
-	    request.getSession().setAttribute("ESAPIUserSessionKey", user);
-		response = new MockHttpServletResponse();
-		createAndExecuteWAFResponseCodeTest( waf, request, response, HttpServletResponse.SC_OK );		
-	}
-
-	public void testUnauthenticatedRequest() throws Exception {
-	    // authentication test
-	    url = new URL( "http://www.example.com/authenticated" );
-		System.out.println( "\nTest bad request (no user in session): " + url );
-	    request = new MockHttpServletRequest( url );
-		response = new MockHttpServletResponse();
-		createAndExecuteWAFResponseCodeTest ( waf, request, response, HttpServletResponse.SC_MOVED_PERMANENTLY );		
-	}
-
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf;
+
+import java.net.URL;
+
+import javax.servlet.http.HttpServletResponse;
+
+import junit.framework.TestSuite;
+
+import org.owasp.esapi.http.MockHttpServletRequest;
+import org.owasp.esapi.http.MockHttpServletResponse;
+
+public class EnforceAuthenticationTest extends WAFTestCase {
+
+	public static TestSuite suite() {
+		return new TestSuite(EnforceAuthenticationTest.class);
+	}
+	
+	public void testAuthenticatedRequest() throws Exception {
+		// authentication test
+	    url = new URL( "https://www.example.com/authenticated" );
+		System.out.println( "\nTest good request (user in session): " + url );
+	    request = new MockHttpServletRequest( url );
+	    request.getSession().setAttribute("ESAPIUserSessionKey", user);
+		response = new MockHttpServletResponse();
+		createAndExecuteWAFResponseCodeTest( waf, request, response, HttpServletResponse.SC_OK );		
+	}
+
+	public void testUnauthenticatedRequest() throws Exception {
+	    // authentication test
+	    url = new URL( "http://www.example.com/authenticated" );
+		System.out.println( "\nTest bad request (no user in session): " + url );
+	    request = new MockHttpServletRequest( url );
+		response = new MockHttpServletResponse();
+		createAndExecuteWAFResponseCodeTest ( waf, request, response, HttpServletResponse.SC_MOVED_PERMANENTLY );		
+	}
+
 }
\ No newline at end of file

From a964af4a8b5611b8c03ad6b7137acb77c32e7bba Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:51 -0500
Subject: [PATCH 256/812] Change CRLF to LF for issue 356.

---
 .../org/owasp/esapi/waf/EnforceHTTPSTest.java | 136 +++++++++---------
 1 file changed, 68 insertions(+), 68 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/waf/EnforceHTTPSTest.java b/src/test/java/org/owasp/esapi/waf/EnforceHTTPSTest.java
index 83bb550ab..11950e86e 100644
--- a/src/test/java/org/owasp/esapi/waf/EnforceHTTPSTest.java
+++ b/src/test/java/org/owasp/esapi/waf/EnforceHTTPSTest.java
@@ -1,68 +1,68 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf;
-
-import java.net.URL;
-
-import javax.servlet.http.HttpServletResponse;
-
-import junit.framework.TestSuite;
-
-import org.owasp.esapi.http.MockHttpServletRequest;
-import org.owasp.esapi.http.MockHttpServletResponse;
-
-public class EnforceHTTPSTest extends WAFTestCase {
-
-	public static TestSuite suite() {
-		return new TestSuite(EnforceHTTPSTest.class);
-	}
-	
-	public void setUp() throws Exception {
-		super.setUp();
-    	WAFTestUtility.setWAFPolicy( waf, "waf-policy.xml" );
-	}
-
-	public void testGoodSchemeSSLRequired() throws Exception {
-	    // test good scheme
-		url = new URL( "https://www.example.com/" );
-		System.out.println( "\nTest good scheme (https): " + url );
-	    request = new MockHttpServletRequest( url );
-	    request.getSession(true);
-		response = new MockHttpServletResponse();
-		createAndExecuteWAFResponseCodeTest( waf, request, response, HttpServletResponse.SC_OK );		
-	}
-
-     
-	public void testBadSchemeSSLNotRequired () throws Exception {
-	    // test bad scheme
-	    url = new URL( "http://www.example.com/images/test.gif" );
-		System.out.println( "\nTest bad scheme (no ssl - but its not required): " + url );
-	    request = new MockHttpServletRequest( url );
-	    request.getSession(true);
-		response = new MockHttpServletResponse();
-		createAndExecuteWAFResponseCodeTest( waf, request, response, HttpServletResponse.SC_OK );		
-	}
-
-	public void testBadSchemeSSLRequired () throws Exception {
-	    // test bad scheme
-	    url = new URL( "http://www.example.com/secure" );
-		System.out.println( "\nTest bad scheme (no ssl - but its required): " + url );
-	    request = new MockHttpServletRequest( url );
-	    request.getSession(true);
-		response = new MockHttpServletResponse();
-		createAndExecuteWAFResponseCodeTest( waf, request, response, HttpServletResponse.SC_MOVED_PERMANENTLY );		
-	}
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf;
+
+import java.net.URL;
+
+import javax.servlet.http.HttpServletResponse;
+
+import junit.framework.TestSuite;
+
+import org.owasp.esapi.http.MockHttpServletRequest;
+import org.owasp.esapi.http.MockHttpServletResponse;
+
+public class EnforceHTTPSTest extends WAFTestCase {
+
+	public static TestSuite suite() {
+		return new TestSuite(EnforceHTTPSTest.class);
+	}
+	
+	public void setUp() throws Exception {
+		super.setUp();
+    	WAFTestUtility.setWAFPolicy( waf, "waf-policy.xml" );
+	}
+
+	public void testGoodSchemeSSLRequired() throws Exception {
+	    // test good scheme
+		url = new URL( "https://www.example.com/" );
+		System.out.println( "\nTest good scheme (https): " + url );
+	    request = new MockHttpServletRequest( url );
+	    request.getSession(true);
+		response = new MockHttpServletResponse();
+		createAndExecuteWAFResponseCodeTest( waf, request, response, HttpServletResponse.SC_OK );		
+	}
+
+     
+	public void testBadSchemeSSLNotRequired () throws Exception {
+	    // test bad scheme
+	    url = new URL( "http://www.example.com/images/test.gif" );
+		System.out.println( "\nTest bad scheme (no ssl - but its not required): " + url );
+	    request = new MockHttpServletRequest( url );
+	    request.getSession(true);
+		response = new MockHttpServletResponse();
+		createAndExecuteWAFResponseCodeTest( waf, request, response, HttpServletResponse.SC_OK );		
+	}
+
+	public void testBadSchemeSSLRequired () throws Exception {
+	    // test bad scheme
+	    url = new URL( "http://www.example.com/secure" );
+		System.out.println( "\nTest bad scheme (no ssl - but its required): " + url );
+	    request = new MockHttpServletRequest( url );
+	    request.getSession(true);
+		response = new MockHttpServletResponse();
+		createAndExecuteWAFResponseCodeTest( waf, request, response, HttpServletResponse.SC_MOVED_PERMANENTLY );		
+	}
+}

From 2667e4b0b1f1f4042a637992cad19ece53cfa61d Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:52 -0500
Subject: [PATCH 257/812] Change CRLF to LF for issue 356.

---
 .../org/owasp/esapi/waf/GoodRequestTest.java  | 86 +++++++++----------
 1 file changed, 43 insertions(+), 43 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/waf/GoodRequestTest.java b/src/test/java/org/owasp/esapi/waf/GoodRequestTest.java
index c1ed06876..54dc036b6 100644
--- a/src/test/java/org/owasp/esapi/waf/GoodRequestTest.java
+++ b/src/test/java/org/owasp/esapi/waf/GoodRequestTest.java
@@ -1,43 +1,43 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf;
-
-import java.net.URL;
-
-import javax.servlet.http.HttpServletResponse;
-
-import junit.framework.TestSuite;
-
-import org.owasp.esapi.http.MockHttpServletRequest;
-import org.owasp.esapi.http.MockHttpServletResponse;
-
-public class GoodRequestTest extends WAFTestCase {
-
-	public static TestSuite suite() {
-		return new TestSuite(GoodRequestTest.class);
-	}
-	
-	public void testGoodRequest() throws Exception {
-		// should pass
-        url = new URL( "http://www.example.com/index.jsp" );
-		System.out.println( "Test good URL: " + url );
-        request = new MockHttpServletRequest( url );
-        request.getSession(true);
-    	response = new MockHttpServletResponse();
-    	createAndExecuteWAFResponseCodeTest( waf, request, response, HttpServletResponse.SC_OK );
-	}
-	
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf;
+
+import java.net.URL;
+
+import javax.servlet.http.HttpServletResponse;
+
+import junit.framework.TestSuite;
+
+import org.owasp.esapi.http.MockHttpServletRequest;
+import org.owasp.esapi.http.MockHttpServletResponse;
+
+public class GoodRequestTest extends WAFTestCase {
+
+	public static TestSuite suite() {
+		return new TestSuite(GoodRequestTest.class);
+	}
+	
+	public void testGoodRequest() throws Exception {
+		// should pass
+        url = new URL( "http://www.example.com/index.jsp" );
+		System.out.println( "Test good URL: " + url );
+        request = new MockHttpServletRequest( url );
+        request.getSession(true);
+    	response = new MockHttpServletResponse();
+    	createAndExecuteWAFResponseCodeTest( waf, request, response, HttpServletResponse.SC_OK );
+	}
+	
+}

From e5ad2f7a186998dd8135776ff8a1bb21a9f1c334 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:52 -0500
Subject: [PATCH 258/812] Change CRLF to LF for issue 356.

---
 .../org/owasp/esapi/waf/HttpOnlyTest.java     | 168 +++++++++---------
 1 file changed, 84 insertions(+), 84 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/waf/HttpOnlyTest.java b/src/test/java/org/owasp/esapi/waf/HttpOnlyTest.java
index b176207ef..74d5e6fe6 100644
--- a/src/test/java/org/owasp/esapi/waf/HttpOnlyTest.java
+++ b/src/test/java/org/owasp/esapi/waf/HttpOnlyTest.java
@@ -1,84 +1,84 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf;
-
-import java.io.IOException;
-
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletResponse;
-
-import org.owasp.esapi.http.MockFilterChain;
-
-import junit.framework.TestSuite;
-
-public class HttpOnlyTest extends WAFTestCase {
-	
-	public static TestSuite suite() {
-		return new TestSuite(HttpOnlyTest.class);
-	}
-	
-    /*
-     * Test all aspects of the HTTPOnly protection. Note that attaching HTTPOnly to
-     * JSESSIONIDs requires a 3-step handshake, so the first 2 response codes should 
-     * be 301, and on the 3rd response the cookie should be set. A lot of extra traffic
-     * for HTTPOnly.
-     * 
-     * That same 3-step handshake won't be needed for custom cookies generated by the
-     * application with addCookie().
-     */
-
-	// this has been commented because we decided not to try to make this work. too much
-	// hackery.
-	/*
-    public void testAddHttpOnlyOnSessionCookie() throws Exception {
-    	
-     	System.out.println("addHttpOnlyPolicy - Response should have httpOnly set on the session ID (JSESSIONID) cookie added to response" );
-   	        	
-    	WAFTestUtility.createAndExecuteWAFTransaction( "waf-policies/add-httponly-policy.xml", request, response );
-    	
-    	assertTrue( response.getStatus() == HttpServletResponse.SC_MOVED_PERMANENTLY );
-    	
-    }
-    */
-	
-    public void testAddHttpOnlyOnCustomCookie() throws Exception {
-    	
-    	System.out.println("addHttpOnlyPolicy - Response should have httpOnly set on a custom cookie (FOOBAR) added to the response" );
-   	    
-    	request.getSession(true);
-    	
-    	WAFTestUtility.createAndExecuteWAFTransaction( "waf-policies/add-httponly-policy.xml", request, response, new HttpOnlyTestFilterChain() );
-    	
-    	//response.dump();
-     
-    	String foo = response.getHeader("Set-Cookie");
-    	assertTrue( response.getStatus() != HttpServletResponse.SC_MOVED_PERMANENTLY );
-    	assertTrue( foo.contains("HttpOnly") );
-    	
-    }
-    
-    class HttpOnlyTestFilterChain extends MockFilterChain {
-		public void doFilter(ServletRequest arg0, ServletResponse arg1)
-				throws IOException, ServletException {
-			HttpServletResponse response = (HttpServletResponse)arg1;
-			response.addCookie( new Cookie("FOO", "BAR" ) );
-		}
-    }
-    
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf;
+
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletResponse;
+
+import org.owasp.esapi.http.MockFilterChain;
+
+import junit.framework.TestSuite;
+
+public class HttpOnlyTest extends WAFTestCase {
+	
+	public static TestSuite suite() {
+		return new TestSuite(HttpOnlyTest.class);
+	}
+	
+    /*
+     * Test all aspects of the HTTPOnly protection. Note that attaching HTTPOnly to
+     * JSESSIONIDs requires a 3-step handshake, so the first 2 response codes should 
+     * be 301, and on the 3rd response the cookie should be set. A lot of extra traffic
+     * for HTTPOnly.
+     * 
+     * That same 3-step handshake won't be needed for custom cookies generated by the
+     * application with addCookie().
+     */
+
+	// this has been commented because we decided not to try to make this work. too much
+	// hackery.
+	/*
+    public void testAddHttpOnlyOnSessionCookie() throws Exception {
+    	
+     	System.out.println("addHttpOnlyPolicy - Response should have httpOnly set on the session ID (JSESSIONID) cookie added to response" );
+   	        	
+    	WAFTestUtility.createAndExecuteWAFTransaction( "waf-policies/add-httponly-policy.xml", request, response );
+    	
+    	assertTrue( response.getStatus() == HttpServletResponse.SC_MOVED_PERMANENTLY );
+    	
+    }
+    */
+	
+    public void testAddHttpOnlyOnCustomCookie() throws Exception {
+    	
+    	System.out.println("addHttpOnlyPolicy - Response should have httpOnly set on a custom cookie (FOOBAR) added to the response" );
+   	    
+    	request.getSession(true);
+    	
+    	WAFTestUtility.createAndExecuteWAFTransaction( "waf-policies/add-httponly-policy.xml", request, response, new HttpOnlyTestFilterChain() );
+    	
+    	//response.dump();
+     
+    	String foo = response.getHeader("Set-Cookie");
+    	assertTrue( response.getStatus() != HttpServletResponse.SC_MOVED_PERMANENTLY );
+    	assertTrue( foo.contains("HttpOnly") );
+    	
+    }
+    
+    class HttpOnlyTestFilterChain extends MockFilterChain {
+		public void doFilter(ServletRequest arg0, ServletResponse arg1)
+				throws IOException, ServletException {
+			HttpServletResponse response = (HttpServletResponse)arg1;
+			response.addCookie( new Cookie("FOO", "BAR" ) );
+		}
+    }
+    
+}

From d4ee41d524e32e96fb2fc26d63cf6dda9bcbf8e9 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:52 -0500
Subject: [PATCH 259/812] Change CRLF to LF for issue 356.

---
 .../InterceptingHttpServletRequestTest.java   | 152 +++++++++---------
 1 file changed, 76 insertions(+), 76 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/waf/internal/InterceptingHttpServletRequestTest.java b/src/test/java/org/owasp/esapi/waf/internal/InterceptingHttpServletRequestTest.java
index f6b137056..c70e14a87 100644
--- a/src/test/java/org/owasp/esapi/waf/internal/InterceptingHttpServletRequestTest.java
+++ b/src/test/java/org/owasp/esapi/waf/internal/InterceptingHttpServletRequestTest.java
@@ -1,76 +1,76 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- *
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- *
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- *
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.waf.internal;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-
-import org.owasp.esapi.http.MockHttpServletRequest;
-
-/**
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class InterceptingHttpServletRequestTest extends TestCase {
-
-    /**
-	 * Instantiates a new test.
-	 *
-	 * @param testName
-	 *            the test name
-	 */
-    public InterceptingHttpServletRequestTest(String testName) {
-        super(testName);
-    }
-
-    /**
-     * {@inheritDoc}
-     * @throws Exception
-     */
-    protected void setUp() throws Exception {
-    	// none
-    }
-
-    /**
-     * {@inheritDoc}
-     * @throws Exception
-     */
-    protected void tearDown() throws Exception {
-    	// none
-    }
-
-    /**
-	 * Suite.
-	 *
-	 * @return the test
-	 */
-    public static Test suite() {
-        TestSuite suite = new TestSuite(InterceptingHttpServletRequestTest.class);
-        return suite;
-    }
-
-
-    /**
-	 * Test.
-     */
-    public void testRequest() throws Exception {
-        System.out.println("InterceptingHTTPServletRequest");
-   	    MockHttpServletRequest mreq = new MockHttpServletRequest();
-   	    mreq.setMethod( "GET" );
-        InterceptingHTTPServletRequest ireq = new InterceptingHTTPServletRequest(mreq);
-        assertEquals( mreq.getMethod(), ireq.getMethod() );
-    }
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.waf.internal;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+import org.owasp.esapi.http.MockHttpServletRequest;
+
+/**
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class InterceptingHttpServletRequestTest extends TestCase {
+
+    /**
+	 * Instantiates a new test.
+	 *
+	 * @param testName
+	 *            the test name
+	 */
+    public InterceptingHttpServletRequestTest(String testName) {
+        super(testName);
+    }
+
+    /**
+     * {@inheritDoc}
+     * @throws Exception
+     */
+    protected void setUp() throws Exception {
+    	// none
+    }
+
+    /**
+     * {@inheritDoc}
+     * @throws Exception
+     */
+    protected void tearDown() throws Exception {
+    	// none
+    }
+
+    /**
+	 * Suite.
+	 *
+	 * @return the test
+	 */
+    public static Test suite() {
+        TestSuite suite = new TestSuite(InterceptingHttpServletRequestTest.class);
+        return suite;
+    }
+
+
+    /**
+	 * Test.
+     */
+    public void testRequest() throws Exception {
+        System.out.println("InterceptingHTTPServletRequest");
+   	    MockHttpServletRequest mreq = new MockHttpServletRequest();
+   	    mreq.setMethod( "GET" );
+        InterceptingHTTPServletRequest ireq = new InterceptingHTTPServletRequest(mreq);
+        assertEquals( mreq.getMethod(), ireq.getMethod() );
+    }
+}

From 83a725a118315716e1a9aa1c06ba51b9840d6df6 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:52 -0500
Subject: [PATCH 260/812] Change CRLF to LF for issue 356.

---
 .../InterceptingHttpServletResponseTest.java  | 160 +++++++++---------
 1 file changed, 80 insertions(+), 80 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/waf/internal/InterceptingHttpServletResponseTest.java b/src/test/java/org/owasp/esapi/waf/internal/InterceptingHttpServletResponseTest.java
index 20a97bc00..6dd6e49a5 100644
--- a/src/test/java/org/owasp/esapi/waf/internal/InterceptingHttpServletResponseTest.java
+++ b/src/test/java/org/owasp/esapi/waf/internal/InterceptingHttpServletResponseTest.java
@@ -1,80 +1,80 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.waf.internal;
-
-import java.util.ArrayList;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-
-import org.owasp.esapi.http.MockHttpServletResponse;
-
-/**
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-public class InterceptingHttpServletResponseTest extends TestCase {
-    
-    /**
-	 * Instantiates a new test.
-	 * 
-	 * @param testName
-	 *            the test name
-	 */
-    public InterceptingHttpServletResponseTest(String testName) {
-        super(testName);
-    }
-
-    /**
-     * {@inheritDoc}
-     * @throws Exception
-     */
-    protected void setUp() throws Exception {
-    	// none
-    }
-
-    /**
-     * {@inheritDoc}
-     * @throws Exception
-     */
-    protected void tearDown() throws Exception {
-    	// none
-    }
-
-    /**
-	 * Suite.
-	 * 
-	 * @return the test
-	 */
-    public static Test suite() {
-        TestSuite suite = new TestSuite(InterceptingHttpServletResponseTest.class);
-        return suite;
-    }
-
-    
-    /**
-	 * Test.
-     */
-    public void testRequest() throws Exception {
-        System.out.println("InterceptingHTTPServletResponse");
-   	    MockHttpServletResponse mres = new MockHttpServletResponse();
-        InterceptingHTTPServletResponse ires = new InterceptingHTTPServletResponse(mres, false, new ArrayList() );
-        // isos.println( "Hello" );
-        // ires.getOutputStream().println( "Hello" );
-        // ires.getWriter().println("Hello");
-        // assertEquals( "Hello\r\n", new String( ires.getInterceptingServletOutputStream().getResponseBytes() ) );
-    }
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.waf.internal;
+
+import java.util.ArrayList;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+import org.owasp.esapi.http.MockHttpServletResponse;
+
+/**
+ * @author Jeff Williams (jeff.williams@aspectsecurity.com)
+ */
+public class InterceptingHttpServletResponseTest extends TestCase {
+    
+    /**
+	 * Instantiates a new test.
+	 * 
+	 * @param testName
+	 *            the test name
+	 */
+    public InterceptingHttpServletResponseTest(String testName) {
+        super(testName);
+    }
+
+    /**
+     * {@inheritDoc}
+     * @throws Exception
+     */
+    protected void setUp() throws Exception {
+    	// none
+    }
+
+    /**
+     * {@inheritDoc}
+     * @throws Exception
+     */
+    protected void tearDown() throws Exception {
+    	// none
+    }
+
+    /**
+	 * Suite.
+	 * 
+	 * @return the test
+	 */
+    public static Test suite() {
+        TestSuite suite = new TestSuite(InterceptingHttpServletResponseTest.class);
+        return suite;
+    }
+
+    
+    /**
+	 * Test.
+     */
+    public void testRequest() throws Exception {
+        System.out.println("InterceptingHTTPServletResponse");
+   	    MockHttpServletResponse mres = new MockHttpServletResponse();
+        InterceptingHTTPServletResponse ires = new InterceptingHTTPServletResponse(mres, false, new ArrayList() );
+        // isos.println( "Hello" );
+        // ires.getOutputStream().println( "Hello" );
+        // ires.getWriter().println("Hello");
+        // assertEquals( "Hello\r\n", new String( ires.getInterceptingServletOutputStream().getResponseBytes() ) );
+    }
+}

From 909bdd86060c7f89f94af643bedd1dd87dc4b324 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:52 -0500
Subject: [PATCH 261/812] Change CRLF to LF for issue 356.

---
 .../owasp/esapi/waf/MockWafFilterConfig.java  | 36 +++++++++----------
 1 file changed, 18 insertions(+), 18 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/waf/MockWafFilterConfig.java b/src/test/java/org/owasp/esapi/waf/MockWafFilterConfig.java
index 25a80bc21..c1515e350 100644
--- a/src/test/java/org/owasp/esapi/waf/MockWafFilterConfig.java
+++ b/src/test/java/org/owasp/esapi/waf/MockWafFilterConfig.java
@@ -1,18 +1,18 @@
-package org.owasp.esapi.waf;
-
-import java.util.Map;
-
-import javax.servlet.ServletContext;
-
-import org.owasp.esapi.http.MockFilterConfig;
-
-public class MockWafFilterConfig extends MockFilterConfig {
-
-	public MockWafFilterConfig(Map map) {
-		super(map);
-	}
-
-	public ServletContext getServletContext() {
-    	return new MockWafServletContext();
-    }
-}
+package org.owasp.esapi.waf;
+
+import java.util.Map;
+
+import javax.servlet.ServletContext;
+
+import org.owasp.esapi.http.MockFilterConfig;
+
+public class MockWafFilterConfig extends MockFilterConfig {
+
+	public MockWafFilterConfig(Map map) {
+		super(map);
+	}
+
+	public ServletContext getServletContext() {
+    	return new MockWafServletContext();
+    }
+}

From 0254ef69eb99ad9802e61b6fd16ac1241bc0dae4 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:52 -0500
Subject: [PATCH 262/812] Change CRLF to LF for issue 356.

---
 .../esapi/waf/MockWafServletContext.java      | 28 +++++++++----------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/waf/MockWafServletContext.java b/src/test/java/org/owasp/esapi/waf/MockWafServletContext.java
index 1d5b91022..e42c1ae41 100644
--- a/src/test/java/org/owasp/esapi/waf/MockWafServletContext.java
+++ b/src/test/java/org/owasp/esapi/waf/MockWafServletContext.java
@@ -1,14 +1,14 @@
-package org.owasp.esapi.waf;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.http.MockServletContext;
-
-public class MockWafServletContext extends MockServletContext {
-
-	public String getRealPath(String s) {
-		
-		return ESAPI.securityConfiguration().getResourceFile( "" ).getAbsolutePath() + "/" + s;
-		
-	}
-	
-}
+package org.owasp.esapi.waf;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.http.MockServletContext;
+
+public class MockWafServletContext extends MockServletContext {
+
+	public String getRealPath(String s) {
+		
+		return ESAPI.securityConfiguration().getResourceFile( "" ).getAbsolutePath() + "/" + s;
+		
+	}
+	
+}

From bb18d73f38a9918ea08c1705b314571626189469 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:52 -0500
Subject: [PATCH 263/812] Change CRLF to LF for issue 356.

---
 .../org/owasp/esapi/waf/MustMatchTest.java    | 110 +++++++++---------
 1 file changed, 55 insertions(+), 55 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/waf/MustMatchTest.java b/src/test/java/org/owasp/esapi/waf/MustMatchTest.java
index c92eefd15..d83010956 100644
--- a/src/test/java/org/owasp/esapi/waf/MustMatchTest.java
+++ b/src/test/java/org/owasp/esapi/waf/MustMatchTest.java
@@ -1,55 +1,55 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf;
-
-import java.net.URL;
-
-import javax.servlet.http.HttpServletResponse;
-
-import junit.framework.TestSuite;
-
-import org.owasp.esapi.http.MockHttpServletRequest;
-import org.owasp.esapi.http.MockHttpServletResponse;
-
-public class MustMatchTest extends WAFTestCase {
-	
-	public static TestSuite suite() {
-		return new TestSuite(MustMatchTest.class);
-	}
-	
-	public void testUnauthorizedRequest () throws Exception {
-        // Test bad request (no x-roles header)
-        url = new URL( "https://www.example.com/admin/config" );
-		System.out.println( "\nTest bad request (request has no x-roles header): " + url );
-        request = new MockHttpServletRequest( url );
-        request.setRemoteAddr("192.168.1.5"); // necessary to pass IPRule
-        request.getSession().setAttribute("ESAPIUserSessionKey", user);
-    	response = new MockHttpServletResponse();
-    	createAndExecuteWAFResponseCodeTest( waf, request, response, HttpServletResponse.SC_MOVED_PERMANENTLY );
-	}
-	
-	public void testAuthorizedRequest() throws Exception {
-        // Test good request (request has x-roles header)
-        url = new URL( "https://www.example.com/admin/config" );
-		System.out.println( "\nTest good request (request has x-roles header): " + url );
-        request = new MockHttpServletRequest( url );
-        request.addHeader("x-roles", "admin" );
-        request.setRemoteAddr("192.168.1.100");
-        request.getSession().setAttribute("ESAPIUserSessionKey", user);
-    	response = new MockHttpServletResponse();
-    	createAndExecuteWAFResponseCodeTest( waf, request, response, HttpServletResponse.SC_OK );
-	}
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf;
+
+import java.net.URL;
+
+import javax.servlet.http.HttpServletResponse;
+
+import junit.framework.TestSuite;
+
+import org.owasp.esapi.http.MockHttpServletRequest;
+import org.owasp.esapi.http.MockHttpServletResponse;
+
+public class MustMatchTest extends WAFTestCase {
+	
+	public static TestSuite suite() {
+		return new TestSuite(MustMatchTest.class);
+	}
+	
+	public void testUnauthorizedRequest () throws Exception {
+        // Test bad request (no x-roles header)
+        url = new URL( "https://www.example.com/admin/config" );
+		System.out.println( "\nTest bad request (request has no x-roles header): " + url );
+        request = new MockHttpServletRequest( url );
+        request.setRemoteAddr("192.168.1.5"); // necessary to pass IPRule
+        request.getSession().setAttribute("ESAPIUserSessionKey", user);
+    	response = new MockHttpServletResponse();
+    	createAndExecuteWAFResponseCodeTest( waf, request, response, HttpServletResponse.SC_MOVED_PERMANENTLY );
+	}
+	
+	public void testAuthorizedRequest() throws Exception {
+        // Test good request (request has x-roles header)
+        url = new URL( "https://www.example.com/admin/config" );
+		System.out.println( "\nTest good request (request has x-roles header): " + url );
+        request = new MockHttpServletRequest( url );
+        request.addHeader("x-roles", "admin" );
+        request.setRemoteAddr("192.168.1.100");
+        request.getSession().setAttribute("ESAPIUserSessionKey", user);
+    	response = new MockHttpServletResponse();
+    	createAndExecuteWAFResponseCodeTest( waf, request, response, HttpServletResponse.SC_OK );
+	}
+}

From cdc2d7073027666490574ea125a591d3069221a4 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:52 -0500
Subject: [PATCH 264/812] Change CRLF to LF for issue 356.

---
 .../esapi/waf/RestrictContentTypeTest.java    | 102 +++++++++---------
 1 file changed, 51 insertions(+), 51 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/waf/RestrictContentTypeTest.java b/src/test/java/org/owasp/esapi/waf/RestrictContentTypeTest.java
index 430600cbe..49fe81471 100644
--- a/src/test/java/org/owasp/esapi/waf/RestrictContentTypeTest.java
+++ b/src/test/java/org/owasp/esapi/waf/RestrictContentTypeTest.java
@@ -1,51 +1,51 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf;
-
-import javax.servlet.http.HttpServletResponse;
-
-import junit.framework.TestSuite;
-
-public class RestrictContentTypeTest extends WAFTestCase {
-
-	public static TestSuite suite() {
-		return new TestSuite(RestrictContentTypeTest.class);
-	}
-
-	public void testNoContentType() throws Exception {
-
-		WAFTestUtility.createAndExecuteWAFTransaction( "waf-policies/restrict-content-type-policy.xml", request, response );
-    	
-		assert(response.getStatus() == HttpServletResponse.SC_OK);
-	}
-	
-	public void testGoodContentType() throws Exception {
-		request.addHeader("Content-Type","text/html");
-		
-		WAFTestUtility.createAndExecuteWAFTransaction( "waf-policies/restrict-content-type-policy.xml", request, response );
-    	
-		assert(response.getStatus() == HttpServletResponse.SC_OK);
-	}
-	
-	public void testBadContentType() throws Exception {
-		request.addHeader("Content-Type","multipart/form-upload");
-		
-		WAFTestUtility.createAndExecuteWAFTransaction( "waf-policies/restrict-content-type-policy.xml", request, response );
-    	
-		assert(response.getStatus() == HttpServletResponse.SC_MOVED_PERMANENTLY);
-	}
-	
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf;
+
+import javax.servlet.http.HttpServletResponse;
+
+import junit.framework.TestSuite;
+
+public class RestrictContentTypeTest extends WAFTestCase {
+
+	public static TestSuite suite() {
+		return new TestSuite(RestrictContentTypeTest.class);
+	}
+
+	public void testNoContentType() throws Exception {
+
+		WAFTestUtility.createAndExecuteWAFTransaction( "waf-policies/restrict-content-type-policy.xml", request, response );
+    	
+		assert(response.getStatus() == HttpServletResponse.SC_OK);
+	}
+	
+	public void testGoodContentType() throws Exception {
+		request.addHeader("Content-Type","text/html");
+		
+		WAFTestUtility.createAndExecuteWAFTransaction( "waf-policies/restrict-content-type-policy.xml", request, response );
+    	
+		assert(response.getStatus() == HttpServletResponse.SC_OK);
+	}
+	
+	public void testBadContentType() throws Exception {
+		request.addHeader("Content-Type","multipart/form-upload");
+		
+		WAFTestUtility.createAndExecuteWAFTransaction( "waf-policies/restrict-content-type-policy.xml", request, response );
+    	
+		assert(response.getStatus() == HttpServletResponse.SC_MOVED_PERMANENTLY);
+	}
+	
+}

From 677468b79fd35545894b33cfe4d9c4fa64244039 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:52 -0500
Subject: [PATCH 265/812] Change CRLF to LF for issue 356.

---
 .../esapi/waf/RestrictExtensionTest.java      | 114 +++++++++---------
 1 file changed, 57 insertions(+), 57 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/waf/RestrictExtensionTest.java b/src/test/java/org/owasp/esapi/waf/RestrictExtensionTest.java
index 7aee58e2e..18ded9717 100644
--- a/src/test/java/org/owasp/esapi/waf/RestrictExtensionTest.java
+++ b/src/test/java/org/owasp/esapi/waf/RestrictExtensionTest.java
@@ -1,57 +1,57 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf;
-
-import java.net.URL;
-
-import javax.servlet.http.HttpServletResponse;
-
-import junit.framework.TestSuite;
-
-import org.owasp.esapi.http.MockHttpServletRequest;
-import org.owasp.esapi.http.MockHttpServletResponse;
-
-public class RestrictExtensionTest extends WAFTestCase {
-
-	public static TestSuite suite() {
-		return new TestSuite(RestrictExtensionTest.class);
-	}
-	
-	public void testGoodExtension() throws Exception {
-        
-    	System.out.println("restrictExtensionPolicy - approve this URL (doesn't end in .log or anything else evil)" );
-
-        request = new MockHttpServletRequest( new URL( "http://www.example.com/logfiles/12192009.jpg" ) );
-        request.getSession(true); // pass HttpOnly test...
-    	response = new MockHttpServletResponse();
-        
-        WAFTestUtility.createAndExecuteWAFTransaction( "waf-policies/restrict-extension-policy.xml", request, response );
-    	
-    	assertTrue( response.getStatus() != HttpServletResponse.SC_MOVED_PERMANENTLY );
-    }
-
-	public void testBadExtension() throws Exception {
-        
-    	System.out.println("restrictExtensionPolicy - reject any URL ending in .log" );
-
-        MockHttpServletRequest request = new MockHttpServletRequest( new URL( "http://www.example.com/logfiles/12192009.log" ) );
-    	MockHttpServletResponse response = new MockHttpServletResponse();
-        
-        WAFTestUtility.createAndExecuteWAFTransaction( "waf-policies/restrict-extension-policy.xml", request, response );
-    	
-    	assertTrue( response.getStatus() == HttpServletResponse.SC_MOVED_PERMANENTLY );
-    }
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf;
+
+import java.net.URL;
+
+import javax.servlet.http.HttpServletResponse;
+
+import junit.framework.TestSuite;
+
+import org.owasp.esapi.http.MockHttpServletRequest;
+import org.owasp.esapi.http.MockHttpServletResponse;
+
+public class RestrictExtensionTest extends WAFTestCase {
+
+	public static TestSuite suite() {
+		return new TestSuite(RestrictExtensionTest.class);
+	}
+	
+	public void testGoodExtension() throws Exception {
+        
+    	System.out.println("restrictExtensionPolicy - approve this URL (doesn't end in .log or anything else evil)" );
+
+        request = new MockHttpServletRequest( new URL( "http://www.example.com/logfiles/12192009.jpg" ) );
+        request.getSession(true); // pass HttpOnly test...
+    	response = new MockHttpServletResponse();
+        
+        WAFTestUtility.createAndExecuteWAFTransaction( "waf-policies/restrict-extension-policy.xml", request, response );
+    	
+    	assertTrue( response.getStatus() != HttpServletResponse.SC_MOVED_PERMANENTLY );
+    }
+
+	public void testBadExtension() throws Exception {
+        
+    	System.out.println("restrictExtensionPolicy - reject any URL ending in .log" );
+
+        MockHttpServletRequest request = new MockHttpServletRequest( new URL( "http://www.example.com/logfiles/12192009.log" ) );
+    	MockHttpServletResponse response = new MockHttpServletResponse();
+        
+        WAFTestUtility.createAndExecuteWAFTransaction( "waf-policies/restrict-extension-policy.xml", request, response );
+    	
+    	assertTrue( response.getStatus() == HttpServletResponse.SC_MOVED_PERMANENTLY );
+    }
+}

From 0d0cea5fe9e4c4a63489b2970c095e585d3313cc Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:52 -0500
Subject: [PATCH 266/812] Change CRLF to LF for issue 356.

---
 .../owasp/esapi/waf/RestrictMethodTest.java   | 112 +++++++++---------
 1 file changed, 56 insertions(+), 56 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/waf/RestrictMethodTest.java b/src/test/java/org/owasp/esapi/waf/RestrictMethodTest.java
index 0203bb81a..380ee020b 100644
--- a/src/test/java/org/owasp/esapi/waf/RestrictMethodTest.java
+++ b/src/test/java/org/owasp/esapi/waf/RestrictMethodTest.java
@@ -1,56 +1,56 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf;
-
-import java.net.URL;
-
-import javax.servlet.http.HttpServletResponse;
-
-import junit.framework.TestSuite;
-
-import org.owasp.esapi.http.MockHttpServletRequest;
-import org.owasp.esapi.http.MockHttpServletResponse;
-
-public class RestrictMethodTest extends WAFTestCase {
-	
-	public static TestSuite suite() {
-		return new TestSuite(RestrictMethodTest.class);
-	}
-	
-	public void testGoodMethod() throws Exception {
-		// test good method
-	    url = new URL( "http://www.example.com/index.jsp" );
-		System.out.println( "\nTest good method: " + url );
-	    request = new MockHttpServletRequest( url );
-	    request.setMethod( "TRACE" );
-	    request.getSession(true); // so the app will pass the HttpOnly test...
-	    
-		response = new MockHttpServletResponse();
-		createAndExecuteWAFResponseCodeTest(waf, request, response, HttpServletResponse.SC_OK );
-	}
-	
-	public void testBadMethod() throws Exception {
-		// test bad method
-	    url = new URL( "http://www.example.com/index.jsp" );
-		System.out.println( "\nTest bad method: " + url );
-	    request = new MockHttpServletRequest( url );
-	    request.setMethod( "JEFF" );
-	    request.getSession(true); // so the app will pass the HttpOnly test...
-	    
-		response = new MockHttpServletResponse();
-		createAndExecuteWAFResponseCodeTest( waf, request, response, HttpServletResponse.SC_MOVED_PERMANENTLY );
-	}    
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf;
+
+import java.net.URL;
+
+import javax.servlet.http.HttpServletResponse;
+
+import junit.framework.TestSuite;
+
+import org.owasp.esapi.http.MockHttpServletRequest;
+import org.owasp.esapi.http.MockHttpServletResponse;
+
+public class RestrictMethodTest extends WAFTestCase {
+	
+	public static TestSuite suite() {
+		return new TestSuite(RestrictMethodTest.class);
+	}
+	
+	public void testGoodMethod() throws Exception {
+		// test good method
+	    url = new URL( "http://www.example.com/index.jsp" );
+		System.out.println( "\nTest good method: " + url );
+	    request = new MockHttpServletRequest( url );
+	    request.setMethod( "TRACE" );
+	    request.getSession(true); // so the app will pass the HttpOnly test...
+	    
+		response = new MockHttpServletResponse();
+		createAndExecuteWAFResponseCodeTest(waf, request, response, HttpServletResponse.SC_OK );
+	}
+	
+	public void testBadMethod() throws Exception {
+		// test bad method
+	    url = new URL( "http://www.example.com/index.jsp" );
+		System.out.println( "\nTest bad method: " + url );
+	    request = new MockHttpServletRequest( url );
+	    request.setMethod( "JEFF" );
+	    request.getSession(true); // so the app will pass the HttpOnly test...
+	    
+		response = new MockHttpServletResponse();
+		createAndExecuteWAFResponseCodeTest( waf, request, response, HttpServletResponse.SC_MOVED_PERMANENTLY );
+	}    
+}

From bdac0c2a6b8d3179859c32ff70ad931fef3b531c Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:52 -0500
Subject: [PATCH 267/812] Change CRLF to LF for issue 356.

---
 .../esapi/waf/RestrictUserAgentTest.java      | 92 +++++++++----------
 1 file changed, 46 insertions(+), 46 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/waf/RestrictUserAgentTest.java b/src/test/java/org/owasp/esapi/waf/RestrictUserAgentTest.java
index 1cd641df4..79d865a76 100644
--- a/src/test/java/org/owasp/esapi/waf/RestrictUserAgentTest.java
+++ b/src/test/java/org/owasp/esapi/waf/RestrictUserAgentTest.java
@@ -1,46 +1,46 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf;
-
-import javax.servlet.http.HttpServletResponse;
-
-import junit.framework.TestSuite;
-
-public class RestrictUserAgentTest extends WAFTestCase {
-	
-	public static TestSuite suite() {
-		return new TestSuite(RestrictUserAgentTest.class);
-	}
-	
-	public void testBadUserAgent() throws Exception {
-		
-		request.addHeader("User-Agent","GoogleBot");
-		
-		WAFTestUtility.createAndExecuteWAFTransaction( "waf-policies/restrict-user-agent-policy.xml", request, response );
-		
-		assert(response.getStatus() == 403);
-	}
-	
-	public void testGoodUserAgent() throws Exception {
-		
-		request.addHeader("User-Agent","MSIE NT Compatible");
-		
-		WAFTestUtility.createAndExecuteWAFTransaction( "waf-policies/restrict-user-agent-policy.xml", request, response );
-    	
-		assert(response.getStatus() == HttpServletResponse.SC_OK);
-	}
-	
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf;
+
+import javax.servlet.http.HttpServletResponse;
+
+import junit.framework.TestSuite;
+
+public class RestrictUserAgentTest extends WAFTestCase {
+	
+	public static TestSuite suite() {
+		return new TestSuite(RestrictUserAgentTest.class);
+	}
+	
+	public void testBadUserAgent() throws Exception {
+		
+		request.addHeader("User-Agent","GoogleBot");
+		
+		WAFTestUtility.createAndExecuteWAFTransaction( "waf-policies/restrict-user-agent-policy.xml", request, response );
+		
+		assert(response.getStatus() == 403);
+	}
+	
+	public void testGoodUserAgent() throws Exception {
+		
+		request.addHeader("User-Agent","MSIE NT Compatible");
+		
+		WAFTestUtility.createAndExecuteWAFTransaction( "waf-policies/restrict-user-agent-policy.xml", request, response );
+    	
+		assert(response.getStatus() == HttpServletResponse.SC_OK);
+	}
+	
+}

From f4612c5cc64be9f278d1ad25a23a9e3725103a29 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:52 -0500
Subject: [PATCH 268/812] Change CRLF to LF for issue 356.

---
 .../org/owasp/esapi/waf/VirtualPatchTest.java | 120 +++++++++---------
 1 file changed, 60 insertions(+), 60 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/waf/VirtualPatchTest.java b/src/test/java/org/owasp/esapi/waf/VirtualPatchTest.java
index 4be65efff..375c596d7 100644
--- a/src/test/java/org/owasp/esapi/waf/VirtualPatchTest.java
+++ b/src/test/java/org/owasp/esapi/waf/VirtualPatchTest.java
@@ -1,60 +1,60 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf;
-
-import java.net.URL;
-
-import javax.servlet.http.HttpServletResponse;
-
-import org.owasp.esapi.http.MockHttpServletRequest;
-import org.owasp.esapi.http.MockHttpServletResponse;
-
-import junit.framework.TestSuite;
-
-public class VirtualPatchTest extends WAFTestCase {
-
-	public static TestSuite suite() {
-		return new TestSuite(VirtualPatchTest.class);
-	}
-	
-	public void testNonAttacktAfterVirtualPatch() throws Exception {
-		// should pass
-        url = new URL( "https://www.example.com/virtualpatch.jsp" );
-		System.out.println( "Testing non-attack after virtual patch on URL: " + url );
-        request = new MockHttpServletRequest( url );
-        request.getSession(true);
-        request.setScheme("https");
-        request.getSession().setAttribute("ESAPIUserSessionKey", user);
-        request.addParameter("bar", "09124asd135r123irh2938rh9c82hr3hareohvw"); // alphanums are allowed
-        request.addParameter("foo", "<script>' oR 1=1-- bad.attax.google.com jar:"); // this parameter should not be touched by the patch
-    	response = new MockHttpServletResponse();
-    	createAndExecuteWAFResponseCodeTest( waf, request, response, HttpServletResponse.SC_OK );
-	}
-	
-	public void testAttackAfterVirtualPatch() throws Exception {
-		// should fail
-        url = new URL( "https://www.example.com/foo.jsp" );
-		System.out.println( "Testing attack after virtual patch on URL: " + url );
-        request = new MockHttpServletRequest( url );
-        request.getSession(true);
-        request.setScheme("https");
-        request.getSession().setAttribute("ESAPIUserSessionKey", user);
-        request.addParameter("bar", "09124asd135r123ir>h2938rh9c82hr3hareohvw"); // non-alphanums are not allowed (there is 1 in the middle)
-        request.addParameter("foo", "SADFSDfSDFSDF123123123"); // this parameter should not be touched by the patch
-    	response = new MockHttpServletResponse();
-    	createAndExecuteWAFResponseCodeTest( waf, request, response, HttpServletResponse.SC_MOVED_PERMANENTLY );
-	}
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf;
+
+import java.net.URL;
+
+import javax.servlet.http.HttpServletResponse;
+
+import org.owasp.esapi.http.MockHttpServletRequest;
+import org.owasp.esapi.http.MockHttpServletResponse;
+
+import junit.framework.TestSuite;
+
+public class VirtualPatchTest extends WAFTestCase {
+
+	public static TestSuite suite() {
+		return new TestSuite(VirtualPatchTest.class);
+	}
+	
+	public void testNonAttacktAfterVirtualPatch() throws Exception {
+		// should pass
+        url = new URL( "https://www.example.com/virtualpatch.jsp" );
+		System.out.println( "Testing non-attack after virtual patch on URL: " + url );
+        request = new MockHttpServletRequest( url );
+        request.getSession(true);
+        request.setScheme("https");
+        request.getSession().setAttribute("ESAPIUserSessionKey", user);
+        request.addParameter("bar", "09124asd135r123irh2938rh9c82hr3hareohvw"); // alphanums are allowed
+        request.addParameter("foo", "<script>' oR 1=1-- bad.attax.google.com jar:"); // this parameter should not be touched by the patch
+    	response = new MockHttpServletResponse();
+    	createAndExecuteWAFResponseCodeTest( waf, request, response, HttpServletResponse.SC_OK );
+	}
+	
+	public void testAttackAfterVirtualPatch() throws Exception {
+		// should fail
+        url = new URL( "https://www.example.com/foo.jsp" );
+		System.out.println( "Testing attack after virtual patch on URL: " + url );
+        request = new MockHttpServletRequest( url );
+        request.getSession(true);
+        request.setScheme("https");
+        request.getSession().setAttribute("ESAPIUserSessionKey", user);
+        request.addParameter("bar", "09124asd135r123ir>h2938rh9c82hr3hareohvw"); // non-alphanums are not allowed (there is 1 in the middle)
+        request.addParameter("foo", "SADFSDfSDFSDF123123123"); // this parameter should not be touched by the patch
+    	response = new MockHttpServletResponse();
+    	createAndExecuteWAFResponseCodeTest( waf, request, response, HttpServletResponse.SC_MOVED_PERMANENTLY );
+	}
+}

From 1699e1a2c2eb2fec6ab687da37dd0edf67156cac Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:52 -0500
Subject: [PATCH 269/812] Change CRLF to LF for issue 356.

---
 .../org/owasp/esapi/waf/WAFFilterTest.java    | 162 +++++++++---------
 1 file changed, 81 insertions(+), 81 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/waf/WAFFilterTest.java b/src/test/java/org/owasp/esapi/waf/WAFFilterTest.java
index fdb9f083b..5750bc49d 100644
--- a/src/test/java/org/owasp/esapi/waf/WAFFilterTest.java
+++ b/src/test/java/org/owasp/esapi/waf/WAFFilterTest.java
@@ -1,81 +1,81 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-
-/**
- * This is the main TestSuite for all the WAF tests. Some of the WAF
- * tests utilize a large policy file containing a bunch of unrelated
- * rules, and some use very small policy files that only exercise
- * specific functionality. Some may use both. 
- * 
- * There is an unlimited combination of rules to be exercised together, 
- * so the small policy files test the strict functionality, while the
- * larger policy files (hopefully) give us assurance that the rules 
- * won't interfere with each other.
- */
-
-public class WAFFilterTest extends TestCase {
-    
-    /**
-	 * Instantiates a new WAF test.
-	 * 
-	 * @param testName the test name
-	 */
-    public WAFFilterTest(String testName) {
-        super(testName);
-    }
-
-
-    /**
-	 * Suite.
-	 * 
-	 * @return the test
-	 */
-    public static Test suite() {
-
-    	TestSuite suite = new TestSuite(WAFFilterTest.class);
-
-        suite.addTest(AddHeaderTest.suite());
-        suite.addTest(BeanShellTest.suite());
-        suite.addTest(DetectOutboundTest.suite());
-        suite.addTest(EnforceAuthenticationTest.suite());
-        suite.addTest(EnforceHTTPSTest.suite());
-        suite.addTest(GoodRequestTest.suite());
-        suite.addTest(HttpOnlyTest.suite());
-        suite.addTest(MustMatchTest.suite());
-        suite.addTest(DynamicInsertionTest.suite());
-        suite.addTest(RestrictContentTypeTest.suite());
-        suite.addTest(RestrictExtensionTest.suite());
-        suite.addTest(RestrictMethodTest.suite());
-        suite.addTest(RestrictUserAgentTest.suite());
-        suite.addTest(VirtualPatchTest.suite());
-        
-        return suite;
-    }
-    
-    public void testConfigurationCanBeRead() throws Exception {
-    	
-    	ESAPIWebApplicationFirewallFilter waf = new ESAPIWebApplicationFirewallFilter();
-    	WAFTestUtility.setWAFPolicy(waf, "waf-policy.xml");
-
-    }
-
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+/**
+ * This is the main TestSuite for all the WAF tests. Some of the WAF
+ * tests utilize a large policy file containing a bunch of unrelated
+ * rules, and some use very small policy files that only exercise
+ * specific functionality. Some may use both. 
+ * 
+ * There is an unlimited combination of rules to be exercised together, 
+ * so the small policy files test the strict functionality, while the
+ * larger policy files (hopefully) give us assurance that the rules 
+ * won't interfere with each other.
+ */
+
+public class WAFFilterTest extends TestCase {
+    
+    /**
+	 * Instantiates a new WAF test.
+	 * 
+	 * @param testName the test name
+	 */
+    public WAFFilterTest(String testName) {
+        super(testName);
+    }
+
+
+    /**
+	 * Suite.
+	 * 
+	 * @return the test
+	 */
+    public static Test suite() {
+
+    	TestSuite suite = new TestSuite(WAFFilterTest.class);
+
+        suite.addTest(AddHeaderTest.suite());
+        suite.addTest(BeanShellTest.suite());
+        suite.addTest(DetectOutboundTest.suite());
+        suite.addTest(EnforceAuthenticationTest.suite());
+        suite.addTest(EnforceHTTPSTest.suite());
+        suite.addTest(GoodRequestTest.suite());
+        suite.addTest(HttpOnlyTest.suite());
+        suite.addTest(MustMatchTest.suite());
+        suite.addTest(DynamicInsertionTest.suite());
+        suite.addTest(RestrictContentTypeTest.suite());
+        suite.addTest(RestrictExtensionTest.suite());
+        suite.addTest(RestrictMethodTest.suite());
+        suite.addTest(RestrictUserAgentTest.suite());
+        suite.addTest(VirtualPatchTest.suite());
+        
+        return suite;
+    }
+    
+    public void testConfigurationCanBeRead() throws Exception {
+    	
+    	ESAPIWebApplicationFirewallFilter waf = new ESAPIWebApplicationFirewallFilter();
+    	WAFTestUtility.setWAFPolicy(waf, "waf-policy.xml");
+
+    }
+
+}

From 087e575a71a0f25e4ad38bcb9469807332ff719f Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:33:52 -0500
Subject: [PATCH 270/812] Change CRLF to LF for issue 356.

---
 .../java/org/owasp/esapi/waf/WAFTestCase.java | 130 +++++++++---------
 1 file changed, 65 insertions(+), 65 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/waf/WAFTestCase.java b/src/test/java/org/owasp/esapi/waf/WAFTestCase.java
index c0c63f772..df72f929a 100644
--- a/src/test/java/org/owasp/esapi/waf/WAFTestCase.java
+++ b/src/test/java/org/owasp/esapi/waf/WAFTestCase.java
@@ -1,65 +1,65 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2009 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2009
- */
-package org.owasp.esapi.waf;
-
-import java.net.URL;
-
-import org.owasp.esapi.Authenticator;
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.EncoderConstants;
-import org.owasp.esapi.User;
-import org.owasp.esapi.http.MockHttpServletRequest;
-import org.owasp.esapi.http.MockHttpServletResponse;
-
-import junit.framework.TestCase;
-
-public abstract class WAFTestCase extends TestCase {
-
-	protected MockHttpServletRequest request;
-	protected MockHttpServletResponse response;
-	protected URL url;
-	protected ESAPIWebApplicationFirewallFilter waf;
-	
-	protected static User user = null;
-	
-	public void setUp() throws Exception {
-	    // setup the user in session
-		
-		if ( user == null ) {
-			String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-			Authenticator instance = ESAPI.authenticator();
-			String password = instance.generateStrongPassword();
-			instance.setCurrentUser(user);
-			user = instance.createUser(accountName, password, password);
-			user.enable();
-		}
-		
-		request = new MockHttpServletRequest( new URL( "http://www.example.com/index" ) );
-        response = new MockHttpServletResponse();
-        waf = new ESAPIWebApplicationFirewallFilter();
-        
-        WAFTestUtility.setWAFPolicy(waf, "/waf-policy.xml");
-	}
-    
-	public void createAndExecuteWAFResponseCodeTest( ESAPIWebApplicationFirewallFilter waf, MockHttpServletRequest request, MockHttpServletResponse response, int expectedResult ) throws Exception {
-    	assertEquals ( expectedResult, WAFTestUtility.createAndExecuteWAFTransaction( waf, request, response) );	
-	}
-    
-    public void createAndExecuteWAFResponseCodeTest( String policy, MockHttpServletRequest request, MockHttpServletResponse response, int expectedResult ) throws Exception {
-    	assertEquals ( expectedResult, WAFTestUtility.createAndExecuteWAFTransaction( policy, request, response) );	
-	}
-}
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2009 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author Arshan Dabirsiaghi <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2009
+ */
+package org.owasp.esapi.waf;
+
+import java.net.URL;
+
+import org.owasp.esapi.Authenticator;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.EncoderConstants;
+import org.owasp.esapi.User;
+import org.owasp.esapi.http.MockHttpServletRequest;
+import org.owasp.esapi.http.MockHttpServletResponse;
+
+import junit.framework.TestCase;
+
+public abstract class WAFTestCase extends TestCase {
+
+	protected MockHttpServletRequest request;
+	protected MockHttpServletResponse response;
+	protected URL url;
+	protected ESAPIWebApplicationFirewallFilter waf;
+	
+	protected static User user = null;
+	
+	public void setUp() throws Exception {
+	    // setup the user in session
+		
+		if ( user == null ) {
+			String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+			Authenticator instance = ESAPI.authenticator();
+			String password = instance.generateStrongPassword();
+			instance.setCurrentUser(user);
+			user = instance.createUser(accountName, password, password);
+			user.enable();
+		}
+		
+		request = new MockHttpServletRequest( new URL( "http://www.example.com/index" ) );
+        response = new MockHttpServletResponse();
+        waf = new ESAPIWebApplicationFirewallFilter();
+        
+        WAFTestUtility.setWAFPolicy(waf, "/waf-policy.xml");
+	}
+    
+	public void createAndExecuteWAFResponseCodeTest( ESAPIWebApplicationFirewallFilter waf, MockHttpServletRequest request, MockHttpServletResponse response, int expectedResult ) throws Exception {
+    	assertEquals ( expectedResult, WAFTestUtility.createAndExecuteWAFTransaction( waf, request, response) );	
+	}
+    
+    public void createAndExecuteWAFResponseCodeTest( String policy, MockHttpServletRequest request, MockHttpServletResponse response, int expectedResult ) throws Exception {
+    	assertEquals ( expectedResult, WAFTestUtility.createAndExecuteWAFTransaction( policy, request, response) );	
+	}
+}

From dfea526361080d4c5c29526b9f92d57cc61c53ca Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:34:45 -0500
Subject: [PATCH 271/812] Change CRLF to LF for issue 356.

---
 ant-javadoc.xml | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/ant-javadoc.xml b/ant-javadoc.xml
index 084d4d1dc..2995a75b0 100644
--- a/ant-javadoc.xml
+++ b/ant-javadoc.xml
@@ -1,8 +1,8 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<project default="javadoc">
-    <target name="javadoc">
-        <javadoc access="private" additionalparam="-J-Xmx768m " author="true" classpath="C:\Users\kww\.m2\repository\org\beanshell\bsh-core\2.0b4\bsh-core-2.0b4.jar;C:\Users\kww\.m2\repository\xalan\xalan\2.7.0\xalan-2.7.0.jar;C:\Users\kww\.m2\repository\logkit\logkit\1.0.1\logkit-1.0.1.jar;C:\Users\kww\.m2\repository\commons-io\commons-io\1.3\commons-io-1.3.jar;C:\Users\kww\.m2\repository\commons-collections\commons-collections\3.2\commons-collections-3.2.jar;C:\Users\kww\.m2\repository\commons-fileupload\commons-fileupload\1.2\commons-fileupload-1.2.jar;C:\Users\kww\.m2\repository\xml-apis\xml-apis\1.3.03\xml-apis-1.3.03.jar;C:\Users\kww\.m2\repository\org\apache\xmlgraphics\batik-util\1.7\batik-util-1.7.jar;C:\Users\kww\.m2\repository\commons-logging\commons-logging\1.1\commons-logging-1.1.jar;C:\Users\kww\.m2\repository\xom\xom\1.2.5\xom-1.2.5.jar;C:\Users\kww\.m2\repository\junit\junit\4.4\junit-4.4.jar;C:\Users\kww\.m2\repository\commons-beanutils\commons-beanutils\1.7.0\commons-beanutils-1.7.0.jar;C:\Users\kww\.m2\repository\xerces\xercesImpl\2.8.0\xercesImpl-2.8.0.jar;C:\Users\kww\.m2\repository\commons-codec\commons-codec\1.2\commons-codec-1.2.jar;C:\Users\kww\.m2\repository\commons-beanutils\commons-beanutils-core\1.7.0\commons-beanutils-core-1.7.0.jar;C:\Users\kww\.m2\repository\net\sourceforge\nekohtml\nekohtml\1.9.12\nekohtml-1.9.12.jar;C:\Users\kww\.m2\repository\org\apache\xmlgraphics\batik-css\1.7\batik-css-1.7.jar;C:\Users\kww\.m2\repository\xml-apis\xml-apis-ext\1.3.04\xml-apis-ext-1.3.04.jar;C:\Users\kww\.m2\repository\org\owasp\antisamy\antisamy\1.4.3\antisamy-1.4.3.jar;C:\Users\kww\.m2\repository\commons-httpclient\commons-httpclient\3.1\commons-httpclient-3.1.jar;C:\Users\kww\.m2\repository\javax\servlet\servlet-api\2.4\servlet-api-2.4.jar;C:\Users\kww\.m2\repository\commons-lang\commons-lang\2.3\commons-lang-2.3.jar;C:\Users\kww\.m2\repository\log4j\log4j\1.2.16\log4j-1.2.16.jar;C:\Users\kww\.m2\repository\commons-digester\commons-digester\1.8\commons-digester-1.8.jar;C:\Users\kww\.m2\repository\avalon-framework\avalon-framework\4.1.3\avalon-framework-4.1.3.jar;C:\Users\kww\.m2\repository\commons-configuration\commons-configuration\1.5\commons-configuration-1.5.jar;C:\Users\kww\.m2\repository\org\apache\xmlgraphics\batik-ext\1.7\batik-ext-1.7.jar;C:\Users\kww\.m2\repository\javax\servlet\jsp-api\2.0\jsp-api-2.0.jar;target/test-classes" destdir="doc" doctitle="OWASP ESAPI 2.1.0 API" nodeprecated="false" nodeprecatedlist="false" noindex="false" nonavbar="false" notree="false" packagenames="org.owasp.esapi.waf.rules,org.owasp.esapi.waf.actions,org.owasp.esapi.tags,org.owasp.esapi.waf.configuration" source="1.5" sourcefiles="src/main/java/org/owasp/esapi/errors/ConfigurationException.java,src/main/java/org/owasp/esapi/AccessController.java,src/main/java/org/owasp/esapi/reference/accesscontrol/DelegatingACR.java,src/main/java/org/owasp/esapi/Encryptor.java,src/main/java/org/owasp/esapi/Authenticator.java,src/main/java/org/owasp/esapi/errors/AccessControlException.java,src/main/java/org/owasp/esapi/util/DefaultMessageUtil.java,src/main/java/org/owasp/esapi/errors/EncodingException.java,src/main/java/org/owasp/esapi/reference/crypto/DefaultEncryptedProperties.java,src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/DynaBeanACRParameterLoader.java,src/main/java/org/owasp/esapi/AccessReferenceMap.java,src/main/java/org/owasp/esapi/reference/validation/HTMLValidationRule.java,src/main/java/org/owasp/esapi/errors/AuthenticationAccountsException.java,src/main/java/org/owasp/esapi/Randomizer.java,src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/PolicyParameters.java,src/main/java/org/owasp/esapi/errors/ValidationUploadException.java,src/main/java/org/owasp/esapi/crypto/KeyDerivationFunction.java,src/main/java/org/owasp/esapi/reference/DefaultIntrusionDetector.java,src/main/java/org/owasp/esapi/Logger.java,src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java,src/main/java/org/owasp/esapi/IntrusionDetector.java,src/main/java/org/owasp/esapi/filters/SecurityWrapper.java,src/main/java/org/owasp/esapi/EncoderConstants.java,src/main/java/org/owasp/esapi/Encoder.java,src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRParameterLoader.java,src/main/java/org/owasp/esapi/reference/accesscontrol/BaseACR.java,src/main/java/org/owasp/esapi/errors/AuthenticationException.java,src/main/java/org/owasp/esapi/reference/DefaultRandomizer.java,src/main/java/org/owasp/esapi/reference/validation/NumberValidationRule.java,src/main/java/org/owasp/esapi/reference/JavaLogFactory.java,src/main/java/org/owasp/esapi/codecs/JavaScriptCodec.java,src/main/java/org/owasp/esapi/errors/AuthenticationCredentialsException.java,src/main/java/org/owasp/esapi/reference/accesscontrol/DynaBeanACRParameter.java,src/main/java/org/owasp/esapi/errors/ExecutorException.java,src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java,src/main/java/org/owasp/esapi/codecs/UnixCodec.java,src/main/java/org/owasp/esapi/codecs/WindowsCodec.java,src/main/java/org/owasp/esapi/waf/ConfigurationException.java,src/main/java/org/owasp/esapi/reference/Log4JLogFactory.java,src/main/java/org/owasp/esapi/Validator.java,src/main/java/org/owasp/esapi/crypto/CryptoDiscoverer.java,src/main/java/org/owasp/esapi/crypto/CipherTextSerializer.java,src/main/java/org/owasp/esapi/reference/validation/CreditCardValidationRule.java,src/main/java/org/owasp/esapi/AccessControlRule.java,src/main/java/org/owasp/esapi/reference/RandomAccessReferenceMap.java,src/main/java/org/owasp/esapi/errors/EncryptionRuntimeException.java,src/main/java/org/owasp/esapi/ValidationErrorList.java,src/main/java/org/owasp/esapi/ValidationRule.java,src/main/java/org/owasp/esapi/codecs/MySQLCodec.java,src/main/java/org/owasp/esapi/EncryptedProperties.java,src/main/java/org/owasp/esapi/reference/validation/DateValidationRule.java,src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java,src/main/java/org/owasp/esapi/util/NullSafe.java,src/main/java/org/owasp/esapi/codecs/VBScriptCodec.java,src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java,src/main/java/org/owasp/esapi/PreparedString.java,src/main/java/org/owasp/esapi/errors/IntrusionException.java,src/main/java/org/owasp/esapi/crypto/CryptoHelper.java,src/main/java/org/owasp/esapi/crypto/CipherText.java,src/main/java/org/owasp/esapi/reference/accesscontrol/EchoRuntimeParameterACR.java,src/main/java/org/owasp/esapi/reference/accesscontrol/AlwaysTrueACR.java,src/main/java/org/owasp/esapi/codecs/Codec.java,src/main/java/org/owasp/esapi/errors/EnterpriseSecurityException.java,src/main/java/org/owasp/esapi/SecurityConfiguration.java,src/main/java/org/owasp/esapi/errors/AvailabilityException.java,src/main/java/org/owasp/esapi/reference/AbstractAuthenticator.java,src/main/java/org/owasp/esapi/waf/internal/InterceptingServletOutputStream.java,src/main/java/org/owasp/esapi/codecs/Hex.java,src/main/java/org/owasp/esapi/codecs/PercentCodec.java,src/main/java/org/owasp/esapi/codecs/Trie.java,src/main/java/org/owasp/esapi/codecs/HashTrie.java,src/main/java/org/owasp/esapi/reference/IntegerAccessReferenceMap.java,src/main/java/org/owasp/esapi/ESAPI.java,src/main/java/org/owasp/esapi/reference/Log4JLogger.java,src/main/java/org/owasp/esapi/crypto/PlainText.java,src/main/java/org/owasp/esapi/SafeFile.java,src/main/java/org/owasp/esapi/waf/internal/InterceptingHTTPServletResponse.java,src/main/java/org/owasp/esapi/errors/ValidationAvailabilityException.java,src/main/java/org/owasp/esapi/reference/AbstractAccessReferenceMap.java,src/main/java/org/owasp/esapi/crypto/CipherSpec.java,src/main/java/org/owasp/esapi/StringUtilities.java,src/main/java/org/owasp/esapi/codecs/OracleCodec.java,src/main/java/org/owasp/esapi/codecs/CSSCodec.java,src/main/java/org/owasp/esapi/waf/internal/Parameter.java,src/main/java/org/owasp/esapi/util/CollectionsUtil.java,src/main/java/org/owasp/esapi/crypto/CryptoToken.java,src/main/java/org/owasp/esapi/reference/crypto/ReferenceEncryptedProperties.java,src/main/java/org/owasp/esapi/errors/EnterpriseSecurityRuntimeException.java,src/main/java/org/owasp/esapi/HTTPUtilities.java,src/main/java/org/owasp/esapi/codecs/PushbackString.java,src/main/java/org/owasp/esapi/filters/ESAPIFilter.java,src/main/java/org/owasp/esapi/waf/internal/InterceptingHTTPServletRequest.java,src/main/java/org/owasp/esapi/reference/Log4JLoggerFactory.java,src/main/java/org/owasp/esapi/reference/validation/StringValidationRule.java,src/main/java/org/owasp/esapi/waf/ESAPIWebApplicationFirewallFilter.java,src/main/java/org/owasp/esapi/reference/accesscontrol/AlwaysFalseACR.java,src/main/java/org/owasp/esapi/errors/EncryptionException.java,src/main/java/org/owasp/esapi/codecs/Base64.java,src/main/java/org/owasp/esapi/errors/AuthenticationLoginException.java,src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/EchoDynaBeanPolicyParameterACR.java,src/main/java/org/owasp/esapi/reference/DefaultExecutor.java,src/main/java/org/owasp/esapi/errors/IntegrityException.java,src/main/java/org/owasp/esapi/codecs/XMLEntityCodec.java,src/main/java/org/owasp/esapi/User.java,src/main/java/org/owasp/esapi/filters/SecurityWrapperRequest.java,src/main/java/org/owasp/esapi/reference/DefaultEncoder.java,src/main/java/org/owasp/esapi/reference/crypto/JavaEncryptor.java,src/main/java/org/owasp/esapi/errors/AuthenticationHostException.java,src/main/java/org/owasp/esapi/util/ObjFactory.java,src/main/java/org/owasp/esapi/reference/crypto/EncryptedPropertiesUtils.java,src/main/java/org/owasp/esapi/crypto/SecurityProviderLoader.java,src/main/java/org/owasp/esapi/waf/internal/InterceptingPrintWriter.java,src/main/java/org/owasp/esapi/reference/DefaultUser.java,src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRParameterLoaderHelper.java,src/main/java/org/owasp/esapi/filters/ClickjackFilter.java,src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/PolicyDTO.java,src/main/java/org/owasp/esapi/reference/DefaultValidator.java,src/main/java/org/owasp/esapi/reference/DefaultAccessController.java,src/main/java/org/owasp/esapi/codecs/DB2Codec.java,src/main/java/org/owasp/esapi/reference/accesscontrol/ExperimentalAccessController.java,src/main/java/org/owasp/esapi/errors/ValidationException.java,src/main/java/org/owasp/esapi/Executor.java,src/main/java/org/owasp/esapi/reference/validation/IntegerValidationRule.java,src/main/java/org/owasp/esapi/reference/accesscontrol/FileBasedACRs.java,src/main/java/org/owasp/esapi/filters/RequestRateThrottleFilter.java,src/main/java/org/owasp/esapi/util/ByteConversionUtil.java,src/main/java/org/owasp/esapi/reference/validation/BaseValidationRule.java,src/main/java/org/owasp/esapi/LogFactory.java,src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRPolicyFileLoader.java,src/main/java/org/owasp/esapi/reference/FileBasedAuthenticator.java,src/main/java/org/owasp/esapi/errors/CertificateException.java,src/main/java/org/owasp/esapi/ExecuteResult.java" sourcepath="src/test/resources;src/test/java;src/main/java" splitindex="true" use="true" version="true">
-            <link href="http://java.sun.com/javase/7/docs/api/"/>
-        </javadoc>
-    </target>
-</project>
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<project default="javadoc">
+    <target name="javadoc">
+        <javadoc access="private" additionalparam="-J-Xmx768m " author="true" classpath="C:\Users\kww\.m2\repository\org\beanshell\bsh-core\2.0b4\bsh-core-2.0b4.jar;C:\Users\kww\.m2\repository\xalan\xalan\2.7.0\xalan-2.7.0.jar;C:\Users\kww\.m2\repository\logkit\logkit\1.0.1\logkit-1.0.1.jar;C:\Users\kww\.m2\repository\commons-io\commons-io\1.3\commons-io-1.3.jar;C:\Users\kww\.m2\repository\commons-collections\commons-collections\3.2\commons-collections-3.2.jar;C:\Users\kww\.m2\repository\commons-fileupload\commons-fileupload\1.2\commons-fileupload-1.2.jar;C:\Users\kww\.m2\repository\xml-apis\xml-apis\1.3.03\xml-apis-1.3.03.jar;C:\Users\kww\.m2\repository\org\apache\xmlgraphics\batik-util\1.7\batik-util-1.7.jar;C:\Users\kww\.m2\repository\commons-logging\commons-logging\1.1\commons-logging-1.1.jar;C:\Users\kww\.m2\repository\xom\xom\1.2.5\xom-1.2.5.jar;C:\Users\kww\.m2\repository\junit\junit\4.4\junit-4.4.jar;C:\Users\kww\.m2\repository\commons-beanutils\commons-beanutils\1.7.0\commons-beanutils-1.7.0.jar;C:\Users\kww\.m2\repository\xerces\xercesImpl\2.8.0\xercesImpl-2.8.0.jar;C:\Users\kww\.m2\repository\commons-codec\commons-codec\1.2\commons-codec-1.2.jar;C:\Users\kww\.m2\repository\commons-beanutils\commons-beanutils-core\1.7.0\commons-beanutils-core-1.7.0.jar;C:\Users\kww\.m2\repository\net\sourceforge\nekohtml\nekohtml\1.9.12\nekohtml-1.9.12.jar;C:\Users\kww\.m2\repository\org\apache\xmlgraphics\batik-css\1.7\batik-css-1.7.jar;C:\Users\kww\.m2\repository\xml-apis\xml-apis-ext\1.3.04\xml-apis-ext-1.3.04.jar;C:\Users\kww\.m2\repository\org\owasp\antisamy\antisamy\1.4.3\antisamy-1.4.3.jar;C:\Users\kww\.m2\repository\commons-httpclient\commons-httpclient\3.1\commons-httpclient-3.1.jar;C:\Users\kww\.m2\repository\javax\servlet\servlet-api\2.4\servlet-api-2.4.jar;C:\Users\kww\.m2\repository\commons-lang\commons-lang\2.3\commons-lang-2.3.jar;C:\Users\kww\.m2\repository\log4j\log4j\1.2.16\log4j-1.2.16.jar;C:\Users\kww\.m2\repository\commons-digester\commons-digester\1.8\commons-digester-1.8.jar;C:\Users\kww\.m2\repository\avalon-framework\avalon-framework\4.1.3\avalon-framework-4.1.3.jar;C:\Users\kww\.m2\repository\commons-configuration\commons-configuration\1.5\commons-configuration-1.5.jar;C:\Users\kww\.m2\repository\org\apache\xmlgraphics\batik-ext\1.7\batik-ext-1.7.jar;C:\Users\kww\.m2\repository\javax\servlet\jsp-api\2.0\jsp-api-2.0.jar;target/test-classes" destdir="doc" doctitle="OWASP ESAPI 2.1.0 API" nodeprecated="false" nodeprecatedlist="false" noindex="false" nonavbar="false" notree="false" packagenames="org.owasp.esapi.waf.rules,org.owasp.esapi.waf.actions,org.owasp.esapi.tags,org.owasp.esapi.waf.configuration" source="1.5" sourcefiles="src/main/java/org/owasp/esapi/errors/ConfigurationException.java,src/main/java/org/owasp/esapi/AccessController.java,src/main/java/org/owasp/esapi/reference/accesscontrol/DelegatingACR.java,src/main/java/org/owasp/esapi/Encryptor.java,src/main/java/org/owasp/esapi/Authenticator.java,src/main/java/org/owasp/esapi/errors/AccessControlException.java,src/main/java/org/owasp/esapi/util/DefaultMessageUtil.java,src/main/java/org/owasp/esapi/errors/EncodingException.java,src/main/java/org/owasp/esapi/reference/crypto/DefaultEncryptedProperties.java,src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/DynaBeanACRParameterLoader.java,src/main/java/org/owasp/esapi/AccessReferenceMap.java,src/main/java/org/owasp/esapi/reference/validation/HTMLValidationRule.java,src/main/java/org/owasp/esapi/errors/AuthenticationAccountsException.java,src/main/java/org/owasp/esapi/Randomizer.java,src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/PolicyParameters.java,src/main/java/org/owasp/esapi/errors/ValidationUploadException.java,src/main/java/org/owasp/esapi/crypto/KeyDerivationFunction.java,src/main/java/org/owasp/esapi/reference/DefaultIntrusionDetector.java,src/main/java/org/owasp/esapi/Logger.java,src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java,src/main/java/org/owasp/esapi/IntrusionDetector.java,src/main/java/org/owasp/esapi/filters/SecurityWrapper.java,src/main/java/org/owasp/esapi/EncoderConstants.java,src/main/java/org/owasp/esapi/Encoder.java,src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRParameterLoader.java,src/main/java/org/owasp/esapi/reference/accesscontrol/BaseACR.java,src/main/java/org/owasp/esapi/errors/AuthenticationException.java,src/main/java/org/owasp/esapi/reference/DefaultRandomizer.java,src/main/java/org/owasp/esapi/reference/validation/NumberValidationRule.java,src/main/java/org/owasp/esapi/reference/JavaLogFactory.java,src/main/java/org/owasp/esapi/codecs/JavaScriptCodec.java,src/main/java/org/owasp/esapi/errors/AuthenticationCredentialsException.java,src/main/java/org/owasp/esapi/reference/accesscontrol/DynaBeanACRParameter.java,src/main/java/org/owasp/esapi/errors/ExecutorException.java,src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java,src/main/java/org/owasp/esapi/codecs/UnixCodec.java,src/main/java/org/owasp/esapi/codecs/WindowsCodec.java,src/main/java/org/owasp/esapi/waf/ConfigurationException.java,src/main/java/org/owasp/esapi/reference/Log4JLogFactory.java,src/main/java/org/owasp/esapi/Validator.java,src/main/java/org/owasp/esapi/crypto/CryptoDiscoverer.java,src/main/java/org/owasp/esapi/crypto/CipherTextSerializer.java,src/main/java/org/owasp/esapi/reference/validation/CreditCardValidationRule.java,src/main/java/org/owasp/esapi/AccessControlRule.java,src/main/java/org/owasp/esapi/reference/RandomAccessReferenceMap.java,src/main/java/org/owasp/esapi/errors/EncryptionRuntimeException.java,src/main/java/org/owasp/esapi/ValidationErrorList.java,src/main/java/org/owasp/esapi/ValidationRule.java,src/main/java/org/owasp/esapi/codecs/MySQLCodec.java,src/main/java/org/owasp/esapi/EncryptedProperties.java,src/main/java/org/owasp/esapi/reference/validation/DateValidationRule.java,src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java,src/main/java/org/owasp/esapi/util/NullSafe.java,src/main/java/org/owasp/esapi/codecs/VBScriptCodec.java,src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java,src/main/java/org/owasp/esapi/PreparedString.java,src/main/java/org/owasp/esapi/errors/IntrusionException.java,src/main/java/org/owasp/esapi/crypto/CryptoHelper.java,src/main/java/org/owasp/esapi/crypto/CipherText.java,src/main/java/org/owasp/esapi/reference/accesscontrol/EchoRuntimeParameterACR.java,src/main/java/org/owasp/esapi/reference/accesscontrol/AlwaysTrueACR.java,src/main/java/org/owasp/esapi/codecs/Codec.java,src/main/java/org/owasp/esapi/errors/EnterpriseSecurityException.java,src/main/java/org/owasp/esapi/SecurityConfiguration.java,src/main/java/org/owasp/esapi/errors/AvailabilityException.java,src/main/java/org/owasp/esapi/reference/AbstractAuthenticator.java,src/main/java/org/owasp/esapi/waf/internal/InterceptingServletOutputStream.java,src/main/java/org/owasp/esapi/codecs/Hex.java,src/main/java/org/owasp/esapi/codecs/PercentCodec.java,src/main/java/org/owasp/esapi/codecs/Trie.java,src/main/java/org/owasp/esapi/codecs/HashTrie.java,src/main/java/org/owasp/esapi/reference/IntegerAccessReferenceMap.java,src/main/java/org/owasp/esapi/ESAPI.java,src/main/java/org/owasp/esapi/reference/Log4JLogger.java,src/main/java/org/owasp/esapi/crypto/PlainText.java,src/main/java/org/owasp/esapi/SafeFile.java,src/main/java/org/owasp/esapi/waf/internal/InterceptingHTTPServletResponse.java,src/main/java/org/owasp/esapi/errors/ValidationAvailabilityException.java,src/main/java/org/owasp/esapi/reference/AbstractAccessReferenceMap.java,src/main/java/org/owasp/esapi/crypto/CipherSpec.java,src/main/java/org/owasp/esapi/StringUtilities.java,src/main/java/org/owasp/esapi/codecs/OracleCodec.java,src/main/java/org/owasp/esapi/codecs/CSSCodec.java,src/main/java/org/owasp/esapi/waf/internal/Parameter.java,src/main/java/org/owasp/esapi/util/CollectionsUtil.java,src/main/java/org/owasp/esapi/crypto/CryptoToken.java,src/main/java/org/owasp/esapi/reference/crypto/ReferenceEncryptedProperties.java,src/main/java/org/owasp/esapi/errors/EnterpriseSecurityRuntimeException.java,src/main/java/org/owasp/esapi/HTTPUtilities.java,src/main/java/org/owasp/esapi/codecs/PushbackString.java,src/main/java/org/owasp/esapi/filters/ESAPIFilter.java,src/main/java/org/owasp/esapi/waf/internal/InterceptingHTTPServletRequest.java,src/main/java/org/owasp/esapi/reference/Log4JLoggerFactory.java,src/main/java/org/owasp/esapi/reference/validation/StringValidationRule.java,src/main/java/org/owasp/esapi/waf/ESAPIWebApplicationFirewallFilter.java,src/main/java/org/owasp/esapi/reference/accesscontrol/AlwaysFalseACR.java,src/main/java/org/owasp/esapi/errors/EncryptionException.java,src/main/java/org/owasp/esapi/codecs/Base64.java,src/main/java/org/owasp/esapi/errors/AuthenticationLoginException.java,src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/EchoDynaBeanPolicyParameterACR.java,src/main/java/org/owasp/esapi/reference/DefaultExecutor.java,src/main/java/org/owasp/esapi/errors/IntegrityException.java,src/main/java/org/owasp/esapi/codecs/XMLEntityCodec.java,src/main/java/org/owasp/esapi/User.java,src/main/java/org/owasp/esapi/filters/SecurityWrapperRequest.java,src/main/java/org/owasp/esapi/reference/DefaultEncoder.java,src/main/java/org/owasp/esapi/reference/crypto/JavaEncryptor.java,src/main/java/org/owasp/esapi/errors/AuthenticationHostException.java,src/main/java/org/owasp/esapi/util/ObjFactory.java,src/main/java/org/owasp/esapi/reference/crypto/EncryptedPropertiesUtils.java,src/main/java/org/owasp/esapi/crypto/SecurityProviderLoader.java,src/main/java/org/owasp/esapi/waf/internal/InterceptingPrintWriter.java,src/main/java/org/owasp/esapi/reference/DefaultUser.java,src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRParameterLoaderHelper.java,src/main/java/org/owasp/esapi/filters/ClickjackFilter.java,src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/PolicyDTO.java,src/main/java/org/owasp/esapi/reference/DefaultValidator.java,src/main/java/org/owasp/esapi/reference/DefaultAccessController.java,src/main/java/org/owasp/esapi/codecs/DB2Codec.java,src/main/java/org/owasp/esapi/reference/accesscontrol/ExperimentalAccessController.java,src/main/java/org/owasp/esapi/errors/ValidationException.java,src/main/java/org/owasp/esapi/Executor.java,src/main/java/org/owasp/esapi/reference/validation/IntegerValidationRule.java,src/main/java/org/owasp/esapi/reference/accesscontrol/FileBasedACRs.java,src/main/java/org/owasp/esapi/filters/RequestRateThrottleFilter.java,src/main/java/org/owasp/esapi/util/ByteConversionUtil.java,src/main/java/org/owasp/esapi/reference/validation/BaseValidationRule.java,src/main/java/org/owasp/esapi/LogFactory.java,src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/ACRPolicyFileLoader.java,src/main/java/org/owasp/esapi/reference/FileBasedAuthenticator.java,src/main/java/org/owasp/esapi/errors/CertificateException.java,src/main/java/org/owasp/esapi/ExecuteResult.java" sourcepath="src/test/resources;src/test/java;src/main/java" splitindex="true" use="true" version="true">
+            <link href="http://java.sun.com/javase/7/docs/api/"/>
+        </javadoc>
+    </target>
+</project>

From 699ca6244f193e8a7047a5bba89d4ee94840d1ff Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:34:45 -0500
Subject: [PATCH 272/812] Change CRLF to LF for issue 356.

---
 configuration/esapi/antisamy-esapi.xml | 984 ++++++++++++-------------
 1 file changed, 492 insertions(+), 492 deletions(-)

diff --git a/configuration/esapi/antisamy-esapi.xml b/configuration/esapi/antisamy-esapi.xml
index 500ab5943..14880d0b5 100644
--- a/configuration/esapi/antisamy-esapi.xml
+++ b/configuration/esapi/antisamy-esapi.xml
@@ -1,492 +1,492 @@
-<?xml version="1.0" encoding="ISO-8859-1"?>
-	
-<!-- 
-W3C rules retrieved from:
-http://www.w3.org/TR/html401/struct/global.html
--->
-	
-<!--
-Slashdot allowed tags taken from "Reply" page:
-<b> <i> <p> <br> <a> <ol> <ul> <li> <dl> <dt> <dd> <em> <strong> <tt> <blockquote> <div> <ecode> <quote>
--->
-
-<anti-samy-rules xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-		xsi:noNamespaceSchemaLocation="antisamy.xsd">
-	
-	<directives>
-		<directive name="omitXmlDeclaration" value="true"/>
-		<directive name="omitDoctypeDeclaration" value="true"/>
-		<directive name="maxInputSize" value="500000"/>
-		<directive name="embedStyleSheets" value="false"/>
-	</directives>
-	
-	
-	<common-regexps>
-		
-		<!-- 
-		From W3C:
-		This attribute assigns a class name or set of class names to an
-		element. Any number of elements may be assigned the same class
-		name or names. Multiple class names must be separated by white 
-		space characters.
-		-->
-		
-		<regexp name="htmlTitle" value="[a-zA-Z0-9\s-_',:\[\]!\./\\\(\)]*"/> <!-- force non-empty with a '+' at the end instead of '*' -->
-		<regexp name="onsiteURL" value="([\w\\/\.\?=&amp;;\#-~]+|\#(\w)+)"/>
-		<regexp name="offsiteURL" value="(\s)*((ht|f)tp(s?)://|mailto:)[A-Za-z0-9]+[~a-zA-Z0-9-_\.@#$%&amp;;:,\?=/\+!]*(\s)*"/>
-	
-	</common-regexps>
-	
-	<!-- 
-	
-	Tag.name = a, b, div, body, etc.
-	Tag.action = filter: remove tags, but keep content, validate: keep content as long as it passes rules, remove: remove tag and contents
-	Attribute.name = id, class, href, align, width, etc.
-	Attribute.onInvalid = what to do when the attribute is invalid, e.g., remove the tag (removeTag), remove the attribute (removeAttribute), filter the tag (filterTag)
-	Attribute.description = What rules in English you want to tell the users they can have for this attribute. Include helpful things so they'll be able to tune their HTML
-	 
-	 -->
-
-	<!-- 
-	Some attributes are common to all (or most) HTML tags. There aren't many that qualify for this. You have to make sure there's no
-	collisions between any of these attribute names with attribute names of other tags that are for different purposes.
-	-->
-
-	<common-attributes>
-		
-
-		<attribute name="lang" description="The 'lang' attribute tells the browser what language the element's attribute values and content are written in">
-		 	<regexp-list>
-		 		<regexp value="[a-zA-Z]{2,20}"/>
-		 	</regexp-list>
-		 </attribute>
-		 
-		 <attribute name="title" description="The 'title' attribute provides text that shows up in a 'tooltip' when a user hovers their mouse over the element">
-		 	<regexp-list>
-		 		<regexp name="htmlTitle"/>
-		 	</regexp-list>
-		 </attribute>
-
-		<attribute name="href" onInvalid="filterTag">
-			<regexp-list>
-				<regexp name="onsiteURL"/>
-				<regexp name="offsiteURL"/>
-			</regexp-list>
-		</attribute>
-	
-		<attribute name="align" description="The 'align' attribute of an HTML element is a direction word, like 'left', 'right' or 'center'">
-			<literal-list>
-				<literal value="center"/>
-				<literal value="left"/>
-				<literal value="right"/>
-				<literal value="justify"/>
-				<literal value="char"/>
-			</literal-list>
-		</attribute>
-
-	</common-attributes>
-
-
-	<!--
-	This requires normal updates as browsers continue to diverge from the W3C and each other. As long as the browser wars continue
-	this is going to continue. I'm not sure war is the right word for what's going on. Doesn't somebody have to win a war after 
-	a while?
-	 -->
-	
-	<global-tag-attributes>
-		<attribute name="title"/>
-		<attribute name="lang"/>
-	</global-tag-attributes>
-
-
-	<tag-rules>
-
-		<!-- Tags related to JavaScript -->
-
-		<tag name="script" action="remove"/>
-		<tag name="noscript" action="remove"/>
-		
-		<!-- Frame & related tags -->
-		
-		<tag name="iframe" action="remove"/>
-		<tag name="frameset" action="remove"/>
-		<tag name="frame" action="remove"/>
-		<tag name="noframes" action="remove"/>
-		
-
-		<!-- All reasonable formatting tags -->
-		
-		<tag name="p" action="validate">
-			<attribute name="align"/>
-		</tag>
-
-		<tag name="div" action="validate"/>		
-		<tag name="i" action="validate"/>
-		<tag name="b" action="validate"/>
-		<tag name="em" action="validate"/>
-		<tag name="blockquote" action="validate"/>
-		<tag name="tt" action="validate"/>
-		
-		<tag name="br" action="truncate"/>
-
-		<!-- Custom Slashdot tags, though we're trimming the idea of having a possible mismatching end tag with the endtag="" attribute -->
-		
-		<tag name="quote" action="validate"/>
-		<tag name="ecode" action="validate"/> 
-		
-						
-		<!-- Anchor and anchor related tags -->
-		
-		<tag name="a" action="validate">
-
-			<attribute name="href" onInvalid="filterTag"/>
-			<attribute name="nohref">
-				<literal-list>
-					<literal value="nohref"/>
-					<literal value=""/>
-				</literal-list>
-			</attribute>
-			<attribute name="rel">
-				<literal-list>
-					<literal value="nofollow"/>
-				</literal-list>
-			</attribute>
-		</tag>
-
-		<!-- List tags -->
-
-		<tag name="ul" action="validate"/>
-		<tag name="ol" action="validate"/>
-		<tag name="li" action="validate"/>
-		
-	</tag-rules>
-
-
-
-	<!--  No CSS on Slashdot posts -->
-
-	<css-rules>
-	</css-rules>
-
-
-	<html-entities>
-		<entity name="amp" cdata="&amp;"/>
-		<entity name="nbsp" cdata="&amp;#160;"/>
-		
-		<entity name="iexcl" cdata="&amp;#161;"/> <!--inverted exclamation mark, U+00A1 ISOnum -->
-		<entity name="cent" cdata="&amp;#162;"/> <!--cent sign, U+00A2 ISOnum -->
-		<entity name="pound" cdata="&amp;#163;"/> <!--pound sign, U+00A3 ISOnum -->
-		<entity name="curren" cdata="&amp;#164;"/> <!--currency sign, U+00A4 ISOnum -->
-		<entity name="yen" cdata="&amp;#165;"/> <!--yen sign = yuan sign, U+00A5 ISOnum -->
-		<entity name="brvbar" cdata="&amp;#166;"/> <!--broken bar = broken vertical bar, U+00A6 ISOnum -->
-		<entity name="sect" cdata="&amp;#167;"/> <!--section sign, U+00A7 ISOnum -->
-		<entity name="uml" cdata="&amp;#168;"/> <!--diaeresis = spacing diaeresis, U+00A8 ISOdia -->
-		<entity name="copy" cdata="&amp;#169;"/> <!--copyright sign, U+00A9 ISOnum -->
-		<entity name="ordf" cdata="&amp;#170;"/> <!--feminine ordinal indicator, U+00AA ISOnum -->
-		<entity name="laquo" cdata="&amp;#171;"/> <!--left-pointing double angle quotation mark = left pointing guillemet, U+00AB ISOnum -->
-		<entity name="not" cdata="&amp;#172;"/> <!--not sign, U+00AC ISOnum -->
-		<entity name="shy" cdata="&amp;#173;"/> <!--soft hyphen = discretionary hyphen,U+00AD ISOnum -->
-		<entity name="reg" cdata="&amp;#174;"/> <!--registered sign = registered trade mark sign, U+00AE ISOnum -->
-		<entity name="macr" cdata="&amp;#175;"/> <!--macron = spacing macron = overline = APL overbar, U+00AF ISOdia -->
-		<entity name="deg" cdata="&amp;#176;"/> <!--degree sign, U+00B0 ISOnum -->
-		<entity name="plusmn" cdata="&amp;#177;"/> <!--plus-minus sign = plus-or-minus sign, U+00B1 ISOnum -->
-		<entity name="sup2" cdata="&amp;#178;"/> <!--superscript two = superscript digit two = squared, U+00B2 ISOnum -->
-		<entity name="sup3" cdata="&amp;#179;"/> <!--superscript three = superscript digit three= cubed, U+00B3 ISOnum -->
-		<entity name="acute" cdata="&amp;#180;"/> <!--acute accent = spacing acute, U+00B4 ISOdia -->
-		<entity name="micro" cdata="&amp;#181;"/> <!--micro sign, U+00B5 ISOnum -->
-		<entity name="para" cdata="&amp;#182;"/> <!--pilcrow sign = paragraph sign, U+00B6 ISOnum -->
-		<entity name="middot" cdata="&amp;#183;"/> <!--middle dot = Georgian comma = Greek middle dot, U+00B7 ISOnum -->
-		<entity name="cedil" cdata="&amp;#184;"/> <!--cedilla = spacing cedilla, U+00B8 ISOdia -->
-		<entity name="sup1" cdata="&amp;#185;"/> <!--superscript one = superscript digit one,U+00B9 ISOnum -->
-		<entity name="ordm" cdata="&amp;#186;"/> <!--masculine ordinal indicator, U+00BA ISOnum -->
-		<entity name="raquo" cdata="&amp;#187;"/> <!--right-pointing double angle quotation mark = right pointing guillemet, U+00BB ISOnum -->
-		<entity name="frac14" cdata="&amp;#188;"/> <!--vulgar fraction one quarter = fraction one quarter, U+00BC ISOnum -->
-		<entity name="frac12" cdata="&amp;#189;"/> <!--vulgar fraction one half = fraction one half, U+00BD ISOnum -->
-		<entity name="frac34" cdata="&amp;#190;"/> <!--vulgar fraction three quarters = fraction three quarters, U+00BE ISOnum -->
-		<entity name="iquest" cdata="&amp;#191;"/> <!--inverted question mark = turned question mark, U+00BF ISOnum -->
-		<entity name="Agrave" cdata="&amp;#192;"/> <!--latin capital letter A with grave = latin capital letter A grave,U+00C0 ISOlat1 -->
-		<entity name="Aacute" cdata="&amp;#193;"/> <!--latin capital letter A with acute,U+00C1 ISOlat1 -->
-		<entity name="Acirc" cdata="&amp;#194;"/> <!--latin capital letter A with circumflex,U+00C2 ISOlat1 -->
-		<entity name="Atilde" cdata="&amp;#195;"/> <!--latin capital letter A with tilde,U+00C3 ISOlat1 -->
-		<entity name="Auml" cdata="&amp;#196;"/> <!--latin capital letter A with diaeresis,U+00C4 ISOlat1 -->
-		<entity name="Aring" cdata="&amp;#197;"/> <!--latin capital letter A with ring above = latin capital letter A ring, U+00C5 ISOlat1 -->
-		<entity name="AElig" cdata="&amp;#198;"/> <!--latin capital letter AE = latin capital ligature AE, U+00C6 ISOlat1 -->
-		<entity name="Ccedil" cdata="&amp;#199;"/> <!--latin capital letter C with cedilla, U+00C7 ISOlat1 -->
-		<entity name="Egrave" cdata="&amp;#200;"/> <!--latin capital letter E with grave, U+00C8 ISOlat1 -->
-		<entity name="Eacute" cdata="&amp;#201;"/> <!--latin capital letter E with acute,U+00C9 ISOlat1 -->
-		<entity name="Ecirc" cdata="&amp;#202;"/> <!--latin capital letter E with circumflex,U+00CA ISOlat1 -->
-		<entity name="Euml" cdata="&amp;#203;"/> <!--latin capital letter E with diaeresis, U+00CB ISOlat1 -->
-		<entity name="Igrave" cdata="&amp;#204;"/> <!--latin capital letter I with grave, U+00CC ISOlat1 -->
-		<entity name="Iacute" cdata="&amp;#205;"/> <!--latin capital letter I with acute, U+00CD ISOlat1 -->
-		<entity name="Icirc" cdata="&amp;#206;"/> <!--latin capital letter I with circumflex, U+00CE ISOlat1 -->
-		<entity name="Iuml" cdata="&amp;#207;"/> <!--latin capital letter I with diaeresis, U+00CF ISOlat1 -->
-		<entity name="ETH" cdata="&amp;#208;"/> <!--latin capital letter ETH, U+00D0 ISOlat1 -->
-		<entity name="Ntilde" cdata="&amp;#209;"/> <!--latin capital letter N with tilde, U+00D1 ISOlat1 -->
-		<entity name="Ograve" cdata="&amp;#210;"/> <!--latin capital letter O with grave, U+00D2 ISOlat1 -->
-		<entity name="Oacute" cdata="&amp;#211;"/> <!--latin capital letter O with acute, U+00D3 ISOlat1 -->
-		<entity name="Ocirc" cdata="&amp;#212;"/> <!--latin capital letter O with circumflex, U+00D4 ISOlat1 -->
-		<entity name="Otilde" cdata="&amp;#213;"/> <!--latin capital letter O with tilde, U+00D5 ISOlat1 -->
-		<entity name="Ouml" cdata="&amp;#214;"/> <!--latin capital letter O with diaeresis, U+00D6 ISOlat1 -->
-		<entity name="times" cdata="&amp;#215;"/> <!--multiplication sign, U+00D7 ISOnum -->
-		<entity name="Oslash" cdata="&amp;#216;"/> <!--latin capital letter O with stroke = latin capital letter O slash, U+00D8 ISOlat1 -->
-		<entity name="Ugrave" cdata="&amp;#217;"/> <!--latin capital letter U with grave, U+00D9 ISOlat1 -->
-		<entity name="Uacute" cdata="&amp;#218;"/> <!--latin capital letter U with acute, U+00DA ISOlat1 -->
-		<entity name="Ucirc" cdata="&amp;#219;"/> <!--latin capital letter U with circumflex, U+00DB ISOlat1 -->
-		<entity name="Uuml" cdata="&amp;#220;"/> <!--latin capital letter U with diaeresis, U+00DC ISOlat1 -->
-		<entity name="Yacute" cdata="&amp;#221;"/> <!--latin capital letter Y with acute, U+00DD ISOlat1 -->
-		<entity name="THORN" cdata="&amp;#222;"/> <!--latin capital letter THORN, U+00DE ISOlat1 -->
-		<entity name="szlig" cdata="&amp;#223;"/> <!--latin small letter sharp s = ess-zed, U+00DF ISOlat1 -->
-		<entity name="agrave" cdata="&amp;#224;"/> <!--latin small letter a with grave = latin small letter a grave, U+00E0 ISOlat1 -->
-		<entity name="aacute" cdata="&amp;#225;"/> <!--latin small letter a with acute, U+00E1 ISOlat1 -->
-		<entity name="acirc" cdata="&amp;#226;"/> <!--latin small letter a with circumflex, U+00E2 ISOlat1 -->
-		<entity name="atilde" cdata="&amp;#227;"/> <!--latin small letter a with tilde, U+00E3 ISOlat1 -->
-		<entity name="auml" cdata="&amp;#228;"/> <!--latin small letter a with diaeresis, U+00E4 ISOlat1 -->
-		<entity name="aring" cdata="&amp;#229;"/> <!--latin small letter a with ring above = latin small letter a ring, U+00E5 ISOlat1 -->
-		<entity name="aelig" cdata="&amp;#230;"/> <!--latin small letter ae = latin small ligature ae, U+00E6 ISOlat1 -->
-		<entity name="ccedil" cdata="&amp;#231;"/> <!--latin small letter c with cedilla, U+00E7 ISOlat1 -->
-		<entity name="egrave" cdata="&amp;#232;"/> <!--latin small letter e with grave, U+00E8 ISOlat1 -->
-		<entity name="eacute" cdata="&amp;#233;"/> <!--latin small letter e with acute, U+00E9 ISOlat1 -->
-		<entity name="ecirc" cdata="&amp;#234;"/> <!--latin small letter e with circumflex, U+00EA ISOlat1 -->
-		<entity name="euml" cdata="&amp;#235;"/> <!--latin small letter e with diaeresis, U+00EB ISOlat1 -->
-		<entity name="igrave" cdata="&amp;#236;"/> <!--latin small letter i with grave, U+00EC ISOlat1 -->
-		<entity name="iacute" cdata="&amp;#237;"/> <!--latin small letter i with acute, U+00ED ISOlat1 -->
-		<entity name="icirc" cdata="&amp;#238;"/> <!--latin small letter i with circumflex, U+00EE ISOlat1 -->
-		<entity name="iuml" cdata="&amp;#239;"/> <!--latin small letter i with diaeresis, U+00EF ISOlat1 -->
-		<entity name="eth" cdata="&amp;#240;"/> <!--latin small letter eth, U+00F0 ISOlat1 -->
-		<entity name="ntilde" cdata="&amp;#241;"/> <!--latin small letter n with tilde, U+00F1 ISOlat1 -->
-		<entity name="ograve" cdata="&amp;#242;"/> <!--latin small letter o with grave, U+00F2 ISOlat1 -->
-		<entity name="oacute" cdata="&amp;#243;"/> <!--latin small letter o with acute, U+00F3 ISOlat1 -->
-		<entity name="ocirc " cdata="&amp;#244;"/> <!--latin small letter o with circumflex, U+00F4 ISOlat1 -->
-		<entity name="otilde" cdata="&amp;#245;"/> <!--latin small letter o with tilde, U+00F5 ISOlat1 -->
-		<entity name="ouml" cdata="&amp;#246;"/> <!--latin small letter o with diaeresis, U+00F6 ISOlat1 -->
-		<entity name="divide" cdata="&amp;#247;"/> <!--division sign, U+00F7 ISOnum -->
-		<entity name="oslash" cdata="&amp;#248;"/> <!--latin small letter o with stroke, = latin small letter o slash, U+00F8 ISOlat1 -->
-		<entity name="ugrave" cdata="&amp;#249;"/> <!--latin small letter u with grave, U+00F9 ISOlat1 -->
-		<entity name="uacute" cdata="&amp;#250;"/> <!--latin small letter u with acute, U+00FA ISOlat1 -->
-		<entity name="ucirc" cdata="&amp;#251;"/> <!--latin small letter u with circumflex, U+00FB ISOlat1 -->
-		<entity name="uuml" cdata="&amp;#252;"/> <!--latin small letter u with diaeresis, U+00FC ISOlat1 -->
-		<entity name="yacute" cdata="&amp;#253;"/> <!--latin small letter y with acute, U+00FD ISOlat1 -->
-		<entity name="thorn" cdata="&amp;#254;"/> <!--latin small letter thorn, U+00FE ISOlat1 -->
-		<entity name="yuml" cdata="&amp;#255;"/> <!--latin small letter y with diaeresis, U+00FF ISOlat1 -->
-		                                  
-		<entity name="fnof" cdata="&amp;#402;"/> <!--latin small f with hook = function = florin, U+0192 ISOtech -->
-		
-		<!-- Greek -->
-		<entity name="Alpha" cdata="&amp;#913;"/> <!--greek capital letter alpha, U+0391 -->
-		<entity name="Beta" cdata="&amp;#914;"/> <!--greek capital letter beta, U+0392 -->
-		<entity name="Gamma" cdata="&amp;#915;"/> <!--greek capital letter gamma, U+0393 ISOgrk3 -->
-		<entity name="Delta" cdata="&amp;#916;"/> <!--greek capital letter delta, U+0394 ISOgrk3 -->
-		<entity name="Epsilon" cdata="&amp;#917;"/> <!--greek capital letter epsilon, U+0395 -->
-		<entity name="Zeta" cdata="&amp;#918;"/> <!--greek capital letter zeta, U+0396 -->
-		<entity name="Eta" cdata="&amp;#919;"/> <!--greek capital letter eta, U+0397 -->
-		<entity name="Theta" cdata="&amp;#920;"/> <!--greek capital letter theta, U+0398 ISOgrk3 -->
-		<entity name="Iota" cdata="&amp;#921;"/> <!--greek capital letter iota, U+0399 -->
-		<entity name="Kappa" cdata="&amp;#922;"/> <!--greek capital letter kappa, U+039A -->
-		<entity name="Lambda" cdata="&amp;#923;"/> <!--greek capital letter lambda, U+039B ISOgrk3 -->
-		<entity name="Mu" cdata="&amp;#924;"/> <!--greek capital letter mu, U+039C -->
-		<entity name="Nu" cdata="&amp;#925;"/> <!--greek capital letter nu, U+039D -->
-		<entity name="Xi" cdata="&amp;#926;"/> <!--greek capital letter xi, U+039E ISOgrk3 -->
-		<entity name="Omicron" cdata="&amp;#927;"/> <!--greek capital letter omicron, U+039F -->
-		<entity name="Pi" cdata="&amp;#928;"/> <!--greek capital letter pi, U+03A0 ISOgrk3 -->
-		<entity name="Rho" cdata="&amp;#929;"/> <!--greek capital letter rho, U+03A1 -->
-		<!-- there is no Sigmaf, and no U+03A2 character either -->
-		<entity name="Sigma" cdata="&amp;#931;"/> <!--greek capital letter sigma, U+03A3 ISOgrk3 -->
-		<entity name="Tau" cdata="&amp;#932;"/> <!--greek capital letter tau, U+03A4 -->
-		<entity name="Upsilon" cdata="&amp;#933;"/> <!--greek capital letter upsilon,U+03A5 ISOgrk3 -->
-		<entity name="Phi" cdata="&amp;#934;"/> <!--greek capital letter phi,U+03A6 ISOgrk3 -->
-		<entity name="Chi" cdata="&amp;#935;"/> <!--greek capital letter chi, U+03A7 -->
-		<entity name="Psi" cdata="&amp;#936;"/> <!--greek capital letter psi,U+03A8 ISOgrk3 -->
-		<entity name="Omega" cdata="&amp;#937;"/> <!--greek capital letter omega,U+03A9 ISOgrk3 -->
-		
-		<entity name="alpha" cdata="&amp;#945;"/> <!--greek small letter alpha,U+03B1 ISOgrk3 -->
-		<entity name="beta" cdata="&amp;#946;"/> <!--greek small letter beta, U+03B2 ISOgrk3 -->
-		<entity name="gamma" cdata="&amp;#947;"/> <!--greek small letter gamma,U+03B3 ISOgrk3 -->
-		<entity name="delta" cdata="&amp;#948;"/> <!--greek small letter delta,U+03B4 ISOgrk3 -->
-		<entity name="epsilon" cdata="&amp;#949;"/> <!--greek small letter epsilon,U+03B5 ISOgrk3 -->
-		<entity name="zeta" cdata="&amp;#950;"/> <!--greek small letter zeta, U+03B6 ISOgrk3 -->
-		<entity name="eta" cdata="&amp;#951;"/> <!--greek small letter eta, U+03B7 ISOgrk3 -->
-		<entity name="theta" cdata="&amp;#952;"/> <!--greek small letter theta, U+03B8 ISOgrk3 -->
-		<entity name="iota" cdata="&amp;#953;"/> <!--greek small letter iota, U+03B9 ISOgrk3 -->
-		<entity name="kappa" cdata="&amp;#954;"/> <!--greek small letter kappa,U+03BA ISOgrk3 -->
-		<entity name="lambda" cdata="&amp;#955;"/> <!--greek small letter lambda, U+03BB ISOgrk3 -->
-		<entity name="mu" cdata="&amp;#956;"/> <!--greek small letter mu, U+03BC ISOgrk3 -->
-		<entity name="nu" cdata="&amp;#957;"/> <!--greek small letter nu, U+03BD ISOgrk3 -->
-		<entity name="xi" cdata="&amp;#958;"/> <!--greek small letter xi, U+03BE ISOgrk3 -->
-		<entity name="omicron" cdata="&amp;#959;"/> <!--greek small letter omicron, U+03BF NEW -->
-		<entity name="pi" cdata="&amp;#960;"/> <!--greek small letter pi, U+03C0 ISOgrk3 -->
-		<entity name="rho" cdata="&amp;#961;"/> <!--greek small letter rho, U+03C1 ISOgrk3 -->
-		<entity name="sigmaf" cdata="&amp;#962;"/> <!--greek small letter final sigma, U+03C2 ISOgrk3 -->
-		<entity name="sigma" cdata="&amp;#963;"/> <!--greek small letter sigma, U+03C3 ISOgrk3 -->
-		<entity name="tau" cdata="&amp;#964;"/> <!--greek small letter tau, U+03C4 ISOgrk3 -->
-		<entity name="upsilon" cdata="&amp;#965;"/> <!--greek small letter upsilon, U+03C5 ISOgrk3 -->
-		<entity name="phi" cdata="&amp;#966;"/> <!--greek small letter phi, U+03C6 ISOgrk3 -->
-		<entity name="chi" cdata="&amp;#967;"/> <!--greek small letter chi, U+03C7 ISOgrk3 -->
-		<entity name="psi" cdata="&amp;#968;"/> <!--greek small letter psi, U+03C8 ISOgrk3 -->
-		<entity name="omega" cdata="&amp;#969;"/> <!--greek small letter omega, U+03C9 ISOgrk3 -->
-		<entity name="thetasym" cdata="&amp;#977;"/> <!--greek small letter theta symbol, U+03D1 NEW -->
-		<entity name="upsih" cdata="&amp;#978;"/> <!--greek upsilon with hook symbol, U+03D2 NEW -->
-		<entity name="piv" cdata="&amp;#982;"/> <!--greek pi symbol, U+03D6 ISOgrk3 -->
-		
-		<!-- General Punctuation -->
-		<entity name="bull" cdata="&amp;#8226;"/> <!--bullet = black small circle, U+2022 ISOpub  -->
-		<!-- bullet is NOT the same as bullet operator, U+2219 -->
-		<entity name="hellip" cdata="&amp;#8230;"/> <!--horizontal ellipsis = three dot leader, U+2026 ISOpub  -->
-		<entity name="prime" cdata="&amp;#8242;"/> <!--prime = minutes = feet, U+2032 ISOtech -->
-		<entity name="Prime" cdata="&amp;#8243;"/> <!--double prime = seconds = inches, U+2033 ISOtech -->
-		<entity name="oline" cdata="&amp;#8254;"/> <!--overline = spacing overscore, U+203E NEW -->
-		<entity name="frasl" cdata="&amp;#8260;"/> <!--fraction slash, U+2044 NEW -->
-		
-		<!-- Letterlike Symbols -->
-		<entity name="weierp" cdata="&amp;#8472;"/> <!--script capital P = power set = Weierstrass p, U+2118 ISOamso -->
-		<entity name="image" cdata="&amp;#8465;"/> <!--blackletter capital I = imaginary part, U+2111 ISOamso -->
-		<entity name="real" cdata="&amp;#8476;"/> <!--blackletter capital R = real part symbol, U+211C ISOamso -->
-		<entity name="trade" cdata="&amp;#8482;"/> <!--trade mark sign, U+2122 ISOnum -->
-		<entity name="alefsym" cdata="&amp;#8501;"/> <!--alef symbol = first transfinite cardinal, U+2135 NEW -->
-		<!-- alef symbol is NOT the same as hebrew letter alef,
-		     U+05D0 although the same glyph could be used to depict both characters -->
-		
-		<!-- Arrows -->
-		<entity name="larr" cdata="&amp;#8592;"/> <!--leftwards arrow, U+2190 ISOnum -->
-		<entity name="uarr" cdata="&amp;#8593;"/> <!--upwards arrow, U+2191 ISOnum-->
-		<entity name="rarr" cdata="&amp;#8594;"/> <!--rightwards arrow, U+2192 ISOnum -->
-		<entity name="darr" cdata="&amp;#8595;"/> <!--downwards arrow, U+2193 ISOnum -->
-		<entity name="harr" cdata="&amp;#8596;"/> <!--left right arrow, U+2194 ISOamsa -->
-		<entity name="crarr" cdata="&amp;#8629;"/> <!--downwards arrow with corner leftwards
-		                                     = carriage return, U+21B5 NEW -->
-		<entity name="lArr" cdata="&amp;#8656;"/> <!--leftwards double arrow, U+21D0 ISOtech -->
-		
-		<!-- ISO 10646 does not say that lArr is the same as the 'is implied by' arrow
-		    but also does not have any other character for that function. So ? lArr can
-		    be used for 'is implied by' as ISOtech suggests -->
-		    
-		<entity name="uArr" cdata="&amp;#8657;"/> <!--upwards double arrow, U+21D1 ISOamsa -->
-		<entity name="rArr" cdata="&amp;#8658;"/> <!--rightwards double arrow, U+21D2 ISOtech -->
-		
-		<!-- ISO 10646 does not say this is the 'implies' character but does not have 
-		     another character with this function so ?
-		     rArr can be used for 'implies' as ISOtech suggests -->
-		     
-		<entity name="dArr" cdata="&amp;#8659;"/> <!--downwards double arrow, U+21D3 ISOamsa -->
-		<entity name="hArr" cdata="&amp;#8660;"/> <!--left right double arrow, U+21D4 ISOamsa -->
-		
-		<!-- Mathematical Operators -->
-		<entity name="forall" cdata="&amp;#8704;"/> <!--for all, U+2200 ISOtech -->
-		<entity name="part" cdata="&amp;#8706;"/> <!--partial differential, U+2202 ISOtech  -->
-		<entity name="exist" cdata="&amp;#8707;"/> <!--there exists, U+2203 ISOtech -->
-		<entity name="empty" cdata="&amp;#8709;"/> <!--empty set = null set = diameter,U+2205 ISOamso -->
-		<entity name="nabla" cdata="&amp;#8711;"/> <!--nabla = backward difference, U+2207 ISOtech -->
-		<entity name="isin" cdata="&amp;#8712;"/> <!--element of, U+2208 ISOtech -->
-		<entity name="notin" cdata="&amp;#8713;"/> <!--not an element of, U+2209 ISOtech -->
-		<entity name="ni" cdata="&amp;#8715;"/> <!--contains as member, U+220B ISOtech -->
-	
-		<!-- should there be a more memorable name than 'ni'? -->
-		<entity name="prod" cdata="&amp;#8719;"/> <!--n-ary product = product sign, U+220F ISOamsb -->
-		
-		<!-- prod is NOT the same character as U+03A0 'greek capital letter pi' though
-		     the same glyph might be used for both -->
-		     
-		<entity name="sum" cdata="&amp;#8721;"/> <!--n-ary sumation, U+2211 ISOamsb -->
-		
-		<!-- sum is NOT the same character as U+03A3 'greek capital letter sigma'
-		     though the same glyph might be used for both -->
-		
-		<entity name="minus" cdata="&amp;#8722;"/> <!--minus sign, U+2212 ISOtech -->
-		<entity name="lowast" cdata="&amp;#8727;"/> <!--asterisk operator, U+2217 ISOtech -->
-		<entity name="radic" cdata="&amp;#8730;"/> <!--square root = radical sign, U+221A ISOtech -->
-		<entity name="prop" cdata="&amp;#8733;"/> <!--proportional to, U+221D ISOtech -->
-		<entity name="infin" cdata="&amp;#8734;"/> <!--infinity, U+221E ISOtech -->
-		<entity name="ang" cdata="&amp;#8736;"/> <!--angle, U+2220 ISOamso -->
-		<entity name="and" cdata="&amp;#8743;"/> <!--logical and = wedge, U+2227 ISOtech -->
-		<entity name="or" cdata="&amp;#8744;"/> <!--logical or = vee, U+2228 ISOtech -->
-		<entity name="cap" cdata="&amp;#8745;"/> <!--intersection = cap, U+2229 ISOtech -->
-		<entity name="cup" cdata="&amp;#8746;"/> <!--union = cup, U+222A ISOtech -->
-		<entity name="int" cdata="&amp;#8747;"/> <!--integral, U+222B ISOtech -->
-		<entity name="there4" cdata="&amp;#8756;"/> <!--therefore, U+2234 ISOtech -->
-		<entity name="sim" cdata="&amp;#8764;"/> <!--tilde operator = varies with = similar to, U+223C ISOtech -->
-		
-		<!-- tilde operator is NOT the same character as the tilde, U+007E,
-		     although the same glyph might be used to represent both  -->
-		     
-		<entity name="cong" cdata="&amp;#8773;"/> <!--approximately equal to, U+2245 ISOtech -->
-		<entity name="asymp" cdata="&amp;#8776;"/> <!--almost equal to = asymptotic to, U+2248 ISOamsr -->
-		<entity name="ne" cdata="&amp;#8800;"/> <!--not equal to, U+2260 ISOtech -->
-		<entity name="equiv" cdata="&amp;#8801;"/> <!--identical to, U+2261 ISOtech -->
-		<entity name="le" cdata="&amp;#8804;"/> <!--less-than or equal to, U+2264 ISOtech -->
-		<entity name="ge" cdata="&amp;#8805;"/> <!--greater-than or equal to, U+2265 ISOtech -->
-		<entity name="sub" cdata="&amp;#8834;"/> <!--subset of, U+2282 ISOtech -->
-		<entity name="sup" cdata="&amp;#8835;"/> <!--superset of, U+2283 ISOtech -->
-		
-		<!-- note that nsup, 'not a superset of, U+2283' is not covered by the Symbol 
-		     font encoding and is not included. Should it be, for symmetry?
-		     It is in ISOamsn  --> 
-		
-		<entity name="nsub" cdata="&amp;#8836;"/> <!--not a subset of, U+2284 ISOamsn -->
-		<entity name="sube" cdata="&amp;#8838;"/> <!--subset of or equal to, U+2286 ISOtech -->
-		<entity name="supe" cdata="&amp;#8839;"/> <!--superset of or equal to, U+2287 ISOtech -->
-		<entity name="oplus" cdata="&amp;#8853;"/> <!--circled plus = direct sum, U+2295 ISOamsb -->
-		<entity name="otimes" cdata="&amp;#8855;"/> <!--circled times = vector product, U+2297 ISOamsb -->
-		<entity name="perp" cdata="&amp;#8869;"/> <!--up tack = orthogonal to = perpendicular, U+22A5 ISOtech -->
-		<entity name="sdot" cdata="&amp;#8901;"/> <!--dot operator, U+22C5 ISOamsb -->
-		<!-- dot operator is NOT the same character as U+00B7 middle dot -->
-		
-		<!-- Miscellaneous Technical -->
-		<entity name="lceil" cdata="&amp;#8968;"/> <!--left ceiling = apl upstile, U+2308 ISOamsc  -->
-		<entity name="rceil" cdata="&amp;#8969;"/> <!--right ceiling, U+2309 ISOamsc  -->
-		<entity name="lfloor" cdata="&amp;#8970;"/> <!--left floor = apl downstile, U+230A ISOamsc  -->
-		<entity name="rfloor" cdata="&amp;#8971;"/> <!--right floor, U+230B ISOamsc  -->
-		<entity name="lang" cdata="&amp;#9001;"/> <!--left-pointing angle bracket = bra, U+2329 ISOtech -->
-		<!-- lang is NOT the same character as U+003C 'less than' 
-		     or U+2039 'single left-pointing angle quotation mark' -->
-		<entity name="rang" cdata="&amp;#9002;"/> <!--right-pointing angle bracket = ket, U+232A ISOtech -->
-		<!-- rang is NOT the same character as U+003E 'greater than' or U+203A 'single right-pointing angle quotation mark' -->
-		
-		<!-- Geometric Shapes -->
-		<entity name="loz" cdata="&amp;#9674;"/> <!--lozenge, U+25CA ISOpub -->
-		
-		<!-- Miscellaneous Symbols -->
-		<entity name="spades" cdata="&amp;#9824;"/> <!--black spade suit, U+2660 ISOpub -->
-		<!-- black here seems to mean filled as opposed to hollow -->
-		<entity name="clubs" cdata="&amp;#9827;"/> <!--black club suit = shamrock, U+2663 ISOpub -->
-		<entity name="hearts" cdata="&amp;#9829;"/> <!--black heart suit = valentine, U+2665 ISOpub -->
-		<entity name="diams" cdata="&amp;#9830;"/> <!--black diamond suit, U+2666 ISOpub -->
-		
-		<entity name="quot" cdata="&amp;#34;"  /> <!--quotation mark = APL quote, U+0022 ISOnum -->
-		<!-- Latin Extended-A -->
-		<entity name="OElig" cdata="&amp;#338;" /> <!--latin capital ligature OE, U+0152 ISOlat2 -->
-		<entity name="oelig" cdata="&amp;#339;" /> <!--latin small ligature oe, U+0153 ISOlat2 -->
-		<!-- ligature is a misnomer, this is a separate character in some languages -->
-		<entity name="Scaron" cdata="&amp;#352;" /> <!--latin capital letter S with caron, U+0160 ISOlat2 -->
-		<entity name="scaron" cdata="&amp;#353;" /> <!--latin small letter s with caron, U+0161 ISOlat2 -->
-		<entity name="Yuml" cdata="&amp;#376;" /> <!--latin capital letter Y with diaeresis, U+0178 ISOlat2 -->
-		
-		<!-- Spacing Modifier Letters -->
-		<entity name="circ" cdata="&amp;#710;" /> <!--modifier letter circumflex accent, U+02C6 ISOpub -->
-		<entity name="tilde" cdata="&amp;#732;" /> <!--small tilde, U+02DC ISOdia -->
-		
-		<!-- General Punctuation -->
-		<entity name="ensp" cdata="&amp;#8194;"/> <!--en space, U+2002 ISOpub -->
-		<entity name="emsp" cdata="&amp;#8195;"/> <!--em space, U+2003 ISOpub -->
-		<entity name="thinsp" cdata="&amp;#8201;"/> <!--thin space, U+2009 ISOpub -->
-		<entity name="zwnj" cdata="&amp;#8204;"/> <!--zero width non-joiner, U+200C NEW RFC 2070 -->
-		<entity name="zwj" cdata="&amp;#8205;"/> <!--zero width joiner, U+200D NEW RFC 2070 -->
-		<entity name="lrm" cdata="&amp;#8206;"/> <!--left-to-right mark, U+200E NEW RFC 2070 -->
-		<entity name="rlm" cdata="&amp;#8207;"/> <!--right-to-left mark, U+200F NEW RFC 2070 -->
-		<entity name="ndash" cdata="&amp;#8211;"/> <!--en dash, U+2013 ISOpub -->
-		<entity name="mdash" cdata="&amp;#8212;"/> <!--em dash, U+2014 ISOpub -->
-		<entity name="lsquo" cdata="&amp;#8216;"/> <!--left single quotation mark, U+2018 ISOnum -->
-		<entity name="rsquo" cdata="&amp;#8217;"/> <!--right single quotation mark, U+2019 ISOnum -->
-		<entity name="sbquo" cdata="&amp;#8218;"/> <!--single low-9 quotation mark, U+201A NEW -->
-		<entity name="ldquo" cdata="&amp;#8220;"/> <!--left double quotation mark, U+201C ISOnum -->
-		<entity name="rdquo" cdata="&amp;#8221;"/> <!--right double quotation mark, U+201D ISOnum -->
-		<entity name="bdquo" cdata="&amp;#8222;"/> <!--double low-9 quotation mark, U+201E NEW -->
-		<entity name="dagger" cdata="&amp;#8224;"/> <!--dagger, U+2020 ISOpub -->
-		<entity name="Dagger" cdata="&amp;#8225;"/> <!--double dagger, U+2021 ISOpub -->
-		<entity name="permil" cdata="&amp;#8240;"/> <!--per mille sign, U+2030 ISOtech -->
-		<entity name="lsaquo" cdata="&amp;#8249;"/> <!--single left-pointing angle quotation mark, U+2039 ISO proposed -->
-		<!-- lsaquo is proposed but not yet ISO standardized -->
-		<entity name="rsaquo" cdata="&amp;#8250;"/> <!--single right-pointing angle quotation mark, U+203A ISO proposed -->
-		<!-- rsaquo is proposed but not yet ISO standardized -->
-		<entity name="euro" cdata="&amp;#8364;" /> <!--euro sign, U+20AC NEW -->
-	</html-entities>
-
-</anti-samy-rules>
+<?xml version="1.0" encoding="ISO-8859-1"?>
+	
+<!-- 
+W3C rules retrieved from:
+http://www.w3.org/TR/html401/struct/global.html
+-->
+	
+<!--
+Slashdot allowed tags taken from "Reply" page:
+<b> <i> <p> <br> <a> <ol> <ul> <li> <dl> <dt> <dd> <em> <strong> <tt> <blockquote> <div> <ecode> <quote>
+-->
+
+<anti-samy-rules xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+		xsi:noNamespaceSchemaLocation="antisamy.xsd">
+	
+	<directives>
+		<directive name="omitXmlDeclaration" value="true"/>
+		<directive name="omitDoctypeDeclaration" value="true"/>
+		<directive name="maxInputSize" value="500000"/>
+		<directive name="embedStyleSheets" value="false"/>
+	</directives>
+	
+	
+	<common-regexps>
+		
+		<!-- 
+		From W3C:
+		This attribute assigns a class name or set of class names to an
+		element. Any number of elements may be assigned the same class
+		name or names. Multiple class names must be separated by white 
+		space characters.
+		-->
+		
+		<regexp name="htmlTitle" value="[a-zA-Z0-9\s-_',:\[\]!\./\\\(\)]*"/> <!-- force non-empty with a '+' at the end instead of '*' -->
+		<regexp name="onsiteURL" value="([\w\\/\.\?=&amp;;\#-~]+|\#(\w)+)"/>
+		<regexp name="offsiteURL" value="(\s)*((ht|f)tp(s?)://|mailto:)[A-Za-z0-9]+[~a-zA-Z0-9-_\.@#$%&amp;;:,\?=/\+!]*(\s)*"/>
+	
+	</common-regexps>
+	
+	<!-- 
+	
+	Tag.name = a, b, div, body, etc.
+	Tag.action = filter: remove tags, but keep content, validate: keep content as long as it passes rules, remove: remove tag and contents
+	Attribute.name = id, class, href, align, width, etc.
+	Attribute.onInvalid = what to do when the attribute is invalid, e.g., remove the tag (removeTag), remove the attribute (removeAttribute), filter the tag (filterTag)
+	Attribute.description = What rules in English you want to tell the users they can have for this attribute. Include helpful things so they'll be able to tune their HTML
+	 
+	 -->
+
+	<!-- 
+	Some attributes are common to all (or most) HTML tags. There aren't many that qualify for this. You have to make sure there's no
+	collisions between any of these attribute names with attribute names of other tags that are for different purposes.
+	-->
+
+	<common-attributes>
+		
+
+		<attribute name="lang" description="The 'lang' attribute tells the browser what language the element's attribute values and content are written in">
+		 	<regexp-list>
+		 		<regexp value="[a-zA-Z]{2,20}"/>
+		 	</regexp-list>
+		 </attribute>
+		 
+		 <attribute name="title" description="The 'title' attribute provides text that shows up in a 'tooltip' when a user hovers their mouse over the element">
+		 	<regexp-list>
+		 		<regexp name="htmlTitle"/>
+		 	</regexp-list>
+		 </attribute>
+
+		<attribute name="href" onInvalid="filterTag">
+			<regexp-list>
+				<regexp name="onsiteURL"/>
+				<regexp name="offsiteURL"/>
+			</regexp-list>
+		</attribute>
+	
+		<attribute name="align" description="The 'align' attribute of an HTML element is a direction word, like 'left', 'right' or 'center'">
+			<literal-list>
+				<literal value="center"/>
+				<literal value="left"/>
+				<literal value="right"/>
+				<literal value="justify"/>
+				<literal value="char"/>
+			</literal-list>
+		</attribute>
+
+	</common-attributes>
+
+
+	<!--
+	This requires normal updates as browsers continue to diverge from the W3C and each other. As long as the browser wars continue
+	this is going to continue. I'm not sure war is the right word for what's going on. Doesn't somebody have to win a war after 
+	a while?
+	 -->
+	
+	<global-tag-attributes>
+		<attribute name="title"/>
+		<attribute name="lang"/>
+	</global-tag-attributes>
+
+
+	<tag-rules>
+
+		<!-- Tags related to JavaScript -->
+
+		<tag name="script" action="remove"/>
+		<tag name="noscript" action="remove"/>
+		
+		<!-- Frame & related tags -->
+		
+		<tag name="iframe" action="remove"/>
+		<tag name="frameset" action="remove"/>
+		<tag name="frame" action="remove"/>
+		<tag name="noframes" action="remove"/>
+		
+
+		<!-- All reasonable formatting tags -->
+		
+		<tag name="p" action="validate">
+			<attribute name="align"/>
+		</tag>
+
+		<tag name="div" action="validate"/>		
+		<tag name="i" action="validate"/>
+		<tag name="b" action="validate"/>
+		<tag name="em" action="validate"/>
+		<tag name="blockquote" action="validate"/>
+		<tag name="tt" action="validate"/>
+		
+		<tag name="br" action="truncate"/>
+
+		<!-- Custom Slashdot tags, though we're trimming the idea of having a possible mismatching end tag with the endtag="" attribute -->
+		
+		<tag name="quote" action="validate"/>
+		<tag name="ecode" action="validate"/> 
+		
+						
+		<!-- Anchor and anchor related tags -->
+		
+		<tag name="a" action="validate">
+
+			<attribute name="href" onInvalid="filterTag"/>
+			<attribute name="nohref">
+				<literal-list>
+					<literal value="nohref"/>
+					<literal value=""/>
+				</literal-list>
+			</attribute>
+			<attribute name="rel">
+				<literal-list>
+					<literal value="nofollow"/>
+				</literal-list>
+			</attribute>
+		</tag>
+
+		<!-- List tags -->
+
+		<tag name="ul" action="validate"/>
+		<tag name="ol" action="validate"/>
+		<tag name="li" action="validate"/>
+		
+	</tag-rules>
+
+
+
+	<!--  No CSS on Slashdot posts -->
+
+	<css-rules>
+	</css-rules>
+
+
+	<html-entities>
+		<entity name="amp" cdata="&amp;"/>
+		<entity name="nbsp" cdata="&amp;#160;"/>
+		
+		<entity name="iexcl" cdata="&amp;#161;"/> <!--inverted exclamation mark, U+00A1 ISOnum -->
+		<entity name="cent" cdata="&amp;#162;"/> <!--cent sign, U+00A2 ISOnum -->
+		<entity name="pound" cdata="&amp;#163;"/> <!--pound sign, U+00A3 ISOnum -->
+		<entity name="curren" cdata="&amp;#164;"/> <!--currency sign, U+00A4 ISOnum -->
+		<entity name="yen" cdata="&amp;#165;"/> <!--yen sign = yuan sign, U+00A5 ISOnum -->
+		<entity name="brvbar" cdata="&amp;#166;"/> <!--broken bar = broken vertical bar, U+00A6 ISOnum -->
+		<entity name="sect" cdata="&amp;#167;"/> <!--section sign, U+00A7 ISOnum -->
+		<entity name="uml" cdata="&amp;#168;"/> <!--diaeresis = spacing diaeresis, U+00A8 ISOdia -->
+		<entity name="copy" cdata="&amp;#169;"/> <!--copyright sign, U+00A9 ISOnum -->
+		<entity name="ordf" cdata="&amp;#170;"/> <!--feminine ordinal indicator, U+00AA ISOnum -->
+		<entity name="laquo" cdata="&amp;#171;"/> <!--left-pointing double angle quotation mark = left pointing guillemet, U+00AB ISOnum -->
+		<entity name="not" cdata="&amp;#172;"/> <!--not sign, U+00AC ISOnum -->
+		<entity name="shy" cdata="&amp;#173;"/> <!--soft hyphen = discretionary hyphen,U+00AD ISOnum -->
+		<entity name="reg" cdata="&amp;#174;"/> <!--registered sign = registered trade mark sign, U+00AE ISOnum -->
+		<entity name="macr" cdata="&amp;#175;"/> <!--macron = spacing macron = overline = APL overbar, U+00AF ISOdia -->
+		<entity name="deg" cdata="&amp;#176;"/> <!--degree sign, U+00B0 ISOnum -->
+		<entity name="plusmn" cdata="&amp;#177;"/> <!--plus-minus sign = plus-or-minus sign, U+00B1 ISOnum -->
+		<entity name="sup2" cdata="&amp;#178;"/> <!--superscript two = superscript digit two = squared, U+00B2 ISOnum -->
+		<entity name="sup3" cdata="&amp;#179;"/> <!--superscript three = superscript digit three= cubed, U+00B3 ISOnum -->
+		<entity name="acute" cdata="&amp;#180;"/> <!--acute accent = spacing acute, U+00B4 ISOdia -->
+		<entity name="micro" cdata="&amp;#181;"/> <!--micro sign, U+00B5 ISOnum -->
+		<entity name="para" cdata="&amp;#182;"/> <!--pilcrow sign = paragraph sign, U+00B6 ISOnum -->
+		<entity name="middot" cdata="&amp;#183;"/> <!--middle dot = Georgian comma = Greek middle dot, U+00B7 ISOnum -->
+		<entity name="cedil" cdata="&amp;#184;"/> <!--cedilla = spacing cedilla, U+00B8 ISOdia -->
+		<entity name="sup1" cdata="&amp;#185;"/> <!--superscript one = superscript digit one,U+00B9 ISOnum -->
+		<entity name="ordm" cdata="&amp;#186;"/> <!--masculine ordinal indicator, U+00BA ISOnum -->
+		<entity name="raquo" cdata="&amp;#187;"/> <!--right-pointing double angle quotation mark = right pointing guillemet, U+00BB ISOnum -->
+		<entity name="frac14" cdata="&amp;#188;"/> <!--vulgar fraction one quarter = fraction one quarter, U+00BC ISOnum -->
+		<entity name="frac12" cdata="&amp;#189;"/> <!--vulgar fraction one half = fraction one half, U+00BD ISOnum -->
+		<entity name="frac34" cdata="&amp;#190;"/> <!--vulgar fraction three quarters = fraction three quarters, U+00BE ISOnum -->
+		<entity name="iquest" cdata="&amp;#191;"/> <!--inverted question mark = turned question mark, U+00BF ISOnum -->
+		<entity name="Agrave" cdata="&amp;#192;"/> <!--latin capital letter A with grave = latin capital letter A grave,U+00C0 ISOlat1 -->
+		<entity name="Aacute" cdata="&amp;#193;"/> <!--latin capital letter A with acute,U+00C1 ISOlat1 -->
+		<entity name="Acirc" cdata="&amp;#194;"/> <!--latin capital letter A with circumflex,U+00C2 ISOlat1 -->
+		<entity name="Atilde" cdata="&amp;#195;"/> <!--latin capital letter A with tilde,U+00C3 ISOlat1 -->
+		<entity name="Auml" cdata="&amp;#196;"/> <!--latin capital letter A with diaeresis,U+00C4 ISOlat1 -->
+		<entity name="Aring" cdata="&amp;#197;"/> <!--latin capital letter A with ring above = latin capital letter A ring, U+00C5 ISOlat1 -->
+		<entity name="AElig" cdata="&amp;#198;"/> <!--latin capital letter AE = latin capital ligature AE, U+00C6 ISOlat1 -->
+		<entity name="Ccedil" cdata="&amp;#199;"/> <!--latin capital letter C with cedilla, U+00C7 ISOlat1 -->
+		<entity name="Egrave" cdata="&amp;#200;"/> <!--latin capital letter E with grave, U+00C8 ISOlat1 -->
+		<entity name="Eacute" cdata="&amp;#201;"/> <!--latin capital letter E with acute,U+00C9 ISOlat1 -->
+		<entity name="Ecirc" cdata="&amp;#202;"/> <!--latin capital letter E with circumflex,U+00CA ISOlat1 -->
+		<entity name="Euml" cdata="&amp;#203;"/> <!--latin capital letter E with diaeresis, U+00CB ISOlat1 -->
+		<entity name="Igrave" cdata="&amp;#204;"/> <!--latin capital letter I with grave, U+00CC ISOlat1 -->
+		<entity name="Iacute" cdata="&amp;#205;"/> <!--latin capital letter I with acute, U+00CD ISOlat1 -->
+		<entity name="Icirc" cdata="&amp;#206;"/> <!--latin capital letter I with circumflex, U+00CE ISOlat1 -->
+		<entity name="Iuml" cdata="&amp;#207;"/> <!--latin capital letter I with diaeresis, U+00CF ISOlat1 -->
+		<entity name="ETH" cdata="&amp;#208;"/> <!--latin capital letter ETH, U+00D0 ISOlat1 -->
+		<entity name="Ntilde" cdata="&amp;#209;"/> <!--latin capital letter N with tilde, U+00D1 ISOlat1 -->
+		<entity name="Ograve" cdata="&amp;#210;"/> <!--latin capital letter O with grave, U+00D2 ISOlat1 -->
+		<entity name="Oacute" cdata="&amp;#211;"/> <!--latin capital letter O with acute, U+00D3 ISOlat1 -->
+		<entity name="Ocirc" cdata="&amp;#212;"/> <!--latin capital letter O with circumflex, U+00D4 ISOlat1 -->
+		<entity name="Otilde" cdata="&amp;#213;"/> <!--latin capital letter O with tilde, U+00D5 ISOlat1 -->
+		<entity name="Ouml" cdata="&amp;#214;"/> <!--latin capital letter O with diaeresis, U+00D6 ISOlat1 -->
+		<entity name="times" cdata="&amp;#215;"/> <!--multiplication sign, U+00D7 ISOnum -->
+		<entity name="Oslash" cdata="&amp;#216;"/> <!--latin capital letter O with stroke = latin capital letter O slash, U+00D8 ISOlat1 -->
+		<entity name="Ugrave" cdata="&amp;#217;"/> <!--latin capital letter U with grave, U+00D9 ISOlat1 -->
+		<entity name="Uacute" cdata="&amp;#218;"/> <!--latin capital letter U with acute, U+00DA ISOlat1 -->
+		<entity name="Ucirc" cdata="&amp;#219;"/> <!--latin capital letter U with circumflex, U+00DB ISOlat1 -->
+		<entity name="Uuml" cdata="&amp;#220;"/> <!--latin capital letter U with diaeresis, U+00DC ISOlat1 -->
+		<entity name="Yacute" cdata="&amp;#221;"/> <!--latin capital letter Y with acute, U+00DD ISOlat1 -->
+		<entity name="THORN" cdata="&amp;#222;"/> <!--latin capital letter THORN, U+00DE ISOlat1 -->
+		<entity name="szlig" cdata="&amp;#223;"/> <!--latin small letter sharp s = ess-zed, U+00DF ISOlat1 -->
+		<entity name="agrave" cdata="&amp;#224;"/> <!--latin small letter a with grave = latin small letter a grave, U+00E0 ISOlat1 -->
+		<entity name="aacute" cdata="&amp;#225;"/> <!--latin small letter a with acute, U+00E1 ISOlat1 -->
+		<entity name="acirc" cdata="&amp;#226;"/> <!--latin small letter a with circumflex, U+00E2 ISOlat1 -->
+		<entity name="atilde" cdata="&amp;#227;"/> <!--latin small letter a with tilde, U+00E3 ISOlat1 -->
+		<entity name="auml" cdata="&amp;#228;"/> <!--latin small letter a with diaeresis, U+00E4 ISOlat1 -->
+		<entity name="aring" cdata="&amp;#229;"/> <!--latin small letter a with ring above = latin small letter a ring, U+00E5 ISOlat1 -->
+		<entity name="aelig" cdata="&amp;#230;"/> <!--latin small letter ae = latin small ligature ae, U+00E6 ISOlat1 -->
+		<entity name="ccedil" cdata="&amp;#231;"/> <!--latin small letter c with cedilla, U+00E7 ISOlat1 -->
+		<entity name="egrave" cdata="&amp;#232;"/> <!--latin small letter e with grave, U+00E8 ISOlat1 -->
+		<entity name="eacute" cdata="&amp;#233;"/> <!--latin small letter e with acute, U+00E9 ISOlat1 -->
+		<entity name="ecirc" cdata="&amp;#234;"/> <!--latin small letter e with circumflex, U+00EA ISOlat1 -->
+		<entity name="euml" cdata="&amp;#235;"/> <!--latin small letter e with diaeresis, U+00EB ISOlat1 -->
+		<entity name="igrave" cdata="&amp;#236;"/> <!--latin small letter i with grave, U+00EC ISOlat1 -->
+		<entity name="iacute" cdata="&amp;#237;"/> <!--latin small letter i with acute, U+00ED ISOlat1 -->
+		<entity name="icirc" cdata="&amp;#238;"/> <!--latin small letter i with circumflex, U+00EE ISOlat1 -->
+		<entity name="iuml" cdata="&amp;#239;"/> <!--latin small letter i with diaeresis, U+00EF ISOlat1 -->
+		<entity name="eth" cdata="&amp;#240;"/> <!--latin small letter eth, U+00F0 ISOlat1 -->
+		<entity name="ntilde" cdata="&amp;#241;"/> <!--latin small letter n with tilde, U+00F1 ISOlat1 -->
+		<entity name="ograve" cdata="&amp;#242;"/> <!--latin small letter o with grave, U+00F2 ISOlat1 -->
+		<entity name="oacute" cdata="&amp;#243;"/> <!--latin small letter o with acute, U+00F3 ISOlat1 -->
+		<entity name="ocirc " cdata="&amp;#244;"/> <!--latin small letter o with circumflex, U+00F4 ISOlat1 -->
+		<entity name="otilde" cdata="&amp;#245;"/> <!--latin small letter o with tilde, U+00F5 ISOlat1 -->
+		<entity name="ouml" cdata="&amp;#246;"/> <!--latin small letter o with diaeresis, U+00F6 ISOlat1 -->
+		<entity name="divide" cdata="&amp;#247;"/> <!--division sign, U+00F7 ISOnum -->
+		<entity name="oslash" cdata="&amp;#248;"/> <!--latin small letter o with stroke, = latin small letter o slash, U+00F8 ISOlat1 -->
+		<entity name="ugrave" cdata="&amp;#249;"/> <!--latin small letter u with grave, U+00F9 ISOlat1 -->
+		<entity name="uacute" cdata="&amp;#250;"/> <!--latin small letter u with acute, U+00FA ISOlat1 -->
+		<entity name="ucirc" cdata="&amp;#251;"/> <!--latin small letter u with circumflex, U+00FB ISOlat1 -->
+		<entity name="uuml" cdata="&amp;#252;"/> <!--latin small letter u with diaeresis, U+00FC ISOlat1 -->
+		<entity name="yacute" cdata="&amp;#253;"/> <!--latin small letter y with acute, U+00FD ISOlat1 -->
+		<entity name="thorn" cdata="&amp;#254;"/> <!--latin small letter thorn, U+00FE ISOlat1 -->
+		<entity name="yuml" cdata="&amp;#255;"/> <!--latin small letter y with diaeresis, U+00FF ISOlat1 -->
+		                                  
+		<entity name="fnof" cdata="&amp;#402;"/> <!--latin small f with hook = function = florin, U+0192 ISOtech -->
+		
+		<!-- Greek -->
+		<entity name="Alpha" cdata="&amp;#913;"/> <!--greek capital letter alpha, U+0391 -->
+		<entity name="Beta" cdata="&amp;#914;"/> <!--greek capital letter beta, U+0392 -->
+		<entity name="Gamma" cdata="&amp;#915;"/> <!--greek capital letter gamma, U+0393 ISOgrk3 -->
+		<entity name="Delta" cdata="&amp;#916;"/> <!--greek capital letter delta, U+0394 ISOgrk3 -->
+		<entity name="Epsilon" cdata="&amp;#917;"/> <!--greek capital letter epsilon, U+0395 -->
+		<entity name="Zeta" cdata="&amp;#918;"/> <!--greek capital letter zeta, U+0396 -->
+		<entity name="Eta" cdata="&amp;#919;"/> <!--greek capital letter eta, U+0397 -->
+		<entity name="Theta" cdata="&amp;#920;"/> <!--greek capital letter theta, U+0398 ISOgrk3 -->
+		<entity name="Iota" cdata="&amp;#921;"/> <!--greek capital letter iota, U+0399 -->
+		<entity name="Kappa" cdata="&amp;#922;"/> <!--greek capital letter kappa, U+039A -->
+		<entity name="Lambda" cdata="&amp;#923;"/> <!--greek capital letter lambda, U+039B ISOgrk3 -->
+		<entity name="Mu" cdata="&amp;#924;"/> <!--greek capital letter mu, U+039C -->
+		<entity name="Nu" cdata="&amp;#925;"/> <!--greek capital letter nu, U+039D -->
+		<entity name="Xi" cdata="&amp;#926;"/> <!--greek capital letter xi, U+039E ISOgrk3 -->
+		<entity name="Omicron" cdata="&amp;#927;"/> <!--greek capital letter omicron, U+039F -->
+		<entity name="Pi" cdata="&amp;#928;"/> <!--greek capital letter pi, U+03A0 ISOgrk3 -->
+		<entity name="Rho" cdata="&amp;#929;"/> <!--greek capital letter rho, U+03A1 -->
+		<!-- there is no Sigmaf, and no U+03A2 character either -->
+		<entity name="Sigma" cdata="&amp;#931;"/> <!--greek capital letter sigma, U+03A3 ISOgrk3 -->
+		<entity name="Tau" cdata="&amp;#932;"/> <!--greek capital letter tau, U+03A4 -->
+		<entity name="Upsilon" cdata="&amp;#933;"/> <!--greek capital letter upsilon,U+03A5 ISOgrk3 -->
+		<entity name="Phi" cdata="&amp;#934;"/> <!--greek capital letter phi,U+03A6 ISOgrk3 -->
+		<entity name="Chi" cdata="&amp;#935;"/> <!--greek capital letter chi, U+03A7 -->
+		<entity name="Psi" cdata="&amp;#936;"/> <!--greek capital letter psi,U+03A8 ISOgrk3 -->
+		<entity name="Omega" cdata="&amp;#937;"/> <!--greek capital letter omega,U+03A9 ISOgrk3 -->
+		
+		<entity name="alpha" cdata="&amp;#945;"/> <!--greek small letter alpha,U+03B1 ISOgrk3 -->
+		<entity name="beta" cdata="&amp;#946;"/> <!--greek small letter beta, U+03B2 ISOgrk3 -->
+		<entity name="gamma" cdata="&amp;#947;"/> <!--greek small letter gamma,U+03B3 ISOgrk3 -->
+		<entity name="delta" cdata="&amp;#948;"/> <!--greek small letter delta,U+03B4 ISOgrk3 -->
+		<entity name="epsilon" cdata="&amp;#949;"/> <!--greek small letter epsilon,U+03B5 ISOgrk3 -->
+		<entity name="zeta" cdata="&amp;#950;"/> <!--greek small letter zeta, U+03B6 ISOgrk3 -->
+		<entity name="eta" cdata="&amp;#951;"/> <!--greek small letter eta, U+03B7 ISOgrk3 -->
+		<entity name="theta" cdata="&amp;#952;"/> <!--greek small letter theta, U+03B8 ISOgrk3 -->
+		<entity name="iota" cdata="&amp;#953;"/> <!--greek small letter iota, U+03B9 ISOgrk3 -->
+		<entity name="kappa" cdata="&amp;#954;"/> <!--greek small letter kappa,U+03BA ISOgrk3 -->
+		<entity name="lambda" cdata="&amp;#955;"/> <!--greek small letter lambda, U+03BB ISOgrk3 -->
+		<entity name="mu" cdata="&amp;#956;"/> <!--greek small letter mu, U+03BC ISOgrk3 -->
+		<entity name="nu" cdata="&amp;#957;"/> <!--greek small letter nu, U+03BD ISOgrk3 -->
+		<entity name="xi" cdata="&amp;#958;"/> <!--greek small letter xi, U+03BE ISOgrk3 -->
+		<entity name="omicron" cdata="&amp;#959;"/> <!--greek small letter omicron, U+03BF NEW -->
+		<entity name="pi" cdata="&amp;#960;"/> <!--greek small letter pi, U+03C0 ISOgrk3 -->
+		<entity name="rho" cdata="&amp;#961;"/> <!--greek small letter rho, U+03C1 ISOgrk3 -->
+		<entity name="sigmaf" cdata="&amp;#962;"/> <!--greek small letter final sigma, U+03C2 ISOgrk3 -->
+		<entity name="sigma" cdata="&amp;#963;"/> <!--greek small letter sigma, U+03C3 ISOgrk3 -->
+		<entity name="tau" cdata="&amp;#964;"/> <!--greek small letter tau, U+03C4 ISOgrk3 -->
+		<entity name="upsilon" cdata="&amp;#965;"/> <!--greek small letter upsilon, U+03C5 ISOgrk3 -->
+		<entity name="phi" cdata="&amp;#966;"/> <!--greek small letter phi, U+03C6 ISOgrk3 -->
+		<entity name="chi" cdata="&amp;#967;"/> <!--greek small letter chi, U+03C7 ISOgrk3 -->
+		<entity name="psi" cdata="&amp;#968;"/> <!--greek small letter psi, U+03C8 ISOgrk3 -->
+		<entity name="omega" cdata="&amp;#969;"/> <!--greek small letter omega, U+03C9 ISOgrk3 -->
+		<entity name="thetasym" cdata="&amp;#977;"/> <!--greek small letter theta symbol, U+03D1 NEW -->
+		<entity name="upsih" cdata="&amp;#978;"/> <!--greek upsilon with hook symbol, U+03D2 NEW -->
+		<entity name="piv" cdata="&amp;#982;"/> <!--greek pi symbol, U+03D6 ISOgrk3 -->
+		
+		<!-- General Punctuation -->
+		<entity name="bull" cdata="&amp;#8226;"/> <!--bullet = black small circle, U+2022 ISOpub  -->
+		<!-- bullet is NOT the same as bullet operator, U+2219 -->
+		<entity name="hellip" cdata="&amp;#8230;"/> <!--horizontal ellipsis = three dot leader, U+2026 ISOpub  -->
+		<entity name="prime" cdata="&amp;#8242;"/> <!--prime = minutes = feet, U+2032 ISOtech -->
+		<entity name="Prime" cdata="&amp;#8243;"/> <!--double prime = seconds = inches, U+2033 ISOtech -->
+		<entity name="oline" cdata="&amp;#8254;"/> <!--overline = spacing overscore, U+203E NEW -->
+		<entity name="frasl" cdata="&amp;#8260;"/> <!--fraction slash, U+2044 NEW -->
+		
+		<!-- Letterlike Symbols -->
+		<entity name="weierp" cdata="&amp;#8472;"/> <!--script capital P = power set = Weierstrass p, U+2118 ISOamso -->
+		<entity name="image" cdata="&amp;#8465;"/> <!--blackletter capital I = imaginary part, U+2111 ISOamso -->
+		<entity name="real" cdata="&amp;#8476;"/> <!--blackletter capital R = real part symbol, U+211C ISOamso -->
+		<entity name="trade" cdata="&amp;#8482;"/> <!--trade mark sign, U+2122 ISOnum -->
+		<entity name="alefsym" cdata="&amp;#8501;"/> <!--alef symbol = first transfinite cardinal, U+2135 NEW -->
+		<!-- alef symbol is NOT the same as hebrew letter alef,
+		     U+05D0 although the same glyph could be used to depict both characters -->
+		
+		<!-- Arrows -->
+		<entity name="larr" cdata="&amp;#8592;"/> <!--leftwards arrow, U+2190 ISOnum -->
+		<entity name="uarr" cdata="&amp;#8593;"/> <!--upwards arrow, U+2191 ISOnum-->
+		<entity name="rarr" cdata="&amp;#8594;"/> <!--rightwards arrow, U+2192 ISOnum -->
+		<entity name="darr" cdata="&amp;#8595;"/> <!--downwards arrow, U+2193 ISOnum -->
+		<entity name="harr" cdata="&amp;#8596;"/> <!--left right arrow, U+2194 ISOamsa -->
+		<entity name="crarr" cdata="&amp;#8629;"/> <!--downwards arrow with corner leftwards
+		                                     = carriage return, U+21B5 NEW -->
+		<entity name="lArr" cdata="&amp;#8656;"/> <!--leftwards double arrow, U+21D0 ISOtech -->
+		
+		<!-- ISO 10646 does not say that lArr is the same as the 'is implied by' arrow
+		    but also does not have any other character for that function. So ? lArr can
+		    be used for 'is implied by' as ISOtech suggests -->
+		    
+		<entity name="uArr" cdata="&amp;#8657;"/> <!--upwards double arrow, U+21D1 ISOamsa -->
+		<entity name="rArr" cdata="&amp;#8658;"/> <!--rightwards double arrow, U+21D2 ISOtech -->
+		
+		<!-- ISO 10646 does not say this is the 'implies' character but does not have 
+		     another character with this function so ?
+		     rArr can be used for 'implies' as ISOtech suggests -->
+		     
+		<entity name="dArr" cdata="&amp;#8659;"/> <!--downwards double arrow, U+21D3 ISOamsa -->
+		<entity name="hArr" cdata="&amp;#8660;"/> <!--left right double arrow, U+21D4 ISOamsa -->
+		
+		<!-- Mathematical Operators -->
+		<entity name="forall" cdata="&amp;#8704;"/> <!--for all, U+2200 ISOtech -->
+		<entity name="part" cdata="&amp;#8706;"/> <!--partial differential, U+2202 ISOtech  -->
+		<entity name="exist" cdata="&amp;#8707;"/> <!--there exists, U+2203 ISOtech -->
+		<entity name="empty" cdata="&amp;#8709;"/> <!--empty set = null set = diameter,U+2205 ISOamso -->
+		<entity name="nabla" cdata="&amp;#8711;"/> <!--nabla = backward difference, U+2207 ISOtech -->
+		<entity name="isin" cdata="&amp;#8712;"/> <!--element of, U+2208 ISOtech -->
+		<entity name="notin" cdata="&amp;#8713;"/> <!--not an element of, U+2209 ISOtech -->
+		<entity name="ni" cdata="&amp;#8715;"/> <!--contains as member, U+220B ISOtech -->
+	
+		<!-- should there be a more memorable name than 'ni'? -->
+		<entity name="prod" cdata="&amp;#8719;"/> <!--n-ary product = product sign, U+220F ISOamsb -->
+		
+		<!-- prod is NOT the same character as U+03A0 'greek capital letter pi' though
+		     the same glyph might be used for both -->
+		     
+		<entity name="sum" cdata="&amp;#8721;"/> <!--n-ary sumation, U+2211 ISOamsb -->
+		
+		<!-- sum is NOT the same character as U+03A3 'greek capital letter sigma'
+		     though the same glyph might be used for both -->
+		
+		<entity name="minus" cdata="&amp;#8722;"/> <!--minus sign, U+2212 ISOtech -->
+		<entity name="lowast" cdata="&amp;#8727;"/> <!--asterisk operator, U+2217 ISOtech -->
+		<entity name="radic" cdata="&amp;#8730;"/> <!--square root = radical sign, U+221A ISOtech -->
+		<entity name="prop" cdata="&amp;#8733;"/> <!--proportional to, U+221D ISOtech -->
+		<entity name="infin" cdata="&amp;#8734;"/> <!--infinity, U+221E ISOtech -->
+		<entity name="ang" cdata="&amp;#8736;"/> <!--angle, U+2220 ISOamso -->
+		<entity name="and" cdata="&amp;#8743;"/> <!--logical and = wedge, U+2227 ISOtech -->
+		<entity name="or" cdata="&amp;#8744;"/> <!--logical or = vee, U+2228 ISOtech -->
+		<entity name="cap" cdata="&amp;#8745;"/> <!--intersection = cap, U+2229 ISOtech -->
+		<entity name="cup" cdata="&amp;#8746;"/> <!--union = cup, U+222A ISOtech -->
+		<entity name="int" cdata="&amp;#8747;"/> <!--integral, U+222B ISOtech -->
+		<entity name="there4" cdata="&amp;#8756;"/> <!--therefore, U+2234 ISOtech -->
+		<entity name="sim" cdata="&amp;#8764;"/> <!--tilde operator = varies with = similar to, U+223C ISOtech -->
+		
+		<!-- tilde operator is NOT the same character as the tilde, U+007E,
+		     although the same glyph might be used to represent both  -->
+		     
+		<entity name="cong" cdata="&amp;#8773;"/> <!--approximately equal to, U+2245 ISOtech -->
+		<entity name="asymp" cdata="&amp;#8776;"/> <!--almost equal to = asymptotic to, U+2248 ISOamsr -->
+		<entity name="ne" cdata="&amp;#8800;"/> <!--not equal to, U+2260 ISOtech -->
+		<entity name="equiv" cdata="&amp;#8801;"/> <!--identical to, U+2261 ISOtech -->
+		<entity name="le" cdata="&amp;#8804;"/> <!--less-than or equal to, U+2264 ISOtech -->
+		<entity name="ge" cdata="&amp;#8805;"/> <!--greater-than or equal to, U+2265 ISOtech -->
+		<entity name="sub" cdata="&amp;#8834;"/> <!--subset of, U+2282 ISOtech -->
+		<entity name="sup" cdata="&amp;#8835;"/> <!--superset of, U+2283 ISOtech -->
+		
+		<!-- note that nsup, 'not a superset of, U+2283' is not covered by the Symbol 
+		     font encoding and is not included. Should it be, for symmetry?
+		     It is in ISOamsn  --> 
+		
+		<entity name="nsub" cdata="&amp;#8836;"/> <!--not a subset of, U+2284 ISOamsn -->
+		<entity name="sube" cdata="&amp;#8838;"/> <!--subset of or equal to, U+2286 ISOtech -->
+		<entity name="supe" cdata="&amp;#8839;"/> <!--superset of or equal to, U+2287 ISOtech -->
+		<entity name="oplus" cdata="&amp;#8853;"/> <!--circled plus = direct sum, U+2295 ISOamsb -->
+		<entity name="otimes" cdata="&amp;#8855;"/> <!--circled times = vector product, U+2297 ISOamsb -->
+		<entity name="perp" cdata="&amp;#8869;"/> <!--up tack = orthogonal to = perpendicular, U+22A5 ISOtech -->
+		<entity name="sdot" cdata="&amp;#8901;"/> <!--dot operator, U+22C5 ISOamsb -->
+		<!-- dot operator is NOT the same character as U+00B7 middle dot -->
+		
+		<!-- Miscellaneous Technical -->
+		<entity name="lceil" cdata="&amp;#8968;"/> <!--left ceiling = apl upstile, U+2308 ISOamsc  -->
+		<entity name="rceil" cdata="&amp;#8969;"/> <!--right ceiling, U+2309 ISOamsc  -->
+		<entity name="lfloor" cdata="&amp;#8970;"/> <!--left floor = apl downstile, U+230A ISOamsc  -->
+		<entity name="rfloor" cdata="&amp;#8971;"/> <!--right floor, U+230B ISOamsc  -->
+		<entity name="lang" cdata="&amp;#9001;"/> <!--left-pointing angle bracket = bra, U+2329 ISOtech -->
+		<!-- lang is NOT the same character as U+003C 'less than' 
+		     or U+2039 'single left-pointing angle quotation mark' -->
+		<entity name="rang" cdata="&amp;#9002;"/> <!--right-pointing angle bracket = ket, U+232A ISOtech -->
+		<!-- rang is NOT the same character as U+003E 'greater than' or U+203A 'single right-pointing angle quotation mark' -->
+		
+		<!-- Geometric Shapes -->
+		<entity name="loz" cdata="&amp;#9674;"/> <!--lozenge, U+25CA ISOpub -->
+		
+		<!-- Miscellaneous Symbols -->
+		<entity name="spades" cdata="&amp;#9824;"/> <!--black spade suit, U+2660 ISOpub -->
+		<!-- black here seems to mean filled as opposed to hollow -->
+		<entity name="clubs" cdata="&amp;#9827;"/> <!--black club suit = shamrock, U+2663 ISOpub -->
+		<entity name="hearts" cdata="&amp;#9829;"/> <!--black heart suit = valentine, U+2665 ISOpub -->
+		<entity name="diams" cdata="&amp;#9830;"/> <!--black diamond suit, U+2666 ISOpub -->
+		
+		<entity name="quot" cdata="&amp;#34;"  /> <!--quotation mark = APL quote, U+0022 ISOnum -->
+		<!-- Latin Extended-A -->
+		<entity name="OElig" cdata="&amp;#338;" /> <!--latin capital ligature OE, U+0152 ISOlat2 -->
+		<entity name="oelig" cdata="&amp;#339;" /> <!--latin small ligature oe, U+0153 ISOlat2 -->
+		<!-- ligature is a misnomer, this is a separate character in some languages -->
+		<entity name="Scaron" cdata="&amp;#352;" /> <!--latin capital letter S with caron, U+0160 ISOlat2 -->
+		<entity name="scaron" cdata="&amp;#353;" /> <!--latin small letter s with caron, U+0161 ISOlat2 -->
+		<entity name="Yuml" cdata="&amp;#376;" /> <!--latin capital letter Y with diaeresis, U+0178 ISOlat2 -->
+		
+		<!-- Spacing Modifier Letters -->
+		<entity name="circ" cdata="&amp;#710;" /> <!--modifier letter circumflex accent, U+02C6 ISOpub -->
+		<entity name="tilde" cdata="&amp;#732;" /> <!--small tilde, U+02DC ISOdia -->
+		
+		<!-- General Punctuation -->
+		<entity name="ensp" cdata="&amp;#8194;"/> <!--en space, U+2002 ISOpub -->
+		<entity name="emsp" cdata="&amp;#8195;"/> <!--em space, U+2003 ISOpub -->
+		<entity name="thinsp" cdata="&amp;#8201;"/> <!--thin space, U+2009 ISOpub -->
+		<entity name="zwnj" cdata="&amp;#8204;"/> <!--zero width non-joiner, U+200C NEW RFC 2070 -->
+		<entity name="zwj" cdata="&amp;#8205;"/> <!--zero width joiner, U+200D NEW RFC 2070 -->
+		<entity name="lrm" cdata="&amp;#8206;"/> <!--left-to-right mark, U+200E NEW RFC 2070 -->
+		<entity name="rlm" cdata="&amp;#8207;"/> <!--right-to-left mark, U+200F NEW RFC 2070 -->
+		<entity name="ndash" cdata="&amp;#8211;"/> <!--en dash, U+2013 ISOpub -->
+		<entity name="mdash" cdata="&amp;#8212;"/> <!--em dash, U+2014 ISOpub -->
+		<entity name="lsquo" cdata="&amp;#8216;"/> <!--left single quotation mark, U+2018 ISOnum -->
+		<entity name="rsquo" cdata="&amp;#8217;"/> <!--right single quotation mark, U+2019 ISOnum -->
+		<entity name="sbquo" cdata="&amp;#8218;"/> <!--single low-9 quotation mark, U+201A NEW -->
+		<entity name="ldquo" cdata="&amp;#8220;"/> <!--left double quotation mark, U+201C ISOnum -->
+		<entity name="rdquo" cdata="&amp;#8221;"/> <!--right double quotation mark, U+201D ISOnum -->
+		<entity name="bdquo" cdata="&amp;#8222;"/> <!--double low-9 quotation mark, U+201E NEW -->
+		<entity name="dagger" cdata="&amp;#8224;"/> <!--dagger, U+2020 ISOpub -->
+		<entity name="Dagger" cdata="&amp;#8225;"/> <!--double dagger, U+2021 ISOpub -->
+		<entity name="permil" cdata="&amp;#8240;"/> <!--per mille sign, U+2030 ISOtech -->
+		<entity name="lsaquo" cdata="&amp;#8249;"/> <!--single left-pointing angle quotation mark, U+2039 ISO proposed -->
+		<!-- lsaquo is proposed but not yet ISO standardized -->
+		<entity name="rsaquo" cdata="&amp;#8250;"/> <!--single right-pointing angle quotation mark, U+203A ISO proposed -->
+		<!-- rsaquo is proposed but not yet ISO standardized -->
+		<entity name="euro" cdata="&amp;#8364;" /> <!--euro sign, U+20AC NEW -->
+	</html-entities>
+
+</anti-samy-rules>

From 4db1a33cff1c017a1627b710977a7bf2d6089140 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:34:45 -0500
Subject: [PATCH 273/812] Change CRLF to LF for issue 356.

---
 .../esapi/ESAPI-AccessControlPolicy.xml       | 254 +++++++++---------
 1 file changed, 127 insertions(+), 127 deletions(-)

diff --git a/configuration/esapi/ESAPI-AccessControlPolicy.xml b/configuration/esapi/ESAPI-AccessControlPolicy.xml
index 2ed0732bc..4d2ca74b5 100644
--- a/configuration/esapi/ESAPI-AccessControlPolicy.xml
+++ b/configuration/esapi/ESAPI-AccessControlPolicy.xml
@@ -1,127 +1,127 @@
-<?xml version="1.0" encoding="ISO-8859-1" ?>
-
-<AccessControlPolicy>
-	<AccessControlRules>
-		<AccessControlRule
-			name="AlwaysTrue"
-			description="Access is always granted"
-			class="org.owasp.esapi.reference.accesscontrol.AlwaysTrueACR">
-		</AccessControlRule>
-		<AccessControlRule
-			name="AlwaysFalse"
-			description="Access is always denied"
-			class="org.owasp.esapi.reference.accesscontrol.AlwaysFalseACR">
-		</AccessControlRule>
-		<AccessControlRule
-			name="EchoRuntimeParameter"
-			description="Access depends on the value of the runtime parameter"
-			class="org.owasp.esapi.reference.accesscontrol.EchoRuntimeParameterACR">
-		</AccessControlRule>
-		<AccessControlRule
-			name="EchoPolicyParameter"
-			description="Access depends on the value of the policy parameter: isTrue"
-			class="org.owasp.esapi.reference.accesscontrol.policyloader.EchoDynaBeanPolicyParameterACR">
-			<Parameters>
-				<Parameter name="isTrue" type="Boolean" value="true"/>
-			</Parameters>
-		</AccessControlRule>
-		
-		<!-- 
-			The following Rules are for backwards compatibility with
-			the deprecated AcessController 1.0 reference implementation
-			specification
-		-->
-		<AccessControlRule
-			name="AC 1.0 Data"
-			description="See delegateClass's code comments"
-			class="org.owasp.esapi.reference.accesscontrol.DelegatingACR">
-			<Parameters>
-				<Parameter name="delegateClass" type="String" value="org.owasp.esapi.reference.accesscontrol.FileBasedACRs"/> 
-				<Parameter name="delegateMethod" type="String" value="isAuthorizedForData"/>
-				<Parameter name="parameterClasses" type="StringArray" value="java.lang.String, java.lang.Object"/>
-			</Parameters>
-		</AccessControlRule>
-		<AccessControlRule
-			name="AC 1.0 File"
-			description="See delegateClass's code comments"
-			class="org.owasp.esapi.reference.accesscontrol.DelegatingACR">
-			<Parameters>
-				<Parameter name="delegateClass" type="String" value="org.owasp.esapi.reference.accesscontrol.FileBasedACRs"/>
-				<Parameter name="delegateMethod" type="String" value="isAuthorizedForFile"/>
-				<Parameter name="parameterClasses" type="StringArray" value="java.lang.String"/>
-			</Parameters>
-		</AccessControlRule>
-		<AccessControlRule
-			name="AC 1.0 Function"
-			description="See delegateClass's code comments"
-			class="org.owasp.esapi.reference.accesscontrol.DelegatingACR">
-			<Parameters>
-				<Parameter name="delegateClass" type="String" value="org.owasp.esapi.reference.accesscontrol.FileBasedACRs"/>
-				<Parameter name="delegateMethod" type="String" value="isAuthorizedForFunction"/>
-				<Parameter name="parameterClasses" type="StringArray" value="java.lang.String"/>
-			</Parameters>
-		</AccessControlRule>
-		<AccessControlRule
-			name="AC 1.0 Service"
-			description="See delegateClass's code comments"
-			class="org.owasp.esapi.reference.accesscontrol.DelegatingACR">
-			<Parameters>
-				<Parameter name="delegateClass" type="String" value="org.owasp.esapi.reference.accesscontrol.FileBasedACRs"/>
-				<Parameter name="delegateMethod" type="String" value="isAuthorizedForService"/>
-				<Parameter name="parameterClasses" type="StringArray" value="java.lang.String"/>
-			</Parameters>
-		</AccessControlRule>
-		<AccessControlRule
-			name="AC 1.0 URL"
-			description="See delegateClass's code comments"
-			class="org.owasp.esapi.reference.accesscontrol.DelegatingACR">
-			<Parameters>
-				<Parameter name="delegateClass" type="String" value="org.owasp.esapi.reference.accesscontrol.FileBasedACRs"/>
-				<Parameter name="delegateMethod" type="String" value="isAuthorizedForURL"/>
-				<Parameter name="parameterClasses" type="StringArray" value="java.lang.String"/>
-			</Parameters>
-		</AccessControlRule>
-		
-		<!-- End Rules for backwards compatibility with Access Controller 1.0 -->
-	</AccessControlRules>
-</AccessControlPolicy>
-
-
-
-<!-- 
-We have these as runtime tests, but not as policy file load tests yet.
-		<AccessControlRule
-			name="EchoRuntimeParameterClassCastException"
-			description="Access depends on the value of the runtime parameter"
-			class="org.owasp.esapi.reference.accesscontrol.EchoPolicyParameterACR">
-			<Parameters>
-				<Parameter name="isTrue" type="Boolean" value="This is not a boolean"/>
-			</Parameters>
-		</AccessControlRule>
-		<AccessControlRule
-			name="EchoRuntimeParameterValueNull"
-			description="Access depends on the value of the runtime parameter"
-			class="org.owasp.esapi.reference.accesscontrol.EchoPolicyParameterACR">
-			<Parameters>
-				<Parameter name="isTrue" type="Boolean" value="null"/>
-			</Parameters>
-		</AccessControlRule>
-		<AccessControlRule
-			name="EchoRuntimeParameterValueEmpty"
-			description="Access depends on the value of the runtime parameter"
-			class="org.owasp.esapi.reference.accesscontrol.EchoPolicyParameterACR">
-			<Parameters>
-				<Parameter name="isTrue" type="Boolean" value=""/>
-			</Parameters>
-		</AccessControlRule>
-		<AccessControlRule
-			name="EchoRuntimeParameterValueMissing"
-			description="Access depends on the value of the runtime parameter"
-			class="org.owasp.esapi.reference.accesscontrol.EchoPolicyParameterACR">
-			<Parameters>
-				<Parameter name="isTrue" type="Boolean"/>
-			</Parameters>
-		</AccessControlRule>
--->
-
-<!-- we should add tests for name and type errors too -->
+<?xml version="1.0" encoding="ISO-8859-1" ?>
+
+<AccessControlPolicy>
+	<AccessControlRules>
+		<AccessControlRule
+			name="AlwaysTrue"
+			description="Access is always granted"
+			class="org.owasp.esapi.reference.accesscontrol.AlwaysTrueACR">
+		</AccessControlRule>
+		<AccessControlRule
+			name="AlwaysFalse"
+			description="Access is always denied"
+			class="org.owasp.esapi.reference.accesscontrol.AlwaysFalseACR">
+		</AccessControlRule>
+		<AccessControlRule
+			name="EchoRuntimeParameter"
+			description="Access depends on the value of the runtime parameter"
+			class="org.owasp.esapi.reference.accesscontrol.EchoRuntimeParameterACR">
+		</AccessControlRule>
+		<AccessControlRule
+			name="EchoPolicyParameter"
+			description="Access depends on the value of the policy parameter: isTrue"
+			class="org.owasp.esapi.reference.accesscontrol.policyloader.EchoDynaBeanPolicyParameterACR">
+			<Parameters>
+				<Parameter name="isTrue" type="Boolean" value="true"/>
+			</Parameters>
+		</AccessControlRule>
+		
+		<!-- 
+			The following Rules are for backwards compatibility with
+			the deprecated AcessController 1.0 reference implementation
+			specification
+		-->
+		<AccessControlRule
+			name="AC 1.0 Data"
+			description="See delegateClass's code comments"
+			class="org.owasp.esapi.reference.accesscontrol.DelegatingACR">
+			<Parameters>
+				<Parameter name="delegateClass" type="String" value="org.owasp.esapi.reference.accesscontrol.FileBasedACRs"/> 
+				<Parameter name="delegateMethod" type="String" value="isAuthorizedForData"/>
+				<Parameter name="parameterClasses" type="StringArray" value="java.lang.String, java.lang.Object"/>
+			</Parameters>
+		</AccessControlRule>
+		<AccessControlRule
+			name="AC 1.0 File"
+			description="See delegateClass's code comments"
+			class="org.owasp.esapi.reference.accesscontrol.DelegatingACR">
+			<Parameters>
+				<Parameter name="delegateClass" type="String" value="org.owasp.esapi.reference.accesscontrol.FileBasedACRs"/>
+				<Parameter name="delegateMethod" type="String" value="isAuthorizedForFile"/>
+				<Parameter name="parameterClasses" type="StringArray" value="java.lang.String"/>
+			</Parameters>
+		</AccessControlRule>
+		<AccessControlRule
+			name="AC 1.0 Function"
+			description="See delegateClass's code comments"
+			class="org.owasp.esapi.reference.accesscontrol.DelegatingACR">
+			<Parameters>
+				<Parameter name="delegateClass" type="String" value="org.owasp.esapi.reference.accesscontrol.FileBasedACRs"/>
+				<Parameter name="delegateMethod" type="String" value="isAuthorizedForFunction"/>
+				<Parameter name="parameterClasses" type="StringArray" value="java.lang.String"/>
+			</Parameters>
+		</AccessControlRule>
+		<AccessControlRule
+			name="AC 1.0 Service"
+			description="See delegateClass's code comments"
+			class="org.owasp.esapi.reference.accesscontrol.DelegatingACR">
+			<Parameters>
+				<Parameter name="delegateClass" type="String" value="org.owasp.esapi.reference.accesscontrol.FileBasedACRs"/>
+				<Parameter name="delegateMethod" type="String" value="isAuthorizedForService"/>
+				<Parameter name="parameterClasses" type="StringArray" value="java.lang.String"/>
+			</Parameters>
+		</AccessControlRule>
+		<AccessControlRule
+			name="AC 1.0 URL"
+			description="See delegateClass's code comments"
+			class="org.owasp.esapi.reference.accesscontrol.DelegatingACR">
+			<Parameters>
+				<Parameter name="delegateClass" type="String" value="org.owasp.esapi.reference.accesscontrol.FileBasedACRs"/>
+				<Parameter name="delegateMethod" type="String" value="isAuthorizedForURL"/>
+				<Parameter name="parameterClasses" type="StringArray" value="java.lang.String"/>
+			</Parameters>
+		</AccessControlRule>
+		
+		<!-- End Rules for backwards compatibility with Access Controller 1.0 -->
+	</AccessControlRules>
+</AccessControlPolicy>
+
+
+
+<!-- 
+We have these as runtime tests, but not as policy file load tests yet.
+		<AccessControlRule
+			name="EchoRuntimeParameterClassCastException"
+			description="Access depends on the value of the runtime parameter"
+			class="org.owasp.esapi.reference.accesscontrol.EchoPolicyParameterACR">
+			<Parameters>
+				<Parameter name="isTrue" type="Boolean" value="This is not a boolean"/>
+			</Parameters>
+		</AccessControlRule>
+		<AccessControlRule
+			name="EchoRuntimeParameterValueNull"
+			description="Access depends on the value of the runtime parameter"
+			class="org.owasp.esapi.reference.accesscontrol.EchoPolicyParameterACR">
+			<Parameters>
+				<Parameter name="isTrue" type="Boolean" value="null"/>
+			</Parameters>
+		</AccessControlRule>
+		<AccessControlRule
+			name="EchoRuntimeParameterValueEmpty"
+			description="Access depends on the value of the runtime parameter"
+			class="org.owasp.esapi.reference.accesscontrol.EchoPolicyParameterACR">
+			<Parameters>
+				<Parameter name="isTrue" type="Boolean" value=""/>
+			</Parameters>
+		</AccessControlRule>
+		<AccessControlRule
+			name="EchoRuntimeParameterValueMissing"
+			description="Access depends on the value of the runtime parameter"
+			class="org.owasp.esapi.reference.accesscontrol.EchoPolicyParameterACR">
+			<Parameters>
+				<Parameter name="isTrue" type="Boolean"/>
+			</Parameters>
+		</AccessControlRule>
+-->
+
+<!-- we should add tests for name and type errors too -->

From 19ce3948cf19020046a4186353a5b32a37fbf66d Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:34:45 -0500
Subject: [PATCH 274/812] Change CRLF to LF for issue 356.

---
 .../esapi/waf-policies/add-header-policy.xml  | 56 +++++++++----------
 1 file changed, 28 insertions(+), 28 deletions(-)

diff --git a/configuration/esapi/waf-policies/add-header-policy.xml b/configuration/esapi/waf-policies/add-header-policy.xml
index b2d8efc49..0a48ed2d0 100644
--- a/configuration/esapi/waf-policies/add-header-policy.xml
+++ b/configuration/esapi/waf-policies/add-header-policy.xml
@@ -1,29 +1,29 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies an add-header rule.
-
-	Protection #1: Any response for a resource will contain a header "FOO" with
-	               a value "BAR".
-
-	Exception #1:  Any request for /marketing/* will not have any such header
-	               returned.
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-	
-	<outbound-rules>
-		<add-header name="FOO" value="BAR" path="/.*">
-			<path-exception type="regex">/marketing/.*</path-exception>
-		</add-header>
-	</outbound-rules>
-	
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies an add-header rule.
+
+	Protection #1: Any response for a resource will contain a header "FOO" with
+	               a value "BAR".
+
+	Exception #1:  Any request for /marketing/* will not have any such header
+	               returned.
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+	
+	<outbound-rules>
+		<add-header name="FOO" value="BAR" path="/.*">
+			<path-exception type="regex">/marketing/.*</path-exception>
+		</add-header>
+	</outbound-rules>
+	
 </policy>
\ No newline at end of file

From 43540728991f54e01843af3668e6c524b81e95d5 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:34:45 -0500
Subject: [PATCH 275/812] Change CRLF to LF for issue 356.

---
 .../waf-policies/add-httponly-policy.xml      | 52 +++++++++----------
 1 file changed, 26 insertions(+), 26 deletions(-)

diff --git a/configuration/esapi/waf-policies/add-httponly-policy.xml b/configuration/esapi/waf-policies/add-httponly-policy.xml
index 1232f5997..4420e6ce0 100644
--- a/configuration/esapi/waf-policies/add-httponly-policy.xml
+++ b/configuration/esapi/waf-policies/add-httponly-policy.xml
@@ -1,27 +1,27 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies an add-http-flag rule.
-
-	Protection #1: Any cookie set by the application will have the HttpOnly flag set. This
-	               should apply to the application session ID as well as any custom cookies.
-
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-
-	<outbound-rules>
-		<add-http-only-flag>
-			<cookie name=".*"/>
-		</add-http-only-flag>
-	</outbound-rules>
-	
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies an add-http-flag rule.
+
+	Protection #1: Any cookie set by the application will have the HttpOnly flag set. This
+	               should apply to the application session ID as well as any custom cookies.
+
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+
+	<outbound-rules>
+		<add-http-only-flag>
+			<cookie name=".*"/>
+		</add-http-only-flag>
+	</outbound-rules>
+	
 </policy>
\ No newline at end of file

From bff90d3ce384e826e69eea661a98a82caad7172d Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:34:45 -0500
Subject: [PATCH 276/812] Change CRLF to LF for issue 356.

---
 .../esapi/waf-policies/add-secure-policy.xml  | 52 +++++++++----------
 1 file changed, 26 insertions(+), 26 deletions(-)

diff --git a/configuration/esapi/waf-policies/add-secure-policy.xml b/configuration/esapi/waf-policies/add-secure-policy.xml
index 12298a45a..80067da42 100644
--- a/configuration/esapi/waf-policies/add-secure-policy.xml
+++ b/configuration/esapi/waf-policies/add-secure-policy.xml
@@ -1,27 +1,27 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies an add-secure-flag rule.
-
-	Protection #1: Any cookie set by the application will have the secure flag set. This
-	               should apply to the application session ID as well as any custom cookies.
-
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-	
-	<outbound-rules>
-		<add-secure-flag>
-			<cookie name=".*"/>
-		</add-secure-flag>
-	</outbound-rules>
-	
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies an add-secure-flag rule.
+
+	Protection #1: Any cookie set by the application will have the secure flag set. This
+	               should apply to the application session ID as well as any custom cookies.
+
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+	
+	<outbound-rules>
+		<add-secure-flag>
+			<cookie name=".*"/>
+		</add-secure-flag>
+	</outbound-rules>
+	
 </policy>
\ No newline at end of file

From cf2e253532b2dad8f084d3620e01aaf3bd4914c9 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:34:45 -0500
Subject: [PATCH 277/812] Change CRLF to LF for issue 356.

---
 .../waf-policies/authentication-policy.xml    | 58 +++++++++----------
 1 file changed, 29 insertions(+), 29 deletions(-)

diff --git a/configuration/esapi/waf-policies/authentication-policy.xml b/configuration/esapi/waf-policies/authentication-policy.xml
index 1c1a485be..5a77e6c0b 100644
--- a/configuration/esapi/waf-policies/authentication-policy.xml
+++ b/configuration/esapi/waf-policies/authentication-policy.xml
@@ -1,30 +1,30 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies an authentication rule.
-
-	Authentication applies to: /.*
-	Session variable whose existence implies authentication: sessionUserObjKey
-	Static exception:   <path-exception>/index.html</path-exception>
-	Pattern exception:  <path-exception type="regex">/images/.*</path-exception>
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>>
-
-	<!--
-		Set authentication rules by path.
-	-->
-	<authentication-rules path="/.*"  key="sessionUserObjKey" >
-		<path-exception>/index.html</path-exception>
-		<path-exception type="regex">/images/.*</path-exception>
-	</authentication-rules>
-
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies an authentication rule.
+
+	Authentication applies to: /.*
+	Session variable whose existence implies authentication: sessionUserObjKey
+	Static exception:   <path-exception>/index.html</path-exception>
+	Pattern exception:  <path-exception type="regex">/images/.*</path-exception>
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>>
+
+	<!--
+		Set authentication rules by path.
+	-->
+	<authentication-rules path="/.*"  key="sessionUserObjKey" >
+		<path-exception>/index.html</path-exception>
+		<path-exception type="regex">/images/.*</path-exception>
+	</authentication-rules>
+
 </policy>
\ No newline at end of file

From ec6c70e6e3a6dc16dc326584a29ee751e834a499 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:34:45 -0500
Subject: [PATCH 278/812] Change CRLF to LF for issue 356.

---
 .../esapi/waf-policies/bean-shell-policy.xml  | 58 +++++++++----------
 1 file changed, 29 insertions(+), 29 deletions(-)

diff --git a/configuration/esapi/waf-policies/bean-shell-policy.xml b/configuration/esapi/waf-policies/bean-shell-policy.xml
index 2e3f7bb93..76711c82d 100644
--- a/configuration/esapi/waf-policies/bean-shell-policy.xml
+++ b/configuration/esapi/waf-policies/bean-shell-policy.xml
@@ -1,30 +1,30 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies different custom bean shell rules.
-	
-	
-
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-
-	<!--
-		Import the rules.
-	-->
-	<bean-shell-rules>	
-		<bean-shell-script 
-			name="example1" 
-			file="src/test/resources/.esapi/waf-policies/bean-shell-rule.bsh" 
-			stage="before-request-body"/>
-	</bean-shell-rules>
-
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies different custom bean shell rules.
+	
+	
+
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+
+	<!--
+		Import the rules.
+	-->
+	<bean-shell-rules>	
+		<bean-shell-script 
+			name="example1" 
+			file="src/test/resources/.esapi/waf-policies/bean-shell-rule.bsh" 
+			stage="before-request-body"/>
+	</bean-shell-rules>
+
 </policy>
\ No newline at end of file

From a849b75e7717eaeca252db52da4247e84125e308 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:34:45 -0500
Subject: [PATCH 279/812] Change CRLF to LF for issue 356.

---
 .../waf-policies/detect-outbound-policy.xml   | 52 +++++++++----------
 1 file changed, 26 insertions(+), 26 deletions(-)

diff --git a/configuration/esapi/waf-policies/detect-outbound-policy.xml b/configuration/esapi/waf-policies/detect-outbound-policy.xml
index 8312be95d..ac756aefa 100644
--- a/configuration/esapi/waf-policies/detect-outbound-policy.xml
+++ b/configuration/esapi/waf-policies/detect-outbound-policy.xml
@@ -1,27 +1,27 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies a detect-content rule.
-
-	Protection #1: The rule should fire whenever the string "2008" appears in
-	               a response body.
-	Exception #1:  The rule should -not- fire when the content type is anything
-	               but text/*.
-
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-
-	<outbound-rules>
-		<detect-content content-type=".*text/.*" pattern=".*2008.*" />
-	</outbound-rules>
-	
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies a detect-content rule.
+
+	Protection #1: The rule should fire whenever the string "2008" appears in
+	               a response body.
+	Exception #1:  The rule should -not- fire when the content type is anything
+	               but text/*.
+
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+
+	<outbound-rules>
+		<detect-content content-type=".*text/.*" pattern=".*2008.*" />
+	</outbound-rules>
+	
 </policy>
\ No newline at end of file

From 7994d0e654ebe80915b5395475fd5ab1ecb2f199 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:34:46 -0500
Subject: [PATCH 280/812] Change CRLF to LF for issue 356.

---
 .../waf-policies/dynamic-insertion-policy.xml | 52 +++++++++----------
 1 file changed, 26 insertions(+), 26 deletions(-)

diff --git a/configuration/esapi/waf-policies/dynamic-insertion-policy.xml b/configuration/esapi/waf-policies/dynamic-insertion-policy.xml
index 9c1aa4097..5b0926c2b 100644
--- a/configuration/esapi/waf-policies/dynamic-insertion-policy.xml
+++ b/configuration/esapi/waf-policies/dynamic-insertion-policy.xml
@@ -1,27 +1,27 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies a dynamic-insertion rule.
-
-	Protection #1: All instances of "</body>" in the response body will be replaced by
-	               "this is a test".
-
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-
-	<outbound-rules>
-		<dynamic-insertion pattern="&lt;/body&gt;">
-			<replacement><![CDATA[this is a test]]></replacement>
-		</dynamic-insertion>
-	</outbound-rules>
-	
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies a dynamic-insertion rule.
+
+	Protection #1: All instances of "</body>" in the response body will be replaced by
+	               "this is a test".
+
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+
+	<outbound-rules>
+		<dynamic-insertion pattern="&lt;/body&gt;">
+			<replacement><![CDATA[this is a test]]></replacement>
+		</dynamic-insertion>
+	</outbound-rules>
+	
 </policy>
\ No newline at end of file

From 1fcdc4894aa22ef175928fa3fb80548d1242a380 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:34:46 -0500
Subject: [PATCH 281/812] Change CRLF to LF for issue 356.

---
 .../waf-policies/enforce-https-policy.xml     | 54 +++++++++----------
 1 file changed, 27 insertions(+), 27 deletions(-)

diff --git a/configuration/esapi/waf-policies/enforce-https-policy.xml b/configuration/esapi/waf-policies/enforce-https-policy.xml
index ab123b7e6..beb88513a 100644
--- a/configuration/esapi/waf-policies/enforce-https-policy.xml
+++ b/configuration/esapi/waf-policies/enforce-https-policy.xml
@@ -1,28 +1,28 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies an enforce-https rule.
-
-	Protection #1: a request of any kind for /foo should be redirected to secure request with 302.
-	Exception #1: Static path /index.html
-	Exception #2: Pattern path /images/.*
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-
-	<url-rules>
-		<enforce-https path="/.*">
-			<path-exception>/index.html</path-exception>
-			<path-exception type="regex">/images/.*</path-exception>
-		</enforce-https>
-	</url-rules>
-
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies an enforce-https rule.
+
+	Protection #1: a request of any kind for /foo should be redirected to secure request with 302.
+	Exception #1: Static path /index.html
+	Exception #2: Pattern path /images/.*
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+
+	<url-rules>
+		<enforce-https path="/.*">
+			<path-exception>/index.html</path-exception>
+			<path-exception type="regex">/images/.*</path-exception>
+		</enforce-https>
+	</url-rules>
+
 </policy>
\ No newline at end of file

From f46fde8aa7ff9921897f365e373126170b1446de Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:34:46 -0500
Subject: [PATCH 282/812] Change CRLF to LF for issue 356.

---
 .../esapi/waf-policies/must-match-policy.xml  | 68 +++++++++----------
 1 file changed, 34 insertions(+), 34 deletions(-)

diff --git a/configuration/esapi/waf-policies/must-match-policy.xml b/configuration/esapi/waf-policies/must-match-policy.xml
index 721fa4cfa..af26fc4cd 100644
--- a/configuration/esapi/waf-policies/must-match-policy.xml
+++ b/configuration/esapi/waf-policies/must-match-policy.xml
@@ -1,35 +1,35 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies a must-match rule.
-
-	Protection #1:
-	Protection applies to: /admin/.*
-	Header name needed to access: x-roles
-	Header value needs to *contain* the string: admin
-
-	Protection #2:
-	Protection applies to: /superadmin/.*
-	Header name needed to access: x-roles
-	Header value needs to *equal* the string: superadmin
-
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-
-	<authorization-rules>
-		<must-match path="^/admin/.*" variable="request.header.x-roles"
-			operator="contains" value="admin" />
-		<must-match path="^/superadmin/.*" variable="request.header.x-roles"
-			operator="equals" value="superadmin" />
-	</authorization-rules>
-
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies a must-match rule.
+
+	Protection #1:
+	Protection applies to: /admin/.*
+	Header name needed to access: x-roles
+	Header value needs to *contain* the string: admin
+
+	Protection #2:
+	Protection applies to: /superadmin/.*
+	Header name needed to access: x-roles
+	Header value needs to *equal* the string: superadmin
+
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+
+	<authorization-rules>
+		<must-match path="^/admin/.*" variable="request.header.x-roles"
+			operator="contains" value="admin" />
+		<must-match path="^/superadmin/.*" variable="request.header.x-roles"
+			operator="equals" value="superadmin" />
+	</authorization-rules>
+
 </policy>
\ No newline at end of file

From 7a177267b4d67522df100e615009528f3c2f9a63 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:34:46 -0500
Subject: [PATCH 283/812] Change CRLF to LF for issue 356.

---
 .../waf-policies/replace-outbound-policy.xml  | 52 +++++++++----------
 1 file changed, 26 insertions(+), 26 deletions(-)

diff --git a/configuration/esapi/waf-policies/replace-outbound-policy.xml b/configuration/esapi/waf-policies/replace-outbound-policy.xml
index 9c1aa4097..5b0926c2b 100644
--- a/configuration/esapi/waf-policies/replace-outbound-policy.xml
+++ b/configuration/esapi/waf-policies/replace-outbound-policy.xml
@@ -1,27 +1,27 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies a dynamic-insertion rule.
-
-	Protection #1: All instances of "</body>" in the response body will be replaced by
-	               "this is a test".
-
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-
-	<outbound-rules>
-		<dynamic-insertion pattern="&lt;/body&gt;">
-			<replacement><![CDATA[this is a test]]></replacement>
-		</dynamic-insertion>
-	</outbound-rules>
-	
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies a dynamic-insertion rule.
+
+	Protection #1: All instances of "</body>" in the response body will be replaced by
+	               "this is a test".
+
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+
+	<outbound-rules>
+		<dynamic-insertion pattern="&lt;/body&gt;">
+			<replacement><![CDATA[this is a test]]></replacement>
+		</dynamic-insertion>
+	</outbound-rules>
+	
 </policy>
\ No newline at end of file

From e20146fc9bb685ec06e2a655b4c378a00af9c53e Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:34:46 -0500
Subject: [PATCH 284/812] Change CRLF to LF for issue 356.

---
 .../restrict-content-type-policy.xml          | 52 +++++++++----------
 1 file changed, 26 insertions(+), 26 deletions(-)

diff --git a/configuration/esapi/waf-policies/restrict-content-type-policy.xml b/configuration/esapi/waf-policies/restrict-content-type-policy.xml
index a9b8a4a38..b766f19d3 100644
--- a/configuration/esapi/waf-policies/restrict-content-type-policy.xml
+++ b/configuration/esapi/waf-policies/restrict-content-type-policy.xml
@@ -1,27 +1,27 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies a restrict-content-type rule.
-
-	Protection #1: any request with a content-type containing the word 'multipart' will be rejected
-	Exception  #1: requests for /fileupload.jsp are allowed to have 'multipart' in content-type
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-
-	<header-rules>
-		<restrict-content-type deny=".*multipart.*">
-			<path-exception type="regex">/fileupload.jsp</path-exception>
-		</restrict-content-type>
-
-	</header-rules>
-
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies a restrict-content-type rule.
+
+	Protection #1: any request with a content-type containing the word 'multipart' will be rejected
+	Exception  #1: requests for /fileupload.jsp are allowed to have 'multipart' in content-type
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+
+	<header-rules>
+		<restrict-content-type deny=".*multipart.*">
+			<path-exception type="regex">/fileupload.jsp</path-exception>
+		</restrict-content-type>
+
+	</header-rules>
+
 </policy>
\ No newline at end of file

From bd94f010f471095e4357e6e020d5844c88d93126 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:34:46 -0500
Subject: [PATCH 285/812] Change CRLF to LF for issue 356.

---
 .../restrict-extension-policy.xml             | 48 +++++++++----------
 1 file changed, 24 insertions(+), 24 deletions(-)

diff --git a/configuration/esapi/waf-policies/restrict-extension-policy.xml b/configuration/esapi/waf-policies/restrict-extension-policy.xml
index fe1dbe193..a572bd4ea 100644
--- a/configuration/esapi/waf-policies/restrict-extension-policy.xml
+++ b/configuration/esapi/waf-policies/restrict-extension-policy.xml
@@ -1,25 +1,25 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies a restrict-extension rule.
-
-	Protection #1: any URI ending with .log will be rejected
-	Protection #2: any URI ending with .jsp will be allowed
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-
-	<url-rules>
-		<restrict-extension deny=".*\.log$" />
-		<restrict-extension allow=".*\.jsp$" />
-	</url-rules>
-
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies a restrict-extension rule.
+
+	Protection #1: any URI ending with .log will be rejected
+	Protection #2: any URI ending with .jsp will be allowed
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+
+	<url-rules>
+		<restrict-extension deny=".*\.log$" />
+		<restrict-extension allow=".*\.jsp$" />
+	</url-rules>
+
 </policy>
\ No newline at end of file

From 30703f6d73e1a488a43d34b197e1b4b02995d2d8 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:34:46 -0500
Subject: [PATCH 286/812] Change CRLF to LF for issue 356.

---
 .../waf-policies/restrict-method-policy.xml   | 48 +++++++++----------
 1 file changed, 24 insertions(+), 24 deletions(-)

diff --git a/configuration/esapi/waf-policies/restrict-method-policy.xml b/configuration/esapi/waf-policies/restrict-method-policy.xml
index 5a2337cf7..c1eb5a36e 100644
--- a/configuration/esapi/waf-policies/restrict-method-policy.xml
+++ b/configuration/esapi/waf-policies/restrict-method-policy.xml
@@ -1,25 +1,25 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies a restrict-extension rule.
-
-	Protection #1: any URI ending with .log will be rejected
-	Protection #2: any URI ending with .jsp will be allowed
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-
-	<url-rules>
-		<restrict-extension deny="\.log$" />
-		<restrict-extension allow="\.jsp$" />
-	</url-rules>
-
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies a restrict-extension rule.
+
+	Protection #1: any URI ending with .log will be rejected
+	Protection #2: any URI ending with .jsp will be allowed
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+
+	<url-rules>
+		<restrict-extension deny="\.log$" />
+		<restrict-extension allow="\.jsp$" />
+	</url-rules>
+
 </policy>
\ No newline at end of file

From b80eee75e4ec46a0794dfdc5c6dc9fc71b4305d0 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:34:46 -0500
Subject: [PATCH 287/812] Change CRLF to LF for issue 356.

---
 .../restrict-source-ip-policy.xml             | 52 +++++++++----------
 1 file changed, 26 insertions(+), 26 deletions(-)

diff --git a/configuration/esapi/waf-policies/restrict-source-ip-policy.xml b/configuration/esapi/waf-policies/restrict-source-ip-policy.xml
index d23d87a02..72860a7d3 100644
--- a/configuration/esapi/waf-policies/restrict-source-ip-policy.xml
+++ b/configuration/esapi/waf-policies/restrict-source-ip-policy.xml
@@ -1,27 +1,27 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies a restrict-source-ip rule.
-
-	The restriction applies to: /admin/.*
-	Pattern exception:  (192\.168\.1\\..*|127.0.0.1)
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-
-	<authorization-rules>
-		<restrict-source-ip
-			type="regex"
-			ip-regex="(192\.168\.1\\..*|127.0.0.1)">/admin/.*</restrict-source-ip>
-
-	</authorization-rules>
-
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies a restrict-source-ip rule.
+
+	The restriction applies to: /admin/.*
+	Pattern exception:  (192\.168\.1\\..*|127.0.0.1)
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+
+	<authorization-rules>
+		<restrict-source-ip
+			type="regex"
+			ip-regex="(192\.168\.1\\..*|127.0.0.1)">/admin/.*</restrict-source-ip>
+
+	</authorization-rules>
+
 </policy>
\ No newline at end of file

From e6704dc1e8d247b97e00fb4272f3f998c72b72e2 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:34:46 -0500
Subject: [PATCH 288/812] Change CRLF to LF for issue 356.

---
 .../restrict-user-agent-policy.xml            | 50 +++++++++----------
 1 file changed, 25 insertions(+), 25 deletions(-)

diff --git a/configuration/esapi/waf-policies/restrict-user-agent-policy.xml b/configuration/esapi/waf-policies/restrict-user-agent-policy.xml
index 7cdebd595..c550a2c61 100644
--- a/configuration/esapi/waf-policies/restrict-user-agent-policy.xml
+++ b/configuration/esapi/waf-policies/restrict-user-agent-policy.xml
@@ -1,26 +1,26 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies a restrict-user-agent rule.
-
-	Protection #1: any request with a user agent containing the word 'GoogleBot' will be rejected
-	Exception  #1: requests for /index.html are allowed to have 'GoogleBot' in user agent
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-
-	<header-rules>
-		<restrict-user-agent deny=".*GoogleBot.*">
-			<path-exception type="regex">/index.html</path-exception>
-		</restrict-user-agent>
-	</header-rules>
-
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies a restrict-user-agent rule.
+
+	Protection #1: any request with a user agent containing the word 'GoogleBot' will be rejected
+	Exception  #1: requests for /index.html are allowed to have 'GoogleBot' in user agent
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+
+	<header-rules>
+		<restrict-user-agent deny=".*GoogleBot.*">
+			<path-exception type="regex">/index.html</path-exception>
+		</restrict-user-agent>
+	</header-rules>
+
 </policy>
\ No newline at end of file

From 158a6bbcfa98bac6a1d08fc76c2c2e6ec26dc193 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:34:46 -0500
Subject: [PATCH 289/812] Change CRLF to LF for issue 356.

---
 .../waf-policies/virtual-patch-policy.xml     | 52 +++++++++----------
 1 file changed, 26 insertions(+), 26 deletions(-)

diff --git a/configuration/esapi/waf-policies/virtual-patch-policy.xml b/configuration/esapi/waf-policies/virtual-patch-policy.xml
index 61c93fa88..8b989dd6e 100644
--- a/configuration/esapi/waf-policies/virtual-patch-policy.xml
+++ b/configuration/esapi/waf-policies/virtual-patch-policy.xml
@@ -1,27 +1,27 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies a virtual-patch rule.
-
-	Protection #1: Any request whose URI is /foo.jsp (despite content-type) will have
-	               the 'bar' parameter checked to see if its alphanumeric. If a parameter
-				   fails validation, the message "zomg attax" will be logged.
-
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-
-	<virtual-patches>
-		<virtual-patch id="1234" path="/foo.jsp" variable="request.parameters.bar"
-			pattern="[0-9a-zA-Z]" message="zomg attax" />
-	</virtual-patches>
-
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies a virtual-patch rule.
+
+	Protection #1: Any request whose URI is /foo.jsp (despite content-type) will have
+	               the 'bar' parameter checked to see if its alphanumeric. If a parameter
+				   fails validation, the message "zomg attax" will be logged.
+
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+
+	<virtual-patches>
+		<virtual-patch id="1234" path="/foo.jsp" variable="request.parameters.bar"
+			pattern="[0-9a-zA-Z]" message="zomg attax" />
+	</virtual-patches>
+
 </policy>
\ No newline at end of file

From c9d3cdb68b4b34bb02b53291b04aa42f23122c30 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:34:46 -0500
Subject: [PATCH 290/812] Change CRLF to LF for issue 356.

---
 configuration/log4j.xml | 94 ++++++++++++++++++++---------------------
 1 file changed, 47 insertions(+), 47 deletions(-)

diff --git a/configuration/log4j.xml b/configuration/log4j.xml
index 6f895d580..758514e80 100644
--- a/configuration/log4j.xml
+++ b/configuration/log4j.xml
@@ -1,47 +1,47 @@
-<?xml version="1.0" encoding="UTF-8" ?>
-<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
-<!-- main resources -->
-<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/">
-  <appender name="console" class="org.apache.log4j.ConsoleAppender"> 
-    <param name="Target" value="System.out"/> 
-    <layout class="org.apache.log4j.PatternLayout"> 
-      <param name="ConversionPattern" value="%-5p %m%n"/> 
-    </layout> 
-  </appender> 
-
-  <logger name="org.owasp.esapi.reference.TestTrace">
-    <level value="trace"/>
-  </logger>
-
-  <logger name="org.owasp.esapi.reference.TestDebug">
-    <level value="debug"/>
-  </logger>
-
-  <logger name="org.owasp.esapi.reference.TestInfo">
-    <level value="info"/>
- </logger>
-
-  <logger name="org.owasp.esapi.reference.TestWarning">
-    <level value="warn"/>
-  </logger>
-
-  <logger name="org.owasp.esapi.reference.TestError">
-    <level value="error"/>
-  </logger>
-
-  <logger name="org.owasp.esapi.reference.TestFatal">
-    <level value="fatal"/>
-  </logger>
-
-  <logger name="org.owasp.esapi.reference">
-    <level value="info"/>
-  </logger>
-
-  <root> 
-    <priority value ="debug" /> 
-    <appender-ref ref="console" /> 
-  </root>
-
-  <loggerFactory class="org.owasp.esapi.reference.Log4JLoggerFactory"/>
-  
-</log4j:configuration>
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
+<!-- main resources -->
+<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/">
+  <appender name="console" class="org.apache.log4j.ConsoleAppender"> 
+    <param name="Target" value="System.out"/> 
+    <layout class="org.apache.log4j.PatternLayout"> 
+      <param name="ConversionPattern" value="%-5p %m%n"/> 
+    </layout> 
+  </appender> 
+
+  <logger name="org.owasp.esapi.reference.TestTrace">
+    <level value="trace"/>
+  </logger>
+
+  <logger name="org.owasp.esapi.reference.TestDebug">
+    <level value="debug"/>
+  </logger>
+
+  <logger name="org.owasp.esapi.reference.TestInfo">
+    <level value="info"/>
+ </logger>
+
+  <logger name="org.owasp.esapi.reference.TestWarning">
+    <level value="warn"/>
+  </logger>
+
+  <logger name="org.owasp.esapi.reference.TestError">
+    <level value="error"/>
+  </logger>
+
+  <logger name="org.owasp.esapi.reference.TestFatal">
+    <level value="fatal"/>
+  </logger>
+
+  <logger name="org.owasp.esapi.reference">
+    <level value="info"/>
+  </logger>
+
+  <root> 
+    <priority value ="debug" /> 
+    <appender-ref ref="console" /> 
+  </root>
+
+  <loggerFactory class="org.owasp.esapi.reference.Log4JLoggerFactory"/>
+  
+</log4j:configuration>

From b7334c4327223c77746a7fbbcac2429df78315d3 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:34:46 -0500
Subject: [PATCH 291/812] Change CRLF to LF for issue 356.

---
 javadoc.xml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/javadoc.xml b/javadoc.xml
index daa7ba95f..791f62ae7 100644
--- a/javadoc.xml
+++ b/javadoc.xml
@@ -1,6 +1,6 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<project default="javadoc">
-    <target name="javadoc">
-        <javadoc access="public" author="true" classpath="lib/xml-apis-ext.jar;lib/xml-apis.jar;lib/nekohtml.jar;lib/batik-util.jar;C:\eclipse\plugins\org.junit_3.8.2.v20080602-1318\junit.jar;lib/antisamy-bin.1.2.jar;lib/servlet-api.jar;lib/commons-fileupload-1.2.jar;lib/xercesImpl.jar;lib/batik-css.jar;lib/commons-io-1.3.2.jar;lib/jsp-api.jar" destdir="doc" doctitle="OWASP Enterprise Security API (ESAPI)" nodeprecated="false" nodeprecatedlist="false" noindex="false" nonavbar="false" notree="false" overview="C:\Work\Aspect\ESAPI_Live\javadoc\overview-summary.html" packagenames="org.owasp.esapi.codecs,org.owasp.esapi.tags" source="1.4" sourcefiles="src/org/owasp/esapi/reference/DefaultSecurityConfiguration.java,src/org/owasp/esapi/reference/DefaultUser.java,src/org/owasp/esapi/filters/SafeResponse.java,src/org/owasp/esapi/errors/IntegrityException.java,src/org/owasp/esapi/Encoder.java,src/org/owasp/esapi/reference/JavaLogFactory.java,src/org/owasp/esapi/reference/DefaultValidator.java,src/org/owasp/esapi/reference/IntegerAccessReferenceMap.java,src/org/owasp/esapi/AccessReferenceMap.java,src/org/owasp/esapi/HTTPUtilities.java,src/org/owasp/esapi/StringUtilities.java,src/org/owasp/esapi/errors/ValidationAvailabilityException.java,src/org/owasp/esapi/reference/DefaultEncoder.java,src/org/owasp/esapi/AccessController.java,src/org/owasp/esapi/errors/ExecutorException.java,src/org/owasp/esapi/filters/RequestRateThrottleFilter.java,src/org/owasp/esapi/Encryptor.java,src/org/owasp/esapi/reference/DefaultIntrusionDetector.java,src/org/owasp/esapi/ValidationErrorList.java,src/org/owasp/esapi/reference/DefaultExecutor.java,src/org/owasp/esapi/Executor.java,src/org/owasp/esapi/SecurityConfiguration.java,src/org/owasp/esapi/reference/FileBasedAuthenticator.java,src/org/owasp/esapi/errors/CertificateException.java,src/org/owasp/esapi/errors/AuthenticationLoginException.java,src/org/owasp/esapi/reference/FileBasedAccessController.java,src/org/owasp/esapi/errors/ValidationException.java,src/org/owasp/esapi/reference/DefaultHTTPUtilities.java,src/org/owasp/esapi/IntrusionDetector.java,src/org/owasp/esapi/errors/IntrusionException.java,src/org/owasp/esapi/Authenticator.java,src/org/owasp/esapi/errors/AuthenticationException.java,src/org/owasp/esapi/filters/SafeRequest.java,src/org/owasp/esapi/User.java,src/org/owasp/esapi/EncryptedProperties.java,src/org/owasp/esapi/LogFactory.java,src/org/owasp/esapi/errors/EncryptionException.java,src/org/owasp/esapi/Logger.java,src/org/owasp/esapi/filters/SafeHTTPFilter.java,src/org/owasp/esapi/reference/JavaEncryptor.java,src/org/owasp/esapi/SafeFile.java,src/org/owasp/esapi/errors/ValidationUploadException.java,src/org/owasp/esapi/errors/AuthenticationAccountsException.java,src/org/owasp/esapi/reference/DefaultRandomizer.java,src/org/owasp/esapi/Randomizer.java,src/org/owasp/esapi/ESAPI.java,src/org/owasp/esapi/errors/EncodingException.java,src/org/owasp/esapi/errors/EnterpriseSecurityException.java,src/org/owasp/esapi/errors/AccessControlException.java,src/org/owasp/esapi/errors/AuthenticationHostException.java,src/org/owasp/esapi/errors/AuthenticationCredentialsException.java,src/org/owasp/esapi/errors/AvailabilityException.java,src/org/owasp/esapi/filters/ESAPIFilter.java,src/org/owasp/esapi/reference/DefaultEncryptedProperties.java,src/org/owasp/esapi/reference/RandomAccessReferenceMap.java,src/org/owasp/esapi/Validator.java" sourcepath="test;src" splitindex="true" use="true" version="true"/>
-    </target>
-</project>
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<project default="javadoc">
+    <target name="javadoc">
+        <javadoc access="public" author="true" classpath="lib/xml-apis-ext.jar;lib/xml-apis.jar;lib/nekohtml.jar;lib/batik-util.jar;C:\eclipse\plugins\org.junit_3.8.2.v20080602-1318\junit.jar;lib/antisamy-bin.1.2.jar;lib/servlet-api.jar;lib/commons-fileupload-1.2.jar;lib/xercesImpl.jar;lib/batik-css.jar;lib/commons-io-1.3.2.jar;lib/jsp-api.jar" destdir="doc" doctitle="OWASP Enterprise Security API (ESAPI)" nodeprecated="false" nodeprecatedlist="false" noindex="false" nonavbar="false" notree="false" overview="C:\Work\Aspect\ESAPI_Live\javadoc\overview-summary.html" packagenames="org.owasp.esapi.codecs,org.owasp.esapi.tags" source="1.4" sourcefiles="src/org/owasp/esapi/reference/DefaultSecurityConfiguration.java,src/org/owasp/esapi/reference/DefaultUser.java,src/org/owasp/esapi/filters/SafeResponse.java,src/org/owasp/esapi/errors/IntegrityException.java,src/org/owasp/esapi/Encoder.java,src/org/owasp/esapi/reference/JavaLogFactory.java,src/org/owasp/esapi/reference/DefaultValidator.java,src/org/owasp/esapi/reference/IntegerAccessReferenceMap.java,src/org/owasp/esapi/AccessReferenceMap.java,src/org/owasp/esapi/HTTPUtilities.java,src/org/owasp/esapi/StringUtilities.java,src/org/owasp/esapi/errors/ValidationAvailabilityException.java,src/org/owasp/esapi/reference/DefaultEncoder.java,src/org/owasp/esapi/AccessController.java,src/org/owasp/esapi/errors/ExecutorException.java,src/org/owasp/esapi/filters/RequestRateThrottleFilter.java,src/org/owasp/esapi/Encryptor.java,src/org/owasp/esapi/reference/DefaultIntrusionDetector.java,src/org/owasp/esapi/ValidationErrorList.java,src/org/owasp/esapi/reference/DefaultExecutor.java,src/org/owasp/esapi/Executor.java,src/org/owasp/esapi/SecurityConfiguration.java,src/org/owasp/esapi/reference/FileBasedAuthenticator.java,src/org/owasp/esapi/errors/CertificateException.java,src/org/owasp/esapi/errors/AuthenticationLoginException.java,src/org/owasp/esapi/reference/FileBasedAccessController.java,src/org/owasp/esapi/errors/ValidationException.java,src/org/owasp/esapi/reference/DefaultHTTPUtilities.java,src/org/owasp/esapi/IntrusionDetector.java,src/org/owasp/esapi/errors/IntrusionException.java,src/org/owasp/esapi/Authenticator.java,src/org/owasp/esapi/errors/AuthenticationException.java,src/org/owasp/esapi/filters/SafeRequest.java,src/org/owasp/esapi/User.java,src/org/owasp/esapi/EncryptedProperties.java,src/org/owasp/esapi/LogFactory.java,src/org/owasp/esapi/errors/EncryptionException.java,src/org/owasp/esapi/Logger.java,src/org/owasp/esapi/filters/SafeHTTPFilter.java,src/org/owasp/esapi/reference/JavaEncryptor.java,src/org/owasp/esapi/SafeFile.java,src/org/owasp/esapi/errors/ValidationUploadException.java,src/org/owasp/esapi/errors/AuthenticationAccountsException.java,src/org/owasp/esapi/reference/DefaultRandomizer.java,src/org/owasp/esapi/Randomizer.java,src/org/owasp/esapi/ESAPI.java,src/org/owasp/esapi/errors/EncodingException.java,src/org/owasp/esapi/errors/EnterpriseSecurityException.java,src/org/owasp/esapi/errors/AccessControlException.java,src/org/owasp/esapi/errors/AuthenticationHostException.java,src/org/owasp/esapi/errors/AuthenticationCredentialsException.java,src/org/owasp/esapi/errors/AvailabilityException.java,src/org/owasp/esapi/filters/ESAPIFilter.java,src/org/owasp/esapi/reference/DefaultEncryptedProperties.java,src/org/owasp/esapi/reference/RandomAccessReferenceMap.java,src/org/owasp/esapi/Validator.java" sourcepath="test;src" splitindex="true" use="true" version="true"/>
+    </target>
+</project>

From ead51f90e60e4612a2e35d380fe9f55359b9a5b9 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:34:46 -0500
Subject: [PATCH 292/812] Change CRLF to LF for issue 356.

---
 .../org.eclipse.wst.common.project.facet.core.xml      | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/.settings/org.eclipse.wst.common.project.facet.core.xml b/.settings/org.eclipse.wst.common.project.facet.core.xml
index 613f29cbf..9bbcbd78e 100644
--- a/.settings/org.eclipse.wst.common.project.facet.core.xml
+++ b/.settings/org.eclipse.wst.common.project.facet.core.xml
@@ -1,6 +1,6 @@
-<faceted-project>
-  <fixed facet="jst.java"/>
-  <fixed facet="jst.utility"/>
-  <installed facet="jst.utility" version="1.0"/>
-  <installed facet="jst.java" version="5.0"/>
+<faceted-project>
+  <fixed facet="jst.java"/>
+  <fixed facet="jst.utility"/>
+  <installed facet="jst.utility" version="1.0"/>
+  <installed facet="jst.java" version="5.0"/>
 </faceted-project>
\ No newline at end of file

From af87670af171d0352350065aa621fbc0a7f906fd Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:34:46 -0500
Subject: [PATCH 293/812] Change CRLF to LF for issue 356.

---
 src/test/resources/esapi/antisamy-esapi.xml | 984 ++++++++++----------
 1 file changed, 492 insertions(+), 492 deletions(-)

diff --git a/src/test/resources/esapi/antisamy-esapi.xml b/src/test/resources/esapi/antisamy-esapi.xml
index 500ab5943..14880d0b5 100644
--- a/src/test/resources/esapi/antisamy-esapi.xml
+++ b/src/test/resources/esapi/antisamy-esapi.xml
@@ -1,492 +1,492 @@
-<?xml version="1.0" encoding="ISO-8859-1"?>
-	
-<!-- 
-W3C rules retrieved from:
-http://www.w3.org/TR/html401/struct/global.html
--->
-	
-<!--
-Slashdot allowed tags taken from "Reply" page:
-<b> <i> <p> <br> <a> <ol> <ul> <li> <dl> <dt> <dd> <em> <strong> <tt> <blockquote> <div> <ecode> <quote>
--->
-
-<anti-samy-rules xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-		xsi:noNamespaceSchemaLocation="antisamy.xsd">
-	
-	<directives>
-		<directive name="omitXmlDeclaration" value="true"/>
-		<directive name="omitDoctypeDeclaration" value="true"/>
-		<directive name="maxInputSize" value="500000"/>
-		<directive name="embedStyleSheets" value="false"/>
-	</directives>
-	
-	
-	<common-regexps>
-		
-		<!-- 
-		From W3C:
-		This attribute assigns a class name or set of class names to an
-		element. Any number of elements may be assigned the same class
-		name or names. Multiple class names must be separated by white 
-		space characters.
-		-->
-		
-		<regexp name="htmlTitle" value="[a-zA-Z0-9\s-_',:\[\]!\./\\\(\)]*"/> <!-- force non-empty with a '+' at the end instead of '*' -->
-		<regexp name="onsiteURL" value="([\w\\/\.\?=&amp;;\#-~]+|\#(\w)+)"/>
-		<regexp name="offsiteURL" value="(\s)*((ht|f)tp(s?)://|mailto:)[A-Za-z0-9]+[~a-zA-Z0-9-_\.@#$%&amp;;:,\?=/\+!]*(\s)*"/>
-	
-	</common-regexps>
-	
-	<!-- 
-	
-	Tag.name = a, b, div, body, etc.
-	Tag.action = filter: remove tags, but keep content, validate: keep content as long as it passes rules, remove: remove tag and contents
-	Attribute.name = id, class, href, align, width, etc.
-	Attribute.onInvalid = what to do when the attribute is invalid, e.g., remove the tag (removeTag), remove the attribute (removeAttribute), filter the tag (filterTag)
-	Attribute.description = What rules in English you want to tell the users they can have for this attribute. Include helpful things so they'll be able to tune their HTML
-	 
-	 -->
-
-	<!-- 
-	Some attributes are common to all (or most) HTML tags. There aren't many that qualify for this. You have to make sure there's no
-	collisions between any of these attribute names with attribute names of other tags that are for different purposes.
-	-->
-
-	<common-attributes>
-		
-
-		<attribute name="lang" description="The 'lang' attribute tells the browser what language the element's attribute values and content are written in">
-		 	<regexp-list>
-		 		<regexp value="[a-zA-Z]{2,20}"/>
-		 	</regexp-list>
-		 </attribute>
-		 
-		 <attribute name="title" description="The 'title' attribute provides text that shows up in a 'tooltip' when a user hovers their mouse over the element">
-		 	<regexp-list>
-		 		<regexp name="htmlTitle"/>
-		 	</regexp-list>
-		 </attribute>
-
-		<attribute name="href" onInvalid="filterTag">
-			<regexp-list>
-				<regexp name="onsiteURL"/>
-				<regexp name="offsiteURL"/>
-			</regexp-list>
-		</attribute>
-	
-		<attribute name="align" description="The 'align' attribute of an HTML element is a direction word, like 'left', 'right' or 'center'">
-			<literal-list>
-				<literal value="center"/>
-				<literal value="left"/>
-				<literal value="right"/>
-				<literal value="justify"/>
-				<literal value="char"/>
-			</literal-list>
-		</attribute>
-
-	</common-attributes>
-
-
-	<!--
-	This requires normal updates as browsers continue to diverge from the W3C and each other. As long as the browser wars continue
-	this is going to continue. I'm not sure war is the right word for what's going on. Doesn't somebody have to win a war after 
-	a while?
-	 -->
-	
-	<global-tag-attributes>
-		<attribute name="title"/>
-		<attribute name="lang"/>
-	</global-tag-attributes>
-
-
-	<tag-rules>
-
-		<!-- Tags related to JavaScript -->
-
-		<tag name="script" action="remove"/>
-		<tag name="noscript" action="remove"/>
-		
-		<!-- Frame & related tags -->
-		
-		<tag name="iframe" action="remove"/>
-		<tag name="frameset" action="remove"/>
-		<tag name="frame" action="remove"/>
-		<tag name="noframes" action="remove"/>
-		
-
-		<!-- All reasonable formatting tags -->
-		
-		<tag name="p" action="validate">
-			<attribute name="align"/>
-		</tag>
-
-		<tag name="div" action="validate"/>		
-		<tag name="i" action="validate"/>
-		<tag name="b" action="validate"/>
-		<tag name="em" action="validate"/>
-		<tag name="blockquote" action="validate"/>
-		<tag name="tt" action="validate"/>
-		
-		<tag name="br" action="truncate"/>
-
-		<!-- Custom Slashdot tags, though we're trimming the idea of having a possible mismatching end tag with the endtag="" attribute -->
-		
-		<tag name="quote" action="validate"/>
-		<tag name="ecode" action="validate"/> 
-		
-						
-		<!-- Anchor and anchor related tags -->
-		
-		<tag name="a" action="validate">
-
-			<attribute name="href" onInvalid="filterTag"/>
-			<attribute name="nohref">
-				<literal-list>
-					<literal value="nohref"/>
-					<literal value=""/>
-				</literal-list>
-			</attribute>
-			<attribute name="rel">
-				<literal-list>
-					<literal value="nofollow"/>
-				</literal-list>
-			</attribute>
-		</tag>
-
-		<!-- List tags -->
-
-		<tag name="ul" action="validate"/>
-		<tag name="ol" action="validate"/>
-		<tag name="li" action="validate"/>
-		
-	</tag-rules>
-
-
-
-	<!--  No CSS on Slashdot posts -->
-
-	<css-rules>
-	</css-rules>
-
-
-	<html-entities>
-		<entity name="amp" cdata="&amp;"/>
-		<entity name="nbsp" cdata="&amp;#160;"/>
-		
-		<entity name="iexcl" cdata="&amp;#161;"/> <!--inverted exclamation mark, U+00A1 ISOnum -->
-		<entity name="cent" cdata="&amp;#162;"/> <!--cent sign, U+00A2 ISOnum -->
-		<entity name="pound" cdata="&amp;#163;"/> <!--pound sign, U+00A3 ISOnum -->
-		<entity name="curren" cdata="&amp;#164;"/> <!--currency sign, U+00A4 ISOnum -->
-		<entity name="yen" cdata="&amp;#165;"/> <!--yen sign = yuan sign, U+00A5 ISOnum -->
-		<entity name="brvbar" cdata="&amp;#166;"/> <!--broken bar = broken vertical bar, U+00A6 ISOnum -->
-		<entity name="sect" cdata="&amp;#167;"/> <!--section sign, U+00A7 ISOnum -->
-		<entity name="uml" cdata="&amp;#168;"/> <!--diaeresis = spacing diaeresis, U+00A8 ISOdia -->
-		<entity name="copy" cdata="&amp;#169;"/> <!--copyright sign, U+00A9 ISOnum -->
-		<entity name="ordf" cdata="&amp;#170;"/> <!--feminine ordinal indicator, U+00AA ISOnum -->
-		<entity name="laquo" cdata="&amp;#171;"/> <!--left-pointing double angle quotation mark = left pointing guillemet, U+00AB ISOnum -->
-		<entity name="not" cdata="&amp;#172;"/> <!--not sign, U+00AC ISOnum -->
-		<entity name="shy" cdata="&amp;#173;"/> <!--soft hyphen = discretionary hyphen,U+00AD ISOnum -->
-		<entity name="reg" cdata="&amp;#174;"/> <!--registered sign = registered trade mark sign, U+00AE ISOnum -->
-		<entity name="macr" cdata="&amp;#175;"/> <!--macron = spacing macron = overline = APL overbar, U+00AF ISOdia -->
-		<entity name="deg" cdata="&amp;#176;"/> <!--degree sign, U+00B0 ISOnum -->
-		<entity name="plusmn" cdata="&amp;#177;"/> <!--plus-minus sign = plus-or-minus sign, U+00B1 ISOnum -->
-		<entity name="sup2" cdata="&amp;#178;"/> <!--superscript two = superscript digit two = squared, U+00B2 ISOnum -->
-		<entity name="sup3" cdata="&amp;#179;"/> <!--superscript three = superscript digit three= cubed, U+00B3 ISOnum -->
-		<entity name="acute" cdata="&amp;#180;"/> <!--acute accent = spacing acute, U+00B4 ISOdia -->
-		<entity name="micro" cdata="&amp;#181;"/> <!--micro sign, U+00B5 ISOnum -->
-		<entity name="para" cdata="&amp;#182;"/> <!--pilcrow sign = paragraph sign, U+00B6 ISOnum -->
-		<entity name="middot" cdata="&amp;#183;"/> <!--middle dot = Georgian comma = Greek middle dot, U+00B7 ISOnum -->
-		<entity name="cedil" cdata="&amp;#184;"/> <!--cedilla = spacing cedilla, U+00B8 ISOdia -->
-		<entity name="sup1" cdata="&amp;#185;"/> <!--superscript one = superscript digit one,U+00B9 ISOnum -->
-		<entity name="ordm" cdata="&amp;#186;"/> <!--masculine ordinal indicator, U+00BA ISOnum -->
-		<entity name="raquo" cdata="&amp;#187;"/> <!--right-pointing double angle quotation mark = right pointing guillemet, U+00BB ISOnum -->
-		<entity name="frac14" cdata="&amp;#188;"/> <!--vulgar fraction one quarter = fraction one quarter, U+00BC ISOnum -->
-		<entity name="frac12" cdata="&amp;#189;"/> <!--vulgar fraction one half = fraction one half, U+00BD ISOnum -->
-		<entity name="frac34" cdata="&amp;#190;"/> <!--vulgar fraction three quarters = fraction three quarters, U+00BE ISOnum -->
-		<entity name="iquest" cdata="&amp;#191;"/> <!--inverted question mark = turned question mark, U+00BF ISOnum -->
-		<entity name="Agrave" cdata="&amp;#192;"/> <!--latin capital letter A with grave = latin capital letter A grave,U+00C0 ISOlat1 -->
-		<entity name="Aacute" cdata="&amp;#193;"/> <!--latin capital letter A with acute,U+00C1 ISOlat1 -->
-		<entity name="Acirc" cdata="&amp;#194;"/> <!--latin capital letter A with circumflex,U+00C2 ISOlat1 -->
-		<entity name="Atilde" cdata="&amp;#195;"/> <!--latin capital letter A with tilde,U+00C3 ISOlat1 -->
-		<entity name="Auml" cdata="&amp;#196;"/> <!--latin capital letter A with diaeresis,U+00C4 ISOlat1 -->
-		<entity name="Aring" cdata="&amp;#197;"/> <!--latin capital letter A with ring above = latin capital letter A ring, U+00C5 ISOlat1 -->
-		<entity name="AElig" cdata="&amp;#198;"/> <!--latin capital letter AE = latin capital ligature AE, U+00C6 ISOlat1 -->
-		<entity name="Ccedil" cdata="&amp;#199;"/> <!--latin capital letter C with cedilla, U+00C7 ISOlat1 -->
-		<entity name="Egrave" cdata="&amp;#200;"/> <!--latin capital letter E with grave, U+00C8 ISOlat1 -->
-		<entity name="Eacute" cdata="&amp;#201;"/> <!--latin capital letter E with acute,U+00C9 ISOlat1 -->
-		<entity name="Ecirc" cdata="&amp;#202;"/> <!--latin capital letter E with circumflex,U+00CA ISOlat1 -->
-		<entity name="Euml" cdata="&amp;#203;"/> <!--latin capital letter E with diaeresis, U+00CB ISOlat1 -->
-		<entity name="Igrave" cdata="&amp;#204;"/> <!--latin capital letter I with grave, U+00CC ISOlat1 -->
-		<entity name="Iacute" cdata="&amp;#205;"/> <!--latin capital letter I with acute, U+00CD ISOlat1 -->
-		<entity name="Icirc" cdata="&amp;#206;"/> <!--latin capital letter I with circumflex, U+00CE ISOlat1 -->
-		<entity name="Iuml" cdata="&amp;#207;"/> <!--latin capital letter I with diaeresis, U+00CF ISOlat1 -->
-		<entity name="ETH" cdata="&amp;#208;"/> <!--latin capital letter ETH, U+00D0 ISOlat1 -->
-		<entity name="Ntilde" cdata="&amp;#209;"/> <!--latin capital letter N with tilde, U+00D1 ISOlat1 -->
-		<entity name="Ograve" cdata="&amp;#210;"/> <!--latin capital letter O with grave, U+00D2 ISOlat1 -->
-		<entity name="Oacute" cdata="&amp;#211;"/> <!--latin capital letter O with acute, U+00D3 ISOlat1 -->
-		<entity name="Ocirc" cdata="&amp;#212;"/> <!--latin capital letter O with circumflex, U+00D4 ISOlat1 -->
-		<entity name="Otilde" cdata="&amp;#213;"/> <!--latin capital letter O with tilde, U+00D5 ISOlat1 -->
-		<entity name="Ouml" cdata="&amp;#214;"/> <!--latin capital letter O with diaeresis, U+00D6 ISOlat1 -->
-		<entity name="times" cdata="&amp;#215;"/> <!--multiplication sign, U+00D7 ISOnum -->
-		<entity name="Oslash" cdata="&amp;#216;"/> <!--latin capital letter O with stroke = latin capital letter O slash, U+00D8 ISOlat1 -->
-		<entity name="Ugrave" cdata="&amp;#217;"/> <!--latin capital letter U with grave, U+00D9 ISOlat1 -->
-		<entity name="Uacute" cdata="&amp;#218;"/> <!--latin capital letter U with acute, U+00DA ISOlat1 -->
-		<entity name="Ucirc" cdata="&amp;#219;"/> <!--latin capital letter U with circumflex, U+00DB ISOlat1 -->
-		<entity name="Uuml" cdata="&amp;#220;"/> <!--latin capital letter U with diaeresis, U+00DC ISOlat1 -->
-		<entity name="Yacute" cdata="&amp;#221;"/> <!--latin capital letter Y with acute, U+00DD ISOlat1 -->
-		<entity name="THORN" cdata="&amp;#222;"/> <!--latin capital letter THORN, U+00DE ISOlat1 -->
-		<entity name="szlig" cdata="&amp;#223;"/> <!--latin small letter sharp s = ess-zed, U+00DF ISOlat1 -->
-		<entity name="agrave" cdata="&amp;#224;"/> <!--latin small letter a with grave = latin small letter a grave, U+00E0 ISOlat1 -->
-		<entity name="aacute" cdata="&amp;#225;"/> <!--latin small letter a with acute, U+00E1 ISOlat1 -->
-		<entity name="acirc" cdata="&amp;#226;"/> <!--latin small letter a with circumflex, U+00E2 ISOlat1 -->
-		<entity name="atilde" cdata="&amp;#227;"/> <!--latin small letter a with tilde, U+00E3 ISOlat1 -->
-		<entity name="auml" cdata="&amp;#228;"/> <!--latin small letter a with diaeresis, U+00E4 ISOlat1 -->
-		<entity name="aring" cdata="&amp;#229;"/> <!--latin small letter a with ring above = latin small letter a ring, U+00E5 ISOlat1 -->
-		<entity name="aelig" cdata="&amp;#230;"/> <!--latin small letter ae = latin small ligature ae, U+00E6 ISOlat1 -->
-		<entity name="ccedil" cdata="&amp;#231;"/> <!--latin small letter c with cedilla, U+00E7 ISOlat1 -->
-		<entity name="egrave" cdata="&amp;#232;"/> <!--latin small letter e with grave, U+00E8 ISOlat1 -->
-		<entity name="eacute" cdata="&amp;#233;"/> <!--latin small letter e with acute, U+00E9 ISOlat1 -->
-		<entity name="ecirc" cdata="&amp;#234;"/> <!--latin small letter e with circumflex, U+00EA ISOlat1 -->
-		<entity name="euml" cdata="&amp;#235;"/> <!--latin small letter e with diaeresis, U+00EB ISOlat1 -->
-		<entity name="igrave" cdata="&amp;#236;"/> <!--latin small letter i with grave, U+00EC ISOlat1 -->
-		<entity name="iacute" cdata="&amp;#237;"/> <!--latin small letter i with acute, U+00ED ISOlat1 -->
-		<entity name="icirc" cdata="&amp;#238;"/> <!--latin small letter i with circumflex, U+00EE ISOlat1 -->
-		<entity name="iuml" cdata="&amp;#239;"/> <!--latin small letter i with diaeresis, U+00EF ISOlat1 -->
-		<entity name="eth" cdata="&amp;#240;"/> <!--latin small letter eth, U+00F0 ISOlat1 -->
-		<entity name="ntilde" cdata="&amp;#241;"/> <!--latin small letter n with tilde, U+00F1 ISOlat1 -->
-		<entity name="ograve" cdata="&amp;#242;"/> <!--latin small letter o with grave, U+00F2 ISOlat1 -->
-		<entity name="oacute" cdata="&amp;#243;"/> <!--latin small letter o with acute, U+00F3 ISOlat1 -->
-		<entity name="ocirc " cdata="&amp;#244;"/> <!--latin small letter o with circumflex, U+00F4 ISOlat1 -->
-		<entity name="otilde" cdata="&amp;#245;"/> <!--latin small letter o with tilde, U+00F5 ISOlat1 -->
-		<entity name="ouml" cdata="&amp;#246;"/> <!--latin small letter o with diaeresis, U+00F6 ISOlat1 -->
-		<entity name="divide" cdata="&amp;#247;"/> <!--division sign, U+00F7 ISOnum -->
-		<entity name="oslash" cdata="&amp;#248;"/> <!--latin small letter o with stroke, = latin small letter o slash, U+00F8 ISOlat1 -->
-		<entity name="ugrave" cdata="&amp;#249;"/> <!--latin small letter u with grave, U+00F9 ISOlat1 -->
-		<entity name="uacute" cdata="&amp;#250;"/> <!--latin small letter u with acute, U+00FA ISOlat1 -->
-		<entity name="ucirc" cdata="&amp;#251;"/> <!--latin small letter u with circumflex, U+00FB ISOlat1 -->
-		<entity name="uuml" cdata="&amp;#252;"/> <!--latin small letter u with diaeresis, U+00FC ISOlat1 -->
-		<entity name="yacute" cdata="&amp;#253;"/> <!--latin small letter y with acute, U+00FD ISOlat1 -->
-		<entity name="thorn" cdata="&amp;#254;"/> <!--latin small letter thorn, U+00FE ISOlat1 -->
-		<entity name="yuml" cdata="&amp;#255;"/> <!--latin small letter y with diaeresis, U+00FF ISOlat1 -->
-		                                  
-		<entity name="fnof" cdata="&amp;#402;"/> <!--latin small f with hook = function = florin, U+0192 ISOtech -->
-		
-		<!-- Greek -->
-		<entity name="Alpha" cdata="&amp;#913;"/> <!--greek capital letter alpha, U+0391 -->
-		<entity name="Beta" cdata="&amp;#914;"/> <!--greek capital letter beta, U+0392 -->
-		<entity name="Gamma" cdata="&amp;#915;"/> <!--greek capital letter gamma, U+0393 ISOgrk3 -->
-		<entity name="Delta" cdata="&amp;#916;"/> <!--greek capital letter delta, U+0394 ISOgrk3 -->
-		<entity name="Epsilon" cdata="&amp;#917;"/> <!--greek capital letter epsilon, U+0395 -->
-		<entity name="Zeta" cdata="&amp;#918;"/> <!--greek capital letter zeta, U+0396 -->
-		<entity name="Eta" cdata="&amp;#919;"/> <!--greek capital letter eta, U+0397 -->
-		<entity name="Theta" cdata="&amp;#920;"/> <!--greek capital letter theta, U+0398 ISOgrk3 -->
-		<entity name="Iota" cdata="&amp;#921;"/> <!--greek capital letter iota, U+0399 -->
-		<entity name="Kappa" cdata="&amp;#922;"/> <!--greek capital letter kappa, U+039A -->
-		<entity name="Lambda" cdata="&amp;#923;"/> <!--greek capital letter lambda, U+039B ISOgrk3 -->
-		<entity name="Mu" cdata="&amp;#924;"/> <!--greek capital letter mu, U+039C -->
-		<entity name="Nu" cdata="&amp;#925;"/> <!--greek capital letter nu, U+039D -->
-		<entity name="Xi" cdata="&amp;#926;"/> <!--greek capital letter xi, U+039E ISOgrk3 -->
-		<entity name="Omicron" cdata="&amp;#927;"/> <!--greek capital letter omicron, U+039F -->
-		<entity name="Pi" cdata="&amp;#928;"/> <!--greek capital letter pi, U+03A0 ISOgrk3 -->
-		<entity name="Rho" cdata="&amp;#929;"/> <!--greek capital letter rho, U+03A1 -->
-		<!-- there is no Sigmaf, and no U+03A2 character either -->
-		<entity name="Sigma" cdata="&amp;#931;"/> <!--greek capital letter sigma, U+03A3 ISOgrk3 -->
-		<entity name="Tau" cdata="&amp;#932;"/> <!--greek capital letter tau, U+03A4 -->
-		<entity name="Upsilon" cdata="&amp;#933;"/> <!--greek capital letter upsilon,U+03A5 ISOgrk3 -->
-		<entity name="Phi" cdata="&amp;#934;"/> <!--greek capital letter phi,U+03A6 ISOgrk3 -->
-		<entity name="Chi" cdata="&amp;#935;"/> <!--greek capital letter chi, U+03A7 -->
-		<entity name="Psi" cdata="&amp;#936;"/> <!--greek capital letter psi,U+03A8 ISOgrk3 -->
-		<entity name="Omega" cdata="&amp;#937;"/> <!--greek capital letter omega,U+03A9 ISOgrk3 -->
-		
-		<entity name="alpha" cdata="&amp;#945;"/> <!--greek small letter alpha,U+03B1 ISOgrk3 -->
-		<entity name="beta" cdata="&amp;#946;"/> <!--greek small letter beta, U+03B2 ISOgrk3 -->
-		<entity name="gamma" cdata="&amp;#947;"/> <!--greek small letter gamma,U+03B3 ISOgrk3 -->
-		<entity name="delta" cdata="&amp;#948;"/> <!--greek small letter delta,U+03B4 ISOgrk3 -->
-		<entity name="epsilon" cdata="&amp;#949;"/> <!--greek small letter epsilon,U+03B5 ISOgrk3 -->
-		<entity name="zeta" cdata="&amp;#950;"/> <!--greek small letter zeta, U+03B6 ISOgrk3 -->
-		<entity name="eta" cdata="&amp;#951;"/> <!--greek small letter eta, U+03B7 ISOgrk3 -->
-		<entity name="theta" cdata="&amp;#952;"/> <!--greek small letter theta, U+03B8 ISOgrk3 -->
-		<entity name="iota" cdata="&amp;#953;"/> <!--greek small letter iota, U+03B9 ISOgrk3 -->
-		<entity name="kappa" cdata="&amp;#954;"/> <!--greek small letter kappa,U+03BA ISOgrk3 -->
-		<entity name="lambda" cdata="&amp;#955;"/> <!--greek small letter lambda, U+03BB ISOgrk3 -->
-		<entity name="mu" cdata="&amp;#956;"/> <!--greek small letter mu, U+03BC ISOgrk3 -->
-		<entity name="nu" cdata="&amp;#957;"/> <!--greek small letter nu, U+03BD ISOgrk3 -->
-		<entity name="xi" cdata="&amp;#958;"/> <!--greek small letter xi, U+03BE ISOgrk3 -->
-		<entity name="omicron" cdata="&amp;#959;"/> <!--greek small letter omicron, U+03BF NEW -->
-		<entity name="pi" cdata="&amp;#960;"/> <!--greek small letter pi, U+03C0 ISOgrk3 -->
-		<entity name="rho" cdata="&amp;#961;"/> <!--greek small letter rho, U+03C1 ISOgrk3 -->
-		<entity name="sigmaf" cdata="&amp;#962;"/> <!--greek small letter final sigma, U+03C2 ISOgrk3 -->
-		<entity name="sigma" cdata="&amp;#963;"/> <!--greek small letter sigma, U+03C3 ISOgrk3 -->
-		<entity name="tau" cdata="&amp;#964;"/> <!--greek small letter tau, U+03C4 ISOgrk3 -->
-		<entity name="upsilon" cdata="&amp;#965;"/> <!--greek small letter upsilon, U+03C5 ISOgrk3 -->
-		<entity name="phi" cdata="&amp;#966;"/> <!--greek small letter phi, U+03C6 ISOgrk3 -->
-		<entity name="chi" cdata="&amp;#967;"/> <!--greek small letter chi, U+03C7 ISOgrk3 -->
-		<entity name="psi" cdata="&amp;#968;"/> <!--greek small letter psi, U+03C8 ISOgrk3 -->
-		<entity name="omega" cdata="&amp;#969;"/> <!--greek small letter omega, U+03C9 ISOgrk3 -->
-		<entity name="thetasym" cdata="&amp;#977;"/> <!--greek small letter theta symbol, U+03D1 NEW -->
-		<entity name="upsih" cdata="&amp;#978;"/> <!--greek upsilon with hook symbol, U+03D2 NEW -->
-		<entity name="piv" cdata="&amp;#982;"/> <!--greek pi symbol, U+03D6 ISOgrk3 -->
-		
-		<!-- General Punctuation -->
-		<entity name="bull" cdata="&amp;#8226;"/> <!--bullet = black small circle, U+2022 ISOpub  -->
-		<!-- bullet is NOT the same as bullet operator, U+2219 -->
-		<entity name="hellip" cdata="&amp;#8230;"/> <!--horizontal ellipsis = three dot leader, U+2026 ISOpub  -->
-		<entity name="prime" cdata="&amp;#8242;"/> <!--prime = minutes = feet, U+2032 ISOtech -->
-		<entity name="Prime" cdata="&amp;#8243;"/> <!--double prime = seconds = inches, U+2033 ISOtech -->
-		<entity name="oline" cdata="&amp;#8254;"/> <!--overline = spacing overscore, U+203E NEW -->
-		<entity name="frasl" cdata="&amp;#8260;"/> <!--fraction slash, U+2044 NEW -->
-		
-		<!-- Letterlike Symbols -->
-		<entity name="weierp" cdata="&amp;#8472;"/> <!--script capital P = power set = Weierstrass p, U+2118 ISOamso -->
-		<entity name="image" cdata="&amp;#8465;"/> <!--blackletter capital I = imaginary part, U+2111 ISOamso -->
-		<entity name="real" cdata="&amp;#8476;"/> <!--blackletter capital R = real part symbol, U+211C ISOamso -->
-		<entity name="trade" cdata="&amp;#8482;"/> <!--trade mark sign, U+2122 ISOnum -->
-		<entity name="alefsym" cdata="&amp;#8501;"/> <!--alef symbol = first transfinite cardinal, U+2135 NEW -->
-		<!-- alef symbol is NOT the same as hebrew letter alef,
-		     U+05D0 although the same glyph could be used to depict both characters -->
-		
-		<!-- Arrows -->
-		<entity name="larr" cdata="&amp;#8592;"/> <!--leftwards arrow, U+2190 ISOnum -->
-		<entity name="uarr" cdata="&amp;#8593;"/> <!--upwards arrow, U+2191 ISOnum-->
-		<entity name="rarr" cdata="&amp;#8594;"/> <!--rightwards arrow, U+2192 ISOnum -->
-		<entity name="darr" cdata="&amp;#8595;"/> <!--downwards arrow, U+2193 ISOnum -->
-		<entity name="harr" cdata="&amp;#8596;"/> <!--left right arrow, U+2194 ISOamsa -->
-		<entity name="crarr" cdata="&amp;#8629;"/> <!--downwards arrow with corner leftwards
-		                                     = carriage return, U+21B5 NEW -->
-		<entity name="lArr" cdata="&amp;#8656;"/> <!--leftwards double arrow, U+21D0 ISOtech -->
-		
-		<!-- ISO 10646 does not say that lArr is the same as the 'is implied by' arrow
-		    but also does not have any other character for that function. So ? lArr can
-		    be used for 'is implied by' as ISOtech suggests -->
-		    
-		<entity name="uArr" cdata="&amp;#8657;"/> <!--upwards double arrow, U+21D1 ISOamsa -->
-		<entity name="rArr" cdata="&amp;#8658;"/> <!--rightwards double arrow, U+21D2 ISOtech -->
-		
-		<!-- ISO 10646 does not say this is the 'implies' character but does not have 
-		     another character with this function so ?
-		     rArr can be used for 'implies' as ISOtech suggests -->
-		     
-		<entity name="dArr" cdata="&amp;#8659;"/> <!--downwards double arrow, U+21D3 ISOamsa -->
-		<entity name="hArr" cdata="&amp;#8660;"/> <!--left right double arrow, U+21D4 ISOamsa -->
-		
-		<!-- Mathematical Operators -->
-		<entity name="forall" cdata="&amp;#8704;"/> <!--for all, U+2200 ISOtech -->
-		<entity name="part" cdata="&amp;#8706;"/> <!--partial differential, U+2202 ISOtech  -->
-		<entity name="exist" cdata="&amp;#8707;"/> <!--there exists, U+2203 ISOtech -->
-		<entity name="empty" cdata="&amp;#8709;"/> <!--empty set = null set = diameter,U+2205 ISOamso -->
-		<entity name="nabla" cdata="&amp;#8711;"/> <!--nabla = backward difference, U+2207 ISOtech -->
-		<entity name="isin" cdata="&amp;#8712;"/> <!--element of, U+2208 ISOtech -->
-		<entity name="notin" cdata="&amp;#8713;"/> <!--not an element of, U+2209 ISOtech -->
-		<entity name="ni" cdata="&amp;#8715;"/> <!--contains as member, U+220B ISOtech -->
-	
-		<!-- should there be a more memorable name than 'ni'? -->
-		<entity name="prod" cdata="&amp;#8719;"/> <!--n-ary product = product sign, U+220F ISOamsb -->
-		
-		<!-- prod is NOT the same character as U+03A0 'greek capital letter pi' though
-		     the same glyph might be used for both -->
-		     
-		<entity name="sum" cdata="&amp;#8721;"/> <!--n-ary sumation, U+2211 ISOamsb -->
-		
-		<!-- sum is NOT the same character as U+03A3 'greek capital letter sigma'
-		     though the same glyph might be used for both -->
-		
-		<entity name="minus" cdata="&amp;#8722;"/> <!--minus sign, U+2212 ISOtech -->
-		<entity name="lowast" cdata="&amp;#8727;"/> <!--asterisk operator, U+2217 ISOtech -->
-		<entity name="radic" cdata="&amp;#8730;"/> <!--square root = radical sign, U+221A ISOtech -->
-		<entity name="prop" cdata="&amp;#8733;"/> <!--proportional to, U+221D ISOtech -->
-		<entity name="infin" cdata="&amp;#8734;"/> <!--infinity, U+221E ISOtech -->
-		<entity name="ang" cdata="&amp;#8736;"/> <!--angle, U+2220 ISOamso -->
-		<entity name="and" cdata="&amp;#8743;"/> <!--logical and = wedge, U+2227 ISOtech -->
-		<entity name="or" cdata="&amp;#8744;"/> <!--logical or = vee, U+2228 ISOtech -->
-		<entity name="cap" cdata="&amp;#8745;"/> <!--intersection = cap, U+2229 ISOtech -->
-		<entity name="cup" cdata="&amp;#8746;"/> <!--union = cup, U+222A ISOtech -->
-		<entity name="int" cdata="&amp;#8747;"/> <!--integral, U+222B ISOtech -->
-		<entity name="there4" cdata="&amp;#8756;"/> <!--therefore, U+2234 ISOtech -->
-		<entity name="sim" cdata="&amp;#8764;"/> <!--tilde operator = varies with = similar to, U+223C ISOtech -->
-		
-		<!-- tilde operator is NOT the same character as the tilde, U+007E,
-		     although the same glyph might be used to represent both  -->
-		     
-		<entity name="cong" cdata="&amp;#8773;"/> <!--approximately equal to, U+2245 ISOtech -->
-		<entity name="asymp" cdata="&amp;#8776;"/> <!--almost equal to = asymptotic to, U+2248 ISOamsr -->
-		<entity name="ne" cdata="&amp;#8800;"/> <!--not equal to, U+2260 ISOtech -->
-		<entity name="equiv" cdata="&amp;#8801;"/> <!--identical to, U+2261 ISOtech -->
-		<entity name="le" cdata="&amp;#8804;"/> <!--less-than or equal to, U+2264 ISOtech -->
-		<entity name="ge" cdata="&amp;#8805;"/> <!--greater-than or equal to, U+2265 ISOtech -->
-		<entity name="sub" cdata="&amp;#8834;"/> <!--subset of, U+2282 ISOtech -->
-		<entity name="sup" cdata="&amp;#8835;"/> <!--superset of, U+2283 ISOtech -->
-		
-		<!-- note that nsup, 'not a superset of, U+2283' is not covered by the Symbol 
-		     font encoding and is not included. Should it be, for symmetry?
-		     It is in ISOamsn  --> 
-		
-		<entity name="nsub" cdata="&amp;#8836;"/> <!--not a subset of, U+2284 ISOamsn -->
-		<entity name="sube" cdata="&amp;#8838;"/> <!--subset of or equal to, U+2286 ISOtech -->
-		<entity name="supe" cdata="&amp;#8839;"/> <!--superset of or equal to, U+2287 ISOtech -->
-		<entity name="oplus" cdata="&amp;#8853;"/> <!--circled plus = direct sum, U+2295 ISOamsb -->
-		<entity name="otimes" cdata="&amp;#8855;"/> <!--circled times = vector product, U+2297 ISOamsb -->
-		<entity name="perp" cdata="&amp;#8869;"/> <!--up tack = orthogonal to = perpendicular, U+22A5 ISOtech -->
-		<entity name="sdot" cdata="&amp;#8901;"/> <!--dot operator, U+22C5 ISOamsb -->
-		<!-- dot operator is NOT the same character as U+00B7 middle dot -->
-		
-		<!-- Miscellaneous Technical -->
-		<entity name="lceil" cdata="&amp;#8968;"/> <!--left ceiling = apl upstile, U+2308 ISOamsc  -->
-		<entity name="rceil" cdata="&amp;#8969;"/> <!--right ceiling, U+2309 ISOamsc  -->
-		<entity name="lfloor" cdata="&amp;#8970;"/> <!--left floor = apl downstile, U+230A ISOamsc  -->
-		<entity name="rfloor" cdata="&amp;#8971;"/> <!--right floor, U+230B ISOamsc  -->
-		<entity name="lang" cdata="&amp;#9001;"/> <!--left-pointing angle bracket = bra, U+2329 ISOtech -->
-		<!-- lang is NOT the same character as U+003C 'less than' 
-		     or U+2039 'single left-pointing angle quotation mark' -->
-		<entity name="rang" cdata="&amp;#9002;"/> <!--right-pointing angle bracket = ket, U+232A ISOtech -->
-		<!-- rang is NOT the same character as U+003E 'greater than' or U+203A 'single right-pointing angle quotation mark' -->
-		
-		<!-- Geometric Shapes -->
-		<entity name="loz" cdata="&amp;#9674;"/> <!--lozenge, U+25CA ISOpub -->
-		
-		<!-- Miscellaneous Symbols -->
-		<entity name="spades" cdata="&amp;#9824;"/> <!--black spade suit, U+2660 ISOpub -->
-		<!-- black here seems to mean filled as opposed to hollow -->
-		<entity name="clubs" cdata="&amp;#9827;"/> <!--black club suit = shamrock, U+2663 ISOpub -->
-		<entity name="hearts" cdata="&amp;#9829;"/> <!--black heart suit = valentine, U+2665 ISOpub -->
-		<entity name="diams" cdata="&amp;#9830;"/> <!--black diamond suit, U+2666 ISOpub -->
-		
-		<entity name="quot" cdata="&amp;#34;"  /> <!--quotation mark = APL quote, U+0022 ISOnum -->
-		<!-- Latin Extended-A -->
-		<entity name="OElig" cdata="&amp;#338;" /> <!--latin capital ligature OE, U+0152 ISOlat2 -->
-		<entity name="oelig" cdata="&amp;#339;" /> <!--latin small ligature oe, U+0153 ISOlat2 -->
-		<!-- ligature is a misnomer, this is a separate character in some languages -->
-		<entity name="Scaron" cdata="&amp;#352;" /> <!--latin capital letter S with caron, U+0160 ISOlat2 -->
-		<entity name="scaron" cdata="&amp;#353;" /> <!--latin small letter s with caron, U+0161 ISOlat2 -->
-		<entity name="Yuml" cdata="&amp;#376;" /> <!--latin capital letter Y with diaeresis, U+0178 ISOlat2 -->
-		
-		<!-- Spacing Modifier Letters -->
-		<entity name="circ" cdata="&amp;#710;" /> <!--modifier letter circumflex accent, U+02C6 ISOpub -->
-		<entity name="tilde" cdata="&amp;#732;" /> <!--small tilde, U+02DC ISOdia -->
-		
-		<!-- General Punctuation -->
-		<entity name="ensp" cdata="&amp;#8194;"/> <!--en space, U+2002 ISOpub -->
-		<entity name="emsp" cdata="&amp;#8195;"/> <!--em space, U+2003 ISOpub -->
-		<entity name="thinsp" cdata="&amp;#8201;"/> <!--thin space, U+2009 ISOpub -->
-		<entity name="zwnj" cdata="&amp;#8204;"/> <!--zero width non-joiner, U+200C NEW RFC 2070 -->
-		<entity name="zwj" cdata="&amp;#8205;"/> <!--zero width joiner, U+200D NEW RFC 2070 -->
-		<entity name="lrm" cdata="&amp;#8206;"/> <!--left-to-right mark, U+200E NEW RFC 2070 -->
-		<entity name="rlm" cdata="&amp;#8207;"/> <!--right-to-left mark, U+200F NEW RFC 2070 -->
-		<entity name="ndash" cdata="&amp;#8211;"/> <!--en dash, U+2013 ISOpub -->
-		<entity name="mdash" cdata="&amp;#8212;"/> <!--em dash, U+2014 ISOpub -->
-		<entity name="lsquo" cdata="&amp;#8216;"/> <!--left single quotation mark, U+2018 ISOnum -->
-		<entity name="rsquo" cdata="&amp;#8217;"/> <!--right single quotation mark, U+2019 ISOnum -->
-		<entity name="sbquo" cdata="&amp;#8218;"/> <!--single low-9 quotation mark, U+201A NEW -->
-		<entity name="ldquo" cdata="&amp;#8220;"/> <!--left double quotation mark, U+201C ISOnum -->
-		<entity name="rdquo" cdata="&amp;#8221;"/> <!--right double quotation mark, U+201D ISOnum -->
-		<entity name="bdquo" cdata="&amp;#8222;"/> <!--double low-9 quotation mark, U+201E NEW -->
-		<entity name="dagger" cdata="&amp;#8224;"/> <!--dagger, U+2020 ISOpub -->
-		<entity name="Dagger" cdata="&amp;#8225;"/> <!--double dagger, U+2021 ISOpub -->
-		<entity name="permil" cdata="&amp;#8240;"/> <!--per mille sign, U+2030 ISOtech -->
-		<entity name="lsaquo" cdata="&amp;#8249;"/> <!--single left-pointing angle quotation mark, U+2039 ISO proposed -->
-		<!-- lsaquo is proposed but not yet ISO standardized -->
-		<entity name="rsaquo" cdata="&amp;#8250;"/> <!--single right-pointing angle quotation mark, U+203A ISO proposed -->
-		<!-- rsaquo is proposed but not yet ISO standardized -->
-		<entity name="euro" cdata="&amp;#8364;" /> <!--euro sign, U+20AC NEW -->
-	</html-entities>
-
-</anti-samy-rules>
+<?xml version="1.0" encoding="ISO-8859-1"?>
+	
+<!-- 
+W3C rules retrieved from:
+http://www.w3.org/TR/html401/struct/global.html
+-->
+	
+<!--
+Slashdot allowed tags taken from "Reply" page:
+<b> <i> <p> <br> <a> <ol> <ul> <li> <dl> <dt> <dd> <em> <strong> <tt> <blockquote> <div> <ecode> <quote>
+-->
+
+<anti-samy-rules xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+		xsi:noNamespaceSchemaLocation="antisamy.xsd">
+	
+	<directives>
+		<directive name="omitXmlDeclaration" value="true"/>
+		<directive name="omitDoctypeDeclaration" value="true"/>
+		<directive name="maxInputSize" value="500000"/>
+		<directive name="embedStyleSheets" value="false"/>
+	</directives>
+	
+	
+	<common-regexps>
+		
+		<!-- 
+		From W3C:
+		This attribute assigns a class name or set of class names to an
+		element. Any number of elements may be assigned the same class
+		name or names. Multiple class names must be separated by white 
+		space characters.
+		-->
+		
+		<regexp name="htmlTitle" value="[a-zA-Z0-9\s-_',:\[\]!\./\\\(\)]*"/> <!-- force non-empty with a '+' at the end instead of '*' -->
+		<regexp name="onsiteURL" value="([\w\\/\.\?=&amp;;\#-~]+|\#(\w)+)"/>
+		<regexp name="offsiteURL" value="(\s)*((ht|f)tp(s?)://|mailto:)[A-Za-z0-9]+[~a-zA-Z0-9-_\.@#$%&amp;;:,\?=/\+!]*(\s)*"/>
+	
+	</common-regexps>
+	
+	<!-- 
+	
+	Tag.name = a, b, div, body, etc.
+	Tag.action = filter: remove tags, but keep content, validate: keep content as long as it passes rules, remove: remove tag and contents
+	Attribute.name = id, class, href, align, width, etc.
+	Attribute.onInvalid = what to do when the attribute is invalid, e.g., remove the tag (removeTag), remove the attribute (removeAttribute), filter the tag (filterTag)
+	Attribute.description = What rules in English you want to tell the users they can have for this attribute. Include helpful things so they'll be able to tune their HTML
+	 
+	 -->
+
+	<!-- 
+	Some attributes are common to all (or most) HTML tags. There aren't many that qualify for this. You have to make sure there's no
+	collisions between any of these attribute names with attribute names of other tags that are for different purposes.
+	-->
+
+	<common-attributes>
+		
+
+		<attribute name="lang" description="The 'lang' attribute tells the browser what language the element's attribute values and content are written in">
+		 	<regexp-list>
+		 		<regexp value="[a-zA-Z]{2,20}"/>
+		 	</regexp-list>
+		 </attribute>
+		 
+		 <attribute name="title" description="The 'title' attribute provides text that shows up in a 'tooltip' when a user hovers their mouse over the element">
+		 	<regexp-list>
+		 		<regexp name="htmlTitle"/>
+		 	</regexp-list>
+		 </attribute>
+
+		<attribute name="href" onInvalid="filterTag">
+			<regexp-list>
+				<regexp name="onsiteURL"/>
+				<regexp name="offsiteURL"/>
+			</regexp-list>
+		</attribute>
+	
+		<attribute name="align" description="The 'align' attribute of an HTML element is a direction word, like 'left', 'right' or 'center'">
+			<literal-list>
+				<literal value="center"/>
+				<literal value="left"/>
+				<literal value="right"/>
+				<literal value="justify"/>
+				<literal value="char"/>
+			</literal-list>
+		</attribute>
+
+	</common-attributes>
+
+
+	<!--
+	This requires normal updates as browsers continue to diverge from the W3C and each other. As long as the browser wars continue
+	this is going to continue. I'm not sure war is the right word for what's going on. Doesn't somebody have to win a war after 
+	a while?
+	 -->
+	
+	<global-tag-attributes>
+		<attribute name="title"/>
+		<attribute name="lang"/>
+	</global-tag-attributes>
+
+
+	<tag-rules>
+
+		<!-- Tags related to JavaScript -->
+
+		<tag name="script" action="remove"/>
+		<tag name="noscript" action="remove"/>
+		
+		<!-- Frame & related tags -->
+		
+		<tag name="iframe" action="remove"/>
+		<tag name="frameset" action="remove"/>
+		<tag name="frame" action="remove"/>
+		<tag name="noframes" action="remove"/>
+		
+
+		<!-- All reasonable formatting tags -->
+		
+		<tag name="p" action="validate">
+			<attribute name="align"/>
+		</tag>
+
+		<tag name="div" action="validate"/>		
+		<tag name="i" action="validate"/>
+		<tag name="b" action="validate"/>
+		<tag name="em" action="validate"/>
+		<tag name="blockquote" action="validate"/>
+		<tag name="tt" action="validate"/>
+		
+		<tag name="br" action="truncate"/>
+
+		<!-- Custom Slashdot tags, though we're trimming the idea of having a possible mismatching end tag with the endtag="" attribute -->
+		
+		<tag name="quote" action="validate"/>
+		<tag name="ecode" action="validate"/> 
+		
+						
+		<!-- Anchor and anchor related tags -->
+		
+		<tag name="a" action="validate">
+
+			<attribute name="href" onInvalid="filterTag"/>
+			<attribute name="nohref">
+				<literal-list>
+					<literal value="nohref"/>
+					<literal value=""/>
+				</literal-list>
+			</attribute>
+			<attribute name="rel">
+				<literal-list>
+					<literal value="nofollow"/>
+				</literal-list>
+			</attribute>
+		</tag>
+
+		<!-- List tags -->
+
+		<tag name="ul" action="validate"/>
+		<tag name="ol" action="validate"/>
+		<tag name="li" action="validate"/>
+		
+	</tag-rules>
+
+
+
+	<!--  No CSS on Slashdot posts -->
+
+	<css-rules>
+	</css-rules>
+
+
+	<html-entities>
+		<entity name="amp" cdata="&amp;"/>
+		<entity name="nbsp" cdata="&amp;#160;"/>
+		
+		<entity name="iexcl" cdata="&amp;#161;"/> <!--inverted exclamation mark, U+00A1 ISOnum -->
+		<entity name="cent" cdata="&amp;#162;"/> <!--cent sign, U+00A2 ISOnum -->
+		<entity name="pound" cdata="&amp;#163;"/> <!--pound sign, U+00A3 ISOnum -->
+		<entity name="curren" cdata="&amp;#164;"/> <!--currency sign, U+00A4 ISOnum -->
+		<entity name="yen" cdata="&amp;#165;"/> <!--yen sign = yuan sign, U+00A5 ISOnum -->
+		<entity name="brvbar" cdata="&amp;#166;"/> <!--broken bar = broken vertical bar, U+00A6 ISOnum -->
+		<entity name="sect" cdata="&amp;#167;"/> <!--section sign, U+00A7 ISOnum -->
+		<entity name="uml" cdata="&amp;#168;"/> <!--diaeresis = spacing diaeresis, U+00A8 ISOdia -->
+		<entity name="copy" cdata="&amp;#169;"/> <!--copyright sign, U+00A9 ISOnum -->
+		<entity name="ordf" cdata="&amp;#170;"/> <!--feminine ordinal indicator, U+00AA ISOnum -->
+		<entity name="laquo" cdata="&amp;#171;"/> <!--left-pointing double angle quotation mark = left pointing guillemet, U+00AB ISOnum -->
+		<entity name="not" cdata="&amp;#172;"/> <!--not sign, U+00AC ISOnum -->
+		<entity name="shy" cdata="&amp;#173;"/> <!--soft hyphen = discretionary hyphen,U+00AD ISOnum -->
+		<entity name="reg" cdata="&amp;#174;"/> <!--registered sign = registered trade mark sign, U+00AE ISOnum -->
+		<entity name="macr" cdata="&amp;#175;"/> <!--macron = spacing macron = overline = APL overbar, U+00AF ISOdia -->
+		<entity name="deg" cdata="&amp;#176;"/> <!--degree sign, U+00B0 ISOnum -->
+		<entity name="plusmn" cdata="&amp;#177;"/> <!--plus-minus sign = plus-or-minus sign, U+00B1 ISOnum -->
+		<entity name="sup2" cdata="&amp;#178;"/> <!--superscript two = superscript digit two = squared, U+00B2 ISOnum -->
+		<entity name="sup3" cdata="&amp;#179;"/> <!--superscript three = superscript digit three= cubed, U+00B3 ISOnum -->
+		<entity name="acute" cdata="&amp;#180;"/> <!--acute accent = spacing acute, U+00B4 ISOdia -->
+		<entity name="micro" cdata="&amp;#181;"/> <!--micro sign, U+00B5 ISOnum -->
+		<entity name="para" cdata="&amp;#182;"/> <!--pilcrow sign = paragraph sign, U+00B6 ISOnum -->
+		<entity name="middot" cdata="&amp;#183;"/> <!--middle dot = Georgian comma = Greek middle dot, U+00B7 ISOnum -->
+		<entity name="cedil" cdata="&amp;#184;"/> <!--cedilla = spacing cedilla, U+00B8 ISOdia -->
+		<entity name="sup1" cdata="&amp;#185;"/> <!--superscript one = superscript digit one,U+00B9 ISOnum -->
+		<entity name="ordm" cdata="&amp;#186;"/> <!--masculine ordinal indicator, U+00BA ISOnum -->
+		<entity name="raquo" cdata="&amp;#187;"/> <!--right-pointing double angle quotation mark = right pointing guillemet, U+00BB ISOnum -->
+		<entity name="frac14" cdata="&amp;#188;"/> <!--vulgar fraction one quarter = fraction one quarter, U+00BC ISOnum -->
+		<entity name="frac12" cdata="&amp;#189;"/> <!--vulgar fraction one half = fraction one half, U+00BD ISOnum -->
+		<entity name="frac34" cdata="&amp;#190;"/> <!--vulgar fraction three quarters = fraction three quarters, U+00BE ISOnum -->
+		<entity name="iquest" cdata="&amp;#191;"/> <!--inverted question mark = turned question mark, U+00BF ISOnum -->
+		<entity name="Agrave" cdata="&amp;#192;"/> <!--latin capital letter A with grave = latin capital letter A grave,U+00C0 ISOlat1 -->
+		<entity name="Aacute" cdata="&amp;#193;"/> <!--latin capital letter A with acute,U+00C1 ISOlat1 -->
+		<entity name="Acirc" cdata="&amp;#194;"/> <!--latin capital letter A with circumflex,U+00C2 ISOlat1 -->
+		<entity name="Atilde" cdata="&amp;#195;"/> <!--latin capital letter A with tilde,U+00C3 ISOlat1 -->
+		<entity name="Auml" cdata="&amp;#196;"/> <!--latin capital letter A with diaeresis,U+00C4 ISOlat1 -->
+		<entity name="Aring" cdata="&amp;#197;"/> <!--latin capital letter A with ring above = latin capital letter A ring, U+00C5 ISOlat1 -->
+		<entity name="AElig" cdata="&amp;#198;"/> <!--latin capital letter AE = latin capital ligature AE, U+00C6 ISOlat1 -->
+		<entity name="Ccedil" cdata="&amp;#199;"/> <!--latin capital letter C with cedilla, U+00C7 ISOlat1 -->
+		<entity name="Egrave" cdata="&amp;#200;"/> <!--latin capital letter E with grave, U+00C8 ISOlat1 -->
+		<entity name="Eacute" cdata="&amp;#201;"/> <!--latin capital letter E with acute,U+00C9 ISOlat1 -->
+		<entity name="Ecirc" cdata="&amp;#202;"/> <!--latin capital letter E with circumflex,U+00CA ISOlat1 -->
+		<entity name="Euml" cdata="&amp;#203;"/> <!--latin capital letter E with diaeresis, U+00CB ISOlat1 -->
+		<entity name="Igrave" cdata="&amp;#204;"/> <!--latin capital letter I with grave, U+00CC ISOlat1 -->
+		<entity name="Iacute" cdata="&amp;#205;"/> <!--latin capital letter I with acute, U+00CD ISOlat1 -->
+		<entity name="Icirc" cdata="&amp;#206;"/> <!--latin capital letter I with circumflex, U+00CE ISOlat1 -->
+		<entity name="Iuml" cdata="&amp;#207;"/> <!--latin capital letter I with diaeresis, U+00CF ISOlat1 -->
+		<entity name="ETH" cdata="&amp;#208;"/> <!--latin capital letter ETH, U+00D0 ISOlat1 -->
+		<entity name="Ntilde" cdata="&amp;#209;"/> <!--latin capital letter N with tilde, U+00D1 ISOlat1 -->
+		<entity name="Ograve" cdata="&amp;#210;"/> <!--latin capital letter O with grave, U+00D2 ISOlat1 -->
+		<entity name="Oacute" cdata="&amp;#211;"/> <!--latin capital letter O with acute, U+00D3 ISOlat1 -->
+		<entity name="Ocirc" cdata="&amp;#212;"/> <!--latin capital letter O with circumflex, U+00D4 ISOlat1 -->
+		<entity name="Otilde" cdata="&amp;#213;"/> <!--latin capital letter O with tilde, U+00D5 ISOlat1 -->
+		<entity name="Ouml" cdata="&amp;#214;"/> <!--latin capital letter O with diaeresis, U+00D6 ISOlat1 -->
+		<entity name="times" cdata="&amp;#215;"/> <!--multiplication sign, U+00D7 ISOnum -->
+		<entity name="Oslash" cdata="&amp;#216;"/> <!--latin capital letter O with stroke = latin capital letter O slash, U+00D8 ISOlat1 -->
+		<entity name="Ugrave" cdata="&amp;#217;"/> <!--latin capital letter U with grave, U+00D9 ISOlat1 -->
+		<entity name="Uacute" cdata="&amp;#218;"/> <!--latin capital letter U with acute, U+00DA ISOlat1 -->
+		<entity name="Ucirc" cdata="&amp;#219;"/> <!--latin capital letter U with circumflex, U+00DB ISOlat1 -->
+		<entity name="Uuml" cdata="&amp;#220;"/> <!--latin capital letter U with diaeresis, U+00DC ISOlat1 -->
+		<entity name="Yacute" cdata="&amp;#221;"/> <!--latin capital letter Y with acute, U+00DD ISOlat1 -->
+		<entity name="THORN" cdata="&amp;#222;"/> <!--latin capital letter THORN, U+00DE ISOlat1 -->
+		<entity name="szlig" cdata="&amp;#223;"/> <!--latin small letter sharp s = ess-zed, U+00DF ISOlat1 -->
+		<entity name="agrave" cdata="&amp;#224;"/> <!--latin small letter a with grave = latin small letter a grave, U+00E0 ISOlat1 -->
+		<entity name="aacute" cdata="&amp;#225;"/> <!--latin small letter a with acute, U+00E1 ISOlat1 -->
+		<entity name="acirc" cdata="&amp;#226;"/> <!--latin small letter a with circumflex, U+00E2 ISOlat1 -->
+		<entity name="atilde" cdata="&amp;#227;"/> <!--latin small letter a with tilde, U+00E3 ISOlat1 -->
+		<entity name="auml" cdata="&amp;#228;"/> <!--latin small letter a with diaeresis, U+00E4 ISOlat1 -->
+		<entity name="aring" cdata="&amp;#229;"/> <!--latin small letter a with ring above = latin small letter a ring, U+00E5 ISOlat1 -->
+		<entity name="aelig" cdata="&amp;#230;"/> <!--latin small letter ae = latin small ligature ae, U+00E6 ISOlat1 -->
+		<entity name="ccedil" cdata="&amp;#231;"/> <!--latin small letter c with cedilla, U+00E7 ISOlat1 -->
+		<entity name="egrave" cdata="&amp;#232;"/> <!--latin small letter e with grave, U+00E8 ISOlat1 -->
+		<entity name="eacute" cdata="&amp;#233;"/> <!--latin small letter e with acute, U+00E9 ISOlat1 -->
+		<entity name="ecirc" cdata="&amp;#234;"/> <!--latin small letter e with circumflex, U+00EA ISOlat1 -->
+		<entity name="euml" cdata="&amp;#235;"/> <!--latin small letter e with diaeresis, U+00EB ISOlat1 -->
+		<entity name="igrave" cdata="&amp;#236;"/> <!--latin small letter i with grave, U+00EC ISOlat1 -->
+		<entity name="iacute" cdata="&amp;#237;"/> <!--latin small letter i with acute, U+00ED ISOlat1 -->
+		<entity name="icirc" cdata="&amp;#238;"/> <!--latin small letter i with circumflex, U+00EE ISOlat1 -->
+		<entity name="iuml" cdata="&amp;#239;"/> <!--latin small letter i with diaeresis, U+00EF ISOlat1 -->
+		<entity name="eth" cdata="&amp;#240;"/> <!--latin small letter eth, U+00F0 ISOlat1 -->
+		<entity name="ntilde" cdata="&amp;#241;"/> <!--latin small letter n with tilde, U+00F1 ISOlat1 -->
+		<entity name="ograve" cdata="&amp;#242;"/> <!--latin small letter o with grave, U+00F2 ISOlat1 -->
+		<entity name="oacute" cdata="&amp;#243;"/> <!--latin small letter o with acute, U+00F3 ISOlat1 -->
+		<entity name="ocirc " cdata="&amp;#244;"/> <!--latin small letter o with circumflex, U+00F4 ISOlat1 -->
+		<entity name="otilde" cdata="&amp;#245;"/> <!--latin small letter o with tilde, U+00F5 ISOlat1 -->
+		<entity name="ouml" cdata="&amp;#246;"/> <!--latin small letter o with diaeresis, U+00F6 ISOlat1 -->
+		<entity name="divide" cdata="&amp;#247;"/> <!--division sign, U+00F7 ISOnum -->
+		<entity name="oslash" cdata="&amp;#248;"/> <!--latin small letter o with stroke, = latin small letter o slash, U+00F8 ISOlat1 -->
+		<entity name="ugrave" cdata="&amp;#249;"/> <!--latin small letter u with grave, U+00F9 ISOlat1 -->
+		<entity name="uacute" cdata="&amp;#250;"/> <!--latin small letter u with acute, U+00FA ISOlat1 -->
+		<entity name="ucirc" cdata="&amp;#251;"/> <!--latin small letter u with circumflex, U+00FB ISOlat1 -->
+		<entity name="uuml" cdata="&amp;#252;"/> <!--latin small letter u with diaeresis, U+00FC ISOlat1 -->
+		<entity name="yacute" cdata="&amp;#253;"/> <!--latin small letter y with acute, U+00FD ISOlat1 -->
+		<entity name="thorn" cdata="&amp;#254;"/> <!--latin small letter thorn, U+00FE ISOlat1 -->
+		<entity name="yuml" cdata="&amp;#255;"/> <!--latin small letter y with diaeresis, U+00FF ISOlat1 -->
+		                                  
+		<entity name="fnof" cdata="&amp;#402;"/> <!--latin small f with hook = function = florin, U+0192 ISOtech -->
+		
+		<!-- Greek -->
+		<entity name="Alpha" cdata="&amp;#913;"/> <!--greek capital letter alpha, U+0391 -->
+		<entity name="Beta" cdata="&amp;#914;"/> <!--greek capital letter beta, U+0392 -->
+		<entity name="Gamma" cdata="&amp;#915;"/> <!--greek capital letter gamma, U+0393 ISOgrk3 -->
+		<entity name="Delta" cdata="&amp;#916;"/> <!--greek capital letter delta, U+0394 ISOgrk3 -->
+		<entity name="Epsilon" cdata="&amp;#917;"/> <!--greek capital letter epsilon, U+0395 -->
+		<entity name="Zeta" cdata="&amp;#918;"/> <!--greek capital letter zeta, U+0396 -->
+		<entity name="Eta" cdata="&amp;#919;"/> <!--greek capital letter eta, U+0397 -->
+		<entity name="Theta" cdata="&amp;#920;"/> <!--greek capital letter theta, U+0398 ISOgrk3 -->
+		<entity name="Iota" cdata="&amp;#921;"/> <!--greek capital letter iota, U+0399 -->
+		<entity name="Kappa" cdata="&amp;#922;"/> <!--greek capital letter kappa, U+039A -->
+		<entity name="Lambda" cdata="&amp;#923;"/> <!--greek capital letter lambda, U+039B ISOgrk3 -->
+		<entity name="Mu" cdata="&amp;#924;"/> <!--greek capital letter mu, U+039C -->
+		<entity name="Nu" cdata="&amp;#925;"/> <!--greek capital letter nu, U+039D -->
+		<entity name="Xi" cdata="&amp;#926;"/> <!--greek capital letter xi, U+039E ISOgrk3 -->
+		<entity name="Omicron" cdata="&amp;#927;"/> <!--greek capital letter omicron, U+039F -->
+		<entity name="Pi" cdata="&amp;#928;"/> <!--greek capital letter pi, U+03A0 ISOgrk3 -->
+		<entity name="Rho" cdata="&amp;#929;"/> <!--greek capital letter rho, U+03A1 -->
+		<!-- there is no Sigmaf, and no U+03A2 character either -->
+		<entity name="Sigma" cdata="&amp;#931;"/> <!--greek capital letter sigma, U+03A3 ISOgrk3 -->
+		<entity name="Tau" cdata="&amp;#932;"/> <!--greek capital letter tau, U+03A4 -->
+		<entity name="Upsilon" cdata="&amp;#933;"/> <!--greek capital letter upsilon,U+03A5 ISOgrk3 -->
+		<entity name="Phi" cdata="&amp;#934;"/> <!--greek capital letter phi,U+03A6 ISOgrk3 -->
+		<entity name="Chi" cdata="&amp;#935;"/> <!--greek capital letter chi, U+03A7 -->
+		<entity name="Psi" cdata="&amp;#936;"/> <!--greek capital letter psi,U+03A8 ISOgrk3 -->
+		<entity name="Omega" cdata="&amp;#937;"/> <!--greek capital letter omega,U+03A9 ISOgrk3 -->
+		
+		<entity name="alpha" cdata="&amp;#945;"/> <!--greek small letter alpha,U+03B1 ISOgrk3 -->
+		<entity name="beta" cdata="&amp;#946;"/> <!--greek small letter beta, U+03B2 ISOgrk3 -->
+		<entity name="gamma" cdata="&amp;#947;"/> <!--greek small letter gamma,U+03B3 ISOgrk3 -->
+		<entity name="delta" cdata="&amp;#948;"/> <!--greek small letter delta,U+03B4 ISOgrk3 -->
+		<entity name="epsilon" cdata="&amp;#949;"/> <!--greek small letter epsilon,U+03B5 ISOgrk3 -->
+		<entity name="zeta" cdata="&amp;#950;"/> <!--greek small letter zeta, U+03B6 ISOgrk3 -->
+		<entity name="eta" cdata="&amp;#951;"/> <!--greek small letter eta, U+03B7 ISOgrk3 -->
+		<entity name="theta" cdata="&amp;#952;"/> <!--greek small letter theta, U+03B8 ISOgrk3 -->
+		<entity name="iota" cdata="&amp;#953;"/> <!--greek small letter iota, U+03B9 ISOgrk3 -->
+		<entity name="kappa" cdata="&amp;#954;"/> <!--greek small letter kappa,U+03BA ISOgrk3 -->
+		<entity name="lambda" cdata="&amp;#955;"/> <!--greek small letter lambda, U+03BB ISOgrk3 -->
+		<entity name="mu" cdata="&amp;#956;"/> <!--greek small letter mu, U+03BC ISOgrk3 -->
+		<entity name="nu" cdata="&amp;#957;"/> <!--greek small letter nu, U+03BD ISOgrk3 -->
+		<entity name="xi" cdata="&amp;#958;"/> <!--greek small letter xi, U+03BE ISOgrk3 -->
+		<entity name="omicron" cdata="&amp;#959;"/> <!--greek small letter omicron, U+03BF NEW -->
+		<entity name="pi" cdata="&amp;#960;"/> <!--greek small letter pi, U+03C0 ISOgrk3 -->
+		<entity name="rho" cdata="&amp;#961;"/> <!--greek small letter rho, U+03C1 ISOgrk3 -->
+		<entity name="sigmaf" cdata="&amp;#962;"/> <!--greek small letter final sigma, U+03C2 ISOgrk3 -->
+		<entity name="sigma" cdata="&amp;#963;"/> <!--greek small letter sigma, U+03C3 ISOgrk3 -->
+		<entity name="tau" cdata="&amp;#964;"/> <!--greek small letter tau, U+03C4 ISOgrk3 -->
+		<entity name="upsilon" cdata="&amp;#965;"/> <!--greek small letter upsilon, U+03C5 ISOgrk3 -->
+		<entity name="phi" cdata="&amp;#966;"/> <!--greek small letter phi, U+03C6 ISOgrk3 -->
+		<entity name="chi" cdata="&amp;#967;"/> <!--greek small letter chi, U+03C7 ISOgrk3 -->
+		<entity name="psi" cdata="&amp;#968;"/> <!--greek small letter psi, U+03C8 ISOgrk3 -->
+		<entity name="omega" cdata="&amp;#969;"/> <!--greek small letter omega, U+03C9 ISOgrk3 -->
+		<entity name="thetasym" cdata="&amp;#977;"/> <!--greek small letter theta symbol, U+03D1 NEW -->
+		<entity name="upsih" cdata="&amp;#978;"/> <!--greek upsilon with hook symbol, U+03D2 NEW -->
+		<entity name="piv" cdata="&amp;#982;"/> <!--greek pi symbol, U+03D6 ISOgrk3 -->
+		
+		<!-- General Punctuation -->
+		<entity name="bull" cdata="&amp;#8226;"/> <!--bullet = black small circle, U+2022 ISOpub  -->
+		<!-- bullet is NOT the same as bullet operator, U+2219 -->
+		<entity name="hellip" cdata="&amp;#8230;"/> <!--horizontal ellipsis = three dot leader, U+2026 ISOpub  -->
+		<entity name="prime" cdata="&amp;#8242;"/> <!--prime = minutes = feet, U+2032 ISOtech -->
+		<entity name="Prime" cdata="&amp;#8243;"/> <!--double prime = seconds = inches, U+2033 ISOtech -->
+		<entity name="oline" cdata="&amp;#8254;"/> <!--overline = spacing overscore, U+203E NEW -->
+		<entity name="frasl" cdata="&amp;#8260;"/> <!--fraction slash, U+2044 NEW -->
+		
+		<!-- Letterlike Symbols -->
+		<entity name="weierp" cdata="&amp;#8472;"/> <!--script capital P = power set = Weierstrass p, U+2118 ISOamso -->
+		<entity name="image" cdata="&amp;#8465;"/> <!--blackletter capital I = imaginary part, U+2111 ISOamso -->
+		<entity name="real" cdata="&amp;#8476;"/> <!--blackletter capital R = real part symbol, U+211C ISOamso -->
+		<entity name="trade" cdata="&amp;#8482;"/> <!--trade mark sign, U+2122 ISOnum -->
+		<entity name="alefsym" cdata="&amp;#8501;"/> <!--alef symbol = first transfinite cardinal, U+2135 NEW -->
+		<!-- alef symbol is NOT the same as hebrew letter alef,
+		     U+05D0 although the same glyph could be used to depict both characters -->
+		
+		<!-- Arrows -->
+		<entity name="larr" cdata="&amp;#8592;"/> <!--leftwards arrow, U+2190 ISOnum -->
+		<entity name="uarr" cdata="&amp;#8593;"/> <!--upwards arrow, U+2191 ISOnum-->
+		<entity name="rarr" cdata="&amp;#8594;"/> <!--rightwards arrow, U+2192 ISOnum -->
+		<entity name="darr" cdata="&amp;#8595;"/> <!--downwards arrow, U+2193 ISOnum -->
+		<entity name="harr" cdata="&amp;#8596;"/> <!--left right arrow, U+2194 ISOamsa -->
+		<entity name="crarr" cdata="&amp;#8629;"/> <!--downwards arrow with corner leftwards
+		                                     = carriage return, U+21B5 NEW -->
+		<entity name="lArr" cdata="&amp;#8656;"/> <!--leftwards double arrow, U+21D0 ISOtech -->
+		
+		<!-- ISO 10646 does not say that lArr is the same as the 'is implied by' arrow
+		    but also does not have any other character for that function. So ? lArr can
+		    be used for 'is implied by' as ISOtech suggests -->
+		    
+		<entity name="uArr" cdata="&amp;#8657;"/> <!--upwards double arrow, U+21D1 ISOamsa -->
+		<entity name="rArr" cdata="&amp;#8658;"/> <!--rightwards double arrow, U+21D2 ISOtech -->
+		
+		<!-- ISO 10646 does not say this is the 'implies' character but does not have 
+		     another character with this function so ?
+		     rArr can be used for 'implies' as ISOtech suggests -->
+		     
+		<entity name="dArr" cdata="&amp;#8659;"/> <!--downwards double arrow, U+21D3 ISOamsa -->
+		<entity name="hArr" cdata="&amp;#8660;"/> <!--left right double arrow, U+21D4 ISOamsa -->
+		
+		<!-- Mathematical Operators -->
+		<entity name="forall" cdata="&amp;#8704;"/> <!--for all, U+2200 ISOtech -->
+		<entity name="part" cdata="&amp;#8706;"/> <!--partial differential, U+2202 ISOtech  -->
+		<entity name="exist" cdata="&amp;#8707;"/> <!--there exists, U+2203 ISOtech -->
+		<entity name="empty" cdata="&amp;#8709;"/> <!--empty set = null set = diameter,U+2205 ISOamso -->
+		<entity name="nabla" cdata="&amp;#8711;"/> <!--nabla = backward difference, U+2207 ISOtech -->
+		<entity name="isin" cdata="&amp;#8712;"/> <!--element of, U+2208 ISOtech -->
+		<entity name="notin" cdata="&amp;#8713;"/> <!--not an element of, U+2209 ISOtech -->
+		<entity name="ni" cdata="&amp;#8715;"/> <!--contains as member, U+220B ISOtech -->
+	
+		<!-- should there be a more memorable name than 'ni'? -->
+		<entity name="prod" cdata="&amp;#8719;"/> <!--n-ary product = product sign, U+220F ISOamsb -->
+		
+		<!-- prod is NOT the same character as U+03A0 'greek capital letter pi' though
+		     the same glyph might be used for both -->
+		     
+		<entity name="sum" cdata="&amp;#8721;"/> <!--n-ary sumation, U+2211 ISOamsb -->
+		
+		<!-- sum is NOT the same character as U+03A3 'greek capital letter sigma'
+		     though the same glyph might be used for both -->
+		
+		<entity name="minus" cdata="&amp;#8722;"/> <!--minus sign, U+2212 ISOtech -->
+		<entity name="lowast" cdata="&amp;#8727;"/> <!--asterisk operator, U+2217 ISOtech -->
+		<entity name="radic" cdata="&amp;#8730;"/> <!--square root = radical sign, U+221A ISOtech -->
+		<entity name="prop" cdata="&amp;#8733;"/> <!--proportional to, U+221D ISOtech -->
+		<entity name="infin" cdata="&amp;#8734;"/> <!--infinity, U+221E ISOtech -->
+		<entity name="ang" cdata="&amp;#8736;"/> <!--angle, U+2220 ISOamso -->
+		<entity name="and" cdata="&amp;#8743;"/> <!--logical and = wedge, U+2227 ISOtech -->
+		<entity name="or" cdata="&amp;#8744;"/> <!--logical or = vee, U+2228 ISOtech -->
+		<entity name="cap" cdata="&amp;#8745;"/> <!--intersection = cap, U+2229 ISOtech -->
+		<entity name="cup" cdata="&amp;#8746;"/> <!--union = cup, U+222A ISOtech -->
+		<entity name="int" cdata="&amp;#8747;"/> <!--integral, U+222B ISOtech -->
+		<entity name="there4" cdata="&amp;#8756;"/> <!--therefore, U+2234 ISOtech -->
+		<entity name="sim" cdata="&amp;#8764;"/> <!--tilde operator = varies with = similar to, U+223C ISOtech -->
+		
+		<!-- tilde operator is NOT the same character as the tilde, U+007E,
+		     although the same glyph might be used to represent both  -->
+		     
+		<entity name="cong" cdata="&amp;#8773;"/> <!--approximately equal to, U+2245 ISOtech -->
+		<entity name="asymp" cdata="&amp;#8776;"/> <!--almost equal to = asymptotic to, U+2248 ISOamsr -->
+		<entity name="ne" cdata="&amp;#8800;"/> <!--not equal to, U+2260 ISOtech -->
+		<entity name="equiv" cdata="&amp;#8801;"/> <!--identical to, U+2261 ISOtech -->
+		<entity name="le" cdata="&amp;#8804;"/> <!--less-than or equal to, U+2264 ISOtech -->
+		<entity name="ge" cdata="&amp;#8805;"/> <!--greater-than or equal to, U+2265 ISOtech -->
+		<entity name="sub" cdata="&amp;#8834;"/> <!--subset of, U+2282 ISOtech -->
+		<entity name="sup" cdata="&amp;#8835;"/> <!--superset of, U+2283 ISOtech -->
+		
+		<!-- note that nsup, 'not a superset of, U+2283' is not covered by the Symbol 
+		     font encoding and is not included. Should it be, for symmetry?
+		     It is in ISOamsn  --> 
+		
+		<entity name="nsub" cdata="&amp;#8836;"/> <!--not a subset of, U+2284 ISOamsn -->
+		<entity name="sube" cdata="&amp;#8838;"/> <!--subset of or equal to, U+2286 ISOtech -->
+		<entity name="supe" cdata="&amp;#8839;"/> <!--superset of or equal to, U+2287 ISOtech -->
+		<entity name="oplus" cdata="&amp;#8853;"/> <!--circled plus = direct sum, U+2295 ISOamsb -->
+		<entity name="otimes" cdata="&amp;#8855;"/> <!--circled times = vector product, U+2297 ISOamsb -->
+		<entity name="perp" cdata="&amp;#8869;"/> <!--up tack = orthogonal to = perpendicular, U+22A5 ISOtech -->
+		<entity name="sdot" cdata="&amp;#8901;"/> <!--dot operator, U+22C5 ISOamsb -->
+		<!-- dot operator is NOT the same character as U+00B7 middle dot -->
+		
+		<!-- Miscellaneous Technical -->
+		<entity name="lceil" cdata="&amp;#8968;"/> <!--left ceiling = apl upstile, U+2308 ISOamsc  -->
+		<entity name="rceil" cdata="&amp;#8969;"/> <!--right ceiling, U+2309 ISOamsc  -->
+		<entity name="lfloor" cdata="&amp;#8970;"/> <!--left floor = apl downstile, U+230A ISOamsc  -->
+		<entity name="rfloor" cdata="&amp;#8971;"/> <!--right floor, U+230B ISOamsc  -->
+		<entity name="lang" cdata="&amp;#9001;"/> <!--left-pointing angle bracket = bra, U+2329 ISOtech -->
+		<!-- lang is NOT the same character as U+003C 'less than' 
+		     or U+2039 'single left-pointing angle quotation mark' -->
+		<entity name="rang" cdata="&amp;#9002;"/> <!--right-pointing angle bracket = ket, U+232A ISOtech -->
+		<!-- rang is NOT the same character as U+003E 'greater than' or U+203A 'single right-pointing angle quotation mark' -->
+		
+		<!-- Geometric Shapes -->
+		<entity name="loz" cdata="&amp;#9674;"/> <!--lozenge, U+25CA ISOpub -->
+		
+		<!-- Miscellaneous Symbols -->
+		<entity name="spades" cdata="&amp;#9824;"/> <!--black spade suit, U+2660 ISOpub -->
+		<!-- black here seems to mean filled as opposed to hollow -->
+		<entity name="clubs" cdata="&amp;#9827;"/> <!--black club suit = shamrock, U+2663 ISOpub -->
+		<entity name="hearts" cdata="&amp;#9829;"/> <!--black heart suit = valentine, U+2665 ISOpub -->
+		<entity name="diams" cdata="&amp;#9830;"/> <!--black diamond suit, U+2666 ISOpub -->
+		
+		<entity name="quot" cdata="&amp;#34;"  /> <!--quotation mark = APL quote, U+0022 ISOnum -->
+		<!-- Latin Extended-A -->
+		<entity name="OElig" cdata="&amp;#338;" /> <!--latin capital ligature OE, U+0152 ISOlat2 -->
+		<entity name="oelig" cdata="&amp;#339;" /> <!--latin small ligature oe, U+0153 ISOlat2 -->
+		<!-- ligature is a misnomer, this is a separate character in some languages -->
+		<entity name="Scaron" cdata="&amp;#352;" /> <!--latin capital letter S with caron, U+0160 ISOlat2 -->
+		<entity name="scaron" cdata="&amp;#353;" /> <!--latin small letter s with caron, U+0161 ISOlat2 -->
+		<entity name="Yuml" cdata="&amp;#376;" /> <!--latin capital letter Y with diaeresis, U+0178 ISOlat2 -->
+		
+		<!-- Spacing Modifier Letters -->
+		<entity name="circ" cdata="&amp;#710;" /> <!--modifier letter circumflex accent, U+02C6 ISOpub -->
+		<entity name="tilde" cdata="&amp;#732;" /> <!--small tilde, U+02DC ISOdia -->
+		
+		<!-- General Punctuation -->
+		<entity name="ensp" cdata="&amp;#8194;"/> <!--en space, U+2002 ISOpub -->
+		<entity name="emsp" cdata="&amp;#8195;"/> <!--em space, U+2003 ISOpub -->
+		<entity name="thinsp" cdata="&amp;#8201;"/> <!--thin space, U+2009 ISOpub -->
+		<entity name="zwnj" cdata="&amp;#8204;"/> <!--zero width non-joiner, U+200C NEW RFC 2070 -->
+		<entity name="zwj" cdata="&amp;#8205;"/> <!--zero width joiner, U+200D NEW RFC 2070 -->
+		<entity name="lrm" cdata="&amp;#8206;"/> <!--left-to-right mark, U+200E NEW RFC 2070 -->
+		<entity name="rlm" cdata="&amp;#8207;"/> <!--right-to-left mark, U+200F NEW RFC 2070 -->
+		<entity name="ndash" cdata="&amp;#8211;"/> <!--en dash, U+2013 ISOpub -->
+		<entity name="mdash" cdata="&amp;#8212;"/> <!--em dash, U+2014 ISOpub -->
+		<entity name="lsquo" cdata="&amp;#8216;"/> <!--left single quotation mark, U+2018 ISOnum -->
+		<entity name="rsquo" cdata="&amp;#8217;"/> <!--right single quotation mark, U+2019 ISOnum -->
+		<entity name="sbquo" cdata="&amp;#8218;"/> <!--single low-9 quotation mark, U+201A NEW -->
+		<entity name="ldquo" cdata="&amp;#8220;"/> <!--left double quotation mark, U+201C ISOnum -->
+		<entity name="rdquo" cdata="&amp;#8221;"/> <!--right double quotation mark, U+201D ISOnum -->
+		<entity name="bdquo" cdata="&amp;#8222;"/> <!--double low-9 quotation mark, U+201E NEW -->
+		<entity name="dagger" cdata="&amp;#8224;"/> <!--dagger, U+2020 ISOpub -->
+		<entity name="Dagger" cdata="&amp;#8225;"/> <!--double dagger, U+2021 ISOpub -->
+		<entity name="permil" cdata="&amp;#8240;"/> <!--per mille sign, U+2030 ISOtech -->
+		<entity name="lsaquo" cdata="&amp;#8249;"/> <!--single left-pointing angle quotation mark, U+2039 ISO proposed -->
+		<!-- lsaquo is proposed but not yet ISO standardized -->
+		<entity name="rsaquo" cdata="&amp;#8250;"/> <!--single right-pointing angle quotation mark, U+203A ISO proposed -->
+		<!-- rsaquo is proposed but not yet ISO standardized -->
+		<entity name="euro" cdata="&amp;#8364;" /> <!--euro sign, U+20AC NEW -->
+	</html-entities>
+
+</anti-samy-rules>

From 41f2c2a18229e6a146e705fdb322aed47b4c9933 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:34:46 -0500
Subject: [PATCH 294/812] Change CRLF to LF for issue 356.

---
 .../esapi/ESAPI-AccessControlPolicy.xml       | 254 +++++++++---------
 1 file changed, 127 insertions(+), 127 deletions(-)

diff --git a/src/test/resources/esapi/ESAPI-AccessControlPolicy.xml b/src/test/resources/esapi/ESAPI-AccessControlPolicy.xml
index 2ed0732bc..4d2ca74b5 100644
--- a/src/test/resources/esapi/ESAPI-AccessControlPolicy.xml
+++ b/src/test/resources/esapi/ESAPI-AccessControlPolicy.xml
@@ -1,127 +1,127 @@
-<?xml version="1.0" encoding="ISO-8859-1" ?>
-
-<AccessControlPolicy>
-	<AccessControlRules>
-		<AccessControlRule
-			name="AlwaysTrue"
-			description="Access is always granted"
-			class="org.owasp.esapi.reference.accesscontrol.AlwaysTrueACR">
-		</AccessControlRule>
-		<AccessControlRule
-			name="AlwaysFalse"
-			description="Access is always denied"
-			class="org.owasp.esapi.reference.accesscontrol.AlwaysFalseACR">
-		</AccessControlRule>
-		<AccessControlRule
-			name="EchoRuntimeParameter"
-			description="Access depends on the value of the runtime parameter"
-			class="org.owasp.esapi.reference.accesscontrol.EchoRuntimeParameterACR">
-		</AccessControlRule>
-		<AccessControlRule
-			name="EchoPolicyParameter"
-			description="Access depends on the value of the policy parameter: isTrue"
-			class="org.owasp.esapi.reference.accesscontrol.policyloader.EchoDynaBeanPolicyParameterACR">
-			<Parameters>
-				<Parameter name="isTrue" type="Boolean" value="true"/>
-			</Parameters>
-		</AccessControlRule>
-		
-		<!-- 
-			The following Rules are for backwards compatibility with
-			the deprecated AcessController 1.0 reference implementation
-			specification
-		-->
-		<AccessControlRule
-			name="AC 1.0 Data"
-			description="See delegateClass's code comments"
-			class="org.owasp.esapi.reference.accesscontrol.DelegatingACR">
-			<Parameters>
-				<Parameter name="delegateClass" type="String" value="org.owasp.esapi.reference.accesscontrol.FileBasedACRs"/> 
-				<Parameter name="delegateMethod" type="String" value="isAuthorizedForData"/>
-				<Parameter name="parameterClasses" type="StringArray" value="java.lang.String, java.lang.Object"/>
-			</Parameters>
-		</AccessControlRule>
-		<AccessControlRule
-			name="AC 1.0 File"
-			description="See delegateClass's code comments"
-			class="org.owasp.esapi.reference.accesscontrol.DelegatingACR">
-			<Parameters>
-				<Parameter name="delegateClass" type="String" value="org.owasp.esapi.reference.accesscontrol.FileBasedACRs"/>
-				<Parameter name="delegateMethod" type="String" value="isAuthorizedForFile"/>
-				<Parameter name="parameterClasses" type="StringArray" value="java.lang.String"/>
-			</Parameters>
-		</AccessControlRule>
-		<AccessControlRule
-			name="AC 1.0 Function"
-			description="See delegateClass's code comments"
-			class="org.owasp.esapi.reference.accesscontrol.DelegatingACR">
-			<Parameters>
-				<Parameter name="delegateClass" type="String" value="org.owasp.esapi.reference.accesscontrol.FileBasedACRs"/>
-				<Parameter name="delegateMethod" type="String" value="isAuthorizedForFunction"/>
-				<Parameter name="parameterClasses" type="StringArray" value="java.lang.String"/>
-			</Parameters>
-		</AccessControlRule>
-		<AccessControlRule
-			name="AC 1.0 Service"
-			description="See delegateClass's code comments"
-			class="org.owasp.esapi.reference.accesscontrol.DelegatingACR">
-			<Parameters>
-				<Parameter name="delegateClass" type="String" value="org.owasp.esapi.reference.accesscontrol.FileBasedACRs"/>
-				<Parameter name="delegateMethod" type="String" value="isAuthorizedForService"/>
-				<Parameter name="parameterClasses" type="StringArray" value="java.lang.String"/>
-			</Parameters>
-		</AccessControlRule>
-		<AccessControlRule
-			name="AC 1.0 URL"
-			description="See delegateClass's code comments"
-			class="org.owasp.esapi.reference.accesscontrol.DelegatingACR">
-			<Parameters>
-				<Parameter name="delegateClass" type="String" value="org.owasp.esapi.reference.accesscontrol.FileBasedACRs"/>
-				<Parameter name="delegateMethod" type="String" value="isAuthorizedForURL"/>
-				<Parameter name="parameterClasses" type="StringArray" value="java.lang.String"/>
-			</Parameters>
-		</AccessControlRule>
-		
-		<!-- End Rules for backwards compatibility with Access Controller 1.0 -->
-	</AccessControlRules>
-</AccessControlPolicy>
-
-
-
-<!-- 
-We have these as runtime tests, but not as policy file load tests yet.
-		<AccessControlRule
-			name="EchoRuntimeParameterClassCastException"
-			description="Access depends on the value of the runtime parameter"
-			class="org.owasp.esapi.reference.accesscontrol.EchoPolicyParameterACR">
-			<Parameters>
-				<Parameter name="isTrue" type="Boolean" value="This is not a boolean"/>
-			</Parameters>
-		</AccessControlRule>
-		<AccessControlRule
-			name="EchoRuntimeParameterValueNull"
-			description="Access depends on the value of the runtime parameter"
-			class="org.owasp.esapi.reference.accesscontrol.EchoPolicyParameterACR">
-			<Parameters>
-				<Parameter name="isTrue" type="Boolean" value="null"/>
-			</Parameters>
-		</AccessControlRule>
-		<AccessControlRule
-			name="EchoRuntimeParameterValueEmpty"
-			description="Access depends on the value of the runtime parameter"
-			class="org.owasp.esapi.reference.accesscontrol.EchoPolicyParameterACR">
-			<Parameters>
-				<Parameter name="isTrue" type="Boolean" value=""/>
-			</Parameters>
-		</AccessControlRule>
-		<AccessControlRule
-			name="EchoRuntimeParameterValueMissing"
-			description="Access depends on the value of the runtime parameter"
-			class="org.owasp.esapi.reference.accesscontrol.EchoPolicyParameterACR">
-			<Parameters>
-				<Parameter name="isTrue" type="Boolean"/>
-			</Parameters>
-		</AccessControlRule>
--->
-
-<!-- we should add tests for name and type errors too -->
+<?xml version="1.0" encoding="ISO-8859-1" ?>
+
+<AccessControlPolicy>
+	<AccessControlRules>
+		<AccessControlRule
+			name="AlwaysTrue"
+			description="Access is always granted"
+			class="org.owasp.esapi.reference.accesscontrol.AlwaysTrueACR">
+		</AccessControlRule>
+		<AccessControlRule
+			name="AlwaysFalse"
+			description="Access is always denied"
+			class="org.owasp.esapi.reference.accesscontrol.AlwaysFalseACR">
+		</AccessControlRule>
+		<AccessControlRule
+			name="EchoRuntimeParameter"
+			description="Access depends on the value of the runtime parameter"
+			class="org.owasp.esapi.reference.accesscontrol.EchoRuntimeParameterACR">
+		</AccessControlRule>
+		<AccessControlRule
+			name="EchoPolicyParameter"
+			description="Access depends on the value of the policy parameter: isTrue"
+			class="org.owasp.esapi.reference.accesscontrol.policyloader.EchoDynaBeanPolicyParameterACR">
+			<Parameters>
+				<Parameter name="isTrue" type="Boolean" value="true"/>
+			</Parameters>
+		</AccessControlRule>
+		
+		<!-- 
+			The following Rules are for backwards compatibility with
+			the deprecated AcessController 1.0 reference implementation
+			specification
+		-->
+		<AccessControlRule
+			name="AC 1.0 Data"
+			description="See delegateClass's code comments"
+			class="org.owasp.esapi.reference.accesscontrol.DelegatingACR">
+			<Parameters>
+				<Parameter name="delegateClass" type="String" value="org.owasp.esapi.reference.accesscontrol.FileBasedACRs"/> 
+				<Parameter name="delegateMethod" type="String" value="isAuthorizedForData"/>
+				<Parameter name="parameterClasses" type="StringArray" value="java.lang.String, java.lang.Object"/>
+			</Parameters>
+		</AccessControlRule>
+		<AccessControlRule
+			name="AC 1.0 File"
+			description="See delegateClass's code comments"
+			class="org.owasp.esapi.reference.accesscontrol.DelegatingACR">
+			<Parameters>
+				<Parameter name="delegateClass" type="String" value="org.owasp.esapi.reference.accesscontrol.FileBasedACRs"/>
+				<Parameter name="delegateMethod" type="String" value="isAuthorizedForFile"/>
+				<Parameter name="parameterClasses" type="StringArray" value="java.lang.String"/>
+			</Parameters>
+		</AccessControlRule>
+		<AccessControlRule
+			name="AC 1.0 Function"
+			description="See delegateClass's code comments"
+			class="org.owasp.esapi.reference.accesscontrol.DelegatingACR">
+			<Parameters>
+				<Parameter name="delegateClass" type="String" value="org.owasp.esapi.reference.accesscontrol.FileBasedACRs"/>
+				<Parameter name="delegateMethod" type="String" value="isAuthorizedForFunction"/>
+				<Parameter name="parameterClasses" type="StringArray" value="java.lang.String"/>
+			</Parameters>
+		</AccessControlRule>
+		<AccessControlRule
+			name="AC 1.0 Service"
+			description="See delegateClass's code comments"
+			class="org.owasp.esapi.reference.accesscontrol.DelegatingACR">
+			<Parameters>
+				<Parameter name="delegateClass" type="String" value="org.owasp.esapi.reference.accesscontrol.FileBasedACRs"/>
+				<Parameter name="delegateMethod" type="String" value="isAuthorizedForService"/>
+				<Parameter name="parameterClasses" type="StringArray" value="java.lang.String"/>
+			</Parameters>
+		</AccessControlRule>
+		<AccessControlRule
+			name="AC 1.0 URL"
+			description="See delegateClass's code comments"
+			class="org.owasp.esapi.reference.accesscontrol.DelegatingACR">
+			<Parameters>
+				<Parameter name="delegateClass" type="String" value="org.owasp.esapi.reference.accesscontrol.FileBasedACRs"/>
+				<Parameter name="delegateMethod" type="String" value="isAuthorizedForURL"/>
+				<Parameter name="parameterClasses" type="StringArray" value="java.lang.String"/>
+			</Parameters>
+		</AccessControlRule>
+		
+		<!-- End Rules for backwards compatibility with Access Controller 1.0 -->
+	</AccessControlRules>
+</AccessControlPolicy>
+
+
+
+<!-- 
+We have these as runtime tests, but not as policy file load tests yet.
+		<AccessControlRule
+			name="EchoRuntimeParameterClassCastException"
+			description="Access depends on the value of the runtime parameter"
+			class="org.owasp.esapi.reference.accesscontrol.EchoPolicyParameterACR">
+			<Parameters>
+				<Parameter name="isTrue" type="Boolean" value="This is not a boolean"/>
+			</Parameters>
+		</AccessControlRule>
+		<AccessControlRule
+			name="EchoRuntimeParameterValueNull"
+			description="Access depends on the value of the runtime parameter"
+			class="org.owasp.esapi.reference.accesscontrol.EchoPolicyParameterACR">
+			<Parameters>
+				<Parameter name="isTrue" type="Boolean" value="null"/>
+			</Parameters>
+		</AccessControlRule>
+		<AccessControlRule
+			name="EchoRuntimeParameterValueEmpty"
+			description="Access depends on the value of the runtime parameter"
+			class="org.owasp.esapi.reference.accesscontrol.EchoPolicyParameterACR">
+			<Parameters>
+				<Parameter name="isTrue" type="Boolean" value=""/>
+			</Parameters>
+		</AccessControlRule>
+		<AccessControlRule
+			name="EchoRuntimeParameterValueMissing"
+			description="Access depends on the value of the runtime parameter"
+			class="org.owasp.esapi.reference.accesscontrol.EchoPolicyParameterACR">
+			<Parameters>
+				<Parameter name="isTrue" type="Boolean"/>
+			</Parameters>
+		</AccessControlRule>
+-->
+
+<!-- we should add tests for name and type errors too -->

From 41e96c6189d60f565fec213d4700a577ac65de00 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:34:46 -0500
Subject: [PATCH 295/812] Change CRLF to LF for issue 356.

---
 .../esapi/waf-policies/add-header-policy.xml  | 56 +++++++++----------
 1 file changed, 28 insertions(+), 28 deletions(-)

diff --git a/src/test/resources/esapi/waf-policies/add-header-policy.xml b/src/test/resources/esapi/waf-policies/add-header-policy.xml
index b2d8efc49..0a48ed2d0 100644
--- a/src/test/resources/esapi/waf-policies/add-header-policy.xml
+++ b/src/test/resources/esapi/waf-policies/add-header-policy.xml
@@ -1,29 +1,29 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies an add-header rule.
-
-	Protection #1: Any response for a resource will contain a header "FOO" with
-	               a value "BAR".
-
-	Exception #1:  Any request for /marketing/* will not have any such header
-	               returned.
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-	
-	<outbound-rules>
-		<add-header name="FOO" value="BAR" path="/.*">
-			<path-exception type="regex">/marketing/.*</path-exception>
-		</add-header>
-	</outbound-rules>
-	
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies an add-header rule.
+
+	Protection #1: Any response for a resource will contain a header "FOO" with
+	               a value "BAR".
+
+	Exception #1:  Any request for /marketing/* will not have any such header
+	               returned.
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+	
+	<outbound-rules>
+		<add-header name="FOO" value="BAR" path="/.*">
+			<path-exception type="regex">/marketing/.*</path-exception>
+		</add-header>
+	</outbound-rules>
+	
 </policy>
\ No newline at end of file

From 96d91bbe98af8611c695cc9615dd4a19587ea169 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:34:46 -0500
Subject: [PATCH 296/812] Change CRLF to LF for issue 356.

---
 .../waf-policies/add-httponly-policy.xml      | 52 +++++++++----------
 1 file changed, 26 insertions(+), 26 deletions(-)

diff --git a/src/test/resources/esapi/waf-policies/add-httponly-policy.xml b/src/test/resources/esapi/waf-policies/add-httponly-policy.xml
index 1232f5997..4420e6ce0 100644
--- a/src/test/resources/esapi/waf-policies/add-httponly-policy.xml
+++ b/src/test/resources/esapi/waf-policies/add-httponly-policy.xml
@@ -1,27 +1,27 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies an add-http-flag rule.
-
-	Protection #1: Any cookie set by the application will have the HttpOnly flag set. This
-	               should apply to the application session ID as well as any custom cookies.
-
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-
-	<outbound-rules>
-		<add-http-only-flag>
-			<cookie name=".*"/>
-		</add-http-only-flag>
-	</outbound-rules>
-	
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies an add-http-flag rule.
+
+	Protection #1: Any cookie set by the application will have the HttpOnly flag set. This
+	               should apply to the application session ID as well as any custom cookies.
+
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+
+	<outbound-rules>
+		<add-http-only-flag>
+			<cookie name=".*"/>
+		</add-http-only-flag>
+	</outbound-rules>
+	
 </policy>
\ No newline at end of file

From 6979a3c7b8ff112dbef1f5559197361e251a79d5 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:34:46 -0500
Subject: [PATCH 297/812] Change CRLF to LF for issue 356.

---
 .../esapi/waf-policies/add-secure-policy.xml  | 52 +++++++++----------
 1 file changed, 26 insertions(+), 26 deletions(-)

diff --git a/src/test/resources/esapi/waf-policies/add-secure-policy.xml b/src/test/resources/esapi/waf-policies/add-secure-policy.xml
index 12298a45a..80067da42 100644
--- a/src/test/resources/esapi/waf-policies/add-secure-policy.xml
+++ b/src/test/resources/esapi/waf-policies/add-secure-policy.xml
@@ -1,27 +1,27 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies an add-secure-flag rule.
-
-	Protection #1: Any cookie set by the application will have the secure flag set. This
-	               should apply to the application session ID as well as any custom cookies.
-
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-	
-	<outbound-rules>
-		<add-secure-flag>
-			<cookie name=".*"/>
-		</add-secure-flag>
-	</outbound-rules>
-	
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies an add-secure-flag rule.
+
+	Protection #1: Any cookie set by the application will have the secure flag set. This
+	               should apply to the application session ID as well as any custom cookies.
+
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+	
+	<outbound-rules>
+		<add-secure-flag>
+			<cookie name=".*"/>
+		</add-secure-flag>
+	</outbound-rules>
+	
 </policy>
\ No newline at end of file

From 73d5af5d969c471a369e91d7ff0916ddbdcf4d2f Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:34:46 -0500
Subject: [PATCH 298/812] Change CRLF to LF for issue 356.

---
 .../waf-policies/authentication-policy.xml    | 58 +++++++++----------
 1 file changed, 29 insertions(+), 29 deletions(-)

diff --git a/src/test/resources/esapi/waf-policies/authentication-policy.xml b/src/test/resources/esapi/waf-policies/authentication-policy.xml
index 1c1a485be..5a77e6c0b 100644
--- a/src/test/resources/esapi/waf-policies/authentication-policy.xml
+++ b/src/test/resources/esapi/waf-policies/authentication-policy.xml
@@ -1,30 +1,30 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies an authentication rule.
-
-	Authentication applies to: /.*
-	Session variable whose existence implies authentication: sessionUserObjKey
-	Static exception:   <path-exception>/index.html</path-exception>
-	Pattern exception:  <path-exception type="regex">/images/.*</path-exception>
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>>
-
-	<!--
-		Set authentication rules by path.
-	-->
-	<authentication-rules path="/.*"  key="sessionUserObjKey" >
-		<path-exception>/index.html</path-exception>
-		<path-exception type="regex">/images/.*</path-exception>
-	</authentication-rules>
-
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies an authentication rule.
+
+	Authentication applies to: /.*
+	Session variable whose existence implies authentication: sessionUserObjKey
+	Static exception:   <path-exception>/index.html</path-exception>
+	Pattern exception:  <path-exception type="regex">/images/.*</path-exception>
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>>
+
+	<!--
+		Set authentication rules by path.
+	-->
+	<authentication-rules path="/.*"  key="sessionUserObjKey" >
+		<path-exception>/index.html</path-exception>
+		<path-exception type="regex">/images/.*</path-exception>
+	</authentication-rules>
+
 </policy>
\ No newline at end of file

From 53ee54a5cd23846007580bfe2972e5cd99af7351 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:34:46 -0500
Subject: [PATCH 299/812] Change CRLF to LF for issue 356.

---
 .../esapi/waf-policies/bean-shell-policy.xml  | 58 +++++++++----------
 1 file changed, 29 insertions(+), 29 deletions(-)

diff --git a/src/test/resources/esapi/waf-policies/bean-shell-policy.xml b/src/test/resources/esapi/waf-policies/bean-shell-policy.xml
index 5d2f9275f..948d151c0 100644
--- a/src/test/resources/esapi/waf-policies/bean-shell-policy.xml
+++ b/src/test/resources/esapi/waf-policies/bean-shell-policy.xml
@@ -1,30 +1,30 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies different custom bean shell rules.
-	
-	
-
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-
-	<!--
-		Import the rules.
-	-->
-	<bean-shell-rules>	
-		<bean-shell-script 
-			id="example1" 
-			file="waf-policies/bean-shell-rule.bsh"
-			stage="before-request-body"/>
-	</bean-shell-rules>
-
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies different custom bean shell rules.
+	
+	
+
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+
+	<!--
+		Import the rules.
+	-->
+	<bean-shell-rules>	
+		<bean-shell-script 
+			id="example1" 
+			file="waf-policies/bean-shell-rule.bsh"
+			stage="before-request-body"/>
+	</bean-shell-rules>
+
 </policy>
\ No newline at end of file

From 3ac816c7b36cb5b5f789ab48f16ebb65254c93fd Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:34:46 -0500
Subject: [PATCH 300/812] Change CRLF to LF for issue 356.

---
 .../waf-policies/detect-outbound-policy.xml   | 52 +++++++++----------
 1 file changed, 26 insertions(+), 26 deletions(-)

diff --git a/src/test/resources/esapi/waf-policies/detect-outbound-policy.xml b/src/test/resources/esapi/waf-policies/detect-outbound-policy.xml
index 8312be95d..ac756aefa 100644
--- a/src/test/resources/esapi/waf-policies/detect-outbound-policy.xml
+++ b/src/test/resources/esapi/waf-policies/detect-outbound-policy.xml
@@ -1,27 +1,27 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies a detect-content rule.
-
-	Protection #1: The rule should fire whenever the string "2008" appears in
-	               a response body.
-	Exception #1:  The rule should -not- fire when the content type is anything
-	               but text/*.
-
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-
-	<outbound-rules>
-		<detect-content content-type=".*text/.*" pattern=".*2008.*" />
-	</outbound-rules>
-	
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies a detect-content rule.
+
+	Protection #1: The rule should fire whenever the string "2008" appears in
+	               a response body.
+	Exception #1:  The rule should -not- fire when the content type is anything
+	               but text/*.
+
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+
+	<outbound-rules>
+		<detect-content content-type=".*text/.*" pattern=".*2008.*" />
+	</outbound-rules>
+	
 </policy>
\ No newline at end of file

From 7eb39e3846c2c547dc58008c7adaf719eb622309 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:34:46 -0500
Subject: [PATCH 301/812] Change CRLF to LF for issue 356.

---
 .../waf-policies/dynamic-insertion-policy.xml | 52 +++++++++----------
 1 file changed, 26 insertions(+), 26 deletions(-)

diff --git a/src/test/resources/esapi/waf-policies/dynamic-insertion-policy.xml b/src/test/resources/esapi/waf-policies/dynamic-insertion-policy.xml
index 9c1aa4097..5b0926c2b 100644
--- a/src/test/resources/esapi/waf-policies/dynamic-insertion-policy.xml
+++ b/src/test/resources/esapi/waf-policies/dynamic-insertion-policy.xml
@@ -1,27 +1,27 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies a dynamic-insertion rule.
-
-	Protection #1: All instances of "</body>" in the response body will be replaced by
-	               "this is a test".
-
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-
-	<outbound-rules>
-		<dynamic-insertion pattern="&lt;/body&gt;">
-			<replacement><![CDATA[this is a test]]></replacement>
-		</dynamic-insertion>
-	</outbound-rules>
-	
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies a dynamic-insertion rule.
+
+	Protection #1: All instances of "</body>" in the response body will be replaced by
+	               "this is a test".
+
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+
+	<outbound-rules>
+		<dynamic-insertion pattern="&lt;/body&gt;">
+			<replacement><![CDATA[this is a test]]></replacement>
+		</dynamic-insertion>
+	</outbound-rules>
+	
 </policy>
\ No newline at end of file

From b265e8e449a7da2edc9218b9b54ecd9240a67ebe Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:34:46 -0500
Subject: [PATCH 302/812] Change CRLF to LF for issue 356.

---
 .../waf-policies/enforce-https-policy.xml     | 54 +++++++++----------
 1 file changed, 27 insertions(+), 27 deletions(-)

diff --git a/src/test/resources/esapi/waf-policies/enforce-https-policy.xml b/src/test/resources/esapi/waf-policies/enforce-https-policy.xml
index ab123b7e6..beb88513a 100644
--- a/src/test/resources/esapi/waf-policies/enforce-https-policy.xml
+++ b/src/test/resources/esapi/waf-policies/enforce-https-policy.xml
@@ -1,28 +1,28 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies an enforce-https rule.
-
-	Protection #1: a request of any kind for /foo should be redirected to secure request with 302.
-	Exception #1: Static path /index.html
-	Exception #2: Pattern path /images/.*
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-
-	<url-rules>
-		<enforce-https path="/.*">
-			<path-exception>/index.html</path-exception>
-			<path-exception type="regex">/images/.*</path-exception>
-		</enforce-https>
-	</url-rules>
-
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies an enforce-https rule.
+
+	Protection #1: a request of any kind for /foo should be redirected to secure request with 302.
+	Exception #1: Static path /index.html
+	Exception #2: Pattern path /images/.*
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+
+	<url-rules>
+		<enforce-https path="/.*">
+			<path-exception>/index.html</path-exception>
+			<path-exception type="regex">/images/.*</path-exception>
+		</enforce-https>
+	</url-rules>
+
 </policy>
\ No newline at end of file

From cae9ce34e32df0115e23c6b57ac6f8cb644a977c Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:34:46 -0500
Subject: [PATCH 303/812] Change CRLF to LF for issue 356.

---
 .../esapi/waf-policies/must-match-policy.xml  | 68 +++++++++----------
 1 file changed, 34 insertions(+), 34 deletions(-)

diff --git a/src/test/resources/esapi/waf-policies/must-match-policy.xml b/src/test/resources/esapi/waf-policies/must-match-policy.xml
index 721fa4cfa..af26fc4cd 100644
--- a/src/test/resources/esapi/waf-policies/must-match-policy.xml
+++ b/src/test/resources/esapi/waf-policies/must-match-policy.xml
@@ -1,35 +1,35 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies a must-match rule.
-
-	Protection #1:
-	Protection applies to: /admin/.*
-	Header name needed to access: x-roles
-	Header value needs to *contain* the string: admin
-
-	Protection #2:
-	Protection applies to: /superadmin/.*
-	Header name needed to access: x-roles
-	Header value needs to *equal* the string: superadmin
-
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-
-	<authorization-rules>
-		<must-match path="^/admin/.*" variable="request.header.x-roles"
-			operator="contains" value="admin" />
-		<must-match path="^/superadmin/.*" variable="request.header.x-roles"
-			operator="equals" value="superadmin" />
-	</authorization-rules>
-
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies a must-match rule.
+
+	Protection #1:
+	Protection applies to: /admin/.*
+	Header name needed to access: x-roles
+	Header value needs to *contain* the string: admin
+
+	Protection #2:
+	Protection applies to: /superadmin/.*
+	Header name needed to access: x-roles
+	Header value needs to *equal* the string: superadmin
+
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+
+	<authorization-rules>
+		<must-match path="^/admin/.*" variable="request.header.x-roles"
+			operator="contains" value="admin" />
+		<must-match path="^/superadmin/.*" variable="request.header.x-roles"
+			operator="equals" value="superadmin" />
+	</authorization-rules>
+
 </policy>
\ No newline at end of file

From 7f4022d27f07645eaecc7f495163b525d3f45665 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:34:46 -0500
Subject: [PATCH 304/812] Change CRLF to LF for issue 356.

---
 .../waf-policies/replace-outbound-policy.xml  | 52 +++++++++----------
 1 file changed, 26 insertions(+), 26 deletions(-)

diff --git a/src/test/resources/esapi/waf-policies/replace-outbound-policy.xml b/src/test/resources/esapi/waf-policies/replace-outbound-policy.xml
index 9c1aa4097..5b0926c2b 100644
--- a/src/test/resources/esapi/waf-policies/replace-outbound-policy.xml
+++ b/src/test/resources/esapi/waf-policies/replace-outbound-policy.xml
@@ -1,27 +1,27 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies a dynamic-insertion rule.
-
-	Protection #1: All instances of "</body>" in the response body will be replaced by
-	               "this is a test".
-
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-
-	<outbound-rules>
-		<dynamic-insertion pattern="&lt;/body&gt;">
-			<replacement><![CDATA[this is a test]]></replacement>
-		</dynamic-insertion>
-	</outbound-rules>
-	
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies a dynamic-insertion rule.
+
+	Protection #1: All instances of "</body>" in the response body will be replaced by
+	               "this is a test".
+
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+
+	<outbound-rules>
+		<dynamic-insertion pattern="&lt;/body&gt;">
+			<replacement><![CDATA[this is a test]]></replacement>
+		</dynamic-insertion>
+	</outbound-rules>
+	
 </policy>
\ No newline at end of file

From 7e519cd4bb7fed416672e4f4304e99aa21f0e0e8 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:34:46 -0500
Subject: [PATCH 305/812] Change CRLF to LF for issue 356.

---
 .../restrict-content-type-policy.xml          | 52 +++++++++----------
 1 file changed, 26 insertions(+), 26 deletions(-)

diff --git a/src/test/resources/esapi/waf-policies/restrict-content-type-policy.xml b/src/test/resources/esapi/waf-policies/restrict-content-type-policy.xml
index a9b8a4a38..b766f19d3 100644
--- a/src/test/resources/esapi/waf-policies/restrict-content-type-policy.xml
+++ b/src/test/resources/esapi/waf-policies/restrict-content-type-policy.xml
@@ -1,27 +1,27 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies a restrict-content-type rule.
-
-	Protection #1: any request with a content-type containing the word 'multipart' will be rejected
-	Exception  #1: requests for /fileupload.jsp are allowed to have 'multipart' in content-type
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-
-	<header-rules>
-		<restrict-content-type deny=".*multipart.*">
-			<path-exception type="regex">/fileupload.jsp</path-exception>
-		</restrict-content-type>
-
-	</header-rules>
-
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies a restrict-content-type rule.
+
+	Protection #1: any request with a content-type containing the word 'multipart' will be rejected
+	Exception  #1: requests for /fileupload.jsp are allowed to have 'multipart' in content-type
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+
+	<header-rules>
+		<restrict-content-type deny=".*multipart.*">
+			<path-exception type="regex">/fileupload.jsp</path-exception>
+		</restrict-content-type>
+
+	</header-rules>
+
 </policy>
\ No newline at end of file

From 21d2171cc925201b11da8c88ceba8d3d27d9d17b Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:34:46 -0500
Subject: [PATCH 306/812] Change CRLF to LF for issue 356.

---
 .../restrict-extension-policy.xml             | 48 +++++++++----------
 1 file changed, 24 insertions(+), 24 deletions(-)

diff --git a/src/test/resources/esapi/waf-policies/restrict-extension-policy.xml b/src/test/resources/esapi/waf-policies/restrict-extension-policy.xml
index fe1dbe193..a572bd4ea 100644
--- a/src/test/resources/esapi/waf-policies/restrict-extension-policy.xml
+++ b/src/test/resources/esapi/waf-policies/restrict-extension-policy.xml
@@ -1,25 +1,25 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies a restrict-extension rule.
-
-	Protection #1: any URI ending with .log will be rejected
-	Protection #2: any URI ending with .jsp will be allowed
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-
-	<url-rules>
-		<restrict-extension deny=".*\.log$" />
-		<restrict-extension allow=".*\.jsp$" />
-	</url-rules>
-
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies a restrict-extension rule.
+
+	Protection #1: any URI ending with .log will be rejected
+	Protection #2: any URI ending with .jsp will be allowed
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+
+	<url-rules>
+		<restrict-extension deny=".*\.log$" />
+		<restrict-extension allow=".*\.jsp$" />
+	</url-rules>
+
 </policy>
\ No newline at end of file

From 5aca43aa27eb9670ea808ef4f88e2e68697f7242 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:34:46 -0500
Subject: [PATCH 307/812] Change CRLF to LF for issue 356.

---
 .../waf-policies/restrict-method-policy.xml   | 48 +++++++++----------
 1 file changed, 24 insertions(+), 24 deletions(-)

diff --git a/src/test/resources/esapi/waf-policies/restrict-method-policy.xml b/src/test/resources/esapi/waf-policies/restrict-method-policy.xml
index 5a2337cf7..c1eb5a36e 100644
--- a/src/test/resources/esapi/waf-policies/restrict-method-policy.xml
+++ b/src/test/resources/esapi/waf-policies/restrict-method-policy.xml
@@ -1,25 +1,25 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies a restrict-extension rule.
-
-	Protection #1: any URI ending with .log will be rejected
-	Protection #2: any URI ending with .jsp will be allowed
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-
-	<url-rules>
-		<restrict-extension deny="\.log$" />
-		<restrict-extension allow="\.jsp$" />
-	</url-rules>
-
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies a restrict-extension rule.
+
+	Protection #1: any URI ending with .log will be rejected
+	Protection #2: any URI ending with .jsp will be allowed
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+
+	<url-rules>
+		<restrict-extension deny="\.log$" />
+		<restrict-extension allow="\.jsp$" />
+	</url-rules>
+
 </policy>
\ No newline at end of file

From 4c9dcef430b2e08ef45280ddd1b6f6f98904b706 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:34:46 -0500
Subject: [PATCH 308/812] Change CRLF to LF for issue 356.

---
 .../restrict-source-ip-policy.xml             | 52 +++++++++----------
 1 file changed, 26 insertions(+), 26 deletions(-)

diff --git a/src/test/resources/esapi/waf-policies/restrict-source-ip-policy.xml b/src/test/resources/esapi/waf-policies/restrict-source-ip-policy.xml
index d23d87a02..72860a7d3 100644
--- a/src/test/resources/esapi/waf-policies/restrict-source-ip-policy.xml
+++ b/src/test/resources/esapi/waf-policies/restrict-source-ip-policy.xml
@@ -1,27 +1,27 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies a restrict-source-ip rule.
-
-	The restriction applies to: /admin/.*
-	Pattern exception:  (192\.168\.1\\..*|127.0.0.1)
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-
-	<authorization-rules>
-		<restrict-source-ip
-			type="regex"
-			ip-regex="(192\.168\.1\\..*|127.0.0.1)">/admin/.*</restrict-source-ip>
-
-	</authorization-rules>
-
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies a restrict-source-ip rule.
+
+	The restriction applies to: /admin/.*
+	Pattern exception:  (192\.168\.1\\..*|127.0.0.1)
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+
+	<authorization-rules>
+		<restrict-source-ip
+			type="regex"
+			ip-regex="(192\.168\.1\\..*|127.0.0.1)">/admin/.*</restrict-source-ip>
+
+	</authorization-rules>
+
 </policy>
\ No newline at end of file

From 0038ea8eade5399c5711bbc0123e3f4e6258e368 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:34:46 -0500
Subject: [PATCH 309/812] Change CRLF to LF for issue 356.

---
 .../restrict-user-agent-policy.xml            | 50 +++++++++----------
 1 file changed, 25 insertions(+), 25 deletions(-)

diff --git a/src/test/resources/esapi/waf-policies/restrict-user-agent-policy.xml b/src/test/resources/esapi/waf-policies/restrict-user-agent-policy.xml
index 7cdebd595..c550a2c61 100644
--- a/src/test/resources/esapi/waf-policies/restrict-user-agent-policy.xml
+++ b/src/test/resources/esapi/waf-policies/restrict-user-agent-policy.xml
@@ -1,26 +1,26 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies a restrict-user-agent rule.
-
-	Protection #1: any request with a user agent containing the word 'GoogleBot' will be rejected
-	Exception  #1: requests for /index.html are allowed to have 'GoogleBot' in user agent
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-
-	<header-rules>
-		<restrict-user-agent deny=".*GoogleBot.*">
-			<path-exception type="regex">/index.html</path-exception>
-		</restrict-user-agent>
-	</header-rules>
-
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies a restrict-user-agent rule.
+
+	Protection #1: any request with a user agent containing the word 'GoogleBot' will be rejected
+	Exception  #1: requests for /index.html are allowed to have 'GoogleBot' in user agent
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+
+	<header-rules>
+		<restrict-user-agent deny=".*GoogleBot.*">
+			<path-exception type="regex">/index.html</path-exception>
+		</restrict-user-agent>
+	</header-rules>
+
 </policy>
\ No newline at end of file

From 284c604f99c070f3966e977113a9794151ded02e Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:34:46 -0500
Subject: [PATCH 310/812] Change CRLF to LF for issue 356.

---
 .../waf-policies/virtual-patch-policy.xml     | 52 +++++++++----------
 1 file changed, 26 insertions(+), 26 deletions(-)

diff --git a/src/test/resources/esapi/waf-policies/virtual-patch-policy.xml b/src/test/resources/esapi/waf-policies/virtual-patch-policy.xml
index 61c93fa88..8b989dd6e 100644
--- a/src/test/resources/esapi/waf-policies/virtual-patch-policy.xml
+++ b/src/test/resources/esapi/waf-policies/virtual-patch-policy.xml
@@ -1,27 +1,27 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-	This test file exemplifies a virtual-patch rule.
-
-	Protection #1: Any request whose URI is /foo.jsp (despite content-type) will have
-	               the 'bar' parameter checked to see if its alphanumeric. If a parameter
-				   fails validation, the message "zomg attax" will be logged.
-
-	-->
-
-<policy>
-
-	<settings>
-		<mode>redirect</mode>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-
-	<virtual-patches>
-		<virtual-patch id="1234" path="/foo.jsp" variable="request.parameters.bar"
-			pattern="[0-9a-zA-Z]" message="zomg attax" />
-	</virtual-patches>
-
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+	This test file exemplifies a virtual-patch rule.
+
+	Protection #1: Any request whose URI is /foo.jsp (despite content-type) will have
+	               the 'bar' parameter checked to see if its alphanumeric. If a parameter
+				   fails validation, the message "zomg attax" will be logged.
+
+	-->
+
+<policy>
+
+	<settings>
+		<mode>redirect</mode>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+
+	<virtual-patches>
+		<virtual-patch id="1234" path="/foo.jsp" variable="request.parameters.bar"
+			pattern="[0-9a-zA-Z]" message="zomg attax" />
+	</virtual-patches>
+
 </policy>
\ No newline at end of file

From 9aaaf809a1b77c9fd8bfdeaee2b85079d1fe7db4 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:34:46 -0500
Subject: [PATCH 311/812] Change CRLF to LF for issue 356.

---
 src/test/resources/esapi/waf-policy.xml | 296 ++++++++++++------------
 1 file changed, 148 insertions(+), 148 deletions(-)

diff --git a/src/test/resources/esapi/waf-policy.xml b/src/test/resources/esapi/waf-policy.xml
index 05d75b23d..7a1df159f 100644
--- a/src/test/resources/esapi/waf-policy.xml
+++ b/src/test/resources/esapi/waf-policy.xml
@@ -1,149 +1,149 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-	<!--
-		This file defines a set of "web application firewall" rules that
-		defend a web application against certain types of attacks. These rules
-		are loaded and enforced by a filter that sits in front of a web
-		application and has access to both request and response on both the
-		way in and the way out.
-	-->
-
-<policy>
-
-
-	<!--
-		Setup some simple aliases to use elsewhere in the WAF policy. Alias
-		types are: string (default), regex. String is a literal string, regex
-		is a pattern.
-	-->
-	<aliases>
-		<alias name="INPUT_VALIDATION_ERROR">/security/input.jsp</alias>
-		<alias name="ADMIN_PATH" type="regex">^/admin/.*</alias>
-	</aliases>
-
-
-
-	<!--
-		Set the overall WAF mode of operation. The mode can be either "block"
-		or "log". "block" mode will send all errors to the web page defined in
-		the error-handling configuration. "log" mode will not change HTTP
-		requests at all, but will simply log errors.
-	-->
-	<settings>
-		<mode>redirect</mode>
-		<session-cookie-name>JSESSIONID</session-cookie-name>
-		<error-handling>
-			<default-redirect-page>/security/error.jsp</default-redirect-page>
-			<block-status>403</block-status>
-		</error-handling>
-	</settings>
-
-
-
-	<!--
-		Set authentication rules by path.
-	-->
-	<authentication-rules path="/.*"  key="ESAPIUserSessionKey" >
-		<path-exception>/</path-exception>
-		<path-exception>/index.html</path-exception>
-		<path-exception>/login.jsp</path-exception>
-		<path-exception>/index.jsp</path-exception>
-		<path-exception type="regex">/images/.*</path-exception>
-		<path-exception type="regex">/css/.*</path-exception>
-		<path-exception type="regex">/help/.*</path-exception>
-	</authentication-rules>
-
-
-	<bean-shell-rules>	
-		<!--  	<bean-shell-script 
-			id="example1" 
-			file="waf-policies/bean-shell-rule.bsh" 
-			stage="before-request-body"/>
-		-->
-	</bean-shell-rules>
-	
-	<!--
-		Set authorization rules by path. Types are: regex Operators for
-		must-match are: contains,equals,inList,exists
-	-->
-	<authorization-rules>
-		<restrict-source-ip type="regex"
-			ip-regex="(192\.168\.1\..*|127.0.0.1)">/admin/.*</restrict-source-ip>
-		<must-match path="^/admin/.*" variable="request.headers.x-roles"
-			operator="contains" value="admin" />
-	</authorization-rules>
-
-
-
-	<!--
-		Set rules for incoming URLs.
-	-->
-	<url-rules>
-		<restrict-extension deny=".jpg" />
-
-		<restrict-method deny="GET" path=".*\.do$" />
-		<restrict-method allow="^(GET|POST|TRACE)$" />
-
-		<enforce-https path="/.*">
-			<path-exception>/index.html</path-exception>
-			<path-exception>/index.jsp</path-exception>
-			<path-exception type="regex">/images/.*</path-exception>
-			<path-exception type="regex">/css/.*</path-exception>
-			<path-exception type="regex">/help/.*</path-exception>
-		</enforce-https>
-	</url-rules>
-
-
-
-	<!--
-		Set rules for incoming headers and parameters.
-	-->
-	<header-rules>
-		<restrict-content-type deny=".*multipart.*" />
-		<restrict-content-type allow="text/plain" />
-		<restrict-content-type allow="x-www-form-urlencoded" />
-		<restrict-user-agent deny=".*GoogleBot.*" />
-		<restrict-user-agent allow=".*" />
-	</header-rules>
-
-
-	<!--
-		Set virtual patches to match specific vulnerability patterns.
-	-->
-	<virtual-patches>
-		<virtual-patch id="1234" path="/foo.jsp" variable="request.parameters.bar"
-			pattern="[0-9a-zA-Z]" message="zomg attax" />
-	</virtual-patches>
-
-
-
-	<!-- Set rules for outbound headers and data -->
-
-	<outbound-rules>
-
-		<add-header name="FOO" value="BAR" path="/.*">
-			<path-exception type="regex">/foobar/.*</path-exception>
-		</add-header>
-
-		<add-http-only-flag>
-			<cookie name=".*" />
-		</add-http-only-flag>
-
-		<add-secure-flag>
-			<cookie name=".*" />
-		</add-secure-flag>
-
- 		<dynamic-insertion pattern="&lt;/body&gt;">
-			<replacement><![CDATA[this is a test]]></replacement>
-		</dynamic-insertion>
-
-		<dynamic-insertion
-			pattern="(&lt;input.*)type\s+=\s+&quot;+hidden&quot;+(.*/&gt;)">
-			<replacement>\1\2</replacement>
-		</dynamic-insertion>
-
-		<detect-content content-type=".*text/.*" pattern=".*2008.*" />
-
-	</outbound-rules>
-
+<?xml version="1.0" encoding="UTF-8"?>
+
+	<!--
+		This file defines a set of "web application firewall" rules that
+		defend a web application against certain types of attacks. These rules
+		are loaded and enforced by a filter that sits in front of a web
+		application and has access to both request and response on both the
+		way in and the way out.
+	-->
+
+<policy>
+
+
+	<!--
+		Setup some simple aliases to use elsewhere in the WAF policy. Alias
+		types are: string (default), regex. String is a literal string, regex
+		is a pattern.
+	-->
+	<aliases>
+		<alias name="INPUT_VALIDATION_ERROR">/security/input.jsp</alias>
+		<alias name="ADMIN_PATH" type="regex">^/admin/.*</alias>
+	</aliases>
+
+
+
+	<!--
+		Set the overall WAF mode of operation. The mode can be either "block"
+		or "log". "block" mode will send all errors to the web page defined in
+		the error-handling configuration. "log" mode will not change HTTP
+		requests at all, but will simply log errors.
+	-->
+	<settings>
+		<mode>redirect</mode>
+		<session-cookie-name>JSESSIONID</session-cookie-name>
+		<error-handling>
+			<default-redirect-page>/security/error.jsp</default-redirect-page>
+			<block-status>403</block-status>
+		</error-handling>
+	</settings>
+
+
+
+	<!--
+		Set authentication rules by path.
+	-->
+	<authentication-rules path="/.*"  key="ESAPIUserSessionKey" >
+		<path-exception>/</path-exception>
+		<path-exception>/index.html</path-exception>
+		<path-exception>/login.jsp</path-exception>
+		<path-exception>/index.jsp</path-exception>
+		<path-exception type="regex">/images/.*</path-exception>
+		<path-exception type="regex">/css/.*</path-exception>
+		<path-exception type="regex">/help/.*</path-exception>
+	</authentication-rules>
+
+
+	<bean-shell-rules>	
+		<!--  	<bean-shell-script 
+			id="example1" 
+			file="waf-policies/bean-shell-rule.bsh" 
+			stage="before-request-body"/>
+		-->
+	</bean-shell-rules>
+	
+	<!--
+		Set authorization rules by path. Types are: regex Operators for
+		must-match are: contains,equals,inList,exists
+	-->
+	<authorization-rules>
+		<restrict-source-ip type="regex"
+			ip-regex="(192\.168\.1\..*|127.0.0.1)">/admin/.*</restrict-source-ip>
+		<must-match path="^/admin/.*" variable="request.headers.x-roles"
+			operator="contains" value="admin" />
+	</authorization-rules>
+
+
+
+	<!--
+		Set rules for incoming URLs.
+	-->
+	<url-rules>
+		<restrict-extension deny=".jpg" />
+
+		<restrict-method deny="GET" path=".*\.do$" />
+		<restrict-method allow="^(GET|POST|TRACE)$" />
+
+		<enforce-https path="/.*">
+			<path-exception>/index.html</path-exception>
+			<path-exception>/index.jsp</path-exception>
+			<path-exception type="regex">/images/.*</path-exception>
+			<path-exception type="regex">/css/.*</path-exception>
+			<path-exception type="regex">/help/.*</path-exception>
+		</enforce-https>
+	</url-rules>
+
+
+
+	<!--
+		Set rules for incoming headers and parameters.
+	-->
+	<header-rules>
+		<restrict-content-type deny=".*multipart.*" />
+		<restrict-content-type allow="text/plain" />
+		<restrict-content-type allow="x-www-form-urlencoded" />
+		<restrict-user-agent deny=".*GoogleBot.*" />
+		<restrict-user-agent allow=".*" />
+	</header-rules>
+
+
+	<!--
+		Set virtual patches to match specific vulnerability patterns.
+	-->
+	<virtual-patches>
+		<virtual-patch id="1234" path="/foo.jsp" variable="request.parameters.bar"
+			pattern="[0-9a-zA-Z]" message="zomg attax" />
+	</virtual-patches>
+
+
+
+	<!-- Set rules for outbound headers and data -->
+
+	<outbound-rules>
+
+		<add-header name="FOO" value="BAR" path="/.*">
+			<path-exception type="regex">/foobar/.*</path-exception>
+		</add-header>
+
+		<add-http-only-flag>
+			<cookie name=".*" />
+		</add-http-only-flag>
+
+		<add-secure-flag>
+			<cookie name=".*" />
+		</add-secure-flag>
+
+ 		<dynamic-insertion pattern="&lt;/body&gt;">
+			<replacement><![CDATA[this is a test]]></replacement>
+		</dynamic-insertion>
+
+		<dynamic-insertion
+			pattern="(&lt;input.*)type\s+=\s+&quot;+hidden&quot;+(.*/&gt;)">
+			<replacement>\1\2</replacement>
+		</dynamic-insertion>
+
+		<detect-content content-type=".*text/.*" pattern=".*2008.*" />
+
+	</outbound-rules>
+
 </policy>
\ No newline at end of file

From d571e4e6ce7e3639441569d6e359dfbb0860e778 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 18 Jan 2016 23:34:46 -0500
Subject: [PATCH 312/812] Change CRLF to LF for issue 356.

---
 src/test/resources/log4j.xml | 110 +++++++++++++++++------------------
 1 file changed, 55 insertions(+), 55 deletions(-)

diff --git a/src/test/resources/log4j.xml b/src/test/resources/log4j.xml
index 04c2b4364..9cb7354fe 100644
--- a/src/test/resources/log4j.xml
+++ b/src/test/resources/log4j.xml
@@ -1,55 +1,55 @@
-<?xml version="1.0" encoding="UTF-8" ?>
-<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
-<!-- main resources -->
-<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/">
-
-  <appender name="console" class="org.apache.log4j.ConsoleAppender"> 
-    <param name="Target" value="System.out"/> 
-    <layout class="org.apache.log4j.PatternLayout"> 
-      <param name="ConversionPattern" value="%-5p %m%n"/> 
-    </layout> 
-  </appender>
-
-    <appender name="file" class="org.apache.log4j.FileAppender">
-        <param name="File" value="target/unit-tests.log"/>
-        <layout class="org.apache.log4j.PatternLayout">
-          <param name="ConversionPattern" value="%-5p %m%n"/>
-        </layout>
-    </appender>
-
-  <logger name="org.owasp.esapi.reference.TestTrace">
-    <level value="trace"/>
-  </logger>
-
-  <logger name="org.owasp.esapi.reference.TestDebug">
-    <level value="debug"/>
-  </logger>
-
-  <logger name="org.owasp.esapi.reference.TestInfo">
-    <level value="info"/>
- </logger>
-
-  <logger name="org.owasp.esapi.reference.TestWarning">
-    <level value="warn"/>
-  </logger>
-
-  <logger name="org.owasp.esapi.reference.TestError">
-    <level value="error"/>
-  </logger>
-
-  <logger name="org.owasp.esapi.reference.TestFatal">
-    <level value="fatal"/>
-  </logger>
-
-  <logger name="org.owasp.esapi.reference">
-    <level value="info"/>
-  </logger>
-
-  <root>
-    <priority value="debug" />
-    <appender-ref ref="file" />
-  </root>
-
-  <loggerFactory class="org.owasp.esapi.reference.Log4JLoggerFactory"/>
-
-</log4j:configuration>
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
+<!-- main resources -->
+<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/">
+
+  <appender name="console" class="org.apache.log4j.ConsoleAppender"> 
+    <param name="Target" value="System.out"/> 
+    <layout class="org.apache.log4j.PatternLayout"> 
+      <param name="ConversionPattern" value="%-5p %m%n"/> 
+    </layout> 
+  </appender>
+
+    <appender name="file" class="org.apache.log4j.FileAppender">
+        <param name="File" value="target/unit-tests.log"/>
+        <layout class="org.apache.log4j.PatternLayout">
+          <param name="ConversionPattern" value="%-5p %m%n"/>
+        </layout>
+    </appender>
+
+  <logger name="org.owasp.esapi.reference.TestTrace">
+    <level value="trace"/>
+  </logger>
+
+  <logger name="org.owasp.esapi.reference.TestDebug">
+    <level value="debug"/>
+  </logger>
+
+  <logger name="org.owasp.esapi.reference.TestInfo">
+    <level value="info"/>
+ </logger>
+
+  <logger name="org.owasp.esapi.reference.TestWarning">
+    <level value="warn"/>
+  </logger>
+
+  <logger name="org.owasp.esapi.reference.TestError">
+    <level value="error"/>
+  </logger>
+
+  <logger name="org.owasp.esapi.reference.TestFatal">
+    <level value="fatal"/>
+  </logger>
+
+  <logger name="org.owasp.esapi.reference">
+    <level value="info"/>
+  </logger>
+
+  <root>
+    <priority value="debug" />
+    <appender-ref ref="file" />
+  </root>
+
+  <loggerFactory class="org.owasp.esapi.reference.Log4JLoggerFactory"/>
+
+</log4j:configuration>

From 4a229d9fe665e60b5d7d51408caa59d8d2baf85d Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Tue, 19 Jan 2016 01:10:08 -0500
Subject: [PATCH 313/812] Continue to try to address issue 356.

---
 .gitattributes | 25 ++++++++++++++++++++-----
 1 file changed, 20 insertions(+), 5 deletions(-)

diff --git a/.gitattributes b/.gitattributes
index a90ca1d70..3645b7bba 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -7,12 +7,9 @@
 #       git config --global core.autocrlf input
 * text=auto
 
-# And configure default EOL terminators.
 #
-# Force the following filetypes to have Unix eols, so Windows does not break them
-# Those that are not explicitly set to use Windows EOL will use LF as EOL terminator.
-# (e.g., see *.bat, below).
-*.* text eol=lf
+# And configure default EOL terminators for various text types
+#
 
 # Explicitly declare text files you want to always be normalized and converted
 # to native line endings on checkout.
@@ -42,6 +39,16 @@
 *.bsh text eol=lf
 *.ksh text eol=lf
 
+# More
+.gitattributes text
+.settings/* text eol=crlf
+.classpath text eol=crlf
+*.MF text eol=crlf
+LICENSE text eol=crlf
+LICENSE-CONTENT text eol=crlf
+LICENSE-README text eol=crlf
+
+
 # Denote all files that are truly binary and should not be modified,
 # or simply replaced in whole if committed.
 *.jpg binary
@@ -56,3 +63,11 @@
 *.pptx binary
 *.odt binary
 *.pdf binary
+*.zip binary
+*.jar binary
+*.war binary
+*.ear binary
+*.7z binary
+*.rar binary
+*.tgz binary
+*.tar binary

From f348b558d5cb059b806f4240f4c553e36ada06ad Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Tue, 19 Jan 2016 01:12:42 -0500
Subject: [PATCH 314/812] Address issue 356.

---
 configuration/esapi/ESAPI.properties | 930 +++++++++++++--------------
 1 file changed, 465 insertions(+), 465 deletions(-)

diff --git a/configuration/esapi/ESAPI.properties b/configuration/esapi/ESAPI.properties
index baa8e6933..f98cc5a49 100644
--- a/configuration/esapi/ESAPI.properties
+++ b/configuration/esapi/ESAPI.properties
@@ -1,465 +1,465 @@
-#
-# OWASP Enterprise Security API (ESAPI) Properties file -- PRODUCTION Version
-# 
-# This file is part of the Open Web Application Security Project (OWASP)
-# Enterprise Security API (ESAPI) project. For details, please see
-# http://www.owasp.org/index.php/ESAPI.
-#
-# Copyright (c) 2008,2009 - The OWASP Foundation
-#
-# DISCUSS: This may cause a major backwards compatibility issue, etc. but
-#		   from a name space perspective, we probably should have prefaced
-#		   all the property names with ESAPI or at least OWASP. Otherwise
-#		   there could be problems is someone loads this properties file into
-#		   the System properties.  We could also put this file into the
-#		   esapi.jar file (perhaps as a ResourceBundle) and then allow an external
-#		   ESAPI properties be defined that would overwrite these defaults.
-#		   That keeps the application's properties relatively simple as usually
-#		   they will only want to override a few properties. If looks like we
-#		   already support multiple override levels of this in the
-#		   DefaultSecurityConfiguration class, but I'm suggesting placing the
-#		   defaults in the esapi.jar itself. That way, if the jar is signed,
-#		   we could detect if those properties had been tampered with. (The
-#		   code to check the jar signatures is pretty simple... maybe 70-90 LOC,
-#		   but off course there is an execution penalty (similar to the way
-#		   that the separate sunjce.jar used to be when a class from it was
-#		   first loaded). Thoughts?
-###############################################################################
-#
-# WARNING: Operating system protection should be used to lock down the .esapi
-# resources directory and all the files inside and all the directories all the
-# way up to the root directory of the file system.  Note that if you are using
-# file-based implementations, that some files may need to be read-write as they
-# get updated dynamically.
-#
-# Before using, be sure to update the MasterKey and MasterSalt as described below.
-# N.B.: If you had stored data that you have previously encrypted with ESAPI 1.4,
-#		you *must* FIRST decrypt it using ESAPI 1.4 and then (if so desired)
-#		re-encrypt it with ESAPI 2.0. If you fail to do this, you will NOT be
-#		able to decrypt your data with ESAPI 2.0.
-#
-#		YOU HAVE BEEN WARNED!!! More details are in the ESAPI 2.0 Release Notes.
-#
-#===========================================================================
-# ESAPI Configuration
-#
-# If true, then print all the ESAPI properties set here when they are loaded.
-# If false, they are not printed. Useful to reduce output when running JUnit tests.
-# If you need to troubleshoot a properties related problem, turning this on may help.
-# This is 'false' in the src/test/resources/.esapi version. It is 'true' by
-# default for reasons of backward compatibility with earlier ESAPI versions.
-ESAPI.printProperties=true
-
-# ESAPI is designed to be easily extensible. You can use the reference implementation
-# or implement your own providers to take advantage of your enterprise's security
-# infrastructure. The functions in ESAPI are referenced using the ESAPI locator, like:
-#
-#    String ciphertext =
-#		ESAPI.encryptor().encrypt("Secret message");   // Deprecated in 2.0
-#    CipherText cipherText =
-#		ESAPI.encryptor().encrypt(new PlainText("Secret message")); // Preferred
-#
-# Below you can specify the classname for the provider that you wish to use in your
-# application. The only requirement is that it implement the appropriate ESAPI interface.
-# This allows you to switch security implementations in the future without rewriting the
-# entire application.
-#
-# ExperimentalAccessController requires ESAPI-AccessControlPolicy.xml in .esapi directory
-ESAPI.AccessControl=org.owasp.esapi.reference.DefaultAccessController
-# FileBasedAuthenticator requires users.txt file in .esapi directory
-ESAPI.Authenticator=org.owasp.esapi.reference.FileBasedAuthenticator
-ESAPI.Encoder=org.owasp.esapi.reference.DefaultEncoder
-ESAPI.Encryptor=org.owasp.esapi.reference.crypto.JavaEncryptor
-
-ESAPI.Executor=org.owasp.esapi.reference.DefaultExecutor
-ESAPI.HTTPUtilities=org.owasp.esapi.reference.DefaultHTTPUtilities
-ESAPI.IntrusionDetector=org.owasp.esapi.reference.DefaultIntrusionDetector
-# Log4JFactory Requires log4j.xml or log4j.properties in classpath - http://www.laliluna.de/log4j-tutorial.html
-ESAPI.Logger=org.owasp.esapi.reference.Log4JLogFactory
-#ESAPI.Logger=org.owasp.esapi.reference.JavaLogFactory
-ESAPI.Randomizer=org.owasp.esapi.reference.DefaultRandomizer
-ESAPI.Validator=org.owasp.esapi.reference.DefaultValidator
-
-#===========================================================================
-# ESAPI Authenticator
-#
-Authenticator.AllowedLoginAttempts=3
-Authenticator.MaxOldPasswordHashes=13
-Authenticator.UsernameParameterName=username
-Authenticator.PasswordParameterName=password
-# RememberTokenDuration (in days)
-Authenticator.RememberTokenDuration=14
-# Session Timeouts (in minutes)
-Authenticator.IdleTimeoutDuration=20
-Authenticator.AbsoluteTimeoutDuration=120
-
-#===========================================================================
-# ESAPI Encoder
-#
-# ESAPI canonicalizes input before validation to prevent bypassing filters with encoded attacks.
-# Failure to canonicalize input is a very common mistake when implementing validation schemes.
-# Canonicalization is automatic when using the ESAPI Validator, but you can also use the
-# following code to canonicalize data.
-#
-#      ESAPI.Encoder().canonicalize( "%22hello world&#x22;" );
-#  
-# Multiple encoding is when a single encoding format is applied multiple times. Allowing
-# multiple encoding is strongly discouraged.
-Encoder.AllowMultipleEncoding=false
-
-# Mixed encoding is when multiple different encoding formats are applied, or when 
-# multiple formats are nested. Allowing multiple encoding is strongly discouraged.
-Encoder.AllowMixedEncoding=false
-
-# The default list of codecs to apply when canonicalizing untrusted data. The list should include the codecs
-# for all downstream interpreters or decoders. For example, if the data is likely to end up in a URL, HTML, or
-# inside JavaScript, then the list of codecs below is appropriate. The order of the list is not terribly important.
-Encoder.DefaultCodecList=HTMLEntityCodec,PercentCodec,JavaScriptCodec
-
-
-#===========================================================================
-# ESAPI Encryption
-#
-# The ESAPI Encryptor provides basic cryptographic functions with a simplified API.
-# To get started, generate a new key using java -classpath esapi.jar org.owasp.esapi.reference.crypto.JavaEncryptor
-# There is not currently any support for key rotation, so be careful when changing your key and salt as it
-# will invalidate all signed, encrypted, and hashed data.
-#
-# WARNING: Not all combinations of algorithms and key lengths are supported.
-# If you choose to use a key length greater than 128, you MUST download the
-# unlimited strength policy files and install in the lib directory of your JRE/JDK.
-# See http://java.sun.com/javase/downloads/index.jsp for more information.
-#
-# Backward compatibility with ESAPI Java 1.4 is supported by the two deprecated API
-# methods, Encryptor.encrypt(String) and Encryptor.decrypt(String). However, whenever
-# possible, these methods should be avoided as they use ECB cipher mode, which in almost
-# all circumstances a poor choice because of it's weakness. CBC cipher mode is the default
-# for the new Encryptor encrypt / decrypt methods for ESAPI Java 2.0.  In general, you
-# should only use this compatibility setting if you have persistent data encrypted with
-# version 1.4 and even then, you should ONLY set this compatibility mode UNTIL
-# you have decrypted all of your old encrypted data and then re-encrypted it with
-# ESAPI 2.0 using CBC mode. If you have some reason to mix the deprecated 1.4 mode
-# with the new 2.0 methods, make sure that you use the same cipher algorithm for both
-# (256-bit AES was the default for 1.4; 128-bit is the default for 2.0; see below for
-# more details.) Otherwise, you will have to use the new 2.0 encrypt / decrypt methods
-# where you can specify a SecretKey. (Note that if you are using the 256-bit AES,
-# that requires downloading the special jurisdiction policy files mentioned above.)
-#
-#		***** IMPORTANT: Do NOT forget to replace these with your own values! *****
-# To calculate these values, you can run:
-#		java -classpath esapi.jar org.owasp.esapi.reference.crypto.JavaEncryptor
-#
-#Encryptor.MasterKey=
-#Encryptor.MasterSalt=
-
-# Provides the default JCE provider that ESAPI will "prefer" for its symmetric
-# encryption and hashing. (That is it will look to this provider first, but it
-# will defer to other providers if the requested algorithm is not implemented
-# by this provider.) If left unset, ESAPI will just use your Java VM's current
-# preferred JCE provider, which is generally set in the file
-# "$JAVA_HOME/jre/lib/security/java.security".
-#
-# The main intent of this is to allow ESAPI symmetric encryption to be
-# used with a FIPS 140-2 compliant crypto-module. For details, see the section
-# "Using ESAPI Symmetric Encryption with FIPS 140-2 Cryptographic Modules" in
-# the ESAPI 2.0 Symmetric Encryption User Guide, at:
-# http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html
-# However, this property also allows you to easily use an alternate JCE provider
-# such as "Bouncy Castle" without having to make changes to "java.security".
-# See Javadoc for SecurityProviderLoader for further details. If you wish to use
-# a provider that is not known to SecurityProviderLoader, you may specify the
-# fully-qualified class name of the JCE provider class that implements
-# java.security.Provider. If the name contains a '.', this is interpreted as
-# a fully-qualified class name that implements java.security.Provider.
-#
-# NOTE: Setting this property has the side-effect of changing it in your application
-#       as well, so if you are using JCE in your application directly rather than
-#       through ESAPI (you wouldn't do that, would you? ;-), it will change the
-#       preferred JCE provider there as well.
-#
-# Default: Keeps the JCE provider set to whatever JVM sets it to.
-Encryptor.PreferredJCEProvider=
-
-# AES is the most widely used and strongest encryption algorithm. This
-# should agree with your Encryptor.CipherTransformation property.
-# By default, ESAPI Java 1.4 uses "PBEWithMD5AndDES" and which is
-# very weak. It is essentially a password-based encryption key, hashed
-# with MD5 around 1K times and then encrypted with the weak DES algorithm
-# (56-bits) using ECB mode and an unspecified padding (it is
-# JCE provider specific, but most likely "NoPadding"). However, 2.0 uses
-# "AES/CBC/PKCSPadding". If you want to change these, change them here.
-# Warning: This property does not control the default reference implementation for
-#		   ESAPI 2.0 using JavaEncryptor. Also, this property will be dropped
-#		   in the future.
-# @deprecated
-Encryptor.EncryptionAlgorithm=AES
-#		For ESAPI Java 2.0 - New encrypt / decrypt methods use this.
-Encryptor.CipherTransformation=AES/CBC/PKCS5Padding
-
-# Applies to ESAPI 2.0 and later only!
-# Comma-separated list of cipher modes that provide *BOTH*
-# confidentiality *AND* message authenticity. (NIST refers to such cipher
-# modes as "combined modes" so that's what we shall call them.) If any of these
-# cipher modes are used then no MAC is calculated and stored
-# in the CipherText upon encryption. Likewise, if one of these
-# cipher modes is used with decryption, no attempt will be made
-# to validate the MAC contained in the CipherText object regardless
-# of whether it contains one or not. Since the expectation is that
-# these cipher modes support support message authenticity already,
-# injecting a MAC in the CipherText object would be at best redundant.
-#
-# Note that as of JDK 1.5, the SunJCE provider does not support *any*
-# of these cipher modes. Of these listed, only GCM and CCM are currently
-# NIST approved. YMMV for other JCE providers. E.g., Bouncy Castle supports
-# GCM and CCM with "NoPadding" mode, but not with "PKCS5Padding" or other
-# padding modes.
-Encryptor.cipher_modes.combined_modes=GCM,CCM,IAPM,EAX,OCB,CWC
-
-# Applies to ESAPI 2.0 and later only!
-# Additional cipher modes allowed for ESAPI 2.0 encryption. These
-# cipher modes are in _addition_ to those specified by the property
-# 'Encryptor.cipher_modes.combined_modes'.
-# Note: We will add support for streaming modes like CFB & OFB once
-# we add support for 'specified' to the property 'Encryptor.ChooseIVMethod'
-# (probably in ESAPI 2.1).
-# DISCUSS: Better name?
-Encryptor.cipher_modes.additional_allowed=CBC
-
-# 128-bit is almost always sufficient and appears to be more resistant to
-# related key attacks than is 256-bit AES. Use '_' to use default key size
-# for cipher algorithms (where it makes sense because the algorithm supports
-# a variable key size). Key length must agree to what's provided as the
-# cipher transformation, otherwise this will be ignored after logging a
-# warning.
-#
-# NOTE: This is what applies BOTH ESAPI 1.4 and 2.0. See warning above about mixing!
-Encryptor.EncryptionKeyLength=128
-
-# Because 2.0 uses CBC mode by default, it requires an initialization vector (IV).
-# (All cipher modes except ECB require an IV.) There are two choices: we can either
-# use a fixed IV known to both parties or allow ESAPI to choose a random IV. While
-# the IV does not need to be hidden from adversaries, it is important that the
-# adversary not be allowed to choose it. Also, random IVs are generally much more
-# secure than fixed IVs. (In fact, it is essential that feed-back cipher modes
-# such as CFB and OFB use a different IV for each encryption with a given key so
-# in such cases, random IVs are much preferred. By default, ESAPI 2.0 uses random
-# IVs. If you wish to use 'fixed' IVs, set 'Encryptor.ChooseIVMethod=fixed' and
-# uncomment the Encryptor.fixedIV.
-#
-# Valid values:		random|fixed|specified		'specified' not yet implemented; planned for 2.1
-Encryptor.ChooseIVMethod=random
-# If you choose to use a fixed IV, then you must place a fixed IV here that
-# is known to all others who are sharing your secret key. The format should
-# be a hex string that is the same length as the cipher block size for the
-# cipher algorithm that you are using. The following is an *example* for AES
-# from an AES test vector for AES-128/CBC as described in:
-# NIST Special Publication 800-38A (2001 Edition)
-# "Recommendation for Block Cipher Modes of Operation".
-# (Note that the block size for AES is 16 bytes == 128 bits.)
-#
-Encryptor.fixedIV=0x000102030405060708090a0b0c0d0e0f
-
-# Whether or not CipherText should use a message authentication code (MAC) with it.
-# This prevents an adversary from altering the IV as well as allowing a more
-# fool-proof way of determining the decryption failed because of an incorrect
-# key being supplied. This refers to the "separate" MAC calculated and stored
-# in CipherText, not part of any MAC that is calculated as a result of a
-# "combined mode" cipher mode.
-#
-# If you are using ESAPI with a FIPS 140-2 cryptographic module, you *must* also
-# set this property to false.
-Encryptor.CipherText.useMAC=true
-
-# Whether or not the PlainText object may be overwritten and then marked
-# eligible for garbage collection. If not set, this is still treated as 'true'.
-Encryptor.PlainText.overwrite=true
-
-# Do not use DES except in a legacy situations. 56-bit is way too small key size.
-#Encryptor.EncryptionKeyLength=56
-#Encryptor.EncryptionAlgorithm=DES
-
-# TripleDES is considered strong enough for most purposes.
-#	Note:	There is also a 112-bit version of DESede. Using the 168-bit version
-#			requires downloading the special jurisdiction policy from Sun.
-#Encryptor.EncryptionKeyLength=168
-#Encryptor.EncryptionAlgorithm=DESede
-
-Encryptor.HashAlgorithm=SHA-512
-Encryptor.HashIterations=1024
-Encryptor.DigitalSignatureAlgorithm=SHA1withDSA
-Encryptor.DigitalSignatureKeyLength=1024
-Encryptor.RandomAlgorithm=SHA1PRNG
-Encryptor.CharacterEncoding=UTF-8
-
-# This is the Pseudo Random Function (PRF) that ESAPI's Key Derivation Function
-# (KDF) normally uses. Note this is *only* the PRF used for ESAPI's KDF and
-# *not* what is used for ESAPI's MAC. (Currently, HmacSHA1 is always used for
-# the MAC, mostly to keep the overall size at a minimum.)
-#
-# Currently supported choices for JDK 1.5 and 1.6 are:
-#	HmacSHA1 (160 bits), HmacSHA256 (256 bits), HmacSHA384 (384 bits), and
-#	HmacSHA512 (512 bits).
-# Note that HmacMD5 is *not* supported for the PRF used by the KDF even though
-# the JDKs support it.  See the ESAPI 2.0 Symmetric Encryption User Guide
-# further details.
-Encryptor.KDF.PRF=HmacSHA256
-#===========================================================================
-# ESAPI HttpUtilties
-#
-# The HttpUtilities provide basic protections to HTTP requests and responses. Primarily these methods 
-# protect against malicious data from attackers, such as unprintable characters, escaped characters,
-# and other simple attacks. The HttpUtilities also provides utility methods for dealing with cookies,
-# headers, and CSRF tokens.
-#
-# Default file upload location (remember to escape backslashes with \\)
-HttpUtilities.UploadDir=C:\\ESAPI\\testUpload
-HttpUtilities.UploadTempDir=C:\\temp
-# Force flags on cookies, if you use HttpUtilities to set cookies
-HttpUtilities.ForceHttpOnlySession=false
-HttpUtilities.ForceSecureSession=false
-HttpUtilities.ForceHttpOnlyCookies=true
-HttpUtilities.ForceSecureCookies=true
-# Maximum size of HTTP headers
-HttpUtilities.MaxHeaderSize=4096
-# File upload configuration
-HttpUtilities.ApprovedUploadExtensions=.zip,.pdf,.doc,.docx,.ppt,.pptx,.tar,.gz,.tgz,.rar,.war,.jar,.ear,.xls,.rtf,.properties,.java,.class,.txt,.xml,.jsp,.jsf,.exe,.dll
-HttpUtilities.MaxUploadFileBytes=500000000
-# Using UTF-8 throughout your stack is highly recommended. That includes your database driver,
-# container, and any other technologies you may be using. Failure to do this may expose you
-# to Unicode transcoding injection attacks. Use of UTF-8 does not hinder internationalization.
-HttpUtilities.ResponseContentType=text/html; charset=UTF-8
-# This is the name of the cookie used to represent the HTTP session
-# Typically this will be the default "JSESSIONID" 
-HttpUtilities.HttpSessionIdName=JSESSIONID
-
-
-
-#===========================================================================
-# ESAPI Executor
-# CHECKME - This should be made OS independent. Don't use unsafe defaults.
-# # Examples only -- do NOT blindly copy!
-#   For Windows:
-#     Executor.WorkingDirectory=C:\\Windows\\Temp
-#     Executor.ApprovedExecutables=C:\\Windows\\System32\\cmd.exe,C:\\Windows\\System32\\runas.exe
-#   For *nux, MacOS:
-#     Executor.WorkingDirectory=/tmp
-#     Executor.ApprovedExecutables=/bin/bash
-Executor.WorkingDirectory=
-Executor.ApprovedExecutables=
-
-
-#===========================================================================
-# ESAPI Logging
-# Set the application name if these logs are combined with other applications
-Logger.ApplicationName=ExampleApplication
-# If you use an HTML log viewer that does not properly HTML escape log data, you can set LogEncodingRequired to true
-Logger.LogEncodingRequired=false
-# Determines whether ESAPI should log the application name. This might be clutter in some single-server/single-app environments.
-Logger.LogApplicationName=true
-# Determines whether ESAPI should log the server IP and port. This might be clutter in some single-server environments.
-Logger.LogServerIP=true
-# LogFileName, the name of the logging file. Provide a full directory path (e.g., C:\\ESAPI\\ESAPI_logging_file) if you
-# want to place it in a specific directory.
-Logger.LogFileName=ESAPI_logging_file
-# MaxLogFileSize, the max size (in bytes) of a single log file before it cuts over to a new one (default is 10,000,000)
-Logger.MaxLogFileSize=10000000
-
-
-#===========================================================================
-# ESAPI Intrusion Detection
-#
-# Each event has a base to which .count, .interval, and .action are added
-# The IntrusionException will fire if we receive "count" events within "interval" seconds
-# The IntrusionDetector is configurable to take the following actions: log, logout, and disable
-#  (multiple actions separated by commas are allowed e.g. event.test.actions=log,disable
-#
-# Custom Events
-# Names must start with "event." as the base
-# Use IntrusionDetector.addEvent( "test" ) in your code to trigger "event.test" here
-# You can also disable intrusion detection completely by changing
-# the following parameter to true
-#
-IntrusionDetector.Disable=false
-#
-IntrusionDetector.event.test.count=2
-IntrusionDetector.event.test.interval=10
-IntrusionDetector.event.test.actions=disable,log
-
-# Exception Events
-# All EnterpriseSecurityExceptions are registered automatically
-# Call IntrusionDetector.getInstance().addException(e) for Exceptions that do not extend EnterpriseSecurityException
-# Use the fully qualified classname of the exception as the base
-
-# any intrusion is an attack
-IntrusionDetector.org.owasp.esapi.errors.IntrusionException.count=1
-IntrusionDetector.org.owasp.esapi.errors.IntrusionException.interval=1
-IntrusionDetector.org.owasp.esapi.errors.IntrusionException.actions=log,disable,logout
-
-# for test purposes
-# CHECKME: Shouldn't there be something in the property name itself that designates
-#		   that these are for testing???
-IntrusionDetector.org.owasp.esapi.errors.IntegrityException.count=10
-IntrusionDetector.org.owasp.esapi.errors.IntegrityException.interval=5
-IntrusionDetector.org.owasp.esapi.errors.IntegrityException.actions=log,disable,logout
-
-# rapid validation errors indicate scans or attacks in progress
-# org.owasp.esapi.errors.ValidationException.count=10
-# org.owasp.esapi.errors.ValidationException.interval=10
-# org.owasp.esapi.errors.ValidationException.actions=log,logout
-
-# sessions jumping between hosts indicates session hijacking
-IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.count=2
-IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.interval=10
-IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.actions=log,logout
-
-
-#===========================================================================
-# ESAPI Validation
-#
-# The ESAPI Validator works on regular expressions with defined names. You can define names
-# either here, or you may define application specific patterns in a separate file defined below.
-# This allows enterprises to specify both organizational standards as well as application specific
-# validation rules.
-#
-# Use '\p{L}' (without the quotes) within the character class to match
-# any Unicode LETTER. You can also use a range, like:  \u00C0-\u017F
-# You can also use any of the regex flags as documented at
-# https://docs.oracle.com/javase/tutorial/essential/regex/pattern.html, e.g. (?u)
-#
-Validator.ConfigurationFile=validation.properties
-
-# Validators used by ESAPI
-Validator.AccountName=^[a-zA-Z0-9]{3,20}$
-Validator.SystemCommand=^[a-zA-Z\\-\\/]{1,64}$
-Validator.RoleName=^[a-z]{1,20}$
-
-#the word TEST below should be changed to your application 
-#name - only relative URL's are supported
-Validator.Redirect=^\\/test.*$
-
-# Global HTTP Validation Rules
-# Values with Base64 encoded data (e.g. encrypted state) will need at least [a-zA-Z0-9\/+=]
-Validator.HTTPScheme=^(http|https)$
-Validator.HTTPServerName=^[a-zA-Z0-9_.\\-]*$
-Validator.HTTPParameterName=^[a-zA-Z0-9_]{1,32}$
-Validator.HTTPParameterValue=^[a-zA-Z0-9.\\-\\/+=@_ ]*$
-Validator.HTTPCookieName=^[a-zA-Z0-9\\-_]{1,32}$
-Validator.HTTPCookieValue=^[a-zA-Z0-9\\-\\/+=_ ]*$
-# Note that max header name capped at 150 in SecurityRequestWrapper!
-Validator.HTTPHeaderName=^[a-zA-Z0-9\\-_]{1,50}$
-Validator.HTTPHeaderValue=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$
-Validator.HTTPContextPath=^\\/?[a-zA-Z0-9.\\-\\/_]*$
-Validator.HTTPServletPath=^[a-zA-Z0-9.\\-\\/_]*$
-Validator.HTTPPath=^[a-zA-Z0-9.\\-_]*$
-Validator.HTTPQueryString=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ %]*$
-Validator.HTTPURI=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$
-Validator.HTTPURL=^.*$
-Validator.HTTPJSESSIONID=^[A-Z0-9]{10,30}$
-
-# Validation of file related input
-Validator.FileName=^[a-zA-Z0-9!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
-Validator.DirectoryName=^[a-zA-Z0-9:/\\\\!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
-
-# Validation of dates. Controls whether or not 'lenient' dates are accepted.
-# See DataFormat.setLenient(boolean flag) for further details.
-Validator.AcceptLenientDates=false
+#
+# OWASP Enterprise Security API (ESAPI) Properties file -- PRODUCTION Version
+# 
+# This file is part of the Open Web Application Security Project (OWASP)
+# Enterprise Security API (ESAPI) project. For details, please see
+# http://www.owasp.org/index.php/ESAPI.
+#
+# Copyright (c) 2008,2009 - The OWASP Foundation
+#
+# DISCUSS: This may cause a major backwards compatibility issue, etc. but
+#		   from a name space perspective, we probably should have prefaced
+#		   all the property names with ESAPI or at least OWASP. Otherwise
+#		   there could be problems is someone loads this properties file into
+#		   the System properties.  We could also put this file into the
+#		   esapi.jar file (perhaps as a ResourceBundle) and then allow an external
+#		   ESAPI properties be defined that would overwrite these defaults.
+#		   That keeps the application's properties relatively simple as usually
+#		   they will only want to override a few properties. If looks like we
+#		   already support multiple override levels of this in the
+#		   DefaultSecurityConfiguration class, but I'm suggesting placing the
+#		   defaults in the esapi.jar itself. That way, if the jar is signed,
+#		   we could detect if those properties had been tampered with. (The
+#		   code to check the jar signatures is pretty simple... maybe 70-90 LOC,
+#		   but off course there is an execution penalty (similar to the way
+#		   that the separate sunjce.jar used to be when a class from it was
+#		   first loaded). Thoughts?
+###############################################################################
+#
+# WARNING: Operating system protection should be used to lock down the .esapi
+# resources directory and all the files inside and all the directories all the
+# way up to the root directory of the file system.  Note that if you are using
+# file-based implementations, that some files may need to be read-write as they
+# get updated dynamically.
+#
+# Before using, be sure to update the MasterKey and MasterSalt as described below.
+# N.B.: If you had stored data that you have previously encrypted with ESAPI 1.4,
+#		you *must* FIRST decrypt it using ESAPI 1.4 and then (if so desired)
+#		re-encrypt it with ESAPI 2.0. If you fail to do this, you will NOT be
+#		able to decrypt your data with ESAPI 2.0.
+#
+#		YOU HAVE BEEN WARNED!!! More details are in the ESAPI 2.0 Release Notes.
+#
+#===========================================================================
+# ESAPI Configuration
+#
+# If true, then print all the ESAPI properties set here when they are loaded.
+# If false, they are not printed. Useful to reduce output when running JUnit tests.
+# If you need to troubleshoot a properties related problem, turning this on may help.
+# This is 'false' in the src/test/resources/.esapi version. It is 'true' by
+# default for reasons of backward compatibility with earlier ESAPI versions.
+ESAPI.printProperties=true
+
+# ESAPI is designed to be easily extensible. You can use the reference implementation
+# or implement your own providers to take advantage of your enterprise's security
+# infrastructure. The functions in ESAPI are referenced using the ESAPI locator, like:
+#
+#    String ciphertext =
+#		ESAPI.encryptor().encrypt("Secret message");   // Deprecated in 2.0
+#    CipherText cipherText =
+#		ESAPI.encryptor().encrypt(new PlainText("Secret message")); // Preferred
+#
+# Below you can specify the classname for the provider that you wish to use in your
+# application. The only requirement is that it implement the appropriate ESAPI interface.
+# This allows you to switch security implementations in the future without rewriting the
+# entire application.
+#
+# ExperimentalAccessController requires ESAPI-AccessControlPolicy.xml in .esapi directory
+ESAPI.AccessControl=org.owasp.esapi.reference.DefaultAccessController
+# FileBasedAuthenticator requires users.txt file in .esapi directory
+ESAPI.Authenticator=org.owasp.esapi.reference.FileBasedAuthenticator
+ESAPI.Encoder=org.owasp.esapi.reference.DefaultEncoder
+ESAPI.Encryptor=org.owasp.esapi.reference.crypto.JavaEncryptor
+
+ESAPI.Executor=org.owasp.esapi.reference.DefaultExecutor
+ESAPI.HTTPUtilities=org.owasp.esapi.reference.DefaultHTTPUtilities
+ESAPI.IntrusionDetector=org.owasp.esapi.reference.DefaultIntrusionDetector
+# Log4JFactory Requires log4j.xml or log4j.properties in classpath - http://www.laliluna.de/log4j-tutorial.html
+ESAPI.Logger=org.owasp.esapi.reference.Log4JLogFactory
+#ESAPI.Logger=org.owasp.esapi.reference.JavaLogFactory
+ESAPI.Randomizer=org.owasp.esapi.reference.DefaultRandomizer
+ESAPI.Validator=org.owasp.esapi.reference.DefaultValidator
+
+#===========================================================================
+# ESAPI Authenticator
+#
+Authenticator.AllowedLoginAttempts=3
+Authenticator.MaxOldPasswordHashes=13
+Authenticator.UsernameParameterName=username
+Authenticator.PasswordParameterName=password
+# RememberTokenDuration (in days)
+Authenticator.RememberTokenDuration=14
+# Session Timeouts (in minutes)
+Authenticator.IdleTimeoutDuration=20
+Authenticator.AbsoluteTimeoutDuration=120
+
+#===========================================================================
+# ESAPI Encoder
+#
+# ESAPI canonicalizes input before validation to prevent bypassing filters with encoded attacks.
+# Failure to canonicalize input is a very common mistake when implementing validation schemes.
+# Canonicalization is automatic when using the ESAPI Validator, but you can also use the
+# following code to canonicalize data.
+#
+#      ESAPI.Encoder().canonicalize( "%22hello world&#x22;" );
+#  
+# Multiple encoding is when a single encoding format is applied multiple times. Allowing
+# multiple encoding is strongly discouraged.
+Encoder.AllowMultipleEncoding=false
+
+# Mixed encoding is when multiple different encoding formats are applied, or when 
+# multiple formats are nested. Allowing multiple encoding is strongly discouraged.
+Encoder.AllowMixedEncoding=false
+
+# The default list of codecs to apply when canonicalizing untrusted data. The list should include the codecs
+# for all downstream interpreters or decoders. For example, if the data is likely to end up in a URL, HTML, or
+# inside JavaScript, then the list of codecs below is appropriate. The order of the list is not terribly important.
+Encoder.DefaultCodecList=HTMLEntityCodec,PercentCodec,JavaScriptCodec
+
+
+#===========================================================================
+# ESAPI Encryption
+#
+# The ESAPI Encryptor provides basic cryptographic functions with a simplified API.
+# To get started, generate a new key using java -classpath esapi.jar org.owasp.esapi.reference.crypto.JavaEncryptor
+# There is not currently any support for key rotation, so be careful when changing your key and salt as it
+# will invalidate all signed, encrypted, and hashed data.
+#
+# WARNING: Not all combinations of algorithms and key lengths are supported.
+# If you choose to use a key length greater than 128, you MUST download the
+# unlimited strength policy files and install in the lib directory of your JRE/JDK.
+# See http://java.sun.com/javase/downloads/index.jsp for more information.
+#
+# Backward compatibility with ESAPI Java 1.4 is supported by the two deprecated API
+# methods, Encryptor.encrypt(String) and Encryptor.decrypt(String). However, whenever
+# possible, these methods should be avoided as they use ECB cipher mode, which in almost
+# all circumstances a poor choice because of it's weakness. CBC cipher mode is the default
+# for the new Encryptor encrypt / decrypt methods for ESAPI Java 2.0.  In general, you
+# should only use this compatibility setting if you have persistent data encrypted with
+# version 1.4 and even then, you should ONLY set this compatibility mode UNTIL
+# you have decrypted all of your old encrypted data and then re-encrypted it with
+# ESAPI 2.0 using CBC mode. If you have some reason to mix the deprecated 1.4 mode
+# with the new 2.0 methods, make sure that you use the same cipher algorithm for both
+# (256-bit AES was the default for 1.4; 128-bit is the default for 2.0; see below for
+# more details.) Otherwise, you will have to use the new 2.0 encrypt / decrypt methods
+# where you can specify a SecretKey. (Note that if you are using the 256-bit AES,
+# that requires downloading the special jurisdiction policy files mentioned above.)
+#
+#		***** IMPORTANT: Do NOT forget to replace these with your own values! *****
+# To calculate these values, you can run:
+#		java -classpath esapi.jar org.owasp.esapi.reference.crypto.JavaEncryptor
+#
+#Encryptor.MasterKey=
+#Encryptor.MasterSalt=
+
+# Provides the default JCE provider that ESAPI will "prefer" for its symmetric
+# encryption and hashing. (That is it will look to this provider first, but it
+# will defer to other providers if the requested algorithm is not implemented
+# by this provider.) If left unset, ESAPI will just use your Java VM's current
+# preferred JCE provider, which is generally set in the file
+# "$JAVA_HOME/jre/lib/security/java.security".
+#
+# The main intent of this is to allow ESAPI symmetric encryption to be
+# used with a FIPS 140-2 compliant crypto-module. For details, see the section
+# "Using ESAPI Symmetric Encryption with FIPS 140-2 Cryptographic Modules" in
+# the ESAPI 2.0 Symmetric Encryption User Guide, at:
+# http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html
+# However, this property also allows you to easily use an alternate JCE provider
+# such as "Bouncy Castle" without having to make changes to "java.security".
+# See Javadoc for SecurityProviderLoader for further details. If you wish to use
+# a provider that is not known to SecurityProviderLoader, you may specify the
+# fully-qualified class name of the JCE provider class that implements
+# java.security.Provider. If the name contains a '.', this is interpreted as
+# a fully-qualified class name that implements java.security.Provider.
+#
+# NOTE: Setting this property has the side-effect of changing it in your application
+#       as well, so if you are using JCE in your application directly rather than
+#       through ESAPI (you wouldn't do that, would you? ;-), it will change the
+#       preferred JCE provider there as well.
+#
+# Default: Keeps the JCE provider set to whatever JVM sets it to.
+Encryptor.PreferredJCEProvider=
+
+# AES is the most widely used and strongest encryption algorithm. This
+# should agree with your Encryptor.CipherTransformation property.
+# By default, ESAPI Java 1.4 uses "PBEWithMD5AndDES" and which is
+# very weak. It is essentially a password-based encryption key, hashed
+# with MD5 around 1K times and then encrypted with the weak DES algorithm
+# (56-bits) using ECB mode and an unspecified padding (it is
+# JCE provider specific, but most likely "NoPadding"). However, 2.0 uses
+# "AES/CBC/PKCSPadding". If you want to change these, change them here.
+# Warning: This property does not control the default reference implementation for
+#		   ESAPI 2.0 using JavaEncryptor. Also, this property will be dropped
+#		   in the future.
+# @deprecated
+Encryptor.EncryptionAlgorithm=AES
+#		For ESAPI Java 2.0 - New encrypt / decrypt methods use this.
+Encryptor.CipherTransformation=AES/CBC/PKCS5Padding
+
+# Applies to ESAPI 2.0 and later only!
+# Comma-separated list of cipher modes that provide *BOTH*
+# confidentiality *AND* message authenticity. (NIST refers to such cipher
+# modes as "combined modes" so that's what we shall call them.) If any of these
+# cipher modes are used then no MAC is calculated and stored
+# in the CipherText upon encryption. Likewise, if one of these
+# cipher modes is used with decryption, no attempt will be made
+# to validate the MAC contained in the CipherText object regardless
+# of whether it contains one or not. Since the expectation is that
+# these cipher modes support support message authenticity already,
+# injecting a MAC in the CipherText object would be at best redundant.
+#
+# Note that as of JDK 1.5, the SunJCE provider does not support *any*
+# of these cipher modes. Of these listed, only GCM and CCM are currently
+# NIST approved. YMMV for other JCE providers. E.g., Bouncy Castle supports
+# GCM and CCM with "NoPadding" mode, but not with "PKCS5Padding" or other
+# padding modes.
+Encryptor.cipher_modes.combined_modes=GCM,CCM,IAPM,EAX,OCB,CWC
+
+# Applies to ESAPI 2.0 and later only!
+# Additional cipher modes allowed for ESAPI 2.0 encryption. These
+# cipher modes are in _addition_ to those specified by the property
+# 'Encryptor.cipher_modes.combined_modes'.
+# Note: We will add support for streaming modes like CFB & OFB once
+# we add support for 'specified' to the property 'Encryptor.ChooseIVMethod'
+# (probably in ESAPI 2.1).
+# DISCUSS: Better name?
+Encryptor.cipher_modes.additional_allowed=CBC
+
+# 128-bit is almost always sufficient and appears to be more resistant to
+# related key attacks than is 256-bit AES. Use '_' to use default key size
+# for cipher algorithms (where it makes sense because the algorithm supports
+# a variable key size). Key length must agree to what's provided as the
+# cipher transformation, otherwise this will be ignored after logging a
+# warning.
+#
+# NOTE: This is what applies BOTH ESAPI 1.4 and 2.0. See warning above about mixing!
+Encryptor.EncryptionKeyLength=128
+
+# Because 2.0 uses CBC mode by default, it requires an initialization vector (IV).
+# (All cipher modes except ECB require an IV.) There are two choices: we can either
+# use a fixed IV known to both parties or allow ESAPI to choose a random IV. While
+# the IV does not need to be hidden from adversaries, it is important that the
+# adversary not be allowed to choose it. Also, random IVs are generally much more
+# secure than fixed IVs. (In fact, it is essential that feed-back cipher modes
+# such as CFB and OFB use a different IV for each encryption with a given key so
+# in such cases, random IVs are much preferred. By default, ESAPI 2.0 uses random
+# IVs. If you wish to use 'fixed' IVs, set 'Encryptor.ChooseIVMethod=fixed' and
+# uncomment the Encryptor.fixedIV.
+#
+# Valid values:		random|fixed|specified		'specified' not yet implemented; planned for 2.1
+Encryptor.ChooseIVMethod=random
+# If you choose to use a fixed IV, then you must place a fixed IV here that
+# is known to all others who are sharing your secret key. The format should
+# be a hex string that is the same length as the cipher block size for the
+# cipher algorithm that you are using. The following is an *example* for AES
+# from an AES test vector for AES-128/CBC as described in:
+# NIST Special Publication 800-38A (2001 Edition)
+# "Recommendation for Block Cipher Modes of Operation".
+# (Note that the block size for AES is 16 bytes == 128 bits.)
+#
+Encryptor.fixedIV=0x000102030405060708090a0b0c0d0e0f
+
+# Whether or not CipherText should use a message authentication code (MAC) with it.
+# This prevents an adversary from altering the IV as well as allowing a more
+# fool-proof way of determining the decryption failed because of an incorrect
+# key being supplied. This refers to the "separate" MAC calculated and stored
+# in CipherText, not part of any MAC that is calculated as a result of a
+# "combined mode" cipher mode.
+#
+# If you are using ESAPI with a FIPS 140-2 cryptographic module, you *must* also
+# set this property to false.
+Encryptor.CipherText.useMAC=true
+
+# Whether or not the PlainText object may be overwritten and then marked
+# eligible for garbage collection. If not set, this is still treated as 'true'.
+Encryptor.PlainText.overwrite=true
+
+# Do not use DES except in a legacy situations. 56-bit is way too small key size.
+#Encryptor.EncryptionKeyLength=56
+#Encryptor.EncryptionAlgorithm=DES
+
+# TripleDES is considered strong enough for most purposes.
+#	Note:	There is also a 112-bit version of DESede. Using the 168-bit version
+#			requires downloading the special jurisdiction policy from Sun.
+#Encryptor.EncryptionKeyLength=168
+#Encryptor.EncryptionAlgorithm=DESede
+
+Encryptor.HashAlgorithm=SHA-512
+Encryptor.HashIterations=1024
+Encryptor.DigitalSignatureAlgorithm=SHA1withDSA
+Encryptor.DigitalSignatureKeyLength=1024
+Encryptor.RandomAlgorithm=SHA1PRNG
+Encryptor.CharacterEncoding=UTF-8
+
+# This is the Pseudo Random Function (PRF) that ESAPI's Key Derivation Function
+# (KDF) normally uses. Note this is *only* the PRF used for ESAPI's KDF and
+# *not* what is used for ESAPI's MAC. (Currently, HmacSHA1 is always used for
+# the MAC, mostly to keep the overall size at a minimum.)
+#
+# Currently supported choices for JDK 1.5 and 1.6 are:
+#	HmacSHA1 (160 bits), HmacSHA256 (256 bits), HmacSHA384 (384 bits), and
+#	HmacSHA512 (512 bits).
+# Note that HmacMD5 is *not* supported for the PRF used by the KDF even though
+# the JDKs support it.  See the ESAPI 2.0 Symmetric Encryption User Guide
+# further details.
+Encryptor.KDF.PRF=HmacSHA256
+#===========================================================================
+# ESAPI HttpUtilties
+#
+# The HttpUtilities provide basic protections to HTTP requests and responses. Primarily these methods 
+# protect against malicious data from attackers, such as unprintable characters, escaped characters,
+# and other simple attacks. The HttpUtilities also provides utility methods for dealing with cookies,
+# headers, and CSRF tokens.
+#
+# Default file upload location (remember to escape backslashes with \\)
+HttpUtilities.UploadDir=C:\\ESAPI\\testUpload
+HttpUtilities.UploadTempDir=C:\\temp
+# Force flags on cookies, if you use HttpUtilities to set cookies
+HttpUtilities.ForceHttpOnlySession=false
+HttpUtilities.ForceSecureSession=false
+HttpUtilities.ForceHttpOnlyCookies=true
+HttpUtilities.ForceSecureCookies=true
+# Maximum size of HTTP headers
+HttpUtilities.MaxHeaderSize=4096
+# File upload configuration
+HttpUtilities.ApprovedUploadExtensions=.zip,.pdf,.doc,.docx,.ppt,.pptx,.tar,.gz,.tgz,.rar,.war,.jar,.ear,.xls,.rtf,.properties,.java,.class,.txt,.xml,.jsp,.jsf,.exe,.dll
+HttpUtilities.MaxUploadFileBytes=500000000
+# Using UTF-8 throughout your stack is highly recommended. That includes your database driver,
+# container, and any other technologies you may be using. Failure to do this may expose you
+# to Unicode transcoding injection attacks. Use of UTF-8 does not hinder internationalization.
+HttpUtilities.ResponseContentType=text/html; charset=UTF-8
+# This is the name of the cookie used to represent the HTTP session
+# Typically this will be the default "JSESSIONID" 
+HttpUtilities.HttpSessionIdName=JSESSIONID
+
+
+
+#===========================================================================
+# ESAPI Executor
+# CHECKME - This should be made OS independent. Don't use unsafe defaults.
+# # Examples only -- do NOT blindly copy!
+#   For Windows:
+#     Executor.WorkingDirectory=C:\\Windows\\Temp
+#     Executor.ApprovedExecutables=C:\\Windows\\System32\\cmd.exe,C:\\Windows\\System32\\runas.exe
+#   For *nux, MacOS:
+#     Executor.WorkingDirectory=/tmp
+#     Executor.ApprovedExecutables=/bin/bash
+Executor.WorkingDirectory=
+Executor.ApprovedExecutables=
+
+
+#===========================================================================
+# ESAPI Logging
+# Set the application name if these logs are combined with other applications
+Logger.ApplicationName=ExampleApplication
+# If you use an HTML log viewer that does not properly HTML escape log data, you can set LogEncodingRequired to true
+Logger.LogEncodingRequired=false
+# Determines whether ESAPI should log the application name. This might be clutter in some single-server/single-app environments.
+Logger.LogApplicationName=true
+# Determines whether ESAPI should log the server IP and port. This might be clutter in some single-server environments.
+Logger.LogServerIP=true
+# LogFileName, the name of the logging file. Provide a full directory path (e.g., C:\\ESAPI\\ESAPI_logging_file) if you
+# want to place it in a specific directory.
+Logger.LogFileName=ESAPI_logging_file
+# MaxLogFileSize, the max size (in bytes) of a single log file before it cuts over to a new one (default is 10,000,000)
+Logger.MaxLogFileSize=10000000
+
+
+#===========================================================================
+# ESAPI Intrusion Detection
+#
+# Each event has a base to which .count, .interval, and .action are added
+# The IntrusionException will fire if we receive "count" events within "interval" seconds
+# The IntrusionDetector is configurable to take the following actions: log, logout, and disable
+#  (multiple actions separated by commas are allowed e.g. event.test.actions=log,disable
+#
+# Custom Events
+# Names must start with "event." as the base
+# Use IntrusionDetector.addEvent( "test" ) in your code to trigger "event.test" here
+# You can also disable intrusion detection completely by changing
+# the following parameter to true
+#
+IntrusionDetector.Disable=false
+#
+IntrusionDetector.event.test.count=2
+IntrusionDetector.event.test.interval=10
+IntrusionDetector.event.test.actions=disable,log
+
+# Exception Events
+# All EnterpriseSecurityExceptions are registered automatically
+# Call IntrusionDetector.getInstance().addException(e) for Exceptions that do not extend EnterpriseSecurityException
+# Use the fully qualified classname of the exception as the base
+
+# any intrusion is an attack
+IntrusionDetector.org.owasp.esapi.errors.IntrusionException.count=1
+IntrusionDetector.org.owasp.esapi.errors.IntrusionException.interval=1
+IntrusionDetector.org.owasp.esapi.errors.IntrusionException.actions=log,disable,logout
+
+# for test purposes
+# CHECKME: Shouldn't there be something in the property name itself that designates
+#		   that these are for testing???
+IntrusionDetector.org.owasp.esapi.errors.IntegrityException.count=10
+IntrusionDetector.org.owasp.esapi.errors.IntegrityException.interval=5
+IntrusionDetector.org.owasp.esapi.errors.IntegrityException.actions=log,disable,logout
+
+# rapid validation errors indicate scans or attacks in progress
+# org.owasp.esapi.errors.ValidationException.count=10
+# org.owasp.esapi.errors.ValidationException.interval=10
+# org.owasp.esapi.errors.ValidationException.actions=log,logout
+
+# sessions jumping between hosts indicates session hijacking
+IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.count=2
+IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.interval=10
+IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.actions=log,logout
+
+
+#===========================================================================
+# ESAPI Validation
+#
+# The ESAPI Validator works on regular expressions with defined names. You can define names
+# either here, or you may define application specific patterns in a separate file defined below.
+# This allows enterprises to specify both organizational standards as well as application specific
+# validation rules.
+#
+# Use '\p{L}' (without the quotes) within the character class to match
+# any Unicode LETTER. You can also use a range, like:  \u00C0-\u017F
+# You can also use any of the regex flags as documented at
+# https://docs.oracle.com/javase/tutorial/essential/regex/pattern.html, e.g. (?u)
+#
+Validator.ConfigurationFile=validation.properties
+
+# Validators used by ESAPI
+Validator.AccountName=^[a-zA-Z0-9]{3,20}$
+Validator.SystemCommand=^[a-zA-Z\\-\\/]{1,64}$
+Validator.RoleName=^[a-z]{1,20}$
+
+#the word TEST below should be changed to your application 
+#name - only relative URL's are supported
+Validator.Redirect=^\\/test.*$
+
+# Global HTTP Validation Rules
+# Values with Base64 encoded data (e.g. encrypted state) will need at least [a-zA-Z0-9\/+=]
+Validator.HTTPScheme=^(http|https)$
+Validator.HTTPServerName=^[a-zA-Z0-9_.\\-]*$
+Validator.HTTPParameterName=^[a-zA-Z0-9_]{1,32}$
+Validator.HTTPParameterValue=^[a-zA-Z0-9.\\-\\/+=@_ ]*$
+Validator.HTTPCookieName=^[a-zA-Z0-9\\-_]{1,32}$
+Validator.HTTPCookieValue=^[a-zA-Z0-9\\-\\/+=_ ]*$
+# Note that max header name capped at 150 in SecurityRequestWrapper!
+Validator.HTTPHeaderName=^[a-zA-Z0-9\\-_]{1,50}$
+Validator.HTTPHeaderValue=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$
+Validator.HTTPContextPath=^\\/?[a-zA-Z0-9.\\-\\/_]*$
+Validator.HTTPServletPath=^[a-zA-Z0-9.\\-\\/_]*$
+Validator.HTTPPath=^[a-zA-Z0-9.\\-_]*$
+Validator.HTTPQueryString=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ %]*$
+Validator.HTTPURI=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$
+Validator.HTTPURL=^.*$
+Validator.HTTPJSESSIONID=^[A-Z0-9]{10,30}$
+
+# Validation of file related input
+Validator.FileName=^[a-zA-Z0-9!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
+Validator.DirectoryName=^[a-zA-Z0-9:/\\\\!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
+
+# Validation of dates. Controls whether or not 'lenient' dates are accepted.
+# See DataFormat.setLenient(boolean flag) for further details.
+Validator.AcceptLenientDates=false

From 2812549f07865efcce7ab741742291d8190d8e33 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Tue, 19 Jan 2016 01:12:42 -0500
Subject: [PATCH 315/812] Address issue 356.

---
 configuration/esapi/validation.properties | 58 +++++++++++------------
 1 file changed, 29 insertions(+), 29 deletions(-)

diff --git a/configuration/esapi/validation.properties b/configuration/esapi/validation.properties
index 18e037f3b..433fa0b6b 100644
--- a/configuration/esapi/validation.properties
+++ b/configuration/esapi/validation.properties
@@ -1,29 +1,29 @@
-# The ESAPI validator does many security checks on input, such as canonicalization
-# and whitelist validation. Note that all of these validation rules are applied *after*
-# canonicalization. Double-encoded characters (even with different encodings involved,
-# are never allowed.
-#
-# To use:
-#
-# First set up a pattern below. You can choose any name you want, prefixed by the word
-# "Validation." For example:
-#   Validation.Email=^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\\.[a-zA-Z]{2,4}$
-# 
-# Then you can validate in your code against the pattern like this:
-#     ESAPI.validator().isValidInput("User Email", input, "Email", maxLength, allowNull);
-# Where maxLength and allowNull are set for you needs, respectively.
-#
-# But note, when you use boolean variants of validation functions, you lose critical 
-# canonicalization. It is preferable to use the "get" methods (which throw exceptions) and 
-# and use the returned user input which is in canonical form. Consider the following:
-#  
-# try {
-#    someObject.setEmail(ESAPI.validator().getValidInput("User Email", input, "Email", maxLength, allowNull));
-#
-Validator.SafeString=^[.\\p{Alnum}\\p{Space}]{0,1024}$
-Validator.Email=^[A-Za-z0-9._%'-]+@[A-Za-z0-9.-]+\\.[a-zA-Z]{2,4}$
-Validator.IPAddress=^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$
-Validator.URL=^(ht|f)tp(s?)\\:\\/\\/[0-9a-zA-Z]([-.\\w]*[0-9a-zA-Z])*(:(0-9)*)*(\\/?)([a-zA-Z0-9\\-\\.\\?\\,\\:\\'\\/\\\\\\+=&amp;%\\$#_]*)?$
-Validator.CreditCard=^(\\d{4}[- ]?){3}\\d{4}$
-Validator.SSN=^(?!000)([0-6]\\d{2}|7([0-6]\\d|7[012]))([ -]?)(?!00)\\d\\d\\3(?!0000)\\d{4}$
-
+# The ESAPI validator does many security checks on input, such as canonicalization
+# and whitelist validation. Note that all of these validation rules are applied *after*
+# canonicalization. Double-encoded characters (even with different encodings involved,
+# are never allowed.
+#
+# To use:
+#
+# First set up a pattern below. You can choose any name you want, prefixed by the word
+# "Validation." For example:
+#   Validation.Email=^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\\.[a-zA-Z]{2,4}$
+# 
+# Then you can validate in your code against the pattern like this:
+#     ESAPI.validator().isValidInput("User Email", input, "Email", maxLength, allowNull);
+# Where maxLength and allowNull are set for you needs, respectively.
+#
+# But note, when you use boolean variants of validation functions, you lose critical 
+# canonicalization. It is preferable to use the "get" methods (which throw exceptions) and 
+# and use the returned user input which is in canonical form. Consider the following:
+#  
+# try {
+#    someObject.setEmail(ESAPI.validator().getValidInput("User Email", input, "Email", maxLength, allowNull));
+#
+Validator.SafeString=^[.\\p{Alnum}\\p{Space}]{0,1024}$
+Validator.Email=^[A-Za-z0-9._%'-]+@[A-Za-z0-9.-]+\\.[a-zA-Z]{2,4}$
+Validator.IPAddress=^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$
+Validator.URL=^(ht|f)tp(s?)\\:\\/\\/[0-9a-zA-Z]([-.\\w]*[0-9a-zA-Z])*(:(0-9)*)*(\\/?)([a-zA-Z0-9\\-\\.\\?\\,\\:\\'\\/\\\\\\+=&amp;%\\$#_]*)?$
+Validator.CreditCard=^(\\d{4}[- ]?){3}\\d{4}$
+Validator.SSN=^(?!000)([0-6]\\d{2}|7([0-6]\\d|7[012]))([ -]?)(?!00)\\d\\d\\3(?!0000)\\d{4}$
+

From 53505707a49fad41ec3ff5b74fbf390741bed248 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Tue, 19 Jan 2016 01:12:42 -0500
Subject: [PATCH 316/812] Address issue 356.

---
 .../properties/ESAPI_en_US.properties          | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/configuration/properties/ESAPI_en_US.properties b/configuration/properties/ESAPI_en_US.properties
index 9b43d1a23..04f043b21 100644
--- a/configuration/properties/ESAPI_en_US.properties
+++ b/configuration/properties/ESAPI_en_US.properties
@@ -1,9 +1,9 @@
-# User Messages
-Error.creating.randomizer=Error creating randomizer
-
-This.is.test.message=This {0} is {1} a test {2} message
-
-# Validation Messages
-
-# Log Messages
-
+# User Messages
+Error.creating.randomizer=Error creating randomizer
+
+This.is.test.message=This {0} is {1} a test {2} message
+
+# Validation Messages
+
+# Log Messages
+

From 71ba3946427c154fa66d92e20ccaed042615cfea Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Tue, 19 Jan 2016 01:12:42 -0500
Subject: [PATCH 317/812] Address issue 356.

---
 .../properties/ESAPI_fr_FR.properties          | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/configuration/properties/ESAPI_fr_FR.properties b/configuration/properties/ESAPI_fr_FR.properties
index 89ebcba7d..3e5a7a8f5 100644
--- a/configuration/properties/ESAPI_fr_FR.properties
+++ b/configuration/properties/ESAPI_fr_FR.properties
@@ -1,9 +1,9 @@
-# User Messages
-Error.creating.randomizer=Erreur lors de la cr�ation al�atoire
-
-This.is.test.message=Ceci est un message de test message singh
-
-# Validation Messages
-
-# Log Messages
-
+# User Messages
+Error.creating.randomizer=Erreur lors de la cr�ation al�atoire
+
+This.is.test.message=Ceci est un message de test message singh
+
+# Validation Messages
+
+# Log Messages
+

From b6a746b8589326aed5ef7208322f27a352c97869 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Tue, 19 Jan 2016 01:12:42 -0500
Subject: [PATCH 318/812] Address issue 356.

---
 ...ESAPI-CommaValidatorFileChecker.properties | 930 +++++++++---------
 1 file changed, 465 insertions(+), 465 deletions(-)

diff --git a/src/test/resources/esapi/ESAPI-CommaValidatorFileChecker.properties b/src/test/resources/esapi/ESAPI-CommaValidatorFileChecker.properties
index 837d5a9d3..f120f748d 100644
--- a/src/test/resources/esapi/ESAPI-CommaValidatorFileChecker.properties
+++ b/src/test/resources/esapi/ESAPI-CommaValidatorFileChecker.properties
@@ -1,466 +1,466 @@
-#
-# OWASP Enterprise Security API (ESAPI) Properties file -- TEST Version
-# 
-# This file is part of the Open Web Application Security Project (OWASP)
-# Enterprise Security API (ESAPI) project. For details, please see
-# http://www.owasp.org/index.php/ESAPI.
-#
-# Copyright (c) 2008,2009 - The OWASP Foundation
-#
-# DISCUSS: This may cause a major backwards compatibility issue, etc. but
-#		   from a name space perspective, we probably should have prefaced
-#		   all the property names with ESAPI or at least OWASP. Otherwise
-#		   there could be problems is someone loads this properties file into
-#		   the System properties.  We could also put this file into the
-#		   esapi.jar file (perhaps as a ResourceBundle) and then allow an external
-#		   ESAPI properties be defined that would overwrite these defaults.
-#		   That keeps the application's properties relatively simple as usually
-#		   they will only want to override a few properties. If looks like we
-#		   already support multiple override levels of this in the
-#		   DefaultSecurityConfiguration class, but I'm suggesting placing the
-#		   defaults in the esapi.jar itself. That way, if the jar is signed,
-#		   we could detect if those properties had been tampered with. (The
-#		   code to check the jar signatures is pretty simple... maybe 70-90 LOC,
-#		   but off course there is an execution penalty (similar to the way
-#		   that the separate sunjce.jar used to be when a class from it was
-#		   first loaded). Thoughts?
-###############################################################################
-#
-# WARNING: Operating system protection should be used to lock down the .esapi
-# resources directory and all the files inside and all the directories all the
-# way up to the root directory of the file system.  Note that if you are using
-# file-based implementations, that some files may need to be read-write as they
-# get updated dynamically.
-#
-# Before using, be sure to update the MasterKey and MasterSalt as described below.
-# N.B.: If you had stored data that you have previously encrypted with ESAPI 1.4,
-#		you *must* FIRST decrypt it using ESAPI 1.4 and then (if so desired)
-#		re-encrypt it with ESAPI 2.0. If you fail to do this, you will NOT be
-#		able to decrypt your data with ESAPI 2.0.
-#
-#		YOU HAVE BEEN WARNED!!! More details are in the ESAPI 2.0 Release Notes.
-#
-#===========================================================================
-# ESAPI Configuration
-#
-# If true, then print all the ESAPI properties set here when they are loaded.
-# If false, they are not printed. Useful to reduce output when running JUnit tests.
-# If you need to troubleshoot a properties related problem, turning this on may help,
-# but we leave it off for running JUnit tests. (It will be 'true' in the one delivered
-# as part of production ESAPI, mostly for backward compatibility.)
-ESAPI.printProperties=false
-
-# ESAPI is designed to be easily extensible. You can use the reference implementation
-# or implement your own providers to take advantage of your enterprise's security
-# infrastructure. The functions in ESAPI are referenced using the ESAPI locator, like:
-#
-#    String ciphertext =
-#		ESAPI.encryptor().encrypt("Secret message");   // Deprecated in 2.0
-#    CipherText cipherText =
-#		ESAPI.encryptor().encrypt(new PlainText("Secret message")); // Preferred
-#
-# Below you can specify the classname for the provider that you wish to use in your
-# application. The only requirement is that it implement the appropriate ESAPI interface.
-# This allows you to switch security implementations in the future without rewriting the
-# entire application.
-#
-# ExperimentalAccessController requires ESAPI-AccessControlPolicy.xml in .esapi directory
-ESAPI.AccessControl=org.owasp.esapi.reference.DefaultAccessController
-# FileBasedAuthenticator requires users.txt file in .esapi directory
-ESAPI.Authenticator=org.owasp.esapi.reference.FileBasedAuthenticator
-ESAPI.Encoder=org.owasp.esapi.reference.DefaultEncoder
-ESAPI.Encryptor=org.owasp.esapi.reference.crypto.JavaEncryptor
-
-ESAPI.Executor=org.owasp.esapi.reference.DefaultExecutor
-ESAPI.HTTPUtilities=org.owasp.esapi.reference.DefaultHTTPUtilities
-ESAPI.IntrusionDetector=org.owasp.esapi.reference.DefaultIntrusionDetector
-# Log4JFactory Requires log4j.xml or log4j.properties in classpath - http://www.laliluna.de/log4j-tutorial.html
-ESAPI.Logger=org.owasp.esapi.reference.Log4JLogFactory
-#ESAPI.Logger=org.owasp.esapi.reference.JavaLogFactory
-#ESAPI.Logger=org.owasp.esapi.reference.ExampleExtendedLog4JLogFactory
-ESAPI.Randomizer=org.owasp.esapi.reference.DefaultRandomizer
-ESAPI.Validator=org.owasp.esapi.reference.DefaultValidator
-
-#===========================================================================
-# ESAPI Authenticator
-#
-Authenticator.AllowedLoginAttempts=3
-Authenticator.MaxOldPasswordHashes=13
-Authenticator.UsernameParameterName=username
-Authenticator.PasswordParameterName=password
-# RememberTokenDuration (in days)
-Authenticator.RememberTokenDuration=14
-# Session Timeouts (in minutes)
-Authenticator.IdleTimeoutDuration=20
-Authenticator.AbsoluteTimeoutDuration=120
-
-#===========================================================================
-# ESAPI Encoder
-#
-# ESAPI canonicalizes input before validation to prevent bypassing filters with encoded attacks.
-# Failure to canonicalize input is a very common mistake when implementing validation schemes.
-# Canonicalization is automatic when using the ESAPI Validator, but you can also use the
-# following code to canonicalize data.
-#
-#      ESAPI.Encoder().canonicalize( "%22hello world&#x22;" );
-#  
-# Multiple encoding is when a single encoding format is applied multiple times. Allowing
-# multiple encoding is strongly discouraged.
-Encoder.AllowMultipleEncoding=false
-
-# Mixed encoding is when multiple different encoding formats are applied, or when
-# multiple formats are nested. Allowing multiple encoding is strongly discouraged.
-Encoder.AllowMixedEncoding=false
-
-# The default list of codecs to apply when canonicalizing untrusted data. The list should include the codecs
-# for all downstream interpreters or decoders. For example, if the data is likely to end up in a URL, HTML, or
-# inside JavaScript, then the list of codecs below is appropriate. The order of the list is not terribly important.
-Encoder.DefaultCodecList=HTMLEntityCodec,PercentCodec,JavaScriptCodec
-
-
-#===========================================================================
-# ESAPI Encryption
-#
-# The ESAPI Encryptor provides basic cryptographic functions with a simplified API.
-# To get started, generate a new key using java -classpath esapi.jar org.owasp.esapi.reference.crypto.JavaEncryptor
-# There is not currently any support for key rotation, so be careful when changing your key and salt as it
-# will invalidate all signed, encrypted, and hashed data.
-#
-# WARNING: Not all combinations of algorithms and key lengths are supported.
-# If you choose to use a key length greater than 128, you MUST download the
-# unlimited strength policy files and install in the lib directory of your JRE/JDK.
-# See http://java.sun.com/javase/downloads/index.jsp for more information.
-#
-# Backward compatibility with ESAPI Java 1.4 is supported by the two deprecated API
-# methods, Encryptor.encrypt(String) and Encryptor.decrypt(String). However, whenever
-# possible, these methods should be avoided as they use ECB cipher mode, which in almost
-# all circumstances a poor choice because of it's weakness. CBC cipher mode is the default
-# for the new Encryptor encrypt / decrypt methods for ESAPI Java 2.0.  In general, you
-# should only use this compatibility setting if you have persistent data encrypted with
-# version 1.4 and even then, you should ONLY set this compatibility mode UNTIL
-# you have decrypted all of your old encrypted data and then re-encrypted it with
-# ESAPI 2.0 using CBC mode. If you have some reason to mix the deprecated 1.4 mode
-# with the new 2.0 methods, make sure that you use the same cipher algorithm for both
-# (256-bit AES was the default for 1.4; 128-bit is the default for 2.0; see below for
-# more details.) Otherwise, you will have to use the new 2.0 encrypt / decrypt methods
-# where you can specify a SecretKey. (Note that if you are using the 256-bit AES,
-# that requires downloading the special jurisdiction policy files mentioned above.)
-#
-#		***** IMPORTANT: These are for JUnit testing. Test files may have been
-#						 encrypted using these values so do not change these or
-#						 those tests will fail. The version under
-#							src/main/resources/.esapi/ESAPI.properties
-#						 will be delivered with Encryptor.MasterKey and
-#						 Encryptor.MasterSalt set to the empty string.
-#
-#						 FINAL NOTE:
-#                           If Maven changes these when run, that needs to be fixed.
-#       256-bit key... requires unlimited strength jurisdiction policy files
-### Encryptor.MasterKey=pJhlri8JbuFYDgkqtHmm9s0Ziug2PE7ovZDyEPm4j14=
-#       128-bit key
-Encryptor.MasterKey=a6H9is3hEVGKB4Jut+lOVA==
-Encryptor.MasterSalt=SbftnvmEWD5ZHHP+pX3fqugNysc=
-# Encryptor.MasterSalt=
-
-# Provides the default JCE provider that ESAPI will "prefer" for its symmetric
-# encryption and hashing. (That is it will look to this provider first, but it
-# will defer to other providers if the requested algorithm is not implemented
-# by this provider.) If left unset, ESAPI will just use your Java VM's current
-# preferred JCE provider, which is generally set in the file
-# "$JAVA_HOME/jre/lib/security/java.security".
-#
-# The main intent of this is to allow ESAPI symmetric encryption to be
-# used with a FIPS 140-2 compliant crypto-module. For details, see the section
-# "Using ESAPI Symmetric Encryption with FIPS 140-2 Cryptographic Modules" in
-# the ESAPI 2.0 Symmetric Encryption User Guide, at:
-# http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html
-# However, this property also allows you to easily use an alternate JCE provider
-# such as "Bouncy Castle" without having to make changes to "java.security".
-# See Javadoc for SecurityProviderLoader for further details. If you wish to use
-# a provider that is not known to SecurityProviderLoader, you may specify the
-# fully-qualified class name of the JCE provider class that implements
-# java.security.Provider. If the name contains a '.', this is interpreted as
-# a fully-qualified class name that implements java.security.Provider.
-#
-# NOTE: Setting this property has the side-effect of changing it in your application
-#       as well, so if you are using JCE in your application directly rather than
-#       through ESAPI (you wouldn't do that, would you? ;-), it will change the
-#       preferred JCE provider there as well.
-#
-# Default: Keeps the JCE provider set to whatever JVM sets it to.
-Encryptor.PreferredJCEProvider=
-
-# AES is the most widely used and strongest encryption algorithm. This
-# should agree with your Encryptor.CipherTransformation property.
-# By default, ESAPI Java 1.4 uses "PBEWithMD5AndDES" and which is
-# very weak. It is essentially a password-based encryption key, hashed
-# with MD5 around 1K times and then encrypted with the weak DES algorithm
-# (56-bits) using ECB mode and an unspecified padding (it is
-# JCE provider specific, but most likely "NoPadding"). However, 2.0 uses
-# "AES/CBC/PKCSPadding". If you want to change these, change them here.
-# Warning: This property does not control the default reference implementation for
-#		   ESAPI 2.0 using JavaEncryptor. Also, this property will be dropped
-#		   in the future.
-# @deprecated
-Encryptor.EncryptionAlgorithm=AES
-#		For ESAPI Java 2.0 - New encrypt / decrypt methods use this.
-Encryptor.CipherTransformation=AES/CBC/PKCS5Padding
-
-# Applies to ESAPI 2.0 and later only!
-# Comma-separated list of cipher modes that provide *BOTH*
-# confidentiality *AND* message authenticity. (NIST refers to such cipher
-# modes as "combined modes" so that's what we shall call them.) If any of these
-# cipher modes are used then no MAC is calculated and stored
-# in the CipherText upon encryption. Likewise, if one of these
-# cipher modes is used with decryption, no attempt will be made
-# to validate the MAC contained in the CipherText object regardless
-# of whether it contains one or not. Since the expectation is that
-# these cipher modes support support message authenticity already,
-# injecting a MAC in the CipherText object would be at best redundant.
-#
-# Note that as of JDK 1.5, the SunJCE provider does not support *any*
-# of these cipher modes. Of these listed, only GCM and CCM are currently
-# NIST approved. YMMV for other JCE providers. E.g., Bouncy Castle supports
-# GCM and CCM with "NoPadding" mode, but not with "PKCS5Padding" or other
-# padding modes.
-Encryptor.cipher_modes.combined_modes=GCM,CCM,IAPM,EAX,OCB,CWC
-
-# Applies to ESAPI 2.0 and later only!
-# Additional cipher modes allowed for ESAPI 2.0 encryption. These
-# cipher modes are in _addition_ to those specified by the property
-# 'Encryptor.cipher_modes.combined_modes'.
-# Note: We will add support for streaming modes like CFB & OFB once
-# we add support for 'specified' to the property 'Encryptor.ChooseIVMethod'
-# (probably in ESAPI 2.1).
-#
-#	IMPORTANT NOTE:	In the official ESAPI.properties we do *NOT* include ECB
-#					here as this is an extremely weak mode. However, we *must*
-#					allow it here so we can test ECB mode. That is important
-#					since the logic is somewhat different (i.e., ECB mode does
-#					not use an IV).
-# DISCUSS: Better name?
-#	NOTE: ECB added only for testing purposes. Don't try this at home!
-Encryptor.cipher_modes.additional_allowed=CBC,ECB
-
-# 128-bit is almost always sufficient and appears to be more resistant to
-# related key attacks than is 256-bit AES. Use '_' to use default key size
-# for cipher algorithms (where it makes sense because the algorithm supports
-# a variable key size). Key length must agree to what's provided as the
-# cipher transformation, otherwise this will be ignored after logging a
-# warning.
-#
-# NOTE: This is what applies BOTH ESAPI 1.4 and 2.0. See warning above about mixing!
-Encryptor.EncryptionKeyLength=128
-
-# Because 2.0 uses CBC mode by default, it requires an initialization vector (IV).
-# (All cipher modes except ECB require an IV.) There are two choices: we can either
-# use a fixed IV known to both parties or allow ESAPI to choose a random IV. While
-# the IV does not need to be hidden from adversaries, it is important that the
-# adversary not be allowed to choose it. Also, random IVs are generally much more
-# secure than fixed IVs. (In fact, it is essential that feed-back cipher modes
-# such as CFB and OFB use a different IV for each encryption with a given key so
-# in such cases, random IVs are much preferred. By default, ESAPI 2.0 uses random
-# IVs. If you wish to use 'fixed' IVs, set 'Encryptor.ChooseIVMethod=fixed' and
-# uncomment the Encryptor.fixedIV.
-#
-# Valid values:		random|fixed|specified		'specified' not yet implemented; planned for 2.1
-Encryptor.ChooseIVMethod=random
-# If you choose to use a fixed IV, then you must place a fixed IV here that
-# is known to all others who are sharing your secret key. The format should
-# be a hex string that is the same length as the cipher block size for the
-# cipher algorithm that you are using. The following is an example for AES
-# from an AES test vector for AES-128/CBC as described in:
-# NIST Special Publication 800-38A (2001 Edition)
-# "Recommendation for Block Cipher Modes of Operation".
-# (Note that the block size for AES is 16 bytes == 128 bits.)
-#
-Encryptor.fixedIV=0x000102030405060708090a0b0c0d0e0f
-
-# Whether or not CipherText should use a message authentication code (MAC) with it.
-# This prevents an adversary from altering the IV as well as allowing a more
-# fool-proof way of determining the decryption failed because of an incorrect
-# key being supplied. This refers to the "separate" MAC calculated and stored
-# in CipherText, not part of any MAC that is calculated as a result of a
-# "combined mode" cipher mode.
-#
-# If you are using ESAPI with a FIPS 140-2 cryptographic module, you *must* also
-# set this property to false.
-Encryptor.CipherText.useMAC=true
-
-# Whether or not the PlainText object may be overwritten and then marked
-# eligible for garbage collection. If not set, this is still treated as 'true'.
-Encryptor.PlainText.overwrite=true
-
-# Do not use DES except in a legacy situations. 56-bit is way too small key size.
-#Encryptor.EncryptionKeyLength=56
-#Encryptor.EncryptionAlgorithm=DES
-
-# TripleDES is considered strong enough for most purposes.
-#	Note:	There is also a 112-bit version of DESede. Using the 168-bit version
-#			requires downloading the special jurisdiction policy from Sun.
-#Encryptor.EncryptionKeyLength=168
-#Encryptor.EncryptionAlgorithm=DESede
-
-Encryptor.HashAlgorithm=SHA-512
-Encryptor.HashIterations=1024
-Encryptor.DigitalSignatureAlgorithm=SHA1withDSA
-Encryptor.DigitalSignatureKeyLength=1024
-Encryptor.RandomAlgorithm=SHA1PRNG
-Encryptor.CharacterEncoding=UTF-8
-# Currently supported choices for JDK 1.5 and 1.6 are:
-#	HmacSHA1 (160 bits), HmacSHA256 (256 bits), HmacSHA384 (384 bits), and
-#	HmacSHA512 (512 bits).
-# Note that HmacMD5 is *not* supported for the PRF used by the KDF even though
-# these JDKs support it.
-Encryptor.KDF.PRF=HmacSHA256
-
-#===========================================================================
-# ESAPI HttpUtilties
-#
-# The HttpUtilities provide basic protections to HTTP requests and responses. Primarily these methods 
-# protect against malicious data from attackers, such as unprintable characters, escaped characters,
-# and other simple attacks. The HttpUtilities also provides utility methods for dealing with cookies,
-# headers, and CSRF tokens.
-#
-# Default file upload location (remember to escape backslashes with \\)
-HttpUtilities.UploadDir=C:\\ESAPI\\testUpload
-# let this default to java.io.tmpdir for testing
-#HttpUtilities.UploadTempDir=C:\\temp
-# Force flags on cookies, if you use HttpUtilities to set cookies
-HttpUtilities.ForceHttpOnlySession=false
-HttpUtilities.ForceSecureSession=false
-HttpUtilities.ForceHttpOnlyCookies=true
-HttpUtilities.ForceSecureCookies=true
-# Maximum size of HTTP headers
-HttpUtilities.MaxHeaderSize=4096
-# File upload configuration
-HttpUtilities.ApprovedUploadExtensions=.zip,.pdf,.doc,.docx,.ppt,.pptx,.tar,.gz,.tgz,.rar,.war,.jar,.ear,.xls,.rtf,.properties,.java,.class,.txt,.xml,.jsp,.jsf,.exe,.dll
-HttpUtilities.MaxUploadFileBytes=500000000
-# Using UTF-8 throughout your stack is highly recommended. That includes your database driver,
-# container, and any other technologies you may be using. Failure to do this may expose you
-# to Unicode transcoding injection attacks. Use of UTF-8 does not hinder internationalization.
-HttpUtilities.ResponseContentType=text/html; charset=UTF-8
-# This is the name of the cookie used to represent the HTTP session
-# Typically this will be the default "JSESSIONID" 
-HttpUtilities.HttpSessionIdName=JSESSIONID
-
-
-
-#===========================================================================
-# ESAPI Executor
-# CHECKME - Not sure what this is used for, but surely it should be made OS independent.
-Executor.WorkingDirectory=C:\\Windows\\Temp
-Executor.ApprovedExecutables=C:\\Windows\\System32\\cmd.exe,C:\\Windows\\System32\\runas.exe
-
-
-#===========================================================================
-# ESAPI Logging
-# Set the application name if these logs are combined with other applications
-Logger.ApplicationName=ExampleApplication
-# If you use an HTML log viewer that does not properly HTML escape log data, you can set LogEncodingRequired to true
-Logger.LogEncodingRequired=false
-# Determines whether ESAPI should log the application name. This might be clutter in some single-server/single-app environments.
-Logger.LogApplicationName=true
-# Determines whether ESAPI should log the server IP and port. This might be clutter in some single-server environments.
-Logger.LogServerIP=true
-# LogFileName, the name of the logging file. Provide a full directory path (e.g., C:\\ESAPI\\ESAPI_logging_file) if you
-# want to place it in a specific directory.
-Logger.LogFileName=ESAPI_logging_file
-# MaxLogFileSize, the max size (in bytes) of a single log file before it cuts over to a new one (default is 10,000,000)
-Logger.MaxLogFileSize=10000000
-
-
-#===========================================================================
-# ESAPI Intrusion Detection
-#
-# Each event has a base to which .count, .interval, and .action are added
-# The IntrusionException will fire if we receive "count" events within "interval" seconds
-# The IntrusionDetector is configurable to take the following actions: log, logout, and disable
-#  (multiple actions separated by commas are allowed e.g. event.test.actions=log,disable
-#
-# Custom Events
-# Names must start with "event." as the base
-# Use IntrusionDetector.addEvent( "test" ) in your code to trigger "event.test" here
-# You can also disable intrusion detection completely by changing
-# the following parameter to true
-#
-IntrusionDetector.Disable=false
-#
-IntrusionDetector.event.test.count=2
-IntrusionDetector.event.test.interval=10
-IntrusionDetector.event.test.actions=disable,log
-
-# Exception Events
-# All EnterpriseSecurityExceptions are registered automatically
-# Call IntrusionDetector.getInstance().addException(e) for Exceptions that do not extend EnterpriseSecurityException
-# Use the fully qualified classname of the exception as the base
-
-# any intrusion is an attack
-IntrusionDetector.org.owasp.esapi.errors.IntrusionException.count=1
-IntrusionDetector.org.owasp.esapi.errors.IntrusionException.interval=1
-IntrusionDetector.org.owasp.esapi.errors.IntrusionException.actions=log,disable,logout
-
-# for test purposes
-# CHECKME: Shouldn't there be something in the property name itself that designates
-#		   that these are for testing???
-IntrusionDetector.org.owasp.esapi.errors.IntegrityException.count=10
-IntrusionDetector.org.owasp.esapi.errors.IntegrityException.interval=5
-IntrusionDetector.org.owasp.esapi.errors.IntegrityException.actions=log,disable,logout
-
-# rapid validation errors indicate scans or attacks in progress
-# org.owasp.esapi.errors.ValidationException.count=10
-# org.owasp.esapi.errors.ValidationException.interval=10
-# org.owasp.esapi.errors.ValidationException.actions=log,logout
-
-# sessions jumping between hosts indicates session hijacking
-IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.count=2
-IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.interval=10
-IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.actions=log,logout
-
-
-#===========================================================================
-# ESAPI Validation
-#
-# The ESAPI Validator works on regular expressions with defined names. You can define names
-# either here, or you may define application specific patterns in a separate file defined below.
-# This allows enterprises to specify both organizational standards as well as application specific
-# validation rules.
-#
-#Validator.ConfigurationFile.MultiValued=false
-Validator.ConfigurationFile=validation-test,comma.properties
-
-# Validators used by ESAPI
-Validator.AccountName=^[a-zA-Z0-9]{3,20}$
-Validator.SystemCommand=^[a-zA-Z\\-\\/]{1,64}$
-Validator.RoleName=^[a-z]{1,20}$
-Validator.Redirect=^\\/test.*$
-
-# Global HTTP Validation Rules
-# Values with Base64 encoded data (e.g. encrypted state) will need at least [a-zA-Z0-9\/+=]
-Validator.HTTPScheme=^(http|https)$
-Validator.HTTPServerName=^[a-zA-Z0-9_.\\-]*$
-Validator.HTTPCookieName=^[a-zA-Z0-9\\-_]{1,32}$
-Validator.HTTPCookieValue=^[a-zA-Z0-9\\-\\/+=_ ]*$
-Validator.HTTPHeaderName=^[a-zA-Z0-9\\-_]{1,32}$
-Validator.HTTPHeaderValue=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$
-Validator.HTTPServletPath=^[a-zA-Z0-9.\\-\\/_]*$
-Validator.HTTPPath=^[a-zA-Z0-9.\\-_]*$
-Validator.HTTPURL=^.*$
-Validator.HTTPJSESSIONID=^[A-Z0-9]{10,30}$
-
-# Contributed by Fraenku@gmx.ch
-# Googlecode Issue 116 (http://code.google.com/p/owasp-esapi-java/issues/detail?id=116)
-Validator.HTTPParameterName=^[a-zA-Z0-9_\\-]{1,32}$
-Validator.HTTPParameterValue=^[\\p{L}\\p{N}.\\-/+=_ !$*?@]{0,1000}$
-Validator.HTTPContextPath=^/[a-zA-Z0-9.\\-_]*$
-Validator.HTTPQueryString=^([a-zA-Z0-9_\\-]{1,32}=[\\p{L}\\p{N}.\\-/+=_ !$*?@%]*&?)*$
-Validator.HTTPURI=^/([a-zA-Z0-9.\\-_]*/?)*$
-
-
-# Validation of file related input
-Validator.FileName=^[a-zA-Z0-9!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
-Validator.DirectoryName=^[a-zA-Z0-9:/\\\\!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
-
-# Validation of dates. Controls whether or not 'lenient' dates are accepted.
-# See DataFormat.setLenient(boolean flag) for further details.
+#
+# OWASP Enterprise Security API (ESAPI) Properties file -- TEST Version
+# 
+# This file is part of the Open Web Application Security Project (OWASP)
+# Enterprise Security API (ESAPI) project. For details, please see
+# http://www.owasp.org/index.php/ESAPI.
+#
+# Copyright (c) 2008,2009 - The OWASP Foundation
+#
+# DISCUSS: This may cause a major backwards compatibility issue, etc. but
+#		   from a name space perspective, we probably should have prefaced
+#		   all the property names with ESAPI or at least OWASP. Otherwise
+#		   there could be problems is someone loads this properties file into
+#		   the System properties.  We could also put this file into the
+#		   esapi.jar file (perhaps as a ResourceBundle) and then allow an external
+#		   ESAPI properties be defined that would overwrite these defaults.
+#		   That keeps the application's properties relatively simple as usually
+#		   they will only want to override a few properties. If looks like we
+#		   already support multiple override levels of this in the
+#		   DefaultSecurityConfiguration class, but I'm suggesting placing the
+#		   defaults in the esapi.jar itself. That way, if the jar is signed,
+#		   we could detect if those properties had been tampered with. (The
+#		   code to check the jar signatures is pretty simple... maybe 70-90 LOC,
+#		   but off course there is an execution penalty (similar to the way
+#		   that the separate sunjce.jar used to be when a class from it was
+#		   first loaded). Thoughts?
+###############################################################################
+#
+# WARNING: Operating system protection should be used to lock down the .esapi
+# resources directory and all the files inside and all the directories all the
+# way up to the root directory of the file system.  Note that if you are using
+# file-based implementations, that some files may need to be read-write as they
+# get updated dynamically.
+#
+# Before using, be sure to update the MasterKey and MasterSalt as described below.
+# N.B.: If you had stored data that you have previously encrypted with ESAPI 1.4,
+#		you *must* FIRST decrypt it using ESAPI 1.4 and then (if so desired)
+#		re-encrypt it with ESAPI 2.0. If you fail to do this, you will NOT be
+#		able to decrypt your data with ESAPI 2.0.
+#
+#		YOU HAVE BEEN WARNED!!! More details are in the ESAPI 2.0 Release Notes.
+#
+#===========================================================================
+# ESAPI Configuration
+#
+# If true, then print all the ESAPI properties set here when they are loaded.
+# If false, they are not printed. Useful to reduce output when running JUnit tests.
+# If you need to troubleshoot a properties related problem, turning this on may help,
+# but we leave it off for running JUnit tests. (It will be 'true' in the one delivered
+# as part of production ESAPI, mostly for backward compatibility.)
+ESAPI.printProperties=false
+
+# ESAPI is designed to be easily extensible. You can use the reference implementation
+# or implement your own providers to take advantage of your enterprise's security
+# infrastructure. The functions in ESAPI are referenced using the ESAPI locator, like:
+#
+#    String ciphertext =
+#		ESAPI.encryptor().encrypt("Secret message");   // Deprecated in 2.0
+#    CipherText cipherText =
+#		ESAPI.encryptor().encrypt(new PlainText("Secret message")); // Preferred
+#
+# Below you can specify the classname for the provider that you wish to use in your
+# application. The only requirement is that it implement the appropriate ESAPI interface.
+# This allows you to switch security implementations in the future without rewriting the
+# entire application.
+#
+# ExperimentalAccessController requires ESAPI-AccessControlPolicy.xml in .esapi directory
+ESAPI.AccessControl=org.owasp.esapi.reference.DefaultAccessController
+# FileBasedAuthenticator requires users.txt file in .esapi directory
+ESAPI.Authenticator=org.owasp.esapi.reference.FileBasedAuthenticator
+ESAPI.Encoder=org.owasp.esapi.reference.DefaultEncoder
+ESAPI.Encryptor=org.owasp.esapi.reference.crypto.JavaEncryptor
+
+ESAPI.Executor=org.owasp.esapi.reference.DefaultExecutor
+ESAPI.HTTPUtilities=org.owasp.esapi.reference.DefaultHTTPUtilities
+ESAPI.IntrusionDetector=org.owasp.esapi.reference.DefaultIntrusionDetector
+# Log4JFactory Requires log4j.xml or log4j.properties in classpath - http://www.laliluna.de/log4j-tutorial.html
+ESAPI.Logger=org.owasp.esapi.reference.Log4JLogFactory
+#ESAPI.Logger=org.owasp.esapi.reference.JavaLogFactory
+#ESAPI.Logger=org.owasp.esapi.reference.ExampleExtendedLog4JLogFactory
+ESAPI.Randomizer=org.owasp.esapi.reference.DefaultRandomizer
+ESAPI.Validator=org.owasp.esapi.reference.DefaultValidator
+
+#===========================================================================
+# ESAPI Authenticator
+#
+Authenticator.AllowedLoginAttempts=3
+Authenticator.MaxOldPasswordHashes=13
+Authenticator.UsernameParameterName=username
+Authenticator.PasswordParameterName=password
+# RememberTokenDuration (in days)
+Authenticator.RememberTokenDuration=14
+# Session Timeouts (in minutes)
+Authenticator.IdleTimeoutDuration=20
+Authenticator.AbsoluteTimeoutDuration=120
+
+#===========================================================================
+# ESAPI Encoder
+#
+# ESAPI canonicalizes input before validation to prevent bypassing filters with encoded attacks.
+# Failure to canonicalize input is a very common mistake when implementing validation schemes.
+# Canonicalization is automatic when using the ESAPI Validator, but you can also use the
+# following code to canonicalize data.
+#
+#      ESAPI.Encoder().canonicalize( "%22hello world&#x22;" );
+#  
+# Multiple encoding is when a single encoding format is applied multiple times. Allowing
+# multiple encoding is strongly discouraged.
+Encoder.AllowMultipleEncoding=false
+
+# Mixed encoding is when multiple different encoding formats are applied, or when
+# multiple formats are nested. Allowing multiple encoding is strongly discouraged.
+Encoder.AllowMixedEncoding=false
+
+# The default list of codecs to apply when canonicalizing untrusted data. The list should include the codecs
+# for all downstream interpreters or decoders. For example, if the data is likely to end up in a URL, HTML, or
+# inside JavaScript, then the list of codecs below is appropriate. The order of the list is not terribly important.
+Encoder.DefaultCodecList=HTMLEntityCodec,PercentCodec,JavaScriptCodec
+
+
+#===========================================================================
+# ESAPI Encryption
+#
+# The ESAPI Encryptor provides basic cryptographic functions with a simplified API.
+# To get started, generate a new key using java -classpath esapi.jar org.owasp.esapi.reference.crypto.JavaEncryptor
+# There is not currently any support for key rotation, so be careful when changing your key and salt as it
+# will invalidate all signed, encrypted, and hashed data.
+#
+# WARNING: Not all combinations of algorithms and key lengths are supported.
+# If you choose to use a key length greater than 128, you MUST download the
+# unlimited strength policy files and install in the lib directory of your JRE/JDK.
+# See http://java.sun.com/javase/downloads/index.jsp for more information.
+#
+# Backward compatibility with ESAPI Java 1.4 is supported by the two deprecated API
+# methods, Encryptor.encrypt(String) and Encryptor.decrypt(String). However, whenever
+# possible, these methods should be avoided as they use ECB cipher mode, which in almost
+# all circumstances a poor choice because of it's weakness. CBC cipher mode is the default
+# for the new Encryptor encrypt / decrypt methods for ESAPI Java 2.0.  In general, you
+# should only use this compatibility setting if you have persistent data encrypted with
+# version 1.4 and even then, you should ONLY set this compatibility mode UNTIL
+# you have decrypted all of your old encrypted data and then re-encrypted it with
+# ESAPI 2.0 using CBC mode. If you have some reason to mix the deprecated 1.4 mode
+# with the new 2.0 methods, make sure that you use the same cipher algorithm for both
+# (256-bit AES was the default for 1.4; 128-bit is the default for 2.0; see below for
+# more details.) Otherwise, you will have to use the new 2.0 encrypt / decrypt methods
+# where you can specify a SecretKey. (Note that if you are using the 256-bit AES,
+# that requires downloading the special jurisdiction policy files mentioned above.)
+#
+#		***** IMPORTANT: These are for JUnit testing. Test files may have been
+#						 encrypted using these values so do not change these or
+#						 those tests will fail. The version under
+#							src/main/resources/.esapi/ESAPI.properties
+#						 will be delivered with Encryptor.MasterKey and
+#						 Encryptor.MasterSalt set to the empty string.
+#
+#						 FINAL NOTE:
+#                           If Maven changes these when run, that needs to be fixed.
+#       256-bit key... requires unlimited strength jurisdiction policy files
+### Encryptor.MasterKey=pJhlri8JbuFYDgkqtHmm9s0Ziug2PE7ovZDyEPm4j14=
+#       128-bit key
+Encryptor.MasterKey=a6H9is3hEVGKB4Jut+lOVA==
+Encryptor.MasterSalt=SbftnvmEWD5ZHHP+pX3fqugNysc=
+# Encryptor.MasterSalt=
+
+# Provides the default JCE provider that ESAPI will "prefer" for its symmetric
+# encryption and hashing. (That is it will look to this provider first, but it
+# will defer to other providers if the requested algorithm is not implemented
+# by this provider.) If left unset, ESAPI will just use your Java VM's current
+# preferred JCE provider, which is generally set in the file
+# "$JAVA_HOME/jre/lib/security/java.security".
+#
+# The main intent of this is to allow ESAPI symmetric encryption to be
+# used with a FIPS 140-2 compliant crypto-module. For details, see the section
+# "Using ESAPI Symmetric Encryption with FIPS 140-2 Cryptographic Modules" in
+# the ESAPI 2.0 Symmetric Encryption User Guide, at:
+# http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html
+# However, this property also allows you to easily use an alternate JCE provider
+# such as "Bouncy Castle" without having to make changes to "java.security".
+# See Javadoc for SecurityProviderLoader for further details. If you wish to use
+# a provider that is not known to SecurityProviderLoader, you may specify the
+# fully-qualified class name of the JCE provider class that implements
+# java.security.Provider. If the name contains a '.', this is interpreted as
+# a fully-qualified class name that implements java.security.Provider.
+#
+# NOTE: Setting this property has the side-effect of changing it in your application
+#       as well, so if you are using JCE in your application directly rather than
+#       through ESAPI (you wouldn't do that, would you? ;-), it will change the
+#       preferred JCE provider there as well.
+#
+# Default: Keeps the JCE provider set to whatever JVM sets it to.
+Encryptor.PreferredJCEProvider=
+
+# AES is the most widely used and strongest encryption algorithm. This
+# should agree with your Encryptor.CipherTransformation property.
+# By default, ESAPI Java 1.4 uses "PBEWithMD5AndDES" and which is
+# very weak. It is essentially a password-based encryption key, hashed
+# with MD5 around 1K times and then encrypted with the weak DES algorithm
+# (56-bits) using ECB mode and an unspecified padding (it is
+# JCE provider specific, but most likely "NoPadding"). However, 2.0 uses
+# "AES/CBC/PKCSPadding". If you want to change these, change them here.
+# Warning: This property does not control the default reference implementation for
+#		   ESAPI 2.0 using JavaEncryptor. Also, this property will be dropped
+#		   in the future.
+# @deprecated
+Encryptor.EncryptionAlgorithm=AES
+#		For ESAPI Java 2.0 - New encrypt / decrypt methods use this.
+Encryptor.CipherTransformation=AES/CBC/PKCS5Padding
+
+# Applies to ESAPI 2.0 and later only!
+# Comma-separated list of cipher modes that provide *BOTH*
+# confidentiality *AND* message authenticity. (NIST refers to such cipher
+# modes as "combined modes" so that's what we shall call them.) If any of these
+# cipher modes are used then no MAC is calculated and stored
+# in the CipherText upon encryption. Likewise, if one of these
+# cipher modes is used with decryption, no attempt will be made
+# to validate the MAC contained in the CipherText object regardless
+# of whether it contains one or not. Since the expectation is that
+# these cipher modes support support message authenticity already,
+# injecting a MAC in the CipherText object would be at best redundant.
+#
+# Note that as of JDK 1.5, the SunJCE provider does not support *any*
+# of these cipher modes. Of these listed, only GCM and CCM are currently
+# NIST approved. YMMV for other JCE providers. E.g., Bouncy Castle supports
+# GCM and CCM with "NoPadding" mode, but not with "PKCS5Padding" or other
+# padding modes.
+Encryptor.cipher_modes.combined_modes=GCM,CCM,IAPM,EAX,OCB,CWC
+
+# Applies to ESAPI 2.0 and later only!
+# Additional cipher modes allowed for ESAPI 2.0 encryption. These
+# cipher modes are in _addition_ to those specified by the property
+# 'Encryptor.cipher_modes.combined_modes'.
+# Note: We will add support for streaming modes like CFB & OFB once
+# we add support for 'specified' to the property 'Encryptor.ChooseIVMethod'
+# (probably in ESAPI 2.1).
+#
+#	IMPORTANT NOTE:	In the official ESAPI.properties we do *NOT* include ECB
+#					here as this is an extremely weak mode. However, we *must*
+#					allow it here so we can test ECB mode. That is important
+#					since the logic is somewhat different (i.e., ECB mode does
+#					not use an IV).
+# DISCUSS: Better name?
+#	NOTE: ECB added only for testing purposes. Don't try this at home!
+Encryptor.cipher_modes.additional_allowed=CBC,ECB
+
+# 128-bit is almost always sufficient and appears to be more resistant to
+# related key attacks than is 256-bit AES. Use '_' to use default key size
+# for cipher algorithms (where it makes sense because the algorithm supports
+# a variable key size). Key length must agree to what's provided as the
+# cipher transformation, otherwise this will be ignored after logging a
+# warning.
+#
+# NOTE: This is what applies BOTH ESAPI 1.4 and 2.0. See warning above about mixing!
+Encryptor.EncryptionKeyLength=128
+
+# Because 2.0 uses CBC mode by default, it requires an initialization vector (IV).
+# (All cipher modes except ECB require an IV.) There are two choices: we can either
+# use a fixed IV known to both parties or allow ESAPI to choose a random IV. While
+# the IV does not need to be hidden from adversaries, it is important that the
+# adversary not be allowed to choose it. Also, random IVs are generally much more
+# secure than fixed IVs. (In fact, it is essential that feed-back cipher modes
+# such as CFB and OFB use a different IV for each encryption with a given key so
+# in such cases, random IVs are much preferred. By default, ESAPI 2.0 uses random
+# IVs. If you wish to use 'fixed' IVs, set 'Encryptor.ChooseIVMethod=fixed' and
+# uncomment the Encryptor.fixedIV.
+#
+# Valid values:		random|fixed|specified		'specified' not yet implemented; planned for 2.1
+Encryptor.ChooseIVMethod=random
+# If you choose to use a fixed IV, then you must place a fixed IV here that
+# is known to all others who are sharing your secret key. The format should
+# be a hex string that is the same length as the cipher block size for the
+# cipher algorithm that you are using. The following is an example for AES
+# from an AES test vector for AES-128/CBC as described in:
+# NIST Special Publication 800-38A (2001 Edition)
+# "Recommendation for Block Cipher Modes of Operation".
+# (Note that the block size for AES is 16 bytes == 128 bits.)
+#
+Encryptor.fixedIV=0x000102030405060708090a0b0c0d0e0f
+
+# Whether or not CipherText should use a message authentication code (MAC) with it.
+# This prevents an adversary from altering the IV as well as allowing a more
+# fool-proof way of determining the decryption failed because of an incorrect
+# key being supplied. This refers to the "separate" MAC calculated and stored
+# in CipherText, not part of any MAC that is calculated as a result of a
+# "combined mode" cipher mode.
+#
+# If you are using ESAPI with a FIPS 140-2 cryptographic module, you *must* also
+# set this property to false.
+Encryptor.CipherText.useMAC=true
+
+# Whether or not the PlainText object may be overwritten and then marked
+# eligible for garbage collection. If not set, this is still treated as 'true'.
+Encryptor.PlainText.overwrite=true
+
+# Do not use DES except in a legacy situations. 56-bit is way too small key size.
+#Encryptor.EncryptionKeyLength=56
+#Encryptor.EncryptionAlgorithm=DES
+
+# TripleDES is considered strong enough for most purposes.
+#	Note:	There is also a 112-bit version of DESede. Using the 168-bit version
+#			requires downloading the special jurisdiction policy from Sun.
+#Encryptor.EncryptionKeyLength=168
+#Encryptor.EncryptionAlgorithm=DESede
+
+Encryptor.HashAlgorithm=SHA-512
+Encryptor.HashIterations=1024
+Encryptor.DigitalSignatureAlgorithm=SHA1withDSA
+Encryptor.DigitalSignatureKeyLength=1024
+Encryptor.RandomAlgorithm=SHA1PRNG
+Encryptor.CharacterEncoding=UTF-8
+# Currently supported choices for JDK 1.5 and 1.6 are:
+#	HmacSHA1 (160 bits), HmacSHA256 (256 bits), HmacSHA384 (384 bits), and
+#	HmacSHA512 (512 bits).
+# Note that HmacMD5 is *not* supported for the PRF used by the KDF even though
+# these JDKs support it.
+Encryptor.KDF.PRF=HmacSHA256
+
+#===========================================================================
+# ESAPI HttpUtilties
+#
+# The HttpUtilities provide basic protections to HTTP requests and responses. Primarily these methods 
+# protect against malicious data from attackers, such as unprintable characters, escaped characters,
+# and other simple attacks. The HttpUtilities also provides utility methods for dealing with cookies,
+# headers, and CSRF tokens.
+#
+# Default file upload location (remember to escape backslashes with \\)
+HttpUtilities.UploadDir=C:\\ESAPI\\testUpload
+# let this default to java.io.tmpdir for testing
+#HttpUtilities.UploadTempDir=C:\\temp
+# Force flags on cookies, if you use HttpUtilities to set cookies
+HttpUtilities.ForceHttpOnlySession=false
+HttpUtilities.ForceSecureSession=false
+HttpUtilities.ForceHttpOnlyCookies=true
+HttpUtilities.ForceSecureCookies=true
+# Maximum size of HTTP headers
+HttpUtilities.MaxHeaderSize=4096
+# File upload configuration
+HttpUtilities.ApprovedUploadExtensions=.zip,.pdf,.doc,.docx,.ppt,.pptx,.tar,.gz,.tgz,.rar,.war,.jar,.ear,.xls,.rtf,.properties,.java,.class,.txt,.xml,.jsp,.jsf,.exe,.dll
+HttpUtilities.MaxUploadFileBytes=500000000
+# Using UTF-8 throughout your stack is highly recommended. That includes your database driver,
+# container, and any other technologies you may be using. Failure to do this may expose you
+# to Unicode transcoding injection attacks. Use of UTF-8 does not hinder internationalization.
+HttpUtilities.ResponseContentType=text/html; charset=UTF-8
+# This is the name of the cookie used to represent the HTTP session
+# Typically this will be the default "JSESSIONID" 
+HttpUtilities.HttpSessionIdName=JSESSIONID
+
+
+
+#===========================================================================
+# ESAPI Executor
+# CHECKME - Not sure what this is used for, but surely it should be made OS independent.
+Executor.WorkingDirectory=C:\\Windows\\Temp
+Executor.ApprovedExecutables=C:\\Windows\\System32\\cmd.exe,C:\\Windows\\System32\\runas.exe
+
+
+#===========================================================================
+# ESAPI Logging
+# Set the application name if these logs are combined with other applications
+Logger.ApplicationName=ExampleApplication
+# If you use an HTML log viewer that does not properly HTML escape log data, you can set LogEncodingRequired to true
+Logger.LogEncodingRequired=false
+# Determines whether ESAPI should log the application name. This might be clutter in some single-server/single-app environments.
+Logger.LogApplicationName=true
+# Determines whether ESAPI should log the server IP and port. This might be clutter in some single-server environments.
+Logger.LogServerIP=true
+# LogFileName, the name of the logging file. Provide a full directory path (e.g., C:\\ESAPI\\ESAPI_logging_file) if you
+# want to place it in a specific directory.
+Logger.LogFileName=ESAPI_logging_file
+# MaxLogFileSize, the max size (in bytes) of a single log file before it cuts over to a new one (default is 10,000,000)
+Logger.MaxLogFileSize=10000000
+
+
+#===========================================================================
+# ESAPI Intrusion Detection
+#
+# Each event has a base to which .count, .interval, and .action are added
+# The IntrusionException will fire if we receive "count" events within "interval" seconds
+# The IntrusionDetector is configurable to take the following actions: log, logout, and disable
+#  (multiple actions separated by commas are allowed e.g. event.test.actions=log,disable
+#
+# Custom Events
+# Names must start with "event." as the base
+# Use IntrusionDetector.addEvent( "test" ) in your code to trigger "event.test" here
+# You can also disable intrusion detection completely by changing
+# the following parameter to true
+#
+IntrusionDetector.Disable=false
+#
+IntrusionDetector.event.test.count=2
+IntrusionDetector.event.test.interval=10
+IntrusionDetector.event.test.actions=disable,log
+
+# Exception Events
+# All EnterpriseSecurityExceptions are registered automatically
+# Call IntrusionDetector.getInstance().addException(e) for Exceptions that do not extend EnterpriseSecurityException
+# Use the fully qualified classname of the exception as the base
+
+# any intrusion is an attack
+IntrusionDetector.org.owasp.esapi.errors.IntrusionException.count=1
+IntrusionDetector.org.owasp.esapi.errors.IntrusionException.interval=1
+IntrusionDetector.org.owasp.esapi.errors.IntrusionException.actions=log,disable,logout
+
+# for test purposes
+# CHECKME: Shouldn't there be something in the property name itself that designates
+#		   that these are for testing???
+IntrusionDetector.org.owasp.esapi.errors.IntegrityException.count=10
+IntrusionDetector.org.owasp.esapi.errors.IntegrityException.interval=5
+IntrusionDetector.org.owasp.esapi.errors.IntegrityException.actions=log,disable,logout
+
+# rapid validation errors indicate scans or attacks in progress
+# org.owasp.esapi.errors.ValidationException.count=10
+# org.owasp.esapi.errors.ValidationException.interval=10
+# org.owasp.esapi.errors.ValidationException.actions=log,logout
+
+# sessions jumping between hosts indicates session hijacking
+IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.count=2
+IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.interval=10
+IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.actions=log,logout
+
+
+#===========================================================================
+# ESAPI Validation
+#
+# The ESAPI Validator works on regular expressions with defined names. You can define names
+# either here, or you may define application specific patterns in a separate file defined below.
+# This allows enterprises to specify both organizational standards as well as application specific
+# validation rules.
+#
+#Validator.ConfigurationFile.MultiValued=false
+Validator.ConfigurationFile=validation-test,comma.properties
+
+# Validators used by ESAPI
+Validator.AccountName=^[a-zA-Z0-9]{3,20}$
+Validator.SystemCommand=^[a-zA-Z\\-\\/]{1,64}$
+Validator.RoleName=^[a-z]{1,20}$
+Validator.Redirect=^\\/test.*$
+
+# Global HTTP Validation Rules
+# Values with Base64 encoded data (e.g. encrypted state) will need at least [a-zA-Z0-9\/+=]
+Validator.HTTPScheme=^(http|https)$
+Validator.HTTPServerName=^[a-zA-Z0-9_.\\-]*$
+Validator.HTTPCookieName=^[a-zA-Z0-9\\-_]{1,32}$
+Validator.HTTPCookieValue=^[a-zA-Z0-9\\-\\/+=_ ]*$
+Validator.HTTPHeaderName=^[a-zA-Z0-9\\-_]{1,32}$
+Validator.HTTPHeaderValue=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$
+Validator.HTTPServletPath=^[a-zA-Z0-9.\\-\\/_]*$
+Validator.HTTPPath=^[a-zA-Z0-9.\\-_]*$
+Validator.HTTPURL=^.*$
+Validator.HTTPJSESSIONID=^[A-Z0-9]{10,30}$
+
+# Contributed by Fraenku@gmx.ch
+# Googlecode Issue 116 (http://code.google.com/p/owasp-esapi-java/issues/detail?id=116)
+Validator.HTTPParameterName=^[a-zA-Z0-9_\\-]{1,32}$
+Validator.HTTPParameterValue=^[\\p{L}\\p{N}.\\-/+=_ !$*?@]{0,1000}$
+Validator.HTTPContextPath=^/[a-zA-Z0-9.\\-_]*$
+Validator.HTTPQueryString=^([a-zA-Z0-9_\\-]{1,32}=[\\p{L}\\p{N}.\\-/+=_ !$*?@%]*&?)*$
+Validator.HTTPURI=^/([a-zA-Z0-9.\\-_]*/?)*$
+
+
+# Validation of file related input
+Validator.FileName=^[a-zA-Z0-9!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
+Validator.DirectoryName=^[a-zA-Z0-9:/\\\\!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
+
+# Validation of dates. Controls whether or not 'lenient' dates are accepted.
+# See DataFormat.setLenient(boolean flag) for further details.
 Validator.AcceptLenientDates=false
\ No newline at end of file

From 23e6d43a552369983297c38bfc2e181320495fd8 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Tue, 19 Jan 2016 01:12:42 -0500
Subject: [PATCH 319/812] Address issue 356.

---
 .../ESAPI-DualValidatorFileChecker.properties | 930 +++++++++---------
 1 file changed, 465 insertions(+), 465 deletions(-)

diff --git a/src/test/resources/esapi/ESAPI-DualValidatorFileChecker.properties b/src/test/resources/esapi/ESAPI-DualValidatorFileChecker.properties
index afa1d75f0..040de2038 100644
--- a/src/test/resources/esapi/ESAPI-DualValidatorFileChecker.properties
+++ b/src/test/resources/esapi/ESAPI-DualValidatorFileChecker.properties
@@ -1,466 +1,466 @@
-#
-# OWASP Enterprise Security API (ESAPI) Properties file -- TEST Version
-# 
-# This file is part of the Open Web Application Security Project (OWASP)
-# Enterprise Security API (ESAPI) project. For details, please see
-# http://www.owasp.org/index.php/ESAPI.
-#
-# Copyright (c) 2008,2009 - The OWASP Foundation
-#
-# DISCUSS: This may cause a major backwards compatibility issue, etc. but
-#		   from a name space perspective, we probably should have prefaced
-#		   all the property names with ESAPI or at least OWASP. Otherwise
-#		   there could be problems is someone loads this properties file into
-#		   the System properties.  We could also put this file into the
-#		   esapi.jar file (perhaps as a ResourceBundle) and then allow an external
-#		   ESAPI properties be defined that would overwrite these defaults.
-#		   That keeps the application's properties relatively simple as usually
-#		   they will only want to override a few properties. If looks like we
-#		   already support multiple override levels of this in the
-#		   DefaultSecurityConfiguration class, but I'm suggesting placing the
-#		   defaults in the esapi.jar itself. That way, if the jar is signed,
-#		   we could detect if those properties had been tampered with. (The
-#		   code to check the jar signatures is pretty simple... maybe 70-90 LOC,
-#		   but off course there is an execution penalty (similar to the way
-#		   that the separate sunjce.jar used to be when a class from it was
-#		   first loaded). Thoughts?
-###############################################################################
-#
-# WARNING: Operating system protection should be used to lock down the .esapi
-# resources directory and all the files inside and all the directories all the
-# way up to the root directory of the file system.  Note that if you are using
-# file-based implementations, that some files may need to be read-write as they
-# get updated dynamically.
-#
-# Before using, be sure to update the MasterKey and MasterSalt as described below.
-# N.B.: If you had stored data that you have previously encrypted with ESAPI 1.4,
-#		you *must* FIRST decrypt it using ESAPI 1.4 and then (if so desired)
-#		re-encrypt it with ESAPI 2.0. If you fail to do this, you will NOT be
-#		able to decrypt your data with ESAPI 2.0.
-#
-#		YOU HAVE BEEN WARNED!!! More details are in the ESAPI 2.0 Release Notes.
-#
-#===========================================================================
-# ESAPI Configuration
-#
-# If true, then print all the ESAPI properties set here when they are loaded.
-# If false, they are not printed. Useful to reduce output when running JUnit tests.
-# If you need to troubleshoot a properties related problem, turning this on may help,
-# but we leave it off for running JUnit tests. (It will be 'true' in the one delivered
-# as part of production ESAPI, mostly for backward compatibility.)
-ESAPI.printProperties=false
-
-# ESAPI is designed to be easily extensible. You can use the reference implementation
-# or implement your own providers to take advantage of your enterprise's security
-# infrastructure. The functions in ESAPI are referenced using the ESAPI locator, like:
-#
-#    String ciphertext =
-#		ESAPI.encryptor().encrypt("Secret message");   // Deprecated in 2.0
-#    CipherText cipherText =
-#		ESAPI.encryptor().encrypt(new PlainText("Secret message")); // Preferred
-#
-# Below you can specify the classname for the provider that you wish to use in your
-# application. The only requirement is that it implement the appropriate ESAPI interface.
-# This allows you to switch security implementations in the future without rewriting the
-# entire application.
-#
-# ExperimentalAccessController requires ESAPI-AccessControlPolicy.xml in .esapi directory
-ESAPI.AccessControl=org.owasp.esapi.reference.DefaultAccessController
-# FileBasedAuthenticator requires users.txt file in .esapi directory
-ESAPI.Authenticator=org.owasp.esapi.reference.FileBasedAuthenticator
-ESAPI.Encoder=org.owasp.esapi.reference.DefaultEncoder
-ESAPI.Encryptor=org.owasp.esapi.reference.crypto.JavaEncryptor
-
-ESAPI.Executor=org.owasp.esapi.reference.DefaultExecutor
-ESAPI.HTTPUtilities=org.owasp.esapi.reference.DefaultHTTPUtilities
-ESAPI.IntrusionDetector=org.owasp.esapi.reference.DefaultIntrusionDetector
-# Log4JFactory Requires log4j.xml or log4j.properties in classpath - http://www.laliluna.de/log4j-tutorial.html
-ESAPI.Logger=org.owasp.esapi.reference.Log4JLogFactory
-#ESAPI.Logger=org.owasp.esapi.reference.JavaLogFactory
-#ESAPI.Logger=org.owasp.esapi.reference.ExampleExtendedLog4JLogFactory
-ESAPI.Randomizer=org.owasp.esapi.reference.DefaultRandomizer
-ESAPI.Validator=org.owasp.esapi.reference.DefaultValidator
-
-#===========================================================================
-# ESAPI Authenticator
-#
-Authenticator.AllowedLoginAttempts=3
-Authenticator.MaxOldPasswordHashes=13
-Authenticator.UsernameParameterName=username
-Authenticator.PasswordParameterName=password
-# RememberTokenDuration (in days)
-Authenticator.RememberTokenDuration=14
-# Session Timeouts (in minutes)
-Authenticator.IdleTimeoutDuration=20
-Authenticator.AbsoluteTimeoutDuration=120
-
-#===========================================================================
-# ESAPI Encoder
-#
-# ESAPI canonicalizes input before validation to prevent bypassing filters with encoded attacks.
-# Failure to canonicalize input is a very common mistake when implementing validation schemes.
-# Canonicalization is automatic when using the ESAPI Validator, but you can also use the
-# following code to canonicalize data.
-#
-#      ESAPI.Encoder().canonicalize( "%22hello world&#x22;" );
-#  
-# Multiple encoding is when a single encoding format is applied multiple times. Allowing
-# multiple encoding is strongly discouraged.
-Encoder.AllowMultipleEncoding=false
-
-# Mixed encoding is when multiple different encoding formats are applied, or when
-# multiple formats are nested. Allowing multiple encoding is strongly discouraged.
-Encoder.AllowMixedEncoding=false
-
-# The default list of codecs to apply when canonicalizing untrusted data. The list should include the codecs
-# for all downstream interpreters or decoders. For example, if the data is likely to end up in a URL, HTML, or
-# inside JavaScript, then the list of codecs below is appropriate. The order of the list is not terribly important.
-Encoder.DefaultCodecList=HTMLEntityCodec,PercentCodec,JavaScriptCodec
-
-
-#===========================================================================
-# ESAPI Encryption
-#
-# The ESAPI Encryptor provides basic cryptographic functions with a simplified API.
-# To get started, generate a new key using java -classpath esapi.jar org.owasp.esapi.reference.crypto.JavaEncryptor
-# There is not currently any support for key rotation, so be careful when changing your key and salt as it
-# will invalidate all signed, encrypted, and hashed data.
-#
-# WARNING: Not all combinations of algorithms and key lengths are supported.
-# If you choose to use a key length greater than 128, you MUST download the
-# unlimited strength policy files and install in the lib directory of your JRE/JDK.
-# See http://java.sun.com/javase/downloads/index.jsp for more information.
-#
-# Backward compatibility with ESAPI Java 1.4 is supported by the two deprecated API
-# methods, Encryptor.encrypt(String) and Encryptor.decrypt(String). However, whenever
-# possible, these methods should be avoided as they use ECB cipher mode, which in almost
-# all circumstances a poor choice because of it's weakness. CBC cipher mode is the default
-# for the new Encryptor encrypt / decrypt methods for ESAPI Java 2.0.  In general, you
-# should only use this compatibility setting if you have persistent data encrypted with
-# version 1.4 and even then, you should ONLY set this compatibility mode UNTIL
-# you have decrypted all of your old encrypted data and then re-encrypted it with
-# ESAPI 2.0 using CBC mode. If you have some reason to mix the deprecated 1.4 mode
-# with the new 2.0 methods, make sure that you use the same cipher algorithm for both
-# (256-bit AES was the default for 1.4; 128-bit is the default for 2.0; see below for
-# more details.) Otherwise, you will have to use the new 2.0 encrypt / decrypt methods
-# where you can specify a SecretKey. (Note that if you are using the 256-bit AES,
-# that requires downloading the special jurisdiction policy files mentioned above.)
-#
-#		***** IMPORTANT: These are for JUnit testing. Test files may have been
-#						 encrypted using these values so do not change these or
-#						 those tests will fail. The version under
-#							src/main/resources/.esapi/ESAPI.properties
-#						 will be delivered with Encryptor.MasterKey and
-#						 Encryptor.MasterSalt set to the empty string.
-#
-#						 FINAL NOTE:
-#                           If Maven changes these when run, that needs to be fixed.
-#       256-bit key... requires unlimited strength jurisdiction policy files
-### Encryptor.MasterKey=pJhlri8JbuFYDgkqtHmm9s0Ziug2PE7ovZDyEPm4j14=
-#       128-bit key
-Encryptor.MasterKey=a6H9is3hEVGKB4Jut+lOVA==
-Encryptor.MasterSalt=SbftnvmEWD5ZHHP+pX3fqugNysc=
-# Encryptor.MasterSalt=
-
-# Provides the default JCE provider that ESAPI will "prefer" for its symmetric
-# encryption and hashing. (That is it will look to this provider first, but it
-# will defer to other providers if the requested algorithm is not implemented
-# by this provider.) If left unset, ESAPI will just use your Java VM's current
-# preferred JCE provider, which is generally set in the file
-# "$JAVA_HOME/jre/lib/security/java.security".
-#
-# The main intent of this is to allow ESAPI symmetric encryption to be
-# used with a FIPS 140-2 compliant crypto-module. For details, see the section
-# "Using ESAPI Symmetric Encryption with FIPS 140-2 Cryptographic Modules" in
-# the ESAPI 2.0 Symmetric Encryption User Guide, at:
-# http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html
-# However, this property also allows you to easily use an alternate JCE provider
-# such as "Bouncy Castle" without having to make changes to "java.security".
-# See Javadoc for SecurityProviderLoader for further details. If you wish to use
-# a provider that is not known to SecurityProviderLoader, you may specify the
-# fully-qualified class name of the JCE provider class that implements
-# java.security.Provider. If the name contains a '.', this is interpreted as
-# a fully-qualified class name that implements java.security.Provider.
-#
-# NOTE: Setting this property has the side-effect of changing it in your application
-#       as well, so if you are using JCE in your application directly rather than
-#       through ESAPI (you wouldn't do that, would you? ;-), it will change the
-#       preferred JCE provider there as well.
-#
-# Default: Keeps the JCE provider set to whatever JVM sets it to.
-Encryptor.PreferredJCEProvider=
-
-# AES is the most widely used and strongest encryption algorithm. This
-# should agree with your Encryptor.CipherTransformation property.
-# By default, ESAPI Java 1.4 uses "PBEWithMD5AndDES" and which is
-# very weak. It is essentially a password-based encryption key, hashed
-# with MD5 around 1K times and then encrypted with the weak DES algorithm
-# (56-bits) using ECB mode and an unspecified padding (it is
-# JCE provider specific, but most likely "NoPadding"). However, 2.0 uses
-# "AES/CBC/PKCSPadding". If you want to change these, change them here.
-# Warning: This property does not control the default reference implementation for
-#		   ESAPI 2.0 using JavaEncryptor. Also, this property will be dropped
-#		   in the future.
-# @deprecated
-Encryptor.EncryptionAlgorithm=AES
-#		For ESAPI Java 2.0 - New encrypt / decrypt methods use this.
-Encryptor.CipherTransformation=AES/CBC/PKCS5Padding
-
-# Applies to ESAPI 2.0 and later only!
-# Comma-separated list of cipher modes that provide *BOTH*
-# confidentiality *AND* message authenticity. (NIST refers to such cipher
-# modes as "combined modes" so that's what we shall call them.) If any of these
-# cipher modes are used then no MAC is calculated and stored
-# in the CipherText upon encryption. Likewise, if one of these
-# cipher modes is used with decryption, no attempt will be made
-# to validate the MAC contained in the CipherText object regardless
-# of whether it contains one or not. Since the expectation is that
-# these cipher modes support support message authenticity already,
-# injecting a MAC in the CipherText object would be at best redundant.
-#
-# Note that as of JDK 1.5, the SunJCE provider does not support *any*
-# of these cipher modes. Of these listed, only GCM and CCM are currently
-# NIST approved. YMMV for other JCE providers. E.g., Bouncy Castle supports
-# GCM and CCM with "NoPadding" mode, but not with "PKCS5Padding" or other
-# padding modes.
-Encryptor.cipher_modes.combined_modes=GCM,CCM,IAPM,EAX,OCB,CWC
-
-# Applies to ESAPI 2.0 and later only!
-# Additional cipher modes allowed for ESAPI 2.0 encryption. These
-# cipher modes are in _addition_ to those specified by the property
-# 'Encryptor.cipher_modes.combined_modes'.
-# Note: We will add support for streaming modes like CFB & OFB once
-# we add support for 'specified' to the property 'Encryptor.ChooseIVMethod'
-# (probably in ESAPI 2.1).
-#
-#	IMPORTANT NOTE:	In the official ESAPI.properties we do *NOT* include ECB
-#					here as this is an extremely weak mode. However, we *must*
-#					allow it here so we can test ECB mode. That is important
-#					since the logic is somewhat different (i.e., ECB mode does
-#					not use an IV).
-# DISCUSS: Better name?
-#	NOTE: ECB added only for testing purposes. Don't try this at home!
-Encryptor.cipher_modes.additional_allowed=CBC,ECB
-
-# 128-bit is almost always sufficient and appears to be more resistant to
-# related key attacks than is 256-bit AES. Use '_' to use default key size
-# for cipher algorithms (where it makes sense because the algorithm supports
-# a variable key size). Key length must agree to what's provided as the
-# cipher transformation, otherwise this will be ignored after logging a
-# warning.
-#
-# NOTE: This is what applies BOTH ESAPI 1.4 and 2.0. See warning above about mixing!
-Encryptor.EncryptionKeyLength=128
-
-# Because 2.0 uses CBC mode by default, it requires an initialization vector (IV).
-# (All cipher modes except ECB require an IV.) There are two choices: we can either
-# use a fixed IV known to both parties or allow ESAPI to choose a random IV. While
-# the IV does not need to be hidden from adversaries, it is important that the
-# adversary not be allowed to choose it. Also, random IVs are generally much more
-# secure than fixed IVs. (In fact, it is essential that feed-back cipher modes
-# such as CFB and OFB use a different IV for each encryption with a given key so
-# in such cases, random IVs are much preferred. By default, ESAPI 2.0 uses random
-# IVs. If you wish to use 'fixed' IVs, set 'Encryptor.ChooseIVMethod=fixed' and
-# uncomment the Encryptor.fixedIV.
-#
-# Valid values:		random|fixed|specified		'specified' not yet implemented; planned for 2.1
-Encryptor.ChooseIVMethod=random
-# If you choose to use a fixed IV, then you must place a fixed IV here that
-# is known to all others who are sharing your secret key. The format should
-# be a hex string that is the same length as the cipher block size for the
-# cipher algorithm that you are using. The following is an example for AES
-# from an AES test vector for AES-128/CBC as described in:
-# NIST Special Publication 800-38A (2001 Edition)
-# "Recommendation for Block Cipher Modes of Operation".
-# (Note that the block size for AES is 16 bytes == 128 bits.)
-#
-Encryptor.fixedIV=0x000102030405060708090a0b0c0d0e0f
-
-# Whether or not CipherText should use a message authentication code (MAC) with it.
-# This prevents an adversary from altering the IV as well as allowing a more
-# fool-proof way of determining the decryption failed because of an incorrect
-# key being supplied. This refers to the "separate" MAC calculated and stored
-# in CipherText, not part of any MAC that is calculated as a result of a
-# "combined mode" cipher mode.
-#
-# If you are using ESAPI with a FIPS 140-2 cryptographic module, you *must* also
-# set this property to false.
-Encryptor.CipherText.useMAC=true
-
-# Whether or not the PlainText object may be overwritten and then marked
-# eligible for garbage collection. If not set, this is still treated as 'true'.
-Encryptor.PlainText.overwrite=true
-
-# Do not use DES except in a legacy situations. 56-bit is way too small key size.
-#Encryptor.EncryptionKeyLength=56
-#Encryptor.EncryptionAlgorithm=DES
-
-# TripleDES is considered strong enough for most purposes.
-#	Note:	There is also a 112-bit version of DESede. Using the 168-bit version
-#			requires downloading the special jurisdiction policy from Sun.
-#Encryptor.EncryptionKeyLength=168
-#Encryptor.EncryptionAlgorithm=DESede
-
-Encryptor.HashAlgorithm=SHA-512
-Encryptor.HashIterations=1024
-Encryptor.DigitalSignatureAlgorithm=SHA1withDSA
-Encryptor.DigitalSignatureKeyLength=1024
-Encryptor.RandomAlgorithm=SHA1PRNG
-Encryptor.CharacterEncoding=UTF-8
-# Currently supported choices for JDK 1.5 and 1.6 are:
-#	HmacSHA1 (160 bits), HmacSHA256 (256 bits), HmacSHA384 (384 bits), and
-#	HmacSHA512 (512 bits).
-# Note that HmacMD5 is *not* supported for the PRF used by the KDF even though
-# these JDKs support it.
-Encryptor.KDF.PRF=HmacSHA256
-
-#===========================================================================
-# ESAPI HttpUtilties
-#
-# The HttpUtilities provide basic protections to HTTP requests and responses. Primarily these methods 
-# protect against malicious data from attackers, such as unprintable characters, escaped characters,
-# and other simple attacks. The HttpUtilities also provides utility methods for dealing with cookies,
-# headers, and CSRF tokens.
-#
-# Default file upload location (remember to escape backslashes with \\)
-HttpUtilities.UploadDir=C:\\ESAPI\\testUpload
-# let this default to java.io.tmpdir for testing
-#HttpUtilities.UploadTempDir=C:\\temp
-# Force flags on cookies, if you use HttpUtilities to set cookies
-HttpUtilities.ForceHttpOnlySession=false
-HttpUtilities.ForceSecureSession=false
-HttpUtilities.ForceHttpOnlyCookies=true
-HttpUtilities.ForceSecureCookies=true
-# Maximum size of HTTP headers
-HttpUtilities.MaxHeaderSize=4096
-# File upload configuration
-HttpUtilities.ApprovedUploadExtensions=.zip,.pdf,.doc,.docx,.ppt,.pptx,.tar,.gz,.tgz,.rar,.war,.jar,.ear,.xls,.rtf,.properties,.java,.class,.txt,.xml,.jsp,.jsf,.exe,.dll
-HttpUtilities.MaxUploadFileBytes=500000000
-# Using UTF-8 throughout your stack is highly recommended. That includes your database driver,
-# container, and any other technologies you may be using. Failure to do this may expose you
-# to Unicode transcoding injection attacks. Use of UTF-8 does not hinder internationalization.
-HttpUtilities.ResponseContentType=text/html; charset=UTF-8
-# This is the name of the cookie used to represent the HTTP session
-# Typically this will be the default "JSESSIONID" 
-HttpUtilities.HttpSessionIdName=JSESSIONID
-
-
-
-#===========================================================================
-# ESAPI Executor
-# CHECKME - Not sure what this is used for, but surely it should be made OS independent.
-Executor.WorkingDirectory=C:\\Windows\\Temp
-Executor.ApprovedExecutables=C:\\Windows\\System32\\cmd.exe,C:\\Windows\\System32\\runas.exe
-
-
-#===========================================================================
-# ESAPI Logging
-# Set the application name if these logs are combined with other applications
-Logger.ApplicationName=ExampleApplication
-# If you use an HTML log viewer that does not properly HTML escape log data, you can set LogEncodingRequired to true
-Logger.LogEncodingRequired=false
-# Determines whether ESAPI should log the application name. This might be clutter in some single-server/single-app environments.
-Logger.LogApplicationName=true
-# Determines whether ESAPI should log the server IP and port. This might be clutter in some single-server environments.
-Logger.LogServerIP=true
-# LogFileName, the name of the logging file. Provide a full directory path (e.g., C:\\ESAPI\\ESAPI_logging_file) if you
-# want to place it in a specific directory.
-Logger.LogFileName=ESAPI_logging_file
-# MaxLogFileSize, the max size (in bytes) of a single log file before it cuts over to a new one (default is 10,000,000)
-Logger.MaxLogFileSize=10000000
-
-
-#===========================================================================
-# ESAPI Intrusion Detection
-#
-# Each event has a base to which .count, .interval, and .action are added
-# The IntrusionException will fire if we receive "count" events within "interval" seconds
-# The IntrusionDetector is configurable to take the following actions: log, logout, and disable
-#  (multiple actions separated by commas are allowed e.g. event.test.actions=log,disable
-#
-# Custom Events
-# Names must start with "event." as the base
-# Use IntrusionDetector.addEvent( "test" ) in your code to trigger "event.test" here
-# You can also disable intrusion detection completely by changing
-# the following parameter to true
-#
-IntrusionDetector.Disable=false
-#
-IntrusionDetector.event.test.count=2
-IntrusionDetector.event.test.interval=10
-IntrusionDetector.event.test.actions=disable,log
-
-# Exception Events
-# All EnterpriseSecurityExceptions are registered automatically
-# Call IntrusionDetector.getInstance().addException(e) for Exceptions that do not extend EnterpriseSecurityException
-# Use the fully qualified classname of the exception as the base
-
-# any intrusion is an attack
-IntrusionDetector.org.owasp.esapi.errors.IntrusionException.count=1
-IntrusionDetector.org.owasp.esapi.errors.IntrusionException.interval=1
-IntrusionDetector.org.owasp.esapi.errors.IntrusionException.actions=log,disable,logout
-
-# for test purposes
-# CHECKME: Shouldn't there be something in the property name itself that designates
-#		   that these are for testing???
-IntrusionDetector.org.owasp.esapi.errors.IntegrityException.count=10
-IntrusionDetector.org.owasp.esapi.errors.IntegrityException.interval=5
-IntrusionDetector.org.owasp.esapi.errors.IntegrityException.actions=log,disable,logout
-
-# rapid validation errors indicate scans or attacks in progress
-# org.owasp.esapi.errors.ValidationException.count=10
-# org.owasp.esapi.errors.ValidationException.interval=10
-# org.owasp.esapi.errors.ValidationException.actions=log,logout
-
-# sessions jumping between hosts indicates session hijacking
-IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.count=2
-IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.interval=10
-IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.actions=log,logout
-
-
-#===========================================================================
-# ESAPI Validation
-#
-# The ESAPI Validator works on regular expressions with defined names. You can define names
-# either here, or you may define application specific patterns in a separate file defined below.
-# This allows enterprises to specify both organizational standards as well as application specific
-# validation rules.
-#
-Validator.ConfigurationFile.MultiValued=true
-Validator.ConfigurationFile=validation-test1.properties,validation-test2.properties
-
-# Validators used by ESAPI
-Validator.AccountName=^[a-zA-Z0-9]{3,20}$
-Validator.SystemCommand=^[a-zA-Z\\-\\/]{1,64}$
-Validator.RoleName=^[a-z]{1,20}$
-Validator.Redirect=^\\/test.*$
-
-# Global HTTP Validation Rules
-# Values with Base64 encoded data (e.g. encrypted state) will need at least [a-zA-Z0-9\/+=]
-Validator.HTTPScheme=^(http|https)$
-Validator.HTTPServerName=^[a-zA-Z0-9_.\\-]*$
-Validator.HTTPCookieName=^[a-zA-Z0-9\\-_]{1,32}$
-Validator.HTTPCookieValue=^[a-zA-Z0-9\\-\\/+=_ ]*$
-Validator.HTTPHeaderName=^[a-zA-Z0-9\\-_]{1,32}$
-Validator.HTTPHeaderValue=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$
-Validator.HTTPServletPath=^[a-zA-Z0-9.\\-\\/_]*$
-Validator.HTTPPath=^[a-zA-Z0-9.\\-_]*$
-Validator.HTTPURL=^.*$
-Validator.HTTPJSESSIONID=^[A-Z0-9]{10,30}$
-
-# Contributed by Fraenku@gmx.ch
-# Googlecode Issue 116 (http://code.google.com/p/owasp-esapi-java/issues/detail?id=116)
-Validator.HTTPParameterName=^[a-zA-Z0-9_\\-]{1,32}$
-Validator.HTTPParameterValue=^[\\p{L}\\p{N}.\\-/+=_ !$*?@]{0,1000}$
-Validator.HTTPContextPath=^/[a-zA-Z0-9.\\-_]*$
-Validator.HTTPQueryString=^([a-zA-Z0-9_\\-]{1,32}=[\\p{L}\\p{N}.\\-/+=_ !$*?@%]*&?)*$
-Validator.HTTPURI=^/([a-zA-Z0-9.\\-_]*/?)*$
-
-
-# Validation of file related input
-Validator.FileName=^[a-zA-Z0-9!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
-Validator.DirectoryName=^[a-zA-Z0-9:/\\\\!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
-
-# Validation of dates. Controls whether or not 'lenient' dates are accepted.
-# See DataFormat.setLenient(boolean flag) for further details.
+#
+# OWASP Enterprise Security API (ESAPI) Properties file -- TEST Version
+# 
+# This file is part of the Open Web Application Security Project (OWASP)
+# Enterprise Security API (ESAPI) project. For details, please see
+# http://www.owasp.org/index.php/ESAPI.
+#
+# Copyright (c) 2008,2009 - The OWASP Foundation
+#
+# DISCUSS: This may cause a major backwards compatibility issue, etc. but
+#		   from a name space perspective, we probably should have prefaced
+#		   all the property names with ESAPI or at least OWASP. Otherwise
+#		   there could be problems is someone loads this properties file into
+#		   the System properties.  We could also put this file into the
+#		   esapi.jar file (perhaps as a ResourceBundle) and then allow an external
+#		   ESAPI properties be defined that would overwrite these defaults.
+#		   That keeps the application's properties relatively simple as usually
+#		   they will only want to override a few properties. If looks like we
+#		   already support multiple override levels of this in the
+#		   DefaultSecurityConfiguration class, but I'm suggesting placing the
+#		   defaults in the esapi.jar itself. That way, if the jar is signed,
+#		   we could detect if those properties had been tampered with. (The
+#		   code to check the jar signatures is pretty simple... maybe 70-90 LOC,
+#		   but off course there is an execution penalty (similar to the way
+#		   that the separate sunjce.jar used to be when a class from it was
+#		   first loaded). Thoughts?
+###############################################################################
+#
+# WARNING: Operating system protection should be used to lock down the .esapi
+# resources directory and all the files inside and all the directories all the
+# way up to the root directory of the file system.  Note that if you are using
+# file-based implementations, that some files may need to be read-write as they
+# get updated dynamically.
+#
+# Before using, be sure to update the MasterKey and MasterSalt as described below.
+# N.B.: If you had stored data that you have previously encrypted with ESAPI 1.4,
+#		you *must* FIRST decrypt it using ESAPI 1.4 and then (if so desired)
+#		re-encrypt it with ESAPI 2.0. If you fail to do this, you will NOT be
+#		able to decrypt your data with ESAPI 2.0.
+#
+#		YOU HAVE BEEN WARNED!!! More details are in the ESAPI 2.0 Release Notes.
+#
+#===========================================================================
+# ESAPI Configuration
+#
+# If true, then print all the ESAPI properties set here when they are loaded.
+# If false, they are not printed. Useful to reduce output when running JUnit tests.
+# If you need to troubleshoot a properties related problem, turning this on may help,
+# but we leave it off for running JUnit tests. (It will be 'true' in the one delivered
+# as part of production ESAPI, mostly for backward compatibility.)
+ESAPI.printProperties=false
+
+# ESAPI is designed to be easily extensible. You can use the reference implementation
+# or implement your own providers to take advantage of your enterprise's security
+# infrastructure. The functions in ESAPI are referenced using the ESAPI locator, like:
+#
+#    String ciphertext =
+#		ESAPI.encryptor().encrypt("Secret message");   // Deprecated in 2.0
+#    CipherText cipherText =
+#		ESAPI.encryptor().encrypt(new PlainText("Secret message")); // Preferred
+#
+# Below you can specify the classname for the provider that you wish to use in your
+# application. The only requirement is that it implement the appropriate ESAPI interface.
+# This allows you to switch security implementations in the future without rewriting the
+# entire application.
+#
+# ExperimentalAccessController requires ESAPI-AccessControlPolicy.xml in .esapi directory
+ESAPI.AccessControl=org.owasp.esapi.reference.DefaultAccessController
+# FileBasedAuthenticator requires users.txt file in .esapi directory
+ESAPI.Authenticator=org.owasp.esapi.reference.FileBasedAuthenticator
+ESAPI.Encoder=org.owasp.esapi.reference.DefaultEncoder
+ESAPI.Encryptor=org.owasp.esapi.reference.crypto.JavaEncryptor
+
+ESAPI.Executor=org.owasp.esapi.reference.DefaultExecutor
+ESAPI.HTTPUtilities=org.owasp.esapi.reference.DefaultHTTPUtilities
+ESAPI.IntrusionDetector=org.owasp.esapi.reference.DefaultIntrusionDetector
+# Log4JFactory Requires log4j.xml or log4j.properties in classpath - http://www.laliluna.de/log4j-tutorial.html
+ESAPI.Logger=org.owasp.esapi.reference.Log4JLogFactory
+#ESAPI.Logger=org.owasp.esapi.reference.JavaLogFactory
+#ESAPI.Logger=org.owasp.esapi.reference.ExampleExtendedLog4JLogFactory
+ESAPI.Randomizer=org.owasp.esapi.reference.DefaultRandomizer
+ESAPI.Validator=org.owasp.esapi.reference.DefaultValidator
+
+#===========================================================================
+# ESAPI Authenticator
+#
+Authenticator.AllowedLoginAttempts=3
+Authenticator.MaxOldPasswordHashes=13
+Authenticator.UsernameParameterName=username
+Authenticator.PasswordParameterName=password
+# RememberTokenDuration (in days)
+Authenticator.RememberTokenDuration=14
+# Session Timeouts (in minutes)
+Authenticator.IdleTimeoutDuration=20
+Authenticator.AbsoluteTimeoutDuration=120
+
+#===========================================================================
+# ESAPI Encoder
+#
+# ESAPI canonicalizes input before validation to prevent bypassing filters with encoded attacks.
+# Failure to canonicalize input is a very common mistake when implementing validation schemes.
+# Canonicalization is automatic when using the ESAPI Validator, but you can also use the
+# following code to canonicalize data.
+#
+#      ESAPI.Encoder().canonicalize( "%22hello world&#x22;" );
+#  
+# Multiple encoding is when a single encoding format is applied multiple times. Allowing
+# multiple encoding is strongly discouraged.
+Encoder.AllowMultipleEncoding=false
+
+# Mixed encoding is when multiple different encoding formats are applied, or when
+# multiple formats are nested. Allowing multiple encoding is strongly discouraged.
+Encoder.AllowMixedEncoding=false
+
+# The default list of codecs to apply when canonicalizing untrusted data. The list should include the codecs
+# for all downstream interpreters or decoders. For example, if the data is likely to end up in a URL, HTML, or
+# inside JavaScript, then the list of codecs below is appropriate. The order of the list is not terribly important.
+Encoder.DefaultCodecList=HTMLEntityCodec,PercentCodec,JavaScriptCodec
+
+
+#===========================================================================
+# ESAPI Encryption
+#
+# The ESAPI Encryptor provides basic cryptographic functions with a simplified API.
+# To get started, generate a new key using java -classpath esapi.jar org.owasp.esapi.reference.crypto.JavaEncryptor
+# There is not currently any support for key rotation, so be careful when changing your key and salt as it
+# will invalidate all signed, encrypted, and hashed data.
+#
+# WARNING: Not all combinations of algorithms and key lengths are supported.
+# If you choose to use a key length greater than 128, you MUST download the
+# unlimited strength policy files and install in the lib directory of your JRE/JDK.
+# See http://java.sun.com/javase/downloads/index.jsp for more information.
+#
+# Backward compatibility with ESAPI Java 1.4 is supported by the two deprecated API
+# methods, Encryptor.encrypt(String) and Encryptor.decrypt(String). However, whenever
+# possible, these methods should be avoided as they use ECB cipher mode, which in almost
+# all circumstances a poor choice because of it's weakness. CBC cipher mode is the default
+# for the new Encryptor encrypt / decrypt methods for ESAPI Java 2.0.  In general, you
+# should only use this compatibility setting if you have persistent data encrypted with
+# version 1.4 and even then, you should ONLY set this compatibility mode UNTIL
+# you have decrypted all of your old encrypted data and then re-encrypted it with
+# ESAPI 2.0 using CBC mode. If you have some reason to mix the deprecated 1.4 mode
+# with the new 2.0 methods, make sure that you use the same cipher algorithm for both
+# (256-bit AES was the default for 1.4; 128-bit is the default for 2.0; see below for
+# more details.) Otherwise, you will have to use the new 2.0 encrypt / decrypt methods
+# where you can specify a SecretKey. (Note that if you are using the 256-bit AES,
+# that requires downloading the special jurisdiction policy files mentioned above.)
+#
+#		***** IMPORTANT: These are for JUnit testing. Test files may have been
+#						 encrypted using these values so do not change these or
+#						 those tests will fail. The version under
+#							src/main/resources/.esapi/ESAPI.properties
+#						 will be delivered with Encryptor.MasterKey and
+#						 Encryptor.MasterSalt set to the empty string.
+#
+#						 FINAL NOTE:
+#                           If Maven changes these when run, that needs to be fixed.
+#       256-bit key... requires unlimited strength jurisdiction policy files
+### Encryptor.MasterKey=pJhlri8JbuFYDgkqtHmm9s0Ziug2PE7ovZDyEPm4j14=
+#       128-bit key
+Encryptor.MasterKey=a6H9is3hEVGKB4Jut+lOVA==
+Encryptor.MasterSalt=SbftnvmEWD5ZHHP+pX3fqugNysc=
+# Encryptor.MasterSalt=
+
+# Provides the default JCE provider that ESAPI will "prefer" for its symmetric
+# encryption and hashing. (That is it will look to this provider first, but it
+# will defer to other providers if the requested algorithm is not implemented
+# by this provider.) If left unset, ESAPI will just use your Java VM's current
+# preferred JCE provider, which is generally set in the file
+# "$JAVA_HOME/jre/lib/security/java.security".
+#
+# The main intent of this is to allow ESAPI symmetric encryption to be
+# used with a FIPS 140-2 compliant crypto-module. For details, see the section
+# "Using ESAPI Symmetric Encryption with FIPS 140-2 Cryptographic Modules" in
+# the ESAPI 2.0 Symmetric Encryption User Guide, at:
+# http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html
+# However, this property also allows you to easily use an alternate JCE provider
+# such as "Bouncy Castle" without having to make changes to "java.security".
+# See Javadoc for SecurityProviderLoader for further details. If you wish to use
+# a provider that is not known to SecurityProviderLoader, you may specify the
+# fully-qualified class name of the JCE provider class that implements
+# java.security.Provider. If the name contains a '.', this is interpreted as
+# a fully-qualified class name that implements java.security.Provider.
+#
+# NOTE: Setting this property has the side-effect of changing it in your application
+#       as well, so if you are using JCE in your application directly rather than
+#       through ESAPI (you wouldn't do that, would you? ;-), it will change the
+#       preferred JCE provider there as well.
+#
+# Default: Keeps the JCE provider set to whatever JVM sets it to.
+Encryptor.PreferredJCEProvider=
+
+# AES is the most widely used and strongest encryption algorithm. This
+# should agree with your Encryptor.CipherTransformation property.
+# By default, ESAPI Java 1.4 uses "PBEWithMD5AndDES" and which is
+# very weak. It is essentially a password-based encryption key, hashed
+# with MD5 around 1K times and then encrypted with the weak DES algorithm
+# (56-bits) using ECB mode and an unspecified padding (it is
+# JCE provider specific, but most likely "NoPadding"). However, 2.0 uses
+# "AES/CBC/PKCSPadding". If you want to change these, change them here.
+# Warning: This property does not control the default reference implementation for
+#		   ESAPI 2.0 using JavaEncryptor. Also, this property will be dropped
+#		   in the future.
+# @deprecated
+Encryptor.EncryptionAlgorithm=AES
+#		For ESAPI Java 2.0 - New encrypt / decrypt methods use this.
+Encryptor.CipherTransformation=AES/CBC/PKCS5Padding
+
+# Applies to ESAPI 2.0 and later only!
+# Comma-separated list of cipher modes that provide *BOTH*
+# confidentiality *AND* message authenticity. (NIST refers to such cipher
+# modes as "combined modes" so that's what we shall call them.) If any of these
+# cipher modes are used then no MAC is calculated and stored
+# in the CipherText upon encryption. Likewise, if one of these
+# cipher modes is used with decryption, no attempt will be made
+# to validate the MAC contained in the CipherText object regardless
+# of whether it contains one or not. Since the expectation is that
+# these cipher modes support support message authenticity already,
+# injecting a MAC in the CipherText object would be at best redundant.
+#
+# Note that as of JDK 1.5, the SunJCE provider does not support *any*
+# of these cipher modes. Of these listed, only GCM and CCM are currently
+# NIST approved. YMMV for other JCE providers. E.g., Bouncy Castle supports
+# GCM and CCM with "NoPadding" mode, but not with "PKCS5Padding" or other
+# padding modes.
+Encryptor.cipher_modes.combined_modes=GCM,CCM,IAPM,EAX,OCB,CWC
+
+# Applies to ESAPI 2.0 and later only!
+# Additional cipher modes allowed for ESAPI 2.0 encryption. These
+# cipher modes are in _addition_ to those specified by the property
+# 'Encryptor.cipher_modes.combined_modes'.
+# Note: We will add support for streaming modes like CFB & OFB once
+# we add support for 'specified' to the property 'Encryptor.ChooseIVMethod'
+# (probably in ESAPI 2.1).
+#
+#	IMPORTANT NOTE:	In the official ESAPI.properties we do *NOT* include ECB
+#					here as this is an extremely weak mode. However, we *must*
+#					allow it here so we can test ECB mode. That is important
+#					since the logic is somewhat different (i.e., ECB mode does
+#					not use an IV).
+# DISCUSS: Better name?
+#	NOTE: ECB added only for testing purposes. Don't try this at home!
+Encryptor.cipher_modes.additional_allowed=CBC,ECB
+
+# 128-bit is almost always sufficient and appears to be more resistant to
+# related key attacks than is 256-bit AES. Use '_' to use default key size
+# for cipher algorithms (where it makes sense because the algorithm supports
+# a variable key size). Key length must agree to what's provided as the
+# cipher transformation, otherwise this will be ignored after logging a
+# warning.
+#
+# NOTE: This is what applies BOTH ESAPI 1.4 and 2.0. See warning above about mixing!
+Encryptor.EncryptionKeyLength=128
+
+# Because 2.0 uses CBC mode by default, it requires an initialization vector (IV).
+# (All cipher modes except ECB require an IV.) There are two choices: we can either
+# use a fixed IV known to both parties or allow ESAPI to choose a random IV. While
+# the IV does not need to be hidden from adversaries, it is important that the
+# adversary not be allowed to choose it. Also, random IVs are generally much more
+# secure than fixed IVs. (In fact, it is essential that feed-back cipher modes
+# such as CFB and OFB use a different IV for each encryption with a given key so
+# in such cases, random IVs are much preferred. By default, ESAPI 2.0 uses random
+# IVs. If you wish to use 'fixed' IVs, set 'Encryptor.ChooseIVMethod=fixed' and
+# uncomment the Encryptor.fixedIV.
+#
+# Valid values:		random|fixed|specified		'specified' not yet implemented; planned for 2.1
+Encryptor.ChooseIVMethod=random
+# If you choose to use a fixed IV, then you must place a fixed IV here that
+# is known to all others who are sharing your secret key. The format should
+# be a hex string that is the same length as the cipher block size for the
+# cipher algorithm that you are using. The following is an example for AES
+# from an AES test vector for AES-128/CBC as described in:
+# NIST Special Publication 800-38A (2001 Edition)
+# "Recommendation for Block Cipher Modes of Operation".
+# (Note that the block size for AES is 16 bytes == 128 bits.)
+#
+Encryptor.fixedIV=0x000102030405060708090a0b0c0d0e0f
+
+# Whether or not CipherText should use a message authentication code (MAC) with it.
+# This prevents an adversary from altering the IV as well as allowing a more
+# fool-proof way of determining the decryption failed because of an incorrect
+# key being supplied. This refers to the "separate" MAC calculated and stored
+# in CipherText, not part of any MAC that is calculated as a result of a
+# "combined mode" cipher mode.
+#
+# If you are using ESAPI with a FIPS 140-2 cryptographic module, you *must* also
+# set this property to false.
+Encryptor.CipherText.useMAC=true
+
+# Whether or not the PlainText object may be overwritten and then marked
+# eligible for garbage collection. If not set, this is still treated as 'true'.
+Encryptor.PlainText.overwrite=true
+
+# Do not use DES except in a legacy situations. 56-bit is way too small key size.
+#Encryptor.EncryptionKeyLength=56
+#Encryptor.EncryptionAlgorithm=DES
+
+# TripleDES is considered strong enough for most purposes.
+#	Note:	There is also a 112-bit version of DESede. Using the 168-bit version
+#			requires downloading the special jurisdiction policy from Sun.
+#Encryptor.EncryptionKeyLength=168
+#Encryptor.EncryptionAlgorithm=DESede
+
+Encryptor.HashAlgorithm=SHA-512
+Encryptor.HashIterations=1024
+Encryptor.DigitalSignatureAlgorithm=SHA1withDSA
+Encryptor.DigitalSignatureKeyLength=1024
+Encryptor.RandomAlgorithm=SHA1PRNG
+Encryptor.CharacterEncoding=UTF-8
+# Currently supported choices for JDK 1.5 and 1.6 are:
+#	HmacSHA1 (160 bits), HmacSHA256 (256 bits), HmacSHA384 (384 bits), and
+#	HmacSHA512 (512 bits).
+# Note that HmacMD5 is *not* supported for the PRF used by the KDF even though
+# these JDKs support it.
+Encryptor.KDF.PRF=HmacSHA256
+
+#===========================================================================
+# ESAPI HttpUtilties
+#
+# The HttpUtilities provide basic protections to HTTP requests and responses. Primarily these methods 
+# protect against malicious data from attackers, such as unprintable characters, escaped characters,
+# and other simple attacks. The HttpUtilities also provides utility methods for dealing with cookies,
+# headers, and CSRF tokens.
+#
+# Default file upload location (remember to escape backslashes with \\)
+HttpUtilities.UploadDir=C:\\ESAPI\\testUpload
+# let this default to java.io.tmpdir for testing
+#HttpUtilities.UploadTempDir=C:\\temp
+# Force flags on cookies, if you use HttpUtilities to set cookies
+HttpUtilities.ForceHttpOnlySession=false
+HttpUtilities.ForceSecureSession=false
+HttpUtilities.ForceHttpOnlyCookies=true
+HttpUtilities.ForceSecureCookies=true
+# Maximum size of HTTP headers
+HttpUtilities.MaxHeaderSize=4096
+# File upload configuration
+HttpUtilities.ApprovedUploadExtensions=.zip,.pdf,.doc,.docx,.ppt,.pptx,.tar,.gz,.tgz,.rar,.war,.jar,.ear,.xls,.rtf,.properties,.java,.class,.txt,.xml,.jsp,.jsf,.exe,.dll
+HttpUtilities.MaxUploadFileBytes=500000000
+# Using UTF-8 throughout your stack is highly recommended. That includes your database driver,
+# container, and any other technologies you may be using. Failure to do this may expose you
+# to Unicode transcoding injection attacks. Use of UTF-8 does not hinder internationalization.
+HttpUtilities.ResponseContentType=text/html; charset=UTF-8
+# This is the name of the cookie used to represent the HTTP session
+# Typically this will be the default "JSESSIONID" 
+HttpUtilities.HttpSessionIdName=JSESSIONID
+
+
+
+#===========================================================================
+# ESAPI Executor
+# CHECKME - Not sure what this is used for, but surely it should be made OS independent.
+Executor.WorkingDirectory=C:\\Windows\\Temp
+Executor.ApprovedExecutables=C:\\Windows\\System32\\cmd.exe,C:\\Windows\\System32\\runas.exe
+
+
+#===========================================================================
+# ESAPI Logging
+# Set the application name if these logs are combined with other applications
+Logger.ApplicationName=ExampleApplication
+# If you use an HTML log viewer that does not properly HTML escape log data, you can set LogEncodingRequired to true
+Logger.LogEncodingRequired=false
+# Determines whether ESAPI should log the application name. This might be clutter in some single-server/single-app environments.
+Logger.LogApplicationName=true
+# Determines whether ESAPI should log the server IP and port. This might be clutter in some single-server environments.
+Logger.LogServerIP=true
+# LogFileName, the name of the logging file. Provide a full directory path (e.g., C:\\ESAPI\\ESAPI_logging_file) if you
+# want to place it in a specific directory.
+Logger.LogFileName=ESAPI_logging_file
+# MaxLogFileSize, the max size (in bytes) of a single log file before it cuts over to a new one (default is 10,000,000)
+Logger.MaxLogFileSize=10000000
+
+
+#===========================================================================
+# ESAPI Intrusion Detection
+#
+# Each event has a base to which .count, .interval, and .action are added
+# The IntrusionException will fire if we receive "count" events within "interval" seconds
+# The IntrusionDetector is configurable to take the following actions: log, logout, and disable
+#  (multiple actions separated by commas are allowed e.g. event.test.actions=log,disable
+#
+# Custom Events
+# Names must start with "event." as the base
+# Use IntrusionDetector.addEvent( "test" ) in your code to trigger "event.test" here
+# You can also disable intrusion detection completely by changing
+# the following parameter to true
+#
+IntrusionDetector.Disable=false
+#
+IntrusionDetector.event.test.count=2
+IntrusionDetector.event.test.interval=10
+IntrusionDetector.event.test.actions=disable,log
+
+# Exception Events
+# All EnterpriseSecurityExceptions are registered automatically
+# Call IntrusionDetector.getInstance().addException(e) for Exceptions that do not extend EnterpriseSecurityException
+# Use the fully qualified classname of the exception as the base
+
+# any intrusion is an attack
+IntrusionDetector.org.owasp.esapi.errors.IntrusionException.count=1
+IntrusionDetector.org.owasp.esapi.errors.IntrusionException.interval=1
+IntrusionDetector.org.owasp.esapi.errors.IntrusionException.actions=log,disable,logout
+
+# for test purposes
+# CHECKME: Shouldn't there be something in the property name itself that designates
+#		   that these are for testing???
+IntrusionDetector.org.owasp.esapi.errors.IntegrityException.count=10
+IntrusionDetector.org.owasp.esapi.errors.IntegrityException.interval=5
+IntrusionDetector.org.owasp.esapi.errors.IntegrityException.actions=log,disable,logout
+
+# rapid validation errors indicate scans or attacks in progress
+# org.owasp.esapi.errors.ValidationException.count=10
+# org.owasp.esapi.errors.ValidationException.interval=10
+# org.owasp.esapi.errors.ValidationException.actions=log,logout
+
+# sessions jumping between hosts indicates session hijacking
+IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.count=2
+IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.interval=10
+IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.actions=log,logout
+
+
+#===========================================================================
+# ESAPI Validation
+#
+# The ESAPI Validator works on regular expressions with defined names. You can define names
+# either here, or you may define application specific patterns in a separate file defined below.
+# This allows enterprises to specify both organizational standards as well as application specific
+# validation rules.
+#
+Validator.ConfigurationFile.MultiValued=true
+Validator.ConfigurationFile=validation-test1.properties,validation-test2.properties
+
+# Validators used by ESAPI
+Validator.AccountName=^[a-zA-Z0-9]{3,20}$
+Validator.SystemCommand=^[a-zA-Z\\-\\/]{1,64}$
+Validator.RoleName=^[a-z]{1,20}$
+Validator.Redirect=^\\/test.*$
+
+# Global HTTP Validation Rules
+# Values with Base64 encoded data (e.g. encrypted state) will need at least [a-zA-Z0-9\/+=]
+Validator.HTTPScheme=^(http|https)$
+Validator.HTTPServerName=^[a-zA-Z0-9_.\\-]*$
+Validator.HTTPCookieName=^[a-zA-Z0-9\\-_]{1,32}$
+Validator.HTTPCookieValue=^[a-zA-Z0-9\\-\\/+=_ ]*$
+Validator.HTTPHeaderName=^[a-zA-Z0-9\\-_]{1,32}$
+Validator.HTTPHeaderValue=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$
+Validator.HTTPServletPath=^[a-zA-Z0-9.\\-\\/_]*$
+Validator.HTTPPath=^[a-zA-Z0-9.\\-_]*$
+Validator.HTTPURL=^.*$
+Validator.HTTPJSESSIONID=^[A-Z0-9]{10,30}$
+
+# Contributed by Fraenku@gmx.ch
+# Googlecode Issue 116 (http://code.google.com/p/owasp-esapi-java/issues/detail?id=116)
+Validator.HTTPParameterName=^[a-zA-Z0-9_\\-]{1,32}$
+Validator.HTTPParameterValue=^[\\p{L}\\p{N}.\\-/+=_ !$*?@]{0,1000}$
+Validator.HTTPContextPath=^/[a-zA-Z0-9.\\-_]*$
+Validator.HTTPQueryString=^([a-zA-Z0-9_\\-]{1,32}=[\\p{L}\\p{N}.\\-/+=_ !$*?@%]*&?)*$
+Validator.HTTPURI=^/([a-zA-Z0-9.\\-_]*/?)*$
+
+
+# Validation of file related input
+Validator.FileName=^[a-zA-Z0-9!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
+Validator.DirectoryName=^[a-zA-Z0-9:/\\\\!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
+
+# Validation of dates. Controls whether or not 'lenient' dates are accepted.
+# See DataFormat.setLenient(boolean flag) for further details.
 Validator.AcceptLenientDates=false
\ No newline at end of file

From 1678c989de38e716b376790186cad5dce2ef05f9 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Tue, 19 Jan 2016 01:12:42 -0500
Subject: [PATCH 320/812] Address issue 356.

---
 ...SAPI-QuotedValidatorFileChecker.properties | 930 +++++++++---------
 1 file changed, 465 insertions(+), 465 deletions(-)

diff --git a/src/test/resources/esapi/ESAPI-QuotedValidatorFileChecker.properties b/src/test/resources/esapi/ESAPI-QuotedValidatorFileChecker.properties
index 2dc8c5d15..a3a66ba60 100644
--- a/src/test/resources/esapi/ESAPI-QuotedValidatorFileChecker.properties
+++ b/src/test/resources/esapi/ESAPI-QuotedValidatorFileChecker.properties
@@ -1,466 +1,466 @@
-#
-# OWASP Enterprise Security API (ESAPI) Properties file -- TEST Version
-# 
-# This file is part of the Open Web Application Security Project (OWASP)
-# Enterprise Security API (ESAPI) project. For details, please see
-# http://www.owasp.org/index.php/ESAPI.
-#
-# Copyright (c) 2008,2009 - The OWASP Foundation
-#
-# DISCUSS: This may cause a major backwards compatibility issue, etc. but
-#		   from a name space perspective, we probably should have prefaced
-#		   all the property names with ESAPI or at least OWASP. Otherwise
-#		   there could be problems is someone loads this properties file into
-#		   the System properties.  We could also put this file into the
-#		   esapi.jar file (perhaps as a ResourceBundle) and then allow an external
-#		   ESAPI properties be defined that would overwrite these defaults.
-#		   That keeps the application's properties relatively simple as usually
-#		   they will only want to override a few properties. If looks like we
-#		   already support multiple override levels of this in the
-#		   DefaultSecurityConfiguration class, but I'm suggesting placing the
-#		   defaults in the esapi.jar itself. That way, if the jar is signed,
-#		   we could detect if those properties had been tampered with. (The
-#		   code to check the jar signatures is pretty simple... maybe 70-90 LOC,
-#		   but off course there is an execution penalty (similar to the way
-#		   that the separate sunjce.jar used to be when a class from it was
-#		   first loaded). Thoughts?
-###############################################################################
-#
-# WARNING: Operating system protection should be used to lock down the .esapi
-# resources directory and all the files inside and all the directories all the
-# way up to the root directory of the file system.  Note that if you are using
-# file-based implementations, that some files may need to be read-write as they
-# get updated dynamically.
-#
-# Before using, be sure to update the MasterKey and MasterSalt as described below.
-# N.B.: If you had stored data that you have previously encrypted with ESAPI 1.4,
-#		you *must* FIRST decrypt it using ESAPI 1.4 and then (if so desired)
-#		re-encrypt it with ESAPI 2.0. If you fail to do this, you will NOT be
-#		able to decrypt your data with ESAPI 2.0.
-#
-#		YOU HAVE BEEN WARNED!!! More details are in the ESAPI 2.0 Release Notes.
-#
-#===========================================================================
-# ESAPI Configuration
-#
-# If true, then print all the ESAPI properties set here when they are loaded.
-# If false, they are not printed. Useful to reduce output when running JUnit tests.
-# If you need to troubleshoot a properties related problem, turning this on may help,
-# but we leave it off for running JUnit tests. (It will be 'true' in the one delivered
-# as part of production ESAPI, mostly for backward compatibility.)
-ESAPI.printProperties=false
-
-# ESAPI is designed to be easily extensible. You can use the reference implementation
-# or implement your own providers to take advantage of your enterprise's security
-# infrastructure. The functions in ESAPI are referenced using the ESAPI locator, like:
-#
-#    String ciphertext =
-#		ESAPI.encryptor().encrypt("Secret message");   // Deprecated in 2.0
-#    CipherText cipherText =
-#		ESAPI.encryptor().encrypt(new PlainText("Secret message")); // Preferred
-#
-# Below you can specify the classname for the provider that you wish to use in your
-# application. The only requirement is that it implement the appropriate ESAPI interface.
-# This allows you to switch security implementations in the future without rewriting the
-# entire application.
-#
-# ExperimentalAccessController requires ESAPI-AccessControlPolicy.xml in .esapi directory
-ESAPI.AccessControl=org.owasp.esapi.reference.DefaultAccessController
-# FileBasedAuthenticator requires users.txt file in .esapi directory
-ESAPI.Authenticator=org.owasp.esapi.reference.FileBasedAuthenticator
-ESAPI.Encoder=org.owasp.esapi.reference.DefaultEncoder
-ESAPI.Encryptor=org.owasp.esapi.reference.crypto.JavaEncryptor
-
-ESAPI.Executor=org.owasp.esapi.reference.DefaultExecutor
-ESAPI.HTTPUtilities=org.owasp.esapi.reference.DefaultHTTPUtilities
-ESAPI.IntrusionDetector=org.owasp.esapi.reference.DefaultIntrusionDetector
-# Log4JFactory Requires log4j.xml or log4j.properties in classpath - http://www.laliluna.de/log4j-tutorial.html
-ESAPI.Logger=org.owasp.esapi.reference.Log4JLogFactory
-#ESAPI.Logger=org.owasp.esapi.reference.JavaLogFactory
-#ESAPI.Logger=org.owasp.esapi.reference.ExampleExtendedLog4JLogFactory
-ESAPI.Randomizer=org.owasp.esapi.reference.DefaultRandomizer
-ESAPI.Validator=org.owasp.esapi.reference.DefaultValidator
-
-#===========================================================================
-# ESAPI Authenticator
-#
-Authenticator.AllowedLoginAttempts=3
-Authenticator.MaxOldPasswordHashes=13
-Authenticator.UsernameParameterName=username
-Authenticator.PasswordParameterName=password
-# RememberTokenDuration (in days)
-Authenticator.RememberTokenDuration=14
-# Session Timeouts (in minutes)
-Authenticator.IdleTimeoutDuration=20
-Authenticator.AbsoluteTimeoutDuration=120
-
-#===========================================================================
-# ESAPI Encoder
-#
-# ESAPI canonicalizes input before validation to prevent bypassing filters with encoded attacks.
-# Failure to canonicalize input is a very common mistake when implementing validation schemes.
-# Canonicalization is automatic when using the ESAPI Validator, but you can also use the
-# following code to canonicalize data.
-#
-#      ESAPI.Encoder().canonicalize( "%22hello world&#x22;" );
-#  
-# Multiple encoding is when a single encoding format is applied multiple times. Allowing
-# multiple encoding is strongly discouraged.
-Encoder.AllowMultipleEncoding=false
-
-# Mixed encoding is when multiple different encoding formats are applied, or when
-# multiple formats are nested. Allowing multiple encoding is strongly discouraged.
-Encoder.AllowMixedEncoding=false
-
-# The default list of codecs to apply when canonicalizing untrusted data. The list should include the codecs
-# for all downstream interpreters or decoders. For example, if the data is likely to end up in a URL, HTML, or
-# inside JavaScript, then the list of codecs below is appropriate. The order of the list is not terribly important.
-Encoder.DefaultCodecList=HTMLEntityCodec,PercentCodec,JavaScriptCodec
-
-
-#===========================================================================
-# ESAPI Encryption
-#
-# The ESAPI Encryptor provides basic cryptographic functions with a simplified API.
-# To get started, generate a new key using java -classpath esapi.jar org.owasp.esapi.reference.crypto.JavaEncryptor
-# There is not currently any support for key rotation, so be careful when changing your key and salt as it
-# will invalidate all signed, encrypted, and hashed data.
-#
-# WARNING: Not all combinations of algorithms and key lengths are supported.
-# If you choose to use a key length greater than 128, you MUST download the
-# unlimited strength policy files and install in the lib directory of your JRE/JDK.
-# See http://java.sun.com/javase/downloads/index.jsp for more information.
-#
-# Backward compatibility with ESAPI Java 1.4 is supported by the two deprecated API
-# methods, Encryptor.encrypt(String) and Encryptor.decrypt(String). However, whenever
-# possible, these methods should be avoided as they use ECB cipher mode, which in almost
-# all circumstances a poor choice because of it's weakness. CBC cipher mode is the default
-# for the new Encryptor encrypt / decrypt methods for ESAPI Java 2.0.  In general, you
-# should only use this compatibility setting if you have persistent data encrypted with
-# version 1.4 and even then, you should ONLY set this compatibility mode UNTIL
-# you have decrypted all of your old encrypted data and then re-encrypted it with
-# ESAPI 2.0 using CBC mode. If you have some reason to mix the deprecated 1.4 mode
-# with the new 2.0 methods, make sure that you use the same cipher algorithm for both
-# (256-bit AES was the default for 1.4; 128-bit is the default for 2.0; see below for
-# more details.) Otherwise, you will have to use the new 2.0 encrypt / decrypt methods
-# where you can specify a SecretKey. (Note that if you are using the 256-bit AES,
-# that requires downloading the special jurisdiction policy files mentioned above.)
-#
-#		***** IMPORTANT: These are for JUnit testing. Test files may have been
-#						 encrypted using these values so do not change these or
-#						 those tests will fail. The version under
-#							src/main/resources/.esapi/ESAPI.properties
-#						 will be delivered with Encryptor.MasterKey and
-#						 Encryptor.MasterSalt set to the empty string.
-#
-#						 FINAL NOTE:
-#                           If Maven changes these when run, that needs to be fixed.
-#       256-bit key... requires unlimited strength jurisdiction policy files
-### Encryptor.MasterKey=pJhlri8JbuFYDgkqtHmm9s0Ziug2PE7ovZDyEPm4j14=
-#       128-bit key
-Encryptor.MasterKey=a6H9is3hEVGKB4Jut+lOVA==
-Encryptor.MasterSalt=SbftnvmEWD5ZHHP+pX3fqugNysc=
-# Encryptor.MasterSalt=
-
-# Provides the default JCE provider that ESAPI will "prefer" for its symmetric
-# encryption and hashing. (That is it will look to this provider first, but it
-# will defer to other providers if the requested algorithm is not implemented
-# by this provider.) If left unset, ESAPI will just use your Java VM's current
-# preferred JCE provider, which is generally set in the file
-# "$JAVA_HOME/jre/lib/security/java.security".
-#
-# The main intent of this is to allow ESAPI symmetric encryption to be
-# used with a FIPS 140-2 compliant crypto-module. For details, see the section
-# "Using ESAPI Symmetric Encryption with FIPS 140-2 Cryptographic Modules" in
-# the ESAPI 2.0 Symmetric Encryption User Guide, at:
-# http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html
-# However, this property also allows you to easily use an alternate JCE provider
-# such as "Bouncy Castle" without having to make changes to "java.security".
-# See Javadoc for SecurityProviderLoader for further details. If you wish to use
-# a provider that is not known to SecurityProviderLoader, you may specify the
-# fully-qualified class name of the JCE provider class that implements
-# java.security.Provider. If the name contains a '.', this is interpreted as
-# a fully-qualified class name that implements java.security.Provider.
-#
-# NOTE: Setting this property has the side-effect of changing it in your application
-#       as well, so if you are using JCE in your application directly rather than
-#       through ESAPI (you wouldn't do that, would you? ;-), it will change the
-#       preferred JCE provider there as well.
-#
-# Default: Keeps the JCE provider set to whatever JVM sets it to.
-Encryptor.PreferredJCEProvider=
-
-# AES is the most widely used and strongest encryption algorithm. This
-# should agree with your Encryptor.CipherTransformation property.
-# By default, ESAPI Java 1.4 uses "PBEWithMD5AndDES" and which is
-# very weak. It is essentially a password-based encryption key, hashed
-# with MD5 around 1K times and then encrypted with the weak DES algorithm
-# (56-bits) using ECB mode and an unspecified padding (it is
-# JCE provider specific, but most likely "NoPadding"). However, 2.0 uses
-# "AES/CBC/PKCSPadding". If you want to change these, change them here.
-# Warning: This property does not control the default reference implementation for
-#		   ESAPI 2.0 using JavaEncryptor. Also, this property will be dropped
-#		   in the future.
-# @deprecated
-Encryptor.EncryptionAlgorithm=AES
-#		For ESAPI Java 2.0 - New encrypt / decrypt methods use this.
-Encryptor.CipherTransformation=AES/CBC/PKCS5Padding
-
-# Applies to ESAPI 2.0 and later only!
-# Comma-separated list of cipher modes that provide *BOTH*
-# confidentiality *AND* message authenticity. (NIST refers to such cipher
-# modes as "combined modes" so that's what we shall call them.) If any of these
-# cipher modes are used then no MAC is calculated and stored
-# in the CipherText upon encryption. Likewise, if one of these
-# cipher modes is used with decryption, no attempt will be made
-# to validate the MAC contained in the CipherText object regardless
-# of whether it contains one or not. Since the expectation is that
-# these cipher modes support support message authenticity already,
-# injecting a MAC in the CipherText object would be at best redundant.
-#
-# Note that as of JDK 1.5, the SunJCE provider does not support *any*
-# of these cipher modes. Of these listed, only GCM and CCM are currently
-# NIST approved. YMMV for other JCE providers. E.g., Bouncy Castle supports
-# GCM and CCM with "NoPadding" mode, but not with "PKCS5Padding" or other
-# padding modes.
-Encryptor.cipher_modes.combined_modes=GCM,CCM,IAPM,EAX,OCB,CWC
-
-# Applies to ESAPI 2.0 and later only!
-# Additional cipher modes allowed for ESAPI 2.0 encryption. These
-# cipher modes are in _addition_ to those specified by the property
-# 'Encryptor.cipher_modes.combined_modes'.
-# Note: We will add support for streaming modes like CFB & OFB once
-# we add support for 'specified' to the property 'Encryptor.ChooseIVMethod'
-# (probably in ESAPI 2.1).
-#
-#	IMPORTANT NOTE:	In the official ESAPI.properties we do *NOT* include ECB
-#					here as this is an extremely weak mode. However, we *must*
-#					allow it here so we can test ECB mode. That is important
-#					since the logic is somewhat different (i.e., ECB mode does
-#					not use an IV).
-# DISCUSS: Better name?
-#	NOTE: ECB added only for testing purposes. Don't try this at home!
-Encryptor.cipher_modes.additional_allowed=CBC,ECB
-
-# 128-bit is almost always sufficient and appears to be more resistant to
-# related key attacks than is 256-bit AES. Use '_' to use default key size
-# for cipher algorithms (where it makes sense because the algorithm supports
-# a variable key size). Key length must agree to what's provided as the
-# cipher transformation, otherwise this will be ignored after logging a
-# warning.
-#
-# NOTE: This is what applies BOTH ESAPI 1.4 and 2.0. See warning above about mixing!
-Encryptor.EncryptionKeyLength=128
-
-# Because 2.0 uses CBC mode by default, it requires an initialization vector (IV).
-# (All cipher modes except ECB require an IV.) There are two choices: we can either
-# use a fixed IV known to both parties or allow ESAPI to choose a random IV. While
-# the IV does not need to be hidden from adversaries, it is important that the
-# adversary not be allowed to choose it. Also, random IVs are generally much more
-# secure than fixed IVs. (In fact, it is essential that feed-back cipher modes
-# such as CFB and OFB use a different IV for each encryption with a given key so
-# in such cases, random IVs are much preferred. By default, ESAPI 2.0 uses random
-# IVs. If you wish to use 'fixed' IVs, set 'Encryptor.ChooseIVMethod=fixed' and
-# uncomment the Encryptor.fixedIV.
-#
-# Valid values:		random|fixed|specified		'specified' not yet implemented; planned for 2.1
-Encryptor.ChooseIVMethod=random
-# If you choose to use a fixed IV, then you must place a fixed IV here that
-# is known to all others who are sharing your secret key. The format should
-# be a hex string that is the same length as the cipher block size for the
-# cipher algorithm that you are using. The following is an example for AES
-# from an AES test vector for AES-128/CBC as described in:
-# NIST Special Publication 800-38A (2001 Edition)
-# "Recommendation for Block Cipher Modes of Operation".
-# (Note that the block size for AES is 16 bytes == 128 bits.)
-#
-Encryptor.fixedIV=0x000102030405060708090a0b0c0d0e0f
-
-# Whether or not CipherText should use a message authentication code (MAC) with it.
-# This prevents an adversary from altering the IV as well as allowing a more
-# fool-proof way of determining the decryption failed because of an incorrect
-# key being supplied. This refers to the "separate" MAC calculated and stored
-# in CipherText, not part of any MAC that is calculated as a result of a
-# "combined mode" cipher mode.
-#
-# If you are using ESAPI with a FIPS 140-2 cryptographic module, you *must* also
-# set this property to false.
-Encryptor.CipherText.useMAC=true
-
-# Whether or not the PlainText object may be overwritten and then marked
-# eligible for garbage collection. If not set, this is still treated as 'true'.
-Encryptor.PlainText.overwrite=true
-
-# Do not use DES except in a legacy situations. 56-bit is way too small key size.
-#Encryptor.EncryptionKeyLength=56
-#Encryptor.EncryptionAlgorithm=DES
-
-# TripleDES is considered strong enough for most purposes.
-#	Note:	There is also a 112-bit version of DESede. Using the 168-bit version
-#			requires downloading the special jurisdiction policy from Sun.
-#Encryptor.EncryptionKeyLength=168
-#Encryptor.EncryptionAlgorithm=DESede
-
-Encryptor.HashAlgorithm=SHA-512
-Encryptor.HashIterations=1024
-Encryptor.DigitalSignatureAlgorithm=SHA1withDSA
-Encryptor.DigitalSignatureKeyLength=1024
-Encryptor.RandomAlgorithm=SHA1PRNG
-Encryptor.CharacterEncoding=UTF-8
-# Currently supported choices for JDK 1.5 and 1.6 are:
-#	HmacSHA1 (160 bits), HmacSHA256 (256 bits), HmacSHA384 (384 bits), and
-#	HmacSHA512 (512 bits).
-# Note that HmacMD5 is *not* supported for the PRF used by the KDF even though
-# these JDKs support it.
-Encryptor.KDF.PRF=HmacSHA256
-
-#===========================================================================
-# ESAPI HttpUtilties
-#
-# The HttpUtilities provide basic protections to HTTP requests and responses. Primarily these methods 
-# protect against malicious data from attackers, such as unprintable characters, escaped characters,
-# and other simple attacks. The HttpUtilities also provides utility methods for dealing with cookies,
-# headers, and CSRF tokens.
-#
-# Default file upload location (remember to escape backslashes with \\)
-HttpUtilities.UploadDir=C:\\ESAPI\\testUpload
-# let this default to java.io.tmpdir for testing
-#HttpUtilities.UploadTempDir=C:\\temp
-# Force flags on cookies, if you use HttpUtilities to set cookies
-HttpUtilities.ForceHttpOnlySession=false
-HttpUtilities.ForceSecureSession=false
-HttpUtilities.ForceHttpOnlyCookies=true
-HttpUtilities.ForceSecureCookies=true
-# Maximum size of HTTP headers
-HttpUtilities.MaxHeaderSize=4096
-# File upload configuration
-HttpUtilities.ApprovedUploadExtensions=.zip,.pdf,.doc,.docx,.ppt,.pptx,.tar,.gz,.tgz,.rar,.war,.jar,.ear,.xls,.rtf,.properties,.java,.class,.txt,.xml,.jsp,.jsf,.exe,.dll
-HttpUtilities.MaxUploadFileBytes=500000000
-# Using UTF-8 throughout your stack is highly recommended. That includes your database driver,
-# container, and any other technologies you may be using. Failure to do this may expose you
-# to Unicode transcoding injection attacks. Use of UTF-8 does not hinder internationalization.
-HttpUtilities.ResponseContentType=text/html; charset=UTF-8
-# This is the name of the cookie used to represent the HTTP session
-# Typically this will be the default "JSESSIONID" 
-HttpUtilities.HttpSessionIdName=JSESSIONID
-
-
-
-#===========================================================================
-# ESAPI Executor
-# CHECKME - Not sure what this is used for, but surely it should be made OS independent.
-Executor.WorkingDirectory=C:\\Windows\\Temp
-Executor.ApprovedExecutables=C:\\Windows\\System32\\cmd.exe,C:\\Windows\\System32\\runas.exe
-
-
-#===========================================================================
-# ESAPI Logging
-# Set the application name if these logs are combined with other applications
-Logger.ApplicationName=ExampleApplication
-# If you use an HTML log viewer that does not properly HTML escape log data, you can set LogEncodingRequired to true
-Logger.LogEncodingRequired=false
-# Determines whether ESAPI should log the application name. This might be clutter in some single-server/single-app environments.
-Logger.LogApplicationName=true
-# Determines whether ESAPI should log the server IP and port. This might be clutter in some single-server environments.
-Logger.LogServerIP=true
-# LogFileName, the name of the logging file. Provide a full directory path (e.g., C:\\ESAPI\\ESAPI_logging_file) if you
-# want to place it in a specific directory.
-Logger.LogFileName=ESAPI_logging_file
-# MaxLogFileSize, the max size (in bytes) of a single log file before it cuts over to a new one (default is 10,000,000)
-Logger.MaxLogFileSize=10000000
-
-
-#===========================================================================
-# ESAPI Intrusion Detection
-#
-# Each event has a base to which .count, .interval, and .action are added
-# The IntrusionException will fire if we receive "count" events within "interval" seconds
-# The IntrusionDetector is configurable to take the following actions: log, logout, and disable
-#  (multiple actions separated by commas are allowed e.g. event.test.actions=log,disable
-#
-# Custom Events
-# Names must start with "event." as the base
-# Use IntrusionDetector.addEvent( "test" ) in your code to trigger "event.test" here
-# You can also disable intrusion detection completely by changing
-# the following parameter to true
-#
-IntrusionDetector.Disable=false
-#
-IntrusionDetector.event.test.count=2
-IntrusionDetector.event.test.interval=10
-IntrusionDetector.event.test.actions=disable,log
-
-# Exception Events
-# All EnterpriseSecurityExceptions are registered automatically
-# Call IntrusionDetector.getInstance().addException(e) for Exceptions that do not extend EnterpriseSecurityException
-# Use the fully qualified classname of the exception as the base
-
-# any intrusion is an attack
-IntrusionDetector.org.owasp.esapi.errors.IntrusionException.count=1
-IntrusionDetector.org.owasp.esapi.errors.IntrusionException.interval=1
-IntrusionDetector.org.owasp.esapi.errors.IntrusionException.actions=log,disable,logout
-
-# for test purposes
-# CHECKME: Shouldn't there be something in the property name itself that designates
-#		   that these are for testing???
-IntrusionDetector.org.owasp.esapi.errors.IntegrityException.count=10
-IntrusionDetector.org.owasp.esapi.errors.IntegrityException.interval=5
-IntrusionDetector.org.owasp.esapi.errors.IntegrityException.actions=log,disable,logout
-
-# rapid validation errors indicate scans or attacks in progress
-# org.owasp.esapi.errors.ValidationException.count=10
-# org.owasp.esapi.errors.ValidationException.interval=10
-# org.owasp.esapi.errors.ValidationException.actions=log,logout
-
-# sessions jumping between hosts indicates session hijacking
-IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.count=2
-IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.interval=10
-IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.actions=log,logout
-
-
-#===========================================================================
-# ESAPI Validation
-#
-# The ESAPI Validator works on regular expressions with defined names. You can define names
-# either here, or you may define application specific patterns in a separate file defined below.
-# This allows enterprises to specify both organizational standards as well as application specific
-# validation rules.
-#
-Validator.ConfigurationFile.MultiValued=true
-Validator.ConfigurationFile="validation-test,comma.properties",validation-test1.properties,validation-test2.properties
-
-# Validators used by ESAPI
-Validator.AccountName=^[a-zA-Z0-9]{3,20}$
-Validator.SystemCommand=^[a-zA-Z\\-\\/]{1,64}$
-Validator.RoleName=^[a-z]{1,20}$
-Validator.Redirect=^\\/test.*$
-
-# Global HTTP Validation Rules
-# Values with Base64 encoded data (e.g. encrypted state) will need at least [a-zA-Z0-9\/+=]
-Validator.HTTPScheme=^(http|https)$
-Validator.HTTPServerName=^[a-zA-Z0-9_.\\-]*$
-Validator.HTTPCookieName=^[a-zA-Z0-9\\-_]{1,32}$
-Validator.HTTPCookieValue=^[a-zA-Z0-9\\-\\/+=_ ]*$
-Validator.HTTPHeaderName=^[a-zA-Z0-9\\-_]{1,32}$
-Validator.HTTPHeaderValue=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$
-Validator.HTTPServletPath=^[a-zA-Z0-9.\\-\\/_]*$
-Validator.HTTPPath=^[a-zA-Z0-9.\\-_]*$
-Validator.HTTPURL=^.*$
-Validator.HTTPJSESSIONID=^[A-Z0-9]{10,30}$
-
-# Contributed by Fraenku@gmx.ch
-# Googlecode Issue 116 (http://code.google.com/p/owasp-esapi-java/issues/detail?id=116)
-Validator.HTTPParameterName=^[a-zA-Z0-9_\\-]{1,32}$
-Validator.HTTPParameterValue=^[\\p{L}\\p{N}.\\-/+=_ !$*?@]{0,1000}$
-Validator.HTTPContextPath=^/[a-zA-Z0-9.\\-_]*$
-Validator.HTTPQueryString=^([a-zA-Z0-9_\\-]{1,32}=[\\p{L}\\p{N}.\\-/+=_ !$*?@%]*&?)*$
-Validator.HTTPURI=^/([a-zA-Z0-9.\\-_]*/?)*$
-
-
-# Validation of file related input
-Validator.FileName=^[a-zA-Z0-9!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
-Validator.DirectoryName=^[a-zA-Z0-9:/\\\\!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
-
-# Validation of dates. Controls whether or not 'lenient' dates are accepted.
-# See DataFormat.setLenient(boolean flag) for further details.
+#
+# OWASP Enterprise Security API (ESAPI) Properties file -- TEST Version
+# 
+# This file is part of the Open Web Application Security Project (OWASP)
+# Enterprise Security API (ESAPI) project. For details, please see
+# http://www.owasp.org/index.php/ESAPI.
+#
+# Copyright (c) 2008,2009 - The OWASP Foundation
+#
+# DISCUSS: This may cause a major backwards compatibility issue, etc. but
+#		   from a name space perspective, we probably should have prefaced
+#		   all the property names with ESAPI or at least OWASP. Otherwise
+#		   there could be problems is someone loads this properties file into
+#		   the System properties.  We could also put this file into the
+#		   esapi.jar file (perhaps as a ResourceBundle) and then allow an external
+#		   ESAPI properties be defined that would overwrite these defaults.
+#		   That keeps the application's properties relatively simple as usually
+#		   they will only want to override a few properties. If looks like we
+#		   already support multiple override levels of this in the
+#		   DefaultSecurityConfiguration class, but I'm suggesting placing the
+#		   defaults in the esapi.jar itself. That way, if the jar is signed,
+#		   we could detect if those properties had been tampered with. (The
+#		   code to check the jar signatures is pretty simple... maybe 70-90 LOC,
+#		   but off course there is an execution penalty (similar to the way
+#		   that the separate sunjce.jar used to be when a class from it was
+#		   first loaded). Thoughts?
+###############################################################################
+#
+# WARNING: Operating system protection should be used to lock down the .esapi
+# resources directory and all the files inside and all the directories all the
+# way up to the root directory of the file system.  Note that if you are using
+# file-based implementations, that some files may need to be read-write as they
+# get updated dynamically.
+#
+# Before using, be sure to update the MasterKey and MasterSalt as described below.
+# N.B.: If you had stored data that you have previously encrypted with ESAPI 1.4,
+#		you *must* FIRST decrypt it using ESAPI 1.4 and then (if so desired)
+#		re-encrypt it with ESAPI 2.0. If you fail to do this, you will NOT be
+#		able to decrypt your data with ESAPI 2.0.
+#
+#		YOU HAVE BEEN WARNED!!! More details are in the ESAPI 2.0 Release Notes.
+#
+#===========================================================================
+# ESAPI Configuration
+#
+# If true, then print all the ESAPI properties set here when they are loaded.
+# If false, they are not printed. Useful to reduce output when running JUnit tests.
+# If you need to troubleshoot a properties related problem, turning this on may help,
+# but we leave it off for running JUnit tests. (It will be 'true' in the one delivered
+# as part of production ESAPI, mostly for backward compatibility.)
+ESAPI.printProperties=false
+
+# ESAPI is designed to be easily extensible. You can use the reference implementation
+# or implement your own providers to take advantage of your enterprise's security
+# infrastructure. The functions in ESAPI are referenced using the ESAPI locator, like:
+#
+#    String ciphertext =
+#		ESAPI.encryptor().encrypt("Secret message");   // Deprecated in 2.0
+#    CipherText cipherText =
+#		ESAPI.encryptor().encrypt(new PlainText("Secret message")); // Preferred
+#
+# Below you can specify the classname for the provider that you wish to use in your
+# application. The only requirement is that it implement the appropriate ESAPI interface.
+# This allows you to switch security implementations in the future without rewriting the
+# entire application.
+#
+# ExperimentalAccessController requires ESAPI-AccessControlPolicy.xml in .esapi directory
+ESAPI.AccessControl=org.owasp.esapi.reference.DefaultAccessController
+# FileBasedAuthenticator requires users.txt file in .esapi directory
+ESAPI.Authenticator=org.owasp.esapi.reference.FileBasedAuthenticator
+ESAPI.Encoder=org.owasp.esapi.reference.DefaultEncoder
+ESAPI.Encryptor=org.owasp.esapi.reference.crypto.JavaEncryptor
+
+ESAPI.Executor=org.owasp.esapi.reference.DefaultExecutor
+ESAPI.HTTPUtilities=org.owasp.esapi.reference.DefaultHTTPUtilities
+ESAPI.IntrusionDetector=org.owasp.esapi.reference.DefaultIntrusionDetector
+# Log4JFactory Requires log4j.xml or log4j.properties in classpath - http://www.laliluna.de/log4j-tutorial.html
+ESAPI.Logger=org.owasp.esapi.reference.Log4JLogFactory
+#ESAPI.Logger=org.owasp.esapi.reference.JavaLogFactory
+#ESAPI.Logger=org.owasp.esapi.reference.ExampleExtendedLog4JLogFactory
+ESAPI.Randomizer=org.owasp.esapi.reference.DefaultRandomizer
+ESAPI.Validator=org.owasp.esapi.reference.DefaultValidator
+
+#===========================================================================
+# ESAPI Authenticator
+#
+Authenticator.AllowedLoginAttempts=3
+Authenticator.MaxOldPasswordHashes=13
+Authenticator.UsernameParameterName=username
+Authenticator.PasswordParameterName=password
+# RememberTokenDuration (in days)
+Authenticator.RememberTokenDuration=14
+# Session Timeouts (in minutes)
+Authenticator.IdleTimeoutDuration=20
+Authenticator.AbsoluteTimeoutDuration=120
+
+#===========================================================================
+# ESAPI Encoder
+#
+# ESAPI canonicalizes input before validation to prevent bypassing filters with encoded attacks.
+# Failure to canonicalize input is a very common mistake when implementing validation schemes.
+# Canonicalization is automatic when using the ESAPI Validator, but you can also use the
+# following code to canonicalize data.
+#
+#      ESAPI.Encoder().canonicalize( "%22hello world&#x22;" );
+#  
+# Multiple encoding is when a single encoding format is applied multiple times. Allowing
+# multiple encoding is strongly discouraged.
+Encoder.AllowMultipleEncoding=false
+
+# Mixed encoding is when multiple different encoding formats are applied, or when
+# multiple formats are nested. Allowing multiple encoding is strongly discouraged.
+Encoder.AllowMixedEncoding=false
+
+# The default list of codecs to apply when canonicalizing untrusted data. The list should include the codecs
+# for all downstream interpreters or decoders. For example, if the data is likely to end up in a URL, HTML, or
+# inside JavaScript, then the list of codecs below is appropriate. The order of the list is not terribly important.
+Encoder.DefaultCodecList=HTMLEntityCodec,PercentCodec,JavaScriptCodec
+
+
+#===========================================================================
+# ESAPI Encryption
+#
+# The ESAPI Encryptor provides basic cryptographic functions with a simplified API.
+# To get started, generate a new key using java -classpath esapi.jar org.owasp.esapi.reference.crypto.JavaEncryptor
+# There is not currently any support for key rotation, so be careful when changing your key and salt as it
+# will invalidate all signed, encrypted, and hashed data.
+#
+# WARNING: Not all combinations of algorithms and key lengths are supported.
+# If you choose to use a key length greater than 128, you MUST download the
+# unlimited strength policy files and install in the lib directory of your JRE/JDK.
+# See http://java.sun.com/javase/downloads/index.jsp for more information.
+#
+# Backward compatibility with ESAPI Java 1.4 is supported by the two deprecated API
+# methods, Encryptor.encrypt(String) and Encryptor.decrypt(String). However, whenever
+# possible, these methods should be avoided as they use ECB cipher mode, which in almost
+# all circumstances a poor choice because of it's weakness. CBC cipher mode is the default
+# for the new Encryptor encrypt / decrypt methods for ESAPI Java 2.0.  In general, you
+# should only use this compatibility setting if you have persistent data encrypted with
+# version 1.4 and even then, you should ONLY set this compatibility mode UNTIL
+# you have decrypted all of your old encrypted data and then re-encrypted it with
+# ESAPI 2.0 using CBC mode. If you have some reason to mix the deprecated 1.4 mode
+# with the new 2.0 methods, make sure that you use the same cipher algorithm for both
+# (256-bit AES was the default for 1.4; 128-bit is the default for 2.0; see below for
+# more details.) Otherwise, you will have to use the new 2.0 encrypt / decrypt methods
+# where you can specify a SecretKey. (Note that if you are using the 256-bit AES,
+# that requires downloading the special jurisdiction policy files mentioned above.)
+#
+#		***** IMPORTANT: These are for JUnit testing. Test files may have been
+#						 encrypted using these values so do not change these or
+#						 those tests will fail. The version under
+#							src/main/resources/.esapi/ESAPI.properties
+#						 will be delivered with Encryptor.MasterKey and
+#						 Encryptor.MasterSalt set to the empty string.
+#
+#						 FINAL NOTE:
+#                           If Maven changes these when run, that needs to be fixed.
+#       256-bit key... requires unlimited strength jurisdiction policy files
+### Encryptor.MasterKey=pJhlri8JbuFYDgkqtHmm9s0Ziug2PE7ovZDyEPm4j14=
+#       128-bit key
+Encryptor.MasterKey=a6H9is3hEVGKB4Jut+lOVA==
+Encryptor.MasterSalt=SbftnvmEWD5ZHHP+pX3fqugNysc=
+# Encryptor.MasterSalt=
+
+# Provides the default JCE provider that ESAPI will "prefer" for its symmetric
+# encryption and hashing. (That is it will look to this provider first, but it
+# will defer to other providers if the requested algorithm is not implemented
+# by this provider.) If left unset, ESAPI will just use your Java VM's current
+# preferred JCE provider, which is generally set in the file
+# "$JAVA_HOME/jre/lib/security/java.security".
+#
+# The main intent of this is to allow ESAPI symmetric encryption to be
+# used with a FIPS 140-2 compliant crypto-module. For details, see the section
+# "Using ESAPI Symmetric Encryption with FIPS 140-2 Cryptographic Modules" in
+# the ESAPI 2.0 Symmetric Encryption User Guide, at:
+# http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html
+# However, this property also allows you to easily use an alternate JCE provider
+# such as "Bouncy Castle" without having to make changes to "java.security".
+# See Javadoc for SecurityProviderLoader for further details. If you wish to use
+# a provider that is not known to SecurityProviderLoader, you may specify the
+# fully-qualified class name of the JCE provider class that implements
+# java.security.Provider. If the name contains a '.', this is interpreted as
+# a fully-qualified class name that implements java.security.Provider.
+#
+# NOTE: Setting this property has the side-effect of changing it in your application
+#       as well, so if you are using JCE in your application directly rather than
+#       through ESAPI (you wouldn't do that, would you? ;-), it will change the
+#       preferred JCE provider there as well.
+#
+# Default: Keeps the JCE provider set to whatever JVM sets it to.
+Encryptor.PreferredJCEProvider=
+
+# AES is the most widely used and strongest encryption algorithm. This
+# should agree with your Encryptor.CipherTransformation property.
+# By default, ESAPI Java 1.4 uses "PBEWithMD5AndDES" and which is
+# very weak. It is essentially a password-based encryption key, hashed
+# with MD5 around 1K times and then encrypted with the weak DES algorithm
+# (56-bits) using ECB mode and an unspecified padding (it is
+# JCE provider specific, but most likely "NoPadding"). However, 2.0 uses
+# "AES/CBC/PKCSPadding". If you want to change these, change them here.
+# Warning: This property does not control the default reference implementation for
+#		   ESAPI 2.0 using JavaEncryptor. Also, this property will be dropped
+#		   in the future.
+# @deprecated
+Encryptor.EncryptionAlgorithm=AES
+#		For ESAPI Java 2.0 - New encrypt / decrypt methods use this.
+Encryptor.CipherTransformation=AES/CBC/PKCS5Padding
+
+# Applies to ESAPI 2.0 and later only!
+# Comma-separated list of cipher modes that provide *BOTH*
+# confidentiality *AND* message authenticity. (NIST refers to such cipher
+# modes as "combined modes" so that's what we shall call them.) If any of these
+# cipher modes are used then no MAC is calculated and stored
+# in the CipherText upon encryption. Likewise, if one of these
+# cipher modes is used with decryption, no attempt will be made
+# to validate the MAC contained in the CipherText object regardless
+# of whether it contains one or not. Since the expectation is that
+# these cipher modes support support message authenticity already,
+# injecting a MAC in the CipherText object would be at best redundant.
+#
+# Note that as of JDK 1.5, the SunJCE provider does not support *any*
+# of these cipher modes. Of these listed, only GCM and CCM are currently
+# NIST approved. YMMV for other JCE providers. E.g., Bouncy Castle supports
+# GCM and CCM with "NoPadding" mode, but not with "PKCS5Padding" or other
+# padding modes.
+Encryptor.cipher_modes.combined_modes=GCM,CCM,IAPM,EAX,OCB,CWC
+
+# Applies to ESAPI 2.0 and later only!
+# Additional cipher modes allowed for ESAPI 2.0 encryption. These
+# cipher modes are in _addition_ to those specified by the property
+# 'Encryptor.cipher_modes.combined_modes'.
+# Note: We will add support for streaming modes like CFB & OFB once
+# we add support for 'specified' to the property 'Encryptor.ChooseIVMethod'
+# (probably in ESAPI 2.1).
+#
+#	IMPORTANT NOTE:	In the official ESAPI.properties we do *NOT* include ECB
+#					here as this is an extremely weak mode. However, we *must*
+#					allow it here so we can test ECB mode. That is important
+#					since the logic is somewhat different (i.e., ECB mode does
+#					not use an IV).
+# DISCUSS: Better name?
+#	NOTE: ECB added only for testing purposes. Don't try this at home!
+Encryptor.cipher_modes.additional_allowed=CBC,ECB
+
+# 128-bit is almost always sufficient and appears to be more resistant to
+# related key attacks than is 256-bit AES. Use '_' to use default key size
+# for cipher algorithms (where it makes sense because the algorithm supports
+# a variable key size). Key length must agree to what's provided as the
+# cipher transformation, otherwise this will be ignored after logging a
+# warning.
+#
+# NOTE: This is what applies BOTH ESAPI 1.4 and 2.0. See warning above about mixing!
+Encryptor.EncryptionKeyLength=128
+
+# Because 2.0 uses CBC mode by default, it requires an initialization vector (IV).
+# (All cipher modes except ECB require an IV.) There are two choices: we can either
+# use a fixed IV known to both parties or allow ESAPI to choose a random IV. While
+# the IV does not need to be hidden from adversaries, it is important that the
+# adversary not be allowed to choose it. Also, random IVs are generally much more
+# secure than fixed IVs. (In fact, it is essential that feed-back cipher modes
+# such as CFB and OFB use a different IV for each encryption with a given key so
+# in such cases, random IVs are much preferred. By default, ESAPI 2.0 uses random
+# IVs. If you wish to use 'fixed' IVs, set 'Encryptor.ChooseIVMethod=fixed' and
+# uncomment the Encryptor.fixedIV.
+#
+# Valid values:		random|fixed|specified		'specified' not yet implemented; planned for 2.1
+Encryptor.ChooseIVMethod=random
+# If you choose to use a fixed IV, then you must place a fixed IV here that
+# is known to all others who are sharing your secret key. The format should
+# be a hex string that is the same length as the cipher block size for the
+# cipher algorithm that you are using. The following is an example for AES
+# from an AES test vector for AES-128/CBC as described in:
+# NIST Special Publication 800-38A (2001 Edition)
+# "Recommendation for Block Cipher Modes of Operation".
+# (Note that the block size for AES is 16 bytes == 128 bits.)
+#
+Encryptor.fixedIV=0x000102030405060708090a0b0c0d0e0f
+
+# Whether or not CipherText should use a message authentication code (MAC) with it.
+# This prevents an adversary from altering the IV as well as allowing a more
+# fool-proof way of determining the decryption failed because of an incorrect
+# key being supplied. This refers to the "separate" MAC calculated and stored
+# in CipherText, not part of any MAC that is calculated as a result of a
+# "combined mode" cipher mode.
+#
+# If you are using ESAPI with a FIPS 140-2 cryptographic module, you *must* also
+# set this property to false.
+Encryptor.CipherText.useMAC=true
+
+# Whether or not the PlainText object may be overwritten and then marked
+# eligible for garbage collection. If not set, this is still treated as 'true'.
+Encryptor.PlainText.overwrite=true
+
+# Do not use DES except in a legacy situations. 56-bit is way too small key size.
+#Encryptor.EncryptionKeyLength=56
+#Encryptor.EncryptionAlgorithm=DES
+
+# TripleDES is considered strong enough for most purposes.
+#	Note:	There is also a 112-bit version of DESede. Using the 168-bit version
+#			requires downloading the special jurisdiction policy from Sun.
+#Encryptor.EncryptionKeyLength=168
+#Encryptor.EncryptionAlgorithm=DESede
+
+Encryptor.HashAlgorithm=SHA-512
+Encryptor.HashIterations=1024
+Encryptor.DigitalSignatureAlgorithm=SHA1withDSA
+Encryptor.DigitalSignatureKeyLength=1024
+Encryptor.RandomAlgorithm=SHA1PRNG
+Encryptor.CharacterEncoding=UTF-8
+# Currently supported choices for JDK 1.5 and 1.6 are:
+#	HmacSHA1 (160 bits), HmacSHA256 (256 bits), HmacSHA384 (384 bits), and
+#	HmacSHA512 (512 bits).
+# Note that HmacMD5 is *not* supported for the PRF used by the KDF even though
+# these JDKs support it.
+Encryptor.KDF.PRF=HmacSHA256
+
+#===========================================================================
+# ESAPI HttpUtilties
+#
+# The HttpUtilities provide basic protections to HTTP requests and responses. Primarily these methods 
+# protect against malicious data from attackers, such as unprintable characters, escaped characters,
+# and other simple attacks. The HttpUtilities also provides utility methods for dealing with cookies,
+# headers, and CSRF tokens.
+#
+# Default file upload location (remember to escape backslashes with \\)
+HttpUtilities.UploadDir=C:\\ESAPI\\testUpload
+# let this default to java.io.tmpdir for testing
+#HttpUtilities.UploadTempDir=C:\\temp
+# Force flags on cookies, if you use HttpUtilities to set cookies
+HttpUtilities.ForceHttpOnlySession=false
+HttpUtilities.ForceSecureSession=false
+HttpUtilities.ForceHttpOnlyCookies=true
+HttpUtilities.ForceSecureCookies=true
+# Maximum size of HTTP headers
+HttpUtilities.MaxHeaderSize=4096
+# File upload configuration
+HttpUtilities.ApprovedUploadExtensions=.zip,.pdf,.doc,.docx,.ppt,.pptx,.tar,.gz,.tgz,.rar,.war,.jar,.ear,.xls,.rtf,.properties,.java,.class,.txt,.xml,.jsp,.jsf,.exe,.dll
+HttpUtilities.MaxUploadFileBytes=500000000
+# Using UTF-8 throughout your stack is highly recommended. That includes your database driver,
+# container, and any other technologies you may be using. Failure to do this may expose you
+# to Unicode transcoding injection attacks. Use of UTF-8 does not hinder internationalization.
+HttpUtilities.ResponseContentType=text/html; charset=UTF-8
+# This is the name of the cookie used to represent the HTTP session
+# Typically this will be the default "JSESSIONID" 
+HttpUtilities.HttpSessionIdName=JSESSIONID
+
+
+
+#===========================================================================
+# ESAPI Executor
+# CHECKME - Not sure what this is used for, but surely it should be made OS independent.
+Executor.WorkingDirectory=C:\\Windows\\Temp
+Executor.ApprovedExecutables=C:\\Windows\\System32\\cmd.exe,C:\\Windows\\System32\\runas.exe
+
+
+#===========================================================================
+# ESAPI Logging
+# Set the application name if these logs are combined with other applications
+Logger.ApplicationName=ExampleApplication
+# If you use an HTML log viewer that does not properly HTML escape log data, you can set LogEncodingRequired to true
+Logger.LogEncodingRequired=false
+# Determines whether ESAPI should log the application name. This might be clutter in some single-server/single-app environments.
+Logger.LogApplicationName=true
+# Determines whether ESAPI should log the server IP and port. This might be clutter in some single-server environments.
+Logger.LogServerIP=true
+# LogFileName, the name of the logging file. Provide a full directory path (e.g., C:\\ESAPI\\ESAPI_logging_file) if you
+# want to place it in a specific directory.
+Logger.LogFileName=ESAPI_logging_file
+# MaxLogFileSize, the max size (in bytes) of a single log file before it cuts over to a new one (default is 10,000,000)
+Logger.MaxLogFileSize=10000000
+
+
+#===========================================================================
+# ESAPI Intrusion Detection
+#
+# Each event has a base to which .count, .interval, and .action are added
+# The IntrusionException will fire if we receive "count" events within "interval" seconds
+# The IntrusionDetector is configurable to take the following actions: log, logout, and disable
+#  (multiple actions separated by commas are allowed e.g. event.test.actions=log,disable
+#
+# Custom Events
+# Names must start with "event." as the base
+# Use IntrusionDetector.addEvent( "test" ) in your code to trigger "event.test" here
+# You can also disable intrusion detection completely by changing
+# the following parameter to true
+#
+IntrusionDetector.Disable=false
+#
+IntrusionDetector.event.test.count=2
+IntrusionDetector.event.test.interval=10
+IntrusionDetector.event.test.actions=disable,log
+
+# Exception Events
+# All EnterpriseSecurityExceptions are registered automatically
+# Call IntrusionDetector.getInstance().addException(e) for Exceptions that do not extend EnterpriseSecurityException
+# Use the fully qualified classname of the exception as the base
+
+# any intrusion is an attack
+IntrusionDetector.org.owasp.esapi.errors.IntrusionException.count=1
+IntrusionDetector.org.owasp.esapi.errors.IntrusionException.interval=1
+IntrusionDetector.org.owasp.esapi.errors.IntrusionException.actions=log,disable,logout
+
+# for test purposes
+# CHECKME: Shouldn't there be something in the property name itself that designates
+#		   that these are for testing???
+IntrusionDetector.org.owasp.esapi.errors.IntegrityException.count=10
+IntrusionDetector.org.owasp.esapi.errors.IntegrityException.interval=5
+IntrusionDetector.org.owasp.esapi.errors.IntegrityException.actions=log,disable,logout
+
+# rapid validation errors indicate scans or attacks in progress
+# org.owasp.esapi.errors.ValidationException.count=10
+# org.owasp.esapi.errors.ValidationException.interval=10
+# org.owasp.esapi.errors.ValidationException.actions=log,logout
+
+# sessions jumping between hosts indicates session hijacking
+IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.count=2
+IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.interval=10
+IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.actions=log,logout
+
+
+#===========================================================================
+# ESAPI Validation
+#
+# The ESAPI Validator works on regular expressions with defined names. You can define names
+# either here, or you may define application specific patterns in a separate file defined below.
+# This allows enterprises to specify both organizational standards as well as application specific
+# validation rules.
+#
+Validator.ConfigurationFile.MultiValued=true
+Validator.ConfigurationFile="validation-test,comma.properties",validation-test1.properties,validation-test2.properties
+
+# Validators used by ESAPI
+Validator.AccountName=^[a-zA-Z0-9]{3,20}$
+Validator.SystemCommand=^[a-zA-Z\\-\\/]{1,64}$
+Validator.RoleName=^[a-z]{1,20}$
+Validator.Redirect=^\\/test.*$
+
+# Global HTTP Validation Rules
+# Values with Base64 encoded data (e.g. encrypted state) will need at least [a-zA-Z0-9\/+=]
+Validator.HTTPScheme=^(http|https)$
+Validator.HTTPServerName=^[a-zA-Z0-9_.\\-]*$
+Validator.HTTPCookieName=^[a-zA-Z0-9\\-_]{1,32}$
+Validator.HTTPCookieValue=^[a-zA-Z0-9\\-\\/+=_ ]*$
+Validator.HTTPHeaderName=^[a-zA-Z0-9\\-_]{1,32}$
+Validator.HTTPHeaderValue=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$
+Validator.HTTPServletPath=^[a-zA-Z0-9.\\-\\/_]*$
+Validator.HTTPPath=^[a-zA-Z0-9.\\-_]*$
+Validator.HTTPURL=^.*$
+Validator.HTTPJSESSIONID=^[A-Z0-9]{10,30}$
+
+# Contributed by Fraenku@gmx.ch
+# Googlecode Issue 116 (http://code.google.com/p/owasp-esapi-java/issues/detail?id=116)
+Validator.HTTPParameterName=^[a-zA-Z0-9_\\-]{1,32}$
+Validator.HTTPParameterValue=^[\\p{L}\\p{N}.\\-/+=_ !$*?@]{0,1000}$
+Validator.HTTPContextPath=^/[a-zA-Z0-9.\\-_]*$
+Validator.HTTPQueryString=^([a-zA-Z0-9_\\-]{1,32}=[\\p{L}\\p{N}.\\-/+=_ !$*?@%]*&?)*$
+Validator.HTTPURI=^/([a-zA-Z0-9.\\-_]*/?)*$
+
+
+# Validation of file related input
+Validator.FileName=^[a-zA-Z0-9!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
+Validator.DirectoryName=^[a-zA-Z0-9:/\\\\!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
+
+# Validation of dates. Controls whether or not 'lenient' dates are accepted.
+# See DataFormat.setLenient(boolean flag) for further details.
 Validator.AcceptLenientDates=false
\ No newline at end of file

From c52a1f7981194a828bdc064268c349a950dd720f Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Tue, 19 Jan 2016 01:12:42 -0500
Subject: [PATCH 321/812] Address issue 356.

---
 ...SAPI-SingleValidatorFileChecker.properties | 930 +++++++++---------
 1 file changed, 465 insertions(+), 465 deletions(-)

diff --git a/src/test/resources/esapi/ESAPI-SingleValidatorFileChecker.properties b/src/test/resources/esapi/ESAPI-SingleValidatorFileChecker.properties
index 95cdb0056..d741f3608 100644
--- a/src/test/resources/esapi/ESAPI-SingleValidatorFileChecker.properties
+++ b/src/test/resources/esapi/ESAPI-SingleValidatorFileChecker.properties
@@ -1,466 +1,466 @@
-#
-# OWASP Enterprise Security API (ESAPI) Properties file -- TEST Version
-# 
-# This file is part of the Open Web Application Security Project (OWASP)
-# Enterprise Security API (ESAPI) project. For details, please see
-# http://www.owasp.org/index.php/ESAPI.
-#
-# Copyright (c) 2008,2009 - The OWASP Foundation
-#
-# DISCUSS: This may cause a major backwards compatibility issue, etc. but
-#		   from a name space perspective, we probably should have prefaced
-#		   all the property names with ESAPI or at least OWASP. Otherwise
-#		   there could be problems is someone loads this properties file into
-#		   the System properties.  We could also put this file into the
-#		   esapi.jar file (perhaps as a ResourceBundle) and then allow an external
-#		   ESAPI properties be defined that would overwrite these defaults.
-#		   That keeps the application's properties relatively simple as usually
-#		   they will only want to override a few properties. If looks like we
-#		   already support multiple override levels of this in the
-#		   DefaultSecurityConfiguration class, but I'm suggesting placing the
-#		   defaults in the esapi.jar itself. That way, if the jar is signed,
-#		   we could detect if those properties had been tampered with. (The
-#		   code to check the jar signatures is pretty simple... maybe 70-90 LOC,
-#		   but off course there is an execution penalty (similar to the way
-#		   that the separate sunjce.jar used to be when a class from it was
-#		   first loaded). Thoughts?
-###############################################################################
-#
-# WARNING: Operating system protection should be used to lock down the .esapi
-# resources directory and all the files inside and all the directories all the
-# way up to the root directory of the file system.  Note that if you are using
-# file-based implementations, that some files may need to be read-write as they
-# get updated dynamically.
-#
-# Before using, be sure to update the MasterKey and MasterSalt as described below.
-# N.B.: If you had stored data that you have previously encrypted with ESAPI 1.4,
-#		you *must* FIRST decrypt it using ESAPI 1.4 and then (if so desired)
-#		re-encrypt it with ESAPI 2.0. If you fail to do this, you will NOT be
-#		able to decrypt your data with ESAPI 2.0.
-#
-#		YOU HAVE BEEN WARNED!!! More details are in the ESAPI 2.0 Release Notes.
-#
-#===========================================================================
-# ESAPI Configuration
-#
-# If true, then print all the ESAPI properties set here when they are loaded.
-# If false, they are not printed. Useful to reduce output when running JUnit tests.
-# If you need to troubleshoot a properties related problem, turning this on may help,
-# but we leave it off for running JUnit tests. (It will be 'true' in the one delivered
-# as part of production ESAPI, mostly for backward compatibility.)
-ESAPI.printProperties=false
-
-# ESAPI is designed to be easily extensible. You can use the reference implementation
-# or implement your own providers to take advantage of your enterprise's security
-# infrastructure. The functions in ESAPI are referenced using the ESAPI locator, like:
-#
-#    String ciphertext =
-#		ESAPI.encryptor().encrypt("Secret message");   // Deprecated in 2.0
-#    CipherText cipherText =
-#		ESAPI.encryptor().encrypt(new PlainText("Secret message")); // Preferred
-#
-# Below you can specify the classname for the provider that you wish to use in your
-# application. The only requirement is that it implement the appropriate ESAPI interface.
-# This allows you to switch security implementations in the future without rewriting the
-# entire application.
-#
-# ExperimentalAccessController requires ESAPI-AccessControlPolicy.xml in .esapi directory
-ESAPI.AccessControl=org.owasp.esapi.reference.DefaultAccessController
-# FileBasedAuthenticator requires users.txt file in .esapi directory
-ESAPI.Authenticator=org.owasp.esapi.reference.FileBasedAuthenticator
-ESAPI.Encoder=org.owasp.esapi.reference.DefaultEncoder
-ESAPI.Encryptor=org.owasp.esapi.reference.crypto.JavaEncryptor
-
-ESAPI.Executor=org.owasp.esapi.reference.DefaultExecutor
-ESAPI.HTTPUtilities=org.owasp.esapi.reference.DefaultHTTPUtilities
-ESAPI.IntrusionDetector=org.owasp.esapi.reference.DefaultIntrusionDetector
-# Log4JFactory Requires log4j.xml or log4j.properties in classpath - http://www.laliluna.de/log4j-tutorial.html
-ESAPI.Logger=org.owasp.esapi.reference.Log4JLogFactory
-#ESAPI.Logger=org.owasp.esapi.reference.JavaLogFactory
-#ESAPI.Logger=org.owasp.esapi.reference.ExampleExtendedLog4JLogFactory
-ESAPI.Randomizer=org.owasp.esapi.reference.DefaultRandomizer
-ESAPI.Validator=org.owasp.esapi.reference.DefaultValidator
-
-#===========================================================================
-# ESAPI Authenticator
-#
-Authenticator.AllowedLoginAttempts=3
-Authenticator.MaxOldPasswordHashes=13
-Authenticator.UsernameParameterName=username
-Authenticator.PasswordParameterName=password
-# RememberTokenDuration (in days)
-Authenticator.RememberTokenDuration=14
-# Session Timeouts (in minutes)
-Authenticator.IdleTimeoutDuration=20
-Authenticator.AbsoluteTimeoutDuration=120
-
-#===========================================================================
-# ESAPI Encoder
-#
-# ESAPI canonicalizes input before validation to prevent bypassing filters with encoded attacks.
-# Failure to canonicalize input is a very common mistake when implementing validation schemes.
-# Canonicalization is automatic when using the ESAPI Validator, but you can also use the
-# following code to canonicalize data.
-#
-#      ESAPI.Encoder().canonicalize( "%22hello world&#x22;" );
-#  
-# Multiple encoding is when a single encoding format is applied multiple times. Allowing
-# multiple encoding is strongly discouraged.
-Encoder.AllowMultipleEncoding=false
-
-# Mixed encoding is when multiple different encoding formats are applied, or when
-# multiple formats are nested. Allowing multiple encoding is strongly discouraged.
-Encoder.AllowMixedEncoding=false
-
-# The default list of codecs to apply when canonicalizing untrusted data. The list should include the codecs
-# for all downstream interpreters or decoders. For example, if the data is likely to end up in a URL, HTML, or
-# inside JavaScript, then the list of codecs below is appropriate. The order of the list is not terribly important.
-Encoder.DefaultCodecList=HTMLEntityCodec,PercentCodec,JavaScriptCodec
-
-
-#===========================================================================
-# ESAPI Encryption
-#
-# The ESAPI Encryptor provides basic cryptographic functions with a simplified API.
-# To get started, generate a new key using java -classpath esapi.jar org.owasp.esapi.reference.crypto.JavaEncryptor
-# There is not currently any support for key rotation, so be careful when changing your key and salt as it
-# will invalidate all signed, encrypted, and hashed data.
-#
-# WARNING: Not all combinations of algorithms and key lengths are supported.
-# If you choose to use a key length greater than 128, you MUST download the
-# unlimited strength policy files and install in the lib directory of your JRE/JDK.
-# See http://java.sun.com/javase/downloads/index.jsp for more information.
-#
-# Backward compatibility with ESAPI Java 1.4 is supported by the two deprecated API
-# methods, Encryptor.encrypt(String) and Encryptor.decrypt(String). However, whenever
-# possible, these methods should be avoided as they use ECB cipher mode, which in almost
-# all circumstances a poor choice because of it's weakness. CBC cipher mode is the default
-# for the new Encryptor encrypt / decrypt methods for ESAPI Java 2.0.  In general, you
-# should only use this compatibility setting if you have persistent data encrypted with
-# version 1.4 and even then, you should ONLY set this compatibility mode UNTIL
-# you have decrypted all of your old encrypted data and then re-encrypted it with
-# ESAPI 2.0 using CBC mode. If you have some reason to mix the deprecated 1.4 mode
-# with the new 2.0 methods, make sure that you use the same cipher algorithm for both
-# (256-bit AES was the default for 1.4; 128-bit is the default for 2.0; see below for
-# more details.) Otherwise, you will have to use the new 2.0 encrypt / decrypt methods
-# where you can specify a SecretKey. (Note that if you are using the 256-bit AES,
-# that requires downloading the special jurisdiction policy files mentioned above.)
-#
-#		***** IMPORTANT: These are for JUnit testing. Test files may have been
-#						 encrypted using these values so do not change these or
-#						 those tests will fail. The version under
-#							src/main/resources/.esapi/ESAPI.properties
-#						 will be delivered with Encryptor.MasterKey and
-#						 Encryptor.MasterSalt set to the empty string.
-#
-#						 FINAL NOTE:
-#                           If Maven changes these when run, that needs to be fixed.
-#       256-bit key... requires unlimited strength jurisdiction policy files
-### Encryptor.MasterKey=pJhlri8JbuFYDgkqtHmm9s0Ziug2PE7ovZDyEPm4j14=
-#       128-bit key
-Encryptor.MasterKey=a6H9is3hEVGKB4Jut+lOVA==
-Encryptor.MasterSalt=SbftnvmEWD5ZHHP+pX3fqugNysc=
-# Encryptor.MasterSalt=
-
-# Provides the default JCE provider that ESAPI will "prefer" for its symmetric
-# encryption and hashing. (That is it will look to this provider first, but it
-# will defer to other providers if the requested algorithm is not implemented
-# by this provider.) If left unset, ESAPI will just use your Java VM's current
-# preferred JCE provider, which is generally set in the file
-# "$JAVA_HOME/jre/lib/security/java.security".
-#
-# The main intent of this is to allow ESAPI symmetric encryption to be
-# used with a FIPS 140-2 compliant crypto-module. For details, see the section
-# "Using ESAPI Symmetric Encryption with FIPS 140-2 Cryptographic Modules" in
-# the ESAPI 2.0 Symmetric Encryption User Guide, at:
-# http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html
-# However, this property also allows you to easily use an alternate JCE provider
-# such as "Bouncy Castle" without having to make changes to "java.security".
-# See Javadoc for SecurityProviderLoader for further details. If you wish to use
-# a provider that is not known to SecurityProviderLoader, you may specify the
-# fully-qualified class name of the JCE provider class that implements
-# java.security.Provider. If the name contains a '.', this is interpreted as
-# a fully-qualified class name that implements java.security.Provider.
-#
-# NOTE: Setting this property has the side-effect of changing it in your application
-#       as well, so if you are using JCE in your application directly rather than
-#       through ESAPI (you wouldn't do that, would you? ;-), it will change the
-#       preferred JCE provider there as well.
-#
-# Default: Keeps the JCE provider set to whatever JVM sets it to.
-Encryptor.PreferredJCEProvider=
-
-# AES is the most widely used and strongest encryption algorithm. This
-# should agree with your Encryptor.CipherTransformation property.
-# By default, ESAPI Java 1.4 uses "PBEWithMD5AndDES" and which is
-# very weak. It is essentially a password-based encryption key, hashed
-# with MD5 around 1K times and then encrypted with the weak DES algorithm
-# (56-bits) using ECB mode and an unspecified padding (it is
-# JCE provider specific, but most likely "NoPadding"). However, 2.0 uses
-# "AES/CBC/PKCSPadding". If you want to change these, change them here.
-# Warning: This property does not control the default reference implementation for
-#		   ESAPI 2.0 using JavaEncryptor. Also, this property will be dropped
-#		   in the future.
-# @deprecated
-Encryptor.EncryptionAlgorithm=AES
-#		For ESAPI Java 2.0 - New encrypt / decrypt methods use this.
-Encryptor.CipherTransformation=AES/CBC/PKCS5Padding
-
-# Applies to ESAPI 2.0 and later only!
-# Comma-separated list of cipher modes that provide *BOTH*
-# confidentiality *AND* message authenticity. (NIST refers to such cipher
-# modes as "combined modes" so that's what we shall call them.) If any of these
-# cipher modes are used then no MAC is calculated and stored
-# in the CipherText upon encryption. Likewise, if one of these
-# cipher modes is used with decryption, no attempt will be made
-# to validate the MAC contained in the CipherText object regardless
-# of whether it contains one or not. Since the expectation is that
-# these cipher modes support support message authenticity already,
-# injecting a MAC in the CipherText object would be at best redundant.
-#
-# Note that as of JDK 1.5, the SunJCE provider does not support *any*
-# of these cipher modes. Of these listed, only GCM and CCM are currently
-# NIST approved. YMMV for other JCE providers. E.g., Bouncy Castle supports
-# GCM and CCM with "NoPadding" mode, but not with "PKCS5Padding" or other
-# padding modes.
-Encryptor.cipher_modes.combined_modes=GCM,CCM,IAPM,EAX,OCB,CWC
-
-# Applies to ESAPI 2.0 and later only!
-# Additional cipher modes allowed for ESAPI 2.0 encryption. These
-# cipher modes are in _addition_ to those specified by the property
-# 'Encryptor.cipher_modes.combined_modes'.
-# Note: We will add support for streaming modes like CFB & OFB once
-# we add support for 'specified' to the property 'Encryptor.ChooseIVMethod'
-# (probably in ESAPI 2.1).
-#
-#	IMPORTANT NOTE:	In the official ESAPI.properties we do *NOT* include ECB
-#					here as this is an extremely weak mode. However, we *must*
-#					allow it here so we can test ECB mode. That is important
-#					since the logic is somewhat different (i.e., ECB mode does
-#					not use an IV).
-# DISCUSS: Better name?
-#	NOTE: ECB added only for testing purposes. Don't try this at home!
-Encryptor.cipher_modes.additional_allowed=CBC,ECB
-
-# 128-bit is almost always sufficient and appears to be more resistant to
-# related key attacks than is 256-bit AES. Use '_' to use default key size
-# for cipher algorithms (where it makes sense because the algorithm supports
-# a variable key size). Key length must agree to what's provided as the
-# cipher transformation, otherwise this will be ignored after logging a
-# warning.
-#
-# NOTE: This is what applies BOTH ESAPI 1.4 and 2.0. See warning above about mixing!
-Encryptor.EncryptionKeyLength=128
-
-# Because 2.0 uses CBC mode by default, it requires an initialization vector (IV).
-# (All cipher modes except ECB require an IV.) There are two choices: we can either
-# use a fixed IV known to both parties or allow ESAPI to choose a random IV. While
-# the IV does not need to be hidden from adversaries, it is important that the
-# adversary not be allowed to choose it. Also, random IVs are generally much more
-# secure than fixed IVs. (In fact, it is essential that feed-back cipher modes
-# such as CFB and OFB use a different IV for each encryption with a given key so
-# in such cases, random IVs are much preferred. By default, ESAPI 2.0 uses random
-# IVs. If you wish to use 'fixed' IVs, set 'Encryptor.ChooseIVMethod=fixed' and
-# uncomment the Encryptor.fixedIV.
-#
-# Valid values:		random|fixed|specified		'specified' not yet implemented; planned for 2.1
-Encryptor.ChooseIVMethod=random
-# If you choose to use a fixed IV, then you must place a fixed IV here that
-# is known to all others who are sharing your secret key. The format should
-# be a hex string that is the same length as the cipher block size for the
-# cipher algorithm that you are using. The following is an example for AES
-# from an AES test vector for AES-128/CBC as described in:
-# NIST Special Publication 800-38A (2001 Edition)
-# "Recommendation for Block Cipher Modes of Operation".
-# (Note that the block size for AES is 16 bytes == 128 bits.)
-#
-Encryptor.fixedIV=0x000102030405060708090a0b0c0d0e0f
-
-# Whether or not CipherText should use a message authentication code (MAC) with it.
-# This prevents an adversary from altering the IV as well as allowing a more
-# fool-proof way of determining the decryption failed because of an incorrect
-# key being supplied. This refers to the "separate" MAC calculated and stored
-# in CipherText, not part of any MAC that is calculated as a result of a
-# "combined mode" cipher mode.
-#
-# If you are using ESAPI with a FIPS 140-2 cryptographic module, you *must* also
-# set this property to false.
-Encryptor.CipherText.useMAC=true
-
-# Whether or not the PlainText object may be overwritten and then marked
-# eligible for garbage collection. If not set, this is still treated as 'true'.
-Encryptor.PlainText.overwrite=true
-
-# Do not use DES except in a legacy situations. 56-bit is way too small key size.
-#Encryptor.EncryptionKeyLength=56
-#Encryptor.EncryptionAlgorithm=DES
-
-# TripleDES is considered strong enough for most purposes.
-#	Note:	There is also a 112-bit version of DESede. Using the 168-bit version
-#			requires downloading the special jurisdiction policy from Sun.
-#Encryptor.EncryptionKeyLength=168
-#Encryptor.EncryptionAlgorithm=DESede
-
-Encryptor.HashAlgorithm=SHA-512
-Encryptor.HashIterations=1024
-Encryptor.DigitalSignatureAlgorithm=SHA1withDSA
-Encryptor.DigitalSignatureKeyLength=1024
-Encryptor.RandomAlgorithm=SHA1PRNG
-Encryptor.CharacterEncoding=UTF-8
-# Currently supported choices for JDK 1.5 and 1.6 are:
-#	HmacSHA1 (160 bits), HmacSHA256 (256 bits), HmacSHA384 (384 bits), and
-#	HmacSHA512 (512 bits).
-# Note that HmacMD5 is *not* supported for the PRF used by the KDF even though
-# these JDKs support it.
-Encryptor.KDF.PRF=HmacSHA256
-
-#===========================================================================
-# ESAPI HttpUtilties
-#
-# The HttpUtilities provide basic protections to HTTP requests and responses. Primarily these methods 
-# protect against malicious data from attackers, such as unprintable characters, escaped characters,
-# and other simple attacks. The HttpUtilities also provides utility methods for dealing with cookies,
-# headers, and CSRF tokens.
-#
-# Default file upload location (remember to escape backslashes with \\)
-HttpUtilities.UploadDir=C:\\ESAPI\\testUpload
-# let this default to java.io.tmpdir for testing
-#HttpUtilities.UploadTempDir=C:\\temp
-# Force flags on cookies, if you use HttpUtilities to set cookies
-HttpUtilities.ForceHttpOnlySession=false
-HttpUtilities.ForceSecureSession=false
-HttpUtilities.ForceHttpOnlyCookies=true
-HttpUtilities.ForceSecureCookies=true
-# Maximum size of HTTP headers
-HttpUtilities.MaxHeaderSize=4096
-# File upload configuration
-HttpUtilities.ApprovedUploadExtensions=.zip,.pdf,.doc,.docx,.ppt,.pptx,.tar,.gz,.tgz,.rar,.war,.jar,.ear,.xls,.rtf,.properties,.java,.class,.txt,.xml,.jsp,.jsf,.exe,.dll
-HttpUtilities.MaxUploadFileBytes=500000000
-# Using UTF-8 throughout your stack is highly recommended. That includes your database driver,
-# container, and any other technologies you may be using. Failure to do this may expose you
-# to Unicode transcoding injection attacks. Use of UTF-8 does not hinder internationalization.
-HttpUtilities.ResponseContentType=text/html; charset=UTF-8
-# This is the name of the cookie used to represent the HTTP session
-# Typically this will be the default "JSESSIONID" 
-HttpUtilities.HttpSessionIdName=JSESSIONID
-
-
-
-#===========================================================================
-# ESAPI Executor
-# CHECKME - Not sure what this is used for, but surely it should be made OS independent.
-Executor.WorkingDirectory=C:\\Windows\\Temp
-Executor.ApprovedExecutables=C:\\Windows\\System32\\cmd.exe,C:\\Windows\\System32\\runas.exe
-
-
-#===========================================================================
-# ESAPI Logging
-# Set the application name if these logs are combined with other applications
-Logger.ApplicationName=ExampleApplication
-# If you use an HTML log viewer that does not properly HTML escape log data, you can set LogEncodingRequired to true
-Logger.LogEncodingRequired=false
-# Determines whether ESAPI should log the application name. This might be clutter in some single-server/single-app environments.
-Logger.LogApplicationName=true
-# Determines whether ESAPI should log the server IP and port. This might be clutter in some single-server environments.
-Logger.LogServerIP=true
-# LogFileName, the name of the logging file. Provide a full directory path (e.g., C:\\ESAPI\\ESAPI_logging_file) if you
-# want to place it in a specific directory.
-Logger.LogFileName=ESAPI_logging_file
-# MaxLogFileSize, the max size (in bytes) of a single log file before it cuts over to a new one (default is 10,000,000)
-Logger.MaxLogFileSize=10000000
-
-
-#===========================================================================
-# ESAPI Intrusion Detection
-#
-# Each event has a base to which .count, .interval, and .action are added
-# The IntrusionException will fire if we receive "count" events within "interval" seconds
-# The IntrusionDetector is configurable to take the following actions: log, logout, and disable
-#  (multiple actions separated by commas are allowed e.g. event.test.actions=log,disable
-#
-# Custom Events
-# Names must start with "event." as the base
-# Use IntrusionDetector.addEvent( "test" ) in your code to trigger "event.test" here
-# You can also disable intrusion detection completely by changing
-# the following parameter to true
-#
-IntrusionDetector.Disable=false
-#
-IntrusionDetector.event.test.count=2
-IntrusionDetector.event.test.interval=10
-IntrusionDetector.event.test.actions=disable,log
-
-# Exception Events
-# All EnterpriseSecurityExceptions are registered automatically
-# Call IntrusionDetector.getInstance().addException(e) for Exceptions that do not extend EnterpriseSecurityException
-# Use the fully qualified classname of the exception as the base
-
-# any intrusion is an attack
-IntrusionDetector.org.owasp.esapi.errors.IntrusionException.count=1
-IntrusionDetector.org.owasp.esapi.errors.IntrusionException.interval=1
-IntrusionDetector.org.owasp.esapi.errors.IntrusionException.actions=log,disable,logout
-
-# for test purposes
-# CHECKME: Shouldn't there be something in the property name itself that designates
-#		   that these are for testing???
-IntrusionDetector.org.owasp.esapi.errors.IntegrityException.count=10
-IntrusionDetector.org.owasp.esapi.errors.IntegrityException.interval=5
-IntrusionDetector.org.owasp.esapi.errors.IntegrityException.actions=log,disable,logout
-
-# rapid validation errors indicate scans or attacks in progress
-# org.owasp.esapi.errors.ValidationException.count=10
-# org.owasp.esapi.errors.ValidationException.interval=10
-# org.owasp.esapi.errors.ValidationException.actions=log,logout
-
-# sessions jumping between hosts indicates session hijacking
-IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.count=2
-IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.interval=10
-IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.actions=log,logout
-
-
-#===========================================================================
-# ESAPI Validation
-#
-# The ESAPI Validator works on regular expressions with defined names. You can define names
-# either here, or you may define application specific patterns in a separate file defined below.
-# This allows enterprises to specify both organizational standards as well as application specific
-# validation rules.
-#
-#Validator.ConfigurationFile.MultiValued=false
-Validator.ConfigurationFile=validation-test1.properties
-
-# Validators used by ESAPI
-Validator.AccountName=^[a-zA-Z0-9]{3,20}$
-Validator.SystemCommand=^[a-zA-Z\\-\\/]{1,64}$
-Validator.RoleName=^[a-z]{1,20}$
-Validator.Redirect=^\\/test.*$
-
-# Global HTTP Validation Rules
-# Values with Base64 encoded data (e.g. encrypted state) will need at least [a-zA-Z0-9\/+=]
-Validator.HTTPScheme=^(http|https)$
-Validator.HTTPServerName=^[a-zA-Z0-9_.\\-]*$
-Validator.HTTPCookieName=^[a-zA-Z0-9\\-_]{1,32}$
-Validator.HTTPCookieValue=^[a-zA-Z0-9\\-\\/+=_ ]*$
-Validator.HTTPHeaderName=^[a-zA-Z0-9\\-_]{1,32}$
-Validator.HTTPHeaderValue=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$
-Validator.HTTPServletPath=^[a-zA-Z0-9.\\-\\/_]*$
-Validator.HTTPPath=^[a-zA-Z0-9.\\-_]*$
-Validator.HTTPURL=^.*$
-Validator.HTTPJSESSIONID=^[A-Z0-9]{10,30}$
-
-# Contributed by Fraenku@gmx.ch
-# Googlecode Issue 116 (http://code.google.com/p/owasp-esapi-java/issues/detail?id=116)
-Validator.HTTPParameterName=^[a-zA-Z0-9_\\-]{1,32}$
-Validator.HTTPParameterValue=^[\\p{L}\\p{N}.\\-/+=_ !$*?@]{0,1000}$
-Validator.HTTPContextPath=^/[a-zA-Z0-9.\\-_]*$
-Validator.HTTPQueryString=^([a-zA-Z0-9_\\-]{1,32}=[\\p{L}\\p{N}.\\-/+=_ !$*?@%]*&?)*$
-Validator.HTTPURI=^/([a-zA-Z0-9.\\-_]*/?)*$
-
-
-# Validation of file related input
-Validator.FileName=^[a-zA-Z0-9!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
-Validator.DirectoryName=^[a-zA-Z0-9:/\\\\!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
-
-# Validation of dates. Controls whether or not 'lenient' dates are accepted.
-# See DataFormat.setLenient(boolean flag) for further details.
+#
+# OWASP Enterprise Security API (ESAPI) Properties file -- TEST Version
+# 
+# This file is part of the Open Web Application Security Project (OWASP)
+# Enterprise Security API (ESAPI) project. For details, please see
+# http://www.owasp.org/index.php/ESAPI.
+#
+# Copyright (c) 2008,2009 - The OWASP Foundation
+#
+# DISCUSS: This may cause a major backwards compatibility issue, etc. but
+#		   from a name space perspective, we probably should have prefaced
+#		   all the property names with ESAPI or at least OWASP. Otherwise
+#		   there could be problems is someone loads this properties file into
+#		   the System properties.  We could also put this file into the
+#		   esapi.jar file (perhaps as a ResourceBundle) and then allow an external
+#		   ESAPI properties be defined that would overwrite these defaults.
+#		   That keeps the application's properties relatively simple as usually
+#		   they will only want to override a few properties. If looks like we
+#		   already support multiple override levels of this in the
+#		   DefaultSecurityConfiguration class, but I'm suggesting placing the
+#		   defaults in the esapi.jar itself. That way, if the jar is signed,
+#		   we could detect if those properties had been tampered with. (The
+#		   code to check the jar signatures is pretty simple... maybe 70-90 LOC,
+#		   but off course there is an execution penalty (similar to the way
+#		   that the separate sunjce.jar used to be when a class from it was
+#		   first loaded). Thoughts?
+###############################################################################
+#
+# WARNING: Operating system protection should be used to lock down the .esapi
+# resources directory and all the files inside and all the directories all the
+# way up to the root directory of the file system.  Note that if you are using
+# file-based implementations, that some files may need to be read-write as they
+# get updated dynamically.
+#
+# Before using, be sure to update the MasterKey and MasterSalt as described below.
+# N.B.: If you had stored data that you have previously encrypted with ESAPI 1.4,
+#		you *must* FIRST decrypt it using ESAPI 1.4 and then (if so desired)
+#		re-encrypt it with ESAPI 2.0. If you fail to do this, you will NOT be
+#		able to decrypt your data with ESAPI 2.0.
+#
+#		YOU HAVE BEEN WARNED!!! More details are in the ESAPI 2.0 Release Notes.
+#
+#===========================================================================
+# ESAPI Configuration
+#
+# If true, then print all the ESAPI properties set here when they are loaded.
+# If false, they are not printed. Useful to reduce output when running JUnit tests.
+# If you need to troubleshoot a properties related problem, turning this on may help,
+# but we leave it off for running JUnit tests. (It will be 'true' in the one delivered
+# as part of production ESAPI, mostly for backward compatibility.)
+ESAPI.printProperties=false
+
+# ESAPI is designed to be easily extensible. You can use the reference implementation
+# or implement your own providers to take advantage of your enterprise's security
+# infrastructure. The functions in ESAPI are referenced using the ESAPI locator, like:
+#
+#    String ciphertext =
+#		ESAPI.encryptor().encrypt("Secret message");   // Deprecated in 2.0
+#    CipherText cipherText =
+#		ESAPI.encryptor().encrypt(new PlainText("Secret message")); // Preferred
+#
+# Below you can specify the classname for the provider that you wish to use in your
+# application. The only requirement is that it implement the appropriate ESAPI interface.
+# This allows you to switch security implementations in the future without rewriting the
+# entire application.
+#
+# ExperimentalAccessController requires ESAPI-AccessControlPolicy.xml in .esapi directory
+ESAPI.AccessControl=org.owasp.esapi.reference.DefaultAccessController
+# FileBasedAuthenticator requires users.txt file in .esapi directory
+ESAPI.Authenticator=org.owasp.esapi.reference.FileBasedAuthenticator
+ESAPI.Encoder=org.owasp.esapi.reference.DefaultEncoder
+ESAPI.Encryptor=org.owasp.esapi.reference.crypto.JavaEncryptor
+
+ESAPI.Executor=org.owasp.esapi.reference.DefaultExecutor
+ESAPI.HTTPUtilities=org.owasp.esapi.reference.DefaultHTTPUtilities
+ESAPI.IntrusionDetector=org.owasp.esapi.reference.DefaultIntrusionDetector
+# Log4JFactory Requires log4j.xml or log4j.properties in classpath - http://www.laliluna.de/log4j-tutorial.html
+ESAPI.Logger=org.owasp.esapi.reference.Log4JLogFactory
+#ESAPI.Logger=org.owasp.esapi.reference.JavaLogFactory
+#ESAPI.Logger=org.owasp.esapi.reference.ExampleExtendedLog4JLogFactory
+ESAPI.Randomizer=org.owasp.esapi.reference.DefaultRandomizer
+ESAPI.Validator=org.owasp.esapi.reference.DefaultValidator
+
+#===========================================================================
+# ESAPI Authenticator
+#
+Authenticator.AllowedLoginAttempts=3
+Authenticator.MaxOldPasswordHashes=13
+Authenticator.UsernameParameterName=username
+Authenticator.PasswordParameterName=password
+# RememberTokenDuration (in days)
+Authenticator.RememberTokenDuration=14
+# Session Timeouts (in minutes)
+Authenticator.IdleTimeoutDuration=20
+Authenticator.AbsoluteTimeoutDuration=120
+
+#===========================================================================
+# ESAPI Encoder
+#
+# ESAPI canonicalizes input before validation to prevent bypassing filters with encoded attacks.
+# Failure to canonicalize input is a very common mistake when implementing validation schemes.
+# Canonicalization is automatic when using the ESAPI Validator, but you can also use the
+# following code to canonicalize data.
+#
+#      ESAPI.Encoder().canonicalize( "%22hello world&#x22;" );
+#  
+# Multiple encoding is when a single encoding format is applied multiple times. Allowing
+# multiple encoding is strongly discouraged.
+Encoder.AllowMultipleEncoding=false
+
+# Mixed encoding is when multiple different encoding formats are applied, or when
+# multiple formats are nested. Allowing multiple encoding is strongly discouraged.
+Encoder.AllowMixedEncoding=false
+
+# The default list of codecs to apply when canonicalizing untrusted data. The list should include the codecs
+# for all downstream interpreters or decoders. For example, if the data is likely to end up in a URL, HTML, or
+# inside JavaScript, then the list of codecs below is appropriate. The order of the list is not terribly important.
+Encoder.DefaultCodecList=HTMLEntityCodec,PercentCodec,JavaScriptCodec
+
+
+#===========================================================================
+# ESAPI Encryption
+#
+# The ESAPI Encryptor provides basic cryptographic functions with a simplified API.
+# To get started, generate a new key using java -classpath esapi.jar org.owasp.esapi.reference.crypto.JavaEncryptor
+# There is not currently any support for key rotation, so be careful when changing your key and salt as it
+# will invalidate all signed, encrypted, and hashed data.
+#
+# WARNING: Not all combinations of algorithms and key lengths are supported.
+# If you choose to use a key length greater than 128, you MUST download the
+# unlimited strength policy files and install in the lib directory of your JRE/JDK.
+# See http://java.sun.com/javase/downloads/index.jsp for more information.
+#
+# Backward compatibility with ESAPI Java 1.4 is supported by the two deprecated API
+# methods, Encryptor.encrypt(String) and Encryptor.decrypt(String). However, whenever
+# possible, these methods should be avoided as they use ECB cipher mode, which in almost
+# all circumstances a poor choice because of it's weakness. CBC cipher mode is the default
+# for the new Encryptor encrypt / decrypt methods for ESAPI Java 2.0.  In general, you
+# should only use this compatibility setting if you have persistent data encrypted with
+# version 1.4 and even then, you should ONLY set this compatibility mode UNTIL
+# you have decrypted all of your old encrypted data and then re-encrypted it with
+# ESAPI 2.0 using CBC mode. If you have some reason to mix the deprecated 1.4 mode
+# with the new 2.0 methods, make sure that you use the same cipher algorithm for both
+# (256-bit AES was the default for 1.4; 128-bit is the default for 2.0; see below for
+# more details.) Otherwise, you will have to use the new 2.0 encrypt / decrypt methods
+# where you can specify a SecretKey. (Note that if you are using the 256-bit AES,
+# that requires downloading the special jurisdiction policy files mentioned above.)
+#
+#		***** IMPORTANT: These are for JUnit testing. Test files may have been
+#						 encrypted using these values so do not change these or
+#						 those tests will fail. The version under
+#							src/main/resources/.esapi/ESAPI.properties
+#						 will be delivered with Encryptor.MasterKey and
+#						 Encryptor.MasterSalt set to the empty string.
+#
+#						 FINAL NOTE:
+#                           If Maven changes these when run, that needs to be fixed.
+#       256-bit key... requires unlimited strength jurisdiction policy files
+### Encryptor.MasterKey=pJhlri8JbuFYDgkqtHmm9s0Ziug2PE7ovZDyEPm4j14=
+#       128-bit key
+Encryptor.MasterKey=a6H9is3hEVGKB4Jut+lOVA==
+Encryptor.MasterSalt=SbftnvmEWD5ZHHP+pX3fqugNysc=
+# Encryptor.MasterSalt=
+
+# Provides the default JCE provider that ESAPI will "prefer" for its symmetric
+# encryption and hashing. (That is it will look to this provider first, but it
+# will defer to other providers if the requested algorithm is not implemented
+# by this provider.) If left unset, ESAPI will just use your Java VM's current
+# preferred JCE provider, which is generally set in the file
+# "$JAVA_HOME/jre/lib/security/java.security".
+#
+# The main intent of this is to allow ESAPI symmetric encryption to be
+# used with a FIPS 140-2 compliant crypto-module. For details, see the section
+# "Using ESAPI Symmetric Encryption with FIPS 140-2 Cryptographic Modules" in
+# the ESAPI 2.0 Symmetric Encryption User Guide, at:
+# http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html
+# However, this property also allows you to easily use an alternate JCE provider
+# such as "Bouncy Castle" without having to make changes to "java.security".
+# See Javadoc for SecurityProviderLoader for further details. If you wish to use
+# a provider that is not known to SecurityProviderLoader, you may specify the
+# fully-qualified class name of the JCE provider class that implements
+# java.security.Provider. If the name contains a '.', this is interpreted as
+# a fully-qualified class name that implements java.security.Provider.
+#
+# NOTE: Setting this property has the side-effect of changing it in your application
+#       as well, so if you are using JCE in your application directly rather than
+#       through ESAPI (you wouldn't do that, would you? ;-), it will change the
+#       preferred JCE provider there as well.
+#
+# Default: Keeps the JCE provider set to whatever JVM sets it to.
+Encryptor.PreferredJCEProvider=
+
+# AES is the most widely used and strongest encryption algorithm. This
+# should agree with your Encryptor.CipherTransformation property.
+# By default, ESAPI Java 1.4 uses "PBEWithMD5AndDES" and which is
+# very weak. It is essentially a password-based encryption key, hashed
+# with MD5 around 1K times and then encrypted with the weak DES algorithm
+# (56-bits) using ECB mode and an unspecified padding (it is
+# JCE provider specific, but most likely "NoPadding"). However, 2.0 uses
+# "AES/CBC/PKCSPadding". If you want to change these, change them here.
+# Warning: This property does not control the default reference implementation for
+#		   ESAPI 2.0 using JavaEncryptor. Also, this property will be dropped
+#		   in the future.
+# @deprecated
+Encryptor.EncryptionAlgorithm=AES
+#		For ESAPI Java 2.0 - New encrypt / decrypt methods use this.
+Encryptor.CipherTransformation=AES/CBC/PKCS5Padding
+
+# Applies to ESAPI 2.0 and later only!
+# Comma-separated list of cipher modes that provide *BOTH*
+# confidentiality *AND* message authenticity. (NIST refers to such cipher
+# modes as "combined modes" so that's what we shall call them.) If any of these
+# cipher modes are used then no MAC is calculated and stored
+# in the CipherText upon encryption. Likewise, if one of these
+# cipher modes is used with decryption, no attempt will be made
+# to validate the MAC contained in the CipherText object regardless
+# of whether it contains one or not. Since the expectation is that
+# these cipher modes support support message authenticity already,
+# injecting a MAC in the CipherText object would be at best redundant.
+#
+# Note that as of JDK 1.5, the SunJCE provider does not support *any*
+# of these cipher modes. Of these listed, only GCM and CCM are currently
+# NIST approved. YMMV for other JCE providers. E.g., Bouncy Castle supports
+# GCM and CCM with "NoPadding" mode, but not with "PKCS5Padding" or other
+# padding modes.
+Encryptor.cipher_modes.combined_modes=GCM,CCM,IAPM,EAX,OCB,CWC
+
+# Applies to ESAPI 2.0 and later only!
+# Additional cipher modes allowed for ESAPI 2.0 encryption. These
+# cipher modes are in _addition_ to those specified by the property
+# 'Encryptor.cipher_modes.combined_modes'.
+# Note: We will add support for streaming modes like CFB & OFB once
+# we add support for 'specified' to the property 'Encryptor.ChooseIVMethod'
+# (probably in ESAPI 2.1).
+#
+#	IMPORTANT NOTE:	In the official ESAPI.properties we do *NOT* include ECB
+#					here as this is an extremely weak mode. However, we *must*
+#					allow it here so we can test ECB mode. That is important
+#					since the logic is somewhat different (i.e., ECB mode does
+#					not use an IV).
+# DISCUSS: Better name?
+#	NOTE: ECB added only for testing purposes. Don't try this at home!
+Encryptor.cipher_modes.additional_allowed=CBC,ECB
+
+# 128-bit is almost always sufficient and appears to be more resistant to
+# related key attacks than is 256-bit AES. Use '_' to use default key size
+# for cipher algorithms (where it makes sense because the algorithm supports
+# a variable key size). Key length must agree to what's provided as the
+# cipher transformation, otherwise this will be ignored after logging a
+# warning.
+#
+# NOTE: This is what applies BOTH ESAPI 1.4 and 2.0. See warning above about mixing!
+Encryptor.EncryptionKeyLength=128
+
+# Because 2.0 uses CBC mode by default, it requires an initialization vector (IV).
+# (All cipher modes except ECB require an IV.) There are two choices: we can either
+# use a fixed IV known to both parties or allow ESAPI to choose a random IV. While
+# the IV does not need to be hidden from adversaries, it is important that the
+# adversary not be allowed to choose it. Also, random IVs are generally much more
+# secure than fixed IVs. (In fact, it is essential that feed-back cipher modes
+# such as CFB and OFB use a different IV for each encryption with a given key so
+# in such cases, random IVs are much preferred. By default, ESAPI 2.0 uses random
+# IVs. If you wish to use 'fixed' IVs, set 'Encryptor.ChooseIVMethod=fixed' and
+# uncomment the Encryptor.fixedIV.
+#
+# Valid values:		random|fixed|specified		'specified' not yet implemented; planned for 2.1
+Encryptor.ChooseIVMethod=random
+# If you choose to use a fixed IV, then you must place a fixed IV here that
+# is known to all others who are sharing your secret key. The format should
+# be a hex string that is the same length as the cipher block size for the
+# cipher algorithm that you are using. The following is an example for AES
+# from an AES test vector for AES-128/CBC as described in:
+# NIST Special Publication 800-38A (2001 Edition)
+# "Recommendation for Block Cipher Modes of Operation".
+# (Note that the block size for AES is 16 bytes == 128 bits.)
+#
+Encryptor.fixedIV=0x000102030405060708090a0b0c0d0e0f
+
+# Whether or not CipherText should use a message authentication code (MAC) with it.
+# This prevents an adversary from altering the IV as well as allowing a more
+# fool-proof way of determining the decryption failed because of an incorrect
+# key being supplied. This refers to the "separate" MAC calculated and stored
+# in CipherText, not part of any MAC that is calculated as a result of a
+# "combined mode" cipher mode.
+#
+# If you are using ESAPI with a FIPS 140-2 cryptographic module, you *must* also
+# set this property to false.
+Encryptor.CipherText.useMAC=true
+
+# Whether or not the PlainText object may be overwritten and then marked
+# eligible for garbage collection. If not set, this is still treated as 'true'.
+Encryptor.PlainText.overwrite=true
+
+# Do not use DES except in a legacy situations. 56-bit is way too small key size.
+#Encryptor.EncryptionKeyLength=56
+#Encryptor.EncryptionAlgorithm=DES
+
+# TripleDES is considered strong enough for most purposes.
+#	Note:	There is also a 112-bit version of DESede. Using the 168-bit version
+#			requires downloading the special jurisdiction policy from Sun.
+#Encryptor.EncryptionKeyLength=168
+#Encryptor.EncryptionAlgorithm=DESede
+
+Encryptor.HashAlgorithm=SHA-512
+Encryptor.HashIterations=1024
+Encryptor.DigitalSignatureAlgorithm=SHA1withDSA
+Encryptor.DigitalSignatureKeyLength=1024
+Encryptor.RandomAlgorithm=SHA1PRNG
+Encryptor.CharacterEncoding=UTF-8
+# Currently supported choices for JDK 1.5 and 1.6 are:
+#	HmacSHA1 (160 bits), HmacSHA256 (256 bits), HmacSHA384 (384 bits), and
+#	HmacSHA512 (512 bits).
+# Note that HmacMD5 is *not* supported for the PRF used by the KDF even though
+# these JDKs support it.
+Encryptor.KDF.PRF=HmacSHA256
+
+#===========================================================================
+# ESAPI HttpUtilties
+#
+# The HttpUtilities provide basic protections to HTTP requests and responses. Primarily these methods 
+# protect against malicious data from attackers, such as unprintable characters, escaped characters,
+# and other simple attacks. The HttpUtilities also provides utility methods for dealing with cookies,
+# headers, and CSRF tokens.
+#
+# Default file upload location (remember to escape backslashes with \\)
+HttpUtilities.UploadDir=C:\\ESAPI\\testUpload
+# let this default to java.io.tmpdir for testing
+#HttpUtilities.UploadTempDir=C:\\temp
+# Force flags on cookies, if you use HttpUtilities to set cookies
+HttpUtilities.ForceHttpOnlySession=false
+HttpUtilities.ForceSecureSession=false
+HttpUtilities.ForceHttpOnlyCookies=true
+HttpUtilities.ForceSecureCookies=true
+# Maximum size of HTTP headers
+HttpUtilities.MaxHeaderSize=4096
+# File upload configuration
+HttpUtilities.ApprovedUploadExtensions=.zip,.pdf,.doc,.docx,.ppt,.pptx,.tar,.gz,.tgz,.rar,.war,.jar,.ear,.xls,.rtf,.properties,.java,.class,.txt,.xml,.jsp,.jsf,.exe,.dll
+HttpUtilities.MaxUploadFileBytes=500000000
+# Using UTF-8 throughout your stack is highly recommended. That includes your database driver,
+# container, and any other technologies you may be using. Failure to do this may expose you
+# to Unicode transcoding injection attacks. Use of UTF-8 does not hinder internationalization.
+HttpUtilities.ResponseContentType=text/html; charset=UTF-8
+# This is the name of the cookie used to represent the HTTP session
+# Typically this will be the default "JSESSIONID" 
+HttpUtilities.HttpSessionIdName=JSESSIONID
+
+
+
+#===========================================================================
+# ESAPI Executor
+# CHECKME - Not sure what this is used for, but surely it should be made OS independent.
+Executor.WorkingDirectory=C:\\Windows\\Temp
+Executor.ApprovedExecutables=C:\\Windows\\System32\\cmd.exe,C:\\Windows\\System32\\runas.exe
+
+
+#===========================================================================
+# ESAPI Logging
+# Set the application name if these logs are combined with other applications
+Logger.ApplicationName=ExampleApplication
+# If you use an HTML log viewer that does not properly HTML escape log data, you can set LogEncodingRequired to true
+Logger.LogEncodingRequired=false
+# Determines whether ESAPI should log the application name. This might be clutter in some single-server/single-app environments.
+Logger.LogApplicationName=true
+# Determines whether ESAPI should log the server IP and port. This might be clutter in some single-server environments.
+Logger.LogServerIP=true
+# LogFileName, the name of the logging file. Provide a full directory path (e.g., C:\\ESAPI\\ESAPI_logging_file) if you
+# want to place it in a specific directory.
+Logger.LogFileName=ESAPI_logging_file
+# MaxLogFileSize, the max size (in bytes) of a single log file before it cuts over to a new one (default is 10,000,000)
+Logger.MaxLogFileSize=10000000
+
+
+#===========================================================================
+# ESAPI Intrusion Detection
+#
+# Each event has a base to which .count, .interval, and .action are added
+# The IntrusionException will fire if we receive "count" events within "interval" seconds
+# The IntrusionDetector is configurable to take the following actions: log, logout, and disable
+#  (multiple actions separated by commas are allowed e.g. event.test.actions=log,disable
+#
+# Custom Events
+# Names must start with "event." as the base
+# Use IntrusionDetector.addEvent( "test" ) in your code to trigger "event.test" here
+# You can also disable intrusion detection completely by changing
+# the following parameter to true
+#
+IntrusionDetector.Disable=false
+#
+IntrusionDetector.event.test.count=2
+IntrusionDetector.event.test.interval=10
+IntrusionDetector.event.test.actions=disable,log
+
+# Exception Events
+# All EnterpriseSecurityExceptions are registered automatically
+# Call IntrusionDetector.getInstance().addException(e) for Exceptions that do not extend EnterpriseSecurityException
+# Use the fully qualified classname of the exception as the base
+
+# any intrusion is an attack
+IntrusionDetector.org.owasp.esapi.errors.IntrusionException.count=1
+IntrusionDetector.org.owasp.esapi.errors.IntrusionException.interval=1
+IntrusionDetector.org.owasp.esapi.errors.IntrusionException.actions=log,disable,logout
+
+# for test purposes
+# CHECKME: Shouldn't there be something in the property name itself that designates
+#		   that these are for testing???
+IntrusionDetector.org.owasp.esapi.errors.IntegrityException.count=10
+IntrusionDetector.org.owasp.esapi.errors.IntegrityException.interval=5
+IntrusionDetector.org.owasp.esapi.errors.IntegrityException.actions=log,disable,logout
+
+# rapid validation errors indicate scans or attacks in progress
+# org.owasp.esapi.errors.ValidationException.count=10
+# org.owasp.esapi.errors.ValidationException.interval=10
+# org.owasp.esapi.errors.ValidationException.actions=log,logout
+
+# sessions jumping between hosts indicates session hijacking
+IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.count=2
+IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.interval=10
+IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.actions=log,logout
+
+
+#===========================================================================
+# ESAPI Validation
+#
+# The ESAPI Validator works on regular expressions with defined names. You can define names
+# either here, or you may define application specific patterns in a separate file defined below.
+# This allows enterprises to specify both organizational standards as well as application specific
+# validation rules.
+#
+#Validator.ConfigurationFile.MultiValued=false
+Validator.ConfigurationFile=validation-test1.properties
+
+# Validators used by ESAPI
+Validator.AccountName=^[a-zA-Z0-9]{3,20}$
+Validator.SystemCommand=^[a-zA-Z\\-\\/]{1,64}$
+Validator.RoleName=^[a-z]{1,20}$
+Validator.Redirect=^\\/test.*$
+
+# Global HTTP Validation Rules
+# Values with Base64 encoded data (e.g. encrypted state) will need at least [a-zA-Z0-9\/+=]
+Validator.HTTPScheme=^(http|https)$
+Validator.HTTPServerName=^[a-zA-Z0-9_.\\-]*$
+Validator.HTTPCookieName=^[a-zA-Z0-9\\-_]{1,32}$
+Validator.HTTPCookieValue=^[a-zA-Z0-9\\-\\/+=_ ]*$
+Validator.HTTPHeaderName=^[a-zA-Z0-9\\-_]{1,32}$
+Validator.HTTPHeaderValue=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$
+Validator.HTTPServletPath=^[a-zA-Z0-9.\\-\\/_]*$
+Validator.HTTPPath=^[a-zA-Z0-9.\\-_]*$
+Validator.HTTPURL=^.*$
+Validator.HTTPJSESSIONID=^[A-Z0-9]{10,30}$
+
+# Contributed by Fraenku@gmx.ch
+# Googlecode Issue 116 (http://code.google.com/p/owasp-esapi-java/issues/detail?id=116)
+Validator.HTTPParameterName=^[a-zA-Z0-9_\\-]{1,32}$
+Validator.HTTPParameterValue=^[\\p{L}\\p{N}.\\-/+=_ !$*?@]{0,1000}$
+Validator.HTTPContextPath=^/[a-zA-Z0-9.\\-_]*$
+Validator.HTTPQueryString=^([a-zA-Z0-9_\\-]{1,32}=[\\p{L}\\p{N}.\\-/+=_ !$*?@%]*&?)*$
+Validator.HTTPURI=^/([a-zA-Z0-9.\\-_]*/?)*$
+
+
+# Validation of file related input
+Validator.FileName=^[a-zA-Z0-9!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
+Validator.DirectoryName=^[a-zA-Z0-9:/\\\\!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
+
+# Validation of dates. Controls whether or not 'lenient' dates are accepted.
+# See DataFormat.setLenient(boolean flag) for further details.
 Validator.AcceptLenientDates=false
\ No newline at end of file

From 770fb79545bc6ea869809121ab4b86f32212ec2a Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Tue, 19 Jan 2016 01:12:42 -0500
Subject: [PATCH 322/812] Address issue 356.

---
 src/test/resources/esapi/ESAPI.properties | 942 +++++++++++-----------
 1 file changed, 471 insertions(+), 471 deletions(-)

diff --git a/src/test/resources/esapi/ESAPI.properties b/src/test/resources/esapi/ESAPI.properties
index 1a0506ebf..2727d4ada 100644
--- a/src/test/resources/esapi/ESAPI.properties
+++ b/src/test/resources/esapi/ESAPI.properties
@@ -1,471 +1,471 @@
-#
-# OWASP Enterprise Security API (ESAPI) Properties file -- TEST Version
-# 
-# This file is part of the Open Web Application Security Project (OWASP)
-# Enterprise Security API (ESAPI) project. For details, please see
-# http://www.owasp.org/index.php/ESAPI.
-#
-# Copyright (c) 2008,2009 - The OWASP Foundation
-#
-# DISCUSS: This may cause a major backwards compatibility issue, etc. but
-#		   from a name space perspective, we probably should have prefaced
-#		   all the property names with ESAPI or at least OWASP. Otherwise
-#		   there could be problems is someone loads this properties file into
-#		   the System properties.  We could also put this file into the
-#		   esapi.jar file (perhaps as a ResourceBundle) and then allow an external
-#		   ESAPI properties be defined that would overwrite these defaults.
-#		   That keeps the application's properties relatively simple as usually
-#		   they will only want to override a few properties. If looks like we
-#		   already support multiple override levels of this in the
-#		   DefaultSecurityConfiguration class, but I'm suggesting placing the
-#		   defaults in the esapi.jar itself. That way, if the jar is signed,
-#		   we could detect if those properties had been tampered with. (The
-#		   code to check the jar signatures is pretty simple... maybe 70-90 LOC,
-#		   but off course there is an execution penalty (similar to the way
-#		   that the separate sunjce.jar used to be when a class from it was
-#		   first loaded). Thoughts?
-###############################################################################
-#
-# WARNING: Operating system protection should be used to lock down the .esapi
-# resources directory and all the files inside and all the directories all the
-# way up to the root directory of the file system.  Note that if you are using
-# file-based implementations, that some files may need to be read-write as they
-# get updated dynamically.
-#
-# Before using, be sure to update the MasterKey and MasterSalt as described below.
-# N.B.: If you had stored data that you have previously encrypted with ESAPI 1.4,
-#		you *must* FIRST decrypt it using ESAPI 1.4 and then (if so desired)
-#		re-encrypt it with ESAPI 2.0. If you fail to do this, you will NOT be
-#		able to decrypt your data with ESAPI 2.0.
-#
-#		YOU HAVE BEEN WARNED!!! More details are in the ESAPI 2.0 Release Notes.
-#
-#===========================================================================
-# ESAPI Configuration
-#
-# If true, then print all the ESAPI properties set here when they are loaded.
-# If false, they are not printed. Useful to reduce output when running JUnit tests.
-# If you need to troubleshoot a properties related problem, turning this on may help,
-# but we leave it off for running JUnit tests. (It will be 'true' in the one delivered
-# as part of production ESAPI, mostly for backward compatibility.)
-ESAPI.printProperties=false
-
-# ESAPI is designed to be easily extensible. You can use the reference implementation
-# or implement your own providers to take advantage of your enterprise's security
-# infrastructure. The functions in ESAPI are referenced using the ESAPI locator, like:
-#
-#    String ciphertext =
-#		ESAPI.encryptor().encrypt("Secret message");   // Deprecated in 2.0
-#    CipherText cipherText =
-#		ESAPI.encryptor().encrypt(new PlainText("Secret message")); // Preferred
-#
-# Below you can specify the classname for the provider that you wish to use in your
-# application. The only requirement is that it implement the appropriate ESAPI interface.
-# This allows you to switch security implementations in the future without rewriting the
-# entire application.
-#
-# ExperimentalAccessController requires ESAPI-AccessControlPolicy.xml in .esapi directory
-ESAPI.AccessControl=org.owasp.esapi.reference.DefaultAccessController
-# FileBasedAuthenticator requires users.txt file in .esapi directory
-ESAPI.Authenticator=org.owasp.esapi.reference.FileBasedAuthenticator
-ESAPI.Encoder=org.owasp.esapi.reference.DefaultEncoder
-ESAPI.Encryptor=org.owasp.esapi.reference.crypto.JavaEncryptor
-
-ESAPI.Executor=org.owasp.esapi.reference.DefaultExecutor
-ESAPI.HTTPUtilities=org.owasp.esapi.reference.DefaultHTTPUtilities
-ESAPI.IntrusionDetector=org.owasp.esapi.reference.DefaultIntrusionDetector
-# Log4JFactory Requires log4j.xml or log4j.properties in classpath - http://www.laliluna.de/log4j-tutorial.html
-ESAPI.Logger=org.owasp.esapi.reference.Log4JLogFactory
-#ESAPI.Logger=org.owasp.esapi.reference.JavaLogFactory
-#ESAPI.Logger=org.owasp.esapi.reference.ExampleExtendedLog4JLogFactory
-ESAPI.Randomizer=org.owasp.esapi.reference.DefaultRandomizer
-ESAPI.Validator=org.owasp.esapi.reference.DefaultValidator
-
-#===========================================================================
-# ESAPI Authenticator
-#
-Authenticator.AllowedLoginAttempts=3
-Authenticator.MaxOldPasswordHashes=13
-Authenticator.UsernameParameterName=username
-Authenticator.PasswordParameterName=password
-# RememberTokenDuration (in days)
-Authenticator.RememberTokenDuration=14
-# Session Timeouts (in minutes)
-Authenticator.IdleTimeoutDuration=20
-Authenticator.AbsoluteTimeoutDuration=120
-
-#===========================================================================
-# ESAPI Encoder
-#
-# ESAPI canonicalizes input before validation to prevent bypassing filters with encoded attacks.
-# Failure to canonicalize input is a very common mistake when implementing validation schemes.
-# Canonicalization is automatic when using the ESAPI Validator, but you can also use the
-# following code to canonicalize data.
-#
-#      ESAPI.Encoder().canonicalize( "%22hello world&#x22;" );
-#  
-# Multiple encoding is when a single encoding format is applied multiple times. Allowing
-# multiple encoding is strongly discouraged.
-Encoder.AllowMultipleEncoding=false
-
-# Mixed encoding is when multiple different encoding formats are applied, or when
-# multiple formats are nested. Allowing multiple encoding is strongly discouraged.
-Encoder.AllowMixedEncoding=false
-
-# The default list of codecs to apply when canonicalizing untrusted data. The list should include the codecs
-# for all downstream interpreters or decoders. For example, if the data is likely to end up in a URL, HTML, or
-# inside JavaScript, then the list of codecs below is appropriate. The order of the list is not terribly important.
-Encoder.DefaultCodecList=HTMLEntityCodec,PercentCodec,JavaScriptCodec
-
-
-#===========================================================================
-# ESAPI Encryption
-#
-# The ESAPI Encryptor provides basic cryptographic functions with a simplified API.
-# To get started, generate a new key using java -classpath esapi.jar org.owasp.esapi.reference.crypto.JavaEncryptor
-# There is not currently any support for key rotation, so be careful when changing your key and salt as it
-# will invalidate all signed, encrypted, and hashed data.
-#
-# WARNING: Not all combinations of algorithms and key lengths are supported.
-# If you choose to use a key length greater than 128, you MUST download the
-# unlimited strength policy files and install in the lib directory of your JRE/JDK.
-# See http://java.sun.com/javase/downloads/index.jsp for more information.
-#
-# Backward compatibility with ESAPI Java 1.4 is supported by the two deprecated API
-# methods, Encryptor.encrypt(String) and Encryptor.decrypt(String). However, whenever
-# possible, these methods should be avoided as they use ECB cipher mode, which in almost
-# all circumstances a poor choice because of it's weakness. CBC cipher mode is the default
-# for the new Encryptor encrypt / decrypt methods for ESAPI Java 2.0.  In general, you
-# should only use this compatibility setting if you have persistent data encrypted with
-# version 1.4 and even then, you should ONLY set this compatibility mode UNTIL
-# you have decrypted all of your old encrypted data and then re-encrypted it with
-# ESAPI 2.0 using CBC mode. If you have some reason to mix the deprecated 1.4 mode
-# with the new 2.0 methods, make sure that you use the same cipher algorithm for both
-# (256-bit AES was the default for 1.4; 128-bit is the default for 2.0; see below for
-# more details.) Otherwise, you will have to use the new 2.0 encrypt / decrypt methods
-# where you can specify a SecretKey. (Note that if you are using the 256-bit AES,
-# that requires downloading the special jurisdiction policy files mentioned above.)
-#
-#		***** IMPORTANT: These are for JUnit testing. Test files may have been
-#						 encrypted using these values so do not change these or
-#						 those tests will fail. The version under
-#							src/main/resources/.esapi/ESAPI.properties
-#						 will be delivered with Encryptor.MasterKey and
-#						 Encryptor.MasterSalt set to the empty string.
-#
-#						 FINAL NOTE:
-#                           If Maven changes these when run, that needs to be fixed.
-#       256-bit key... requires unlimited strength jurisdiction policy files
-### Encryptor.MasterKey=pJhlri8JbuFYDgkqtHmm9s0Ziug2PE7ovZDyEPm4j14=
-#       128-bit key
-Encryptor.MasterKey=a6H9is3hEVGKB4Jut+lOVA==
-Encryptor.MasterSalt=SbftnvmEWD5ZHHP+pX3fqugNysc=
-# Encryptor.MasterSalt=
-
-# Provides the default JCE provider that ESAPI will "prefer" for its symmetric
-# encryption and hashing. (That is it will look to this provider first, but it
-# will defer to other providers if the requested algorithm is not implemented
-# by this provider.) If left unset, ESAPI will just use your Java VM's current
-# preferred JCE provider, which is generally set in the file
-# "$JAVA_HOME/jre/lib/security/java.security".
-#
-# The main intent of this is to allow ESAPI symmetric encryption to be
-# used with a FIPS 140-2 compliant crypto-module. For details, see the section
-# "Using ESAPI Symmetric Encryption with FIPS 140-2 Cryptographic Modules" in
-# the ESAPI 2.0 Symmetric Encryption User Guide, at:
-# http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html
-# However, this property also allows you to easily use an alternate JCE provider
-# such as "Bouncy Castle" without having to make changes to "java.security".
-# See Javadoc for SecurityProviderLoader for further details. If you wish to use
-# a provider that is not known to SecurityProviderLoader, you may specify the
-# fully-qualified class name of the JCE provider class that implements
-# java.security.Provider. If the name contains a '.', this is interpreted as
-# a fully-qualified class name that implements java.security.Provider.
-#
-# NOTE: Setting this property has the side-effect of changing it in your application
-#       as well, so if you are using JCE in your application directly rather than
-#       through ESAPI (you wouldn't do that, would you? ;-), it will change the
-#       preferred JCE provider there as well.
-#
-# Default: Keeps the JCE provider set to whatever JVM sets it to.
-Encryptor.PreferredJCEProvider=
-
-# AES is the most widely used and strongest encryption algorithm. This
-# should agree with your Encryptor.CipherTransformation property.
-# By default, ESAPI Java 1.4 uses "PBEWithMD5AndDES" and which is
-# very weak. It is essentially a password-based encryption key, hashed
-# with MD5 around 1K times and then encrypted with the weak DES algorithm
-# (56-bits) using ECB mode and an unspecified padding (it is
-# JCE provider specific, but most likely "NoPadding"). However, 2.0 uses
-# "AES/CBC/PKCSPadding". If you want to change these, change them here.
-# Warning: This property does not control the default reference implementation for
-#		   ESAPI 2.0 using JavaEncryptor. Also, this property will be dropped
-#		   in the future.
-# @deprecated
-Encryptor.EncryptionAlgorithm=AES
-#		For ESAPI Java 2.0 - New encrypt / decrypt methods use this.
-Encryptor.CipherTransformation=AES/CBC/PKCS5Padding
-
-# Applies to ESAPI 2.0 and later only!
-# Comma-separated list of cipher modes that provide *BOTH*
-# confidentiality *AND* message authenticity. (NIST refers to such cipher
-# modes as "combined modes" so that's what we shall call them.) If any of these
-# cipher modes are used then no MAC is calculated and stored
-# in the CipherText upon encryption. Likewise, if one of these
-# cipher modes is used with decryption, no attempt will be made
-# to validate the MAC contained in the CipherText object regardless
-# of whether it contains one or not. Since the expectation is that
-# these cipher modes support support message authenticity already,
-# injecting a MAC in the CipherText object would be at best redundant.
-#
-# Note that as of JDK 1.5, the SunJCE provider does not support *any*
-# of these cipher modes. Of these listed, only GCM and CCM are currently
-# NIST approved. YMMV for other JCE providers. E.g., Bouncy Castle supports
-# GCM and CCM with "NoPadding" mode, but not with "PKCS5Padding" or other
-# padding modes.
-Encryptor.cipher_modes.combined_modes=GCM,CCM,IAPM,EAX,OCB,CWC
-
-# Applies to ESAPI 2.0 and later only!
-# Additional cipher modes allowed for ESAPI 2.0 encryption. These
-# cipher modes are in _addition_ to those specified by the property
-# 'Encryptor.cipher_modes.combined_modes'.
-# Note: We will add support for streaming modes like CFB & OFB once
-# we add support for 'specified' to the property 'Encryptor.ChooseIVMethod'
-# (probably in ESAPI 2.1).
-#
-#	IMPORTANT NOTE:	In the official ESAPI.properties we do *NOT* include ECB
-#					here as this is an extremely weak mode. However, we *must*
-#					allow it here so we can test ECB mode. That is important
-#					since the logic is somewhat different (i.e., ECB mode does
-#					not use an IV).
-# DISCUSS: Better name?
-#	NOTE: ECB added only for testing purposes. Don't try this at home!
-Encryptor.cipher_modes.additional_allowed=CBC,ECB
-
-# 128-bit is almost always sufficient and appears to be more resistant to
-# related key attacks than is 256-bit AES. Use '_' to use default key size
-# for cipher algorithms (where it makes sense because the algorithm supports
-# a variable key size). Key length must agree to what's provided as the
-# cipher transformation, otherwise this will be ignored after logging a
-# warning.
-#
-# NOTE: This is what applies BOTH ESAPI 1.4 and 2.0. See warning above about mixing!
-Encryptor.EncryptionKeyLength=128
-
-# Because 2.0 uses CBC mode by default, it requires an initialization vector (IV).
-# (All cipher modes except ECB require an IV.) There are two choices: we can either
-# use a fixed IV known to both parties or allow ESAPI to choose a random IV. While
-# the IV does not need to be hidden from adversaries, it is important that the
-# adversary not be allowed to choose it. Also, random IVs are generally much more
-# secure than fixed IVs. (In fact, it is essential that feed-back cipher modes
-# such as CFB and OFB use a different IV for each encryption with a given key so
-# in such cases, random IVs are much preferred. By default, ESAPI 2.0 uses random
-# IVs. If you wish to use 'fixed' IVs, set 'Encryptor.ChooseIVMethod=fixed' and
-# uncomment the Encryptor.fixedIV.
-#
-# Valid values:		random|fixed|specified		'specified' not yet implemented; planned for 2.1
-Encryptor.ChooseIVMethod=random
-# If you choose to use a fixed IV, then you must place a fixed IV here that
-# is known to all others who are sharing your secret key. The format should
-# be a hex string that is the same length as the cipher block size for the
-# cipher algorithm that you are using. The following is an example for AES
-# from an AES test vector for AES-128/CBC as described in:
-# NIST Special Publication 800-38A (2001 Edition)
-# "Recommendation for Block Cipher Modes of Operation".
-# (Note that the block size for AES is 16 bytes == 128 bits.)
-#
-Encryptor.fixedIV=0x000102030405060708090a0b0c0d0e0f
-
-# Whether or not CipherText should use a message authentication code (MAC) with it.
-# This prevents an adversary from altering the IV as well as allowing a more
-# fool-proof way of determining the decryption failed because of an incorrect
-# key being supplied. This refers to the "separate" MAC calculated and stored
-# in CipherText, not part of any MAC that is calculated as a result of a
-# "combined mode" cipher mode.
-#
-# If you are using ESAPI with a FIPS 140-2 cryptographic module, you *must* also
-# set this property to false.
-Encryptor.CipherText.useMAC=true
-
-# Whether or not the PlainText object may be overwritten and then marked
-# eligible for garbage collection. If not set, this is still treated as 'true'.
-Encryptor.PlainText.overwrite=true
-
-# Do not use DES except in a legacy situations. 56-bit is way too small key size.
-#Encryptor.EncryptionKeyLength=56
-#Encryptor.EncryptionAlgorithm=DES
-
-# TripleDES is considered strong enough for most purposes.
-#	Note:	There is also a 112-bit version of DESede. Using the 168-bit version
-#			requires downloading the special jurisdiction policy from Sun.
-#Encryptor.EncryptionKeyLength=168
-#Encryptor.EncryptionAlgorithm=DESede
-
-Encryptor.HashAlgorithm=SHA-512
-Encryptor.HashIterations=1024
-Encryptor.DigitalSignatureAlgorithm=SHA1withDSA
-Encryptor.DigitalSignatureKeyLength=1024
-Encryptor.RandomAlgorithm=SHA1PRNG
-Encryptor.CharacterEncoding=UTF-8
-# Currently supported choices for JDK 1.5 and 1.6 are:
-#	HmacSHA1 (160 bits), HmacSHA256 (256 bits), HmacSHA384 (384 bits), and
-#	HmacSHA512 (512 bits).
-# Note that HmacMD5 is *not* supported for the PRF used by the KDF even though
-# these JDKs support it.
-Encryptor.KDF.PRF=HmacSHA256
-
-#===========================================================================
-# ESAPI HttpUtilties
-#
-# The HttpUtilities provide basic protections to HTTP requests and responses. Primarily these methods 
-# protect against malicious data from attackers, such as unprintable characters, escaped characters,
-# and other simple attacks. The HttpUtilities also provides utility methods for dealing with cookies,
-# headers, and CSRF tokens.
-#
-# Default file upload location (remember to escape backslashes with \\)
-HttpUtilities.UploadDir=C:\\ESAPI\\testUpload
-# let this default to java.io.tmpdir for testing
-#HttpUtilities.UploadTempDir=C:\\temp
-# Force flags on cookies, if you use HttpUtilities to set cookies
-HttpUtilities.ForceHttpOnlySession=false
-HttpUtilities.ForceSecureSession=false
-HttpUtilities.ForceHttpOnlyCookies=true
-HttpUtilities.ForceSecureCookies=true
-# Maximum size of HTTP headers
-HttpUtilities.MaxHeaderSize=4096
-# File upload configuration
-HttpUtilities.ApprovedUploadExtensions=.zip,.pdf,.doc,.docx,.ppt,.pptx,.tar,.gz,.tgz,.rar,.war,.jar,.ear,.xls,.rtf,.properties,.java,.class,.txt,.xml,.jsp,.jsf,.exe,.dll
-HttpUtilities.MaxUploadFileBytes=500000000
-# Using UTF-8 throughout your stack is highly recommended. That includes your database driver,
-# container, and any other technologies you may be using. Failure to do this may expose you
-# to Unicode transcoding injection attacks. Use of UTF-8 does not hinder internationalization.
-HttpUtilities.ResponseContentType=text/html; charset=UTF-8
-# This is the name of the cookie used to represent the HTTP session
-# Typically this will be the default "JSESSIONID" 
-HttpUtilities.HttpSessionIdName=JSESSIONID
-
-
-
-#===========================================================================
-# ESAPI Executor
-# CHECKME - Not sure what this is used for, but surely it should be made OS independent.
-Executor.WorkingDirectory=C:\\Windows\\Temp
-Executor.ApprovedExecutables=C:\\Windows\\System32\\cmd.exe,C:\\Windows\\System32\\runas.exe
-
-
-#===========================================================================
-# ESAPI Logging
-# Set the application name if these logs are combined with other applications
-Logger.ApplicationName=ExampleApplication
-# If you use an HTML log viewer that does not properly HTML escape log data, you can set LogEncodingRequired to true
-Logger.LogEncodingRequired=false
-# Determines whether ESAPI should log the application name. This might be clutter in some single-server/single-app environments.
-Logger.LogApplicationName=true
-# Determines whether ESAPI should log the server IP and port. This might be clutter in some single-server environments.
-Logger.LogServerIP=true
-# LogFileName, the name of the logging file. Provide a full directory path (e.g., C:\\ESAPI\\ESAPI_logging_file) if you
-# want to place it in a specific directory.
-Logger.LogFileName=ESAPI_logging_file
-# MaxLogFileSize, the max size (in bytes) of a single log file before it cuts over to a new one (default is 10,000,000)
-Logger.MaxLogFileSize=10000000
-
-
-#===========================================================================
-# ESAPI Intrusion Detection
-#
-# Each event has a base to which .count, .interval, and .action are added
-# The IntrusionException will fire if we receive "count" events within "interval" seconds
-# The IntrusionDetector is configurable to take the following actions: log, logout, and disable
-#  (multiple actions separated by commas are allowed e.g. event.test.actions=log,disable
-#
-# Custom Events
-# Names must start with "event." as the base
-# Use IntrusionDetector.addEvent( "test" ) in your code to trigger "event.test" here
-# You can also disable intrusion detection completely by changing
-# the following parameter to true
-#
-IntrusionDetector.Disable=false
-#
-IntrusionDetector.event.test.count=2
-IntrusionDetector.event.test.interval=10
-IntrusionDetector.event.test.actions=disable,log
-
-# Exception Events
-# All EnterpriseSecurityExceptions are registered automatically
-# Call IntrusionDetector.getInstance().addException(e) for Exceptions that do not extend EnterpriseSecurityException
-# Use the fully qualified classname of the exception as the base
-
-# any intrusion is an attack
-IntrusionDetector.org.owasp.esapi.errors.IntrusionException.count=1
-IntrusionDetector.org.owasp.esapi.errors.IntrusionException.interval=1
-IntrusionDetector.org.owasp.esapi.errors.IntrusionException.actions=log,disable,logout
-
-# for test purposes
-# CHECKME: Shouldn't there be something in the property name itself that designates
-#		   that these are for testing???
-IntrusionDetector.org.owasp.esapi.errors.IntegrityException.count=10
-IntrusionDetector.org.owasp.esapi.errors.IntegrityException.interval=5
-IntrusionDetector.org.owasp.esapi.errors.IntegrityException.actions=log,disable,logout
-
-# rapid validation errors indicate scans or attacks in progress
-# org.owasp.esapi.errors.ValidationException.count=10
-# org.owasp.esapi.errors.ValidationException.interval=10
-# org.owasp.esapi.errors.ValidationException.actions=log,logout
-
-# sessions jumping between hosts indicates session hijacking
-IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.count=2
-IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.interval=10
-IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.actions=log,logout
-
-
-#===========================================================================
-# ESAPI Validation
-#
-# The ESAPI Validator works on regular expressions with defined names. You can define names
-# either here, or you may define application specific patterns in a separate file defined below.
-# This allows enterprises to specify both organizational standards as well as application specific
-# validation rules.
-#
-# Use '\p{L}' (without the quotes) within the character class to match
-# any Unicode LETTER. You can also use a range, like:  \u00C0-\u017F
-# You can also use any of the regex flags as documented at
-# https://docs.oracle.com/javase/tutorial/essential/regex/pattern.html, e.g. (?u)
-#
-Validator.ConfigurationFile=validation.properties
-
-# Validators used by ESAPI
-Validator.AccountName=^[a-zA-Z0-9]{3,20}$
-Validator.SystemCommand=^[a-zA-Z\\-\\/]{1,64}$
-Validator.RoleName=^[a-z]{1,20}$
-Validator.Redirect=^\\/test.*$
-
-# Global HTTP Validation Rules
-# Values with Base64 encoded data (e.g. encrypted state) will need at least [a-zA-Z0-9\/+=]
-Validator.HTTPScheme=^(http|https)$
-Validator.HTTPServerName=^[a-zA-Z0-9_.\\-]*$
-Validator.HTTPCookieName=^[a-zA-Z0-9\\-_]{1,32}$
-Validator.HTTPCookieValue=^[a-zA-Z0-9\\-\\/+=_ ]*$
-# Note that max header name capped at 150 in SecurityRequestWrapper!
-Validator.HTTPHeaderName=^[a-zA-Z0-9\\-_]{1,50}$
-Validator.HTTPHeaderValue=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$
-Validator.HTTPServletPath=^[a-zA-Z0-9.\\-\\/_]*$
-Validator.HTTPPath=^[a-zA-Z0-9.\\-_]*$
-Validator.HTTPURL=^.*$
-Validator.HTTPJSESSIONID=^[A-Z0-9]{10,30}$
-
-# Contributed by Fraenku@gmx.ch
-# Googlecode Issue 116 (http://code.google.com/p/owasp-esapi-java/issues/detail?id=116)
-Validator.HTTPParameterName=^[a-zA-Z0-9_\\-]{1,32}$
-Validator.HTTPParameterValue=^[\\p{L}\\p{N}.\\-/+=_ !$*?@]{0,1000}$
-Validator.HTTPContextPath=^/[a-zA-Z0-9.\\-_]*$
-Validator.HTTPQueryString=^([a-zA-Z0-9_\\-]{1,32}=[\\p{L}\\p{N}.\\-/+=_ !$*?@%]*&?)*$
-Validator.HTTPURI=^/([a-zA-Z0-9.\\-_]*/?)*$
-
-
-# Validation of file related input
-Validator.FileName=^[a-zA-Z0-9!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
-Validator.DirectoryName=^[a-zA-Z0-9:/\\\\!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
-
-# Validation of dates. Controls whether or not 'lenient' dates are accepted.
-# See DataFormat.setLenient(boolean flag) for further details.
-Validator.AcceptLenientDates=false
+#
+# OWASP Enterprise Security API (ESAPI) Properties file -- TEST Version
+# 
+# This file is part of the Open Web Application Security Project (OWASP)
+# Enterprise Security API (ESAPI) project. For details, please see
+# http://www.owasp.org/index.php/ESAPI.
+#
+# Copyright (c) 2008,2009 - The OWASP Foundation
+#
+# DISCUSS: This may cause a major backwards compatibility issue, etc. but
+#		   from a name space perspective, we probably should have prefaced
+#		   all the property names with ESAPI or at least OWASP. Otherwise
+#		   there could be problems is someone loads this properties file into
+#		   the System properties.  We could also put this file into the
+#		   esapi.jar file (perhaps as a ResourceBundle) and then allow an external
+#		   ESAPI properties be defined that would overwrite these defaults.
+#		   That keeps the application's properties relatively simple as usually
+#		   they will only want to override a few properties. If looks like we
+#		   already support multiple override levels of this in the
+#		   DefaultSecurityConfiguration class, but I'm suggesting placing the
+#		   defaults in the esapi.jar itself. That way, if the jar is signed,
+#		   we could detect if those properties had been tampered with. (The
+#		   code to check the jar signatures is pretty simple... maybe 70-90 LOC,
+#		   but off course there is an execution penalty (similar to the way
+#		   that the separate sunjce.jar used to be when a class from it was
+#		   first loaded). Thoughts?
+###############################################################################
+#
+# WARNING: Operating system protection should be used to lock down the .esapi
+# resources directory and all the files inside and all the directories all the
+# way up to the root directory of the file system.  Note that if you are using
+# file-based implementations, that some files may need to be read-write as they
+# get updated dynamically.
+#
+# Before using, be sure to update the MasterKey and MasterSalt as described below.
+# N.B.: If you had stored data that you have previously encrypted with ESAPI 1.4,
+#		you *must* FIRST decrypt it using ESAPI 1.4 and then (if so desired)
+#		re-encrypt it with ESAPI 2.0. If you fail to do this, you will NOT be
+#		able to decrypt your data with ESAPI 2.0.
+#
+#		YOU HAVE BEEN WARNED!!! More details are in the ESAPI 2.0 Release Notes.
+#
+#===========================================================================
+# ESAPI Configuration
+#
+# If true, then print all the ESAPI properties set here when they are loaded.
+# If false, they are not printed. Useful to reduce output when running JUnit tests.
+# If you need to troubleshoot a properties related problem, turning this on may help,
+# but we leave it off for running JUnit tests. (It will be 'true' in the one delivered
+# as part of production ESAPI, mostly for backward compatibility.)
+ESAPI.printProperties=false
+
+# ESAPI is designed to be easily extensible. You can use the reference implementation
+# or implement your own providers to take advantage of your enterprise's security
+# infrastructure. The functions in ESAPI are referenced using the ESAPI locator, like:
+#
+#    String ciphertext =
+#		ESAPI.encryptor().encrypt("Secret message");   // Deprecated in 2.0
+#    CipherText cipherText =
+#		ESAPI.encryptor().encrypt(new PlainText("Secret message")); // Preferred
+#
+# Below you can specify the classname for the provider that you wish to use in your
+# application. The only requirement is that it implement the appropriate ESAPI interface.
+# This allows you to switch security implementations in the future without rewriting the
+# entire application.
+#
+# ExperimentalAccessController requires ESAPI-AccessControlPolicy.xml in .esapi directory
+ESAPI.AccessControl=org.owasp.esapi.reference.DefaultAccessController
+# FileBasedAuthenticator requires users.txt file in .esapi directory
+ESAPI.Authenticator=org.owasp.esapi.reference.FileBasedAuthenticator
+ESAPI.Encoder=org.owasp.esapi.reference.DefaultEncoder
+ESAPI.Encryptor=org.owasp.esapi.reference.crypto.JavaEncryptor
+
+ESAPI.Executor=org.owasp.esapi.reference.DefaultExecutor
+ESAPI.HTTPUtilities=org.owasp.esapi.reference.DefaultHTTPUtilities
+ESAPI.IntrusionDetector=org.owasp.esapi.reference.DefaultIntrusionDetector
+# Log4JFactory Requires log4j.xml or log4j.properties in classpath - http://www.laliluna.de/log4j-tutorial.html
+ESAPI.Logger=org.owasp.esapi.reference.Log4JLogFactory
+#ESAPI.Logger=org.owasp.esapi.reference.JavaLogFactory
+#ESAPI.Logger=org.owasp.esapi.reference.ExampleExtendedLog4JLogFactory
+ESAPI.Randomizer=org.owasp.esapi.reference.DefaultRandomizer
+ESAPI.Validator=org.owasp.esapi.reference.DefaultValidator
+
+#===========================================================================
+# ESAPI Authenticator
+#
+Authenticator.AllowedLoginAttempts=3
+Authenticator.MaxOldPasswordHashes=13
+Authenticator.UsernameParameterName=username
+Authenticator.PasswordParameterName=password
+# RememberTokenDuration (in days)
+Authenticator.RememberTokenDuration=14
+# Session Timeouts (in minutes)
+Authenticator.IdleTimeoutDuration=20
+Authenticator.AbsoluteTimeoutDuration=120
+
+#===========================================================================
+# ESAPI Encoder
+#
+# ESAPI canonicalizes input before validation to prevent bypassing filters with encoded attacks.
+# Failure to canonicalize input is a very common mistake when implementing validation schemes.
+# Canonicalization is automatic when using the ESAPI Validator, but you can also use the
+# following code to canonicalize data.
+#
+#      ESAPI.Encoder().canonicalize( "%22hello world&#x22;" );
+#  
+# Multiple encoding is when a single encoding format is applied multiple times. Allowing
+# multiple encoding is strongly discouraged.
+Encoder.AllowMultipleEncoding=false
+
+# Mixed encoding is when multiple different encoding formats are applied, or when
+# multiple formats are nested. Allowing multiple encoding is strongly discouraged.
+Encoder.AllowMixedEncoding=false
+
+# The default list of codecs to apply when canonicalizing untrusted data. The list should include the codecs
+# for all downstream interpreters or decoders. For example, if the data is likely to end up in a URL, HTML, or
+# inside JavaScript, then the list of codecs below is appropriate. The order of the list is not terribly important.
+Encoder.DefaultCodecList=HTMLEntityCodec,PercentCodec,JavaScriptCodec
+
+
+#===========================================================================
+# ESAPI Encryption
+#
+# The ESAPI Encryptor provides basic cryptographic functions with a simplified API.
+# To get started, generate a new key using java -classpath esapi.jar org.owasp.esapi.reference.crypto.JavaEncryptor
+# There is not currently any support for key rotation, so be careful when changing your key and salt as it
+# will invalidate all signed, encrypted, and hashed data.
+#
+# WARNING: Not all combinations of algorithms and key lengths are supported.
+# If you choose to use a key length greater than 128, you MUST download the
+# unlimited strength policy files and install in the lib directory of your JRE/JDK.
+# See http://java.sun.com/javase/downloads/index.jsp for more information.
+#
+# Backward compatibility with ESAPI Java 1.4 is supported by the two deprecated API
+# methods, Encryptor.encrypt(String) and Encryptor.decrypt(String). However, whenever
+# possible, these methods should be avoided as they use ECB cipher mode, which in almost
+# all circumstances a poor choice because of it's weakness. CBC cipher mode is the default
+# for the new Encryptor encrypt / decrypt methods for ESAPI Java 2.0.  In general, you
+# should only use this compatibility setting if you have persistent data encrypted with
+# version 1.4 and even then, you should ONLY set this compatibility mode UNTIL
+# you have decrypted all of your old encrypted data and then re-encrypted it with
+# ESAPI 2.0 using CBC mode. If you have some reason to mix the deprecated 1.4 mode
+# with the new 2.0 methods, make sure that you use the same cipher algorithm for both
+# (256-bit AES was the default for 1.4; 128-bit is the default for 2.0; see below for
+# more details.) Otherwise, you will have to use the new 2.0 encrypt / decrypt methods
+# where you can specify a SecretKey. (Note that if you are using the 256-bit AES,
+# that requires downloading the special jurisdiction policy files mentioned above.)
+#
+#		***** IMPORTANT: These are for JUnit testing. Test files may have been
+#						 encrypted using these values so do not change these or
+#						 those tests will fail. The version under
+#							src/main/resources/.esapi/ESAPI.properties
+#						 will be delivered with Encryptor.MasterKey and
+#						 Encryptor.MasterSalt set to the empty string.
+#
+#						 FINAL NOTE:
+#                           If Maven changes these when run, that needs to be fixed.
+#       256-bit key... requires unlimited strength jurisdiction policy files
+### Encryptor.MasterKey=pJhlri8JbuFYDgkqtHmm9s0Ziug2PE7ovZDyEPm4j14=
+#       128-bit key
+Encryptor.MasterKey=a6H9is3hEVGKB4Jut+lOVA==
+Encryptor.MasterSalt=SbftnvmEWD5ZHHP+pX3fqugNysc=
+# Encryptor.MasterSalt=
+
+# Provides the default JCE provider that ESAPI will "prefer" for its symmetric
+# encryption and hashing. (That is it will look to this provider first, but it
+# will defer to other providers if the requested algorithm is not implemented
+# by this provider.) If left unset, ESAPI will just use your Java VM's current
+# preferred JCE provider, which is generally set in the file
+# "$JAVA_HOME/jre/lib/security/java.security".
+#
+# The main intent of this is to allow ESAPI symmetric encryption to be
+# used with a FIPS 140-2 compliant crypto-module. For details, see the section
+# "Using ESAPI Symmetric Encryption with FIPS 140-2 Cryptographic Modules" in
+# the ESAPI 2.0 Symmetric Encryption User Guide, at:
+# http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html
+# However, this property also allows you to easily use an alternate JCE provider
+# such as "Bouncy Castle" without having to make changes to "java.security".
+# See Javadoc for SecurityProviderLoader for further details. If you wish to use
+# a provider that is not known to SecurityProviderLoader, you may specify the
+# fully-qualified class name of the JCE provider class that implements
+# java.security.Provider. If the name contains a '.', this is interpreted as
+# a fully-qualified class name that implements java.security.Provider.
+#
+# NOTE: Setting this property has the side-effect of changing it in your application
+#       as well, so if you are using JCE in your application directly rather than
+#       through ESAPI (you wouldn't do that, would you? ;-), it will change the
+#       preferred JCE provider there as well.
+#
+# Default: Keeps the JCE provider set to whatever JVM sets it to.
+Encryptor.PreferredJCEProvider=
+
+# AES is the most widely used and strongest encryption algorithm. This
+# should agree with your Encryptor.CipherTransformation property.
+# By default, ESAPI Java 1.4 uses "PBEWithMD5AndDES" and which is
+# very weak. It is essentially a password-based encryption key, hashed
+# with MD5 around 1K times and then encrypted with the weak DES algorithm
+# (56-bits) using ECB mode and an unspecified padding (it is
+# JCE provider specific, but most likely "NoPadding"). However, 2.0 uses
+# "AES/CBC/PKCSPadding". If you want to change these, change them here.
+# Warning: This property does not control the default reference implementation for
+#		   ESAPI 2.0 using JavaEncryptor. Also, this property will be dropped
+#		   in the future.
+# @deprecated
+Encryptor.EncryptionAlgorithm=AES
+#		For ESAPI Java 2.0 - New encrypt / decrypt methods use this.
+Encryptor.CipherTransformation=AES/CBC/PKCS5Padding
+
+# Applies to ESAPI 2.0 and later only!
+# Comma-separated list of cipher modes that provide *BOTH*
+# confidentiality *AND* message authenticity. (NIST refers to such cipher
+# modes as "combined modes" so that's what we shall call them.) If any of these
+# cipher modes are used then no MAC is calculated and stored
+# in the CipherText upon encryption. Likewise, if one of these
+# cipher modes is used with decryption, no attempt will be made
+# to validate the MAC contained in the CipherText object regardless
+# of whether it contains one or not. Since the expectation is that
+# these cipher modes support support message authenticity already,
+# injecting a MAC in the CipherText object would be at best redundant.
+#
+# Note that as of JDK 1.5, the SunJCE provider does not support *any*
+# of these cipher modes. Of these listed, only GCM and CCM are currently
+# NIST approved. YMMV for other JCE providers. E.g., Bouncy Castle supports
+# GCM and CCM with "NoPadding" mode, but not with "PKCS5Padding" or other
+# padding modes.
+Encryptor.cipher_modes.combined_modes=GCM,CCM,IAPM,EAX,OCB,CWC
+
+# Applies to ESAPI 2.0 and later only!
+# Additional cipher modes allowed for ESAPI 2.0 encryption. These
+# cipher modes are in _addition_ to those specified by the property
+# 'Encryptor.cipher_modes.combined_modes'.
+# Note: We will add support for streaming modes like CFB & OFB once
+# we add support for 'specified' to the property 'Encryptor.ChooseIVMethod'
+# (probably in ESAPI 2.1).
+#
+#	IMPORTANT NOTE:	In the official ESAPI.properties we do *NOT* include ECB
+#					here as this is an extremely weak mode. However, we *must*
+#					allow it here so we can test ECB mode. That is important
+#					since the logic is somewhat different (i.e., ECB mode does
+#					not use an IV).
+# DISCUSS: Better name?
+#	NOTE: ECB added only for testing purposes. Don't try this at home!
+Encryptor.cipher_modes.additional_allowed=CBC,ECB
+
+# 128-bit is almost always sufficient and appears to be more resistant to
+# related key attacks than is 256-bit AES. Use '_' to use default key size
+# for cipher algorithms (where it makes sense because the algorithm supports
+# a variable key size). Key length must agree to what's provided as the
+# cipher transformation, otherwise this will be ignored after logging a
+# warning.
+#
+# NOTE: This is what applies BOTH ESAPI 1.4 and 2.0. See warning above about mixing!
+Encryptor.EncryptionKeyLength=128
+
+# Because 2.0 uses CBC mode by default, it requires an initialization vector (IV).
+# (All cipher modes except ECB require an IV.) There are two choices: we can either
+# use a fixed IV known to both parties or allow ESAPI to choose a random IV. While
+# the IV does not need to be hidden from adversaries, it is important that the
+# adversary not be allowed to choose it. Also, random IVs are generally much more
+# secure than fixed IVs. (In fact, it is essential that feed-back cipher modes
+# such as CFB and OFB use a different IV for each encryption with a given key so
+# in such cases, random IVs are much preferred. By default, ESAPI 2.0 uses random
+# IVs. If you wish to use 'fixed' IVs, set 'Encryptor.ChooseIVMethod=fixed' and
+# uncomment the Encryptor.fixedIV.
+#
+# Valid values:		random|fixed|specified		'specified' not yet implemented; planned for 2.1
+Encryptor.ChooseIVMethod=random
+# If you choose to use a fixed IV, then you must place a fixed IV here that
+# is known to all others who are sharing your secret key. The format should
+# be a hex string that is the same length as the cipher block size for the
+# cipher algorithm that you are using. The following is an example for AES
+# from an AES test vector for AES-128/CBC as described in:
+# NIST Special Publication 800-38A (2001 Edition)
+# "Recommendation for Block Cipher Modes of Operation".
+# (Note that the block size for AES is 16 bytes == 128 bits.)
+#
+Encryptor.fixedIV=0x000102030405060708090a0b0c0d0e0f
+
+# Whether or not CipherText should use a message authentication code (MAC) with it.
+# This prevents an adversary from altering the IV as well as allowing a more
+# fool-proof way of determining the decryption failed because of an incorrect
+# key being supplied. This refers to the "separate" MAC calculated and stored
+# in CipherText, not part of any MAC that is calculated as a result of a
+# "combined mode" cipher mode.
+#
+# If you are using ESAPI with a FIPS 140-2 cryptographic module, you *must* also
+# set this property to false.
+Encryptor.CipherText.useMAC=true
+
+# Whether or not the PlainText object may be overwritten and then marked
+# eligible for garbage collection. If not set, this is still treated as 'true'.
+Encryptor.PlainText.overwrite=true
+
+# Do not use DES except in a legacy situations. 56-bit is way too small key size.
+#Encryptor.EncryptionKeyLength=56
+#Encryptor.EncryptionAlgorithm=DES
+
+# TripleDES is considered strong enough for most purposes.
+#	Note:	There is also a 112-bit version of DESede. Using the 168-bit version
+#			requires downloading the special jurisdiction policy from Sun.
+#Encryptor.EncryptionKeyLength=168
+#Encryptor.EncryptionAlgorithm=DESede
+
+Encryptor.HashAlgorithm=SHA-512
+Encryptor.HashIterations=1024
+Encryptor.DigitalSignatureAlgorithm=SHA1withDSA
+Encryptor.DigitalSignatureKeyLength=1024
+Encryptor.RandomAlgorithm=SHA1PRNG
+Encryptor.CharacterEncoding=UTF-8
+# Currently supported choices for JDK 1.5 and 1.6 are:
+#	HmacSHA1 (160 bits), HmacSHA256 (256 bits), HmacSHA384 (384 bits), and
+#	HmacSHA512 (512 bits).
+# Note that HmacMD5 is *not* supported for the PRF used by the KDF even though
+# these JDKs support it.
+Encryptor.KDF.PRF=HmacSHA256
+
+#===========================================================================
+# ESAPI HttpUtilties
+#
+# The HttpUtilities provide basic protections to HTTP requests and responses. Primarily these methods 
+# protect against malicious data from attackers, such as unprintable characters, escaped characters,
+# and other simple attacks. The HttpUtilities also provides utility methods for dealing with cookies,
+# headers, and CSRF tokens.
+#
+# Default file upload location (remember to escape backslashes with \\)
+HttpUtilities.UploadDir=C:\\ESAPI\\testUpload
+# let this default to java.io.tmpdir for testing
+#HttpUtilities.UploadTempDir=C:\\temp
+# Force flags on cookies, if you use HttpUtilities to set cookies
+HttpUtilities.ForceHttpOnlySession=false
+HttpUtilities.ForceSecureSession=false
+HttpUtilities.ForceHttpOnlyCookies=true
+HttpUtilities.ForceSecureCookies=true
+# Maximum size of HTTP headers
+HttpUtilities.MaxHeaderSize=4096
+# File upload configuration
+HttpUtilities.ApprovedUploadExtensions=.zip,.pdf,.doc,.docx,.ppt,.pptx,.tar,.gz,.tgz,.rar,.war,.jar,.ear,.xls,.rtf,.properties,.java,.class,.txt,.xml,.jsp,.jsf,.exe,.dll
+HttpUtilities.MaxUploadFileBytes=500000000
+# Using UTF-8 throughout your stack is highly recommended. That includes your database driver,
+# container, and any other technologies you may be using. Failure to do this may expose you
+# to Unicode transcoding injection attacks. Use of UTF-8 does not hinder internationalization.
+HttpUtilities.ResponseContentType=text/html; charset=UTF-8
+# This is the name of the cookie used to represent the HTTP session
+# Typically this will be the default "JSESSIONID" 
+HttpUtilities.HttpSessionIdName=JSESSIONID
+
+
+
+#===========================================================================
+# ESAPI Executor
+# CHECKME - Not sure what this is used for, but surely it should be made OS independent.
+Executor.WorkingDirectory=C:\\Windows\\Temp
+Executor.ApprovedExecutables=C:\\Windows\\System32\\cmd.exe,C:\\Windows\\System32\\runas.exe
+
+
+#===========================================================================
+# ESAPI Logging
+# Set the application name if these logs are combined with other applications
+Logger.ApplicationName=ExampleApplication
+# If you use an HTML log viewer that does not properly HTML escape log data, you can set LogEncodingRequired to true
+Logger.LogEncodingRequired=false
+# Determines whether ESAPI should log the application name. This might be clutter in some single-server/single-app environments.
+Logger.LogApplicationName=true
+# Determines whether ESAPI should log the server IP and port. This might be clutter in some single-server environments.
+Logger.LogServerIP=true
+# LogFileName, the name of the logging file. Provide a full directory path (e.g., C:\\ESAPI\\ESAPI_logging_file) if you
+# want to place it in a specific directory.
+Logger.LogFileName=ESAPI_logging_file
+# MaxLogFileSize, the max size (in bytes) of a single log file before it cuts over to a new one (default is 10,000,000)
+Logger.MaxLogFileSize=10000000
+
+
+#===========================================================================
+# ESAPI Intrusion Detection
+#
+# Each event has a base to which .count, .interval, and .action are added
+# The IntrusionException will fire if we receive "count" events within "interval" seconds
+# The IntrusionDetector is configurable to take the following actions: log, logout, and disable
+#  (multiple actions separated by commas are allowed e.g. event.test.actions=log,disable
+#
+# Custom Events
+# Names must start with "event." as the base
+# Use IntrusionDetector.addEvent( "test" ) in your code to trigger "event.test" here
+# You can also disable intrusion detection completely by changing
+# the following parameter to true
+#
+IntrusionDetector.Disable=false
+#
+IntrusionDetector.event.test.count=2
+IntrusionDetector.event.test.interval=10
+IntrusionDetector.event.test.actions=disable,log
+
+# Exception Events
+# All EnterpriseSecurityExceptions are registered automatically
+# Call IntrusionDetector.getInstance().addException(e) for Exceptions that do not extend EnterpriseSecurityException
+# Use the fully qualified classname of the exception as the base
+
+# any intrusion is an attack
+IntrusionDetector.org.owasp.esapi.errors.IntrusionException.count=1
+IntrusionDetector.org.owasp.esapi.errors.IntrusionException.interval=1
+IntrusionDetector.org.owasp.esapi.errors.IntrusionException.actions=log,disable,logout
+
+# for test purposes
+# CHECKME: Shouldn't there be something in the property name itself that designates
+#		   that these are for testing???
+IntrusionDetector.org.owasp.esapi.errors.IntegrityException.count=10
+IntrusionDetector.org.owasp.esapi.errors.IntegrityException.interval=5
+IntrusionDetector.org.owasp.esapi.errors.IntegrityException.actions=log,disable,logout
+
+# rapid validation errors indicate scans or attacks in progress
+# org.owasp.esapi.errors.ValidationException.count=10
+# org.owasp.esapi.errors.ValidationException.interval=10
+# org.owasp.esapi.errors.ValidationException.actions=log,logout
+
+# sessions jumping between hosts indicates session hijacking
+IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.count=2
+IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.interval=10
+IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.actions=log,logout
+
+
+#===========================================================================
+# ESAPI Validation
+#
+# The ESAPI Validator works on regular expressions with defined names. You can define names
+# either here, or you may define application specific patterns in a separate file defined below.
+# This allows enterprises to specify both organizational standards as well as application specific
+# validation rules.
+#
+# Use '\p{L}' (without the quotes) within the character class to match
+# any Unicode LETTER. You can also use a range, like:  \u00C0-\u017F
+# You can also use any of the regex flags as documented at
+# https://docs.oracle.com/javase/tutorial/essential/regex/pattern.html, e.g. (?u)
+#
+Validator.ConfigurationFile=validation.properties
+
+# Validators used by ESAPI
+Validator.AccountName=^[a-zA-Z0-9]{3,20}$
+Validator.SystemCommand=^[a-zA-Z\\-\\/]{1,64}$
+Validator.RoleName=^[a-z]{1,20}$
+Validator.Redirect=^\\/test.*$
+
+# Global HTTP Validation Rules
+# Values with Base64 encoded data (e.g. encrypted state) will need at least [a-zA-Z0-9\/+=]
+Validator.HTTPScheme=^(http|https)$
+Validator.HTTPServerName=^[a-zA-Z0-9_.\\-]*$
+Validator.HTTPCookieName=^[a-zA-Z0-9\\-_]{1,32}$
+Validator.HTTPCookieValue=^[a-zA-Z0-9\\-\\/+=_ ]*$
+# Note that max header name capped at 150 in SecurityRequestWrapper!
+Validator.HTTPHeaderName=^[a-zA-Z0-9\\-_]{1,50}$
+Validator.HTTPHeaderValue=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$
+Validator.HTTPServletPath=^[a-zA-Z0-9.\\-\\/_]*$
+Validator.HTTPPath=^[a-zA-Z0-9.\\-_]*$
+Validator.HTTPURL=^.*$
+Validator.HTTPJSESSIONID=^[A-Z0-9]{10,30}$
+
+# Contributed by Fraenku@gmx.ch
+# Googlecode Issue 116 (http://code.google.com/p/owasp-esapi-java/issues/detail?id=116)
+Validator.HTTPParameterName=^[a-zA-Z0-9_\\-]{1,32}$
+Validator.HTTPParameterValue=^[\\p{L}\\p{N}.\\-/+=_ !$*?@]{0,1000}$
+Validator.HTTPContextPath=^/[a-zA-Z0-9.\\-_]*$
+Validator.HTTPQueryString=^([a-zA-Z0-9_\\-]{1,32}=[\\p{L}\\p{N}.\\-/+=_ !$*?@%]*&?)*$
+Validator.HTTPURI=^/([a-zA-Z0-9.\\-_]*/?)*$
+
+
+# Validation of file related input
+Validator.FileName=^[a-zA-Z0-9!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
+Validator.DirectoryName=^[a-zA-Z0-9:/\\\\!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
+
+# Validation of dates. Controls whether or not 'lenient' dates are accepted.
+# See DataFormat.setLenient(boolean flag) for further details.
+Validator.AcceptLenientDates=false

From ab4d74b374242a350a7716c51385d850e00b9215 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Tue, 19 Jan 2016 01:12:42 -0500
Subject: [PATCH 323/812] Address issue 356.

---
 .../resources/esapi/validation.properties     | 58 +++++++++----------
 1 file changed, 29 insertions(+), 29 deletions(-)

diff --git a/src/test/resources/esapi/validation.properties b/src/test/resources/esapi/validation.properties
index 18e037f3b..433fa0b6b 100644
--- a/src/test/resources/esapi/validation.properties
+++ b/src/test/resources/esapi/validation.properties
@@ -1,29 +1,29 @@
-# The ESAPI validator does many security checks on input, such as canonicalization
-# and whitelist validation. Note that all of these validation rules are applied *after*
-# canonicalization. Double-encoded characters (even with different encodings involved,
-# are never allowed.
-#
-# To use:
-#
-# First set up a pattern below. You can choose any name you want, prefixed by the word
-# "Validation." For example:
-#   Validation.Email=^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\\.[a-zA-Z]{2,4}$
-# 
-# Then you can validate in your code against the pattern like this:
-#     ESAPI.validator().isValidInput("User Email", input, "Email", maxLength, allowNull);
-# Where maxLength and allowNull are set for you needs, respectively.
-#
-# But note, when you use boolean variants of validation functions, you lose critical 
-# canonicalization. It is preferable to use the "get" methods (which throw exceptions) and 
-# and use the returned user input which is in canonical form. Consider the following:
-#  
-# try {
-#    someObject.setEmail(ESAPI.validator().getValidInput("User Email", input, "Email", maxLength, allowNull));
-#
-Validator.SafeString=^[.\\p{Alnum}\\p{Space}]{0,1024}$
-Validator.Email=^[A-Za-z0-9._%'-]+@[A-Za-z0-9.-]+\\.[a-zA-Z]{2,4}$
-Validator.IPAddress=^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$
-Validator.URL=^(ht|f)tp(s?)\\:\\/\\/[0-9a-zA-Z]([-.\\w]*[0-9a-zA-Z])*(:(0-9)*)*(\\/?)([a-zA-Z0-9\\-\\.\\?\\,\\:\\'\\/\\\\\\+=&amp;%\\$#_]*)?$
-Validator.CreditCard=^(\\d{4}[- ]?){3}\\d{4}$
-Validator.SSN=^(?!000)([0-6]\\d{2}|7([0-6]\\d|7[012]))([ -]?)(?!00)\\d\\d\\3(?!0000)\\d{4}$
-
+# The ESAPI validator does many security checks on input, such as canonicalization
+# and whitelist validation. Note that all of these validation rules are applied *after*
+# canonicalization. Double-encoded characters (even with different encodings involved,
+# are never allowed.
+#
+# To use:
+#
+# First set up a pattern below. You can choose any name you want, prefixed by the word
+# "Validation." For example:
+#   Validation.Email=^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\\.[a-zA-Z]{2,4}$
+# 
+# Then you can validate in your code against the pattern like this:
+#     ESAPI.validator().isValidInput("User Email", input, "Email", maxLength, allowNull);
+# Where maxLength and allowNull are set for you needs, respectively.
+#
+# But note, when you use boolean variants of validation functions, you lose critical 
+# canonicalization. It is preferable to use the "get" methods (which throw exceptions) and 
+# and use the returned user input which is in canonical form. Consider the following:
+#  
+# try {
+#    someObject.setEmail(ESAPI.validator().getValidInput("User Email", input, "Email", maxLength, allowNull));
+#
+Validator.SafeString=^[.\\p{Alnum}\\p{Space}]{0,1024}$
+Validator.Email=^[A-Za-z0-9._%'-]+@[A-Za-z0-9.-]+\\.[a-zA-Z]{2,4}$
+Validator.IPAddress=^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$
+Validator.URL=^(ht|f)tp(s?)\\:\\/\\/[0-9a-zA-Z]([-.\\w]*[0-9a-zA-Z])*(:(0-9)*)*(\\/?)([a-zA-Z0-9\\-\\.\\?\\,\\:\\'\\/\\\\\\+=&amp;%\\$#_]*)?$
+Validator.CreditCard=^(\\d{4}[- ]?){3}\\d{4}$
+Validator.SSN=^(?!000)([0-6]\\d{2}|7([0-6]\\d|7[012]))([ -]?)(?!00)\\d\\d\\3(?!0000)\\d{4}$
+

From 392eae1efc6d078bebd4d3a8e287ec6f0055a225 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Tue, 19 Jan 2016 01:12:42 -0500
Subject: [PATCH 324/812] Address issue 356.

---
 .../properties/ESAPI_en_US.properties          | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/src/test/resources/properties/ESAPI_en_US.properties b/src/test/resources/properties/ESAPI_en_US.properties
index 9b43d1a23..04f043b21 100644
--- a/src/test/resources/properties/ESAPI_en_US.properties
+++ b/src/test/resources/properties/ESAPI_en_US.properties
@@ -1,9 +1,9 @@
-# User Messages
-Error.creating.randomizer=Error creating randomizer
-
-This.is.test.message=This {0} is {1} a test {2} message
-
-# Validation Messages
-
-# Log Messages
-
+# User Messages
+Error.creating.randomizer=Error creating randomizer
+
+This.is.test.message=This {0} is {1} a test {2} message
+
+# Validation Messages
+
+# Log Messages
+

From c4c9281679689b396f5d3fbff743193fd3879b31 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Tue, 19 Jan 2016 01:12:43 -0500
Subject: [PATCH 325/812] Address issue 356.

---
 .../properties/ESAPI_fr_FR.properties          | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/src/test/resources/properties/ESAPI_fr_FR.properties b/src/test/resources/properties/ESAPI_fr_FR.properties
index 89ebcba7d..3e5a7a8f5 100644
--- a/src/test/resources/properties/ESAPI_fr_FR.properties
+++ b/src/test/resources/properties/ESAPI_fr_FR.properties
@@ -1,9 +1,9 @@
-# User Messages
-Error.creating.randomizer=Erreur lors de la cr�ation al�atoire
-
-This.is.test.message=Ceci est un message de test message singh
-
-# Validation Messages
-
-# Log Messages
-
+# User Messages
+Error.creating.randomizer=Erreur lors de la cr�ation al�atoire
+
+This.is.test.message=Ceci est un message de test message singh
+
+# Validation Messages
+
+# Log Messages
+

From 3dd0aecb6fed7c2c32f66083d0728d612e785d8a Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Tue, 19 Jan 2016 01:15:37 -0500
Subject: [PATCH 326/812] Continue to try to address issue 356.

---
 .gitattributes | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/.gitattributes b/.gitattributes
index 3645b7bba..74f99db34 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -39,10 +39,14 @@
 *.bsh text eol=lf
 *.ksh text eol=lf
 
-# More
-.gitattributes text
+# Eclipse stuff
 .settings/* text eol=crlf
 .classpath text eol=crlf
+.project text eol=crlf
+
+# Miscellaneous text
+.gitattributes text eol=lf
+.gitignore text eol=lf
 *.MF text eol=crlf
 LICENSE text eol=crlf
 LICENSE-CONTENT text eol=crlf

From 2f3650d87ec45bd56ee8999e850c0beb1a9950cc Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Tue, 19 Jan 2016 01:17:57 -0500
Subject: [PATCH 327/812] Issue 356 EOL matters

---
 configuration/esapi/waf-policies/bean-shell-rule.bsh | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/configuration/esapi/waf-policies/bean-shell-rule.bsh b/configuration/esapi/waf-policies/bean-shell-rule.bsh
index 2a1f423e7..08c8424c4 100644
--- a/configuration/esapi/waf-policies/bean-shell-rule.bsh
+++ b/configuration/esapi/waf-policies/bean-shell-rule.bsh
@@ -1,5 +1,5 @@
-import org.owasp.esapi.waf.actions.*;
-
-session.setAttribute("simple_waf_test", "true");
-
+import org.owasp.esapi.waf.actions.*;
+
+session.setAttribute("simple_waf_test", "true");
+
 action = new RedirectAction();
\ No newline at end of file

From ce5cbf3058c9c283afbb11dde8661edc77a87ca3 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Tue, 19 Jan 2016 01:17:57 -0500
Subject: [PATCH 328/812] Issue 356 EOL matters

---
 .../java/org/owasp/esapi/errors/package.html  | 34 +++++++++----------
 1 file changed, 17 insertions(+), 17 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/errors/package.html b/src/main/java/org/owasp/esapi/errors/package.html
index cb35f9c0b..4e061dd18 100644
--- a/src/main/java/org/owasp/esapi/errors/package.html
+++ b/src/main/java/org/owasp/esapi/errors/package.html
@@ -1,17 +1,17 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
-<html>
-<head>
-</head>
-
-<body bgcolor="white">
-
-A set of exception classes designed to model the error conditions that
-frequently arise in enterprise web applications and web services. The
-root class is the EnterpriseSecurityException and all the other
-exception classes extend this basic class. The
-EnterpriseSecurityException automatically logs a message in the
-constructor so that a full set of security events are captured in the
-logs.
-
-</body>
-</html>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
+<html>
+<head>
+</head>
+
+<body bgcolor="white">
+
+A set of exception classes designed to model the error conditions that
+frequently arise in enterprise web applications and web services. The
+root class is the EnterpriseSecurityException and all the other
+exception classes extend this basic class. The
+EnterpriseSecurityException automatically logs a message in the
+constructor so that a full set of security events are captured in the
+logs.
+
+</body>
+</html>

From f0fbbb1f9c86f5006e79d07fca92afc5a8becb2e Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Tue, 19 Jan 2016 01:17:57 -0500
Subject: [PATCH 329/812] Issue 356 EOL matters

---
 src/main/java/org/owasp/esapi/reference/package.html | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/package.html b/src/main/java/org/owasp/esapi/reference/package.html
index 0e110cb91..e1fe0b048 100644
--- a/src/main/java/org/owasp/esapi/reference/package.html
+++ b/src/main/java/org/owasp/esapi/reference/package.html
@@ -5,11 +5,11 @@
 
 <body bgcolor="white">
 
-This package contains reference implementations of the ESAPI interfaces. These are intended to
-serve as examples of how your enterprise might implement these functions. The reference implementations
-are high quality and pass all of the ESAPI test cases. Many of the reference implementations are
-likely to be useful in your enterprise without change (Validator, Encoder, Encryptor, etc...).
-Implementing other classes (Authenticator, User, AccessController, Logger, etc...) will likely need to
+This package contains reference implementations of the ESAPI interfaces. These are intended to
+serve as examples of how your enterprise might implement these functions. The reference implementations
+are high quality and pass all of the ESAPI test cases. Many of the reference implementations are
+likely to be useful in your enterprise without change (Validator, Encoder, Encryptor, etc...).
+Implementing other classes (Authenticator, User, AccessController, Logger, etc...) will likely need to
 be customized for your enterprise, to integrate with your backend systems and policies.
 
 </body>

From 3c4385286f866fe92ecdcdf00408a52a25874fc2 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Tue, 19 Jan 2016 01:17:57 -0500
Subject: [PATCH 330/812] Issue 356 EOL matters

---
 .../esapi/reference/validation/package.html   | 22 +++++++++----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/validation/package.html b/src/main/java/org/owasp/esapi/reference/validation/package.html
index 050397abf..b950c12a7 100644
--- a/src/main/java/org/owasp/esapi/reference/validation/package.html
+++ b/src/main/java/org/owasp/esapi/reference/validation/package.html
@@ -1,11 +1,11 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
-<html>
-<head>
-</head>
-
-<body bgcolor="white">
-
-This package contains data format-specific validation rule functions.
- 
-</body>
-</html>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
+<html>
+<head>
+</head>
+
+<body bgcolor="white">
+
+This package contains data format-specific validation rule functions.
+ 
+</body>
+</html>

From d0d363ebd2b78b40f131823d3666a4275fe5745b Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Tue, 19 Jan 2016 01:17:58 -0500
Subject: [PATCH 331/812] Issue 356 EOL matters

---
 .../org/owasp/esapi/waf/actions/package.html  | 22 +++++++++----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/waf/actions/package.html b/src/main/java/org/owasp/esapi/waf/actions/package.html
index 94adcc808..89657d08c 100644
--- a/src/main/java/org/owasp/esapi/waf/actions/package.html
+++ b/src/main/java/org/owasp/esapi/waf/actions/package.html
@@ -1,11 +1,11 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
-<html>
-<head>
-</head>
-
-<body bgcolor="white">
-
-This package contains the Action objects that are executed after a Rule subclass executes. 
- 
-</body>
-</html>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
+<html>
+<head>
+</head>
+
+<body bgcolor="white">
+
+This package contains the Action objects that are executed after a Rule subclass executes. 
+ 
+</body>
+</html>

From 04902a8957c24c1c863a00926b8ca724dccea009 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Tue, 19 Jan 2016 01:17:58 -0500
Subject: [PATCH 332/812] Issue 356 EOL matters

---
 .../esapi/waf/configuration/package.html      | 24 +++++++++----------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/waf/configuration/package.html b/src/main/java/org/owasp/esapi/waf/configuration/package.html
index ea68242bf..8c41b3a27 100644
--- a/src/main/java/org/owasp/esapi/waf/configuration/package.html
+++ b/src/main/java/org/owasp/esapi/waf/configuration/package.html
@@ -1,12 +1,12 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
-<html>
-<head>
-</head>
-
-<body bgcolor="white">
-
-This package contains the both the configuration object model and the 
-utility class to create that object model from an existing policy file. 
- 
-</body>
-</html>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
+<html>
+<head>
+</head>
+
+<body bgcolor="white">
+
+This package contains the both the configuration object model and the 
+utility class to create that object model from an existing policy file. 
+ 
+</body>
+</html>

From dc7d5406c7d1f2b6a8710d14309f353f167f8e39 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Tue, 19 Jan 2016 01:17:58 -0500
Subject: [PATCH 333/812] Issue 356 EOL matters

---
 .../org/owasp/esapi/waf/internal/package.html | 24 +++++++++----------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/waf/internal/package.html b/src/main/java/org/owasp/esapi/waf/internal/package.html
index 3b535518f..a94870056 100644
--- a/src/main/java/org/owasp/esapi/waf/internal/package.html
+++ b/src/main/java/org/owasp/esapi/waf/internal/package.html
@@ -1,12 +1,12 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
-<html>
-<head>
-</head>
-
-<body bgcolor="white">
-
-This package contains all HTTP-related classes used internally by the WAF for the implementation
-of its rules. 
- 
-</body>
-</html>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
+<html>
+<head>
+</head>
+
+<body bgcolor="white">
+
+This package contains all HTTP-related classes used internally by the WAF for the implementation
+of its rules. 
+ 
+</body>
+</html>

From 0c21fbaa9763fbe555e799413628caff20cc8399 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Tue, 19 Jan 2016 01:17:58 -0500
Subject: [PATCH 334/812] Issue 356 EOL matters

---
 .../java/org/owasp/esapi/waf/package.html     | 28 +++++++++----------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/waf/package.html b/src/main/java/org/owasp/esapi/waf/package.html
index bf23005ed..8f025e3ed 100644
--- a/src/main/java/org/owasp/esapi/waf/package.html
+++ b/src/main/java/org/owasp/esapi/waf/package.html
@@ -1,14 +1,14 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
-<html>
-<head>
-</head>
-
-<body bgcolor="white">
-
-This package contains the ESAPI Web Application Firewall (WAF). It is an optional feature of ESAPI
-that can be used with or without ESAPI's other security controls in place. It's purpose is to provide
-fast virtual patching capabilities against known vulnerabilities or the enforcement of existing
-security policies where possible.
- 
-</body>
-</html>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
+<html>
+<head>
+</head>
+
+<body bgcolor="white">
+
+This package contains the ESAPI Web Application Firewall (WAF). It is an optional feature of ESAPI
+that can be used with or without ESAPI's other security controls in place. It's purpose is to provide
+fast virtual patching capabilities against known vulnerabilities or the enforcement of existing
+security policies where possible.
+ 
+</body>
+</html>

From ca61c6decc5c7e60d1847b32682e0f9d10d70bae Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Tue, 19 Jan 2016 01:17:58 -0500
Subject: [PATCH 335/812] Issue 356 EOL matters

---
 .../org/owasp/esapi/waf/rules/package.html    | 24 +++++++++----------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/waf/rules/package.html b/src/main/java/org/owasp/esapi/waf/rules/package.html
index 133148e47..0f29d7ea3 100644
--- a/src/main/java/org/owasp/esapi/waf/rules/package.html
+++ b/src/main/java/org/owasp/esapi/waf/rules/package.html
@@ -1,12 +1,12 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
-<html>
-<head>
-</head>
-
-<body bgcolor="white">
-
-This package contains all of the Rule subclasses that correspond to policy file entries. Each 
-class contains the logic for enforcing its rule. 
- 
-</body>
-</html>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
+<html>
+<head>
+</head>
+
+<body bgcolor="white">
+
+This package contains all of the Rule subclasses that correspond to policy file entries. Each 
+class contains the logic for enforcing its rule. 
+ 
+</body>
+</html>

From 99917ec05d892f6e53a8e025872c2434430ad755 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Tue, 19 Jan 2016 01:17:58 -0500
Subject: [PATCH 336/812] Issue 356 EOL matters

---
 .../java/org/owasp/esapi/http/package.html    | 30 +++++++++----------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/http/package.html b/src/test/java/org/owasp/esapi/http/package.html
index 76f720fb6..c61efd69f 100644
--- a/src/test/java/org/owasp/esapi/http/package.html
+++ b/src/test/java/org/owasp/esapi/http/package.html
@@ -1,15 +1,15 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
-<html>
-<head>
-</head>
-
-<body bgcolor="white">
-
-A few simple mock classes to help test the ESAPI reference
-implementation. These classes are not fully functional and only
-implement the functions required to test the library. These
-implementations are not fully accurate and may not behave like the real
-Java EE classes.
-
-</body>
-</html>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
+<html>
+<head>
+</head>
+
+<body bgcolor="white">
+
+A few simple mock classes to help test the ESAPI reference
+implementation. These classes are not fully functional and only
+implement the functions required to test the library. These
+implementations are not fully accurate and may not behave like the real
+Java EE classes.
+
+</body>
+</html>

From c2585acb10d7bb075b17f6878d84f88b87de74b5 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Tue, 19 Jan 2016 01:17:58 -0500
Subject: [PATCH 337/812] Issue 356 EOL matters

---
 src/test/resources/esapi/waf-policies/bean-shell-rule.bsh | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/test/resources/esapi/waf-policies/bean-shell-rule.bsh b/src/test/resources/esapi/waf-policies/bean-shell-rule.bsh
index 2a1f423e7..08c8424c4 100644
--- a/src/test/resources/esapi/waf-policies/bean-shell-rule.bsh
+++ b/src/test/resources/esapi/waf-policies/bean-shell-rule.bsh
@@ -1,5 +1,5 @@
-import org.owasp.esapi.waf.actions.*;
-
-session.setAttribute("simple_waf_test", "true");
-
+import org.owasp.esapi.waf.actions.*;
+
+session.setAttribute("simple_waf_test", "true");
+
 action = new RedirectAction();
\ No newline at end of file

From 86c89a20e49209f853cbd04f9361e30ca03e2e2d Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Tue, 19 Jan 2016 21:46:51 -0500
Subject: [PATCH 338/812] Close issue #354.

---
 .../java/org/owasp/esapi/codecs/Base64.java   | 27 ++++++++-
 .../owasp/esapi/reference/EncoderTest.java    | 56 +++++++++++++++++++
 2 files changed, 82 insertions(+), 1 deletion(-)

diff --git a/src/main/java/org/owasp/esapi/codecs/Base64.java b/src/main/java/org/owasp/esapi/codecs/Base64.java
index 624d23c3d..b92f35590 100644
--- a/src/main/java/org/owasp/esapi/codecs/Base64.java
+++ b/src/main/java/org/owasp/esapi/codecs/Base64.java
@@ -8,7 +8,7 @@
 // I think that really depends on how much OWASP ESAPI plans on tracking changes to this
 // version vs. if the plan was just to fork from it and maintain OWASP's own version.
 // At this point, I think I prefer split from tracking Harder's original, but I'm easily
-// persuaded otherwise. - Kevin Wall
+// persuaded otherwise. (In fact, we have already done so w/ decodeToObject().) - Kevin Wall
 
 /**
  * <p>Encodes and decodes to and from Base64 notation.</p>
@@ -136,6 +136,12 @@ public class Base64
 	  */
 	 public final static int ORDERED = 32;
     
+     /**
+      * System property name that must be set to true in order to invoke {@code Base64.decodeToObject()}.
+      * @see https://github.com/ESAPI/esapi-java-legacy/issues/354
+      * @see http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
+      */
+     public final static String ENABLE_UNSAFE_SERIALIZATION = "org.owasp.esapi.enableUnsafeSerialization"; // Do NOT change!
     
 /* ********  P R I V A T E   F I E L D S  ******** */  
     
@@ -1091,6 +1097,15 @@ public static byte[] decode( String s, int options )
      *      untrusted data from a string and deserialize it into
      *      an object can potentially result in remote command
      *      injection vulnerabilities. Use at your own risk!
+     * </p><p><b>IMPORTANT BACKWARD COMPATIBILITY NOTICE</b></br>
+     * Because this static method can easily be used as an attack vector
+     * for those passing in deserialized objects, in a manner similar to the
+     * <a href="https://issues.apache.org/jira/browse/COLLECTIONS-580">Apache Commons Collections InvokerTransformer</a>
+     * issue, we are requiring that the system property
+     * {@code org.owasp.esapi.enableUnsafeSerialization}
+     * be set to "true" in order for this method to be successfully invoked.
+     * We apologize for the inconvenience this may cause in breaking anyone's
+     * application, but we feel that it is for the greater good.
      * </p>
      *
      * @param encodedObject The Base64 data to decode
@@ -1110,6 +1125,16 @@ public static byte[] decode( String s, int options )
     @Deprecated
     public static Object decodeToObject( String encodedObject )
     {
+        // We will do better when we attempt this again, allowing for a second argument
+        // to specify some sort of a collection of white-listed classes. Until then...
+        // See: http://www.ibm.com/developerworks/library/se-lookahead/ for how-to.
+        if ( ! "true".equalsIgnoreCase( System.getProperty( ENABLE_UNSAFE_SERIALIZATION ) ) ) {
+            throw new UnsupportedOperationException(
+                "Deserialization by Base64.decodeToObject(String) is disabled for security reasons. " +
+                "To re-enable it, set the system property '" + ENABLE_UNSAFE_SERIALIZATION + "' to 'true'." +
+                "For details, see: https://github.com/ESAPI/esapi-java-legacy/issues/354");
+        }
+
         // Decode and gunzip if necessary
         byte[] objBytes = decode( encodedObject );
         
diff --git a/src/test/java/org/owasp/esapi/reference/EncoderTest.java b/src/test/java/org/owasp/esapi/reference/EncoderTest.java
index 3e8f17a6a..bc2e1afde 100644
--- a/src/test/java/org/owasp/esapi/reference/EncoderTest.java
+++ b/src/test/java/org/owasp/esapi/reference/EncoderTest.java
@@ -19,6 +19,8 @@
 import java.io.UnsupportedEncodingException;
 import java.util.ArrayList;
 import java.util.Arrays;
+import java.io.ByteArrayOutputStream;
+import java.io.ObjectOutputStream;
 
 import junit.framework.Test;
 import junit.framework.TestCase;
@@ -27,6 +29,7 @@
 import org.owasp.esapi.ESAPI;
 import org.owasp.esapi.Encoder;
 import org.owasp.esapi.EncoderConstants;
+import org.owasp.esapi.codecs.Base64;
 import org.owasp.esapi.codecs.Codec;
 import org.owasp.esapi.codecs.MySQLCodec;
 import org.owasp.esapi.codecs.OracleCodec;
@@ -632,6 +635,59 @@ public void testDecodeFromBase64() {
         }
     }
     
+    /**
+	 * Test of Base64.decodeToObject() method. Should really be put into a
+     * separate Base64Test.java class, but this method has been deprecated
+     * so hopefully, we can kill it off soon.
+	 */
+    public void testBase64decodToObject() {
+        try {
+            System.out.println("testBase64decodeToObject");
+
+            ByteArrayOutputStream baos = new ByteArrayOutputStream();
+            ObjectOutputStream dout = new ObjectOutputStream(baos);
+
+            // If you don't get the joke, google John Draper. (And, BTW, you should
+            // be ashamed of yourself if you call yourself a hacker!)
+            String cerealizeThis = new String("Cap'n Crunch - every hacker's favorite cereal");
+            dout.writeObject( cerealizeThis );
+            byte[] serializedData = baos.toByteArray();
+            dout.close();
+
+            String b64serialized = Base64.encodeBytes( serializedData );
+            final String propName = Base64.ENABLE_UNSAFE_SERIALIZATION;
+
+            // Make sure the property is not set.
+            try { System.clearProperty( propName ); } catch(Throwable t) { ; }
+            String capnCrunch = null;
+
+            try {
+                capnCrunch = (String)Base64.decodeToObject( b64serialized );
+                fail("Case 1: Did not throw UnsupportedOperationException");
+            } catch(UnsupportedOperationException uoex) {
+                ; // Expected case
+            }
+
+            try {
+                System.setProperty( propName, "false" );
+                capnCrunch = (String)Base64.decodeToObject( b64serialized );
+                fail("Case 2: Did not throw UnsupportedOperationException");
+            } catch(UnsupportedOperationException uoex) {
+                ; // Expected case
+            }
+
+            try {
+                // This case should work.
+                System.setProperty( propName, "true" );
+                capnCrunch = (String)Base64.decodeToObject( b64serialized );
+                assertTrue( capnCrunch.equals( cerealizeThis ) );
+            } catch(Throwable t) {
+                fail("Case 3: Caught unexpected exception: " + t);
+            }
+        } catch(Throwable t) {
+            fail("Caught unexpected exception: " + t);
+        }
+    }
 
     /**
 	 * Test of WindowsCodec

From 21f3992440b1894b654d93c031c705bc9e4cd52c Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Tue, 19 Jan 2016 21:58:13 -0500
Subject: [PATCH 339/812] Git is complaining it's modified, but I'm committing
 w/out any actual change. Let's see what happens.

---
 LICENSE | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/LICENSE b/LICENSE
index 5d0f11c51..20c1657fa 100644
--- a/LICENSE
+++ b/LICENSE
@@ -1,12 +1,12 @@
-The BSD License
-
-Copyright (c) 2007, The OWASP Foundation
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
-
-Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 
-Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 
-Neither the name of the OWASP Foundation nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. 
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
+The BSD License
+
+Copyright (c) 2007, The OWASP Foundation
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 
+Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 
+Neither the name of the OWASP Foundation nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. 
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+

From 73995a44c0351041f6f6400a36c2c0571822602f Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Tue, 19 Jan 2016 22:06:16 -0500
Subject: [PATCH 340/812] No explicit changes; just did a add, followed by
 commit, but that seemed to fix the others.

---
 LICENSE-CONTENT                               | 156 +++++++++---------
 LICENSE-README                                |  12 +-
 documentation/esapi4java-2.0-readme.txt       | 120 +++++++-------
 ...va-2.0rc6-override-log4jloggingfactory.txt | 142 ++++++++--------
 .../esapi4java-core-2.1-release-notes.txt     | 136 +++++++--------
 src/main/java/META-INF/MANIFEST.MF            |   6 +-
 6 files changed, 286 insertions(+), 286 deletions(-)

diff --git a/LICENSE-CONTENT b/LICENSE-CONTENT
index 9d154ce74..b5b0f5e05 100644
--- a/LICENSE-CONTENT
+++ b/LICENSE-CONTENT
@@ -1,78 +1,78 @@
-Creative Commons
-Creative Commons Legal Code
-Attribution-ShareAlike 3.0 Unported
-
-    CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE LEGAL SERVICES. DISTRIBUTION OF THIS LICENSE DOES NOT CREATE AN ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES REGARDING THE INFORMATION PROVIDED, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM ITS USE. 
-
-License
-
-THE WORK (AS DEFINED BELOW) IS PROVIDED UNDER THE TERMS OF THIS CREATIVE COMMONS PUBLIC LICENSE ("CCPL" OR "LICENSE"). THE WORK IS PROTECTED BY COPYRIGHT AND/OR OTHER APPLICABLE LAW. ANY USE OF THE WORK OTHER THAN AS AUTHORIZED UNDER THIS LICENSE OR COPYRIGHT LAW IS PROHIBITED.
-
-BY EXERCISING ANY RIGHTS TO THE WORK PROVIDED HERE, YOU ACCEPT AND AGREE TO BE BOUND BY THE TERMS OF THIS LICENSE. TO THE EXTENT THIS LICENSE MAY BE CONSIDERED TO BE A CONTRACT, THE LICENSOR GRANTS YOU THE RIGHTS CONTAINED HERE IN CONSIDERATION OF YOUR ACCEPTANCE OF SUCH TERMS AND CONDITIONS.
-
-1. Definitions
-
-   1. "Adaptation" means a work based upon the Work, or upon the Work and other pre-existing works, such as a translation, adaptation, derivative work, arrangement of music or other alterations of a literary or artistic work, or phonogram or performance and includes cinematographic adaptations or any other form in which the Work may be recast, transformed, or adapted including in any form recognizably derived from the original, except that a work that constitutes a Collection will not be considered an Adaptation for the purpose of this License. For the avoidance of doubt, where the Work is a musical work, performance or phonogram, the synchronization of the Work in timed-relation with a moving image ("synching") will be considered an Adaptation for the purpose of this License.
-   2. "Collection" means a collection of literary or artistic works, such as encyclopedias and anthologies, or performances, phonograms or broadcasts, or other works or subject matter other than works listed in Section 1(f) below, which, by reason of the selection and arrangement of their contents, constitute intellectual creations, in which the Work is included in its entirety in unmodified form along with one or more other contributions, each constituting separate and independent works in themselves, which together are assembled into a collective whole. A work that constitutes a Collection will not be considered an Adaptation (as defined below) for the purposes of this License.
-   3. "Creative Commons Compatible License" means a license that is listed at http://creativecommons.org/compatiblelicenses that has been approved by Creative Commons as being essentially equivalent to this License, including, at a minimum, because that license: (i) contains terms that have the same purpose, meaning and effect as the License Elements of this License; and, (ii) explicitly permits the relicensing of adaptations of works made available under that license under this License or a Creative Commons jurisdiction license with the same License Elements as this License.
-   4. "Distribute" means to make available to the public the original and copies of the Work or Adaptation, as appropriate, through sale or other transfer of ownership.
-   5. "License Elements" means the following high-level license attributes as selected by Licensor and indicated in the title of this License: Attribution, ShareAlike.
-   6. "Licensor" means the individual, individuals, entity or entities that offer(s) the Work under the terms of this License.
-   7. "Original Author" means, in the case of a literary or artistic work, the individual, individuals, entity or entities who created the Work or if no individual or entity can be identified, the publisher; and in addition (i) in the case of a performance the actors, singers, musicians, dancers, and other persons who act, sing, deliver, declaim, play in, interpret or otherwise perform literary or artistic works or expressions of folklore; (ii) in the case of a phonogram the producer being the person or legal entity who first fixes the sounds of a performance or other sounds; and, (iii) in the case of broadcasts, the organization that transmits the broadcast.
-   8. "Work" means the literary and/or artistic work offered under the terms of this License including without limitation any production in the literary, scientific and artistic domain, whatever may be the mode or form of its expression including digital form, such as a book, pamphlet and other writing; a lecture, address, sermon or other work of the same nature; a dramatic or dramatico-musical work; a choreographic work or entertainment in dumb show; a musical composition with or without words; a cinematographic work to which are assimilated works expressed by a process analogous to cinematography; a work of drawing, painting, architecture, sculpture, engraving or lithography; a photographic work to which are assimilated works expressed by a process analogous to photography; a work of applied art; an illustration, map, plan, sketch or three-dimensional work relative to geography, topography, architecture or science; a performance; a broadcast; a phonogram; a compilation of data to the extent it is protected as a copyrightable work; or a work performed by a variety or circus performer to the extent it is not otherwise considered a literary or artistic work.
-   9. "You" means an individual or entity exercising rights under this License who has not previously violated the terms of this License with respect to the Work, or who has received express permission from the Licensor to exercise rights under this License despite a previous violation.
-  10. "Publicly Perform" means to perform public recitations of the Work and to communicate to the public those public recitations, by any means or process, including by wire or wireless means or public digital performances; to make available to the public Works in such a way that members of the public may access these Works from a place and at a place individually chosen by them; to perform the Work to the public by any means or process and the communication to the public of the performances of the Work, including by public digital performance; to broadcast and rebroadcast the Work by any means including signs, sounds or images.
-  11. "Reproduce" means to make copies of the Work by any means including without limitation by sound or visual recordings and the right of fixation and reproducing fixations of the Work, including storage of a protected performance or phonogram in digital form or other electronic medium.
-
-2. Fair Dealing Rights. Nothing in this License is intended to reduce, limit, or restrict any uses free from copyright or rights arising from limitations or exceptions that are provided for in connection with the copyright protection under copyright law or other applicable laws.
-
-3. License Grant. Subject to the terms and conditions of this License, Licensor hereby grants You a worldwide, royalty-free, non-exclusive, perpetual (for the duration of the applicable copyright) license to exercise the rights in the Work as stated below:
-
-   1. to Reproduce the Work, to incorporate the Work into one or more Collections, and to Reproduce the Work as incorporated in the Collections;
-   2. to create and Reproduce Adaptations provided that any such Adaptation, including any translation in any medium, takes reasonable steps to clearly label, demarcate or otherwise identify that changes were made to the original Work. For example, a translation could be marked "The original work was translated from English to Spanish," or a modification could indicate "The original work has been modified.";
-   3. to Distribute and Publicly Perform the Work including as incorporated in Collections; and,
-   4. to Distribute and Publicly Perform Adaptations.
-   5.
-
-      For the avoidance of doubt:
-         1. Non-waivable Compulsory License Schemes. In those jurisdictions in which the right to collect royalties through any statutory or compulsory licensing scheme cannot be waived, the Licensor reserves the exclusive right to collect such royalties for any exercise by You of the rights granted under this License;
-         2. Waivable Compulsory License Schemes. In those jurisdictions in which the right to collect royalties through any statutory or compulsory licensing scheme can be waived, the Licensor waives the exclusive right to collect such royalties for any exercise by You of the rights granted under this License; and,
-         3. Voluntary License Schemes. The Licensor waives the right to collect royalties, whether individually or, in the event that the Licensor is a member of a collecting society that administers voluntary licensing schemes, via that society, from any exercise by You of the rights granted under this License.
-
-The above rights may be exercised in all media and formats whether now known or hereafter devised. The above rights include the right to make such modifications as are technically necessary to exercise the rights in other media and formats. Subject to Section 8(f), all rights not expressly granted by Licensor are hereby reserved.
-
-4. Restrictions. The license granted in Section 3 above is expressly made subject to and limited by the following restrictions:
-
-   1. You may Distribute or Publicly Perform the Work only under the terms of this License. You must include a copy of, or the Uniform Resource Identifier (URI) for, this License with every copy of the Work You Distribute or Publicly Perform. You may not offer or impose any terms on the Work that restrict the terms of this License or the ability of the recipient of the Work to exercise the rights granted to that recipient under the terms of the License. You may not sublicense the Work. You must keep intact all notices that refer to this License and to the disclaimer of warranties with every copy of the Work You Distribute or Publicly Perform. When You Distribute or Publicly Perform the Work, You may not impose any effective technological measures on the Work that restrict the ability of a recipient of the Work from You to exercise the rights granted to that recipient under the terms of the License. This Section 4(a) applies to the Work as incorporated in a Collection, but this does not require the Collection apart from the Work itself to be made subject to the terms of this License. If You create a Collection, upon notice from any Licensor You must, to the extent practicable, remove from the Collection any credit as required by Section 4(c), as requested. If You create an Adaptation, upon notice from any Licensor You must, to the extent practicable, remove from the Adaptation any credit as required by Section 4(c), as requested.
-   2. You may Distribute or Publicly Perform an Adaptation only under the terms of: (i) this License; (ii) a later version of this License with the same License Elements as this License; (iii) a Creative Commons jurisdiction license (either this or a later license version) that contains the same License Elements as this License (e.g., Attribution-ShareAlike 3.0 US)); (iv) a Creative Commons Compatible License. If you license the Adaptation under one of the licenses mentioned in (iv), you must comply with the terms of that license. If you license the Adaptation under the terms of any of the licenses mentioned in (i), (ii) or (iii) (the "Applicable License"), you must comply with the terms of the Applicable License generally and the following provisions: (I) You must include a copy of, or the URI for, the Applicable License with every copy of each Adaptation You Distribute or Publicly Perform; (II) You may not offer or impose any terms on the Adaptation that restrict the terms of the Applicable License or the ability of the recipient of the Adaptation to exercise the rights granted to that recipient under the terms of the Applicable License; (III) You must keep intact all notices that refer to the Applicable License and to the disclaimer of warranties with every copy of the Work as included in the Adaptation You Distribute or Publicly Perform; (IV) when You Distribute or Publicly Perform the Adaptation, You may not impose any effective technological measures on the Adaptation that restrict the ability of a recipient of the Adaptation from You to exercise the rights granted to that recipient under the terms of the Applicable License. This Section 4(b) applies to the Adaptation as incorporated in a Collection, but this does not require the Collection apart from the Adaptation itself to be made subject to the terms of the Applicable License.
-   3. If You Distribute, or Publicly Perform the Work or any Adaptations or Collections, You must, unless a request has been made pursuant to Section 4(a), keep intact all copyright notices for the Work and provide, reasonable to the medium or means You are utilizing: (i) the name of the Original Author (or pseudonym, if applicable) if supplied, and/or if the Original Author and/or Licensor designate another party or parties (e.g., a sponsor institute, publishing entity, journal) for attribution ("Attribution Parties") in Licensor's copyright notice, terms of service or by other reasonable means, the name of such party or parties; (ii) the title of the Work if supplied; (iii) to the extent reasonably practicable, the URI, if any, that Licensor specifies to be associated with the Work, unless such URI does not refer to the copyright notice or licensing information for the Work; and (iv) , consistent with Ssection 3(b), in the case of an Adaptation, a credit identifying the use of the Work in the Adaptation (e.g., "French translation of the Work by Original Author," or "Screenplay based on original Work by Original Author"). The credit required by this Section 4(c) may be implemented in any reasonable manner; provided, however, that in the case of a Adaptation or Collection, at a minimum such credit will appear, if a credit for all contributing authors of the Adaptation or Collection appears, then as part of these credits and in a manner at least as prominent as the credits for the other contributing authors. For the avoidance of doubt, You may only use the credit required by this Section for the purpose of attribution in the manner set out above and, by exercising Your rights under this License, You may not implicitly or explicitly assert or imply any connection with, sponsorship or endorsement by the Original Author, Licensor and/or Attribution Parties, as appropriate, of You or Your use of the Work, without the separate, express prior written permission of the Original Author, Licensor and/or Attribution Parties.
-   4. Except as otherwise agreed in writing by the Licensor or as may be otherwise permitted by applicable law, if You Reproduce, Distribute or Publicly Perform the Work either by itself or as part of any Adaptations or Collections, You must not distort, mutilate, modify or take other derogatory action in relation to the Work which would be prejudicial to the Original Author's honor or reputation. Licensor agrees that in those jurisdictions (e.g. Japan), in which any exercise of the right granted in Section 3(b) of this License (the right to make Adaptations) would be deemed to be a distortion, mutilation, modification or other derogatory action prejudicial to the Original Author's honor and reputation, the Licensor will waive or not assert, as appropriate, this Section, to the fullest extent permitted by the applicable national law, to enable You to reasonably exercise Your right under Section 3(b) of this License (right to make Adaptations) but not otherwise.
-
-5. Representations, Warranties and Disclaimer
-
-UNLESS OTHERWISE MUTUALLY AGREED TO BY THE PARTIES IN WRITING, LICENSOR OFFERS THE WORK AS-IS AND MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND CONCERNING THE WORK, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING, WITHOUT LIMITATION, WARRANTIES OF TITLE, MERCHANTIBILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, OR THE ABSENCE OF LATENT OR OTHER DEFECTS, ACCURACY, OR THE PRESENCE OF ABSENCE OF ERRORS, WHETHER OR NOT DISCOVERABLE. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO SUCH EXCLUSION MAY NOT APPLY TO YOU.
-
-6. Limitation on Liability. EXCEPT TO THE EXTENT REQUIRED BY APPLICABLE LAW, IN NO EVENT WILL LICENSOR BE LIABLE TO YOU ON ANY LEGAL THEORY FOR ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL, PUNITIVE OR EXEMPLARY DAMAGES ARISING OUT OF THIS LICENSE OR THE USE OF THE WORK, EVEN IF LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
-
-7. Termination
-
-   1. This License and the rights granted hereunder will terminate automatically upon any breach by You of the terms of this License. Individuals or entities who have received Adaptations or Collections from You under this License, however, will not have their licenses terminated provided such individuals or entities remain in full compliance with those licenses. Sections 1, 2, 5, 6, 7, and 8 will survive any termination of this License.
-   2. Subject to the above terms and conditions, the license granted here is perpetual (for the duration of the applicable copyright in the Work). Notwithstanding the above, Licensor reserves the right to release the Work under different license terms or to stop distributing the Work at any time; provided, however that any such election will not serve to withdraw this License (or any other license that has been, or is required to be, granted under the terms of this License), and this License will continue in full force and effect unless terminated as stated above.
-
-8. Miscellaneous
-
-   1. Each time You Distribute or Publicly Perform the Work or a Collection, the Licensor offers to the recipient a license to the Work on the same terms and conditions as the license granted to You under this License.
-   2. Each time You Distribute or Publicly Perform an Adaptation, Licensor offers to the recipient a license to the original Work on the same terms and conditions as the license granted to You under this License.
-   3. If any provision of this License is invalid or unenforceable under applicable law, it shall not affect the validity or enforceability of the remainder of the terms of this License, and without further action by the parties to this agreement, such provision shall be reformed to the minimum extent necessary to make such provision valid and enforceable.
-   4. No term or provision of this License shall be deemed waived and no breach consented to unless such waiver or consent shall be in writing and signed by the party to be charged with such waiver or consent.
-   5. This License constitutes the entire agreement between the parties with respect to the Work licensed here. There are no understandings, agreements or representations with respect to the Work not specified here. Licensor shall not be bound by any additional provisions that may appear in any communication from You. This License may not be modified without the mutual written agreement of the Licensor and You.
-   6. The rights granted under, and the subject matter referenced, in this License were drafted utilizing the terminology of the Berne Convention for the Protection of Literary and Artistic Works (as amended on September 28, 1979), the Rome Convention of 1961, the WIPO Copyright Treaty of 1996, the WIPO Performances and Phonograms Treaty of 1996 and the Universal Copyright Convention (as revised on July 24, 1971). These rights and subject matter take effect in the relevant jurisdiction in which the License terms are sought to be enforced according to the corresponding provisions of the implementation of those treaty provisions in the applicable national law. If the standard suite of rights granted under applicable copyright law includes additional rights not granted under this License, such additional rights are deemed to be included in the License; this License is not intended to restrict the license of any rights under applicable law.
-
-    Creative Commons Notice
-
-    Creative Commons is not a party to this License, and makes no warranty whatsoever in connection with the Work. Creative Commons will not be liable to You or any party on any legal theory for any damages whatsoever, including without limitation any general, special, incidental or consequential damages arising in connection to this license. Notwithstanding the foregoing two (2) sentences, if Creative Commons has expressly identified itself as the Licensor hereunder, it shall have all rights and obligations of Licensor.
-
-    Except for the limited purpose of indicating to the public that the Work is licensed under the CCPL, Creative Commons does not authorize the use by either party of the trademark "Creative Commons" or any related trademark or logo of Creative Commons without the prior written consent of Creative Commons. Any permitted use will be in compliance with Creative Commons' then-current trademark usage guidelines, as may be published on its website or otherwise made available upon request from time to time. For the avoidance of doubt, this trademark restriction does not form part of the License.
-
-    Creative Commons may be contacted at http://creativecommons.org/.
-
+Creative Commons
+Creative Commons Legal Code
+Attribution-ShareAlike 3.0 Unported
+
+    CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE LEGAL SERVICES. DISTRIBUTION OF THIS LICENSE DOES NOT CREATE AN ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES REGARDING THE INFORMATION PROVIDED, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM ITS USE. 
+
+License
+
+THE WORK (AS DEFINED BELOW) IS PROVIDED UNDER THE TERMS OF THIS CREATIVE COMMONS PUBLIC LICENSE ("CCPL" OR "LICENSE"). THE WORK IS PROTECTED BY COPYRIGHT AND/OR OTHER APPLICABLE LAW. ANY USE OF THE WORK OTHER THAN AS AUTHORIZED UNDER THIS LICENSE OR COPYRIGHT LAW IS PROHIBITED.
+
+BY EXERCISING ANY RIGHTS TO THE WORK PROVIDED HERE, YOU ACCEPT AND AGREE TO BE BOUND BY THE TERMS OF THIS LICENSE. TO THE EXTENT THIS LICENSE MAY BE CONSIDERED TO BE A CONTRACT, THE LICENSOR GRANTS YOU THE RIGHTS CONTAINED HERE IN CONSIDERATION OF YOUR ACCEPTANCE OF SUCH TERMS AND CONDITIONS.
+
+1. Definitions
+
+   1. "Adaptation" means a work based upon the Work, or upon the Work and other pre-existing works, such as a translation, adaptation, derivative work, arrangement of music or other alterations of a literary or artistic work, or phonogram or performance and includes cinematographic adaptations or any other form in which the Work may be recast, transformed, or adapted including in any form recognizably derived from the original, except that a work that constitutes a Collection will not be considered an Adaptation for the purpose of this License. For the avoidance of doubt, where the Work is a musical work, performance or phonogram, the synchronization of the Work in timed-relation with a moving image ("synching") will be considered an Adaptation for the purpose of this License.
+   2. "Collection" means a collection of literary or artistic works, such as encyclopedias and anthologies, or performances, phonograms or broadcasts, or other works or subject matter other than works listed in Section 1(f) below, which, by reason of the selection and arrangement of their contents, constitute intellectual creations, in which the Work is included in its entirety in unmodified form along with one or more other contributions, each constituting separate and independent works in themselves, which together are assembled into a collective whole. A work that constitutes a Collection will not be considered an Adaptation (as defined below) for the purposes of this License.
+   3. "Creative Commons Compatible License" means a license that is listed at http://creativecommons.org/compatiblelicenses that has been approved by Creative Commons as being essentially equivalent to this License, including, at a minimum, because that license: (i) contains terms that have the same purpose, meaning and effect as the License Elements of this License; and, (ii) explicitly permits the relicensing of adaptations of works made available under that license under this License or a Creative Commons jurisdiction license with the same License Elements as this License.
+   4. "Distribute" means to make available to the public the original and copies of the Work or Adaptation, as appropriate, through sale or other transfer of ownership.
+   5. "License Elements" means the following high-level license attributes as selected by Licensor and indicated in the title of this License: Attribution, ShareAlike.
+   6. "Licensor" means the individual, individuals, entity or entities that offer(s) the Work under the terms of this License.
+   7. "Original Author" means, in the case of a literary or artistic work, the individual, individuals, entity or entities who created the Work or if no individual or entity can be identified, the publisher; and in addition (i) in the case of a performance the actors, singers, musicians, dancers, and other persons who act, sing, deliver, declaim, play in, interpret or otherwise perform literary or artistic works or expressions of folklore; (ii) in the case of a phonogram the producer being the person or legal entity who first fixes the sounds of a performance or other sounds; and, (iii) in the case of broadcasts, the organization that transmits the broadcast.
+   8. "Work" means the literary and/or artistic work offered under the terms of this License including without limitation any production in the literary, scientific and artistic domain, whatever may be the mode or form of its expression including digital form, such as a book, pamphlet and other writing; a lecture, address, sermon or other work of the same nature; a dramatic or dramatico-musical work; a choreographic work or entertainment in dumb show; a musical composition with or without words; a cinematographic work to which are assimilated works expressed by a process analogous to cinematography; a work of drawing, painting, architecture, sculpture, engraving or lithography; a photographic work to which are assimilated works expressed by a process analogous to photography; a work of applied art; an illustration, map, plan, sketch or three-dimensional work relative to geography, topography, architecture or science; a performance; a broadcast; a phonogram; a compilation of data to the extent it is protected as a copyrightable work; or a work performed by a variety or circus performer to the extent it is not otherwise considered a literary or artistic work.
+   9. "You" means an individual or entity exercising rights under this License who has not previously violated the terms of this License with respect to the Work, or who has received express permission from the Licensor to exercise rights under this License despite a previous violation.
+  10. "Publicly Perform" means to perform public recitations of the Work and to communicate to the public those public recitations, by any means or process, including by wire or wireless means or public digital performances; to make available to the public Works in such a way that members of the public may access these Works from a place and at a place individually chosen by them; to perform the Work to the public by any means or process and the communication to the public of the performances of the Work, including by public digital performance; to broadcast and rebroadcast the Work by any means including signs, sounds or images.
+  11. "Reproduce" means to make copies of the Work by any means including without limitation by sound or visual recordings and the right of fixation and reproducing fixations of the Work, including storage of a protected performance or phonogram in digital form or other electronic medium.
+
+2. Fair Dealing Rights. Nothing in this License is intended to reduce, limit, or restrict any uses free from copyright or rights arising from limitations or exceptions that are provided for in connection with the copyright protection under copyright law or other applicable laws.
+
+3. License Grant. Subject to the terms and conditions of this License, Licensor hereby grants You a worldwide, royalty-free, non-exclusive, perpetual (for the duration of the applicable copyright) license to exercise the rights in the Work as stated below:
+
+   1. to Reproduce the Work, to incorporate the Work into one or more Collections, and to Reproduce the Work as incorporated in the Collections;
+   2. to create and Reproduce Adaptations provided that any such Adaptation, including any translation in any medium, takes reasonable steps to clearly label, demarcate or otherwise identify that changes were made to the original Work. For example, a translation could be marked "The original work was translated from English to Spanish," or a modification could indicate "The original work has been modified.";
+   3. to Distribute and Publicly Perform the Work including as incorporated in Collections; and,
+   4. to Distribute and Publicly Perform Adaptations.
+   5.
+
+      For the avoidance of doubt:
+         1. Non-waivable Compulsory License Schemes. In those jurisdictions in which the right to collect royalties through any statutory or compulsory licensing scheme cannot be waived, the Licensor reserves the exclusive right to collect such royalties for any exercise by You of the rights granted under this License;
+         2. Waivable Compulsory License Schemes. In those jurisdictions in which the right to collect royalties through any statutory or compulsory licensing scheme can be waived, the Licensor waives the exclusive right to collect such royalties for any exercise by You of the rights granted under this License; and,
+         3. Voluntary License Schemes. The Licensor waives the right to collect royalties, whether individually or, in the event that the Licensor is a member of a collecting society that administers voluntary licensing schemes, via that society, from any exercise by You of the rights granted under this License.
+
+The above rights may be exercised in all media and formats whether now known or hereafter devised. The above rights include the right to make such modifications as are technically necessary to exercise the rights in other media and formats. Subject to Section 8(f), all rights not expressly granted by Licensor are hereby reserved.
+
+4. Restrictions. The license granted in Section 3 above is expressly made subject to and limited by the following restrictions:
+
+   1. You may Distribute or Publicly Perform the Work only under the terms of this License. You must include a copy of, or the Uniform Resource Identifier (URI) for, this License with every copy of the Work You Distribute or Publicly Perform. You may not offer or impose any terms on the Work that restrict the terms of this License or the ability of the recipient of the Work to exercise the rights granted to that recipient under the terms of the License. You may not sublicense the Work. You must keep intact all notices that refer to this License and to the disclaimer of warranties with every copy of the Work You Distribute or Publicly Perform. When You Distribute or Publicly Perform the Work, You may not impose any effective technological measures on the Work that restrict the ability of a recipient of the Work from You to exercise the rights granted to that recipient under the terms of the License. This Section 4(a) applies to the Work as incorporated in a Collection, but this does not require the Collection apart from the Work itself to be made subject to the terms of this License. If You create a Collection, upon notice from any Licensor You must, to the extent practicable, remove from the Collection any credit as required by Section 4(c), as requested. If You create an Adaptation, upon notice from any Licensor You must, to the extent practicable, remove from the Adaptation any credit as required by Section 4(c), as requested.
+   2. You may Distribute or Publicly Perform an Adaptation only under the terms of: (i) this License; (ii) a later version of this License with the same License Elements as this License; (iii) a Creative Commons jurisdiction license (either this or a later license version) that contains the same License Elements as this License (e.g., Attribution-ShareAlike 3.0 US)); (iv) a Creative Commons Compatible License. If you license the Adaptation under one of the licenses mentioned in (iv), you must comply with the terms of that license. If you license the Adaptation under the terms of any of the licenses mentioned in (i), (ii) or (iii) (the "Applicable License"), you must comply with the terms of the Applicable License generally and the following provisions: (I) You must include a copy of, or the URI for, the Applicable License with every copy of each Adaptation You Distribute or Publicly Perform; (II) You may not offer or impose any terms on the Adaptation that restrict the terms of the Applicable License or the ability of the recipient of the Adaptation to exercise the rights granted to that recipient under the terms of the Applicable License; (III) You must keep intact all notices that refer to the Applicable License and to the disclaimer of warranties with every copy of the Work as included in the Adaptation You Distribute or Publicly Perform; (IV) when You Distribute or Publicly Perform the Adaptation, You may not impose any effective technological measures on the Adaptation that restrict the ability of a recipient of the Adaptation from You to exercise the rights granted to that recipient under the terms of the Applicable License. This Section 4(b) applies to the Adaptation as incorporated in a Collection, but this does not require the Collection apart from the Adaptation itself to be made subject to the terms of the Applicable License.
+   3. If You Distribute, or Publicly Perform the Work or any Adaptations or Collections, You must, unless a request has been made pursuant to Section 4(a), keep intact all copyright notices for the Work and provide, reasonable to the medium or means You are utilizing: (i) the name of the Original Author (or pseudonym, if applicable) if supplied, and/or if the Original Author and/or Licensor designate another party or parties (e.g., a sponsor institute, publishing entity, journal) for attribution ("Attribution Parties") in Licensor's copyright notice, terms of service or by other reasonable means, the name of such party or parties; (ii) the title of the Work if supplied; (iii) to the extent reasonably practicable, the URI, if any, that Licensor specifies to be associated with the Work, unless such URI does not refer to the copyright notice or licensing information for the Work; and (iv) , consistent with Ssection 3(b), in the case of an Adaptation, a credit identifying the use of the Work in the Adaptation (e.g., "French translation of the Work by Original Author," or "Screenplay based on original Work by Original Author"). The credit required by this Section 4(c) may be implemented in any reasonable manner; provided, however, that in the case of a Adaptation or Collection, at a minimum such credit will appear, if a credit for all contributing authors of the Adaptation or Collection appears, then as part of these credits and in a manner at least as prominent as the credits for the other contributing authors. For the avoidance of doubt, You may only use the credit required by this Section for the purpose of attribution in the manner set out above and, by exercising Your rights under this License, You may not implicitly or explicitly assert or imply any connection with, sponsorship or endorsement by the Original Author, Licensor and/or Attribution Parties, as appropriate, of You or Your use of the Work, without the separate, express prior written permission of the Original Author, Licensor and/or Attribution Parties.
+   4. Except as otherwise agreed in writing by the Licensor or as may be otherwise permitted by applicable law, if You Reproduce, Distribute or Publicly Perform the Work either by itself or as part of any Adaptations or Collections, You must not distort, mutilate, modify or take other derogatory action in relation to the Work which would be prejudicial to the Original Author's honor or reputation. Licensor agrees that in those jurisdictions (e.g. Japan), in which any exercise of the right granted in Section 3(b) of this License (the right to make Adaptations) would be deemed to be a distortion, mutilation, modification or other derogatory action prejudicial to the Original Author's honor and reputation, the Licensor will waive or not assert, as appropriate, this Section, to the fullest extent permitted by the applicable national law, to enable You to reasonably exercise Your right under Section 3(b) of this License (right to make Adaptations) but not otherwise.
+
+5. Representations, Warranties and Disclaimer
+
+UNLESS OTHERWISE MUTUALLY AGREED TO BY THE PARTIES IN WRITING, LICENSOR OFFERS THE WORK AS-IS AND MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND CONCERNING THE WORK, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING, WITHOUT LIMITATION, WARRANTIES OF TITLE, MERCHANTIBILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, OR THE ABSENCE OF LATENT OR OTHER DEFECTS, ACCURACY, OR THE PRESENCE OF ABSENCE OF ERRORS, WHETHER OR NOT DISCOVERABLE. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO SUCH EXCLUSION MAY NOT APPLY TO YOU.
+
+6. Limitation on Liability. EXCEPT TO THE EXTENT REQUIRED BY APPLICABLE LAW, IN NO EVENT WILL LICENSOR BE LIABLE TO YOU ON ANY LEGAL THEORY FOR ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL, PUNITIVE OR EXEMPLARY DAMAGES ARISING OUT OF THIS LICENSE OR THE USE OF THE WORK, EVEN IF LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+
+7. Termination
+
+   1. This License and the rights granted hereunder will terminate automatically upon any breach by You of the terms of this License. Individuals or entities who have received Adaptations or Collections from You under this License, however, will not have their licenses terminated provided such individuals or entities remain in full compliance with those licenses. Sections 1, 2, 5, 6, 7, and 8 will survive any termination of this License.
+   2. Subject to the above terms and conditions, the license granted here is perpetual (for the duration of the applicable copyright in the Work). Notwithstanding the above, Licensor reserves the right to release the Work under different license terms or to stop distributing the Work at any time; provided, however that any such election will not serve to withdraw this License (or any other license that has been, or is required to be, granted under the terms of this License), and this License will continue in full force and effect unless terminated as stated above.
+
+8. Miscellaneous
+
+   1. Each time You Distribute or Publicly Perform the Work or a Collection, the Licensor offers to the recipient a license to the Work on the same terms and conditions as the license granted to You under this License.
+   2. Each time You Distribute or Publicly Perform an Adaptation, Licensor offers to the recipient a license to the original Work on the same terms and conditions as the license granted to You under this License.
+   3. If any provision of this License is invalid or unenforceable under applicable law, it shall not affect the validity or enforceability of the remainder of the terms of this License, and without further action by the parties to this agreement, such provision shall be reformed to the minimum extent necessary to make such provision valid and enforceable.
+   4. No term or provision of this License shall be deemed waived and no breach consented to unless such waiver or consent shall be in writing and signed by the party to be charged with such waiver or consent.
+   5. This License constitutes the entire agreement between the parties with respect to the Work licensed here. There are no understandings, agreements or representations with respect to the Work not specified here. Licensor shall not be bound by any additional provisions that may appear in any communication from You. This License may not be modified without the mutual written agreement of the Licensor and You.
+   6. The rights granted under, and the subject matter referenced, in this License were drafted utilizing the terminology of the Berne Convention for the Protection of Literary and Artistic Works (as amended on September 28, 1979), the Rome Convention of 1961, the WIPO Copyright Treaty of 1996, the WIPO Performances and Phonograms Treaty of 1996 and the Universal Copyright Convention (as revised on July 24, 1971). These rights and subject matter take effect in the relevant jurisdiction in which the License terms are sought to be enforced according to the corresponding provisions of the implementation of those treaty provisions in the applicable national law. If the standard suite of rights granted under applicable copyright law includes additional rights not granted under this License, such additional rights are deemed to be included in the License; this License is not intended to restrict the license of any rights under applicable law.
+
+    Creative Commons Notice
+
+    Creative Commons is not a party to this License, and makes no warranty whatsoever in connection with the Work. Creative Commons will not be liable to You or any party on any legal theory for any damages whatsoever, including without limitation any general, special, incidental or consequential damages arising in connection to this license. Notwithstanding the foregoing two (2) sentences, if Creative Commons has expressly identified itself as the Licensor hereunder, it shall have all rights and obligations of Licensor.
+
+    Except for the limited purpose of indicating to the public that the Work is licensed under the CCPL, Creative Commons does not authorize the use by either party of the trademark "Creative Commons" or any related trademark or logo of Creative Commons without the prior written consent of Creative Commons. Any permitted use will be in compliance with Creative Commons' then-current trademark usage guidelines, as may be published on its website or otherwise made available upon request from time to time. For the avoidance of doubt, this trademark restriction does not form part of the License.
+
+    Creative Commons may be contacted at http://creativecommons.org/.
+
diff --git a/LICENSE-README b/LICENSE-README
index e7295e13e..6968b1478 100644
--- a/LICENSE-README
+++ b/LICENSE-README
@@ -1,7 +1,7 @@
-Please note that:
-
-1) The LICENSE file only refers to the licensing of the source and binary code of ESAPI. 
-   For example, the actual ESAPI JAR file is only licensed under "The BSD License".
-   
-2) The LICENSE-CONTENT file only refers to the licensing of the content and documentation of ESAPI. 
+Please note that:
+
+1) The LICENSE file only refers to the licensing of the source and binary code of ESAPI. 
+   For example, the actual ESAPI JAR file is only licensed under "The BSD License".
+   
+2) The LICENSE-CONTENT file only refers to the licensing of the content and documentation of ESAPI. 
    For example, the documentation directory is only licensed under the Creative Commons/ShareAlike 3.0 Unported license.
\ No newline at end of file
diff --git a/documentation/esapi4java-2.0-readme.txt b/documentation/esapi4java-2.0-readme.txt
index de7c40dda..f2b3e61b6 100644
--- a/documentation/esapi4java-2.0-readme.txt
+++ b/documentation/esapi4java-2.0-readme.txt
@@ -1,60 +1,60 @@
-
-                            Welcome to ESAPI for Java!
-
-(This file best viewed full screen.)
-
-Here are the most significant directories and files included the zip file for this release:
-
-File / Directory                                                        Description
-=========================================================================================
-<root>/	
-|
-+---configuration/                                                      Directory of ESAPI configuration files
-|     |
-|     |---.esapi/
-|     |     |---waf-policies/                                           Directory containing Web Application Firewall policies
-|     |     |---ESAPI.properties                                        The main ESAPI configuration file
-|     |     `---validation.properties                                   Regular expressions used by the ESAPI validator
-|     |
-|     `---properties/                                                   Examples of how to internationalize error messages???
-|           |---ESAPI_en_US.properties                                      in US/English
-|           |---ESAPI_fr_FR.properties                                      in French
-|           `---ESAPI_zhs_CN.properties                                     in Chinese
-|
-|---documentation/                                                      ESAPI documentation
-|     |
-|     |---esapi4java-2.0-readme.txt                                     The file you are now reading
-|     |---esapi4java-core-2.0-release-notes.pdf                         ESAPI 2.0 release notes (draft)
-|     |---esapi4java-core-2.0-install-guide.doc                         ESAPI 2.0 installation guide (draft)
-|     |---esapi4java-2.0rc6-override-log4jloggingfactory.txt            How to use log4j to override User logging
-|     |---esapi4java-core-2.0-ciphertext-serialization.pdf              Describes serialization layout of ESAPI 2.0 ciphertext representation
-|     |---esapi4java-core-2.0-crypto-design-goals.doc (draft)           Describes ESAPI 2.0 crypto design goals & design decisions
-|     |---esapi4java-core-2.0-readme-crypto-changes.html                Describes why crypto was changed from what was in ESAPI 1.4
-|     |---esapi4java-core-2.0-symmetric-crypto-user-guide.html          User guide for using symmetric encryption in ESAPI 2.0
-|     |---esapi4java-core-2.1-release-notes.txt                         ESAPI 2.1 release notes
-|     `---esapi4java-waf-2.0-policy-file-spec.pdf                       Describes how to configure ESAPI 2.0's Web Application Firewall
-|
-|---libs/                                                               ESAPI dependencies
-|
-|---site/
-|     |---apidocs                                                       ESAPI Javadoc
-|     |---cobertura
-|     `---testapidocs                                                   ESAPI Javadoc for its JUnit test cases
-|
-|---src/                                                                ESAPI source code
-|
-|---esapi-<vers>.jar                                                    The ESAPI jar for version <vers> (e.g., <vers> == 2.0_rc10)
-|
-|---LICENSE.txt                                                         ESAPI license for source code and documentation
-|
-`---pom.xml                                                             Maven's pom.xml for building ESAPI from source via mvn.
-
-===========================================================
-
-Where to go from here -- please see the installation guide and the release
-notes.
-
-Please address comments and questions concerning the API and this document to
-the ESAPI Users mailing list, <esapi-user@lists.owasp.org>.
-
-Copyright (C) 2009-2010 The OWASP Foundation.
+
+                            Welcome to ESAPI for Java!
+
+(This file best viewed full screen.)
+
+Here are the most significant directories and files included the zip file for this release:
+
+File / Directory                                                        Description
+=========================================================================================
+<root>/	
+|
++---configuration/                                                      Directory of ESAPI configuration files
+|     |
+|     |---.esapi/
+|     |     |---waf-policies/                                           Directory containing Web Application Firewall policies
+|     |     |---ESAPI.properties                                        The main ESAPI configuration file
+|     |     `---validation.properties                                   Regular expressions used by the ESAPI validator
+|     |
+|     `---properties/                                                   Examples of how to internationalize error messages???
+|           |---ESAPI_en_US.properties                                      in US/English
+|           |---ESAPI_fr_FR.properties                                      in French
+|           `---ESAPI_zhs_CN.properties                                     in Chinese
+|
+|---documentation/                                                      ESAPI documentation
+|     |
+|     |---esapi4java-2.0-readme.txt                                     The file you are now reading
+|     |---esapi4java-core-2.0-release-notes.pdf                         ESAPI 2.0 release notes (draft)
+|     |---esapi4java-core-2.0-install-guide.doc                         ESAPI 2.0 installation guide (draft)
+|     |---esapi4java-2.0rc6-override-log4jloggingfactory.txt            How to use log4j to override User logging
+|     |---esapi4java-core-2.0-ciphertext-serialization.pdf              Describes serialization layout of ESAPI 2.0 ciphertext representation
+|     |---esapi4java-core-2.0-crypto-design-goals.doc (draft)           Describes ESAPI 2.0 crypto design goals & design decisions
+|     |---esapi4java-core-2.0-readme-crypto-changes.html                Describes why crypto was changed from what was in ESAPI 1.4
+|     |---esapi4java-core-2.0-symmetric-crypto-user-guide.html          User guide for using symmetric encryption in ESAPI 2.0
+|     |---esapi4java-core-2.1-release-notes.txt                         ESAPI 2.1 release notes
+|     `---esapi4java-waf-2.0-policy-file-spec.pdf                       Describes how to configure ESAPI 2.0's Web Application Firewall
+|
+|---libs/                                                               ESAPI dependencies
+|
+|---site/
+|     |---apidocs                                                       ESAPI Javadoc
+|     |---cobertura
+|     `---testapidocs                                                   ESAPI Javadoc for its JUnit test cases
+|
+|---src/                                                                ESAPI source code
+|
+|---esapi-<vers>.jar                                                    The ESAPI jar for version <vers> (e.g., <vers> == 2.0_rc10)
+|
+|---LICENSE.txt                                                         ESAPI license for source code and documentation
+|
+`---pom.xml                                                             Maven's pom.xml for building ESAPI from source via mvn.
+
+===========================================================
+
+Where to go from here -- please see the installation guide and the release
+notes.
+
+Please address comments and questions concerning the API and this document to
+the ESAPI Users mailing list, <esapi-user@lists.owasp.org>.
+
+Copyright (C) 2009-2010 The OWASP Foundation.
diff --git a/documentation/esapi4java-2.0rc6-override-log4jloggingfactory.txt b/documentation/esapi4java-2.0rc6-override-log4jloggingfactory.txt
index 891f76935..49accdbfc 100644
--- a/documentation/esapi4java-2.0rc6-override-log4jloggingfactory.txt
+++ b/documentation/esapi4java-2.0rc6-override-log4jloggingfactory.txt
@@ -1,71 +1,71 @@
-This release includes critical changes to the ESAPI Log4JLogger that will now allow you to over-ride the user specific 
-message using your own User or java.security.Principal implementation.
-
-There are a three critical steps that need to be taken to over-ride the ESAPI Log4JLogger:
-
-1)  Please make a copy of http://owasp-esapi-java.googlecode.com/svn/trunk/src/main/java/org/owasp/esapi/reference/ExampleExtendedLog4JLogFactory.java and change the package and the class name (something like com.yourcompany.logging.ExtendedLog4JFactory). This class (not very big at all) gives you the exact “shell” that you will need to over-ride the user message of the ESAPI Log4JLogger.
-
-2)  In your new class, please change the following function to use your user object:
-
-        public String getUserInfo() {
-            return "-EXTENDEDUSERINFO-";
-    }
-
-3)  Change your copy of ESAPI.properties to use your new logging class
-
-The ESAPI.properties entry looks like this now:
-
-ESAPI.Logger=org.owasp.esapi.reference.Log4JLogFactory
-
-Please change it to the following, based on how you renamed your new logging class
-
-ESAPI.Logger=com.yourcompany.logging.ExtendedLog4JFactory
-
-And you should be all set!
-
-PS: The original ESAPI Log4JLogging class used a secure random number as a replacement to logging the session ID. This allowed 
-us to tie log messages from the same session together, without exposing the actual session id in the log file. The code looks 
-like this, and you may wish to use it in your over-ridden version of getUserInfo.
-
-HttpServletRequest request = ESAPI.httpUtilities().getCurrentRequest();
-if ( request != null ) {
-    HttpSession session = request.getSession( false );
-    if ( session != null ) {
-        sid = (String)session.getAttribute("ESAPI_SESSION");
-        // if there is no session ID for the user yet, we create one and store it in the user's session
-        if ( sid == null ) {
-            sid = ""+ ESAPI.randomizer().getRandomInteger(0, 1000000);
-            session.setAttribute("ESAPI_SESSION", sid);
-        }
-    }
-}
-
-In fact, here is the entire original getUserInfo() implementation (that was tied to the ESAPI request and user object) – 
-you may wish to emulate some of this.
-
-public String getUserInfo() {
-    // create a random session number for the user to represent the user's 'session', if it doesn't exist already
-    String sid = null;
-    HttpServletRequest request = ESAPI.httpUtilities().getCurrentRequest();
-    if ( request != null ) {
-        HttpSession session = request.getSession( false );
-        if ( session != null ) {
-            sid = (String)session.getAttribute("ESAPI_SESSION");
-            // if there is no session ID for the user yet, we create one and store it in the user's session
-            if ( sid == null ) {
-                sid = ""+ ESAPI.randomizer().getRandomInteger(0, 1000000);
-                session.setAttribute("ESAPI_SESSION", sid);
-            }
-        }
-    }
-    
-    // log user information - username:session@ipaddr
-    User user = ESAPI.authenticator().getCurrentUser();            
-    String userInfo = "";
-    //TODO - make type logging configurable
-    if ( user != null) {
-        userInfo += user.getAccountName()+ ":" + sid + "@"+ user.getLastHostAddress();
-    }
-    
-    return userInfo;
-}
+This release includes critical changes to the ESAPI Log4JLogger that will now allow you to over-ride the user specific 
+message using your own User or java.security.Principal implementation.
+
+There are a three critical steps that need to be taken to over-ride the ESAPI Log4JLogger:
+
+1)  Please make a copy of http://owasp-esapi-java.googlecode.com/svn/trunk/src/main/java/org/owasp/esapi/reference/ExampleExtendedLog4JLogFactory.java and change the package and the class name (something like com.yourcompany.logging.ExtendedLog4JFactory). This class (not very big at all) gives you the exact “shell” that you will need to over-ride the user message of the ESAPI Log4JLogger.
+
+2)  In your new class, please change the following function to use your user object:
+
+        public String getUserInfo() {
+            return "-EXTENDEDUSERINFO-";
+    }
+
+3)  Change your copy of ESAPI.properties to use your new logging class
+
+The ESAPI.properties entry looks like this now:
+
+ESAPI.Logger=org.owasp.esapi.reference.Log4JLogFactory
+
+Please change it to the following, based on how you renamed your new logging class
+
+ESAPI.Logger=com.yourcompany.logging.ExtendedLog4JFactory
+
+And you should be all set!
+
+PS: The original ESAPI Log4JLogging class used a secure random number as a replacement to logging the session ID. This allowed 
+us to tie log messages from the same session together, without exposing the actual session id in the log file. The code looks 
+like this, and you may wish to use it in your over-ridden version of getUserInfo.
+
+HttpServletRequest request = ESAPI.httpUtilities().getCurrentRequest();
+if ( request != null ) {
+    HttpSession session = request.getSession( false );
+    if ( session != null ) {
+        sid = (String)session.getAttribute("ESAPI_SESSION");
+        // if there is no session ID for the user yet, we create one and store it in the user's session
+        if ( sid == null ) {
+            sid = ""+ ESAPI.randomizer().getRandomInteger(0, 1000000);
+            session.setAttribute("ESAPI_SESSION", sid);
+        }
+    }
+}
+
+In fact, here is the entire original getUserInfo() implementation (that was tied to the ESAPI request and user object) – 
+you may wish to emulate some of this.
+
+public String getUserInfo() {
+    // create a random session number for the user to represent the user's 'session', if it doesn't exist already
+    String sid = null;
+    HttpServletRequest request = ESAPI.httpUtilities().getCurrentRequest();
+    if ( request != null ) {
+        HttpSession session = request.getSession( false );
+        if ( session != null ) {
+            sid = (String)session.getAttribute("ESAPI_SESSION");
+            // if there is no session ID for the user yet, we create one and store it in the user's session
+            if ( sid == null ) {
+                sid = ""+ ESAPI.randomizer().getRandomInteger(0, 1000000);
+                session.setAttribute("ESAPI_SESSION", sid);
+            }
+        }
+    }
+    
+    // log user information - username:session@ipaddr
+    User user = ESAPI.authenticator().getCurrentUser();            
+    String userInfo = "";
+    //TODO - make type logging configurable
+    if ( user != null) {
+        userInfo += user.getAccountName()+ ":" + sid + "@"+ user.getLastHostAddress();
+    }
+    
+    return userInfo;
+}
diff --git a/documentation/esapi4java-core-2.1-release-notes.txt b/documentation/esapi4java-core-2.1-release-notes.txt
index 3570d0f88..d84097d80 100644
--- a/documentation/esapi4java-core-2.1-release-notes.txt
+++ b/documentation/esapi4java-core-2.1-release-notes.txt
@@ -1,68 +1,68 @@
-ESAPI for Java - 2.1.0 Release Notes
-
-1) Fixed security issue #306, a vulnerability discovered by Phillipe Arteau.
-   This fix necessitated removing the deprecated encrypt() and decrupt() methods
-   that were intended to provide backward compatibility with ESAPI 1.4.
-   As it turns out, there was no way to fix this bug without a major rewrite
-   unless these methods were removed. However, as these two methods have been
-   deprecated more than 2 years ago and they are known to be insecure
-   (they are vulnerable to padding oracle attacks), the ESAPI team has
-   decided to remove them in accordance to their support policy.
-   
-   See comments for issue #306 for further details, as well as additional
-   safety precautions that you may wish to take in the unlikely, but possible
-   event that this vulnerability resulted in an actual security breach.
-
-   Finally, since the removal of these methods constitute an interface change
-   (to the Encryptor interface), this is considered a minor release (2.1)
-   rather than simply a patch release (2.0.2).
-
-   Please note that there are further updates planned to further strengthen
-   the MAC that ESAPI crypt uses. However, because they will require some
-   design changes, they may not be out for another month. Note that these
-   fixes do not correct any *known* vulnerabilities, but will address
-   some potential weaknesses in what is not included in the MAC (such as
-   the crypto version).
-
-2) Other Google Issues fixed: 257, 271, and 292 are all fixed in this release.
-
-3) Fixed Javadoc for Encoder.encryptForJavaScript(). [Revision r1879]
-
-4) DefaultEncryptedProperties - made minor Javadoc changes.
-
-5) The ESAPI 2.0 Encryptor.encrypt() methods now all throw an appropriate
-   IllegalArgumentException if any of the arguments are null. Previously,
-   if any of the arguments were null you would either get an AssertionError
-   (if you had assertions enabled) or a default NullPointerException when
-   assertions were disabled.  While IllegalArgumentException is still an
-   unchecked RuntimeException, note that if you were previously catching
-   NullPointerExceptions for these cases, you may need to change your code.
-
-6) The public constructor, CiphertextSerializer(CipherText ct), was changed
-   to explicitly check that the parameter is not null. Previously it had
-   checked with assertions which might later result in a NullPointerException
-   being thrown if assertions were disabled. Now if the parameter is null,
-   an appropriate IllegalArgumentException is thrown. This should not really
-   affect existing code (unless you are experimenting implementing your own
-   crypto) since user code should not really be using CiperTextSerializer
-   directly.
-
-7) Some of the setter methods in KeyDerivationFunction were changed to explicitly
-   check for invalid arguments and throw an IllegalArgumentException rather than
-   checking these parameters via assertions. This should not affect general
-   user code as most would not be calling the KeyDerivationFunction class
-   directly.
-
-8) Other miscellaneous minor code clean-up, mostly to remove compiler warnings.
-
-NOTE: A follow-up patch release is scheduled within the next few months to
-      address some questionable design decisions regarding what data in
-      the serialized ciphertext should be authenticated via the MAC. For
-      instance, presently only the IV+ciphertext is MAC'd (as would be the
-      equivalent case of when you would use an authenticated combined cipher
-      mode such as GCM or CCM). A deeper analysis of the design is required
-      based on findings in Google Issue # 306. I will periodically try
-      to keep the ESAPI mailing lists updated with the progress so watch
-      there for emerging details and anticipated schedule.
-      
--Kevin W. Wall <kevin.w.wall@gmail.com>, 2013-08-30
+ESAPI for Java - 2.1.0 Release Notes
+
+1) Fixed security issue #306, a vulnerability discovered by Phillipe Arteau.
+   This fix necessitated removing the deprecated encrypt() and decrupt() methods
+   that were intended to provide backward compatibility with ESAPI 1.4.
+   As it turns out, there was no way to fix this bug without a major rewrite
+   unless these methods were removed. However, as these two methods have been
+   deprecated more than 2 years ago and they are known to be insecure
+   (they are vulnerable to padding oracle attacks), the ESAPI team has
+   decided to remove them in accordance to their support policy.
+   
+   See comments for issue #306 for further details, as well as additional
+   safety precautions that you may wish to take in the unlikely, but possible
+   event that this vulnerability resulted in an actual security breach.
+
+   Finally, since the removal of these methods constitute an interface change
+   (to the Encryptor interface), this is considered a minor release (2.1)
+   rather than simply a patch release (2.0.2).
+
+   Please note that there are further updates planned to further strengthen
+   the MAC that ESAPI crypt uses. However, because they will require some
+   design changes, they may not be out for another month. Note that these
+   fixes do not correct any *known* vulnerabilities, but will address
+   some potential weaknesses in what is not included in the MAC (such as
+   the crypto version).
+
+2) Other Google Issues fixed: 257, 271, and 292 are all fixed in this release.
+
+3) Fixed Javadoc for Encoder.encryptForJavaScript(). [Revision r1879]
+
+4) DefaultEncryptedProperties - made minor Javadoc changes.
+
+5) The ESAPI 2.0 Encryptor.encrypt() methods now all throw an appropriate
+   IllegalArgumentException if any of the arguments are null. Previously,
+   if any of the arguments were null you would either get an AssertionError
+   (if you had assertions enabled) or a default NullPointerException when
+   assertions were disabled.  While IllegalArgumentException is still an
+   unchecked RuntimeException, note that if you were previously catching
+   NullPointerExceptions for these cases, you may need to change your code.
+
+6) The public constructor, CiphertextSerializer(CipherText ct), was changed
+   to explicitly check that the parameter is not null. Previously it had
+   checked with assertions which might later result in a NullPointerException
+   being thrown if assertions were disabled. Now if the parameter is null,
+   an appropriate IllegalArgumentException is thrown. This should not really
+   affect existing code (unless you are experimenting implementing your own
+   crypto) since user code should not really be using CiperTextSerializer
+   directly.
+
+7) Some of the setter methods in KeyDerivationFunction were changed to explicitly
+   check for invalid arguments and throw an IllegalArgumentException rather than
+   checking these parameters via assertions. This should not affect general
+   user code as most would not be calling the KeyDerivationFunction class
+   directly.
+
+8) Other miscellaneous minor code clean-up, mostly to remove compiler warnings.
+
+NOTE: A follow-up patch release is scheduled within the next few months to
+      address some questionable design decisions regarding what data in
+      the serialized ciphertext should be authenticated via the MAC. For
+      instance, presently only the IV+ciphertext is MAC'd (as would be the
+      equivalent case of when you would use an authenticated combined cipher
+      mode such as GCM or CCM). A deeper analysis of the design is required
+      based on findings in Google Issue # 306. I will periodically try
+      to keep the ESAPI mailing lists updated with the progress so watch
+      there for emerging details and anticipated schedule.
+      
+-Kevin W. Wall <kevin.w.wall@gmail.com>, 2013-08-30
diff --git a/src/main/java/META-INF/MANIFEST.MF b/src/main/java/META-INF/MANIFEST.MF
index 5e9495128..254272e1c 100644
--- a/src/main/java/META-INF/MANIFEST.MF
+++ b/src/main/java/META-INF/MANIFEST.MF
@@ -1,3 +1,3 @@
-Manifest-Version: 1.0
-Class-Path: 
-
+Manifest-Version: 1.0
+Class-Path: 
+

From 142307d2811d139221c27e8da98aa01324d5514c Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Tue, 19 Jan 2016 22:11:46 -0500
Subject: [PATCH 341/812] Try to get git to ignore Eclipse generated files.

---
 .gitignore | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.gitignore b/.gitignore
index ea8c4bf7f..0f6484a23 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,4 @@
 /target
+/.settings/**
+.classpath
+.project

From 65adf0518925b91d965d6d3e70e031faa9ca122b Mon Sep 17 00:00:00 2001
From: "Kevin W. Wall" <kevin.w.wall@gmail.com>
Date: Tue, 19 Jan 2016 22:19:27 -0500
Subject: [PATCH 342/812] Delete org.eclipse.core.resources.prefs

This is a file generated by Eclipse and not really part of ESAPI per se. It may be version specific to a particular release of Eclipse, thus we are deleting it and adding it to be ignored in the .gitignore file.
---
 .settings/org.eclipse.core.resources.prefs | 3 ---
 1 file changed, 3 deletions(-)
 delete mode 100644 .settings/org.eclipse.core.resources.prefs

diff --git a/.settings/org.eclipse.core.resources.prefs b/.settings/org.eclipse.core.resources.prefs
deleted file mode 100644
index 2655b6477..000000000
--- a/.settings/org.eclipse.core.resources.prefs
+++ /dev/null
@@ -1,3 +0,0 @@
-#Thu Nov 26 01:50:11 HST 2009
-eclipse.preferences.version=1
-encoding/<project>=UTF-8

From a88295a60d39d8f696461cdb9bfa9f52352c23da Mon Sep 17 00:00:00 2001
From: "Kevin W. Wall" <kevin.w.wall@gmail.com>
Date: Tue, 19 Jan 2016 22:20:48 -0500
Subject: [PATCH 343/812] Delete org.eclipse.jdt.core.prefs

This is a file generated by Eclipse and not really part of ESAPI per se. It may be version specific to a particular release of Eclipse, thus we are deleting it and adding it to be ignored in the .gitignore file. (In fact, this one is telling Eclipse to use '-target 1.5' when actually '-target 1.6' is what the pom.xml specifies.)
---
 .settings/org.eclipse.jdt.core.prefs | 6 ------
 1 file changed, 6 deletions(-)
 delete mode 100644 .settings/org.eclipse.jdt.core.prefs

diff --git a/.settings/org.eclipse.jdt.core.prefs b/.settings/org.eclipse.jdt.core.prefs
deleted file mode 100644
index 9e33fcc4b..000000000
--- a/.settings/org.eclipse.jdt.core.prefs
+++ /dev/null
@@ -1,6 +0,0 @@
-#Tue May 10 22:28:38 MDT 2011
-eclipse.preferences.version=1
-org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5
-org.eclipse.jdt.core.compiler.compliance=1.5
-org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
-org.eclipse.jdt.core.compiler.source=1.5

From d863f355fe6e05d81b0b209077e4d4b851d6f62d Mon Sep 17 00:00:00 2001
From: "Kevin W. Wall" <kevin.w.wall@gmail.com>
Date: Tue, 19 Jan 2016 22:21:30 -0500
Subject: [PATCH 344/812] Delete org.eclipse.wst.common.component

This is a file generated by Eclipse and not really part of ESAPI per se. It may be version specific to a particular release of Eclipse, thus we are deleting it and adding it to be ignored in the .gitignore file.
---
 .settings/org.eclipse.wst.common.component | 10 ----------
 1 file changed, 10 deletions(-)
 delete mode 100644 .settings/org.eclipse.wst.common.component

diff --git a/.settings/org.eclipse.wst.common.component b/.settings/org.eclipse.wst.common.component
deleted file mode 100644
index b814064d1..000000000
--- a/.settings/org.eclipse.wst.common.component
+++ /dev/null
@@ -1,10 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project-modules id="moduleCoreId" project-version="1.5.0">
-  <wb-module deploy-name="ESAPI">
-    <wb-resource deploy-path="/" source-path="src/main/java"/>
-    <wb-resource deploy-path="/" source-path="src/main/resources"/>
-        <wb-resource deploy-path="/" source-path="/src/test/java"/>
-        <wb-resource deploy-path="/" source-path="/src/test/resources"/>
-        <wb-resource deploy-path="/" source-path="/src/main/java"/>
-  </wb-module>
-</project-modules>

From ce7641299919f60f8dab994fc28afdb29884e496 Mon Sep 17 00:00:00 2001
From: "Kevin W. Wall" <kevin.w.wall@gmail.com>
Date: Tue, 19 Jan 2016 22:21:45 -0500
Subject: [PATCH 345/812] Delete org.eclipse.wst.common.project.facet.core.xml

This is a file generated by Eclipse and not really part of ESAPI per se. It may be version specific to a particular release of Eclipse, thus we are deleting it and adding it to be ignored in the .gitignore file.
---
 .settings/org.eclipse.wst.common.project.facet.core.xml | 6 ------
 1 file changed, 6 deletions(-)
 delete mode 100644 .settings/org.eclipse.wst.common.project.facet.core.xml

diff --git a/.settings/org.eclipse.wst.common.project.facet.core.xml b/.settings/org.eclipse.wst.common.project.facet.core.xml
deleted file mode 100644
index 9bbcbd78e..000000000
--- a/.settings/org.eclipse.wst.common.project.facet.core.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<faceted-project>
-  <fixed facet="jst.java"/>
-  <fixed facet="jst.utility"/>
-  <installed facet="jst.utility" version="1.0"/>
-  <installed facet="jst.java" version="5.0"/>
-</faceted-project>
\ No newline at end of file

From 7fd79e7e68b8561e50a15cfc3dfd8efc351e94d8 Mon Sep 17 00:00:00 2001
From: "Kevin W. Wall" <kevin.w.wall@gmail.com>
Date: Tue, 19 Jan 2016 22:22:04 -0500
Subject: [PATCH 346/812] Delete org.maven.ide.eclipse.prefs

This is a file generated by Eclipse and not really part of ESAPI per se. It may be version specific to a particular release of Eclipse, thus we are deleting it and adding it to be ignored in the .gitignore file.
---
 .settings/org.maven.ide.eclipse.prefs | 9 ---------
 1 file changed, 9 deletions(-)
 delete mode 100644 .settings/org.maven.ide.eclipse.prefs

diff --git a/.settings/org.maven.ide.eclipse.prefs b/.settings/org.maven.ide.eclipse.prefs
deleted file mode 100644
index 310a30006..000000000
--- a/.settings/org.maven.ide.eclipse.prefs
+++ /dev/null
@@ -1,9 +0,0 @@
-#Fri Jul 10 01:10:33 EDT 2009
-activeProfiles=
-eclipse.preferences.version=1
-fullBuildGoals=process-test-resources
-includeModules=false
-resolveWorkspaceProjects=true
-resourceFilterGoals=process-resources resources\:testResources
-skipCompilerPlugin=true
-version=1

From 467f179292243c369c1fee09427481c3f7e6a39b Mon Sep 17 00:00:00 2001
From: "Kevin W. Wall" <kevin.w.wall@gmail.com>
Date: Tue, 19 Jan 2016 22:25:02 -0500
Subject: [PATCH 347/812] Delete .classpath

This is a file generated by Eclipse and not really part of ESAPI per se. It may be version specific to a particular release of Eclipse, thus we are deleting it and adding it to be ignored in the .gitignore file.
---
 .classpath | 10 ----------
 1 file changed, 10 deletions(-)
 delete mode 100644 .classpath

diff --git a/.classpath b/.classpath
deleted file mode 100644
index 3c57589c2..000000000
--- a/.classpath
+++ /dev/null
@@ -1,10 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<classpath>
-	<classpathentry kind="src" output="target/classes" path="src/main/java"/>
-	<classpathentry kind="src" output="target/test-classes" path="src/test/java"/>
-	<classpathentry excluding="**" kind="src" output="target/test-classes" path="src/test/resources"/>
-	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.5"/>
-	<classpathentry kind="con" path="org.maven.ide.eclipse.MAVEN2_CLASSPATH_CONTAINER"/>
-	<classpathentry kind="con" path="org.eclipse.jst.server.core.container/org.eclipse.jst.server.tomcat.runtimeTarget/Apache Tomcat v6.0"/>
-	<classpathentry kind="output" path="target/classes"/>
-</classpath>

From 65d6673e58995ca08b26e97edd090acbd2a5a68c Mon Sep 17 00:00:00 2001
From: "Kevin W. Wall" <kevin.w.wall@gmail.com>
Date: Tue, 19 Jan 2016 22:25:52 -0500
Subject: [PATCH 348/812] Delete .project

This is a file generated by Eclipse and not really part of ESAPI per se. It may be version specific to a particular release of Eclipse, thus we are deleting it and adding it to be ignored in the .gitignore file.
---
 .project | 42 ------------------------------------------
 1 file changed, 42 deletions(-)
 delete mode 100644 .project

diff --git a/.project b/.project
deleted file mode 100644
index b20935afd..000000000
--- a/.project
+++ /dev/null
@@ -1,42 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<projectDescription>
-	<name>ESAPI_2.0</name>
-	<comment>The Enterprise Security API project is an OWASP project
-		to create simple strong security controls for every web platform.
-		Security controls are not simple to build. You can read about the
-		hundreds of pitfalls for unwary developers on the OWASP website. By
-		providing developers with a set of strong controls, we aim to
-		eliminate some of the complexity of creating secure web applications.
-		This can result in significant cost savings across the SDLC.</comment>
-	<projects>
-	</projects>
-	<buildSpec>
-		<buildCommand>
-			<name>org.eclipse.wst.common.project.facet.core.builder</name>
-			<arguments>
-			</arguments>
-		</buildCommand>
-		<buildCommand>
-			<name>org.eclipse.jdt.core.javabuilder</name>
-			<arguments>
-			</arguments>
-		</buildCommand>
-		<buildCommand>
-			<name>org.eclipse.wst.validation.validationbuilder</name>
-			<arguments>
-			</arguments>
-		</buildCommand>
-		<buildCommand>
-			<name>org.maven.ide.eclipse.maven2Builder</name>
-			<arguments>
-			</arguments>
-		</buildCommand>
-	</buildSpec>
-	<natures>
-		<nature>org.maven.ide.eclipse.maven2Nature</nature>
-		<nature>org.eclipse.jem.workbench.JavaEMFNature</nature>
-		<nature>org.eclipse.wst.common.modulecore.ModuleCoreNature</nature>
-		<nature>org.eclipse.jdt.core.javanature</nature>
-		<nature>org.eclipse.wst.common.project.facet.core.nature</nature>
-	</natures>
-</projectDescription>

From 520e167a1d0cffbbdd923026e456b60ad54cd2d0 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Tue, 19 Jan 2016 22:38:23 -0500
Subject: [PATCH 349/812] Add *.swp and *~ to the ignore list. The former are
 vim temp files, and the latter are its backups (if so-enabled).

---
 .gitignore | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.gitignore b/.gitignore
index 0f6484a23..cc8990967 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,5 @@
 /.settings/**
 .classpath
 .project
+*.swp
+*~

From 4d2b101637a137285bcd39f99335ab184926e5ed Mon Sep 17 00:00:00 2001
From: Anthony Musyoki <anthony.musyoki@gmail.com>
Date: Wed, 20 Jan 2016 11:47:07 +0300
Subject: [PATCH 350/812] Fix issue 355 by adding a call to
 file.deleteOnExit().

---
 .../esapi/waf/internal/InterceptingServletOutputStream.java  | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/main/java/org/owasp/esapi/waf/internal/InterceptingServletOutputStream.java b/src/main/java/org/owasp/esapi/waf/internal/InterceptingServletOutputStream.java
index 693c11112..cad2efe92 100644
--- a/src/main/java/org/owasp/esapi/waf/internal/InterceptingServletOutputStream.java
+++ b/src/main/java/org/owasp/esapi/waf/internal/InterceptingServletOutputStream.java
@@ -56,7 +56,10 @@ public InterceptingServletOutputStream(ServletOutputStream os, boolean buffered)
 		 * the prefix and suffix small for less processing. The "oew" is intended
 		 * to stand for "OWASP ESAPI WAF" and the "hop" for HTTP output.
 		 */
-		this.out = new RandomAccessFile ( File.createTempFile("oew", ".hop"), "rw" ); 
+		File tempFile= File.createTempFile("oew", ".hop");
+		this.out = new RandomAccessFile (tempFile, "rw" ); 
+		tempFile.deleteOnExit();
+		
 	}
 
 	public void reset() throws IOException {

From 56dae769091157755d0a8c0992e2c5d17bb8e6f8 Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Wed, 20 Jan 2016 17:59:15 -0600
Subject: [PATCH 351/812] Applied fixes to unit test and upgraded junit to
 4.12.

---
 pom.xml                                       |   2 +-
 .../esapi/reference/AuthenticatorTest.java    | 208 ++++++++++--------
 2 files changed, 116 insertions(+), 94 deletions(-)

diff --git a/pom.xml b/pom.xml
index dea265185..4459f4b90 100644
--- a/pom.xml
+++ b/pom.xml
@@ -132,7 +132,7 @@
         <dependency>
             <groupId>junit</groupId>
             <artifactId>junit</artifactId>
-            <version>4.5</version>
+            <version>4.12</version>
             <scope>test</scope>
         </dependency>
         <dependency>
diff --git a/src/test/java/org/owasp/esapi/reference/AuthenticatorTest.java b/src/test/java/org/owasp/esapi/reference/AuthenticatorTest.java
index e6a660f4b..1603689c7 100644
--- a/src/test/java/org/owasp/esapi/reference/AuthenticatorTest.java
+++ b/src/test/java/org/owasp/esapi/reference/AuthenticatorTest.java
@@ -15,13 +15,32 @@
  */
 package org.owasp.esapi.reference;
 
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertSame;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+import static org.junit.Assume.assumeTrue;
+
 import java.util.Date;
 import java.util.Set;
+import java.util.concurrent.CountDownLatch;
+import java.util.concurrent.Semaphore;
+import java.util.concurrent.TimeUnit;
 
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 
+import org.junit.After;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.ErrorCollector;
+import org.junit.rules.TestName;
+import org.junit.rules.Timeout;
 import org.owasp.esapi.Authenticator;
 import org.owasp.esapi.ESAPI;
 import org.owasp.esapi.EncoderConstants;
@@ -38,47 +57,49 @@
  * 
  * @author Jeff Williams (jeff.williams@aspectsecurity.com)
  */
-public class AuthenticatorTest extends TestCase {
-
-
-	/**
-	 * Suite.
-	 * 
-	 * @return the test
-	 */
-	public static Test suite() {
-		TestSuite suite = new TestSuite(AuthenticatorTest.class);
+public class AuthenticatorTest {
+    private static Authenticator instance;
+    /** 
+     * User session information is stored on a per-thread basis.  So long as this has potential to run single threaded then we'll maintain a synchronous nature execution.
+     * This is done to prevent tests corrupting each others states since all will be executed on a limited set of Threads within the JVM.
+     */
+    private static Semaphore threadIsolation = new Semaphore(1, true);
 
-		return suite;
-	}
+    @Rule
+    public ErrorCollector collector = new ErrorCollector();
+    @Rule
+    public Timeout testTimout = new Timeout(10, TimeUnit.SECONDS);
+    @Rule
+    public TestName name = new TestName();
 
-	/**
-	 * Instantiates a new authenticator test.
-	 * 
-	 * @param testName
-	 *            the test name
-	 */
-	public AuthenticatorTest(String testName) {
-		super(testName);
-	}
+    @BeforeClass
+    public static void setUpStatic() {
+        instance = ESAPI.authenticator();
+    }
 
-    /**
-     * {@inheritDoc}
-     *
-     * @throws Exception
-     */
-	protected void setUp() throws Exception {
-		// none
-	}
+    @Before
+    public void setup() throws InterruptedException {
+        while (!threadIsolation.tryAcquire(500, TimeUnit.MILLISECONDS)) {
+            //Spurious Interrupt Guard
+        }       
+    }
 
-    /**
-     * {@inheritDoc}
-     *
-     * @throws Exception
-     */
-	protected void tearDown() throws Exception {
-		// none
-	}
+    @After
+    public void cleanup() {
+        try {
+            instance.logout();
+            instance.clearCurrent();
+            HttpServletRequest request = ESAPI.httpUtilities().getCurrentRequest();
+            HttpServletResponse response = ESAPI.httpUtilities().getCurrentResponse();
+            if (request != null  && response != null) {
+                //I don't know why killAllCookies doesn't nullcheck state.  I'm assuming this is unique to the test environment.
+                ESAPI.httpUtilities().killAllCookies();
+            }
+            ESAPI.httpUtilities().clearCurrent();
+        } finally {
+            threadIsolation.release();
+        }
+    }
 
 	
 	/**
@@ -88,10 +109,9 @@ protected void tearDown() throws Exception {
      *             the authentication exception
      * @throws EncryptionException
 	 */
-	public void testCreateUser() throws AuthenticationException, EncryptionException {
+	@Test public void testCreateUser() throws AuthenticationException, EncryptionException {
 		System.out.println("createUser");
 		String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-		Authenticator instance = ESAPI.authenticator();
 		String password = instance.generateStrongPassword();
 		User user = instance.createUser(accountName, password, password);
 		assertTrue(user.verifyPassword(password));
@@ -141,9 +161,8 @@ public void testCreateUser() throws AuthenticationException, EncryptionException
 	 * @throws AuthenticationException
 	 *             the authentication exception
 	 */
-	public void testGenerateStrongPassword() throws AuthenticationException {
+	@Test public void testGenerateStrongPassword() throws AuthenticationException {
 		System.out.println("generateStrongPassword");		
-		Authenticator instance = ESAPI.authenticator();
 		String oldPassword = "iiiiiiiiii";  // i is not allowed in passwords - this prevents failures from containing pieces of old password
 		String newPassword = null;
 		String username = "FictionalEsapiUser";
@@ -171,9 +190,8 @@ public void testGenerateStrongPassword() throws AuthenticationException {
      *
      * @throws Exception
      */
-	public void testGetCurrentUser() throws Exception {
+	@Test public void testGetCurrentUser() throws Exception {
 		System.out.println("getCurrentUser");
-        Authenticator instance = ESAPI.authenticator();
 		String username1 = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
 		String username2 = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
 		User user1 = instance.createUser(username1, "getCurrentUser", "getCurrentUser");
@@ -192,21 +210,21 @@ public void testGetCurrentUser() throws Exception {
 			private int count = 1;
             private boolean result = false;
 			public void run() {
-		        Authenticator auth = ESAPI.authenticator();
 				User a = null;
 				try {
-					String password = auth.generateStrongPassword();
+					String password = instance.generateStrongPassword();
 					String accountName = "TestAccount" + count++;
-					a = auth.getUser(accountName);
+					a = instance.getUser(accountName);
 					if ( a != null ) {
-						auth.removeUser(accountName);
+					    instance.removeUser(accountName);
 					}
-					a = auth.createUser(accountName, password, password);
-					auth.setCurrentUser(a);
+					a = instance.createUser(accountName, password, password);
+					instance.setCurrentUser(a);
 				} catch (AuthenticationException e) {
-					e.printStackTrace();
+				    //Use ErrorCollector to fail test.
+                    collector.addError(e);
 				}
-				User b = auth.getCurrentUser();
+				User b = instance.getCurrentUser();
 				result &= a.equals(b);
 			}
 		};
@@ -225,9 +243,8 @@ public void run() {
 	 * @throws AuthenticationException
 	 *             the authentication exception
 	 */
-	public void testGetUser() throws AuthenticationException {
+	@Test public void testGetUser() throws AuthenticationException {
 		System.out.println("getUser");
-        Authenticator instance = ESAPI.authenticator();
 		String password = instance.generateStrongPassword();
 		String accountName=ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
 		instance.createUser(accountName, password, password);
@@ -239,10 +256,8 @@ public void testGetUser() throws AuthenticationException {
      *
      * @throws org.owasp.esapi.errors.AuthenticationException
      */
-    public void testGetUserFromRememberToken() throws AuthenticationException {
+    @Test public void testGetUserFromRememberToken() throws AuthenticationException {
 		System.out.println("getUserFromRememberToken");
-        Authenticator instance = ESAPI.authenticator();
-        instance.logout();  // in case anyone is logged in
 		String password = instance.generateStrongPassword();
 		String accountName=ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
 		User user = instance.createUser(accountName, password, password);
@@ -255,6 +270,7 @@ public void testGetUserFromRememberToken() throws AuthenticationException {
 		request.setCookie( HTTPUtilities.REMEMBER_TOKEN_COOKIE_NAME, "ridiculous" );
 		try {
 			instance.login( request, response );  // wrong cookie will fail
+			fail();
 		} catch( AuthenticationException e ) {
 			// expected
 		}
@@ -278,10 +294,9 @@ public void testGetUserFromRememberToken() throws AuthenticationException {
 	 * @throws AuthenticationException
 	 *             the authentication exception
 	 */
-	public void testGetUserFromSession() throws AuthenticationException {
+	@Test public void testGetUserFromSession() throws AuthenticationException {
 		System.out.println("getUserFromSession");
-        FileBasedAuthenticator instance = (FileBasedAuthenticator)ESAPI.authenticator();
-        instance.logout();  // in case anyone is logged in
+		assumeTrue(instance instanceof FileBasedAuthenticator);
 		String accountName=ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
 		String password = instance.generateStrongPassword();
 		User user = instance.createUser(accountName, password, password);
@@ -292,7 +307,7 @@ public void testGetUserFromSession() throws AuthenticationException {
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		ESAPI.httpUtilities().setCurrentHTTP( request, response );
 		instance.login( request, response);
-		User test = instance.getUserFromSession();
+		User test = ((FileBasedAuthenticator)instance).getUserFromSession();
 		assertEquals( user, test );
 	}
 
@@ -302,9 +317,8 @@ public void testGetUserFromSession() throws AuthenticationException {
 	 * @throws AuthenticationException
 	 *             the authentication exception
 	 */
-	public void testGetUserNames() throws AuthenticationException {
+	@Test public void testGetUserNames() throws AuthenticationException {
 		System.out.println("getUserNames");
-        Authenticator instance = ESAPI.authenticator();
 		String password = instance.generateStrongPassword();
 		String[] testnames = new String[10];
 		for(int i=0;i<testnames.length;i++) {
@@ -324,11 +338,10 @@ public void testGetUserNames() throws AuthenticationException {
      *
      * @throws EncryptionException
      */
-	public void testHashPassword() throws EncryptionException {
+	@Test public void testHashPassword() throws EncryptionException {
 		System.out.println("hashPassword");
 		String username = "Jeff";
 		String password = "test";
-        Authenticator instance = ESAPI.authenticator();
 		String result1 = instance.hashPassword(password, username);
 		String result2 = instance.hashPassword(password, username);
 		assertTrue(result1.equals(result2));
@@ -340,9 +353,8 @@ public void testHashPassword() throws EncryptionException {
 	 * @throws AuthenticationException
 	 *             the authentication exception
 	 */
-	public void testLogin() throws AuthenticationException {
+	@Test public void testLogin() throws AuthenticationException {
 		System.out.println("login");
-        Authenticator instance = ESAPI.authenticator();
         String username = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
 		String password = instance.generateStrongPassword();
 		User user = instance.createUser(username, password, password);
@@ -351,8 +363,10 @@ public void testLogin() throws AuthenticationException {
 		request.addParameter("username", username);
 		request.addParameter("password", password);
 		MockHttpServletResponse response = new MockHttpServletResponse();
+		ESAPI.httpUtilities().setCurrentHTTP(request, response);
 		User test = instance.login( request, response);
 		assertTrue( test.isLoggedIn() );
+		assertSame(user, test);
 	}
 	
 	/**
@@ -361,10 +375,9 @@ public void testLogin() throws AuthenticationException {
 	 * @throws Exception
 	 *             the exception
 	 */
-	public void testRemoveUser() throws Exception {
+	@Test public void testRemoveUser() throws Exception {
 		System.out.println("removeUser");
 		String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-        Authenticator instance = ESAPI.authenticator();
 		String password = instance.generateStrongPassword();
 		instance.createUser(accountName, password, password);
 		assertTrue( instance.exists(accountName));
@@ -378,13 +391,13 @@ public void testRemoveUser() throws Exception {
 	 * @throws Exception
 	 *             the exception
 	 */
-	public void testSaveUsers() throws Exception {
+	@Test public void testSaveUsers() throws Exception {
 		System.out.println("saveUsers");
+		assumeTrue(instance instanceof FileBasedAuthenticator);
 		String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-        FileBasedAuthenticator instance = (FileBasedAuthenticator)ESAPI.authenticator();
 		String password = instance.generateStrongPassword();
 		instance.createUser(accountName, password, password);
-		instance.saveUsers();
+		((FileBasedAuthenticator)instance).saveUsers();
 		assertNotNull( instance.getUser(accountName) );
 		instance.removeUser(accountName);
 		assertNull( instance.getUser(accountName) );
@@ -396,10 +409,10 @@ public void testSaveUsers() throws Exception {
 	 * 
 	 * @throws AuthenticationException
 	 *             the authentication exception
+	 * @throws InterruptedException Thrown if test is interrupted while awaiting completion of child threads.
 	 */
-	public void testSetCurrentUser() throws AuthenticationException {
+	@Test public void testSetCurrentUser() throws AuthenticationException, InterruptedException {
 		System.out.println("setCurrentUser");
-        final Authenticator instance = ESAPI.authenticator();
 		String user1 = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_UPPERS);
 		String user2 = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_UPPERS);
 		User userOne = instance.createUser(user1, "getCurrentUser", "getCurrentUser");
@@ -413,7 +426,7 @@ public void testSetCurrentUser() throws AuthenticationException {
 		User userTwo = instance.createUser(user2, "getCurrentUser", "getCurrentUser");		
 		instance.setCurrentUser( userTwo );
 		assertFalse( currentUser.getAccountName().equals( userTwo.getAccountName() ) );
-		
+		final CountDownLatch latch = new CountDownLatch(10);
 		Runnable echo = new Runnable() {
 			private int count = 1;
 			public void run() {
@@ -423,15 +436,21 @@ public void run() {
 					u = instance.createUser("test" + count++, password, password);
 					instance.setCurrentUser(u);
 					ESAPI.getLogger("test").info( Logger.SECURITY_SUCCESS, "Got current user" );
-					// ESAPI.authenticator().removeUser( u.getAccountName() );
+					//If the user isn't removed every subsequent execution will fail because we cannot create a duplicate user of the same name!
+                    instance.removeUser( u.getAccountName() );
 				} catch (AuthenticationException e) {
-					e.printStackTrace();
-				}
+				    collector.addError(e);
+                } finally {
+                    latch.countDown();
+                }
 			}
 		};
 		for ( int i = 0; i<10; i++ ) {
 			new Thread( echo ).start();
 		}
+		while(!latch.await(500, TimeUnit.MILLISECONDS)) {
+            //Spurious Interrupt Guard. 
+        }
 	}
 	
 
@@ -441,9 +460,8 @@ public void run() {
 	 * @throws AuthenticationException
 	 *             the authentication exception
 	 */
-	public void testSetCurrentUserWithRequest() throws AuthenticationException {
+	@Test public void testSetCurrentUserWithRequest() throws AuthenticationException {
 		System.out.println("setCurrentUser(req,resp)");
-        Authenticator instance = ESAPI.authenticator();
         instance.logout();  // in case anyone is logged in
 		String password = instance.generateStrongPassword();
 		String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
@@ -453,26 +471,33 @@ public void testSetCurrentUserWithRequest() throws AuthenticationException {
 		request.addParameter("username", accountName);
 		request.addParameter("password", password);
 		MockHttpServletResponse response = new MockHttpServletResponse();
-		instance.login( request, response );
-		assertEquals( user, instance.getCurrentUser() );
+		ESAPI.httpUtilities().setCurrentHTTP(request, response);
+        User loggedIn = instance.login( request, response );
+        User currentUser = instance.getCurrentUser();
+        assertTrue(loggedIn.isLoggedIn());
+        assertSame(currentUser, loggedIn);
+        assertSame(user, loggedIn);
 		try {
 			user.disable();
 			instance.login( request, response );
-		} catch( Exception e ) {
+			fail();
+		} catch( AuthenticationException e ) {
 			// expected
 		}
 		try {
 			user.enable();
 			user.lock();
 			instance.login( request, response );
-		} catch( Exception e ) {
+			fail();
+		} catch( AuthenticationException e ) {
 			// expected
 		}
 		try {
 			user.unlock();
 			user.setExpirationTime( new Date() );
 			instance.login( request, response );
-		} catch( Exception e ) {
+			fail();
+		} catch( AuthenticationException e ) {
 			// expected
 		}
 	}
@@ -486,9 +511,8 @@ public void testSetCurrentUserWithRequest() throws AuthenticationException {
 	 * @throws AuthenticationException
 	 *             the authentication exception
 	 */
-	public void testValidatePasswordStrength() throws AuthenticationException {
+	@Test public void testValidatePasswordStrength() throws AuthenticationException {
 		System.out.println("validatePasswordStrength");
-        Authenticator instance = ESAPI.authenticator();
         
         String username = "FictionalEsapiUser";
 		User user = new DefaultUser(username);
@@ -572,10 +596,9 @@ public void testValidatePasswordStrength() throws AuthenticationException {
 	 * @throws Exception
 	 *             the exception
 	 */
-	public void testExists() throws Exception {
+	@Test public void testExists() throws Exception {
 		System.out.println("exists");
 		String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-        Authenticator instance = ESAPI.authenticator();
 		String password = instance.generateStrongPassword();
 		instance.createUser(accountName, password, password);
 		assertTrue(instance.exists(accountName));
@@ -587,9 +610,8 @@ public void testExists() throws Exception {
      * Test of main method, of class org.owasp.esapi.Authenticator.
      * @throws Exception
      */
-    public void testMain() throws Exception {
+    @Test public void testMain() throws Exception {
         System.out.println("Authenticator Main");
-        Authenticator instance = ESAPI.authenticator();
         String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
         String password = instance.generateStrongPassword();
         String role = "test";

From 16f93257a6a1b13093db9ba4f00bbc13138ae7df Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Thu, 21 Jan 2016 16:03:34 -0600
Subject: [PATCH 352/812] Added missing call (?) to HttpUtilitiesTest to set
 the current request.  Refactored AbstractAuthenticator to make the method
 call transactional.

---
 .../reference/AbstractAuthenticator.java      |  4 +-
 .../esapi/reference/HTTPUtilitiesTest.java    | 37 +++++++++++++------
 2 files changed, 29 insertions(+), 12 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/AbstractAuthenticator.java b/src/main/java/org/owasp/esapi/reference/AbstractAuthenticator.java
index 780181971..d7de99f04 100644
--- a/src/main/java/org/owasp/esapi/reference/AbstractAuthenticator.java
+++ b/src/main/java/org/owasp/esapi/reference/AbstractAuthenticator.java
@@ -96,7 +96,9 @@ public User getCurrentUser() {
      * @return the user from session or null if no user is found in the session
      */
     protected User getUserFromSession() {
-        HttpSession session = ESAPI.httpUtilities().getCurrentRequest().getSession(false);
+    	HTTPUtilities httpUtils = ESAPI.httpUtilities();
+    	HttpServletRequest req = httpUtils.getCurrentRequest();
+        HttpSession session = req.getSession(false);
         if (session == null) return null;
         return ESAPI.httpUtilities().getSessionAttribute(USER);
     }
diff --git a/src/test/java/org/owasp/esapi/reference/HTTPUtilitiesTest.java b/src/test/java/org/owasp/esapi/reference/HTTPUtilitiesTest.java
index d86f98ba4..5dadd5ce3 100644
--- a/src/test/java/org/owasp/esapi/reference/HTTPUtilitiesTest.java
+++ b/src/test/java/org/owasp/esapi/reference/HTTPUtilitiesTest.java
@@ -15,24 +15,38 @@
  */
 package org.owasp.esapi.reference;
 
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-import org.owasp.esapi.*;
+import java.io.File;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+
+import org.owasp.esapi.Authenticator;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.EncoderConstants;
+import org.owasp.esapi.HTTPUtilities;
+import org.owasp.esapi.User;
 import org.owasp.esapi.codecs.Hex;
 import org.owasp.esapi.crypto.CipherText;
-import org.owasp.esapi.errors.*;
+import org.owasp.esapi.errors.AccessControlException;
+import org.owasp.esapi.errors.AuthenticationException;
+import org.owasp.esapi.errors.EncryptionException;
+import org.owasp.esapi.errors.EnterpriseSecurityException;
+import org.owasp.esapi.errors.ValidationException;
 import org.owasp.esapi.http.MockHttpServletRequest;
 import org.owasp.esapi.http.MockHttpServletResponse;
 import org.owasp.esapi.http.MockHttpSession;
 import org.owasp.esapi.util.FileTestUtils;
 
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
-import java.io.File;
-import java.io.IOException;
-import java.util.*;
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
 
 /**
  * The Class HTTPUtilitiesTest.
@@ -462,6 +476,7 @@ public void testSetRememberToken() throws AuthenticationException {
 		request.addParameter("username", accountName);
 		request.addParameter("password", password);
 		MockHttpServletResponse response = new MockHttpServletResponse();
+		ESAPI.httpUtilities().setCurrentHTTP(request, response);
 		instance.login( request, response);
 
 		int maxAge = ( 60 * 60 * 24 * 14 );

From 2dfd89195cb7f4c3a81ec939db93dda6a5a4086d Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Thu, 21 Jan 2016 22:55:35 -0500
Subject: [PATCH 353/812] Ignore *.iml files which are config files from
 InteliJ IDE.

---
 .gitignore | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.gitignore b/.gitignore
index cc8990967..65ac7f40a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,3 +4,4 @@
 .project
 *.swp
 *~
+*.iml

From 7d3b4f3e83185254142068faff5bcdb7396bde74 Mon Sep 17 00:00:00 2001
From: "Kevin W. Wall" <kevin.w.wall@gmail.com>
Date: Thu, 21 Jan 2016 22:58:18 -0500
Subject: [PATCH 354/812] Delete esapi.iml

This is a config file from InteliJ IDE and does not belong with the ESAPI repo. We did the same for the Eclipse config files.
---
 esapi.iml | 48 ------------------------------------------------
 1 file changed, 48 deletions(-)
 delete mode 100644 esapi.iml

diff --git a/esapi.iml b/esapi.iml
deleted file mode 100644
index 5729ef276..000000000
--- a/esapi.iml
+++ /dev/null
@@ -1,48 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<module org.jetbrains.idea.maven.project.MavenProjectsManager.isMavenModule="true" type="JAVA_MODULE" version="4">
-  <component name="NewModuleRootManager" LANGUAGE_LEVEL="JDK_1_5" inherit-compiler-output="false">
-    <output url="file://$MODULE_DIR$/target/classes" />
-    <output-test url="file://$MODULE_DIR$/target/test-classes" />
-    <content url="file://$MODULE_DIR$">
-      <sourceFolder url="file://$MODULE_DIR$/src/main/java" isTestSource="false" />
-      <sourceFolder url="file://$MODULE_DIR$/src/test/java" isTestSource="true" />
-      <sourceFolder url="file://$MODULE_DIR$/src/test/resources" isTestSource="true" />
-      <excludeFolder url="file://$MODULE_DIR$/target" />
-    </content>
-    <orderEntry type="inheritedJdk" />
-    <orderEntry type="sourceFolder" forTests="false" />
-    <orderEntry type="library" name="Maven: commons-configuration:commons-configuration:1.5" level="project" />
-    <orderEntry type="library" name="Maven: commons-collections:commons-collections:3.2" level="project" />
-    <orderEntry type="library" name="Maven: commons-lang:commons-lang:2.3" level="project" />
-    <orderEntry type="library" name="Maven: commons-logging:commons-logging:1.1" level="project" />
-    <orderEntry type="library" name="Maven: log4j:log4j:1.2.16" level="project" />
-    <orderEntry type="library" name="Maven: logkit:logkit:1.0.1" level="project" />
-    <orderEntry type="library" name="Maven: avalon-framework:avalon-framework:4.1.3" level="project" />
-    <orderEntry type="library" scope="PROVIDED" name="Maven: javax.servlet:servlet-api:2.4" level="project" />
-    <orderEntry type="library" name="Maven: commons-digester:commons-digester:1.8" level="project" />
-    <orderEntry type="library" name="Maven: commons-beanutils:commons-beanutils:1.7.0" level="project" />
-    <orderEntry type="library" name="Maven: commons-beanutils:commons-beanutils-core:1.7.0" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: junit:junit:4.4" level="project" />
-    <orderEntry type="library" scope="PROVIDED" name="Maven: javax.servlet:jsp-api:2.0" level="project" />
-    <orderEntry type="library" name="Maven: commons-fileupload:commons-fileupload:1.2" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: commons-io:commons-io:1.3" level="project" />
-    <orderEntry type="library" name="Maven: xom:xom:1.1" level="project" />
-    <orderEntry type="library" name="Maven: xerces:xmlParserAPIs:2.6.2" level="project" />
-    <orderEntry type="library" name="Maven: xerces:xercesImpl:2.6.2" level="project" />
-    <orderEntry type="library" name="Maven: xalan:xalan:2.7.0" level="project" />
-    <orderEntry type="library" name="Maven: xml-apis:xml-apis:1.0.b2" level="project" />
-    <orderEntry type="library" name="Maven: jaxen:jaxen:1.1-beta-8" level="project" />
-    <orderEntry type="library" name="Maven: dom4j:dom4j:1.6.1" level="project" />
-    <orderEntry type="library" name="Maven: jdom:jdom:1.0" level="project" />
-    <orderEntry type="library" name="Maven: org.beanshell:bsh-core:2.0b4" level="project" />
-    <orderEntry type="library" name="Maven: org.owasp.antisamy:antisamy:1.4.3" level="project" />
-    <orderEntry type="library" name="Maven: org.apache.xmlgraphics:batik-css:1.7" level="project" />
-    <orderEntry type="library" name="Maven: org.apache.xmlgraphics:batik-ext:1.7" level="project" />
-    <orderEntry type="library" name="Maven: org.apache.xmlgraphics:batik-util:1.7" level="project" />
-    <orderEntry type="library" name="Maven: xml-apis:xml-apis-ext:1.3.04" level="project" />
-    <orderEntry type="library" name="Maven: net.sourceforge.nekohtml:nekohtml:1.9.12" level="project" />
-    <orderEntry type="library" name="Maven: commons-httpclient:commons-httpclient:3.1" level="project" />
-    <orderEntry type="library" name="Maven: commons-codec:commons-codec:1.2" level="project" />
-  </component>
-</module>
-

From 49dfc9c9816d468a7b7a94c0d43e1bb2e6d4227a Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Thu, 21 Jan 2016 23:43:18 -0500
Subject: [PATCH 355/812] Change version from 2.1.1-SNAPSHOT to
 2.1.0.1-SNAPSHOT

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 4459f4b90..2f41f7705 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,7 +3,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.owasp.esapi</groupId>
     <artifactId>esapi</artifactId>
-    <version>2.1.1-SNAPSHOT</version>
+    <version>2.1.0.1-SNAPSHOT</version>
     <packaging>jar</packaging>
 
     <prerequisites>

From d5306d69bf881f44e45490285812500dd99159ca Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Sun, 24 Jan 2016 11:37:31 -0600
Subject: [PATCH 356/812] Changed the RandomizerTest failure into a System.err
 report for randomness counts.  JUnit has no equivalent for "WARN".

---
 .../java/org/owasp/esapi/reference/RandomizerTest.java     | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/test/java/org/owasp/esapi/reference/RandomizerTest.java b/src/test/java/org/owasp/esapi/reference/RandomizerTest.java
index 32ce1cb0e..b73a0241d 100644
--- a/src/test/java/org/owasp/esapi/reference/RandomizerTest.java
+++ b/src/test/java/org/owasp/esapi/reference/RandomizerTest.java
@@ -97,7 +97,12 @@ public void testGetRandomString() {
         	if ( counts[i] > max ) { max = counts[i]; } 
         	if ( counts[i] > 0 && counts[i] < min ) { min = counts[i]; }
         	if ( max - min > trials/10 ) {
-        		fail( "getRandomString randomness counts are off" );
+        		System.err.println("*** WARNING: RandomizerTest.testGetRandomString(): " +
+                        "Randomness counts are off. This may be simply from " +
+                        "statistical variance or it could signify a flaw in " +
+                        "Randomizer.getRandomString(). Repeat this test " +
+                        "multiple times and if you get repeated warnings " +
+                        "you should assume the latter and investigate further.");
         	}
         }
     }

From 6438ad007b202c563ceda080429ea77a66d5d6ed Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sat, 30 Jan 2016 23:38:45 -0500
Subject: [PATCH 357/812] Change Google Code references to GitHub.

---
 pom.xml | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/pom.xml b/pom.xml
index 2f41f7705..f867c9b1a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -30,7 +30,7 @@
     </licenses>
 
     <name>ESAPI</name>
-    <url>http://www.esapi.org/</url>
+    <url>https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API</url>
     <description>The Enterprise Security API (ESAPI) project is an OWASP project
         to create simple strong security controls for every web platform.
         Security controls are not simple to build. You can read about the
@@ -70,14 +70,14 @@
     </mailingLists>
 
     <scm>
-        <connection>scm:svn:http://owasp-esapi-java.googlecode.com/svn/trunk</connection>
-        <developerConnection>scm:svn:https://owasp-esapi-java.googlecode.com/svn/trunk</developerConnection>
-        <url>http://code.google.com/p/owasp-esapi-java/source/checkout</url>
+        <connection>scm:git:git://github.com/ESAPI/esapi-java-legacy.git</connection>
+        <developerConnection>scm:git:git@github.com:ESAPI/esapi-java-legacy.git</developerConnection>
+        <url>https://github.com/ESAPI/esapi-java-legacy</url>
     </scm>
 
     <issueManagement>
-        <system>Google Code Issue Tracking</system>
-        <url>http://code.google.com/p/owasp-esapi-java/issues/list</url>
+        <system>GitHub Issue Tracking</system>
+        <url>https://github.com/ESAPI/esapi-java-legacy/issues</url>
     </issueManagement>
 
     <developers>
@@ -92,14 +92,14 @@
             <name>Chris Schmidt</name>
             <organization>Aspect Security</organization>
             <roles>
-                <role>Project Owner</role>
+                <role>Project Co-owner</role>
             </roles>
         </developer>
         <developer>
             <name>Kevin W. Wall</name>
             <organization>Wells Fargo</organization>
             <roles>
-                <role>Project Manager</role>
+                <role>Project Co-owner</role>
             </roles>
         </developer>
     </developers>

From b7cbc53f9cc967cf1a5a9463d8c6fef9ed6ef4f7 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 31 Jan 2016 01:56:59 -0500
Subject: [PATCH 358/812] Close #306. Close #359

---
 .../org/owasp/esapi/codecs/PercentCodec.java  |  12 +-
 .../owasp/esapi/codecs/CodecImmunityTest.java | 138 ++++++++++++++++++
 2 files changed, 149 insertions(+), 1 deletion(-)
 create mode 100644 src/test/java/org/owasp/esapi/codecs/CodecImmunityTest.java

diff --git a/src/main/java/org/owasp/esapi/codecs/PercentCodec.java b/src/main/java/org/owasp/esapi/codecs/PercentCodec.java
index 3d1e76a86..42e1d040e 100644
--- a/src/main/java/org/owasp/esapi/codecs/PercentCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/PercentCodec.java
@@ -89,7 +89,12 @@ private static StringBuilder appendTwoUpperHex(StringBuilder sb, int b)
 
 	/**
 	 * Encode a character for URLs
-	 * @param immune characters not to encode
+	 * @param immune Additional characters not to encode. Note this could
+     *               break URL encoding as referenced in RFC 3986. You should
+     *               especially be wary of including '%' in this list of immune
+     *               characters since it is used as the "escape" character for
+     *               the hex encoding and including it may result in subsequent
+     *               and/or dangerous results when decoding.
 	 * @param c character to encode
 	 * @return the encoded string representing c
 	 */
@@ -99,6 +104,11 @@ public String encodeCharacter( char[] immune, Character c )
 		byte[] bytes;
 		StringBuilder sb;
 
+        // check for user specified immune characters
+        if ( immune != null && containsCharacter( c.charValue(), immune ) )
+            return cStr;
+
+        // check for standard characters (e.g., alphanumeric, etc.)
 		if(UNENCODED_SET.contains(c))
 			return cStr;
 
diff --git a/src/test/java/org/owasp/esapi/codecs/CodecImmunityTest.java b/src/test/java/org/owasp/esapi/codecs/CodecImmunityTest.java
new file mode 100644
index 000000000..7d35dc168
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/codecs/CodecImmunityTest.java
@@ -0,0 +1,138 @@
+package org.owasp.esapi.codecs;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.List;
+
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+import org.junit.runners.Parameterized.Parameters;
+import org.owasp.esapi.EncoderConstants;
+import org.owasp.esapi.StringUtilities;
+import org.owasp.esapi.codecs.*;
+
+/**
+ * Parameterized test to verify that the Immunity parameter for a codec
+ * encode/decode event works as expected on a series of special characters.
+ *  
+ * @author jeremiah.j.stacey@gmail.com
+ * @since 2.1.0.1
+ *
+ */
+@RunWith(Parameterized.class)
+public class CodecImmunityTest {
+    /** character arrays used as immunity lists from Default Encoder.*/
+    private final static char[] IMMUNE_HTML = { ',', '.', '-', '_', ' ' };
+    private final static char[] IMMUNE_HTMLATTR = { ',', '.', '-', '_' };
+    private final static char[] IMMUNE_CSS = {};
+    private final static char[] IMMUNE_JAVASCRIPT = { ',', '.', '_' };
+    private final static char[] IMMUNE_VBSCRIPT = { ',', '.', '_' };
+    private final static char[] IMMUNE_XML = { ',', '.', '-', '_', ' ' };
+    private final static char[] IMMUNE_SQL = { ' ' };
+    private final static char[] IMMUNE_OS = { '-' };
+    private final static char[] IMMUNE_XMLATTR = { ',', '.', '-', '_' };
+    private final static char[] IMMUNE_XPATH = { ',', '.', '-', '_', ' ' };
+    private final static char[] IMMUNE_PERCENT = { '%' };
+    // These are inline in the encode methods, but same principle.
+    // private final static char[] IMMUNE_LDAP = { '\\', '*', '(', ')', '\0' };
+    // private final static char[] IMMUNE_DN = { '\\', ',', '+', '"', '<', '>', ';' };
+
+
+    @Parameters(name = "{0}")
+    public static Collection<Object[]> getParams() {
+        Collection<Codec> knownCodecs = new ArrayList<Codec>();
+        knownCodecs.add(new CSSCodec());
+        knownCodecs.add(new DB2Codec());
+        knownCodecs.add(new HTMLEntityCodec());
+        knownCodecs.add(new JavaScriptCodec());
+        knownCodecs.add(new MySQLCodec(0)); //Standard
+        knownCodecs.add(new MySQLCodec(1)); //ANSI
+        knownCodecs.add(new OracleCodec());
+        knownCodecs.add(new PercentCodec());
+        knownCodecs.add(new UnixCodec());
+        knownCodecs.add(new VBScriptCodec());
+        knownCodecs.add(new WindowsCodec());
+        knownCodecs.add(new XMLEntityCodec());
+
+        // TODO:  Add more strings here!!
+        List<String> sampleStrings = Arrays.asList("%De");
+
+        Collection<Object[]> params = new ArrayList<Object[]>();
+        for (Codec codec : knownCodecs) {
+            for (String sample : sampleStrings) {
+                params.add(new Object[]{codec.getClass().getSimpleName() + " " + sample, codec, sample});
+            }
+        }
+
+        // Add Tests for codecs against the configured ImmunityLists within the Default Encoder.
+        params.addAll(buildImmunitiyValidation(new HTMLEntityCodec(), IMMUNE_HTML, "IMMUNE_HTML"));
+        params.addAll(buildImmunitiyValidation(new HTMLEntityCodec(), IMMUNE_XPATH, "IMMUNE_XPATH"));
+        params.addAll(buildImmunitiyValidation(new HTMLEntityCodec(), IMMUNE_HTMLATTR, "IMMUNE_HTMLATTR"));
+        params.addAll(buildImmunitiyValidation(new CSSCodec(), IMMUNE_CSS, "IMMUNE_CSS"));
+        //params.addAll(buildImmunitiyValidation(new DB2Codec(), IMMUNE_HTML, ""));
+        params.addAll(buildImmunitiyValidation(new JavaScriptCodec(), IMMUNE_JAVASCRIPT, "IMMUNE_JAVASCRIPT"));
+        params.addAll(buildImmunitiyValidation(new MySQLCodec(0), IMMUNE_SQL, "IMMUNE_SQL"));
+        params.addAll(buildImmunitiyValidation(new MySQLCodec(1), IMMUNE_SQL, "IMMUNE_SQL"));
+        params.addAll(buildImmunitiyValidation(new OracleCodec(), IMMUNE_HTML, "IMMUNE_HTML"));
+            // No standard Immunity char array defined for PercentEncoder, but for
+            // GitHub issues #306 and $350, we use '%'.
+        params.addAll(buildImmunitiyValidation(new PercentCodec(), IMMUNE_PERCENT, "IMMUNE_PERCENT"));
+        params.addAll(buildImmunitiyValidation(new UnixCodec(), IMMUNE_OS, "IMMUNE_OS"));
+        params.addAll(buildImmunitiyValidation(new VBScriptCodec(), IMMUNE_VBSCRIPT, "IMMUNE_VBSCRIPT"));
+        params.addAll(buildImmunitiyValidation(new WindowsCodec(), IMMUNE_OS, "IMMUNE_OS"));
+        params.addAll(buildImmunitiyValidation(new XMLEntityCodec(), IMMUNE_XML, "IMMUNE_XML"));
+        params.addAll(buildImmunitiyValidation(new XMLEntityCodec(), IMMUNE_XMLATTR, "IMMUNE_XMLATTR"));
+
+        params.addAll(fullCharacterCodecValidation(knownCodecs));
+
+        return params;
+    }
+
+    private static Collection<Object[]> buildImmunitiyValidation(Codec codec, char[] immunities, String descriptor) {
+        Collection<Object[]> params = new ArrayList<Object[]>();
+        for (char c : immunities) {
+            params.add(new Object[]{codec.getClass().getSimpleName() + " " + descriptor + " ("+ c + ")", codec, String.valueOf(c)});
+        }
+        return params;
+    }
+
+    private static Collection<Object[]> fullCharacterCodecValidation(Collection<Codec> codecs) {
+        char[] holyCowTesting = StringUtilities.union(EncoderConstants.CHAR_ALPHANUMERICS, EncoderConstants.CHAR_SPECIALS); 
+        Collection<Object[]> params = new ArrayList<Object[]>();
+        for (Codec codec: codecs) {
+            params.addAll(buildImmunitiyValidation(codec, holyCowTesting, "Full_ALPHA_AND_SPECIALS"));
+        }
+
+        return params;
+    }
+
+    private final Codec codec;
+    private final String string;
+    private final char[] immunityList;
+
+    public CodecImmunityTest(String ignored, Codec codec, String toTest) {
+        this.codec = codec;
+        this.string = toTest;
+        /**
+         * The Immunity character array is every character in the String we're testing.
+         * 
+         */
+        this.immunityList = toTest.toCharArray();
+    }
+
+    @Test
+    public void testImmuneEncode() {
+        String encoded = codec.encode(immunityList, string);
+        Assert.assertEquals(string, encoded);
+    }
+    /*
+    @Test
+    public void testImmuneDecode() {
+        String decoded = codec.decode(string);
+        Assert.assertEquals(string, decoded);
+    }
+*/
+}

From 436549341d14f34538cbff4232d8f349803bb19e Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 31 Jan 2016 13:38:06 -0500
Subject: [PATCH 359/812] Close #261.

---
 .../java/org/owasp/esapi/filters/SecurityWrapperResponse.java   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java b/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java
index a57e743f5..9dd0632ce 100644
--- a/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java
+++ b/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java
@@ -172,7 +172,7 @@ public void addHeader(String name, String value) {
             String strippedValue = StringUtilities.stripControls(value);
             String safeName = ESAPI.validator().getValidInput("addHeader", strippedName, "HTTPHeaderName", 20, false);
             String safeValue = ESAPI.validator().getValidInput("addHeader", strippedValue, "HTTPHeaderValue", ESAPI.securityConfiguration().getMaxHttpHeaderSize(), false);
-            getHttpServletResponse().setHeader(safeName, safeValue);
+            getHttpServletResponse().addHeader(safeName, safeValue);
         } catch (ValidationException e) {
             logger.warning(Logger.SECURITY_FAILURE, "Attempt to add invalid header denied", e);
         }

From fb711682e97da692599c6f0769dfc7cfdbc16e87 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 31 Jan 2016 18:47:00 -0500
Subject: [PATCH 360/812] Close issue #288.

---
 src/test/java/org/owasp/esapi/reference/UserTest.java | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/test/java/org/owasp/esapi/reference/UserTest.java b/src/test/java/org/owasp/esapi/reference/UserTest.java
index 27e5b617c..e2cf8aa6a 100644
--- a/src/test/java/org/owasp/esapi/reference/UserTest.java
+++ b/src/test/java/org/owasp/esapi/reference/UserTest.java
@@ -163,6 +163,13 @@ public void testChangePassword() throws Exception {
 		} catch( AuthenticationException e ) {
 			// expected
 		}
+		try {
+			// Test for GitHub issue 288
+			user.changePassword(password2, oldPassword, oldPassword);
+			fail("Shouldn't be able to reuse original (initial) password.")
+		} catch( AuthenticationException e ) {
+			// expected
+		}
 		assertTrue(user.verifyPassword(password2));
 		assertFalse(user.verifyPassword("badpass"));
 	}

From f6d7a61e1dda3b18bbf4f7ed748e4747412f9acb Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 31 Jan 2016 18:51:45 -0500
Subject: [PATCH 361/812] Close issue #288.

---
 src/test/java/org/owasp/esapi/reference/UserTest.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/test/java/org/owasp/esapi/reference/UserTest.java b/src/test/java/org/owasp/esapi/reference/UserTest.java
index e2cf8aa6a..3bad13287 100644
--- a/src/test/java/org/owasp/esapi/reference/UserTest.java
+++ b/src/test/java/org/owasp/esapi/reference/UserTest.java
@@ -166,7 +166,7 @@ public void testChangePassword() throws Exception {
 		try {
 			// Test for GitHub issue 288
 			user.changePassword(password2, oldPassword, oldPassword);
-			fail("Shouldn't be able to reuse original (initial) password.")
+			fail("Shouldn't be able to reuse original (initial) password.");
 		} catch( AuthenticationException e ) {
 			// expected
 		}

From 7943011198b980d323c436b36bf9e965c5271d6c Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 31 Jan 2016 19:12:55 -0500
Subject: [PATCH 362/812] Comment out previously proposed test changes. See
 comments in GitHub issue history for reason.

---
 .../java/org/owasp/esapi/reference/UserTest.java  | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/reference/UserTest.java b/src/test/java/org/owasp/esapi/reference/UserTest.java
index 3bad13287..201383c38 100644
--- a/src/test/java/org/owasp/esapi/reference/UserTest.java
+++ b/src/test/java/org/owasp/esapi/reference/UserTest.java
@@ -163,13 +163,14 @@ public void testChangePassword() throws Exception {
 		} catch( AuthenticationException e ) {
 			// expected
 		}
-		try {
-			// Test for GitHub issue 288
-			user.changePassword(password2, oldPassword, oldPassword);
-			fail("Shouldn't be able to reuse original (initial) password.");
-		} catch( AuthenticationException e ) {
-			// expected
-		}
+        // Invalid test until we implement an actual password history!
+		// try {
+		// 	// Test for GitHub issue 288
+		// 	user.changePassword(password2, oldPassword, oldPassword);
+		// 	fail("Shouldn't be able to reuse original (initial) password.");
+		// } catch( AuthenticationException e ) {
+		//  // expected
+		// }
 		assertTrue(user.verifyPassword(password2));
 		assertFalse(user.verifyPassword("badpass"));
 	}

From 46a625ca24216c72830e6a8bf26a0441237ca593 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 31 Jan 2016 21:45:48 -0500
Subject: [PATCH 363/812] Close #287.

---
 .../org/owasp/esapi/reference/FileBasedAuthenticator.java   | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/FileBasedAuthenticator.java b/src/main/java/org/owasp/esapi/reference/FileBasedAuthenticator.java
index 0077e6908..cee3685ad 100644
--- a/src/main/java/org/owasp/esapi/reference/FileBasedAuthenticator.java
+++ b/src/main/java/org/owasp/esapi/reference/FileBasedAuthenticator.java
@@ -161,12 +161,12 @@ String getHashedPassword(User user) {
      * Set the specified User's old password hashes.  This will not set the User's current password hash.
      *
      * @param user      the User whose old password hashes will be set
-     * @param oldHashes a list of the User's old password hashes     *
+     * @param oldHashes a list of the User's old password hashes
      */
     void setOldPasswordHashes(User user, List<String> oldHashes) {
         List<String> hashes = getAllHashedPasswords(user, true);
         if (hashes.size() > 1) {
-            hashes.removeAll(hashes.subList(1, hashes.size() - 1));
+            hashes.removeAll(hashes.subList(1, hashes.size()));
         }
         hashes.addAll(oldHashes);
     }
@@ -205,7 +205,7 @@ List<String> getAllHashedPasswords(User user, boolean create) {
     List<String> getOldPasswordHashes(User user) {
         List<String> hashes = getAllHashedPasswords(user, false);
         if (hashes.size() > 1) {
-            return Collections.unmodifiableList(hashes.subList(1, hashes.size() - 1));
+            return Collections.unmodifiableList(hashes.subList(1, hashes.size()));
         }
         return Collections.emptyList();
     }

From f4ce180c9aab7103f9f1d6c90630267a3257025c Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 31 Jan 2016 21:46:58 -0500
Subject: [PATCH 364/812] Close issue #288. No, really! This time I *mean* it.
 :)

---
 .../org/owasp/esapi/reference/UserTest.java     | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/reference/UserTest.java b/src/test/java/org/owasp/esapi/reference/UserTest.java
index 201383c38..e091526ea 100644
--- a/src/test/java/org/owasp/esapi/reference/UserTest.java
+++ b/src/test/java/org/owasp/esapi/reference/UserTest.java
@@ -163,14 +163,15 @@ public void testChangePassword() throws Exception {
 		} catch( AuthenticationException e ) {
 			// expected
 		}
-        // Invalid test until we implement an actual password history!
-		// try {
-		// 	// Test for GitHub issue 288
-		// 	user.changePassword(password2, oldPassword, oldPassword);
-		// 	fail("Shouldn't be able to reuse original (initial) password.");
-		// } catch( AuthenticationException e ) {
-		//  // expected
-		// }
+		try {
+			// Test for GitHub issue 288; note that GitHub issue 287
+			// needed fixed first, because that's what made the password
+			// history work!
+			user.changePassword(password2, oldPassword, oldPassword);
+			fail("Shouldn't be able to reuse original (initial) password.");
+		} catch( AuthenticationException e ) {
+			// expected
+		}
 		assertTrue(user.verifyPassword(password2));
 		assertFalse(user.verifyPassword("badpass"));
 	}

From e9d0328a59cebd3e36972b965f7176fc3a135cf7 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 31 Jan 2016 22:27:40 -0500
Subject: [PATCH 365/812] Close issue #276.

---
 .../java/org/owasp/esapi/reference/DefaultExecutor.java     | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/DefaultExecutor.java b/src/main/java/org/owasp/esapi/reference/DefaultExecutor.java
index f948ad8ca..eabb840cb 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultExecutor.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultExecutor.java
@@ -143,9 +143,9 @@ public ExecuteResult executeSystemCommand(File executable, List params, File wor
             pb.redirectErrorStream(redirectErrorStream);
 
             if ( logParams ) {
-            	logger.warning(Logger.SECURITY_SUCCESS, "Initiating executable: " + executable + " " + params + " in " + workdir);
+            	logger.debug(Logger.SECURITY_SUCCESS, "Initiating executable: " + executable + " " + params + " in " + workdir);
             } else {
-            	logger.warning(Logger.SECURITY_SUCCESS, "Initiating executable: " + executable + " [sensitive parameters obscured] in " + workdir);
+            	logger.debug(Logger.SECURITY_SUCCESS, "Initiating executable: " + executable + " [sensitive parameters obscured] in " + workdir);
             }
 
             final StringBuilder outputBuffer = new StringBuilder();
@@ -187,7 +187,7 @@ public ExecuteResult executeSystemCommand(File executable, List params, File wor
             	logger.warning( Logger.EVENT_FAILURE, "System command exited with non-zero status: " + exitValue );
             }
 
-            logger.warning(Logger.SECURITY_SUCCESS, "System command complete");
+            logger.debug(Logger.SECURITY_SUCCESS, "System command complete");
             return new ExecuteResult(exitValue, output, errors);
         } catch (IOException e) {
             throw new ExecutorException("Execution failure", "Exception thrown during execution of system command: " + e.getMessage(), e);

From 82b82e952c55dcaddf6f5fe1b0df907c7673e0c1 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 31 Jan 2016 22:54:46 -0500
Subject: [PATCH 366/812] Tentative 2.1.0.1 release notes.

---
 .../esapi4java-core-2.1.0.1-release-notes.txt | 126 ++++++++++++++++++
 1 file changed, 126 insertions(+)
 create mode 100644 documentation/esapi4java-core-2.1.0.1-release-notes.txt

diff --git a/documentation/esapi4java-core-2.1.0.1-release-notes.txt b/documentation/esapi4java-core-2.1.0.1-release-notes.txt
new file mode 100644
index 000000000..0820404d8
--- /dev/null
+++ b/documentation/esapi4java-core-2.1.0.1-release-notes.txt
@@ -0,0 +1,126 @@
+Release notes for ESAPI 2.1.0.1
+    Release date: 2016-Feb-??
+    -Kevin W. Wall <kevin.w.wall@gmail.com>
+
+Previous release: ESAPI 2.1.0, Sept 2013
+
+
+-----------------------------------------------------------------------------
+                GitHub Issues fixed in this release:
+                          35 issues closed
+
+32 - URLs in doc for HTTPUtilities.setNoCacheHeaders are wrong
+58 - Separate Crypto Related Properties into Separate File
+     Fixed as part of issue #350. Can be addressed by placing sensitive
+     ESAPI crypto properties into a separate properties file controlled by
+     the operations team and not checked into your SCM. For further details,
+     see documentation/ESAPI-configuration-user-guide.md and use system property
+     org.owasp.esapi.opsteam.
+96 - Need validation configuration enhancements
+103 - Make ESAPI configuration XML
+200 - DefaultHttpUtilities.sendRedirect should throw AccessControlException, not IOException
+205 - BaseValidationRule.assertValid(String context, String input) causes NPE if input is not valid.
+221 - IntrusionException should extend EnterpriseRuntimeException
+229 - printStackTrace when loading configuration file
+237 - how can we use esapi in java for validation,please see files attached containing java code and for errors
+261 - Could not set multiple cookies one by one at single request
+275 - Log4JLogger.java doesn't output correct file & line number because FQCN isn't forwarded to Log4J
+276 - Patch for /branches/2.1/src/main/java/org/owasp/esapi/reference/DefaultExecutor.java
+287 - Patch for /branches/2.1/src/main/java/org/owasp/esapi/reference/FileBasedAuthenticator.java
+288 - Patch for /trunk/src/test/java/org/owasp/esapi/reference/UserTest.java
+289 - ClickjackFilter after doFilter
+306 - Canonicalizing "&#37;Device&#37; changes the meaning of the input string
+313 - Insecure default configuation for Executor.ApprovedExecutables in ESAPI.properties file
+315 - ValidatorTest.testIsValidDate fails if default locale is not US
+318 - Incorrect Equality test on floating point values
+319 - Resource leak: FileInputStream is not closed on method exit
+321 - Unsynchronized get method, synchronized set method
+322 - RequestRateThrottleFilter may not work as expected with hits=1 or hits=2
+323 - PolicyFactory Sanitize method weird output
+328 - StringUtils.union broken which has minor impact on CSRF Protection and random file name generation
+330 - setHeader blocks legitimate headers due to header name size limit being too low
+331 - Log4j configuration with no root level causes NPE in Log4jLogger.java
+334 - Regex in ESAPI.properties is not considering few of the french characters
+336 - Log4JLogger.java doesn't output correct file & line number-Similar issue as reported in Issue 268
+344 - JUnit test failure in ValidatorTest.testGetValidSafeHTML()
+345 - JUnit test failure in ValidatorTest.testIsValidDate()
+347 - Fixes #345 - JUnit test failure in ValidatorTest.testIsValidDate()
+349 - Package correctly the esapi.tld into ESAPI jar
+350 - [ESAPI Spring Code Sprint – May / June 2015] Implementation of requirements
+351 - getHeader length limit error
+354 - Add stern javadoc warning about Base64.decodeToObject() being unsafe and mark method as deprecated.
+      Note: This method no longer functions unless the system property org.owasp.esapi.enableUnsafeSerialization
+      is set to "true". This breaks backward compatibility in favor of taking a more secure posture.
+355 - Temp files created by org.owasp.esapi.waf.internal.InterceptingServletOutputStream not removed by WAF JUnit tests
+356 - Make end-of-line terminators consistent for .java, .xml, and other ESAPI source files.
+359 - CodecTest unit tests never test with a populated char array.
+
+
+-----------------------------------------------------------------------------
+
+        Other changes in this release not tracked via GitHub issues
+
+* Miscellaneous minor javadoc fixes and updates.
+* Fixed grammatical error in CipherTextSerializer class error message.
+* Upgraded versions of several ESAPI dependencies (i.e., 3rd party jars), including several that had unpatched CVEs.
+* Added the Maven plug-in for OWASP Dependency Check so 3rd party dependencies can be kept up-to-date.
+* Added .gitignore file so that certain files won't get accidentally commited such as IDE files.
+* Added .gitattributes file so to help resolve end-of-line issues. (Part of issue 356.)
+* Added new documentation (documentation/ESAPI-configuration-user-guide.md) describing new ESAPI configuration feature.
+* Changed many assertions in ESAPI crypto to explicit runtime checks that
+  throw IllegalArgumentException instead.
+
+-----------------------------------------------------------------------------
+                    ATTENTION: Other Important Notes
+
+The JUnit test AuthenticatorTest.setCurrentUser() is periodically failing
+due to an apparent race condition either in the test itself or in
+FileBasedAuthenticator. See GitHub issue #360 for details, including
+why we don't think it is worth holding up the release for.
+
+-----------------------------------------------------------------------------
+
+                Contributors for ESAPI 2.1.0.1 release
+
+Notice: My appologies if I've missed anyone, but you did have an opportunity
+        to send me your names. (I solicited for contributors names to emails
+        to the ESAPI-Dev and ESAPI-User mailing lists sent on 1/23/2016.)
+        If I missed you and you contributed to THIS release, please send
+        me an email with your first and last name and what your SPECIFIC
+        contribution was and I will see you name is added to this list.
+                                                    - Kevin W. Wall
+
+Project co-leaders
+    Kevin W. Wall (kwwall)
+    Chris Schmidt (chrisisbeef)
+
+Special shout-outs to:
+    Matt Seil (xeno6696)
+    Jeremiah Stacey (jeremiahjstacey)
+
+Special contributions:
+    ESAPI Hackathon participants - November 18, 2014 - January 20, 2014
+        Daniel Amodio
+        Eric Kobrin
+        Eric Citaire
+        Eamonn Washington
+        John Melton
+        Special thanks to Samantha Groves for assisting with the ESAPI hackathon
+
+    Professor and students involved in ESAPI Spring Code Sprint (May - June, 2015):
+        Marek Zachara - instructor
+        Patryk Bak - student
+        Marcin Siedlarz - student
+        Szymon Bobowiec - student
+        Karol Kapcia - student
+        Fabio Cerullo - OWASP board coordination for code sprint
+
+Other Contributors:
+    Karan Sanwal
+    Arpit Gupta
+    Constantino Cronemberger
+    Tàrin Gamberìni
+    Kad Dembele
+    Anthony Musyoki
+    Andrew VanLoo
+    Ashish Tripathy

From a45a134d064aefaf17d2f82c220532ac747afc1d Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 31 Jan 2016 23:03:13 -0500
Subject: [PATCH 367/812] Added contributor.

---
 documentation/esapi4java-core-2.1.0.1-release-notes.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/documentation/esapi4java-core-2.1.0.1-release-notes.txt b/documentation/esapi4java-core-2.1.0.1-release-notes.txt
index 0820404d8..568b4e234 100644
--- a/documentation/esapi4java-core-2.1.0.1-release-notes.txt
+++ b/documentation/esapi4java-core-2.1.0.1-release-notes.txt
@@ -124,3 +124,4 @@ Other Contributors:
     Anthony Musyoki
     Andrew VanLoo
     Ashish Tripathy
+    Brad Schoening

From 18bdb4db742d5242a34e1cd9649fa675584196fe Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 1 Feb 2016 21:10:56 -0500
Subject: [PATCH 368/812] Changes for new 2.1.0.1 release and to work with
 Cygwin.

---
 src/examples/scripts/findjar.sh    | 17 ++++++++++++++---
 src/examples/scripts/setenv-svn.sh |  8 ++++----
 src/examples/scripts/setenv-zip.sh |  2 +-
 3 files changed, 19 insertions(+), 8 deletions(-)

diff --git a/src/examples/scripts/findjar.sh b/src/examples/scripts/findjar.sh
index 611c32909..882c12b52 100755
--- a/src/examples/scripts/findjar.sh
+++ b/src/examples/scripts/findjar.sh
@@ -10,8 +10,13 @@ PROG=${0##*/}
 #   Default starting directory is Maven2 repository under $HOME ...
 starting_dir=$HOME/.m2/repository
 
+# If we are on Cygwin on Windows, the Maven repo may be under $USERPROFILE.
+if [[ $(uname -o) == "Cygwin" && ! -d "$starting_dir" ]]
+then    starting_dir="$(cygpath --unix ${USERPROFILE:-$HOME}/.m2/repository)"
+fi
+
 case "$1" in
--start) shift; starting_dir="$1"; shift ;;
+-start) shift; starting_dir="$1"; shift ;;  # Expected to be right if provided
 -\?)    echo "$USAGE" >&2; exit 2 ;;
 -*)     echo "$PROG: Unknown option: $1; treating as a jar pattern." >&2 ;;
 esac
@@ -25,5 +30,11 @@ esac
 
 # echo "Starting location: $starting_dir"   # DEBUG
 # echo "Jar pattern: $jar_pattern"          # DEBUG
-find "$starting_dir" -type f -name "$jar_pattern" -print |
-    egrep -v 'javadoc|sources'
+if [[ -d "$starting_dir" ]]
+then
+    find "$starting_dir" -type f -name "$jar_pattern" -print |
+        egrep -v 'javadoc|sources'
+else
+    echo "$PROG: Can't find starting directory for Maven repo: $starting_dir" >&2
+    exit 1
+fi
diff --git a/src/examples/scripts/setenv-svn.sh b/src/examples/scripts/setenv-svn.sh
index 41024857f..db4846e7c 100755
--- a/src/examples/scripts/setenv-svn.sh
+++ b/src/examples/scripts/setenv-svn.sh
@@ -1,6 +1,6 @@
 #/bin/bash
 # Purpose:  Use to set up environment to compile and run examples if ESAPI
-#           downloaded from the SVN repository.
+#           downloaded from the Svn or Git repository.
 # Usage:    From csh, tcsh:
 #               $ source ./setenv-svn.sh
 #           From most other *nix shells:
@@ -18,9 +18,9 @@
 esapi_classpath=".:\
 ../../../target/classes:\
 $(ls ../../../target/esapi-*.jar 2>&- || echo .):\
-$(./findjar.sh log4j-1.2.16.jar):\
-$(./findjar.sh commons-fileupload-1.2.jar):\
-$(./findjar.sh servlet-api-2.4.jar)"
+$(./findjar.sh log4j-1.2.17.jar):\
+$(./findjar.sh commons-fileupload-1.3.1.jar):\
+$(./findjar.sh servlet-api-2.5.jar)"
 
 esapi_resources="$(\cd ../../../configuration/esapi >&- 2>&- && pwd)"
 esapi_resources_test="$(\cd ../../../src/test/resources/esapi >&- 2>&- && pwd)"
diff --git a/src/examples/scripts/setenv-zip.sh b/src/examples/scripts/setenv-zip.sh
index 2a455791c..310864ac0 100755
--- a/src/examples/scripts/setenv-zip.sh
+++ b/src/examples/scripts/setenv-zip.sh
@@ -13,7 +13,7 @@
 # since the specific version of the library is delivered as part of the
 # ESAPI zip file. In this manner, we do not have to update this if these
 # versions change. For the record, at the time of this writing, these were
-# log4j-1.2.16.jar, commons-fileupload-1.2.jar, and servlet-api-2.4.jar.
+# log4j-1.2.17.jar, commons-fileupload-1.3.1.jar, and servlet-api-2.5.jar.
 esapi_classpath=".:\
 $(ls ../../../esapi*.jar):\
 $(./findjar.sh -start ../../../libs log4j-*.jar):\

From a907633752d17c6b5ae7dc3b5e9c02f45e1fd8ab Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 1 Feb 2016 21:28:23 -0500
Subject: [PATCH 369/812] Added System.err.println() to comment about GitHub
 issue 306.

---
 src/test/java/org/owasp/esapi/reference/AuthenticatorTest.java | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/test/java/org/owasp/esapi/reference/AuthenticatorTest.java b/src/test/java/org/owasp/esapi/reference/AuthenticatorTest.java
index 1603689c7..f3dd16ddb 100644
--- a/src/test/java/org/owasp/esapi/reference/AuthenticatorTest.java
+++ b/src/test/java/org/owasp/esapi/reference/AuthenticatorTest.java
@@ -413,6 +413,9 @@ public void run() {
 	 */
 	@Test public void testSetCurrentUser() throws AuthenticationException, InterruptedException {
 		System.out.println("setCurrentUser");
+        System.err.println("AuthenticatorTest.setCurrentUser(): This test " +
+                           "occasionally fails due to some undiscovered race condition. " +
+                           "This has been reported as GitHub issue #360. Patches to fix welcome.");
 		String user1 = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_UPPERS);
 		String user2 = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_UPPERS);
 		User userOne = instance.createUser(user1, "getCurrentUser", "getCurrentUser");

From 150de3a2c5ba37523612ee07341255139bab1c87 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 1 Feb 2016 21:30:04 -0500
Subject: [PATCH 370/812] Remove '-SNAPSHOT' in prep for 2.1.0.1 release.

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index f867c9b1a..140c6bf9d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,7 +3,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.owasp.esapi</groupId>
     <artifactId>esapi</artifactId>
-    <version>2.1.0.1-SNAPSHOT</version>
+    <version>2.1.0.1</version>
     <packaging>jar</packaging>
 
     <prerequisites>

From 66f1e5a93f701957be82e73d045917ec2b1136a9 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 1 Feb 2016 21:34:59 -0500
Subject: [PATCH 371/812] Add more closed issues and contributors.

---
 documentation/esapi4java-core-2.1.0.1-release-notes.txt | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/documentation/esapi4java-core-2.1.0.1-release-notes.txt b/documentation/esapi4java-core-2.1.0.1-release-notes.txt
index 568b4e234..306b34f30 100644
--- a/documentation/esapi4java-core-2.1.0.1-release-notes.txt
+++ b/documentation/esapi4java-core-2.1.0.1-release-notes.txt
@@ -1,13 +1,14 @@
 Release notes for ESAPI 2.1.0.1
     Release date: 2016-Feb-??
-    -Kevin W. Wall <kevin.w.wall@gmail.com>
+        -Kevin W. Wall <kevin.w.wall@gmail.com>
+        -Chris Schmidt <chris.schmidt@owasp.org>
 
 Previous release: ESAPI 2.1.0, Sept 2013
 
 
 -----------------------------------------------------------------------------
                 GitHub Issues fixed in this release:
-                          35 issues closed
+                          36 issues closed
 
 32 - URLs in doc for HTTPUtilities.setNoCacheHeaders are wrong
 58 - Separate Crypto Related Properties into Separate File
@@ -23,6 +24,7 @@ Previous release: ESAPI 2.1.0, Sept 2013
 221 - IntrusionException should extend EnterpriseRuntimeException
 229 - printStackTrace when loading configuration file
 237 - how can we use esapi in java for validation,please see files attached containing java code and for errors
+254 - Patch for /trunk/src/main/java/org/owasp/esapi/reference/crypto/JavaEncryptor.java
 261 - Could not set multiple cookies one by one at single request
 275 - Log4JLogger.java doesn't output correct file & line number because FQCN isn't forwarded to Log4J
 276 - Patch for /branches/2.1/src/main/java/org/owasp/esapi/reference/DefaultExecutor.java

From 5582e1ffb6afce1208d65cf890986fb70d8b0aac Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Fri, 5 Feb 2016 00:56:03 -0500
Subject: [PATCH 372/812] Set release date to 2016-Feb-05

---
 documentation/esapi4java-core-2.1.0.1-release-notes.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/documentation/esapi4java-core-2.1.0.1-release-notes.txt b/documentation/esapi4java-core-2.1.0.1-release-notes.txt
index 306b34f30..4c599ff59 100644
--- a/documentation/esapi4java-core-2.1.0.1-release-notes.txt
+++ b/documentation/esapi4java-core-2.1.0.1-release-notes.txt
@@ -1,5 +1,5 @@
 Release notes for ESAPI 2.1.0.1
-    Release date: 2016-Feb-??
+    Release date: 2016-Feb-05
         -Kevin W. Wall <kevin.w.wall@gmail.com>
         -Chris Schmidt <chris.schmidt@owasp.org>
 

From 74f4baa1cc70be14590f849b07205ed8a97bd1a5 Mon Sep 17 00:00:00 2001
From: "Kevin W. Wall" <kevin.w.wall@gmail.com>
Date: Fri, 5 Feb 2016 12:30:46 -0500
Subject: [PATCH 373/812] Update pom.xml

Change version from 2.1.0.1 to 2.1.0.2-SNAPSHOT to get ready for next development cycle.
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 140c6bf9d..32d10efb8 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,7 +3,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.owasp.esapi</groupId>
     <artifactId>esapi</artifactId>
-    <version>2.1.0.1</version>
+    <version>2.1.0.2-SNAPSHOT</version>
     <packaging>jar</packaging>
 
     <prerequisites>

From c0a8c3e92ca6d9c7c0b5820dc58232b99b976aac Mon Sep 17 00:00:00 2001
From: "Kevin W. Wall" <kevin.w.wall@gmail.com>
Date: Fri, 5 Feb 2016 23:10:22 -0500
Subject: [PATCH 374/812] Update README.md

Add note about the 'master' branch no longer being default.
---
 README.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/README.md b/README.md
index 96ce300c8..41f968157 100644
--- a/README.md
+++ b/README.md
@@ -11,6 +11,9 @@ OWASP ESAPI (The OWASP Enterprise Security API) is a free, open source, web appl
 <b>What does Legacy mean?</b><br/>
 <p>This is the legacy branch of ESAPI which means it is an actively maintained branch of the project, however feature development for this branch will not be done. Features that have already been scheduled for the 2.x branch will move forward, but the main focus will be working on the ESAPI 3.x branch.
 
+<b>IMPORTANT NOTE:<b>
+The default branch for ESAPI legacy is now the 'develop' branch (rather than the 'master' branch), where future development, bug fixes, etc. will now be done. The 'master' branch is now marked as "protected"; it reflects the latest stable ESAPI release (2.1.0.1 as of this date). Note that this change of making the 'develop' branch the default may affect any pull requests that you were intending to make.
+
 <b>Where can I find ESAPI 3.x</b><br/>
 https://github.com/ESAPI/esapi-java
 

From 6696001960616bd99a2c9c0e94e6e8b7830a2924 Mon Sep 17 00:00:00 2001
From: "Kevin W. Wall" <kevin.w.wall@gmail.com>
Date: Fri, 5 Feb 2016 23:11:13 -0500
Subject: [PATCH 375/812] Update README.md

Fixed screwed up formatting.
---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 41f968157..a5bc91456 100644
--- a/README.md
+++ b/README.md
@@ -11,7 +11,7 @@ OWASP ESAPI (The OWASP Enterprise Security API) is a free, open source, web appl
 <b>What does Legacy mean?</b><br/>
 <p>This is the legacy branch of ESAPI which means it is an actively maintained branch of the project, however feature development for this branch will not be done. Features that have already been scheduled for the 2.x branch will move forward, but the main focus will be working on the ESAPI 3.x branch.
 
-<b>IMPORTANT NOTE:<b>
+<b>IMPORTANT NOTE:</b>
 The default branch for ESAPI legacy is now the 'develop' branch (rather than the 'master' branch), where future development, bug fixes, etc. will now be done. The 'master' branch is now marked as "protected"; it reflects the latest stable ESAPI release (2.1.0.1 as of this date). Note that this change of making the 'develop' branch the default may affect any pull requests that you were intending to make.
 
 <b>Where can I find ESAPI 3.x</b><br/>

From 4cb93e4c3d1587379b7fe00d1c586299c331d639 Mon Sep 17 00:00:00 2001
From: Anthony Musyoki <anthony.musyoki@gmail.com>
Date: Mon, 8 Feb 2016 09:40:24 +0300
Subject: [PATCH 376/812] Updates outdated plugin versions.

---
 pom.xml | 36 ++++++++++++++++++------------------
 1 file changed, 18 insertions(+), 18 deletions(-)

diff --git a/pom.xml b/pom.xml
index 140c6bf9d..6aee8b282 100644
--- a/pom.xml
+++ b/pom.xml
@@ -201,7 +201,7 @@
         <plugins>
             <plugin>
                 <artifactId>maven-compiler-plugin</artifactId>
-                <version>3.1</version>
+                <version>3.3</version>
                 <configuration>
                     <source>1.6</source>
                     <target>1.6</target>
@@ -214,7 +214,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-eclipse-plugin</artifactId>
-                <version>2.9</version>
+                <version>2.10</version>
                 <configuration>
                     <downloadSources>true</downloadSources>
                 </configuration>
@@ -222,7 +222,7 @@
 
             <plugin>
                 <artifactId>maven-jar-plugin</artifactId>
-                <version>2.4</version>
+                <version>2.6</version>
                 <configuration>
                     <archive>
                         <manifest>
@@ -237,7 +237,7 @@
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>versions-maven-plugin</artifactId>
-                <version>2.1</version>
+                <version>2.2</version>
                 <executions>
                     <execution>
                         <id>check-for-dependency-updates</id>
@@ -259,7 +259,7 @@
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>findbugs-maven-plugin</artifactId>
-                <version>2.5.3</version>
+                <version>2.5.5</version>
                 <configuration>
                     <findbugsXmlOutput>true</findbugsXmlOutput>
                     <findbugsXmlWithMessages>true</findbugsXmlWithMessages>
@@ -272,7 +272,7 @@
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>cobertura-maven-plugin</artifactId>
-                <version>2.6</version>
+                <version>2.7</version>
                 <configuration>
                     <formats>
                         <format>html</format>
@@ -287,7 +287,7 @@
             </plugin>
             <plugin>
                 <artifactId>maven-pmd-plugin</artifactId>
-                <version>3.1</version>
+                <version>3.6</version>
                 <configuration>
                     <targetJdk>1.5</targetJdk>
                     <sourceEncoding>utf-8</sourceEncoding>
@@ -296,7 +296,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-javadoc-plugin</artifactId>
-                <version>2.9.1</version>
+                <version>2.10.3</version>
                 <configuration>
                     <detectJavaApiLink>false</detectJavaApiLink>
                     <detectLinks>false</detectLinks>
@@ -310,7 +310,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-changelog-plugin</artifactId>
-                <version>2.2</version>
+                <version>2.3</version>
                 <configuration>
                     <issueIDRegexPattern>[Ii]ssue[# ]*(\d)+</issueIDRegexPattern>
                     <issueLinkUrl>http://code.google.com/p/owasp-esapi-java/issues/detail?id=%ISSUE%</issueLinkUrl>
@@ -323,7 +323,7 @@
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>versions-maven-plugin</artifactId>
-                <version>2.1</version>
+                <version>2.2</version>
                 <reportSets>
                     <reportSet>
                         <reports>
@@ -337,7 +337,7 @@
             <plugin>
                 <groupId>org.owasp</groupId>
                 <artifactId>dependency-check-maven</artifactId>
-                <version>1.2.11</version>
+                <version>1.3.3</version>
                 <configuration>
                     <externalReport>false</externalReport>
                 </configuration>
@@ -345,7 +345,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-surefire-report-plugin</artifactId>
-                <version>2.17</version>
+                <version>2.19.1</version>
             </plugin>
         </plugins>
     </reporting>
@@ -384,7 +384,7 @@
                     <plugin>
                         <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-gpg-plugin</artifactId>
-                        <version>1.5</version>
+                        <version>1.6</version>
                         <executions>
                             <execution>
                                 <id>sign-artifacts</id>
@@ -402,7 +402,7 @@
 					<plugin>
 						<groupId>org.apache.maven.plugins</groupId>
 						<artifactId>maven-jar-plugin</artifactId>
-						<version>2.4</version>
+						<version>2.6</version>
 <!--
 						<executions>
 							<execution>
@@ -436,7 +436,7 @@
                     <plugin>
                         <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-enforcer-plugin</artifactId>
-                        <version>1.3.1</version>
+                        <version>1.4.1</version>
                         <executions>
                             <execution>
                                 <id>enforce-jdk-version</id>
@@ -462,7 +462,7 @@
                     <plugin>
                         <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-javadoc-plugin</artifactId>
-                        <version>2.9.1</version>
+                        <version>2.10.3</version>
                         <executions>
                             <execution>
                                 <id>attach-javadocs</id>
@@ -477,7 +477,7 @@
                     <plugin>
                         <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-assembly-plugin</artifactId>
-                        <version>2.4</version>
+                        <version>2.6</version>
                         <configuration>
                             <descriptors>
                                 <descriptor>src/main/assembly/dist.xml</descriptor>
@@ -499,7 +499,7 @@
                     <plugin>
                         <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-release-plugin</artifactId>
-                        <version>2.5</version>
+                        <version>2.5.3</version>
                         <configuration>
                             <tagBase>https://owasp-esapi-java.googlecode.com/svn/tags/releases/</tagBase>
                         </configuration>

From 644a777ea71caa11828b12f54dcf3c7ffc89ef04 Mon Sep 17 00:00:00 2001
From: Anthony Musyoki <anthony.musyoki@gmail.com>
Date: Mon, 8 Feb 2016 10:27:26 +0300
Subject: [PATCH 377/812] Specifies plugin versions for previously unedfined
 plugins.

---
 pom.xml | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/pom.xml b/pom.xml
index 6aee8b282..5c1e9dd8a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -347,6 +347,36 @@
                 <artifactId>maven-surefire-report-plugin</artifactId>
                 <version>2.19.1</version>
             </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-surefire-plugin</artifactId>
+                <version>2.19.1</version>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-clean-plugin</artifactId>
+                <version>3.0.0</version>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-install-plugin</artifactId>
+                <version>2.5.2</version>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-resources-plugin</artifactId>
+                <version>2.7</version>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-site-plugin</artifactId>
+                <version>3.4</version>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-deploy-plugin</artifactId>
+                <version>2.8.2</version>
+            </plugin>
         </plugins>
     </reporting>
 

From 514f2bd60f6d2cbae6cb8b7baccbb2abf79684ee Mon Sep 17 00:00:00 2001
From: drmyersii <davidrmyersii@gmail.com>
Date: Thu, 7 Apr 2016 19:08:38 -0400
Subject: [PATCH 378/812] Ignoring IntelliJ project files.

---
 .gitignore | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.gitignore b/.gitignore
index 65ac7f40a..cbbf3ad74 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,3 +5,7 @@
 *.swp
 *~
 *.iml
+
+# IntelliJ
+
+/.idea

From ca388175029d11780860ac299358df638f9c00ab Mon Sep 17 00:00:00 2001
From: drmyersii <davidrmyersii@gmail.com>
Date: Thu, 7 Apr 2016 19:28:06 -0400
Subject: [PATCH 379/812] Adding instructions for building/developing/testing
 with IntelliJ. This closes #366.

---
 .../how-to-build-and-develop-with-intellij.md      | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 documentation/how-to-build-and-develop-with-intellij.md

diff --git a/documentation/how-to-build-and-develop-with-intellij.md b/documentation/how-to-build-and-develop-with-intellij.md
new file mode 100644
index 000000000..c73fcdafa
--- /dev/null
+++ b/documentation/how-to-build-and-develop-with-intellij.md
@@ -0,0 +1,14 @@
+# How to Build and Develop ESAPI with IntelliJ
+
+IntelliJ is set up to run pretty seamlessly out of the box, but there are still a few configuration options we need to change in order to get Unit Tests to run properly.
+
+1. Click `Run` > `Edit Configurations...`
+2. Click `+` > `JUnit` to add a new Run Configuration for JUnit
+3. Set the `Name:` field to `JUnit Config`
+4. Set the `Test kind:` field to `All in package`
+5. Set the `Search for tests:` field to `In whole project`
+6. Set the `Working directory:` field to **your** project root directory (e.g. ~/workspace/esapi-java-legacy)
+
+In order to Run ESAPI with Tests, you just need to select `Run` > `Run 'JUnit Config' with Coverage`
+
+That's it!

From ff9c62e79fd6c8ec0db023790e6c6d059d71f8a8 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Tue, 23 Feb 2016 05:43:56 -0600
Subject: [PATCH 380/812] Removing file system management components in place
 of Junit Rules

ciphertext-portable.ser  and ciphertext.ser will no longer display as
new resources after tests are executed.
---
 .../owasp/esapi/crypto/CipherTextTest.java    | 84 ++++---------------
 1 file changed, 18 insertions(+), 66 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/crypto/CipherTextTest.java b/src/test/java/org/owasp/esapi/crypto/CipherTextTest.java
index 18c7fb505..cb2f22b97 100644
--- a/src/test/java/org/owasp/esapi/crypto/CipherTextTest.java
+++ b/src/test/java/org/owasp/esapi/crypto/CipherTextTest.java
@@ -1,56 +1,35 @@
 package org.owasp.esapi.crypto;
 
 import static org.junit.Assert.*;
-import org.junit.AfterClass;
-import org.junit.BeforeClass;
 
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.FileOutputStream;
-import java.io.IOException;
-import java.io.ObjectInputStream;
-import java.io.ObjectOutputStream;
+import java.io.*;
 import java.security.InvalidAlgorithmParameterException;
 import java.security.InvalidKeyException;
+
 import javax.crypto.BadPaddingException;
 import javax.crypto.Cipher;
 import javax.crypto.IllegalBlockSizeException;
 import javax.crypto.SecretKey;
 import javax.crypto.spec.IvParameterSpec;
 
-import junit.framework.Assert;
-import junit.framework.JUnit4TestAdapter;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
+import org.junit.*;
+import org.junit.rules.TemporaryFolder;
 import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.crypto.CipherSpec;
-import org.owasp.esapi.crypto.CipherText;
-import org.owasp.esapi.crypto.CryptoHelper;
 import org.owasp.esapi.errors.EncryptionException;
 import org.owasp.esapi.reference.crypto.CryptoPolicy;
 
+import junit.framework.Assert;
+import junit.framework.JUnit4TestAdapter;
+
 public class CipherTextTest {
 
-    private static final boolean POST_CLEANUP = true;
-    
 	private CipherSpec cipherSpec_ = null;
     private Cipher encryptor = null;
     private Cipher decryptor = null;
     private IvParameterSpec ivSpec = null;
-	
-    @BeforeClass public static void preCleanup() {
-    	try {
-            // These two calls have side-effects that cause FindBugs to complain.
-    		removeFile("ciphertext.ser");
-    		removeFile("ciphertext-portable.ser");
-    		// Do NOT remove this file...
-    		//		src/test/resource/ESAPI2.0-ciphertext-portable.ser
-    	} catch(Exception ex) {
-    		;	// Do nothing
-    	}
-    }
+    @Rule
+    public TemporaryFolder tempFolder = new TemporaryFolder();
+   
     
 	@Before
 	public void setUp() throws Exception {
@@ -61,18 +40,6 @@ public void setUp() throws Exception {
         ivSpec = new IvParameterSpec(ivBytes);
 	}
 
-	@After
-	public void tearDown() throws Exception {
-	}
-	
-	@AfterClass public static void postCleanup() {
-	    if ( POST_CLEANUP ) {
-	            // These two calls have side-effects that cause FindBugs to complain.
-	        removeFile("ciphertext.ser");
-	        removeFile("ciphertext-portable.ser");
-	    }
-	}
-
 	/** Test the default CTOR */
 	@Test
 	public final void testCipherText() {
@@ -205,11 +172,11 @@ public final void testMIC() {
 	}
 
 	/** Test <i>portable</i> serialization. */
-	@Test public final void testPortableSerialization() {
+	@Test public final void testPortableSerialization() throws Exception{
 	    System.out.println("CipherTextTest.testPortableSerialization()starting...");
 	    String filename = "ciphertext-portable.ser";
-	    File serializedFile = new File(filename);
-	    serializedFile.delete();    // Delete any old serialized file.
+	    File serializedFile = tempFolder.newFile(filename);
+	  
 
 	    int keySize = 128;
 	    if ( CryptoPolicy.isUnlimitedStrengthCryptoAvailable() ) {
@@ -305,9 +272,9 @@ public final void testMIC() {
 	/** Test Java serialization. */
 	@Test public final void testJavaSerialization() {
         String filename = "ciphertext.ser";
-        File serializedFile = new File(filename);
+      
         try {
-            serializedFile.delete();	// Delete any old serialized file.
+            File serializedFile = tempFolder.newFile(filename);
             
             CipherSpec cipherSpec = new CipherSpec(encryptor, 128);
 			cipherSpec.setIV(ivSpec.getIV());
@@ -317,13 +284,13 @@ public final void testMIC() {
 			byte[] raw = encryptor.doFinal("This is my secret message!!!".getBytes("UTF8"));
 			CipherText ciphertext = new CipherText(cipherSpec, raw);
 
-            FileOutputStream fos = new FileOutputStream(filename);
+            FileOutputStream fos = new FileOutputStream(serializedFile);
             ObjectOutputStream out = new ObjectOutputStream(fos);
             out.writeObject(ciphertext);
             out.close();
             fos.close();
 
-            FileInputStream fis = new FileInputStream(filename);
+            FileInputStream fis = new FileInputStream(serializedFile);
             ObjectInputStream in = new ObjectInputStream(fis);
             CipherText restoredCipherText = (CipherText)in.readObject();
             in.close();
@@ -361,10 +328,7 @@ public final void testMIC() {
 		} catch (InvalidAlgorithmParameterException ex) {
 			ex.printStackTrace(System.err);
 			fail("testJavaSerialization(): Unexpected InvalidAlgorithmParameterException: " + ex);
-		}  finally {
-		    // FindBugs complains that we are ignoring this return value. We really don't care.
-            serializedFile.delete();
-        }
+		} 
 	}
 	
 	/**
@@ -375,16 +339,4 @@ public final void testMIC() {
 	public static junit.framework.Test suite() {
 		return new JUnit4TestAdapter(CipherTextTest.class);
 	}
-	
-	private static void removeFile(String fname) {
-    	try {
-    		if ( fname != null ) {
-    			File f = new File(fname);
-    			// Findbugs complains about ignoring this return value. Too bad.
-    			f.delete();
-    		}
-    	} catch(Exception ex) {
-    		;	// Do nothing
-    	}
-	}
 }

From e63b4340f7a6bc60994bfce882192768a1ad6d49 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Tue, 23 Feb 2016 05:45:33 -0600
Subject: [PATCH 381/812] Upgrading Junit Syntax & file system management to
 junit rules

ReferenceEncryptedProperties.test.txt and test.out will no longer
display as new resources after tests are executed.
---
 .../ReferenceEncryptedPropertiesTest.java     | 78 +++++--------------
 1 file changed, 21 insertions(+), 57 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/reference/crypto/ReferenceEncryptedPropertiesTest.java b/src/test/java/org/owasp/esapi/reference/crypto/ReferenceEncryptedPropertiesTest.java
index 89eb563d3..9236dd75a 100644
--- a/src/test/java/org/owasp/esapi/reference/crypto/ReferenceEncryptedPropertiesTest.java
+++ b/src/test/java/org/owasp/esapi/reference/crypto/ReferenceEncryptedPropertiesTest.java
@@ -15,16 +15,17 @@
  */
 package org.owasp.esapi.reference.crypto;
 
+import static org.junit.Assert.*;
+
 import java.io.*;
 import java.util.Collection;
 import java.util.Enumeration;
 import java.util.Iterator;
 import java.util.Properties;
 
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.TemporaryFolder;
 import org.owasp.esapi.errors.EncryptionException;
 import org.owasp.esapi.errors.EncryptionRuntimeException;
 
@@ -35,50 +36,18 @@
  *         <a href="http://www.codemagi.com">CodeMagi, Inc.</a>
  * @since October 8, 2010
  */
-public class ReferenceEncryptedPropertiesTest extends TestCase {
-
-	/**
-	 * Instantiates a new encrypted properties test.
-	 * 
-	 * @param testName
-	 *            the test name
-	 */
-	public ReferenceEncryptedPropertiesTest(String testName) {
-		super(testName);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	protected void setUp() throws Exception {
-		// none
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	protected void tearDown() throws Exception {
-		// none
-	}
-
-	/**
-	 * Suite.
-	 * 
-	 * @return the test
-	 */
-	public static Test suite() {
-		TestSuite suite = new TestSuite(ReferenceEncryptedPropertiesTest.class);
-
-		return suite;
-	}
+public class ReferenceEncryptedPropertiesTest {
 
+    @Rule
+    public TemporaryFolder tempFolder = new TemporaryFolder();
+	
 	/**
 	 * Test of getProperty method, of class org.owasp.esapi.EncryptedProperties.
 	 * 
 	 * @throws EncryptionException
 	 *             the encryption exception
 	 */
-	public void testGetProperty() throws EncryptionException {
+	@Test public void testGetProperty() throws EncryptionException {
 		System.out.println("getProperty");
 		ReferenceEncryptedProperties instance = new ReferenceEncryptedProperties();
 		String name = "name";
@@ -95,7 +64,7 @@ public void testGetProperty() throws EncryptionException {
 	 * @throws EncryptionException
 	 *             the encryption exception
 	 */
-	public void testSetProperty() throws EncryptionException {
+	@Test public void testSetProperty() throws EncryptionException {
 		System.out.println("setProperty");
 		ReferenceEncryptedProperties instance = new ReferenceEncryptedProperties();
 		String name = "name";
@@ -131,7 +100,7 @@ public void testSetProperty() throws EncryptionException {
 	/**
 	 * Test the behavior when the requested key does not exist.
 	 */
-	public void testNonExistantKeyValue() throws Exception
+	@Test public void testNonExistantKeyValue() throws Exception
 	{
 		ReferenceEncryptedProperties instance = new ReferenceEncryptedProperties();
 		assertNull(instance.getProperty("not.there"));
@@ -140,7 +109,7 @@ public void testNonExistantKeyValue() throws Exception
 	/**
 	 * Test of keySet method, of class org.owasp.esapi.EncryptedProperties.
 	 */
-	public void testKeySet() throws Exception
+	@Test public void testKeySet() throws Exception
 	{
 		boolean sawTwo = false;
 		boolean sawOne = false;
@@ -175,7 +144,7 @@ else if(key.equals("two"))
 	/**
 	 * Test storing and loading of encrypted properties.
 	 */
-	public void testStoreLoad() throws Exception
+	@Test public void testStoreLoad() throws Exception
 	{
 		ReferenceEncryptedProperties toLoad = new ReferenceEncryptedProperties();
 		ByteArrayOutputStream baos = new ByteArrayOutputStream();
@@ -234,7 +203,7 @@ else if(key.equals("seuss.schneier"))
 	/**
 	 * Test storing and loading of encrypted properties.
 	 */
-	public void testStoreLoadWithReader() throws Exception
+	@Test public void testStoreLoadWithReader() throws Exception
 	{
 /*
 		//create an EncryptedProperties to store
@@ -300,7 +269,7 @@ else if(key.equals("seuss.schneier"))
 	/**
 	 * Test overridden put method.
 	 */
-	public void testPut() throws Exception
+	@Test public void testPut() throws Exception
 	{
 		ReferenceEncryptedProperties props = new ReferenceEncryptedProperties();
 
@@ -367,7 +336,7 @@ public void testPut() throws Exception
 	 * Test that ReferenceEncryptedProperties can be properly constructed
 	 * with an instance of Properties.
 	 */
-	public void testConstructWithProperties() {
+	@Test public void testConstructWithProperties() {
 		Properties props = new Properties();
 		props.setProperty("one", "two");
 		props.setProperty("two", "three");
@@ -421,7 +390,7 @@ else if(key.equals("seuss.schneier"))
 	 * Test that ReferenceEncryptedProperties can be properly constructed
 	 * with an instance of EncryptedProperties.
 	 */
-	public void testConstructWithEncryptedProperties() throws Exception {
+	@Test public void testConstructWithEncryptedProperties() throws Exception {
 		ReferenceEncryptedProperties props = new ReferenceEncryptedProperties();
 		props.setProperty("one", "two");
 		props.setProperty("two", "three");
@@ -475,13 +444,13 @@ else if(key.equals("seuss.schneier"))
 	/**
 	 * Test overridden methods from Properties and Hashtable.
 	 */
-	public void testOverriddenMethods() throws Exception {
+	@Test public void testOverriddenMethods() throws Exception {
 		Properties props = new ReferenceEncryptedProperties();
 		props.setProperty("one", "two");
 		props.setProperty("two", "three");
 		props.setProperty("seuss.schneier", "one fish, twofish, red fish, blowfish");
 
-		FileOutputStream out = new FileOutputStream("ReferenceEncryptedProperties.test.txt");
+		FileOutputStream out = new FileOutputStream(tempFolder.newFile("ReferenceEncryptedProperties.test.txt"));
 		PrintStream ps = new PrintStream(out);
 		try {
 			props.list(ps);
@@ -490,7 +459,7 @@ public void testOverriddenMethods() throws Exception {
 		    assertTrue( e instanceof UnsupportedOperationException );
 		}
 
-		PrintWriter pw = new PrintWriter(new FileWriter("test.out"));
+		PrintWriter pw = new PrintWriter(new FileWriter(tempFolder.newFile("test.out")));
 		try {
 			props.list(pw);
 			fail("testOverriddenMethods(): list(PrintWriter) did not result in expected Exception");
@@ -525,11 +494,6 @@ public void testOverriddenMethods() throws Exception {
 		} catch( Exception e ) {
 		    assertTrue( e instanceof UnsupportedOperationException );
 		}
-
-        File f1 = new File("test.out");
-        f1.delete();
-        File f = new File("ReferenceEncryptedProperties.test.txt");
-        f.delete();
 	}
 
 }

From 5951f43e6c65562d35d860d6a89b86643e786305 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sat, 23 Jan 2016 13:05:40 -0600
Subject: [PATCH 382/812] https://github.com/ESAPI/esapi-java-legacy/issues/352

Cleaning up unused imports.
---
 .../esapi/reference/crypto/EncryptedPropertiesUtilsTest.java   | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/reference/crypto/EncryptedPropertiesUtilsTest.java b/src/test/java/org/owasp/esapi/reference/crypto/EncryptedPropertiesUtilsTest.java
index 8619dbcdf..6b665276a 100644
--- a/src/test/java/org/owasp/esapi/reference/crypto/EncryptedPropertiesUtilsTest.java
+++ b/src/test/java/org/owasp/esapi/reference/crypto/EncryptedPropertiesUtilsTest.java
@@ -16,7 +16,6 @@
 package org.owasp.esapi.reference.crypto;
 
 import java.io.File;
-import java.io.FileInputStream;
 import java.io.FileOutputStream;
 import java.io.FileReader;
 import java.util.Properties;
@@ -25,8 +24,6 @@
 import junit.framework.TestCase;
 import junit.framework.TestSuite;
 
-import org.owasp.esapi.errors.EncryptionException;
-
 /**
  * The Class EncryptedPropertiesTest.
  * 

From ea8436401ab16a26e878b7b0a8ee1f753628fab7 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sat, 23 Jan 2016 13:08:08 -0600
Subject: [PATCH 383/812] https://github.com/ESAPI/esapi-java-legacy/issues/352

Updating deprecated junit references.
---
 .../crypto/EncryptedPropertiesUtilsTest.java  | 42 ++++++-------------
 1 file changed, 12 insertions(+), 30 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/reference/crypto/EncryptedPropertiesUtilsTest.java b/src/test/java/org/owasp/esapi/reference/crypto/EncryptedPropertiesUtilsTest.java
index 6b665276a..2db65e73c 100644
--- a/src/test/java/org/owasp/esapi/reference/crypto/EncryptedPropertiesUtilsTest.java
+++ b/src/test/java/org/owasp/esapi/reference/crypto/EncryptedPropertiesUtilsTest.java
@@ -15,14 +15,17 @@
  */
 package org.owasp.esapi.reference.crypto;
 
+import static org.junit.Assert.*;
+
 import java.io.File;
 import java.io.FileOutputStream;
 import java.io.FileReader;
 import java.util.Properties;
 
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
 
 /**
  * The Class EncryptedPropertiesTest.
@@ -31,7 +34,7 @@
  *         <a href="http://www.codemagi.com">CodeMagi, Inc.</a>
  * @since October 8, 2010
  */
-public class EncryptedPropertiesUtilsTest extends TestCase {
+public class EncryptedPropertiesUtilsTest {
 
 	private static final String KEY1	= "quick";
 	private static final String VALUE1	= "brown fox";
@@ -46,20 +49,10 @@ public class EncryptedPropertiesUtilsTest extends TestCase {
 	private static final String ENCRYPTED_FILENAME_1	= "encrypted.properties";
 	private static final String ENCRYPTED_FILENAME_2	= "encrypted.2.properties";
 
-	/**
-	 * Instantiates a new encrypted properties test.
-	 * 
-	 * @param testName
-	 *            the test name
-	 */
-	public EncryptedPropertiesUtilsTest(String testName) {
-		super(testName);
-	}
-
 	/**
 	 * {@inheritDoc}
 	 */
-	protected void setUp() throws Exception {
+	@Before public void setUp() throws Exception {
 		//write an initial plaintext properties file
 		Properties props = new Properties();
 		props.setProperty(KEY3, VALUE3);
@@ -71,24 +64,13 @@ protected void setUp() throws Exception {
 	/**
 	 * {@inheritDoc}
 	 */
-	protected void tearDown() throws Exception {
+	@After public void tearDown() throws Exception {
 		File[] delFiles = new File[] { new File(PLAINTEXT_FILENAME), new File(ENCRYPTED_FILENAME_1), new File(ENCRYPTED_FILENAME_2) };
         for ( File f : delFiles ) {
             f.deleteOnExit();
         }
 	}
 
-	/**
-	 * Suite.
-	 * 
-	 * @return the test
-	 */
-	public static Test suite() {
-		TestSuite suite = new TestSuite(EncryptedPropertiesUtilsTest.class);
-
-		return suite;
-	}
-
 	/**
 	 * Test of creating and storing a new EncryptedProperties from scratch,
 	 * as if calling:
@@ -98,7 +80,7 @@ public static Test suite() {
 	 *
 	 * @throws Exception Any exception that occurs
 	 */
-	public void testCreateNew() throws Exception {
+	@Test public void testCreateNew() throws Exception {
 
 		//create a new properties with no input
 		Properties props = EncryptedPropertiesUtils.loadProperties(null, null);
@@ -130,7 +112,7 @@ public void testCreateNew() throws Exception {
 	 *
 	 * @throws Exception Any exception that occurs
 	 */
-	public void testLoadPlaintextAndEncrypt() throws Exception {
+	@Test public void testLoadPlaintextAndEncrypt() throws Exception {
 
 		//load the plaintext properties file
 		Properties props = EncryptedPropertiesUtils.loadProperties(PLAINTEXT_FILENAME, false);
@@ -159,7 +141,7 @@ public void testLoadPlaintextAndEncrypt() throws Exception {
 	 *
 	 * @throws Exception Any exception that occurs
 	 */
-	public void testLoadEncryptedAndAdd() throws Exception {
+	@Test public void testLoadEncryptedAndAdd() throws Exception {
 
 		//load the plaintext properties file
 		Properties props = EncryptedPropertiesUtils.loadProperties(ENCRYPTED_FILENAME_1, true);

From a6819c5ae2af8fea59ef7f6507d0451ae73a4aab Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sat, 23 Jan 2016 13:34:15 -0600
Subject: [PATCH 384/812] https://github.com/ESAPI/esapi-java-legacy/issues/352

Correcting issue.  Underlying problem of Issue 352 was that the tests
were impacting the same file sets, and were acting under the assumption
that they would execute sequentially in the order they appeared in the
test file.  Introducing more threads caused testLoadPlaintextAndEncrypt
and testLoadEncryptedAndAdd to run concurrently and broke the sequential
dependency consistently to replicate the listed result.

Isolating test behavior by removing the shared static relative filepaths
and using the TemporaryFolder junit rule to manage filesystem resources.
Removing order-dependent validation of K/V 3 and K/V 4 from the
testLoadEncryptedAndAdd implementation.
---
 .../crypto/EncryptedPropertiesUtilsTest.java  | 85 ++++++++++---------
 1 file changed, 43 insertions(+), 42 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/reference/crypto/EncryptedPropertiesUtilsTest.java b/src/test/java/org/owasp/esapi/reference/crypto/EncryptedPropertiesUtilsTest.java
index 2db65e73c..e222af09b 100644
--- a/src/test/java/org/owasp/esapi/reference/crypto/EncryptedPropertiesUtilsTest.java
+++ b/src/test/java/org/owasp/esapi/reference/crypto/EncryptedPropertiesUtilsTest.java
@@ -20,11 +20,13 @@
 import java.io.File;
 import java.io.FileOutputStream;
 import java.io.FileReader;
+import java.io.IOException;
 import java.util.Properties;
 
-import org.junit.After;
-import org.junit.Before;
+import org.junit.Rule;
 import org.junit.Test;
+import org.junit.rules.TemporaryFolder;
+import org.junit.rules.TestName;
 
 
 /**
@@ -45,32 +47,26 @@ public class EncryptedPropertiesUtilsTest {
 	private static final String KEY4	= "sally sue";
 	private static final String VALUE4	= "betty mae";
 
-	private static final String PLAINTEXT_FILENAME		= "plaintext.properties";
-	private static final String ENCRYPTED_FILENAME_1	= "encrypted.properties";
-	private static final String ENCRYPTED_FILENAME_2	= "encrypted.2.properties";
-
-	/**
-	 * {@inheritDoc}
-	 */
-	@Before public void setUp() throws Exception {
-		//write an initial plaintext properties file
-		Properties props = new Properties();
-		props.setProperty(KEY3, VALUE3);
-		props.setProperty(KEY4, VALUE4);
-
-		props.store(new FileOutputStream(PLAINTEXT_FILENAME), "Plaintext test file created by EncryptedPropertiesUtilsTest");
-	}
-
+	
+	/** Rule to acquire the running test's information at runtime.*/
+	@Rule
+	public TestName testName = new TestName();
+
+	/** File management component for IO targets during test executions.*/
+	@Rule
+	public TemporaryFolder tempFolder = new TemporaryFolder();
+	
+	/** Counter used to track the number of files created for a single test to assist with creating unique file references.*/
+	private int fileIndex = 0;
+	
 	/**
-	 * {@inheritDoc}
+	 * Creates a new properties file reference for the active test which will be cleaned up upon test completion.
+	 * @return File New unique file reference for the active test.
+	 * @throws IOException If a new file could not be generated.
 	 */
-	@After public void tearDown() throws Exception {
-		File[] delFiles = new File[] { new File(PLAINTEXT_FILENAME), new File(ENCRYPTED_FILENAME_1), new File(ENCRYPTED_FILENAME_2) };
-        for ( File f : delFiles ) {
-            f.deleteOnExit();
-        }
+	private final File getTempPropertiesFile() throws IOException {
+	    return tempFolder.newFile(String.format("%s_%2d.properties", testName.getMethodName(), fileIndex++));
 	}
-
 	/**
 	 * Test of creating and storing a new EncryptedProperties from scratch,
 	 * as if calling:
@@ -81,7 +77,8 @@ public class EncryptedPropertiesUtilsTest {
 	 * @throws Exception Any exception that occurs
 	 */
 	@Test public void testCreateNew() throws Exception {
-
+	    File encryptedFile = getTempPropertiesFile();
+	    
 		//create a new properties with no input
 		Properties props = EncryptedPropertiesUtils.loadProperties(null, null);
 		
@@ -93,11 +90,11 @@ public class EncryptedPropertiesUtilsTest {
 		assertNull("Expected null but returned: " + prop2, prop2);
 
 		//store the file 
-		EncryptedPropertiesUtils.storeProperties(ENCRYPTED_FILENAME_1, props, "Encrypted Properties File generated by EncryptedPropertiesUtilsTest");
+		EncryptedPropertiesUtils.storeProperties(encryptedFile.getAbsolutePath(), props, "Encrypted Properties File generated by EncryptedPropertiesUtilsTest");
 
 		//try reading in the resulting file
 		ReferenceEncryptedProperties loadedProps = new ReferenceEncryptedProperties();
-		loadedProps.load(new FileReader(ENCRYPTED_FILENAME_1));
+		loadedProps.load(new FileReader(encryptedFile.getAbsolutePath()));
 		
 		assertEquals(VALUE1, loadedProps.getProperty(KEY1));
 		assertEquals(VALUE2, loadedProps.getProperty(KEY2));
@@ -113,20 +110,29 @@ public class EncryptedPropertiesUtilsTest {
 	 * @throws Exception Any exception that occurs
 	 */
 	@Test public void testLoadPlaintextAndEncrypt() throws Exception {
-
+	    File encryptedFile = getTempPropertiesFile();
+	    File plainTextFile = getTempPropertiesFile();
+	    
+	  //write an initial plaintext properties file
+        Properties props = new Properties();
+        props.setProperty(KEY3, VALUE3);
+        props.setProperty(KEY4, VALUE4);
+
+        props.store(new FileOutputStream(plainTextFile.getAbsolutePath()), "Plaintext test file created by EncryptedPropertiesUtilsTest");
+	    
 		//load the plaintext properties file
-		Properties props = EncryptedPropertiesUtils.loadProperties(PLAINTEXT_FILENAME, false);
+		props = EncryptedPropertiesUtils.loadProperties(plainTextFile.getAbsolutePath(), false);
 
 		//test some properties using getProperty
 		assertEquals(VALUE3, props.getProperty(KEY3));
 		assertEquals(VALUE4, props.getProperty(KEY4));
 
 		//store the file
-		EncryptedPropertiesUtils.storeProperties(ENCRYPTED_FILENAME_1, props, "Encrypted Properties File generated by EncryptedPropertiesUtilsTest");
+		EncryptedPropertiesUtils.storeProperties(encryptedFile.getAbsolutePath(), props, "Encrypted Properties File generated by EncryptedPropertiesUtilsTest");
 
 		//try reading in the resulting file
 		ReferenceEncryptedProperties loadedProps = new ReferenceEncryptedProperties();
-		loadedProps.load(new FileReader(ENCRYPTED_FILENAME_1));
+		loadedProps.load(new FileReader(encryptedFile.getAbsolutePath()));
 
 		assertEquals(VALUE3, loadedProps.getProperty(KEY3));
 		assertEquals(VALUE4, loadedProps.getProperty(KEY4));
@@ -142,13 +148,10 @@ public class EncryptedPropertiesUtilsTest {
 	 * @throws Exception Any exception that occurs
 	 */
 	@Test public void testLoadEncryptedAndAdd() throws Exception {
-
+	    File encryptedFile = getTempPropertiesFile();
+	    File encryptedFile2 = getTempPropertiesFile();
 		//load the plaintext properties file
-		Properties props = EncryptedPropertiesUtils.loadProperties(ENCRYPTED_FILENAME_1, true);
-
-		//test some properties
-		assertEquals(VALUE3, props.getProperty(KEY3));
-		assertEquals(VALUE4, props.getProperty(KEY4));
+		Properties props = EncryptedPropertiesUtils.loadProperties(encryptedFile.getAbsolutePath(), true);
 
 		//add some new properties
 		EncryptedPropertiesUtils.addProperty(props, KEY1, VALUE1);
@@ -159,17 +162,15 @@ public class EncryptedPropertiesUtilsTest {
 		assertEquals(VALUE2, props.getProperty(KEY2));
 
 		//store the file
-		EncryptedPropertiesUtils.storeProperties(ENCRYPTED_FILENAME_2, props, "Encrypted Properties File generated by EncryptedPropertiesUtilsTest");
+		EncryptedPropertiesUtils.storeProperties(encryptedFile2.getAbsolutePath(), props, "Encrypted Properties File generated by EncryptedPropertiesUtilsTest");
 
 		//try reading in the resulting file
 		ReferenceEncryptedProperties loadedProps = new ReferenceEncryptedProperties();
-		loadedProps.load(new FileReader(ENCRYPTED_FILENAME_2));
+		loadedProps.load(new FileReader(encryptedFile2.getAbsolutePath()));
 
 		//test the values read in
 		assertEquals(VALUE1, loadedProps.getProperty(KEY1));
 		assertEquals(VALUE2, loadedProps.getProperty(KEY2));
-		assertEquals(VALUE3, loadedProps.getProperty(KEY3));
-		assertEquals(VALUE4, loadedProps.getProperty(KEY4));
 	}
 
 }

From bd12f1da6fe10fd1c629b67edcfbc768694733b6 Mon Sep 17 00:00:00 2001
From: Anthony Musyoki <anthony.musyoki@gmail.com>
Date: Fri, 22 Apr 2016 10:57:37 +0300
Subject: [PATCH 385/812] Packages the esapi.tld into the jar file.

---
 pom.xml | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 140c6bf9d..3bcc28cdf 100644
--- a/pom.xml
+++ b/pom.xml
@@ -250,8 +250,16 @@
                     </execution>
                 </executions>
             </plugin>
-
         </plugins>
+        <resources>
+            <resource>
+                <directory>src/main/resources</directory>
+            </resource>
+            <resource>
+                <directory>configuration/META-INF</directory>
+                <targetPath>META-INF</targetPath>
+            </resource>
+    </resources>
     </build>
 
     <reporting>

From 5209d27e3b8a4f502683324f48e4bc002278e2ab Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sat, 7 May 2016 16:29:19 -0400
Subject: [PATCH 386/812] Merge Bjorn Kimminich's pull request (# 386). Close
 issue #386.

---
 .gitignore  | 12 +++++++++---
 .travis.yml | 17 +++++++++++++++++
 README.md   |  5 +++++
 pom.xml     | 39 +++++++++++++++++++--------------------
 4 files changed, 50 insertions(+), 23 deletions(-)
 create mode 100644 .travis.yml

diff --git a/.gitignore b/.gitignore
index cbbf3ad74..7222a081f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
+# Eclipse / IntelliJ / Maven / backup editor files
 /target
 /.settings/**
 .classpath
@@ -5,7 +6,12 @@
 *.swp
 *~
 *.iml
+.idea/
+*.iws
+*.eml
+out/
 
-# IntelliJ
-
-/.idea
+# Leftover test files
+ciphertext-portable.ser
+ReferenceEncryptedProperties.test.txt
+test.out
diff --git a/.travis.yml b/.travis.yml
new file mode 100644
index 000000000..e390cfab6
--- /dev/null
+++ b/.travis.yml
@@ -0,0 +1,17 @@
+language: java
+jdk:
+- oraclejdk7
+env:
+  global:
+    - secure: "aDhH/FBa9CSX3P3UucVJGghHkzHwmw8DhEdklUnb5HI44CpQs5rVNBQLG6ClqrJGl5BEghaHG9mQ0alVrZoqGCR4UA0qhGCmeRyo+SL7z44tHFq/VdWbZJcnSXeq+CzGc4rgkIg2XBrgGKKq5EfUxXjsYQUA/mIslWhnmQtfn0gjiobJkOdGAOJ4RY6cAyTtgNbv8AZg71hnPDusz+F/Somy1GPp2oFW0gAJyOUbDqol6bx8ajTl/+NJkQL9uSlUEGqyeMwXGW0Z901Vbn+Btwl7QtnrSFxOOOlQSUIAFGKTqAt/DzOeKi0Guv5uE4nqR50veOge5StbpgDqTq6a101DYNTyMFeE4plTNKHawnnyMe7v0yTDsnk+PeeSe8hkkdqiRLiBufriVnlzlfQt9TbWfE7aRhy6U0wqvlMvMgOOmXl5+eyLf1CtdRCbWeh2eZFISbD35y8EZbGY/bP33sC8jHlWROtykdMkVzcZ6N+mP+pB+SSqy+5hUMFUCDKyzRoIjHioVJS0S+Ul7CpEeLNKTy23IzO5VSh9dysH+hf+dbdAhgEe/XBEpUxZnV400fww5LW+vAlDpY+QwqdzwpabofTYaRfyRT7nQC3qAgMrQZopqwehdKyOTgpGIKM4lqqsSLz0F/LZ57fUh8DD2sZl2M4VKL6SQ3KPEM+DC/w="
+after_success:
+  - mvn clean cobertura:cobertura coveralls:report
+addons:
+  coverity_scan:
+    project:
+      name: "bkimminich/esapi-java-legacy"
+      description: "OWASP ESAPI 2.x (Legacy) build submitted via Travis CI"
+    notification_email: bjoern.kimminich@owasp.org
+    build_command_prepend: "mvn clean"
+    build_command: "mvn -DskipTests=true compile"
+    branch_pattern: coverity_scan
\ No newline at end of file
diff --git a/README.md b/README.md
index a5bc91456..7a5af884f 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,10 @@
 Enterprise Security API for Java (Legacy)
 =================
+
+[![Build Status](https://travis-ci.org/bkimminich/esapi-java-legacy.svg?branch=master)](https://travis-ci.org/bkimminich/esapi-java-legacy)
+[![Coverage Status](https://coveralls.io/repos/github/bkimminich/esapi-java-legacy/badge.svg?branch=develop)](https://coveralls.io/github/bkimminich/esapi-java-legacy?branch=develop)
+[![Coverity Status](https://scan.coverity.com/projects/8517/badge.svg)](https://scan.coverity.com/projects/bkimminich-esapi-java-legacy)
+
 <table border=0>
 <tr>
 <td>
diff --git a/pom.xml b/pom.xml
index e4bcf22e6..81c309716 100644
--- a/pom.xml
+++ b/pom.xml
@@ -250,16 +250,26 @@
                     </execution>
                 </executions>
             </plugin>
+
+            <plugin>
+                <groupId>org.codehaus.mojo</groupId>
+                <artifactId>cobertura-maven-plugin</artifactId>
+                <version>2.7</version>
+                <configuration>
+                    <formats>
+                        <format>html</format>
+                        <format>xml</format>
+                    </formats>
+                </configuration>
+            </plugin>
+
+            <plugin>
+                <groupId>org.eluder.coveralls</groupId>
+                <artifactId>coveralls-maven-plugin</artifactId>
+                <version>4.1.0</version>
+            </plugin>
+
         </plugins>
-        <resources>
-            <resource>
-                <directory>src/main/resources</directory>
-            </resource>
-            <resource>
-                <directory>configuration/META-INF</directory>
-                <targetPath>META-INF</targetPath>
-            </resource>
-    </resources>
     </build>
 
     <reporting>
@@ -277,17 +287,6 @@
                     <relaxed>false</relaxed>
                 </configuration>
             </plugin>
-            <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>cobertura-maven-plugin</artifactId>
-                <version>2.7</version>
-                <configuration>
-                    <formats>
-                        <format>html</format>
-                        <format>xml</format>
-                    </formats>
-                </configuration>
-            </plugin>
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>jdepend-maven-plugin</artifactId>

From fbf89679464922de2bdeb355fa780ff5bb91e8c3 Mon Sep 17 00:00:00 2001
From: "Kevin W. Wall" <kevin.w.wall@gmail.com>
Date: Sat, 7 May 2016 16:53:53 -0400
Subject: [PATCH 387/812] Update README.md

Update nightly build note, and text about Google Code Issues and JIRA.
---
 README.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 7a5af884f..9a2bfcbd0 100644
--- a/README.md
+++ b/README.md
@@ -26,14 +26,14 @@ https://github.com/ESAPI/esapi-java
 Fork and submit a pull request! Simple as pi!
 
 <b>What happened to Google code?</b><br/>
-In mid-2014 ESAPI Migrated all code to GitHub, in November we started using JIRA/Confluence. 
+In mid-2014 ESAPI Migrated all code to GitHub. This migration was completed in November 2014.
 
 <b>What about the issues still located on Google Code</b><br/>
-We will be migrating the issues from Google Code to JIRA as time allows, in the meantime - if you would like to work on a Google Code issue, please create a new issue in JIRA and reference the Google Code issue in the issue Description.
+All issues from Google Code have been migrated to GitHub issues. We have a JIRA/Confluence instance allocated to us, but it has not be configured to synchronize with the GitHub issues, and thus is should not be used. JIRA is fine, but if we can't have it synchronized with GitHub issues (which is where the majority of our users report issues), it is not usuable. As developers, we do not want to spent time having to close issues from multiple bug-tracking sites. Therefore, until this synchronization happens (see GitHub issue #371), please ONLY use GitHub for reporting bugs.
 
 Wiki: https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API
 
-Nightly Build: https://esapi.ci.cloudbees.com
+Nightly Build: Travis CI - https://travis-ci.org/bkimminich/esapi-java-legacy
 
 ~~JIRA: https://owasp-esapi.atlassian.net/browse/ESAPILEG~~<br />Issues: Until further notice, use the GitHub issues for reporting bugs and enhancement requests.
 

From 366720414d533c39d2af1005577954724031f9bd Mon Sep 17 00:00:00 2001
From: "Kevin W. Wall" <kevin.w.wall@gmail.com>
Date: Tue, 10 May 2016 20:29:00 -0400
Subject: [PATCH 388/812] Add javadoc and mailing list links.

---
 README.md | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 9a2bfcbd0..6c3a6f526 100644
--- a/README.md
+++ b/README.md
@@ -38,10 +38,13 @@ Nightly Build: Travis CI - https://travis-ci.org/bkimminich/esapi-java-legacy
 ~~JIRA: https://owasp-esapi.atlassian.net/browse/ESAPILEG~~<br />Issues: Until further notice, use the GitHub issues for reporting bugs and enhancement requests.
 
 
-Documentation: https://owasp-esapi.atlassian.net/wiki/display/ESAPILEG/ESAPI+Legacy (Coming Soon)
+Documentation: https://owasp-esapi.atlassian.net/wiki/display/ESAPILEG/ESAPI+Legacy (Coming Soon), for now find general documentation under the 'documentation/' directory, and the latest Javadoc under https://www.javadoc.io/doc/org.owasp.esapi/esapi/
 
 Realtime Support available on our IRC Channel:<br/>
 Server: irc.freenode.net<br/>
 Channel: #esapi<br/>
 Webchat http://webchat.freenode.net/
 
+Mailing lists:
+[ESAPI-Users mailing list](https://lists.owasp.org/mailman/listinfo/esapi-user/) and
+[ESAPI-Developers mailing list](https://lists.owasp.org/mailman/listinfo/esapi-dev/)

From 4d63b1d72fc043d442f00ca20da0a03d409b6e14 Mon Sep 17 00:00:00 2001
From: "Kevin W. Wall" <kevin.w.wall@gmail.com>
Date: Fri, 13 May 2016 21:37:34 -0400
Subject: [PATCH 389/812] Update contributions section of README.md.

---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 6c3a6f526..865f7ca8b 100644
--- a/README.md
+++ b/README.md
@@ -22,8 +22,8 @@ The default branch for ESAPI legacy is now the 'develop' branch (rather than the
 <b>Where can I find ESAPI 3.x</b><br/>
 https://github.com/ESAPI/esapi-java
 
-<b>How can I contribute or fix bugs?</b><br/>
-Fork and submit a pull request! Simple as pi!
+<b>How can I contribute or help with fix bugs?</b><br/>
+Fork and submit a pull request! Simple as pi! We generally only accept bug fixes, not new features because as a legacy project, we don't intend on adding new features, although we may make exceptions. If you wish to propose a new feature, the best place to discuss it is via the ESAPI-DEV mailing list mentioned below. Note that we vet all pull requests, including coding style of any contributions; use the same coding style found in the files you are already editing.
 
 <b>What happened to Google code?</b><br/>
 In mid-2014 ESAPI Migrated all code to GitHub. This migration was completed in November 2014.

From aaef54dcd2706a5d80c71e8c49be0d9d649c3b9f Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Sat, 21 May 2016 10:18:19 -0500
Subject: [PATCH 390/812] Issue #316 -- Deprecated existing
 HTTPUtilities.setRememberToken() for one that doesn't require user password.

---
 pom.xml                                       |  9 +++--
 .../java/org/owasp/esapi/HTTPUtilities.java   | 13 ++++++
 .../esapi/reference/DefaultHTTPUtilities.java | 30 ++++++++++++++
 .../esapi/reference/HTTPUtilitiesTest.java    | 40 ++++++++++++++++++-
 4 files changed, 87 insertions(+), 5 deletions(-)

diff --git a/pom.xml b/pom.xml
index 81c309716..637284460 100644
--- a/pom.xml
+++ b/pom.xml
@@ -187,14 +187,17 @@
             <artifactId>antisamy</artifactId>
             <version>1.5.3</version>
         </dependency>
-
         <dependency>
             <groupId>org.apache.xmlgraphics</groupId>
             <artifactId>batik-css</artifactId>
             <version>1.8</version>
         </dependency>
-
-
+		<dependency>
+		    <groupId>org.mockito</groupId>
+		    <artifactId>mockito-all</artifactId>
+		    <version>1.10.19</version>
+		    <scope>test</scope>
+		</dependency>
     </dependencies>
 
     <build>
diff --git a/src/main/java/org/owasp/esapi/HTTPUtilities.java b/src/main/java/org/owasp/esapi/HTTPUtilities.java
index 951dea23b..3415fa2a1 100644
--- a/src/main/java/org/owasp/esapi/HTTPUtilities.java
+++ b/src/main/java/org/owasp/esapi/HTTPUtilities.java
@@ -543,12 +543,21 @@ public interface HTTPUtilities
 
 	/**
 	 * Calls setNoCacheHeaders with the *current* response.
+	 * 
+	 * ~DEPRECATED~  Per Kevin Wall, storing passwords with reversible encryption is contrary to *many*
+	 * company's stated security policies.  
      *
 	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
 	 */
+    @Deprecated
     String setRememberToken(String password, int maxAge, String domain, String path);
 
+    /**
+     * 
+     */
+    String setRememberToken(HttpServletRequest request, HttpServletResponse response, int maxAge, String domain, String path);
 
+    
     /**
 	 * Set a cookie containing the current User's remember me token for automatic authentication. The use of remember me tokens
 	 * is generally not recommended, but this method will help do it as safely as possible. The user interface should strongly warn
@@ -564,6 +573,9 @@ public interface HTTPUtilities
      * <p/>
      * The username can be retrieved with: User username = ESAPI.authenticator().getCurrentUser();
      *
+     *~DEPRECATED~  Per Kevin Wall, storing passwords with reversible encryption is contrary to *many*
+	 * company's stated security policies.  
+     *
      * @param request
      * @param password the user's password
      * @param response
@@ -572,6 +584,7 @@ public interface HTTPUtilities
 	 * @param path the path to restrict the token to or null
 	 * @return encrypted "Remember Me" token stored as a String
 	 */
+    @Deprecated
     String setRememberToken(HttpServletRequest request, HttpServletResponse response, String password, int maxAge, String domain, String path);
 
 
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java b/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java
index afad650cd..3c460c872 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java
@@ -945,6 +945,36 @@ public String setRememberToken( HttpServletRequest request, HttpServletResponse
 			return null;
 		}
 	}
+	
+	
+	public String setRememberToken(HttpServletRequest request, HttpServletResponse response, int maxAge, String domain, String path){
+		String rval = "";
+		User user = ESAPI.authenticator().getCurrentUser();
+		
+		try{
+			killCookie(request,response, REMEMBER_TOKEN_COOKIE_NAME);
+			// seal already contains random data
+			String clearToken = user.getAccountName();
+			long expiry = ESAPI.encryptor().getRelativeTimeStamp(maxAge * 1000);
+			String cryptToken = ESAPI.encryptor().seal(clearToken, expiry);
+
+            // Do NOT URLEncode cryptToken before creating cookie. See Google Issue # 144,
+			// which was marked as "WontFix".
+
+			Cookie cookie = new Cookie( REMEMBER_TOKEN_COOKIE_NAME, cryptToken );
+			cookie.setMaxAge( maxAge );
+			cookie.setDomain( domain );
+			cookie.setPath( path );
+			response.addCookie( cookie );
+			logger.info(Logger.SECURITY_SUCCESS, "Enabled remember me token for " + user.getAccountName() );
+		} catch( IntegrityException e){
+			logger.warning(Logger.SECURITY_FAILURE, "Attempt to set remember me token failed for " + user.getAccountName(), e );
+			return null;
+		}
+		
+		
+		return rval;
+	}
 
     /**
 	 * {@inheritDoc}
diff --git a/src/test/java/org/owasp/esapi/reference/HTTPUtilitiesTest.java b/src/test/java/org/owasp/esapi/reference/HTTPUtilitiesTest.java
index 5dadd5ce3..c58eecaa3 100644
--- a/src/test/java/org/owasp/esapi/reference/HTTPUtilitiesTest.java
+++ b/src/test/java/org/owasp/esapi/reference/HTTPUtilitiesTest.java
@@ -17,6 +17,7 @@
 
 import java.io.File;
 import java.io.IOException;
+import java.lang.reflect.Field;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.Iterator;
@@ -25,6 +26,7 @@
 
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
 import org.owasp.esapi.Authenticator;
@@ -47,7 +49,6 @@
 import junit.framework.Test;
 import junit.framework.TestCase;
 import junit.framework.TestSuite;
-
 /**
  * The Class HTTPUtilitiesTest.
  * 
@@ -465,7 +466,7 @@ public void testSetNoCacheHeaders() {
 	 *
 	 * @throws org.owasp.esapi.errors.AuthenticationException
 	 */
-	public void testSetRememberToken() throws AuthenticationException {
+	public void testDeprecatedSetRememberToken() throws AuthenticationException {
 		System.out.println("setRememberToken");
 		Authenticator instance = (Authenticator)ESAPI.authenticator();
 		String accountName=ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
@@ -485,6 +486,41 @@ public void testSetRememberToken() throws AuthenticationException {
 		// String value = response.getCookie( Authenticator.REMEMBER_TOKEN_COOKIE_NAME ).getValue();
 		// assertEquals( user.getRememberToken(), value );
 	}
+	
+	/**
+	 *
+	 * @throws org.owasp.esapi.errors.AuthenticationException
+	 */
+	public void testSetRememberToken() throws Exception {
+		System.out.println("setRememberToken");
+		Authenticator instance = (Authenticator)ESAPI.authenticator();
+		String accountName=ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+		String password = instance.generateStrongPassword();
+		User user = instance.createUser(accountName, password, password);
+		user.enable();
+		MockHttpServletRequest request = new MockHttpServletRequest();
+		request.addParameter("username", accountName);
+		request.addParameter("password", password);
+		HttpServletResponse response = new MockHttpServletResponse();
+		ESAPI.httpUtilities().setCurrentHTTP(request, response);
+		instance.login( request, response);
+
+		int maxAge = ( 60 * 60 * 24 * 14 );
+
+		ESAPI.httpUtilities().setRememberToken( request, response, maxAge, "domain", "/" );
+		
+		Field field = response.getClass().getDeclaredField("cookies");
+		field.setAccessible(true);
+		List<Cookie> cookies = (List<Cookie>) field.get(response);
+		Cookie cookie = null;
+		for(Cookie c: cookies){
+			if(c.getName().equals(HTTPUtilities.REMEMBER_TOKEN_COOKIE_NAME)){
+				cookie = c; 
+				break;
+			}
+		}
+		assertEquals(HTTPUtilities.REMEMBER_TOKEN_COOKIE_NAME, cookie.getName());
+	}
 
 	public void testGetSessionAttribute() throws Exception {
 		HttpServletRequest request = new MockHttpServletRequest();

From b2609a51743045382a84db9cc79bff6f5815aefe Mon Sep 17 00:00:00 2001
From: "Kevin W. Wall" <kevin.w.wall@gmail.com>
Date: Sat, 21 May 2016 17:09:48 -0400
Subject: [PATCH 391/812] Describe reporting vulnerabilities in README.md

Add paragraph on how to report vulnerabilities (for CII-Best-Practices).
Minor changes to other sections.
---
 README.md | 29 +++++++++++++++++++----------
 1 file changed, 19 insertions(+), 10 deletions(-)

diff --git a/README.md b/README.md
index 865f7ca8b..9fdc99727 100644
--- a/README.md
+++ b/README.md
@@ -13,38 +13,47 @@ OWASP ESAPI (The OWASP Enterprise Security API) is a free, open source, web appl
 </tr>
 </table>
 
-<b>What does Legacy mean?</b><br/>
+# What does Legacy mean?
 <p>This is the legacy branch of ESAPI which means it is an actively maintained branch of the project, however feature development for this branch will not be done. Features that have already been scheduled for the 2.x branch will move forward, but the main focus will be working on the ESAPI 3.x branch.
 
 <b>IMPORTANT NOTE:</b>
 The default branch for ESAPI legacy is now the 'develop' branch (rather than the 'master' branch), where future development, bug fixes, etc. will now be done. The 'master' branch is now marked as "protected"; it reflects the latest stable ESAPI release (2.1.0.1 as of this date). Note that this change of making the 'develop' branch the default may affect any pull requests that you were intending to make.
 
-<b>Where can I find ESAPI 3.x</b><br/>
+# Where can I find ESAPI 3.x?
 https://github.com/ESAPI/esapi-java
 
-<b>How can I contribute or help with fix bugs?</b><br/>
+# Contributing to ESAPI legacy
+## How can I contribute or help with fix bugs?
 Fork and submit a pull request! Simple as pi! We generally only accept bug fixes, not new features because as a legacy project, we don't intend on adding new features, although we may make exceptions. If you wish to propose a new feature, the best place to discuss it is via the ESAPI-DEV mailing list mentioned below. Note that we vet all pull requests, including coding style of any contributions; use the same coding style found in the files you are already editing.
 
-<b>What happened to Google code?</b><br/>
+### What happened to Google code?
 In mid-2014 ESAPI Migrated all code to GitHub. This migration was completed in November 2014.
 
-<b>What about the issues still located on Google Code</b><br/>
+### What about the issues still located on Google Code?
 All issues from Google Code have been migrated to GitHub issues. We have a JIRA/Confluence instance allocated to us, but it has not be configured to synchronize with the GitHub issues, and thus is should not be used. JIRA is fine, but if we can't have it synchronized with GitHub issues (which is where the majority of our users report issues), it is not usuable. As developers, we do not want to spent time having to close issues from multiple bug-tracking sites. Therefore, until this synchronization happens (see GitHub issue #371), please ONLY use GitHub for reporting bugs.
 
-Wiki: https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API
+### Find an Issue?
+If you have found a bug, then create an issue on the esapi-legacy-java repo: https://github.com/ESAPI/esapi-java-legacy/issues
 
-Nightly Build: Travis CI - https://travis-ci.org/bkimminich/esapi-java-legacy
+### Find a Vulnerability?
+If you have found a vulnerability in ESAPI legacy, first search the issues list (see above) to see if it has already been reported. If it has not, then please contact both Kevin W. Wall (kevin.w.wall at gmail.com) and Chris Schmidt (chris.schmidt at owasp.org) directly. Please do not report vulnerabilities via GitHub issues or via the ESAPI mailing lists as we wish to keep our users secure while a patch is implemented and deployed. If you wish to be acknowledged for finding the vulnerability, then please follow this process. (Eventually, we would like to have BugCrowd handle this, but that's still a ways off.) Also, when you post the email describing the vulnerability, please do so from an email address that you usually monitor.
+
+## Where to Find More Information on ESAPI
+
+*Wiki:* https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API
+
+*Nightly Build:* Travis CI - https://travis-ci.org/bkimminich/esapi-java-legacy
 
 ~~JIRA: https://owasp-esapi.atlassian.net/browse/ESAPILEG~~<br />Issues: Until further notice, use the GitHub issues for reporting bugs and enhancement requests.
 
 
-Documentation: https://owasp-esapi.atlassian.net/wiki/display/ESAPILEG/ESAPI+Legacy (Coming Soon), for now find general documentation under the 'documentation/' directory, and the latest Javadoc under https://www.javadoc.io/doc/org.owasp.esapi/esapi/
+*Documentation:* https://owasp-esapi.atlassian.net/wiki/display/ESAPILEG/ESAPI+Legacy (Coming Soon), for now find general documentation under the 'documentation/' directory, and the latest Javadoc under https://www.javadoc.io/doc/org.owasp.esapi/esapi/
 
-Realtime Support available on our IRC Channel:<br/>
+*Realtime Support available on our IRC Channel:*<br/>
 Server: irc.freenode.net<br/>
 Channel: #esapi<br/>
 Webchat http://webchat.freenode.net/
 
-Mailing lists:
+*Mailing lists:*
 [ESAPI-Users mailing list](https://lists.owasp.org/mailman/listinfo/esapi-user/) and
 [ESAPI-Developers mailing list](https://lists.owasp.org/mailman/listinfo/esapi-dev/)

From b496305cb7711166141c2b220560fa93352120cb Mon Sep 17 00:00:00 2001
From: Pavan Kumar <sunnypav@users.noreply.github.com>
Date: Wed, 8 Jun 2016 16:43:03 +0530
Subject: [PATCH 392/812] #302 HTMLEntityCodec Now decodes cased accented
 letters properly

HTMLEntityCodec.decode incorrectly decodes upper-case accented letters as their lower-case counterparts. In this change i am doing an exact match for the possible string and if the match is not found falling back to the old technique of lowercasing the possible string & find a match for it. Please review this change
---
 .../org/owasp/esapi/codecs/HTMLEntityCodec.java   | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java b/src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java
index b4337968a..cd72dc79c 100644
--- a/src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java
@@ -250,12 +250,21 @@ private Character getNamedEntity( PushbackString input ) {
 		// kludge around PushbackString....
 		len = Math.min(input.remainder().length(), entityToCharacterTrie.getMaxKeyLength());
 		for(int i=0;i<len;i++)
-			possible.append(Character.toLowerCase(input.next()));
+			possible.append(input.next());
 
 		// look up the longest match
 		entry = entityToCharacterTrie.getLongestMatch(possible);
-		if(entry == null)
-			return null;	// no match, caller will reset input
+		if(entry == null) {
+			// We are lowercasing & comparing the result because of this all the upper case named entities are getting converted lowercase named entities.
+			// check is there any exact match https://github.com/ESAPI/esapi-java-legacy/issues/302
+			String possibleString = possible.toString();
+			String possibleStringLowerCase = possibleString.toLowerCase();
+		        if(!possibleString.equals(possibleStringLowerCase)) {
+		           Map.Entry<CharSequence,Character> exactEntry = entityToCharacterTrie.getLongestMatch(possibleStringLowerCase);
+		           if(exactEntry != null) entry = exactEntry;
+		        }
+		        if(entry == null) return null; // no match, caller will reset input
+		}
 
 		// fixup input
 		input.reset();

From 32f5e84dd8c06e53a6a2abe97ef0aff239f96f24 Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Sun, 12 Jun 2016 16:48:06 -0500
Subject: [PATCH 393/812] Issue #376 create an alternative API to validate
 URLs, to thwart ReDoS.

---
 .../reference/ExtensiveEncoderURITest.java    |   49 +
 .../owasp/esapi/reference/ValidatorTest.java  |   31 +-
 .../resources/esapi/validation.properties     |    8 +-
 src/test/resources/urisForTest.txt            | 2001 +++++++++++++++++
 4 files changed, 2084 insertions(+), 5 deletions(-)
 create mode 100644 src/test/java/org/owasp/esapi/reference/ExtensiveEncoderURITest.java
 create mode 100644 src/test/resources/urisForTest.txt

diff --git a/src/test/java/org/owasp/esapi/reference/ExtensiveEncoderURITest.java b/src/test/java/org/owasp/esapi/reference/ExtensiveEncoderURITest.java
new file mode 100644
index 000000000..5c791fde8
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/reference/ExtensiveEncoderURITest.java
@@ -0,0 +1,49 @@
+package org.owasp.esapi.reference;
+
+import static org.junit.Assert.assertEquals;
+
+import java.io.File;
+import java.net.URL;
+import java.nio.file.Files;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+import org.junit.runners.Parameterized.Parameters;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Validator;
+
+
+@RunWith(Parameterized.class)
+public class ExtensiveEncoderURITest {
+	static List<String> inputs = new ArrayList<String>();
+	Validator v = ESAPI.validator();
+	String uri;
+	boolean expected;
+	
+	public ExtensiveEncoderURITest(String uri){
+		String[] values = uri.split(","); 
+		this.uri = values[0];
+		this.expected = Boolean.parseBoolean(values[1]);
+	}
+	
+	@Parameters
+	public static Collection<String> getMyUris() throws Exception{
+		URL url = ExtensiveEncoderURITest.class.getResource("/urisForTest.txt");
+		String fileName = url.getFile();
+		File urisForText = new File(fileName);
+		
+		inputs = Files.readAllLines(urisForText.toPath());
+		
+		return inputs;
+	}
+	
+	@Test
+	public void testUrlsFromFile() throws Exception{
+		assertEquals(this.expected, v.isValidURI("URL", uri, false));
+	}
+
+}
diff --git a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
index 8c37835d9..fce7c1414 100644
--- a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
+++ b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
@@ -28,6 +28,7 @@
 
 import javax.servlet.http.Cookie;
 import java.io.*;
+import java.net.URI;
 import java.text.DateFormat;
 import java.text.SimpleDateFormat;
 import java.util.*;
@@ -563,8 +564,7 @@ public void testIsValidFileUpload() throws IOException {
         assertTrue(errors.size() == 1);
     }
 
-    public void testIsValidHTTPRequestParameterSet() {
-        //		isValidHTTPRequestParameterSet(String, Set, Set)
+    public void testIsValidHTTPRequestParameterSet() throws Exception{
     }
 
     public void testisValidInput() {
@@ -580,7 +580,7 @@ public void testisValidInput() {
         assertFalse(instance.isValidInput("test", "..168.1.234", "IPAddress", 100, false));
         assertFalse(instance.isValidInput("test", "10.x.1.234", "IPAddress", 100, false));
         assertTrue(instance.isValidInput("test", "http://www.aspectsecurity.com", "URL", 100, false));
-        assertFalse(instance.isValidInput("test", "http:///www.aspectsecurity.com", "URL", 100, false));
+        assertTrue(instance.isValidInput("test", "http://www.aspectsecurity.com", "URL", 100, false));
         assertFalse(instance.isValidInput("test", "http://www.aspect security.com", "URL", 100, false));
         assertTrue(instance.isValidInput("test", "078-05-1120", "SSN", 100, false));
         assertTrue(instance.isValidInput("test", "078 05 1120", "SSN", 100, false));
@@ -1143,5 +1143,30 @@ public void testGetContextPath() {
         // Fail-case - URL Splitting
         assertFalse(ESAPI.validator().isValidInput("HTTPContextPath", "/\\nGET http://evil.com", "HTTPContextPath", 512, true));
     }
+    
+    public void testGmailEmailAddress(){
+    	Validator v = ESAPI.validator();
+    	assertTrue(v.isValidInput("Gmail", "Darth+Sidious@gmail.com", "Gmail", 512, false));
+    	assertTrue(v.isValidInput("Gmail", "Darth.Sidious@gmail.com", "Gmail", 512, false));
+    }
+    
+    public void testGetValidUri(){
+    	Validator v = ESAPI.validator();
+    	assertFalse(v.isValidURI("test", "http://core-jenkins.scansafe.cisco.com/佐贺诺伦-^ńörén.jpg", false));
+    }
+    
+    public void testGetCanonicalizedUri() throws Exception {
+    	Validator v = ESAPI.validator();
+    	
+    	String expectedUri = "http://palpatine@foo bar.com/path_to/resource?foo=bar#frag";
+    	//Please note that section 3.2.1 of RFC-3986 explicitly states not to encode
+    	//password information as in http://palpatine:password@foo.com, and this will
+    	//not appear in the userinfo field.  
+    	String input = "http://palpatine@foo%20bar.com/path_to/resource?foo=bar#frag";
+    	URI uri = new URI(input);
+    	System.out.println(uri.toString());
+    	assertEquals(expectedUri, v.getCanonicalizedURI(uri));
+    	
+    }
 }
 
diff --git a/src/test/resources/esapi/validation.properties b/src/test/resources/esapi/validation.properties
index 433fa0b6b..45fd32b74 100644
--- a/src/test/resources/esapi/validation.properties
+++ b/src/test/resources/esapi/validation.properties
@@ -21,9 +21,13 @@
 #    someObject.setEmail(ESAPI.validator().getValidInput("User Email", input, "Email", maxLength, allowNull));
 #
 Validator.SafeString=^[.\\p{Alnum}\\p{Space}]{0,1024}$
-Validator.Email=^[A-Za-z0-9._%'-]+@[A-Za-z0-9.-]+\\.[a-zA-Z]{2,4}$
+#Given the discussion: https://github.com/ESAPI/esapi-java-legacy/issues/374, a better upper-bound for domain name
+#was selected as 62.  This is slightly under the length in RFC-1035
+Validator.Email=^[A-Za-z0-9._%'-]+@[A-Za-z0-9.-]+\\.[a-zA-Z]{2,62}$
+Validator.Gmail=^[A-Za-z0-9._%'-+]+@[A-Za-z0-9.-]+\\.[a-zA-Z]{2,62}$
 Validator.IPAddress=^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$
-Validator.URL=^(ht|f)tp(s?)\\:\\/\\/[0-9a-zA-Z]([-.\\w]*[0-9a-zA-Z])*(:(0-9)*)*(\\/?)([a-zA-Z0-9\\-\\.\\?\\,\\:\\'\\/\\\\\\+=&amp;%\\$#_]*)?$
+#Validator.URL=^(?:ht|f)tp(s?+)\\:\\/\\/[0-9a-zA-Z](?:[-.\\w]*[0-9a-zA-Z])*(?::(?:0-9)*)*(?:\\/?+)(?:[a-zA-Z0-9\\-\\.\\?\\,\\:\\'\\/\\\\\\+=&amp;%\\$#_]*)?+$
+Validator.URL=^(?:ht|f)tp(?:s?)(?:[\\p{Print}]*)$
 Validator.CreditCard=^(\\d{4}[- ]?){3}\\d{4}$
 Validator.SSN=^(?!000)([0-6]\\d{2}|7([0-6]\\d|7[012]))([ -]?)(?!00)\\d\\d\\3(?!0000)\\d{4}$
 
diff --git a/src/test/resources/urisForTest.txt b/src/test/resources/urisForTest.txt
new file mode 100644
index 000000000..be5183f7d
--- /dev/null
+++ b/src/test/resources/urisForTest.txt
@@ -0,0 +1,2001 @@
+http://core-jenkins.scansafe.cisco.com/佐贺诺伦-^ńörén.jpg,FALSE
+https://wunderground.com/luctus/rutrum/nulla/tellus/in/sagittis.xml?et=vulputate&magnis=ut&dis=ultrices&parturient=vel&montes=augue&nascetur=vestibulum&ridiculus=ante&mus=ipsum&vivamus=primis&vestibulum=in&sagittis=faucibus&sapien=orci&cum=luctus&sociis=et&natoque=ultrices&penatibus=posuere&et=cubilia&magnis=curae&dis=donec&parturient=pharetra&montes=magna&nascetur=vestibulum&ridiculus=aliquet&mus=ultrices&etiam=erat&vel=tortor&augue=sollicitudin&vestibulum=mi&rutrum=sit&rutrum=amet&neque=lobortis&aenean=sapien&auctor=sapien&gravida=non&sem=mi&praesent=integer&id=ac&massa=neque&id=duis&nisl=bibendum&venenatis=morbi&lacinia=non&aenean=quam&sit=nec&amet=dui&justo=luctus&morbi=rutrum&ut=nulla&odio=tellus&cras=in&mi=sagittis&pede=dui&malesuada=vel&in=nisl&imperdiet=duis&et=ac&commodo=nibh&vulputate=fusce&justo=lacus&in=purus&blandit=aliquet&ultrices=at&enim=feugiat&lorem=non&ipsum=pretium&dolor=quis&sit=lectus,TRUE
+http://eepurl.com/augue/vestibulum/rutrum/rutrum.xml?imperdiet=consequat&sapien=metus&urna=sapien&pretium=ut&nisl=nunc&ut=vestibulum&volutpat=ante&sapien=ipsum&arcu=primis&sed=in&augue=faucibus&aliquam=orci&erat=luctus&volutpat=et&in=ultrices&congue=posuere&etiam=cubilia&justo=curae&etiam=mauris&pretium=viverra&iaculis=diam&justo=vitae&in=quam&hac=suspendisse&habitasse=potenti&platea=nullam&dictumst=porttitor&etiam=lacus&faucibus=at&cursus=turpis&urna=donec&ut=posuere&tellus=metus&nulla=vitae&ut=ipsum&erat=aliquam&id=non&mauris=mauris&vulputate=morbi&elementum=non&nullam=lectus&varius=aliquam&nulla=sit&facilisi=amet&cras=diam&non=in&velit=magna&nec=bibendum&nisi=imperdiet&vulputate=nullam&nonummy=orci&maecenas=pede&tincidunt=venenatis&lacus=non&at=sodales&velit=sed&vivamus=tincidunt&vel=eu&nulla=felis&eget=fusce&eros=posuere&elementum=felis&pellentesque=sed&quisque=lacus&porta=morbi&volutpat=sem&erat=mauris&quisque=laoreet&erat=ut&eros=rhoncus&viverra=aliquet&eget=pulvinar&congue=sed&eget=nisl&semper=nunc&rutrum=rhoncus&nulla=dui&nunc=vel&purus=sem&phasellus=sed&in=sagittis&felis=nam&donec=congue&semper=risus&sapien=semper&a=porta&libero=volutpat&nam=quam&dui=pede&proin=lobortis&leo=ligula&odio=sit&porttitor=amet&id=eleifend&consequat=pede&in=libero&consequat=quis&ut=orci&nulla=nullam,TRUE
+https://wired.com/in/faucibus/orci/luctus.json?porttitor=non&lacus=ligula&at=pellentesque&turpis=ultrices&donec=phasellus&posuere=id&metus=sapien&vitae=in&ipsum=sapien&aliquam=iaculis&non=congue&mauris=vivamus&morbi=metus&non=arcu&lectus=adipiscing&aliquam=molestie&sit=hendrerit&amet=at&diam=vulputate&in=vitae&magna=nisl&bibendum=aenean&imperdiet=lectus&nullam=pellentesque&orci=eget&pede=nunc&venenatis=donec&non=quis&sodales=orci&sed=eget&tincidunt=orci&eu=vehicula&felis=condimentum&fusce=curabitur&posuere=in&felis=libero&sed=ut&lacus=massa&morbi=volutpat&sem=convallis&mauris=morbi&laoreet=odio&ut=odio&rhoncus=elementum&aliquet=eu,TRUE
+http://acquirethisname.com/quis/orci/eget/orci.jsp?tincidunt=faucibus&eu=cursus&felis=urna&fusce=ut&posuere=tellus&felis=nulla&sed=ut&lacus=erat&morbi=id&sem=mauris&mauris=vulputate&laoreet=elementum&ut=nullam&rhoncus=varius&aliquet=nulla&pulvinar=facilisi&sed=cras&nisl=non&nunc=velit&rhoncus=nec&dui=nisi&vel=vulputate&sem=nonummy&sed=maecenas&sagittis=tincidunt&nam=lacus&congue=at&risus=velit&semper=vivamus&porta=vel&volutpat=nulla&quam=eget&pede=eros&lobortis=elementum&ligula=pellentesque&sit=quisque&amet=porta&eleifend=volutpat&pede=erat&libero=quisque&quis=erat&orci=eros&nullam=viverra&molestie=eget&nibh=congue&in=eget&lectus=semper&pellentesque=rutrum&at=nulla&nulla=nunc&suspendisse=purus&potenti=phasellus&cras=in&in=felis&purus=donec&eu=semper&magna=sapien&vulputate=a&luctus=libero&cum=nam&sociis=dui&natoque=proin&penatibus=leo&et=odio&magnis=porttitor&dis=id&parturient=consequat&montes=in&nascetur=consequat&ridiculus=ut&mus=nulla&vivamus=sed&vestibulum=accumsan&sagittis=felis&sapien=ut&cum=at&sociis=dolor&natoque=quis&penatibus=odio&et=consequat&magnis=varius&dis=integer&parturient=ac&montes=leo&nascetur=pellentesque&ridiculus=ultrices&mus=mattis&etiam=odio&vel=donec&augue=vitae&vestibulum=nisi&rutrum=nam,TRUE
+https://squarespace.com/vestibulum/rutrum/rutrum/neque/aenean/auctor/gravida.jpg?suscipit=proin&a=at&feugiat=turpis&et=a&eros=pede&vestibulum=posuere&ac=nonummy&est=integer&lacinia=non&nisi=velit&venenatis=donec&tristique=diam&fusce=neque&congue=vestibulum&diam=eget&id=vulputate&ornare=ut&imperdiet=ultrices&sapien=vel&urna=augue&pretium=vestibulum&nisl=ante&ut=ipsum&volutpat=primis&sapien=in&arcu=faucibus&sed=orci&augue=luctus&aliquam=et&erat=ultrices&volutpat=posuere&in=cubilia&congue=curae&etiam=donec&justo=pharetra&etiam=magna&pretium=vestibulum&iaculis=aliquet&justo=ultrices&in=erat&hac=tortor&habitasse=sollicitudin&platea=mi&dictumst=sit&etiam=amet&faucibus=lobortis&cursus=sapien&urna=sapien&ut=non&tellus=mi&nulla=integer&ut=ac&erat=neque&id=duis&mauris=bibendum&vulputate=morbi&elementum=non&nullam=quam&varius=nec&nulla=dui&facilisi=luctus&cras=rutrum,TRUE
+https://usda.gov/in/faucibus/orci/luctus/et/ultrices.json?feugiat=lacinia&et=eget&eros=tincidunt&vestibulum=eget&ac=tempus&est=vel&lacinia=pede&nisi=morbi,TRUE
+https://wordpress.org/posuere.js?massa=consequat&tempor=morbi&convallis=a&nulla=ipsum&neque=integer&libero=a&convallis=nibh&eget=in&eleifend=quis&luctus=justo&ultricies=maecenas&eu=rhoncus&nibh=aliquam&quisque=lacus&id=morbi&justo=quis&sit=tortor&amet=id&sapien=nulla&dignissim=ultrices&vestibulum=aliquet&vestibulum=maecenas&ante=leo&ipsum=odio&primis=condimentum&in=id&faucibus=luctus&orci=nec&luctus=molestie&et=sed&ultrices=justo,TRUE
+https://msu.edu/ligula/vehicula/consequat/morbi/a/ipsum/integer.png?ut=amet&at=turpis&dolor=elementum&quis=ligula&odio=vehicula&consequat=consequat&varius=morbi&integer=a&ac=ipsum&leo=integer&pellentesque=a&ultrices=nibh&mattis=in&odio=quis&donec=justo&vitae=maecenas&nisi=rhoncus&nam=aliquam&ultrices=lacus,TRUE
+https://dyndns.org/congue/risus/semper/porta.xml?nunc=sagittis&nisl=sapien&duis=cum&bibendum=sociis&felis=natoque&sed=penatibus&interdum=et&venenatis=magnis&turpis=dis&enim=parturient&blandit=montes&mi=nascetur&in=ridiculus&porttitor=mus&pede=etiam&justo=vel&eu=augue&massa=vestibulum&donec=rutrum&dapibus=rutrum&duis=neque&at=aenean&velit=auctor&eu=gravida&est=sem&congue=praesent&elementum=id&in=massa&hac=id,TRUE
+https://bbc.co.uk/erat/tortor/sollicitudin/mi.xml?posuere=ac&nonummy=enim&integer=in&non=tempor&velit=turpis&donec=nec&diam=euismod&neque=scelerisque&vestibulum=quam&eget=turpis&vulputate=adipiscing&ut=lorem&ultrices=vitae&vel=mattis&augue=nibh&vestibulum=ligula&ante=nec&ipsum=sem&primis=duis&in=aliquam&faucibus=convallis&orci=nunc&luctus=proin&et=at&ultrices=turpis&posuere=a&cubilia=pede&curae=posuere&donec=nonummy&pharetra=integer&magna=non&vestibulum=velit&aliquet=donec&ultrices=diam&erat=neque&tortor=vestibulum&sollicitudin=eget&mi=vulputate&sit=ut&amet=ultrices&lobortis=vel&sapien=augue&sapien=vestibulum&non=ante&mi=ipsum&integer=primis&ac=in&neque=faucibus&duis=orci&bibendum=luctus&morbi=et&non=ultrices&quam=posuere&nec=cubilia,TRUE
+https://harvard.edu/donec/vitae/nisi.json?feugiat=quisque&non=ut&pretium=erat&quis=curabitur&lectus=gravida&suspendisse=nisi&potenti=at&in=nibh&eleifend=in&quam=hac&a=habitasse&odio=platea&in=dictumst&hac=aliquam&habitasse=augue&platea=quam&dictumst=sollicitudin&maecenas=vitae&ut=consectetuer&massa=eget&quis=rutrum&augue=at&luctus=lorem&tincidunt=integer&nulla=tincidunt&mollis=ante&molestie=vel&lorem=ipsum&quisque=praesent&ut=blandit&erat=lacinia&curabitur=erat&gravida=vestibulum&nisi=sed&at=magna&nibh=at&in=nunc&hac=commodo&habitasse=placerat&platea=praesent&dictumst=blandit&aliquam=nam&augue=nulla&quam=integer&sollicitudin=pede&vitae=justo&consectetuer=lacinia&eget=eget&rutrum=tincidunt&at=eget&lorem=tempus&integer=vel&tincidunt=pede&ante=morbi&vel=porttitor&ipsum=lorem&praesent=id&blandit=ligula&lacinia=suspendisse&erat=ornare&vestibulum=consequat&sed=lectus,TRUE
+https://com.com/ornare/consequat/lectus/in.xml?sit=in&amet=felis&justo=donec&morbi=semper&ut=sapien&odio=a&cras=libero&mi=nam&pede=dui&malesuada=proin&in=leo&imperdiet=odio&et=porttitor,TRUE
+http://nasa.gov/ipsum/integer/a/nibh/in.png?turpis=platea&integer=dictumst&aliquet=maecenas&massa=ut&id=massa&lobortis=quis&convallis=augue&tortor=luctus&risus=tincidunt&dapibus=nulla&augue=mollis&vel=molestie&accumsan=lorem&tellus=quisque&nisi=ut&eu=erat&orci=curabitur&mauris=gravida&lacinia=nisi&sapien=at&quis=nibh&libero=in&nullam=hac&sit=habitasse&amet=platea&turpis=dictumst&elementum=aliquam&ligula=augue&vehicula=quam&consequat=sollicitudin&morbi=vitae&a=consectetuer&ipsum=eget&integer=rutrum&a=at&nibh=lorem&in=integer&quis=tincidunt&justo=ante&maecenas=vel&rhoncus=ipsum&aliquam=praesent&lacus=blandit&morbi=lacinia&quis=erat&tortor=vestibulum&id=sed&nulla=magna&ultrices=at&aliquet=nunc&maecenas=commodo&leo=placerat&odio=praesent&condimentum=blandit&id=nam&luctus=nulla&nec=integer&molestie=pede&sed=justo&justo=lacinia&pellentesque=eget&viverra=tincidunt&pede=eget&ac=tempus&diam=vel&cras=pede&pellentesque=morbi&volutpat=porttitor&dui=lorem&maecenas=id&tristique=ligula&est=suspendisse&et=ornare&tempus=consequat&semper=lectus&est=in&quam=est&pharetra=risus&magna=auctor,TRUE
+http://jigsy.com/nec/condimentum/neque.jpg?justo=lectus&aliquam=pellentesque&quis=at&turpis=nulla&eget=suspendisse&elit=potenti&sodales=cras&scelerisque=in&mauris=purus&sit=eu&amet=magna&eros=vulputate&suspendisse=luctus&accumsan=cum&tortor=sociis&quis=natoque&turpis=penatibus&sed=et&ante=magnis&vivamus=dis&tortor=parturient&duis=montes&mattis=nascetur&egestas=ridiculus&metus=mus&aenean=vivamus&fermentum=vestibulum&donec=sagittis&ut=sapien&mauris=cum&eget=sociis&massa=natoque&tempor=penatibus&convallis=et&nulla=magnis&neque=dis&libero=parturient&convallis=montes&eget=nascetur&eleifend=ridiculus&luctus=mus&ultricies=etiam&eu=vel,TRUE
+http://shareasale.com/sem/fusce.xml?sed=sodales&tristique=scelerisque,TRUE
+https://cocolog-nifty.com/faucibus/orci/luctus/et/ultrices/posuere.jsp?odio=in&elementum=leo&eu=maecenas&interdum=pulvinar&eu=lobortis&tincidunt=est&in=phasellus&leo=sit&maecenas=amet&pulvinar=erat&lobortis=nulla&est=tempus&phasellus=vivamus&sit=in&amet=felis&erat=eu&nulla=sapien&tempus=cursus&vivamus=vestibulum&in=proin&felis=eu&eu=mi&sapien=nulla&cursus=ac&vestibulum=enim&proin=in&eu=tempor&mi=turpis&nulla=nec&ac=euismod&enim=scelerisque&in=quam&tempor=turpis&turpis=adipiscing&nec=lorem&euismod=vitae&scelerisque=mattis&quam=nibh&turpis=ligula&adipiscing=nec&lorem=sem&vitae=duis&mattis=aliquam&nibh=convallis&ligula=nunc&nec=proin&sem=at&duis=turpis&aliquam=a&convallis=pede&nunc=posuere&proin=nonummy&at=integer&turpis=non&a=velit&pede=donec&posuere=diam&nonummy=neque&integer=vestibulum&non=eget&velit=vulputate&donec=ut&diam=ultrices&neque=vel&vestibulum=augue,TRUE
+http://icq.com/volutpat.js?sit=mus&amet=etiam&justo=vel&morbi=augue&ut=vestibulum&odio=rutrum&cras=rutrum&mi=neque&pede=aenean&malesuada=auctor&in=gravida&imperdiet=sem&et=praesent&commodo=id&vulputate=massa&justo=id&in=nisl&blandit=venenatis&ultrices=lacinia&enim=aenean&lorem=sit&ipsum=amet&dolor=justo&sit=morbi&amet=ut&consectetuer=odio&adipiscing=cras&elit=mi&proin=pede&interdum=malesuada&mauris=in&non=imperdiet&ligula=et&pellentesque=commodo&ultrices=vulputate&phasellus=justo&id=in&sapien=blandit&in=ultrices,TRUE
+https://senate.gov/tortor/duis/mattis/egestas/metus/aenean/fermentum.json?cubilia=in&curae=ante&mauris=vestibulum&viverra=ante&diam=ipsum&vitae=primis&quam=in&suspendisse=faucibus&potenti=orci&nullam=luctus&porttitor=et&lacus=ultrices&at=posuere&turpis=cubilia&donec=curae&posuere=duis&metus=faucibus&vitae=accumsan&ipsum=odio&aliquam=curabitur&non=convallis&mauris=duis&morbi=consequat&non=dui&lectus=nec&aliquam=nisi&sit=volutpat&amet=eleifend&diam=donec&in=ut&magna=dolor&bibendum=morbi&imperdiet=vel&nullam=lectus&orci=in&pede=quam&venenatis=fringilla&non=rhoncus&sodales=mauris&sed=enim&tincidunt=leo&eu=rhoncus&felis=sed&fusce=vestibulum&posuere=sit&felis=amet&sed=cursus&lacus=id&morbi=turpis&sem=integer&mauris=aliquet&laoreet=massa&ut=id&rhoncus=lobortis&aliquet=convallis&pulvinar=tortor&sed=risus&nisl=dapibus&nunc=augue&rhoncus=vel&dui=accumsan&vel=tellus&sem=nisi&sed=eu&sagittis=orci&nam=mauris&congue=lacinia&risus=sapien&semper=quis&porta=libero&volutpat=nullam&quam=sit&pede=amet,TRUE
+https://imdb.com/imperdiet/et/commodo/vulputate/justo.js?augue=donec&vestibulum=posuere&ante=metus&ipsum=vitae&primis=ipsum&in=aliquam&faucibus=non&orci=mauris&luctus=morbi&et=non&ultrices=lectus&posuere=aliquam&cubilia=sit&curae=amet&donec=diam&pharetra=in&magna=magna&vestibulum=bibendum&aliquet=imperdiet&ultrices=nullam&erat=orci&tortor=pede&sollicitudin=venenatis&mi=non&sit=sodales&amet=sed&lobortis=tincidunt&sapien=eu&sapien=felis&non=fusce&mi=posuere&integer=felis&ac=sed&neque=lacus&duis=morbi&bibendum=sem&morbi=mauris&non=laoreet&quam=ut&nec=rhoncus&dui=aliquet&luctus=pulvinar&rutrum=sed&nulla=nisl&tellus=nunc&in=rhoncus&sagittis=dui&dui=vel&vel=sem&nisl=sed&duis=sagittis&ac=nam&nibh=congue&fusce=risus&lacus=semper&purus=porta&aliquet=volutpat&at=quam&feugiat=pede&non=lobortis&pretium=ligula&quis=sit&lectus=amet&suspendisse=eleifend&potenti=pede&in=libero&eleifend=quis&quam=orci&a=nullam&odio=molestie&in=nibh&hac=in&habitasse=lectus&platea=pellentesque,TRUE
+https://amazon.com/faucibus/orci/luctus/et/ultrices/posuere.xml?iaculis=ullamcorper&congue=purus&vivamus=sit&metus=amet&arcu=nulla&adipiscing=quisque&molestie=arcu&hendrerit=libero&at=rutrum&vulputate=ac&vitae=lobortis&nisl=vel&aenean=dapibus&lectus=at&pellentesque=diam,TRUE
+https://netlog.com/dapibus/dolor/vel/est/donec/odio/justo.jpg?quam=amet&suspendisse=eros&potenti=suspendisse&nullam=accumsan&porttitor=tortor&lacus=quis&at=turpis&turpis=sed&donec=ante&posuere=vivamus&metus=tortor&vitae=duis&ipsum=mattis&aliquam=egestas&non=metus&mauris=aenean&morbi=fermentum&non=donec&lectus=ut&aliquam=mauris&sit=eget&amet=massa&diam=tempor&in=convallis&magna=nulla&bibendum=neque&imperdiet=libero&nullam=convallis&orci=eget&pede=eleifend&venenatis=luctus&non=ultricies&sodales=eu&sed=nibh&tincidunt=quisque&eu=id&felis=justo&fusce=sit&posuere=amet&felis=sapien&sed=dignissim&lacus=vestibulum&morbi=vestibulum&sem=ante&mauris=ipsum&laoreet=primis&ut=in&rhoncus=faucibus&aliquet=orci&pulvinar=luctus&sed=et&nisl=ultrices&nunc=posuere&rhoncus=cubilia&dui=curae&vel=nulla&sem=dapibus&sed=dolor&sagittis=vel&nam=est&congue=donec&risus=odio&semper=justo&porta=sollicitudin&volutpat=ut&quam=suscipit&pede=a&lobortis=feugiat&ligula=et&sit=eros&amet=vestibulum&eleifend=ac&pede=est&libero=lacinia&quis=nisi&orci=venenatis&nullam=tristique,TRUE
+http://goodreads.com/lorem/quisque.png?nulla=venenatis&ultrices=non&aliquet=sodales&maecenas=sed&leo=tincidunt&odio=eu&condimentum=felis&id=fusce&luctus=posuere&nec=felis&molestie=sed&sed=lacus&justo=morbi&pellentesque=sem&viverra=mauris&pede=laoreet&ac=ut&diam=rhoncus&cras=aliquet&pellentesque=pulvinar,TRUE
+https://flickr.com/accumsan/tellus/nisi/eu/orci/mauris.aspx?ultrices=ornare&phasellus=consequat&id=lectus&sapien=in&in=est&sapien=risus&iaculis=auctor&congue=sed&vivamus=tristique&metus=in&arcu=tempus&adipiscing=sit&molestie=amet&hendrerit=sem&at=fusce&vulputate=consequat&vitae=nulla&nisl=nisl&aenean=nunc&lectus=nisl&pellentesque=duis&eget=bibendum&nunc=felis&donec=sed&quis=interdum&orci=venenatis&eget=turpis&orci=enim&vehicula=blandit&condimentum=mi&curabitur=in&in=porttitor&libero=pede&ut=justo&massa=eu&volutpat=massa&convallis=donec&morbi=dapibus&odio=duis&odio=at&elementum=velit,TRUE
+http://bbb.org/quis/orci/eget/orci.html?mus=sapien&etiam=sapien&vel=non&augue=mi&vestibulum=integer&rutrum=ac&rutrum=neque&neque=duis&aenean=bibendum&auctor=morbi&gravida=non&sem=quam&praesent=nec&id=dui&massa=luctus&id=rutrum&nisl=nulla&venenatis=tellus&lacinia=in&aenean=sagittis&sit=dui&amet=vel&justo=nisl&morbi=duis&ut=ac&odio=nibh&cras=fusce&mi=lacus&pede=purus,TRUE
+https://facebook.com/phasellus/sit/amet/erat/nulla.jsp?parturient=porttitor&montes=lorem,TRUE
+http://goodreads.com/quis/odio.xml?sed=proin&nisl=eu&nunc=mi&rhoncus=nulla&dui=ac&vel=enim&sem=in&sed=tempor&sagittis=turpis&nam=nec&congue=euismod&risus=scelerisque&semper=quam&porta=turpis&volutpat=adipiscing&quam=lorem&pede=vitae&lobortis=mattis&ligula=nibh&sit=ligula&amet=nec&eleifend=sem&pede=duis&libero=aliquam&quis=convallis&orci=nunc&nullam=proin&molestie=at&nibh=turpis&in=a&lectus=pede&pellentesque=posuere&at=nonummy&nulla=integer&suspendisse=non&potenti=velit&cras=donec&in=diam&purus=neque&eu=vestibulum&magna=eget&vulputate=vulputate&luctus=ut&cum=ultrices&sociis=vel&natoque=augue&penatibus=vestibulum&et=ante&magnis=ipsum&dis=primis&parturient=in&montes=faucibus&nascetur=orci&ridiculus=luctus&mus=et&vivamus=ultrices&vestibulum=posuere&sagittis=cubilia&sapien=curae&cum=donec&sociis=pharetra&natoque=magna&penatibus=vestibulum&et=aliquet,TRUE
+https://zdnet.com/enim/in.png?fermentum=nulla&justo=mollis&nec=molestie&condimentum=lorem&neque=quisque&sapien=ut&placerat=erat&ante=curabitur&nulla=gravida&justo=nisi&aliquam=at&quis=nibh&turpis=in&eget=hac&elit=habitasse&sodales=platea&scelerisque=dictumst&mauris=aliquam&sit=augue&amet=quam&eros=sollicitudin&suspendisse=vitae&accumsan=consectetuer&tortor=eget&quis=rutrum&turpis=at&sed=lorem&ante=integer&vivamus=tincidunt&tortor=ante&duis=vel&mattis=ipsum&egestas=praesent&metus=blandit&aenean=lacinia&fermentum=erat&donec=vestibulum&ut=sed&mauris=magna&eget=at&massa=nunc&tempor=commodo&convallis=placerat&nulla=praesent&neque=blandit&libero=nam&convallis=nulla&eget=integer,TRUE
+http://ox.ac.uk/amet/cursus/id/turpis/integer/aliquet.js?lectus=lacus&pellentesque=morbi&eget=sem&nunc=mauris&donec=laoreet&quis=ut&orci=rhoncus&eget=aliquet&orci=pulvinar&vehicula=sed&condimentum=nisl&curabitur=nunc&in=rhoncus&libero=dui&ut=vel&massa=sem&volutpat=sed&convallis=sagittis&morbi=nam&odio=congue&odio=risus&elementum=semper&eu=porta&interdum=volutpat&eu=quam&tincidunt=pede&in=lobortis&leo=ligula&maecenas=sit&pulvinar=amet&lobortis=eleifend&est=pede&phasellus=libero&sit=quis&amet=orci&erat=nullam&nulla=molestie&tempus=nibh&vivamus=in&in=lectus&felis=pellentesque&eu=at&sapien=nulla&cursus=suspendisse&vestibulum=potenti&proin=cras&eu=in&mi=purus&nulla=eu&ac=magna&enim=vulputate&in=luctus&tempor=cum&turpis=sociis&nec=natoque&euismod=penatibus&scelerisque=et&quam=magnis&turpis=dis,TRUE
+https://amazon.com/placerat/ante/nulla/justo/aliquam/quis/turpis.js?et=aenean&magnis=lectus&dis=pellentesque&parturient=eget&montes=nunc&nascetur=donec&ridiculus=quis&mus=orci&vivamus=eget&vestibulum=orci&sagittis=vehicula&sapien=condimentum&cum=curabitur&sociis=in&natoque=libero&penatibus=ut&et=massa&magnis=volutpat&dis=convallis&parturient=morbi&montes=odio&nascetur=odio&ridiculus=elementum&mus=eu&etiam=interdum&vel=eu&augue=tincidunt&vestibulum=in&rutrum=leo&rutrum=maecenas&neque=pulvinar&aenean=lobortis&auctor=est&gravida=phasellus&sem=sit&praesent=amet&id=erat&massa=nulla&id=tempus&nisl=vivamus&venenatis=in&lacinia=felis&aenean=eu&sit=sapien&amet=cursus&justo=vestibulum&morbi=proin&ut=eu&odio=mi&cras=nulla&mi=ac&pede=enim&malesuada=in&in=tempor&imperdiet=turpis&et=nec&commodo=euismod&vulputate=scelerisque&justo=quam,TRUE
+http://craigslist.org/sapien/cursus/vestibulum/proin/eu/mi/nulla.jsp?diam=vitae&in=nisl&magna=aenean&bibendum=lectus&imperdiet=pellentesque&nullam=eget&orci=nunc&pede=donec&venenatis=quis&non=orci&sodales=eget&sed=orci&tincidunt=vehicula&eu=condimentum&felis=curabitur&fusce=in&posuere=libero&felis=ut&sed=massa&lacus=volutpat&morbi=convallis&sem=morbi&mauris=odio&laoreet=odio&ut=elementum&rhoncus=eu&aliquet=interdum&pulvinar=eu&sed=tincidunt&nisl=in&nunc=leo&rhoncus=maecenas&dui=pulvinar&vel=lobortis&sem=est&sed=phasellus&sagittis=sit&nam=amet&congue=erat&risus=nulla&semper=tempus&porta=vivamus&volutpat=in&quam=felis&pede=eu&lobortis=sapien&ligula=cursus&sit=vestibulum&amet=proin&eleifend=eu&pede=mi&libero=nulla&quis=ac&orci=enim&nullam=in&molestie=tempor&nibh=turpis&in=nec&lectus=euismod&pellentesque=scelerisque&at=quam&nulla=turpis&suspendisse=adipiscing&potenti=lorem&cras=vitae&in=mattis&purus=nibh&eu=ligula&magna=nec&vulputate=sem&luctus=duis&cum=aliquam&sociis=convallis&natoque=nunc&penatibus=proin&et=at&magnis=turpis&dis=a&parturient=pede&montes=posuere&nascetur=nonummy&ridiculus=integer&mus=non&vivamus=velit&vestibulum=donec,TRUE
+http://noaa.gov/maecenas/leo/odio/condimentum.html?adipiscing=sed&elit=vestibulum&proin=sit&interdum=amet&mauris=cursus&non=id&ligula=turpis&pellentesque=integer&ultrices=aliquet&phasellus=massa&id=id&sapien=lobortis&in=convallis&sapien=tortor&iaculis=risus&congue=dapibus&vivamus=augue&metus=vel&arcu=accumsan&adipiscing=tellus&molestie=nisi&hendrerit=eu&at=orci&vulputate=mauris&vitae=lacinia&nisl=sapien&aenean=quis&lectus=libero&pellentesque=nullam&eget=sit&nunc=amet&donec=turpis&quis=elementum&orci=ligula&eget=vehicula&orci=consequat&vehicula=morbi&condimentum=a&curabitur=ipsum&in=integer&libero=a&ut=nibh&massa=in&volutpat=quis&convallis=justo&morbi=maecenas&odio=rhoncus&odio=aliquam&elementum=lacus&eu=morbi&interdum=quis&eu=tortor&tincidunt=id&in=nulla&leo=ultrices&maecenas=aliquet&pulvinar=maecenas&lobortis=leo&est=odio&phasellus=condimentum&sit=id&amet=luctus&erat=nec&nulla=molestie&tempus=sed&vivamus=justo&in=pellentesque&felis=viverra&eu=pede&sapien=ac&cursus=diam&vestibulum=cras&proin=pellentesque&eu=volutpat&mi=dui&nulla=maecenas&ac=tristique&enim=est&in=et&tempor=tempus&turpis=semper&nec=est&euismod=quam&scelerisque=pharetra&quam=magna&turpis=ac&adipiscing=consequat&lorem=metus&vitae=sapien&mattis=ut&nibh=nunc&ligula=vestibulum&nec=ante&sem=ipsum&duis=primis&aliquam=in&convallis=faucibus&nunc=orci&proin=luctus&at=et,TRUE
+http://apple.com/sit/amet/diam/in/magna/bibendum.jsp?lobortis=accumsan&est=tellus&phasellus=nisi&sit=eu&amet=orci&erat=mauris&nulla=lacinia&tempus=sapien&vivamus=quis,TRUE
+http://whitehouse.gov/tortor/duis.json?vestibulum=et&ante=ultrices&ipsum=posuere&primis=cubilia&in=curae&faucibus=duis&orci=faucibus&luctus=accumsan&et=odio&ultrices=curabitur&posuere=convallis&cubilia=duis&curae=consequat&duis=dui,TRUE
+http://patch.com/sapien/non/mi/integer/ac/neque/duis.xml?lectus=ut&in=nulla&quam=sed&fringilla=accumsan&rhoncus=felis&mauris=ut&enim=at&leo=dolor&rhoncus=quis&sed=odio&vestibulum=consequat&sit=varius&amet=integer&cursus=ac&id=leo&turpis=pellentesque&integer=ultrices&aliquet=mattis&massa=odio&id=donec&lobortis=vitae&convallis=nisi&tortor=nam&risus=ultrices&dapibus=libero&augue=non&vel=mattis&accumsan=pulvinar&tellus=nulla&nisi=pede&eu=ullamcorper&orci=augue&mauris=a&lacinia=suscipit&sapien=nulla&quis=elit&libero=ac&nullam=nulla&sit=sed&amet=vel&turpis=enim&elementum=sit&ligula=amet&vehicula=nunc&consequat=viverra&morbi=dapibus&a=nulla&ipsum=suscipit,TRUE
+http://disqus.com/luctus/et.js?molestie=potenti&nibh=cras&in=in&lectus=purus&pellentesque=eu&at=magna&nulla=vulputate&suspendisse=luctus&potenti=cum&cras=sociis&in=natoque&purus=penatibus&eu=et&magna=magnis&vulputate=dis&luctus=parturient&cum=montes&sociis=nascetur&natoque=ridiculus&penatibus=mus&et=vivamus&magnis=vestibulum&dis=sagittis&parturient=sapien&montes=cum&nascetur=sociis&ridiculus=natoque&mus=penatibus&vivamus=et&vestibulum=magnis&sagittis=dis&sapien=parturient&cum=montes&sociis=nascetur&natoque=ridiculus&penatibus=mus&et=etiam&magnis=vel&dis=augue&parturient=vestibulum&montes=rutrum&nascetur=rutrum&ridiculus=neque&mus=aenean&etiam=auctor&vel=gravida&augue=sem&vestibulum=praesent&rutrum=id,TRUE
+https://reuters.com/aenean/lectus.jsp?neque=elementum&libero=pellentesque&convallis=quisque&eget=porta&eleifend=volutpat&luctus=erat&ultricies=quisque&eu=erat&nibh=eros&quisque=viverra&id=eget&justo=congue&sit=eget&amet=semper&sapien=rutrum&dignissim=nulla&vestibulum=nunc&vestibulum=purus&ante=phasellus&ipsum=in&primis=felis&in=donec&faucibus=semper&orci=sapien&luctus=a&et=libero&ultrices=nam&posuere=dui&cubilia=proin&curae=leo&nulla=odio&dapibus=porttitor&dolor=id&vel=consequat&est=in&donec=consequat&odio=ut&justo=nulla,TRUE
+https://usda.gov/commodo/vulputate/justo/in.aspx?lobortis=nisl&sapien=venenatis&sapien=lacinia&non=aenean&mi=sit&integer=amet&ac=justo&neque=morbi&duis=ut&bibendum=odio&morbi=cras&non=mi&quam=pede&nec=malesuada&dui=in&luctus=imperdiet&rutrum=et&nulla=commodo&tellus=vulputate&in=justo&sagittis=in&dui=blandit&vel=ultrices&nisl=enim&duis=lorem&ac=ipsum&nibh=dolor&fusce=sit&lacus=amet&purus=consectetuer&aliquet=adipiscing&at=elit&feugiat=proin&non=interdum&pretium=mauris&quis=non&lectus=ligula&suspendisse=pellentesque&potenti=ultrices&in=phasellus&eleifend=id&quam=sapien&a=in&odio=sapien&in=iaculis&hac=congue&habitasse=vivamus&platea=metus&dictumst=arcu&maecenas=adipiscing&ut=molestie&massa=hendrerit&quis=at&augue=vulputate&luctus=vitae&tincidunt=nisl&nulla=aenean&mollis=lectus&molestie=pellentesque&lorem=eget&quisque=nunc&ut=donec&erat=quis&curabitur=orci&gravida=eget&nisi=orci&at=vehicula&nibh=condimentum&in=curabitur&hac=in&habitasse=libero&platea=ut&dictumst=massa&aliquam=volutpat&augue=convallis&quam=morbi&sollicitudin=odio&vitae=odio&consectetuer=elementum&eget=eu&rutrum=interdum&at=eu&lorem=tincidunt&integer=in&tincidunt=leo&ante=maecenas&vel=pulvinar&ipsum=lobortis&praesent=est&blandit=phasellus&lacinia=sit&erat=amet&vestibulum=erat&sed=nulla&magna=tempus&at=vivamus,TRUE
+http://pagesperso-orange.fr/integer/a.jsp?lectus=ac&in=consequat&est=metus&risus=sapien&auctor=ut&sed=nunc&tristique=vestibulum&in=ante&tempus=ipsum&sit=primis&amet=in&sem=faucibus&fusce=orci&consequat=luctus&nulla=et&nisl=ultrices&nunc=posuere&nisl=cubilia&duis=curae&bibendum=mauris&felis=viverra&sed=diam&interdum=vitae&venenatis=quam&turpis=suspendisse&enim=potenti&blandit=nullam&mi=porttitor&in=lacus&porttitor=at&pede=turpis&justo=donec&eu=posuere&massa=metus&donec=vitae&dapibus=ipsum&duis=aliquam&at=non&velit=mauris&eu=morbi&est=non&congue=lectus&elementum=aliquam&in=sit&hac=amet&habitasse=diam&platea=in&dictumst=magna&morbi=bibendum&vestibulum=imperdiet&velit=nullam&id=orci&pretium=pede&iaculis=venenatis&diam=non&erat=sodales&fermentum=sed&justo=tincidunt&nec=eu&condimentum=felis&neque=fusce&sapien=posuere&placerat=felis&ante=sed&nulla=lacus&justo=morbi&aliquam=sem&quis=mauris&turpis=laoreet&eget=ut&elit=rhoncus&sodales=aliquet&scelerisque=pulvinar&mauris=sed&sit=nisl&amet=nunc&eros=rhoncus&suspendisse=dui&accumsan=vel&tortor=sem&quis=sed&turpis=sagittis&sed=nam&ante=congue&vivamus=risus,TRUE
+https://theguardian.com/libero/rutrum/ac/lobortis/vel/dapibus.aspx?aliquet=at&maecenas=velit&leo=eu&odio=est&condimentum=congue&id=elementum&luctus=in&nec=hac&molestie=habitasse&sed=platea&justo=dictumst&pellentesque=morbi&viverra=vestibulum&pede=velit&ac=id&diam=pretium&cras=iaculis&pellentesque=diam&volutpat=erat&dui=fermentum&maecenas=justo&tristique=nec&est=condimentum&et=neque&tempus=sapien,TRUE
+https://aol.com/cubilia.aspx?pellentesque=dui&eget=proin&nunc=leo&donec=odio&quis=porttitor&orci=id&eget=consequat&orci=in,TRUE
+https://statcounter.com/nec.json?orci=augue&vehicula=vestibulum&condimentum=ante&curabitur=ipsum&in=primis&libero=in&ut=faucibus&massa=orci&volutpat=luctus&convallis=et&morbi=ultrices&odio=posuere&odio=cubilia&elementum=curae&eu=donec&interdum=pharetra&eu=magna&tincidunt=vestibulum&in=aliquet&leo=ultrices&maecenas=erat&pulvinar=tortor&lobortis=sollicitudin&est=mi&phasellus=sit&sit=amet&amet=lobortis&erat=sapien&nulla=sapien&tempus=non&vivamus=mi&in=integer&felis=ac&eu=neque&sapien=duis&cursus=bibendum&vestibulum=morbi&proin=non&eu=quam&mi=nec&nulla=dui&ac=luctus&enim=rutrum&in=nulla&tempor=tellus&turpis=in&nec=sagittis&euismod=dui&scelerisque=vel&quam=nisl&turpis=duis&adipiscing=ac&lorem=nibh&vitae=fusce&mattis=lacus&nibh=purus,TRUE
+https://craigslist.org/ut/mauris/eget/massa/tempor/convallis/nulla.js?in=ante&est=ipsum&risus=primis&auctor=in&sed=faucibus&tristique=orci&in=luctus&tempus=et&sit=ultrices&amet=posuere&sem=cubilia&fusce=curae&consequat=mauris&nulla=viverra&nisl=diam&nunc=vitae&nisl=quam&duis=suspendisse&bibendum=potenti&felis=nullam&sed=porttitor&interdum=lacus&venenatis=at&turpis=turpis&enim=donec&blandit=posuere&mi=metus&in=vitae&porttitor=ipsum&pede=aliquam&justo=non&eu=mauris&massa=morbi&donec=non&dapibus=lectus&duis=aliquam&at=sit&velit=amet&eu=diam&est=in&congue=magna&elementum=bibendum&in=imperdiet&hac=nullam&habitasse=orci&platea=pede&dictumst=venenatis&morbi=non&vestibulum=sodales,TRUE
+http://yolasite.com/curae/duis/faucibus/accumsan/odio/curabitur/convallis.aspx?orci=quisque&luctus=erat&et=eros&ultrices=viverra&posuere=eget&cubilia=congue&curae=eget&nulla=semper&dapibus=rutrum&dolor=nulla&vel=nunc&est=purus&donec=phasellus&odio=in&justo=felis&sollicitudin=donec,TRUE
+https://google.de/quam/sapien.jsp?consequat=vel&dui=ipsum&nec=praesent&nisi=blandit&volutpat=lacinia&eleifend=erat&donec=vestibulum&ut=sed&dolor=magna&morbi=at&vel=nunc&lectus=commodo&in=placerat&quam=praesent&fringilla=blandit&rhoncus=nam&mauris=nulla&enim=integer&leo=pede&rhoncus=justo&sed=lacinia&vestibulum=eget&sit=tincidunt&amet=eget&cursus=tempus&id=vel&turpis=pede&integer=morbi&aliquet=porttitor&massa=lorem&id=id&lobortis=ligula&convallis=suspendisse&tortor=ornare&risus=consequat&dapibus=lectus&augue=in&vel=est&accumsan=risus&tellus=auctor&nisi=sed&eu=tristique&orci=in&mauris=tempus&lacinia=sit&sapien=amet&quis=sem,TRUE
+https://bizjournals.com/pede.jsp?ligula=porttitor&vehicula=lacus&consequat=at&morbi=turpis&a=donec&ipsum=posuere&integer=metus&a=vitae&nibh=ipsum&in=aliquam&quis=non&justo=mauris&maecenas=morbi&rhoncus=non&aliquam=lectus&lacus=aliquam&morbi=sit&quis=amet&tortor=diam&id=in&nulla=magna&ultrices=bibendum&aliquet=imperdiet&maecenas=nullam&leo=orci&odio=pede&condimentum=venenatis&id=non&luctus=sodales&nec=sed&molestie=tincidunt&sed=eu&justo=felis&pellentesque=fusce&viverra=posuere&pede=felis&ac=sed&diam=lacus&cras=morbi&pellentesque=sem&volutpat=mauris&dui=laoreet&maecenas=ut&tristique=rhoncus&est=aliquet&et=pulvinar&tempus=sed&semper=nisl&est=nunc&quam=rhoncus&pharetra=dui&magna=vel&ac=sem,TRUE
+https://wisc.edu/eu/massa/donec/dapibus.json?odio=ipsum&cras=dolor&mi=sit&pede=amet&malesuada=consectetuer&in=adipiscing&imperdiet=elit&et=proin&commodo=interdum&vulputate=mauris&justo=non&in=ligula&blandit=pellentesque&ultrices=ultrices&enim=phasellus&lorem=id&ipsum=sapien&dolor=in&sit=sapien&amet=iaculis&consectetuer=congue&adipiscing=vivamus&elit=metus&proin=arcu&interdum=adipiscing&mauris=molestie&non=hendrerit&ligula=at&pellentesque=vulputate&ultrices=vitae&phasellus=nisl&id=aenean&sapien=lectus&in=pellentesque&sapien=eget&iaculis=nunc&congue=donec&vivamus=quis&metus=orci&arcu=eget&adipiscing=orci&molestie=vehicula&hendrerit=condimentum&at=curabitur&vulputate=in&vitae=libero&nisl=ut&aenean=massa&lectus=volutpat&pellentesque=convallis&eget=morbi,TRUE
+http://wordpress.com/in/faucibus/orci.png?nonummy=eleifend&maecenas=donec&tincidunt=ut&lacus=dolor&at=morbi&velit=vel&vivamus=lectus&vel=in&nulla=quam&eget=fringilla&eros=rhoncus&elementum=mauris&pellentesque=enim&quisque=leo&porta=rhoncus&volutpat=sed,TRUE
+https://si.edu/ipsum/primis/in.html?convallis=eros&eget=vestibulum&eleifend=ac&luctus=est&ultricies=lacinia&eu=nisi&nibh=venenatis&quisque=tristique&id=fusce&justo=congue&sit=diam&amet=id&sapien=ornare&dignissim=imperdiet&vestibulum=sapien&vestibulum=urna&ante=pretium&ipsum=nisl&primis=ut,TRUE
+https://icq.com/ullamcorper/augue/a/suscipit/nulla.jpg?curabitur=pede,TRUE
+http://comsenz.com/sed/lacus/morbi/sem/mauris.aspx?diam=eget&in=eleifend&magna=luctus&bibendum=ultricies&imperdiet=eu&nullam=nibh&orci=quisque&pede=id&venenatis=justo&non=sit&sodales=amet&sed=sapien&tincidunt=dignissim&eu=vestibulum&felis=vestibulum&fusce=ante&posuere=ipsum&felis=primis&sed=in&lacus=faucibus&morbi=orci&sem=luctus&mauris=et&laoreet=ultrices&ut=posuere&rhoncus=cubilia&aliquet=curae&pulvinar=nulla&sed=dapibus&nisl=dolor&nunc=vel&rhoncus=est&dui=donec&vel=odio&sem=justo&sed=sollicitudin&sagittis=ut&nam=suscipit&congue=a&risus=feugiat&semper=et&porta=eros&volutpat=vestibulum&quam=ac&pede=est&lobortis=lacinia&ligula=nisi&sit=venenatis&amet=tristique&eleifend=fusce&pede=congue&libero=diam&quis=id&orci=ornare&nullam=imperdiet&molestie=sapien&nibh=urna&in=pretium,TRUE
+https://deviantart.com/in/sapien/iaculis/congue/vivamus/metus/arcu.xml?lorem=id&quisque=justo&ut=sit&erat=amet&curabitur=sapien&gravida=dignissim&nisi=vestibulum&at=vestibulum&nibh=ante&in=ipsum&hac=primis&habitasse=in&platea=faucibus&dictumst=orci&aliquam=luctus&augue=et&quam=ultrices&sollicitudin=posuere&vitae=cubilia&consectetuer=curae&eget=nulla&rutrum=dapibus&at=dolor,TRUE
+http://aol.com/pretium/iaculis/justo/in/hac.js?integer=metus&a=aenean&nibh=fermentum&in=donec&quis=ut&justo=mauris&maecenas=eget&rhoncus=massa&aliquam=tempor&lacus=convallis&morbi=nulla&quis=neque&tortor=libero&id=convallis&nulla=eget&ultrices=eleifend&aliquet=luctus&maecenas=ultricies&leo=eu&odio=nibh&condimentum=quisque&id=id&luctus=justo&nec=sit&molestie=amet&sed=sapien&justo=dignissim&pellentesque=vestibulum&viverra=vestibulum&pede=ante&ac=ipsum&diam=primis&cras=in&pellentesque=faucibus&volutpat=orci&dui=luctus&maecenas=et&tristique=ultrices&est=posuere&et=cubilia&tempus=curae&semper=nulla&est=dapibus&quam=dolor&pharetra=vel&magna=est&ac=donec&consequat=odio&metus=justo&sapien=sollicitudin&ut=ut&nunc=suscipit&vestibulum=a,TRUE
+https://ning.com/ut.js?cursus=aliquam&vestibulum=lacus&proin=morbi&eu=quis&mi=tortor&nulla=id&ac=nulla&enim=ultrices&in=aliquet&tempor=maecenas&turpis=leo&nec=odio&euismod=condimentum&scelerisque=id&quam=luctus&turpis=nec&adipiscing=molestie&lorem=sed&vitae=justo&mattis=pellentesque&nibh=viverra&ligula=pede&nec=ac&sem=diam&duis=cras&aliquam=pellentesque&convallis=volutpat&nunc=dui&proin=maecenas&at=tristique&turpis=est&a=et&pede=tempus&posuere=semper&nonummy=est&integer=quam&non=pharetra&velit=magna&donec=ac&diam=consequat&neque=metus&vestibulum=sapien&eget=ut&vulputate=nunc&ut=vestibulum&ultrices=ante&vel=ipsum&augue=primis&vestibulum=in&ante=faucibus&ipsum=orci&primis=luctus&in=et&faucibus=ultrices&orci=posuere&luctus=cubilia&et=curae&ultrices=mauris&posuere=viverra&cubilia=diam&curae=vitae&donec=quam&pharetra=suspendisse&magna=potenti&vestibulum=nullam&aliquet=porttitor&ultrices=lacus&erat=at&tortor=turpis&sollicitudin=donec&mi=posuere&sit=metus&amet=vitae&lobortis=ipsum&sapien=aliquam&sapien=non&non=mauris&mi=morbi&integer=non&ac=lectus&neque=aliquam&duis=sit&bibendum=amet&morbi=diam&non=in&quam=magna&nec=bibendum&dui=imperdiet&luctus=nullam&rutrum=orci,TRUE
+http://so-net.ne.jp/mattis/egestas/metus/aenean/fermentum.jsp?dui=nulla&maecenas=ut&tristique=erat&est=id&et=mauris&tempus=vulputate&semper=elementum&est=nullam&quam=varius&pharetra=nulla&magna=facilisi&ac=cras&consequat=non&metus=velit&sapien=nec&ut=nisi&nunc=vulputate&vestibulum=nonummy&ante=maecenas&ipsum=tincidunt&primis=lacus&in=at&faucibus=velit&orci=vivamus&luctus=vel&et=nulla&ultrices=eget&posuere=eros&cubilia=elementum&curae=pellentesque&mauris=quisque&viverra=porta&diam=volutpat&vitae=erat&quam=quisque&suspendisse=erat&potenti=eros&nullam=viverra,TRUE
+http://aol.com/in/congue/etiam/justo/etiam/pretium.js?laoreet=volutpat&ut=eleifend&rhoncus=donec&aliquet=ut&pulvinar=dolor&sed=morbi&nisl=vel&nunc=lectus&rhoncus=in&dui=quam&vel=fringilla&sem=rhoncus&sed=mauris&sagittis=enim&nam=leo&congue=rhoncus&risus=sed&semper=vestibulum&porta=sit&volutpat=amet&quam=cursus&pede=id&lobortis=turpis&ligula=integer&sit=aliquet&amet=massa&eleifend=id&pede=lobortis&libero=convallis&quis=tortor&orci=risus&nullam=dapibus&molestie=augue&nibh=vel&in=accumsan&lectus=tellus&pellentesque=nisi&at=eu&nulla=orci,TRUE
+https://latimes.com/id/massa/id/nisl/venenatis/lacinia.xml?cubilia=arcu&curae=adipiscing&duis=molestie&faucibus=hendrerit&accumsan=at&odio=vulputate&curabitur=vitae&convallis=nisl&duis=aenean&consequat=lectus&dui=pellentesque&nec=eget&nisi=nunc&volutpat=donec&eleifend=quis&donec=orci&ut=eget&dolor=orci&morbi=vehicula&vel=condimentum&lectus=curabitur&in=in&quam=libero&fringilla=ut&rhoncus=massa&mauris=volutpat&enim=convallis&leo=morbi,TRUE
+https://vkontakte.ru/at/feugiat/non/pretium.js?morbi=rutrum&vel=ac,TRUE
+http://state.tx.us/quam/suspendisse/potenti.jpg?aliquam=molestie&convallis=sed&nunc=justo&proin=pellentesque&at=viverra&turpis=pede&a=ac&pede=diam&posuere=cras&nonummy=pellentesque&integer=volutpat&non=dui&velit=maecenas&donec=tristique&diam=est&neque=et&vestibulum=tempus&eget=semper&vulputate=est&ut=quam&ultrices=pharetra&vel=magna&augue=ac&vestibulum=consequat&ante=metus&ipsum=sapien&primis=ut&in=nunc&faucibus=vestibulum&orci=ante&luctus=ipsum,TRUE
+https://yelp.com/integer/non/velit/donec/diam/neque/vestibulum.json?in=nulla&purus=eget&eu=eros&magna=elementum&vulputate=pellentesque&luctus=quisque&cum=porta&sociis=volutpat&natoque=erat&penatibus=quisque&et=erat&magnis=eros&dis=viverra&parturient=eget&montes=congue&nascetur=eget&ridiculus=semper&mus=rutrum&vivamus=nulla&vestibulum=nunc&sagittis=purus&sapien=phasellus&cum=in&sociis=felis&natoque=donec&penatibus=semper&et=sapien,TRUE
+http://eepurl.com/dolor.aspx?vel=erat&est=quisque&donec=erat&odio=eros&justo=viverra&sollicitudin=eget&ut=congue&suscipit=eget&a=semper&feugiat=rutrum&et=nulla&eros=nunc&vestibulum=purus&ac=phasellus&est=in&lacinia=felis&nisi=donec&venenatis=semper&tristique=sapien&fusce=a&congue=libero&diam=nam&id=dui&ornare=proin&imperdiet=leo&sapien=odio&urna=porttitor&pretium=id&nisl=consequat&ut=in,TRUE
+https://jiathis.com/molestie/lorem/quisque/ut/erat.json?eget=cubilia&vulputate=curae&ut=donec&ultrices=pharetra&vel=magna&augue=vestibulum&vestibulum=aliquet&ante=ultrices&ipsum=erat&primis=tortor&in=sollicitudin&faucibus=mi&orci=sit&luctus=amet&et=lobortis&ultrices=sapien&posuere=sapien&cubilia=non&curae=mi&donec=integer&pharetra=ac&magna=neque&vestibulum=duis&aliquet=bibendum&ultrices=morbi&erat=non&tortor=quam&sollicitudin=nec&mi=dui,TRUE
+https://merriam-webster.com/fermentum/justo/nec/condimentum/neque/sapien/placerat.png?est=pede&donec=venenatis&odio=non&justo=sodales&sollicitudin=sed&ut=tincidunt&suscipit=eu&a=felis&feugiat=fusce&et=posuere&eros=felis&vestibulum=sed,TRUE
+https://free.fr/eros/suspendisse/accumsan/tortor/quis.jpg?est=diam&quam=vitae&pharetra=quam&magna=suspendisse&ac=potenti&consequat=nullam&metus=porttitor&sapien=lacus&ut=at&nunc=turpis&vestibulum=donec&ante=posuere&ipsum=metus&primis=vitae&in=ipsum&faucibus=aliquam&orci=non&luctus=mauris&et=morbi&ultrices=non&posuere=lectus&cubilia=aliquam&curae=sit&mauris=amet&viverra=diam&diam=in&vitae=magna&quam=bibendum&suspendisse=imperdiet&potenti=nullam&nullam=orci&porttitor=pede&lacus=venenatis&at=non&turpis=sodales&donec=sed&posuere=tincidunt&metus=eu&vitae=felis&ipsum=fusce&aliquam=posuere&non=felis&mauris=sed&morbi=lacus&non=morbi&lectus=sem&aliquam=mauris&sit=laoreet&amet=ut&diam=rhoncus&in=aliquet&magna=pulvinar&bibendum=sed&imperdiet=nisl&nullam=nunc&orci=rhoncus&pede=dui&venenatis=vel&non=sem&sodales=sed&sed=sagittis&tincidunt=nam&eu=congue&felis=risus&fusce=semper&posuere=porta&felis=volutpat&sed=quam&lacus=pede&morbi=lobortis&sem=ligula&mauris=sit&laoreet=amet&ut=eleifend&rhoncus=pede&aliquet=libero&pulvinar=quis&sed=orci&nisl=nullam&nunc=molestie&rhoncus=nibh&dui=in&vel=lectus&sem=pellentesque&sed=at&sagittis=nulla&nam=suspendisse&congue=potenti&risus=cras&semper=in,TRUE
+http://buzzfeed.com/ultrices/posuere/cubilia/curae.aspx?sed=ante&magna=ipsum&at=primis&nunc=in&commodo=faucibus&placerat=orci&praesent=luctus&blandit=et&nam=ultrices&nulla=posuere&integer=cubilia&pede=curae&justo=nulla&lacinia=dapibus&eget=dolor&tincidunt=vel&eget=est&tempus=donec&vel=odio&pede=justo&morbi=sollicitudin&porttitor=ut&lorem=suscipit&id=a&ligula=feugiat&suspendisse=et&ornare=eros&consequat=vestibulum&lectus=ac&in=est&est=lacinia&risus=nisi&auctor=venenatis&sed=tristique&tristique=fusce&in=congue&tempus=diam&sit=id&amet=ornare&sem=imperdiet&fusce=sapien&consequat=urna&nulla=pretium&nisl=nisl&nunc=ut&nisl=volutpat&duis=sapien&bibendum=arcu&felis=sed&sed=augue&interdum=aliquam&venenatis=erat&turpis=volutpat&enim=in&blandit=congue&mi=etiam&in=justo&porttitor=etiam&pede=pretium&justo=iaculis&eu=justo&massa=in&donec=hac&dapibus=habitasse&duis=platea&at=dictumst&velit=etiam&eu=faucibus&est=cursus&congue=urna&elementum=ut&in=tellus&hac=nulla&habitasse=ut&platea=erat&dictumst=id&morbi=mauris&vestibulum=vulputate&velit=elementum&id=nullam&pretium=varius&iaculis=nulla&diam=facilisi&erat=cras&fermentum=non&justo=velit&nec=nec&condimentum=nisi&neque=vulputate&sapien=nonummy&placerat=maecenas&ante=tincidunt&nulla=lacus&justo=at&aliquam=velit&quis=vivamus&turpis=vel&eget=nulla&elit=eget&sodales=eros,TRUE
+https://newsvine.com/et/magnis/dis/parturient/montes/nascetur/ridiculus.json?ut=justo&rhoncus=in&aliquet=blandit&pulvinar=ultrices&sed=enim&nisl=lorem&nunc=ipsum&rhoncus=dolor&dui=sit&vel=amet&sem=consectetuer&sed=adipiscing&sagittis=elit&nam=proin&congue=interdum&risus=mauris&semper=non&porta=ligula&volutpat=pellentesque&quam=ultrices&pede=phasellus,TRUE
+http://ox.ac.uk/convallis/nunc/proin/at/turpis/a.js?curabitur=donec&in=vitae&libero=nisi&ut=nam&massa=ultrices&volutpat=libero&convallis=non&morbi=mattis&odio=pulvinar&odio=nulla&elementum=pede&eu=ullamcorper&interdum=augue&eu=a&tincidunt=suscipit&in=nulla&leo=elit&maecenas=ac&pulvinar=nulla&lobortis=sed&est=vel&phasellus=enim&sit=sit&amet=amet&erat=nunc&nulla=viverra&tempus=dapibus&vivamus=nulla&in=suscipit&felis=ligula&eu=in&sapien=lacus&cursus=curabitur&vestibulum=at&proin=ipsum&eu=ac,TRUE
+http://wikimedia.org/massa/tempor/convallis.aspx?mauris=rhoncus&viverra=dui&diam=vel&vitae=sem&quam=sed&suspendisse=sagittis&potenti=nam&nullam=congue&porttitor=risus&lacus=semper&at=porta&turpis=volutpat&donec=quam&posuere=pede&metus=lobortis&vitae=ligula&ipsum=sit&aliquam=amet&non=eleifend&mauris=pede&morbi=libero&non=quis&lectus=orci&aliquam=nullam&sit=molestie&amet=nibh&diam=in&in=lectus&magna=pellentesque&bibendum=at&imperdiet=nulla&nullam=suspendisse&orci=potenti&pede=cras&venenatis=in&non=purus&sodales=eu&sed=magna&tincidunt=vulputate&eu=luctus&felis=cum&fusce=sociis&posuere=natoque&felis=penatibus&sed=et&lacus=magnis&morbi=dis&sem=parturient&mauris=montes&laoreet=nascetur&ut=ridiculus&rhoncus=mus&aliquet=vivamus&pulvinar=vestibulum&sed=sagittis&nisl=sapien&nunc=cum&rhoncus=sociis&dui=natoque&vel=penatibus&sem=et&sed=magnis&sagittis=dis&nam=parturient&congue=montes&risus=nascetur&semper=ridiculus&porta=mus&volutpat=etiam,TRUE
+http://utexas.edu/sem/fusce/consequat.jpg?lobortis=at&est=nunc&phasellus=commodo&sit=placerat&amet=praesent&erat=blandit&nulla=nam&tempus=nulla&vivamus=integer&in=pede&felis=justo&eu=lacinia&sapien=eget&cursus=tincidunt&vestibulum=eget&proin=tempus&eu=vel&mi=pede&nulla=morbi&ac=porttitor&enim=lorem&in=id&tempor=ligula&turpis=suspendisse&nec=ornare&euismod=consequat&scelerisque=lectus&quam=in&turpis=est&adipiscing=risus&lorem=auctor&vitae=sed&mattis=tristique&nibh=in&ligula=tempus&nec=sit&sem=amet&duis=sem&aliquam=fusce&convallis=consequat&nunc=nulla&proin=nisl&at=nunc&turpis=nisl&a=duis&pede=bibendum&posuere=felis&nonummy=sed&integer=interdum&non=venenatis&velit=turpis&donec=enim&diam=blandit&neque=mi&vestibulum=in&eget=porttitor&vulputate=pede&ut=justo&ultrices=eu&vel=massa&augue=donec&vestibulum=dapibus&ante=duis&ipsum=at&primis=velit&in=eu&faucibus=est&orci=congue&luctus=elementum&et=in&ultrices=hac&posuere=habitasse,TRUE
+http://twitter.com/metus/arcu/adipiscing/molestie/hendrerit/at.jpg?nunc=tincidunt&proin=lacus&at=at&turpis=velit&a=vivamus&pede=vel&posuere=nulla&nonummy=eget&integer=eros&non=elementum&velit=pellentesque&donec=quisque&diam=porta&neque=volutpat&vestibulum=erat&eget=quisque&vulputate=erat&ut=eros&ultrices=viverra&vel=eget&augue=congue&vestibulum=eget&ante=semper&ipsum=rutrum&primis=nulla&in=nunc&faucibus=purus&orci=phasellus&luctus=in,TRUE
+https://wikispaces.com/non/mauris/morbi/non/lectus/aliquam.json?aliquet=amet&at=cursus&feugiat=id&non=turpis&pretium=integer&quis=aliquet&lectus=massa&suspendisse=id&potenti=lobortis&in=convallis&eleifend=tortor&quam=risus&a=dapibus&odio=augue&in=vel&hac=accumsan&habitasse=tellus&platea=nisi&dictumst=eu&maecenas=orci&ut=mauris&massa=lacinia&quis=sapien&augue=quis&luctus=libero&tincidunt=nullam&nulla=sit&mollis=amet&molestie=turpis&lorem=elementum&quisque=ligula&ut=vehicula&erat=consequat&curabitur=morbi&gravida=a&nisi=ipsum&at=integer&nibh=a&in=nibh&hac=in&habitasse=quis&platea=justo&dictumst=maecenas&aliquam=rhoncus&augue=aliquam&quam=lacus&sollicitudin=morbi&vitae=quis&consectetuer=tortor&eget=id&rutrum=nulla,TRUE
+http://51.la/sit/amet/sapien/dignissim/vestibulum/vestibulum.png?sollicitudin=id&mi=consequat&sit=in&amet=consequat&lobortis=ut&sapien=nulla&sapien=sed&non=accumsan&mi=felis&integer=ut&ac=at&neque=dolor&duis=quis&bibendum=odio&morbi=consequat&non=varius&quam=integer&nec=ac&dui=leo&luctus=pellentesque&rutrum=ultrices&nulla=mattis&tellus=odio&in=donec&sagittis=vitae&dui=nisi&vel=nam&nisl=ultrices&duis=libero&ac=non&nibh=mattis&fusce=pulvinar&lacus=nulla&purus=pede&aliquet=ullamcorper&at=augue&feugiat=a&non=suscipit&pretium=nulla&quis=elit&lectus=ac&suspendisse=nulla&potenti=sed&in=vel&eleifend=enim&quam=sit&a=amet&odio=nunc&in=viverra&hac=dapibus&habitasse=nulla&platea=suscipit&dictumst=ligula&maecenas=in&ut=lacus&massa=curabitur&quis=at&augue=ipsum&luctus=ac&tincidunt=tellus&nulla=semper&mollis=interdum,TRUE
+http://ehow.com/sapien/quis/libero/nullam/sit.js?dui=vivamus&maecenas=metus&tristique=arcu&est=adipiscing&et=molestie&tempus=hendrerit&semper=at&est=vulputate&quam=vitae&pharetra=nisl&magna=aenean&ac=lectus&consequat=pellentesque&metus=eget&sapien=nunc&ut=donec&nunc=quis&vestibulum=orci&ante=eget&ipsum=orci&primis=vehicula&in=condimentum&faucibus=curabitur&orci=in&luctus=libero&et=ut&ultrices=massa&posuere=volutpat&cubilia=convallis&curae=morbi&mauris=odio&viverra=odio&diam=elementum&vitae=eu&quam=interdum&suspendisse=eu&potenti=tincidunt&nullam=in&porttitor=leo&lacus=maecenas&at=pulvinar&turpis=lobortis&donec=est&posuere=phasellus&metus=sit&vitae=amet&ipsum=erat&aliquam=nulla&non=tempus&mauris=vivamus&morbi=in&non=felis&lectus=eu&aliquam=sapien&sit=cursus&amet=vestibulum&diam=proin&in=eu&magna=mi&bibendum=nulla&imperdiet=ac&nullam=enim&orci=in&pede=tempor&venenatis=turpis,TRUE
+http://stumbleupon.com/luctus/et/ultrices/posuere/cubilia/curae.aspx?in=ac&blandit=consequat&ultrices=metus&enim=sapien&lorem=ut&ipsum=nunc&dolor=vestibulum&sit=ante&amet=ipsum&consectetuer=primis&adipiscing=in&elit=faucibus&proin=orci&interdum=luctus&mauris=et&non=ultrices&ligula=posuere&pellentesque=cubilia&ultrices=curae&phasellus=mauris,TRUE
+http://narod.ru/montes/nascetur.js?auctor=lacinia&sed=erat&tristique=vestibulum&in=sed&tempus=magna&sit=at&amet=nunc&sem=commodo&fusce=placerat&consequat=praesent&nulla=blandit&nisl=nam&nunc=nulla&nisl=integer&duis=pede&bibendum=justo&felis=lacinia&sed=eget&interdum=tincidunt&venenatis=eget&turpis=tempus&enim=vel&blandit=pede&mi=morbi&in=porttitor&porttitor=lorem&pede=id&justo=ligula&eu=suspendisse&massa=ornare&donec=consequat&dapibus=lectus&duis=in&at=est&velit=risus&eu=auctor&est=sed&congue=tristique&elementum=in&in=tempus&hac=sit&habitasse=amet&platea=sem&dictumst=fusce&morbi=consequat&vestibulum=nulla&velit=nisl&id=nunc&pretium=nisl&iaculis=duis&diam=bibendum&erat=felis&fermentum=sed&justo=interdum&nec=venenatis&condimentum=turpis&neque=enim&sapien=blandit&placerat=mi&ante=in&nulla=porttitor&justo=pede&aliquam=justo&quis=eu&turpis=massa&eget=donec&elit=dapibus&sodales=duis&scelerisque=at&mauris=velit&sit=eu&amet=est&eros=congue&suspendisse=elementum&accumsan=in&tortor=hac,TRUE
+https://parallels.com/massa.js?penatibus=consequat&et=varius&magnis=integer&dis=ac&parturient=leo&montes=pellentesque&nascetur=ultrices&ridiculus=mattis&mus=odio&etiam=donec&vel=vitae&augue=nisi&vestibulum=nam&rutrum=ultrices&rutrum=libero&neque=non&aenean=mattis&auctor=pulvinar&gravida=nulla&sem=pede&praesent=ullamcorper&id=augue&massa=a&id=suscipit&nisl=nulla&venenatis=elit&lacinia=ac&aenean=nulla&sit=sed&amet=vel&justo=enim&morbi=sit&ut=amet&odio=nunc&cras=viverra&mi=dapibus&pede=nulla&malesuada=suscipit&in=ligula&imperdiet=in&et=lacus&commodo=curabitur,TRUE
+http://bravesites.com/amet/lobortis/sapien/sapien/non/mi.html?nunc=quam&nisl=pede&duis=lobortis&bibendum=ligula&felis=sit&sed=amet&interdum=eleifend&venenatis=pede&turpis=libero&enim=quis&blandit=orci&mi=nullam&in=molestie&porttitor=nibh&pede=in&justo=lectus&eu=pellentesque&massa=at&donec=nulla&dapibus=suspendisse&duis=potenti&at=cras&velit=in&eu=purus&est=eu&congue=magna&elementum=vulputate&in=luctus&hac=cum&habitasse=sociis&platea=natoque&dictumst=penatibus&morbi=et&vestibulum=magnis&velit=dis&id=parturient&pretium=montes&iaculis=nascetur&diam=ridiculus&erat=mus&fermentum=vivamus&justo=vestibulum&nec=sagittis&condimentum=sapien&neque=cum&sapien=sociis&placerat=natoque&ante=penatibus&nulla=et&justo=magnis&aliquam=dis&quis=parturient&turpis=montes&eget=nascetur&elit=ridiculus&sodales=mus&scelerisque=etiam&mauris=vel,TRUE
+https://furl.net/phasellus/sit.jpg?quam=vestibulum&turpis=eget&adipiscing=vulputate,TRUE
+https://imgur.com/vestibulum/sed/magna/at/nunc/commodo/placerat.json?convallis=nibh&nulla=fusce&neque=lacus&libero=purus&convallis=aliquet&eget=at&eleifend=feugiat&luctus=non&ultricies=pretium&eu=quis&nibh=lectus&quisque=suspendisse&id=potenti&justo=in&sit=eleifend&amet=quam&sapien=a&dignissim=odio&vestibulum=in&vestibulum=hac&ante=habitasse&ipsum=platea&primis=dictumst&in=maecenas&faucibus=ut&orci=massa&luctus=quis&et=augue&ultrices=luctus&posuere=tincidunt&cubilia=nulla&curae=mollis&nulla=molestie&dapibus=lorem&dolor=quisque&vel=ut&est=erat&donec=curabitur&odio=gravida&justo=nisi&sollicitudin=at&ut=nibh&suscipit=in&a=hac&feugiat=habitasse&et=platea&eros=dictumst&vestibulum=aliquam&ac=augue&est=quam&lacinia=sollicitudin&nisi=vitae&venenatis=consectetuer&tristique=eget&fusce=rutrum&congue=at&diam=lorem&id=integer&ornare=tincidunt&imperdiet=ante&sapien=vel,TRUE
+https://twitpic.com/dapibus/nulla/suscipit/ligula/in/lacus.json?at=justo&velit=sollicitudin&vivamus=ut&vel=suscipit&nulla=a&eget=feugiat&eros=et&elementum=eros&pellentesque=vestibulum&quisque=ac&porta=est&volutpat=lacinia&erat=nisi&quisque=venenatis&erat=tristique,TRUE
+https://taobao.com/in/purus/eu/magna/vulputate/luctus/cum.xml?eu=adipiscing&pede=molestie,TRUE
+http://amazon.co.uk/dui.png?id=cum&nulla=sociis&ultrices=natoque&aliquet=penatibus&maecenas=et&leo=magnis&odio=dis&condimentum=parturient&id=montes&luctus=nascetur&nec=ridiculus&molestie=mus&sed=vivamus&justo=vestibulum&pellentesque=sagittis&viverra=sapien&pede=cum&ac=sociis&diam=natoque&cras=penatibus&pellentesque=et&volutpat=magnis&dui=dis&maecenas=parturient&tristique=montes&est=nascetur&et=ridiculus&tempus=mus&semper=etiam&est=vel&quam=augue&pharetra=vestibulum&magna=rutrum&ac=rutrum&consequat=neque&metus=aenean&sapien=auctor&ut=gravida&nunc=sem&vestibulum=praesent&ante=id&ipsum=massa&primis=id&in=nisl&faucibus=venenatis&orci=lacinia&luctus=aenean&et=sit&ultrices=amet&posuere=justo&cubilia=morbi&curae=ut&mauris=odio,TRUE
+http://sitemeter.com/primis/in/faucibus/orci.jpg?vivamus=ut&metus=massa&arcu=volutpat&adipiscing=convallis&molestie=morbi&hendrerit=odio&at=odio&vulputate=elementum&vitae=eu&nisl=interdum&aenean=eu&lectus=tincidunt&pellentesque=in&eget=leo&nunc=maecenas&donec=pulvinar&quis=lobortis&orci=est&eget=phasellus&orci=sit&vehicula=amet&condimentum=erat&curabitur=nulla&in=tempus&libero=vivamus&ut=in&massa=felis&volutpat=eu&convallis=sapien&morbi=cursus&odio=vestibulum&odio=proin&elementum=eu&eu=mi&interdum=nulla&eu=ac&tincidunt=enim&in=in&leo=tempor&maecenas=turpis&pulvinar=nec&lobortis=euismod&est=scelerisque&phasellus=quam&sit=turpis,TRUE
+https://unesco.org/nisi/at/nibh/in/hac/habitasse/platea.jsp?nulla=sit&facilisi=amet&cras=sem&non=fusce&velit=consequat&nec=nulla&nisi=nisl&vulputate=nunc&nonummy=nisl&maecenas=duis&tincidunt=bibendum&lacus=felis&at=sed&velit=interdum&vivamus=venenatis&vel=turpis&nulla=enim&eget=blandit&eros=mi&elementum=in&pellentesque=porttitor&quisque=pede&porta=justo&volutpat=eu&erat=massa&quisque=donec&erat=dapibus&eros=duis&viverra=at&eget=velit&congue=eu&eget=est&semper=congue&rutrum=elementum&nulla=in&nunc=hac&purus=habitasse&phasellus=platea&in=dictumst&felis=morbi&donec=vestibulum&semper=velit&sapien=id&a=pretium&libero=iaculis&nam=diam&dui=erat&proin=fermentum&leo=justo&odio=nec&porttitor=condimentum&id=neque&consequat=sapien&in=placerat&consequat=ante&ut=nulla&nulla=justo&sed=aliquam&accumsan=quis&felis=turpis&ut=eget&at=elit&dolor=sodales&quis=scelerisque&odio=mauris&consequat=sit&varius=amet&integer=eros&ac=suspendisse&leo=accumsan&pellentesque=tortor&ultrices=quis&mattis=turpis&odio=sed&donec=ante&vitae=vivamus&nisi=tortor&nam=duis&ultrices=mattis&libero=egestas&non=metus&mattis=aenean&pulvinar=fermentum&nulla=donec&pede=ut&ullamcorper=mauris&augue=eget&a=massa&suscipit=tempor&nulla=convallis&elit=nulla&ac=neque&nulla=libero&sed=convallis&vel=eget,TRUE
+https://google.es/curabitur/gravida/nisi.jpg?nisi=justo&vulputate=sollicitudin&nonummy=ut&maecenas=suscipit&tincidunt=a&lacus=feugiat&at=et&velit=eros&vivamus=vestibulum&vel=ac&nulla=est&eget=lacinia&eros=nisi&elementum=venenatis&pellentesque=tristique&quisque=fusce&porta=congue&volutpat=diam&erat=id&quisque=ornare&erat=imperdiet&eros=sapien&viverra=urna&eget=pretium&congue=nisl&eget=ut&semper=volutpat&rutrum=sapien&nulla=arcu&nunc=sed&purus=augue&phasellus=aliquam&in=erat&felis=volutpat&donec=in&semper=congue&sapien=etiam&a=justo&libero=etiam&nam=pretium&dui=iaculis&proin=justo&leo=in&odio=hac&porttitor=habitasse&id=platea,TRUE
+http://amazon.de/eros/viverra/eget/congue/eget/semper.html?pede=posuere&justo=nonummy&lacinia=integer&eget=non&tincidunt=velit&eget=donec&tempus=diam&vel=neque&pede=vestibulum&morbi=eget&porttitor=vulputate&lorem=ut&id=ultrices&ligula=vel&suspendisse=augue&ornare=vestibulum&consequat=ante&lectus=ipsum&in=primis&est=in&risus=faucibus&auctor=orci&sed=luctus&tristique=et&in=ultrices&tempus=posuere&sit=cubilia&amet=curae&sem=donec&fusce=pharetra&consequat=magna&nulla=vestibulum&nisl=aliquet&nunc=ultrices&nisl=erat&duis=tortor&bibendum=sollicitudin&felis=mi&sed=sit&interdum=amet&venenatis=lobortis&turpis=sapien&enim=sapien&blandit=non&mi=mi&in=integer&porttitor=ac&pede=neque&justo=duis&eu=bibendum&massa=morbi&donec=non&dapibus=quam&duis=nec&at=dui&velit=luctus&eu=rutrum&est=nulla&congue=tellus&elementum=in&in=sagittis&hac=dui&habitasse=vel&platea=nisl&dictumst=duis&morbi=ac&vestibulum=nibh&velit=fusce&id=lacus&pretium=purus&iaculis=aliquet&diam=at&erat=feugiat&fermentum=non&justo=pretium&nec=quis&condimentum=lectus&neque=suspendisse&sapien=potenti&placerat=in&ante=eleifend&nulla=quam&justo=a&aliquam=odio&quis=in&turpis=hac,TRUE
+http://google.ca/eu/est/congue/elementum.html?donec=bibendum&vitae=felis&nisi=sed&nam=interdum&ultrices=venenatis&libero=turpis&non=enim&mattis=blandit&pulvinar=mi&nulla=in&pede=porttitor&ullamcorper=pede&augue=justo&a=eu&suscipit=massa&nulla=donec&elit=dapibus&ac=duis&nulla=at&sed=velit&vel=eu&enim=est,TRUE
+http://lulu.com/tortor/quis/turpis/sed/ante/vivamus.png?at=a&nibh=pede&in=posuere&hac=nonummy&habitasse=integer&platea=non&dictumst=velit&aliquam=donec&augue=diam&quam=neque&sollicitudin=vestibulum&vitae=eget&consectetuer=vulputate&eget=ut&rutrum=ultrices&at=vel&lorem=augue&integer=vestibulum&tincidunt=ante&ante=ipsum&vel=primis&ipsum=in&praesent=faucibus&blandit=orci&lacinia=luctus,TRUE
+https://census.gov/duis/mattis/egestas/metus/aenean/fermentum.json?donec=nec&semper=molestie&sapien=sed&a=justo&libero=pellentesque&nam=viverra&dui=pede&proin=ac&leo=diam&odio=cras&porttitor=pellentesque&id=volutpat&consequat=dui&in=maecenas&consequat=tristique&ut=est&nulla=et&sed=tempus&accumsan=semper&felis=est&ut=quam&at=pharetra&dolor=magna&quis=ac&odio=consequat&consequat=metus&varius=sapien&integer=ut&ac=nunc&leo=vestibulum&pellentesque=ante&ultrices=ipsum&mattis=primis&odio=in&donec=faucibus&vitae=orci&nisi=luctus&nam=et&ultrices=ultrices&libero=posuere&non=cubilia&mattis=curae&pulvinar=mauris&nulla=viverra&pede=diam&ullamcorper=vitae&augue=quam&a=suspendisse&suscipit=potenti&nulla=nullam&elit=porttitor&ac=lacus&nulla=at&sed=turpis&vel=donec&enim=posuere&sit=metus&amet=vitae&nunc=ipsum&viverra=aliquam&dapibus=non&nulla=mauris&suscipit=morbi&ligula=non&in=lectus&lacus=aliquam&curabitur=sit&at=amet&ipsum=diam&ac=in&tellus=magna&semper=bibendum&interdum=imperdiet&mauris=nullam&ullamcorper=orci&purus=pede&sit=venenatis&amet=non&nulla=sodales&quisque=sed,TRUE
+https://gmpg.org/platea/dictumst/aliquam/augue.jsp?diam=erat&id=tortor&ornare=sollicitudin&imperdiet=mi&sapien=sit&urna=amet&pretium=lobortis&nisl=sapien&ut=sapien&volutpat=non&sapien=mi&arcu=integer&sed=ac&augue=neque&aliquam=duis&erat=bibendum&volutpat=morbi&in=non&congue=quam&etiam=nec&justo=dui&etiam=luctus&pretium=rutrum&iaculis=nulla&justo=tellus&in=in&hac=sagittis&habitasse=dui&platea=vel&dictumst=nisl,TRUE
+http://nba.com/est/donec/odio.jsp?nascetur=donec&ridiculus=posuere&mus=metus&etiam=vitae&vel=ipsum&augue=aliquam&vestibulum=non&rutrum=mauris&rutrum=morbi&neque=non&aenean=lectus&auctor=aliquam&gravida=sit&sem=amet&praesent=diam&id=in&massa=magna&id=bibendum&nisl=imperdiet&venenatis=nullam&lacinia=orci&aenean=pede&sit=venenatis&amet=non&justo=sodales&morbi=sed&ut=tincidunt&odio=eu&cras=felis&mi=fusce&pede=posuere&malesuada=felis&in=sed,TRUE
+http://youtu.be/purus/eu/magna/vulputate/luctus/cum.json?ultrices=hendrerit&posuere=at&cubilia=vulputate&curae=vitae&duis=nisl&faucibus=aenean&accumsan=lectus&odio=pellentesque&curabitur=eget&convallis=nunc&duis=donec&consequat=quis&dui=orci&nec=eget&nisi=orci&volutpat=vehicula&eleifend=condimentum&donec=curabitur&ut=in&dolor=libero&morbi=ut&vel=massa&lectus=volutpat&in=convallis&quam=morbi&fringilla=odio&rhoncus=odio&mauris=elementum&enim=eu&leo=interdum&rhoncus=eu&sed=tincidunt&vestibulum=in&sit=leo&amet=maecenas&cursus=pulvinar&id=lobortis&turpis=est&integer=phasellus&aliquet=sit&massa=amet&id=erat&lobortis=nulla&convallis=tempus&tortor=vivamus&risus=in&dapibus=felis&augue=eu&vel=sapien&accumsan=cursus&tellus=vestibulum&nisi=proin&eu=eu&orci=mi&mauris=nulla&lacinia=ac&sapien=enim&quis=in&libero=tempor&nullam=turpis&sit=nec&amet=euismod&turpis=scelerisque&elementum=quam&ligula=turpis&vehicula=adipiscing&consequat=lorem&morbi=vitae&a=mattis&ipsum=nibh&integer=ligula&a=nec&nibh=sem&in=duis&quis=aliquam&justo=convallis&maecenas=nunc&rhoncus=proin,TRUE
+https://drupal.org/curabitur.png?cursus=iaculis&id=diam&turpis=erat&integer=fermentum&aliquet=justo&massa=nec&id=condimentum&lobortis=neque&convallis=sapien&tortor=placerat&risus=ante&dapibus=nulla&augue=justo&vel=aliquam&accumsan=quis&tellus=turpis&nisi=eget&eu=elit&orci=sodales&mauris=scelerisque&lacinia=mauris&sapien=sit&quis=amet&libero=eros,TRUE
+https://berkeley.edu/eget/massa.jpg?justo=rutrum&sollicitudin=at&ut=lorem&suscipit=integer&a=tincidunt&feugiat=ante&et=vel&eros=ipsum&vestibulum=praesent&ac=blandit&est=lacinia&lacinia=erat&nisi=vestibulum&venenatis=sed&tristique=magna&fusce=at&congue=nunc&diam=commodo&id=placerat&ornare=praesent,TRUE
+http://bravesites.com/lorem/integer/tincidunt.html?sed=ut&sagittis=tellus&nam=nulla&congue=ut&risus=erat&semper=id,TRUE
+http://delicious.com/cursus/id/turpis/integer/aliquet/massa/id.jsp?nulla=libero&tellus=quis&in=orci&sagittis=nullam&dui=molestie&vel=nibh&nisl=in&duis=lectus&ac=pellentesque&nibh=at&fusce=nulla&lacus=suspendisse&purus=potenti&aliquet=cras&at=in&feugiat=purus&non=eu&pretium=magna&quis=vulputate&lectus=luctus&suspendisse=cum&potenti=sociis&in=natoque&eleifend=penatibus&quam=et&a=magnis&odio=dis&in=parturient&hac=montes&habitasse=nascetur&platea=ridiculus&dictumst=mus&maecenas=vivamus&ut=vestibulum&massa=sagittis&quis=sapien&augue=cum&luctus=sociis&tincidunt=natoque&nulla=penatibus&mollis=et&molestie=magnis&lorem=dis&quisque=parturient&ut=montes&erat=nascetur&curabitur=ridiculus&gravida=mus&nisi=etiam&at=vel&nibh=augue&in=vestibulum&hac=rutrum&habitasse=rutrum&platea=neque&dictumst=aenean&aliquam=auctor&augue=gravida&quam=sem&sollicitudin=praesent&vitae=id&consectetuer=massa&eget=id&rutrum=nisl&at=venenatis&lorem=lacinia&integer=aenean&tincidunt=sit&ante=amet&vel=justo&ipsum=morbi&praesent=ut&blandit=odio&lacinia=cras&erat=mi&vestibulum=pede&sed=malesuada&magna=in&at=imperdiet&nunc=et&commodo=commodo&placerat=vulputate&praesent=justo&blandit=in&nam=blandit&nulla=ultrices&integer=enim&pede=lorem&justo=ipsum&lacinia=dolor&eget=sit&tincidunt=amet&eget=consectetuer,TRUE
+http://tamu.edu/in.png?lorem=ac&vitae=nibh&mattis=fusce&nibh=lacus&ligula=purus&nec=aliquet&sem=at&duis=feugiat&aliquam=non&convallis=pretium&nunc=quis&proin=lectus&at=suspendisse&turpis=potenti&a=in&pede=eleifend&posuere=quam&nonummy=a&integer=odio&non=in&velit=hac&donec=habitasse&diam=platea&neque=dictumst&vestibulum=maecenas&eget=ut&vulputate=massa&ut=quis&ultrices=augue&vel=luctus&augue=tincidunt&vestibulum=nulla&ante=mollis&ipsum=molestie&primis=lorem&in=quisque&faucibus=ut&orci=erat&luctus=curabitur&et=gravida&ultrices=nisi&posuere=at&cubilia=nibh&curae=in&donec=hac&pharetra=habitasse&magna=platea&vestibulum=dictumst&aliquet=aliquam&ultrices=augue&erat=quam&tortor=sollicitudin&sollicitudin=vitae&mi=consectetuer&sit=eget&amet=rutrum&lobortis=at&sapien=lorem&sapien=integer&non=tincidunt&mi=ante&integer=vel&ac=ipsum&neque=praesent&duis=blandit&bibendum=lacinia&morbi=erat&non=vestibulum&quam=sed&nec=magna&dui=at&luctus=nunc&rutrum=commodo&nulla=placerat&tellus=praesent&in=blandit&sagittis=nam&dui=nulla&vel=integer&nisl=pede&duis=justo&ac=lacinia&nibh=eget&fusce=tincidunt&lacus=eget&purus=tempus&aliquet=vel&at=pede&feugiat=morbi&non=porttitor&pretium=lorem,TRUE
+https://state.gov/porttitor/id.js?eros=nisl&vestibulum=nunc&ac=rhoncus&est=dui&lacinia=vel&nisi=sem&venenatis=sed&tristique=sagittis&fusce=nam&congue=congue&diam=risus&id=semper&ornare=porta,TRUE
+http://google.fr/fermentum/donec/ut/mauris.aspx?tincidunt=maecenas&nulla=rhoncus&mollis=aliquam&molestie=lacus&lorem=morbi&quisque=quis&ut=tortor&erat=id&curabitur=nulla&gravida=ultrices,TRUE
+https://odnoklassniki.ru/dapibus/dolor/vel/est/donec.html?sagittis=quisque&dui=erat&vel=eros&nisl=viverra&duis=eget&ac=congue&nibh=eget&fusce=semper&lacus=rutrum&purus=nulla&aliquet=nunc&at=purus&feugiat=phasellus&non=in&pretium=felis&quis=donec&lectus=semper&suspendisse=sapien&potenti=a&in=libero,TRUE
+https://sphinn.com/maecenas/leo/odio.xml?quis=cursus&turpis=vestibulum&eget=proin&elit=eu&sodales=mi&scelerisque=nulla&mauris=ac&sit=enim&amet=in&eros=tempor&suspendisse=turpis&accumsan=nec&tortor=euismod&quis=scelerisque&turpis=quam&sed=turpis&ante=adipiscing&vivamus=lorem&tortor=vitae&duis=mattis&mattis=nibh&egestas=ligula&metus=nec&aenean=sem&fermentum=duis&donec=aliquam&ut=convallis&mauris=nunc&eget=proin&massa=at&tempor=turpis&convallis=a&nulla=pede&neque=posuere&libero=nonummy&convallis=integer&eget=non&eleifend=velit&luctus=donec&ultricies=diam&eu=neque&nibh=vestibulum&quisque=eget&id=vulputate&justo=ut&sit=ultrices&amet=vel&sapien=augue&dignissim=vestibulum&vestibulum=ante&vestibulum=ipsum&ante=primis&ipsum=in&primis=faucibus&in=orci&faucibus=luctus&orci=et&luctus=ultrices&et=posuere&ultrices=cubilia&posuere=curae&cubilia=donec&curae=pharetra&nulla=magna&dapibus=vestibulum&dolor=aliquet&vel=ultrices&est=erat&donec=tortor&odio=sollicitudin&justo=mi&sollicitudin=sit&ut=amet&suscipit=lobortis&a=sapien&feugiat=sapien&et=non&eros=mi&vestibulum=integer&ac=ac&est=neque&lacinia=duis&nisi=bibendum&venenatis=morbi&tristique=non,TRUE
+https://linkedin.com/quis/augue/luctus/tincidunt/nulla/mollis/molestie.html?augue=non&vestibulum=pretium&ante=quis&ipsum=lectus&primis=suspendisse&in=potenti&faucibus=in&orci=eleifend&luctus=quam&et=a&ultrices=odio&posuere=in&cubilia=hac&curae=habitasse&donec=platea&pharetra=dictumst&magna=maecenas&vestibulum=ut&aliquet=massa&ultrices=quis&erat=augue&tortor=luctus&sollicitudin=tincidunt&mi=nulla&sit=mollis&amet=molestie&lobortis=lorem&sapien=quisque&sapien=ut&non=erat&mi=curabitur&integer=gravida&ac=nisi&neque=at&duis=nibh&bibendum=in&morbi=hac&non=habitasse&quam=platea&nec=dictumst&dui=aliquam&luctus=augue&rutrum=quam&nulla=sollicitudin&tellus=vitae&in=consectetuer&sagittis=eget&dui=rutrum&vel=at&nisl=lorem&duis=integer&ac=tincidunt&nibh=ante&fusce=vel&lacus=ipsum&purus=praesent&aliquet=blandit&at=lacinia&feugiat=erat&non=vestibulum&pretium=sed&quis=magna&lectus=at&suspendisse=nunc&potenti=commodo&in=placerat&eleifend=praesent&quam=blandit&a=nam&odio=nulla&in=integer&hac=pede&habitasse=justo&platea=lacinia&dictumst=eget&maecenas=tincidunt&ut=eget&massa=tempus&quis=vel&augue=pede&luctus=morbi&tincidunt=porttitor&nulla=lorem&mollis=id&molestie=ligula&lorem=suspendisse&quisque=ornare&ut=consequat&erat=lectus,TRUE
+https://si.edu/porta/volutpat/quam/pede.json?vivamus=hendrerit&metus=at&arcu=vulputate&adipiscing=vitae&molestie=nisl&hendrerit=aenean&at=lectus&vulputate=pellentesque&vitae=eget&nisl=nunc&aenean=donec&lectus=quis&pellentesque=orci&eget=eget&nunc=orci&donec=vehicula&quis=condimentum&orci=curabitur&eget=in&orci=libero&vehicula=ut&condimentum=massa&curabitur=volutpat&in=convallis&libero=morbi&ut=odio&massa=odio&volutpat=elementum&convallis=eu&morbi=interdum&odio=eu&odio=tincidunt&elementum=in&eu=leo&interdum=maecenas&eu=pulvinar&tincidunt=lobortis&in=est&leo=phasellus&maecenas=sit&pulvinar=amet&lobortis=erat&est=nulla&phasellus=tempus&sit=vivamus&amet=in&erat=felis&nulla=eu&tempus=sapien&vivamus=cursus&in=vestibulum&felis=proin&eu=eu&sapien=mi&cursus=nulla&vestibulum=ac&proin=enim&eu=in&mi=tempor&nulla=turpis&ac=nec&enim=euismod&in=scelerisque&tempor=quam&turpis=turpis&nec=adipiscing&euismod=lorem&scelerisque=vitae&quam=mattis&turpis=nibh&adipiscing=ligula&lorem=nec&vitae=sem&mattis=duis&nibh=aliquam&ligula=convallis&nec=nunc&sem=proin&duis=at&aliquam=turpis&convallis=a&nunc=pede&proin=posuere&at=nonummy&turpis=integer&a=non&pede=velit&posuere=donec&nonummy=diam&integer=neque&non=vestibulum&velit=eget,TRUE
+http://typepad.com/at.aspx?posuere=pede&metus=justo&vitae=eu&ipsum=massa&aliquam=donec&non=dapibus&mauris=duis&morbi=at&non=velit&lectus=eu&aliquam=est&sit=congue&amet=elementum&diam=in&in=hac&magna=habitasse&bibendum=platea&imperdiet=dictumst,TRUE
+http://jigsy.com/molestie/nibh/in.png?erat=nunc&vestibulum=nisl&sed=duis&magna=bibendum&at=felis&nunc=sed&commodo=interdum&placerat=venenatis&praesent=turpis&blandit=enim&nam=blandit&nulla=mi&integer=in&pede=porttitor&justo=pede&lacinia=justo&eget=eu&tincidunt=massa&eget=donec&tempus=dapibus&vel=duis&pede=at&morbi=velit&porttitor=eu&lorem=est&id=congue&ligula=elementum&suspendisse=in&ornare=hac&consequat=habitasse&lectus=platea&in=dictumst&est=morbi&risus=vestibulum&auctor=velit&sed=id&tristique=pretium&in=iaculis&tempus=diam&sit=erat&amet=fermentum&sem=justo&fusce=nec&consequat=condimentum&nulla=neque&nisl=sapien&nunc=placerat&nisl=ante&duis=nulla&bibendum=justo&felis=aliquam&sed=quis&interdum=turpis&venenatis=eget&turpis=elit&enim=sodales&blandit=scelerisque&mi=mauris&in=sit&porttitor=amet&pede=eros&justo=suspendisse&eu=accumsan&massa=tortor&donec=quis&dapibus=turpis&duis=sed&at=ante&velit=vivamus&eu=tortor&est=duis&congue=mattis&elementum=egestas&in=metus&hac=aenean,TRUE
+http://kickstarter.com/justo.aspx?amet=sed&cursus=sagittis&id=nam&turpis=congue&integer=risus&aliquet=semper&massa=porta&id=volutpat&lobortis=quam&convallis=pede&tortor=lobortis&risus=ligula&dapibus=sit&augue=amet&vel=eleifend&accumsan=pede&tellus=libero&nisi=quis&eu=orci&orci=nullam&mauris=molestie&lacinia=nibh&sapien=in&quis=lectus&libero=pellentesque&nullam=at&sit=nulla&amet=suspendisse&turpis=potenti&elementum=cras&ligula=in&vehicula=purus&consequat=eu&morbi=magna&a=vulputate&ipsum=luctus&integer=cum&a=sociis&nibh=natoque&in=penatibus&quis=et&justo=magnis&maecenas=dis&rhoncus=parturient&aliquam=montes&lacus=nascetur&morbi=ridiculus&quis=mus&tortor=vivamus&id=vestibulum&nulla=sagittis&ultrices=sapien&aliquet=cum&maecenas=sociis&leo=natoque&odio=penatibus&condimentum=et&id=magnis&luctus=dis&nec=parturient&molestie=montes&sed=nascetur&justo=ridiculus&pellentesque=mus&viverra=etiam&pede=vel&ac=augue&diam=vestibulum&cras=rutrum&pellentesque=rutrum&volutpat=neque&dui=aenean&maecenas=auctor&tristique=gravida&est=sem&et=praesent&tempus=id&semper=massa&est=id&quam=nisl&pharetra=venenatis&magna=lacinia&ac=aenean&consequat=sit&metus=amet&sapien=justo&ut=morbi&nunc=ut&vestibulum=odio&ante=cras,TRUE
+https://constantcontact.com/quam/pede/lobortis/ligula/sit.html?pretium=eget&nisl=orci&ut=vehicula&volutpat=condimentum&sapien=curabitur&arcu=in&sed=libero&augue=ut&aliquam=massa,TRUE
+https://creativecommons.org/phasellus/in/felis/donec/semper/sapien.js?morbi=turpis&odio=elementum&odio=ligula&elementum=vehicula&eu=consequat&interdum=morbi&eu=a&tincidunt=ipsum&in=integer&leo=a&maecenas=nibh&pulvinar=in&lobortis=quis&est=justo&phasellus=maecenas&sit=rhoncus&amet=aliquam&erat=lacus&nulla=morbi&tempus=quis&vivamus=tortor&in=id&felis=nulla&eu=ultrices&sapien=aliquet,TRUE
+https://aboutads.info/rutrum.xml?volutpat=turpis&sapien=eget&arcu=elit&sed=sodales&augue=scelerisque&aliquam=mauris&erat=sit&volutpat=amet&in=eros&congue=suspendisse&etiam=accumsan&justo=tortor&etiam=quis&pretium=turpis&iaculis=sed&justo=ante&in=vivamus&hac=tortor&habitasse=duis&platea=mattis&dictumst=egestas&etiam=metus&faucibus=aenean&cursus=fermentum&urna=donec&ut=ut&tellus=mauris&nulla=eget&ut=massa&erat=tempor&id=convallis&mauris=nulla&vulputate=neque&elementum=libero&nullam=convallis&varius=eget&nulla=eleifend&facilisi=luctus&cras=ultricies&non=eu&velit=nibh&nec=quisque&nisi=id&vulputate=justo&nonummy=sit&maecenas=amet&tincidunt=sapien&lacus=dignissim&at=vestibulum&velit=vestibulum&vivamus=ante&vel=ipsum&nulla=primis&eget=in&eros=faucibus&elementum=orci&pellentesque=luctus&quisque=et&porta=ultrices&volutpat=posuere&erat=cubilia&quisque=curae&erat=nulla&eros=dapibus,TRUE
+http://ehow.com/vitae/mattis.html?molestie=dolor&hendrerit=quis&at=odio&vulputate=consequat&vitae=varius&nisl=integer&aenean=ac&lectus=leo&pellentesque=pellentesque&eget=ultrices&nunc=mattis&donec=odio&quis=donec&orci=vitae&eget=nisi&orci=nam&vehicula=ultrices&condimentum=libero&curabitur=non&in=mattis&libero=pulvinar&ut=nulla&massa=pede&volutpat=ullamcorper&convallis=augue&morbi=a&odio=suscipit&odio=nulla&elementum=elit&eu=ac&interdum=nulla&eu=sed&tincidunt=vel&in=enim&leo=sit&maecenas=amet&pulvinar=nunc&lobortis=viverra&est=dapibus&phasellus=nulla&sit=suscipit&amet=ligula,TRUE
+https://twitter.com/nullam/porttitor/lacus/at.xml?sit=sed&amet=tristique&justo=in&morbi=tempus&ut=sit,TRUE
+https://slideshare.net/elementum.png?vitae=lectus&nisi=suspendisse&nam=potenti&ultrices=in&libero=eleifend&non=quam&mattis=a&pulvinar=odio&nulla=in&pede=hac&ullamcorper=habitasse&augue=platea&a=dictumst&suscipit=maecenas&nulla=ut&elit=massa&ac=quis&nulla=augue&sed=luctus&vel=tincidunt&enim=nulla&sit=mollis&amet=molestie&nunc=lorem&viverra=quisque&dapibus=ut&nulla=erat&suscipit=curabitur&ligula=gravida&in=nisi&lacus=at&curabitur=nibh&at=in&ipsum=hac&ac=habitasse,TRUE
+https://google.ca/ligula/suspendisse/ornare/consequat.jpg?porttitor=vivamus&pede=tortor&justo=duis&eu=mattis&massa=egestas&donec=metus&dapibus=aenean&duis=fermentum&at=donec&velit=ut&eu=mauris&est=eget&congue=massa&elementum=tempor&in=convallis&hac=nulla&habitasse=neque&platea=libero&dictumst=convallis&morbi=eget&vestibulum=eleifend&velit=luctus&id=ultricies&pretium=eu&iaculis=nibh&diam=quisque&erat=id&fermentum=justo&justo=sit&nec=amet&condimentum=sapien&neque=dignissim&sapien=vestibulum&placerat=vestibulum&ante=ante&nulla=ipsum&justo=primis&aliquam=in&quis=faucibus&turpis=orci&eget=luctus&elit=et&sodales=ultrices&scelerisque=posuere&mauris=cubilia&sit=curae&amet=nulla&eros=dapibus&suspendisse=dolor&accumsan=vel&tortor=est&quis=donec&turpis=odio&sed=justo&ante=sollicitudin&vivamus=ut&tortor=suscipit&duis=a&mattis=feugiat&egestas=et&metus=eros&aenean=vestibulum&fermentum=ac&donec=est&ut=lacinia&mauris=nisi&eget=venenatis&massa=tristique&tempor=fusce&convallis=congue&nulla=diam&neque=id&libero=ornare&convallis=imperdiet&eget=sapien&eleifend=urna&luctus=pretium&ultricies=nisl&eu=ut&nibh=volutpat&quisque=sapien&id=arcu&justo=sed&sit=augue,TRUE
+http://cafepress.com/accumsan/tellus/nisi/eu/orci/mauris.json?suspendisse=vestibulum&potenti=ante&in=ipsum&eleifend=primis&quam=in,TRUE
+http://umich.edu/vivamus/metus/arcu/adipiscing/molestie.jpg?quisque=nam&ut=congue&erat=risus&curabitur=semper&gravida=porta&nisi=volutpat&at=quam,TRUE
+http://ca.gov/sed/augue/aliquam.xml?proin=arcu&interdum=sed&mauris=augue&non=aliquam&ligula=erat&pellentesque=volutpat&ultrices=in&phasellus=congue&id=etiam&sapien=justo&in=etiam&sapien=pretium&iaculis=iaculis&congue=justo&vivamus=in&metus=hac&arcu=habitasse&adipiscing=platea&molestie=dictumst&hendrerit=etiam&at=faucibus&vulputate=cursus&vitae=urna&nisl=ut&aenean=tellus&lectus=nulla&pellentesque=ut&eget=erat&nunc=id&donec=mauris&quis=vulputate&orci=elementum&eget=nullam&orci=varius&vehicula=nulla&condimentum=facilisi&curabitur=cras&in=non&libero=velit&ut=nec&massa=nisi&volutpat=vulputate&convallis=nonummy&morbi=maecenas&odio=tincidunt&odio=lacus&elementum=at&eu=velit&interdum=vivamus&eu=vel&tincidunt=nulla&in=eget&leo=eros&maecenas=elementum&pulvinar=pellentesque&lobortis=quisque&est=porta&phasellus=volutpat&sit=erat&amet=quisque&erat=erat&nulla=eros&tempus=viverra&vivamus=eget,TRUE
+https://bloglovin.com/at/nunc.json?enim=potenti&sit=in&amet=eleifend&nunc=quam&viverra=a&dapibus=odio&nulla=in&suscipit=hac&ligula=habitasse&in=platea&lacus=dictumst&curabitur=maecenas&at=ut&ipsum=massa&ac=quis&tellus=augue&semper=luctus&interdum=tincidunt&mauris=nulla&ullamcorper=mollis&purus=molestie&sit=lorem&amet=quisque&nulla=ut&quisque=erat&arcu=curabitur&libero=gravida&rutrum=nisi&ac=at&lobortis=nibh&vel=in&dapibus=hac&at=habitasse,TRUE
+http://shareasale.com/donec/diam/neque.js?pede=maecenas&malesuada=tincidunt&in=lacus&imperdiet=at&et=velit&commodo=vivamus&vulputate=vel&justo=nulla&in=eget&blandit=eros&ultrices=elementum&enim=pellentesque&lorem=quisque&ipsum=porta&dolor=volutpat&sit=erat&amet=quisque&consectetuer=erat&adipiscing=eros&elit=viverra&proin=eget&interdum=congue&mauris=eget&non=semper&ligula=rutrum&pellentesque=nulla&ultrices=nunc&phasellus=purus&id=phasellus&sapien=in&in=felis,TRUE
+https://harvard.edu/mattis.jpg?eu=libero&sapien=nullam&cursus=sit&vestibulum=amet&proin=turpis&eu=elementum&mi=ligula&nulla=vehicula&ac=consequat&enim=morbi&in=a&tempor=ipsum&turpis=integer&nec=a&euismod=nibh&scelerisque=in&quam=quis&turpis=justo&adipiscing=maecenas&lorem=rhoncus&vitae=aliquam&mattis=lacus&nibh=morbi&ligula=quis&nec=tortor&sem=id&duis=nulla&aliquam=ultrices&convallis=aliquet&nunc=maecenas&proin=leo&at=odio&turpis=condimentum&a=id&pede=luctus&posuere=nec&nonummy=molestie&integer=sed&non=justo&velit=pellentesque&donec=viverra&diam=pede&neque=ac&vestibulum=diam&eget=cras&vulputate=pellentesque&ut=volutpat&ultrices=dui&vel=maecenas&augue=tristique&vestibulum=est&ante=et&ipsum=tempus&primis=semper&in=est&faucibus=quam&orci=pharetra&luctus=magna&et=ac&ultrices=consequat&posuere=metus&cubilia=sapien&curae=ut&donec=nunc&pharetra=vestibulum&magna=ante&vestibulum=ipsum&aliquet=primis&ultrices=in&erat=faucibus&tortor=orci&sollicitudin=luctus&mi=et&sit=ultrices&amet=posuere&lobortis=cubilia&sapien=curae&sapien=mauris&non=viverra&mi=diam&integer=vitae&ac=quam&neque=suspendisse&duis=potenti&bibendum=nullam&morbi=porttitor&non=lacus&quam=at&nec=turpis&dui=donec,TRUE
+https://globo.com/velit/id/pretium/iaculis/diam.xml?accumsan=iaculis&tortor=congue&quis=vivamus&turpis=metus&sed=arcu&ante=adipiscing,TRUE
+https://blogs.com/eu/orci/mauris/lacinia.html?nibh=non&ligula=pretium&nec=quis&sem=lectus&duis=suspendisse&aliquam=potenti&convallis=in&nunc=eleifend&proin=quam&at=a&turpis=odio&a=in&pede=hac&posuere=habitasse&nonummy=platea&integer=dictumst&non=maecenas&velit=ut&donec=massa&diam=quis&neque=augue&vestibulum=luctus&eget=tincidunt&vulputate=nulla&ut=mollis&ultrices=molestie&vel=lorem&augue=quisque&vestibulum=ut&ante=erat&ipsum=curabitur&primis=gravida&in=nisi&faucibus=at&orci=nibh&luctus=in&et=hac&ultrices=habitasse&posuere=platea&cubilia=dictumst&curae=aliquam&donec=augue&pharetra=quam&magna=sollicitudin&vestibulum=vitae&aliquet=consectetuer&ultrices=eget&erat=rutrum&tortor=at&sollicitudin=lorem&mi=integer&sit=tincidunt&amet=ante&lobortis=vel&sapien=ipsum&sapien=praesent&non=blandit&mi=lacinia&integer=erat,TRUE
+http://skype.com/dictumst/morbi/vestibulum/velit.json?sapien=elementum&in=nullam&sapien=varius&iaculis=nulla&congue=facilisi&vivamus=cras&metus=non&arcu=velit&adipiscing=nec&molestie=nisi&hendrerit=vulputate&at=nonummy&vulputate=maecenas&vitae=tincidunt&nisl=lacus&aenean=at&lectus=velit&pellentesque=vivamus&eget=vel&nunc=nulla&donec=eget&quis=eros&orci=elementum&eget=pellentesque&orci=quisque&vehicula=porta&condimentum=volutpat&curabitur=erat&in=quisque&libero=erat&ut=eros&massa=viverra&volutpat=eget&convallis=congue&morbi=eget&odio=semper&odio=rutrum&elementum=nulla&eu=nunc&interdum=purus&eu=phasellus&tincidunt=in&in=felis&leo=donec&maecenas=semper&pulvinar=sapien&lobortis=a&est=libero&phasellus=nam&sit=dui&amet=proin&erat=leo&nulla=odio&tempus=porttitor&vivamus=id&in=consequat&felis=in&eu=consequat&sapien=ut&cursus=nulla&vestibulum=sed&proin=accumsan&eu=felis&mi=ut&nulla=at&ac=dolor&enim=quis&in=odio&tempor=consequat&turpis=varius&nec=integer&euismod=ac&scelerisque=leo&quam=pellentesque&turpis=ultrices&adipiscing=mattis&lorem=odio&vitae=donec&mattis=vitae&nibh=nisi&ligula=nam,TRUE
+https://flickr.com/sapien/cursus.html?ligula=vulputate&pellentesque=luctus&ultrices=cum&phasellus=sociis&id=natoque&sapien=penatibus&in=et&sapien=magnis&iaculis=dis&congue=parturient&vivamus=montes&metus=nascetur&arcu=ridiculus&adipiscing=mus&molestie=vivamus&hendrerit=vestibulum&at=sagittis&vulputate=sapien&vitae=cum&nisl=sociis&aenean=natoque&lectus=penatibus&pellentesque=et&eget=magnis&nunc=dis&donec=parturient&quis=montes&orci=nascetur&eget=ridiculus&orci=mus&vehicula=etiam&condimentum=vel&curabitur=augue&in=vestibulum&libero=rutrum&ut=rutrum&massa=neque&volutpat=aenean&convallis=auctor&morbi=gravida&odio=sem&odio=praesent&elementum=id&eu=massa&interdum=id&eu=nisl&tincidunt=venenatis&in=lacinia&leo=aenean&maecenas=sit&pulvinar=amet&lobortis=justo&est=morbi&phasellus=ut&sit=odio&amet=cras&erat=mi&nulla=pede&tempus=malesuada&vivamus=in&in=imperdiet&felis=et&eu=commodo&sapien=vulputate&cursus=justo&vestibulum=in&proin=blandit&eu=ultrices&mi=enim&nulla=lorem&ac=ipsum&enim=dolor&in=sit&tempor=amet&turpis=consectetuer&nec=adipiscing&euismod=elit&scelerisque=proin&quam=interdum&turpis=mauris&adipiscing=non,TRUE
+http://cnn.com/eleifend/pede/libero/quis/orci/nullam/molestie.js?morbi=lacinia&ut=erat&odio=vestibulum&cras=sed&mi=magna&pede=at&malesuada=nunc&in=commodo&imperdiet=placerat&et=praesent,TRUE
+http://is.gd/fusce.jpg?ac=rutrum&leo=neque&pellentesque=aenean&ultrices=auctor&mattis=gravida&odio=sem&donec=praesent&vitae=id&nisi=massa&nam=id&ultrices=nisl,TRUE
+http://xinhuanet.com/magna/vestibulum/aliquet/ultrices/erat.html?justo=ut&pellentesque=volutpat&viverra=sapien&pede=arcu&ac=sed&diam=augue&cras=aliquam&pellentesque=erat&volutpat=volutpat&dui=in&maecenas=congue&tristique=etiam&est=justo&et=etiam&tempus=pretium&semper=iaculis&est=justo&quam=in&pharetra=hac&magna=habitasse&ac=platea&consequat=dictumst&metus=etiam&sapien=faucibus&ut=cursus&nunc=urna&vestibulum=ut&ante=tellus&ipsum=nulla&primis=ut&in=erat&faucibus=id&orci=mauris&luctus=vulputate&et=elementum&ultrices=nullam&posuere=varius&cubilia=nulla&curae=facilisi&mauris=cras&viverra=non&diam=velit&vitae=nec&quam=nisi&suspendisse=vulputate&potenti=nonummy&nullam=maecenas&porttitor=tincidunt&lacus=lacus&at=at&turpis=velit&donec=vivamus&posuere=vel&metus=nulla&vitae=eget&ipsum=eros&aliquam=elementum&non=pellentesque&mauris=quisque&morbi=porta&non=volutpat&lectus=erat&aliquam=quisque&sit=erat&amet=eros&diam=viverra&in=eget&magna=congue&bibendum=eget&imperdiet=semper&nullam=rutrum&orci=nulla&pede=nunc&venenatis=purus&non=phasellus&sodales=in&sed=felis&tincidunt=donec&eu=semper&felis=sapien&fusce=a&posuere=libero&felis=nam&sed=dui&lacus=proin&morbi=leo&sem=odio&mauris=porttitor&laoreet=id&ut=consequat&rhoncus=in&aliquet=consequat&pulvinar=ut&sed=nulla&nisl=sed&nunc=accumsan&rhoncus=felis&dui=ut&vel=at,TRUE
+https://paypal.com/etiam/faucibus.json?lacus=ipsum&morbi=aliquam&sem=non&mauris=mauris&laoreet=morbi&ut=non&rhoncus=lectus&aliquet=aliquam&pulvinar=sit&sed=amet&nisl=diam&nunc=in&rhoncus=magna&dui=bibendum&vel=imperdiet&sem=nullam&sed=orci&sagittis=pede,TRUE
+http://mashable.com/consequat.json?vel=congue&augue=diam&vestibulum=id&ante=ornare&ipsum=imperdiet&primis=sapien&in=urna&faucibus=pretium&orci=nisl&luctus=ut&et=volutpat&ultrices=sapien&posuere=arcu&cubilia=sed&curae=augue&donec=aliquam&pharetra=erat&magna=volutpat&vestibulum=in&aliquet=congue&ultrices=etiam&erat=justo&tortor=etiam&sollicitudin=pretium&mi=iaculis&sit=justo&amet=in&lobortis=hac&sapien=habitasse&sapien=platea&non=dictumst&mi=etiam&integer=faucibus&ac=cursus&neque=urna&duis=ut&bibendum=tellus&morbi=nulla&non=ut&quam=erat&nec=id&dui=mauris,TRUE
+http://nba.com/mauris/enim.aspx?turpis=posuere&nec=cubilia&euismod=curae&scelerisque=duis&quam=faucibus&turpis=accumsan&adipiscing=odio&lorem=curabitur&vitae=convallis&mattis=duis&nibh=consequat&ligula=dui&nec=nec&sem=nisi&duis=volutpat&aliquam=eleifend&convallis=donec&nunc=ut&proin=dolor&at=morbi&turpis=vel&a=lectus&pede=in&posuere=quam&nonummy=fringilla&integer=rhoncus&non=mauris&velit=enim&donec=leo&diam=rhoncus&neque=sed&vestibulum=vestibulum&eget=sit&vulputate=amet&ut=cursus&ultrices=id&vel=turpis&augue=integer&vestibulum=aliquet&ante=massa&ipsum=id&primis=lobortis&in=convallis&faucibus=tortor&orci=risus&luctus=dapibus&et=augue&ultrices=vel&posuere=accumsan&cubilia=tellus&curae=nisi&donec=eu&pharetra=orci&magna=mauris&vestibulum=lacinia&aliquet=sapien&ultrices=quis&erat=libero&tortor=nullam&sollicitudin=sit,TRUE
+http://ehow.com/aenean/sit/amet/justo/morbi/ut.jsp?tempus=pellentesque&semper=quisque&est=porta&quam=volutpat&pharetra=erat&magna=quisque&ac=erat&consequat=eros&metus=viverra&sapien=eget&ut=congue&nunc=eget&vestibulum=semper&ante=rutrum&ipsum=nulla&primis=nunc&in=purus&faucibus=phasellus&orci=in&luctus=felis&et=donec&ultrices=semper&posuere=sapien&cubilia=a&curae=libero&mauris=nam&viverra=dui&diam=proin&vitae=leo&quam=odio&suspendisse=porttitor&potenti=id&nullam=consequat&porttitor=in&lacus=consequat&at=ut&turpis=nulla&donec=sed&posuere=accumsan&metus=felis&vitae=ut&ipsum=at&aliquam=dolor&non=quis&mauris=odio&morbi=consequat&non=varius&lectus=integer&aliquam=ac&sit=leo&amet=pellentesque&diam=ultrices&in=mattis&magna=odio,TRUE
+http://spotify.com/aliquam/convallis.jpg?sit=ornare&amet=imperdiet&eros=sapien&suspendisse=urna&accumsan=pretium&tortor=nisl&quis=ut&turpis=volutpat&sed=sapien&ante=arcu&vivamus=sed&tortor=augue&duis=aliquam&mattis=erat&egestas=volutpat&metus=in&aenean=congue&fermentum=etiam&donec=justo&ut=etiam&mauris=pretium&eget=iaculis&massa=justo&tempor=in&convallis=hac&nulla=habitasse&neque=platea&libero=dictumst&convallis=etiam&eget=faucibus&eleifend=cursus&luctus=urna&ultricies=ut&eu=tellus&nibh=nulla&quisque=ut&id=erat&justo=id&sit=mauris&amet=vulputate&sapien=elementum&dignissim=nullam&vestibulum=varius&vestibulum=nulla&ante=facilisi&ipsum=cras&primis=non&in=velit&faucibus=nec&orci=nisi&luctus=vulputate&et=nonummy&ultrices=maecenas&posuere=tincidunt&cubilia=lacus&curae=at&nulla=velit&dapibus=vivamus,TRUE
+http://ycombinator.com/nunc/rhoncus/dui/vel.js?potenti=vestibulum&nullam=aliquet&porttitor=ultrices&lacus=erat&at=tortor&turpis=sollicitudin&donec=mi&posuere=sit&metus=amet&vitae=lobortis&ipsum=sapien&aliquam=sapien&non=non&mauris=mi&morbi=integer&non=ac&lectus=neque&aliquam=duis&sit=bibendum&amet=morbi&diam=non&in=quam&magna=nec&bibendum=dui&imperdiet=luctus&nullam=rutrum&orci=nulla&pede=tellus&venenatis=in&non=sagittis&sodales=dui&sed=vel&tincidunt=nisl&eu=duis&felis=ac&fusce=nibh&posuere=fusce&felis=lacus&sed=purus&lacus=aliquet&morbi=at&sem=feugiat&mauris=non&laoreet=pretium&ut=quis&rhoncus=lectus&aliquet=suspendisse&pulvinar=potenti&sed=in&nisl=eleifend&nunc=quam&rhoncus=a&dui=odio&vel=in&sem=hac&sed=habitasse&sagittis=platea&nam=dictumst&congue=maecenas&risus=ut&semper=massa&porta=quis&volutpat=augue&quam=luctus&pede=tincidunt&lobortis=nulla&ligula=mollis&sit=molestie&amet=lorem&eleifend=quisque&pede=ut&libero=erat&quis=curabitur&orci=gravida&nullam=nisi&molestie=at&nibh=nibh&in=in&lectus=hac&pellentesque=habitasse&at=platea&nulla=dictumst&suspendisse=aliquam&potenti=augue&cras=quam&in=sollicitudin&purus=vitae&eu=consectetuer,TRUE
+https://army.mil/hendrerit/at/vulputate/vitae/nisl.xml?cubilia=ante&curae=nulla&duis=justo&faucibus=aliquam&accumsan=quis&odio=turpis&curabitur=eget&convallis=elit&duis=sodales&consequat=scelerisque&dui=mauris&nec=sit&nisi=amet&volutpat=eros&eleifend=suspendisse&donec=accumsan&ut=tortor&dolor=quis&morbi=turpis&vel=sed&lectus=ante&in=vivamus&quam=tortor&fringilla=duis&rhoncus=mattis,TRUE
+https://auda.org.au/pede/morbi/porttitor/lorem.png?mus=justo&vivamus=pellentesque&vestibulum=viverra&sagittis=pede&sapien=ac&cum=diam&sociis=cras&natoque=pellentesque&penatibus=volutpat&et=dui&magnis=maecenas&dis=tristique&parturient=est&montes=et&nascetur=tempus&ridiculus=semper&mus=est&etiam=quam&vel=pharetra&augue=magna&vestibulum=ac&rutrum=consequat&rutrum=metus&neque=sapien&aenean=ut&auctor=nunc&gravida=vestibulum&sem=ante&praesent=ipsum&id=primis&massa=in&id=faucibus&nisl=orci&venenatis=luctus&lacinia=et&aenean=ultrices&sit=posuere&amet=cubilia&justo=curae&morbi=mauris&ut=viverra&odio=diam&cras=vitae&mi=quam&pede=suspendisse&malesuada=potenti&in=nullam&imperdiet=porttitor&et=lacus&commodo=at&vulputate=turpis&justo=donec&in=posuere&blandit=metus&ultrices=vitae&enim=ipsum&lorem=aliquam&ipsum=non&dolor=mauris&sit=morbi&amet=non&consectetuer=lectus&adipiscing=aliquam&elit=sit,TRUE
+https://auda.org.au/quis/tortor/id/nulla/ultrices/aliquet/maecenas.png?aliquam=aliquam&erat=erat&volutpat=volutpat&in=in&congue=congue&etiam=etiam&justo=justo&etiam=etiam&pretium=pretium&iaculis=iaculis&justo=justo&in=in&hac=hac&habitasse=habitasse&platea=platea&dictumst=dictumst&etiam=etiam&faucibus=faucibus&cursus=cursus&urna=urna&ut=ut&tellus=tellus&nulla=nulla&ut=ut&erat=erat&id=id&mauris=mauris&vulputate=vulputate&elementum=elementum&nullam=nullam&varius=varius&nulla=nulla&facilisi=facilisi&cras=cras&non=non&velit=velit&nec=nec&nisi=nisi&vulputate=vulputate&nonummy=nonummy&maecenas=maecenas&tincidunt=tincidunt&lacus=lacus&at=at&velit=velit&vivamus=vivamus&vel=vel&nulla=nulla&eget=eget&eros=eros&elementum=elementum,TRUE
+http://arizona.edu/leo/maecenas/pulvinar/lobortis.html?eu=molestie&est=nibh&congue=in&elementum=lectus&in=pellentesque&hac=at&habitasse=nulla&platea=suspendisse&dictumst=potenti&morbi=cras&vestibulum=in&velit=purus&id=eu&pretium=magna&iaculis=vulputate,TRUE
+http://addthis.com/nulla/nunc/purus/phasellus/in/felis/donec.jpg?fusce=odio&lacus=elementum&purus=eu&aliquet=interdum&at=eu&feugiat=tincidunt&non=in&pretium=leo&quis=maecenas&lectus=pulvinar&suspendisse=lobortis&potenti=est&in=phasellus&eleifend=sit&quam=amet&a=erat&odio=nulla&in=tempus&hac=vivamus&habitasse=in&platea=felis&dictumst=eu&maecenas=sapien&ut=cursus,TRUE
+https://wp.com/ipsum/primis/in/faucibus/orci/luctus.jpg?egestas=proin&metus=eu&aenean=mi&fermentum=nulla&donec=ac&ut=enim&mauris=in&eget=tempor&massa=turpis&tempor=nec&convallis=euismod&nulla=scelerisque&neque=quam&libero=turpis&convallis=adipiscing&eget=lorem&eleifend=vitae&luctus=mattis&ultricies=nibh&eu=ligula&nibh=nec&quisque=sem&id=duis&justo=aliquam&sit=convallis&amet=nunc&sapien=proin&dignissim=at&vestibulum=turpis&vestibulum=a&ante=pede&ipsum=posuere&primis=nonummy&in=integer&faucibus=non&orci=velit&luctus=donec&et=diam&ultrices=neque&posuere=vestibulum&cubilia=eget&curae=vulputate&nulla=ut&dapibus=ultrices&dolor=vel&vel=augue&est=vestibulum&donec=ante&odio=ipsum&justo=primis&sollicitudin=in&ut=faucibus&suscipit=orci&a=luctus&feugiat=et&et=ultrices&eros=posuere&vestibulum=cubilia&ac=curae&est=donec&lacinia=pharetra&nisi=magna&venenatis=vestibulum&tristique=aliquet&fusce=ultrices&congue=erat&diam=tortor&id=sollicitudin&ornare=mi&imperdiet=sit&sapien=amet&urna=lobortis&pretium=sapien&nisl=sapien&ut=non&volutpat=mi&sapien=integer&arcu=ac,TRUE
+http://amazon.com/id.js?accumsan=suspendisse&felis=potenti&ut=in&at=eleifend&dolor=quam&quis=a&odio=odio&consequat=in&varius=hac&integer=habitasse&ac=platea&leo=dictumst&pellentesque=maecenas&ultrices=ut&mattis=massa&odio=quis&donec=augue&vitae=luctus&nisi=tincidunt&nam=nulla&ultrices=mollis&libero=molestie&non=lorem,TRUE
+http://boston.com/suspendisse/potenti/cras/in/purus/eu/magna.aspx?ac=eu&consequat=est&metus=congue&sapien=elementum&ut=in&nunc=hac&vestibulum=habitasse&ante=platea&ipsum=dictumst&primis=morbi&in=vestibulum&faucibus=velit&orci=id&luctus=pretium&et=iaculis&ultrices=diam&posuere=erat&cubilia=fermentum&curae=justo&mauris=nec&viverra=condimentum&diam=neque&vitae=sapien&quam=placerat&suspendisse=ante&potenti=nulla&nullam=justo&porttitor=aliquam&lacus=quis&at=turpis&turpis=eget&donec=elit&posuere=sodales&metus=scelerisque&vitae=mauris&ipsum=sit&aliquam=amet&non=eros&mauris=suspendisse&morbi=accumsan&non=tortor&lectus=quis&aliquam=turpis&sit=sed&amet=ante&diam=vivamus&in=tortor&magna=duis&bibendum=mattis&imperdiet=egestas&nullam=metus&orci=aenean&pede=fermentum&venenatis=donec&non=ut&sodales=mauris&sed=eget&tincidunt=massa&eu=tempor&felis=convallis&fusce=nulla&posuere=neque&felis=libero&sed=convallis&lacus=eget&morbi=eleifend&sem=luctus&mauris=ultricies&laoreet=eu&ut=nibh&rhoncus=quisque&aliquet=id&pulvinar=justo&sed=sit&nisl=amet&nunc=sapien&rhoncus=dignissim&dui=vestibulum&vel=vestibulum&sem=ante&sed=ipsum&sagittis=primis&nam=in&congue=faucibus&risus=orci&semper=luctus&porta=et&volutpat=ultrices&quam=posuere&pede=cubilia&lobortis=curae&ligula=nulla&sit=dapibus,TRUE
+https://amazon.de/tortor/sollicitudin/mi/sit.jsp?eu=phasellus&interdum=sit&eu=amet&tincidunt=erat&in=nulla&leo=tempus&maecenas=vivamus&pulvinar=in&lobortis=felis&est=eu&phasellus=sapien&sit=cursus&amet=vestibulum&erat=proin&nulla=eu&tempus=mi&vivamus=nulla&in=ac&felis=enim&eu=in&sapien=tempor&cursus=turpis&vestibulum=nec&proin=euismod&eu=scelerisque&mi=quam&nulla=turpis&ac=adipiscing&enim=lorem&in=vitae&tempor=mattis&turpis=nibh&nec=ligula&euismod=nec&scelerisque=sem&quam=duis&turpis=aliquam&adipiscing=convallis&lorem=nunc&vitae=proin&mattis=at&nibh=turpis&ligula=a&nec=pede&sem=posuere&duis=nonummy&aliquam=integer&convallis=non&nunc=velit&proin=donec&at=diam&turpis=neque&a=vestibulum&pede=eget&posuere=vulputate&nonummy=ut&integer=ultrices&non=vel&velit=augue&donec=vestibulum&diam=ante&neque=ipsum&vestibulum=primis&eget=in&vulputate=faucibus&ut=orci&ultrices=luctus&vel=et&augue=ultrices&vestibulum=posuere&ante=cubilia&ipsum=curae&primis=donec&in=pharetra&faucibus=magna&orci=vestibulum&luctus=aliquet&et=ultrices&ultrices=erat&posuere=tortor&cubilia=sollicitudin&curae=mi&donec=sit&pharetra=amet&magna=lobortis&vestibulum=sapien&aliquet=sapien&ultrices=non&erat=mi&tortor=integer&sollicitudin=ac&mi=neque&sit=duis&amet=bibendum&lobortis=morbi&sapien=non&sapien=quam,TRUE
+http://seesaa.net/eget/eros/elementum.aspx?fusce=enim&lacus=lorem&purus=ipsum&aliquet=dolor&at=sit&feugiat=amet&non=consectetuer&pretium=adipiscing&quis=elit&lectus=proin&suspendisse=interdum&potenti=mauris&in=non&eleifend=ligula&quam=pellentesque&a=ultrices&odio=phasellus&in=id&hac=sapien&habitasse=in&platea=sapien&dictumst=iaculis&maecenas=congue&ut=vivamus&massa=metus&quis=arcu&augue=adipiscing&luctus=molestie&tincidunt=hendrerit&nulla=at&mollis=vulputate&molestie=vitae&lorem=nisl&quisque=aenean&ut=lectus&erat=pellentesque&curabitur=eget&gravida=nunc&nisi=donec&at=quis&nibh=orci&in=eget&hac=orci&habitasse=vehicula&platea=condimentum&dictumst=curabitur&aliquam=in&augue=libero&quam=ut&sollicitudin=massa&vitae=volutpat&consectetuer=convallis&eget=morbi&rutrum=odio&at=odio&lorem=elementum&integer=eu&tincidunt=interdum&ante=eu&vel=tincidunt&ipsum=in&praesent=leo&blandit=maecenas&lacinia=pulvinar&erat=lobortis&vestibulum=est&sed=phasellus&magna=sit&at=amet&nunc=erat&commodo=nulla&placerat=tempus&praesent=vivamus&blandit=in&nam=felis&nulla=eu&integer=sapien&pede=cursus&justo=vestibulum&lacinia=proin&eget=eu&tincidunt=mi&eget=nulla&tempus=ac&vel=enim&pede=in&morbi=tempor,TRUE
+https://liveinternet.ru/in.aspx?integer=enim&non=blandit&velit=mi&donec=in&diam=porttitor&neque=pede&vestibulum=justo&eget=eu&vulputate=massa&ut=donec&ultrices=dapibus&vel=duis&augue=at&vestibulum=velit&ante=eu&ipsum=est&primis=congue&in=elementum&faucibus=in&orci=hac&luctus=habitasse&et=platea&ultrices=dictumst&posuere=morbi&cubilia=vestibulum&curae=velit&donec=id&pharetra=pretium&magna=iaculis&vestibulum=diam&aliquet=erat&ultrices=fermentum&erat=justo&tortor=nec&sollicitudin=condimentum&mi=neque&sit=sapien&amet=placerat&lobortis=ante&sapien=nulla&sapien=justo&non=aliquam&mi=quis&integer=turpis&ac=eget&neque=elit&duis=sodales&bibendum=scelerisque&morbi=mauris&non=sit&quam=amet&nec=eros&dui=suspendisse&luctus=accumsan&rutrum=tortor&nulla=quis&tellus=turpis&in=sed&sagittis=ante&dui=vivamus&vel=tortor&nisl=duis&duis=mattis&ac=egestas&nibh=metus&fusce=aenean&lacus=fermentum&purus=donec&aliquet=ut&at=mauris&feugiat=eget&non=massa,TRUE
+https://biglobe.ne.jp/tincidunt/eu/felis.jsp?erat=integer&quisque=ac&erat=leo&eros=pellentesque&viverra=ultrices&eget=mattis&congue=odio&eget=donec&semper=vitae&rutrum=nisi&nulla=nam&nunc=ultrices&purus=libero&phasellus=non&in=mattis&felis=pulvinar&donec=nulla&semper=pede&sapien=ullamcorper&a=augue&libero=a&nam=suscipit&dui=nulla&proin=elit&leo=ac&odio=nulla&porttitor=sed&id=vel&consequat=enim&in=sit&consequat=amet&ut=nunc&nulla=viverra&sed=dapibus&accumsan=nulla&felis=suscipit&ut=ligula&at=in&dolor=lacus&quis=curabitur&odio=at&consequat=ipsum&varius=ac&integer=tellus&ac=semper&leo=interdum&pellentesque=mauris&ultrices=ullamcorper&mattis=purus&odio=sit&donec=amet&vitae=nulla,TRUE
+http://guardian.co.uk/scelerisque/quam/turpis/adipiscing.aspx?vel=imperdiet&est=nullam&donec=orci&odio=pede&justo=venenatis&sollicitudin=non&ut=sodales&suscipit=sed&a=tincidunt&feugiat=eu&et=felis&eros=fusce&vestibulum=posuere&ac=felis&est=sed&lacinia=lacus&nisi=morbi&venenatis=sem&tristique=mauris&fusce=laoreet&congue=ut&diam=rhoncus&id=aliquet&ornare=pulvinar&imperdiet=sed&sapien=nisl&urna=nunc&pretium=rhoncus&nisl=dui&ut=vel&volutpat=sem&sapien=sed&arcu=sagittis&sed=nam&augue=congue&aliquam=risus&erat=semper&volutpat=porta&in=volutpat&congue=quam&etiam=pede&justo=lobortis&etiam=ligula,TRUE
+http://typepad.com/vehicula.js?habitasse=eget&platea=semper&dictumst=rutrum&etiam=nulla&faucibus=nunc&cursus=purus,TRUE
+http://exblog.jp/eget/semper/rutrum.jpg?venenatis=eget&non=eros&sodales=elementum&sed=pellentesque&tincidunt=quisque&eu=porta&felis=volutpat&fusce=erat&posuere=quisque&felis=erat&sed=eros&lacus=viverra&morbi=eget&sem=congue&mauris=eget&laoreet=semper,TRUE
+http://google.pl/maecenas/rhoncus/aliquam.json?neque=eros&duis=viverra&bibendum=eget&morbi=congue&non=eget&quam=semper&nec=rutrum&dui=nulla&luctus=nunc&rutrum=purus&nulla=phasellus&tellus=in&in=felis&sagittis=donec,TRUE
+http://icq.com/volutpat/eleifend/donec/ut/dolor.html?aliquet=sapien&at=dignissim&feugiat=vestibulum&non=vestibulum&pretium=ante&quis=ipsum&lectus=primis&suspendisse=in&potenti=faucibus&in=orci&eleifend=luctus&quam=et&a=ultrices&odio=posuere&in=cubilia&hac=curae&habitasse=nulla&platea=dapibus&dictumst=dolor&maecenas=vel&ut=est&massa=donec&quis=odio&augue=justo&luctus=sollicitudin&tincidunt=ut&nulla=suscipit&mollis=a&molestie=feugiat&lorem=et&quisque=eros&ut=vestibulum&erat=ac&curabitur=est&gravida=lacinia&nisi=nisi&at=venenatis&nibh=tristique&in=fusce&hac=congue&habitasse=diam&platea=id&dictumst=ornare&aliquam=imperdiet&augue=sapien&quam=urna&sollicitudin=pretium&vitae=nisl&consectetuer=ut&eget=volutpat&rutrum=sapien&at=arcu&lorem=sed&integer=augue&tincidunt=aliquam&ante=erat&vel=volutpat&ipsum=in&praesent=congue&blandit=etiam&lacinia=justo&erat=etiam&vestibulum=pretium&sed=iaculis&magna=justo&at=in&nunc=hac&commodo=habitasse&placerat=platea&praesent=dictumst&blandit=etiam&nam=faucibus&nulla=cursus&integer=urna&pede=ut&justo=tellus&lacinia=nulla&eget=ut&tincidunt=erat&eget=id&tempus=mauris&vel=vulputate&pede=elementum&morbi=nullam&porttitor=varius&lorem=nulla&id=facilisi&ligula=cras&suspendisse=non&ornare=velit&consequat=nec&lectus=nisi&in=vulputate&est=nonummy&risus=maecenas&auctor=tincidunt,TRUE
+https://nytimes.com/nullam/sit/amet/turpis.js?mattis=nulla&nibh=dapibus&ligula=dolor&nec=vel&sem=est&duis=donec&aliquam=odio&convallis=justo&nunc=sollicitudin&proin=ut&at=suscipit&turpis=a&a=feugiat&pede=et&posuere=eros&nonummy=vestibulum&integer=ac&non=est&velit=lacinia&donec=nisi&diam=venenatis&neque=tristique&vestibulum=fusce&eget=congue&vulputate=diam&ut=id&ultrices=ornare&vel=imperdiet&augue=sapien&vestibulum=urna&ante=pretium&ipsum=nisl&primis=ut&in=volutpat&faucibus=sapien&orci=arcu&luctus=sed&et=augue&ultrices=aliquam&posuere=erat&cubilia=volutpat&curae=in&donec=congue&pharetra=etiam&magna=justo&vestibulum=etiam&aliquet=pretium&ultrices=iaculis&erat=justo&tortor=in&sollicitudin=hac&mi=habitasse&sit=platea&amet=dictumst&lobortis=etiam&sapien=faucibus&sapien=cursus&non=urna&mi=ut&integer=tellus&ac=nulla&neque=ut&duis=erat&bibendum=id&morbi=mauris&non=vulputate&quam=elementum&nec=nullam&dui=varius&luctus=nulla&rutrum=facilisi&nulla=cras&tellus=non&in=velit&sagittis=nec&dui=nisi&vel=vulputate&nisl=nonummy&duis=maecenas&ac=tincidunt&nibh=lacus&fusce=at&lacus=velit&purus=vivamus&aliquet=vel&at=nulla&feugiat=eget&non=eros&pretium=elementum&quis=pellentesque&lectus=quisque&suspendisse=porta,TRUE
+https://youku.com/etiam/justo/etiam/pretium/iaculis/justo.xml?volutpat=maecenas&quam=tristique&pede=est&lobortis=et&ligula=tempus&sit=semper&amet=est&eleifend=quam&pede=pharetra&libero=magna&quis=ac&orci=consequat&nullam=metus&molestie=sapien&nibh=ut&in=nunc&lectus=vestibulum&pellentesque=ante&at=ipsum&nulla=primis&suspendisse=in&potenti=faucibus&cras=orci&in=luctus&purus=et&eu=ultrices&magna=posuere&vulputate=cubilia&luctus=curae&cum=mauris&sociis=viverra&natoque=diam&penatibus=vitae&et=quam&magnis=suspendisse&dis=potenti,TRUE
+https://amazon.com/quam/nec/dui/luctus/rutrum/nulla/tellus.jsp?sit=potenti&amet=in&turpis=eleifend&elementum=quam&ligula=a&vehicula=odio&consequat=in&morbi=hac&a=habitasse&ipsum=platea&integer=dictumst&a=maecenas&nibh=ut&in=massa&quis=quis&justo=augue&maecenas=luctus&rhoncus=tincidunt&aliquam=nulla&lacus=mollis&morbi=molestie&quis=lorem&tortor=quisque&id=ut&nulla=erat&ultrices=curabitur&aliquet=gravida&maecenas=nisi&leo=at&odio=nibh&condimentum=in&id=hac&luctus=habitasse&nec=platea&molestie=dictumst&sed=aliquam&justo=augue&pellentesque=quam&viverra=sollicitudin&pede=vitae&ac=consectetuer&diam=eget&cras=rutrum&pellentesque=at&volutpat=lorem&dui=integer&maecenas=tincidunt&tristique=ante&est=vel&et=ipsum&tempus=praesent&semper=blandit&est=lacinia&quam=erat&pharetra=vestibulum&magna=sed&ac=magna&consequat=at&metus=nunc&sapien=commodo&ut=placerat&nunc=praesent&vestibulum=blandit&ante=nam&ipsum=nulla&primis=integer&in=pede&faucibus=justo&orci=lacinia&luctus=eget&et=tincidunt&ultrices=eget&posuere=tempus&cubilia=vel&curae=pede&mauris=morbi&viverra=porttitor&diam=lorem&vitae=id&quam=ligula&suspendisse=suspendisse&potenti=ornare&nullam=consequat&porttitor=lectus,TRUE
+http://moonfruit.com/eu/mi.html?rhoncus=libero&dui=quis&vel=orci&sem=nullam&sed=molestie&sagittis=nibh&nam=in&congue=lectus&risus=pellentesque&semper=at&porta=nulla&volutpat=suspendisse&quam=potenti&pede=cras&lobortis=in&ligula=purus&sit=eu&amet=magna&eleifend=vulputate&pede=luctus&libero=cum&quis=sociis&orci=natoque&nullam=penatibus&molestie=et&nibh=magnis&in=dis&lectus=parturient&pellentesque=montes&at=nascetur&nulla=ridiculus&suspendisse=mus&potenti=vivamus&cras=vestibulum&in=sagittis&purus=sapien&eu=cum&magna=sociis&vulputate=natoque&luctus=penatibus&cum=et&sociis=magnis&natoque=dis&penatibus=parturient&et=montes&magnis=nascetur&dis=ridiculus&parturient=mus&montes=etiam&nascetur=vel&ridiculus=augue&mus=vestibulum&vivamus=rutrum&vestibulum=rutrum&sagittis=neque&sapien=aenean&cum=auctor&sociis=gravida&natoque=sem&penatibus=praesent&et=id&magnis=massa&dis=id&parturient=nisl&montes=venenatis&nascetur=lacinia&ridiculus=aenean&mus=sit&etiam=amet&vel=justo&augue=morbi&vestibulum=ut&rutrum=odio&rutrum=cras&neque=mi&aenean=pede&auctor=malesuada&gravida=in&sem=imperdiet&praesent=et&id=commodo&massa=vulputate,TRUE
+http://yellowbook.com/curae/nulla/dapibus/dolor/vel/est.xml?vel=massa&est=donec&donec=dapibus&odio=duis&justo=at&sollicitudin=velit&ut=eu&suscipit=est&a=congue&feugiat=elementum&et=in&eros=hac&vestibulum=habitasse&ac=platea&est=dictumst&lacinia=morbi&nisi=vestibulum&venenatis=velit&tristique=id&fusce=pretium&congue=iaculis&diam=diam&id=erat&ornare=fermentum&imperdiet=justo&sapien=nec&urna=condimentum&pretium=neque&nisl=sapien&ut=placerat&volutpat=ante&sapien=nulla&arcu=justo&sed=aliquam&augue=quis&aliquam=turpis&erat=eget&volutpat=elit&in=sodales&congue=scelerisque&etiam=mauris&justo=sit&etiam=amet&pretium=eros&iaculis=suspendisse&justo=accumsan&in=tortor&hac=quis&habitasse=turpis&platea=sed&dictumst=ante&etiam=vivamus&faucibus=tortor&cursus=duis&urna=mattis&ut=egestas&tellus=metus&nulla=aenean&ut=fermentum&erat=donec&id=ut&mauris=mauris&vulputate=eget&elementum=massa&nullam=tempor&varius=convallis&nulla=nulla&facilisi=neque&cras=libero&non=convallis&velit=eget&nec=eleifend&nisi=luctus&vulputate=ultricies&nonummy=eu&maecenas=nibh&tincidunt=quisque&lacus=id&at=justo&velit=sit&vivamus=amet&vel=sapien&nulla=dignissim,TRUE
+https://google.nl/morbi/non/quam/nec/dui/luctus/rutrum.jsp?dolor=nam&sit=dui&amet=proin&consectetuer=leo,TRUE
+https://nhs.uk/donec/vitae.js?mattis=orci&odio=mauris&donec=lacinia&vitae=sapien&nisi=quis&nam=libero&ultrices=nullam&libero=sit&non=amet&mattis=turpis&pulvinar=elementum&nulla=ligula&pede=vehicula&ullamcorper=consequat&augue=morbi&a=a&suscipit=ipsum&nulla=integer&elit=a&ac=nibh&nulla=in&sed=quis&vel=justo&enim=maecenas&sit=rhoncus&amet=aliquam&nunc=lacus&viverra=morbi&dapibus=quis&nulla=tortor&suscipit=id&ligula=nulla&in=ultrices&lacus=aliquet&curabitur=maecenas&at=leo&ipsum=odio&ac=condimentum&tellus=id&semper=luctus&interdum=nec&mauris=molestie&ullamcorper=sed&purus=justo&sit=pellentesque&amet=viverra&nulla=pede,TRUE
+https://nps.gov/volutpat/quam/pede/lobortis/ligula.aspx?curabitur=ultrices&gravida=erat&nisi=tortor&at=sollicitudin&nibh=mi&in=sit&hac=amet&habitasse=lobortis&platea=sapien&dictumst=sapien&aliquam=non&augue=mi&quam=integer&sollicitudin=ac&vitae=neque&consectetuer=duis&eget=bibendum&rutrum=morbi&at=non&lorem=quam&integer=nec&tincidunt=dui&ante=luctus&vel=rutrum&ipsum=nulla&praesent=tellus&blandit=in&lacinia=sagittis&erat=dui&vestibulum=vel&sed=nisl&magna=duis&at=ac&nunc=nibh&commodo=fusce&placerat=lacus&praesent=purus&blandit=aliquet&nam=at&nulla=feugiat&integer=non&pede=pretium&justo=quis&lacinia=lectus&eget=suspendisse&tincidunt=potenti&eget=in&tempus=eleifend&vel=quam&pede=a&morbi=odio&porttitor=in&lorem=hac&id=habitasse&ligula=platea&suspendisse=dictumst&ornare=maecenas&consequat=ut&lectus=massa&in=quis,TRUE
+https://umich.edu/lobortis/ligula/sit/amet/eleifend/pede.js?id=rutrum&pretium=neque&iaculis=aenean&diam=auctor&erat=gravida&fermentum=sem&justo=praesent&nec=id&condimentum=massa&neque=id&sapien=nisl&placerat=venenatis&ante=lacinia&nulla=aenean&justo=sit,TRUE
+http://goo.ne.jp/quisque/erat.json?fusce=ipsum&posuere=primis&felis=in&sed=faucibus&lacus=orci&morbi=luctus&sem=et&mauris=ultrices&laoreet=posuere&ut=cubilia&rhoncus=curae&aliquet=donec&pulvinar=pharetra&sed=magna&nisl=vestibulum&nunc=aliquet&rhoncus=ultrices&dui=erat&vel=tortor&sem=sollicitudin&sed=mi&sagittis=sit&nam=amet&congue=lobortis&risus=sapien&semper=sapien&porta=non&volutpat=mi&quam=integer&pede=ac&lobortis=neque&ligula=duis&sit=bibendum&amet=morbi&eleifend=non&pede=quam&libero=nec&quis=dui&orci=luctus&nullam=rutrum&molestie=nulla&nibh=tellus&in=in&lectus=sagittis&pellentesque=dui&at=vel&nulla=nisl&suspendisse=duis&potenti=ac&cras=nibh&in=fusce&purus=lacus&eu=purus&magna=aliquet&vulputate=at&luctus=feugiat&cum=non&sociis=pretium,TRUE
+http://free.fr/eget/orci/vehicula.jpg?sollicitudin=venenatis&ut=lacinia&suscipit=aenean&a=sit&feugiat=amet&et=justo&eros=morbi&vestibulum=ut&ac=odio&est=cras&lacinia=mi&nisi=pede&venenatis=malesuada&tristique=in&fusce=imperdiet&congue=et&diam=commodo&id=vulputate&ornare=justo&imperdiet=in&sapien=blandit&urna=ultrices&pretium=enim&nisl=lorem&ut=ipsum&volutpat=dolor&sapien=sit&arcu=amet&sed=consectetuer&augue=adipiscing&aliquam=elit&erat=proin&volutpat=interdum&in=mauris&congue=non&etiam=ligula&justo=pellentesque&etiam=ultrices&pretium=phasellus&iaculis=id&justo=sapien&in=in&hac=sapien&habitasse=iaculis&platea=congue&dictumst=vivamus&etiam=metus&faucibus=arcu&cursus=adipiscing&urna=molestie&ut=hendrerit&tellus=at,TRUE
+http://histats.com/ultrices/posuere/cubilia/curae/mauris/viverra.html?amet=amet&sem=consectetuer&fusce=adipiscing&consequat=elit&nulla=proin&nisl=risus&nunc=praesent&nisl=lectus&duis=vestibulum&bibendum=quam&felis=sapien&sed=varius&interdum=ut&venenatis=blandit&turpis=non&enim=interdum&blandit=in&mi=ante&in=vestibulum&porttitor=ante&pede=ipsum&justo=primis&eu=in&massa=faucibus&donec=orci&dapibus=luctus&duis=et&at=ultrices&velit=posuere&eu=cubilia&est=curae&congue=duis&elementum=faucibus&in=accumsan&hac=odio&habitasse=curabitur&platea=convallis&dictumst=duis&morbi=consequat&vestibulum=dui&velit=nec&id=nisi&pretium=volutpat&iaculis=eleifend&diam=donec&erat=ut&fermentum=dolor&justo=morbi&nec=vel&condimentum=lectus,TRUE
+https://ft.com/semper.js?cubilia=mi&curae=pede&mauris=malesuada&viverra=in&diam=imperdiet&vitae=et&quam=commodo&suspendisse=vulputate&potenti=justo&nullam=in&porttitor=blandit&lacus=ultrices&at=enim&turpis=lorem&donec=ipsum&posuere=dolor&metus=sit&vitae=amet&ipsum=consectetuer&aliquam=adipiscing&non=elit&mauris=proin&morbi=interdum&non=mauris&lectus=non&aliquam=ligula&sit=pellentesque&amet=ultrices&diam=phasellus&in=id&magna=sapien&bibendum=in&imperdiet=sapien&nullam=iaculis&orci=congue&pede=vivamus&venenatis=metus&non=arcu&sodales=adipiscing&sed=molestie&tincidunt=hendrerit&eu=at&felis=vulputate&fusce=vitae&posuere=nisl&felis=aenean&sed=lectus&lacus=pellentesque&morbi=eget&sem=nunc&mauris=donec&laoreet=quis&ut=orci&rhoncus=eget&aliquet=orci&pulvinar=vehicula&sed=condimentum&nisl=curabitur&nunc=in&rhoncus=libero&dui=ut&vel=massa&sem=volutpat&sed=convallis&sagittis=morbi&nam=odio&congue=odio&risus=elementum&semper=eu&porta=interdum&volutpat=eu&quam=tincidunt&pede=in&lobortis=leo&ligula=maecenas&sit=pulvinar&amet=lobortis&eleifend=est&pede=phasellus&libero=sit&quis=amet&orci=erat,TRUE
+https://bloglovin.com/in/hac.html?sit=odio&amet=porttitor&eros=id&suspendisse=consequat&accumsan=in&tortor=consequat&quis=ut&turpis=nulla&sed=sed&ante=accumsan&vivamus=felis&tortor=ut&duis=at&mattis=dolor&egestas=quis&metus=odio&aenean=consequat&fermentum=varius&donec=integer&ut=ac&mauris=leo&eget=pellentesque&massa=ultrices&tempor=mattis&convallis=odio&nulla=donec&neque=vitae&libero=nisi&convallis=nam&eget=ultrices&eleifend=libero&luctus=non&ultricies=mattis&eu=pulvinar&nibh=nulla&quisque=pede&id=ullamcorper&justo=augue&sit=a&amet=suscipit&sapien=nulla&dignissim=elit&vestibulum=ac&vestibulum=nulla&ante=sed&ipsum=vel&primis=enim,TRUE
+https://sbwire.com/mauris.js?duis=id&bibendum=luctus&morbi=nec&non=molestie&quam=sed&nec=justo&dui=pellentesque&luctus=viverra&rutrum=pede&nulla=ac&tellus=diam&in=cras&sagittis=pellentesque&dui=volutpat&vel=dui&nisl=maecenas&duis=tristique&ac=est&nibh=et&fusce=tempus&lacus=semper&purus=est&aliquet=quam&at=pharetra&feugiat=magna&non=ac&pretium=consequat&quis=metus&lectus=sapien&suspendisse=ut&potenti=nunc&in=vestibulum&eleifend=ante&quam=ipsum&a=primis&odio=in,TRUE
+http://eventbrite.com/sagittis/nam/congue/risus.xml?morbi=at&a=feugiat&ipsum=non&integer=pretium&a=quis&nibh=lectus&in=suspendisse&quis=potenti&justo=in&maecenas=eleifend&rhoncus=quam&aliquam=a&lacus=odio&morbi=in,TRUE
+http://usnews.com/libero.aspx?cras=neque&in=duis&purus=bibendum&eu=morbi&magna=non&vulputate=quam&luctus=nec&cum=dui&sociis=luctus&natoque=rutrum&penatibus=nulla&et=tellus&magnis=in&dis=sagittis&parturient=dui&montes=vel&nascetur=nisl&ridiculus=duis&mus=ac&vivamus=nibh&vestibulum=fusce&sagittis=lacus&sapien=purus&cum=aliquet&sociis=at&natoque=feugiat&penatibus=non&et=pretium&magnis=quis&dis=lectus&parturient=suspendisse&montes=potenti&nascetur=in&ridiculus=eleifend&mus=quam&etiam=a&vel=odio&augue=in&vestibulum=hac&rutrum=habitasse&rutrum=platea&neque=dictumst&aenean=maecenas&auctor=ut&gravida=massa&sem=quis&praesent=augue&id=luctus&massa=tincidunt&id=nulla&nisl=mollis&venenatis=molestie&lacinia=lorem&aenean=quisque&sit=ut&amet=erat&justo=curabitur&morbi=gravida&ut=nisi&odio=at,TRUE
+http://biblegateway.com/vulputate/luctus/cum/sociis/natoque/penatibus.json?interdum=orci&eu=mauris&tincidunt=lacinia&in=sapien&leo=quis&maecenas=libero&pulvinar=nullam&lobortis=sit&est=amet&phasellus=turpis&sit=elementum&amet=ligula&erat=vehicula&nulla=consequat&tempus=morbi&vivamus=a&in=ipsum&felis=integer&eu=a&sapien=nibh&cursus=in&vestibulum=quis&proin=justo&eu=maecenas&mi=rhoncus&nulla=aliquam&ac=lacus&enim=morbi&in=quis&tempor=tortor&turpis=id&nec=nulla&euismod=ultrices&scelerisque=aliquet&quam=maecenas&turpis=leo&adipiscing=odio&lorem=condimentum&vitae=id&mattis=luctus&nibh=nec&ligula=molestie&nec=sed&sem=justo&duis=pellentesque&aliquam=viverra&convallis=pede&nunc=ac&proin=diam&at=cras,TRUE
+https://skyrock.com/nulla/suspendisse/potenti.aspx?sit=justo&amet=morbi&erat=ut&nulla=odio&tempus=cras&vivamus=mi&in=pede&felis=malesuada&eu=in&sapien=imperdiet&cursus=et&vestibulum=commodo&proin=vulputate&eu=justo&mi=in&nulla=blandit&ac=ultrices&enim=enim&in=lorem&tempor=ipsum&turpis=dolor&nec=sit&euismod=amet&scelerisque=consectetuer&quam=adipiscing&turpis=elit&adipiscing=proin&lorem=interdum&vitae=mauris&mattis=non&nibh=ligula&ligula=pellentesque&nec=ultrices&sem=phasellus&duis=id&aliquam=sapien&convallis=in&nunc=sapien&proin=iaculis&at=congue&turpis=vivamus&a=metus&pede=arcu&posuere=adipiscing&nonummy=molestie&integer=hendrerit&non=at&velit=vulputate&donec=vitae&diam=nisl&neque=aenean&vestibulum=lectus&eget=pellentesque&vulputate=eget&ut=nunc&ultrices=donec&vel=quis&augue=orci&vestibulum=eget&ante=orci&ipsum=vehicula&primis=condimentum&in=curabitur&faucibus=in&orci=libero&luctus=ut&et=massa&ultrices=volutpat&posuere=convallis&cubilia=morbi&curae=odio,TRUE
+http://craigslist.org/orci/luctus/et.aspx?eget=sagittis&nunc=dui&donec=vel&quis=nisl&orci=duis&eget=ac&orci=nibh&vehicula=fusce&condimentum=lacus&curabitur=purus&in=aliquet&libero=at&ut=feugiat&massa=non&volutpat=pretium&convallis=quis&morbi=lectus&odio=suspendisse&odio=potenti&elementum=in&eu=eleifend&interdum=quam&eu=a&tincidunt=odio&in=in&leo=hac&maecenas=habitasse&pulvinar=platea&lobortis=dictumst&est=maecenas&phasellus=ut&sit=massa&amet=quis&erat=augue&nulla=luctus&tempus=tincidunt&vivamus=nulla&in=mollis&felis=molestie&eu=lorem&sapien=quisque&cursus=ut&vestibulum=erat&proin=curabitur&eu=gravida&mi=nisi&nulla=at&ac=nibh&enim=in&in=hac&tempor=habitasse&turpis=platea&nec=dictumst&euismod=aliquam&scelerisque=augue&quam=quam&turpis=sollicitudin&adipiscing=vitae&lorem=consectetuer&vitae=eget&mattis=rutrum&nibh=at&ligula=lorem&nec=integer&sem=tincidunt&duis=ante&aliquam=vel&convallis=ipsum&nunc=praesent&proin=blandit&at=lacinia&turpis=erat&a=vestibulum,TRUE
+http://redcross.org/aliquet/pulvinar.js?vivamus=sollicitudin&vestibulum=vitae&sagittis=consectetuer&sapien=eget&cum=rutrum&sociis=at&natoque=lorem&penatibus=integer&et=tincidunt&magnis=ante&dis=vel&parturient=ipsum&montes=praesent&nascetur=blandit&ridiculus=lacinia&mus=erat&etiam=vestibulum&vel=sed&augue=magna&vestibulum=at&rutrum=nunc&rutrum=commodo&neque=placerat&aenean=praesent&auctor=blandit&gravida=nam&sem=nulla&praesent=integer&id=pede&massa=justo&id=lacinia&nisl=eget&venenatis=tincidunt&lacinia=eget&aenean=tempus&sit=vel&amet=pede&justo=morbi&morbi=porttitor&ut=lorem&odio=id&cras=ligula&mi=suspendisse&pede=ornare&malesuada=consequat&in=lectus&imperdiet=in&et=est&commodo=risus&vulputate=auctor&justo=sed&in=tristique&blandit=in&ultrices=tempus&enim=sit&lorem=amet&ipsum=sem&dolor=fusce&sit=consequat&amet=nulla&consectetuer=nisl&adipiscing=nunc&elit=nisl&proin=duis&interdum=bibendum&mauris=felis&non=sed&ligula=interdum&pellentesque=venenatis&ultrices=turpis&phasellus=enim&id=blandit&sapien=mi&in=in&sapien=porttitor&iaculis=pede&congue=justo&vivamus=eu&metus=massa&arcu=donec&adipiscing=dapibus&molestie=duis&hendrerit=at&at=velit&vulputate=eu&vitae=est&nisl=congue&aenean=elementum&lectus=in&pellentesque=hac&eget=habitasse&nunc=platea&donec=dictumst&quis=morbi&orci=vestibulum&eget=velit&orci=id&vehicula=pretium&condimentum=iaculis&curabitur=diam,TRUE
+https://cdbaby.com/laoreet/ut/rhoncus/aliquet/pulvinar.xml?aliquam=ipsum&lacus=dolor&morbi=sit&quis=amet&tortor=consectetuer&id=adipiscing&nulla=elit&ultrices=proin&aliquet=risus&maecenas=praesent&leo=lectus&odio=vestibulum&condimentum=quam&id=sapien,TRUE
+http://reddit.com/integer/tincidunt/ante/vel/ipsum/praesent.html?vitae=et&nisi=magnis&nam=dis&ultrices=parturient&libero=montes&non=nascetur&mattis=ridiculus&pulvinar=mus&nulla=vivamus&pede=vestibulum&ullamcorper=sagittis&augue=sapien&a=cum&suscipit=sociis&nulla=natoque&elit=penatibus&ac=et&nulla=magnis&sed=dis&vel=parturient&enim=montes,TRUE
+https://wikispaces.com/magna/bibendum/imperdiet/nullam.json?fermentum=lorem&donec=ipsum&ut=dolor&mauris=sit&eget=amet&massa=consectetuer&tempor=adipiscing&convallis=elit&nulla=proin&neque=risus&libero=praesent&convallis=lectus&eget=vestibulum&eleifend=quam&luctus=sapien&ultricies=varius&eu=ut&nibh=blandit&quisque=non&id=interdum&justo=in&sit=ante&amet=vestibulum&sapien=ante&dignissim=ipsum&vestibulum=primis&vestibulum=in&ante=faucibus&ipsum=orci&primis=luctus&in=et&faucibus=ultrices&orci=posuere&luctus=cubilia&et=curae&ultrices=duis&posuere=faucibus&cubilia=accumsan&curae=odio&nulla=curabitur&dapibus=convallis&dolor=duis&vel=consequat&est=dui&donec=nec&odio=nisi&justo=volutpat&sollicitudin=eleifend&ut=donec&suscipit=ut&a=dolor&feugiat=morbi&et=vel&eros=lectus&vestibulum=in&ac=quam&est=fringilla&lacinia=rhoncus&nisi=mauris&venenatis=enim&tristique=leo&fusce=rhoncus&congue=sed&diam=vestibulum&id=sit&ornare=amet&imperdiet=cursus&sapien=id&urna=turpis&pretium=integer&nisl=aliquet&ut=massa&volutpat=id&sapien=lobortis&arcu=convallis&sed=tortor&augue=risus&aliquam=dapibus&erat=augue&volutpat=vel&in=accumsan&congue=tellus&etiam=nisi&justo=eu&etiam=orci&pretium=mauris&iaculis=lacinia&justo=sapien&in=quis&hac=libero&habitasse=nullam&platea=sit&dictumst=amet&etiam=turpis,TRUE
+http://cyberchimps.com/dolor/sit/amet/consectetuer/adipiscing.aspx?vel=platea&pede=dictumst&morbi=morbi&porttitor=vestibulum&lorem=velit&id=id&ligula=pretium&suspendisse=iaculis&ornare=diam&consequat=erat&lectus=fermentum&in=justo&est=nec&risus=condimentum&auctor=neque&sed=sapien&tristique=placerat&in=ante&tempus=nulla&sit=justo&amet=aliquam&sem=quis&fusce=turpis&consequat=eget&nulla=elit&nisl=sodales&nunc=scelerisque&nisl=mauris&duis=sit&bibendum=amet&felis=eros&sed=suspendisse&interdum=accumsan&venenatis=tortor&turpis=quis&enim=turpis&blandit=sed&mi=ante&in=vivamus&porttitor=tortor&pede=duis&justo=mattis&eu=egestas&massa=metus&donec=aenean&dapibus=fermentum&duis=donec&at=ut&velit=mauris&eu=eget&est=massa&congue=tempor,TRUE
+https://behance.net/sed/augue/aliquam/erat.json?mus=varius&vivamus=integer&vestibulum=ac&sagittis=leo&sapien=pellentesque&cum=ultrices&sociis=mattis&natoque=odio&penatibus=donec&et=vitae&magnis=nisi&dis=nam&parturient=ultrices&montes=libero&nascetur=non&ridiculus=mattis&mus=pulvinar&etiam=nulla&vel=pede&augue=ullamcorper&vestibulum=augue&rutrum=a&rutrum=suscipit&neque=nulla&aenean=elit&auctor=ac&gravida=nulla&sem=sed&praesent=vel&id=enim&massa=sit&id=amet&nisl=nunc,TRUE
+https://economist.com/donec.html?eros=vulputate&viverra=elementum&eget=nullam&congue=varius&eget=nulla&semper=facilisi&rutrum=cras&nulla=non&nunc=velit&purus=nec&phasellus=nisi&in=vulputate&felis=nonummy&donec=maecenas&semper=tincidunt&sapien=lacus&a=at&libero=velit&nam=vivamus&dui=vel&proin=nulla&leo=eget&odio=eros&porttitor=elementum&id=pellentesque&consequat=quisque&in=porta&consequat=volutpat&ut=erat&nulla=quisque&sed=erat&accumsan=eros&felis=viverra&ut=eget&at=congue&dolor=eget&quis=semper&odio=rutrum&consequat=nulla&varius=nunc&integer=purus&ac=phasellus&leo=in&pellentesque=felis&ultrices=donec&mattis=semper&odio=sapien&donec=a&vitae=libero&nisi=nam&nam=dui&ultrices=proin&libero=leo&non=odio&mattis=porttitor&pulvinar=id&nulla=consequat&pede=in&ullamcorper=consequat&augue=ut&a=nulla&suscipit=sed&nulla=accumsan&elit=felis&ac=ut&nulla=at&sed=dolor&vel=quis&enim=odio&sit=consequat&amet=varius&nunc=integer&viverra=ac&dapibus=leo&nulla=pellentesque&suscipit=ultrices&ligula=mattis&in=odio&lacus=donec&curabitur=vitae&at=nisi,TRUE
+https://dmoz.org/aenean/lectus/pellentesque.jpg?bibendum=nam&felis=ultrices&sed=libero&interdum=non&venenatis=mattis&turpis=pulvinar&enim=nulla&blandit=pede&mi=ullamcorper&in=augue&porttitor=a&pede=suscipit&justo=nulla&eu=elit&massa=ac&donec=nulla&dapibus=sed&duis=vel&at=enim&velit=sit&eu=amet&est=nunc,TRUE
+http://bloglovin.com/volutpat/sapien/arcu/sed/augue.jpg?lorem=ut&quisque=dolor&ut=morbi&erat=vel&curabitur=lectus&gravida=in&nisi=quam&at=fringilla&nibh=rhoncus&in=mauris&hac=enim&habitasse=leo&platea=rhoncus&dictumst=sed&aliquam=vestibulum&augue=sit&quam=amet&sollicitudin=cursus,TRUE
+https://tamu.edu/lobortis/sapien.json?rutrum=odio,TRUE
+https://yellowpages.com/curae.jpg?consequat=sagittis&nulla=nam&nisl=congue&nunc=risus&nisl=semper&duis=porta&bibendum=volutpat&felis=quam&sed=pede&interdum=lobortis&venenatis=ligula&turpis=sit&enim=amet&blandit=eleifend&mi=pede&in=libero&porttitor=quis&pede=orci&justo=nullam&eu=molestie&massa=nibh&donec=in&dapibus=lectus&duis=pellentesque&at=at&velit=nulla&eu=suspendisse&est=potenti&congue=cras&elementum=in&in=purus&hac=eu&habitasse=magna&platea=vulputate&dictumst=luctus&morbi=cum&vestibulum=sociis&velit=natoque&id=penatibus&pretium=et&iaculis=magnis&diam=dis&erat=parturient&fermentum=montes&justo=nascetur&nec=ridiculus&condimentum=mus&neque=vivamus&sapien=vestibulum&placerat=sagittis&ante=sapien&nulla=cum&justo=sociis&aliquam=natoque&quis=penatibus&turpis=et&eget=magnis&elit=dis&sodales=parturient&scelerisque=montes&mauris=nascetur&sit=ridiculus&amet=mus&eros=etiam&suspendisse=vel&accumsan=augue&tortor=vestibulum&quis=rutrum&turpis=rutrum&sed=neque&ante=aenean&vivamus=auctor&tortor=gravida&duis=sem&mattis=praesent&egestas=id&metus=massa&aenean=id&fermentum=nisl&donec=venenatis&ut=lacinia&mauris=aenean&eget=sit&massa=amet&tempor=justo&convallis=morbi&nulla=ut&neque=odio&libero=cras&convallis=mi&eget=pede&eleifend=malesuada&luctus=in&ultricies=imperdiet&eu=et&nibh=commodo,TRUE
+http://blog.com/sagittis/sapien/cum/sociis.xml?sapien=enim&varius=in&ut=tempor&blandit=turpis&non=nec&interdum=euismod&in=scelerisque&ante=quam&vestibulum=turpis&ante=adipiscing&ipsum=lorem&primis=vitae&in=mattis&faucibus=nibh&orci=ligula&luctus=nec&et=sem&ultrices=duis&posuere=aliquam&cubilia=convallis&curae=nunc&duis=proin&faucibus=at&accumsan=turpis&odio=a&curabitur=pede&convallis=posuere&duis=nonummy&consequat=integer&dui=non&nec=velit&nisi=donec&volutpat=diam&eleifend=neque,TRUE
+https://dion.ne.jp/curabitur/gravida/nisi/at/nibh/in/hac.js?odio=lacus&consequat=purus&varius=aliquet,TRUE
+http://mlb.com/enim/lorem.html?eget=congue&eros=risus&elementum=semper&pellentesque=porta&quisque=volutpat&porta=quam&volutpat=pede&erat=lobortis&quisque=ligula&erat=sit&eros=amet&viverra=eleifend&eget=pede&congue=libero&eget=quis&semper=orci&rutrum=nullam&nulla=molestie&nunc=nibh&purus=in&phasellus=lectus&in=pellentesque&felis=at&donec=nulla&semper=suspendisse&sapien=potenti&a=cras&libero=in&nam=purus&dui=eu&proin=magna&leo=vulputate&odio=luctus&porttitor=cum&id=sociis&consequat=natoque&in=penatibus&consequat=et&ut=magnis&nulla=dis&sed=parturient&accumsan=montes&felis=nascetur&ut=ridiculus&at=mus&dolor=vivamus&quis=vestibulum&odio=sagittis&consequat=sapien&varius=cum&integer=sociis&ac=natoque&leo=penatibus&pellentesque=et&ultrices=magnis&mattis=dis&odio=parturient&donec=montes&vitae=nascetur&nisi=ridiculus&nam=mus&ultrices=etiam&libero=vel&non=augue&mattis=vestibulum&pulvinar=rutrum&nulla=rutrum&pede=neque&ullamcorper=aenean&augue=auctor&a=gravida&suscipit=sem&nulla=praesent&elit=id&ac=massa&nulla=id&sed=nisl&vel=venenatis&enim=lacinia&sit=aenean&amet=sit,TRUE
+https://booking.com/tellus/nisi.jpg?cubilia=integer&curae=pede&mauris=justo&viverra=lacinia&diam=eget&vitae=tincidunt&quam=eget&suspendisse=tempus&potenti=vel&nullam=pede&porttitor=morbi&lacus=porttitor&at=lorem&turpis=id&donec=ligula&posuere=suspendisse&metus=ornare&vitae=consequat&ipsum=lectus&aliquam=in&non=est&mauris=risus&morbi=auctor&non=sed&lectus=tristique&aliquam=in&sit=tempus&amet=sit&diam=amet&in=sem&magna=fusce&bibendum=consequat&imperdiet=nulla&nullam=nisl&orci=nunc&pede=nisl&venenatis=duis&non=bibendum&sodales=felis&sed=sed&tincidunt=interdum&eu=venenatis&felis=turpis&fusce=enim&posuere=blandit&felis=mi&sed=in&lacus=porttitor&morbi=pede&sem=justo&mauris=eu&laoreet=massa&ut=donec&rhoncus=dapibus&aliquet=duis&pulvinar=at&sed=velit&nisl=eu&nunc=est&rhoncus=congue&dui=elementum&vel=in&sem=hac&sed=habitasse&sagittis=platea&nam=dictumst&congue=morbi&risus=vestibulum,TRUE
+https://netlog.com/vestibulum.xml?fermentum=justo&justo=sollicitudin&nec=ut&condimentum=suscipit&neque=a&sapien=feugiat&placerat=et&ante=eros&nulla=vestibulum&justo=ac&aliquam=est&quis=lacinia&turpis=nisi&eget=venenatis&elit=tristique&sodales=fusce&scelerisque=congue&mauris=diam&sit=id&amet=ornare&eros=imperdiet&suspendisse=sapien&accumsan=urna&tortor=pretium&quis=nisl&turpis=ut&sed=volutpat&ante=sapien&vivamus=arcu&tortor=sed&duis=augue&mattis=aliquam&egestas=erat&metus=volutpat&aenean=in&fermentum=congue&donec=etiam&ut=justo&mauris=etiam&eget=pretium&massa=iaculis&tempor=justo&convallis=in&nulla=hac&neque=habitasse&libero=platea&convallis=dictumst&eget=etiam&eleifend=faucibus&luctus=cursus&ultricies=urna&eu=ut&nibh=tellus&quisque=nulla&id=ut&justo=erat&sit=id&amet=mauris&sapien=vulputate&dignissim=elementum&vestibulum=nullam&vestibulum=varius&ante=nulla&ipsum=facilisi&primis=cras&in=non&faucibus=velit&orci=nec&luctus=nisi&et=vulputate&ultrices=nonummy&posuere=maecenas&cubilia=tincidunt&curae=lacus&nulla=at&dapibus=velit&dolor=vivamus&vel=vel&est=nulla&donec=eget&odio=eros&justo=elementum&sollicitudin=pellentesque&ut=quisque&suscipit=porta,TRUE
+https://thetimes.co.uk/nullam/orci/pede/venenatis/non.html?quis=sed&justo=justo&maecenas=pellentesque&rhoncus=viverra&aliquam=pede&lacus=ac&morbi=diam&quis=cras&tortor=pellentesque&id=volutpat&nulla=dui&ultrices=maecenas&aliquet=tristique&maecenas=est&leo=et&odio=tempus&condimentum=semper&id=est&luctus=quam&nec=pharetra&molestie=magna,TRUE
+https://fotki.com/quam/pharetra/magna/ac/consequat.js?posuere=leo&cubilia=odio&curae=porttitor&mauris=id&viverra=consequat&diam=in&vitae=consequat&quam=ut&suspendisse=nulla&potenti=sed&nullam=accumsan&porttitor=felis&lacus=ut&at=at&turpis=dolor&donec=quis&posuere=odio&metus=consequat&vitae=varius&ipsum=integer&aliquam=ac&non=leo&mauris=pellentesque&morbi=ultrices&non=mattis&lectus=odio&aliquam=donec&sit=vitae&amet=nisi&diam=nam&in=ultrices&magna=libero&bibendum=non&imperdiet=mattis&nullam=pulvinar&orci=nulla&pede=pede&venenatis=ullamcorper&non=augue&sodales=a&sed=suscipit&tincidunt=nulla&eu=elit&felis=ac&fusce=nulla&posuere=sed&felis=vel&sed=enim&lacus=sit,TRUE
+http://icq.com/quis/orci/eget/orci.jpg?aliquet=eget&pulvinar=tempus&sed=vel&nisl=pede&nunc=morbi&rhoncus=porttitor&dui=lorem&vel=id&sem=ligula&sed=suspendisse&sagittis=ornare&nam=consequat&congue=lectus&risus=in&semper=est&porta=risus&volutpat=auctor&quam=sed&pede=tristique&lobortis=in&ligula=tempus&sit=sit&amet=amet&eleifend=sem,TRUE
+http://slideshare.net/mi/nulla/ac/enim/in/tempor.aspx?pede=dapibus&venenatis=dolor&non=vel&sodales=est&sed=donec&tincidunt=odio&eu=justo&felis=sollicitudin&fusce=ut&posuere=suscipit&felis=a&sed=feugiat&lacus=et&morbi=eros&sem=vestibulum&mauris=ac&laoreet=est&ut=lacinia&rhoncus=nisi&aliquet=venenatis&pulvinar=tristique&sed=fusce&nisl=congue&nunc=diam&rhoncus=id&dui=ornare&vel=imperdiet&sem=sapien&sed=urna&sagittis=pretium&nam=nisl&congue=ut&risus=volutpat&semper=sapien&porta=arcu&volutpat=sed&quam=augue&pede=aliquam&lobortis=erat&ligula=volutpat&sit=in&amet=congue&eleifend=etiam&pede=justo&libero=etiam&quis=pretium&orci=iaculis&nullam=justo&molestie=in&nibh=hac&in=habitasse&lectus=platea&pellentesque=dictumst&at=etiam&nulla=faucibus,TRUE
+http://4shared.com/aenean/sit/amet/justo.html?ante=id&vel=nisl&ipsum=venenatis&praesent=lacinia&blandit=aenean&lacinia=sit&erat=amet&vestibulum=justo&sed=morbi&magna=ut&at=odio&nunc=cras&commodo=mi&placerat=pede&praesent=malesuada&blandit=in&nam=imperdiet&nulla=et&integer=commodo&pede=vulputate&justo=justo&lacinia=in&eget=blandit&tincidunt=ultrices&eget=enim&tempus=lorem&vel=ipsum&pede=dolor&morbi=sit&porttitor=amet&lorem=consectetuer&id=adipiscing&ligula=elit&suspendisse=proin&ornare=interdum&consequat=mauris&lectus=non&in=ligula&est=pellentesque&risus=ultrices&auctor=phasellus&sed=id&tristique=sapien&in=in&tempus=sapien&sit=iaculis&amet=congue&sem=vivamus&fusce=metus&consequat=arcu,TRUE
+https://canalblog.com/aliquam/convallis/nunc/proin/at.json?risus=platea&praesent=dictumst&lectus=etiam&vestibulum=faucibus&quam=cursus&sapien=urna&varius=ut&ut=tellus&blandit=nulla&non=ut&interdum=erat&in=id&ante=mauris&vestibulum=vulputate&ante=elementum&ipsum=nullam&primis=varius,TRUE
+http://51.la/eu/orci/mauris/lacinia.html?convallis=amet&eget=lobortis&eleifend=sapien&luctus=sapien&ultricies=non&eu=mi&nibh=integer&quisque=ac&id=neque&justo=duis&sit=bibendum&amet=morbi&sapien=non&dignissim=quam&vestibulum=nec&vestibulum=dui&ante=luctus&ipsum=rutrum&primis=nulla&in=tellus&faucibus=in&orci=sagittis&luctus=dui&et=vel&ultrices=nisl&posuere=duis&cubilia=ac&curae=nibh&nulla=fusce&dapibus=lacus&dolor=purus&vel=aliquet&est=at&donec=feugiat&odio=non&justo=pretium&sollicitudin=quis&ut=lectus&suscipit=suspendisse&a=potenti&feugiat=in&et=eleifend&eros=quam&vestibulum=a&ac=odio&est=in&lacinia=hac&nisi=habitasse&venenatis=platea&tristique=dictumst&fusce=maecenas&congue=ut&diam=massa&id=quis&ornare=augue&imperdiet=luctus&sapien=tincidunt,TRUE
+https://psu.edu/nulla/integer/pede/justo/lacinia/eget/tincidunt.jpg?non=blandit&velit=nam&donec=nulla&diam=integer&neque=pede&vestibulum=justo&eget=lacinia&vulputate=eget&ut=tincidunt&ultrices=eget&vel=tempus&augue=vel&vestibulum=pede&ante=morbi&ipsum=porttitor&primis=lorem&in=id&faucibus=ligula&orci=suspendisse&luctus=ornare&et=consequat&ultrices=lectus&posuere=in&cubilia=est&curae=risus&donec=auctor&pharetra=sed&magna=tristique&vestibulum=in&aliquet=tempus&ultrices=sit&erat=amet&tortor=sem&sollicitudin=fusce&mi=consequat&sit=nulla&amet=nisl&lobortis=nunc&sapien=nisl&sapien=duis&non=bibendum&mi=felis&integer=sed&ac=interdum&neque=venenatis&duis=turpis&bibendum=enim&morbi=blandit&non=mi&quam=in&nec=porttitor&dui=pede&luctus=justo&rutrum=eu&nulla=massa&tellus=donec&in=dapibus&sagittis=duis&dui=at&vel=velit&nisl=eu&duis=est&ac=congue&nibh=elementum&fusce=in&lacus=hac&purus=habitasse&aliquet=platea&at=dictumst&feugiat=morbi&non=vestibulum&pretium=velit&quis=id&lectus=pretium&suspendisse=iaculis&potenti=diam&in=erat&eleifend=fermentum&quam=justo&a=nec&odio=condimentum&in=neque&hac=sapien&habitasse=placerat,TRUE
+http://networksolutions.com/in/hac/habitasse/platea/dictumst/morbi/vestibulum.jsp?eget=morbi&tincidunt=porttitor&eget=lorem&tempus=id&vel=ligula&pede=suspendisse&morbi=ornare&porttitor=consequat&lorem=lectus&id=in&ligula=est&suspendisse=risus&ornare=auctor&consequat=sed&lectus=tristique&in=in&est=tempus&risus=sit&auctor=amet&sed=sem&tristique=fusce&in=consequat&tempus=nulla&sit=nisl&amet=nunc&sem=nisl&fusce=duis&consequat=bibendum&nulla=felis&nisl=sed&nunc=interdum&nisl=venenatis&duis=turpis&bibendum=enim&felis=blandit&sed=mi&interdum=in&venenatis=porttitor&turpis=pede&enim=justo&blandit=eu&mi=massa&in=donec&porttitor=dapibus&pede=duis&justo=at&eu=velit&massa=eu&donec=est&dapibus=congue&duis=elementum&at=in&velit=hac&eu=habitasse&est=platea&congue=dictumst&elementum=morbi&in=vestibulum&hac=velit&habitasse=id&platea=pretium&dictumst=iaculis&morbi=diam&vestibulum=erat&velit=fermentum&id=justo&pretium=nec&iaculis=condimentum&diam=neque&erat=sapien&fermentum=placerat&justo=ante&nec=nulla&condimentum=justo&neque=aliquam&sapien=quis&placerat=turpis&ante=eget&nulla=elit&justo=sodales&aliquam=scelerisque&quis=mauris,TRUE
+https://nifty.com/vestibulum/sit/amet/cursus.html?ipsum=eu&integer=sapien&a=cursus&nibh=vestibulum&in=proin&quis=eu&justo=mi&maecenas=nulla&rhoncus=ac&aliquam=enim&lacus=in&morbi=tempor&quis=turpis&tortor=nec&id=euismod&nulla=scelerisque&ultrices=quam&aliquet=turpis&maecenas=adipiscing&leo=lorem&odio=vitae&condimentum=mattis&id=nibh&luctus=ligula&nec=nec&molestie=sem&sed=duis&justo=aliquam&pellentesque=convallis&viverra=nunc&pede=proin&ac=at&diam=turpis&cras=a&pellentesque=pede&volutpat=posuere&dui=nonummy&maecenas=integer&tristique=non&est=velit&et=donec&tempus=diam&semper=neque&est=vestibulum&quam=eget&pharetra=vulputate&magna=ut,TRUE
+http://networkadvertising.org/neque/sapien/placerat/ante.xml?nulla=viverra&mollis=eget&molestie=congue&lorem=eget&quisque=semper&ut=rutrum&erat=nulla&curabitur=nunc&gravida=purus&nisi=phasellus&at=in&nibh=felis&in=donec&hac=semper&habitasse=sapien&platea=a&dictumst=libero&aliquam=nam&augue=dui&quam=proin&sollicitudin=leo&vitae=odio&consectetuer=porttitor&eget=id&rutrum=consequat&at=in&lorem=consequat&integer=ut&tincidunt=nulla&ante=sed&vel=accumsan&ipsum=felis&praesent=ut&blandit=at&lacinia=dolor&erat=quis&vestibulum=odio&sed=consequat&magna=varius&at=integer&nunc=ac&commodo=leo&placerat=pellentesque&praesent=ultrices&blandit=mattis&nam=odio&nulla=donec&integer=vitae&pede=nisi&justo=nam&lacinia=ultrices&eget=libero&tincidunt=non&eget=mattis&tempus=pulvinar&vel=nulla&pede=pede&morbi=ullamcorper&porttitor=augue&lorem=a&id=suscipit&ligula=nulla&suspendisse=elit&ornare=ac&consequat=nulla&lectus=sed&in=vel&est=enim&risus=sit&auctor=amet&sed=nunc&tristique=viverra&in=dapibus&tempus=nulla&sit=suscipit&amet=ligula&sem=in&fusce=lacus&consequat=curabitur&nulla=at&nisl=ipsum&nunc=ac&nisl=tellus&duis=semper&bibendum=interdum&felis=mauris&sed=ullamcorper&interdum=purus&venenatis=sit&turpis=amet&enim=nulla&blandit=quisque&mi=arcu&in=libero&porttitor=rutrum&pede=ac,TRUE
+https://fotki.com/dui/vel/sem/sed/sagittis.json?nisl=enim&nunc=blandit&nisl=mi&duis=in&bibendum=porttitor&felis=pede&sed=justo&interdum=eu&venenatis=massa&turpis=donec&enim=dapibus&blandit=duis&mi=at&in=velit&porttitor=eu&pede=est&justo=congue&eu=elementum&massa=in&donec=hac&dapibus=habitasse&duis=platea&at=dictumst&velit=morbi&eu=vestibulum&est=velit&congue=id&elementum=pretium&in=iaculis&hac=diam&habitasse=erat&platea=fermentum&dictumst=justo,TRUE
+http://ehow.com/ut/erat.aspx?sit=augue&amet=aliquam,TRUE
+http://yahoo.co.jp/nisi/volutpat/eleifend.jpg?eget=quam&nunc=suspendisse&donec=potenti&quis=nullam&orci=porttitor&eget=lacus&orci=at&vehicula=turpis&condimentum=donec&curabitur=posuere&in=metus&libero=vitae&ut=ipsum&massa=aliquam&volutpat=non&convallis=mauris&morbi=morbi&odio=non&odio=lectus&elementum=aliquam&eu=sit&interdum=amet&eu=diam&tincidunt=in&in=magna&leo=bibendum&maecenas=imperdiet&pulvinar=nullam&lobortis=orci&est=pede&phasellus=venenatis&sit=non&amet=sodales&erat=sed&nulla=tincidunt&tempus=eu&vivamus=felis&in=fusce&felis=posuere&eu=felis&sapien=sed&cursus=lacus&vestibulum=morbi&proin=sem&eu=mauris&mi=laoreet&nulla=ut&ac=rhoncus&enim=aliquet&in=pulvinar&tempor=sed&turpis=nisl&nec=nunc&euismod=rhoncus&scelerisque=dui&quam=vel&turpis=sem&adipiscing=sed&lorem=sagittis&vitae=nam&mattis=congue&nibh=risus&ligula=semper&nec=porta&sem=volutpat&duis=quam&aliquam=pede&convallis=lobortis&nunc=ligula&proin=sit&at=amet&turpis=eleifend&a=pede,TRUE
+https://amazon.de/a/suscipit/nulla.jpg?malesuada=cubilia&in=curae&imperdiet=donec&et=pharetra&commodo=magna&vulputate=vestibulum&justo=aliquet&in=ultrices&blandit=erat&ultrices=tortor&enim=sollicitudin&lorem=mi&ipsum=sit&dolor=amet&sit=lobortis,TRUE
+https://flickr.com/id/ligula/suspendisse/ornare/consequat.aspx?scelerisque=proin&quam=eu&turpis=mi&adipiscing=nulla&lorem=ac&vitae=enim&mattis=in&nibh=tempor&ligula=turpis&nec=nec&sem=euismod&duis=scelerisque&aliquam=quam&convallis=turpis&nunc=adipiscing&proin=lorem&at=vitae&turpis=mattis&a=nibh&pede=ligula&posuere=nec&nonummy=sem&integer=duis&non=aliquam&velit=convallis&donec=nunc&diam=proin&neque=at&vestibulum=turpis&eget=a&vulputate=pede&ut=posuere&ultrices=nonummy&vel=integer&augue=non&vestibulum=velit&ante=donec&ipsum=diam&primis=neque&in=vestibulum,TRUE
+https://state.gov/libero/ut/massa.js?in=sapien&porttitor=varius&pede=ut&justo=blandit&eu=non&massa=interdum&donec=in&dapibus=ante&duis=vestibulum&at=ante&velit=ipsum&eu=primis&est=in&congue=faucibus&elementum=orci&in=luctus&hac=et&habitasse=ultrices&platea=posuere&dictumst=cubilia&morbi=curae&vestibulum=duis&velit=faucibus&id=accumsan&pretium=odio&iaculis=curabitur&diam=convallis&erat=duis&fermentum=consequat&justo=dui&nec=nec&condimentum=nisi&neque=volutpat&sapien=eleifend&placerat=donec&ante=ut&nulla=dolor&justo=morbi&aliquam=vel&quis=lectus&turpis=in&eget=quam&elit=fringilla&sodales=rhoncus&scelerisque=mauris&mauris=enim&sit=leo&amet=rhoncus&eros=sed&suspendisse=vestibulum&accumsan=sit&tortor=amet&quis=cursus&turpis=id&sed=turpis,TRUE
+https://storify.com/vel/ipsum/praesent/blandit/lacinia/erat/vestibulum.xml?aliquam=consequat&convallis=morbi&nunc=a&proin=ipsum&at=integer&turpis=a&a=nibh&pede=in&posuere=quis&nonummy=justo&integer=maecenas&non=rhoncus&velit=aliquam&donec=lacus&diam=morbi&neque=quis&vestibulum=tortor&eget=id&vulputate=nulla&ut=ultrices&ultrices=aliquet&vel=maecenas&augue=leo&vestibulum=odio&ante=condimentum&ipsum=id&primis=luctus&in=nec&faucibus=molestie&orci=sed&luctus=justo&et=pellentesque&ultrices=viverra&posuere=pede&cubilia=ac&curae=diam&donec=cras&pharetra=pellentesque&magna=volutpat&vestibulum=dui&aliquet=maecenas&ultrices=tristique&erat=est&tortor=et&sollicitudin=tempus&mi=semper&sit=est&amet=quam&lobortis=pharetra&sapien=magna&sapien=ac&non=consequat&mi=metus&integer=sapien&ac=ut&neque=nunc&duis=vestibulum&bibendum=ante&morbi=ipsum&non=primis&quam=in&nec=faucibus&dui=orci&luctus=luctus&rutrum=et&nulla=ultrices,TRUE
+https://cargocollective.com/eget/congue/eget/semper/rutrum/nulla.jpg?interdum=justo&in=sit&ante=amet&vestibulum=sapien&ante=dignissim&ipsum=vestibulum&primis=vestibulum&in=ante&faucibus=ipsum&orci=primis&luctus=in&et=faucibus&ultrices=orci&posuere=luctus&cubilia=et&curae=ultrices&duis=posuere&faucibus=cubilia&accumsan=curae&odio=nulla&curabitur=dapibus&convallis=dolor&duis=vel&consequat=est&dui=donec&nec=odio&nisi=justo&volutpat=sollicitudin&eleifend=ut&donec=suscipit&ut=a&dolor=feugiat&morbi=et&vel=eros&lectus=vestibulum&in=ac&quam=est&fringilla=lacinia&rhoncus=nisi&mauris=venenatis&enim=tristique&leo=fusce&rhoncus=congue&sed=diam,TRUE
+http://usgs.gov/ligula/sit/amet/eleifend.json?molestie=nulla&hendrerit=justo&at=aliquam&vulputate=quis&vitae=turpis&nisl=eget&aenean=elit&lectus=sodales&pellentesque=scelerisque&eget=mauris&nunc=sit&donec=amet&quis=eros&orci=suspendisse&eget=accumsan&orci=tortor&vehicula=quis&condimentum=turpis&curabitur=sed&in=ante&libero=vivamus&ut=tortor&massa=duis&volutpat=mattis&convallis=egestas&morbi=metus&odio=aenean&odio=fermentum&elementum=donec&eu=ut,TRUE
+https://list-manage.com/nisl/ut/volutpat/sapien.json?nulla=nisi&integer=eu&pede=orci&justo=mauris&lacinia=lacinia&eget=sapien&tincidunt=quis&eget=libero&tempus=nullam&vel=sit&pede=amet&morbi=turpis&porttitor=elementum&lorem=ligula&id=vehicula&ligula=consequat&suspendisse=morbi&ornare=a&consequat=ipsum&lectus=integer&in=a&est=nibh&risus=in&auctor=quis&sed=justo&tristique=maecenas&in=rhoncus&tempus=aliquam&sit=lacus&amet=morbi&sem=quis&fusce=tortor&consequat=id&nulla=nulla&nisl=ultrices&nunc=aliquet&nisl=maecenas&duis=leo&bibendum=odio&felis=condimentum&sed=id&interdum=luctus&venenatis=nec&turpis=molestie&enim=sed&blandit=justo,TRUE
+http://tumblr.com/ligula/sit.jsp?molestie=vestibulum&nibh=velit&in=id&lectus=pretium&pellentesque=iaculis&at=diam&nulla=erat&suspendisse=fermentum&potenti=justo&cras=nec&in=condimentum&purus=neque&eu=sapien&magna=placerat&vulputate=ante&luctus=nulla&cum=justo&sociis=aliquam&natoque=quis&penatibus=turpis&et=eget&magnis=elit&dis=sodales&parturient=scelerisque&montes=mauris&nascetur=sit&ridiculus=amet&mus=eros&vivamus=suspendisse&vestibulum=accumsan&sagittis=tortor&sapien=quis&cum=turpis&sociis=sed&natoque=ante&penatibus=vivamus&et=tortor&magnis=duis&dis=mattis&parturient=egestas&montes=metus&nascetur=aenean&ridiculus=fermentum&mus=donec&etiam=ut&vel=mauris&augue=eget&vestibulum=massa&rutrum=tempor&rutrum=convallis&neque=nulla&aenean=neque&auctor=libero&gravida=convallis&sem=eget&praesent=eleifend&id=luctus&massa=ultricies&id=eu&nisl=nibh&venenatis=quisque&lacinia=id&aenean=justo&sit=sit&amet=amet&justo=sapien&morbi=dignissim&ut=vestibulum&odio=vestibulum&cras=ante,TRUE
+https://t-online.de/quisque/id.aspx?suspendisse=erat&ornare=volutpat&consequat=in&lectus=congue&in=etiam&est=justo&risus=etiam&auctor=pretium&sed=iaculis&tristique=justo&in=in&tempus=hac&sit=habitasse&amet=platea&sem=dictumst&fusce=etiam&consequat=faucibus&nulla=cursus&nisl=urna&nunc=ut&nisl=tellus&duis=nulla&bibendum=ut&felis=erat&sed=id&interdum=mauris&venenatis=vulputate&turpis=elementum&enim=nullam&blandit=varius&mi=nulla&in=facilisi&porttitor=cras&pede=non&justo=velit,TRUE
+https://over-blog.com/eu/felis/fusce/posuere/felis/sed/lacus.html?cursus=habitasse&urna=platea&ut=dictumst&tellus=etiam&nulla=faucibus&ut=cursus&erat=urna&id=ut&mauris=tellus&vulputate=nulla&elementum=ut&nullam=erat&varius=id&nulla=mauris&facilisi=vulputate&cras=elementum&non=nullam&velit=varius&nec=nulla&nisi=facilisi&vulputate=cras&nonummy=non&maecenas=velit&tincidunt=nec&lacus=nisi&at=vulputate&velit=nonummy&vivamus=maecenas&vel=tincidunt&nulla=lacus&eget=at&eros=velit&elementum=vivamus&pellentesque=vel&quisque=nulla&porta=eget&volutpat=eros&erat=elementum&quisque=pellentesque&erat=quisque&eros=porta&viverra=volutpat&eget=erat&congue=quisque&eget=erat&semper=eros&rutrum=viverra&nulla=eget&nunc=congue&purus=eget&phasellus=semper&in=rutrum&felis=nulla&donec=nunc&semper=purus&sapien=phasellus&a=in&libero=felis&nam=donec&dui=semper&proin=sapien&leo=a&odio=libero&porttitor=nam&id=dui&consequat=proin&in=leo&consequat=odio&ut=porttitor&nulla=id&sed=consequat&accumsan=in&felis=consequat&ut=ut&at=nulla&dolor=sed&quis=accumsan&odio=felis&consequat=ut&varius=at&integer=dolor&ac=quis&leo=odio&pellentesque=consequat&ultrices=varius&mattis=integer&odio=ac&donec=leo&vitae=pellentesque&nisi=ultrices&nam=mattis&ultrices=odio&libero=donec&non=vitae&mattis=nisi&pulvinar=nam&nulla=ultrices&pede=libero,TRUE
+http://trellian.com/ut.png?vestibulum=neque&ante=duis&ipsum=bibendum&primis=morbi&in=non&faucibus=quam&orci=nec&luctus=dui&et=luctus&ultrices=rutrum&posuere=nulla&cubilia=tellus&curae=in&duis=sagittis&faucibus=dui&accumsan=vel&odio=nisl&curabitur=duis&convallis=ac&duis=nibh&consequat=fusce&dui=lacus&nec=purus&nisi=aliquet&volutpat=at&eleifend=feugiat&donec=non&ut=pretium&dolor=quis&morbi=lectus&vel=suspendisse&lectus=potenti&in=in&quam=eleifend&fringilla=quam&rhoncus=a&mauris=odio&enim=in&leo=hac&rhoncus=habitasse&sed=platea&vestibulum=dictumst&sit=maecenas&amet=ut&cursus=massa&id=quis&turpis=augue&integer=luctus&aliquet=tincidunt&massa=nulla&id=mollis&lobortis=molestie&convallis=lorem&tortor=quisque&risus=ut&dapibus=erat&augue=curabitur&vel=gravida&accumsan=nisi&tellus=at&nisi=nibh&eu=in&orci=hac&mauris=habitasse&lacinia=platea&sapien=dictumst&quis=aliquam,TRUE
+https://pcworld.com/tincidunt.aspx?vel=at&pede=lorem&morbi=integer&porttitor=tincidunt&lorem=ante&id=vel&ligula=ipsum&suspendisse=praesent&ornare=blandit&consequat=lacinia&lectus=erat&in=vestibulum&est=sed&risus=magna&auctor=at&sed=nunc&tristique=commodo&in=placerat&tempus=praesent&sit=blandit&amet=nam&sem=nulla&fusce=integer&consequat=pede&nulla=justo&nisl=lacinia&nunc=eget&nisl=tincidunt&duis=eget&bibendum=tempus&felis=vel&sed=pede&interdum=morbi&venenatis=porttitor&turpis=lorem&enim=id&blandit=ligula&mi=suspendisse&in=ornare&porttitor=consequat&pede=lectus&justo=in&eu=est&massa=risus&donec=auctor&dapibus=sed&duis=tristique&at=in&velit=tempus&eu=sit,TRUE
+http://discovery.com/convallis/tortor/risus/dapibus/augue.jsp?cras=elementum&non=pellentesque&velit=quisque&nec=porta&nisi=volutpat&vulputate=erat&nonummy=quisque&maecenas=erat&tincidunt=eros&lacus=viverra&at=eget&velit=congue&vivamus=eget&vel=semper&nulla=rutrum&eget=nulla&eros=nunc&elementum=purus&pellentesque=phasellus&quisque=in&porta=felis&volutpat=donec&erat=semper&quisque=sapien&erat=a&eros=libero&viverra=nam&eget=dui&congue=proin&eget=leo&semper=odio&rutrum=porttitor&nulla=id&nunc=consequat&purus=in&phasellus=consequat&in=ut&felis=nulla&donec=sed&semper=accumsan&sapien=felis&a=ut&libero=at&nam=dolor&dui=quis&proin=odio&leo=consequat&odio=varius&porttitor=integer&id=ac&consequat=leo&in=pellentesque&consequat=ultrices&ut=mattis&nulla=odio&sed=donec&accumsan=vitae&felis=nisi&ut=nam&at=ultrices&dolor=libero&quis=non&odio=mattis&consequat=pulvinar&varius=nulla&integer=pede&ac=ullamcorper&leo=augue&pellentesque=a&ultrices=suscipit&mattis=nulla&odio=elit&donec=ac,TRUE
+https://cdc.gov/tempor.xml?lectus=luctus&suspendisse=et&potenti=ultrices&in=posuere&eleifend=cubilia&quam=curae&a=donec&odio=pharetra&in=magna&hac=vestibulum&habitasse=aliquet&platea=ultrices&dictumst=erat&maecenas=tortor&ut=sollicitudin&massa=mi&quis=sit&augue=amet&luctus=lobortis&tincidunt=sapien&nulla=sapien&mollis=non&molestie=mi&lorem=integer&quisque=ac&ut=neque&erat=duis&curabitur=bibendum&gravida=morbi&nisi=non&at=quam&nibh=nec&in=dui&hac=luctus&habitasse=rutrum&platea=nulla&dictumst=tellus&aliquam=in&augue=sagittis&quam=dui&sollicitudin=vel&vitae=nisl&consectetuer=duis&eget=ac&rutrum=nibh&at=fusce&lorem=lacus&integer=purus&tincidunt=aliquet&ante=at&vel=feugiat&ipsum=non&praesent=pretium&blandit=quis&lacinia=lectus&erat=suspendisse&vestibulum=potenti&sed=in&magna=eleifend&at=quam&nunc=a&commodo=odio&placerat=in&praesent=hac&blandit=habitasse&nam=platea&nulla=dictumst&integer=maecenas&pede=ut&justo=massa&lacinia=quis&eget=augue&tincidunt=luctus&eget=tincidunt&tempus=nulla&vel=mollis&pede=molestie&morbi=lorem,TRUE
+https://ovh.net/enim/lorem/ipsum.js?tincidunt=non&eu=sodales&felis=sed&fusce=tincidunt&posuere=eu&felis=felis&sed=fusce,TRUE
+https://yahoo.co.jp/quis/lectus/suspendisse/potenti/in/eleifend/quam.jpg?diam=sit&neque=amet&vestibulum=eros&eget=suspendisse&vulputate=accumsan&ut=tortor&ultrices=quis&vel=turpis&augue=sed&vestibulum=ante&ante=vivamus&ipsum=tortor&primis=duis&in=mattis&faucibus=egestas&orci=metus&luctus=aenean&et=fermentum&ultrices=donec&posuere=ut&cubilia=mauris&curae=eget&donec=massa&pharetra=tempor&magna=convallis&vestibulum=nulla&aliquet=neque&ultrices=libero&erat=convallis&tortor=eget&sollicitudin=eleifend&mi=luctus&sit=ultricies&amet=eu&lobortis=nibh&sapien=quisque&sapien=id&non=justo&mi=sit&integer=amet&ac=sapien&neque=dignissim&duis=vestibulum&bibendum=vestibulum&morbi=ante&non=ipsum&quam=primis&nec=in&dui=faucibus&luctus=orci&rutrum=luctus&nulla=et&tellus=ultrices&in=posuere&sagittis=cubilia&dui=curae&vel=nulla&nisl=dapibus&duis=dolor&ac=vel&nibh=est&fusce=donec&lacus=odio&purus=justo&aliquet=sollicitudin&at=ut&feugiat=suscipit&non=a&pretium=feugiat&quis=et&lectus=eros&suspendisse=vestibulum&potenti=ac&in=est&eleifend=lacinia&quam=nisi&a=venenatis,TRUE
+https://jugem.jp/eu/tincidunt/in.aspx?ornare=fusce&imperdiet=lacus&sapien=purus&urna=aliquet&pretium=at&nisl=feugiat&ut=non&volutpat=pretium&sapien=quis&arcu=lectus&sed=suspendisse&augue=potenti&aliquam=in&erat=eleifend&volutpat=quam&in=a&congue=odio&etiam=in&justo=hac&etiam=habitasse&pretium=platea&iaculis=dictumst&justo=maecenas&in=ut&hac=massa&habitasse=quis&platea=augue&dictumst=luctus&etiam=tincidunt&faucibus=nulla&cursus=mollis&urna=molestie&ut=lorem&tellus=quisque&nulla=ut&ut=erat&erat=curabitur&id=gravida&mauris=nisi&vulputate=at&elementum=nibh&nullam=in&varius=hac&nulla=habitasse&facilisi=platea&cras=dictumst&non=aliquam&velit=augue&nec=quam&nisi=sollicitudin&vulputate=vitae&nonummy=consectetuer&maecenas=eget&tincidunt=rutrum&lacus=at&at=lorem&velit=integer&vivamus=tincidunt&vel=ante&nulla=vel,TRUE
+https://cyberchimps.com/sed/augue/aliquam/erat/volutpat/in/congue.png?suspendisse=adipiscing&ornare=lorem&consequat=vitae&lectus=mattis&in=nibh,TRUE
+https://studiopress.com/phasellus/in/felis.aspx?lorem=turpis&integer=enim&tincidunt=blandit&ante=mi&vel=in&ipsum=porttitor&praesent=pede&blandit=justo&lacinia=eu&erat=massa&vestibulum=donec&sed=dapibus&magna=duis&at=at&nunc=velit&commodo=eu&placerat=est&praesent=congue&blandit=elementum&nam=in,TRUE
+https://yellowbook.com/suspendisse.xml?libero=mi&quis=integer&orci=ac&nullam=neque&molestie=duis&nibh=bibendum&in=morbi&lectus=non&pellentesque=quam&at=nec&nulla=dui&suspendisse=luctus&potenti=rutrum&cras=nulla&in=tellus&purus=in&eu=sagittis&magna=dui&vulputate=vel&luctus=nisl,TRUE
+http://washington.edu/tincidunt/nulla/mollis/molestie/lorem/quisque.json?molestie=blandit&hendrerit=lacinia&at=erat&vulputate=vestibulum&vitae=sed&nisl=magna&aenean=at&lectus=nunc&pellentesque=commodo&eget=placerat&nunc=praesent&donec=blandit&quis=nam&orci=nulla&eget=integer&orci=pede&vehicula=justo&condimentum=lacinia&curabitur=eget&in=tincidunt&libero=eget&ut=tempus&massa=vel&volutpat=pede&convallis=morbi&morbi=porttitor&odio=lorem&odio=id&elementum=ligula&eu=suspendisse&interdum=ornare&eu=consequat&tincidunt=lectus&in=in&leo=est&maecenas=risus&pulvinar=auctor&lobortis=sed&est=tristique&phasellus=in&sit=tempus&amet=sit&erat=amet&nulla=sem&tempus=fusce&vivamus=consequat&in=nulla&felis=nisl&eu=nunc&sapien=nisl&cursus=duis&vestibulum=bibendum&proin=felis&eu=sed&mi=interdum&nulla=venenatis&ac=turpis&enim=enim&in=blandit&tempor=mi&turpis=in&nec=porttitor&euismod=pede&scelerisque=justo&quam=eu&turpis=massa&adipiscing=donec&lorem=dapibus&vitae=duis&mattis=at&nibh=velit&ligula=eu&nec=est&sem=congue&duis=elementum&aliquam=in&convallis=hac&nunc=habitasse&proin=platea&at=dictumst&turpis=morbi&a=vestibulum&pede=velit&posuere=id&nonummy=pretium&integer=iaculis&non=diam&velit=erat&donec=fermentum&diam=justo,TRUE
+https://nationalgeographic.com/dapibus.png?eu=commodo&interdum=vulputate&eu=justo&tincidunt=in&in=blandit&leo=ultrices&maecenas=enim&pulvinar=lorem&lobortis=ipsum&est=dolor&phasellus=sit&sit=amet&amet=consectetuer&erat=adipiscing&nulla=elit&tempus=proin&vivamus=interdum&in=mauris&felis=non&eu=ligula&sapien=pellentesque&cursus=ultrices&vestibulum=phasellus&proin=id&eu=sapien&mi=in&nulla=sapien&ac=iaculis&enim=congue&in=vivamus&tempor=metus&turpis=arcu&nec=adipiscing&euismod=molestie&scelerisque=hendrerit&quam=at&turpis=vulputate&adipiscing=vitae&lorem=nisl&vitae=aenean&mattis=lectus&nibh=pellentesque&ligula=eget&nec=nunc&sem=donec&duis=quis&aliquam=orci&convallis=eget&nunc=orci&proin=vehicula&at=condimentum&turpis=curabitur&a=in&pede=libero&posuere=ut&nonummy=massa&integer=volutpat&non=convallis&velit=morbi&donec=odio,TRUE
+http://i2i.jp/lectus.jsp?amet=augue&eleifend=vestibulum&pede=ante&libero=ipsum&quis=primis&orci=in&nullam=faucibus&molestie=orci&nibh=luctus&in=et&lectus=ultrices&pellentesque=posuere&at=cubilia&nulla=curae&suspendisse=donec&potenti=pharetra&cras=magna&in=vestibulum&purus=aliquet&eu=ultrices&magna=erat&vulputate=tortor&luctus=sollicitudin&cum=mi&sociis=sit&natoque=amet&penatibus=lobortis&et=sapien&magnis=sapien&dis=non&parturient=mi&montes=integer&nascetur=ac&ridiculus=neque&mus=duis&vivamus=bibendum&vestibulum=morbi&sagittis=non&sapien=quam&cum=nec&sociis=dui&natoque=luctus&penatibus=rutrum&et=nulla&magnis=tellus&dis=in&parturient=sagittis&montes=dui&nascetur=vel&ridiculus=nisl&mus=duis&etiam=ac&vel=nibh&augue=fusce&vestibulum=lacus&rutrum=purus&rutrum=aliquet&neque=at&aenean=feugiat&auctor=non&gravida=pretium&sem=quis,TRUE
+https://odnoklassniki.ru/venenatis/tristique/fusce/congue/diam/id/ornare.xml?congue=congue&etiam=etiam&justo=justo&etiam=etiam&pretium=pretium&iaculis=iaculis&justo=justo&in=in&hac=hac&habitasse=habitasse&platea=platea&dictumst=dictumst&etiam=etiam&faucibus=faucibus&cursus=cursus&urna=urna&ut=ut&tellus=tellus&nulla=nulla&ut=ut&erat=erat&id=id&mauris=mauris&vulputate=vulputate&elementum=elementum&nullam=nullam&varius=varius&nulla=nulla&facilisi=facilisi&cras=cras&non=non&velit=velit&nec=nec&nisi=nisi&vulputate=vulputate&nonummy=nonummy&maecenas=maecenas&tincidunt=tincidunt&lacus=lacus&at=at&velit=velit&vivamus=vivamus&vel=vel&nulla=nulla&eget=eget&eros=eros&elementum=elementum&pellentesque=pellentesque&quisque=quisque&porta=porta&volutpat=volutpat&erat=erat&quisque=quisque&erat=erat&eros=eros&viverra=viverra&eget=eget&congue=congue&eget=eget&semper=semper&rutrum=rutrum&nulla=nulla&nunc=nunc&purus=purus&phasellus=phasellus&in=in&felis=felis&donec=donec&semper=semper&sapien=sapien&a=a&libero=libero&nam=nam&dui=dui&proin=proin&leo=leo&odio=odio&porttitor=porttitor&id=id&consequat=consequat&in=in&consequat=consequat&ut=ut&nulla=nulla&sed=sed&accumsan=accumsan&felis=felis,TRUE
+https://walmart.com/in/hac/habitasse/platea/dictumst/morbi.jpg?augue=est&vel=phasellus&accumsan=sit&tellus=amet&nisi=erat&eu=nulla&orci=tempus&mauris=vivamus&lacinia=in&sapien=felis&quis=eu&libero=sapien&nullam=cursus&sit=vestibulum&amet=proin&turpis=eu&elementum=mi&ligula=nulla&vehicula=ac&consequat=enim&morbi=in&a=tempor&ipsum=turpis&integer=nec&a=euismod&nibh=scelerisque&in=quam&quis=turpis&justo=adipiscing&maecenas=lorem&rhoncus=vitae&aliquam=mattis&lacus=nibh&morbi=ligula&quis=nec&tortor=sem&id=duis&nulla=aliquam&ultrices=convallis&aliquet=nunc&maecenas=proin&leo=at&odio=turpis&condimentum=a&id=pede&luctus=posuere&nec=nonummy&molestie=integer&sed=non&justo=velit&pellentesque=donec&viverra=diam&pede=neque&ac=vestibulum&diam=eget&cras=vulputate&pellentesque=ut&volutpat=ultrices&dui=vel&maecenas=augue&tristique=vestibulum&est=ante&et=ipsum&tempus=primis&semper=in&est=faucibus&quam=orci&pharetra=luctus&magna=et&ac=ultrices&consequat=posuere&metus=cubilia&sapien=curae,TRUE
+https://jimdo.com/donec/semper/sapien/a/libero.js?erat=cum&tortor=sociis&sollicitudin=natoque&mi=penatibus&sit=et&amet=magnis&lobortis=dis&sapien=parturient&sapien=montes&non=nascetur&mi=ridiculus&integer=mus&ac=etiam&neque=vel&duis=augue&bibendum=vestibulum&morbi=rutrum&non=rutrum&quam=neque&nec=aenean&dui=auctor&luctus=gravida&rutrum=sem&nulla=praesent&tellus=id&in=massa&sagittis=id&dui=nisl&vel=venenatis&nisl=lacinia&duis=aenean&ac=sit&nibh=amet&fusce=justo&lacus=morbi&purus=ut&aliquet=odio&at=cras&feugiat=mi&non=pede&pretium=malesuada&quis=in&lectus=imperdiet&suspendisse=et&potenti=commodo&in=vulputate&eleifend=justo&quam=in&a=blandit&odio=ultrices&in=enim&hac=lorem&habitasse=ipsum&platea=dolor&dictumst=sit&maecenas=amet&ut=consectetuer&massa=adipiscing&quis=elit&augue=proin&luctus=interdum&tincidunt=mauris&nulla=non&mollis=ligula&molestie=pellentesque&lorem=ultrices&quisque=phasellus&ut=id&erat=sapien&curabitur=in&gravida=sapien&nisi=iaculis&at=congue&nibh=vivamus&in=metus&hac=arcu&habitasse=adipiscing&platea=molestie&dictumst=hendrerit&aliquam=at&augue=vulputate&quam=vitae&sollicitudin=nisl&vitae=aenean&consectetuer=lectus&eget=pellentesque&rutrum=eget&at=nunc,TRUE
+http://fda.gov/curae/duis/faucibus/accumsan.js?eleifend=eu&luctus=est&ultricies=congue&eu=elementum&nibh=in&quisque=hac&id=habitasse&justo=platea&sit=dictumst&amet=morbi&sapien=vestibulum&dignissim=velit&vestibulum=id&vestibulum=pretium&ante=iaculis&ipsum=diam&primis=erat&in=fermentum&faucibus=justo&orci=nec&luctus=condimentum&et=neque&ultrices=sapien&posuere=placerat&cubilia=ante&curae=nulla&nulla=justo&dapibus=aliquam&dolor=quis&vel=turpis&est=eget&donec=elit&odio=sodales&justo=scelerisque&sollicitudin=mauris&ut=sit&suscipit=amet&a=eros&feugiat=suspendisse&et=accumsan&eros=tortor&vestibulum=quis&ac=turpis&est=sed&lacinia=ante&nisi=vivamus&venenatis=tortor&tristique=duis&fusce=mattis&congue=egestas&diam=metus&id=aenean&ornare=fermentum&imperdiet=donec&sapien=ut&urna=mauris&pretium=eget&nisl=massa&ut=tempor&volutpat=convallis&sapien=nulla&arcu=neque&sed=libero&augue=convallis&aliquam=eget&erat=eleifend&volutpat=luctus&in=ultricies&congue=eu&etiam=nibh&justo=quisque&etiam=id&pretium=justo&iaculis=sit&justo=amet&in=sapien,TRUE
+http://usgs.gov/erat/id/mauris/vulputate.png?lobortis=ultrices&est=phasellus&phasellus=id&sit=sapien&amet=in&erat=sapien&nulla=iaculis&tempus=congue&vivamus=vivamus&in=metus&felis=arcu&eu=adipiscing&sapien=molestie&cursus=hendrerit&vestibulum=at&proin=vulputate&eu=vitae&mi=nisl&nulla=aenean&ac=lectus&enim=pellentesque&in=eget&tempor=nunc&turpis=donec&nec=quis&euismod=orci&scelerisque=eget&quam=orci&turpis=vehicula&adipiscing=condimentum&lorem=curabitur&vitae=in&mattis=libero&nibh=ut&ligula=massa&nec=volutpat&sem=convallis&duis=morbi&aliquam=odio&convallis=odio&nunc=elementum&proin=eu&at=interdum&turpis=eu&a=tincidunt&pede=in&posuere=leo&nonummy=maecenas&integer=pulvinar&non=lobortis&velit=est&donec=phasellus&diam=sit&neque=amet&vestibulum=erat&eget=nulla&vulputate=tempus&ut=vivamus&ultrices=in&vel=felis&augue=eu&vestibulum=sapien&ante=cursus&ipsum=vestibulum&primis=proin&in=eu&faucibus=mi&orci=nulla&luctus=ac&et=enim&ultrices=in&posuere=tempor&cubilia=turpis&curae=nec&donec=euismod&pharetra=scelerisque&magna=quam&vestibulum=turpis&aliquet=adipiscing&ultrices=lorem&erat=vitae&tortor=mattis&sollicitudin=nibh&mi=ligula&sit=nec,TRUE
+https://g.co/in/tempus/sit/amet/sem.jsp?amet=justo&justo=morbi&morbi=ut&ut=odio&odio=cras&cras=mi&mi=pede&pede=malesuada&malesuada=in&in=imperdiet&imperdiet=et&et=commodo&commodo=vulputate&vulputate=justo&justo=in&in=blandit&blandit=ultrices&ultrices=enim&enim=lorem&lorem=ipsum&ipsum=dolor&dolor=sit&sit=amet&amet=consectetuer&consectetuer=adipiscing&adipiscing=elit&elit=proin&proin=interdum&interdum=mauris&mauris=non&non=ligula&ligula=pellentesque&pellentesque=ultrices&ultrices=phasellus&phasellus=id&id=sapien&sapien=in&in=sapien&sapien=iaculis&iaculis=congue&congue=vivamus&vivamus=metus&metus=arcu&arcu=adipiscing&adipiscing=molestie&molestie=hendrerit&hendrerit=at&at=vulputate&vulputate=vitae&vitae=nisl&nisl=aenean&aenean=lectus&lectus=pellentesque&pellentesque=eget&eget=nunc&nunc=donec&donec=quis&quis=orci&orci=eget&eget=orci&orci=vehicula&vehicula=condimentum&condimentum=curabitur&curabitur=in&in=libero&libero=ut&ut=massa&massa=volutpat&volutpat=convallis&convallis=morbi&morbi=odio&odio=odio&odio=elementum&elementum=eu&eu=interdum,TRUE
+http://un.org/eget/congue/eget/semper.jsp?id=justo&ligula=morbi&suspendisse=ut&ornare=odio&consequat=cras&lectus=mi&in=pede&est=malesuada&risus=in&auctor=imperdiet,TRUE
+http://ocn.ne.jp/vestibulum/rutrum/rutrum/neque/aenean.jpg?nunc=eget&proin=congue&at=eget&turpis=semper&a=rutrum&pede=nulla&posuere=nunc&nonummy=purus&integer=phasellus&non=in&velit=felis&donec=donec&diam=semper&neque=sapien&vestibulum=a&eget=libero&vulputate=nam&ut=dui&ultrices=proin&vel=leo&augue=odio&vestibulum=porttitor&ante=id&ipsum=consequat&primis=in&in=consequat&faucibus=ut&orci=nulla&luctus=sed&et=accumsan&ultrices=felis&posuere=ut&cubilia=at&curae=dolor&donec=quis&pharetra=odio&magna=consequat&vestibulum=varius&aliquet=integer&ultrices=ac&erat=leo&tortor=pellentesque&sollicitudin=ultrices&mi=mattis&sit=odio&amet=donec&lobortis=vitae&sapien=nisi&sapien=nam&non=ultrices&mi=libero&integer=non&ac=mattis&neque=pulvinar&duis=nulla&bibendum=pede&morbi=ullamcorper&non=augue&quam=a&nec=suscipit&dui=nulla&luctus=elit&rutrum=ac&nulla=nulla&tellus=sed&in=vel&sagittis=enim&dui=sit&vel=amet&nisl=nunc&duis=viverra&ac=dapibus&nibh=nulla&fusce=suscipit&lacus=ligula&purus=in&aliquet=lacus&at=curabitur&feugiat=at&non=ipsum&pretium=ac,TRUE
+http://walmart.com/neque.aspx?duis=maecenas&bibendum=leo&morbi=odio&non=condimentum&quam=id&nec=luctus&dui=nec&luctus=molestie&rutrum=sed&nulla=justo&tellus=pellentesque&in=viverra&sagittis=pede&dui=ac&vel=diam&nisl=cras&duis=pellentesque&ac=volutpat&nibh=dui&fusce=maecenas&lacus=tristique&purus=est&aliquet=et&at=tempus&feugiat=semper&non=est&pretium=quam&quis=pharetra,TRUE
+http://edublogs.org/porta/volutpat/quam/pede.jpg?tincidunt=donec&eget=dapibus&tempus=duis&vel=at&pede=velit&morbi=eu&porttitor=est&lorem=congue&id=elementum&ligula=in&suspendisse=hac&ornare=habitasse&consequat=platea&lectus=dictumst&in=morbi&est=vestibulum&risus=velit&auctor=id&sed=pretium&tristique=iaculis&in=diam&tempus=erat&sit=fermentum&amet=justo&sem=nec&fusce=condimentum&consequat=neque&nulla=sapien&nisl=placerat&nunc=ante&nisl=nulla&duis=justo&bibendum=aliquam&felis=quis&sed=turpis&interdum=eget&venenatis=elit&turpis=sodales&enim=scelerisque&blandit=mauris&mi=sit&in=amet&porttitor=eros&pede=suspendisse&justo=accumsan&eu=tortor&massa=quis&donec=turpis&dapibus=sed&duis=ante&at=vivamus&velit=tortor&eu=duis&est=mattis&congue=egestas&elementum=metus&in=aenean&hac=fermentum&habitasse=donec&platea=ut&dictumst=mauris&morbi=eget&vestibulum=massa&velit=tempor&id=convallis&pretium=nulla&iaculis=neque&diam=libero&erat=convallis&fermentum=eget&justo=eleifend&nec=luctus&condimentum=ultricies&neque=eu&sapien=nibh&placerat=quisque&ante=id&nulla=justo&justo=sit&aliquam=amet&quis=sapien&turpis=dignissim&eget=vestibulum&elit=vestibulum&sodales=ante&scelerisque=ipsum&mauris=primis&sit=in&amet=faucibus&eros=orci&suspendisse=luctus&accumsan=et,TRUE
+http://geocities.com/tristique/est/et.js?eros=integer&vestibulum=aliquet&ac=massa&est=id&lacinia=lobortis&nisi=convallis&venenatis=tortor&tristique=risus&fusce=dapibus&congue=augue&diam=vel&id=accumsan&ornare=tellus&imperdiet=nisi&sapien=eu&urna=orci&pretium=mauris&nisl=lacinia&ut=sapien&volutpat=quis&sapien=libero&arcu=nullam&sed=sit&augue=amet&aliquam=turpis&erat=elementum&volutpat=ligula&in=vehicula&congue=consequat&etiam=morbi&justo=a&etiam=ipsum&pretium=integer&iaculis=a&justo=nibh&in=in&hac=quis&habitasse=justo&platea=maecenas&dictumst=rhoncus&etiam=aliquam&faucibus=lacus&cursus=morbi&urna=quis&ut=tortor&tellus=id&nulla=nulla&ut=ultrices&erat=aliquet&id=maecenas&mauris=leo&vulputate=odio&elementum=condimentum&nullam=id&varius=luctus&nulla=nec&facilisi=molestie&cras=sed&non=justo&velit=pellentesque&nec=viverra&nisi=pede&vulputate=ac&nonummy=diam&maecenas=cras&tincidunt=pellentesque&lacus=volutpat&at=dui&velit=maecenas&vivamus=tristique&vel=est&nulla=et&eget=tempus,TRUE
+http://miitbeian.gov.cn/leo/maecenas/pulvinar/lobortis/est/phasellus/sit.jpg?lorem=venenatis&integer=tristique&tincidunt=fusce&ante=congue&vel=diam&ipsum=id&praesent=ornare&blandit=imperdiet&lacinia=sapien&erat=urna&vestibulum=pretium&sed=nisl&magna=ut&at=volutpat&nunc=sapien&commodo=arcu&placerat=sed&praesent=augue&blandit=aliquam&nam=erat&nulla=volutpat&integer=in&pede=congue&justo=etiam&lacinia=justo&eget=etiam&tincidunt=pretium&eget=iaculis&tempus=justo&vel=in,TRUE
+https://smugmug.com/nullam/orci/pede/venenatis/non/sodales.png?orci=amet&mauris=consectetuer&lacinia=adipiscing&sapien=elit,TRUE
+https://desdev.cn/aliquet/at/feugiat/non.json?ridiculus=proin&mus=interdum&etiam=mauris&vel=non&augue=ligula&vestibulum=pellentesque&rutrum=ultrices&rutrum=phasellus&neque=id&aenean=sapien&auctor=in&gravida=sapien&sem=iaculis&praesent=congue&id=vivamus&massa=metus&id=arcu&nisl=adipiscing&venenatis=molestie&lacinia=hendrerit&aenean=at&sit=vulputate&amet=vitae&justo=nisl&morbi=aenean&ut=lectus&odio=pellentesque&cras=eget&mi=nunc&pede=donec&malesuada=quis&in=orci&imperdiet=eget&et=orci&commodo=vehicula&vulputate=condimentum&justo=curabitur&in=in&blandit=libero&ultrices=ut&enim=massa,TRUE
+https://nymag.com/nisi.js?augue=nam&vel=dui&accumsan=proin&tellus=leo&nisi=odio&eu=porttitor&orci=id&mauris=consequat&lacinia=in&sapien=consequat&quis=ut&libero=nulla&nullam=sed&sit=accumsan&amet=felis&turpis=ut&elementum=at&ligula=dolor&vehicula=quis&consequat=odio&morbi=consequat&a=varius&ipsum=integer&integer=ac&a=leo&nibh=pellentesque&in=ultrices&quis=mattis&justo=odio&maecenas=donec&rhoncus=vitae&aliquam=nisi&lacus=nam&morbi=ultrices&quis=libero&tortor=non&id=mattis&nulla=pulvinar&ultrices=nulla&aliquet=pede&maecenas=ullamcorper&leo=augue&odio=a&condimentum=suscipit&id=nulla&luctus=elit&nec=ac&molestie=nulla&sed=sed&justo=vel&pellentesque=enim&viverra=sit&pede=amet&ac=nunc&diam=viverra&cras=dapibus&pellentesque=nulla&volutpat=suscipit&dui=ligula&maecenas=in&tristique=lacus&est=curabitur&et=at&tempus=ipsum&semper=ac&est=tellus&quam=semper&pharetra=interdum&magna=mauris&ac=ullamcorper&consequat=purus&metus=sit&sapien=amet&ut=nulla&nunc=quisque&vestibulum=arcu&ante=libero&ipsum=rutrum&primis=ac&in=lobortis&faucibus=vel&orci=dapibus&luctus=at&et=diam&ultrices=nam&posuere=tristique,TRUE
+http://hao123.com/lacinia/aenean/sit/amet.jsp?justo=nec&eu=nisi&massa=vulputate&donec=nonummy&dapibus=maecenas&duis=tincidunt&at=lacus&velit=at&eu=velit&est=vivamus&congue=vel&elementum=nulla&in=eget&hac=eros&habitasse=elementum&platea=pellentesque&dictumst=quisque&morbi=porta&vestibulum=volutpat&velit=erat&id=quisque&pretium=erat,TRUE
+https://rediff.com/sapien/varius.json?id=nibh&turpis=ligula&integer=nec&aliquet=sem&massa=duis&id=aliquam&lobortis=convallis&convallis=nunc&tortor=proin&risus=at&dapibus=turpis&augue=a&vel=pede&accumsan=posuere&tellus=nonummy&nisi=integer&eu=non&orci=velit&mauris=donec&lacinia=diam&sapien=neque&quis=vestibulum&libero=eget&nullam=vulputate&sit=ut&amet=ultrices&turpis=vel&elementum=augue&ligula=vestibulum&vehicula=ante&consequat=ipsum&morbi=primis&a=in&ipsum=faucibus&integer=orci&a=luctus&nibh=et&in=ultrices&quis=posuere&justo=cubilia&maecenas=curae&rhoncus=donec&aliquam=pharetra&lacus=magna&morbi=vestibulum&quis=aliquet&tortor=ultrices&id=erat&nulla=tortor&ultrices=sollicitudin&aliquet=mi&maecenas=sit&leo=amet&odio=lobortis&condimentum=sapien&id=sapien&luctus=non&nec=mi&molestie=integer&sed=ac,TRUE
+http://google.com/pede/lobortis/ligula/sit.html?pulvinar=ultrices&sed=posuere&nisl=cubilia&nunc=curae&rhoncus=donec&dui=pharetra&vel=magna&sem=vestibulum&sed=aliquet&sagittis=ultrices&nam=erat&congue=tortor&risus=sollicitudin&semper=mi&porta=sit&volutpat=amet&quam=lobortis&pede=sapien&lobortis=sapien&ligula=non&sit=mi&amet=integer&eleifend=ac&pede=neque&libero=duis&quis=bibendum&orci=morbi&nullam=non&molestie=quam&nibh=nec&in=dui&lectus=luctus&pellentesque=rutrum&at=nulla&nulla=tellus&suspendisse=in&potenti=sagittis&cras=dui&in=vel&purus=nisl&eu=duis&magna=ac&vulputate=nibh&luctus=fusce&cum=lacus&sociis=purus&natoque=aliquet&penatibus=at&et=feugiat&magnis=non&dis=pretium&parturient=quis&montes=lectus&nascetur=suspendisse&ridiculus=potenti&mus=in&vivamus=eleifend&vestibulum=quam&sagittis=a&sapien=odio&cum=in&sociis=hac&natoque=habitasse&penatibus=platea&et=dictumst&magnis=maecenas,TRUE
+http://thetimes.co.uk/eu.jsp?aliquam=eros&lacus=vestibulum&morbi=ac&quis=est&tortor=lacinia&id=nisi&nulla=venenatis&ultrices=tristique&aliquet=fusce&maecenas=congue&leo=diam&odio=id&condimentum=ornare&id=imperdiet&luctus=sapien&nec=urna&molestie=pretium&sed=nisl&justo=ut&pellentesque=volutpat&viverra=sapien&pede=arcu&ac=sed&diam=augue&cras=aliquam&pellentesque=erat&volutpat=volutpat&dui=in&maecenas=congue&tristique=etiam&est=justo&et=etiam&tempus=pretium&semper=iaculis&est=justo&quam=in&pharetra=hac&magna=habitasse&ac=platea&consequat=dictumst&metus=etiam&sapien=faucibus&ut=cursus&nunc=urna&vestibulum=ut&ante=tellus&ipsum=nulla&primis=ut&in=erat&faucibus=id&orci=mauris&luctus=vulputate&et=elementum&ultrices=nullam&posuere=varius&cubilia=nulla&curae=facilisi&mauris=cras&viverra=non&diam=velit&vitae=nec&quam=nisi&suspendisse=vulputate&potenti=nonummy&nullam=maecenas&porttitor=tincidunt&lacus=lacus&at=at&turpis=velit&donec=vivamus&posuere=vel&metus=nulla&vitae=eget&ipsum=eros&aliquam=elementum&non=pellentesque&mauris=quisque&morbi=porta&non=volutpat&lectus=erat&aliquam=quisque&sit=erat&amet=eros&diam=viverra&in=eget&magna=congue&bibendum=eget&imperdiet=semper&nullam=rutrum&orci=nulla&pede=nunc&venenatis=purus&non=phasellus&sodales=in&sed=felis&tincidunt=donec&eu=semper&felis=sapien&fusce=a&posuere=libero,TRUE
+https://oaic.gov.au/ante/ipsum/primis/in/faucibus/orci/luctus.aspx?magna=eget&vulputate=eros&luctus=elementum&cum=pellentesque&sociis=quisque&natoque=porta&penatibus=volutpat&et=erat&magnis=quisque&dis=erat&parturient=eros&montes=viverra&nascetur=eget&ridiculus=congue&mus=eget&vivamus=semper&vestibulum=rutrum&sagittis=nulla&sapien=nunc&cum=purus&sociis=phasellus&natoque=in&penatibus=felis&et=donec&magnis=semper&dis=sapien&parturient=a&montes=libero&nascetur=nam&ridiculus=dui&mus=proin&etiam=leo&vel=odio&augue=porttitor&vestibulum=id&rutrum=consequat&rutrum=in&neque=consequat&aenean=ut&auctor=nulla&gravida=sed&sem=accumsan&praesent=felis&id=ut&massa=at&id=dolor&nisl=quis&venenatis=odio&lacinia=consequat&aenean=varius&sit=integer&amet=ac&justo=leo&morbi=pellentesque&ut=ultrices&odio=mattis&cras=odio&mi=donec&pede=vitae&malesuada=nisi&in=nam&imperdiet=ultrices&et=libero&commodo=non&vulputate=mattis&justo=pulvinar&in=nulla&blandit=pede&ultrices=ullamcorper&enim=augue&lorem=a&ipsum=suscipit&dolor=nulla&sit=elit&amet=ac&consectetuer=nulla,TRUE
+http://imageshack.us/primis.js?in=nulla&congue=tellus&etiam=in&justo=sagittis&etiam=dui&pretium=vel&iaculis=nisl&justo=duis&in=ac&hac=nibh&habitasse=fusce&platea=lacus,TRUE
+https://cdc.gov/lorem/ipsum/dolor/sit/amet.jpg?sollicitudin=fringilla&mi=rhoncus&sit=mauris&amet=enim&lobortis=leo&sapien=rhoncus&sapien=sed&non=vestibulum&mi=sit&integer=amet&ac=cursus&neque=id&duis=turpis&bibendum=integer&morbi=aliquet&non=massa&quam=id&nec=lobortis&dui=convallis&luctus=tortor&rutrum=risus&nulla=dapibus&tellus=augue&in=vel&sagittis=accumsan&dui=tellus&vel=nisi&nisl=eu&duis=orci&ac=mauris&nibh=lacinia&fusce=sapien&lacus=quis&purus=libero,TRUE
+https://census.gov/sit/amet.png?rhoncus=quam&dui=fringilla&vel=rhoncus&sem=mauris&sed=enim&sagittis=leo&nam=rhoncus&congue=sed&risus=vestibulum&semper=sit&porta=amet&volutpat=cursus&quam=id&pede=turpis&lobortis=integer&ligula=aliquet&sit=massa&amet=id&eleifend=lobortis&pede=convallis&libero=tortor&quis=risus&orci=dapibus&nullam=augue&molestie=vel&nibh=accumsan&in=tellus&lectus=nisi&pellentesque=eu&at=orci&nulla=mauris&suspendisse=lacinia&potenti=sapien&cras=quis&in=libero&purus=nullam&eu=sit&magna=amet,TRUE
+https://chron.com/nulla.json?ac=amet&enim=consectetuer&in=adipiscing&tempor=elit&turpis=proin&nec=interdum&euismod=mauris&scelerisque=non&quam=ligula&turpis=pellentesque&adipiscing=ultrices&lorem=phasellus&vitae=id&mattis=sapien&nibh=in&ligula=sapien&nec=iaculis&sem=congue&duis=vivamus&aliquam=metus&convallis=arcu&nunc=adipiscing&proin=molestie&at=hendrerit&turpis=at&a=vulputate&pede=vitae&posuere=nisl&nonummy=aenean&integer=lectus&non=pellentesque&velit=eget&donec=nunc&diam=donec&neque=quis&vestibulum=orci&eget=eget&vulputate=orci&ut=vehicula&ultrices=condimentum&vel=curabitur&augue=in&vestibulum=libero&ante=ut&ipsum=massa&primis=volutpat&in=convallis&faucibus=morbi&orci=odio&luctus=odio&et=elementum&ultrices=eu&posuere=interdum&cubilia=eu&curae=tincidunt&donec=in&pharetra=leo&magna=maecenas&vestibulum=pulvinar&aliquet=lobortis&ultrices=est&erat=phasellus&tortor=sit&sollicitudin=amet&mi=erat&sit=nulla&amet=tempus&lobortis=vivamus&sapien=in&sapien=felis&non=eu&mi=sapien&integer=cursus&ac=vestibulum&neque=proin&duis=eu&bibendum=mi&morbi=nulla&non=ac&quam=enim&nec=in&dui=tempor&luctus=turpis&rutrum=nec&nulla=euismod&tellus=scelerisque&in=quam&sagittis=turpis&dui=adipiscing&vel=lorem&nisl=vitae&duis=mattis&ac=nibh&nibh=ligula&fusce=nec&lacus=sem&purus=duis&aliquet=aliquam&at=convallis&feugiat=nunc,TRUE
+https://ed.gov/sociis.aspx?nulla=in&nunc=felis&purus=eu&phasellus=sapien&in=cursus&felis=vestibulum&donec=proin&semper=eu&sapien=mi&a=nulla&libero=ac&nam=enim&dui=in&proin=tempor&leo=turpis&odio=nec&porttitor=euismod&id=scelerisque&consequat=quam&in=turpis&consequat=adipiscing&ut=lorem&nulla=vitae&sed=mattis&accumsan=nibh&felis=ligula&ut=nec&at=sem&dolor=duis&quis=aliquam&odio=convallis&consequat=nunc&varius=proin&integer=at&ac=turpis&leo=a&pellentesque=pede&ultrices=posuere&mattis=nonummy&odio=integer&donec=non&vitae=velit&nisi=donec&nam=diam&ultrices=neque&libero=vestibulum&non=eget&mattis=vulputate&pulvinar=ut&nulla=ultrices&pede=vel&ullamcorper=augue&augue=vestibulum&a=ante&suscipit=ipsum&nulla=primis&elit=in&ac=faucibus&nulla=orci&sed=luctus&vel=et&enim=ultrices&sit=posuere,TRUE
+https://etsy.com/nisl/duis.aspx?sapien=rhoncus&sapien=mauris&non=enim&mi=leo&integer=rhoncus&ac=sed&neque=vestibulum&duis=sit&bibendum=amet&morbi=cursus&non=id&quam=turpis&nec=integer&dui=aliquet&luctus=massa&rutrum=id&nulla=lobortis&tellus=convallis&in=tortor&sagittis=risus&dui=dapibus&vel=augue&nisl=vel&duis=accumsan&ac=tellus&nibh=nisi&fusce=eu&lacus=orci&purus=mauris&aliquet=lacinia&at=sapien&feugiat=quis&non=libero&pretium=nullam&quis=sit&lectus=amet&suspendisse=turpis&potenti=elementum&in=ligula&eleifend=vehicula&quam=consequat&a=morbi&odio=a&in=ipsum&hac=integer,TRUE
+https://yale.edu/duis.xml?a=eu&ipsum=magna&integer=vulputate&a=luctus&nibh=cum&in=sociis&quis=natoque&justo=penatibus&maecenas=et&rhoncus=magnis&aliquam=dis&lacus=parturient&morbi=montes&quis=nascetur&tortor=ridiculus&id=mus&nulla=vivamus&ultrices=vestibulum&aliquet=sagittis&maecenas=sapien&leo=cum&odio=sociis&condimentum=natoque&id=penatibus&luctus=et&nec=magnis&molestie=dis&sed=parturient&justo=montes&pellentesque=nascetur&viverra=ridiculus&pede=mus&ac=etiam&diam=vel&cras=augue&pellentesque=vestibulum&volutpat=rutrum&dui=rutrum&maecenas=neque&tristique=aenean&est=auctor&et=gravida&tempus=sem&semper=praesent&est=id&quam=massa&pharetra=id&magna=nisl&ac=venenatis&consequat=lacinia&metus=aenean&sapien=sit&ut=amet&nunc=justo&vestibulum=morbi&ante=ut&ipsum=odio&primis=cras&in=mi&faucibus=pede&orci=malesuada&luctus=in&et=imperdiet&ultrices=et&posuere=commodo,TRUE
+http://odnoklassniki.ru/tortor/sollicitudin/mi/sit/amet/lobortis/sapien.jsp?sodales=venenatis&scelerisque=tristique&mauris=fusce&sit=congue&amet=diam&eros=id&suspendisse=ornare&accumsan=imperdiet&tortor=sapien&quis=urna&turpis=pretium&sed=nisl&ante=ut&vivamus=volutpat&tortor=sapien&duis=arcu&mattis=sed&egestas=augue&metus=aliquam&aenean=erat&fermentum=volutpat&donec=in&ut=congue&mauris=etiam&eget=justo&massa=etiam&tempor=pretium&convallis=iaculis&nulla=justo&neque=in&libero=hac&convallis=habitasse&eget=platea&eleifend=dictumst&luctus=etiam&ultricies=faucibus&eu=cursus&nibh=urna&quisque=ut&id=tellus&justo=nulla&sit=ut&amet=erat&sapien=id&dignissim=mauris&vestibulum=vulputate&vestibulum=elementum&ante=nullam&ipsum=varius&primis=nulla&in=facilisi&faucibus=cras&orci=non&luctus=velit&et=nec&ultrices=nisi&posuere=vulputate,TRUE
+https://cmu.edu/lacinia/aenean/sit/amet.jsp?felis=donec&eu=semper&sapien=sapien&cursus=a&vestibulum=libero&proin=nam&eu=dui&mi=proin&nulla=leo&ac=odio&enim=porttitor&in=id&tempor=consequat&turpis=in&nec=consequat&euismod=ut&scelerisque=nulla&quam=sed&turpis=accumsan&adipiscing=felis&lorem=ut&vitae=at&mattis=dolor&nibh=quis&ligula=odio&nec=consequat&sem=varius&duis=integer&aliquam=ac&convallis=leo&nunc=pellentesque&proin=ultrices&at=mattis&turpis=odio&a=donec&pede=vitae&posuere=nisi&nonummy=nam&integer=ultrices&non=libero&velit=non&donec=mattis&diam=pulvinar&neque=nulla&vestibulum=pede&eget=ullamcorper&vulputate=augue&ut=a&ultrices=suscipit&vel=nulla&augue=elit&vestibulum=ac&ante=nulla&ipsum=sed&primis=vel&in=enim&faucibus=sit&orci=amet&luctus=nunc&et=viverra&ultrices=dapibus&posuere=nulla&cubilia=suscipit&curae=ligula&donec=in&pharetra=lacus&magna=curabitur&vestibulum=at&aliquet=ipsum&ultrices=ac&erat=tellus&tortor=semper&sollicitudin=interdum&mi=mauris&sit=ullamcorper&amet=purus&lobortis=sit&sapien=amet&sapien=nulla&non=quisque&mi=arcu&integer=libero&ac=rutrum&neque=ac&duis=lobortis&bibendum=vel&morbi=dapibus&non=at&quam=diam&nec=nam&dui=tristique&luctus=tortor,TRUE
+http://edublogs.org/eu/massa/donec/dapibus.aspx?molestie=lacinia&hendrerit=aenean&at=sit&vulputate=amet&vitae=justo&nisl=morbi&aenean=ut&lectus=odio&pellentesque=cras&eget=mi&nunc=pede&donec=malesuada&quis=in&orci=imperdiet&eget=et&orci=commodo&vehicula=vulputate&condimentum=justo&curabitur=in&in=blandit&libero=ultrices&ut=enim&massa=lorem&volutpat=ipsum&convallis=dolor&morbi=sit&odio=amet&odio=consectetuer&elementum=adipiscing&eu=elit&interdum=proin&eu=interdum&tincidunt=mauris&in=non&leo=ligula&maecenas=pellentesque&pulvinar=ultrices&lobortis=phasellus&est=id&phasellus=sapien&sit=in&amet=sapien&erat=iaculis&nulla=congue&tempus=vivamus&vivamus=metus&in=arcu&felis=adipiscing&eu=molestie&sapien=hendrerit&cursus=at&vestibulum=vulputate&proin=vitae&eu=nisl&mi=aenean&nulla=lectus&ac=pellentesque&enim=eget&in=nunc&tempor=donec&turpis=quis&nec=orci&euismod=eget&scelerisque=orci&quam=vehicula&turpis=condimentum&adipiscing=curabitur&lorem=in&vitae=libero&mattis=ut&nibh=massa&ligula=volutpat&nec=convallis&sem=morbi&duis=odio&aliquam=odio&convallis=elementum&nunc=eu&proin=interdum&at=eu&turpis=tincidunt&a=in&pede=leo&posuere=maecenas,TRUE
+https://pen.io/placerat/ante/nulla/justo.jsp?diam=aliquam&neque=sit&vestibulum=amet&eget=diam&vulputate=in&ut=magna&ultrices=bibendum&vel=imperdiet&augue=nullam&vestibulum=orci&ante=pede&ipsum=venenatis&primis=non&in=sodales&faucibus=sed&orci=tincidunt&luctus=eu&et=felis&ultrices=fusce&posuere=posuere&cubilia=felis&curae=sed&donec=lacus&pharetra=morbi&magna=sem&vestibulum=mauris&aliquet=laoreet&ultrices=ut&erat=rhoncus&tortor=aliquet&sollicitudin=pulvinar&mi=sed&sit=nisl&amet=nunc&lobortis=rhoncus&sapien=dui&sapien=vel&non=sem&mi=sed&integer=sagittis&ac=nam&neque=congue&duis=risus&bibendum=semper&morbi=porta&non=volutpat&quam=quam&nec=pede&dui=lobortis&luctus=ligula,TRUE
+https://vimeo.com/et/tempus/semper/est/quam/pharetra.jpg?vulputate=viverra&vitae=eget&nisl=congue&aenean=eget&lectus=semper&pellentesque=rutrum&eget=nulla&nunc=nunc&donec=purus&quis=phasellus&orci=in&eget=felis&orci=donec&vehicula=semper&condimentum=sapien&curabitur=a&in=libero&libero=nam&ut=dui&massa=proin&volutpat=leo&convallis=odio&morbi=porttitor&odio=id&odio=consequat&elementum=in&eu=consequat&interdum=ut&eu=nulla&tincidunt=sed&in=accumsan&leo=felis&maecenas=ut&pulvinar=at&lobortis=dolor&est=quis&phasellus=odio&sit=consequat&amet=varius&erat=integer&nulla=ac&tempus=leo&vivamus=pellentesque&in=ultrices&felis=mattis&eu=odio&sapien=donec&cursus=vitae&vestibulum=nisi&proin=nam&eu=ultrices&mi=libero&nulla=non&ac=mattis&enim=pulvinar&in=nulla&tempor=pede&turpis=ullamcorper&nec=augue&euismod=a&scelerisque=suscipit&quam=nulla&turpis=elit&adipiscing=ac&lorem=nulla&vitae=sed&mattis=vel,TRUE
+https://slideshare.net/nec.jpg?praesent=morbi&blandit=a&lacinia=ipsum&erat=integer&vestibulum=a&sed=nibh&magna=in&at=quis&nunc=justo&commodo=maecenas&placerat=rhoncus&praesent=aliquam&blandit=lacus&nam=morbi&nulla=quis&integer=tortor&pede=id&justo=nulla&lacinia=ultrices&eget=aliquet&tincidunt=maecenas&eget=leo&tempus=odio&vel=condimentum&pede=id&morbi=luctus&porttitor=nec&lorem=molestie&id=sed&ligula=justo&suspendisse=pellentesque&ornare=viverra&consequat=pede&lectus=ac&in=diam&est=cras&risus=pellentesque&auctor=volutpat&sed=dui&tristique=maecenas&in=tristique&tempus=est&sit=et&amet=tempus&sem=semper&fusce=est&consequat=quam&nulla=pharetra&nisl=magna&nunc=ac&nisl=consequat&duis=metus&bibendum=sapien&felis=ut&sed=nunc&interdum=vestibulum&venenatis=ante&turpis=ipsum&enim=primis&blandit=in&mi=faucibus&in=orci&porttitor=luctus&pede=et&justo=ultrices&eu=posuere&massa=cubilia&donec=curae&dapibus=mauris,TRUE
+https://hibu.com/odio/donec/vitae.jpg?nisl=cubilia&venenatis=curae&lacinia=mauris&aenean=viverra&sit=diam&amet=vitae&justo=quam&morbi=suspendisse&ut=potenti&odio=nullam&cras=porttitor&mi=lacus&pede=at&malesuada=turpis&in=donec&imperdiet=posuere&et=metus&commodo=vitae&vulputate=ipsum&justo=aliquam&in=non&blandit=mauris&ultrices=morbi&enim=non&lorem=lectus&ipsum=aliquam&dolor=sit&sit=amet&amet=diam&consectetuer=in&adipiscing=magna&elit=bibendum&proin=imperdiet&interdum=nullam&mauris=orci&non=pede&ligula=venenatis&pellentesque=non&ultrices=sodales&phasellus=sed&id=tincidunt&sapien=eu&in=felis&sapien=fusce&iaculis=posuere&congue=felis&vivamus=sed&metus=lacus&arcu=morbi&adipiscing=sem&molestie=mauris&hendrerit=laoreet&at=ut&vulputate=rhoncus&vitae=aliquet&nisl=pulvinar&aenean=sed&lectus=nisl&pellentesque=nunc&eget=rhoncus&nunc=dui&donec=vel&quis=sem&orci=sed&eget=sagittis&orci=nam&vehicula=congue&condimentum=risus&curabitur=semper&in=porta&libero=volutpat&ut=quam&massa=pede&volutpat=lobortis&convallis=ligula&morbi=sit&odio=amet&odio=eleifend&elementum=pede&eu=libero&interdum=quis&eu=orci&tincidunt=nullam&in=molestie&leo=nibh&maecenas=in&pulvinar=lectus&lobortis=pellentesque,TRUE
+http://tripod.com/elementum/eu/interdum/eu/tincidunt.xml?quisque=vulputate&porta=luctus&volutpat=cum&erat=sociis&quisque=natoque&erat=penatibus&eros=et&viverra=magnis&eget=dis&congue=parturient&eget=montes&semper=nascetur&rutrum=ridiculus&nulla=mus&nunc=vivamus&purus=vestibulum&phasellus=sagittis&in=sapien&felis=cum&donec=sociis&semper=natoque&sapien=penatibus&a=et&libero=magnis&nam=dis&dui=parturient&proin=montes&leo=nascetur&odio=ridiculus&porttitor=mus&id=etiam&consequat=vel&in=augue&consequat=vestibulum&ut=rutrum&nulla=rutrum&sed=neque&accumsan=aenean&felis=auctor&ut=gravida&at=sem&dolor=praesent&quis=id,TRUE
+https://nsw.gov.au/dui/nec/nisi.xml?phasellus=velit&id=nec&sapien=nisi&in=vulputate&sapien=nonummy&iaculis=maecenas&congue=tincidunt&vivamus=lacus&metus=at&arcu=velit&adipiscing=vivamus&molestie=vel&hendrerit=nulla&at=eget&vulputate=eros&vitae=elementum&nisl=pellentesque&aenean=quisque&lectus=porta&pellentesque=volutpat&eget=erat&nunc=quisque&donec=erat&quis=eros&orci=viverra&eget=eget&orci=congue&vehicula=eget&condimentum=semper&curabitur=rutrum&in=nulla&libero=nunc&ut=purus&massa=phasellus&volutpat=in&convallis=felis&morbi=donec&odio=semper&odio=sapien&elementum=a&eu=libero&interdum=nam&eu=dui&tincidunt=proin&in=leo&leo=odio&maecenas=porttitor&pulvinar=id&lobortis=consequat&est=in&phasellus=consequat&sit=ut&amet=nulla&erat=sed&nulla=accumsan&tempus=felis&vivamus=ut&in=at&felis=dolor&eu=quis&sapien=odio&cursus=consequat&vestibulum=varius&proin=integer&eu=ac&mi=leo&nulla=pellentesque&ac=ultrices&enim=mattis&in=odio&tempor=donec&turpis=vitae&nec=nisi,TRUE
+http://meetup.com/mauris.js?quam=aliquam&sollicitudin=augue&vitae=quam&consectetuer=sollicitudin&eget=vitae&rutrum=consectetuer&at=eget&lorem=rutrum&integer=at&tincidunt=lorem&ante=integer&vel=tincidunt&ipsum=ante&praesent=vel&blandit=ipsum&lacinia=praesent&erat=blandit&vestibulum=lacinia&sed=erat&magna=vestibulum&at=sed&nunc=magna&commodo=at&placerat=nunc&praesent=commodo&blandit=placerat&nam=praesent&nulla=blandit&integer=nam&pede=nulla&justo=integer&lacinia=pede&eget=justo&tincidunt=lacinia&eget=eget&tempus=tincidunt&vel=eget&pede=tempus&morbi=vel&porttitor=pede&lorem=morbi&id=porttitor&ligula=lorem&suspendisse=id&ornare=ligula&consequat=suspendisse&lectus=ornare&in=consequat&est=lectus&risus=in&auctor=est&sed=risus&tristique=auctor&in=sed&tempus=tristique&sit=in&amet=tempus&sem=sit&fusce=amet&consequat=sem&nulla=fusce&nisl=consequat&nunc=nulla&nisl=nisl&duis=nunc&bibendum=nisl&felis=duis&sed=bibendum&interdum=felis,TRUE
+https://ox.ac.uk/sit/amet.jpg?purus=rutrum&eu=rutrum&magna=neque&vulputate=aenean&luctus=auctor&cum=gravida&sociis=sem&natoque=praesent&penatibus=id&et=massa&magnis=id&dis=nisl&parturient=venenatis&montes=lacinia&nascetur=aenean&ridiculus=sit&mus=amet&vivamus=justo&vestibulum=morbi&sagittis=ut&sapien=odio&cum=cras&sociis=mi&natoque=pede&penatibus=malesuada&et=in&magnis=imperdiet&dis=et&parturient=commodo&montes=vulputate&nascetur=justo&ridiculus=in&mus=blandit&etiam=ultrices&vel=enim&augue=lorem&vestibulum=ipsum&rutrum=dolor&rutrum=sit&neque=amet&aenean=consectetuer&auctor=adipiscing&gravida=elit&sem=proin&praesent=interdum&id=mauris&massa=non&id=ligula&nisl=pellentesque&venenatis=ultrices&lacinia=phasellus&aenean=id&sit=sapien&amet=in&justo=sapien&morbi=iaculis&ut=congue,TRUE
+http://sakura.ne.jp/eu/est/congue/elementum.jsp?viverra=nullam&eget=molestie&congue=nibh&eget=in&semper=lectus&rutrum=pellentesque&nulla=at&nunc=nulla&purus=suspendisse&phasellus=potenti&in=cras&felis=in&donec=purus&semper=eu&sapien=magna&a=vulputate&libero=luctus&nam=cum&dui=sociis&proin=natoque&leo=penatibus&odio=et&porttitor=magnis&id=dis&consequat=parturient&in=montes&consequat=nascetur&ut=ridiculus&nulla=mus&sed=vivamus&accumsan=vestibulum&felis=sagittis&ut=sapien&at=cum&dolor=sociis&quis=natoque&odio=penatibus&consequat=et&varius=magnis&integer=dis&ac=parturient&leo=montes&pellentesque=nascetur&ultrices=ridiculus&mattis=mus&odio=etiam&donec=vel&vitae=augue&nisi=vestibulum&nam=rutrum&ultrices=rutrum&libero=neque&non=aenean&mattis=auctor&pulvinar=gravida&nulla=sem&pede=praesent&ullamcorper=id&augue=massa&a=id&suscipit=nisl&nulla=venenatis&elit=lacinia&ac=aenean&nulla=sit&sed=amet&vel=justo&enim=morbi&sit=ut&amet=odio&nunc=cras&viverra=mi&dapibus=pede&nulla=malesuada&suscipit=in&ligula=imperdiet&in=et&lacus=commodo&curabitur=vulputate&at=justo&ipsum=in&ac=blandit&tellus=ultrices&semper=enim&interdum=lorem&mauris=ipsum&ullamcorper=dolor&purus=sit&sit=amet&amet=consectetuer&nulla=adipiscing&quisque=elit&arcu=proin&libero=interdum,TRUE
+http://infoseek.co.jp/sit/amet/diam/in/magna/bibendum/imperdiet.jsp?in=lorem&tempus=vitae&sit=mattis&amet=nibh&sem=ligula&fusce=nec&consequat=sem&nulla=duis&nisl=aliquam&nunc=convallis&nisl=nunc&duis=proin&bibendum=at&felis=turpis&sed=a,TRUE
+https://usatoday.com/luctus/et/ultrices.js?libero=dictumst&quis=morbi&orci=vestibulum&nullam=velit&molestie=id&nibh=pretium&in=iaculis&lectus=diam&pellentesque=erat&at=fermentum&nulla=justo&suspendisse=nec&potenti=condimentum&cras=neque&in=sapien&purus=placerat&eu=ante&magna=nulla&vulputate=justo&luctus=aliquam&cum=quis&sociis=turpis&natoque=eget,TRUE
+https://cnet.com/pellentesque/eget/nunc/donec/quis.js?arcu=nisl&sed=aenean&augue=lectus&aliquam=pellentesque&erat=eget&volutpat=nunc&in=donec&congue=quis&etiam=orci&justo=eget&etiam=orci&pretium=vehicula&iaculis=condimentum&justo=curabitur&in=in&hac=libero&habitasse=ut&platea=massa&dictumst=volutpat&etiam=convallis&faucibus=morbi&cursus=odio&urna=odio&ut=elementum&tellus=eu&nulla=interdum&ut=eu&erat=tincidunt&id=in&mauris=leo&vulputate=maecenas&elementum=pulvinar&nullam=lobortis&varius=est&nulla=phasellus&facilisi=sit&cras=amet&non=erat&velit=nulla&nec=tempus&nisi=vivamus&vulputate=in&nonummy=felis&maecenas=eu&tincidunt=sapien&lacus=cursus&at=vestibulum&velit=proin&vivamus=eu&vel=mi&nulla=nulla&eget=ac,TRUE
+https://yahoo.co.jp/mauris/viverra/diam/vitae/quam.html?consequat=justo,TRUE
+http://pinterest.com/massa/quis/augue/luctus/tincidunt/nulla/mollis.xml?amet=ac&justo=est&morbi=lacinia&ut=nisi&odio=venenatis&cras=tristique&mi=fusce&pede=congue&malesuada=diam&in=id&imperdiet=ornare&et=imperdiet&commodo=sapien&vulputate=urna&justo=pretium&in=nisl&blandit=ut&ultrices=volutpat&enim=sapien&lorem=arcu&ipsum=sed&dolor=augue&sit=aliquam&amet=erat&consectetuer=volutpat&adipiscing=in&elit=congue&proin=etiam&interdum=justo&mauris=etiam,TRUE
+https://arizona.edu/sapien/in/sapien/iaculis/congue/vivamus/metus.js?leo=nunc&pellentesque=viverra&ultrices=dapibus&mattis=nulla&odio=suscipit&donec=ligula,TRUE
+https://vinaora.com/a/libero/nam/dui/proin/leo/odio.xml?integer=potenti&aliquet=in&massa=eleifend&id=quam&lobortis=a&convallis=odio&tortor=in&risus=hac&dapibus=habitasse&augue=platea&vel=dictumst&accumsan=maecenas&tellus=ut&nisi=massa&eu=quis&orci=augue&mauris=luctus&lacinia=tincidunt&sapien=nulla&quis=mollis&libero=molestie&nullam=lorem&sit=quisque&amet=ut&turpis=erat&elementum=curabitur&ligula=gravida&vehicula=nisi&consequat=at&morbi=nibh&a=in&ipsum=hac&integer=habitasse&a=platea&nibh=dictumst&in=aliquam&quis=augue&justo=quam&maecenas=sollicitudin&rhoncus=vitae&aliquam=consectetuer&lacus=eget&morbi=rutrum&quis=at&tortor=lorem&id=integer&nulla=tincidunt&ultrices=ante&aliquet=vel&maecenas=ipsum&leo=praesent,TRUE
+http://army.mil/mauris/morbi/non/lectus.aspx?vestibulum=amet&quam=cursus&sapien=id&varius=turpis&ut=integer&blandit=aliquet&non=massa&interdum=id&in=lobortis&ante=convallis&vestibulum=tortor&ante=risus&ipsum=dapibus&primis=augue&in=vel&faucibus=accumsan&orci=tellus&luctus=nisi&et=eu&ultrices=orci&posuere=mauris&cubilia=lacinia&curae=sapien&duis=quis&faucibus=libero&accumsan=nullam&odio=sit&curabitur=amet&convallis=turpis&duis=elementum&consequat=ligula&dui=vehicula&nec=consequat&nisi=morbi&volutpat=a&eleifend=ipsum&donec=integer&ut=a&dolor=nibh&morbi=in&vel=quis&lectus=justo&in=maecenas&quam=rhoncus&fringilla=aliquam&rhoncus=lacus&mauris=morbi&enim=quis&leo=tortor&rhoncus=id&sed=nulla&vestibulum=ultrices&sit=aliquet&amet=maecenas&cursus=leo&id=odio&turpis=condimentum&integer=id&aliquet=luctus&massa=nec&id=molestie&lobortis=sed&convallis=justo&tortor=pellentesque&risus=viverra&dapibus=pede&augue=ac&vel=diam&accumsan=cras&tellus=pellentesque&nisi=volutpat&eu=dui&orci=maecenas&mauris=tristique&lacinia=est&sapien=et&quis=tempus&libero=semper&nullam=est&sit=quam&amet=pharetra&turpis=magna&elementum=ac&ligula=consequat&vehicula=metus&consequat=sapien&morbi=ut,TRUE
+https://tripadvisor.com/cras/pellentesque.js?ante=eu&ipsum=est&primis=congue&in=elementum&faucibus=in&orci=hac&luctus=habitasse&et=platea&ultrices=dictumst&posuere=morbi&cubilia=vestibulum&curae=velit&duis=id&faucibus=pretium&accumsan=iaculis&odio=diam&curabitur=erat&convallis=fermentum&duis=justo&consequat=nec&dui=condimentum&nec=neque&nisi=sapien&volutpat=placerat&eleifend=ante&donec=nulla&ut=justo,TRUE
+http://xrea.com/nibh/fusce/lacus.aspx?nam=ut&nulla=erat&integer=id&pede=mauris&justo=vulputate&lacinia=elementum&eget=nullam&tincidunt=varius,TRUE
+http://harvard.edu/nascetur/ridiculus/mus/etiam.aspx?amet=sit&erat=amet&nulla=consectetuer&tempus=adipiscing&vivamus=elit&in=proin&felis=risus&eu=praesent&sapien=lectus&cursus=vestibulum&vestibulum=quam&proin=sapien&eu=varius&mi=ut&nulla=blandit&ac=non&enim=interdum&in=in&tempor=ante&turpis=vestibulum&nec=ante&euismod=ipsum&scelerisque=primis&quam=in&turpis=faucibus&adipiscing=orci&lorem=luctus&vitae=et&mattis=ultrices&nibh=posuere&ligula=cubilia&nec=curae&sem=duis&duis=faucibus&aliquam=accumsan&convallis=odio&nunc=curabitur&proin=convallis&at=duis&turpis=consequat&a=dui&pede=nec&posuere=nisi&nonummy=volutpat&integer=eleifend&non=donec&velit=ut&donec=dolor&diam=morbi&neque=vel&vestibulum=lectus,TRUE
+https://google.pl/erat/fermentum/justo/nec/condimentum.jsp?vestibulum=ut&quam=odio&sapien=cras&varius=mi&ut=pede&blandit=malesuada&non=in&interdum=imperdiet&in=et&ante=commodo&vestibulum=vulputate&ante=justo&ipsum=in&primis=blandit&in=ultrices&faucibus=enim&orci=lorem&luctus=ipsum&et=dolor&ultrices=sit&posuere=amet,TRUE
+http://hexun.com/in/hac/habitasse/platea/dictumst/maecenas.html?curae=cras&mauris=mi&viverra=pede&diam=malesuada&vitae=in&quam=imperdiet&suspendisse=et&potenti=commodo&nullam=vulputate&porttitor=justo&lacus=in&at=blandit&turpis=ultrices&donec=enim&posuere=lorem&metus=ipsum&vitae=dolor&ipsum=sit&aliquam=amet&non=consectetuer&mauris=adipiscing&morbi=elit&non=proin&lectus=interdum&aliquam=mauris&sit=non&amet=ligula&diam=pellentesque&in=ultrices&magna=phasellus,TRUE
+https://wikimedia.org/placerat/ante/nulla/justo/aliquam/quis.xml?tortor=tristique&id=fusce&nulla=congue&ultrices=diam&aliquet=id&maecenas=ornare&leo=imperdiet&odio=sapien&condimentum=urna&id=pretium&luctus=nisl&nec=ut&molestie=volutpat&sed=sapien&justo=arcu&pellentesque=sed&viverra=augue&pede=aliquam&ac=erat&diam=volutpat&cras=in&pellentesque=congue&volutpat=etiam&dui=justo&maecenas=etiam,TRUE
+http://purevolume.com/nisl/duis/ac/nibh/fusce.js?tristique=penatibus&est=et&et=magnis&tempus=dis&semper=parturient&est=montes&quam=nascetur&pharetra=ridiculus&magna=mus&ac=etiam,TRUE
+http://baidu.com/augue/vestibulum.png?lorem=in&vitae=hac&mattis=habitasse&nibh=platea&ligula=dictumst&nec=morbi&sem=vestibulum&duis=velit&aliquam=id&convallis=pretium&nunc=iaculis&proin=diam&at=erat&turpis=fermentum&a=justo&pede=nec&posuere=condimentum&nonummy=neque&integer=sapien&non=placerat&velit=ante&donec=nulla&diam=justo&neque=aliquam&vestibulum=quis&eget=turpis&vulputate=eget&ut=elit&ultrices=sodales&vel=scelerisque&augue=mauris&vestibulum=sit&ante=amet&ipsum=eros&primis=suspendisse&in=accumsan&faucibus=tortor&orci=quis&luctus=turpis&et=sed&ultrices=ante&posuere=vivamus&cubilia=tortor&curae=duis&donec=mattis&pharetra=egestas&magna=metus&vestibulum=aenean&aliquet=fermentum&ultrices=donec&erat=ut&tortor=mauris&sollicitudin=eget&mi=massa&sit=tempor&amet=convallis&lobortis=nulla&sapien=neque,TRUE
+http://ucsd.edu/nunc/viverra/dapibus/nulla/suscipit/ligula.json?justo=arcu&lacinia=adipiscing&eget=molestie&tincidunt=hendrerit&eget=at&tempus=vulputate&vel=vitae&pede=nisl&morbi=aenean&porttitor=lectus&lorem=pellentesque&id=eget&ligula=nunc&suspendisse=donec&ornare=quis&consequat=orci&lectus=eget&in=orci&est=vehicula&risus=condimentum&auctor=curabitur&sed=in&tristique=libero&in=ut&tempus=massa&sit=volutpat&amet=convallis&sem=morbi&fusce=odio&consequat=odio&nulla=elementum&nisl=eu&nunc=interdum&nisl=eu&duis=tincidunt&bibendum=in&felis=leo&sed=maecenas&interdum=pulvinar&venenatis=lobortis&turpis=est&enim=phasellus&blandit=sit&mi=amet&in=erat&porttitor=nulla&pede=tempus&justo=vivamus&eu=in&massa=felis&donec=eu&dapibus=sapien&duis=cursus&at=vestibulum&velit=proin&eu=eu&est=mi&congue=nulla&elementum=ac&in=enim&hac=in&habitasse=tempor&platea=turpis&dictumst=nec&morbi=euismod&vestibulum=scelerisque&velit=quam&id=turpis&pretium=adipiscing&iaculis=lorem&diam=vitae&erat=mattis&fermentum=nibh&justo=ligula&nec=nec&condimentum=sem&neque=duis&sapien=aliquam&placerat=convallis&ante=nunc&nulla=proin&justo=at&aliquam=turpis&quis=a&turpis=pede&eget=posuere&elit=nonummy&sodales=integer&scelerisque=non&mauris=velit&sit=donec&amet=diam&eros=neque&suspendisse=vestibulum&accumsan=eget&tortor=vulputate&quis=ut&turpis=ultrices&sed=vel,TRUE
+http://virginia.edu/ultrices/posuere/cubilia/curae.js?felis=sapien&sed=non&lacus=mi&morbi=integer&sem=ac&mauris=neque&laoreet=duis&ut=bibendum&rhoncus=morbi&aliquet=non&pulvinar=quam&sed=nec&nisl=dui&nunc=luctus&rhoncus=rutrum&dui=nulla&vel=tellus&sem=in&sed=sagittis&sagittis=dui&nam=vel&congue=nisl&risus=duis&semper=ac&porta=nibh&volutpat=fusce&quam=lacus&pede=purus&lobortis=aliquet&ligula=at&sit=feugiat&amet=non&eleifend=pretium&pede=quis&libero=lectus&quis=suspendisse&orci=potenti&nullam=in&molestie=eleifend&nibh=quam&in=a&lectus=odio&pellentesque=in&at=hac&nulla=habitasse&suspendisse=platea&potenti=dictumst&cras=maecenas&in=ut&purus=massa&eu=quis&magna=augue&vulputate=luctus&luctus=tincidunt&cum=nulla&sociis=mollis&natoque=molestie&penatibus=lorem&et=quisque&magnis=ut&dis=erat&parturient=curabitur&montes=gravida&nascetur=nisi&ridiculus=at&mus=nibh&vivamus=in&vestibulum=hac&sagittis=habitasse&sapien=platea,TRUE
+https://vimeo.com/et/eros/vestibulum/ac.html?justo=luctus&pellentesque=et&viverra=ultrices&pede=posuere&ac=cubilia&diam=curae&cras=mauris&pellentesque=viverra&volutpat=diam&dui=vitae&maecenas=quam&tristique=suspendisse&est=potenti&et=nullam&tempus=porttitor&semper=lacus&est=at&quam=turpis&pharetra=donec&magna=posuere&ac=metus&consequat=vitae&metus=ipsum&sapien=aliquam&ut=non&nunc=mauris&vestibulum=morbi&ante=non&ipsum=lectus&primis=aliquam&in=sit&faucibus=amet&orci=diam&luctus=in&et=magna&ultrices=bibendum&posuere=imperdiet&cubilia=nullam&curae=orci&mauris=pede&viverra=venenatis&diam=non&vitae=sodales&quam=sed&suspendisse=tincidunt&potenti=eu&nullam=felis&porttitor=fusce&lacus=posuere&at=felis&turpis=sed&donec=lacus&posuere=morbi&metus=sem&vitae=mauris&ipsum=laoreet&aliquam=ut&non=rhoncus&mauris=aliquet&morbi=pulvinar&non=sed&lectus=nisl&aliquam=nunc&sit=rhoncus&amet=dui&diam=vel&in=sem&magna=sed&bibendum=sagittis&imperdiet=nam&nullam=congue&orci=risus&pede=semper&venenatis=porta&non=volutpat&sodales=quam&sed=pede&tincidunt=lobortis&eu=ligula&felis=sit&fusce=amet&posuere=eleifend&felis=pede&sed=libero&lacus=quis&morbi=orci&sem=nullam&mauris=molestie&laoreet=nibh&ut=in&rhoncus=lectus&aliquet=pellentesque&pulvinar=at&sed=nulla&nisl=suspendisse&nunc=potenti&rhoncus=cras,TRUE
+https://sohu.com/in/sagittis/dui/vel/nisl.jpg?mattis=eget&nibh=nunc&ligula=donec&nec=quis&sem=orci&duis=eget&aliquam=orci&convallis=vehicula&nunc=condimentum&proin=curabitur&at=in&turpis=libero&a=ut&pede=massa&posuere=volutpat&nonummy=convallis&integer=morbi&non=odio&velit=odio&donec=elementum&diam=eu&neque=interdum,TRUE
+https://yahoo.co.jp/amet/consectetuer.jpg?cras=pretium&pellentesque=nisl&volutpat=ut&dui=volutpat&maecenas=sapien&tristique=arcu&est=sed&et=augue&tempus=aliquam&semper=erat&est=volutpat&quam=in&pharetra=congue&magna=etiam&ac=justo&consequat=etiam&metus=pretium&sapien=iaculis&ut=justo&nunc=in&vestibulum=hac&ante=habitasse&ipsum=platea&primis=dictumst&in=etiam&faucibus=faucibus&orci=cursus&luctus=urna&et=ut&ultrices=tellus&posuere=nulla&cubilia=ut&curae=erat&mauris=id&viverra=mauris&diam=vulputate&vitae=elementum&quam=nullam&suspendisse=varius&potenti=nulla&nullam=facilisi&porttitor=cras&lacus=non&at=velit&turpis=nec&donec=nisi&posuere=vulputate&metus=nonummy&vitae=maecenas&ipsum=tincidunt&aliquam=lacus&non=at&mauris=velit,TRUE
+http://shinystat.com/etiam/faucibus.js?hac=mattis&habitasse=nibh&platea=ligula&dictumst=nec&morbi=sem&vestibulum=duis&velit=aliquam&id=convallis&pretium=nunc&iaculis=proin&diam=at&erat=turpis&fermentum=a&justo=pede&nec=posuere&condimentum=nonummy&neque=integer&sapien=non&placerat=velit&ante=donec&nulla=diam&justo=neque,TRUE
+https://last.fm/vestibulum/eget/vulputate/ut/ultrices.jsp?orci=pulvinar&luctus=lobortis&et=est&ultrices=phasellus&posuere=sit&cubilia=amet&curae=erat&duis=nulla&faucibus=tempus&accumsan=vivamus&odio=in&curabitur=felis&convallis=eu&duis=sapien&consequat=cursus&dui=vestibulum&nec=proin&nisi=eu&volutpat=mi&eleifend=nulla&donec=ac&ut=enim&dolor=in&morbi=tempor&vel=turpis&lectus=nec&in=euismod&quam=scelerisque&fringilla=quam&rhoncus=turpis&mauris=adipiscing&enim=lorem&leo=vitae&rhoncus=mattis&sed=nibh&vestibulum=ligula&sit=nec&amet=sem&cursus=duis&id=aliquam&turpis=convallis&integer=nunc&aliquet=proin&massa=at&id=turpis&lobortis=a&convallis=pede&tortor=posuere&risus=nonummy&dapibus=integer&augue=non&vel=velit&accumsan=donec&tellus=diam&nisi=neque&eu=vestibulum&orci=eget&mauris=vulputate&lacinia=ut&sapien=ultrices&quis=vel&libero=augue&nullam=vestibulum&sit=ante&amet=ipsum&turpis=primis&elementum=in&ligula=faucibus&vehicula=orci&consequat=luctus&morbi=et&a=ultrices&ipsum=posuere&integer=cubilia&a=curae&nibh=donec&in=pharetra&quis=magna&justo=vestibulum&maecenas=aliquet,TRUE
+https://eepurl.com/consequat/nulla.jsp?porttitor=aliquam&id=lacus&consequat=morbi&in=quis&consequat=tortor&ut=id&nulla=nulla&sed=ultrices&accumsan=aliquet&felis=maecenas&ut=leo&at=odio&dolor=condimentum,TRUE
+http://thetimes.co.uk/enim/in.xml?donec=et&ut=tempus&dolor=semper&morbi=est&vel=quam&lectus=pharetra&in=magna&quam=ac&fringilla=consequat&rhoncus=metus&mauris=sapien&enim=ut&leo=nunc&rhoncus=vestibulum&sed=ante&vestibulum=ipsum&sit=primis&amet=in&cursus=faucibus&id=orci&turpis=luctus&integer=et&aliquet=ultrices&massa=posuere&id=cubilia&lobortis=curae&convallis=mauris&tortor=viverra&risus=diam&dapibus=vitae&augue=quam&vel=suspendisse&accumsan=potenti&tellus=nullam,TRUE
+http://google.it/aliquam/non/mauris/morbi/non/lectus.json?sed=lacus&magna=at&at=velit&nunc=vivamus&commodo=vel&placerat=nulla&praesent=eget&blandit=eros&nam=elementum&nulla=pellentesque&integer=quisque&pede=porta&justo=volutpat&lacinia=erat&eget=quisque&tincidunt=erat&eget=eros&tempus=viverra&vel=eget&pede=congue&morbi=eget&porttitor=semper&lorem=rutrum&id=nulla&ligula=nunc&suspendisse=purus&ornare=phasellus&consequat=in&lectus=felis&in=donec&est=semper&risus=sapien&auctor=a&sed=libero&tristique=nam&in=dui&tempus=proin&sit=leo&amet=odio&sem=porttitor&fusce=id&consequat=consequat&nulla=in&nisl=consequat&nunc=ut&nisl=nulla&duis=sed&bibendum=accumsan&felis=felis&sed=ut&interdum=at&venenatis=dolor&turpis=quis&enim=odio&blandit=consequat&mi=varius&in=integer&porttitor=ac&pede=leo&justo=pellentesque&eu=ultrices&massa=mattis&donec=odio&dapibus=donec&duis=vitae&at=nisi&velit=nam&eu=ultrices&est=libero&congue=non&elementum=mattis&in=pulvinar&hac=nulla&habitasse=pede&platea=ullamcorper&dictumst=augue&morbi=a&vestibulum=suscipit,TRUE
+https://ed.gov/felis/ut.js?metus=nulla&sapien=neque&ut=libero&nunc=convallis&vestibulum=eget&ante=eleifend&ipsum=luctus&primis=ultricies&in=eu&faucibus=nibh&orci=quisque&luctus=id&et=justo&ultrices=sit&posuere=amet&cubilia=sapien&curae=dignissim&mauris=vestibulum&viverra=vestibulum&diam=ante&vitae=ipsum&quam=primis&suspendisse=in&potenti=faucibus&nullam=orci&porttitor=luctus&lacus=et&at=ultrices&turpis=posuere&donec=cubilia&posuere=curae&metus=nulla&vitae=dapibus&ipsum=dolor&aliquam=vel&non=est&mauris=donec&morbi=odio&non=justo&lectus=sollicitudin&aliquam=ut&sit=suscipit&amet=a&diam=feugiat&in=et&magna=eros&bibendum=vestibulum&imperdiet=ac&nullam=est&orci=lacinia&pede=nisi&venenatis=venenatis&non=tristique&sodales=fusce&sed=congue&tincidunt=diam&eu=id&felis=ornare&fusce=imperdiet&posuere=sapien&felis=urna&sed=pretium&lacus=nisl&morbi=ut&sem=volutpat&mauris=sapien&laoreet=arcu&ut=sed&rhoncus=augue&aliquet=aliquam&pulvinar=erat&sed=volutpat&nisl=in&nunc=congue&rhoncus=etiam&dui=justo&vel=etiam&sem=pretium&sed=iaculis&sagittis=justo&nam=in&congue=hac&risus=habitasse&semper=platea&porta=dictumst&volutpat=etiam,TRUE
+http://dyndns.org/luctus/cum.jpg?ultrices=elit&posuere=sodales&cubilia=scelerisque&curae=mauris&duis=sit&faucibus=amet&accumsan=eros&odio=suspendisse&curabitur=accumsan&convallis=tortor&duis=quis&consequat=turpis&dui=sed&nec=ante&nisi=vivamus&volutpat=tortor&eleifend=duis&donec=mattis&ut=egestas&dolor=metus&morbi=aenean&vel=fermentum&lectus=donec&in=ut&quam=mauris&fringilla=eget&rhoncus=massa&mauris=tempor&enim=convallis&leo=nulla&rhoncus=neque&sed=libero&vestibulum=convallis&sit=eget&amet=eleifend&cursus=luctus,TRUE
+https://narod.ru/diam/neque/vestibulum/eget/vulputate/ut/ultrices.html?quam=ultrices&nec=phasellus&dui=id&luctus=sapien&rutrum=in&nulla=sapien&tellus=iaculis&in=congue&sagittis=vivamus&dui=metus&vel=arcu&nisl=adipiscing&duis=molestie&ac=hendrerit&nibh=at&fusce=vulputate&lacus=vitae&purus=nisl&aliquet=aenean&at=lectus&feugiat=pellentesque&non=eget&pretium=nunc&quis=donec&lectus=quis&suspendisse=orci&potenti=eget&in=orci&eleifend=vehicula&quam=condimentum&a=curabitur&odio=in&in=libero&hac=ut&habitasse=massa&platea=volutpat&dictumst=convallis&maecenas=morbi&ut=odio&massa=odio&quis=elementum&augue=eu&luctus=interdum&tincidunt=eu&nulla=tincidunt&mollis=in&molestie=leo,TRUE
+http://deviantart.com/convallis/morbi/odio.xml?congue=interdum&diam=mauris&id=non&ornare=ligula&imperdiet=pellentesque&sapien=ultrices&urna=phasellus&pretium=id&nisl=sapien&ut=in&volutpat=sapien&sapien=iaculis&arcu=congue&sed=vivamus&augue=metus&aliquam=arcu&erat=adipiscing&volutpat=molestie&in=hendrerit&congue=at&etiam=vulputate&justo=vitae&etiam=nisl&pretium=aenean&iaculis=lectus&justo=pellentesque&in=eget&hac=nunc&habitasse=donec&platea=quis&dictumst=orci&etiam=eget&faucibus=orci&cursus=vehicula&urna=condimentum&ut=curabitur&tellus=in&nulla=libero&ut=ut&erat=massa,TRUE
+https://google.de/eget.json?justo=sed&pellentesque=ante&viverra=vivamus&pede=tortor&ac=duis&diam=mattis&cras=egestas&pellentesque=metus&volutpat=aenean&dui=fermentum&maecenas=donec&tristique=ut&est=mauris&et=eget&tempus=massa&semper=tempor&est=convallis&quam=nulla&pharetra=neque&magna=libero&ac=convallis&consequat=eget&metus=eleifend&sapien=luctus&ut=ultricies&nunc=eu&vestibulum=nibh&ante=quisque&ipsum=id&primis=justo&in=sit&faucibus=amet&orci=sapien&luctus=dignissim&et=vestibulum&ultrices=vestibulum&posuere=ante&cubilia=ipsum&curae=primis&mauris=in&viverra=faucibus&diam=orci&vitae=luctus&quam=et,TRUE
+http://feedburner.com/orci/vehicula.jpg?convallis=orci&duis=eget&consequat=orci&dui=vehicula&nec=condimentum&nisi=curabitur&volutpat=in&eleifend=libero,TRUE
+http://netvibes.com/lacus/morbi/sem/mauris/laoreet.json?ultrices=sapien&posuere=sapien&cubilia=non&curae=mi&donec=integer&pharetra=ac&magna=neque&vestibulum=duis&aliquet=bibendum&ultrices=morbi&erat=non&tortor=quam&sollicitudin=nec&mi=dui&sit=luctus&amet=rutrum&lobortis=nulla&sapien=tellus&sapien=in&non=sagittis&mi=dui&integer=vel&ac=nisl&neque=duis&duis=ac&bibendum=nibh&morbi=fusce&non=lacus&quam=purus&nec=aliquet&dui=at&luctus=feugiat&rutrum=non&nulla=pretium&tellus=quis&in=lectus&sagittis=suspendisse&dui=potenti&vel=in&nisl=eleifend&duis=quam&ac=a&nibh=odio&fusce=in&lacus=hac&purus=habitasse&aliquet=platea&at=dictumst&feugiat=maecenas&non=ut&pretium=massa&quis=quis&lectus=augue&suspendisse=luctus&potenti=tincidunt&in=nulla&eleifend=mollis&quam=molestie&a=lorem&odio=quisque&in=ut&hac=erat&habitasse=curabitur&platea=gravida&dictumst=nisi&maecenas=at&ut=nibh&massa=in&quis=hac&augue=habitasse&luctus=platea&tincidunt=dictumst&nulla=aliquam&mollis=augue&molestie=quam&lorem=sollicitudin&quisque=vitae&ut=consectetuer&erat=eget&curabitur=rutrum&gravida=at&nisi=lorem&at=integer&nibh=tincidunt,TRUE
+http://xinhuanet.com/quam/a/odio/in/hac.jsp?ante=in&vestibulum=blandit&ante=ultrices&ipsum=enim&primis=lorem&in=ipsum&faucibus=dolor&orci=sit&luctus=amet&et=consectetuer&ultrices=adipiscing&posuere=elit&cubilia=proin&curae=interdum&duis=mauris&faucibus=non&accumsan=ligula&odio=pellentesque&curabitur=ultrices&convallis=phasellus&duis=id&consequat=sapien&dui=in&nec=sapien&nisi=iaculis&volutpat=congue&eleifend=vivamus&donec=metus&ut=arcu,TRUE
+http://themeforest.net/nunc/vestibulum/ante/ipsum.png?ipsum=viverra&primis=diam&in=vitae&faucibus=quam&orci=suspendisse&luctus=potenti&et=nullam&ultrices=porttitor&posuere=lacus&cubilia=at&curae=turpis&duis=donec&faucibus=posuere&accumsan=metus&odio=vitae&curabitur=ipsum&convallis=aliquam&duis=non&consequat=mauris&dui=morbi&nec=non&nisi=lectus&volutpat=aliquam&eleifend=sit&donec=amet&ut=diam&dolor=in&morbi=magna&vel=bibendum&lectus=imperdiet&in=nullam&quam=orci&fringilla=pede&rhoncus=venenatis&mauris=non&enim=sodales&leo=sed&rhoncus=tincidunt&sed=eu&vestibulum=felis&sit=fusce&amet=posuere&cursus=felis&id=sed&turpis=lacus&integer=morbi&aliquet=sem&massa=mauris&id=laoreet&lobortis=ut&convallis=rhoncus&tortor=aliquet&risus=pulvinar&dapibus=sed&augue=nisl&vel=nunc&accumsan=rhoncus,TRUE
+https://studiopress.com/magnis/dis/parturient/montes/nascetur/ridiculus.jpg?et=nulla&ultrices=sed&posuere=vel&cubilia=enim&curae=sit&nulla=amet&dapibus=nunc&dolor=viverra&vel=dapibus&est=nulla&donec=suscipit&odio=ligula&justo=in&sollicitudin=lacus&ut=curabitur&suscipit=at&a=ipsum&feugiat=ac&et=tellus&eros=semper&vestibulum=interdum&ac=mauris&est=ullamcorper&lacinia=purus&nisi=sit&venenatis=amet&tristique=nulla&fusce=quisque&congue=arcu&diam=libero&id=rutrum&ornare=ac&imperdiet=lobortis&sapien=vel&urna=dapibus&pretium=at&nisl=diam,TRUE
+https://domainmarket.com/dictumst/aliquam/augue.png?rhoncus=pellentesque&aliquam=quisque&lacus=porta&morbi=volutpat&quis=erat&tortor=quisque&id=erat&nulla=eros&ultrices=viverra&aliquet=eget&maecenas=congue&leo=eget&odio=semper&condimentum=rutrum&id=nulla&luctus=nunc&nec=purus&molestie=phasellus&sed=in&justo=felis&pellentesque=donec&viverra=semper,TRUE
+http://devhub.com/nibh/fusce.aspx?quisque=eleifend&porta=pede&volutpat=libero&erat=quis&quisque=orci&erat=nullam&eros=molestie&viverra=nibh&eget=in&congue=lectus&eget=pellentesque&semper=at&rutrum=nulla,TRUE
+http://unc.edu/ligula/suspendisse/ornare/consequat/lectus.html?donec=pretium&ut=iaculis&dolor=diam&morbi=erat&vel=fermentum&lectus=justo&in=nec&quam=condimentum&fringilla=neque&rhoncus=sapien&mauris=placerat&enim=ante&leo=nulla&rhoncus=justo&sed=aliquam&vestibulum=quis&sit=turpis&amet=eget&cursus=elit&id=sodales&turpis=scelerisque&integer=mauris&aliquet=sit&massa=amet&id=eros&lobortis=suspendisse&convallis=accumsan,TRUE
+https://bloglines.com/justo/sollicitudin/ut/suscipit/a/feugiat/et.aspx?penatibus=auctor&et=gravida&magnis=sem&dis=praesent&parturient=id&montes=massa&nascetur=id&ridiculus=nisl&mus=venenatis&etiam=lacinia&vel=aenean&augue=sit&vestibulum=amet&rutrum=justo&rutrum=morbi&neque=ut&aenean=odio&auctor=cras&gravida=mi&sem=pede&praesent=malesuada&id=in&massa=imperdiet&id=et&nisl=commodo&venenatis=vulputate&lacinia=justo&aenean=in&sit=blandit&amet=ultrices&justo=enim&morbi=lorem&ut=ipsum&odio=dolor&cras=sit&mi=amet&pede=consectetuer&malesuada=adipiscing&in=elit&imperdiet=proin&et=interdum&commodo=mauris&vulputate=non,TRUE
+https://dagondesign.com/tincidunt/eget/tempus.jsp?elit=sollicitudin&proin=vitae&interdum=consectetuer&mauris=eget&non=rutrum&ligula=at&pellentesque=lorem&ultrices=integer&phasellus=tincidunt&id=ante&sapien=vel&in=ipsum&sapien=praesent&iaculis=blandit&congue=lacinia&vivamus=erat&metus=vestibulum&arcu=sed&adipiscing=magna&molestie=at&hendrerit=nunc&at=commodo&vulputate=placerat&vitae=praesent&nisl=blandit&aenean=nam,TRUE
+https://about.me/a/feugiat/et/eros/vestibulum/ac.jsp?in=duis&congue=bibendum&etiam=felis&justo=sed&etiam=interdum&pretium=venenatis&iaculis=turpis&justo=enim&in=blandit&hac=mi&habitasse=in&platea=porttitor&dictumst=pede&etiam=justo&faucibus=eu&cursus=massa&urna=donec&ut=dapibus&tellus=duis&nulla=at&ut=velit&erat=eu&id=est&mauris=congue&vulputate=elementum&elementum=in&nullam=hac&varius=habitasse&nulla=platea&facilisi=dictumst&cras=morbi&non=vestibulum&velit=velit&nec=id&nisi=pretium&vulputate=iaculis&nonummy=diam&maecenas=erat&tincidunt=fermentum&lacus=justo&at=nec&velit=condimentum&vivamus=neque&vel=sapien&nulla=placerat&eget=ante&eros=nulla&elementum=justo&pellentesque=aliquam&quisque=quis,TRUE
+https://zdnet.com/erat/nulla/tempus/vivamus.jsp?etiam=etiam&vel=vel&augue=augue&vestibulum=vestibulum&rutrum=rutrum&rutrum=rutrum&neque=neque&aenean=aenean&auctor=auctor&gravida=gravida&sem=sem&praesent=praesent&id=id&massa=massa&id=id&nisl=nisl&venenatis=venenatis&lacinia=lacinia&aenean=aenean&sit=sit&amet=amet&justo=justo&morbi=morbi&ut=ut&odio=odio&cras=cras&mi=mi&pede=pede&malesuada=malesuada&in=in&imperdiet=imperdiet&et=et&commodo=commodo&vulputate=vulputate&justo=justo&in=in&blandit=blandit&ultrices=ultrices&enim=enim&lorem=lorem&ipsum=ipsum&dolor=dolor&sit=sit&amet=amet&consectetuer=consectetuer&adipiscing=adipiscing&elit=elit&proin=proin&interdum=interdum&mauris=mauris&non=non&ligula=ligula&pellentesque=pellentesque&ultrices=ultrices&phasellus=phasellus&id=id&sapien=sapien&in=in&sapien=sapien&iaculis=iaculis&congue=congue&vivamus=vivamus&metus=metus&arcu=arcu&adipiscing=adipiscing&molestie=molestie&hendrerit=hendrerit&at=at&vulputate=vulputate&vitae=vitae&nisl=nisl&aenean=aenean&lectus=lectus&pellentesque=pellentesque&eget=eget,TRUE
+http://spiegel.de/pretium/nisl/ut/volutpat/sapien/arcu.js?volutpat=tellus&in=in&congue=sagittis&etiam=dui&justo=vel&etiam=nisl&pretium=duis&iaculis=ac&justo=nibh&in=fusce&hac=lacus&habitasse=purus&platea=aliquet&dictumst=at&etiam=feugiat&faucibus=non&cursus=pretium&urna=quis&ut=lectus&tellus=suspendisse&nulla=potenti&ut=in&erat=eleifend&id=quam&mauris=a&vulputate=odio&elementum=in&nullam=hac&varius=habitasse&nulla=platea&facilisi=dictumst&cras=maecenas&non=ut&velit=massa&nec=quis&nisi=augue&vulputate=luctus&nonummy=tincidunt&maecenas=nulla&tincidunt=mollis&lacus=molestie&at=lorem&velit=quisque&vivamus=ut&vel=erat&nulla=curabitur&eget=gravida&eros=nisi&elementum=at&pellentesque=nibh&quisque=in&porta=hac&volutpat=habitasse&erat=platea&quisque=dictumst&erat=aliquam&eros=augue&viverra=quam&eget=sollicitudin&congue=vitae&eget=consectetuer&semper=eget&rutrum=rutrum,TRUE
+http://blogtalkradio.com/nisi/eu/orci/mauris/lacinia.jpg?tristique=eleifend&tortor=luctus&eu=ultricies&pede=eu,TRUE
+https://cnn.com/nulla.xml?nec=turpis&condimentum=donec&neque=posuere&sapien=metus&placerat=vitae&ante=ipsum&nulla=aliquam&justo=non&aliquam=mauris&quis=morbi&turpis=non&eget=lectus&elit=aliquam&sodales=sit&scelerisque=amet&mauris=diam&sit=in&amet=magna&eros=bibendum&suspendisse=imperdiet&accumsan=nullam&tortor=orci&quis=pede&turpis=venenatis&sed=non&ante=sodales,TRUE
+http://rakuten.co.jp/fermentum/justo/nec/condimentum/neque.xml?feugiat=maecenas&et=tristique&eros=est&vestibulum=et&ac=tempus&est=semper&lacinia=est&nisi=quam&venenatis=pharetra&tristique=magna&fusce=ac&congue=consequat&diam=metus&id=sapien&ornare=ut&imperdiet=nunc&sapien=vestibulum&urna=ante&pretium=ipsum&nisl=primis&ut=in&volutpat=faucibus&sapien=orci&arcu=luctus,TRUE
+https://soundcloud.com/ultrices/posuere/cubilia/curae/mauris.xml?quam=velit&sollicitudin=nec&vitae=nisi&consectetuer=vulputate&eget=nonummy&rutrum=maecenas&at=tincidunt&lorem=lacus&integer=at&tincidunt=velit&ante=vivamus&vel=vel&ipsum=nulla&praesent=eget&blandit=eros&lacinia=elementum&erat=pellentesque&vestibulum=quisque&sed=porta&magna=volutpat&at=erat&nunc=quisque&commodo=erat&placerat=eros&praesent=viverra&blandit=eget&nam=congue&nulla=eget&integer=semper&pede=rutrum&justo=nulla&lacinia=nunc&eget=purus&tincidunt=phasellus&eget=in&tempus=felis&vel=donec,TRUE
+http://example.com/habitasse/platea/dictumst.html?accumsan=amet&tellus=cursus&nisi=id&eu=turpis&orci=integer&mauris=aliquet&lacinia=massa&sapien=id&quis=lobortis&libero=convallis&nullam=tortor&sit=risus&amet=dapibus&turpis=augue&elementum=vel,TRUE
+https://businessinsider.com/ante/ipsum/primis.png?sed=etiam&ante=justo&vivamus=etiam&tortor=pretium&duis=iaculis&mattis=justo&egestas=in&metus=hac&aenean=habitasse&fermentum=platea&donec=dictumst&ut=etiam&mauris=faucibus&eget=cursus&massa=urna&tempor=ut&convallis=tellus&nulla=nulla&neque=ut&libero=erat&convallis=id&eget=mauris&eleifend=vulputate&luctus=elementum&ultricies=nullam&eu=varius&nibh=nulla&quisque=facilisi&id=cras&justo=non&sit=velit&amet=nec&sapien=nisi&dignissim=vulputate&vestibulum=nonummy&vestibulum=maecenas&ante=tincidunt&ipsum=lacus&primis=at&in=velit&faucibus=vivamus&orci=vel&luctus=nulla&et=eget&ultrices=eros&posuere=elementum&cubilia=pellentesque&curae=quisque&nulla=porta&dapibus=volutpat&dolor=erat&vel=quisque&est=erat&donec=eros&odio=viverra&justo=eget&sollicitudin=congue&ut=eget&suscipit=semper&a=rutrum&feugiat=nulla&et=nunc&eros=purus&vestibulum=phasellus&ac=in&est=felis&lacinia=donec&nisi=semper&venenatis=sapien&tristique=a&fusce=libero&congue=nam&diam=dui&id=proin&ornare=leo&imperdiet=odio&sapien=porttitor&urna=id&pretium=consequat&nisl=in&ut=consequat&volutpat=ut&sapien=nulla&arcu=sed&sed=accumsan&augue=felis&aliquam=ut,TRUE
+http://mac.com/in/faucibus/orci/luctus.jsp?tempor=ante&convallis=vivamus&nulla=tortor&neque=duis&libero=mattis&convallis=egestas&eget=metus&eleifend=aenean&luctus=fermentum&ultricies=donec&eu=ut&nibh=mauris&quisque=eget&id=massa&justo=tempor&sit=convallis&amet=nulla&sapien=neque&dignissim=libero&vestibulum=convallis&vestibulum=eget&ante=eleifend&ipsum=luctus&primis=ultricies&in=eu&faucibus=nibh&orci=quisque&luctus=id&et=justo&ultrices=sit&posuere=amet&cubilia=sapien&curae=dignissim&nulla=vestibulum,TRUE
+http://illinois.edu/luctus/nec/molestie/sed/justo/pellentesque/viverra.aspx?consequat=a&nulla=libero&nisl=nam&nunc=dui&nisl=proin&duis=leo&bibendum=odio&felis=porttitor&sed=id&interdum=consequat&venenatis=in&turpis=consequat&enim=ut&blandit=nulla&mi=sed&in=accumsan&porttitor=felis&pede=ut&justo=at&eu=dolor&massa=quis&donec=odio&dapibus=consequat&duis=varius&at=integer&velit=ac&eu=leo&est=pellentesque&congue=ultrices&elementum=mattis&in=odio&hac=donec&habitasse=vitae&platea=nisi&dictumst=nam&morbi=ultrices&vestibulum=libero&velit=non&id=mattis&pretium=pulvinar&iaculis=nulla&diam=pede&erat=ullamcorper&fermentum=augue&justo=a&nec=suscipit&condimentum=nulla&neque=elit&sapien=ac&placerat=nulla&ante=sed&nulla=vel&justo=enim&aliquam=sit&quis=amet&turpis=nunc&eget=viverra&elit=dapibus&sodales=nulla&scelerisque=suscipit&mauris=ligula&sit=in&amet=lacus&eros=curabitur&suspendisse=at&accumsan=ipsum&tortor=ac&quis=tellus&turpis=semper&sed=interdum&ante=mauris&vivamus=ullamcorper&tortor=purus&duis=sit&mattis=amet&egestas=nulla&metus=quisque,TRUE
+http://lulu.com/congue/diam.png?luctus=ac&et=consequat&ultrices=metus&posuere=sapien&cubilia=ut&curae=nunc&donec=vestibulum&pharetra=ante&magna=ipsum&vestibulum=primis&aliquet=in&ultrices=faucibus&erat=orci&tortor=luctus&sollicitudin=et&mi=ultrices&sit=posuere&amet=cubilia&lobortis=curae&sapien=mauris&sapien=viverra&non=diam&mi=vitae&integer=quam&ac=suspendisse&neque=potenti&duis=nullam&bibendum=porttitor&morbi=lacus&non=at&quam=turpis&nec=donec&dui=posuere&luctus=metus&rutrum=vitae&nulla=ipsum&tellus=aliquam&in=non&sagittis=mauris&dui=morbi&vel=non&nisl=lectus&duis=aliquam&ac=sit&nibh=amet&fusce=diam&lacus=in&purus=magna&aliquet=bibendum&at=imperdiet&feugiat=nullam&non=orci&pretium=pede&quis=venenatis&lectus=non&suspendisse=sodales&potenti=sed&in=tincidunt&eleifend=eu&quam=felis,TRUE
+http://europa.eu/auctor.aspx?morbi=habitasse&porttitor=platea&lorem=dictumst&id=aliquam&ligula=augue&suspendisse=quam&ornare=sollicitudin&consequat=vitae&lectus=consectetuer&in=eget&est=rutrum&risus=at&auctor=lorem&sed=integer&tristique=tincidunt&in=ante&tempus=vel&sit=ipsum&amet=praesent&sem=blandit&fusce=lacinia&consequat=erat&nulla=vestibulum&nisl=sed&nunc=magna&nisl=at&duis=nunc&bibendum=commodo&felis=placerat&sed=praesent&interdum=blandit&venenatis=nam&turpis=nulla&enim=integer&blandit=pede&mi=justo&in=lacinia&porttitor=eget&pede=tincidunt&justo=eget&eu=tempus&massa=vel&donec=pede&dapibus=morbi&duis=porttitor&at=lorem&velit=id&eu=ligula&est=suspendisse&congue=ornare&elementum=consequat&in=lectus&hac=in&habitasse=est&platea=risus&dictumst=auctor&morbi=sed&vestibulum=tristique&velit=in&id=tempus&pretium=sit&iaculis=amet&diam=sem&erat=fusce&fermentum=consequat&justo=nulla&nec=nisl&condimentum=nunc&neque=nisl&sapien=duis&placerat=bibendum&ante=felis&nulla=sed&justo=interdum&aliquam=venenatis&quis=turpis&turpis=enim&eget=blandit&elit=mi&sodales=in&scelerisque=porttitor&mauris=pede&sit=justo&amet=eu&eros=massa&suspendisse=donec&accumsan=dapibus&tortor=duis&quis=at,TRUE
+https://china.com.cn/vel/nulla/eget/eros/elementum/pellentesque.jpg?hendrerit=ac&at=diam&vulputate=cras&vitae=pellentesque&nisl=volutpat&aenean=dui&lectus=maecenas&pellentesque=tristique&eget=est&nunc=et&donec=tempus&quis=semper&orci=est&eget=quam&orci=pharetra&vehicula=magna&condimentum=ac&curabitur=consequat&in=metus&libero=sapien&ut=ut&massa=nunc,TRUE
+http://alibaba.com/vulputate/nonummy/maecenas/tincidunt/lacus.json?eros=fusce&suspendisse=consequat&accumsan=nulla&tortor=nisl&quis=nunc&turpis=nisl&sed=duis&ante=bibendum&vivamus=felis&tortor=sed&duis=interdum&mattis=venenatis&egestas=turpis&metus=enim&aenean=blandit&fermentum=mi&donec=in&ut=porttitor&mauris=pede&eget=justo&massa=eu&tempor=massa&convallis=donec&nulla=dapibus&neque=duis&libero=at&convallis=velit&eget=eu&eleifend=est&luctus=congue&ultricies=elementum&eu=in&nibh=hac,TRUE
+http://sun.com/sem/fusce/consequat/nulla/nisl.png?turpis=tristique&donec=fusce&posuere=congue&metus=diam&vitae=id&ipsum=ornare&aliquam=imperdiet&non=sapien&mauris=urna&morbi=pretium&non=nisl&lectus=ut&aliquam=volutpat&sit=sapien&amet=arcu&diam=sed&in=augue&magna=aliquam&bibendum=erat&imperdiet=volutpat&nullam=in&orci=congue&pede=etiam&venenatis=justo&non=etiam&sodales=pretium&sed=iaculis&tincidunt=justo&eu=in&felis=hac&fusce=habitasse&posuere=platea&felis=dictumst&sed=etiam&lacus=faucibus&morbi=cursus&sem=urna&mauris=ut&laoreet=tellus&ut=nulla&rhoncus=ut&aliquet=erat&pulvinar=id&sed=mauris&nisl=vulputate&nunc=elementum&rhoncus=nullam&dui=varius&vel=nulla&sem=facilisi&sed=cras&sagittis=non&nam=velit&congue=nec&risus=nisi&semper=vulputate&porta=nonummy&volutpat=maecenas&quam=tincidunt&pede=lacus&lobortis=at&ligula=velit&sit=vivamus&amet=vel&eleifend=nulla&pede=eget&libero=eros&quis=elementum&orci=pellentesque&nullam=quisque&molestie=porta&nibh=volutpat&in=erat&lectus=quisque&pellentesque=erat&at=eros&nulla=viverra&suspendisse=eget&potenti=congue&cras=eget&in=semper&purus=rutrum&eu=nulla&magna=nunc&vulputate=purus&luctus=phasellus&cum=in&sociis=felis&natoque=donec&penatibus=semper&et=sapien&magnis=a&dis=libero&parturient=nam&montes=dui&nascetur=proin,TRUE
+http://webs.com/quam/nec/dui/luctus/rutrum/nulla/tellus.js?curabitur=nunc&in=vestibulum&libero=ante&ut=ipsum&massa=primis&volutpat=in&convallis=faucibus&morbi=orci&odio=luctus&odio=et&elementum=ultrices&eu=posuere&interdum=cubilia&eu=curae&tincidunt=mauris&in=viverra&leo=diam&maecenas=vitae&pulvinar=quam&lobortis=suspendisse&est=potenti&phasellus=nullam&sit=porttitor&amet=lacus&erat=at&nulla=turpis&tempus=donec&vivamus=posuere&in=metus,TRUE
+http://diigo.com/aliquet/maecenas.jpg?felis=imperdiet&eu=nullam&sapien=orci&cursus=pede&vestibulum=venenatis&proin=non&eu=sodales&mi=sed&nulla=tincidunt&ac=eu&enim=felis&in=fusce&tempor=posuere&turpis=felis&nec=sed&euismod=lacus&scelerisque=morbi&quam=sem&turpis=mauris&adipiscing=laoreet&lorem=ut&vitae=rhoncus&mattis=aliquet&nibh=pulvinar&ligula=sed&nec=nisl&sem=nunc&duis=rhoncus&aliquam=dui&convallis=vel&nunc=sem&proin=sed&at=sagittis,TRUE
+https://nature.com/est.json?faucibus=velit&cursus=vivamus&urna=vel&ut=nulla&tellus=eget&nulla=eros&ut=elementum&erat=pellentesque&id=quisque&mauris=porta&vulputate=volutpat&elementum=erat&nullam=quisque&varius=erat&nulla=eros&facilisi=viverra&cras=eget&non=congue&velit=eget&nec=semper&nisi=rutrum&vulputate=nulla&nonummy=nunc,TRUE
+http://blogger.com/ultrices/erat/tortor/sollicitudin.js?nulla=sapien&nunc=non&purus=mi&phasellus=integer&in=ac&felis=neque&donec=duis&semper=bibendum&sapien=morbi&a=non&libero=quam&nam=nec&dui=dui&proin=luctus&leo=rutrum&odio=nulla&porttitor=tellus&id=in&consequat=sagittis&in=dui&consequat=vel&ut=nisl&nulla=duis&sed=ac&accumsan=nibh&felis=fusce&ut=lacus&at=purus&dolor=aliquet&quis=at&odio=feugiat&consequat=non&varius=pretium&integer=quis&ac=lectus&leo=suspendisse&pellentesque=potenti&ultrices=in&mattis=eleifend&odio=quam&donec=a&vitae=odio&nisi=in&nam=hac&ultrices=habitasse&libero=platea&non=dictumst&mattis=maecenas&pulvinar=ut&nulla=massa&pede=quis&ullamcorper=augue&augue=luctus&a=tincidunt&suscipit=nulla&nulla=mollis&elit=molestie&ac=lorem&nulla=quisque&sed=ut&vel=erat&enim=curabitur&sit=gravida&amet=nisi&nunc=at&viverra=nibh&dapibus=in&nulla=hac&suscipit=habitasse&ligula=platea&in=dictumst&lacus=aliquam&curabitur=augue&at=quam&ipsum=sollicitudin&ac=vitae&tellus=consectetuer&semper=eget&interdum=rutrum,TRUE
+https://blogs.com/dui/proin/leo/odio/porttitor/id/consequat.aspx?posuere=sapien&metus=iaculis&vitae=congue&ipsum=vivamus&aliquam=metus&non=arcu&mauris=adipiscing&morbi=molestie&non=hendrerit&lectus=at&aliquam=vulputate&sit=vitae&amet=nisl&diam=aenean&in=lectus&magna=pellentesque&bibendum=eget&imperdiet=nunc&nullam=donec&orci=quis&pede=orci&venenatis=eget&non=orci&sodales=vehicula&sed=condimentum&tincidunt=curabitur&eu=in&felis=libero&fusce=ut&posuere=massa&felis=volutpat&sed=convallis&lacus=morbi&morbi=odio&sem=odio&mauris=elementum&laoreet=eu&ut=interdum&rhoncus=eu&aliquet=tincidunt&pulvinar=in&sed=leo&nisl=maecenas&nunc=pulvinar&rhoncus=lobortis&dui=est&vel=phasellus&sem=sit&sed=amet&sagittis=erat&nam=nulla&congue=tempus&risus=vivamus&semper=in&porta=felis&volutpat=eu&quam=sapien&pede=cursus&lobortis=vestibulum&ligula=proin&sit=eu&amet=mi&eleifend=nulla&pede=ac&libero=enim&quis=in&orci=tempor&nullam=turpis&molestie=nec&nibh=euismod&in=scelerisque&lectus=quam&pellentesque=turpis&at=adipiscing&nulla=lorem&suspendisse=vitae&potenti=mattis&cras=nibh&in=ligula&purus=nec&eu=sem&magna=duis&vulputate=aliquam&luctus=convallis&cum=nunc&sociis=proin&natoque=at&penatibus=turpis&et=a&magnis=pede&dis=posuere&parturient=nonummy&montes=integer&nascetur=non&ridiculus=velit&mus=donec,TRUE
+https://npr.org/scelerisque.json?vitae=iaculis&ipsum=congue&aliquam=vivamus&non=metus&mauris=arcu&morbi=adipiscing&non=molestie&lectus=hendrerit&aliquam=at&sit=vulputate&amet=vitae&diam=nisl&in=aenean&magna=lectus&bibendum=pellentesque&imperdiet=eget&nullam=nunc&orci=donec&pede=quis&venenatis=orci&non=eget&sodales=orci&sed=vehicula&tincidunt=condimentum&eu=curabitur&felis=in&fusce=libero&posuere=ut&felis=massa&sed=volutpat&lacus=convallis&morbi=morbi&sem=odio&mauris=odio&laoreet=elementum&ut=eu&rhoncus=interdum&aliquet=eu&pulvinar=tincidunt&sed=in&nisl=leo&nunc=maecenas&rhoncus=pulvinar&dui=lobortis&vel=est&sem=phasellus&sed=sit&sagittis=amet&nam=erat&congue=nulla&risus=tempus&semper=vivamus&porta=in&volutpat=felis&quam=eu&pede=sapien&lobortis=cursus&ligula=vestibulum&sit=proin&amet=eu&eleifend=mi&pede=nulla&libero=ac&quis=enim&orci=in&nullam=tempor&molestie=turpis&nibh=nec&in=euismod&lectus=scelerisque&pellentesque=quam&at=turpis&nulla=adipiscing&suspendisse=lorem&potenti=vitae&cras=mattis&in=nibh&purus=ligula&eu=nec&magna=sem&vulputate=duis&luctus=aliquam,TRUE
+https://adobe.com/dictumst/maecenas/ut.json?dapibus=quam&duis=turpis&at=adipiscing&velit=lorem&eu=vitae&est=mattis&congue=nibh&elementum=ligula&in=nec&hac=sem&habitasse=duis&platea=aliquam&dictumst=convallis&morbi=nunc&vestibulum=proin&velit=at&id=turpis&pretium=a&iaculis=pede&diam=posuere&erat=nonummy&fermentum=integer&justo=non&nec=velit&condimentum=donec&neque=diam&sapien=neque&placerat=vestibulum&ante=eget&nulla=vulputate&justo=ut&aliquam=ultrices&quis=vel&turpis=augue&eget=vestibulum&elit=ante&sodales=ipsum&scelerisque=primis&mauris=in&sit=faucibus&amet=orci&eros=luctus&suspendisse=et&accumsan=ultrices&tortor=posuere&quis=cubilia&turpis=curae&sed=donec&ante=pharetra&vivamus=magna&tortor=vestibulum&duis=aliquet&mattis=ultrices&egestas=erat&metus=tortor&aenean=sollicitudin&fermentum=mi&donec=sit&ut=amet&mauris=lobortis&eget=sapien&massa=sapien&tempor=non&convallis=mi&nulla=integer&neque=ac&libero=neque&convallis=duis&eget=bibendum&eleifend=morbi&luctus=non&ultricies=quam&eu=nec&nibh=dui,TRUE
+http://salon.com/tellus.jpg?arcu=venenatis&sed=tristique&augue=fusce&aliquam=congue&erat=diam&volutpat=id&in=ornare&congue=imperdiet&etiam=sapien&justo=urna&etiam=pretium&pretium=nisl&iaculis=ut&justo=volutpat&in=sapien&hac=arcu&habitasse=sed&platea=augue&dictumst=aliquam&etiam=erat&faucibus=volutpat&cursus=in&urna=congue&ut=etiam&tellus=justo&nulla=etiam&ut=pretium&erat=iaculis&id=justo&mauris=in&vulputate=hac&elementum=habitasse&nullam=platea&varius=dictumst&nulla=etiam&facilisi=faucibus&cras=cursus&non=urna&velit=ut&nec=tellus&nisi=nulla&vulputate=ut&nonummy=erat&maecenas=id&tincidunt=mauris&lacus=vulputate&at=elementum&velit=nullam&vivamus=varius&vel=nulla&nulla=facilisi&eget=cras&eros=non&elementum=velit&pellentesque=nec&quisque=nisi&porta=vulputate&volutpat=nonummy&erat=maecenas&quisque=tincidunt&erat=lacus&eros=at&viverra=velit,TRUE
+http://icio.us/vestibulum/velit/id/pretium/iaculis/diam.js?faucibus=justo&cursus=etiam&urna=pretium&ut=iaculis&tellus=justo&nulla=in&ut=hac&erat=habitasse&id=platea&mauris=dictumst&vulputate=etiam&elementum=faucibus&nullam=cursus&varius=urna&nulla=ut&facilisi=tellus&cras=nulla&non=ut&velit=erat&nec=id&nisi=mauris&vulputate=vulputate&nonummy=elementum&maecenas=nullam&tincidunt=varius&lacus=nulla&at=facilisi&velit=cras&vivamus=non&vel=velit&nulla=nec&eget=nisi&eros=vulputate&elementum=nonummy&pellentesque=maecenas&quisque=tincidunt&porta=lacus&volutpat=at&erat=velit,TRUE
+http://craigslist.org/iaculis/diam/erat/fermentum.jsp?nisl=nec&nunc=condimentum&nisl=neque&duis=sapien&bibendum=placerat&felis=ante&sed=nulla&interdum=justo&venenatis=aliquam&turpis=quis&enim=turpis&blandit=eget&mi=elit&in=sodales&porttitor=scelerisque&pede=mauris&justo=sit&eu=amet&massa=eros,TRUE
+https://ebay.co.uk/leo/pellentesque/ultrices.jpg?sociis=id&natoque=massa&penatibus=id&et=nisl&magnis=venenatis&dis=lacinia&parturient=aenean&montes=sit&nascetur=amet&ridiculus=justo&mus=morbi&vivamus=ut&vestibulum=odio&sagittis=cras&sapien=mi&cum=pede&sociis=malesuada&natoque=in&penatibus=imperdiet&et=et&magnis=commodo&dis=vulputate&parturient=justo&montes=in&nascetur=blandit&ridiculus=ultrices&mus=enim&etiam=lorem&vel=ipsum&augue=dolor&vestibulum=sit&rutrum=amet&rutrum=consectetuer&neque=adipiscing&aenean=elit&auctor=proin&gravida=interdum&sem=mauris&praesent=non&id=ligula&massa=pellentesque&id=ultrices&nisl=phasellus&venenatis=id&lacinia=sapien&aenean=in&sit=sapien&amet=iaculis&justo=congue&morbi=vivamus&ut=metus&odio=arcu&cras=adipiscing&mi=molestie&pede=hendrerit&malesuada=at&in=vulputate&imperdiet=vitae&et=nisl&commodo=aenean&vulputate=lectus&justo=pellentesque&in=eget&blandit=nunc&ultrices=donec&enim=quis&lorem=orci&ipsum=eget&dolor=orci&sit=vehicula&amet=condimentum&consectetuer=curabitur&adipiscing=in&elit=libero&proin=ut&interdum=massa&mauris=volutpat&non=convallis&ligula=morbi&pellentesque=odio&ultrices=odio&phasellus=elementum&id=eu&sapien=interdum&in=eu&sapien=tincidunt&iaculis=in&congue=leo&vivamus=maecenas&metus=pulvinar&arcu=lobortis&adipiscing=est&molestie=phasellus&hendrerit=sit&at=amet&vulputate=erat&vitae=nulla&nisl=tempus&aenean=vivamus,TRUE
+https://va.gov/etiam/faucibus/cursus/urna.png?id=tincidunt&luctus=nulla&nec=mollis&molestie=molestie&sed=lorem&justo=quisque&pellentesque=ut&viverra=erat&pede=curabitur&ac=gravida&diam=nisi&cras=at&pellentesque=nibh&volutpat=in&dui=hac&maecenas=habitasse&tristique=platea&est=dictumst&et=aliquam&tempus=augue&semper=quam&est=sollicitudin&quam=vitae&pharetra=consectetuer&magna=eget&ac=rutrum&consequat=at&metus=lorem&sapien=integer&ut=tincidunt&nunc=ante&vestibulum=vel&ante=ipsum&ipsum=praesent&primis=blandit&in=lacinia&faucibus=erat&orci=vestibulum&luctus=sed&et=magna&ultrices=at&posuere=nunc&cubilia=commodo&curae=placerat&mauris=praesent&viverra=blandit&diam=nam&vitae=nulla&quam=integer&suspendisse=pede&potenti=justo&nullam=lacinia&porttitor=eget&lacus=tincidunt&at=eget&turpis=tempus&donec=vel&posuere=pede&metus=morbi&vitae=porttitor&ipsum=lorem&aliquam=id&non=ligula&mauris=suspendisse&morbi=ornare&non=consequat&lectus=lectus&aliquam=in&sit=est&amet=risus&diam=auctor&in=sed&magna=tristique&bibendum=in&imperdiet=tempus&nullam=sit&orci=amet&pede=sem&venenatis=fusce&non=consequat&sodales=nulla&sed=nisl&tincidunt=nunc&eu=nisl&felis=duis&fusce=bibendum&posuere=felis&felis=sed&sed=interdum&lacus=venenatis&morbi=turpis&sem=enim&mauris=blandit&laoreet=mi&ut=in,TRUE
+http://edublogs.org/nec/sem/duis/aliquam.json?potenti=orci&cras=luctus&in=et&purus=ultrices&eu=posuere&magna=cubilia&vulputate=curae&luctus=nulla,TRUE
+https://spiegel.de/velit/vivamus/vel/nulla/eget/eros/elementum.html?euismod=aliquet&scelerisque=maecenas&quam=leo&turpis=odio&adipiscing=condimentum&lorem=id&vitae=luctus&mattis=nec&nibh=molestie&ligula=sed&nec=justo&sem=pellentesque&duis=viverra&aliquam=pede&convallis=ac&nunc=diam&proin=cras&at=pellentesque&turpis=volutpat&a=dui&pede=maecenas&posuere=tristique&nonummy=est&integer=et&non=tempus&velit=semper&donec=est&diam=quam&neque=pharetra&vestibulum=magna&eget=ac&vulputate=consequat&ut=metus&ultrices=sapien&vel=ut&augue=nunc&vestibulum=vestibulum&ante=ante,TRUE
+http://army.mil/diam/vitae/quam/suspendisse.jpg?platea=quam&dictumst=nec&morbi=dui&vestibulum=luctus&velit=rutrum&id=nulla&pretium=tellus&iaculis=in&diam=sagittis&erat=dui&fermentum=vel&justo=nisl&nec=duis&condimentum=ac&neque=nibh&sapien=fusce&placerat=lacus&ante=purus&nulla=aliquet&justo=at&aliquam=feugiat&quis=non&turpis=pretium&eget=quis&elit=lectus&sodales=suspendisse&scelerisque=potenti&mauris=in&sit=eleifend&amet=quam&eros=a&suspendisse=odio&accumsan=in&tortor=hac&quis=habitasse&turpis=platea&sed=dictumst&ante=maecenas&vivamus=ut&tortor=massa&duis=quis&mattis=augue&egestas=luctus&metus=tincidunt&aenean=nulla&fermentum=mollis&donec=molestie&ut=lorem&mauris=quisque&eget=ut&massa=erat&tempor=curabitur&convallis=gravida&nulla=nisi&neque=at&libero=nibh&convallis=in&eget=hac&eleifend=habitasse&luctus=platea&ultricies=dictumst,TRUE
+https://businesswire.com/lorem/vitae.js?eros=est&elementum=risus&pellentesque=auctor&quisque=sed&porta=tristique&volutpat=in&erat=tempus&quisque=sit&erat=amet&eros=sem&viverra=fusce&eget=consequat&congue=nulla&eget=nisl&semper=nunc&rutrum=nisl&nulla=duis&nunc=bibendum&purus=felis&phasellus=sed&in=interdum&felis=venenatis&donec=turpis&semper=enim&sapien=blandit&a=mi&libero=in&nam=porttitor&dui=pede&proin=justo&leo=eu&odio=massa&porttitor=donec&id=dapibus&consequat=duis&in=at&consequat=velit&ut=eu&nulla=est&sed=congue&accumsan=elementum&felis=in&ut=hac&at=habitasse&dolor=platea&quis=dictumst&odio=morbi&consequat=vestibulum&varius=velit&integer=id&ac=pretium&leo=iaculis&pellentesque=diam&ultrices=erat&mattis=fermentum&odio=justo&donec=nec&vitae=condimentum&nisi=neque&nam=sapien&ultrices=placerat&libero=ante&non=nulla&mattis=justo&pulvinar=aliquam&nulla=quis&pede=turpis&ullamcorper=eget&augue=elit&a=sodales&suscipit=scelerisque&nulla=mauris&elit=sit&ac=amet&nulla=eros&sed=suspendisse&vel=accumsan&enim=tortor&sit=quis&amet=turpis&nunc=sed,TRUE
+http://histats.com/ligula/in/lacus/curabitur/at.jpg?fusce=elementum&lacus=ligula&purus=vehicula&aliquet=consequat&at=morbi&feugiat=a&non=ipsum&pretium=integer&quis=a&lectus=nibh&suspendisse=in&potenti=quis&in=justo&eleifend=maecenas&quam=rhoncus&a=aliquam&odio=lacus&in=morbi&hac=quis&habitasse=tortor&platea=id&dictumst=nulla&maecenas=ultrices&ut=aliquet&massa=maecenas&quis=leo&augue=odio&luctus=condimentum&tincidunt=id&nulla=luctus&mollis=nec&molestie=molestie&lorem=sed&quisque=justo&ut=pellentesque&erat=viverra&curabitur=pede&gravida=ac&nisi=diam&at=cras&nibh=pellentesque&in=volutpat&hac=dui&habitasse=maecenas&platea=tristique&dictumst=est&aliquam=et&augue=tempus,TRUE
+http://twitpic.com/vitae/nisl/aenean.xml?commodo=nibh&vulputate=in&justo=hac&in=habitasse&blandit=platea&ultrices=dictumst&enim=aliquam&lorem=augue&ipsum=quam&dolor=sollicitudin&sit=vitae&amet=consectetuer,TRUE
+http://mozilla.com/consequat/lectus/in/est/risus/auctor/sed.html?a=quisque&nibh=erat&in=eros&quis=viverra&justo=eget&maecenas=congue&rhoncus=eget&aliquam=semper&lacus=rutrum&morbi=nulla&quis=nunc&tortor=purus&id=phasellus&nulla=in&ultrices=felis&aliquet=donec&maecenas=semper&leo=sapien&odio=a&condimentum=libero&id=nam&luctus=dui&nec=proin&molestie=leo&sed=odio&justo=porttitor&pellentesque=id&viverra=consequat&pede=in&ac=consequat&diam=ut&cras=nulla&pellentesque=sed&volutpat=accumsan&dui=felis&maecenas=ut&tristique=at&est=dolor&et=quis&tempus=odio&semper=consequat&est=varius&quam=integer&pharetra=ac&magna=leo,TRUE
+http://ucoz.com/quisque/arcu/libero.json?ante=rutrum&ipsum=rutrum&primis=neque&in=aenean&faucibus=auctor&orci=gravida&luctus=sem&et=praesent&ultrices=id&posuere=massa&cubilia=id&curae=nisl&mauris=venenatis&viverra=lacinia&diam=aenean&vitae=sit&quam=amet&suspendisse=justo&potenti=morbi&nullam=ut&porttitor=odio&lacus=cras&at=mi&turpis=pede&donec=malesuada&posuere=in&metus=imperdiet&vitae=et&ipsum=commodo&aliquam=vulputate&non=justo&mauris=in&morbi=blandit&non=ultrices&lectus=enim&aliquam=lorem&sit=ipsum&amet=dolor&diam=sit&in=amet&magna=consectetuer&bibendum=adipiscing&imperdiet=elit&nullam=proin&orci=interdum&pede=mauris&venenatis=non&non=ligula&sodales=pellentesque&sed=ultrices&tincidunt=phasellus&eu=id&felis=sapien&fusce=in&posuere=sapien&felis=iaculis&sed=congue&lacus=vivamus&morbi=metus&sem=arcu&mauris=adipiscing&laoreet=molestie&ut=hendrerit&rhoncus=at&aliquet=vulputate&pulvinar=vitae&sed=nisl&nisl=aenean&nunc=lectus&rhoncus=pellentesque&dui=eget&vel=nunc&sem=donec&sed=quis&sagittis=orci&nam=eget&congue=orci&risus=vehicula&semper=condimentum&porta=curabitur&volutpat=in&quam=libero&pede=ut&lobortis=massa,TRUE
+http://usatoday.com/quis/turpis/sed/ante/vivamus.xml?sapien=eu&placerat=sapien&ante=cursus&nulla=vestibulum&justo=proin&aliquam=eu&quis=mi&turpis=nulla&eget=ac&elit=enim&sodales=in&scelerisque=tempor&mauris=turpis&sit=nec&amet=euismod&eros=scelerisque&suspendisse=quam&accumsan=turpis&tortor=adipiscing&quis=lorem&turpis=vitae&sed=mattis,TRUE
+http://seesaa.net/magnis/dis/parturient/montes/nascetur/ridiculus.xml?donec=scelerisque&quis=quam&orci=turpis&eget=adipiscing&orci=lorem&vehicula=vitae&condimentum=mattis&curabitur=nibh&in=ligula&libero=nec&ut=sem&massa=duis&volutpat=aliquam&convallis=convallis&morbi=nunc&odio=proin&odio=at&elementum=turpis&eu=a&interdum=pede&eu=posuere,TRUE
+http://mlb.com/eget/rutrum/at/lorem/integer/tincidunt/ante.xml?diam=proin&vitae=risus&quam=praesent&suspendisse=lectus&potenti=vestibulum&nullam=quam&porttitor=sapien&lacus=varius&at=ut&turpis=blandit&donec=non&posuere=interdum&metus=in&vitae=ante&ipsum=vestibulum&aliquam=ante&non=ipsum&mauris=primis&morbi=in&non=faucibus&lectus=orci&aliquam=luctus&sit=et&amet=ultrices&diam=posuere&in=cubilia&magna=curae&bibendum=duis&imperdiet=faucibus&nullam=accumsan&orci=odio&pede=curabitur&venenatis=convallis&non=duis&sodales=consequat&sed=dui&tincidunt=nec&eu=nisi&felis=volutpat&fusce=eleifend&posuere=donec&felis=ut&sed=dolor&lacus=morbi&morbi=vel&sem=lectus&mauris=in&laoreet=quam&ut=fringilla&rhoncus=rhoncus&aliquet=mauris&pulvinar=enim&sed=leo&nisl=rhoncus&nunc=sed&rhoncus=vestibulum&dui=sit&vel=amet&sem=cursus&sed=id&sagittis=turpis&nam=integer&congue=aliquet&risus=massa&semper=id&porta=lobortis&volutpat=convallis&quam=tortor&pede=risus&lobortis=dapibus&ligula=augue&sit=vel&amet=accumsan&eleifend=tellus&pede=nisi&libero=eu&quis=orci&orci=mauris&nullam=lacinia&molestie=sapien&nibh=quis&in=libero&lectus=nullam&pellentesque=sit&at=amet&nulla=turpis&suspendisse=elementum&potenti=ligula&cras=vehicula&in=consequat&purus=morbi&eu=a&magna=ipsum&vulputate=integer&luctus=a&cum=nibh&sociis=in&natoque=quis&penatibus=justo,TRUE
+https://bloomberg.com/sed/interdum/venenatis/turpis/enim.jpg?erat=justo&volutpat=eu&in=massa&congue=donec&etiam=dapibus&justo=duis&etiam=at&pretium=velit&iaculis=eu&justo=est&in=congue&hac=elementum&habitasse=in&platea=hac&dictumst=habitasse&etiam=platea&faucibus=dictumst&cursus=morbi&urna=vestibulum&ut=velit&tellus=id&nulla=pretium&ut=iaculis&erat=diam&id=erat&mauris=fermentum&vulputate=justo&elementum=nec&nullam=condimentum&varius=neque&nulla=sapien&facilisi=placerat&cras=ante&non=nulla&velit=justo&nec=aliquam&nisi=quis&vulputate=turpis&nonummy=eget&maecenas=elit&tincidunt=sodales&lacus=scelerisque&at=mauris&velit=sit&vivamus=amet&vel=eros&nulla=suspendisse&eget=accumsan&eros=tortor&elementum=quis&pellentesque=turpis&quisque=sed&porta=ante&volutpat=vivamus&erat=tortor&quisque=duis&erat=mattis&eros=egestas&viverra=metus&eget=aenean&congue=fermentum&eget=donec&semper=ut&rutrum=mauris&nulla=eget&nunc=massa&purus=tempor&phasellus=convallis&in=nulla&felis=neque&donec=libero&semper=convallis&sapien=eget&a=eleifend&libero=luctus&nam=ultricies&dui=eu&proin=nibh&leo=quisque&odio=id&porttitor=justo&id=sit&consequat=amet&in=sapien&consequat=dignissim&ut=vestibulum&nulla=vestibulum&sed=ante&accumsan=ipsum&felis=primis&ut=in&at=faucibus&dolor=orci,TRUE
+http://diigo.com/ut/nunc/vestibulum/ante/ipsum/primis.aspx?praesent=et&blandit=ultrices&lacinia=posuere&erat=cubilia&vestibulum=curae&sed=duis&magna=faucibus&at=accumsan&nunc=odio&commodo=curabitur&placerat=convallis&praesent=duis&blandit=consequat&nam=dui&nulla=nec&integer=nisi&pede=volutpat&justo=eleifend&lacinia=donec&eget=ut&tincidunt=dolor&eget=morbi&tempus=vel&vel=lectus&pede=in&morbi=quam&porttitor=fringilla&lorem=rhoncus&id=mauris&ligula=enim&suspendisse=leo&ornare=rhoncus&consequat=sed&lectus=vestibulum&in=sit&est=amet,TRUE
+https://sphinn.com/blandit/mi/in/porttitor/pede.jsp?faucibus=primis&orci=in&luctus=faucibus&et=orci&ultrices=luctus&posuere=et&cubilia=ultrices&curae=posuere&mauris=cubilia&viverra=curae&diam=nulla&vitae=dapibus&quam=dolor&suspendisse=vel&potenti=est&nullam=donec,TRUE
+https://webnode.com/vestibulum/quam/sapien/varius/ut/blandit.json?curae=suspendisse&nulla=accumsan&dapibus=tortor&dolor=quis&vel=turpis&est=sed&donec=ante&odio=vivamus&justo=tortor&sollicitudin=duis&ut=mattis&suscipit=egestas&a=metus&feugiat=aenean&et=fermentum&eros=donec&vestibulum=ut&ac=mauris&est=eget&lacinia=massa&nisi=tempor&venenatis=convallis&tristique=nulla&fusce=neque&congue=libero,TRUE
+https://dell.com/quam/pede/lobortis.png?vivamus=eu&vel=sapien&nulla=cursus&eget=vestibulum&eros=proin&elementum=eu&pellentesque=mi&quisque=nulla&porta=ac&volutpat=enim&erat=in&quisque=tempor&erat=turpis&eros=nec&viverra=euismod&eget=scelerisque&congue=quam&eget=turpis&semper=adipiscing&rutrum=lorem&nulla=vitae&nunc=mattis&purus=nibh&phasellus=ligula&in=nec&felis=sem&donec=duis&semper=aliquam&sapien=convallis&a=nunc&libero=proin&nam=at&dui=turpis&proin=a&leo=pede&odio=posuere&porttitor=nonummy&id=integer&consequat=non&in=velit&consequat=donec&ut=diam&nulla=neque&sed=vestibulum&accumsan=eget&felis=vulputate&ut=ut&at=ultrices&dolor=vel&quis=augue&odio=vestibulum&consequat=ante&varius=ipsum&integer=primis&ac=in&leo=faucibus&pellentesque=orci&ultrices=luctus&mattis=et&odio=ultrices&donec=posuere&vitae=cubilia&nisi=curae&nam=donec&ultrices=pharetra&libero=magna&non=vestibulum&mattis=aliquet&pulvinar=ultrices&nulla=erat&pede=tortor&ullamcorper=sollicitudin&augue=mi&a=sit&suscipit=amet&nulla=lobortis&elit=sapien&ac=sapien&nulla=non&sed=mi&vel=integer&enim=ac&sit=neque&amet=duis&nunc=bibendum,TRUE
+https://hud.gov/magna/vulputate/luctus/cum/sociis/natoque.html?orci=ipsum&luctus=integer&et=a&ultrices=nibh&posuere=in&cubilia=quis&curae=justo&duis=maecenas&faucibus=rhoncus&accumsan=aliquam&odio=lacus&curabitur=morbi&convallis=quis&duis=tortor&consequat=id&dui=nulla&nec=ultrices&nisi=aliquet&volutpat=maecenas&eleifend=leo&donec=odio&ut=condimentum&dolor=id&morbi=luctus&vel=nec&lectus=molestie&in=sed&quam=justo&fringilla=pellentesque&rhoncus=viverra&mauris=pede&enim=ac&leo=diam&rhoncus=cras&sed=pellentesque&vestibulum=volutpat&sit=dui&amet=maecenas&cursus=tristique&id=est&turpis=et&integer=tempus&aliquet=semper&massa=est&id=quam&lobortis=pharetra&convallis=magna&tortor=ac&risus=consequat&dapibus=metus&augue=sapien&vel=ut&accumsan=nunc&tellus=vestibulum&nisi=ante&eu=ipsum&orci=primis&mauris=in&lacinia=faucibus&sapien=orci&quis=luctus&libero=et&nullam=ultrices&sit=posuere&amet=cubilia&turpis=curae&elementum=mauris&ligula=viverra&vehicula=diam&consequat=vitae&morbi=quam&a=suspendisse&ipsum=potenti&integer=nullam&a=porttitor&nibh=lacus&in=at&quis=turpis&justo=donec&maecenas=posuere&rhoncus=metus&aliquam=vitae&lacus=ipsum&morbi=aliquam&quis=non&tortor=mauris&id=morbi&nulla=non&ultrices=lectus&aliquet=aliquam&maecenas=sit&leo=amet,TRUE
+https://de.vu/congue/vivamus.js?erat=metus&tortor=sapien&sollicitudin=ut&mi=nunc&sit=vestibulum&amet=ante&lobortis=ipsum&sapien=primis&sapien=in&non=faucibus&mi=orci&integer=luctus&ac=et&neque=ultrices&duis=posuere&bibendum=cubilia&morbi=curae&non=mauris&quam=viverra&nec=diam&dui=vitae&luctus=quam&rutrum=suspendisse&nulla=potenti&tellus=nullam&in=porttitor&sagittis=lacus&dui=at&vel=turpis&nisl=donec&duis=posuere&ac=metus&nibh=vitae&fusce=ipsum&lacus=aliquam&purus=non&aliquet=mauris&at=morbi&feugiat=non&non=lectus&pretium=aliquam&quis=sit&lectus=amet&suspendisse=diam&potenti=in&in=magna&eleifend=bibendum&quam=imperdiet&a=nullam&odio=orci&in=pede&hac=venenatis&habitasse=non&platea=sodales&dictumst=sed&maecenas=tincidunt&ut=eu&massa=felis&quis=fusce&augue=posuere&luctus=felis&tincidunt=sed&nulla=lacus&mollis=morbi&molestie=sem&lorem=mauris&quisque=laoreet&ut=ut&erat=rhoncus&curabitur=aliquet&gravida=pulvinar&nisi=sed,TRUE
+http://histats.com/ligula/in/lacus/curabitur/at/ipsum/ac.png?libero=ut&ut=rhoncus&massa=aliquet&volutpat=pulvinar&convallis=sed&morbi=nisl&odio=nunc&odio=rhoncus&elementum=dui&eu=vel&interdum=sem&eu=sed&tincidunt=sagittis&in=nam&leo=congue&maecenas=risus&pulvinar=semper&lobortis=porta&est=volutpat&phasellus=quam&sit=pede&amet=lobortis&erat=ligula&nulla=sit&tempus=amet&vivamus=eleifend&in=pede&felis=libero&eu=quis&sapien=orci&cursus=nullam&vestibulum=molestie&proin=nibh&eu=in&mi=lectus&nulla=pellentesque&ac=at&enim=nulla&in=suspendisse&tempor=potenti&turpis=cras&nec=in&euismod=purus&scelerisque=eu&quam=magna&turpis=vulputate&adipiscing=luctus&lorem=cum&vitae=sociis&mattis=natoque&nibh=penatibus&ligula=et&nec=magnis&sem=dis&duis=parturient&aliquam=montes&convallis=nascetur&nunc=ridiculus&proin=mus&at=vivamus&turpis=vestibulum&a=sagittis&pede=sapien&posuere=cum&nonummy=sociis&integer=natoque&non=penatibus&velit=et&donec=magnis&diam=dis&neque=parturient&vestibulum=montes&eget=nascetur&vulputate=ridiculus&ut=mus&ultrices=etiam&vel=vel&augue=augue&vestibulum=vestibulum&ante=rutrum&ipsum=rutrum&primis=neque&in=aenean&faucibus=auctor&orci=gravida&luctus=sem&et=praesent&ultrices=id&posuere=massa&cubilia=id&curae=nisl&donec=venenatis&pharetra=lacinia&magna=aenean&vestibulum=sit&aliquet=amet,TRUE
+http://bigcartel.com/aliquam/quis/turpis/eget/elit/sodales.js?luctus=praesent&nec=id&molestie=massa&sed=id&justo=nisl&pellentesque=venenatis&viverra=lacinia&pede=aenean&ac=sit&diam=amet&cras=justo&pellentesque=morbi&volutpat=ut&dui=odio&maecenas=cras&tristique=mi&est=pede&et=malesuada&tempus=in&semper=imperdiet&est=et&quam=commodo&pharetra=vulputate&magna=justo&ac=in&consequat=blandit&metus=ultrices&sapien=enim&ut=lorem&nunc=ipsum&vestibulum=dolor&ante=sit&ipsum=amet&primis=consectetuer&in=adipiscing&faucibus=elit&orci=proin&luctus=interdum&et=mauris&ultrices=non&posuere=ligula&cubilia=pellentesque&curae=ultrices&mauris=phasellus&viverra=id&diam=sapien&vitae=in&quam=sapien&suspendisse=iaculis&potenti=congue&nullam=vivamus&porttitor=metus&lacus=arcu&at=adipiscing&turpis=molestie&donec=hendrerit&posuere=at&metus=vulputate&vitae=vitae&ipsum=nisl&aliquam=aenean&non=lectus&mauris=pellentesque,TRUE
+https://uiuc.edu/auctor/sed.jsp?ligula=et&sit=tempus&amet=semper&eleifend=est&pede=quam&libero=pharetra&quis=magna&orci=ac&nullam=consequat&molestie=metus&nibh=sapien&in=ut&lectus=nunc&pellentesque=vestibulum&at=ante&nulla=ipsum&suspendisse=primis&potenti=in&cras=faucibus&in=orci&purus=luctus&eu=et&magna=ultrices&vulputate=posuere&luctus=cubilia&cum=curae&sociis=mauris&natoque=viverra&penatibus=diam&et=vitae&magnis=quam&dis=suspendisse&parturient=potenti&montes=nullam&nascetur=porttitor&ridiculus=lacus&mus=at&vivamus=turpis&vestibulum=donec&sagittis=posuere&sapien=metus&cum=vitae&sociis=ipsum&natoque=aliquam&penatibus=non&et=mauris&magnis=morbi&dis=non&parturient=lectus&montes=aliquam&nascetur=sit&ridiculus=amet&mus=diam&etiam=in&vel=magna&augue=bibendum&vestibulum=imperdiet&rutrum=nullam&rutrum=orci&neque=pede&aenean=venenatis&auctor=non&gravida=sodales&sem=sed&praesent=tincidunt&id=eu&massa=felis&id=fusce&nisl=posuere&venenatis=felis&lacinia=sed&aenean=lacus&sit=morbi&amet=sem&justo=mauris&morbi=laoreet&ut=ut&odio=rhoncus&cras=aliquet&mi=pulvinar&pede=sed&malesuada=nisl&in=nunc&imperdiet=rhoncus&et=dui&commodo=vel&vulputate=sem&justo=sed&in=sagittis&blandit=nam,TRUE
+https://vimeo.com/vehicula/consequat/morbi/a/ipsum/integer.png?luctus=praesent&et=blandit&ultrices=nam&posuere=nulla&cubilia=integer&curae=pede&nulla=justo&dapibus=lacinia&dolor=eget&vel=tincidunt&est=eget&donec=tempus&odio=vel&justo=pede&sollicitudin=morbi&ut=porttitor&suscipit=lorem&a=id&feugiat=ligula&et=suspendisse&eros=ornare&vestibulum=consequat&ac=lectus&est=in&lacinia=est&nisi=risus&venenatis=auctor&tristique=sed&fusce=tristique&congue=in&diam=tempus&id=sit&ornare=amet&imperdiet=sem&sapien=fusce&urna=consequat&pretium=nulla&nisl=nisl&ut=nunc&volutpat=nisl&sapien=duis&arcu=bibendum&sed=felis&augue=sed&aliquam=interdum&erat=venenatis,TRUE
+http://arizona.edu/vel/enim/sit/amet/nunc.xml?semper=morbi&rutrum=porttitor&nulla=lorem&nunc=id&purus=ligula&phasellus=suspendisse&in=ornare&felis=consequat&donec=lectus&semper=in&sapien=est&a=risus&libero=auctor&nam=sed&dui=tristique&proin=in&leo=tempus&odio=sit&porttitor=amet&id=sem&consequat=fusce&in=consequat&consequat=nulla&ut=nisl&nulla=nunc&sed=nisl&accumsan=duis&felis=bibendum&ut=felis&at=sed&dolor=interdum&quis=venenatis&odio=turpis&consequat=enim&varius=blandit&integer=mi&ac=in&leo=porttitor&pellentesque=pede&ultrices=justo&mattis=eu&odio=massa&donec=donec&vitae=dapibus&nisi=duis&nam=at&ultrices=velit&libero=eu&non=est&mattis=congue&pulvinar=elementum&nulla=in&pede=hac&ullamcorper=habitasse&augue=platea&a=dictumst&suscipit=morbi&nulla=vestibulum&elit=velit&ac=id&nulla=pretium&sed=iaculis&vel=diam&enim=erat&sit=fermentum&amet=justo&nunc=nec&viverra=condimentum&dapibus=neque&nulla=sapien&suscipit=placerat&ligula=ante&in=nulla&lacus=justo&curabitur=aliquam&at=quis&ipsum=turpis&ac=eget&tellus=elit&semper=sodales&interdum=scelerisque&mauris=mauris&ullamcorper=sit&purus=amet&sit=eros&amet=suspendisse&nulla=accumsan&quisque=tortor&arcu=quis&libero=turpis&rutrum=sed&ac=ante&lobortis=vivamus,TRUE
+https://nba.com/fringilla/rhoncus.jpg?porttitor=nisl&pede=nunc&justo=rhoncus&eu=dui&massa=vel&donec=sem&dapibus=sed&duis=sagittis&at=nam&velit=congue&eu=risus&est=semper&congue=porta&elementum=volutpat&in=quam&hac=pede&habitasse=lobortis&platea=ligula&dictumst=sit&morbi=amet&vestibulum=eleifend&velit=pede&id=libero&pretium=quis&iaculis=orci&diam=nullam&erat=molestie&fermentum=nibh&justo=in&nec=lectus&condimentum=pellentesque&neque=at&sapien=nulla,TRUE
+https://wisc.edu/morbi/porttitor/lorem/id/ligula/suspendisse/ornare.json?dis=ultrices&parturient=posuere&montes=cubilia&nascetur=curae&ridiculus=nulla&mus=dapibus&vivamus=dolor&vestibulum=vel&sagittis=est&sapien=donec&cum=odio&sociis=justo&natoque=sollicitudin&penatibus=ut&et=suscipit&magnis=a&dis=feugiat&parturient=et&montes=eros&nascetur=vestibulum&ridiculus=ac&mus=est&etiam=lacinia&vel=nisi&augue=venenatis&vestibulum=tristique&rutrum=fusce&rutrum=congue&neque=diam&aenean=id&auctor=ornare&gravida=imperdiet&sem=sapien&praesent=urna&id=pretium&massa=nisl&id=ut&nisl=volutpat&venenatis=sapien&lacinia=arcu&aenean=sed&sit=augue&amet=aliquam&justo=erat&morbi=volutpat&ut=in&odio=congue&cras=etiam&mi=justo&pede=etiam&malesuada=pretium&in=iaculis&imperdiet=justo&et=in&commodo=hac&vulputate=habitasse&justo=platea&in=dictumst&blandit=etiam&ultrices=faucibus&enim=cursus&lorem=urna&ipsum=ut&dolor=tellus&sit=nulla&amet=ut&consectetuer=erat&adipiscing=id&elit=mauris&proin=vulputate&interdum=elementum&mauris=nullam&non=varius&ligula=nulla,TRUE
+https://nationalgeographic.com/orci/vehicula.aspx?nunc=sem&vestibulum=mauris&ante=laoreet&ipsum=ut&primis=rhoncus&in=aliquet&faucibus=pulvinar&orci=sed&luctus=nisl&et=nunc&ultrices=rhoncus&posuere=dui&cubilia=vel&curae=sem&mauris=sed&viverra=sagittis,TRUE
+https://a8.net/vitae/mattis/nibh/ligula/nec/sem.jsp?accumsan=eget&tellus=eros&nisi=elementum&eu=pellentesque&orci=quisque&mauris=porta&lacinia=volutpat&sapien=erat&quis=quisque&libero=erat&nullam=eros&sit=viverra&amet=eget&turpis=congue&elementum=eget&ligula=semper&vehicula=rutrum&consequat=nulla&morbi=nunc&a=purus&ipsum=phasellus&integer=in&a=felis&nibh=donec&in=semper&quis=sapien&justo=a&maecenas=libero&rhoncus=nam&aliquam=dui&lacus=proin&morbi=leo&quis=odio&tortor=porttitor&id=id&nulla=consequat&ultrices=in&aliquet=consequat&maecenas=ut&leo=nulla&odio=sed&condimentum=accumsan&id=felis&luctus=ut&nec=at&molestie=dolor&sed=quis&justo=odio&pellentesque=consequat&viverra=varius&pede=integer&ac=ac&diam=leo&cras=pellentesque&pellentesque=ultrices&volutpat=mattis&dui=odio&maecenas=donec&tristique=vitae&est=nisi&et=nam&tempus=ultrices&semper=libero&est=non&quam=mattis&pharetra=pulvinar&magna=nulla&ac=pede&consequat=ullamcorper&metus=augue&sapien=a&ut=suscipit&nunc=nulla&vestibulum=elit&ante=ac&ipsum=nulla&primis=sed&in=vel&faucibus=enim&orci=sit&luctus=amet&et=nunc&ultrices=viverra&posuere=dapibus&cubilia=nulla&curae=suscipit&mauris=ligula&viverra=in&diam=lacus&vitae=curabitur&quam=at&suspendisse=ipsum&potenti=ac&nullam=tellus&porttitor=semper&lacus=interdum&at=mauris,TRUE
+https://woothemes.com/vestibulum/ante/ipsum/primis/in.js?curabitur=pharetra&gravida=magna&nisi=ac&at=consequat&nibh=metus&in=sapien&hac=ut&habitasse=nunc&platea=vestibulum&dictumst=ante&aliquam=ipsum&augue=primis&quam=in&sollicitudin=faucibus&vitae=orci&consectetuer=luctus&eget=et&rutrum=ultrices&at=posuere&lorem=cubilia&integer=curae&tincidunt=mauris&ante=viverra&vel=diam&ipsum=vitae&praesent=quam&blandit=suspendisse&lacinia=potenti&erat=nullam&vestibulum=porttitor&sed=lacus&magna=at&at=turpis&nunc=donec&commodo=posuere&placerat=metus&praesent=vitae&blandit=ipsum&nam=aliquam&nulla=non&integer=mauris&pede=morbi&justo=non&lacinia=lectus&eget=aliquam&tincidunt=sit&eget=amet&tempus=diam&vel=in&pede=magna&morbi=bibendum&porttitor=imperdiet&lorem=nullam&id=orci&ligula=pede&suspendisse=venenatis&ornare=non&consequat=sodales&lectus=sed&in=tincidunt&est=eu&risus=felis&auctor=fusce&sed=posuere&tristique=felis&in=sed,TRUE
+http://macromedia.com/nisl/duis/ac/nibh/fusce/lacus/purus.aspx?rutrum=nulla&nulla=ultrices&nunc=aliquet&purus=maecenas&phasellus=leo&in=odio&felis=condimentum&donec=id&semper=luctus&sapien=nec&a=molestie&libero=sed&nam=justo&dui=pellentesque&proin=viverra&leo=pede&odio=ac&porttitor=diam&id=cras&consequat=pellentesque&in=volutpat&consequat=dui&ut=maecenas&nulla=tristique&sed=est&accumsan=et&felis=tempus&ut=semper&at=est&dolor=quam&quis=pharetra&odio=magna&consequat=ac,TRUE
+http://ucoz.ru/penatibus/et/magnis/dis/parturient/montes/nascetur.html?velit=platea&id=dictumst&pretium=morbi&iaculis=vestibulum&diam=velit&erat=id&fermentum=pretium&justo=iaculis&nec=diam&condimentum=erat&neque=fermentum&sapien=justo&placerat=nec&ante=condimentum&nulla=neque&justo=sapien&aliquam=placerat&quis=ante&turpis=nulla&eget=justo&elit=aliquam&sodales=quis&scelerisque=turpis&mauris=eget&sit=elit&amet=sodales&eros=scelerisque&suspendisse=mauris&accumsan=sit&tortor=amet&quis=eros&turpis=suspendisse&sed=accumsan&ante=tortor&vivamus=quis&tortor=turpis&duis=sed&mattis=ante&egestas=vivamus&metus=tortor&aenean=duis&fermentum=mattis&donec=egestas&ut=metus&mauris=aenean&eget=fermentum&massa=donec&tempor=ut&convallis=mauris&nulla=eget&neque=massa&libero=tempor&convallis=convallis&eget=nulla,TRUE
+http://goodreads.com/nec/sem.jsp?ultrices=sed&erat=sagittis&tortor=nam&sollicitudin=congue&mi=risus&sit=semper&amet=porta&lobortis=volutpat&sapien=quam&sapien=pede&non=lobortis&mi=ligula&integer=sit&ac=amet&neque=eleifend&duis=pede&bibendum=libero&morbi=quis&non=orci&quam=nullam&nec=molestie&dui=nibh&luctus=in&rutrum=lectus&nulla=pellentesque&tellus=at&in=nulla&sagittis=suspendisse&dui=potenti&vel=cras&nisl=in&duis=purus&ac=eu&nibh=magna&fusce=vulputate&lacus=luctus&purus=cum&aliquet=sociis&at=natoque&feugiat=penatibus&non=et&pretium=magnis&quis=dis&lectus=parturient&suspendisse=montes&potenti=nascetur&in=ridiculus&eleifend=mus&quam=vivamus&a=vestibulum&odio=sagittis&in=sapien&hac=cum&habitasse=sociis&platea=natoque&dictumst=penatibus&maecenas=et&ut=magnis&massa=dis&quis=parturient&augue=montes&luctus=nascetur&tincidunt=ridiculus&nulla=mus&mollis=etiam&molestie=vel&lorem=augue&quisque=vestibulum&ut=rutrum&erat=rutrum&curabitur=neque&gravida=aenean&nisi=auctor&at=gravida,TRUE
+http://home.pl/cubilia/curae/duis/faucibus.js?nam=vestibulum&congue=ante&risus=ipsum&semper=primis&porta=in&volutpat=faucibus&quam=orci&pede=luctus&lobortis=et&ligula=ultrices&sit=posuere&amet=cubilia&eleifend=curae&pede=duis&libero=faucibus&quis=accumsan&orci=odio&nullam=curabitur&molestie=convallis&nibh=duis&in=consequat&lectus=dui&pellentesque=nec&at=nisi&nulla=volutpat&suspendisse=eleifend&potenti=donec&cras=ut&in=dolor&purus=morbi&eu=vel&magna=lectus&vulputate=in,TRUE
+http://forbes.com/tellus/semper/interdum/mauris.aspx?scelerisque=faucibus&quam=orci&turpis=luctus&adipiscing=et&lorem=ultrices&vitae=posuere&mattis=cubilia&nibh=curae&ligula=mauris&nec=viverra&sem=diam&duis=vitae&aliquam=quam&convallis=suspendisse&nunc=potenti&proin=nullam&at=porttitor&turpis=lacus&a=at&pede=turpis&posuere=donec&nonummy=posuere&integer=metus&non=vitae&velit=ipsum&donec=aliquam&diam=non&neque=mauris&vestibulum=morbi&eget=non&vulputate=lectus&ut=aliquam,TRUE
+https://army.mil/suscipit/ligula/in/lacus.html?ut=convallis&erat=tortor&id=risus&mauris=dapibus&vulputate=augue&elementum=vel&nullam=accumsan&varius=tellus&nulla=nisi&facilisi=eu&cras=orci&non=mauris&velit=lacinia&nec=sapien&nisi=quis&vulputate=libero&nonummy=nullam&maecenas=sit&tincidunt=amet&lacus=turpis&at=elementum&velit=ligula&vivamus=vehicula&vel=consequat&nulla=morbi&eget=a&eros=ipsum&elementum=integer&pellentesque=a&quisque=nibh&porta=in&volutpat=quis&erat=justo&quisque=maecenas&erat=rhoncus&eros=aliquam&viverra=lacus&eget=morbi&congue=quis&eget=tortor&semper=id&rutrum=nulla&nulla=ultrices&nunc=aliquet&purus=maecenas&phasellus=leo&in=odio&felis=condimentum&donec=id,TRUE
+https://theglobeandmail.com/est.json?platea=ut&dictumst=odio&etiam=cras&faucibus=mi&cursus=pede&urna=malesuada&ut=in&tellus=imperdiet&nulla=et&ut=commodo&erat=vulputate&id=justo&mauris=in&vulputate=blandit&elementum=ultrices&nullam=enim&varius=lorem&nulla=ipsum&facilisi=dolor&cras=sit&non=amet&velit=consectetuer&nec=adipiscing&nisi=elit&vulputate=proin&nonummy=interdum&maecenas=mauris&tincidunt=non&lacus=ligula&at=pellentesque&velit=ultrices&vivamus=phasellus&vel=id&nulla=sapien&eget=in&eros=sapien&elementum=iaculis&pellentesque=congue&quisque=vivamus&porta=metus&volutpat=arcu&erat=adipiscing&quisque=molestie&erat=hendrerit&eros=at&viverra=vulputate&eget=vitae&congue=nisl&eget=aenean&semper=lectus&rutrum=pellentesque&nulla=eget&nunc=nunc&purus=donec,TRUE
+http://technorati.com/tempus/vivamus/in.png?lacus=ut&morbi=rhoncus&sem=aliquet&mauris=pulvinar&laoreet=sed&ut=nisl&rhoncus=nunc&aliquet=rhoncus&pulvinar=dui&sed=vel&nisl=sem&nunc=sed&rhoncus=sagittis&dui=nam&vel=congue&sem=risus&sed=semper&sagittis=porta&nam=volutpat&congue=quam&risus=pede&semper=lobortis&porta=ligula&volutpat=sit&quam=amet&pede=eleifend&lobortis=pede&ligula=libero&sit=quis&amet=orci&eleifend=nullam&pede=molestie&libero=nibh&quis=in&orci=lectus&nullam=pellentesque&molestie=at&nibh=nulla&in=suspendisse&lectus=potenti&pellentesque=cras&at=in&nulla=purus&suspendisse=eu&potenti=magna&cras=vulputate&in=luctus&purus=cum&eu=sociis&magna=natoque&vulputate=penatibus&luctus=et&cum=magnis&sociis=dis,TRUE
+https://umich.edu/dolor/sit/amet/consectetuer/adipiscing.aspx?ipsum=porttitor&integer=lacus&a=at&nibh=turpis&in=donec&quis=posuere&justo=metus&maecenas=vitae&rhoncus=ipsum&aliquam=aliquam&lacus=non&morbi=mauris&quis=morbi&tortor=non&id=lectus&nulla=aliquam&ultrices=sit&aliquet=amet&maecenas=diam&leo=in&odio=magna&condimentum=bibendum&id=imperdiet&luctus=nullam&nec=orci&molestie=pede&sed=venenatis&justo=non&pellentesque=sodales&viverra=sed&pede=tincidunt&ac=eu&diam=felis&cras=fusce&pellentesque=posuere&volutpat=felis&dui=sed&maecenas=lacus&tristique=morbi&est=sem&et=mauris&tempus=laoreet&semper=ut&est=rhoncus&quam=aliquet&pharetra=pulvinar,TRUE
+http://biglobe.ne.jp/at/diam/nam/tristique/tortor/eu.jsp?proin=ac&eu=diam&mi=cras&nulla=pellentesque&ac=volutpat&enim=dui&in=maecenas&tempor=tristique&turpis=est&nec=et&euismod=tempus&scelerisque=semper&quam=est&turpis=quam,TRUE
+https://studiopress.com/non/ligula/pellentesque/ultrices/phasellus/id/sapien.xml?vitae=rutrum&ipsum=rutrum&aliquam=neque&non=aenean&mauris=auctor&morbi=gravida&non=sem&lectus=praesent&aliquam=id&sit=massa&amet=id&diam=nisl&in=venenatis&magna=lacinia&bibendum=aenean&imperdiet=sit&nullam=amet&orci=justo&pede=morbi&venenatis=ut&non=odio&sodales=cras&sed=mi&tincidunt=pede&eu=malesuada&felis=in&fusce=imperdiet&posuere=et&felis=commodo&sed=vulputate&lacus=justo&morbi=in&sem=blandit&mauris=ultrices&laoreet=enim&ut=lorem&rhoncus=ipsum&aliquet=dolor&pulvinar=sit&sed=amet&nisl=consectetuer&nunc=adipiscing&rhoncus=elit&dui=proin&vel=interdum&sem=mauris&sed=non&sagittis=ligula&nam=pellentesque&congue=ultrices&risus=phasellus&semper=id&porta=sapien&volutpat=in&quam=sapien&pede=iaculis&lobortis=congue&ligula=vivamus&sit=metus&amet=arcu&eleifend=adipiscing&pede=molestie&libero=hendrerit&quis=at&orci=vulputate&nullam=vitae&molestie=nisl&nibh=aenean&in=lectus&lectus=pellentesque,TRUE
+https://bloglines.com/orci/luctus/et/ultrices/posuere.jsp?accumsan=fermentum&tortor=justo&quis=nec&turpis=condimentum&sed=neque&ante=sapien&vivamus=placerat&tortor=ante&duis=nulla&mattis=justo&egestas=aliquam&metus=quis&aenean=turpis&fermentum=eget&donec=elit&ut=sodales&mauris=scelerisque&eget=mauris&massa=sit&tempor=amet&convallis=eros&nulla=suspendisse&neque=accumsan&libero=tortor&convallis=quis&eget=turpis&eleifend=sed&luctus=ante&ultricies=vivamus&eu=tortor&nibh=duis&quisque=mattis&id=egestas&justo=metus&sit=aenean&amet=fermentum&sapien=donec&dignissim=ut&vestibulum=mauris&vestibulum=eget&ante=massa,TRUE
+http://istockphoto.com/vel/dapibus/at/diam.xml?nonummy=a&maecenas=libero&tincidunt=nam&lacus=dui&at=proin&velit=leo&vivamus=odio&vel=porttitor&nulla=id&eget=consequat&eros=in&elementum=consequat&pellentesque=ut&quisque=nulla&porta=sed&volutpat=accumsan&erat=felis&quisque=ut&erat=at&eros=dolor&viverra=quis&eget=odio&congue=consequat&eget=varius&semper=integer&rutrum=ac&nulla=leo&nunc=pellentesque&purus=ultrices&phasellus=mattis&in=odio&felis=donec&donec=vitae&semper=nisi&sapien=nam&a=ultrices&libero=libero&nam=non&dui=mattis&proin=pulvinar&leo=nulla&odio=pede&porttitor=ullamcorper&id=augue&consequat=a&in=suscipit&consequat=nulla&ut=elit&nulla=ac&sed=nulla&accumsan=sed&felis=vel&ut=enim&at=sit&dolor=amet&quis=nunc&odio=viverra&consequat=dapibus&varius=nulla&integer=suscipit&ac=ligula&leo=in&pellentesque=lacus&ultrices=curabitur&mattis=at&odio=ipsum&donec=ac&vitae=tellus&nisi=semper&nam=interdum&ultrices=mauris&libero=ullamcorper&non=purus&mattis=sit&pulvinar=amet&nulla=nulla&pede=quisque&ullamcorper=arcu&augue=libero&a=rutrum&suscipit=ac&nulla=lobortis&elit=vel&ac=dapibus&nulla=at&sed=diam&vel=nam&enim=tristique&sit=tortor,TRUE
+https://techcrunch.com/ipsum/primis/in/faucibus/orci/luctus.jsp?in=tincidunt&libero=nulla&ut=mollis&massa=molestie&volutpat=lorem&convallis=quisque&morbi=ut&odio=erat&odio=curabitur&elementum=gravida&eu=nisi&interdum=at&eu=nibh&tincidunt=in&in=hac&leo=habitasse&maecenas=platea&pulvinar=dictumst&lobortis=aliquam&est=augue&phasellus=quam&sit=sollicitudin&amet=vitae&erat=consectetuer&nulla=eget&tempus=rutrum&vivamus=at&in=lorem&felis=integer&eu=tincidunt&sapien=ante&cursus=vel&vestibulum=ipsum&proin=praesent&eu=blandit&mi=lacinia&nulla=erat&ac=vestibulum&enim=sed&in=magna,TRUE
+http://house.gov/et/ultrices/posuere.jsp?primis=vestibulum&in=proin&faucibus=eu&orci=mi&luctus=nulla&et=ac&ultrices=enim&posuere=in&cubilia=tempor&curae=turpis&donec=nec&pharetra=euismod&magna=scelerisque&vestibulum=quam&aliquet=turpis&ultrices=adipiscing&erat=lorem&tortor=vitae&sollicitudin=mattis&mi=nibh&sit=ligula&amet=nec&lobortis=sem&sapien=duis&sapien=aliquam&non=convallis&mi=nunc&integer=proin&ac=at&neque=turpis&duis=a&bibendum=pede&morbi=posuere&non=nonummy&quam=integer&nec=non&dui=velit&luctus=donec&rutrum=diam&nulla=neque&tellus=vestibulum&in=eget&sagittis=vulputate&dui=ut&vel=ultrices&nisl=vel&duis=augue&ac=vestibulum&nibh=ante&fusce=ipsum&lacus=primis&purus=in&aliquet=faucibus&at=orci&feugiat=luctus&non=et&pretium=ultrices&quis=posuere&lectus=cubilia&suspendisse=curae&potenti=donec&in=pharetra&eleifend=magna&quam=vestibulum&a=aliquet&odio=ultrices&in=erat&hac=tortor&habitasse=sollicitudin&platea=mi&dictumst=sit&maecenas=amet&ut=lobortis&massa=sapien&quis=sapien&augue=non&luctus=mi&tincidunt=integer&nulla=ac&mollis=neque&molestie=duis&lorem=bibendum&quisque=morbi&ut=non&erat=quam&curabitur=nec&gravida=dui&nisi=luctus&at=rutrum&nibh=nulla&in=tellus&hac=in&habitasse=sagittis&platea=dui,TRUE
+https://mediafire.com/in/purus/eu/magna/vulputate/luctus/cum.aspx?quis=dui&libero=vel&nullam=nisl&sit=duis&amet=ac&turpis=nibh&elementum=fusce&ligula=lacus&vehicula=purus&consequat=aliquet&morbi=at&a=feugiat&ipsum=non&integer=pretium&a=quis&nibh=lectus&in=suspendisse&quis=potenti&justo=in&maecenas=eleifend&rhoncus=quam&aliquam=a&lacus=odio&morbi=in&quis=hac&tortor=habitasse&id=platea&nulla=dictumst&ultrices=maecenas&aliquet=ut&maecenas=massa&leo=quis&odio=augue&condimentum=luctus&id=tincidunt&luctus=nulla&nec=mollis&molestie=molestie&sed=lorem&justo=quisque&pellentesque=ut&viverra=erat&pede=curabitur&ac=gravida&diam=nisi&cras=at&pellentesque=nibh&volutpat=in&dui=hac&maecenas=habitasse&tristique=platea&est=dictumst&et=aliquam&tempus=augue&semper=quam&est=sollicitudin&quam=vitae&pharetra=consectetuer&magna=eget&ac=rutrum&consequat=at&metus=lorem&sapien=integer&ut=tincidunt&nunc=ante&vestibulum=vel&ante=ipsum&ipsum=praesent&primis=blandit&in=lacinia&faucibus=erat&orci=vestibulum&luctus=sed&et=magna&ultrices=at&posuere=nunc&cubilia=commodo&curae=placerat&mauris=praesent&viverra=blandit&diam=nam&vitae=nulla&quam=integer&suspendisse=pede&potenti=justo&nullam=lacinia&porttitor=eget&lacus=tincidunt&at=eget&turpis=tempus&donec=vel&posuere=pede&metus=morbi&vitae=porttitor,TRUE
+https://4shared.com/at/velit/vivamus/vel.xml?quis=vel&lectus=pede&suspendisse=morbi&potenti=porttitor&in=lorem&eleifend=id&quam=ligula&a=suspendisse&odio=ornare&in=consequat&hac=lectus&habitasse=in&platea=est&dictumst=risus&maecenas=auctor&ut=sed&massa=tristique&quis=in&augue=tempus&luctus=sit&tincidunt=amet&nulla=sem&mollis=fusce&molestie=consequat&lorem=nulla&quisque=nisl&ut=nunc&erat=nisl&curabitur=duis&gravida=bibendum&nisi=felis,TRUE
+https://cargocollective.com/massa/id/lobortis/convallis/tortor/risus/dapibus.json?odio=luctus&curabitur=nec&convallis=molestie&duis=sed&consequat=justo&dui=pellentesque&nec=viverra&nisi=pede&volutpat=ac&eleifend=diam&donec=cras&ut=pellentesque&dolor=volutpat&morbi=dui&vel=maecenas&lectus=tristique&in=est&quam=et&fringilla=tempus&rhoncus=semper&mauris=est&enim=quam&leo=pharetra&rhoncus=magna&sed=ac&vestibulum=consequat&sit=metus&amet=sapien&cursus=ut&id=nunc&turpis=vestibulum&integer=ante&aliquet=ipsum&massa=primis&id=in&lobortis=faucibus&convallis=orci&tortor=luctus&risus=et&dapibus=ultrices&augue=posuere&vel=cubilia&accumsan=curae&tellus=mauris&nisi=viverra&eu=diam&orci=vitae&mauris=quam&lacinia=suspendisse&sapien=potenti&quis=nullam&libero=porttitor&nullam=lacus&sit=at&amet=turpis&turpis=donec&elementum=posuere&ligula=metus&vehicula=vitae&consequat=ipsum&morbi=aliquam&a=non&ipsum=mauris&integer=morbi&a=non&nibh=lectus&in=aliquam&quis=sit&justo=amet&maecenas=diam&rhoncus=in&aliquam=magna&lacus=bibendum&morbi=imperdiet&quis=nullam&tortor=orci,TRUE
+https://hibu.com/pede/malesuada/in/imperdiet.html?sem=amet&praesent=sem&id=fusce&massa=consequat&id=nulla&nisl=nisl&venenatis=nunc&lacinia=nisl&aenean=duis&sit=bibendum&amet=felis&justo=sed&morbi=interdum&ut=venenatis&odio=turpis&cras=enim&mi=blandit&pede=mi&malesuada=in&in=porttitor&imperdiet=pede&et=justo&commodo=eu&vulputate=massa&justo=donec&in=dapibus&blandit=duis&ultrices=at&enim=velit&lorem=eu&ipsum=est&dolor=congue&sit=elementum&amet=in&consectetuer=hac&adipiscing=habitasse&elit=platea&proin=dictumst&interdum=morbi&mauris=vestibulum&non=velit&ligula=id&pellentesque=pretium&ultrices=iaculis&phasellus=diam&id=erat&sapien=fermentum&in=justo&sapien=nec&iaculis=condimentum&congue=neque&vivamus=sapien&metus=placerat&arcu=ante&adipiscing=nulla&molestie=justo&hendrerit=aliquam&at=quis&vulputate=turpis&vitae=eget&nisl=elit&aenean=sodales&lectus=scelerisque&pellentesque=mauris&eget=sit&nunc=amet&donec=eros&quis=suspendisse&orci=accumsan&eget=tortor&orci=quis&vehicula=turpis&condimentum=sed&curabitur=ante&in=vivamus,TRUE
+http://bravesites.com/augue/quam/sollicitudin/vitae.jsp?at=non&nulla=velit&suspendisse=donec&potenti=diam&cras=neque&in=vestibulum&purus=eget&eu=vulputate&magna=ut&vulputate=ultrices&luctus=vel&cum=augue&sociis=vestibulum&natoque=ante&penatibus=ipsum&et=primis&magnis=in&dis=faucibus&parturient=orci&montes=luctus&nascetur=et&ridiculus=ultrices&mus=posuere&vivamus=cubilia&vestibulum=curae&sagittis=donec&sapien=pharetra&cum=magna&sociis=vestibulum&natoque=aliquet&penatibus=ultrices&et=erat&magnis=tortor&dis=sollicitudin&parturient=mi&montes=sit&nascetur=amet&ridiculus=lobortis&mus=sapien&etiam=sapien&vel=non&augue=mi&vestibulum=integer&rutrum=ac&rutrum=neque&neque=duis&aenean=bibendum&auctor=morbi&gravida=non&sem=quam&praesent=nec&id=dui&massa=luctus&id=rutrum&nisl=nulla&venenatis=tellus&lacinia=in&aenean=sagittis&sit=dui&amet=vel&justo=nisl&morbi=duis&ut=ac&odio=nibh&cras=fusce&mi=lacus&pede=purus&malesuada=aliquet&in=at&imperdiet=feugiat&et=non&commodo=pretium&vulputate=quis&justo=lectus,TRUE
+http://google.it/sit/amet/lobortis/sapien/sapien.aspx?augue=in&vel=felis&accumsan=donec&tellus=semper&nisi=sapien&eu=a&orci=libero&mauris=nam&lacinia=dui&sapien=proin&quis=leo,TRUE
+https://boston.com/justo/morbi/ut/odio/cras/mi.xml?vel=ligula&augue=vehicula&vestibulum=consequat&rutrum=morbi&rutrum=a&neque=ipsum&aenean=integer&auctor=a&gravida=nibh&sem=in&praesent=quis&id=justo&massa=maecenas&id=rhoncus&nisl=aliquam&venenatis=lacus&lacinia=morbi&aenean=quis&sit=tortor&amet=id&justo=nulla&morbi=ultrices&ut=aliquet&odio=maecenas&cras=leo&mi=odio&pede=condimentum&malesuada=id&in=luctus&imperdiet=nec&et=molestie&commodo=sed&vulputate=justo&justo=pellentesque&in=viverra&blandit=pede&ultrices=ac&enim=diam&lorem=cras&ipsum=pellentesque&dolor=volutpat&sit=dui&amet=maecenas&consectetuer=tristique&adipiscing=est&elit=et&proin=tempus&interdum=semper&mauris=est&non=quam&ligula=pharetra&pellentesque=magna&ultrices=ac&phasellus=consequat&id=metus&sapien=sapien&in=ut&sapien=nunc&iaculis=vestibulum&congue=ante&vivamus=ipsum&metus=primis&arcu=in&adipiscing=faucibus&molestie=orci&hendrerit=luctus&at=et&vulputate=ultrices&vitae=posuere&nisl=cubilia&aenean=curae&lectus=mauris&pellentesque=viverra&eget=diam&nunc=vitae&donec=quam&quis=suspendisse&orci=potenti&eget=nullam&orci=porttitor&vehicula=lacus&condimentum=at&curabitur=turpis&in=donec&libero=posuere&ut=metus&massa=vitae&volutpat=ipsum&convallis=aliquam&morbi=non&odio=mauris&odio=morbi&elementum=non&eu=lectus&interdum=aliquam&eu=sit&tincidunt=amet,TRUE
+https://vk.com/pharetra.jpg?posuere=proin&cubilia=eu&curae=mi&donec=nulla&pharetra=ac&magna=enim&vestibulum=in&aliquet=tempor&ultrices=turpis&erat=nec&tortor=euismod&sollicitudin=scelerisque&mi=quam&sit=turpis&amet=adipiscing&lobortis=lorem&sapien=vitae&sapien=mattis&non=nibh&mi=ligula&integer=nec&ac=sem&neque=duis&duis=aliquam&bibendum=convallis&morbi=nunc&non=proin,TRUE
+http://phpbb.com/lacus/at/turpis.png?duis=sit&bibendum=amet&morbi=sapien&non=dignissim&quam=vestibulum&nec=vestibulum&dui=ante&luctus=ipsum&rutrum=primis&nulla=in&tellus=faucibus&in=orci&sagittis=luctus&dui=et&vel=ultrices&nisl=posuere&duis=cubilia&ac=curae&nibh=nulla&fusce=dapibus&lacus=dolor,TRUE
+https://twitter.com/adipiscing/elit/proin/risus/praesent/lectus/vestibulum.html?felis=justo&donec=morbi&semper=ut&sapien=odio&a=cras&libero=mi&nam=pede&dui=malesuada&proin=in&leo=imperdiet&odio=et&porttitor=commodo&id=vulputate&consequat=justo&in=in&consequat=blandit&ut=ultrices&nulla=enim&sed=lorem&accumsan=ipsum&felis=dolor&ut=sit&at=amet&dolor=consectetuer&quis=adipiscing&odio=elit&consequat=proin&varius=interdum&integer=mauris&ac=non&leo=ligula&pellentesque=pellentesque&ultrices=ultrices&mattis=phasellus&odio=id&donec=sapien&vitae=in&nisi=sapien&nam=iaculis&ultrices=congue&libero=vivamus&non=metus&mattis=arcu&pulvinar=adipiscing&nulla=molestie&pede=hendrerit&ullamcorper=at&augue=vulputate&a=vitae&suscipit=nisl&nulla=aenean&elit=lectus&ac=pellentesque&nulla=eget&sed=nunc&vel=donec&enim=quis&sit=orci&amet=eget&nunc=orci&viverra=vehicula&dapibus=condimentum&nulla=curabitur&suscipit=in&ligula=libero&in=ut&lacus=massa&curabitur=volutpat&at=convallis&ipsum=morbi&ac=odio&tellus=odio&semper=elementum&interdum=eu&mauris=interdum&ullamcorper=eu&purus=tincidunt&sit=in&amet=leo&nulla=maecenas&quisque=pulvinar&arcu=lobortis&libero=est&rutrum=phasellus&ac=sit&lobortis=amet&vel=erat&dapibus=nulla&at=tempus&diam=vivamus&nam=in&tristique=felis&tortor=eu&eu=sapien&pede=cursus,TRUE
+http://nationalgeographic.com/eros/suspendisse.jpg?in=iaculis&quam=justo&fringilla=in&rhoncus=hac&mauris=habitasse&enim=platea&leo=dictumst&rhoncus=etiam&sed=faucibus&vestibulum=cursus,TRUE
+https://posterous.com/porttitor.xml?vestibulum=posuere&sagittis=felis&sapien=sed&cum=lacus&sociis=morbi&natoque=sem&penatibus=mauris&et=laoreet&magnis=ut&dis=rhoncus&parturient=aliquet&montes=pulvinar&nascetur=sed&ridiculus=nisl&mus=nunc&etiam=rhoncus&vel=dui&augue=vel&vestibulum=sem&rutrum=sed&rutrum=sagittis&neque=nam&aenean=congue&auctor=risus&gravida=semper&sem=porta&praesent=volutpat&id=quam&massa=pede&id=lobortis&nisl=ligula&venenatis=sit&lacinia=amet&aenean=eleifend&sit=pede&amet=libero&justo=quis&morbi=orci&ut=nullam&odio=molestie&cras=nibh&mi=in&pede=lectus,TRUE
+https://ted.com/non/quam/nec/dui/luctus/rutrum/nulla.js?in=elementum&faucibus=eu&orci=interdum&luctus=eu&et=tincidunt&ultrices=in&posuere=leo&cubilia=maecenas&curae=pulvinar&nulla=lobortis&dapibus=est&dolor=phasellus&vel=sit&est=amet&donec=erat&odio=nulla&justo=tempus&sollicitudin=vivamus&ut=in&suscipit=felis&a=eu&feugiat=sapien&et=cursus&eros=vestibulum&vestibulum=proin&ac=eu&est=mi&lacinia=nulla&nisi=ac&venenatis=enim&tristique=in&fusce=tempor&congue=turpis,TRUE
+http://nbcnews.com/pulvinar/nulla/pede/ullamcorper.jsp?proin=varius&at=ut&turpis=blandit&a=non&pede=interdum&posuere=in&nonummy=ante&integer=vestibulum&non=ante&velit=ipsum&donec=primis&diam=in&neque=faucibus&vestibulum=orci&eget=luctus&vulputate=et&ut=ultrices&ultrices=posuere&vel=cubilia&augue=curae&vestibulum=duis&ante=faucibus&ipsum=accumsan&primis=odio&in=curabitur&faucibus=convallis&orci=duis&luctus=consequat,TRUE
+http://comcast.net/eget/rutrum/at/lorem.jsp?eros=orci&viverra=luctus&eget=et&congue=ultrices&eget=posuere&semper=cubilia&rutrum=curae&nulla=mauris&nunc=viverra&purus=diam&phasellus=vitae&in=quam&felis=suspendisse&donec=potenti&semper=nullam&sapien=porttitor&a=lacus&libero=at&nam=turpis&dui=donec&proin=posuere&leo=metus&odio=vitae&porttitor=ipsum&id=aliquam&consequat=non&in=mauris&consequat=morbi&ut=non&nulla=lectus&sed=aliquam&accumsan=sit&felis=amet&ut=diam&at=in&dolor=magna&quis=bibendum&odio=imperdiet&consequat=nullam&varius=orci&integer=pede&ac=venenatis&leo=non&pellentesque=sodales&ultrices=sed&mattis=tincidunt&odio=eu&donec=felis&vitae=fusce&nisi=posuere&nam=felis&ultrices=sed&libero=lacus&non=morbi&mattis=sem&pulvinar=mauris&nulla=laoreet&pede=ut&ullamcorper=rhoncus&augue=aliquet&a=pulvinar&suscipit=sed&nulla=nisl&elit=nunc&ac=rhoncus&nulla=dui&sed=vel&vel=sem&enim=sed&sit=sagittis&amet=nam&nunc=congue&viverra=risus&dapibus=semper&nulla=porta&suscipit=volutpat&ligula=quam&in=pede&lacus=lobortis&curabitur=ligula&at=sit&ipsum=amet&ac=eleifend&tellus=pede&semper=libero&interdum=quis&mauris=orci&ullamcorper=nullam&purus=molestie&sit=nibh&amet=in&nulla=lectus&quisque=pellentesque&arcu=at&libero=nulla&rutrum=suspendisse,TRUE
+http://wix.com/vel/dapibus/at/diam/nam.jsp?vel=hendrerit&nisl=at&duis=vulputate&ac=vitae&nibh=nisl&fusce=aenean&lacus=lectus&purus=pellentesque&aliquet=eget&at=nunc&feugiat=donec&non=quis&pretium=orci&quis=eget&lectus=orci&suspendisse=vehicula&potenti=condimentum&in=curabitur&eleifend=in&quam=libero&a=ut&odio=massa&in=volutpat&hac=convallis&habitasse=morbi&platea=odio&dictumst=odio&maecenas=elementum&ut=eu,TRUE
+http://twitpic.com/lacus/at/velit/vivamus/vel/nulla.png?iaculis=vestibulum&justo=ante&in=ipsum&hac=primis&habitasse=in&platea=faucibus&dictumst=orci&etiam=luctus&faucibus=et&cursus=ultrices&urna=posuere&ut=cubilia&tellus=curae&nulla=duis&ut=faucibus&erat=accumsan&id=odio&mauris=curabitur&vulputate=convallis&elementum=duis&nullam=consequat&varius=dui&nulla=nec&facilisi=nisi&cras=volutpat&non=eleifend&velit=donec&nec=ut&nisi=dolor&vulputate=morbi&nonummy=vel&maecenas=lectus&tincidunt=in&lacus=quam&at=fringilla&velit=rhoncus&vivamus=mauris&vel=enim&nulla=leo&eget=rhoncus&eros=sed&elementum=vestibulum&pellentesque=sit&quisque=amet&porta=cursus&volutpat=id&erat=turpis&quisque=integer&erat=aliquet&eros=massa&viverra=id&eget=lobortis&congue=convallis&eget=tortor&semper=risus&rutrum=dapibus&nulla=augue&nunc=vel&purus=accumsan&phasellus=tellus&in=nisi&felis=eu&donec=orci&semper=mauris&sapien=lacinia&a=sapien&libero=quis&nam=libero&dui=nullam&proin=sit&leo=amet&odio=turpis&porttitor=elementum&id=ligula&consequat=vehicula&in=consequat&consequat=morbi&ut=a&nulla=ipsum&sed=integer&accumsan=a&felis=nibh&ut=in&at=quis&dolor=justo&quis=maecenas&odio=rhoncus&consequat=aliquam&varius=lacus&integer=morbi&ac=quis&leo=tortor&pellentesque=id,TRUE
+https://foxnews.com/turpis/adipiscing/lorem/vitae/mattis/nibh.json?vestibulum=nunc&sagittis=nisl&sapien=duis&cum=bibendum&sociis=felis&natoque=sed&penatibus=interdum&et=venenatis&magnis=turpis&dis=enim&parturient=blandit&montes=mi&nascetur=in&ridiculus=porttitor&mus=pede&etiam=justo&vel=eu&augue=massa&vestibulum=donec&rutrum=dapibus&rutrum=duis&neque=at&aenean=velit&auctor=eu&gravida=est&sem=congue&praesent=elementum&id=in&massa=hac&id=habitasse&nisl=platea&venenatis=dictumst&lacinia=morbi&aenean=vestibulum&sit=velit&amet=id&justo=pretium&morbi=iaculis&ut=diam&odio=erat&cras=fermentum&mi=justo&pede=nec&malesuada=condimentum&in=neque&imperdiet=sapien&et=placerat&commodo=ante&vulputate=nulla&justo=justo&in=aliquam&blandit=quis,TRUE
+http://nih.gov/nisi/vulputate/nonummy/maecenas/tincidunt.json?aliquet=aliquet&pulvinar=massa&sed=id&nisl=lobortis&nunc=convallis&rhoncus=tortor&dui=risus&vel=dapibus&sem=augue&sed=vel&sagittis=accumsan&nam=tellus&congue=nisi&risus=eu&semper=orci&porta=mauris&volutpat=lacinia&quam=sapien&pede=quis&lobortis=libero&ligula=nullam&sit=sit&amet=amet&eleifend=turpis&pede=elementum&libero=ligula&quis=vehicula&orci=consequat&nullam=morbi&molestie=a&nibh=ipsum&in=integer&lectus=a&pellentesque=nibh&at=in&nulla=quis&suspendisse=justo&potenti=maecenas&cras=rhoncus&in=aliquam&purus=lacus&eu=morbi&magna=quis&vulputate=tortor&luctus=id&cum=nulla&sociis=ultrices&natoque=aliquet&penatibus=maecenas&et=leo&magnis=odio&dis=condimentum&parturient=id&montes=luctus&nascetur=nec&ridiculus=molestie&mus=sed&vivamus=justo&vestibulum=pellentesque&sagittis=viverra&sapien=pede&cum=ac&sociis=diam&natoque=cras&penatibus=pellentesque&et=volutpat&magnis=dui&dis=maecenas&parturient=tristique&montes=est&nascetur=et,TRUE
+https://umich.edu/hendrerit/at/vulputate.html?pede=nunc&posuere=commodo&nonummy=placerat&integer=praesent&non=blandit&velit=nam&donec=nulla&diam=integer&neque=pede&vestibulum=justo&eget=lacinia&vulputate=eget&ut=tincidunt&ultrices=eget&vel=tempus&augue=vel&vestibulum=pede&ante=morbi&ipsum=porttitor&primis=lorem&in=id&faucibus=ligula&orci=suspendisse&luctus=ornare&et=consequat&ultrices=lectus&posuere=in&cubilia=est&curae=risus&donec=auctor&pharetra=sed&magna=tristique&vestibulum=in&aliquet=tempus&ultrices=sit&erat=amet&tortor=sem&sollicitudin=fusce&mi=consequat&sit=nulla&amet=nisl&lobortis=nunc&sapien=nisl&sapien=duis&non=bibendum&mi=felis&integer=sed&ac=interdum&neque=venenatis&duis=turpis&bibendum=enim&morbi=blandit&non=mi&quam=in&nec=porttitor&dui=pede&luctus=justo&rutrum=eu&nulla=massa&tellus=donec&in=dapibus&sagittis=duis&dui=at&vel=velit&nisl=eu&duis=est&ac=congue&nibh=elementum&fusce=in&lacus=hac&purus=habitasse&aliquet=platea&at=dictumst&feugiat=morbi&non=vestibulum&pretium=velit&quis=id&lectus=pretium&suspendisse=iaculis&potenti=diam&in=erat&eleifend=fermentum&quam=justo&a=nec&odio=condimentum&in=neque&hac=sapien&habitasse=placerat&platea=ante&dictumst=nulla&maecenas=justo&ut=aliquam&massa=quis&quis=turpis&augue=eget&luctus=elit,TRUE
+https://reverbnation.com/ligula/suspendisse/ornare/consequat.html?porttitor=erat&id=vestibulum&consequat=sed&in=magna&consequat=at&ut=nunc&nulla=commodo,TRUE
+https://elegantthemes.com/risus/dapibus.jpg?quis=dis&orci=parturient&eget=montes&orci=nascetur&vehicula=ridiculus&condimentum=mus&curabitur=vivamus&in=vestibulum&libero=sagittis&ut=sapien&massa=cum&volutpat=sociis&convallis=natoque&morbi=penatibus&odio=et&odio=magnis&elementum=dis&eu=parturient&interdum=montes&eu=nascetur&tincidunt=ridiculus&in=mus&leo=etiam&maecenas=vel&pulvinar=augue&lobortis=vestibulum&est=rutrum&phasellus=rutrum&sit=neque&amet=aenean&erat=auctor&nulla=gravida&tempus=sem&vivamus=praesent&in=id&felis=massa,TRUE
+http://bandcamp.com/erat/eros/viverra/eget/congue.jsp?libero=dui&quis=nec&orci=nisi&nullam=volutpat&molestie=eleifend&nibh=donec&in=ut&lectus=dolor&pellentesque=morbi&at=vel&nulla=lectus&suspendisse=in&potenti=quam&cras=fringilla&in=rhoncus&purus=mauris&eu=enim&magna=leo&vulputate=rhoncus&luctus=sed&cum=vestibulum&sociis=sit&natoque=amet&penatibus=cursus&et=id&magnis=turpis&dis=integer&parturient=aliquet&montes=massa&nascetur=id&ridiculus=lobortis&mus=convallis&vivamus=tortor&vestibulum=risus&sagittis=dapibus&sapien=augue&cum=vel&sociis=accumsan&natoque=tellus&penatibus=nisi&et=eu&magnis=orci&dis=mauris&parturient=lacinia&montes=sapien&nascetur=quis&ridiculus=libero&mus=nullam&etiam=sit&vel=amet&augue=turpis&vestibulum=elementum&rutrum=ligula&rutrum=vehicula&neque=consequat&aenean=morbi&auctor=a&gravida=ipsum&sem=integer&praesent=a&id=nibh&massa=in&id=quis&nisl=justo&venenatis=maecenas&lacinia=rhoncus&aenean=aliquam&sit=lacus&amet=morbi&justo=quis&morbi=tortor&ut=id&odio=nulla&cras=ultrices&mi=aliquet&pede=maecenas&malesuada=leo&in=odio&imperdiet=condimentum&et=id&commodo=luctus&vulputate=nec&justo=molestie&in=sed&blandit=justo&ultrices=pellentesque&enim=viverra&lorem=pede&ipsum=ac&dolor=diam&sit=cras&amet=pellentesque&consectetuer=volutpat&adipiscing=dui&elit=maecenas&proin=tristique,TRUE
+http://seattletimes.com/ligula/sit/amet/eleifend/pede.aspx?in=faucibus&faucibus=orci&orci=luctus&luctus=et&et=ultrices&ultrices=posuere&posuere=cubilia&cubilia=curae&curae=mauris&nulla=viverra&dapibus=diam&dolor=vitae&vel=quam&est=suspendisse&donec=potenti&odio=nullam&justo=porttitor&sollicitudin=lacus&ut=at&suscipit=turpis&a=donec&feugiat=posuere&et=metus&eros=vitae&vestibulum=ipsum&ac=aliquam&est=non,TRUE
+http://drupal.org/vestibulum/ante/ipsum/primis/in.aspx?nisl=turpis&ut=nec&volutpat=euismod&sapien=scelerisque&arcu=quam&sed=turpis&augue=adipiscing&aliquam=lorem&erat=vitae&volutpat=mattis&in=nibh&congue=ligula&etiam=nec&justo=sem&etiam=duis&pretium=aliquam&iaculis=convallis&justo=nunc&in=proin&hac=at&habitasse=turpis&platea=a&dictumst=pede&etiam=posuere&faucibus=nonummy&cursus=integer&urna=non&ut=velit&tellus=donec&nulla=diam&ut=neque&erat=vestibulum&id=eget&mauris=vulputate&vulputate=ut&elementum=ultrices&nullam=vel&varius=augue&nulla=vestibulum&facilisi=ante&cras=ipsum&non=primis&velit=in&nec=faucibus&nisi=orci&vulputate=luctus&nonummy=et&maecenas=ultrices&tincidunt=posuere&lacus=cubilia&at=curae&velit=donec&vivamus=pharetra&vel=magna&nulla=vestibulum&eget=aliquet&eros=ultrices&elementum=erat&pellentesque=tortor&quisque=sollicitudin&porta=mi&volutpat=sit&erat=amet&quisque=lobortis&erat=sapien&eros=sapien&viverra=non&eget=mi&congue=integer&eget=ac&semper=neque&rutrum=duis&nulla=bibendum&nunc=morbi&purus=non&phasellus=quam&in=nec&felis=dui&donec=luctus&semper=rutrum&sapien=nulla&a=tellus&libero=in,TRUE
+https://newyorker.com/eu/orci/mauris/lacinia.html?erat=eros&tortor=suspendisse&sollicitudin=accumsan&mi=tortor&sit=quis&amet=turpis&lobortis=sed&sapien=ante&sapien=vivamus&non=tortor&mi=duis&integer=mattis&ac=egestas&neque=metus&duis=aenean&bibendum=fermentum&morbi=donec&non=ut&quam=mauris&nec=eget,TRUE
+http://alexa.com/vehicula/condimentum/curabitur/in/libero.json?cubilia=vel&curae=nulla&donec=eget&pharetra=eros&magna=elementum&vestibulum=pellentesque&aliquet=quisque&ultrices=porta&erat=volutpat&tortor=erat&sollicitudin=quisque&mi=erat&sit=eros&amet=viverra&lobortis=eget&sapien=congue&sapien=eget&non=semper&mi=rutrum&integer=nulla&ac=nunc&neque=purus&duis=phasellus&bibendum=in&morbi=felis&non=donec&quam=semper&nec=sapien&dui=a&luctus=libero&rutrum=nam&nulla=dui&tellus=proin&in=leo&sagittis=odio&dui=porttitor&vel=id&nisl=consequat&duis=in&ac=consequat&nibh=ut&fusce=nulla&lacus=sed&purus=accumsan&aliquet=felis&at=ut&feugiat=at&non=dolor&pretium=quis&quis=odio&lectus=consequat&suspendisse=varius&potenti=integer&in=ac&eleifend=leo&quam=pellentesque&a=ultrices&odio=mattis&in=odio&hac=donec&habitasse=vitae&platea=nisi&dictumst=nam&maecenas=ultrices&ut=libero&massa=non&quis=mattis&augue=pulvinar&luctus=nulla&tincidunt=pede&nulla=ullamcorper&mollis=augue&molestie=a&lorem=suscipit&quisque=nulla&ut=elit&erat=ac,TRUE
+http://linkedin.com/massa/id/lobortis/convallis/tortor.jsp?vitae=justo&consectetuer=nec&eget=condimentum&rutrum=neque&at=sapien&lorem=placerat&integer=ante&tincidunt=nulla&ante=justo&vel=aliquam&ipsum=quis&praesent=turpis&blandit=eget&lacinia=elit&erat=sodales&vestibulum=scelerisque&sed=mauris&magna=sit&at=amet&nunc=eros&commodo=suspendisse&placerat=accumsan&praesent=tortor&blandit=quis&nam=turpis&nulla=sed&integer=ante&pede=vivamus&justo=tortor&lacinia=duis&eget=mattis&tincidunt=egestas&eget=metus&tempus=aenean&vel=fermentum&pede=donec&morbi=ut&porttitor=mauris&lorem=eget&id=massa&ligula=tempor&suspendisse=convallis&ornare=nulla&consequat=neque&lectus=libero&in=convallis&est=eget&risus=eleifend&auctor=luctus&sed=ultricies&tristique=eu&in=nibh&tempus=quisque&sit=id&amet=justo&sem=sit&fusce=amet&consequat=sapien&nulla=dignissim&nisl=vestibulum&nunc=vestibulum&nisl=ante&duis=ipsum&bibendum=primis&felis=in&sed=faucibus&interdum=orci&venenatis=luctus&turpis=et&enim=ultrices&blandit=posuere&mi=cubilia&in=curae&porttitor=nulla&pede=dapibus&justo=dolor&eu=vel&massa=est&donec=donec&dapibus=odio&duis=justo&at=sollicitudin&velit=ut&eu=suscipit,TRUE
+http://loc.gov/cursus/urna/ut/tellus.html?sagittis=orci&sapien=luctus&cum=et&sociis=ultrices&natoque=posuere&penatibus=cubilia&et=curae&magnis=nulla&dis=dapibus&parturient=dolor&montes=vel&nascetur=est&ridiculus=donec&mus=odio&etiam=justo&vel=sollicitudin&augue=ut&vestibulum=suscipit&rutrum=a&rutrum=feugiat&neque=et&aenean=eros&auctor=vestibulum&gravida=ac&sem=est&praesent=lacinia&id=nisi&massa=venenatis&id=tristique&nisl=fusce&venenatis=congue&lacinia=diam&aenean=id&sit=ornare&amet=imperdiet&justo=sapien,TRUE
+https://topsy.com/urna/pretium/nisl.jpg?lobortis=proin&est=interdum&phasellus=mauris&sit=non&amet=ligula&erat=pellentesque&nulla=ultrices&tempus=phasellus&vivamus=id&in=sapien&felis=in&eu=sapien&sapien=iaculis&cursus=congue&vestibulum=vivamus&proin=metus&eu=arcu&mi=adipiscing&nulla=molestie&ac=hendrerit&enim=at&in=vulputate&tempor=vitae&turpis=nisl&nec=aenean&euismod=lectus&scelerisque=pellentesque&quam=eget&turpis=nunc&adipiscing=donec&lorem=quis&vitae=orci&mattis=eget&nibh=orci&ligula=vehicula&nec=condimentum&sem=curabitur&duis=in&aliquam=libero&convallis=ut&nunc=massa&proin=volutpat&at=convallis&turpis=morbi&a=odio&pede=odio&posuere=elementum&nonummy=eu&integer=interdum&non=eu&velit=tincidunt&donec=in&diam=leo&neque=maecenas&vestibulum=pulvinar&eget=lobortis&vulputate=est&ut=phasellus&ultrices=sit&vel=amet&augue=erat&vestibulum=nulla&ante=tempus&ipsum=vivamus&primis=in&in=felis&faucibus=eu&orci=sapien&luctus=cursus&et=vestibulum&ultrices=proin&posuere=eu&cubilia=mi&curae=nulla&donec=ac&pharetra=enim&magna=in&vestibulum=tempor&aliquet=turpis&ultrices=nec&erat=euismod&tortor=scelerisque&sollicitudin=quam&mi=turpis&sit=adipiscing&amet=lorem&lobortis=vitae&sapien=mattis&sapien=nibh&non=ligula&mi=nec&integer=sem&ac=duis&neque=aliquam,TRUE
+https://army.mil/felis/eu/sapien/cursus/vestibulum/proin.xml?id=a&turpis=odio,TRUE
+http://wordpress.com/volutpat/quam/pede.js?scelerisque=primis&mauris=in&sit=faucibus&amet=orci&eros=luctus&suspendisse=et&accumsan=ultrices&tortor=posuere&quis=cubilia&turpis=curae&sed=mauris&ante=viverra&vivamus=diam&tortor=vitae&duis=quam&mattis=suspendisse&egestas=potenti&metus=nullam&aenean=porttitor&fermentum=lacus&donec=at&ut=turpis&mauris=donec&eget=posuere&massa=metus&tempor=vitae&convallis=ipsum&nulla=aliquam&neque=non&libero=mauris&convallis=morbi&eget=non&eleifend=lectus&luctus=aliquam&ultricies=sit&eu=amet&nibh=diam&quisque=in&id=magna&justo=bibendum&sit=imperdiet&amet=nullam&sapien=orci&dignissim=pede&vestibulum=venenatis&vestibulum=non&ante=sodales&ipsum=sed&primis=tincidunt&in=eu&faucibus=felis&orci=fusce&luctus=posuere&et=felis&ultrices=sed&posuere=lacus&cubilia=morbi&curae=sem&nulla=mauris&dapibus=laoreet&dolor=ut&vel=rhoncus&est=aliquet&donec=pulvinar&odio=sed&justo=nisl&sollicitudin=nunc&ut=rhoncus&suscipit=dui&a=vel&feugiat=sem&et=sed&eros=sagittis&vestibulum=nam&ac=congue&est=risus&lacinia=semper&nisi=porta&venenatis=volutpat&tristique=quam&fusce=pede&congue=lobortis&diam=ligula&id=sit&ornare=amet&imperdiet=eleifend&sapien=pede&urna=libero&pretium=quis&nisl=orci&ut=nullam&volutpat=molestie,TRUE
+http://army.mil/pellentesque/ultrices.png?euismod=tempus&scelerisque=vivamus&quam=in,TRUE
+http://ucoz.ru/diam/erat/fermentum/justo.html?et=at&ultrices=turpis&posuere=a&cubilia=pede&curae=posuere&donec=nonummy&pharetra=integer&magna=non&vestibulum=velit&aliquet=donec&ultrices=diam&erat=neque&tortor=vestibulum&sollicitudin=eget&mi=vulputate&sit=ut&amet=ultrices&lobortis=vel&sapien=augue&sapien=vestibulum&non=ante&mi=ipsum&integer=primis&ac=in,TRUE
+https://java.com/maecenas/tincidunt/lacus/at/velit.xml?facilisi=amet&cras=eleifend,TRUE
+http://google.es/in/sapien.aspx?pede=donec&justo=ut&lacinia=mauris&eget=eget&tincidunt=massa&eget=tempor&tempus=convallis&vel=nulla&pede=neque&morbi=libero&porttitor=convallis&lorem=eget&id=eleifend&ligula=luctus&suspendisse=ultricies&ornare=eu&consequat=nibh&lectus=quisque&in=id&est=justo&risus=sit&auctor=amet&sed=sapien&tristique=dignissim,TRUE
+https://rambler.ru/pede.aspx?mauris=nullam&laoreet=porttitor&ut=lacus&rhoncus=at&aliquet=turpis&pulvinar=donec&sed=posuere&nisl=metus&nunc=vitae&rhoncus=ipsum&dui=aliquam&vel=non&sem=mauris&sed=morbi&sagittis=non&nam=lectus&congue=aliquam&risus=sit&semper=amet&porta=diam&volutpat=in&quam=magna&pede=bibendum&lobortis=imperdiet&ligula=nullam&sit=orci&amet=pede&eleifend=venenatis&pede=non&libero=sodales&quis=sed&orci=tincidunt&nullam=eu&molestie=felis&nibh=fusce&in=posuere&lectus=felis&pellentesque=sed&at=lacus&nulla=morbi&suspendisse=sem&potenti=mauris&cras=laoreet&in=ut&purus=rhoncus&eu=aliquet&magna=pulvinar&vulputate=sed&luctus=nisl&cum=nunc&sociis=rhoncus&natoque=dui&penatibus=vel&et=sem&magnis=sed&dis=sagittis&parturient=nam&montes=congue&nascetur=risus&ridiculus=semper&mus=porta&vivamus=volutpat&vestibulum=quam&sagittis=pede&sapien=lobortis&cum=ligula&sociis=sit&natoque=amet&penatibus=eleifend&et=pede&magnis=libero&dis=quis&parturient=orci&montes=nullam&nascetur=molestie&ridiculus=nibh&mus=in&etiam=lectus&vel=pellentesque&augue=at&vestibulum=nulla&rutrum=suspendisse&rutrum=potenti&neque=cras&aenean=in&auctor=purus&gravida=eu&sem=magna&praesent=vulputate&id=luctus&massa=cum&id=sociis&nisl=natoque&venenatis=penatibus&lacinia=et&aenean=magnis,TRUE
+https://simplemachines.org/cubilia/curae.html?fringilla=integer&rhoncus=non&mauris=velit&enim=donec&leo=diam&rhoncus=neque&sed=vestibulum&vestibulum=eget&sit=vulputate&amet=ut&cursus=ultrices&id=vel&turpis=augue&integer=vestibulum&aliquet=ante&massa=ipsum&id=primis&lobortis=in&convallis=faucibus&tortor=orci&risus=luctus&dapibus=et&augue=ultrices&vel=posuere&accumsan=cubilia&tellus=curae&nisi=donec&eu=pharetra&orci=magna&mauris=vestibulum&lacinia=aliquet&sapien=ultrices&quis=erat&libero=tortor&nullam=sollicitudin&sit=mi&amet=sit&turpis=amet&elementum=lobortis&ligula=sapien&vehicula=sapien&consequat=non&morbi=mi&a=integer&ipsum=ac&integer=neque&a=duis&nibh=bibendum&in=morbi&quis=non&justo=quam&maecenas=nec&rhoncus=dui&aliquam=luctus&lacus=rutrum&morbi=nulla&quis=tellus&tortor=in&id=sagittis&nulla=dui&ultrices=vel&aliquet=nisl&maecenas=duis&leo=ac&odio=nibh&condimentum=fusce&id=lacus&luctus=purus&nec=aliquet&molestie=at&sed=feugiat&justo=non&pellentesque=pretium&viverra=quis&pede=lectus&ac=suspendisse&diam=potenti&cras=in&pellentesque=eleifend&volutpat=quam&dui=a&maecenas=odio&tristique=in&est=hac&et=habitasse&tempus=platea&semper=dictumst&est=maecenas&quam=ut&pharetra=massa&magna=quis&ac=augue&consequat=luctus&metus=tincidunt,TRUE
+https://ifeng.com/parturient/montes/nascetur/ridiculus/mus/etiam.jsp?amet=vehicula&sapien=condimentum&dignissim=curabitur&vestibulum=in&vestibulum=libero&ante=ut&ipsum=massa&primis=volutpat&in=convallis&faucibus=morbi&orci=odio&luctus=odio&et=elementum&ultrices=eu&posuere=interdum&cubilia=eu&curae=tincidunt&nulla=in&dapibus=leo&dolor=maecenas&vel=pulvinar&est=lobortis&donec=est&odio=phasellus&justo=sit&sollicitudin=amet&ut=erat&suscipit=nulla&a=tempus&feugiat=vivamus&et=in&eros=felis&vestibulum=eu&ac=sapien&est=cursus&lacinia=vestibulum&nisi=proin&venenatis=eu&tristique=mi&fusce=nulla&congue=ac&diam=enim&id=in&ornare=tempor&imperdiet=turpis&sapien=nec&urna=euismod&pretium=scelerisque&nisl=quam&ut=turpis&volutpat=adipiscing&sapien=lorem&arcu=vitae&sed=mattis&augue=nibh&aliquam=ligula&erat=nec&volutpat=sem&in=duis&congue=aliquam&etiam=convallis&justo=nunc&etiam=proin&pretium=at&iaculis=turpis&justo=a&in=pede&hac=posuere&habitasse=nonummy&platea=integer&dictumst=non&etiam=velit&faucibus=donec&cursus=diam&urna=neque&ut=vestibulum&tellus=eget&nulla=vulputate&ut=ut&erat=ultrices&id=vel,TRUE
+http://apple.com/pellentesque/viverra/pede/ac/diam.json?sollicitudin=auctor&ut=sed&suscipit=tristique&a=in&feugiat=tempus&et=sit&eros=amet&vestibulum=sem&ac=fusce&est=consequat&lacinia=nulla&nisi=nisl&venenatis=nunc&tristique=nisl&fusce=duis&congue=bibendum&diam=felis&id=sed&ornare=interdum&imperdiet=venenatis&sapien=turpis&urna=enim&pretium=blandit&nisl=mi&ut=in&volutpat=porttitor&sapien=pede&arcu=justo&sed=eu&augue=massa&aliquam=donec&erat=dapibus&volutpat=duis&in=at&congue=velit&etiam=eu&justo=est&etiam=congue&pretium=elementum&iaculis=in&justo=hac&in=habitasse&hac=platea&habitasse=dictumst&platea=morbi&dictumst=vestibulum&etiam=velit&faucibus=id&cursus=pretium&urna=iaculis&ut=diam&tellus=erat&nulla=fermentum&ut=justo&erat=nec&id=condimentum&mauris=neque&vulputate=sapien&elementum=placerat&nullam=ante&varius=nulla&nulla=justo&facilisi=aliquam&cras=quis&non=turpis&velit=eget&nec=elit&nisi=sodales&vulputate=scelerisque&nonummy=mauris&maecenas=sit&tincidunt=amet&lacus=eros&at=suspendisse&velit=accumsan&vivamus=tortor&vel=quis&nulla=turpis&eget=sed&eros=ante&elementum=vivamus&pellentesque=tortor,TRUE
+http://independent.co.uk/dapibus/augue/vel/accumsan/tellus/nisi/eu.js?in=aliquet&magna=pulvinar&bibendum=sed&imperdiet=nisl&nullam=nunc&orci=rhoncus&pede=dui&venenatis=vel&non=sem&sodales=sed&sed=sagittis&tincidunt=nam&eu=congue&felis=risus&fusce=semper&posuere=porta&felis=volutpat&sed=quam,TRUE
+http://virginia.edu/duis/aliquam/convallis.jpg?accumsan=interdum&odio=eu&curabitur=tincidunt&convallis=in&duis=leo&consequat=maecenas&dui=pulvinar&nec=lobortis&nisi=est&volutpat=phasellus&eleifend=sit&donec=amet&ut=erat&dolor=nulla&morbi=tempus&vel=vivamus&lectus=in&in=felis&quam=eu&fringilla=sapien&rhoncus=cursus&mauris=vestibulum&enim=proin&leo=eu&rhoncus=mi&sed=nulla&vestibulum=ac&sit=enim&amet=in&cursus=tempor&id=turpis&turpis=nec&integer=euismod&aliquet=scelerisque&massa=quam&id=turpis&lobortis=adipiscing&convallis=lorem&tortor=vitae&risus=mattis&dapibus=nibh&augue=ligula&vel=nec&accumsan=sem&tellus=duis&nisi=aliquam&eu=convallis,TRUE
+https://sciencedaily.com/mattis/odio/donec/vitae/nisi.js?ante=curae&vestibulum=mauris&ante=viverra&ipsum=diam&primis=vitae&in=quam&faucibus=suspendisse&orci=potenti&luctus=nullam&et=porttitor&ultrices=lacus&posuere=at&cubilia=turpis&curae=donec&duis=posuere&faucibus=metus&accumsan=vitae&odio=ipsum&curabitur=aliquam&convallis=non&duis=mauris&consequat=morbi&dui=non&nec=lectus&nisi=aliquam&volutpat=sit&eleifend=amet&donec=diam&ut=in&dolor=magna&morbi=bibendum&vel=imperdiet&lectus=nullam&in=orci&quam=pede&fringilla=venenatis&rhoncus=non&mauris=sodales&enim=sed&leo=tincidunt&rhoncus=eu&sed=felis&vestibulum=fusce&sit=posuere&amet=felis&cursus=sed&id=lacus&turpis=morbi&integer=sem&aliquet=mauris&massa=laoreet&id=ut&lobortis=rhoncus&convallis=aliquet&tortor=pulvinar&risus=sed&dapibus=nisl&augue=nunc&vel=rhoncus&accumsan=dui&tellus=vel&nisi=sem&eu=sed&orci=sagittis&mauris=nam&lacinia=congue&sapien=risus&quis=semper&libero=porta&nullam=volutpat&sit=quam&amet=pede&turpis=lobortis&elementum=ligula&ligula=sit&vehicula=amet&consequat=eleifend&morbi=pede&a=libero&ipsum=quis&integer=orci&a=nullam&nibh=molestie&in=nibh&quis=in&justo=lectus&maecenas=pellentesque&rhoncus=at&aliquam=nulla&lacus=suspendisse&morbi=potenti&quis=cras&tortor=in,TRUE
+https://i2i.jp/nisl/aenean/lectus/pellentesque/eget.aspx?aliquam=parturient&erat=montes&volutpat=nascetur&in=ridiculus&congue=mus&etiam=vivamus&justo=vestibulum&etiam=sagittis&pretium=sapien&iaculis=cum&justo=sociis&in=natoque&hac=penatibus&habitasse=et&platea=magnis&dictumst=dis&etiam=parturient&faucibus=montes&cursus=nascetur&urna=ridiculus&ut=mus&tellus=etiam&nulla=vel&ut=augue&erat=vestibulum&id=rutrum&mauris=rutrum&vulputate=neque&elementum=aenean&nullam=auctor&varius=gravida&nulla=sem&facilisi=praesent&cras=id&non=massa&velit=id&nec=nisl&nisi=venenatis&vulputate=lacinia&nonummy=aenean&maecenas=sit&tincidunt=amet&lacus=justo,TRUE
+https://163.com/accumsan/tellus/nisi/eu.json?metus=mi,TRUE
+https://columbia.edu/felis/donec/semper/sapien/a.aspx?dis=proin&parturient=eu&montes=mi&nascetur=nulla&ridiculus=ac&mus=enim&vivamus=in&vestibulum=tempor&sagittis=turpis&sapien=nec&cum=euismod&sociis=scelerisque&natoque=quam&penatibus=turpis&et=adipiscing&magnis=lorem&dis=vitae&parturient=mattis&montes=nibh&nascetur=ligula&ridiculus=nec&mus=sem&etiam=duis&vel=aliquam&augue=convallis&vestibulum=nunc&rutrum=proin&rutrum=at&neque=turpis&aenean=a&auctor=pede&gravida=posuere&sem=nonummy&praesent=integer&id=non&massa=velit&id=donec&nisl=diam&venenatis=neque&lacinia=vestibulum&aenean=eget&sit=vulputate&amet=ut&justo=ultrices&morbi=vel&ut=augue&odio=vestibulum&cras=ante&mi=ipsum&pede=primis&malesuada=in&in=faucibus&imperdiet=orci&et=luctus&commodo=et&vulputate=ultrices&justo=posuere&in=cubilia&blandit=curae&ultrices=donec&enim=pharetra&lorem=magna&ipsum=vestibulum&dolor=aliquet&sit=ultrices&amet=erat,TRUE
+https://theglobeandmail.com/justo/lacinia/eget/tincidunt.jsp?luctus=non&et=velit,TRUE
+http://dailymotion.com/pede/libero.aspx?ut=sit&erat=amet&curabitur=lobortis&gravida=sapien&nisi=sapien&at=non&nibh=mi&in=integer&hac=ac&habitasse=neque&platea=duis&dictumst=bibendum&aliquam=morbi&augue=non&quam=quam&sollicitudin=nec&vitae=dui&consectetuer=luctus&eget=rutrum&rutrum=nulla&at=tellus&lorem=in&integer=sagittis&tincidunt=dui&ante=vel&vel=nisl&ipsum=duis&praesent=ac&blandit=nibh&lacinia=fusce,TRUE
+http://cnn.com/dis/parturient/montes/nascetur/ridiculus.jsp?nibh=nonummy&in=maecenas&hac=tincidunt&habitasse=lacus&platea=at&dictumst=velit&aliquam=vivamus&augue=vel&quam=nulla&sollicitudin=eget&vitae=eros&consectetuer=elementum&eget=pellentesque&rutrum=quisque&at=porta&lorem=volutpat&integer=erat&tincidunt=quisque&ante=erat&vel=eros&ipsum=viverra&praesent=eget&blandit=congue&lacinia=eget&erat=semper&vestibulum=rutrum&sed=nulla&magna=nunc&at=purus&nunc=phasellus&commodo=in&placerat=felis&praesent=donec&blandit=semper&nam=sapien&nulla=a&integer=libero&pede=nam&justo=dui&lacinia=proin&eget=leo&tincidunt=odio&eget=porttitor&tempus=id&vel=consequat&pede=in&morbi=consequat&porttitor=ut&lorem=nulla&id=sed&ligula=accumsan&suspendisse=felis&ornare=ut&consequat=at&lectus=dolor,TRUE
+https://github.io/vehicula/condimentum/curabitur/in.jpg?lectus=proin&in=risus&est=praesent&risus=lectus&auctor=vestibulum&sed=quam&tristique=sapien&in=varius&tempus=ut&sit=blandit&amet=non&sem=interdum&fusce=in&consequat=ante&nulla=vestibulum&nisl=ante,TRUE
+https://hostgator.com/magna/vestibulum.js?integer=convallis&ac=eget&leo=eleifend&pellentesque=luctus&ultrices=ultricies&mattis=eu&odio=nibh&donec=quisque&vitae=id&nisi=justo&nam=sit&ultrices=amet&libero=sapien&non=dignissim&mattis=vestibulum&pulvinar=vestibulum&nulla=ante&pede=ipsum&ullamcorper=primis&augue=in&a=faucibus&suscipit=orci&nulla=luctus&elit=et&ac=ultrices&nulla=posuere&sed=cubilia&vel=curae&enim=nulla&sit=dapibus&amet=dolor&nunc=vel&viverra=est&dapibus=donec&nulla=odio&suscipit=justo&ligula=sollicitudin&in=ut&lacus=suscipit&curabitur=a&at=feugiat&ipsum=et&ac=eros&tellus=vestibulum&semper=ac&interdum=est&mauris=lacinia,TRUE
+https://accuweather.com/risus/semper/porta/volutpat/quam.jpg?nulla=eget&suspendisse=nunc&potenti=donec&cras=quis&in=orci&purus=eget&eu=orci&magna=vehicula&vulputate=condimentum&luctus=curabitur&cum=in&sociis=libero&natoque=ut&penatibus=massa&et=volutpat&magnis=convallis&dis=morbi&parturient=odio&montes=odio&nascetur=elementum&ridiculus=eu&mus=interdum&vivamus=eu&vestibulum=tincidunt&sagittis=in&sapien=leo&cum=maecenas&sociis=pulvinar&natoque=lobortis&penatibus=est&et=phasellus&magnis=sit&dis=amet&parturient=erat&montes=nulla&nascetur=tempus&ridiculus=vivamus&mus=in&etiam=felis&vel=eu&augue=sapien&vestibulum=cursus&rutrum=vestibulum&rutrum=proin&neque=eu&aenean=mi&auctor=nulla&gravida=ac&sem=enim&praesent=in&id=tempor&massa=turpis&id=nec&nisl=euismod&venenatis=scelerisque&lacinia=quam&aenean=turpis,TRUE
+http://taobao.com/turpis/elementum/ligula/vehicula.jpg?erat=in&vestibulum=lectus&sed=pellentesque&magna=at,TRUE
+http://businessinsider.com/dis/parturient/montes/nascetur/ridiculus.json?blandit=nisl&non=venenatis&interdum=lacinia&in=aenean&ante=sit&vestibulum=amet&ante=justo&ipsum=morbi&primis=ut&in=odio&faucibus=cras&orci=mi&luctus=pede&et=malesuada&ultrices=in&posuere=imperdiet&cubilia=et&curae=commodo&duis=vulputate&faucibus=justo&accumsan=in&odio=blandit&curabitur=ultrices&convallis=enim&duis=lorem&consequat=ipsum&dui=dolor&nec=sit&nisi=amet&volutpat=consectetuer&eleifend=adipiscing&donec=elit&ut=proin&dolor=interdum&morbi=mauris&vel=non&lectus=ligula&in=pellentesque,TRUE
+http://cbsnews.com/dui/proin/leo/odio/porttitor/id/consequat.aspx?odio=potenti&elementum=cras&eu=in&interdum=purus&eu=eu&tincidunt=magna&in=vulputate&leo=luctus&maecenas=cum&pulvinar=sociis&lobortis=natoque&est=penatibus&phasellus=et&sit=magnis&amet=dis&erat=parturient&nulla=montes&tempus=nascetur&vivamus=ridiculus&in=mus&felis=vivamus&eu=vestibulum&sapien=sagittis&cursus=sapien&vestibulum=cum&proin=sociis&eu=natoque&mi=penatibus&nulla=et&ac=magnis&enim=dis&in=parturient&tempor=montes&turpis=nascetur&nec=ridiculus&euismod=mus&scelerisque=etiam&quam=vel&turpis=augue&adipiscing=vestibulum&lorem=rutrum&vitae=rutrum&mattis=neque&nibh=aenean&ligula=auctor&nec=gravida&sem=sem&duis=praesent&aliquam=id&convallis=massa&nunc=id&proin=nisl&at=venenatis&turpis=lacinia&a=aenean&pede=sit&posuere=amet&nonummy=justo&integer=morbi&non=ut&velit=odio&donec=cras&diam=mi,TRUE
+http://rakuten.co.jp/quis.jsp?vel=amet,TRUE
+https://stumbleupon.com/integer/a/nibh/in/quis.aspx?commodo=nunc&vulputate=purus&justo=phasellus&in=in&blandit=felis&ultrices=donec&enim=semper&lorem=sapien&ipsum=a&dolor=libero&sit=nam&amet=dui&consectetuer=proin&adipiscing=leo&elit=odio&proin=porttitor&interdum=id&mauris=consequat&non=in&ligula=consequat&pellentesque=ut&ultrices=nulla&phasellus=sed&id=accumsan&sapien=felis&in=ut&sapien=at&iaculis=dolor&congue=quis&vivamus=odio&metus=consequat&arcu=varius&adipiscing=integer&molestie=ac&hendrerit=leo&at=pellentesque&vulputate=ultrices&vitae=mattis&nisl=odio&aenean=donec&lectus=vitae&pellentesque=nisi&eget=nam&nunc=ultrices&donec=libero&quis=non&orci=mattis&eget=pulvinar&orci=nulla&vehicula=pede&condimentum=ullamcorper&curabitur=augue&in=a&libero=suscipit&ut=nulla&massa=elit&volutpat=ac&convallis=nulla&morbi=sed&odio=vel&odio=enim&elementum=sit&eu=amet&interdum=nunc&eu=viverra&tincidunt=dapibus&in=nulla&leo=suscipit&maecenas=ligula&pulvinar=in&lobortis=lacus&est=curabitur&phasellus=at&sit=ipsum&amet=ac,TRUE
+https://ucsd.edu/dolor/sit/amet/consectetuer.png?accumsan=tincidunt,TRUE
+https://va.gov/porttitor/lorem/id.png?mi=in,TRUE
+http://bravesites.com/pretium/iaculis/justo/in.html?suspendisse=vestibulum&potenti=ante&cras=ipsum&in=primis&purus=in&eu=faucibus&magna=orci&vulputate=luctus&luctus=et&cum=ultrices&sociis=posuere&natoque=cubilia&penatibus=curae&et=donec&magnis=pharetra&dis=magna&parturient=vestibulum&montes=aliquet&nascetur=ultrices&ridiculus=erat&mus=tortor&vivamus=sollicitudin&vestibulum=mi&sagittis=sit&sapien=amet&cum=lobortis&sociis=sapien&natoque=sapien&penatibus=non&et=mi&magnis=integer&dis=ac&parturient=neque&montes=duis&nascetur=bibendum&ridiculus=morbi&mus=non&etiam=quam&vel=nec&augue=dui&vestibulum=luctus&rutrum=rutrum&rutrum=nulla&neque=tellus&aenean=in&auctor=sagittis&gravida=dui&sem=vel&praesent=nisl&id=duis&massa=ac&id=nibh&nisl=fusce&venenatis=lacus&lacinia=purus&aenean=aliquet&sit=at&amet=feugiat&justo=non&morbi=pretium&ut=quis&odio=lectus&cras=suspendisse&mi=potenti&pede=in&malesuada=eleifend,TRUE
+https://berkeley.edu/rutrum/ac/lobortis/vel.jsp?in=vel&leo=accumsan&maecenas=tellus&pulvinar=nisi&lobortis=eu&est=orci&phasellus=mauris&sit=lacinia&amet=sapien&erat=quis,TRUE
+http://examiner.com/quis/justo.aspx?mauris=aliquet&eget=massa&massa=id&tempor=lobortis&convallis=convallis&nulla=tortor&neque=risus&libero=dapibus&convallis=augue&eget=vel&eleifend=accumsan&luctus=tellus&ultricies=nisi&eu=eu&nibh=orci&quisque=mauris&id=lacinia&justo=sapien&sit=quis&amet=libero&sapien=nullam&dignissim=sit&vestibulum=amet&vestibulum=turpis&ante=elementum&ipsum=ligula&primis=vehicula&in=consequat&faucibus=morbi&orci=a&luctus=ipsum&et=integer&ultrices=a&posuere=nibh&cubilia=in&curae=quis&nulla=justo&dapibus=maecenas&dolor=rhoncus&vel=aliquam&est=lacus&donec=morbi&odio=quis&justo=tortor&sollicitudin=id&ut=nulla&suscipit=ultrices&a=aliquet&feugiat=maecenas&et=leo&eros=odio&vestibulum=condimentum&ac=id&est=luctus&lacinia=nec&nisi=molestie&venenatis=sed&tristique=justo&fusce=pellentesque&congue=viverra&diam=pede&id=ac&ornare=diam&imperdiet=cras&sapien=pellentesque&urna=volutpat&pretium=dui&nisl=maecenas&ut=tristique&volutpat=est&sapien=et&arcu=tempus&sed=semper,TRUE
+http://ebay.com/pede/libero/quis/orci.json?sed=nibh&augue=in&aliquam=lectus&erat=pellentesque&volutpat=at&in=nulla&congue=suspendisse&etiam=potenti&justo=cras&etiam=in&pretium=purus&iaculis=eu&justo=magna&in=vulputate&hac=luctus&habitasse=cum&platea=sociis&dictumst=natoque&etiam=penatibus&faucibus=et&cursus=magnis&urna=dis&ut=parturient&tellus=montes&nulla=nascetur&ut=ridiculus&erat=mus&id=vivamus&mauris=vestibulum&vulputate=sagittis&elementum=sapien&nullam=cum&varius=sociis&nulla=natoque&facilisi=penatibus&cras=et&non=magnis&velit=dis&nec=parturient&nisi=montes&vulputate=nascetur&nonummy=ridiculus&maecenas=mus&tincidunt=etiam&lacus=vel&at=augue&velit=vestibulum&vivamus=rutrum&vel=rutrum&nulla=neque&eget=aenean&eros=auctor&elementum=gravida&pellentesque=sem&quisque=praesent&porta=id&volutpat=massa&erat=id&quisque=nisl&erat=venenatis&eros=lacinia&viverra=aenean&eget=sit&congue=amet&eget=justo&semper=morbi&rutrum=ut&nulla=odio&nunc=cras&purus=mi&phasellus=pede&in=malesuada&felis=in&donec=imperdiet&semper=et&sapien=commodo&a=vulputate&libero=justo&nam=in&dui=blandit,TRUE
+https://dyndns.org/elit/sodales/scelerisque/mauris.js?ipsum=consectetuer&dolor=adipiscing&sit=elit&amet=proin&consectetuer=risus&adipiscing=praesent&elit=lectus&proin=vestibulum&risus=quam&praesent=sapien&lectus=varius&vestibulum=ut&quam=blandit&sapien=non&varius=interdum&ut=in&blandit=ante&non=vestibulum&interdum=ante&in=ipsum&ante=primis&vestibulum=in&ante=faucibus&ipsum=orci&primis=luctus&in=et&faucibus=ultrices&orci=posuere&luctus=cubilia&et=curae&ultrices=duis&posuere=faucibus&cubilia=accumsan&curae=odio&duis=curabitur&faucibus=convallis&accumsan=duis&odio=consequat&curabitur=dui&convallis=nec&duis=nisi&consequat=volutpat&dui=eleifend&nec=donec&nisi=ut&volutpat=dolor&eleifend=morbi&donec=vel&ut=lectus&dolor=in&morbi=quam&vel=fringilla&lectus=rhoncus&in=mauris&quam=enim&fringilla=leo&rhoncus=rhoncus&mauris=sed&enim=vestibulum&leo=sit&rhoncus=amet&sed=cursus&vestibulum=id&sit=turpis&amet=integer&cursus=aliquet&id=massa&turpis=id&integer=lobortis&aliquet=convallis&massa=tortor&id=risus&lobortis=dapibus&convallis=augue&tortor=vel&risus=accumsan&dapibus=tellus&augue=nisi&vel=eu&accumsan=orci&tellus=mauris&nisi=lacinia&eu=sapien&orci=quis&mauris=libero&lacinia=nullam&sapien=sit&quis=amet&libero=turpis&nullam=elementum&sit=ligula&amet=vehicula&turpis=consequat,TRUE
+http://myspace.com/sapien.jsp?a=ante&feugiat=vestibulum&et=ante&eros=ipsum&vestibulum=primis&ac=in&est=faucibus&lacinia=orci&nisi=luctus&venenatis=et&tristique=ultrices&fusce=posuere&congue=cubilia&diam=curae&id=duis&ornare=faucibus&imperdiet=accumsan&sapien=odio&urna=curabitur&pretium=convallis&nisl=duis&ut=consequat&volutpat=dui&sapien=nec&arcu=nisi&sed=volutpat&augue=eleifend&aliquam=donec&erat=ut&volutpat=dolor&in=morbi&congue=vel&etiam=lectus&justo=in&etiam=quam&pretium=fringilla&iaculis=rhoncus&justo=mauris&in=enim&hac=leo&habitasse=rhoncus&platea=sed&dictumst=vestibulum&etiam=sit&faucibus=amet&cursus=cursus&urna=id&ut=turpis&tellus=integer&nulla=aliquet&ut=massa&erat=id&id=lobortis&mauris=convallis&vulputate=tortor&elementum=risus&nullam=dapibus&varius=augue&nulla=vel&facilisi=accumsan&cras=tellus&non=nisi&velit=eu&nec=orci&nisi=mauris&vulputate=lacinia&nonummy=sapien&maecenas=quis&tincidunt=libero&lacus=nullam&at=sit&velit=amet&vivamus=turpis&vel=elementum&nulla=ligula&eget=vehicula&eros=consequat&elementum=morbi&pellentesque=a&quisque=ipsum&porta=integer&volutpat=a&erat=nibh&quisque=in&erat=quis&eros=justo&viverra=maecenas&eget=rhoncus&congue=aliquam&eget=lacus&semper=morbi&rutrum=quis&nulla=tortor&nunc=id&purus=nulla&phasellus=ultrices,TRUE
+https://oakley.com/hendrerit/at/vulputate/vitae/nisl/aenean.json?ut=vestibulum&ultrices=velit&vel=id&augue=pretium&vestibulum=iaculis&ante=diam&ipsum=erat&primis=fermentum&in=justo&faucibus=nec&orci=condimentum&luctus=neque&et=sapien&ultrices=placerat&posuere=ante&cubilia=nulla&curae=justo&donec=aliquam&pharetra=quis&magna=turpis&vestibulum=eget&aliquet=elit&ultrices=sodales&erat=scelerisque,TRUE
+http://dell.com/id/nisl/venenatis/lacinia/aenean/sit.jsp?platea=purus&dictumst=phasellus&etiam=in&faucibus=felis&cursus=donec&urna=semper&ut=sapien&tellus=a&nulla=libero&ut=nam&erat=dui&id=proin&mauris=leo&vulputate=odio&elementum=porttitor&nullam=id&varius=consequat&nulla=in&facilisi=consequat&cras=ut&non=nulla&velit=sed&nec=accumsan&nisi=felis&vulputate=ut&nonummy=at&maecenas=dolor&tincidunt=quis&lacus=odio&at=consequat&velit=varius&vivamus=integer&vel=ac&nulla=leo&eget=pellentesque&eros=ultrices&elementum=mattis&pellentesque=odio&quisque=donec&porta=vitae&volutpat=nisi&erat=nam&quisque=ultrices&erat=libero&eros=non&viverra=mattis&eget=pulvinar&congue=nulla&eget=pede&semper=ullamcorper&rutrum=augue&nulla=a&nunc=suscipit&purus=nulla&phasellus=elit&in=ac&felis=nulla&donec=sed&semper=vel&sapien=enim&a=sit&libero=amet&nam=nunc&dui=viverra&proin=dapibus&leo=nulla&odio=suscipit&porttitor=ligula&id=in&consequat=lacus&in=curabitur&consequat=at,TRUE
+http://yellowbook.com/fusce/lacus/purus/aliquet/at/feugiat/non.xml?luctus=nisi&ultricies=at&eu=nibh&nibh=in&quisque=hac&id=habitasse&justo=platea&sit=dictumst&amet=aliquam&sapien=augue&dignissim=quam&vestibulum=sollicitudin&vestibulum=vitae&ante=consectetuer&ipsum=eget&primis=rutrum&in=at&faucibus=lorem&orci=integer&luctus=tincidunt&et=ante&ultrices=vel&posuere=ipsum&cubilia=praesent&curae=blandit&nulla=lacinia,TRUE
+https://usa.gov/neque.jsp?pede=nulla&venenatis=tellus&non=in&sodales=sagittis&sed=dui&tincidunt=vel&eu=nisl&felis=duis&fusce=ac&posuere=nibh&felis=fusce&sed=lacus&lacus=purus&morbi=aliquet&sem=at&mauris=feugiat&laoreet=non&ut=pretium&rhoncus=quis&aliquet=lectus&pulvinar=suspendisse&sed=potenti&nisl=in&nunc=eleifend&rhoncus=quam&dui=a&vel=odio&sem=in&sed=hac&sagittis=habitasse&nam=platea&congue=dictumst&risus=maecenas&semper=ut&porta=massa&volutpat=quis&quam=augue&pede=luctus&lobortis=tincidunt&ligula=nulla&sit=mollis&amet=molestie&eleifend=lorem&pede=quisque&libero=ut&quis=erat&orci=curabitur&nullam=gravida&molestie=nisi&nibh=at&in=nibh&lectus=in&pellentesque=hac&at=habitasse&nulla=platea&suspendisse=dictumst&potenti=aliquam&cras=augue&in=quam&purus=sollicitudin&eu=vitae&magna=consectetuer&vulputate=eget,TRUE
+https://cbslocal.com/cubilia/curae/donec/pharetra/magna.png?volutpat=augue&dui=vel&maecenas=accumsan&tristique=tellus&est=nisi&et=eu&tempus=orci&semper=mauris&est=lacinia&quam=sapien&pharetra=quis&magna=libero&ac=nullam&consequat=sit&metus=amet&sapien=turpis&ut=elementum&nunc=ligula&vestibulum=vehicula&ante=consequat&ipsum=morbi&primis=a&in=ipsum&faucibus=integer&orci=a&luctus=nibh&et=in&ultrices=quis&posuere=justo&cubilia=maecenas&curae=rhoncus&mauris=aliquam&viverra=lacus&diam=morbi&vitae=quis&quam=tortor&suspendisse=id&potenti=nulla&nullam=ultrices&porttitor=aliquet&lacus=maecenas&at=leo&turpis=odio&donec=condimentum&posuere=id&metus=luctus&vitae=nec&ipsum=molestie&aliquam=sed&non=justo&mauris=pellentesque&morbi=viverra&non=pede&lectus=ac&aliquam=diam&sit=cras&amet=pellentesque&diam=volutpat&in=dui&magna=maecenas&bibendum=tristique&imperdiet=est&nullam=et&orci=tempus&pede=semper&venenatis=est&non=quam&sodales=pharetra&sed=magna&tincidunt=ac&eu=consequat&felis=metus&fusce=sapien&posuere=ut&felis=nunc&sed=vestibulum&lacus=ante&morbi=ipsum&sem=primis&mauris=in&laoreet=faucibus&ut=orci&rhoncus=luctus&aliquet=et&pulvinar=ultrices,TRUE
+https://msn.com/auctor/gravida/sem/praesent.jpg?placerat=diam&praesent=neque&blandit=vestibulum&nam=eget&nulla=vulputate&integer=ut&pede=ultrices&justo=vel&lacinia=augue&eget=vestibulum&tincidunt=ante&eget=ipsum&tempus=primis&vel=in&pede=faucibus&morbi=orci&porttitor=luctus&lorem=et&id=ultrices&ligula=posuere&suspendisse=cubilia&ornare=curae&consequat=donec&lectus=pharetra&in=magna&est=vestibulum&risus=aliquet&auctor=ultrices&sed=erat&tristique=tortor&in=sollicitudin&tempus=mi&sit=sit&amet=amet&sem=lobortis&fusce=sapien&consequat=sapien&nulla=non&nisl=mi&nunc=integer&nisl=ac&duis=neque&bibendum=duis&felis=bibendum&sed=morbi&interdum=non&venenatis=quam&turpis=nec&enim=dui&blandit=luctus&mi=rutrum&in=nulla&porttitor=tellus&pede=in,TRUE
+https://diigo.com/felis/donec/semper/sapien/a.aspx?morbi=vestibulum&porttitor=sed&lorem=magna&id=at&ligula=nunc&suspendisse=commodo&ornare=placerat&consequat=praesent&lectus=blandit&in=nam&est=nulla&risus=integer&auctor=pede&sed=justo&tristique=lacinia&in=eget&tempus=tincidunt&sit=eget&amet=tempus&sem=vel&fusce=pede,TRUE
+http://imdb.com/pulvinar.jsp?convallis=diam&tortor=id&risus=ornare&dapibus=imperdiet&augue=sapien&vel=urna&accumsan=pretium&tellus=nisl&nisi=ut&eu=volutpat&orci=sapien&mauris=arcu&lacinia=sed&sapien=augue&quis=aliquam&libero=erat&nullam=volutpat&sit=in&amet=congue&turpis=etiam&elementum=justo&ligula=etiam&vehicula=pretium&consequat=iaculis&morbi=justo&a=in&ipsum=hac&integer=habitasse&a=platea&nibh=dictumst&in=etiam&quis=faucibus&justo=cursus&maecenas=urna&rhoncus=ut&aliquam=tellus&lacus=nulla&morbi=ut&quis=erat&tortor=id&id=mauris&nulla=vulputate&ultrices=elementum&aliquet=nullam&maecenas=varius&leo=nulla&odio=facilisi&condimentum=cras&id=non&luctus=velit&nec=nec&molestie=nisi&sed=vulputate&justo=nonummy&pellentesque=maecenas&viverra=tincidunt&pede=lacus&ac=at&diam=velit&cras=vivamus&pellentesque=vel&volutpat=nulla&dui=eget&maecenas=eros&tristique=elementum&est=pellentesque&et=quisque&tempus=porta&semper=volutpat&est=erat&quam=quisque&pharetra=erat&magna=eros&ac=viverra&consequat=eget&metus=congue&sapien=eget&ut=semper&nunc=rutrum&vestibulum=nulla&ante=nunc&ipsum=purus&primis=phasellus&in=in,TRUE
+https://businessweek.com/proin/eu/mi/nulla.json?vel=quis&augue=libero&vestibulum=nullam&rutrum=sit&rutrum=amet&neque=turpis&aenean=elementum&auctor=ligula&gravida=vehicula&sem=consequat&praesent=morbi&id=a&massa=ipsum&id=integer&nisl=a&venenatis=nibh&lacinia=in&aenean=quis&sit=justo&amet=maecenas&justo=rhoncus&morbi=aliquam&ut=lacus&odio=morbi&cras=quis&mi=tortor&pede=id&malesuada=nulla&in=ultrices&imperdiet=aliquet&et=maecenas&commodo=leo&vulputate=odio&justo=condimentum&in=id&blandit=luctus&ultrices=nec&enim=molestie&lorem=sed&ipsum=justo&dolor=pellentesque&sit=viverra&amet=pede&consectetuer=ac&adipiscing=diam&elit=cras&proin=pellentesque&interdum=volutpat&mauris=dui&non=maecenas&ligula=tristique&pellentesque=est&ultrices=et&phasellus=tempus&id=semper&sapien=est&in=quam&sapien=pharetra&iaculis=magna,TRUE
+https://artisteer.com/adipiscing/elit/proin/risus/praesent/lectus.html?nisi=nisi&volutpat=volutpat&eleifend=eleifend&donec=donec&ut=ut&dolor=dolor&morbi=morbi&vel=vel&lectus=lectus&in=in&quam=quam&fringilla=fringilla&rhoncus=rhoncus&mauris=mauris&enim=enim&leo=leo&rhoncus=rhoncus&sed=sed&vestibulum=vestibulum&sit=sit&amet=amet&cursus=cursus&id=id&turpis=turpis&integer=integer&aliquet=aliquet&massa=massa&id=id&lobortis=lobortis&convallis=convallis&tortor=tortor&risus=risus&dapibus=dapibus&augue=augue&vel=vel&accumsan=accumsan&tellus=tellus&nisi=nisi&eu=eu&orci=orci&mauris=mauris&lacinia=lacinia&sapien=sapien&quis=quis&libero=libero&nullam=nullam&sit=sit&amet=amet&turpis=turpis&elementum=elementum&ligula=ligula&vehicula=vehicula&consequat=consequat&morbi=morbi&a=a&ipsum=ipsum&integer=integer&a=a&nibh=nibh&in=in&quis=quis&justo=justo&maecenas=maecenas&rhoncus=rhoncus&aliquam=aliquam&lacus=lacus&morbi=morbi&quis=quis,TRUE
+https://elpais.com/sapien/arcu/sed/augue/aliquam.xml?fermentum=nec&donec=condimentum&ut=neque&mauris=sapien&eget=placerat&massa=ante&tempor=nulla&convallis=justo&nulla=aliquam&neque=quis&libero=turpis&convallis=eget&eget=elit&eleifend=sodales&luctus=scelerisque&ultricies=mauris&eu=sit&nibh=amet&quisque=eros&id=suspendisse&justo=accumsan&sit=tortor&amet=quis&sapien=turpis&dignissim=sed&vestibulum=ante&vestibulum=vivamus&ante=tortor&ipsum=duis&primis=mattis&in=egestas&faucibus=metus&orci=aenean&luctus=fermentum&et=donec&ultrices=ut&posuere=mauris&cubilia=eget&curae=massa&nulla=tempor&dapibus=convallis&dolor=nulla&vel=neque&est=libero&donec=convallis&odio=eget&justo=eleifend&sollicitudin=luctus&ut=ultricies&suscipit=eu&a=nibh&feugiat=quisque&et=id&eros=justo&vestibulum=sit&ac=amet&est=sapien,TRUE
+http://japanpost.jp/sit/amet/eros/suspendisse/accumsan/tortor/quis.html?sed=cras&accumsan=mi&felis=pede&ut=malesuada&at=in&dolor=imperdiet&quis=et&odio=commodo&consequat=vulputate&varius=justo&integer=in&ac=blandit&leo=ultrices&pellentesque=enim&ultrices=lorem&mattis=ipsum&odio=dolor&donec=sit,TRUE
+http://discovery.com/in/sagittis/dui.jsp?in=at&blandit=velit&ultrices=vivamus&enim=vel&lorem=nulla&ipsum=eget&dolor=eros&sit=elementum&amet=pellentesque&consectetuer=quisque&adipiscing=porta&elit=volutpat&proin=erat&interdum=quisque&mauris=erat&non=eros,TRUE
+https://lulu.com/enim/leo/rhoncus/sed/vestibulum/sit.xml?vel=tincidunt&nisl=nulla&duis=mollis&ac=molestie&nibh=lorem&fusce=quisque&lacus=ut&purus=erat&aliquet=curabitur&at=gravida&feugiat=nisi&non=at&pretium=nibh&quis=in&lectus=hac&suspendisse=habitasse&potenti=platea&in=dictumst&eleifend=aliquam&quam=augue&a=quam&odio=sollicitudin&in=vitae&hac=consectetuer&habitasse=eget&platea=rutrum&dictumst=at&maecenas=lorem&ut=integer&massa=tincidunt&quis=ante&augue=vel,TRUE
+http://printfriendly.com/eu.png?posuere=morbi&cubilia=sem&curae=mauris&mauris=laoreet&viverra=ut&diam=rhoncus&vitae=aliquet&quam=pulvinar&suspendisse=sed&potenti=nisl&nullam=nunc&porttitor=rhoncus&lacus=dui&at=vel&turpis=sem&donec=sed&posuere=sagittis&metus=nam&vitae=congue&ipsum=risus&aliquam=semper&non=porta&mauris=volutpat&morbi=quam&non=pede&lectus=lobortis&aliquam=ligula&sit=sit&amet=amet&diam=eleifend&in=pede&magna=libero&bibendum=quis&imperdiet=orci&nullam=nullam&orci=molestie&pede=nibh&venenatis=in&non=lectus&sodales=pellentesque&sed=at&tincidunt=nulla&eu=suspendisse&felis=potenti&fusce=cras&posuere=in&felis=purus&sed=eu&lacus=magna&morbi=vulputate&sem=luctus&mauris=cum&laoreet=sociis&ut=natoque&rhoncus=penatibus&aliquet=et&pulvinar=magnis&sed=dis&nisl=parturient&nunc=montes&rhoncus=nascetur&dui=ridiculus&vel=mus&sem=vivamus,TRUE
+https://bigcartel.com/orci.xml?in=feugiat&faucibus=non&orci=pretium&luctus=quis&et=lectus&ultrices=suspendisse&posuere=potenti&cubilia=in&curae=eleifend&nulla=quam&dapibus=a&dolor=odio&vel=in&est=hac&donec=habitasse&odio=platea&justo=dictumst&sollicitudin=maecenas&ut=ut&suscipit=massa&a=quis&feugiat=augue&et=luctus&eros=tincidunt&vestibulum=nulla&ac=mollis&est=molestie&lacinia=lorem&nisi=quisque&venenatis=ut&tristique=erat&fusce=curabitur&congue=gravida&diam=nisi&id=at&ornare=nibh&imperdiet=in&sapien=hac&urna=habitasse&pretium=platea&nisl=dictumst&ut=aliquam&volutpat=augue&sapien=quam&arcu=sollicitudin&sed=vitae&augue=consectetuer&aliquam=eget&erat=rutrum&volutpat=at&in=lorem&congue=integer&etiam=tincidunt&justo=ante&etiam=vel&pretium=ipsum&iaculis=praesent&justo=blandit&in=lacinia&hac=erat&habitasse=vestibulum&platea=sed&dictumst=magna&etiam=at&faucibus=nunc&cursus=commodo&urna=placerat&ut=praesent&tellus=blandit&nulla=nam&ut=nulla&erat=integer&id=pede&mauris=justo&vulputate=lacinia&elementum=eget&nullam=tincidunt&varius=eget&nulla=tempus&facilisi=vel&cras=pede&non=morbi&velit=porttitor&nec=lorem&nisi=id&vulputate=ligula&nonummy=suspendisse&maecenas=ornare&tincidunt=consequat&lacus=lectus&at=in&velit=est&vivamus=risus&vel=auctor&nulla=sed&eget=tristique&eros=in&elementum=tempus,TRUE
+http://baidu.com/phasellus/sit/amet/erat/nulla/tempus/vivamus.jpg?aliquam=morbi&augue=non&quam=quam,TRUE
+http://tinypic.com/nunc.jsp?aenean=vehicula&lectus=condimentum&pellentesque=curabitur&eget=in&nunc=libero&donec=ut&quis=massa&orci=volutpat&eget=convallis&orci=morbi&vehicula=odio&condimentum=odio&curabitur=elementum&in=eu&libero=interdum&ut=eu&massa=tincidunt&volutpat=in&convallis=leo&morbi=maecenas&odio=pulvinar&odio=lobortis&elementum=est&eu=phasellus&interdum=sit&eu=amet&tincidunt=erat&in=nulla&leo=tempus&maecenas=vivamus&pulvinar=in&lobortis=felis&est=eu&phasellus=sapien&sit=cursus&amet=vestibulum&erat=proin&nulla=eu&tempus=mi&vivamus=nulla&in=ac&felis=enim&eu=in&sapien=tempor&cursus=turpis&vestibulum=nec&proin=euismod&eu=scelerisque&mi=quam&nulla=turpis&ac=adipiscing&enim=lorem&in=vitae&tempor=mattis&turpis=nibh&nec=ligula&euismod=nec&scelerisque=sem&quam=duis&turpis=aliquam&adipiscing=convallis&lorem=nunc&vitae=proin&mattis=at&nibh=turpis&ligula=a&nec=pede&sem=posuere&duis=nonummy&aliquam=integer&convallis=non&nunc=velit&proin=donec&at=diam&turpis=neque&a=vestibulum&pede=eget&posuere=vulputate&nonummy=ut&integer=ultrices&non=vel&velit=augue&donec=vestibulum&diam=ante&neque=ipsum&vestibulum=primis&eget=in&vulputate=faucibus&ut=orci,TRUE
+http://netlog.com/ut/ultrices/vel.html?luctus=hac&et=habitasse&ultrices=platea&posuere=dictumst&cubilia=etiam&curae=faucibus&mauris=cursus&viverra=urna&diam=ut&vitae=tellus&quam=nulla&suspendisse=ut&potenti=erat&nullam=id&porttitor=mauris&lacus=vulputate&at=elementum&turpis=nullam&donec=varius&posuere=nulla&metus=facilisi&vitae=cras&ipsum=non&aliquam=velit&non=nec&mauris=nisi&morbi=vulputate&non=nonummy&lectus=maecenas&aliquam=tincidunt&sit=lacus&amet=at&diam=velit&in=vivamus&magna=vel&bibendum=nulla&imperdiet=eget&nullam=eros&orci=elementum&pede=pellentesque&venenatis=quisque&non=porta&sodales=volutpat&sed=erat&tincidunt=quisque&eu=erat&felis=eros&fusce=viverra&posuere=eget&felis=congue&sed=eget&lacus=semper,TRUE
+https://buzzfeed.com/ipsum/integer/a/nibh.js?blandit=turpis&nam=adipiscing&nulla=lorem&integer=vitae&pede=mattis&justo=nibh&lacinia=ligula&eget=nec&tincidunt=sem&eget=duis&tempus=aliquam&vel=convallis&pede=nunc&morbi=proin&porttitor=at&lorem=turpis&id=a&ligula=pede&suspendisse=posuere&ornare=nonummy&consequat=integer&lectus=non&in=velit&est=donec&risus=diam&auctor=neque&sed=vestibulum&tristique=eget&in=vulputate&tempus=ut&sit=ultrices&amet=vel&sem=augue&fusce=vestibulum&consequat=ante&nulla=ipsum&nisl=primis&nunc=in&nisl=faucibus&duis=orci&bibendum=luctus&felis=et&sed=ultrices&interdum=posuere&venenatis=cubilia&turpis=curae&enim=donec&blandit=pharetra&mi=magna&in=vestibulum&porttitor=aliquet&pede=ultrices&justo=erat&eu=tortor&massa=sollicitudin&donec=mi&dapibus=sit&duis=amet&at=lobortis&velit=sapien&eu=sapien&est=non&congue=mi,TRUE
+http://123-reg.co.uk/non/mattis/pulvinar/nulla/pede.html?ut=erat&volutpat=curabitur&sapien=gravida&arcu=nisi&sed=at&augue=nibh&aliquam=in&erat=hac&volutpat=habitasse&in=platea&congue=dictumst&etiam=aliquam&justo=augue&etiam=quam&pretium=sollicitudin&iaculis=vitae&justo=consectetuer&in=eget&hac=rutrum&habitasse=at&platea=lorem&dictumst=integer&etiam=tincidunt&faucibus=ante&cursus=vel&urna=ipsum&ut=praesent&tellus=blandit&nulla=lacinia&ut=erat&erat=vestibulum&id=sed&mauris=magna&vulputate=at&elementum=nunc&nullam=commodo&varius=placerat&nulla=praesent&facilisi=blandit&cras=nam,TRUE
+http://salon.com/ac/neque/duis/bibendum.jsp?lobortis=venenatis&convallis=turpis&tortor=enim&risus=blandit&dapibus=mi&augue=in&vel=porttitor&accumsan=pede&tellus=justo&nisi=eu&eu=massa&orci=donec&mauris=dapibus&lacinia=duis&sapien=at&quis=velit&libero=eu&nullam=est&sit=congue&amet=elementum&turpis=in&elementum=hac&ligula=habitasse&vehicula=platea&consequat=dictumst&morbi=morbi&a=vestibulum&ipsum=velit&integer=id&a=pretium&nibh=iaculis&in=diam&quis=erat&justo=fermentum&maecenas=justo&rhoncus=nec&aliquam=condimentum&lacus=neque&morbi=sapien&quis=placerat&tortor=ante&id=nulla&nulla=justo&ultrices=aliquam&aliquet=quis&maecenas=turpis&leo=eget&odio=elit&condimentum=sodales&id=scelerisque&luctus=mauris,TRUE
+https://prnewswire.com/mattis/egestas/metus/aenean/fermentum.xml?amet=consequat&consectetuer=dui&adipiscing=nec&elit=nisi&proin=volutpat&risus=eleifend&praesent=donec&lectus=ut&vestibulum=dolor&quam=morbi&sapien=vel&varius=lectus&ut=in&blandit=quam&non=fringilla&interdum=rhoncus&in=mauris&ante=enim&vestibulum=leo&ante=rhoncus&ipsum=sed&primis=vestibulum&in=sit&faucibus=amet&orci=cursus&luctus=id&et=turpis&ultrices=integer&posuere=aliquet&cubilia=massa&curae=id&duis=lobortis&faucibus=convallis&accumsan=tortor&odio=risus&curabitur=dapibus&convallis=augue&duis=vel&consequat=accumsan&dui=tellus&nec=nisi&nisi=eu&volutpat=orci&eleifend=mauris&donec=lacinia,TRUE
+https://cnbc.com/amet.jpg?ipsum=id&dolor=nulla&sit=ultrices&amet=aliquet&consectetuer=maecenas&adipiscing=leo&elit=odio&proin=condimentum&interdum=id&mauris=luctus&non=nec&ligula=molestie&pellentesque=sed&ultrices=justo&phasellus=pellentesque&id=viverra&sapien=pede&in=ac&sapien=diam&iaculis=cras&congue=pellentesque&vivamus=volutpat&metus=dui&arcu=maecenas&adipiscing=tristique&molestie=est&hendrerit=et&at=tempus&vulputate=semper&vitae=est&nisl=quam&aenean=pharetra&lectus=magna&pellentesque=ac&eget=consequat&nunc=metus,TRUE
+http://rambler.ru/amet/lobortis/sapien/sapien/non/mi/integer.jsp?accumsan=dui&tortor=proin&quis=leo&turpis=odio&sed=porttitor&ante=id&vivamus=consequat&tortor=in&duis=consequat&mattis=ut&egestas=nulla,TRUE
+http://bbb.org/in/hac/habitasse/platea/dictumst/etiam/faucibus.png?ut=et&ultrices=tempus&vel=semper&augue=est&vestibulum=quam&ante=pharetra&ipsum=magna&primis=ac&in=consequat&faucibus=metus&orci=sapien&luctus=ut&et=nunc&ultrices=vestibulum&posuere=ante&cubilia=ipsum&curae=primis&donec=in&pharetra=faucibus&magna=orci&vestibulum=luctus&aliquet=et&ultrices=ultrices&erat=posuere&tortor=cubilia&sollicitudin=curae&mi=mauris&sit=viverra&amet=diam&lobortis=vitae&sapien=quam&sapien=suspendisse&non=potenti&mi=nullam&integer=porttitor&ac=lacus&neque=at&duis=turpis&bibendum=donec&morbi=posuere&non=metus&quam=vitae&nec=ipsum&dui=aliquam&luctus=non&rutrum=mauris&nulla=morbi&tellus=non&in=lectus&sagittis=aliquam&dui=sit&vel=amet&nisl=diam&duis=in,TRUE
+http://webeden.co.uk/suspendisse/accumsan/tortor/quis/turpis/sed/ante.jsp?libero=risus&ut=semper&massa=porta&volutpat=volutpat&convallis=quam&morbi=pede&odio=lobortis&odio=ligula&elementum=sit&eu=amet&interdum=eleifend&eu=pede&tincidunt=libero&in=quis&leo=orci&maecenas=nullam&pulvinar=molestie&lobortis=nibh&est=in&phasellus=lectus&sit=pellentesque&amet=at&erat=nulla&nulla=suspendisse&tempus=potenti&vivamus=cras&in=in&felis=purus&eu=eu&sapien=magna&cursus=vulputate&vestibulum=luctus&proin=cum&eu=sociis&mi=natoque&nulla=penatibus&ac=et&enim=magnis&in=dis&tempor=parturient&turpis=montes&nec=nascetur&euismod=ridiculus&scelerisque=mus&quam=vivamus&turpis=vestibulum&adipiscing=sagittis&lorem=sapien&vitae=cum&mattis=sociis&nibh=natoque&ligula=penatibus&nec=et&sem=magnis&duis=dis&aliquam=parturient&convallis=montes&nunc=nascetur&proin=ridiculus&at=mus&turpis=etiam&a=vel&pede=augue&posuere=vestibulum&nonummy=rutrum&integer=rutrum&non=neque&velit=aenean&donec=auctor&diam=gravida&neque=sem&vestibulum=praesent&eget=id&vulputate=massa&ut=id&ultrices=nisl&vel=venenatis&augue=lacinia&vestibulum=aenean&ante=sit&ipsum=amet&primis=justo&in=morbi&faucibus=ut&orci=odio&luctus=cras&et=mi&ultrices=pede&posuere=malesuada&cubilia=in&curae=imperdiet,TRUE
+https://joomla.org/morbi/vestibulum.xml?ante=proin&ipsum=risus&primis=praesent&in=lectus&faucibus=vestibulum&orci=quam&luctus=sapien&et=varius&ultrices=ut&posuere=blandit&cubilia=non&curae=interdum&mauris=in&viverra=ante&diam=vestibulum&vitae=ante&quam=ipsum&suspendisse=primis&potenti=in&nullam=faucibus&porttitor=orci&lacus=luctus&at=et&turpis=ultrices&donec=posuere&posuere=cubilia&metus=curae&vitae=duis&ipsum=faucibus&aliquam=accumsan&non=odio&mauris=curabitur&morbi=convallis&non=duis&lectus=consequat&aliquam=dui&sit=nec&amet=nisi&diam=volutpat&in=eleifend&magna=donec&bibendum=ut&imperdiet=dolor&nullam=morbi&orci=vel&pede=lectus&venenatis=in&non=quam&sodales=fringilla&sed=rhoncus&tincidunt=mauris&eu=enim&felis=leo&fusce=rhoncus&posuere=sed&felis=vestibulum&sed=sit&lacus=amet&morbi=cursus&sem=id&mauris=turpis&laoreet=integer&ut=aliquet&rhoncus=massa&aliquet=id&pulvinar=lobortis,TRUE
+https://sohu.com/pede/justo/eu/massa.jsp?volutpat=ac&convallis=nibh&morbi=fusce&odio=lacus&odio=purus&elementum=aliquet&eu=at&interdum=feugiat&eu=non&tincidunt=pretium&in=quis&leo=lectus&maecenas=suspendisse&pulvinar=potenti&lobortis=in&est=eleifend&phasellus=quam&sit=a&amet=odio&erat=in,TRUE
+http://unicef.org/mattis/egestas/metus/aenean/fermentum.jsp?vestibulum=congue&ante=risus&ipsum=semper&primis=porta&in=volutpat&faucibus=quam&orci=pede&luctus=lobortis,TRUE
+https://craigslist.org/metus/sapien.png?praesent=hac&id=habitasse&massa=platea&id=dictumst&nisl=etiam&venenatis=faucibus&lacinia=cursus&aenean=urna&sit=ut&amet=tellus&justo=nulla&morbi=ut&ut=erat&odio=id&cras=mauris&mi=vulputate&pede=elementum&malesuada=nullam&in=varius&imperdiet=nulla&et=facilisi&commodo=cras&vulputate=non&justo=velit&in=nec&blandit=nisi&ultrices=vulputate&enim=nonummy&lorem=maecenas&ipsum=tincidunt&dolor=lacus&sit=at&amet=velit&consectetuer=vivamus&adipiscing=vel&elit=nulla&proin=eget&interdum=eros&mauris=elementum&non=pellentesque&ligula=quisque&pellentesque=porta&ultrices=volutpat&phasellus=erat&id=quisque&sapien=erat&in=eros&sapien=viverra&iaculis=eget&congue=congue&vivamus=eget&metus=semper&arcu=rutrum&adipiscing=nulla&molestie=nunc&hendrerit=purus&at=phasellus&vulputate=in&vitae=felis&nisl=donec&aenean=semper&lectus=sapien&pellentesque=a&eget=libero&nunc=nam&donec=dui&quis=proin&orci=leo&eget=odio&orci=porttitor&vehicula=id&condimentum=consequat&curabitur=in&in=consequat&libero=ut&ut=nulla&massa=sed&volutpat=accumsan&convallis=felis&morbi=ut&odio=at&odio=dolor&elementum=quis&eu=odio&interdum=consequat&eu=varius&tincidunt=integer&in=ac&leo=leo&maecenas=pellentesque&pulvinar=ultrices&lobortis=mattis,TRUE
+https://angelfire.com/ante/vel/ipsum/praesent.aspx?turpis=ultrices&enim=posuere,TRUE
+http://youku.com/lorem/ipsum/dolor.png?justo=a&sit=nibh&amet=in&sapien=quis&dignissim=justo&vestibulum=maecenas&vestibulum=rhoncus&ante=aliquam&ipsum=lacus&primis=morbi&in=quis&faucibus=tortor&orci=id&luctus=nulla&et=ultrices&ultrices=aliquet&posuere=maecenas&cubilia=leo&curae=odio&nulla=condimentum&dapibus=id&dolor=luctus&vel=nec&est=molestie&donec=sed&odio=justo&justo=pellentesque&sollicitudin=viverra&ut=pede&suscipit=ac&a=diam&feugiat=cras&et=pellentesque&eros=volutpat&vestibulum=dui&ac=maecenas&est=tristique&lacinia=est&nisi=et&venenatis=tempus&tristique=semper,TRUE
+https://google.ru/enim/blandit/mi/in/porttitor.js?proin=morbi&leo=sem&odio=mauris&porttitor=laoreet&id=ut&consequat=rhoncus&in=aliquet&consequat=pulvinar&ut=sed&nulla=nisl&sed=nunc&accumsan=rhoncus&felis=dui&ut=vel&at=sem&dolor=sed&quis=sagittis&odio=nam&consequat=congue&varius=risus&integer=semper&ac=porta&leo=volutpat&pellentesque=quam&ultrices=pede&mattis=lobortis&odio=ligula&donec=sit&vitae=amet&nisi=eleifend&nam=pede&ultrices=libero&libero=quis&non=orci&mattis=nullam&pulvinar=molestie&nulla=nibh&pede=in&ullamcorper=lectus&augue=pellentesque&a=at&suscipit=nulla&nulla=suspendisse&elit=potenti&ac=cras&nulla=in&sed=purus&vel=eu&enim=magna&sit=vulputate&amet=luctus&nunc=cum&viverra=sociis&dapibus=natoque&nulla=penatibus&suscipit=et&ligula=magnis&in=dis&lacus=parturient&curabitur=montes&at=nascetur&ipsum=ridiculus&ac=mus&tellus=vivamus&semper=vestibulum&interdum=sagittis&mauris=sapien&ullamcorper=cum&purus=sociis&sit=natoque&amet=penatibus&nulla=et&quisque=magnis&arcu=dis&libero=parturient&rutrum=montes&ac=nascetur&lobortis=ridiculus&vel=mus&dapibus=etiam&at=vel&diam=augue&nam=vestibulum&tristique=rutrum,TRUE
+http://boston.com/vestibulum/rutrum/rutrum/neque.jpg?consequat=pulvinar&ut=lobortis&nulla=est&sed=phasellus&accumsan=sit&felis=amet&ut=erat&at=nulla&dolor=tempus&quis=vivamus&odio=in&consequat=felis&varius=eu&integer=sapien&ac=cursus&leo=vestibulum&pellentesque=proin&ultrices=eu&mattis=mi&odio=nulla,TRUE
+http://wsj.com/lobortis/vel/dapibus/at/diam.js?consequat=eget&nulla=semper&nisl=rutrum,TRUE
+https://1688.com/ligula.js?lacus=nonummy&morbi=maecenas&sem=tincidunt&mauris=lacus&laoreet=at&ut=velit&rhoncus=vivamus&aliquet=vel&pulvinar=nulla&sed=eget&nisl=eros&nunc=elementum&rhoncus=pellentesque&dui=quisque&vel=porta&sem=volutpat&sed=erat&sagittis=quisque&nam=erat&congue=eros&risus=viverra&semper=eget&porta=congue&volutpat=eget&quam=semper&pede=rutrum&lobortis=nulla&ligula=nunc&sit=purus&amet=phasellus&eleifend=in&pede=felis&libero=donec&quis=semper&orci=sapien&nullam=a&molestie=libero&nibh=nam&in=dui&lectus=proin&pellentesque=leo,TRUE
+https://google.com.au/pede/justo/eu/massa.aspx?quisque=rhoncus&erat=mauris&eros=enim&viverra=leo&eget=rhoncus&congue=sed&eget=vestibulum&semper=sit&rutrum=amet&nulla=cursus&nunc=id&purus=turpis&phasellus=integer&in=aliquet&felis=massa&donec=id&semper=lobortis&sapien=convallis&a=tortor&libero=risus&nam=dapibus&dui=augue&proin=vel&leo=accumsan&odio=tellus&porttitor=nisi&id=eu&consequat=orci&in=mauris&consequat=lacinia&ut=sapien&nulla=quis&sed=libero&accumsan=nullam&felis=sit&ut=amet&at=turpis&dolor=elementum&quis=ligula&odio=vehicula&consequat=consequat&varius=morbi&integer=a&ac=ipsum&leo=integer&pellentesque=a&ultrices=nibh&mattis=in&odio=quis&donec=justo&vitae=maecenas&nisi=rhoncus&nam=aliquam&ultrices=lacus&libero=morbi&non=quis&mattis=tortor&pulvinar=id&nulla=nulla&pede=ultrices&ullamcorper=aliquet&augue=maecenas&a=leo&suscipit=odio&nulla=condimentum&elit=id,TRUE
+https://dyndns.org/lectus/pellentesque/eget/nunc/donec.jsp?quam=est&sapien=phasellus&varius=sit&ut=amet&blandit=erat&non=nulla&interdum=tempus&in=vivamus&ante=in&vestibulum=felis&ante=eu&ipsum=sapien&primis=cursus&in=vestibulum&faucibus=proin&orci=eu&luctus=mi&et=nulla&ultrices=ac&posuere=enim&cubilia=in&curae=tempor&duis=turpis&faucibus=nec&accumsan=euismod&odio=scelerisque&curabitur=quam&convallis=turpis&duis=adipiscing&consequat=lorem&dui=vitae&nec=mattis&nisi=nibh&volutpat=ligula&eleifend=nec&donec=sem&ut=duis&dolor=aliquam&morbi=convallis&vel=nunc&lectus=proin&in=at&quam=turpis&fringilla=a&rhoncus=pede&mauris=posuere&enim=nonummy&leo=integer&rhoncus=non&sed=velit&vestibulum=donec&sit=diam&amet=neque&cursus=vestibulum&id=eget&turpis=vulputate&integer=ut&aliquet=ultrices&massa=vel&id=augue&lobortis=vestibulum&convallis=ante&tortor=ipsum&risus=primis&dapibus=in&augue=faucibus&vel=orci&accumsan=luctus&tellus=et&nisi=ultrices&eu=posuere&orci=cubilia&mauris=curae&lacinia=donec&sapien=pharetra&quis=magna&libero=vestibulum&nullam=aliquet&sit=ultrices&amet=erat&turpis=tortor&elementum=sollicitudin&ligula=mi&vehicula=sit,TRUE
+http://theatlantic.com/nam/ultrices/libero/non.json?viverra=in&eget=hac&congue=habitasse&eget=platea&semper=dictumst&rutrum=etiam&nulla=faucibus&nunc=cursus&purus=urna&phasellus=ut&in=tellus&felis=nulla&donec=ut&semper=erat&sapien=id&a=mauris&libero=vulputate&nam=elementum&dui=nullam&proin=varius&leo=nulla&odio=facilisi&porttitor=cras&id=non&consequat=velit&in=nec&consequat=nisi&ut=vulputate&nulla=nonummy&sed=maecenas&accumsan=tincidunt&felis=lacus&ut=at&at=velit&dolor=vivamus&quis=vel&odio=nulla&consequat=eget&varius=eros&integer=elementum&ac=pellentesque&leo=quisque&pellentesque=porta&ultrices=volutpat&mattis=erat&odio=quisque&donec=erat&vitae=eros&nisi=viverra&nam=eget&ultrices=congue&libero=eget&non=semper&mattis=rutrum&pulvinar=nulla&nulla=nunc&pede=purus&ullamcorper=phasellus&augue=in&a=felis&suscipit=donec,TRUE
+https://hostgator.com/venenatis/non/sodales.xml?sapien=sed&iaculis=tincidunt&congue=eu&vivamus=felis&metus=fusce&arcu=posuere&adipiscing=felis&molestie=sed&hendrerit=lacus&at=morbi&vulputate=sem&vitae=mauris&nisl=laoreet&aenean=ut&lectus=rhoncus&pellentesque=aliquet&eget=pulvinar&nunc=sed&donec=nisl&quis=nunc&orci=rhoncus&eget=dui&orci=vel&vehicula=sem&condimentum=sed&curabitur=sagittis&in=nam&libero=congue&ut=risus&massa=semper&volutpat=porta&convallis=volutpat&morbi=quam&odio=pede&odio=lobortis&elementum=ligula&eu=sit&interdum=amet&eu=eleifend&tincidunt=pede&in=libero&leo=quis&maecenas=orci&pulvinar=nullam&lobortis=molestie&est=nibh&phasellus=in&sit=lectus&amet=pellentesque,TRUE
+http://prnewswire.com/sit/amet/eros/suspendisse/accumsan.jsp?sit=aliquam&amet=lacus&sapien=morbi&dignissim=quis&vestibulum=tortor&vestibulum=id&ante=nulla&ipsum=ultrices&primis=aliquet&in=maecenas&faucibus=leo&orci=odio&luctus=condimentum&et=id&ultrices=luctus&posuere=nec&cubilia=molestie&curae=sed&nulla=justo&dapibus=pellentesque,TRUE
+http://samsung.com/amet/diam.jsp?lobortis=in&ligula=hac&sit=habitasse&amet=platea&eleifend=dictumst&pede=etiam&libero=faucibus&quis=cursus&orci=urna&nullam=ut&molestie=tellus&nibh=nulla&in=ut,TRUE
+http://shinystat.com/nisi/nam.html?nec=id&nisi=mauris&volutpat=vulputate&eleifend=elementum&donec=nullam&ut=varius&dolor=nulla&morbi=facilisi&vel=cras&lectus=non&in=velit&quam=nec&fringilla=nisi&rhoncus=vulputate&mauris=nonummy&enim=maecenas&leo=tincidunt&rhoncus=lacus&sed=at&vestibulum=velit&sit=vivamus&amet=vel&cursus=nulla&id=eget&turpis=eros&integer=elementum&aliquet=pellentesque&massa=quisque&id=porta&lobortis=volutpat&convallis=erat&tortor=quisque&risus=erat&dapibus=eros&augue=viverra&vel=eget&accumsan=congue&tellus=eget&nisi=semper&eu=rutrum&orci=nulla&mauris=nunc&lacinia=purus&sapien=phasellus&quis=in&libero=felis&nullam=donec&sit=semper&amet=sapien,TRUE
+http://nhs.uk/ligula/pellentesque/ultrices/phasellus.aspx?hac=sed&habitasse=sagittis&platea=nam&dictumst=congue&morbi=risus&vestibulum=semper&velit=porta&id=volutpat&pretium=quam&iaculis=pede&diam=lobortis&erat=ligula&fermentum=sit&justo=amet&nec=eleifend&condimentum=pede&neque=libero&sapien=quis&placerat=orci&ante=nullam&nulla=molestie&justo=nibh&aliquam=in&quis=lectus&turpis=pellentesque&eget=at&elit=nulla&sodales=suspendisse&scelerisque=potenti&mauris=cras&sit=in&amet=purus&eros=eu&suspendisse=magna&accumsan=vulputate&tortor=luctus&quis=cum&turpis=sociis&sed=natoque&ante=penatibus&vivamus=et&tortor=magnis&duis=dis&mattis=parturient&egestas=montes&metus=nascetur&aenean=ridiculus&fermentum=mus&donec=vivamus&ut=vestibulum&mauris=sagittis&eget=sapien&massa=cum&tempor=sociis&convallis=natoque&nulla=penatibus&neque=et&libero=magnis&convallis=dis&eget=parturient&eleifend=montes&luctus=nascetur&ultricies=ridiculus&eu=mus&nibh=etiam&quisque=vel&id=augue&justo=vestibulum&sit=rutrum,TRUE
+http://angelfire.com/magnis/dis.png?pellentesque=nec&at=sem&nulla=duis&suspendisse=aliquam&potenti=convallis&cras=nunc&in=proin&purus=at&eu=turpis&magna=a&vulputate=pede&luctus=posuere&cum=nonummy&sociis=integer&natoque=non&penatibus=velit&et=donec&magnis=diam&dis=neque&parturient=vestibulum&montes=eget&nascetur=vulputate&ridiculus=ut&mus=ultrices&vivamus=vel&vestibulum=augue&sagittis=vestibulum&sapien=ante&cum=ipsum&sociis=primis&natoque=in&penatibus=faucibus&et=orci&magnis=luctus&dis=et&parturient=ultrices&montes=posuere&nascetur=cubilia&ridiculus=curae&mus=donec&etiam=pharetra&vel=magna&augue=vestibulum,TRUE
+http://whitehouse.gov/eget/tempus/vel/pede/morbi/porttitor.png?et=tristique&commodo=in&vulputate=tempus&justo=sit&in=amet&blandit=sem&ultrices=fusce&enim=consequat&lorem=nulla&ipsum=nisl&dolor=nunc&sit=nisl&amet=duis&consectetuer=bibendum&adipiscing=felis&elit=sed&proin=interdum&interdum=venenatis&mauris=turpis&non=enim&ligula=blandit&pellentesque=mi&ultrices=in&phasellus=porttitor&id=pede&sapien=justo&in=eu&sapien=massa&iaculis=donec&congue=dapibus&vivamus=duis&metus=at&arcu=velit&adipiscing=eu&molestie=est&hendrerit=congue&at=elementum&vulputate=in&vitae=hac&nisl=habitasse&aenean=platea&lectus=dictumst&pellentesque=morbi&eget=vestibulum&nunc=velit&donec=id&quis=pretium&orci=iaculis&eget=diam&orci=erat&vehicula=fermentum&condimentum=justo&curabitur=nec&in=condimentum&libero=neque&ut=sapien&massa=placerat&volutpat=ante&convallis=nulla&morbi=justo,TRUE
+https://github.com/placerat/ante/nulla/justo/aliquam/quis.html?lacus=magnis&at=dis&velit=parturient&vivamus=montes&vel=nascetur&nulla=ridiculus&eget=mus&eros=etiam&elementum=vel&pellentesque=augue&quisque=vestibulum&porta=rutrum&volutpat=rutrum&erat=neque&quisque=aenean&erat=auctor&eros=gravida&viverra=sem&eget=praesent&congue=id&eget=massa&semper=id&rutrum=nisl&nulla=venenatis&nunc=lacinia&purus=aenean&phasellus=sit&in=amet&felis=justo&donec=morbi&semper=ut&sapien=odio&a=cras&libero=mi&nam=pede&dui=malesuada&proin=in&leo=imperdiet&odio=et&porttitor=commodo&id=vulputate&consequat=justo&in=in&consequat=blandit&ut=ultrices&nulla=enim,TRUE
+https://nyu.edu/in/magna/bibendum.xml?nisi=odio&volutpat=elementum&eleifend=eu&donec=interdum&ut=eu&dolor=tincidunt&morbi=in&vel=leo&lectus=maecenas&in=pulvinar&quam=lobortis&fringilla=est&rhoncus=phasellus&mauris=sit&enim=amet&leo=erat&rhoncus=nulla&sed=tempus&vestibulum=vivamus&sit=in&amet=felis&cursus=eu&id=sapien&turpis=cursus&integer=vestibulum&aliquet=proin&massa=eu&id=mi&lobortis=nulla&convallis=ac&tortor=enim&risus=in&dapibus=tempor&augue=turpis&vel=nec&accumsan=euismod&tellus=scelerisque&nisi=quam&eu=turpis&orci=adipiscing&mauris=lorem&lacinia=vitae&sapien=mattis,TRUE
+http://phpbb.com/sapien/sapien/non/mi/integer.html?duis=vulputate&bibendum=ut&morbi=ultrices&non=vel&quam=augue&nec=vestibulum&dui=ante&luctus=ipsum&rutrum=primis&nulla=in&tellus=faucibus&in=orci&sagittis=luctus&dui=et&vel=ultrices&nisl=posuere&duis=cubilia&ac=curae&nibh=donec&fusce=pharetra&lacus=magna&purus=vestibulum&aliquet=aliquet&at=ultrices&feugiat=erat&non=tortor&pretium=sollicitudin&quis=mi&lectus=sit&suspendisse=amet&potenti=lobortis&in=sapien&eleifend=sapien&quam=non&a=mi&odio=integer&in=ac&hac=neque&habitasse=duis&platea=bibendum&dictumst=morbi&maecenas=non&ut=quam&massa=nec&quis=dui&augue=luctus&luctus=rutrum,TRUE
+http://feedburner.com/aliquet/pulvinar/sed/nisl/nunc.js?ridiculus=ut&mus=suscipit&vivamus=a&vestibulum=feugiat&sagittis=et&sapien=eros&cum=vestibulum&sociis=ac&natoque=est&penatibus=lacinia&et=nisi&magnis=venenatis&dis=tristique&parturient=fusce&montes=congue&nascetur=diam&ridiculus=id&mus=ornare&etiam=imperdiet&vel=sapien&augue=urna&vestibulum=pretium&rutrum=nisl&rutrum=ut&neque=volutpat&aenean=sapien&auctor=arcu&gravida=sed&sem=augue&praesent=aliquam&id=erat&massa=volutpat&id=in&nisl=congue&venenatis=etiam&lacinia=justo&aenean=etiam&sit=pretium&amet=iaculis&justo=justo&morbi=in&ut=hac&odio=habitasse&cras=platea&mi=dictumst&pede=etiam&malesuada=faucibus&in=cursus&imperdiet=urna&et=ut&commodo=tellus&vulputate=nulla&justo=ut&in=erat&blandit=id&ultrices=mauris&enim=vulputate&lorem=elementum&ipsum=nullam&dolor=varius&sit=nulla&amet=facilisi&consectetuer=cras&adipiscing=non&elit=velit&proin=nec&interdum=nisi&mauris=vulputate&non=nonummy&ligula=maecenas&pellentesque=tincidunt&ultrices=lacus&phasellus=at&id=velit&sapien=vivamus&in=vel&sapien=nulla&iaculis=eget&congue=eros&vivamus=elementum&metus=pellentesque&arcu=quisque&adipiscing=porta&molestie=volutpat&hendrerit=erat&at=quisque&vulputate=erat&vitae=eros&nisl=viverra&aenean=eget&lectus=congue&pellentesque=eget,TRUE
+https://goo.ne.jp/sit/amet.aspx?in=ultrices&eleifend=erat&quam=tortor&a=sollicitudin&odio=mi&in=sit&hac=amet&habitasse=lobortis&platea=sapien&dictumst=sapien&maecenas=non&ut=mi&massa=integer&quis=ac&augue=neque&luctus=duis&tincidunt=bibendum&nulla=morbi&mollis=non&molestie=quam&lorem=nec&quisque=dui&ut=luctus&erat=rutrum&curabitur=nulla&gravida=tellus&nisi=in&at=sagittis,TRUE
+https://cbslocal.com/quam/pharetra/magna/ac/consequat/metus/sapien.js?viverra=iaculis&diam=congue&vitae=vivamus&quam=metus&suspendisse=arcu&potenti=adipiscing&nullam=molestie&porttitor=hendrerit&lacus=at&at=vulputate&turpis=vitae&donec=nisl&posuere=aenean&metus=lectus&vitae=pellentesque&ipsum=eget&aliquam=nunc&non=donec,TRUE
+https://samsung.com/integer/ac/leo/pellentesque/ultrices.png?blandit=in&mi=magna&in=bibendum&porttitor=imperdiet&pede=nullam&justo=orci&eu=pede&massa=venenatis&donec=non,TRUE
+https://nytimes.com/rhoncus/aliquet/pulvinar.js?in=mattis&imperdiet=nibh&et=ligula&commodo=nec&vulputate=sem&justo=duis&in=aliquam&blandit=convallis&ultrices=nunc&enim=proin&lorem=at&ipsum=turpis&dolor=a&sit=pede&amet=posuere&consectetuer=nonummy&adipiscing=integer&elit=non&proin=velit&interdum=donec&mauris=diam&non=neque&ligula=vestibulum&pellentesque=eget&ultrices=vulputate&phasellus=ut&id=ultrices&sapien=vel&in=augue&sapien=vestibulum&iaculis=ante&congue=ipsum&vivamus=primis&metus=in&arcu=faucibus&adipiscing=orci&molestie=luctus&hendrerit=et&at=ultrices&vulputate=posuere&vitae=cubilia&nisl=curae&aenean=donec&lectus=pharetra&pellentesque=magna&eget=vestibulum&nunc=aliquet&donec=ultrices&quis=erat&orci=tortor&eget=sollicitudin&orci=mi&vehicula=sit&condimentum=amet&curabitur=lobortis&in=sapien&libero=sapien&ut=non&massa=mi&volutpat=integer&convallis=ac&morbi=neque&odio=duis&odio=bibendum&elementum=morbi&eu=non&interdum=quam&eu=nec&tincidunt=dui&in=luctus&leo=rutrum&maecenas=nulla&pulvinar=tellus&lobortis=in&est=sagittis&phasellus=dui&sit=vel&amet=nisl&erat=duis&nulla=ac&tempus=nibh&vivamus=fusce&in=lacus&felis=purus&eu=aliquet&sapien=at&cursus=feugiat&vestibulum=non&proin=pretium&eu=quis&mi=lectus&nulla=suspendisse&ac=potenti&enim=in&in=eleifend&tempor=quam&turpis=a,TRUE
+https://biblegateway.com/dolor/sit/amet/consectetuer/adipiscing/elit.json?tempus=at&vivamus=velit&in=eu&felis=est&eu=congue&sapien=elementum,TRUE
+http://livejournal.com/lacinia/aenean/sit/amet/justo/morbi.js?augue=nulla&vestibulum=suscipit&rutrum=ligula&rutrum=in&neque=lacus&aenean=curabitur&auctor=at&gravida=ipsum&sem=ac&praesent=tellus&id=semper&massa=interdum&id=mauris&nisl=ullamcorper&venenatis=purus&lacinia=sit&aenean=amet&sit=nulla&amet=quisque&justo=arcu&morbi=libero&ut=rutrum,TRUE
+http://slashdot.org/pede/justo/lacinia.js?amet=est&sem=lacinia&fusce=nisi&consequat=venenatis&nulla=tristique&nisl=fusce&nunc=congue&nisl=diam&duis=id&bibendum=ornare&felis=imperdiet&sed=sapien&interdum=urna&venenatis=pretium&turpis=nisl&enim=ut&blandit=volutpat&mi=sapien&in=arcu&porttitor=sed&pede=augue&justo=aliquam&eu=erat&massa=volutpat&donec=in&dapibus=congue&duis=etiam&at=justo&velit=etiam&eu=pretium&est=iaculis&congue=justo&elementum=in&in=hac&hac=habitasse&habitasse=platea&platea=dictumst&dictumst=etiam&morbi=faucibus&vestibulum=cursus&velit=urna&id=ut&pretium=tellus&iaculis=nulla&diam=ut&erat=erat&fermentum=id&justo=mauris&nec=vulputate&condimentum=elementum&neque=nullam&sapien=varius&placerat=nulla&ante=facilisi&nulla=cras&justo=non&aliquam=velit&quis=nec&turpis=nisi&eget=vulputate&elit=nonummy&sodales=maecenas,TRUE
+https://woothemes.com/in/felis/donec/semper/sapien/a/libero.js?augue=in&quam=faucibus&sollicitudin=orci&vitae=luctus&consectetuer=et&eget=ultrices&rutrum=posuere&at=cubilia&lorem=curae&integer=duis&tincidunt=faucibus&ante=accumsan&vel=odio&ipsum=curabitur&praesent=convallis&blandit=duis&lacinia=consequat&erat=dui&vestibulum=nec&sed=nisi&magna=volutpat&at=eleifend&nunc=donec&commodo=ut&placerat=dolor&praesent=morbi&blandit=vel&nam=lectus&nulla=in&integer=quam&pede=fringilla&justo=rhoncus&lacinia=mauris&eget=enim&tincidunt=leo&eget=rhoncus&tempus=sed&vel=vestibulum&pede=sit&morbi=amet&porttitor=cursus&lorem=id&id=turpis&ligula=integer&suspendisse=aliquet&ornare=massa&consequat=id&lectus=lobortis&in=convallis&est=tortor&risus=risus&auctor=dapibus&sed=augue&tristique=vel&in=accumsan&tempus=tellus&sit=nisi&amet=eu&sem=orci&fusce=mauris&consequat=lacinia&nulla=sapien&nisl=quis&nunc=libero&nisl=nullam&duis=sit&bibendum=amet&felis=turpis&sed=elementum&interdum=ligula&venenatis=vehicula&turpis=consequat&enim=morbi&blandit=a&mi=ipsum&in=integer&porttitor=a&pede=nibh&justo=in&eu=quis&massa=justo&donec=maecenas&dapibus=rhoncus&duis=aliquam&at=lacus&velit=morbi&eu=quis&est=tortor&congue=id&elementum=nulla&in=ultrices&hac=aliquet&habitasse=maecenas&platea=leo&dictumst=odio&morbi=condimentum&vestibulum=id&velit=luctus&id=nec,TRUE
+http://webs.com/praesent.aspx?faucibus=vestibulum&orci=ante&luctus=ipsum&et=primis&ultrices=in&posuere=faucibus&cubilia=orci&curae=luctus&nulla=et&dapibus=ultrices&dolor=posuere&vel=cubilia&est=curae&donec=mauris&odio=viverra&justo=diam&sollicitudin=vitae&ut=quam&suscipit=suspendisse&a=potenti&feugiat=nullam&et=porttitor&eros=lacus&vestibulum=at&ac=turpis&est=donec&lacinia=posuere&nisi=metus&venenatis=vitae&tristique=ipsum&fusce=aliquam&congue=non&diam=mauris&id=morbi&ornare=non&imperdiet=lectus&sapien=aliquam&urna=sit&pretium=amet&nisl=diam&ut=in&volutpat=magna&sapien=bibendum&arcu=imperdiet&sed=nullam&augue=orci&aliquam=pede&erat=venenatis&volutpat=non,TRUE
+http://clickbank.net/id/luctus/nec/molestie/sed.jsp?vel=pede&pede=justo&morbi=eu&porttitor=massa&lorem=donec&id=dapibus&ligula=duis&suspendisse=at&ornare=velit&consequat=eu&lectus=est&in=congue&est=elementum&risus=in&auctor=hac&sed=habitasse&tristique=platea&in=dictumst&tempus=morbi&sit=vestibulum,TRUE
+https://indiegogo.com/suspendisse/potenti/in/eleifend/quam/a/odio.jpg?amet=odio&consectetuer=cras&adipiscing=mi&elit=pede&proin=malesuada&interdum=in&mauris=imperdiet&non=et&ligula=commodo&pellentesque=vulputate&ultrices=justo&phasellus=in&id=blandit&sapien=ultrices&in=enim&sapien=lorem&iaculis=ipsum&congue=dolor&vivamus=sit&metus=amet&arcu=consectetuer&adipiscing=adipiscing&molestie=elit&hendrerit=proin&at=interdum&vulputate=mauris&vitae=non&nisl=ligula&aenean=pellentesque&lectus=ultrices&pellentesque=phasellus&eget=id&nunc=sapien&donec=in&quis=sapien&orci=iaculis&eget=congue&orci=vivamus&vehicula=metus&condimentum=arcu&curabitur=adipiscing&in=molestie&libero=hendrerit&ut=at&massa=vulputate&volutpat=vitae&convallis=nisl&morbi=aenean&odio=lectus&odio=pellentesque&elementum=eget&eu=nunc&interdum=donec&eu=quis&tincidunt=orci&in=eget&leo=orci&maecenas=vehicula&pulvinar=condimentum&lobortis=curabitur&est=in&phasellus=libero&sit=ut&amet=massa&erat=volutpat&nulla=convallis&tempus=morbi&vivamus=odio&in=odio&felis=elementum&eu=eu&sapien=interdum&cursus=eu&vestibulum=tincidunt,TRUE
+http://mozilla.com/in.png?cum=eros&sociis=vestibulum&natoque=ac&penatibus=est&et=lacinia&magnis=nisi&dis=venenatis&parturient=tristique&montes=fusce&nascetur=congue&ridiculus=diam&mus=id&etiam=ornare&vel=imperdiet&augue=sapien&vestibulum=urna&rutrum=pretium&rutrum=nisl&neque=ut&aenean=volutpat&auctor=sapien&gravida=arcu&sem=sed&praesent=augue&id=aliquam,TRUE
+http://digg.com/justo/in/hac/habitasse.json?platea=bibendum&dictumst=morbi,TRUE
+http://amazonaws.com/elit/ac/nulla/sed/vel/enim/sit.xml?nulla=molestie&mollis=lorem&molestie=quisque&lorem=ut&quisque=erat&ut=curabitur&erat=gravida&curabitur=nisi&gravida=at&nisi=nibh&at=in&nibh=hac&in=habitasse&hac=platea&habitasse=dictumst&platea=aliquam&dictumst=augue&aliquam=quam&augue=sollicitudin&quam=vitae&sollicitudin=consectetuer&vitae=eget&consectetuer=rutrum&eget=at&rutrum=lorem&at=integer&lorem=tincidunt&integer=ante&tincidunt=vel&ante=ipsum&vel=praesent&ipsum=blandit&praesent=lacinia&blandit=erat&lacinia=vestibulum&erat=sed&vestibulum=magna&sed=at&magna=nunc&at=commodo&nunc=placerat&commodo=praesent&placerat=blandit&praesent=nam&blandit=nulla&nam=integer&nulla=pede&integer=justo&pede=lacinia&justo=eget&lacinia=tincidunt&eget=eget&tincidunt=tempus&eget=vel&tempus=pede&vel=morbi&pede=porttitor&morbi=lorem&porttitor=id&lorem=ligula&id=suspendisse&ligula=ornare&suspendisse=consequat&ornare=lectus&consequat=in&lectus=est&in=risus&est=auctor&risus=sed&auctor=tristique&sed=in&tristique=tempus&in=sit&tempus=amet&sit=sem&amet=fusce&sem=consequat&fusce=nulla&consequat=nisl&nulla=nunc&nisl=nisl,TRUE
+https://jiathis.com/ipsum/dolor/sit/amet.png?rhoncus=blandit&sed=lacinia&vestibulum=erat&sit=vestibulum&amet=sed&cursus=magna&id=at&turpis=nunc&integer=commodo&aliquet=placerat&massa=praesent&id=blandit&lobortis=nam&convallis=nulla&tortor=integer&risus=pede&dapibus=justo&augue=lacinia&vel=eget&accumsan=tincidunt&tellus=eget&nisi=tempus,TRUE
+http://latimes.com/donec/dapibus/duis/at/velit/eu.jpg?in=nec&lacus=dui&curabitur=luctus&at=rutrum&ipsum=nulla&ac=tellus&tellus=in&semper=sagittis&interdum=dui&mauris=vel&ullamcorper=nisl&purus=duis&sit=ac&amet=nibh&nulla=fusce&quisque=lacus&arcu=purus&libero=aliquet&rutrum=at&ac=feugiat&lobortis=non&vel=pretium&dapibus=quis,TRUE
+http://irs.gov/quisque/ut/erat/curabitur/gravida.aspx?in=facilisi&magna=cras&bibendum=non&imperdiet=velit&nullam=nec&orci=nisi&pede=vulputate&venenatis=nonummy&non=maecenas&sodales=tincidunt&sed=lacus&tincidunt=at&eu=velit&felis=vivamus&fusce=vel&posuere=nulla&felis=eget&sed=eros&lacus=elementum&morbi=pellentesque&sem=quisque&mauris=porta&laoreet=volutpat&ut=erat&rhoncus=quisque&aliquet=erat&pulvinar=eros&sed=viverra&nisl=eget&nunc=congue&rhoncus=eget&dui=semper&vel=rutrum&sem=nulla&sed=nunc&sagittis=purus&nam=phasellus&congue=in&risus=felis&semper=donec&porta=semper&volutpat=sapien&quam=a&pede=libero&lobortis=nam&ligula=dui&sit=proin&amet=leo,TRUE
+http://blogtalkradio.com/vestibulum/ante/ipsum/primis/in/faucibus/orci.json?volutpat=dui&sapien=vel&arcu=nisl&sed=duis&augue=ac&aliquam=nibh&erat=fusce&volutpat=lacus&in=purus&congue=aliquet&etiam=at&justo=feugiat&etiam=non&pretium=pretium&iaculis=quis&justo=lectus&in=suspendisse&hac=potenti&habitasse=in&platea=eleifend&dictumst=quam&etiam=a&faucibus=odio&cursus=in&urna=hac&ut=habitasse&tellus=platea&nulla=dictumst&ut=maecenas&erat=ut&id=massa&mauris=quis&vulputate=augue&elementum=luctus&nullam=tincidunt&varius=nulla&nulla=mollis&facilisi=molestie&cras=lorem&non=quisque&velit=ut&nec=erat&nisi=curabitur&vulputate=gravida,TRUE
+http://phpbb.com/at/turpis/a/pede.png?molestie=nulla&hendrerit=mollis&at=molestie&vulputate=lorem&vitae=quisque&nisl=ut&aenean=erat&lectus=curabitur&pellentesque=gravida&eget=nisi&nunc=at&donec=nibh&quis=in&orci=hac&eget=habitasse&orci=platea&vehicula=dictumst&condimentum=aliquam&curabitur=augue&in=quam&libero=sollicitudin&ut=vitae&massa=consectetuer&volutpat=eget&convallis=rutrum&morbi=at&odio=lorem&odio=integer&elementum=tincidunt&eu=ante&interdum=vel&eu=ipsum&tincidunt=praesent&in=blandit&leo=lacinia&maecenas=erat&pulvinar=vestibulum&lobortis=sed&est=magna&phasellus=at&sit=nunc&amet=commodo&erat=placerat&nulla=praesent&tempus=blandit&vivamus=nam&in=nulla&felis=integer&eu=pede&sapien=justo&cursus=lacinia&vestibulum=eget&proin=tincidunt&eu=eget&mi=tempus&nulla=vel&ac=pede&enim=morbi&in=porttitor&tempor=lorem&turpis=id&nec=ligula&euismod=suspendisse&scelerisque=ornare&quam=consequat&turpis=lectus&adipiscing=in&lorem=est&vitae=risus&mattis=auctor&nibh=sed&ligula=tristique&nec=in&sem=tempus&duis=sit&aliquam=amet&convallis=sem&nunc=fusce&proin=consequat&at=nulla&turpis=nisl&a=nunc&pede=nisl&posuere=duis&nonummy=bibendum&integer=felis&non=sed&velit=interdum&donec=venenatis&diam=turpis&neque=enim&vestibulum=blandit&eget=mi&vulputate=in&ut=porttitor&ultrices=pede&vel=justo,TRUE
+http://seesaa.net/purus/sit.png?velit=ultrices&donec=mattis&diam=odio&neque=donec&vestibulum=vitae&eget=nisi&vulputate=nam&ut=ultrices&ultrices=libero&vel=non&augue=mattis&vestibulum=pulvinar,TRUE
+https://google.cn/libero/non/mattis/pulvinar/nulla/pede/ullamcorper.json?lorem=nulla&integer=pede,TRUE
+http://gnu.org/cras.html?fusce=cras&consequat=non&nulla=velit&nisl=nec&nunc=nisi&nisl=vulputate&duis=nonummy,TRUE
+http://nature.com/pellentesque/viverra/pede/ac.html?vel=id&ipsum=consequat&praesent=in&blandit=consequat&lacinia=ut&erat=nulla&vestibulum=sed&sed=accumsan&magna=felis&at=ut&nunc=at&commodo=dolor&placerat=quis&praesent=odio&blandit=consequat&nam=varius&nulla=integer&integer=ac&pede=leo&justo=pellentesque&lacinia=ultrices&eget=mattis&tincidunt=odio&eget=donec&tempus=vitae&vel=nisi&pede=nam&morbi=ultrices&porttitor=libero&lorem=non&id=mattis&ligula=pulvinar&suspendisse=nulla&ornare=pede&consequat=ullamcorper&lectus=augue&in=a&est=suscipit&risus=nulla&auctor=elit&sed=ac&tristique=nulla&in=sed&tempus=vel&sit=enim&amet=sit&sem=amet&fusce=nunc&consequat=viverra&nulla=dapibus&nisl=nulla&nunc=suscipit&nisl=ligula&duis=in&bibendum=lacus&felis=curabitur&sed=at&interdum=ipsum&venenatis=ac&turpis=tellus&enim=semper&blandit=interdum&mi=mauris&in=ullamcorper&porttitor=purus&pede=sit&justo=amet&eu=nulla&massa=quisque&donec=arcu&dapibus=libero&duis=rutrum&at=ac&velit=lobortis&eu=vel&est=dapibus&congue=at&elementum=diam&in=nam&hac=tristique&habitasse=tortor&platea=eu&dictumst=pede,TRUE
+https://cyberchimps.com/ante/ipsum.html?nec=eleifend&molestie=pede,TRUE
+http://histats.com/felis.js?tristique=duis&fusce=ac&congue=nibh&diam=fusce&id=lacus&ornare=purus&imperdiet=aliquet&sapien=at&urna=feugiat&pretium=non&nisl=pretium&ut=quis&volutpat=lectus&sapien=suspendisse&arcu=potenti&sed=in&augue=eleifend&aliquam=quam&erat=a&volutpat=odio&in=in&congue=hac&etiam=habitasse&justo=platea&etiam=dictumst&pretium=maecenas&iaculis=ut&justo=massa&in=quis&hac=augue&habitasse=luctus&platea=tincidunt&dictumst=nulla&etiam=mollis&faucibus=molestie&cursus=lorem&urna=quisque&ut=ut&tellus=erat&nulla=curabitur&ut=gravida&erat=nisi&id=at&mauris=nibh&vulputate=in&elementum=hac&nullam=habitasse&varius=platea&nulla=dictumst&facilisi=aliquam&cras=augue&non=quam&velit=sollicitudin&nec=vitae&nisi=consectetuer&vulputate=eget&nonummy=rutrum&maecenas=at&tincidunt=lorem&lacus=integer&at=tincidunt&velit=ante&vivamus=vel&vel=ipsum&nulla=praesent&eget=blandit&eros=lacinia&elementum=erat&pellentesque=vestibulum&quisque=sed&porta=magna&volutpat=at&erat=nunc&quisque=commodo&erat=placerat&eros=praesent&viverra=blandit&eget=nam&congue=nulla&eget=integer&semper=pede&rutrum=justo&nulla=lacinia&nunc=eget&purus=tincidunt,TRUE
+https://hubpages.com/erat/vestibulum/sed.jsp?justo=in&morbi=tempor&ut=turpis&odio=nec&cras=euismod&mi=scelerisque&pede=quam&malesuada=turpis&in=adipiscing&imperdiet=lorem&et=vitae&commodo=mattis&vulputate=nibh&justo=ligula&in=nec&blandit=sem&ultrices=duis&enim=aliquam&lorem=convallis&ipsum=nunc&dolor=proin&sit=at&amet=turpis&consectetuer=a&adipiscing=pede&elit=posuere&proin=nonummy&interdum=integer&mauris=non&non=velit&ligula=donec&pellentesque=diam&ultrices=neque&phasellus=vestibulum&id=eget&sapien=vulputate&in=ut&sapien=ultrices&iaculis=vel&congue=augue&vivamus=vestibulum&metus=ante&arcu=ipsum&adipiscing=primis&molestie=in&hendrerit=faucibus&at=orci&vulputate=luctus&vitae=et,TRUE
+http://oaic.gov.au/in/imperdiet.jpg?semper=sapien&porta=ut&volutpat=nunc&quam=vestibulum&pede=ante&lobortis=ipsum&ligula=primis&sit=in&amet=faucibus&eleifend=orci&pede=luctus&libero=et&quis=ultrices&orci=posuere&nullam=cubilia&molestie=curae&nibh=mauris&in=viverra&lectus=diam&pellentesque=vitae&at=quam&nulla=suspendisse&suspendisse=potenti&potenti=nullam&cras=porttitor&in=lacus&purus=at&eu=turpis&magna=donec&vulputate=posuere&luctus=metus&cum=vitae&sociis=ipsum&natoque=aliquam&penatibus=non&et=mauris&magnis=morbi&dis=non&parturient=lectus&montes=aliquam&nascetur=sit&ridiculus=amet&mus=diam&vivamus=in&vestibulum=magna&sagittis=bibendum&sapien=imperdiet&cum=nullam&sociis=orci&natoque=pede&penatibus=venenatis&et=non&magnis=sodales&dis=sed&parturient=tincidunt&montes=eu&nascetur=felis&ridiculus=fusce&mus=posuere&etiam=felis&vel=sed&augue=lacus&vestibulum=morbi&rutrum=sem&rutrum=mauris&neque=laoreet&aenean=ut&auctor=rhoncus&gravida=aliquet&sem=pulvinar&praesent=sed&id=nisl,TRUE
+https://mail.ru/mauris/lacinia/sapien/quis/libero/nullam/sit.jsp?tellus=ligula&nisi=pellentesque&eu=ultrices&orci=phasellus&mauris=id&lacinia=sapien&sapien=in&quis=sapien&libero=iaculis&nullam=congue&sit=vivamus&amet=metus&turpis=arcu&elementum=adipiscing&ligula=molestie&vehicula=hendrerit&consequat=at&morbi=vulputate&a=vitae&ipsum=nisl&integer=aenean&a=lectus&nibh=pellentesque&in=eget&quis=nunc&justo=donec&maecenas=quis&rhoncus=orci&aliquam=eget&lacus=orci&morbi=vehicula&quis=condimentum&tortor=curabitur&id=in&nulla=libero&ultrices=ut&aliquet=massa&maecenas=volutpat&leo=convallis&odio=morbi&condimentum=odio&id=odio&luctus=elementum&nec=eu&molestie=interdum&sed=eu&justo=tincidunt&pellentesque=in&viverra=leo&pede=maecenas&ac=pulvinar&diam=lobortis&cras=est&pellentesque=phasellus&volutpat=sit&dui=amet&maecenas=erat&tristique=nulla&est=tempus&et=vivamus,TRUE
+https://cargocollective.com/felis/sed/interdum/venenatis/turpis/enim.json?pellentesque=ligula&volutpat=pellentesque&dui=ultrices&maecenas=phasellus&tristique=id&est=sapien&et=in&tempus=sapien&semper=iaculis&est=congue&quam=vivamus&pharetra=metus&magna=arcu&ac=adipiscing&consequat=molestie&metus=hendrerit&sapien=at&ut=vulputate&nunc=vitae&vestibulum=nisl&ante=aenean&ipsum=lectus&primis=pellentesque&in=eget&faucibus=nunc&orci=donec&luctus=quis&et=orci&ultrices=eget&posuere=orci&cubilia=vehicula&curae=condimentum&mauris=curabitur&viverra=in&diam=libero&vitae=ut&quam=massa&suspendisse=volutpat&potenti=convallis&nullam=morbi&porttitor=odio&lacus=odio&at=elementum&turpis=eu&donec=interdum&posuere=eu,TRUE
+https://de.vu/libero/convallis/eget/eleifend/luctus/ultricies/eu.json?aliquet=faucibus&at=orci&feugiat=luctus&non=et&pretium=ultrices&quis=posuere&lectus=cubilia,TRUE
+http://aol.com/non/sodales/sed/tincidunt/eu.png?vulputate=vitae&elementum=consectetuer&nullam=eget&varius=rutrum&nulla=at&facilisi=lorem&cras=integer&non=tincidunt&velit=ante&nec=vel&nisi=ipsum&vulputate=praesent&nonummy=blandit&maecenas=lacinia&tincidunt=erat&lacus=vestibulum&at=sed&velit=magna&vivamus=at&vel=nunc&nulla=commodo&eget=placerat&eros=praesent&elementum=blandit&pellentesque=nam&quisque=nulla&porta=integer&volutpat=pede&erat=justo&quisque=lacinia&erat=eget&eros=tincidunt&viverra=eget&eget=tempus&congue=vel&eget=pede&semper=morbi&rutrum=porttitor&nulla=lorem&nunc=id&purus=ligula&phasellus=suspendisse&in=ornare&felis=consequat&donec=lectus&semper=in&sapien=est&a=risus&libero=auctor&nam=sed&dui=tristique&proin=in&leo=tempus&odio=sit&porttitor=amet&id=sem&consequat=fusce&in=consequat&consequat=nulla&ut=nisl&nulla=nunc,TRUE
+http://microsoft.com/curabitur/at/ipsum/ac/tellus.xml?cursus=luctus&urna=et&ut=ultrices&tellus=posuere&nulla=cubilia&ut=curae&erat=duis&id=faucibus&mauris=accumsan,TRUE
+http://vimeo.com/mauris/viverra/diam/vitae/quam/suspendisse.xml?rhoncus=proin&aliquam=at&lacus=turpis&morbi=a&quis=pede&tortor=posuere&id=nonummy&nulla=integer&ultrices=non&aliquet=velit&maecenas=donec&leo=diam&odio=neque&condimentum=vestibulum&id=eget&luctus=vulputate&nec=ut&molestie=ultrices&sed=vel&justo=augue&pellentesque=vestibulum&viverra=ante&pede=ipsum&ac=primis&diam=in&cras=faucibus&pellentesque=orci&volutpat=luctus&dui=et&maecenas=ultrices&tristique=posuere&est=cubilia&et=curae&tempus=donec&semper=pharetra&est=magna&quam=vestibulum&pharetra=aliquet&magna=ultrices&ac=erat&consequat=tortor&metus=sollicitudin&sapien=mi&ut=sit&nunc=amet&vestibulum=lobortis&ante=sapien&ipsum=sapien&primis=non&in=mi&faucibus=integer&orci=ac&luctus=neque&et=duis&ultrices=bibendum&posuere=morbi&cubilia=non&curae=quam&mauris=nec&viverra=dui&diam=luctus&vitae=rutrum&quam=nulla&suspendisse=tellus&potenti=in&nullam=sagittis&porttitor=dui&lacus=vel&at=nisl&turpis=duis&donec=ac&posuere=nibh&metus=fusce,TRUE
+https://webmd.com/suspendisse.xml?morbi=id&vestibulum=sapien&velit=in&id=sapien&pretium=iaculis,TRUE
+https://yelp.com/erat/curabitur/gravida/nisi/at/nibh/in.jsp?est=curabitur&quam=gravida&pharetra=nisi&magna=at&ac=nibh&consequat=in&metus=hac&sapien=habitasse&ut=platea&nunc=dictumst&vestibulum=aliquam&ante=augue&ipsum=quam&primis=sollicitudin&in=vitae&faucibus=consectetuer&orci=eget&luctus=rutrum&et=at&ultrices=lorem&posuere=integer&cubilia=tincidunt&curae=ante&mauris=vel&viverra=ipsum&diam=praesent&vitae=blandit&quam=lacinia&suspendisse=erat&potenti=vestibulum&nullam=sed&porttitor=magna&lacus=at&at=nunc&turpis=commodo&donec=placerat&posuere=praesent&metus=blandit&vitae=nam&ipsum=nulla&aliquam=integer&non=pede&mauris=justo&morbi=lacinia&non=eget&lectus=tincidunt&aliquam=eget&sit=tempus&amet=vel&diam=pede&in=morbi&magna=porttitor&bibendum=lorem&imperdiet=id&nullam=ligula&orci=suspendisse&pede=ornare&venenatis=consequat&non=lectus&sodales=in&sed=est&tincidunt=risus&eu=auctor&felis=sed&fusce=tristique&posuere=in&felis=tempus&sed=sit&lacus=amet&morbi=sem&sem=fusce&mauris=consequat&laoreet=nulla&ut=nisl&rhoncus=nunc&aliquet=nisl&pulvinar=duis&sed=bibendum&nisl=felis&nunc=sed&rhoncus=interdum&dui=venenatis&vel=turpis,TRUE
+https://washington.edu/nulla/ultrices.js?blandit=nullam&mi=molestie&in=nibh&porttitor=in&pede=lectus&justo=pellentesque&eu=at&massa=nulla&donec=suspendisse&dapibus=potenti&duis=cras&at=in&velit=purus&eu=eu&est=magna&congue=vulputate&elementum=luctus&in=cum&hac=sociis&habitasse=natoque&platea=penatibus&dictumst=et&morbi=magnis&vestibulum=dis&velit=parturient&id=montes&pretium=nascetur&iaculis=ridiculus&diam=mus&erat=vivamus&fermentum=vestibulum&justo=sagittis&nec=sapien&condimentum=cum&neque=sociis&sapien=natoque&placerat=penatibus&ante=et&nulla=magnis&justo=dis&aliquam=parturient&quis=montes&turpis=nascetur&eget=ridiculus&elit=mus&sodales=etiam&scelerisque=vel&mauris=augue&sit=vestibulum&amet=rutrum&eros=rutrum&suspendisse=neque&accumsan=aenean&tortor=auctor&quis=gravida&turpis=sem&sed=praesent&ante=id&vivamus=massa&tortor=id&duis=nisl&mattis=venenatis&egestas=lacinia&metus=aenean&aenean=sit&fermentum=amet&donec=justo&ut=morbi&mauris=ut&eget=odio&massa=cras&tempor=mi&convallis=pede&nulla=malesuada&neque=in&libero=imperdiet&convallis=et&eget=commodo&eleifend=vulputate&luctus=justo&ultricies=in&eu=blandit&nibh=ultrices&quisque=enim&id=lorem&justo=ipsum&sit=dolor&amet=sit&sapien=amet&dignissim=consectetuer&vestibulum=adipiscing&vestibulum=elit&ante=proin&ipsum=interdum&primis=mauris&in=non&faucibus=ligula&orci=pellentesque&luctus=ultrices&et=phasellus,TRUE
+https://usgs.gov/faucibus/orci.js?eu=sit&nibh=amet&quisque=erat&id=nulla&justo=tempus&sit=vivamus&amet=in&sapien=felis&dignissim=eu&vestibulum=sapien&vestibulum=cursus&ante=vestibulum&ipsum=proin&primis=eu&in=mi&faucibus=nulla&orci=ac&luctus=enim&et=in&ultrices=tempor&posuere=turpis&cubilia=nec&curae=euismod&nulla=scelerisque,TRUE
+http://wp.com/nibh/in/quis/justo.jpg?sed=et&lacus=magnis&morbi=dis&sem=parturient&mauris=montes&laoreet=nascetur&ut=ridiculus&rhoncus=mus&aliquet=etiam&pulvinar=vel&sed=augue&nisl=vestibulum&nunc=rutrum&rhoncus=rutrum&dui=neque&vel=aenean&sem=auctor&sed=gravida&sagittis=sem&nam=praesent&congue=id&risus=massa&semper=id&porta=nisl&volutpat=venenatis&quam=lacinia&pede=aenean&lobortis=sit&ligula=amet&sit=justo&amet=morbi&eleifend=ut&pede=odio&libero=cras&quis=mi&orci=pede&nullam=malesuada&molestie=in&nibh=imperdiet&in=et&lectus=commodo&pellentesque=vulputate&at=justo&nulla=in&suspendisse=blandit&potenti=ultrices&cras=enim&in=lorem&purus=ipsum&eu=dolor&magna=sit&vulputate=amet&luctus=consectetuer&cum=adipiscing&sociis=elit&natoque=proin&penatibus=interdum&et=mauris&magnis=non&dis=ligula&parturient=pellentesque&montes=ultrices&nascetur=phasellus&ridiculus=id&mus=sapien&vivamus=in&vestibulum=sapien&sagittis=iaculis&sapien=congue&cum=vivamus&sociis=metus&natoque=arcu&penatibus=adipiscing&et=molestie&magnis=hendrerit&dis=at&parturient=vulputate&montes=vitae&nascetur=nisl&ridiculus=aenean&mus=lectus,TRUE
+https://scribd.com/rhoncus.js?in=turpis&faucibus=elementum&orci=ligula&luctus=vehicula&et=consequat&ultrices=morbi&posuere=a&cubilia=ipsum&curae=integer&nulla=a&dapibus=nibh&dolor=in&vel=quis&est=justo&donec=maecenas&odio=rhoncus&justo=aliquam&sollicitudin=lacus&ut=morbi&suscipit=quis&a=tortor&feugiat=id&et=nulla&eros=ultrices&vestibulum=aliquet&ac=maecenas&est=leo&lacinia=odio&nisi=condimentum&venenatis=id&tristique=luctus&fusce=nec&congue=molestie&diam=sed&id=justo&ornare=pellentesque&imperdiet=viverra&sapien=pede&urna=ac&pretium=diam&nisl=cras&ut=pellentesque&volutpat=volutpat&sapien=dui&arcu=maecenas&sed=tristique&augue=est&aliquam=et&erat=tempus&volutpat=semper&in=est&congue=quam&etiam=pharetra&justo=magna&etiam=ac&pretium=consequat&iaculis=metus&justo=sapien&in=ut&hac=nunc&habitasse=vestibulum&platea=ante&dictumst=ipsum&etiam=primis&faucibus=in&cursus=faucibus&urna=orci&ut=luctus&tellus=et&nulla=ultrices&ut=posuere&erat=cubilia&id=curae&mauris=mauris&vulputate=viverra&elementum=diam&nullam=vitae,TRUE
+https://intel.com/aenean/sit/amet.html?montes=est&nascetur=congue&ridiculus=elementum&mus=in&vivamus=hac&vestibulum=habitasse&sagittis=platea&sapien=dictumst&cum=morbi&sociis=vestibulum&natoque=velit&penatibus=id&et=pretium&magnis=iaculis&dis=diam&parturient=erat&montes=fermentum&nascetur=justo&ridiculus=nec&mus=condimentum&etiam=neque&vel=sapien&augue=placerat&vestibulum=ante&rutrum=nulla&rutrum=justo&neque=aliquam&aenean=quis&auctor=turpis&gravida=eget&sem=elit&praesent=sodales&id=scelerisque&massa=mauris&id=sit&nisl=amet&venenatis=eros&lacinia=suspendisse&aenean=accumsan&sit=tortor&amet=quis&justo=turpis&morbi=sed&ut=ante&odio=vivamus&cras=tortor&mi=duis&pede=mattis&malesuada=egestas,TRUE
+http://epa.gov/blandit/lacinia.html?tristique=augue&fusce=quam&congue=sollicitudin&diam=vitae&id=consectetuer&ornare=eget&imperdiet=rutrum&sapien=at&urna=lorem&pretium=integer&nisl=tincidunt&ut=ante&volutpat=vel&sapien=ipsum&arcu=praesent&sed=blandit&augue=lacinia&aliquam=erat&erat=vestibulum&volutpat=sed&in=magna&congue=at&etiam=nunc&justo=commodo&etiam=placerat&pretium=praesent&iaculis=blandit&justo=nam&in=nulla&hac=integer,TRUE
+https://alexa.com/tempor/turpis/nec/euismod/scelerisque.xml?primis=vulputate&in=ut&faucibus=ultrices&orci=vel&luctus=augue&et=vestibulum&ultrices=ante&posuere=ipsum&cubilia=primis&curae=in&nulla=faucibus&dapibus=orci&dolor=luctus&vel=et&est=ultrices&donec=posuere&odio=cubilia&justo=curae&sollicitudin=donec&ut=pharetra&suscipit=magna&a=vestibulum&feugiat=aliquet&et=ultrices&eros=erat&vestibulum=tortor&ac=sollicitudin&est=mi&lacinia=sit&nisi=amet,TRUE
+http://ucoz.ru/dictumst/etiam.aspx?vestibulum=in&ante=tempor&ipsum=turpis&primis=nec&in=euismod&faucibus=scelerisque&orci=quam&luctus=turpis&et=adipiscing&ultrices=lorem&posuere=vitae&cubilia=mattis&curae=nibh&mauris=ligula&viverra=nec&diam=sem&vitae=duis&quam=aliquam&suspendisse=convallis&potenti=nunc&nullam=proin&porttitor=at&lacus=turpis&at=a&turpis=pede&donec=posuere&posuere=nonummy&metus=integer&vitae=non&ipsum=velit&aliquam=donec&non=diam&mauris=neque&morbi=vestibulum&non=eget&lectus=vulputate&aliquam=ut,TRUE
+https://multiply.com/est/congue/elementum/in/hac/habitasse/platea.json?eleifend=aliquet&pede=maecenas&libero=leo&quis=odio&orci=condimentum&nullam=id&molestie=luctus&nibh=nec&in=molestie&lectus=sed&pellentesque=justo&at=pellentesque&nulla=viverra&suspendisse=pede&potenti=ac&cras=diam&in=cras&purus=pellentesque&eu=volutpat&magna=dui&vulputate=maecenas&luctus=tristique&cum=est&sociis=et&natoque=tempus&penatibus=semper&et=est&magnis=quam&dis=pharetra&parturient=magna&montes=ac&nascetur=consequat&ridiculus=metus&mus=sapien&vivamus=ut&vestibulum=nunc&sagittis=vestibulum&sapien=ante&cum=ipsum&sociis=primis&natoque=in&penatibus=faucibus&et=orci&magnis=luctus&dis=et&parturient=ultrices&montes=posuere&nascetur=cubilia&ridiculus=curae&mus=mauris&etiam=viverra&vel=diam&augue=vitae&vestibulum=quam&rutrum=suspendisse&rutrum=potenti&neque=nullam&aenean=porttitor&auctor=lacus&gravida=at&sem=turpis&praesent=donec&id=posuere&massa=metus&id=vitae&nisl=ipsum&venenatis=aliquam&lacinia=non&aenean=mauris&sit=morbi&amet=non&justo=lectus&morbi=aliquam&ut=sit&odio=amet&cras=diam&mi=in&pede=magna&malesuada=bibendum&in=imperdiet&imperdiet=nullam&et=orci&commodo=pede&vulputate=venenatis&justo=non&in=sodales&blandit=sed&ultrices=tincidunt&enim=eu&lorem=felis,TRUE
+http://si.edu/venenatis/lacinia/aenean/sit/amet/justo.xml?libero=pede&nam=libero&dui=quis&proin=orci&leo=nullam&odio=molestie&porttitor=nibh&id=in&consequat=lectus&in=pellentesque&consequat=at&ut=nulla&nulla=suspendisse&sed=potenti&accumsan=cras&felis=in&ut=purus&at=eu&dolor=magna&quis=vulputate&odio=luctus&consequat=cum&varius=sociis&integer=natoque&ac=penatibus&leo=et&pellentesque=magnis&ultrices=dis&mattis=parturient&odio=montes&donec=nascetur&vitae=ridiculus&nisi=mus&nam=vivamus&ultrices=vestibulum&libero=sagittis&non=sapien&mattis=cum&pulvinar=sociis&nulla=natoque&pede=penatibus&ullamcorper=et&augue=magnis&a=dis&suscipit=parturient&nulla=montes&elit=nascetur&ac=ridiculus&nulla=mus&sed=etiam&vel=vel&enim=augue&sit=vestibulum&amet=rutrum&nunc=rutrum&viverra=neque&dapibus=aenean&nulla=auctor&suscipit=gravida&ligula=sem&in=praesent&lacus=id&curabitur=massa,TRUE
+http://ovh.net/lacinia/eget/tincidunt/eget/tempus.png?erat=purus&volutpat=aliquet&in=at&congue=feugiat&etiam=non&justo=pretium&etiam=quis&pretium=lectus&iaculis=suspendisse&justo=potenti&in=in&hac=eleifend&habitasse=quam&platea=a&dictumst=odio&etiam=in&faucibus=hac&cursus=habitasse&urna=platea&ut=dictumst&tellus=maecenas&nulla=ut&ut=massa&erat=quis&id=augue&mauris=luctus&vulputate=tincidunt&elementum=nulla&nullam=mollis&varius=molestie&nulla=lorem&facilisi=quisque&cras=ut&non=erat&velit=curabitur&nec=gravida&nisi=nisi&vulputate=at&nonummy=nibh&maecenas=in&tincidunt=hac&lacus=habitasse&at=platea&velit=dictumst&vivamus=aliquam&vel=augue&nulla=quam&eget=sollicitudin&eros=vitae&elementum=consectetuer&pellentesque=eget&quisque=rutrum&porta=at&volutpat=lorem&erat=integer&quisque=tincidunt&erat=ante&eros=vel&viverra=ipsum&eget=praesent&congue=blandit&eget=lacinia&semper=erat&rutrum=vestibulum&nulla=sed&nunc=magna&purus=at&phasellus=nunc&in=commodo&felis=placerat&donec=praesent&semper=blandit&sapien=nam&a=nulla&libero=integer&nam=pede&dui=justo,TRUE
+https://blinklist.com/lacus/morbi/sem/mauris.json?justo=quam&in=a&hac=odio&habitasse=in&platea=hac&dictumst=habitasse&etiam=platea&faucibus=dictumst&cursus=maecenas&urna=ut&ut=massa&tellus=quis&nulla=augue&ut=luctus&erat=tincidunt&id=nulla&mauris=mollis,TRUE
+https://timesonline.co.uk/duis/consequat/dui.html?morbi=neque&sem=sapien&mauris=placerat&laoreet=ante&ut=nulla&rhoncus=justo&aliquet=aliquam&pulvinar=quis&sed=turpis&nisl=eget&nunc=elit&rhoncus=sodales&dui=scelerisque&vel=mauris&sem=sit&sed=amet&sagittis=eros&nam=suspendisse&congue=accumsan&risus=tortor&semper=quis&porta=turpis&volutpat=sed&quam=ante&pede=vivamus&lobortis=tortor&ligula=duis&sit=mattis&amet=egestas&eleifend=metus&pede=aenean&libero=fermentum&quis=donec&orci=ut&nullam=mauris&molestie=eget&nibh=massa&in=tempor&lectus=convallis&pellentesque=nulla&at=neque&nulla=libero&suspendisse=convallis&potenti=eget&cras=eleifend&in=luctus&purus=ultricies&eu=eu&magna=nibh&vulputate=quisque&luctus=id&cum=justo&sociis=sit&natoque=amet&penatibus=sapien&et=dignissim&magnis=vestibulum,TRUE
+https://ehow.com/rutrum/nulla.xml?integer=morbi&ac=odio&neque=odio&duis=elementum&bibendum=eu&morbi=interdum&non=eu&quam=tincidunt&nec=in&dui=leo&luctus=maecenas&rutrum=pulvinar&nulla=lobortis&tellus=est&in=phasellus&sagittis=sit&dui=amet&vel=erat&nisl=nulla&duis=tempus&ac=vivamus&nibh=in&fusce=felis&lacus=eu&purus=sapien&aliquet=cursus&at=vestibulum&feugiat=proin&non=eu&pretium=mi&quis=nulla&lectus=ac&suspendisse=enim&potenti=in&in=tempor&eleifend=turpis&quam=nec&a=euismod&odio=scelerisque&in=quam&hac=turpis&habitasse=adipiscing&platea=lorem&dictumst=vitae&maecenas=mattis&ut=nibh&massa=ligula&quis=nec&augue=sem&luctus=duis&tincidunt=aliquam,TRUE
+https://cnet.com/consectetuer/eget/rutrum/at/lorem/integer.xml?elementum=sed&eu=interdum&interdum=venenatis&eu=turpis&tincidunt=enim&in=blandit&leo=mi&maecenas=in&pulvinar=porttitor&lobortis=pede&est=justo&phasellus=eu&sit=massa&amet=donec&erat=dapibus&nulla=duis&tempus=at&vivamus=velit&in=eu&felis=est&eu=congue&sapien=elementum&cursus=in&vestibulum=hac&proin=habitasse&eu=platea&mi=dictumst&nulla=morbi&ac=vestibulum&enim=velit&in=id&tempor=pretium&turpis=iaculis&nec=diam&euismod=erat&scelerisque=fermentum&quam=justo&turpis=nec&adipiscing=condimentum&lorem=neque&vitae=sapien&mattis=placerat&nibh=ante&ligula=nulla&nec=justo&sem=aliquam&duis=quis&aliquam=turpis&convallis=eget&nunc=elit&proin=sodales&at=scelerisque&turpis=mauris&a=sit&pede=amet&posuere=eros&nonummy=suspendisse&integer=accumsan&non=tortor&velit=quis&donec=turpis&diam=sed&neque=ante&vestibulum=vivamus&eget=tortor&vulputate=duis&ut=mattis&ultrices=egestas&vel=metus&augue=aenean&vestibulum=fermentum&ante=donec&ipsum=ut&primis=mauris&in=eget&faucibus=massa&orci=tempor&luctus=convallis&et=nulla&ultrices=neque&posuere=libero&cubilia=convallis,TRUE
+http://dailymail.co.uk/consequat/ut/nulla/sed/accumsan.html?erat=ut&id=at&mauris=dolor&vulputate=quis&elementum=odio&nullam=consequat&varius=varius&nulla=integer&facilisi=ac&cras=leo&non=pellentesque&velit=ultrices&nec=mattis&nisi=odio&vulputate=donec&nonummy=vitae&maecenas=nisi&tincidunt=nam&lacus=ultrices&at=libero&velit=non&vivamus=mattis,TRUE
+https://apple.com/nisl/venenatis.png?ante=lobortis&ipsum=ligula&primis=sit&in=amet&faucibus=eleifend&orci=pede&luctus=libero&et=quis&ultrices=orci&posuere=nullam&cubilia=molestie&curae=nibh&nulla=in&dapibus=lectus&dolor=pellentesque&vel=at&est=nulla&donec=suspendisse&odio=potenti&justo=cras&sollicitudin=in&ut=purus&suscipit=eu&a=magna&feugiat=vulputate&et=luctus&eros=cum&vestibulum=sociis&ac=natoque&est=penatibus&lacinia=et&nisi=magnis&venenatis=dis&tristique=parturient&fusce=montes&congue=nascetur&diam=ridiculus,TRUE
+https://geocities.com/nibh/in/lectus/pellentesque/at/nulla/suspendisse.xml?vestibulum=tincidunt&sed=eget&magna=tempus&at=vel&nunc=pede&commodo=morbi&placerat=porttitor&praesent=lorem&blandit=id&nam=ligula&nulla=suspendisse&integer=ornare&pede=consequat&justo=lectus&lacinia=in&eget=est&tincidunt=risus&eget=auctor&tempus=sed&vel=tristique&pede=in&morbi=tempus&porttitor=sit&lorem=amet&id=sem&ligula=fusce&suspendisse=consequat&ornare=nulla&consequat=nisl&lectus=nunc&in=nisl&est=duis&risus=bibendum&auctor=felis&sed=sed&tristique=interdum&in=venenatis&tempus=turpis&sit=enim&amet=blandit&sem=mi&fusce=in&consequat=porttitor&nulla=pede&nisl=justo&nunc=eu&nisl=massa&duis=donec&bibendum=dapibus&felis=duis&sed=at&interdum=velit&venenatis=eu&turpis=est&enim=congue&blandit=elementum&mi=in&in=hac&porttitor=habitasse&pede=platea,TRUE
+https://cdc.gov/viverra/pede/ac/diam.xml?pharetra=nulla&magna=justo&vestibulum=aliquam&aliquet=quis&ultrices=turpis&erat=eget&tortor=elit&sollicitudin=sodales&mi=scelerisque&sit=mauris&amet=sit&lobortis=amet&sapien=eros&sapien=suspendisse&non=accumsan&mi=tortor&integer=quis&ac=turpis&neque=sed&duis=ante&bibendum=vivamus&morbi=tortor&non=duis&quam=mattis&nec=egestas&dui=metus&luctus=aenean&rutrum=fermentum&nulla=donec&tellus=ut&in=mauris&sagittis=eget&dui=massa,TRUE
+http://hubpages.com/cras/mi/pede/malesuada/in.jpg?integer=tempus&aliquet=semper&massa=est&id=quam&lobortis=pharetra&convallis=magna&tortor=ac&risus=consequat&dapibus=metus&augue=sapien&vel=ut&accumsan=nunc&tellus=vestibulum&nisi=ante&eu=ipsum&orci=primis&mauris=in&lacinia=faucibus&sapien=orci&quis=luctus&libero=et&nullam=ultrices&sit=posuere&amet=cubilia&turpis=curae&elementum=mauris&ligula=viverra&vehicula=diam&consequat=vitae&morbi=quam&a=suspendisse&ipsum=potenti&integer=nullam&a=porttitor&nibh=lacus&in=at&quis=turpis&justo=donec&maecenas=posuere&rhoncus=metus&aliquam=vitae&lacus=ipsum&morbi=aliquam&quis=non&tortor=mauris&id=morbi&nulla=non&ultrices=lectus&aliquet=aliquam&maecenas=sit&leo=amet&odio=diam&condimentum=in&id=magna&luctus=bibendum&nec=imperdiet&molestie=nullam&sed=orci&justo=pede&pellentesque=venenatis&viverra=non&pede=sodales&ac=sed&diam=tincidunt&cras=eu&pellentesque=felis&volutpat=fusce&dui=posuere&maecenas=felis&tristique=sed&est=lacus&et=morbi&tempus=sem&semper=mauris&est=laoreet&quam=ut&pharetra=rhoncus,TRUE
+https://wikia.com/porttitor/lacus/at/turpis.jpg?dictumst=quis&aliquam=justo&augue=maecenas&quam=rhoncus&sollicitudin=aliquam,TRUE
+https://paginegialle.it/sociis/natoque/penatibus/et/magnis/dis/parturient.json?in=penatibus,TRUE
+http://ft.com/luctus/nec/molestie.html?ipsum=lectus&aliquam=aliquam&non=sit&mauris=amet&morbi=diam&non=in&lectus=magna&aliquam=bibendum&sit=imperdiet&amet=nullam&diam=orci&in=pede&magna=venenatis&bibendum=non&imperdiet=sodales&nullam=sed&orci=tincidunt&pede=eu&venenatis=felis&non=fusce&sodales=posuere&sed=felis&tincidunt=sed&eu=lacus&felis=morbi&fusce=sem&posuere=mauris&felis=laoreet&sed=ut&lacus=rhoncus&morbi=aliquet&sem=pulvinar&mauris=sed&laoreet=nisl&ut=nunc&rhoncus=rhoncus&aliquet=dui&pulvinar=vel&sed=sem&nisl=sed&nunc=sagittis&rhoncus=nam&dui=congue&vel=risus&sem=semper&sed=porta&sagittis=volutpat&nam=quam&congue=pede&risus=lobortis&semper=ligula&porta=sit&volutpat=amet&quam=eleifend&pede=pede&lobortis=libero&ligula=quis&sit=orci&amet=nullam&eleifend=molestie&pede=nibh&libero=in&quis=lectus&orci=pellentesque&nullam=at&molestie=nulla&nibh=suspendisse&in=potenti&lectus=cras&pellentesque=in&at=purus&nulla=eu&suspendisse=magna&potenti=vulputate&cras=luctus&in=cum,TRUE
+http://typepad.com/semper/porta/volutpat/quam.jsp?donec=quisque&ut=id&mauris=justo&eget=sit&massa=amet&tempor=sapien&convallis=dignissim&nulla=vestibulum&neque=vestibulum&libero=ante&convallis=ipsum&eget=primis&eleifend=in&luctus=faucibus&ultricies=orci&eu=luctus&nibh=et&quisque=ultrices&id=posuere&justo=cubilia&sit=curae&amet=nulla&sapien=dapibus&dignissim=dolor&vestibulum=vel&vestibulum=est&ante=donec&ipsum=odio&primis=justo&in=sollicitudin&faucibus=ut&orci=suscipit&luctus=a&et=feugiat&ultrices=et&posuere=eros&cubilia=vestibulum&curae=ac&nulla=est&dapibus=lacinia&dolor=nisi&vel=venenatis&est=tristique&donec=fusce&odio=congue&justo=diam&sollicitudin=id&ut=ornare&suscipit=imperdiet,TRUE
+http://github.com/porttitor/lorem.aspx?pede=neque&morbi=aenean&porttitor=auctor&lorem=gravida&id=sem&ligula=praesent&suspendisse=id&ornare=massa&consequat=id&lectus=nisl&in=venenatis&est=lacinia&risus=aenean&auctor=sit&sed=amet&tristique=justo&in=morbi&tempus=ut&sit=odio&amet=cras&sem=mi&fusce=pede&consequat=malesuada&nulla=in&nisl=imperdiet&nunc=et&nisl=commodo&duis=vulputate&bibendum=justo,TRUE
+http://ftc.gov/justo/lacinia/eget/tincidunt.json?natoque=nulla&penatibus=mollis&et=molestie&magnis=lorem&dis=quisque&parturient=ut&montes=erat&nascetur=curabitur&ridiculus=gravida&mus=nisi&vivamus=at&vestibulum=nibh&sagittis=in&sapien=hac&cum=habitasse&sociis=platea&natoque=dictumst&penatibus=aliquam&et=augue&magnis=quam&dis=sollicitudin&parturient=vitae&montes=consectetuer&nascetur=eget&ridiculus=rutrum&mus=at&etiam=lorem&vel=integer&augue=tincidunt&vestibulum=ante&rutrum=vel&rutrum=ipsum&neque=praesent&aenean=blandit&auctor=lacinia&gravida=erat&sem=vestibulum&praesent=sed&id=magna&massa=at&id=nunc&nisl=commodo&venenatis=placerat&lacinia=praesent&aenean=blandit&sit=nam&amet=nulla&justo=integer&morbi=pede&ut=justo&odio=lacinia&cras=eget&mi=tincidunt&pede=eget&malesuada=tempus&in=vel&imperdiet=pede&et=morbi&commodo=porttitor&vulputate=lorem&justo=id&in=ligula&blandit=suspendisse&ultrices=ornare&enim=consequat&lorem=lectus&ipsum=in&dolor=est&sit=risus&amet=auctor&consectetuer=sed&adipiscing=tristique&elit=in&proin=tempus&interdum=sit&mauris=amet&non=sem&ligula=fusce,TRUE
+http://icio.us/duis/ac/nibh/fusce.aspx?id=risus&ligula=semper&suspendisse=porta&ornare=volutpat&consequat=quam&lectus=pede&in=lobortis&est=ligula&risus=sit&auctor=amet&sed=eleifend&tristique=pede&in=libero&tempus=quis&sit=orci&amet=nullam&sem=molestie&fusce=nibh&consequat=in&nulla=lectus&nisl=pellentesque&nunc=at&nisl=nulla&duis=suspendisse&bibendum=potenti&felis=cras&sed=in&interdum=purus&venenatis=eu&turpis=magna&enim=vulputate&blandit=luctus&mi=cum&in=sociis&porttitor=natoque&pede=penatibus&justo=et&eu=magnis&massa=dis&donec=parturient&dapibus=montes&duis=nascetur&at=ridiculus&velit=mus&eu=vivamus&est=vestibulum&congue=sagittis&elementum=sapien&in=cum&hac=sociis&habitasse=natoque&platea=penatibus&dictumst=et&morbi=magnis&vestibulum=dis&velit=parturient&id=montes&pretium=nascetur&iaculis=ridiculus&diam=mus&erat=etiam&fermentum=vel&justo=augue&nec=vestibulum&condimentum=rutrum&neque=rutrum&sapien=neque&placerat=aenean&ante=auctor&nulla=gravida&justo=sem&aliquam=praesent&quis=id&turpis=massa&eget=id&elit=nisl&sodales=venenatis&scelerisque=lacinia&mauris=aenean&sit=sit&amet=amet,TRUE
+https://cam.ac.uk/malesuada/in/imperdiet.png?amet=interdum&justo=in&morbi=ante&ut=vestibulum&odio=ante&cras=ipsum&mi=primis&pede=in&malesuada=faucibus&in=orci&imperdiet=luctus&et=et&commodo=ultrices&vulputate=posuere&justo=cubilia&in=curae&blandit=duis&ultrices=faucibus&enim=accumsan&lorem=odio&ipsum=curabitur&dolor=convallis&sit=duis&amet=consequat&consectetuer=dui&adipiscing=nec&elit=nisi&proin=volutpat&interdum=eleifend&mauris=donec&non=ut&ligula=dolor&pellentesque=morbi&ultrices=vel&phasellus=lectus&id=in&sapien=quam&in=fringilla&sapien=rhoncus&iaculis=mauris&congue=enim&vivamus=leo&metus=rhoncus&arcu=sed&adipiscing=vestibulum&molestie=sit&hendrerit=amet&at=cursus&vulputate=id&vitae=turpis&nisl=integer&aenean=aliquet&lectus=massa&pellentesque=id&eget=lobortis&nunc=convallis&donec=tortor&quis=risus&orci=dapibus&eget=augue&orci=vel&vehicula=accumsan&condimentum=tellus&curabitur=nisi&in=eu&libero=orci&ut=mauris&massa=lacinia&volutpat=sapien&convallis=quis&morbi=libero&odio=nullam&odio=sit&elementum=amet&eu=turpis&interdum=elementum&eu=ligula,TRUE
+http://fda.gov/nunc/nisl/duis/bibendum/felis/sed/interdum.json?nisl=quam&aenean=pharetra&lectus=magna&pellentesque=ac&eget=consequat&nunc=metus&donec=sapien&quis=ut&orci=nunc&eget=vestibulum&orci=ante&vehicula=ipsum&condimentum=primis&curabitur=in&in=faucibus&libero=orci&ut=luctus&massa=et&volutpat=ultrices&convallis=posuere&morbi=cubilia&odio=curae&odio=mauris&elementum=viverra&eu=diam&interdum=vitae&eu=quam&tincidunt=suspendisse&in=potenti&leo=nullam,TRUE
+http://rakuten.co.jp/orci.jpg?eu=blandit&magna=mi&vulputate=in&luctus=porttitor&cum=pede&sociis=justo&natoque=eu&penatibus=massa&et=donec&magnis=dapibus&dis=duis&parturient=at&montes=velit&nascetur=eu&ridiculus=est&mus=congue&vivamus=elementum&vestibulum=in&sagittis=hac&sapien=habitasse&cum=platea&sociis=dictumst&natoque=morbi&penatibus=vestibulum&et=velit&magnis=id&dis=pretium&parturient=iaculis&montes=diam&nascetur=erat&ridiculus=fermentum&mus=justo&etiam=nec&vel=condimentum&augue=neque&vestibulum=sapien&rutrum=placerat&rutrum=ante&neque=nulla&aenean=justo&auctor=aliquam&gravida=quis&sem=turpis&praesent=eget&id=elit&massa=sodales&id=scelerisque&nisl=mauris&venenatis=sit&lacinia=amet&aenean=eros&sit=suspendisse&amet=accumsan&justo=tortor&morbi=quis&ut=turpis&odio=sed&cras=ante&mi=vivamus&pede=tortor&malesuada=duis&in=mattis&imperdiet=egestas&et=metus&commodo=aenean&vulputate=fermentum&justo=donec&in=ut&blandit=mauris&ultrices=eget&enim=massa&lorem=tempor&ipsum=convallis&dolor=nulla&sit=neque&amet=libero&consectetuer=convallis&adipiscing=eget&elit=eleifend&proin=luctus&interdum=ultricies&mauris=eu&non=nibh&ligula=quisque&pellentesque=id&ultrices=justo&phasellus=sit&id=amet&sapien=sapien,TRUE
+http://sogou.com/nunc/viverra/dapibus/nulla/suscipit/ligula/in.jpg?magna=erat&bibendum=volutpat&imperdiet=in&nullam=congue&orci=etiam&pede=justo&venenatis=etiam&non=pretium&sodales=iaculis&sed=justo&tincidunt=in&eu=hac&felis=habitasse&fusce=platea&posuere=dictumst&felis=etiam&sed=faucibus&lacus=cursus&morbi=urna&sem=ut&mauris=tellus,TRUE
+http://sohu.com/aliquet/ultrices.aspx?arcu=quisque&adipiscing=arcu,TRUE
+http://sfgate.com/nisl/ut/volutpat/sapien/arcu/sed.js?dis=morbi&parturient=porttitor&montes=lorem&nascetur=id&ridiculus=ligula&mus=suspendisse&etiam=ornare&vel=consequat&augue=lectus&vestibulum=in&rutrum=est&rutrum=risus&neque=auctor&aenean=sed&auctor=tristique&gravida=in&sem=tempus&praesent=sit&id=amet&massa=sem&id=fusce&nisl=consequat&venenatis=nulla&lacinia=nisl&aenean=nunc&sit=nisl&amet=duis&justo=bibendum&morbi=felis&ut=sed&odio=interdum&cras=venenatis&mi=turpis&pede=enim&malesuada=blandit&in=mi&imperdiet=in&et=porttitor&commodo=pede&vulputate=justo&justo=eu&in=massa&blandit=donec&ultrices=dapibus&enim=duis&lorem=at&ipsum=velit&dolor=eu&sit=est&amet=congue&consectetuer=elementum&adipiscing=in&elit=hac&proin=habitasse&interdum=platea&mauris=dictumst&non=morbi&ligula=vestibulum&pellentesque=velit&ultrices=id&phasellus=pretium&id=iaculis&sapien=diam&in=erat&sapien=fermentum&iaculis=justo&congue=nec&vivamus=condimentum&metus=neque&arcu=sapien&adipiscing=placerat&molestie=ante&hendrerit=nulla&at=justo&vulputate=aliquam&vitae=quis&nisl=turpis&aenean=eget&lectus=elit&pellentesque=sodales&eget=scelerisque&nunc=mauris&donec=sit&quis=amet&orci=eros&eget=suspendisse&orci=accumsan&vehicula=tortor&condimentum=quis&curabitur=turpis&in=sed,TRUE
+http://infoseek.co.jp/donec.json?justo=quam&etiam=suspendisse&pretium=potenti&iaculis=nullam&justo=porttitor&in=lacus&hac=at&habitasse=turpis&platea=donec&dictumst=posuere&etiam=metus&faucibus=vitae&cursus=ipsum&urna=aliquam&ut=non&tellus=mauris&nulla=morbi&ut=non&erat=lectus&id=aliquam&mauris=sit&vulputate=amet&elementum=diam&nullam=in&varius=magna&nulla=bibendum&facilisi=imperdiet&cras=nullam&non=orci&velit=pede&nec=venenatis&nisi=non&vulputate=sodales&nonummy=sed&maecenas=tincidunt&tincidunt=eu&lacus=felis&at=fusce&velit=posuere&vivamus=felis&vel=sed&nulla=lacus&eget=morbi&eros=sem&elementum=mauris&pellentesque=laoreet&quisque=ut&porta=rhoncus&volutpat=aliquet&erat=pulvinar&quisque=sed&erat=nisl&eros=nunc&viverra=rhoncus&eget=dui&congue=vel&eget=sem&semper=sed&rutrum=sagittis&nulla=nam&nunc=congue&purus=risus&phasellus=semper,TRUE
+http://hugedomains.com/ante/ipsum/primis/in/faucibus/orci/luctus.jpg?enim=sit&lorem=amet&ipsum=turpis&dolor=elementum&sit=ligula&amet=vehicula&consectetuer=consequat&adipiscing=morbi&elit=a&proin=ipsum,TRUE
+https://hud.gov/aenean/sit/amet/justo/morbi.js?justo=quisque&sollicitudin=ut&ut=erat&suscipit=curabitur&a=gravida&feugiat=nisi&et=at&eros=nibh&vestibulum=in&ac=hac&est=habitasse&lacinia=platea&nisi=dictumst&venenatis=aliquam&tristique=augue&fusce=quam&congue=sollicitudin&diam=vitae&id=consectetuer&ornare=eget&imperdiet=rutrum&sapien=at&urna=lorem&pretium=integer&nisl=tincidunt&ut=ante,TRUE
+https://businessweek.com/vitae/quam/suspendisse.json?sagittis=fusce&sapien=consequat&cum=nulla&sociis=nisl&natoque=nunc&penatibus=nisl&et=duis&magnis=bibendum&dis=felis&parturient=sed&montes=interdum&nascetur=venenatis&ridiculus=turpis&mus=enim&etiam=blandit&vel=mi&augue=in&vestibulum=porttitor&rutrum=pede&rutrum=justo&neque=eu&aenean=massa&auctor=donec&gravida=dapibus&sem=duis&praesent=at&id=velit&massa=eu&id=est&nisl=congue&venenatis=elementum&lacinia=in&aenean=hac&sit=habitasse&amet=platea&justo=dictumst&morbi=morbi&ut=vestibulum&odio=velit&cras=id&mi=pretium&pede=iaculis&malesuada=diam&in=erat&imperdiet=fermentum&et=justo&commodo=nec,TRUE
+http://archive.org/suspendisse/potenti/nullam/porttitor/lacus/at/turpis.xml?elit=lorem&sodales=id&scelerisque=ligula&mauris=suspendisse&sit=ornare&amet=consequat&eros=lectus&suspendisse=in&accumsan=est&tortor=risus&quis=auctor&turpis=sed&sed=tristique&ante=in&vivamus=tempus&tortor=sit&duis=amet&mattis=sem&egestas=fusce&metus=consequat&aenean=nulla&fermentum=nisl&donec=nunc&ut=nisl&mauris=duis&eget=bibendum&massa=felis&tempor=sed&convallis=interdum&nulla=venenatis&neque=turpis&libero=enim&convallis=blandit&eget=mi&eleifend=in&luctus=porttitor&ultricies=pede&eu=justo&nibh=eu&quisque=massa&id=donec&justo=dapibus&sit=duis&amet=at&sapien=velit&dignissim=eu&vestibulum=est&vestibulum=congue&ante=elementum&ipsum=in&primis=hac&in=habitasse&faucibus=platea&orci=dictumst&luctus=morbi&et=vestibulum&ultrices=velit&posuere=id&cubilia=pretium&curae=iaculis&nulla=diam&dapibus=erat&dolor=fermentum&vel=justo&est=nec,TRUE
+http://fastcompany.com/ultrices/erat/tortor/sollicitudin/mi/sit.jpg?tellus=orci&in=nullam&sagittis=molestie&dui=nibh&vel=in&nisl=lectus&duis=pellentesque&ac=at&nibh=nulla&fusce=suspendisse&lacus=potenti&purus=cras&aliquet=in&at=purus&feugiat=eu&non=magna&pretium=vulputate&quis=luctus&lectus=cum&suspendisse=sociis&potenti=natoque&in=penatibus&eleifend=et&quam=magnis&a=dis&odio=parturient&in=montes&hac=nascetur&habitasse=ridiculus&platea=mus&dictumst=vivamus&maecenas=vestibulum&ut=sagittis&massa=sapien&quis=cum&augue=sociis&luctus=natoque&tincidunt=penatibus&nulla=et&mollis=magnis&molestie=dis&lorem=parturient&quisque=montes&ut=nascetur&erat=ridiculus&curabitur=mus&gravida=etiam&nisi=vel&at=augue&nibh=vestibulum&in=rutrum&hac=rutrum&habitasse=neque&platea=aenean&dictumst=auctor&aliquam=gravida&augue=sem&quam=praesent&sollicitudin=id&vitae=massa,TRUE
+https://plala.or.jp/tempus/semper/est/quam.jpg?sit=blandit&amet=non&diam=interdum&in=in&magna=ante&bibendum=vestibulum&imperdiet=ante&nullam=ipsum&orci=primis&pede=in&venenatis=faucibus&non=orci&sodales=luctus&sed=et&tincidunt=ultrices&eu=posuere&felis=cubilia&fusce=curae&posuere=duis&felis=faucibus&sed=accumsan&lacus=odio&morbi=curabitur,TRUE
+https://unesco.org/suscipit.png?maecenas=elit&ut=proin&massa=risus&quis=praesent&augue=lectus&luctus=vestibulum&tincidunt=quam&nulla=sapien&mollis=varius&molestie=ut&lorem=blandit&quisque=non&ut=interdum&erat=in&curabitur=ante&gravida=vestibulum&nisi=ante&at=ipsum&nibh=primis&in=in&hac=faucibus&habitasse=orci&platea=luctus&dictumst=et&aliquam=ultrices&augue=posuere&quam=cubilia&sollicitudin=curae&vitae=duis&consectetuer=faucibus&eget=accumsan&rutrum=odio&at=curabitur&lorem=convallis&integer=duis&tincidunt=consequat&ante=dui&vel=nec&ipsum=nisi&praesent=volutpat&blandit=eleifend&lacinia=donec&erat=ut&vestibulum=dolor&sed=morbi&magna=vel&at=lectus&nunc=in&commodo=quam&placerat=fringilla&praesent=rhoncus&blandit=mauris&nam=enim,TRUE
+https://sciencedirect.com/sed.json?vivamus=semper&tortor=est&duis=quam&mattis=pharetra&egestas=magna&metus=ac&aenean=consequat&fermentum=metus&donec=sapien&ut=ut&mauris=nunc&eget=vestibulum&massa=ante&tempor=ipsum&convallis=primis&nulla=in&neque=faucibus&libero=orci&convallis=luctus&eget=et&eleifend=ultrices&luctus=posuere&ultricies=cubilia&eu=curae&nibh=mauris&quisque=viverra&id=diam&justo=vitae&sit=quam&amet=suspendisse&sapien=potenti&dignissim=nullam&vestibulum=porttitor&vestibulum=lacus&ante=at&ipsum=turpis&primis=donec&in=posuere&faucibus=metus&orci=vitae&luctus=ipsum&et=aliquam&ultrices=non&posuere=mauris&cubilia=morbi&curae=non&nulla=lectus&dapibus=aliquam&dolor=sit&vel=amet&est=diam&donec=in&odio=magna&justo=bibendum&sollicitudin=imperdiet&ut=nullam&suscipit=orci&a=pede&feugiat=venenatis&et=non&eros=sodales,TRUE
+https://google.es/nunc/nisl/duis/bibendum/felis/sed/interdum.jsp?lacus=pretium&at=iaculis&turpis=justo&donec=in&posuere=hac&metus=habitasse&vitae=platea&ipsum=dictumst&aliquam=etiam&non=faucibus&mauris=cursus&morbi=urna&non=ut&lectus=tellus&aliquam=nulla&sit=ut&amet=erat&diam=id&in=mauris&magna=vulputate&bibendum=elementum&imperdiet=nullam&nullam=varius&orci=nulla&pede=facilisi&venenatis=cras&non=non&sodales=velit&sed=nec&tincidunt=nisi&eu=vulputate&felis=nonummy&fusce=maecenas&posuere=tincidunt&felis=lacus&sed=at&lacus=velit&morbi=vivamus&sem=vel&mauris=nulla&laoreet=eget&ut=eros&rhoncus=elementum&aliquet=pellentesque&pulvinar=quisque&sed=porta&nisl=volutpat&nunc=erat,TRUE
+https://intel.com/erat/tortor/sollicitudin/mi/sit/amet/lobortis.jsp?in=eget&imperdiet=tincidunt&et=eget&commodo=tempus&vulputate=vel&justo=pede&in=morbi&blandit=porttitor,TRUE
+http://imageshack.us/convallis/nulla/neque.xml?elementum=felis&nullam=sed&varius=interdum&nulla=venenatis&facilisi=turpis&cras=enim&non=blandit&velit=mi&nec=in&nisi=porttitor&vulputate=pede&nonummy=justo&maecenas=eu&tincidunt=massa&lacus=donec&at=dapibus&velit=duis&vivamus=at&vel=velit&nulla=eu&eget=est&eros=congue&elementum=elementum&pellentesque=in&quisque=hac&porta=habitasse&volutpat=platea&erat=dictumst&quisque=morbi&erat=vestibulum&eros=velit&viverra=id&eget=pretium&congue=iaculis&eget=diam&semper=erat&rutrum=fermentum&nulla=justo&nunc=nec&purus=condimentum&phasellus=neque&in=sapien&felis=placerat&donec=ante&semper=nulla&sapien=justo&a=aliquam&libero=quis&nam=turpis&dui=eget&proin=elit&leo=sodales&odio=scelerisque&porttitor=mauris&id=sit&consequat=amet&in=eros&consequat=suspendisse&ut=accumsan&nulla=tortor&sed=quis&accumsan=turpis&felis=sed&ut=ante&at=vivamus&dolor=tortor&quis=duis&odio=mattis&consequat=egestas&varius=metus&integer=aenean&ac=fermentum&leo=donec&pellentesque=ut&ultrices=mauris&mattis=eget&odio=massa,TRUE
+http://usgs.gov/eu/tincidunt.aspx?in=eu&hac=interdum&habitasse=eu&platea=tincidunt&dictumst=in&maecenas=leo&ut=maecenas&massa=pulvinar&quis=lobortis&augue=est&luctus=phasellus&tincidunt=sit&nulla=amet&mollis=erat&molestie=nulla&lorem=tempus&quisque=vivamus&ut=in&erat=felis&curabitur=eu&gravida=sapien&nisi=cursus&at=vestibulum&nibh=proin&in=eu&hac=mi&habitasse=nulla&platea=ac&dictumst=enim&aliquam=in&augue=tempor&quam=turpis&sollicitudin=nec&vitae=euismod&consectetuer=scelerisque&eget=quam&rutrum=turpis&at=adipiscing&lorem=lorem&integer=vitae&tincidunt=mattis&ante=nibh&vel=ligula&ipsum=nec&praesent=sem&blandit=duis&lacinia=aliquam&erat=convallis&vestibulum=nunc&sed=proin&magna=at&at=turpis&nunc=a&commodo=pede&placerat=posuere&praesent=nonummy&blandit=integer&nam=non&nulla=velit&integer=donec&pede=diam&justo=neque&lacinia=vestibulum&eget=eget&tincidunt=vulputate&eget=ut&tempus=ultrices&vel=vel,TRUE
+http://stumbleupon.com/in/hac/habitasse/platea.aspx?aliquam=tortor&sit=id&amet=nulla&diam=ultrices&in=aliquet&magna=maecenas&bibendum=leo&imperdiet=odio&nullam=condimentum&orci=id&pede=luctus&venenatis=nec&non=molestie&sodales=sed&sed=justo&tincidunt=pellentesque&eu=viverra&felis=pede&fusce=ac&posuere=diam&felis=cras&sed=pellentesque&lacus=volutpat&morbi=dui&sem=maecenas&mauris=tristique&laoreet=est&ut=et&rhoncus=tempus&aliquet=semper&pulvinar=est&sed=quam&nisl=pharetra&nunc=magna&rhoncus=ac&dui=consequat&vel=metus&sem=sapien&sed=ut&sagittis=nunc&nam=vestibulum&congue=ante&risus=ipsum&semper=primis&porta=in&volutpat=faucibus&quam=orci&pede=luctus&lobortis=et&ligula=ultrices&sit=posuere&amet=cubilia&eleifend=curae&pede=mauris&libero=viverra&quis=diam&orci=vitae&nullam=quam&molestie=suspendisse&nibh=potenti&in=nullam&lectus=porttitor&pellentesque=lacus&at=at&nulla=turpis&suspendisse=donec&potenti=posuere&cras=metus&in=vitae,TRUE
+https://slashdot.org/molestie/hendrerit.jpg?et=in&ultrices=faucibus&posuere=orci&cubilia=luctus&curae=et&donec=ultrices&pharetra=posuere&magna=cubilia&vestibulum=curae&aliquet=duis&ultrices=faucibus&erat=accumsan&tortor=odio&sollicitudin=curabitur&mi=convallis&sit=duis&amet=consequat&lobortis=dui&sapien=nec&sapien=nisi&non=volutpat&mi=eleifend&integer=donec&ac=ut&neque=dolor&duis=morbi&bibendum=vel&morbi=lectus&non=in&quam=quam&nec=fringilla&dui=rhoncus&luctus=mauris&rutrum=enim,TRUE
+http://unblog.fr/quis/libero.jsp?in=turpis&faucibus=enim&orci=blandit&luctus=mi&et=in&ultrices=porttitor&posuere=pede&cubilia=justo&curae=eu&mauris=massa&viverra=donec&diam=dapibus&vitae=duis&quam=at&suspendisse=velit&potenti=eu&nullam=est&porttitor=congue&lacus=elementum&at=in&turpis=hac&donec=habitasse&posuere=platea&metus=dictumst&vitae=morbi&ipsum=vestibulum&aliquam=velit&non=id&mauris=pretium&morbi=iaculis&non=diam&lectus=erat&aliquam=fermentum&sit=justo&amet=nec&diam=condimentum&in=neque&magna=sapien&bibendum=placerat&imperdiet=ante&nullam=nulla&orci=justo&pede=aliquam&venenatis=quis&non=turpis&sodales=eget&sed=elit&tincidunt=sodales&eu=scelerisque&felis=mauris&fusce=sit&posuere=amet&felis=eros&sed=suspendisse&lacus=accumsan&morbi=tortor&sem=quis&mauris=turpis&laoreet=sed&ut=ante&rhoncus=vivamus&aliquet=tortor&pulvinar=duis&sed=mattis&nisl=egestas&nunc=metus&rhoncus=aenean&dui=fermentum&vel=donec&sem=ut&sed=mauris&sagittis=eget&nam=massa&congue=tempor&risus=convallis&semper=nulla&porta=neque&volutpat=libero&quam=convallis&pede=eget&lobortis=eleifend&ligula=luctus&sit=ultricies&amet=eu&eleifend=nibh&pede=quisque&libero=id&quis=justo&orci=sit&nullam=amet&molestie=sapien&nibh=dignissim&in=vestibulum&lectus=vestibulum&pellentesque=ante&at=ipsum&nulla=primis&suspendisse=in&potenti=faucibus&cras=orci,TRUE
+https://webeden.co.uk/aliquet/pulvinar/sed/nisl/nunc/rhoncus/dui.xml?odio=fusce&donec=congue&vitae=diam&nisi=id&nam=ornare&ultrices=imperdiet&libero=sapien&non=urna&mattis=pretium&pulvinar=nisl&nulla=ut&pede=volutpat&ullamcorper=sapien&augue=arcu&a=sed&suscipit=augue&nulla=aliquam&elit=erat&ac=volutpat&nulla=in&sed=congue&vel=etiam&enim=justo&sit=etiam&amet=pretium&nunc=iaculis&viverra=justo&dapibus=in&nulla=hac&suscipit=habitasse&ligula=platea&in=dictumst&lacus=etiam&curabitur=faucibus&at=cursus&ipsum=urna&ac=ut,TRUE
+https://si.edu/nec/dui/luctus/rutrum/nulla.aspx?turpis=pellentesque&sed=ultrices&ante=phasellus&vivamus=id&tortor=sapien&duis=in&mattis=sapien&egestas=iaculis&metus=congue&aenean=vivamus&fermentum=metus&donec=arcu&ut=adipiscing&mauris=molestie&eget=hendrerit&massa=at&tempor=vulputate&convallis=vitae&nulla=nisl&neque=aenean&libero=lectus&convallis=pellentesque&eget=eget&eleifend=nunc&luctus=donec&ultricies=quis&eu=orci&nibh=eget&quisque=orci&id=vehicula&justo=condimentum&sit=curabitur&amet=in&sapien=libero&dignissim=ut&vestibulum=massa&vestibulum=volutpat&ante=convallis&ipsum=morbi&primis=odio&in=odio&faucibus=elementum&orci=eu&luctus=interdum&et=eu&ultrices=tincidunt&posuere=in&cubilia=leo&curae=maecenas&nulla=pulvinar&dapibus=lobortis&dolor=est&vel=phasellus&est=sit&donec=amet&odio=erat&justo=nulla&sollicitudin=tempus&ut=vivamus&suscipit=in&a=felis&feugiat=eu&et=sapien&eros=cursus&vestibulum=vestibulum&ac=proin&est=eu&lacinia=mi&nisi=nulla&venenatis=ac&tristique=enim&fusce=in&congue=tempor&diam=turpis&id=nec&ornare=euismod&imperdiet=scelerisque,TRUE
+https://psu.edu/adipiscing.json?vel=interdum&ipsum=venenatis&praesent=turpis&blandit=enim&lacinia=blandit&erat=mi&vestibulum=in&sed=porttitor&magna=pede&at=justo&nunc=eu,TRUE
+http://wikimedia.org/sapien/ut.png?mi=diam&in=in&porttitor=magna&pede=bibendum&justo=imperdiet&eu=nullam&massa=orci&donec=pede&dapibus=venenatis&duis=non&at=sodales&velit=sed&eu=tincidunt&est=eu&congue=felis&elementum=fusce&in=posuere&hac=felis&habitasse=sed&platea=lacus&dictumst=morbi&morbi=sem&vestibulum=mauris&velit=laoreet&id=ut&pretium=rhoncus&iaculis=aliquet&diam=pulvinar&erat=sed&fermentum=nisl&justo=nunc&nec=rhoncus&condimentum=dui&neque=vel&sapien=sem&placerat=sed&ante=sagittis&nulla=nam&justo=congue&aliquam=risus&quis=semper&turpis=porta&eget=volutpat&elit=quam&sodales=pede&scelerisque=lobortis&mauris=ligula&sit=sit&amet=amet&eros=eleifend&suspendisse=pede&accumsan=libero&tortor=quis&quis=orci&turpis=nullam&sed=molestie&ante=nibh&vivamus=in&tortor=lectus&duis=pellentesque,TRUE
+http://intel.com/aliquam/erat/volutpat.html?nisi=montes&venenatis=nascetur&tristique=ridiculus&fusce=mus&congue=etiam&diam=vel&id=augue&ornare=vestibulum&imperdiet=rutrum&sapien=rutrum&urna=neque&pretium=aenean&nisl=auctor&ut=gravida&volutpat=sem&sapien=praesent&arcu=id&sed=massa&augue=id&aliquam=nisl&erat=venenatis&volutpat=lacinia&in=aenean,TRUE
+http://spotify.com/dolor/morbi/vel/lectus/in.jsp?suspendisse=magna&potenti=vulputate&nullam=luctus&porttitor=cum&lacus=sociis&at=natoque&turpis=penatibus&donec=et&posuere=magnis&metus=dis&vitae=parturient&ipsum=montes&aliquam=nascetur&non=ridiculus&mauris=mus&morbi=vivamus&non=vestibulum&lectus=sagittis&aliquam=sapien&sit=cum,TRUE
+http://weather.com/mi/nulla/ac.jpg?diam=risus&in=dapibus&magna=augue&bibendum=vel&imperdiet=accumsan&nullam=tellus&orci=nisi&pede=eu&venenatis=orci&non=mauris&sodales=lacinia&sed=sapien&tincidunt=quis&eu=libero&felis=nullam&fusce=sit&posuere=amet&felis=turpis&sed=elementum&lacus=ligula&morbi=vehicula&sem=consequat,TRUE
+http://twitpic.com/pretium/iaculis/diam/erat/fermentum/justo.html?sagittis=ante&sapien=vestibulum&cum=ante&sociis=ipsum&natoque=primis&penatibus=in&et=faucibus&magnis=orci&dis=luctus&parturient=et&montes=ultrices&nascetur=posuere&ridiculus=cubilia&mus=curae&etiam=duis&vel=faucibus&augue=accumsan&vestibulum=odio&rutrum=curabitur&rutrum=convallis&neque=duis&aenean=consequat&auctor=dui&gravida=nec&sem=nisi&praesent=volutpat&id=eleifend&massa=donec&id=ut&nisl=dolor&venenatis=morbi,TRUE
+http://qq.com/risus/semper/porta/volutpat/quam.js?nec=dis&condimentum=parturient&neque=montes&sapien=nascetur&placerat=ridiculus&ante=mus&nulla=etiam&justo=vel&aliquam=augue&quis=vestibulum&turpis=rutrum&eget=rutrum&elit=neque&sodales=aenean&scelerisque=auctor&mauris=gravida&sit=sem&amet=praesent&eros=id&suspendisse=massa&accumsan=id&tortor=nisl&quis=venenatis,TRUE
+https://cornell.edu/vel/pede/morbi/porttitor/lorem/id.jsp?aliquam=turpis&lacus=eget&morbi=elit&quis=sodales&tortor=scelerisque&id=mauris&nulla=sit&ultrices=amet&aliquet=eros&maecenas=suspendisse&leo=accumsan&odio=tortor&condimentum=quis&id=turpis&luctus=sed&nec=ante&molestie=vivamus&sed=tortor&justo=duis&pellentesque=mattis&viverra=egestas&pede=metus&ac=aenean&diam=fermentum&cras=donec&pellentesque=ut&volutpat=mauris&dui=eget&maecenas=massa&tristique=tempor&est=convallis&et=nulla&tempus=neque&semper=libero&est=convallis&quam=eget&pharetra=eleifend&magna=luctus&ac=ultricies&consequat=eu&metus=nibh&sapien=quisque&ut=id&nunc=justo&vestibulum=sit&ante=amet,TRUE
+https://last.fm/sodales/sed/tincidunt/eu.aspx?etiam=libero&justo=convallis&etiam=eget&pretium=eleifend&iaculis=luctus&justo=ultricies&in=eu&hac=nibh&habitasse=quisque&platea=id&dictumst=justo&etiam=sit&faucibus=amet&cursus=sapien&urna=dignissim&ut=vestibulum&tellus=vestibulum&nulla=ante&ut=ipsum&erat=primis&id=in&mauris=faucibus&vulputate=orci&elementum=luctus&nullam=et&varius=ultrices&nulla=posuere&facilisi=cubilia&cras=curae&non=nulla&velit=dapibus&nec=dolor&nisi=vel&vulputate=est&nonummy=donec&maecenas=odio&tincidunt=justo&lacus=sollicitudin&at=ut&velit=suscipit&vivamus=a&vel=feugiat&nulla=et&eget=eros&eros=vestibulum&elementum=ac&pellentesque=est&quisque=lacinia&porta=nisi&volutpat=venenatis&erat=tristique&quisque=fusce&erat=congue&eros=diam&viverra=id&eget=ornare&congue=imperdiet&eget=sapien&semper=urna&rutrum=pretium&nulla=nisl&nunc=ut,TRUE
+http://gizmodo.com/eleifend/quam/a.json?nunc=amet&rhoncus=lobortis&dui=sapien&vel=sapien&sem=non&sed=mi&sagittis=integer&nam=ac&congue=neque&risus=duis&semper=bibendum&porta=morbi&volutpat=non&quam=quam&pede=nec&lobortis=dui&ligula=luctus&sit=rutrum&amet=nulla&eleifend=tellus&pede=in&libero=sagittis&quis=dui&orci=vel&nullam=nisl&molestie=duis&nibh=ac&in=nibh&lectus=fusce&pellentesque=lacus&at=purus&nulla=aliquet&suspendisse=at&potenti=feugiat&cras=non&in=pretium&purus=quis&eu=lectus&magna=suspendisse&vulputate=potenti&luctus=in&cum=eleifend&sociis=quam&natoque=a&penatibus=odio&et=in&magnis=hac&dis=habitasse&parturient=platea&montes=dictumst&nascetur=maecenas&ridiculus=ut&mus=massa&vivamus=quis&vestibulum=augue&sagittis=luctus&sapien=tincidunt&cum=nulla&sociis=mollis&natoque=molestie&penatibus=lorem&et=quisque&magnis=ut,TRUE
+http://army.mil/gravida.jpg?montes=in&nascetur=congue&ridiculus=etiam&mus=justo&etiam=etiam&vel=pretium&augue=iaculis&vestibulum=justo&rutrum=in&rutrum=hac&neque=habitasse&aenean=platea&auctor=dictumst&gravida=etiam&sem=faucibus&praesent=cursus&id=urna&massa=ut&id=tellus&nisl=nulla&venenatis=ut&lacinia=erat&aenean=id&sit=mauris&amet=vulputate&justo=elementum&morbi=nullam&ut=varius&odio=nulla&cras=facilisi&mi=cras&pede=non&malesuada=velit&in=nec&imperdiet=nisi&et=vulputate&commodo=nonummy&vulputate=maecenas&justo=tincidunt&in=lacus&blandit=at&ultrices=velit&enim=vivamus&lorem=vel&ipsum=nulla&dolor=eget&sit=eros&amet=elementum&consectetuer=pellentesque&adipiscing=quisque&elit=porta&proin=volutpat&interdum=erat&mauris=quisque&non=erat&ligula=eros&pellentesque=viverra&ultrices=eget&phasellus=congue&id=eget&sapien=semper&in=rutrum&sapien=nulla&iaculis=nunc&congue=purus&vivamus=phasellus&metus=in&arcu=felis&adipiscing=donec&molestie=semper&hendrerit=sapien&at=a&vulputate=libero&vitae=nam&nisl=dui&aenean=proin&lectus=leo&pellentesque=odio&eget=porttitor&nunc=id&donec=consequat&quis=in&orci=consequat&eget=ut,TRUE
+http://indiatimes.com/cursus/urna/ut/tellus/nulla/ut/erat.jpg?dui=lorem&nec=vitae&nisi=mattis&volutpat=nibh&eleifend=ligula&donec=nec&ut=sem&dolor=duis&morbi=aliquam&vel=convallis&lectus=nunc&in=proin&quam=at&fringilla=turpis&rhoncus=a&mauris=pede&enim=posuere&leo=nonummy&rhoncus=integer&sed=non&vestibulum=velit&sit=donec&amet=diam&cursus=neque&id=vestibulum&turpis=eget&integer=vulputate&aliquet=ut&massa=ultrices&id=vel&lobortis=augue&convallis=vestibulum&tortor=ante&risus=ipsum&dapibus=primis&augue=in&vel=faucibus&accumsan=orci&tellus=luctus&nisi=et&eu=ultrices&orci=posuere&mauris=cubilia&lacinia=curae&sapien=donec&quis=pharetra&libero=magna&nullam=vestibulum&sit=aliquet&amet=ultrices&turpis=erat&elementum=tortor&ligula=sollicitudin&vehicula=mi&consequat=sit&morbi=amet&a=lobortis&ipsum=sapien&integer=sapien,TRUE
+https://statcounter.com/auctor/gravida/sem.js?curae=sapien&nulla=a&dapibus=libero&dolor=nam&vel=dui&est=proin&donec=leo&odio=odio&justo=porttitor&sollicitudin=id&ut=consequat&suscipit=in&a=consequat&feugiat=ut&et=nulla&eros=sed&vestibulum=accumsan&ac=felis&est=ut&lacinia=at&nisi=dolor&venenatis=quis&tristique=odio&fusce=consequat&congue=varius&diam=integer&id=ac&ornare=leo&imperdiet=pellentesque&sapien=ultrices&urna=mattis&pretium=odio&nisl=donec&ut=vitae&volutpat=nisi&sapien=nam&arcu=ultrices&sed=libero&augue=non&aliquam=mattis&erat=pulvinar&volutpat=nulla&in=pede&congue=ullamcorper&etiam=augue&justo=a&etiam=suscipit&pretium=nulla&iaculis=elit&justo=ac&in=nulla&hac=sed&habitasse=vel&platea=enim&dictumst=sit&etiam=amet,TRUE
+https://cafepress.com/molestie/nibh/in.html?arcu=vivamus&sed=vestibulum&augue=sagittis&aliquam=sapien&erat=cum&volutpat=sociis&in=natoque&congue=penatibus&etiam=et&justo=magnis&etiam=dis&pretium=parturient&iaculis=montes&justo=nascetur&in=ridiculus&hac=mus&habitasse=etiam&platea=vel&dictumst=augue&etiam=vestibulum&faucibus=rutrum&cursus=rutrum&urna=neque&ut=aenean&tellus=auctor&nulla=gravida&ut=sem&erat=praesent&id=id&mauris=massa&vulputate=id&elementum=nisl&nullam=venenatis&varius=lacinia&nulla=aenean&facilisi=sit&cras=amet&non=justo&velit=morbi&nec=ut&nisi=odio&vulputate=cras&nonummy=mi&maecenas=pede&tincidunt=malesuada&lacus=in&at=imperdiet&velit=et&vivamus=commodo&vel=vulputate&nulla=justo&eget=in&eros=blandit&elementum=ultrices&pellentesque=enim&quisque=lorem&porta=ipsum&volutpat=dolor&erat=sit&quisque=amet&erat=consectetuer&eros=adipiscing&viverra=elit&eget=proin&congue=interdum&eget=mauris&semper=non&rutrum=ligula&nulla=pellentesque&nunc=ultrices&purus=phasellus&phasellus=id&in=sapien&felis=in&donec=sapien&semper=iaculis&sapien=congue&a=vivamus&libero=metus&nam=arcu&dui=adipiscing&proin=molestie&leo=hendrerit&odio=at&porttitor=vulputate&id=vitae&consequat=nisl&in=aenean&consequat=lectus&ut=pellentesque&nulla=eget,TRUE
+http://uol.com.br/convallis/nulla/neque/libero.png?mauris=velit&eget=id&massa=pretium&tempor=iaculis&convallis=diam&nulla=erat&neque=fermentum&libero=justo&convallis=nec&eget=condimentum&eleifend=neque&luctus=sapien&ultricies=placerat&eu=ante&nibh=nulla&quisque=justo&id=aliquam&justo=quis&sit=turpis&amet=eget&sapien=elit&dignissim=sodales&vestibulum=scelerisque&vestibulum=mauris&ante=sit&ipsum=amet&primis=eros&in=suspendisse&faucibus=accumsan&orci=tortor&luctus=quis&et=turpis&ultrices=sed&posuere=ante&cubilia=vivamus&curae=tortor&nulla=duis&dapibus=mattis&dolor=egestas&vel=metus&est=aenean&donec=fermentum&odio=donec&justo=ut&sollicitudin=mauris&ut=eget&suscipit=massa&a=tempor&feugiat=convallis&et=nulla&eros=neque&vestibulum=libero&ac=convallis&est=eget&lacinia=eleifend&nisi=luctus&venenatis=ultricies&tristique=eu&fusce=nibh&congue=quisque&diam=id&id=justo&ornare=sit&imperdiet=amet&sapien=sapien&urna=dignissim&pretium=vestibulum&nisl=vestibulum&ut=ante&volutpat=ipsum&sapien=primis&arcu=in&sed=faucibus&augue=orci&aliquam=luctus&erat=et&volutpat=ultrices&in=posuere&congue=cubilia&etiam=curae&justo=nulla&etiam=dapibus&pretium=dolor&iaculis=vel&justo=est&in=donec&hac=odio&habitasse=justo,TRUE
+http://netvibes.com/sed/ante/vivamus/tortor/duis.xml?nisl=interdum&nunc=venenatis&nisl=turpis&duis=enim&bibendum=blandit&felis=mi&sed=in&interdum=porttitor&venenatis=pede&turpis=justo&enim=eu&blandit=massa&mi=donec&in=dapibus&porttitor=duis&pede=at&justo=velit&eu=eu&massa=est&donec=congue&dapibus=elementum&duis=in&at=hac&velit=habitasse&eu=platea&est=dictumst&congue=morbi&elementum=vestibulum&in=velit&hac=id&habitasse=pretium&platea=iaculis&dictumst=diam&morbi=erat&vestibulum=fermentum&velit=justo&id=nec&pretium=condimentum&iaculis=neque&diam=sapien&erat=placerat&fermentum=ante&justo=nulla&nec=justo&condimentum=aliquam&neque=quis&sapien=turpis&placerat=eget&ante=elit&nulla=sodales&justo=scelerisque&aliquam=mauris&quis=sit&turpis=amet&eget=eros&elit=suspendisse&sodales=accumsan&scelerisque=tortor&mauris=quis&sit=turpis&amet=sed&eros=ante&suspendisse=vivamus&accumsan=tortor&tortor=duis&quis=mattis&turpis=egestas&sed=metus&ante=aenean&vivamus=fermentum&tortor=donec&duis=ut&mattis=mauris&egestas=eget&metus=massa&aenean=tempor&fermentum=convallis&donec=nulla&ut=neque&mauris=libero&eget=convallis&massa=eget&tempor=eleifend&convallis=luctus&nulla=ultricies&neque=eu&libero=nibh&convallis=quisque&eget=id&eleifend=justo&luctus=sit,TRUE
+http://timesonline.co.uk/quis.aspx?eu=turpis&massa=enim&donec=blandit&dapibus=mi&duis=in&at=porttitor&velit=pede&eu=justo&est=eu&congue=massa&elementum=donec&in=dapibus&hac=duis&habitasse=at&platea=velit&dictumst=eu&morbi=est&vestibulum=congue&velit=elementum&id=in&pretium=hac&iaculis=habitasse&diam=platea&erat=dictumst&fermentum=morbi&justo=vestibulum&nec=velit&condimentum=id&neque=pretium&sapien=iaculis&placerat=diam&ante=erat&nulla=fermentum&justo=justo&aliquam=nec&quis=condimentum&turpis=neque&eget=sapien&elit=placerat&sodales=ante&scelerisque=nulla&mauris=justo&sit=aliquam&amet=quis&eros=turpis&suspendisse=eget&accumsan=elit&tortor=sodales&quis=scelerisque&turpis=mauris&sed=sit&ante=amet&vivamus=eros&tortor=suspendisse&duis=accumsan&mattis=tortor&egestas=quis&metus=turpis&aenean=sed&fermentum=ante&donec=vivamus&ut=tortor&mauris=duis&eget=mattis&massa=egestas&tempor=metus&convallis=aenean&nulla=fermentum&neque=donec&libero=ut&convallis=mauris,TRUE
+http://1und1.de/odio/elementum/eu/interdum/eu.jpg?in=sem&congue=fusce&etiam=consequat&justo=nulla&etiam=nisl&pretium=nunc&iaculis=nisl&justo=duis&in=bibendum,TRUE
+http://umich.edu/posuere/cubilia/curae/nulla/dapibus/dolor/vel.aspx?rhoncus=integer&sed=ac&vestibulum=neque&sit=duis&amet=bibendum&cursus=morbi&id=non&turpis=quam&integer=nec&aliquet=dui&massa=luctus&id=rutrum&lobortis=nulla&convallis=tellus&tortor=in&risus=sagittis&dapibus=dui&augue=vel&vel=nisl&accumsan=duis&tellus=ac&nisi=nibh&eu=fusce&orci=lacus&mauris=purus&lacinia=aliquet&sapien=at&quis=feugiat&libero=non&nullam=pretium&sit=quis&amet=lectus&turpis=suspendisse&elementum=potenti&ligula=in&vehicula=eleifend&consequat=quam&morbi=a&a=odio&ipsum=in&integer=hac&a=habitasse&nibh=platea&in=dictumst&quis=maecenas&justo=ut&maecenas=massa&rhoncus=quis&aliquam=augue&lacus=luctus&morbi=tincidunt&quis=nulla&tortor=mollis&id=molestie&nulla=lorem&ultrices=quisque&aliquet=ut&maecenas=erat&leo=curabitur&odio=gravida&condimentum=nisi&id=at&luctus=nibh&nec=in&molestie=hac&sed=habitasse&justo=platea&pellentesque=dictumst&viverra=aliquam&pede=augue&ac=quam&diam=sollicitudin&cras=vitae&pellentesque=consectetuer&volutpat=eget&dui=rutrum&maecenas=at&tristique=lorem&est=integer&et=tincidunt&tempus=ante&semper=vel&est=ipsum&quam=praesent&pharetra=blandit&magna=lacinia&ac=erat&consequat=vestibulum&metus=sed&sapien=magna&ut=at&nunc=nunc&vestibulum=commodo&ante=placerat&ipsum=praesent&primis=blandit&in=nam&faucibus=nulla&orci=integer&luctus=pede,TRUE
+https://clickbank.net/ac.json?primis=diam&in=erat&faucibus=fermentum&orci=justo&luctus=nec&et=condimentum&ultrices=neque&posuere=sapien&cubilia=placerat&curae=ante&duis=nulla&faucibus=justo&accumsan=aliquam&odio=quis&curabitur=turpis&convallis=eget&duis=elit&consequat=sodales&dui=scelerisque&nec=mauris&nisi=sit&volutpat=amet&eleifend=eros&donec=suspendisse&ut=accumsan&dolor=tortor&morbi=quis&vel=turpis&lectus=sed&in=ante&quam=vivamus&fringilla=tortor&rhoncus=duis&mauris=mattis&enim=egestas&leo=metus&rhoncus=aenean&sed=fermentum&vestibulum=donec&sit=ut&amet=mauris&cursus=eget&id=massa&turpis=tempor&integer=convallis&aliquet=nulla&massa=neque&id=libero&lobortis=convallis&convallis=eget&tortor=eleifend&risus=luctus&dapibus=ultricies&augue=eu&vel=nibh&accumsan=quisque&tellus=id&nisi=justo&eu=sit&orci=amet&mauris=sapien&lacinia=dignissim&sapien=vestibulum&quis=vestibulum&libero=ante&nullam=ipsum&sit=primis&amet=in&turpis=faucibus&elementum=orci&ligula=luctus&vehicula=et&consequat=ultrices&morbi=posuere&a=cubilia&ipsum=curae,TRUE
+http://soup.io/libero.jsp?morbi=nunc&odio=rhoncus&odio=dui&elementum=vel&eu=sem&interdum=sed&eu=sagittis&tincidunt=nam&in=congue&leo=risus&maecenas=semper&pulvinar=porta&lobortis=volutpat&est=quam&phasellus=pede&sit=lobortis&amet=ligula&erat=sit&nulla=amet&tempus=eleifend&vivamus=pede&in=libero&felis=quis&eu=orci&sapien=nullam&cursus=molestie&vestibulum=nibh&proin=in&eu=lectus&mi=pellentesque&nulla=at&ac=nulla&enim=suspendisse&in=potenti&tempor=cras&turpis=in&nec=purus&euismod=eu&scelerisque=magna&quam=vulputate&turpis=luctus&adipiscing=cum&lorem=sociis&vitae=natoque&mattis=penatibus&nibh=et&ligula=magnis&nec=dis&sem=parturient&duis=montes&aliquam=nascetur&convallis=ridiculus&nunc=mus&proin=vivamus&at=vestibulum&turpis=sagittis&a=sapien&pede=cum&posuere=sociis&nonummy=natoque&integer=penatibus&non=et&velit=magnis&donec=dis&diam=parturient&neque=montes&vestibulum=nascetur&eget=ridiculus&vulputate=mus&ut=etiam&ultrices=vel&vel=augue&augue=vestibulum&vestibulum=rutrum&ante=rutrum&ipsum=neque&primis=aenean&in=auctor&faucibus=gravida&orci=sem&luctus=praesent&et=id&ultrices=massa&posuere=id&cubilia=nisl&curae=venenatis,TRUE
+http://wikipedia.org/nullam/sit/amet/turpis/elementum/ligula.js?leo=elementum&maecenas=ligula&pulvinar=vehicula&lobortis=consequat&est=morbi&phasellus=a&sit=ipsum&amet=integer&erat=a&nulla=nibh&tempus=in&vivamus=quis&in=justo&felis=maecenas&eu=rhoncus&sapien=aliquam&cursus=lacus&vestibulum=morbi&proin=quis&eu=tortor&mi=id&nulla=nulla&ac=ultrices&enim=aliquet&in=maecenas&tempor=leo&turpis=odio&nec=condimentum&euismod=id&scelerisque=luctus&quam=nec&turpis=molestie&adipiscing=sed&lorem=justo&vitae=pellentesque&mattis=viverra&nibh=pede&ligula=ac&nec=diam&sem=cras&duis=pellentesque&aliquam=volutpat&convallis=dui&nunc=maecenas&proin=tristique&at=est&turpis=et&a=tempus&pede=semper&posuere=est&nonummy=quam&integer=pharetra&non=magna&velit=ac&donec=consequat&diam=metus&neque=sapien&vestibulum=ut&eget=nunc&vulputate=vestibulum&ut=ante&ultrices=ipsum&vel=primis&augue=in&vestibulum=faucibus&ante=orci&ipsum=luctus&primis=et&in=ultrices&faucibus=posuere,TRUE
+https://seesaa.net/nam/congue/risus/semper/porta.xml?ut=vulputate&erat=luctus&id=cum&mauris=sociis&vulputate=natoque&elementum=penatibus&nullam=et&varius=magnis&nulla=dis&facilisi=parturient&cras=montes&non=nascetur&velit=ridiculus&nec=mus&nisi=vivamus&vulputate=vestibulum&nonummy=sagittis&maecenas=sapien&tincidunt=cum&lacus=sociis&at=natoque&velit=penatibus&vivamus=et&vel=magnis&nulla=dis&eget=parturient&eros=montes&elementum=nascetur&pellentesque=ridiculus&quisque=mus&porta=etiam&volutpat=vel&erat=augue&quisque=vestibulum&erat=rutrum&eros=rutrum&viverra=neque&eget=aenean&congue=auctor&eget=gravida&semper=sem&rutrum=praesent&nulla=id&nunc=massa&purus=id&phasellus=nisl&in=venenatis&felis=lacinia&donec=aenean&semper=sit&sapien=amet&a=justo&libero=morbi&nam=ut&dui=odio&proin=cras&leo=mi&odio=pede&porttitor=malesuada&id=in&consequat=imperdiet&in=et&consequat=commodo&ut=vulputate&nulla=justo&sed=in&accumsan=blandit&felis=ultrices&ut=enim&at=lorem&dolor=ipsum&quis=dolor&odio=sit&consequat=amet&varius=consectetuer&integer=adipiscing&ac=elit&leo=proin&pellentesque=interdum&ultrices=mauris&mattis=non&odio=ligula&donec=pellentesque&vitae=ultrices&nisi=phasellus&nam=id&ultrices=sapien&libero=in&non=sapien&mattis=iaculis&pulvinar=congue&nulla=vivamus&pede=metus&ullamcorper=arcu,TRUE
+http://usgs.gov/sit/amet/consectetuer/adipiscing/elit.jpg?in=duis&tempus=bibendum&sit=felis&amet=sed,TRUE
+http://state.gov/lacinia/aenean/sit/amet.html?felis=cubilia&fusce=curae&posuere=duis&felis=faucibus&sed=accumsan&lacus=odio&morbi=curabitur&sem=convallis&mauris=duis&laoreet=consequat,TRUE
+http://stumbleupon.com/duis/at/velit/eu/est.jpg?nunc=tincidunt&rhoncus=eget,TRUE
+https://phoca.cz/sed/vel/enim/sit/amet/nunc.html?amet=eget&justo=tincidunt&morbi=eget&ut=tempus&odio=vel&cras=pede&mi=morbi&pede=porttitor&malesuada=lorem&in=id&imperdiet=ligula&et=suspendisse&commodo=ornare&vulputate=consequat&justo=lectus&in=in&blandit=est&ultrices=risus&enim=auctor&lorem=sed&ipsum=tristique&dolor=in&sit=tempus&amet=sit&consectetuer=amet&adipiscing=sem&elit=fusce&proin=consequat&interdum=nulla&mauris=nisl&non=nunc&ligula=nisl&pellentesque=duis&ultrices=bibendum&phasellus=felis&id=sed&sapien=interdum&in=venenatis&sapien=turpis&iaculis=enim&congue=blandit&vivamus=mi&metus=in&arcu=porttitor&adipiscing=pede&molestie=justo&hendrerit=eu&at=massa,TRUE
+http://unesco.org/sapien/placerat/ante/nulla/justo.js?in=eget&hac=rutrum&habitasse=at&platea=lorem&dictumst=integer&etiam=tincidunt&faucibus=ante&cursus=vel&urna=ipsum&ut=praesent&tellus=blandit&nulla=lacinia&ut=erat&erat=vestibulum&id=sed&mauris=magna&vulputate=at&elementum=nunc&nullam=commodo&varius=placerat&nulla=praesent&facilisi=blandit&cras=nam&non=nulla&velit=integer&nec=pede&nisi=justo&vulputate=lacinia&nonummy=eget&maecenas=tincidunt&tincidunt=eget&lacus=tempus&at=vel&velit=pede&vivamus=morbi&vel=porttitor&nulla=lorem&eget=id&eros=ligula&elementum=suspendisse&pellentesque=ornare&quisque=consequat&porta=lectus&volutpat=in&erat=est&quisque=risus&erat=auctor&eros=sed&viverra=tristique,TRUE
+http://businessinsider.com/sit/amet/eros/suspendisse/accumsan.jsp?egestas=felis&metus=ut&aenean=at&fermentum=dolor&donec=quis&ut=odio&mauris=consequat&eget=varius&massa=integer&tempor=ac&convallis=leo&nulla=pellentesque&neque=ultrices&libero=mattis&convallis=odio&eget=donec&eleifend=vitae&luctus=nisi&ultricies=nam&eu=ultrices&nibh=libero&quisque=non&id=mattis&justo=pulvinar&sit=nulla&amet=pede&sapien=ullamcorper&dignissim=augue&vestibulum=a&vestibulum=suscipit,TRUE
+https://free.fr/mus/etiam/vel.js?vestibulum=nullam&sit=molestie&amet=nibh&cursus=in&id=lectus&turpis=pellentesque&integer=at&aliquet=nulla&massa=suspendisse&id=potenti&lobortis=cras&convallis=in&tortor=purus&risus=eu&dapibus=magna&augue=vulputate&vel=luctus&accumsan=cum&tellus=sociis&nisi=natoque&eu=penatibus&orci=et&mauris=magnis&lacinia=dis&sapien=parturient&quis=montes&libero=nascetur&nullam=ridiculus&sit=mus&amet=vivamus&turpis=vestibulum&elementum=sagittis&ligula=sapien&vehicula=cum&consequat=sociis&morbi=natoque&a=penatibus&ipsum=et&integer=magnis&a=dis&nibh=parturient&in=montes&quis=nascetur&justo=ridiculus&maecenas=mus&rhoncus=etiam&aliquam=vel&lacus=augue&morbi=vestibulum&quis=rutrum&tortor=rutrum&id=neque&nulla=aenean&ultrices=auctor&aliquet=gravida&maecenas=sem&leo=praesent&odio=id&condimentum=massa&id=id&luctus=nisl&nec=venenatis,TRUE
+https://hexun.com/morbi/vel/lectus.jpg?id=condimentum&sapien=neque&in=sapien,TRUE
+http://sfgate.com/consequat/lectus/in.jpg?nulla=primis&suspendisse=in&potenti=faucibus&cras=orci&in=luctus&purus=et&eu=ultrices&magna=posuere&vulputate=cubilia&luctus=curae&cum=donec&sociis=pharetra&natoque=magna&penatibus=vestibulum&et=aliquet&magnis=ultrices&dis=erat&parturient=tortor&montes=sollicitudin&nascetur=mi&ridiculus=sit&mus=amet&vivamus=lobortis&vestibulum=sapien&sagittis=sapien&sapien=non&cum=mi&sociis=integer&natoque=ac&penatibus=neque&et=duis&magnis=bibendum&dis=morbi&parturient=non&montes=quam&nascetur=nec&ridiculus=dui&mus=luctus&etiam=rutrum&vel=nulla&augue=tellus&vestibulum=in&rutrum=sagittis&rutrum=dui&neque=vel&aenean=nisl&auctor=duis&gravida=ac&sem=nibh&praesent=fusce&id=lacus&massa=purus&id=aliquet&nisl=at&venenatis=feugiat&lacinia=non&aenean=pretium&sit=quis&amet=lectus&justo=suspendisse&morbi=potenti&ut=in&odio=eleifend&cras=quam&mi=a&pede=odio&malesuada=in&in=hac&imperdiet=habitasse&et=platea&commodo=dictumst&vulputate=maecenas&justo=ut&in=massa&blandit=quis&ultrices=augue&enim=luctus&lorem=tincidunt&ipsum=nulla&dolor=mollis&sit=molestie&amet=lorem&consectetuer=quisque&adipiscing=ut&elit=erat&proin=curabitur&interdum=gravida&mauris=nisi&non=at&ligula=nibh&pellentesque=in&ultrices=hac&phasellus=habitasse,TRUE
+http://princeton.edu/quisque/porta/volutpat/erat/quisque.jsp?tincidunt=velit&eget=vivamus&tempus=vel&vel=nulla&pede=eget&morbi=eros&porttitor=elementum&lorem=pellentesque&id=quisque&ligula=porta&suspendisse=volutpat&ornare=erat&consequat=quisque&lectus=erat&in=eros&est=viverra&risus=eget&auctor=congue&sed=eget&tristique=semper&in=rutrum&tempus=nulla&sit=nunc&amet=purus&sem=phasellus&fusce=in&consequat=felis&nulla=donec&nisl=semper&nunc=sapien&nisl=a&duis=libero&bibendum=nam&felis=dui&sed=proin&interdum=leo&venenatis=odio&turpis=porttitor&enim=id&blandit=consequat&mi=in&in=consequat&porttitor=ut&pede=nulla&justo=sed&eu=accumsan&massa=felis&donec=ut&dapibus=at&duis=dolor&at=quis&velit=odio&eu=consequat&est=varius&congue=integer&elementum=ac&in=leo&hac=pellentesque&habitasse=ultrices&platea=mattis&dictumst=odio&morbi=donec&vestibulum=vitae&velit=nisi&id=nam&pretium=ultrices&iaculis=libero&diam=non&erat=mattis&fermentum=pulvinar&justo=nulla&nec=pede&condimentum=ullamcorper,TRUE
+https://admin.ch/in/sagittis.js?maecenas=venenatis&tincidunt=lacinia&lacus=aenean&at=sit&velit=amet&vivamus=justo&vel=morbi&nulla=ut&eget=odio&eros=cras&elementum=mi&pellentesque=pede&quisque=malesuada&porta=in&volutpat=imperdiet&erat=et&quisque=commodo&erat=vulputate&eros=justo&viverra=in&eget=blandit&congue=ultrices&eget=enim&semper=lorem&rutrum=ipsum&nulla=dolor&nunc=sit&purus=amet&phasellus=consectetuer&in=adipiscing&felis=elit&donec=proin&semper=interdum&sapien=mauris&a=non&libero=ligula&nam=pellentesque&dui=ultrices&proin=phasellus&leo=id&odio=sapien&porttitor=in&id=sapien&consequat=iaculis&in=congue&consequat=vivamus&ut=metus&nulla=arcu&sed=adipiscing&accumsan=molestie&felis=hendrerit&ut=at&at=vulputate&dolor=vitae&quis=nisl&odio=aenean&consequat=lectus&varius=pellentesque&integer=eget&ac=nunc&leo=donec&pellentesque=quis&ultrices=orci&mattis=eget&odio=orci&donec=vehicula&vitae=condimentum&nisi=curabitur&nam=in&ultrices=libero&libero=ut&non=massa&mattis=volutpat&pulvinar=convallis&nulla=morbi&pede=odio&ullamcorper=odio&augue=elementum&a=eu&suscipit=interdum&nulla=eu&elit=tincidunt&ac=in&nulla=leo&sed=maecenas&vel=pulvinar&enim=lobortis&sit=est&amet=phasellus&nunc=sit&viverra=amet&dapibus=erat&nulla=nulla&suscipit=tempus&ligula=vivamus,TRUE
+http://dailymotion.com/justo/aliquam/quis/turpis.html?semper=non&sapien=velit&a=donec&libero=diam&nam=neque&dui=vestibulum&proin=eget&leo=vulputate&odio=ut&porttitor=ultrices&id=vel&consequat=augue&in=vestibulum&consequat=ante&ut=ipsum&nulla=primis&sed=in&accumsan=faucibus&felis=orci&ut=luctus&at=et&dolor=ultrices&quis=posuere&odio=cubilia&consequat=curae&varius=donec&integer=pharetra,TRUE
+https://pinterest.com/integer/a/nibh/in.jpg?ut=malesuada&dolor=in&morbi=imperdiet&vel=et&lectus=commodo&in=vulputate&quam=justo&fringilla=in&rhoncus=blandit&mauris=ultrices&enim=enim&leo=lorem&rhoncus=ipsum&sed=dolor&vestibulum=sit&sit=amet&amet=consectetuer&cursus=adipiscing&id=elit&turpis=proin&integer=interdum&aliquet=mauris&massa=non&id=ligula&lobortis=pellentesque&convallis=ultrices&tortor=phasellus&risus=id&dapibus=sapien&augue=in&vel=sapien&accumsan=iaculis&tellus=congue&nisi=vivamus&eu=metus&orci=arcu&mauris=adipiscing&lacinia=molestie&sapien=hendrerit&quis=at&libero=vulputate&nullam=vitae&sit=nisl&amet=aenean&turpis=lectus&elementum=pellentesque&ligula=eget&vehicula=nunc&consequat=donec&morbi=quis&a=orci&ipsum=eget&integer=orci&a=vehicula&nibh=condimentum&in=curabitur&quis=in&justo=libero&maecenas=ut&rhoncus=massa&aliquam=volutpat&lacus=convallis&morbi=morbi&quis=odio&tortor=odio&id=elementum&nulla=eu&ultrices=interdum&aliquet=eu&maecenas=tincidunt&leo=in&odio=leo&condimentum=maecenas&id=pulvinar&luctus=lobortis&nec=est&molestie=phasellus&sed=sit&justo=amet&pellentesque=erat&viverra=nulla&pede=tempus&ac=vivamus&diam=in&cras=felis&pellentesque=eu&volutpat=sapien&dui=cursus&maecenas=vestibulum&tristique=proin&est=eu&et=mi&tempus=nulla&semper=ac&est=enim&quam=in&pharetra=tempor,TRUE
+http://sun.com/faucibus/orci/luctus.html?nulla=vel&ut=ipsum&erat=praesent&id=blandit&mauris=lacinia&vulputate=erat&elementum=vestibulum&nullam=sed&varius=magna&nulla=at&facilisi=nunc&cras=commodo&non=placerat&velit=praesent&nec=blandit&nisi=nam&vulputate=nulla&nonummy=integer&maecenas=pede&tincidunt=justo&lacus=lacinia&at=eget&velit=tincidunt&vivamus=eget&vel=tempus&nulla=vel&eget=pede&eros=morbi&elementum=porttitor&pellentesque=lorem&quisque=id&porta=ligula&volutpat=suspendisse&erat=ornare&quisque=consequat&erat=lectus&eros=in&viverra=est&eget=risus&congue=auctor&eget=sed&semper=tristique&rutrum=in&nulla=tempus&nunc=sit&purus=amet&phasellus=sem&in=fusce&felis=consequat&donec=nulla&semper=nisl&sapien=nunc&a=nisl&libero=duis&nam=bibendum&dui=felis&proin=sed&leo=interdum&odio=venenatis&porttitor=turpis&id=enim&consequat=blandit&in=mi&consequat=in&ut=porttitor&nulla=pede&sed=justo&accumsan=eu&felis=massa&ut=donec&at=dapibus&dolor=duis&quis=at,TRUE
+https://smh.com.au/vitae.aspx?non=duis&sodales=aliquam&sed=convallis&tincidunt=nunc&eu=proin&felis=at&fusce=turpis&posuere=a&felis=pede&sed=posuere&lacus=nonummy&morbi=integer&sem=non&mauris=velit&laoreet=donec&ut=diam&rhoncus=neque&aliquet=vestibulum&pulvinar=eget&sed=vulputate&nisl=ut&nunc=ultrices&rhoncus=vel&dui=augue&vel=vestibulum&sem=ante&sed=ipsum&sagittis=primis&nam=in&congue=faucibus&risus=orci&semper=luctus&porta=et&volutpat=ultrices&quam=posuere&pede=cubilia&lobortis=curae&ligula=donec&sit=pharetra&amet=magna&eleifend=vestibulum&pede=aliquet&libero=ultrices&quis=erat&orci=tortor&nullam=sollicitudin&molestie=mi&nibh=sit&in=amet&lectus=lobortis&pellentesque=sapien&at=sapien&nulla=non&suspendisse=mi&potenti=integer&cras=ac&in=neque&purus=duis&eu=bibendum&magna=morbi&vulputate=non&luctus=quam&cum=nec&sociis=dui&natoque=luctus&penatibus=rutrum&et=nulla&magnis=tellus&dis=in&parturient=sagittis&montes=dui&nascetur=vel&ridiculus=nisl&mus=duis&vivamus=ac&vestibulum=nibh&sagittis=fusce&sapien=lacus&cum=purus&sociis=aliquet&natoque=at&penatibus=feugiat&et=non&magnis=pretium&dis=quis&parturient=lectus&montes=suspendisse&nascetur=potenti&ridiculus=in&mus=eleifend&etiam=quam&vel=a&augue=odio,TRUE
+http://cisco.com/tincidunt/in/leo/maecenas/pulvinar/lobortis.html?in=morbi&quis=sem&justo=mauris&maecenas=laoreet&rhoncus=ut&aliquam=rhoncus&lacus=aliquet&morbi=pulvinar&quis=sed&tortor=nisl&id=nunc&nulla=rhoncus&ultrices=dui&aliquet=vel&maecenas=sem&leo=sed&odio=sagittis&condimentum=nam&id=congue&luctus=risus&nec=semper&molestie=porta&sed=volutpat&justo=quam&pellentesque=pede&viverra=lobortis&pede=ligula&ac=sit&diam=amet&cras=eleifend&pellentesque=pede&volutpat=libero&dui=quis&maecenas=orci&tristique=nullam&est=molestie&et=nibh&tempus=in&semper=lectus&est=pellentesque&quam=at&pharetra=nulla&magna=suspendisse&ac=potenti&consequat=cras&metus=in&sapien=purus&ut=eu&nunc=magna&vestibulum=vulputate&ante=luctus&ipsum=cum&primis=sociis&in=natoque&faucibus=penatibus&orci=et&luctus=magnis&et=dis&ultrices=parturient&posuere=montes,TRUE
+https://dropbox.com/justo/morbi/ut/odio/cras/mi.xml?justo=platea&pellentesque=dictumst&viverra=morbi&pede=vestibulum&ac=velit&diam=id&cras=pretium&pellentesque=iaculis&volutpat=diam&dui=erat&maecenas=fermentum&tristique=justo&est=nec&et=condimentum&tempus=neque&semper=sapien&est=placerat,TRUE
+http://privacy.gov.au/dis/parturient/montes/nascetur/ridiculus/mus.png?nunc=feugiat&commodo=et&placerat=eros&praesent=vestibulum&blandit=ac&nam=est&nulla=lacinia&integer=nisi&pede=venenatis&justo=tristique&lacinia=fusce&eget=congue&tincidunt=diam&eget=id&tempus=ornare&vel=imperdiet&pede=sapien&morbi=urna&porttitor=pretium&lorem=nisl&id=ut&ligula=volutpat&suspendisse=sapien&ornare=arcu&consequat=sed&lectus=augue&in=aliquam,TRUE
+https://cnbc.com/erat/fermentum/justo/nec/condimentum.png?vestibulum=ipsum&aliquet=aliquam&ultrices=non&erat=mauris&tortor=morbi&sollicitudin=non&mi=lectus&sit=aliquam&amet=sit&lobortis=amet&sapien=diam&sapien=in&non=magna&mi=bibendum&integer=imperdiet&ac=nullam&neque=orci&duis=pede&bibendum=venenatis&morbi=non&non=sodales&quam=sed&nec=tincidunt&dui=eu&luctus=felis&rutrum=fusce&nulla=posuere&tellus=felis,TRUE
+https://omniture.com/pede/justo/eu/massa/donec/dapibus/duis.json?dictumst=ipsum&maecenas=aliquam&ut=non&massa=mauris&quis=morbi&augue=non&luctus=lectus&tincidunt=aliquam&nulla=sit&mollis=amet&molestie=diam&lorem=in&quisque=magna&ut=bibendum&erat=imperdiet&curabitur=nullam&gravida=orci&nisi=pede&at=venenatis&nibh=non&in=sodales&hac=sed&habitasse=tincidunt&platea=eu&dictumst=felis&aliquam=fusce&augue=posuere&quam=felis&sollicitudin=sed&vitae=lacus&consectetuer=morbi&eget=sem&rutrum=mauris&at=laoreet&lorem=ut&integer=rhoncus&tincidunt=aliquet&ante=pulvinar&vel=sed&ipsum=nisl&praesent=nunc&blandit=rhoncus&lacinia=dui&erat=vel&vestibulum=sem&sed=sed&magna=sagittis&at=nam&nunc=congue&commodo=risus&placerat=semper&praesent=porta&blandit=volutpat,TRUE
+http://amazonaws.com/maecenas/ut/massa/quis/augue/luctus.jpg?at=sollicitudin&velit=ut&eu=suscipit&est=a&congue=feugiat&elementum=et&in=eros&hac=vestibulum&habitasse=ac&platea=est&dictumst=lacinia&morbi=nisi&vestibulum=venenatis&velit=tristique&id=fusce&pretium=congue&iaculis=diam&diam=id&erat=ornare&fermentum=imperdiet&justo=sapien&nec=urna&condimentum=pretium&neque=nisl&sapien=ut&placerat=volutpat&ante=sapien&nulla=arcu&justo=sed&aliquam=augue&quis=aliquam&turpis=erat&eget=volutpat&elit=in&sodales=congue&scelerisque=etiam&mauris=justo&sit=etiam&amet=pretium&eros=iaculis&suspendisse=justo&accumsan=in&tortor=hac&quis=habitasse&turpis=platea&sed=dictumst&ante=etiam&vivamus=faucibus&tortor=cursus&duis=urna&mattis=ut&egestas=tellus&metus=nulla&aenean=ut&fermentum=erat&donec=id&ut=mauris&mauris=vulputate&eget=elementum,TRUE
+https://infoseek.co.jp/dui/nec/nisi.xml?pede=dolor&malesuada=vel&in=est&imperdiet=donec&et=odio&commodo=justo&vulputate=sollicitudin&justo=ut&in=suscipit&blandit=a&ultrices=feugiat&enim=et&lorem=eros&ipsum=vestibulum&dolor=ac&sit=est&amet=lacinia&consectetuer=nisi&adipiscing=venenatis&elit=tristique&proin=fusce&interdum=congue&mauris=diam&non=id&ligula=ornare&pellentesque=imperdiet&ultrices=sapien&phasellus=urna&id=pretium&sapien=nisl&in=ut&sapien=volutpat&iaculis=sapien&congue=arcu&vivamus=sed&metus=augue&arcu=aliquam&adipiscing=erat&molestie=volutpat,TRUE
+https://friendfeed.com/rutrum/rutrum/neque/aenean/auctor/gravida/sem.png?interdum=tempus&venenatis=vel&turpis=pede&enim=morbi&blandit=porttitor&mi=lorem&in=id&porttitor=ligula&pede=suspendisse&justo=ornare&eu=consequat&massa=lectus&donec=in&dapibus=est&duis=risus&at=auctor&velit=sed&eu=tristique&est=in&congue=tempus&elementum=sit&in=amet&hac=sem&habitasse=fusce&platea=consequat&dictumst=nulla&morbi=nisl&vestibulum=nunc&velit=nisl&id=duis&pretium=bibendum&iaculis=felis&diam=sed&erat=interdum&fermentum=venenatis&justo=turpis&nec=enim&condimentum=blandit&neque=mi&sapien=in&placerat=porttitor&ante=pede&nulla=justo&justo=eu&aliquam=massa&quis=donec&turpis=dapibus&eget=duis&elit=at&sodales=velit&scelerisque=eu&mauris=est&sit=congue&amet=elementum&eros=in&suspendisse=hac&accumsan=habitasse&tortor=platea&quis=dictumst&turpis=morbi&sed=vestibulum&ante=velit&vivamus=id&tortor=pretium&duis=iaculis&mattis=diam&egestas=erat&metus=fermentum&aenean=justo&fermentum=nec&donec=condimentum&ut=neque&mauris=sapien&eget=placerat&massa=ante&tempor=nulla,TRUE
+https://miibeian.gov.cn/mi/sit/amet/lobortis/sapien/sapien/non.json?tincidunt=pulvinar&ante=sed&vel=nisl&ipsum=nunc&praesent=rhoncus&blandit=dui&lacinia=vel&erat=sem&vestibulum=sed&sed=sagittis&magna=nam&at=congue&nunc=risus&commodo=semper&placerat=porta&praesent=volutpat&blandit=quam&nam=pede&nulla=lobortis&integer=ligula&pede=sit&justo=amet&lacinia=eleifend&eget=pede&tincidunt=libero&eget=quis&tempus=orci&vel=nullam&pede=molestie&morbi=nibh&porttitor=in&lorem=lectus&id=pellentesque&ligula=at&suspendisse=nulla&ornare=suspendisse&consequat=potenti&lectus=cras&in=in&est=purus&risus=eu&auctor=magna&sed=vulputate&tristique=luctus&in=cum&tempus=sociis&sit=natoque&amet=penatibus&sem=et&fusce=magnis&consequat=dis&nulla=parturient&nisl=montes&nunc=nascetur&nisl=ridiculus&duis=mus&bibendum=vivamus&felis=vestibulum&sed=sagittis&interdum=sapien&venenatis=cum&turpis=sociis&enim=natoque&blandit=penatibus&mi=et&in=magnis&porttitor=dis&pede=parturient&justo=montes&eu=nascetur&massa=ridiculus&donec=mus&dapibus=etiam&duis=vel&at=augue&velit=vestibulum&eu=rutrum&est=rutrum&congue=neque&elementum=aenean&in=auctor&hac=gravida&habitasse=sem&platea=praesent&dictumst=id&morbi=massa&vestibulum=id&velit=nisl&id=venenatis,TRUE
+https://usatoday.com/gravida.jpg?ultrices=eget&posuere=tincidunt&cubilia=eget&curae=tempus&duis=vel&faucibus=pede&accumsan=morbi&odio=porttitor&curabitur=lorem&convallis=id&duis=ligula&consequat=suspendisse&dui=ornare&nec=consequat&nisi=lectus&volutpat=in&eleifend=est&donec=risus&ut=auctor&dolor=sed&morbi=tristique&vel=in&lectus=tempus&in=sit&quam=amet&fringilla=sem&rhoncus=fusce&mauris=consequat&enim=nulla&leo=nisl&rhoncus=nunc&sed=nisl&vestibulum=duis&sit=bibendum&amet=felis&cursus=sed&id=interdum&turpis=venenatis&integer=turpis&aliquet=enim&massa=blandit&id=mi&lobortis=in&convallis=porttitor&tortor=pede&risus=justo&dapibus=eu&augue=massa&vel=donec&accumsan=dapibus&tellus=duis&nisi=at&eu=velit&orci=eu&mauris=est&lacinia=congue&sapien=elementum&quis=in&libero=hac&nullam=habitasse&sit=platea&amet=dictumst&turpis=morbi&elementum=vestibulum&ligula=velit&vehicula=id&consequat=pretium&morbi=iaculis&a=diam&ipsum=erat&integer=fermentum&a=justo&nibh=nec&in=condimentum&quis=neque&justo=sapien&maecenas=placerat&rhoncus=ante&aliquam=nulla&lacus=justo&morbi=aliquam&quis=quis&tortor=turpis&id=eget&nulla=elit&ultrices=sodales&aliquet=scelerisque&maecenas=mauris&leo=sit&odio=amet&condimentum=eros&id=suspendisse&luctus=accumsan&nec=tortor&molestie=quis&sed=turpis&justo=sed,TRUE
+https://sourceforge.net/lorem/vitae/mattis/nibh/ligula/nec.jsp?leo=condimentum&rhoncus=neque&sed=sapien&vestibulum=placerat&sit=ante&amet=nulla&cursus=justo&id=aliquam&turpis=quis&integer=turpis&aliquet=eget&massa=elit&id=sodales&lobortis=scelerisque&convallis=mauris&tortor=sit&risus=amet&dapibus=eros&augue=suspendisse&vel=accumsan&accumsan=tortor&tellus=quis&nisi=turpis&eu=sed&orci=ante&mauris=vivamus&lacinia=tortor&sapien=duis&quis=mattis&libero=egestas&nullam=metus&sit=aenean&amet=fermentum&turpis=donec&elementum=ut&ligula=mauris&vehicula=eget&consequat=massa&morbi=tempor&a=convallis&ipsum=nulla&integer=neque&a=libero&nibh=convallis&in=eget&quis=eleifend&justo=luctus&maecenas=ultricies&rhoncus=eu&aliquam=nibh&lacus=quisque&morbi=id&quis=justo&tortor=sit&id=amet&nulla=sapien&ultrices=dignissim&aliquet=vestibulum&maecenas=vestibulum&leo=ante&odio=ipsum&condimentum=primis&id=in&luctus=faucibus&nec=orci&molestie=luctus&sed=et&justo=ultrices&pellentesque=posuere&viverra=cubilia&pede=curae&ac=nulla,TRUE
+http://vkontakte.ru/ac/lobortis.jsp?nonummy=urna&integer=ut&non=tellus&velit=nulla&donec=ut&diam=erat&neque=id&vestibulum=mauris&eget=vulputate&vulputate=elementum&ut=nullam&ultrices=varius&vel=nulla&augue=facilisi&vestibulum=cras&ante=non&ipsum=velit&primis=nec&in=nisi&faucibus=vulputate&orci=nonummy&luctus=maecenas&et=tincidunt&ultrices=lacus&posuere=at&cubilia=velit&curae=vivamus&donec=vel&pharetra=nulla&magna=eget&vestibulum=eros&aliquet=elementum&ultrices=pellentesque&erat=quisque&tortor=porta&sollicitudin=volutpat&mi=erat&sit=quisque,TRUE
+http://ted.com/massa/id/lobortis/convallis.html?in=in&faucibus=lectus&orci=pellentesque&luctus=at&et=nulla&ultrices=suspendisse&posuere=potenti&cubilia=cras&curae=in&mauris=purus&viverra=eu&diam=magna&vitae=vulputate&quam=luctus&suspendisse=cum&potenti=sociis&nullam=natoque&porttitor=penatibus&lacus=et&at=magnis&turpis=dis&donec=parturient&posuere=montes&metus=nascetur&vitae=ridiculus&ipsum=mus&aliquam=vivamus&non=vestibulum&mauris=sagittis&morbi=sapien&non=cum&lectus=sociis&aliquam=natoque&sit=penatibus&amet=et&diam=magnis&in=dis&magna=parturient&bibendum=montes&imperdiet=nascetur&nullam=ridiculus&orci=mus&pede=etiam&venenatis=vel&non=augue&sodales=vestibulum&sed=rutrum&tincidunt=rutrum&eu=neque&felis=aenean&fusce=auctor&posuere=gravida&felis=sem&sed=praesent&lacus=id&morbi=massa,TRUE
+http://google.fr/porttitor/lacus/at/turpis/donec/posuere.json?ut=non&erat=quam&curabitur=nec&gravida=dui&nisi=luctus&at=rutrum&nibh=nulla&in=tellus&hac=in&habitasse=sagittis,TRUE
+http://census.gov/sapien/dignissim/vestibulum/vestibulum/ante/ipsum.js?sem=ante&mauris=ipsum&laoreet=primis&ut=in&rhoncus=faucibus&aliquet=orci&pulvinar=luctus&sed=et&nisl=ultrices&nunc=posuere&rhoncus=cubilia&dui=curae&vel=donec&sem=pharetra&sed=magna&sagittis=vestibulum&nam=aliquet&congue=ultrices&risus=erat&semper=tortor&porta=sollicitudin&volutpat=mi&quam=sit&pede=amet&lobortis=lobortis&ligula=sapien&sit=sapien&amet=non&eleifend=mi&pede=integer&libero=ac&quis=neque&orci=duis&nullam=bibendum&molestie=morbi&nibh=non&in=quam&lectus=nec&pellentesque=dui&at=luctus&nulla=rutrum&suspendisse=nulla&potenti=tellus&cras=in&in=sagittis&purus=dui&eu=vel&magna=nisl&vulputate=duis&luctus=ac&cum=nibh&sociis=fusce&natoque=lacus&penatibus=purus&et=aliquet&magnis=at&dis=feugiat,TRUE
+https://biglobe.ne.jp/in/magna/bibendum/imperdiet/nullam/orci/pede.xml?ipsum=volutpat&praesent=eleifend&blandit=donec&lacinia=ut&erat=dolor&vestibulum=morbi&sed=vel&magna=lectus&at=in&nunc=quam&commodo=fringilla&placerat=rhoncus&praesent=mauris&blandit=enim&nam=leo&nulla=rhoncus&integer=sed&pede=vestibulum&justo=sit&lacinia=amet&eget=cursus&tincidunt=id&eget=turpis&tempus=integer&vel=aliquet&pede=massa&morbi=id&porttitor=lobortis&lorem=convallis&id=tortor&ligula=risus&suspendisse=dapibus&ornare=augue&consequat=vel&lectus=accumsan&in=tellus&est=nisi&risus=eu&auctor=orci&sed=mauris&tristique=lacinia&in=sapien&tempus=quis&sit=libero&amet=nullam&sem=sit&fusce=amet,TRUE
+http://jugem.jp/augue/aliquam/erat.js?odio=sed&justo=sagittis&sollicitudin=nam&ut=congue&suscipit=risus&a=semper&feugiat=porta&et=volutpat&eros=quam&vestibulum=pede&ac=lobortis&est=ligula&lacinia=sit&nisi=amet&venenatis=eleifend&tristique=pede&fusce=libero&congue=quis&diam=orci&id=nullam&ornare=molestie&imperdiet=nibh&sapien=in&urna=lectus&pretium=pellentesque&nisl=at&ut=nulla&volutpat=suspendisse&sapien=potenti&arcu=cras&sed=in&augue=purus&aliquam=eu&erat=magna&volutpat=vulputate&in=luctus&congue=cum&etiam=sociis&justo=natoque&etiam=penatibus&pretium=et&iaculis=magnis&justo=dis&in=parturient&hac=montes&habitasse=nascetur&platea=ridiculus&dictumst=mus&etiam=vivamus&faucibus=vestibulum&cursus=sagittis&urna=sapien,TRUE
+https://engadget.com/neque/vestibulum/eget/vulputate/ut.aspx?lobortis=tempus&ligula=semper&sit=est&amet=quam&eleifend=pharetra&pede=magna&libero=ac&quis=consequat&orci=metus&nullam=sapien&molestie=ut&nibh=nunc&in=vestibulum&lectus=ante&pellentesque=ipsum&at=primis&nulla=in&suspendisse=faucibus&potenti=orci&cras=luctus&in=et&purus=ultrices&eu=posuere&magna=cubilia&vulputate=curae&luctus=mauris&cum=viverra&sociis=diam&natoque=vitae&penatibus=quam&et=suspendisse&magnis=potenti&dis=nullam&parturient=porttitor&montes=lacus&nascetur=at&ridiculus=turpis&mus=donec&vivamus=posuere&vestibulum=metus&sagittis=vitae&sapien=ipsum&cum=aliquam&sociis=non&natoque=mauris&penatibus=morbi&et=non&magnis=lectus&dis=aliquam&parturient=sit&montes=amet&nascetur=diam&ridiculus=in&mus=magna&etiam=bibendum&vel=imperdiet&augue=nullam&vestibulum=orci&rutrum=pede&rutrum=venenatis&neque=non&aenean=sodales&auctor=sed&gravida=tincidunt&sem=eu&praesent=felis&id=fusce&massa=posuere&id=felis&nisl=sed&venenatis=lacus&lacinia=morbi&aenean=sem&sit=mauris&amet=laoreet&justo=ut&morbi=rhoncus&ut=aliquet&odio=pulvinar&cras=sed&mi=nisl&pede=nunc&malesuada=rhoncus&in=dui&imperdiet=vel&et=sem&commodo=sed&vulputate=sagittis&justo=nam&in=congue&blandit=risus&ultrices=semper&enim=porta&lorem=volutpat&ipsum=quam,TRUE
+http://umich.edu/massa/quis/augue/luctus/tincidunt/nulla/mollis.json?aliquam=amet&quis=sem&turpis=fusce&eget=consequat&elit=nulla&sodales=nisl&scelerisque=nunc&mauris=nisl&sit=duis&amet=bibendum&eros=felis&suspendisse=sed&accumsan=interdum&tortor=venenatis&quis=turpis&turpis=enim&sed=blandit&ante=mi&vivamus=in&tortor=porttitor&duis=pede&mattis=justo&egestas=eu&metus=massa&aenean=donec&fermentum=dapibus&donec=duis&ut=at&mauris=velit&eget=eu&massa=est&tempor=congue&convallis=elementum&nulla=in&neque=hac&libero=habitasse&convallis=platea&eget=dictumst&eleifend=morbi&luctus=vestibulum&ultricies=velit&eu=id&nibh=pretium&quisque=iaculis&id=diam&justo=erat&sit=fermentum&amet=justo&sapien=nec&dignissim=condimentum&vestibulum=neque&vestibulum=sapien&ante=placerat&ipsum=ante&primis=nulla,TRUE
+http://mtv.com/ante/ipsum/primis/in/faucibus/orci/luctus.js?lacinia=fusce&erat=consequat&vestibulum=nulla&sed=nisl&magna=nunc&at=nisl&nunc=duis&commodo=bibendum&placerat=felis&praesent=sed&blandit=interdum&nam=venenatis&nulla=turpis&integer=enim&pede=blandit&justo=mi&lacinia=in&eget=porttitor&tincidunt=pede&eget=justo&tempus=eu&vel=massa&pede=donec&morbi=dapibus&porttitor=duis&lorem=at&id=velit&ligula=eu&suspendisse=est&ornare=congue&consequat=elementum&lectus=in&in=hac&est=habitasse&risus=platea&auctor=dictumst&sed=morbi&tristique=vestibulum&in=velit&tempus=id&sit=pretium&amet=iaculis&sem=diam&fusce=erat&consequat=fermentum&nulla=justo&nisl=nec&nunc=condimentum&nisl=neque&duis=sapien&bibendum=placerat&felis=ante&sed=nulla&interdum=justo&venenatis=aliquam&turpis=quis&enim=turpis&blandit=eget&mi=elit&in=sodales&porttitor=scelerisque&pede=mauris&justo=sit&eu=amet&massa=eros&donec=suspendisse&dapibus=accumsan&duis=tortor&at=quis&velit=turpis&eu=sed&est=ante&congue=vivamus&elementum=tortor&in=duis&hac=mattis&habitasse=egestas&platea=metus&dictumst=aenean&morbi=fermentum,TRUE
+http://123-reg.co.uk/platea/dictumst.jsp?et=justo&tempus=aliquam&semper=quis&est=turpis&quam=eget&pharetra=elit&magna=sodales&ac=scelerisque&consequat=mauris&metus=sit&sapien=amet&ut=eros&nunc=suspendisse&vestibulum=accumsan&ante=tortor&ipsum=quis&primis=turpis&in=sed&faucibus=ante&orci=vivamus&luctus=tortor&et=duis&ultrices=mattis&posuere=egestas&cubilia=metus&curae=aenean&mauris=fermentum&viverra=donec&diam=ut&vitae=mauris&quam=eget&suspendisse=massa&potenti=tempor&nullam=convallis&porttitor=nulla&lacus=neque&at=libero&turpis=convallis&donec=eget&posuere=eleifend&metus=luctus&vitae=ultricies&ipsum=eu&aliquam=nibh&non=quisque&mauris=id&morbi=justo&non=sit&lectus=amet&aliquam=sapien&sit=dignissim&amet=vestibulum&diam=vestibulum&in=ante&magna=ipsum&bibendum=primis&imperdiet=in&nullam=faucibus&orci=orci&pede=luctus&venenatis=et&non=ultrices&sodales=posuere&sed=cubilia&tincidunt=curae&eu=nulla&felis=dapibus&fusce=dolor&posuere=vel&felis=est,TRUE
+http://amazon.com/quam/a/odio/in.json?praesent=vitae&blandit=nisl&lacinia=aenean&erat=lectus&vestibulum=pellentesque&sed=eget&magna=nunc&at=donec&nunc=quis&commodo=orci&placerat=eget&praesent=orci,TRUE
+https://shareasale.com/praesent/id/massa.xml?consectetuer=sapien&adipiscing=cum&elit=sociis&proin=natoque&interdum=penatibus&mauris=et&non=magnis&ligula=dis&pellentesque=parturient&ultrices=montes&phasellus=nascetur&id=ridiculus&sapien=mus&in=etiam&sapien=vel&iaculis=augue&congue=vestibulum&vivamus=rutrum&metus=rutrum&arcu=neque&adipiscing=aenean&molestie=auctor&hendrerit=gravida&at=sem&vulputate=praesent&vitae=id&nisl=massa&aenean=id&lectus=nisl&pellentesque=venenatis&eget=lacinia&nunc=aenean&donec=sit&quis=amet&orci=justo&eget=morbi&orci=ut&vehicula=odio&condimentum=cras&curabitur=mi&in=pede&libero=malesuada&ut=in&massa=imperdiet&volutpat=et&convallis=commodo&morbi=vulputate&odio=justo&odio=in&elementum=blandit&eu=ultrices&interdum=enim&eu=lorem&tincidunt=ipsum&in=dolor&leo=sit&maecenas=amet&pulvinar=consectetuer&lobortis=adipiscing&est=elit&phasellus=proin&sit=interdum&amet=mauris&erat=non&nulla=ligula&tempus=pellentesque&vivamus=ultrices&in=phasellus&felis=id&eu=sapien&sapien=in&cursus=sapien&vestibulum=iaculis,TRUE
+http://noaa.gov/nunc/vestibulum.xml?lectus=lacus&pellentesque=morbi&at=quis&nulla=tortor&suspendisse=id&potenti=nulla,TRUE
+http://indiatimes.com/mauris.jpg?nisi=suspendisse&vulputate=accumsan&nonummy=tortor&maecenas=quis&tincidunt=turpis&lacus=sed&at=ante&velit=vivamus&vivamus=tortor&vel=duis&nulla=mattis&eget=egestas&eros=metus&elementum=aenean&pellentesque=fermentum&quisque=donec&porta=ut&volutpat=mauris&erat=eget&quisque=massa&erat=tempor&eros=convallis&viverra=nulla&eget=neque&congue=libero&eget=convallis&semper=eget&rutrum=eleifend&nulla=luctus&nunc=ultricies&purus=eu&phasellus=nibh&in=quisque&felis=id&donec=justo&semper=sit&sapien=amet&a=sapien&libero=dignissim&nam=vestibulum&dui=vestibulum&proin=ante&leo=ipsum&odio=primis&porttitor=in&id=faucibus&consequat=orci&in=luctus,TRUE
+https://dmoz.org/dolor/sit/amet/consectetuer/adipiscing/elit/proin.json?semper=pede&porta=libero&volutpat=quis&quam=orci&pede=nullam&lobortis=molestie&ligula=nibh&sit=in,TRUE
+https://forbes.com/sed/magna/at/nunc/commodo.jsp?dolor=donec&sit=posuere&amet=metus&consectetuer=vitae&adipiscing=ipsum&elit=aliquam&proin=non&interdum=mauris&mauris=morbi&non=non&ligula=lectus&pellentesque=aliquam&ultrices=sit&phasellus=amet&id=diam&sapien=in&in=magna&sapien=bibendum&iaculis=imperdiet&congue=nullam&vivamus=orci&metus=pede&arcu=venenatis&adipiscing=non&molestie=sodales&hendrerit=sed&at=tincidunt&vulputate=eu&vitae=felis&nisl=fusce&aenean=posuere&lectus=felis&pellentesque=sed&eget=lacus&nunc=morbi&donec=sem&quis=mauris&orci=laoreet&eget=ut&orci=rhoncus&vehicula=aliquet&condimentum=pulvinar&curabitur=sed&in=nisl&libero=nunc&ut=rhoncus&massa=dui&volutpat=vel&convallis=sem&morbi=sed&odio=sagittis&odio=nam&elementum=congue&eu=risus&interdum=semper&eu=porta&tincidunt=volutpat&in=quam&leo=pede,TRUE
+https://sfgate.com/molestie.xml?curae=in&duis=purus&faucibus=eu&accumsan=magna&odio=vulputate&curabitur=luctus&convallis=cum&duis=sociis&consequat=natoque&dui=penatibus&nec=et&nisi=magnis&volutpat=dis&eleifend=parturient&donec=montes&ut=nascetur&dolor=ridiculus&morbi=mus&vel=vivamus&lectus=vestibulum&in=sagittis&quam=sapien,TRUE
+https://forbes.com/porta/volutpat/erat.json?sed=morbi&accumsan=non&felis=quam&ut=nec&at=dui&dolor=luctus&quis=rutrum&odio=nulla&consequat=tellus&varius=in&integer=sagittis&ac=dui&leo=vel&pellentesque=nisl&ultrices=duis&mattis=ac&odio=nibh&donec=fusce&vitae=lacus&nisi=purus&nam=aliquet&ultrices=at&libero=feugiat&non=non&mattis=pretium&pulvinar=quis&nulla=lectus&pede=suspendisse&ullamcorper=potenti&augue=in&a=eleifend&suscipit=quam&nulla=a&elit=odio&ac=in&nulla=hac&sed=habitasse&vel=platea&enim=dictumst&sit=maecenas&amet=ut&nunc=massa&viverra=quis&dapibus=augue&nulla=luctus&suscipit=tincidunt&ligula=nulla&in=mollis&lacus=molestie&curabitur=lorem&at=quisque&ipsum=ut&ac=erat&tellus=curabitur&semper=gravida&interdum=nisi&mauris=at&ullamcorper=nibh&purus=in&sit=hac&amet=habitasse&nulla=platea&quisque=dictumst&arcu=aliquam&libero=augue&rutrum=quam&ac=sollicitudin&lobortis=vitae&vel=consectetuer&dapibus=eget&at=rutrum&diam=at,TRUE
+http://plala.or.jp/porttitor/lacus/at/turpis/donec/posuere/metus.jpg?nunc=porttitor&vestibulum=pede&ante=justo&ipsum=eu&primis=massa&in=donec,TRUE
+https://dyndns.org/faucibus/orci/luctus/et.html?ut=porta&erat=volutpat&id=quam&mauris=pede&vulputate=lobortis&elementum=ligula&nullam=sit&varius=amet&nulla=eleifend&facilisi=pede,TRUE
+http://instagram.com/congue/etiam/justo/etiam.html?sapien=mauris&a=eget&libero=massa&nam=tempor&dui=convallis&proin=nulla&leo=neque&odio=libero&porttitor=convallis&id=eget&consequat=eleifend&in=luctus&consequat=ultricies&ut=eu,TRUE
+http://delicious.com/lorem/id/ligula/suspendisse/ornare.json?nec=blandit&euismod=non&scelerisque=interdum&quam=in&turpis=ante&adipiscing=vestibulum&lorem=ante&vitae=ipsum&mattis=primis&nibh=in&ligula=faucibus&nec=orci&sem=luctus&duis=et&aliquam=ultrices&convallis=posuere&nunc=cubilia&proin=curae&at=duis&turpis=faucibus&a=accumsan&pede=odio&posuere=curabitur&nonummy=convallis&integer=duis&non=consequat&velit=dui&donec=nec&diam=nisi&neque=volutpat&vestibulum=eleifend&eget=donec&vulputate=ut&ut=dolor&ultrices=morbi&vel=vel&augue=lectus&vestibulum=in&ante=quam&ipsum=fringilla&primis=rhoncus&in=mauris&faucibus=enim&orci=leo&luctus=rhoncus&et=sed&ultrices=vestibulum&posuere=sit&cubilia=amet&curae=cursus&donec=id&pharetra=turpis&magna=integer&vestibulum=aliquet&aliquet=massa&ultrices=id&erat=lobortis&tortor=convallis&sollicitudin=tortor&mi=risus&sit=dapibus&amet=augue&lobortis=vel&sapien=accumsan&sapien=tellus&non=nisi,TRUE
+http://e-recht24.de/platea/dictumst.jpg?tempus=nulla&vivamus=eget&in=eros&felis=elementum&eu=pellentesque,TRUE
+http://etsy.com/ante/ipsum/primis/in/faucibus/orci.json?nam=nunc&dui=nisl&proin=duis&leo=bibendum&odio=felis&porttitor=sed&id=interdum&consequat=venenatis&in=turpis&consequat=enim&ut=blandit&nulla=mi&sed=in&accumsan=porttitor&felis=pede&ut=justo&at=eu&dolor=massa&quis=donec&odio=dapibus&consequat=duis&varius=at&integer=velit&ac=eu&leo=est&pellentesque=congue&ultrices=elementum&mattis=in&odio=hac&donec=habitasse&vitae=platea&nisi=dictumst&nam=morbi&ultrices=vestibulum&libero=velit&non=id&mattis=pretium&pulvinar=iaculis&nulla=diam&pede=erat&ullamcorper=fermentum&augue=justo&a=nec&suscipit=condimentum&nulla=neque&elit=sapien&ac=placerat&nulla=ante&sed=nulla&vel=justo&enim=aliquam&sit=quis&amet=turpis&nunc=eget&viverra=elit&dapibus=sodales&nulla=scelerisque&suscipit=mauris&ligula=sit&in=amet&lacus=eros&curabitur=suspendisse&at=accumsan&ipsum=tortor&ac=quis&tellus=turpis&semper=sed&interdum=ante&mauris=vivamus,TRUE
+http://spotify.com/maecenas.png?consectetuer=placerat&adipiscing=ante&elit=nulla&proin=justo&risus=aliquam&praesent=quis&lectus=turpis&vestibulum=eget&quam=elit&sapien=sodales&varius=scelerisque&ut=mauris&blandit=sit&non=amet&interdum=eros&in=suspendisse&ante=accumsan&vestibulum=tortor&ante=quis&ipsum=turpis&primis=sed&in=ante&faucibus=vivamus&orci=tortor&luctus=duis&et=mattis&ultrices=egestas&posuere=metus&cubilia=aenean&curae=fermentum&duis=donec&faucibus=ut&accumsan=mauris&odio=eget&curabitur=massa&convallis=tempor&duis=convallis&consequat=nulla&dui=neque&nec=libero&nisi=convallis&volutpat=eget&eleifend=eleifend&donec=luctus&ut=ultricies&dolor=eu&morbi=nibh&vel=quisque&lectus=id&in=justo&quam=sit&fringilla=amet&rhoncus=sapien&mauris=dignissim&enim=vestibulum&leo=vestibulum&rhoncus=ante&sed=ipsum,TRUE
+https://t-online.de/proin/risus/praesent/lectus.jpg?varius=mauris&nulla=laoreet&facilisi=ut&cras=rhoncus&non=aliquet&velit=pulvinar&nec=sed&nisi=nisl&vulputate=nunc&nonummy=rhoncus&maecenas=dui&tincidunt=vel&lacus=sem&at=sed&velit=sagittis&vivamus=nam&vel=congue&nulla=risus&eget=semper&eros=porta&elementum=volutpat&pellentesque=quam&quisque=pede&porta=lobortis&volutpat=ligula&erat=sit&quisque=amet&erat=eleifend&eros=pede&viverra=libero&eget=quis&congue=orci&eget=nullam&semper=molestie&rutrum=nibh&nulla=in&nunc=lectus&purus=pellentesque&phasellus=at&in=nulla&felis=suspendisse&donec=potenti&semper=cras&sapien=in&a=purus&libero=eu&nam=magna&dui=vulputate&proin=luctus&leo=cum&odio=sociis&porttitor=natoque&id=penatibus&consequat=et&in=magnis&consequat=dis&ut=parturient&nulla=montes&sed=nascetur&accumsan=ridiculus&felis=mus&ut=vivamus&at=vestibulum&dolor=sagittis&quis=sapien&odio=cum&consequat=sociis&varius=natoque&integer=penatibus&ac=et&leo=magnis,TRUE
+https://businessinsider.com/donec/quis/orci/eget/orci/vehicula/condimentum.jsp?orci=nunc&luctus=commodo&et=placerat&ultrices=praesent&posuere=blandit&cubilia=nam&curae=nulla&nulla=integer&dapibus=pede&dolor=justo&vel=lacinia&est=eget&donec=tincidunt&odio=eget&justo=tempus&sollicitudin=vel&ut=pede&suscipit=morbi&a=porttitor&feugiat=lorem&et=id&eros=ligula&vestibulum=suspendisse&ac=ornare&est=consequat&lacinia=lectus&nisi=in&venenatis=est&tristique=risus&fusce=auctor&congue=sed&diam=tristique&id=in&ornare=tempus&imperdiet=sit&sapien=amet&urna=sem&pretium=fusce&nisl=consequat&ut=nulla&volutpat=nisl&sapien=nunc&arcu=nisl&sed=duis&augue=bibendum&aliquam=felis&erat=sed&volutpat=interdum&in=venenatis&congue=turpis&etiam=enim&justo=blandit&etiam=mi&pretium=in&iaculis=porttitor&justo=pede&in=justo&hac=eu&habitasse=massa&platea=donec&dictumst=dapibus&etiam=duis&faucibus=at&cursus=velit&urna=eu&ut=est&tellus=congue&nulla=elementum&ut=in&erat=hac&id=habitasse&mauris=platea&vulputate=dictumst&elementum=morbi&nullam=vestibulum&varius=velit&nulla=id&facilisi=pretium&cras=iaculis&non=diam&velit=erat&nec=fermentum&nisi=justo&vulputate=nec&nonummy=condimentum&maecenas=neque&tincidunt=sapien&lacus=placerat&at=ante&velit=nulla&vivamus=justo&vel=aliquam&nulla=quis&eget=turpis&eros=eget&elementum=elit&pellentesque=sodales,TRUE
+http://bloglovin.com/dolor/morbi/vel/lectus/in.json?pede=dignissim&ullamcorper=vestibulum,TRUE
+https://yale.edu/quis/orci/eget/orci.xml?tempus=faucibus&vel=orci&pede=luctus&morbi=et&porttitor=ultrices&lorem=posuere&id=cubilia&ligula=curae&suspendisse=nulla&ornare=dapibus&consequat=dolor&lectus=vel&in=est&est=donec&risus=odio&auctor=justo&sed=sollicitudin&tristique=ut&in=suscipit&tempus=a&sit=feugiat&amet=et&sem=eros&fusce=vestibulum&consequat=ac&nulla=est&nisl=lacinia&nunc=nisi&nisl=venenatis&duis=tristique&bibendum=fusce&felis=congue&sed=diam&interdum=id&venenatis=ornare&turpis=imperdiet&enim=sapien&blandit=urna&mi=pretium&in=nisl&porttitor=ut&pede=volutpat&justo=sapien&eu=arcu&massa=sed&donec=augue&dapibus=aliquam&duis=erat&at=volutpat&velit=in&eu=congue&est=etiam&congue=justo&elementum=etiam&in=pretium&hac=iaculis&habitasse=justo&platea=in&dictumst=hac&morbi=habitasse&vestibulum=platea&velit=dictumst&id=etiam&pretium=faucibus&iaculis=cursus&diam=urna&erat=ut&fermentum=tellus&justo=nulla&nec=ut&condimentum=erat&neque=id&sapien=mauris&placerat=vulputate&ante=elementum&nulla=nullam&justo=varius,TRUE
+https://usda.gov/duis/aliquam/convallis/nunc.aspx?pharetra=curae,TRUE
+http://amazonaws.com/vestibulum/ante/ipsum/primis/in/faucibus.xml?vivamus=primis&vestibulum=in&sagittis=faucibus&sapien=orci&cum=luctus&sociis=et,TRUE
+http://elegantthemes.com/quam/sapien/varius/ut.xml?augue=laoreet&luctus=ut&tincidunt=rhoncus&nulla=aliquet&mollis=pulvinar&molestie=sed&lorem=nisl&quisque=nunc&ut=rhoncus&erat=dui&curabitur=vel&gravida=sem&nisi=sed&at=sagittis&nibh=nam&in=congue&hac=risus&habitasse=semper&platea=porta&dictumst=volutpat&aliquam=quam&augue=pede&quam=lobortis&sollicitudin=ligula&vitae=sit&consectetuer=amet&eget=eleifend&rutrum=pede&at=libero&lorem=quis&integer=orci&tincidunt=nullam&ante=molestie&vel=nibh&ipsum=in&praesent=lectus&blandit=pellentesque&lacinia=at&erat=nulla&vestibulum=suspendisse&sed=potenti&magna=cras&at=in&nunc=purus&commodo=eu&placerat=magna&praesent=vulputate&blandit=luctus&nam=cum&nulla=sociis&integer=natoque&pede=penatibus&justo=et&lacinia=magnis,TRUE
+https://hhs.gov/ipsum/primis/in.xml?velit=sodales&id=sed&pretium=tincidunt&iaculis=eu&diam=felis&erat=fusce&fermentum=posuere&justo=felis&nec=sed&condimentum=lacus&neque=morbi&sapien=sem&placerat=mauris&ante=laoreet&nulla=ut&justo=rhoncus&aliquam=aliquet&quis=pulvinar&turpis=sed&eget=nisl&elit=nunc&sodales=rhoncus&scelerisque=dui&mauris=vel&sit=sem&amet=sed&eros=sagittis&suspendisse=nam&accumsan=congue&tortor=risus&quis=semper&turpis=porta&sed=volutpat&ante=quam&vivamus=pede&tortor=lobortis&duis=ligula&mattis=sit&egestas=amet&metus=eleifend&aenean=pede&fermentum=libero&donec=quis&ut=orci&mauris=nullam&eget=molestie&massa=nibh&tempor=in&convallis=lectus&nulla=pellentesque&neque=at&libero=nulla&convallis=suspendisse&eget=potenti&eleifend=cras&luctus=in&ultricies=purus&eu=eu&nibh=magna&quisque=vulputate&id=luctus&justo=cum&sit=sociis&amet=natoque&sapien=penatibus&dignissim=et&vestibulum=magnis&vestibulum=dis&ante=parturient&ipsum=montes&primis=nascetur&in=ridiculus&faucibus=mus&orci=vivamus&luctus=vestibulum&et=sagittis&ultrices=sapien&posuere=cum&cubilia=sociis&curae=natoque&nulla=penatibus&dapibus=et&dolor=magnis&vel=dis&est=parturient&donec=montes&odio=nascetur&justo=ridiculus&sollicitudin=mus,TRUE
+https://ucla.edu/et/magnis/dis/parturient.xml?luctus=adipiscing&et=lorem&ultrices=vitae&posuere=mattis&cubilia=nibh&curae=ligula&nulla=nec&dapibus=sem&dolor=duis&vel=aliquam&est=convallis&donec=nunc&odio=proin&justo=at&sollicitudin=turpis&ut=a&suscipit=pede&a=posuere&feugiat=nonummy&et=integer&eros=non&vestibulum=velit&ac=donec&est=diam&lacinia=neque&nisi=vestibulum&venenatis=eget&tristique=vulputate&fusce=ut&congue=ultrices&diam=vel&id=augue&ornare=vestibulum&imperdiet=ante&sapien=ipsum&urna=primis&pretium=in&nisl=faucibus&ut=orci&volutpat=luctus&sapien=et&arcu=ultrices&sed=posuere&augue=cubilia&aliquam=curae&erat=donec&volutpat=pharetra&in=magna&congue=vestibulum&etiam=aliquet&justo=ultrices&etiam=erat&pretium=tortor&iaculis=sollicitudin&justo=mi&in=sit&hac=amet&habitasse=lobortis&platea=sapien&dictumst=sapien&etiam=non&faucibus=mi&cursus=integer&urna=ac&ut=neque&tellus=duis&nulla=bibendum&ut=morbi&erat=non&id=quam&mauris=nec&vulputate=dui&elementum=luctus&nullam=rutrum&varius=nulla&nulla=tellus&facilisi=in&cras=sagittis&non=dui&velit=vel&nec=nisl&nisi=duis&vulputate=ac&nonummy=nibh&maecenas=fusce&tincidunt=lacus&lacus=purus,TRUE
+http://gizmodo.com/quisque/ut/erat/curabitur/gravida.jsp?felis=sapien&fusce=urna&posuere=pretium&felis=nisl&sed=ut&lacus=volutpat&morbi=sapien&sem=arcu&mauris=sed&laoreet=augue&ut=aliquam&rhoncus=erat&aliquet=volutpat&pulvinar=in&sed=congue&nisl=etiam&nunc=justo&rhoncus=etiam&dui=pretium&vel=iaculis&sem=justo&sed=in&sagittis=hac&nam=habitasse&congue=platea&risus=dictumst&semper=etiam&porta=faucibus&volutpat=cursus&quam=urna&pede=ut&lobortis=tellus&ligula=nulla&sit=ut&amet=erat&eleifend=id&pede=mauris&libero=vulputate&quis=elementum&orci=nullam&nullam=varius&molestie=nulla&nibh=facilisi&in=cras&lectus=non&pellentesque=velit&at=nec&nulla=nisi&suspendisse=vulputate&potenti=nonummy&cras=maecenas&in=tincidunt&purus=lacus&eu=at&magna=velit&vulputate=vivamus&luctus=vel&cum=nulla&sociis=eget&natoque=eros,TRUE
+https://odnoklassniki.ru/aenean/lectus/pellentesque/eget.png?sit=libero&amet=ut&diam=massa&in=volutpat&magna=convallis&bibendum=morbi&imperdiet=odio&nullam=odio&orci=elementum&pede=eu&venenatis=interdum&non=eu&sodales=tincidunt&sed=in&tincidunt=leo&eu=maecenas&felis=pulvinar&fusce=lobortis&posuere=est&felis=phasellus&sed=sit&lacus=amet&morbi=erat&sem=nulla&mauris=tempus&laoreet=vivamus&ut=in&rhoncus=felis&aliquet=eu&pulvinar=sapien&sed=cursus&nisl=vestibulum&nunc=proin&rhoncus=eu&dui=mi&vel=nulla&sem=ac&sed=enim&sagittis=in&nam=tempor&congue=turpis&risus=nec&semper=euismod&porta=scelerisque&volutpat=quam&quam=turpis&pede=adipiscing&lobortis=lorem&ligula=vitae&sit=mattis&amet=nibh&eleifend=ligula&pede=nec&libero=sem&quis=duis&orci=aliquam&nullam=convallis&molestie=nunc&nibh=proin&in=at&lectus=turpis&pellentesque=a&at=pede&nulla=posuere&suspendisse=nonummy&potenti=integer&cras=non&in=velit&purus=donec&eu=diam&magna=neque&vulputate=vestibulum,TRUE
+http://ehow.com/massa/donec.jpg?nulla=ante&integer=ipsum&pede=primis&justo=in&lacinia=faucibus&eget=orci&tincidunt=luctus&eget=et&tempus=ultrices&vel=posuere&pede=cubilia,TRUE
+http://japanpost.jp/metus/arcu/adipiscing/molestie/hendrerit.png?tincidunt=tortor&eu=risus&felis=dapibus&fusce=augue&posuere=vel&felis=accumsan&sed=tellus&lacus=nisi&morbi=eu&sem=orci&mauris=mauris&laoreet=lacinia&ut=sapien&rhoncus=quis&aliquet=libero&pulvinar=nullam&sed=sit&nisl=amet&nunc=turpis&rhoncus=elementum&dui=ligula&vel=vehicula&sem=consequat&sed=morbi&sagittis=a&nam=ipsum&congue=integer&risus=a&semper=nibh&porta=in&volutpat=quis&quam=justo&pede=maecenas&lobortis=rhoncus&ligula=aliquam&sit=lacus&amet=morbi&eleifend=quis&pede=tortor&libero=id&quis=nulla&orci=ultrices&nullam=aliquet&molestie=maecenas&nibh=leo&in=odio&lectus=condimentum&pellentesque=id&at=luctus&nulla=nec&suspendisse=molestie&potenti=sed&cras=justo&in=pellentesque&purus=viverra&eu=pede&magna=ac&vulputate=diam&luctus=cras&cum=pellentesque&sociis=volutpat&natoque=dui&penatibus=maecenas&et=tristique&magnis=est&dis=et&parturient=tempus&montes=semper&nascetur=est&ridiculus=quam&mus=pharetra&vivamus=magna&vestibulum=ac&sagittis=consequat&sapien=metus&cum=sapien&sociis=ut&natoque=nunc&penatibus=vestibulum&et=ante&magnis=ipsum&dis=primis&parturient=in,TRUE
+https://virginia.edu/consectetuer/adipiscing/elit/proin.jpg?etiam=libero&faucibus=convallis,TRUE
+http://craigslist.org/lacinia/nisi/venenatis/tristique.png?montes=natoque&nascetur=penatibus&ridiculus=et&mus=magnis&vivamus=dis&vestibulum=parturient&sagittis=montes&sapien=nascetur&cum=ridiculus&sociis=mus&natoque=vivamus&penatibus=vestibulum&et=sagittis&magnis=sapien&dis=cum&parturient=sociis&montes=natoque&nascetur=penatibus&ridiculus=et&mus=magnis&etiam=dis&vel=parturient&augue=montes&vestibulum=nascetur&rutrum=ridiculus&rutrum=mus&neque=etiam&aenean=vel&auctor=augue&gravida=vestibulum&sem=rutrum&praesent=rutrum&id=neque&massa=aenean&id=auctor&nisl=gravida&venenatis=sem&lacinia=praesent&aenean=id&sit=massa,TRUE
+https://miibeian.gov.cn/a/feugiat/et/eros/vestibulum.xml?sit=lectus&amet=pellentesque&sapien=at&dignissim=nulla&vestibulum=suspendisse&vestibulum=potenti&ante=cras&ipsum=in&primis=purus&in=eu&faucibus=magna&orci=vulputate&luctus=luctus&et=cum&ultrices=sociis&posuere=natoque&cubilia=penatibus&curae=et&nulla=magnis&dapibus=dis&dolor=parturient&vel=montes&est=nascetur&donec=ridiculus&odio=mus&justo=vivamus&sollicitudin=vestibulum&ut=sagittis&suscipit=sapien&a=cum&feugiat=sociis&et=natoque&eros=penatibus&vestibulum=et&ac=magnis&est=dis&lacinia=parturient&nisi=montes&venenatis=nascetur&tristique=ridiculus&fusce=mus&congue=etiam&diam=vel&id=augue&ornare=vestibulum&imperdiet=rutrum&sapien=rutrum&urna=neque&pretium=aenean&nisl=auctor&ut=gravida&volutpat=sem&sapien=praesent&arcu=id&sed=massa&augue=id&aliquam=nisl&erat=venenatis&volutpat=lacinia&in=aenean&congue=sit&etiam=amet&justo=justo&etiam=morbi&pretium=ut&iaculis=odio&justo=cras,TRUE
+http://fema.gov/lobortis/ligula.js?id=est&sapien=quam&in=pharetra&sapien=magna&iaculis=ac&congue=consequat&vivamus=metus&metus=sapien&arcu=ut&adipiscing=nunc&molestie=vestibulum&hendrerit=ante&at=ipsum&vulputate=primis&vitae=in&nisl=faucibus&aenean=orci&lectus=luctus&pellentesque=et&eget=ultrices&nunc=posuere&donec=cubilia&quis=curae&orci=mauris&eget=viverra&orci=diam&vehicula=vitae&condimentum=quam&curabitur=suspendisse&in=potenti&libero=nullam&ut=porttitor&massa=lacus&volutpat=at&convallis=turpis&morbi=donec&odio=posuere&odio=metus&elementum=vitae&eu=ipsum&interdum=aliquam&eu=non&tincidunt=mauris&in=morbi&leo=non&maecenas=lectus&pulvinar=aliquam&lobortis=sit&est=amet&phasellus=diam&sit=in&amet=magna&erat=bibendum&nulla=imperdiet&tempus=nullam&vivamus=orci,TRUE
+http://shinystat.com/pede/ullamcorper/augue/a/suscipit.jpg?interdum=quis&eu=orci&tincidunt=eget&in=orci&leo=vehicula&maecenas=condimentum&pulvinar=curabitur&lobortis=in&est=libero&phasellus=ut&sit=massa&amet=volutpat&erat=convallis&nulla=morbi&tempus=odio&vivamus=odio&in=elementum&felis=eu&eu=interdum&sapien=eu&cursus=tincidunt&vestibulum=in&proin=leo&eu=maecenas&mi=pulvinar&nulla=lobortis&ac=est&enim=phasellus&in=sit&tempor=amet&turpis=erat&nec=nulla&euismod=tempus&scelerisque=vivamus&quam=in&turpis=felis&adipiscing=eu&lorem=sapien&vitae=cursus&mattis=vestibulum&nibh=proin&ligula=eu&nec=mi&sem=nulla&duis=ac&aliquam=enim&convallis=in&nunc=tempor&proin=turpis&at=nec&turpis=euismod&a=scelerisque&pede=quam&posuere=turpis&nonummy=adipiscing&integer=lorem&non=vitae&velit=mattis&donec=nibh&diam=ligula&neque=nec&vestibulum=sem&eget=duis&vulputate=aliquam&ut=convallis&ultrices=nunc&vel=proin&augue=at&vestibulum=turpis&ante=a&ipsum=pede&primis=posuere&in=nonummy&faucibus=integer&orci=non&luctus=velit&et=donec&ultrices=diam&posuere=neque&cubilia=vestibulum,TRUE
+https://flavors.me/dui/vel/nisl/duis/ac.html?posuere=est&cubilia=lacinia&curae=nisi&nulla=venenatis&dapibus=tristique&dolor=fusce&vel=congue&est=diam&donec=id&odio=ornare&justo=imperdiet&sollicitudin=sapien&ut=urna&suscipit=pretium&a=nisl&feugiat=ut&et=volutpat&eros=sapien&vestibulum=arcu&ac=sed&est=augue&lacinia=aliquam&nisi=erat&venenatis=volutpat&tristique=in&fusce=congue&congue=etiam&diam=justo&id=etiam&ornare=pretium&imperdiet=iaculis&sapien=justo&urna=in&pretium=hac&nisl=habitasse&ut=platea&volutpat=dictumst&sapien=etiam&arcu=faucibus&sed=cursus&augue=urna&aliquam=ut&erat=tellus&volutpat=nulla&in=ut&congue=erat&etiam=id&justo=mauris&etiam=vulputate&pretium=elementum&iaculis=nullam&justo=varius&in=nulla&hac=facilisi&habitasse=cras&platea=non&dictumst=velit&etiam=nec&faucibus=nisi&cursus=vulputate&urna=nonummy&ut=maecenas&tellus=tincidunt&nulla=lacus&ut=at&erat=velit&id=vivamus&mauris=vel&vulputate=nulla&elementum=eget&nullam=eros&varius=elementum&nulla=pellentesque&facilisi=quisque&cras=porta&non=volutpat&velit=erat&nec=quisque,TRUE
+http://i2i.jp/justo/etiam/pretium/iaculis/justo/in/hac.html?mauris=faucibus&sit=orci&amet=luctus&eros=et&suspendisse=ultrices&accumsan=posuere&tortor=cubilia&quis=curae&turpis=mauris&sed=viverra&ante=diam&vivamus=vitae&tortor=quam&duis=suspendisse&mattis=potenti&egestas=nullam&metus=porttitor&aenean=lacus&fermentum=at&donec=turpis&ut=donec&mauris=posuere&eget=metus&massa=vitae&tempor=ipsum&convallis=aliquam&nulla=non&neque=mauris&libero=morbi&convallis=non&eget=lectus&eleifend=aliquam&luctus=sit&ultricies=amet&eu=diam&nibh=in&quisque=magna&id=bibendum&justo=imperdiet&sit=nullam&amet=orci&sapien=pede&dignissim=venenatis&vestibulum=non&vestibulum=sodales&ante=sed&ipsum=tincidunt&primis=eu&in=felis&faucibus=fusce&orci=posuere&luctus=felis&et=sed&ultrices=lacus&posuere=morbi&cubilia=sem&curae=mauris&nulla=laoreet&dapibus=ut&dolor=rhoncus,TRUE
+http://theguardian.com/in/hac/habitasse/platea/dictumst/etiam/faucibus.xml?rutrum=ac&rutrum=est&neque=lacinia&aenean=nisi&auctor=venenatis&gravida=tristique&sem=fusce&praesent=congue&id=diam&massa=id&id=ornare&nisl=imperdiet&venenatis=sapien&lacinia=urna&aenean=pretium&sit=nisl&amet=ut&justo=volutpat&morbi=sapien&ut=arcu&odio=sed&cras=augue&mi=aliquam&pede=erat&malesuada=volutpat&in=in&imperdiet=congue&et=etiam&commodo=justo&vulputate=etiam&justo=pretium&in=iaculis&blandit=justo&ultrices=in&enim=hac&lorem=habitasse&ipsum=platea&dolor=dictumst&sit=etiam&amet=faucibus&consectetuer=cursus&adipiscing=urna&elit=ut&proin=tellus&interdum=nulla&mauris=ut&non=erat&ligula=id&pellentesque=mauris&ultrices=vulputate&phasellus=elementum&id=nullam&sapien=varius&in=nulla&sapien=facilisi&iaculis=cras&congue=non&vivamus=velit&metus=nec&arcu=nisi&adipiscing=vulputate&molestie=nonummy&hendrerit=maecenas&at=tincidunt&vulputate=lacus&vitae=at&nisl=velit&aenean=vivamus&lectus=vel&pellentesque=nulla&eget=eget&nunc=eros&donec=elementum&quis=pellentesque&orci=quisque&eget=porta&orci=volutpat&vehicula=erat&condimentum=quisque&curabitur=erat&in=eros&libero=viverra&ut=eget&massa=congue&volutpat=eget&convallis=semper&morbi=rutrum&odio=nulla&odio=nunc&elementum=purus,TRUE
+http://canalblog.com/nulla/sed/vel.html?turpis=sapien&donec=a&posuere=libero&metus=nam&vitae=dui&ipsum=proin&aliquam=leo&non=odio&mauris=porttitor&morbi=id&non=consequat&lectus=in&aliquam=consequat&sit=ut&amet=nulla&diam=sed&in=accumsan&magna=felis&bibendum=ut&imperdiet=at&nullam=dolor&orci=quis&pede=odio&venenatis=consequat&non=varius&sodales=integer&sed=ac&tincidunt=leo&eu=pellentesque,TRUE
+https://fema.gov/sapien/placerat/ante/nulla.json?quam=curabitur&pede=gravida&lobortis=nisi&ligula=at&sit=nibh&amet=in&eleifend=hac&pede=habitasse&libero=platea&quis=dictumst&orci=aliquam&nullam=augue&molestie=quam&nibh=sollicitudin&in=vitae&lectus=consectetuer&pellentesque=eget&at=rutrum&nulla=at&suspendisse=lorem&potenti=integer&cras=tincidunt&in=ante&purus=vel&eu=ipsum&magna=praesent&vulputate=blandit&luctus=lacinia&cum=erat&sociis=vestibulum&natoque=sed&penatibus=magna&et=at&magnis=nunc&dis=commodo&parturient=placerat&montes=praesent&nascetur=blandit&ridiculus=nam&mus=nulla&vivamus=integer&vestibulum=pede&sagittis=justo&sapien=lacinia&cum=eget&sociis=tincidunt&natoque=eget&penatibus=tempus&et=vel&magnis=pede&dis=morbi&parturient=porttitor&montes=lorem&nascetur=id&ridiculus=ligula&mus=suspendisse&etiam=ornare&vel=consequat&augue=lectus&vestibulum=in&rutrum=est&rutrum=risus&neque=auctor&aenean=sed&auctor=tristique&gravida=in&sem=tempus&praesent=sit&id=amet&massa=sem&id=fusce&nisl=consequat&venenatis=nulla,TRUE
+http://bbb.org/accumsan/odio/curabitur.jpg?ac=nulla&lobortis=nisl&vel=nunc&dapibus=nisl&at=duis&diam=bibendum&nam=felis&tristique=sed&tortor=interdum,TRUE
+http://cargocollective.com/nibh/ligula/nec/sem/duis/aliquam/convallis.js?donec=gravida&pharetra=sem&magna=praesent&vestibulum=id&aliquet=massa&ultrices=id&erat=nisl&tortor=venenatis&sollicitudin=lacinia&mi=aenean&sit=sit&amet=amet&lobortis=justo&sapien=morbi&sapien=ut&non=odio&mi=cras&integer=mi&ac=pede&neque=malesuada&duis=in&bibendum=imperdiet&morbi=et&non=commodo&quam=vulputate&nec=justo&dui=in&luctus=blandit&rutrum=ultrices&nulla=enim&tellus=lorem&in=ipsum&sagittis=dolor&dui=sit&vel=amet&nisl=consectetuer&duis=adipiscing&ac=elit&nibh=proin&fusce=interdum&lacus=mauris&purus=non&aliquet=ligula&at=pellentesque&feugiat=ultrices&non=phasellus&pretium=id&quis=sapien&lectus=in&suspendisse=sapien&potenti=iaculis&in=congue&eleifend=vivamus&quam=metus&a=arcu&odio=adipiscing&in=molestie&hac=hendrerit&habitasse=at&platea=vulputate&dictumst=vitae&maecenas=nisl&ut=aenean&massa=lectus&quis=pellentesque&augue=eget&luctus=nunc&tincidunt=donec&nulla=quis&mollis=orci&molestie=eget&lorem=orci&quisque=vehicula&ut=condimentum&erat=curabitur&curabitur=in&gravida=libero&nisi=ut&at=massa&nibh=volutpat&in=convallis&hac=morbi&habitasse=odio&platea=odio&dictumst=elementum&aliquam=eu&augue=interdum&quam=eu&sollicitudin=tincidunt&vitae=in&consectetuer=leo&eget=maecenas&rutrum=pulvinar&at=lobortis&lorem=est&integer=phasellus&tincidunt=sit,TRUE
+https://abc.net.au/a/pede/posuere/nonummy/integer.js?duis=orci&bibendum=luctus&felis=et&sed=ultrices&interdum=posuere&venenatis=cubilia&turpis=curae&enim=nulla&blandit=dapibus&mi=dolor&in=vel&porttitor=est&pede=donec&justo=odio&eu=justo&massa=sollicitudin&donec=ut&dapibus=suscipit&duis=a&at=feugiat&velit=et&eu=eros&est=vestibulum&congue=ac&elementum=est&in=lacinia&hac=nisi&habitasse=venenatis&platea=tristique&dictumst=fusce&morbi=congue&vestibulum=diam&velit=id&id=ornare,TRUE
+https://scribd.com/praesent.aspx?quam=nisl&pharetra=duis&magna=ac&ac=nibh&consequat=fusce&metus=lacus&sapien=purus&ut=aliquet&nunc=at&vestibulum=feugiat&ante=non&ipsum=pretium&primis=quis&in=lectus&faucibus=suspendisse&orci=potenti&luctus=in&et=eleifend&ultrices=quam&posuere=a&cubilia=odio&curae=in&mauris=hac&viverra=habitasse&diam=platea&vitae=dictumst&quam=maecenas&suspendisse=ut&potenti=massa&nullam=quis&porttitor=augue&lacus=luctus&at=tincidunt&turpis=nulla&donec=mollis&posuere=molestie&metus=lorem&vitae=quisque&ipsum=ut&aliquam=erat&non=curabitur&mauris=gravida&morbi=nisi&non=at&lectus=nibh&aliquam=in&sit=hac&amet=habitasse&diam=platea&in=dictumst&magna=aliquam&bibendum=augue&imperdiet=quam&nullam=sollicitudin&orci=vitae&pede=consectetuer&venenatis=eget&non=rutrum&sodales=at&sed=lorem&tincidunt=integer&eu=tincidunt&felis=ante&fusce=vel&posuere=ipsum&felis=praesent&sed=blandit&lacus=lacinia&morbi=erat&sem=vestibulum&mauris=sed&laoreet=magna&ut=at&rhoncus=nunc&aliquet=commodo&pulvinar=placerat&sed=praesent&nisl=blandit&nunc=nam&rhoncus=nulla&dui=integer&vel=pede&sem=justo&sed=lacinia&sagittis=eget&nam=tincidunt,TRUE
+http://intel.com/pede/justo/lacinia/eget.html?in=congue&libero=eget&ut=semper&massa=rutrum&volutpat=nulla&convallis=nunc&morbi=purus&odio=phasellus&odio=in&elementum=felis&eu=donec&interdum=semper&eu=sapien&tincidunt=a&in=libero&leo=nam&maecenas=dui&pulvinar=proin&lobortis=leo&est=odio&phasellus=porttitor&sit=id&amet=consequat&erat=in&nulla=consequat&tempus=ut&vivamus=nulla&in=sed&felis=accumsan&eu=felis&sapien=ut&cursus=at&vestibulum=dolor&proin=quis&eu=odio&mi=consequat&nulla=varius&ac=integer&enim=ac&in=leo&tempor=pellentesque&turpis=ultrices&nec=mattis&euismod=odio&scelerisque=donec&quam=vitae&turpis=nisi&adipiscing=nam&lorem=ultrices&vitae=libero&mattis=non&nibh=mattis&ligula=pulvinar&nec=nulla&sem=pede&duis=ullamcorper&aliquam=augue&convallis=a&nunc=suscipit&proin=nulla&at=elit&turpis=ac&a=nulla&pede=sed&posuere=vel&nonummy=enim&integer=sit&non=amet&velit=nunc&donec=viverra&diam=dapibus&neque=nulla&vestibulum=suscipit&eget=ligula&vulputate=in&ut=lacus&ultrices=curabitur&vel=at&augue=ipsum&vestibulum=ac&ante=tellus&ipsum=semper&primis=interdum&in=mauris&faucibus=ullamcorper&orci=purus&luctus=sit&et=amet,TRUE
+http://forbes.com/duis/aliquam.jsp?sem=varius&praesent=nulla&id=facilisi&massa=cras&id=non&nisl=velit&venenatis=nec&lacinia=nisi&aenean=vulputate&sit=nonummy&amet=maecenas&justo=tincidunt&morbi=lacus&ut=at&odio=velit&cras=vivamus&mi=vel&pede=nulla&malesuada=eget&in=eros&imperdiet=elementum&et=pellentesque&commodo=quisque&vulputate=porta&justo=volutpat&in=erat&blandit=quisque&ultrices=erat&enim=eros&lorem=viverra&ipsum=eget&dolor=congue&sit=eget&amet=semper&consectetuer=rutrum&adipiscing=nulla&elit=nunc&proin=purus,TRUE
+http://squarespace.com/ante.jpg?ultrices=diam&erat=id&tortor=ornare&sollicitudin=imperdiet&mi=sapien&sit=urna&amet=pretium&lobortis=nisl&sapien=ut&sapien=volutpat&non=sapien&mi=arcu&integer=sed&ac=augue&neque=aliquam&duis=erat&bibendum=volutpat&morbi=in&non=congue&quam=etiam&nec=justo&dui=etiam&luctus=pretium&rutrum=iaculis&nulla=justo&tellus=in&in=hac&sagittis=habitasse&dui=platea&vel=dictumst&nisl=etiam&duis=faucibus&ac=cursus&nibh=urna&fusce=ut&lacus=tellus&purus=nulla&aliquet=ut&at=erat&feugiat=id&non=mauris&pretium=vulputate&quis=elementum&lectus=nullam&suspendisse=varius&potenti=nulla&in=facilisi&eleifend=cras&quam=non&a=velit&odio=nec,TRUE
+https://imageshack.us/pede/posuere/nonummy/integer/non/velit.png?leo=pellentesque&rhoncus=eget&sed=nunc&vestibulum=donec&sit=quis&amet=orci&cursus=eget&id=orci&turpis=vehicula&integer=condimentum&aliquet=curabitur&massa=in&id=libero&lobortis=ut&convallis=massa&tortor=volutpat&risus=convallis&dapibus=morbi&augue=odio&vel=odio&accumsan=elementum&tellus=eu&nisi=interdum&eu=eu&orci=tincidunt&mauris=in&lacinia=leo&sapien=maecenas&quis=pulvinar&libero=lobortis&nullam=est&sit=phasellus&amet=sit&turpis=amet&elementum=erat&ligula=nulla&vehicula=tempus&consequat=vivamus&morbi=in&a=felis&ipsum=eu&integer=sapien&a=cursus&nibh=vestibulum&in=proin&quis=eu&justo=mi&maecenas=nulla&rhoncus=ac&aliquam=enim&lacus=in&morbi=tempor&quis=turpis&tortor=nec&id=euismod&nulla=scelerisque&ultrices=quam&aliquet=turpis&maecenas=adipiscing&leo=lorem&odio=vitae&condimentum=mattis&id=nibh&luctus=ligula&nec=nec&molestie=sem&sed=duis&justo=aliquam&pellentesque=convallis&viverra=nunc&pede=proin&ac=at&diam=turpis&cras=a&pellentesque=pede&volutpat=posuere&dui=nonummy&maecenas=integer&tristique=non&est=velit&et=donec&tempus=diam&semper=neque,TRUE
+http://yellowpages.com/justo/maecenas/rhoncus/aliquam/lacus/morbi.jpg?sem=lobortis&sed=est&sagittis=phasellus&nam=sit&congue=amet&risus=erat&semper=nulla&porta=tempus&volutpat=vivamus&quam=in&pede=felis&lobortis=eu&ligula=sapien&sit=cursus&amet=vestibulum&eleifend=proin&pede=eu&libero=mi&quis=nulla&orci=ac&nullam=enim&molestie=in&nibh=tempor&in=turpis&lectus=nec&pellentesque=euismod&at=scelerisque&nulla=quam&suspendisse=turpis&potenti=adipiscing,TRUE
+http://cloudflare.com/fusce/lacus.jpg?convallis=nibh&morbi=quisque&odio=id&odio=justo&elementum=sit&eu=amet&interdum=sapien&eu=dignissim&tincidunt=vestibulum&in=vestibulum&leo=ante&maecenas=ipsum&pulvinar=primis&lobortis=in&est=faucibus&phasellus=orci&sit=luctus&amet=et&erat=ultrices&nulla=posuere&tempus=cubilia&vivamus=curae&in=nulla&felis=dapibus&eu=dolor&sapien=vel&cursus=est&vestibulum=donec&proin=odio&eu=justo&mi=sollicitudin&nulla=ut&ac=suscipit&enim=a&in=feugiat&tempor=et&turpis=eros&nec=vestibulum&euismod=ac&scelerisque=est&quam=lacinia&turpis=nisi&adipiscing=venenatis&lorem=tristique&vitae=fusce&mattis=congue&nibh=diam&ligula=id&nec=ornare&sem=imperdiet&duis=sapien&aliquam=urna&convallis=pretium,TRUE
+http://bloglines.com/dui/luctus/rutrum/nulla/tellus.png?mattis=erat&egestas=tortor&metus=sollicitudin&aenean=mi&fermentum=sit&donec=amet&ut=lobortis&mauris=sapien&eget=sapien&massa=non&tempor=mi&convallis=integer&nulla=ac&neque=neque&libero=duis&convallis=bibendum&eget=morbi&eleifend=non&luctus=quam&ultricies=nec&eu=dui&nibh=luctus&quisque=rutrum&id=nulla&justo=tellus&sit=in&amet=sagittis&sapien=dui&dignissim=vel&vestibulum=nisl&vestibulum=duis&ante=ac&ipsum=nibh&primis=fusce&in=lacus&faucibus=purus&orci=aliquet&luctus=at&et=feugiat&ultrices=non&posuere=pretium&cubilia=quis&curae=lectus&nulla=suspendisse&dapibus=potenti&dolor=in&vel=eleifend&est=quam&donec=a&odio=odio&justo=in&sollicitudin=hac&ut=habitasse&suscipit=platea&a=dictumst&feugiat=maecenas&et=ut&eros=massa&vestibulum=quis&ac=augue&est=luctus&lacinia=tincidunt&nisi=nulla&venenatis=mollis&tristique=molestie&fusce=lorem&congue=quisque&diam=ut&id=erat&ornare=curabitur&imperdiet=gravida&sapien=nisi&urna=at&pretium=nibh&nisl=in&ut=hac&volutpat=habitasse&sapien=platea&arcu=dictumst&sed=aliquam&augue=augue&aliquam=quam&erat=sollicitudin&volutpat=vitae&in=consectetuer&congue=eget&etiam=rutrum&justo=at&etiam=lorem&pretium=integer&iaculis=tincidunt&justo=ante&in=vel&hac=ipsum&habitasse=praesent&platea=blandit&dictumst=lacinia&etiam=erat,TRUE
+http://blogtalkradio.com/in.png?turpis=dapibus&enim=duis&blandit=at&mi=velit&in=eu&porttitor=est&pede=congue&justo=elementum&eu=in&massa=hac&donec=habitasse&dapibus=platea&duis=dictumst&at=morbi&velit=vestibulum&eu=velit&est=id&congue=pretium&elementum=iaculis&in=diam&hac=erat&habitasse=fermentum&platea=justo&dictumst=nec&morbi=condimentum&vestibulum=neque&velit=sapien&id=placerat&pretium=ante,TRUE
+https://cocolog-nifty.com/ac/nulla/sed/vel/enim/sit.xml?vitae=pellentesque&ipsum=viverra&aliquam=pede&non=ac&mauris=diam&morbi=cras&non=pellentesque&lectus=volutpat,TRUE
+https://fda.gov/id/justo/sit/amet/sapien/dignissim.html?purus=sed&eu=tincidunt&magna=eu&vulputate=felis&luctus=fusce&cum=posuere&sociis=felis&natoque=sed&penatibus=lacus&et=morbi&magnis=sem&dis=mauris&parturient=laoreet&montes=ut&nascetur=rhoncus&ridiculus=aliquet&mus=pulvinar&vivamus=sed&vestibulum=nisl&sagittis=nunc&sapien=rhoncus&cum=dui&sociis=vel&natoque=sem&penatibus=sed&et=sagittis&magnis=nam&dis=congue&parturient=risus&montes=semper&nascetur=porta&ridiculus=volutpat&mus=quam&etiam=pede&vel=lobortis&augue=ligula&vestibulum=sit&rutrum=amet&rutrum=eleifend&neque=pede&aenean=libero&auctor=quis&gravida=orci&sem=nullam&praesent=molestie&id=nibh&massa=in&id=lectus&nisl=pellentesque&venenatis=at&lacinia=nulla&aenean=suspendisse&sit=potenti&amet=cras&justo=in&morbi=purus&ut=eu&odio=magna&cras=vulputate&mi=luctus&pede=cum&malesuada=sociis&in=natoque&imperdiet=penatibus&et=et&commodo=magnis&vulputate=dis&justo=parturient&in=montes&blandit=nascetur&ultrices=ridiculus&enim=mus&lorem=vivamus&ipsum=vestibulum&dolor=sagittis&sit=sapien&amet=cum&consectetuer=sociis&adipiscing=natoque&elit=penatibus&proin=et&interdum=magnis&mauris=dis&non=parturient&ligula=montes&pellentesque=nascetur,TRUE
+http://diigo.com/commodo/vulputate/justo/in/blandit.jpg?consequat=vestibulum&in=quam&consequat=sapien&ut=varius&nulla=ut&sed=blandit&accumsan=non&felis=interdum&ut=in&at=ante&dolor=vestibulum&quis=ante&odio=ipsum&consequat=primis&varius=in&integer=faucibus&ac=orci&leo=luctus&pellentesque=et&ultrices=ultrices&mattis=posuere&odio=cubilia&donec=curae&vitae=duis&nisi=faucibus&nam=accumsan&ultrices=odio&libero=curabitur&non=convallis&mattis=duis&pulvinar=consequat&nulla=dui&pede=nec&ullamcorper=nisi&augue=volutpat&a=eleifend&suscipit=donec&nulla=ut&elit=dolor&ac=morbi&nulla=vel&sed=lectus&vel=in&enim=quam&sit=fringilla&amet=rhoncus&nunc=mauris&viverra=enim&dapibus=leo&nulla=rhoncus&suscipit=sed&ligula=vestibulum&in=sit&lacus=amet&curabitur=cursus&at=id&ipsum=turpis&ac=integer&tellus=aliquet&semper=massa&interdum=id&mauris=lobortis&ullamcorper=convallis&purus=tortor&sit=risus&amet=dapibus&nulla=augue&quisque=vel&arcu=accumsan&libero=tellus&rutrum=nisi&ac=eu&lobortis=orci&vel=mauris&dapibus=lacinia,TRUE
+http://examiner.com/diam/cras/pellentesque/volutpat/dui/maecenas/tristique.xml?nulla=maecenas&mollis=ut&molestie=massa&lorem=quis&quisque=augue&ut=luctus&erat=tincidunt&curabitur=nulla&gravida=mollis&nisi=molestie,TRUE
+http://github.com/porttitor.js?ipsum=est&praesent=lacinia&blandit=nisi&lacinia=venenatis&erat=tristique&vestibulum=fusce&sed=congue&magna=diam&at=id&nunc=ornare&commodo=imperdiet&placerat=sapien&praesent=urna&blandit=pretium&nam=nisl&nulla=ut&integer=volutpat&pede=sapien&justo=arcu&lacinia=sed&eget=augue&tincidunt=aliquam&eget=erat&tempus=volutpat&vel=in&pede=congue&morbi=etiam&porttitor=justo&lorem=etiam&id=pretium&ligula=iaculis&suspendisse=justo&ornare=in&consequat=hac&lectus=habitasse&in=platea&est=dictumst&risus=etiam&auctor=faucibus&sed=cursus&tristique=urna&in=ut&tempus=tellus&sit=nulla&amet=ut&sem=erat&fusce=id&consequat=mauris&nulla=vulputate&nisl=elementum&nunc=nullam&nisl=varius&duis=nulla&bibendum=facilisi&felis=cras&sed=non&interdum=velit&venenatis=nec&turpis=nisi&enim=vulputate&blandit=nonummy&mi=maecenas&in=tincidunt&porttitor=lacus&pede=at&justo=velit&eu=vivamus&massa=vel&donec=nulla&dapibus=eget&duis=eros&at=elementum&velit=pellentesque&eu=quisque&est=porta,TRUE
+https://who.int/id/pretium/iaculis/diam/erat/fermentum/justo.jpg?curabitur=sit&gravida=amet&nisi=justo&at=morbi&nibh=ut&in=odio&hac=cras&habitasse=mi&platea=pede&dictumst=malesuada&aliquam=in&augue=imperdiet&quam=et&sollicitudin=commodo&vitae=vulputate&consectetuer=justo&eget=in&rutrum=blandit&at=ultrices&lorem=enim&integer=lorem&tincidunt=ipsum&ante=dolor&vel=sit&ipsum=amet&praesent=consectetuer&blandit=adipiscing&lacinia=elit&erat=proin&vestibulum=interdum&sed=mauris&magna=non&at=ligula&nunc=pellentesque&commodo=ultrices&placerat=phasellus&praesent=id&blandit=sapien&nam=in&nulla=sapien&integer=iaculis&pede=congue&justo=vivamus&lacinia=metus&eget=arcu&tincidunt=adipiscing&eget=molestie&tempus=hendrerit&vel=at&pede=vulputate&morbi=vitae&porttitor=nisl&lorem=aenean&id=lectus&ligula=pellentesque&suspendisse=eget&ornare=nunc&consequat=donec&lectus=quis&in=orci&est=eget&risus=orci&auctor=vehicula&sed=condimentum&tristique=curabitur&in=in&tempus=libero&sit=ut&amet=massa&sem=volutpat&fusce=convallis&consequat=morbi&nulla=odio&nisl=odio&nunc=elementum&nisl=eu&duis=interdum&bibendum=eu&felis=tincidunt&sed=in&interdum=leo&venenatis=maecenas&turpis=pulvinar&enim=lobortis&blandit=est,TRUE
+https://domainmarket.com/rutrum/neque/aenean/auctor.aspx?integer=eu&a=interdum&nibh=eu&in=tincidunt&quis=in&justo=leo&maecenas=maecenas&rhoncus=pulvinar&aliquam=lobortis&lacus=est&morbi=phasellus&quis=sit&tortor=amet&id=erat&nulla=nulla&ultrices=tempus&aliquet=vivamus&maecenas=in&leo=felis&odio=eu&condimentum=sapien,TRUE
+https://nsw.gov.au/sit/amet.html?rutrum=tempor&nulla=convallis&nunc=nulla&purus=neque&phasellus=libero&in=convallis&felis=eget&donec=eleifend&semper=luctus&sapien=ultricies&a=eu&libero=nibh&nam=quisque&dui=id&proin=justo&leo=sit&odio=amet&porttitor=sapien&id=dignissim&consequat=vestibulum&in=vestibulum&consequat=ante&ut=ipsum&nulla=primis&sed=in&accumsan=faucibus&felis=orci&ut=luctus&at=et&dolor=ultrices&quis=posuere&odio=cubilia&consequat=curae&varius=nulla&integer=dapibus&ac=dolor&leo=vel&pellentesque=est&ultrices=donec&mattis=odio&odio=justo&donec=sollicitudin&vitae=ut&nisi=suscipit&nam=a&ultrices=feugiat&libero=et&non=eros&mattis=vestibulum&pulvinar=ac&nulla=est&pede=lacinia&ullamcorper=nisi&augue=venenatis&a=tristique&suscipit=fusce&nulla=congue&elit=diam&ac=id&nulla=ornare&sed=imperdiet&vel=sapien&enim=urna&sit=pretium&amet=nisl&nunc=ut&viverra=volutpat&dapibus=sapien&nulla=arcu&suscipit=sed&ligula=augue&in=aliquam&lacus=erat&curabitur=volutpat&at=in&ipsum=congue&ac=etiam,TRUE
+http://unicef.org/integer/ac.html?nulla=nunc&sed=donec&accumsan=quis&felis=orci,TRUE
+http://comsenz.com/ac/lobortis.json?et=blandit&magnis=ultrices&dis=enim&parturient=lorem&montes=ipsum&nascetur=dolor&ridiculus=sit&mus=amet&etiam=consectetuer&vel=adipiscing&augue=elit&vestibulum=proin&rutrum=interdum&rutrum=mauris&neque=non&aenean=ligula&auctor=pellentesque&gravida=ultrices&sem=phasellus&praesent=id&id=sapien&massa=in&id=sapien&nisl=iaculis&venenatis=congue&lacinia=vivamus&aenean=metus&sit=arcu&amet=adipiscing&justo=molestie&morbi=hendrerit&ut=at&odio=vulputate&cras=vitae&mi=nisl&pede=aenean&malesuada=lectus&in=pellentesque&imperdiet=eget&et=nunc&commodo=donec&vulputate=quis&justo=orci&in=eget&blandit=orci&ultrices=vehicula&enim=condimentum,TRUE
+https://forbes.com/lacinia/erat/vestibulum.jsp?ante=non&ipsum=lectus&primis=aliquam&in=sit&faucibus=amet&orci=diam&luctus=in&et=magna&ultrices=bibendum&posuere=imperdiet&cubilia=nullam&curae=orci&duis=pede&faucibus=venenatis&accumsan=non&odio=sodales&curabitur=sed&convallis=tincidunt&duis=eu&consequat=felis&dui=fusce&nec=posuere&nisi=felis&volutpat=sed&eleifend=lacus&donec=morbi,TRUE
+http://acquirethisname.com/felis/sed/interdum/venenatis/turpis.png?venenatis=dolor&turpis=sit&enim=amet&blandit=consectetuer&mi=adipiscing&in=elit&porttitor=proin&pede=risus&justo=praesent,TRUE
+https://constantcontact.com/aliquet/maecenas/leo/odio/condimentum.aspx?pellentesque=in&volutpat=lectus&dui=pellentesque&maecenas=at&tristique=nulla&est=suspendisse&et=potenti&tempus=cras&semper=in&est=purus&quam=eu&pharetra=magna&magna=vulputate&ac=luctus&consequat=cum&metus=sociis&sapien=natoque&ut=penatibus&nunc=et&vestibulum=magnis&ante=dis&ipsum=parturient&primis=montes&in=nascetur&faucibus=ridiculus&orci=mus&luctus=vivamus&et=vestibulum&ultrices=sagittis&posuere=sapien&cubilia=cum&curae=sociis&mauris=natoque&viverra=penatibus&diam=et&vitae=magnis&quam=dis&suspendisse=parturient&potenti=montes&nullam=nascetur&porttitor=ridiculus&lacus=mus&at=etiam&turpis=vel&donec=augue&posuere=vestibulum&metus=rutrum&vitae=rutrum&ipsum=neque&aliquam=aenean&non=auctor&mauris=gravida,TRUE
+http://businessweek.com/rhoncus/aliquet/pulvinar/sed/nisl/nunc/rhoncus.xml?fermentum=mauris&donec=sit&ut=amet&mauris=eros&eget=suspendisse&massa=accumsan&tempor=tortor&convallis=quis&nulla=turpis&neque=sed&libero=ante&convallis=vivamus&eget=tortor&eleifend=duis&luctus=mattis&ultricies=egestas&eu=metus&nibh=aenean&quisque=fermentum&id=donec&justo=ut&sit=mauris&amet=eget&sapien=massa&dignissim=tempor&vestibulum=convallis&vestibulum=nulla&ante=neque&ipsum=libero&primis=convallis&in=eget&faucibus=eleifend&orci=luctus&luctus=ultricies&et=eu&ultrices=nibh&posuere=quisque&cubilia=id&curae=justo&nulla=sit&dapibus=amet&dolor=sapien&vel=dignissim&est=vestibulum&donec=vestibulum&odio=ante&justo=ipsum&sollicitudin=primis&ut=in&suscipit=faucibus&a=orci&feugiat=luctus&et=et&eros=ultrices&vestibulum=posuere&ac=cubilia&est=curae&lacinia=nulla&nisi=dapibus&venenatis=dolor&tristique=vel&fusce=est&congue=donec&diam=odio&id=justo&ornare=sollicitudin&imperdiet=ut&sapien=suscipit&urna=a,TRUE
+https://delicious.com/lacus.jpg?consequat=non&morbi=mattis&a=pulvinar&ipsum=nulla&integer=pede&a=ullamcorper&nibh=augue&in=a&quis=suscipit&justo=nulla&maecenas=elit&rhoncus=ac&aliquam=nulla&lacus=sed&morbi=vel&quis=enim&tortor=sit&id=amet&nulla=nunc&ultrices=viverra&aliquet=dapibus&maecenas=nulla&leo=suscipit&odio=ligula&condimentum=in&id=lacus&luctus=curabitur&nec=at&molestie=ipsum&sed=ac&justo=tellus&pellentesque=semper&viverra=interdum&pede=mauris&ac=ullamcorper&diam=purus&cras=sit&pellentesque=amet&volutpat=nulla&dui=quisque&maecenas=arcu&tristique=libero&est=rutrum&et=ac&tempus=lobortis&semper=vel&est=dapibus&quam=at&pharetra=diam&magna=nam&ac=tristique&consequat=tortor&metus=eu&sapien=pede,TRUE
+https://123-reg.co.uk/ipsum/dolor/sit/amet/consectetuer/adipiscing.jpg?augue=convallis&quam=nulla&sollicitudin=neque&vitae=libero&consectetuer=convallis&eget=eget&rutrum=eleifend&at=luctus&lorem=ultricies&integer=eu&tincidunt=nibh&ante=quisque&vel=id&ipsum=justo&praesent=sit&blandit=amet&lacinia=sapien&erat=dignissim&vestibulum=vestibulum&sed=vestibulum&magna=ante&at=ipsum&nunc=primis&commodo=in&placerat=faucibus&praesent=orci&blandit=luctus&nam=et&nulla=ultrices&integer=posuere&pede=cubilia&justo=curae&lacinia=nulla&eget=dapibus&tincidunt=dolor&eget=vel&tempus=est&vel=donec&pede=odio&morbi=justo&porttitor=sollicitudin&lorem=ut&id=suscipit&ligula=a&suspendisse=feugiat&ornare=et&consequat=eros&lectus=vestibulum&in=ac&est=est&risus=lacinia&auctor=nisi&sed=venenatis&tristique=tristique&in=fusce&tempus=congue&sit=diam&amet=id&sem=ornare&fusce=imperdiet&consequat=sapien&nulla=urna&nisl=pretium&nunc=nisl&nisl=ut&duis=volutpat&bibendum=sapien&felis=arcu&sed=sed&interdum=augue&venenatis=aliquam&turpis=erat&enim=volutpat&blandit=in&mi=congue&in=etiam&porttitor=justo&pede=etiam&justo=pretium&eu=iaculis&massa=justo&donec=in&dapibus=hac&duis=habitasse&at=platea&velit=dictumst&eu=etiam,TRUE
+https://cam.ac.uk/lectus/in/est/risus/auctor/sed.html?sapien=augue&sapien=vestibulum&non=ante&mi=ipsum&integer=primis&ac=in&neque=faucibus&duis=orci&bibendum=luctus&morbi=et&non=ultrices&quam=posuere&nec=cubilia&dui=curae&luctus=donec&rutrum=pharetra&nulla=magna&tellus=vestibulum&in=aliquet&sagittis=ultrices&dui=erat&vel=tortor&nisl=sollicitudin&duis=mi&ac=sit&nibh=amet&fusce=lobortis&lacus=sapien&purus=sapien&aliquet=non&at=mi&feugiat=integer&non=ac&pretium=neque&quis=duis&lectus=bibendum&suspendisse=morbi&potenti=non&in=quam&eleifend=nec&quam=dui&a=luctus&odio=rutrum&in=nulla&hac=tellus&habitasse=in&platea=sagittis&dictumst=dui&maecenas=vel&ut=nisl&massa=duis&quis=ac&augue=nibh&luctus=fusce&tincidunt=lacus&nulla=purus&mollis=aliquet&molestie=at&lorem=feugiat&quisque=non&ut=pretium&erat=quis&curabitur=lectus&gravida=suspendisse&nisi=potenti&at=in&nibh=eleifend&in=quam&hac=a&habitasse=odio&platea=in&dictumst=hac&aliquam=habitasse&augue=platea&quam=dictumst&sollicitudin=maecenas&vitae=ut&consectetuer=massa&eget=quis&rutrum=augue&at=luctus&lorem=tincidunt&integer=nulla&tincidunt=mollis&ante=molestie&vel=lorem&ipsum=quisque&praesent=ut&blandit=erat,TRUE
+http://canalblog.com/vivamus/metus/arcu/adipiscing/molestie/hendrerit.js?mauris=amet&enim=justo&leo=morbi&rhoncus=ut&sed=odio&vestibulum=cras&sit=mi&amet=pede&cursus=malesuada&id=in&turpis=imperdiet&integer=et&aliquet=commodo&massa=vulputate&id=justo&lobortis=in&convallis=blandit&tortor=ultrices&risus=enim&dapibus=lorem&augue=ipsum&vel=dolor&accumsan=sit&tellus=amet&nisi=consectetuer&eu=adipiscing&orci=elit&mauris=proin&lacinia=interdum&sapien=mauris&quis=non&libero=ligula&nullam=pellentesque&sit=ultrices&amet=phasellus&turpis=id&elementum=sapien&ligula=in&vehicula=sapien&consequat=iaculis&morbi=congue&a=vivamus&ipsum=metus&integer=arcu&a=adipiscing&nibh=molestie&in=hendrerit&quis=at&justo=vulputate&maecenas=vitae&rhoncus=nisl&aliquam=aenean&lacus=lectus&morbi=pellentesque&quis=eget&tortor=nunc&id=donec&nulla=quis&ultrices=orci&aliquet=eget&maecenas=orci&leo=vehicula&odio=condimentum&condimentum=curabitur&id=in&luctus=libero&nec=ut&molestie=massa&sed=volutpat&justo=convallis&pellentesque=morbi&viverra=odio&pede=odio&ac=elementum&diam=eu&cras=interdum&pellentesque=eu&volutpat=tincidunt&dui=in&maecenas=leo&tristique=maecenas&est=pulvinar&et=lobortis&tempus=est&semper=phasellus&est=sit&quam=amet&pharetra=erat&magna=nulla&ac=tempus&consequat=vivamus&metus=in&sapien=felis&ut=eu&nunc=sapien&vestibulum=cursus&ante=vestibulum&ipsum=proin&primis=eu,TRUE
+https://skyrock.com/pulvinar/sed.jsp?montes=justo&nascetur=nec&ridiculus=condimentum&mus=neque&vivamus=sapien&vestibulum=placerat&sagittis=ante&sapien=nulla&cum=justo&sociis=aliquam&natoque=quis&penatibus=turpis&et=eget&magnis=elit&dis=sodales&parturient=scelerisque&montes=mauris&nascetur=sit&ridiculus=amet&mus=eros&etiam=suspendisse&vel=accumsan&augue=tortor,TRUE
+http://wikimedia.org/in/faucibus/orci.aspx?nec=ipsum&nisi=primis&volutpat=in&eleifend=faucibus&donec=orci&ut=luctus&dolor=et&morbi=ultrices&vel=posuere&lectus=cubilia&in=curae,TRUE
+https://wikimedia.org/id/lobortis/convallis/tortor.aspx?sapien=sit&quis=amet&libero=consectetuer&nullam=adipiscing&sit=elit&amet=proin&turpis=interdum&elementum=mauris&ligula=non&vehicula=ligula&consequat=pellentesque&morbi=ultrices&a=phasellus&ipsum=id&integer=sapien&a=in&nibh=sapien&in=iaculis&quis=congue&justo=vivamus&maecenas=metus&rhoncus=arcu&aliquam=adipiscing&lacus=molestie&morbi=hendrerit&quis=at&tortor=vulputate&id=vitae&nulla=nisl&ultrices=aenean&aliquet=lectus&maecenas=pellentesque&leo=eget&odio=nunc&condimentum=donec&id=quis,TRUE
+https://businesswire.com/quam/suspendisse.aspx?vehicula=bibendum&condimentum=morbi&curabitur=non&in=quam&libero=nec&ut=dui&massa=luctus&volutpat=rutrum&convallis=nulla&morbi=tellus&odio=in&odio=sagittis&elementum=dui&eu=vel&interdum=nisl&eu=duis&tincidunt=ac&in=nibh&leo=fusce&maecenas=lacus&pulvinar=purus&lobortis=aliquet&est=at&phasellus=feugiat&sit=non&amet=pretium&erat=quis&nulla=lectus&tempus=suspendisse&vivamus=potenti&in=in&felis=eleifend&eu=quam&sapien=a&cursus=odio&vestibulum=in&proin=hac&eu=habitasse&mi=platea&nulla=dictumst&ac=maecenas&enim=ut&in=massa&tempor=quis&turpis=augue&nec=luctus&euismod=tincidunt&scelerisque=nulla&quam=mollis&turpis=molestie&adipiscing=lorem&lorem=quisque&vitae=ut&mattis=erat&nibh=curabitur&ligula=gravida&nec=nisi&sem=at&duis=nibh&aliquam=in&convallis=hac&nunc=habitasse&proin=platea&at=dictumst&turpis=aliquam&a=augue&pede=quam&posuere=sollicitudin&nonummy=vitae&integer=consectetuer&non=eget&velit=rutrum&donec=at&diam=lorem&neque=integer,TRUE
+http://woothemes.com/mauris/sit/amet/eros.aspx?sed=posuere&sagittis=cubilia&nam=curae&congue=donec&risus=pharetra&semper=magna&porta=vestibulum&volutpat=aliquet&quam=ultrices&pede=erat&lobortis=tortor&ligula=sollicitudin&sit=mi&amet=sit&eleifend=amet,TRUE
+https://clickbank.net/integer/aliquet/massa/id/lobortis/convallis.xml?erat=eu&curabitur=tincidunt&gravida=in&nisi=leo&at=maecenas&nibh=pulvinar&in=lobortis&hac=est&habitasse=phasellus&platea=sit&dictumst=amet&aliquam=erat&augue=nulla&quam=tempus&sollicitudin=vivamus&vitae=in&consectetuer=felis&eget=eu&rutrum=sapien&at=cursus&lorem=vestibulum&integer=proin&tincidunt=eu&ante=mi&vel=nulla&ipsum=ac&praesent=enim&blandit=in&lacinia=tempor&erat=turpis&vestibulum=nec&sed=euismod&magna=scelerisque&at=quam&nunc=turpis&commodo=adipiscing&placerat=lorem&praesent=vitae&blandit=mattis&nam=nibh&nulla=ligula&integer=nec&pede=sem&justo=duis&lacinia=aliquam&eget=convallis&tincidunt=nunc&eget=proin&tempus=at&vel=turpis&pede=a&morbi=pede&porttitor=posuere&lorem=nonummy&id=integer&ligula=non&suspendisse=velit&ornare=donec&consequat=diam&lectus=neque&in=vestibulum&est=eget&risus=vulputate&auctor=ut&sed=ultrices&tristique=vel&in=augue&tempus=vestibulum&sit=ante&amet=ipsum&sem=primis&fusce=in&consequat=faucibus&nulla=orci&nisl=luctus&nunc=et&nisl=ultrices&duis=posuere&bibendum=cubilia&felis=curae&sed=donec&interdum=pharetra,TRUE
+http://amazon.de/bibendum.jpg?sem=consectetuer&praesent=adipiscing&id=elit&massa=proin&id=risus&nisl=praesent&venenatis=lectus&lacinia=vestibulum&aenean=quam&sit=sapien&amet=varius&justo=ut&morbi=blandit&ut=non&odio=interdum&cras=in&mi=ante&pede=vestibulum&malesuada=ante&in=ipsum&imperdiet=primis&et=in&commodo=faucibus&vulputate=orci&justo=luctus&in=et&blandit=ultrices&ultrices=posuere&enim=cubilia&lorem=curae&ipsum=duis&dolor=faucibus&sit=accumsan&amet=odio&consectetuer=curabitur&adipiscing=convallis&elit=duis&proin=consequat&interdum=dui&mauris=nec&non=nisi&ligula=volutpat&pellentesque=eleifend&ultrices=donec&phasellus=ut&id=dolor&sapien=morbi&in=vel&sapien=lectus&iaculis=in&congue=quam&vivamus=fringilla&metus=rhoncus&arcu=mauris&adipiscing=enim&molestie=leo&hendrerit=rhoncus&at=sed&vulputate=vestibulum&vitae=sit&nisl=amet&aenean=cursus&lectus=id&pellentesque=turpis&eget=integer&nunc=aliquet&donec=massa&quis=id&orci=lobortis&eget=convallis&orci=tortor&vehicula=risus&condimentum=dapibus&curabitur=augue&in=vel&libero=accumsan&ut=tellus&massa=nisi&volutpat=eu&convallis=orci&morbi=mauris,TRUE
+http://yahoo.com/tincidunt/in/leo/maecenas/pulvinar/lobortis.aspx?mattis=pretium&egestas=iaculis&metus=diam&aenean=erat&fermentum=fermentum&donec=justo&ut=nec&mauris=condimentum&eget=neque&massa=sapien&tempor=placerat&convallis=ante&nulla=nulla&neque=justo&libero=aliquam&convallis=quis&eget=turpis&eleifend=eget&luctus=elit&ultricies=sodales&eu=scelerisque&nibh=mauris&quisque=sit&id=amet&justo=eros&sit=suspendisse&amet=accumsan&sapien=tortor&dignissim=quis&vestibulum=turpis&vestibulum=sed&ante=ante&ipsum=vivamus,TRUE
+https://geocities.jp/nulla/suscipit.jpg?morbi=potenti&non=nullam,TRUE
+http://feedburner.com/vulputate/elementum/nullam/varius/nulla/facilisi.xml?blandit=sapien&lacinia=cum&erat=sociis&vestibulum=natoque&sed=penatibus&magna=et&at=magnis&nunc=dis&commodo=parturient&placerat=montes&praesent=nascetur&blandit=ridiculus&nam=mus&nulla=etiam&integer=vel&pede=augue&justo=vestibulum&lacinia=rutrum&eget=rutrum&tincidunt=neque&eget=aenean&tempus=auctor&vel=gravida&pede=sem&morbi=praesent&porttitor=id&lorem=massa&id=id&ligula=nisl&suspendisse=venenatis&ornare=lacinia&consequat=aenean&lectus=sit&in=amet&est=justo&risus=morbi&auctor=ut&sed=odio&tristique=cras&in=mi&tempus=pede&sit=malesuada&amet=in&sem=imperdiet&fusce=et&consequat=commodo&nulla=vulputate&nisl=justo&nunc=in&nisl=blandit&duis=ultrices&bibendum=enim&felis=lorem&sed=ipsum&interdum=dolor&venenatis=sit&turpis=amet&enim=consectetuer&blandit=adipiscing&mi=elit&in=proin&porttitor=interdum&pede=mauris&justo=non&eu=ligula&massa=pellentesque&donec=ultrices&dapibus=phasellus&duis=id,TRUE
+http://cpanel.net/in.html?congue=mus&etiam=vivamus&justo=vestibulum&etiam=sagittis&pretium=sapien&iaculis=cum&justo=sociis&in=natoque&hac=penatibus&habitasse=et&platea=magnis&dictumst=dis&etiam=parturient&faucibus=montes&cursus=nascetur&urna=ridiculus&ut=mus&tellus=etiam&nulla=vel&ut=augue&erat=vestibulum&id=rutrum&mauris=rutrum&vulputate=neque&elementum=aenean&nullam=auctor&varius=gravida&nulla=sem&facilisi=praesent&cras=id&non=massa&velit=id&nec=nisl&nisi=venenatis&vulputate=lacinia&nonummy=aenean&maecenas=sit&tincidunt=amet&lacus=justo&at=morbi&velit=ut&vivamus=odio&vel=cras&nulla=mi&eget=pede&eros=malesuada&elementum=in&pellentesque=imperdiet&quisque=et&porta=commodo&volutpat=vulputate&erat=justo&quisque=in&erat=blandit&eros=ultrices&viverra=enim&eget=lorem&congue=ipsum&eget=dolor&semper=sit&rutrum=amet&nulla=consectetuer&nunc=adipiscing&purus=elit&phasellus=proin&in=interdum&felis=mauris&donec=non&semper=ligula,TRUE
+https://simplemachines.org/rhoncus/aliquam/lacus/morbi/quis/tortor/id.png?semper=sed&sapien=justo&a=pellentesque&libero=viverra&nam=pede&dui=ac&proin=diam&leo=cras&odio=pellentesque&porttitor=volutpat&id=dui&consequat=maecenas&in=tristique&consequat=est&ut=et&nulla=tempus&sed=semper&accumsan=est&felis=quam&ut=pharetra&at=magna&dolor=ac&quis=consequat&odio=metus&consequat=sapien&varius=ut&integer=nunc&ac=vestibulum&leo=ante&pellentesque=ipsum&ultrices=primis&mattis=in&odio=faucibus&donec=orci&vitae=luctus&nisi=et&nam=ultrices&ultrices=posuere&libero=cubilia&non=curae&mattis=mauris&pulvinar=viverra&nulla=diam&pede=vitae&ullamcorper=quam&augue=suspendisse&a=potenti&suscipit=nullam&nulla=porttitor&elit=lacus&ac=at&nulla=turpis&sed=donec&vel=posuere&enim=metus&sit=vitae&amet=ipsum&nunc=aliquam&viverra=non&dapibus=mauris&nulla=morbi&suscipit=non&ligula=lectus&in=aliquam&lacus=sit&curabitur=amet&at=diam&ipsum=in&ac=magna&tellus=bibendum&semper=imperdiet&interdum=nullam,TRUE
+http://marketwatch.com/sit/amet/consectetuer/adipiscing/elit/proin/risus.png?lacinia=donec&aenean=semper&sit=sapien&amet=a&justo=libero&morbi=nam&ut=dui&odio=proin&cras=leo&mi=odio&pede=porttitor&malesuada=id&in=consequat&imperdiet=in&et=consequat&commodo=ut&vulputate=nulla&justo=sed&in=accumsan&blandit=felis&ultrices=ut&enim=at&lorem=dolor&ipsum=quis&dolor=odio&sit=consequat&amet=varius&consectetuer=integer&adipiscing=ac&elit=leo&proin=pellentesque&interdum=ultrices&mauris=mattis&non=odio&ligula=donec&pellentesque=vitae&ultrices=nisi&phasellus=nam&id=ultrices&sapien=libero&in=non&sapien=mattis&iaculis=pulvinar&congue=nulla&vivamus=pede&metus=ullamcorper&arcu=augue&adipiscing=a&molestie=suscipit,TRUE
+http://omniture.com/nullam/orci/pede/venenatis.aspx?hendrerit=rutrum&at=neque&vulputate=aenean&vitae=auctor&nisl=gravida&aenean=sem&lectus=praesent&pellentesque=id&eget=massa&nunc=id&donec=nisl&quis=venenatis&orci=lacinia&eget=aenean&orci=sit&vehicula=amet&condimentum=justo&curabitur=morbi&in=ut&libero=odio&ut=cras&massa=mi&volutpat=pede&convallis=malesuada&morbi=in&odio=imperdiet&odio=et&elementum=commodo&eu=vulputate&interdum=justo&eu=in&tincidunt=blandit&in=ultrices&leo=enim&maecenas=lorem&pulvinar=ipsum&lobortis=dolor&est=sit&phasellus=amet&sit=consectetuer&amet=adipiscing&erat=elit&nulla=proin&tempus=interdum&vivamus=mauris&in=non&felis=ligula&eu=pellentesque&sapien=ultrices&cursus=phasellus&vestibulum=id&proin=sapien&eu=in&mi=sapien&nulla=iaculis&ac=congue&enim=vivamus&in=metus&tempor=arcu&turpis=adipiscing&nec=molestie&euismod=hendrerit&scelerisque=at&quam=vulputate&turpis=vitae&adipiscing=nisl,TRUE
+https://de.vu/ipsum/primis.html?congue=sit&etiam=amet&justo=eros&etiam=suspendisse&pretium=accumsan&iaculis=tortor&justo=quis&in=turpis&hac=sed&habitasse=ante&platea=vivamus&dictumst=tortor&etiam=duis&faucibus=mattis&cursus=egestas&urna=metus&ut=aenean&tellus=fermentum&nulla=donec&ut=ut&erat=mauris&id=eget&mauris=massa&vulputate=tempor&elementum=convallis&nullam=nulla&varius=neque&nulla=libero,TRUE
+https://surveymonkey.com/nam/nulla/integer/pede.aspx?rutrum=pellentesque&rutrum=volutpat&neque=dui&aenean=maecenas&auctor=tristique&gravida=est&sem=et&praesent=tempus&id=semper&massa=est&id=quam&nisl=pharetra&venenatis=magna&lacinia=ac&aenean=consequat&sit=metus&amet=sapien&justo=ut&morbi=nunc&ut=vestibulum&odio=ante&cras=ipsum&mi=primis&pede=in&malesuada=faucibus&in=orci&imperdiet=luctus&et=et&commodo=ultrices&vulputate=posuere&justo=cubilia&in=curae&blandit=mauris&ultrices=viverra&enim=diam&lorem=vitae&ipsum=quam&dolor=suspendisse&sit=potenti&amet=nullam&consectetuer=porttitor&adipiscing=lacus&elit=at&proin=turpis&interdum=donec&mauris=posuere&non=metus&ligula=vitae&pellentesque=ipsum&ultrices=aliquam&phasellus=non&id=mauris,TRUE
+http://time.com/nibh/in/hac/habitasse/platea/dictumst/aliquam.png?sit=phasellus&amet=in&turpis=felis&elementum=donec&ligula=semper&vehicula=sapien&consequat=a&morbi=libero&a=nam&ipsum=dui&integer=proin&a=leo&nibh=odio&in=porttitor&quis=id&justo=consequat&maecenas=in&rhoncus=consequat&aliquam=ut&lacus=nulla&morbi=sed&quis=accumsan&tortor=felis&id=ut&nulla=at&ultrices=dolor&aliquet=quis&maecenas=odio&leo=consequat&odio=varius&condimentum=integer&id=ac&luctus=leo&nec=pellentesque&molestie=ultrices&sed=mattis&justo=odio&pellentesque=donec&viverra=vitae&pede=nisi&ac=nam&diam=ultrices&cras=libero&pellentesque=non&volutpat=mattis&dui=pulvinar&maecenas=nulla&tristique=pede&est=ullamcorper&et=augue&tempus=a&semper=suscipit&est=nulla&quam=elit&pharetra=ac&magna=nulla&ac=sed&consequat=vel&metus=enim&sapien=sit&ut=amet&nunc=nunc&vestibulum=viverra,TRUE
+http://networkadvertising.org/nulla/sed/accumsan/felis/ut/at/dolor.js?eget=donec&tempus=semper&vel=sapien&pede=a&morbi=libero&porttitor=nam&lorem=dui&id=proin&ligula=leo&suspendisse=odio&ornare=porttitor&consequat=id&lectus=consequat&in=in&est=consequat&risus=ut&auctor=nulla&sed=sed&tristique=accumsan&in=felis&tempus=ut&sit=at&amet=dolor&sem=quis&fusce=odio&consequat=consequat&nulla=varius,TRUE
+http://youtube.com/nisl/nunc/nisl.html?placerat=amet&ante=consectetuer&nulla=adipiscing&justo=elit&aliquam=proin&quis=interdum&turpis=mauris&eget=non&elit=ligula&sodales=pellentesque&scelerisque=ultrices&mauris=phasellus&sit=id&amet=sapien&eros=in&suspendisse=sapien&accumsan=iaculis&tortor=congue&quis=vivamus&turpis=metus&sed=arcu&ante=adipiscing&vivamus=molestie&tortor=hendrerit&duis=at&mattis=vulputate&egestas=vitae,TRUE
+https://globo.com/dui.png?at=lectus&turpis=pellentesque&donec=at&posuere=nulla&metus=suspendisse&vitae=potenti&ipsum=cras&aliquam=in,TRUE
+http://gmpg.org/tellus/in/sagittis/dui/vel/nisl.xml?porttitor=vestibulum&id=eget&consequat=vulputate&in=ut&consequat=ultrices&ut=vel&nulla=augue&sed=vestibulum&accumsan=ante&felis=ipsum&ut=primis&at=in&dolor=faucibus&quis=orci&odio=luctus&consequat=et&varius=ultrices&integer=posuere&ac=cubilia&leo=curae&pellentesque=donec&ultrices=pharetra&mattis=magna&odio=vestibulum&donec=aliquet,TRUE
+http://dmoz.org/posuere/cubilia/curae.png?at=consequat&nunc=ut&commodo=nulla&placerat=sed&praesent=accumsan&blandit=felis&nam=ut&nulla=at&integer=dolor&pede=quis&justo=odio&lacinia=consequat&eget=varius&tincidunt=integer&eget=ac&tempus=leo&vel=pellentesque&pede=ultrices&morbi=mattis&porttitor=odio&lorem=donec&id=vitae&ligula=nisi&suspendisse=nam&ornare=ultrices&consequat=libero&lectus=non&in=mattis&est=pulvinar&risus=nulla&auctor=pede&sed=ullamcorper,TRUE
+https://odnoklassniki.ru/ac/consequat/metus.png?sed=at&augue=ipsum&aliquam=ac&erat=tellus&volutpat=semper&in=interdum&congue=mauris&etiam=ullamcorper&justo=purus&etiam=sit&pretium=amet&iaculis=nulla&justo=quisque&in=arcu&hac=libero&habitasse=rutrum&platea=ac&dictumst=lobortis&etiam=vel&faucibus=dapibus&cursus=at,TRUE
+http://bbb.org/nec/molestie/sed/justo/pellentesque/viverra.aspx?platea=dui&dictumst=proin&aliquam=leo,TRUE
+https://yahoo.com/vel.png?donec=ligula&ut=pellentesque&dolor=ultrices&morbi=phasellus&vel=id&lectus=sapien&in=in&quam=sapien&fringilla=iaculis&rhoncus=congue&mauris=vivamus&enim=metus&leo=arcu&rhoncus=adipiscing&sed=molestie&vestibulum=hendrerit&sit=at&amet=vulputate&cursus=vitae&id=nisl&turpis=aenean&integer=lectus&aliquet=pellentesque&massa=eget&id=nunc&lobortis=donec&convallis=quis&tortor=orci&risus=eget&dapibus=orci&augue=vehicula&vel=condimentum&accumsan=curabitur&tellus=in&nisi=libero&eu=ut&orci=massa&mauris=volutpat&lacinia=convallis&sapien=morbi&quis=odio&libero=odio&nullam=elementum&sit=eu&amet=interdum&turpis=eu&elementum=tincidunt&ligula=in&vehicula=leo&consequat=maecenas&morbi=pulvinar&a=lobortis&ipsum=est&integer=phasellus&a=sit,TRUE
+https://nymag.com/justo/lacinia.json?vivamus=odio&vestibulum=elementum&sagittis=eu&sapien=interdum&cum=eu&sociis=tincidunt&natoque=in&penatibus=leo&et=maecenas&magnis=pulvinar&dis=lobortis&parturient=est&montes=phasellus&nascetur=sit&ridiculus=amet&mus=erat&etiam=nulla&vel=tempus&augue=vivamus&vestibulum=in&rutrum=felis&rutrum=eu&neque=sapien&aenean=cursus&auctor=vestibulum&gravida=proin&sem=eu&praesent=mi,TRUE
+http://imdb.com/sodales/sed/tincidunt/eu/felis/fusce.html?magna=quis&vulputate=orci&luctus=nullam&cum=molestie&sociis=nibh&natoque=in&penatibus=lectus&et=pellentesque&magnis=at&dis=nulla&parturient=suspendisse&montes=potenti&nascetur=cras&ridiculus=in&mus=purus&vivamus=eu&vestibulum=magna&sagittis=vulputate&sapien=luctus&cum=cum&sociis=sociis&natoque=natoque&penatibus=penatibus&et=et&magnis=magnis&dis=dis&parturient=parturient&montes=montes&nascetur=nascetur&ridiculus=ridiculus&mus=mus&etiam=vivamus&vel=vestibulum&augue=sagittis&vestibulum=sapien&rutrum=cum&rutrum=sociis&neque=natoque&aenean=penatibus&auctor=et&gravida=magnis,TRUE
+https://bluehost.com/justo/maecenas/rhoncus/aliquam/lacus/morbi/quis.jpg?quam=est&turpis=phasellus&adipiscing=sit&lorem=amet&vitae=erat&mattis=nulla&nibh=tempus&ligula=vivamus&nec=in&sem=felis&duis=eu&aliquam=sapien&convallis=cursus&nunc=vestibulum&proin=proin&at=eu&turpis=mi&a=nulla&pede=ac&posuere=enim&nonummy=in&integer=tempor&non=turpis&velit=nec&donec=euismod&diam=scelerisque&neque=quam&vestibulum=turpis&eget=adipiscing&vulputate=lorem&ut=vitae&ultrices=mattis&vel=nibh&augue=ligula&vestibulum=nec&ante=sem&ipsum=duis&primis=aliquam&in=convallis&faucibus=nunc&orci=proin&luctus=at&et=turpis&ultrices=a,TRUE
+https://sciencedirect.com/ullamcorper/purus/sit.html?interdum=vestibulum&eu=ac&tincidunt=est&in=lacinia&leo=nisi&maecenas=venenatis&pulvinar=tristique&lobortis=fusce&est=congue&phasellus=diam&sit=id&amet=ornare&erat=imperdiet&nulla=sapien&tempus=urna&vivamus=pretium&in=nisl&felis=ut&eu=volutpat&sapien=sapien&cursus=arcu&vestibulum=sed&proin=augue&eu=aliquam&mi=erat&nulla=volutpat&ac=in&enim=congue&in=etiam&tempor=justo&turpis=etiam&nec=pretium&euismod=iaculis&scelerisque=justo&quam=in&turpis=hac&adipiscing=habitasse&lorem=platea&vitae=dictumst&mattis=etiam&nibh=faucibus&ligula=cursus&nec=urna,TRUE
+http://disqus.com/donec/posuere/metus/vitae.jpg?maecenas=condimentum&rhoncus=neque&aliquam=sapien&lacus=placerat&morbi=ante&quis=nulla&tortor=justo&id=aliquam&nulla=quis&ultrices=turpis&aliquet=eget&maecenas=elit&leo=sodales&odio=scelerisque&condimentum=mauris&id=sit&luctus=amet&nec=eros&molestie=suspendisse&sed=accumsan&justo=tortor&pellentesque=quis&viverra=turpis&pede=sed&ac=ante&diam=vivamus&cras=tortor&pellentesque=duis&volutpat=mattis&dui=egestas&maecenas=metus&tristique=aenean&est=fermentum&et=donec&tempus=ut&semper=mauris&est=eget&quam=massa&pharetra=tempor&magna=convallis&ac=nulla&consequat=neque&metus=libero&sapien=convallis&ut=eget&nunc=eleifend&vestibulum=luctus&ante=ultricies&ipsum=eu&primis=nibh&in=quisque&faucibus=id&orci=justo&luctus=sit&et=amet&ultrices=sapien&posuere=dignissim&cubilia=vestibulum&curae=vestibulum&mauris=ante&viverra=ipsum&diam=primis&vitae=in&quam=faucibus&suspendisse=orci&potenti=luctus&nullam=et&porttitor=ultrices&lacus=posuere&at=cubilia&turpis=curae&donec=nulla&posuere=dapibus&metus=dolor&vitae=vel&ipsum=est&aliquam=donec&non=odio&mauris=justo&morbi=sollicitudin&non=ut&lectus=suscipit&aliquam=a,TRUE
+http://symantec.com/neque/libero/convallis/eget.js?id=felis&consequat=sed&in=interdum&consequat=venenatis&ut=turpis&nulla=enim&sed=blandit&accumsan=mi&felis=in&ut=porttitor&at=pede&dolor=justo&quis=eu&odio=massa&consequat=donec&varius=dapibus&integer=duis&ac=at&leo=velit&pellentesque=eu&ultrices=est&mattis=congue&odio=elementum&donec=in&vitae=hac&nisi=habitasse&nam=platea&ultrices=dictumst&libero=morbi&non=vestibulum&mattis=velit&pulvinar=id&nulla=pretium&pede=iaculis&ullamcorper=diam&augue=erat&a=fermentum&suscipit=justo&nulla=nec&elit=condimentum&ac=neque&nulla=sapien,TRUE
+https://fastcompany.com/mauris.html?est=commodo&congue=vulputate&elementum=justo&in=in&hac=blandit&habitasse=ultrices&platea=enim&dictumst=lorem&morbi=ipsum&vestibulum=dolor&velit=sit&id=amet&pretium=consectetuer&iaculis=adipiscing&diam=elit&erat=proin&fermentum=interdum&justo=mauris&nec=non&condimentum=ligula&neque=pellentesque&sapien=ultrices&placerat=phasellus&ante=id&nulla=sapien&justo=in&aliquam=sapien&quis=iaculis&turpis=congue&eget=vivamus&elit=metus&sodales=arcu&scelerisque=adipiscing&mauris=molestie&sit=hendrerit&amet=at&eros=vulputate&suspendisse=vitae&accumsan=nisl&tortor=aenean&quis=lectus&turpis=pellentesque&sed=eget&ante=nunc&vivamus=donec&tortor=quis&duis=orci&mattis=eget&egestas=orci&metus=vehicula&aenean=condimentum&fermentum=curabitur&donec=in&ut=libero&mauris=ut&eget=massa,TRUE
+http://berkeley.edu/magna/at/nunc/commodo.jpg?eleifend=montes&pede=nascetur&libero=ridiculus&quis=mus&orci=vivamus&nullam=vestibulum&molestie=sagittis&nibh=sapien&in=cum&lectus=sociis&pellentesque=natoque&at=penatibus&nulla=et&suspendisse=magnis&potenti=dis&cras=parturient&in=montes&purus=nascetur&eu=ridiculus&magna=mus&vulputate=etiam&luctus=vel&cum=augue&sociis=vestibulum&natoque=rutrum&penatibus=rutrum&et=neque&magnis=aenean&dis=auctor&parturient=gravida&montes=sem&nascetur=praesent&ridiculus=id&mus=massa&vivamus=id&vestibulum=nisl&sagittis=venenatis&sapien=lacinia&cum=aenean&sociis=sit&natoque=amet&penatibus=justo&et=morbi&magnis=ut&dis=odio&parturient=cras&montes=mi&nascetur=pede&ridiculus=malesuada&mus=in&etiam=imperdiet&vel=et&augue=commodo&vestibulum=vulputate&rutrum=justo&rutrum=in&neque=blandit&aenean=ultrices&auctor=enim&gravida=lorem&sem=ipsum&praesent=dolor&id=sit&massa=amet&id=consectetuer&nisl=adipiscing,TRUE
+https://reddit.com/sed.png?ligula=suspendisse&vehicula=accumsan&consequat=tortor&morbi=quis&a=turpis&ipsum=sed&integer=ante&a=vivamus&nibh=tortor&in=duis&quis=mattis&justo=egestas&maecenas=metus&rhoncus=aenean,TRUE
+http://shinystat.com/enim/in/tempor.json?consequat=eleifend&lectus=pede&in=libero&est=quis&risus=orci&auctor=nullam&sed=molestie&tristique=nibh&in=in&tempus=lectus&sit=pellentesque&amet=at&sem=nulla&fusce=suspendisse&consequat=potenti&nulla=cras&nisl=in&nunc=purus&nisl=eu&duis=magna&bibendum=vulputate&felis=luctus&sed=cum&interdum=sociis&venenatis=natoque&turpis=penatibus&enim=et&blandit=magnis&mi=dis&in=parturient&porttitor=montes&pede=nascetur&justo=ridiculus&eu=mus&massa=vivamus&donec=vestibulum&dapibus=sagittis&duis=sapien&at=cum&velit=sociis&eu=natoque&est=penatibus&congue=et&elementum=magnis&in=dis&hac=parturient&habitasse=montes&platea=nascetur&dictumst=ridiculus&morbi=mus&vestibulum=etiam&velit=vel&id=augue&pretium=vestibulum&iaculis=rutrum&diam=rutrum&erat=neque&fermentum=aenean&justo=auctor&nec=gravida&condimentum=sem&neque=praesent&sapien=id&placerat=massa&ante=id&nulla=nisl&justo=venenatis&aliquam=lacinia&quis=aenean&turpis=sit&eget=amet,TRUE
+http://reverbnation.com/id/turpis/integer.aspx?ultrices=eget&posuere=massa&cubilia=tempor&curae=convallis&mauris=nulla&viverra=neque&diam=libero&vitae=convallis&quam=eget&suspendisse=eleifend&potenti=luctus&nullam=ultricies&porttitor=eu&lacus=nibh&at=quisque&turpis=id&donec=justo&posuere=sit&metus=amet&vitae=sapien&ipsum=dignissim&aliquam=vestibulum&non=vestibulum&mauris=ante&morbi=ipsum&non=primis&lectus=in&aliquam=faucibus&sit=orci&amet=luctus&diam=et&in=ultrices&magna=posuere&bibendum=cubilia&imperdiet=curae&nullam=nulla&orci=dapibus&pede=dolor&venenatis=vel&non=est&sodales=donec&sed=odio&tincidunt=justo,TRUE
+http://desdev.cn/ante/ipsum.xml?in=est&hac=donec&habitasse=odio&platea=justo&dictumst=sollicitudin&morbi=ut&vestibulum=suscipit&velit=a&id=feugiat&pretium=et&iaculis=eros&diam=vestibulum&erat=ac&fermentum=est&justo=lacinia&nec=nisi&condimentum=venenatis&neque=tristique&sapien=fusce&placerat=congue&ante=diam&nulla=id&justo=ornare&aliquam=imperdiet&quis=sapien&turpis=urna&eget=pretium&elit=nisl&sodales=ut&scelerisque=volutpat&mauris=sapien&sit=arcu&amet=sed&eros=augue&suspendisse=aliquam&accumsan=erat&tortor=volutpat&quis=in&turpis=congue&sed=etiam&ante=justo&vivamus=etiam&tortor=pretium&duis=iaculis&mattis=justo&egestas=in&metus=hac&aenean=habitasse&fermentum=platea&donec=dictumst&ut=etiam&mauris=faucibus&eget=cursus&massa=urna&tempor=ut&convallis=tellus&nulla=nulla&neque=ut&libero=erat&convallis=id&eget=mauris&eleifend=vulputate&luctus=elementum&ultricies=nullam&eu=varius&nibh=nulla&quisque=facilisi&id=cras&justo=non&sit=velit&amet=nec&sapien=nisi&dignissim=vulputate&vestibulum=nonummy&vestibulum=maecenas,TRUE
+http://jimdo.com/penatibus.xml?adipiscing=sollicitudin&lorem=ut&vitae=suscipit&mattis=a&nibh=feugiat&ligula=et&nec=eros&sem=vestibulum&duis=ac&aliquam=est&convallis=lacinia&nunc=nisi&proin=venenatis&at=tristique&turpis=fusce&a=congue&pede=diam&posuere=id&nonummy=ornare&integer=imperdiet&non=sapien&velit=urna&donec=pretium&diam=nisl&neque=ut&vestibulum=volutpat&eget=sapien&vulputate=arcu&ut=sed&ultrices=augue&vel=aliquam&augue=erat&vestibulum=volutpat&ante=in&ipsum=congue&primis=etiam&in=justo&faucibus=etiam&orci=pretium&luctus=iaculis&et=justo&ultrices=in&posuere=hac&cubilia=habitasse&curae=platea&donec=dictumst&pharetra=etiam&magna=faucibus&vestibulum=cursus&aliquet=urna&ultrices=ut&erat=tellus&tortor=nulla&sollicitudin=ut&mi=erat&sit=id&amet=mauris&lobortis=vulputate&sapien=elementum&sapien=nullam&non=varius&mi=nulla&integer=facilisi&ac=cras&neque=non&duis=velit&bibendum=nec&morbi=nisi&non=vulputate&quam=nonummy&nec=maecenas&dui=tincidunt&luctus=lacus&rutrum=at&nulla=velit&tellus=vivamus&in=vel&sagittis=nulla&dui=eget&vel=eros&nisl=elementum&duis=pellentesque&ac=quisque&nibh=porta&fusce=volutpat&lacus=erat&purus=quisque&aliquet=erat&at=eros&feugiat=viverra&non=eget&pretium=congue&quis=eget&lectus=semper&suspendisse=rutrum&potenti=nulla&in=nunc&eleifend=purus&quam=phasellus&a=in,TRUE
+http://nasa.gov/sagittis/sapien/cum/sociis/natoque/penatibus.jsp?volutpat=nec&erat=euismod&quisque=scelerisque&erat=quam&eros=turpis&viverra=adipiscing&eget=lorem&congue=vitae&eget=mattis&semper=nibh&rutrum=ligula&nulla=nec&nunc=sem&purus=duis&phasellus=aliquam&in=convallis&felis=nunc&donec=proin&semper=at&sapien=turpis&a=a&libero=pede&nam=posuere&dui=nonummy&proin=integer&leo=non&odio=velit&porttitor=donec&id=diam&consequat=neque&in=vestibulum&consequat=eget&ut=vulputate&nulla=ut&sed=ultrices&accumsan=vel&felis=augue&ut=vestibulum&at=ante&dolor=ipsum,TRUE
+http://uol.com.br/consequat/metus/sapien/ut/nunc.png?venenatis=nibh&non=in&sodales=hac&sed=habitasse&tincidunt=platea&eu=dictumst&felis=aliquam&fusce=augue&posuere=quam&felis=sollicitudin&sed=vitae&lacus=consectetuer&morbi=eget&sem=rutrum&mauris=at&laoreet=lorem&ut=integer&rhoncus=tincidunt&aliquet=ante&pulvinar=vel&sed=ipsum&nisl=praesent&nunc=blandit&rhoncus=lacinia&dui=erat&vel=vestibulum&sem=sed&sed=magna&sagittis=at&nam=nunc&congue=commodo&risus=placerat&semper=praesent&porta=blandit&volutpat=nam&quam=nulla&pede=integer&lobortis=pede&ligula=justo&sit=lacinia&amet=eget&eleifend=tincidunt&pede=eget&libero=tempus&quis=vel&orci=pede&nullam=morbi&molestie=porttitor&nibh=lorem&in=id&lectus=ligula&pellentesque=suspendisse&at=ornare&nulla=consequat&suspendisse=lectus&potenti=in&cras=est&in=risus&purus=auctor&eu=sed&magna=tristique&vulputate=in&luctus=tempus&cum=sit&sociis=amet&natoque=sem&penatibus=fusce&et=consequat,TRUE
+http://wix.com/fusce/consequat/nulla/nisl.js?in=aliquet&consequat=massa&ut=id&nulla=lobortis&sed=convallis&accumsan=tortor&felis=risus&ut=dapibus&at=augue&dolor=vel&quis=accumsan&odio=tellus&consequat=nisi&varius=eu&integer=orci&ac=mauris&leo=lacinia&pellentesque=sapien&ultrices=quis&mattis=libero&odio=nullam&donec=sit,TRUE
+https://engadget.com/eget/nunc/donec/quis/orci/eget.xml?ante=massa&vivamus=donec&tortor=dapibus&duis=duis&mattis=at&egestas=velit&metus=eu&aenean=est&fermentum=congue,TRUE
+http://businesswire.com/suspendisse/potenti/cras/in/purus/eu.xml?erat=pellentesque&fermentum=eget&justo=nunc&nec=donec&condimentum=quis&neque=orci&sapien=eget&placerat=orci&ante=vehicula&nulla=condimentum&justo=curabitur&aliquam=in&quis=libero&turpis=ut&eget=massa&elit=volutpat&sodales=convallis,TRUE
+http://google.ru/fringilla/rhoncus/mauris/enim.aspx?vitae=cras&nisl=mi&aenean=pede&lectus=malesuada&pellentesque=in&eget=imperdiet&nunc=et&donec=commodo&quis=vulputate&orci=justo&eget=in&orci=blandit&vehicula=ultrices&condimentum=enim&curabitur=lorem&in=ipsum&libero=dolor&ut=sit&massa=amet&volutpat=consectetuer&convallis=adipiscing&morbi=elit&odio=proin&odio=interdum&elementum=mauris&eu=non&interdum=ligula&eu=pellentesque&tincidunt=ultrices&in=phasellus&leo=id&maecenas=sapien&pulvinar=in&lobortis=sapien&est=iaculis&phasellus=congue&sit=vivamus&amet=metus&erat=arcu&nulla=adipiscing&tempus=molestie&vivamus=hendrerit&in=at&felis=vulputate&eu=vitae&sapien=nisl&cursus=aenean&vestibulum=lectus&proin=pellentesque&eu=eget&mi=nunc&nulla=donec&ac=quis&enim=orci&in=eget&tempor=orci&turpis=vehicula&nec=condimentum&euismod=curabitur&scelerisque=in&quam=libero&turpis=ut&adipiscing=massa&lorem=volutpat&vitae=convallis&mattis=morbi&nibh=odio&ligula=odio&nec=elementum&sem=eu&duis=interdum&aliquam=eu,TRUE
+http://4shared.com/lacus/curabitur/at/ipsum.xml?pede=pretium&ac=quis&diam=lectus&cras=suspendisse&pellentesque=potenti&volutpat=in&dui=eleifend&maecenas=quam&tristique=a&est=odio&et=in&tempus=hac&semper=habitasse&est=platea&quam=dictumst&pharetra=maecenas&magna=ut&ac=massa&consequat=quis&metus=augue&sapien=luctus&ut=tincidunt&nunc=nulla&vestibulum=mollis&ante=molestie&ipsum=lorem&primis=quisque&in=ut&faucibus=erat&orci=curabitur&luctus=gravida&et=nisi&ultrices=at&posuere=nibh&cubilia=in&curae=hac&mauris=habitasse&viverra=platea&diam=dictumst&vitae=aliquam&quam=augue&suspendisse=quam&potenti=sollicitudin&nullam=vitae&porttitor=consectetuer&lacus=eget&at=rutrum&turpis=at&donec=lorem&posuere=integer&metus=tincidunt&vitae=ante&ipsum=vel&aliquam=ipsum&non=praesent&mauris=blandit&morbi=lacinia&non=erat&lectus=vestibulum&aliquam=sed&sit=magna&amet=at&diam=nunc&in=commodo&magna=placerat&bibendum=praesent&imperdiet=blandit&nullam=nam&orci=nulla&pede=integer&venenatis=pede&non=justo&sodales=lacinia&sed=eget,TRUE
+http://ucla.edu/molestie/sed/justo.aspx?quam=molestie&a=nibh&odio=in&in=lectus&hac=pellentesque&habitasse=at&platea=nulla&dictumst=suspendisse&maecenas=potenti&ut=cras&massa=in&quis=purus&augue=eu&luctus=magna&tincidunt=vulputate&nulla=luctus&mollis=cum&molestie=sociis&lorem=natoque&quisque=penatibus&ut=et&erat=magnis&curabitur=dis&gravida=parturient&nisi=montes&at=nascetur&nibh=ridiculus&in=mus&hac=vivamus&habitasse=vestibulum&platea=sagittis&dictumst=sapien&aliquam=cum&augue=sociis&quam=natoque&sollicitudin=penatibus&vitae=et&consectetuer=magnis&eget=dis&rutrum=parturient&at=montes&lorem=nascetur&integer=ridiculus&tincidunt=mus&ante=etiam&vel=vel&ipsum=augue&praesent=vestibulum&blandit=rutrum&lacinia=rutrum,TRUE
+https://histats.com/blandit/lacinia/erat.aspx?rutrum=velit&neque=eu&aenean=est&auctor=congue&gravida=elementum&sem=in&praesent=hac&id=habitasse&massa=platea&id=dictumst&nisl=morbi&venenatis=vestibulum&lacinia=velit&aenean=id&sit=pretium&amet=iaculis&justo=diam&morbi=erat&ut=fermentum&odio=justo&cras=nec&mi=condimentum&pede=neque&malesuada=sapien&in=placerat&imperdiet=ante&et=nulla,TRUE
+https://tmall.com/phasellus/id/sapien/in.jpg?libero=velit&convallis=nec&eget=nisi&eleifend=vulputate&luctus=nonummy&ultricies=maecenas&eu=tincidunt&nibh=lacus&quisque=at&id=velit&justo=vivamus&sit=vel&amet=nulla&sapien=eget&dignissim=eros&vestibulum=elementum&vestibulum=pellentesque&ante=quisque&ipsum=porta&primis=volutpat&in=erat&faucibus=quisque&orci=erat&luctus=eros&et=viverra&ultrices=eget&posuere=congue&cubilia=eget&curae=semper&nulla=rutrum&dapibus=nulla&dolor=nunc&vel=purus&est=phasellus&donec=in&odio=felis&justo=donec&sollicitudin=semper&ut=sapien&suscipit=a&a=libero&feugiat=nam&et=dui,TRUE
+http://soundcloud.com/blandit/nam/nulla/integer/pede/justo/lacinia.aspx?in=et&faucibus=eros&orci=vestibulum&luctus=ac&et=est&ultrices=lacinia&posuere=nisi&cubilia=venenatis&curae=tristique&nulla=fusce&dapibus=congue&dolor=diam&vel=id&est=ornare&donec=imperdiet&odio=sapien&justo=urna&sollicitudin=pretium&ut=nisl&suscipit=ut&a=volutpat&feugiat=sapien&et=arcu&eros=sed&vestibulum=augue&ac=aliquam&est=erat&lacinia=volutpat&nisi=in&venenatis=congue&tristique=etiam&fusce=justo&congue=etiam&diam=pretium&id=iaculis&ornare=justo&imperdiet=in&sapien=hac&urna=habitasse&pretium=platea&nisl=dictumst&ut=etiam&volutpat=faucibus&sapien=cursus&arcu=urna&sed=ut&augue=tellus&aliquam=nulla&erat=ut&volutpat=erat&in=id&congue=mauris&etiam=vulputate&justo=elementum&etiam=nullam&pretium=varius&iaculis=nulla&justo=facilisi&in=cras&hac=non&habitasse=velit&platea=nec&dictumst=nisi&etiam=vulputate&faucibus=nonummy&cursus=maecenas&urna=tincidunt&ut=lacus&tellus=at&nulla=velit&ut=vivamus&erat=vel&id=nulla&mauris=eget&vulputate=eros&elementum=elementum&nullam=pellentesque,TRUE
+https://epa.gov/odio/curabitur/convallis/duis/consequat/dui/nec.xml?mauris=lobortis&enim=est&leo=phasellus&rhoncus=sit&sed=amet&vestibulum=erat&sit=nulla&amet=tempus&cursus=vivamus&id=in&turpis=felis&integer=eu&aliquet=sapien&massa=cursus&id=vestibulum&lobortis=proin&convallis=eu&tortor=mi&risus=nulla&dapibus=ac&augue=enim&vel=in&accumsan=tempor&tellus=turpis&nisi=nec&eu=euismod&orci=scelerisque&mauris=quam&lacinia=turpis&sapien=adipiscing&quis=lorem&libero=vitae&nullam=mattis&sit=nibh&amet=ligula&turpis=nec&elementum=sem&ligula=duis&vehicula=aliquam&consequat=convallis&morbi=nunc&a=proin&ipsum=at&integer=turpis&a=a&nibh=pede&in=posuere&quis=nonummy&justo=integer&maecenas=non&rhoncus=velit&aliquam=donec&lacus=diam&morbi=neque&quis=vestibulum&tortor=eget&id=vulputate&nulla=ut&ultrices=ultrices&aliquet=vel&maecenas=augue&leo=vestibulum&odio=ante&condimentum=ipsum&id=primis&luctus=in&nec=faucibus&molestie=orci&sed=luctus&justo=et&pellentesque=ultrices&viverra=posuere&pede=cubilia&ac=curae&diam=donec&cras=pharetra&pellentesque=magna&volutpat=vestibulum&dui=aliquet&maecenas=ultrices&tristique=erat&est=tortor,TRUE
+http://adobe.com/proin.html?enim=pulvinar&lorem=lobortis&ipsum=est&dolor=phasellus&sit=sit&amet=amet&consectetuer=erat&adipiscing=nulla&elit=tempus&proin=vivamus&interdum=in&mauris=felis&non=eu&ligula=sapien&pellentesque=cursus&ultrices=vestibulum&phasellus=proin&id=eu&sapien=mi&in=nulla&sapien=ac&iaculis=enim&congue=in&vivamus=tempor&metus=turpis&arcu=nec&adipiscing=euismod&molestie=scelerisque&hendrerit=quam&at=turpis&vulputate=adipiscing&vitae=lorem&nisl=vitae&aenean=mattis&lectus=nibh&pellentesque=ligula&eget=nec&nunc=sem&donec=duis&quis=aliquam&orci=convallis&eget=nunc&orci=proin&vehicula=at&condimentum=turpis&curabitur=a&in=pede&libero=posuere&ut=nonummy&massa=integer&volutpat=non&convallis=velit&morbi=donec&odio=diam&odio=neque&elementum=vestibulum&eu=eget&interdum=vulputate&eu=ut&tincidunt=ultrices&in=vel&leo=augue&maecenas=vestibulum&pulvinar=ante&lobortis=ipsum&est=primis&phasellus=in&sit=faucibus&amet=orci&erat=luctus&nulla=et&tempus=ultrices&vivamus=posuere&in=cubilia&felis=curae&eu=donec&sapien=pharetra&cursus=magna&vestibulum=vestibulum&proin=aliquet&eu=ultrices&mi=erat&nulla=tortor&ac=sollicitudin&enim=mi&in=sit&tempor=amet&turpis=lobortis,TRUE
+http://privacy.gov.au/phasellus.json?eu=in&tincidunt=quis&in=justo&leo=maecenas&maecenas=rhoncus&pulvinar=aliquam&lobortis=lacus&est=morbi&phasellus=quis&sit=tortor&amet=id&erat=nulla&nulla=ultrices&tempus=aliquet&vivamus=maecenas&in=leo&felis=odio&eu=condimentum&sapien=id&cursus=luctus&vestibulum=nec&proin=molestie&eu=sed&mi=justo&nulla=pellentesque&ac=viverra&enim=pede&in=ac&tempor=diam&turpis=cras&nec=pellentesque&euismod=volutpat&scelerisque=dui&quam=maecenas&turpis=tristique&adipiscing=est&lorem=et&vitae=tempus&mattis=semper&nibh=est&ligula=quam&nec=pharetra&sem=magna&duis=ac&aliquam=consequat&convallis=metus&nunc=sapien&proin=ut&at=nunc&turpis=vestibulum&a=ante&pede=ipsum&posuere=primis&nonummy=in&integer=faucibus&non=orci&velit=luctus&donec=et&diam=ultrices&neque=posuere&vestibulum=cubilia&eget=curae&vulputate=mauris&ut=viverra&ultrices=diam&vel=vitae&augue=quam&vestibulum=suspendisse&ante=potenti&ipsum=nullam&primis=porttitor&in=lacus&faucibus=at&orci=turpis&luctus=donec&et=posuere&ultrices=metus&posuere=vitae&cubilia=ipsum&curae=aliquam&donec=non&pharetra=mauris&magna=morbi&vestibulum=non&aliquet=lectus&ultrices=aliquam&erat=sit&tortor=amet&sollicitudin=diam&mi=in&sit=magna&amet=bibendum&lobortis=imperdiet&sapien=nullam&sapien=orci&non=pede&mi=venenatis&integer=non&ac=sodales,TRUE
+http://nsw.gov.au/augue/vel.html?justo=lacus&lacinia=at&eget=turpis&tincidunt=donec&eget=posuere&tempus=metus&vel=vitae&pede=ipsum&morbi=aliquam&porttitor=non&lorem=mauris&id=morbi&ligula=non&suspendisse=lectus&ornare=aliquam&consequat=sit&lectus=amet&in=diam&est=in&risus=magna&auctor=bibendum&sed=imperdiet&tristique=nullam&in=orci&tempus=pede,TRUE
+https://ft.com/lacinia/aenean/sit/amet.jpg?erat=tellus&eros=nulla&viverra=ut&eget=erat&congue=id&eget=mauris&semper=vulputate&rutrum=elementum&nulla=nullam&nunc=varius&purus=nulla&phasellus=facilisi&in=cras&felis=non&donec=velit&semper=nec&sapien=nisi&a=vulputate&libero=nonummy&nam=maecenas&dui=tincidunt&proin=lacus&leo=at&odio=velit&porttitor=vivamus&id=vel&consequat=nulla&in=eget&consequat=eros&ut=elementum&nulla=pellentesque&sed=quisque&accumsan=porta&felis=volutpat&ut=erat&at=quisque&dolor=erat&quis=eros&odio=viverra&consequat=eget&varius=congue&integer=eget&ac=semper&leo=rutrum&pellentesque=nulla&ultrices=nunc&mattis=purus&odio=phasellus&donec=in&vitae=felis&nisi=donec&nam=semper&ultrices=sapien&libero=a&non=libero&mattis=nam&pulvinar=dui&nulla=proin&pede=leo&ullamcorper=odio&augue=porttitor&a=id&suscipit=consequat&nulla=in&elit=consequat&ac=ut&nulla=nulla&sed=sed&vel=accumsan&enim=felis&sit=ut&amet=at&nunc=dolor&viverra=quis&dapibus=odio&nulla=consequat&suscipit=varius&ligula=integer&in=ac&lacus=leo&curabitur=pellentesque&at=ultrices&ipsum=mattis&ac=odio&tellus=donec&semper=vitae&interdum=nisi&mauris=nam&ullamcorper=ultrices&purus=libero&sit=non&amet=mattis&nulla=pulvinar&quisque=nulla&arcu=pede&libero=ullamcorper&rutrum=augue&ac=a,TRUE
+https://guardian.co.uk/odio.png?sit=convallis&amet=tortor&sem=risus&fusce=dapibus&consequat=augue&nulla=vel&nisl=accumsan&nunc=tellus&nisl=nisi&duis=eu&bibendum=orci&felis=mauris&sed=lacinia&interdum=sapien&venenatis=quis&turpis=libero&enim=nullam&blandit=sit&mi=amet&in=turpis&porttitor=elementum&pede=ligula&justo=vehicula&eu=consequat&massa=morbi&donec=a&dapibus=ipsum&duis=integer&at=a&velit=nibh&eu=in&est=quis&congue=justo&elementum=maecenas&in=rhoncus&hac=aliquam&habitasse=lacus&platea=morbi&dictumst=quis&morbi=tortor&vestibulum=id&velit=nulla&id=ultrices&pretium=aliquet&iaculis=maecenas&diam=leo&erat=odio&fermentum=condimentum&justo=id&nec=luctus&condimentum=nec&neque=molestie&sapien=sed&placerat=justo&ante=pellentesque&nulla=viverra&justo=pede&aliquam=ac&quis=diam&turpis=cras&eget=pellentesque&elit=volutpat&sodales=dui&scelerisque=maecenas&mauris=tristique&sit=est&amet=et&eros=tempus&suspendisse=semper&accumsan=est&tortor=quam&quis=pharetra&turpis=magna&sed=ac&ante=consequat&vivamus=metus&tortor=sapien&duis=ut&mattis=nunc&egestas=vestibulum&metus=ante&aenean=ipsum&fermentum=primis&donec=in&ut=faucibus&mauris=orci&eget=luctus&massa=et,TRUE
+https://techcrunch.com/luctus.xml?et=mollis&ultrices=molestie&posuere=lorem&cubilia=quisque&curae=ut&nulla=erat&dapibus=curabitur&dolor=gravida&vel=nisi&est=at&donec=nibh&odio=in&justo=hac&sollicitudin=habitasse&ut=platea&suscipit=dictumst&a=aliquam&feugiat=augue&et=quam&eros=sollicitudin&vestibulum=vitae&ac=consectetuer&est=eget&lacinia=rutrum&nisi=at&venenatis=lorem&tristique=integer&fusce=tincidunt&congue=ante&diam=vel&id=ipsum&ornare=praesent&imperdiet=blandit&sapien=lacinia&urna=erat&pretium=vestibulum&nisl=sed&ut=magna&volutpat=at&sapien=nunc&arcu=commodo&sed=placerat&augue=praesent&aliquam=blandit&erat=nam&volutpat=nulla&in=integer&congue=pede&etiam=justo&justo=lacinia,TRUE
+https://simplemachines.org/hac.js?sed=ante&sagittis=ipsum&nam=primis&congue=in&risus=faucibus&semper=orci&porta=luctus&volutpat=et&quam=ultrices&pede=posuere&lobortis=cubilia&ligula=curae&sit=donec&amet=pharetra&eleifend=magna&pede=vestibulum&libero=aliquet&quis=ultrices&orci=erat&nullam=tortor&molestie=sollicitudin&nibh=mi&in=sit&lectus=amet&pellentesque=lobortis&at=sapien&nulla=sapien&suspendisse=non&potenti=mi&cras=integer,TRUE
+https://wikispaces.com/blandit/mi/in/porttitor.png?a=odio&odio=condimentum&in=id&hac=luctus&habitasse=nec&platea=molestie&dictumst=sed&maecenas=justo&ut=pellentesque&massa=viverra&quis=pede&augue=ac&luctus=diam&tincidunt=cras&nulla=pellentesque&mollis=volutpat&molestie=dui&lorem=maecenas&quisque=tristique&ut=est&erat=et&curabitur=tempus&gravida=semper&nisi=est&at=quam&nibh=pharetra&in=magna&hac=ac&habitasse=consequat&platea=metus&dictumst=sapien&aliquam=ut&augue=nunc&quam=vestibulum&sollicitudin=ante&vitae=ipsum&consectetuer=primis&eget=in&rutrum=faucibus&at=orci&lorem=luctus&integer=et&tincidunt=ultrices&ante=posuere&vel=cubilia&ipsum=curae&praesent=mauris&blandit=viverra&lacinia=diam&erat=vitae&vestibulum=quam&sed=suspendisse&magna=potenti&at=nullam&nunc=porttitor&commodo=lacus&placerat=at&praesent=turpis&blandit=donec,TRUE
+http://mapquest.com/erat/curabitur/gravida/nisi/at/nibh/in.json?leo=vestibulum&maecenas=ac&pulvinar=est&lobortis=lacinia&est=nisi&phasellus=venenatis&sit=tristique&amet=fusce&erat=congue&nulla=diam&tempus=id&vivamus=ornare&in=imperdiet&felis=sapien&eu=urna&sapien=pretium&cursus=nisl&vestibulum=ut&proin=volutpat&eu=sapien&mi=arcu&nulla=sed&ac=augue&enim=aliquam&in=erat&tempor=volutpat&turpis=in&nec=congue&euismod=etiam&scelerisque=justo&quam=etiam&turpis=pretium&adipiscing=iaculis&lorem=justo&vitae=in&mattis=hac&nibh=habitasse&ligula=platea&nec=dictumst&sem=etiam&duis=faucibus&aliquam=cursus&convallis=urna&nunc=ut&proin=tellus&at=nulla&turpis=ut&a=erat&pede=id&posuere=mauris&nonummy=vulputate&integer=elementum&non=nullam&velit=varius&donec=nulla&diam=facilisi&neque=cras&vestibulum=non&eget=velit&vulputate=nec&ut=nisi&ultrices=vulputate&vel=nonummy&augue=maecenas,TRUE
+http://marketwatch.com/cursus.aspx?molestie=cras&nibh=mi&in=pede&lectus=malesuada&pellentesque=in&at=imperdiet&nulla=et&suspendisse=commodo&potenti=vulputate&cras=justo&in=in&purus=blandit&eu=ultrices&magna=enim&vulputate=lorem&luctus=ipsum&cum=dolor&sociis=sit&natoque=amet&penatibus=consectetuer&et=adipiscing&magnis=elit&dis=proin&parturient=interdum,TRUE
+http://wisc.edu/aliquet/pulvinar/sed/nisl/nunc/rhoncus/dui.png?mattis=id&nibh=turpis&ligula=integer&nec=aliquet&sem=massa&duis=id&aliquam=lobortis&convallis=convallis&nunc=tortor&proin=risus&at=dapibus&turpis=augue&a=vel&pede=accumsan&posuere=tellus&nonummy=nisi&integer=eu&non=orci&velit=mauris&donec=lacinia&diam=sapien&neque=quis&vestibulum=libero&eget=nullam&vulputate=sit&ut=amet&ultrices=turpis&vel=elementum&augue=ligula&vestibulum=vehicula&ante=consequat&ipsum=morbi&primis=a&in=ipsum&faucibus=integer&orci=a&luctus=nibh&et=in&ultrices=quis&posuere=justo&cubilia=maecenas&curae=rhoncus&donec=aliquam&pharetra=lacus&magna=morbi&vestibulum=quis&aliquet=tortor&ultrices=id&erat=nulla&tortor=ultrices&sollicitudin=aliquet&mi=maecenas&sit=leo&amet=odio&lobortis=condimentum&sapien=id&sapien=luctus&non=nec&mi=molestie&integer=sed,TRUE
+http://yahoo.com/libero/nam/dui.xml?sed=amet&tristique=sapien&in=dignissim&tempus=vestibulum&sit=vestibulum&amet=ante&sem=ipsum&fusce=primis&consequat=in&nulla=faucibus&nisl=orci&nunc=luctus&nisl=et&duis=ultrices&bibendum=posuere&felis=cubilia&sed=curae&interdum=nulla&venenatis=dapibus&turpis=dolor&enim=vel&blandit=est&mi=donec&in=odio&porttitor=justo&pede=sollicitudin&justo=ut&eu=suscipit&massa=a&donec=feugiat&dapibus=et&duis=eros&at=vestibulum&velit=ac&eu=est&est=lacinia&congue=nisi&elementum=venenatis&in=tristique&hac=fusce&habitasse=congue&platea=diam&dictumst=id&morbi=ornare&vestibulum=imperdiet&velit=sapien&id=urna&pretium=pretium&iaculis=nisl&diam=ut&erat=volutpat&fermentum=sapien&justo=arcu&nec=sed&condimentum=augue&neque=aliquam&sapien=erat&placerat=volutpat&ante=in&nulla=congue&justo=etiam&aliquam=justo&quis=etiam&turpis=pretium&eget=iaculis&elit=justo&sodales=in&scelerisque=hac&mauris=habitasse&sit=platea&amet=dictumst&eros=etiam&suspendisse=faucibus&accumsan=cursus&tortor=urna&quis=ut&turpis=tellus&sed=nulla&ante=ut&vivamus=erat&tortor=id&duis=mauris&mattis=vulputate&egestas=elementum&metus=nullam,TRUE
+http://youtu.be/nisi/vulputate/nonummy/maecenas/tincidunt.html?quam=nec&fringilla=molestie&rhoncus=sed&mauris=justo&enim=pellentesque&leo=viverra&rhoncus=pede&sed=ac&vestibulum=diam&sit=cras&amet=pellentesque&cursus=volutpat&id=dui&turpis=maecenas&integer=tristique,TRUE
+http://umn.edu/rhoncus/sed/vestibulum/sit/amet/cursus/id.aspx?diam=mauris&id=enim&ornare=leo&imperdiet=rhoncus&sapien=sed&urna=vestibulum&pretium=sit&nisl=amet&ut=cursus&volutpat=id&sapien=turpis&arcu=integer&sed=aliquet&augue=massa&aliquam=id&erat=lobortis&volutpat=convallis&in=tortor,TRUE
+http://pen.io/hac/habitasse.js?in=congue&sapien=etiam&iaculis=justo&congue=etiam&vivamus=pretium&metus=iaculis&arcu=justo&adipiscing=in&molestie=hac&hendrerit=habitasse&at=platea&vulputate=dictumst&vitae=etiam&nisl=faucibus&aenean=cursus&lectus=urna&pellentesque=ut&eget=tellus&nunc=nulla&donec=ut&quis=erat&orci=id&eget=mauris&orci=vulputate&vehicula=elementum&condimentum=nullam&curabitur=varius&in=nulla,TRUE
+http://twitter.com/dolor/morbi/vel/lectus/in/quam.html?nulla=phasellus&elit=id&ac=sapien&nulla=in&sed=sapien&vel=iaculis&enim=congue&sit=vivamus&amet=metus&nunc=arcu&viverra=adipiscing,TRUE
+http://state.gov/dapibus.jsp?pede=iaculis&morbi=congue&porttitor=vivamus&lorem=metus&id=arcu&ligula=adipiscing&suspendisse=molestie&ornare=hendrerit&consequat=at&lectus=vulputate&in=vitae&est=nisl&risus=aenean&auctor=lectus&sed=pellentesque&tristique=eget&in=nunc&tempus=donec&sit=quis&amet=orci&sem=eget&fusce=orci&consequat=vehicula&nulla=condimentum&nisl=curabitur&nunc=in&nisl=libero&duis=ut&bibendum=massa&felis=volutpat&sed=convallis&interdum=morbi&venenatis=odio&turpis=odio&enim=elementum&blandit=eu&mi=interdum&in=eu&porttitor=tincidunt&pede=in&justo=leo&eu=maecenas&massa=pulvinar&donec=lobortis&dapibus=est&duis=phasellus&at=sit&velit=amet&eu=erat&est=nulla&congue=tempus&elementum=vivamus&in=in&hac=felis&habitasse=eu&platea=sapien&dictumst=cursus&morbi=vestibulum&vestibulum=proin&velit=eu&id=mi&pretium=nulla&iaculis=ac&diam=enim&erat=in&fermentum=tempor&justo=turpis&nec=nec&condimentum=euismod&neque=scelerisque&sapien=quam&placerat=turpis&ante=adipiscing&nulla=lorem&justo=vitae&aliquam=mattis&quis=nibh,TRUE
+http://slashdot.org/lectus/suspendisse/potenti/in/eleifend/quam.png?non=tellus&quam=nisi&nec=eu&dui=orci&luctus=mauris&rutrum=lacinia&nulla=sapien&tellus=quis&in=libero&sagittis=nullam&dui=sit&vel=amet&nisl=turpis&duis=elementum&ac=ligula&nibh=vehicula&fusce=consequat&lacus=morbi&purus=a&aliquet=ipsum&at=integer&feugiat=a&non=nibh&pretium=in&quis=quis&lectus=justo&suspendisse=maecenas&potenti=rhoncus&in=aliquam&eleifend=lacus&quam=morbi&a=quis&odio=tortor&in=id&hac=nulla&habitasse=ultrices&platea=aliquet&dictumst=maecenas&maecenas=leo&ut=odio&massa=condimentum&quis=id&augue=luctus&luctus=nec&tincidunt=molestie&nulla=sed&mollis=justo&molestie=pellentesque&lorem=viverra&quisque=pede&ut=ac&erat=diam&curabitur=cras&gravida=pellentesque&nisi=volutpat&at=dui&nibh=maecenas&in=tristique&hac=est&habitasse=et&platea=tempus&dictumst=semper&aliquam=est&augue=quam&quam=pharetra&sollicitudin=magna&vitae=ac&consectetuer=consequat&eget=metus&rutrum=sapien&at=ut&lorem=nunc&integer=vestibulum&tincidunt=ante&ante=ipsum&vel=primis&ipsum=in&praesent=faucibus&blandit=orci&lacinia=luctus&erat=et&vestibulum=ultrices&sed=posuere&magna=cubilia&at=curae&nunc=mauris&commodo=viverra&placerat=diam&praesent=vitae&blandit=quam&nam=suspendisse&nulla=potenti&integer=nullam&pede=porttitor&justo=lacus,TRUE
+http://nyu.edu/blandit/lacinia/erat/vestibulum.jsp?at=vel&velit=est&eu=donec&est=odio&congue=justo&elementum=sollicitudin&in=ut&hac=suscipit&habitasse=a&platea=feugiat&dictumst=et&morbi=eros&vestibulum=vestibulum&velit=ac&id=est&pretium=lacinia&iaculis=nisi&diam=venenatis&erat=tristique&fermentum=fusce&justo=congue&nec=diam&condimentum=id&neque=ornare&sapien=imperdiet&placerat=sapien&ante=urna&nulla=pretium&justo=nisl&aliquam=ut&quis=volutpat&turpis=sapien&eget=arcu&elit=sed&sodales=augue&scelerisque=aliquam&mauris=erat&sit=volutpat&amet=in&eros=congue&suspendisse=etiam&accumsan=justo&tortor=etiam&quis=pretium&turpis=iaculis&sed=justo&ante=in&vivamus=hac&tortor=habitasse&duis=platea&mattis=dictumst&egestas=etiam&metus=faucibus&aenean=cursus&fermentum=urna&donec=ut&ut=tellus&mauris=nulla&eget=ut&massa=erat&tempor=id&convallis=mauris&nulla=vulputate&neque=elementum&libero=nullam&convallis=varius&eget=nulla&eleifend=facilisi&luctus=cras&ultricies=non&eu=velit&nibh=nec&quisque=nisi&id=vulputate&justo=nonummy&sit=maecenas&amet=tincidunt&sapien=lacus&dignissim=at&vestibulum=velit&vestibulum=vivamus&ante=vel&ipsum=nulla&primis=eget&in=eros&faucibus=elementum&orci=pellentesque&luctus=quisque&et=porta&ultrices=volutpat&posuere=erat&cubilia=quisque&curae=erat&nulla=eros&dapibus=viverra&dolor=eget&vel=congue,TRUE
+https://nba.com/at/turpis.xml?aliquet=mi&pulvinar=sit&sed=amet&nisl=lobortis&nunc=sapien&rhoncus=sapien&dui=non&vel=mi&sem=integer&sed=ac&sagittis=neque&nam=duis&congue=bibendum&risus=morbi&semper=non&porta=quam&volutpat=nec&quam=dui&pede=luctus&lobortis=rutrum&ligula=nulla&sit=tellus&amet=in&eleifend=sagittis&pede=dui&libero=vel&quis=nisl&orci=duis&nullam=ac&molestie=nibh&nibh=fusce&in=lacus&lectus=purus&pellentesque=aliquet&at=at&nulla=feugiat&suspendisse=non&potenti=pretium&cras=quis&in=lectus&purus=suspendisse&eu=potenti&magna=in&vulputate=eleifend&luctus=quam&cum=a&sociis=odio&natoque=in&penatibus=hac&et=habitasse&magnis=platea&dis=dictumst&parturient=maecenas&montes=ut&nascetur=massa&ridiculus=quis&mus=augue&vivamus=luctus&vestibulum=tincidunt&sagittis=nulla&sapien=mollis&cum=molestie&sociis=lorem&natoque=quisque&penatibus=ut&et=erat&magnis=curabitur&dis=gravida&parturient=nisi&montes=at&nascetur=nibh&ridiculus=in&mus=hac&etiam=habitasse&vel=platea&augue=dictumst&vestibulum=aliquam&rutrum=augue&rutrum=quam&neque=sollicitudin&aenean=vitae&auctor=consectetuer&gravida=eget&sem=rutrum&praesent=at&id=lorem&massa=integer&id=tincidunt,TRUE
+http://cisco.com/orci/nullam.jsp?et=ultrices&tempus=posuere&semper=cubilia&est=curae&quam=donec&pharetra=pharetra&magna=magna&ac=vestibulum&consequat=aliquet&metus=ultrices&sapien=erat&ut=tortor&nunc=sollicitudin&vestibulum=mi&ante=sit&ipsum=amet&primis=lobortis&in=sapien&faucibus=sapien&orci=non&luctus=mi&et=integer&ultrices=ac&posuere=neque&cubilia=duis&curae=bibendum&mauris=morbi&viverra=non&diam=quam&vitae=nec&quam=dui&suspendisse=luctus&potenti=rutrum&nullam=nulla&porttitor=tellus&lacus=in&at=sagittis&turpis=dui&donec=vel&posuere=nisl&metus=duis&vitae=ac&ipsum=nibh&aliquam=fusce&non=lacus&mauris=purus&morbi=aliquet&non=at&lectus=feugiat&aliquam=non&sit=pretium&amet=quis&diam=lectus&in=suspendisse&magna=potenti&bibendum=in&imperdiet=eleifend&nullam=quam&orci=a&pede=odio&venenatis=in&non=hac&sodales=habitasse&sed=platea&tincidunt=dictumst&eu=maecenas&felis=ut&fusce=massa&posuere=quis&felis=augue&sed=luctus&lacus=tincidunt&morbi=nulla&sem=mollis&mauris=molestie&laoreet=lorem,TRUE
+http://wordpress.com/quam/suspendisse/potenti/nullam.html?consequat=ac&morbi=diam&a=cras&ipsum=pellentesque&integer=volutpat&a=dui&nibh=maecenas&in=tristique&quis=est&justo=et&maecenas=tempus&rhoncus=semper&aliquam=est&lacus=quam&morbi=pharetra&quis=magna&tortor=ac&id=consequat&nulla=metus&ultrices=sapien&aliquet=ut&maecenas=nunc&leo=vestibulum&odio=ante&condimentum=ipsum&id=primis&luctus=in&nec=faucibus&molestie=orci&sed=luctus&justo=et&pellentesque=ultrices&viverra=posuere&pede=cubilia&ac=curae&diam=mauris&cras=viverra&pellentesque=diam&volutpat=vitae&dui=quam&maecenas=suspendisse&tristique=potenti&est=nullam&et=porttitor&tempus=lacus&semper=at&est=turpis&quam=donec&pharetra=posuere&magna=metus&ac=vitae&consequat=ipsum&metus=aliquam&sapien=non&ut=mauris&nunc=morbi&vestibulum=non&ante=lectus&ipsum=aliquam&primis=sit&in=amet&faucibus=diam&orci=in&luctus=magna&et=bibendum&ultrices=imperdiet&posuere=nullam&cubilia=orci&curae=pede&mauris=venenatis&viverra=non&diam=sodales&vitae=sed&quam=tincidunt&suspendisse=eu&potenti=felis&nullam=fusce&porttitor=posuere,TRUE
+https://lulu.com/eu/interdum.html?proin=montes&leo=nascetur&odio=ridiculus&porttitor=mus&id=etiam&consequat=vel&in=augue&consequat=vestibulum&ut=rutrum&nulla=rutrum&sed=neque&accumsan=aenean&felis=auctor&ut=gravida&at=sem&dolor=praesent&quis=id&odio=massa&consequat=id&varius=nisl&integer=venenatis&ac=lacinia&leo=aenean&pellentesque=sit&ultrices=amet&mattis=justo&odio=morbi&donec=ut&vitae=odio&nisi=cras&nam=mi&ultrices=pede&libero=malesuada&non=in&mattis=imperdiet&pulvinar=et&nulla=commodo&pede=vulputate&ullamcorper=justo&augue=in&a=blandit&suscipit=ultrices&nulla=enim&elit=lorem&ac=ipsum&nulla=dolor&sed=sit&vel=amet&enim=consectetuer&sit=adipiscing&amet=elit&nunc=proin&viverra=interdum&dapibus=mauris&nulla=non&suscipit=ligula&ligula=pellentesque&in=ultrices&lacus=phasellus&curabitur=id&at=sapien&ipsum=in&ac=sapien&tellus=iaculis&semper=congue&interdum=vivamus&mauris=metus&ullamcorper=arcu&purus=adipiscing&sit=molestie&amet=hendrerit&nulla=at&quisque=vulputate&arcu=vitae&libero=nisl&rutrum=aenean&ac=lectus&lobortis=pellentesque&vel=eget,TRUE
+http://ibm.com/dolor.html?nunc=praesent&proin=blandit&at=lacinia&turpis=erat&a=vestibulum&pede=sed&posuere=magna&nonummy=at&integer=nunc&non=commodo&velit=placerat&donec=praesent&diam=blandit&neque=nam&vestibulum=nulla&eget=integer&vulputate=pede&ut=justo&ultrices=lacinia&vel=eget&augue=tincidunt&vestibulum=eget&ante=tempus&ipsum=vel&primis=pede&in=morbi&faucibus=porttitor&orci=lorem&luctus=id&et=ligula&ultrices=suspendisse&posuere=ornare&cubilia=consequat&curae=lectus&donec=in&pharetra=est&magna=risus&vestibulum=auctor&aliquet=sed&ultrices=tristique&erat=in&tortor=tempus&sollicitudin=sit&mi=amet&sit=sem&amet=fusce&lobortis=consequat&sapien=nulla&sapien=nisl&non=nunc&mi=nisl&integer=duis&ac=bibendum&neque=felis&duis=sed&bibendum=interdum&morbi=venenatis&non=turpis&quam=enim&nec=blandit&dui=mi&luctus=in&rutrum=porttitor&nulla=pede&tellus=justo&in=eu&sagittis=massa&dui=donec&vel=dapibus&nisl=duis&duis=at&ac=velit&nibh=eu&fusce=est&lacus=congue&purus=elementum&aliquet=in&at=hac&feugiat=habitasse&non=platea&pretium=dictumst&quis=morbi&lectus=vestibulum&suspendisse=velit&potenti=id&in=pretium&eleifend=iaculis&quam=diam,TRUE
+http://hatena.ne.jp/quisque/erat/eros/viverra/eget/congue.aspx?eu=purus&massa=phasellus&donec=in&dapibus=felis&duis=donec&at=semper&velit=sapien&eu=a&est=libero&congue=nam&elementum=dui&in=proin&hac=leo&habitasse=odio&platea=porttitor&dictumst=id&morbi=consequat&vestibulum=in&velit=consequat&id=ut&pretium=nulla&iaculis=sed&diam=accumsan&erat=felis&fermentum=ut&justo=at&nec=dolor&condimentum=quis&neque=odio&sapien=consequat&placerat=varius&ante=integer&nulla=ac&justo=leo&aliquam=pellentesque&quis=ultrices,TRUE
+http://nsw.gov.au/libero/non/mattis/pulvinar/nulla/pede/ullamcorper.xml?diam=sapien&erat=ut&fermentum=nunc&justo=vestibulum&nec=ante&condimentum=ipsum&neque=primis&sapien=in&placerat=faucibus&ante=orci&nulla=luctus&justo=et&aliquam=ultrices&quis=posuere&turpis=cubilia&eget=curae&elit=mauris&sodales=viverra&scelerisque=diam&mauris=vitae&sit=quam&amet=suspendisse&eros=potenti&suspendisse=nullam&accumsan=porttitor&tortor=lacus&quis=at&turpis=turpis&sed=donec&ante=posuere&vivamus=metus&tortor=vitae&duis=ipsum&mattis=aliquam&egestas=non&metus=mauris&aenean=morbi&fermentum=non&donec=lectus,TRUE
+https://bloglovin.com/rhoncus/dui.jsp?sagittis=nec&sapien=dui&cum=luctus&sociis=rutrum&natoque=nulla&penatibus=tellus&et=in&magnis=sagittis&dis=dui&parturient=vel&montes=nisl&nascetur=duis&ridiculus=ac&mus=nibh&etiam=fusce&vel=lacus&augue=purus&vestibulum=aliquet&rutrum=at&rutrum=feugiat&neque=non&aenean=pretium&auctor=quis&gravida=lectus&sem=suspendisse&praesent=potenti&id=in&massa=eleifend&id=quam&nisl=a&venenatis=odio&lacinia=in&aenean=hac&sit=habitasse&amet=platea&justo=dictumst&morbi=maecenas&ut=ut&odio=massa&cras=quis&mi=augue&pede=luctus&malesuada=tincidunt&in=nulla&imperdiet=mollis&et=molestie&commodo=lorem&vulputate=quisque&justo=ut&in=erat&blandit=curabitur&ultrices=gravida&enim=nisi&lorem=at&ipsum=nibh&dolor=in&sit=hac&amet=habitasse&consectetuer=platea&adipiscing=dictumst&elit=aliquam&proin=augue&interdum=quam&mauris=sollicitudin&non=vitae,TRUE
+https://cloudflare.com/habitasse/platea/dictumst/etiam/faucibus/cursus/urna.xml?a=eget&libero=congue&nam=eget&dui=semper&proin=rutrum&leo=nulla&odio=nunc&porttitor=purus&id=phasellus&consequat=in&in=felis&consequat=donec&ut=semper&nulla=sapien&sed=a&accumsan=libero&felis=nam&ut=dui&at=proin&dolor=leo&quis=odio&odio=porttitor&consequat=id&varius=consequat&integer=in&ac=consequat&leo=ut&pellentesque=nulla&ultrices=sed&mattis=accumsan&odio=felis&donec=ut&vitae=at&nisi=dolor&nam=quis&ultrices=odio&libero=consequat&non=varius&mattis=integer&pulvinar=ac&nulla=leo&pede=pellentesque&ullamcorper=ultrices&augue=mattis,TRUE
+https://wikispaces.com/donec/quis/orci/eget/orci/vehicula.jpg?cum=posuere&sociis=cubilia&natoque=curae&penatibus=mauris&et=viverra&magnis=diam&dis=vitae&parturient=quam&montes=suspendisse&nascetur=potenti&ridiculus=nullam&mus=porttitor&vivamus=lacus&vestibulum=at&sagittis=turpis&sapien=donec&cum=posuere&sociis=metus&natoque=vitae&penatibus=ipsum&et=aliquam&magnis=non&dis=mauris&parturient=morbi&montes=non&nascetur=lectus&ridiculus=aliquam&mus=sit&etiam=amet&vel=diam&augue=in&vestibulum=magna&rutrum=bibendum&rutrum=imperdiet&neque=nullam&aenean=orci&auctor=pede&gravida=venenatis&sem=non&praesent=sodales&id=sed&massa=tincidunt&id=eu&nisl=felis&venenatis=fusce&lacinia=posuere&aenean=felis&sit=sed&amet=lacus&justo=morbi&morbi=sem&ut=mauris&odio=laoreet&cras=ut&mi=rhoncus&pede=aliquet&malesuada=pulvinar&in=sed&imperdiet=nisl,TRUE
+https://storify.com/venenatis/lacinia/aenean/sit/amet/justo.xml?interdum=fermentum&venenatis=donec&turpis=ut&enim=mauris&blandit=eget&mi=massa&in=tempor&porttitor=convallis&pede=nulla&justo=neque&eu=libero&massa=convallis&donec=eget&dapibus=eleifend&duis=luctus&at=ultricies&velit=eu&eu=nibh&est=quisque&congue=id&elementum=justo&in=sit,TRUE
+http://utexas.edu/donec/ut.js?blandit=in&ultrices=hac&enim=habitasse&lorem=platea&ipsum=dictumst&dolor=etiam&sit=faucibus&amet=cursus&consectetuer=urna&adipiscing=ut&elit=tellus&proin=nulla&interdum=ut&mauris=erat&non=id&ligula=mauris&pellentesque=vulputate&ultrices=elementum&phasellus=nullam&id=varius&sapien=nulla&in=facilisi&sapien=cras&iaculis=non&congue=velit&vivamus=nec&metus=nisi&arcu=vulputate&adipiscing=nonummy&molestie=maecenas&hendrerit=tincidunt&at=lacus&vulputate=at&vitae=velit&nisl=vivamus&aenean=vel&lectus=nulla&pellentesque=eget&eget=eros&nunc=elementum&donec=pellentesque&quis=quisque&orci=porta&eget=volutpat&orci=erat&vehicula=quisque&condimentum=erat&curabitur=eros,TRUE
+http://jiathis.com/nulla/facilisi/cras/non/velit.js?in=ut&faucibus=volutpat&orci=sapien&luctus=arcu&et=sed&ultrices=augue&posuere=aliquam&cubilia=erat&curae=volutpat&duis=in&faucibus=congue&accumsan=etiam&odio=justo&curabitur=etiam&convallis=pretium&duis=iaculis&consequat=justo&dui=in&nec=hac&nisi=habitasse&volutpat=platea&eleifend=dictumst&donec=etiam&ut=faucibus&dolor=cursus&morbi=urna&vel=ut&lectus=tellus&in=nulla&quam=ut&fringilla=erat&rhoncus=id&mauris=mauris&enim=vulputate&leo=elementum&rhoncus=nullam&sed=varius&vestibulum=nulla&sit=facilisi&amet=cras&cursus=non&id=velit&turpis=nec&integer=nisi&aliquet=vulputate&massa=nonummy&id=maecenas&lobortis=tincidunt&convallis=lacus&tortor=at&risus=velit&dapibus=vivamus&augue=vel&vel=nulla&accumsan=eget&tellus=eros&nisi=elementum&eu=pellentesque&orci=quisque&mauris=porta&lacinia=volutpat&sapien=erat&quis=quisque&libero=erat&nullam=eros&sit=viverra&amet=eget&turpis=congue&elementum=eget&ligula=semper&vehicula=rutrum&consequat=nulla&morbi=nunc&a=purus&ipsum=phasellus&integer=in&a=felis&nibh=donec&in=semper&quis=sapien&justo=a&maecenas=libero&rhoncus=nam&aliquam=dui&lacus=proin&morbi=leo&quis=odio&tortor=porttitor&id=id&nulla=consequat&ultrices=in&aliquet=consequat&maecenas=ut&leo=nulla&odio=sed&condimentum=accumsan&id=felis&luctus=ut&nec=at,TRUE
+http://feedburner.com/volutpat/eleifend/donec/ut.aspx?quis=rhoncus&turpis=aliquet&eget=pulvinar&elit=sed&sodales=nisl&scelerisque=nunc&mauris=rhoncus&sit=dui&amet=vel&eros=sem&suspendisse=sed&accumsan=sagittis&tortor=nam&quis=congue&turpis=risus&sed=semper&ante=porta&vivamus=volutpat&tortor=quam&duis=pede&mattis=lobortis&egestas=ligula&metus=sit&aenean=amet&fermentum=eleifend&donec=pede&ut=libero&mauris=quis&eget=orci&massa=nullam&tempor=molestie&convallis=nibh&nulla=in&neque=lectus&libero=pellentesque&convallis=at&eget=nulla&eleifend=suspendisse&luctus=potenti&ultricies=cras&eu=in&nibh=purus&quisque=eu&id=magna&justo=vulputate&sit=luctus&amet=cum&sapien=sociis&dignissim=natoque&vestibulum=penatibus&vestibulum=et&ante=magnis&ipsum=dis&primis=parturient&in=montes&faucibus=nascetur&orci=ridiculus&luctus=mus&et=vivamus&ultrices=vestibulum&posuere=sagittis&cubilia=sapien&curae=cum&nulla=sociis&dapibus=natoque&dolor=penatibus&vel=et&est=magnis&donec=dis&odio=parturient&justo=montes&sollicitudin=nascetur&ut=ridiculus&suscipit=mus&a=etiam&feugiat=vel&et=augue&eros=vestibulum&vestibulum=rutrum&ac=rutrum&est=neque&lacinia=aenean&nisi=auctor&venenatis=gravida&tristique=sem&fusce=praesent&congue=id&diam=massa&id=id&ornare=nisl&imperdiet=venenatis&sapien=lacinia&urna=aenean&pretium=sit&nisl=amet&ut=justo&volutpat=morbi&sapien=ut&arcu=odio&sed=cras,TRUE
+https://soup.io/dolor/sit.xml?pede=dolor&ullamcorper=sit&augue=amet&a=consectetuer&suscipit=adipiscing&nulla=elit&elit=proin&ac=interdum&nulla=mauris&sed=non&vel=ligula&enim=pellentesque&sit=ultrices&amet=phasellus&nunc=id&viverra=sapien&dapibus=in&nulla=sapien&suscipit=iaculis&ligula=congue&in=vivamus&lacus=metus&curabitur=arcu&at=adipiscing&ipsum=molestie&ac=hendrerit&tellus=at&semper=vulputate&interdum=vitae&mauris=nisl&ullamcorper=aenean&purus=lectus&sit=pellentesque,TRUE
+http://uol.com.br/accumsan/felis/ut/at/dolor/quis.aspx?blandit=arcu&nam=sed,TRUE
+http://bloglovin.com/odio/in/hac.json?non=consectetuer&quam=eget&nec=rutrum&dui=at&luctus=lorem&rutrum=integer&nulla=tincidunt&tellus=ante&in=vel&sagittis=ipsum&dui=praesent&vel=blandit&nisl=lacinia&duis=erat&ac=vestibulum&nibh=sed&fusce=magna&lacus=at&purus=nunc&aliquet=commodo&at=placerat&feugiat=praesent&non=blandit&pretium=nam&quis=nulla&lectus=integer&suspendisse=pede&potenti=justo&in=lacinia&eleifend=eget&quam=tincidunt&a=eget&odio=tempus&in=vel&hac=pede&habitasse=morbi&platea=porttitor&dictumst=lorem&maecenas=id&ut=ligula&massa=suspendisse&quis=ornare&augue=consequat&luctus=lectus&tincidunt=in&nulla=est&mollis=risus&molestie=auctor&lorem=sed&quisque=tristique&ut=in&erat=tempus&curabitur=sit&gravida=amet&nisi=sem&at=fusce&nibh=consequat&in=nulla&hac=nisl,TRUE
+http://taobao.com/turpis/integer.jpg?morbi=dis&porttitor=parturient&lorem=montes&id=nascetur&ligula=ridiculus&suspendisse=mus&ornare=etiam&consequat=vel&lectus=augue&in=vestibulum&est=rutrum&risus=rutrum&auctor=neque&sed=aenean&tristique=auctor&in=gravida&tempus=sem&sit=praesent,TRUE
+http://gnu.org/in/imperdiet/et/commodo/vulputate.aspx?ut=orci&nunc=luctus&vestibulum=et&ante=ultrices&ipsum=posuere&primis=cubilia&in=curae&faucibus=mauris&orci=viverra&luctus=diam&et=vitae&ultrices=quam&posuere=suspendisse&cubilia=potenti&curae=nullam&mauris=porttitor&viverra=lacus&diam=at&vitae=turpis&quam=donec&suspendisse=posuere&potenti=metus&nullam=vitae,TRUE
+http://msu.edu/morbi/quis/tortor/id/nulla/ultrices.aspx?justo=eu&eu=felis&massa=fusce&donec=posuere&dapibus=felis&duis=sed&at=lacus&velit=morbi&eu=sem&est=mauris&congue=laoreet&elementum=ut&in=rhoncus&hac=aliquet&habitasse=pulvinar&platea=sed&dictumst=nisl&morbi=nunc&vestibulum=rhoncus&velit=dui&id=vel&pretium=sem&iaculis=sed&diam=sagittis&erat=nam&fermentum=congue&justo=risus&nec=semper&condimentum=porta&neque=volutpat&sapien=quam&placerat=pede&ante=lobortis&nulla=ligula&justo=sit&aliquam=amet&quis=eleifend&turpis=pede&eget=libero&elit=quis&sodales=orci&scelerisque=nullam&mauris=molestie&sit=nibh&amet=in&eros=lectus&suspendisse=pellentesque&accumsan=at&tortor=nulla&quis=suspendisse&turpis=potenti&sed=cras&ante=in&vivamus=purus&tortor=eu&duis=magna&mattis=vulputate&egestas=luctus&metus=cum&aenean=sociis&fermentum=natoque&donec=penatibus&ut=et&mauris=magnis&eget=dis&massa=parturient&tempor=montes,TRUE
+https://prlog.org/vehicula/condimentum.json?quam=luctus&turpis=cum&adipiscing=sociis&lorem=natoque&vitae=penatibus&mattis=et&nibh=magnis&ligula=dis&nec=parturient&sem=montes&duis=nascetur&aliquam=ridiculus&convallis=mus&nunc=vivamus&proin=vestibulum&at=sagittis&turpis=sapien&a=cum&pede=sociis&posuere=natoque&nonummy=penatibus&integer=et&non=magnis&velit=dis&donec=parturient&diam=montes&neque=nascetur&vestibulum=ridiculus&eget=mus&vulputate=etiam&ut=vel&ultrices=augue&vel=vestibulum&augue=rutrum&vestibulum=rutrum&ante=neque&ipsum=aenean&primis=auctor&in=gravida&faucibus=sem&orci=praesent&luctus=id&et=massa&ultrices=id&posuere=nisl&cubilia=venenatis&curae=lacinia&donec=aenean&pharetra=sit&magna=amet&vestibulum=justo&aliquet=morbi&ultrices=ut&erat=odio&tortor=cras&sollicitudin=mi&mi=pede&sit=malesuada&amet=in&lobortis=imperdiet&sapien=et&sapien=commodo&non=vulputate&mi=justo&integer=in&ac=blandit&neque=ultrices&duis=enim&bibendum=lorem&morbi=ipsum&non=dolor&quam=sit&nec=amet&dui=consectetuer&luctus=adipiscing&rutrum=elit&nulla=proin&tellus=interdum&in=mauris&sagittis=non&dui=ligula&vel=pellentesque&nisl=ultrices&duis=phasellus&ac=id&nibh=sapien&fusce=in&lacus=sapien&purus=iaculis&aliquet=congue&at=vivamus&feugiat=metus&non=arcu&pretium=adipiscing,TRUE
+http://bloglines.com/rutrum/neque/aenean/auctor/gravida/sem/praesent.xml?turpis=venenatis&a=lacinia&pede=aenean&posuere=sit&nonummy=amet&integer=justo&non=morbi&velit=ut&donec=odio&diam=cras&neque=mi,TRUE
+http://earthlink.net/aliquam.xml?lobortis=rhoncus&sapien=aliquet&sapien=pulvinar&non=sed&mi=nisl&integer=nunc&ac=rhoncus&neque=dui&duis=vel&bibendum=sem&morbi=sed&non=sagittis&quam=nam&nec=congue&dui=risus&luctus=semper&rutrum=porta&nulla=volutpat&tellus=quam&in=pede&sagittis=lobortis&dui=ligula&vel=sit&nisl=amet&duis=eleifend&ac=pede&nibh=libero&fusce=quis&lacus=orci&purus=nullam&aliquet=molestie&at=nibh&feugiat=in&non=lectus&pretium=pellentesque&quis=at&lectus=nulla&suspendisse=suspendisse&potenti=potenti&in=cras&eleifend=in&quam=purus&a=eu&odio=magna&in=vulputate&hac=luctus&habitasse=cum&platea=sociis&dictumst=natoque&maecenas=penatibus&ut=et&massa=magnis&quis=dis&augue=parturient&luctus=montes&tincidunt=nascetur&nulla=ridiculus&mollis=mus&molestie=vivamus&lorem=vestibulum&quisque=sagittis&ut=sapien&erat=cum&curabitur=sociis&gravida=natoque&nisi=penatibus&at=et&nibh=magnis&in=dis&hac=parturient,TRUE
+http://yandex.ru/leo/odio/porttitor/id.aspx?duis=quis&ac=tortor&nibh=id&fusce=nulla&lacus=ultrices&purus=aliquet&aliquet=maecenas&at=leo&feugiat=odio&non=condimentum&pretium=id&quis=luctus&lectus=nec&suspendisse=molestie&potenti=sed&in=justo&eleifend=pellentesque&quam=viverra&a=pede&odio=ac&in=diam&hac=cras&habitasse=pellentesque&platea=volutpat&dictumst=dui&maecenas=maecenas&ut=tristique&massa=est&quis=et&augue=tempus&luctus=semper&tincidunt=est&nulla=quam&mollis=pharetra&molestie=magna&lorem=ac&quisque=consequat&ut=metus&erat=sapien&curabitur=ut&gravida=nunc&nisi=vestibulum&at=ante&nibh=ipsum&in=primis&hac=in&habitasse=faucibus&platea=orci&dictumst=luctus&aliquam=et&augue=ultrices&quam=posuere,TRUE
+http://craigslist.org/mi.jsp?erat=adipiscing&curabitur=elit&gravida=proin&nisi=risus&at=praesent&nibh=lectus&in=vestibulum&hac=quam&habitasse=sapien&platea=varius&dictumst=ut&aliquam=blandit&augue=non&quam=interdum&sollicitudin=in&vitae=ante&consectetuer=vestibulum&eget=ante&rutrum=ipsum&at=primis&lorem=in&integer=faucibus&tincidunt=orci&ante=luctus&vel=et&ipsum=ultrices&praesent=posuere&blandit=cubilia&lacinia=curae&erat=duis&vestibulum=faucibus&sed=accumsan&magna=odio&at=curabitur&nunc=convallis&commodo=duis&placerat=consequat&praesent=dui&blandit=nec&nam=nisi&nulla=volutpat&integer=eleifend&pede=donec&justo=ut&lacinia=dolor&eget=morbi&tincidunt=vel&eget=lectus&tempus=in&vel=quam&pede=fringilla&morbi=rhoncus&porttitor=mauris&lorem=enim&id=leo&ligula=rhoncus&suspendisse=sed&ornare=vestibulum&consequat=sit&lectus=amet&in=cursus&est=id&risus=turpis&auctor=integer&sed=aliquet&tristique=massa&in=id&tempus=lobortis&sit=convallis&amet=tortor&sem=risus,TRUE
+http://examiner.com/suspendisse/ornare/consequat/lectus/in/est/risus.jpg?eu=sit&est=amet&congue=diam&elementum=in&in=magna&hac=bibendum&habitasse=imperdiet&platea=nullam&dictumst=orci&morbi=pede&vestibulum=venenatis&velit=non&id=sodales&pretium=sed&iaculis=tincidunt&diam=eu&erat=felis&fermentum=fusce&justo=posuere&nec=felis&condimentum=sed&neque=lacus&sapien=morbi&placerat=sem&ante=mauris&nulla=laoreet&justo=ut&aliquam=rhoncus&quis=aliquet&turpis=pulvinar&eget=sed&elit=nisl&sodales=nunc&scelerisque=rhoncus&mauris=dui&sit=vel&amet=sem&eros=sed&suspendisse=sagittis&accumsan=nam&tortor=congue&quis=risus&turpis=semper&sed=porta&ante=volutpat&vivamus=quam&tortor=pede&duis=lobortis&mattis=ligula&egestas=sit&metus=amet&aenean=eleifend&fermentum=pede&donec=libero&ut=quis&mauris=orci&eget=nullam&massa=molestie&tempor=nibh&convallis=in&nulla=lectus&neque=pellentesque&libero=at&convallis=nulla&eget=suspendisse&eleifend=potenti&luctus=cras&ultricies=in&eu=purus&nibh=eu&quisque=magna&id=vulputate&justo=luctus&sit=cum&amet=sociis&sapien=natoque&dignissim=penatibus&vestibulum=et&vestibulum=magnis,TRUE
+http://chronoengine.com/dui/proin/leo/odio/porttitor/id/consequat.xml?dolor=felis&morbi=fusce&vel=posuere&lectus=felis&in=sed&quam=lacus&fringilla=morbi&rhoncus=sem&mauris=mauris&enim=laoreet&leo=ut&rhoncus=rhoncus&sed=aliquet&vestibulum=pulvinar&sit=sed&amet=nisl&cursus=nunc&id=rhoncus&turpis=dui&integer=vel&aliquet=sem&massa=sed&id=sagittis&lobortis=nam&convallis=congue&tortor=risus&risus=semper&dapibus=porta&augue=volutpat&vel=quam&accumsan=pede&tellus=lobortis&nisi=ligula&eu=sit&orci=amet&mauris=eleifend&lacinia=pede&sapien=libero&quis=quis&libero=orci&nullam=nullam&sit=molestie&amet=nibh&turpis=in&elementum=lectus&ligula=pellentesque&vehicula=at&consequat=nulla&morbi=suspendisse&a=potenti&ipsum=cras&integer=in&a=purus&nibh=eu&in=magna&quis=vulputate&justo=luctus&maecenas=cum&rhoncus=sociis&aliquam=natoque&lacus=penatibus&morbi=et&quis=magnis&tortor=dis&id=parturient&nulla=montes&ultrices=nascetur&aliquet=ridiculus&maecenas=mus&leo=vivamus&odio=vestibulum&condimentum=sagittis&id=sapien&luctus=cum&nec=sociis&molestie=natoque&sed=penatibus&justo=et&pellentesque=magnis&viverra=dis&pede=parturient&ac=montes&diam=nascetur&cras=ridiculus&pellentesque=mus,TRUE
+http://stumbleupon.com/nec/nisi/volutpat/eleifend/donec.json?cras=nulla&in=tellus&purus=in&eu=sagittis&magna=dui&vulputate=vel&luctus=nisl&cum=duis&sociis=ac&natoque=nibh&penatibus=fusce&et=lacus&magnis=purus&dis=aliquet&parturient=at&montes=feugiat&nascetur=non&ridiculus=pretium&mus=quis&vivamus=lectus&vestibulum=suspendisse&sagittis=potenti&sapien=in&cum=eleifend&sociis=quam&natoque=a&penatibus=odio&et=in&magnis=hac&dis=habitasse&parturient=platea&montes=dictumst&nascetur=maecenas&ridiculus=ut&mus=massa&etiam=quis&vel=augue&augue=luctus&vestibulum=tincidunt&rutrum=nulla&rutrum=mollis&neque=molestie&aenean=lorem&auctor=quisque&gravida=ut&sem=erat&praesent=curabitur&id=gravida&massa=nisi&id=at&nisl=nibh&venenatis=in&lacinia=hac&aenean=habitasse&sit=platea&amet=dictumst&justo=aliquam&morbi=augue,TRUE
+http://archive.org/sapien/quis/libero/nullam/sit/amet/turpis.js?tincidunt=elementum&lacus=nullam&at=varius&velit=nulla&vivamus=facilisi,TRUE
+http://princeton.edu/nulla/tellus/in/sagittis.png?odio=magna&elementum=ac&eu=consequat&interdum=metus&eu=sapien&tincidunt=ut&in=nunc&leo=vestibulum&maecenas=ante&pulvinar=ipsum&lobortis=primis&est=in&phasellus=faucibus&sit=orci&amet=luctus&erat=et&nulla=ultrices&tempus=posuere&vivamus=cubilia&in=curae&felis=mauris&eu=viverra&sapien=diam&cursus=vitae&vestibulum=quam&proin=suspendisse&eu=potenti&mi=nullam&nulla=porttitor&ac=lacus&enim=at&in=turpis&tempor=donec&turpis=posuere&nec=metus&euismod=vitae&scelerisque=ipsum&quam=aliquam&turpis=non&adipiscing=mauris&lorem=morbi,TRUE
+http://mysql.com/ante/ipsum/primis/in/faucibus.html?orci=ut&nullam=rhoncus&molestie=aliquet&nibh=pulvinar&in=sed&lectus=nisl&pellentesque=nunc&at=rhoncus&nulla=dui&suspendisse=vel&potenti=sem&cras=sed&in=sagittis&purus=nam&eu=congue&magna=risus&vulputate=semper&luctus=porta&cum=volutpat&sociis=quam&natoque=pede&penatibus=lobortis&et=ligula&magnis=sit&dis=amet&parturient=eleifend&montes=pede&nascetur=libero&ridiculus=quis&mus=orci&vivamus=nullam&vestibulum=molestie&sagittis=nibh&sapien=in&cum=lectus&sociis=pellentesque&natoque=at&penatibus=nulla&et=suspendisse&magnis=potenti&dis=cras&parturient=in&montes=purus&nascetur=eu&ridiculus=magna&mus=vulputate&etiam=luctus&vel=cum&augue=sociis&vestibulum=natoque&rutrum=penatibus&rutrum=et&neque=magnis&aenean=dis&auctor=parturient&gravida=montes&sem=nascetur&praesent=ridiculus&id=mus&massa=vivamus&id=vestibulum&nisl=sagittis&venenatis=sapien&lacinia=cum&aenean=sociis&sit=natoque&amet=penatibus&justo=et&morbi=magnis&ut=dis&odio=parturient&cras=montes&mi=nascetur&pede=ridiculus&malesuada=mus&in=etiam&imperdiet=vel&et=augue&commodo=vestibulum&vulputate=rutrum&justo=rutrum&in=neque&blandit=aenean&ultrices=auctor&enim=gravida&lorem=sem&ipsum=praesent&dolor=id&sit=massa&amet=id&consectetuer=nisl&adipiscing=venenatis&elit=lacinia,TRUE
+https://go.com/tortor/id.png?in=eu&imperdiet=interdum&et=eu&commodo=tincidunt&vulputate=in&justo=leo&in=maecenas&blandit=pulvinar&ultrices=lobortis&enim=est&lorem=phasellus&ipsum=sit&dolor=amet&sit=erat&amet=nulla&consectetuer=tempus&adipiscing=vivamus&elit=in&proin=felis&interdum=eu&mauris=sapien&non=cursus&ligula=vestibulum,TRUE
+https://usda.gov/sollicitudin/vitae.jpg?consectetuer=tempus&adipiscing=sit&elit=amet&proin=sem&interdum=fusce&mauris=consequat&non=nulla&ligula=nisl&pellentesque=nunc&ultrices=nisl&phasellus=duis&id=bibendum&sapien=felis&in=sed&sapien=interdum&iaculis=venenatis&congue=turpis&vivamus=enim&metus=blandit&arcu=mi&adipiscing=in&molestie=porttitor&hendrerit=pede&at=justo&vulputate=eu&vitae=massa&nisl=donec&aenean=dapibus&lectus=duis&pellentesque=at&eget=velit&nunc=eu&donec=est&quis=congue&orci=elementum&eget=in&orci=hac&vehicula=habitasse&condimentum=platea&curabitur=dictumst&in=morbi&libero=vestibulum&ut=velit&massa=id&volutpat=pretium&convallis=iaculis&morbi=diam&odio=erat&odio=fermentum&elementum=justo&eu=nec&interdum=condimentum&eu=neque&tincidunt=sapien&in=placerat&leo=ante&maecenas=nulla&pulvinar=justo&lobortis=aliquam&est=quis&phasellus=turpis&sit=eget&amet=elit&erat=sodales&nulla=scelerisque&tempus=mauris&vivamus=sit&in=amet&felis=eros&eu=suspendisse&sapien=accumsan&cursus=tortor&vestibulum=quis&proin=turpis,TRUE
+http://si.edu/sem/fusce/consequat/nulla.jpg?ut=cubilia&suscipit=curae&a=duis,TRUE
+http://businessweek.com/cursus/vestibulum/proin/eu.html?vestibulum=pellentesque&ac=ultrices&est=phasellus&lacinia=id&nisi=sapien&venenatis=in&tristique=sapien&fusce=iaculis&congue=congue&diam=vivamus&id=metus&ornare=arcu&imperdiet=adipiscing&sapien=molestie&urna=hendrerit&pretium=at&nisl=vulputate&ut=vitae&volutpat=nisl&sapien=aenean&arcu=lectus&sed=pellentesque&augue=eget&aliquam=nunc&erat=donec&volutpat=quis&in=orci&congue=eget&etiam=orci&justo=vehicula&etiam=condimentum&pretium=curabitur&iaculis=in&justo=libero&in=ut&hac=massa&habitasse=volutpat&platea=convallis&dictumst=morbi&etiam=odio&faucibus=odio&cursus=elementum&urna=eu&ut=interdum&tellus=eu&nulla=tincidunt&ut=in&erat=leo&id=maecenas&mauris=pulvinar&vulputate=lobortis&elementum=est&nullam=phasellus&varius=sit&nulla=amet&facilisi=erat&cras=nulla&non=tempus&velit=vivamus&nec=in&nisi=felis&vulputate=eu&nonummy=sapien&maecenas=cursus&tincidunt=vestibulum&lacus=proin&at=eu&velit=mi&vivamus=nulla&vel=ac&nulla=enim&eget=in&eros=tempor&elementum=turpis,TRUE
+https://imageshack.us/diam/id/ornare/imperdiet.xml?sed=integer&vestibulum=ac&sit=neque&amet=duis&cursus=bibendum&id=morbi&turpis=non&integer=quam&aliquet=nec&massa=dui&id=luctus&lobortis=rutrum&convallis=nulla&tortor=tellus&risus=in&dapibus=sagittis&augue=dui&vel=vel&accumsan=nisl&tellus=duis&nisi=ac&eu=nibh&orci=fusce&mauris=lacus&lacinia=purus&sapien=aliquet&quis=at&libero=feugiat&nullam=non&sit=pretium&amet=quis&turpis=lectus&elementum=suspendisse&ligula=potenti&vehicula=in&consequat=eleifend&morbi=quam&a=a&ipsum=odio&integer=in&a=hac&nibh=habitasse&in=platea&quis=dictumst&justo=maecenas&maecenas=ut&rhoncus=massa&aliquam=quis&lacus=augue&morbi=luctus&quis=tincidunt&tortor=nulla&id=mollis&nulla=molestie&ultrices=lorem&aliquet=quisque&maecenas=ut&leo=erat&odio=curabitur&condimentum=gravida&id=nisi&luctus=at&nec=nibh&molestie=in&sed=hac&justo=habitasse&pellentesque=platea&viverra=dictumst&pede=aliquam&ac=augue&diam=quam&cras=sollicitudin&pellentesque=vitae&volutpat=consectetuer&dui=eget&maecenas=rutrum&tristique=at,TRUE
+http://odnoklassniki.ru/lacus.js?urna=phasellus&pretium=id&nisl=sapien&ut=in&volutpat=sapien&sapien=iaculis&arcu=congue&sed=vivamus&augue=metus&aliquam=arcu&erat=adipiscing&volutpat=molestie&in=hendrerit&congue=at&etiam=vulputate&justo=vitae&etiam=nisl&pretium=aenean&iaculis=lectus&justo=pellentesque&in=eget&hac=nunc&habitasse=donec&platea=quis&dictumst=orci&etiam=eget&faucibus=orci&cursus=vehicula&urna=condimentum&ut=curabitur&tellus=in&nulla=libero&ut=ut&erat=massa&id=volutpat&mauris=convallis&vulputate=morbi&elementum=odio&nullam=odio&varius=elementum&nulla=eu&facilisi=interdum&cras=eu,TRUE
+http://tmall.com/scelerisque/quam/turpis.aspx?lobortis=amet&convallis=sapien&tortor=dignissim&risus=vestibulum&dapibus=vestibulum&augue=ante&vel=ipsum&accumsan=primis&tellus=in&nisi=faucibus&eu=orci&orci=luctus&mauris=et&lacinia=ultrices&sapien=posuere&quis=cubilia&libero=curae&nullam=nulla&sit=dapibus&amet=dolor&turpis=vel&elementum=est&ligula=donec&vehicula=odio&consequat=justo&morbi=sollicitudin,TRUE
+http://eventbrite.com/nulla.html?libero=eros&nam=vestibulum&dui=ac&proin=est&leo=lacinia&odio=nisi&porttitor=venenatis&id=tristique&consequat=fusce&in=congue&consequat=diam&ut=id&nulla=ornare&sed=imperdiet&accumsan=sapien&felis=urna&ut=pretium&at=nisl&dolor=ut&quis=volutpat&odio=sapien&consequat=arcu&varius=sed&integer=augue&ac=aliquam&leo=erat&pellentesque=volutpat&ultrices=in&mattis=congue&odio=etiam&donec=justo&vitae=etiam&nisi=pretium&nam=iaculis&ultrices=justo&libero=in&non=hac&mattis=habitasse&pulvinar=platea&nulla=dictumst&pede=etiam&ullamcorper=faucibus&augue=cursus&a=urna&suscipit=ut&nulla=tellus&elit=nulla&ac=ut&nulla=erat&sed=id&vel=mauris&enim=vulputate&sit=elementum&amet=nullam&nunc=varius&viverra=nulla&dapibus=facilisi&nulla=cras&suscipit=non&ligula=velit&in=nec&lacus=nisi&curabitur=vulputate&at=nonummy&ipsum=maecenas&ac=tincidunt&tellus=lacus&semper=at&interdum=velit&mauris=vivamus&ullamcorper=vel&purus=nulla&sit=eget&amet=eros&nulla=elementum&quisque=pellentesque&arcu=quisque&libero=porta,TRUE
+https://washington.edu/fermentum/justo/nec/condimentum/neque.html?semper=aenean&interdum=auctor&mauris=gravida&ullamcorper=sem&purus=praesent&sit=id&amet=massa&nulla=id&quisque=nisl&arcu=venenatis&libero=lacinia&rutrum=aenean&ac=sit&lobortis=amet&vel=justo&dapibus=morbi,TRUE
+https://com.com/id/justo/sit/amet/sapien/dignissim.jpg?vel=massa&sem=tempor&sed=convallis&sagittis=nulla&nam=neque&congue=libero&risus=convallis&semper=eget&porta=eleifend&volutpat=luctus&quam=ultricies&pede=eu&lobortis=nibh&ligula=quisque&sit=id&amet=justo&eleifend=sit&pede=amet&libero=sapien&quis=dignissim&orci=vestibulum&nullam=vestibulum&molestie=ante&nibh=ipsum&in=primis&lectus=in&pellentesque=faucibus&at=orci&nulla=luctus&suspendisse=et&potenti=ultrices&cras=posuere&in=cubilia&purus=curae&eu=nulla&magna=dapibus&vulputate=dolor,TRUE
+http://ustream.tv/lobortis.xml?tempor=dis&turpis=parturient&nec=montes&euismod=nascetur&scelerisque=ridiculus&quam=mus&turpis=vivamus&adipiscing=vestibulum&lorem=sagittis&vitae=sapien&mattis=cum&nibh=sociis&ligula=natoque&nec=penatibus&sem=et&duis=magnis&aliquam=dis&convallis=parturient&nunc=montes&proin=nascetur&at=ridiculus&turpis=mus&a=etiam&pede=vel&posuere=augue&nonummy=vestibulum&integer=rutrum&non=rutrum&velit=neque&donec=aenean&diam=auctor&neque=gravida&vestibulum=sem&eget=praesent&vulputate=id&ut=massa&ultrices=id&vel=nisl&augue=venenatis&vestibulum=lacinia&ante=aenean&ipsum=sit,TRUE
+http://disqus.com/volutpat/quam/pede/lobortis.html?mi=fusce&pede=lacus&malesuada=purus&in=aliquet&imperdiet=at&et=feugiat&commodo=non&vulputate=pretium&justo=quis&in=lectus&blandit=suspendisse&ultrices=potenti&enim=in&lorem=eleifend&ipsum=quam&dolor=a&sit=odio&amet=in&consectetuer=hac&adipiscing=habitasse&elit=platea&proin=dictumst&interdum=maecenas&mauris=ut&non=massa&ligula=quis&pellentesque=augue&ultrices=luctus&phasellus=tincidunt&id=nulla&sapien=mollis&in=molestie&sapien=lorem&iaculis=quisque&congue=ut&vivamus=erat&metus=curabitur&arcu=gravida&adipiscing=nisi&molestie=at&hendrerit=nibh&at=in&vulputate=hac&vitae=habitasse&nisl=platea&aenean=dictumst&lectus=aliquam&pellentesque=augue&eget=quam&nunc=sollicitudin&donec=vitae&quis=consectetuer&orci=eget&eget=rutrum&orci=at&vehicula=lorem&condimentum=integer&curabitur=tincidunt&in=ante&libero=vel&ut=ipsum&massa=praesent&volutpat=blandit&convallis=lacinia&morbi=erat&odio=vestibulum&odio=sed&elementum=magna&eu=at&interdum=nunc&eu=commodo&tincidunt=placerat&in=praesent&leo=blandit&maecenas=nam&pulvinar=nulla&lobortis=integer&est=pede&phasellus=justo&sit=lacinia&amet=eget&erat=tincidunt&nulla=eget&tempus=tempus&vivamus=vel,TRUE
+https://narod.ru/justo/pellentesque/viverra/pede.aspx?posuere=pulvinar&cubilia=sed&curae=nisl&mauris=nunc&viverra=rhoncus&diam=dui&vitae=vel&quam=sem&suspendisse=sed&potenti=sagittis&nullam=nam&porttitor=congue&lacus=risus&at=semper&turpis=porta&donec=volutpat&posuere=quam&metus=pede&vitae=lobortis&ipsum=ligula&aliquam=sit&non=amet&mauris=eleifend&morbi=pede&non=libero&lectus=quis&aliquam=orci&sit=nullam&amet=molestie&diam=nibh&in=in&magna=lectus&bibendum=pellentesque&imperdiet=at&nullam=nulla&orci=suspendisse&pede=potenti&venenatis=cras&non=in&sodales=purus&sed=eu&tincidunt=magna&eu=vulputate&felis=luctus&fusce=cum&posuere=sociis&felis=natoque&sed=penatibus&lacus=et&morbi=magnis&sem=dis&mauris=parturient&laoreet=montes&ut=nascetur&rhoncus=ridiculus&aliquet=mus&pulvinar=vivamus&sed=vestibulum&nisl=sagittis&nunc=sapien&rhoncus=cum&dui=sociis&vel=natoque&sem=penatibus&sed=et&sagittis=magnis&nam=dis&congue=parturient&risus=montes&semper=nascetur&porta=ridiculus&volutpat=mus&quam=etiam&pede=vel&lobortis=augue&ligula=vestibulum&sit=rutrum&amet=rutrum,TRUE
+https://issuu.com/sem/fusce/consequat/nulla.js?quis=et&justo=magnis&maecenas=dis&rhoncus=parturient&aliquam=montes&lacus=nascetur&morbi=ridiculus&quis=mus&tortor=etiam&id=vel&nulla=augue&ultrices=vestibulum&aliquet=rutrum&maecenas=rutrum&leo=neque&odio=aenean&condimentum=auctor&id=gravida&luctus=sem&nec=praesent&molestie=id&sed=massa&justo=id&pellentesque=nisl&viverra=venenatis&pede=lacinia&ac=aenean&diam=sit&cras=amet&pellentesque=justo&volutpat=morbi&dui=ut,TRUE
+http://pagesperso-orange.fr/orci/vehicula/condimentum.jsp?magnis=sagittis,TRUE
+https://narod.ru/vestibulum.html?sapien=tristique&placerat=in&ante=tempus&nulla=sit&justo=amet&aliquam=sem&quis=fusce&turpis=consequat&eget=nulla&elit=nisl&sodales=nunc&scelerisque=nisl&mauris=duis&sit=bibendum&amet=felis&eros=sed&suspendisse=interdum&accumsan=venenatis&tortor=turpis&quis=enim&turpis=blandit&sed=mi&ante=in&vivamus=porttitor&tortor=pede&duis=justo&mattis=eu&egestas=massa&metus=donec&aenean=dapibus&fermentum=duis&donec=at&ut=velit&mauris=eu&eget=est&massa=congue&tempor=elementum&convallis=in&nulla=hac&neque=habitasse&libero=platea&convallis=dictumst&eget=morbi&eleifend=vestibulum&luctus=velit&ultricies=id&eu=pretium&nibh=iaculis&quisque=diam&id=erat&justo=fermentum&sit=justo&amet=nec&sapien=condimentum&dignissim=neque&vestibulum=sapien&vestibulum=placerat&ante=ante&ipsum=nulla&primis=justo&in=aliquam&faucibus=quis&orci=turpis&luctus=eget&et=elit&ultrices=sodales,TRUE
+http://scientificamerican.com/feugiat/et/eros/vestibulum/ac.jsp?vivamus=magnis&tortor=dis&duis=parturient&mattis=montes&egestas=nascetur&metus=ridiculus&aenean=mus&fermentum=etiam&donec=vel&ut=augue&mauris=vestibulum&eget=rutrum&massa=rutrum&tempor=neque&convallis=aenean&nulla=auctor&neque=gravida&libero=sem&convallis=praesent&eget=id&eleifend=massa&luctus=id&ultricies=nisl&eu=venenatis&nibh=lacinia&quisque=aenean&id=sit&justo=amet&sit=justo&amet=morbi&sapien=ut&dignissim=odio&vestibulum=cras&vestibulum=mi&ante=pede&ipsum=malesuada&primis=in&in=imperdiet&faucibus=et&orci=commodo&luctus=vulputate&et=justo&ultrices=in&posuere=blandit&cubilia=ultrices&curae=enim&nulla=lorem&dapibus=ipsum&dolor=dolor,TRUE
+http://berkeley.edu/morbi/vel/lectus/in/quam/fringilla/rhoncus.png?metus=lacinia&vitae=nisi&ipsum=venenatis&aliquam=tristique&non=fusce&mauris=congue&morbi=diam&non=id&lectus=ornare&aliquam=imperdiet&sit=sapien&amet=urna&diam=pretium&in=nisl&magna=ut&bibendum=volutpat&imperdiet=sapien&nullam=arcu&orci=sed&pede=augue&venenatis=aliquam&non=erat&sodales=volutpat&sed=in&tincidunt=congue&eu=etiam&felis=justo&fusce=etiam&posuere=pretium&felis=iaculis&sed=justo&lacus=in&morbi=hac&sem=habitasse&mauris=platea&laoreet=dictumst&ut=etiam&rhoncus=faucibus&aliquet=cursus&pulvinar=urna&sed=ut&nisl=tellus&nunc=nulla&rhoncus=ut&dui=erat&vel=id&sem=mauris&sed=vulputate&sagittis=elementum&nam=nullam&congue=varius&risus=nulla,TRUE
+https://cdbaby.com/quam/sollicitudin/vitae.js?aenean=sed&auctor=vestibulum&gravida=sit&sem=amet&praesent=cursus&id=id&massa=turpis&id=integer&nisl=aliquet&venenatis=massa&lacinia=id&aenean=lobortis&sit=convallis&amet=tortor&justo=risus&morbi=dapibus&ut=augue&odio=vel&cras=accumsan&mi=tellus&pede=nisi&malesuada=eu&in=orci&imperdiet=mauris&et=lacinia&commodo=sapien&vulputate=quis&justo=libero&in=nullam&blandit=sit&ultrices=amet&enim=turpis&lorem=elementum&ipsum=ligula&dolor=vehicula&sit=consequat&amet=morbi&consectetuer=a&adipiscing=ipsum&elit=integer&proin=a&interdum=nibh&mauris=in&non=quis&ligula=justo&pellentesque=maecenas&ultrices=rhoncus&phasellus=aliquam&id=lacus&sapien=morbi&in=quis&sapien=tortor&iaculis=id&congue=nulla&vivamus=ultrices&metus=aliquet&arcu=maecenas&adipiscing=leo&molestie=odio&hendrerit=condimentum&at=id&vulputate=luctus&vitae=nec&nisl=molestie&aenean=sed&lectus=justo&pellentesque=pellentesque&eget=viverra&nunc=pede&donec=ac,TRUE
+https://nytimes.com/vestibulum/ante/ipsum/primis/in.xml?mauris=id&vulputate=ornare&elementum=imperdiet&nullam=sapien&varius=urna&nulla=pretium&facilisi=nisl&cras=ut&non=volutpat&velit=sapien&nec=arcu&nisi=sed&vulputate=augue&nonummy=aliquam&maecenas=erat&tincidunt=volutpat&lacus=in&at=congue&velit=etiam&vivamus=justo&vel=etiam&nulla=pretium&eget=iaculis&eros=justo&elementum=in&pellentesque=hac&quisque=habitasse&porta=platea&volutpat=dictumst&erat=etiam&quisque=faucibus&erat=cursus&eros=urna&viverra=ut&eget=tellus&congue=nulla&eget=ut&semper=erat&rutrum=id&nulla=mauris&nunc=vulputate&purus=elementum&phasellus=nullam&in=varius&felis=nulla&donec=facilisi&semper=cras&sapien=non&a=velit&libero=nec&nam=nisi&dui=vulputate&proin=nonummy&leo=maecenas&odio=tincidunt&porttitor=lacus&id=at&consequat=velit&in=vivamus&consequat=vel&ut=nulla&nulla=eget&sed=eros&accumsan=elementum&felis=pellentesque&ut=quisque&at=porta&dolor=volutpat&quis=erat&odio=quisque&consequat=erat&varius=eros&integer=viverra&ac=eget&leo=congue&pellentesque=eget&ultrices=semper&mattis=rutrum&odio=nulla&donec=nunc&vitae=purus&nisi=phasellus&nam=in&ultrices=felis&libero=donec&non=semper&mattis=sapien,TRUE
+https://printfriendly.com/vestibulum.png?vestibulum=nisl&sagittis=duis&sapien=bibendum&cum=felis&sociis=sed&natoque=interdum&penatibus=venenatis&et=turpis&magnis=enim&dis=blandit&parturient=mi&montes=in&nascetur=porttitor&ridiculus=pede&mus=justo&etiam=eu&vel=massa&augue=donec&vestibulum=dapibus&rutrum=duis&rutrum=at&neque=velit&aenean=eu&auctor=est&gravida=congue&sem=elementum&praesent=in&id=hac&massa=habitasse&id=platea&nisl=dictumst&venenatis=morbi&lacinia=vestibulum&aenean=velit&sit=id&amet=pretium&justo=iaculis&morbi=diam&ut=erat&odio=fermentum&cras=justo&mi=nec&pede=condimentum&malesuada=neque&in=sapien&imperdiet=placerat&et=ante&commodo=nulla&vulputate=justo&justo=aliquam&in=quis&blandit=turpis&ultrices=eget&enim=elit&lorem=sodales&ipsum=scelerisque&dolor=mauris&sit=sit&amet=amet&consectetuer=eros&adipiscing=suspendisse&elit=accumsan&proin=tortor&interdum=quis&mauris=turpis&non=sed&ligula=ante&pellentesque=vivamus&ultrices=tortor&phasellus=duis&id=mattis&sapien=egestas&in=metus&sapien=aenean&iaculis=fermentum&congue=donec&vivamus=ut&metus=mauris&arcu=eget&adipiscing=massa&molestie=tempor&hendrerit=convallis&at=nulla&vulputate=neque&vitae=libero&nisl=convallis&aenean=eget&lectus=eleifend&pellentesque=luctus&eget=ultricies&nunc=eu&donec=nibh&quis=quisque&orci=id&eget=justo&orci=sit&vehicula=amet&condimentum=sapien&curabitur=dignissim,TRUE
+http://utexas.edu/habitasse/platea/dictumst.jsp?sapien=porta&cum=volutpat&sociis=quam&natoque=pede&penatibus=lobortis&et=ligula&magnis=sit&dis=amet&parturient=eleifend&montes=pede&nascetur=libero&ridiculus=quis&mus=orci&etiam=nullam&vel=molestie&augue=nibh&vestibulum=in&rutrum=lectus&rutrum=pellentesque&neque=at&aenean=nulla&auctor=suspendisse&gravida=potenti&sem=cras&praesent=in&id=purus&massa=eu&id=magna&nisl=vulputate&venenatis=luctus&lacinia=cum&aenean=sociis&sit=natoque&amet=penatibus&justo=et&morbi=magnis&ut=dis&odio=parturient&cras=montes&mi=nascetur&pede=ridiculus&malesuada=mus&in=vivamus&imperdiet=vestibulum&et=sagittis&commodo=sapien&vulputate=cum&justo=sociis&in=natoque&blandit=penatibus&ultrices=et&enim=magnis&lorem=dis&ipsum=parturient&dolor=montes&sit=nascetur&amet=ridiculus&consectetuer=mus&adipiscing=etiam&elit=vel&proin=augue&interdum=vestibulum,TRUE
+http://nymag.com/ac/nulla/sed/vel/enim/sit.jpg?at=duis,TRUE
+http://scribd.com/odio/in/hac/habitasse.jsp?vel=suspendisse&augue=ornare&vestibulum=consequat&rutrum=lectus&rutrum=in&neque=est&aenean=risus&auctor=auctor&gravida=sed&sem=tristique&praesent=in&id=tempus&massa=sit&id=amet&nisl=sem&venenatis=fusce&lacinia=consequat&aenean=nulla&sit=nisl,TRUE
+https://statcounter.com/a/pede/posuere.png?sapien=amet&quis=justo&libero=morbi&nullam=ut&sit=odio&amet=cras&turpis=mi&elementum=pede&ligula=malesuada&vehicula=in&consequat=imperdiet&morbi=et&a=commodo&ipsum=vulputate&integer=justo&a=in&nibh=blandit&in=ultrices&quis=enim&justo=lorem&maecenas=ipsum&rhoncus=dolor&aliquam=sit&lacus=amet&morbi=consectetuer&quis=adipiscing&tortor=elit&id=proin&nulla=interdum&ultrices=mauris&aliquet=non&maecenas=ligula&leo=pellentesque&odio=ultrices&condimentum=phasellus&id=id&luctus=sapien&nec=in&molestie=sapien&sed=iaculis&justo=congue&pellentesque=vivamus&viverra=metus&pede=arcu&ac=adipiscing&diam=molestie&cras=hendrerit&pellentesque=at&volutpat=vulputate&dui=vitae&maecenas=nisl&tristique=aenean&est=lectus&et=pellentesque&tempus=eget&semper=nunc&est=donec&quam=quis&pharetra=orci&magna=eget&ac=orci&consequat=vehicula&metus=condimentum&sapien=curabitur&ut=in&nunc=libero&vestibulum=ut&ante=massa&ipsum=volutpat&primis=convallis&in=morbi&faucibus=odio&orci=odio&luctus=elementum&et=eu&ultrices=interdum&posuere=eu&cubilia=tincidunt&curae=in&mauris=leo&viverra=maecenas&diam=pulvinar&vitae=lobortis,TRUE
+https://tripadvisor.com/dolor/quis/odio/consequat/varius.aspx?aliquam=nulla&convallis=ultrices&nunc=aliquet&proin=maecenas&at=leo&turpis=odio&a=condimentum&pede=id&posuere=luctus&nonummy=nec&integer=molestie&non=sed&velit=justo&donec=pellentesque&diam=viverra&neque=pede&vestibulum=ac&eget=diam&vulputate=cras&ut=pellentesque&ultrices=volutpat&vel=dui&augue=maecenas&vestibulum=tristique&ante=est&ipsum=et&primis=tempus&in=semper&faucibus=est&orci=quam&luctus=pharetra&et=magna&ultrices=ac&posuere=consequat&cubilia=metus&curae=sapien&donec=ut&pharetra=nunc&magna=vestibulum&vestibulum=ante&aliquet=ipsum&ultrices=primis&erat=in&tortor=faucibus&sollicitudin=orci&mi=luctus&sit=et&amet=ultrices&lobortis=posuere&sapien=cubilia&sapien=curae&non=mauris&mi=viverra&integer=diam&ac=vitae&neque=quam&duis=suspendisse&bibendum=potenti&morbi=nullam&non=porttitor&quam=lacus&nec=at&dui=turpis&luctus=donec&rutrum=posuere&nulla=metus&tellus=vitae&in=ipsum&sagittis=aliquam&dui=non&vel=mauris&nisl=morbi&duis=non&ac=lectus&nibh=aliquam&fusce=sit&lacus=amet&purus=diam&aliquet=in&at=magna&feugiat=bibendum&non=imperdiet&pretium=nullam&quis=orci&lectus=pede&suspendisse=venenatis&potenti=non&in=sodales&eleifend=sed&quam=tincidunt&a=eu&odio=felis,TRUE
+http://zimbio.com/praesent/id/massa/id/nisl/venenatis/lacinia.png?hac=enim&habitasse=leo&platea=rhoncus&dictumst=sed&aliquam=vestibulum&augue=sit&quam=amet&sollicitudin=cursus&vitae=id&consectetuer=turpis&eget=integer&rutrum=aliquet&at=massa&lorem=id&integer=lobortis&tincidunt=convallis&ante=tortor&vel=risus&ipsum=dapibus&praesent=augue&blandit=vel&lacinia=accumsan&erat=tellus,TRUE
+http://virginia.edu/quisque/arcu/libero.js?est=vestibulum&lacinia=sed&nisi=magna&venenatis=at&tristique=nunc&fusce=commodo&congue=placerat&diam=praesent&id=blandit&ornare=nam&imperdiet=nulla&sapien=integer&urna=pede&pretium=justo&nisl=lacinia&ut=eget&volutpat=tincidunt&sapien=eget&arcu=tempus&sed=vel&augue=pede&aliquam=morbi&erat=porttitor&volutpat=lorem&in=id&congue=ligula&etiam=suspendisse&justo=ornare&etiam=consequat&pretium=lectus&iaculis=in&justo=est&in=risus&hac=auctor&habitasse=sed&platea=tristique&dictumst=in&etiam=tempus&faucibus=sit&cursus=amet&urna=sem&ut=fusce&tellus=consequat&nulla=nulla&ut=nisl&erat=nunc&id=nisl&mauris=duis&vulputate=bibendum&elementum=felis&nullam=sed&varius=interdum&nulla=venenatis&facilisi=turpis&cras=enim&non=blandit&velit=mi&nec=in&nisi=porttitor&vulputate=pede&nonummy=justo&maecenas=eu&tincidunt=massa&lacus=donec&at=dapibus&velit=duis&vivamus=at&vel=velit&nulla=eu&eget=est,TRUE
+https://bizjournals.com/sed/tristique/in/tempus.js?condimentum=fusce&curabitur=congue&in=diam&libero=id&ut=ornare&massa=imperdiet&volutpat=sapien&convallis=urna&morbi=pretium&odio=nisl&odio=ut,TRUE
+http://usnews.com/varius/integer/ac/leo/pellentesque/ultrices/mattis.aspx?sit=tristique&amet=fusce&eros=congue&suspendisse=diam&accumsan=id&tortor=ornare&quis=imperdiet&turpis=sapien&sed=urna&ante=pretium&vivamus=nisl&tortor=ut&duis=volutpat&mattis=sapien&egestas=arcu&metus=sed&aenean=augue&fermentum=aliquam&donec=erat&ut=volutpat&mauris=in&eget=congue&massa=etiam&tempor=justo&convallis=etiam&nulla=pretium&neque=iaculis&libero=justo&convallis=in&eget=hac&eleifend=habitasse&luctus=platea&ultricies=dictumst,TRUE
+http://theguardian.com/vivamus.xml?nec=quis&dui=orci&luctus=nullam&rutrum=molestie&nulla=nibh&tellus=in&in=lectus&sagittis=pellentesque&dui=at&vel=nulla&nisl=suspendisse&duis=potenti&ac=cras&nibh=in&fusce=purus&lacus=eu&purus=magna&aliquet=vulputate&at=luctus&feugiat=cum&non=sociis&pretium=natoque&quis=penatibus&lectus=et&suspendisse=magnis&potenti=dis&in=parturient&eleifend=montes&quam=nascetur&a=ridiculus&odio=mus&in=vivamus&hac=vestibulum&habitasse=sagittis&platea=sapien&dictumst=cum&maecenas=sociis&ut=natoque&massa=penatibus&quis=et&augue=magnis&luctus=dis&tincidunt=parturient&nulla=montes&mollis=nascetur&molestie=ridiculus&lorem=mus&quisque=etiam&ut=vel&erat=augue&curabitur=vestibulum&gravida=rutrum&nisi=rutrum&at=neque&nibh=aenean&in=auctor&hac=gravida&habitasse=sem&platea=praesent&dictumst=id&aliquam=massa&augue=id&quam=nisl,TRUE
+http://macromedia.com/urna/ut/tellus/nulla/ut/erat/id.jsp?consectetuer=at&eget=nulla&rutrum=suspendisse&at=potenti&lorem=cras&integer=in&tincidunt=purus&ante=eu&vel=magna&ipsum=vulputate&praesent=luctus&blandit=cum&lacinia=sociis&erat=natoque,TRUE
+http://blogger.com/auctor/sed.png?ut=vel&erat=augue&curabitur=vestibulum&gravida=rutrum&nisi=rutrum,TRUE
+http://issuu.com/posuere/felis/sed.xml?odio=ultrices&odio=enim&elementum=lorem&eu=ipsum&interdum=dolor&eu=sit&tincidunt=amet&in=consectetuer&leo=adipiscing&maecenas=elit&pulvinar=proin,TRUE
+http://addthis.com/id/nulla/ultrices.html?velit=ligula&id=nec&pretium=sem&iaculis=duis,TRUE
+http://tamu.edu/ante/vestibulum/ante/ipsum.aspx?nec=a&dui=libero&luctus=nam&rutrum=dui&nulla=proin&tellus=leo&in=odio&sagittis=porttitor&dui=id&vel=consequat&nisl=in&duis=consequat&ac=ut&nibh=nulla&fusce=sed&lacus=accumsan&purus=felis&aliquet=ut&at=at&feugiat=dolor&non=quis&pretium=odio&quis=consequat&lectus=varius&suspendisse=integer&potenti=ac&in=leo&eleifend=pellentesque&quam=ultrices&a=mattis&odio=odio&in=donec&hac=vitae&habitasse=nisi&platea=nam&dictumst=ultrices&maecenas=libero&ut=non&massa=mattis&quis=pulvinar&augue=nulla,TRUE
+https://intel.com/mauris/viverra/diam/vitae/quam/suspendisse/potenti.xml?hac=enim&habitasse=blandit&platea=mi&dictumst=in&etiam=porttitor&faucibus=pede&cursus=justo&urna=eu&ut=massa&tellus=donec&nulla=dapibus,TRUE
+http://miibeian.gov.cn/augue.html?sed=ante&vestibulum=vivamus&sit=tortor&amet=duis&cursus=mattis&id=egestas&turpis=metus&integer=aenean&aliquet=fermentum&massa=donec&id=ut&lobortis=mauris&convallis=eget&tortor=massa&risus=tempor&dapibus=convallis&augue=nulla&vel=neque&accumsan=libero&tellus=convallis&nisi=eget&eu=eleifend&orci=luctus&mauris=ultricies&lacinia=eu&sapien=nibh&quis=quisque&libero=id&nullam=justo&sit=sit&amet=amet&turpis=sapien&elementum=dignissim&ligula=vestibulum&vehicula=vestibulum&consequat=ante&morbi=ipsum&a=primis&ipsum=in&integer=faucibus&a=orci&nibh=luctus&in=et&quis=ultrices&justo=posuere&maecenas=cubilia&rhoncus=curae&aliquam=nulla&lacus=dapibus&morbi=dolor&quis=vel&tortor=est&id=donec&nulla=odio&ultrices=justo&aliquet=sollicitudin&maecenas=ut&leo=suscipit&odio=a&condimentum=feugiat&id=et&luctus=eros&nec=vestibulum&molestie=ac&sed=est&justo=lacinia&pellentesque=nisi&viverra=venenatis&pede=tristique&ac=fusce&diam=congue&cras=diam&pellentesque=id&volutpat=ornare&dui=imperdiet&maecenas=sapien&tristique=urna&est=pretium&et=nisl,TRUE
+https://go.com/turpis/eget/elit/sodales/scelerisque/mauris.aspx?id=iaculis&consequat=justo&in=in&consequat=hac&ut=habitasse&nulla=platea&sed=dictumst&accumsan=etiam&felis=faucibus&ut=cursus&at=urna&dolor=ut&quis=tellus&odio=nulla&consequat=ut&varius=erat&integer=id&ac=mauris&leo=vulputate&pellentesque=elementum&ultrices=nullam&mattis=varius,TRUE
+http://about.me/vestibulum.xml?pede=in&malesuada=quam&in=fringilla&imperdiet=rhoncus&et=mauris&commodo=enim&vulputate=leo&justo=rhoncus&in=sed&blandit=vestibulum&ultrices=sit&enim=amet&lorem=cursus&ipsum=id&dolor=turpis&sit=integer&amet=aliquet&consectetuer=massa&adipiscing=id&elit=lobortis&proin=convallis&interdum=tortor&mauris=risus&non=dapibus&ligula=augue&pellentesque=vel&ultrices=accumsan&phasellus=tellus&id=nisi&sapien=eu&in=orci&sapien=mauris&iaculis=lacinia&congue=sapien&vivamus=quis&metus=libero&arcu=nullam&adipiscing=sit&molestie=amet&hendrerit=turpis&at=elementum&vulputate=ligula&vitae=vehicula,TRUE
+https://wufoo.com/augue/vel/accumsan/tellus/nisi.jpg?venenatis=massa&non=quis&sodales=augue&sed=luctus&tincidunt=tincidunt&eu=nulla&felis=mollis&fusce=molestie&posuere=lorem&felis=quisque&sed=ut&lacus=erat&morbi=curabitur&sem=gravida&mauris=nisi&laoreet=at&ut=nibh&rhoncus=in&aliquet=hac&pulvinar=habitasse&sed=platea&nisl=dictumst&nunc=aliquam&rhoncus=augue&dui=quam&vel=sollicitudin&sem=vitae&sed=consectetuer&sagittis=eget&nam=rutrum&congue=at&risus=lorem&semper=integer&porta=tincidunt&volutpat=ante&quam=vel&pede=ipsum&lobortis=praesent&ligula=blandit&sit=lacinia&amet=erat&eleifend=vestibulum&pede=sed&libero=magna&quis=at&orci=nunc&nullam=commodo&molestie=placerat&nibh=praesent&in=blandit&lectus=nam&pellentesque=nulla&at=integer&nulla=pede&suspendisse=justo&potenti=lacinia&cras=eget&in=tincidunt&purus=eget&eu=tempus&magna=vel&vulputate=pede&luctus=morbi&cum=porttitor&sociis=lorem&natoque=id,TRUE
+https://apache.org/proin/interdum/mauris/non.xml?placerat=praesent&ante=blandit&nulla=nam&justo=nulla&aliquam=integer&quis=pede&turpis=justo&eget=lacinia&elit=eget&sodales=tincidunt&scelerisque=eget&mauris=tempus&sit=vel&amet=pede&eros=morbi&suspendisse=porttitor&accumsan=lorem&tortor=id&quis=ligula&turpis=suspendisse&sed=ornare&ante=consequat&vivamus=lectus&tortor=in&duis=est&mattis=risus&egestas=auctor&metus=sed&aenean=tristique&fermentum=in&donec=tempus&ut=sit&mauris=amet&eget=sem&massa=fusce&tempor=consequat&convallis=nulla&nulla=nisl&neque=nunc&libero=nisl&convallis=duis&eget=bibendum&eleifend=felis&luctus=sed&ultricies=interdum&eu=venenatis&nibh=turpis&quisque=enim&id=blandit&justo=mi&sit=in&amet=porttitor&sapien=pede&dignissim=justo&vestibulum=eu&vestibulum=massa&ante=donec&ipsum=dapibus&primis=duis&in=at&faucibus=velit&orci=eu&luctus=est&et=congue&ultrices=elementum&posuere=in&cubilia=hac&curae=habitasse,TRUE
+http://yandex.ru/pulvinar/lobortis.jsp?eros=cras&vestibulum=pellentesque&ac=volutpat,TRUE
+http://vk.com/ultrices/phasellus/id/sapien/in.png?in=donec&sapien=odio&iaculis=justo&congue=sollicitudin&vivamus=ut&metus=suscipit&arcu=a&adipiscing=feugiat&molestie=et&hendrerit=eros&at=vestibulum&vulputate=ac&vitae=est&nisl=lacinia&aenean=nisi&lectus=venenatis&pellentesque=tristique&eget=fusce&nunc=congue&donec=diam&quis=id&orci=ornare&eget=imperdiet&orci=sapien&vehicula=urna&condimentum=pretium&curabitur=nisl&in=ut&libero=volutpat&ut=sapien&massa=arcu&volutpat=sed&convallis=augue&morbi=aliquam&odio=erat,TRUE
+http://prweb.com/integer/ac/neque/duis.js?nulla=at&dapibus=nulla&dolor=suspendisse&vel=potenti&est=cras&donec=in&odio=purus&justo=eu&sollicitudin=magna&ut=vulputate&suscipit=luctus&a=cum&feugiat=sociis&et=natoque&eros=penatibus&vestibulum=et&ac=magnis&est=dis&lacinia=parturient&nisi=montes&venenatis=nascetur&tristique=ridiculus&fusce=mus&congue=vivamus&diam=vestibulum&id=sagittis&ornare=sapien&imperdiet=cum&sapien=sociis&urna=natoque&pretium=penatibus&nisl=et&ut=magnis&volutpat=dis&sapien=parturient&arcu=montes&sed=nascetur&augue=ridiculus&aliquam=mus&erat=etiam&volutpat=vel&in=augue&congue=vestibulum&etiam=rutrum&justo=rutrum&etiam=neque&pretium=aenean&iaculis=auctor&justo=gravida&in=sem&hac=praesent&habitasse=id&platea=massa&dictumst=id&etiam=nisl&faucibus=venenatis&cursus=lacinia&urna=aenean&ut=sit&tellus=amet&nulla=justo&ut=morbi&erat=ut&id=odio&mauris=cras&vulputate=mi&elementum=pede&nullam=malesuada&varius=in,TRUE
+https://amazon.com/sit/amet/nulla/quisque/arcu/libero.xml?aliquam=sapien&quis=placerat&turpis=ante&eget=nulla&elit=justo&sodales=aliquam&scelerisque=quis&mauris=turpis&sit=eget&amet=elit&eros=sodales&suspendisse=scelerisque&accumsan=mauris&tortor=sit&quis=amet&turpis=eros&sed=suspendisse&ante=accumsan&vivamus=tortor&tortor=quis&duis=turpis&mattis=sed&egestas=ante&metus=vivamus&aenean=tortor&fermentum=duis&donec=mattis&ut=egestas&mauris=metus&eget=aenean&massa=fermentum&tempor=donec&convallis=ut&nulla=mauris&neque=eget&libero=massa&convallis=tempor&eget=convallis&eleifend=nulla&luctus=neque&ultricies=libero&eu=convallis&nibh=eget&quisque=eleifend&id=luctus&justo=ultricies&sit=eu&amet=nibh&sapien=quisque&dignissim=id&vestibulum=justo&vestibulum=sit&ante=amet&ipsum=sapien&primis=dignissim&in=vestibulum&faucibus=vestibulum&orci=ante&luctus=ipsum&et=primis&ultrices=in&posuere=faucibus&cubilia=orci&curae=luctus&nulla=et&dapibus=ultrices&dolor=posuere&vel=cubilia&est=curae&donec=nulla&odio=dapibus&justo=dolor&sollicitudin=vel&ut=est,TRUE
+https://free.fr/pede/morbi/porttitor/lorem.png?platea=vestibulum&dictumst=ante&morbi=ipsum&vestibulum=primis&velit=in&id=faucibus&pretium=orci&iaculis=luctus&diam=et&erat=ultrices&fermentum=posuere&justo=cubilia&nec=curae&condimentum=duis&neque=faucibus&sapien=accumsan&placerat=odio&ante=curabitur&nulla=convallis&justo=duis&aliquam=consequat&quis=dui&turpis=nec&eget=nisi&elit=volutpat&sodales=eleifend&scelerisque=donec&mauris=ut&sit=dolor&amet=morbi&eros=vel&suspendisse=lectus&accumsan=in&tortor=quam&quis=fringilla&turpis=rhoncus&sed=mauris&ante=enim&vivamus=leo&tortor=rhoncus&duis=sed&mattis=vestibulum&egestas=sit&metus=amet&aenean=cursus&fermentum=id&donec=turpis&ut=integer&mauris=aliquet&eget=massa&massa=id&tempor=lobortis&convallis=convallis&nulla=tortor&neque=risus&libero=dapibus&convallis=augue&eget=vel&eleifend=accumsan&luctus=tellus&ultricies=nisi&eu=eu&nibh=orci&quisque=mauris&id=lacinia&justo=sapien&sit=quis&amet=libero&sapien=nullam&dignissim=sit&vestibulum=amet&vestibulum=turpis&ante=elementum&ipsum=ligula&primis=vehicula&in=consequat&faucibus=morbi&orci=a&luctus=ipsum&et=integer&ultrices=a&posuere=nibh&cubilia=in&curae=quis&nulla=justo&dapibus=maecenas&dolor=rhoncus&vel=aliquam,TRUE
+https://weebly.com/tristique.jpg?lectus=in&vestibulum=purus&quam=eu&sapien=magna&varius=vulputate&ut=luctus&blandit=cum&non=sociis&interdum=natoque&in=penatibus&ante=et&vestibulum=magnis&ante=dis&ipsum=parturient&primis=montes&in=nascetur&faucibus=ridiculus&orci=mus&luctus=vivamus&et=vestibulum&ultrices=sagittis&posuere=sapien&cubilia=cum&curae=sociis&duis=natoque&faucibus=penatibus&accumsan=et&odio=magnis&curabitur=dis&convallis=parturient&duis=montes&consequat=nascetur&dui=ridiculus&nec=mus&nisi=etiam&volutpat=vel&eleifend=augue&donec=vestibulum&ut=rutrum&dolor=rutrum&morbi=neque&vel=aenean&lectus=auctor&in=gravida&quam=sem&fringilla=praesent&rhoncus=id&mauris=massa&enim=id&leo=nisl&rhoncus=venenatis&sed=lacinia&vestibulum=aenean&sit=sit&amet=amet&cursus=justo&id=morbi&turpis=ut&integer=odio&aliquet=cras&massa=mi&id=pede&lobortis=malesuada&convallis=in&tortor=imperdiet&risus=et&dapibus=commodo&augue=vulputate&vel=justo&accumsan=in&tellus=blandit&nisi=ultrices&eu=enim&orci=lorem,TRUE
+https://auda.org.au/sit.jpg?sed=felis&accumsan=sed&felis=lacus&ut=morbi&at=sem&dolor=mauris&quis=laoreet&odio=ut&consequat=rhoncus&varius=aliquet,TRUE
+https://thetimes.co.uk/donec/vitae/nisi/nam.jsp?tempus=nisi&sit=volutpat&amet=eleifend&sem=donec&fusce=ut&consequat=dolor&nulla=morbi&nisl=vel&nunc=lectus&nisl=in&duis=quam&bibendum=fringilla&felis=rhoncus&sed=mauris&interdum=enim&venenatis=leo&turpis=rhoncus&enim=sed,TRUE
+https://patch.com/at/velit/eu/est/congue/elementum/in.jpg?pretium=lobortis&nisl=ligula&ut=sit&volutpat=amet&sapien=eleifend&arcu=pede&sed=libero&augue=quis&aliquam=orci&erat=nullam&volutpat=molestie&in=nibh&congue=in&etiam=lectus&justo=pellentesque&etiam=at&pretium=nulla&iaculis=suspendisse&justo=potenti&in=cras&hac=in&habitasse=purus&platea=eu&dictumst=magna&etiam=vulputate&faucibus=luctus&cursus=cum&urna=sociis&ut=natoque&tellus=penatibus&nulla=et&ut=magnis&erat=dis&id=parturient&mauris=montes&vulputate=nascetur&elementum=ridiculus&nullam=mus&varius=vivamus&nulla=vestibulum&facilisi=sagittis&cras=sapien&non=cum&velit=sociis&nec=natoque&nisi=penatibus&vulputate=et&nonummy=magnis&maecenas=dis&tincidunt=parturient&lacus=montes&at=nascetur&velit=ridiculus&vivamus=mus&vel=etiam&nulla=vel&eget=augue&eros=vestibulum&elementum=rutrum&pellentesque=rutrum&quisque=neque&porta=aenean&volutpat=auctor&erat=gravida&quisque=sem&erat=praesent&eros=id&viverra=massa&eget=id&congue=nisl&eget=venenatis,TRUE
+http://pbs.org/posuere/cubilia.html?eros=pharetra&suspendisse=magna&accumsan=vestibulum&tortor=aliquet&quis=ultrices&turpis=erat&sed=tortor&ante=sollicitudin&vivamus=mi&tortor=sit&duis=amet&mattis=lobortis&egestas=sapien&metus=sapien&aenean=non&fermentum=mi&donec=integer&ut=ac&mauris=neque&eget=duis&massa=bibendum&tempor=morbi&convallis=non&nulla=quam&neque=nec&libero=dui&convallis=luctus&eget=rutrum&eleifend=nulla&luctus=tellus&ultricies=in&eu=sagittis&nibh=dui&quisque=vel&id=nisl&justo=duis&sit=ac&amet=nibh&sapien=fusce&dignissim=lacus&vestibulum=purus&vestibulum=aliquet&ante=at&ipsum=feugiat&primis=non&in=pretium&faucibus=quis&orci=lectus&luctus=suspendisse&et=potenti&ultrices=in&posuere=eleifend,TRUE
+https://nba.com/id/ornare/imperdiet/sapien/urna.png?duis=lobortis&bibendum=convallis&morbi=tortor&non=risus&quam=dapibus&nec=augue&dui=vel&luctus=accumsan&rutrum=tellus&nulla=nisi&tellus=eu&in=orci&sagittis=mauris&dui=lacinia&vel=sapien&nisl=quis&duis=libero&ac=nullam&nibh=sit&fusce=amet&lacus=turpis&purus=elementum&aliquet=ligula&at=vehicula&feugiat=consequat&non=morbi&pretium=a&quis=ipsum&lectus=integer&suspendisse=a&potenti=nibh&in=in,TRUE
+https://weebly.com/dolor/quis/odio.js?at=felis&nunc=ut&commodo=at&placerat=dolor&praesent=quis&blandit=odio&nam=consequat&nulla=varius&integer=integer&pede=ac&justo=leo&lacinia=pellentesque&eget=ultrices&tincidunt=mattis&eget=odio&tempus=donec&vel=vitae&pede=nisi&morbi=nam&porttitor=ultrices&lorem=libero&id=non&ligula=mattis&suspendisse=pulvinar&ornare=nulla&consequat=pede&lectus=ullamcorper&in=augue&est=a&risus=suscipit&auctor=nulla&sed=elit&tristique=ac&in=nulla&tempus=sed&sit=vel&amet=enim&sem=sit&fusce=amet&consequat=nunc&nulla=viverra&nisl=dapibus&nunc=nulla&nisl=suscipit&duis=ligula&bibendum=in&felis=lacus&sed=curabitur&interdum=at&venenatis=ipsum&turpis=ac&enim=tellus&blandit=semper&mi=interdum&in=mauris&porttitor=ullamcorper&pede=purus&justo=sit&eu=amet&massa=nulla&donec=quisque&dapibus=arcu&duis=libero,TRUE
+https://altervista.org/vestibulum/proin/eu/mi/nulla/ac.png?laoreet=cubilia&ut=curae&rhoncus=mauris&aliquet=viverra&pulvinar=diam&sed=vitae&nisl=quam&nunc=suspendisse&rhoncus=potenti&dui=nullam&vel=porttitor&sem=lacus&sed=at&sagittis=turpis&nam=donec&congue=posuere&risus=metus&semper=vitae&porta=ipsum&volutpat=aliquam&quam=non&pede=mauris&lobortis=morbi&ligula=non&sit=lectus&amet=aliquam&eleifend=sit&pede=amet&libero=diam&quis=in&orci=magna&nullam=bibendum&molestie=imperdiet&nibh=nullam&in=orci,TRUE
+https://biglobe.ne.jp/enim/sit/amet/nunc/viverra.xml?ultrices=fermentum&phasellus=donec&id=ut&sapien=mauris&in=eget&sapien=massa&iaculis=tempor&congue=convallis&vivamus=nulla&metus=neque&arcu=libero&adipiscing=convallis&molestie=eget&hendrerit=eleifend&at=luctus&vulputate=ultricies&vitae=eu&nisl=nibh&aenean=quisque&lectus=id&pellentesque=justo&eget=sit&nunc=amet&donec=sapien&quis=dignissim&orci=vestibulum&eget=vestibulum&orci=ante&vehicula=ipsum&condimentum=primis&curabitur=in&in=faucibus&libero=orci&ut=luctus&massa=et&volutpat=ultrices&convallis=posuere&morbi=cubilia&odio=curae&odio=nulla&elementum=dapibus&eu=dolor&interdum=vel&eu=est&tincidunt=donec&in=odio&leo=justo&maecenas=sollicitudin&pulvinar=ut&lobortis=suscipit&est=a&phasellus=feugiat&sit=et&amet=eros&erat=vestibulum&nulla=ac&tempus=est&vivamus=lacinia&in=nisi&felis=venenatis&eu=tristique&sapien=fusce&cursus=congue&vestibulum=diam&proin=id&eu=ornare&mi=imperdiet&nulla=sapien&ac=urna&enim=pretium&in=nisl&tempor=ut&turpis=volutpat&nec=sapien&euismod=arcu&scelerisque=sed&quam=augue&turpis=aliquam&adipiscing=erat&lorem=volutpat&vitae=in&mattis=congue&nibh=etiam&ligula=justo&nec=etiam&sem=pretium&duis=iaculis&aliquam=justo&convallis=in&nunc=hac&proin=habitasse&at=platea&turpis=dictumst,TRUE
+http://businesswire.com/amet/sapien/dignissim/vestibulum/vestibulum/ante/ipsum.json?aliquam=ipsum&augue=primis&quam=in&sollicitudin=faucibus&vitae=orci&consectetuer=luctus&eget=et&rutrum=ultrices&at=posuere&lorem=cubilia&integer=curae&tincidunt=mauris&ante=viverra&vel=diam&ipsum=vitae&praesent=quam&blandit=suspendisse&lacinia=potenti&erat=nullam&vestibulum=porttitor&sed=lacus&magna=at&at=turpis&nunc=donec&commodo=posuere,TRUE
+http://dyndns.org/vel/pede/morbi.jsp?ut=posuere&rhoncus=cubilia&aliquet=curae&pulvinar=duis&sed=faucibus&nisl=accumsan&nunc=odio&rhoncus=curabitur&dui=convallis&vel=duis&sem=consequat&sed=dui&sagittis=nec&nam=nisi&congue=volutpat&risus=eleifend&semper=donec&porta=ut&volutpat=dolor&quam=morbi&pede=vel&lobortis=lectus&ligula=in&sit=quam&amet=fringilla&eleifend=rhoncus&pede=mauris&libero=enim&quis=leo&orci=rhoncus&nullam=sed&molestie=vestibulum&nibh=sit&in=amet&lectus=cursus&pellentesque=id&at=turpis&nulla=integer&suspendisse=aliquet&potenti=massa&cras=id&in=lobortis&purus=convallis&eu=tortor&magna=risus&vulputate=dapibus&luctus=augue&cum=vel&sociis=accumsan&natoque=tellus&penatibus=nisi&et=eu&magnis=orci&dis=mauris&parturient=lacinia,TRUE
+http://aboutads.info/in.png?volutpat=tempus&erat=semper&quisque=est&erat=quam&eros=pharetra&viverra=magna&eget=ac&congue=consequat&eget=metus&semper=sapien&rutrum=ut&nulla=nunc&nunc=vestibulum&purus=ante&phasellus=ipsum&in=primis&felis=in&donec=faucibus&semper=orci&sapien=luctus&a=et&libero=ultrices&nam=posuere&dui=cubilia&proin=curae&leo=mauris&odio=viverra&porttitor=diam&id=vitae&consequat=quam&in=suspendisse&consequat=potenti&ut=nullam&nulla=porttitor&sed=lacus&accumsan=at&felis=turpis&ut=donec&at=posuere&dolor=metus&quis=vitae&odio=ipsum&consequat=aliquam&varius=non&integer=mauris&ac=morbi&leo=non&pellentesque=lectus&ultrices=aliquam&mattis=sit&odio=amet&donec=diam&vitae=in&nisi=magna&nam=bibendum&ultrices=imperdiet&libero=nullam&non=orci&mattis=pede&pulvinar=venenatis&nulla=non&pede=sodales&ullamcorper=sed&augue=tincidunt&a=eu,TRUE
+https://yale.edu/non/mattis/pulvinar/nulla/pede/ullamcorper.aspx?nisi=est&vulputate=donec&nonummy=odio&maecenas=justo&tincidunt=sollicitudin&lacus=ut&at=suscipit&velit=a&vivamus=feugiat&vel=et&nulla=eros&eget=vestibulum&eros=ac&elementum=est&pellentesque=lacinia&quisque=nisi&porta=venenatis&volutpat=tristique&erat=fusce&quisque=congue&erat=diam&eros=id&viverra=ornare&eget=imperdiet&congue=sapien&eget=urna&semper=pretium&rutrum=nisl&nulla=ut&nunc=volutpat&purus=sapien&phasellus=arcu&in=sed&felis=augue&donec=aliquam&semper=erat,TRUE
+https://wunderground.com/amet/consectetuer/adipiscing/elit/proin.html?sodales=nisi&scelerisque=venenatis&mauris=tristique&sit=fusce&amet=congue&eros=diam&suspendisse=id&accumsan=ornare&tortor=imperdiet&quis=sapien,TRUE
+http://naver.com/potenti.xml?pellentesque=amet&viverra=diam&pede=in&ac=magna&diam=bibendum&cras=imperdiet&pellentesque=nullam&volutpat=orci&dui=pede&maecenas=venenatis&tristique=non&est=sodales&et=sed&tempus=tincidunt&semper=eu&est=felis&quam=fusce&pharetra=posuere&magna=felis&ac=sed&consequat=lacus&metus=morbi&sapien=sem&ut=mauris&nunc=laoreet&vestibulum=ut&ante=rhoncus&ipsum=aliquet&primis=pulvinar&in=sed&faucibus=nisl&orci=nunc&luctus=rhoncus&et=dui&ultrices=vel&posuere=sem,TRUE
+https://timesonline.co.uk/ante/ipsum/primis/in/faucibus/orci.png?curae=habitasse&donec=platea&pharetra=dictumst&magna=aliquam&vestibulum=augue&aliquet=quam&ultrices=sollicitudin&erat=vitae&tortor=consectetuer&sollicitudin=eget&mi=rutrum&sit=at&amet=lorem&lobortis=integer&sapien=tincidunt&sapien=ante&non=vel&mi=ipsum&integer=praesent&ac=blandit&neque=lacinia&duis=erat&bibendum=vestibulum&morbi=sed&non=magna&quam=at&nec=nunc&dui=commodo&luctus=placerat&rutrum=praesent&nulla=blandit&tellus=nam&in=nulla&sagittis=integer&dui=pede&vel=justo&nisl=lacinia&duis=eget&ac=tincidunt&nibh=eget&fusce=tempus&lacus=vel&purus=pede&aliquet=morbi&at=porttitor&feugiat=lorem&non=id&pretium=ligula&quis=suspendisse&lectus=ornare&suspendisse=consequat&potenti=lectus&in=in&eleifend=est&quam=risus&a=auctor&odio=sed&in=tristique&hac=in&habitasse=tempus&platea=sit&dictumst=amet&maecenas=sem&ut=fusce&massa=consequat&quis=nulla&augue=nisl&luctus=nunc&tincidunt=nisl&nulla=duis&mollis=bibendum&molestie=felis&lorem=sed&quisque=interdum&ut=venenatis&erat=turpis&curabitur=enim&gravida=blandit&nisi=mi&at=in,TRUE
+http://msn.com/morbi/non/lectus/aliquam/sit/amet/diam.png?magna=eget&bibendum=vulputate&imperdiet=ut&nullam=ultrices&orci=vel&pede=augue&venenatis=vestibulum&non=ante&sodales=ipsum&sed=primis&tincidunt=in&eu=faucibus&felis=orci&fusce=luctus&posuere=et&felis=ultrices&sed=posuere&lacus=cubilia&morbi=curae&sem=donec&mauris=pharetra&laoreet=magna&ut=vestibulum&rhoncus=aliquet&aliquet=ultrices&pulvinar=erat&sed=tortor&nisl=sollicitudin&nunc=mi&rhoncus=sit&dui=amet&vel=lobortis&sem=sapien&sed=sapien&sagittis=non&nam=mi&congue=integer&risus=ac&semper=neque&porta=duis&volutpat=bibendum&quam=morbi&pede=non&lobortis=quam&ligula=nec&sit=dui&amet=luctus&eleifend=rutrum&pede=nulla&libero=tellus&quis=in&orci=sagittis&nullam=dui&molestie=vel&nibh=nisl&in=duis&lectus=ac&pellentesque=nibh&at=fusce&nulla=lacus&suspendisse=purus&potenti=aliquet&cras=at&in=feugiat&purus=non&eu=pretium&magna=quis&vulputate=lectus&luctus=suspendisse&cum=potenti&sociis=in&natoque=eleifend&penatibus=quam&et=a&magnis=odio&dis=in&parturient=hac&montes=habitasse&nascetur=platea&ridiculus=dictumst&mus=maecenas&vivamus=ut&vestibulum=massa&sagittis=quis&sapien=augue&cum=luctus&sociis=tincidunt,TRUE
+http://people.com.cn/aliquet.jsp?velit=justo&eu=lacinia&est=eget&congue=tincidunt&elementum=eget&in=tempus&hac=vel&habitasse=pede&platea=morbi&dictumst=porttitor&morbi=lorem&vestibulum=id&velit=ligula&id=suspendisse&pretium=ornare&iaculis=consequat&diam=lectus&erat=in&fermentum=est&justo=risus&nec=auctor&condimentum=sed&neque=tristique&sapien=in&placerat=tempus&ante=sit&nulla=amet&justo=sem&aliquam=fusce&quis=consequat&turpis=nulla&eget=nisl&elit=nunc&sodales=nisl&scelerisque=duis&mauris=bibendum&sit=felis,TRUE
+http://berkeley.edu/elit/sodales/scelerisque/mauris/sit/amet/eros.jpg?sed=suspendisse&lacus=potenti&morbi=cras&sem=in&mauris=purus&laoreet=eu&ut=magna&rhoncus=vulputate&aliquet=luctus&pulvinar=cum&sed=sociis&nisl=natoque&nunc=penatibus&rhoncus=et&dui=magnis&vel=dis&sem=parturient&sed=montes&sagittis=nascetur&nam=ridiculus&congue=mus&risus=vivamus&semper=vestibulum&porta=sagittis&volutpat=sapien&quam=cum&pede=sociis&lobortis=natoque&ligula=penatibus&sit=et&amet=magnis&eleifend=dis&pede=parturient&libero=montes&quis=nascetur&orci=ridiculus&nullam=mus&molestie=etiam&nibh=vel&in=augue&lectus=vestibulum&pellentesque=rutrum&at=rutrum&nulla=neque&suspendisse=aenean&potenti=auctor&cras=gravida&in=sem&purus=praesent&eu=id&magna=massa&vulputate=id&luctus=nisl&cum=venenatis&sociis=lacinia&natoque=aenean&penatibus=sit&et=amet&magnis=justo&dis=morbi&parturient=ut&montes=odio&nascetur=cras&ridiculus=mi&mus=pede&vivamus=malesuada&vestibulum=in&sagittis=imperdiet&sapien=et&cum=commodo&sociis=vulputate&natoque=justo&penatibus=in&et=blandit&magnis=ultrices&dis=enim,TRUE
+https://taobao.com/lorem/quisque/ut/erat/curabitur/gravida.json?ultrices=nulla&posuere=quisque&cubilia=arcu&curae=libero&donec=rutrum&pharetra=ac&magna=lobortis&vestibulum=vel&aliquet=dapibus&ultrices=at&erat=diam&tortor=nam,TRUE
+https://oakley.com/mi/in/porttitor.json?eget=lorem&orci=ipsum&vehicula=dolor&condimentum=sit&curabitur=amet&in=consectetuer&libero=adipiscing&ut=elit&massa=proin&volutpat=interdum&convallis=mauris&morbi=non&odio=ligula&odio=pellentesque&elementum=ultrices&eu=phasellus&interdum=id&eu=sapien&tincidunt=in&in=sapien&leo=iaculis&maecenas=congue&pulvinar=vivamus&lobortis=metus&est=arcu&phasellus=adipiscing&sit=molestie&amet=hendrerit&erat=at&nulla=vulputate&tempus=vitae&vivamus=nisl&in=aenean&felis=lectus&eu=pellentesque&sapien=eget&cursus=nunc&vestibulum=donec&proin=quis&eu=orci&mi=eget&nulla=orci&ac=vehicula&enim=condimentum&in=curabitur&tempor=in&turpis=libero&nec=ut&euismod=massa&scelerisque=volutpat&quam=convallis&turpis=morbi&adipiscing=odio&lorem=odio&vitae=elementum&mattis=eu&nibh=interdum&ligula=eu&nec=tincidunt&sem=in&duis=leo,TRUE
+http://techcrunch.com/nulla/pede/ullamcorper/augue/a/suscipit/nulla.html?ligula=vestibulum&nec=ante&sem=ipsum&duis=primis&aliquam=in&convallis=faucibus&nunc=orci&proin=luctus&at=et&turpis=ultrices&a=posuere&pede=cubilia&posuere=curae&nonummy=duis&integer=faucibus&non=accumsan&velit=odio&donec=curabitur&diam=convallis&neque=duis&vestibulum=consequat&eget=dui&vulputate=nec&ut=nisi&ultrices=volutpat&vel=eleifend&augue=donec&vestibulum=ut&ante=dolor&ipsum=morbi&primis=vel&in=lectus&faucibus=in&orci=quam&luctus=fringilla&et=rhoncus&ultrices=mauris&posuere=enim&cubilia=leo&curae=rhoncus&donec=sed&pharetra=vestibulum&magna=sit&vestibulum=amet&aliquet=cursus&ultrices=id&erat=turpis&tortor=integer&sollicitudin=aliquet&mi=massa&sit=id&amet=lobortis&lobortis=convallis&sapien=tortor&sapien=risus&non=dapibus&mi=augue&integer=vel&ac=accumsan&neque=tellus&duis=nisi&bibendum=eu&morbi=orci&non=mauris&quam=lacinia&nec=sapien&dui=quis&luctus=libero&rutrum=nullam&nulla=sit&tellus=amet&in=turpis&sagittis=elementum&dui=ligula&vel=vehicula,TRUE
+https://chron.com/et/eros/vestibulum.json?rhoncus=morbi&aliquam=non&lacus=lectus&morbi=aliquam&quis=sit&tortor=amet&id=diam&nulla=in&ultrices=magna&aliquet=bibendum&maecenas=imperdiet&leo=nullam&odio=orci&condimentum=pede&id=venenatis&luctus=non&nec=sodales&molestie=sed&sed=tincidunt&justo=eu&pellentesque=felis&viverra=fusce&pede=posuere,TRUE
+https://deliciousdays.com/erat/tortor/sollicitudin.jpg?pede=praesent&libero=lectus&quis=vestibulum&orci=quam&nullam=sapien&molestie=varius&nibh=ut&in=blandit&lectus=non&pellentesque=interdum&at=in&nulla=ante&suspendisse=vestibulum&potenti=ante&cras=ipsum&in=primis&purus=in&eu=faucibus&magna=orci&vulputate=luctus&luctus=et&cum=ultrices&sociis=posuere&natoque=cubilia&penatibus=curae&et=duis&magnis=faucibus&dis=accumsan&parturient=odio,TRUE
+https://reddit.com/iaculis/justo/in.aspx?a=donec&ipsum=odio&integer=justo&a=sollicitudin&nibh=ut&in=suscipit&quis=a&justo=feugiat&maecenas=et&rhoncus=eros&aliquam=vestibulum&lacus=ac&morbi=est&quis=lacinia&tortor=nisi&id=venenatis&nulla=tristique&ultrices=fusce&aliquet=congue&maecenas=diam&leo=id&odio=ornare&condimentum=imperdiet&id=sapien&luctus=urna&nec=pretium&molestie=nisl&sed=ut&justo=volutpat&pellentesque=sapien&viverra=arcu&pede=sed&ac=augue&diam=aliquam&cras=erat&pellentesque=volutpat&volutpat=in&dui=congue&maecenas=etiam&tristique=justo&est=etiam&et=pretium&tempus=iaculis&semper=justo&est=in&quam=hac&pharetra=habitasse&magna=platea&ac=dictumst&consequat=etiam&metus=faucibus&sapien=cursus&ut=urna&nunc=ut&vestibulum=tellus&ante=nulla&ipsum=ut&primis=erat&in=id&faucibus=mauris&orci=vulputate&luctus=elementum&et=nullam&ultrices=varius&posuere=nulla&cubilia=facilisi&curae=cras&mauris=non&viverra=velit&diam=nec&vitae=nisi&quam=vulputate&suspendisse=nonummy&potenti=maecenas&nullam=tincidunt&porttitor=lacus&lacus=at&at=velit&turpis=vivamus&donec=vel&posuere=nulla&metus=eget&vitae=eros&ipsum=elementum&aliquam=pellentesque&non=quisque&mauris=porta&morbi=volutpat&non=erat&lectus=quisque&aliquam=erat&sit=eros&amet=viverra,TRUE
+http://mozilla.org/lectus/aliquam/sit.aspx?duis=eget&aliquam=rutrum&convallis=at&nunc=lorem&proin=integer&at=tincidunt&turpis=ante&a=vel&pede=ipsum&posuere=praesent&nonummy=blandit&integer=lacinia&non=erat&velit=vestibulum&donec=sed&diam=magna&neque=at&vestibulum=nunc&eget=commodo&vulputate=placerat&ut=praesent&ultrices=blandit&vel=nam&augue=nulla&vestibulum=integer&ante=pede&ipsum=justo&primis=lacinia&in=eget&faucibus=tincidunt&orci=eget&luctus=tempus&et=vel&ultrices=pede&posuere=morbi&cubilia=porttitor&curae=lorem,TRUE
+http://scientificamerican.com/ipsum/integer/a.aspx?rhoncus=sapien&sed=iaculis&vestibulum=congue&sit=vivamus&amet=metus&cursus=arcu&id=adipiscing&turpis=molestie&integer=hendrerit&aliquet=at&massa=vulputate&id=vitae&lobortis=nisl&convallis=aenean&tortor=lectus&risus=pellentesque&dapibus=eget&augue=nunc&vel=donec&accumsan=quis&tellus=orci&nisi=eget&eu=orci,TRUE
+https://spotify.com/vel/sem.js?cubilia=pellentesque&curae=quisque&nulla=porta&dapibus=volutpat&dolor=erat&vel=quisque&est=erat&donec=eros&odio=viverra&justo=eget&sollicitudin=congue&ut=eget&suscipit=semper&a=rutrum&feugiat=nulla&et=nunc&eros=purus&vestibulum=phasellus&ac=in&est=felis&lacinia=donec&nisi=semper&venenatis=sapien&tristique=a&fusce=libero&congue=nam&diam=dui&id=proin&ornare=leo&imperdiet=odio&sapien=porttitor&urna=id&pretium=consequat&nisl=in&ut=consequat&volutpat=ut&sapien=nulla&arcu=sed&sed=accumsan&augue=felis&aliquam=ut&erat=at&volutpat=dolor&in=quis&congue=odio&etiam=consequat&justo=varius&etiam=integer&pretium=ac&iaculis=leo&justo=pellentesque&in=ultrices&hac=mattis&habitasse=odio&platea=donec&dictumst=vitae&etiam=nisi&faucibus=nam&cursus=ultrices&urna=libero&ut=non&tellus=mattis&nulla=pulvinar&ut=nulla&erat=pede&id=ullamcorper&mauris=augue&vulputate=a&elementum=suscipit&nullam=nulla&varius=elit&nulla=ac&facilisi=nulla&cras=sed&non=vel&velit=enim&nec=sit&nisi=amet&vulputate=nunc&nonummy=viverra&maecenas=dapibus&tincidunt=nulla&lacus=suscipit&at=ligula&velit=in&vivamus=lacus&vel=curabitur&nulla=at,TRUE
+https://ftc.gov/duis/bibendum.jpg?parturient=vel&montes=accumsan&nascetur=tellus&ridiculus=nisi&mus=eu&vivamus=orci&vestibulum=mauris&sagittis=lacinia&sapien=sapien&cum=quis&sociis=libero&natoque=nullam&penatibus=sit&et=amet&magnis=turpis&dis=elementum&parturient=ligula&montes=vehicula&nascetur=consequat&ridiculus=morbi&mus=a&etiam=ipsum&vel=integer&augue=a&vestibulum=nibh&rutrum=in&rutrum=quis&neque=justo&aenean=maecenas&auctor=rhoncus&gravida=aliquam&sem=lacus&praesent=morbi&id=quis&massa=tortor&id=id&nisl=nulla&venenatis=ultrices&lacinia=aliquet&aenean=maecenas&sit=leo&amet=odio&justo=condimentum&morbi=id&ut=luctus&odio=nec&cras=molestie&mi=sed&pede=justo&malesuada=pellentesque&in=viverra&imperdiet=pede&et=ac&commodo=diam&vulputate=cras&justo=pellentesque&in=volutpat&blandit=dui&ultrices=maecenas&enim=tristique&lorem=est&ipsum=et&dolor=tempus&sit=semper&amet=est&consectetuer=quam&adipiscing=pharetra&elit=magna&proin=ac&interdum=consequat&mauris=metus&non=sapien&ligula=ut&pellentesque=nunc&ultrices=vestibulum&phasellus=ante&id=ipsum&sapien=primis&in=in&sapien=faucibus&iaculis=orci&congue=luctus&vivamus=et&metus=ultrices&arcu=posuere&adipiscing=cubilia&molestie=curae,TRUE
+https://aol.com/suspendisse/potenti.png?nec=sapien&nisi=arcu&vulputate=sed&nonummy=augue&maecenas=aliquam&tincidunt=erat&lacus=volutpat&at=in&velit=congue&vivamus=etiam&vel=justo&nulla=etiam&eget=pretium&eros=iaculis&elementum=justo&pellentesque=in&quisque=hac&porta=habitasse&volutpat=platea&erat=dictumst&quisque=etiam&erat=faucibus&eros=cursus&viverra=urna&eget=ut&congue=tellus&eget=nulla&semper=ut&rutrum=erat&nulla=id&nunc=mauris&purus=vulputate&phasellus=elementum&in=nullam&felis=varius&donec=nulla&semper=facilisi,TRUE
+http://google.pl/nunc/vestibulum/ante/ipsum/primis/in.aspx?interdum=integer&eu=tincidunt&tincidunt=ante&in=vel&leo=ipsum&maecenas=praesent&pulvinar=blandit&lobortis=lacinia&est=erat&phasellus=vestibulum&sit=sed&amet=magna&erat=at&nulla=nunc&tempus=commodo&vivamus=placerat&in=praesent&felis=blandit&eu=nam&sapien=nulla&cursus=integer&vestibulum=pede&proin=justo&eu=lacinia&mi=eget&nulla=tincidunt&ac=eget&enim=tempus&in=vel&tempor=pede&turpis=morbi&nec=porttitor&euismod=lorem&scelerisque=id&quam=ligula&turpis=suspendisse&adipiscing=ornare&lorem=consequat&vitae=lectus&mattis=in&nibh=est&ligula=risus&nec=auctor&sem=sed&duis=tristique&aliquam=in&convallis=tempus&nunc=sit&proin=amet&at=sem&turpis=fusce&a=consequat&pede=nulla&posuere=nisl,TRUE
+https://intel.com/congue/etiam/justo/etiam/pretium/iaculis.aspx?posuere=sem&felis=praesent&sed=id&lacus=massa&morbi=id&sem=nisl&mauris=venenatis&laoreet=lacinia&ut=aenean&rhoncus=sit&aliquet=amet&pulvinar=justo&sed=morbi&nisl=ut&nunc=odio&rhoncus=cras&dui=mi&vel=pede&sem=malesuada&sed=in&sagittis=imperdiet&nam=et&congue=commodo&risus=vulputate&semper=justo&porta=in&volutpat=blandit&quam=ultrices&pede=enim&lobortis=lorem&ligula=ipsum&sit=dolor&amet=sit&eleifend=amet&pede=consectetuer&libero=adipiscing&quis=elit&orci=proin&nullam=interdum&molestie=mauris&nibh=non&in=ligula&lectus=pellentesque&pellentesque=ultrices&at=phasellus&nulla=id&suspendisse=sapien&potenti=in&cras=sapien&in=iaculis&purus=congue&eu=vivamus&magna=metus&vulputate=arcu&luctus=adipiscing&cum=molestie&sociis=hendrerit&natoque=at&penatibus=vulputate&et=vitae&magnis=nisl&dis=aenean&parturient=lectus&montes=pellentesque&nascetur=eget&ridiculus=nunc&mus=donec&vivamus=quis&vestibulum=orci&sagittis=eget&sapien=orci&cum=vehicula&sociis=condimentum&natoque=curabitur&penatibus=in&et=libero&magnis=ut&dis=massa&parturient=volutpat&montes=convallis&nascetur=morbi&ridiculus=odio&mus=odio&etiam=elementum&vel=eu&augue=interdum&vestibulum=eu&rutrum=tincidunt&rutrum=in&neque=leo&aenean=maecenas&auctor=pulvinar,TRUE
+https://microsoft.com/a/nibh/in/quis/justo.jsp?bibendum=erat&morbi=curabitur&non=gravida&quam=nisi&nec=at&dui=nibh&luctus=in&rutrum=hac&nulla=habitasse&tellus=platea&in=dictumst&sagittis=aliquam&dui=augue&vel=quam&nisl=sollicitudin&duis=vitae&ac=consectetuer&nibh=eget&fusce=rutrum&lacus=at&purus=lorem&aliquet=integer&at=tincidunt&feugiat=ante&non=vel&pretium=ipsum&quis=praesent&lectus=blandit&suspendisse=lacinia&potenti=erat&in=vestibulum&eleifend=sed&quam=magna&a=at&odio=nunc&in=commodo&hac=placerat&habitasse=praesent&platea=blandit&dictumst=nam&maecenas=nulla&ut=integer&massa=pede&quis=justo&augue=lacinia&luctus=eget&tincidunt=tincidunt&nulla=eget&mollis=tempus&molestie=vel&lorem=pede&quisque=morbi&ut=porttitor&erat=lorem&curabitur=id&gravida=ligula&nisi=suspendisse&at=ornare&nibh=consequat&in=lectus&hac=in&habitasse=est&platea=risus&dictumst=auctor&aliquam=sed&augue=tristique&quam=in&sollicitudin=tempus&vitae=sit&consectetuer=amet&eget=sem&rutrum=fusce&at=consequat&lorem=nulla&integer=nisl&tincidunt=nunc&ante=nisl&vel=duis&ipsum=bibendum&praesent=felis&blandit=sed&lacinia=interdum&erat=venenatis&vestibulum=turpis&sed=enim&magna=blandit&at=mi&nunc=in&commodo=porttitor&placerat=pede&praesent=justo&blandit=eu,TRUE
+https://domainmarket.com/interdum/in/ante/vestibulum.xml?sed=sollicitudin&ante=ut&vivamus=suscipit&tortor=a&duis=feugiat&mattis=et&egestas=eros&metus=vestibulum&aenean=ac&fermentum=est&donec=lacinia&ut=nisi&mauris=venenatis&eget=tristique&massa=fusce&tempor=congue&convallis=diam&nulla=id&neque=ornare&libero=imperdiet&convallis=sapien&eget=urna&eleifend=pretium&luctus=nisl&ultricies=ut&eu=volutpat&nibh=sapien&quisque=arcu&id=sed&justo=augue&sit=aliquam&amet=erat&sapien=volutpat&dignissim=in&vestibulum=congue&vestibulum=etiam&ante=justo&ipsum=etiam&primis=pretium&in=iaculis,TRUE
+https://usa.gov/justo/nec/condimentum/neque/sapien/placerat/ante.aspx?habitasse=sapien&platea=sapien&dictumst=non&maecenas=mi&ut=integer&massa=ac&quis=neque&augue=duis&luctus=bibendum&tincidunt=morbi&nulla=non&mollis=quam&molestie=nec&lorem=dui&quisque=luctus&ut=rutrum&erat=nulla&curabitur=tellus&gravida=in&nisi=sagittis&at=dui&nibh=vel&in=nisl&hac=duis&habitasse=ac&platea=nibh&dictumst=fusce&aliquam=lacus&augue=purus&quam=aliquet&sollicitudin=at&vitae=feugiat&consectetuer=non&eget=pretium&rutrum=quis&at=lectus&lorem=suspendisse&integer=potenti&tincidunt=in&ante=eleifend&vel=quam&ipsum=a&praesent=odio&blandit=in&lacinia=hac&erat=habitasse&vestibulum=platea&sed=dictumst&magna=maecenas&at=ut&nunc=massa&commodo=quis&placerat=augue&praesent=luctus&blandit=tincidunt&nam=nulla&nulla=mollis&integer=molestie&pede=lorem&justo=quisque&lacinia=ut&eget=erat&tincidunt=curabitur&eget=gravida&tempus=nisi&vel=at&pede=nibh&morbi=in&porttitor=hac&lorem=habitasse&id=platea&ligula=dictumst&suspendisse=aliquam&ornare=augue&consequat=quam&lectus=sollicitudin&in=vitae&est=consectetuer&risus=eget&auctor=rutrum&sed=at&tristique=lorem&in=integer&tempus=tincidunt&sit=ante&amet=vel&sem=ipsum&fusce=praesent&consequat=blandit&nulla=lacinia,TRUE
+http://ihg.com/consequat/morbi/a/ipsum/integer/a/nibh.jsp?mattis=posuere&nibh=cubilia&ligula=curae&nec=mauris&sem=viverra&duis=diam&aliquam=vitae&convallis=quam&nunc=suspendisse&proin=potenti&at=nullam&turpis=porttitor&a=lacus&pede=at&posuere=turpis&nonummy=donec&integer=posuere&non=metus&velit=vitae&donec=ipsum&diam=aliquam&neque=non&vestibulum=mauris&eget=morbi&vulputate=non&ut=lectus&ultrices=aliquam&vel=sit&augue=amet&vestibulum=diam&ante=in&ipsum=magna&primis=bibendum&in=imperdiet&faucibus=nullam&orci=orci&luctus=pede&et=venenatis&ultrices=non&posuere=sodales&cubilia=sed&curae=tincidunt&donec=eu&pharetra=felis&magna=fusce&vestibulum=posuere,TRUE
+http://businesswire.com/id/justo/sit/amet/sapien.json?nulla=nec&sed=dui&vel=luctus&enim=rutrum&sit=nulla&amet=tellus&nunc=in,TRUE
+https://storify.com/amet/nunc/viverra/dapibus/nulla.xml?quisque=amet&erat=diam&eros=in&viverra=magna&eget=bibendum&congue=imperdiet&eget=nullam&semper=orci&rutrum=pede&nulla=venenatis&nunc=non&purus=sodales&phasellus=sed&in=tincidunt&felis=eu&donec=felis&semper=fusce&sapien=posuere&a=felis&libero=sed&nam=lacus&dui=morbi&proin=sem&leo=mauris&odio=laoreet&porttitor=ut&id=rhoncus&consequat=aliquet&in=pulvinar&consequat=sed&ut=nisl&nulla=nunc&sed=rhoncus&accumsan=dui&felis=vel&ut=sem&at=sed&dolor=sagittis&quis=nam&odio=congue&consequat=risus&varius=semper&integer=porta&ac=volutpat&leo=quam&pellentesque=pede,TRUE
+https://china.com.cn/ultrices/erat/tortor/sollicitudin/mi.jpg?ridiculus=aliquet&mus=maecenas&vivamus=leo&vestibulum=odio&sagittis=condimentum&sapien=id&cum=luctus&sociis=nec&natoque=molestie&penatibus=sed&et=justo&magnis=pellentesque&dis=viverra&parturient=pede&montes=ac&nascetur=diam&ridiculus=cras&mus=pellentesque&etiam=volutpat&vel=dui&augue=maecenas&vestibulum=tristique&rutrum=est&rutrum=et&neque=tempus&aenean=semper&auctor=est&gravida=quam&sem=pharetra&praesent=magna&id=ac&massa=consequat&id=metus&nisl=sapien&venenatis=ut&lacinia=nunc&aenean=vestibulum&sit=ante&amet=ipsum&justo=primis&morbi=in&ut=faucibus&odio=orci&cras=luctus,TRUE
+http://amazon.com/vivamus/metus/arcu/adipiscing/molestie/hendrerit/at.jsp?augue=dapibus&quam=augue&sollicitudin=vel&vitae=accumsan&consectetuer=tellus&eget=nisi&rutrum=eu&at=orci&lorem=mauris&integer=lacinia&tincidunt=sapien&ante=quis&vel=libero&ipsum=nullam&praesent=sit&blandit=amet&lacinia=turpis&erat=elementum&vestibulum=ligula&sed=vehicula&magna=consequat&at=morbi&nunc=a&commodo=ipsum&placerat=integer&praesent=a&blandit=nibh&nam=in&nulla=quis&integer=justo&pede=maecenas&justo=rhoncus&lacinia=aliquam&eget=lacus&tincidunt=morbi&eget=quis&tempus=tortor&vel=id&pede=nulla&morbi=ultrices&porttitor=aliquet&lorem=maecenas&id=leo&ligula=odio&suspendisse=condimentum&ornare=id&consequat=luctus&lectus=nec&in=molestie&est=sed&risus=justo&auctor=pellentesque&sed=viverra&tristique=pede&in=ac&tempus=diam&sit=cras&amet=pellentesque&sem=volutpat&fusce=dui&consequat=maecenas&nulla=tristique&nisl=est&nunc=et&nisl=tempus&duis=semper&bibendum=est&felis=quam&sed=pharetra&interdum=magna&venenatis=ac&turpis=consequat&enim=metus&blandit=sapien&mi=ut&in=nunc&porttitor=vestibulum&pede=ante&justo=ipsum&eu=primis&massa=in&donec=faucibus&dapibus=orci&duis=luctus&at=et&velit=ultrices&eu=posuere&est=cubilia&congue=curae&elementum=mauris&in=viverra&hac=diam,TRUE
+http://fema.gov/consectetuer/eget/rutrum/at/lorem/integer/tincidunt.jpg?auctor=dui&sed=vel&tristique=sem&in=sed&tempus=sagittis&sit=nam&amet=congue&sem=risus,TRUE
+https://prlog.org/justo/pellentesque/viverra/pede.xml?nam=proin&dui=leo&proin=odio&leo=porttitor&odio=id&porttitor=consequat&id=in&consequat=consequat&in=ut&consequat=nulla&ut=sed&nulla=accumsan&sed=felis&accumsan=ut&felis=at&ut=dolor&at=quis&dolor=odio&quis=consequat&odio=varius&consequat=integer&varius=ac,TRUE
+http://marketwatch.com/turpis.xml?mauris=nulla&laoreet=dapibus&ut=dolor&rhoncus=vel&aliquet=est&pulvinar=donec&sed=odio&nisl=justo&nunc=sollicitudin&rhoncus=ut&dui=suscipit&vel=a&sem=feugiat&sed=et&sagittis=eros&nam=vestibulum&congue=ac&risus=est&semper=lacinia&porta=nisi&volutpat=venenatis&quam=tristique&pede=fusce&lobortis=congue&ligula=diam&sit=id&amet=ornare&eleifend=imperdiet&pede=sapien&libero=urna&quis=pretium,TRUE
+https://meetup.com/id.png?nisl=id&aenean=turpis&lectus=integer&pellentesque=aliquet&eget=massa&nunc=id&donec=lobortis&quis=convallis&orci=tortor&eget=risus&orci=dapibus&vehicula=augue&condimentum=vel&curabitur=accumsan&in=tellus&libero=nisi&ut=eu&massa=orci&volutpat=mauris&convallis=lacinia&morbi=sapien&odio=quis&odio=libero&elementum=nullam&eu=sit&interdum=amet&eu=turpis&tincidunt=elementum&in=ligula&leo=vehicula&maecenas=consequat&pulvinar=morbi&lobortis=a&est=ipsum&phasellus=integer&sit=a&amet=nibh&erat=in&nulla=quis&tempus=justo&vivamus=maecenas&in=rhoncus&felis=aliquam&eu=lacus&sapien=morbi&cursus=quis&vestibulum=tortor&proin=id&eu=nulla&mi=ultrices&nulla=aliquet&ac=maecenas&enim=leo&in=odio&tempor=condimentum&turpis=id&nec=luctus&euismod=nec&scelerisque=molestie&quam=sed,TRUE
+http://abc.net.au/neque/sapien/placerat/ante/nulla.html?tincidunt=ac&eget=neque&tempus=duis&vel=bibendum&pede=morbi&morbi=non&porttitor=quam&lorem=nec&id=dui&ligula=luctus&suspendisse=rutrum&ornare=nulla&consequat=tellus&lectus=in&in=sagittis&est=dui&risus=vel&auctor=nisl&sed=duis&tristique=ac&in=nibh&tempus=fusce&sit=lacus&amet=purus&sem=aliquet&fusce=at&consequat=feugiat&nulla=non&nisl=pretium&nunc=quis&nisl=lectus&duis=suspendisse&bibendum=potenti&felis=in&sed=eleifend&interdum=quam&venenatis=a&turpis=odio&enim=in&blandit=hac&mi=habitasse&in=platea&porttitor=dictumst&pede=maecenas&justo=ut&eu=massa&massa=quis&donec=augue&dapibus=luctus&duis=tincidunt&at=nulla&velit=mollis&eu=molestie&est=lorem&congue=quisque&elementum=ut&in=erat&hac=curabitur&habitasse=gravida&platea=nisi&dictumst=at&morbi=nibh&vestibulum=in&velit=hac&id=habitasse&pretium=platea&iaculis=dictumst&diam=aliquam&erat=augue&fermentum=quam&justo=sollicitudin&nec=vitae&condimentum=consectetuer&neque=eget&sapien=rutrum&placerat=at&ante=lorem&nulla=integer&justo=tincidunt&aliquam=ante,TRUE
+http://live.com/augue/vestibulum/rutrum/rutrum/neque/aenean.xml?ac=et&enim=tempus&in=semper&tempor=est&turpis=quam&nec=pharetra&euismod=magna&scelerisque=ac&quam=consequat&turpis=metus&adipiscing=sapien&lorem=ut&vitae=nunc&mattis=vestibulum&nibh=ante&ligula=ipsum&nec=primis&sem=in&duis=faucibus&aliquam=orci&convallis=luctus&nunc=et&proin=ultrices&at=posuere&turpis=cubilia&a=curae&pede=mauris&posuere=viverra&nonummy=diam&integer=vitae&non=quam&velit=suspendisse&donec=potenti&diam=nullam&neque=porttitor&vestibulum=lacus&eget=at&vulputate=turpis&ut=donec&ultrices=posuere&vel=metus,TRUE
+http://npr.org/varius.jpg?duis=ac&bibendum=leo&felis=pellentesque&sed=ultrices&interdum=mattis&venenatis=odio&turpis=donec&enim=vitae&blandit=nisi&mi=nam&in=ultrices&porttitor=libero&pede=non&justo=mattis&eu=pulvinar&massa=nulla&donec=pede&dapibus=ullamcorper&duis=augue&at=a&velit=suscipit&eu=nulla&est=elit&congue=ac&elementum=nulla&in=sed&hac=vel&habitasse=enim,TRUE
+https://tripod.com/a/odio/in.aspx?fusce=nulla&lacus=tellus&purus=in&aliquet=sagittis&at=dui&feugiat=vel&non=nisl&pretium=duis&quis=ac&lectus=nibh&suspendisse=fusce&potenti=lacus&in=purus&eleifend=aliquet&quam=at&a=feugiat&odio=non&in=pretium&hac=quis&habitasse=lectus&platea=suspendisse&dictumst=potenti&maecenas=in&ut=eleifend&massa=quam&quis=a&augue=odio&luctus=in&tincidunt=hac&nulla=habitasse&mollis=platea&molestie=dictumst&lorem=maecenas&quisque=ut&ut=massa&erat=quis&curabitur=augue&gravida=luctus&nisi=tincidunt&at=nulla&nibh=mollis&in=molestie&hac=lorem&habitasse=quisque&platea=ut&dictumst=erat&aliquam=curabitur&augue=gravida&quam=nisi&sollicitudin=at&vitae=nibh&consectetuer=in&eget=hac&rutrum=habitasse&at=platea&lorem=dictumst&integer=aliquam&tincidunt=augue&ante=quam&vel=sollicitudin&ipsum=vitae&praesent=consectetuer&blandit=eget&lacinia=rutrum&erat=at&vestibulum=lorem&sed=integer&magna=tincidunt&at=ante&nunc=vel&commodo=ipsum&placerat=praesent&praesent=blandit&blandit=lacinia&nam=erat&nulla=vestibulum&integer=sed&pede=magna&justo=at&lacinia=nunc&eget=commodo&tincidunt=placerat&eget=praesent&tempus=blandit&vel=nam&pede=nulla&morbi=integer&porttitor=pede&lorem=justo&id=lacinia&ligula=eget&suspendisse=tincidunt&ornare=eget&consequat=tempus&lectus=vel&in=pede,TRUE
+http://tmall.com/fringilla/rhoncus/mauris/enim.png?volutpat=aenean&in=fermentum&congue=donec&etiam=ut&justo=mauris&etiam=eget&pretium=massa&iaculis=tempor&justo=convallis&in=nulla&hac=neque&habitasse=libero&platea=convallis&dictumst=eget&etiam=eleifend&faucibus=luctus&cursus=ultricies&urna=eu&ut=nibh&tellus=quisque&nulla=id&ut=justo&erat=sit&id=amet&mauris=sapien&vulputate=dignissim&elementum=vestibulum&nullam=vestibulum&varius=ante&nulla=ipsum&facilisi=primis&cras=in&non=faucibus&velit=orci&nec=luctus&nisi=et&vulputate=ultrices&nonummy=posuere&maecenas=cubilia&tincidunt=curae&lacus=nulla,TRUE
+https://de.vu/sociis/natoque.js?orci=accumsan&mauris=odio&lacinia=curabitur&sapien=convallis&quis=duis&libero=consequat&nullam=dui&sit=nec&amet=nisi&turpis=volutpat&elementum=eleifend&ligula=donec&vehicula=ut&consequat=dolor&morbi=morbi&a=vel&ipsum=lectus&integer=in&a=quam&nibh=fringilla&in=rhoncus&quis=mauris&justo=enim&maecenas=leo&rhoncus=rhoncus&aliquam=sed&lacus=vestibulum&morbi=sit&quis=amet&tortor=cursus&id=id&nulla=turpis&ultrices=integer&aliquet=aliquet&maecenas=massa&leo=id&odio=lobortis&condimentum=convallis&id=tortor&luctus=risus&nec=dapibus&molestie=augue&sed=vel&justo=accumsan&pellentesque=tellus&viverra=nisi&pede=eu&ac=orci&diam=mauris&cras=lacinia&pellentesque=sapien&volutpat=quis&dui=libero&maecenas=nullam&tristique=sit&est=amet&et=turpis&tempus=elementum&semper=ligula&est=vehicula&quam=consequat&pharetra=morbi&magna=a&ac=ipsum&consequat=integer&metus=a&sapien=nibh&ut=in&nunc=quis&vestibulum=justo&ante=maecenas&ipsum=rhoncus&primis=aliquam&in=lacus&faucibus=morbi&orci=quis&luctus=tortor&et=id&ultrices=nulla&posuere=ultrices&cubilia=aliquet&curae=maecenas&mauris=leo&viverra=odio&diam=condimentum&vitae=id&quam=luctus&suspendisse=nec&potenti=molestie&nullam=sed&porttitor=justo&lacus=pellentesque&at=viverra&turpis=pede&donec=ac&posuere=diam&metus=cras&vitae=pellentesque,TRUE
+https://vk.com/suspendisse/accumsan/tortor.png?platea=nulla&dictumst=ultrices&aliquam=aliquet&augue=maecenas&quam=leo&sollicitudin=odio&vitae=condimentum&consectetuer=id&eget=luctus&rutrum=nec&at=molestie&lorem=sed&integer=justo&tincidunt=pellentesque&ante=viverra&vel=pede&ipsum=ac&praesent=diam&blandit=cras&lacinia=pellentesque&erat=volutpat&vestibulum=dui&sed=maecenas&magna=tristique&at=est&nunc=et&commodo=tempus&placerat=semper&praesent=est&blandit=quam&nam=pharetra&nulla=magna&integer=ac&pede=consequat&justo=metus&lacinia=sapien&eget=ut,TRUE
+https://dyndns.org/ultrices.png?nisi=nisi&eu=nam&orci=ultrices&mauris=libero&lacinia=non&sapien=mattis&quis=pulvinar&libero=nulla&nullam=pede,TRUE
+http://jimdo.com/massa/quis/augue.json?nunc=tortor&vestibulum=duis&ante=mattis&ipsum=egestas&primis=metus&in=aenean&faucibus=fermentum&orci=donec&luctus=ut&et=mauris&ultrices=eget&posuere=massa&cubilia=tempor&curae=convallis&mauris=nulla&viverra=neque&diam=libero&vitae=convallis&quam=eget&suspendisse=eleifend&potenti=luctus&nullam=ultricies&porttitor=eu&lacus=nibh&at=quisque&turpis=id&donec=justo&posuere=sit&metus=amet&vitae=sapien&ipsum=dignissim&aliquam=vestibulum&non=vestibulum&mauris=ante&morbi=ipsum&non=primis&lectus=in&aliquam=faucibus&sit=orci&amet=luctus&diam=et&in=ultrices&magna=posuere&bibendum=cubilia&imperdiet=curae&nullam=nulla&orci=dapibus&pede=dolor&venenatis=vel&non=est&sodales=donec&sed=odio&tincidunt=justo&eu=sollicitudin&felis=ut&fusce=suscipit&posuere=a&felis=feugiat&sed=et&lacus=eros&morbi=vestibulum&sem=ac&mauris=est&laoreet=lacinia&ut=nisi&rhoncus=venenatis&aliquet=tristique&pulvinar=fusce&sed=congue&nisl=diam&nunc=id&rhoncus=ornare&dui=imperdiet&vel=sapien&sem=urna&sed=pretium&sagittis=nisl&nam=ut&congue=volutpat&risus=sapien&semper=arcu&porta=sed&volutpat=augue&quam=aliquam&pede=erat&lobortis=volutpat&ligula=in&sit=congue&amet=etiam&eleifend=justo&pede=etiam&libero=pretium&quis=iaculis,TRUE
+https://flickr.com/eget/vulputate.html?nulla=dictumst&neque=etiam&libero=faucibus&convallis=cursus&eget=urna&eleifend=ut&luctus=tellus&ultricies=nulla&eu=ut&nibh=erat&quisque=id&id=mauris&justo=vulputate&sit=elementum&amet=nullam&sapien=varius&dignissim=nulla&vestibulum=facilisi&vestibulum=cras&ante=non&ipsum=velit&primis=nec&in=nisi&faucibus=vulputate&orci=nonummy&luctus=maecenas&et=tincidunt&ultrices=lacus&posuere=at&cubilia=velit&curae=vivamus&nulla=vel&dapibus=nulla&dolor=eget&vel=eros&est=elementum&donec=pellentesque&odio=quisque&justo=porta&sollicitudin=volutpat&ut=erat&suscipit=quisque&a=erat&feugiat=eros&et=viverra&eros=eget&vestibulum=congue&ac=eget&est=semper&lacinia=rutrum&nisi=nulla&venenatis=nunc&tristique=purus&fusce=phasellus&congue=in&diam=felis&id=donec&ornare=semper&imperdiet=sapien&sapien=a&urna=libero&pretium=nam&nisl=dui&ut=proin&volutpat=leo&sapien=odio&arcu=porttitor&sed=id&augue=consequat&aliquam=in&erat=consequat&volutpat=ut,TRUE
+https://histats.com/eu/massa/donec/dapibus/duis.jpg?magna=dapibus&at=augue&nunc=vel,TRUE
+https://cnet.com/ut/nulla/sed/accumsan/felis/ut.json?turpis=volutpat&elementum=in&ligula=congue&vehicula=etiam&consequat=justo&morbi=etiam&a=pretium&ipsum=iaculis&integer=justo&a=in&nibh=hac&in=habitasse&quis=platea&justo=dictumst&maecenas=etiam&rhoncus=faucibus&aliquam=cursus&lacus=urna&morbi=ut&quis=tellus&tortor=nulla&id=ut&nulla=erat&ultrices=id&aliquet=mauris&maecenas=vulputate&leo=elementum&odio=nullam&condimentum=varius&id=nulla&luctus=facilisi&nec=cras&molestie=non&sed=velit&justo=nec&pellentesque=nisi&viverra=vulputate&pede=nonummy&ac=maecenas&diam=tincidunt&cras=lacus&pellentesque=at&volutpat=velit&dui=vivamus&maecenas=vel&tristique=nulla&est=eget&et=eros&tempus=elementum&semper=pellentesque&est=quisque&quam=porta&pharetra=volutpat&magna=erat&ac=quisque&consequat=erat&metus=eros&sapien=viverra&ut=eget&nunc=congue&vestibulum=eget&ante=semper&ipsum=rutrum&primis=nulla&in=nunc&faucibus=purus&orci=phasellus,TRUE
+https://auda.org.au/lectus.jsp?mauris=amet&enim=erat&leo=nulla&rhoncus=tempus&sed=vivamus&vestibulum=in&sit=felis&amet=eu&cursus=sapien&id=cursus&turpis=vestibulum&integer=proin&aliquet=eu&massa=mi&id=nulla&lobortis=ac&convallis=enim&tortor=in&risus=tempor&dapibus=turpis&augue=nec&vel=euismod&accumsan=scelerisque&tellus=quam&nisi=turpis&eu=adipiscing&orci=lorem&mauris=vitae&lacinia=mattis&sapien=nibh&quis=ligula&libero=nec&nullam=sem&sit=duis&amet=aliquam&turpis=convallis&elementum=nunc&ligula=proin&vehicula=at&consequat=turpis&morbi=a&a=pede&ipsum=posuere&integer=nonummy&a=integer&nibh=non&in=velit&quis=donec&justo=diam&maecenas=neque&rhoncus=vestibulum&aliquam=eget&lacus=vulputate&morbi=ut&quis=ultrices&tortor=vel&id=augue&nulla=vestibulum&ultrices=ante&aliquet=ipsum&maecenas=primis&leo=in&odio=faucibus&condimentum=orci&id=luctus&luctus=et&nec=ultrices&molestie=posuere&sed=cubilia&justo=curae&pellentesque=donec&viverra=pharetra&pede=magna&ac=vestibulum&diam=aliquet,TRUE
+https://cnet.com/est/quam/pharetra/magna/ac.png?diam=nec&cras=dui&pellentesque=luctus&volutpat=rutrum&dui=nulla&maecenas=tellus&tristique=in&est=sagittis&et=dui&tempus=vel&semper=nisl&est=duis&quam=ac&pharetra=nibh&magna=fusce&ac=lacus&consequat=purus&metus=aliquet&sapien=at&ut=feugiat&nunc=non&vestibulum=pretium&ante=quis&ipsum=lectus&primis=suspendisse&in=potenti&faucibus=in&orci=eleifend&luctus=quam&et=a&ultrices=odio&posuere=in&cubilia=hac&curae=habitasse&mauris=platea&viverra=dictumst&diam=maecenas&vitae=ut&quam=massa&suspendisse=quis&potenti=augue&nullam=luctus&porttitor=tincidunt&lacus=nulla&at=mollis&turpis=molestie&donec=lorem&posuere=quisque&metus=ut&vitae=erat&ipsum=curabitur&aliquam=gravida&non=nisi&mauris=at&morbi=nibh&non=in&lectus=hac&aliquam=habitasse&sit=platea&amet=dictumst&diam=aliquam&in=augue&magna=quam&bibendum=sollicitudin&imperdiet=vitae&nullam=consectetuer&orci=eget&pede=rutrum&venenatis=at&non=lorem&sodales=integer&sed=tincidunt&tincidunt=ante&eu=vel&felis=ipsum&fusce=praesent&posuere=blandit&felis=lacinia&sed=erat&lacus=vestibulum&morbi=sed&sem=magna&mauris=at&laoreet=nunc&ut=commodo&rhoncus=placerat&aliquet=praesent&pulvinar=blandit&sed=nam,TRUE
+https://storify.com/integer.png?in=vestibulum&felis=quam&eu=sapien&sapien=varius&cursus=ut&vestibulum=blandit&proin=non&eu=interdum&mi=in&nulla=ante&ac=vestibulum&enim=ante&in=ipsum&tempor=primis&turpis=in&nec=faucibus&euismod=orci&scelerisque=luctus&quam=et&turpis=ultrices&adipiscing=posuere&lorem=cubilia&vitae=curae,TRUE
+https://washingtonpost.com/donec/vitae.jpg?semper=integer&rutrum=ac&nulla=neque&nunc=duis&purus=bibendum&phasellus=morbi&in=non&felis=quam&donec=nec&semper=dui&sapien=luctus&a=rutrum&libero=nulla&nam=tellus&dui=in&proin=sagittis&leo=dui&odio=vel&porttitor=nisl&id=duis&consequat=ac&in=nibh&consequat=fusce&ut=lacus&nulla=purus&sed=aliquet&accumsan=at&felis=feugiat&ut=non&at=pretium&dolor=quis&quis=lectus&odio=suspendisse&consequat=potenti&varius=in&integer=eleifend&ac=quam&leo=a&pellentesque=odio&ultrices=in&mattis=hac&odio=habitasse&donec=platea&vitae=dictumst&nisi=maecenas&nam=ut&ultrices=massa&libero=quis&non=augue&mattis=luctus&pulvinar=tincidunt&nulla=nulla&pede=mollis&ullamcorper=molestie&augue=lorem&a=quisque&suscipit=ut&nulla=erat&elit=curabitur&ac=gravida&nulla=nisi&sed=at&vel=nibh&enim=in&sit=hac&amet=habitasse&nunc=platea&viverra=dictumst&dapibus=aliquam&nulla=augue&suscipit=quam&ligula=sollicitudin&in=vitae&lacus=consectetuer&curabitur=eget&at=rutrum&ipsum=at&ac=lorem&tellus=integer&semper=tincidunt&interdum=ante&mauris=vel&ullamcorper=ipsum&purus=praesent&sit=blandit&amet=lacinia&nulla=erat&quisque=vestibulum&arcu=sed&libero=magna&rutrum=at&ac=nunc&lobortis=commodo&vel=placerat&dapibus=praesent&at=blandit&diam=nam&nam=nulla&tristique=integer&tortor=pede,TRUE
+https://mtv.com/elementum/nullam/varius/nulla.json?vitae=commodo&mattis=vulputate&nibh=justo&ligula=in&nec=blandit&sem=ultrices&duis=enim&aliquam=lorem&convallis=ipsum&nunc=dolor&proin=sit&at=amet&turpis=consectetuer&a=adipiscing&pede=elit&posuere=proin&nonummy=interdum&integer=mauris&non=non&velit=ligula&donec=pellentesque&diam=ultrices&neque=phasellus&vestibulum=id&eget=sapien&vulputate=in&ut=sapien&ultrices=iaculis&vel=congue&augue=vivamus&vestibulum=metus&ante=arcu&ipsum=adipiscing&primis=molestie&in=hendrerit&faucibus=at&orci=vulputate&luctus=vitae&et=nisl&ultrices=aenean&posuere=lectus&cubilia=pellentesque&curae=eget&donec=nunc&pharetra=donec&magna=quis&vestibulum=orci&aliquet=eget&ultrices=orci&erat=vehicula&tortor=condimentum&sollicitudin=curabitur&mi=in&sit=libero&amet=ut&lobortis=massa&sapien=volutpat&sapien=convallis&non=morbi&mi=odio&integer=odio&ac=elementum&neque=eu&duis=interdum&bibendum=eu,TRUE
+https://ocn.ne.jp/vel/est/donec/odio/justo.jsp?rutrum=tristique&nulla=est&tellus=et&in=tempus&sagittis=semper&dui=est&vel=quam&nisl=pharetra&duis=magna&ac=ac&nibh=consequat&fusce=metus&lacus=sapien&purus=ut&aliquet=nunc&at=vestibulum&feugiat=ante&non=ipsum&pretium=primis&quis=in&lectus=faucibus&suspendisse=orci&potenti=luctus&in=et&eleifend=ultrices&quam=posuere&a=cubilia&odio=curae&in=mauris&hac=viverra&habitasse=diam&platea=vitae&dictumst=quam&maecenas=suspendisse&ut=potenti&massa=nullam&quis=porttitor&augue=lacus&luctus=at&tincidunt=turpis&nulla=donec&mollis=posuere&molestie=metus&lorem=vitae&quisque=ipsum&ut=aliquam&erat=non&curabitur=mauris&gravida=morbi&nisi=non&at=lectus&nibh=aliquam&in=sit&hac=amet&habitasse=diam&platea=in&dictumst=magna&aliquam=bibendum&augue=imperdiet&quam=nullam&sollicitudin=orci&vitae=pede&consectetuer=venenatis&eget=non&rutrum=sodales&at=sed&lorem=tincidunt&integer=eu&tincidunt=felis&ante=fusce&vel=posuere&ipsum=felis&praesent=sed&blandit=lacus&lacinia=morbi&erat=sem&vestibulum=mauris&sed=laoreet&magna=ut&at=rhoncus&nunc=aliquet&commodo=pulvinar&placerat=sed&praesent=nisl&blandit=nunc&nam=rhoncus&nulla=dui&integer=vel&pede=sem&justo=sed&lacinia=sagittis&eget=nam&tincidunt=congue&eget=risus,TRUE
+https://gmpg.org/eget/tincidunt/eget/tempus/vel/pede.jpg?volutpat=justo&erat=nec&quisque=condimentum,TRUE
+http://yolasite.com/nisl.jpg?non=ut&mauris=dolor&morbi=morbi&non=vel&lectus=lectus&aliquam=in&sit=quam&amet=fringilla,TRUE
+https://ucoz.com/non/mattis/pulvinar.jpg?aliquam=tellus&convallis=nulla&nunc=ut&proin=erat&at=id&turpis=mauris&a=vulputate&pede=elementum&posuere=nullam&nonummy=varius&integer=nulla&non=facilisi&velit=cras&donec=non&diam=velit&neque=nec&vestibulum=nisi&eget=vulputate&vulputate=nonummy&ut=maecenas&ultrices=tincidunt&vel=lacus&augue=at&vestibulum=velit&ante=vivamus&ipsum=vel&primis=nulla&in=eget&faucibus=eros&orci=elementum,TRUE
+https://php.net/ornare/consequat/lectus/in/est.js?nascetur=eu&ridiculus=felis&mus=fusce&vivamus=posuere&vestibulum=felis&sagittis=sed&sapien=lacus&cum=morbi&sociis=sem&natoque=mauris&penatibus=laoreet&et=ut&magnis=rhoncus&dis=aliquet&parturient=pulvinar&montes=sed&nascetur=nisl&ridiculus=nunc&mus=rhoncus&etiam=dui&vel=vel&augue=sem&vestibulum=sed&rutrum=sagittis&rutrum=nam&neque=congue&aenean=risus&auctor=semper&gravida=porta&sem=volutpat&praesent=quam&id=pede&massa=lobortis&id=ligula&nisl=sit&venenatis=amet&lacinia=eleifend&aenean=pede&sit=libero&amet=quis&justo=orci&morbi=nullam&ut=molestie&odio=nibh&cras=in&mi=lectus&pede=pellentesque&malesuada=at&in=nulla&imperdiet=suspendisse&et=potenti&commodo=cras&vulputate=in&justo=purus&in=eu&blandit=magna&ultrices=vulputate&enim=luctus&lorem=cum&ipsum=sociis&dolor=natoque&sit=penatibus&amet=et&consectetuer=magnis&adipiscing=dis&elit=parturient&proin=montes&interdum=nascetur&mauris=ridiculus&non=mus,TRUE
+https://eventbrite.com/phasellus/sit/amet/erat/nulla.js?eget=neque&nunc=aenean&donec=auctor&quis=gravida&orci=sem&eget=praesent&orci=id&vehicula=massa&condimentum=id&curabitur=nisl&in=venenatis&libero=lacinia&ut=aenean&massa=sit&volutpat=amet&convallis=justo&morbi=morbi&odio=ut&odio=odio&elementum=cras&eu=mi&interdum=pede&eu=malesuada&tincidunt=in&in=imperdiet&leo=et&maecenas=commodo&pulvinar=vulputate&lobortis=justo&est=in&phasellus=blandit&sit=ultrices&amet=enim&erat=lorem&nulla=ipsum&tempus=dolor&vivamus=sit&in=amet&felis=consectetuer&eu=adipiscing&sapien=elit&cursus=proin&vestibulum=interdum&proin=mauris&eu=non&mi=ligula&nulla=pellentesque&ac=ultrices&enim=phasellus&in=id&tempor=sapien&turpis=in&nec=sapien&euismod=iaculis&scelerisque=congue&quam=vivamus&turpis=metus&adipiscing=arcu&lorem=adipiscing&vitae=molestie&mattis=hendrerit&nibh=at&ligula=vulputate&nec=vitae&sem=nisl&duis=aenean&aliquam=lectus&convallis=pellentesque&nunc=eget&proin=nunc,TRUE
+http://tumblr.com/porttitor/lorem.png?id=risus&consequat=praesent&in=lectus&consequat=vestibulum&ut=quam&nulla=sapien,TRUE
+http://nydailynews.com/praesent/id/massa/id/nisl/venenatis.js?vehicula=metus&condimentum=vitae&curabitur=ipsum&in=aliquam&libero=non&ut=mauris&massa=morbi&volutpat=non&convallis=lectus&morbi=aliquam&odio=sit&odio=amet&elementum=diam&eu=in&interdum=magna&eu=bibendum&tincidunt=imperdiet&in=nullam&leo=orci&maecenas=pede&pulvinar=venenatis&lobortis=non&est=sodales&phasellus=sed&sit=tincidunt&amet=eu&erat=felis&nulla=fusce&tempus=posuere&vivamus=felis&in=sed&felis=lacus&eu=morbi&sapien=sem&cursus=mauris&vestibulum=laoreet&proin=ut&eu=rhoncus&mi=aliquet&nulla=pulvinar&ac=sed&enim=nisl&in=nunc&tempor=rhoncus&turpis=dui&nec=vel&euismod=sem&scelerisque=sed&quam=sagittis&turpis=nam&adipiscing=congue&lorem=risus&vitae=semper&mattis=porta&nibh=volutpat&ligula=quam&nec=pede&sem=lobortis&duis=ligula&aliquam=sit&convallis=amet&nunc=eleifend&proin=pede&at=libero&turpis=quis&a=orci&pede=nullam&posuere=molestie&nonummy=nibh&integer=in&non=lectus&velit=pellentesque&donec=at&diam=nulla&neque=suspendisse&vestibulum=potenti&eget=cras&vulputate=in&ut=purus&ultrices=eu&vel=magna&augue=vulputate&vestibulum=luctus,TRUE
+http://cnbc.com/dolor/vel/est/donec/odio/justo/sollicitudin.xml?vestibulum=nisl&eget=ut&vulputate=volutpat&ut=sapien&ultrices=arcu&vel=sed&augue=augue&vestibulum=aliquam&ante=erat&ipsum=volutpat&primis=in&in=congue&faucibus=etiam&orci=justo&luctus=etiam&et=pretium&ultrices=iaculis&posuere=justo&cubilia=in&curae=hac&donec=habitasse&pharetra=platea&magna=dictumst&vestibulum=etiam&aliquet=faucibus&ultrices=cursus&erat=urna&tortor=ut,TRUE
+http://altervista.org/sed.html?neque=diam&libero=id,TRUE
+http://ucoz.com/proin/interdum/mauris/non/ligula.html?lorem=ipsum&integer=primis&tincidunt=in&ante=faucibus&vel=orci&ipsum=luctus&praesent=et&blandit=ultrices&lacinia=posuere&erat=cubilia&vestibulum=curae&sed=donec&magna=pharetra&at=magna&nunc=vestibulum&commodo=aliquet&placerat=ultrices&praesent=erat&blandit=tortor&nam=sollicitudin&nulla=mi&integer=sit&pede=amet&justo=lobortis&lacinia=sapien&eget=sapien&tincidunt=non&eget=mi&tempus=integer&vel=ac&pede=neque&morbi=duis&porttitor=bibendum&lorem=morbi&id=non&ligula=quam&suspendisse=nec&ornare=dui&consequat=luctus&lectus=rutrum&in=nulla&est=tellus&risus=in&auctor=sagittis&sed=dui&tristique=vel&in=nisl&tempus=duis&sit=ac&amet=nibh&sem=fusce&fusce=lacus&consequat=purus&nulla=aliquet&nisl=at&nunc=feugiat&nisl=non&duis=pretium&bibendum=quis&felis=lectus&sed=suspendisse&interdum=potenti&venenatis=in&turpis=eleifend&enim=quam&blandit=a&mi=odio&in=in&porttitor=hac,TRUE
+https://opera.com/iaculis/congue.jsp?sem=augue&fusce=aliquam&consequat=erat&nulla=volutpat&nisl=in&nunc=congue&nisl=etiam&duis=justo&bibendum=etiam&felis=pretium&sed=iaculis&interdum=justo&venenatis=in,TRUE
+http://dyndns.org/odio/elementum/eu/interdum/eu/tincidunt.html?nisi=blandit&volutpat=nam&eleifend=nulla&donec=integer&ut=pede&dolor=justo&morbi=lacinia&vel=eget&lectus=tincidunt&in=eget&quam=tempus&fringilla=vel&rhoncus=pede&mauris=morbi&enim=porttitor&leo=lorem&rhoncus=id&sed=ligula&vestibulum=suspendisse&sit=ornare&amet=consequat&cursus=lectus&id=in&turpis=est&integer=risus&aliquet=auctor&massa=sed&id=tristique&lobortis=in&convallis=tempus&tortor=sit&risus=amet&dapibus=sem&augue=fusce&vel=consequat&accumsan=nulla&tellus=nisl&nisi=nunc&eu=nisl&orci=duis&mauris=bibendum&lacinia=felis&sapien=sed&quis=interdum&libero=venenatis&nullam=turpis&sit=enim&amet=blandit&turpis=mi&elementum=in&ligula=porttitor&vehicula=pede&consequat=justo&morbi=eu&a=massa&ipsum=donec&integer=dapibus&a=duis&nibh=at&in=velit&quis=eu&justo=est&maecenas=congue&rhoncus=elementum&aliquam=in&lacus=hac&morbi=habitasse&quis=platea&tortor=dictumst&id=morbi&nulla=vestibulum&ultrices=velit&aliquet=id&maecenas=pretium&leo=iaculis&odio=diam&condimentum=erat&id=fermentum&luctus=justo&nec=nec,TRUE
+https://china.com.cn/in/porttitor/pede/justo/eu/massa.xml?montes=ut&nascetur=nulla&ridiculus=sed&mus=accumsan&etiam=felis&vel=ut&augue=at&vestibulum=dolor&rutrum=quis&rutrum=odio&neque=consequat&aenean=varius&auctor=integer&gravida=ac&sem=leo&praesent=pellentesque&id=ultrices&massa=mattis&id=odio&nisl=donec&venenatis=vitae&lacinia=nisi&aenean=nam&sit=ultrices&amet=libero&justo=non&morbi=mattis&ut=pulvinar&odio=nulla&cras=pede&mi=ullamcorper&pede=augue&malesuada=a&in=suscipit&imperdiet=nulla&et=elit&commodo=ac&vulputate=nulla&justo=sed&in=vel&blandit=enim&ultrices=sit&enim=amet&lorem=nunc&ipsum=viverra&dolor=dapibus&sit=nulla&amet=suscipit&consectetuer=ligula&adipiscing=in&elit=lacus,TRUE
+http://google.de/aliquam/augue/quam.aspx?convallis=vel&nulla=lectus&neque=in&libero=quam&convallis=fringilla&eget=rhoncus,TRUE
+http://parallels.com/donec.xml?integer=proin&pede=at&justo=turpis&lacinia=a&eget=pede&tincidunt=posuere&eget=nonummy&tempus=integer&vel=non&pede=velit&morbi=donec&porttitor=diam&lorem=neque&id=vestibulum&ligula=eget&suspendisse=vulputate&ornare=ut&consequat=ultrices&lectus=vel&in=augue&est=vestibulum&risus=ante&auctor=ipsum&sed=primis&tristique=in&in=faucibus&tempus=orci&sit=luctus&amet=et&sem=ultrices&fusce=posuere&consequat=cubilia&nulla=curae&nisl=donec&nunc=pharetra&nisl=magna&duis=vestibulum&bibendum=aliquet&felis=ultrices&sed=erat&interdum=tortor&venenatis=sollicitudin&turpis=mi&enim=sit&blandit=amet&mi=lobortis&in=sapien&porttitor=sapien&pede=non&justo=mi&eu=integer&massa=ac&donec=neque&dapibus=duis&duis=bibendum&at=morbi&velit=non&eu=quam&est=nec&congue=dui&elementum=luctus&in=rutrum&hac=nulla&habitasse=tellus&platea=in&dictumst=sagittis&morbi=dui&vestibulum=vel&velit=nisl&id=duis&pretium=ac&iaculis=nibh&diam=fusce&erat=lacus&fermentum=purus&justo=aliquet&nec=at&condimentum=feugiat&neque=non&sapien=pretium,TRUE
+http://mysql.com/at/turpis.json?malesuada=mi&in=nulla&imperdiet=ac,TRUE
+https://blinklist.com/turpis/donec.jpg?in=justo&porttitor=maecenas&pede=rhoncus&justo=aliquam&eu=lacus&massa=morbi&donec=quis&dapibus=tortor&duis=id&at=nulla&velit=ultrices&eu=aliquet&est=maecenas&congue=leo&elementum=odio&in=condimentum&hac=id&habitasse=luctus&platea=nec&dictumst=molestie&morbi=sed&vestibulum=justo&velit=pellentesque&id=viverra&pretium=pede&iaculis=ac&diam=diam&erat=cras&fermentum=pellentesque&justo=volutpat,TRUE
+http://com.com/habitasse/platea/dictumst.html?est=imperdiet&quam=nullam&pharetra=orci&magna=pede&ac=venenatis&consequat=non&metus=sodales&sapien=sed&ut=tincidunt&nunc=eu&vestibulum=felis&ante=fusce&ipsum=posuere&primis=felis&in=sed&faucibus=lacus&orci=morbi,TRUE
+http://ftc.gov/magna/vulputate/luctus.js?vel=parturient&est=montes&donec=nascetur&odio=ridiculus&justo=mus&sollicitudin=vivamus&ut=vestibulum&suscipit=sagittis&a=sapien&feugiat=cum&et=sociis&eros=natoque&vestibulum=penatibus&ac=et&est=magnis&lacinia=dis&nisi=parturient&venenatis=montes&tristique=nascetur&fusce=ridiculus&congue=mus&diam=etiam&id=vel&ornare=augue&imperdiet=vestibulum&sapien=rutrum&urna=rutrum&pretium=neque&nisl=aenean&ut=auctor&volutpat=gravida&sapien=sem&arcu=praesent&sed=id&augue=massa&aliquam=id&erat=nisl&volutpat=venenatis&in=lacinia&congue=aenean&etiam=sit&justo=amet&etiam=justo&pretium=morbi&iaculis=ut&justo=odio&in=cras&hac=mi&habitasse=pede,TRUE
+http://foxnews.com/amet/consectetuer/adipiscing/elit.json?primis=in&in=est&faucibus=risus&orci=auctor&luctus=sed&et=tristique&ultrices=in&posuere=tempus&cubilia=sit&curae=amet&mauris=sem&viverra=fusce&diam=consequat&vitae=nulla&quam=nisl&suspendisse=nunc&potenti=nisl&nullam=duis&porttitor=bibendum&lacus=felis&at=sed&turpis=interdum&donec=venenatis&posuere=turpis&metus=enim&vitae=blandit&ipsum=mi&aliquam=in&non=porttitor&mauris=pede&morbi=justo&non=eu&lectus=massa&aliquam=donec&sit=dapibus&amet=duis&diam=at&in=velit&magna=eu&bibendum=est&imperdiet=congue&nullam=elementum&orci=in&pede=hac&venenatis=habitasse&non=platea&sodales=dictumst&sed=morbi&tincidunt=vestibulum&eu=velit&felis=id&fusce=pretium&posuere=iaculis&felis=diam&sed=erat&lacus=fermentum&morbi=justo&sem=nec&mauris=condimentum&laoreet=neque&ut=sapien&rhoncus=placerat&aliquet=ante&pulvinar=nulla&sed=justo&nisl=aliquam&nunc=quis&rhoncus=turpis&dui=eget&vel=elit&sem=sodales&sed=scelerisque&sagittis=mauris&nam=sit&congue=amet&risus=eros&semper=suspendisse&porta=accumsan&volutpat=tortor&quam=quis&pede=turpis&lobortis=sed&ligula=ante&sit=vivamus&amet=tortor&eleifend=duis&pede=mattis&libero=egestas&quis=metus&orci=aenean,TRUE
+https://blinklist.com/sapien/ut/nunc/vestibulum/ante/ipsum.jsp?id=ligula&luctus=suspendisse&nec=ornare&molestie=consequat&sed=lectus&justo=in&pellentesque=est&viverra=risus&pede=auctor&ac=sed&diam=tristique&cras=in&pellentesque=tempus&volutpat=sit&dui=amet&maecenas=sem&tristique=fusce&est=consequat&et=nulla&tempus=nisl&semper=nunc&est=nisl&quam=duis&pharetra=bibendum&magna=felis&ac=sed&consequat=interdum&metus=venenatis&sapien=turpis&ut=enim&nunc=blandit&vestibulum=mi&ante=in&ipsum=porttitor&primis=pede&in=justo&faucibus=eu&orci=massa&luctus=donec&et=dapibus&ultrices=duis&posuere=at&cubilia=velit&curae=eu,TRUE
+http://hc360.com/vestibulum/aliquet/ultrices/erat/tortor/sollicitudin.json?dolor=odio&sit=odio&amet=elementum&consectetuer=eu&adipiscing=interdum&elit=eu&proin=tincidunt&risus=in&praesent=leo&lectus=maecenas&vestibulum=pulvinar&quam=lobortis&sapien=est&varius=phasellus&ut=sit&blandit=amet&non=erat&interdum=nulla&in=tempus&ante=vivamus&vestibulum=in&ante=felis&ipsum=eu&primis=sapien&in=cursus&faucibus=vestibulum&orci=proin&luctus=eu&et=mi&ultrices=nulla,TRUE
+http://prnewswire.com/pulvinar/nulla/pede/ullamcorper/augue/a.aspx?lobortis=eget&convallis=tincidunt&tortor=eget&risus=tempus&dapibus=vel&augue=pede&vel=morbi&accumsan=porttitor&tellus=lorem&nisi=id&eu=ligula&orci=suspendisse&mauris=ornare&lacinia=consequat&sapien=lectus&quis=in&libero=est&nullam=risus&sit=auctor&amet=sed&turpis=tristique&elementum=in&ligula=tempus&vehicula=sit&consequat=amet&morbi=sem&a=fusce&ipsum=consequat&integer=nulla&a=nisl&nibh=nunc&in=nisl&quis=duis&justo=bibendum&maecenas=felis&rhoncus=sed&aliquam=interdum&lacus=venenatis&morbi=turpis&quis=enim&tortor=blandit&id=mi&nulla=in&ultrices=porttitor&aliquet=pede&maecenas=justo&leo=eu&odio=massa&condimentum=donec&id=dapibus&luctus=duis&nec=at&molestie=velit&sed=eu&justo=est&pellentesque=congue&viverra=elementum&pede=in&ac=hac&diam=habitasse&cras=platea&pellentesque=dictumst&volutpat=morbi&dui=vestibulum&maecenas=velit&tristique=id&est=pretium&et=iaculis&tempus=diam&semper=erat&est=fermentum&quam=justo&pharetra=nec&magna=condimentum&ac=neque&consequat=sapien&metus=placerat&sapien=ante&ut=nulla&nunc=justo&vestibulum=aliquam&ante=quis,TRUE
+http://networksolutions.com/curabitur/gravida/nisi/at.jsp?quam=vitae&a=quam&odio=suspendisse&in=potenti&hac=nullam&habitasse=porttitor&platea=lacus&dictumst=at&maecenas=turpis&ut=donec&massa=posuere&quis=metus&augue=vitae&luctus=ipsum&tincidunt=aliquam&nulla=non&mollis=mauris&molestie=morbi&lorem=non&quisque=lectus&ut=aliquam&erat=sit&curabitur=amet&gravida=diam&nisi=in&at=magna&nibh=bibendum&in=imperdiet&hac=nullam&habitasse=orci&platea=pede&dictumst=venenatis&aliquam=non&augue=sodales&quam=sed&sollicitudin=tincidunt&vitae=eu&consectetuer=felis&eget=fusce&rutrum=posuere&at=felis&lorem=sed&integer=lacus&tincidunt=morbi&ante=sem&vel=mauris,TRUE
+http://biglobe.ne.jp/morbi/a/ipsum/integer.html?congue=praesent&diam=blandit&id=lacinia&ornare=erat&imperdiet=vestibulum&sapien=sed&urna=magna&pretium=at&nisl=nunc&ut=commodo&volutpat=placerat&sapien=praesent&arcu=blandit&sed=nam&augue=nulla&aliquam=integer&erat=pede&volutpat=justo&in=lacinia&congue=eget&etiam=tincidunt&justo=eget&etiam=tempus&pretium=vel&iaculis=pede&justo=morbi&in=porttitor&hac=lorem&habitasse=id&platea=ligula&dictumst=suspendisse&etiam=ornare&faucibus=consequat&cursus=lectus&urna=in&ut=est,TRUE
+https://fda.gov/velit.aspx?pede=nisi&justo=volutpat&lacinia=eleifend&eget=donec&tincidunt=ut&eget=dolor&tempus=morbi&vel=vel&pede=lectus&morbi=in&porttitor=quam&lorem=fringilla&id=rhoncus&ligula=mauris&suspendisse=enim&ornare=leo&consequat=rhoncus&lectus=sed&in=vestibulum&est=sit&risus=amet&auctor=cursus&sed=id&tristique=turpis&in=integer&tempus=aliquet&sit=massa&amet=id&sem=lobortis&fusce=convallis&consequat=tortor&nulla=risus&nisl=dapibus&nunc=augue&nisl=vel&duis=accumsan&bibendum=tellus,TRUE
+https://furl.net/nibh/quisque/id/justo.jpg?penatibus=risus&et=praesent&magnis=lectus&dis=vestibulum&parturient=quam&montes=sapien&nascetur=varius&ridiculus=ut&mus=blandit&vivamus=non&vestibulum=interdum&sagittis=in&sapien=ante&cum=vestibulum&sociis=ante&natoque=ipsum&penatibus=primis&et=in&magnis=faucibus&dis=orci&parturient=luctus&montes=et&nascetur=ultrices&ridiculus=posuere&mus=cubilia&etiam=curae&vel=duis&augue=faucibus&vestibulum=accumsan&rutrum=odio&rutrum=curabitur&neque=convallis&aenean=duis,TRUE
+http://fda.gov/ac/consequat.json?massa=metus&volutpat=sapien&convallis=ut&morbi=nunc&odio=vestibulum&odio=ante&elementum=ipsum&eu=primis&interdum=in&eu=faucibus&tincidunt=orci&in=luctus&leo=et&maecenas=ultrices&pulvinar=posuere&lobortis=cubilia&est=curae,TRUE
+http://lulu.com/vitae/nisl/aenean/lectus.aspx?posuere=arcu&cubilia=adipiscing&curae=molestie&duis=hendrerit&faucibus=at&accumsan=vulputate&odio=vitae&curabitur=nisl&convallis=aenean&duis=lectus&consequat=pellentesque&dui=eget&nec=nunc&nisi=donec&volutpat=quis&eleifend=orci&donec=eget&ut=orci&dolor=vehicula&morbi=condimentum&vel=curabitur&lectus=in&in=libero&quam=ut&fringilla=massa&rhoncus=volutpat&mauris=convallis&enim=morbi&leo=odio&rhoncus=odio&sed=elementum&vestibulum=eu&sit=interdum&amet=eu&cursus=tincidunt&id=in&turpis=leo&integer=maecenas&aliquet=pulvinar&massa=lobortis&id=est&lobortis=phasellus&convallis=sit&tortor=amet&risus=erat&dapibus=nulla&augue=tempus&vel=vivamus&accumsan=in&tellus=felis&nisi=eu&eu=sapien&orci=cursus&mauris=vestibulum&lacinia=proin&sapien=eu&quis=mi&libero=nulla&nullam=ac&sit=enim&amet=in&turpis=tempor&elementum=turpis&ligula=nec&vehicula=euismod&consequat=scelerisque&morbi=quam&a=turpis&ipsum=adipiscing&integer=lorem&a=vitae&nibh=mattis&in=nibh,TRUE
+https://state.tx.us/amet/erat/nulla/tempus/vivamus/in.aspx?justo=pede&morbi=justo&ut=eu&odio=massa&cras=donec&mi=dapibus&pede=duis&malesuada=at&in=velit&imperdiet=eu&et=est&commodo=congue&vulputate=elementum&justo=in&in=hac&blandit=habitasse&ultrices=platea&enim=dictumst&lorem=morbi&ipsum=vestibulum&dolor=velit&sit=id&amet=pretium&consectetuer=iaculis&adipiscing=diam&elit=erat&proin=fermentum&interdum=justo&mauris=nec&non=condimentum&ligula=neque&pellentesque=sapien&ultrices=placerat&phasellus=ante&id=nulla&sapien=justo&in=aliquam&sapien=quis&iaculis=turpis&congue=eget,TRUE
+http://example.com/justo.jpg?odio=elementum&curabitur=pellentesque&convallis=quisque&duis=porta&consequat=volutpat&dui=erat&nec=quisque&nisi=erat&volutpat=eros&eleifend=viverra&donec=eget&ut=congue&dolor=eget&morbi=semper&vel=rutrum&lectus=nulla&in=nunc&quam=purus&fringilla=phasellus&rhoncus=in&mauris=felis&enim=donec&leo=semper&rhoncus=sapien&sed=a&vestibulum=libero&sit=nam&amet=dui&cursus=proin&id=leo&turpis=odio&integer=porttitor&aliquet=id&massa=consequat&id=in&lobortis=consequat&convallis=ut&tortor=nulla&risus=sed&dapibus=accumsan&augue=felis&vel=ut&accumsan=at&tellus=dolor&nisi=quis&eu=odio&orci=consequat&mauris=varius&lacinia=integer&sapien=ac&quis=leo&libero=pellentesque&nullam=ultrices&sit=mattis&amet=odio&turpis=donec&elementum=vitae&ligula=nisi&vehicula=nam&consequat=ultrices&morbi=libero&a=non&ipsum=mattis&integer=pulvinar&a=nulla,TRUE
+https://lycos.com/ridiculus/mus/etiam/vel/augue.json?vel=nulla&nulla=suspendisse&eget=potenti&eros=cras&elementum=in&pellentesque=purus&quisque=eu&porta=magna&volutpat=vulputate&erat=luctus&quisque=cum&erat=sociis&eros=natoque&viverra=penatibus&eget=et&congue=magnis&eget=dis&semper=parturient&rutrum=montes&nulla=nascetur&nunc=ridiculus&purus=mus&phasellus=vivamus&in=vestibulum&felis=sagittis&donec=sapien&semper=cum&sapien=sociis&a=natoque&libero=penatibus&nam=et&dui=magnis&proin=dis&leo=parturient&odio=montes&porttitor=nascetur&id=ridiculus,TRUE
+http://utexas.edu/est/risus.json?eu=nunc&massa=proin&donec=at&dapibus=turpis&duis=a&at=pede&velit=posuere&eu=nonummy&est=integer&congue=non&elementum=velit&in=donec&hac=diam&habitasse=neque&platea=vestibulum&dictumst=eget&morbi=vulputate&vestibulum=ut&velit=ultrices&id=vel&pretium=augue&iaculis=vestibulum&diam=ante&erat=ipsum&fermentum=primis&justo=in&nec=faucibus&condimentum=orci&neque=luctus&sapien=et&placerat=ultrices&ante=posuere&nulla=cubilia&justo=curae&aliquam=donec&quis=pharetra&turpis=magna&eget=vestibulum&elit=aliquet&sodales=ultrices&scelerisque=erat&mauris=tortor&sit=sollicitudin&amet=mi&eros=sit&suspendisse=amet&accumsan=lobortis&tortor=sapien&quis=sapien&turpis=non&sed=mi&ante=integer&vivamus=ac&tortor=neque&duis=duis,TRUE
+http://dell.com/elementum/pellentesque/quisque.xml?quam=praesent&suspendisse=id&potenti=massa&nullam=id&porttitor=nisl&lacus=venenatis&at=lacinia&turpis=aenean&donec=sit&posuere=amet&metus=justo&vitae=morbi&ipsum=ut&aliquam=odio&non=cras&mauris=mi&morbi=pede&non=malesuada&lectus=in&aliquam=imperdiet&sit=et&amet=commodo&diam=vulputate&in=justo&magna=in&bibendum=blandit&imperdiet=ultrices&nullam=enim&orci=lorem&pede=ipsum&venenatis=dolor&non=sit&sodales=amet&sed=consectetuer&tincidunt=adipiscing&eu=elit&felis=proin&fusce=interdum&posuere=mauris&felis=non&sed=ligula&lacus=pellentesque&morbi=ultrices&sem=phasellus&mauris=id&laoreet=sapien&ut=in&rhoncus=sapien&aliquet=iaculis&pulvinar=congue&sed=vivamus&nisl=metus&nunc=arcu&rhoncus=adipiscing&dui=molestie&vel=hendrerit&sem=at&sed=vulputate&sagittis=vitae&nam=nisl&congue=aenean&risus=lectus&semper=pellentesque&porta=eget&volutpat=nunc&quam=donec&pede=quis&lobortis=orci&ligula=eget&sit=orci&amet=vehicula&eleifend=condimentum&pede=curabitur&libero=in&quis=libero&orci=ut&nullam=massa&molestie=volutpat&nibh=convallis&in=morbi&lectus=odio&pellentesque=odio&at=elementum&nulla=eu&suspendisse=interdum,TRUE
+https://reverbnation.com/lobortis/vel/dapibus.xml?vehicula=non&consequat=pretium&morbi=quis&a=lectus&ipsum=suspendisse&integer=potenti&a=in&nibh=eleifend&in=quam&quis=a&justo=odio&maecenas=in&rhoncus=hac&aliquam=habitasse&lacus=platea&morbi=dictumst&quis=maecenas&tortor=ut&id=massa&nulla=quis&ultrices=augue&aliquet=luctus&maecenas=tincidunt&leo=nulla&odio=mollis&condimentum=molestie&id=lorem&luctus=quisque&nec=ut&molestie=erat&sed=curabitur&justo=gravida&pellentesque=nisi,TRUE
+http://mlb.com/mauris/laoreet/ut/rhoncus.aspx?proin=mauris&risus=eget&praesent=massa&lectus=tempor&vestibulum=convallis&quam=nulla&sapien=neque&varius=libero&ut=convallis&blandit=eget&non=eleifend&interdum=luctus&in=ultricies&ante=eu&vestibulum=nibh&ante=quisque&ipsum=id&primis=justo&in=sit&faucibus=amet&orci=sapien&luctus=dignissim&et=vestibulum&ultrices=vestibulum&posuere=ante&cubilia=ipsum&curae=primis&duis=in&faucibus=faucibus&accumsan=orci&odio=luctus&curabitur=et&convallis=ultrices&duis=posuere&consequat=cubilia&dui=curae&nec=nulla&nisi=dapibus&volutpat=dolor&eleifend=vel&donec=est&ut=donec&dolor=odio&morbi=justo&vel=sollicitudin&lectus=ut&in=suscipit&quam=a&fringilla=feugiat&rhoncus=et&mauris=eros&enim=vestibulum&leo=ac&rhoncus=est&sed=lacinia&vestibulum=nisi&sit=venenatis&amet=tristique&cursus=fusce&id=congue&turpis=diam&integer=id&aliquet=ornare&massa=imperdiet&id=sapien&lobortis=urna&convallis=pretium&tortor=nisl&risus=ut,TRUE
+http://omniture.com/velit/vivamus/vel.json?ipsum=diam&primis=id&in=ornare&faucibus=imperdiet&orci=sapien&luctus=urna&et=pretium&ultrices=nisl&posuere=ut&cubilia=volutpat&curae=sapien&mauris=arcu&viverra=sed&diam=augue&vitae=aliquam&quam=erat&suspendisse=volutpat&potenti=in&nullam=congue&porttitor=etiam&lacus=justo&at=etiam&turpis=pretium&donec=iaculis&posuere=justo&metus=in&vitae=hac&ipsum=habitasse&aliquam=platea&non=dictumst&mauris=etiam&morbi=faucibus&non=cursus&lectus=urna&aliquam=ut&sit=tellus&amet=nulla&diam=ut&in=erat&magna=id&bibendum=mauris&imperdiet=vulputate&nullam=elementum&orci=nullam&pede=varius&venenatis=nulla&non=facilisi&sodales=cras&sed=non&tincidunt=velit&eu=nec&felis=nisi&fusce=vulputate&posuere=nonummy&felis=maecenas&sed=tincidunt&lacus=lacus&morbi=at&sem=velit&mauris=vivamus&laoreet=vel&ut=nulla&rhoncus=eget&aliquet=eros&pulvinar=elementum&sed=pellentesque&nisl=quisque&nunc=porta&rhoncus=volutpat&dui=erat&vel=quisque,TRUE
+http://howstuffworks.com/pellentesque/quisque/porta/volutpat/erat.jsp?odio=condimentum&justo=id&sollicitudin=luctus&ut=nec&suscipit=molestie&a=sed&feugiat=justo&et=pellentesque&eros=viverra&vestibulum=pede&ac=ac&est=diam&lacinia=cras&nisi=pellentesque&venenatis=volutpat&tristique=dui&fusce=maecenas&congue=tristique&diam=est&id=et&ornare=tempus&imperdiet=semper&sapien=est&urna=quam,TRUE
+https://odnoklassniki.ru/pretium/quis/lectus/suspendisse/potenti.png?felis=lorem&fusce=ipsum&posuere=dolor&felis=sit&sed=amet&lacus=consectetuer&morbi=adipiscing&sem=elit&mauris=proin&laoreet=interdum&ut=mauris&rhoncus=non&aliquet=ligula&pulvinar=pellentesque&sed=ultrices&nisl=phasellus&nunc=id&rhoncus=sapien&dui=in&vel=sapien&sem=iaculis&sed=congue&sagittis=vivamus&nam=metus&congue=arcu&risus=adipiscing&semper=molestie&porta=hendrerit&volutpat=at&quam=vulputate&pede=vitae&lobortis=nisl&ligula=aenean&sit=lectus&amet=pellentesque&eleifend=eget&pede=nunc&libero=donec&quis=quis&orci=orci&nullam=eget&molestie=orci&nibh=vehicula&in=condimentum&lectus=curabitur&pellentesque=in&at=libero&nulla=ut&suspendisse=massa&potenti=volutpat&cras=convallis&in=morbi&purus=odio&eu=odio&magna=elementum&vulputate=eu&luctus=interdum,TRUE
+https://mlb.com/ligula/nec/sem/duis/aliquam/convallis.js?venenatis=vulputate&non=elementum&sodales=nullam&sed=varius&tincidunt=nulla&eu=facilisi&felis=cras&fusce=non&posuere=velit&felis=nec&sed=nisi&lacus=vulputate&morbi=nonummy&sem=maecenas&mauris=tincidunt&laoreet=lacus&ut=at&rhoncus=velit&aliquet=vivamus&pulvinar=vel&sed=nulla&nisl=eget&nunc=eros&rhoncus=elementum&dui=pellentesque&vel=quisque&sem=porta&sed=volutpat&sagittis=erat&nam=quisque,TRUE
+https://pbs.org/eget/semper/rutrum/nulla.aspx?diam=nonummy&neque=maecenas&vestibulum=tincidunt&eget=lacus&vulputate=at&ut=velit&ultrices=vivamus&vel=vel&augue=nulla&vestibulum=eget&ante=eros&ipsum=elementum&primis=pellentesque&in=quisque&faucibus=porta&orci=volutpat&luctus=erat&et=quisque&ultrices=erat&posuere=eros&cubilia=viverra&curae=eget&donec=congue&pharetra=eget&magna=semper&vestibulum=rutrum&aliquet=nulla&ultrices=nunc&erat=purus&tortor=phasellus&sollicitudin=in&mi=felis&sit=donec&amet=semper&lobortis=sapien&sapien=a&sapien=libero&non=nam&mi=dui&integer=proin&ac=leo&neque=odio&duis=porttitor&bibendum=id&morbi=consequat&non=in&quam=consequat&nec=ut&dui=nulla&luctus=sed&rutrum=accumsan&nulla=felis&tellus=ut&in=at&sagittis=dolor&dui=quis&vel=odio&nisl=consequat&duis=varius,TRUE
+https://cmu.edu/justo/sit/amet/sapien/dignissim/vestibulum/vestibulum.png?habitasse=auctor&platea=gravida&dictumst=sem&morbi=praesent&vestibulum=id&velit=massa&id=id&pretium=nisl&iaculis=venenatis&diam=lacinia&erat=aenean,TRUE
+https://e-recht24.de/a/pede/posuere.html?varius=dignissim&ut=vestibulum&blandit=vestibulum&non=ante&interdum=ipsum&in=primis&ante=in&vestibulum=faucibus&ante=orci&ipsum=luctus&primis=et&in=ultrices&faucibus=posuere&orci=cubilia&luctus=curae&et=nulla&ultrices=dapibus&posuere=dolor&cubilia=vel&curae=est&duis=donec&faucibus=odio&accumsan=justo&odio=sollicitudin&curabitur=ut&convallis=suscipit&duis=a&consequat=feugiat&dui=et&nec=eros&nisi=vestibulum&volutpat=ac&eleifend=est&donec=lacinia&ut=nisi&dolor=venenatis&morbi=tristique&vel=fusce&lectus=congue&in=diam&quam=id&fringilla=ornare&rhoncus=imperdiet&mauris=sapien&enim=urna&leo=pretium&rhoncus=nisl&sed=ut&vestibulum=volutpat&sit=sapien&amet=arcu&cursus=sed&id=augue&turpis=aliquam&integer=erat&aliquet=volutpat&massa=in&id=congue&lobortis=etiam&convallis=justo&tortor=etiam&risus=pretium&dapibus=iaculis&augue=justo&vel=in&accumsan=hac&tellus=habitasse&nisi=platea&eu=dictumst&orci=etiam&mauris=faucibus,TRUE
+http://lycos.com/enim/blandit/mi/in/porttitor/pede.html?porta=tortor&volutpat=quis&quam=turpis&pede=sed&lobortis=ante&ligula=vivamus&sit=tortor&amet=duis&eleifend=mattis&pede=egestas&libero=metus&quis=aenean&orci=fermentum&nullam=donec&molestie=ut,TRUE
+http://naver.com/curae.png?quam=quis&suspendisse=augue&potenti=luctus&nullam=tincidunt&porttitor=nulla&lacus=mollis&at=molestie&turpis=lorem&donec=quisque&posuere=ut&metus=erat&vitae=curabitur&ipsum=gravida&aliquam=nisi&non=at&mauris=nibh&morbi=in&non=hac&lectus=habitasse&aliquam=platea&sit=dictumst&amet=aliquam&diam=augue&in=quam&magna=sollicitudin&bibendum=vitae&imperdiet=consectetuer&nullam=eget&orci=rutrum&pede=at,TRUE
+http://cbc.ca/porttitor/lorem.xml?massa=erat&tempor=id&convallis=mauris&nulla=vulputate&neque=elementum&libero=nullam&convallis=varius&eget=nulla&eleifend=facilisi&luctus=cras&ultricies=non&eu=velit&nibh=nec&quisque=nisi&id=vulputate&justo=nonummy&sit=maecenas&amet=tincidunt&sapien=lacus&dignissim=at&vestibulum=velit&vestibulum=vivamus&ante=vel&ipsum=nulla&primis=eget&in=eros&faucibus=elementum&orci=pellentesque&luctus=quisque&et=porta&ultrices=volutpat&posuere=erat&cubilia=quisque&curae=erat&nulla=eros&dapibus=viverra&dolor=eget&vel=congue&est=eget,TRUE
+http://typepad.com/justo/aliquam/quis/turpis/eget/elit.xml?gravida=ipsum&nisi=dolor&at=sit&nibh=amet&in=consectetuer&hac=adipiscing&habitasse=elit&platea=proin&dictumst=interdum&aliquam=mauris&augue=non&quam=ligula&sollicitudin=pellentesque&vitae=ultrices&consectetuer=phasellus&eget=id&rutrum=sapien&at=in&lorem=sapien&integer=iaculis&tincidunt=congue&ante=vivamus&vel=metus&ipsum=arcu&praesent=adipiscing&blandit=molestie&lacinia=hendrerit&erat=at&vestibulum=vulputate&sed=vitae&magna=nisl&at=aenean&nunc=lectus&commodo=pellentesque&placerat=eget&praesent=nunc&blandit=donec&nam=quis&nulla=orci&integer=eget&pede=orci&justo=vehicula&lacinia=condimentum&eget=curabitur&tincidunt=in&eget=libero&tempus=ut&vel=massa,TRUE
+http://who.int/non/mauris/morbi/non.js?rhoncus=eget&aliquam=eleifend&lacus=luctus&morbi=ultricies&quis=eu&tortor=nibh&id=quisque&nulla=id&ultrices=justo&aliquet=sit&maecenas=amet&leo=sapien&odio=dignissim&condimentum=vestibulum&id=vestibulum&luctus=ante&nec=ipsum&molestie=primis&sed=in,TRUE
+http://wikispaces.com/augue/aliquam/erat.html?mauris=nisi&non=eu,TRUE
+http://jugem.jp/molestie/lorem/quisque.xml?in=quam&hac=a&habitasse=odio&platea=in&dictumst=hac&aliquam=habitasse&augue=platea&quam=dictumst&sollicitudin=maecenas&vitae=ut&consectetuer=massa&eget=quis&rutrum=augue&at=luctus&lorem=tincidunt&integer=nulla&tincidunt=mollis&ante=molestie&vel=lorem&ipsum=quisque&praesent=ut,TRUE
+https://shutterfly.com/lobortis/vel/dapibus/at/diam.jsp?dui=tristique&proin=est&leo=et&odio=tempus&porttitor=semper&id=est&consequat=quam&in=pharetra&consequat=magna&ut=ac&nulla=consequat&sed=metus&accumsan=sapien&felis=ut&ut=nunc&at=vestibulum&dolor=ante&quis=ipsum&odio=primis&consequat=in&varius=faucibus&integer=orci&ac=luctus&leo=et&pellentesque=ultrices&ultrices=posuere&mattis=cubilia&odio=curae&donec=mauris&vitae=viverra&nisi=diam&nam=vitae&ultrices=quam&libero=suspendisse&non=potenti&mattis=nullam&pulvinar=porttitor&nulla=lacus&pede=at&ullamcorper=turpis&augue=donec&a=posuere&suscipit=metus&nulla=vitae&elit=ipsum&ac=aliquam&nulla=non&sed=mauris&vel=morbi&enim=non&sit=lectus,TRUE
+https://instagram.com/elit/proin/interdum.aspx?neque=amet&aenean=cursus&auctor=id&gravida=turpis&sem=integer&praesent=aliquet&id=massa&massa=id&id=lobortis&nisl=convallis&venenatis=tortor&lacinia=risus&aenean=dapibus&sit=augue,TRUE
+https://cdbaby.com/sit/amet/eleifend/pede/libero/quis.png?cum=felis&sociis=sed&natoque=lacus&penatibus=morbi&et=sem&magnis=mauris&dis=laoreet&parturient=ut&montes=rhoncus&nascetur=aliquet&ridiculus=pulvinar&mus=sed&etiam=nisl&vel=nunc&augue=rhoncus&vestibulum=dui&rutrum=vel&rutrum=sem&neque=sed&aenean=sagittis&auctor=nam&gravida=congue&sem=risus&praesent=semper&id=porta&massa=volutpat&id=quam&nisl=pede&venenatis=lobortis&lacinia=ligula&aenean=sit&sit=amet&amet=eleifend&justo=pede&morbi=libero&ut=quis&odio=orci&cras=nullam&mi=molestie&pede=nibh&malesuada=in&in=lectus&imperdiet=pellentesque&et=at&commodo=nulla&vulputate=suspendisse&justo=potenti&in=cras&blandit=in&ultrices=purus&enim=eu&lorem=magna&ipsum=vulputate&dolor=luctus&sit=cum&amet=sociis&consectetuer=natoque&adipiscing=penatibus&elit=et&proin=magnis&interdum=dis&mauris=parturient&non=montes&ligula=nascetur&pellentesque=ridiculus&ultrices=mus&phasellus=vivamus,TRUE
+http://artisteer.com/eu/magna/vulputate/luctus/cum/sociis.jpg?in=quisque&faucibus=porta&orci=volutpat&luctus=erat&et=quisque&ultrices=erat&posuere=eros&cubilia=viverra&curae=eget&duis=congue&faucibus=eget&accumsan=semper&odio=rutrum&curabitur=nulla&convallis=nunc&duis=purus&consequat=phasellus&dui=in&nec=felis&nisi=donec&volutpat=semper&eleifend=sapien&donec=a&ut=libero&dolor=nam&morbi=dui&vel=proin&lectus=leo&in=odio&quam=porttitor&fringilla=id&rhoncus=consequat&mauris=in&enim=consequat&leo=ut&rhoncus=nulla&sed=sed&vestibulum=accumsan&sit=felis&amet=ut&cursus=at&id=dolor&turpis=quis&integer=odio&aliquet=consequat&massa=varius&id=integer&lobortis=ac&convallis=leo&tortor=pellentesque&risus=ultrices&dapibus=mattis&augue=odio&vel=donec&accumsan=vitae&tellus=nisi&nisi=nam&eu=ultrices&orci=libero&mauris=non&lacinia=mattis&sapien=pulvinar&quis=nulla&libero=pede&nullam=ullamcorper&sit=augue&amet=a&turpis=suscipit&elementum=nulla&ligula=elit&vehicula=ac&consequat=nulla&morbi=sed&a=vel&ipsum=enim&integer=sit&a=amet&nibh=nunc&in=viverra&quis=dapibus&justo=nulla&maecenas=suscipit&rhoncus=ligula&aliquam=in&lacus=lacus&morbi=curabitur&quis=at&tortor=ipsum&id=ac&nulla=tellus&ultrices=semper&aliquet=interdum&maecenas=mauris&leo=ullamcorper&odio=purus&condimentum=sit&id=amet,TRUE
+http://bandcamp.com/sed/augue/aliquam/erat.jsp?sed=nunc&interdum=rhoncus&venenatis=dui&turpis=vel&enim=sem&blandit=sed&mi=sagittis&in=nam&porttitor=congue&pede=risus&justo=semper&eu=porta&massa=volutpat&donec=quam&dapibus=pede&duis=lobortis&at=ligula&velit=sit&eu=amet&est=eleifend&congue=pede&elementum=libero&in=quis&hac=orci&habitasse=nullam&platea=molestie&dictumst=nibh&morbi=in&vestibulum=lectus&velit=pellentesque&id=at&pretium=nulla&iaculis=suspendisse&diam=potenti&erat=cras&fermentum=in&justo=purus&nec=eu&condimentum=magna&neque=vulputate&sapien=luctus&placerat=cum&ante=sociis&nulla=natoque&justo=penatibus&aliquam=et&quis=magnis&turpis=dis&eget=parturient&elit=montes&sodales=nascetur&scelerisque=ridiculus&mauris=mus&sit=vivamus&amet=vestibulum&eros=sagittis&suspendisse=sapien&accumsan=cum&tortor=sociis&quis=natoque&turpis=penatibus&sed=et&ante=magnis&vivamus=dis&tortor=parturient&duis=montes&mattis=nascetur&egestas=ridiculus&metus=mus&aenean=etiam&fermentum=vel&donec=augue&ut=vestibulum&mauris=rutrum&eget=rutrum&massa=neque&tempor=aenean&convallis=auctor&nulla=gravida&neque=sem&libero=praesent&convallis=id&eget=massa&eleifend=id&luctus=nisl&ultricies=venenatis&eu=lacinia&nibh=aenean,TRUE
+http://shinystat.com/diam/neque/vestibulum/eget/vulputate.xml?ut=eros&blandit=vestibulum&non=ac&interdum=est&in=lacinia&ante=nisi&vestibulum=venenatis&ante=tristique&ipsum=fusce&primis=congue&in=diam&faucibus=id&orci=ornare&luctus=imperdiet&et=sapien&ultrices=urna&posuere=pretium&cubilia=nisl&curae=ut&duis=volutpat&faucibus=sapien&accumsan=arcu&odio=sed&curabitur=augue&convallis=aliquam&duis=erat&consequat=volutpat&dui=in&nec=congue&nisi=etiam&volutpat=justo&eleifend=etiam&donec=pretium&ut=iaculis&dolor=justo&morbi=in&vel=hac&lectus=habitasse&in=platea&quam=dictumst&fringilla=etiam&rhoncus=faucibus&mauris=cursus&enim=urna&leo=ut&rhoncus=tellus&sed=nulla&vestibulum=ut&sit=erat&amet=id&cursus=mauris&id=vulputate&turpis=elementum&integer=nullam&aliquet=varius&massa=nulla&id=facilisi&lobortis=cras&convallis=non&tortor=velit&risus=nec&dapibus=nisi&augue=vulputate&vel=nonummy&accumsan=maecenas&tellus=tincidunt&nisi=lacus&eu=at&orci=velit&mauris=vivamus&lacinia=vel&sapien=nulla&quis=eget&libero=eros&nullam=elementum&sit=pellentesque&amet=quisque&turpis=porta&elementum=volutpat&ligula=erat&vehicula=quisque,TRUE
+https://vistaprint.com/duis/bibendum.json?vestibulum=ut&rutrum=odio&rutrum=cras&neque=mi&aenean=pede&auctor=malesuada&gravida=in&sem=imperdiet&praesent=et&id=commodo&massa=vulputate&id=justo&nisl=in&venenatis=blandit&lacinia=ultrices&aenean=enim&sit=lorem&amet=ipsum&justo=dolor&morbi=sit&ut=amet&odio=consectetuer&cras=adipiscing&mi=elit&pede=proin&malesuada=interdum&in=mauris&imperdiet=non&et=ligula&commodo=pellentesque&vulputate=ultrices&justo=phasellus&in=id&blandit=sapien&ultrices=in&enim=sapien&lorem=iaculis&ipsum=congue&dolor=vivamus&sit=metus&amet=arcu&consectetuer=adipiscing&adipiscing=molestie&elit=hendrerit&proin=at&interdum=vulputate&mauris=vitae&non=nisl&ligula=aenean&pellentesque=lectus&ultrices=pellentesque&phasellus=eget&id=nunc&sapien=donec&in=quis&sapien=orci&iaculis=eget&congue=orci&vivamus=vehicula&metus=condimentum&arcu=curabitur&adipiscing=in&molestie=libero,TRUE
+http://rediff.com/non.aspx?duis=justo&mattis=in&egestas=blandit&metus=ultrices&aenean=enim&fermentum=lorem&donec=ipsum&ut=dolor&mauris=sit&eget=amet&massa=consectetuer&tempor=adipiscing&convallis=elit&nulla=proin&neque=interdum&libero=mauris&convallis=non&eget=ligula&eleifend=pellentesque&luctus=ultrices&ultricies=phasellus&eu=id&nibh=sapien&quisque=in&id=sapien&justo=iaculis&sit=congue&amet=vivamus,TRUE
+http://furl.net/tempor/convallis/nulla/neque/libero/convallis.aspx?justo=vestibulum&etiam=vestibulum&pretium=ante&iaculis=ipsum&justo=primis&in=in&hac=faucibus&habitasse=orci&platea=luctus&dictumst=et&etiam=ultrices&faucibus=posuere&cursus=cubilia&urna=curae&ut=nulla&tellus=dapibus&nulla=dolor&ut=vel&erat=est&id=donec&mauris=odio&vulputate=justo&elementum=sollicitudin&nullam=ut&varius=suscipit&nulla=a&facilisi=feugiat&cras=et&non=eros&velit=vestibulum&nec=ac&nisi=est&vulputate=lacinia&nonummy=nisi&maecenas=venenatis&tincidunt=tristique&lacus=fusce&at=congue&velit=diam&vivamus=id&vel=ornare&nulla=imperdiet&eget=sapien&eros=urna&elementum=pretium&pellentesque=nisl&quisque=ut&porta=volutpat&volutpat=sapien&erat=arcu&quisque=sed&erat=augue&eros=aliquam&viverra=erat&eget=volutpat&congue=in&eget=congue&semper=etiam&rutrum=justo&nulla=etiam&nunc=pretium&purus=iaculis&phasellus=justo&in=in&felis=hac&donec=habitasse&semper=platea&sapien=dictumst&a=etiam&libero=faucibus&nam=cursus&dui=urna&proin=ut&leo=tellus&odio=nulla&porttitor=ut&id=erat&consequat=id&in=mauris&consequat=vulputate&ut=elementum&nulla=nullam&sed=varius&accumsan=nulla&felis=facilisi&ut=cras&at=non&dolor=velit&quis=nec&odio=nisi&consequat=vulputate&varius=nonummy&integer=maecenas&ac=tincidunt&leo=lacus&pellentesque=at&ultrices=velit&mattis=vivamus&odio=vel,TRUE
+https://wikimedia.org/sapien/iaculis.xml?ultrices=integer&phasellus=a&id=nibh&sapien=in&in=quis,TRUE
+http://smh.com.au/aliquam/sit/amet/diam/in.jsp?id=velit&sapien=donec&in=diam&sapien=neque&iaculis=vestibulum&congue=eget&vivamus=vulputate&metus=ut&arcu=ultrices&adipiscing=vel&molestie=augue&hendrerit=vestibulum&at=ante&vulputate=ipsum&vitae=primis&nisl=in&aenean=faucibus&lectus=orci&pellentesque=luctus&eget=et&nunc=ultrices&donec=posuere&quis=cubilia&orci=curae&eget=donec&orci=pharetra&vehicula=magna&condimentum=vestibulum&curabitur=aliquet&in=ultrices&libero=erat&ut=tortor&massa=sollicitudin&volutpat=mi&convallis=sit&morbi=amet&odio=lobortis&odio=sapien&elementum=sapien&eu=non&interdum=mi&eu=integer&tincidunt=ac&in=neque&leo=duis&maecenas=bibendum&pulvinar=morbi&lobortis=non&est=quam&phasellus=nec&sit=dui&amet=luctus&erat=rutrum&nulla=nulla&tempus=tellus&vivamus=in&in=sagittis&felis=dui&eu=vel&sapien=nisl&cursus=duis&vestibulum=ac&proin=nibh&eu=fusce&mi=lacus&nulla=purus&ac=aliquet&enim=at&in=feugiat&tempor=non&turpis=pretium,TRUE
+http://people.com.cn/ac/neque/duis/bibendum/morbi/non.jpg?luctus=sodales&et=sed&ultrices=tincidunt&posuere=eu&cubilia=felis&curae=fusce&nulla=posuere&dapibus=felis&dolor=sed&vel=lacus&est=morbi&donec=sem&odio=mauris&justo=laoreet&sollicitudin=ut&ut=rhoncus&suscipit=aliquet&a=pulvinar&feugiat=sed&et=nisl&eros=nunc&vestibulum=rhoncus&ac=dui&est=vel&lacinia=sem&nisi=sed&venenatis=sagittis&tristique=nam&fusce=congue&congue=risus&diam=semper&id=porta&ornare=volutpat&imperdiet=quam&sapien=pede&urna=lobortis&pretium=ligula&nisl=sit&ut=amet&volutpat=eleifend&sapien=pede&arcu=libero&sed=quis&augue=orci&aliquam=nullam&erat=molestie&volutpat=nibh&in=in&congue=lectus&etiam=pellentesque,TRUE
+http://miitbeian.gov.cn/elit/ac/nulla.xml?tincidunt=auctor&nulla=sed&mollis=tristique&molestie=in&lorem=tempus&quisque=sit&ut=amet&erat=sem&curabitur=fusce&gravida=consequat&nisi=nulla&at=nisl&nibh=nunc&in=nisl&hac=duis&habitasse=bibendum&platea=felis&dictumst=sed&aliquam=interdum&augue=venenatis&quam=turpis&sollicitudin=enim&vitae=blandit&consectetuer=mi&eget=in&rutrum=porttitor&at=pede&lorem=justo&integer=eu&tincidunt=massa&ante=donec,TRUE
+https://ucsd.edu/nulla/pede/ullamcorper/augue/a/suscipit.json?felis=a&eu=pede&sapien=posuere&cursus=nonummy&vestibulum=integer&proin=non&eu=velit&mi=donec&nulla=diam&ac=neque&enim=vestibulum&in=eget&tempor=vulputate&turpis=ut&nec=ultrices&euismod=vel&scelerisque=augue&quam=vestibulum&turpis=ante&adipiscing=ipsum&lorem=primis&vitae=in&mattis=faucibus&nibh=orci&ligula=luctus&nec=et&sem=ultrices&duis=posuere&aliquam=cubilia&convallis=curae&nunc=donec&proin=pharetra&at=magna&turpis=vestibulum&a=aliquet&pede=ultrices&posuere=erat&nonummy=tortor&integer=sollicitudin&non=mi&velit=sit&donec=amet&diam=lobortis&neque=sapien&vestibulum=sapien&eget=non&vulputate=mi&ut=integer&ultrices=ac&vel=neque&augue=duis&vestibulum=bibendum&ante=morbi&ipsum=non&primis=quam&in=nec&faucibus=dui&orci=luctus&luctus=rutrum&et=nulla&ultrices=tellus&posuere=in&cubilia=sagittis&curae=dui&donec=vel&pharetra=nisl&magna=duis&vestibulum=ac&aliquet=nibh&ultrices=fusce&erat=lacus&tortor=purus,TRUE
+https://walmart.com/erat/curabitur/gravida.png?quam=nec&pharetra=nisi&magna=volutpat&ac=eleifend&consequat=donec&metus=ut&sapien=dolor&ut=morbi&nunc=vel&vestibulum=lectus&ante=in&ipsum=quam&primis=fringilla&in=rhoncus&faucibus=mauris&orci=enim&luctus=leo&et=rhoncus&ultrices=sed&posuere=vestibulum&cubilia=sit&curae=amet&mauris=cursus&viverra=id&diam=turpis&vitae=integer&quam=aliquet&suspendisse=massa&potenti=id&nullam=lobortis&porttitor=convallis&lacus=tortor,TRUE
+https://engadget.com/quis/orci/nullam/molestie/nibh.js?luctus=quisque&et=erat&ultrices=eros&posuere=viverra&cubilia=eget&curae=congue&mauris=eget&viverra=semper&diam=rutrum&vitae=nulla&quam=nunc&suspendisse=purus&potenti=phasellus&nullam=in&porttitor=felis&lacus=donec&at=semper&turpis=sapien&donec=a&posuere=libero&metus=nam&vitae=dui&ipsum=proin&aliquam=leo&non=odio&mauris=porttitor&morbi=id&non=consequat&lectus=in&aliquam=consequat&sit=ut&amet=nulla&diam=sed&in=accumsan&magna=felis&bibendum=ut&imperdiet=at&nullam=dolor&orci=quis&pede=odio&venenatis=consequat&non=varius&sodales=integer&sed=ac&tincidunt=leo&eu=pellentesque,TRUE
+http://cbc.ca/pellentesque/ultrices/mattis/odio/donec.js?felis=duis&donec=faucibus&semper=accumsan&sapien=odio&a=curabitur&libero=convallis&nam=duis&dui=consequat&proin=dui&leo=nec&odio=nisi&porttitor=volutpat&id=eleifend&consequat=donec&in=ut&consequat=dolor&ut=morbi&nulla=vel&sed=lectus&accumsan=in&felis=quam&ut=fringilla&at=rhoncus&dolor=mauris&quis=enim&odio=leo&consequat=rhoncus&varius=sed&integer=vestibulum&ac=sit&leo=amet&pellentesque=cursus&ultrices=id&mattis=turpis&odio=integer&donec=aliquet&vitae=massa&nisi=id&nam=lobortis&ultrices=convallis&libero=tortor&non=risus&mattis=dapibus&pulvinar=augue&nulla=vel&pede=accumsan&ullamcorper=tellus&augue=nisi&a=eu&suscipit=orci,TRUE
+https://clickbank.net/orci/pede/venenatis/non.jpg?mus=suscipit&etiam=a&vel=feugiat&augue=et&vestibulum=eros&rutrum=vestibulum&rutrum=ac&neque=est,TRUE
+https://about.me/id/mauris/vulputate/elementum.json?ullamcorper=in&augue=imperdiet&a=et&suscipit=commodo&nulla=vulputate&elit=justo&ac=in&nulla=blandit&sed=ultrices&vel=enim&enim=lorem&sit=ipsum&amet=dolor&nunc=sit&viverra=amet&dapibus=consectetuer&nulla=adipiscing&suscipit=elit&ligula=proin&in=interdum&lacus=mauris&curabitur=non&at=ligula&ipsum=pellentesque&ac=ultrices&tellus=phasellus&semper=id&interdum=sapien&mauris=in&ullamcorper=sapien&purus=iaculis&sit=congue&amet=vivamus&nulla=metus&quisque=arcu&arcu=adipiscing&libero=molestie&rutrum=hendrerit&ac=at&lobortis=vulputate&vel=vitae&dapibus=nisl&at=aenean&diam=lectus&nam=pellentesque,TRUE
+https://tinypic.com/at/nulla/suspendisse/potenti/cras/in.jpg?in=id&lectus=ornare&pellentesque=imperdiet&at=sapien&nulla=urna&suspendisse=pretium&potenti=nisl&cras=ut&in=volutpat&purus=sapien&eu=arcu&magna=sed&vulputate=augue&luctus=aliquam&cum=erat&sociis=volutpat&natoque=in&penatibus=congue&et=etiam&magnis=justo&dis=etiam&parturient=pretium&montes=iaculis&nascetur=justo&ridiculus=in&mus=hac&vivamus=habitasse&vestibulum=platea&sagittis=dictumst&sapien=etiam&cum=faucibus&sociis=cursus&natoque=urna&penatibus=ut&et=tellus&magnis=nulla&dis=ut&parturient=erat&montes=id&nascetur=mauris&ridiculus=vulputate&mus=elementum&etiam=nullam&vel=varius&augue=nulla&vestibulum=facilisi&rutrum=cras&rutrum=non&neque=velit&aenean=nec&auctor=nisi&gravida=vulputate&sem=nonummy&praesent=maecenas&id=tincidunt&massa=lacus&id=at&nisl=velit&venenatis=vivamus&lacinia=vel&aenean=nulla&sit=eget&amet=eros&justo=elementum&morbi=pellentesque&ut=quisque&odio=porta&cras=volutpat&mi=erat&pede=quisque&malesuada=erat&in=eros&imperdiet=viverra&et=eget&commodo=congue&vulputate=eget&justo=semper&in=rutrum,TRUE
+https://delicious.com/nulla/elit/ac.html?convallis=curae&nulla=nulla&neque=dapibus&libero=dolor&convallis=vel&eget=est&eleifend=donec&luctus=odio&ultricies=justo&eu=sollicitudin&nibh=ut&quisque=suscipit&id=a&justo=feugiat&sit=et&amet=eros&sapien=vestibulum&dignissim=ac&vestibulum=est&vestibulum=lacinia&ante=nisi&ipsum=venenatis&primis=tristique&in=fusce&faucibus=congue&orci=diam&luctus=id,TRUE
+http://infoseek.co.jp/mauris/laoreet/ut/rhoncus/aliquet/pulvinar/sed.xml?pellentesque=placerat&viverra=praesent&pede=blandit&ac=nam&diam=nulla&cras=integer&pellentesque=pede&volutpat=justo&dui=lacinia&maecenas=eget&tristique=tincidunt&est=eget&et=tempus&tempus=vel&semper=pede&est=morbi&quam=porttitor&pharetra=lorem&magna=id&ac=ligula&consequat=suspendisse&metus=ornare&sapien=consequat&ut=lectus&nunc=in&vestibulum=est&ante=risus&ipsum=auctor&primis=sed&in=tristique&faucibus=in&orci=tempus&luctus=sit&et=amet&ultrices=sem&posuere=fusce&cubilia=consequat&curae=nulla&mauris=nisl&viverra=nunc&diam=nisl&vitae=duis&quam=bibendum&suspendisse=felis&potenti=sed&nullam=interdum&porttitor=venenatis&lacus=turpis&at=enim,TRUE
+https://accuweather.com/gravida/sem/praesent.png?tempor=nunc&convallis=rhoncus&nulla=dui&neque=vel&libero=sem&convallis=sed&eget=sagittis&eleifend=nam&luctus=congue&ultricies=risus&eu=semper&nibh=porta&quisque=volutpat&id=quam&justo=pede&sit=lobortis&amet=ligula&sapien=sit&dignissim=amet&vestibulum=eleifend&vestibulum=pede&ante=libero&ipsum=quis&primis=orci&in=nullam&faucibus=molestie&orci=nibh&luctus=in&et=lectus&ultrices=pellentesque&posuere=at&cubilia=nulla&curae=suspendisse&nulla=potenti&dapibus=cras&dolor=in&vel=purus&est=eu&donec=magna,TRUE
+https://cisco.com/quisque/erat/eros/viverra/eget/congue.js?mauris=ac&ullamcorper=neque&purus=duis&sit=bibendum&amet=morbi&nulla=non&quisque=quam&arcu=nec&libero=dui&rutrum=luctus&ac=rutrum,TRUE
+https://skype.com/ipsum/aliquam/non/mauris/morbi/non/lectus.xml?primis=in&in=purus&faucibus=eu&orci=magna&luctus=vulputate&et=luctus&ultrices=cum&posuere=sociis&cubilia=natoque&curae=penatibus&mauris=et&viverra=magnis&diam=dis,TRUE
+https://ox.ac.uk/libero/rutrum.xml?adipiscing=aenean&lorem=auctor&vitae=gravida&mattis=sem&nibh=praesent&ligula=id&nec=massa&sem=id&duis=nisl&aliquam=venenatis&convallis=lacinia&nunc=aenean&proin=sit&at=amet&turpis=justo&a=morbi&pede=ut&posuere=odio&nonummy=cras&integer=mi&non=pede&velit=malesuada&donec=in&diam=imperdiet&neque=et&vestibulum=commodo&eget=vulputate&vulputate=justo&ut=in&ultrices=blandit&vel=ultrices&augue=enim&vestibulum=lorem&ante=ipsum&ipsum=dolor&primis=sit&in=amet&faucibus=consectetuer&orci=adipiscing&luctus=elit&et=proin&ultrices=interdum&posuere=mauris&cubilia=non&curae=ligula&donec=pellentesque&pharetra=ultrices&magna=phasellus&vestibulum=id&aliquet=sapien&ultrices=in&erat=sapien&tortor=iaculis&sollicitudin=congue&mi=vivamus&sit=metus,TRUE
+https://friendfeed.com/lacinia/aenean.jsp?posuere=diam&cubilia=erat&curae=fermentum&duis=justo&faucibus=nec&accumsan=condimentum&odio=neque&curabitur=sapien&convallis=placerat&duis=ante&consequat=nulla&dui=justo&nec=aliquam&nisi=quis&volutpat=turpis&eleifend=eget&donec=elit&ut=sodales&dolor=scelerisque&morbi=mauris&vel=sit&lectus=amet&in=eros&quam=suspendisse&fringilla=accumsan&rhoncus=tortor&mauris=quis&enim=turpis&leo=sed&rhoncus=ante&sed=vivamus&vestibulum=tortor&sit=duis&amet=mattis&cursus=egestas&id=metus&turpis=aenean&integer=fermentum&aliquet=donec&massa=ut&id=mauris&lobortis=eget&convallis=massa&tortor=tempor&risus=convallis&dapibus=nulla&augue=neque&vel=libero&accumsan=convallis&tellus=eget&nisi=eleifend&eu=luctus&orci=ultricies&mauris=eu&lacinia=nibh&sapien=quisque&quis=id&libero=justo&nullam=sit&sit=amet&amet=sapien&turpis=dignissim&elementum=vestibulum&ligula=vestibulum&vehicula=ante&consequat=ipsum&morbi=primis&a=in&ipsum=faucibus&integer=orci&a=luctus&nibh=et&in=ultrices&quis=posuere&justo=cubilia&maecenas=curae&rhoncus=nulla&aliquam=dapibus&lacus=dolor&morbi=vel&quis=est&tortor=donec&id=odio&nulla=justo&ultrices=sollicitudin&aliquet=ut&maecenas=suscipit&leo=a&odio=feugiat&condimentum=et&id=eros&luctus=vestibulum&nec=ac&molestie=est&sed=lacinia&justo=nisi&pellentesque=venenatis,TRUE
+https://princeton.edu/aenean/lectus/pellentesque/eget/nunc/donec/quis.js?eget=aliquet&congue=maecenas&eget=leo&semper=odio&rutrum=condimentum&nulla=id&nunc=luctus&purus=nec&phasellus=molestie&in=sed&felis=justo&donec=pellentesque&semper=viverra&sapien=pede&a=ac&libero=diam&nam=cras&dui=pellentesque&proin=volutpat&leo=dui&odio=maecenas&porttitor=tristique&id=est&consequat=et&in=tempus&consequat=semper&ut=est,TRUE
+https://wix.com/mauris/vulputate/elementum/nullam/varius/nulla/facilisi.js?adipiscing=ut&elit=at&proin=dolor&risus=quis&praesent=odio&lectus=consequat&vestibulum=varius&quam=integer&sapien=ac&varius=leo&ut=pellentesque&blandit=ultrices&non=mattis&interdum=odio&in=donec&ante=vitae&vestibulum=nisi&ante=nam&ipsum=ultrices&primis=libero&in=non&faucibus=mattis&orci=pulvinar&luctus=nulla&et=pede&ultrices=ullamcorper&posuere=augue,TRUE
+https://last.fm/lectus.aspx?eget=augue&semper=vel&rutrum=accumsan&nulla=tellus&nunc=nisi&purus=eu&phasellus=orci&in=mauris&felis=lacinia&donec=sapien&semper=quis&sapien=libero&a=nullam&libero=sit&nam=amet&dui=turpis&proin=elementum&leo=ligula&odio=vehicula&porttitor=consequat&id=morbi&consequat=a&in=ipsum&consequat=integer&ut=a&nulla=nibh&sed=in&accumsan=quis,TRUE
+https://cpanel.net/sapien.png?proin=pellentesque&leo=quisque&odio=porta&porttitor=volutpat&id=erat&consequat=quisque&in=erat&consequat=eros&ut=viverra&nulla=eget&sed=congue&accumsan=eget&felis=semper&ut=rutrum&at=nulla&dolor=nunc&quis=purus&odio=phasellus&consequat=in&varius=felis&integer=donec&ac=semper&leo=sapien&pellentesque=a&ultrices=libero&mattis=nam&odio=dui&donec=proin&vitae=leo&nisi=odio&nam=porttitor&ultrices=id&libero=consequat&non=in&mattis=consequat&pulvinar=ut&nulla=nulla&pede=sed&ullamcorper=accumsan&augue=felis&a=ut&suscipit=at&nulla=dolor&elit=quis&ac=odio,TRUE
+http://acquirethisname.com/erat/vestibulum/sed/magna/at.png?bibendum=proin&imperdiet=interdum&nullam=mauris&orci=non&pede=ligula&venenatis=pellentesque&non=ultrices&sodales=phasellus&sed=id&tincidunt=sapien&eu=in&felis=sapien&fusce=iaculis&posuere=congue&felis=vivamus&sed=metus&lacus=arcu&morbi=adipiscing&sem=molestie&mauris=hendrerit&laoreet=at&ut=vulputate&rhoncus=vitae&aliquet=nisl,TRUE
+https://nih.gov/pede/morbi/porttitor.js?cum=proin&sociis=leo&natoque=odio&penatibus=porttitor&et=id&magnis=consequat&dis=in&parturient=consequat&montes=ut&nascetur=nulla&ridiculus=sed&mus=accumsan&vivamus=felis&vestibulum=ut&sagittis=at&sapien=dolor&cum=quis&sociis=odio&natoque=consequat&penatibus=varius&et=integer&magnis=ac&dis=leo&parturient=pellentesque&montes=ultrices&nascetur=mattis&ridiculus=odio&mus=donec&etiam=vitae&vel=nisi&augue=nam&vestibulum=ultrices&rutrum=libero&rutrum=non&neque=mattis&aenean=pulvinar&auctor=nulla&gravida=pede&sem=ullamcorper&praesent=augue,TRUE
+http://shutterfly.com/ac/tellus/semper/interdum/mauris.js?in=id&sapien=ornare&iaculis=imperdiet&congue=sapien&vivamus=urna&metus=pretium&arcu=nisl&adipiscing=ut&molestie=volutpat&hendrerit=sapien&at=arcu&vulputate=sed&vitae=augue&nisl=aliquam&aenean=erat&lectus=volutpat&pellentesque=in&eget=congue&nunc=etiam&donec=justo&quis=etiam&orci=pretium&eget=iaculis&orci=justo&vehicula=in&condimentum=hac&curabitur=habitasse&in=platea&libero=dictumst&ut=etiam&massa=faucibus&volutpat=cursus&convallis=urna&morbi=ut,TRUE
+https://mysql.com/rhoncus/sed/vestibulum/sit/amet/cursus/id.xml?posuere=sapien&cubilia=urna&curae=pretium&mauris=nisl&viverra=ut&diam=volutpat,TRUE
+https://disqus.com/lobortis/vel/dapibus.json?est=vivamus&quam=in&pharetra=felis&magna=eu&ac=sapien&consequat=cursus&metus=vestibulum&sapien=proin&ut=eu&nunc=mi&vestibulum=nulla&ante=ac&ipsum=enim&primis=in&in=tempor&faucibus=turpis&orci=nec&luctus=euismod&et=scelerisque&ultrices=quam&posuere=turpis&cubilia=adipiscing&curae=lorem&mauris=vitae&viverra=mattis&diam=nibh&vitae=ligula&quam=nec&suspendisse=sem&potenti=duis&nullam=aliquam&porttitor=convallis&lacus=nunc&at=proin&turpis=at&donec=turpis&posuere=a&metus=pede&vitae=posuere&ipsum=nonummy&aliquam=integer&non=non&mauris=velit&morbi=donec&non=diam&lectus=neque&aliquam=vestibulum&sit=eget&amet=vulputate&diam=ut&in=ultrices&magna=vel&bibendum=augue&imperdiet=vestibulum&nullam=ante&orci=ipsum&pede=primis&venenatis=in&non=faucibus&sodales=orci&sed=luctus&tincidunt=et&eu=ultrices&felis=posuere&fusce=cubilia&posuere=curae&felis=donec&sed=pharetra&lacus=magna&morbi=vestibulum&sem=aliquet&mauris=ultrices&laoreet=erat&ut=tortor&rhoncus=sollicitudin&aliquet=mi&pulvinar=sit&sed=amet&nisl=lobortis&nunc=sapien&rhoncus=sapien&dui=non&vel=mi&sem=integer&sed=ac&sagittis=neque&nam=duis&congue=bibendum,TRUE
+https://vinaora.com/elit/proin/risus.aspx?ut=a&tellus=odio&nulla=in&ut=hac&erat=habitasse&id=platea&mauris=dictumst&vulputate=maecenas&elementum=ut&nullam=massa&varius=quis&nulla=augue&facilisi=luctus&cras=tincidunt&non=nulla&velit=mollis&nec=molestie&nisi=lorem&vulputate=quisque&nonummy=ut&maecenas=erat&tincidunt=curabitur&lacus=gravida&at=nisi&velit=at&vivamus=nibh&vel=in&nulla=hac&eget=habitasse&eros=platea&elementum=dictumst&pellentesque=aliquam&quisque=augue&porta=quam&volutpat=sollicitudin&erat=vitae&quisque=consectetuer&erat=eget&eros=rutrum&viverra=at&eget=lorem&congue=integer&eget=tincidunt&semper=ante&rutrum=vel&nulla=ipsum&nunc=praesent&purus=blandit&phasellus=lacinia&in=erat&felis=vestibulum&donec=sed&semper=magna&sapien=at&a=nunc&libero=commodo&nam=placerat&dui=praesent&proin=blandit&leo=nam&odio=nulla&porttitor=integer&id=pede&consequat=justo&in=lacinia&consequat=eget&ut=tincidunt&nulla=eget&sed=tempus&accumsan=vel&felis=pede&ut=morbi&at=porttitor&dolor=lorem&quis=id&odio=ligula&consequat=suspendisse&varius=ornare&integer=consequat&ac=lectus&leo=in&pellentesque=est&ultrices=risus&mattis=auctor&odio=sed&donec=tristique&vitae=in&nisi=tempus&nam=sit&ultrices=amet&libero=sem&non=fusce&mattis=consequat&pulvinar=nulla&nulla=nisl&pede=nunc&ullamcorper=nisl&augue=duis&a=bibendum,TRUE
+http://indiegogo.com/ligula/in.jsp?massa=varius&id=ut&lobortis=blandit&convallis=non&tortor=interdum&risus=in&dapibus=ante&augue=vestibulum&vel=ante&accumsan=ipsum&tellus=primis&nisi=in&eu=faucibus&orci=orci&mauris=luctus&lacinia=et&sapien=ultrices&quis=posuere&libero=cubilia&nullam=curae&sit=duis&amet=faucibus&turpis=accumsan&elementum=odio&ligula=curabitur&vehicula=convallis&consequat=duis&morbi=consequat&a=dui&ipsum=nec&integer=nisi&a=volutpat&nibh=eleifend&in=donec&quis=ut&justo=dolor&maecenas=morbi&rhoncus=vel&aliquam=lectus&lacus=in&morbi=quam&quis=fringilla&tortor=rhoncus&id=mauris&nulla=enim&ultrices=leo&aliquet=rhoncus&maecenas=sed&leo=vestibulum&odio=sit&condimentum=amet&id=cursus&luctus=id&nec=turpis&molestie=integer&sed=aliquet&justo=massa&pellentesque=id&viverra=lobortis&pede=convallis&ac=tortor&diam=risus&cras=dapibus&pellentesque=augue&volutpat=vel&dui=accumsan&maecenas=tellus&tristique=nisi&est=eu&et=orci&tempus=mauris&semper=lacinia&est=sapien&quam=quis&pharetra=libero&magna=nullam&ac=sit&consequat=amet&metus=turpis&sapien=elementum&ut=ligula&nunc=vehicula&vestibulum=consequat&ante=morbi&ipsum=a&primis=ipsum&in=integer&faucibus=a&orci=nibh&luctus=in&et=quis&ultrices=justo&posuere=maecenas,TRUE
+http://google.de/lectus/pellentesque/eget/nunc/donec/quis/orci.html?odio=id&in=pretium&hac=iaculis&habitasse=diam&platea=erat&dictumst=fermentum&maecenas=justo&ut=nec&massa=condimentum&quis=neque&augue=sapien&luctus=placerat&tincidunt=ante&nulla=nulla&mollis=justo&molestie=aliquam&lorem=quis&quisque=turpis&ut=eget&erat=elit&curabitur=sodales&gravida=scelerisque&nisi=mauris&at=sit&nibh=amet&in=eros&hac=suspendisse&habitasse=accumsan&platea=tortor&dictumst=quis&aliquam=turpis&augue=sed&quam=ante&sollicitudin=vivamus&vitae=tortor&consectetuer=duis&eget=mattis&rutrum=egestas&at=metus&lorem=aenean&integer=fermentum&tincidunt=donec&ante=ut&vel=mauris&ipsum=eget&praesent=massa&blandit=tempor&lacinia=convallis&erat=nulla&vestibulum=neque&sed=libero&magna=convallis&at=eget&nunc=eleifend&commodo=luctus&placerat=ultricies&praesent=eu&blandit=nibh&nam=quisque&nulla=id&integer=justo&pede=sit&justo=amet&lacinia=sapien&eget=dignissim&tincidunt=vestibulum&eget=vestibulum&tempus=ante&vel=ipsum&pede=primis&morbi=in&porttitor=faucibus&lorem=orci&id=luctus&ligula=et&suspendisse=ultrices&ornare=posuere&consequat=cubilia&lectus=curae&in=nulla&est=dapibus&risus=dolor&auctor=vel&sed=est&tristique=donec&in=odio&tempus=justo&sit=sollicitudin,TRUE
+http://reference.com/auctor/gravida/sem.json?vestibulum=potenti&sit=cras&amet=in&cursus=purus&id=eu&turpis=magna&integer=vulputate&aliquet=luctus&massa=cum&id=sociis&lobortis=natoque&convallis=penatibus&tortor=et&risus=magnis&dapibus=dis&augue=parturient&vel=montes&accumsan=nascetur&tellus=ridiculus&nisi=mus&eu=vivamus&orci=vestibulum&mauris=sagittis&lacinia=sapien&sapien=cum&quis=sociis&libero=natoque&nullam=penatibus&sit=et&amet=magnis&turpis=dis&elementum=parturient&ligula=montes&vehicula=nascetur&consequat=ridiculus&morbi=mus&a=etiam&ipsum=vel&integer=augue&a=vestibulum&nibh=rutrum&in=rutrum&quis=neque&justo=aenean&maecenas=auctor&rhoncus=gravida&aliquam=sem&lacus=praesent&morbi=id&quis=massa&tortor=id&id=nisl&nulla=venenatis&ultrices=lacinia&aliquet=aenean&maecenas=sit&leo=amet&odio=justo&condimentum=morbi&id=ut,TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKoSURBVDjLdVNdSJNRGD4RRJfdJP2ReBH9eGMQGWVXwoggoosIKooMf0jQG2/EJFOstB+VcpvObX6ub7TNWTIW4Wxtc3PR3GTKVAyd4mA6xT6VgbWtp3MOKTL1wAOH95z3eZ73fc8hAEg6XC7XM4vFEunq6vrLwPYsttPdbQGz2ZxhMBj+IG2xmF6vP7IjwX/FMFVLUaC3txdjY2NIpVJIJpMYHR3lMXbG7rC7G444AWVf36o2MzOD7u5uBINBDpPJxGNpjtY5QU9Pj5YCoVCIKzJ4vV5YrVbodDoOtmcx5iaRSGBkZAQsR61W6wlVSkxMTMDv9yMQCHBFpp6+NhwNDQ3B6XTCbrdDpVIlCLUnra2tYWFhAVNTU5iengatD5OTk5uO2H5gYADj4+Ow2Wwcw8PDaG9vl4jRaOQEKysrWF5exuzsLLfr8/k2e8BUy97noVB7Fl+/2eBwOLjbtrY2iTWQE0iShKWlJcRiMUQiEa7KSnO73VyxuDMXTy23cUt5Cv32Pi6gVColQmf7Ox6PY3V1FdFolCeHw2GUi5dRpruAEuEcCtQ5ePzxJoy+FlSYrkPWdAiuQQdaW1vXiSiKNtaQubk5XgYjYb0o1eXiU0AOs/8dT/zga0ZzfwUEbyNKRBnOP9+PV28bPISOaR99HIWCIPxk3Z2fn8fi4iIe0npZ8pu+cjR8KUX95yLUWB6g1loMpasOdzvzcOIJSW4+Sa1Wm6HRaOrpbH95PB7cUZ2G4UczxO+vIQw2QuN5QUkeQeGqRZF4BVnVJHa0kuRs+wsdHR3ZdL7iDUUWrrYcQ35TBi69PIB72ouQO2tQoJMhs5pED1eSMzt+pg3QDssUCoVdLpe7abOuZdftid8X8pFZRSI0+eSuv3E3UMvx41V7cbCSZG2N/wO9JP1FmMH3ngAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGfSURBVDjLpVOxSgNBEJ297B2iiUmToKABCxEVKyGVoJ+QLp1RxE4sRAQL26RVsLHRQouAkMoq/yD5Ads0ErDIQe5udu+c2eTCGU4MuPCYmbvZN292d0QURfCfJZ9eXh9WV5aPpW3bUQigQg0YKFBKQcAgP0AE38eRDcgShp6HX/3PS0mbT5dumyJ/+A5HmQ24337+s6oQAIXFrN28e1yXUjqifHYO9uYHXIgyFGR2JukL83OACoVEreDg6ppYRSosyzKYjhlrO3sgozCETCYD/X7/R1LahmRcLBYhny+ApVQ4kdVut6HRaMx8A0iHbGmtgS7AoFarQaVSgWq1amLHcSb/kqCDMzbAAGSAynxgtFot6Ha70Ol0TMK07GRb3Db6PkiWEVer1+smgeM4kdf0GZgHRAWVGiuIZSUPMFkxLWYFih6WxHELcdVpklgBx0mfLTIBP09mY4LRK0uvGCMm4T2+IgLXdQekIFcqlVKTfyNh6/ueJ3u93s3W7v4J8eYCzUNEw4SjYeIelUbja/KRrlxT1VBzDg68ofsm/jvO35HitdVS/1ysAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKnSURBVDjLdVJNSFRRFP7e+H7MZ06TyjCSDpZCaS93BpX9EUEEhUJkBS0KJDBoES6ibRujIqJcBUW0Khft2qQZtWigEYLBUgxz0BnHqWbUeTPv/3Xue/5k2eXdex73nO873zn3cK7r4tS1J61kX7pADi72uXTQNdjhG3d1O7YJU1+Yevfs5nZygYcf0EOBO5WWBm4+u+CBfQDgkzmgD/kFFSWdSFy+EcvLJwAOKi313JE99WiIKB6YoR0GZNbxs9duqUBFOY/9p69gHQF5Q0prFK8/TSKXK1I2x7t2VlQwSyT5xSI03cCfa7kEcLzIo3l3FE3hrbBteLJZZtumTYQW/Zc0Ey8GRzYiYIEOpucXIQYEaJpGjTI8ELu3UAZeEFEjS56qfwmYXBZIHdZ1HZ3tTb58X52X4OnbrzDLBfyFX1NgEoFtWkQSwPORMejePymwmAIOgijCsPymbkhgkdMwTRjUPzcggRMEIEAvwLFekM/maP+XADAtG5ZmoVgsQZ0ZQ9DIoDFcg2/JNNTqNkCSsTT1Eef2hjEdaUVvb29fIpEYWFNA7EZJQ3J0CG11m3D2wkWoqoodMzMYeh+D5pbh/JkuiAKPdDqNeDx+O5lM1q4rIZccR7O8hI6jJ9F36z5+fU+gLhKBoige6N7dO0il0oBYiRvXr4IIeviVgTGoBHU+iSqaRrbKW06g+CWO7u5uhEIhFAoFZLNZPHg4gB8F2YsJBoPSag/YwHC8jFQ64znzo6+8B+7v74cs+wBWUoADtm22NJZjdnZWWy0BgQDaDx/D5IdBDL8ZRtfxA5D4DmQyGUxMTECSJESjUYTDYRRLGheLxfKpVGqOY+BDlx49JnOZjS+MPCoLn1EXriaQSBMAjOeqYLkidoV+kgLXMXStROAsKer8DdsBr2sFe8jtAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIgSURBVDjLpVPPaxNBFP6SXZuYZWlsQbQhqRFsD1ahVgUPIuhBEDyKAU+ehB49FQTpQbwKggj+Cx6UgigloJQsqJcWCykppJVqTILi2iRms7szO86baVMFD4U8eMyP975vvvdmJiaEwCAWx4A2MIHpOM/+W0MUMekCQtDIpQdgjINzJqOhnDOEYQiTksfGTvWB1BMhoh3XBDQnkt0xiijGsbZW1ARkvt9WAB3UCRrEd0C7rhUlk7ZU4GkCzRwhlUojmz2DbtdFs1lBLndO7odYXV3A1NR1GIaJ9fW3cN0ttc+YjzhjYZ+ZwJub72WgJ8FnsbHhoNP5gXz+gkquVIrykBEQhvNQKpAE1BSqkzbIWq06qlUHnudicvIyLGsE9XoZtn0YExNXsL1dU7l0KB1kRpGnOquJoIKcc5TLb1TS9PQNZDKnsfToFuIrH+DXpPxhG73zl8BTPkySQfI5D1RTZmYKSloQdKTcURXbevEYhxpfcOLmLBL5k/A+LaJcKiJtSAVUm1YQYHn5+T+d7vvLJ7h4ew7J6jtg6QFSw2kcy42jUfoI0/d91dFEwvrr2vbundae+wvJI3ng2t29Fzh/FAc7ASnwZL2vVWfpdQnhy1Gol0ckpO546gC6K69gLczC9xroSoJ2y0DPGkJsP7+xVMjMD9nWvewoM834V7S/M3xuGjzsifux/X5np5Cb+/3z2x2Dx8a5IWoS9fTqInv4B7QMlwnqx2E+AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJdSURBVDjLrVNLaFNBFB0XWYiusnPhwp0bCy6kumkWRVQQFF24kdqKH1QQQcWqq67S1mpaa1sFqeALLmqlbWgLxpY0/5BoXmrSkJT8P9IkbRKbRSC/49whQVERQQcOl5k359xz733DALB/AfuvAsFgsI1DCgQCkt/vl9bW1mZ9Pt+s1+uVVldXJY/HI7nd7rZfBNbX1zs4MR6JRLC5uYmtrS2BfD4vYi6XE8hkMuCicLlccafT2SEEOLmTkxuFQgG5dAIf56dgmBzGXP89vOu7KaAb6IXh1Qg+LU7zO0lks1k4HI6G3W7vJNsykavVqrioOX3oj9AN9qJUKgkRq9UqM25ne3l5GY1GAzUuon8+AO2dCxg/34mRM4cFJrqO4s3dHvEtJDtRLBZFSWaz+SvTarWpjY0NlMtl1Go1ESuVigA5+x142QiHwzCZTGE2Ojo6heYia7z7IMFW4whkl87i8Th48wSZTworKyvDTKVSHWsJ0EU+NoRCIcRiMUSjUdBkKKO08AK3J7pw5ckpdA8ch3ryAQwGw26mVCqPtLITmUjJZBKJREJkpP3rhXH0ve3BvG8Mni96aD5cxznNAbTf2DPEFApFO88g1+t1YZcI6XQaqVRKgIR6Bk9gzstH638qnA4tXYZm6SoJlBlfO0lkZmbGT1ZlWRb1ElpCJx8exKLvJX5cus9jJND8HRnbwbHLaDRO89k2qG4aVesvVN3ah0f6i1DruwVZ/b77u4OfH4fNZttrsVhqfMbggtQo3H92DWeH9uOx/pLITJH2ogd/++r45X6ObbLdjP10/g1HrwhirOEKWgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALVSURBVDjLpVO7T1NRGP/dR18iF+iTQktEkHdDCjHgIGAX40AMMhrkD3AxcWBxMnExTigDPhYJcdFFHHxEo5HBVKlaCk1bFJJiaQuhpbS0ve29x3Ov0jiweZLf+ZKT7/t9v+9xGEII/ufwyjU7O3urUCh4SqWSQZIkplgsavL5vFaxsiwzOp1ONBqNL6ampq4p/hMTE/3UrM/Nze0yMzMzNRzHpd1uNxQ1NEBF8OsbXBk9BfHnI0y/64Bg60Q4HJlMpVJ3abBAoUgf4FpaWgI9PT1Gm82GaDSKeDyOnZ0dNDR14P3SNkL7fejtPwuGYbC1tTXGsqxOr9eD53kmk8kM8TRrqyAICAQCsFqtcLlcoKWAlgKLxYJgMIjFxUWYTCZ4PB4kEgmk02nVJxQKtfOKYzKZhNlsRqmqCXfe5pErM5CpPh2jwbDjJIz7+1R+GIpKJTASicBut6ulssqVy+XgdDqxsCyiSFjoNRRaFhKrwYfNKnQ4JYwNboNIWYiiCNrgikqVgHZbRVZiaW0cBQsN+wccR2Dl/ejuuwgLG1T96MRUqypQWA5ZlUOIDGU1GBag8RgUPsF2YhiC3Y065geq2JTqWyE4VEA7Ci0RUZZp/TKh8giMbBJu7UdUm2shZZ6jsXcSrcIGyqWiWkKFQGH0+/1w18TBlQ9QpG8SxWnNazi7LwEFH7yP53G8Ng8Ll0CbtVQh4JXse3t76nhMqRQGmpvV5lQjBredoLrugGZfp7VR0uxnNI9cx4Xd23jyPasScA6HI722tjYci8U4umXKPjCrK8sYaoqifWAUnOwDKe+ioctMOQ6gPaaDQd+FoPcVWf1Veskc9Zl890eumjsv3qtvM9CsXtpUEUvPgugf7wTD1QCG8/jy8EaSyPK5Iwm802c2XZfnGzl2g2ZP/V37w0NHa2hHYuUbwgs3n/JHfdFyUdT7HoznCZ0GzfIPSMVCsYTU/wbkK6iCy8xjQgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJkSURBVDjLpZNbSJNhHIeli4jAKOhun9KNbUpaURFRREkFVjpNRcssXOKYZ9J0ihnN05zSUpflzMOnW5tuammajUkWpCbbrOxwEzZJw7Rt2pxJh/16/YSBILPo4uE98P8974nXA4DH/7Dq5GQn+5NdxcK8lsK8msIczcKYlv35rwST3ZwxRw8Ljh5qmU4i0VCYbfWC+T5nfE2BQ+fFBOdbqeUdEOyEWZrCRBWFNQX2ehZMGh4mHkkwM3AYlgYKVoUXZpTe+CKnoJcd2uJW0Jbi/c32vg+WF82Yel4Hm+kYbMYYzH1Qoy9v28LrxsT1bgU34nYMWYfvYdqgwcJLFUHN9K1GFWp4/ga3R0hX0huDLp8ercnci0XDXXx/08GwMKIEnbsPJxJPjsbfrt28qiBNSW+KrcpRhhSxMeTogrQ0CI3XTjEs9XVTLQgu3I6z5RntqbR86wpBqkKxTmvukMTK9mPgdwN6bRVoeCdEtTEN0gEBxE94uDOSgcezMoSJdyGiRNic3Fi7wSVIrissTmo6jhaziGEpeHNQgLJn8SjSX0B+dxSy20NRMZQEST8fCXIu4iuzql0CUx7n13SXENd7z6G0n8dQ3HeRGed1RSKrjYt0VRD49UeRqQmGpTcfg5m+P1yCV1d9nVadiBQcwS1DKgnGkFWjkfsgHFe0XNJGEEkYJE/5OF95EDZ9AYaz/ZwuwWhTSo4xx+cnvy4Q0dLdpPDSqoRL/BEu3glTfsAiyRSseIWPaoEnrZf6RJUnvI0sC3SeKd1DLiwAoSX+CCkKIBxwhoi4X2selvuNtwg83f7Gf+EP0qq8jpoy//YAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAK/SURBVBgZBcFLiJVlGADg5/3+/4yOllro1BRZjpmXTAy7rIKCKAQJWrQpAhfRLtokroIiWkRUBEFE7QKpiCjaVBBhdqer3bQyyTE1bzPjeJk55z/f2/PEnY/v3j66ZMEDJWzBQgQIZJBVV+uB6VP5cZyZ2rHn5W19AIitT3+25/VHtqwvJZYljQQgE9KJswO7vp127ND8+d9+2XfpZy9vmwdoSxNrR9pm2a/HNSWCICvDrLouXRgM3b7mYrde1/q6nliUdd3Umy/evHb1WLwye3Jyf4mIizKzGWmKXqENmkITRFAEqvElI7bdPG7tqunRq9bd8+N1tz26NXPRw20SUBBBCpARSlCacPT0BVdf1CiDE1aM7TG+evOl+z951uzJs6+1kEnbEEJGqMOkhLZhJIu/TqXB3BErz79tzfUbnT7whn9+/uPVwSB2tJkk2ihSSkQJgaxkU6iHXXnhHRMbNpg+9Jb3PzxZl82Vnfc9c6RfEhURlAglQokQGXpNaOcnrZh518T69c4ee8+vnx/0Qf+hwX3PHJmCUjsyqUhkJtLg/EkzBz+24O8nTWyYMH/6Q99/9J2Vd7xgOsYToK01ZSZJSjDz334zk3vVbtr86TMWfvmSmam+ZuNTxq7ZZNh9A6AMK8MkK8PK5NFDvti7T3vJVTbfdIula+/30+8Xm1q83eI1d+s1RdfvALS1SzXTEz/0LesfMzb7p8uWX+uryXmv7Z7VxiJ19fPOlSv4qbPr8p7BfAXQdt3QcMj4kp7mq0+cyZ5TR884d7avNzpmYtMGK1atksne452saTDXAWi7+Vq7WrM/FLnlQTVSCgtQk8PSoaOdLKHU0LZRu2HtANrB3PC/xSPN8p039BdnZpFUwNLRFmQy2gsRaq+J2WFX/wVoI/K5ux779N6IuDHlIgBJIiWQYK7W+n1b7AL4H1KjWV696jEzAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKJSURBVDjLnZPfS5NRGMffq/6BIMhuuvRGKLqooItuugiCoi4qiNDoh2RS6BCnkA6mG+3dD0bvHDXB0iTtwm1M4X39sQ0ZqAzJJYGUNWFuMje3vdtSW9u38xxaDOvKA9/3cA7P93Oe9znPEVwul8XpdN4CIBxGwsDAQL3dbp8zm80NhwLQx2Qyafr7+8O9vb3HDgXQ6/VHenp6ZrRa7Vx7e/tR2ltYWDDMz89X/H5/RVGUvcnJSb/b7b7wXwApEAi0tLW1bVksli/BYDDEzD/YACkT8OO7x42xsbG9kZER7T+ASCQiLy8v/1paWtoLhULY3t5GPp/HVlrFuhzEtzOnuJLTCgYHByus6G/+AlZWVsSNjQ1+0vMpLTeqqopEKofG9xXceQcEX3mQcEjIJpM8bnZ2FqIoGjiALYpkymazHFBVJpPBZjKLaCKHXC6HQqHARXCK7evrK7OiXxdYcSoEOGiuKhqNgmUJq9VaIe3s7PAs19bW0NXV9VWYmJgoE7VqqALS6TRkWYbP5wOLQbf52c+nL2/vP7RcRdOLy3grS9BoNBDGx8fz8Xicp0VGSjeVSmFxcRFer5cqj06xFboPTfCtSvgYV2Cdfoyb1gZca70IYXR0dJoqT0YCkNnhcMQ6OjrU5uZmMKl3DZfKnk82eD7bQUOceQDrzCOca6krCcPDw510Et0EAeh3WHvna+/6SvdpTK26UDu8EQlnW45DGBoaOsnuNR8OhxGLxVAsFmGz2cq1gPNPTuyalHswKI3cbJAbeQYMsMsDJEl6zdoUrJnAmgrsXezXAlig/oZYD7Nyn59MM63ZvsgD2GusY42xbjQaS+x+SzqdLnSw51mwkUmltP/MRtr/DeMW8yghqDBkAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJYSURBVDjLY/j//z8DJRhMmJQd+x89/W4IRQbY1x5L8590dzmy5PuIqC4gfvA+PPIyEMfhNqD06H+L9gfG9p33/jr23OMEiX30DTj8yT/oFxCf+hAYfBeIfwPxIyBWwjSg5Mh/tYZHzDr1D34aND7Y9tXOsf2Lg/O/z85uNjCFn908lT56eH985xXwzXvygwYUA4yLD/9Xcm+QlS572JWesP7XVyOL79/MLKci22Rc/6DXvPH+X8um+79t2u7/tOu4/w9ugFHxof8wha+1LP89NHT9iaxZIf/BCpWie7/Vi+/N/25kqvrN2Oz/suiO6QgDig6ADfgtJrX0p6TMb1u/Xd+5Eh9M4k16yCyQdH+HYOK9H6JJd+tgBv7U0j3wXVvvA9wAg8J9/6sNAvT/8gr++8Mn1MYQ8aCFIfzBf6bwB3+Zwx/8Ywu7H44e+j8VVX4hDMjf+/8/I6v/fya2OyghHHCn3GuRw3TvJTZnPJdYnXVbbA436Le49Aa4Afp5u///ZGAJ+c3AIg5T4DXT0stjpuULj1nmD9xmW6x1nWu2z2W+6RenBcbxIHmga6XgBujl7vw/R1TDAabZscNommOn0UeHLsNFDj2GPDBxh37DDrtJ+u8x0oFu9vb/liU6khal2jPNS3UfAem3FmU6Gej+tqjX5rBo0rln1qI9GdWArG3/jTI0/Q0z1N3UAyxdgTQ4NQpreMjCFAqpOoHZRvnqUhpROhmmxRo8cAO0M7f8187Y/F8rYxMQb/yvlbYBiNf/1wTh1HX/NUA4ZS0Ur/mvkbwajOEGUIIBf5BxjDvwFIUAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAINSURBVDjLY/j//z8DPlxYWFgAxA9ANDZ5BiIMeASlH5BswPz58+uampo2kuUCkGYgPg/EQvgsweZk5rlz5zYSoxnDAKBmprq6umONjY1vsmdeamvd9Pzc1N2vv/Zse/k0a/6jZWGT7hWGTLhrEdR7hwOrAfPmzWtob29/XlRc9qdjw8P76fMeTU2c9WBi5LQH7UB6ftS0B9MDe+7k+XfeCvRpu6Xr1XJTEMPP2TMvlkzZ8fhn9JSb+ujO9e+6ZebbcSvMu/Wmm2fzDSv3hmuGsHh+BAptkJ9Llj3e2LDu2SVcfvZqucHm0XhD163+mplLzVVtjHgGar7asO75bXSNRyLkKg748j3c48Tyb6cr86MNnsJNDhVXVDFSWuO6Z/c6Nj//jKI5XK78YrHFz+9be///u7bj/9cVRf9PZ+v+2enMlofhxKKlj89M2PHiP9CvxjCxnS7Md78BNf+f5Pv/f7ng//9tiv9fdzn8B4rfwzAgfuaDjZN2vvrv2XIjByYGcva/s+v+I4P39RL/QeIYBni33GycuOPl/8DeW0vgLnBlfvxlbvL//0BNP8oY/r8D4ocZzP+B4k8wDABGjXf7puf/8xY/euZYcYUNJHY4XKrhZIrq72fliv9fVbL+v5vC+H+vL8ufHa7MVRgGAKNGqHLV0z8Vqx7/ty29FIgISNkKoI33obHwGKQZJA4AVQ2j4x4gIJMAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJsSURBVDjLpZNdSFNhGMf/787Ome8SF7mxvuecJGU6SLuWIGZ0E7WgFRiBdZFE1CDwJoyI6iYvhIqKoqibrsIgwUkUjDCkC7UQ03IW5EfS8muTvec95/SsXE3dXQd+8HLO8/+d5zkPh1mWhf+57LlDNBr9YJqmj/je3t4eKFQcDocHdV0PSClHOzs7ty8TULDCMIzHxMlIJFKwLQpnaSP2reqAgg7iENl1T1ObLLI5IKQFYQKnPDexpRhoPNdjp3A9sSOXs+UOFBwgbhPDvepdnuKz3OZ0c4u7eQI13MUnuRDiE/GQ6F/VAQVLiHpCutQ+xFPvUKfcgM2oRFfyIPpnqiHECUlvP0K4Cgl0IkEPq70OYHdpMWZEMxbSNUjOhjA878nObxLZGu8qAd0US4KqBm8AGnNCwo+UaxrY+AQm03FfCCwJdhUSlBAHvF5vsOvCtwI7sNEIYlu2JltbSDBHdCQSCVnZ2lHLaQu6AQhaaJP7Dpy9PRiaG1ecmYXgT4vpsZC9JRST1/8KyK6RwE8obzPXUKsdh8Mo/y2ZfPkem74MI3TmoubwV2FxIKYOxruvdO9VU7Y8gUr4CfZnC2cxo3+kzoDFVzFU1B9G0efXYI+Owjn6DGW+UsVi1vn8EWaJp8TplVsoSY6haL0f2B/99w9c2gDFZGX5IwQpfIwo2+P2WRrj0PlmpIqnkXE7WLrvBdY8b0ZmcRJpqp+fU2AoGM8XUFa/p2nag1jL1LLvL9hOrOuJw1fKYVdUzE9LjE0xw4J1i+V+52AwOESCcmJgZGSkbuUS30S2tnydmLjssUP9YVhyrYbWhpi8+gtmOYLutSnwxAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAH2SURBVDjLnZO9a1RBEMB/++5d1LxgPjQYkpxdLEVItFEU0mgay/wDCtfpvyBpIgommCoHqSy0s5Jgo2kEjRa2R/CrM0HzJd7lvZndsXiX8+VDFIddZncZfjOzM+PMjHq9biEEQgh47/Heo6ptXdwi0taTk5MuBvDeMzg4zOb2NphBvsAMA8ysfcaM3t4eFhefAdAGbG5tcevhK/5F7lfPk2XZb4CqtlzCcOU0XZ0dVPoTjh6J2RFDNCAevMHr5fdYMNI0BSACEJE8TMA5R2NH+bq5QyP1mIF6I9NAqrmNGXsjEBHCbnzO4ZzjR0MJltKTlInjElEwrAUIFg4CLOQIV4A0M08mgaSzg1IpInK5DwuHACik4JzLIYA5RyP1uMjydyDsTyHLMqJSBMCXz5/+WoVSXDoI6CjH3L15Du+NcrnM2uoqSddxzIyNjW8MnBqg2Wy2fj4cADxYWnp5pdBlfSLyYmho6IaqsrKysqCq4yKyXujKpwBut3xFmZmZua2q1y9eujze3d3Lk8ePmqp6Z3p6+t5+2z2Aubm5fhFZGxk5Q9+Jk3h1iCpJcoyPH+osL7/5OTs721UExMVLmqZjlUqFiYlrqCpmhpkRRRFjo2dZX/+eVKvVq/Pz888PjQBgamrqnYiM7p/C1mS+rdVqF/6Ywv/IL/azYiamBPboAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAADqSURBVDjLY/j//z8DJZiBKgbkzH9cMHXX6wcgmiwDQJq3nv/4H0SD+OXl5dlA/L+kpOR/QUHB/+zs7P+pqan/ExIS/kdGRv4PDg7+T10XDHwgpsx8VNC56eWDkJ675Hmhbf3zB0uPvP1fuvQpOBDj4uKyIyIi/gcGBv738vL67+zs/N/Gxua/iYnJf11d3f9qamqogRjQcaugZPHjB66V14ZqINrmXyqIn3bvgXXeJfK8ANLcv+3lfxAN4hsZGWVra2v/V1FR+S8nJ/dfXFz8v5CQ0H8eHp7/7Ozs/5mZmVEDEWQzRS6gBAMAYBDQP57x26IAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAH/SURBVDjLjZLNS5RxEMc/8zyPz25vLFkEUodfhpBFGpQhXSoivFl/Qp46RJeC7OQpSAJZglow6BDsKRCCoEMdKgwTUShfLtZidFhpsyV7xM1dfjPdZLXQndt8GT4z850RM6ORyOVyliQJ/f39Uq8HNBiqysTExD96VJ8MDw8Pmdl5EWkB9gNNIoKq4pwjiqKtAdVq9WZPTw+pVGq92HuP9x5VJQzDrQGqSiaT4czIXnZESkUFMPbENZ52f99+giiK8N4joXH7nBAFhgBD0xG/q7o9IAgCarUaEhhxCJgRABIaGI1NoKpICAOjYAIigICZ3x4QhiGqyrOOWVR13TzvPZkw0zhgJMmTSqU4/PkYra2t7HvwhMmr3UjbEteyVyxZXU5+rZTvv7z36a7Uf2I+n7euri7K5fJ6ZzNjpviBctM8p9pPc6i5jTdzzxmfHeXrl6Wh4H8eFAoFVJWFhQXMjMlvbzl5tBMfeDpbLuGlRveJswDXg80rmBnOOQCcc6gqP5MSTbKb3vYbANy6+JgjBzoA0sHmM6oqi4uLxHFMqVQinU6znJSZK44x+LoPgMFXfRRK0wB/NgBEZKVSqeCcIwgCnHPEccyF45cZnx4jJuLFTI5YIt5/fAfwaIOJ2Wx2YGpqqndtbQ0RqQeztGv+4OrOH82GxkAC5MYfFu/8BdnT67i+1n1kAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKrSURBVDjLpZNrSJMBFIY/u40wW5sNkS7LiaCJgakF3tDUMZ2aYZE4M6c0p2KiGLl0ec+cqLPErTTnbW1zltHwkgqSaYo6zRKjX0IZlJEg6Uwne/vcjyhKDfrxwOHA+3AOh0MAIP6HPxrJHgfF5Rz6kpR7ABIOFeIztGWeG6PonwSJbvTrNeE0U20UHfdI7kbSUBJCRbrvfhP3hHX+tgIZlwoFGZSQoRLuBjQUhzJwzZ+OGDfq4raCEt996JblYK5LgpG6dFz1YyAj0BYpQSwIvGhrTVlhlC0FtbHMryuf3mFxSIaPvRWY0uRitqMUC7N6qIT2i68bkvdsKbjDOz64MPoQ8+NaGF6pSNTmekGvwv14l/EtV7DhKnc7eCc3qVLd8X28DivT7WYMk0o8znSH8IHn6hWFK/4qYISoKNaclqTDnD5Mv1+CJjsc6uwwMxv1i5lvuCT3Rr4uGhfljr9JCOtgjYUVWxPHDB3EzJwBLXNAxjSQpvRBarMnEhtPgV9/EjntF9A6VoVM7VkEVdoYfcpoFmaBc2R9ROB5CbQj65BPAanDJgj7TUhpPo0nEzV4pK82B9VjUkj7MtE4LIFQyYZHCcXoUmhhQUzkOK7P67JQXa9DXBeQ0Anwn5qQQO67Ea7oSUNpdwqKOwXI0/FR0JEI+UAhYhq84ZBLrBJTYifTQk8BogQKFPUug9cGRKtN4NU6QTMqhXKkHI0vJagfuk1KkiEbKIBAyYGdmHh7SETsJd40pYr0Igcjn3/L6BHXD/4zE+JJzsnsEVx1BAGVNvAqoyFW4Yma53mIb2bDNd/ys62IoPy8wqw6yermjSLrYxE6OdOv4QMrqHWZxW5bYwVq1+z8VQamj2LeOc9y7XJjAFg5OybJ8J5Nv3EzyJG/HM3eCYaI2PVr/we4bY/dzdCujgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKqSURBVDjLfVNdSBRRFP7mZ2dz3dwfx3VZTVuRiizMwBAiJCixh34gEwLfiqCXegl66D2kB1mJygcjevO1FGKFUhMKI5fZNFYlV31wN7F2nZVk52dnuveuKxjaHc49d2bu953v3HMuZ9s2/jdisdgr0zR7DMMQiQfxzHRdp36I248gHo97CGDQ6/V2OZ0uaAQEywLbTTA+nxfR6DuIe4EVRemkYFmWa8rLy7G0vAoa3bJsWLZFiGwUCJmmaRATiYRWKBQkYmxTSSb12Wz2X8nIZLKEyMLFjkvsm0jBtbV12NhQWXSbPjZVaTOjLyQm/D4Pht++QdOJFhad/mMKKCsFPxyMkW0cOI7MxYl5apu5HJ7caYWPn0coNQrBfRJ/Pk9AthrATpZGpRt9/krwPA+OGL9tdE0JxM33aKsDyuQeeMIt2Fg6CjX6uqiAnAkh4CEIwi6Ckj8dmIXf5YA7eBaZxQQkTsfBiiA8laEiAS0Px3MQRHE3mKg6XKbgZhsHb/gCtPQQJBeHFWUOhilgJOmGSE+SHghNgScKwgEXy5+OKnxFZ2MCnsYryK8OgJdMONz1EPNJ5I/dQ3Z2tEjAb+dJbXGh2AuNkoLu6yDgawT8ArzDhJ4LY+3jNJKV3Qi4a4plpJPDIaL31ilWHsMwkVsZQ3WZhUDTZeg/ByFINvJqPdITX/AjeBuGUMFU0/RFUsu+8fEP7aVGsdem6tvPhGTDrkF65il8AQn5zCGkJmOYdV3FkYbjTGGwuoo126670N/ffz+kDUdu3H2J+aEHSC1/grOuGVtrqjG11ez4pTl3upQaacK5nbsQiUSqSBkjC8l16N9HEG4+B3X9N5LTCdsvV7Q+6n0e3+ve8KUFSSGjqur0t7kU+gaeYXIsihXODeXA+ZmOx/H4ftf9L53Qf7mz5LNnAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJrSURBVDjLjZNdSFNxHIZPnfS+usiborU2JaKIPvAmig0kkYSCCpHKsTnDolLXnBFJBQV9YC2VtDRThKiYzA9coW6abWSTwRixYqPtIqHTWGM7+3Bfb+d/ZEeHXjh4Lt/395x3/CkAlMPhODHzSIUpXTk+KUpAUdSRdbKThPfZ7XZ2zjaLeds0TBeLkU6n1wVfotPpCo1GY83HB3X40l0H04VixOPxPKLRKFiWFQiHw0ilUksF+QYWjFdLVxXkSnJEIhEkk8l8g/F7dZjtUmO8SopEIsFzc9AP3YAfzRzafh+0fT5oOIiFUCAYWJcMxs5Ksbi4yEPCAxYG/RxvzAz6phg09P7iC4hVnsHYXTU+d9Zi9IyEbyesvNrEBRtfeXDtpYffIBaLZdY0GD4t4QciBblPIZCL5NtJOBQKIRgMslzBwWWD1lrMtKswfGq3EG567UNDjxdXuz243PUT9S9+oP65CwzDIBAIrLGB1QJjpZgvIBvkLnO68Bv0sCn2YEJeAHPVDljbroOm6VLBYOSWCtN6JYYqxMKIBBL2vnsKp/Yo4mNPkP1uQvRtI75d2Y9nh+jHeQZ2zsBQvksYkRiQxS3VYsS4MPQngebNwH0R/j48jhEZ/XvZoEUJc5sChrLlAnKdDEe0s/MGrPz9ay3ChGxTdpXBB7kImUyG/ydyBuZz28H2KAEulNBSCHL4L9EYldMMb6DRaESDFXsxdP4w3stE8Hg8cLvdcLlccDqdmGu/ga/qEiw0i8C0FMCr2oDJykJ0lG7spMhzJtRIthy7faDojlK6VbXW0+0t29YxIqcXiDZ3+Q8f5p7zf7M8wtRUBE6BAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJuSURBVDjLjZDLa1x1GIafc8uZqUlMMmmsLV7SC2hLCoJQ6tou3Lj0T+jGtQjusnLlP1Bw01UJgrqUoAiC2aixDUQl2oC9TjuZSWbOOTPn/L6La5MRfOHbvTy8zxe5O8fT3Hv9opt/784ZN0vcqN18F2P9hesPv/5X2d1P3Hj71VF4ctu92nEvttyPNj10b/vwh7N/Hu+mTImrzaYLb8PkMcgAwoA4n8PELhzvTgWYgtUPicIh+AQd70Mdo3JS9z8WODr8mdD9BqsLrDoi61zDBP7nAiPOz5HNv4nXT7HsFOaGip0E1Nuvzbv5rpudcSNx9TryCBn9hvR38EmBViPa569OVzC1T9KVj85lL70PPgEt81D+RfXHOu3ld/DWU5J8AC5oYBrAP05X3gMZgg5BC9L2CqE8IIl38fEILUdk0QoapiioAFbiUoA3WP0cmjEixsyLF/HWMzTvk8wuoNOeaGJouYce/oI1Xbx+QDJ/Hm2cuv87XpVEzQAvH3F6Keboq2VXpVaxXVPWUw1OlHVI2qvE2SKedXAfIMHJFy9hrS5N7znt618Qp7PABA/DfHJ0963ed59+FqsYURwj1R4yvIcMfyWdvYI0Tih7NAfP0EaJ82UIAxg/Ipo8obVwiabxC7EGNsa9bbK5y6Rzl8mWrlEd3CfJl9BTZ2m98S6Wv0z14A7uExxB5JDR/gZN7RupBNuq+3c/iE9fIckSwrig6O9RHfa+LX/8csHF12Zmom5n7qdXoCBOHSkfU3T/JtS+Fd2/01k14aap3VBlzYQdU9805dbVDwf7APufL66K+E0NfkOFNRXfUWPThFv/APJzrlrFns7aAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGfSURBVDjLpVOxSgNBEJ297B2iiUmToKABCxEVKyGVoJ+QLp1RxE4sRAQL26RVsLHRQouAkMoq/yD5Ads0ErDIQe5udu+c2eTCGU4MuPCYmbvZN292d0QURfCfJZ9eXh9WV5aPpW3bUQigQg0YKFBKQcAgP0AE38eRDcgShp6HX/3PS0mbT5dumyJ/+A5HmQ24337+s6oQAIXFrN28e1yXUjqifHYO9uYHXIgyFGR2JukL83OACoVEreDg6ppYRSosyzKYjhlrO3sgozCETCYD/X7/R1LahmRcLBYhny+ApVQ4kdVut6HRaMx8A0iHbGmtgS7AoFarQaVSgWq1amLHcSb/kqCDMzbAAGSAynxgtFot6Ha70Ol0TMK07GRb3Db6PkiWEVer1+smgeM4kdf0GZgHRAWVGiuIZSUPMFkxLWYFih6WxHELcdVpklgBx0mfLTIBP09mY4LRK0uvGCMm4T2+IgLXdQekIFcqlVKTfyNh6/ueJ3u93s3W7v4J8eYCzUNEw4SjYeIelUbja/KRrlxT1VBzDg68ofsm/jvO35HitdVS/1ysAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJrSURBVDjLpZPPS1RRHMU/982bGUcZLemHkAougmhhIhgqtUqKgggXtWnt0mUg4V9gKNGmwKJFbYMwoxDaRAsXLrQyUlMricSycmbee/e9++79tvBHZNGmLxwOnMXhcDhfJSL8z/m7hcHBwSHgyraxiOzAGMPw8LDq7+8XrTWjo6NK7U4wMDAgvb29LCwsUKlUGBsb4+HNyyRLd7h0rYrm5mbq6+uJoojl5eV3fySoqalhZmaGtrY2amtr6e7u5tmbT0xOnqSvr40gCFhZWSGfzxMEQbM//7hjuqr26FGlPACKxWO0trby6EM9T997QI6TDY20Hz7MxMQEXV1dzM3N0djYiDEm5yvxjjSduJtVSoFA/tUtCoUCTxY9SioPHjz/Ch0NGUqlElproigijmPSNMUnFY1L8vHqTWySIQwN5XIZkRrEA5VRiKdYW1sjDMO/GBjliUuwSQ5xwvr6OqsLk1yrm6ZJ5n/r51wPwH3OnoGR14cQEXyUVLk0Ivi8RrA0xam6iJZMNbnz1/EzWUwSo7UmSRKy2Sz56j0k4xcJwxBjDD7Gwy8cYH/nVfZ3Og5GEVU5w/iDEcTGAGgdYFONtZrs3gu0A1NTUwDjPkZErMaFLxG7gRe+JRHD6RP7EKdRSnDGIdYi1lBo6WHx9g1mZ2fV5hJjRFyKM1+QdAOUj9gKSAoSI+IhNsClZcSWQaldU05EFBZJvyHpj03YDSTd2OIyYkuIDRCncfFHAL1jIIn7nobr1aaSK+KKnkgWXBFk31YHCeJtsvIsVmuRxMW/DHQ8tHSr9zhCD4riP19PAPUiwcm9bUn97zv/BLX9cx0txHrHAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHMSURBVDjL3VK9S0JxFBWChvoHinap4UG6RIsihYMfiTboUFGhPVIbxAJFG5TEKM1U1CWENjEUigiyHBRnicrCwaIlXPqggldRnd6VkNqMti4cfvede875Xd57AgCCv0DwjwIkEkmn2Wxe8Pl8t8lkEm63+8pqtQ7w6OL7GnE0Iw1pfwSIxeJ2lUq1Eg6HUa/XUavVUCgU4PF4LlwuV7FarT4TVyqVQBrSkqcZIBKJRux2+32lUrk1GAx7SqXyzWQyIRKJwOl0gnriaJZKpa5IS57vG6x4vV4uGo2yGo2mQyqVPubzeZTLZRSLRWQyGRBHM9KQljzNAIZhZlmWvYvH4/M6nW5fJpO9yuVyaLXaBqgnjmakIS15mgF9fKnV6vNgMHiXTqdvstksEokEbDYbHA5How9t+mCLjX3MrGlg8Mreh+eYcDNAKBS28Sv2KxSKS6PR+GSxWDgeL3q9foLH0OzixItnawq7pzEcXecQOjBDH2IwYOkOtPStx/3D3PbJOrbPIqAKHJoQOmQpgGspQOUSYe90A99r5zhGAa39bYPWHm41Nw1/brJh9u9P/m4DXrg0GuhFMGds3EwnPbf8Dr5Clnk80Npf5zLxn1E7ljyteCJyAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHMSURBVDjLlZLBSyJhGMa/UxTUIWJ0ZVmlwxLLEiEhurCoKeqCOtZN7J4ZRZdd9rSG6NFbSOegDp5aqWWI3UGm6KBUxsq2LLj+CzV9jDOH8NlvJtqLjuXhBy/z8Xvel4chAMhTKGfOMeVsbqXf2wBp3s5Yf5hno8rp24YxS9PTVHq18mTAgzj3k4mCIs0cqZeLUCTHJ1q13VKRSz0v4PRNVr1KQfu9Aa31BZ2LKKg42aHfJ8ZNA9i5L9hWUZFeQ73kof3N42SPR6OyjFZ1FZ36AuQfo5CPyc7gDiRHttNYwsl+Apqmodvt4uJrCur1GmSB/GI4TAOo9JKjVasQi8VQr9ehqiqazSaqu1Fofz5C/kYow9M3gJVkp+JUJZFIIJ1Oo1gsolwu42hngcmfdfmecS4fki3TC3ieN2SPx4NAIIB4PA7lPIo70YY7YQJyhdhNS3yU3W43/H4/LBaLvnWbbbxnvGNyQz4gmb4ByWQShULBkH0+HziOg/6die+ZKOjzzQEZYXzoCYhEIsjn8z3yI0wKmf7KwWAQuVwOLpcLXq+3Rx4EyWQyaLfbcDqdCIVCQ8n/A2q1GkqlklHYMLIREA6HN/WzrVbr0LLOP1AMs7UPAa92AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJpSURBVDjLpVNLbxJRFO4P8BfwO2Dp0g07q42iGxM3JmxMXDR15aRWjdYqZMYSxbRpbaCSoEnVNjW2Ip2CNE2BUsrwELBAoTCMMDAwQDnOucCIj52TfJnk5nyPc+65IwAwMoxzs6BRoFOgV2DoQ98/0/xZP0w8o0B7+03F6Nw+Yrz+GLt/cMgHQ2F+azfCvnYlmXFH2Yg1WPubQJ981u7OUcHDBJcvVUCUWtA+7RJU6zJkC2Xw7Ia4ufUEhbUDkYGAFsmhyDex0WwDfpLcgbLYAl5BrdkhZ6Ikw5YvIFpXoyiiJQLYF8ZG5wG5WJGh8EOGo1IDStUW5IQmZMtNVWR908PdXMpjOxoU0DnZ7wzGHiZHs3W4/GgHLtx1qWII/CLJY6AdXga5KKD37EVZ7Bmj5gUZkgWJEEcnXTB236v8P5PzdLEBlXobTgQJ5pffschFAUNg/4DHYWFcLLw4xRIyEhFj97ZhlNogbWAKuX0KS7ZlHrlEwB8MEQGMj0UZvqFGRldMlMj30EvRgvmFV6qA/stOmBXEJlSlNiERZ8URcf7OJ4JLD30QP66Tm4llBKCtNrUFnW0jzqSzJeh2gThcmfHD1ScBMDzeU/94hoNtdbqw+TUMlOWDOkTNLXvRuOH2cXylN+VBXHSM5eqEGMnWiEFccTc/X+SuW2K9axwsEv02SK18dIv5cq9QqLVJmtSJRJYJnWOZMpisdnGCXv21SMOrPG3zUYuOFc4biEM6XyEzwZ7DKR7W3EGYpue4cfP7v1d5+DHdeJkyTr5YY2ZmF1j6mYV/amb4ByYrO2FyMteYyL8f0/8855/NvQk/FX0nyAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGaSURBVBgZpcG9alRRGIXh99vnKIGgrbaCl5BOC2/BJgi2NmIlFoK9oI1CIJ39kInxhxReh1VKCZmfQkiVTOLs863l7GAau5DnCdtcRzx+ufPi4aON98cLr9uAhCVSiWVk4Uxk40xS4vbNenpwMH395cPmdr/xYGPrxtp6ubPGVayfLnIL2O4X1WVxfMJVnVUXVnqnefv0Plf17N0hTW+LZjkkBiyTAmEkkxI5mBxMWizT3Lt7i1TS9Ng0UYKwcQkcJhSUEkQUIpLoTKdCP5hGQ9L0qaQpgCMgoDMoQDKdoURHH5BhsohGKZpimdFoxGQyYXdnh9nREXvjMbPphO97u8ynE/a/7jKbT/ix/5nf8zmj0QgpufDq0083g+RB8iC5Zrpmepnp80z/qdVny+rFsvrkvLp58uabV+iHWrkQQQC2iQjMik1hpRQ6IG1KmGaoA03vFE0HmJUIsGkigksCuggs0Vii6SVxKYBgJYL/dfzTdTSyafrpr8Px8491U5koRWYiiawVScjGSpxGFpaQaMashG2uo3BNfwFx+DLsFQ4W2wAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFxSURBVDjLpZO/S1ZRGMc/5/aqIFhYKCKBOGTttYT1JziJsw26uQit/gHOOgQR7tHi0tjmWIGDPyIoGgQd1BCqe+8532/Dfd/7evEtFR84nOE853O+z/c5T7DNTaIF8GL98zIwATwDHoONCchkWSALIAklTvta/vrw/u0nyLycfRSwzfzap9e+Zqy+3bHtSgHwHODN1nEt7X+FLUzfZe/HaV6XgDzWOXwwOgBACL0v7x/mAPz+U/bXANuDnVe/HOVXMs8phS5AbnWkXTWUxHlAAFh6v4iUkM2rmQ2+HfzseXly/A5WAiCrABWtKApGxu5R5GWdPDTY31h1CbEBqDwviwhAnheNF8tkytTsixS7gFArKNug8nITY3HOg3bXY4ztPTWS+25d7KkduwBFGQgpJrY/7mGrTjz7VfRWoGqIWgBJ+g5MvlvYvOD2P0uwT7o/MWlzbuXDlO2nSMNSBAsrYUVwwhLV5NqgM8h2AcJNx/kvz3X5EBChVawAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAACmSURBVCjPvdCxDYQwDAVQSxQ0NFRUl4ouHVV0TapIiIYCKRnEE2QCNrgJ/iIs4jW4KOR0qSiRK+s/2U7opPuiR4CPHh5bOGkJDhYmnqTnca8meNlwtSmWFL9HKKnAJmsBBlMOFA81WGU5HFs2PB06BwP3NVjElQkaYw567mrgxBbw291xWwMrpgCFa3fLzR/YmE6DTs9UYUCPLrah+RBop9dTX31fX9NT9CS3ZDF4AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAD9SURBVDjLY/j//z8DJRiFEzLlgS7ZBgA1C3XtePUFRJNlQOW655dmHXz7H0SD+OXl5f9LSkr+FxQU/M/Ozv6fmpr6PyEh4X9kZOT/4ODgbKxemLD79X+KwqBvxyvKDGjb8hJuQHp6+v/ExMT/0dHR/0NCQv77+vr+d3Nz+4/XgNo1zyhzQfLch88oMiBq6j24Af7+/v89PDz+Ozo6/reysvpvZGT0X1tb+7+Kisp/OTm5lVgNSJr5gDIvRE+9R74Bng03rmXNf/jfo+HGVRDfxMTkv66u7n81NbX/8vLy/yUlJf8LCwvjjgX18NOartXXToNosr1AqmYMA8jBAE8T0gwxA4F9AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFUSURBVDjLrZM/SAJxGIZdWwuDlnCplkAEm1zkaIiGFFpyMIwGK5KGoK2lphDKkMDg3LLUSIJsSKhIi+684CokOtTiMizCGuzEU5K3vOEgKvtBDe/2Pc8H3x8NAM1fQlx4H9M3pcOWp6TXWmM8A7j0629v1nraiAVC0IrrwATKIgs5xyG5QiE+Z4iQdoeU2oAsnqCSO1NSTu+D9VhqRLD8nIB8F0Q2MgmJDyipCzjvYJkIfpN2UBLG8MpP4dxvQ3ZzGuyyBQ2H+AnOOCBd9aL6soh81A5hyYSGWyCFvxUcerqI4S+CvYVOFPMHxLAq8I3qdHVY5LbBhJzEsCrwutpRFBlUHy6wO2tEYtWAzLELPN2P03kjfj3luqDycV2F8AgefWbEnVqEHa2IznSD6BdsVDNStB0lfh0FPoQjdx8RrAqGzC0YprSgxzsUMOY2bf37N/6Ud1Vc9yYcH50CAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHtSURBVDjLpVPJqiJBEHwf1f/UH+DydBTtLxBRUAS9eFH04MGTINIHUQQRt3I5eHBfW20XFBVzKgq75TGPNwxTEFSTXREZmVn1QUQf/4M/Av1+X+r1ekq321U7nY7GGNNarZbabDaVer0u/SjAyTIns/V6TefzmR6Ph8DpdKLFYkG1Wo1Vq1X5W4EXWb9er4SF/XA4kK7rdLlcRAyilUpFL5fL8heBl21mkHe7HW23W1ouV7Tf72mz2RBcGSKqqrJCoSCZArxexThgkEejMbndbrLb7S+xpQDWYDCgbDarmAK8WSqUYVXTNJrNZoJos9nJ6fzFd5uIow/oBwTT6bRqCrTbbQ3Ngl0c/Px0CDKIgMPhJKvVKsqAi9vtRolEQjMF+JiEAOzj0Gq1Mi0jKxxNp1MBw0U8Hn8LNBoNFR1HGSAhKzICFotFwOVy0WQyEZMZDocUi8XeJfD5Kvj5fD5FBq/XS4qikMfjMXfERqMR3e93KpVKFIlE3k3kc5WKxSJDD7AMuxAdj8eCiKxIgG9OZhzSl4uUz+flXC6nY+Y4eDwehZv5fC4uEzJDhBP1YDAof3uVM5mMnEqlGC9JNA49Qc2YO788xInM7/fLPz6mZDIpRaNRJRwOq6FQSAsEAhonqT6fT+Hf0l9f47/iN5+1McdPrPQwAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFUSURBVDjLY/j//z8DJZhh1ADiDXBvPvjftWHff6ea3f/tK3b8sS7ekkaSAS51e/8fuv7+//6r7/4vPvDov1nu+rckGeBQufP/nsvv/l989v//o3f//xulr/pPkgFAJ/8/def9/6WHHv+/D7RbN3EpxIDr8ws3XJ6d8//ctNT/JybE/D/UFfx/V5Pn/83V9v/XlJj8X5Kj9X9emiLIyf+P3nj7f/aeh//3X3n9XyN6AcQAkOZn51fD8aOTC//f3T/5/82trf+vrq+BY5CTD1x583/vpdf/d1189V8lbA7EgHhf2/+x3lb/oz3N/0e6mfwPczH4H+Kk+z/IXvN/gK3afz9r5f8+lor/tayD/mtaBf7XsAj4r27u/1/NzA8RBpqamvdSUlL+5+Tk/Aeyv+Xn5/+PiYkBsfcihwNMHbIcTMIGiI+BBIE4ComtjmaADbrcwCdlAI+lwaKCJjy7AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJQSURBVDjLpVNNaBNBFH6RTVNimmQtpg1EpCFVXONPTD1UViQeoihIPXgXURTFXjyKiAh6EkFEFCweCiKIh4IWWqihULC2aRpqC62bSlqRQjZ6CEm6OzOb9c3UBoM5CB34eMMw3/e+x3vPYds2bOVIF59NxC3LgsGbJ2b4w/kH7+OMUqACBCjZiJ+eXp1pJuC4/XraNvFTaiJ9rYZueo8oz8G2gDEGXIjH+eU1cLW6elDsy/SLG6RBwDAMeySzAgNji2uccCW5P3jmaLghS/zyE/B4PFBdr+7u6h0dIAY5O9z/UQhJmUwGEtEodO2Qgm1tXtjVIUM2mwVeVrlcBlVVgRATS2kBYpqAZNVcJwvI7RYOCoWCres65PN5UBQFAoEA3J27JTJbDEuhDMkMyRTJFFqICwUpLGlf56YeZg9JmqaBz+eDUqkEJmbYPMfaj4NVQ4Eaq4Oiq5/VXxgZuqscVK7v+bwtEokIwt/t5JmphRktsgFGwBQwEFgGB+8SYVTK5XLg9XrrZC7EbadWxuq2sW4wETzu9HeCXtBBW1zOai+/qVI4HIZisSiImy7uHX4k2sfLCoVC0J7oxzK9sD042ZdvTb/BzKtIjokuyLIMbrcb/H6/gCRJ4HQ6GwTFTCC+L+ydDR34MY4Oz9UnMXbpsZi2PnWfIAwOT4op5ATrD5G3lJfF75j5dMMo98Si4vJufEp8OpVMNJ35oaEPQvCfXUjPzgsHnR0BkWlkNNXUQQ3RbPEc/LH7wv1XlUr5JB9ln19e0t7eSf7vNjq2us6/ATm4jnKH3lxFAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKRSURBVDjLpZNrSNNRGIeVuaSLrW2NCozlSsrCvqifKrG1vyznRDLQMi9TsamsUCzvSWJKC0Ms0/I2hratmVbi3bLIysRZlgh9qFGuCKOF5KaonV9n+yAGokIHHs7hhd/zvofDcQHg8j8sW0wN2FpQJuVNl8u2QC3loEDMtUX7CYrXJDjrx8u6FcYlNVE83KbciOCiNISD9MDNRHaQf3lVQZWMgwYaVNNQqcwBF1dCBbhwlIczfpypVQWlgZvQVZUPS6cag7XpOBckQIZkB9IYEZIPcee02XL3FQU1scKfM98/YOpFFb72XseooRDm9quwmk3QKXdPvdOkrltRUBG9f8A6dBeTw0bY3+ooeufZatLhToLv8IpX2CZrYnsfTtXqVP6YHa7FzFirE/ubJrRk+sM3UHlfwNSsX1YgCNG586WNKZ7SPox9mYYhLwz6PLkTx/n5+G94Bj8BT1x3ni+u3vCPgH/c4OoRbIgXhg5g3GJHowXIGANSXgOJT4G4DkBTXolnMT7oFbPxgNlo7WDYuYuCAxH14ZKTahgHF1A9CqheESj7CZK6CWIfElwrqsRI5hHMtJeBjHfBps/AUJrvn55jbiqnYCR/38JkWzZu1rchvpN2pR0VjwhimglONREYw/fATsOokANZXKDECz/UQeiWsD45BaMFPsTaU4So5AYU99oQ3Qyc1hNEagkiagn66NjE1IKl61fhdlp3I07Be60qx5TjPa9QlMwHxPdDQUdPWELrCSGm6xIBGpq96AIr5bOShW6GZVl8BbM+xeNSbjF/V3hbtTBIMyFi7tlEwc1zIolxLjM0bv5l4l58y/LCZA4bH5Nc8VjuttDFsHLX/G0HIndm045mx9h0n3CEHfW/dpehdpL0UXsAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAInSURBVDjLpZPLS1RhFMB/M/eOr0YzH2mjghPjwoWGInWTMDCkmVZB/QPVrty1GXAVtHATLRIXtWgRBGGB2iKxIEgbopJhTMse9Jrpjoz4zuudx/d9LWxGh1oIHjicc+B8v/PgOw6lFHsRJ3uUPQP0eDweBM4DSClRSiGlzFMhxD/2r95zmKaZqaqq0gB27iPr/89m/UgkInSllOZyubg5JUhZ6yx/fIFKb+Csbuagt4Uz7i/4fD6C4ytYdgprM4Vlp3lw0YcQQtN3Vm2fu0XGfMOPaJTvCxaqbxqAdDrNtZPFSFmYGwtACIGeDQDSNW10tdbRXaDz8u0MEU3LJU5MTOQtz+/3bwGEEFuPM5LXCQ+6voy7rIyp1DGWlmxwbwEMw8hVz3ad18FK9BPV3sM80ttZ+pmiqKKA2o1fucT7Y3f4ujLDb3sNO7mJ/+g5ykXDdgd1+9aYXSxHVpRzoKYAe82mVC4AxTwND7PomqO7y6C+oonns8OMTA9QK9q3AVcCx3PzWZZFMplEygaklIyNDnE2cBrhFBw51MOz90MYLZ08HHmyDYhGoyQSCSorK2lsbKSkpCQHXFidx+VwE2i+BMDVU7d5/G6QjBxFF0J8CIfDzUIIOjo6HKFQSMVisbxft7q+zKwZImJOEuy5S//4BYq0QjSnrhy7uUaj13O93ru/r7P1BE21bXyeDxOaniT2bfWGY7fnbPR6+oHLQCmwDgy+GjCDfwBGL0x8usOKBQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFhSURBVDjLpZMxbtZAEIW/N/bP7w4aSiQuQEODEFdIAVI6KFJwgeQenAEBFQVU1CBOkAsgroDSRMof77wUa68tK5GQstqVd1fz3rw345Vt7jN6gM8/zj9k6u3lIYer8ZaoTY5dD8OOj+9fPz/tAdJ6d/TqyeNhGCR1eMIkAMIGez6bMl7z/eefE6ASXF7lfr8f9OX3P0oxY2b9lmQspkznkibTnB0/paQEEACHESI6hKhTTa7mrepegsxNDWhyadAaLIQJCQssiAA3kxuCBpKRRMhkCBlCVW8a1p1rBPYCXjKKTrNRkOvCuougkkTULA4tHRQ4IVb1aQSeCJbMJlZgTdlTqsRwt4LqddUFJms2YWPfpsBugRFTRWffEkojs4CnH6sRaLoNQbImEWlXZV7L3xRx2OmCvH745sUj0Ozd89wMMY4H+k5uBA96ff326+/LQ/Gz/3mcfQe74FNt7T2f8w1Fi68/h3owMgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAH6SURBVDjLY/j//z8DPlxYWFgAxA9ANDZ5BiIMeASlH5BswPz58+uampo2kuUCkGYgPg/EQvgsweZk5rlz5zYSoxnDAKBmprq6umONjY1vsmdeamvd9Pzc1N2vv/Zse/k0a/6jZWGT7hWGTLhrEdR7hwOrAfPmzWtob29/XlRc9qdjw8P76fMeTU2c9WBi5LQH7UB6ftS0B9MDe+7k+XfeCvRpu6Xr1XJTEMPP2TMvlkzZ8fhn9JSb+ujO9e+6ZebbcSvMu/Wmm2fzDSv3hmuGsHh+BAptkJ9Llj3e2LDu2SVcfvZqucHm0XhD163+mplLzVVtjHgGar7asO75bXSN+VMia/KmRHxK6/P/H9ni8MmjwqrNoeKKKkZKa1z37F7H5uefkTVn9Ac2NK5O/L/lytT/F57t+t+/O+t/eL/uf/NsqV4MJxYtfXxmwo4X/4F+NYaJxba7fN94ecL/jdcm/QeBnj2p//v3pAMNkPyOYUD8zAcbJ+189d+z5UYOTMyn2vD/titz/iODTZemggzADCTvlpuNE3e8/B/Ye2sJTMwyR/p7966k/+27EsCa23cm4HYBMGq82zc9/5+3+NEzx4orbCAxoMKW4B6N/727UsA2g2gQHyjeg2EAMGqEKlc9/VOx6vF/29JLgTBxoOIOIP4EcjaU7gCJAwAM9qYI32g+agAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALwSURBVDjLhZJJTBNhFIDfTKcdumGtBYqtbSgQkE0DaggqiyhBPchBjWLiEuPBaAyHetEEE6NouOjFE5407gESExKNVlyCCYsLRkNYQrqwWVRKO22n//zz/w4kEgKi3+29/39fXt57DKUU/pDTMmqoNKlbrWbNZqtOtQphimficiwQTIx4voQOeJs3eGEJ7OJg8JRL8ATiN0DPTW906tnNGQbNW2/sxcu+maOygH3wF7jFQWbzIGPkmd1ZRs56vn38bnGGfoMYQiIRcDBwexP9r4DE8fHLdc7TF+75boV/Jh5VZBnuGnnWTJP43LwrwyeSdVy2jCkCTJXWiSYSwuMLgoyLX7P3V6S4p8JSeHZKfEATcmytljNpOdYAhCShKI2n2NTFzjVqA5EA3nWH2n9Noc8LArOOdVc4dDnTYSy46x1PkxhGnWvlzd2DrEHyhYYtW3R2Dqh+YCQ66kznXT8m4t8oJjc5Z8NnjiD58PWTrvqWzuCb3s7vt5UHRGViazyXc4lngFelGvcUZunrfH7x69BAxJ1q0jzjKOgCD4sRqwwob1912vlfAo73vJxyTzwuezDZtq2VSPj5hxFhjKOMsbDEfM1AjpLc9P0FFMl6BhPQ8kz6/BrPHrR356fwhbNRrNtbk3Z1LplS6ykpr7bd2ZlnKoqI4LStVptEJIh2y3qoqjrSShSBhoXkub/M4kNaTMP9ckqIJCNCVAhjsJkzoci+DXq8r6B/rBfGP3V0TP6IHuNgBZQxwK78YyqZEpCJDAQoTMwGoNC+FQQUh9D6sj3wuiN1RYGIEcwV+34Og0SwIpRAkiUIJyKwcd12EKQYEyqt7l8mSDv0sYQSWllTIwKWMaQlO5RieV42OesHs8EKHwNd0D3sx8G+tjPLZlDbPBrWqMHIaXeBiCRAJKF0kyCZlny21FUDff730DXkAxd5AgRzaMUhLqXgCju9ybHD8nrI8wERKJtoUk76X1tYiquRmZaJyhInsjrYRPGf/G9oAXqKbs089gAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGQSURBVBgZpcG9alRhFIbR5/tRA0Fbbe0tp4tFsHFKLSaNjSIGJlapDIq12BgIxJRaCGIK8QaUNN6BmEJBLNIGCcko55z9bs8WpxlECLNWcnfmkW6uv7l/dXnw9HDii+6AhEuYDJcjF26G3HEzTOLC2fZkf//gwdtnK9t1sDTYOrOwmC8ucBqLJxPbArbrpPU8OTzmtH62ngkPX33xf3n0+qv/z90n771HdRdhvAcjfaBpGobDIVOHx7+wzrHOMReNOZcvncdkhIo7YWeZ3jVm1VJJyUjFKcrUzgnqjFBNRhjvwfUf72jbltFoxFTJkFOhJrDkWBZBJkJ1OWFnmd4NZpUESuAJyImiQpCMUCUjLL2Ae+klTdOwurrKVKqZKiGHDCjxhyRC7dqW8PEOvdvMyvRypgDmTk5O6NqOUN1EuLIJa+eec3R0xMbGBlM5JYKAkhIuEVwiVEmET+v01phVUiIU/iqFIHdCPfj2fXe82a7IDJkwMyRhbcutx5+ROy7DzZELl5AIu/SSuzOPzJx+AwKoFtIrwFHLAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAEYSURBVBgZBcHPio5hGAfg6/2+R980k6wmJgsJ5U/ZOAqbSc2GnXOwUg7BESgLUeIQ1GSjLFnMwsKGGg1qxJRmPM97/1zXFAAAAEADdlfZzr26miup2svnelq7d2aYgt3rebl585wN6+K3I1/9fJe7O/uIePP2SypJkiRJ0vMhr55FLCA3zgIAOK9uQ4MS361ZOSX+OrTvkgINSjS/HIvhjxNNFGgQsbSmabohKDNoUGLohsls6BaiQIMSs2FYmnXdUsygQYmumy3Nhi6igwalDEOJEjPKP7CA2aFNK8Bkyy3fdNCg7r9/fW3jgpVJbDmy5+PB2IYp4MXFelQ7izPrhkPHB+P5/PjhD5gCgCenx+VR/dODEwD+A3T7nqbxwf1HAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIQSURBVDjLjZPbbtNAFEVLvoNK/ENRv6W/guChbzwXJRJBDRIgVQglUjClddxUpCEF00RJE8fgXKBtZGzHud+vzWbOgE2gRdTSfrBn9jr7nPGsAFghsec20xrT+n90h8nj+pYAa+PxuD2bzS7n8zmuE1uH1+vdWoYsA9bJ3O/3MRgMXHU6HbRaLVSrVQ4xTRM+n8+FOOZbjHy/VCohnU4jmUwim81C13X0ej20223Yts0Bw+EQVMTv9/+E5HI5TyaTeZhKpRbNZpNvJFOj0YAkScjn8zxFrVa70hKfCTNvkHk0GoGkqiq63S5YO1yCIKBcLnNIvV7nBQzD+A1gZpGqKYrCo1JE0mQy4QDLshCLxfg8CEzzoP0uQJblCg2Geh/2WwiFQjw6GS4qOooXFl69OeQnQGBqj0AuIJF4XzHKu9BST9EzJeztBxGPx3FudZA4PUNKM7ATPsB0OuWpnIQugMUTbbMAw/yK/PckTvWPOLeLMCwbn5QznHzWIURivB0CkCiNC4hGoxu7EWGRN5I4+XaEY+0AcTUCtaigatexvfMaXwolnoBE5j8Aoih6gnsvHz1/+3hxXIhCLr3Dh8IhZC2GQCAANiNe1QE4cgHOj/Rg897m/pGAF8I2noWfICwFoRU09zj/1hUAvbCPi3/dg2t06QJ+Qe6yqANauImZ7e3x27sEWCXIDa6zI7r6qz8AeSLtQ3VwWP8AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKZSURBVDjLpZM7TFNhFMd/t/f2IqVQqAWM72IVMUEjIRoiYnTxEWEyTjqoiYNuxkSjk5uJg4ODDjoYE6ODm4sOJlopqNRY5VXC09oCRaCg3t572++7DspTnTzJyTnfyTn/739O8lccx+F/TBsdHb0MHAOQUuI4DlLKJS6E+CP+9gdKKpXKBwIBFWAxm7n8b3Euj8ViQnMcR3W73dyMCmzjG9PxVzi5H7jKa6gI1nLE208oFOLy8wyGaWNkbQwzx+PTIYQQqrb417reW+RT7xhJJBieMHCufgQgl8txbV8hUhbMrwUghECbewDkKnfStH0NB3SN1o5OYqo63xgOhymWXQQyHajeWka+vsRdth9NCPFrOC95m16Npk3jLSkhau9masoE7y+A+tA0+cQEhetO4AvuJDNUTc+LhwsMMok+yoNVPNHqmPpss8Kvs+pHEgAr/QzViuPfvIepgR50xaa4ZBXe0soFBmuKZumaLEX6Symr1DFnTYrlBGq2G83di6/qINboI3SPwsiHXqSjk/Q1LgCcP9wwfwvDMLAsC2syQYHZiW9TC2byDi49j9u7gSLnC4FDNxho78Y1B5BIJIhGowwPD+PxeLDGwpBpxRdqwUzexuXOYc9uZOzle2aqTlFYvgkpJUosFusWQtQIIaivr1cikYhjj7dR4Rlna1Mz9vh9FNXGnFlLOvweacwE+7ZcGfp9ux5luRbunVt/pqH55N28UsFKfytlFTrmzDomX79JSyvbUH2hbXCJFpaLo2TjlrvbGs8Sf3SRvnCEgvU7yKfjqTJdPVh7qX1web9reSHeP5a3u54S3LGXoqJqkh2fvptZ+0jtpfbOv6nxjxWON/mzdVWV2q6aII7bimTTE6eOXv84+C85/wR0RnLQ/rM7uwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALISURBVDjLpZNpMNRhHMc31ExNmjRTDdVMsxXLkntnTcmxJTKFMK6JnK1KcheKDDZXubbSoRdlNFFNGFTIbeiNsyjHnzI0ZrFk/621+21bx6wx9caLz/Pi+T3fz/Ob56AAoKwH2WAU2QyP+wNO6xKY3WgOsMseKJQvTrm6p0ohplzcuqR4/lsQ0QQmhzA0SxkUW6QPbv47xz9t3zBjd3ZeStu0g+OAFJGUESnUtYLwRqjHjyhqxxFCvVtE+dwxC84vc5ZklmV1dHnhrJUNlW9ty588ZS+wzSHiVwkMwxpAPRm/b0/kcOqF82/m5wyYpIBhwpXfyTCOyAjKLJT0Frji29sktD+xQgeX7ikrGoTVY3nhhJaJZFj/hFA+vD+YeMFOe7QwVhOF6c4yYHYUU53FaEm3Hl8UhNbKBKJdagVC1b0i0zPvyS3eRLayz7Didp+hSteb+fMT3XELwu8lGKtNg6DrNRaIRnQ9DSBlAr2QGsTo2euKlVUkC9t2JFNciUSKCwEFF0LMCi2S8LpjJWJBIwQDl8FrC8KXZ77oyXZDW7aD+qIguBrYsNEOCpv65VsPiE3Kn+y6DjHZgrl+L5AjHpj5HI2hPPPxKeNDH1cOUffKBwgpSk4iitLu5fDd9IOcsU9RS2FPkMPu4HfHoI9rSfalM4yk3aqtCA4HvcPjnTTz5XBkskZlZ0UIxIJ6kEO++D1yDtPSTnq5LJFjlh5/zTvQuVQBk3BtVWYEPc/7qjqvpzwaHRWZ+NHqjLkhD/Dar+FrrsXPqjSGJjNBe5CRSM9ZLbhYDgO2pp0+W8PqZQoLmCHQ+9AJNdFqaHpgg7oEo9E7/keOy24sWEON5q7NNg6jbV0R0APLQGeXQotdggR/HQhbciFszUJrkgWe+x0AK/AeaH6vligGzbdIxopAHmdTFZLjRRNV37YRVWVY1pVG6VD/9xv/AJGzmhVs7+fUAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAG9SURBVDjLpZO9apRREIafDVuIhMjGhPwJukashNjoNdgIqQQbG8U7ECy0i4UXIMQLEKxtrCwsRMRKbBSCoBhQwRjwZ3e/M/O+FufbTYRYZWA45wznnXk4Z6Zjm8PYFIe0LsDDG/1pm03jy5gpAzbIxga3q2wMv2Q/uPXo8wZAZ/P6qVmbrd7iyd7cUh86HWhFMvvcpKBE4fv2B358+7Rx+/H23a7Nq+PL/d7c8ipf3r+kjH6jhDSkTAjCRoISZmbhNDMLq4S4c+/K8rmu8fzahYu8fvaEwc+dKm5FIZMJIVMSIsXu1ltmhw1nzq6x8/XjeteG+ZVF1q/dRKMhVqBInElG4igoApXxPlEJpo4t8eaF6drgEIPdd6j5g0KoqCYpSRShkq0LlZps+ugJZOjWxxEuSQ6zVohETZIh1LTiNqYQGTVmtwQqiUZBjgKVICfVsj0Ll7GwpYvcI1AkOSyUYTkQN4twCjWB0jgryYTAjYhRkIPyH1zVilETOV19QlCSHAQ5bA7GTaEUDuFxZ9EmsCGLOLJyvv5AGmvvstVWlGt/7zNjOvevrjy1uST90+8Hz4HBVYkrwfPOYcf5L9lR/9+EMK8xAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIsSURBVDjLnZPNi1JhFMbvKtoHBa1atgmCtv0VrVq0aCkGCn6mYH47ip8IflAKhibpRke00BnnKiKoiKA7qSkF08FvvToak/f0ngu2qBYzXngu3Jf3+b3nPee5VCAQcPj9/ucAQB0iyufzPXS73Wd2u/3RQQB8Wa1Wiclkqms0mrsHAQwGwy21Wn2qUCjOxGLxHVyrVCpHpVKJpWmazeVy20wmQyeTyaf/BaAKhcIrkUh04XA4vhSLxTIxX5IHULMCDd+PkxCLxbaRSETxD6DVamUbjcavWq22LZfLMBqNgGEYuJgs4TxbhG9PHnManuQgGAyypOnv/wCazaat2+1yJ735pOCMy+USBuMFvPzIwosPAMW3xzDwemA+HHL78vk82Gy2Iw5APtZoms/nHGCv2WwGP4Zz6AwWsFgsYLVacUI47jUajTvS9GcUaQ6LgL/Ne3U6HSBVgtPpZFHT6ZSrst1ug1Kp/EolEokdUveGPWAymUA2m4V0Og1kD5AxX1osFo1er2fxGpvNBiQSCVDxeJzp9/tcWWjEcsfjMVSrVUilUth5IEYgo/6Md1apVDSu46FCoRCoaDR6gp1HIwLQ7PV6ezKZbMnj8YBoKZVKUzqd7h4C5HL5bZKVU4FAMOHz+U4qHA6/RiJOAgFIJvFmrp3EUCj0gMyVqdfr0Ov1YL1eg8vl2t0oyh6P5x2JKZAwAQkVNuznjQDkb7xPgnFuNpuvyHyvtFpt+bqA3zDZAQQexaeGAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKZSURBVBgZpcFfaJV1HMfx9+/Zc9QtO0unOMdasEibGf65SLOCJWRX4p0gCCVddBVYF0FEF4Hsom668jIN6iJJvYgoRoOMeTBdEoORf2rqJseca8ftHM+e5/f8ft9P5+JcSJA3vV5OEv9HwiPc+/HlqbnRPeIRnCRq469KJiTtwjQo0+uS3lzVtx9JNG+eRaZvZfa9TBWLVpGpa+Dgb85JYuHnYa3s20+oTZGsXE/6xDZW9e6FjtWAoaJGdrdCNncZv3CVzv5h7k+e5KlDky6lRaZyVh1dWrP7c5ChWKdYvEBafhHnUvzc15S6trJi82FQZP7iJ1i0fbQktPQMn6tb8QBkFPOnKea/w7JbIAOE5X+RV7+ief0jkJEvTCOzCVpS2mQCDEUPVoAzbLmC6yhQzFDMUMhBkaRUJjSXNgK1lDZFAwnMo1jgkggsgytwyjl2tUotzzm+SViMWDSjJaFNJpCh6JE8kgcyoInIyUJB/7ohDp86AuZQtBItKW2KhllO0vk0sTHJBxcvgcbwFvAhsHHNMwz17qKePeDt2xf4tNR5n5aUNpl9tvT7F0e7h45g+W2CeV577g2ijGgRQ1QXZ3m+/yUafpm3Zs5NZ8eSFSltfQcm3p39ZsdR19FFefNBsnCaKOPW39cpLBCsoIgFS3md7U++QqNopr/cGM9SHqJo6xvTP9xLSt1kISPEwIbyAMEiUcadxRnWru7l8ux5zv85fsUHdjpJPOzGl1u3JKXy1Hu1u2SFx5snC57Bni3sHtzHxEyFsWujkz7wQnVEuZPEv/1x4tkNivZOkj724eObhpm/dGb6UH22Z8fA3u6fro396o091RF5Wpwk/suV44Nrow8fmw/vH2jcmYnWsW7ZYmluRIG2fwAIBqNZGcz/tQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAMDSURBVBgZpcFNaJt1HMDx7/PkSdombdO0Tedo2q6H2VSnlZXBylAUN/HiRRBksNsQ8eLNsyBFL9tJUA+CMnUiXmSbgqOjgyF9YVu3pmvarG+sa+eatmmb5snz8v/9zA4Dkd38fCxV5f9w3h2+0pJpb7zeHI9lUAtUMKqYIMDzAoIgwK96eJ5H6HqYqovvViltbK+tzC6edHo6mqaHXuzK9B5o5QlR5QkjiohiVDFGMKIYYzCiBMZwa+pe66i3O+t0tiUy6XiE+ZVHhMZwc3qZ44NZJm/P88qRbsJAuJ1bpr//EDduTNN1qANjhOczSdLPHUw5lgWiSjRisVUWKqFFxUTZqgRcGytgjCBq49OAZ8XYLO7Sk0kRimBZFtanF/5SO3SxRbHsCENH+9j2YxgRjCgiEBohFKHZqTAyMolX3iT0AzYe7uKMz6ycyab1i7ZkIpJOZw5EYg3WWmGWtUeb+KEhDA3GCKFRzmTzfPjCEpNL9Q+uLGaK92cnzqOqqCofnbv00/dXczq+sKf5v43+1+UfPtfi+Mca7I3r8u+n/ZvDh99WVSxV5b3Pfuvu70zOnRjM1ifijfR2xOlM2jy1c+9X/OIlUgOn2F9dINwTdu7frcxN3jkbGd3LWnZl/+obx/t64vEmYrEYPW1R6hyLp3ZyF2gZeA1x8ziJTsTfpSV7MBopbZ+0R8+9r9n+3sFUS4r1UoARoSFq8W+RRIZgexnxi6g/R6x5BaozlNe9iENN1Rd7vVhiYX2fqtfOyNgMbtUnZZZ5MzlCY5PQ3WJhSwnsJjTwyV0s6Nxc6QOHmjAICIzghyH5xVWMKIdlgmN1Y7z86inU/xPL7HHncgVT3iVm23ybHwi/+fm7iw41Vd/HdX262uswoYOo8rrm6DvxDn7xKxwnSe6az/X9t6i0H8WtuBTcW0KNQ83SVC5febyRjdYnEBMiIgwdCbAiD4nUpZn6Y4cf777EA00ihQLVcpnHq6tfUmOpKs8ycf7YcGNr6mxla9+dn9/45PTX87/wDP8ABifE0eTdPioAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJxSURBVDjLfdHLaxNRFMfx752ZpOkjfUgiYkykC0G6a8EXuhBxmY1r/wTBpaI7l7oXXQguuvAPEKF/QA3WorSWtmCxldLGR6NpMpnpzGTuOS6iVYv1B4cDF+7ncO41qsq/UqvVvK2trWIQBKPj4+Ov2u32MEA+n2+vra1dGBsba5ZKpR1zGDAzM3OrUqncj6KIMAwpl8uICNvb2wwODpLL5VhfX7/tcEiCILg5OjrK1NQUmUyGpaUllpeXyWQyTE5OMjIyQqPRuO0dBqRpWgrDkMXFRUSEarUKwNzcHPPz8wRBwNDQ0JFDAcdxKJVK7O7uUq/XWV1dRUTodDq4rovneb3+/sWZhdzwxIQxf26jGFPdh4rFImEY0mg0cF0X13UBsNbiGXVOly89zRhjQHuXMYaF589ZWVmhXC6jqogI1lqy2SyqSrPZpNVqffdINUKSvvjzI2zigjOMMXmuXL7I24VVarWXVConKRQK9Pf34/s+X7/Ute2Hz0TkjkfXOCoJNsmiosjeJns7G0RvpjlWr3MMYBtioPCzxsGcuvH6OoCH0ZykewSfvhJ/+YAkIW7fCCeqTzAYpBuDARXBGIM7cJy1h+f2X8uj6+D1H6V4/i4goIqKT9qeRaIN0Bi1IWoDVEJylXt//ZZHV1VthITvUNtCrY9EH0EFlQhkD5UOajuoDUHlABCjKinS3UHTVg+RGDTtTZfedEl91PpgzAEgUTVYNP2Opru9sq3fWOqjtv1zhQiJNwGifUATaabht4FuJ5tH8o5qBiQPWkBtDCSo0+vGsdgoUk0k/g1E8YP1x9fOolzFkOd/UcDMJohO/zr6Acl3eEJ9hHHwAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAInSURBVDjLpZNBSJRBFMd/37papinFUgZmYESIFiGRYdQhynueig4eomNE0NmDidc8du7arUNFKJSpIKQHAwlNKkUzTVdd3W++mTfzOuxK2RoEzeENPHi//3/mvRepKv9z0gD65aVK7geqFhWHeoeKRSVBfQLO4MWgEoMz1HY+jXYDvFDecrOErgoRFAOgkH12q9RBsr5ApSoa4kI2AtUARCi/CFFqH+riPZ4gQrBLSG4MQoKqLdzBQjBoMGiIqcjcILj8HgCfAIIGA+qKRb8XGzTkQQW1eziQrdWC5V3KMSGYIiSGEBdEZLsUELzBzLxDkk/gLajgzSb7TxwpKAdDz8QUWfOAR3/8QQrAx6vI5gLVTbepbuniwOlrEBzq8xDyqM9jxFKfaeJ+ZXmpg0gVtzxJdmCYmva7RFFEz/c5WJrFBsGKcOzQKZrq2siZbTr665wRWzH0cE3TO/0+2NbF2kA360OPqb1yDwmW681deA344AkoixvznKm/xJaN0+Nzb+3Z3lRFGgAxRGUpqlrvEE+9IDf6HCMWr4GvqzO4IEhwOO/YTHKcO36ZLZdPj30eNsU5MGRf9aNiUBdj4w+Y2irEC0drGpDg8Rr4tjHH4eo6JuZHGJkd/miF1uhvy9T5pNEba7HBYsRyMtOcutjYwfu5UQanX09a4cJinybRv25jS29q5XzD1cyb6cFxG2hf7FNbbMC/ARq7oxUfyjJx8OXLfSo7+Z9JyXr5I2wfSAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJWSURBVDjLpZLva1JRGMf9F4JgEEGjIG5vetGoSz8hmGVN023qbTklTdmyHxaN2OLuF5nDsSYWNZyLHM0fZOVetGx4dXNuU0GvL6INKioKutWtKDZaRLenc+AWxbUY9OIDh8Pz/T7f5zlHBgCy/+HXgQ01kmzYFGPDZr4UsQpsyCIUho18boiKzV6tJ/9pwIaNtlLEzLEhE1sYPkTnr1FEzq8ncoM6OjtIsdkBipvyamxlDXBnLC6OGFylFwsbEFqEA3EcoUKszXg1roy3nku5lZIksmLIFCsGTSwqJBBHEW2Is4gWxGmEAVGZ7lezSbcyVibBYb4QaKBRUR2iVRSfEcU4hR1RnXTV0Cm3ipcYlMIWIT9E4e7Hfuv6cwScqAmnSHQriFSvWpCOEDQLWZ+OEAux8KRo1izeWRHU/Q45kXQppQb56wY+O6DFIyhEof17awt8c5yAr0cssKTVw6JcAZ82b4MP6zeCxGDWp0fvrMNLrEToETYs/pKbgKXJOHy+dwcWoyOwEPDDu1XrpAaZS7Xk9BUdl/ao8TOuQewu1xmL365YDaOOHQ2SjzTZd8A25dFwqV4Vyzj30eOde4h4u5yIn6um0311wtzdNnhZ8MHT6YvAnFfDreatFZKvzFzYTyJijEvJ42Uxzhoh3rH3Y6JbCY8neuD1wxvwZj4IjxJdELXuFCKWLRV/GPyN0VO7jOn+g/BsxgPcgwA8z16GvN8MPQriybIMMLft242Msxbmx9phbqwTMl49RJvI98s2wNy0kcZgYxWMdynQCOSroGnTSnz/A5Fyv6NS2MnjAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKZSURBVBgZpcFfaJV1HMfx9+/Zc9QtO0unOMdasEibGf65SLOCJWRX4p0gCCVddBVYF0FEF4Hsom668jIN6iJJvYgoRoOMeTBdEoORf2rqJseca8ftHM+e5/f8ft9P5+JcSJA3vV5OEv9HwiPc+/HlqbnRPeIRnCRq469KJiTtwjQo0+uS3lzVtx9JNG+eRaZvZfa9TBWLVpGpa+Dgb85JYuHnYa3s20+oTZGsXE/6xDZW9e6FjtWAoaJGdrdCNncZv3CVzv5h7k+e5KlDky6lRaZyVh1dWrP7c5ChWKdYvEBafhHnUvzc15S6trJi82FQZP7iJ1i0fbQktPQMn6tb8QBkFPOnKea/w7JbIAOE5X+RV7+ief0jkJEvTCOzCVpS2mQCDEUPVoAzbLmC6yhQzFDMUMhBkaRUJjSXNgK1lDZFAwnMo1jgkggsgytwyjl2tUotzzm+SViMWDSjJaFNJpCh6JE8kgcyoInIyUJB/7ohDp86AuZQtBItKW2KhllO0vk0sTHJBxcvgcbwFvAhsHHNMwz17qKePeDt2xf4tNR5n5aUNpl9tvT7F0e7h45g+W2CeV577g2ijGgRQ1QXZ3m+/yUafpm3Zs5NZ8eSFSltfQcm3p39ZsdR19FFefNBsnCaKOPW39cpLBCsoIgFS3md7U++QqNopr/cGM9SHqJo6xvTP9xLSt1kISPEwIbyAMEiUcadxRnWru7l8ux5zv85fsUHdjpJPOzGl1u3JKXy1Hu1u2SFx5snC57Bni3sHtzHxEyFsWujkz7wQnVEuZPEv/1x4tkNivZOkj724eObhpm/dGb6UH22Z8fA3u6fro396o091RF5Wpwk/suV44Nrow8fmw/vH2jcmYnWsW7ZYmluRIG2fwAIBqNZGcz/tQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIwSURBVDjLpZLNS1RhFIef897rNDSoUEFFIhpCi1okzKKyRSFBFC3aCFERRQTSItrUHxBFbQoEkYJaBdoQ7kqQwm1BREjmF2JWFuKgNTozzr3zntNiRmthC+nAb3fOc37nQ8yM/wk5ff3Z1cNH0vcWCpYyA1QxVbx6TA01xbxHzTDv8arUJeL86Ojszf77Hd1hui3dVZNMue3JDTVO5Qu+C+gOC7G5wsLyhq0XY3MAoXnj9tmWDQMu352hAjAFICp7DDA1vIJiqBpeFV+2ikyJvNG8oxavvgKgegVxgphhTjAxRAXnBBGHiEecJ/rwiLA4RW6xHS1vBsCtkhwgIogTAie4QBAHgYOaIKA8liGV/MLOtguszL2k0UYqdabVPxBZAzmpdA8CIRAoTvQTrAxRvydNfmaAILmLc81vGLi2+0yoVQdUHQBghgNMBA2FcvY9W1tP4gsjJLc1sOK/0Xh0H1Kc7wnLcbzmQAAzQ0Swv0BBqoF48TMuyCIuT6IuCysFln+UgtB85QoBVIpEWF1slP1EbvghkojRchGnP8HVYnHEx74pxscXroSq+meEqhBhafIFudHnbGk9iEWDiF9ibDCiplQiEOHp/Am6em/1hrPTM5nOB3GHeo96xXuPqtLZ1Mf+9mNE2R7CsJ7h1yV6xw4wl9iLGUSJTZnqvmxdfe0//rY0d8fy46fsXdehpccXW86vlxf+61W/T2df5X4NNRUW8sWJifkbl55MZtbL+w0EmEFfv0ZNiwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJqSURBVDjLpZNLSJRRFMd/M9/okF86IONzClciCRNGZS/BFoIa9BBDrSSC0F2rIFxZUAaDrWrXoggEqVBxHRSmofighUk2jEXjPBxHRbQv1O8+Wozo2MrowuFy7uH+z+/+OdehteZ/lgugZ3i1U2vapFaHlFJIBUIppFRIpRFSpYVECo1UaqKrtbTSBaC0vtNYme39l84PXoeO7hBIpbwAg99fIZRASIGtBLa0d3cpdmodZ7qwbelOE0j5cL389r66WxsCW8hdD6RUAPSOLO5L4NKJXLbSBcS2AMC1qnzefErQdK5g56xvLEHj6d18aW1jL4EtFUprXAb0jS5iGE76xxZxOMG5fWlwfBG0JsMFR3xZbNl/PUEDLsNBQ2Ueg+NJLlfm7yFIz0OxNYRQewm0ApcTBkYjRL5NEhiaI9+bS3Qhic9fQ++HX8yN9eMr9LK8vMKBdQ/V1R1mSkAotNY4tWB19h16fZ1bN1uxLItIJMLo+Ec82SbNV69gGAbxeJzMqSlWcnLup0xUKZzQzCTxYIjmG9d48vQ5s9MTFBUW4vf7Cf/8QXf3BPGFBY4dP0VtzXnC4XC7E0AIgQbCoRk8OQcBeNR5D2HbtLS0UFVVRX19PXV1dQjbpqm1HQCPx+Pe9UBryksPM/15MjWqDx8jhCAQCGCaZmqALAulFD0vnnHxQi3RaHTDobXm7suvI8KWFavJeXPty1vOnqyg2OcjK9NJIpEgGAzidrspKSmhoKCA35uKWHTeHh56P+dI/85lZWVGUVGR3zTNgeLi4jy3220AzqWlpTYg6vV6B4CMzc1NGYvFkpZlNfwBMWlOUI5ySkcAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHtSURBVDjLjZNLS9xQFMe138C9A/0OynyBUjeFQjduROi2MMtCEalS0ToLEdQMdEShoKDWRymKigWxII7PhaB9aBFUJjHJpHlnnvbfe27NJcVIDfwIyT3nd885cOoA1BHsaWQ0MZL/4SHjgciLCJpKpZJVrVava7Ua4mDnkCRpKCqJCpKU7HkefN8X2LYN0zShqiqXKIqCTCYjJGFyPQkooFgsolwu8zfhui4sy4KmaVwQBAHokmw2+1cSClpSUmr12MP7LQunii8klOA4DnRdv9USn0koePRiJDW+aTGBjcOLgAewlnjfYSuFQoFXIsvybQF9jG2avIKFPQtzOyZmcyZMtywkVAnNwzCMeMG7jV+YyFmQ1g30L2kYWitAWtZFJdQOzYREsYLhzwZGGF+OHez/9PD2k4aeeYUHVyoVPheSELGCwRUdA+zG/VMPeycu3iyo6J5WxDxIQFA1QtCauUwPrOpIPh/vSC+qSC/qPHn3u4uu2Su8nsrzZKqAoOR/BO2j+Q+DTPC0/2CdSu79qOLVlIyXk3l0zsjomJYxv6ELQYgQPOk7a2jpOnmcaG57tvuD3fzNxc5XB9sEm0XuyMb5VcCriBI7A/bz9117EMO1ENxImtmAfDq4TzKLdfn2RgQJktxjnUNo9RN/AFmTwlP7TY1uAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJmSURBVDjLjZJdSFNhGMdXW9BtdxEEeRFMJKiTladSajoqSOnOqy5CgyIkKFDLyI/Q5sZgRYpQFtJNpYgIkm5mVFpTc7Cw47Dmml/RZufs65yzr86/9z0qrVLrhf/N8/L7P//neV8NAM1GmuspaiXCilr/vP8vOB2fUbWWyb9h0YVE8CFSkSFSVlQTX6fhwYYGmXD8qxWJpY7V7qDH18HC2cK+3MhAjUxhef4m4t/uEQ0um3QZoKR5eNsY1WRdAxqZwqoW6lWTVHgQ0WkLRO8p/Ii/wrRtL9ZPIH8kCZp/mahGDYhwJxBy5ZHxusHdyF4T3kx3EBi+TIA6hN35ED+dheS7iOjUGQgTuUgJjeBqs2FvyvX8/d69RgRGKpHku0g3lsDFpPt5RFxHIYwyKjxVnwOH6cDkb0uksJIOkzkdkOZrEPqghzh5CNKXW5h7WoDZZ2V4d24XBg062E9vTQ4YtdWqQeZPSwQ6EfWUkE45iHL5kP1mjJkZfqhCv+S+mge5zwqF64f45ArGL+1J2wt1FSudQyRyD2KeQvBOPWJTxyHPNmPcwnzvNeU9HijSeiUC424xULUNaMpC0HwMpD5DDSJJwUGWxYIf0UP6XELgRoxZGL7Pwt6nMUlsRZnoRuYRarfTcZTlN4+9RZgrJAs7CdHfAKdpX+i5lW1b3Q+Zdy7WXgYQKF6pAU/kv6AFqc9r/F2GCTk4DMlfC3nxEUbNjGC3Hb6T+bRvSnfUjZbvTi1WZSFwbQu85ZvwoliX7jdqr2vG2gtq3K0HF97b9gfpzK9bjtxe63MNl+6sJh19NDZNRGFa/wllZefQFCrWMAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAH2SURBVDjLpZJBS5RRFIafb+aOMzoaoqiYtEvBCaSFiEH7IKIQF1FIINJfiFaiC5f+iCIcXAwURX+gIkGigghBbSloEeYwM9/nveecFk5fmiMFHbjczeU5z3nvicyM/ykH8OTV/n0zpsS0X1WpJ4HEC0G0eQQJhqh+XpoZvncKoGa3pye6uv/WbWF162JLA1HtBnj6aX1Ak6GeIC4nqjSOmbRlChQLOeZXtndE9cPSzPD1Y4CjHDqs1HttvOhadTeDWiwUC1kWVrdKJw1EAfhRCy7xxsuN9xmNL2RE8lGLTAY729uYX9k2UV13AKEJEDXyuQjnR7I3xjv5h0zGHIAXRc0QVRJv1BMB4NmXRwQNHMRV6r6Bl0DQQJDAwytLeC/5dARr3vlclGZytzR3ZvdaHPBBSA1MIagSe00zKb/eOxNwc7yHw1+A79U6okoEZDNRmgnAnav9VNZ2mZ4cOAH4dhD/NhCxj4vlzZGB3i5qDUkzcVmovN2DCCpru7hMBGbkHIwOdXDom4Dl2dE5gAePN3YKbREiOmiAy0ZMTfS1NNjaOSAE5cTSiNj6Ynnz0mDfOUzBZeDFu6/AkQGAi0CB0vkCxh+A5dnRW00TE1Umh7sIYtQaPv2Z49XuIm25tiL2ZrG8eflQtOiDUK0lBAmn3u1X4+c/AQHoQ0fGFnyFAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKRSURBVDjLpZNrSNNRGIeVuaSLrW2NCozlSsrCvqifKrG1vyznRDLQMi9TsamsUCzvSWJKC0Ms0/I2hratmVbi3bLIysRZlgh9qFGuCKOF5KaonV9n+yAGokIHHs7hhd/zvofDcQHg8j8sW0wN2FpQJuVNl8u2QC3loEDMtUX7CYrXJDjrx8u6FcYlNVE83KbciOCiNISD9MDNRHaQf3lVQZWMgwYaVNNQqcwBF1dCBbhwlIczfpypVQWlgZvQVZUPS6cag7XpOBckQIZkB9IYEZIPcee02XL3FQU1scKfM98/YOpFFb72XseooRDm9quwmk3QKXdPvdOkrltRUBG9f8A6dBeTw0bY3+ooeufZatLhToLv8IpX2CZrYnsfTtXqVP6YHa7FzFirE/ubJrRk+sM3UHlfwNSsX1YgCNG586WNKZ7SPox9mYYhLwz6PLkTx/n5+G94Bj8BT1x3ni+u3vCPgH/c4OoRbIgXhg5g3GJHowXIGANSXgOJT4G4DkBTXolnMT7oFbPxgNlo7WDYuYuCAxH14ZKTahgHF1A9CqheESj7CZK6CWIfElwrqsRI5hHMtJeBjHfBps/AUJrvn55jbiqnYCR/38JkWzZu1rchvpN2pR0VjwhimglONREYw/fATsOokANZXKDECz/UQeiWsD45BaMFPsTaU4So5AYU99oQ3Qyc1hNEagkiagn66NjE1IKl61fhdlp3I07Be60qx5TjPa9QlMwHxPdDQUdPWELrCSGm6xIBGpq96AIr5bOShW6GZVl8BbM+xeNSbjF/V3hbtTBIMyFi7tlEwc1zIolxLjM0bv5l4l58y/LCZA4bH5Nc8VjuttDFsHLX/G0HIndm045mx9h0n3CEHfW/dpehdpL0UXsAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJRSURBVBgZpcHda45xGMDx7/3yzB6ebc3ayJS8rBDTkixRMsoByoE/wIkDcbQTckJRTnYmB07kiPIaRa28JM2iaLLJS0mYtzLbnvu597t/1++6TCknitrnE5kZMxEzQzEzlB679M34C1HFe8WJ4D3kYuROcF7ICyPzSp4LKdPWd5T5wxA1QjBEDQmGF8Or4r3hRfFBKUQ5c+cLKb9N1ISgIGpIUIpgeFG8GIUoTgKFN5wohVfmVlLyqpAybfuaCv1Dk/SsrjBeC1wYGGNPdzPlughjmsHQuxr3RsbZu3keTpRz976iuSd2ItSc0lxJUIVZpZi8CJTrIvpufCICjl58z6LWOla2l2lvqWNxWz25VzQT4swJD99krFs6m6uPx6gvRezb2kqaRFRdwIDMBVRh4/JGfpmcCjgfsCyQVnNjy8oG7g5PsK2zkZpTTlz5yOHd7WRTATPIpgKDI9d59OIm1XyMQgqqsgl1XaTjeYEPxv2RCdYumYMZVJ1gZmQugEEk/bz89oQtm9axcG4Hd4evMfj8PC3zXhH1HB+xnV3NfPjuKLziRHHeKERxohSiNGkve3ZshyRm14qD9N3eR0LM+cu3iCcmhbwINNQnNMxOaConNFcSWioJrZWUtsYSP6pfKEUVdq04yC+9PWdY2tZJFHvS77nn1M2PmDfUKVYI5hVzAQrFgrJs1RjDowMMjT7g0LaznOzfS30yC9MSkZnxL90HFhxfuLjpyIbOjXTM7+L156cMPHvAh7fjfZGZ8T+6Dyw4CewHGoBJ4PTgqdFDPwHX2V3XB5aEeQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAB+SURBVCjPpVHbCYAwDLyIIzmEX07hCH64nAOIuo1Sq+CZ1ueXVsyRBJrc5aBCPEeEvwuxK9XtDn0Si/ZU9gUg2Z/dYEuiuxSI5mRtwyuEIR5KOpVZYRUjjMLVVkIVCk6YPPdg1/LNQ87xdtl4JauaQ7CHjAfXeK5FH+7h9bNWB/9J3PASf8kAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKhSURBVDjLpZNZSJRRFMd/937fN58zqWPpjBWamYmtlG0YLW+RVEQPLQ9JVNBCENR7UEhFJPUSZZAR0UsLCEE9VGQLLVCG5kJm2CZajjg2rjPfzHdvD4NTRj31h/NwDvf++Z17zxFaa/5HJkDFkVtn3ITYHh5x04ZifzmlxqdeGzK9XKmt2nbYBHCVqDi+b3EgGAgIIUw0oFP3BFqD1mO5xk047K68txNIGoSHXDuQExAHzl5jan4WtqFwtQ3SjxQkQwoMKfja1syJw/uJu0KkWhiJgZQmxUXTmVe2EkMaaO2CMEEIpBAIIZFSYhkSpf54g7E2bTuNNG96kvcvyuivY5NzmcGnL6la+MTfdOHYjnEGcSdKPDoKQqC1QmkXpSQCyB68S3GkAe/8CvyFpfz4VELb/ZrTKQOtoTfSTV8oQlwlUNplINaD4+ZRqB4xL6+DzOIVhDve4REOGZmTSc+e5h9n8L3Hh9UZ/VXQAQrMZ6yb1U7WjLXEvl3H4xN8aWwjMqy1dPoXyDF8rUEaHqRhJ8NMo8DTSEXJW7KK1hHtvoSw+rHSM/CqPi5+WDK89GBtu/yd4HcFBx6wJf8V/pkbiXZVI604zsB0OuveYJQdpcvJcQEkgFYKAYQ+t9LZ+hLZWk355BaCc9fjfK/B8GhiAwV0Pa7nWHMpMrsk9ZVmctaSE3b+5BF6Gm4S0IoEeXxrPsfEoIdoOJ++122I8stUbp4COClSCZDplRGViDLF5xBqqmHOyr3Ync9ov/2cxnth3j9sxL/mBLnBbHJ9cSzpYFtCpwgm2PLGnpMPl4/E9fxV0ZDfab1D4YJVRHr76Kh/r+/4Dg33VLW40AKAbYHX5CqA+HOdt66eNLpoRq65bHYh2oq9GA317tpwqunjv9b5J0pAFDVe4XHbAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAADZSURBVBgZBcFBbo1hGAbQ83+5kRCJhA2IEQMrYAPMxRZMbcLG2ICRGTeUtE1jpr1p3/95nLMV8PnL3eOT07Pr79f+/f34GuAAcPfqgXseunlx6ysADsfC0+3k1n03ODP41oiX2+IReO7KH7sfLr1HPBEsCOKNc0cXPghGDFZUUPHWb+/UIKpYUUXU+LRFBbsYLCqICkbsiArWroKIQVQQFayIYFRQFYwKVtQgqhgxiNixooJdDKIgCtaIHVFB1KAqWFFBVDCiiAoOuzMwfgnqpyCOYCsAAADgP4mZnXDW2crZAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFtSURBVBgZBcE9b01hAADg55x72mrdnqrE1SCkCUEivu7SxGKppGMHNhKj2KRisYkY2MTcRFQMGh8/QGLxMRikJklJkN5B0N72cu95z3uO50lqAAAAQAYACxP16KF8vhotvxSPNgfF/QFJDWBhOF7Yfyk9EXemRn73P359GJce1BkA1Y1918+MtxSiRmtrtjfzc9qtpAYvkmhl4/L4pNKGnglDfng6uLMt42WjOhD3xOGTzQ/acpVa0PDe5AgZ1eF4szxbNvvJlHeCTKEhOOUVsmfNeO/Y3G5D1q3giERUWreuQFqea81N+acvN2Pcqu0SYzpqAWm4Mu2XTV1bEm2raqmGQi0gDbsy3/X19fzV1PUHFKKAtPjWc1THJ109DAxUKkGlRFo8+azpuNNyBNEOlVrDmID06uOV5ddyuVFj3jioZa/crI5yjYzi/Nvl7nxbJXheN5O7SqUY4lpsk9Tg2sVwu+yUm+XS4iIA8B+6i5xffIyBpQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAADvSURBVDjLY/z//z8DJYCJgUIwxAwImOWx22uSExvZBvz68cvm5/dfV5HFGEGxUHoiExwVf//8Zfjz+w/D719/GH79/A3UAMK/GH4CMYiWFJJk+PXrN8PN27cunWq/oA/SwwIzyUrYluHvP6AB//7A8e+/f4H4N8Pvf0D8Fyb2h+HLl696WllqJ69Nu2XOArMZpBCuGajoN1jxbwT9FyH36/dvkCt/w10Acvb+h3uxOhvoZzCbi4OLQVJSiuH1q9cMt2/cvXB7zj0beBgQAwwKtS2AFuwH2vwIqFmd5Fi40H/1BFDzQaBrdTFiYYTnBQAI58A33Wys0AAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKOSURBVDjLlZPtS1NhGMb3D8y/xY+FwQKXr4mWFYT2wQhNQqEXKohIlNLIT2NNxLLYVtAiGIGSL9nm1lTmW3rczpk7287cdNTci9vU7Wy7Os9DR3J+qQMX93Nu7ut3nvt+nqMAoPhbDoejwmKxaKemppbHxsZ+mc3muMlk4oxG49A7w9DZ0vqjhdPpVEpmnWTOBYNBxGIx7O3tIZPJIJlMwu12YejlU3FY12fQagbKjgH+mL/wPI9isYiDgwMQiCAIiEajyOfzKOb3Ie5zsEy/x4vnD2wD/Y/LjgDky8Scy+VAHlEUQd69Xi8SiQSFZve3cZh2oXC4icnxt+h90mWgAMl8Stp2IZ1OU0MqlaKQcDgMlmVB8vm8iEySRTbtprvISbpz+2bh3t1bFQrJrNva2gIRx3HURHomoJ2dHbrOHiYlACMZg9J6V9phFjabDR0dHTpFeXk5/lVkNgQcj8fh8/nQ1ta2SgEMw8Dj8cBut0Ov19NiEkOhEM3LOTJYv9+PQCCASCSClpaWKAWQItlEIEQkJ+fl6NjwY4HxUrHCNi40X9k9ASCSzaUAKyNgdiMIuzuEiUUWNY2XXCdakEEklrYws8pj5gePuc0IXn0cR835xpH/GqJr049vaz4sCXGoztUV1FXVp+lF0mg0OqvVikhCOsrwGlzCCtZ9i1jxLGCJdWDR/R0enqMDFCJR9Gtfo7K6buToJg4ODir7nvVOf/hshO+nm0IIYNkzjyVujkJYP0OPb3R0FJXqqkmVSqU89jP19PQoHz66P9LZ3S6aJ0yYX5+lkDXeCfvyVxg/vUFtXW1OrVbrZPMxgKzu7q4z7Z03hq9db2UuX70Ya2puiDU01TP1DbXDkrmitP43h3Pjic5IKdYAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKgSURBVDjLY/j//z8DJRhMmJQd+x89/W4IRQbY1x5L8590dzmy5PuIqC4gfvA+PPIyEMfhNqD06H+L9gfG9p33/jr23OMEiX30DTj8yT/oFxCf+hAYfBeIfwPxIyBWwjSg5Mh/tYZHzDr1D34aND7Y9tXOsf2Lg/O/z85uNjCFn908lT56eH985xXwzXvygwYUA4yLD/9Xcm+QlS572JWesP7XVyOL79/MLKci22Rc/6DXvPH+X8um+79t2u7/tOu4/w9ugFHxof8wha+1LP89NHT9iaxZIf/BCpWie7/Vi+/N/25kqvrN2Oz/suiO6QgDig6ADfgtJrX0p6TMb1u/Xd+5Eh9M4k16yCyQdH+HYOK9H6JJd+tgBv7U0j3wXVvvA9wAg8J9/6sNAvT/8gr++8Mn1MYQ8aCFIfzBf6bwB3+Zwx/8Ywu7H44e+j8VVX4hDMjf+/8/I6v/fya2OyghHHCn3GuRw3TvJTZnumq0n+4OFHi9x4nl305X5kfXDHmvwg3Qz9v9/ycDS8hvBhZxmGavmZZeHjMtX3jMMn/QW6p5+XyJxd/vW3v//7u24//XFUX/T2fr/tnlzJILVqyXu/P/HFENB5hmxw6jaY6dRh8dugwXOfQY8ux0Yb77Daj5/yTf///LBf//b1P8/7rL4T9Q/B5Yg2729v+WJTqSFqXaM81LdR8B6bcWZToZMANBzv53dt1/ZPC+XuI/SBxiQNa2/0YZmv6GGepu6gGWrkAanBqFNTxkQTTQz4+/zE3+/x+o6UcZw/93QPwwg/k/UPwJ2ADtzC3/tTM2/9fK2ATEG/9rpW0A4vX/NUE4dd3/sriU/8dS1P8/K1f8/6qS9f/dFMb/u33Z/u9wZa4iOtcdCZetANp4HxoLj0GaQeIAMa12DZDYXzMAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFySURBVBgZpcE7a1RBGMfh3xwnRziwBlOoBEG28FYriMSU9oKkTop8AcFWEKystRDEL2BnIVbapdVC8EbAYCEokgsL2T05M+/fd9CFRTcYyfMESRxGxK08fHMLOANcAy6BhAiYqKpAFcDMsMz2TNT6+dPHLmPi9s0LAUksP3j9WP/p/tN3ckR+WcQ9WdtkTOxvdWGOD1+2W1ykMJ3it7MnjlKEwFQfv7UUw1FX4yJOUoMT8Ol7y0Eo54CLOJkibnVhjoOybBQRJ1PALd19ycgMEzy/d53PX3eYpj8/iyxTVDiZUfwYdly5eJLNYWKs19T0mppeU9NrasaUMkWFk4liMMp0ErttYlKXRZfFJLNEUeGCGUXbdgy7TB51/IvSHkXECTEm8ZeZI4E/SYki4iyZgIB7sbbBpMHuHtPIJFzEZbMNoP/20Q0m9edn2Y+kLVykyPZs6c6rc5KuYnbcLIEMWUaWQBmZIQmQwAZQvccFSRzGT6Th9AjEKBwhAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKASURBVDjLjZJfaFJRHMf3sOhlSG8RvfbQS0G9RNBLPRUEPfQQPQQrVkH1VC/BegkEL1O7ouhwORS1beI2///Z9TKk2EMEM3QqTkQKdU5S58VhE9q33zmkrRhjB36ce889n+/5/r73jAAYOaoikYgqGAxKfr9fWFpaGv3/+3HghM/n6y4uLioej0eYm5sbPZZAOBxWBQIBBu/W63V0u10QvOdyuQSHw3HySIEBvLy8vFur1UDPoBagKArsdvsvm80WslqtJw4VCIVCKtosD2AGzs/Pg9pBu93mTghWLBaLYDKZRg+FKazdarUKss9sgxxhvViFGMnC/+UbzGbzvtFoTIqieGoIU1gqAmQKi8PkAG63GySKZrMJ80oeE+8/45VrHd8rNRCs6HS6a4fC5AAUFu+90WggmUziR7OFSU8Kno95BOVP0Gq1fUEQbnABOk32er397e1tkAicTifvncEkjtXVVZTLZWQLJXwIyAzeI/jyMESCpYWFhf1KpYJisQhJkjjMHESjUZRKJbgiVry0PMCTd3dwX329e+v1xTdDAUpZSafT2NnZwebmJgqFAnfAks/lcrD5DHjrfYjwhhlfaxLExDPcEy/gyvMzOi5AYW2tra0hFouh1Wohn89zkWw2i1QqhXHhJgIZAwI5I9jQyY8hyk+ZQI8L0M06PTs7208kEvzXsdQ7nQ4ymQxkWcbtyUuIbthwcATTZibw9w7MzMyMTU9PN1jP7BeyvuPxOCis3tUXZ39qpUfQSOMc1qyM/+tgUHSzxgwGwxbrnwWo0Wh6arX6HG1U39Wdh16a4Cezmb0PMzhYer1+bGpqaotghcGDddosUCnM9p9ZYOu/ASUg4G4xOdG6AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALDSURBVDjLpZNLTBNRFIb/6RMqtEDBFopFXiFGIERYmKgJUXBFQly4gI1LXbghcYPiI/JYmbhxLQvC3hjjQkSL4SnvYCRUCNJCSwSq0OnMdObeud6ZBIzB6MJJTiZz7/m/c89/5gqMMfzPY/tXwkYkUmkRhOuU0nJCyKvs7OyXPp+PHu4LfzvBSjh83+PxPM5wOs1vSZKQTCbjsizX1NXV7ZmLBuBPMbOw0LsVjzNVVZmiKIwLGQewRCLB5ufnv49NTGQYeZY/VQ6Nj/d5vd67BV4vOAC8IjjEqA673Y4stzuHi28buccAoVCoJ+D3dwZ8PqTTaRPAewf3wHwfHBwgx+OBRkjnMcDq4GB3FaX3TrvdZkVDfCg0QtM0c52birSm5f0G2O7q6vY7HF0FNhtofz/02VlTbIgM8ZORdvS+v4bME04kRRGpVCp8BFhtb7+ZUVralcF7JpOTIJEIhIEBYGjoV2Wiojj/DDpeNOHT8hJSothkjnEsGHT6W1qUYGsrtOlpkFgMOh/Xw+Y1MKpCZRQqhxTlVaK2+CI+fn2Hxc0pppC0+8OdhGhLWq0lRQ4HGDeHRKPQueOUB9FVNFffAGU6qE6hgyG2H0VN8QWIqizMRkb2a3ssebYfsqzK8Tj0RAKU93YIMI5siDf2vkDTuYm6Bo1qOEgnUXfqEkRNskytj+5ZdkRxI7y4uJRcXmb2wkLQVMoMhSgglMDnDsLvLkGhpwx2ayYKsgOYi45hbG10R1LRYP7Kz3Jz8+srKuYqq6r8mYzZpc1N3GqLQuFjVHkrMlFZef5Z4XzZVcxExjEcfrOtElyJ9bHPR3fhaVZW7kmX6/m5QKDRIwhuhRsZkyQ9Kkmtbbu7r6t7LKmG4GVXKDy8peqmeOXYZXrkcAgeq7U+02JppIytqbr+tkNRksZe2QMhRXWrS9Zp2bc+tn6o+QkxLL87j8znVAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKTSURBVDjLjZNLSJRRFMd/95uHOmrjo0zM0RTR7EFvg4oeEtQiKoRcRBRFaKs2QatW0cIeFCRUWERBgYsWFYQUUfawh20GW+SDHIcSdaRSq5n5vu/e77aYnD6JosO9nHvh3t85/3vuEVpr+vr6tOM4OI6DUgqlFFLKtHdP27bTvrGxUXgBlFKUlJQyMTUFWkNqgNZoQGudXqM1+fl5dHTcByANmJic5MiFLv7HzjSvxrKs3wAp5a+QUBoqIyfgJzQnm8wML0lbY0sHW4HS8Lo7jHY0pmkCYADYtp1KExBCEE9KRieSxE2F1iCVxpIOpkyd0ZqZGdi2jTOdnxAIIfgWlzjaJC/bh9frwXA05XSzZ2UHnoFBNuU+pefilX1pgHZSCOGCJCyFZTtkB/xUZz1jS2GUrNl7CVYsZyJSQ+/Dq6fTAFwShBApCKCFYJ7xnG21MWYF1/Hlw3v8wiJ3VjE5hWVBL6T0GB4DgOhQZMaLLyocYPdai7zKbZgj7fgDgmi4l+8/JNqaWpoG+H1eWg4tQymNz+cjNjZGnmeAUDBBsGoHyeHLGH6JL6ecDBnldmQex1uu908DznV2Ptno+mUFufEXkepNZfXBql0khy9h+CTWVAUjnW/UvU/l/bG49xaAmC6f226eari2Ymnl/gUbdxrW2A2ExyI5Wcr4s+6ESvxYWHP01VC6aG5Aa2vrHPE5HKtfU4wURRQWdJFf5Cc5GWK0q4f2wVD8xNnL2e5ghntjmuaquYEoC9c3kfHxBf13uwg/+EL/4zDlDecpmr840NzcvNV95w8JJ5uWOMcOHhYYivCjOwwORXiXtZmvdiZSyrdtbW11/wQ0bihIrKic662rrUD7zJeJ2PiB7S09g39rrJ+Ib2CJHdkBMQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALHSURBVDjLpZLtS5NRGMYf6H8RIoT8VB+CZaKUsHIGGYgRpYn4IVdgmhW+zNnUTTZwC6l9SahmDjNTLJdtTtO11tBiOed8mS9zbW5zm9szd56r5zxKtM8euODmuq/7d87hHAYAcxwxxwY86pudlPX/itTpnAeVPXZyS2UnN1XfSEW3jZR3zZHrnbPk2tOv5Kp8hpTIpom41ZoRt5mTFxuHfackqklGPeDypNKEiyYyYDPIUvo/HVARIMMrtn+AQDhFCh4MLDFNLxa4Pd7Qjvjg8bPYTXBw7xB4AgTeIMFaiGAjzGE7ymE/DawGWLQb1rG4EUVJ9yzH1GmdYHn0u+9RaD/44N1hEU1yWYOBGIckP+wLsug0rqN3IoJgPEUBYO6o7AJgYZNg2H4IobskWAiDoTjH94HNEAvlkA96cwRjrgxCsSNAuXxOALj8BD+3CAZmQlAYPMJudJDef2uXRcdrD55PhvBlKSPoH6Dk8bQA+M3f27nG4r3tD15NB/Fs1Ifl7SS8/iR0fN0/FcSb6QAs7hRmVo4ASh5QVG9BigfM+1iM/wjC5o6g3/gRis5u6PV6NMsUeGtywbYUhlxx6Cm6lBgaGcMVxRSYc3c/cwn+zSacQcyvxtHTq4darYbf78fy8jLMZjOUPWpotH1YXHQLntVqFTKXa2Rg8ipeendjKbIRTHCj4yY8bGqCY2EB7fIOiMViVFVVQaPRoLGxUaip19rWzlGI9H49Yehvyrs9FD5b9yl9RnKPNLfKBEDhE9OB6EIhTCYTHA4HLBYLBgcHcZ73LrWMxymguaWVZP3r3Nzcmurq6jAFlJaWjufn56eLioogkUgE0Zp6tEcBNJsFOMkv/ogupVIZNhgMIaPRCJ1OB6lUioaGBqGmHu3RDM1mAXJyck6IRKLTxcXFK5WVlfHa2tokL7asrOwGrwK+3qMe7dEMzf4FvOYAdxCFF/YAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKvSURBVDjLpZJdSFNhGMcnIX4GhglGKHlRemHhYBoSiEkgZhgaIjqwNaqBGuxiF5FFhDOHzRmZlGBdhI5SopQInZOJtXkTKGYyN+fm5s7mOW7HtjHHhv17zynLqDDowMN7znOe/+/5egUABP9jewY4VlePOp3OG3a7/YnVaq32er37/hlgXlq65fF6wbIsb263G2azmZqdnU3fE/Bhbq7d7fEgGo0iEokgGAwiHA7D7/eDAFjjzEziXwEGo/Gu3eXixaFQiM/OMAzW19d5kNVmw3uTSfFHgMFgUFpIACfmgrmMnJj0zrfAGbOxAcP0tO83gHVgoI3S6xElgkAgAJ/Px4s9pJW1tTU4HA7YCJzzj01O4heAp7W1LTg0hNjUFLY6O7FpMICmaVAUBRdph2wBy8vLPJBsBi9HR5d+AKz19TK2vx8xQt1SqRBsacFnqRT04CDICrGysgKyQqwSITeHsfFxPNNqs3iAMTs7wdbUhBhxhpVKBMj7pkQCf10dmKoquNRqWCwWvJh4CsXji7iqOY8G5elwxfUTN3nAWE7OMbtcjujwMAIyGTYbG+GrrQVTWQlvWRmo4mJou67hzvAlvFnoxRylQ/dEE+q6j+Nk8yG14Hlm5pFFki3S1wdWLIavpgZ0RQW8paWgiopAE4C0/QxGPt7HyOIDbnBQ66+gWy/jAFuCntTUuNd5efOMXP4lpFCALi+Hp6QEbpEINAGwhYU41yrE24V+7H5G53s5wLcN9KSlHTSJRE5GLI6GGhpAE0CAVOAXCvEpPx+nmg9H7+mk6NBJeHHHuORnBTtr1KSkHBjIyHi1WFDAuoXCbVtu7va7rKyYNj39LAlUXlDnoUt3mc/Mndw3P4PdF+l2fHycJjFR9Cg5WfEwKalak5Cwf+cfCVYRC3Blfz9VnP8rovbZoQ8oWiIAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIsSURBVDjLpZPPS1RRFMc/970341N7Ehjij/wVQWqrFgmBiyAhiDYtAqNFmyAIWhSEgSC2CeofsF20bVMIblRkAtsPCgmGEpk246+ZcX6/d+89LcZf0UbwbO7lcM7nfM+95ygR4SzmcEY7M8ADWJm+nvSbBgaUOskTqvnVdaOzN4DqP1kKgOKVu0vaA1Di9HUOfYgppUBqySiFruxcSidfr8uBF8CNN4mYaKvwZ/4l8MkDQEsFG9ZVU5OY0AWnCaUC/PZbtA++jSMCWBALCMo51/pjamj8GBApR2yICeOIFWz5F1ExTWErQcxvA4nAhohoQBP0jcYR2330BijxrS4TlkDCIlF+n6DvEX5z/0HDhwqkpsA7D8bxjgGRg1ffwvn+x0eBgsWGG+jsHGJyiM4heh8xBfyLY1AVTgBExFSwpcVasMkjOouNMojJgc6SSiyR+rpMaXOPWMs89R2ux8NDQBURq7HRdq2SySE6e3DPkE4sU1jRXBsZpa73KuXFGb4vzHqzw7FntY8PRRQG0XuI3kWindqpdxGdYX0uyeWb9/FXE6iPD2hY+0xPVzOi5LkHIKHN6NJuQ1SIB9jAEYmBDUAuIKZKtPMFv7UX7rw4nsCJNlyremqASvXd2vt7gwjDKIL/5rXerSslp1Xj1FOq5RQlIL/vYlw21Wm2cWGkYyIeNI51NmvPc36T39b8TLsmqsi4Ou06fxvpelXc23ziGtVtXNkQmLw9o9/8BXTmMmWfiWeXAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAMLSURBVDjLXZNbSBRRHMaHSHrpKehCYTch06AoTEiyy0MPEVFIUbYkqOFmgoZZBK2uli3VlrHeVitzUzPqoTT00VoqLe1CIomL3XPD3dnZ2ZnZcXac2fk6M+VY/eF3OPzP//vgfIdDAaCivdQcQiVhmDBEmKf3/4b0Fv85HyQkz/Qp9iGVQLgSfW2ZmA49hfgqOyDcXP1CLS7yKkWFjGItYKbz87x8/fJn4puC0NSojSHzg4REwyBwjzrHDR71y5O94F9Y2PCNpYLorAbffB1sRxPYdje4xqvgL5Qh5F4gRt/bROH9qSDRvSUkUD88VDk/bGPCXgsbaFimcLfrwHd1QnY5oJUWQis+htjlcnD374BpOo1gx8a49P2+OtmV4iPaZOpTM5X52Z3gm3AtErnbtRAfeBBtv4XYxHco8jTUmAzp21cIrhqILXWYbDiEieak2Oe6ue+INvl3QKeOOKNOO/hHdxFtaYReqqqCpmnMlBaPg3NcRKT9JkKluWC3b7loZKAvalGhl2uqQcxRjqmPX0xRa2srZFk29n19fWDfDUM6kQ/GUQUuLcNrGuhJs21uaHnZiE8rpoHdbkd3dzcqKiowNDQEgWGh7cgA7b6OyIZ0xjQgz8SwdxqhHdoHRYoZYkmS4HQ6DfHIyIjR4yZpaJlpCDaSF0rdNGsg5+R4I7WXESs5jvDbYWNYURQMDAxAEAQzk8CTfkiHs0BX2RBes372CrHsI5V8+VkwnR6wZ8oQV+P4v/QeY7XiZ2sLQrm5YFalVpoG0oGDaVP7sz6Ea68g7LpmmERHx6BpmkF0zIdwaQmClxygHeeJOOVDKHFNmmmgI+7Zaw2UnRFplxM/OzyQ8rOh7c6AtisdkiULPzwe+Otd8B+wiERsNf/CzIbcd6ce1mDfEzVUUoxQtR3BhhoD2m6Dv+QkXj5/rg3092tkdts/Bj09PQsJwvj4OHofP2Yi6VurIus3e/WkSVgMs3qdl1mxtpKc8T6fD2RWISSZBm1tbfMJYwSZsO7/rzwDOVtJiBD8hCV67xfvC+0h/fUq5wAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ6SURBVDjLjZO7T1NhGMY7Mji6uJgYt8bElTjof6CDg4sMSqIxJsRGB5F4TwQSIg1QKC0KWmkZEEsKtEcSxF5ohV5pKSicXqX3aqGn957z+PUEGopiGJ583/A+v3znvPkJAAjWR0VNJG0kGhKahCFhXcN3YBFfx8Kry6ym4xIzce88/fbWGY2k5WRb77UTTbWuYA9gDGg7EVmSIOF4g5T7HZKuMcSW5djWDyL0uRf0dCc8inYYxTcw9fAiCMBYB3gVj1z7gLhNTjKCqHkYP79KENC9Bq3uxrrqORzy+9D3tPAAccspVx1gWg0KbaZFbGllWFM+xrKkFQudV0CeDfJsjN4+C2nracjunoPq5VXIBrowMK4V1gG1LGyWdbZwCalsBYUyh2KFQzpXxVqkAGswD3+qBDpZwow9iYE5v26/VwfUQnnznyhvjguQYabIIpKpYD1ahI8UTT92MUSFuP5Z/9TBTgOgFrVjp3nakaG/0VmEfpX58pwzjUEquNk362s+PP8XYD/KpYTBHmRg9Wch0QX1R80dCZhYipudYQY2Auib8RmODVCa4hfUK4ngaiiLNFNFdKeCWWscXZMbWy9Unv9/gsIQU09a4pwvUeA3Uapy2C2wCKXL0DqTePLexbWPOv79E8f0UWrencZ2poxciUWZlKssB4bcHeE83NsFuMgpo2iIpMuNa1TNu4XjhggWvb+R2K3wZdLlAZl8Fd9jRb5sD+Xx0RJBx5gdom6VsMEFDyWF0WyCeSOFcDKPnRxZYTQL5Rc/nn1w4oFsBaIhC3r6FRh5erPRhYMyHdeFw4C6zkRhmijM7CnMu0AUZonCDCnRJBqSus5/ABD6Ba5CkQS8AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAL5SURBVDjLjZNbSJNhGMd3KdRlN90E1Z0URVfShYKKic7ChFRKyHRNp3lAgq1ppeam5nFuno+JJ8ylzNMSRec3LdFNm7rKPuemznm2nMfl/n3fBw6tiC5+Lw8Pz//H8148LH1VvBNFDIWCgqSwUhxNlETiQ94D9IluHymEbtbGuGtk5eOLClnIuZjcwLNOAFg0LGqYmOsSwzwkw4q2Amu6GqxOVMMyUoZFVSFM73NBtokxWSsAkRcKOd8VlIBwCKZrn00cC5bHyijKsTRcgoUBGea6c0C2ZkDfkAxtWQJUWSGMIC/k/IRDoP5kdB5T9+NbVymm6pMwIgtDn/gOqLVBrY0q7mUUh11AadQVNKQGoFSaDmldl7NDQD99M4fdY/MHWNu2Ye/Qjn2bHes7PzFl3sOocReGtQOQqwdo16xC2mnoPg47BDTK6d13yukd+xw1bN0/gnnLBv3SPmapoPrrDxQpTfaCDoP8ZPiUgKZV+92lTbtFfiS3Ydo4ZMKd4+soVBpnJB2zLr+H/xAcUz+0MqgxWjFq2Ias26j628w/BY1Dy8Pj81aMUQJJ++zgfwvq1cs3mwmT6U1zO7KyslFZWYnUtAwkl/ctCKUK38TERJLupaWlbfB4vKeurq5nHOHaQUtrE7Foz5WWIj8/HxaLBSRJYmBgAOmvc5H4Kg/6z1+O6B5BEMwMm83OZMLVqiVlj24d8s5eCIVCaHQ6iMXp8PPzA4fDgUQigUAgYGpfNtseFBTUSUsSEhK2WA09Oue6QTP6pzchysyBSCRiBDu7e7jl7Y3e3l5oNBqoVCq0tLTA3dMLvCTZDVqQkpKyx9zCpLIYxLAa6ZIKxMbGMQK+8Dk8PDzh5eUFf39/Brr2cHfHwwD3TVrA5XI3Tx3TiCIDnNBgFOTnQP62CXK5HEVFRYiPjwefz2dqutdUV2PLzs7epL6oZ508Z21xBNny8t5u8F1fcDmP8CQqEtEUSfev7r8IvGSO5kXYoqJ4h+Hh4VYfHx+Dm5vb9V9HN9N1j9T0nAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAABlSURBVCjPY/jPgB8yDC4FilKKDfJXZa6KNwhKYVfQkPW/63/b/+T/XA1YFchd7fqf/j/2f+N/5qtYFUhe7fif9D/sf91/BuwKhBoS/jcBpcP/M2C3gluKrYHhKhA2MEgN2pDEDgEb0f5zlvXgVgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALeSURBVDjLjZNLTxNRGIb5A2Xh0rULjJqw1BCDprXQAuICDBEBE7xFJQY1giCKEARCF9rUljuEFiOIBokFhYIFK6Q2Ei6V3oW21BKFdnq/93VmQomACyd5M+d8Oc9zvjM5kwQg6e/Mzs6myeVywcTExLxUKv09PDzsHBwc1EkkElG/WHRq7/qdgUqlYpCwkITDFosFDocDbrcbPp8PLpcLGs0KRC8aIm3CerGA35S8S7ANfzCZTIjH4wgEAqAkZrMZm5ubiEajiEf9iPh1kMteoqW54nNTY03yjoDamYLD4TCoJxKJgJobjUYQBEFLQ/6fCHpXEAsaMD7ai7rHZWJaQMLHybZjXq+XBjweDy2x2WzQarWg6tFoBD6XFiGvhu4iTOZO+fXYvbs305JIWGi1WkFFp9PREHVmSmS32+lxKOgiBWq4Vgeg7S+A4V0DFrrY6HzEmUxKTU3F/+T2pSOwT1WAWHoPeGxwLg3hUzM3QgvUajX0ej0UCgX6+vpogHqvr6/T9bFXFfi1+BAh6wjs8hb4l98iuqYgu7gapwXUogRESahQNSql54/Boa5BzK+A33QLW1/LoBGXYqn3Gi4X5RP7BFQSsGG+H47lB4gF5uAzliBgKYR7pQqmnlxMymXIzM1b2XeEhKg4OwV2VcU2XIyA+QJc6mroW7lQqRTofD2KzOzcjn9+xItZh7EkLSfbnkFgtRRBSxEIshODiIMZpRLfzE6kn+HGWOyME/RF4vP5wunpaWwQVkxLefg+WoXFsWdYV+bDt1qIrYVK6NvP4odaCfPGJhoFXWBmcDt2biKPx2PUP62TDYxIMNjMBNxr0LbnYarqIL60kru2MKFZ+Ain04nu7m4wWezx9PR0xq6fqba2llFZfb+j/spRhOYECCmfQ9lwGkM3DmFmSgzJmx5wuJwwi8USJuBdgkTyTx4INZakxGRNnLjkCTtSXJBJ5JzLUmflcNpIOG3v+j9k/eSwcE1V7wAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAMsSURBVDjLXZNrSBRhFIaHIIIyu1q/+hdYJBVhJUmE0EWiC0U/ukM/KroRllGR1S4UWVnZTdJMS2ujrbZSK7ruNK5rm+m6bV7WNbfc1F3d2d3ZcUxH7e18k1k08AyHb87zHuYwwwHgOp9yQwgd4SA+EMPY+b/Q2cSB5zYi9s85FzJxQ4kznRUbvqsBM6SKjX5b0XJL6muVJ8QB+PdFq4SIfUegqzZNpH4bMUkL8N/ljki2TS09vqfoKN8S+micJ6dbArhS4ceN6jYNVp8XmlBtnKWEnXpFrt7fTl4lMZTz3uSORhxpoq90S8h6e17vpfJm3HO0wiB8RZapBpfu1+DmmyYY7N+R986MuqIl/V3e+32+x1Nd5MZyX7K5+fU5w11ludOVM+Ym3LU1w2T2oNErISDJ6JA64WqWUPiyEXmlHtx7kgGHIaG7Nie6itxYbRGpN4rPHnzoRI7FAyNNY1cwHEZDSxt+UM2QfwLXShqRxbtxzChgZ771pLYDdtuQXckfeODEtecu1NJkpfcnZEXB1bx8+Cko0t2Nhy/eQmgI45TxE1gvcwYD1mQKYoqhCqfvOODvUhHs7kcPPTis0+O26QkOHtfjpdUGZ1jFviwbWC9zBgNWnHoubsu1QZdvR7OsUkg/vOEITmSc02TB/gkdvcDHgIo9meVgvcwZDEg+9oBfe8EMfWEl3rnDaKWX9kZUPOPL0CRK8PUBHgV49DmEfdnvwXqZMxiQdOCWbqnuMfZetyLd6EIHLSyoApF+guoQBUjr1kOeMAFSTAyCRGD8eLSNG+fRAhL3ZMUTNYuPFiMlW8BpYz3snhBk2oesqHBQzURl9Wp0rlwJadkyhJKT8XXs2L/f+pytGdt3pBcqCw89wuaMV0i5LCD1ogUpF0qxO9OsTWSiOHMm2uPi0J6UhLrRo/8GWK3WJKfTiTdmoS9xVy5m7zZg7l6TBqu9NE1ctAhtU6agZfJktCYmoio6+rdcUlISQ8hutxtFxcXijPVp+ri1R3hCHIBvGDMGvgULNNGbkIBv8fEoi4r6HVBQUBBF1BM9xLT/f2WGc9SoOjaxYuRITbQQ/IgRwV81l9Ohf930iQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKGSURBVDjLhZNdSFNxFMBHCdGDr0sIg3qwiF6jwMeefY0giB56CoMIeuhN8KHXCJuoEYUZpJW0QMyPmWl+ldM5FTedujn34e7c7ma6z/vr/O9maRINfrtj55zfPed/7rUAloPceNxbKzQJTiEmJASP0Kxif+cfLKwUbELu87Sf+YDOmpZlM50nGN+h3xlAxco5lYcE5eLejiEPhaJBUIcPUynez6WYiGfZk6SioGIqR+XuS/YFNhVI5jA/acluH07ycmwbV7KIIf/JBb1YipclNlMgP64KRX88R/u4hlcrJfVM79E8qLGyg9lBRL7Scs0qDEMJiqrWvHufzNczp9M2HKNlKIY7CMsRGPemZZwM8QxERaBLK4kCpIS+0pnYlGDW5U/yanRLBFGav0SxO3U6R1ZUQljxbtRHWoo2pRvvNrg2C7j8uorPKoG2EPwpd47SIsWtIpn0pVUwJJwuE/JEMtjlULt+JE3cwV2Vo/0WNDui2AYiNA2EmVo9KnBv7NI1rfN6MiHEmTsgmJ1dT2BzhM3it2L3agaq7f0ROkd8LDXcYdDuYNTxjUDLfWbW/oxgHuLY6h6uKAR2wZcSkuDZyjAfyjC+lsf/0Ers3gmMF1XkOi4eOkRzjTlZTVR2tJSA6TB89UP/SoFPC1m+Nz5Ae1YBz8/D+gUYrsb+6LZhrvHggxSTdbliMCLFfcsG9sU88111RJ9ayHSeEoEUh4SAiAarYcLafeRRDqYMZqSD/uUCdneWufrrxCQt011VEniEiOA+Bzetb/75MjnXdRbDWVYb6tm6ayExcQyjrUZmKwtaz0Cd9Ynlf6/zrcaP2sbZCiN0yUK45niBWmuea1a4Ys1y2XryF6CZCaxnm2/nAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAEwSURBVDjLpZMxSkNBFEXPD2IhVmKlS8gGXIBdsHQRkt5dWGYfFmYXtsHaQkTQRlDIzHv3WsyPIfiDSh4MU8zlzJ375nW22aX2fhPc3D1v3JA21xcn3Z8BAKdH+9hgm8fXMuzg9v7TBpRgwIbLs4MOQDYSWCarhgEpOD4cIcCCl/cmzDRKkEzKlNgCsCHddhlWugiRaVIiE+oyhwGRNJs9IHtdTTeITOZPByOA6XRq9Q5C6zWZTFyLqSFqiAhRqhiPx94AzGazbuWgLaMU8/m8KyWJFFlFDVOLWCwWP9sYakHKbhn0Tyghovr7CXVbiJki1a0z6E3WZbMvNU0t3hKi4ektyb4jqx9eQkQay62V3gK4Oj/shn5hrUmGkVcQ/W8WIszD4weyBs+7XadxxI71BUieEw+8ru7iAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALDSURBVBgZBcFNiFVVAADg75x777z50RmdDJG0phpTIwq1cqP9IBqlLaxNpYVSVIvahLVLCqFFoGEZQkQhgdGilUghaqRNIKgUZEmQlCBlmmOm772Zd+85fV/IOVuz7ejmgeHWxhgsRz8CCMiBnNQp/Xbln3w4XJ18/die9dMAIefssXcmjn326vIlMYZZmUIGIGfILl7r2Xfiir/OTbV//unM6Hd71k9BCbEIi/rKYtbpvxUxBAI50eSkrrNOr/HQwplW3FE6ni4O5rR48sFXDsz+dve6qQghhBk556KviKpIGSgiRSAEooBk3nCf9ffNMzbeGiiHhz6F8NSO1WdTHh2bNZhCk4Nl44+7fP2Sb37cK6NVzdCk2rplz9j0wEtaVandnbbpvZP1wbdXVSVOvfzI5ls7rT/9fvmMUyf3q1PbsoX3mG5q7XZHMmp8wdOOn6ulNG3VbS2hjDVEbPzw64PNDXnc8NCwRXfNU8ZBl65e1m53lcVcW9a8b3hoRH9fob+vkkVCBPHz1w5NtZsne19M7LVkYLWZ/QPGF92i2+mq69ILa3caqFqqMuorCq0ySsgZiNBuHy6+//WIXQe2u3/OBk3ZceeSu031Jp3+45CyoCqCMgZlETWJJgHx3jduevFa5+NqxeKVchXs3P+WRxc8a9Il88du99WJDzy/a0zIQRmDIgb9VdDUGURsI5s4fcQvZ3/QmW58cuQjT4w9Z2TmbKM3L7D01pUyUiajKqJ6ugbliXfPz3/4zYnOvq3L+y9eq8C/1y/4cmK7691JIUQjgzeqIlUMIOWsN5VACXXdaBoARobm2rJ2NwAAgJyyXrcGEeqplOqUMgAAAABAWcZUN6mGEnrd5sJQXzFH6A3lnKNMAowMlCBnBqooBKkqwn9Nnc5DCSHkHWu3Ht0QQlia5UEAmYwsAxl0U0qnymgf/A8eWStYAg6kAQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAH/SURBVDjLjZLNS5RxEMc/8zyPz25vLFkEUodfhpBFGpQhXSoivFl/Qp46RJeC7OQpSAJZglow6BDsKRCCoEMdKgwTUShfLtZidFhpsyV7xM1dfjPdZLXQndt8GT4z850RM6ORyOVyliQJ/f39Uq8HNBiqysTExD96VJ8MDw8Pmdl5EWkB9gNNIoKq4pwjiqKtAdVq9WZPTw+pVGq92HuP9x5VJQzDrQGqSiaT4czIXnZESkUFMPbENZ52f99+giiK8N4joXH7nBAFhgBD0xG/q7o9IAgCarUaEhhxCJgRABIaGI1NoKpICAOjYAIigICZ3x4QhiGqyrOOWVR13TzvPZkw0zhgJMmTSqU4/PkYra2t7HvwhMmr3UjbEteyVyxZXU5+rZTvv7z36a7Uf2I+n7euri7K5fJ6ZzNjpviBctM8p9pPc6i5jTdzzxmfHeXrl6Wh4H8eFAoFVJWFhQXMjMlvbzl5tBMfeDpbLuGlRveJswDXg80rmBnOOQCcc6gqP5MSTbKb3vYbANy6+JgjBzoA0sHmM6oqi4uLxHFMqVQinU6znJSZK44x+LoPgMFXfRRK0wB/NgBEZKVSqeCcIwgCnHPEccyF45cZnx4jJuLFTI5YIt5/fAfwaIOJ2Wx2YGpqqndtbQ0RqQeztGv+4OrOH82GxkAC5MYfFu/8BdnT67i+1n1kAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHcSURBVDjLhZPZihpREIb7JeY2wbcQmjxZbrIQ5nKSIYQ8gyuKOwqKihuKKy5xnJ5GRzteTIjTp51e+HPqDDaKSy7qoqvq/+qvYykNBgP0+310u110Oh202220Wi00m000Go0rANKlkHq9HhzHOYr5fC4g1Wr1IkSiySRQVVVMVhTFhVCOu0CpVDoLkcgyNdM0StTr9eZms4FlWSJPwEqlgnw+fxIi0dRdIxe/cMuqYRgw2SO2v9OiNpvNUCwWkcvljiASTd5Ztm0bJLa3GvTpZ+iT9xySErXpdEoukE6nDyAS35Gt12vRZJomTP0R+q9PYPc3MB6+C9AOMplMyAXi8bgLkWq12ju+I9M0TTRtnzp45pOZ8g2G+vMIMh6PyQUikYiACEq5XJb5jmy1Wr1C/vQ55CMM5XYPwr+1hKgPh0NygVAodOXuUigUZL4jWy6Xx5CHH2B313gaXcOxLeEimUwiEAi8PXhRvp+czWbZYrHYg3yAfvcFf6e3eDE2+2KPu8J+ZDIZOZVKMbrEV0gPz/df4ViGK/b7/R73EU8dRyKRkGOxGKNL3P3EJOb5A/FZAEU0GvXyl2Z0YKPR6KT4IoAiHA57g8EgI7HP5/OcPOX//V35VC8XvzlX/we1NDqN64FopAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJKSURBVDjLdZJNSFRRFIC/82YazQJpkVgbQV9aU23cuQtatIxaREi4C9zmQvrBpEUGLtvnQkqIVi0jgmzjT5PWZJYwIiEG2iInnR/ffeeeFuNMjtaFwz1wz/fde+69Ymb03Z1Ine88uZxMSuP84lo4PtKb5x/j0rX7zafPtee2torlxWymY/rVWCRmBlAneZ/9Hk6M9tVJLl693dx5tiNXKBbLix9nOzJvnkUANQHAjTtPU+n248uYNc7MLIYvnwzkAS5cvtUcnjmVKxZK5a+fZzvm3z6PqkydAODKzceprs4TOfXx4Q/Tc2EUFelMd+UK26XSty+Z8NO7F9HeejEzBgcHHwD3qjIzo6WlJQGgqnjvWV9fVzPDzFBVCoXCw/Hx8eHkLjAUXn8k+y/NDNTAe8OXNLH221FSMODXWO8QMBwANDU1ScsRIZCDcKzGj7xjNe+IvZAQCADnnEAlx8xoTELrUSEZ/IXLkbK6GbEVeRIiJIIKEIigqtQEzjmcVsBjjYJIBf65HWOeXVgIEAIRAqMmSAJEUUTkgd2dU2LkywoIIkYAeKOSG3jZJ1BVnFaK1Hu2nKcpFeDUCAJQBcQQE6qPXieI45gdNcxDKTbUV/o8lDBiJ3VwNbz39S0UdgznoeSMWEHNUBNMKmf2tgfG6gUNDQ1svh5lZWWFkaUlBtracM6RTqdZmJuju7ubqakpenp6mJycJAzDWgtiZvT391trayuq+t/w3tdm7z3ZbJZMJiNJgI2NDRYWFmqL3nvM7EBe/crVvwPwB5ahnKoTKjg4AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAInSURBVDjLpZNBSJRBFMd/37papinFUgZmYESIFiGRYdQhynueig4eomNE0NmDidc8du7arUNFKJSpIKQHAwlNKkUzTVdd3W++mTfzOuxK2RoEzeENPHi//3/mvRepKv9z0gD65aVK7geqFhWHeoeKRSVBfQLO4MWgEoMz1HY+jXYDvFDecrOErgoRFAOgkH12q9RBsr5ApSoa4kI2AtUARCi/CFFqH+riPZ4gQrBLSG4MQoKqLdzBQjBoMGiIqcjcILj8HgCfAIIGA+qKRb8XGzTkQQW1eziQrdWC5V3KMSGYIiSGEBdEZLsUELzBzLxDkk/gLajgzSb7TxwpKAdDz8QUWfOAR3/8QQrAx6vI5gLVTbepbuniwOlrEBzq8xDyqM9jxFKfaeJ+ZXmpg0gVtzxJdmCYmva7RFFEz/c5WJrFBsGKcOzQKZrq2siZbTr665wRWzH0cE3TO/0+2NbF2kA360OPqb1yDwmW681deA344AkoixvznKm/xJaN0+Nzb+3Z3lRFGgAxRGUpqlrvEE+9IDf6HCMWr4GvqzO4IEhwOO/YTHKcO36ZLZdPj30eNsU5MGRf9aNiUBdj4w+Y2irEC0drGpDg8Rr4tjHH4eo6JuZHGJkd/miF1uhvy9T5pNEba7HBYsRyMtOcutjYwfu5UQanX09a4cJinybRv25jS29q5XzD1cyb6cFxG2hf7FNbbMC/ARq7oxUfyjJx8OXLfSo7+Z9JyXr5I2wfSAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAChSURBVCjPY/zPgB8wMVCqgAVEFP7/w/CH4TcY/gLh59ul9oLtdmZk+I8D7vn/4f+e//8hJqT/h+kGwqu/GA7oQIz/D7NiJiM22/8j3BD9/xdMPwQ+vyL1n+EfEEIVLGXEph9Jge9/JN1XfzPcAbrhH8NfhILNWEz4h2yCPZIJYP88fyf1D9mRB7G6AUmBAdQXYN1X/zB8AYfDebACRopjEwDsBmruXDxiUwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJeSURBVDjLpZNLSNRRFIe/O81o+WjISM0epuarEHuDqIFEDyoqEFtFD4gWQVDQoo0QhFARbowKNNpKi0DJRYVGqRmY5oPUBs3S1GnMcdR0/v8Z554WM44RGURne7nf+X6cc5SI8D9lBTh79/0VIBkoAHaCCIJCCxaLwqJAa40O4LFZpT9z/cpdaOFqcZZCRDhT0V4p/1i3HveIiAQNgEKAh83usNrfgp3Pj6NvyGOGI6AlceExPT4SAKX+/PnjNxMAr+GPCANEJGqhq8NlLtk53myk0FlN/0QO19a+Ul33Lp4OArRYF9SWqrmxWqb7WliRcwp7ynY8g5n0Pa+6vQBQACXX6zG0RgvU3djP4OhUMI7nBXZ6iEvPxz3QS4TyEbsykZjVG+0hgAbgu9fPvm1J1LWNhDtH+1qxSRf21IOYY9VERCm+dPQxPatQvolcS8gAgBkjgF+EOXM+OImpZmw/GrCnHcYYrUTZJrHFxBItbh4N5bH70hOHBUCFDEzTj9cfIGD4cfbWEjX7GvvmYxgj97HY/PimN+Fq7GTNgTKchh2AoMEvUxeBnKgOPF+bid96BJ+zimURgjmdzHhTO6qonOUJ2YjMLwL0vA4ThluqKT0UwBdIYqy7Ao3BrHsdrre9qKJyVHQCodgSBgS0/gzQ/eAExWntbCm4QORwE46aZjqeuXG87GTD8TukZmSRkmQPmcrk4iYGdE1JaUOGiOTlulyrfB+ekpJbyNT4BANtDupjLzNe9g6R1lBIPQOWXgD1+zmf3Bvn3ZGaYN2TnYLYzDde1/i5oze7Pi21YD8BVSdMJ0n4cQkAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAK/SURBVDjLY/j//z8DJRiFozbrLk/aqkc76/a8eDft2Ou/Ew69+lm/8/n7pMUPTsuXXlAgaAAIK/fe9Kg7/ubmsaff/h99/O2/48y7q+Tyz2vKZJ5hJGiAUucNRv0JNycuuvLho/WU24tytz67aNl5fZFM8mlhoryg0HAlcePNz7+06670y2aftaja8fy224SbW6SzL1lrNt+aY95776BJ593dJq13dpu13jqoWXptGUJz1WXVkp0vrs48/e6NTNoZM+n4kzpTDr5+7T/l9gHpzAvOyhU3J/vMe/w5e+OL/5lrXvzXKb2xTjz2QhncAKOWqzM3X//0Z97Jdx8mHHj1YsbB128P3Pz0P3bW3TNiXgfk9BturQ+Y9+ifU+/du4nLnvyXiD7fLBZ+lo0BGEAswACKXXLm3We/aXf2SoYejZQIPBws7ncwb+qeF29TZt+9LJlwNiNmydP/tm13LwNtdY+Y+/i/TNT5XnAYAANIL3vN40uTDrx6JRF0xBDmIlHPvepJM+5czJh174Hb5Pvv3SbceykWdd4aaGtQ5MyH/1UTLywDG9Cx8/n3aQdf/W/e+uxL8ozb20CCIu57jIN7bpxcdujN/+hJ9/4nLnnyXyzibC1YLuS0d/jU+/+1ky9swZoOkDHQuTHR8x//T1705H/MnIf/ffvu/Q+ffO9/ytyH/7XiLmwR9DoijFtz9Hkz6/qbl716736Tizo/XSTgZIGw34kc9ajz65JnPvivF3/+oIDbYQ2cBmhmX1qTMO/Rf7Hgk83C/ie4YOKCnkeCXSpvfNCLPn+A3+WgEoZGYCAZi4aeKXZvu/PBo+3OV6CtwUI+x1nBmj2OKAJtbXCrvPbVNufSYz6nA/EYBrh33v3k23f3v2/Pnf8+HXf+G6VdPAa0lRMkZ5Zy8aJXzY1/QPzfq/rGf/fyaz8ZKM3OABiskbcwY1E6AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAABjSURBVCjPY/zPgB8wMVCqgAVElP//x/AHDH+D4S8w/sWwl5GBgfE/MSYU/IfpheiEwTNEm5D6H9lmBLxFtAmR/3+h6YWY95xoE7z/o+uHwM9Em2D7/yeSzSAICdc/xJhAMLIA+V1VH3Z4v2kAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFsSURBVDjLxZO/SwJhHMYF16b+gP6GZiehwcm7hBORKLXzPT1SIhMUHCKO48TT88emhwchHTiEERQhTrlE1FIhQS1BGRTU5vr0ntgS6BFBDR94eeH5fPk+L68DgOM3OP5MUCjkg7IsPf9YoKoFJw1LiiKPJGkX7wyToCxMFWhayaVpxTHFouqi4ftmU0enc4CTGLEE15T5qYJSSUWtVkW1WkalUkartYd2u43zbBZPPp8lMGeuoKp59Ptn6PV66Ha7MAwDp6KIIcfh1u+3BHMzBXRXmOY+FEWBLMs4FoTx5LtgENuJOGxLtIrS9ToIITADATwyDC69XmzGBYiiYC/I5bJoNOo44vnx5CuWgcftRii0iliMtxek01s4jIRoeBk3dO/URhw+eo7QO0Ii9oIBx+lvLPvxwrKDnfW1JULCD8mkiEwmhWg0PFtAG16kvFIuvtqmU51RPixTRraCicTz/akmohXK8P8+0zQ+AXBHwZp9sfnqAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALVSURBVDjLpVO7T1NRGP/dR18iF+iTQktEkHdDCjHgIGAX40AMMhrkD3AxcWBxMnExTigDPhYJcdFFHHxEo5HBVKlaCk1bFJJiaQuhpbS0ve29x3Ov0jiweZLf+ZKT7/t9v+9xGEII/ufwyjU7O3urUCh4SqWSQZIkplgsavL5vFaxsiwzOp1ONBqNL6ampq4p/hMTE/3UrM/Nze0yMzMzNRzHpd1uNxQ1NEBF8OsbXBk9BfHnI0y/64Bg60Q4HJlMpVJ3abBAoUgf4FpaWgI9PT1Gm82GaDSKeDyOnZ0dNDR14P3SNkL7fejtPwuGYbC1tTXGsqxOr9eD53kmk8kM8TRrqyAICAQCsFqtcLlcoKWAlgKLxYJgMIjFxUWYTCZ4PB4kEgmk02nVJxQKtfOKYzKZhNlsRqmqCXfe5pErM5CpPh2jwbDjJIz7+1R+GIpKJTASicBut6ulssqVy+XgdDqxsCyiSFjoNRRaFhKrwYfNKnQ4JYwNboNIWYiiCNrgikqVgHZbRVZiaW0cBQsN+wccR2Dl/ejuuwgLG1T96MRUqypQWA5ZlUOIDGU1GBag8RgUPsF2YhiC3Y065geq2JTqWyE4VEA7Ci0RUZZp/TKh8giMbBJu7UdUm2shZZ6jsXcSrcIGyqWiWkKFQGH0+/1w18TBlQ9QpG8SxWnNazi7LwEFH7yP53G8Ng8Ll0CbtVQh4JXse3t76nhMqRQGmpvV5lQjBredoLrugGZfp7VR0uxnNI9cx4Xd23jyPasScA6HI722tjYci8U4umXKPjCrK8sYaoqifWAUnOwDKe+ioctMOQ6gPaaDQd+FoPcVWf1Veskc9Zl890eumjsv3qtvM9CsXtpUEUvPgugf7wTD1QCG8/jy8EaSyPK5Iwm802c2XZfnGzl2g2ZP/V37w0NHa2hHYuUbwgs3n/JHfdFyUdT7HoznCZ0GzfIPSMVCsYTU/wbkK6iCy8xjQgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIsSURBVDjLpVNNaBNREP42Wck2MVUilJr+YJC2KG0kViGWHsTSS0HBg+DVq+hJkIJXD714E8FePHnKpdSDf4EebEJOBq1NSbUNiCYNRmPSmHSz+/Y587YpCB4KGfiYx5uZb76Z3adJKdGNedCldU2gp1KL/53BcWyChJTsBaEN2xYQwqaoRWcblmVB5+RweOKgkHcipbMPl4DPTNLxjsMxgY2NpEvAZpq7qsANuglukdgv6sBVZBhBUtByCVxmB37/cQwNnUezWUW5nMfw8EW6t7C2tozx8avwenVsbq6gWv2q7m3bhMe2rQNmLi4UMhTYo+IL2N5OodGoIBK5pJLz+SQ1CYFrhLBIARHwUnhOvmCr10vY2kqh1apibOwKAoEQSqUcgsE+jI7OoFb7rnK5KTfSHaelNusSQQWFEMjlXqmkWOwGBgaieJq4jy+/dlBv1rFn/sHZ/lPwCxM6y2D5QrTVUiYnbypp7XaD5J5QseX0c5S1Ci5PxzEYGsHK+hIyn97B+OlA59lcBW1ks4l/Nt3B6/dvcX1uDsIjcO7kLJK5BOITU0gsvYDHNE21UZ8voGAYAfWJGD09vaSiF5X6DxzRjuLambtqT/dmFnG6LwpBM5OCFs37Um2W/y4pTfJS/XncndX9JoL1YhofiquYn32GhTe3YHh98GoatMO8xvid8MPByLEHU9FpjPTH8Hkni/THVXwr1B5ph33ORLJA7jYhSNglPMk8Ls7/Be/8gsufCT5oAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAK9SURBVBgZBcFLiFVlAADg7//PuXdmGp3xMeIokk1USG8jKmlRYJJU1K6NRILQopXVImoVFBGBpLteu2gVLYyiUALFRSVk0aKC0nyE5uA43pm598495/zn7/tCzhns//LSQzh867rxXYO6NahbddsaNm0Py7iGhEUs4DMcKwHapnn4vtk1u157bBMA6Fft9KBqpxdX07aqZnmUnL+24tuz/T04WAK0TbN5qhvApRtJJwRloCgZ60Q3j0VFjDoFO7dN2Do9ueGT05cPRYBU11OTJU3LchX0am6M6K3SW2VhyPxKAm98ftGuuUl3z3Q2lQCprjes7Ub9Ef3VJMagRFEQCwpBEWgR0pIfzy06c7F3uQRIVbV5eqLQGzYGoyzGrIjEFBSRQlYUyIWrSyNHjv+9hP0lQFNV2zdPdfRWswYyRQpiRqKQlTlqM6mTNFUzd/SVR69HgFSNts9Oj+lXWYgUIYiICICQyZlmNJKqUYIS9r793URZxO5YJ6pSEmVkGUkAATFSp2SlP2iwBCU0o2rT5OS4GGghEwJRkDMh4ORHhic/9MO/f3lpfF1YU11/nea9ElI1uqmc7CojRQxSG8hZixBw4mNTf37hjucPGJu7y/C3Y8Xvp46/c/yJTr/4/sbtM21Kh3Y/uOPOua0zfjnfSG2WBUXMioLRpy+6/9kXTJw9IZz6QGd4XnfDlnjl3IUdZaqq3Xj65z/+sTgsrYyyOmWjOqiaVpNaB65eMD47x1OvAijf2qJowy1lqusHnnv83ok39z0CAFKmTlnVcOanrQa/fmPyq5eNhv8ZYHmpkAqXi9l79t62fnrymYXl2sX5vvmlVUuDWt1kRYy6naAbWv+cOip2grro6y1k567ElBrvh537Ds/gILZjIzZiPdZjerzb6YyPd+xJp+248rW1/QVVGeeL3Bx58ljz7v/pCEpK8wRGcAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ8SURBVDjLpZB/SFNRFMftj5IiW9saIQjGQrBiUagEFWLDydrUhAWzNNuWTZ1oKIUzf4RlzZY6sWyrLZXhfFszQ1eac2SQkYWW0yH0l1AWITSw1IXK+/beK0RBptCFD+fcyz2fc+4NARDyP6x5qInbVVEn5sw2SHdCL2ahQsiey4jhVW9IkBPDKbmfyibN6Rw8oLgrY0MnYaEofgcpPcitWldglLLQQhXqqSKdlIaNm8k8XDnBQWYMa2ZdgS5+O14YyzHVq8eQpQiFCTwUJ4YjX8SH+hh7wapNCQ0qMGdF/gh8/4SZN0Z87a+H13ENk89vwz85AiJ378xYq2ZLUEFjxv5B//t2TA87MT9KUNiZ3D9C4KFKMBz0Cbults1RxzVWoiAWv4ctCPieMsx/tKHzciwE8blPeCLz1jUFPAkRyhW35UWIPfB9noWjLBX2shQGOn898QsRSS/BET66xBWatq0ScE86NoUlORSRyYOYmJpH2xRQ7APy3gEXXgHnewCtsxPFRgXU9acgvyEMiEsOVS4LDsia0xJP6+EcWoLJCxS8JZE7QCK7j0RWFwmlmUCVU4lnviaMfnPD0K+B3CDAkfzwWkbwoTx6adqlxb1mFxS9VFeqo7KbxLkOEmdsVKyRoGu8AV0TjaBXreciDJ4cWhBgBN6KfaTffR3p6hZU988howM4aycht5KQWUgklx1Gj8+Clat7rIkW/P2IcWtB6Uhp1KJSeWsxTjEAJTW6agVHC/m441ZB51Ywxbo+xeoJaCbteWGVV6u5e9JcpsiE1i980eM5flLHAj/RuSCQZy7KaqNR585mOtOR3i//wUagLtdQ/KTH/hdr6PM/RhGjA91Gi1AAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAACYSURBVDjLY/j//z8DJZhh1AAcBvSLXQHi//97xD797xLb/b9V1IZ0F3SJ8QE1pv6vFz3yv0rk/v9SYRviDWgVvQLU+A+o8Q5QY8r/AqEj/zOFdpPmglLhIKDGOUCNd/4nC6b+jxP4RLwBBUL7/tcq/wdqTAdq/Pc/UoDvfwj/f+INSBacDNR4AswO4b8Cpn35roymRBoZAADgYeRxtD76EQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKqSURBVDjLpVNNT1NBFD3z3uvHo339gFZoCxpqRAlBJayMG4wLl2hYqT/AhQsT1xoTV65cEFeiG5MuJLpAJTEmWo26oBbUhSIfEUhLsLUt0NL2fc44r0UDhh2T3NyZ5M6Zc8+ZSxhj2M8SsM8l3RybSrpblIFCxfBsqaZAOSEKBotvKGdn8aC0ed4OBmIZRm2zkPmxuCiFg/6uK8M9Ps1gxO0Sd6GT//ekmeuaKdY1K3rxjqYK+bIZ101KEsk1ZAo6qhrDSpEiU6LIblCsbVLkKwyFKoNhAdmijtEXa1ivaoIS7josVDWLuBwCYhEfXk3nsbFloN1H4OBknCKBU7IDCMgExbKO8Q85BFp9aAu4GpyEmmo2KMY7vOhs9+FlOo/1ioGQV2hcdNpAW5+Qm76FiY8/EWrzIR7zgmybJ1RVq6kmL4xHvQgHW/D4bQalig6/m8AjqSgtjEMJ9aNPft+okaUdNlbrTQaEq2MaJtwSxcFYAJOpPLIFFauzE1DCA/BFBhCuvYOzNtdg9ldZoaZZsNnouolcqYKudgUn4kEcORRE+vscaiuT/PUArPIzRPsvQVhOgBoaGv+PERvAZLa/+SK/HFbg9zg5RYLuAzKOS68R6T0PqDNIPUrAG6jDVUxBXXnDrTQ4AGVCtbS6rHEfj3XKLBoU0OqxuIAWlFoabrMEJVgD1ZbsYlhczO6h62j7lUAuX1LLv7NLpO/C3aSzNX7SpXg8kkskElfTwXW4Fnkonj47TNyOKVA9u92zA6JnELkFAYnk/Gbia/wz2WuYZu4PXQ31Dt/r6JH5qyner47pp7MYHOkFEf2AfA7pBzfyjNIzewKkRk9l+y8nYqKwDGau22rtmj9RPorcty+Yf377ibTXhJma7p4ZG6lzjXjrdEewfxl2ZqzjD9JZU0+1XOyXAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALnSURBVDjLfZNvaNR1HMdf39/97m63nbmdf3BpRrqYt9G2SEJEDFZCEkhCIj4ZDhFpIT7wQUKINCQz0Ee1BxIJjWXPlBwhjdK2dW02/HNTp7FIZa1zu+08b57b7/vn04O1MQR9w4fP58nn/fn3/igRAeDdo93SvK2K3+9N4oxgrcNah7MOYxyb1i6hreMKA20fKBbAnwuctTgnGP1/opn11syaMYI1lqfhzQXz1bTFBJZkuI+mFz5DBxat7Szh8wicsTwual5cFEUHlsbSc6xP/MUKuc1Li2NMFWew9rkd2NY/Bh+wNOpTW/GINZE0XqKRd+I/s7wsQv/VEZyxrc8k6D6+9ciNP8db+9MZ3iy9iF+5A698I7VeF5ev3WPwTqZ1qGP3kacJVNC7OiYSqhYnISdw+LemffvqLuxdXbcXvAjB/e9p7wmd31mT/lTEwznB6uJ45Y6x+wBq5tKKESlNrhQBEUGc4FVshtKXEZ1DdB49kcYWxxAUTmuCwl2CyWzTKx9Ku28mMi0uk+kI1bTE/ZW7kCCDC3I4nQVbBOUIL2sg4i/CGU1+4DtyA9kfiHIWQIkI+XZV5SydkXXbq0Or3keCB4h5jLgiYp+ACvHLUIbufy0FrSkU84WHU5Nf/Hjs+lE1p8TcGRV38G2s/uPtKprAmRxii+Cm6fpbMzgDbyTXsyrxKhdvnqPvRg93h7Mn5q9QsUumVKysS+eHEQWIQ6FALJ1DIzSsq8d6lvrKLVil2fDaRoCPvIUnEUreC1c0oJSPGEMwOYoKJxh7lCWs4mxL7gfg4NunWLu8DqBk/hcmzi6NOaExVF5D/vIJJlKpYRS9ZdVVuwtTM9wcTXF9tJdDW07z+U/NlISiANMLlGjeUvE1sfHOg4xfSp0ymteTx6T54e3hrZtUvtCXThHB5/xgGxHl03vtV4Cv5pf4z9dqz/QYn0xnaak9KRcWjtZ/QC3+5kl5z61wSa1WygMKQFvfl6OH/gNPtZHfxghrXgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFoSURBVDjL1ZMxSBxREIa/WdecLssuRFRUiGkiNmKbaGlhY2UjooVoaZVAiqQTLFUQYi2Wkso2tZ2NioXtqQiKuO557u3u896kMAdecEG4yqlm3sx8vJ+ZEVWlFXNo0VoGuM+Dn7/+rAeeNxfVtENEECFUS9zIi1iytLa98W3y64uAwPfml6aGuz3Pl2fPYcOpZoat34cLwMuAOKHkeb6cXlbYL38nDG5IcsPZdRdj/at8Hh5ApE0KJYgQPAKP1uL713S2v8eSYd+VuYoSrFpENCgEqFJRJbxPcqI0pa4PVE3GbZISkYEKqlQKAf8g3KeW8uUnbOmEqkm4iwYZ6i29YoxCYC3c1eqM9v5gMe5h4tBh4uMaruuigIgUS0AVQTm+WMYYw0Gek/e1k5/MYIxhdvyA/xfXbf6OPdd6/mFleo+nOm1qMMaAalwISJJ0d3P36IvFGXEcQSBUiGlAxPJQre00qX77x/QXu32e+E+qGcwAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJkSURBVDjLpZNbSJNhHIeli4jAKOhun9KNbUpaURFRREkFVjpNRcssXOKYZ9J0ihnN05zSUpflzMOnW5tuammajUkWpCbbrOxwEzZJw7Rt2pxJh/16/YSBILPo4uE98P8974nXA4DH/7Dq5GQn+5NdxcK8lsK8msIczcKYlv35rwST3ZwxRw8Ljh5qmU4i0VCYbfWC+T5nfE2BQ+fFBOdbqeUdEOyEWZrCRBWFNQX2ehZMGh4mHkkwM3AYlgYKVoUXZpTe+CKnoJcd2uJW0Jbi/c32vg+WF82Yel4Hm+kYbMYYzH1Qoy9v28LrxsT1bgU34nYMWYfvYdqgwcJLFUHN9K1GFWp4/ga3R0hX0huDLp8ercnci0XDXXx/08GwMKIEnbsPJxJPjsbfrt28qiBNSW+KrcpRhhSxMeTogrQ0CI3XTjEs9XVTLQgu3I6z5RntqbR86wpBqkKxTmvukMTK9mPgdwN6bRVoeCdEtTEN0gEBxE94uDOSgcezMoSJdyGiRNic3Fi7wSVIrissTmo6jhaziGEpeHNQgLJn8SjSX0B+dxSy20NRMZQEST8fCXIu4iuzql0CUx7n13SXENd7z6G0n8dQ3HeRGed1RSKrjYt0VRD49UeRqQmGpTcfg5m+P1yCV1d9nVadiBQcwS1DKgnGkFWjkfsgHFe0XNJGEEkYJE/5OF95EDZ9AYaz/ZwuwWhTSo4xx+cnvy4Q0dLdpPDSqoRL/BEu3glTfsAiyRSseIWPaoEnrZf6RJUnvI0sC3SeKd1DLiwAoSX+CCkKIBxwhoi4X2selvuNtwg83f7Gf+EP0qq8jpoy//YAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIjSURBVDjLpZNNaBNBFMffJNumS61t1cRYUYwGvHgRj+pNUYmkh54UPFnEgrESaA0oloKC1UuEKmoRD6HgoSIRK1ooUhUMoYpaBWvS9IvmUCMFYbs7Xzu+bU2s9kOwC392Zva937z57xuilILVPK5/BbSkmtzR16di/w0QXNzhlB9f7jtZ6QjNA41xf8WmZoTAyHTuG6fsLbX4c2axh4+b+iZXBJx9cfLyxgr/hR01QZC2BIMZUPjxHfKFPAyPfk0ipGPgYuqNtlTy+cR4iG1g5czFgEkGM+YMaO5y0DwabNu8HUCR+vS7Qdgd3RVZ5EFrYlyX0o7fPpJozeazne9HP4BlUchMZIDimwoK671eqPPX1VOTNiyqAJNbUEFn3H3sUeRo54E1Q8Of9mDJ/Xj+hv17921xKqmurQFG+aE/ANH7uYC0VQwBpTXTsBoxOfaqLX0FS4anvc/OcSZAoKSQh8ExsahIVybZ0TOmTt/6opx5zyBLogILY/5WyYNIVza0rtIdLiP4739XELYVfH6QZpe6U0xftpHO3M2gcTLuwZlhyRIAk2Gnj+i+KtIupPp476UVWhLgGOerKgtyboPFbCh6gH7MQao9BLbWkuBanTy52W8mb/TNBooADc87Zxx2FJiYjDstAAAwoXANwO0i4K0kzo7hsYI4eK3XuIp51zUsN44DPTc9+2tHlD3fnQ5saAqh9vy4KATrGNuOYSfIaq/zT68cX09iiVY0AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAADsSURBVCjPpZE9SgRBEIW/XnvWwB+ExUAXBDNvsTCTeAtP4AkEz+MNnGSHuYHBRgObCAaCmAiCU93VZdC9g5HJVlBJvfe+osoZ/9eMfQUeYFhrrUQCgYAgCCPS3TXgjGE178+RyZO3quh5be47D/HxjHcOAStD441Trhke6NxmNe8XfJXgiOE4oOKEI1q2jXtZX9SGYCXcpl7xyVPnhW8+GDESSsJIJBTDc4zgpQZB2eCYFa+RuEJZIrUfiUQUxZEKZpcRCPgRRUnckEjYH4yRsmCBTsHZvwNdEvE/7fOtMObbIUi5Z8Za6/b+5i8QHogENhlMkQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALVSURBVBgZBcE7jBRlAADg79+dvb2929u9F8cbIeHhK8TeggiNHnbQaDS2xsICDXbGzt7KWEi0sLHQGEUiYhTQYEKEEDlCcrzUg4PjgL2dmZ3Z3bnx+8L80VfOzMzNHKxWqwAgAAAIAiBgWKx7+ODhL9HM3MzBzz85IVSC4foAAEFQKgWQDmIEZVlRrpdKhfePv3cwqlarCkNh8JXk9CVTZ1Irx3cYn2i6fv0P15LP3F3pmJhoub/aUY1q1pLMW/OlWlRVAeh0VnWeGbEWx9JTC+L4njiOhfySvNfVS7v6vVivFxtmiRDWEUQB0G5voBwYe3eaj/9SPzJrbvMWjcENveEeE5MTRqoVUW1EnGZCyBFUgKDT6YjjridzhbWpod7XixTryvScQR5Lu4lBnsqzRD9PhVCCCKDdnqMcmGy3dN5+1tSnq4YHNqvP5nb0V9Wa243Vq2ojNd20jzUCFQLIslwSpzprHd3xwuO9ZF/eVBaZSv+krBfr54ksia33EwEEUQA0GpOarUS71QK1N3ZqHDsvKp6yZeaqrNGztXlFfWRFv3dbtfKmgCgAup1EHOdIXFxa9s+gYuPuwr4T1y0dTsxc+FD8288eLz8SmmPW5xMBkRAEtCY3WRvmLqep2/2a6alpy4eCQyeH7py9Z7Rz3/7XP1Df9ZzelZ8snD9j95OmCpRl6c9/b/l+ccF/j1ZlWSaOE3Geu/B0qXb2d3sOHDF641fhi9eM3fzGzh1Tdj+6KgpIh4mVYqA+0jTeaMvyvuZoU/vvO7bdTS0NMqObdjF/DED00WatLBYRhFAxoaUXUvWiYSw0bbz2wMhSz60X96tcOC29/IPx796R95al6K5VxfUx0XBYKIrC1ukXbJ0hgCDswUvMhiA+klg4961tUw1Rtaa7MnR7pWpxcp/w6tHDP26Ym325WosQBEAAADyf3LL97kUTWSIeHbPY3uvscNOp/wGooE3b/ShD8gAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAABbSURBVCjPY/jPgB8yDCkFB/7v+r/5/+r/i/7P+N/3DYuC7V93/d//fydQ0Zz/9eexKFgtsejLiv8b/8/8X/WtUBGrGyZLdH6f8r/sW64cTkdWSRS+zpQbgiEJAI4UCqdRg1A6AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIESURBVDjLvVO/a9tAFD5ZdWwZg11w2iR1idMhxhm8ZOlS3K1rlwwZRD2EQCd7KIUOpmvoj7E4BBxElw72kMFLh5osBkEp3fwXlMY4TlRJtk4/7kffqW6wcDMFevDxTu/u+/S9d3cS5xzdZMTQDcet6xY6nc7jIAh2AU9830eAz4BP9Xr9dH6f9K8S2u22IL8rFovb6XQaEULQeDxGuq5/A5EXjUbjdMFBt9tdA9I+YAewWiqVbieTSWRZVigg5uVyebvf7+/C9kUBUN7P5/OvM5kMopQiz/OQYRhoZj/MpVIpkd+r1WoJyB02m019XmBH2J1OpwhjfEUEN1fRtm1UqVRipmk+6/V6ghYRCCHIruuGfxQk4URE8S3WJ5MJyuVyYv40coywsT0cDv+cbSyGHMcJhRRFCcEYQ5IkoWw2i0ajkRA4ifQABI4Gg0FYyszNV4AMeDQr4TtAATwEnEBjDxeOsaadvYnJSGEUYRFdj2PGmTLxOSaEKZ7LMCVccWzy8svBJo6U8Pz458pWPlF1A97aXE1UL2zS2rgbr54bQevBnXj114XfKkDevPQO/pIjDuofz94TymU3YNQnXMYeozRgUAKjxGdyABH6KLsOfaV/2MKRt7B39OPe+nJcPbeIVlheUg0j0AorS6p5GWj31xKqZRJtfSOlAvntPPnaq/xfX+NvE6ltVjnyz4AAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFCSURBVCjPfZHNSoJBFIa9qLmMiNbdwGwKClq0ieYGCvGjnw8Kyk1RixZtCiJmEUkQUtn4s3Bh/pZO+pkfSYpvr6OEGMXhwHDOM+9550wEkf/j55ATWZXRaWtsSj+pBzEF5GTW1BGiz+ighqS5lxMA20EXQBdtBPjkKcRdkJBjgOJm2G4iDss4RN0h2lwLB2RU3bUbWKP4FuawgVdW8jhXDkjrkLIWb1DIYJm5SLCDd5xqBzzbPloEalhnHmAGPirU+MKRdUCKQJMlD7MUL2IFZcZQIz4CHnWblgyWkMUCCg4o8T0F7I9GJFUJA1Tpfh67VFhlvqCHW/gjkwlxY1p0XUaMN4u44N0BEd/4YryoK3kZNFj84OQqV9Uj4geenFj1mTwxSRoNOTsPDc9E5dRnHYs9taO3bcxG9aaKiV+/+Vd8AypJdaR1UheDAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAITSURBVDjLdZI/aNNBFMc/vySSpLZFg5QguvgHcXHTImQu6OQq6CDoIDjoIpk6dLHgKA7iIOjgotjNLqJCKXQpooMOFSlWGpRGU/NLLnf33nNIQtKmPvjyOO7e57537yVmRj9uvblmF09fYLW+jJgiKj0pUSNnD1V4svCUxTvvkn5NjqGIIaLWPSwqRNVeHsj7OFyyC+AjZhBEhiBdqWp3rxN2ADLDi+AjecbIZwoEiXgJeAkEieSzRYo2TvDh/w6Cj3P19fezV/OfKYV1CuZQNZqa5Zce5u0nJfg491/As2MfNlrxY7M4dXucsVMYGRJtMxkajG9/4WD9QfPyebcxXJP0uxCXj0xjLHDiYdmyk2isQ/yLSYqJgyQBCTRXqzXxXCpfsZUdf2ASqhy9W7bcASz+AWlj4npK0c5PTFMKJ2+WwzbVkSdo9JXs/jNY3MbU9dTpyWHaQsNvMmNThJTKSBdUpWSZHKZt0E5PbiBxIE2wQPSURgGiYBHUD6z3b5eBI6xD9HvMgUapW2hgFnZZdwMIivgWoU19FBDckmytkCTZnfally2QyRRpb36n1WBpBCCO+ebqvZq6LcgWMIuY9JygJLkJokv4+vJ1rZ0yPzIHAJuPkhsSmJs4d728r3QcEsNiivgG6Y811p4v1topszMv7PGeAIBv95Np36AaHRWJlEIHXIu6S1kSYX7mVXeA+vEP7PyqQia3ZfwAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALZSURBVBgZBcFLiFVlAADg7zzuPLzjzDjOMINMitIie5gF+UAkIZSgRQuXLZIWrY021dYIggJdJURElJsoqlWRYA9GshGFCNQeOjoTk6bjeOd5zzn/f07flzRNA459ObcHJ3cM9+1fq2prVa2qa+uh7mAZ9xCxiAV8iu9zgDqEvU9ODOx//dkxALBa1kNrZT202I2TZcVyEd28t+Lb66uHcTwHqEMYH+xJwNyDqJUk8oQsp7eV2tqbytJUK+OpyX5bhtojH07Pv58CxKoabOeEmuUy0al4UNDp0umysM5/KxG8eWbW/u1tj4+2xnKAWFUjG3tSqwWr3ShNEzmyjDQjk8gSaiRxyYUbiy7PduZzgFiW40P9mc56sFY00rSRpaQxkaVkGlmGJnNnqXDq7N9LOJYDhLLcNj7Y0uk2AjRkMZE2iGQaeZOqG2IrCmXY/s1rB+6nALEstk0M9VotG0lKliRSpEjw+YUjPjq3RxkKoSjEsoiQwvMnvusXQ09vK1VGUg1qjVrUqDWKUJoc3emVj3dbWeuEUJZLkEMoyrF2u0+aUEPD19OHNXVQ1kEZgy2bHrZzYq/l7qr766/m3VC0ub+SQyyLDXm7R56SpYlYJ0JdOvzYy2JTi3VUa8x35jwxecBKue7S7E+dXW+nI/nB42dGcWLPI1vdXmrcvBO1++iGUmxqtxb+UtVBqCtVrCwVy3Y/dNBKtZb+OjO1kMeyfA4vXLo6Y3E9t1I0qtjo6goxGB/cKtRRbGr/dmaNDEy4PHfe+etTd8vgSB6r6ukXD+3qf+ulfQDg6OnCJ7+8p6xL3VDaMfqofTuOuHhryrk/fl4tokPz7zRX8lhVM7fvdXx29qrhgX7Dg32G271OHv3dxg09entSvXnqmXcHJGm/6Ru/ad89dmrm9AdXIK9D+GLq4rXJqYvXtmEzNmMTNmGor6fV6utr6YxWfvjzR0P/vDGTh7GvAP4H2uh1wse2x/0AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIhSURBVDjLY/j//z8DJZhhGBlgZ2fHnZWVVdra2vpu3rx5/2tqah7m5OSYA7EEkH0XJAaSA6kBqUUxwMjIiM3Hx6dr4sSJ/1+8ePH/7t27/w8ePPi/sbHxXnV19aGbN2/+AIkdOXLkP0gNSC1ID9wAQ0NDv+Li4g9Xr159FxERsc3b2/tPamrq/0mTJv2vrKz8D2KDxEByK1aseAhSC9KD7IKupqam75MnT0739/fnsre3/7x3797/586d+3/o0KH/a9eu/Z8xx+Jf6nzD/yA1ILUgPXADdHV1M9PT099PmzatJCgoaKejo+MvNze3/4GBgWAMYifMMPrfuDnqf/gMjf8gtSA9cAM0gcDX1/d6b2/v+1WrVr1dt27d//yltv9zF1n8T19g8j9pruH/mvWh/1ednvi/ZLX/f9c+iX+a2hpacAPU1NSYgc428PLyup+SkvIlOzv7e/Zi8/8bzk37v/bsFLDGFacn/J+wp+T/wuNd/zOWuv03bWf/rdvMyIgzfpOB/gVp7tuV/79zR/b/1m1p/xs2J/5v2pr+f8ah5v8xC2z+q9Yz/MRpQPRszf8rT034v/RE7/+Fx7r+zzvaATQk6//0Q03/05Z6/FesZbguXcnAidOAwOmKfz0nSv917hf9a93N/zduvtX/aQcb/ictdvsvX8twUbKSgZ2kpKzdzPg6fqHzf/lqhjNAzWwk5wWgk1/LVTP/F61kYEEWBwAP7or0z//OfQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAC6SURBVCjPfdHhDoIgFAVg6jlq6x10vGdbrQfsR7bcskSTgE73gjAtirP5Qz/hsiNEWIuvpLUWhZCZbMQygEK31ll85rCNRPJnjQc6SosrzjgSUNiNRLLXGNATUmhQo6I3PU7YMwngSSBE4YbLeMwAmiUC3sP4Z0ekpjCbAeP/Mp60uBObAONjE+GR1RTYCbD+KL7XDMwTZvoDjL9XBC4PaGzHoNSdfWV3cUNDPVFZZbYsTiFWv8pOhb8BUJ5M7qO6PVQAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAADdSURBVDjLY/j//z8DJZhhmBvw41KQ07dzbk5kG/Dtgu/Jb2fsT5JkwI+bqZw/rsfYA21v+XE97f+PS5H/vx5Ra/98QN7+824ZTiIMSJr580bW/x+3iv//etD9/+fdpv/fzwX+/3LY6P/n7TIzCRtwPYYZaPvGH7dKgAb0AA1o/v/tQsh/oO0bP26TZiYqDIB+1/1+wef/z3vN/3/erPr/5aAOyHZdogMRGPIe38/7gvz+Gej3z18OG/8H2u5BvAFn7GO/Htdv/3pAQejzXjkhoO3tH7dIxY7EpEwMBgAr6O5Q8udliwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAK9SURBVDjLbZJPaFxlFMV/93vfmz/NjElpp5rEyUggVijWP9BKVYQacSVIdeWqUBXRjYILaXetRFC7caHFhXYjBsyiuIiIirXQja0UQcSWmjaZxMFk7CSZyfx77/vedZFpSEgu3Ls4HC73nHtEVdmpvvixctSG9udAhCh2r554bvDLHYmquq0/nJqZmLq8qLOLHa3Uujp99T/9aOrW5E7cbcCZr2/+8t3VJa23E+061dipduJEL/9Z09Nf3bx99kJ5aDNf7kr4dHr+USPy6xP7B1IPDveBCI2OB6A/a7AG5qodfvp9mZWWe+nkyyMXgPUFn3xbfndPf+rs33NzqCo+Ubz3OOeJnSN2HkGJnCNJlPEnD3N9oX3u9Cult+y56QU/Npwzj4/189fMLU48O8i+QgERiwJxIiTrbuFdxKnPL/HCoQJ786tvTnxTfsPG7bX58UeGSt1YiWNHYW+B6sefkclkNoyWwOJsQOa146Ag6mm31rh47UrZLtXdSOQSJiZv4LzDGIvk8gw9fBBSAdgArKFy5RpJAsvdAd47f523XxwhXyiWTLPrJR0annqsyEq9QQKkQwv9fZBNQ2hBTE+Esss2ObC/yJ6BNICYVscBMHpfjmPPH+X98xc3pUQ2NUz+8AfjzxxhdDiH9PJnm71X2QBGh3Kknz7MB5eyBL+tbgmcY4zjhw7S9uEW3Dbb6xeIgIsdUay8fuwINtxKdHHMjYU6g4V7sKHdONC0uh4FosixWGtQvDdPKhVui7wNQx4YzFNbaZA4hyqggm11nfpEZelOg2IhTzYTgoIC/q4DCgmK3ZXC7stTqdZpD2RBE7XN2j+z3ciVHro/K7msETEe05MkIlusXB+W0u58MvtvI6pXFyo2WqvOjb/z/e50vq/PpgOxNsAEQmDAGMHY3gLZkK3eRVF7dflOdWa+/D+ThmoKzy7qoQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKUSURBVDjLnZNfSFNxFMdvaL0EQQQSQpQPQS9R0FPQQwUSPfhQBBb4EOTDIILYxnR7aBPmlPZPBptSDoxNUR9yLhduOrexBs6WpA+BlbnRmrL/f22lu99+58JiWE9e+F64h/P9/M495/y40dFRw8jIyH0A3GHEDQ8PXzCZTEt6vf7ioQD00mq1Uo1GE1GpVC2HAqjV6mNKpXJRLpcvSSSSUxRbXl4eCAaDvM/n4z0eT9XlcvkcDse1/wJIfr//sVgs3jEYDF8CgUCImXfZA1LO78PWrANTU1NVu90u/wewvr7uXl1d3V9ZWamGQiGkUimUSiXsZIrYdAfw7cplQckFD6xWK8+a/uovYG1tTReLxYSTnr2VC8ZisYjtdAEPJ3l0jQOBF7PYtpiRTyaFPK/XC51ONyAA2EeFTPl8XgDUlcvl8COZR3S7gEKhgHK5LIjglNvf319jTb/LsebwBDhorisajYJVCaPRyJOy2axQ5cbGBhQKxVduZmamRtS6oQ7IZDJwu92Ym5sDy4H96b3f3jst+cWbzfA/OIvPNjWkUim46enpUiKREMoiI5WbTqcRDofhdDqp8xgXd+Kj5Grtp0sP/tM8KpNivH9yCcauG+AmJiYWqPNkJACZLRZLXCaTFUUiEZiKztsnKrvMDFMH0HMS0LQh9fw63tw6XuBsNlsvnUSTIAD9DlvvUuOsWdk8/+E1Gp+c8jQozo2NjZ1jcy1FIhHE43FUKhUMDQ3VGgHu9qbvZesjgJmqMg5ZppioCSweFxLMZvNLtqZgywS2VGD34lcjINjZqgp3n99L9LQhKT+Kze4j8HY078+3NymEBHYbW9libA4ODu6x+e719fWFDu78u84zvezELSqbKiIzxf8AGfvxrzvUBvIAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIRSURBVDjLjZPJa1NRFIera/8ECy7dV7txkb2UOoDgzo0R3YuLrFwWIVglWQRtN0GCLkIixJDJQJKGQOYBA4akmec5eSFT/XnPsXlNsWIffOTdd3O+e+6PezcAbBDiuS7YEmz/hxuCq3LdmmBrOp32F4vFyXK5xEWIeWg0mnfrknXBNhWPx2NIkiQzGAzQ6/XQaDRYUqvVoNVqZQkXGwyGm2q1+k00GkUkEkE4HEYwGGQCgQDS6TSKxSILJpMJaBGdTvdHYjKZHvp8vuNsNot6vc7QavRLq1UqFcTjcbhcLrmLFZyJ2+0u9Pt9hC1f8OHpDt4/uoO3928zmscKHD5/gKPPB8jn8yxpNpuoVqtnAqPRiOFwiPGgB/fhPr7uvcJH5S4Ont3Dp5dP8G3/NX4cfedCi8XCeXQ6nTOBzWaT5vM5J0yTFFy325WhtmkbhN1ux2g04gVlgcfj+UmDUqkEh8OBcrnM7xRaLpdDIpHgcSqVYihEYr0DL61O6fv9fhQKBd4vhUrpk6DdbsNsNrN8Nptxt7JApVK9EMW9TCbDEgqI2qUOSELvJPF6vbw9Kj4nEM81pVJ5V6/XH8diMQ6IaLVaLAmFQnA6nfyNslohC05P4RWFQrFLHVitVoYSF2cEyWSSgxOn9Bx/CWggPv761z24gBNZcCq5JQKSaOIyxeK/I769a4JNklziOq+gq7/5Gx172kZga+XWAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJqSURBVDjLpZNLSJRRFMd/M9/okF86IONzClciCRNGZS/BFoIa9BBDrSSC0F2rIFxZUAaDrWrXoggEqVBxHRSmofighUk2jEXjPBxHRbQv1O8+Wozo2MrowuFy7uH+z+/+OdehteZ/lgugZ3i1U2vapFaHlFJIBUIppFRIpRFSpYVECo1UaqKrtbTSBaC0vtNYme39l84PXoeO7hBIpbwAg99fIZRASIGtBLa0d3cpdmodZ7qwbelOE0j5cL389r66WxsCW8hdD6RUAPSOLO5L4NKJXLbSBcS2AMC1qnzefErQdK5g56xvLEHj6d18aW1jL4EtFUprXAb0jS5iGE76xxZxOMG5fWlwfBG0JsMFR3xZbNl/PUEDLsNBQ2Ueg+NJLlfm7yFIz0OxNYRQewm0ApcTBkYjRL5NEhiaI9+bS3Qhic9fQ++HX8yN9eMr9LK8vMKBdQ/V1R1mSkAotNY4tWB19h16fZ1bN1uxLItIJMLo+Ec82SbNV69gGAbxeJzMqSlWcnLup0xUKZzQzCTxYIjmG9d48vQ5s9MTFBUW4vf7Cf/8QXf3BPGFBY4dP0VtzXnC4XC7E0AIgQbCoRk8OQcBeNR5D2HbtLS0UFVVRX19PXV1dQjbpqm1HQCPx+Pe9UBryksPM/15MjWqDx8jhCAQCGCaZmqALAulFD0vnnHxQi3RaHTDobXm7suvI8KWFavJeXPty1vOnqyg2OcjK9NJIpEgGAzidrspKSmhoKCA35uKWHTeHh56P+dI/85lZWVGUVGR3zTNgeLi4jy3220AzqWlpTYg6vV6B4CMzc1NGYvFkpZlNfwBMWlOUI5ySkcAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFCSURBVDjLpVOxSgNBFJxcrkmC+AV+gP5BwEKwtLESW0mZD7CyEyViJVhbG7DURvEXBAsDKgpGxIjIecnF29t9byyyAZu9wkz12HnMm3m7WyGJWRC3Dq7aq83FTpKzMcwyqFNYVczHNrvpDc5XmktrXz9siAJpksCKYK5qs9u7t+3T/fXjysn1q9TrtWhqhCSUAAkMR2PUGzWoAkqCBJST+qF3r4ft5Wo8toyy77En/zQpoSRSk/kaEH+mCoxyiQAARxcvDGHv7DnIbe1ekiQiUQ0uyIkEucJaAEAkUiLgwpzNvUDhyqa4sLiZcFHplBJxN41QNsWWOXDegTFFsMnkJixujI9QlOUMR1DxDopC/hVhentx//Gp2+rkG2IdksEHnDioE4goqOxv7uQLUjiIE6Sf76AI/NPpAkBl1t8YYUb8Ao9lHyy2IyRjAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIJSURBVDjLpVM9aJNRFD35GsRSoUKKzQ/B0NJJF3EQlKrVgijSCBmC4NBFKihIcXBwEZdSHVoUwUInFUEkQ1DQ4CKiFsQsTrb5xNpgaZHw2Uog5t5zn0NJNFaw0guX97hwzuPcc17IOYfNlIdNVrhxufR6xJkZjAbSQGXjNAorqixSWFDV3KPhJ+UGLtSQMPryrDscPwLnAHOEOQc6gkbUpIagGmApWIb/pZRX4fjj889nWiSQtgYyBZ1BTUEj6AjPa0P71nb0Jfqwa+futIheHrzRn2yRQCUK/lOQhApBJVQJChHfnkCqOwWEQ+iORJHckUyX5ksvAEyGNuJC+s6xCRXNHNxzKMmQ4luwgjfvZp69uvr2+IZcyJ8rjIporrxURggetnV0QET3rrPxzMNM2+n7p678jUTrCiWhphAjVHR9DlR0WkSzf4IHxg5MSF0zXZEuVKWKSlCBCostS8zeG7oV64wPqxInbw86lbVXKEQ8mkAqmUJ4SxieeVhcnANFC02C7N2h69HO2IXeWC8MDj2JnqaFNAMd8f3HKjx6+LxQRmnOz1OZaxKIaF1VISYwB9ARZoQaYY6o1WpYCVYxt+zDn/XzVBv/MOWXW5J44ubRyVgkelFpmF/4BJVfOVDlVyqLVBZI5manPjajDOdcswfG9k/3X9v3/vfZv7rFBanriIo++J/f+BMT+YWS6hXl7QAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHbSURBVDjLdVK9qhpREJ7j7vrLGlhRiaCFFikkT2BxQZs8Q7pgJ9rcVuIj3MYHSJdXUAj+FDa2wSaIIihcJVUs1t91c75z7yyLd+8Hw5k5M9/MnDkjXNclYDqdDhzHqV6vV5In4fTL5XLx68N6vV4DTyCBJD/EYrFxsVik8/lM9+AigGEYNBqNaL1e15rN5lDHpczasSyLttstRSIRj+QnQt9sNpRMJqlUKtFyuWzL66GYTCYP8Xh8XCgUaL/fqw5Y0C6IQgjSNE1VN02TEokEDQYDWq1WNV2+p5NOp9UbERSNRpVwdX8nOG+3Gx2PRyqXyzSfz9s6qhwOB9rtdmTbtkeAcAcgASgCW9d1ymQyyo8EVVSezWaqVSbjCaFQyEsAMvsBDFzeVXX+nnw+T6fTSQVDkBQ+fCnPATZ8sJmn87/LqaqKnIBnwglgc0cAYlQCOFKpFFUqFS+Yg2BzMMh+fy6X8xL0e73eF27pbuPebCRvKU4pfeFfFkar1focDod/Z7NZZcutu3W7XY0CIBqNhhvkIC1inzVLraXh/LOFY5tBYWqVsZr3WCwW8WK1ofTNr+/mOzEvCaDc469buHywHYN1GWQEPiFoBsDHr3+e5PHt1fzx/PPTY1Dcf079mla6MmR7AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHeSURBVDjLjZO/i1NBEMc/u+/lBYxiLkgU7vRstLEUDyxtxV68ykIMWlocaGHrD1DxSAqxNf4t115jo6DYhCRCEsk733s7u2PxkuiRoBkYdmGZz3xndsaoKgDGmC3gLBDxbxsA31U1AKCqzCBXsywbO+e8iOgqz7JM2+32W+AiYFX1GGDHOeen06mmabrwyWSio9FI+/2+ioj2ej3tdDoLiJm+bimAhgBeUe9RmbkrT5wgT97RaDQoioIQAt1ud7/Var1h+uq+/s9+PLilw+FwqSRgJ1YpexHSKenHF4DFf/uC3b7CydsPsafraO5IkoTxeEwIARGh2WwCYNUJAOmHZ5y4eY/a7h4hPcIdHvDz/fMSnjviOCZJEiqVCtVqdfEl8RygHkz9DLZWQzOHisd9OizfckcURRhjMMbMm14CQlEC/NfPjPd2CSJQCEEEDWYBsNZijFkaCqu5Ky+blwl5geaOUDg0c8TnNssSClkER1GEtXYZcOruI6ILl1AJqATirW02Hr8sFThBVZfklyXMFdQbbDzdXzm78z4Bx7KXTcwdgzs3yizuzxAhHvVh4avqBzAzaQa4JiIHgGE9C3EcX7ezhVIgeO9/AWGdYO/9EeDNX+t8frbOdk0FHhj8BvUsfP0TH5dOAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJeSURBVDjLzVNbSJNRHBd660Go597qJQrEl4qgCIoopyk0ZstN0G22EZu1dAuEbA/Otb0Iu+jciinsaUiI7uJgF4cojkIdXtYG0TbYFuk86Ly0+e3X+QY9CCZEL33we/nOOb//+V1ODYCaf0HN/0FQed3TRrFFQVgwvUrCKLvJkfw5KcuekZJYRH62t5PDJ3xy8JhL9hubN4v3HwqqBPQAj6KIGR8wPw+srADJJLC+DiYcwqbTicL4OHYcDmxbR5EZGkLmTT92b98t7ty41cwSfMJ7GzA1BbhcwNoasLwMTEyA6e1FRipFVixGQSTCD4EAn5uaENfpkOx+CVJ/PcMS1FVUymjlnRag05BKofrNzoLhcpHlcPC9oQF+txvT09PYGBjAV3EXSN213Pblel7VA6r3HNXrYd72A5OTQC4HLC3hm8GAgNeLTEcHwuEwgsEgYj0qfBy1lV1mi+tYCmVpV22ps9N9pFYDCwvA6ir8fj8SiQRCoRC1ZB3xeBw+n48urUJHZWi12rPHIjlsE9Qe8FrdJZW6SrAxPIxYLEatcUGj0UCv11dlRKNRGI3GDyf2YP9RS+3eA47/98Z8Ps9OAtV7ULh0tcViseyl02l4PB4MDg6eXI7dO/cuOKmhXqo/RU212+3YuniFx66ZzWayRpOyWq2QSCR/btgX3tObsy9eZRcXFxEIBDAyMrJnMpmIm6YRiUQgl8vtlOD8qTV10PKwBOxtWDnswbGxMczNzbEEUCgUZ04loBptMpkMfX19jeO0jQYaK53aKhQKGT6fP/NXj0mpVEIgYOt//P8vZQLgm35VBV4AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAEvSURBVDjLY/j//z8DJZiBagZEtO8QAuKlQPwTiP/jwbuAWAWbARtXHrz1//efv//xgS0n74MMuQ3EbHADgBweIP7z99+//x++/fv/8tO//88+/vv/5P2//w/f/ft/782//7df/f1/5xXE8OoFx0GGmCEbIJcz9QBY8gVQ47MP//4/Bmp+8Pbf/7tQzddf/P1/9RnEgM5VZ0EGeGM14ClQ86N3UM2v//2/9RKi+QpQ88UnuA2AewHk/PtAW++8/vv/JlDzted//18Gar7wBGTAH7ABtYtOgAywxBqIIEOQAcg1Fx7/BRuMFoicuKLxDyzK5u64Cjfo/ecfYD5Q/DLWaMSGgQrvPH/3FabxOxDXEp0SgYp7Z267AtL4BYgLSUrKQA1KQHwPiFPolxcGzAAA94sPIr7iagsAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHeSURBVDjLjZO/i1NBEMc/u+/lBYxiLkgU7vRstLEUDyxtxV68ykIMWlocaGHrD1DxSAqxNf4t115jo6DYhCRCEsk733s7u2PxkuiRoBkYdmGZz3xndsaoKgDGmC3gLBDxbxsA31U1AKCqzCBXsywbO+e8iOgqz7JM2+32W+AiYFX1GGDHOeen06mmabrwyWSio9FI+/2+ioj2ej3tdDoLiJm+bimAhgBeUe9RmbkrT5wgT97RaDQoioIQAt1ud7/Var1h+uq+/s9+PLilw+FwqSRgJ1YpexHSKenHF4DFf/uC3b7CydsPsafraO5IkoTxeEwIARGh2WwCYNUJAOmHZ5y4eY/a7h4hPcIdHvDz/fMSnjviOCZJEiqVCtVqdfEl8RygHkz9DLZWQzOHisd9OizfckcURRhjMMbMm14CQlEC/NfPjPd2CSJQCEEEDWYBsNZijFkaCqu5Ky+blwl5geaOUDg0c8TnNssSClkER1GEtXYZcOruI6ILl1AJqATirW02Hr8sFThBVZfklyXMFdQbbDzdXzm78z4Bx7KXTcwdgzs3yizuzxAhHvVh4avqBzAzaQa4JiIHgGE9C3EcX7ezhVIgeO9/AWGdYO/9EeDNX+t8frbOdk0FHhj8BvUsfP0TH5dOAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJpSURBVDjLpZNNSJRhEMd/z7vr9m7t2oopZl/UoVWpQ0RC0EFL6FAQ4a0OXbrVLaJDEdStjhEUFQVBHaIuSocIomtWJvYFRhb51eqaH7vu7vu8zzvTQbENvDkwDAzMj+E//zGqymrCY5URBxh6vm/Ar21rM6aapwSF7yORm90PBP9NGQAWskc/ujiAUa9ly4EHNcYY0MVhjMFV8jtyA1dGdKkLEEvUqkbhZHHi1XngSRwApxXErgl+3yKyMfBqMSaN33yI5vZrCVQBARVAMV6q6VvPgcv/AKHxVCyRTaCiSPkX4UKO4uRravyNoCGIRdUBjnTLhQQq25Y1wKgvrowtgdoFwsI86ZZT+PWtgKGU72du5CWNbWeJJVKYeAYiL/4PEHrEk41kWk8vraoogtgxwj8vmP7+gVTzEfKDl0jXCf7mixAoVQBVjSpIaRCN5tCogLpZJJxh/vcwaxu7qN24h+Evj0nEF/A1gLDaBwGq4pBwCrFTiM0hNoctjjE7kSO9IUM030PDrtPMTIRIFCwfdhFgVQ0R6v6gbhoN86ibZnZ0jPrsCaj00/fwEalMmULeY378E7gqgFqZcaXpubCYEFdK44IGivkk4u0kXVdCgh+gQlR8y/aOc4y960Ws2GUNtBJcH759vB2lC0MaYwjq6hJbO896UnqDSpm93VnEjuOvGyKz7SBTE/e/Lh5whWfqv9NxZkPrsZtNO5NExT5ULe+ffWVvdysmth6Sh3l379KkinSuCOi7sX9098lHm2LeT9TNUOVkwCOWzJL7PMBQ79Wn8ZU+zAXW77/bXVZRVKQqdbkigqo2/QXSf1oX6zFeUgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAH2SURBVDjLnZO9a1RBEMB/++5d1LxgPjQYkpxdLEVItFEU0mgay/wDCtfpvyBpIgommCoHqSy0s5Jgo2kEjRa2R/CrM0HzJd7lvZndsXiX8+VDFIddZncZfjOzM+PMjHq9biEEQgh47/Heo6ptXdwi0taTk5MuBvDeMzg4zOb2NphBvsAMA8ysfcaM3t4eFhefAdAGbG5tcevhK/5F7lfPk2XZb4CqtlzCcOU0XZ0dVPoTjh6J2RFDNCAevMHr5fdYMNI0BSACEJE8TMA5R2NH+bq5QyP1mIF6I9NAqrmNGXsjEBHCbnzO4ZzjR0MJltKTlInjElEwrAUIFg4CLOQIV4A0M08mgaSzg1IpInK5DwuHACik4JzLIYA5RyP1uMjydyDsTyHLMqJSBMCXz5/+WoVSXDoI6CjH3L15Du+NcrnM2uoqSddxzIyNjW8MnBqg2Wy2fj4cADxYWnp5pdBlfSLyYmho6IaqsrKysqCq4yKyXujKpwBut3xFmZmZua2q1y9eujze3d3Lk8ePmqp6Z3p6+t5+2z2Aubm5fhFZGxk5Q9+Jk3h1iCpJcoyPH+osL7/5OTs721UExMVLmqZjlUqFiYlrqCpmhpkRRRFjo2dZX/+eVKvVq/Pz888PjQBgamrqnYiM7p/C1mS+rdVqF/6Ywv/IL/azYiamBPboAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGeSURBVDjLjZLdKwRRGIf3X1wXuNAikiKfWXaVLO1SIjYlG9LYaGKxNSXWx1rnwoUo+Zhdu2vkRsp32ePCvH5nYoaGNaeemjkz5/ee85zX5W6VS4bjuc3uhSzzz4NohnlnT1nHzAlrnz5mbZEj1jJ5yHwRxsS/ROT6jiu4lEuF12+YE5pHd1O2AFHZKXVDSWYL8EcvxKQjaga27AG+ubTxUUllMlOJq9fB1Us+sAJieR5azPJ+Oc0DC2e8N3rCmyYOOFxocOGxAiTVCBhTtMJ08pYXY1i55nChwUXeDGgM7xsBovJ/dErnHC40uNDMAGynr35kj3VJKn98eQOcPzwLCib3gqcCf3l9e8QiDS6sgK8HuBCTWnxHvRtT8joqEfqC0BeEYxJ6g9AXhL4g9AXBBaF4gxUgqUZAKJYjnNMRcPFuBsCFESAqOwUurPvEdsbhQkNfkNMBFz+b4tPFnwt0gS7Qjfeq4MYvARBWbHyFiOEJrNkD4MLxEdxtsj0ALmS4MATVDm5TdTBBlf3rVNGjUHl3nMp8y1TqjYkrFMgf+hUje+AiV2IAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALtSURBVBgZTcFLaFxVAIDh/5577jwzj0wSUmqMtKIiBltbbJ1FUCxVoQu3FrHGVRU3BVcKrkTcKOhCUOtOAyJ23WIQtFawpoooZWKJpnbsNJN5PzP3PO5xArPo93nOOfasXCgfAz48mE8UhzpiqCN0FLFrog7QA+qABVpAA/gC+FYyERlz/NC+qeIbT85xt4GKckMV5Voju6A09ELLzXqfi38PTgLnJBORMfPZmMeectsSeB7SA19CPBAsxgW+EAQ+PLaQZH8uXTj/S+UDwYTVOitxmAh6yqOjoR1CZwSdETR2Yadv2fPm6i2KB9IszQZzkgkVmvnLZcuP21VeO1rgs+tdAu1YOZxlKiHw8fA9iADPdvn5nxa/3epUBGOH39sqjETu2UJG4oUwDB2RcmRSHuevdtjpWgZhxEBH4KDaDflobbNrlVoRh97demHpgfTth+5J5ZpNw5kjWQxw6mCa7aYlk4bPr7X54XqfkfGIHNjAYpQ6cOH1x9fEw/cnP13M+Ik7bc3ZYxniMR9PQCElObmYptox7E97XK0MscbhHJgwxKrQMiZ+v9Y9u3knHBUCn08ut6m2DQJHe6C5WOqQl4KbVcXR2QSxwENbS38wNEapLmNi4/0Hv/r3zxvHN0p1YnGP1e/r4ODr9TbZlKBTU7xSnKG4lCUZQKMfYkJVvfT2c44xyVjKr6lpEUI3g3UOPIE1lu6O5aUTcyRjPjhISUGttYtVYYUJuXxudRZ4p/jIvZx+eoHvSopmz/Ly8jyJwBFIkD7EfMimYLM8xChVZUJapU4Ap34tbdHalfRDh7aOUHsoE2FsROQchVyOV5/Zx3ZjiFWqxoS0Wh95/qlHk2+9+AR3sw60dSgDOPj4UoVUAL3+EKt1gwlptd7arnf4cq1EfipJPpsgn46TS8fJpGLEY4K4FJxenicuodbsYbX+jwkZGfPNlfWNhSvrG/cBM8AMMA1MA7lELAgSiYBsOkk+m+KPv8o3gJ+Y+B9yFXCQeyJWrQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKuSURBVDjLdZLdS1NxGMdPRZLgPxBC0pVhWHgRXhiMdlEUQUXBLhLUMnux0gxUtBeX8yXzuCVbKS5Htunmppt7cW5OXGeerZZhObVA8DIaBtoLljr89pwjWm32gy8/Dvyez/N5Hg4DgPknvC6dwoLTjuNlWwwj6hh8qnF4m1g4FOnx7+OLy6hwCW8swKQTiLjX79dGINAOWKuX0F9elgjgdUkY63Rj3AS8twFcB+BhQV0BZy1gvwu4FMBoK+CoAbouutGRm/QHwGlVeEvFAsCnilGhlHSTNzuZy5KhL5biRVEMNoIZSwH1GXYd4G/LhP9JDOFeKmZjsNelwSFPIV0F6QZhLAmi+6oCuoIUaM+n4em5GPoqAeWxGFhpBoORVhX4LtJTC7pS2O6kwlo5h6FGwFIOmG/RXQF0yOagPp2KxyekBKExCoGmHJYh3Y8Im9Zns1Ylk24tXPUR0jXgWZ4E7TIJ6RpguB6B6mgFWo7sQsPhVfTSGPKsaYZ0lxGmLfdTN2PJ9hnOefOD3+4IhUJfeZ4Hx3Hw+/0IDvV/HnUPsKjP3kaFC+i9Ddzfv8iQ7jKCzwFDsbDdpHCIH1tZWcFWcbsHh3Hv4A7IDyyKo9VkfGdou7PoqwLpLpHuzjA38kt4rLDN/ZPBVxaUaXLXilpOoUAhWet+cEgATDPxf1YgEMAGgJv9IabOrIPcXADnlAbvPnmhHL4GmTIT2cW7mxMAwrwbgE7+i5i8h8cxEFFhYIZ+JDrNvktQ+i4LgJ8JAJ/PJwKi0ehmTlZnYXBKi7+PfVIjAJAA8Hg8ImB+fh4TExNiJKV78ch7AQ3efLG4wZP/fwOXy7UQv32NrR5nm/eB9RaKnYVb+N5yB3a7XW+1WqMWiwUmkwk9PT3Q6/W4opAt59zYsypoU75RGoX3vwEsUe6Qo5mAvAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHESURBVDjLY/j//z8DJRjO8F3q3d9ypOF/9b7y9x7zXAXQFTpPcaiv2VX+v2Bzznv7HlsFDAM857sJFOzIuT/hRO//wMW+81E0T3JQAGls29f8377Lph6rC0DYfZZLQOfh1v9tB5v/u0x1coCJB8zzW9+xv/1/xOKw8zi9AMPBSwPX9xzu+h+/KhqsGOjcgMZddf+rt1X+t26xNCBoAMS5eUDntvx3meDYn7Qy7n7rrsb/9h22/XgDERkDbS1o2d3wv31vy//+A73/S9YXvbesNRcg2gAQLtlU8H/KoUn/e/d1/89YnnafYDSC/T8vcH/ppqL/xRsK/tdvr/0/6cCE/9MPTf3fsr35f/byjP9Zy9L/5y3PeYnTgIBJ/g1+E3wbfPu8G5IWJR7o39v3v3h1wfvIuZEHnJudGhwbHBrs6+0aiPKCe4dbQ/XGqv/Ji5KeOzY6NBDlBd8pPvtzVmb9z16Z8b9hc/3/CXv7//fv7vtfu6Hqf8r8pP9J8xP/A124D6cBbm1uDa6tLg0g54bNDD3Qs6v7f/ayjM9BUwIPWFdaNViWWzZYlJsT5wW7WtuGnGXZ/8Nnht23rLAkzgsU5UZyMQAcp633iiwCvgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHcSURBVDjLhZPbahpRFIbnJXLb4lsIQx+sF6G0kMsmpZQ8hEeUGWcUTbQqnlDUUTwgIkaj4kUI0j3ozObvXjs4jXjoxbpZe//f/689a5Rut4tOp4N2u41Wq4Vms4lGo4F6vY5arXYFQLlUimVZ4Jwf1Ww2k5ByuXwRopAzCabTqXSeTCYehHoiBQqFwlmIQpHpMrlRo1qt1jebDRzHkX0ClkolZLPZkxCFXPcXhXgrIk9t24bz8gyna8qz8XiMfD6PTCZzBFHIeR/ZdV2QmL+u4Bpf4cY/C4ghz0ajEaVAMpk8gChiRrZer+Wl3W4nnd3EF/CH7+C5n+ACtIcMh0NKAV3XPYhSqVQ+iRnZarV6gzw1pTN/vAPP3x9BBoMBpUAsFpMQSSkWi6qYkS2XyzfI3IKjixSPP/5BRCrH0uR5r9ejFIhEIlfeLLlcThUzssVicQz5/Qs8eYM/+g2468gUhmEgFAp9PHhRMZ+aTqfZfD73IDvtGtz8Bjtzhy3bvBf7vBHeVyqVUk3TZLSJEjJrw3m4Bd/anjgYDPq8Rzy1HIlEQtU0jdEm7j8xiUX/QHwWQBWPx/3ipRktWL/fPym+CKCKRqP+cDjMSBwIBHwnV/l/v6tw9Qvxh3PnfwF+wjbwD++YrQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIlSURBVDjLpVM9iBNBFP5mf0jIIsIdMSsR90L8iwfWlhaiaCHBNB42ioWg1QmChYiFXG8l5LjiIKCxMSg2ewQFlRQBc4iIiIoJ5kgMJCTh8mOyu743sF70Llg48PFm3rzvzffezAjP8/A/Q5tc5PP5ACU8R1hwXfcI2YMEmrrvyX4mu0LIJ5NJx+cIXwGRj9L8YTgcPmaaJgzDQCgUAu+32210u11UKhU0Go3X5LuQSqWqksgBDNu2X5TLZT7OmzZGo5FXKpW8bDa76vMUXwot5iORyD9rjkajoEPObOsBOWXGer2OYDCIQCAAXdelr9frodlsolqtIh6Py9ipCTRNQ6vVwmAwkOvxeIxOp4PhcCj32LdjAr8mVVWlAg5mUN0yid9sJjuOM10BB/skIYQM9n2KomxToPydwCcweM5gsnj7DFi+gk+X4zBzN2ftU9qtHRVwMIOJXA5bt5jDzI8iDl+8jkBsHv13tvLh1dq9tZP65h8KGJOn+3IHbx7h0InzCH55CbG6gNDXJ5izZlVPeIu/FTCBr4peImq1Gvr9/ladTbpaMwacvbHVvLt7obpibrKES4VC4XEikTAsy5LvgJso38YeE7315zCeXsOwX0OP4rsdKk/Fhpj8jZlMJkaJbhNS1PHd/Be4HL2Uw77WOvbP/ISmfEe3Mca3uuqMBt4dMe07p9PpXUQ+QHCpqR+PF+8vbjY3rqqOsBzVqxLrwWl7vPQLOvKpkCFdDpkAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIuSURBVBgZpcHNi01hAMfx73PmzHWUO0QmbiOhyQyZMYWGRhbYSfkLpKwYpSRTSikLxE7IxsrGSmJBGtSQnXfJ5CUvg+G699x5u/ec53l+zilFNtR8PkYS0xEwTQHTFJJ5dX3to6hlxQpjAn4TjbHXH5ytrgca/MmQm1i+7akNyRgFHYv6LjYbY0BkBMZg69+Xfn109INA/NJUaJFcOjr+efAgcDkkZ1XHJzMaX87hkiYIWjCmSFTaTGndiQIS4EEeECaYtWD4at8R4HJILjWBfIJLCsgLP/WedOIr46N3aI4WglLwCZIFLMWOQwXkF5MJyRlF3k6RTIKSCdKxGsWOnUTzOgEDCPAgAcKEc8AFIZmQXBoQzmxlTuduwIOE8PjkE7Z6C7kY2RjZGnLjRG2HoSFyIblUkqvjJ58gFyM3hmwVn1aQi8FWGRyucPedI56aIrX76Qlc2A6E5BpI3uLTb8jGyMXIVpGNkatw42WFp/UimzauoW1uO7efX+Hes5HwUn/pVEAukQwO2R/IllH6HdkysmVkK1x7UWV1RzcucHQv3IozKb2rNpDZG5BR4it2shyn4wVvJ4vYxnxc0oZ3y/BuJaO1Ms1mFts795E7sPkCy1q7yEQhGdUbJ9+c37EOsQVDkb/UapXo+ch9Ho8MMbD1Isdv7iJqmkGmbiTxL739pWNtS2Yf3tDVR/uCHoa/POT+kyE+vo1PG0n8j97+0nFgD1AExoCzD86MDPwE/3Mt+7fw600AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFCSURBVCjPfZHNSoJBFIa9qLmMiNbdwGwKClq0ieYGCvGjnw8Kyk1RixZtCiJmEUkQUtn4s3Bh/pZO+pkfSYpvr6OEGMXhwHDOM+9550wEkf/j55ATWZXRaWtsSj+pBzEF5GTW1BGiz+ighqS5lxMA20EXQBdtBPjkKcRdkJBjgOJm2G4iDss4RN0h2lwLB2RU3bUbWKP4FuawgVdW8jhXDkjrkLIWb1DIYJm5SLCDd5xqBzzbPloEalhnHmAGPirU+MKRdUCKQJMlD7MUL2IFZcZQIz4CHnWblgyWkMUCCg4o8T0F7I9GJFUJA1Tpfh67VFhlvqCHW/gjkwlxY1p0XUaMN4u44N0BEd/4YryoK3kZNFj84OQqV9Uj4geenFj1mTwxSRoNOTsPDc9E5dRnHYs9taO3bcxG9aaKiV+/+Vd8AypJdaR1UheDAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJpSURBVDjLpZM7aFRRFEXXffPyJokzmkSFWBiJiGBEDH5io8QmIIqFojbaaGkZSBVtbAOCpZU2IhhRLJSAEFELISIpRBB/wxgwakYnn5d5n3vvORZCjB8sdJeHw2Jzzt5GVfkfhb8O3ANTUmVQhQMi9KmCChMijKlwsXxY4+X7ZrkD98D0q3DFdA11m7Y+NOoA9WhSw9cnyV6PVEQ43X5EH/4GcOPmiLb13wo6T6Ktq/CNl0j2BXUpmGaC5k0YG5C9HyX79PDo2hN6ewlgx02HKtXCtuslCebxaQXsAuIy1KffIaKYYheF4jbmnpyJRdiw7qR+DQBUGAw2DJc0Askq4BYZv1MDycHnPLoPYmPc/HN89pbWLcMl8QwCBAAiHDLte5C0groEFcv+gy2oWNRb9vXHqGSojXGzzwjbNiOeQ0tfEKGH4kokmeVT9SstLdAUOUJy1OXYzJIuepJFWN1RAzK8p3sJoEKiLo3wjpmpORoLOXnqsVawVaEUBuAD4kTZe8qCKiIUfjjwVLBJL0T07G5HXYa6hM+VmNl3RdYYg00MU/UEE7QiPsRmvFl+g7u2NomJulAB9TnqLFGzJ2ukaJLjFhIkbBCu3E5Sq2Jz7v4AeC41XlyIcWWCaD2oQSWjvMrRtGWetzN1qvNzrD/ciRa3M/34QmwzLv0UpJkb5li4dmC0uesoFBZw9af45APqUkxYplDuxbOR+st71F+NHd8xrDd/i/L0NTMgnssreoa6o9VbCZoCEIfLPIvTr/j4ZKTiLGd3ntOxP3YBYOqqKYlnSIQD3tPncnCWCWcZc5aRXef/UqZ/0TcrHX7i2ZbMyQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJPSURBVDjLpZPta1JhGMaFPvZ/CH3rL1BqICLzg0EMKmSwmZXWskPhSwQJ2yQzVEYyaRI1ikkOCqISJDU/9IZRKyqn9SWYuBedb+d4ju7quZ/jBvvYuuGC+1z3dX7nOc9zjgaA5n+ksbiWHKGnlbbvcRneR0yLJXge/MC1+99wNfEVwsIXXIl/wuX5IqbufoBz7h288UKb7uOA6SeVQfRVFf+qqXBuwAH05IPobDALDvAuruIgNTGbUQGehz+50VP6kJjEnoK2qKApymh0ethsiajVu1hb7+BPrYVfa02eH59ODwFsw6jkwQByv89BXVlBR1JB210FW20J600GaoiobnR53nrzhQqg3abqM4BCEKYeA4kM1KHVMFCLVtRRUG/J2GhKPH/mxnMVQEfFATs7HLAL6jFJffWVdkHNIYjq1PVnKkC493kPQGp3u3iZTiMUCiGRSCAYDGK1XEZtcwu3hx7NxoUwdDrdYc1U7KMKYJJkGQssEIlEUK1WUalUkMvl+PV8PI5SqcS9QqHAvdHR0VuaS3Pv947mdTYLn8+H4soKZgMBmM1m2Gw2RKNReDwe3pMXYDOCCILQ0Dijb/cA4XAYMzMzHCBJEoxGIzKZDIrFIvL5PFKpFPdoRgC/3y/Sv7B07s4b/mWZJ/ywn3dywEnrRRw7PgKDwQCLxcJFPXknTl/gALvdXt/3Zx1hxZb4nW1SPZlMbi4vLyMWi8HlcsHtdvOePJpRhrL7AFqt9pBerz9qMpl+T05Oth0Oh8jUGxsbszKNsL5JHs0oQ9m/1aYTg/t8sGkAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ6SURBVDjLpZNZSNRRGMV//2XGsjFrMg2z0so2K21xIFpepYUiAsGIICLffI8eWiBBeg3qQV+KwBYKLB8qpHUmrahcKLc0QsxldNSxdPz/79LD1ChBUXTh8sG93POdc75zDa01/7NsgGvPR09rzQmpVZZSCqlAKIWUCqk0QqoZWyKFRir1uvxIbsAGUFqXHQqkpP1L57M3Pm5MMJBKpQHUdF9BKIGQAlcJXOlOVykSdye3leO6MmkGQNyHw+uO/1X3bzGBK+S0B1IqAKqDg3986HeCZPffwvJtoNT7lOZLvUdtAPEDAKBkRzo3QwMUb89InN1uGGD3spdE214xe8MRUnM2MfppNW0Pqy7YAK5UKK2xLbhdP4hlmdxpGMQwwQT8ziNiI534c7cT6WrFazikzF2Eb8HS1IQEDdiWwcHAQmpehTkQSAcgNvSMiYFW5uUUMdV3HW+ywefGNqITJsbUUL75k4FWYJtQ+yaMZcXrk1ANk/33mbdiD7EvlRieETy+FJLkMFcjRRSW3emIAwiF1hqPBfu2LGSWbbA1uZ41SfWkrtxPrPcypsfFiWYzFGzGKTjFV28WEJeIUHETLdOgrmkI1VdHpCdEet5enP4qLK9mKrqMgedv6cyrAP+qxOTiUxAi7oEJi8frELoFoTLpa7nI/HQvscgSRt+0kV1SSW7qYtp7xrBMphm4Mi5h/VIfTcEq1u0oJaknSEdNiMYHET7UvcMpPEN31Ed7zxgASmk1I0g6dK66s8CRak5mVxjnfS05+TsZCw/T9baTx1nnGb47DrQksjE6HrsHYPz6nYt3+Sc3L8+wA2tz0J6pF5OD4WP7Kpq7f5fO79DfSxjdtCtDAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKnSURBVDjLpVPfS5NhFN6/0F1EF9FFBf28GhF0UWrkVQQZkamgbckoGEUsbVJgLl2K++F0bcx0UwZT07bZnG6yzc3hJND56ZYr59zELjSdm36NTZ6+9yOEQQyii8MLh/M857zPeQ4HAOd/4p8BBoMB3d3d0Gg0UKlUDzg+nw8kpqam4HK54HQ6MT4+DpvNBovFguHhYQwMDMBoNEKv17O12WwWiUQCMpmM4ni9XuRyOWQymYKRSqWg0+nWk8kkwuEw2tvbo1KpVMDxeDxsIh6Pw+/3IxaLgeSi0SgmJiYQiURgtVrZmsHBQVAUxU7U0tJSdKiBw+HA9PQ0RkdHuW63G0NDQ1wC7uvr45JvaLVaLgH7jbdE4f57iHxqwpzuBuZVZytZgrGxMQSDQVaDlZUVVgPSmYBDoRDb+WtAhY1JEXaCViC1ju0gQ9h688ehuiMjI0in07Db7WCU5prNZqI0l4wbMBXVbVKvkImbseF6h/2Fj8iterHwgU8fEjCF4kAggOXlZRAw6WwymRCe1WOLEuNg34v974+xFXiCkKEGQW3FZkBx+1Tejnt7e4nSUKvVUCqV6FcL8XOhDge0H3vfqkCvlWN3qR6LnSX40lZ8qaCRbG+O3t2YFf0BV4KO3UeSeomQshiS5zXbeU7s6ek5zSj9vqurCwqFAhrpI1C2Z8zYHtDRGvxaq8AOM0moowTh1ssnBAJBOo+AEUtMXrlcLlQ2VGwufq7HvE2GxEwZ9qLl2Jp7gSVlUarhKS/BgIV8Pp/OI2A8LWZsya7LRPyxu4qw5g4m64/Bpy6F/fUVGDqbWRsztaiuro789ZgkEgkaeeeQ8XcgMyPHTNM1mB4eT9nrLlysra0V8ng8AkbBayy7eoR+W3Um62wuzTrarrstovMnC13nb3Lp9V3T7PhSAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALtSURBVBgZTcFLaFxVAIDh/5577jwzj0wSUmqMtKIiBltbbJ1FUCxVoQu3FrHGVRU3BVcKrkTcKOhCUOtOAyJ23WIQtFawpoooZWKJpnbsNJN5PzP3PO5xArPo93nOOfasXCgfAz48mE8UhzpiqCN0FLFrog7QA+qABVpAA/gC+FYyERlz/NC+qeIbT85xt4GKckMV5Voju6A09ELLzXqfi38PTgLnJBORMfPZmMeectsSeB7SA19CPBAsxgW+EAQ+PLaQZH8uXTj/S+UDwYTVOitxmAh6yqOjoR1CZwSdETR2Yadv2fPm6i2KB9IszQZzkgkVmvnLZcuP21VeO1rgs+tdAu1YOZxlKiHw8fA9iADPdvn5nxa/3epUBGOH39sqjETu2UJG4oUwDB2RcmRSHuevdtjpWgZhxEBH4KDaDflobbNrlVoRh97demHpgfTth+5J5ZpNw5kjWQxw6mCa7aYlk4bPr7X54XqfkfGIHNjAYpQ6cOH1x9fEw/cnP13M+Ik7bc3ZYxniMR9PQCElObmYptox7E97XK0MscbhHJgwxKrQMiZ+v9Y9u3knHBUCn08ut6m2DQJHe6C5WOqQl4KbVcXR2QSxwENbS38wNEapLmNi4/0Hv/r3zxvHN0p1YnGP1e/r4ODr9TbZlKBTU7xSnKG4lCUZQKMfYkJVvfT2c44xyVjKr6lpEUI3g3UOPIE1lu6O5aUTcyRjPjhISUGttYtVYYUJuXxudRZ4p/jIvZx+eoHvSopmz/Ly8jyJwBFIkD7EfMimYLM8xChVZUJapU4Ap34tbdHalfRDh7aOUHsoE2FsROQchVyOV5/Zx3ZjiFWqxoS0Wh95/qlHk2+9+AR3sw60dSgDOPj4UoVUAL3+EKt1gwlptd7arnf4cq1EfipJPpsgn46TS8fJpGLEY4K4FJxenicuodbsYbX+jwkZGfPNlfWNhSvrG/cBM8AMMA1MA7lELAgSiYBsOkk+m+KPv8o3gJ+Y+B9yFXCQeyJWrQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKRSURBVDjLhVNLTBNRFD3TTju1FCcBaxuaQEr94ydiZIHGpcFISBOi0YREZWHCVoyRxKUxxq0LXcACQyLsjO6KjSEiDfHDz0S0CLSxlFKd2g7MTDudGd+bMAQCxJucuXfuu+fcO/PeYwzDALVoNMqRuI3guq7rR4g/SEBC/Svxc8T3EUTD4bCGTcZQAUI+RvxLr9d70u/3o6KiAm63G3Qtn89DFEUkk0lks9lRkrvW3t6e2lCgRZFI5F0ikaDtjN1MVVVjYmLCGBoa6qccC7Z1kQafz4f/WSAQAGlyaXOOpQ+SNNUymQxcLhc4joPD4TBzkiRBEASkUimEQiGzdlcBlmWRy+WgKIr5Xi6XUSgUUCwWzTVN+IAzeOOde71orP0eAaOkbrDWf6Cw2+3mBLSYgny3KULXPOUY2BUB/hMd4IOn8XfhMGYjvU+2TECLLRLDMNA0zYw5JYa6Ghke/hyEn9/gZEqo3OuHp7qW3yJgESjoNPSdlb8gWCOCr29BMT0Ip5tBYnIWqlL6o8irzVsEaHcKSqQCen4cweok+FAblNRz2JxlODx1cEkzGWmVbTl7Z/jHhgCF1Z3GYjIKf+U8+ANhQn4Gm6OMUiGI9MhHg5Gl1sbu8UnKNc8B7Ui3ipxEcwvlpVFw6hz2N1xGabkXdqeBYqEOmfefEZWac4e6xz9Z22hbn+BmLBZbi8fjEBdG4NF/QdUDSM88hQ4FawKJR6cxLDZl86qzZdtdoDYwMBAkQg/2LL/ovNLVh++Dd7G0OAau9hTkrKgnnE39GW3f/Z6enpUdBSx7ePu4eq+zi4VNw+TbV0gsxFd5b9X5i4+mpnY63tsErl6okhvrfWzT0SAMR3FMXsnean08Pb/b/fgHqpjCspi90kkAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAL2SURBVDjLfVHrS9NhGB0Evy/9HQlZmmbe0iabspbbwJm6IKnMLWND2dzcnKDb3CJyjpy3QR+MgoxMV06HNl3iHBO6qDkjvGVlgn5Qt1yOCD393l8X8EIvHHg4z3nO+7znZQFg7Yer/ATVp4xbcavjowO6hKin5vSKp+4MdZj2ANFXcZKiB0M+Kx9TnXK8e1KBQIsYQ/WpoSFLGvVfA7cqnhrQJoTGbAJMdylpqDDdrUHwWQ38jiIM1KeH3IZ06lADt+YUNahPDPubRAg+VSPQmg+POQMvbmXC11aEye5aDNsL0a1PCz9Wp1B7DAZ1iZSnJikcsOch2KNFoK0Aw3c4eD8zzaDfzMGQrRDjj3RwWfLQcTMp3H4tkTFh0QFRdEDhQEs+gk49vWohPLe5ePP6FdbX17G5uYmF+Vl0as/BaRTBe0+Bh1XnYS2IC1uEsRRryJAyHmi7+OedEno4G1OTb7GxscEM/8X83Cwc0jTcV+agt7EYrdJM1HBixll0snyPJX3H1y5Bn5G9++njwr+b92P58xJMgjg0XT0LPfvYDg3+7wAN6fzndWlj9ru23e3tbUas0Wig1Wqh0+lQXV3NcJFIBDZrA3Sc2BkyfOAbrVbr1traGlwuFywWCzo6OmA0GqHX67G8vIzGxkaGo3thuVxexWazj+4xMJvNWw6HA3a7Haurq1hcXMTo6ChMJhMIPzc3x3B+v5/RCIXCBlb5y5L4672XLhc9EA0LlLwdbbUWE8EgSktLiQAymQzNzc3MFqQWCAWQyAu3iEmluvI7ix7+quy/gdqRSogq+DDVmxgDsnpOTg68Xi8mJibg8/nQ09ODbB4XdV41s4XBZACLvnnkgp3zJcOYPJ5akByVlcl2iUFJSQm4XC54PB7EYjEDUnO4HIiKhSFiIC2T/tyTwXH6iESiDzabbbOrq2vd6XQyb1epVMxPkJpwpEc0RLvHICYm5khWVlZCbm7uklQqjSgUiiiNHxKJ5AqNbLr+RjjSIxqi/QVm6pQnUTAFywAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKNSURBVDjLpZLLa1NBFMa/m/uITfpIKzFJYxGaxkQDFnFRsrLgxm5i3dWl+Ae46Kr+DWbZTcBNhboQ1KW1uYhQhVKECFE0SEvSBrXR2Nyb+37EmYHG0hZceOEww5n5fvOdcw/X6/XwP59wWlKW5SABF0jc8X0/S9Y0CbL1q2T9StZHJOT5+XmPO+6AiC+T3JNoNHolHo8jHA4jFAqB3ut0OlBVFY1GA61Wa4PkFk4A1tfXX2cymdmJiQlwHHeqbdd1Ua1WUavVVgLHDwkwF4vF/ll7MpkEKWPuRA+cnhjY3NyEpmnI5/MIBoMQRZGVoOs62u02ms0mUqkUBfxt4upGe8B2vFXXGBnje/uQJAnlchm5XI6JqW1FUWBZFgRBYLk+YOXNL8FxnA9BkUsLkTg+7vzAZESB53msiVRAATQOe0bF9Jz1wDDtccNy0yEJ4Dkf/Fga7+pBJFJXsba2huXlZZAHGICuVHjogAG6up20bJuCsNvSIPI+pMg4Ss+3mOXp6WkUi0XY5M4hiAL6DlTDiOpErJHo6iZ2vik4IwKJCym8/aJje3sbiUSCCY4C6J4BOqpx0XYs6KYDRbegaiZqe20cqBYGzl/Dy/c+Crdu91+lAGqfOuJb5wqSqltyNCLxChFKPAeBJzMe4OD5Hho7Lczlp3BpMsJ+4+joKLLZLJvGer2uCweq0R0OBUSPUDXDwm6TjOtvDUbXhNm1MJUI497CDCSRZ2XQUaZTWKlUvhMnBeGgq8uBnnjz008Ve3ttx9HMB7EhvzOTQeHsMHd9ZNAeksuvmG06RKZpUuFjUsrDpaWlfW72/osB13CeuYZ1wzXswa2nd+2jk1kqlYaIYIqET5r2eXFx0Tp6/ge8rrdXLiWBdQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIISURBVDjLlZPRT1JxFMf5E+6fwL9Ri8lsI5cSV7swL82w0SZTB6zWXOuB0cLU8HKhuAooTNrFupcAsYWjh1sRIaDgTLGXxmubD2w+9Prth29tXMWH83J+Z5/vOd9zfhoAml7h+mg3ReuhUxIdR37CrVanUXvgvvsOtk4kbJ+kEaos/bkSYCZv0wcri7/zrTS2f32AUOX+2nPWACvd1V4KmM7fnxQP1pE+2kSuJUM+EpFpvUOS5MJVHgQSuBCwWuU72eP3EA8TWCx523NFl+Iv+zrxRgRr+wKeFJ1NVYA9y+o3mjFskbkj9SDGpTGqm2dSJmosZfRYZXPClLxNqQJsGYt2bS+MbEtCF2SVmQCTukOPikaqbxPnik4l3ohC+ilivbGKcC0Af/klXAVHczhuoC8FmDdpyl2YUrjyAlmfHytklATpJronwP9jAYbYIN3XHXTDuDGkJ6qeRzsz7XCNh1AjvshmRRXQnZWVmIQxOfTf5RFV/fw3LyJkC+6d2U5PwOjbEe3Tz4/bQp0/b92WY5VbsZtuQ3SQfpC71+R3/eAqr2ASR7I9AUSVepibUHhSFCVKQv31uXm+0nPwVQ5dgOfLM+jeXNdf6AFRnZz9NNVeKs8jtr+CCDHvRcmL8bSlqQtdo/v+TBaZ+RrcXUaQqLMZy+GVf+OAcGPaWXCckW7OBgTdslrdPxtwvK6n/CCRAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAANsSURBVDjLdZNrTNNnGMWb+M3wRaObc/plSxYToiZzc94quCGCVRfMnwYtUiyuUhUQKqtcCmhatAgEaKlcBNFSBYQ5lSIgQ0GFttRCL0BBoAVUVFKo/UtLBXJsiZp5+3CS98N7fjnnyfNQAFDeK1uf6nVGm5CSquS28VqPzMY0RcweVjDawmqC+QevZi6IvfJk4f//e/ThkalL8RFqTg7dHqhFo6UJiuEGdLzU4oq2HISMJo0pH+VwLpqHIgoHfD4DZHQlB1V0l+GOpRFl/VdxXMsH91Eqavr+xd5LO62MkuIfI0vN1tLWcXAvD4IQ6YI+AESdyYtPq0+QzcPNEBklYKmjEa6KxvmeUkhbxNgh3cZhXxiSZteOQWEgUXDnBWhpHeR23sPF8wB3X4Gi/xaKTJfBVEchpI2NeE0aZFoZ/MU+naxC489h4r7Zmzo7shrGUaWy4fgFE6hRTYJ5QHxLZGe9uRFRmkTsc5vZyjjI+isQVREJavpvWw7kme5nK56hWmODpPIaTPIQPL4hRFeJP3T53mGUo/XhrhuWOsRokiDS56Gyrwbn6kXYJPi1hJHbS3f3dVQqJ1FcXYaxZh5s+lqAfIpJfTXaMwOeU8Kv023K52pc67sOyd08+GZtsm48/UtKfeypJbnx5cvcffU1dXKMG9PgGr2JsXvn4DD8g1nLAxgusp0Uunx3p/hujqfvS5+MDXGKWGLlNJOZ5AymW6doe1bzMnLMViMfc44HcAweg9U9p15ZBJTSgzPqvKCfKLuK/Lh+uVS2IZ71vYv9V9Z0aChJpiTjdcg+jGZ6cyYMCZhztmNqgAnnCAP2nkTo82kgGAnF80Oc+fvEojfHjha6WCzXa6EAkxUyWOVlGGRuwVgH7505DM7h/XhlTEK3JBB+BH/qO9+MpfOAN0c4S92RSXthPiaq5Hh2Kgn94mj0KuLcsVvhNEdgeuQAbO4kPZIA+IcWYNnWs8RHm+jYSxAki4WJVD406Wx01yVCdzsHT1TBmDIzYO06iUc5NKzfnTbyLTU94Iu3YN/su/3Vug1DVaI/ALsFpiICzYnL8bAgELX8za4/6dzz31CFXl89Jo8mVq3xEhzynnO1S+BS5UIl3IaqQyvIhoQ1az81fhHgUTB1kfMMc9XMf2cDZ5qyfm+5xVv9w9fMHr0Fh4yy26byoRwAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKUSURBVDjLnZNfSFNxFMdvaL0EQQQSQpQPQS9R0FPQQwUSPfhQBBb4EOTDIILYxnR7aBPmlPZPBptSDoxNUR9yLhduOrexBs6WpA+BlbnRmrL/f22lu99+58JiWE9e+F64h/P9/M495/y40dFRw8jIyH0A3GHEDQ8PXzCZTEt6vf7ioQD00mq1Uo1GE1GpVC2HAqjV6mNKpXJRLpcvSSSSUxRbXl4eCAaDvM/n4z0eT9XlcvkcDse1/wJIfr//sVgs3jEYDF8CgUCImXfZA1LO78PWrANTU1NVu90u/wewvr7uXl1d3V9ZWamGQiGkUimUSiXsZIrYdAfw7cplQckFD6xWK8+a/uovYG1tTReLxYSTnr2VC8ZisYjtdAEPJ3l0jQOBF7PYtpiRTyaFPK/XC51ONyAA2EeFTPl8XgDUlcvl8COZR3S7gEKhgHK5LIjglNvf319jTb/LsebwBDhorisajYJVCaPRyJOy2axQ5cbGBhQKxVduZmamRtS6oQ7IZDJwu92Ym5sDy4H96b3f3jst+cWbzfA/OIvPNjWkUim46enpUiKREMoiI5WbTqcRDofhdDqp8xgXd+Kj5Grtp0sP/tM8KpNivH9yCcauG+AmJiYWqPNkJACZLRZLXCaTFUUiEZiKztsnKrvMDFMH0HMS0LQh9fw63tw6XuBsNlsvnUSTIAD9DlvvUuOsWdk8/+E1Gp+c8jQozo2NjZ1jcy1FIhHE43FUKhUMDQ3VGgHu9qbvZesjgJmqMg5ZppioCSweFxLMZvNLtqZgywS2VGD34lcjINjZqgp3n99L9LQhKT+Kze4j8HY078+3NymEBHYbW9libA4ODu6x+e719fWFDu78u84zvezELSqbKiIzxf8AGfvxrzvUBvIAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKnSURBVDjLpVPfS5NhFN6/0F1EF9FFBf28GhF0UWrkVQQZkamgbckoGEUsbVJgLl2K++F0bcx0UwZT07bZnG6yzc3hJND56ZYr59zELjSdm36NTZ6+9yOEQQyii8MLh/M857zPeQ4HAOd/4p8BBoMB3d3d0Gg0UKlUDzg+nw8kpqam4HK54HQ6MT4+DpvNBovFguHhYQwMDMBoNEKv17O12WwWiUQCMpmM4ni9XuRyOWQymYKRSqWg0+nWk8kkwuEw2tvbo1KpVMDxeDxsIh6Pw+/3IxaLgeSi0SgmJiYQiURgtVrZmsHBQVAUxU7U0tJSdKiBw+HA9PQ0RkdHuW63G0NDQ1wC7uvr45JvaLVaLgH7jbdE4f57iHxqwpzuBuZVZytZgrGxMQSDQVaDlZUVVgPSmYBDoRDb+WtAhY1JEXaCViC1ju0gQ9h688ehuiMjI0in07Db7WCU5prNZqI0l4wbMBXVbVKvkImbseF6h/2Fj8iterHwgU8fEjCF4kAggOXlZRAw6WwymRCe1WOLEuNg34v974+xFXiCkKEGQW3FZkBx+1Tejnt7e4nSUKvVUCqV6FcL8XOhDge0H3vfqkCvlWN3qR6LnSX40lZ8qaCRbG+O3t2YFf0BV4KO3UeSeomQshiS5zXbeU7s6ek5zSj9vqurCwqFAhrpI1C2Z8zYHtDRGvxaq8AOM0moowTh1ssnBAJBOo+AEUtMXrlcLlQ2VGwufq7HvE2GxEwZ9qLl2Jp7gSVlUarhKS/BgIV8Pp/OI2A8LWZsya7LRPyxu4qw5g4m64/Bpy6F/fUVGDqbWRsztaiuro789ZgkEgkaeeeQ8XcgMyPHTNM1mB4eT9nrLlysra0V8ng8AkbBayy7eoR+W3Um62wuzTrarrstovMnC13nb3Lp9V3T7PhSAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKFSURBVDjLfZNNSFRRFMd/b96Mb0ZHEbFPTfqQNKpFkVZYFO1MSFpEkBAYhBht2rnKHIogCNq0qIX2QdHOKFHJooIKlDIrykxLM0VzbMYZx9F57360GC0lpgOHc7j3/H8czrnX0FqzYKefVOuDm8rpDr1CaoVUct4VQglKcvfQdP8W7WeeGQsaN4tMOAKlk8VSSYRS8/Gv27ZYLMG1BGALtAZHSmwp2BgJc/T7V2zpIOT8XcJJDXBsgUU6lsuLIwV7JyfZLvysjEawTB8+7cex/w8IfBrqZY1VyAphsn5mGrW6jLLxMOu8RXS/68GxRSAl4O6x5vrnn54GJkZCHJgxYMNhZG4JJeEwE/1B2jpbA28uva9frDG01nC7zIfLLEJjApyPumpqsq2TWVtqkY4b60cz9/peP6xaldNAsgTEXJATL4aTgJulI+QU52kM0Bq0Qi7fTcKdj4pNYooprHg/xlwo2bR0IDaGKxo+ngRcXHMIoe+o/bV+WXgEFQ0iopOo6SAqPoW2E6AVRlo6JgL3hxa8gwMPyPBUGX8e0tm8QhQtamdlUaKgEhkeR8bDqHgEPRNFGxpLhPC/fSyJiXqaxi8sHWJgdAC/Z4frc3uze+ojWtnouRl0Io4Ss7g9bvy9T0PYunxB/M8WqBuKkZ3V4ZoeQgsHhANKgjMf09wxro12pFwjAKa3QmYXJ1OPwGtGcPmykcpC5iwroKF4a2pA4y4f2jgg/Wvxfmsj81HjQPrLthuZwU4scxqRtQ6kUZEaINU+mZHv87SeI62r6zpCb+PqSLVnbLg8o6d1VM/OgqOXAJb8RiJTeeaX8UF+2ado/Nn+5/zyUDt1RZu9fe+vICldLPkNkalgK6EwqgIAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJpSURBVDjLpZNNSJRhEMd/z7vr9m7t2oopZl/UoVWpQ0RC0EFL6FAQ4a0OXbrVLaJDEdStjhEUFQVBHaIuSocIomtWJvYFRhb51eqaH7vu7vu8zzvTQbENvDkwDAzMj+E//zGqymrCY5URBxh6vm/Ar21rM6aapwSF7yORm90PBP9NGQAWskc/ujiAUa9ly4EHNcYY0MVhjMFV8jtyA1dGdKkLEEvUqkbhZHHi1XngSRwApxXErgl+3yKyMfBqMSaN33yI5vZrCVQBARVAMV6q6VvPgcv/AKHxVCyRTaCiSPkX4UKO4uRravyNoCGIRdUBjnTLhQQq25Y1wKgvrowtgdoFwsI86ZZT+PWtgKGU72du5CWNbWeJJVKYeAYiL/4PEHrEk41kWk8vraoogtgxwj8vmP7+gVTzEfKDl0jXCf7mixAoVQBVjSpIaRCN5tCogLpZJJxh/vcwaxu7qN24h+Evj0nEF/A1gLDaBwGq4pBwCrFTiM0hNoctjjE7kSO9IUM030PDrtPMTIRIFCwfdhFgVQ0R6v6gbhoN86ibZnZ0jPrsCaj00/fwEalMmULeY378E7gqgFqZcaXpubCYEFdK44IGivkk4u0kXVdCgh+gQlR8y/aOc4y960Ws2GUNtBJcH759vB2lC0MaYwjq6hJbO896UnqDSpm93VnEjuOvGyKz7SBTE/e/Lh5whWfqv9NxZkPrsZtNO5NExT5ULe+ffWVvdysmth6Sh3l379KkinSuCOi7sX9098lHm2LeT9TNUOVkwCOWzJL7PMBQ79Wn8ZU+zAXW77/bXVZRVKQqdbkigqo2/QXSf1oX6zFeUgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIwSURBVDjLpZLNS1RhFIef897rNDSoUEFFIhpCi1okzKKyRSFBFC3aCFERRQTSItrUHxBFbQoEkYJaBdoQ7kqQwm1BREjmF2JWFuKgNTozzr3zntNiRmthC+nAb3fOc37nQ8yM/wk5ff3Z1cNH0vcWCpYyA1QxVbx6TA01xbxHzTDv8arUJeL86Ojszf77Hd1hui3dVZNMue3JDTVO5Qu+C+gOC7G5wsLyhq0XY3MAoXnj9tmWDQMu352hAjAFICp7DDA1vIJiqBpeFV+2ikyJvNG8oxavvgKgegVxgphhTjAxRAXnBBGHiEecJ/rwiLA4RW6xHS1vBsCtkhwgIogTAie4QBAHgYOaIKA8liGV/MLOtguszL2k0UYqdabVPxBZAzmpdA8CIRAoTvQTrAxRvydNfmaAILmLc81vGLi2+0yoVQdUHQBghgNMBA2FcvY9W1tP4gsjJLc1sOK/0Xh0H1Kc7wnLcbzmQAAzQ0Swv0BBqoF48TMuyCIuT6IuCysFln+UgtB85QoBVIpEWF1slP1EbvghkojRchGnP8HVYnHEx74pxscXroSq+meEqhBhafIFudHnbGk9iEWDiF9ibDCiplQiEOHp/Am6em/1hrPTM5nOB3GHeo96xXuPqtLZ1Mf+9mNE2R7CsJ7h1yV6xw4wl9iLGUSJTZnqvmxdfe0//rY0d8fy46fsXdehpccXW86vlxf+61W/T2df5X4NNRUW8sWJifkbl55MZtbL+w0EmEFfv0ZNiwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFCSURBVCjPfZHNSoJBFIa9qLmMiNbdwGwKClq0ieYGCvGjnw8Kyk1RixZtCiJmEUkQUtn4s3Bh/pZO+pkfSYpvr6OEGMXhwHDOM+9550wEkf/j55ATWZXRaWtsSj+pBzEF5GTW1BGiz+ighqS5lxMA20EXQBdtBPjkKcRdkJBjgOJm2G4iDss4RN0h2lwLB2RU3bUbWKP4FuawgVdW8jhXDkjrkLIWb1DIYJm5SLCDd5xqBzzbPloEalhnHmAGPirU+MKRdUCKQJMlD7MUL2IFZcZQIz4CHnWblgyWkMUCCg4o8T0F7I9GJFUJA1Tpfh67VFhlvqCHW/gjkwlxY1p0XUaMN4u44N0BEd/4YryoK3kZNFj84OQqV9Uj4geenFj1mTwxSRoNOTsPDc9E5dRnHYs9taO3bcxG9aaKiV+/+Vd8AypJdaR1UheDAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHxSURBVDjLpZPLa1NREIe/PKhSNK2g9UEIKqEFRSgooi4sCJqCuHEpduEDwZU7/wGhu27cdKWoG7WQrsSgKAV3SnFTAqZCW22xlAbTpL0xyb0z4+Ke5mHrqgMHfouZ3/lm5pyImbGTiLLDiG+KsTfLTRQ1wwARwMBUUQPRUIvCoxupSIcBwJF9XRiGKRhgaqiBtZmowtxKdSuBmGHmChTMDDNH44xUDVVD/G1aEAkRMUPVFW5q7TTxRbcamGiYaKCqmOIK1FEp6fIzDu36SSwYBO53biFQUDFE1NG0tIqSLE1yOr3KicwdMse+8HW0f7iDQANFXI8tklAnN3KcS03TM3AZ70eORG8KS61lcw+O320aBAGIaLP/dpM+8vSeuopU8+zen6QmSxweGuwOvNJ4y0AEkbiburvdwlWWgz780gLRWJFI1KMrUYRalY3leqyNwBBxxW76Cb/AmdgE3QcEDXyiugbRvZjf4NurQi1fqNxrIzA3g/D2ZH2K/uAdA5eGsMZ7IrLOzNsa5lUxhYW5ys2Rl/PZNgKlsFh1g4OLBz9x8kqGRnGceLyHmY8+r5euU9xzHgNePD+bDffvHsy/Z3Fy+HN9ZdS8wjWbfnxh/cmt9Mh2efH//bJf88UPlfLU0epv78/s7OrD20+/T2yX9xfxXpKxy4ipWwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAETSURBVBgZfcExS0JRGIDh996OFIQEgSRhTS1Bg0trw937B9UPCAT3hnJ1kYbGhrv0BxoaXSsMhBCsyUEcoiTKUM/3HU8Fce4Q+DyRZz5DcOkdiqIIiiAo7xiCMXs4HI4ZisPhOMcQOJQbOoxxKHm22UUxBBbHM1cRfw58GUtMIAieTIwgxAQWRclMEZSYwCIIGYsixASCYsl4pgiGwDFF+HWUaDopbfCGHRp+nCWSTktFXvFDOKyuNNYp4LhFriPPaXW5UWAV5Y6HNH+/dbHJIjN6NHlJzMnxWqNIDqFHh8/U7hiEJbp0+ar0m2a4MGFEjie6jCrtJs1y57FuI21R6w8g8uwnH/VJJK1ZrT3gn8gz3zcVUYEwGmDcvQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKESURBVBgZpcFPaNZ1HMDx9+/Z79l8xubWhDVmppuynpJFS4nQ6UVDlCFh0EkQKaJ5t/KmJ0O6deiQHTrlQcjlaVGK+I/SyZwH10gtxT252WrP9jzff5/v5yveRJ5OvV5ZSon/I6eBz76bT1EVLxCj4kVxonx7aE3Gc3IacF4ZLrciqmgCiYmx61UayWnABMVHZX5RCDHRUWpi2SiN5DRQM4IXxQZFYsLlBZaM0EiejhxOPKVKCkIKQr3vU5xP2JAIoqwoRqo2cm9s03u+NnC6qW2Q2uMLZPbhgZynduwEVbIYyWJk6abiJGFcJEQoFRNvd52jtPKd01392+joG+Lfe68w/ePJE3kKQiYCNyZAArz+BsvGY4NS94rERG/reT4cmaPzha0s3LlNc+ZpX9lD26qXO/LkPJkIOAtBIAiLLuGCYpyyruVX9pan6ezfhaucork148/JaarO8U1TdUVBrQMRsA6sBe9ZrinWJ14qXGV08wSd6/dgZ78mK/5Dsa2dPFSolLdTMYZcjYUg4Bx4DyKICXQujrN/0206NryLffgVhaLgq33MXrzGeM8gq0rtmJol17oF78EYCAFCYCi/yO619+neOIL/6yRNzQm7uJZHl67z/eoh/qZAW3DYmqWQ6gZEwDqwjpm5CU7smyXSS+XWlyiW2sJqfhu/xdTgPuYVjDN48Zi6o6B1AyHAlq0wvI2p/A6vDX9Ey4NLzIxdZnJ8gV/OTjD6w36WiiXK3QNs7CkTxOOMIzu683jSICQnpBBpGTrDJx98DIXI5E9nmPn9AV9MH+OPhV66yz8jQYkSiaJoVLKUEs96f3uXebP/xfytV/tIRXfFzM0fHPl86i7/4QmxWH8VvTzD6wAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAEzSURBVDjLxdOxasJAHAZwwbfKkjlbJVMpJaYmxtSoNVoSsCLlekQSjcZNRUFFIUNxD5nqY7Rr+wiuX89M3a62lA4f3PL97n/HXQ5A7jfJ/Rng+/1LSsn72UAQ+HlWJp5Hj4Q8gguE4VAIw0GWwSAQWPl1sZhjv39Gr/fAB4bDAJNJhCgaYTweYbNZIY5jrNcruM49HwiCPg6HF6RpiiRJsFwuQQhhYAS7WecD7KzY7bbwPA+UUnS7Xdi2zdZPqNVMPnC6qPl8Cl3XoSgKZFmGJEkwTYOlzAc6HRez2RSu66DRqKNQuIAoigy7hmGU+EC73USr1WDlajayZZkZoqoKm0rlA807S6jeVoRKRRPK5RtB14tvJ8hxbGhaEWc/JLZrXisVKcvxR8AX6Irl4/8+03fzCbreyRfHFw9qAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJNSURBVDjLpZNLSNVhEMV/f7UCy+iaqWkpKVFqUIlRUS3SHkSPRYugVbuCaFPrEgIxsKCFix5QtIsWraIIS5MQa6G1CTN7iKa3SAyt7P7v983M1+Kqm4oCB4bDmcXhzBkmCiEwl8pijpXTf+v0iKqWmimqgqpHxCPiZtF7h4hrO9DUufc3AVUtLdy2jxCUoEYwwUwJKgT1mApBhRf3bu75owMRj5mQnkwSVDDxmPoMisPEsWDxcq7ltXDl/JOgoqioipeTXZf2X88RcRRVH/znrtrZQePRWtQCI2M/slvv9l4AMgLn7n+gP/kddYY4RZ0iaZ3la0sWIl5wEqgpT7BxVYLLt5/nA+R4n+bEsi5+Zg1NW/botPUZnru0nNb8du70THFs3gNqyorxzmfO6H0a8w51KWS61aVQF6MuxnyMiScWx4qCKlo7d9LzbnRWIMe5GBXH/LyiTOKSSf7qtzZCtseZ4Cb6Kc1fTVXxZr7HU1zs2ITqWQCiI7s2hBAMMyMEI0xj6fEEu2uOocFQU4zA58kREgsLefbhMb1DT4k1vSTrzqOX0aukH0xUbqFkXT39Y1GqvHYfsTg0GEPjbxkcH+D9WB8TqXGGvr5nw8odrCmpI5YwHoUQqK6u3g60ACngBnCq9gxbD60/gZgipmgwPk0Ok7+omJcfu3n0+uFXpzREf3umw1crLHYOZ45YHJUFNdGWij30DHfTPtD22QkNyebQF/3vN65rypqqK6vP7RxoH3VGQ7I5vAH4b4GKxmhKLTs3ZVrxpTkMzsx/ARtuob3+yA7oAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHUSURBVDjLxZM7a1RhEIafc3J2z6qJkIuCKChItBNSBQ0iIlZiK4gWItj6HwRbC7FRf4CVnSCIkH9gJVjYiCDximCyZ7/zfXOz2A0I2qVwmmFg3rm870wVEezFavZoey7Q3Hv+/Z87qDsiTlZFBJIGKStZlFSCTpyUlAZgfXXfH9BAPTCberVANBB3RAJRR8wp6jzd/DotALA9UcyZgZxis2QNijpZjSJBVqeIszTfkMY65cAjuHxmgSzGlbUFrp1d5ObGErcuLLNxep5hU3H93AqjYcXti4cZZ2OSDU9CnVURddqmIovTDmoev/5GVcGDF585tjzg1JGWo0tDDgxrThxq6XojieOd0nRZ6dVpBxU3zi/T1BVdViKCcTbcYX11ngB6cca9MSlGlprojHqcglycVJyHL79Q1Jn0TgBdb1gEbz9OeL81IYsRAakYvQSeC/WvVOiLE8GsM4xnvsuGe/Do1RY/dpRenIP753hyZxURJ3JQXbr/Lq6uLfLpZ6aIk9XJssv8VK5dNcQcmcl7fKVl89kHmu0dJRVjYTRHGVSMpELaQLVCtEY8EAvMHHUwn067+0LVybtvok9KSODZiaKEOJENihPm01gD3P+62Oq/f+Nv2d9y2D8jLUEAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHHSURBVDjLpdPNTuJQGAZgL4FL4BK4BFcuNEZ03Mwk41+MMbNQok7UqCkGJWrGiZKiYJXKERgLpUVEIagcULSTii3KxC2X0Et4bXcmisq4+DYn53ve89sCoOUz9WJgnJXs7nBeJrlb8NlbBFKKMelL84PLcfu7wJhPcnDHipEs3SNz8wipVEPq8h/+nOnYjJeNb+6Y402Ala7qyeIDhEIVfunaWODydC1arB/kNERzOqbYLG0I/FgXnbEzDfJlDV5S0PuXBJs1/pWJ2ZZ4WuczFbAJBT2TxP4qMLKWYA4vdETMtD6PMPB8Uu9MtPXLFGG6XcTVNRa2vQoMeeOuSF7DQVaDmepq+ha+ewQHl1YRv3jAr2jJaBrYEhUzXYdYqGEnpeJ3rGxCZaySMkaWU/RdgE1cIyirIKfWid9jW1TN5it4+RIGFz8AWNU9QZxs4i+2kyo6R0NM0y9xdCVN944q2DxU0D4cGvgw4BwP22f8+bpPUEBOquDkO6xHbuAOUjABivktijl/AR3DPN9wBdZeSaaK/WMdobSGvSMNu7IGTrpD0KyAWMG07xwNgX5Gph6u+CJ11myyGqc3zvFz4w2grW/H9j/f+Qn6r94u36IRBwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAG9SURBVDjLpZO9apRREIafDVuIhMjGhPwJukashNjoNdgIqQQbG8U7ECy0i4UXIMQLEKxtrCwsRMRKbBSCoBhQwRjwZ3e/M/O+FufbTYRYZWA45wznnXk4Z6Zjm8PYFIe0LsDDG/1pm03jy5gpAzbIxga3q2wMv2Q/uPXo8wZAZ/P6qVmbrd7iyd7cUh86HWhFMvvcpKBE4fv2B358+7Rx+/H23a7Nq+PL/d7c8ipf3r+kjH6jhDSkTAjCRoISZmbhNDMLq4S4c+/K8rmu8fzahYu8fvaEwc+dKm5FIZMJIVMSIsXu1ltmhw1nzq6x8/XjeteG+ZVF1q/dRKMhVqBInElG4igoApXxPlEJpo4t8eaF6drgEIPdd6j5g0KoqCYpSRShkq0LlZps+ugJZOjWxxEuSQ6zVohETZIh1LTiNqYQGTVmtwQqiUZBjgKVICfVsj0Ll7GwpYvcI1AkOSyUYTkQN4twCjWB0jgryYTAjYhRkIPyH1zVilETOV19QlCSHAQ5bA7GTaEUDuFxZ9EmsCGLOLJyvv5AGmvvstVWlGt/7zNjOvevrjy1uST90+8Hz4HBVYkrwfPOYcf5L9lR/9+EMK8xAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ5SURBVDjLfZJtSFNRGMenRkgY1BKiL30yEkqJrCjrgxBB5Qtmyy3NcGoUuqD5skEm+ZZizpTUmZEw33ML06lzGoQKtRRETXM2Z1LOTBs6LNNw9/w7d+IiuevAj3vO4fx/z+E5lweAtxVRvp5Pqaf8psAF3RQfngtBa1OvCet2Bq5Ge/80K5nkCntR7AwhsP0imF8msCwRfF4k+GQlmFxgYF7YEKerDJzV90vKexwHZm0EX2hw6juBaZ6B8RuDsa8MRiwbggL1IP57A7b6NK36kYbH5xiM0vCwhRXYHYKMmnd/gwlH+dvunPTOehy623ZLlrfO9oCVbA72JsMzjEPK2QP5Gb5UGewJxcXtKBLsQ2JKBkR5OkfHq/QfnKKlH2uONd0f/ecVioM8OzXyC+hRRKFAeBC3A3dAfHwn7ob71tCD5rnFlc3gKiVjM+cUlEbsqZ4xqLE81IT3Lx6gXyXDUMsjpGQqRip1Y2zwJ0W6tWfOyZUQQepEYxpZHW8FTFqsGdvRX5dORLlaKw0mcP0vTsHekAYPXkDFE3VxNplU3cREXQrMdRKoCnOI+5Gycu9zlR4uBbvON7l5nNbkykunGL0VkGvfQqo2QFJtwLNhIDHfZHc/UZvpFVThxik4FfEwNS2nDc+NBMkDwI0+4LoeiNQAV+sJcrsIxMnNJDD0noxTMFt4CAPqUiSp5xHbAcRoCIQ1BBFVBGFPAYFiAYPNSkxl+4JTYFYGv6mVxyBU2oe4LiC+GxDrKPR7rQU4G9eBl/ejMVEW1sspMDUk8V+VxPsHRDZkHbjcZvGL7lrxj+pe8xN2rviEa63HLlUVvS6JPWxqlPC5BH8A3ojcdBpMJSoAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJRSURBVDjLjZLta5JRGMZH/0X0DzhG0Wy1PdVG6aIGtYI+9CVhRSt6gT4Vgavl2vI9LVIWrWL0KZTYpBqpFMUMZ03aMpXVMttLpPX47qPT7eqck2NWzjpwcXjOc67ffZ37nBoANdU0M9RqJkJJ5j///5e5mPvEVAnyb3PGi3z0LgrJZ2R5iUFCFslAVUC5OfdVj/z3weXqoCM0yMFt4p5XA7DI1CzMXkLu200i5y+IVYKlIo/pfjGDrAqgkamZaU7BIIWEE6kpLTLTbVjMvcCUcSNWTyC8JwnUKxAG6kHSvxtxbxM53kP4u2ormtfQHkRGzxLDZSQmmpH5IEM2dBKpwAHExhtQiPXB310L+9WG4N/3bduFiOs8FngrqcYR8z5SvRNJ73bExsTMHFDUwaHa7PutidS8VEyQczqQnZUjPilCxteI7OcrmHnQghHXRZy7dRjHr+2HrHfHYtuFDV0MUP7S8hELUsF2UqkOKX8zhLAGHo2Y16ulvMJyBI98Jrydt8PgOIVDhvVoPL1WV6ocJ5GHkA5KwbtFSAd2Qviixmut+IdN1XRfpmwVht8ZMey/wd6BztkJg/MEBQgUkFyIOUizOPAuEbIf24m5Dx6tmH+s5W7TmHvl9XjiG0D5sE2aKKB05+lXSPilpGF7kAn3wK2qj4/ouf7l/nBn1gla+1Eo7R3MrHzasZIgbJWMC9FRZMPdEObvYUwjjtmNW6+XXy3Z2HtQJ4LefoxVpjP9Zj3w3GmRT5i3zL0xborSM780bVNWelxks4ooSWOXZhVd/wllWOl+7RbUkgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAE4SURBVCjPfZFNS4JBFIX9UfOfpl306XZ+QYhG9UJtiihq4cJNQdQsIulLKhs/CAlNy9JRX+slKel0nFdCjOJsLvc8c+6dmQgi/+unKIqCyuucNTarb9SVGAOKsmAaCNCn3lBHxlzIEYC23wPQQxc+3lkFOPXTcggw3AzsNlqwVBMNh2hzKByQV4NGClGneWoOK+yUkFIOyOmAsVFcurMveMYZZrlJC7vaAbe2jw6B0HxEDPeYYfWBLeuALIE2g8/ZrNKexhGBOjPWQ+Bad7lSEhNs7tGewiQWeZ8y1sIRGVXFF80nxtewSeAOFXziBF64ZFocmw63rlFVPGADRR6owDOeGD7Ugdz3m2y+uhyfp8vw/IQceeqk3DEZjgg4uwSNhInJsc/aFqtqWS/ZuI3pBRUXv37zL30Ddxx1NEzXzZIAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIcSURBVDjLY/j//z8DLqyePcvQuW7VQomESay41DDgM8CpdkVm94YzD0RiJ3Iii4snTGIjygD3xlX58/de+y6ZOFkAJqaQNk3Hu2HlaaIM8G5eU7r+5L3/silT5aE2q9UsOfw6ecJW4gwIaF9fc/Dq8//yqVO1hWL6pZuXH30+d8/VhymTtyYRZUBw58aWc/ff/VdIm55as/jQraM3Xv71a1pZTXQghvds7rzy6OP/vk3nvjx4/fW/V/2yuUTFQgc3AxOIjurbMuHuq2//t5x9+D+2d+N+gtHYw8ssv1xNeuYuE60zc2UEOzNn7D5z4cGH//ETtx8Vie3nxmsASPNOU53r591s/p+yM/503cf+/6w9N/4/BLogatLu/RJJU6ylEicy4jRgpYbsnDNu1v8nCHFYTRBkD77iYf1/zt7b/5edeff/no/D/4vOVv9nSPJn4jTgsI3Rm7V6yutB7BWqUjMvBTj9L118+t81f8f/ixXF5h6w1L+yz0LvfjcvExdWA/Za6d87aW/6dLOB6qG7Xvb/12jJH9pkoHL6mI3RpzYuBua50oLlJxzN//cJcShgNWC6JH/ycVujH+eBilZrym8AapLYoqu8/oyD6d9WTgaJFeoyU4/amfzo4WMRwRkLvfys8n0CbGpd3IzMIP5sGaGCm94O//eb6ty96G77f6W67BKScmMP0L/L1GXmA732fb2u0k5gTMmgqwEAFiuGP1TJcvYAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIvSURBVDjLjZLbi1JRFMb9N3ro8mYgPqSBCIEPoQSGYYVREkxxTLQsREkjlRG18doxZbyGF7y8HAONQUgnENEHQyFmJqEnoQf/gBDKl/na+1RDEz6cDYvF3uz1W9/+9hIBEP0f1Wr1XKlUWuRyOaTTaUSj0W8+n0+86a5o02GhUHjX7XYxGAzQ7/dRLBZhMpn2BAMSicR4e3sbyWQSFFSr1WAwGA4EA4jcMc0ulwudTodXoNPphAOCwSAPcLvdaLVayGQy0Gg0wgFer3fsdDoRDofRbDb5p6hUKuEAu90+LpfLqNfroCpisRgUCoVwgMViGdEvJErQfGrD4rkTP23WYzx70iPBbAQ0Go0LJNbUcbPZjHw+D/KdWHpe4PiQNJ9+wrrF4cvN2zAajb5TAFpM5K6n0ykCgQD0ej1kMhkkEgm4uwZ8jcfQzLjhTN/Do9c3YAxehZq5/PEEQLryxavVCsvlEovFAvP5HLPZDKPRCG/qIfi5B9g72sXnZQ9s34o7rBSKx2fifycPk8mENy2bzYJlWYRCIXg8HjgcDtx/pUbnMInOPAW64vsmsPtmCvjBA1KpFIbDIWgmcw+/38+7b7PZwDAMrr+8hO7RW/y73h/sUsBvIyKRCD/zdGzb7TY4jgPxBZVKhTfyiu08Yr2H2Olt8cU7H7ZOK7BardBqtVCr1XRgoFQqIZfLIZVKIRaLIb12FrfiF5HoMXxnmun+xAMhQS6HSXynsv/kMD3/Bc9MubHqnCOyAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHtSURBVDjLY/j//z8DJZiBKgY49drM9J3idhLEtu+xjvea4nLNqsVspnWr2S6QmF6+Zol2ltpq5QSlmcpxijMxDABp9pjkuMuu28rIpsMi3rLZFKzIus38mm6OuqRxpf41nC5w7rOJd+i1ngnUXGLTbj7Tsskk3rbL8ppZreEu7Ry1mWpJSvHK8Uoz0TWK5U/nYIg8y8rgPsl+l12P1WqgbTPdJtk/AtoWb1CkBdagnqyyWilawVM/Rw/FBQyx540ZGm/eYIg8P43BdYLdSZiEcYXeTJB/TaoNroH8q5OldVIhXE5SKUqhXSNRfZdKvPKVkOrED+L9d/8wN998w+B4XIL40I48K8FQf/O6+7In/7mbb35hsD2qjBKNDLU3ExjKb7pi1Rx61ke89+6fwBVP/jPXXn/HYHlYGiMdMJTe1JJc/PgHQ/X1xQyplznBYuFnmRiiz062nPfof8DSJ/8ZSq8/ZzA9KIEzIQE1Vvuuf/6fufv2M4bgsz4MxVdPui8Cal4C1Jx/+RGDPqpmTANiz7MAvXI+bO2L/5ZzHvzP2Pjif8DCx/8ZMi/fY9DcL0FUUmbwPKkg3Hr7T+WOV//95j/8z5B6/jaD6l4JkvIC0J9FTtPu/2dIPn+PQXG3BFmZiUFzbweDLH7NVMmNAOGld33BRiNUAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJZSURBVDjLjZNfTFJRHMdBmX/m1Pln+qDTNjcmD77oo62trYd667H10nNPvrbWIy+u0FFAOhrMzWZKXaYE8YAx4+Ll8kfL/NPoIuBdmAVjCQQb1LdzLkg2wzrb5557zu/8Pud3/xwZABmFNLlKpbqi1Wr9SqXyKhkr6FwFxejo6EWj0cjRNXSumkcvAuk4QsBuRyKRAG+zSWOhAr3fcDqlWMjhqMYqG8vkdLDV2IhdloUoitgh/dv6eqTq6iQ25XLser1SjK7ZrAgq1ZUF4ZYWMHNziMViYMxmbHR3I97ZiXhbG4LNzWBMpnKM9Ht/E3xtb8fq8DBm+vvhGhxEZGAA0b4+7Pf0YI+I7K2teNjUhJcNDUiQis4IMl1dOBofx+exMRyOjEAksvjQEKJEFCEiobcXH0lVQkcHUgrFnwKe51EqlWpSLBaRz+claKNzNKemIJfLIRAIIJVK4smSA48ZN6YtPPTWEGYsr1HIZ88X0GSr1YoF+xosngjCiSyiyQL4yDFWeBHzK2/g8/nOCmipJxKGYaBn/NgRj+GPfcf6fg5ewtanPHRL3tqCE6hAs+iD8KWA9UgWrJDF6ocMQgcFPHoRBMdx/xbonvPYFjNYC5eTKUGxgPvzrPSY1V+ZCkjSj9MCyuIrDq7QAYKxHLhYHgGyu+1dBtOzC7A/1f0WuFwupNPpb1Ry+mUmjpJwsu9JJRwM5AtonvGYmrUgsGyAffIm7l2/cEMS6PV6uN1ueDyec2HJOWBMU3BobmF7+QGME5dykkCtVrPkGON/mbx7G+Y7134aJi7jF1A6sIfsK39SAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKjSURBVDjLjZJbSNNhGMZXF912FZEVpOaVFFSCmhe2/iNqhYVsmo1tDXUiJjNnrC0RMxVFxTm3ecJDeSrblorpSFAJzxptOrfFzJnuUJDplG2ZrqchtaSGePFcffx+vN/zviQApL2STQvgzFaFOCytx7HQFLjVyAuqjwkPOvTnfU+YRz1BmJsDPda2Y9idmrRg8b4E9ewjEqsqDDZ1MlzjZbApo2BtPwldVfDqvgRy2uEyu0YNx4gcW5qn2BiVw/K+F4NPzpn3JYilxnH1LZk/17UKeAwqOHWdsA9JkMe6pPQr4JJDODLOZYeESYb8LrGVGn9mWiJI+2FX8rHc9RiWrmQYW2/D1FUATf0VaGWhLB/MjjpNyDgUj5hBxu40lPNQWZOPF01M2AcEWJvpATasWJ1RYLT06hefoDz+/HBt6i2ochOhb8tGK58OCZNAdQoFr8dY+DqXg83lbu8XSuCaVWF7cRiahuRtn0AaH/zSNNj+X2Hqkkis6LLhcQ3D9fEeVibTYWhOxGQdEyZZzN6FWfoz8W1WCI97DM55NtxLDKzrRZiroyCjPA62uht/BQcvVAilwnRfYYZnDNinBL9hFtyf7sChewS9nACn8KLtATc3d6ExgbEDH4h6nhTLf7cx9Bko7FBCLBNC15flHfst3OZEfF9iYs07iUlGuIylEad2b44USK2m03k9zm6DB/l6QNTSjrleEbR9Ylgm6HCaGVjRPIRWTHEZyyKC/r0V0kx+2Pa0ohL8V3aw1UBHMQGsL8JYS8OAKAAj1dcwUEDGvJQKf8dGMldE2xQF95GQMw7uGyCPexabY1JsTlRgwgu2cUNQnCXYKcyv4ENzSmRvXqwonN7SGZYxBVr0URSyQ9FfdB0NRUmIuFm1XJmVtFOYP8EvH33H/9EvkWcAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAABxSURBVCjPY/jPgB8yUFtBdkPqh4T/kR+CD+A0Ie5B5P/ABJwmxBiE//f/gMeKkAlB/90W4FHg88Dzv20ATgVeBq7/bT7g8YXjBJf/RgvwKLB4YPFfKwCnAjMH0/8a/3EGlEmD7gG1A/IHJDfQOC4wIQALYP87Y6unEgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIbSURBVDjLpZNfZNVhGMc/7/v7nTq1P9Vkso0kJy1ZjZWZ6CKTlMW6qYmUFNkuqpslYnSxXYwolXURXdRNTRszRU2aWTRbaTctUs1pSjSn/M7vvH+eLn6nsYixh8f7PK/3+fD9eh8lIiwnNMuMZQNCHtb/R4MH48EasB5MAaxL7hxQEIghBCDT9s+sX5zOg3NJbVyxtvDiQREAkMuC94grPrAWcRaMRaxJemMQa8EaUpVbIZK/AAERaLiESpUhU7cR59A7ToONcMPn0QeuoVJp7EgP8mUSjCkCrE20iYdUOTLehWq8gnIx/vUtcB69ux3Mb8xAB0HdUeyniQWAxpgE4AV0CKUbwVtkfhbd1ImuP4WfeYJav4XwyB3851fgE4nEQkiUT/R5jwLU9hPIhyEorcY9akPv70Vva2W4r5URX8J89AsTaZrjrxyLhZDYJjTvwRv8xHX0rgvI+yGC1nvgDIODXUxVrGNvbQM1FRlGph8z8O4l38sDlPRUCTuPI/xMXLcWMYnTYhL3z87lOXzwEASaltoOep+dIUDT3z+IJhIwBpVPo/Or0PFqAlNCYMsJZS2hVPAt94OUKqWltgOAi/v62FxZR0FBSCTw/P7Cz8IJFBafueo009kx3mRH6Wy+S/fTk6SDlawQUEvZxsb2qqs1m9ZcbqrbQ2ZDPTNzk4y9HWX243yvWuo6N7ZXdQPngDIgB9wcv5Ht/APUTCZid72ZzgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAEzSURBVDjLxdOxasJAHAZwwbfKkjlbJVMpJaYmxtSoNVoSsCLlekQSjcZNRUFFIUNxD5nqY7Rr+wiuX89M3a62lA4f3PL97n/HXQ5A7jfJ/Rng+/1LSsn72UAQ+HlWJp5Hj4Q8gguE4VAIw0GWwSAQWPl1sZhjv39Gr/fAB4bDAJNJhCgaYTweYbNZIY5jrNcruM49HwiCPg6HF6RpiiRJsFwuQQhhYAS7WecD7KzY7bbwPA+UUnS7Xdi2zdZPqNVMPnC6qPl8Cl3XoSgKZFmGJEkwTYOlzAc6HRez2RSu66DRqKNQuIAoigy7hmGU+EC73USr1WDlajayZZkZoqoKm0rlA807S6jeVoRKRRPK5RtB14tvJ8hxbGhaEWc/JLZrXisVKcvxR8AX6Irl4/8+03fzCbreyRfHFw9qAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAINSURBVDjLpZPNS1VhEIefc7wXTNQopKTM4IKRaB+GliQtKgpau3NjRcsIzEW1EQIR2kRUUP9AtHFhi4rAqKBCUDOEkDIQPzIIWpjX7jnvO+9Mi3uvUBAIDgzMDDMP/JiZyMzYjMVs0jYNyDDc9h8NCl5BPIiCdyChWAuAM0ghA0BTzz+z+rcHhRCKsQ+lWODN4xIAYHUZVLFQahDBgoAXTHwx9x4TAfFkd+yHgpUBBmbQfoMoW4N9fIiFQHzoEkiB8LyP+Nwdomwl8uoWtjgF3pcAIkVtppCtxcZuEnUOEIUUnXgAQYmPXqb/WQ/5NM/dg/3E85PrgBjviwA1iDNQvRdUsJUl4uPXidsuorMvSILQUNfM+fFBnAqIQGpkKCRFfapEQNTai319St/UfUwdzgJOhF3bmmiuP8Zqskb30hgjfjdbUiNDWqKpgnp08h5xx1Vk8jZnWnoJpgQNKMbyyiIHGrrIuwInF0YY1SoyFAxSDyg6egVECE8ukIgjmDL/cxavgqjHB8+vdJXDe06Q97/pOPK2BPCeKFQSlVcYAokkSBB21jYiGgimfF9ZYHt1PR8W3zEzN87w9FYiu1ZveFu/LIKBg+6uahLncOpIxJGra6Ezd5aJhfdMfxrl0UwN+5IKoo1+Y+tgvNbeeKrq9ZeX35xyennIPgMbB+QGorWgFVUFDbkfQzZXrv8BKB9RM6Fzq8AAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGNSURBVDjLpVM9SwNBEJ297J1FQBtzjQj2dgppYiP4A1KZRoiFrYWt9rHyH6QUPBDTCimtLNSAnSB26YKg4EdMdsd5611cjwsIWRhmZ3f2zZuPVcxMsyx9fPF0NRfS2vM7lx2WtcQiJHvDRvZMluXMGNHstJH7+Wj09jHkOy1+tc3VxeC+P6TXT1sYZX2hT7cvS6lepv3zHUp2T8vXNw81dXT2yGwEGeERSbSVCC5qysYa+3vm9sJGmLFojceXJ9uklCqUIAic5G3IytahAAhqqVSiwWDwx6nogW9XKhWphaGAvC50Oh1qtVr/7oAdCwBQwjB00mg0qFqtUr1ed3YURZM7X7TWTqM2Gm3CASRJEur1etTtdp1DnrafFtJGMbVNGSBas9l0DrAzR6x8DdwASUB0RqNNGS2/gH7EInvCwMhkZTnlnX0GsP09tJER0BgMoAEAa1rETDIQvBkjBZeHMIjjuNB5Ggg0/oZWPGrHGwd7Fp9F2CAlgHKqf0aYXb6Y2mzE8d/IfrXVrN/5G81p6oa2mIEUAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ8SURBVDjLlZJZSJRRFMd/39JipZXZmCURrRBjKshkJW20CFGSQlAotENQr9FT1IP2HoFPFRFhCSMYGS1GEUUrkZHY2DItUs30kTnjrN9dehhzFAzqwuHcc+6f3z3ncIyL9/uPa80BqVWxUgqpQCiFlAqpNEKqESaRQiOVetZYv8gHYCutj9T5cgv4j3Piyrtlf+62VKoAoP3DBYQSCClwlcCVbtZLMfx2bEUjrisnjABoAHYt3fdPv8eSAldIsgCpAGh5EP4nwLaKfNIjAWIIALCzykPrwxA7VhUO5/yPQ9RVZmMnkhxdgSsVSmtsC/yPwliWSdvjMIYJ5pCo/WkYtKIodJ7C8V/wMh+oAMCUUqEB2zKoW+HBNqG20sN2n4canweAGp+H1RNusWBWiDlVu6ld8poXTYurAYxTbZ/0oU1F3O/5hWGM7tc2IZZS5DvX8ebdY3rpRmJ97xFRxcC7V/HAs679tisUWmvGWVBdPpPOLocNpdm1uP3yB4tzAkwt2YKMdzOxoJik7KNoTdkkEetvtoXKDNEyDTq7HIBhbxrgKuiLz2Ba/0dMy8EwY4zPcyAZZ/BbyrKFEJkZmLCupIB7rx3WejMVJMPdBB+dIX+6RokEpvoFZi7aTfPmciDZHYgctF2ZacE7dwrffiZYUJhD8Psg8vMNjM9Xmbe8Cp2+hSGj9NxMYSWTJFKSjx8i9Q0tQb8tpX54suVtWVqqya6QuEIiheLw7A7K128g7TRj21N5dSfNpU+bCedVMBiNd1y7UOMHQGs9pn1pq36SCjXpWGCrfn56ZfTsnoUNY+nsv63s16DTGRm4Oy/+M5bo7f1xdO+5t61j6X4DmUx477d3qncAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKZSURBVDjLjZJLTBNRGIUxbeOGNLrSaFxgdOnGrS4MijtWLkjcysLEuNEoqDG4IDIpNCUlLVLbQFrsI0Dpg0IfIzYiCyRQA2mb0tQG6QOqbemkFanY438nofFBCJPczOTOfGfOOfdvANBw2PJ4PHKXy+V3OBzcxMSE9N/3R4EDk5OT5fHxccFms3Fms1l6JIGpqSm50+lkcGVzcxPlchkE75pMJm5kZOT4oQL7sN1ur2QyGdAzKAIEQcDw8PAvvV7vHhoakh0o4Ha75fQxvw8z0GKxgOKgWCyKTggWtFotNzAwID0QprIq6XQaZJ/ZBjnCcjwNlScMx+I6NBpNTa1WB1Uq1Yk6TGXJCeCpLBEmBxgdHQWJIp/PQ+OLov31Ah6alvEllQHBQl9f39UDYXIAKkvMnsvlEAwG8S1fwDNbCLb3Ubj4OfT29lY5jmsWBehv/NjYWHVrawskAqPRKGZnMIljdnYWyWQS4VgCb5w8g3cJvlwvkWC/1WqtpVIpxONx+P1+EWYOpqenkUgksKTrwrvb58E3y+C9Kcv4WiSddQFqWVhZWcH29jbW1tYQi8VEB6z5SCSCj6+e49OjK9jxKFGLeFGxPsDivUt7/uvS+6IAlZWdn5/HzMwMCoUCotGoKBIOhxEKheC7dRbfCYa6Feg4CbxswlfFNfhuSD6LAjRZpwwGQzUQCIhHx1ovlUpYXV0Fz/Oi7dqSHX9exa7TtC+t1Y9Rp9M1Dg4O5lhmdoQst9frBZW1Q5mzZcMdgKAfjxtQoLV+VwLqIfXXINFkNfb392dZflZgT0/PTnd394W5tjMvFtov/sx0NCH3RIZE+zG8bZXueVskT/8bZaVS2ahQKLIECwze3//Qdq6T/phktum+wWC2/xtU6N71e0LFhAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIuSURBVBgZpcHNi01hAMfx73PmzHWUO0QmbiOhyQyZMYWGRhbYSfkLpKwYpSRTSikLxE7IxsrGSmJBGtSQnXfJ5CUvg+G699x5u/ec53l+zilFNtR8PkYS0xEwTQHTFJJ5dX3to6hlxQpjAn4TjbHXH5ytrgca/MmQm1i+7akNyRgFHYv6LjYbY0BkBMZg69+Xfn109INA/NJUaJFcOjr+efAgcDkkZ1XHJzMaX87hkiYIWjCmSFTaTGndiQIS4EEeECaYtWD4at8R4HJILjWBfIJLCsgLP/WedOIr46N3aI4WglLwCZIFLMWOQwXkF5MJyRlF3k6RTIKSCdKxGsWOnUTzOgEDCPAgAcKEc8AFIZmQXBoQzmxlTuduwIOE8PjkE7Z6C7kY2RjZGnLjRG2HoSFyIblUkqvjJ58gFyM3hmwVn1aQi8FWGRyucPedI56aIrX76Qlc2A6E5BpI3uLTb8jGyMXIVpGNkatw42WFp/UimzauoW1uO7efX+Hes5HwUn/pVEAukQwO2R/IllH6HdkysmVkK1x7UWV1RzcucHQv3IozKb2rNpDZG5BR4it2shyn4wVvJ4vYxnxc0oZ3y/BuJaO1Ms1mFts795E7sPkCy1q7yEQhGdUbJ9+c37EOsQVDkb/UapXo+ch9Ho8MMbD1Isdv7iJqmkGmbiTxL739pWNtS2Yf3tDVR/uCHoa/POT+kyE+vo1PG0n8j97+0nFgD1AExoCzD86MDPwE/3Mt+7fw600AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFtSURBVBgZBcE9b01hAADg55x72mrdnqrE1SCkCUEivu7SxGKppGMHNhKj2KRisYkY2MTcRFQMGh8/QGLxMRikJklJkN5B0N72cu95z3uO50lqAAAAQAYACxP16KF8vhotvxSPNgfF/QFJDWBhOF7Yfyk9EXemRn73P359GJce1BkA1Y1918+MtxSiRmtrtjfzc9qtpAYvkmhl4/L4pNKGnglDfng6uLMt42WjOhD3xOGTzQ/acpVa0PDe5AgZ1eF4szxbNvvJlHeCTKEhOOUVsmfNeO/Y3G5D1q3giERUWreuQFqea81N+acvN2Pcqu0SYzpqAWm4Mu2XTV1bEm2raqmGQi0gDbsy3/X19fzV1PUHFKKAtPjWc1THJ109DAxUKkGlRFo8+azpuNNyBNEOlVrDmID06uOV5ddyuVFj3jioZa/crI5yjYzi/Nvl7nxbJXheN5O7SqUY4lpsk9Tg2sVwu+yUm+XS4iIA8B+6i5xffIyBpQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKZSURBVBgZpcFfaJV1HMfx9+/Zc9QtO0unOMdasEibGf65SLOCJWRX4p0gCCVddBVYF0FEF4Hsom668jIN6iJJvYgoRoOMeTBdEoORf2rqJseca8ftHM+e5/f8ft9P5+JcSJA3vV5OEv9HwiPc+/HlqbnRPeIRnCRq469KJiTtwjQo0+uS3lzVtx9JNG+eRaZvZfa9TBWLVpGpa+Dgb85JYuHnYa3s20+oTZGsXE/6xDZW9e6FjtWAoaJGdrdCNncZv3CVzv5h7k+e5KlDky6lRaZyVh1dWrP7c5ChWKdYvEBafhHnUvzc15S6trJi82FQZP7iJ1i0fbQktPQMn6tb8QBkFPOnKea/w7JbIAOE5X+RV7+ief0jkJEvTCOzCVpS2mQCDEUPVoAzbLmC6yhQzFDMUMhBkaRUJjSXNgK1lDZFAwnMo1jgkggsgytwyjl2tUotzzm+SViMWDSjJaFNJpCh6JE8kgcyoInIyUJB/7ohDp86AuZQtBItKW2KhllO0vk0sTHJBxcvgcbwFvAhsHHNMwz17qKePeDt2xf4tNR5n5aUNpl9tvT7F0e7h45g+W2CeV577g2ijGgRQ1QXZ3m+/yUafpm3Zs5NZ8eSFSltfQcm3p39ZsdR19FFefNBsnCaKOPW39cpLBCsoIgFS3md7U++QqNopr/cGM9SHqJo6xvTP9xLSt1kISPEwIbyAMEiUcadxRnWru7l8ux5zv85fsUHdjpJPOzGl1u3JKXy1Hu1u2SFx5snC57Bni3sHtzHxEyFsWujkz7wQnVEuZPEv/1x4tkNivZOkj724eObhpm/dGb6UH22Z8fA3u6fro396o091RF5Wpwk/suV44Nrow8fmw/vH2jcmYnWsW7ZYmluRIG2fwAIBqNZGcz/tQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFtSURBVBgZBcE9b01hAADg55x72mrdnqrE1SCkCUEivu7SxGKppGMHNhKj2KRisYkY2MTcRFQMGh8/QGLxMRikJklJkN5B0N72cu95z3uO50lqAAAAQAYACxP16KF8vhotvxSPNgfF/QFJDWBhOF7Yfyk9EXemRn73P359GJce1BkA1Y1918+MtxSiRmtrtjfzc9qtpAYvkmhl4/L4pNKGnglDfng6uLMt42WjOhD3xOGTzQ/acpVa0PDe5AgZ1eF4szxbNvvJlHeCTKEhOOUVsmfNeO/Y3G5D1q3giERUWreuQFqea81N+acvN2Pcqu0SYzpqAWm4Mu2XTV1bEm2raqmGQi0gDbsy3/X19fzV1PUHFKKAtPjWc1THJ109DAxUKkGlRFo8+azpuNNyBNEOlVrDmID06uOV5ddyuVFj3jioZa/crI5yjYzi/Nvl7nxbJXheN5O7SqUY4lpsk9Tg2sVwu+yUm+XS4iIA8B+6i5xffIyBpQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALVSURBVDjLdZJdSFNxGMafc3Y2PdN2pGYjsdS2WFu1oiy8KKSINPqAGtgwhMgKrMAkiIigu7oIvRDCPjCKgj7og27sg6ALg75EW2roMldGpbk2t7nV/uer90RF2Drwuznv+zzn+f+fwzU1NfVpmlZCfGltbXUiy+P3+1/LsuxUFGW4o6PD8/dMIKFLVdVLxK5AIKBnMyCxQQtRPXUmkDCH2ErucmF9i5LL54ApOpgG7C48hdn5QN2BJwKJKwnvVAOehK+INiL03HxWTIlxkbfaRV20i2H4REkcFRljQ8QFIvhPAhLaiEpCkcwv0ZnqQrmpGbzqxv3oFgQnFoGxHQp9fRshZTOQiTANFzlygOUz8jHB9mIy7UM0vg6hZKFxfo0wdhz/GNBL9stgQZXDCQtnhYIypKRxoOgyNE5GO2PQVPld/Spu/ciNqheZ8Y+n5zX0tRsGXE1NzQiJow6HY3EsFstWAnp7e7/5l6ixxsbqIslbi8iTluinF93blx4J3TMSJIg74XBYcR+7s0ykFmQVYFRovf0MivM5nDz4KrJ/z4piyV2O1Pu7ME9zTy+Yk7l5t3HuLp5u1kKUEaanmRNIqMMU1+geeJucCZvSg3K31Vbg28ip6TfItRdBsAKzKpdYnd45bQIJzZSgjOD+10Lex81Mjr0Db4qA41Ow2CLA9zQmP2dMxhHixDWiYWoL1i9erGFPYVtTWqAp/eC1CfpzpkGXGQauDn7vH0zsMRIsJnEtUbraXqJbOBGyWAwpGcLcTA/nrqiFzh6YOXUU3bdjyMt8HjNxHELDiX11V8I3DQPSyucsFsv5B4fH/tz8gbUaPBt2gkXaIAgS+h9OZo62D6mHF4rzcvNMCFwcSf5c9Pl8Ax6Ph7lcri5d1/GbD7eqn2XGjuupwU364+YKdaW7QOd5fujvHQMhGAzOz9b9p3DkYSL+qDQdTX17H/p6qHMgdj3b3g+UOcQZKOdjkwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJdSURBVDjLpZP7S1NhGMf9W7YfogSJboSEUVCY8zJ31trcps6zTI9bLGJpjp1hmkGNxVz4Q6ildtXKXzJNbJRaRmrXoeWx8tJOTWptnrNryre5YCYuI3rh+8vL+/m8PA/PkwIg5X+y5mJWrxfOUBXm91QZM6UluUmthntHqplxUml2lciF6wrmdHriI0Wx3xw2hAediLwZRWRkCPzdDswaSvGqkGCfq8VEUsEyPF1O8Qu3O7A09RbRvjuIttsRbT6HHzebsDjcB4/JgFFlNv9MnkmsEszodIIY7Oaut2OJcSF68Qx8dgv8tmqEL1gQaaARtp5A+N4NzB0lMXxon/uxbI8gIYjB9HytGYuusfiPIQcN71kjgnW6VeFOkgh3XcHLvAwMSDPohOADdYQJdF1FtLMZPmslvhZJk2ahkgRvq4HHUoWHRDqTEDDl2mDkfheiDgt8pw340/EocuClCuFvboQzb0cwIZgki4KhzlaE6w0InipbVzBfqoK/qRH94i0rgokSFeO11iBkp8EdV8cfJo0yD75aE2ZNRvSJ0lZKcBXLaUYmQrCzDT6tDN5SyRqYlWeDLZAg0H4JQ+Jt6M3atNLE10VSwQsN4Z6r0CBwqzXesHmV+BeoyAUri8EyMfi2FowXS5dhd7doo2DVII0V5BAjigP89GEVAtda8b2ehodU4rNaAW+dGfzlFkyo89GTlcrHYCLpKD+V7yeeHNzLjkp24Uu1Ed6G8/F8qjqGRzlbl2H2dzjpMg1KdwsHxOlmJ7GTeZC/nesXbeZ6c9OYnuxUc3fmBuFft/Ff8xMd0s65SXIb/gAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJySURBVDjLjVJNa1NBFD3vvXxhWprShrSxbTbGYEs2hUoXBaELaTaCICEQJd2Im+JfcF2EUgT/gH8gKymIttkIIlRS3dgs4kfSpMFUmqRJXvI+xnsnJiZ2oZc3794Zzpx7zswoQggcHx8L27bBw7IsOUzTHOThYRjGIMfjccUBCgYGg3M4r9cBIkTvk7WQSQxqzpOTPuztveQZBgTntRoeP3uL/4mnj1bQ7Xb/ELCkHj0wN7+AsSsuzPu98Lgd0A0Bw7RhWNSIMO/eZyFsgU6nI/Eq/9iPlEmhKApauonTcx2tjiUdmbSzSyQds4fhtREFTGD39REBkzRaJmzRgc/rhMOhQaWu4jeBLezLBHQNvf1DJO2uha5hw0uWNE2FqvR6MPYSAYYs8JAkDGZLZEVRRW9dKvjLAk9UTR4Hvn398s9b0MhSn0Dhw0un02Jl5SbqjQbabZ0e1mcUC9/h9/tRLp/iWvg6Qgsh7O+/xsxMANXqGYrFArLZ7FhfwU4mc3BL13Xl6OjoajgcDqRSKTSbTQIWkclkGp8+Zp3JZNLtcrmUcrmMw0MX8vn8E6V/fRzLy8t31tfXXyQ3Nyee7+6eVSqVqdnZWUSjUfCmarWKUqlkjY+Pv9ra2oqR8po67M3tdt+eoOD6/oPUFD+WRCKBtbU1xGIxbGxs4OLiok1xjzEEdTuGCXw+H6irrDMHb2Te3t6G1+uVNVtSVdWjaVqa5ycnJ/qIhcXFxRtLS0sfVldXPcFgEB6PRxLmcjlWh1AohEAgwE//Z6FQUOlsTkcIIpGIRp6j1DFNBH7apPFzJ+8PueH09DR3dpI1i87iBym6+wuQ3GjC/VvaWwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGcSURBVDjLxVM7SEJRGP5vmVfpAWGFERJUONQWLtEQOUQRbUK09IDW1mp1KKPBsdGlWqKIqGiLoq0aggqxraFARMpX95535xxCNLouDh04cM7//3yvwzGEEFDPaoA6l6vyEj3MaDmcc0CMX23NdY9X9iPxlxijsHK8GmxxUMAh1O+BAb8bEKZVnZntVMyisFYiotnRgkU4UMaByC0Hy/XpzWQ80GGuTwy1GUULO1tQrIQJQBLIsriuTW4kE71d3qWg3wNM9gqIOYeoWDHlGuALYQhHn/cCPnNpsMeEjyIBW9bzP8B/KlCsSAJ4TQNyiI0M97WaPe1NkM4TyJco+FpcQC3irECxYsVuM/iyaBFTplltzHU+6sx/KagCKCDlX0A6R5TXp5O77NHl4wd43QYYoOwJEAg7A6iEEZHsMijpVbzuhCLPqdzBzcMnNHsadT7CZrUUMB2gjVnZ6/v+6GzqMbt7e5/V+fBaIaqEbfUKEqByMH0enu8cu+AE0QVBqDOAYk2cvUmfUiqrHsxcTy36QqcE3K7lyrrx77/xG/TSBY2ALCinAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ/SURBVDjLpZNLiI1xGMZ/3/edOWZojjkiudbMuEVMM4SMBVlbSUpZyAIhG4qlkcJWycZOSslCMTNFuYVpRrkzLuMy5tA4xulcv//t/Vt80ZTLxltvz7N43vd5F+8TeO/5n0r9JNLTs9A7t8FbO0WsfSvWdtdv2VIAKJ45kxWtt4rWh5xSQ6LUyeldXVcAAu890t29zzt3hPp0ljBCyiVMofhMjNkmWldE64t1U5qWTpjXiiuVqDx8RDX35ZxTalfgrl7d6K2+HC5cQBBGYAyk05jhYWrPX350WpcbWpsX17e0QGEMwgiasnzv7eX7oyfHUmLt3mjWTIJqFXJfwAlYS13zHKKV7XN9rInqG6D/AYgkBo0TyXSuId/Xvz0lxiyJMhkYegfGghdwDl68JpycgSiAwTeAgLYJ5scIWgUXx5mUGJPGOYgVKJUs0CZZMpIDaxNnEfAOlAFxYDSilKRE66K3dlpgDcQ1sC4ZtjbB8dxacBZSIYQhTqkwFKWu28FBmD0TKmWo1SCOwagEdZxgrZYYlEowv4X8jVuIUudDp9SJyodP7+NPI9C2FNJRIipXk4FqDVQM1QrUhbB2FYXRMXJXusdE667Ae0/++PFlotTZhmzjiknLlxOO5mDgCQRBcnq1Cm2L8M3zGO3p5fPte0/FmN0d/f13gp+v/Pnw4clOqQOi1P5sR1tj46wZcPceFMuwdjXFbwXen7+gRevTYsyxjoGB/K9PHF/vduxY4ZQ61dQ8d/XUDevBWfJ37jJy/eaQaL2z/f79a+P1wZ/C9Grz5ian1FHRek92zozg68s3l0Trg+19fUO/ib33f+3H69ZtetjZuf9fmuB/4/wDFoO2ZVesLdkAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKoSURBVDjLpVM9TFNRFP7ubWvb1x+QQAtRIFaRmEakaYiGiJaAurioiYsxXXVxMHESB40TJI5OOihxq0sZTDBq6kANikAJNLSBAokQ29q/1x/69673PoSoMS6c5Oa8c979zv2+k3MIYwz7MYp9mvb3IBKJ9HB3T7BSFAXcW8Q3P/KvWOTHXC5XaBdDRDIajZ7jflyn03VYrVYQQnZ+cr9bTJjwyWQSxWJxg+dv9vX1fST81SEevLXZbKRWlLE++wlyfBO5+BZq5ZIK1BkkWGxtsNoPoePUaTCdHqurqxzGLpDl5eVZDu41m8148+QBVoLv/qv5aP8QBm/fR6lUEsznNF6vd2xtbU3vcDhw7IwHBTmrXqxXymC1GpdB0XnSDvfFw7C0n0XXwGUYG5pUOYlEQtJyBrnh4WFLuVwG7wEGvHeg0WjUIoVCAay+jVx4FJbWfjQVMjB1diEej6t3uIQkTafTU3a7HQaDQaUVi8WQSqWQzWZR4wwK3yZhanbD2uZCfuMDVhYDKrharQoWE9Tn8z3f1ScKCGr5fF59XU6uIL8+CUtzI+o5P2zOG6CJ99BpqcqCMxihCwsLOQEWIJE0mUzQ6/WglKC6NYmW7ivA9ldMv3wFc2MJJL2E2o95wS7l8XjyVJZlRXRTkiQIKep4Uop6JowDrAzLwSKUcgxgCur5zzjiuYvU/DhQyYyqd7mWkNPpvOX3+8O8H8hkMqCEoRD1obGjF0oxxLEluK91Q6ls8l5F0OI4D33osX5vEsnO6EmBQOCFVqu92lRbIhKR0XrcyF+d5lormHkd5kVOgGgaAOMlfHk2EmeKMkj+3sZgMNhO5x5u9Fx/Cg1d47OQ5ln2x/5pjN34vjiHyMQjH/nXOk+NuZOsrkhM4YsklmjvsD2PneWa+QnIJn6IP3aTNQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAI2SURBVDjLjZPda5JhGMZX/0AHnRQldFwjCs0maplQE8mJ5Wxr6WiWa7XaAoVFrSTbWFpslQ6NDjroAzJYnZQSHQQj6DBaBx7awcQv/P52XT3303pn5GgvXAcvz3P97vu+eO4OAB0k9u1kEjNJ/6NdTJsFXwtAXK1Ws41GY6XZbKKd2Dm8Xu+DVkgrQErmYrGIUqkkKJfLIZPJIB6Pc0gsFoPP5xMg3OxwerZaRx0122UHvn6PYHB4DEO2S6hUKigUCshms0gkEhxQLpdBRQKBwG8IM25x3vPPumafQHP8BBY/f0G3zojr03N4NO/nHeTzeSSTyX9G4plM3vWJTBZbYWxiCvIjWkzO+KDSmmB3PYSqW49o9IcwSiqV4p0sLy+vASSyQ1M64wDmnr6BwTyC8/Zp9PRZMeN/Ba3hNG677vDwCEKdUB7pdHoNwKpn+s6OQKM3QaPVwe32QKZQQaE+BnGXErv3dIKFyyE0P2VCIAHAMqguhBdx//FLTNxw4tvSEiznRvFs4QM8/hfQG07yy/V6HbVajUNIAmDwwlUE332Cbfwa+s1DeB8KwWy7gudvP+Ki/Sb27hPzy9QFAUjUjQAwDlh5dcvwOOSqowgGX6On9wxuuefBxsO27Tu4mTogkfkvQJdSHVGoNZHO/Qeivaf6EQqHIZMroTyshkR6EHKFQjC3SgCsvsJN9NPu+VL1dloP8HO9PWijFQGwCpGwgEp0sBEzu1vg29sCEBFkA+v8R7T6ol/92Z1dPFeoPQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJQSURBVDjLjZNvSBNxGMeX9O+FOAkaLbehozdGRGiMQqTIlEqJMIig3oxl0YxcgYt6FUZRryLYwpFWCr2wXgjBIMJMYhFjgZSiEXOg5c5N593udne7u+2+3V3tT22SBx/uxe/5fu7uuefRAdCpKJdJoVHB9h9qFSryuSJBYzqdpiRJymYyGZRDOYfH43lULCkW2NRwKpUCy7J5kskkSJJELBbTJARBwOv15iW58AZVoBbwPA9BELS7CsMwoCgK8XhcE3AcB/UhPp/vtyQnGBi03pYXjyAbPQuRD2sSbmUFVN9NLJ5ux9DryZJP0nqiChzjl48Oh9oYRPTAXBVksgnS0hRWu7uxXG/EfL0ZZ9yjGHgb1t4kGo0WBO6AvcUVsFP9oTZZjlQCP7ZA/r4JpHM3lup2Im6pRsRai2PX/GjoDWEk8BWJRKIg6P147mfP+CW63d16RUyOQP5SA6rLAsKyA0TNNizvM4D9/A4Tk2Ec7nuPE0+vgqbpgqBnzLl6vv8N3+x4eEsS0mAvHAJhMoAw6kHUVUF4rkeWHAKXZtA15kDL6C6tkXmBffiZs/P+NE7dC4pBhwsJY6USVjBtBO/bCswrbfq2GS+Ce9DwyooHoRvaPPzVxI67IVfHnQA+2JqQMFQgur0anP8J5IVmYEopmdbh5YQO1wMu0BxdKlB/44GLg48/HT8J8uBesH6/ViDxC5DnWiHPWjAz0wleYCGKokaJIDdI/6JMZ1nWEshr7UEZsnnBH8l+ZfpY9WA9YaWW0ba3SGBWJetY5xzq6pt/AY6/mKmzshF5AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGrSURBVDjLxZO7ihRBFIa/6u0ZW7GHBUV0UQQTZzd3QdhMQxOfwMRXEANBMNQX0MzAzFAwEzHwARbNFDdwEd31Mj3X7a6uOr9BtzNjYjKBJ6nicP7v3KqcJFaxhBVtZUAK8OHlld2st7Xl3DJPVONP+zEUV4HqL5UDYHr5xvuQAjgl/Qs7TzvOOVAjxjlC+ePSwe6DfbVegLVuT4r14eTr6zvA8xSAoBLzx6pvj4l+DZIezuVkG9fY2H7YRQIMZIBwycmzH1/s3F8AapfIPNF3kQk7+kw9PWBy+IZOdg5Ug3mkAATy/t0usovzGeCUWTjCz0B+Sj0ekfdvkZ3abBv+U4GaCtJ1iEm6ANQJ6fEzrG/engcKw/wXQvEKxSEKQxRGKE7Izt+DSiwBJMUSm71rguMYhQKrBygOIRStf4TiFFRBvbRGKiQLWP29yRSHKBTtfdBmHs0BUpgvtgF4yRFR+NUKi0XZcYjCeCG2smkzLAHkbRBmP0/Uk26O5YnUActBp1GsAI+S5nRJJJal5K1aAMrq0d6Tm9uI6zjyf75dAe6tx/SsWeD//o2/Ab6IH3/h25pOAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAArSURBVCjPY/jPgB8y0EHByf/4IVDBHzzwBUTByUGgAK8jX/zHDxkGQVwAACuKdiqzzuaTAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAI9SURBVDjLpZPNS5VBFIef+77X4lYayfVqpQY3XPiRGogp9rEpa2NRQpAELaJl5LKVJGSrFm36A6RMCpSilu5StETLaGcophTeNMyv+/rOmTMtrp87o4FhOOdwnvObHzMR5xz/s6IAz98vtDnHHeu0UFWxCqKKtYpVh1jdti1WHFZ1uONmSW0UQJ2721ybHf+XyQ9efqvcVGBV4wBvJjoRFcQKRgVjzdZpZbN2v74DY+zebYCMDy1lt3c1fSUQjNgtD6xVALr7U7sCXK7JJdwOkHUAwI3TCV4NzHK9IX8z1zM0S3PdVjy3GOxUYKyizhH1oWcwhe979A6liHjgrTfd6zpH2izRVP6aiqJDhCYD8Dau4ICoH6G5PkHUg2t1Ca7WJrhSmwDAOENhvJSu0YsEJkBEdypwClEP3o38wveh9cVZnBpCFUIRjuSWUFpwiqVghdbeKrJ5tg0ginOOLB8uncyjb2wO0ZAL5bewTrFqURw//kxzorCB5TDNyPcmKh8GBzMmakaO70XoG5sDIJAQ65Sp+XGMCqIGYw2La0tUF51h2azyYbJ/3gMQkYwHHpyvihP1IZAAsUJ+TjEFOcc4fDBJlh8jL/soo9MDfJz4ympIzZYHzlFRfICfv9Mcz4+RljU6Bx8TakggIcl4GXXJRoan+hmdGaMi9lR72ls+rz8kN9DePV4dWt1vxGLEEpNuolYRK+QAn2YaiXgxBsa/ULLnCQsribcAkd1+52RbZMWqvy+tNpl65CY38n8B/ZBP7EKNHesAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIhSURBVDjLY/j//z8DJZgsTV+9fAu+uHo8+GzvXECWAV+c3R//mTn9/ydLu4eka3ZyY/ts63T3k4Xt+4/GlqS74JONY+9Hc5tdH4wsmAmGgWv9xQKX2nMPnapOF4A1WzsEfjSzefLB0FwUHoi/szPX/05P/f0rOWk9ugHONWefzNl44X/B/L3/o7LXnn1h4fitN6i22Tx7W5tpxqYHxmnrChh+p6X+/rd10/+fsbF/f0REmiE0n7F3rDz5wb7s6Bu3gt3Vz80db69zTd1mlr11tUnGxt89Cw/8N0ha9YDhZ2LC+p8xMb9/hEdc+h4Ucu+br//JFXFNi5zKjz20KztiDzIMGFgzP+iZboQZbpSypsAgaeUjvfilqIEI9C9bf8rk3Wd8kz59sHV+BQysa8DA+vNe1+RreV94S96UiE9pff7/I1scPnlW6NWgBCLQvxKOVaeO2ZcfW2pbcogTGFgGwMD6+2/alP+rYhz+Na5O/L/lytT/F57t+t+/O+t/eL/uf/NsyR4G17oLBUD/Pgf69w3Qv6XILnqvbbT+nZre74RWlz8bL0/4v/HapP8g0LMn9X//nnSQAd8ZnKrPPJi85uJ/oH9f4opOn2rD/9uuzPmPDDZdmgoy4D+DQ8XxArvSww9sivYX4DLAMkf6e/eupP/tuxLAmtt3JiBcQEzqAypsCe7R+N+7KwVsM4gG8cFhQGwSBiruAOJPIGdD6Q6QOAAJO6JfeUJqowAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJlSURBVDjLhZPfa5JhFMcH3dX/Meiuv8CBoRdjIvOieRUYmjkzmBaowXCbU9E5U5KhtmX7QbrpyF3UuhDRVFoXgnrhmJO2CSFELaIYw7FvzznU+uGqA+d9znuecz7v9zkPbx+APrPZ7F1YWGgnEgmsra0hlUohnU7zSu+UX15eRiwWez8+Ph6inh/Oj7m5uapYD/F/O45EIu96AIuLi12xnirMT/EvJxNK0QMgeWTX7j+D1pfHTf8r6AMlGB6UYQy9xu2Hb3iPLB6P9wKWlpbOAHrRfOuP5jvhn4DH8SfnA05OTrCzs4NGo4FarYZKpYKtrS2USiUUCgXkcrm/K/ie5MnPzs5ie3sbKysr8Hq9DOrctaCpVqHb7Z4/g/l5TqLdbmN/fx+7u7toNpuspl6vs1erVa55NH8OIBKN8mYmk0EwGMTBwQGrCQQCDEsmk/D7/awgEon2AsLhMAM6nQ729va42efzsVyPx4NyucwKCEK56enpj6Ojo/ckEsklBgSDoTMFJpOJVRCs1Wohn8/D7XbD4XDwkClXLBa5ZmhoyMsA38wMAzY2NmC321ERZ56YmIBCoYBOp0MoFILNZuNYNEGtVj8niMVi+cQAl8vVzRcKp2NjY3A6nQx4sbkJmUyGbDbLN0FXSUeTSqVQKpUXCTA5OXnEAPHV+tSU86tGcwMGg4EBGo2Gi+VyOYaHh9kpFrlTlUr1kgB6vf6w79eJXhYmZDfEsA5XV1c/rK+vQ/xoIGVWq5VjytEe1VDtb4D+/v4LAwMDVwYHB99qtdovRqPxSPjxyMjIdeFXRfyZcrRHNVT7DWZq3D+QvMywAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAC3SURBVCjPvdCxDYMwEAVQSxQ0CImKKldE19FRITeu3LihiGQGYYKbIBtkgtuACdiACW4NcgEnpKJE11j6T98+m9Wcj7kERIqsM6ymHwJ7dvQJmhvSryFK5N1rLFtc4gT8Bx4JOO42gC+Y6wM8pJ/D6Ec3dnOrAJ9ga64O0EtIDS3fBS0sGi/FklMCQXwCjQIoa1vZYsqnrEnAi0sAGWQ/5Zx9r/CkT+NW18QBWMu39TIydN1Xn88bUK7xEQPM95QAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAElSURBVCjPfZFNSwJBHMb9UPOd5pR9hUnvIQrFQl26FHXo0CmImEMoQUhl48vBw5qWtY461pKU9PTsrJRsFM9l2N/v/7IzOeT+z/ehI9qqpZvW2Ia+VdciI3Rk20SIsWBeMUTdXMkVgdjNAcwxg8MbTzEuXU0uBTY3CZ5gDMuMEHlFm3PhhZaKMviJAbo4UV5o6phtE7jO5FEkHnKTMY60F+7sAlPiiDDvhUc8UHrHvvVCg8KE+NnjNRQwYJIee6lwo2dcKZlbJCxgg7jP/wmxm46oqz4+WZE0Hnh4jx4+UEWQLlkTF2bKrX9gyIIeAhOI5UWdyVM34scX38exOkTgKnLlqo/loalzRMzZXWhUTElmHutA7KhtvWXLtqQ3VVn8es2/8gUo3nl2LXz6SAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAMtSURBVDjLVZNLa1xlAIafc5szk8xkMkkm5MKY2EpT2qa2MTVCmoLS2gq6EKooimAW7iQb/0I2bgTRIog0oFW7KQpCS7VqrSmmJGlSQtswqWlLLmbGmcmcZM6cy/edz00r6bt8eXh4N6+mlGJnxiZHR4APgSNAFjCBKjClInXm05Gzl3by2mPB2OSoCUwAp1/LHbcziSyO24gbgJAegg2urF8UUsifhZBvfvXK99v/C8YmRy3gt8G2/cMv517E8Wx8ApYcjZiyKbkRSgQkcFn3rzG9Nn1LhOLYt2/8UNUfLZkYaN0zfLRrkLIMCHUNIXTqIoZLjLJvU/ASrFQtnko+z2BH38HAD78DMConHh4FPn5nz6vGgqyxTp16JNj2kpR9C8eD/OoW1VoNO1NCS+d5oW0vV27f2PX11MS8MTR6+JOTXUMHNCPBui5AtdMpk8xsGNQ9ndur20TxCnbPIn5TnmJUwaxIDrTm9Jn7d1tM4EiuqZs5d41iXGefsZsIwYNCgOfVSXconJbLLEWb4CuahU2+6HO8d4DQF/0m0NpgNvLAXaPgu6QadrEZpKhUItJZj/aMS1EewvHnsdUWW/+WKG82kEykCAPRbCqlNE1B4DsocpiW5OJfIVoiyfqSQFdNdGXrpLZGcFZDPKYJg2VQCiGEZkoRlZ3A6W41mknFn2WlaOKFFrG4Tbw9wb2/S3g3miHySLdbNDd2kzYKVGpVpIiqugjF7P3yQ55pyLFWmCSyVokZPqHnEoYmsWQGuyWOGdexNIkRFOnqbGN5bRngjh4G4rMLd6+KnmQW012lWrpOJuNjCh9LU9i6gRkEZHIrpNv/QK8vcijXz5lfLijgS+PmuYV75+fPDXr1Wt9znfsouy5x+2miuoltW1iawBJV0o0/wT8lBvbv5WZ+gaWNlasz43MfmQChH777e37uT78eHDx5+BiLBROjqhDaFmGkQ1KS6+mlr7+XX2evc+nWVB54+4kznfr8pZQIxXkRyhPvDb9vIjtQqgFN12hLO2yUZ/ni8o8SuAa8NTM+t/GE4HGGx4del0J+IGXUH8ko86iuAneAszPjc9/s5P8DuO6ZcsXuRqAAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJKSURBVDjLldFfSFNRHAdw88mXnuqtHu/dufe2e/dHjUl/YEYRRsFaLViYFkUY+CcDwcqiJAjKoCiKCqRw+GCEa6vIdKOJLBPaiqy9CBlkYUUbq83Z3f32uzMX0kZ64AvnHM79nN/53RIAJYXC8+wux/EZQRDiFsu6Y8XOFdxkjG3lOE6jgABYrVbwvFS3BEA6YbNVQTLKWL9hI2RZAWGPFw3IcuVh184axMbDePrEC7vdrgOhJVQgb488MEGdMCH9zozOlgpwBtMr6kvZogBRUvYH7jdjMrQF09HjON3RDoulgvrAnP8FqFTW1NT8PvkjhamPn6BqQCj0jPog6894azCwVUUBuqGUDg15vV7oQ1WzFBWJRBzV1Zt0QK/CT8iyggAdsLlce9RkMkFLDdmsmos+Hx4OwWazgX6xRoi9GHDd4/Hkbs9k0nT7rzygx+FwUBU8hXX+AzBeXG21mOPBYCgHpNMpAmb/ANncXm3tvtwzCLi6ABi5pazwX1QORHsFtedGC6Y+f899+BcgIuJE/W69kQyN9fLNBUCsz9o/E5aBiILROxycjm14Mx7D3NAwSwWkAmvxoYdh9LKAn37xa7LfuCsPTNxT/OqYgpkRGVpYwu2z5Xj+IoL54fUNYLCrHBgUKCI0yrc+YywPvO42RqcfykgO6YCMLz4TTrbW4Whrm+Z279UYW4PzhwxAQELKJ2HsghR81GbenAd626WV1xrFmq4j4jmav7zUIExWKnwVNaxsLsLygzukjoFTQrq7Qbxyxi2WzvfgNzL+mVcak7YgAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAANvSURBVDjLVZNbbFN1HMe/p+d0be3p6Lr7unWMbuCQbR3FQWAEyPASkYe5mHhJTIhhPPngDAQTEGOMIZBpFiKoIWiIhAdgYxI14cFEo1M6O+Zmx1ob2MbYhbEb6zn/y7n8fcCZ7ZP88nv7JN+HjySEwDKfDX6oMpO3Uc5fpJw0UM5AGY0Ryn+U+dZP/OI116evB3WsQFoWtA+c2MUM/vVmf2OFrLhhSBYKPPn4Z3wInYnL54LSF4PcMA9zbh043xr+eZXg9F/Hm0POys5cbwke8Fn0Z4YgCwe2q/W49MdXcx6zucEn7Y01VKqBxMhjjE5mXrlypLYLAByn+o8HKKcXC9QQ+jIp/LLwOxaMRVR6yjE9dR+aRo55RdN76wvcgcIcN6qKVRDCLz5/tCcAAA6dkbaof5eaJuMY0pPQTYp8OQCVOnF94Gp/UD5zixKjtbLMi+EJikC2C1WlPpXqpO0/gbZPdrowmBkGNxmyHSpqs59GLPUbyBJ9x2BKR2SdT+aGjfFZjtQUQ1GuF5TQfU8EhG5kkgkHJETUTWjK2YGpu6OIp+MXQt5vSghh0Rp/EsFHpwC6iLFJBpeigFFSAQCKRnRS6M7LavRtwfTEfZzra59jGu84Mb//bHIxrvy6Zu3dAq37mdLwDtTP/oSbCy+BcQWcUBkAFF0n93rv9ERu/N01wwg7eWSy9ErTnPctoSeSO/X4buf+7XklZVuQXVyPGtcHSPvq8OBhITgj6ScTNPJt98C1Q+1j4fqb6Zpg04x7yCgv+9iS5cBCnRXelns7z5fnh/X4O5TXv4md6g8YSY3BYOR7AFC60pELQicnhU7OGOHyLCNcDtuyoNwexFIV3g7VviqD9iF2qRvbDr6PPNIL76JJTSO/AwAcIqMp9lLmDbY1msWrKkCSw7A1At2vwxWKvOzL0WGze4CwYWV6UbG7DYdqYrPXmzspADicn5+dsZe0A9KtOJAYhrOoGBbJYG6TCX8oAlsfgLAJoi0bYPMJuN0prNvcEjQZf3dVC0uNe54TlH7Jw2srFqslOJueRdF6D6xMDEJwxK/dQbSlGpK8BvC8gD/PH3sobHuPtLLG+eo61WL88Ghr9tGNBy9nyY4RCHMegFjRnwOyZwOmE/1I3fjo6irBMj2no4+EZT8lbAFh2ytO/P9h2xBCxP8FbMDM8CUkkoMAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALRSURBVDjLfVNbSJNhGP6li24C6UIiDHWah83UdJv7d7R5oiiPWGp5yIUHNNF0acNjrmWe5gx1Ujmd+pubW8upaSWZRilZdhN00WVBEAgalSK5p18hczm7eOF7eb/neZ/n/d6PAEDsFWETAoSN8aWbZ/EDXqLIFLr67x27RPpU6LUzl1hJiC08a7461lNo4GYLBjnf/ktwYrPjOF/+JxeZeWtCY+hSTk00FX9TsCroZttSrggb9iSQjJLL4hFybUuyiVwRDHHBpzjg6zmoni3B7CcLrjVnIiY75KpDAtqnVDQcComBXD5tioL5vQ6THwagfqFCQKsfMifiYJzXIrjlGI43+CNQxaK7jpArtM9t77RPWxjFx9CiBjcey1BhTUGZ9SIkWhIBDUzIBpIRGe/zcVsB7XOd9gnBfW6fhCK/njPHg3rTgtrxDJSa45DeH45UYwIMC3fQMa1GoJIJYaq3xc4Cf4AzR+rZIHVsmN61o3osDSWmWKTrpUgejEXXjAoF/SSye4IRVMMCS+HznVnmXWg3A/Ieey3VkIjmqUIUG2OQ1hOOpL4z6JxWorA/AZd6QnB99DySu/zAlB+1+RZ7weey598B8jpCfuSZZWh7Vo703kgUUWIaSCKXVpbVHYRKy1kYF9ogH45DVOuhDXHTwQNeOR6V2wSC29z6kOYA1I2XI0kXQ0vm4eFiJ8xv27eAQwsaaKbk0M81Io+KBrd+/0aA0snZ7hnZ9UEzXnIPdD9vpyUHb4HVT4rQMFkA1aMc1I5m0Q1y0TWrRFqvCN41xK9d+x9YwZoJVLBw4S4ThtcaUPMt0L9qhO7lLZokH9rZOuRQJ8GoIpZcFcRxh5/Iv9RHn6Bl4FSbKyJaXSBsckZGjwCdM7WQ9UfDvYr4clhBsHZtoqPwzHKfY2S4wV/p9DNTHwH3CuIzDfZ1uMp7hXvqkXVGpZPNrWIfXBQEY2ftN8xTb5GsXWfEAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAI9SURBVDjLpZPNS5VBFIef+77X4lYayfVqpQY3XPiRGogp9rEpa2NRQpAELaJl5LKVJGSrFm36A6RMCpSilu5StETLaGcophTeNMyv+/rOmTMtrp87o4FhOOdwnvObHzMR5xz/s6IAz98vtDnHHeu0UFWxCqKKtYpVh1jdti1WHFZ1uONmSW0UQJ2721ybHf+XyQ9efqvcVGBV4wBvJjoRFcQKRgVjzdZpZbN2v74DY+zebYCMDy1lt3c1fSUQjNgtD6xVALr7U7sCXK7JJdwOkHUAwI3TCV4NzHK9IX8z1zM0S3PdVjy3GOxUYKyizhH1oWcwhe979A6liHjgrTfd6zpH2izRVP6aiqJDhCYD8Dau4ICoH6G5PkHUg2t1Ca7WJrhSmwDAOENhvJSu0YsEJkBEdypwClEP3o38wveh9cVZnBpCFUIRjuSWUFpwiqVghdbeKrJ5tg0ginOOLB8uncyjb2wO0ZAL5bewTrFqURw//kxzorCB5TDNyPcmKh8GBzMmakaO70XoG5sDIJAQ65Sp+XGMCqIGYw2La0tUF51h2azyYbJ/3gMQkYwHHpyvihP1IZAAsUJ+TjEFOcc4fDBJlh8jL/soo9MDfJz4ympIzZYHzlFRfICfv9Mcz4+RljU6Bx8TakggIcl4GXXJRoan+hmdGaMi9lR72ls+rz8kN9DePV4dWt1vxGLEEpNuolYRK+QAn2YaiXgxBsa/ULLnCQsribcAkd1+52RbZMWqvy+tNpl65CY38n8B/ZBP7EKNHesAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGdSURBVDjLlZNLSwJhFIa1Rb8iIWhRQUlluuoftDEtC5TKSgINily1CmoT0kJBqwlSaBGBLVxItGgZQQQVFe3bKN7wOjqO2tucwRGvqAMPMzDf+8w5ZzgyADLhGhJQCWi6MCwwQBkJWVWg4jguVSqVKuVyGe0Q3sPtdruaJZJAQ+FcLgeWZWuk02kkk0lEIhFREg6H4fF4GiR0yUlABwqFAorFongnstksUqkUotGoKMjn86CPMAwjSloEFJYgAQUymQxisVhLS9WZyBsEQhu1A/RMfUutxONxsZJQKNRZ0Ey9hCqheSQSid4F9RJqh2ZCor4EBM/z4lxIQvQtoCp2HtexfW+CObAM062uu4BCElSBJWjEzc8Vrr8Y6L3zvQsoTKz6F+H7PAPz7oLRp8eodmSjp7/geDqG2b8Me9CK8zcnXK8O7AWsmDtUF9UHUw/1gr+2O8BzsPm3YLvbhPPlBI7nI6xc6jC9P/Gr3B0flHZhVpgyKwQ6LpPFtwaTdwmGCy0MpwsVWsD6ZVKQpNs6z9iV35PWsY/q6iso+w9crJoc0rRwaAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGrSURBVDjLxZO7ihRBFIa/6u0ZW7GHBUV0UQQTZzd3QdhMQxOfwMRXEANBMNQX0MzAzFAwEzHwARbNFDdwEd31Mj3X7a6uOr9BtzNjYjKBJ6nicP7v3KqcJFaxhBVtZUAK8OHlld2st7Xl3DJPVONP+zEUV4HqL5UDYHr5xvuQAjgl/Qs7TzvOOVAjxjlC+ePSwe6DfbVegLVuT4r14eTr6zvA8xSAoBLzx6pvj4l+DZIezuVkG9fY2H7YRQIMZIBwycmzH1/s3F8AapfIPNF3kQk7+kw9PWBy+IZOdg5Ug3mkAATy/t0usovzGeCUWTjCz0B+Sj0ekfdvkZ3abBv+U4GaCtJ1iEm6ANQJ6fEzrG/engcKw/wXQvEKxSEKQxRGKE7Izt+DSiwBJMUSm71rguMYhQKrBygOIRStf4TiFFRBvbRGKiQLWP29yRSHKBTtfdBmHs0BUpgvtgF4yRFR+NUKi0XZcYjCeCG2smkzLAHkbRBmP0/Uk26O5YnUActBp1GsAI+S5nRJJJal5K1aAMrq0d6Tm9uI6zjyf75dAe6tx/SsWeD//o2/Ab6IH3/h25pOAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKrSURBVDjLpVNNSFRRGD33zZs3P85vOs3kOEUK4qqQCqzcDE0F2eBQgbQIhMAWGWREQdAyaF2LFkaLJCLbBBVoCga5KNEwChK00kYdHWfGnzfjzPu93ffGooTceOG89937vnPued93L6GUYjuDwzYHf7v7w5Dd6W7MiEpFvqRyOjOkg0Jjgc7caQy6Xp5vgIJoirK+mklOTE3xAb83cqm13iMplNhtln/UyeaYlN9FSbUUJa36/F2pxKXX1FpZ1cmToRSSGRkFiWImqyOZ0zG7oiO1qiMtUmQKFIoGzGZl3HuVwnJB4tyBSB1XkDRis3II7/LgzVgaK3kFQQ+BlZkRLAQCbwDwOQiyazJ6hxfh2+FBpc9meuLWS6ppsTbkQk3Qg77RNJZFBVUuziQKTMhrJ8iJBjmNqkoPasMukI3mcYWSVq4mS6ytdiHgd+LZ26RJMIhuhiyLHw8k4fU6zRwH/1cXCsWyA8Kqoyoq7LyO3WEfXo+kcbyxylzv/5hBhK0VM5PofngfLpcLPaoKPhwDvy5pMNzIsorFnIhI0A1BsCKVs+PdxJp5UOojfmhiEv3Dz9F46AiaWi6iIQjcuH7NEFAp6y1JZxk54IbDboWhuHenE7sZjLYlv33Fy95u7D/YjH3Np3Hz8gW0xk9iITXHfiE3Ny3J6p6GGgdxOThCOM3c1bBO2OPzp3G8eNqDpqbDSJxN4NyZBBKnWujo+2FSqkv85OX80syxq31+m7uigrdZCM+qybH2WZhKiM5w5McA9yUNOhUKa3eORi3NsTjGRkfItP9Ecml64TuMy/Q/dHR0UEEQHsTj8bzf7xe7uroetbe301gsZv2dQ7a6jYw8Jsvygc7OzhDLuyKK4q35+Xnn4OBg8U/SVg42xMedTudkW1sbjUajls3ffwGqPWPVeFFgygAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGrSURBVDjLxZO7ihRBFIa/6u0ZW7GHBUV0UQQTZzd3QdhMQxOfwMRXEANBMNQX0MzAzFAwEzHwARbNFDdwEd31Mj3X7a6uOr9BtzNjYjKBJ6nicP7v3KqcJFaxhBVtZUAK8OHlld2st7Xl3DJPVONP+zEUV4HqL5UDYHr5xvuQAjgl/Qs7TzvOOVAjxjlC+ePSwe6DfbVegLVuT4r14eTr6zvA8xSAoBLzx6pvj4l+DZIezuVkG9fY2H7YRQIMZIBwycmzH1/s3F8AapfIPNF3kQk7+kw9PWBy+IZOdg5Ug3mkAATy/t0usovzGeCUWTjCz0B+Sj0ekfdvkZ3abBv+U4GaCtJ1iEm6ANQJ6fEzrG/engcKw/wXQvEKxSEKQxRGKE7Izt+DSiwBJMUSm71rguMYhQKrBygOIRStf4TiFFRBvbRGKiQLWP29yRSHKBTtfdBmHs0BUpgvtgF4yRFR+NUKi0XZcYjCeCG2smkzLAHkbRBmP0/Uk26O5YnUActBp1GsAI+S5nRJJJal5K1aAMrq0d6Tm9uI6zjyf75dAe6tx/SsWeD//o2/Ab6IH3/h25pOAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ+SURBVDjLpZNdSJNRGMeFoC50flVXBV1EoF3YdzKYG0u30FTsY9bQnLpqrSg/5uZe29RtimvkxBbCTJupmzpLl8tNxfwObUxTF2RQRNJFGOqFYELx/nt7LwaCzKKLH5zz8Px/POccThCAoP9hy+LNq+nVJZzdULMZULBCIGVGQpye2vhXAqlYVK5OiYIhMQx6Cg0vFDJ2CLLj9kGcJTRuKyAuxKKGCiqokIwmFPmcCOScDkPa0T3ktgJZbDjZa1Liq9uAcZMEGaciIGLuhZC5H4Lj4TDKrgQHFJgzD6yuvn+F5Tct+PbagumnRfjk0OC7z43W6wfX5ptu7QwouC9ielY8Nix5O7E+20bRTq9Xpttgzj3iDXgEvuJZMPt23Wht4UVseBvw4103zfpbK+qJ82BdezDCL7AythSw8+yRPIW1kaN+gaahBRRo69BaKEBvVjxERDNV+4Az5S/Bl7c/ji+whW8SMItcO/LrxyxcdQ/d9GT4I5INQxh0TWBKkoUUjRN6hw/C2jGwS7pJbp7FyJXZd/kFScVWXcbDcTg8i0jQusDTuSHQ92E2Iwnz2WlIrhoAt8yJVMMw1B2zuFw9RPLzGqr8ghlV1K8lpxKEbQa6rnm6Sah3w5aaAlVuMc5VuJBpmoDAOApJ/SSW+0oxWRS94RfMqaPJlQEtBDWjeNS/ACUlkrd4kW8aQEJZD+5aPJA2TKGyy4fEij6sDurgKT5M+gW+5jvENHHo5yXjCOI1vajs9tGUdc7hbGU/PdWfPeeeAyxFB2ZKYzaojG7TK3xulzIk2saYkzfMi1zqouKILrCUz2mYcjtYcjt5LMe0JlaZT3zpkDIC/sZ/4TfeSKfmHj5WOQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJZSURBVDjLpVJda5JhGPYH9Ac66bSdFHTydtDhIAiCiA6CEbGiL1bUTgaO9pHk1+y11ymyNT/wYypMxzanqa8Km9PJxg5EJcWBJq7OzUHIRlfP/VQyKWLRCzcP78113dd1X8+jAKD4n/pngtfrhdPpxMLCAqxW6x1FLpcD1dbWFjY2NpBOpyHLMmKxGNbX17GysoJgMIhAIACPx8OxR0dHODg4gMlkKiuy2SyOj4/R7Xb/Wp1OBw6H41O73Ua1WoUkSQ2DwTCiyGQyvNFqtZDP59FsNkG9RqOBZDKJ/f19RCIRjgmFQiiXy9zRzMzMYC+DVCqF7e1tRKNRYXNzE8vLywKRFxcXBVrDZrMJRDabzYLP5+P7q9Xqgd6AeDyOYrHIM6jX6zwDUiZypVLpKbOBKBQKpI6pqakzfbewurqKw8NDJBIJsKSFcDhMSgLZZWEJRNbpdILdbicyfrtGBpzY3d1FrVYDkUl5aWkJpVKJBnJltgr29vagVCq//fEduN1uShrz8/OwWCyUNFjS0Gg0UBqe44VlCI/e3sDQ60FcU16cOPVDeiLdfKUK3kOkbEXhswwpOYLb0gVcfnpW5ACXy3We2Xs3NzdHScNoNEKv11PSmJ6exl3dVayVTFj7YKbdIaYeQko9pgFf+QAWFrczOzs7KoriR0YePeng+stLeF+24+QXLlppwA8Ae9MTLGl+XTs7O/D7/Tzp8fFxjI2N4cqzc3gj34dOHuZkXWK438Gv0mq1UKlUmJyc7HPAgOpb4gCM8gOuTCf99zI4TTGwntUXsv3z1FP/O6UL4ZoSeea0AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJNSURBVDjLpZNLSNVhEMV/f7UCy+iaqWkpKVFqUIlRUS3SHkSPRYugVbuCaFPrEgIxsKCFix5QtIsWraIIS5MQa6G1CTN7iKa3SAyt7P7v983M1+Kqm4oCB4bDmcXhzBkmCiEwl8pijpXTf+v0iKqWmimqgqpHxCPiZtF7h4hrO9DUufc3AVUtLdy2jxCUoEYwwUwJKgT1mApBhRf3bu75owMRj5mQnkwSVDDxmPoMisPEsWDxcq7ltXDl/JOgoqioipeTXZf2X88RcRRVH/znrtrZQePRWtQCI2M/slvv9l4AMgLn7n+gP/kddYY4RZ0iaZ3la0sWIl5wEqgpT7BxVYLLt5/nA+R4n+bEsi5+Zg1NW/botPUZnru0nNb8du70THFs3gNqyorxzmfO6H0a8w51KWS61aVQF6MuxnyMiScWx4qCKlo7d9LzbnRWIMe5GBXH/LyiTOKSSf7qtzZCtseZ4Cb6Kc1fTVXxZr7HU1zs2ITqWQCiI7s2hBAMMyMEI0xj6fEEu2uOocFQU4zA58kREgsLefbhMb1DT4k1vSTrzqOX0aukH0xUbqFkXT39Y1GqvHYfsTg0GEPjbxkcH+D9WB8TqXGGvr5nw8odrCmpI5YwHoUQqK6u3g60ACngBnCq9gxbD60/gZgipmgwPk0Ok7+omJcfu3n0+uFXpzREf3umw1crLHYOZ45YHJUFNdGWij30DHfTPtD22QkNyebQF/3vN65rypqqK6vP7RxoH3VGQ7I5vAH4b4GKxmhKLTs3ZVrxpTkMzsx/ARtuob3+yA7oAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJOSURBVDjLpZI9T1RBFIaf3buAoBgJ8rl6QVBJVNDCShMLOhBj6T+wNUaDjY0WmpBIgYpAjL/AShJ+gVYYYRPIony5IETkQxZ2770zc2fGYpflQy2MJzk5J5M5z/vO5ESstfxPxA4erL4Zuh4pLnoaiUZdq7XAGKzRJVbIBZ3JPLJaD9c/eCj/CFgZfNl5qK5q8EhTXdxxLKgQjAFr0NK0ppOpt9n51D2gd2cmsvOElVcvOoprKvuPtriNzsY8rH+H0ECoQEg4WklY1czP8akZby51p6G3b6QAWBl43llSVTlUfuZE3NmYh9Vl0HkHSuVq4ENFNWFdC+uJ5JI/9/V2Y//rkShA1HF6yk/VxJ0f07CcgkCB7+fSC8Dzcy7mp4l9/khlUzwecaI9hT+wRrsOISylcsphCFLl1RXIvBMpYDZJrKYRjHELACNEgC/KCQQofWBQ5nuV64UAP8AEfrDrQEiLlJD18+p7BguwfAoBUmKEsLsAGZSiFWxtgWWP4gGAkuB5YDRWylKAKIDJZBa1H8Kx47C1Cdls7qLnQTZffQ+20lB7EiU1ent7sQBQ6+vdq2PJ5dC9ABW1sJnOQbL5Qc/HpNOYehf/4lW+jY4vh2tr3fsWafrWzRtlDW5f9aVzjUVj72FmCqzBypBQCKzbjLp8jZUPo7OZyYm7bYkvw/sAAFMd7V3lp5sGqs+fjRcZhVYKY0xupwysfpogk0jcb5ucffbbKu9Esv1Kl1N2+Ekk5rg2DIXRmog1Jdr3F/Tm5mO0edc6MSP/CvjX+AV0DoH1Z+D54gAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKmSURBVDjLjZPdS5NRHMf3D+h9XXVZRGBXBpYEdSGUaNkLoZWPmNNEI4tekMg0c+HKGLoldhFuBa2bKSm57WI2Wcryhfm4t/biptNRc29uzu2Z+/acU4+Y3njgy++cH+f7Ob/zJgIg2imTyVRkMBh6dTrdzMjIyG+NRhNRq9UOlUql+KBUnN49f7tjNpvzeLOcN2f8fj/C4TDi8TiSySRisRhsNisUfZ1cv7xD2SuT5P8H+Gf+6na7kcvlkEqlQCA+nw+hUAjZbBa57Aa4DQcM+o/ofvnQKOl6kr8NICsTcyaTAWkcx4GMXS4XotEohaY3VrCZsGJr8ye0o+/R/rRJSQG8+QRf9lYikaCG9fV1CgkEArDb7SD5bJZDMmZHOmGjVWR4tdyt37p/r7FIxJvlS0tLIHI4HNRE9kxAq6urtJ/ejPEAljf6+f4aX2EaRqMRYrFYLiooKMB+Rc6GgCORCDweDxiGmaMAlmXhdDoxMTGBwcFBOpnE5eVlmhdy5GC9Xi8WFxcRDAZRWVkZogAySTARCBHJCXkhmha8mGJdVHbfCi5UXFnbAyASzDsBZcxZtChuou51GW5IStCh7ERJ2SXrni0IIBKFLXS+fYxnnxl8Yfswt6JFj+42rvYcwynmqGVfh1j1/AyG5t9gyCqjVyzV30KPXozCxgNp+pBkMpl8fHwcwSh/lQELrL5ZzHt+YNY5hWm7Cedbj2OUfYedbdjSRwB/37NUKs3reNGu/zSsgueXjUIIYMY5iWnHdxTfOYRubQ26tNXU3DVWLVSQ2v5MbW1teY9aHww0NNdxmjE1Jue/UYjFbUbrQD0qpIfxSltLVyaRjHmAVLT7ezY3N52sa6jtv15TxV6+djFcXlEaLi0/xxYzR2YLGw8mSdm84rwkZP4fYOfdUwjREaAAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJvSURBVDjLpZM5aFRRGIW/+2bmZYzJTEzMuCbRGIjRiAsYEIKNIoIiWGgluCCChZ3aCyJqK6hFxMLCpbKxERE3DIpFEgtjonGJYSYzMcYsb7nvvvtbTMC9yil/OB8/nHOUiDAXOcxRcwYkAQbube5JZ9asUepXnhBOvR+OzcQWIPzNpQCYad392iQBlDirGzqvp5RSIGUzSmGCsebRnjPDMnsFSLgZkTgqTucfngLuJAEwEmB1RVi4QqwT4GRQqpr00m0s7bjgIgJYvPwjvjy5SaJqXaM/tvB23+X2dBkQKUesJtYuYgXrfyaaGWW6+IhUeglIhJkZxPjLWbzuANmVG5n40Er//a6LZYCStDU+2gPRM0RTk1SvPki6rg1Q+IX7SFKRWb6R8fdvcJWmOrOYqrrG7OwHDsl5OWrajgIWRBAsVo/gDXdhojTZ5p2E+Vu4lYpPPf2Y0Bff89fPAkQkDrBeHxJ/R+IpxEzgjfUiUkW2ZRfByFUc15CqamK+/YhHKWo/0T1Qzi1ExBpsVMLqElaPUhh4RuBXkm3ZQzByBScVoSdXUHrSTW3nIRwT259F0iKKGDHjiPlK8d1LPL+O3Npd6EIXCVcIJ5soPe2mZm2eivoGML8USbT9ZryvldG0Wz3UN+gkKpZhVI7860ssyLkE4w18e/GK2g2rSKRbiYNARNvwJyAILw5d3duBsL3fydXvO36Nt7dOMvD0ORWN67GlflmYMrr4uCAIoJ5prNwoB/jHGs8ea49OHzmexInpeXCXTx8Gp7P1tZ07zvX2/msLfwH2b631NzUvSna0rURS4XO/WDq8+3zf0P/G9AOyUDsBCTaamwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGtSURBVDjLpZO/a5NhFIWfL1bNoFQdREMRRAo62CqIhOImWRz8A9xcNU4uFd1asEs3cXDxX+ggFkTQoZRsUrGDCDpoY4VSEoPRku+e4/B9+UUyFHqnM9zzcM77chPbHGQKHHAmumL51c9eFNkYiAAMlpAhlOkQLNw5lwwBAEonj2CMBQYsI4MHIBJ8/dUeTRA2dm4Q2MbO0+QgyUgmOmMqRGQRsZFyY1drGNIJjQIcyhYNkrDIDeoZu8A0HQNIBQqjfClb7mr1kxiUehSgVITc6+mBzs4rdZOk4wBpChHq9R+GQLP1luaf9/zda9Bq73HrUf3J66cbi31ABBET+avnRmdfudNYpThZo3LtOlOnpnm3uULt09ZCuVo6UegnMBFGKUQ4+5UQaZitnRWuXJwlCsHs2QqRdChfngO43weECZlUzrWIyJLstrY5nBzj9qUHADy8+YILp2cAigNvID5/b/c6S8JhBOz+brBZX2ejvsZ85SVLb+5SPHQU4F+yn2ssV0uLU+cnH8/N3GD6zFW+bH9g/eMaP741l5P9nnO5WloC7gHHgRbwvPasPv8fJZl0Xd9fi4EAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAACYSURBVDjLY/j//z8DJZhh1AAcBvSLXQHi//97xD797xLb/b9V1IZ0F3SJ8QE1pv6vFz3yv0rk/v9SYRviDWgVvQLU+A+o8Q5QY8r/AqEj/zOFdpPmglLhIKDGOUCNd/4nC6b+jxP4RLwBBUL7/tcq/wdqTAdq/Pc/UoDvfwj/f+INSBacDNR4AswO4b8Cpn35roymRBoZAADgYeRxtD76EQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJPSURBVDjLhZPNi1JRGMZv6PwBLQaiqBiIoEV7QQaiaZazrNm0qlkMRJugptpEBNJMtAmapK9lhZ8oKnq5FxQVv7qOX1dRzBxHU8eohc219OrTOVfGSZyxC4cL73nf3/O857yHEUURmUwGqVQKyWQSiUQC8XgcgiAgFovNAmCmLSadTqPf70+sarWqQMLh8FQIQ5VpQaVSUZTL5fIIQmPEBQKBwJEQhlqmyVSNBqLRqNBut9Hr9ZQ4BYZCIXi93kMhDFXdTyTFf4jlSqfTQaPdA78zdFIqleD3+8Hz/ASEocr7lmVZBi3e3etjY2uAJ58BrjLcKxaL1AU8Hs8YhCE9Sq1WS0nqdruoE+X1+ACbGeC1CDzbOoAUCgXqAk6ncwRhIpHIPOlRajabSlK61VOU9QTwPge8yY5D8vk8dQGbzaZAFEowGNSSHqVGo6EkZb/38FToQy8eQNbjALs9hORyOeoCFotldtSLz+fTkh6ler0+AXlLAB/1L8FevwBuYQb8tVNwP74Bk8l0duxESX9ajuOkWq02gugI5MOrTSTuzqPjfI5B1o29T3cQu3VRZhfUtyfulWVZrdvtlugkUohIII7lc5BIMV4sAWvHAd0cWhuX4LmiKh06XS6XS+twOCQ6iRRCbQ8EC/79fj46Ae6yenDkjNvtdg05aYkOGHf1JH69uwmQot/3GPwga3tVBc+iqjr1pVmtVo3ZbJZ43SoiK+flb2tz2H0wgy8rx8AvqWX3ouoh87/najQaNQaD4Uxg+fR9oviV2ib/HVpM9/8Cz3kffqwCPcsAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJzSURBVDjLpZNLSFRxFMZ/944z42MqH2MllWJEkT1UjHETSFJiVAtdtHFly5aCm6xNWyFw2aoIoiAoWgjSIqkWghAuVFBTJJVGGV/pzPznzr3/c9qEaUaLOsuPw4/z+D5HVfmfKvhdCIadmCo9KrSLkFAFFUZFGFLh0YFbmt7d7+yeIBh2WlR44lT31jqlCTRSDmpRs4rdGMP70j8vQndZh37YBwjeOx1a2vLaPdqFFh/CZqcQbw0NcuAU4haewvFdvIVXeCsfOitv65sdgP/eKVfla+jCi5i4Wwy/HCSVNJy5eAhUmR7fIl4Jl6+fJxS9wPeRO2kRaqq6dN0FUKHHremLmewKm/PvCLuGtptFLM1usDS3SdvNIiIRsNsTmPUxis/2xcTSA+ACiHDDKWtGtj8TdbZoSkA0bLjSXkTr9QjRsKEp8XNpb4qC0tOI5cZuQB3Rg6xML+z5yOZymo1ls0dLLRrAw1pqdwAqGA1yePkSVhc9xCr5nJDJKEuzhuScIcgryTlDdjMLqogQ2vGBWObxTUP8ZDVzI5OMf0xREHGJH48SPxJi/VuGmdEtKqosx07FEFuA7zH7CyAM+qtjDWU1F2koNai/jfo5xObQwHC4CrQ+AFXCFY2Y1a/4eQZ/3cAykJ18mCY4gBs5Aeqg4oHNo9ZHxQdcQrEzaLSe5KeHad9jYAdQ1qkpEbqzs89AjxE62IwTKkdFQRQ3EidceRUtbmVt4i1+nu7Ge5raZ+Xkc+eaWB6X1PXWRirO4YZdkIDAs2SSMyyP9M8HPneb7uvQH7MAsPjUiYmlV4R2a0kEeQh8RgOfocCn/9KDv4TpX+oHaI9cJDajhlcAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKeSURBVDjLrZN9SFNRGMaPhGAUFEKB9CEG0QckCpUWpn+sLPqnECIoUTRSSdD+MFJM8gNJjXLDUCHS1t2kTJlpSYhjbroPttxV1DHHptgczW1+lISgc0/nnBoERRB14MeBe8/z3Od933sIAPIvkP9qMD09HU8R7Ha7YLPZhKmpqZ7JycmeiYkJYXx8XBgbGxOsVmv8LwYOhyOVCudmZmYQCASwuLjIWVpa4rvf7+csLCyAmsJiscyZzeZUbkDFEioOLS8vw+/5iA9vO6Fpk+JN3V10VxVxeutLoWmXYbS/i55xw+fzwWQyhYxGo4TFFpl4Y2ODH2y8fOKP9DaUYnV1lZvo9XqR0Dhf1Go1QqEQgtRkoLUeipJsNGdKIMtI5rRknUPHnRz+zimasbKywksaHh7+TBQKxbzX68Xa2hqCwSDf19fXOSxZmNsdqbjZnghfwAtaNlwuF3Q6nYs0NTV14sdi0Wj3wQzDjWOwuAUvklHVdw1XWw/D7rCBTgpDQ0NSkpaWdj5swA7SscHpdKJYeQZFQjIK5MeR+ywB91RX0GmRoeT1JaRLYzCoGYBGo9lOoqOjT4W/zsSzs7Nwu90oFJLQY21G9+gTLnxpkUI6WAK5sQEFynScfBCFYzURO0hkZGQSrUnc3NzkcZmBx+PBDVovEz8eKEb9+0LU9uehsi8H1e/y0aqrQebzFBy8T4KErq3MRKVS2VhzRFHkPbj+9AhemaVQmh5BbmhAm76OmtxCi64aecoLiKsgvj1lJOH770hIBGWbVqvtorMNsT8yo+UALsr24mzjbqQ83Ims9tNo1lYiV0hHbAX5FFNGjv72MhkMhn0jIyNBOmNQQ9YoTmJtFLLlEsSWk3kqPvTXt5FG/rq/fAt2lZG4n59/Ay6e4tcw3s+GAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKCSURBVDjLpZNJTJNREMc5GTy5J8LBiwcJiY3iwRAPxoMnTUyKpkGFIG6hilXTRtI2Slla4OsqpS3UJsWWpouVbgj9KKWVpGVTCIV68SbxxkGCQjTx77zG9YJEX/LyMvNmfjPzf3lFAIr+Z296OTc3t21mZmb7PwEan76ubXJOrD5PZNdaQ0trd12v6rcMoOQqqW8WMu8kuMgCHsXegNmXuVjVXwGULGh0ZtE6uoQ6tR/B6Mi8xDFRsGu5EM7cswk2BYy9zHjb3SlcNQ1BafLMMt/D3tAks+9rPdCZLOY/ALlczkZi5UmsfCaTeZtOp7+urKyg1xXcmJqags/nA/mgNtk/USwMBsPHzs7OfEtLS16pVKaZ0ubl5WUQAKlUSpjNZhGLxbKJRAJer1cUiURgt9svDAwMQK/X2/v6+qBSqS4xsEwme1dEVQ5OT09jfHy8NB6PF0ej0YpgMLjf4/EInE7nDko40t3dvVOn05Wr1erdzc3N5XK5vIQgkEgkQ4U5ksnkBwKAqgl5ngdVqwmFQrDZbCICgeM4UbtVjjvm6vUb+nO42HZq/YFejIaGhqYCYHh4eCQcDpf6/f5it9stcDgc+6xW6zGj0birq6urQqw/36EKXEFssQfz73kYRsUQGQ7jpPjQswJgcHBQSAC4XC5hIBCAxWKpZjOTWNVs5hrN6c/hnBHh/GOwpU1chyFxE8dvlWz8fI7+/v4vJFax2WwuI7H2aDSaSppzr0KhqDyrOIoXi0/w+4os9DDAr/dklUgskFggsUBigcSCVCrFidsHwPH10PB1hWRNvO5HB+tb+nEU2FalLYOOv1aozE5mk1+75W9LwR20V1nb388O5v8GEnKwdx3xuSsAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJhSURBVDjLdZPda85hGMc/v+f5Pc8e2wE2QtiMyZh5K4RSpCkHxJnkSElOxJFy4kDyF3DopR15yUst2pRpJw4cSJLETCTb0mxre57f775eHPyevdBcdXfV3X19ru/36rojd+fwuZtt7n7PYQRnt+O4A+5kyaePaSAko19e3rm0GiAme3DaobV9Q2M0NDyK+1QRZDDDDX6PTlBOHPO4mWpkANjbvmFltG/TShqXteMZAXPLulrWffGCWmpLMXuOnOEvAO4L29uaePr6EyMjk7gZADalwh035/fYJJUkZXZULRDFxZi1G5toWVKPKrgbZo6qo2aIOeVK4O793rkAjqrxdWiMYq5ApVIhJCli2b2QJy4UWVRXg7nPAQBMDdFAkiQc3dGSyc/U4e7cevGBUCrwT/2MgqCGBkE0R2fve5IgiDoqhhBRKBZJJRvqnAARIw2B1MBzNUSFAuQciwwzI9WIVP8LgCCKVIQkKKJGUKvmDL5+4BFrPj5g29AAv4olujviix3dcm1GgRohCSRBMzvqpFVIa/9jdiV9tJ48Q01zG+W33bzv67nSc6AwkZttIaQZIBWjHJQ0KIkYy991sm7fMUqfe4luH6e2/yGrmhryHvn5eGphUlEkEZJgBDNUnGBKCM788UFKS5vh0IUZ75eXkbdo1fQMVB1NNbNghogh4og4Y7UNTL7pou7JWZLyTyaB8bE8mufH9AzI5di+cxMeRag6oo5V8+iWE7x71UVj/TzifIHxYWFgMFLHr08Bep51vTqV/bxZ+4+Dw3NfwX7byuZvPTSkYPncd8dvHOyWq38AFgvYQWlFsCQAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALISURBVDjLpZNpMNRhHMc31ExNmjRTDdVMsxXLkntnTcmxJTKFMK6JnK1KcheKDDZXubbSoRdlNFFNGFTIbeiNsyjHnzI0ZrFk/621+21bx6wx9caLz/Pi+T3fz/Ob56AAoKwH2WAU2QyP+wNO6xKY3WgOsMseKJQvTrm6p0ohplzcuqR4/lsQ0QQmhzA0SxkUW6QPbv47xz9t3zBjd3ZeStu0g+OAFJGUESnUtYLwRqjHjyhqxxFCvVtE+dwxC84vc5ZklmV1dHnhrJUNlW9ty588ZS+wzSHiVwkMwxpAPRm/b0/kcOqF82/m5wyYpIBhwpXfyTCOyAjKLJT0Frji29sktD+xQgeX7ikrGoTVY3nhhJaJZFj/hFA+vD+YeMFOe7QwVhOF6c4yYHYUU53FaEm3Hl8UhNbKBKJdagVC1b0i0zPvyS3eRLayz7Didp+hSteb+fMT3XELwu8lGKtNg6DrNRaIRnQ9DSBlAr2QGsTo2euKlVUkC9t2JFNciUSKCwEFF0LMCi2S8LpjJWJBIwQDl8FrC8KXZ77oyXZDW7aD+qIguBrYsNEOCpv65VsPiE3Kn+y6DjHZgrl+L5AjHpj5HI2hPPPxKeNDH1cOUffKBwgpSk4iitLu5fDd9IOcsU9RS2FPkMPu4HfHoI9rSfalM4yk3aqtCA4HvcPjnTTz5XBkskZlZ0UIxIJ6kEO++D1yDtPSTnq5LJFjlh5/zTvQuVQBk3BtVWYEPc/7qjqvpzwaHRWZ+NHqjLkhD/Dar+FrrsXPqjSGJjNBe5CRSM9ZLbhYDgO2pp0+W8PqZQoLmCHQ+9AJNdFqaHpgg7oEo9E7/keOy24sWEON5q7NNg6jbV0R0APLQGeXQotdggR/HQhbciFszUJrkgWe+x0AK/AeaH6vligGzbdIxopAHmdTFZLjRRNV37YRVWVY1pVG6VD/9xv/AJGzmhVs7+fUAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAG2SURBVDjLY/j//z8DJZgsTUdmCkodmSV7eO8EkQayNN8+WPry3YOV/3d2ib0nVbMsUPPrT8/3/n9+Nun/1hbxP6Rolr99sOTtZ6DmD7cLwZrXVUt5kKb5xb7/P17U/b+4xu4/UHMRUYEI1KwK1PwOpvnSOgeQ5vlExQJQs8atA8UfPr+EaL662QWk+diSPDlWnAZsWjufedOaORyHZ0lrgzR/ebkfrPnWbm+Q5odAzYJY0wFQI+OmtXN5N62ZVbJpzYzrB2bIfX5zaxJY86NjYSDN34CaVbEmpN4lK5hWrJonBtS8ddOaeT82rZn9b8vSmn87u6X+393n///gdKP/QM3OOFNi95Jlks0Ll6+bOG/l//OXzv7/8+ny/09PD/zfPD/vHtTmVJxJuXfxErbW+UuyG6Yu+T9t15X/rQt2/k/t2vK/ctKa/0Utk7YuyFeXxpsX6qcvXdswe/3/tpXH/neuv/a/cu7J/9E9V//7Fi57n1w+QY1gZsppnfMvqWb6/8iSyf8Dcyb8907r+R+QO2tbbNHEIKJz46bF5SybFhVZbVqY17BpfqbEpnmpfJvmJfESYwAA/ZPGvT+K5AYAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAANRSURBVDjLXZNPTFt1AMc/77WltH0F5I9U1sqgc0qFxYNGlODiEj1sh0kC0WkUD2qiNxM9mCVc3IhGd0E9mOjiZdFkzJg5iI5ljARoNPvDwsZgDLvRCaxA4bV97/X9/Xkxhvi5f7/J55t8JSEE2qgkAwNAD2AC3ZGDwmQH2qjUCJwHysBbkYNiAUDa+pkAcDyQeOP1ipZ3dhmZ73Pzq+ri6fAZB+j4Nz/bq78qpxKxlD9YJ5nzx+4AvTU9Iis9+JGjla1vflDZ/FpTITO8fS+74L/QdFZRgi6hgAeAYctYhsaBtV59d9thfG5B02+dyAKdsmUiS5XNlVuLw9uLSwvKdOInpSVqUWsYmH/l0RbzKAWNWLSCq40nwquZ6UpfXWetCLUplkmrtPQt3bYU/m5T3hOfSv4SToT9BHWXfXtqqamSEUjkVZc/59exQz4i+TM8oQ2bgdLcXFAUjkhCCD4+ee4LX83uj5KNCjWmoO9AC1uqyoZmkGiKAeAIODW6hKcI1nKrbGj+wW/efu6oDLDqND3jCfCKFu1769AdQSAQYOz33yioKrZpcn5snNTeetScgSE/hGoFuwD8AKahdTiWhGp61NWFMF1BJBzm/vIyYxcnmL0+g/HYBYyVEooxBDURTEPrAJABLEND020My8N0wfYgpxaJKAqz12c49EoPlnCI17exIr9LSdewDI2dBbOFoo7k98is6biSzJcjh8g1nkZN/soP1/qpV+K0xZ4lUfc4d4t9mOX1uZ0Klwqyf39eCZK+9oBUshrHs3jpyX5c4eF6Lh6CFTVLR7yLkmVwpfxe175j/dV+AKusnbPKWt8t15eS4w4nhwVlx8IVHvc2F7E9B8ezsV2bglnkqUQ3JVuX/shMbsoAk0PvX7bL+lAysq3PZja5uZyl7JRxXIfGqkeJVTXzSHUrAV+IhugurmanmFqaXNctnpaEEACk0+kXo9HoxdzGljswfNv3cPsgZcvC8izKjkWyPkVn68tcXp5m4s54Xrfs7pVBMecHGBkZaQDONjQ0oJVUtbR192t14sj+nWe6kvrseUkOBW7cv8En7V9Vx0Jx878R8/m8AfydTqdbgBdmTn16k//ROnBcG799KfBhy+fFCiNczBt5DeAfIAavfKIsB2UAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAInSURBVDjLpVPLahNRGP5mcrWZhGgaLEwtJFJJqQEXgoKIkKBkKfoAeYKA4M7S4kLyDF34AF4eIIOQMC7sooqbECExImnSGgwqTTtmcubm+Y9MSAWh0AM//7l9l/9cJM/zcJYm44wt6Hfa7XbdcZwCD9i2DcuyZsEYm8V0OqXcKJfLRcJJVAIH3wmHw3o6nRab/m3zZYZCIei6jl6vV6xUKg3hgCtuJZNJDIdDRCKRGWgeSP3BYIBEIoFMJkOiG3y6ITWbTaGeSqUwHo9P2KVSCChJEgKBgFCPx+OIxWLQNA3dbrcYJHWyTrXSpmg0KsJXn3dC2XVdmKaJfD6PVqu1ESQlwzAwGo3EAfmb6DAp+2PtZxUTy0Ap+QSR0DkoiiJcEkGB2GlAIF6SsCzL8gkHE2WK5fQaXu1v4uHiU6iqSphCkFSpVgoioCCCL6nXXJlfoWuD8TX1/CrWlm7gyDTwvP8Im+pLUbYg8IFkNZfLidz9xXB3vQzH4+W4fA0eDg77yC/fwjGb4PHbEq449/8S0A0QgW+XwhwxAe79+AyLu7C5G8uxMJ4e4dql2zi2fmN38gJBfqJarVYrzb0ykc20CduxcTGxwsGOIPt2uIcLyhI+9t9ht/Meq8PijvS/z/RgO+ua9B5cBtNmuLy4Lt3M3sOHvR3UO2+GzEbxoOp9kk77G68+k43rK4UFvVPfZ64At2d/4TQtuyUZjhtYmLhO9nvV++rP/wHfnZcUJl+kcgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAB8SURBVCjPY/zPgB8wMVCqgAVElP//x/AHDH+D4S8w/sWwl5GBgfE/MSYwMORk/54C0w2FOcemgmSIMyH1P7LNCHiLBDcEZ/+agqwXaFbOIxLc4P0f1e7fUPiZGDcw/AdD02z9/5r/Vf7L/Zf8L/Kf/z/3f/ZsiAwjxbEJAKUIVgAswNGVAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAI9SURBVDjLpVNLSJRhFD2f/+QThVHKJ41Ti0pblCAKrtJQ7LGT0E21CUEisFUtioIeIEGLICkwahUtooW4aAQTcahNBWE1gWOY4yQIio8c5/vuo8X8jYuCBO/mfmdxD+ee+x2jqthJ5WCHFYg97U8wc7UIg5nA7EDkQGSz3TkLIhs5dWu84y8CZq7e09IJVYayQIUgwlAmKDsIE5QJH4aftP9TAZGDCCG9koQyQchB2GU6WQhZ5JVU4lHxAAZvvlEmBhMzOeqbvHfycYDIorzu9H935fExXO9pAIsisbjuPXj5/i6ADMG1kRnEkmtgKyDLYMugNGfxwaoikCNYUtSHgjgaDuL+83elABBwLo3e3ZPYyJn1JTuwL/0PLiwL4UKiESUFBrMLyzhQE4SzDlkCcRZsU/6gyw4K2YyR5OCsgyPBl8Q6Upa3CKzdBJNFbnF5xnHynRfyL8BQcji29hru9lWEk3HY0gq0ppsAnIM5c/yIqgpEBKoC9buoZrAqmosFnfWVqGvrQl64HqlPEUxNjGLl29dLOS9GP5qppPse3N+MqsOtiC2aVKihEyW1TZheyh0bjsZNI8/NHGrrQn58HOZZDwpnXmFfbRnUaH/Av9LZaDQ6ACAFYCgSiVz0330A4IkJ51eEgROXtz7QjUp4YmrNdsIUaQ/MtXSfryn6MYJ0agEbANZWPcTimN9WmApLy4c+v52gn5sFWPV2YXnJYHresAIPzXbjHO3ee+XXUrLXYxNiT+cVGOyI0J3frMiI4RHtXVwAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAK7SURBVDjLpVNLT1NBGD1z7+2DR2poS0uR1tBKhNBGKyaYGDSpkZ0LXZogK/fs2LlSdOFKQyILE5P+BF2pGEx4KApEbGjaRkGqtFRKX9y29+3MNeDKhMRJvpncyXfOd77z3SGGYeB/lsC2mZmZ+81mM6YoSoumaUSSJEuj0bCyU9d1YrPZZKfT+XJycnKC5Y+NjQ3RYzMej++T6enpEzzPl6PRKJgaCjAjufYat6/3Qf72DI/f9sPhHUA6nRkvlUpPKNhBg0kf5kOhUCIcDju9Xi+y2Szy+Tz29vbQHejH3MovpGrncXZoBIQQ5HK5GxzH2ex2OwRBINVq9bJAq552OBxIJBLweDyIRCKgrYC2gs7OTiSTSczPz8PlciEWi2F3dxflctnMSaVSZwSWWCgU4Ha7obQF8Gi2AVEl0Kk+G7HgSk8QzlqNyk+DqWTATCYDn89ntsqxTRRF+P1+vPgiQzI42C00rBw0zoJ3P9pMYLFYNMGyLIMafKTSJKBum3GgcbQ3ngYHC/cnVGIFnRDaY2m8qT9EQ66b3yzfVMBYDlnZMgwd7NcgHEDx4DmCep2CVBk97gGstj+nJOIRgXCogDoKq9ECVbeDoxOy2+6A5xVAV7Goqjjp7MNA1zBqTRGfR95D+ur7S8Cqr6+vI9odwVrFA0mgY9JlXBsch0YVabpGTTWwU8ki0nMJB3IDK1Ic+ko/BFa9UqmY43GVShju7TXN+UglM/D3YgYKVaHqChRNQVWq4Zx/BAdKHR9GFyDQmU5sbW09oEpsHR0dZHl5mTCC7ltNqJoKryNAwZpJlqtsw9nehdXsAhY3liAsnVog/3pMN58G9SY1V6atMAND7kFyMTiKT9uLmE2/yssqru5MGRvkuK8xfI8TLwRirXPp2Z+yboJT7P7YBMG7RNR0vrWha8HClLF5eP8bbVCla6rK198AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGsSURBVDjLpZIxixNRFIW/kVHQQlwEQdgUdkkgTX6BkMIi/yJY5geE/ISAZIuUSb9lgnYWNsraaOkkTSSz6MLWJhmY9+7ZIm8mCUYLvfDg8d49h3POvZEk/qdigMFgkEqqSEp6vV79b4But/shz/OXzrlkMpnU4/BeabfbzGaz2pt3NzIJAd4DAplhAm+w3W7pdDqMRqNaqcB7/3U6nTbjR095fnYfGQiQCRPogOT2yTnD4RDn3CeAqMhg8Panzs8e7AAGkpDApJLITJiJ5U3GoPMiKhUQ5HoDJMwCsLjbMUnu7ThEAHnbNQrMDBkBYCWwIHTuBIEzMC8sNO2ai7vtlQjM6XcCc4Y3lT514FnBUqHEnSJwDry30v8xyV6RBM5OWfAe7+OQegAqjPIgQEl4f1LB7qOUa2DB++E4FbIqKpJEq9VK8zyvPHz8jFedi6PED6VL4vLiNd+Tz3jvkyzL6vcAsiyr9Pt9bn8sWVyvWVxvmKdrFqtfzNM189WGZLUmSTcsv10xHo9xztV285doNptfGo2GVavVK4UF+tOJ4/h9FEUCPkrar/K/1h35Nbw8S+DdbwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAB+SURBVCjPpVHbCYAwDLyIIzmEX07hCH64nAOIuo1Sq+CZ1ueXVsyRBJrc5aBCPEeEvwuxK9XtDn0Si/ZU9gUg2Z/dYEuiuxSI5mRtwyuEIR5KOpVZYRUjjMLVVkIVCk6YPPdg1/LNQ87xdtl4JauaQ7CHjAfXeK5FH+7h9bNWB/9J3PASf8kAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAC4SURBVDjL7dK/CkFhHMbx5zrOlbgE5Q4MBgulhIn86Wc4os7AbjEaLThhQekYbC/JYMBIp3jrcNLjBgxHshme9VNPfUES3wx/4D1ggYYFSgO+MqGV4CwFHIxPAJnLk3vb56734KjsMouNBAbquKv90Oei4nGc1nRamkksVWCgCletux4nGc1B4sZp7coYxsGBIk5ily50mpoz88pe/sgIOsEv5LA1UlhJHDMVRV+F0ZYQTONf4o+AF+Us6n1474tIAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGeSURBVDjLxZO/axRRFIW/N7o7CZIIKhosAoIIopWNqEX0L7ARG0EU0V4UVLBJJVjY2FgsgiykCOY/SIw2tgHJqEELUUzQJpudcd/c9+M+ixBYhNkmhae7X3E498AxKSV2o4xdau/wMfv6V6XK89mrRx4N8zud78ve6UXxivjAwv0TpinBvqg8uNf98WQYWqucmh7j0ukJSknNL1ivnDmWm8OT7Ye3Xnx7tsMH4hAfcV6prGs2EBdQYPpgm6n97buXn669BCglYV1CvFJKbO7gj0+4oPRt5PhUi02b3zz/+EMbDLUbo24Z+labDaxVJCi9QSAzcPLoOC24tlj0ZHI8Q3wkWN9sMBCH80rtInsMZCZRB6USrco65hmgoxKUkhCfIEGeG94WW6x87S+QOPR7080cmGiRZESJld1uO28Zllb7rKz15n92zl5Rq0kk4oKS6jgqQUS88q7oUXwpu+vdc9cBkjiC2+5n5At9qywXPT593nq1Pnfhxg5PdcR7xUcl+dBsEKzn42rZ2ZifuT3M1Srv32yQgvLv+Mx/X+Nfknb5JPA+HGwAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKYSURBVDjLnZPJT1NRFMb5G1wDHV5boNiqdHrvFYolCAtsGSSWKpMFKhYqlDI6oAEKaVJwCIgSphaKtLYWCgSNBgRjMNHoxsSFS3cmJmA0NMTw+R6JKKZl4eJL7sm953fOd3JPHIC4WMpcppG5SGnZc8ZjVVF6QLn975sDgfaZmvg71oRJZIRUYcuAnq/2KWroGfm3QwEn2YpLVPPvOD2oiqj9yq/mGznegl56mx6T7ZbY1M6YAM0CuZkxT0b2Wg6QW/SsApRXDsotR+d6E9Y/h9DuqoCuJq0lKoDxqU1/pITGR27mBU4h+GEcTz5OY+ClA5JbyahYzof/9TBO9B/FcWcqpA4xU3We3GJ87ntnfO5meinMvruNnqcmXA2XoDVcCc0wCYkzBaZpA7ILRJ/2O2B87jA+QT9UeDRe8svZYAG8b/txc6kc9mA+yqayYPQXwvdmBEOrA5B2p0BtFIYOWKCm5RukWwZyXIbA+0F0LpaiKaBHmVsLw4we99ccsM8a8GClF5JOMcQdou8prULrgRmQo7KI0VcE13MrGv06lE5kodhzGvdWu2GdKkTVWC4DcELcJkKyXbCb1EhAVM//M0DVUNqP2qAJd1baUDaZjTMTeXAttsPi0cM0mgvHvA0NkxYk2QRIrieOsDmEmXttH0DfVfSluSToWmpD8bgOroUOWNw6VI7koGfOBuq6EqLLTNU6ojrmP5D1HVsjmrkYezGIrlA9LjKgnrlGXJlpgbCOD0EtD0QNN8I3cZqjAlhJr4rXpB1iNLhrYffUQWoT7yUKzbxqJlHLq0jc5JYmgHMunogKYJVqF7mTrPyfgktMRTMX/CrOq1gLF3fYNrLiX+Bs8MoTwT2fQPwXgBXHGL+TaIjfinb3C7cscRMIcYL6AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAEPSURBVDjLxZM7TsNQFERPrIielg5FFNkVy6FhN6wiG4hC5AoJVkAR+84MhWM75FNRcKWRXnPP3N9bJOEv0fDHWAK8vn1NZSghAgUsIwcpWFAlXp4fFxcAgIf7O5LgQBxskI0NPkLaz7pegRLsIdnOiUDyAHDoe90AiDnhzHVMtkJVbgDKlK67WkEG23QV9vt9bGOb9Xq9WAJUeXY7c53eBvVitXoiCdvtdq6gaoBccx3bsUMJJNE0DbZnQNcLaXnV1TpCEuR5iJJmQF/m/eObOvY/DNXT/pUQmwDj5Y4VkORCbdtGUrqum3Q4HCZVVTabTZLMh3QakkhC09y+9F8tnIdtdrsd47puCWDx77/xB7F6hU6PdBGYAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ6SURBVDjLjZNdSJNhGIa/VSQdRQcSISQeBI4R5ZrZNIO2Mj3I6CCCfinRfoR2IoJM020sp8OcoHNQassG1laNpAgdhqI2f0GoOSwTS4u22p+b29zP3ft9Wi2b1gf3yftyX8/9PM/7UQCo9fTJeERNhBWpV9//lzkc+MAoHuTfZt84gvZWhDw95DjKQGb0grvrAmLNgS91CH7T/qwO+pvR8mFu4r9aD8BEps3+uZsIfG0kMi1DDAJEww5Ma7gMZE0AHZk2M5qXMJCQ24SFKSV803mIBHoxpdqLtRP435IENb8hDEgKj+UYXOMHSHtPYClnxzVvoGdg6xcRQxXcE9nwvTuP0o4sFLalwTnGQ8gph6WSja5bPOvf+352FLaBUiw5DKQan5iPk+qFuNHOhaTzDE5rUjEp4aBbkf7mjyHS5mjYTfrsxuKcGCJdNkQPMnDtPg8FLXtQ/vQUHo00oER/Ajn126PZym0sBhD70oI2PRas+XAOcVDcngHjuBqPxxoZY8eICipTCbSva3FVl4P06oTQbhmLtVLZRSIb4bUK4TCnwjt5GAWkX9p8u0uEmpfFkL8oQlXnJUifX4GmT4Zz9w5iVyUVpAGeJWc3GRYfjoFULL7Ph/+jHGfvsPFwWAWduQ7awVq0DigI5Dqa+6Qo0uUipYKaTCqjtizv3DsIt0VIBpYL36wUZkWa62RzSjSvISkirE+MZCm3Ri60ZULdW4XL7TlIrqAmdpRRCcwMZg2CMb+9H4uzlfB/bsNQLdfZpcpsWL1ejoxlv6gVIllMjRLz5l//wnDLIfGEev/8qGqffUTJ/d7XlFUd73GRyPad4o1ILKM2xZ7/AGAf1Jkquq5mAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAITSURBVDjLpVNLaBNRFD2TjIq/TdGM0OJGXPhBFENq0aUrtQYJCJaC4GdZxI1IF1XBdiEuXSooBNKKisXfTkGtFqsIdmOxdaEUaSIlTtp05v2u902aTgIuKr3wuOfdee/c88685xARVhJu/k25jznOazJtxhhoAyibtcUExTkeGloR181Yf/f2TERgiHpymY2b/qfr1aHJPUsKmC3aPPz9HndW3EVBcpZaxplr9W+XO/ohpV7TQFDzoGvn2WV1nw+YVOnYA3tWG4W3xWURHE+3QDQSqEUCG6cOpXB/ZAYnD3pLtYejM8gdiOe//aBZgWQCNhJukhe/LyKZTODRaBFOAkgsLhr+wOp4zSoX2NG6DkLGBAl7BOuCm3SQ60jB5V13P3fjRCaFLA8bNmfbPRzZ79V+rTLNCojnduPTTyXc/tgFJVSEH09fgBQSD/ISYRAiXBAIqiECxulLgmzNlcxmb2NnejOO3TqMLS0eS5S48bwTSipcPzPAXTWqsoo5OYdK6KMifMbzGMwPwekbnKKLR9swNuXDYUkDL7LcVeFK9hnujJ9r7lytYVsTgYzUoTc/QbOVkF5+KZGNV+Mlau/dR/VgY6kxvv4o0+mb7yyMlNc8YLB76wb8ml3ANm8tCj2vMTntR4btal2NiZ9/mu6CMWQaLhKNXCt82yu0WW//rx2afZHR41H/vEzlSvCkjp2VPue/lFt5YsuGFGsAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKySURBVDjLbZNdSFNhGMf/Z9txO8t9iBuHvvzIaszcXKlBV5qUehFWLmkVQWAhGEQjom4isIugyIuBRHUTpRdBSFYIdllQoRlq2ccWbpCGms7PTXc+e0Yqw+3Ajxfe9/3/znPO876M3+//qihKPjEVCASKkOHxer3fRFEskiRptKenx5m6pqPgTlmWnxLnfT6fmklA4SRtRN3GNR0F9UQD2UV7U5tk0OghSCoEBbhgb8f2bODs5Q86ClcSxRsFGgoOE/eJYB/7kItx85zGaONUzsaF4eYs3AQnCMIv4jExlFYBBc1EJSFZ2EG8i31CufYeNLIDvdHjGJpzQRDOSfT2k4Qlk0AkwrTo4vVARW425oQWLMXdiM7XILhoT36/QiT38GkCmhRWBXtq+SJkMUZIKETM8hfY0gGFERHxbLI2HrZX+++MLGUSmImjPM+X9l4dT+uAntWgqTYnb5enkTlRPbmYSbBAdIfDYclxs7uMoy6IMiBQQ5tsD2CLRWAwljDmzXtR5bEYv3cdq3A2vOhf7wL92SyikNB+TNzGgjwKRU72Hhib1SM+HoLJZoW88BKF+5u1ckK48aWjjk0VsKsC5n8XLmFO/AlJpLMwEUWu4xSw8hl9TzqRbV2GtCIcIerXBVT+PPGMYJNdqKeTY7S1YJuuGfvMUZhy4lASYUBVIC/1o7DqCiMlErf6AgdMaxWUEqeJgoO2fNXJFagVJo96aOY3rHkeKPFhyi6jzOuAIvyBwRAE7/I5pYTgXxOIxCOWZY1vrk8yr69FmKn2EJPH18BomoYqzQCMFgNdQdquQFkJwr47H3JCvPi2taSYcbvdP6j8HcRwKBQqT1qpvDHXmc6tWk2EBLM0k3rHNNByDkyODCL4qvU5o6rpF/D93bJpVVaMqqJS+UoK6vqI5KiqA/8ArTiuh9VnDK4AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIhSURBVDjLY/j//z8DJZgsTV+9fAu+uHo8+GzvXECWAV+c3R//mTn9/ydLu4eka3ZyY/ts63T3k4Xt+4/GlqS74JONY+9Hc5tdH4wsmAmGgWv9xQKX2nMPnapOF4A1WzsEfjSzefLB0FwUHoi/szPX/05P/f0rOWk9ugHONWefzNl44X/B/L3/o7LXnn1h4fitN6i22Tx7W5tpxqYHxmnrChh+p6X+/rd10/+fsbF/f0REmiE0n7F3rDz5wb7s6Bu3gt3Vz80db69zTd1mlr11tUnGxt89Cw/8N0ha9YDhZ2LC+p8xMb9/hEdc+h4Ucu+br//JFXFNi5zKjz20KztiDzIMGFgzP+iZboQZbpSypsAgaeUjvfilqIEI9C9bf8rk3Wd8kz59sHV+BQysa8DA+vNe1+RreV94S96UiE9pff7/I1scPnlW6NWgBCLQvxKOVaeO2ZcfW2pbcogTGFgGwMD6+2/alP+rYhz+Na5O/L/lytT/F57t+t+/O+t/eL/uf/NsyR4G17oLBUD/Pgf69w3Qv6XILnqvbbT+nZre74RWlz8bL0/4v/HapP8g0LMn9X//nnSQAd8ZnKrPPJi85uJ/oH9f4opOn2rD/9uuzPmPDDZdmgoy4D+DQ8XxArvSww9sivYX4DLAMkf6e/eupP/tuxLAmtt3JiBcQEzqAypsCe7R+N+7KwVsM4gG8cFhQGwSBiruAOJPIGdD6Q6QOAAJO6JfeUJqowAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAH6SURBVDjLY/j//z8DPlxYWFgAxA9ANDZ5BiIMeASlH5BswPz58+uampo2kuUCkGYgPg/EQvgsweZk5rlz5zYSoxnDAKBmprq6umONjY1vsmdeamvd9Pzc1N2vv/Zse/k0a/6jZWGT7hWGTLhrEdR7hwOrAfPmzWtob29/XlRc9qdjw8P76fMeTU2c9WBi5LQH7UB6ftS0B9MDe+7k+XfeCvRpu6Xr1XJTEMPP2TMvlkzZ8fhn9JSb+ujO9e+6ZebbcSvMu/Wmm2fzDSv3hmuGsHh+BAptkJ9Llj3e2LDu2SVcfvZqucHm0XhD163+mplLzVVtjHgGar7asO75bXSN+VMia/KmRHxK6/P/H9ni8MmjwqrNoeKKKkZKa1z37F7H5uefkTVn9Ac2NK5O/L/lytT/F57t+t+/O+t/eL/uf/NsqV4MJxYtfXxmwo4X/4F+NYaJxba7fN94ecL/jdcm/QeBnj2p//v3pAMNkPyOYUD8zAcbJ+189d+z5UYOTMyn2vD/titz/iODTZemggzADCTvlpuNE3e8/B/Ye2sJTMwyR/p7966k/+27EsCa23cm4HYBMGq82zc9/5+3+NEzx4orbCAxoMKW4B6N/727UsA2g2gQHyjeg2EAMGqEKlc9/VOx6vF/29JLgTBxoOIOIP4EcjaU7gCJAwAM9qYI32g+agAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIMSURBVDjLpVNLaxNRFP6STmaKdFqrgYKWlGLSgoiKCwsKVnFRtBsVUSTNyj/gxv4Bl678AyKCoCulgmtd+W7romgzKT4QMW1G+5hMpnPnnuuZm6ZNawoVBw7n3pn5vvP4zkkopfA/j9F8cafO3FekCjGpIgKIvayftTXOkr71jkz2/UXA4HxXfz72gIx/lBsWSfiVtwiWHK8B3kRQeX/6lmnnkuDAwn0MJSKQEFChQCp9CcHixxgsGWw3B01uRKfx9t1HIP1POpoSdUulLyD0vqO26IAkDW7tgSZYeHPqcmpXxkTChKzOaAKSEdo6jnEWVY5ehFxdHs2cn55rScDR73H6DKyyRWs1R0haGdR+z8YZ3MyMTj9rpUKi/PLkUJuZfmX3nkNYmQBxzYprpyCA2XMRrvNAcdfDhgKkm6ttKTdW6jH4w4RpD/ALAaNzhH2kSwALoSJCd9+VhIqEVVeD4C1MclaOT0Ke0Cowq+X9eLHapLH23f1XreDzI27LfqT2HIfvzsRAyLB2N1coXV8vodUkfn16+HnnvrPDhrmXsxBY+fmOwcVlJh/IFebK207iuqSShg0rjer8B9TcWY7q38nmnRstm7g1gy9PDk2129mjinjy3OIvJjvI4PJ2u7CJgMEdUMmVuA9ShLez14rj/7RMDHzNAzTP/gCDvR2to968NSs9HBxqvu/E/gBCSoxk53STJQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALNSURBVDjLjZBbSNNRHMdn0x7qQXwoyoqYS3tIJUsR8UHnFEKayXCO8Dp0mje8zLVm3vJSGpk6539azQteZt6aYmuKoQ8q3uY9LSJHqFsUJGpqpNu3v0FmGOaBLwfOOZ/P+fGlAKAclFQ/S960zHplse4M5qtoW5XxVnIfZ6ujv+8PhOO9zzK1NTTDUv1p7E15DL3oUAJ5yAnJUqsjdGo+NgYLoGtxxZLiHGZk9OVDCQg/8wL9hBor/QS2JqqxNkBgcVyFnmwH7aEEbG//iNnaJOPqZDMMc61Yn1FC3ytBVrB7yz8FEQxrXinPY0USxAARytyK4tqNSkQxP/QtAiy03YO+PQ19ZbGw519SOQltj/8lCHG9wCzleRqKAhjYm4rCeJSU5yBfmoaMR0K0valFbk8W7NIvVl0W2BzbFRRyr/Q9ifJFa2YYZutTUSfgQBLERFmkJyonUiEbE+GxJhF5miQ0vZUjQRkHlygnYlcg5dKb3vco9hWmSGGgcOwO8jVCZI8k4O5INMRD0eARoZgnfP5fWH62H6TjYigIFroCLdHNNEUb2xwPYh2ge3r9j+DI1WKxVBy3rzBbTjKKM90wnuyCzZcFMM6qsd6QhOEYe+MA73z1L9jEtSGcLdCs9X4C7je2IK1CAaGkCs+GNyGULqKRabG6QcKQsACRBfmIhi8P3dHpSZ2n0LzLOJz4jvX2OQNyZgH+MBDcC/h3AFwFyfQD3R5mMGpasXctZ5wiz02NlKkcx+3R5hIIXugRogZClEYEKIzgVBnAkgGsEgNUN07imzwMIKHvtyn4SubjLSo6vaiLFG2xm645NxE30wcR0QXwXpETKIGgdiBwZ4q8eVTzfTHEt4FORMNnsRk+hJvgNct0W+1FTaG8q4l0UWWxU5w5tUrHhBEw0qfITIOROgm3FA3o155rS5LDM0di7RvIH7U7Y5P7wg68099P+T6oezGZAe0AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGWSURBVDjLpZG9S5thFMXPG2NUxE8oxFAtKFnyLwiCHaxOnToodmoVh0qJFBVcRXQLuOhWLLQoWtsIfkCzmNLioA52EYz64mBKFAJKCXnuuU8HWykaS3i92z3Dj/O717HW4j7juxm8+TZQMvS1f9QzgNRZUnuKBTj/KkSTfbGG8tBrVYWbdUEqKMzQcFuEGzRc+tD76aQgILrZNx6sCI01V7XAcQBahaoiJzlkf2WRzv5E6jT1mUamlvvXv99SIDVAEgqFKEESYgU+x4fyQBnCwTAiDyNPjZGRzlh7Y0GFgbXn08HKhlck4Z65ECFC1SE0PXiEUn8AqsRe6gcO3IPol+Fk7NYRZ7reDbrn7tvjjLs392zRed+97Bymj2KJncTJZe4SF/kL1FbXwhh5cucXxMhLMTL/d//4YjVq8rK0f7wPv68UdTX1kLx0FlT43zyebLUdbR2gKuKrcWxN7DoA4C/23yYvMBSoVYjhdV40QIxAlLCWECNeAAT1TwPx2ICWoCroTYFXCqqglwYUIr6wAlKh1Ov8N9v2/gMRLRuAAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAI5SURBVDjLpVM7i1pREJ7rYxXFiKjxVYhIMBhMbWGbIk0wasCsCCkD1vkR5gcEmxSpsrLIxVaQCKYQRAW1kgTxrVEUn7i+bmYO3MUlkRQ5MJwzc2e++Wb4LicIAvzPkZ072WxWgYCv0N6eTqeneD9Bw+epjvcPvD+jZf1+/1Gs4UQGWOzG91ej0fjcbDaDWq0GlUoF9H0+n8NyuYR2uw3j8fg7xsLBYLDHCimBLJPJfGu1WtROuHT2+71QqVSEZDL5RayTiFTQeWYymf45s81mA2zy8o8dYJAhjkYjUCqVoFAoQC6Xs9hms4HpdAq9Xg+cTifLvQggk8lgNpvBdrtl/uFwgMViAXd3d+wbxf4KIM4klUoZA0omw7kZiLhsKj4ej5cZULJYxHEcSxZjEonkMgMRgOYtFArQ6XRAr9eznbjdbpZTq9Wg2WzCcDg0xGKxD/V6/dMDgN1uB+l0mvnRaBTW6zV0u10GSOChUIgtdjAYcKVS6SPqwngvpFQq9QuFY8zn8/Dm+hpSNzdQrVaBROXxeKgIJpMJdQer1brDBlc8z8/vGdCsxWIRNBoN8wOBAPPD4TDodDpYrVakQkgkEuBwOBaYYtBqtYrzEd6hZHlc1hX5NAqxi8fjTNZ0aCRqVC6Xf/p8PgPqYsud/42RSOQFbvzW6/U+QsVxNC8tsdFoMGHZ7XYgtWLOFJcsyeVywwcALpdLarFYPNiRxzkfYxEx5FCF75Fhy2Aw8OjLUVTHfr8/RkavfwO7WaXhrjM2EgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAH8SURBVDjLjZPfS1NhGMdXf0VEQhDUhdCN4X0IYT8ghIJQM0KoC4vushZddLELKyRhQQkSFIKEGEkUCI2oxVhepG5zi1xbc0u3cDs7Z+ec/ezT+x62scmmHvhwDrzP93Pe57znsQE2cR0SdAm6d+GwYL/M1LBVBV35fF4plUqVcrlMK8Q6TqdzYrukJuiW4Vwuh67rdbLZLJlMhmQyaUnigVlC05f4+dbB0tQplp92DsnwPimQBaZpUigUrLtE0zQURSGVSqHF37DhGkVZeQdagszKLJ7HvZtNAhmuIQWGYaCqKps/ZkivPqCwPs/Gp0cYvjnKUTe+F9fMJoFoo96zfJZ9K+sLpP33qRhujPANtr7dJPhqmO/PBxX3+PljTYLtqImPpH13qZge9LUrmLEB1FU7sZd9jJw5MljNthYk/KLnxdFqeAjzdz9Z/z3Ck2fRE36qx9pakAjME1y4Lbb9GTMyTD52GUXsZO3ZadTkL6umrSD4ZZrAezvLH54Q915EjwywtXSH8FQf+t+I9V12FLwe6wE1SmjyAi77Qb6Kt3rGe9H+hKzwrgLH9eMUPE4K3gm8jpPMjRwlHfNTLBbr7Cjo7znA2NVOXA/PsThzi2wyah1pI+0E/9rNQQsqMtM4CyfE36fLhb2ERa0mB7BR0CElexjnGnL0O2T2PyFunSz8jchwAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIpSURBVDjLpZNPSFRRFMZ/749/Kt3IqFTSRoSMmrGIYTTbpEJtjBCCok1Em9JVG1dRC8FFEES5aGFEgRRZWq1iLKKxBiNqLDcltQgmHR9hY6LOu+feFm+YGVsZXbh8nHO53/nud8+xjDH8z3IB7r5avGgMZ8XoBq01okFpjYhGtEGJLtmCKINo/XbgVFPUBdDG9PVEq0P/UvnSvdlwQYFoHQIY/3obpRVKFL5W+OIXUVThrL91AN+XihKCwIeTu85sqPryqsJXUvRARAMwkshsiKB7fw25UgKVJwA40V7H/cl5jh+oL+RGk/P0xIqxl11dr8AXjTYG14HRNxkcx+ZhMoNlg52/ND6VAWMoc6F5+2Zy/l9PMIDrWByL1jI+tcDRaN06BaXxbDqLUnq9AqPBteHpuwUcJ0AIcgBXH93h+/wEyyuLrPk5cmv7gNY8gdIYYyhz4PDeWuIpj85IsS2ujQ2zJAk6DkZpqGnixcwYyU+PifUOX7Eh6DoAx7aIpzwA4imPeMrj+bTH+88PaNkZQWwhsrULsXxie9oAzgcESgUe2NAZCeE6AXZGQhwKh/Cyc5RZVXQ39wFwoeMmjXVhgMqiB8awe0cVP36u0Fi/iW9zvwuzkF3+xUz6Nal0gv6uWww+O02lUwGwmv8FM3l55EtLTvQWXwm+EkRpfNEoUZRXHCE5PUFbuJ0nH4cot1wSH14C3LA2Os6x3m2DwDmgGlgChpLX0/1/AIu8MA7WsWBMAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJcSURBVDjLbZPfa85xFMdf36/nebbGBcLaMmtM2DybElsjQm5c+PEnoKSQCzfEnZtduLRdSJFc4UK5sEizSLtQNCYXJMXKlMeG7fv5cc5x8X02w06dzqdPn/M673M6n8TM2H/6WruZ3TaoYPQYhhlgRh5s1lUCwU18GLpxfjVAgfzBMYP15bZVyfjXCcxmkiCHKabwfeIX085QK7RQtRwAO8ptTcmujiZWNZSxnICa5lU1r758cR11tQW2HTjOXwDMlpTbm7n//B2VyhSmCoDOqDDD1Pg+OUXmPHOt2gJJoVRg7cZmWuuXIgJmiqohYogqUY3pLHDrzuP5AIaI8nF8klJaJMsygvNEze8jCygUSyxbWIOazQMAVJQoAecch7a25vJzdZgZ1wffEmqL/JP/R0EQRUIkSsrNx29wIRLFkKhEEoqlEj7mQ50XEKPiQ8ArWFpDUixCamiiqCpeErz8D0irQyREIWYRF4QsClkQXIi4KDgvuKlnfP50iZZ1A5R3j7PvXOeFvxWIElzABcnbEcOLEkWR6ac01r9h84YuVi5dy+DoXYZfP7nYfbJxcTq3heBzgI/KdBB8EFxUpn48YtP6TiQVOhv2Ikmgu9wDcCKdWRgfhegiLihZEELQXL4TKj+/UEwWsX/DKQDO7LnCmhUdALWzMxAxxAsu5J6FiHOK98q3yQqjY8/ofXgYgN4Hh3k/PgKQzc6ANGVLVweWJIgYUQytxsQdZHhkgJ6O7dx71U8pKfD05RBAX2Jm7DzSd9WMo/nPm7P/GFTP1A5BzQtIPMAPoH/48tjZ3wRCz4QMKdc8AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAACzSURBVCjPY/jPgB8yEKmg0aHxf93/6jPlR4vP5P/I+p9yFMOEuvP7/pedKerJ7cmYnNwTOx9DQaVB9/8J/3McILyw/VjcUFA//3/a/QQBPI5MOT/7f2QBHgWxCRHvg2bhVBAjEHY/8DaecAhd73/GswfCNvmPoSA4we+8x2kQywLoTP33aAqCDHzeu79xrLepN+83uq/3Xwvdm94Jrvsd9lvtN91vuF93v+Z+tX5S44ICBQA4egHkwuNCKQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJHSURBVDjLlZPNi81hFMc/z7137p1mTCFvNZfGSzLIWNjZKRvFRoqNhRCSYm8xS3+AxRRZ2JAFJWJHSQqTQkbEzYwIM+6Yid/znJfH4prLXShOnb6r8/nWOd8Tcs78bz0/f+KMu50y05nK/wy+uHDylbutqS5extvGcxaWqtoGDA8PZ3dnrs2srQc2Zko41UXLmLdyDW5OfvsUkUgbYGbU63UAQggdmvMzFmzZCgTi7CQmkZwdEaX0JwDgTnGbTCaE0G4zw80omhPI92lcEtkNkdgJCCHwJX7mZvNaB0A14SaYJlwTrpHsTkoFlV1nt2c3x5YYo1/vM9A/gKpxdfwyu/v3teCayKq4JEwT5EB2R6WgYmrs2bYbcUNNUVfEhIfFYy69uci+1fuRX84mkawFSxd/4nVWUopUVIykwlQxRTJBTIDA4Pp1jBZPuNW4wUAPmCqWIn29X1k4f5Ku8g9mpKCkakRLVEs1auVuauVuyqHMo8ejNCe+sWPVTkQKXCMmkeZUmUZjETF1tc6ooly+fgUVw9So1/tRN6YnZji46QghBFKKuAouERNhMlbAHZFE6e7pB+He8MMw+GGI4xtOMf1+lsl3TQ4NHf19BSlaO1DB9BfMHdX0O0iqSgiBbJkjm491hClJbA1LxCURgpPzXwAHhg63necAIi3XngXLcRU0fof8ETMljIyM5LGxMcbHxzvy/6fuXdWgt6+PWncv1e4euqo1ZmabvHs5+jn8yzufO7hiiZmuNpNBM13rbvVSpbrXJE7/BMkHtU9jFIC/AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAMBSURBVDjLTdFNaJt1AMfx7/OePGnypE27LbNrcbpZKagTqQ6ZjsmGOETxoKiXwURlgkz04sGDeFGYMhEv7ii7DAU9dXOgMCcOy8bYRLtRN03b2JekadO89Pm/eulqv/C7fi4/x1oLwJFvp8eAkzuLmb0daehIgzSGrjIrwCpQAzTQAOrA18APPusZpR59cFvP3nefHGBzbWGSjjBJY00PCgmrqebvWovxv9oHgeObga2F0AFgelkTOA6+A54PUeAyFLl4rkvgwZ7BLNuTXN+p36qfbgBjhQujh6KfWLpu8YXBaEOqDVZLIIdz3wkIt3BX4vH+6QqfvDrMr7eCAR+gfvWAN5obHS31lvGCATJSYaVCiy7dxiQrpRexth9PgAEc3eTSrQZXKitVF8Bqs2Mk/nNnkB3GtP/AcXMYrVhbvsl8zyus5J+hnUJbGrAw30z5/PxUUwtxxK9d3h9abV7L94144GG6c+CnNP45T630Fq3keZDgYfGti7GgA40S6u7v33l8yTda77HKvBHld2FVF7wySIk2Hn63QjJzEtQaxsmjyi9g7RAqTdFSaQDfKvNFpvRIf7c+iVGGML4XjE9p+wHi+nW0FDSrV2ne8yFuVERqTavdUUATwDVKn6nevnbquysxNtzNwtQ5VNpGri0jOjUW9DD1sXOIHS+RzcbUWykqFfNnP3jaArjlJy6dOPbjsc/GZw+S7Hod0hadhd9ZrFzm396jNO//GJUZBgux77LY6KJFWr1zv7/v+Ol+4KOxkSFmfn6bMOpjtlumNvIVYTZP4FiC0CH0oBDD1HQHJcT8BqCFeAo4vFoZZ3nLFBfSo9xQj5HO1hFqEaUNxlr6koQ3D21jrt5BC7H4PyDlw8/tfyD73uFeLM/yUHE3ANqC1BahAAtfnq0SB7Da6qClrG8Gbs/VVjgzkVDsyVIszFHMRSS5iHwcEoUuke/y8r6tRD4sLq2ipZzZAIxS31ycmBy8ODE5DJTW17u+JBMGQSYTUMhlKRZirt2Yvgn8cgf4D/BEgoyc1axMAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAD4SURBVDjLxZMxTsRAFEOdaAU1ogs0XCDKkTgKdBwFcZooJRINK+UGNJtvm2I20WQzEcUWWBppUvj971hT2cY1qnGlDgAwjqMlYT4kQXJz77quKgIkoWma3Sm20ff9/gYkMYNK5rquERF/Ay6NuUji9eNo0hCBCOLt+anaAC6N87ckPNzdQDJI42uM7Qa5ubRBhBJAxjRxDZiz7im1kcyiEeE1YBiGYoV5tRECleKcckDbtku/L+/ffry/XbLOKyu/C2AeIVcEVllFL1MlQEqgIMqA00SQh+JU8QyxEaKLgCmEz+MPQgApkDj/g9Q/bViCgQoAqn9/jb8mSSzHKz3sXAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJnSURBVDjLpZPNS9RhEMc/z29t1d1tfSmhCAwjioqoKNYuYkRRFB300MWT3eooeMn6C4TunYoiOgSKkGAUhh0SjJCwsBdtfQMN17Ta2v39nueZ6WBtktGh5jLDMPPhC/Mdo6r8T5T93nCPTUqVDhVOi5BRBRVGRBhQ4drGc5pfO2/WKnCPTbMKN0x9Z4OpzqDxWlCPFnL45VHCd91ZEdprWnRoHcANmhatbu4JtrShiSr8t9dIuIS6IpgKgoqdGBsQztwj/DDUWndee0sAO2hqVZmO7b+bkuAzvpgF+wVxIeqLqxBRTHk9sfL9fBq+kBdh+9Y2/RgAqNARbO9KaRwkzIL7ymBfDiQCH/HkIYjN4z6P4cNJEnu6UuLpAAgARDhrahqRYhZ1BVQsx85UomJRb2lqzqMSojaPW3lOWfUuxHN2LWAv5WnErZSWVCzqItRHP2qL+ggJc0CI9zSUACoU1BXBOx71PmXq7dzqorc/csj05BKDD+ZQsaCKCLFfCjxZbAGIc7R5N+9ezTI7uYD6EBXLTHaZiTfLZBrTmCCB+DJsyETJSCL029zowaC6nkRynqNNDYw9m2L8xSx4S7LSkMlUkUzEKEsfoJCbxkb0l8643GPqRHifarydEvsGnx9HohXUhYj7eUaIJXdi0qeYvn8x7yw7Dl3WxQCgplUXRWj/NnELdBuxdCMmVouKgihBfDMb6k6gieMsvezDRrQfuqyL66w8f8ecFM/15N7OhvimfQQbAhCHCz1f59+yMNyddZZLh6/owB9/AWD2pkmJp1OE096TcRE4y4izDDhL95Grf3mmf4nvrQOLvcb/mlMAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKVSURBVDjLfVNLSFRRGP7umTs+xubpTJQO4bRxoUGRZS1CCCa0oghatkpo4aZN0LJttIhx1UZs0aZ0UxaKgSFC0KZxhnxRaGqjiU7eUZur93n6z5lR0Kxz+e93H+f/vu//zzkK5xz/G+l0+rlt23csy1IJQSjDNE2BL5V/EWSz2SAl9IRCoduVlT4YlATXhZxNOeFwCMPDQ1APS85kMu0iORqN1tfU1OD7/BKEuutyuNwlIg6HyAzDgDo9PW04jlNBISft2hSoadpBy1hf14jIRfJKh/ymiuR4/AQKhQ2pzsXFhUsuQ7yQJiLhIN4OvEFT8xmpLv5JB4JVJD/sSdM0BYpC99JNooitzU08uXdOKo6nP0G4PX7tZsmBsCpUxcRwpBaMMSgUrBziWRBwx0WD8xGJBEPeaQQv94AJB9QTImDweDz7gpVRjsUBtLREcDLZhWOBLJzVdMmBVV4ehSnwqOqeukRRAuGFQAZR308EG5MoLgwhGCAHc68R2vZCFSyiIaIEoZg46pP1l4aC5Q0bTZFlBE9dh6NPoioax46TQ92lJiQ3xkoErFyniNmvf++LhmgAljZPAnlyVERFIA/s6Ciu7JQIvF4VjztPy+WxLBu6bpArF9VWDuGtQXirXbj2JJhbAJgf3DIx0zeHd7k4VOrk09HRD227G4Uw4vf7E7XWFHyY4HUdtxRuvofibGFiUIfXKMJDJaqtD7CyOIJ9Z6G7u/s+kdw433rxcrzQi/qWNpj5Z1DVICZGdAxOxqCxGO0DG9s2xH6Y2TsLqVQqRkuWam+/iiN+P5heAcWzBE9lDFPDv35/GV/tetQ79uJgf/YIyPo6xef+/ldnRSmNVWto/rGAoqabudm1zru93/oOO3h/ANOqi32og/qlAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIESURBVDjLjZNPTxNBGIexid9CEr8DBr8CHEiMVoomJiQkxBIM3dgIiaIESJTGGpVtyXIzHhoM4SIe9KAnEi4clQtJEczWFrbdP93d7s7u/JwZ7XYJBdnkyRxmfs/MvO9OD4AeDvuuMPoY/f/hKiMR5WKCvlarpRNCwiAI0A02D1mW38QlcUE/DzebTdi2HWEYBhqNBqrVqpBUKhUUCoVI0g5f4gK+wHVdeJ4nRo5lWdB1HbVaTQgcxwHfRFGUvxIuCKYfzmqZyZ2wKIO8fQ3/1Uv4Sy/QWliAO/sU9qMZmFMS3HfvT1xJ1ITOZJ9RpQi6+RH0y2fQb19BP23CVhRo+TysXA71+XkcMIk6fAfHK6tQVfWEoESXngNra0C5DHZJYGMDZiaD35IEi41qOo3vc3MoJ1Ooj92HpmkdQZiVEsHUAzl88hjY3gYIAdbXYQ0MoDo4CH1kBHssvH8jCf3eGKzDXzBNsyNoF/HH7WSJZLPA7i6wtQVnaAhmKoXjxUX8vDkMY3Qcnm6IInJOCS4nEte9QhF+RhInIRMTcFhYvZWCcXcUPmsl7w6H/w+nBFEb5SLc8TTo8jLq7M4m25mHfd8X8PC5AtHrXB5NdmwRrnfCcc4VCEnpA8jREasp6cpZAnrWO+hCGAn+Sa6xAtl84iJhttYSrzcm6OWSCzznNvzp9/4BgwKvG3Zq1eoAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ1SURBVBgZBcFNiJVVGADg5z3fmTujY5NZBANBIVkZ2J9IKkZFGKRuglq1KaqVtoqoVbSKFi1LoY2QEVSbcqiFWWJqPxL044wUGESQVqJOKerce7/z9jyRmba++tXTy2YmnyphPaYQIJBBNuPWfls8l1/EfxdeOrJnxxAgMtO2148d2ffC+rWlxMqkkwBkQjp7aeT97xf99cfS5ZPzv6w6umfHElQoXdw+qN3KhX90JYIgG30243G6Muo9tOYa999WfdfOLs92x4UHd3163eG3ti8ViIgVmdkNumKiUIOu0AURFIFmdmZgx4ZZt9w6uazOTO+FAklAQQlKhBKhRCgRShfOnL/i5hUjd64Kz2+6XjfRPQkVIJPaEUJGaH1SQu0YZHHqXBq2sdaGHlg9KWoZQ4VMEjWKlBJRQiAb2RUGlBZa66RCFFAh0RBBCIlENiY6QBTRhyypIROo0MZk0hDITFAKWqhdkkGSQt/oG1ChtZSZJCkBSCCEE79+Yv7UnIuXLxiNR8rwnsomFfpGn2SjAUjQkuPzHzp98XMPb9ngplVrHFr42OX5ubpx1943K7Rxaple+2EopBZkBo2MNL3wnie2P6ovvbtntzp48iMb1232+6n9OyuMx72+Z3Zmwn03Fi3pkz5oyWffnjERKzy29lnw4iPvmDuxG/unKoyXWhu3lsNefPNnr0VKAVpy/tK/Fk5/7afTR72yda83DjxjqpuEqxVGV/u/pwfdDS+vG05nZpE0wLXLqn2Lzzn287s237XF3IndBlEd/fEwvB2ZacPOgzvHo3w8Iu5NuRxAkkhpovug1u5Q5SoGfWurDxzf/eW2/wEnITFm/fHryQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAH6SURBVDjLY/j//z8DPlxYWFgAxA9ANDZ5BiIMeASlH5BswPz58+uampo2kuUCkGYgPg/EQvgsweZk5rlz5zYSoxnDAKBmprq6umONjY1vsmdeamvd9Pzc1N2vv/Zse/k0a/6jZWGT7hWGTLhrEdR7hwOrAfPmzWtob29/XlRc9qdjw8P76fMeTU2c9WBi5LQH7UB6ftS0B9MDe+7k+XfeCvRpu6Xr1XJTEMPP2TMvlkzZ8fhn9JSb+ujO9e+6ZebbcSvMu/Wmm2fzDSv3hmuGsHh+BAptkJ9Llj3e2LDu2SVcfvZqucHm0XhD163+mplLzVVtjHgGar7asO75bXSN+VMia/KmRHxK6/P/H9ni8MmjwqrNoeKKKkZKa1z37F7H5uefkTVn9Ac2NK5O/L/lytT/F57t+t+/O+t/eL/uf/NsqV4MJxYtfXxmwo4X/4F+NYaJxba7fN94ecL/jdcm/QeBnj2p//v3pAMNkPyOYUD8zAcbJ+189d+z5UYOTMyn2vD/titz/iODTZemggzADCTvlpuNE3e8/B/Ye2sJTMwyR/p7966k/+27EsCa23cm4HYBMGq82zc9/5+3+NEzx4orbCAxoMKW4B6N/727UsA2g2gQHyjeg2EAMGqEKlc9/VOx6vF/29JLgTBxoOIOIP4EcjaU7gCJAwAM9qYI32g+agAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKjSURBVDjLrZLdT1JhHMfd6q6L7voT3NrEuQq6aTircWFQ04u4MetCZ4UXGY2J1UoMdCoWxMZWDWtrrqHgylZ54RbkZtkiJ5aAku8MXXqQl3PgAOfb8xwq5LrOzmfnd34vn+d5tqcMQNm/UPZfBMHXx2ZWvI386odLe7jIL7w5EQ68qjhEOFjCmMj+v4LQmCwtCHkSCuSlFOIst4X1KU1mbUqT/kPki57bmL6xEnx55HxRMCqNCTkO6fUBpH5YkFoeBLsyAiHLEFcSQi5B2C38Z3eAPJ8JjcrmigKnLJ7nd8mwDcnFh4h/68T29FVsfW4F4zeCmb0LZqYDO191hOtkZ5sIuY8lioJhKZ9lo2DmbNjx9WDTowW7+YmsGv+9Ov3GijsgxwsNy7iiYOg4L54/nyawQC4lDubYANIRG7g1I9glHVILl5EMNCCXnEfouXSP4JksI+RY5OIfkWXGwf8cQSb6hAz2gV2+BXaxFangBSS/n0PCfxq5xAxCg3sFj2TpPB8Hvz2G3dWneOvqhLnPCIfDgd5uPebfNyAyrUR/t1bMmft7MdR1NiuXyw8UBDYpJ/AMkhsOPLa2wmKxIBqNIhwOw+Px4EG/Hvb7GoSCc2JucnJS7FEqlb2FizRwNMLHFmPvXnQJN/U6+Px+3LvdApVKiebmZlitVuj1ejFWqc7AZNCJEq1WGxMFAVPFtUCPZKhDXZUyGu6IAr+pklOclGNiYgI+nw9erxculws0N2uqjFOBwWDgSu61RCK50tLSwlBBfX39eE1NDa9QKFBXVydCY5qjNSqgvSWCw+RRqVTzZrOZcTqd2263G3a7HW1tbWhvbxdjmqM12kN7SwTl5eX7qqurq2pra5eampqSGo2GI2TUanUj4RSJ4zRHa7SH9v4C8Nrl+GFh7LoAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJtSURBVDjLpZPtS1NxFMfPH+Arwb+jFz1Q9GK+aLBXkWQvgoRehRDYAyxEY2StB8SILBJnWZY4HyhDrbR06YssW3O54dRNr7a2Zbq2u3u33bt7b347LhhqYlA/OJwfB87nd873nB8BoP+xPwK6i4q0EbLl3tC4MkRGdpCMzEsalwfIJvVR0Y4ATjZpwyToQSuMlR7o4gj05GtosQ4o01aIz0lIPCPTtgB9hMo0jwlG1MFJXVCjdcgKVcgETyETqoLytRGqcBepURNWuqhsE4BLLs4Nk2x8d0JbbcbQncNorzHD3VkOt/No/j54y4z07Dkoi61Y7iA51k7FBQD3a9dDtfyyE2qkOp8guCry/vf9RN6LHw8xpBaStxaRNrIXACyW14j3IfftGpSlM8guVCIzdxLpwHHIU2WQPBZOLkXy3X6IHyzILrYh3EreAiDzinKGPMp9XoC/7xL8/TfhH9hi/Q3w9dYgMbaHAQ4stpBYAKRfkKgnB/n184hO9SMZCUCMzW2y9VjE48SPt7tY3GYsNJNcAPB8vfpKLwOqIS5046euYesxNBXxqQau4ADSoQeYbdzQAs/Xng3YoMbuQQqchppa4vDahvQ1KPFpxF37WMBKrL63wd+wQcTEUyqJ95Cshp+wgBch+SqQCXdCk4LQUjOQ5x1c+l4W8AhSgSb46kmevEolmxaJl6M84TIjO9/EItVDmjzGqh/kknezL2XoWSR9jRC6LfDYqXzbVeblMPN8haTbiozwiKfyGMqXVsjBFiyPWfH5BgmfrpBlx88UfkhFS/epTnDQRKiJMHOb1vud8F6nOvflv3ymf7Ff4B/4xZL2LgEAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAF/SURBVDjLpZN/S8JgEMd9i1JURPSDIoIkS1FQI4iQgihStExrhGmydGObyZyyYRaybBRFQb/8vxcgBIF92275ApoHx7jjns/37p49LgCuQdzlXmEXd8RON1L4QPjM9NwbQtkXBE+eEWCe4D9+hC99j+XDO3j3b+FJ3CCcvu5a5wgQLXV6ceUT/3Xv3mWPAJayE5/fboAA4dw7nNjspmoDQqevlDAMA+12G61WC1/fP1BVFfV6HbIsUyyKIgRBAMdxVD8drf0BzIU5scl12QZY27ZM13VSbzQapFir1VCtViFJEsUsy6JQKCCfz1P9xFrFBlhX5cTGVyUb4D96oESz2SR1RVFIsVKpoFwuo1gsUpzNZsEwDDKZDNWPhQUb4D0wHHUwHCjZgKVEmxKaptHc/ZmtL8/zNLMVp1IpJJNJxGIxqh/yn9sAT1x31IHbx6L/FtiF3Sv6s+a2NMxE65jaUMwtX9CixiIiRkM8RoKc2XbRVGZhnrGcJcDAr3FQwC803UMOARws7QAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKjSURBVDjLlZNbSJNhGMfnTZddJHS4iFJzdhFSRAc6WClJNmbMZrA+0x0+dQesXGpTnDo3aylmSToSgqiMqNTmFC1aOVMHuSG6DS22SK8aMQPZwanj375vMPuoC3vhz3P1/Pi9z/u8LACsqampc6MtJD6ocvBOtBcsFuvwBrObak632Wz+z9Yx2K0WDBelYW1tbUOhISqVapPRaBS+vV2K8a5SDBemIRQKMRIIBOD3++NZWlrC6upqDMA0GMEQwWY0+3w+tKvL0MLZCm3ONqiILHyZm8PKygrTYEhbirGHJRgSsLG8vEynpnselZUN0HN3QHM+EdpoLTu5GdcLL6wD4gYTMYPBS2yEw2E6qqfzqMo7gTtkBh5X5qI8exeq+ftBZiYjGAwwDQYbS/CpsxgD+ak0nUrVk++olpHwOYwIzprw09KBXy4TepoKooBg5J8G/Xmp9IAoAHWNtvudGDdIEXC+QGj2DTwmHWqUCiwuLvqjgIPrBvXFGH1Aop+3J95M1j8HJzcPdTo9tEoh2m4Kobh6A8VSOe62tiIhIeEI02BiBMbcFBpgNpuh092CRCIBn38Rhq5HGBh+Dy6XC5FIBJlcgaPHjhviBqZaEpZ2Cfo4KfQAv907A8szHdSNeiiV5cjn88Hj8VBQQKBILEW3oQme1tMRhoEtatCbk0wbeAfq8bKWi8tiBfR6PTQaDQiCQHNzMwiRFGpxNjwdXM+6QbUEH9tE6M2OAcIhP34sfIW6oQlyuYy+ikAgoGuJ4hoW3C5kpO88+5fB66wkRCIR+iWoQVKrS22jy+WC1+vFnye+BxUVFUndnH3ou3IIrzKT4Ha7MRddV6fTiZmZGUxPT8PhcNB1cnISdrsdVqs1BqBAVISpW07VHdiukbATyf/5zr8BNamLpjmUSloAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFiSURBVBgZpcEhbpRRGIXh99x7IU0asGBJWEIdCLaAqcFiCArFCkjA0KRJF0EF26kkFbVVdEj6/985zJ0wBjfp8ygJD6G3n358fP3m5NvtJscJYBObchEHx6QKJ6SKsnn6eLm7urr5/PP76cU4eXVy/ujouD074hDHd5s6By7GZknb3P7mUH+WNLZGKnx595JDvf96zTQSM92vRYA4lMEEO5RNraHWUDH3FV48f0K5mAYJk5pQQpqIgixaE1JDKtRDd2OsYfJaTKNcTA2IBIIesMAOPdDUGYJSqGYml5lGHHYkSGhAJBBIkAoWREAT3Z3JLqZhF3uS2EloQCQ8xLBxoAEWO7aZxros7EgISIIkwlZCY6s1OlAJTWFal5VppMzUgbAlQcIkiT0DXSI2U2ymYZs9AWJL4n+df3pncsI0bn5dX344W05dhctUFbapZcE2ToiLVHBMbGymS7aUhIdoPNBf7Jjw/gQ77u4AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALuSURBVBgZpcFPaJtlHMDx7/PmTZq26b8laZ2m69qJS6dWUVa7oqDOQg9DUPTgwYPgRaenXeZNGEJB2UmLiiCi6MBd1O6iqzgota5sq8uy1nWbrX/Sbm2TkmZJ3vd9nt/jWxARvQh+Pspay//hPv3GqfZMKnGmtSmWwSqwgrEWEwR4XkAQBPh1D8/z0DUPU6/h1+psrpUKy/PXn3B7OltyB+7uzvR27WCbWMs2IxYRi7EWYwQjFmMMRiyBMZyfu7zjO688796RbM6kmyJcWV5FG8O53BJDD2aZvXCF++/ZhQ6EC5eW6O/fzdRUju7dnRgj3JVpI33bzg5XKRBriUYUxYpQ1YqqiVKsBnw7s4gxglgHn0Y8FWNjvUxPpgMtglIK9frH09bRNRyxKCfCgQf2UvJjGBGMWERAG0GL0OpWmZycxatsoP2Atd/LuD/kl5/Ppu1Ysq05kk5nuiKxRlVYnKewuoGvDVobjBECAyOPDXLnvj65lt/KrWyV5er82ePKWsu2w8cnPn1ooPe5bF8PbYkm9nY6/N17ExeJNzWytn6Dc7O5U5+9+dIhQg6hZ499sSvZnniqK53EN5Bo4F9S7S0sLG/Q0Z4kmkgN8yfn0SMnVK24eTLb2xVHuaAcWuOKfyqWp6lWxzmbfw2JftDx+Iuj3xCKLE2f5Pwv5Xf37cmo1bKhrTlGX7oBR/GXie9PsFg8zSP7Bzm4fxQ/dpMS+b63PjnW4hKq++KsrG9ybeUWdS/F5EyeWt1HG8ELDJXqRzxzaBTjGO7bOcLpy58zdO8wS1e/POwQ0kFAYARfaxau/0bpVkDFE6qexfOFUuUGUZXgyf5X2Xbk4Pvs6RwgFHcJ1X2fWs2nO9WA0S5iLWIErTXWRvnp1xL5wjQ/FqY4OvIhY1+/QDzSQKjuEvp57tJC9eZaNhpvRoxGRJDAYLWPaEujGmTm4jTDAw/zVW6cmHKZmjtD6B1lreW/GHrl9jHgZaAF2ALGZ94uHP0DwIeG5DahstsAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAABbSURBVCjPY/jPgB8yDCkFB/7v+r/5/+r/i/7P+N/3DYuC7V93/d//fydQ0Zz/9eexKFgtsejLiv8b/8/8X/WtUBGrGyZLdH6f8r/sW64cTkdWSRS+zpQbgiEJAI4UCqdRg1A6AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHWSURBVDjLzZPdS1NxGMf3L3TbXV5EEN5030UJpTdClBBKSgh2Y5cyW0QXISY2eiGxklYgGoaE2YtFdTjHvZyO25i6uReOuRc3T7TNnOFOw8bHs2MmZUEQRRefm9+P74fn9zzPzwJY/gTLPxUsjB04Hh06ifq4i+m7R5jp29/82+HFiT2NmmBlZfYpfMrwcXYU+Urte/PS4XDUGLw14Gc8G+4gF7pIaXEcTeylGHzEl4SL4L02fUsQ9vtl0mnVJJOpML9JbITl0AXKRRfFd+3kp84SGWwlMHC6PHXj2N4twYd4PIzH40KSJBOn04lX6GM5eI6yLrM234KeamI1bCNxv54HA/bStyZuCiIoimwG3W430lgvmtf6NdyMnmykEDqPeqsOLSJWnqZ/J0gmY/h8XmRZZnL8KuEXHUbZk+jxVj6nTrFiVKL21zLnFclmMzsFqZRKIODn5VA3c89tzExcI600sBZvIj/dSex2vRmORiPkctq2oNJlQXhlHC6Rzy/xsKcGVhNE75xAsO3GbZTssR8lu+CjUMga5ExEUTAnZPlxZJfaqinJNykp11G6DjFyporB/h5+NeIdC9NwcJfe3bJv/c3luvXX9sPSE2t11f/zF/6KYAOj9QWRU1s5XQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKDSURBVDjLdVNLTxNRFP5mOrVT2tLWSgIhEVEsaSUNrSujJi5cGBLiwoTEv+HeDfEPsOmmO6Ou0IUGQ4huTAwPrSUlYDtQ1LRKQKBmOgy2zNzrudMHmMBJvpxzz+O75845A845BEikWCx2d2pqaikajd6jsyJ8LSipVOpWJpOZFznC165zjJIk8d8ia2YG/ckkytks2Pg4etAUEfPMzqI3kcDW8jIaY2NO7ArnkiyRiCSfxwNfMAjbtuEPh+F1uRCWZQcqpaiBgBPzdndDbRGLWrllQ1UUFEolJ6m4vg5GJEYoBMPvh62qKBSLTqygaR0CtN+4AbAg3Z7v68O6YWCIbh+kp8lUwI+OULcsbJIuES4zhhRpk+JDgKyc7GAkEsE1nw+80YBFSUyAyM4R0bDbjShpieCp1WASaaeLxcVFblnWmdC35nl56TE/0He4EOETNaJWxilSr9eRy+Wg6zpy2QVsrT5DVzgB8+dse+QdOZVgbW0NlUoFAfryA8EKzvffQHdfEvulORzsFkAddIj+I2g7k7QLwm7UyqhuzCBwIQRbf42e2EPsrLyAaRpnd3C8mRx7xZeIXL0P/P2CpafP4Q8dQv+xgO3C+9M7OCldrALb/INA2ASrfyM+Btv4hME7j3CoTUORbEHCZd6iIsU6XTALl9xfEbo4Cmbm6XyI6w+GwRq/oKoaIoO3wcrvjjuo0VwNEjKZ2Oz94lt4w1F0BXbBrT0algvZV5oIg/3V0BMdQH1zDh8mR+LOz5ROp3k8HoeiNPfKvfIEiYk0XPJ3Iqg63+Pk4FzeYWyvLkN7MzntVFSr1Y/5fP5mO2W0oeNzZoJa503Q6zhjrXNTg9lcYlbvPxXdfEoTGuB5AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHxSURBVDjLpVPJiipBEJyP6n/q+7TL6Km/QERBEfTiRdGDB0+CSB1EEUTcyuWg4r622i4oKuZUFKMyvGEej9cQdFeTEZmRmfVGRG//gz9+tNttpdVq6c1mkzUaDYNzbtRqNVatVvVyuaz8KiDIqiDz5XJJx+ORbrebxOFwoNlsRqVSiReLRfVHgS+yeT6fCQ/eu92OTNOk0+kk/0G0UCiY+Xxe/SbwVTZ/kEejEa3XazIMQ2IwGBCqeogwxngmk1GeAsKv/gjYbDZkt9sFaSjJq9WKrFYb9Xo9ms/nMqbT6VAymdSfAqJZDMooFSSbzS5go36/T4vFQghYJbrdruwHqovH4+wpUK/XDTRru91KAWQEnE4nDYdDslisAhb6+HDI8+VyoUgkYjwFxJikAMqHFZAdDofMClFNs0hbmqbJM6oIh8MvgUqlwtBx2IBPkJEVwZPJ5ElGAsTBWigUelkQ89XR+fv9LueNckEej8cS7++a9I1pXK9XyuVyFAgEXk0Uc1Wy2SwH6TEJECEKzyAjKxJARJC5gPJtkdLptJpKpUyMDYH7/V5WM51O5TIhM0QE0fR6veqPq5xIJNRYLMaFJekdPYFnzF0sDwkid7vd6q+XKRqNKsFgUPf7/czn8xkej8cQJOZyuXTxrfz1Nv4rPgFlRDELuo2JKwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALbSURBVDjLfZHrM5RhGMb9A33uq7ERq7XsOry7y2qlPqRFDsVk0c4wZZgRckjJeWMQRhkju5HN6V1nERa7atJMw0zMNLUow1SOUby7mNmrdzWJWn245nnumee+7vt3PRYALI6SZy8fnt08kenu0eoW4E666v9+c6gQDQgYB2thJwGPNrfOmBJfK0GTSxT/qfP3/xqcNk3s4SX9rt1VbgZBs+tq9N1zSv98vp5fwzWG3BAUHGkg7CLWPToIw97KJLHBb3QBT+kMXq0zMrQJ0M63IbUoAuIozk2zBjSnyL3FFcImYt2HPAvVlBx97+pRMpoH1n1bRPT6oXmsEk7Fp+BYYA+HPCY9tYPYoDn32WlOo6eSh8bxUuQ+lyK9MwTJnZEQVhJgFdhBWn8Z3v42uv0NaM4dmhP8Bpc6oZJYuqTyh/JNMTJ7wpGo8oPkiRfyO4IxOXId1cOFcMixgyDUuu0QAq/e+RVRywUh54KcqEBGdxgSSF9IakUIb/DD24FIrOpaoO6PBSuDCWaazaZdsnXcoQyIR1xDaFMAigbjEN8sRpjCC0F1F9A3EIdlOofdzWlMtgfDN5sN28QTxpPxDNjEWv0J0O0BZ+uaSoqyoRRIHnsjUOGDqu4ETLRehGG5G4bPJVib6YHioRDiVPvjph5GtOXtfQN+uYuMU8RCdk8KguRiFHelobVBjJX3JAzz2dDe42JnlcSE/IxxvFoUaPYbuTK2hpFkiZqRClSRUnxUp2N7qQ7U9FVoZU7Qz6VgffYZBkuJxddlxLF/DExySGdqOLfsMag4j290cPpPSdj6EPJLOgmNUoo5TTnac9mlZg1MypJxx+a0Jdj+Wrk3fUt3hUbg7J3UbAyoLx3Q5rAWNVn2TLMG9HoL1MoMttfUMCzRGSy1HJAKuz+msDBWj6F0mxazBi8LOSsvZI7UaB6boidRA5lM9GfYYfiOLUU3Ueo0a0qdwqAGk61GfwIga508Gu46TQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFsSURBVDjLxZO/SwJhHMYF16b+gP6GZiehwcm7hBORKLXzPT1SIhMUHCKO48TT88emhwchHTiEERQhTrlE1FIhQS1BGRTU5vr0ntgS6BFBDR94eeH5fPk+L68DgOM3OP5MUCjkg7IsPf9YoKoFJw1LiiKPJGkX7wyToCxMFWhayaVpxTHFouqi4ftmU0enc4CTGLEE15T5qYJSSUWtVkW1WkalUkartYd2u43zbBZPPp8lMGeuoKp59Ptn6PV66Ha7MAwDp6KIIcfh1u+3BHMzBXRXmOY+FEWBLMs4FoTx5LtgENuJOGxLtIrS9ToIITADATwyDC69XmzGBYiiYC/I5bJoNOo44vnx5CuWgcftRii0iliMtxek01s4jIRoeBk3dO/URhw+eo7QO0Ii9oIBx+lvLPvxwrKDnfW1JULCD8mkiEwmhWg0PFtAG16kvFIuvtqmU51RPixTRraCicTz/akmohXK8P8+0zQ+AXBHwZp9sfnqAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALzSURBVDjLjVJ5SNNhGFac9U//iDlnTtNEYyRKKnZIUOaVeeWSeZY6E2VUkJk2Sg0PNFwtL5zlgiUjxBRLZcMJm1eubWzeTvebxzzWptM8Zoft7TfBEtTqg4cPnu97nvfh4TUBAJMduNQgR1LrZ7g5PLWuqlf7k96p+ZbLXVhOfjMlOp4pc9j9dwd7CCeaPCjn46K8d04PPSo9XGIg9fZ3pQR8utj0nwYnSsZM3enyF6yhlS8+FROs263z/edKRll4sshyP/EeA4e8oaRm+dr3UzlDz+0okrNUzsJEAF3eYksZ8CHkj786Q1MKvEqQdq9CRbt34biAkDnC/iOmDjrf56qHGSLdIj5V7G17U+haIdBqwysm+LbpsstO2fLyEKZqjdKshvQGNbhmjjVaJ8ge/DbwKBhmfBhd3WIKdSt0vkZdLdAu8eWrkFCDiLHBfHv3vPGmCOaMwZeGIEnsWcDFSfOxJMkhE7QgDFpQQp1YtxZWpeiwieqJwV3rIlqHCe5U8tRLKS+RQZtESVp83RxcKEIG0amB0bUqwMdKadsdoAW5URpUA2V8jQYX2X16J5HVlY6TydWK/rQa5VRA+eRyAF35GRsr9UGnRsYwpsE5ScbeNijmLmxWCTSQ3zq/Tq6eaDOSRwN5nsTSMSG7cxHiypSQVDcL2GjJ4+2366KrpMpJOEWWtey7B7uBxo2Pe60CMmsWaI8K4X2UC/B8zaEpHA/UiBujFsHdlgeL46TePrnywWAaon8SfatPmnF+a7OVBoYRDmy8vQefKG6GWj/nggMNCJSBhkTmDGCJwnyOH0apR8VQFgqQZQFQ5Ajapxehze/wzB4hWpKnVZQ4I7BIsRJUpNiwDOsj8nwxBoOkEXaf5VwcGPk9BoElyGroMwRCSxUQUqwAj9T+Xo4/Zna9lgyAir6iq6NDMZ1mBu+CbQx/LXEHXaRjecIU5x/zWY6geWgOSIopdIRitjj+ZtT/MjCim2SXzfU3mzTGRm+VUWzkfwHZspOnT6PVHAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIHSURBVDjLpZPPS9RRFMU/3/GbmhVBWVJGLSQoi5AIM+o/CCowBKVFP3AZ0SKUFlELiaBNhNugEKTIIRFc1iJFs2iRm8QoSiIdQ2Z0Zr4z8969t4U644ALwwuP++57j3PuO5wbmBmbibDvffKeGZ1iekBVEQWviogianjRNUsQb4jqx54rh5sBQjW72dq8o/Z/WO+//Hai2IGo1gIMfn+OV48Xj1OPE1fK4ot33Wd6cE6q1gAsa9DReGND7Jmcx3kpaSCiAPSPJDYEcOHULgprAfwKAED7ub28Gp2j7Wxd8WxgfI7WllL9dzFX3oETRc0IK2BgLEFFRYz4eIIgBrGVR4MTCTBjSwhH62souBIAjwdnLJUtWPxDwszM3qzk1Xg9NltWT/9OWeHaVTMzzIzgYfyndU08BUCjPJrOIKk0klpEkotIKo2mM4zER1GgcX81h253otmImuGhIHR+WQNruwQixHJ5gmxEmM5gmSwWRaS6H3HxdB359g40G5HcXY1UVuFOtljoVZeZe5+ty6xRHoDhz/Nw5wkNeyrZd/k8ms2xc/JTwN2+KVtYytvbL/NmZvZucr7szwNj5Zp8/ZW0hSNNRQ1CJ4qZcfzgdv4sRDTUbeXHbLo4C8fqK5maSZV54db1Xn1RMpKNPuifbiqIbnNecF4QrzhRvPh1zZRcyg2t7oPNjvM/JWOW3I/zgm0AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALuSURBVBgZpcFPaJtlHMDx7/PmTZq26b8laZ2m69qJS6dWUVa7oqDOQg9DUPTgwYPgRaenXeZNGEJB2UmLiiCi6MBd1O6iqzgota5sq8uy1nWbrX/Sbm2TkmZJ3vd9nt/jWxARvQh+Pspay//hPv3GqfZMKnGmtSmWwSqwgrEWEwR4XkAQBPh1D8/z0DUPU6/h1+psrpUKy/PXn3B7OltyB+7uzvR27WCbWMs2IxYRi7EWYwQjFmMMRiyBMZyfu7zjO688796RbM6kmyJcWV5FG8O53BJDD2aZvXCF++/ZhQ6EC5eW6O/fzdRUju7dnRgj3JVpI33bzg5XKRBriUYUxYpQ1YqqiVKsBnw7s4gxglgHn0Y8FWNjvUxPpgMtglIK9frH09bRNRyxKCfCgQf2UvJjGBGMWERAG0GL0OpWmZycxatsoP2Atd/LuD/kl5/Ppu1Ysq05kk5nuiKxRlVYnKewuoGvDVobjBECAyOPDXLnvj65lt/KrWyV5er82ePKWsu2w8cnPn1ooPe5bF8PbYkm9nY6/N17ExeJNzWytn6Dc7O5U5+9+dIhQg6hZ499sSvZnniqK53EN5Bo4F9S7S0sLG/Q0Z4kmkgN8yfn0SMnVK24eTLb2xVHuaAcWuOKfyqWp6lWxzmbfw2JftDx+Iuj3xCKLE2f5Pwv5Xf37cmo1bKhrTlGX7oBR/GXie9PsFg8zSP7Bzm4fxQ/dpMS+b63PjnW4hKq++KsrG9ybeUWdS/F5EyeWt1HG8ELDJXqRzxzaBTjGO7bOcLpy58zdO8wS1e/POwQ0kFAYARfaxau/0bpVkDFE6qexfOFUuUGUZXgyf5X2Xbk4Pvs6RwgFHcJ1X2fWs2nO9WA0S5iLWIErTXWRvnp1xL5wjQ/FqY4OvIhY1+/QDzSQKjuEvp57tJC9eZaNhpvRoxGRJDAYLWPaEujGmTm4jTDAw/zVW6cmHKZmjtD6B1lreW/GHrl9jHgZaAF2ALGZ94uHP0DwIeG5DahstsAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAK9SURBVBgZBcFLiFVlAADg7//PuXdmGp3xMeIokk1USG8jKmlRYJJU1K6NRILQopXVImoVFBGBpLteu2gVLYyiUALFRSVk0aKC0nyE5uA43pm598495/zn7/tCzhns//LSQzh867rxXYO6NahbddsaNm0Py7iGhEUs4DMcKwHapnn4vtk1u157bBMA6Fft9KBqpxdX07aqZnmUnL+24tuz/T04WAK0TbN5qhvApRtJJwRloCgZ60Q3j0VFjDoFO7dN2Do9ueGT05cPRYBU11OTJU3LchX0am6M6K3SW2VhyPxKAm98ftGuuUl3z3Q2lQCprjes7Ub9Ef3VJMagRFEQCwpBEWgR0pIfzy06c7F3uQRIVbV5eqLQGzYGoyzGrIjEFBSRQlYUyIWrSyNHjv+9hP0lQFNV2zdPdfRWswYyRQpiRqKQlTlqM6mTNFUzd/SVR69HgFSNts9Oj+lXWYgUIYiICICQyZlmNJKqUYIS9r793URZxO5YJ6pSEmVkGUkAATFSp2SlP2iwBCU0o2rT5OS4GGghEwJRkDMh4ORHhic/9MO/f3lpfF1YU11/nea9ElI1uqmc7CojRQxSG8hZixBw4mNTf37hjucPGJu7y/C3Y8Xvp46/c/yJTr/4/sbtM21Kh3Y/uOPOua0zfjnfSG2WBUXMioLRpy+6/9kXTJw9IZz6QGd4XnfDlnjl3IUdZaqq3Xj65z/+sTgsrYyyOmWjOqiaVpNaB65eMD47x1OvAijf2qJowy1lqusHnnv83ok39z0CAFKmTlnVcOanrQa/fmPyq5eNhv8ZYHmpkAqXi9l79t62fnrymYXl2sX5vvmlVUuDWt1kRYy6naAbWv+cOip2grro6y1k567ElBrvh537Ds/gILZjIzZiPdZjerzb6YyPd+xJp+248rW1/QVVGeeL3Bx58ljz7v/pCEpK8wRGcAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIWSURBVDjLjZNPSBRRHMf32rVTdFOsDkJEhODNLGqXukgJpmiEURBGdEnbskNktrhCRQuaLEEikUhlbK5EiZmxjbWwfxvL0dHdtdlCx3VtZxyaed/eG5qwZct98DnM4/f9vN/M+40NgK1Y5p7tPTY9UIeZ4Q6EvIcQ9pQ3FR1O+kvqpbFWZCI+YG0RK5EhBNz2dFHhxIvSWjl+TdOSzyGNd0GJPoE+P4nogzPqpuGUv8wux64ahjIJZbYFy1Pnwfc3I9LXuDR1t2bnf8PC0xKHHL0MQw0gJ5yEmmhA9pMTYm9VOth9cA+rsdV1jm6lDFA0Cizabl6H9KH1d7gJ6kI9VmNXIHiqs5/dFfusQ5hg+PGbL/ipG7CWxPvAv7wEQ5mAKjZjPdGIDO2E9xwmgS7Hjo1dMoFuEIKMQvAtS8C9eoT4iBNh/22kuFrkxAYsh9ow661Bp9fHuqv4S9DiGTdPTa8SfM0QDLoOANl5TN8/jjHndrzrceCt2w71uwDXYJAJjhQULNJwQia4cXY3tMA9aNwdcB37MXRuF4Ih3qwpKLBegbUvLhGcqN6GW6fK8dp1FBP9F/AxvoBwSjcF7Q/fM0FlvsD8iEyycbFuQknDFLPl40QWnqFsyRdY16hbV+gdjf8Rraytm890P0opy5+VggNECwVJzllBldL+r2ErFO7uHYmx4A/Kxc1GPT9cSpmjnC72L/0FRS76cD+dhSEAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAH2SURBVDjLjZNLTxNRGIaJv6ZNWeBwkZFLQtGAC4l/wKULV+7YILeSYukEUhJoSASVuCI0hpAYDSUQCJBSoAaC0wbBUi4aWphpO52Zlpa+nnOqCAptJ3k3M3me73LOlAAoyZfDqQdOEvyO89/vRcGZ5HeWmySFYdWHVOQN0vE58jrLJMFJ82hewVU4+bMfqdPxP9VBn+A4D88wP59PwFqmsH7UgeTJEMlsTuIyI5uRsDfCMcmtAtoyhVmOu5kkHZuFsiNA3XuEi+QCdhxluL0D/SvpoO+vhIksiItNiPqqyXgfIL403gjfoTsIL70gQBdim3VQvz2FFnwOxf8E8kYF0rIVYqcRM70Vgf/Pe/ohwsutOJdcpBpP4Mek+jPEfbWQVzkG+7tNcNsqt68tkcLZTIzM6YZ21IbolgHq9j1o+z04nKhHRnlH2p6A32LCvFD55fIYr960VHgSSqCFVDJBEeugh+zw2jnpc0/5rthuRMBaioWBqrVrFylXOUpankIi0AjJY0DC3wD9oA9rAnc2bat+n++2UkH8XHaTZfGQlg3QdlsIbIVX4KSPAv+60L+SO/PECmJiI1lYM9SQBR7b3einfn6kEMwEIZd5Q48sQQt1Qv/xFqt2Tp5x3B8sBmYC71h926az6njdUR6hMy8O17wqFqb5Bd2o/0SFzIZrAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJOSURBVDjLjZPbaxNBFMarf4cFwb9AIgXBR18Enyw+i1gs4g01kphSlPjQeAtNzNqGNLVpNCGhEvBS21Rr0ZIK6ovFiKbNbXNpdpNsstncUz9nNiauErEDHwMz8/1mzjlz+gD0UZGxh0hFNPAf7SXa3fUpAKparVZoNpvbrVYLvUT2YbFYTEqIEjBAzZIkoVwud1UsFiEIAjKZjAxJp9NgGKYL6Zh3UQA9UK1WUa/X5ZmqVCqhUCiA4zgZUKlUQC+xWq1tCAUM3v6+74hu2cH4eUz6OcwFcvgYEmUANYiiiFF3Aq5XHIJRCeqHLOJbFcg5OW6Mqm495fL2NznYl7OwveYxsZSF6QUHEpIc9+eQgOvuFL6EMjC6wrg4GZZfIwOGbazX8TaPY/qAr5Ms72oOBt8WknwVem8KWmcCY0/S0E1HcXYyhjNMBAYH2waYF8izl3I4eGLqmjLjz9by+PRNxCMS0k0C0c+yMDjj0MwmMOGJ4+Vqtg0Yn+dwf5HH/sG75/4uWzAiwbfCQ+dMYSGQxdhMHMPmMFY+8MgX623AiDu9+YAADg35LErzHU8SGkcSI4+T0DoSuGRnoZ5mcdIUwdC9zd85OHpjQzP+nMOVmZj4NSZBKNVh9LbN6xslnGai8CxmMP+Ol81criwntgugZTysDmovTEXEUVcKV8lt520s5kjJvP4MTpkjyApVXCZmvTWKRqMh6w9A5yO9Xy9ijUgZCi1lL/UEkMUf/+qDHtruAn5BDpAvXKYbOzGTsyW5exWAfgrZQTt3RFu//yfHVsX/fi5tjwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJeSURBVDjLpZNLSNRRFIe/O81o+WjISM0epuarEHuDqIFEDyoqEFtFD4gWQVDQoo0QhFARbowKNNpKi0DJRYVGqRmY5oPUBs3S1GnMcdR0/v8Z554WM44RGURne7nf+X6cc5SI8D9lBTh79/0VIBkoAHaCCIJCCxaLwqJAa40O4LFZpT9z/cpdaOFqcZZCRDhT0V4p/1i3HveIiAQNgEKAh83usNrfgp3Pj6NvyGOGI6AlceExPT4SAKX+/PnjNxMAr+GPCANEJGqhq8NlLtk53myk0FlN/0QO19a+Ul33Lp4OArRYF9SWqrmxWqb7WliRcwp7ynY8g5n0Pa+6vQBQACXX6zG0RgvU3djP4OhUMI7nBXZ6iEvPxz3QS4TyEbsykZjVG+0hgAbgu9fPvm1J1LWNhDtH+1qxSRf21IOYY9VERCm+dPQxPatQvolcS8gAgBkjgF+EOXM+OImpZmw/GrCnHcYYrUTZJrHFxBItbh4N5bH70hOHBUCFDEzTj9cfIGD4cfbWEjX7GvvmYxgj97HY/PimN+Fq7GTNgTKchh2AoMEvUxeBnKgOPF+bid96BJ+zimURgjmdzHhTO6qonOUJ2YjMLwL0vA4ThluqKT0UwBdIYqy7Ao3BrHsdrre9qKJyVHQCodgSBgS0/gzQ/eAExWntbCm4QORwE46aZjqeuXG87GTD8TukZmSRkmQPmcrk4iYGdE1JaUOGiOTlulyrfB+ekpJbyNT4BANtDupjLzNe9g6R1lBIPQOWXgD1+zmf3Bvn3ZGaYN2TnYLYzDde1/i5oze7Pi21YD8BVSdMJ0n4cQkAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFrSURBVDjLpZO/SmNREMZ/uVxFCGy7L+AjpAgoIUW4hZjCCDZCbCQgVlY+gaDNLghibbmy2EgQTCOp8gaWYmFrpbE4Z+azuPe6UVE2ZGBgzoHz/Zk5U5HELFFZ2/uzu9ysHT2OVZUAd+SOuSEXLkdmuITMMHd+zIfn29uH/YtfGydpbal2PLdQTX4uTEVcfR7bMXCSjoOS8ePT1NJfghKAVCYONhenBtg+vCcHkAOwcwOnTRiNRkjCzHD3TwmQZRnmlgNQTOG0mSPX6/V3TJNTmqw9FgAl0tY1nGUwHA4xM2KMbyom1Uii0+ng5oUFz1HPshy50Wh8yTp59tJCWaxfwt9VMRgMiDG+y48Kut3uWz/SGAKQP5ZEq9X6lrmMGGJhofCyclGhvyb6/T4hBEIIxBgJIXyaQq/XQ6WC8vJqHSCh3W7/1z/wQlH6cHd/vvM7bLgZbv86biWzhNyQFXvhTsF5DlCZdRsTZoxXOgYqlSAcLRcAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAE3SURBVCjPhZFfK4NxGIZ/R458Dz7B7wv4Go5WpJW8819mSw3bos202DsTNpT3FTbCRs0YkYPFasvKJhw5kpVEu5y8W0uZ7sPnup+e+34EorH+HIRZQsXfLtKkOSPJCXEOiLGNxgarpPniGW9WnPPN5y+9E3p5I4+n6DaLFHmeuOSRFEUSFNgjj04WDVcbQiCOuWBfnrIlE0RkjKDU8ck1VBytCIE45JYkD8QpECOHTpYIGVzYmo0UO5Q5IiyjqFLDKyNMyUVs1GJq1mvuiZJjkzvCZAhyw3ClrocVQiwwhwc3E4xjZ5f+SoOihpr66Hk1gOWWYGAeHzM4cWBnlEF6QZjLBqBaEbPKdMmpVP0WpbtkVjo/DMBv9aJzxTo2RhjAQoA0fkyFuhsmGWestqFL6cDEP9+s6gcdbFPqiEGjeAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIASURBVDjLpVPPaxNREJ6Vt01caH4oWk1T0ZKlGIo9RG+BUsEK4kEP/Q8qPXnpqRdPBf8A8Wahhx7FQ0GF9FJ6UksqwfTSBDGyB5HkkphC9tfb7jfbtyQQTx142byZ75v5ZnZWC4KALmICPy+2DkvKIX2f/POz83LxCL7nrz+WPNcll49DrhM9v7xdO9JW330DuXrrqkFSgig5iR2Cfv3t3gNxOnv5BwU+eZ5HuON5/PMPJZKJ+yKQfpW0S7TxdC6WJaWkyvff1LDaFRAeLZj05MHsiPTS6hua0PUqtwC5sHq9zv9RYWl+nu5cETcnJ1M0M5WlWq3GsX6/T+VymRzHDluZiGYAAsw0TQahV8uyyGq1qFgskm0bHIO/1+sx1rFtchJhArwEyIQ1Gg2WD2A6nWawHQJVDIWgIJfLhQowTIeE9D0mKAU8qPC0220afsWFQoH93W6X7yCDJ+DEBeBmsxnPIJVKxWQVUwry+XyUwBlKMKwA8jqdDhOVCqVAzQDVvXAXhOdGBFgymYwrGoZBmUyGjxCCdF0fSahaFdgoTHRxfTveMCXvWfkuE3Y+f40qhgT/nMitupzApdvT18bu+YeDQwY9Xl4aG9/d/URiMBhQq/dvZMeVghtT17lSZW9/rAKsvPa/r9Fc2dw+Pe0/xI6kM9mT5vtXy+Nw2kU/5zOGRpvuMIu0YAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKlSURBVDjLjZLdS5pxFMe9aAy2cLvbvzF2PYocddELUTd5464MISEIGRRGF4H0sBKpMMnZC9kqe/UlF+UL6upiDJ6BUSEisqHOXKY8s4Wy/O78flDQaC8XBw7nOd/P75zvc2QAZH8Kr9crd7vde06nU9jY2Ki5q+dfYt/W1lZpfX1dcjgcwtLSUs1/Aba3t+Uul4uJL7LZLEqlEkhcttvtwvz8/P2/Aq7Fm5ubF5lMBpSDVoAkSZibm7uy2Wye6enpe3cCPB6PnJr912ImXF5eBq2DQqHAJyGxNDU1JUxOTtbcAlyLyayLdDoNGp+NDZoIYjwNk/cIzo+fYTabqxMTEyGTyfT4BkBmyUngJ7O4mCbA4uIiCIp8Pg/z7gnUbz5AZxfxJZUBiaWxsbHnHPC7mCYAmcV3z+VyCIVCOMufQ+/4BEfkBG7/e4yOjlYEQVBwAL3mX1tbq5yenoIgWFhY4LszMcERDAaRTCZxFEvgrcvPxGUSP7sxkcR7Kysr1VQqhXg8zg1j+1MTZmdnMTIywiFOlxtDQ0NVVjMYDOc9PT2v6urqHsrIZSkajaJYLOL4+BhGoxHj4+Ng/z+RSCAcDnMYia9isViZ1fb393lPa2vraxmZ9fXg4AA7Ozvc8YGBAYiHhxgcHERbWxu6u7tBrvM6y1taWn4qlcp3DKLT6YoyuqwnMzMzFZ/PB61Wy8bjAFEU0djYiEAgwPNIJMINrq+v/97e3v6AAYaHhy+5EVartdZiseRoTA5hgN7eXigUCjQ1NaGjo4MHyxsaGiqdnZ27DKDRaAo3h0SXVUuAbyqViv1nMGPZPRAYfX196O/v5zmrra6u5smrAq14cuuUqemRXq8/o9eu1Gr1D5rmkqLc1dX1kuIF5RKr0bdSc3NzktZ5+gtxf8ZLfEnITAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJtSURBVDjLhVPfS1NRHP/ce91wW9MZrjLLKCNxTEgcG9FLj0EgmbApPfQHBEHsL9B6CnrpRcQeQpIiWgwjlN42X3Kza7nKGEXRxFpMhVq7uz/OvZ1z5ubGpL7w5XO+536/n/M53/O9gmVZiEajd/x+/7jT6TwmSRIEQeDOvjEnhMAwDCiKUsjlco8mJiZuoGosYWpq6i3FHev/pk5PT29WiZm3MBKXy+WjIA1HH+NfNn93zG6z2brq9ziBKIocHQ4H2jwdLIZAXaTXqK5/ft/Ebi6aCJiUqkm7BUJdsSjsFVgQmgmYsUbdvubjqOs6b1oFdb5HfO08j7a2gUCsFrPuZzIZLCwswG63Y319HYlEgl+rN/0EPT9moJa2YZpmswJCKpvBYBCBQICfzNZMBdH/oDQo4ODxEfz+9gJmo4CKAoMYPJBlGfF4nCtYW1vD4uIiWhUZnq4Q2roGsf35JZwo7ENAT2QWCoUQDof5dZiCK5fOw8gn4O70gPyah7d/HEdbPiDz8KKtkcAgPFhZWUEsFuPdX12V8enVfXT2jQBlGanZORzwKGgnORhlbbiBQNO1moJIJMIJzvY6carbC3dHCab6hb6fCVJM4+SFKAxVvZW6d85da6KuaUZyaUmiKFTmgsCTn8Xp0GWYpWVaq2BotA+mtolWVxaHB8b6N5Yf3KSpk1xBsVj8mEwklVQqjXQ6jfy7OA71DMHpLsAytujjS3j9LEszTZjlLLxnToCo+vXkpN8n1E9h1ai8jYGrc92S+JUS7PD5q++75OhD/v0bZJ9PPm3Z76cxVK1VnhlVLProFh2cPbdqCIaWdeQvTLNXD529QmkAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGdSURBVDjLpVMxa8JAFL6rAQUHXQoZpLU/oUOnDtKtW/MDBFHHThUKTgrqICgOEtd2EVxb2qFkKTgVChbSCnZTiVBEMBRLiEmafleCDaWxDX3w8e7dve+7l3cv1LZt8h/jvA56vV7DNM20YRgE/jyRSOR+ytvwEgAxvVwui/BF+LTvCtjNwKvj/X8CbgXPOHMEZl559HsTu93uPQi7jBiNRgMEx8PR0GIxRB+y2eze2gqQeAXoSCaqqu5bpsWIdyzGvvRrBW7rdDo2I6ZSKeq7B8x0XV/bwJWAJEnHSMwBDUEQWq5GfsJthUJhlVuv11uckyiGgiH2RWK73RYRb2cymbG7gnK5vIX9USwWI1yAI/KjLGK7teEI8HN1TizrnZWdRxxsNps8vI3YLpVKbB2EWB6XkMHzgAlvriYRSW+app1Mpy/jSCRSRSyDUON5nuJGytaAHI/vVPv9p/FischivL96gEP2bGxorhVFqYXDYQFCScwBYa9EKU1OlAkB+QLEU2AGaJ7PWKlUDiF2BBw4P9Mt/KUoije+5uAv9gGcjD6Kg4wu3AAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAEMSURBVDjL3ZLBSgJRFIYvtO0BfIPeI3qBNj2Cy1rWzlWbkcBNYhC0TletJKOFq1lIILhQJCywaDZOkINiGl/n3DNj6LaF4MDHGebc/5tz544D3H9w2yAI3LkQp7UgREJRSIS+0BJqwr6QTzkWulqdD09juD3Ah5PI7r8TiPvw0YJeDUq7cJ83NDzqwmUOFUyYT/ASfasGm6d4kQo1OB3JszN4fTDujuBrqP2hW4baVxbMBIuZTfAeQucGxm/w+WzB6AleGipo/Am06hTrEwQupLhjwkFdtlOFnzlc72n/cFWgQb3WJ8i22a7A44mtCfQQ7BSyL6617BtWZ+kphMKFlwSusrJmW/7ETQt+AQhq/TxibW0lAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAG8SURBVDjLjZNJS8NAGIarv0PBuzcV/4MHwYMHL/4CPQsexYvoSW2RioiguJ9cigtFKhpxqVtBXGqtVRO62TbJNFMb+zpfNKJVMQMPCWTeZ+YdMi4ALjGqBPWCxn+oEVRSxsb1IajnnGeLxeKraZr4DfEdbrd7sFxiCxoprOs6GGOf5HI5ZDIZxONxS6IoCjwezzcJjQoS0ATDMFAoFKwnoWkastksEomEJcjn86BFvF6vJfkhoLANCSigqiqSyeSPSh9nUvFNIGp8TqB36m1XSaVS1k5kWf5bUM5XCe2EziOdTjsXmGYRgVAMi9I1JrbuMbPzBF/wAS8F5kywfX6PlWAcNwrDXYpj/1bF2mkS/pOYM8G8JOPiUcNBNA8pwrArCMkcs9vR/wXUf9wfRTjBId3q2Anr8F9qCMY4pgKPzgSzovPFE0Pg+j1MHD1wjPqunFUIhBTsh1Uci9Be1MChWH35TIN3cgl97XU95YJSueBZ4zi8ecaCOIu5XRljm3cYmfQhtDYGabidTXfWttl3oUH8fUyE/rxMNpGD1dLReEcpsj4EX28TswXVJHFwnS26mqu6NwdajY3+FrwBN5GpoomTEloAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKgSURBVDjLjZPfS5NRGMd3F/4JRRfRVQRdeJOE1EVkaq52MfDHhbS3aeEk82IGMzaaVrrcsh+umUQ3QYsWlOKEbcrKzW3qxNqWG2IsreYkl/pOt7379e28pyQXGR348HI4z/M53+fAKwAg2OaU8q3kbI/HJtJ68gSIdJ6kSDuZFGom8qVXnX07a7cp2FTecqZX2SS+b6YQi/9klU0hGGGhHFqC9N584kTz8J5dBUKNK7GxxWHmc5aQgecTh/GFFFKZHGYiWdwYWcJJhf3ZroIqjSvJC2aJYPZLFlOLaTg/cgivbIJPtrK2hTLVeOavArVaXVSlmeDWNzn4yW3+5dyvFGnY5rZgDsSxTkY73eHgJBJJUYGANEsJcfJYWCOC4HIeH4jAR0TexQwdY2w+Qc7SqOh0oq6uLi4Wi6VUQBrLBgYG4PV6ca7HjRgRhKJ5BAn+rzm8J6O4SQoHGSVGBGduuuFwOCCXy1FeXl7GC3xkIRqNQqlU/hd8rdPpRHV19QIv4LLZLHimp6fBsuw/cblc2K5vbW3NC1QqFTiOo5hMJoTDYSr6kyev+yDvP4+Ld0RgblfiqfUhGIaBoL29HcFgkGIwGBAKhWC32wt4YOyG2sRgOKDHu4gVvTYZanqPoLTmMARtbW2w2WwUnU6HQCAAi8VSgERTgUH/XQzO3Qe/tKON6B29hJKmfRCQOWA2myl6vR7kTSgKhQItLS00pvBaMUYCj7FzDfn0KGneC4FMJssZjUYq4BtfvHyFsTcTBRy/cgA91gvoskpoc5dFQhMcbSICqVT6qL6+3ldbWwtG70YiyWF1g8M3wsp6CpFYEprnnRBrD0FnbaA3819+X1yz31HwLzB6T66xfwqNht80UCYhvN6MY5cP0tgEltDN9/wAJ277Y3yZERAAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKrSURBVDjLpVNNSFRRGD33zZs3P85vOs3kOEUK4qqQCqzcDE0F2eBQgbQIhMAWGWREQdAyaF2LFkaLJCLbBBVoCga5KNEwChK00kYdHWfGnzfjzPu93ffGooTceOG89937vnPued93L6GUYjuDwzYHf7v7w5Dd6W7MiEpFvqRyOjOkg0Jjgc7caQy6Xp5vgIJoirK+mklOTE3xAb83cqm13iMplNhtln/UyeaYlN9FSbUUJa36/F2pxKXX1FpZ1cmToRSSGRkFiWImqyOZ0zG7oiO1qiMtUmQKFIoGzGZl3HuVwnJB4tyBSB1XkDRis3II7/LgzVgaK3kFQQ+BlZkRLAQCbwDwOQiyazJ6hxfh2+FBpc9meuLWS6ppsTbkQk3Qg77RNJZFBVUuziQKTMhrJ8iJBjmNqkoPasMukI3mcYWSVq4mS6ytdiHgd+LZ26RJMIhuhiyLHw8k4fU6zRwH/1cXCsWyA8Kqoyoq7LyO3WEfXo+kcbyxylzv/5hBhK0VM5PofngfLpcLPaoKPhwDvy5pMNzIsorFnIhI0A1BsCKVs+PdxJp5UOojfmhiEv3Dz9F46AiaWi6iIQjcuH7NEFAp6y1JZxk54IbDboWhuHenE7sZjLYlv33Fy95u7D/YjH3Np3Hz8gW0xk9iITXHfiE3Ny3J6p6GGgdxOThCOM3c1bBO2OPzp3G8eNqDpqbDSJxN4NyZBBKnWujo+2FSqkv85OX80syxq31+m7uigrdZCM+qybH2WZhKiM5w5McA9yUNOhUKa3eORi3NsTjGRkfItP9Ecml64TuMy/Q/dHR0UEEQHsTj8bzf7xe7uroetbe301gsZv2dQ7a6jYw8Jsvygc7OzhDLuyKK4q35+Xnn4OBg8U/SVg42xMedTudkW1sbjUajls3ffwGqPWPVeFFgygAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHxSURBVDjLpVPJiipBEJyP6n/q+7TL6Km/QERBEfTiRdGDB0+CSB1EEUTcyuWg4r622i4oKuZUFKMyvGEej9cQdFeTEZmRmfVGRG//gz9+tNttpdVq6c1mkzUaDYNzbtRqNVatVvVyuaz8KiDIqiDz5XJJx+ORbrebxOFwoNlsRqVSiReLRfVHgS+yeT6fCQ/eu92OTNOk0+kk/0G0UCiY+Xxe/SbwVTZ/kEejEa3XazIMQ2IwGBCqeogwxngmk1GeAsKv/gjYbDZkt9sFaSjJq9WKrFYb9Xo9ms/nMqbT6VAymdSfAqJZDMooFSSbzS5go36/T4vFQghYJbrdruwHqovH4+wpUK/XDTRru91KAWQEnE4nDYdDslisAhb6+HDI8+VyoUgkYjwFxJikAMqHFZAdDofMClFNs0hbmqbJM6oIh8MvgUqlwtBx2IBPkJEVwZPJ5ElGAsTBWigUelkQ89XR+fv9LueNckEej8cS7++a9I1pXK9XyuVyFAgEXk0Uc1Wy2SwH6TEJECEKzyAjKxJARJC5gPJtkdLptJpKpUyMDYH7/V5WM51O5TIhM0QE0fR6veqPq5xIJNRYLMaFJekdPYFnzF0sDwkid7vd6q+XKRqNKsFgUPf7/czn8xkej8cQJOZyuXTxrfz1Nv4rPgFlRDELuo2JKwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJCSURBVBgZBcFBi1VlGADg5/3Od+/cYWjUTYlRS43Zi1BGuGlVizZB0EJaFf2JNpHgPt1kBf2EXFlEZFFCUJsIsWmhI07iqOPM3HvPPed7e57ITAAAcO3mw1wOg2Fo4PbOo6NoGfuL4d7du4tv+r29yz9dfXsemQkAAK78cD8/vHDKw4Mm0DKtxqZ2fP3bE7/f2vn2wb2d9yoAAMA4psdH6c7DVEpaDc3+fPDG6XXnzxy3MS1vXf/u4LMCAACQ6IJZZdqFaRdm0+K/J3NnTnDx3DEb07WPCwAAAEQw6ahB7cKsFtt74eb20tN5mtSi3r5+9o/Z5tZWRAFASp8KoSsFiNRastaJErquk6iR5ZWXzn85iQgSkghu3NdACE0XTGsRmVoLESGTasiF1q8tH1wx9h1lU8Rzfrz1souvv6gWShQt6YLSMGW9kpmqVZRsvbGfypYOt3/29O8/XTrO7hcEEoEOHWZoH/xCC1XkrA1z+9t3rPZ2tNXCibPvq1sf2dzoZBZAyqQU/vn8nOVwIFqJalXU9eedvHAJjUypOXrwlf4ZKWQWhBTq5mtgWja1HPpqlZnjQr97DQloDudFP7BcsRpGi34wX/aOv/BYxbuf/Lp7bGOyXi1ltoFAJhptZXNtxXQpxwXtUBv35fDU7NSb/sWNy6+ehKrPDCOZ5Ej2si1pC5lzOR7J8UAO+3J8hgYAavatDkePtGFCFrKTOaGtybZBrmT2RE8ZjIsFAKi5WP61ffWd0xIBAAAASMT3tLwN8D9pITwp1Smo1gAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHwSURBVDjLpZM9a1RBFIafM/fevfcmC7uQjWEjUZKAYBHEVEb/gIWFjVVSWEj6gI0/wt8gprPQykIsTP5BQLAIhBVBzRf52Gw22bk7c8YiZslugggZppuZ55z3nfdICIHrrBhg+ePaa1WZPyk0s+6KWwM1khiyhDcvns4uxQAaZOHJo4nRLMtEJPpnxY6Cd10+fNl4DpwBTqymaZrJ8uoBHfZoyTqTYzvkSRMXlP2jnG8bFYbCXWJGePlsEq8iPQmFA2MijEBhtpis7ZCWftC0LZx3xGnK1ESd741hqqUaqgMeAChgjGDDLqXkgMPTJtZ3KJzDhTZpmtK2OSO5IRB6xvQDRAhOsb5Lx1lOu5ZCHV4B6RLUExvh4s+ZntHhDJAxSqs9TCDBqsc6j0iJdqtMuTROFBkIcllCCGcSytFNfm1tU8k2GRo2pOI43h9ie6tOvTJFbORyDsJFQHKD8fw+P9dWqJZ/I96TdEa5Nb1AOavjVfti0dfB+t4iXhWvyh27y9zEbRRobG7z6fgVeqSoKvB5oIMQEODx7FLvIJo55KS9R7b5ldrDReajpC+Z5z7GAHJFXn1exedVbG36ijwOmJgl0kS7lXtjD0DkLyqc70uPnSuIIwk9QCmWd+9XGnOFDzP/M5xxBInhLYBcd5z/AAZv2pOvFcS/AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAEGSURBVDjLpZM/LwRRFMXPspmEaGc1shHRaiXsJ5GIRixbCr6SikxIlqgJM5UohIiGdofovHf/PZVmYwZvTntPfjnn3txWCAFNNFE33L/ZKXYv+1dRgL3r7bu0PbucJp3e4GLjtsrXGq9wkA8SU7tPk87i/MwCzAyP5QNeytcnJl46XMuoNoGKDoVlTkQhJpAgmJqcBjnqkqPTXxN8qz9cD6vdHtQMxXOBt49y5XjzLB/3tau6kWewKiwoRu8jZFvn+U++GgCBlWFBQY4qr1ANcAQxgQaFjwH4TwYrQ5skYBOYKbzjiASOwCrNd2BBwZ4jAcowGJgkAuAZ2dEJhAUqij//wn/1BesSumImTttSAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHhSURBVDjLjZPLSxtRFIfVZRdWi0oFBf+BrhRx5dKVYKG4tLhRqlgXPmIVJQiC60JCCZYqFHQh7rrQlUK7aVUUfCBRG5RkJpNkkswrM5NEf73n6gxpHujAB/fOvefjnHM5VQCqCPa1MNoZnU/Qxqhx4woE7ZZlpXO53F0+n0c52Dl8Pt/nQkmhoJOCdUWBsvQJ2u4ODMOAwvapVAqSJHGJKIrw+/2uxAmuJgFdMDUVincSxvEBTNOEpmlIp9OIxWJckMlkoOs6AoHAg6RYYNs2kp4RqOvfuIACVFVFPB4vKYn3pFjAykDSOwVta52vqW6nlEQiwTMRBKGygIh9GEDCMwZH6EgoE+qHLMuVBdbfKwjv3yE6Ogjz/PQ/CZVDPSFRRYE4/RHy1y8wry8RGWGSqyC/nM1meX9IQpQV2JKIUH8vrEgYmeAFwuPDCHa9QehtD26HBhCZnYC8ucGzKSsIL8wgsjiH1PYPxL+vQvm5B/3sBMLyIm7GhhCe90BaWykV/Gp+VR9oqPVe9vfBTsruM1HtBKVPmFIUNusBrV3B4ev6bsbyXlPdkbr/u+StHUkxruBPY+0KY8f38oWX/byvNAdluHNLeOxDB+uyQQfPCWZ3NT69BYJWkjxjnB1o9Fv/ASQ5s+ABz8i2AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAH5SURBVDjLjZE/SNRxFMA/7/f9eadWnmGBIl3fk1oKGsMh6KA/Bw5CUzS0NbVlkFs0RATh0HLi0CDUEmgQtCiBJA05hf1Z6pQT7Wqw4C697s7vew2BKYreWx7fx+PzPu99xcxoJvL5vFUqFYaHh2VrPaLJUFXm5uZ21OOtj7GxsREzy4pID3AEaBERVBXvPXEc7w2o1+tDuVyOZDK52RxCIISAquKc2xugqqRSKc5OHKYtVqoqgHEo0WC8/8f+BnEcE0JAnHHnvBBHhgAj8zHluu4PiKKIRqOBREbCAWZEgDgDozkDVUUc3J0FExABBMzC/gDnHKrK8zMfUdXN44UQSLlU84CJylOSySSZL6fo6+uj6/ET1i+lGVie4PWFUQ3OloH85amNh7sCBluv/puc+Weweu4onQszZG/cJpk5LdX5qWOfZ6fvT19sWYt2u0GhUEBVWVxcxMxYe/OMk9krtBZmkPFrtC+8wB/vciZ2a4eBmeG938whBBLlVVq7MzAw9H/YvR6cit/xjapKqVQinU6ztLREb28v5Y5O1t+/4sDLm9Sq31kHKmVHcHzbtoKI/K5Wq3jviaII7z2JRIJU9jqf3r2l9KeNsmvh10/h64oEg/w2g2Kx+GhycnKwVqshIlvB9FtH94nih4PtDesILloxbDQ3tfHgL9Xv6UA7GgE/AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAMoSURBVDjLndPLb5RVHMbx5515pxfnnaadQi9MSykzRSFSqyWjITVoUIMhLmClLky6YcempKBGgitDJEgaIlVjMGkkLkCqIUTjyo7YQs00dYYZpsNoufReaWn7nvM757yX4wJJJBoXfv+AT57NY2it8bBT2fct6aoeodQeoSgplISQYpSE+i6onv2gWr9e/tEbMY6/ZTwETmaO7ZKO+uKZ6q7WoFkBx/BQV7keN6fyuJj7qj9mfJJVjturlNf9+YH40CPAiV+P7tsYSlysDW/AtLqHcTuPoA5gp/U0zl39bKnS3ZeMGC+NJhNWNHdrFbdn7f3nD7cPAkDgw/GjUaHEQJ21EWN2Ean7I7jvrCBR2YL5ubtgjN4L692HttRVROtrKtDWaIFIDbzy9nAUAAJcUk9n9S6rRFPI8wlwV2B9MApLhPBN5sJ4LHj6miDnQKI5jMKMQLSqHG1NEUtw6vkLYHuDoXJk7QKUK1EVsNBe9QRGiz+D1sRBR5p9HZsjQeX4mLqnUJyTaKgNQ5DYCwAmJ7FNGi4CMNBhPYlN5THc+b2EdCl9tjUysIFIdsZqKzFS5ODMA1v1sDUWghTUCgAmI071FevKuiI7MD9zF/1jJ5ckU33Hll87M7GSNn8IP15aWBbbTRjgzIf2fUhlQpEIPljAafKXG8Mdl64PLkqSxw/PNp3fvRR+S/PcxPM8/cKlbb0Q0gPnGsQ81NaEML1gQ0kqPQAYfflt5uv+U1Ntl7esBHs0p7yzudkyir/BX7NBRODCA3ENYbtojj+G4aslOJIuA4A5WOo4qzkd15xOO/GWMifeAt/zYI5lAcYguYSQHoiAzu0RFCbnkcllbM9RfQBgapuZPuNvqp3JMremGuJGHqHGJvg2g2YEKThIeEjEwigUp1HM3YQrRffs0JFFAAiEPj6z6K+xbuNaGsgVEGpohE8cHhE8ElAksMocXEll8FMqNTkzd+vV2aEjF/7xhbWuF1/WQnyq4pta3fp1CPw4Ar3wR/tzO9455ylJrqu+91x1Yj71rv2vZwKA5a1PWZ5UvVqpPb5yktp12xuWZrL4jx4B/k9/AolT0+iTfsOYAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJiSURBVDjLpZNLbxJRFMf7AfwEfA5YunTDwsTuujO+YsLGxEVTV066cdGYQmaAKKZNawOVSE2qltRIW+kI0jQWOlCGh0Bb6FAYcBgYGKAc51wegrrzJv9k5ub8f+dx750CgKlx3bCBTpNBk1HTzEDGwZ7uz/hx4zVN+icbksnz9YwJHiXZ4+iJGOFi4v5hnH2zl2Fm3RUTxmDsBGBgvu7yF6jISZoXyhLIShs6Vz2iWkOFfLECgUOOX9pOUxg7hAwBejRz8R9ys9UBXIrahYrcBlFTvdUle7Kiwn4oLDu2EgjREwD2hWVj5qE5X2lBodoCoaoS4fdGsDiCbO8E+EdrArajQ4DBw54yWDYuzDg9vwcPbNEJ8z2Gg7Nyk8TEMxdAu4MMehFgDHxPsNgzllquIWCXALCSt5r5JnVAALlSE6RGBy6rCiyvv2fRi4CZ8HFUxGGhuSSpME3twn0rB8xWjnyjEJApKqQKtXMFa851Eb0EcBThCADNqFtPfcRg9Z5OANKCMqiiDcsrr0cA45eDGFuVW1BTOlD8iYDPxJC9VPotDQCpiwY5meR5FWiHc9SCwelLMbl8GXo9IIPD4Dt0PyMKq8K9RL4B7W4Pdr7FgLJ/HA1R99hVMvn8IV6UmiRgeHzJQoMIjfiPCVJadsuLVf6uPdk/xuFFot9FqM1Pflmo1Elgtd4h/WIbeLQITp5XwOxwyXP01u+LNH6VF5whatW9yQfDKcgJEpkJ9hzLiuD1R2CBXuJnLR/+vsrjj+nhq6xp/qWXeW5bYWmrXVy0MOIzs4OdM3uY20z834/pf57zL6w/CRKnLd7XAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKfSURBVDjLfZNLaNRXFIe/O//JTCePxqQiRq2CDcQkGFoQF0VaCS4MAVGoiEhDpEigi0JxXYKhthTaTRcuVOhCIgXBFCtVCLb1laoNKkl8tIyPSCoTY8aOJqP538evixiZUOKBw+Uezve7h3PONZKYs81fntPuLfX8MZonOOF9wPtA8AHnAhveeYsDvVcZPPCRmWOSlFjwnhCEsy9BN3t6N+vOCe98KUKi9PLqNetxsaex7BIdb36FjT3W+lnB1wkE55kuWpZVpbGxp7X8J9bV3mGpbvN2dYap4gzev7YC3/Pn8DiL00maa56yOjVEoraVTZVnWFKR4vK1MYLzPQsKnPumrXvk74mey0M51pf/RrJuO4lF79Oc6OfK9VGG/8r13Ort7C5ljCTsxVUZKWpQUBQEX1zs6OpqOb1nZcseSKSIH/zIkfPRzzuahvZJCUIQ3hYn6rY/emAkEZ+tG1N543IJJKEgEjUfQPkqZJ8gW8BODuGLjxCGYC3xs/vE+ccdRhLF42ZLsPRGTZ9WJpfvRHGOED8h2Dz4IsiBSWKSVQRnKQweJT84coI0u8zcIhWOmPrgOZlas60hWrEVxePITaNQRP45mAiXf0ju1DEfP6O75Xvtn9fE6o+VJc26F/f6+sLTmyAhzaAwA4oxRIz/eixvZ2ibg/83hZqdmjKZin5byCIDKGAwII9CgIiptd+qf8ExAog32stq3sWYJHKOOP8QU1ZLIlVNasnSlcP7zNrS/Hl/YbJvcSaI1mhRE4Ur3zE5MJDFcKGiob6zas1G0nXN5O/k2oHhBTbRfWgqV2cmTu5l4veBg87yXuPX2v3v7Wzb3eOH/4mfx7yYpn1+ydIrHzvEJ9n93B35nM2lcUlc+ozqM7v44Zdt3CiN/wel+5Gy/cSN+gAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJCSURBVDjLhVJLa1pREP7u9ao3PmLEBEy7sorFtkQUpIuWdlOwBOy+m+zzN7ovRejOZemm+9CsC6FYCIiI+CwUbUJoqVo1Pu7jdOZUxUKSfjDMvWdmvjMz54MQAmwEJZFIPMvn81/i8fhz+tf4bGFaOp1+XCgUPnMOny3r5EdbUcQPzjo6wu1UCp3TU9i5HHbwFxxzHx8jvLeH81IJ8/19GYsKoagKgZO8bje8gQAsy4IvGMSGw4GgqkrTKUX3+2VsY3MT+oKYa9XFN3RNQ63dlkn1ZhM2kYy2tjDy+WDpOmr1uozVGo0VAZYztgA7QLeXd3fRHI0Qo9sjNJpKBcIwMDNNfCXfJrtj20iTv6R4DFC19Q4ehEK47/VCzOcwKclmIzIXEd11OhEnr5C5h0NcEumqi2KxKEzTvNYMwxCTyUQag8+4hms1XIHZbIZqtYpoNIpWqyVnHwwGyGazyydfQb2KgIu73S78tPlkMolIJAKPxwO6eWVLon86kMKgJ0uxFjodLMVSqVRAAsKLNzWotPbDp0FsX9fBmjIl+v0+bNo87QEUwa2QC28/XqDUvWGEdTIeh6Qt92DPTLiow3DQjQ8nNp4cfnqpisV15Oz14hxJmUOZTAZeelruwpqaMOYGNFVgZ9sF3Yn3cgdDetcRwUdYVyfvw0E6YM8dWGMimFoY/57jrNGDObUOJEGdZEqJm5qm3TQRrImJYU/DeeMXHkYv8PrVwTtZ0ev1Tsrl8iP8B9b4Hr5XqTh2hrD/5zc++wOzk1RA9fA6WQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ+SURBVBgZBcExbFRlAADg7//fu7teC3elQEoMgeDkYDQ6oMQQTYyGxMHZuDA6Ypw0cWI20cHJUdl0cJLIiomR6OACGhUCpqGWtlzbu/b97/3v9/tCKQVc/e7RRXz+7OrSpUXbW7S9tu8ddv0M+3iCjF1s42v8WAP0XffKi2eOXfro9dMAYJ766SL1092jfDa17DfZgycHfvh7/hau1QB9161PhgE8epoNQlAHqprRIDo3iqoYDSpeOjv2zHRl7atfNj6LALltJys1Xc9+CmYtTxtmR8yO2D7kv4MMPr7x0KULK54/NThdA+S2XTs+jOYN86MsxqBGVRErKkEV6BHynp//2fXbw9lGDZBTWp+OK7PDzqIpYiyqSMxBFakUVYVS2dxrfHHrrz1crQG6lM6vTwZmR0UHhSoHsSBTKeoS9YU8yLrUXfj+w9d2IkBOzfkz05F5KkKkCkFERACEQil0TSOnJkMNV67fHNdVHI4GUcpZVFAUZAEExEibs4P5osMeROiadHoUiIEeCgFREAoRBOMB2weNrkmbNz+9UiBCTs1yrVdHqhgIkRL0EOj7QGG5jrZ2D+XUbADEy9dunOpSun7xuXMe7xUPNrOd/WyeyKUIoRgOGS8xWWZ7b6FLaROgzim9iXd+vXvf7mHtoCnaXDRtkLpel3t9KdamUx+8fcbj7YWc0hZAndv25XffeGH8yfuvAoBcaHOROhS+vLlhecD+wUJu222AOrft/cdPZr65ddfqsbHVyZLVlZHpysjx5aHRMBrV0XuX141qtnb25bb9F6Duu+7b23funb195955nMRJnMAJTJeGg8HS0sBkZWx1suz3Px79iZ8A/gd7ijssEaZF9QAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIvSURBVDjLjZPLaxNRFIeriP+AO7Gg7nRXqo1ogoKCK0Fbig8QuxKhPop04SYLNYqlKpEmQlDBRRcFFWlBqqJYLVpbq6ktaRo0aWmamUxmJpN5ZvKoP++9mmlqWuzAt7jc+X2Hcy6nDkAdhXxbCI2Epv+wlbDeyVUJGm3bzpVKpcVyuYyVIPcIBAL3qiXVgiYaNgwDpmk6qKoKRVEgCAKT8DyPYDDoSCrhdYHrO9qzkdOQvp+E+O04hC+tED63gBs+QiDnhQgTWJYFWiQUCv2RUEH/g4YNXwdcT/VEJ6xkF8zEDRixq1CnriD94SikH08gikJNS2wmVLDwybONH3GbNt8DY+YMrDk/tGkvhOFmKPE+pxVJkpDJZMBx3JJAHN+/MTPq8amxdtj8fWjhwzB+diH5ag9y8V6QubDhUYmmaWwesiwvCYRRtyv9ca9oc37kk3egTbbBiPowP+iGOHGT0A1h7BrS43ehiXHous5EjoCEx3IzF6FMnYMcPgs95iOCW1DDXqTfnEBqsBnRR9shTvYibyhsiBRHwL13dabe7r797uHOx3Kkm1T2IDfhhTRyAfMDh5Aauox8Ns5aKRQKDNrSsiHSZ6SHoq1i9nkDuNfHkHi2D9loHwtSisUig4ZXFaSG2pB8cZBUPY+ila0JV1Mj8F/a3DHbfwDq3Mtlb12R/EuNoKN10ylLmv612h6swKIj+CvZRQZk0ou1hMm/OtveKkE9laxhnSvQ1a//DV9axd5NSHlCAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAChSURBVCjPY/zPgB8wMVCqgAVEFP7/w/CH4TcY/gLh59ul9oLtdmZk+I8D7vn/4f+e//8hJqT/h+kGwqu/GA7oQIz/D7NiJiM22/8j3BD9/xdMPwQ+vyL1n+EfEEIVLGXEph9Jge9/JN1XfzPcAbrhH8NfhILNWEz4h2yCPZIJYP88fyf1D9mRB7G6AUmBAdQXYN1X/zB8AYfDebACRopjEwDsBmruXDxiUwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAADVSURBVDjLY/z//z8DJYCJgUIw8AawgIj58+c7A6lWIDYnUt89IC5MTEzcxAIVmKyvr6kpLi4C5jAygkkoG0FD2IwMr1+/VTp9+uJUIAdugIiQED/Do0cvGX7//gvxGxMTXBMIw/gsLCwM0tLCYD1wL0AAIwMzMzPD37//4YqRDUEYwAxkM6OGAcxGZmYWoAIGFA3oNDMziGbCNAAkCJL8/58Fp+0QS1ANYJw3b95/BQVZBj09bXjgIQIMxkelQeD8+UsM9+49gLjgwYPHYEwOYBzNCwwAGT0uf+Tb34kAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIZSURBVDjLpZPPS1RRGIafe+feSccfacxACUFYDGaKlEmrqFVEi6Bdy7YmLqL6A1oEtQiCglZBtYhKKqiEFiGRUERQthhEjKi0UNSbkk73zjnfd1pMM2VpBB64i8OFh/flOa/nnGMtx7tzoq3g1HnqHKoOVUXUIaqoOkTK9+PXJtpXAgSq6vV0dyALBuOKWJdgBVSUb0lAfWMDz1++XjVBIOKMiebC8x2P8DxwDqxV5qOY6aklLtOHFf0HQNUPvVpMSfB9D3WOg0MH8iqKqPJeF8k113G9d+vMCrVygRXFqvI1igkCv/xThJ1dbdgFQ5qI2CzheakVawXWKsYIM9NF/JSHqqMkvitFkde7Z5I6r4i1isukqQnWka1t5uRjrdYKrIjGkDo1eWi7U0fFxuh4RN/Y7zaKWdElxs7mZ0OdwIpUABoOjxTYlGvk/2y0YIxg7XgZ0H/jczvAzf58YqK59LH2e2wJN5Cx8MnAlZ4L7M5+5NWld1hRMnWGIFisVvArOio2Utmj3He7iC1kgSdf9rNoNhNqhBXhyMAoSRIj+gegYqOplKGrYZ6p5jzWv8tAoZuGW6cxpgVrlcGHbxgcfotIeQJBFfDTRseO9XTW91HDDCPfz5Ekt2lt2kZwsRz7zIP53LKH9CuBaAwcvjqFF87Sum8je+nkw7MJCF6QJFKNvQpA08MjBUQVEcfToeWjqnx/rXGtc/4BfOeC6F88S7oAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ1SURBVDjLpVLdS9NhFH724WbTWcpKiTUxWyJKRTdGURaSUt5URDcW3XYZ9AER1UXhTQT9CREE3URi1EUkaGhq5ZSgDzc1tWmaGzrd5m/v+55zurBy6u468MD54Dzn0yYi+B9xZhvxwWOPheWCiECYARYIrejCvKoTT/qbQuUbCISlZXNFC4QFIIYQrcIQ0rEPsBKR5N/kNQSxgaN3Xd6gHQzo+HOINmCtIUojz3cG1sJXWIkI+ZtC3uyi9tXqfD1/y15Q+hvEEESvIM93CioZxfJCBExctX4HdgCYe3/kbJ4n4ILNBUp9hhgCk4GjcD9Yp2AthEGZxebAyaHRnATC/MjlDUJMCmLMn5kN7O4AlueHoZLRa4HmoVe5rmCb7T1U53D5+rz+E1CxdrDSEK3BlgVX6WnEI09EiNXDxQJ3yihc8aQzDmIIcSJ4fqTUKSTtLu9uCGk4i5ogZCCGAAHEMIrLz9nEaHfm00v4fdW4MxVy3y7gtEPTQQBwCrM7Od2VyboxhBkP5ovcwgqKDZQhbC8JorqsDktWCpejffmWUbNvAdhyfeLEiz2d9xOe+uM1F0HCICYwBDOJKIoLtqF37A0GJrvYMqrEmWsxQlxvGQUSxkQ8As0GhjU0aSxmlrBvx2Ekddre/707voFgvK12MN+7C1YsDEMGpUUBGCaQMH4mJlFSWIbQjx70jHbPKYPGNSOMt9UWQuxLQoyrsTSWlRLFCpZRqPTV2A7sbMTHyXfoCL+eUQYN063yxbmu9X4m80uIK59dGktmx2rv2VM2+yZPZ7hjSjEapltleCVJ5B9GnlbVZdvZqLiFVOCmQ7beQEW2/zeRQcHUmJPKOgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHfSURBVDjLfVI9TwJBEJ2DMxwf1xASSCxsrIwN1TUUFhaUFlr4AwyNsaZQCioqepB/AIWtUaMYGhNiSWdHQUAp4Djue505b83yoZtMZm/vzZs3b1dijAFf3tUlg4NDcB8egLkuMM8D33HAD/NOsQjs8QWST/cSr5FBWGIREwp9OufZdsSSNQLHDUh8ywrAARHlcC9vIYisEOBPhsWwtwcekWBQ9kwTpP198I0lYux/FNhO1TTNyvT0DHQ1BWY0Cg5Jn89B+fyC7PMrqIj5k+Dj5nrIDENP7+6mFPz2fR+4yUgM79GobhwfDc+FGokDBoOB5rruXTabzc2x43K5DAgoIpEIxGKxILrd7siyrJNSqfS24gFKLWcymdxsNgPDMMDDG6AgAhpD1/XgPJ/P51BNecNEBBVIDXV2yfWwOwUnWywWkEwmARUUNjywbTtNYF4Mggfid+hHehvBL1jM63sKi656fQQ8nHJD+excPt9LkhQoJOw2gh7NT07zrmLQWTweh/F4TGp7GwQ4V63f748URYFEIrHiAXUm82RZhk6nM0KC2sY7oNVqtS5QSVXTtJyqqj+vM1QzmUyg3W6P8LYqjUbjdisBrXq9riFJGbsU6GbIXCyaYvQwas1m803EfwO4vsGvr9ICrgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALASURBVDjLdZPLS1tBFMaDf4D7LLqviy66aulSsnBRaDWLSqFgmvRBUhG7UDQoJBpiSGpKTQrRIIqvYBRMKJHeRuMzPq/GNAbFx8JHLwoKLZau7v16zlDTBuzAMAx3vt/5zjdzdQB0N821tTXz0tJSamFhIUXD/L9zRZutra2yjY2NUhKXkPj89PQUJycnGBsbO08kEiXxeLx0fHy87EYAiXtIrK6urirpdFo/NzenHB4e4uDgACRUYrGYnkDKyMiIOjAw0FMEyGQy9v39fVxcXGBvbw8kvpqentby+TxyuRwmJiY0El+RMyiKgsnJSXi9XnsBQFVbqFeNISzY3d0VoGsA77PZLBiwvLyMpqYmrb6+vqWohcXFRRcfXl9fx8rKCiRJQjgcRn9/PzsCtYXZ2VlR3ePxuAotEFGm6sczMzOXOzs7kGUZyWQSTqcz3djYaGhtbTX4/f70/Py8APF3n8936Xa7j9va2mQdidWzszNhlytTkBgaGkJ7e7vhukp3d7eBMgCdFc7YDYdrs9lUHd2xenR0JHrkD1yBEkdXV1cBEAwGDZFIRDjgFsitOG8ymVQdXYlMFo/7+vouNzc3BYRz6O3tTYdCIUMgEBAthKKdePvxGV52PsJTZ7n2+HX5d6PRKBdCJIsuClIExSs9JIyOjoLuHYGIB46oCZ9yQWS+SfB/seKJ/w7u2fQ+IY5Goy3Dw8Pa9va2EPN10cMSmTCoxlOB2Nf3iOU/gIcv+QL+5CsG/BKAwcFBOyfPL49AoHSvXC6XxqFx3w/td5HIhfHviGeDDPj7ph0OR09dXZ1qsViUhoYGPUEUdsIOHry5pXml53BLNULs/lxT7OB6EqDMarWWNjc3lxDwfGpqiv8DVFju/zT6buOdZBGVeeV9IYObZm1trbm6ujpVWVmZqqqqMtPhDpo/2PaftYPP/QZledsx50IwXwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAInSURBVDjLnZPPS1RRFMe/b3zk5DCVmlq+0ZBCoTEXWkEELmzhqiCocNWyTav+gfoX2gq2bhET/VgUIczKoVUGxthIKqX1tAmG+cGM7/56nXvezDCtDC9czpl7z+ec7zlznxOGIY6y5p/N3ZVKLcb+J/j+23uphczt6x3wLYKfe0Nne53DFBB8QQiZFkK8FFLNSynjBL86MzDY9X13t3qoAoJ7Cc6kBrwYwR8Ifn3OSzFM19POYu4xSzAmpG2gaRutQYFQStOW+H1Qhh9WcTKZRK1exy9/D+nEEI4hBjdtPAwPX2pXtC2FoWlu6yv2Pxe/YulLBk7o4MnVBzgdP4H19WW4LTAIqgxYFRGsyddtez7ej0cX71AFg+NaQWsJKRtRAgtYsKfnFEZGplGvl7C/X8Do6BU6l1hbe4PJyZuY6nKxsZFFqfSDz5UKELM92grGKIa3tz/SxQHBl7G1tYJa7Q/Gxq5xcKGwTEX6eC6RAkqgteI+7YFdlYqPzc0VNBolTEzMIZHog+/nkUwOYnz8Bsrlnxxri9pCMWMa0NyTTQS+tBXy+ffI5ZZ4Lp43hWz2KXZ2PnErVn7EBHCtDCtfa8FDmZlZYGlC1EhuP99VKnuYnX3IfrH4jeGobQ3X9hZlE1hdfdGeRyug85+wtjXwyCq4QRCwpO7uREewafqm/bv1LujJNW30CZCCBvX7jvtWys4hIGvfg+AkkVzFQGT/Xc5RP+fW+gsEgchGXj0/PQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAEXSURBVDjLY/j//z8DJZiBLgZkz37Ynjrz4ReyDEideb89afrDf5ET7v4n2YCEqXf7qpY9/T9r76v/Xu03STMgasLteaVLHv+fufvl/6k7X/y3qrlCvAHBvTeXFC54ANbctv7p/95Nz/5rFZ0nzoCAzpuPsuc++D91x4v/jasf/y9aeP9/89rH/6VTTxJngGPDtc3xU+/879789H/5kgf/02fd+V+17OF/yZhjxBmgVXCaRT3v7BqP1mv/a1Y+/J824/b/woX3/osHHSAtECVjjqy0Lb/wP2/+3f+Zs+/8F3XfS3o0inntXWSeffJ/0tRb/0Ucdv4nKyEJW25ZYBh/5L+w5fb/ZCdlQYMNs4WMt/wfuMyEDwMA0Irn/pDRT58AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAF6SURBVDjLxZM7S0NBEIW/fWCnQgyIT0QQDKJBFBRbsRCt/Ae3VRs7wVpIY6WxkqTXxgek8IGIIQRsYjR2SkhAMJoipDAkXNfi6k18YcDCA8vMLDtnds7uCGMMf4Hkj/h/Ag0QDocngVVgrM68O2DJsqx9/bax7vf7fK2tXgCEABBvftU6vuDxMd97cXEZBFwCr8fTTCbzQKViO71J6SYJIdxYa01HRwuA123BgUAphW0b93AtSZVAIaX6qMF7RaU0WvMh4bNVSiKE/EoghEQpiTH62+qJTIzLbIzic4FypYxXdmuwEKFQyPT0dDE0NOCKVxXMiU8SB6Seooz4Run09HGa2iV+fU5Tsd+5QTqdJZ3O/vhmZ7lt5mamsaWNv22K45sdxgcn2NmLgDHm1zW7Mmwi11umFvvJoBlbaDN1/cR8IVdK3ccIHFkABA4tbnNJgFJdBC/mZS2ejNGA5uBqkwahiSbOAIKi3nEeX2wPAPNAI1AENuMb98uviwGZtIAuD3IAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAI/SURBVBgZpcFdaI1xHMDx7/Oc/3ms8xiZxLxcGIXF3cnN5KWUXIrc4EZcSC5QKC+1xjLKW5ELLzfIS8iNS0qUtxqllkYstllsNufsPKc9z+/3s/9q5Vb7fAIzYyKCDXvv7F6xutg2ULHYDFDFVBEVTA01xURQM0wEUWVKlA53dHQffHBm80VXbCpeyNfE4cwa/kc8XJELwEVXSS2sDJT5l8uGaeptYSRLSRLlw6LjZLmYfyWphYxyJsaJLQsZlyZ/eHejhXx9HaVywuyGOqJPR1m//wb5mlrG7TjZhReaKd5IJgyXB3l/ax+hM4ZKVWoa1vLr+1em18/lYetWvnb18OVHCU9U8ELM8IIw4OP9Q4RRQClR6tccYMmqbcxZuYdvnZ0UptTy5Nx2CnmHp5ngOVHBC4FqdYhUI+avP8a0GXNIK7+Z19iE2RGeXj5Mlma4KMRTUTxnaowJApbvvMnjR/eZNbeB022tDA4OEccxzc3N3L5X5EDLaVDGqApeqCqMC4KAVAM0HSGfj2hsbCQIAjAjF9fhchDmGKOqeC5LU7xXvS94/e0Nn8odLO1fRm1cS6FQYFJ+Eu0Dbykt7+H8szYWTl3MpuJGsjTDcyaKd/PldZJKwkDvENcuXyWnjr6ffVSrVa5cuoosqPK5/zntSTubihsxVTynqngt606RiVDuL2NqiAiqiqemOOeYPG0yURThqRme6/7SdXfX2XSziqCiiAiqiqQpqoqaYSqYGGqKqaKKd5dRgZkxESET9BfqVjgB6mRiLwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAADTSURBVDjLY/j//z8DJZhhGBhw8uTJ/5RgsAF//vwhC7948QJhADkGDTEDtp9c+790ZsL/tD7//4ldXv+X7pmBagA+vOnosv+NqxP/b7ky9f+FZ7v+9+/O+h/er/u/fXHZfwaQKYRwYpfn/42XJ/zfeG3SfxDo2ZP6v39P+n/bfHniEotPteH/bVfm/EcGmy5N/W+eLUmcAZY50t+7dyX9b9+VANbcvjMB7AKgAd+JMgCosCW4R+N/764UsM0gGsQHivcQneaBijuA+BPI2VC6AyQOAPdpPzVHO/APAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJUSURBVDjLpVPfa1JRHP/Ma15JRQ3dsEAfBkoOIXqoJ3uqaOwhAgObQXuwnvw/Yhuh+LCnyNfe9jisEYI1RuFQGxv5stCciTKHzTnn7r19v8ccq1wvHTgc7j3fz6/vOWdM0zT8z9D/+WNjYyN1cnLyuN/v62kFrWIeHx/z+joUCj0aSVAoFKwEeGmz2UKyfBE9AkFVIfyRS7vdhnR6JUxffxPk8/l7DHY4HFdMJhN2vlbB6qqqQdVUItKgEFmv1xsdgYpX3G63+NHtHqFP4M+FHBGop/PO3WkRYyQBZzQYDGi32wNlRYF/6ppQ136pc7PPdcDMCoG4iA+FrRfyn2hVhDrvuWbu/9vBoFeaKGaCqcB1oT50oZ3TA93QwZBAkLCyMsjesOzg1X4C6pm6kRGG4MPDLkpftvCjvY/xcSe2y1tomto4dHeEu1QqpdVqtVa1Wn2+ubm5JAjYGoO5gaurbyHLBszNPUGn08Hkt0lcWnNiff09IpEI7ckgAnsul1sol8vOUwd8CnSZ0Grt4eHsLBYWX5CTbbhcLgQCAQYhHo9jd3dXsVgsb2Kx2DQRPBs6+JjNZm8Ui0WYzWaRLXjrNoqFPMLhMN1COw4ODtBoNJBMJrt6vT5EJR2r1SoLgmg0ejORSMxUKpUlIhA3au3DO24r5ufnwbeTB0fS6XSyJEnL/E19OBo7+xr9fv9Vr9ebDgaDl2lIRqMR9XodpVJJZPd4PJiYmOBe7ZGYLpPJfP+NwOfzSZQ5QIrLROAkkMRH3Ww2n7IgvRVWvkCRFepFgxw9+AkiS4SDy9ee+AAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAD9SURBVBgZBcFLLkNRAADQc1/fU6qkhFRMMNIQn8TUQCJWYBE2YBkWYQWMJIZmNuAXCSoGFUGIInJf33VOSAAAAIAcgLOFt3079flaEdTS50M6nT7YeggJwPFle6nhAoVhc370rnaXcwBSp62GTdxoGdPrkAPQD5OSbRFr6oLvjByA53CqY9YUvjy68YQcgELTuTd/khENbQk5ANGqFUSFnq6WW2QA5Op4VuhreJVEZACUAKiJkogMgIEKANFARAZAKQKolColMgA+f7vVkBkRSeYjvf6QAfB1cnnXNWTUhHHrXuLoESEBYO/aYjNUSqX3snk/2DjshwQAAAD4B9GUWR0G4scKAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAOPSURBVDjLVdPra1t1AMbx51zS03iSNk16y0m2tF27bp0d3SodjLjqJqNl+qLDF3WDjTEsKIhQ3fCFY74Sq3ZjyFZRcVCUCd1WpYgiglXYZiudtV1vMXhJmrTpbW1zfud3yeX4Yg627x/w4XnzSLZt42EXJ99x8azoZkK0MUFbmOBgnI1SJr5TxL53PXanduGlgIVHkh4CvRPnW3lGXN3rCVcraiEyUg7lzjL8OT+Nm1PX+gLSx5Mikz0jRO7UZ13bfn4M+OCPcx1bHbU3fbqBhFjFuDkNxZax37UHX/76yZoz29Hilp4bbal1eaf+2cS/C+bRgbO7BwFAfn/8nJcJ1l/u2oq7ZgS/rN/BemYDtc4QUotxEELf1u1Db2wvL/RWlBSizu8CpaL/8Fu3vQAgW5x2N3taXVE6j2lrDlaWoUzxwsUc+Hri+nhA+WiE0UxX7RYds0kGb5GGuqDbxSza/T9AjigODZPmLESWo0h2YXfRDoxGboGm2WsZrl5qqnErIpPH/KpAZJGj0qeDUXYEAFSLsgYuZSFDQpPrSVRpAcT+imIsOvZ5tbvfoJQ3B3xO3IlYsEgOZDOHnQEHOKPVAKASatGKwtKCsPsppJJx9N3tXeNEXDp//4Urcxtj6g96fXTpPmtUIcEiedj5PLhQIShTHiyw6N+/zdxuGro3uMwpf+/sQnDg0Jp+wram5p62xp4ZajgDxnOwLBuU5OArcSCxZEJwGn0AEPrFNxM3+i7O1327fUPppsSa+dEo02fdRfAGgxN7oz9lNpYdYGk3augQdvjLEU8uY5dnfbW1tVVXpnYenT2e8p3wbWavWqFQ+CutoGAluAXHTp6EYRioLPcqsZkRSCSG08efx7aaGpSVlsAppWsSiYRDtU2i5ol1TOxvKbi1sop43saLBw/i01dexYjgeb9hyI2NjeBmEhd6P0QyuQDHE97f33y9a08sFuuSHZevLOfT5JQ0MoZ74xPQiz0AgNMLSzBNk3V2diIcDqO9vR1tbW0wTZPaYiMMAMXFxZoKAM4bA9fT4WcPe0n62lSJ1wcAlz1uyJwV9PT0QNd1AAAhBLIsqYqiDAJAIpFg0qNv7GjY1axXVX2/78CBkmBlpYLiIqRSKUQiEWiahlAohIqKCmSz2bV4PC4PDw8vPgbU19crfr+/Udf1QcMwyjRNUwDIKysrLwNIlJaWDgJwcM5zyWRymRDS8R+TYbuVB9P4ZQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAC6SURBVCjPfdHhDoIgFAVg6jlq6x10vGdbrQfsR7bcskSTgE73gjAtirP5Qz/hsiNEWIuvpLUWhZCZbMQygEK31ll85rCNRPJnjQc6SosrzjgSUNiNRLLXGNATUmhQo6I3PU7YMwngSSBE4YbLeMwAmiUC3sP4Z0ekpjCbAeP/Mp60uBObAONjE+GR1RTYCbD+KL7XDMwTZvoDjL9XBC4PaGzHoNSdfWV3cUNDPVFZZbYsTiFWv8pOhb8BUJ5M7qO6PVQAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIgSURBVDjLpVPPaxNBFP6SXZuYZWlsQbQhqRFsD1ahVgUPIuhBEDyKAU+ehB49FQTpQbwKggj+Cx6UgigloJQsqJcWCykppJVqTILi2iRms7szO86baVMFD4U8eMyP975vvvdmJiaEwCAWx4A2MIHpOM/+W0MUMekCQtDIpQdgjINzJqOhnDOEYQiTksfGTvWB1BMhoh3XBDQnkt0xiijGsbZW1ARkvt9WAB3UCRrEd0C7rhUlk7ZU4GkCzRwhlUojmz2DbtdFs1lBLndO7odYXV3A1NR1GIaJ9fW3cN0ttc+YjzhjYZ+ZwJub72WgJ8FnsbHhoNP5gXz+gkquVIrykBEQhvNQKpAE1BSqkzbIWq06qlUHnudicvIyLGsE9XoZtn0YExNXsL1dU7l0KB1kRpGnOquJoIKcc5TLb1TS9PQNZDKnsfToFuIrH+DXpPxhG73zl8BTPkySQfI5D1RTZmYKSloQdKTcURXbevEYhxpfcOLmLBL5k/A+LaJcKiJtSAVUm1YQYHn5+T+d7vvLJ7h4ew7J6jtg6QFSw2kcy42jUfoI0/d91dFEwvrr2vbundae+wvJI3ng2t29Fzh/FAc7ASnwZL2vVWfpdQnhy1Gol0ckpO546gC6K69gLczC9xroSoJ2y0DPGkJsP7+xVMjMD9nWvewoM834V7S/M3xuGjzsifux/X5np5Cb+/3z2x2Dx8a5IWoS9fTqInv4B7QMlwnqx2E+AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALjSURBVDjLfZNfSN11FMA/3/v7ea/36prXWWirTZdlKtiC6CGi4BLVCqJB2/BFNmKMfInVQw8RK4lVD/VoEL2UWL0Za8HQJHNL5ya17lZz4aItXb957/V6r9v13t/3z+nBNBm0A4dzXs7n/FciAsCz747LgRdambyyiDOCtQ5rHc46jHE8ft8W+gd/Yrr/JcUG8dccZy3OCUb/G2hWrTWraoxgjeVWiaw569m0xYSW9qrT9NxxFB1atLarwNsBnLHcLGnu3hRDh5ZU4mseqb9Mo8xw7+Y4N0oVrL1tBbbv7PnrNMR8OpNFdkTTROpTPFU7yl01UaZ+nsMZ2/e/gPEPdh258Humbyod8Gjie/ymPUTqHqMzMsKZc1c4fynouzi4/8itABWe2hYX8drEiecE3vqx59ChrhMHt3UdhEiU8OpXDJz0vtnXkX5HJIJzgtWlTNOehasAqjLWOCeJ9q0iICKIEyLJJyCxHdF5RBfQuTS2tICgcFoTLv9JuJjtaXlFBnyTC3pdEAx6Hb21/tZuJAxwYR6ns2BLoBxVd+4k6m/CGU1h+gvy09ljxBgCUCJCYUC1Osvx6IO727x7XkTC64i5ibgSYldAeQTfTRP88AuVpbJYT+aA/qeHzftq7RLzX6paB5/HH3pjt4rV40wesSVwZTKT8yxfyvJAai+xlk5W0sP8dnLE5mcuHl7fQrJbbqh4zYguzCIKEIdCgVj+Gp3k/tReqi+PoT7rJvHHEM3bt3ii5LC/cSVC9fNVyZ0o5eOMQS9dI9rQjM4WqW5sgede++8H3m7Cc6p5HZAbaog7IeXVdVA48yG5iYlZFKdq2lr3e3UJSue+peZYL5WVgBKwXPSwHtc2XKJ5UtXuiGeOv05mbOITo3m4/T05sDQzu6u6nuVfT4/zdzlO0asiv6iYnVdWoH99iPOfqpfLC7xZztLb+ZGc2Nja1KtqcyWTHC3nil2eUb71ZF7g42eGzdF/AONCmjwFNk4lAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAG1SURBVBgZpcG/S9RxHMfx5+dz3+LKsKxBC4KQXIvArYb+BQmuIYgGoaBJiAoiLCqwxUGwkBr7gaGOTu5NZhBkBRU3NEV2Q3d69/m+X+/6DEJcNoiPR3B3diKMjM1ePXN2+OFay3vcAQmXMBkuRy7cDLnjZphE7+7UXF39dmNhsjZdDJ8entpV7Yn9Vbajp9myKWC6aCWPrbVfbNd68sgfhZtz6UKHQBYIBCKRO3O3uHhylBOHT9G39yBFLPjb6ESdLLqLTSbj5etnZOutNlYa7s5WTEZW4E7mwMzSI340vlM/Xqe30ktZGjjg/EOlkUWTkT1ZekzFIscODfJ0cYZqZQ8YSI7jdJOJrHA5E/P32V/tY2hgiNKNA/v6WP34gXang7sIBLpJRhYl4+a52zSbLd58WmH5/TJzi/NstDew0pCcrUgii2VKZNdq12n8bPD5y1ee333Byru3BA8EAu5OtzKVZNFNbLp3+QGDA4Nk7Y1EJyXcRQiBbi6RRUlsKioF41fGyVI7IRP/I3eyMDI2O9t/9EhNZsiEmSEJSwlJyB2X4ebIhUtIZK8WJmvng7uzE5Ed+g22TgZNyTAeRAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAADoSURBVBgZBcExblNBGAbA2ceegTRBuIKOgiihSZNTcC5LUHAihNJR0kGKCDcYJY6D3/77MdOinTvzAgCw8ysThIvn/VojIyMjIyPP+bS1sUQIV2s95pBDDvmbP/mdkft83tpYguZq5Jh/OeaYh+yzy8hTHvNlaxNNczm+la9OTlar1UdA/+C2A4trRCnD3jS8BB1obq2Gk6GU6QbQAS4BUaYSQAf4bhhKKTFdAzrAOwAxEUAH+KEM01SY3gM6wBsEAQB0gJ+maZoC3gI6iPYaAIBJsiRmHU0AALOeFC3aK2cWAACUXe7+AwO0lc9eTHYTAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFhSURBVDjLjVJRSsNAEJ3WpkKgIA2hVIL/fngJv/3rNbyD4BU8QD57AOkBjOQCPUHIX2m1YAtCku64b5NZtnSrThhmNzvz5s1jesxMsDzPX5RSj7jrSBIPh4ONzvlpNps9m0IkwrMsW+73e/7L1us1z+fzd6kbUGdAhr0uv0hpUowPUTteWP9EvL9happGyo4BaoUyouurARDMmZ1YfFama13XpwCYD5mK2RZR192AGU1a2l4GLQAfdbSRW2aqO59lcNHXUSeVH1U7N7dFwkoAqqryA0CHh9tL20GUJuqZ+3A4pO322z+CW4QOq9WKNpuNuUdRRHEcUxAErdjnRpClQnFZlpbBbrcz76PR6ESDvo+BdE6SxDjOeoHsu3cE/BQGoCnu6uOO6NVAAMbjMem1pqIo7BjQ4VcGLsBkMjFdXRGn0+n/AMIwNA4QnyHHLJ1Hg7c0Te+ALo5Eia5rPRZS9wNIBbXTpSVpqgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJGSURBVDjLpZNLTxpRFMdd+EX8BixZ6VfxQ9imq3YzSdNVE2MNyEMYAeUNofIKEBjA8CoiM4BCgiQgaJqWtjySAc2/585iogG76eI/czN3/r9z7jnnbgDY+B8pj3w+v5nNZncEQdhLp9N8KpUqJhKJYTwel2OxmByJRIbn5+fFUCjEB4PBPZ/Pt+PxeDZVAJm5SqUCURTRarVUNZtNdd1oNFCtVkHBEA6H4XK5OBWQyWQwnU4xHA7RbrdRr9eVn8vlsiK2ZnC2NxqNMB6PcXZ2BhVAacu3t7eYTCYQbr4jIP2ErzWHt/0I780jnOIUjsoDYlcDjH//UYAOh0NWAXTmbTrzUmpew3bRA196gONqAndrARfJevkLXzJ9fI5dwxkvwG63L09OTrZVABMVTBuNRpfVegPWlIRPvhI+nF7gHZ/FG4sAzl2AP1V8YX4BYKJKa6nSy8srEZakiPeneby1CvjoKeJrurRiXgEwUZu0fr9/+a16iVStC9/FNSLCevNaAJPX69W63e6nxWKhdIfMT+vMrwKYnE6nl7WtVCqB53nbPyfxuSjyFvV4l9pU6Xa7yOVysFgsebPZvGs0GrdeBdBoami6ioFAADQXoPHFYDBQ3lQXUHFxfHwMnU5XPDw81KwAyPxDkiTIsozZbIa7uztFDHJ/f698Y3vJZBIHBwejFQClzbFIhUIBnU4H/X4f8/lcUa/XQ61WU+7A0dER9vf3ubU1sNlsGqvVylGqWZPJ1DEYDNDr9SztLqWdpcgcmTXPPX8BpLUNr3FYePgAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKzSURBVBgZBcFfqN5zHADg5/P9/d53/87OmdnU2jIttiGJEZO1SSh2YcWFXHCBEpIibsiVO3GhlhIXascF7maoiY200iSbIYZxmv3/55yd877v7/vxPJGZ7nplz6MLxuc9XMIGzEeAQAZZjWr9/eyp3B3nz7ywd/vWAUBkpntf+2bv+89suLqUWJI0EoBMSCf+G9rx3Vn/Hpmb+enAz0u/3r51DlooTazrt82Sg8c1JYIgK11Wo1G6OOxsuWqxW9a29tUTC7OuP7P56Z2XfPXWfXMFImIsM5t+U/QKbdAUmiCCIlCtGO/bevMKV1w5b0E7vug9KJAEFJSgRCgRSoQSoTTh6OmLVo8NXbM0PL7xUk2veRBagEzahhAyQu2SEtqGfha/nUqDOlLrwKY180RbRtBCJok2ipQSUUIgK9kUetXS39421h12sW4hVoECiYoISoQSoUSIDL0m9EoYO/KB1Uv/tmbzI5z+zFo/FChQR2RSkchMpFIoEeb/87FV7Zcm1t1k+q9degtWemr1F/1dz655qIVaU2aSpAQggd65703cep9u5qD5y1aZ7f6xesu1yszx7S10lS7JSgWQoCbD/krDM38qzUlRpvXHTzI747+jc00LdZRqple/HwipBplh5ewhD3rHxKKhOppV6lnKYjkc+HHysF9/OfVEC6NRp+tYMd5z42VFTZYd2+ny6Q+t3bhRDj4X3QUHPh0YTs9Z0g9vTj0wnJx8abKF0Vyto1pz0Ilvpzo10mPnPrF+0x0GJ7dr2wk/ftn5qPeks9ff443bSz343Ldz0MJwtju2qN8se/G6waLMLJL2h0Y0U5p5yx36YkZv3ZNevu1+Eer8frnQjeoUtBCRr9/9/J5tEXFDyoWwbXm/vfuPfc350yPvHr5zdGj/4s7kbpitte5vix3wP04jPQSDxpk/AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGrSURBVDjLvZPZLkNhFIV75zjvYm7VGFNCqoZUJ+roKUUpjRuqp61Wq0NKDMelGGqOxBSUIBKXWtWGZxAvobr8lWjChRgSF//dv9be+9trCwAI/vIE/26gXmviW5bqnb8yUK028qZjPfoPWEj4Ku5HBspgAz941IXZeze8N1bottSo8BTZviVWrEh546EO03EXpuJOdG63otJbjBKHkEp/Ml6yNYYzpuezWL4s5VMtT8acCMQcb5XL3eJE8VgBlR7BeMGW9Z4yT9y1CeyucuhdTGDxfftaBO7G4L+zg91UocxVmCiy51NpiP3n2treUPujL8xhOjYOzZYsQWANyRYlU4Y9Br6oHd5bDh0bCpSOixJiWx71YY09J5pM/WEbzFcDmHvwwBu2wnikg+lEj4mwBe5bC5h1OUqcwpdC60dxegRmR06TyjCF9G9z+qM2uCJmuMJmaNZaUrCSIi6X+jJIBBYtW5Cge7cd7sgoHDfDaAvKQGAlRZYc6ltJlMxX03UzlaRlBdQrzSCwksLRbOpHUSb7pcsnxCCwngvM2Rm/ugUCi84fycr4l2t8Bb6iqTxSCgNIAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKJSURBVDjLpZLfT1JhGMfduqu7/giv+wsk5mKGB53UBHHiDzjQkQjhmJyT6OiQBhommKJLaVrLZcPWpi3To0KspiSYv8AL160XOVy5uVrz23lPV0225rp49j77Ps/zed5937cIQNH/REFRyHBb3rXb6FhlT+58bJk5E0DIuC8Kaxwmd0cxkRtGW9L+9cw38Ky4jiZyEUQ2gnAtM4v/BPjWedxNt6Ez1Yr2FSe4D46T8WwEY9sDuLVAHza/bTqwztbnTa9r8wUBXmn4+e5jPMuNYCI7jPHsEKLbgxjdGsDw54cYXH+AR5keGGM6FAR0pFg8lYbJ1vspHu73DNgEDWfcLJ1WOJctEqAXhhfXCgMkp+FO2tG14pG3uuI0HMtNuLlYD0asg2XegP6MH/ZZC7TjFCrGyqAeuYJTJjpEC0Y2+mFfakCzaMSNhVqY52vQ+K4ajiUavZ98CKwK8K96oRpSngbY5kwIp3rADJngCwiIRqPgfW40TOphmzWhs7tD1roCXbju1aKkpOSCPCg5DclpcGIL7H4GoVAI+/v72NvbQzweh8ffjs4+D3ZyO7KWTCblHoqiemQAGR6UTGp94gDLuZDe3ISVp0FpKNA0jXA4DJ7n5by8vPyXXq9/QyAsyx7KAHrGiJBkUllLKYR7ggzQRilcLlVAFEWk02kkEgnEYjEoFIrvlZWV5wlAEIRjGdD4yoC+tW7QvQ1g7MwfgFY7p1Qqf6pUKlRVVclBcqKRGgFYrda8DKh7WY2aSS0q+q+iwqBBoC9wMjU1dTA9PY1IJAKnU/qdHCfnRCO1YDCY12g02b9eobi4+Jx0xUtqtfqL2Ww+stlsx1L80Ol0RilKpfwb0UiN9JDe3w8qq6SmnYkEAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKJSURBVDjLpZLfT1JhGMfduqu7/giv+wsk5mKGB53UBHHiDzjQkQjhmJyT6OiQBhommKJLaVrLZcPWpi3To0KspiSYv8AL160XOVy5uVrz23lPV0225rp49j77Ps/zed5937cIQNH/REFRyHBb3rXb6FhlT+58bJk5E0DIuC8Kaxwmd0cxkRtGW9L+9cw38Ky4jiZyEUQ2gnAtM4v/BPjWedxNt6Ez1Yr2FSe4D46T8WwEY9sDuLVAHza/bTqwztbnTa9r8wUBXmn4+e5jPMuNYCI7jPHsEKLbgxjdGsDw54cYXH+AR5keGGM6FAR0pFg8lYbJ1vspHu73DNgEDWfcLJ1WOJctEqAXhhfXCgMkp+FO2tG14pG3uuI0HMtNuLlYD0asg2XegP6MH/ZZC7TjFCrGyqAeuYJTJjpEC0Y2+mFfakCzaMSNhVqY52vQ+K4ajiUavZ98CKwK8K96oRpSngbY5kwIp3rADJngCwiIRqPgfW40TOphmzWhs7tD1roCXbju1aKkpOSCPCg5DclpcGIL7H4GoVAI+/v72NvbQzweh8ffjs4+D3ZyO7KWTCblHoqiemQAGR6UTGp94gDLuZDe3ISVp0FpKNA0jXA4DJ7n5by8vPyXXq9/QyAsyx7KAHrGiJBkUllLKYR7ggzQRilcLlVAFEWk02kkEgnEYjEoFIrvlZWV5wlAEIRjGdD4yoC+tW7QvQ1g7MwfgFY7p1Qqf6pUKlRVVclBcqKRGgFYrda8DKh7WY2aSS0q+q+iwqBBoC9wMjU1dTA9PY1IJAKnU/qdHCfnRCO1YDCY12g02b9eobi4+Jx0xUtqtfqL2Ww+stlsx1L80Ol0RilKpfwb0UiN9JDe3w8qq6SmnYkEAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKFSURBVDjLfZM7aBRhEMd/3+7t7W7OmJjnxRjDKUYNnPEJHjZqo4WIEAQhFhY+asVGsLIUbGwVRMFGfKDpRWzEqCEKIko0GlQ0MV4e5u5279sZi+AjRh0Yhml+zPznP+Zy/+A5EdNXiiWILAtD57deCgKPS4f3bTwOkBI1B/ds62gOgsAY4/K/qAgktsrNu8OHgDlAKRLf9wNz5V6RChPMmJfkWscIvSmsCl+nQ54P11Gja0nRyMn9ORIx5gc0FVtwHBfHQOx8Itc0hp9+x1Q0g00sKd9nRUcbI28y1KebEJk/VQpAAMcxRDpO2isyWZ4iSirE1mJ1Ft/3mY1CGkMHRecJ8wtgDGqFKKlSsRHlakQslkQAU0UlIeUYVOer6gCozgECmpmZzaB4RJIQ2QRj0rRUXI6tGiXjlUHNPwCOYZHbzodPrVQmFlGjDdSaBkyxgbzOsKZrO93+/QWXcfR3gNfC0nADxaEi9ukIDL0lP/mF3MqdLG7bwDJ9gJ1+vVBEVXg5cZREhESErmicQkcn6oJTE1PbVE8yfYdl6/oYH76GYe8vgKpigN1zxgLAzU9Smv1C5v1dsvkDUBlk4Optth45xbvRBzT4OQ82z61g/uLXJKxHPJfMkhXULikh0QiokHx7RG77Cdqn+4OB84VaACfwzBRSpad1Kz3ZAuuyBfItm6kbfUj98vVI6RkqZTb1rkbijwTBKzq7dzg2io8DmIu3Bs+KmkKcaP7Hidui++ktnRJmu0KSbwOoxjy58YJNvWsxbh2Eu3h88fSYiuwwfxoDYOB84X2+72q767xFbfGPFR3ccDWfnw/xqv/M9dTfvs5GcTB4obesoqjIb6k/KyKoavY7re8z/KbjU2AAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAK/SURBVDjLjdJZSNMBHAfw1UMPhfTUQ5bgkfWQSodmYplroiAkXkvXcnOVipqsWhLKXEvnUEHUOecU72tec8vEVgQamUfeUzzThcc2QUqd+09b+u0pMxTz4fv04/d5+PIlASAdFG6wJWsk3351ofoMZstszKVs22I/V9tjf+4HPrN9z1I0lTZbizWnsTsFsXbZhwKKmadEi03O0KoiQHRnQit3x6LMCqP5dj8OBUiCT2bqhlRY/SyBeagchk4JFgZb0ZZyWXMoIND3buRY1bPtteFGbI03wTiqhK5dhGSGp3xfIJJsz8pj3V4VhZEhCaeYo0Mc+0QvYn/q5BzMv34FXXMSOqSP4RRxsdUl3uHEPwDT/Rwlj+W1lU0nY3dKstjILRAgQ8yFMtcf4y001CjC4ci7UHaJc/74DpAVcqWjMNofTfyHGKvhoppDhSiMAmmUF0qHuGh5Q8VyDxtmQw/mP9xHRhUNbtEukh1AHGLXMN0m21OYLJEMueoelj6GwbxSiZVRPpa7eJioCMBQmsf/C0tPCUanwg+b3+uwoeVhQ1+IlWEeiDk+pqSef4GjV3MSxAlxewpzoD5HRYkP1mfSQXyLgWmOA0LDBDFFRT/fzUQCQDriXvsokNNvaNcDwno5kkpkiBeVobZtAL3VUVDLQw1rkwwQ034wzdBhnKCin+9kqgi1ppFsfKVUKrvF2Dy+BcEYEPEFYLQDwvoWfCoLBzFXAOPXIBCT3ujLdl0fTHHRqwXX9DKGdRAAEkktcP7V15gLjkIHpgpgKrdBl22jqy4GG9pyrKmvgxjzwYD4Bgrodg9UQZYW7Qwri50haXJuaRtTn4LG60bke4D1FmAogS4FG5tLQhgn76A7xwO9wpvYb62kycoot9bkwERXapXS+UkvyDw1yLwRpKW+RHdRAN4Jvc1FcV4Ns6U0+n7Ab/dSu26WPRQHAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAADCSURBVCjPY/jPgB8yUEtBeUL5+ZL/Be+z61PXJ7yPnB8sgGFCcX3m/6z9IFbE/JD/XucxFOTWp/5PBivwr/f77/gfQ0F6ffz/aKACXwG3+27/LeZjKEioj/wffN+n3vW8y3+z/Vh8EVEf/N8LLGEy3+K/2nl5ATQF/vW+/x3BCrQF1P7r/hcvQFPgVg+0GWq0zH/N/wL1aAps6x3+64M9J12g8p//PZcCigKbBJP1uvvV9sv3S/YL7+ft51SgelzghgBKWvx6E5D1XwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFmSURBVBgZBcHPa85xAAfw1/Psy9bEFE+MgwyzrLS4KqUQRauVODohB/+As7OzGilZrpQki4OLgyiEImFWmqb5sfZ4vt/P2+vVitn+nMyZMpZdKeV1PpTpMjvZALQe7clMZ+9mawyKJb99sfA0p6e+AR4+/pySJEmSJOnlRe7cjIhoZ3wTAICtyjGAqojvBvRbJZYt+maHAqAqovLTiqj90lWJAqCK6DOgUumpBTPqDkBVRK2n1tJ477tRI+LKoe71pQdXz7eLaNRqjcaCA2LEqLHZY9uac8cHqyJ6ehp9Gpux5LEB+zSGbtxfbhdFrdaIuzYa9spFnYW3y1tMnL2QdmNRRz/4a1HXBvN60vttzry+qTdfJ9urh3WsM+GHrvWe5V/G1zXuTy8cbsWt7eVymWoPDaq9c9Anu634aMS0uaoVwLW19c66PL/05+zQif33fnh5unt7+dGToyIiIiIiTuVIIiL+A271xrBxnHZ+AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALoSURBVDjLhZP9S1NRHIf3D+gfURRhL2gFFQYFiSkEIkZFI8kfyjIUNNFCrOnMFxKJMTfCKNEl5AxUVCx1bm6NdMMkx97ci5vTjTn3otvdy9326dxbiinRhQ/n3MN9nnO+557DAcDZH7VanSuXy4VTU1OL4+Pjm8PDw4HBwUGTRCIRf+wXXz34/V5Ho9FkEFhE4ITT6YTf78f29jYikQhCoRAMBj3E3a/otyJ+v1DQnvmX4A88abVakU6nEY1GwUgcDgd8Ph+SySTSSQo0ZYJ8egCvO+qV7W2NmXsCZmYGTiQSYB6apsG8WywWBINBVhqnNhAL65GKreDrRC+aX1b2swICXyTLToXDYRbY2dlhJevr6zAajWDGk0kakZAR8bCBXUWCpKb6Uar26ZNcDoFFa2trYGIymViIqZkRud1uth+PhYhAR0An6W+RFcahVCpRXl4u4mRnZ+N/qbh/BZMfShDZ9rLiQCAAm82GsrKyJVag0+lgNpuhUqnQ19fHQkzrcrlgNi5DN/EAWytS2Ba6Ybfbsbq6Co/HAy6X62MFDLwLMRImzBiTlppr2DRIQIct0I/chVY7i3mdBUbHBopLbm0dEjDZhc3LKmgGihDbHENsowt+6zgWx+qh0jvwRWtEQdFN/aESdkU5OUQ8y4fPNITYWjPm2s8hsTWEH+/zMK8exTvpBApuFPX8cxNLiy/APtOAuLcPlKUMc205iDrqEbRNYKH3NvILC1N5+dcvsQdJIBCIFAoFPEHyK9d/Qm/XYklaigDZuOhqLSLmO7+zco+U8gYOhQDC6lzt3kns7OzM4Lc2T38alcDmNUD3TQjHXBfiHjE7e2SFS0o4y7aUrQKUewQK/mmvoulk1t5l4vF4Gc8a6noeVz2k1d15oHxWxP0ziHnJHnil+/IZ9I4Oru8SyBqOSzkHr2dVVeVlRcf5qKI1JyVvyU7Lms6kZbxTKdmLLFrWeCJGIGrm+TFqpv4oNV13RPkLngD4bMIOcuMAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALoSURBVDjLhZP9S1NRHIf3D+gfURRhL2gFFQYFiSkEIkZFI8kfyjIUNNFCrOnMFxKJMTfCKNEl5AxUVCx1bm6NdMMkx97ci5vTjTn3otvdy9326dxbiinRhQ/n3MN9nnO+557DAcDZH7VanSuXy4VTU1OL4+Pjm8PDw4HBwUGTRCIRf+wXXz34/V5Ho9FkEFhE4ITT6YTf78f29jYikQhCoRAMBj3E3a/otyJ+v1DQnvmX4A88abVakU6nEY1GwUgcDgd8Ph+SySTSSQo0ZYJ8egCvO+qV7W2NmXsCZmYGTiQSYB6apsG8WywWBINBVhqnNhAL65GKreDrRC+aX1b2swICXyTLToXDYRbY2dlhJevr6zAajWDGk0kakZAR8bCBXUWCpKb6Uar26ZNcDoFFa2trYGIymViIqZkRud1uth+PhYhAR0An6W+RFcahVCpRXl4u4mRnZ+N/qbh/BZMfShDZ9rLiQCAAm82GsrKyJVag0+lgNpuhUqnQ19fHQkzrcrlgNi5DN/EAWytS2Ba6Ybfbsbq6Co/HAy6X62MFDLwLMRImzBiTlppr2DRIQIct0I/chVY7i3mdBUbHBopLbm0dEjDZhc3LKmgGihDbHENsowt+6zgWx+qh0jvwRWtEQdFN/aESdkU5OUQ8y4fPNITYWjPm2s8hsTWEH+/zMK8exTvpBApuFPX8cxNLiy/APtOAuLcPlKUMc205iDrqEbRNYKH3NvILC1N5+dcvsQdJIBCIFAoFPEHyK9d/Qm/XYklaigDZuOhqLSLmO7+zco+U8gYOhQDC6lzt3kns7OzM4Lc2T38alcDmNUD3TQjHXBfiHjE7e2SFS0o4y7aUrQKUewQK/mmvoulk1t5l4vF4Gc8a6noeVz2k1d15oHxWxP0ziHnJHnil+/IZ9I4Oru8SyBqOSzkHr2dVVeVlRcf5qKI1JyVvyU7Lms6kZbxTKdmLLFrWeCJGIGrm+TFqpv4oNV13RPkLngD4bMIOcuMAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAEMSURBVDjL3ZLBSgJRFIYvtO0BfIPeI3qBNj2Cy1rWzlWbkcBNYhC0TletJKOFq1lIILhQJCywaDZOkINiGl/n3DNj6LaF4MDHGebc/5tz544D3H9w2yAI3LkQp7UgREJRSIS+0BJqwr6QTzkWulqdD09juD3Ah5PI7r8TiPvw0YJeDUq7cJ83NDzqwmUOFUyYT/ASfasGm6d4kQo1OB3JszN4fTDujuBrqP2hW4baVxbMBIuZTfAeQucGxm/w+WzB6AleGipo/Am06hTrEwQupLhjwkFdtlOFnzlc72n/cFWgQb3WJ8i22a7A44mtCfQQ7BSyL6617BtWZ+kphMKFlwSusrJmW/7ETQt+AQhq/TxibW0lAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKZSURBVDjLjZJLTBNRGIUxbeOGNLrSaFxgdOnGrS4MijtWLkjcysLEuNEoqDG4IDIpNCUlLVLbQFrsI0Dpg0IfIzYiCyRQA2mb0tQG6QOqbemkFanY438nofFBCJPczOTOfGfOOfdvANBw2PJ4PHKXy+V3OBzcxMSE9N/3R4EDk5OT5fHxccFms3Fms1l6JIGpqSm50+lkcGVzcxPlchkE75pMJm5kZOT4oQL7sN1ur2QyGdAzKAIEQcDw8PAvvV7vHhoakh0o4Ha75fQxvw8z0GKxgOKgWCyKTggWtFotNzAwID0QprIq6XQaZJ/ZBjnCcjwNlScMx+I6NBpNTa1WB1Uq1Yk6TGXJCeCpLBEmBxgdHQWJIp/PQ+OLov31Ah6alvEllQHBQl9f39UDYXIAKkvMnsvlEAwG8S1fwDNbCLb3Ubj4OfT29lY5jmsWBehv/NjYWHVrawskAqPRKGZnMIljdnYWyWQS4VgCb5w8g3cJvlwvkWC/1WqtpVIpxONx+P1+EWYOpqenkUgksKTrwrvb58E3y+C9Kcv4WiSddQFqWVhZWcH29jbW1tYQi8VEB6z5SCSCj6+e49OjK9jxKFGLeFGxPsDivUt7/uvS+6IAlZWdn5/HzMwMCoUCotGoKBIOhxEKheC7dRbfCYa6Feg4CbxswlfFNfhuSD6LAjRZpwwGQzUQCIhHx1ovlUpYXV0Fz/Oi7dqSHX9exa7TtC+t1Y9Rp9M1Dg4O5lhmdoQst9frBZW1Q5mzZcMdgKAfjxtQoLV+VwLqIfXXINFkNfb392dZflZgT0/PTnd394W5tjMvFtov/sx0NCH3RIZE+zG8bZXueVskT/8bZaVS2ahQKLIECwze3//Qdq6T/phktum+wWC2/xtU6N71e0LFhAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAITSURBVBgZpcHLThNhGIDh9/vn7/RApwc5VCmFWBPi1mvwAlx7BW69Afeu3bozcSE7E02ILjCRhRrds8AEbKVS2gIdSjvTmf+TYqLu+zyiqszDMCf75PnnnVwhuNcLpwsXk8Q4BYeSOsWpkqrinJI6JXVK6lSRdDq9PO+19vb37XK13Hj0YLMUTVVyWY//Cf8IVwQEGEeJN47S1YdPo4npDpNmnDh5udOh1YsZRcph39EaONpnjs65oxsqvZEyTaHdj3n2psPpKDLBcuOOGUWpZDOG+q0S7751ObuYUisJGQ98T/Ct4Fuo5IX+MGZr95jKjRKLlSxXxFxOEmaaN4us1Upsf+1yGk5ZKhp8C74H5ZwwCGO2drssLZZo1ouIcs2MJikz1oPmapHlaoFXH1oMwphyTghyQj+MefG+RblcoLlaJG/5y4zGCTMikEwTctaxXq/w9kuXdm9Cuzfh9acujXqFwE8xmuBb/hCwl1GKAnGccDwIadQCfD9DZ5Dj494QA2w2qtQW84wmMZ1eyFI1QBVQwV5GiaZOpdsPaSwH5HMZULi9UmB9pYAAouBQbMHHrgQcnQwZV/KgTu1o8PMgipONu2t5KeaNiEkxgAiICDMCCFeEK5aNauAOfoXx8KR9ZOOLk8P7j7er2WBhwWY9sdbDeIJnwBjBWBBAhGsCmiZxPD4/7Z98b/0QVWUehjkZ5vQb/Un5e/DIsVsAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAF6SURBVDjLxZM7S0NBEIW/fWCnQgyIT0QQDKJBFBRbsRCt/Ae3VRs7wVpIY6WxkqTXxgek8IGIIQRsYjR2SkhAMJoipDAkXNfi6k18YcDCA8vMLDtnds7uCGMMf4Hkj/h/Ag0QDocngVVgrM68O2DJsqx9/bax7vf7fK2tXgCEABBvftU6vuDxMd97cXEZBFwCr8fTTCbzQKViO71J6SYJIdxYa01HRwuA123BgUAphW0b93AtSZVAIaX6qMF7RaU0WvMh4bNVSiKE/EoghEQpiTH62+qJTIzLbIzic4FypYxXdmuwEKFQyPT0dDE0NOCKVxXMiU8SB6Seooz4Run09HGa2iV+fU5Tsd+5QTqdJZ3O/vhmZ7lt5mamsaWNv22K45sdxgcn2NmLgDHm1zW7Mmwi11umFvvJoBlbaDN1/cR8IVdK3ccIHFkABA4tbnNJgFJdBC/mZS2ejNGA5uBqkwahiSbOAIKi3nEeX2wPAPNAI1AENuMb98uviwGZtIAuD3IAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGBSURBVDjLY/j//z8DJZhhcBoQMuUBJxCzkWxAeXl5PYiOm/toTtDEB0U5OTkCqamp/XFxcfvDwsISYOpsbGwUjI2N12tpaQUgazYoKSn5D8QJgRPuqdevf/nKp+MOf3R0tEJISMh/Ly+vBGTL1NXVC1BcADQgobi4eH5ubu59ED9o4r05Hs23WkBsd3f3+XZ2dudhalVUVBxkZGQUUAwoLCx0ADpZAejk/0AnB7g13JTOX/z4lW3pVWmgkw0sLCz+A53sAFIrKSkZgBIG+fn5AZmZmQIgNtDJ+4ODg/eD2Pbl19odK65Ogzp5v7y8/HxxcXEFAQEBBxQD0tPTAxISEhwiIiIcAgICEry9vf8DnexgnnNJKHbGvVcGyedVgE5OUFZW/s/HxzcfJRaATnYAOtkBWRDo5PvAUAa7Qj/xfIV1waUVIDY3N/d9NjY2lMAEObkA6GS4nywtLRUMDAzqgU6uBzrZQTv2DKdX442r6uGnhVhYWAoYGBgEhkBSpqsBAOTifxrCztZUAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAMPSURBVDjLpZPba5tlAMZ/75cvadOmzdI2jTNp03TDJM457fAwmYeLyUBU2EBRmBfzwgvFK/0DBBF2oxc68MKK4EAKiqBUGV60qY4yWbVh2cza0nXFmqQ5NS1pvuP7fl50ThG88vkDngM/HuF5Hv9H+un3vtuXGArN9fcEEngCPIX0PKTjYFkOjuNgmxaWZeEaFtI0sA2TVm2rtF68eUJPDvcVjh0aSaRiAwCo242k8lDK2zOTCqk8pJRI5eFIya/53wZy1k5Rjw/2JqI9PpbXK7hS8kvhFo8ezXBlcZkH7hvFdRSL126RzY5x6VKBkbFhpFTckwgTvWt/RBdiL9XvEzTbio4r6Eg/zY7DzOUVpFQoT8MmiCUCNOo7JBMRXKUQQiDeuTDvaa6BpjyE5uPYRJotO4BU6vYMcKXCVYqknCVRmcYXOsxufY4vF+PoP19ffyUT9c4Nhnt90Wgi5gsERWmlSKnSwHYlriuRUpHuX+RQWhI8fIZw6kFaa2lO1ie3xV8Y3/hg+otH7k+9nBlPEg71kB7W7qDqlL/HaF6hLzxBc3WJ8OABAn3DFGc/N3WAF979ZjQbD5+KRQexJYS6/uZs1n/Eal4mMn4SqzxFoEewnr+BY9oN02g/pj311pQwmq2vMqlYN0IHodHfLfaSN3MYlYuEDzyDWfoE4d/CH+rD61T48Ifg1ENvfr2s5d5/yctkU0cj+yKUWw5SKYJ+QaX4LTu/XyR88HnMPz5G8zvYO2OU5vLMhl5nxUgdB9ABTFtp5XqL1fIupjVEfmaSE2Mlsk8+h12ZxBfwMLeTlOYW+Mw8i7QFmrajA2gAruPgSIXtumwuXODpZA1JnHLhIxQmu804a7mrnN86w8ZuD7om0AOBg/9oYGMYNiNDXeyv57j3+KcsTb3N8k/zdI0eYbdRphB9jaG7h4koRadt4No2dwzW8tdudKq1jL+7l0ytin19mtSRx9muNVhdWGIm8CrV1Rp4myilMNttqhsb5wHEv+/84hMDxsR4TH84m8LzW/NGtXb22XNXb/7Xnf8EvI+SIusIR2cAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJpSURBVDjLpZM7aFRRFEXXffPyJokzmkSFWBiJiGBEDH5io8QmIIqFojbaaGkZSBVtbAOCpZU2IhhRLJSAEFELISIpRBB/wxgwakYnn5d5n3vvORZCjB8sdJeHw2Jzzt5GVfkfhb8O3ANTUmVQhQMi9KmCChMijKlwsXxY4+X7ZrkD98D0q3DFdA11m7Y+NOoA9WhSw9cnyV6PVEQ43X5EH/4GcOPmiLb13wo6T6Ktq/CNl0j2BXUpmGaC5k0YG5C9HyX79PDo2hN6ewlgx02HKtXCtuslCebxaQXsAuIy1KffIaKYYheF4jbmnpyJRdiw7qR+DQBUGAw2DJc0Askq4BYZv1MDycHnPLoPYmPc/HN89pbWLcMl8QwCBAAiHDLte5C0groEFcv+gy2oWNRb9vXHqGSojXGzzwjbNiOeQ0tfEKGH4kokmeVT9SstLdAUOUJy1OXYzJIuepJFWN1RAzK8p3sJoEKiLo3wjpmpORoLOXnqsVawVaEUBuAD4kTZe8qCKiIUfjjwVLBJL0T07G5HXYa6hM+VmNl3RdYYg00MU/UEE7QiPsRmvFl+g7u2NomJulAB9TnqLFGzJ2ukaJLjFhIkbBCu3E5Sq2Jz7v4AeC41XlyIcWWCaD2oQSWjvMrRtGWetzN1qvNzrD/ciRa3M/34QmwzLv0UpJkb5li4dmC0uesoFBZw9af45APqUkxYplDuxbOR+st71F+NHd8xrDd/i/L0NTMgnssreoa6o9VbCZoCEIfLPIvTr/j4ZKTiLGd3ntOxP3YBYOqqKYlnSIQD3tPncnCWCWcZc5aRXef/UqZ/0TcrHX7i2ZbMyQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAImSURBVDjLpZNNSFRxFMV/M40TjdqUqZmCn0GURSSUVFIUVhtx2SICqUXRVqptRBERtGpRC2vVwo0QEUWaUElSRDEW5EekiU1+RKKDOuPMu/e2eM+Xpq28q7P433PP4X9OwMxYzQRZ5YQWwO0no74UNcMAEcDAVFEDUReLwrVTpYElBADFG8MYhikYYGqogS0iUYXB8bnlCsQMM29Bwcww89R4RKqGqiGZFSyIuBIxQ9VbXMDqkhTIG6oTbdTn76LnwSsLpOJNPoGJug8NVBVTvKuu9GJrpza7l3Vlp4lW7GFqaBt97S23fAJHQcVQ76p73cVb6KSu/Du50YNMfuslHEiTu76InE2lUZ9AHUXUfJ/meS7gHYcrBthQeYL50VbCkQDDsT4yqfTvVHLmwF8FDoio71/VyNe3HKv6QLSqkVT8HsGwQ1ZOGTI7TGZ2rn5vc8eAHyRHBBFDVFExsic7OFLynujWRlLxuwSzMqQT5fx8GeNh4jw1zR2xJb/gOIaIm4Hs6U5qi3oprG4gPdbCmrCRmi5jrOsjzyJXiU9FlkfZEUPUCP54zP7CfsSKGf18ByXF7GQJI6+/8DRyhUQwH7EVcuA4Sv/IHEeTbeyou09/60UGurpZW7qbxMQ4z0OXmJjKwXSGxfUL/NvG6+d2Zi6fvRAiKMRePGJ46OtMtCCv7viNnp6VyrSM4OShvGRN5ebQvu0VWNZ8d3Li15mGm58G/9fGP3sKXaMRKZvBAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAABjSURBVCjPY/zPgB8wMVCqgAVElP//x/AHDH+D4S8w/sWwl5GBgfE/MSYU/IfpheiEwTNEm5D6H9lmBLxFtAmR/3+h6YWY95xoE7z/o+uHwM9Em2D7/yeSzSAICdc/xJhAMLIA+V1VH3Z4v2kAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKOSURBVDjLhZNPTBNBFMa/3e0/ty1tiZUChkZAESnGA54k4WRATQxJL2piYpR4UBNvnrwZPXjwiiHRBCVBUMJJ0UrlYtJEjI2JBCkEbLGhWGxh2+5u6W7XmY1LCkJ8ybcz+2bm9968mWE0TUM4HLaS9jzRxXK5fJS0h4lIt/yNtAukfUIU7u3tVbHDmMnJyWNk0rDX6z3u8/lgt9vB8zwoeGNjA7lcDolEAul0+iPxXQgGg8lthFAoNBWPx2k4bS8rlUpaNBrVRkZGBim4Uiz5tNXU1OB/Vl9fDxLkzE6/iTh10urqKmw2G6xWK8xms+4TRRGZTAbJZBJNTU0UgD0BJpMJ2WwWsizr/4qiQBAEFItFfYz6dgOwxl44jtMzcDgc8Hg8cLvdejEtFgtYlkVZVdFQnLInXnVPz/cHrm0BjAxoRFIsXSqZTGX4aL+0MI62didf13Ovw9kcePjlwZGebVswFlDRbPRFf4Gu/DQc3nm4Wk6jEJ+A2dlS7W4ojk3cbuzbAlRGNwBGBryyBFf7OajiDGz7D0JWf6K26wSvFLL9OoDKiG4AKzMT1SqUsj/Acmtg2AIsVWuALCK/UuRMdAI9KnITkUqlIEnSVoUt8jICmMK+WlJEJUMKtk6q5oRW2sT3F3PyzJxwnWZwJRKJjLa2ttr9fr9+DxiGgbj4Frz0Hgc6OqFthsCoOcy8FiRTbkXgyHhsUbh5eXhpjKFpDg0NHSKgu0RBcmQuenxt2jgaO7uxudZP7oELsx/y0udI6pZfll7a7By6BhM5/TFRQKUNDAw4SS2az/rePKvrPBVQ1iOYffc7/zX668bVp/PP/3mNOwGGfXp08r6j2tMnZgpSLJa+c+lxbHS3eX8A58zTPyvL4X4AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHsSURBVDjLtZPpTlpRFIV5Dt7AOESr1kYNThGnSomIihPoNVi5Qp3RgBgvEERpRW1BRBAcMEDUtIkdjKk4otK0Jdr2vgxZ3kA0MYoaG3+cX2evb529zt4sAKz/OawnASgCBNm5LaE7vjVDutkA4mMdLV4TkvcCuvba2Iqd1pDhWA33mQU+2oXVv07YfpoxuNWFuqVXoeqFCnZcgJwRm04p+Gk3Fs9t8PyZx/K5Hfbf03CGLRj62g2+rSR0K0D+vZXUB1Xw/ou5usJWjAaU0Gz3w/rjHey/ZjDLvKTD34KSyXzyBkC2JaYd4feMqyNa3OQTREQePlXjrqSq5ssj5hMjTMd66ALDKDLm0jcA0s+NID6JIFmvQaNXANEKX3l5x7NyqTcb7Zg8GYtCOLoXuPcbha6XV0VlU4WUzE9gPKjF2CGFbE3G3QAmafDnShETF3iKTZyIblcNza4Syi/deD6USscFCJwV6Fwn8NonQak5Hy1L9TAcjkJ/oAG1p0a1hYdnfcnkrQCBoxyyNYLp1YCJoB7GIwqGgxGod/oZsQoNDiHSepNCceeAN8uF1CvGxJE25rofc+3blKPqQ2VUnKxIYN85yty3eWh216LeKUTOSCayVGlIH0g5S+1JJB+8Cxxt1rWkH7WNTNIPAlwA9Gm7OcXUHxUAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALrSURBVDjLbZJZSFRhGIYNRyK6iC7aLiK8qG4MifZuylxaVOymjZQKDYbEJE1nskITEpeCFAy98KIJl8LUyn0Hzd3EbVKcxlnOuMyZcUads4xzznn7Z4JJzQMv3+E/3/t87/n4fQD4rBdjqIlmNOV1zHSJYXk0n7MPZvK27lSrtSNhdKlLkbG53/vC6qoPsNovDTzVAJelF8LqL4icHhJvgGCfAj9bD2tLPBaqb2ot7YqADQBG/22nY0Y1sEZ3QXQaiHTEPAmRHYHg6CfqJWdqSGs0VgbegVIFWxfblfu8AIe6KIc31pIGE0R+hlQKkmAHJKdHkmAjsDG4lmsB0Qrz93hQn27XewHLw9mUyzZGemfIpFlILgsxLXmMHrlo8k1HAI1EFeBNg9AUnOW8gKUfz50iOwuB6YPADpP4ahJ7HMLKCDEMkB10w7XSDN78HpwpCaLDgKmc45IXYGlPNDoX+8n0CXDGF2RCFmxf78NWJ4etNhaWsghwVCYYzR2s0bngDIOYzjvxL4GlU5lt68sjcS3g9AqYiwPB6lOInoLRyklNxlzWDqxOhkGSNDB9ToS2OKLDC7D3ZMgW6+RTqxOlZIEa0B/Oesws9QiMIQasLgkL+XshMp1Y/lkJdcZRnqpKPLzhHtBtysD5ymh6dbwM9qqHfwFkstvM6p5gOuM0eu4eQuslGVqubrc0hfoqNwDcMjelnNSWP5ifKwkD1x4Oce4yRFMQ9PnnMJp8BlzdW0jqRjAVSRiMPyY0B8sSfDZfzY7y1+GFr2LXPhamoSj3PN6kn0LNtV1giRkFkYBiN5DlDzr3IppCfLX/Adx6qZAbVKVlUKkqUFRcQmL7QRquwvrHlr7f/TvSlgDF43s9La2tMJtpDA0Noz5qDxwlsQAx8ak+WCLSy31B9kBtCWgpz465cf0KExoaIgUFXZCyowJc/XFHxDmFP8zP/PA7bhvaImVCY6hv2paArdR966CSTJx1xybV6Da7z/8A2VoHSyUsj6sAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKtSURBVDjLlZJvaNV1FMY/vz/3zrt77xjs7s7mVZNS3HAuFIWwXpRWexEYDANFKQpfyagE8Q8iUfinKHwTFL0wzBcWMWjpCxWJJQ6hHGOSNtzcTYmma7ipu97tfs85X1+s1DcmHnjgcB54zsNzTnDkzPge79ms3gpmhhqIGaqGmkfUHoKi4lGz3/ZuXLgSIDbvO9pXZnM8QX34/dDS//pYzXIAXcOHERNEBWeCU4czoTFTIFedpy6V48TVn9jSsgvntOohAQ/AhuZ3H7v5+JVOvuz7BCdreSCgBsDRs6P3hw21SZLZv+gdP0Hx1gAiijhlTrpASe5wu/pb4DMAQvlXAGD9C3miwDN/3ii/jneRiVKsbmxjzdw2Xl3QxuJcE00Nzcyum2btV68NAcRODfOeOILOc6NEUcjp4R6qqaa+Kk//jT6Gx67gKo5CzVxEhMGi0tVx8lmAUNXwQBwFtD+fJw7h77uX6L/Rx7HLP1KZCjn0xnccebOTcmkaK0ckJzfx8oFVqfsOvEEcwvHef4giePvpj8jMiggCuHmnwtDIXUSNFDk+eGUnW4b6+HlHTxkgdGJ470lE8PryembFAQvyKeprkuSySeqySX648DmLCxn2t39MGISkq+IHVxCbCTEKA073jwEwOFIim4JEmGDfqe1MTE5weaQEwKddHfx+/Tyt74sXJ1dDEZnJIIQ1rTniCBY+lWZ2bZqD3buZsttECeWdr19i0xcvUmKCDe3rWLFsGa4iJ2cy8J4l8zKM3CzzTEOK4vVJdh17i9psDa2LWlBTlixqRr1iXhksDvPLmZ5eFT0abD106aw4fa6ilnaiOFFUDKdGIvsNUWoCEeXiwB9IRRCnhDSOlaf+XFc8fK0b7/3/Yvm2lu6l7zVdeBQfPu7/K9NutavIwKP4e594fYOHzxflAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHvSURBVDjLjZI/aFNRFMZ/Ly+GlCYlaMF/1D+4FQRJREigk7OiIAguHSwUkrkgLhVcpIurQjdBcLAITi4FETpIAw46CGIHJ0tFamlt3rvnfA7Ji2kTwQOXe4b7/c73HW4kCYCnc+engU8M1/b88kaFf1T05O65KvAAuFY6epw79xfZ3XoPwPjkFZ4t3uP37i+A58DK/PLGy0FAHli5euPmmbFSmfTrByRhnV0AJDFzcYrcyQtIuvXm1evrwBDg7FhpgmRnk+CBjRePQQLEltoIsb/5jeLk6QJQOBwhD4AbCoFc5QRuAckP5tzfI9neG7mDPIDc8RDwtIOnnZ6D/6seIOCW9ie7Ij7+mGDfYlB3F4oKfD8yTavVWnJ3zAwz+9wDGB5SsICbkYQc8dgkt+cekiTJ4aELkojjOG02m0t9ACFF5ig4bsLN6XQ6rK2toYFIWV+v1wkh8NeBOR4cD4ZbhJkBUK1WDwizXtIgwPHUUHAUDLcc3hO02+2+eBBSr9cxsy6gO70L8CwChqSRDrLqO8CEp97bgSGL8CgAsL6+PiSURKPR6Dt4lybJzPipKeRC7uRTiH+WkUStVhsSZ3cGePR2dbUMXMoeGXl2KpcpFotEUTTyA8VxjJkRjco2OzubM7MFMzvW+zD94+6D58sfRXpka4kRkDcAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIjSURBVDjLpZJvSBNhHMdlwV4n9CIsCAxaEEQEvSh6ExQEva1eFBFY2YuQ/pERUUZUkiihy47U9WdlrWSzoqW1rW6ZbrY/zoazOXfX7hZe3jZm2+12h+Pb3YpgtUXWiw88bz6f5/d7eKoAVP0PPw9Oal7zZlombGGJHQzlCs+D2UL/2Bzb50kRD0Z4zR8DpCK/jsikj5FAJWQwKQlMUsLUlzwcE2ncJmfILjurqRhwRGTCy+TBpmSEZkT4mRw8sRwCbA7RWQnWsQT0L2iiYuDlpMhSvFSUvYr4/pMANyVgOCp8DzECWp9E2IoBdd+YMrIqj9ICXIr8bjoL6cJ5zB9tgHygDuLO3chu2465DZuQWrU2VRKw+NMFOiHBrcgjyq1Diuycyhblrw87kb7bjmR3G3h9M7jWi0jUrERJwOROsJM/xn8byYJUZMfHDDLHT/56c1GerV4ulgSMQxwxEEgizOWLu6uyLZQpxj7ERRhsNDquG0T7pR26sm/Q7YhrbgzGSMsoB19MQPCziHEFdzSDnlc02k0uTFiuwHpuC99/eqOu7Ee69iyqabGEicuPQmxTb7Bw9k6g0Njji7fojZTXeAqcpw/++40wHVvH3zuyWvdboBIDTVu1T89sNg8TBxF3GuC6WQ/DoRX8XwdUHp9Yr+1tWGO2t+1C1HoVxP6lWFBA5VZ9rbarbpnZcLgW+r3VzQsOqHTuW7KoY8/imrKP+K98A227/eEeskW1AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHnSURBVDjLfVI9bxpBEJ1DKMeHkRUbCWIlSuE0KamuIVUKp4pSuI9cWPwFKhcoBRWlFTBtKij8CyIRIUWWUCQXprdEQcBCCtwdHPtxmVm8aM9HMtLT7e3OvHnzdq0wDEHHhy8/wrOPb+Dn/QwkD0EIqSARnEsoHx/C5bdfMLg8tXRNEoyQQoCUIXD2WMg3X8E34ETKhVkSJdh2Y2JTZBRvCZ8QJCIK8NDzGRzlbGBrEcGr/TS4foBE/1UgaqP7h4v3b/fgpPAMLMmA4Th+IOFP4MH3u9/UpPZPgq+fX4+8FXNfvni+pxRJCdrk1WoFbH7rvjuyR2aNpROGw6HDOb8uFArFxWIBy+VSERASiQTYtq3Q6/XGQRB8qlQqNxEPGGPVfD5fnM/n4Pu+mlWoW5F0Bq7rqv1SqVRENdWYiZhUJjXUGZVsuxM0med5kM1mARWUYx6s1+sDStbFpgfm/6MfB7sItsnm9+magAri7wA3Z9pQPbuWr9eWZSmFlLuLoE/zk9O6qwnaS6fTMJlMSG0/RoBz1QeDwTiVSkEmk4l4QJ3JvGQyCd1ud4wE9dg7oGi32+eopOY4TjGXy6k9rWY6nUKn0xnjbV00m82rnQQUjUbDQZIqdinTzZC5WDRD9BH1Vqt1Y+b/BXpYxDgsNaz2AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALvSURBVDjLTdJNaFxVGMbx/znnzkwm05lJ0xlm7FeIbW3UxDotVoOEFkTMotKFK+mmOxfdRMWFggutOxGquHOnBFw4CIq0WEEsihJNBEWKUmuTYMjXJPM9c8+957wubNM88G5/8Dy8SkQAuFhdPg1ceXBoYLIbebqRJ/KeXuwbQAvYBBywDdSAT4CvA+7Gx/GTJ8p7Jl89U2R3Otbnu9bnt/vuoI2gFTrubLa5+nfnWWBmN1DKJRUAy3VHQikCBSaAVEJzOKUxWpMwUDmYZn8+M/zR3Mp7+h7goiiXCSD20LKKRgT1EBr9/6/Wg/W2A+D12SUmRzOMFxLFYBcwnE1qOiF0+g6tFQFgDGgDBoVR4AHlmvx0e5uFpcbKfcDaUj5taPRiuqGgtWA0aKcwGgyCMYAY1poh71+/1QQu7lSIrR0p5RI0+kIMWAHrFNaBavxCZukdbNjCC7iEI7Z2tHrpiev3N7DhSDmfomMFpcEohQaM75GrVSmWJkhvfIkIxGGIs6ED0ADTl6+lcXEyldBYBxoBPIInvX2V4VKF3AMVzNo3dGp/0u5049ja5g4Qh7aYUqDvjoSAApLhCgOrX5EtDOGaX1B+9EXWfptFbH/92pvTsgM4Gw4GeAINRitQGgRSq1VKx89Df4G5j2fZM9Sjt/wjj6d+796rrqdmZguxtZdPjx1mtSncWXNstRyu9ivDqk52bxcf/gPice2fGT37Cs9kvy/PfTCZBTAHTp57Xpx7rWejxK0NxeJqndv/1ji28SFHTkxh/AISb7H/kQLiuyQHU6STx5P1xfn+oadf+i5wUXTy/NnH0m9ceGrn/zf++Jze1gSD2U1cuwbKMF+9yakXHsb3/6L40HMs3ogu3Xh7/DNTnpg+ujefOVdrRSytd1hv9mn/8BajZ15GBwaVOIQeGONAZQo9MIZKHiHIHCOZPZrZvPltSVUuXCkAM8AIsA/Y9+74p6eMRFq8KPGCeA/iwYN3sWhxVnnnRWT+P1A8aPl/RBTPAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAEsSURBVDjLY/j//z8DJZhhmBuQvdj8a+p8w//xc3U5yTIgeb7h18bNUf/DZ2j8958qz0nQgPyltv9zF5v/TV9o/Ddxrv7fmvWh/1ednvi/ZLX/f9d+8b+23YI8eA0AOvn/hnPT/q89OwWsccXpCf8n7Cn5v/B41/+MpW7/TdvZ/+o2M/LjNADoZLDmvl35/zt3ZP9v3Zb2v2Fz4v+mren/Zxxq/h+zwOa/aj3DH5wGRM/W/L/y1IT/S0/0/l94rOv/vKMdQEOy/k8/1PQ/banHf8VahlfSlQwGOA0InK74z3Oi9D/nftF/1t38/+LmW/2fdrDhf9Jit//ytQzPJSsZtEiKBe1mxq/xC53/y1czPAFqVic5GoFO/ipXzfxftJJBkeyUKFzOwDm48wIAh5XH+g7drOwAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAF5SURBVDjLpZMxa5RBEIafvdu7RPCMhYLBxCoiaqO/IHZWNvkBooh1WrHUwk4s0sTGQrsQwf9gK1gpQoJoY++d5Ludd2YtvlwuaWLODAyzsPu88zLMplorp4n85t3W5vLS4sPc6/VqgMKxIiRRJEoRxYzx2NpajFKMvaaxH993X+flpcXHl169SAv3P/Gge42Nm2//2TUlOH/ubO/p85eXc879dHF1lfmrXe50bgNwfeXKsQJfd37S7XZw95TNxa+7a8Aa94BxKXz+sgOA5JgJuWNyJEfe1m+7gUvkGsGtGyv/NcDt9x8uZCkA2GvGM8Fn5ueIGmR3B2Cu3z/yoNbaJpWI9uwR1NreAXgEuZhmAicJEO5kk2YGD5qFTx1EjRODk4gIsu0LuMeJwSMCxexgIIfhduPSsQI1gjwajYZN0wx+D/8QEfsC00kfdjMxVKn0cwcPV1p/8mx9MFh4BJ1BcU23T0JmyA1JuBlyx2WEO2Y2jPCP6bTf+S96U2WlbWXHPgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIqSURBVDjLjZPNi1JRGMan/ooWDbSKNq2sgZqh0UgqKVoOU7OooEWLgZi+JIaYGolaRAS60JXuxJWoIC6E0KAgAzGbCqpFmua393qv9+PoPJ33THPHcYy68HDPvee8v/e8zznvFIApEn8Octm4Zv6hQ1z7rbgRgE3X9S5jbDgYDDBJfB5er/flKGQUMEPBiqJAVVVLkiSh0+mgVqsJSLVahc/nsyDbwfsIQAs0TYNhGNDevIX29BnUxx50u13U63UB6Pf7oCR+v38LMg6gYCOdhnb1GgaeVajnL0CWZTQajT0lCU/GAea379AWFsHu3kJ/4TLUO/etUprNpthJpVL5C4Ax6I/WwVbvoe9+AMazMvrHzSMI7YT8aLVakwHs8xdoS1eguC7CeJUBa3fEwkKhgEwmI+pP8/Ly+fxkgP78BZj7NgYP3ZDn7FDXPGJhKpVCuVwW/tA7HA7vBawdPrJEmZl7hQc7IJ2YtwCxWEyUIgzmCgaDuwF157kDlVOnC+bKMmS7E8a79zA3PsEs/0Q8Hkc2m4VpmkLkB5URjUa3AMpZ1+uew/lVmnMw/cZ1qOtPrGOirKVSCclk0gKQQqGQOFYB6NnPKPKsfdNYvgnJdQnsV23XWRMkkUig3W6LMSkQCOyUIJ+ch3R8Fj+O2j6YHzc2J/VAsVgUEBpHIhHkcjkaDy0P/hh5jBuk0sQ4gO4AXSIa09b595Cv7YnuHQFME+Q/2nlb1PrTvwGo2K3gWVH3FgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJVSURBVDjLlZPbS5NhHMd3tbvyov6HIJRuhKAFgRci5GXYVQkG0c6HJGvD1FVMjdxC22wlQ9iG7uBh0rtDmxtb77vFoh2c7KgMtiGbU9xdgezb3hf0Ii3cxZfngef5fn6H5/ewALD+Vv8Upeh7HfzdM+pb4QwT7PPunOg8M7tlPh63JtE/4UM3f7WnLUDL3NE7vgmFKYbeF050Di3dbQvQSrvjzogTIm0Yt0WrePp25VNbAHcgrLopXMOgyo/uR8v4bAnAbrdLLwSIRCLK1HYaHKEdnQ9MuHZ/Edv5MpYcHljc1K9Fgvo+uxqanLYEr5wBhMNhZTqdRr1ex6jOBz8VxzONC+VyGQcHB5g3rcFGZWH+lscrc9ArWdjseqzzXWLMFEWdmnO5HEwbEYzpvmKZ+IFKpYJSqQS/3w/l+4XmlCXYnHGmMfTBOzyg9lxmkSQ5RpsbjQYKhQKy2Syz7u/vM0Z6T5+73W44nU7IlOrmS9tPPJn3VfsmXVdZLfKbra0tVKtV7O7uYmdnh8mEBtCwVCqFRCIBgiCg0Wggk8ko7sdNCMwJ3JogRpgSHA6HOhqN4ujoCIeHh6jVashkMkgmk4jH4wgEApibm4NUKqVEIhH74awXrfSPbyi+dJ020Wg0vguFQtjb20M+n2eixmIxBqDX6+nIpFAoZMb63owHHCXhOvOMWq1W7fF4UCwWQZdFN9RqtdKRSYFAcPonrj/fGPznIKlUKvX6+jrTfZvNBolEQvL5fPaFJ5GWXC5XGwwGiMViksfjtfcbT9Rq1gCXy/2vmdYfaGviUGKvapgAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJaSURBVDjLpZM7aFRREIa/u7mbNW5IjEQ3WQlBIkaLiBYWvkBi7H0EDGgjaiNY+uoECwlop2glWGknNnZBIRKCZMWooCz4Im6uya5iNnsf555z5lishYVKwCmH4Zv//5nxnHP8T/l/al66X3VWhNSAtUJqBGWEe2f7vBUBVCrs3bIaI4I4MNbxaKa+cgWxFlIrVJcM2jo621poxLJyQBgbUiMkWjDWofwMy7H5M8BdPt9MUQSnDU4boo0XUakj0Q5thFVZSz2x/1BwYARE8KzFs5blWUEZR6ws2kJb1lH/mwWnDZ4x8KIERsO27TTilEQLUdq0kLR6mFj/BaDSJkAloA1ow5JyKC3EStDW0Z4TJBTOTZx0OjWkqUYnGqU0viSKjDGQKNCaJIoohDN45a/sKqyl/GmRSIZpTVN6ZjZRXF9ksbaI35Pj6dJjfIl/bVYKrRQPXr/h0JZ+jh07QRiGDAx8YWLyGQf7YPTwKFk/SxAElEolzDvwJUogTSGOmap95/1AF0eHh7lw9Q7fPpco9vYwNDSEDgNuXL9BEAR0b17H6SOn+Dj3Ad9FMfyyMFtfJt/R0Qxn63Eab6cYGxujq6uLRqNBtVrl5u1b9O1szqzpWIMvUQxaw+499Lx6zXQQALD88i4ZTxgfHyefzzcPLAzJ4KGfR9AHc5UveFdGrjnRBqcMdfWDSqHCjv37KBY30NmeYWFhgXK5TC6Xo7+/n0KhQD1MmK9UeDI5jff7Ow8ODrb09vYO5fP5h8VicV0ul2sBMrVa7QxQ6e7ufghklVJ2fn6+Gobh4Z8+rmPjNq74hgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAABjSURBVDjLY/j//z8DJZiBagb8y8/+D8NgsVXF/+EYyP9wNf0/DA9SAygOgwuvN/2HYRA/4EzufxgG8RM2vP4Pw4PUAIrDIKJqw38YBvFvzr77H4bBaso3/ofjwWnAwGcmcjEAc0v+JGPFQvwAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJFSURBVDjLjZPPS1RRFMc/9703ao40jqbkj9EkjKBFQdaioiCKskVLqXWBJFTQIqJFhYsIgoRctG3TPxCIoFCiCZERUisXplLa+IPUkcZ57/44LUanMYX6ci/ncjn3c865514lIkxMTIhzDucc1lqstRhjCrZ4aq0LtqOjQwUA1lrq6xtZyWRABPIDRBBARAprREgmK+nv7wOgAFhZXeXW81H+R087jxFF0R+AMWYjJDSmmqgoLyFVE6esNCCnBW0c2oIVeP9hHHFCGIYAeABa63yagFKKbM6QXsmRDS0iYKwQGUdo8j4ibM1Aa43bzE8plFKsZQ1OQirjMYLAx3OCbACcuO0AcXmEKoKsR5ZIO+LlJfi+h6fyMcTtAKCoBKVUHgKIUmRDi/Ikvw+4v0uIogjP9wCYmZ76Zxf8wN8OKIkFPLl+BGuFWCzGwvw88YrdiAjLy0skvw6THXmF/jFD+mEtDWX7twCeDQ29PVP0yqq01m8aGhquGWPwhl+O1ZRn2o5fvaFKWw6x/nmAxMigGzwXu6k221esnp6e28aYyydPnT6bSCSZvHtCznfdV7smh2D2HSQqWQqa+TQwMhUUH+zt7a3RWi+0th6gqnoPRkM6vUg8l1Fle1vg0p2Cb/CoDt+pfVsAYRi2pVIp2tsvYoxBRBARxmrryI73EX/dRbieJgusZXysz9y2Erq7uz9qrY8W/8CDq1847H+juVoTeN9ZWzRMz/tW5+TBjnewk0avNN379XOu07eq2foyK/DiwoB5/BuCJmv1SL6PpQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKASURBVDjLpVNLTxNRGOUH+Av6O2Dp0oVdGEE37EzcmHShiRoCMWqDJiQSI6QjREtAHilQU0lQ3hawjEUM2pZSOn1QHi0M0GmdDp2+oMf5LnSsj503OZubc853vu9+twZATTUudcGgoU6DUUPjOYznd4Y/+dXCCxpqW97JJsfnXW7ZE+bX1jcknz8gLa0G+dHFGNdkT5mIQ9zfDM7FF4dde2bfRlQQkzIUtYjSaZkhky0gcZCCe9Uv9M5EzcStmFQMaknsD24quXwJdNTCCVJKEZKG4/wJu1PUApZWvIp1MkQmtcyA+qLYVLkiPpILOPhRgJg+w146j0Qqr5vMzLuFO0MitWMggzoHv8NRbDo9c3Fcf+rSce3JIkND6wJaBkOME4ztw2Jf5khLBkb39xBPPVNUEjnXJL1qXMphN5nDrCeJBrMTcraEw7SKvpH3PGnJoNG7ti7RsJKZIjOoFsYOVNzu2cD6roL6xx/ZXaF0iiHbiERaZuDx+ZkB9U5x57xJRozsZ5m4/tEs3rpFZrB9lNNSFNHXP6gbGD99DfBpJY+MWkLX9A4u3xtlxIGFBBNffTiNKw8mcP9NkL1MOJ6GxWrTW6izOSPcdiKJchlMuHWosuhRUcWzsRgz8MQyCCWyKJ6UMf8lAHP3hD5Ew93hI5PTtSJIco5NmYQEaiG8l0WbYxPfojIrENGqd74aEG52h8+esbJIljGfeXzWpYipY0ZMH5f0NLRMVDkcT6HDOqw0WyZ/LVL1KrfbVswD9nFh2RvBtiizmVDPgS0JUy4f2i29QlPnh79Xufoz3erZMrW+nuKed/Xzlpfd0otOTmrrsPLNHQ7uBhf892f6n+/8E/bIBuJgfmmXAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJqSURBVDjLpZNLSJRRFMd/M9/okF86IONzClciCRNGZS/BFoIa9BBDrSSC0F2rIFxZUAaDrWrXoggEqVBxHRSmofighUk2jEXjPBxHRbQv1O8+Wozo2MrowuFy7uH+z+/+OdehteZ/lgugZ3i1U2vapFaHlFJIBUIppFRIpRFSpYVECo1UaqKrtbTSBaC0vtNYme39l84PXoeO7hBIpbwAg99fIZRASIGtBLa0d3cpdmodZ7qwbelOE0j5cL389r66WxsCW8hdD6RUAPSOLO5L4NKJXLbSBcS2AMC1qnzefErQdK5g56xvLEHj6d18aW1jL4EtFUprXAb0jS5iGE76xxZxOMG5fWlwfBG0JsMFR3xZbNl/PUEDLsNBQ2Ueg+NJLlfm7yFIz0OxNYRQewm0ApcTBkYjRL5NEhiaI9+bS3Qhic9fQ++HX8yN9eMr9LK8vMKBdQ/V1R1mSkAotNY4tWB19h16fZ1bN1uxLItIJMLo+Ec82SbNV69gGAbxeJzMqSlWcnLup0xUKZzQzCTxYIjmG9d48vQ5s9MTFBUW4vf7Cf/8QXf3BPGFBY4dP0VtzXnC4XC7E0AIgQbCoRk8OQcBeNR5D2HbtLS0UFVVRX19PXV1dQjbpqm1HQCPx+Pe9UBryksPM/15MjWqDx8jhCAQCGCaZmqALAulFD0vnnHxQi3RaHTDobXm7suvI8KWFavJeXPty1vOnqyg2OcjK9NJIpEgGAzidrspKSmhoKCA35uKWHTeHh56P+dI/85lZWVGUVGR3zTNgeLi4jy3220AzqWlpTYg6vV6B4CMzc1NGYvFkpZlNfwBMWlOUI5ySkcAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIzSURBVDjLpZNPSFRRFMa/NzPaPNSpsDQVF4JUi3YtomW0MBCchbSxhS3chAS6mJpFBYmugpjSRS5cWAQFSUmBGIYiCbYYbOyfOAqKgwgqRNF79953zzktxoEspyAvnM095/zOdy/fcUQE+zmhYomOl23J9mcXw/8N0J5u8z09+C+AU3hC58Tl+kDbVqODpkCb09UVNUeNMciuLt0b757q+ivgyuv2s4EOrteW1cZj0YOIlrpw4ECRxvsvGWSXlvpme9M39gKEN84s1xtt+o5XnojXHapDAAsWxpa3BUcc5NZz2NzYfLf+NV567lQs+8cfKN+0HnNr4pVlR6CshlYai6tZGN8inZnD4kJ2YO7ux2sAUjef5NzfARHlqabyynIoq/DN+47x6fE1rYKRQJvzRgfpD/cXrgIAszSySAJAz24Fnr7wNjOD529eYGxyDL6nR2Z7093KN0+1CjoKhcwMIk4mhlcadkkQkaLxYNJvGJjwRkUEiYcr0v8qJ11Dy6O/1uzpg6Fp5Q5OqVuW5JMlaQEAIoYbBg6XhVs6BxebixppaFo1W8Z8VYVz+2R1xLWU94klxg9FiIYBaznV0f/ZBYBIoXF4RjdYklTMdVoqDjgoCQOBFRDn89YyfMMgZlTFShrXtv0EgJ7I41njWpKEJUlWx0JueakDQwITACQAcV4BEUGZEAqKiDh56U7mUcSSzFuSRsvA6jbBksBSfjKxYKcflhgr2wpMvHMvLrOknP2u80/X2WfmmbX8IwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAG9SURBVDjLpZO9apRREIafDVuIhMjGhPwJukashNjoNdgIqQQbG8U7ECy0i4UXIMQLEKxtrCwsRMRKbBSCoBhQwRjwZ3e/M/O+FufbTYRYZWA45wznnXk4Z6Zjm8PYFIe0LsDDG/1pm03jy5gpAzbIxga3q2wMv2Q/uPXo8wZAZ/P6qVmbrd7iyd7cUh86HWhFMvvcpKBE4fv2B358+7Rx+/H23a7Nq+PL/d7c8ipf3r+kjH6jhDSkTAjCRoISZmbhNDMLq4S4c+/K8rmu8fzahYu8fvaEwc+dKm5FIZMJIVMSIsXu1ltmhw1nzq6x8/XjeteG+ZVF1q/dRKMhVqBInElG4igoApXxPlEJpo4t8eaF6drgEIPdd6j5g0KoqCYpSRShkq0LlZps+ugJZOjWxxEuSQ6zVohETZIh1LTiNqYQGTVmtwQqiUZBjgKVICfVsj0Ll7GwpYvcI1AkOSyUYTkQN4twCjWB0jgryYTAjYhRkIPyH1zVilETOV19QlCSHAQ5bA7GTaEUDuFxZ9EmsCGLOLJyvv5AGmvvstVWlGt/7zNjOvevrjy1uST90+8Hz4HBVYkrwfPOYcf5L9lR/9+EMK8xAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAANvSURBVDjLVZNbbFN1HMe/p+d0be3p6Lr7unWMbuCQbR3FQWAEyPASkYe5mHhJTIhhPPngDAQTEGOMIZBpFiKoIWiIhAdgYxI14cFEo1M6O+Zmx1ob2MbYhbEb6zn/y7n8fcCZ7ZP88nv7JN+HjySEwDKfDX6oMpO3Uc5fpJw0UM5AGY0Ryn+U+dZP/OI116evB3WsQFoWtA+c2MUM/vVmf2OFrLhhSBYKPPn4Z3wInYnL54LSF4PcMA9zbh043xr+eZXg9F/Hm0POys5cbwke8Fn0Z4YgCwe2q/W49MdXcx6zucEn7Y01VKqBxMhjjE5mXrlypLYLAByn+o8HKKcXC9QQ+jIp/LLwOxaMRVR6yjE9dR+aRo55RdN76wvcgcIcN6qKVRDCLz5/tCcAAA6dkbaof5eaJuMY0pPQTYp8OQCVOnF94Gp/UD5zixKjtbLMi+EJikC2C1WlPpXqpO0/gbZPdrowmBkGNxmyHSpqs59GLPUbyBJ9x2BKR2SdT+aGjfFZjtQUQ1GuF5TQfU8EhG5kkgkHJETUTWjK2YGpu6OIp+MXQt5vSghh0Rp/EsFHpwC6iLFJBpeigFFSAQCKRnRS6M7LavRtwfTEfZzra59jGu84Mb//bHIxrvy6Zu3dAq37mdLwDtTP/oSbCy+BcQWcUBkAFF0n93rv9ERu/N01wwg7eWSy9ErTnPctoSeSO/X4buf+7XklZVuQXVyPGtcHSPvq8OBhITgj6ScTNPJt98C1Q+1j4fqb6Zpg04x7yCgv+9iS5cBCnRXelns7z5fnh/X4O5TXv4md6g8YSY3BYOR7AFC60pELQicnhU7OGOHyLCNcDtuyoNwexFIV3g7VviqD9iF2qRvbDr6PPNIL76JJTSO/AwAcIqMp9lLmDbY1msWrKkCSw7A1At2vwxWKvOzL0WGze4CwYWV6UbG7DYdqYrPXmzspADicn5+dsZe0A9KtOJAYhrOoGBbJYG6TCX8oAlsfgLAJoi0bYPMJuN0prNvcEjQZf3dVC0uNe54TlH7Jw2srFqslOJueRdF6D6xMDEJwxK/dQbSlGpK8BvC8gD/PH3sobHuPtLLG+eo61WL88Ghr9tGNBy9nyY4RCHMegFjRnwOyZwOmE/1I3fjo6irBMj2no4+EZT8lbAFh2ytO/P9h2xBCxP8FbMDM8CUkkoMAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAMZSURBVBgZBcFLaFxVHMDh3zn33Dt38poknTSJTVva1LaKxpQ07UJLKlQRTYVUcKNCwWUtCuJWXLkQxIVCl1kIIaCCG0GwXdgkamJS0hLHWs2znbym05m8JjP3nnv+fp8SEQBe+fT21XRT6h2t6ANCQAGgAFEgDuvcfLkot9R26ZOxG4MRgBIRAF7/fGLs2+t9z2itmgU8BAAARACEwm7MyHSZ9ZVaJTd3v3X8xmDNAABoT50KjNf81yaeVgoUiINEHNYK+3HCxacbOX/SMOkKdeJOlwY++KnFAAAotdQ0/PuEV4qeUE0snvg0+Yfp6XqD+rAdjQIcnU0Bg/2d/BKspxfW6oeViHDlm9euvvTsueGXT14Ev5WNSsjufo2NJzkWV6c4f+x9WjPddDc7GtMeKd9QqUa8+9WM9f5sGLsw0Nv33atnLnmSbqa8H7ARBcwXfKCF57sCbt0d5anMc1RshpVywmIx4njW5/vJtUh3tmc/7j/WG/yjEwqR5b8tw9/5mIe1efIHbpNvzHO64yCTuR9IBR5h4BEGPoIGpdGHs50XSiZiubKK5xqYXdwlCUvsHv2NOTPN1KMchw50UCwv4BtN4HmkjMYBImAC46fL1RLFxGeiuEdp2yMIY1pSLxBtHmX/8R/ICUecRPieAgFBkThIHJjt3Z3iKcKuOtvB0rrD+S0s5QP2ZqAuzNLeukZlfwctKZQojAYHhD4kVtC55fkfo60qtfI4qdQKKooIwibCjCXVPMXxTI2Zfx9wpK0XAZyAAL6nsZHFFFe3vvx58tc3L53tP1Jo81mq1YicQRpX6c4+pFaGO/kM2Z63mZuNcQDASIdPXHOY8S+mls5e7728+djMDvR56kRDiE0CGrOWuwtFVosHeevyZ6TSGURABO5tWsQJcdViAKa/nr137sPR6nbhQfrm8ijOWYyfhvoXOdTzHnPlOlTZ4gREK7RTGKOcTZw1AAAublv/aGgouxdLvYhoBBwAkEk7AEQg7SuUwvme2kmsyysRAaD/2s1rNpYhpdQZQeoAABAQQBAAEACqzrk7Gkb+B+5ReIstDYkxAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHlSURBVDjLpVPLShxBFD3T3WOUUUGYByhkI+50o6Bmo3ErAVG3Qvb5giyThets8gmC+DYQzEaGBMUnBhQRJAEXQuZJ8Mlodz28t6rbGY2b4IXqU1XcOvfc01UxrTWeEx5/ptbOssQzILVylVKQChCMkucagrA6JKTQtK+uJyc6Gg2B0npwvLfJ+Z/KH2Z+J+4VEJs5nFh4B3BLUhCrBILAzv1bmvvAbWD2rt9nCSRqCCIfCFtTdFjYoUVIwgQ0BJEc5UxmIGoJuGkTMeBPiQ4qq4R8MEpkhJSSyZhMPyQA/4XP33L6qhLoKGbW8wZnNwoG5zftennLYum8ot9+2uWpVRBQBTISc5tFsBmu62BxqwjPBb7sFNFQ52DlZwnxOOFeAe3pevihB07UArvguTGMv0rDo92x/jQoHyO9aZM43J2y2GNbEEJVCVgBt80Hv+5RJdLFFR0nZpAjwqXtQmh3LQGxcT9xkvymJ/WwIiEridajfVZB4oVXJeBbx+FSxdX98oOK2YMyAoV/lER/zrP9COsB0Q11JfH9sIzXnUn8IBwkfBzHp+dUrOYtGA+ohc6Xjcj9raA904CT/BXaWupM8lOhwssXXiR98XH6V7NPRHzDeEjyJTCPRzxJcHZ5kzdX77nP+Q6ZHT+VaotBJwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJtSURBVDjLjZPfS1NhGMfPXfh3OG/E/yBImNkqrYGCzAthh+WNgXihwQYb2CoYukGwsdRLoYUWQbRAhqzc2Q91IrrVhlhLqznL5Tyb23m3s317z1szBzM68Lk47/N9Pud5XjgcAK7OVfM7/a2piE87HalRoLVHStrp1VKvLVi7fE9wns/WaXi58UgoH4kl/CxIyOZ/cyRKSKRFmF/tw/B4p3jl7utLFwp6baHiySnBxheZUkHkM8HKrgSpUsVGWsaDN/tQG/1PLxT02EIlRbBJBZtfZaztlSF8JEgdFqBMdnh8im7LSqWpYHJysqXHFiS5AkGMfi12UP0zRRm+D6fwxvPI0dWu3Q8QvV7f0iCgzQZKnl4WjqkgcVDDeyrYpqLoXoWtsbxTpLUyrlsFDA4O5vv7+w1MQBu7Z2dnEY1GcXsqjCwVJDM1JCixb1Vs0VXCdIoAXSVLBTcfhhEIBDA+Pg6NRtOtCLbpg0wmA7PZ/F8oWUEQMDAwsKsIiCzLUFhfX4coiv8kFAqhnh8bG6txFosFhBDG4uIiUqkUEzVDqc3Pz5/leZ4HZzKZkEgkGG63G8lkEn6/vylKxuFwnOU7OzvBTUxMwOfzMex2O+LxOJaWlpoSi8VgtVrP8u3t7eDoHvB6vQyXywV6Jwyj0YjR0VE2Zl9fH7q6uqBWq9lZPd/W1gZuZGSk6vF42IHSuPD8JZbfBpvybOEFOjo6WHZubg6tra3gDAbDzNDQ0LZOpwPvCqNYIjg6IfhBOcxJSGdL2PtewKeMiKJUBu8MQ6VSKc1bFFPDv8C7ItXhJ2sYdv/lDmOVodR4Z6R6vucXuxIEyKz+W40AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAMOSURBVDjLVZNNaBxlAIafb+ab2Z3N7Oxv/nYTEyv2LzQJpKBgrQqNUKmY4kUIXqUHT70p9iB48CKIiN5E0It6KFiwiv9FpAVpKUggNc3mZ7vpJpv9n93ZnZ35PNRI+8B7e9/n9gqlFAeIVUfPeN3zh0R0eVpYM1OanhvTCEY0f3tU79+ctnpfHM73fuQhxIHAWHnmkOGXPjgZyS09l5hnNv4YOdMhoQmigzqGt4nhfeub1fpnVsl/e+hMv/q/QKy+Me0EO5dfso/OvzB8grgV4HGXJC7jwAQ2oxxDuC36xZ+Rhe+v6iutZf2iqklReNe0tPSHZ2Nz84ujR7ht3iJKjcexiOIQI8SiixxcR7QtRORFlK7O9t0rlyy4KBEj5+YisVeez85wy9zGIUeGDDYhDhYOITYuoh2BvTJ68y7B0GnCym8XGq+KL2U0MrE8Z2SRVhqdPmlCsvgk8RlCkgAivRbUNKj1YPMeeu4wcnjRql7/+jVpyvxsPjbK3whi5LEAB0WWgBRgqwAaFah04X4V7puwdwddz+FXjJMSbXI8aSTYCgU2oKMwEdgCEoDhug/G5SjsmFDUoV+DXJ7BnpiUVCNBaJqEXfDVfwG6CjoKnF4crZGCVvNBug0IPXzPZOCnAunfk8W6ro7H2gK3A02gGoDeA1MDGx2nkYG6C24bvDaMSzq7ZfxBsiC7O+aNDaWOn0oLfl0HMwDlQRCAHYUkEGvFkLsp2G9Bo0n41AiNG6sMBvY1yZr6/JsV//XZZ3WZaEp2t6DvgWFA1QRHQbwjSDeTUGvCiSPU1ovU/typQPIrTV0yrrl3vE+/+8XlaCIgq8H+BtSLUN2C2ibsl8ArR+HYGE0rwvbvRTr96HsL6od1CUDDf+enK92JwT+982cWEswvRmiug6qAr0E4AV4uoFXosnV1g8bN5kcp7E8eOZOYKtmUqm/ZiDdfPhV3Zp6IM5k0SIUBstwmXKvCX5UdM6y9n2b34wV1IXxEcEBU3J4dprU0zODpjFBTIyoIxgjXxlB/PIl1eUmdLjzc/xceOVXddrB6BQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJHSURBVDjLfZJPa1NREMV/972ksYmx0bbUpzS1ValpKVQohgguRLuxIBRBcKMbwS/g2l026jfQpWtTcCEFN+Kii0AoSFNpQUirlFprXmybNi/v3nHxYv6Q6oFhLsydc+aeO+rWs8UX08nYkx7bigOIAGIQEcQImCCLMRgjFEuVt+9fzt+jgdC10fjT00PnAQukdbkra0H7PhcOardpQwgBRIEECjSUxAiiTaCsWyQ9Fqc6CB5dP8P4+DCfVnYZONVDtabb66SG4ywWfjCfcQBYWVEddUtEANjYOeTVYql5/hurm3vklrZY3dwj8EjofEIDNyb7AYhGbKIRm+RgL1++7bOxc8h8xuHnb4/joIrFoqRSKQCWl5epVCpEo1Fs2z62QUSoVqu1Uqn0oVAoPA8dbb9DTrwBI5TLs6TTaUKhEEop/gXP8yKO44waYx6HRPvQcL+vr49wOIy3vo4sLCC1GlYqhT19EWKrUPsKGKzIBM7Q7MTIyMhl++Gd/rM7h87M1i8bFbvCoFKobBZrdxe7XMZaW4OPS+iMjSVV0DVU/Tth26dcG7JVu6uFQkEmNjYglwtW0hgwhr25S8SvHoAyIBrEx05k+Lw9idVlkueB1uD7zYjnivh1C0w9CF0PyNu/sUkwNobSuqmO1uynz3HSPgDjNxp9IFi4rgnCU1N4yWRrAq2JztyEiANiAAO9w6iBue4JXNelrjXRbBY5OkI8DxWPE2zE3dbyKIXnebiu20mQz+cfGGNeJxKJmGVZ/A+u65LP5+//AbkTRxnEop0TAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ4SURBVDjLpZNdaM1xGMc//5fDZqTZ2c6Y9mIkmZelll2hlCVF3FDKlZRyQWJXmsKNCzeLcqdE5D0mL/M2s6HlJSlhs2Rv51iYOZ3z+/2ex8X/zHZJfvX0/J6b7+/zfH/P46kq/3NCgNNt3w6ost2pzBYRnIAVwTnBiWKdTAiHs4oTeX5467y6EEBUd22qmxb/l5ebzn1Y/IfAicQBCi7uBFVwFsSBMdE9mwGThYwBYxhtvIcxbvIEgTEfFGYVg9go1OZEMmAyYLPwth8AY924B85JTsCDviSoRCQiEYkby0AiAUA2J4Cq0nyzX3+mjZ5pG1RV1XOPB1RV9fyTqL7QEdVXOqOc/J7Wbceeq6pGBMYJokoYwMWOIYLA51LnEGEAV58N0T54iEdXBBUh1tXEgrIpZE1E4I+1oEAYeGyqLyH0YePyEmI+rK8rwfcC5lfPxfcD1i5LRF9rZdwD4wQVCH243pXkWeooT1sUVSV8sR/f94i13KHh1Utam0+iRaUsKVwH1OcErKCqxAJoqC2mowXmVFTS3fuJhtpi8p6WUTTcxbyte5lctZD069tMb2vlzurYLh+iqQMIfI+7r1IA9PT24uFx73WKzP0TzF2xgbyPD/BObWFK92WqKgpRT3eHANbayAMfVi2KEwb7WFkT5+GbFCtq4rR+/UxeaRWs3TO+A00zCcSrHPdAlZryqfQPp6lO5NMz8JOywkm8+/wdnZHg18sbFFzbSSY9wC9g5EeAC+jLDZK2Hzz7fmnWSYGxDmMdzgrGCdZZ6ks3MrXzFhUz8gmDGCNJS8+gr4oc9/52nds3lzeODvftCJxX4QL9onBizW175DdAmHVGgBeCfwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ+SURBVDjLfZPNTxNRFMXnX3DhxkRN48aEf8CkYaFGAy7cKImRCAv8iInGnSDGhSFEsJqoUWxABGNQ0zZFGrWRfqS1rf2ype1MC5FaytBmirWK1M7YTofjm0GaUAqLt7lzz++ce98bKh6Pg2EYxGIxRKNRRCIRhMNhhEIhBIPB3QConQ5F0zQkSdpyMpmMAvH5fDtCKNlZFrAsqzin0+kaRK6RFHC73dtCKDmy3Cy7yYVAIBAqFosQRVGpy0Cv1wuHw9EQQsmuG41EXCaRWUEQkCuKsC2tJ0mlUnC5XLDZbFsglOy8EblarUIWfy9JuDuzhr4vgJVd/5ZMJhGwPMLcxBnMT/UjMnoc0SdNHRSZkc/n80pTpVIBR5wHw2sYYoDhOKCZWYf8yUyCs3djJfYOKGbxK2aA915LjvL7/c1kRn55eVmB0HlRcdYSwPNZYCQBvPn8HoX4bZSXTOAcGvC0EdW0G/TYRUGZw+PxqMmMfC6XUyCJHyIGQhK0JIEp7ESBuQWJd4P/dgWFwFXMvuwiI5yHc+TaodoynE6nmmya5ziuBhl32/GTvgFJ8KKU7ITAtmM10YvU2ElYJl/AYDDs37RRsmW11Wrls9ksssxbcMHu/+IOCItn8Zu5iaT2BOzGUVmsUm6h/lqmp6fV5ld95cTH6yT2JwgLXfjLnsMKSTL/tAUW02vo9XpV7RrrAc8u7+2Kf+hF1PwAGX8bSgvtKER68HWYxJ6a2CRuCNANHgVW05gbPg177x54tK1waY7BYhzfIm4I6LvQJJa9j1H2P4S//zB0lw7ArB+FTqdTNXzK9YW25l3Cnc6Dom2gVbTeP+I0DvWcIuJ92/1M/wCZISaoLgB85AAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIpSURBVDjLpZNdaFJhGMcX9EExPVNn3Xcd3Ui3urnJbK4guiioiyjKPFm2QRSINZl2RDuprTZNaTLQ06ajizVhDILW+tpmYxXW6mKNXTSKGS2Xm+foP18vBjLRoosfLzzv//nxPC+8NQBq/oeyRfpAvYXVStMeXR2cWgoWtWT1hEJu+yuBXiG92nNYkg8cl8JfoPuoBEwrhXalOK/bL7NWFXRrqSSrEYNR1YJRi8DoJLC3yXGlUYqTCupnVQGjrIVLU4/RrmN4F7Ph85gfj90GXNDshaOByvdfO7SjqiCzMIVfk31YnuKwnBjE0qswUvMJuNQU3obo7RUFDpUol5qMIDUTQ3p2sEAU36ajSCU4uJrqhIor7NGFt9mVYv514CLWpoPIvH9U5PdMGM/vnoKjSb4m1wR2lhXIW7nibp2q3eCffMK4z1gCP/YB5uZ9IBmZ2rerRCA7OLCFnG/OMPCdbUAu/hHCracQrCMQLEMQbnDI9Y4g2HEEJEOyVGPv1pIJyEV2dBzpoQkIwWfgncPgLRyynWEIbBRZsw+CNwrhXmhDsiEgIxb3vd2HOdqNjDOGdWsY39vv4IvJidXrfqx3sJg7bUOmJ1LMkp5NghVXAMl2LxZNbnw1schc9mDF6MAizWBJb0fyEosfN/2bBS/uGxOkED9nz0/oHeDNkbKQ0eP6LoFkCz2zJW8w/9AgCrXQHq7NNEyC5ehvPv/yQQvtXRgwiCr+xn/hD7c3w4UciyonAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIHSURBVDjLpZPPS9RRFMU/3/GbmhVBWVJGLSQoi5AIM+o/CCowBKVFP3AZ0SKUFlELiaBNhNugEKTIIRFc1iJFs2iRm8QoSiIdQ2Z0Zr4z8969t4U644ALwwuP++57j3PuO5wbmBmbibDvffKeGZ1iekBVEQWviogianjRNUsQb4jqx54rh5sBQjW72dq8o/Z/WO+//Hai2IGo1gIMfn+OV48Xj1OPE1fK4ot33Wd6cE6q1gAsa9DReGND7Jmcx3kpaSCiAPSPJDYEcOHULgprAfwKAED7ub28Gp2j7Wxd8WxgfI7WllL9dzFX3oETRc0IK2BgLEFFRYz4eIIgBrGVR4MTCTBjSwhH62souBIAjwdnLJUtWPxDwszM3qzk1Xg9NltWT/9OWeHaVTMzzIzgYfyndU08BUCjPJrOIKk0klpEkotIKo2mM4zER1GgcX81h253otmImuGhIHR+WQNruwQixHJ5gmxEmM5gmSwWRaS6H3HxdB359g40G5HcXY1UVuFOtljoVZeZe5+ty6xRHoDhz/Nw5wkNeyrZd/k8ms2xc/JTwN2+KVtYytvbL/NmZvZucr7szwNj5Zp8/ZW0hSNNRQ1CJ4qZcfzgdv4sRDTUbeXHbLo4C8fqK5maSZV54db1Xn1RMpKNPuifbiqIbnNecF4QrzhRvPh1zZRcyg2t7oPNjvM/JWOW3I/zgm0AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKGSURBVDjLjZNLSJRRFMd/3/eN6eSDGCeLHkLRy8SoTSZhUfRclVC4Ep1FLcJ9QQUSEUHQqqCCmFXELCrooWFFBRVB4WMi7YVjipqJiWOT4/fde26LL2ea2njhLi6c87+/c/7nWMYYurq69k09vtymxodQown2RD9UM7fz3ers7NygtX4lXrrQQTN25Si7rr+fU3YgEKgOxGKxDzU1Nc0FPa3RolLAgOd5OYEigjEm5x0MBn2R+vr6dVrrS1LWgIMi+fzpfz/Zto2IZN6WZWUEMwTz4q3R4jID4gcAnLk1iggY8BMEBGg5FM6WkSFY2IBjKSafPMsIiEDl8uAfAf9296cA0FrnEgS6H0RLwgZjTFbAGN71/0IAIwYjGjF+D2zbFoCsC2660LEUQxeOsD/WgzEmp+4Tt/eSmkly/mA7jpWHiKRCodD2LEHH/WjxQp9zNvnkzW+IaLQ2pPJmKA9XcCxWy8UDj8jPCxYCzl89aMRBMdHuu3D81m5MnsIVhWsplixYRcXiaqbSKSKxzZzddgfHcewMgf3mXrSkzCDa77gSl92VjWgjaNEIhuHJQaqWbeWnO01z+w7yl+r5fxE0YaMYb3uKZVmklYs2wtfxz3iiUOLhaY/kzBQbl9fy0/vFROTFoyzB67vRojIB3x3SKo3SikUl5SjRaCOMTA4QKlpMx+BLekc+MvqMxhwXbBT9pyPUtX/h8LXVpF0XV1zSymVleD1bVu7h7cAr4sNxbjQ9Ye2iSn8XlFJVm3of9s0PBTEGEokE53a0opTK7EHkwRYsO0h8IE5L7VV+9CX9sZ6d6cia0u3lRfN2DqW8weufxuP/7sOKUzzXxikYa9N10x0Mz67zb4UIk7Pj5YsYAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAInSURBVDjLhZPda9NQHIbzVwlWryzthpWuIpWOieKYZXO2q1vC0KFr9aZM3Yr40QunspU2TVYmYhVRvNErwQtR3E0JTq3G2o80mc0Ql9dzTr/SYdnFA8k5yft78nLCjcxJNwKzsuoOiZoj2GKsi3NS1I7y4hIA7n9wgQvyz4KiWLphwNgyoRMq+jZ+MUyo1ToOR6Ra3wA6ua4b8F/2gL830WF8YRGB2VX4hBwOBEWrnxl3kGzQyXzyLJbfLuL+uwQevr+Jk7EsiBn2MmMBdbJ58UEEKx9vYfVDE89MBtTsTVjA53iiy/XbeD4XRaluwhWSNRZQIYmeay6cSsYxfCmFwfMpEGW4wjk4gxm4J7IECd6IhOW7z/AlkYRaawXQbyuTtCOJAQzPp/bU9gtrLOBHrUECJI3bP5bWypoJx7l9cE+tMO0TsTuIpl90uCq+xJnoEtP2hUV8Cp7G90orwMECGthQd5gynRxLPUWuoOOR8huPN//gyde/iMuvmLZvKgtlfBTFdsBgSNwslavQiOIACaCF0ofzRQv5bzsd6BrV9obSyI8EUCw34JwkAcd4aWFoWn5N00ihFi30+HwaM5LCmM4UGH5SLtX28uvMtlg2mwH2U9UuNHBlDUKu2ANdo9pDwjqqpNQSOwdyrSegXeih0Rh7wQ5da2lbdDI5RBqxT/Qa2ArdUK1ddLV7/gX7jb1QzdhGjVAl10262n0D7IXSSbtpa9vf+QeB6/JTIb6VuwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAE0SURBVDjLtZHPSgJRGMXdzmPM88w+gqBF0KZF0CIIstkkhVhSIGFYYWHSHxKmCSdhYAiCIEJTk4ibNJbUA1jjXDenMy+gzkSLD+7i/s4533diAGJ/mVCfs05fzdieEVpg76avENYJe1uVH4QSIKwRFqUHH3ZzgI3y93gC+VtfJWyc3fuw6hL2k4T1KJG8GiFQuJMKYZ2wZ9YknNYAlYZEmW+zKrF22RsuQFgQBmODOyPYOYgdOAdwwughcgsja1w56WocwcFy8QNLhQ4WD10sHLQxnxOYy75gNvM8PAFhhbBO2Nu1PlF0vrB/3cWO+Y70hYuZ7dZ4K9BZpbOROHWxWeogdf6G1eM2ptONcDdgbI2xRfzoFfG8wFSqHv6IjK3QWSfsTSZr0VsgrE6sV43/qzHK/AJ0lPqXO1KzBQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAADCSURBVCjPvdCxCcMwEAXQAxcuIoIFAUMgqtypcyXSqBIYNy4M0gSZQBNoAm2QCW6DTOBFbg1HTo6QyqW5QsU9vj4HK+wPHAJ88uhxDiuMwaFFk/qksUOF7cAJnmb8+rKmFXiN8sxgpomBwb6A7qUe7e2vw0Tj4qKNJvaLLkDRhRoS+QdGcpxQwml7pRaxpiowcGQZdHilVssoyu9VhsjAkmGgsCEZT1Rv/RHuH2BTqYa6xKlQmqPIda6ekGA47tT78wZ72Oy4vOPLEgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKISURBVDjLpZNLiM1xFMc/v//877yYMYwxjzzKW8MMG8YkMwgrLJRXFAsbj4VkUpLsJMoCCwuPokyShYRhgabbhBg3N+8xpGtct3ncedz7///v7xyLG9NEs3HqrE59zqfT+RpV5X/KGW348+GyaLylftQNRlXpaV2hKoqqLkF0uoquVdWd+VXrUFWGOm+hordV5K6KhsVKWEULp25qN0ZV6X7SqHlV68j0RHHyynBLasmvWAk5YwFBgx7SP8Kk4y/wu99RMLmR3shlpm2NGBdARYvTsZbk+LqLoILafoK+NtzipRjj4sebCRXOJ3fOdlBL4ulJxMqaPzcobXzcL8EgqBAkbhIk7iDpL6ACKOJ14cWuMfThKKjgdXegIs8B3N/HUNGsrvVBAjCCpMKYnAC16WxnPFCLEyomM5SsBHqGAVZAFcRHbYBxLJACE2DUA02DeFkjaxEr8reBZg1UA9AcIA14KB5qA9R6qAqIQa2ERgKsIOLhFMzADkTA5ILjg5O1eBTLo/X7ePqencRPCamhwh3XockZNpAzyTdXcMfVYUITMK7BuAHG9Xnw2dKeKaNheQN7tuyldnE1TORQ3b6qU38AVRueHxjsvE/yfTO55RtxCsbg5AYYd5Dbr5MsnFuLdSy1lauxJqBuQT3A3hGvrFbKBjruMdBxn1DpNow7E+MMEu9LEDJjWT9vPwAHV11gxqQagPwRgKmbXyUyqWR1b7SZ3shVrD8FzG76B7qJxsKceLALgBMtu/gUjwCkzb/S+PHS3HK1st9xxxwpmt3Iubs3eqMlRSX1NcuYVbGID10vCUda+fa577QZLc5vz0+fYP3McfEzTbu/cgzYAxQB/cD5trOxw78Ay4ZsAbSg5bYAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJlSURBVDjLhZPfa5JhFMcH3dX/Meiuv8CBoRdjIvOieRUYmjkzmBaowXCbU9E5U5KhtmX7QbrpyF3UuhDRVFoXgnrhmJO2CSFELaIYw7FvzznU+uGqA+d9znuecz7v9zkPbx+APrPZ7F1YWGgnEgmsra0hlUohnU7zSu+UX15eRiwWez8+Ph6inh/Oj7m5uapYD/F/O45EIu96AIuLi12xnirMT/EvJxNK0QMgeWTX7j+D1pfHTf8r6AMlGB6UYQy9xu2Hb3iPLB6P9wKWlpbOAHrRfOuP5jvhn4DH8SfnA05OTrCzs4NGo4FarYZKpYKtrS2USiUUCgXkcrm/K/ie5MnPzs5ie3sbKysr8Hq9DOrctaCpVqHb7Z4/g/l5TqLdbmN/fx+7u7toNpuspl6vs1erVa55NH8OIBKN8mYmk0EwGMTBwQGrCQQCDEsmk/D7/awgEon2AsLhMAM6nQ729va42efzsVyPx4NyucwKCEK56enpj6Ojo/ckEsklBgSDoTMFJpOJVRCs1Wohn8/D7XbD4XDwkClXLBa5ZmhoyMsA38wMAzY2NmC321ERZ56YmIBCoYBOp0MoFILNZuNYNEGtVj8niMVi+cQAl8vVzRcKp2NjY3A6nQx4sbkJmUyGbDbLN0FXSUeTSqVQKpUXCTA5OXnEAPHV+tSU86tGcwMGg4EBGo2Gi+VyOYaHh9kpFrlTlUr1kgB6vf6w79eJXhYmZDfEsA5XV1c/rK+vQ/xoIGVWq5VjytEe1VDtb4D+/v4LAwMDVwYHB99qtdovRqPxSPjxyMjIdeFXRfyZcrRHNVT7DWZq3D+QvMywAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIxSURBVDjLlZNBiBJRGMf/r9FZc6lcjLBQdzaElI25LNWhSx0kiD1FUMEegyAqakHYS7hG7C261TEQETpEEoRgS7QDRXgQkShmrVCi1W3JUMcZRx2nN4+0kDlsH3x8w8z3/d57//k/YpomJiOZTAYNw9jo9XpCv9+HpmnfFEWJJhIJebLXAZvQdf2h3+8X3G43LEClUgmUy+UH9NPiZO8eO0C73fbl83kUi0UGcLlcaDabQbteWwBtRjweJ7VajQG63S7LXQN4nmeVEMIAI8iuAVQDxGIx0+PxgArJ0npnF7YiUsUhiiKcTidKpRK8Xu//7YA2m9aKsixDVDu4uLONjZMLx3H7Zo7mVdsdpNNpgRZ5OBzyNNn5A4EAzpgD+C5dAdG7pFepRj+nn0bXlpaOpFKpe0wny0jWMK1yOBzms9ksCoUCqtUqO/eqOA9x4QS0nyUom6/R/bUN1b0PZW1qfXm9FmUAStMjkQhPAWi1WmyQum+c/ffPMFPP49jZC5iam4dWyuGD9ApN+dMtdgTaxFPrIpPJWCZigqmqOgac/vgEp27chevLG0C6D/cBD44Ksyhsmnccf0RjqzYaDfY8Gux0Oqzu1xW4fHPA+eW/4q0eBjckwmgHDBAKhdg/t4zzb9V/PIdafInpF9eha3Wolt1bHAwOWwxgCSZJ0tg0k7l4aBoz7yQIB/fCwTnR3hnga53AhPmI2F1nu3h7ObjSaWxd4wwya3Dmdzr1+FxusPYbDlZf5OWGzT4AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJcSURBVDjLfVPPaxNBFP5mtzVL0nhIA4mUmBaqB/WSUy459FBs6amIIv0DJBcR9GIOWqSI9JSjesjFi1eDoNBEsdEaEFsRD0EPLYKxNMREyY/NbvbH+GbdTdOWOvB4M7Pvfe9735tlnHOIZd24znHuAsxiEdw0wS0LtmHAdv3o/Dz4q3UEXq8xDK0RbzOcxIcSbXHv+b6Bw2sfwDAdEFvXnWAHSHh3P3IMgDQAoI+ckhGPwxIgZMJbmgY2PQ1b7VFM/z8M+saKpmnLzctX0AmOQZNlGIJ6uw3lVwORN28RpJhjAbbv3qlyVe2EJibGFDrbtg1PYALGJ1nuqLMz1aVDAEwEVSqVpGma+UgkEm1TxV6v5wAIkyQJPp/PsVKptKfr+mI6nf5wQAOimgmHw9FWqwVVVWHRBIQJANFGp9Nx7hOJRJTYZI6ISEEpwURUNoXqbnVhHli320UgEAAxSB1poVwuW7FYTKrX604ShjQYnD/mwbfy0Ks7sGT+g64eXiyYq46IfRqPFzzsB/ut5zhZfY+zV9PwTZ1H70shVnlXvF+cHe06LRCt5uBJu7179IXvbTzFmZlLULbXwZ4swb/zDJPxcZkzfnPEBdig/heF0s7sDzGRGjUo0Slg4db+/O+dgmyzScmd8+rm5uaeoijw+/0HNGCMgYfCUD+/AChJv83wm6xVqwstdplHPZfLXSMmK8lkMhoMBv+9TpdF4+VjnPi2htPj9E9IVbTrJr7XZMvQ+PIAQKxsNpskkAyJmiILCXGppSbZxtyf0q5S/7ogWyxOlX9S1qO5gvngL9401yPDHgg9AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJwSURBVDjLbZPLb01RFIe/c3pbvdU2RYsmfUS1KrdaqkGQCANDzyZMjEhEYiBiYGCkf4LExEQiDDxiQARh4DWoegxERG4IQkQ8cnsb2rPP3mstg6OlcleyspKdtb71++2dHZkZ24+c7TOzywYljA2GYQaYkRWbSRWPd+V398+d6ALIkTUcNFjeX+iIvn4rYzY9BBlMMYXx8i+mnKGWW8KfyACwqb/QHm0ZaKejtR/LCKhptlWz7S1NddTV5ti44xCzAJjN6+/r5ObTN5RKk5gqADqtwgxTY3xiksSl/Bt/LBDlanL0rOike9F8RMBMUTVEDFElqDGVeC5duVcJYIgoH75OUBNXkyQJ3qUEzc4DVeSqa2ieOwc1qwAAVJQgHuccu9Z2Z/IzdVj5Gd/eXuSF7OW/+b8KvCjiA0Fizt97hfOBIEYsCduar7C0Zwul4iPM8rMA8TQgBCX1nlTB4jlE1XmozlOof0nnkg00tg7Smo7R3jheCQA+CCEJOC8kQUi8kJcv9DJKQ3MTMnGNtoF9bG17TVVcSYEo3vkM4AXvhYI9pK1vNyTPGTt3gfqmKZbVf2R1m6tswacZIA3KAimyclFEw7xJ1L0DU+TnE7o2H2NXocTYqfUNMwA1Iw1CcAHnldSnrJbbNHWsQidfYDrF0HAvmn6mtrbI4MZhgkuPzroDEUNSwXmh24/S2zNIXcN3LPyAqIpnV4uAokmRlmWdiPOHH4ysKMw8I3HMmnUDWBQx9OkuLYXTEL8nbmwBjLX7d864rsovpWvr8YXF6yMnpwF3bt0YPZD9PGNoeZnHZ/ZgapjqrBppkNgkRRUzW/wbVUOsic+TyncAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAK1SURBVDjLbZJtSFNxFIcHgjAQgr6VhBSFIhhJQa842JdeLBMyVIpSSUtFZpIIaqa5UNTpUKebmR82FZmmzpXiHKawhqKUlUVQCEEE1ZfQmFg3n85VLN8uHC738H9+5/mfTQNoNtR4S7iUidHmacYtCl6zwnD1NEMPTPSWhG8+vxnOEzDAZBe8ckm5YaYfnjtgzAI9+QGcuXlbA8ZbghmzDTHRDi965HAzDFYiU6H/LvQWgKsERmuhrxAeXhmi+XLw/4DRZjOTAqsBw9WKgHrR1f6b1JGtxZ6up+2aQo+EOTLBfM60GjBqieJZvcJEp0ysUOgvDaOvKER0jaLrpz3Tjz3NiDU5BFtCGA0XFJxyiyqdQuWJSA0jJjO+NtEzq7p6+gpC6c6b42k5dOVCZ5a8b4M1fo76s6FU6/USAq1XwRht0ojue/ztq3fruaMV3W7cZYiuk5YkHY3xOtF14siQqTHdVB3Xcv8wYgaF4W81oruEX7bszFWbQaIbwHEL0dVNTU3F+Xy+SNHV0RAL5UcClB4MoigCOnIkYN8Pjegu4Xski0lXt6vFmqjqfqPLcErg316v9xdNCWdE9xP3oqDggJbC/atXK967oJHtfuBxPqIbEN1g0Y1Rtyuwg5lh+OjB6XTaDY3JxYbGpJ8ZtRdJNeqWO0uj1QC5gjXZILoZspgdaz+bwDtl8oLb7V4WeLncWjBf1p3Kk1kLM1881I1kkVgXRaohdECz5a8sJXCTwArfX8LXKa5Xnsb1xozrXT3qU+NNp857k6PZuxa3gw8J/EedbLfbfTabzXe+KJrB2VbWPwOvLWrA1ukCewVeFLh1rXcyZ49S7UmjwpOyAlcMp2xvIHCswJ8FLl7fl4PGSzURmDw3Viarb/Vb+jUbAgRuEThuu73I4cpj2bsDqrbUvPqt9v8CPKvGd70s+8YAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJGSURBVDjLjdJLSNRBHMDx78yqLZaKS75DPdgDDaFDbdJmde5QlhCJGxgpRJfqEEKnIsJLB7skQYQKZaSmdLaopPCgEvSCShCMzR5a7oq7/3l12RVtjfzBMA/4fWZ+MyOccwBM3g8HEbIdfCEhfAFnLVapOa28Uevpjrqz/WOsERJgsu9Uq5CZQzgqrJfo9BajNd5irEYn4p3OUiFExtCLmw2tawFi4l5zUMjMIau9u7K+qxeoAcoAA0wDb2OPwmfA16LiiaOHLj1edRLpkO3WmIis7+oBDgJbgQ2AH6gC6jY19N62RkcctKeVIJAhp9QgUA3kJXdONZVcq9JxPSgQoXRAyIDRth8oAXQyKdWnoCKrTD9CBv4GMqx1WGNZkeRWJKbG2hiD1Cb9FbTnzWFdY/LCdLKlgNQ84gyNKqHm0gDjqVHnxDHgA/B9RQkpaB6YklkZl62np9KBhOqwjpKFgeY2YAz4BESBWHI8Hhs6PVVSvc3v98ye4fP7T676B845nt040ip98qpWJmI9PWiU6bfWgXGN2YHcKwU7tsuc4kpUPMbU0+f8+vKt+Pitl7PLAMDI9cNBoB0hQwICzjqUp6MZvsy8yvp95BRuQUjJ75mPvH4wYo1NlJ64Mza7DPwrhi8cCOeXl/aUB4P4c/NJxKLMvpngycCrzxVFG2v/CwAMnguF80oLe8p27cQh+fnpPV/fTc95S6piXQDAw7a9YbWkezZXFbAwMx/xPFXb1D3+Y90AQF/L7kAsri9mZ4lrTd0TcYA/Kakr+x2JSPUAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKuSURBVDjLlZLLS5RRGMbf7zrzebdw8FaSqJAbF0GgRBvptinoPxDKRdDKQjBw2TKClgVJCwmUyMBKydDKS9TCME2tRhs1cZwZ57ud853bfB0HiiAVOvBuDuf5ve/7nEcJwxAOOgPTtk4Fr6ZU1OCAVyBCm2Td9jEdcxG5pBwEeDyZtaRwjAvWSpkAxjkITsGKqJBIuvB903upH9QdE3rd1MLW0gIVCMsBoYq8U8H2CUQNBdJZp33fCe6PbJo+4XZVmRHFhEDKCXaB4Accii0NFlfT8GNt56a6X/er56qog/Cd1aQjRRQictasR8B2EXgIQyblAbX95X9WeDSRPiriz3oZY1pvZ2dH590Z7GB+q7LcjBZHVdhMBaCpEfBsCXDR9p8V+t9lLGlUP7PXLxyJbkUMw4DZ2dm+rq6ujjPdz09xTEZrY8VWYZEh/WAwNxWHwEV1eYDsqsuOCxFDaYRQwGZ8ljeUE31+fr4PY3xFVulM5mQzC4LRypoSy037kEykvuZytDnvAQ5oNSa8scAE0JQcGIeb9LcrJl02Tj+U4gcIoanG8MU35qKzK58SaCux9ZSLoGVxvJvnPfAQrQEQEhTCRhpBYVQB61CNyZY+v6qvrzdisRgMDg6O1+kjbUt+23EpTPz2LA9wMa7QFJBuhxIWQHKHQWmBDrXHGozJuTfQ4sWBEDI9NDSUkc8zf5ueB9gubiqyVJBacBDZXQm2MhSiugZW7QkYfj/NuGi5ttd3a9uxi6bM9FhFmak5fgCmHEXqQFcVEDkBiZVt+edhz8fh7om9AHrWxV5JgWoImXMfE1jbsMHd8QF7AQQyONjxp4UQ9/YLnJ710JgaGucXUi6sr2cY84MeQfmyCOg2p3RD5PjPL69v8H0ByEWXnSR7IoPSzjEt+jDQQeE/zi9kq6pv7shelwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHFSURBVDjLpZI/aFNRFMa/m/eI0eBUBNuYhgrqICg4l0Jra0AFp2C7BMFBdBKngiCdxM2tHSIUwbUIkRpIh1jUVYoUB8HiUEuLUPL+3L/vnnvdooIpqT3jOYff9/Gdw7z3OEqF/QaL69wLY5Eqg0goPL9dZv/ay/UDCG0xMQJcLYXopuLwDmKpIWUIpQhR9B+Abqqw/EkgSgTiWPYFsKOGmDto2Gq1fLPZPFCh56DT6XjnHIgIWZZBKQUhBKSU4JwjTVNwznu9RqPB/srAGINqtcoGsV2v1/2hM/g4V5m3vHvfclGmwG8DWLzWts/Yw/W7nhyBnINzhKXpVwwA7ryteW01lDa48mUPt5KCOT9Vyx8buwj5uY3N92t4ke0iZ8liunQTM2duICPbU1SZwkRpEuOj47iw8RXnpmr5wrd3YC/ncGLrNc5WhjC5EyO0RCBn4TzBEvUAUmnEJkJqElyODQqnx4Drj34/0MIwTglCaMnizdYKyDmQ+wOgFVY3W9Da4FIxgNhYRbH5AFruQgBI4gD7x4PBQvwwW1rInyw+Lg/ZMMxtI/lp8X0voEz5J4NfYXZ0nu/v3AuIVSjwPzywVG3bp78AeAkDORpY/RgAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFUSURBVDjLrZM/SAJxGIZdWwuDlnCplkAEm1zkaIiGFFpyMIwGK5KGoK2lphDKkMDg3LLUSIJsSKhIi+684CokOtTiMizCGuzEU5K3vOEgKvtBDe/2Pc8H3x8NAM1fQlx4H9M3pcOWp6TXWmM8A7j0629v1nraiAVC0IrrwATKIgs5xyG5QiE+Z4iQdoeU2oAsnqCSO1NSTu+D9VhqRLD8nIB8F0Q2MgmJDyipCzjvYJkIfpN2UBLG8MpP4dxvQ3ZzGuyyBQ2H+AnOOCBd9aL6soh81A5hyYSGWyCFvxUcerqI4S+CvYVOFPMHxLAq8I3qdHVY5LbBhJzEsCrwutpRFBlUHy6wO2tEYtWAzLELPN2P03kjfj3luqDycV2F8AgefWbEnVqEHa2IznSD6BdsVDNStB0lfh0FPoQjdx8RrAqGzC0YprSgxzsUMOY2bf37N/6Ud1Vc9yYcH50CAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALZSURBVBgZBcFLaJxVHMbh3znfmVsmmaRJehlQUqE1EQu1xKAuxForgmahFhXsxoXgokZwISKIIEJ3guii3bkQstCFuHAhrWBttRZsiaIlaFNtICbmOqbNfDPznfN/fR4nCYAn3/v+lVqjctI7JoEq4ABwgBzIiGYLrQ1967a33rp4ZroH4CQB8PTpHy5+NjN5n/duSJAhAACQAMTanYLZn1usLHbb13+bH750ZrobAAB85sbLIRv6fZXMOwcOZJBkxCjyInH04AAP3Ru4Ymt9somtx17/elcAADg0utDoLZzNxoqIkrBkKCUsFkSrszhyGqjRbJSZnmpyrrxSu7lc/zQAbMwdyyb3TIVKfS99pd2oiKiIpF5OvjXP8uCLWGU3y5s5Y/0ZlVJg/yMjXPjp7xc8gJLd/fDotaxUG8N2ruN8HUuRTusP1hsv0x1+hnIWuLHhuLIY+e7PNpVShgs+hvWrR8tK9urgyDiQYfkKhC5bi+fo7JvB9jxPKIQyD2Xw5jDLEB6cJ1hKRxTttcrAQRRzyJpQFJgFXHuR8l8fUSpyCgZo730WV24iLwyQICjaJ9WRB0fzjXksGuW+A2CB4ebj5Bu/kIoe2//MoYkPCNVdCIdwJINk4C2mz3eWLn/4xdVG7PoDrN/4htjdoei06LXX+c/dQ3z0PIy9hMvqBO/IvKNacqQonCQAnnj/x3x2ZqLavnCcav9+brdWKcbeQHedwATJwIBkQg4ONz3H373UCQAAFkU+9yalyjCXN5t8WT9LvjYI/0bkBIAEBgDM7itRdI0AAHB/fc6n7Vt8VXuHoQee4pggCZIDEwiQQIJfVyMyUXQiAQBg7c6g+cMfa/7WIaelhDkhHAAmcAgTyDu8OUJwFpPFAACwsNlc7h8ZH3270atL8ggMABisBQAkqJUczmGlzN1O0ZacJACmTp0/FQs955w7ItQHAIBAgBAACICOmV3zMPs/Y958nDUklyMAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAADHSURBVCjPhZFBDoIwEEV/peLWlW5ceAcTvY6ncW9i4pm8hgsT2QgGEFLKdygQkKD2Z9pJ5nUyv1XE7zX5U4euD6WGBTatFVZYwhu5GuDKsko2WWhswU9lPB2xxqRqszU24ZMRUyaiiA/eBbk1iAAV/xLlbo8ZMhAglewsiBLgYmUI4wwRJSxyzFsPO916ndazu/ARClhg0drsPKrGkA/bZHrorkKUE8cBuKI3fMkhAkH4/S+IbjI9Vux/jNof4lmBvowL43Lmb/8gdgK2+FpkAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ3SURBVBgZBcHPi5RlHADwz/POOzu7o21bIWVsiiAR1kYdJOwHdAgKO3QQDMqCTv4XdQikg1BCUnTQCIK6REVdOnWTClIRjAwNCdFy1t1xdnZm3nee59vnkyICAOSTJyu5HCsdR6PESju4fXG6vvFBOxzOVd7r7tn7Zju4vbF58dJnk7Y9VQMAaNu3PbTr03rtyR6hGqw/N/3u+6ct9mYrrx5+cXHfXpHLzqVffn3/2pnPl2oAgNJfPN5de7xnNGK8re733Xf0yCFtq2oKl/+UcO/aE1K3+1YNAJBTtdptC+sbRGHzrqruUDLDIaUw3mbnDlFKrwYAyFujmbZhe8w8kzOzGfM5udDMmGyjaPM86is/HrywuHzgQEoVWKh0ujf2WFjewfUb5DklyC2TGbMpqw+7c/6CzeHdH+oU1WOPPH+2m1IiyPtvWf/oQ/es7ra0Z5Wr19gYkVt6XQ486s6li37/+tvfxpPJido8pkrTm936RG46VMv6x9YMf7rhvzNn7T78soUqsT3R7Fzyx6mPjfdv5eF4/NqRweBmrU0VlHkfYevaOcPL5+nhFa6XL+mhB/TfqfWtdJ796spNqJWqo+oY/X1Fc+cfZbbtgYOvW3nqDUlS5q1mMKEU3fsX1Mv7/HX6GQC1OUnHrhfeJTJRkDWDb8hjZEkjTDSDic6OEwCg1kZEZM2/X6AQgUwUES3RijIhjykTAAC1JgqBIAqRRTTEnGhEmZK3lTwSeQsFANRmUaREFBFzoqXMRJkRU1GmooxF3qJMUAGAOtrSy+NN0oNSSuiITiXpgKRCIhJqeTICAHXMZj9fPf3SIYEEAAAACCSUcg7gf+9HV+4TlzZTAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAADMSURBVDjLY/z//z8DJYCJgUKAYUBE+440IHYh1gAWLGIzgXgPFINBVFTU/1+/fjH8/v2bAUSD8N69exlBcozIYQCyHUgZAzGIdl1R6bGHVBeEAjW5Qr1QDnOFj4/Pf5jNMHzmzBlUFwA1hQIpkMZ7QKxErCtYoJqVoDaGATXcg/JBBnQAsYmdnR2GC27duoUZBuQAeBhERkZi2IKOYbEAop8/f05lF3h7e/8nZDsy/vz5M5VdYGtr+//nz59Y/QvDf/78QcbUcQHFuREAOJ3Rs6CmnfsAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ0SURBVDjLlZNbSBRRGMe/2XRWZ2/D7G4sSuYaKVurhMZaIRbm6iaGERSSbz0EPfTSQ4j0ZNRLQq8WPaQgPfQaIWmUJWwrSYolkW2ul7S0Rrbcy+zM7vQ/EovJ2uXAj/+c833nu5xzhtN1nXKN+h6Jc1Sqma/fhPHn574cpG2GYTuDt9quHbe0U0vRiZrqXvHZfwXoHqnTfaZWg8ceII90jPy7mo5W9Vjv5fLltrZwa6RJLzbVkstWQys/FiiakEng7TQ6N0iD7x4vhK+mSjb7522NmFb56PRqKF+OyYLbcQQlFtCT8H0aW5ygHUTiX1uYX75WL690C/PRScwyZDDoNCtPU1vlKB0ueGBpvXy76o8BTpUmu1x5CpGWT6Rn0CMrk6fIdIQcXJwaSjMXfjuDqampXk3T6gGpqsqDMq/Xy918eoaUtEJriSjF1QQdiHcmTjYcKhweHo6nUqk5RVEIumrARs3pdHoQzIOFKzzPc8Fg8GWj2EW1+qX209IN8lPn2d0OoXBoaOiuyWQSksnk9YqKCg+ClHGhUGgPx3EfYrFYMQLIYB9YgnEnywTc+I5Ai6CfoS6wZjQal2RZfmTw+Xzh9fX176jgExxaYBhHBr8gCJPQgNlsfg1thr6FPWCz2Zg2ut1u1sKLjXcwiIHJeRhYBeXQZWgJ9COrAMyyOWDrTpyTDCLovm3jFpDhzqYKJlkGq9X6imUURZFVFJAkaQLzJugbBGlGgCUwln2J/f39KgwWOJWy04WWQ2fAXvAezm6wCFzIvB9c7Ovrq8u+RGzIAwk4068ryoJNWdh149ApnU4/zPkv/Mvo6OjgmQ4MDKR+Apt6owU5Oz7IAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALHSURBVDjLbZNdSJNhFMf/m/v+atayydzEFk5rlbrmLBcpRV4OW9hVdNNtV14IuxQqIoLuvI1ouykLE4rdhnNivTmKikywbaBurM19f77v2/O8MJmtBw7PA+97fuec/zlHxPM8Wk8ymTSLxWIvx3FTjUbDQQz1ep0plUrBbDa76Ha7463/i1oBiUTiokgkmpNKpR5yg4BAAdVqFYVCAbFYbCmXyz2anp4ON33Ezcfu7q6ZRJ1TKBQeuVwOCmYYRrBarQalUgmLxeLZ39+fW1hYMLcBSJpeiUQiRKYOFOJ2X8aViQlotVqUy2WQzGAymTx7e3vepp+k+ahUKlMajYbeQrQf20mshVeFTFyuMfQaj1B90NXVhUwmM0Vcnh7KgNTpoD/TemUk+lo4BJ3FCV3fJD5tN6DT6WiWUKvVKBaLjrYSiMqCYDR9EhYcB9SgQoWVwSCLIvX1AfhGHkRECsD/AEw+nwfLsiDtwqWxURTzWZTKWQwr30PVeQ7y4jqi0SjVg2kDEHWDRBzhHQqFIEUZd66ZMHMqDL3xAnTdwxDnGMR+rtIyg22AdDq9uLGxEYzH4yDdQCQSwbs3z5D+tQytQQ829xZG+21YVd9TBg231AYgyruIQCdWVlaEj4ODA7Ad20H3mRnSos9Yf+6HRl+GWVczjPSJHx4C+P3+m6QDfjJ5Q6T+e4FAAMuBJziqlkLbWQJX3SbCcmALH9E3MQu7sXprfPTs/QMAmcCXVqtVptfrYTabY46R87huZ6G3DIErfSG+ZTi8NnC1HSgUmxhw3sCope47ANDhUalU6OnpgdPphOskYOkfh0qbIq37QzamA8zrTRoKXGUTx/t7cdUmwYd5+2lhmXw+H7+1tSUMEbXZyRzcd1+gQ/ybADLEsXVjxehQ2pD4FsHm8vwr0b/rTM/qY0eKZzkVz/Ekfa7F+IObThrxZf4CSlpy3yYZtPsAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJrSURBVDjLjZNdSFNxHIZPnfS+usiborU2JaKIPvAmig0kkYSCCpHKsTnDolLXnBFJBQV9YC2VtDRThKiYzA9coW6abWSTwRixYqPtIqHTWGM7+3Bfb+d/ZEeHXjh4Lt/395x3/CkAlMPhODHzSIUpXTk+KUpAUdSRdbKThPfZ7XZ2zjaLeds0TBeLkU6n1wVfotPpCo1GY83HB3X40l0H04VixOPxPKLRKFiWFQiHw0ilUksF+QYWjFdLVxXkSnJEIhEkk8l8g/F7dZjtUmO8SopEIsFzc9AP3YAfzRzafh+0fT5oOIiFUCAYWJcMxs5Ksbi4yEPCAxYG/RxvzAz6phg09P7iC4hVnsHYXTU+d9Zi9IyEbyesvNrEBRtfeXDtpYffIBaLZdY0GD4t4QciBblPIZCL5NtJOBQKIRgMslzBwWWD1lrMtKswfGq3EG567UNDjxdXuz243PUT9S9+oP65CwzDIBAIrLGB1QJjpZgvIBvkLnO68Bv0sCn2YEJeAHPVDljbroOm6VLBYOSWCtN6JYYqxMKIBBL2vnsKp/Yo4mNPkP1uQvRtI75d2Y9nh+jHeQZ2zsBQvksYkRiQxS3VYsS4MPQngebNwH0R/j48jhEZ/XvZoEUJc5sChrLlAnKdDEe0s/MGrPz9ay3ChGxTdpXBB7kImUyG/ydyBuZz28H2KAEulNBSCHL4L9EYldMMb6DRaESDFXsxdP4w3stE8Hg8cLvdcLlccDqdmGu/ga/qEiw0i8C0FMCr2oDJykJ0lG7spMhzJtRIthy7faDojlK6VbXW0+0t29YxIqcXiDZ3+Q8f5p7zf7M8wtRUBE6BAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ4SURBVDjLpZNLiFJRGMe/q1biA99UpqOilqALmYW6yM2MFLQtwU27bLbNLLSgidEethxcGLRTXIkbFyEYQlQu7qJNMD5AYXxcUZMRMhtf19s5NzRnExMdOPfAOff//f7fOd9HMAwD/zN4/ypIJpPMbDaD+XwOaL1PFAoF1sJisQCaps9M/NP6xEKj0QgOhwO63S6k0+kjHk7B5XKxgr+N6XQKqVSqbbPZ1LVaDbLZ7DEKGONhcrVaBaFQCK1WC9RqNdTrddBqtey+Xq+HSqUCJpMJJBKJutlsQqlUwgEfBAKBPM/tdhP5fJ4RCAQwGAyc6IDs9/vOyWRCIpvO8XhMdjoddm232+z+aDTC6VDYGQd/cH4ikQi7IDFZLBaTmIyIJCbLZDLSYrGAXC4nrVYrBmEHLawlls+YyWQYj8cD6FKh1+s5sRiTsZiiKKdSqSSRfadKpSIbjQaEQiFi5QAPZGm/WCyCwWBgyWazGaRSKUtWKBQkujzAQex2O6aviodYL6REIsEsn2vtrdmp6X6ByxQJvEEPRnwh8GfDJ7dy89fEeSqx4NMFxRp1+PqW9+IlgxVOv+ag+Ok9PSiXdtlKjMfjNxBlDxEfLonrDjZ/jGBzywv82geAjy9AIJGCXqfjnlSY3wFQTl6/378TjUZLSPAICQ+DweDh0kF+++WCf8VAwJ29Pz1wcBW4C0LPphCLxZ4i4XONRsMWEK60crm8cnHz6C1s370HwsY7mJx24CcKMPzOhXINqDN3EIlElo2yGw6HVw4++64dXBCL9jcUMw6P04Lhtzkcd7n0bMw8I87bzgXfxuPRSXuHSxM6mstQSPXmdm7+6heR5oijWAuHSQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHWSURBVDjLzZPdS1NxGMf3L3TbXV5EEN5030UJpTdClBBKSgh2Y5cyW0QXISY2eiGxklYgGoaE2YtFdTjHvZyO25i6uReOuRc3T7TNnOFOw8bHs2MmZUEQRRefm9+P74fn9zzPzwJY/gTLPxUsjB04Hh06ifq4i+m7R5jp29/82+HFiT2NmmBlZfYpfMrwcXYU+Urte/PS4XDUGLw14Gc8G+4gF7pIaXEcTeylGHzEl4SL4L02fUsQ9vtl0mnVJJOpML9JbITl0AXKRRfFd+3kp84SGWwlMHC6PHXj2N4twYd4PIzH40KSJBOn04lX6GM5eI6yLrM234KeamI1bCNxv54HA/bStyZuCiIoimwG3W430lgvmtf6NdyMnmykEDqPeqsOLSJWnqZ/J0gmY/h8XmRZZnL8KuEXHUbZk+jxVj6nTrFiVKL21zLnFclmMzsFqZRKIODn5VA3c89tzExcI600sBZvIj/dSex2vRmORiPkctq2oNJlQXhlHC6Rzy/xsKcGVhNE75xAsO3GbZTssR8lu+CjUMga5ExEUTAnZPlxZJfaqinJNykp11G6DjFyporB/h5+NeIdC9NwcJfe3bJv/c3luvXX9sPSE2t11f/zF/6KYAOj9QWRU1s5XQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFCSURBVDjLpVOxSgNBFJxcrkmC+AV+gP5BwEKwtLESW0mZD7CyEyViJVhbG7DURvEXBAsDKgpGxIjIecnF29t9byyyAZu9wkz12HnMm3m7WyGJWRC3Dq7aq83FTpKzMcwyqFNYVczHNrvpDc5XmktrXz9siAJpksCKYK5qs9u7t+3T/fXjysn1q9TrtWhqhCSUAAkMR2PUGzWoAkqCBJST+qF3r4ft5Wo8toyy77En/zQpoSRSk/kaEH+mCoxyiQAARxcvDGHv7DnIbe1ekiQiUQ0uyIkEucJaAEAkUiLgwpzNvUDhyqa4sLiZcFHplBJxN41QNsWWOXDegTFFsMnkJixujI9QlOUMR1DxDopC/hVhentx//Gp2+rkG2IdksEHnDioE4goqOxv7uQLUjiIE6Sf76AI/NPpAkBl1t8YYUb8Ao9lHyy2IyRjAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAImSURBVDjLpZNNSFRxFMV/M40TjdqUqZmCn0GURSSUVFIUVhtx2SICqUXRVqptRBERtGpRC2vVwo0QEUWaUElSRDEW5EekiU1+RKKDOuPMu/e2eM+Xpq28q7P433PP4X9OwMxYzQRZ5YQWwO0no74UNcMAEcDAVFEDUReLwrVTpYElBADFG8MYhikYYGqogS0iUYXB8bnlCsQMM29Bwcww89R4RKqGqiGZFSyIuBIxQ9VbXMDqkhTIG6oTbdTn76LnwSsLpOJNPoGJug8NVBVTvKuu9GJrpza7l3Vlp4lW7GFqaBt97S23fAJHQcVQ76p73cVb6KSu/Du50YNMfuslHEiTu76InE2lUZ9AHUXUfJ/meS7gHYcrBthQeYL50VbCkQDDsT4yqfTvVHLmwF8FDoio71/VyNe3HKv6QLSqkVT8HsGwQ1ZOGTI7TGZ2rn5vc8eAHyRHBBFDVFExsic7OFLynujWRlLxuwSzMqQT5fx8GeNh4jw1zR2xJb/gOIaIm4Hs6U5qi3oprG4gPdbCmrCRmi5jrOsjzyJXiU9FlkfZEUPUCP54zP7CfsSKGf18ByXF7GQJI6+/8DRyhUQwH7EVcuA4Sv/IHEeTbeyou09/60UGurpZW7qbxMQ4z0OXmJjKwXSGxfUL/NvG6+d2Zi6fvRAiKMRePGJ46OtMtCCv7viNnp6VyrSM4OShvGRN5ebQvu0VWNZ8d3Li15mGm58G/9fGP3sKXaMRKZvBAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKjSURBVDjLlZNbSJNhGMfnTZddJHS4iFJzdhFSRAc6WClJNmbMZrA+0x0+dQesXGpTnDo3aylmSToSgqiMqNTmFC1aOVMHuSG6DS22SK8aMQPZwanj375vMPuoC3vhz3P1/Pi9z/u8LACsqampc6MtJD6ocvBOtBcsFuvwBrObak632Wz+z9Yx2K0WDBelYW1tbUOhISqVapPRaBS+vV2K8a5SDBemIRQKMRIIBOD3++NZWlrC6upqDMA0GMEQwWY0+3w+tKvL0MLZCm3ONqiILHyZm8PKygrTYEhbirGHJRgSsLG8vEynpnselZUN0HN3QHM+EdpoLTu5GdcLL6wD4gYTMYPBS2yEw2E6qqfzqMo7gTtkBh5X5qI8exeq+ftBZiYjGAwwDQYbS/CpsxgD+ak0nUrVk++olpHwOYwIzprw09KBXy4TepoKooBg5J8G/Xmp9IAoAHWNtvudGDdIEXC+QGj2DTwmHWqUCiwuLvqjgIPrBvXFGH1Aop+3J95M1j8HJzcPdTo9tEoh2m4Kobh6A8VSOe62tiIhIeEI02BiBMbcFBpgNpuh092CRCIBn38Rhq5HGBh+Dy6XC5FIBJlcgaPHjhviBqZaEpZ2Cfo4KfQAv907A8szHdSNeiiV5cjn88Hj8VBQQKBILEW3oQme1tMRhoEtatCbk0wbeAfq8bKWi8tiBfR6PTQaDQiCQHNzMwiRFGpxNjwdXM+6QbUEH9tE6M2OAcIhP34sfIW6oQlyuYy+ikAgoGuJ4hoW3C5kpO88+5fB66wkRCIR+iWoQVKrS22jy+WC1+vFnye+BxUVFUndnH3ou3IIrzKT4Ha7MRddV6fTiZmZGUxPT8PhcNB1cnISdrsdVqs1BqBAVISpW07VHdiukbATyf/5zr8BNamLpjmUSloAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAL5SURBVDjLjZNbSJNhGMd3KdRlN90E1Z0URVfShYKKic7ChFRKyHRNp3lAgq1ppeam5nFuno+JJ8ylzNMSRec3LdFNm7rKPuemznm2nMfl/n3fBw6tiC5+Lw8Pz//H8148LH1VvBNFDIWCgqSwUhxNlETiQ94D9IluHymEbtbGuGtk5eOLClnIuZjcwLNOAFg0LGqYmOsSwzwkw4q2Amu6GqxOVMMyUoZFVSFM73NBtokxWSsAkRcKOd8VlIBwCKZrn00cC5bHyijKsTRcgoUBGea6c0C2ZkDfkAxtWQJUWSGMIC/k/IRDoP5kdB5T9+NbVymm6pMwIgtDn/gOqLVBrY0q7mUUh11AadQVNKQGoFSaDmldl7NDQD99M4fdY/MHWNu2Ye/Qjn2bHes7PzFl3sOocReGtQOQqwdo16xC2mnoPg47BDTK6d13yukd+xw1bN0/gnnLBv3SPmapoPrrDxQpTfaCDoP8ZPiUgKZV+92lTbtFfiS3Ydo4ZMKd4+soVBpnJB2zLr+H/xAcUz+0MqgxWjFq2Ias26j628w/BY1Dy8Pj81aMUQJJ++zgfwvq1cs3mwmT6U1zO7KyslFZWYnUtAwkl/ctCKUK38TERJLupaWlbfB4vKeurq5nHOHaQUtrE7Foz5WWIj8/HxaLBSRJYmBgAOmvc5H4Kg/6z1+O6B5BEMwMm83OZMLVqiVlj24d8s5eCIVCaHQ6iMXp8PPzA4fDgUQigUAgYGpfNtseFBTUSUsSEhK2WA09Oue6QTP6pzchysyBSCRiBDu7e7jl7Y3e3l5oNBqoVCq0tLTA3dMLvCTZDVqQkpKyx9zCpLIYxLAa6ZIKxMbGMQK+8Dk8PDzh5eUFf39/Brr2cHfHwwD3TVrA5XI3Tx3TiCIDnNBgFOTnQP62CXK5HEVFRYiPjwefz2dqutdUV2PLzs7epL6oZ508Z21xBNny8t5u8F1fcDmP8CQqEtEUSfev7r8IvGSO5kXYoqJ4h+Hh4VYfHx+Dm5vb9V9HN9N1j9T0nAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAI5SURBVDjLpVM7i1pREJ7rYxXFiKjxVYhIMBhMbWGbIk0wasCsCCkD1vkR5gcEmxSpsrLIxVaQCKYQRAW1kgTxrVEUn7i+bmYO3MUlkRQ5MJwzc2e++Wb4LicIAvzPkZ072WxWgYCv0N6eTqeneD9Bw+epjvcPvD+jZf1+/1Gs4UQGWOzG91ej0fjcbDaDWq0GlUoF9H0+n8NyuYR2uw3j8fg7xsLBYLDHCimBLJPJfGu1WtROuHT2+71QqVSEZDL5RayTiFTQeWYymf45s81mA2zy8o8dYJAhjkYjUCqVoFAoQC6Xs9hms4HpdAq9Xg+cTifLvQggk8lgNpvBdrtl/uFwgMViAXd3d+wbxf4KIM4klUoZA0omw7kZiLhsKj4ej5cZULJYxHEcSxZjEonkMgMRgOYtFArQ6XRAr9eznbjdbpZTq9Wg2WzCcDg0xGKxD/V6/dMDgN1uB+l0mvnRaBTW6zV0u10GSOChUIgtdjAYcKVS6SPqwngvpFQq9QuFY8zn8/Dm+hpSNzdQrVaBROXxeKgIJpMJdQer1brDBlc8z8/vGdCsxWIRNBoN8wOBAPPD4TDodDpYrVakQkgkEuBwOBaYYtBqtYrzEd6hZHlc1hX5NAqxi8fjTNZ0aCRqVC6Xf/p8PgPqYsud/42RSOQFbvzW6/U+QsVxNC8tsdFoMGHZ7XYgtWLOFJcsyeVywwcALpdLarFYPNiRxzkfYxEx5FCF75Fhy2Aw8OjLUVTHfr8/RkavfwO7WaXhrjM2EgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHvSURBVDjLjZI/aFNRFMZ/Ly+GlCYlaMF/1D+4FQRJREigk7OiIAguHSwUkrkgLhVcpIurQjdBcLAITi4FETpIAw46CGIHJ0tFamlt3rvnfA7Ji2kTwQOXe4b7/c73HW4kCYCnc+engU8M1/b88kaFf1T05O65KvAAuFY6epw79xfZ3XoPwPjkFZ4t3uP37i+A58DK/PLGy0FAHli5euPmmbFSmfTrByRhnV0AJDFzcYrcyQtIuvXm1evrwBDg7FhpgmRnk+CBjRePQQLEltoIsb/5jeLk6QJQOBwhD4AbCoFc5QRuAckP5tzfI9neG7mDPIDc8RDwtIOnnZ6D/6seIOCW9ie7Ij7+mGDfYlB3F4oKfD8yTavVWnJ3zAwz+9wDGB5SsICbkYQc8dgkt+cekiTJ4aELkojjOG02m0t9ACFF5ig4bsLN6XQ6rK2toYFIWV+v1wkh8NeBOR4cD4ZbhJkBUK1WDwizXtIgwPHUUHAUDLcc3hO02+2+eBBSr9cxsy6gO70L8CwChqSRDrLqO8CEp97bgSGL8CgAsL6+PiSURKPR6Dt4lybJzPipKeRC7uRTiH+WkUStVhsSZ3cGePR2dbUMXMoeGXl2KpcpFotEUTTyA8VxjJkRjco2OzubM7MFMzvW+zD94+6D58sfRXpka4kRkDcAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHySURBVDjLpZNLaFNREIa/k3vTR4qKFdpaxZhFfeBCUEF8oaAiulIkoCtdFATBRcWFG6EgCG5VfFBduBVBFIIQHwga3GlREJVqS4OhrRKjwdxc7z0zLq5JGwwSceCszplv/n/OjFFV/idcgKOXXg4BSWArsB5UUQyixGKGmAERQSyluKtjK5fO34Aopw6uMqgqRy6+GNF/jPO33qiqRgqAbQA3csW6tL8ZG9zSzdvJkl+3gGhf7XKgpx0AY5onv5v2AfCqQVsdoKqJWtX3M35LzVNrzSxA1K1JazXECnMBBiA9/IiqCKKQObub8cK3psmp/gWoWABiESCiffECNq7upeiF9cfzEm0Np24htA0KAChXLYEqFT9sqBhYpZQd4Wv2Gl5+jHzvEtbGdwB7I4D5rcD3A7zAYqtBA6CUvU4wept16UHaU2vwXmXpfPqQB7viJyILc3692WTPZC4wsP0AHR+eYG4eJvHxDqlkN2p0yAWQUBQwAPdzEw3J5cpPwqlJOvpSsO/k7A4ML8YRs9wFsCITQOr11f1/dBsg39NPZTRD173j+N4UFaD83cE6FKJJtHI3febxClXdhMhCkRBUULGohGzu2knb82ckF3XiOnHKn0PGp2OqyGXT6jrnDi07/aNYOOZYk7SOflK4sicbnvsFhzwbXdu8qEIAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKjSURBVDjLlZNbSJNhGMfnTZddJHS4iFJzdhFSRAc6WClJNmbMZrA+0x0+dQesXGpTnDo3aylmSToSgqiMqNTmFC1aOVMHuSG6DS22SK8aMQPZwanj375vMPuoC3vhz3P1/Pi9z/u8LACsqampc6MtJD6ocvBOtBcsFuvwBrObak632Wz+z9Yx2K0WDBelYW1tbUOhISqVapPRaBS+vV2K8a5SDBemIRQKMRIIBOD3++NZWlrC6upqDMA0GMEQwWY0+3w+tKvL0MLZCm3ONqiILHyZm8PKygrTYEhbirGHJRgSsLG8vEynpnselZUN0HN3QHM+EdpoLTu5GdcLL6wD4gYTMYPBS2yEw2E6qqfzqMo7gTtkBh5X5qI8exeq+ftBZiYjGAwwDQYbS/CpsxgD+ak0nUrVk++olpHwOYwIzprw09KBXy4TepoKooBg5J8G/Xmp9IAoAHWNtvudGDdIEXC+QGj2DTwmHWqUCiwuLvqjgIPrBvXFGH1Aop+3J95M1j8HJzcPdTo9tEoh2m4Kobh6A8VSOe62tiIhIeEI02BiBMbcFBpgNpuh092CRCIBn38Rhq5HGBh+Dy6XC5FIBJlcgaPHjhviBqZaEpZ2Cfo4KfQAv907A8szHdSNeiiV5cjn88Hj8VBQQKBILEW3oQme1tMRhoEtatCbk0wbeAfq8bKWi8tiBfR6PTQaDQiCQHNzMwiRFGpxNjwdXM+6QbUEH9tE6M2OAcIhP34sfIW6oQlyuYy+ikAgoGuJ4hoW3C5kpO88+5fB66wkRCIR+iWoQVKrS22jy+WC1+vFnye+BxUVFUndnH3ou3IIrzKT4Ha7MRddV6fTiZmZGUxPT8PhcNB1cnISdrsdVqs1BqBAVISpW07VHdiukbATyf/5zr8BNamLpjmUSloAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIsSURBVDjLnZPNi1JhFMbvKtoHBa1atgmCtv0VrVq0aCkGCn6mYH47ip8IflAKhibpRke00BnnKiKoiKA7qSkF08FvvToak/f0ngu2qBYzXngu3Jf3+b3nPee5VCAQcPj9/ucAQB0iyufzPXS73Wd2u/3RQQB8Wa1Wiclkqms0mrsHAQwGwy21Wn2qUCjOxGLxHVyrVCpHpVKJpWmazeVy20wmQyeTyaf/BaAKhcIrkUh04XA4vhSLxTIxX5IHULMCDd+PkxCLxbaRSETxD6DVamUbjcavWq22LZfLMBqNgGEYuJgs4TxbhG9PHnManuQgGAyypOnv/wCazaat2+1yJ735pOCMy+USBuMFvPzIwosPAMW3xzDwemA+HHL78vk82Gy2Iw5APtZoms/nHGCv2WwGP4Zz6AwWsFgsYLVacUI47jUajTvS9GcUaQ6LgL/Ne3U6HSBVgtPpZFHT6ZSrst1ug1Kp/EolEokdUveGPWAymUA2m4V0Og1kD5AxX1osFo1er2fxGpvNBiQSCVDxeJzp9/tcWWjEcsfjMVSrVUilUth5IEYgo/6Md1apVDSu46FCoRCoaDR6gp1HIwLQ7PV6ezKZbMnj8YBoKZVKUzqd7h4C5HL5bZKVU4FAMOHz+U4qHA6/RiJOAgFIJvFmrp3EUCj0gMyVqdfr0Ov1YL1eg8vl2t0oyh6P5x2JKZAwAQkVNuznjQDkb7xPgnFuNpuvyHyvtFpt+bqA3zDZAQQexaeGAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIHSURBVDjLfZKxa5NBGMZ/35dEamtFMkgGpaAVQcTRLp1LoYubi6MOgqiTZOrQxYKjOIh/gIuim5YqdChKl4KbQ0XESoPYaGq+fHff3fu+DklM2lRfeLg7uOd3z929iZnRL7l9y7hwkbi6isWIiaAhoL2xMj+PvVlj4u1K0veUGaphkw0ZNcbuOkasCMOWA4AQsRhR79EYu6AY/87LhwDSfYAiYN7D1BTiPeo94j3iHMn0NNrJsaL4T4IiLNH+sFhZ2KFy9Qcc8aga0knR3S/oWrO751+A8p332+bSNmfuHmP8PEZKqjlJaKF7HynGHrZ1wW0Pe5L+L8R3p2YwXjL9qGal42hsQvyNSYaJgyQBCbQ36w0puFK7Zhv73sAk1Dl9r2blE1j8BZJj4nrKUP8d04yxczdrYY/6yBU0FrOliUtY3MPU9eR7cph20PCTdPwkIWN25BdUpWppGdMc1PfkBhIH0gYLxILqKEAULIIWg+j902WQCPPE4pA+0ChNCy3MwoHobgBBkaJDyGmOAoJbl90NkqS0P770Rguk6VHyna90WqyPAMSx3N6831C3C6UxzCImvSQoSXmS6BI+PX/VyDOWR/oAYOdxckMCS5OXr9cq1bOQGBYzpGiRfdti6+nrRp6xOPfMnhwKAPj8IJkpWtSjY1Yi1eDBdWi6jHURludedBuoX38Av56vLTwJJBoAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALZSURBVDjLfZJrSJNRHMb90Jfoe+GnPkVBF5GKJIKS0gqFbnTX0swaSkqWTdJIBXXqygtMFPRDC29lmuYlp6mgeTfzthTHnHObuoub0/fitvd9Ou+KpWYdePif97z/5/d/OBwvAF7rRWk/hlCq8gZqqkS7PJLH2AZSWWvXM4ul/dHIUqc4eXO/Z0Nrarxp9YcmVtcEp7kHrpUf4JhZ8KwWLtsk2JlGWFqisVBzTW1uEx/YAKBm63asTsv7HaZOcGtaIg0xT4Cjh+Fa7SPqIWdK8A4T7P250MlPWxbbEnZ5AKvKwkx2rp406MGx06TqwLtsAL/mFu+yEtgonMv1AGeB8VM0dJU3Gj2A5SGJzmkdJb3TZNIMeKeZmJbcRrecJvJPQwCfiSrA6gegyvdjPIClr4lrHD0DF9ULFz1E4itJ7DG47MPE0E/uoAtOuwKssQCMPg7cqhaTmb68B2Bui51bW+wj08fBzCWRCemw1obB2iCCtT4C5rJgMLpUUKqbcJiywGgHMJV9+E8Cc0eCxNqbTeKawcyKYSzyAT0bT/QUlFpE6hMY0rdjZSIQPK+C/l0s1EXB7R6ArTt522KDaHJlvJRcoAqmN35uM62LAqUNBa2Jw0LeTnBUB5a/VUGZvJfVVcfu2fAOTF8SfOarQkwrY2WwVUf+ApDJgpnWPEZN8WXEF9zGg9cXEJLmz5xPOJS0ASDI2Bx/RF0ePm8oCQTTFgTOcBac3h+1lZeQ8j4c9eMyfDcokNMShes5B3Es2lvqtflptpenBclSIhxvZc9RmHUc0pdHcSc9ALVjuahV5kNY0tZI5LQ+FADMXwBBL8Qirby0DHJ5BQqLShCc6IvG8WKsX3WjMgGALQHimLvdLa2tMBpNGBwcwomY3chW3EOGIsxtzmgO+3+ClnJJ6NWL56iAgDO8v/9J/tSt/c4r0n14pbjvnixU4XvLO/iXSLOEyC7E/l0lwvlPxOcI8qKVSZYAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJaSURBVDjLpZNPSFVREIe/c9/r+tD36vW/IA2rTUYlZbp0FQTRQqmgXFW7loIra+NWCFxFENQmgsyEQnGlSIFUVIsURKuHBZmlWWnee985Z6aNaWa0qFkOwzczv/mNUVX+J9K/J9yAyarSrMIxEWpVQYUnIvSpcCV3Qud/rTe/TuAGTL0KN0xFS6XJ16LhBlCPRtP42Rck4+0FEc6tb9DBVQDXbxo0X38v2NaElq7DL4wiyQzqYjAZgswejA1I3naSTA02bj6t3UsA2282qDKR2n87K8E3fFwAO4e4BPUx32YWePk84kBdJfktNXwdOj8vws7tTfo5AFChOdjZmtUQJCnQdfUZXdfH6L45Ab7I2MgCmRLP8ONxfPKa0r2tWfE0L4kowvHU+jp8PIy6iMYLu1EXoz5BbcyhGhBfRG2M+/KMcOsZxHMcuPQTUEXJWiT6gorlzcgmTDqHQUEVWNTJOXbk7wMJ3lO5NIEKkbo4xDvwRcqPnAUTrjiviqc0v525x12gigip5RU8BWxUDSEqlmy+jCBTsco06mNMUIr4NDbhFUCwuEKPnX6BCStQAff1EahbBbAzg6TXHiSansAW6VkGeDoWRtrmcTmCsJzixwckk7eR4qfFzhHFqV6S991oyUEmH7bN24SOFUb6dMecTG8+2pmpaITUHG72KT56j7oYk86RylXj2cXsaC+zY32nDrXq3VVWnrxljornWllVS2W4cR/BmgDE4RLP98kxPgy1F5zl4uFL2vfHXwB4d9NkxdMiwjHvqXVFcJYnztLnLO01l//yTP8SPwD79F9Uvnnx1AAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIJSURBVDjLpZM9SJVRGMd/532vetOswQgjSoW2gj4Gh4ZoiIKGwGi4EtQQ0VxLQhAOEW2NzUVLOQRBBioUakGT5CBiGhZe8aameLv3nPc9H0/DvX7hHQSf4ZzDgf/v/3/O4VEiwl4qYo+VWT/I7EdxxSVEUsRZxFvEpYhLEJ+ANXhnEKfBGg5ef6W2A7yj7lRuh4MIKKgugMBKX/fOBMlqnn0iSNCVCwUiAVAImwQVNSBW12jBOUK6gCt+g5Agklb2kEIwSDBI0NQf6iLYcg2ATwCHBANiq6KtYoOEMohD0hoJ3L/lSuRtzpoQTBWiIeiKiSvtBARvMD9GcMk0+BTE4c0a2bbDFedgEK9BQu038HoZt5Zn/5mbQCCkvyiOvUF8GaRMYXiawvAk5fm3RI2K7/2ZnssD7tkGQIlg/4yzMjTKgfN3UUoRxG6IS1OWs7mHNHScRI8PMDEy+GTwUl0p2vrfzZ23sauLrA4/r4oN4g1zQ2OcuHiD7Mxn1MtuGn++o72tJRYl9zcS4Awqjmg6dwc90U/x63viltNkWy9gl/rItnbA1QebvfceIQ6qXa0P0+LraxJsgjiDWI3TBSAiUoqpT3N0dt2i6fcHEr1AGSiuxUzOkFe7mcbR3NHe+uamR8daXCYTzVFcdMwWYm+NPFa7HecvueM9pb/z92Kv2nwseYEXVwbc0/9TqFA0aM0H7QAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKASURBVDjLxVNLTxNRFP7udDp9TCEtFSzloUBwY4FUF0ZjVDYsTDSw0/gjXBii/gk2GjZudO1G4wONK40CGkQSRKTybqGAfVHa6dy5M/d6WwMhccnCk3yLk3u+L9+55xwihMBRQsERQz2crK+vX3Txyn1SyfXDMnyE24AjwR0Q4qLQw1M82H4vGo1+3OeQ/RZSqdQTV2XnhkKzmqaoYJaJQj4P27LgcQGNdTocRmFzyWiJv2zqil0/EJDkt67C0oAGhtTmJpLpHEwSAPNEwBwCy+bQ7W1EsYlYWxiKdMSjvbPhniu96tra2ohmbAxovILZxCq0E5dh6M1g0jllAqYEZRw7lhRp1ZDdewW9tILAykRPingfk9Ti7BbJJ47viiC645cwNm2gYPAaefhWH4TgGB79JoU4vG6Cu0MNyMx/Bv8+hkzJtlWWW27yRfrQ0dhS+4sq0aAOqHQgOK8JGJbMKZf9/h1asPssyv56sBejqupuinEtEHI5jgNFURCuA5JZB6a0fPvBF1BLClbsmoPT7X5wKVqrbWhFqDMmFFHcKLLiNmzbBmMM7WEFAY2jbDCUJbFsMpQkjgUI4ifVWk21lqaXoBQ2mMJ94adi6wes5AxoMYOw7uBcl4JTEQFVULhhId5GcO2MJtuUEykXQRc+gb1/hLTl/VobY2JmctyfnTvvUwlEqCMPvdGEHrKgevj+wlTrxO8VL1+ebLaSc1gwA2kj9bPlYJGmPrx7bm0lrkbIrhrwewFPPbjbj+pzdSPtUh7YXsRqpiT2gp1T9NfEhcGR1zY5fEzjo3c8ud3SIKV0SJrp1wgCLjiS7/CKaU5LPCOcj918+Gb+n1X+b9f4B22tbKhgZZpBAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAMGSURBVBgZpcFNaJt1HMDx7/MkbdMkzZK0SZxLmlZc07pN+3KoVcEdehR0ysAd9OZBvCmIIIhMPMjQswheFF+QIVitJytTRi0r2crqbE1dbddtVdq0WdbmyfPy//1MQRS8+vlYqsr/EX767elkvif+QyLankctUMGoYnwf1/XxfR+v6eK6LoHjYpoOntOktrV7e31pdTJczHYtThwr5PtzaQ6IKgeMKCKKUcUYwYhijMGI4hvD5YVf0hfc+lL4SHcsn4mGqKz/QWAM5cU1Hh4bZP5KheHjvQS+cOXnNYaG+rh4cZFCXxZjhIH8ITL3HE6FLQtElbaQxc6e0AgsGqaNnYbP93MrGCOI2nh04lrtVLfrFPMpAhEsy8J68+NZtQMHWxTLDjExWmLXa8eIYEQRgcAIgQiJcIOZmXncvSqB57N1q06oszR5PW7vjUc7aGRzmVgmk7V+W/mVlcoKGxs32LixTnTvJ06Ep3DjIxCJyd3a9tXqnfrmcnnuVUtVOfDSe998Ov5g/5nB+4ocikcpZW0OSOBw69IbxLLjLK5uMl8boTy/OP3ZuRefoMWm5fRbX/V2J+OncpluPAPxDv5RW5umMz1M4vAIqf1ZCgmHtnjPI/zNPvnK55azUzs/2J+LYIXBsklELA54d29SrUzR1ZPE1KcoPPQceWeGviPx1Nijr71Oi33h3Wd1cKh/LJVMsVnzMSJ0tlmgytbSF6TvfxKal7n00SfEkw6xWplirEZXOnmaljAtTU/sze0a1zf3abo9zMxdIx0s81TfDpn+DKb+O6hg9ubpP/ky1W/fJ9peaqfFpiXwfXwjeEHA8upN7uw3OabfkewdRhpXUXEYe6aEeLeJRCocPTHJY4WNo7TYtDQ9D8fxKPR0UMxEmEgsUBoYJdq1jQZVsEKUv6wAgjQrZAaKjCZXQj+ePf6Apao8fuadpdy9ucG2SAwxAS/kPmTi+Q8I2WtosAso/7IJdZb489oCla/PnrdUlf+aPTe2rUaiKoqKoCKoCCqKiqCiIIKqlv8CsLWQKDaepcQAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAANhSURBVDjLfdPfT5V1AMfx93N+8GPnOYSHhMM5KCEcE5eA0ZAxGm2Uc3O12VV10cZFXhTe4HBu5eyiNVaRcxY012xjtS5QsezHpnPNMlQaRNAhwKNUIiLE4eA5z/P9Pt9znufpwtz0pvcf8Nrn5qO5rsv9jky+rVs51SWV2iWVaJLKQlpyREj1vVfteLfYfSn/w5ejJg+k3Qd6Jw63WVn12ZPFrVVeXwFZzaa0cD3X5qc4Hf+yP6p9MqmyuW6l7I5P91ZffAh4/7dDezb6a06XBCLcUiuMZ6bwuh5a9O18ceV4sjC3pymoPTvSVKOH4n/e5a/bmRcHD9QNAXjeGz8UkkoOlOobGcvM8mPqMqnsGjWFldxZvIlhiLcCbvv+zaUFobJ1BcTKdYRQAzsPDocAPKYluhqL2/SEmGfKnMHMSdZ7Q+jSz5mJk+NR77GrUmT31mwIML0gCRXlE6sI6tIUXf8Bxm6vP5/JzDQqZ1Hk0akr2sLI7M+ItNyXtXxHGzYFvSrrML+imF20CJcEkELuBvCZQm61tBweNBr0J3gsP8rfNxKMJkZPVAUHIkJYjdGSQi7PmpiGjXHXpjbqx5KiCsBnCFOUFTya1xp8ijsLN+kf601ahjp6ePX5vpm1Ud+5wOOJpVW5zYeGaTi4joOlfCghvfcWmGLulz+GG87+PrRsCavnwO2KwfZk4FXXjM88bY4+c3ZrN9KyMU0XYdiUrPNzaymDskTiHmCIz7+aONV/ZD727eY1b5driqnspg26NnsdJ51BCIEpbXLiAuGiiyiZYtkQlEUCa/AavqFEwwnXFD2uKY5lqyvzstWVOLaNb2wSDAPLtFhNfUc4PEJjbRMVoRg/xM/g6j+1NXdGPvC4GcPnpDOvWDsa81SsCjEzjWMInIyBbQgsaZJMfU3Dlnpsj019+XPYWpbmbS0Ab3j8H/ctO2mjQ7s6CvFp/OFyHGFiC4EtJEpIkulF/JrOC7X7ANjffpzq0jqAAg9A4anBk+7MjZ3eb87PceESTmIO25TY0sJSgn9SK058YZie8x0A9Jzr4PrSBIDUHnzjam29bluq21Vql6OyTW4uVxdOLkw2d0beqah65M2WulZi4e1cW/yV4YlLzM+t9T4E/F/NnZEe4HUgCKSBvisfLRz8F8J11bR5XdMKAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFtSURBVBgZBcE9b01hAADg55x72mrdnqrE1SCkCUEivu7SxGKppGMHNhKj2KRisYkY2MTcRFQMGh8/QGLxMRikJklJkN5B0N72cu95z3uO50lqAAAAQAYACxP16KF8vhotvxSPNgfF/QFJDWBhOF7Yfyk9EXemRn73P359GJce1BkA1Y1918+MtxSiRmtrtjfzc9qtpAYvkmhl4/L4pNKGnglDfng6uLMt42WjOhD3xOGTzQ/acpVa0PDe5AgZ1eF4szxbNvvJlHeCTKEhOOUVsmfNeO/Y3G5D1q3giERUWreuQFqea81N+acvN2Pcqu0SYzpqAWm4Mu2XTV1bEm2raqmGQi0gDbsy3/X19fzV1PUHFKKAtPjWc1THJ109DAxUKkGlRFo8+azpuNNyBNEOlVrDmID06uOV5ddyuVFj3jioZa/crI5yjYzi/Nvl7nxbJXheN5O7SqUY4lpsk9Tg2sVwu+yUm+XS4iIA8B+6i5xffIyBpQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHUSURBVDjLxZM7a1RhEIafc3J2z6qJkIuCKChItBNSBQ0iIlZiK4gWItj6HwRbC7FRf4CVnSCIkH9gJVjYiCDximCyZ7/zfXOz2A0I2qVwmmFg3rm870wVEezFavZoey7Q3Hv+/Z87qDsiTlZFBJIGKStZlFSCTpyUlAZgfXXfH9BAPTCberVANBB3RAJRR8wp6jzd/DotALA9UcyZgZxis2QNijpZjSJBVqeIszTfkMY65cAjuHxmgSzGlbUFrp1d5ObGErcuLLNxep5hU3H93AqjYcXti4cZZ2OSDU9CnVURddqmIovTDmoev/5GVcGDF585tjzg1JGWo0tDDgxrThxq6XojieOd0nRZ6dVpBxU3zi/T1BVdViKCcTbcYX11ngB6cca9MSlGlprojHqcglycVJyHL79Q1Jn0TgBdb1gEbz9OeL81IYsRAakYvQSeC/WvVOiLE8GsM4xnvsuGe/Do1RY/dpRenIP753hyZxURJ3JQXbr/Lq6uLfLpZ6aIk9XJssv8VK5dNcQcmcl7fKVl89kHmu0dJRVjYTRHGVSMpELaQLVCtEY8EAvMHHUwn067+0LVybtvok9KSODZiaKEOJENihPm01gD3P+62Oq/f+Nv2d9y2D8jLUEAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJbSURBVBgZfcE9iFxVGMfh33v3zM7uODMr6iaoqJWypBELZfEDCy3TWElQQRAstLKwMJ1iJVqpaBdCyq1tLCVWsVhihBAwyy4SdWMyc+fjzr33nPP+XWEkW7g+j0niv5z/6vsvhr3eG6OF1swMMzbklCyZOU29uBA4wbDfe/Ods1ubvV7fuGeDpVkT+Xpn9+3ACcqKbq/Xt+u3Jlze/5CN4V9UbeTg8EGef+RTtrcexWzFAicwY5iA5E6/f8h65wGcBl/d589Rhcsx0zBwAomJxMa0ahnVNVlzZrHhblUzogEZEpNw47tnd9eGZ86YFdwjOsVbKxJMa2f/1pN49xqzWDEePcFTp7v8K5iKrcdevNAxMxBHBGakn3/EHcaLzNOnP+KZ/Q/45cYB45c/J8WEADMbBpJqvO02f3xDblegGGI2AJ3CEFd/e58YI1falvbhDu2114kxcu6FK0gQiFbIW3K7ilz44oDF7T3OWsWdS3u8xzErwHqA9UCwCFIZMK15WjD//ZD5zZ9QiljosnXuIimJpolg4A5FARbuY7HzCl/u7Jbz2eJiIBaE9VNsbp9nc9v5h/KENPkBb/aAiOIM5TnyirXHP+ZX4JN3X7qfI4EoKdd4dRXlklxdB0WQI68xE8pjlGcoVyDnuECD5AmPt1EqwQLKM1ACNUgFynM8TVGeghnHBVrJyCjdRWmM0hjlEqUS5RKlKcoTlOfIa7w54EjNUlDro1Td6cXZ6gAfFFIHfAB6COUGaFHRAC1WZHJdS603LAXVzWc3v33tOcSrGAP+jwC73OK6xNLfULttUqzYsnAAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAADxSURBVDjLY/z//z8DJYCJgUJAsQEsMEZ5efn/f//+Mfz58weOf//+Dce/fv2C0yC8d+9eRpA+RkrDgAWZ07rx3ZVqfyEdEDs2NvY6so3o+MyZM5pwAwL67msqSLCv4WFjgTsHqEgRl2YQhgFG3867mpJirIs0JdlNmBiZGR6++c7QGyXDSKwXwGHgWHldU1KOYy03B8e/2YmSYC94enpegdn28+dPuM0wbz18+FAH7oX97ZrXgZRW9MxnV2Am//jxQwXd2cixgeICqsSCt7f3f3yBhpwmQPjz589UTge2trb/sQUWsq0fPnxgxBoLA5qZANTo8jopO/z6AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJRSURBVBgZpcHda81xHMDx9+d3fudYzuYw2RaZ5yTWolEiuZpCSjGJFEktUUr8A6ZxQZGHmDtqdrGUXHgoeZqSp1F2bLFWjtkOB8PZzvmd7+djv5XaBRfL6yVmxv+QjQeu7l25uuZYJmtxM0AVU8Wpw9RQU8w51AxzDqfKhFjwq6Mjdbj1RN0Zv2ZFzaloUdwrL2Is4r+y7hRwxs8G5mUzPxmrwcA8hvnmjIZtcxmr3Y09hHwzJZQvOAwwNZyCYqgaThVXMFzBCD7fJfv8MpHiKvaV3ePV2f07fMwIiSeIGeYJJoao4HmCiIeIQzPXifY+paJqO4lZi/nWPZ/krabjvlNHyANMBAQiBiqgakQMCunbxHJviM9bQeZdBzHJUzKhguLJlQnf1BghAmZ4gImAgAjk++8jP56QmL2GXG8zsfFCz8skA1mQXKbaU3X8ISIgQsgDcun7FL7cJjFnLUMfLyLRr0SLS4hbhiup5Szd19rpFYKAESKICCERoS95neyHmyTmbmAodQ4vGpAfmEn6YTtTahv4ODiRkGdOCUUAAUSE/uQNfqTaKFu4jvynJiIxIzcwg/SjF1RsOk9R+QJMlZCvqvwhQFdbM4XvrynIVHpfn2ZSWYyhzHS+PUtSueUC0cQ0QmpGyE9197TUnwzq1DnUKbXSxOb6S7xtPkjngzbGVVbzvS/FjaGt9DU8xlRRJdTCMDEzRjuyZ1FwaFe9j+d4eecaPd1dPxNTSlfWHm1v5y/EzBitblXp4JLZ5f6yBbOwaK5tsD+9c33jq/f8w2+mRSjOllPhkAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIiSURBVDjLpdNdSFNhGAdw6baL7qUuuonA6Cojoiw6qwth0VUsDIxKggohIXGtpA+1DxQhwoltsXKjNpbruC9q5jypMwf2sdlqbc120ixzfqzV8Lhz/r3vWRw0yAt38eeF857nx/McnlMEoKiQ/Pei5ayluP2YnzUdeZd8XpMWzef4hRtV24zXNRtA4iQpXxGwMvPSgFbEzHsJU6+BoTrgUVUIi9lZ+Bq2y4gM3DplWePdK3R59giCu0yAk4TdLeCjXUI6CWRTQJoH5hJAn8sEvqcJ5pqtFDguAy0nrGtd+3L9Yy5gzAt8Iue3IJCKAJMvSWEc+BoAvvgBfXUpxrlWtFZupECxDNyp9GxyqMQQBQIXgUEdEDHlsR9hYJpkYpA8M4uwa0sRc1TTYigf0aAJHGLV4BNuMmc9yRXy8n0g6QNmoqSLYQL0A7GeDPqaGQJfWg48PBhrjNowP2oEgg0kTQTozLecmQS+j+S7eOVNImy8gKHbBygwqgDdqp/dCSdytHWuFggbAL4XmHpDxnBLIqfL/uZqc4v+q7N429aJJ/U7KXBNATxMbjj+GPj8jOQpaXcA8J0UYVNlJPZ8fCRqFTVcY+peyfrNCLVr0XG6hAJlCtBx9MVdm5r/5WAyUheTlizlEwv6Ci6wdCdIAWM4swWRB4eXzb/iIv0D3GQv7yoI+BDUqwsC5OLe5v3KCq8KsOt2UKBuNUDb37+QnuuW3v0BGUzmBpilPwcAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ4SURBVDjLpZNdaM1xGMc//5fDZqTZ2c6Y9mIkmZelll2hlCVF3FDKlZRyQWJXmsKNCzeLcqdE5D0mL/M2s6HlJSlhs2Rv51iYOZ3z+/2ex8X/zHZJfvX0/J6b7+/zfH/P46kq/3NCgNNt3w6ost2pzBYRnIAVwTnBiWKdTAiHs4oTeX5467y6EEBUd22qmxb/l5ebzn1Y/IfAicQBCi7uBFVwFsSBMdE9mwGThYwBYxhtvIcxbvIEgTEfFGYVg9go1OZEMmAyYLPwth8AY924B85JTsCDviSoRCQiEYkby0AiAUA2J4Cq0nyzX3+mjZ5pG1RV1XOPB1RV9fyTqL7QEdVXOqOc/J7Wbceeq6pGBMYJokoYwMWOIYLA51LnEGEAV58N0T54iEdXBBUh1tXEgrIpZE1E4I+1oEAYeGyqLyH0YePyEmI+rK8rwfcC5lfPxfcD1i5LRF9rZdwD4wQVCH243pXkWeooT1sUVSV8sR/f94i13KHh1Utam0+iRaUsKVwH1OcErKCqxAJoqC2mowXmVFTS3fuJhtpi8p6WUTTcxbyte5lctZD069tMb2vlzurYLh+iqQMIfI+7r1IA9PT24uFx73WKzP0TzF2xgbyPD/BObWFK92WqKgpRT3eHANbayAMfVi2KEwb7WFkT5+GbFCtq4rR+/UxeaRWs3TO+A00zCcSrHPdAlZryqfQPp6lO5NMz8JOywkm8+/wdnZHg18sbFFzbSSY9wC9g5EeAC+jLDZK2Hzz7fmnWSYGxDmMdzgrGCdZZ6ks3MrXzFhUz8gmDGCNJS8+gr4oc9/52nds3lzeODvftCJxX4QL9onBizW175DdAmHVGgBeCfwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIxSURBVDjLlZNBiBJRGMf/r9FZc6lcjLBQdzaElI25LNWhSx0kiD1FUMEegyAqakHYS7hG7C261TEQETpEEoRgS7QDRXgQkShmrVCi1W3JUMcZRx2nN4+0kDlsH3x8w8z3/d57//k/YpomJiOZTAYNw9jo9XpCv9+HpmnfFEWJJhIJebLXAZvQdf2h3+8X3G43LEClUgmUy+UH9NPiZO8eO0C73fbl83kUi0UGcLlcaDabQbteWwBtRjweJ7VajQG63S7LXQN4nmeVEMIAI8iuAVQDxGIx0+PxgArJ0npnF7YiUsUhiiKcTidKpRK8Xu//7YA2m9aKsixDVDu4uLONjZMLx3H7Zo7mVdsdpNNpgRZ5OBzyNNn5A4EAzpgD+C5dAdG7pFepRj+nn0bXlpaOpFKpe0wny0jWMK1yOBzms9ksCoUCqtUqO/eqOA9x4QS0nyUom6/R/bUN1b0PZW1qfXm9FmUAStMjkQhPAWi1WmyQum+c/ffPMFPP49jZC5iam4dWyuGD9ApN+dMtdgTaxFPrIpPJWCZigqmqOgac/vgEp27chevLG0C6D/cBD44Ksyhsmnccf0RjqzYaDfY8Gux0Oqzu1xW4fHPA+eW/4q0eBjckwmgHDBAKhdg/t4zzb9V/PIdafInpF9eha3Wolt1bHAwOWwxgCSZJ0tg0k7l4aBoz7yQIB/fCwTnR3hnga53AhPmI2F1nu3h7ObjSaWxd4wwya3Dmdzr1+FxusPYbDlZf5OWGzT4AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJvSURBVDjLpZM5aFRRGIW/+2bmZYzJTEzMuCbRGIjRiAsYEIKNIoIiWGgluCCChZ3aCyJqK6hFxMLCpbKxERE3DIpFEgtjonGJYSYzMcYsb7nvvvtbTMC9yil/OB8/nHOUiDAXOcxRcwYkAQbube5JZ9asUepXnhBOvR+OzcQWIPzNpQCYad392iQBlDirGzqvp5RSIGUzSmGCsebRnjPDMnsFSLgZkTgqTucfngLuJAEwEmB1RVi4QqwT4GRQqpr00m0s7bjgIgJYvPwjvjy5SaJqXaM/tvB23+X2dBkQKUesJtYuYgXrfyaaGWW6+IhUeglIhJkZxPjLWbzuANmVG5n40Er//a6LZYCStDU+2gPRM0RTk1SvPki6rg1Q+IX7SFKRWb6R8fdvcJWmOrOYqrrG7OwHDsl5OWrajgIWRBAsVo/gDXdhojTZ5p2E+Vu4lYpPPf2Y0Bff89fPAkQkDrBeHxJ/R+IpxEzgjfUiUkW2ZRfByFUc15CqamK+/YhHKWo/0T1Qzi1ExBpsVMLqElaPUhh4RuBXkm3ZQzByBScVoSdXUHrSTW3nIRwT259F0iKKGDHjiPlK8d1LPL+O3Npd6EIXCVcIJ5soPe2mZm2eivoGML8USbT9ZryvldG0Wz3UN+gkKpZhVI7860ssyLkE4w18e/GK2g2rSKRbiYNARNvwJyAILw5d3duBsL3fydXvO36Nt7dOMvD0ORWN67GlflmYMrr4uCAIoJ5prNwoB/jHGs8ea49OHzmexInpeXCXTx8Gp7P1tZ07zvX2/msLfwH2b631NzUvSna0rURS4XO/WDq8+3zf0P/G9AOyUDsBCTaamwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIwSURBVDjLhZHLaxNRGMUjaRDBjQtBxAdZFEQE/wEFUaurLm1FfEGzENwpturG6qIFrYUKXbUudOODNqIiTWqvFEwXKo1UUVRqS2NM0kmaZPKYPKbJ8XzTiUQxceDH3HvnO+e73xnH8X7fLjJInjbgEekiOwA4/sbBD0Ov5sIqY5SVXiO/Rpospw01HphXrOttZPBMxCkWJ3NltZItq3i2pOKZklrWi9Z5SMuKwf2GBtJVxJotiqWLKpIqqHCyYO3/Z/A8UyirBDtLcZTi6Y+RdxdHAsnTAy/NM0TerCuRlE2Y9El+YjCWoLBkViyxdL40OpNmLuBo0Gvk12AuYC5gLqB2XAw8A2NBFZzXVHm1YnHq1qQpYs4PjgbmAuYC5gLe0jrnWGLwzZqDi33ksSTunw3JvKZ0FbFmi5gLeDswF2v/h4Ftcm8yaIl9JMtcwFys4midOJQwEOX6ZyInBos18QYJk0yQVhJjLiiald/iTw+GMHN2N6YOuTB9YieCozfE4EvNYDO5Ttz2vn/Q+x5zC3EwEyw9GcaH7v0ovLiN6mcf8g8v4O35vRg+edTr+Ne/tU2OEV03SvB3uGFQjDvtQM8moM+N+M0D8B92LjQ0sE2+MhdMHXShOutF/ZO6toXnLdVm4o1yA1KYOLI+lrvbBVBU7HYgSZbOOeFvc4abGWwjXrLndefW3jeeVjPS44Z2xYXvnnVQ7S2rvjbn1aYj1BPo3H6ZHRfl2nz/ELGc/wJRo/MQHUFwBgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJvSURBVDjLhZNdSJNhFMfPM9eW+3BjbGIKuik5toZCgYRIF/axEUbSRQUjiqigi7roIiiCrrwIwusKbybtJuquZLSBWcSaFU0slC0/arbC6PVjn+/Htv7PKKlwduDH/32ec55zzvPxskqlQpvZtUf7K2JJpJXCGuXkfPnBubm6zeJUVMMYUxSv+zwNdl2iYkmqFVY7AalLamIqqjAiheSacep/J25HBlazcoFaTd3V/OUyI4fFTbuH6zOZvCgmb5StWyao2yaZ3OZeajLtoeVMitYKAvXZj2FPOsPT2Ynif7ew8PlW92xunOaFCbLom8lqbKP48nNKrRupd/t968CVu11bJhi0F6+rl4ZoMveEZn6EaEZ4Rq9TyfXG7Cmysjz128sX/jrs6enpO4qi7AMky7IGtHs8HvZwbFwM2c5oVYKTLrcM08t4onCkf299JBLJS5L0SRRFgn5XYaFis9lcSObCxFWNRsOi0eirjh1m7YnVkZOnDTcpkUgcb7Pq6sPh8Iher9cVi8Uhp9PpQpJ2FovFOhhjH3O5XAsSCMAN0nA28krAge9FaDP0G7QJrGi12rQgCGOqnp6euWw2u44OviDgMBxvUeGgTqebgvoMBsM7qBf6AX6fyWTiesDhcPAtvGD8KYdgGJyFg3fQCf0KbYXO8w7AAh8DPm/DOQlgEbs/Wr0FVLj3RwdTvEJDQ8MbXtFsNvOOfBaLJY7xIeh7JPEiQRpMst8/0+joqAyHEUF2frrQTmgS7AQJBDvAEmhC5V3gYiAQ6Nt4iVigBgUE068r2gCLNuDXjUOnUqn0uPoOav3OW5nf79dwDQaD0k8mKaZoCMdoNAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKsSURBVDjLfZPLa1RnGIef75zv3OLEDObWqcaYYJUWgqa40MmilioE2kI3XVXRFsmqUAqi/4G7brpxpaLgpUIEcaEW23RbKRYqASfKJOIlMbfJZDyTc/kuXaS1BmNfeBcv/Hjeuzh/494PxoivmpkJU8WbZteGnoTQ49yxLz78HkAaKw59NtTTGYahEMLl/ywxoFXOtV8fHQVWAc3UBEEQigu/1UhYoCEq9HXPEnl1lDUsLkeMP2qjxb6PpJ3jX/ahjRD/QmWmwHFcHAGZM0NfxyyB/5h62kBphQwC+ntKTFY3UPQ7MGZtVRLAAI4jSO0cvldjaaVOqhMypVA2JggC4jSiPXKw2DWD+Q8gBFYZUp2TqJSVPCUzCm0AkWONRjoCa+2bFVi7CgjppBFPY12P1MRkSuO5EXGjQKtfYjC/RH53li1Jvw+DADivAI6g4G7m2Uw3yUKBFruJVrEJtdjOzJMSZa9K+YMapfIRBrvuh/dO7RgGkPZ1gNfFu9EgT/8co1h4jtAaL+nk455eDvRVadt5kPjxTTZs7BVqa3305nf9x161UFkYQRuDNoYd6Rz7enoxQHX6BZG9QXHgW3RznLBjC4l+Sumj3S0qrp2W1loEMLx6WAC4A0s04wXC6b/oKI9QmLpDXpvCcecRToy/cR6SJi+nU1eKde5VR0V0VMT4Hu88vIgXWYyawTFL4LRi84wHVyrJeGV5RIaeqGPytl3de0GIf1CWpHqLZOoXuvYMYbOfEbrBg9spMk3Ic20nqsuHDl+eHJW+FD+NjlX3ZdoOvL7i/eJ64b2hT9xs/jRStjE+ltm7zU8TubWc++QXj57cP7qay9p1/cm14d/TF6dsXPnc/vFjuXHm6+2H19PJt33e88n5O8v1sW3NxXhlYmLuxDdnH15dT/c3MC9g0QGCji8AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGkSURBVDjLpZM/T8JAGMZf/gRU0lgU1EZDok5KSIwOfgKJhsGlgyaOfAE/Abo7dNfQ1W9AmNk0kjYO6ISLk4tBDJb27nzfKyWNFhLjJZeXlnue5/feXWNCCPjPSEa9bLfbpud5Z67rJrECVjmHwyHVW13XTyMNbNueR8GNqqp6Oj0HDoqAc5CMSJrNqtBsNk7w6beBZVmHJM7lcquZTAa6L69A6ZwL4IKjkQCGZo7jRLeAixuFQkH+Hgy+wEXxo/2ABnw8D8pHso1IA+oxlUpBr9fzkxmD7eKOTBejdNrwiQTkzFBEi+hgCN227rEymU7/aZXj6QT+Xgm5mAyKpV2ZHlCIiD2IhwkCA2lCyczv/U3pQv3dAB5aF9nCWDwSBun152v4/PDk80QDQgtuJYn4CJnju/PFC+ALRMfHrUYS0CkkEgk/mXEpIAOfxN/cnwTxEMFdq9WCfr8PiqLAzGwab2BMGjHh0xDhRIJqtbpvGEal0+lcapq2t76xCUv5NSkIWltZzss7Eh6xqK+xVquVUXiFsxR8TFRp4hE/maa5NdXgL+Mbb/xsAcKofWEAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAABlSURBVCjPY/jPgB8yDC4FilKKDfJXZa6KNwhKYVfQkPW/63/b/+T/XA1YFchd7fqf/j/2f+N/5qtYFUhe7fif9D/sf91/BuwKhBoS/jcBpcP/M2C3gluKrYHhKhA2MEgN2pDEDgEb0f5zlvXgVgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJuSURBVBgZpcH7a05xHMDx9/ecI/OcXWzZRDPCqMlcFqklKZeSwi9spIRcSwrDL5K/QFJLSoTIJX4yJOQ6lkSYjfV4MGwe2549l7Pn+z3nfIz8INlPe72UiDAYFoNkMUgO/WT/njXAEcCmnwQhBAFifMT3EeMj2iDaIMYgWeOHWu90b1w7o8J9u1cCJ9T8BS55+eC6EImAMYSdHXS3f8EKApwwJMhqUl4GuroZfvdBWrRe4wB1qnyyizbQ3g4VFZBOQ1sbNDbiJZPYvk+OCEE2S2cigVtdTd+MSrf43qOjDrBBWpqPE/8+S5WOhdxcKCuDRAKiUWzPwxbBVtA1qZuixaMJXj1mxN2v30SbXfbB+w875HrDJelJVOJ55UopKCgAY+DpU7TnMUQp0mN6yF07m5K5Wwj8J2Hc+7yvtOHlSSUi/OJv3Zwv2j9nFRcvsZcvh7w85PBhemMxsuP7UKvHUThtEenPbfjJkMT7l5mWphcbLf5w6o/1hllda6IfrpkrV/mtsBDH9/GrRlIwdSlB5h05I0bjRGDUvOmRCRVl9UpE+Ju3bEW+aHPJqZq5cMjUKQSxGN+CRgpXzcGyYyhrGBLEwWRoPvsppUSEf6XmLywVbe4wb/LEVHkH5ASSW1WkHKsHZeURGs3b8y19r9/2rlciwv98OFS1V7lDD5SsXBcRfRMVJHnTkEjbyTBlK8Xr1s7tNaeilx0GYFWU1Iysro3oeD2OU0Dz7XTmWVN8x9g+72KOa1Nz6mOSfg4DsGy0stuxhxbz5saP1Ivnnds2nXl/mn84DOBLNH6rN3FnXKYr7bW2fq9bf+LdBf7jJ8/eN9kzWRDgAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAACuSURBVCjPvdChDcMwFATQD4rKwgxNwypjAxNTN6hmNakMKkWKFGDqEQo6QEbICH+EjBBeXnoFUQ0MAqOjT7rTEWg/dAhInDi9Eo9TP8dvWP3LsZ31pNa228CSLskM6DMofPwbZFkzqM0yb6ADjeaJmEE+OgnSrBgEEl3Z0JsHQv73Km65GhnNHb6AlmUNgrnBFSBZ1MCbK2wBYmlq4CbLelYGBBJDw2c+DUdevZ8ffsX6A70Y4hwAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAL5SURBVDjLjZNbSJNhGMd3KdRlN90E1Z0URVfShYKKic7ChFRKyHRNp3lAgq1ppeam5nFuno+JJ8ylzNMSRec3LdFNm7rKPuemznm2nMfl/n3fBw6tiC5+Lw8Pz//H8148LH1VvBNFDIWCgqSwUhxNlETiQ94D9IluHymEbtbGuGtk5eOLClnIuZjcwLNOAFg0LGqYmOsSwzwkw4q2Amu6GqxOVMMyUoZFVSFM73NBtokxWSsAkRcKOd8VlIBwCKZrn00cC5bHyijKsTRcgoUBGea6c0C2ZkDfkAxtWQJUWSGMIC/k/IRDoP5kdB5T9+NbVymm6pMwIgtDn/gOqLVBrY0q7mUUh11AadQVNKQGoFSaDmldl7NDQD99M4fdY/MHWNu2Ye/Qjn2bHes7PzFl3sOocReGtQOQqwdo16xC2mnoPg47BDTK6d13yukd+xw1bN0/gnnLBv3SPmapoPrrDxQpTfaCDoP8ZPiUgKZV+92lTbtFfiS3Ydo4ZMKd4+soVBpnJB2zLr+H/xAcUz+0MqgxWjFq2Ias26j628w/BY1Dy8Pj81aMUQJJ++zgfwvq1cs3mwmT6U1zO7KyslFZWYnUtAwkl/ctCKUK38TERJLupaWlbfB4vKeurq5nHOHaQUtrE7Foz5WWIj8/HxaLBSRJYmBgAOmvc5H4Kg/6z1+O6B5BEMwMm83OZMLVqiVlj24d8s5eCIVCaHQ6iMXp8PPzA4fDgUQigUAgYGpfNtseFBTUSUsSEhK2WA09Oue6QTP6pzchysyBSCRiBDu7e7jl7Y3e3l5oNBqoVCq0tLTA3dMLvCTZDVqQkpKyx9zCpLIYxLAa6ZIKxMbGMQK+8Dk8PDzh5eUFf39/Brr2cHfHwwD3TVrA5XI3Tx3TiCIDnNBgFOTnQP62CXK5HEVFRYiPjwefz2dqutdUV2PLzs7epL6oZ508Z21xBNny8t5u8F1fcDmP8CQqEtEUSfev7r8IvGSO5kXYoqJ4h+Hh4VYfHx+Dm5vb9V9HN9N1j9T0nAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAABlSURBVCjPY/jPgB8yDC4FilKKDfJXZa6KNwhKYVfQkPW/63/b/+T/XA1YFchd7fqf/j/2f+N/5qtYFUhe7fif9D/sf91/BuwKhBoS/jcBpcP/M2C3gluKrYHhKhA2MEgN2pDEDgEb0f5zlvXgVgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAADCSURBVCjPvdCxCcMwEAXQAxcuIoIFAUMgqtypcyXSqBIYNy4M0gSZQBNoAm2QCW6DTOBFbg1HTo6QyqW5QsU9vj4HK+wPHAJ88uhxDiuMwaFFk/qksUOF7cAJnmb8+rKmFXiN8sxgpomBwb6A7qUe7e2vw0Tj4qKNJvaLLkDRhRoS+QdGcpxQwml7pRaxpiowcGQZdHilVssoyu9VhsjAkmGgsCEZT1Rv/RHuH2BTqYa6xKlQmqPIda6ekGA47tT78wZ72Oy4vOPLEgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ8SURBVBgZBcHda5V1AADg5/d73/d42g66bF8ZTgbbxcpoKaNJXWQ3fUJJdRF5JxRF5EGEboIZ/QPiTeFNGF03GFiRUSZiUGxlSlnqtsZya6ustY9z3vPx9jyhfkRXacCEVBVARARABAA0ccvJfME7aWnAhOGDVX37STJiSgjEQIjEQAxICAgoWtz6rlr6ZEoqVdW3n3pC/xgJVn7izxliJImIJAiRoqDSTe8+eqeqKUgyYpkHDwEO0djg+jlunKW1jkBRIHB7mfJdtInaCCmbS1yZZPYiG6tkndz7HE+eYtc4INBoUGvQzMlJRcTA5hJXPyIG0kj3KKOH2THAQ0eZOc2Nc9Sb5HUaLWpEERH9Y7zwIY+9y9CzrM3y5VssXAD2vULfKPU6tSaNJjlRGxICsk56RnjgZZ44Rdcg0+8zfx44cJRiG7UGjRY1ooiAvy/z6ZtMn2ZjlayDR96mcg8XTrK+TKnC3meoNWm0yUlFxEgR2Vph4SuWvuX+w+x5lAPH+fgNi++9ZvHarzZ+uy4rp3avtw3mpNoQSArGj5NVWPiamQ/oHqHSZ3EluL2ybPT5I7YN3mfrx8/9fPEL6WYUQSzo2cuuMXpG2P0wa/9wZRLMTX9j6OCLyjfPC2de0jE7ac/ATvONIAUCWys0Nsk6WL1Jvc7vv4B89Q/l/kGeOgYgPXG3vB2kchRNtPjsGNkOFi5TbzL7PWdelXWWbf5wVufU6+pbyzbx31oiTUhODOvSf8e4O4cpVYgF23vZ0UdXHzEKMTN/7aqYRY1kw79/FeaWEt3t9qVQf1xXqd+EflVtNFFDjhw1NFm03dz6hrwVZElhZywuDa20n/4fCNbrcsCV4KMAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHtSURBVDjLpVPJqiJBEHwf1f/UH+DydBTtLxBRUAS9eFH04MGTINIHUQQRt3I5eHBfW20XFBVzKgq75TGPNwxTEFSTXREZmVn1QUQf/4M/Av1+X+r1ekq321U7nY7GGNNarZbabDaVer0u/SjAyTIns/V6TefzmR6Ph8DpdKLFYkG1Wo1Vq1X5W4EXWb9er4SF/XA4kK7rdLlcRAyilUpFL5fL8heBl21mkHe7HW23W1ouV7Tf72mz2RBcGSKqqrJCoSCZArxexThgkEejMbndbrLb7S+xpQDWYDCgbDarmAK8WSqUYVXTNJrNZoJos9nJ6fzFd5uIow/oBwTT6bRqCrTbbQ3Ngl0c/Px0CDKIgMPhJKvVKsqAi9vtRolEQjMF+JiEAOzj0Gq1Mi0jKxxNp1MBw0U8Hn8LNBoNFR1HGSAhKzICFotFwOVy0WQyEZMZDocUi8XeJfD5Kvj5fD5FBq/XS4qikMfjMXfERqMR3e93KpVKFIlE3k3kc5WKxSJDD7AMuxAdj8eCiKxIgG9OZhzSl4uUz+flXC6nY+Y4eDwehZv5fC4uEzJDhBP1YDAof3uVM5mMnEqlGC9JNA49Qc2YO788xInM7/fLPz6mZDIpRaNRJRwOq6FQSAsEAhonqT6fT+Hf0l9f47/iN5+1McdPrPQwAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAH4SURBVDjLpZPJiiJBEIb7oeqd6qQgoiNaavoCIgqKoBcvih48eBJE8iCKIOKWLgcP7mup5YKiYnRG0l2OdNPNMAlBlZn+X/wRkfUGAG//E182er2e1O12SafToe12W2WMqc1mkzYaDVKr1aQfAVwsczFbrVZwOp3gfr+LOB6PMJ/PoVqtskqlIn8L+BBrl8sFcOFzv9+DpmlwPp/FHkLL5bJWKpXkF8CHbfYp3m63sFgsQFVVEev1GqbTqQ6hlLJ8Pi/pAF4vQdt/i51O54tYURSxj6vf70MmkyE6gDeLIhmtYq1W6x8BQOhkMgGj0SgAeIb92Gw2kEqlqA5otVoqNgsPLBYLD6sQYGaDwcDDCA6HQ/xGF9frFeLxuKoD+JgEYLfbgdtNwGw2CwACbTYbmEwmsNvtws2ni1gs9gTU63WKHccylssluFxuXoILZrOZECBMUZwwHo/FZAaDAUSj0WcJfL4EDx+PhxCgTY/HIzJioHVCCAyHQ7jdblAsFiEcDj+byOcqFQoFhiXgQhFmR+hoNBJCfGICfOdixkN6uUi5XE7OZrMajg3/eDgchBsE4WXCzGidC7VAICB/e5XT6bScTCYZL0nYxp5gzTh3fnmAC5nP55N//JgSiYQUiURIKBSiwWBQ9fv9KhdRr9dL+Lv069f4r/EO4RAxpm00KCQAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKDSURBVDjLjdFNTNJxHAZw69CWHjp16O2AZB3S1ovOObaI8NBYuuZAhqjIQkzJoSIZBmSCpVuK/sE/WimU6N9SDM0R66IHbabie1hrg0MK3Zo5a8vwidgym8w8PKffvp89e35RAKJ2ipp7WDxvjltZ6jwCr5W2bpHHtqUnx+77877jsZxzlO3roAWXuw5ha1pl9MZdAW2ig8RyXyL8rnx8G6uH387AMnUMC2b6l10BJPdAfWDGhZVREuszT7D6hsTStBNDurO+XQEZnEypx1a28XW2F8HFPqwtOBAYJlCde9EeEZCy4sTN4ksrRA4LZB57vZCfMElUyH4E7Ap86r+LwIAGIy03cDr/lDNJGR/zDyBiHGc3i1ODjUIWtqbdIIexVY86kwZ3HijR/86GmqFqJGhPWs8oTkRvAgb+uZGHhVfRV3UNni41OhU8EDlstBSkwjKjhnmqAg3uUtS6y9Dzvg0ljmKkFCaRm4CJT+/5OERtG4yqZMEwdQt1biV0EyW4PVEE1dsiiMk8eMn0/w9Wp+PCNK1CQ6iBYeommkIpH5Qhy5AF/6Mrf4G955tUJlXxtsHieeWQ2LJxvVuAAkoASUcmLugZPqW0qsprEQjDx3sY3ZIMhXt1+DNw77kdmnYKSsKKx+PfoTQtYX9KtzWG2Rod6aujaJwWHk8+uDawGITeA+SPA7nDQOYgwKcAYhQQajyIY9eQEYE5feLPyV4jFC8CELkAkWMDQmoDPGsQaWYgzRjEU8vL8GARAV8T099bUwqBdgzS14D4VaiBA8gZALJ/t6j1Qqu4Hx4sIvChoyDFWZ1RmcyzORJLJsDSzoUyD5Z6FsxKN+iXn/mM5ZLwYJGAX0F/sgCQt3xBAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAK3SURBVDjLdVM9TFNRFP5e+0p/KcQIrZZXYCCBdIMoaGqESGxCTBqCg5suxsRF44IjgzG6mZjYwTB2Mg6YOLQdNKUFTKwYEJ2koYZSqi20j9ff91rPvbEEbXzJyb03Oef7vvOd84Rms4mTXzablXQ63Vyj0fCpqjpGgXq9niiVSqFCofDa6/X+OJkvnATY39+/IAjCvMFg8NMJAgIDqFarODo6QiqVWioWi09nZ2dXWzW61mVvb08i1nmTyeQ3Go1gwIlEgketVoPZbIbb7fYfHh7OBwIBqQ2AZM6JosiZWQED8Xov4fLkJDo7O1Eul0HK4HK5/JlMZq5VJ7YulUrFZ7PZ2MnZviWzWFtd4UrGxyfQ7+xi/qC3txcHBwc+Knn2lwLqc4wls347iH1tNQ67+xzsg1P4mFRht9uZSlitViiKMtamgFzmhjH5RItGA6jBAk3rQE3o4jmapoFMZABo84AAErIs8yQaFy5OnIciF1AoVXBluIlcLsfzdnZ2mB+JNgByN0Tm8Hs8HocBZdycduH2lA11JYNoNMoVrq+vszZDbXuwuLgokYqXHo/Hx9rJ5/O8Zxot3wfn7gcYv4Qg5NJQ9UgLaD6/GlafHHtAzo/TCB2xWGxpdHTUPzIywntlBKatCMzyFoZv3YNx0IPyRvjs1+XIo8i0QeEKgsHgdcIIEmPH5uamm5YqxVhZ38yT21jDtfsLMH9/D+zGgK5u/BL78Sm8nOQKSOaroaEhMA8kSUo5nU5YLBak02k+nVMb72ByDgIzD47dFxfOQN8QBsQ/S8QL+vr60NPTw98sHA4HP2vb3Sh9fgvrm7uoljMoUY1c1EMjLzhAMplEJBLhS8SiBcCCvWdOm9G9EsUAnaLeAPmniu0M2YjmC+Hf3/l/X/yG+6GST9/Ra0K/pm/uUlXAF1Yf/wakxYbML/JgHwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGcSURBVDjLxVM7SEJRGP5vmVfpAWGFERJUONQWLtEQOUQRbUK09IDW1mp1KKPBsdGlWqKIqGiLoq0aggqxraFARMpX95535xxCNLouDh04cM7//3yvwzGEEFDPaoA6l6vyEj3MaDmcc0CMX23NdY9X9iPxlxijsHK8GmxxUMAh1O+BAb8bEKZVnZntVMyisFYiotnRgkU4UMaByC0Hy/XpzWQ80GGuTwy1GUULO1tQrIQJQBLIsriuTW4kE71d3qWg3wNM9gqIOYeoWDHlGuALYQhHn/cCPnNpsMeEjyIBW9bzP8B/KlCsSAJ4TQNyiI0M97WaPe1NkM4TyJco+FpcQC3irECxYsVuM/iyaBFTplltzHU+6sx/KagCKCDlX0A6R5TXp5O77NHl4wd43QYYoOwJEAg7A6iEEZHsMijpVbzuhCLPqdzBzcMnNHsadT7CZrUUMB2gjVnZ6/v+6GzqMbt7e5/V+fBaIaqEbfUKEqByMH0enu8cu+AE0QVBqDOAYk2cvUmfUiqrHsxcTy36QqcE3K7lyrrx77/xG/TSBY2ALCinAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAH0SURBVDjLxdPPS9tgGAfwgH/ATmPD0w5jMFa3IXOMFImsOKnbmCUTacW1WZM2Mf1ho6OBrohkIdJfWm9aLKhM6GF4Lz3No/+AMC/PYQXBXL1+95oxh1jGhsgOX/LywvN5n/fN+3IAuKuEuzagVFoO27b1/Z+BcrnUx4otx7FPLWsJvYpIM2SS9H4PqNWqfK1W8VKplHlW/G1zs4G9vS9YXPx4CaDkXOFES4Om4gceUK2WsbZWR72+gtXVFezsbKHVamF7ewtm/sMFgBJZhd6pvm4kDndaAo2KOmt5Gfv7X9HpdNBut9FsNmFZFgPrMHKZc4DkjHyi6KC3MZNehTOuGAH5Xx5ybK/Y3f0Mx3Fg2zaKxSIMw2DjT0inNQ84nogcUUQJHIfZquNT3hzx46DBALizg2o01qEoCqLRKERRRDAYhKYlWRK/AJdCMwH2BY28+Qk8fg667wdXKJjY2FiHaeaRzWYQCk1AEASGzSCZjP/ewtik5r6eBD0dM+nRSMb1j4LuPDnkFhZymJ/PsmLdazmV0jxEkqKsK+niIQ69mKUBwdd9OAx3SADdHtC53FyK12dVXlVlPpF4zytK7OgMyucNyHLs8m+8+2zJHRwG3fId9LxIbNU+OR6zWU57AR5y84FKN+71//EqM2iapfv/HtPf5gcdtKR8VW88PgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJFSURBVDjLzZLdS9NRGMf3Fwy6jLrPKKerSAsqXzKn0xY4ZrIhbvulKwtrOCdYuWDOza02Ai96AxEEaXixTMkllDdKUjhrrmDMlMFGuLbTXO7N/b6d3+rCYFLQTQ98eTiH83yel/PwAPD+Rbz/A8D2dsupvlIRTjmdluS0XWT7WifJXu4gGUZN0q2tJHWxhSSbpGSrQRJJnKtT5AE0QEaVwMwLYH4eWF4G/H7A50Pu9StExsYQHR1FfGQEsQcPEXQ4ELzdj83T1Yl4+SkJB3iLJ4+AyUnA6QRWVgCPB5iYQE6nQ1CjQYhhEFWrsaFQ4F1jIz6ZzfB33QARlgU5QAnbo11kLSaAZsP6OvI2N4ecVIqQWIwv9fX4RrVaVYWPAwNYZdpBSo6HYweFsvwMaL97aL/TOUM/4HIB4TCwtARWLkeEBsYoJCYSIWAy4bOSAREcC0SLSkt/+4Wspp2fUammtvV6YGEB8HrB0tJJTQ0StbXYGBrCGg2OHT4aiB4QFBf8xpRcwU/KmqcyPfqfADqDRGUlUlYrnhoYdNtlbPs9CVqMFfG6XsHNgnuwdf4C/7tI7E733QI7Po6sxQKnQYk7TiWee4fhCblhf3kFzfZilHXutRVcjs2Ks/vjJ8/409puJK9roTJWw/XBAZfvfn6+ttlLsM92cIDkrhtGjpQfov2+of2uNfQJMe19jJ327P0wB/i7dT1xdV/S6lZh0N2WDx6caftzBTtFHxqbbEW462bymTnPnXedwS4QM1WcK/uXN3P3PwAfNsr5/6zP/QAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJcSURBVDjLfVI7aJpRFD7/7y8qdlDwQdQYwQYJJdCSNmSwlBQcQjK4Zil0KIUgXVwFUeji1Lk4dLGh7RCoDhYtRQoODnUqjVY0SJKKT3zg83/03Jv+YlLMhcO595zzffe8GEmSQD7CK580sztgmkgAtYsiSETwTrTq4ADg23fQfv3CyBgOFo7E8/NgGTgnkYmms0UIsNcIZvwVQBCoDDY24PzwcP6mJLcSoFOaToFdX6eAhtsNo50dGJpMwLpcAOMx9d9GEGYuLkHhcICwtQW91VXQ6/XQ2N0Fbm0NxF+/acxSAtXx+yBc/gnDWRXaSGBaWQGdTgc1ux3E0xJIxXJY9/NHcBHDkMbk83kNz/MuFMVsNgPHh08vzx67X9i2H9GgWq0G0vHH+On9zRDxT7EM1A2/31+lBLlc7lypVFoFrBtJqJDUWZaFyWQCHMdBvV6HZrNJgNTf6/Wg3W4/o2NE49FoNIpZrdY7JOVutwvD4ZAK+YAQm81mcDqdoFKpyIdQqVQ+I+6EkRcplUrdRUPCYrG41Go19Pt9CqSzRyE2EceYTCYFjAuGQqHX15ro8XhKWNvDYrF4QtJUKBQUIP5bICyRgNsYsyeD/5uC1+sdYECq1WpRAtIDohmGoSTYj0E4HE4tHSM5GLRvMBhoylqtFndnTBtK7qjt2PnNpQTRaFSDGTy12WxQrVYhHo+XMpnMu2w2C51OBxy4YFje/lICBD8xGo0arJV0+i2+HwSDweeFQmEvFotdkH7cJOBupG8tl8sVBB4FAoGkbI9EIkmfz3cvnU6/wR3YXsT8BaM2jDnYpij1AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJiSURBVDjLhVNNTxNhEH52u7RLFyi1QiCGNLWkptFAqGk86E0TDAl/wIM/gLOJBy9evHiy5x71RLyS4M2DxFRDQ6AS+qWRgkJMdAm17XY/Xmde2AUTjJM8mXffmXnm452FEAIMEiWbzd4rFAofMpnMffrW+O4UWi6Xu1MsFt+zD9/5cfLQVBTxg71WVnBlbg6t9XV4i4sYw4mwLbK6iomZGXzf2EB/YUHa0kIoqkLCTkYkAiMWg+u6GIrHMRgKIa6qEjq56MPD0jY4MgL9lJhj1dMzdE3DTrMpnar1OjwiaY+Ooj00BFfXsVOtSttOrRYQwO+xAXgxyr45OYl6u41pyp6i1lQKELYNy3HwmXSTcNXzkCPdIfs0oGrnK7iRSOC6YUD0+3DIyWMQWZiIrg0MIENaIUSOj9Eh0qCKUqkkHMf5J2zbFt1uV4KF7ziGYzVcIJZlYXt7G+l0Go1GQ/Z+dHSE+fl5/8kDUS8i4OC9vT0M0+RnZ2eRSqUQjUZBmQP4REEFbz+ZeP56F27fxptnN9FqteAvS6VSAS0QqBVZjXOuf0mw+U3BcvkLJhJhtJq//yrTNE14NHkOPjw8lGdGUMHdJx8fLJc8jI9FoNHCOJ0zdnbidmi1ZeZkMsnLI6vT6NV4oKoRxqtxyqypArblwO1YMniRVpkJ8vk8DHpazsrB+/v7AZEconnQfdiqmmj/tGD3XLg9Rxp9hGgPWHMFnHlqagq9Xk+2BP+vevT0pVirXEYiaeCg9gsvHicuepyAlMm2trawtLR0sgfxgd21Wxn79rvKJVlquVzG/4R25SvrPyvWchiOM0HOAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALsSURBVDjLjdBbTJJhGAdw6qKLuuiqi04XZoeLsnXQOecFfWGu8ECQJs08UCADLMQvUVI0UcksQj4NzM1DU6RUEFtj1eZMR02nkOWxNeUiFdfWTM1sKv2Lb+u0WvPivz173vf5bc/DAMD4X/LitgkGTXvmJs3bMVEfsFIn31UTG7prw4/3/w7L2TtYnoYA31TTVvyeu7LA8jUBNSlbqClbMKYfi/C5R4dpazimLDsxZAqcXRNgjNus8w48xtxzI1YG7mHhhRGTLx3oLDrsWRPAY59NG2nM/Dr/qhW+URsWh+zwPqOgST5m/SeQRuwR3BEcn6OSCBhTWSuShKB+Klu27LWSeNdeCO9DNZxV6Tgo2u8IyTqw6Q8gJXw3644gwleeSOD31OrlqLhbjBuVahTcykL7cCNKOjUIyt9Xf4jcu/EnoE844qyWnIbt2kWMNOXBTMaDSmKhShyBuoE8mNzZuO1SoNSViZaxGmTYLyFMEmL8CVQmBLa87bT8dTDLVQJ6dw5uuLJQ1JeB3D4pVL1SCIypmDDG/n2w930WPDXrcausFLW1tchXZ+PmUyVuPlei4Hou3SsuLYIgXwCPKeoXsP6oQUVlpy9XqJJhMBgwMzOD8fFxdHV1Qa3Ng1JLYmRsmO45nU76z+UUziN6eF34fSGPdC1U2p/hilIJ9+AgUiWXEB0dA5FIBIqioFKp6DoqKmqVz+c7/AhJkh8ZAeyq+Hj5o8WHoz7w1eUoLNbSwFn7FxyLOImOjg643W50d3fDarWCyWQucDicjX5Ao9EsMV4XB6/2t1aAbPOCXfAAaekZNHBGXAiCdQKRkZHgcrl0/DVBEMs8Hu+JHxCLxbMMj4E53VqiwLn8HpxvGMfpZAnK9JUwt9hhs9lgMpmgUCiQk5ND1/5ec3PzB51ONxsTEzPKeNMgDnNoeFdD4xvtwfJeEJkOnOIm4oJIAqnsMqTS9K+kMKmtOpevlclk89+zJBQKP7HZbM/3dQ59A+o8mPeL9bcZAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAH3SURBVDjLhZNJjxJhEIb7T8xVw78g6fh75mJGY/SqTjRGTXTcbu7xxtItPew2YxMgbGkCNMgSQkgDAiHRKNpkWPL61ZfQGcLioS5V9T711tfVQrVaRaVSQblcRqlUQrFYRKFQgK7ryOfzBwCEfSEYhoHlcrkRvV6PQzKZzF6IQJNJYJomn9zpdGwI5ZgLJJPJnRCBLFMzTaNELpfTJ5MJ5vM5zxMwnU5D07StEIGmrhqZ+JxZNqfTKUY/u4gbMq+1220kEgnEYrENiECTV5YXiwVIPP71Hc9Or+ORdAjNkHit1WqRC0QikTWIwHa0xuMxb5rNZhj+6OLk9Bpef7mN92f38JyBVpBms0kuEAgEbIiQzWavsB2t0WjEm76ZOTyWD/FWvYtP2kN8OLu/Bmk0GuQCPp+PQzgllUqJbEdrOBzypnq3gKe+I7xTj23IiXKEWMnF67VajVxAkqQDe5d4PC6yHa3BYLAB+fj1AV4Fb+KlcgvzxYy7CIVC8Hg8l9delO0nqqpq9ft9G/Lk81W88N/Am+gx/vz9fVHssFe4GNFoVAyHwxZdIrdr6kx8B9Nzyxa73W6H/YjbjiMYDIp+v9+iS1x9YhKz/Jp4J4BCURQne2mLDqxer28V7wVQyLLs9Hq9FoldLpdj6yn/73dlU51MfGlX/R/5GCirExPTUwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAABjSURBVCjPY/zPgB8wMVCqgAVElP//x/AHDH+D4S8w/sWwl5GBgfE/MSYU/IfpheiEwTNEm5D6H9lmBLxFtAmR/3+h6YWY95xoE7z/o+uHwM9Em2D7/yeSzSAICdc/xJhAMLIA+V1VH3Z4v2kAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIfSURBVDjLpZPNS5RRFMZ/577v+L5jmlmNoBgE4iLIWkgxmTtx4R8QLXLRB1GYG4lAwlWkCH1sShcRuIgWYUQoBIUVgojLyowWLSRhSCNtchzn672nxYxT6hRBD/cuzuW5D+c5H6Kq/A9cgM6+0VtBTk4tJwM/kS7BspvDsAc7w4w8uXGyxwUIrHRev9AcqYlERMRFAS3+E1RBdSNWglyGs9eenwbyAsuJwIvsjUjX7QfU7duF51gC9cBUYYT8NYJjhM8fZ+nvuUg2EClaSKbBGJfGhv0cjLbiGAfVAMQFEYwIIgZjDCHHYO2WGmzY9DwfP1yRz/cv0KLJLQLZTIpsah1EULVYDbDWIICq4khALpNE1W7PQBW+xmN8W4qTtTmsBvxIL5IJ6pECp8ZbYX0tDmpKC3xZLCe0kPr1oBFUU0XyCmEWFnT7HNgC3zhlGMcr6TtITJBLvKK6+jtX7z/ElDV4cGJzBn9COv6MPZXTNDcfpX53I6/nnrL+ftKPdtfddAHUWgRYmp8rKRAKPabtSAeBCThc287Eh1GiTS3Mfxq75OZnLd+coYG+YvQ7rtzpJyQVdBw4B8DltnuMzw4DY74LsDNs4jaXqqotl3wLC4KFw+panLnYNG9jU/S2jzD44gx+vlYpF2CHZx6dH3h5LJnVJmtL7dJxf+bdtNdyqJXx2WHKxGXqzSTAkPzrOke76waBLqASWAWGZ+7Gen8CJf/dMYh8E3AAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJZSURBVDjLjZNNaBNREMf/25Q1Lqmk2NYamo+amI+mREOhFhRS0CKKN8FT8NSeiiBIDiJYk4MXEcGTwVtI48FQouLNix48RCoh4GETqAmioTFG0qT52HT3ObtgqiGHPBgGdmd+M2/m/zjGGPpPLBazyLL8XpIkW7fbRavV+tZoNFbC4bDYHzuKAafT6TyZmZmxCYIAFVAoFMz5fP4x/brWHzsyCFCv16fT6TQymYwG0Ov1qNVqlkGxAwEUjI2NDa5UKmmAdrut2dAAnuc1z3GcBvgLGRpAM0AoFGJGoxE0SM3Ub0MDaOLwer2gQSKbzeKEoYIHa1P2nXfBqaEA1C5TK4qiCL/UwOLxInznbgiGgi6N27dWB64xkUjYyImKovBk2v3NZjOW2E8I7ss4dtKPnYmktdIsPX8YDJri8Xik14GaTIISXS4XTztHuVxGNBrF1otnqBt3MTZhhLz3GpO+m4C7C+dpezgQCNzvdUAVRY/Hw7vdbphMJgSDQVJfEwfFBKZP+elOn5HefIWltbuQxvdx3jqOl8lqmFIjGoCkypN0kUqlVBFpKzOw77h05gjGxptU/SvAFMiNT5hdvoO9t0/B5PbhENUEdWjValUDNOo12PU5GC1noTSzlNvCwnUXFOkHqTIHm+8qVuZ0hwDqQAM4HA44nU4sziqwzy9DGKuAHfwiRemwvZVTLwulncOk04qLrlF8iMzPceprXF9fZ8VisSeae1c6uLC6Cd1IgQC/KZH9t3ndURd2v2SQexNJcoOe88dHCxUmKwJTGLWv/GOs56F6xrb/AFceRXFTtLBJAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAH9SURBVDjLpZM9aFRREIW/ue9FF2IULDQuaYIGtTBRWGFJAgqSUsEmjZVgo4mFWBiwVVjBHwjGwsbCShExIAghoEUMARGNGFJYhIC7isXGRbORvJ0Zi/dWY5fFCwOnuHz3nDsz4u78z5HTlx6NDB4v3KjWvd0dMMPNUFPcHHPDVTF3XBU1Y/uWZHVxsXzl6e3hibgwUBhvy7WH3bmWHm5fres4MBHXEw/16s+Wra8lHgBiV+f6mX0tA86VlkkBbgCsNxQH3Bw1MBwzR83Qhqflxro63Z0dqGkKIOuCBEHc8SC4OGJCCIJIQESRyIksEDfS+9bIAE1SAFwEBCIHEzBzIocgEbGAiqMhdWxqWQTL5kAE3P8BiYCrYwIuQBAii1JAM0JTpAxJxQaQxUJsxvTbSV7NP6e2ukLSSFjT/cBJ4kaS/HEggLsjIvgG0Is3T3hfnuLYwFG6dvbwcuEZcx+nKY7mbwbPskSAZC4k00GEIMLk64ccPtCHBqVvzxAqCcVD/QAjwcz+Rsg+M4gQbahv37/QJts4dfAiAJdP3Gfvrl6AXFxeWn58/k4ybKqYGqqKmaFJgplh7lRrKyxUZpmvzDA29IDS1Fly0VaAX7KZbSyO5q91de+42t87SE/nET59fcfshxk+L9VuyWbXuTiaLwEXgA7gB3Bv7m5l7Dd8kw6XoJxL0wAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIfSURBVDjLpZNPaBNBGMXfbrubzBqbg4kL0lJLgiVKE/AP6Kl6UUFQNAeDIAjVS08aELx59GQPAREV/4BeiqcqROpRD4pUNCJSS21OgloISWMEZ/aPb6ARdNeTCz92mO+9N9/w7RphGOJ/nsH+olqtvg+CYJR8q9VquThxuVz+oJTKeZ63Uq/XC38E0Jj3ff8+OVupVGLbolkzQw5HOqAxQU4wXWWnZrykmYD0QsgAOJe9hpEUcPr8i0GaJ8n2vs/sL2h8R66TpVfWTdETHWE6GRGKjGiiKNLii5BSLpN7pBHpgMYhMkm8tPUWz3sL2D1wFaY/jvnWcTTaE5DyjMfTT5J0XIAiTRYn3ASwZ1MKbTmN7z+KaHUOYqmb1fcPiNa4kQBuyvWAHYfcHGzDgYcx9NKrwJYHCAyF21JiPWBnXMAQOea6bmn+4ueYGZi8gtymNVobF7BG5prNpjd+eW6X4BSUD0gOdCpzA8MpA/v2v15kl4+pK0emwHSbjJGBlz+vYM1fQeDrYOBTdzOGvDf6EFNr+LYjHbBgsaCLxr+moNQjU2vYhRXpgIUOmSWWnsJRfjlOZhrexgtYDZ/gWbetNRbNs6QT10GJglNk64HMaGgbAkoMo5fiFNy7CKDQUGqE5r38YktxAfSqW7Zt33l66WtkAkACjuNsaLVaDxlw5HdJ/86aYrG4WCgUZD6fX+jv/U0ymfxoWVZomuZyf+8XqfGP49CCrBUAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAADVSURBVDjLY/z//z8DJYCJgUIw8AawgIj58+c7A6lWIDYnUt89IC5MTEzcxAIVmKyvr6kpLi4C5jAygkkoG0FD2IwMr1+/VTp9+uJUIAdugIiQED/Do0cvGX7//gvxGxMTXBMIw/gsLCwM0tLCYD1wL0AAIwMzMzPD37//4YqRDUEYwAxkM6OGAcxGZmYWoAIGFA3oNDMziGbCNAAkCJL8/58Fp+0QS1ANYJw3b95/BQVZBj09bXjgIQIMxkelQeD8+UsM9+49gLjgwYPHYEwOYBzNCwwAGT0uf+Tb34kAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAL2SURBVDjLfVHrS9NhGB0Evy/9HQlZmmbe0iabspbbwJm6IKnMLWND2dzcnKDb3CJyjpy3QR+MgoxMV06HNl3iHBO6qDkjvGVlgn5Qt1yOCD393l8X8EIvHHg4z3nO+7znZQFg7Yer/ATVp4xbcavjowO6hKin5vSKp+4MdZj2ANFXcZKiB0M+Kx9TnXK8e1KBQIsYQ/WpoSFLGvVfA7cqnhrQJoTGbAJMdylpqDDdrUHwWQ38jiIM1KeH3IZ06lADt+YUNahPDPubRAg+VSPQmg+POQMvbmXC11aEye5aDNsL0a1PCz9Wp1B7DAZ1iZSnJikcsOch2KNFoK0Aw3c4eD8zzaDfzMGQrRDjj3RwWfLQcTMp3H4tkTFh0QFRdEDhQEs+gk49vWohPLe5ePP6FdbX17G5uYmF+Vl0as/BaRTBe0+Bh1XnYS2IC1uEsRRryJAyHmi7+OedEno4G1OTb7GxscEM/8X83Cwc0jTcV+agt7EYrdJM1HBixll0snyPJX3H1y5Bn5G9++njwr+b92P58xJMgjg0XT0LPfvYDg3+7wAN6fzndWlj9ru23e3tbUas0Wig1Wqh0+lQXV3NcJFIBDZrA3Sc2BkyfOAbrVbr1traGlwuFywWCzo6OmA0GqHX67G8vIzGxkaGo3thuVxexWazj+4xMJvNWw6HA3a7Haurq1hcXMTo6ChMJhMIPzc3x3B+v5/RCIXCBlb5y5L4672XLhc9EA0LlLwdbbUWE8EgSktLiQAymQzNzc3MFqQWCAWQyAu3iEmluvI7ix7+quy/gdqRSogq+DDVmxgDsnpOTg68Xi8mJibg8/nQ09ODbB4XdV41s4XBZACLvnnkgp3zJcOYPJ5akByVlcl2iUFJSQm4XC54PB7EYjEDUnO4HIiKhSFiIC2T/tyTwXH6iESiDzabbbOrq2vd6XQyb1epVMxPkJpwpEc0RLvHICYm5khWVlZCbm7uklQqjSgUiiiNHxKJ5AqNbLr+RjjSIxqi/QVm6pQnUTAFywAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJiSURBVDjLjZJNiI1RGMd/59x35l5T7x2DGRGJ0CBfpUlRJMlCSRZsUExTsxpr1lIWyupakIUFFnbSNAnJRlJMhhmM7zHkcr/vvO95zzmPxR3urHRPnc7p6fx/z/88/ZWI0Mp6m9ukSQXn0wu698Q/py6vGXx5FQARaWmPX1p3Ov9kSJLKE5keOfLr2bk1+0UE1YqDsVzfxZ4NvUNdm/fp2tdJbMVTejdan3j6oj9oxX6QTvd1bjygXX2MzKJlRO4rS3Zt6bC1Qq4lgDP2U1L4uEOn8ihdoz2bh6hOdTpOqYk7255nsuvXK6XnSIS4MvnFT5cGM+GS80G2Y2G4Mrsi0EWUDvGJYfzmRDQ2Xj4ZKNG9y3dea1NKgTTEKEXx1a1VheKV4e7th5WYEZT7zuvhKkE975S11Tfvy6eO3fhwO8BKhDfp+HsOZ1KgsygVMjP1kKW7jyuTzxEEnUw8snRsGGB130E3eXfft6NnPtwG0CRKizc40454jat9ZubHfbz5gUpNkUp3M/6gjursYXHXKKRMuw5k+b8BoyTj7QymDmJqJJUyYe8JurauBaBtwSBbBpqzUcF8cDpoAhJNMK+H+ev6AQ8iCB5vprDFe4grIbaE2DLiqmSWnYW4mZ2ARERchK+PNh67CmKL+KSAuBLY4my9jLgaSAzJnIwQI+ItPvnZ6ORKiC3O3guzncv/ACIW4rkAI6JwiP09Kyw2bbsSYitNsY8a37RzAGJ8wdZ/dSTV9hAfapE28CHIIsTFgEF041Ta4aJIxPi4CYjiC+8vH+pD2Isi/G+mBVCPDV6u/y39AQ7XjBmT8uenAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHwSURBVDjLpZM9a1RBFIafM/fevfcmC7uQjWEjUZKAYBHEVEb/gIWFjVVSWEj6gI0/wt8gprPQykIsTP5BQLAIhBVBzRf52Gw22bk7c8YiZslugggZppuZ55z3nfdICIHrrBhg+ePaa1WZPyk0s+6KWwM1khiyhDcvns4uxQAaZOHJo4nRLMtEJPpnxY6Cd10+fNl4DpwBTqymaZrJ8uoBHfZoyTqTYzvkSRMXlP2jnG8bFYbCXWJGePlsEq8iPQmFA2MijEBhtpis7ZCWftC0LZx3xGnK1ESd741hqqUaqgMeAChgjGDDLqXkgMPTJtZ3KJzDhTZpmtK2OSO5IRB6xvQDRAhOsb5Lx1lOu5ZCHV4B6RLUExvh4s+ZntHhDJAxSqs9TCDBqsc6j0iJdqtMuTROFBkIcllCCGcSytFNfm1tU8k2GRo2pOI43h9ie6tOvTJFbORyDsJFQHKD8fw+P9dWqJZ/I96TdEa5Nb1AOavjVfti0dfB+t4iXhWvyh27y9zEbRRobG7z6fgVeqSoKvB5oIMQEODx7FLvIJo55KS9R7b5ldrDReajpC+Z5z7GAHJFXn1exedVbG36ijwOmJgl0kS7lXtjD0DkLyqc70uPnSuIIwk9QCmWd+9XGnOFDzP/M5xxBInhLYBcd5z/AAZv2pOvFcS/AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAH5SURBVDjLpZK/a5NhEMe/748kRqypmqQQgz/oUPUPECpCoEVwyNStIA6COFR33boIjg6mg4uL0k0EO1RFISKImkHQxlbQRAsx0dgKJm/e53nunnOwViR5leJnuZs+973jHBHB/+D/ah7X2LXWloilyMw5YgtD3CDiBWN4Zno8bQcJHBFBucauZfsolZDCru0OfFcAAUISrLZDfPzSKxuiibOT+T6JCwDMtrQzYQvZHQ5Cw2h3GK0OI9AWBzJJZFOxgtJUGpTABQAiLu5OOviuGIEWkBUwC7pasNZj7N2ThNJUjBQY4pznAoEWsBWwxU+JFXSVRTzmQWvKRR5RG4KVGMgKrAVYflexAAugDCEygdbUCI2F7zobk7FZY76DIDQgrT9HCwwt1FsBhhIu4p4D3kiS8B0MJz28ftfGSPfl8MPLxbGBAqVpptbslJc+fEPMA7JDPrIpH3FX8LzaROdrE5O51jalgid3Lh4b6/sDALh6971riErGcFET58gwDPGndG9JT6ReHcwfPorGygu8rdxvGxMeP3XtzcofgigWZ0/EtQ7n0/sOTe0/Mo7V5WeoVu61z1yvZzZX+BsnZx9opYLpevXp7eXKIrL5UWit0n0r/Isb50bjRGreiyWmgs76lfM31y5tSQAAc6czHjONXLi13thygih+AEq4N6GqMsuhAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHBSURBVDjLlVM9aMJQEP6eNEF0sbiUouLgoLRkKXS1IG4dC6Xg2LXQRXATHbqVzq4iQjc3sVscnUSnYIdIB9GC4L/xL333IEFsBj04jpf77nt3l+8x0zRxaMViMbTdbtXVahVer9dYLBY/0+k0mcvltEPsGRzMMIyPQCAQ9ng8IAJd14OdTuedp+4PsS4ngslkctFoNNBsNgWB2+3GaDQKOWEdCTgY2WyW9Xo9QbBcLoUfTSDLsoiMMUFgkRxNwHeAdDpt+nw+8EUKp29O5rhEvnEoigJJktBqteD3+0/rgINNulHTNCjzGR5++1Bvb67x+vLF/dmxg3K5HOZB2+12MncxfzAYxJ25wcXjE5ixZCu9m/wufybfUqnLUqmUtwmomAtKi0ajcrVaxWAwQKFQEHOfK1dQajUwrwdSrw8ZEiKRSC4ej0NV1TwjJXI2IxaLyZwA4/FYFHL12T6fz+3o9XrhcrmQyWTQbreZ6IAnZS5dVCoVEpFYmFVEPpvNxJm+0zmRSIhoj0AJunU4HNogq3C/EwtHuqBfaxNQkhJ8NpGwAPtxs9n8c5ug2+2iXq/bojl0S41URKPuv2Dm9JxPsT8W0mO2IJm2EgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJRSURBVDjL3VNNaJIBGBaCDnXqVlEQO0ixrE1a26G2uYU0tyVaA2lsHtS5HzuYhTkl0CHZmpT/0coO0UVS6AdrkCPFkC0am+ambea2GjOYuubmN9vG0/eNLl1s0K0XHnh53h8eXp6XBoD2L6D9Jwuqq6v3dnd3X9fr9Rmn0wmNRjMnk8kqSewn8wTFUTWqh+r9YwGTydzd1NTUbzKZkEqlkEgk4Pf7odVqv6jV6kA8Hl+nuGAwCNfgVcSeCjD9XI/xR2xM2ErbaeXl5RcUCsVyNBrNCAQCb2Nj46ZEIoHZbIZKpQKVU5xVWzu+OKzEcvgVkFtANvwMoYHzKUpBv06nIywWi5TL5e6pqanJ+Xw+jI2NIRAIwO12Q9lZQWSiNwuFry+w+O4O8hEPNmeDiDzuIGgMBqNLKpVm7Xb7NT6fP8RisX6y2WzweLxtKDrOIB3RYCsfRD4hQ3r0CqaeiBAebFsaNfPotGNkNDc3TxmNxqzL5Up7PB44HA7I5XLYDEJkIipsESGszQhBzLdiZbIXM47apY/Gc2XbR6TT6btI2WUcDicpFotXe3p6CBKFu3KmdfGD8vdwO4i5y/jxSY1pa91qxFBxuqgPvH0HLk6+URS28gEQSRHW59uwTCqZttXnYwNVR4oa6WHXYVHU24uJ1/fwbaQFa8lWpMdv4LOV9T1mrCr5qxNdt+uBlVnEHlzCcO9BvL/fAL/u1ELYUHl8R1buk5RuFEJWFEZMGNGz4BIfyg2pTpzc8S+0nN1H3BIe3fAZGjbeGuv8L5WMkmK/8AtkdLda3u0iOQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIpSURBVDjLddM9aFRBFIbh98zM3WyybnYVf4KSQjBJJVZBixhRixSaShtBMKUoWomgnaCxsJdgIQSstE4nEhNREgyoZYhpkogkuMa4/3fuHIu7gpLd00wz52POMzMydu/Dy958dMwYioomIIgqDa+VnWrzebNUejY/NV6nQ8nlR4ufXt0fzm2WgxUgqBInAWdhemGbpcWNN9/XN27PPb1QbRdgjEhPqap2ZUv5+iOwvJnweT1mT5djZKjI6Ej/udz+wt1OJzAKYgWyDjJWyFghmzFsbtcY2gsTJwv09/Vc7RTgAEQgsqAKaoWsM8wu/z7a8B7vA8cHD3Fr+ktFgspO3a+vrdVfNEulJ/NT4zWngCBYY1oqSghKI465fvYwW+VAatPX07IZmF7YfrC0uDE8emPmilOFkHYiBKxAxhmSRPlZVVa2FGOU2Ad2ap4zg92MDBXJZczFmdflx05VEcAZMGIIClZASdesS2cU/dcm4sTBArNzXTcNakiCb3/HLRsn4Fo2qyXh3WqDXzUlcgYnam3Dl4Hif82dbOiyiBGstSjg4majEpl8rpCNUQUjgkia0M5GVAlBEBFUwflEv12b/Hig6SmA1iDtzhcsE6eP7LIxAchAtwNVxc1MnhprN/+lh0txErxrPZVdFdRDEEzHT6LWpTbtq+HLSDDiOm2o1uqlyOT37bIhHdKaXoL6pqhq24Dzd96/tUYGwPSBVv7atFglaFIu5KLuPxeX/xsp7aR6AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJVSURBVDjLpZNLSJRhFIafGf/QTJ008zKKIWTgQkdByMxW5SJQgmjVToKCcNNlIQTRosCNu3IhgbsWCSG6ELwUlJi1KS3FCymUDCWh43VG5zvntPgnaxMIfXA23+J9H973nICZ8T/PG3l0+p8KqoaqIWo4UUQUJ4pzihP/zwMoqalERcAMMwMLYoAJmBmmijpFRVA1UDCCTL6f9AVUHLHlH8TXNg7knB3KoTBc9IfAxIivbTB84R1m+O721wD3w7fIOlwGKD0PujleUICIEgTQVAqjO12M7jxhNzCHKLjUJAXerkbQ+BSmezhRLJVB0Gf2sWuPLrEb6OXl9g2SGsMJJB04B1O7TQyunGFj6wsiiiqIWoogJeDEUZcdQUR4nbhEknlfRGBuq4S+2HVuLz7dJ1A1PFVDnfiBaZLpjSmaS/KJbifYTmtmdbOGXL3Ct5WzbCWKUJdGtZrfyt8CTpRI/k+qjhUTzjhJdUhRq+Zr9jzKM8p2n5OIecR3Enw8dYJEfB0P8EQNdYaIUphejpribA81xVCKM8qIzqyTuRXkXGMdpXkVvJruY+LzG7xMxXOiqBgZR7JIdA5g4ov5nfs7sFhRzuWWFiQoRIqbGJnppb6qgd6FfjwRBQsQys0nJycPVb/Syqt32V4eBJShF8McCmRxsfIaAHfOdzPwqQsJ9PsEi7Oz+7v923myvdUnUCMWckxHx5mMjtHe1EPHUCsZaemkGQQOco31beGHpeWhew3VjVQU1bLw/QPjU2MsL613Bg56zvVt4Q7gJpANbAJdE4+j7b8A7WGuGfrlZ+8AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGWSURBVBgZpcE/a1NhGMbh3/OeN56cKq2Dp6AoCOKmk4uCn8DNycEOIojilr2TaBfRzVnESQR3Bz+FFDoWA2IjtkRqmpyc97k9qYl/IQV7XSaJw4g0VlZfP0m13dwepPbuiH85fyhyWCx4/ubxjU6kkdxWHt69VC6XpZlFBAhwJgwJJHAmRKorbj94ewvoRBrbuykvT5R2/+lLTp05Tp45STmEJYJBMAjByILxYeM9jzr3GCczGpHGYAQhRM6fO8uFy1fJQoaUwCKYEcwwC4QQaGUBd36KTDmQ523axTGQmEcIEBORKQfG1ZDxcA/MkBxXwj1ggCQyS9TVAMmZiUxJ8Ln/kS+9PmOvcSW+jrao0mmMH5bzHfa+9UGBmciUBJ+2Fmh1h+yTQCXSkJkdCrpd8btIwwEJQnaEkOXMk7XaiF8CUxL/JdKQOwb0Ntc5SG9zHXQNd/ZFGsaEeLa2ChjzXQcqZiKNxSL0vR4unVwwMENMCATib0ZdV+QtE41I42geXt1Ze3dlMNZFdw6Ut6CIvKBhkjiM79Pyq1YUmtkKAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKXSURBVDjLpZNdSFNhGMefdzues7ODc2wqW5ofE5WVqNgHdRM0AkPsSykWlBddGHXhRRdRBuFNQRR0E/QduG4kjCDSCx0omKzBpNmyi5XuVG5N5o6207ZztrOdnkkJXWRCB/78zvvx/7/veZ/zElVV4X8ezUaDfr+f9vl87EZzyN920Pf0bQ+XT97ZXUlp5n4YIC5KfbdPtT3Z1A7Q3M0w+cGcrqh4PsVxCqXhKFp9fPrWSPc/A9DcDHl5uMTEQmzhC9hIZHZ1aRkKbQ0ow50X7jdvGHC0Ruq3UDLwH3io5JSZrs721hIl7i20S0kKHDX53j/OIBAI3FMUZR8KstksjbI1NTWR4dFJubWhkuF5HiwWC0z7g+lDjj2s2+1OZTKZz7IsAzKmQaNSVlZmxzA7dlykaZp4PJ43ddYSJhQKOVmWhWAweKK6VM+Oj48/4jhOL0nStcbGRjuG2IjX660jhHxKJpMVGCCgtqEiOFheWAlVi+88cgsyirSgVhiGiQiCMLpWxomJie8YYhBFsVun0z2PxWI9uJIrGo06DQbDUDgcdtpW3g8Z517FVTFhzhRphXTLEZNbNF2mCgeByR5MPYMUEolEC/IbcidyAbljl//hYZPVnG3o7Tcztdsh/W7MNDflhr1fV6vWqoDf9AARRkMHbm0WeQBX9iEPGo3GmXR88Vy943iRbn4SyOBJ0C+8gNpqE5RLkY71P9HlcmVxF8VoqimcLrIB+RFVv99zY9px8xkhbcfWy7c6YIWZqWWV+t2BBgqVRgP8KtG6kjoOUv4R4F6eBzkdhRTOFxNayGkhQjZzG187KwboYu7KVrNCUZpFEGMK8EvaXFZSr5LNXudpZ9WlpBA5q82R6pxWDaPrbvuYcv0nJj6CVSYYRbYAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJqSURBVDjLnVNLa1phED1X1CS+Aokv0Ks0D2jQnbRJi6UJLdidBLsvXfQ3ZFnaXXfd5Re4KiG4DNKNaI1YUVDoUryVxIiPGOP71ZmvGBKkm14Y7nyXOWfOnG+uNJvNcP+pVquySqUKTafTwHg89lFgNBplut3uWavVOvH7/b/v10v3Ca6urp5JknSk0WiC9AYRgQkGgwFub2+hKErk5ubmy+HhYXKOUc2Ty8tLmboeLS8vB5eWlsDEmUxGxHA4xMrKClwuV/D6+vro+PhYXiAgmSG1Wi06M4BJ/P4XeLm/D6PRiF6vB1IGh8MRrFQqoTlOPU/6/X7AYDDwW3T7VaziPPlDKNnd3YPbvsr+wGq1otlsBgjy9YECmtPHxTyvlrqfJxMwuZ7A9OgAP4tjmEwmVgm9Xo9Op+NbUEAuC8NYPrXFdAoMocNkosVQWhU1k8kEZCITYMEDIsi0221RRNeF53tP0Wm30Or28erxDPV6XdSVSiX2I7NAQO6ekTkiTyQS0KCHd68d+HBgwKhTQSwWEwqz2SyPebYwQqPROCmXy288Hk+AbgO5XA7pdJpGmYp9YGP5TATf6dvJggIq2CWDbPF4PMLnnZ0dbG5uYmtrC16vF0SO09PTyPr6uo125f2DTQyHw28pD5PL2nw+76KlUrgrz82eaLVa1Go1kDKX2WxWiASpVOpjoVD4LEYgSd+2t7fBHsiyrNjtduh0OlxcXIjb4QUqFotsnrK2toaNjQ1Eo9FPBP1LwMvDAKfTCYvFIs4cNpvtLne73eKKeRfYFzb0zkRmJ0axRBxzEMf8G4MZxOB//o3/8/wBTrxxLgOn/DMAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAMoSURBVDjLndPLb5RVHMbx5515pxfnnaadQi9MSykzRSFSqyWjITVoUIMhLmClLky6YcempKBGgitDJEgaIlVjMGkkLkCqIUTjyo7YQs00dYYZpsNoufReaWn7nvM757yX4wJJJBoXfv+AT57NY2it8bBT2fct6aoeodQeoSgplISQYpSE+i6onv2gWr9e/tEbMY6/ZTwETmaO7ZKO+uKZ6q7WoFkBx/BQV7keN6fyuJj7qj9mfJJVjturlNf9+YH40CPAiV+P7tsYSlysDW/AtLqHcTuPoA5gp/U0zl39bKnS3ZeMGC+NJhNWNHdrFbdn7f3nD7cPAkDgw/GjUaHEQJ21EWN2Ean7I7jvrCBR2YL5ubtgjN4L692HttRVROtrKtDWaIFIDbzy9nAUAAJcUk9n9S6rRFPI8wlwV2B9MApLhPBN5sJ4LHj6miDnQKI5jMKMQLSqHG1NEUtw6vkLYHuDoXJk7QKUK1EVsNBe9QRGiz+D1sRBR5p9HZsjQeX4mLqnUJyTaKgNQ5DYCwAmJ7FNGi4CMNBhPYlN5THc+b2EdCl9tjUysIFIdsZqKzFS5ODMA1v1sDUWghTUCgAmI071FevKuiI7MD9zF/1jJ5ckU33Hll87M7GSNn8IP15aWBbbTRjgzIf2fUhlQpEIPljAafKXG8Mdl64PLkqSxw/PNp3fvRR+S/PcxPM8/cKlbb0Q0gPnGsQ81NaEML1gQ0kqPQAYfflt5uv+U1Ntl7esBHs0p7yzudkyir/BX7NBRODCA3ENYbtojj+G4aslOJIuA4A5WOo4qzkd15xOO/GWMifeAt/zYI5lAcYguYSQHoiAzu0RFCbnkcllbM9RfQBgapuZPuNvqp3JMremGuJGHqHGJvg2g2YEKThIeEjEwigUp1HM3YQrRffs0JFFAAiEPj6z6K+xbuNaGsgVEGpohE8cHhE8ElAksMocXEll8FMqNTkzd+vV2aEjF/7xhbWuF1/WQnyq4pta3fp1CPw4Ar3wR/tzO9455ylJrqu+91x1Yj71rv2vZwKA5a1PWZ5UvVqpPb5yktp12xuWZrL4jx4B/k9/AolT0+iTfsOYAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIQSURBVDjLjZPbbtNAFEVLvoNK/ENRv6W/guChbzwXJRJBDRIgVQglUjClddxUpCEF00RJE8fgXKBtZGzHud+vzWbOgE2gRdTSfrBn9jr7nPGsAFghsec20xrT+n90h8nj+pYAa+PxuD2bzS7n8zmuE1uH1+vdWoYsA9bJ3O/3MRgMXHU6HbRaLVSrVQ4xTRM+n8+FOOZbjHy/VCohnU4jmUwim81C13X0ej20223Yts0Bw+EQVMTv9/+E5HI5TyaTeZhKpRbNZpNvJFOj0YAkScjn8zxFrVa70hKfCTNvkHk0GoGkqiq63S5YO1yCIKBcLnNIvV7nBQzD+A1gZpGqKYrCo1JE0mQy4QDLshCLxfg8CEzzoP0uQJblCg2Geh/2WwiFQjw6GS4qOooXFl69OeQnQGBqj0AuIJF4XzHKu9BST9EzJeztBxGPx3FudZA4PUNKM7ATPsB0OuWpnIQugMUTbbMAw/yK/PckTvWPOLeLMCwbn5QznHzWIURivB0CkCiNC4hGoxu7EWGRN5I4+XaEY+0AcTUCtaigatexvfMaXwolnoBE5j8Aoih6gnsvHz1/+3hxXIhCLr3Dh8IhZC2GQCAANiNe1QE4cgHOj/Rg897m/pGAF8I2noWfICwFoRU09zj/1hUAvbCPi3/dg2t06QJ+Qe6yqANauImZ7e3x27sEWCXIDa6zI7r6qz8AeSLtQ3VwWP8AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJXSURBVDjLlZDhS1NhFIeF/oJBEK5ISiIJsaxkTAQTR8wSacY0xdlmbZqkTZ3cmmKprU3naltOd2u5UtFSAiuSaAUVGEKDvphtXuVu79xttfB7Ef16FwRhG+mH8+H9Hc7zPuekAUj7u9omQ2ieIGj0hqB1B76s76+vf4KmCeFh3wzBxekYVGykYdMALbsEtZsfrR+NQ+mK5m8KUOchUNk/vqlk41srB6MosxLDhgHqkdhAw/AilKb3/YrO+cKqQQK5OTS2IYDKE9uvcQZQ3u0vSrz1r7T3au/3obh3Zf6/gGp3dEjpJFCYPuC4Tdimf33Wa39ngfVtLxS3ulHuKdkid1RFi52EOWInvgIb8eVbyZTUHNYlPWLj89M2y9wVzC7PoPNZO446rn8/NrQKzVgMBVaCmhEBFx58RgW7igM9vC6pVvWkot842wL73CyUtwVox2OQ9hFLopd3lbdovAJOuaPY17HCpNytxFH0rfXxC9TejUHS8/JnnokXJfKcLp7VUIsyZxh7GE6XajhaaJJCYszFQeNl5Fxy/aC6vuwuHiecEVx7EkcWs4yMVk6U0kBiDouorq+Cqp50/db172W4qTN3BDTRlXbqg/6kR/xTuT28v4oVoBxeRVYHxySyXQaOKR0Io8QaxvbzASYlgOrKZDYCy9OvyDYuI9PAiajubvrrSsu4gMM0E9cHZCkBVFdXeiOM3kdxlDkiyGxbQpZhCXJLCPrRT6i5GcGhdg7iukVZUgC9rojqshn6IHY0BxO6fvG5AEN/ZcTaxTU6uJZet8CmqxdEvwDWpa/ASC8BSAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIkSURBVDjLpVNNiFJRFP7eU1E0KSLTMpAwYSxyaidDtChm0WYQ3NSutv2s2kwwm2igNgMtooUQEQhhA9GqhSDTQsZZFDbNDBgVg5bSw9J8rzFF33udc+HGg0ladOHj3nPe+b7zc99VbNvG/yy30yiVSl4SnCNcsixrivYEgY7WJu0faX9EKGUyGVNyFFkBkY/T+WkoFEpFIhEEAgH4/X7w916vB8Mw0Gg00G63y+S7mM1mm4LIAYxisbhSr9c5nT1pjUYju1qt2oVC4YnkqbIUMk6Ew+F/9hyNRkFJLuyaATmFoqZp8Pl88Hq98Hg8wtfv99HpdNBsNhGPx0XsRAG3241ut4vBYCDs8XgMXdcxHA7FN/b9VUD25HK5RAUczKC+hYgcNpNN05xcAQdLkqIoIlj6VFWdXIEUkAQGV8M2k2vaG3z6sYGfVR39XzsHlm/dX3h5d31xlwAHM5goBd5+LuO75z3OnU3jyP4EVrZeKGub2p309cP7VKcAQ2Znoiz3deMVTk1Nw1RNTB+ahamMkD45w7RrfwSYwFdFf6K4Quf6pmvwKHswl7wh7Jvnc4gfTPHR52zhcqVSeZZMJgOxWEyI8BC5CmOnh63WKtZbZczPPsa94hX4XCLJQHG+xnw+f5SEFghZmvhefgvcTqn2HN3gBmZSZ5CInMaHr1Wsvivjy3ZvSZn0nHO5XJDIxwgWDbW2vL10m9xXCUGCQXi49qA1/xvyq6BCh7yZeQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAInSURBVDjLpVPLahNRGP5mcrWZhGgaLEwtJFJJqQEXgoKIkKBkKfoAeYKA4M7S4kLyDF34AF4eIIOQMC7sooqbECExImnSGgwqTTtmcubm+Y9MSAWh0AM//7l9l/9cJM/zcJYm44wt6Hfa7XbdcZwCD9i2DcuyZsEYm8V0OqXcKJfLRcJJVAIH3wmHw3o6nRab/m3zZYZCIei6jl6vV6xUKg3hgCtuJZNJDIdDRCKRGWgeSP3BYIBEIoFMJkOiG3y6ITWbTaGeSqUwHo9P2KVSCChJEgKBgFCPx+OIxWLQNA3dbrcYJHWyTrXSpmg0KsJXn3dC2XVdmKaJfD6PVqu1ESQlwzAwGo3EAfmb6DAp+2PtZxUTy0Ap+QSR0DkoiiJcEkGB2GlAIF6SsCzL8gkHE2WK5fQaXu1v4uHiU6iqSphCkFSpVgoioCCCL6nXXJlfoWuD8TX1/CrWlm7gyDTwvP8Im+pLUbYg8IFkNZfLidz9xXB3vQzH4+W4fA0eDg77yC/fwjGb4PHbEq449/8S0A0QgW+XwhwxAe79+AyLu7C5G8uxMJ4e4dql2zi2fmN38gJBfqJarVYrzb0ykc20CduxcTGxwsGOIPt2uIcLyhI+9t9ht/Meq8PijvS/z/RgO+ua9B5cBtNmuLy4Lt3M3sOHvR3UO2+GzEbxoOp9kk77G68+k43rK4UFvVPfZ64At2d/4TQtuyUZjhtYmLhO9nvV++rP/wHfnZcUJl+kcgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALvSURBVDjLjZNvLNRxHMd/Tft50AOPqs1aTapJzp/8yYWaLM5k+a/F1F3FxXAidnIc53adc7j5uxo6OqX8PxcdZY7uWhJRD1pqrXWPCveb8ATvfq4yitaD95Pvvq/X5/t9f/clABCbpSv5CEnHWsNjWGvSncit9m0Jq3kMoybdcbEny3lRm33UqM11I/9LoE5xIGnQpJOxMN6UiNfNKdCXh6Kv4Jipr9CT/KdAk+ZI9mQ6m4bkQZh4wKOThomWDEy2Z2O4Ogo9BUyTJo9JbirQZDiRvXwXargsGJMP06GvCINW5IXHYm/oKqMw1iJAvyISLXxP6l66B7lB0JvlQmqzXSm9IgSTrZnQV0agX+qLt28mzOkW+aJPHgmDKgtdhSGo47pSVRddzBKCLoikC6L05WGYbOPTR42EVnIKL0deYHp6GrOzs5h6/w5NmT5oEwbjya0kNFwPgCyCQRWesSeJvjwPg74y/Nc9o2nYD+Njo5iZmTHDv5Oq8sGVehfUXvNDZ3EsKi57I9v3kIGgm2VpC5nLuqpoqIUnVj59nFqbvD7cBk/kq88jusYOJWwm+CcOLtNh/Swwj8nqyPUcUpTKVxYWFtYmJjceQ4LSDexaZ+S0R+LBiAIZD8/idMlu8AL3h/71jDKZbI6iKLMgiYY7XlWhdbTCDN4fKUNZfwaUhiJwVf5wl1guM0TbrDYIxGLxnMlkMgsu0fddhUu0qZD2JkH8KB5CNRsFmgTU6ESIveONg3nEEpH8lO3I6TwXE6UM7o+ShyzdHWzAqiTm9mE0vyiD6rkcSn0R6p7dpCWJqNYVIF7Fgm2uxTxDsC+NoOEvvO54CAauIbmbA44iDkajEaHVNghU7IFf6S54yawQV38cVYNCcBr9YSfagfDaADjx7L8T9OSBQIXvZy+hu+Ekz4sKvhr0lcvlfpBIJJBKpaB7QXFxMRzyt69cUPrBNsdyxV3gMEHD3w5cshkgtvqmf8ZGQMzvvWGBnXzCZv36D8sKlHMs9WAJAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAEXSURBVDjLY/j//z8DJZiBLgZkz37Ynjrz4ReyDEideb89afrDf5ET7v4n2YCEqXf7qpY9/T9r76v/Xu03STMgasLteaVLHv+fufvl/6k7X/y3qrlCvAHBvTeXFC54ANbctv7p/95Nz/5rFZ0nzoCAzpuPsuc++D91x4v/jasf/y9aeP9/89rH/6VTTxJngGPDtc3xU+/879789H/5kgf/02fd+V+17OF/yZhjxBmgVXCaRT3v7BqP1mv/a1Y+/J824/b/woX3/osHHSAtECVjjqy0Lb/wP2/+3f+Zs+/8F3XfS3o0inntXWSeffJ/0tRb/0Ucdv4nKyEJW25ZYBh/5L+w5fb/ZCdlQYMNs4WMt/wfuMyEDwMA0Irn/pDRT58AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIwSURBVDjLhZHLaxNRGMUjaRDBjQtBxAdZFEQE/wEFUaurLm1FfEGzENwpturG6qIFrYUKXbUudOODNqIiTWqvFEwXKo1UUVRqS2NM0kmaZPKYPKbJ8XzTiUQxceDH3HvnO+e73xnH8X7fLjJInjbgEekiOwA4/sbBD0Ov5sIqY5SVXiO/Rpospw01HphXrOttZPBMxCkWJ3NltZItq3i2pOKZklrWi9Z5SMuKwf2GBtJVxJotiqWLKpIqqHCyYO3/Z/A8UyirBDtLcZTi6Y+RdxdHAsnTAy/NM0TerCuRlE2Y9El+YjCWoLBkViyxdL40OpNmLuBo0Gvk12AuYC5gLqB2XAw8A2NBFZzXVHm1YnHq1qQpYs4PjgbmAuYC5gLe0jrnWGLwzZqDi33ksSTunw3JvKZ0FbFmi5gLeDswF2v/h4Ftcm8yaIl9JMtcwFys4midOJQwEOX6ZyInBos18QYJk0yQVhJjLiiald/iTw+GMHN2N6YOuTB9YieCozfE4EvNYDO5Ttz2vn/Q+x5zC3EwEyw9GcaH7v0ovLiN6mcf8g8v4O35vRg+edTr+Ne/tU2OEV03SvB3uGFQjDvtQM8moM+N+M0D8B92LjQ0sE2+MhdMHXShOutF/ZO6toXnLdVm4o1yA1KYOLI+lrvbBVBU7HYgSZbOOeFvc4abGWwjXrLndefW3jeeVjPS44Z2xYXvnnVQ7S2rvjbn1aYj1BPo3H6ZHRfl2nz/ELGc/wJRo/MQHUFwBgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAL2SURBVDjLVdNNaBx1GMfx78zO7Lu765qQWIPteqiH+IKCjTmkClIVPHi0pVDSXBT0sGhLUOvJl0OL4AuVBC+CLXpoD1KqweBBWFFajOChSTU20q2h6e66nX2Znfm/ejCJ8Qff6+fy8DjWWgCmz9f3AR/cV0pPhtIQSoM0hoEyAdAFmoAG2kAL+Bz41mNzRqmJh0fzk689MczO9YUphsIU25EeExK6sebPZo9v/ugfAKo7gZFC0gGgflvjOw6eAwkPUr7LvSmXhOviJ+CRsQy7irnyp5fW33e3AC1loWQilIGucAgkdDoRQQRBBK0B3OppAF4/e53JSo4HhvzhbSAfBiP7v5pHHZ2mH2kqJ2cZ+uxjwqBPNzb0IstAgAEc3eGna22WrgfrLoA4Ol2eXfrimZw3QDoeYWyRePh0GZ0/RdTu0o8NfWnAwkYn5sPF1Y4WYtoVR44cNGH01+iwXzT1FvVj76CApUNVxI2ApNNn77EZUrXviZSDsaB9jRKicv7lxxZdM4jm433jabO0Asdn6eTLOC7oQpnfX3gFfrmKnBjnnrmTuFJiLag4RotYA7gmHLyY+LoWmcounBNvYm81cLEkgyaVuXdRe+7GuVijPlPFSfpIren1Q6WE6AC42YsXvjy9e//EtdXbyHyKyqszYOH+946TKHiEbcOVuXMEUwfI+NDqxahYbCy89awFcAEWhvaKj6YO48WQaDTAcXGbDcIA1k6cQuaKYCHruTTaA7SI17eu501Vzw4Bbz84OU6veobvlgW5rubHTy6Q9i2+B8nEvxWysFoPUUJsbANaiKeA535eXqM98OjFFqktsXQQyqC0wVhLuVjkpadHudkK0UI0/gOkfPT5Jx/KvHH48f/9gLYgtUUowMLphXWyPnR7IVrK1k5g7WYz4MziMqV8hlIhTSmXophLcUc2SSrpkvJcDk2NkPKg8XcXLeWNbcAoda52eWWsdnllN3DXZnduVkwnfT+d9inkMpQKWX69Wv8N+GEL+AdfSH+n2ppttwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALDSURBVDjLpZNLTBNRFIb/6RMqtEDBFopFXiFGIERYmKgJUXBFQly4gI1LXbghcYPiI/JYmbhxLQvC3hjjQkSL4SnvYCRUCNJCSwSq0OnMdObeud6ZBIzB6MJJTiZz7/m/c89/5gqMMfzPY/tXwkYkUmkRhOuU0nJCyKvs7OyXPp+PHu4LfzvBSjh83+PxPM5wOs1vSZKQTCbjsizX1NXV7ZmLBuBPMbOw0LsVjzNVVZmiKIwLGQewRCLB5ufnv49NTGQYeZY/VQ6Nj/d5vd67BV4vOAC8IjjEqA673Y4stzuHi28buccAoVCoJ+D3dwZ8PqTTaRPAewf3wHwfHBwgx+OBRkjnMcDq4GB3FaX3TrvdZkVDfCg0QtM0c52birSm5f0G2O7q6vY7HF0FNhtofz/02VlTbIgM8ZORdvS+v4bME04kRRGpVCp8BFhtb7+ZUVralcF7JpOTIJEIhIEBYGjoV2Wiojj/DDpeNOHT8hJSothkjnEsGHT6W1qUYGsrtOlpkFgMOh/Xw+Y1MKpCZRQqhxTlVaK2+CI+fn2Hxc0pppC0+8OdhGhLWq0lRQ4HGDeHRKPQueOUB9FVNFffAGU6qE6hgyG2H0VN8QWIqizMRkb2a3ssebYfsqzK8Tj0RAKU93YIMI5siDf2vkDTuYm6Bo1qOEgnUXfqEkRNskytj+5ZdkRxI7y4uJRcXmb2wkLQVMoMhSgglMDnDsLvLkGhpwx2ayYKsgOYi45hbG10R1LRYP7Kz3Jz8+srKuYqq6r8mYzZpc1N3GqLQuFjVHkrMlFZef5Z4XzZVcxExjEcfrOtElyJ9bHPR3fhaVZW7kmX6/m5QKDRIwhuhRsZkyQ9Kkmtbbu7r6t7LKmG4GVXKDy8peqmeOXYZXrkcAgeq7U+02JppIytqbr+tkNRksZe2QMhRXWrS9Zp2bc+tn6o+QkxLL87j8znVAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALJSURBVDjLpZBrTJJhFMdfxUzazHQzp5aK84IgysULmNc5SXMFloVp09CJqDOXt+XMiViKlnkpxVZG5ijLlZZmZpeZpjVdfelrwqsfa3nJlAB5T680kNba2vzwe852nvP/PWcPAgDIdjAeIRXTkCGfS92WIKZ6WsRrn7tnebmUlt6Egy4JTn7Cyfy3oHwK2A0oK6ZRZYi7rCJu9lYO8ye/847qcGaWU47N4ehxFnC8/xaUvQU/yQIhsAbV0mvRkbXouIYfsfHYajw30jS4yk3yXklMXlk8xF9PvopK/hCwSifB+6Bkv3vFfFPe6QHdGpOtWQ/jdFi+xKpBm8Nr1QaOVK2PrFdro2VqzCxglk6AafArhYPNMxK0lmGvYrTPp0Sl9y9VKTTMUN91VhjczZDJtwQl40aBfq+bUuu6Tx91ZEyzS4i222fPE/Zkq0cdhaqf+XcidLkKBmR104haCm1cQw1aNgvoZ19DFZ0fbLB3xDZ2O9UjaegFRICCtQA1EAQoZntCLchRMNZqh9JB0EUGXocnUUvy0W0Jil8BWO3ggbXtZ9PaxcooKOplY3k9LEzYHQznB47Dg9k2KOvnQUKLi2HR023YLAg+8wK0iE2qHrFxMQkKe8Nh8GMnPPxwzRjsm22F1pdl0POuCcRKLoQ27DTQ6qwcjMNBRc/hpjM51hSOkzE78ZWN4StjxdA4WggXR0QgGRKC9GkedE3UwanbkeBbg2wYA7TCZ8ApC3Rll1Ovh5fTFvD6LeNGANyfaQXl+2bomW6CW1MyXFIA8gkpiJSJQKpGvrhXIvTfgoIRYIoDeAyxP9efz0nAKzFFTsKS2tyx+BZn7MAlByxTEQGdbySQ3csFzyrrFY9zdiHmP6DmDwNVPAQU8ROcx0ARDeIMQMAmuY+AjEOV2kFWTzx4VTqBn6gNyDn9YBb8D/jKax5VBHCuREiW/V/ef2+t0gzxSwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKfSURBVDjLfVNNaBNREP52s0m0cc2PUaiWQLGKYtWKCkUPohJJFfTiIQcv2tKDCB56sAfPUjyUFKQHrS2e1NaCthapSFuxlFyMifYHRWkvDZHapj/aZLubXWfeJgV/X5g3u5uZ7/tm5j3Jsiz8byUSiS7DMC7puq6QB3lha2tr7B9J/wJIpVJeSujw+XwX3e4yaJQE04SIphy/34fBwRdQ/pacTCYjnBwMBnd4PB5Mz8yC2U3TgmmZBGShQGCapkGZmprSCoWCi0wElWSyz2azv0vGwkKWgEyEz9SJbwonV1SEsLi4JNgt/lms0hLGL8SJgN+L/r5n2Fd9SLDzf0IBo3LyjY4EhUmQJNrtTXi2leVl3G48KhjfJeJgteXnLtgKWCqzcqA/sAWyLEMik4vGzwxgmTZj9YEj4tkq9kBmBfROADIcDscvJhc9L24eM86p0+hcjImyhAK9OB5JluBQlHV24bkE8vbkbMbOj/fwY8UQKgQAb9wQLoEZK7eVifrtJSG9ZNgHauYN5ryTqJoPIpfPYWi8V0xFAMjFOtm+fPrzXGz2TmAmN4vwyeOoCOzC8MRTxMe7kdcCNoDTqaClvkaMR9cNrK5qQrLL5aQyLLQPP0DNnggKcgEHy8N4NdmD2v3H0P35ORSqq3VkZOhE6aCQD6iqWsnTyWQyGqlzf8t9hVPahLq99UJR0+m76P/QTo3sgxKNRptKUtva2q4TyPmdVbsrVdWH3icPTZr5/ez3+SsT6TEplR5Fc7gLLS8vY4PDTR2SLbmUHIvFthJbLBI5eyoUCkFVPWhoaNyYz+ejhqXfir8fg4uuDjO7JAWjydd0eszW9ctE0hfI3vb0PD5cOv/FezEZv5O+WXttu9I9PXAVGFApfIWsnb43/wTyL6VPiDb06AAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJZSURBVDjLjZNNaBNREMf/25Q1Lqmk2NYamo+amI+mREOhFhRS0CKKN8FT8NSeiiBIDiJYk4MXEcGTwVtI48FQouLNix48RCoh4GETqAmioTFG0qT52HT3ObtgqiGHPBgGdmd+M2/m/zjGGPpPLBazyLL8XpIkW7fbRavV+tZoNFbC4bDYHzuKAafT6TyZmZmxCYIAFVAoFMz5fP4x/brWHzsyCFCv16fT6TQymYwG0Ov1qNVqlkGxAwEUjI2NDa5UKmmAdrut2dAAnuc1z3GcBvgLGRpAM0AoFGJGoxE0SM3Ub0MDaOLwer2gQSKbzeKEoYIHa1P2nXfBqaEA1C5TK4qiCL/UwOLxInznbgiGgi6N27dWB64xkUjYyImKovBk2v3NZjOW2E8I7ss4dtKPnYmktdIsPX8YDJri8Xik14GaTIISXS4XTztHuVxGNBrF1otnqBt3MTZhhLz3GpO+m4C7C+dpezgQCNzvdUAVRY/Hw7vdbphMJgSDQVJfEwfFBKZP+elOn5HefIWltbuQxvdx3jqOl8lqmFIjGoCkypN0kUqlVBFpKzOw77h05gjGxptU/SvAFMiNT5hdvoO9t0/B5PbhENUEdWjValUDNOo12PU5GC1noTSzlNvCwnUXFOkHqTIHm+8qVuZ0hwDqQAM4HA44nU4sziqwzy9DGKuAHfwiRemwvZVTLwulncOk04qLrlF8iMzPceprXF9fZ8VisSeae1c6uLC6Cd1IgQC/KZH9t3ndURd2v2SQexNJcoOe88dHCxUmKwJTGLWv/GOs56F6xrb/AFceRXFTtLBJAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKsSURBVDjLhZJfSFNxFMcHPUUP0aP0EoSEVEaY5QixFzMTRtLDCH1QqIbEKBCzTEyxPwotsbLUETSHmTUTm86mrk03N9eW253Oua2pW8OcS6Z3d7uzWd/uZi0qaQfOww/O93N+53wPCwDr7yyoJ0oqRG61oM9P3u3xkUUCQp3C7SnZqnZLsUDqXzK6wpjxrGPKHcHYDAVei3NpW86TkqSAcqZzTOz8vI4PLhp6ZxjmBRpycxAZZXJ1UkBjr4+c9myKJxw0NLYQlNMUxmcpFDZayaSAum4fScxHMGEPQx0XhzBMUBhlxsivI5IDCutNaqU1CNM8jRELhUFTrHsIL3Wr2J7XmXyEnQVdNUUCKz06E4LUSOK1fg1ygpmfPxpl7eI3/xdwmK/j8oUum/jtHERDC2iQeHHrhQePemfR2mNBToV6hZVyu2ZLwH6e4tClNqdVwyzL5o3AOEfD8DEMLfN96ZtevOuqhk7WAKXkJoRVJ+1VnPTcPwDZFTqhbHINVg/N+B6C0RUD0Bjol8KqbYduahEq8wqGDH7I9XY8rT0VOp994EQCUNpkd4zbg1BaSIxZKbxnuusdYfQ/vYIxsxerwa+4U1mNWCwGIuge1OAa56AqAeAL3bTBEYJ42AcV47uOsTG2fZnoKmSG5bjwFyC6sYEOlRvNl9mrCQCvxRXR2kPoVCxDYQlu3sAUhVcPStGtWcT3n4BYfmMeDwdmcY+XGUgAcq+bXGKlH31afxygYm5BbiZxv/wcOmUqfApE45BYzH+J4nHHM5SxUxW/7Tgmzd/B1beWNdsxwgjHbRSzTBIdXQo08dkQSSR4PkRAPDCJdlEbqjhpgTOZaex/Dmk3d3gpg2/w5t0gAjmVRDT1gi6653Rr8OzxPLq2+OhGfXF64GLWXjnnyL6sWP0PKd/8SStdk8YAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJZSURBVDjLpVJda5JhGPYH9Ac66bSdFHTydtDhIAiCiA6CEbGiL1bUTgaO9pHk1+y11ymyNT/wYypMxzanqa8Km9PJxg5EJcWBJq7OzUHIRlfP/VQyKWLRCzcP78113dd1X8+jAKD4n/pngtfrhdPpxMLCAqxW6x1FLpcD1dbWFjY2NpBOpyHLMmKxGNbX17GysoJgMIhAIACPx8OxR0dHODg4gMlkKiuy2SyOj4/R7Xb/Wp1OBw6H41O73Ua1WoUkSQ2DwTCiyGQyvNFqtZDP59FsNkG9RqOBZDKJ/f19RCIRjgmFQiiXy9zRzMzMYC+DVCqF7e1tRKNRYXNzE8vLywKRFxcXBVrDZrMJRDabzYLP5+P7q9Xqgd6AeDyOYrHIM6jX6zwDUiZypVLpKbOBKBQKpI6pqakzfbewurqKw8NDJBIJsKSFcDhMSgLZZWEJRNbpdILdbicyfrtGBpzY3d1FrVYDkUl5aWkJpVKJBnJltgr29vagVCq//fEduN1uShrz8/OwWCyUNFjS0Gg0UBqe44VlCI/e3sDQ60FcU16cOPVDeiLdfKUK3kOkbEXhswwpOYLb0gVcfnpW5ACXy3We2Xs3NzdHScNoNEKv11PSmJ6exl3dVayVTFj7YKbdIaYeQko9pgFf+QAWFrczOzs7KoriR0YePeng+stLeF+24+QXLlppwA8Ae9MTLGl+XTs7O/D7/Tzp8fFxjI2N4cqzc3gj34dOHuZkXWK438Gv0mq1UKlUmJyc7HPAgOpb4gCM8gOuTCf99zI4TTGwntUXsv3z1FP/O6UL4ZoSeea0AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJaSURBVDjLpZM7aFRREIa/u7mbNW5IjEQ3WQlBIkaLiBYWvkBi7H0EDGgjaiNY+uoECwlop2glWGknNnZBIRKCZMWooCz4Im6uya5iNnsf555z5lishYVKwCmH4Zv//5nxnHP8T/l/al66X3VWhNSAtUJqBGWEe2f7vBUBVCrs3bIaI4I4MNbxaKa+cgWxFlIrVJcM2jo621poxLJyQBgbUiMkWjDWofwMy7H5M8BdPt9MUQSnDU4boo0XUakj0Q5thFVZSz2x/1BwYARE8KzFs5blWUEZR6ws2kJb1lH/mwWnDZ4x8KIERsO27TTilEQLUdq0kLR6mFj/BaDSJkAloA1ow5JyKC3EStDW0Z4TJBTOTZx0OjWkqUYnGqU0viSKjDGQKNCaJIoohDN45a/sKqyl/GmRSIZpTVN6ZjZRXF9ksbaI35Pj6dJjfIl/bVYKrRQPXr/h0JZ+jh07QRiGDAx8YWLyGQf7YPTwKFk/SxAElEolzDvwJUogTSGOmap95/1AF0eHh7lw9Q7fPpco9vYwNDSEDgNuXL9BEAR0b17H6SOn+Dj3Ad9FMfyyMFtfJt/R0Qxn63Eab6cYGxujq6uLRqNBtVrl5u1b9O1szqzpWIMvUQxaw+499Lx6zXQQALD88i4ZTxgfHyefzzcPLAzJ4KGfR9AHc5UveFdGrjnRBqcMdfWDSqHCjv37KBY30NmeYWFhgXK5TC6Xo7+/n0KhQD1MmK9UeDI5jff7Ow8ODrb09vYO5fP5h8VicV0ul2sBMrVa7QxQ6e7ufghklVJ2fn6+Gobh4Z8+rmPjNq74hgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALnSURBVDjLfZNLaFx1HIW/e2fuzJ00w0ymkpQpiUKfMT7SblzU4kayELEptRChUEFEqKALUaRUV2YhlCLYjYq4FBeuiqZgC6FIQzBpEGpDkzHNs5PMTJtmHnfu6//7uSh2IYNnffg23zmWqtIpd395YwiRL1Q0qyIfD56cmOvUs/4LWJg40auiH6jI+7v3ncybdo2Hy9ebKvqNGrn03Nj1+x0Bi1dHHVV9W0U+ye4d2d83+Ca2GJrlGZx0gkppkkfrsysqclFFvh8++3v7CWDh6ugIohfSPcPH+w6fwu05ABoSby9yb3Kc/mePYXc9TdCqslWapVGdn1Zjxo++O33Fujtx4gdEzj61f8xyC8/jN2rsVOcxYZOoVSZtBewZOAT+NonuAWw3S728wFZpFm975cekGjlz8NXLVtSo0SxPImGdtFfFq5epr21wdOxrnMwuaC2jrRJWfYHdxRfIFeDWr0unkyrSUqxcyk2TLQzQrt6hqydPvidDBg/8VTAp8DegvYa3OU1z+SbuM6dQI62kioAAVgondwAnncWvzCDNCk4CLO9vsJVw8xqN+iPiTB5SaTSKURGSaoTHHgxoAMlduL1HiFMZXP8BsvkbO1GD2O3GpLOIF0KsSBijxmCrMY+FqgGJQDzQgGT3XrJ7DuI5EKZd4iDG+CHG84m8AIki1Ai2imRsx4FEBtQHCUB8MG1wi8QKGhjEC4mbAVHTx8kNYSuoiGurkRtLN76ivb0K6SIkusCEoBEgaCQYPyT2QhKpAXKHTiMmQ2lmChWZTrw32v9TsLOyVlu8Nhi2G4Vs32HsTC9IA2KPRuU2Erp097+O5RRYvz3H1r3JldivfY7IR0+mfOu7l3pV5EM1cq744mi+OPwaRD71tSk0Vsp3/uLB6s2minyrIpeOf7a00fFMf1w+MqRGzqvIW/teecdqV5a5P/8ncXv9ZxUdf/lCae5/3/hvpi4OjajIp4ikVOTLY+cXr3Tq/QPcssKNXib9yAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAITSURBVDjLpZNNSJRBGMd/s7q50ZoWISZSRAgF5VpELFJ0CK9RneokEl1qO3URpFNCXqIO0aFLEF0iiAj6JBB0WYwOoikRJiXUYqbsumv7zvu+M/N02BV30YPgc5h5GPh/zMz/USLCVirCFqt+tZGfb8UUFxEJEBMiNkRMgBgfsT6EGms0YjwINU0Xn6haAmuIHrm0TkEEFFQWQCD3/PJ6B37+N9tFEOeVDxSIOEAhrDGoSAMSehtcwRhcMI8pfgLnIxKUdxeA04jTiPPYtucCLixtQGB9wCBOg4QVUDVYI64EYpBgAwdmZalsuUbZwzldIfHAeWUR8289gbMaPTOK8b+DDUAMVheI7W8pKzuNWA/E1byBWg3S4oteibZ0EO86DzhcMEdx/BkN+3aBlBie1YzMOZY9j6CU489K/tabOxOD9VVMhAuT5D6m2dl9FaUUTkKQEu+/FZny45w5fYL23R0MT79kbGr0djLV1hyp/u/Gk72E+b/kR+5VwBqxmtdfc3QdSmAjlsTeHqwKSR7tBri+FmWjUXURdhy/gphmiplX1MUSxFr7WCgsEVVxzh2+AcDNs4842NIJEKvKgSb37j5iNBJ6BN4XmM1Q+vyUQiFgOpthIpumv+cxQx/6iNU1AGi1mWlMptoG2w80DXR3nqKj9Rgz8+NkJtP8+rF8V212nJOptiHgGtAIFIGHYw+y/f8B3ntD1Kp2NbQAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKRSURBVDjLhZHfT1JhHMb9F7ptXXXR2lw/Llp3blnNZauLtmwtp15oWsu6oJZ5bKyFQiGIEIRIKoEsJtikWM1JmiQhtpieo3ISUoEINiJNE2SgT5x3ZiVZ3+15v3t/PJ89+755APJ4PJ64s7MzZDKZYDabYbFY0NvbSzq35867u7uh1WpjfD5fwXl+iixqtXoi2xfw/0ppNJrPOQC9Xp/O9vXTvCf4l7jKJkUOgIvH1bmGPlQ1D6Na+gY1Micut77FFcUoapVj5I4rnU6XCzAYDJuAmqz50hbzNdUvQJfu8d8BmUwGMzMz8Hq9oGkaHo8HbrcbTqcTDocDQ0ND+B62gzWeh8/ahPGOIkyo8ssJYCMWmXxLSwtYloXRaIRYLCag6I3rmKUKERmswyJtA5bDWKAtcElORAmgo4MMBqFQCIFAAH6/Hz6fj6RhGAasuw3xqTtIhZ4h8roZCeYpMvMjYLqqkwSgaW8nAKvVCrlcjmAwSNLIZDLM0ibEJ29jLTGCxMdaxMeuwmuoBK0t+zKmOLOHAFQqFQFEo1FEIhGEw2GSZp4x4ytTj7WkCyv+CiSDpViapjCnORJ9Lz1+cHOIcrmCAGw2G5RKJYHY9HxE3tVtmMuRDFzAt8kGsKoifJAcPvTHLzRLJAQQi8WI2FEjpvtvZmM7kJyrxGqwDIvZJH7NSTyUCnK/USgUpocdjnW73Y6+R3xMvaAw8bIVn9wlWJkrRXz8FrzqUxgZ6FsXikSJHABFUYxA0LgiFIrQc/8YsDQPtv0sBqmdcLYVY0BQgAfCetwVNK5m37pyAL9LcDE/nXIpkXLL4W4qRE/VruX++v0Htr7bFlBSsCMpqtibfnWvOG2XHh1+Xrdv93ZmTj8Aff0H4WdEl0kAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ6SURBVDjLjZO7T1NhGMY7Mji6uJgYt8bElTjof6CDg4sMSqIxJsRGB5F4TwQSIg1QKC0KWmkZEEsKtEcSxF5ohV5pKSicXqX3aqGn957z+PUEGopiGJ583/A+v3znvPkJAAjWR0VNJG0kGhKahCFhXcN3YBFfx8Kry6ym4xIzce88/fbWGY2k5WRb77UTTbWuYA9gDGg7EVmSIOF4g5T7HZKuMcSW5djWDyL0uRf0dCc8inYYxTcw9fAiCMBYB3gVj1z7gLhNTjKCqHkYP79KENC9Bq3uxrrqORzy+9D3tPAAccspVx1gWg0KbaZFbGllWFM+xrKkFQudV0CeDfJsjN4+C2nracjunoPq5VXIBrowMK4V1gG1LGyWdbZwCalsBYUyh2KFQzpXxVqkAGswD3+qBDpZwow9iYE5v26/VwfUQnnznyhvjguQYabIIpKpYD1ahI8UTT92MUSFuP5Z/9TBTgOgFrVjp3nakaG/0VmEfpX58pwzjUEquNk362s+PP8XYD/KpYTBHmRg9Wch0QX1R80dCZhYipudYQY2Auib8RmODVCa4hfUK4ngaiiLNFNFdKeCWWscXZMbWy9Unv9/gsIQU09a4pwvUeA3Uapy2C2wCKXL0DqTePLexbWPOv79E8f0UWrencZ2poxciUWZlKssB4bcHeE83NsFuMgpo2iIpMuNa1TNu4XjhggWvb+R2K3wZdLlAZl8Fd9jRb5sD+Xx0RJBx5gdom6VsMEFDyWF0WyCeSOFcDKPnRxZYTQL5Rc/nn1w4oFsBaIhC3r6FRh5erPRhYMyHdeFw4C6zkRhmijM7CnMu0AUZonCDCnRJBqSus5/ABD6Ba5CkQS8AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJMSURBVDjLpVPPaxNBGH3ZJCQkVSEkJJja0MSCabHoSUEKerAgggRy0ZP9F4QeDAhepKeeBA8GPFQCEutdCMRSSYkimouIVqUkNW1iyJZN0mR/zvrNwtbUGjw48JiZb773vvfN7jhM08T/DNfwplgsekjwBuEWY+wMzVMEWrKPNH+j+QmhmEqlDJvjsB0QeZrWz0Kh0GwkEoHf74fP5wM/lyQJ3W4XtVoNrVarRLGb6XS6bhF5AkehUFirVqu8nDlqaJpmVioVM5/Pr9g8wbZCm5lwOPzPnqPRKKjItSN3QEFLsdlswuv1wuPxwO12W7F+vw9RFFGv15FIJKzckQIulwt7e3uQZdna67qOTqcDRVGsMx77q4Ddk9PptBzwZA7q2xJZrWYw0PaRmXwBwzj4CL/vwHbAkzmJgydy8JiiqxgPJpF5eR0aUxwjW7AJD98swGQaVKZDpf3JwBSSkQvoyvtY/XE/+HT57tjrRbF3RMCurjMVV2duwzAZDGaATrEjbePs+CX01AHe19al2QdC4JAAB6/OIZNlTq62v5JlipEbzdDQUbo4d2oOPa0vvN0qtQ8EuHX+qehPRKPRIAEZuqEjfHyCyIYltivVEBiL4MP2Bja+l1qqjvlhBwvlcvl5Mpn0x2IxDHQFK+VlugPVchMPTuNifB7vqiWsbRbbso7LO0vmJ8fwa8zlcpMkdI+QFgThBH8LvB3u7LF4xzw/MedY33y1qzDzCpG/HHpMf45sNnuMyKcJjC718yNpUTSY0zdgRvznkrll5/0CZpfQA8IRXj8AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHYSURBVDjLjZPLSxtRFMa1f0UXCl0VN66igg80kQZtsLiUWhe14MKFIFHbIEF8BNFFKYVkkT9GKFJooXTToq2gLkQT82oyjzuvO8nXe65mmIkRHfg2c+/3O+d8l9MBoIMkvi6hkNDAA3om9MTz+QAhy7JqnPO667poJ3GOdDr92Q/xAwbIrOs6GGOeFEVBtVpFoVCQkHw+j0wm40Ga5k4C0AXTNGHbNsxv32Hu7YNtp1Cr1VAsFiXAMAxQkWw2ewNpBZDZPjiA+XYebioJ9nIKqqqiVCrdGUlm0gpwzs5hzrwGX1uGMTMLtvrBG6VcLstOcrncPQDOYW3tgCffw0isg4uqnP6J8AhCnVAelUqlPYD/PYE59wZ67BXsL4fg/6ryYhNC82uaJkFtAdbHT+CJFbgbCagjYbDNlDev4zgyH4KQ7gA2n/fMUWWeiAtzBMrgWABAXciAhaibAKAYnXyaGx3/5cSXoIajsH/8hHP8B87llTSSqAMSmQMAfSL2VYtET5WRCLcW3oHt7Aaq+s1+eQAt/EJXh8MNe2kRSmwa/LoQeOsmpFUeQB0ag9I/jIve0G/n6Lhx3x60Ud3L4DbIPhEQo4PHmMVdTW6vD9BNkEesc1O0+t3/AXamvvzW7S+UAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGKSURBVCjPPVFNSwJRFH1SPyR00V+xIqJVREIEUm6VFm1ahFvLiiI/oE1QRlQgUtgHlKhp41dlokVFpKmjo41M69MZlbi8d+Gec8897z4BoYcwREdj67fJsHqunkp728cjvToR/UoYs66I9og6OvjEA0o41FzeXWOfkB+6CZQIqajhGz/MRWQRh+dg3USCMNyvvbG3xVDQ5JFRJkXFNZZ8JNyZw1qbfTrUZuhwk1mihktbGRNxd45QqxvtroqMBip4pZcYHB4Rkhr44oh2H9bzJ/srHBLEYkoE1RZF5X8PLZ4qnmm3SqsOlQSpC1X6KhU+ssacwxlvW0ccSWnObOCdkK7ygUcSmijQ5BNsKeH1FMnOkK2wWOCtII9LDlCxBeuWCJh3tTynKVRJItG1meUOyqTMaTMT3KTTdwUNUYa+i3uCMvcSgR+2VTFAwo5xcz/EV6dps06VKLu/EMDUyeRw/7NcRoffqcXp+4I2X+DB9K/VbTH9/6Yey6MLfrtkV62d2cz8hmVcDPbqfy6NlFRFHkA7AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIxSURBVDjLfZLPi1JRFMffPzGLNkW7Ni1aJUitI4IWLVpm0RTUohazqkVU0GhjGcGU1NA6dFQ0FX09QVHxVzr+eE9RRMw0NVslPcmn8517nulkOj44XO6953y+33Pf4SRJgiiKyOfzyOVyyGazyGQySKfTSKVSawC4VcEVCgWMx+OFaDabKiQej6+EcKRMBY1GQ1Wu1+szCJ0xF4hEIkdCOLJMyaRGB8lkMt3v96EoinpOwFgshmAwuBTCkeo0kRX/YZYbg8EAnb6CwLeJk1qthnA4jEAgsADhSHlqeTQagYp//B7j+d4+nn4BhMbkrlqtkgv4/f45CMd6lHu9npo0HA7RZsqGzD7eiMA7CdjaO4RUKhVyAY/HM4NwiUTiHOtR7na7alKhp6jKZgb4UALeF+ch5XKZXMDpdKoQlRKNRrWsR7nT6ahJxZ8K9OkxzNIhxJAB+K8TSKlUIhew2+1rs15CoZCW9Si32+0FyA4DPPpkx/23Otx6eRk6/QU8MW9gd3f3xNyLsv60giDIrVZrBnnGIA8cH/HYeh1ucRvZ7zxMn+/gquk0zt49Zlz4rzzPa30+n0yTSBCJQa4ZLsJZeAVn8TXNCozCOkzCbQIMlk6X1+vVut1umSaRIJcenoFX3MG/nyu/TYCjZ9zlcmnYS8s0YOfvncQWfwObvE4t3vTrVjuYhsPh0NhsNnnDtI4rxlN4wd9UlWml/dI3+D+sVqvGYrEcZ8l6Fr/I9t9VT/cHUXogzRNu46kAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAG8SURBVDjLjZNJS8NAGIarv0PBuzcV/4MHwYMHL/4CPQsexYvoSW2RioiguJ9cigtFKhpxqVtBXGqtVRO62TbJNFMb+zpfNKJVMQMPCWTeZ+YdMi4ALjGqBPWCxn+oEVRSxsb1IajnnGeLxeKraZr4DfEdbrd7sFxiCxoprOs6GGOf5HI5ZDIZxONxS6IoCjwezzcJjQoS0ATDMFAoFKwnoWkastksEomEJcjn86BFvF6vJfkhoLANCSigqiqSyeSPSh9nUvFNIGp8TqB36m1XSaVS1k5kWf5bUM5XCe2EziOdTjsXmGYRgVAMi9I1JrbuMbPzBF/wAS8F5kywfX6PlWAcNwrDXYpj/1bF2mkS/pOYM8G8JOPiUcNBNA8pwrArCMkcs9vR/wXUf9wfRTjBId3q2Anr8F9qCMY4pgKPzgSzovPFE0Pg+j1MHD1wjPqunFUIhBTsh1Uci9Be1MChWH35TIN3cgl97XU95YJSueBZ4zi8ecaCOIu5XRljm3cYmfQhtDYGabidTXfWttl3oUH8fUyE/rxMNpGD1dLReEcpsj4EX28TswXVJHFwnS26mqu6NwdajY3+FrwBN5GpoomTEloAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKXSURBVBgZBcFNiJR1HADg5//Ou767jblWM9qOyWZSXlqCNMpYWbKo3VMEhYJKEn1Rlzx0CSmIIq20o5fCQ3QSskOXCPqEuhQWXkLsg3V3xtVN23LW2Z1531/PkyICAAAAAAAAAOSw//CpY+Ug7buyXA5fWwEAQAUAjBSsG3Hy0/f2HMqhrNL+t17Y3tzQbKaUcoFABZIIIqhAKAernnnzi4M4lMOVa2XRbDTTS8c/1tq8XlGrlFGQjcoSWSLLklqWzP521tuHXtQvU4IcllfIstydW2939wOTallNREnKSUmWkpQyWZYZqmWqCoAcoEJRDBseWUsEAAAACIEAOUCF/mpPv3edlERUqihVVSYhItRSabC6LKICkANEcHmp7e9LS/rVQBWlf1cWrJa3SYANxVXXu0tEBiAHiODiwg2GLvSACKIpogfgqhEXLgQAyKFCBFltDRVl+4zG6h9aG27x+9wlvc0PS8OjivOfmdnS8MnJE26OKKampuo5QARRlRZ//dy9t4Y9Bw/odru2zs356ofv9a2x76nHFUO5TqdjzdDPw1/+te6NHKKqJLTPfmPHlhvt2n3AK4eP+O/iea2xMRMTEzqdeR8ce1+73XHf/Ts9snvK7Ozs8xkkEB7afpfGTevBa6+/o98f2Lt3r8nJSTMzM6anp/UHA08/+zIYHR0tclg3ki1Vg97oHZuafjnzEzj14RFVWTp69Kh6vQ663a6qCh+dOG76sUfNz8/3UkR48tVT7w6qtHPpn4V71l79sb7rwR2ptWmT+nCeFhYWnDt3TlEUxsfHbdy40XJvEJ323Op33379Z4oIANu2bauNjY1N1Ov1061Wq1kURQ3Z4uLic5hvNBqnMbSyslK22+3L3W73if8BE1ob/QNlaFEAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAInSURBVDjLnZPPS1RRFMe/b3zk5DCVmlq+0ZBCoTEXWkEELmzhqiCocNWyTav+gfoX2gq2bhET/VgUIczKoVUGxthIKqX1tAmG+cGM7/56nXvezDCtDC9czpl7z+ec7zlznxOGIY6y5p/N3ZVKLcb+J/j+23uphczt6x3wLYKfe0Nne53DFBB8QQiZFkK8FFLNSynjBL86MzDY9X13t3qoAoJ7Cc6kBrwYwR8Ifn3OSzFM19POYu4xSzAmpG2gaRutQYFQStOW+H1Qhh9WcTKZRK1exy9/D+nEEI4hBjdtPAwPX2pXtC2FoWlu6yv2Pxe/YulLBk7o4MnVBzgdP4H19WW4LTAIqgxYFRGsyddtez7ej0cX71AFg+NaQWsJKRtRAgtYsKfnFEZGplGvl7C/X8Do6BU6l1hbe4PJyZuY6nKxsZFFqfSDz5UKELM92grGKIa3tz/SxQHBl7G1tYJa7Q/Gxq5xcKGwTEX6eC6RAkqgteI+7YFdlYqPzc0VNBolTEzMIZHog+/nkUwOYnz8Bsrlnxxri9pCMWMa0NyTTQS+tBXy+ffI5ZZ4Lp43hWz2KXZ2PnErVn7EBHCtDCtfa8FDmZlZYGlC1EhuP99VKnuYnX3IfrH4jeGobQ3X9hZlE1hdfdGeRyug85+wtjXwyCq4QRCwpO7uREewafqm/bv1LujJNW30CZCCBvX7jvtWys4hIGvfg+AkkVzFQGT/Xc5RP+fW+gsEgchGXj0/PQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALGSURBVDjLpZNdSNNRGMZ330V2GXXVRXVTICRd2IVIIFGSoJDWRUssRREJiswP1La16aab3x8tyoWl+T11tqmYmJbZh61pfvWFKZmoqZmp236dv1MxKrrowMP5n/95n+d5z3veIwNk/4PND1dz8z5nY2P0al1d0nJVVdhSebnXxt5cYeGO2ezsmGmtduyLUtnxOTn5+C8CLosl1tnQMONsseJsa2WlvpbF0lLHgtHoPVdQsHfWYLB/M91mtbuTH1YL0+lqxuLi7nyIitomkQOd5jrcQwMwMgQDDhgdZqW9jbn8/I8zen3/ktjHYYdHD0GISDEz+kzeyuVK2arZbHU/fwovn0FTI5jNUFMj1r24ertxdgpSbw/cugU3b0JREZSZcD59zHBo6Lhsubr6k3tkEKzNUCecagW5shLu3vUIPmgCo1GgBAoKBPIg24DrSRdvgoIWZKJYX9yD/VAvyBUVUH4PTCaPY8k6KU+QcnIEUQ8ZGaBR4+psp//YsTnZosk06nK8gmrhWnrbk+YGMTcXDAbQ6SA9HVQquJYG1xW4ujqw+/svyBZu3Cherr4PPV2e9La6abXCUQNKJaSmQnISXL4kjljGpEpBn69vsexrXt6emays90uSiFClpNDjJEFxTRBT1ohWVSSXc09zIesk51RH0YYd+v7Cx2fXWh9MqdUHJ1NTe+ezM3FJV1UjCphwFRITIP4KDSlnSas8R6Mjn74JG/qWaE7pD3A4ZqdusxMn4uO3j128qPgYHT0/byyGZnGdyUIkLpZwTQD1rw3UD4ijiaFrPY++NVISWPqtt9+Fhx8aOXPm8VSSILfboNXCiURvLA4jW4fZni8J/PmBDIWEeA0EBuY6AgLc4xFyjsTsdmpt4aht8jWy2ir/ewZbYffzCxaVjhOBymDdfjJtEWvO0iytf6nBvyCCNQLzUtrrs0b6/xNhTevE6BlD4wAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ3SURBVDjLfZLNi01xGMc/zzm/c9/NDMZLudOENGPyLkphw5aFkrKgLFhbWZCV/AeyVBMlpCQbFEWRBRKGMcMMo7yOe+fOueeec+7v91jc8TLT8Cy/PX2+377PI6rKbDN0/XhQ7Gw7XChkDmWydrm6sGDDcWsnK9V6JboZ1jix4sCl9zIbYOTW6Uxbh3++1LVqr18sI0EB8Qzqmrhogvj9fcLh26MTSecuM5t7Pp+cKpU37g0617cE9UEASfFKUFy9GzLzu+3jCzv/AYgOmfYeIAWKYHIIPuAghWb0inx3L/HQvCOzAjwXtUuQxTXGkKCE/RGCKprW8doNLnqOV1qKZOb1mMEbm57m2vr6RLw/CeKmn4vqoCNEr+/i6lnED3CNGl4mxZQNfn4ztvoFI+r1dm09F4gIKIAy+fYO0evLFNftIR29SG7zGrwgRjJdTFy7Qn7lMWovBpj4/PWhoakNXJKNP53FJj54bfjBHMI4QF7cI+hYi+cUsTkkVbKLN1AfjKg87P+47Oi9LYa0ld01C1PuD6i+fDK9lIGZLQ2w4uijMoDBeT6eT+3dIMn4B1xcZ/6mfXSs248gVGuKw8e5Bs4F5AslPvXv+I0yNEHwWbDtJKgFdYAl+XYVbEi9YvFziwkycxmvxLypLmThX1kMqaqqJfnc37qzKtACqaYUsvBmdIxqOMa37yHbdxwkfPY3IFHXql9b7mpRTUCboAlZ02BVdx1na6idpLikzNC0BLE6RKYcm6ApuBh1MWgDdQ3UhaidBBcB3rQ6jaYua8MKyCJEBPBR35t6XRA8QEAFMNioNgMQx3eHz+zcgrb2/ju/dpx78Ev6CYWKMs7gLifFAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIRSURBVDjLhZM7a5RBFIafme9bv2TjxkS8IN5SWGgKu8QmhYWFbf6DtT8kVoGAKQRBC8HextrGQhDBxoioSJSV7Gbdze53OTOvxV6yaogHXoY5HJ55z5kZJ4mjwjl3BTgPuHEKGBc3ga+SIpKOFLBSlmVhZppWnufa2traBJYAfxxg1cw0GAzU7XbVbrfVbDZlZur3+9re3t4EltwxLaya2WszI8aImVEUBYuLi5OaNE1vef4TSZLgvSdJErIso9Pp0Gq1DiEfXqy8nZlfXnZumiWePbjZHDkhSZKxK5xzmNkhwMlfv7z2uOacG81Y4BxXeXlxqh2SJME5N9lPAJhyYpkVPx4SygT8PM418MnC3zP5BzQEVM7HUGBFDUVRtd/T//6Rxm6TLztzSAFZCUR8fQEUSE6d5tLdpyOA04xCTjVwqDyg6omzaxsspheoz51k+pbGJ39+vj7twJPOnmPhxj0ggoSIFDv36ac1UPhjuLPXHiGJEEIPCCmVpJAT++9Q6KDQRbZPYXWqQY7HhmACMQbK1i69vW/Ksuw20EwpkKIRq5/IOkOI7VOfdZC5oSMZqEKxot6oMZN5k/Rm2EIpOQKyFrL9oUIH4mAE66LwC4UDFHNQDjb5VKQqY9v6e/Wqd6JBbHipBrEBOoNCAZTID1fnA6HoSWUsDgF5sfFpe30VcQdH49h3LcC9Kol6Mk79BmoIbLI/IOsSAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKgSURBVDjLlZLrS1NxGMd90ZvovdEfEBEUEhZIb0xMjdyLIuyGkiHGUFKydFKKJiRegjIyFJRwojMxzfJSaVOYeTfxtpSNuZ1tXnY2z27nsss5334uWloG9uLD7/A7z/fzPPx4IgBE7ISl3qWyelUvu9JIueZqeOdUmcCMFDgcQ3fntjSK0j/rwx+csesIZ3jbL1j6EbCPIej5DpE3QRIoBJ3LEFb74BjIxkbXVYNdrTixS8Ca3h/y6pSTfloD0UcRjCS8BJGbRdA7QRgjd1pIfhruyeewKOMdm+rCw2GBV1tXKZh7SIEVoqAjpwVS0AlIvhBSkCGyeQRcPYDogO1DNixvrveFBa6ZCkuAmSe1OtJpFVLATkJboWCIAE3+GYngI6ENgnUK+hcxfFiw9fWRT+RWEWTHEeRmyPhaMvYCgu5ZEpgkbzCCgPszBNsr8NY8iF4Ky5WnpLDArs41+zYnSPdF8OYi0qEcTHc6mF45mJ4M2Ftl4C1lYPU34KerwFNTWKmO/j2BfbiwghmvJuPawZsUsNVHgTPlEx6ANcjJeR9r5QfhWUqEJOlhbc+FoV42FBY4R0sPbPbKlz2LLeQB9aCbYkJhzpIFlkoDZ8zDRk0kRHYYrm8d0JYeEyyduUd37QH9pTBqvSOV9iy0wtmZ+VNAOm+HOeM92JtlYDQN0JYcD1BtmTf/WqRtbJ/yTxtUt9fXGhPBq5MhriVBtMYhoLkMQ1Ek5sqi3eb2O4l7buIvhlRPkmsfZ/ibax+iruosnpacQUFOOq7Fn5TUypJz/1zlnRQr5JSypRVKZRvq6htR/ewlriTH03vV7ilQ5NwaHRgchM1GY3p6Bq+bmpEii9XtWzCgqkhLuXSBTUg4L8XFxUoXk2K57obirH0L/ocfNQ8V8wE+uE0AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJBSURBVDjLhdKxa5NBGMfx713yvkmbJnaoFiSF4mJTh06Kg4OgiyCCRXCof4YIdXdxFhQVHPo3OFSoUx0FySQttaVKYq2NbdO8ed/L3fM4JG3tYPvAcfBw9+HHPWdUlf/V0tLSqKo+EpEHInJFRIohhDUR+RBCeDM7O7ua55QSkRfVanVufHyckZERrLV0Op2Zra2tmXq9fg+YsmcAdyYnJykUCke9OI6ZmJgghHAZ4KwE3ntPs9mkVCohIjQaDWq1GiEEAM5KoHEcY62lVCrRarUoFotUKpUjIL/y/uqXYmV62ph/LSVrr30P4bEFcM4B0Ov1jk547/uAUTs1ceNdZIwB7V/GGHz6+9LXxY96eDiEgHMOY8xJAK8p4grZz5cElwNbwZgyxYu3EFM01lriOCZJEqIoIooiALIsGwA9Y1UcwcWoKNLdpLu9zvbnBWqNBhuvn5EDUmB0EH/1E2TZw5U+YLQovkun+Ytsaw1xCbnCOap334LC7s4Oe/ttvA+ICLmhMXRxDufczUECS37oAuevPwUEVFFp4/eXkXSdYc2IopSepnjtUh5/wg9gfn6+OQBUNaRIUkfDHhraSLoBKqikIF3yHJDLHaAkFOLciVHnyVAVj/S2Ub/XRyQD9aAZKgkaOohvo6ENgykcA07VEFDfQv1uf4W9Y8y30bCPhg4qKZJtMnjTPqBO/vhkZ7h3EJeRslWNQMqgY2jIAIfa/m5sIKSpqpPsGEiz599e3b+GchtD+bSvjQJm2SG6cNj6C+QmaxAek5tyAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAK/SURBVDjLbZNNaFRXFMd/72U+dDLNRItGUSeJiagTJ6IQhdhaWoopFCJiF10UBAXpSlHcddHi0oUbkXYRFURE/NiIIjSkpCpdtGoTJG20iUMsMZJokhmqee/de8/p4jmDggcuFw73/s7/nPu/nqrSe/hch6peUZhD6VYUVUCVeNPaEmcwYbn06/nv1gIkiA8cVNhQLOS96ZkyqtVLEMMEFZgvv2IhVEQTrbyJGAA7i4U13qeda8ivLKIxAVGJq0pcfVljhsyiBDt2f8s7AFSXFDuauXVvjLm516gIAFJVoYqKMl95TRBGvB1vWsBLpBKs29RMe9NSnANVQURxTnEiWFEWAsPlq4PvAyjOCRPTFVJ+kiAIMGGElThvqSORTFFID3Oy+xfqdnUyfLZHvWByX3UGiBOsM4RhyJ5t7bH8WB2qyp27fWxLP2dx8RtyrVuYL61n9Oe+EzUFxgnOWKzzuTD4F6GxWKc4K7Sk/2DPpjINuR3Mjv9Nyov4oGEF2Q/zuRrAWiEyhkhA/TReMgm+sjr1gL0bZ2lc20M4dYlUxmNiaBQTRC+Dhf+6q0PEWIcNLKFxWCcYJ6zkPl93lMi19RJM/oSfsiSzzQSzI4j1P+862v/YrylwggkNoXEExrGkfJuv2sbJtfcSTP6InzRElRaeDtzj+4EGth7tHwLw327BRDGgsXKXL/LPWN7xJdHzPupSSlhpZur2fX4Y+Yyx+XTtGf2qYSLrsKGl/lk/vflphFVMPTyFEPBqdhWlwYdcW3SYF1H2vUaKDRM5CjpA4aMzPLp0jMd3fiOd30x5ZoqbyYNkMktRxhCRp+8oUFXwfbq2d/JofIZo5Aatmz+mvn49//75D0NNh8g2tWGtoAphENbs6Kkqn+w/3afKAUVZ8eQ4W1uX0bWhhYmonqulTuZMtvYzUa7/fvHI7irgf/y+taODWkwAAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJFSURBVBgZBcHda5V1AADg5/d733Oc7tjOaNs5GC6KdrEwmpPRxG7spoKghOim7oK8y0MIEQRL+geGEIQ3UXQvSJ8IafZxUbjQhRDZoU60iYsSc9t5v87b84TsVe3mrBWpHoCICIAIACixYTUfOJM2Z62YO97TOULSIKaEQAyESAzEgISAgLpi48de87MLUqmezhGyhO4SCW7f4O81YiSJiCQIkbqmNcXMIjMXeilIGsQxDp8AnKDY5teL3PyU6h4CdY3Av7cYu58R0QghZWeT9fP0v2V7i8Y4j77As2c5sAwIFAXDgjInJxURAzub/PwxMZBGphZYeIWJWZ44xdo5bl4kK8kzioohUUREd4kXP+Kpd3nkee72+epNBleAxdfoLJBlDEuKkpxoBAkBjXGm53n8ZZ45S/shrr7P75eBo6eo9zAsKCqGRBEB/1zj89e5eo7tLRr7ePJtWg9wZZV7t2i2OPQcw5JiRE4UESN1ZPc2g0tceos/LtPYx9HTaPDNe8Dhl9gtyStyUiMIJDXLp2m0GHzN2gdMzdPq0F3k+pcc/4+x/UwepKzIiSDWTB/iwBLT8xw8xt07rJ8HHj7GbkX/B+DBxyhrciIQ2N2i2AG2fiPL+OsXoNVlWPDnDaC5l6qiJJWjLlHxxRs0JhhcIyvp/8SHJylKdiu++4Tr31NW7B8nkrwzp627d9nkHM0Wsea+GSY6tDvESEyY6TIxyZ4GSUp/nTubqyF7WrvZtaKrZ4QSQ+TIMUSJHCVypGhaHW448z+h1tLAgvKk7gAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAMFSURBVDjLXZNbaFxVFIa/c84kPZM4M0lNE2svw1g1KG1NEKt9kAYLZbRKlBrQvhYbURG0L1V8MQYUES/QIhrQJwXvtAbxJQVHYiC9DYWCTpVOgkwzzSSTuZ199jln7+1DQDr5YL2t9a/FWuu3jDG0kZsaBI6j1AEcPUQYggrz6OA3hPycZ97+69Z0q00gN/U6Sk3S3RvHjQM2GAWtBoR1qBQFOnyLsY8+bBfITXVizBnc7iydLtSXwauBpUD6oANwNkGiB2oVqCz8ShSM8uK3gQ2AUu8T784CsHxdIVYP4ntdZN+0GJ2wEM0uajcOUswrlAI3mUW23l2f4NzpPVjqMvE+h+qCQspdmHAFFZxEh48RSNDyHJ54Dyu8nUD+w8A9DsWLCh3ujaH8Y8R7HbybIL1DmCAiCq/Q1ZuhsQK2BbHUfrzVo0j5KFIeonxths07HJauHrOJ/Cx2J9RuQiTm8Jof46YylK99R31phNXSSD1anCulk5lIy08xYo5qCdwEeF7WxvcyYCD0wG8FKHGYtRsQeqcvDJ9Ind/7vFjp67jTvfsp1lIdj+O1AmQLrBgQbrOJxPqWZQtEvROvFae1tExqm5JS/mCL4h+J9JPp5NZhqgk39vfg9v2YaP1CtnFsRGOR8p8gGgLZUviNA4z/1D+7fWz8oU3/xpLyspPo60HVz9I3fBypzUnj6BKL8wCLMbzmKURVEMhveOVsAORmZ2c3+754Ol+eZ9fuZ8G/xPxXZ3jkhTcIZfBEfmd6bHihWAH6Y4x//Qkb8H1/kkahq78nTqLXQ9Wvg9Go5nkyIyeswi+T78xvGXh436tzDXtj8czMzJAvmuO31X63e3YOob0rGC148MggOijhugUG9jx3XySD11h/9naEEB90rF1QW+/aR1eigolWwHK4+GMB0Gi/wJZ70ygZvpyb2H1/m5mmp6cPCyE+27F0KvHA0S+Tjl3ERFXgVsfaOPFBylfzFH6e+D62ofuo7/svab/5xaWpI8Jog9H6/9Aax2gNWiu0xhhzx3/je6YQnMUxcAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAK4SURBVDjLjZPrT1JhHMfPq/NH+K6ty2bhJcswzUa2hTMaEmCsZmWuUU0HQuAVEWHMgCnLy2yOhiOKIs0L08ByXgab1TTRNlO7ULwylTOZ9iL9djiVrdLmi++bZ7/P5znP93kOAYDYKt1F+0k6cR4ZK86jSCS3m9sW7pGxwh5FwlqfOmnNW34w7NUcInck6Ck+QNJgZNjExYTzOl67iuG/nQuf7kjEp2eT/xV45AlknyopMmLJweRDGR05Jt1KBDvLMdoiRp8uLeKpTiO3FHiUiWR/WTI12sBD8JEC/kYBvLXpeGrIwHCTGOPuKgxYRXCXsan7ilTyD0G/Opn0lqdQfisfwccq+JuEGKjjYHpqkklvLQc+iwiBe2p06/mwSVOo5kvJjISgCyLpgij/bQGCHWX0p4rgNZ7AyxdjWFxcxPLyMuZmZ+BUHUOHlodnd26g/eYpmIQsSn86niR81akBf9PZn+fMo+EsTIy/wtLSEgP/yuzbGbQUsnFXdhJd5gtoLMxAOWdvgKCb5Xr1aevDzXno0WZufHg3t7nz3/n08T1qclhouHgUZZl71ulwfxRYncZ9omGPWOstG6urq8ywUqmESqWCWq1GaWkpsxaNRmEx3YKaEz8Vg/+5RpPJtEJRFDMcA1tbW9HW1obKyspNQUwqkUj2bfkODAbDSiQSYYYrKipgs9lgt9tRU1OzKZDL5RAKhb8FRc8vJxR0nTsvtvMGxBb+N8dQO2ISjUYDh8MBp9MJWsysPXhjR0GnBGIbbzrbytGmaw/zCRr+LOu9iqrBEhT1FqDAmo9wOAydTgeXywW32426ujqEQiFoBlSoH9NDO6REvkOERFl8lKB3HqRtIdoWOC5Lp3jXchakUum80WhkQLoXmM1mCASC+dySMwvZtVlf0zWpYzT8ZfeVXYPEdr/pTvMdjX2sh+52/VQAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAACzSURBVDjL7dI9C0FxHMXx8zruG2SSUjKgXwklw2WxSB4yGC2iDFyDpwj1T1LK00jq+hduOt6AwU02w1k/deoLkvhm+APvAVRpoEpBxVEoaoX8SZDbG24AkcWTrZ3D+ubByPBCmEv5HCjfVXPrMNq/0WdpZuaaSI3U50DhomrrG/2WpqdzZWJiE7G2CyB3lPDgTHOmGR/bDHUPRLDk4kJ2ZSA9FSR7CtJQCOQF3rjxL/FHwAu8X+2ABKJChQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKYSURBVBgZBcFNiFZlGADQ87z3zjfjzDiMk5VimERmBmFpKgVRVATRQLRo5aaNhFA7pZW0qV1Ci0BoUVRQtLc2UmQaJVhBVChUhP2YDuow5sz3c7/36Zx46uipF9fNTR4oYQ82oC+QQVZdrb8tX83PY+X6kdPHF4cAAPHMG2dOf/jKnp2lxHymBiAT0tJ/Ix+dW/bvxcHqLz+dXzhzfHEAAG1pYkevbeZ/vqIpJWRlnFXXpbXR2OPb19t/T+tsXZrOeu/1x17+dMOpt58dAJSImM3MptcUbdAUmiCCIlBtnutZ3LvZtrsn17VzM+8BQEkCCkqEEqFEKBFKEy5dW3Pn7Mh9C+Hgw7doJpoXAKCFTNoGEeo4KaFt6GXx69U0rJ1ahx69a1K0pQOANpNEG0WVooTA+ycuWD/J6rCzYbbnnytrPivs2jQ7dfidH/P6ypovfvh7f5uoiKAIiaysrfY9sW+H53bPOvHtX44e2AkAPvhySa1xttSOTCoyE6kUVgcj12504OS5ywD6HSsDlpaHIqq21pzKTBIASSmhSUbj6tih3WpNiUaabhkMBlZuDrWjYfZHNade+24oI2UGlYWJoj8Yef2TP5SgG1d1XCUyk2R6omq7bmw8ZvPchAduLcbJODh7IQ3GnaZMIIWxiJA1ZVZdNzIcdtpuUGtXaw7H4ptLnRTgxurIRLQOLa7X1SEKSUY11fa8+fFFV1duakf98eWZXrPx1fuHM1mzVMCRU6kxoVrz7vcv2Ti9VSiWVv90cO9biimrg6E2Io89ffir5yPiwZQL6Eu2b52d2raJ22dveHLXPvO9LRSW+1vcNtOZ7tFGiMwEAAAPHTr59fY71j0yPzlvqp3T1ZGoVeRYjVXnL/7uysrI/62cRssvlMuuAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFoSURBVDjL1ZMxSBxREIa/WdecLssuRFRUiGkiNmKbaGlhY2UjooVoaZVAiqQTLFUQYi2Wkso2tZ2NioXtqQiKuO557u3u896kMAdecEG4yqlm3sx8vJ+ZEVWlFXNo0VoGuM+Dn7/+rAeeNxfVtENEECFUS9zIi1iytLa98W3y64uAwPfml6aGuz3Pl2fPYcOpZoat34cLwMuAOKHkeb6cXlbYL38nDG5IcsPZdRdj/at8Hh5ApE0KJYgQPAKP1uL713S2v8eSYd+VuYoSrFpENCgEqFJRJbxPcqI0pa4PVE3GbZISkYEKqlQKAf8g3KeW8uUnbOmEqkm4iwYZ6i29YoxCYC3c1eqM9v5gMe5h4tBh4uMaruuigIgUS0AVQTm+WMYYw0Gek/e1k5/MYIxhdvyA/xfXbf6OPdd6/mFleo+nOm1qMMaAalwISJJ0d3P36IvFGXEcQSBUiGlAxPJQre00qX77x/QXu32e+E+qGcwAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALWSURBVBgZBcHLi1V1AADg73fuuXMd5947jzuO+WgSylIhdROEJNFIkBptclmEuza1yPBfyHWLKBcJLdq0KFBMEotKxCBSNDVJ0xzHxzyqM/ec+z739H3hwKH95xozjblSqQQAAgCAIAACBvnQ8uLy93FjpjH3+ccnhCgYDPsACIJCIYBWP0VQFJFiWCjkPjx6ZC4ulUpyA6H/pezsJZPnWpaOzhqrVd28ecGN7LgHS4lare7xSqIUl61mHe8cKJTjkgggSVYk20espqnWmevS9KE0TYXuJd12U7vV1Gun2u3UoJMJYYggDoDx8XUUfWvfn+Kj31TenDazYaPR/m3twVa1iZqRUiQuj0hbHSF0EURAkCSJNG36bya3OjnQ/uoW+VDR+lm/m2o1M/1uS7eT6XVbQihADDA+PkPRNzFel7y7w+SnKwYvb1CZ7prtrShXn7S2UlIeKWu2elglEBFAp9OVpS3JaqI5lvv3WTpf/KXIO6LeaZ12qtfNdLLUsJcJIIgDYHR0QrWeGa/XQfmtLUY/OC/On7KxcU1ntG1T9YrKyJJe+65S9LaAOACaSSZNu8j8uvDIvX5k/TO5507ctHAw83j+M1fvzUvbbb120ws7KgJiIQioTzxhddB1udVyt1c2NTnl0b5g3+mBk38OtWvL5vbutXlqqx+ufeOn37+WDesiKIrCL/N3nLp13f1/VnQ6HWmaSbtdF7cVbjx6YPe2XfIot2vDq/LQ9+LzeywP74oCWoPMUt5XGakaGx23pjKmuqZqy3xi8/0FS9mKcqh6Y/t74Mi+456e2akwFBGEEKmpq4aaSj5qbahaf2PRxoW2O3t2Sporrj244NjZw+DYd4fdXrwiEokHg1ye5zZN7bapQQBB2IpXmA7B/seJi1dO2bPzJSevfmIkxM5f/tGUWeH1Qwe/XTcz/VqpHCMIgAAAeDj8w/Lwb0MDkVjDrGhx8sz/ABdNCpr3mlcAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAD9SURBVBgZBcFLLkNRAADQc1/fU6qkhFRMMNIQn8TUQCJWYBE2YBkWYQWMJIZmNuAXCSoGFUGIInJf33VOSAAAAIAcgLOFt3079flaEdTS50M6nT7YeggJwPFle6nhAoVhc370rnaXcwBSp62GTdxoGdPrkAPQD5OSbRFr6oLvjByA53CqY9YUvjy68YQcgELTuTd/khENbQk5ANGqFUSFnq6WW2QA5Op4VuhreJVEZACUAKiJkogMgIEKANFARAZAKQKolColMgA+f7vVkBkRSeYjvf6QAfB1cnnXNWTUhHHrXuLoESEBYO/aYjNUSqX3snk/2DjshwQAAAD4B9GUWR0G4scKAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJtSURBVDjLpZPtS1NxFMfPH+Arwb+jFz1Q9GK+aLBXkWQvgoRehRDYAyxEY2StB8SILBJnWZY4HyhDrbR06YssW3O54dRNr7a2Zbq2u3u33bt7b347LhhqYlA/OJwfB87nd873nB8BoP+xPwK6i4q0EbLl3tC4MkRGdpCMzEsalwfIJvVR0Y4ATjZpwyToQSuMlR7o4gj05GtosQ4o01aIz0lIPCPTtgB9hMo0jwlG1MFJXVCjdcgKVcgETyETqoLytRGqcBepURNWuqhsE4BLLs4Nk2x8d0JbbcbQncNorzHD3VkOt/No/j54y4z07Dkoi61Y7iA51k7FBQD3a9dDtfyyE2qkOp8guCry/vf9RN6LHw8xpBaStxaRNrIXACyW14j3IfftGpSlM8guVCIzdxLpwHHIU2WQPBZOLkXy3X6IHyzILrYh3EreAiDzinKGPMp9XoC/7xL8/TfhH9hi/Q3w9dYgMbaHAQ4stpBYAKRfkKgnB/n184hO9SMZCUCMzW2y9VjE48SPt7tY3GYsNJNcAPB8vfpKLwOqIS5046euYesxNBXxqQau4ADSoQeYbdzQAs/Xng3YoMbuQQqchppa4vDahvQ1KPFpxF37WMBKrL63wd+wQcTEUyqJ95Cshp+wgBch+SqQCXdCk4LQUjOQ5x1c+l4W8AhSgSb46kmevEolmxaJl6M84TIjO9/EItVDmjzGqh/kknezL2XoWSR9jRC6LfDYqXzbVeblMPN8haTbiozwiKfyGMqXVsjBFiyPWfH5BgmfrpBlx88UfkhFS/epTnDQRKiJMHOb1vud8F6nOvflv3ymf7Ff4B/4xZL2LgEAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKySURBVDjLpVNfSFNRGP+de++2a66Fm3PNdKArUnCaiSijPzCR6qGg3i2itygQetDHXiIf6qWaYBA9+BL0EGhPlZUwQoQo1mpsAxss1Klzc3O72527t+9cUXor6MDvfBfu9/u+3/l95zBd1/E/S+Lb1NTUvXK5HKhWq3W1Wo1VKhWToihmHjVNYxaLRbXb7a/HxsZGef7IyEgfhZ/T09ObLBgMHhJFMdfb2wuuhggGol/e4urFY1CXnuHR+w7YXJ2IxxPXstnsYyLbCFz6gOj1eiNdXV12l8uFVCqF1dVVbGxsoNnTgY+f1xErnERP32kwxrCysnJZEASLLMuQJInl8/kzEnU9arPZEIlE0NTUBJ/PBzoK6ChwOp2IRqMIhUJwOBwIBAJIp9PI5XJGTiwWOy7xxLW1NTQ2NqJa78GDOQXFHQaN9FmYCWdb2mEvFEh+HFwlJyYSCbjdbuOoAt+KxSJaW1sx+01FRRcgmwhmATXBhPlf9QYxk8kYZFVVQQbvq5R4AXLbwHbNTEQRkkAOkUWMNlU3gyZkgJN5Hv/m0VDAq+xV5UvXtV0yFREIosBQKpWMnD8V7BXYV0COwqzXYUeTIfAJ6bsqzFCwtbUFq4chXJpDqW4bB/ryWM8uGQXE7u7uu1ar1XDW46xHWjGjysTdW6YpOKJ+R2L5A9r9NpzqH8BQ/3lU5QxSahjZ3DYk3p134ONxZLMYaGszzOFyC+R+OByG5NvEiQ4/mVpDj3sY7368xKDPj2R8FhJ1Hk0mk/dJjqWhoYEtLi4yXoDL45EM0w97a8zErLjQecNQdmfoKU1skkya4Ub//TH5b7coVy6dk3fodowPP8fEm+uQRQtevJopC//y4jRde7gQ/kSGSkZnM5MQ+jrPfwXZvz7nwVvNExRuEg4SCoTJhSfL478BoeOJpjqa+ZsAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALBSURBVDjLbVNLSFRRGP7uw3lpw5TaNCZ5R6eEhIhahBFRoIsetEgJImhRUBQTUpCLFhK5dN8ycDESLSqCULLoSVZYDZYDTo7TOCTJTOk4zeu+Tv+5OjZWB37uOf/5/+9833fOFRhjqBxDQ0M1pmleNQyjnWIDBSh+Uozpuj7Q09Pzq7JeqAQIhUI7qfluQ0OD3+12QxRF0BrFYhGpVApxGgR0vLe3N/wPADXX0ObHlpaWgKqqSCaTyOVy/HTIsgyv12vVRSKRacrt6OvrK/C1WEai5AWfzxfQNA3RaHQmm80qNLfx4POpqak5DkzsAiQlWO6TyxNKtrtcLsRiMVDT0WAwmKiQmujv7+9IJBIRRVGs2v8B1HPNdBqfx/HX4DnOjtcQ2/o1Hsy+OsPGYq2YzzgtzcfaxiExDczQwfTl0DQDg+FdlqlexwKObB5H67kPwjIDAunuOgiBLBEkJ30PAaZA/Bx8kwzSYOhZ3OjMUV6zWqZvv/4jgZ/EC/X0Hcj2OghCDRVWAU4PpU0gn4Gx9AVq4RtMPQ+nPwimlioAiCJMfpKKxcn3pLManu17kRwZoP6N2LK/E/H7z5GemEExnYFc/xZ2zxoAzZLBiKqndRtEWx25Y8IoGfiUdkJ8+gbqoozdp6/B7m9DYeIRIi9HMdpRdcl6B4zcZcywtC58DhOLd/RCdJhFE6VCCfGRxwgc6IYj9gzC4Em4Zu5BaaoFE9hluQzAtTKS4NmqQHLVEoCK5lPn0azpeHJiGI5NfuDwldVrla/7IJmCsgKgkgcmGcQ9mCSAdYCDjJRtlNchue3Ihx+i+sFFYvQdeerJLkkwJMytAnAJ9sazcDZJEGz25SsU6SZMA81ddYi8GEbjeidkqQrZlI6v8wLdG7tpPaTorT2MG2l5YT0cbSX01a/6Q0ZmdgGgX4g5GBwehn0hQ/gNd0qgkPVltHcAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIMSURBVDjLjZO9apVBEIaf2f2iRxMJUfEHFEStBCtRC0sLSzsbEcFCrQQVL0AvQAgkd2FhZyOkNRAsrERQRMFwonDM/35nd/a1OCfHRKI4MEwx7LMvM++YJADM7ARwFIj8O5aAL5IqAJIYQi6klH7mnL2Uot0ypaSZmZlp4BQQJO0AXMo5+9ramtbX10e5vLysXq+nbrerUooWFxc1Ozs7gjRD+TasIcZICIFaK7nCSomkYlAinQydiUlu3rr9IDZjdv/e3ecmaQtwsZQyv9F3Pq8ZH1eNzSzGGzEenA4txw8eYH+ETgNjASb2Npeb7dNZ+A5vfzTkKvYE6EQIDgEjhDGWeqvsC06jwvEjhwEYAR6+/PBo7pshREDkAKVCFQwQYBGMQCdGNot+A57O5ye56noqQgwa0USJRqngMg7vNcZiZLNAJbDSH3zcPFuoU1n2uHWFKDEAi2hw/iCcnTTOTRm1DjbmLlYzpKHypnVdzc5Uv4IJXKIKbpwxrhyz0XzMDEnEGJkM4lAz6DV953TfZX2HiihVXDsZuHLMtvwxMpyZUWvdYcsmuazvCn2XXIPBnRjf6d3toBDCjl5oXbQOrWOtQ3Lx6msdyd6qf+Y2AL3WZcnFpotUxJtuZfqd//XxEFABQip6nQYqLLlIDq2LF5+cO3OZ9z3tdpHV3TcAt23nfHJ4zoH/CweWfgFQJVPOGSHTggAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJvSURBVDjLhZNNSFRRFIC/N++9eWMzhkl/ZJqFMQMRFvTvImkXSdKiVRAURBRRW1eZA9EqaNOiFlZEtQxKyrJwUS0K+qEQzaTE/AtLHR3HmffuvafFNINDWGdz7z2c7+Nyzr2WiFAIffaMBDW1+B0diAgYgxiDiCDG4DU1QfcLos+fWAXGYUGIUsXiAliUFER+sBAhVCIIVB7QGtEat1oTbcwVz2LMfwR+gPg+oY0bEa3x6sHdUoVdniMUj0M2i/j+PwVJa2QUu7YWp34D7mqNWdNApD6Ks24dpvcL4gfJRQXevbutjI4lGRzCS9iYukPo5dvxVqWQvn6k/2uyoudd60LGEhG43VBGyI4j2ADZ7vDJ8DZ9Img4hw4cvO/3UZ1vH3p7lrWRLwGVneD4y6G84NaOYSoTVYIFIiAGvXI3OWctJv0TW03jZb5gZSfzl9YBpMcIzUwdzQsuVR9EyR3TeCqm6w5jZiZQMz8xsxOYzDTi50AMVngJNgrnUweRbwMPiLpHrOJDOl9Vh6HD7GyO52qa0VPj6MwUJpNC5mYQS/DUJLH3zzRp1cqN8YulTUyODBBzt4X6Ou870z2I8ZHsHJLLYNQ8jusQ6+2exJf9BfivKdAymKZiaVdodhBRAagAjIbgzxp20lwb6Vp0jADYkQO6IpHfuoqInSJUVoE2HrpyRQ1tic2LC9p3lSHWPh2rJfL1MeVP2weWvHp8s3ziNZ49i1q6HrR1YHGBNnt1dG2Z++gC4TdvrqNkK1eHj7ljQ/ujHx6NyPw8BFIiKPmNpKar7P7xb/zyT9P+o7OYvzzYSUt8U+TzxytodixEfgN3CFlQMNAcMgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJOSURBVDjLpZI9T1RBFIaf3buAoBgJ8rl6QVBJVNDCShMLOhBj6T+wNUaDjY0WmpBIgYpAjL/AShJ+gVYYYRPIony5IETkQxZ2770zc2fGYpflQy2MJzk5J5M5z/vO5ESstfxPxA4erL4Zuh4pLnoaiUZdq7XAGKzRJVbIBZ3JPLJaD9c/eCj/CFgZfNl5qK5q8EhTXdxxLKgQjAFr0NK0ppOpt9n51D2gd2cmsvOElVcvOoprKvuPtriNzsY8rH+H0ECoQEg4WklY1czP8akZby51p6G3b6QAWBl43llSVTlUfuZE3NmYh9Vl0HkHSuVq4ENFNWFdC+uJ5JI/9/V2Y//rkShA1HF6yk/VxJ0f07CcgkCB7+fSC8Dzcy7mp4l9/khlUzwecaI9hT+wRrsOISylcsphCFLl1RXIvBMpYDZJrKYRjHELACNEgC/KCQQofWBQ5nuV64UAP8AEfrDrQEiLlJD18+p7BguwfAoBUmKEsLsAGZSiFWxtgWWP4gGAkuB5YDRWylKAKIDJZBa1H8Kx47C1Cdls7qLnQTZffQ+20lB7EiU1ent7sQBQ6+vdq2PJ5dC9ABW1sJnOQbL5Qc/HpNOYehf/4lW+jY4vh2tr3fsWafrWzRtlDW5f9aVzjUVj72FmCqzBypBQCKzbjLp8jZUPo7OZyYm7bYkvw/sAAFMd7V3lp5sGqs+fjRcZhVYKY0xupwysfpogk0jcb5ucffbbKu9Esv1Kl1N2+Ekk5rg2DIXRmog1Jdr3F/Tm5mO0edc6MSP/CvjX+AV0DoH1Z+D54gAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAI4SURBVDjLlVJNaBNBFP52d2J+tB5iGjFpvUgJtaVGhIA/p+pBsRcRD4o38ejdQ5F66C235CKYg3goCh4KCh7sRVoETQwGhBhFCfgTG9GC2WazO7Pjm9E0S7CgDz7e23n7vvfeN2PcffrjhpS4KqQ/5vs+hA9w5YWKJTj5AQQEl3Tuv1i8PJEDGfOlvHY+N5LAf9jCvXcz/ZgRmy5efn+HOnPqwuGR94Q38HTWz10/ugjPE+EAgdTBpYNX/qm77RApFxgQqKXJllbXty1iooPwzwac6DjOHs/ADRLwPwTKLp5I4v7aV1w4lkSn09FnT161Edl8g6mZKdRqNXz8NIKItFEqlQ57nveBeURAQoJZwINn67AsE49W69jDNugmBBKUG5+cRCqVgrqlRqOO2TEbnO9+2Wq1VvQKSgVmGTiXG8Xy8zai7mdMZ3OIxWK6SIG6IZlMaujRGUOhUDipJ5C0BTOBh5U2TQB0u11dzDnXxZKmGPYKruvC9PjvgxAVzh0ZRYQZW4Vqhe28qlFTMfXqlFmmQYJ90zH3DfR6PR0Pdw/GegLVTWtAK5w6lNBihkMmHMfRPw53D5KoCUytAX1M79+FL9+7OLA3CnvTIS0smKap0d+5L14oFNKemgu6Bbl2c+lt1hX+TvXCFCZ2AIlKZatzJpNBPB5Hs9lEtVqFbdtaJ8Ito88ctGKxuI+Sp9WIBDOdTt/OZrMol8uo1+tzlNtQxITXfyUYtvn5+VkqWiGcyefzj4O5Xx9ItHsmdOWEAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAADNSURBVCjPhZBNCsIwFIQnWvAGunHhSrBbQT2Op3EvCJ7JCxTcuhB0YytaW9N0fElbbIs/GZI8eF+GzFPE79X504dXXEq1GyytFYYYoPvh6RkH5raYJqE2GZtKuFljhI61mWlz55URY95FES88CXIsEQEs/xCl7rwx5FmAWKqtIEqAncEe2gWiyOCJRZVh7hVZ/erv0rYKkSNDv4qpELzjSTt3e1yfg1+fgAMMWAeCxghyB02+ORRf5W8HC/mfHdi61XJ162WoS7utXc30BXX/jFnkwiD5AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJcSURBVDjLpVPPaxNREP7ebna3bX62aZMmYnVLxZRSior1IFVIC1at3uo1ePRQ8CB4EDyr/4AHFS8SCl4FC9IQf1WRhmij2Ei1Dabp0rSxRsMmm23WnZWEWBQPHRjmvcd83zfz3htmGAZ2Yxx2abb6Ip1Oz25vb4dNh67rqFarDdc0reGVSoViLBKJjBKOUQsm+KQoivGuri4raac1tykIAuLxODKZzOjU1FTMqsBUvO7xeKAoCiRJaoCagbTOZrNwuVyQZZlEr5nHMZZKpSx1r9eLYrH4R7nUCgEZY+B5Hm3VBfDLT8A7BlHaeIq1rdpNlkwmZwOBQJgSCVRXbY7k3I8YWgpLaO0cgVs+hK3lV0jN3NdsBCqVSsjn89YFUXKtVgNdJkXaO2sJhHo0OA4cR+HzR4hMg9PVDXfnHhsRhEmJiAhktmSVzHG/X9jXuoKjwy3w9I6jsjYNsY0h83YRVZ1D9J2ZRqrUKzkR1J32HcISxoYFePrOopy7AyZ8g+BwgldzqOyfwGbJgI0I6iAqORQKWRGFNzjSL8Hddx7l1dvgBB1aUYbybB6L9tPwt/qtP2IR0AsQQf3C1NxzuPwqfAPnoCl3wYsGyt/3Yf1FAsWBy/BL7QgGg1aVLBqNPjb7H6//MmwkET7WDZ354O14iXafaIL34ms8gQefgthUuUbFptgM2zlMD2+NGZOX7iE9fQW5lTlIPUPQ1/O5dpE/NXj19fv/DlN6SdG1D48gD43Abj+I1fnUz7KqnfkbuDELzXbhRId6uNdvG+6XYQiVOXU9f3HixsKXf03jL2qvd7dZXvRWAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIrSURBVDjLpdNfSFNhGMdx6Q9RDoIuLAQtYVuWpZSunKQXjYIKwdBqkJkEYRhIBEFRRmVbGYNB2hTnVKaGzWFq/im0mLgyLTNjpdSFJkX/hCxYY26db+ecYliQF3rx44Xz8nzO8748bxgQNp/8d8OoS41s0Ca0uBPXvu3VqMYbk+Parx5Nsl3RRyHmjpjdswKfosOF6ey9CENPEFqdBNM2MaKNJ+D7StflLTIiA8bUrQu8sUuavOrF017lIrwxYqIXErSWwOsR+PgBhgZhoA9XWw0T3UbqTsZLwBEZMKUkhvtUS3uxW6G+GmrEtfsuPH0MXR3gGf79vfIGZQUa3vWYMR+OkYBIGbBpN6r9qxUvZEBsmYMZUHwR6sSiPjf0P4RaG1OnTvidZzS8uV0gFRO6xBaNMiOgXjmB3QY5WZB7AK5dAkc9PBdb7+oUu6pgpLRkymXazlhn4d/AYMIqg2Axf8NQCHnZcCwHTAZodsD4GPTch3vtDJeX88q+n77rOyXAEwK+rFe0in8Iyq1n7oKic9B0C9wugjerf34/lPXDr08PuPJyZKD5fIoEFIUAX2x4v2AthYZaMXaEjlb8Og2TaxTCs317BgMWs/59fm7V5qgIPFWZVOTHSUBaCGhMXmd9GR/hnVQuEz6LGVWt8DuSYh/NnAmxQFd5fIPcwczzzzpI/wDFLRe2zQsYHShLnxcgFz8w7QiN8JwA59lkCTg9F8Dy5xVK6/KZe78AQiW2y4SvvaoAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAH/SURBVDjLpZPLiupAEIbnofJOeQCjoqusJjoLEQVF0I0bRVEXrgSRFnMUQcRbe1m48H6NGi8oKtbpasbIcIY5HE6gSOj0/9VfVd1vAPD2P/HHQq/XE7rdrtzpdEi73dYopVqz2SSNRkOu1WrCjwAmFpmYrlYrOJ1OcL/feRyPR5jP51CtVmmlUhG/BXyK9cvlAvjge7/fg67rcD6f+RpCy+WyXiqVxC+AT9v0KVbVX7DZbEDTNB7r9RrQ1RNCCKG5XE4wAKxe+blhu92C1WqFQqFgiM1mCzidH9wNPv1+H9LptGwAWLMIktEqiiwWKwsL5PN5WC6XDGDmgN1ux/uB7uLxODEArVZLw2bhBgRgRgy73Q6JRAIkyQwOh5O7WywWcL1eIRKJaAaAjYkDcAOWgmKbzcYzJ5NJMJkkUBQH/4/TQBfhcPgFqNfrBDuOZWAGFGNWdDSdThnAxAFoHfcNBgMIhUKvEth85fF4DI/Hg2eQJImLJ5MJD0VR4P1d4eXdbjcoFosQCAReTWRzFVRVpSh6TgKFCB2NRsY4UTwcDlFMWQhfDlI2mxUzmYyOY0Mnh8OBu5nNZnx8KEbrTKh7vV7x26OcSqXEWCxGWUm8duwJ1oxzZ4cHmJC63W7xx8sUjUaFYDAo+/1+4vP5NI/HozERcblcMvsW/nob/zV+A0hzMNxKeHjMAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJeSURBVDjLzVNbSJNRHBd660Go597qJQrEl4qgCIoopyk0ZstN0G22EZu1dAuEbA/Otb0Iu+jciinsaUiI7uJgF4cojkIdXtYG0TbYFuk86Ly0+e3X+QY9CCZEL33we/nOOb//+V1ODYCaf0HN/0FQed3TRrFFQVgwvUrCKLvJkfw5KcuekZJYRH62t5PDJ3xy8JhL9hubN4v3HwqqBPQAj6KIGR8wPw+srADJJLC+DiYcwqbTicL4OHYcDmxbR5EZGkLmTT92b98t7ty41cwSfMJ7GzA1BbhcwNoasLwMTEyA6e1FRipFVixGQSTCD4EAn5uaENfpkOx+CVJ/PcMS1FVUymjlnRag05BKofrNzoLhcpHlcPC9oQF+txvT09PYGBjAV3EXSN213Pblel7VA6r3HNXrYd72A5OTQC4HLC3hm8GAgNeLTEcHwuEwgsEgYj0qfBy1lV1mi+tYCmVpV22ps9N9pFYDCwvA6ir8fj8SiQRCoRC1ZB3xeBw+n48urUJHZWi12rPHIjlsE9Qe8FrdJZW6SrAxPIxYLEatcUGj0UCv11dlRKNRGI3GDyf2YP9RS+3eA47/98Z8Ps9OAtV7ULh0tcViseyl02l4PB4MDg6eXI7dO/cuOKmhXqo/RU212+3YuniFx66ZzWayRpOyWq2QSCR/btgX3tObsy9eZRcXFxEIBDAyMrJnMpmIm6YRiUQgl8vtlOD8qTV10PKwBOxtWDnswbGxMczNzbEEUCgUZ04loBptMpkMfX19jeO0jQYaK53aKhQKGT6fP/NXj0mpVEIgYOt//P8vZQLgm35VBV4AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJuSURBVDjLjZDLa1x1GIafc8uZqUlMMmmsLV7SC2hLCoJQ6tou3Lj0T+jGtQjusnLlP1Bw01UJgrqUoAiC2aixDUQl2oC9TjuZSWbOOTPn/L6La5MRfOHbvTy8zxe5O8fT3Hv9opt/784ZN0vcqN18F2P9hesPv/5X2d1P3Hj71VF4ctu92nEvttyPNj10b/vwh7N/Hu+mTImrzaYLb8PkMcgAwoA4n8PELhzvTgWYgtUPicIh+AQd70Mdo3JS9z8WODr8mdD9BqsLrDoi61zDBP7nAiPOz5HNv4nXT7HsFOaGip0E1Nuvzbv5rpudcSNx9TryCBn9hvR38EmBViPa569OVzC1T9KVj85lL70PPgEt81D+RfXHOu3ld/DWU5J8AC5oYBrAP05X3gMZgg5BC9L2CqE8IIl38fEILUdk0QoapiioAFbiUoA3WP0cmjEixsyLF/HWMzTvk8wuoNOeaGJouYce/oI1Xbx+QDJ/Hm2cuv87XpVEzQAvH3F6Keboq2VXpVaxXVPWUw1OlHVI2qvE2SKedXAfIMHJFy9hrS5N7znt618Qp7PABA/DfHJ0963ed59+FqsYURwj1R4yvIcMfyWdvYI0Tih7NAfP0EaJ82UIAxg/Ipo8obVwiabxC7EGNsa9bbK5y6Rzl8mWrlEd3CfJl9BTZ2m98S6Wv0z14A7uExxB5JDR/gZN7RupBNuq+3c/iE9fIckSwrig6O9RHfa+LX/8csHF12Zmom5n7qdXoCBOHSkfU3T/JtS+Fd2/01k14aap3VBlzYQdU9805dbVDwf7APufL66K+E0NfkOFNRXfUWPThFv/APJzrlrFns7aAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAH2SURBVDjLnZO9a1RBEMB/++5d1LxgPjQYkpxdLEVItFEU0mgay/wDCtfpvyBpIgommCoHqSy0s5Jgo2kEjRa2R/CrM0HzJd7lvZndsXiX8+VDFIddZncZfjOzM+PMjHq9biEEQgh47/Heo6ptXdwi0taTk5MuBvDeMzg4zOb2NphBvsAMA8ysfcaM3t4eFhefAdAGbG5tcevhK/5F7lfPk2XZb4CqtlzCcOU0XZ0dVPoTjh6J2RFDNCAevMHr5fdYMNI0BSACEJE8TMA5R2NH+bq5QyP1mIF6I9NAqrmNGXsjEBHCbnzO4ZzjR0MJltKTlInjElEwrAUIFg4CLOQIV4A0M08mgaSzg1IpInK5DwuHACik4JzLIYA5RyP1uMjydyDsTyHLMqJSBMCXz5/+WoVSXDoI6CjH3L15Du+NcrnM2uoqSddxzIyNjW8MnBqg2Wy2fj4cADxYWnp5pdBlfSLyYmho6IaqsrKysqCq4yKyXujKpwBut3xFmZmZua2q1y9eujze3d3Lk8ePmqp6Z3p6+t5+2z2Aubm5fhFZGxk5Q9+Jk3h1iCpJcoyPH+osL7/5OTs721UExMVLmqZjlUqFiYlrqCpmhpkRRRFjo2dZX/+eVKvVq/Pz888PjQBgamrqnYiM7p/C1mS+rdVqF/6Ywv/IL/azYiamBPboAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJsSURBVDjLpZNdSFNhGMf/787Ome8SF7mxvuecJGU6SLuWIGZ0E7WgFRiBdZFE1CDwJoyI6iYvhIqKoqibrsIgwUkUjDCkC7UQ03IW5EfS8muTvec95/SsXE3dXQd+8HLO8/+d5zkPh1mWhf+57LlDNBr9YJqmj/je3t4eKFQcDocHdV0PSClHOzs7ty8TULDCMIzHxMlIJFKwLQpnaSP2reqAgg7iENl1T1ObLLI5IKQFYQKnPDexpRhoPNdjp3A9sSOXs+UOFBwgbhPDvepdnuKz3OZ0c4u7eQI13MUnuRDiE/GQ6F/VAQVLiHpCutQ+xFPvUKfcgM2oRFfyIPpnqiHECUlvP0K4Cgl0IkEPq70OYHdpMWZEMxbSNUjOhjA878nObxLZGu8qAd0US4KqBm8AGnNCwo+UaxrY+AQm03FfCCwJdhUSlBAHvF5vsOvCtwI7sNEIYlu2JltbSDBHdCQSCVnZ2lHLaQu6AQhaaJP7Dpy9PRiaG1ecmYXgT4vpsZC9JRST1/8KyK6RwE8obzPXUKsdh8Mo/y2ZfPkem74MI3TmoubwV2FxIKYOxruvdO9VU7Y8gUr4CfZnC2cxo3+kzoDFVzFU1B9G0efXYI+Owjn6DGW+UsVi1vn8EWaJp8TplVsoSY6haL0f2B/99w9c2gDFZGX5IwQpfIwo2+P2WRrj0PlmpIqnkXE7WLrvBdY8b0ZmcRJpqp+fU2AoGM8XUFa/p2nag1jL1LLvL9hOrOuJw1fKYVdUzE9LjE0xw4J1i+V+52AwOESCcmJgZGSkbuUS30S2tnydmLjssUP9YVhyrYbWhpi8+gtmOYLutSnwxAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGrSURBVDjLpZM9a1RhEIWfu3eNYVcLiYqrmA8QjPgrBFGws4uCrYKdVgFBAorYWFtYBe0FiQqbRlBbERGDhUEwxkRBiCEbZd85x2LvfrFbBDLVFHMezplhMtvspkrsssrt5sHCj44V2RiIAAyWkCHU6kNw5/J41gcAOHpgBGMsMGAZGdwDkWB5vTHoIGzsQiCwjV24KUCSkUw0h0SIaFnERiqE7V79kGZoEOBQa9AgCYtCoI6wDUxpCCAJFEbFUGu43avrxKDkQYCSCLmT0z2ZXURqO0nDAClBhDr5+yFQW3rMwY/zlH4uc6J6mPrLtdlz9XS/C4ggolxsvRC6dcra0hNObbxg+spV9k6dZvtDnU+vF+8unt2zVeo6MBFGCSLcukqIFGbfu0ecPHOR0S+vyOYvUVl+yuTEWO7MN3ocuNhB/8ZtU9lYYfTIFFy42c0+VyNXNtmzA/H5W6OTWRIOI2C6cojG++dUn13n3/YaDWDzT07krGY7+cY3M8fmRvZXbx0fS+VyaYXNX4mv63k0//p2ttN3fjszPrv1e/VaHtlE5P5ueHi+nu79Bx7reDBYdnW7AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJASURBVDjLhZLNa9NwGMe/WRKXpp19L6WrdVsZHgq9aBF2cFDRDi8WxJPssqMXDx4H+xuGFDz1YC+eBvUgnWDc0FqoL+CmHlylthurdWqG7bY0zUvtL5CSxYOBh+f5/fJ8P89LQg0GA9ifu68XMzOB8INJ/kL8WKGwf/y5WW817z/KrBXtuZQdMBRfuz5z+emcb4E97LvwtXsG3aMOfiiP1Y0Pwu3ineenIGN24nm//+GsN8U2dQ3bf4BnByJe0luIhsKM1+Fatecz9ovZs9NT7+QaPFoKG3sStOgOPrFPQP92YtoTif4XoOkyTmTgTUvHN5EBdxKFo7sEyr2Jnlr7Z1+jEarVqlCpVAa7P0U6pEg4kmqgxjgcfPdAP9xDnAPqu7/oQqEwyOfzwinAUDzvcDjSyWQSVzxZ7Oy/RSZE45JXw9w5BTeTW/jSfo+l1D1ks1kEAoF0LpdLj0ZQVXXF5/Oh3W4jPD6Ji+O3UNxeg6q9AsP28bHVwo2pRfBdHo1GA/F4HPV6fXkofUGVy+V5nuc3Y7EYOp0O+v3+yIZgkM9MURRomgbLspiYmIDT6YQgCAR2lVEUZSUYDGLojSSO4wwz/w/irbGu6+j1ekgkEqjVassMqSJJEkRRhCzLoyRN0wxvns07cmYYBm632+iQANKkMmnZTLAL7GfiXS4X6TpNRjBIxMyq1sp2iPnO1DGm0BTbIfZRzJ2Q2AAQkt/vH1WyJpjLI7F1ocQikcgIsF4qlRbMlqwjWWPrmJau1/8CtF7RM3ksOU0AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAILSURBVDjLrVM7ixNhFB2LFKJV+v0L24nabIogtmItin9ALBS3tXNt3CWgVlpMsAgrWRexkCSTd0KimYS8Q94vsnlrikAec7z34hSibON+cJjXPeee79xvFADK/0C5UIFyubxLUEulklooFNR8Pn+Sy+VOstmsmslk1HQ6raZSqd2/BCqVyh4RW/V6HePxGJPJRDCdTuU6Go0EZ2dnIFEkk8lWIpHYEwEi24lszGYzjHptfPvsgvbuEJ9ePMPH548Epwf70N4f4fuXY6rpYDgcIh6PG7FYzM62dSav12spfHXn2rk4fbmPxWIhIpFIRFfIzk+v1wvDMLAhka9vD+B88gCv79lxdPeG4M39W/jw9KF8q+oJzOdz2VIoFPqhOJ3O7mAwwHK5xGazketqtRKws3+Bto1arYZgMFhTHA6HC78XW6P0wYJmcAy2y+9arRYoPCHTpOD3+w8Vm8122xTgQhobqtUqms0mGo0GeDLckdOnESIcDqPdbnN3aJp2VbFarTfN7kxmUqfTkSLuyM8syB3pLMj7fr8Pn883kTFaLJbr1EHfbrdilwm9Xg/dblfABNMF3/NWisUiKPjHIkDrMou43e4CF+m6LkUMU4idcFc+WJwRkbU/TiKtS4QrgUDgmGZrcEcelXkKORsWJ9sGkV3n/kzRaHSHgtrQjEGCHJSAyBuPx7Nz4X/jL/ZqKRurPTy6AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKdSURBVDjLbZNNTFxVFMd/781jICiCCFoSC5YgGGAQG/E7EhckJFqMe5suNI27Ji7r3qXbLk2rSRuFhU1asESgxvoRm5qQoIAikECMdcIMAzO8++6957h4MyjKSW5OcnPv7/z/554bqCoTFz4eUNXPFQooLymKKqBKmvRwibdYs7t++8oH3QAR6YHzCk/l+juD+3/tolq7BClMUIHibpkDo4hGp6hGCoBXc/0ng9eGTtLZkUNTAqKSVpW0entLI40NES+/+R5HAKg+nBvoYvrubxQKFVQEAKmpUEVFKZYqxCbh31G1QBBlI54c7KLnsVa8B1VBRPFe8SI4UQ5iy2eTC8cBFO+FzfslsmEdcRxjTYKTdN+RIarL0vZAPaJ6DAAQLzhvMcbw1nM9qfxUHarK5flfeOJgkovPrjJZKfxfgfWCtw7nQz5d+BljHc4r3gmOgCE3zzODJZr73+fEIx9x78Pe8dMXV2cOAc4JibUkAhrWE9TVQahIIPTG84z1rNLcN0Z5c5rWR/vIdJqp6Qvd79aaiHUeFzuM9TgvWC/VrHSGv9KSex1fWaKh7XFiv0XH6HCjKxcu/aPAC9ZYjPWpHa8kVcifrhVb2CDM5AnCMtmH8hBX2P/DZI5YsEkKcKIkTmhz64w/+CVNTYq4bUIpQtiE2oTlayvx0krpfFQbmMR5nHEYK1gR+twPjETf8PQrY2hyi8DvsXjzgKRQJBDL1kbp7bNX16cOe+C94hOfWhDhheafGB49Q5K/RBQ1sziXMLv3Bl9vRuTX7mzdu/3t1JFnJAwZeX4IDQK8V7JkCTLbZOrbWby1z1flCXbaX8Ss3aVYcXP/nYPZmRvfv5P+vOr8n7CY/B1KO4ZPlvtZtQHKd6Bc//3HL87VAH8DX5rXmGdCnY8AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALDSURBVDjLpZNLTBNRFIb/6RMqtEDBFopFXiFGIERYmKgJUXBFQly4gI1LXbghcYPiI/JYmbhxLQvC3hjjQkSL4SnvYCRUCNJCSwSq0OnMdObeud6ZBIzB6MJJTiZz7/m/c89/5gqMMfzPY/tXwkYkUmkRhOuU0nJCyKvs7OyXPp+PHu4LfzvBSjh83+PxPM5wOs1vSZKQTCbjsizX1NXV7ZmLBuBPMbOw0LsVjzNVVZmiKIwLGQewRCLB5ufnv49NTGQYeZY/VQ6Nj/d5vd67BV4vOAC8IjjEqA673Y4stzuHi28buccAoVCoJ+D3dwZ8PqTTaRPAewf3wHwfHBwgx+OBRkjnMcDq4GB3FaX3TrvdZkVDfCg0QtM0c52birSm5f0G2O7q6vY7HF0FNhtofz/02VlTbIgM8ZORdvS+v4bME04kRRGpVCp8BFhtb7+ZUVralcF7JpOTIJEIhIEBYGjoV2Wiojj/DDpeNOHT8hJSothkjnEsGHT6W1qUYGsrtOlpkFgMOh/Xw+Y1MKpCZRQqhxTlVaK2+CI+fn2Hxc0pppC0+8OdhGhLWq0lRQ4HGDeHRKPQueOUB9FVNFffAGU6qE6hgyG2H0VN8QWIqizMRkb2a3ssebYfsqzK8Tj0RAKU93YIMI5siDf2vkDTuYm6Bo1qOEgnUXfqEkRNskytj+5ZdkRxI7y4uJRcXmb2wkLQVMoMhSgglMDnDsLvLkGhpwx2ayYKsgOYi45hbG10R1LRYP7Kz3Jz8+srKuYqq6r8mYzZpc1N3GqLQuFjVHkrMlFZef5Z4XzZVcxExjEcfrOtElyJ9bHPR3fhaVZW7kmX6/m5QKDRIwhuhRsZkyQ9Kkmtbbu7r6t7LKmG4GVXKDy8peqmeOXYZXrkcAgeq7U+02JppIytqbr+tkNRksZe2QMhRXWrS9Zp2bc+tn6o+QkxLL87j8znVAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ3SURBVDjLnZNPaNJhGMd/ohkRQd0i6DCoY4fOdYjWOgQ777LLSGIRLQn/zJC5GnPQECK97FDbwUFbw2EQ/lke/MM2bYFNpzDTcIrYYjmdP3X++/Y+L/zGqA6xBx5+8PJ+v9/P8/D+BADCSTsQCPSeSLi2tqb0+XxGp9NZ/OeFRCJxLh6Pm6PR6EY4HHaypJvHUq+7WC0tLYlzc3N/i7e2ts4w8UYul8PBwQGKxSIikQjcbrdnZWXlFUvNbG9vIxQKwWKxzP+ZrIzFYqvZbBZU3W4XUiWTSSwuLoqMAFardW9qamrEaDSelYQyduHB5uZmLpPJoNVqodPpcAPq/f19iKKIQqEAm80Gs9k8qNPplKQlZBlrx87ODkcmAWHT5WazCaJJpVKoVqvc1Ov1YnJyUitRC2xR4xKyhE0E6XQajAz5fB71ep03GdL8JpPJdWSwvr4eIkQJl1La7TZqtRqfm5ZJ+ERHxiwQBoPBd2Tg9/t3Dw8Pj4SU0mg0eCIZk4C+WYcV/sEr+HRbAdfd0z88ffJRbhBcXt6lNHKXhFJiuVzmhl/fTiCquYH6Rwu6CTfEd0/x+dG1trdX8ViIzMwEaAeUflxIqdLMH+6db9SYGK/7Af0FwNyDny9vwXNHnhFSet2sOD2NZjDIBZVKhTeNRUZ2u52wu90vDhyvkukiPxeyKpXi25OR1drEC740Si6VSmBvAgsLC9Bqtc/ZvLnqm/sAEzV0An6xzg7Lwc7zfJOZoSFF7OHwrFOvD8xrNXtjY2MFtun3Go1mUK1Wy4IDl8bDqqutgr4Hu4ZTSKtk8PUr2u4++bP//gNDA5dHWeJ3wiYiEtP5byK4FJQG5P/0AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ1SURBVBgZBcFNiJVVGADg5z3fmTujY5NZBANBIVkZ2J9IKkZFGKRuglq1KaqVtoqoVbSKFi1LoY2QEVSbcqiFWWJqPxL044wUGESQVqJOKerce7/z9jyRmba++tXTy2YmnyphPaYQIJBBNuPWfls8l1/EfxdeOrJnxxAgMtO2148d2ffC+rWlxMqkkwBkQjp7aeT97xf99cfS5ZPzv6w6umfHElQoXdw+qN3KhX90JYIgG30243G6Muo9tOYa999WfdfOLs92x4UHd3163eG3ti8ViIgVmdkNumKiUIOu0AURFIFmdmZgx4ZZt9w6uazOTO+FAklAQQlKhBKhRCgRShfOnL/i5hUjd64Kz2+6XjfRPQkVIJPaEUJGaH1SQu0YZHHqXBq2sdaGHlg9KWoZQ4VMEjWKlBJRQiAb2RUGlBZa66RCFFAh0RBBCIlENiY6QBTRhyypIROo0MZk0hDITFAKWqhdkkGSQt/oG1ChtZSZJCkBSCCEE79+Yv7UnIuXLxiNR8rwnsomFfpGn2SjAUjQkuPzHzp98XMPb9ngplVrHFr42OX5ubpx1943K7Rxaple+2EopBZkBo2MNL3wnie2P6ovvbtntzp48iMb1232+6n9OyuMx72+Z3Zmwn03Fi3pkz5oyWffnjERKzy29lnw4iPvmDuxG/unKoyXWhu3lsNefPNnr0VKAVpy/tK/Fk5/7afTR72yda83DjxjqpuEqxVGV/u/pwfdDS+vG05nZpE0wLXLqn2Lzzn287s237XF3IndBlEd/fEwvB2ZacPOgzvHo3w8Iu5NuRxAkkhpovug1u5Q5SoGfWurDxzf/eW2/wEnITFm/fHryQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALrSURBVDjLbZJZSFRhGIYNRyK6iC7aLiK8qG4MifZuylxaVOymjZQKDYbEJE1nskITEpeCFAy98KIJl8LUyn0Hzd3EbVKcxlnOuMyZcUads4xzznn7Z4JJzQMv3+E/3/t87/n4fQD4rBdjqIlmNOV1zHSJYXk0n7MPZvK27lSrtSNhdKlLkbG53/vC6qoPsNovDTzVAJelF8LqL4icHhJvgGCfAj9bD2tLPBaqb2ot7YqADQBG/22nY0Y1sEZ3QXQaiHTEPAmRHYHg6CfqJWdqSGs0VgbegVIFWxfblfu8AIe6KIc31pIGE0R+hlQKkmAHJKdHkmAjsDG4lmsB0Qrz93hQn27XewHLw9mUyzZGemfIpFlILgsxLXmMHrlo8k1HAI1EFeBNg9AUnOW8gKUfz50iOwuB6YPADpP4ahJ7HMLKCDEMkB10w7XSDN78HpwpCaLDgKmc45IXYGlPNDoX+8n0CXDGF2RCFmxf78NWJ4etNhaWsghwVCYYzR2s0bngDIOYzjvxL4GlU5lt68sjcS3g9AqYiwPB6lOInoLRyklNxlzWDqxOhkGSNDB9ToS2OKLDC7D3ZMgW6+RTqxOlZIEa0B/Oesws9QiMIQasLgkL+XshMp1Y/lkJdcZRnqpKPLzhHtBtysD5ymh6dbwM9qqHfwFkstvM6p5gOuM0eu4eQuslGVqubrc0hfoqNwDcMjelnNSWP5ifKwkD1x4Oce4yRFMQ9PnnMJp8BlzdW0jqRjAVSRiMPyY0B8sSfDZfzY7y1+GFr2LXPhamoSj3PN6kn0LNtV1giRkFkYBiN5DlDzr3IppCfLX/Adx6qZAbVKVlUKkqUFRcQmL7QRquwvrHlr7f/TvSlgDF43s9La2tMJtpDA0Noz5qDxwlsQAx8ak+WCLSy31B9kBtCWgpz465cf0KExoaIgUFXZCyowJc/XFHxDmFP8zP/PA7bhvaImVCY6hv2paArdR966CSTJx1xybV6Da7z/8A2VoHSyUsj6sAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALsSURBVBgZBcFtaJVlGMDx/3U/9znz7LjjfMGXYiq1VkkrUiRoZQUhhoOKrAi/hEH0IUHFZQSREu1TQh8CP0TaEBQtIYikfRD3ciSWc0rlWpuzEmbT5TZ1O8fzPPd9Xf1+8uLHvW8XSnXbnbABWAAIAAKYgClBdXz2lp2ROzMd/YfaUwAAAHnps3L/0Z0bHnVOGg0SDAAAzACMqbmMY4OzTF6rVYZ/H1lSPtReAwDwLpGH8z5pvHyTxImAgClEU0Iwqlnk+YcaeKrFM6BT9aaPzDz3/o+Le7/cWgNwIrLQzJJ84sg58AKJg0RABBwCKKtKeYorvmdtc67gS8UjAADOQAAc4AScCE4EJ4ITwSXCv9NV1izMmKtOEOq+JsklrwMAeAAz8AkIgomg0biRjjH03w9cn/uDMB4JaaCpYTVZmKd+5QkHzwLgzcAALw7DMGCyNsb5qe+4r34Jjy9tR02JFlGLBI1UKgNuyxcvXPlp19lmb4ACIiAIBozdHmBZvsjywgqGJgYZmxwlSwNNi1cTQ2T4SqrdHWebAZwGMAMFDDAzrs5cYuj6BU799i3zFcfuZ06ye9Mpbk1XCRVHqLyTtu3fWADwqoaZgYFhAOxYdxAzUIOokeODnWxb/xGL8is58MonvNw5yLlPz1cBfFSIBqagAAAYQVOEHF+V93G3OosavNV2gA+Ovsdc7ZcFT+wKFrLwj9dgqBn7L6YIhgqYCagjvfkhTQ23qcsH9nzzNFkaeLBpLdu3vcHwyJ/09p/r9iFEYoRVpRzrlzvUIBqc7nuN+xtLtDa3Ei3yWMs6okXUIqNXx+npK1+IIR73oaYaVC2NyM8TERXDEJa2nOTvy3uozA+QhcDwyAghDYQsouGBGELc+1fXtR6f3Ys3ivlk2b7WtGhmDgMFABZt/JyOrnep3Jmm3PkrImgh7+627uieGO3a0gPgRezg5r19r4rIk4bVAwBgYIDxJjE5nGvbeSYD7qnqkHccAwD4HyXFhGV2sNBxAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAElSURBVCjPfZFNSwJBHMb9UPOd5pR9hUnvIQrFQl26FHXo0CmImEMoQUhl48vBw5qWtY461pKU9PTsrJRsFM9l2N/v/7IzOeT+z/ehI9qqpZvW2Ia+VdciI3Rk20SIsWBeMUTdXMkVgdjNAcwxg8MbTzEuXU0uBTY3CZ5gDMuMEHlFm3PhhZaKMviJAbo4UV5o6phtE7jO5FEkHnKTMY60F+7sAlPiiDDvhUc8UHrHvvVCg8KE+NnjNRQwYJIee6lwo2dcKZlbJCxgg7jP/wmxm46oqz4+WZE0Hnh4jx4+UEWQLlkTF2bKrX9gyIIeAhOI5UWdyVM34scX38exOkTgKnLlqo/loalzRMzZXWhUTElmHutA7KhtvWXLtqQ3VVn8es2/8gUo3nl2LXz6SAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJfSURBVDjLpZNNbxJRFIb7A/wF/A5YunTDrpouujNxY8LGxEVTVyU11UVjCmEsUUyb1gYqEWuqtqmRWukUimksH6UMHwIW6FCYwWFgYBjKcc6FGam68ybvZuY87/m4544BwNiobiyCQZVJlVnV5FDm4TfDn/Gj4DVVxgdvBIvv4IwKHafp2MkpF40nuP2jJP1qL0dNeXkLxmDsFYMhfN0TKFujp1mGrQkgSl1QLvtEjZYMpQoPwaM4s7STtWKsZqIZGBGOJ7+L7Y4CeCS5B7zYBU5Vs9Mj30RJhv1wRHRtpdDESAywLywbM2twVZCh8lOGt+EKsHUZyvUOlPiObrKzG2TurbHYjgENTD76B4Vlj8II3noYgI3DCoHPam0iPMncOTi8IQpZNDAHv6Vo7BlLRVDLenN2j+h1iCVwodoGoaXARV2C5fV3NLJoMBmJnXA4rFqjS2DMWOTaKvyZaOJRCPwxDnIViRjJyiWsudc5ZInBcTRODLB8DcZAAs8dwPiMn/zLstKwii4sr7zUDcxfviboutiBhqTovWLgxBx9Bc6ct8jNpIt1cLjcegsmtz9DFUo16PeBgPkLiZQ7PvOJwAimyy1IlVrQ7fVh9zABVucHfYiG+56qxR8IM5wwmDJmQyGsgclSkyTIqNntz1aZO8704Bq1RXJsRK2bHwMiyw8C601FrwaXCTOnizzYXB5x2rH1e5FGV3neHbauejeZUCQDBVYgM8GeE3kOtgNRmHcsMVP293+v8uhjuvsib5l9vk09WVyhHU+d3IKd4h7bXPS0zUfdppL/fkz/85x/AR14FVfMwp4lAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAK3SURBVDjLdVM9TFNRFP5e+0p/KcQIrZZXYCCBdIMoaGqESGxCTBqCg5suxsRF44IjgzG6mZjYwTB2Mg6YOLQdNKUFTKwYEJ2koYZSqi20j9ff91rPvbEEbXzJyb03Oef7vvOd84Rms4mTXzablXQ63Vyj0fCpqjpGgXq9niiVSqFCofDa6/X+OJkvnATY39+/IAjCvMFg8NMJAgIDqFarODo6QiqVWioWi09nZ2dXWzW61mVvb08i1nmTyeQ3Go1gwIlEgketVoPZbIbb7fYfHh7OBwIBqQ2AZM6JosiZWQED8Xov4fLkJDo7O1Eul0HK4HK5/JlMZq5VJ7YulUrFZ7PZ2MnZviWzWFtd4UrGxyfQ7+xi/qC3txcHBwc+Knn2lwLqc4wls347iH1tNQ67+xzsg1P4mFRht9uZSlitViiKMtamgFzmhjH5RItGA6jBAk3rQE3o4jmapoFMZABo84AAErIs8yQaFy5OnIciF1AoVXBluIlcLsfzdnZ2mB+JNgByN0Tm8Hs8HocBZdycduH2lA11JYNoNMoVrq+vszZDbXuwuLgokYqXHo/Hx9rJ5/O8Zxot3wfn7gcYv4Qg5NJQ9UgLaD6/GlafHHtAzo/TCB2xWGxpdHTUPzIywntlBKatCMzyFoZv3YNx0IPyRvjs1+XIo8i0QeEKgsHgdcIIEmPH5uamm5YqxVhZ38yT21jDtfsLMH9/D+zGgK5u/BL78Sm8nOQKSOaroaEhMA8kSUo5nU5YLBak02k+nVMb72ByDgIzD47dFxfOQN8QBsQ/S8QL+vr60NPTw98sHA4HP2vb3Sh9fgvrm7uoljMoUY1c1EMjLzhAMplEJBLhS8SiBcCCvWdOm9G9EsUAnaLeAPmniu0M2YjmC+Hf3/l/X/yG+6GST9/Ra0K/pm/uUlXAF1Yf/wakxYbML/JgHwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIxSURBVDjLpdNdSFNhGAdwKSNyg6ALC8GLoE8so49VRHVRFFQISlJeREXQBxWSSZDUpNrOTDoxSGvhmokV1TazLeekTBda9rVKmW5lYq6slgutOI7j1vn3vKc4rCAv3MXDgfPy/73Pc3hOEoCkROq/B6v2GdIWHLnhmK1v7ZtZ3PIuo9DmOr17iaUkLx1Ud6g2jgqo+JCU4x7Bs5AEe4+EhbYYMsv9iEYGcU+/VEZkYNkew7iJnHBrgl4YSeYEJJcIGF8qoKw9Bv8g8GkY8IaBthDgqatCsNGAq4czGbBLBhbv5VWT+EiL2Q9cfg2YA0DDe+AxBeqDQPvX3+/PdwKmfA0+PDDCuGM6A9JkYP5Byyy1SexgQM5dIJvqpJdCb4DWz8BDKguhhzxDor1Ig+7afBaG8hFnFDiyp1ZFgxa6JbcR2NoEnCLg2ltqfQBwUzcVhJc1+4c8/Br0urV/A9OKvJyxQ/qmfQ5so/D2ZoB7CVh7gN4fwP1+wEWjGK/XoKt6C9rOrWeATwHUugEn3RBjrW9oAI4TdJPCno80RlfsZ27d9+Eslxitcdpk4HbxCgboFEB1JvKk3CfhSjdQTXM7+yRorCLUZ8PSposvvMZX0bydtf2Vi9JT4avcjIr9GQxYrQBzC2zmVG2nkGIISyncF2mKLiDOKbQ+it8JCqy9dGCe3EH8/KMu0j9AqePEyoSAwFNTVkKAHG7i1ykrPCbAfmw5A46OBbjw5y9kz8nxZ78A90vOcDVd+i0AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAINSURBVBgZBcG/r55zGAfg6/4+z3va01NHlYgzEfE7MdCIGISFgS4Gk8ViYyM2Mdlsko4GSf8Do0FLRCIkghhYJA3aVBtEz3nP89wf11VJvPDepdd390+8Nso5nESBQoq0pfvXm9fzWf19453LF85vASqJlz748vInb517dIw6EyYBIIG49u+xi9/c9MdvR//99MPPZ7+4cP4IZhhTPbwzT2d+vGoaVRRp1rRliVvHq+cfvM3TD82+7mun0o/ceO7NT+/4/KOXjwZU1ekk0840bAZzMQ2mooqh0A72d5x/6sB9D5zYnff3PoYBoWBgFKPKqDKqjCpjKr//dcu9p489dra88cydps30KswACfNEKanSaxhlntjJ8Mv12Paie+vZ+0+oeSwwQ0Iw1xAR1CiFNJkGO4wu3ZMY1AAzBI0qSgmCNJsJUEOtJSMaCTBDLyQ0CknAGOgyTyFFiLI2awMzdEcSQgSAAKVUmAeNkxvWJWCGtVlDmgYQ0GFtgg4pNtOwbBcwQy/Rife/2yrRRVI0qYCEBly8Z+P4qMEMy7JaVw72N568e+iwhrXoECQkfH91kY7jwwXMsBx1L93ZruqrK6uuiAIdSnTIKKPLPFcvay8ww/Hh+ufeznTXu49v95IMoQG3784gYXdTqvRmqn/Wpa/ADFX58MW3L71SVU9ETgEIQQQIOOzub+fhIvwPRDgeVjWDahIAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAETSURBVBgZfcExS0JRGIDh996OFIQEgSRhTS1Bg0trw937B9UPCAT3hnJ1kYbGhrv0BxoaXSsMhBCsyUEcoiTKUM/3HU8Fce4Q+DyRZz5DcOkdiqIIiiAo7xiCMXs4HI4ZisPhOMcQOJQbOoxxKHm22UUxBBbHM1cRfw58GUtMIAieTIwgxAQWRclMEZSYwCIIGYsixASCYsl4pgiGwDFF+HWUaDopbfCGHRp+nCWSTktFXvFDOKyuNNYp4LhFriPPaXW5UWAV5Y6HNH+/dbHJIjN6NHlJzMnxWqNIDqFHh8/U7hiEJbp0+ar0m2a4MGFEjie6jCrtJs1y57FuI21R6w8g8uwnH/VJJK1ZrT3gn8gz3zcVUYEwGmDcvQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIgSURBVDjLdVI9a1RBFD3z9r3sVwrdWCwYUkSLWKaQWOwf0EpIKSIi6QSxWyxSrE3+gUVEQREsU1ooiIRImhSCCImNIcj6kcVNNm/fzP2yeJu46yYXDpdh7jlzOHOdmeG47r+7azeuXMdWZwNiClEZQMHKuHqhgedrL/Dm4Xt3zIkxVEwMtXxYVMCqg/4PIfAw5T+BwDADSGRIJIeq5neeRgSi4QMFRhEVFKMSSBhBCEEIJIxioYyyTYICne2AArc62x+X72Q/MXXQRplzu2kUoV2ZwttvH0CBW2cKvLJfe/3v+7147vYkTc/gSCIYZ3CcYrq/i1s7r3tLs25vmOOOf8FeXlsA3FqYf1T3oQhN/4CzIxhlMA6AK6BYcqhsP2mD7Gby4PPmaAbCTZ67V/dchqRdSMiJRgGapeDub6SdLrKZxboeSnMsRFNuUHUW2j/MiRwAJih5GAco9cEH++hzBfDSGM9AraZWgFEG5QATgnJOljAQ8RnEM1Rc7ZRvNJgIlOnE+glk0DnAxMP0lD0wtY6jHqAyap19ngN5AAqwBwidcQdC63H3C1ycQCWMWM9fFkRJGSX/AxywPu6gryvx1rN24lJESQlQhQnBiAAzFMpVFKsJ4k8bbdNoZWwPACA8vrwERivML9aziYsQVphPAUoxcbSLeGujreyWz63urJ4qAABZ89KC9rgJ0oaaq0EAM9dRxrpOJCvnn37dHJ7/C8hDreOQ71qxAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJPSURBVDjLjZJPSFRRFMZ/7804ODhT42iaxZR/NiEFFVESGFHWTilo1SoqEGplQUQEtnSV4KrARRAELZKgVRshgoggUKgoDCUEIxumxpyZ996995wWM/knDfrgwoUDv++c7xxPVQG4f7mjG3jPRhUHx+cy/EPevUvtB4E7QH8q28r5W8OU8m8AaGg+zMPhm1RKSwCPgInB8bknawFxYOLkmbO7kqk0ZnYKVcWFJQBUld59Ofy2LlT13POnzwaADYDdydQWol+LWLHMPR4FVUDJ61sUJVicp755ZwJI/D1CHABxqLX4me2Is6jK+jmDMlGxvGkGcQAVQaxFTIiYsNbB/6kGsIgz65zvLl8jZpYJIks6244ECgeGuDL2TsUK1ijOuj8Ah1gDziLOgYJvK4xe7SMe8zd1LhQjbox9WAVgDeoEtYKqopGhLuZz+8EnioGjuyXJzEKFdF2MTCrG9GwZZxR/pQMnOCs46xDrEKcoEIRKQj1yrUl+lIRtmThB6NAIvFWAIMahtSdG0KgaZD0gofJ6+icmEha+hXyZj+jZ24BvawBxUnW1DrHVv4uqgZpQ+Vp25AuGjOcxs+DwPeX00VbE1QA4RYwgVlDrUOuQSEGhVBH8UDl1JEt2a5xk0ufYoUaaMgnEKXHgpYmi3oYdOVQUFQEFCnX4MXCR0NFUR//xNqY+LpFWy4meFmK+h2gVMPJicjIN7F+7pqXYAPlCyMjQHlCoBJbrF7pW6t8LITZSPP3H1fVdfPU5Cmxow6C+M9fYKVINWxVUFBEPVPgN0HNzn605xt0AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKRSURBVDjLzZHfS5NRGMeFoIsCoX/CEpq6GeWNGypO24/WpuliQ0hf3dyQta3lvGkibthgpF4kFYkI3igKIoleSCmiEDUVf5ZMk4Eazr0nXU3n3n07Z3eL7rrpwBcenuf7fM7znJMFIOtflPV/AFLuJwaqYyrCJLgcRHDYSLLFSi6aTSTBNZDzujpypn9I4lXV5JdKE4nJ7xrTANpQQxXD9BSwsACsrADb28DGBoQP7xEZGkJ0cBAnAwPgX71GuLsb4WcenErLYidFxRoG+IS3b4CJCWBkBFhfB5aXgdFRCC4XwmYz9jkO0YYGHBmN+KxWY6urC9s2O4j4TpgB8lNPHR9Tz30AvQ17e0if2VkI1dXYVyrxXaHAD6qd0lJser3Y4ZpA8m8f8LnimvQb0H2v0X0nhXYPMD4OHBwAS0tIGQyI0EaeQvjKSoR8Puw+4kDyboWiNwoKMn7hwtyUnaivf5dsbQUWF4G1NaTo6KS8HLGKChz5/fhGm/mbhaHo9TzRX7/xzGDMjjyomZp6bEeANvT398NP3+FrZyc2W2zwO5xJlvN6vVGLxeKSSqVXMwASieRylUrV3dPTg8PDQ4RCIfoUs3jh8eCl2SJ82dpKsNz8/DyYR6VS+TMAYrH4ntPpJMHVVbTf1/1U090bGxvR29uLtra2dKxUKpN6vX6SQZj3zwn8HR0dcQZYLiouLJfKkjMzMwgGg5ibm6M/OwqZTHaq0WiuMADzZgBEIlGzyWTiGUCn002XlJQk5HI5tFptWixmOVZjAObNAOTSo1arNwOBAD88PHw8NjaGvr4+2O12uN3udMxyrMY8zJsByMnJuURHLFAoFLscx8WsVmuc6ry2traOqozGJyzHaszDvL8B+W6qBSeP34AAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHuSURBVDjLpZM7iyJBFIXnR/V/6nADdaINOprWDUQUFEETE0VxDIwEkRJEEUR8lY/AwLeirbYPFBXv1ilmWmSHWZZtuHR1dZ2vzr236oWIXv4n/pjo9XpKt9vVOp0Oa7fbBufcaDabrNFoaLVaTfkWIMSqEPPlcknH45Fut5uMw+FA8/mcqtUqr1Qq6peAD7F5Pp8JD9673Y5M06TT6STnAC2Xy2apVFKfAB+2+acYDlarFRmGIQPjfD5vQRhjPJfLKRZA5KtBhAc7Ohyv5HL9ehLrupMWi4Vc0+/3KZ1OaxZAFIuBDKvb7VYAHBIAKGN5+mH/KQGoA+qxXq8pkUgwC9BqtQwUC+LNZkN2u4OcThclk0k5RgAwnU6li8vlQtFo1LAAok0SADHCZrNLwft76gkwmUwsF5FI5AGo1+sMFUcasGez2aRgNptJV5+A8XgsOzMYDCgcDj9SEP3V8PN+v8vC6bpOb2+63BEBVwAMh0O6Xq9ULBYpGAw+iij6qhQKBY7dsOCzfaPRSAaE+MYGGAsxF6E8HaRsNqtmMhkTbcPC/X4v80UaaC3AsC6Eps/nU788yqlUSo3H41ykJCuOmiBn9F0cHhJC7vF41G8vUywWU0KhkBYIBJjf7ze8Xq8hRMztdmtirPz1Nv5r/AZMKDFYuHxjqwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKRSURBVDjLpZNrSNNRGIeVuaSLrW2NCozlSsrCvqifKrG1vyznRDLQMi9TsamsUCzvSWJKC0Ms0/I2hratmVbi3bLIysRZlgh9qFGuCKOF5KaonV9n+yAGokIHHs7hhd/zvofDcQHg8j8sW0wN2FpQJuVNl8u2QC3loEDMtUX7CYrXJDjrx8u6FcYlNVE83KbciOCiNISD9MDNRHaQf3lVQZWMgwYaVNNQqcwBF1dCBbhwlIczfpypVQWlgZvQVZUPS6cag7XpOBckQIZkB9IYEZIPcee02XL3FQU1scKfM98/YOpFFb72XseooRDm9quwmk3QKXdPvdOkrltRUBG9f8A6dBeTw0bY3+ooeufZatLhToLv8IpX2CZrYnsfTtXqVP6YHa7FzFirE/ubJrRk+sM3UHlfwNSsX1YgCNG586WNKZ7SPox9mYYhLwz6PLkTx/n5+G94Bj8BT1x3ni+u3vCPgH/c4OoRbIgXhg5g3GJHowXIGANSXgOJT4G4DkBTXolnMT7oFbPxgNlo7WDYuYuCAxH14ZKTahgHF1A9CqheESj7CZK6CWIfElwrqsRI5hHMtJeBjHfBps/AUJrvn55jbiqnYCR/38JkWzZu1rchvpN2pR0VjwhimglONREYw/fATsOokANZXKDECz/UQeiWsD45BaMFPsTaU4So5AYU99oQ3Qyc1hNEagkiagn66NjE1IKl61fhdlp3I07Be60qx5TjPa9QlMwHxPdDQUdPWELrCSGm6xIBGpq96AIr5bOShW6GZVl8BbM+xeNSbjF/V3hbtTBIMyFi7tlEwc1zIolxLjM0bv5l4l58y/LCZA4bH5Nc8VjuttDFsHLX/G0HIndm045mx9h0n3CEHfW/dpehdpL0UXsAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAB4SURBVCjPzZChCoAwFEX3GSbBLzMaDOblBduqrAlDYcKCqNFiF39Gp8iDq91plhPvgQOXgX3D/iRM50gDWdKkSNJDmNJxHmbb6kN10gjjTdhA7z2kE6E3cc9rDYsC3GWRR9BbhQYVSuRIFo+gICHAkSFB7H765BsXhQcRTCg+5ikAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJySURBVBgZpcFNbNN1HMDhT//9d926NWRb65BtB8MWAZGwZIGRcNAZD2qA6E6cOKDhAjFmBzwYYzQeOXHHiwfFAOHAZScUEmeUAPFlWzMDyOtm27XdoF1/3xdZ0iYcvBCeJ+HuvIiYlm+vVD535yN1GzIz1EDMUDXUHFFD1BA1RBUVR81+jWkx9xNTe7I5nsMX3y/uimnpjW7mGn+fYa1RxtQwMUwFF2VdI37s2kvVU4gJosKn+74mBE3HPFW6MZncnHybdGaAzKadeBA8CNqsU1+Zp2f0KK8PvguJiLbHDSGIEvOUqw0PRZdJdR1Aqr8RdY6hWqJRKfBnOMTS7T1wu8izDo730RQlLl57o8PVPuzuHQWSWP0RxOuU78zQ9+rHTL5ymA3nZpeYmhigrVhrEESJTXXMxY6ls6O41CH5MoSASJK/CvNY4SsiWSfv3Vy6+h6SGiAVw/bBDM2gxC52urN/PFcvzWNidGRGwGLyQ2/RUyqgoUlt6Qb3XjrJO3tHiFIZNiw+qCFixCZ69vH9n3/6vX5oevdwmpXCRXLDbyKNCs0nRR7KNmrbP6Oa2MKFa6vEiVUM2LGlE8fA3XF3vjx7y8srZV88N+YPZt73ue/2eWXhB2+bub7stSfB2+b/qfiRU7Me0yJmrF3/hHRnH8uNPKXRU9yrZ+FmkSgBweDK3AptW/MdqBoxLZvtF0LtDsv9x5nYP8XlP4pM7szRdn72Xz6YyNO2cLdKMoKYlqr0kh0/TbZnhIflOlsHurj1aA1VQ815bbCDhbtVnmXmlnB3Nkx/M3dVgu5uqnUHUYIoKkZQQ1T4P5XVxsWEu/Mi/gPrlHrAGd9XNQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGeSURBVDjLxVNNS0JRED3qA0MRoqCFouBGN9Yia9HGRa3b9x/6M62jf9CuTS0EV0arXASG0gcUYWIgmvi6792P7sz1WUI7Fw0Mc70z59wz88aYMQbLWBxL2tIEXrN5+mcPWkvrBsZQVNYDSKmglLTZ0J4lwjCER8XZ7OYcSDMxRs/cEdCZSKKoNeUU7u/rjoBMiE8GuKQrcCA1A0XuFK2sZKwC3xE4Zo1UahX5/Dam0yH6/Q4KhV17H+Lu7gKVyiESCQ/dbgPD4QvfSykQlzKcMxP4+fnGJr4seAdPT01MJh8oFve4uNOp20fWQBilQqvAEtBQqE+6IBuPe3h8bML3hyiX95FOr6HXayOT2UCpdIDR6I1r6VF6KK61z5N1ROAkvdBuX+H6+oznksttodE4wevrLbdC8h1GwCMZJF+pgIdSrR6xtCCYWLnrnBuP31GrHfN5MHhgcDRUj3pzbAFarfOFSUf++4tEA3dRwhNCsKRkMv2r+Oe7R7+jvbArNotu/6wC3/Z7yX3TdhkjbDS8eUTi5EoGuLhosX//N34Dm6aVPfzbYjIAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGxSURBVDjLpVM9a8JQFL0vUUGFfowFpw4dxM2vf9G5newv6OIvEDoVOnUQf0G7CEYQHVzUVZQoaKFugoW20EUaTd5L+u6NSQORdvDC5dyEd+499ySPOY4Dh0TEK8rl8n0mk7lOJBIpVVWBMUaJAzCFEMA5B8MwPpfL5VOlUrklonegWq3qEr+c/2Nbq9VWHs9XkEwm0xLUy/Lzn5KbD1exaDR6FlpBURSq4/E4HJ2c4jMwmYpcw6vf31be2bAHQTPVHYEFyAr7VeEACzfAQKPuSmlCy7LINBcteifSx3ROWutzlCAZ3Z9Op9ButyEWi8F8Poder0drXTQ1SNUeqalt22EFQrgvC4UC5HI5mow1EjA/SjdEjEQiYAd+HV8BF5xwNBpBo9EgBZPJBDqdDimYzWbQ7XapmeA8rIDLiRjFYpEm4zTEfD7v19lslhSgJ2EFXBAOh0Oo1+vk/ng8Bk3TyBtd16HVarkrCRFWYFqmrwAzqMDzBhMVWNaeFSzT5P3BQJXI3G+9P14XC8c0t5tQg/V6/dLv9c+l3ATDFrvL5HZyCBxpv5Rvboxv3eOxQ6/zD+IbEqvBQWgxAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJRSURBVDjLhZNdSJNhFMedDj8QFT9QQlFIEHexi+ZFFwrddJERRHTRRTdb9AFJ0E0QiBfBQrLVmvBCsVAG3RXvMN1Ya03YJvsqFbMJNXNjsBbhhox9r/17zrMpih8d+L/nPc95zu+c93nftwpAFYmZRCaTndfpdL6BgYELLJbSWkVShUIxotfr3bSH1vbq6BJkzs3kN5kQjUbhnZ/ncbAiul+2WHjui9m8l6s0rpJQsFZXh4DLhUgkgm/Mr9bUYLu6mmtFIkFgaYnnaM9KBVCZrgz43tgI0WBAKBSCODuL5Y4OhNvaEG5uxueGBogzM+Uc8xtHAf60tODT4CBe9vTA1teHzd5ebHV342dnJzYYyNTUhOn6eizU1iLKJjoESLa34/fwMGJDQ/gllyPCYOH+fmwx0CYDBbu68INNFWxtxbZUehDg9XpRLBaPVaFQQCaT4SKjNao5FpBKpeD3+xGPx+Hz+eB2u2Fhb4GsVCr9H0DFRqORd87lcojFYnA4HDzO5/PIZrPweDyHAbRhFyKK4t5mm82Gd3YDHrxS4vbzy1A9GcWUYeJowK52AdRd9+YxHr1VYWFdwGrUCu3Hu7imlePs2CnNiQAa3263QzU1irmvLzAXmObnoLHdgtZ2hwAZ/ikTgBX93Q8g0fjJZBKXxs/AvP4a++39mkCA8g9Bz5hIJHYIsv8waYJ0Oo1z90/jqfUGJq1KXjz5QXlwAkEQsLi4CKfTeaTGhTFc1QzimfUm70yeYn4GBFCr1S72G+MkqSauYOReHx+b/PWHF3eo9h8NpaVzO3ihRAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAE3SURBVCjPfZHNSgJhFIa/C3AldD2ugraCF2E2OdX6c0ZtQAj7nUJoUxZtKn+mwE20CoRW4/hTTukg3xUIugmCp8UMYhs5u/M+L+fwvgKxegRCCSWUcOKO1XSb08as4dat+lq4XQBOsjXvEqBQBHg8z2upJcBJvDFmwhgfn28CRtyxvxEBzVhLjQjwGfLBgD59XrEpBoVYCBgeE4YLucste1xSplBACESjHTCKxB5dbthFx8Im/44QiPqv4jPyelTZQSeLRgWTBTCgF8k6OttobHGBEQK19hgfjw7XkVcjg8kxRnji0XAZ0+Fq4c2Q5pwSufDJh9iT+uKFbCRuksamjAxkLArqPlHllAp5NHRy2BxSRK4vRZ1PmrMDTrA544gSciZT/7pQwowbluHmfuRUutKSy2Wtnj+jSVcdCo7izAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFUSURBVDjLrZM/SAJxGIZdWwuDlnCplkAEm1zkaIiGFFpyMIwGK5KGoK2lphDKkMDg3LLUSIJsSKhIi+684CokOtTiMizCGuzEU5K3vOEgKvtBDe/2Pc8H3x8NAM1fQlx4H9M3pcOWp6TXWmM8A7j0629v1nraiAVC0IrrwATKIgs5xyG5QiE+Z4iQdoeU2oAsnqCSO1NSTu+D9VhqRLD8nIB8F0Q2MgmJDyipCzjvYJkIfpN2UBLG8MpP4dxvQ3ZzGuyyBQ2H+AnOOCBd9aL6soh81A5hyYSGWyCFvxUcerqI4S+CvYVOFPMHxLAq8I3qdHVY5LbBhJzEsCrwutpRFBlUHy6wO2tEYtWAzLELPN2P03kjfj3luqDycV2F8AgefWbEnVqEHa2IznSD6BdsVDNStB0lfh0FPoQjdx8RrAqGzC0YprSgxzsUMOY2bf37N/6Ud1Vc9yYcH50CAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAG7SURBVDjLjZMxi1NREIXPC9HCKGGN2MgWdio2utZxA0KKVPkBwqaR/IS0dqYx/0LIVpsuBMFKA5LdQotF1kJWcMvYmBfemzPH4r4X3+pDMjDM3MvMx5m53Gg4HJ5L2pV0OhgMHmAL6/f779I03Sd5WgGw2+l0QPIetrQ4jvd7vR7iOL5fJXkymUweXb1+OzparCQATiCPDsAFkMDz5rUIANbr9dvRaPTMzN5HkgAAR4uVdmoVQKFJHhqlEC9+Og6eBkDRqnlCD8V5Q+4S4A6Yl4+zAeSFyiS7/wVhOWEzwuGHlW7eqEACPp0vgyoJJCA6zAE3hxlgJF4d3I0uKTABLIxwZ+dKUOECXXCGSApff6QlO2BBNpWdBXcHHSAdZAAkqZcABFwsHXQPxS44HSSyuz9K0lT/AopP9PJwKZpvJNMdbgp7oMOsBFA0M8EKkjc7yHIz/h+QJoRZddNoVLZMhxOXFXS73UWSJHskj6fT6RMASM1x9v0XUgdoDiNgRjjD03588wK3Xn+RmZ2h3W5rNpup2WxKErbxRqOh8XisWq2mqNVqHSdJ8pjkyXw+39vmN9br9c9m9pDkt98JJaJgEg+kbwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ7SURBVDjLpVNLSFRRGP7u3Dt3JnMsdcAeNjrgAyoqWiQUZBYi6aYiFbEWbdsZJNEqaBO0bxdkENRKMXobmQVa4SPBfMyoPdQp9To6zfvec07/vTo4TbPrwMd/zn/v9/2vcyQhBP5nKekHbbjmvuDioikqOAc4Wba+t5DaM/69uG6o5B8BIrdu87aaFmDmj2wTBkN0+RPia75wivyXwPLgiZuqq9wGCqxrnRC6Aa7rEEkddvc5xFfHTTIjsis9qG0zOm93bj8IFp2wogl9HXb3GSTDc4it+sAZr8zsgSWw9PH4eXuOR4WkgkXGLAHODMi5hymLCEWfAkuEGjz1I9NZBSj6PUqfiBGCsVGzAZvDg1hw0szgqqdh5Gm2KUi/+o9Vyap7wFV8GsnlbnCqWVDtPB6HWnQWmu+BoK4nUxPgVnMtrJVf8Bcp9KFbdVWQQ4eSV0fWsEoADUIYHPklTZIwdMf6NDjCS0OUlS/KdXbUmgKpOsILbxNpM7ZsvrfZEZ99RG3ZDXvBESy8eQ1tcBKJxRCYLDTiNlZewi0p20389vhAb96uU9WKWkhZ6JjreQZjUUZFTSMc3n2Ijb7El3evWHBivM2WrTGURbXicCOyNArN34VA3+e1ciI7p3shdbQgZ6YTpSWFspBEm5JJ/tq1f9jpKkM4MICoNrVCYnsR5QHnDi9Qf2XzDdzYCZlLpUoGORfCdigW9IPpydtlLVPtpn+mQ5mPjjwp3tp9GYnYT0TJ9zskUy+wYMtI/QMRFwmuFNlcOQVFd8f6+4xAfAtCsh3BFQn+eYnajjuwXt4G/A8rq9LP6XjfvOfai1p5tuekwsn+eF4rXzf9fwCYD6X48OnVRgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHoSURBVDjLpVM9awJBEB2DKIoocoI2goXVgVhoYam9bep0XqX+DU1pZ6EhpZ2FYGsnot2BqJUgaiGCd/j9tZlZvc2ZjyZZGPZmb+bNe49dC2MM/rOsXw9Go1EcQdMYSYwIDbheryruLdwb0Wi0Z663mBlgs4J5TpIk2el0gt1u5+f7/R7W6zXMZrM+gpRisVhZNBEAxXA4VAaDgYbFjBbtuq4zTdPYbrfjZ5vNhnU6Ha3dbitGH2dwp/0eCoVkmrparQSweYjP54PtdgvdbpeYvKRSqd4TFWCSJtpGc6FQgEqlKpqLxVeoVt8AGQFJCwaDMrJJCxPJMPpBWhEMboPZ/ZvxbwMMG8Hr9VJtks4MBhGafjgcHigbAIRhnBGAy+WC8/kcEQBmrdR0+3402VxzPB7hdDqBmYFK5thstjsAExI+81szSV0ulwSgCoDL5dIigxwOBy+SJN+DBHLfYEE10+mUJLSEiai9MR6Pn1Gb7Pf7QVEy4p7QBcpkbrnb7Yb5fA6qqvYxbQgGiUSih66W8JLoRM/j8YDVauWm0k5BzXgTodls6uhBCUF7365yvV5XUFsuHA7LgUCAA6E8WCwWMJlM+GTMS/l8vvzjW6BVq9XiSDuNQPwxoVZuMkYLmTSy2ezvj+kv6wM24KX3CYk6PAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJUSURBVDjLpZNbaJJhHMZHUES51SoiqssWm5SMQekoFwvnYR4RP02dh/yMMhJpW3PaFOuzURfNi8GUDusw3QGDgl0k0Y3QcbjVqtsY3cVAu9uMwqf3ey+EwXBFFw/vgef58X94eesA1P2P1r284DDfDp/ajUhHPQZOCuBr3wXWrLv/VwAf64pFtM0YO3sUN1U7MOo+gr4OAdzSA2Cd1pENASGjGKO2JgyQ0A3TIRJuQJw5DF/HXhha91Q2BJw/3ojLaiHGr2gwwp6A/VgjrhqbYW0/CKZtJ0b6zmyvCRhU7ltdfH4XxfcT+P76AeYf9ePrs2tYmB1DVLP/56eHF7fUBCQcre9Kc5NYLmSx8nGKaJruS/NTuOMRFWpWaJP7tkql0ux4oBPlwj2sfnlKtfIhg8mBTojF4iei0+e2rQtQKpUNKpWKU6vVSKVS6OnpwcQQQ6XRaOidTqfj93HiFawBkOCmYDB4izfypmQyCavVimw2i0wmA5PJhOHhYXg8HnR3d1dkMtkggWyuAkjwEsuySKfTMBgMMBqNsNvtyOVyyOfzsFgs0Gq1sNlsiEajcLvdFblc3lcFLAw1/16eHUQ4HAbHcdTkcDhAJqPjMwwDr9cLl8sFv9+PYi6Kt/0t5SpgMdJSKb24Tg2JRIKCSCVq5iv19vYiEAggHo9T2I+XHOaCwkoV8PmxPzQfavrldDqh1+upkVcsFqP9+an4M+mPrq4uLERFZZLh1rzC0rSvnnRsIs/4ivRdIuOXFQoFePEhshYlEskbs9ks/Dbjq6/5G/9FfwAGy37p9rgYIQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAI9SURBVDjLpVNfSFNRHP7u3MiHZqJCumZZamVRaSas0V40i4gKeoreIjKI3iK40GsPEpQEIRRBj/17kYKMSodlZk8rmy42mUjjLrfVnPt/77nn9jt3NSFfFH/w8f3OOfd+v3/nSIZhYD1mwTrN+s8JBoOXNU0bIBTJcoVCIZ3P5+OEL7lcLkacIg4R3sqyzFYI0Ad36UcQZI/Hc3/NGWQyGRtFHSahp2spQRoLsx/EzmzICxJA9Z7j0HUOZkKHxnQwTYdKrGlizUxWS35ECBibremyopiKGAwX4Ia51omFL/Z0zk2f9DEW+L08hRaHHZFYFq1bqjC/kMbuxiqElSXsbapGKJJCe0sNAvNJdO2qM/dEhqrKIHlnVcogg0g8ayqLAxGRiSjlUowytzfX4uDOWoz6ohiZisPCWCml7o4GHO10UK0cJ12NKKo6znqaUFA5zvc0Q0m8R0i5hYev+3Dpzml8mnls9kN65c8ajso85qJLYExEXo4qMtCIo79GUGH3obPtEJw1rfBOD2HS/wHFpBtWs8sU9dThrXgyGsa57h0rRtU3cB1nuo5Bt+g40NCLdzPP4drnxrOhYVhVjYHZOD5/T2BbvR0f/QtmhznnJaYpxBajsEkbcaLtoil4recBXn4bpLMXsBZVlghkjbr/5lvy/96BZHoR08oEvirjkHsfof/NBVRWbIAk2QxpNa/RddVx07l90w33/iNore9A6KcPE1PjiMylbkurfc4k0k90hWAniJs3OHlPkf8A2YeC/G6HEpkAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALcSURBVDjLbZNrSFNxGIcPCJNBIAQRISRGYQWF0g27OJgQVmQFmpViZHhLaiaGeCtTQ1OW09QtS83NiR2XF0bZZZjKXNYq8kMUBX7qU30JIsM68+ldUpH64eXA4f/83ud9z/krgPJfjbVFSZkZsb5grEXDY9F4WP+C4Stm+i9GLTy/EC4QcIZnvTA1JOWG14Mw4YDRFnBdmEHNL1gcMNamY/TGMJPd8Molh61wvxbpCoPl0F8EQxdh5BoMlMDN1GGsybp/ASNWC88EDgY8rNcENIqu/m8nZ54ee6aRjnQNl4Q5csGy3zwfMNKyiSdNGpM90rFGY7AigoHSZaJbLbo+unN92DOqsR1fxo2kCK4f1FBlijqDRu3OjQqPzRa8HaJnCeoaGSgKp69gmntV0JsPPWfkeR5sh6dp2hdOvdEoIXArDapjzIrovsPXPT+bq1Avun24LyO6Km3HDDQfNoiuiiNLusb1URerp3ILYgYlUW8U0Z3FJ1tW84MvQ0R3BkcOomvw+/2JXq93o+gaiuyxZHbGQMXmEErXg/OsBKz5oojuLN52WUxmcLt6bClB3U/0mnYL/NPj8fygNSnhXHtM4LL7BCk2gUvWzo9WFvlVke1+4O4FRHdGdHWiGxfcrsm5B1N3LLn2bWS0R8+VDSSj+hsp7DtEQsNK5mq3BgNkBNtxk+hmyWLC/nw26bw8z7GDwVet3H3Z/Bvs9VuweArpelpHjnMv22tCtUBZ5FFl0a8sJdqtp2XeIHztkYmrD/K4cj+LCvcpKu9lYxuvIu32btZdUmaXgqPdbncg9eYG7jy34Jw00+Wro2OiVkLOYB2vJMuZQGS58ja8WNEvChDYo6rq9yPWNXP7GsMD8Q0rArvqw+bSO3fSOlZBhmMvEeXK1KpiJXTRZRL4gMAf7XZ72cLgzVW6bye74llbEvpeYN2St1HgNoETl9qLKH9eXRrC6ZyMg9nZ2SF/3v8CIIKyHGFPw/kAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJFSURBVDjLpZNfaM0BFMc/v7s/pv25tnsXlrzo2nav3d3y4CaelqLw4l1JEVaUl1GeUHtQXpiSUvKqZFFWJtFajO62K/KwlXQn7syfe+3PPX883AkNKefl1KnzOed8zzmBu/M/Vvm74OnMiayZJlTNVfXO2fT5nX8ChJYm9zRhJFrrWok1xAJRTf+tgyWAU6neDwuyUCx5ieJCEREZ+xsgcHfOjJ50M0XV0LL39sa2QEwYnRr7JKKqqiER4cru641LNFBT1tfGMDfMHccCNcMd4s3xsLribjyeePp7EVUVdcPcyBVe83HuI+KCuRMKKjBz1oVjiMgfAKJk81kaqsKsrG3h/dc86loex+dRUwQlUhdhz7VdLiKIKLcPDATBz3dwbPCgx5vjZKczqBnmirihrjRUhVlTvxYzxzEGRx5w99Bg8MsdiCjqimjZ62KymmIz87x5+YLZ2SLF+QJuxR8jHL13wEWUFTUrUDNKXiprYoqYUZ13ossr2Lh1E2uaYtx/fpPh7EPS3S3nQt8rJ1a2syq8isnPE8SbkiSakiQiKTqiKWSqSKqtEw0pnau3oUGJdMdmgCOVACURBCXz7hkbop1MvJ0kl59CVYmGo8x8zlMV1LGjfT8Ax7su0z/eB9yqqQSQkqBmJCJJRI1cfoobe/sDgO2XurxQmOZ5bojR3CN6tl2ld2AfNRXLAObKABGevBpBVFlc0dwPYcWorw2Gx4aCzckt9I/3UR1U8ijzAOBi8K/vnO5u6QUOA/XAF6Bv+EKu5xvVXGolRpHH+AAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKrSURBVDjLpZNrSJMBFIY/u40wW5sNkS7LiaCJgakF3tDUMZ2aYZE4M6c0p2KiGLl0ec+cqLPErTTnbW1zltHwkgqSaYo6zRKjX0IZlJEg6Uwne/vcjyhKDfrxwOHA+3AOh0MAIP6HPxrJHgfF5Rz6kpR7ABIOFeIztGWeG6PonwSJbvTrNeE0U20UHfdI7kbSUBJCRbrvfhP3hHX+tgIZlwoFGZSQoRLuBjQUhzJwzZ+OGDfq4raCEt996JblYK5LgpG6dFz1YyAj0BYpQSwIvGhrTVlhlC0FtbHMryuf3mFxSIaPvRWY0uRitqMUC7N6qIT2i68bkvdsKbjDOz64MPoQ8+NaGF6pSNTmekGvwv14l/EtV7DhKnc7eCc3qVLd8X28DivT7WYMk0o8znSH8IHn6hWFK/4qYISoKNaclqTDnD5Mv1+CJjsc6uwwMxv1i5lvuCT3Rr4uGhfljr9JCOtgjYUVWxPHDB3EzJwBLXNAxjSQpvRBarMnEhtPgV9/EjntF9A6VoVM7VkEVdoYfcpoFmaBc2R9ROB5CbQj65BPAanDJgj7TUhpPo0nEzV4pK82B9VjUkj7MtE4LIFQyYZHCcXoUmhhQUzkOK7P67JQXa9DXBeQ0Anwn5qQQO67Ea7oSUNpdwqKOwXI0/FR0JEI+UAhYhq84ZBLrBJTYifTQk8BogQKFPUug9cGRKtN4NU6QTMqhXKkHI0vJagfuk1KkiEbKIBAyYGdmHh7SETsJd40pYr0Igcjn3/L6BHXD/4zE+JJzsnsEVx1BAGVNvAqoyFW4Yma53mIb2bDNd/ys62IoPy8wqw6yermjSLrYxE6OdOv4QMrqHWZxW5bYwVq1+z8VQamj2LeOc9y7XJjAFg5OybJ8J5Nv3EzyJG/HM3eCYaI2PVr/we4bY/dzdCujgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAACzSURBVDjL7dI9C0FxHMXx8zruG2SSUjKgXwklw2WxSB4yGC2iDFyDpwj1T1LK00jq+hduOt6AwU02w1k/deoLkvhm+APvAVRpoEpBxVEoaoX8SZDbG24AkcWTrZ3D+ubByPBCmEv5HCjfVXPrMNq/0WdpZuaaSI3U50DhomrrG/2WpqdzZWJiE7G2CyB3lPDgTHOmGR/bDHUPRLDk4kJ2ZSA9FSR7CtJQCOQF3rjxL/FHwAu8X+2ABKJChQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAITSURBVDjLdZI/aNNBFMc/vySSpLZFg5QguvgHcXHTImQu6OQq6CDoIDjoIpk6dLHgKA7iIOjgotjNLqJCKXQpooMOFSlWGpRGU/NLLnf33nNIQtKmPvjyOO7e57537yVmRj9uvblmF09fYLW+jJgiKj0pUSNnD1V4svCUxTvvkn5NjqGIIaLWPSwqRNVeHsj7OFyyC+AjZhBEhiBdqWp3rxN2ADLDi+AjecbIZwoEiXgJeAkEieSzRYo2TvDh/w6Cj3P19fezV/OfKYV1CuZQNZqa5Zce5u0nJfg491/As2MfNlrxY7M4dXucsVMYGRJtMxkajG9/4WD9QfPyebcxXJP0uxCXj0xjLHDiYdmyk2isQ/yLSYqJgyQBCTRXqzXxXCpfsZUdf2ASqhy9W7bcASz+AWlj4npK0c5PTFMKJ2+WwzbVkSdo9JXs/jNY3MbU9dTpyWHaQsNvMmNThJTKSBdUpWSZHKZt0E5PbiBxIE2wQPSURgGiYBHUD6z3b5eBI6xD9HvMgUapW2hgFnZZdwMIivgWoU19FBDckmytkCTZnfally2QyRRpb36n1WBpBCCO+ebqvZq6LcgWMIuY9JygJLkJokv4+vJ1rZ0yPzIHAJuPkhsSmJs4d728r3QcEsNiivgG6Y811p4v1topszMv7PGeAIBv95Np36AaHRWJlEIHXIu6S1kSYX7mVXeA+vEP7PyqQia3ZfwAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIySURBVDjLpdNdTFJhGAdw120X3XXR5kU33fQxS0+5Yl24lFnQKsvl2nJLM0fmXLNASceKgAv8yBGgJPEhkcIShEEYKuKU1IxcTm0WUDiJ1Fpbm1tZ/855186oLS/k4r/34n2e355z9rwZADLSyX8vCm+WU6fqT38+21S4ztPy1rmK4lXF5Ry//Hwm6LjoHN8QOGOgUOe9iGByCJ7FJ5BMX0ORiosfa1/wTHqQIAQ4VCHbwpXL53iWHPAe7QefJAvq4G2MLY9gcnUcQ0kf/AkvAm4DPvhl6Lq+jwEuESD7inLrCWXJ10BygC56SgpHlofxfGUMjvhjDH7sR1e0Hfq3VmiqKSwOt6CldCcD7CDA3qrOXfRo37tjRojC5SRt81KYIxp4lxx0+mCOaqEON8NeR2Ght5ppBvsTT9Yqai60F/y0vTehPlyBW+FKAliiOvQnPGQKY+Q+TOOdCCjzEPU2/A1wxIaH3a8N0C20ouGVAI3TVVC9kcEa0yO0MgrfkptM0mprwqypGKG2AgaYYYEsqfGFI94D4csy1E6VonlWgt64Fb6EG7aYGTdGK1ETEv6yu+wEcDQeZoA7LHBEJfxkiejQQxczccZtEE8JwHNRKLMK1rRzng6R3xU8kLkdM/oidAh2M8BRFsi7W/Iu38wBty8bXCcdSy6OyfjfUneCbjj34OoeMkHq92+4SP8A95wSTlrA/ISGnxZAmgeV+ewKbwqwi3MZQLQZQP3nFTLnttS73y9CuFIqo/imAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAANLSURBVDjLVZBrTFN3GMZPlpgli/Gb8ZNftkRE42VsWYxuJsZFzZKZmPjBDYzhw7ZothgciMplRWe4WMGQrRNEwMJA24rSFjBLa8uhVDqGba1QaksrlFvphV44pxekz95TtdGT/M755/2/z/Oe92EAMCt9zAeEiLAS/xIfCvV3odqmN/cmIudtnVnuYdYRdSuj+bOpgA6R0QKfSfmtoViT0hPBN+hHlMfYqPl0gJ8oD1K/idicMfB1M2UR08m55GIf/E8Kl/+T7Y3VGAL4Y9SH25aFDMK5nnXDIsvjwrYqLmb5dYl0Y8Q6xtvOVESt5cHFocJlY+fe1cYnM7hnnUcX+xKSnnE0ysfRrnWjyzyL1kEd7MrDa7xX/mrxYa6DtDnMVBPz1WTzR47hlp1cnc6NbtMMenQeuLwRBCIx+CMrcMxE0PGPC61DHtzrFcPatScx0bzhKWlzMkEU31ZdK71vQ7PBAxlNE55QOIwXcwuI01kglgZuql2Q6J2olLE402a8mslAeOU3jelLFDbcHHBggiZzq2nEOA5/trbBR0aBuWHYNEUw2L2olj2D0CtosgbHb7DBoq6nqP3bCh+fQiixhiRdXBRVofuBAmO9pxB0ymG3tOOcxAShV9BkDY5WDwR/bDFB1GbGTCxFJmvwhqP4XXwdd5t/ht/eidUVFyZUBbgi6YHQK2iyBkcqFfoTDTpUdYxh0BnGPC3tjaageayEnUQJvxqJ+XqEpvrQLz2L7xu0EDRZgwMld0TfiB7i7C0jamQO+CmwUDINz8h1BBwKJLyXwdZ8hlRQAXPrQZTUiiFosgb7fpF8TowfqlChqIlFrWwSFrMeHm0ZkktS8K5CsNWfIj5dirC7H/0NhxPfFV/enzUQ+OIH8U+nazq4ry88QKH4ETQtBVim4OIvi8G9OPEa50la5QamBxsxXJdX+Z6B0Wg8YLPZoNWxry5UlmCarUdy8a/MdM6ZTyvkZb68+wz4hV6wV3b4Bqu2b8uI1Wr1RiLmdDqhVKmC+vovo3xgCsmQFoklymBJ/g73sRp7jtmRTjwu2yLPGEil0vXEJJEkttPvBQzVu/mhq7t4msTTJF7/Wy6vq9ga15ZvS2su5aa1pZ/ENec/HvofoDruXRuQqRYAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAABjSURBVCjPY/zPgB8wMVCqgAVElP//x/AHDH+D4S8w/sWwl5GBgfE/MSYU/IfpheiEwTNEm5D6H9lmBLxFtAmR/3+h6YWY95xoE7z/o+uHwM9Em2D7/yeSzSAICdc/xJhAMLIA+V1VH3Z4v2kAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIzSURBVDjLpVO7a1NRGP/dm9ubpGlMioGiLdFBHCyFtksHZ6tiQZAMEbqZwTGgkw7B3cmugoOL/0ATujadlIZchCwGWlERF5XbNOc+zsPvnNvUQmMWAx8f5+b8Ht/jWEop/M/POXvodDpvOOebcRw7lEHZRBRFOr+rVCoPxxJ4nlcgwOtisVhJp6cREghSwngjh7OzRezstKp0Ok/Q7XbvaHCpVJrP5XI4OPwGrS6lglSSiBQEkYVhOL4Eutwql8vmwFiAmMAfvX0ikKdxa/2uKWMsga7RdV34vp8oC4Ebi8tGXZ2o60b/04FmFgTSl/RAtHWv+4GyMOr6v0v37k92kPRKmcuaYHFp1aiPXKgJPbBHzIkDbZlIxEn9dgRf/UT6+wGezRxCvXqsxNMN/xzBKVj8bZwm2vq0gha7jedf1oCpLHBxgZTsqUe96gzFpiHQ1kbbqC2b8ckkz81lca1gwc24oPEAEcWx0Fd/2Zbztuo9+GEc6CmkUqmk7rMuIglOFfIhfWccKiTwkIPx2CmggCAILmgH79vtNgaDAfL5PDLZNG2gZYhiAvKQSjsmhwE1m+ngBAzJTEx7E2bsWq221u/3N5rN5v7e3i7SroWrVxZQLs9DDEmdaQIYIAJyEQmwIMBRNEAcxclbqNfr25S2G43Geq/Xe0mjXdJLJS6/AM9RbwIaJyP700TCpdlY3z4CCxmsSc955clnZSnznnDz967KOrC+Dp2wc104yh6mZJzlfwCf3q+o0qkR9wAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJXSURBVDjLlZDhS1NhFIeF/oJBEK5ISiIJsaxkTAQTR8wSacY0xdlmbZqkTZ3cmmKprU3naltOd2u5UtFSAiuSaAUVGEKDvphtXuVu79xttfB7Ef16FwRhG+mH8+H9Hc7zPuekAUj7u9omQ2ieIGj0hqB1B76s76+vf4KmCeFh3wzBxekYVGykYdMALbsEtZsfrR+NQ+mK5m8KUOchUNk/vqlk41srB6MosxLDhgHqkdhAw/AilKb3/YrO+cKqQQK5OTS2IYDKE9uvcQZQ3u0vSrz1r7T3au/3obh3Zf6/gGp3dEjpJFCYPuC4Tdimf33Wa39ngfVtLxS3ulHuKdkid1RFi52EOWInvgIb8eVbyZTUHNYlPWLj89M2y9wVzC7PoPNZO446rn8/NrQKzVgMBVaCmhEBFx58RgW7igM9vC6pVvWkot842wL73CyUtwVox2OQ9hFLopd3lbdovAJOuaPY17HCpNytxFH0rfXxC9TejUHS8/JnnokXJfKcLp7VUIsyZxh7GE6XajhaaJJCYszFQeNl5Fxy/aC6vuwuHiecEVx7EkcWs4yMVk6U0kBiDouorq+Cqp50/db172W4qTN3BDTRlXbqg/6kR/xTuT28v4oVoBxeRVYHxySyXQaOKR0Io8QaxvbzASYlgOrKZDYCy9OvyDYuI9PAiajubvrrSsu4gMM0E9cHZCkBVFdXeiOM3kdxlDkiyGxbQpZhCXJLCPrRT6i5GcGhdg7iukVZUgC9rojqshn6IHY0BxO6fvG5AEN/ZcTaxTU6uJZet8CmqxdEvwDWpa/ASC8BSAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKuSURBVDjLlZLLS5RRGMbf7zrzebdw8FaSqJAbF0GgRBvptinoPxDKRdDKQjBw2TKClgVJCwmUyMBKydDKS9TCME2tRhs1cZwZ57ud853bfB0HiiAVOvBuDuf5ve/7nEcJwxAOOgPTtk4Fr6ZU1OCAVyBCm2Td9jEdcxG5pBwEeDyZtaRwjAvWSpkAxjkITsGKqJBIuvB903upH9QdE3rd1MLW0gIVCMsBoYq8U8H2CUQNBdJZp33fCe6PbJo+4XZVmRHFhEDKCXaB4Accii0NFlfT8GNt56a6X/er56qog/Cd1aQjRRQictasR8B2EXgIQyblAbX95X9WeDSRPiriz3oZY1pvZ2dH590Z7GB+q7LcjBZHVdhMBaCpEfBsCXDR9p8V+t9lLGlUP7PXLxyJbkUMw4DZ2dm+rq6ujjPdz09xTEZrY8VWYZEh/WAwNxWHwEV1eYDsqsuOCxFDaYRQwGZ8ljeUE31+fr4PY3xFVulM5mQzC4LRypoSy037kEykvuZytDnvAQ5oNSa8scAE0JQcGIeb9LcrJl02Tj+U4gcIoanG8MU35qKzK58SaCux9ZSLoGVxvJvnPfAQrQEQEhTCRhpBYVQB61CNyZY+v6qvrzdisRgMDg6O1+kjbUt+23EpTPz2LA9wMa7QFJBuhxIWQHKHQWmBDrXHGozJuTfQ4sWBEDI9NDSUkc8zf5ueB9gubiqyVJBacBDZXQm2MhSiugZW7QkYfj/NuGi5ttd3a9uxi6bM9FhFmak5fgCmHEXqQFcVEDkBiZVt+edhz8fh7om9AHrWxV5JgWoImXMfE1jbsMHd8QF7AQQyONjxp4UQ9/YLnJ710JgaGucXUi6sr2cY84MeQfmyCOg2p3RD5PjPL69v8H0ByEWXnSR7IoPSzjEt+jDQQeE/zi9kq6pv7shelwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIiSURBVBgZpcHfa81hHMDx9/l+n82x0zadyBabMFtKSS03XGxXUlMspqxcufGrcOMPQHHhR1v8B26Wxi7ccOlKLUlqTJvQ0H5gv8737DzP5/OxJ5RcyPJ6OTPjf7juCwOn93a0X/tSsoIZoIqpIiqYGmqKiaBmmAiiSl21XxwZmbg4eKPntmvf095XlS8k6/OsRGGxJH3AbVfylpS+LLBSmbeEZc7EuNLbwkqduPqOyJkpUSUIBoT5Z5Q/9mMSMFE0KCaKeI9Rg990mc3NWxEVIocZUS7JkVNB5p6wqmY9adU6zAfMB6SSkX19hTX0UFVoINIgRE5UiBJAwhSV6UfUbugizA6T5HchMkP52yhp4zFcQxdiSqSiRM7U+EFYmnpIdW0LkKLZZ3BLzH54zOotZ8g3HUINUk2JVIXIqQpRKI1S/nSfuqZ9WMggbQTvMXXownsWR26hPsOSOvJtR1BVIhe8J1oYv0l1/TaymVdoUKprWkAd9Q2dZDMvEF9h7uNzirsvka5aQ/CByJkoUb7YSShPQ5KQSyt8HR+irrGDUP5GpTRNUr+T5u7ruNomkjTFVImcqhIVNvbyi4YFZl/fpTT5kvL8JMUd56hvPczv1IzITbx9N3Dypu9REVQUEaF3Yz9ta4s8fZMw9Pks2XCKySBqiqmiSjTAMjd4o+cocJSfxu9t369e7mQzcv7gqbEHB/k7xx/Uy4R6OdB6fOwl/+A7Obk497M21x8AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAACzSURBVDjL7dI9C0FxHMXx8zruG2SSUjKgXwklw2WxSB4yGC2iDFyDpwj1T1LK00jq+hduOt6AwU02w1k/deoLkvhm+APvAVRpoEpBxVEoaoX8SZDbG24AkcWTrZ3D+ubByPBCmEv5HCjfVXPrMNq/0WdpZuaaSI3U50DhomrrG/2WpqdzZWJiE7G2CyB3lPDgTHOmGR/bDHUPRLDk4kJ2ZSA9FSR7CtJQCOQF3rjxL/FHwAu8X+2ABKJChQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJsSURBVDjLpZNdSFNhGMf/787Ome8SF7mxvuecJGU6SLuWIGZ0E7WgFRiBdZFE1CDwJoyI6iYvhIqKoqibrsIgwUkUjDCkC7UQ03IW5EfS8muTvec95/SsXE3dXQd+8HLO8/+d5zkPh1mWhf+57LlDNBr9YJqmj/je3t4eKFQcDocHdV0PSClHOzs7ty8TULDCMIzHxMlIJFKwLQpnaSP2reqAgg7iENl1T1ObLLI5IKQFYQKnPDexpRhoPNdjp3A9sSOXs+UOFBwgbhPDvepdnuKz3OZ0c4u7eQI13MUnuRDiE/GQ6F/VAQVLiHpCutQ+xFPvUKfcgM2oRFfyIPpnqiHECUlvP0K4Cgl0IkEPq70OYHdpMWZEMxbSNUjOhjA878nObxLZGu8qAd0US4KqBm8AGnNCwo+UaxrY+AQm03FfCCwJdhUSlBAHvF5vsOvCtwI7sNEIYlu2JltbSDBHdCQSCVnZ2lHLaQu6AQhaaJP7Dpy9PRiaG1ecmYXgT4vpsZC9JRST1/8KyK6RwE8obzPXUKsdh8Mo/y2ZfPkem74MI3TmoubwV2FxIKYOxruvdO9VU7Y8gUr4CfZnC2cxo3+kzoDFVzFU1B9G0efXYI+Owjn6DGW+UsVi1vn8EWaJp8TplVsoSY6haL0f2B/99w9c2gDFZGX5IwQpfIwo2+P2WRrj0PlmpIqnkXE7WLrvBdY8b0ZmcRJpqp+fU2AoGM8XUFa/p2nag1jL1LLvL9hOrOuJw1fKYVdUzE9LjE0xw4J1i+V+52AwOESCcmJgZGSkbuUS30S2tnydmLjssUP9YVhyrYbWhpi8+gtmOYLutSnwxAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIxSURBVDjLpdNdSFNhGAfww0Cri+gyKLowpMC+LsooEy+SgqJuKqRIiIQKkryoi4zaUmbWSHKdPkYz05xdnKNobmwW6Vi6tbk2TDYl82PTTSr3PXe2s2T+O+dgYwV54S7+vBcvz4/neXleAgCRTf570UXdLda9ORUytW1LDbbkp1TK8h8PLu1rvn92C7houBxfEbA/E+Hn4C6wAQMYTxO8vbkwvMjBYiKED3X7BUQAaFqao6XLgxZyDaxyAp9JArYnBCLjd5CM2bDIupCI6MEEtRjQtWK2rx7t13fzQMUfYHNfx7H4wtQ9xFwPEZuuR+I7jWSgH9H5FrBRI4KeGgTcN6CoKoT3YyMaL+TxwCYBoOi6M5+6i37xgM9YICQ8elnAmKCai4YDJHCPnEDnrUJMdFfxxUg/Ik2JlSPq7anYtAw+0x74zXs54AqYGRLxMN9FK/yem5hySpcMDYfh6hX/DXRR15yhcclS2FEBv+Ugl0OIjFWCmVUgGR9FzE8h6mvGF7MMY21lMJNHecCZBrRUWXhhcrn9ga0IOy4Kxey8BoGZWnwbKsCkbSOGX+cJwFtJEQ9I04C+o5SNTojBuOXc3I8Qn1Nh7v062BUiWHXnWLtD+1TVTxt7anPhfHUayqs7eKAkDajbz3tN5HpYH4swJBfBQq7Fu6aSROZOcAWlLyt3Ch1kzr/iIv0DyHpqirMCvloVJ7MChGJ9w5H0Cq8K6Lx9gAeqVwM8X/6F/Lkh8+43zznRPkqpYfEAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFOSURBVDjLtVK7SgNRED0b9iuM2lr4QK1DQIyk0FZsJAj+gH+ilRZb2NjaRHTLmA9QFKz9huzm7t37Hu+u7IJgQjR6YLjDzOXMmcMERIR5EE5qXA4z4sqACYWEC5wfLQXf/WtMIuDSoL0A7DZDjBj/uYI0l8jzEEJYJMkvCEZM4PqZIxlzpGk+kSCY18TGtGYcx9Tv96dOqBUMBgNyzsFaC621312Ac+59yJFlGRhj5VvVoigKvniglEK32w1mkd3r9ejPPAjOhqdknYX18p1/rzo3pYqTh0OSRkJI5UMgPn4s61sX66SkhtEGcISGsQad5gH2FvehfV5BaIF2cwet5RZyKeu68pe5ubKG7dUNP5AQGltMN57Mosgr5EIiVQmYGvtc1PVicqHY+dXpk8Dg7v22XKFo1ARe9v1bDOlXKKKCs4Sn1xdU1v3vIc2CD3bN4xJjfJWvAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ/SURBVDjLpZNLiI1xGMZ/3/edOWZojjkiudbMuEVMM4SMBVlbSUpZyAIhG4qlkcJWycZOSslCMTNFuYVpRrkzLuMy5tA4xulcv//t/Vt80ZTLxltvz7N43vd5F+8TeO/5n0r9JNLTs9A7t8FbO0WsfSvWdtdv2VIAKJ45kxWtt4rWh5xSQ6LUyeldXVcAAu890t29zzt3hPp0ljBCyiVMofhMjNkmWldE64t1U5qWTpjXiiuVqDx8RDX35ZxTalfgrl7d6K2+HC5cQBBGYAyk05jhYWrPX350WpcbWpsX17e0QGEMwgiasnzv7eX7oyfHUmLt3mjWTIJqFXJfwAlYS13zHKKV7XN9rInqG6D/AYgkBo0TyXSuId/Xvz0lxiyJMhkYegfGghdwDl68JpycgSiAwTeAgLYJ5scIWgUXx5mUGJPGOYgVKJUs0CZZMpIDaxNnEfAOlAFxYDSilKRE66K3dlpgDcQ1sC4ZtjbB8dxacBZSIYQhTqkwFKWu28FBmD0TKmWo1SCOwagEdZxgrZYYlEowv4X8jVuIUudDp9SJyodP7+NPI9C2FNJRIipXk4FqDVQM1QrUhbB2FYXRMXJXusdE667Ae0/++PFlotTZhmzjiknLlxOO5mDgCQRBcnq1Cm2L8M3zGO3p5fPte0/FmN0d/f13gp+v/Pnw4clOqQOi1P5sR1tj46wZcPceFMuwdjXFbwXen7+gRevTYsyxjoGB/K9PHF/vduxY4ZQ61dQ8d/XUDevBWfJ37jJy/eaQaL2z/f79a+P1wZ/C9Grz5ian1FHRek92zozg68s3l0Trg+19fUO/ib33f+3H69ZtetjZuf9fmuB/4/wDFoO2ZVesLdkAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKKSURBVDjLjZJLaFNBFIa/ufcmJjHa1tYoiCIiPhCfoNKVoCIuFAWFLqS+QKXo1qUg4lLBhYIgNiiCBBRBxbe0Iqjgo7WgFsWmtmbRhlhNSczNnTnj4ta0xY0Dszhwzj/f+f9R1lq6u7u3jj65cF8XcuihLFvSvev5vzOsurq6VhhjXkhQmepiyF88zObLH/5r2vO89V4mk+ltbm4+Fvt4L51sBCwEQTCpUUSw1k6q4/F4KNLS0rLEGHNeUq24aIrPOv55yXEcRKRWK6VqgjWCaM+99LSUBQkbAE7dHEIELIQDAgKc3N00vkaNYGYrrtL8etpZExCBZXPjYwLhfd9fAsAYA4Db0NAwUldXN1h5eWOnU+yhku1n4a6jHG//QkxVGRj6hV/x+fS1QG64SMyt0tEzws3n3/lW0C8nEOzFVZqRJyHB73KFjesWs2NNkruvvnNiz9JJvlztzCPS1u5kMpneXC53LP/wCqW318BarLWU/YAfoxqAx2+GaoMVDUUf8j+rKCUTPdiHi2bkUceY8wrXQmCEs21rELFYwMWS8MD3fYql6ngKzus76ekpi5jQ8VjEoeIHnM704yjQRhAj44lYSEQmEezHQVO434FSCi0W32hcJwJYFCbMXyzWCloHVKt6AsGr2+lkSiBMh9FyQER5tG2bhpYq4IAFq4SYF+XM9QEKxdIEgu0HQoK7nbiuixGLSwThN+3vjtCUmIfCIV8e5NDaczjEKPtjHmitl6/+9KAvMSOOtZDNZvE8l/mzYVZylE0r11EfnQMO/KzMITVVk4iCpxTq758+sKhxw7xkdGOuFAxe/lzoWXXw1qUlC5pW1E+pJ+ZNR0uAEkFZg6gyvQN9DBcD/gCIAXUVRPlHKwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALFSURBVDjLjZPfS1phGMeFXdef0bVXMeiiQS0hNeeCuuhKUFzKEnU/lDEKxZazaEop20Ub1QpaRhdrjFVgGY4RyEYuj80y7SfMNH9l/vzufV9mrO1mBx7Oc77n+X7e533OeXkAeH+Gz+dr8ng8Y8vLy/6lpaWfi4uLybm5udD09LTr7ZTr1t/1V8nm5mYdMTuJuRiLxZBIJJBOp5HL5ZBKpRAMbsM1bim9dJqnxhxD9dcAv80fd3d3Ua1Wkc/nQSHRaBTxeBzlchnV8gVKFyF4VmZgsz72Dj17Wn8FoCtTc7FYBL1KpRLoczgcxvn5OYMWLo5xmd1G5fIHPn14A1P//SkGIOabpO1KNptlhkwmwyBHR0fgOA5UL5dLyKU4FLJB1kWRhE57r/JAr27iEbPz4OAANEKhEDPRPVPQyckJywuXKQIIEGOM5GekwwK8Xi+USqWTx+fz8b9BZ0PByWQSe3t7kMlkXxkgEAhgZ2cHGxsbmJycZMX0fnh4yPSaRgcbiUSwv7+P09NT9PT0xBmAFtVMFEKDajW9dvd9j+BLIMyCix5D2tl19g9gYmICs7OzsNlsLNfr9VhfX0djYyMsQ1amWZ/bMP56BoKOTu7aFtbW1tDc3Ay73c5apJ+SahaLBb29veDIkKlGO6Q1QpH42z9D1Gg08G9tQSwWQygUQqFQwOFwwGg0slxEdGO/mUF0Ol2G/UikwElXGrSa2WoU4Oc+o63tNlZXV+H3+9k23G43BAIBLPZXDGAymfIMMDw8XGceNK08eqJHn6aPAR4a9GhtbSWQNkilUhY0b2lpgUQiiVMA+Q+SV4dpYGCgTqGUv5PelVZHX4xi3j2PhYUFuFwuaLVaGAwGllONnM7EyMhIkmwzeO1oNjQ03Oju7pKJRKK0XC6vqNSqqkqlIp/rzqFE2vFerVbnSOTJu2x7e3uEDJz/C4Myz4QSsAdYAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALLSURBVDjLpZPfT1JhGMfprnnd39B1986rtja3TEWGBJocEYbya+oBzgJRt8xwKjoCf1SgqKSiGUqlYiZzGpY6XebMXFOxocIFK8p1c76d8zpXq9lNF8/27H2f7+f5Pu8PAQDB/8RfC2/u1WVErHTmS1oniyko7Bfmk4iVlmCG1t6KWOhMvuZcwCpTHU0a9EioVTjiRCmGQYqmSZ7QlCNZacCyuSp6LuCjVMR+sVpx4uzAkboMMYmQBJ/za/zeB3EOGzbqLhNAndeWYXRVZxocWpl5UI9d4XWkfT4ktRU45kbgRWewY5UScaqIGykXHOAKAdz2GKMNIStsYyYwAQP2RDfwIxjCN7cLiQoVsZys0uNzkZSI+VH2Jfm/AJqeMtYxfRe+xS5YR2lC5wFpdwfSTidSLc04lBcR8SFVfAr43YHSW4zZzSk4phvBjFRi52YB6Zx2d+JreztSTXbES2REyAMOuO5bomzWZHNfNTf7MwTqHjmWPi1gaiOE4aV+dAfqMa+jsCvJIzfBu+DP4kAmwY4wG7MKOWrtflR2R6BpGIgKyntLsbA9h4m1UQRXA/BHPTAN62CzuBClpNwN5GFXnItoiQR3mDao2sJwTKzD4ltELjPECjReBTu2MoSRZT+GlnzwLnSBHtIg1/oET6M7qPe+grJlkoj44AHq9hnIm15AaAtCUOXQZ2nd6ri2T4WuOSf6X3vIWeTbxjCzFkNgfhueyXeo6XsNQ2cERfbnRFzaOg1RXfD08ZycnFwwtOkUSheVrvApUN5LEfrkyh4G5rbwmItH0xuQN08SMcU54gHEwZ8vUd+qvaR3aC+Ka0dZb/g9POFNPOQc3OfsF9tPO/MAcf04coyD7Lm/TGXtyJJZeuISrtAeeAtXaB2K1jCkjc+QYw5AbHyQoEzOa//8qvxo6pruskKmNy2uG+csj6HA2PtdbnZVn9X8BLLktmdBdpY6AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAADMSURBVDjLY/z//z8DJYCJgUKAYUBE+440IHYh1gAWLGIzgXgPFINBVFTU/1+/fjH8/v2bAUSD8N69exlBcozIYQCyHUgZAzGIdl1R6bGHVBeEAjW5Qr1QDnOFj4/Pf5jNMHzmzBlUFwA1hQIpkMZ7QKxErCtYoJqVoDaGATXcg/JBBnQAsYmdnR2GC27duoUZBuQAeBhERkZi2IKOYbEAop8/f05lF3h7e/8nZDsy/vz5M5VdYGtr+//nz59Y/QvDf/78QcbUcQHFuREAOJ3Rs6CmnfsAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKkSURBVDjLdZPfS5NRGMf9B/wL+keCbr3wStArL/RKEdQLCxGEGqLJgkQx0A31IsUmKRbohSxds2Ws0ja3ynLzR20sdb1be3/YptPt03OmSRN64fOel/f5Pt/znPOcUwFU/Ev9A/ctYUQICpqQESKCU8Wu6/9NrBQcQv5FIMbnuMG31Ck/rDMS6WNWgnFU7FJTWWZwmex2rUY4LxRJGPB83eTZR5N36VNyIioIKqY0SvvX5K+BQwX0PKXHEvW0T2fS/4uwXqAo/2TAKFzEL00cJQP5uCkUYuk8029TRFMXoqVADufLFLvHlCo4kpcl46miWFQGBZVbmn1Z1rf00WDCpzG2qvEpATtH8DZqyXJOSJ9AUgwMKSVzDqawfLEnDmUQCsd0pt78FIMkzldJFoMGc2u7SnComH+zhyVJTqeTr9oZ4R/nhGOGioeUQWor8VtmTjImyeNi8n7PUsED4cYlB+MTE3i9XoYejTC3npYqs0qTujJwepM4PEeMeA5Z3y83eDw5ic/nwzAMPB4P9+0PCcWsK4NQ6HsGh/ewlDz7QZeNLKLKVuW7XC78fj+WZbG1tUUmk2FhYYG7th7q7Uvhq0307+cIJyGehT1T0GFmZoaNjQ2y2SzxeJxIJEI0GkXXdZRxc3MzV23MS2uS0qPtDAQO4XUMpqafMCFrHx0dZXh4mIGBAex2O729vdy+fYeGhsZs2UHSpF1hDdYkeXmnyOKXM+bDOWaDWVwbFk8DJuuxfPlBun6UE2aRTalgZeecwcFB+vr6sNlsdHV10d7eTmtrK42NjdTW1uZqamr472UKfjfo7+/H7XZjmibb29sEAgE2NzfRNI2hoSGqq6vLr+b163zP1lPs7u6ms7OTjo4O2traaGlpoampibq6urOqqqrjPwDsCp2+T9HiAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKiSURBVDjLpVNdSBRhFD07M7nF+rc67s+ILqS4ubBpEERoIFKwC0IIlfYQRlE+lz3UQyFElBD1VA8R9NhDP/YmkYbUQ1T4oCStC7rF6G5ri5o6rePOfNOdb7YfH4KgGQ6XuXPvOefe+cZlWRb+55JGr+37KwNjFodJMEwGk2BHw7Cjk5PswtrWZjDTBMgNd2QJsFktnqIcY2DUZNfYhGCUh4DJd5MOATMNrMxnkV9e/Sflsopy+JXAbwcWJe3mFwffghsAnPgT9HxFOYfSHfU2PR4M3kONz8eJBa5Y3MLY97uEO9BdM6QOGEUUaJQ3Sy1g+SkaZ5MrW8UdCI5nx/aeyhQ1P8JLrR8FtkIF1GwQCWFKP4SRxf1YXZ/lyrQWPqLjoEhg0C72lrVQgYlXG4dRQNIhIcys1+LZylmcn7v/y4HdI/GFURVfGCtgenUKXbUy0toGNLELS2ut8LIjUBfbsL4RoFoRu3kP20pgs7bIOURKAxA/1qM65YW/+hhS2RlYbY/REH4IPG/CTt8uZJr6kPhGe7JckExOYPG5ZDGED6NZ1NPdc6IHmqahYb4Br9+PgZXoONrdhxLJjUymCRMT1VCTKUi2MqN5tntKMX15BKKvEwdOduLqhVP4vOxCUFEQjUaRSWdw6+ZtigsIVQk43n8R6qdZCLYyyEqFV8aay4vyCi//MJeuD6BQyKO3txft7e2Ix+OIxWLQ8xriIZ3XlFd6HQdziQQ/YZtrQHpB5S8HB27wkzc0NASPx8Nz9kj23E8SDKdjQIZqXX/+jZFIpLmxsfFpR0dHoK6ujkmSVJXNZpFMJuF2uxEKheD3+4nYWFJVVRgfH/+yhSAcDovBYDBKisOKotRQk0hpIZfLnaG4IMvyMMVtuq6b6XT6Kznq/gFyr64cpzvFtgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKOSURBVDjLhZNPTBNBFMa/3e0/ty1tiZUChkZAESnGA54k4WRATQxJL2piYpR4UBNvnrwZPXjwiiHRBCVBUMJJ0UrlYtJEjI2JBCkEbLGhWGxh2+5u6W7XmY1LCkJ8ybcz+2bm9968mWE0TUM4HLaS9jzRxXK5fJS0h4lIt/yNtAukfUIU7u3tVbHDmMnJyWNk0rDX6z3u8/lgt9vB8zwoeGNjA7lcDolEAul0+iPxXQgGg8lthFAoNBWPx2k4bS8rlUpaNBrVRkZGBim4Uiz5tNXU1OB/Vl9fDxLkzE6/iTh10urqKmw2G6xWK8xms+4TRRGZTAbJZBJNTU0UgD0BJpMJ2WwWsizr/4qiQBAEFItFfYz6dgOwxl44jtMzcDgc8Hg8cLvdejEtFgtYlkVZVdFQnLInXnVPz/cHrm0BjAxoRFIsXSqZTGX4aL+0MI62didf13Ovw9kcePjlwZGebVswFlDRbPRFf4Gu/DQc3nm4Wk6jEJ+A2dlS7W4ojk3cbuzbAlRGNwBGBryyBFf7OajiDGz7D0JWf6K26wSvFLL9OoDKiG4AKzMT1SqUsj/Acmtg2AIsVWuALCK/UuRMdAI9KnITkUqlIEnSVoUt8jICmMK+WlJEJUMKtk6q5oRW2sT3F3PyzJxwnWZwJRKJjLa2ttr9fr9+DxiGgbj4Frz0Hgc6OqFthsCoOcy8FiRTbkXgyHhsUbh5eXhpjKFpDg0NHSKgu0RBcmQuenxt2jgaO7uxudZP7oELsx/y0udI6pZfll7a7By6BhM5/TFRQKUNDAw4SS2az/rePKvrPBVQ1iOYffc7/zX668bVp/PP/3mNOwGGfXp08r6j2tMnZgpSLJa+c+lxbHS3eX8A58zTPyvL4X4AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJGSURBVDjLzZNvLNRxHMc96qGt5z3uH3FIrEUlItel5VLtbjbcdJhwOBoiRpy1zhNNVsymKbNl0mit0hbTH0dDtRul21iju19cjuN+r760tbWVZT3pu70ffl7f9+fzeX+8AK9/kdf/AZAL8zRCX4SkNXnyDZLHkCWtZmZIK2nnJbcuRVpOTJSWzp6TXPFqafF43Jzz6DHtOkAUJAg56e2B/n4YGQGrFcbH8Tx9wlxrK/aWFuabm3E03MBmNmO7VMpC+BHnfGhY3BrgFTcboasL2tthbAyGh6GjA09+Pja9nmmdDntKCrNaLa9VKt5VV2PNykEKCLGtAfxlo+GFXFMF4jemplh/fX141GqmlUo+x8byVWgyIoK3lZVM6lKR/PfNOHYFJKzPQPS7VfT7wFNWCp2dMDMDFguyRsOcKHQIiCMmhomqKj4k6ZD89k7YdyoUv2xhRZ/q7U5O7l4tKICBARgdRRbWpagonNHRzJpMfBTFDt+gCfsOvz2/XeOSRuvtSjjT7TYW/ACIGTgPH2aptpZPmVmUN6rd+junhzbMweKJk97fYpQPl4tKkNvaWKmpwZ5toKRRLRc/zqWw9wLxt5SWDYO0cChy2/z+g9ZlQx5OgwFjU7xc9CiHpjf1NFjqSLubRGRt2PvwipAtf0yYFBjqI/odrLimciXePuXOvZ/O9SEzdS9NZN9L50BZsCv4oqLnryOrqo/CPFiNqb+c2KuRBBn9Qjd1C8IyV55fpvxZMYF5vmz6mIRlhGUUOT7sztj+E/Ad9GPLsXC6ErkAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAEwSURBVDjLpZMxSkNBFEXPD2IhVmKlS8gGXIBdsHQRkt5dWGYfFmYXtsHaQkTQRlDIzHv3WsyPIfiDSh4MU8zlzJ375nW22aX2fhPc3D1v3JA21xcn3Z8BAKdH+9hgm8fXMuzg9v7TBpRgwIbLs4MOQDYSWCarhgEpOD4cIcCCl/cmzDRKkEzKlNgCsCHddhlWugiRaVIiE+oyhwGRNJs9IHtdTTeITOZPByOA6XRq9Q5C6zWZTFyLqSFqiAhRqhiPx94AzGazbuWgLaMU8/m8KyWJFFlFDVOLWCwWP9sYakHKbhn0Tyghovr7CXVbiJki1a0z6E3WZbMvNU0t3hKi4ektyb4jqx9eQkQay62V3gK4Oj/shn5hrUmGkVcQ/W8WIszD4weyBs+7XadxxI71BUieEw+8ru7iAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJGSURBVDjLjZNNSFRRFMd/970ZNbX8KCHUCVxM4CYSDaKkoAgywk3gPoyCyFq0cW0bSUTIcNEm2uWqUEIIrEUqUoFZuZAEFcPGD9LRGOe9+3FajE5jCnW4l3O53Ps7/3PPPUpEmJ6eFucczjmstVhrMcZkfe7UWmd9S0uLigBYa6msrGZ9YwNEIDNABAFEJLtGhLKyUoaGXgGQBawnk9x9NMr/WNetU4Rh+AdgjNkOCdWxYxQX5hGrKKIgP0JaC9o4tAUrMP7+E+KEIAgA8AC01hmZgFKKVNqQWE+TCiwiYKwQGkdgMmdE2K1Aa43b0acUSik2UwYnAaVFUSIRH88Jsg1w4vYCxGUQKgeyFVpC7SgqzMP3PTyViSFuHwA5KSilMhBAlCIVWJQnmX3A/Z1CGIZ4vgfA/NzsP6vgR/y9gLxohM4bJ7FWiEajLC8tUVR8CBFhbW2VRDDD5MIom1tJugaeIfZARrGI0N/f3621Pp/zy8q11m+qqqpajTF8WBieKKmxdfW1DVSXx3k79ZLxr++Ym1ntVjvly7Wenp57xpjms43nLpSUlPFwoI1rV6+A79Fc20b38E18PJ6/GEhHci/29vZWaK2X4/HjlB8+gtGQSKzw89cKUVVMU20rAPcvPmHwSx8wULALEARBQywWo6npMsYYRAQR4cFgkqnFMSYXR2i/9JTO19cp8PMB0ntS6Ojo+Ki1rs/twHk9iVfzgzMnGokfreNbYoKxzyN8n03u/wb72ek7lZ3AbeAgsAn0jT9ebP8NoAhq3YVujicAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJISURBVDjLpZLLS5RxFIaf7/NCZqiZYYW1sEbTKWsTDUS0sFpF/0K7aBftulCbTIQWQi1r0aK/IKhFIBUodlNKKtBIy2qsKUPLacbvdy4tRmuhSdDZHDhw3nOelzdyd/6nypcbXnx25oWZplXNVfXOpUzvkb8JxEuXT9djpFvXtJKqSUWimlnpgyUC53f3fEskyQcP5JM8IjKykkDk7nQ9P+tmiqqhpe5ta7dHYsLzqZFZEVVVjUWE60dvrl3igZrSUp3C3DB3HIvUDHdoX99eq664G4/Hh5Y3UVVRN8yN7NwkM8UZxAVzJ47KMHO21qYQkeURzj085apKTUUtjdWNvJoeQV1LOF7Cqsy9ZT4pMB1vQkQRUW4fvxvFAJcyvVHPvitRbi6HmhIsEFQQE4IJwYVCmKepoY2Kwhsy6T2IytIciCjqiqhS+fktZglugoqwsb6Ftg17+VHMc2/wGlq27Y/Ayb7jLqLUrapDzQgeiC3hUPrYbwTDyc6+Z2fTPuaSAkOTD+joimvLFy+nG9tQnInv47TXd/Dywyjqxrvp1wQTxAJBA9/nf7B7837mwk8eTfRPlwMEEQTlWW6YHQ27GP80QVGKiAqNNVuQBTOnZiepX7OB4fcDDLzp/5IIh0sfBEHNSK/rQNTIfp3Cpeg3Bi+TWBIVJWFrQ5pM82GevOunb+zup0TozHb7qwUE4cnYU0QVEUFEi7dOjFcBHLx6QCtQhj88jKO4ivtjfR8TozPb7aO/c/Av1XwhyquVrS6YNue6fWJx/gvSRpXk80tR+AAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIsSURBVDjLpZPPS1RRFMc/970341N7Ehjij/wVQWqrFgmBiyAhiDYtAqNFmyAIWhSEgSC2CeofsF20bVMIblRkAtsPCgmGEpk246+ZcX6/d+89LcZf0UbwbO7lcM7nfM+95ygR4SzmcEY7M8ADWJm+nvSbBgaUOskTqvnVdaOzN4DqP1kKgOKVu0vaA1Di9HUOfYgppUBqySiFruxcSidfr8uBF8CNN4mYaKvwZ/4l8MkDQEsFG9ZVU5OY0AWnCaUC/PZbtA++jSMCWBALCMo51/pjamj8GBApR2yICeOIFWz5F1ExTWErQcxvA4nAhohoQBP0jcYR2330BijxrS4TlkDCIlF+n6DvEX5z/0HDhwqkpsA7D8bxjgGRg1ffwvn+x0eBgsWGG+jsHGJyiM4heh8xBfyLY1AVTgBExFSwpcVasMkjOouNMojJgc6SSiyR+rpMaXOPWMs89R2ux8NDQBURq7HRdq2SySE6e3DPkE4sU1jRXBsZpa73KuXFGb4vzHqzw7FntY8PRRQG0XuI3kWindqpdxGdYX0uyeWb9/FXE6iPD2hY+0xPVzOi5LkHIKHN6NJuQ1SIB9jAEYmBDUAuIKZKtPMFv7UX7rw4nsCJNlyremqASvXd2vt7gwjDKIL/5rXerSslp1Xj1FOq5RQlIL/vYlw21Wm2cWGkYyIeNI51NmvPc36T39b8TLsmqsi4Ou06fxvpelXc23ziGtVtXNkQmLw9o9/8BXTmMmWfiWeXAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIsSURBVDjLpZNNSFRRGIafc2fGP3Iaw58SSVyYJRHGCJUVtGldJLZoUS3atIqkdYStwkWLWhjiJghCpIWRLSKMQENFC/uhhsixn0HLTFPn3uvc+30tprlOIVH0wuEsDuf53vc73zGqyv8oDHD6+tPzQC1wAIiDKopBFMsyWAZEBPFZiIT1bUNNtBlRLrRuN6gqp65NdOs/6krvK1XVrAPgIEDP0Hxg7U/BzuzfxOv3C24QAdHNucP6ykIAjFn/8ptZFwDbyRQEAFUtyVVNfHb/qnnq+2YNIBrOWVtPK19GWZweoGpXO6GCaNa0L+QDDEDbpYc4IojCvcuHmUotgjjou9vEqltITvZiVbdRV70RFR8AKwvI0ubsDHt2VDFve0H1yMIg0co40S278WYeIctT2QjeL4Bsz5ccn4wqaTcLUDvFyvQApeUx/O/9VDaeYDXZh4qHiLcGMD8duG4GO+PjOxlQJfOhn/L6I+BMMHrzFhtiNu6nERanh1FvNc9B3qvnJnt5ZoJCWaK0LI24U6CCvzxG3aF2Pj65QcSk1wDiSUC4P5QkbITUWA+xrU1IehIVm3hrA7KaoqgoQbRmL83FYxoAfJEkwPOuo7zoPsaDcyGKyuopKZ1Dva9gQozfSQCCOAkqttXSFBnRxx07G42qcvzi4FVV3aaq+xApO1vRScvJLkJWEvW+/TbYFqHiBmZfPiNxt6PPrPedhzvjc+pLiYqiInlLgx0RVHX8BxTzXjKQ0/OBAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKkSURBVDjLpZPdT5JhGMb9W+BPaK3matVqndXWOOigA6fmJ9DUcrUMlrN0mNMsKTUznQpq6pyKAm8CIogmypcg8GIiX8rHRHjhVbPt6o01nMvZWge/k3vP9duuZ/edAyDnf/hjoCMP2Vr3gUDj3CdV6zT1xZ6iFDaKnLEkBFOmPfaZArWT5sw60iFP+BAbOzTcQSqDZzsNRyCNkcVoaGghzDlVQKylOHJrMrUZ2Yf52y6kc36IxpyoH1lHF7EBgyMKV4jCJ5U/1UVscU4IZOYEa3I1HtwI01hwxlDLhDoJD/wxGr5YGmOLAdRIrVCuhmD3JdA6SQabx12srGB0KSpc86ew4olDOGjH4x4z0gdHDD9+c4TaQQtq+k2Yt0egXYugTmoVZgV9cyHSxXTtJjZR3WNCVfcK/NE0ppYDUNu2QTMCtS0IbrsOrVMOWL27eNJtJLOCDoWXdgeTEEosqPxoBK/TwDzWY9rowy51gJ1dGr2zLpS2aVH5QQ+Hbw88sZ7OClrGXbQrkMTTAQu4HXqUv9eh7J0OSfo7tiIU+GItilpUuM/AF2tg98eR36Q+FryQ2kjbVhximQu8dgPKxPMoeTuH4tfqDIWvCBQ2KlDQKEe9dBlGTwR36+THFZg+QoUxAL0jgsoOQzYYS+wjskcjTzSToVAkA7Hqg4Spc6tm4vgT+eIFVvmb+eCSMwLlih/cNg0KmpRoGzdl+BXOb5jAsMYNjSWAm9VjwesPR1knFilPNMu510CkdPZtqK1BvJQsoaRZjqLGaTzv1UNp9EJl9uNqxefU5QdDnFNX+Y5Qxrn9bDLUR6zjqzsMizeWYdG5gy6ZDbk8aehiuYRz5jHdeDTKvlY1IrhSMUxe4g9SuVwpdaFsgDxf2i84V9zH/us1/is/AdevBaK9Tb3EAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALASURBVDjLhZJdSFNhGMcPSMJACLr1wptAkIIuC6zFKjJDb6QurNiFaCH2gWiFNh1rLodNJ/iBS5k5RdvcSSunpTYrc+QHSHFwbmzNbWd+bE7FWFgnn/6TFrKsLh4OvLy///N7nvMyRMTsrq7xUCpK0/EuNK23BgXd66DQPLw8XW9Z0jwcCKTG34+HiwFG+mfWaGh2g4Y/bdDL2XVip1apfSxI91k+UmHki/8IAJjYOR4aZCfD9GJmnTreBqnx1RKhK9U8D5DqKY/vIrUMr1B1f4Cu6z2DV1vdib8D0FXLfgiTeXKNoCsAlEBXFOtS3uMTlXZ5JbceewRVH09lPV663OTS7ATo3wQPt2LOvukwNQwtCbWWQIr6WSAJukroTtzt9k0Ud3iVhXpPUoHOnSJtdgnyXp5y6pxCdo0jjWkZWdY+sYXo0ehKVFdSxfLJchPvrhtYokqTn8q6fSTv9VNes8t9qcGVfLHeKUEI3Wj30FmVXcNA185OhUndz5PCzIuga6odWCToGgvb3OK8FpcYusbbXV7KqXWYstQOUYZ6HsFeEis4joHulhnLgy5BNwG6kTvoCl2xzWbLtlqtadAVX2l0UabaHjldNZdwUsGRzOijYzJunYHuVvf7VSrt9Ea3K7rW9jmqu1Jn/pgO+LvFYvlWrR/NgO7CKeUcHVdwovRKbme0o+XcJoPtOpWsn6AbgW4idE9EtwvYYJ93kH3eSQaDoSN6ll7BHULXfQD951Tz0QCOwXZvQrcAi9kf+22AD6Dzptls3ga8rdPpeK1Wm7T7AQEWoy4w8U8zWoCbAAs+/yIteHkCLKhUqgd73d0LPgL4x6/O44DHAW/LZLIvJSUlB/8bAHgE8FfArbEzwAbAm0VFRew/AwCfB+wHfC/+ImB5fn7+mFQqPfPXAMBgddl7zRotwFm5ubmZqITY2U/WPMCPgs5K+QAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJMSURBVDjLpVPPaxNBGH3ZJCQkVSEkJJja0MSCabHoSUEKerAgggRy0ZP9F4QeDAhepKeeBA8GPFQCEutdCMRSSYkimouIVqUkNW1iyJZN0mR/zvrNwtbUGjw48JiZb773vvfN7jhM08T/DNfwplgsekjwBuEWY+wMzVMEWrKPNH+j+QmhmEqlDJvjsB0QeZrWz0Kh0GwkEoHf74fP5wM/lyQJ3W4XtVoNrVarRLGb6XS6bhF5AkehUFirVqu8nDlqaJpmVioVM5/Pr9g8wbZCm5lwOPzPnqPRKKjItSN3QEFLsdlswuv1wuPxwO12W7F+vw9RFFGv15FIJKzckQIulwt7e3uQZdna67qOTqcDRVGsMx77q4Ddk9PptBzwZA7q2xJZrWYw0PaRmXwBwzj4CL/vwHbAkzmJgydy8JiiqxgPJpF5eR0aUxwjW7AJD98swGQaVKZDpf3JwBSSkQvoyvtY/XE/+HT57tjrRbF3RMCurjMVV2duwzAZDGaATrEjbePs+CX01AHe19al2QdC4JAAB6/OIZNlTq62v5JlipEbzdDQUbo4d2oOPa0vvN0qtQ8EuHX+qehPRKPRIAEZuqEjfHyCyIYltivVEBiL4MP2Bja+l1qqjvlhBwvlcvl5Mpn0x2IxDHQFK+VlugPVchMPTuNifB7vqiWsbRbbso7LO0vmJ8fwa8zlcpMkdI+QFgThBH8LvB3u7LF4xzw/MedY33y1qzDzCpG/HHpMf45sNnuMyKcJjC718yNpUTSY0zdgRvznkrll5/0CZpfQA8IRXj8AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAK5SURBVDjLjZBbSNNxHMVXDz3UQ0892AVSs4Q0shQRA5uzCFGL5Rxqc1u5mZpNnWNN533eaDr976blZeFllc7mMLMl6IOGqdOpS4vAPaRbb6FiQjpPm5QahvmFw5cfP87nezgkAKS9JI4+zp5Wey3Ot57AnMZ9rYnn0RAV6HHoz/+eZl74SYq12d2x0OaGnapL9azeF6CBeYxY6PSHrZeDH8OVsOmCsaA9BYva8/u+AKroo5V2cy8Wh1RYMz/D8nsV5id60F/sZ90XgBoew51pydxYmuyAY7YTKxY97AMEihKu6v4J4JK92Ep26CLBIEPFoqwl033HCGHqT7uOj69dhbAbcjFY+wAXOOd7AgQ+R/4CMIPPUJTsMEd1PBk71SjjQV4nQYUiF/lSAbo+tqCkvwi+eec0F/lnD28BZPRLg0+Sb6Gz4B5m2sRo5dNAMCioTQpDk1kM9bgQVaYMlJsy0f6pAen6NAQlB6i2AAq6Z/uXfu2uwrTZZMjGH6HCJEDxaDpyRlMg+pACtoqFOVXU/wurKI6GYkKEfMN9pKvjwK26ibjSUFAl12B7GrENOHi5RqQQpe0qzIeWBW5dDArb2ei2KGG2GSF7lwK6zBcMoffrTfOB4OeJVL5peeAbUPpSh9xGLQSEBvUjqxAo5hFfcn29a7oaXTMEXCPt40DWl4TAVLdVknt4LY3G614xzDogmQE4I0DCABDTDdC1ADEEROT4ocdSj51jmFK6ACBNSfzXxzrk4L+yg9kLMPUbiNdugKZxIFINRModuPLwNB4b76LMyNo0l71lbSew1oTYOkoyEJs3DK4RYL9xJtADDANwx5WifA6xvCjclnqj0pi4edm1XW8nQEr63JwU1FNEzQ6ktej900dBzptyahpk8SRCsk3wvPHCKs9KLEgQehuchiVX7N+73NXfL+Zkqi9OGtlWAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJiSURBVDjLpZPJS5RxGMc/77wzlTM6pthuGhMSaVhBQaAdzOzQoShoAYug/oEgizoUHcJbENEhCDoFXYLo0q5tOpm26CXRcslRMffRGd93fmuHCKKNwA88PPA9PJfn83WstcyHAPNk3geCAPbc6VrgKuACWG1Aa6xUWKW+byG/j5TYjFRGiJORR/dvOeZs3UHgplO1M0JOFCIRCIdBSszoV6aGhgloTdAYdEaQ8uZgcorFz5vSVojaIHDGKVkXQUgYGoLSUkinoacHWlrwZmdxlWKRtehMhtFkkkhFBf7m8siSl/FrQeCE7eq8wfjYVqewGLKzoagIkkno68P1PFxrcYFp3ydcXc2Cz73kt7WPWCFPuRdfNX+1Dx/csdPJcjyvxHEcyM0FKaG1FeF5hByHiwcmadyYorJjIQVt7b1GyD15nR8aAgCBy1emrJSH9UDivo7Hob8fQiHIyiIoJSGl8K2isGA957fGSWR7h/I6P7QDOD+LlDlyNGqlvO2uWbP79MY41giEVgitWZlfQnlhJa39jXQMthhfidyXdZMp51cTvb37olbIO2dqx2tqyo6hrUEbjcEykhwkL7KU171PeTfwwvhK5Ad/FSPr3t2ZVFXNcV+JhLaGLxOfkEahjERqyUxmlk2rt5OSc4E3fU0TfzQx+9mTQV/5KK1YFi1iebSYFbkxQm4WS3JW8T7RTHNP09icYIvztzLtvx4zvhAII/CVYG1BmbMttou3A3Eauh+PCEX1cL396PxvGzdcCqS3FO0IP+9uGBKG6uF62/XbF/5F7IKT1sYNe0bHRutt34/8G0frVWL/2YcDAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJYSURBVDjLlZNdSFNhGMcH3nrl3ZAgyr4YoiPTNXJ30UVBUOTGXGVin6OLLrqQ6KIwJrm2KBUjE5xRaEnNpuZxpLCLpG7KHbfpprPmPt3a99r3v/cchxi5Wi/8eDnvOf/f85z3nJcDgLMd/pnGsnX9EdpHCQ2e94fLij3HKXaDhHvC9D2Evt6Fe7zh6n8JSLjCSwkjuXQY6eACXGOHAmtvDlaULPBOCXURSzfy2SjyaTdCRjUcr/m9JQlIuNYzKcghl0LK2430+gCR+PFtuCa7+qK69p8CEqZj9mGSD8A0JGLJxmmEzRqsDPEMfxV4JgTSwNwNIJ9CzHYOCxoRS2xRhnwmAOf0FVj790q3FZBwuUtX7//pm0Mu7UJs6SwWBhtZImYxstGPiDlmsfikas3Su6v8D4HrXf1IaF5JKvmQdHUTgQzL2mMFQRPiVhlyyRW4Z2+DVu1Q/CYg4Sqnti6Tz0SRiRiQsMlYQcLehvXPYkRMZ6CbbMLNvmZcUp3E+Q4RpO081abA+bbuU9j8jGycG0lnFxJWKRE0b77C6Ngp3Hl1ATq6B19cFNTT1yBWV6NBzlUy4eOemVbyzWPkpxlHfEnCErWQymYJqS5B6/2j0BofQmt6BGYo9Reh1l+GQM5NcRyjfEfc8YEV5DNBwo8NssENyNqJW3xM0P3YOsbme5gOwPk+UqNZfVkN+3MelgcPwDawD0tP92CxbzdMj3fCqKyE6HoluqhWKKgWNqyYamE7EMq52aKHaSukUsdp5X48oNrYyszMXLN7UIqgIOkkRJi2C3Mns/4Lp3nrFHdnUnEAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAB4SURBVCjPzZChCoAwFEX3GSbBLzMaDOblBduqrAlDYcKCqNFiF39Gp8iDq91plhPvgQOXgX3D/iRM50gDWdKkSNJDmNJxHmbb6kN10gjjTdhA7z2kE6E3cc9rDYsC3GWRR9BbhQYVSuRIFo+gICHAkSFB7H765BsXhQcRTCg+5ikAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJJSURBVDjLpVM9ixNRFD1vvhLzxUiMCitiCjFWwrJuYaGQICgIgl2wSCWSIr9AFAsbQcVfYGEj9kICizGFgoUIIUENBDFrkLiDukw22fke7501MetHtY+58x6Pd+455973RBiG2MuQsMehzBa9Xu+57/tFCnieB9d15+E4zjxs2+a5WalUSowTbIHA5zRNa+VyuejQn2PRpqqqaLVaGAwGpVqt1owUEOMtXdcxGo0Qi8XmoEUgr4fDITKZDPL5PJPeoO2m6HQ6EXs2m4VpmrvkshUGCiEgy3LEnk6nkUwm0Wg00O/3Swqzs3T2yofi8XgUD+pbSJOYqeNhf0rDl41tCMlHKjFGEG7hh1mAZw7vKsw0mUxgGEZUIGYMggDb0wyKqydweTmFZ6+HuHn15K66PG4ZeBGcX5EoQZE3OBF3oN1uo9vtYmq7+D72osNrb77OgRZtmTZgbDpkLYDCrOyVgxNwsGdJIt9UQ9cPcL+6TKqoqJRApn+CSs84c+LsJJgBWXqhUIjmdz0JFqm48/QTKBc8ShRQhLO20pdQfyngDnCCWes4vPc2bN+DLKkMgcCOspCVhAEp5gvmQbEsq1Gv1y8s3LJoHrtnoQoF1UtpeIGzc+uZmHzHFQ33nqzjmzmBUi6XL/7rjl+5/TKkzoP6gUdvr+NA4iipkGBMP+Pa6Ye0ilOhnd9v4a9Hosg4dhg4lBqjdGoVurYUidi0lnAw6SGh0RmyJP73nFeqa6+OH9l3Ro/pJDlDNlwIKq4Iqdhiig/rH7FhuvgJMpVtkQoe5WAAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJqSURBVDjLnVNLa1phED1X1CS+Aokv0Ks0D2jQnbRJi6UJLdidBLsvXfQ3ZFnaXXfd5Re4KiG4DNKNaI1YUVDoUryVxIiPGOP71ZmvGBKkm14Y7nyXOWfOnG+uNJvNcP+pVquySqUKTafTwHg89lFgNBplut3uWavVOvH7/b/v10v3Ca6urp5JknSk0WiC9AYRgQkGgwFub2+hKErk5ubmy+HhYXKOUc2Ty8tLmboeLS8vB5eWlsDEmUxGxHA4xMrKClwuV/D6+vro+PhYXiAgmSG1Wi06M4BJ/P4XeLm/D6PRiF6vB1IGh8MRrFQqoTlOPU/6/X7AYDDwW3T7VaziPPlDKNnd3YPbvsr+wGq1otlsBgjy9YECmtPHxTyvlrqfJxMwuZ7A9OgAP4tjmEwmVgm9Xo9Op+NbUEAuC8NYPrXFdAoMocNkosVQWhU1k8kEZCITYMEDIsi0221RRNeF53tP0Wm30Or28erxDPV6XdSVSiX2I7NAQO6ekTkiTyQS0KCHd68d+HBgwKhTQSwWEwqz2SyPebYwQqPROCmXy288Hk+AbgO5XA7pdJpGmYp9YGP5TATf6dvJggIq2CWDbPF4PMLnnZ0dbG5uYmtrC16vF0SO09PTyPr6uo125f2DTQyHw28pD5PL2nw+76KlUrgrz82eaLVa1Go1kDKX2WxWiASpVOpjoVD4LEYgSd+2t7fBHsiyrNjtduh0OlxcXIjb4QUqFotsnrK2toaNjQ1Eo9FPBP1LwMvDAKfTCYvFIs4cNpvtLne73eKKeRfYFzb0zkRmJ0axRBxzEMf8G4MZxOB//o3/8/wBTrxxLgOn/DMAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAADqSURBVDjLY/j//z8DJZiBKgbkzH9cMHXX6wcgmiwDQJq3nv/4H0SD+OXl5dlA/L+kpOR/QUHB/+zs7P+pqan/ExIS/kdGRv4PDg7+T10XDHwgpsx8VNC56eWDkJ675Hmhbf3zB0uPvP1fuvQpOBDj4uKyIyIi/gcGBv738vL67+zs/N/Gxua/iYnJf11d3f9qamqogRjQcaugZPHjB66V14ZqINrmXyqIn3bvgXXeJfK8ANLcv+3lfxAN4hsZGWVra2v/V1FR+S8nJ/dfXFz8v5CQ0H8eHp7/7Ozs/5mZmVEDEWQzRS6gBAMAYBDQP57x26IAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHkSURBVDjL3ZNvT1JhGMafb3G+TQqKECNFRIEDcvgXmB5IPNJmTdbC1SQ0S1xzZKXyT41TdpCOMyYtiXS9aW2uD8EbPsHV87RRmyLrdc92vbt/1/U8930/ZLYxASbpSwgz9SCin2+CHtJJwYoLgbITvvcOeN7a4S6NgTB45+cmCucvu8JMFOZCZQHpr0tYO12Ga9cKwpJz5xvIfH+GR2dxRGp+uSOs8Jxv39GKV+/gYS2OlXoSfNECMnMSRKw+hdS3BLI/Mlho3MPUR88lE+++ozlfjWG1kYJUCcNRsMCWM4NM02vf/hTgwsf+1uLpfTw4mcOtQ0G9aCDINiWmRiAdiAz+HTC6Nfi3QKx6uckjT3Pi0K1c1QPnzojahtsi3Zr2L/rfDGin5fE3o+pVxeYXRmVw3dA0Pddzfwz8Co82LFVERMuTbEyXJjGUMaqBgoBQ0Qfjmq5lWO3n9E/76IK8s4PCYHCytoDZgwhsWXPzosGNdYPszY1jTonBnxVgSuuhe6KhyfRDJGsJ3P0gQSqLDG7RBeE6PeF6Wie7X/MI5N2YLonoX+oFce1ZsXicQOJoHs68FdbNznBbAytaREthSHIE2lQPCF8cgT0/jLHtIQbD8sqEbrBuWYM+mqx93ANN8hp+AQOPtI0tirA3AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJcSURBVDjLpZPtT5JhFMafrW997I9rscA+FFu2QRurtlw5cQ4InLpwBogIPNFSiNJ4C+JVkj0QTBHQKFPQlJfwlanY1tXz3ARkn2jd27Wz++yc33XOvd0UAOp/RNGR/X5zeH9rOlTDVKAK3fsqJrxlqN27GHPuYHh+G4rXRQzZNjEws47Hli/oo/PxNsAU3qvWT3/gX3TPuHrWBhiC30nSktXDtKLB1NI4NKkxqBMqjDByPFkcxNBCPwbCfXgUeEBq705m0AZM+qsk2e3hau88W+4ANOy+XPLFQrkrcbW31KkOYJx9rBaAOzPR0gVHW6x593q9cDgcqB6e4sZoogMYdXzD0ck5ZhfLsHGKVfAqVoadKcMdzcLr82PuwwZCoRACgQCWVzdhoK2gaVpDAMNzWzhkAXamQpze/I4t13w+j2AwiFwuh7W1NXg8HmQyGSgUCshkssuU3F7AQf0c84kK3n68KFc4hXQ6DavVCqlUCqVSSdaIx+NQq9UGMsHg7Ab2jxtwp5rOvqUqia3CUqnEObWn0mp1KBaLcLlckMvloPpfrhOAl230/SGLxQK3241CoQC9Xg9nskKk1emQzWZZkBZCoRBU3/NP2GMBgXTTObjSjI1GA8lkEgzDwO/3E4iObXY6nYhEIhCJRHoWcIW6b1pF7egMlYNT7NROUKzU8XX3GJ+3D2E0GgmAm4Zbh2s0mUyIRqMcAGKx+BIlMeSiYu1K/fbEMm4+TaFnJIHrSgZX5TFIZNPo7e1Fj9QOs9kMlUqFaw9pCASCnzwe7x15xG6/rUQiAZ/Px9/5XyhZOMVGKlOdAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALqSURBVBgZpcFLaFxlGIDh9z/nTDJJJsmkM5OkOMlkSklT6w3FSxW0XooibioUKuK6qKBYXbgsqMULdFnRrWBd6KLSIBYjtcZaDW1C0zSxbdoG2lyaS0OSzplzzv9/nxNQEd0IPo9RVf6P4Pn3+rPFfOaHlsa6ImpABaeKSxKiKCFJEuJqRBRF2DDCVUPisMry/M3pqfHLTwWl9ubR7du6iuWODawTVdY5UUQUp4pzghPFOYcTJXGOMyPnNxyPVsaD23JNxUKjz4WpWaxznB69ykP39TE0fIF77ujGJsLwuats3drD4OAoXT3tOCf0FlspdG5sC4wBUSXlG5bWhIo1VFyKpUrC96cu4pwg6hHTQGTqWFxYoVRsw4pgjMHs/+ykejbEE8V4Ptvv3cLNuA4nghNFBKwTrAgtQYWBgSGitUVsnDB/fYXgl7Gpl/oK+n6utckvFIodfl2Dmb44zvTsIrF1WOtwTkgc7Hz8ATbfvkkmx1ZHZ1ZX5NL4rweNqrLu1YNHP3/wrvILfZtKtGYa2dLu8XefHD1LurGB+YU5Tg+N9h/+6OXnqPGo2f3Oke5cNrOro5AjdpCp51/y2WYmphZpy+ZIZfIP8wdvx5tfmHBp+cu+ckcaE4DxaEkb/qlj/Cse/eZFej64m93Dr7V9+MSd31JjVJW3Pj3hnry/15tbVcqdzTyyOUPg8ZdrRw6xdPIwvY/tor68jfDsMcZ+/E6XJ86/HlBTjcWbWVhmcuYW1SjPwKkxwmqMdUKUOHYOHOCZvftITx6HE+/S2JqlXCqZM7/pGwE1NklInBBby8TlazhRrBXEKdYKLWs3SHeW4dl9/CnYvxFfTE9ATTWOCcOYrnw9zgaIKuIEay2qKcLmHJWRfpq+foUonKUCrK74OJ/pgJorI+cmKjfm+1LpJsRZRARJHGpjxCqp7A7yPw9SyjUQ+ClW5y1X5jxV5JBRVf6Ln/Z0v31raXqv70zJ+Xpd4eOnj9kDvwPD/42l5s+BKQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIMSURBVDjLpVNLaxNRFP6STmaKdFqrgYKWlGLSgoiKCwsKVnFRtBsVUSTNyj/gxv4Bl678AyKCoCulgmtd+W7romgzKT4QMW1G+5hMpnPnnuuZm6ZNawoVBw7n3pn5vvP4zkkopfA/j9F8cafO3FekCjGpIgKIvayftTXOkr71jkz2/UXA4HxXfz72gIx/lBsWSfiVtwiWHK8B3kRQeX/6lmnnkuDAwn0MJSKQEFChQCp9CcHixxgsGWw3B01uRKfx9t1HIP1POpoSdUulLyD0vqO26IAkDW7tgSZYeHPqcmpXxkTChKzOaAKSEdo6jnEWVY5ehFxdHs2cn55rScDR73H6DKyyRWs1R0haGdR+z8YZ3MyMTj9rpUKi/PLkUJuZfmX3nkNYmQBxzYprpyCA2XMRrvNAcdfDhgKkm6ttKTdW6jH4w4RpD/ALAaNzhH2kSwALoSJCd9+VhIqEVVeD4C1MclaOT0Ke0Cowq+X9eLHapLH23f1XreDzI27LfqT2HIfvzsRAyLB2N1coXV8vodUkfn16+HnnvrPDhrmXsxBY+fmOwcVlJh/IFebK207iuqSShg0rjer8B9TcWY7q38nmnRstm7g1gy9PDk2129mjinjy3OIvJjvI4PJ2u7CJgMEdUMmVuA9ShLez14rj/7RMDHzNAzTP/gCDvR2to968NSs9HBxqvu/E/gBCSoxk53STJQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKKSURBVDjLjZPdS1NxHId31R9QF0lXmW0GRRC9eVNiL6ZIRoVCSFNzL+BNiIe1ZCzLKKRAyLIc+Y6hFcpMmUo4NXXszbUIy9p0Dp1ORGRnO2dzG5/O7wyPDQs88Fwdvs95vj9+RwRA5HA4csafyTCizsVw6RGIRKIzu+QgGT5us9mCFtME7KYxDBanIxaL7Qpeolar9+j1+pKhp0pM6pQYlKaDZdkkQqEQgsGgQCAQQDQaTQiSC0ZhKJLsEGxJtqBpGpubm8kFhholJhoVMNySIBwO81R1LkDdsYB7HKp2D1StHlAcpEIQCAVTiYKBQgkikQgPGe4YXUU7R5txFa0jq6honucFpCqpYOCRAl8a5OgvEPN2wt9fpZrn8F5XDUuXHP7pTjAME/9nQd8NMX9ARLC1CsFvacKa+S6itBkrI3ew+LWf5QQntwseyDH+Uoa+64eF4coWDyqa3Gh80wD/mBTRjQ5sfK/GmkmLuXeFqLmWokkumBqFPj+NF5AzIBKy69JnFSLr3Qj7tAiv6LDh1ILxVmOm4TwtFHzSyDD2ogy9eWnCIRK4XeGbqEPQXQvGUw7WWwlmvhjMrwJYtWeZpAIbV9CTe0g4xMCiA0tD5Vg2yhGYlYL5nQ/WXYTQzwJMPz4FKnO/ZrvgfhmMdaXoyU4I1n/o4e3lhryNCLlugpnNhq3+HJzPL2OmLgcec//Oe0AKPl5MRTweh2+4nNu5DYFvGWBmrsD+OguWviZEGRoxlgZ5hHtAUVRqZ94x9N4+jQ8XUuFyubBgUCDif4LQ7FXYXmXB2F0Pp9MJq9UKu90Ok8mUEBARoUS8N1N7IuVhmWSfjLzoUh1tcb69tD5Zm7FM5R6o+t/v/AcPwsfW2HYHkwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALKSURBVDjLldNbaJt1HMbx73tok7Q5tukhmzXNShuHXgwvlIEIgpp5pgqiIN5PUPBw4RClKjjwxhvZcDeCeKEgu1mKMUWYVFQUPFRZOrtmW0zWxKZdm3fNm/f0/3nVguIm/u6fz83veTQR4f/cSjFf9FwpWM2geOdzq7PmfwbO5EcUjOgaV5TIy2E99lAqPERtc/VhgBsC1VL+AzQeEJ+EpyQaiyT1+vm2oFyt60jpukC1lJ9WwlI8Uwgn9j+GJgH2HyXctZ+JRzyturY19/jbF9/8V6Bayj9hhIc/i4/Nkkjfhl0/RbDTxmu3EC1KenKY2p9bTwN/B6qlfAb4KJK+/d7YyCx9hoN9+X2UY6NcBz0SRnwbzCFGo+bUbs68MJ+f1g2+CnzGU5NPacmJR3A3vsC6soiybfyeg73dJdQv9JuCBIJlK7UH+I6cTE8fysRHjxA4K3jNE+jeNuK5dDYsvB0Xr+dhJjUwTFSg2N5RrT3As+RgaDCNs9Ng+dsi/f2KPokSAuKJPmprFoYIhmjogzfT63RxXPl+F9Dta2q+WfkV33cZGJiiXonTbA1wqbZO91qPqVuimLpis+Lx+4c/sXLiOxJLjbvL95uvAmgiwuJ7B76JZVKHp+44wpenihSOPou91eaHcpGU0WHIN+mujzBzz5OEcrdiL5U5t7gQXF2uvKjtVnnh+IHz8X3JGdQMo9mbGM8lqJ+r8PmnRQ5edbjr6HEiq2eh8TUkkrTNLD+WFy/uvfG+Y9X8mbnc6cHE8uyFzcv8smAxlh3DVILeVYTHc/DgS3t9MecyGEqb1P45ptOv5QqIlDLZFBOH9mMGPr+9e5bDjz7DYG0ex27SBayOwfIqDe16a/zklcm3UPL66L4YqY6P11RMDPmYeh1r3edSywi8nryh3WjOH7+QNVxHjnkezw87Eh3YaGkhT8KBIQ2Bk4Wy/85fhGJYxwKt7REAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAITSURBVDjLlZLNi1JhFMaHiP6AvN0Ls4vob2jauYiIFoGBtnFlG1fSws1gDBdXLhIhdaEuvILfjtfK0cyvRflBeHWUEBW1nHGKpmkcpWw+ani6r9DCutn0wuGFl/P8znPOeZcALP0ekUhE7vf7HR6PZ+ByuQZ2u91hsVjkUrl/PITDYbnP5xMajQb6/T46nQ5KpRJMJpNgNBrlkoB4PL7M8zwbCoWaXq93RMStVguVSgXlchmCICCXy8FgMDgkAdFolK1Wq+j1emi326jX6ygUCsjn80ilUkgkEigWi9Dr9ac6nY7TarUrc4BAINDsdruo1WpzQtEZRDiCwSDE1pDJZBCLxaDRaLg5gDispnhmvRKrJJFU/SUWBwqO4+B2u5HNZqFWq8dzAKfTyRIh6ZVAksnkrDpxkk6nIW4F4nxmrghMpVLNO7Barctms5m12Wx46bw23XRf/TF5JsP4qQwHT2QYRWXYW7+Ix6vXT5VKJadQKFYk1/g1x5z/kmUU0+otnHy04Hi4hu8HHD4n6elegr7/z38wyTA3xy+Y7mHvAb69UWDauI0PiSuQEkoCRil663CwhuMddlad3EfbD/F+4zIWAvaf0+dEm48+bdDYjdMYC3dn4snmvYViya9MYoe/NNx/fQdb69R4EKGYMwOGPHVhO0qt7r66gXdhKrJIKAkQq6nehqijflCmOov4ry38T/wEpFjkJMz8PioAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAH8SURBVDjLjZPLaxNRFIfHLrpx10WbghXxH7DQx6p14cadiCs31Y2LLizYhdBFWyhYaFUaUxLUQFCxL61E+0gofWGLRUqGqoWp2JpGG8g4ybTJJJm86897Ls4QJIm98DED9/6+mXNmjiAIwhlGE6P1P5xjVAEQiqHVlMlkYvl8/rhQKKAUbB92u91WSkKrlcLJZBK6rptomoZoNApFUbhElmU4HA4u8YzU1PsmWryroxYrF9CBdDqNbDbLr0QikUAsFkM4HOaCVCoFesjzpwMuaeXuthYcw4rtvG4KKGxAAgrE43FEIhGzlJQWxE/RirQ6i8/T7XjXV2szBawM8yDdU91GKaqqInQgwf9xCNmoB7LYgZn+Oud0T121KfiXYokqf8X+5jAyR3NQvtzEq96z4os7lhqzieW6TxJN3UVg8yEPqzu38P7xRVy+cPoay52qKDhUf0HaWsC3xRvstd3Qvt9mTWtEOPAJf/+L8oKAfwfLnil43z7Bkusqdr2X4Btvg1+c5fsVBZJ/H9aXbix/2EAouAVx4zVmHl2BtOrkPako2DsIwulexKhnG/cmfbg+uIbukXkooR/I5XKcioLu+8/QNTyGzqE36OidQNeDJayLe7yZBuUEv8t9iRIcU6Z4FprZ36fTxknC7GyCBrBY0ECSE4yzAY1+gyH4Ay9cw2Ifwv9mAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKLSURBVDjLY/j//z8DJRhMmJQd+x89/W4IRQbY1x5L8590dzmy5PuIqC4gfvA+PPIyEMfhNqD06H+L9gfG9p33/jr23OMEiX30DTj8yT/oFxCf+hAYfBeIfwPxIyBWwjSg5Mh/tYZHzDr1D34aND7Y9tXOsf2Lg/O/z85uNjCFn908lT56eH985xXwzXvygwYUA4yLD/9Xcm+QlS572JWesP7XVyOL79/MLKci22Rc/6DXvPH+X8um+79t2u7/tOu4/w9ugFHxof8wha+1LP89NHT9iaxZIf/BCpWie7/Vi+/N/25kqvrN2Oz/suiO6QgDig6ADfgtJrX0p6TMb1u/Xd+5Eh9M4k16yCyQdH+HYOK9H6JJd+tgBv7U0j3wXVvvA9wAg8J9/6sNAvT/8gr++8Mn1MYQ8aCFIfzBf6bwB3+Zwx/8Ywu7H44e+j8VVX4hDMjf+/8/I6v/fya2OyghHHCn3GuRw3TvJTZn4mZ7P82dEv4trc//f2SLw6cp/mrX4Abo5+3+/5OBJeQ3A4s4TLPXTEsvj5mWLzxmmT+ImuJ+rXF14v8tV6b+v/Bs1//+3Vn/w/t1/5tnS/aAFevl7vw/R1TDAabZscNommOn0UeHLsNFDj2GPLHtLt83Xp7wf+O1SaCw+t+zJ/V//550kAHfwRp0s7f/tyzRkbQo1Z5pXqr7CEi/tSjTyYAZ6FNt+H/blTn/kcGmS1NBBkAU6GZt+2+UoelvmKHuph5g6QqkwalRWMNDFkRb5kh/796V9L99VwJYc/vOBFQXaGdu+a+dsfm/VsYmIN74XyttAxCv/68Jwqnr/htkJP4P7tH437srBWwziAbx4WFADAYq7gDiTyBnQ+kOkDgAwll4PHHRgLAAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJTSURBVDjLpVPPbxJBFP5md4Gl/HAJULHogRqUJiVpw8GYmFjhoDcPHIzRBO+Gk8c2HvwTjCfryaQcjDZR08hFwsWD1DZGQhSLaUk4UDkYUQSWZdd504Ct4dZJvrzZzXzv+957M8yyLBxnSTjmUkabarX6djgcJjlgGAYGg8EYuq6P0e/3KRYymUyKeIxK4OTLdru9GAwGxaH/1+EybTYbisUi6vV6KpvNFoQDrnhf0zQ0m004HI4x6TCR9o1GA16vF5FIhESX+e8CK5fLQt3v96Pdbh+xS6UQkTEGWZaFusfjgcvlQj6fR61WSymkTtapVjqkqqrASF3ETgX4+Q6m9yZM00Sv10M8HkelUllWSKnT6aDVaokGEYEOUTMpMkvHGbaB6dkUdqrraBqLUBQFbrdbuKQESVKiDyLxkoRlSTqY8FmtjkDiErynFjH16RnsmEF3GEA4HCZOUiJVqpVACUagb5W1EXbuwRPQMGy/wumFO/DpWxga+njEIsGIRJZjsRii0ShmZyOYD7UwM38D6G2j9HQNbq0LtfsNU/quOEsJFEpAE6AEo9EJ/PoCTZ+Cx/eHq+/ybvK+/N5EZOkeBoVVnJxOC5csl8u94bVcO3TLMNC7uODbxELqNlTbe5h64+AyMBtkVwL7OxLWX25gs+nPs0mPafvx0t3A3PVHoXNOrlrijnRsvfiMRHoOTD4BOK/iw5OV75ZpXpmYoPTwYiN+ay0sS3uwjB90G468P9l5HvuVj/j6+sFzZdILM/q6ur2a7lom7wVv1j9Y4wiKlhX6C0eqiNj1HMM7AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJtSURBVDjLpZPNS5RRFMZ/7zgzWmqTFpObMiuyKDOFCoJaCUKKUFAUBRKtWrSpoP8gwk1BixbpppURtIigqAjKkgSp0KJP86NGbaYZpxmd9773ve89LTTKj1bdxblw4Pmd53Kf44gI/3PCADJyT0z+ByIaMT4S+IjRiPGQwANfERiFGBd8RezQDWc+IDBEth9dRBcBB+YKIDB169hiB142wTIRxLqzXQdELOAg/CE4oWLEd5d4gjFYPYnJ94H1ENGzt9VgFWIVYl2iqw9i/cISgMADDGIViD8n+lusEFvATfaTLq4ie+eizPx4gqMS7WEAM52etTxvsou1ag7ionPDeD+XU1V3glhNA9nhWt4/6OwIA9hAoT71YLzPEGgQQ6BylFTHEVtA58agpIHK+C4yQ++IOpryFVWUrVoXCwMEbhqTS1C28zhgsXqU/KubSFDAn/kGxTuI1TTjTXQTXe4w+vo9vtJp5U7vDQE4IvjJAaYenScofILAx4qPl/+KhLcS29iCGr+OE5kiUlZOSWHou5+baNp15vbH0O//Lt/djp9NkX16GSs+mfQ42m4htqkNlbhGKOKjc+tJPn6OzhdaG88+fA0QAsAonKIQpY2nELOSsftd2JV7iG9rQU92UhQVvFw1qWf9RFJ9bD7X178gB4qp+1cQoxhLZihrbMNInInBq1TEo6jMWjJPewinX2K1mpcDZ+Ey3epoksOnu/jQfZ7xkV6K19VjkqnximhRc92FF28Wxj20sPHh86TRb+9SU7+P0tJaEv2D08rVB5YSL+ngyP5Kt3HDmvDurTVIxOt1k6mTrZcGvvxrnX8BwNty8Brb9FgAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKvSURBVDjLpZJdSFNhGMcnIX4GhglGKHlRemHhYBoSiEkgZhgaIjqwNaqBGuxiF5FFhDOHzRmZlGBdhI5SopQInZOJtXkTKGYyN+fm5s7mOW7HtjHHhv17zynLqDDowMN7znOe/+/5egUABP9jewY4VlePOp3OG3a7/YnVaq32er37/hlgXlq65fF6wbIsb263G2azmZqdnU3fE/Bhbq7d7fEgGo0iEokgGAwiHA7D7/eDAFjjzEziXwEGo/Gu3eXixaFQiM/OMAzW19d5kNVmw3uTSfFHgMFgUFpIACfmgrmMnJj0zrfAGbOxAcP0tO83gHVgoI3S6xElgkAgAJ/Px4s9pJW1tTU4HA7YCJzzj01O4heAp7W1LTg0hNjUFLY6O7FpMICmaVAUBRdph2wBy8vLPJBsBi9HR5d+AKz19TK2vx8xQt1SqRBsacFnqRT04CDICrGysgKyQqwSITeHsfFxPNNqs3iAMTs7wdbUhBhxhpVKBMj7pkQCf10dmKoquNRqWCwWvJh4CsXji7iqOY8G5elwxfUTN3nAWE7OMbtcjujwMAIyGTYbG+GrrQVTWQlvWRmo4mJou67hzvAlvFnoxRylQ/dEE+q6j+Nk8yG14Hlm5pFFki3S1wdWLIavpgZ0RQW8paWgiopAE4C0/QxGPt7HyOIDbnBQ66+gWy/jAFuCntTUuNd5efOMXP4lpFCALi+Hp6QEbpEINAGwhYU41yrE24V+7H5G53s5wLcN9KSlHTSJRE5GLI6GGhpAE0CAVOAXCvEpPx+nmg9H7+mk6NBJeHHHuORnBTtr1KSkHBjIyHi1WFDAuoXCbVtu7va7rKyYNj39LAlUXlDnoUt3mc/Mndw3P4PdF+l2fHycJjFR9Cg5WfEwKalak5Cwf+cfCVYRC3Blfz9VnP8rovbZoQ8oWiIAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJrSURBVDjLpZPPS1RRHMU/982bGUcZLemHkAougmhhIhgqtUqKgggXtWnt0mUg4V9gKNGmwKJFbYMwoxDaRAsXLrQyUlMricSycmbee/e9++79tvBHZNGmLxwOnMXhcDhfJSL8z/m7hcHBwSHgyraxiOzAGMPw8LDq7+8XrTWjo6NK7U4wMDAgvb29LCwsUKlUGBsb4+HNyyRLd7h0rYrm5mbq6+uJoojl5eV3fySoqalhZmaGtrY2amtr6e7u5tmbT0xOnqSvr40gCFhZWSGfzxMEQbM//7hjuqr26FGlPACKxWO0trby6EM9T997QI6TDY20Hz7MxMQEXV1dzM3N0djYiDEm5yvxjjSduJtVSoFA/tUtCoUCTxY9SioPHjz/Ch0NGUqlElproigijmPSNMUnFY1L8vHqTWySIQwN5XIZkRrEA5VRiKdYW1sjDMO/GBjliUuwSQ5xwvr6OqsLk1yrm6ZJ5n/r51wPwH3OnoGR14cQEXyUVLk0Ivi8RrA0xam6iJZMNbnz1/EzWUwSo7UmSRKy2Sz56j0k4xcJwxBjDD7Gwy8cYH/nVfZ3Og5GEVU5w/iDEcTGAGgdYFONtZrs3gu0A1NTUwDjPkZErMaFLxG7gRe+JRHD6RP7EKdRSnDGIdYi1lBo6WHx9g1mZ2fV5hJjRFyKM1+QdAOUj9gKSAoSI+IhNsClZcSWQaldU05EFBZJvyHpj03YDSTd2OIyYkuIDRCncfFHAL1jIIn7nobr1aaSK+KKnkgWXBFk31YHCeJtsvIsVmuRxMW/DHQ8tHSr9zhCD4riP19PAPUiwcm9bUn97zv/BLX9cx0txHrHAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALoSURBVDjLhZP9S1NRHIf3D+gfURRhL2gFFQYFiSkEIkZFI8kfyjIUNNFCrOnMFxKJMTfCKNEl5AxUVCx1bm6NdMMkx97ci5vTjTn3otvdy9326dxbiinRhQ/n3MN9nnO+557DAcDZH7VanSuXy4VTU1OL4+Pjm8PDw4HBwUGTRCIRf+wXXz34/V5Ho9FkEFhE4ITT6YTf78f29jYikQhCoRAMBj3E3a/otyJ+v1DQnvmX4A88abVakU6nEY1GwUgcDgd8Ph+SySTSSQo0ZYJ8egCvO+qV7W2NmXsCZmYGTiQSYB6apsG8WywWBINBVhqnNhAL65GKreDrRC+aX1b2swICXyTLToXDYRbY2dlhJevr6zAajWDGk0kakZAR8bCBXUWCpKb6Uar26ZNcDoFFa2trYGIymViIqZkRud1uth+PhYhAR0An6W+RFcahVCpRXl4u4mRnZ+N/qbh/BZMfShDZ9rLiQCAAm82GsrKyJVag0+lgNpuhUqnQ19fHQkzrcrlgNi5DN/EAWytS2Ba6Ybfbsbq6Co/HAy6X62MFDLwLMRImzBiTlppr2DRIQIct0I/chVY7i3mdBUbHBopLbm0dEjDZhc3LKmgGihDbHENsowt+6zgWx+qh0jvwRWtEQdFN/aESdkU5OUQ8y4fPNITYWjPm2s8hsTWEH+/zMK8exTvpBApuFPX8cxNLiy/APtOAuLcPlKUMc205iDrqEbRNYKH3NvILC1N5+dcvsQdJIBCIFAoFPEHyK9d/Qm/XYklaigDZuOhqLSLmO7+zco+U8gYOhQDC6lzt3kns7OzM4Lc2T38alcDmNUD3TQjHXBfiHjE7e2SFS0o4y7aUrQKUewQK/mmvoulk1t5l4vF4Gc8a6noeVz2k1d15oHxWxP0ziHnJHnil+/IZ9I4Oru8SyBqOSzkHr2dVVeVlRcf5qKI1JyVvyU7Lms6kZbxTKdmLLFrWeCJGIGrm+TFqpv4oNV13RPkLngD4bMIOcuMAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJoSURBVDjLhZJZTxNhFIbnRq/9E/4Rf4JRE+PChV4YYjQxLglRQkgDWhGXRo2VNJWu0IWh0hY6iEvpjl1AWuoImqFCO6V0uqRrzOt8H0mxBvQkTyYnOfOcd775mPn5+WMcx12dm5v74Ha7806ns+JwOOIsyyptNttxAMy/YDwejz6ZTKJQKKDZbKLdbkOSJKTTaVgslrX/CmZnZwu1Wg3VarUjID3BbDZD5d7GE+cWRhwZ3J8SoLD+wMDEOu4ZvqFP9zXMuFyuXLlcphszmQwEQUAwGESpVILBYEC13j6Um9pUg5mZmck2Gg3wPI9isYh4PE4hNT4+DlXkIUZDw3jgH4TC24+Bj324u3CbCq6//gJmenqaClZXV6kgEolQSGk0GhxWRND7MgHGbrdTQSKRwM7ODnw+H/x+Px1Sq9UwenMHQgSXVVEwVqtVarVaSKVS9PvD4TBisRgVqFSqzkZrINuVIF+qo+dxBMyEXCSyKIr095EDJUmI6OlzNeyhHFgZIiBPNpiFcymLje0yziqDYIxG41GdTtc7pp/CpMWCMa0eJpMJYyYXKpXKoQn4nyWcHvLvXQatVntEaV0Dv7GJCW4Ztk882MAm3i6JFHdUpAKaQk5gl1kTJJwaWty/UYOT31GsNOkwKS6e79roiYko19qdngh6HgX3Bf3mdSrwyC9yf/EukYfzs9gFEZxX+vcFffo0dmXBwvLe5vcr3QlsAbGrpwlG/hDcepNCodyAKNWxVahBEKvySVfAZ0p0+CAuKH2/OoIbmuTitVcr1SsvErj0LIqLoxGcU4ZwZjiAkwrvgZy4w7G/AXhUV4qmXai6AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHtSURBVDjLY/j//z8DJZiBKgY49drM9J3idhLEtu+xjvea4nLNqsVspnWr2S6QmF6+Zol2ltpq5QSlmcpxijMxDABp9pjkuMuu28rIpsMi3rLZFKzIus38mm6OuqRxpf41nC5w7rOJd+i1ngnUXGLTbj7Tsskk3rbL8ppZreEu7Ry1mWpJSvHK8Uoz0TWK5U/nYIg8y8rgPsl+l12P1WqgbTPdJtk/AtoWb1CkBdagnqyyWilawVM/Rw/FBQyx540ZGm/eYIg8P43BdYLdSZiEcYXeTJB/TaoNroH8q5OldVIhXE5SKUqhXSNRfZdKvPKVkOrED+L9d/8wN998w+B4XIL40I48K8FQf/O6+7In/7mbb35hsD2qjBKNDLU3ExjKb7pi1Rx61ke89+6fwBVP/jPXXn/HYHlYGiMdMJTe1JJc/PgHQ/X1xQyplznBYuFnmRiiz062nPfof8DSJ/8ZSq8/ZzA9KIEzIQE1Vvuuf/6fufv2M4bgsz4MxVdPui8Cal4C1Jx/+RGDPqpmTANiz7MAvXI+bO2L/5ZzHvzP2Pjif8DCx/8ZMi/fY9DcL0FUUmbwPKkg3Hr7T+WOV//95j/8z5B6/jaD6l4JkvIC0J9FTtPu/2dIPn+PQXG3BFmZiUFzbweDLH7NVMmNAOGld33BRiNUAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAM9SURBVDjLdZPrS1NhHMcPREH/QC96nxURWS+iktC8bEt3skHoi95EbYk5KStqdtPGLKcuczSELnYhK0bzhpfK5nSZed1MPZtzzpq3pnN5tOY2p+fbsxMEUj3wgx9fvr8Pz+X7UACof9VwPb1juC6l2l6T/N5WJdr9P99fgqPxyCYyrLLXpczPMg/xrbcQzOukH0P6xJLBl/Gb/wsYaUpdT4Zlw/Vi55RVi5XgNLilCSy6qhGYrIO79Tw+P4/92v/soNz6JGbjGoCjKVXgaDhi/tpxA4Hvn4m0BHAswr4ejBiOImAvRsitx6JNB2fdSVge7e/su7+X5gFk+LGjgeZ8jkr4vQPwjbVgrIsYP6hhe3MOrreZ8Nvvwm/NQ9D5CMsTesx1q8C8kKBHt+dF5LLCXNCNkLcPvgEtvL0qTJnOwlmbhs57MVieswB+BzD7FtwXHcBcBiYrER5VoUu7K0yRy2JXg+PAjyEsT9ZgwXoL/v48UgpM1op5DTONgPsBOJsCfmMcZhoOYoG5i87SnSxlqznMri4RwM8RAmEArxEBRg1/VyZm6sUIj2iA0RKE2kWYa9wHj0kET3Mq2P4SfNLsYCnGIGRXeIAdWCTbne8kkHcIO7VYaEtDyCwCa4zB3EchZoxJmG6Ix3StEN+7C9FRtI2lyPv+BpAjgO1CYOoNmqu10JQUoqKiAkUFl2AlRxltFKJIdZHXim/no+aBAibV1gVq8FV8iAt/Iy/nwrK3BRW66ygrK4PH44HL5UJbWxvuqHOhU8vhGGZ4rb29nfcoTx9YoQYq45pHjZexNGVC67uXuHpFAcvgIArz5aBpMWQyGbRaLXJzc/meFouRf/4ED7l08VyYIsnaQJIlI+FwKi8cw60CFQ8IjldCJEyA0WiExWKB2WyGwWCAICEOLcot7ghAqVQG/kSZJGtTzvHopuwzUi4CuHnjApISEyEQCCCRSPiK9Anxh1bTjh1tjQAyMjLm13yM7WRJUsVjpRp16PWrp6iqqkJ5eTlycnKgUCj4PqLp9XqfRqOZp2navgYQFRW1LjY2Njo5OfmLTHoqkC3PXM2Wn+GuZQhK09PTE7KyshZJBaRS6c+IJ+L9BchY24ysm0a5AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAITSURBVDjLpVNLaBNRFD2TjIq/TdGM0OJGXPhBFENq0aUrtQYJCJaC4GdZxI1IF1XBdiEuXSooBNKKisXfTkGtFqsIdmOxdaEUaSIlTtp05v2u902aTgIuKr3wuOfdee/c88685xARVhJu/k25jznOazJtxhhoAyibtcUExTkeGloR181Yf/f2TERgiHpymY2b/qfr1aHJPUsKmC3aPPz9HndW3EVBcpZaxplr9W+XO/ohpV7TQFDzoGvn2WV1nw+YVOnYA3tWG4W3xWURHE+3QDQSqEUCG6cOpXB/ZAYnD3pLtYejM8gdiOe//aBZgWQCNhJukhe/LyKZTODRaBFOAkgsLhr+wOp4zSoX2NG6DkLGBAl7BOuCm3SQ60jB5V13P3fjRCaFLA8bNmfbPRzZ79V+rTLNCojnduPTTyXc/tgFJVSEH09fgBQSD/ISYRAiXBAIqiECxulLgmzNlcxmb2NnejOO3TqMLS0eS5S48bwTSipcPzPAXTWqsoo5OYdK6KMifMbzGMwPwekbnKKLR9swNuXDYUkDL7LcVeFK9hnujJ9r7lytYVsTgYzUoTc/QbOVkF5+KZGNV+Mlau/dR/VgY6kxvv4o0+mb7yyMlNc8YLB76wb8ml3ANm8tCj2vMTntR4btal2NiZ9/mu6CMWQaLhKNXCt82yu0WW//rx2afZHR41H/vEzlSvCkjp2VPue/lFt5YsuGFGsAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAI6SURBVDjLpZJbaJJxGMaHgdcFXURdBLtZrGitiFh0uhjRVRTVWI1as7mQakhjyyEkRAcaHSCrj0xrWGuuoVsr25qzfeYObh6yJJdzavoZs3Sy8PhJ8vR9EoHkotXFA/+b3+//vC9vEYCi/8mvh8H7nTM8kyF0LpoacCazLxzxbM/bb1S3OUo8GQtz/iggGfi1O0NaAzS8kQwCURqBORrTX9LQf5jHQ3KWlA1RnAUFeneGsATSoKIZOGdTsAWSMPuTsFNJeL7SEOoF4GtrUKuuShUUvJpKUd4wnYMtDDj5KQGTN4FRTyInOvH8MDonL6BKuRcFBey8fqYyC0/4Ehhn4JGZOBp1AtT1VkOkrYfMKIKgsxq7b+zErssV0TyBxjaf9UVomBh4jPnVyMCG6ThbGfKRVtwebsK1wdO4+JIPce8xbBGXI0+gMkWoqZ/137jjIBlY/zEGnqoO+2R7wGvfj/N9x3FAWonNojKUCUtTeQKlMUT02+fgCqVzs7OwzhnLyd4HU2xlCLsOYlPz+sI7uK8Pcu4O+EnNRAhWfwKOzym8Y2LyxCAf9GGHZDvKm9Zha2NptudcRUnBQ7rZ5+G0aVzEpS4nJelwZMXt9myL3Bpskyq9FmUzQuZu2B63QCXcEH50ak3Jb4KF0i+p5D5r3aYeJeoRNCgwfq8BCv7q8F8L2Dw9u5HbcWateuj6IXi0V0HUrsCiBGweNBRzZbxVasXJYkhrll1ZtIDNnaPLl9w6snRlwSX+a34AgPPwSZzC+6wAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGvSURBVDjLxZPbSgJRGIV9BB+h+yikuomIJigo6UBnKtJOUFSkSBIhMUZmBywUNDtQG6KMCrITXVnzCANSYUNNOoMzzEjuR/jbXWjQjN0UdLFuNnt9e/9r8RsAwPAbGf4c0BsSi8b2JOS5UN9cpwo7d6Kw82fqW19IRK0rqaIfAb1B0eS7zeC1mwzu9AtU7pwYKfe5iukzBZsXeJMuoCcoGH3EGI5loXPjy5yTeZGnCBhmj2Vc53oxagBdfsG+y2BwRhS20LzD2yK7eq0C5eTsGsD0gczs3GeBfJcuBKid5WjvpQrta0lGA5hAEhO+y0KThy8IqHZw9GJUJY/oALr8KRSOvUN3QIgWApjdr1FPVPkcAWkAjW6eWr7KwExExj9kgB2HEpSNPlK6NTYv8WjpQoGaGW7wu7li7GnQeSRDtf0Z6dbYHUgxxGhqcPNofD+NK6cS+arKR5+M/SEBV9kSqNT6YKp3cdoMnBEZquzPdOV0gupYT7JtvmS+zhYvz5Jw2RJLnCoeiNPWTRE0AMeRBLYDCaZQGiaJxvfS+Usj2yIMEVm3RLAQ84Ae4N+28QM8btMbbDzl6wAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAITSURBVDjLpZNNSJRBGMd/s7q50ZoWISZSRAgF5VpELFJ0CK9RneokEl1qO3URpFNCXqIO0aFLEF0iiAj6JBB0WYwOoikRJiXUYqbsumv7zvu+M/N02BV30YPgc5h5GPh/zMz/USLCVirCFqt+tZGfb8UUFxEJEBMiNkRMgBgfsT6EGms0YjwINU0Xn6haAmuIHrm0TkEEFFQWQCD3/PJ6B37+N9tFEOeVDxSIOEAhrDGoSAMSehtcwRhcMI8pfgLnIxKUdxeA04jTiPPYtucCLixtQGB9wCBOg4QVUDVYI64EYpBgAwdmZalsuUbZwzldIfHAeWUR8289gbMaPTOK8b+DDUAMVheI7W8pKzuNWA/E1byBWg3S4oteibZ0EO86DzhcMEdx/BkN+3aBlBie1YzMOZY9j6CU489K/tabOxOD9VVMhAuT5D6m2dl9FaUUTkKQEu+/FZny45w5fYL23R0MT79kbGr0djLV1hyp/u/Gk72E+b/kR+5VwBqxmtdfc3QdSmAjlsTeHqwKSR7tBri+FmWjUXURdhy/gphmiplX1MUSxFr7WCgsEVVxzh2+AcDNs4842NIJEKvKgSb37j5iNBJ6BN4XmM1Q+vyUQiFgOpthIpumv+cxQx/6iNU1AGi1mWlMptoG2w80DXR3nqKj9Rgz8+NkJtP8+rF8V212nJOptiHgGtAIFIGHYw+y/f8B3ntD1Kp2NbQAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHFSURBVDjLpZI/aFNRFMa/m/eI0eBUBNuYhgrqICg4l0Jra0AFp2C7BMFBdBKngiCdxM2tHSIUwbUIkRpIh1jUVYoUB8HiUEuLUPL+3L/vnnvdooIpqT3jOYff9/Gdw7z3OEqF/QaL69wLY5Eqg0goPL9dZv/ay/UDCG0xMQJcLYXopuLwDmKpIWUIpQhR9B+Abqqw/EkgSgTiWPYFsKOGmDto2Gq1fLPZPFCh56DT6XjnHIgIWZZBKQUhBKSU4JwjTVNwznu9RqPB/srAGINqtcoGsV2v1/2hM/g4V5m3vHvfclGmwG8DWLzWts/Yw/W7nhyBnINzhKXpVwwA7ryteW01lDa48mUPt5KCOT9Vyx8buwj5uY3N92t4ke0iZ8liunQTM2duICPbU1SZwkRpEuOj47iw8RXnpmr5wrd3YC/ncGLrNc5WhjC5EyO0RCBn4TzBEvUAUmnEJkJqElyODQqnx4Drj34/0MIwTglCaMnizdYKyDmQ+wOgFVY3W9Da4FIxgNhYRbH5AFruQgBI4gD7x4PBQvwwW1rInyw+Lg/ZMMxtI/lp8X0voEz5J4NfYXZ0nu/v3AuIVSjwPzywVG3bp78AeAkDORpY/RgAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKsSURBVDjLfZPLa1RnGIef75zv3OLEDObWqcaYYJUWgqa40MmilioE2kI3XVXRFsmqUAqi/4G7brpxpaLgpUIEcaEW23RbKRYqASfKJOIlMbfJZDyTc/kuXaS1BmNfeBcv/Hjeuzh/494PxoivmpkJU8WbZteGnoTQ49yxLz78HkAaKw59NtTTGYahEMLl/ywxoFXOtV8fHQVWAc3UBEEQigu/1UhYoCEq9HXPEnl1lDUsLkeMP2qjxb6PpJ3jX/ahjRD/QmWmwHFcHAGZM0NfxyyB/5h62kBphQwC+ntKTFY3UPQ7MGZtVRLAAI4jSO0cvldjaaVOqhMypVA2JggC4jSiPXKw2DWD+Q8gBFYZUp2TqJSVPCUzCm0AkWONRjoCa+2bFVi7CgjppBFPY12P1MRkSuO5EXGjQKtfYjC/RH53li1Jvw+DADivAI6g4G7m2Uw3yUKBFruJVrEJtdjOzJMSZa9K+YMapfIRBrvuh/dO7RgGkPZ1gNfFu9EgT/8co1h4jtAaL+nk455eDvRVadt5kPjxTTZs7BVqa3305nf9x161UFkYQRuDNoYd6Rz7enoxQHX6BZG9QXHgW3RznLBjC4l+Sumj3S0qrp2W1loEMLx6WAC4A0s04wXC6b/oKI9QmLpDXpvCcecRToy/cR6SJi+nU1eKde5VR0V0VMT4Hu88vIgXWYyawTFL4LRi84wHVyrJeGV5RIaeqGPytl3de0GIf1CWpHqLZOoXuvYMYbOfEbrBg9spMk3Ic20nqsuHDl+eHJW+FD+NjlX3ZdoOvL7i/eJ64b2hT9xs/jRStjE+ltm7zU8TubWc++QXj57cP7qay9p1/cm14d/TF6dsXPnc/vFjuXHm6+2H19PJt33e88n5O8v1sW3NxXhlYmLuxDdnH15dT/c3MC9g0QGCji8AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIsSURBVDjLnZPNi1JhFMbvKtoHBa1atgmCtv0VrVq0aCkGCn6mYH47ip8IflAKhibpRke00BnnKiKoiKA7qSkF08FvvToak/f0ngu2qBYzXngu3Jf3+b3nPee5VCAQcPj9/ucAQB0iyufzPXS73Wd2u/3RQQB8Wa1Wiclkqms0mrsHAQwGwy21Wn2qUCjOxGLxHVyrVCpHpVKJpWmazeVy20wmQyeTyaf/BaAKhcIrkUh04XA4vhSLxTIxX5IHULMCDd+PkxCLxbaRSETxD6DVamUbjcavWq22LZfLMBqNgGEYuJgs4TxbhG9PHnManuQgGAyypOnv/wCazaat2+1yJ735pOCMy+USBuMFvPzIwosPAMW3xzDwemA+HHL78vk82Gy2Iw5APtZoms/nHGCv2WwGP4Zz6AwWsFgsYLVacUI47jUajTvS9GcUaQ6LgL/Ne3U6HSBVgtPpZFHT6ZSrst1ug1Kp/EolEokdUveGPWAymUA2m4V0Og1kD5AxX1osFo1er2fxGpvNBiQSCVDxeJzp9/tcWWjEcsfjMVSrVUilUth5IEYgo/6Md1apVDSu46FCoRCoaDR6gp1HIwLQ7PV6ezKZbMnj8YBoKZVKUzqd7h4C5HL5bZKVU4FAMOHz+U4qHA6/RiJOAgFIJvFmrp3EUCj0gMyVqdfr0Ov1YL1eg8vl2t0oyh6P5x2JKZAwAQkVNuznjQDkb7xPgnFuNpuvyHyvtFpt+bqA3zDZAQQexaeGAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGGSURBVDjLpZM7a1VREIW/fXKTIhAfVSQIIY2PWkEELe0FiZVgWkvBVhCsrLUQ/AdpxCKIhelstRCiAcFExEbRhAu5j71nLYtzvSeHXF9kYLOb2d+etWYm2eYw0QFYefTmNrAIXALOgY1JyFRVokogCQU70x1/OH3yyHlk7lw7k7DNzYevn/g/48Hqhm3XFQCXAW6sXscIy4SEJCKCCBEKIgJJvLi1zvtPO4OxBOQTAMM8ZH7h2B81b25sA9Dr55kxwPYsQM6Zz9tfsY0MViC51m/j0Q3giNQA5A7A05W1f3ZfIfYDEsDyvZf0JWRYu3+Fj192Jz5eWjiKFQBUNaCmfetlLpyd53uvjJPnZmda51e4tAC1rm4/yDZ7g9L6MYfJ0R44qTSANKpgMMj0chD9/FcPXIb7PKChT5rs6al0EODSAFRkIAE8f7XVSuzuDSdXMOpnByCkLWDp7eOrB9z+rQT7RzOJoWfLd9dP2b6IdFwqYGEFVgEHlqg31wZ1oXoHkA67zj8BVEcprN9nEQAAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKDSURBVDjLhZNfSN1lGMc/7+939ORU1C0iszwSG2duOFqNBQ2meJUoY4MixiiKiCCGMMauZYJ00252uYIuRlsgKJRsDLE/VBIhu3B/knVmInpy/jnrpB71fX+/99uFO3KkrAfei/fh+Xx4eJ/nNZIoRtx9Vq6xCTs0hCTwHnmPJOQ9ya4u+PYHKkdumSKToCQURVvFRXBLUhRZV4oQbBO4aBOIYxTHBOlVyt6Y3brL+/8RWIesJdi3D8UxiWN5glfrYM8yQToN6+vI2v8U9JrZLGFTE+HLKcwLqwS72wmOGRKpFP7X35B1vTsKktev9ZD9o5epacJX1gga3iKofQ2lsmjiAXow2Vt773ZPKWMk4X5KVUhhWl6hF/j+5z5U2+IHZUcvQFCOnf4SNzD+tVrDi1KA9yJ2hYX6N+enjSTs9/Uz2tXcIPFkCiKoOw67Usg9Ri6PWxonLswjDN457PIUNrf4jpFEYcCc8I4vwgMfVSUaTiM7h7eP8S4HcQEUgUlgEtX4yJEfu0Zu7O5XJDljiouUv2r2+pih8v2n0uHzJ5F9hKJV5AsoXgMTEuWyzN3sj+0yPYcuq2/bI9a8rQxJjqz/Pjjo/7oPEtIG8hsgiyHk0Tf9ObdBRxH+xxTqTmvFVFQOu3wGGUAegwFtLhEhKy2faHjHMQKIpzrL6l7CmASKImwuiynbTVBeQ/kzzzbeuWhaSuu3/YWlwacrvGgPaw+Q/+USS6OjGQw/Vqb3vlu9v41k/UFyD+c6gTv/2kEcR62m6sWKhaHzLHw3eiVyHG7+WO/9OZHpmBz4bNauWdZX6dzesrR1Zj7l/Uwfk3fP8XppXhI/d1MzcobPb5ziXmn+b0pcjPW7AMpFAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAENSURBVDjLpZM/SwNREMTnxBRpFYmctaKCfwrBSCrRLuL3iEW6+EEUG8XvIVjYWNgJdhFjIXamv3s7u/ssrtO7hFy2fcOPmd03SYwR88xi1cPgpRdjjDB1mBquju+TMt1CFcDd0V7q4GilAwpnd2A0qCvcHRSdHUBqAYgOyaUGIBQAc4fkNSJIIGgGj4ZQx4EEAY3waPUiSC5FhLoOQkbQCJvioPQfnN2ctpuNJugKNUWYsMR/gO71yYPk8tRaboGmoCvS1RQ7/c1sq7f+OBUQcjkPGb9+xmOoF6ckCQb9pmj3rz6pKtPB5e5rmq7tmxk+hqO34e1or0yXTGrj9sXGs1Ib73efh1WaZN46/wI8JLfHaN24FwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHaSURBVDjLlZO7a1NRHMfzfzhIKQ5OHR1ddRRBLA6lg4iTd5PSas37YR56Y2JiHgg21uoFxSatCVFjbl5iNBBiMmUJgWwZhCB4pR9/V4QKfSQdDufF5/v7nu85xwJYprV0Oq0kk8luIpEw4vG48f/eVDiVSikCTobDIePxmGg0yokEBO4OBgNGoxH5fJ5wOHwygVgsZpjVW60WqqqWzbVgMIjf78fn8xlTBcTy736/T7VaJRQKfQoEArqmafR6Pdxu9/ECkUjkglje63Q6NBoNisUihUKBcrlMpVLB6XR2D4df3VQnmRstsWzU63WazSZmX6vV0HWdUqmEw+GY2Gw25SC8dV1l1wrZNX5s3qLdbpPL5fB6vXumZalq2O32rtVqVQ6GuGnCd+HbFnx9AZrC+MkSHo/np8vlmj/M7f4ks6yysyawgB8fwPv70HgKG8v8cp/7fFRO/+AllewqNJ/DhyBsi9A7J1QTkF4E69mXRws8u6ayvSJwRqoG4K2Md+ygxyF5FdbPaMfdlIXUZfiyAUWx/OY25O4JHBP4CtyZ16a9EwuRi1CXs+5K1ew6lB9DXERX517P8tEsPDzfNIP6C5YeQewSrJyeCd4P0bnwXYISy3MCn5oZNtsf3pH46e7XBJcAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKRSURBVDjLjZNLSFRhGIYn1IULF+2CiJA2tWob1CIKa+WqoghaRBERrYKS2kSLCoKIQmbQKAwLSs3FRDbeM03TmmnGG3kZc3ScizPjzJnRuTlznr7/eGFMgg485xzO977v//2XYwJMhZx7aDssVAsOISREhQnBomp/6wuNZYJZyLbaPYzOafwOZ1hIrOKNLNPumEPV1jVlWwLWzbY33RPk8jpeDZqH4rwfjvMtkiElorygakqjtBshGwFmVYhlMa6EqOt7YtT1L+GK5dHlmzzQ8mv19RCzESAvh4S8J5KlfiDMZHhN1GJPYekMM72M0UFAbgl5ZhS6rgLyymuM3ibzaxnWeN4ToqY7xIgXpgIwMJmQ6aSJpCEoAZq0Es1BXGhbWxOzCnC6PDFe9S1KQBDL5yBWh0ZD77QS+BVNfW4SYlqQbiaXwLWQw+XRVN2pAsJj3hUZOUiNmGslZNCdUEWfsHsd30QgjVUWtfFHzGDEm1Sa8GaApSuIuSNAdYefoZntASPzSRrtGq8Ho0KE4YIAp3M2irnLb5jfSfpkWEe1vTGFhl43fS+f0nXhAB3HS2g9s5evlnubUzAWsX8mhSsIc0lwx4UYTCymGfWl6a+rxnnzCKmPj9HHbay8vcH36wd5cvFU7+Y2ZmVrgrJHv6Jg98MXD7RP5/gwluHT2X0kxcyzSqjaCQ/KCT06SsuJ0oUtBykk2+UKQa+Y26Z0rOOrNLlSRtu6vZnCK3p3Fx3HivVtR9kb1/kpHbRP5bCOZGhyJrGd3sPyi0sgpvQtE0uC52oRrRVF3n/+TI5ZjXF/xliDgdr7DF7Zj6+qnMXbJbgv76Czsjhnqyi6Y/qP31nhqL12vr/lZKlPtS0jzyuz0v8BvOcGre/IsB0AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJfSURBVDjLpZNNbxJRFIb7A/wF/A5YunTDrpouujNxY8LGxEVTVyU11UVjCmEsUUyb1gYqEWuqtqmRWukUimksH6UMHwIW6FCYwWFgYBjKcc6FGam68ybvZuY87/m4544BwNiobiyCQZVJlVnV5FDm4TfDn/Gj4DVVxgdvBIvv4IwKHafp2MkpF40nuP2jJP1qL0dNeXkLxmDsFYMhfN0TKFujp1mGrQkgSl1QLvtEjZYMpQoPwaM4s7STtWKsZqIZGBGOJ7+L7Y4CeCS5B7zYBU5Vs9Mj30RJhv1wRHRtpdDESAywLywbM2twVZCh8lOGt+EKsHUZyvUOlPiObrKzG2TurbHYjgENTD76B4Vlj8II3noYgI3DCoHPam0iPMncOTi8IQpZNDAHv6Vo7BlLRVDLenN2j+h1iCVwodoGoaXARV2C5fV3NLJoMBmJnXA4rFqjS2DMWOTaKvyZaOJRCPwxDnIViRjJyiWsudc5ZInBcTRODLB8DcZAAs8dwPiMn/zLstKwii4sr7zUDcxfviboutiBhqTovWLgxBx9Bc6ct8jNpIt1cLjcegsmtz9DFUo16PeBgPkLiZQ7PvOJwAimyy1IlVrQ7fVh9zABVucHfYiG+56qxR8IM5wwmDJmQyGsgclSkyTIqNntz1aZO8704Bq1RXJsRK2bHwMiyw8C601FrwaXCTOnizzYXB5x2rH1e5FGV3neHbauejeZUCQDBVYgM8GeE3kOtgNRmHcsMVP293+v8uhjuvsib5l9vk09WVyhHU+d3IKd4h7bXPS0zUfdppL/fkz/85x/AR14FVfMwp4lAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIASURBVDjLpVPPaxNREJ6Vt01caH4oWk1T0ZKlGIo9RG+BUsEK4kEP/Q8qPXnpqRdPBf8A8Wahhx7FQ0GF9FJ6UksqwfTSBDGyB5HkkphC9tfb7jfbtyQQTx142byZ75v5ZnZWC4KALmICPy+2DkvKIX2f/POz83LxCL7nrz+WPNcll49DrhM9v7xdO9JW330DuXrrqkFSgig5iR2Cfv3t3gNxOnv5BwU+eZ5HuON5/PMPJZKJ+yKQfpW0S7TxdC6WJaWkyvff1LDaFRAeLZj05MHsiPTS6hua0PUqtwC5sHq9zv9RYWl+nu5cETcnJ1M0M5WlWq3GsX6/T+VymRzHDluZiGYAAsw0TQahV8uyyGq1qFgskm0bHIO/1+sx1rFtchJhArwEyIQ1Gg2WD2A6nWawHQJVDIWgIJfLhQowTIeE9D0mKAU8qPC0220afsWFQoH93W6X7yCDJ+DEBeBmsxnPIJVKxWQVUwry+XyUwBlKMKwA8jqdDhOVCqVAzQDVvXAXhOdGBFgymYwrGoZBmUyGjxCCdF0fSahaFdgoTHRxfTveMCXvWfkuE3Y+f40qhgT/nMitupzApdvT18bu+YeDQwY9Xl4aG9/d/URiMBhQq/dvZMeVghtT17lSZW9/rAKsvPa/r9Fc2dw+Pe0/xI6kM9mT5vtXy+Nw2kU/5zOGRpvuMIu0YAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKySURBVDjLpVNfSFNRGP+de++2a66Fm3PNdKArUnCaiSijPzCR6qGg3i2itygQetDHXiIf6qWaYBA9+BL0EGhPlZUwQoQo1mpsAxss1Klzc3O72527t+9cUXor6MDvfBfu9/u+3/l95zBd1/E/S+Lb1NTUvXK5HKhWq3W1Wo1VKhWToihmHjVNYxaLRbXb7a/HxsZGef7IyEgfhZ/T09ObLBgMHhJFMdfb2wuuhggGol/e4urFY1CXnuHR+w7YXJ2IxxPXstnsYyLbCFz6gOj1eiNdXV12l8uFVCqF1dVVbGxsoNnTgY+f1xErnERP32kwxrCysnJZEASLLMuQJInl8/kzEnU9arPZEIlE0NTUBJ/PBzoK6ChwOp2IRqMIhUJwOBwIBAJIp9PI5XJGTiwWOy7xxLW1NTQ2NqJa78GDOQXFHQaN9FmYCWdb2mEvFEh+HFwlJyYSCbjdbuOoAt+KxSJaW1sx+01FRRcgmwhmATXBhPlf9QYxk8kYZFVVQQbvq5R4AXLbwHbNTEQRkkAOkUWMNlU3gyZkgJN5Hv/m0VDAq+xV5UvXtV0yFREIosBQKpWMnD8V7BXYV0COwqzXYUeTIfAJ6bsqzFCwtbUFq4chXJpDqW4bB/ryWM8uGQXE7u7uu1ar1XDW46xHWjGjysTdW6YpOKJ+R2L5A9r9NpzqH8BQ/3lU5QxSahjZ3DYk3p134ONxZLMYaGszzOFyC+R+OByG5NvEiQ4/mVpDj3sY7368xKDPj2R8FhJ1Hk0mk/dJjqWhoYEtLi4yXoDL45EM0w97a8zErLjQecNQdmfoKU1skkya4Ub//TH5b7coVy6dk3fodowPP8fEm+uQRQtevJopC//y4jRde7gQ/kSGSkZnM5MQ+jrPfwXZvz7nwVvNExRuEg4SCoTJhSfL478BoeOJpjqa+ZsAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGaSURBVBgZpcG9alRRGIXh99vnKIGgrbaCl5BOC2/BJgi2NmIlFoK9oI1CIJ39kInxhxReh1VKCZmfQkiVTOLs863l7GAau5DnCdtcRzx+ufPi4aON98cLr9uAhCVSiWVk4Uxk40xS4vbNenpwMH395cPmdr/xYGPrxtp6ubPGVayfLnIL2O4X1WVxfMJVnVUXVnqnefv0Plf17N0hTW+LZjkkBiyTAmEkkxI5mBxMWizT3Lt7i1TS9Ng0UYKwcQkcJhSUEkQUIpLoTKdCP5hGQ9L0qaQpgCMgoDMoQDKdoURHH5BhsohGKZpimdFoxGQyYXdnh9nREXvjMbPphO97u8ynE/a/7jKbT/ix/5nf8zmj0QgpufDq0083g+RB8iC5Zrpmepnp80z/qdVny+rFsvrkvLp58uabV+iHWrkQQQC2iQjMik1hpRQ6IG1KmGaoA03vFE0HmJUIsGkigksCuggs0Vii6SVxKYBgJYL/dfzTdTSyafrpr8Px8491U5koRWYiiawVScjGSpxGFpaQaMashG2uo3BNfwFx+DLsFQ4W2wAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKDSURBVDjLjdFNTNJxHAZw69CWHjp16O2AZB3S1ovOObaI8NBYuuZAhqjIQkzJoSIZBmSCpVuK/sE/WimU6N9SDM0R66IHbabie1hrg0MK3Zo5a8vwidgym8w8PKffvp89e35RAKJ2ipp7WDxvjltZ6jwCr5W2bpHHtqUnx+77877jsZxzlO3roAWXuw5ha1pl9MZdAW2ig8RyXyL8rnx8G6uH387AMnUMC2b6l10BJPdAfWDGhZVREuszT7D6hsTStBNDurO+XQEZnEypx1a28XW2F8HFPqwtOBAYJlCde9EeEZCy4sTN4ksrRA4LZB57vZCfMElUyH4E7Ap86r+LwIAGIy03cDr/lDNJGR/zDyBiHGc3i1ODjUIWtqbdIIexVY86kwZ3HijR/86GmqFqJGhPWs8oTkRvAgb+uZGHhVfRV3UNni41OhU8EDlstBSkwjKjhnmqAg3uUtS6y9Dzvg0ljmKkFCaRm4CJT+/5OERtG4yqZMEwdQt1biV0EyW4PVEE1dsiiMk8eMn0/w9Wp+PCNK1CQ6iBYeommkIpH5Qhy5AF/6Mrf4G955tUJlXxtsHieeWQ2LJxvVuAAkoASUcmLugZPqW0qsprEQjDx3sY3ZIMhXt1+DNw77kdmnYKSsKKx+PfoTQtYX9KtzWG2Rod6aujaJwWHk8+uDawGITeA+SPA7nDQOYgwKcAYhQQajyIY9eQEYE5feLPyV4jFC8CELkAkWMDQmoDPGsQaWYgzRjEU8vL8GARAV8T099bUwqBdgzS14D4VaiBA8gZALJ/t6j1Qqu4Hx4sIvChoyDFWZ1RmcyzORJLJsDSzoUyD5Z6FsxKN+iXn/mM5ZLwYJGAX0F/sgCQt3xBAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAH0SURBVDjLxZPPS1RxFMU/7800vglR0hkNRDKHUAwpgyxSiSgwsiFqEbRIWkW47l+IYNa1aOGqoFYJYRiBkeAwYQjmj5GBHJOyVAYZR6b3Zt73e78tZMDKnQsPXDjcczlwL+daxhj2A5t94uANghUST6SiwHMR6RQtIa00O6UcpZSvfbWgfP3o89Nb7/Y0AFK97ZHY6ZYj2FhoEZSABZSVJru61fti7MtbIPCfQTyRqg7axJzNBV5OLHIxfo/ZqQl8bVhd+Ur31btkUyNszGVsuP33CvFE6qiIjHa11vNtNklNQwsFV1H0FGvfsygxbBUVoqGpoYbmSw9NVaQto5W+sTzyIGNdezz5uq8tevNCe5SldY980aeshLIylHyh5O/w2sMBYo1hlIZPM0u8n5ibWnkzdC4oWgbOnoiQ+elScBUlJZR9oayEkm92zHyh8Ntnec1FDPSebOFjarG7+fqTuqBWOmQMFH/MMPbqGaEqhzN9A5w6348Sg9KCFlian2JydJhgKMyv8H1ChwJ4HtVW15U7Rm2vo7Y3iEbqsG2b9Vweq7YV4+aoRN0qbRKN1CMi5PJFtNOE29h/zKoMdHR0ZHt6eo47jsP4+Ph8Op3u3H3tiu55HtPT0x/S6fTlf3MwmEwmE4ALDO8Rut36UKVpHfg3/gGTgwnlYQ1oPAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ1SURBVDjLpVLdS9NhFH724WbTWcpKiTUxWyJKRTdGURaSUt5URDcW3XYZ9AER1UXhTQT9CREE3URi1EUkaGhq5ZSgDzc1tWmaGzrd5m/v+55zurBy6u468MD54Dzn0yYi+B9xZhvxwWOPheWCiECYARYIrejCvKoTT/qbQuUbCISlZXNFC4QFIIYQrcIQ0rEPsBKR5N/kNQSxgaN3Xd6gHQzo+HOINmCtIUojz3cG1sJXWIkI+ZtC3uyi9tXqfD1/y15Q+hvEEESvIM93CioZxfJCBExctX4HdgCYe3/kbJ4n4ILNBUp9hhgCk4GjcD9Yp2AthEGZxebAyaHRnATC/MjlDUJMCmLMn5kN7O4AlueHoZLRa4HmoVe5rmCb7T1U53D5+rz+E1CxdrDSEK3BlgVX6WnEI09EiNXDxQJ3yihc8aQzDmIIcSJ4fqTUKSTtLu9uCGk4i5ogZCCGAAHEMIrLz9nEaHfm00v4fdW4MxVy3y7gtEPTQQBwCrM7Od2VyboxhBkP5ovcwgqKDZQhbC8JorqsDktWCpejffmWUbNvAdhyfeLEiz2d9xOe+uM1F0HCICYwBDOJKIoLtqF37A0GJrvYMqrEmWsxQlxvGQUSxkQ8As0GhjU0aSxmlrBvx2Ekddre/707voFgvK12MN+7C1YsDEMGpUUBGCaQMH4mJlFSWIbQjx70jHbPKYPGNSOMt9UWQuxLQoyrsTSWlRLFCpZRqPTV2A7sbMTHyXfoCL+eUQYN063yxbmu9X4m80uIK59dGktmx2rv2VM2+yZPZ7hjSjEapltleCVJ5B9GnlbVZdvZqLiFVOCmQ7beQEW2/zeRQcHUmJPKOgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKUSURBVDjLhVNdSJNRGH6++enSTc3Rl9Y0KzRcoSHShURERRldlLGLMsqrCO2iLuwuL7qKLr0MoQvDHJigJkEbG5mGdzKU1PnvN7I2Fgu33Or7W+858YkrpRee8x7ec97n/TtHyGQyCAQCVtJXCS2GYdSQribQ1vhEeon0C0KgublZx18i+P3+43TJI0lSXVlZGWw2GwoKCsCINzY2kEwmEQ6HEYvFPpLtptvtXs9i8Pl872VZZuEyu4mqqplgMJh57O1Ya/e25jByExZaTpSWluJ/4nQ6kdZSTlXRAtvtIkXmTNPT07Db7RwlJSVYSS7infwGa8llaJoOTdXhLCwX7Zr97C3PdW9fy2BTFoHD4WB1IhKJIJH3HZPKBA4UOXHh4GXoGR0GQTd0vk+l0peuPW9aGm7zVolmLSyyKIoUTUMgPoN9uRIk635MRYNY+bYMVVFRXlTBz0PhBf/Ifd9FloHFzIAdULM4FhMh7jiyMIREfBOte9vwtLEL65+/anNyaFz5qTSdf3Y6P6sEXdc5CcO9Qw85UTQaRfJHktvYnTzFqpPzOV/HmEG+6awMzOgmyRahquHtlyF+p0FoTJCz/s8UGExHk1DRflHjDAxHBpBSNrldURQ0djaMUT/O0DgZuSyySPF4HPQS+QTS6fQfZksuBuQ+5BXlQFDzceflDWqkJh2tOCydqq/H7Pw8xsYnvILH47lC7P0ul8tWWVkJq9UKQRBw99VtFBcW4+Sx2q3xmeNcWl2F3z86qWv6I4Gl29vbe4RIOglui8VSzP4CK2dQfo09ksgf0kxoDhpPm/VG/0DOT1Z7wqOcYLt0d3cXknMVwaCmhjzRHi+l7pjqmq3b8Y1v/xg7ofZBTY6rvbp/t/PfI0AjgZ0qo+wAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIbSURBVDjLjVPPaxNREJ79Qena1EO6u/GQ9CiFouCp5FQQET0KQvBQbA/tqf+BCEXoyauCl7KFHkoOvYimUpToRTyISVtsliImpCwkLUGqxvzY3bfOvO2+bOgljx32vdn5Zr4336wUBAGUy+V7f96/3PVaDnjNKty17DkYbZ1KpVLppu/7n5nbnVDAh7NXK3Bn4/tIaFVV59R8Pm9ns9nV8aOClZhCbwDguu5QIGMMiGn8rGlamCSXy80ggxfMXAAFPPj9qXipkizLHBQtSZJEQsFg7KBgTZroZGEArWc7TSAchXIA4w+sPdQH1xAMDGQgeXD+4aNIQODZjHaRILT9Wpt/Q8wwA3X/rXVVD3glkQD3h7V/vGrA8Bvz0Rf2AK/F7zRQoY8qIAPn+TLczx/xRPF709nzPOFHayeTyfkBg29vrEkj5BkFPdlu4NtHugH4wYUSqNBaziQGE5hXifXgMVfh115RdHr90TUOIkPNBZtutwvVahUURZFlYuA4zmqzsAl/v24BFhQSRXJFDYvAlUoFUqkU+VmMwSLIyKC1W4ypwISRr9PpgG3bkMlkQNf1YRXkL6+thIlN8y9PIDGgygROp9NgGMZgqOIqEIPa0yV4sPeDgwlIne/1etBoNHhV0zTjExn+Cxh041bl3c8rSY0PCzWIgGQRCxpnSlKv1/m+3++HSaKGLV2fmp9OjN122u7JxnHrYNTf+T+76nzVPsi2lQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAEoSURBVDjLnZIxS8NAGIabf5JfURf/g2NxyCCEbAGXcuCWIQSC3C4hZHPXttopKI5S6KaC2E2umDRSg6SXwGcubeAuCeVs4F0e3nu43Pf1AKDXTPmpZfpc1K5e1e04rLBDRVEAS5ZlsE+yVxBFEdSinUT5lyBNU0iS5HBBnudAKT1cwEdawE9B1/XYMIxY6hHDMMS+7xOMMXEch9i2TYIgGLiuO7AsiyCEqpimSUoxFgTsap7nEf6Ku19RupimaYRj7aWRZbWguTRHZU4kWC3eCsKXGBbxpn7xMzbC9fMNFJ+vArtdjuAjW/CT2Qqe3tfw8JYI5d/5HfzMRgK7X01h/DVpCy4fv+FiuhLK9Poc6NWpwIZLBEOC2oLG0lRlCdbvmgLLsSRT/wAPFzLO5ovpLAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAL0SURBVDjLhZNbSNNhGMb/EqGGUEEUUhgWUkmWQpFZ1oUkdZNQhFAeMkktQY288EgeKk+l05zHdI41tZNO5mHTEJ3OmTrPh8imTvM0tTxs6qbb07c/OTSjLp7v4uV9frzw8aMGWI9MSAJI+CQyEiWJtiv7AZoZbqh9fl3LD7+sLA46Lcv3seQz3fcFpLiamQCg9KHIcuNIVRwmmphQdORhtoeNma4CTLXkYlyUgdHqFMjK4tDLCUUjwwslIZdAAI0GQD8nrGsDMC3NJXmNSUk2vtczMSJIhoyXgIGiaHTkPobohTsNYLibdxkA4m65tVRch29VOegrjEQL0xu1cS4gZ4OcDZbvUWR5WyDH/ySKYm8iJz0e6dwqawNA/9QOagTSMTVml9awotFhdU2HOdU6+iZW0CZfxvCsGrIZNcrbZ5BeOSzYKBsA+gj7l0uF/SrdCFlWrmoxMb+GgclVDJGi+OsiMoWjulcVwyWby1sA+vA6FuzLOuZln2VLGP2hocuVnXPIEMoH0yqG7P8sbwNspLBJ0dAuV6JteAlMgVykn/lzzqnus+zgmWdj+l9AcdO0pHNMCSkBpJUPNehn3iw7VTT/NlyzjsOFedj0r4BC8bQDr1Uh7x5dQiDXEQFvzsOPfQZeebaIKL2Fd62pCH7vgispB7SOSXvNtgA4DVO8D83TuiHFCv0T5GTw2jPwUZpOF4tbGWB8CgZbkgg/rjPOxhlrbWKNdtPlAtGksKZnDuPzGqjUWmjWdSAn0+Xk6kAkCPzxrNIHUXwvxFT4IksUC7eCi7B6Qq1TRTU91tyGCdT1/4RicY0ua3XAndwTeNvCALf5JdhNicgXxxPIQ2SKYuDDvQrLSEpxMJSypV3oFWahUSKG5MssxmaWsaDS4EbmEVxLPQSnlP24kLQHHiwHZNRH4R7HGcfCjNTmoZT1Npn+5YLd053wZDvhVLgxQjx2STfbaNCZKCwjCit/K0y7QBTWEoWVVhGUziJ8B4LumkZv1vkXO/PSRSy+XJ4AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGeSURBVDjLxZO/axRRFIW/N7o7CZIIKhosAoIIopWNqEX0L7ARG0EU0V4UVLBJJVjY2FgsgiykCOY/SIw2tgHJqEELUUzQJpudcd/c9+M+ixBYhNkmhae7X3E498AxKSV2o4xdau/wMfv6V6XK89mrRx4N8zud78ve6UXxivjAwv0TpinBvqg8uNf98WQYWqucmh7j0ukJSknNL1ivnDmWm8OT7Ye3Xnx7tsMH4hAfcV6prGs2EBdQYPpgm6n97buXn669BCglYV1CvFJKbO7gj0+4oPRt5PhUi02b3zz/+EMbDLUbo24Z+labDaxVJCi9QSAzcPLoOC24tlj0ZHI8Q3wkWN9sMBCH80rtInsMZCZRB6USrco65hmgoxKUkhCfIEGeG94WW6x87S+QOPR7080cmGiRZESJld1uO28Zllb7rKz15n92zl5Rq0kk4oKS6jgqQUS88q7oUXwpu+vdc9cBkjiC2+5n5At9qywXPT593nq1Pnfhxg5PdcR7xUcl+dBsEKzn42rZ2ZifuT3M1Srv32yQgvLv+Mx/X+Nfknb5JPA+HGwAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALjSURBVDjLfZNfSN11FMA/3/v7ea/36prXWWirTZdlKtiC6CGi4BLVCqJB2/BFNmKMfInVQw8RK4lVD/VoEL2UWL0Za8HQJHNL5ya17lZz4aItXb957/V6r9v13t/3z+nBNBm0A4dzXs7n/FciAsCz747LgRdambyyiDOCtQ5rHc46jHE8ft8W+gd/Yrr/JcUG8dccZy3OCUb/G2hWrTWraoxgjeVWiaw569m0xYSW9qrT9NxxFB1atLarwNsBnLHcLGnu3hRDh5ZU4mseqb9Mo8xw7+Y4N0oVrL1tBbbv7PnrNMR8OpNFdkTTROpTPFU7yl01UaZ+nsMZ2/e/gPEPdh258Humbyod8Gjie/ymPUTqHqMzMsKZc1c4fynouzi4/8itABWe2hYX8drEiecE3vqx59ChrhMHt3UdhEiU8OpXDJz0vtnXkX5HJIJzgtWlTNOehasAqjLWOCeJ9q0iICKIEyLJJyCxHdF5RBfQuTS2tICgcFoTLv9JuJjtaXlFBnyTC3pdEAx6Hb21/tZuJAxwYR6ns2BLoBxVd+4k6m/CGU1h+gvy09ljxBgCUCJCYUC1Osvx6IO727x7XkTC64i5ibgSYldAeQTfTRP88AuVpbJYT+aA/qeHzftq7RLzX6paB5/HH3pjt4rV40wesSVwZTKT8yxfyvJAai+xlk5W0sP8dnLE5mcuHl7fQrJbbqh4zYguzCIKEIdCgVj+Gp3k/tReqi+PoT7rJvHHEM3bt3ii5LC/cSVC9fNVyZ0o5eOMQS9dI9rQjM4WqW5sgede++8H3m7Cc6p5HZAbaog7IeXVdVA48yG5iYlZFKdq2lr3e3UJSue+peZYL5WVgBKwXPSwHtc2XKJ5UtXuiGeOv05mbOITo3m4/T05sDQzu6u6nuVfT4/zdzlO0asiv6iYnVdWoH99iPOfqpfLC7xZztLb+ZGc2Nja1KtqcyWTHC3nil2eUb71ZF7g42eGzdF/AONCmjwFNk4lAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJFSURBVDjLpZPNS1RhFMZ/5733zkzjR/ZBCUpoJdUiBCkll4m0CUKJIGpVSLjyL2gntDFop6shAolWbcSNIW0ircHBUHCloo3VjNY0jjP3831bWA5ai8Bnfc7vPOfhHDHGcBjZAENji7N1cSj7IcdqY2zkKoiC2qSFNsKPYoXpTPbBynj/4j8BlbLL9c4L3OqoZWLmM4/vXdpX9OJtHq0lBXQdBIgxhvtPZmZ7ui+yspZrjwKfWExxtMbh66YLAgj4geZnyd2YzmT7Vsb75/c5UEqwDLgVl55r57hxuYY3c18Y6mtDgO1KSBBETMwV0VpeA2f3ARKOwvUCcgWX9bzH0NhqvC4Okx9zBzNpPdGQ4OHIrJnOZLtWxvs/2AChNnhRiFIKy8j/ZjILiALYLgc4YnO8zsJSIWUv4Pt2CMBU+tteoxtC0YN8wUdEV1eItMHCIdSagru5l0kQaZ4OdqC1wQAWhqQNnudR3PGrANu2aGmE9FJATSxJwinhegHDr1ZRAmGk0ZHGAMYYMJB0dh0ogOVs6VNqcoGtosYv1+9lYikHERvBQsQCozBGCMIQ3w+rDtKjvQMAd4bfL59vFqYzQasjNoM36wi1vzvHgBFNwo4x8nKNreJOFfBHy9nSXGpyoSPSYOGgqZCae8TJ5BkERb68zsDVZygSlD3/b0B6tPf2byempRFO127T095JQ6wJFBTcJk7VhCRjYItUT/mgrgxOvWtrPtLdEG8gYdcT6gDRGjERWsosrS2TKwbMP78rcth3/gX/0SEvLZFG1QAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHxSURBVDjLpZPLa1NREIe/PKhSNK2g9UEIKqEFRSgooi4sCJqCuHEpduEDwZU7/wGhu27cdKWoG7WQrsSgKAV3SnFTAqZCW22xlAbTpL0xyb0z4+Ke5mHrqgMHfouZ3/lm5pyImbGTiLLDiG+KsTfLTRQ1wwARwMBUUQPRUIvCoxupSIcBwJF9XRiGKRhgaqiBtZmowtxKdSuBmGHmChTMDDNH44xUDVVD/G1aEAkRMUPVFW5q7TTxRbcamGiYaKCqmOIK1FEp6fIzDu36SSwYBO53biFQUDFE1NG0tIqSLE1yOr3KicwdMse+8HW0f7iDQANFXI8tklAnN3KcS03TM3AZ70eORG8KS61lcw+O320aBAGIaLP/dpM+8vSeuopU8+zen6QmSxweGuwOvNJ4y0AEkbiburvdwlWWgz780gLRWJFI1KMrUYRalY3leqyNwBBxxW76Cb/AmdgE3QcEDXyiugbRvZjf4NurQi1fqNxrIzA3g/D2ZH2K/uAdA5eGsMZ7IrLOzNsa5lUxhYW5ys2Rl/PZNgKlsFh1g4OLBz9x8kqGRnGceLyHmY8+r5euU9xzHgNePD+bDffvHsy/Z3Fy+HN9ZdS8wjWbfnxh/cmt9Mh2efH//bJf88UPlfLU0epv78/s7OrD20+/T2yX9xfxXpKxy4ipWwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALrSURBVDjLbZJZSFRhGIYNRyK6iC7aLiK8qG4MifZuylxaVOymjZQKDYbEJE1nskITEpeCFAy98KIJl8LUyn0Hzd3EbVKcxlnOuMyZcUads4xzznn7Z4JJzQMv3+E/3/t87/n4fQD4rBdjqIlmNOV1zHSJYXk0n7MPZvK27lSrtSNhdKlLkbG53/vC6qoPsNovDTzVAJelF8LqL4icHhJvgGCfAj9bD2tLPBaqb2ot7YqADQBG/22nY0Y1sEZ3QXQaiHTEPAmRHYHg6CfqJWdqSGs0VgbegVIFWxfblfu8AIe6KIc31pIGE0R+hlQKkmAHJKdHkmAjsDG4lmsB0Qrz93hQn27XewHLw9mUyzZGemfIpFlILgsxLXmMHrlo8k1HAI1EFeBNg9AUnOW8gKUfz50iOwuB6YPADpP4ahJ7HMLKCDEMkB10w7XSDN78HpwpCaLDgKmc45IXYGlPNDoX+8n0CXDGF2RCFmxf78NWJ4etNhaWsghwVCYYzR2s0bngDIOYzjvxL4GlU5lt68sjcS3g9AqYiwPB6lOInoLRyklNxlzWDqxOhkGSNDB9ToS2OKLDC7D3ZMgW6+RTqxOlZIEa0B/Oesws9QiMIQasLgkL+XshMp1Y/lkJdcZRnqpKPLzhHtBtysD5ymh6dbwM9qqHfwFkstvM6p5gOuM0eu4eQuslGVqubrc0hfoqNwDcMjelnNSWP5ifKwkD1x4Oce4yRFMQ9PnnMJp8BlzdW0jqRjAVSRiMPyY0B8sSfDZfzY7y1+GFr2LXPhamoSj3PN6kn0LNtV1giRkFkYBiN5DlDzr3IppCfLX/Adx6qZAbVKVlUKkqUFRcQmL7QRquwvrHlr7f/TvSlgDF43s9La2tMJtpDA0Noz5qDxwlsQAx8ak+WCLSy31B9kBtCWgpz465cf0KExoaIgUFXZCyowJc/XFHxDmFP8zP/PA7bhvaImVCY6hv2paArdR966CSTJx1xybV6Da7z/8A2VoHSyUsj6sAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAI4SURBVDjLhVPNaxNREJ8k2yxuDMGEkGi0QltREC9+HQQPKl5EkBz8D7xI/QDxIh4KpeA5lII3IbeAF6UKHjU5SS2op1JKTFiN5GOD6WY/s/t8M5u3bkvBWWZneJn3m99vdhJrNBqrjLEH3MH3fRBRuOd55NN8qVwuL0PU6vX6N13X2f+s3++zWq1WxwZRlxAZbf37CBiP/IzcxwL4l1+bZcRkvxGAG2DAscxMAIAPRaBXS3NIguu6VNdefHoPDPP97Ku1X1KAynXzwuGuBdudMSiHkmHnoxmJxwRdnEwm0L7/5HkK3BV9bGzwo0uBhKmeTEqGCwvyHimYDwcBgxPq7yKMjTe2Y68cjnsXf1y/s0gMEjEAj1e2h+4e/X5kHv6Xr3C+rS7ounHbNa3HcpJVYGw+JADsfuuMHGok6VNWaMmkDNrnFEx2deAMXpz88DrWvHyzApZ1WkJdwhzHgW63C5qmEeVsNgv5fJ4D8JkguGEBGxtBsWECs20gAPEp8bKqquFC8f2gPJ1Og692QHIdYIb1rHn2yqO0IsHoj70VFwywcDAYUCyVSuQI0uv1KMZuXIVP2SM7YJrrM75XYY4NYNmr8agE0VloF/MRM9mcP95hln1XTjAY/RxuzPW21iQcnJCAmpF2q9UKgfBMAGCzuebm0k7uVAecyVvaxCgDHBh25XtPF3K5HBSLxRBAfKX5wfbLcJXxEH9UFIW8UCjAQYY1B/4XOIOP1Wr1HDLBgmgUecTf7Qf4C2kj+HVimC2aAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFOSURBVDjLtVK7SgNRED0b9iuM2lr4QK1DQIyk0FZsJAj+gH+ilRZb2NjaRHTLmA9QFKz9huzm7t37Hu+u7IJgQjR6YLjDzOXMmcMERIR5EE5qXA4z4sqACYWEC5wfLQXf/WtMIuDSoL0A7DZDjBj/uYI0l8jzEEJYJMkvCEZM4PqZIxlzpGk+kSCY18TGtGYcx9Tv96dOqBUMBgNyzsFaC621312Ac+59yJFlGRhj5VvVoigKvniglEK32w1mkd3r9ejPPAjOhqdknYX18p1/rzo3pYqTh0OSRkJI5UMgPn4s61sX66SkhtEGcISGsQad5gH2FvehfV5BaIF2cwet5RZyKeu68pe5ubKG7dUNP5AQGltMN57Mosgr5EIiVQmYGvtc1PVicqHY+dXpk8Dg7v22XKFo1ARe9v1bDOlXKKKCs4Sn1xdU1v3vIc2CD3bN4xJjfJWvAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGQSURBVBgZpcG9alRhFIbR5/tRA0Fbbe0tp4tFsHFKLSaNjSIGJlapDIq12BgIxJRaCGIK8QaUNN6BmEJBLNIGCcko55z9bs8WpxlECLNWcnfmkW6uv7l/dXnw9HDii+6AhEuYDJcjF26G3HEzTOLC2fZkf//gwdtnK9t1sDTYOrOwmC8ucBqLJxPbArbrpPU8OTzmtH62ngkPX33xf3n0+qv/z90n771HdRdhvAcjfaBpGobDIVOHx7+wzrHOMReNOZcvncdkhIo7YWeZ3jVm1VJJyUjFKcrUzgnqjFBNRhjvwfUf72jbltFoxFTJkFOhJrDkWBZBJkJ1OWFnmd4NZpUESuAJyImiQpCMUCUjLL2Ae+klTdOwurrKVKqZKiGHDCjxhyRC7dqW8PEOvdvMyvRypgDmTk5O6NqOUN1EuLIJa+eec3R0xMbGBlM5JYKAkhIuEVwiVEmET+v01phVUiIU/iqFIHdCPfj2fXe82a7IDJkwMyRhbcutx5+ROy7DzZELl5AIu/SSuzOPzJx+AwKoFtIrwFHLAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAElSURBVCjPfZFNSwJBHMb9UPOd5pR9hUnvIQrFQl26FHXo0CmImEMoQUhl48vBw5qWtY461pKU9PTsrJRsFM9l2N/v/7IzOeT+z/ehI9qqpZvW2Ia+VdciI3Rk20SIsWBeMUTdXMkVgdjNAcwxg8MbTzEuXU0uBTY3CZ5gDMuMEHlFm3PhhZaKMviJAbo4UV5o6phtE7jO5FEkHnKTMY60F+7sAlPiiDDvhUc8UHrHvvVCg8KE+NnjNRQwYJIee6lwo2dcKZlbJCxgg7jP/wmxm46oqz4+WZE0Hnh4jx4+UEWQLlkTF2bKrX9gyIIeAhOI5UWdyVM34scX38exOkTgKnLlqo/loalzRMzZXWhUTElmHutA7KhtvWXLtqQ3VVn8es2/8gUo3nl2LXz6SAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHMSURBVDjLpZNNS1VRGIWf67HQ8MZVEtLserNIsk8JA0f1F8JZ/oRG9RNs3ESaNQscFQ5KCoIiopGhhFDgHZRgZEIRSN3PvddqcI5memZu2Ow1WQ/Pu+Et2OYgp4MDns7tcH9hY0dFNgZiBAyWkCEqzVFw71a58B8AYLD3MMZYYMAyMngXRILPm7X9BtHGzgoC29iZTQaSjGRiO2eEGFNFbKSsuJ31P6Qdtf8THZXSBVFC0Sk0iv7CCtcOPSDxFlEmhBxAEFlJmU2aC7HBaZ4zXBmn4tcoGgXvBygoK21D0nzSbxgsT3B0YJyB8I6euEbIA4TAv6JMiKJbGwyFVxSPlYhbTxm6NM1IWEBq5wBizMrp/I6i3HrB4NhNaCyz+GiOnlKdvvoSw8lKnkGqrAAxmlL7E2f6GhR7a6j5BSzi7/ecunGXiWSexdnJ4h6DTF1GsU2l9phS+QqqrWDVuTo1ilrf6Oqqcu7ydUKzdWePgVhdr7G6/ofk+0sqI+c5UvyBw08oJCzNVwGhRpX+s8PEZvv225kLY4W8bVycnfx6cXruRNKxhsOvdCF2TZ10j7L58QPVZzNPOvM2LDRbXcsPp+qWsbTreudFwvbxvyYHcoBEg0hXAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ3SURBVDjLpZNtSNNRFIcNKunF1rZWBMJqKaSiX9RP1dClsjldA42slW0q5oxZiuHrlqllLayoaJa2jbm1Lc3QUZpKFmmaTMsaRp+kMgjBheSmTL2//kqMBJlFHx44XM7vOfdyuH4A/P6HFQ9zo7cpa/mM6RvCrVDzaVDy6C5JJKv6rwSnIhlFd0R0Up/GwF2KWyl01CTSkM/dQoQRzAurCjRCGnRUUE2FaoSL0HExiYVzsQwcj6RNrSqo4W5Gh6Yc4+1qDDTkIy+GhYK4nTgdz0H2PrrHUJzs71NQn86enPn+CVN9GnzruoYR63mMPbkC59gQzDl7pt7rc9f7FNyUhPY6Bx9gwt4E9zszhWWpdg6ZcS8j3O7zCTuEpnXB+3MNZkUUZu0NmHE8XsL91oSWwiiEc3MeseLrN6woYCWa/Zl8ozyQ3w3Hl2lYy0SwlCUvsVi/Gv2JwITnYPDun2Hy6jYuEzAF1jUBCVYpO6kXo+NuGMeBAgcgfwNkvgBOPgUqXgKvP7rBFvRhE1crp8Vq1noFYSlacVyqGk0D86gbART9BDk9BFnPCNJbCY5aCFL1Cyhtp0RWAp74MsKSrkq9guHyvfMTtmLc1togpZoyqYmyNoITzVTYRJCiXYBIQ3CwFqi83o3JDhX6C0M8XsGIMoQ4OyuRlq1DdZcLkmbgGDX1iIEKNxAcbgTEOqC4ZRaJ6Ub86K7CYFEo8Qo+GBQlQyXBczLZpbloaQ9k1NUz/kD2myBBKxRZpa5hVcQslalatoUxizxAVVrN3CW21bFj9F858Q9dnIRmDyeuybM71uxmH9BNBB1q6zybV7H9s1Ue4PM3/gu/AEbfqfWy2twsAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAE4SURBVDjLY/j//z8DJZhh8BhQXl5+oLi4+EBubu6BtLS0A/Hx8Qrh4eEH/Pz8Dri6uh4gaABQcwBQ84eUlJT/QM0TQGJAzQ1AzQtsbGwUiPIC0GYHoOb/kZGR/4GaC/DZjDMMgM6eEBgY+N/Nze0/0GYBkg0A2iwA0uzi4vLfyMhoAskGgJwNtLnA2tr6v4GBwX8FBQUHkHjIlAcKpaueX2jZ/PKDb9fdBgwDQDZDA6wAxNfU1JwAdMF/CQmJD4KCggbJ8x5vAGpU8Gq71dCw/vl/DAOgNh8AORuo2QBo8wGg5gNAzQe4uLgOsLCwGIDUJc56eCFl3qMHZCUk+4prDWGT7l0wz7lkQLIB1kVXApyqry0wybggYJh8wUEv/qwCSQZ4t948kD734f/kWQ/+h028+2HwZCYAjxChYziQ1VwAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKoSURBVDjLpZLbT5JhHMdZ1/VP1Cqrtco21kU3zevWVa3NXOuuedVmoU2jUR6CoRwcw1SYHIzJQQxBUXgLXg6Ga+mIwkBBBp08pYGvEOa393nbWC5Xa1389mzPnu/v+/t+nh8PAO9/6p8FBoMBWq0Wvb29UKlU13ihUAikAoEAfD4fKIrC5OQkxsfHMTo6CrvdDovFApPJBL1ez70tl8vI5XKQy+UxXjAYxPb2Nkql0h8rn89Do9G839jYwNzcHGQyWVoikdTzaJrmLrLZLKamppDJZEDu0uk0PB4PkskknE4n98ZqtSIWi3ETicXimgoDr9eLcDgMl8vF9/v9sNlsfCI2Go18EqOvr49PxEqlkj84OMjlb21trao0cLvdiEajHINUKsUxIM5EHI/HQTmUmKcFGHqixezsLHGHUCjcv+sXRkZGUCgUMDExAZY03+FwECf+sNWEhLs2vZq0YMZeZ+zv7ydi/PaNbK6W6elpJBIJEDFxNpvNiIdUWI4bUS7M4/XwFbwKO9DU1LSz5x7odDpCGj09Peju7kafqg1R62UUl50ofujC2oILkaGbENxp2PnrIr21Xdr3xnzRsPLOimL2AehHZ/Ft1YoZbQ1kwutfdzUYGBg4ypJ+rFarCWl0dnZCIxcgTTWjtKQHM38DdMcZbGUasZ4ag6frwveI4tyBSgMWVgs5FQrFLalUuigVtzWwTi+/sOC2Fm9jM3H1ZyXr2ChyZPxKhCTVwkoDdqdb2LXkFiUSiWBM14wM3YXSJzXnvpmsZSNUcyeTqgfz8Snohyc/+0Unju/K3d7eDpFIhJD8/DqzsoDSGoXiEstgyfJL2VDOx5B7YcSz5iOWPQGy460EO04zgbZTDOvEsE6M7/4x5vm9KoYVMdTdwwzVeIjxCg4GfgDxYPxXmKLFvgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALcSURBVDjLbZNrSFNxGIcPCJNBIAQRISRGYQWF0g27OJgQVmQFmpViZHhLaiaGeCtTQ1OW09QtS83NiR2XF0bZZZjKXNYq8kMUBX7qU30JIsM68+ldUpH64eXA4f/83ud9z/krgPJfjbVFSZkZsb5grEXDY9F4WP+C4Stm+i9GLTy/EC4QcIZnvTA1JOWG14Mw4YDRFnBdmEHNL1gcMNamY/TGMJPd8Molh61wvxbpCoPl0F8EQxdh5BoMlMDN1GGsybp/ASNWC88EDgY8rNcENIqu/m8nZ54ee6aRjnQNl4Q5csGy3zwfMNKyiSdNGpM90rFGY7AigoHSZaJbLbo+unN92DOqsR1fxo2kCK4f1FBlijqDRu3OjQqPzRa8HaJnCeoaGSgKp69gmntV0JsPPWfkeR5sh6dp2hdOvdEoIXArDapjzIrovsPXPT+bq1Avun24LyO6Km3HDDQfNoiuiiNLusb1URerp3ILYgYlUW8U0Z3FJ1tW84MvQ0R3BkcOomvw+/2JXq93o+gaiuyxZHbGQMXmEErXg/OsBKz5oojuLN52WUxmcLt6bClB3U/0mnYL/NPj8fygNSnhXHtM4LL7BCk2gUvWzo9WFvlVke1+4O4FRHdGdHWiGxfcrsm5B1N3LLn2bWS0R8+VDSSj+hsp7DtEQsNK5mq3BgNkBNtxk+hmyWLC/nw26bw8z7GDwVet3H3Z/Bvs9VuweArpelpHjnMv22tCtUBZ5FFl0a8sJdqtp2XeIHztkYmrD/K4cj+LCvcpKu9lYxuvIu32btZdUmaXgqPdbncg9eYG7jy34Jw00+Wro2OiVkLOYB2vJMuZQGS58ja8WNEvChDYo6rq9yPWNXP7GsMD8Q0rArvqw+bSO3fSOlZBhmMvEeXK1KpiJXTRZRL4gMAf7XZ72cLgzVW6bye74llbEvpeYN2St1HgNoETl9qLKH9eXRrC6ZyMg9nZ2SF/3v8CIIKyHGFPw/kAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAADtSURBVBgZBcFBSpVhGAbQ8/18JNEFu1dEW4MbaAFOhDbQPBoE7ag91MhRtYgop9KgIsIfDcQQ3+ftnNEAAACACcCnrzlJ5/zsBQAsAB93fbKzG3kOACwAp+vDbdyrLwDAaJ87ItKHI37eVGUpL7fAJLZaM6Id7bf4DmBSWrtxJ9qiHSgAk/htz8atiAfRNt51KW/G5GzwoZ8oLVpcObDFBSZQIqK1iAgKk/ddHmsRLdpTv6z39SiYlGNtdaS1diVWb/eASWk/PPPHtdg4FAVgocSxuPZqvB6rFgVgUi5FqX9Q+SZ3+QswGgAAAPAfKnCHO1UwyPEAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAADtSURBVBgZBcFBSpVhGAbQ8/18JNEFu1dEW4MbaAFOhDbQPBoE7ag91MhRtYgop9KgIsIfDcQQ3+ftnNEAAACACcCnrzlJ5/zsBQAsAB93fbKzG3kOACwAp+vDbdyrLwDAaJ87ItKHI37eVGUpL7fAJLZaM6Id7bf4DmBSWrtxJ9qiHSgAk/htz8atiAfRNt51KW/G5GzwoZ8oLVpcObDFBSZQIqK1iAgKk/ddHmsRLdpTv6z39SiYlGNtdaS1diVWb/eASWk/PPPHtdg4FAVgocSxuPZqvB6rFgVgUi5FqX9Q+SZ3+QswGgAAAPAfKnCHO1UwyPEAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAG2SURBVDjLY/j//z8DJZgsTUdmCkodmSV7eO8EkQayNN8+WPry3YOV/3d2ib0nVbMsUPPrT8/3/n9+Nun/1hbxP6Rolr99sOTtZ6DmD7cLwZrXVUt5kKb5xb7/P17U/b+4xu4/UHMRUYEI1KwK1PwOpvnSOgeQ5vlExQJQs8atA8UfPr+EaL662QWk+diSPDlWnAZsWjufedOaORyHZ0lrgzR/ebkfrPnWbm+Q5odAzYJY0wFQI+OmtXN5N62ZVbJpzYzrB2bIfX5zaxJY86NjYSDN34CaVbEmpN4lK5hWrJonBtS8ddOaeT82rZn9b8vSmn87u6X+393n///gdKP/QM3OOFNi95Jlks0Ll6+bOG/l//OXzv7/8+ny/09PD/zfPD/vHtTmVJxJuXfxErbW+UuyG6Yu+T9t15X/rQt2/k/t2vK/ctKa/0Utk7YuyFeXxpsX6qcvXdswe/3/tpXH/neuv/a/cu7J/9E9V//7Fi57n1w+QY1gZsppnfMvqWb6/8iSyf8Dcyb8907r+R+QO2tbbNHEIKJz46bF5SybFhVZbVqY17BpfqbEpnmpfJvmJfESYwAA/ZPGvT+K5AYAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHVSURBVDjLjZPLaiJBFIZNHmJWCeQdMuT1Mi/gYlARBRUkao+abHUhmhgU0QHtARVxJ0bxhvfGa07Of5Iu21yYFPyLrqrz1f+f6rIRkQ3icca6ZF39RxesU1VnAVyuVqvJdrvd73Y7+ky8Tk6n87cVYgVcoXixWNByuVSaTqc0Ho+p1+sJpNvtksvlUhCb3W7/cf/w+BSLxfapVIqSySRlMhnSdZ2GwyHN53OaTCbU7/cFYBgG4RCPx/MKub27+1ur1Xqj0YjW6zWxCyloNBqUSCSkYDab0WAw+BBJeqLFtQpvGoFqAlAEaZomuc0ocAQnnU7nALiJ3uh8whgnttttarVaVCgUpCAUCgnQhMAJ+gG3CsDZa7xh1mw2ZbFSqYgwgsGgbDQhcIWeAHSIoP1pcGeNarUqgFKpJMLw+/0q72azkYhmPAWIRmM6AGbXc7kc5fN5AXi9XgWACwAguLEAojrfsVGv1yV/sVikcrksAIfDIYUQHEAoPgLwT3GdzWYNdBfXh3xwApDP5zsqtkoBwuHwaSAQ+OV2u//F43GKRCLEc5ROpwVoOngvBXj7jU/wwZPPX72DT7RXgDfIT27QEgvfKea9c3m9FsA5IN94zqbw9M9fAEuW+zzj8uLvAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFrSURBVDjLpZO/SmNREMZ/uVxFCGy7L+AjpAgoIUW4hZjCCDZCbCQgVlY+gaDNLghibbmy2EgQTCOp8gaWYmFrpbE4Z+azuPe6UVE2ZGBgzoHz/Zk5U5HELFFZ2/uzu9ysHT2OVZUAd+SOuSEXLkdmuITMMHd+zIfn29uH/YtfGydpbal2PLdQTX4uTEVcfR7bMXCSjoOS8ePT1NJfghKAVCYONhenBtg+vCcHkAOwcwOnTRiNRkjCzHD3TwmQZRnmlgNQTOG0mSPX6/V3TJNTmqw9FgAl0tY1nGUwHA4xM2KMbyom1Uii0+ng5oUFz1HPshy50Wh8yTp59tJCWaxfwt9VMRgMiDG+y48Kut3uWz/SGAKQP5ZEq9X6lrmMGGJhofCyclGhvyb6/T4hBEIIxBgJIXyaQq/XQ6WC8vJqHSCh3W7/1z/wQlH6cHd/vvM7bLgZbv86biWzhNyQFXvhTsF5DlCZdRsTZoxXOgYqlSAcLRcAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKqSURBVDjLfVPRS1NhFP/du+suJLFN3VRcrQjZQxor7DECwSh6CHHgMgNB6kF871+IHtxeJTFiENFLVA/hy9yLYLWtLbSRFGbqbJtt624T57Z7O+fbEozqG+c7996d8/v9zjnfJxmGgf+tWCz2qFarjVerVYU8yAs7ODhg/1T6F0AikbBQwpzVavWq6jFUKAm6DhFNOTabFQsLr6H8LTkej1/l5I6Ojp7W1lasf90Gs+u6Ad3QCchAncAqlQqUZDJZqdfrZjIR9Fsm+3w+/6dk5HJ5AtIxdOWa+KZwstN5EoXCT8Fu8M9glYYwfiFOtNksePXyBc72nRfs/J9QwKicfG8uRmESJIn2xiY8W1HT8ODuRcH4PrYMVtt9/UZDAUtlVg60tbVDlmVIZHLT+JkBDL3B2HduQDwbzR7IrIDeCUCGyWQ6YnLT8+LmMWP2+DrmCwFRllBQbY5HkiWYFOWQXXgugXxjcg3G+U8PUS7WhAoBwBs3hEtgxhM2E7TUKtTKNroc7fjyLQ3VaEepvIf9/X2M1yeRKWWRiEcbTWQAuVmnVsjj848PGBrowejEbZTLZZzZ2oIRWsKb5SWMjY1BVVXs7OwgGo0ik8k0AFpaFNyf9CASiSCZNOHS4CBm/AF8XF1Fd3cX+vv7RZLf7xe+t9eNkZFhbGxsQCEZM+Fw6DIDLS4uOt1ut4PnefqUC5F3b+Hz+ejY2lAqlZDNZjE7O4tR3y3UqnuwWCw4che8Xu8zh8MxfGdqSnnyOEgXKQKFGsvHmReXxGOnGExPTyMYDNYPAQKBgF3TtAzL8ng86HE66VgB6XQaa2tronaXy4XOzk4GyW1ubsrhcPj74WWiEnI0iRjdvguhUAh2ux1ms1lMcHd3d4L8drFYfL6ystJCZaupVCpLim7+AjUfrZnK+fliAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIySURBVDjLpdNdTFJhGAdw120X3XXR5kU33fQxS0+5Yl24lFnQKsvl2nJLM0fmXLNASceKgAv8yBGgJPEhkcIShEEYKuKU1IxcTm0WUDiJ1Fpbm1tZ/855186oLS/k4r/34n2e355z9rwZADLSyX8vCm+WU6fqT38+21S4ztPy1rmK4lXF5Ry//Hwm6LjoHN8QOGOgUOe9iGByCJ7FJ5BMX0ORiosfa1/wTHqQIAQ4VCHbwpXL53iWHPAe7QefJAvq4G2MLY9gcnUcQ0kf/AkvAm4DPvhl6Lq+jwEuESD7inLrCWXJ10BygC56SgpHlofxfGUMjvhjDH7sR1e0Hfq3VmiqKSwOt6CldCcD7CDA3qrOXfRo37tjRojC5SRt81KYIxp4lxx0+mCOaqEON8NeR2Ght5ppBvsTT9Yqai60F/y0vTehPlyBW+FKAliiOvQnPGQKY+Q+TOOdCCjzEPU2/A1wxIaH3a8N0C20ouGVAI3TVVC9kcEa0yO0MgrfkptM0mprwqypGKG2AgaYYYEsqfGFI94D4csy1E6VonlWgt64Fb6EG7aYGTdGK1ETEv6yu+wEcDQeZoA7LHBEJfxkiejQQxczccZtEE8JwHNRKLMK1rRzng6R3xU8kLkdM/oidAh2M8BRFsi7W/Iu38wBty8bXCcdSy6OyfjfUneCbjj34OoeMkHq92+4SP8A95wSTlrA/ISGnxZAmgeV+ewKbwqwi3MZQLQZQP3nFTLnttS73y9CuFIqo/imAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIsSURBVDjLnZPNi1JhFMbvKtoHBa1atgmCtv0VrVq0aCkGCn6mYH47ip8IflAKhibpRke00BnnKiKoiKA7qSkF08FvvToak/f0ngu2qBYzXngu3Jf3+b3nPee5VCAQcPj9/ucAQB0iyufzPXS73Wd2u/3RQQB8Wa1Wiclkqms0mrsHAQwGwy21Wn2qUCjOxGLxHVyrVCpHpVKJpWmazeVy20wmQyeTyaf/BaAKhcIrkUh04XA4vhSLxTIxX5IHULMCDd+PkxCLxbaRSETxD6DVamUbjcavWq22LZfLMBqNgGEYuJgs4TxbhG9PHnManuQgGAyypOnv/wCazaat2+1yJ735pOCMy+USBuMFvPzIwosPAMW3xzDwemA+HHL78vk82Gy2Iw5APtZoms/nHGCv2WwGP4Zz6AwWsFgsYLVacUI47jUajTvS9GcUaQ6LgL/Ne3U6HSBVgtPpZFHT6ZSrst1ug1Kp/EolEokdUveGPWAymUA2m4V0Og1kD5AxX1osFo1er2fxGpvNBiQSCVDxeJzp9/tcWWjEcsfjMVSrVUilUth5IEYgo/6Md1apVDSu46FCoRCoaDR6gp1HIwLQ7PV6ezKZbMnj8YBoKZVKUzqd7h4C5HL5bZKVU4FAMOHz+U4qHA6/RiJOAgFIJvFmrp3EUCj0gMyVqdfr0Ov1YL1eg8vl2t0oyh6P5x2JKZAwAQkVNuznjQDkb7xPgnFuNpuvyHyvtFpt+bqA3zDZAQQexaeGAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALhSURBVDjLdVNLSBtRFL1vZpKYTCQdUZNUMGahJbTF0roxG7NoqXQZKG6EQrV0Z6kLF0pDDSguxO7aRejKLLW7brRgiSWKVcFgq2JDSUJsYmKi0fw0M+m9Aw0KNnBnwnv3nHPPeW9YtVqF637r6+sDlUqlX5ZluLi48Ltcro/X9bHLBKFQyIGAONYZghOtra1NtL+6upoyGAwWXDMiWYvb7d75h+EugX0I3MamPWwyY8nlchmotFqtTGvn5+d7WNt+v993hWBra2tMFMVBm83GSZJESvtY5lKpBMViERRFIcJ93LegFa6xsXFwenp6jLACPZCVSyQS5IWRotlsFjmOI++qisPhoHWR9iKRCAQCgSqSc1cyCAaDEyaTaZRUKbiTkxOIRqOg0WjAbreDIAgqYaFQILuTIyMj6gQMA9rAcZuxRIvFIuXzechms0S4gv89Op0O0Ja3q6urm8TQKiwtLWWRLI+YQwEf99rb27mjoyNVlRSTySSgBc/U1NQXUvH5fLS2iAJAfU6nU0Kb0szMzE2OxiJvSKSOTipGoxHQTu14qYf2MUy1BzMDmpTssNnZ2Y10Ot2MY4qdnZ0SpY7HRj5XEOghMJb3AYt3K2ufoJKIwZm2TtnTtp2uaTrCtRDn5+cnrFbrKClRYHQKsVhMVWxJboIpHoQOlxt09ttQDC3Az+VFObu781olmJube4Mq4zgBOz4+ViegohOhsfPv+sD57BXow18B4t8ATDcgLdhgc2H5t3oPMAMFA2J6vZ4uFYTD4TxOYOjp6WFEAOkDqLPYAZ4M13IR3lqBV1hbzYLX6/VlMpnnGM5hQ0PD/fr6+s3e3l66lZAcfyQ/fNrHi9HPUC4moID9pzkedsMQr30LHo/nBb7u4Oi3MIMkKvO5XA5SqRREpLvlHyuByp+SHnK8BrIZBr/iTEbp9+x/n/PQ0NAAgvvpiBlj/mHN96Z85uAlLzObzFfjiPrweKEy+RdV4845vRqFoQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJpSURBVDjLfVLPTxNREP52C+mvbSKE2FYkkIiJioo9KMT0QKImnAwHPXjk1IPoxUsPaoiaSDw0MTEe/Cs4mWhVLGCDlWgwFCMJiYeCSGstu9ttt/vLeS9dLBCc5MvMezvzzcz3VnAcB8ys2xMOTp2GmU7DMU04lgXbMGA3ffvoKJw37xF8+0pAi7W5QWuR01Jos3vXNwzstX8EhslJbF3nyZyI+WbcdgCBuENAHx0qRm8vLEZCYN6q1yH098PWapTT+M8EDeNBvV6/X752HWpIQt3jgcFGVxT4Sr8RnplFiHIOJFi7d7fgaJra2d0t+ehs2zZcgYkYnz0eVbs8Urixh0BgSSsrK0OmaU6Hw+GIQh1rtRonYBBFEV6vlyOTyWzquj6WSCQ+7tKARk12dXVFZFmGpmmw6AUYGAFbQ1VVfh+LxSI0TXKfiJQUZ5OwziZTvdmdwSWrVqsIBoOgCeL7Vshms1ZPT49YLBZ5EVo0cM/5nzl8L36BrFWgaNtKRS0/efl46REXsUHP4ya3ejdeWs+iJH7DSPwCjnYex0x+OrSwPPdweOLIIb4CjVXe+aWbu7vjM//pxzucOzEIS7QwGL0CSzAwfOYiS7/pEsyz/ZnSbtdWlORfaBckXD15ize5c+kFjh0+y0Kf2HznqcXFxU2fz4dAILBLA0EQIKsV5DeymEqP829Tr8extvWVl3omJycxMDCwnsvl5NXV1fPRaFTq6OiAJElcdb/fj4r8h3SYRV+4DyWtgO3qFj4szUGu6E8Fd3dmqVRqiNZJkqhxQicTl564TJhfRlrRBXWM0kIEhfB84dlG8i8v6tBqmkd4owAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGSSURBVDjLlZO7S8NQGMVb/weRgoI4iIuCVuoiuBfBwUFwaosPqJODk5OLBVutSlMsuDg4OVWkYO3o4Cha/BNS+qLP9K3HnEtT07f94HATcs8v33eSawBgUGtSlVmVZYimVY3Ro8nQBJgrlUq2Xq9/NxoN9JL6HD6f76oTogEsNBeLRSiK0lIul0Mmk0E8HheQWCwGSZLaICwjAdxQLpdRrVbFShUKBWSzWSQSCQEolUrgSwKBgIB0AWjWRAAN+XweyWSya6RmJsY2gDpGawOvObc2SiqVEp3Istwf0Ck9hJ0wj3Q6/X+AHsJxmAlBIwGoWq0mciGEGhnALkJvDzgK2LB3sQH7mRWrjtmbgQCaNAVf73HyYMdTVMK7HIb3xYkt7zxWDkyeoQC273BbEfy8RPDrGixPZBfeyD4B5aFfgVo/XkQoegt9PX5IBEAP+OmXwdrhDNxhB1xhmzC7nm1/HTR/x2U1ZUXd3PMw+YOn2PTM4Ty8I97MlfcigyZgipBBR3lhe/zO4jQpbJvrkn3CT+8vh7avwsYhJlIAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHYSURBVDjLjZPLSxtRFMa1f0UXCl0VN66igg80kQZtsLiUWhe14MKFIFHbIEF8BNFFKYVkkT9GKFJooXTToq2gLkQT82oyjzuvO8nXe65mmIkRHfg2c+/3O+d8l9MBoIMkvi6hkNDAA3om9MTz+QAhy7JqnPO667poJ3GOdDr92Q/xAwbIrOs6GGOeFEVBtVpFoVCQkHw+j0wm40Ga5k4C0AXTNGHbNsxv32Hu7YNtp1Cr1VAsFiXAMAxQkWw2ewNpBZDZPjiA+XYebioJ9nIKqqqiVCrdGUlm0gpwzs5hzrwGX1uGMTMLtvrBG6VcLstOcrncPQDOYW3tgCffw0isg4uqnP6J8AhCnVAelUqlPYD/PYE59wZ67BXsL4fg/6ryYhNC82uaJkFtAdbHT+CJFbgbCagjYbDNlDev4zgyH4KQ7gA2n/fMUWWeiAtzBMrgWABAXciAhaibAKAYnXyaGx3/5cSXoIajsH/8hHP8B87llTSSqAMSmQMAfSL2VYtET5WRCLcW3oHt7Aaq+s1+eQAt/EJXh8MNe2kRSmwa/LoQeOsmpFUeQB0ag9I/jIve0G/n6Lhx3x60Ud3L4DbIPhEQo4PHmMVdTW6vD9BNkEesc1O0+t3/AXamvvzW7S+UAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGGSURBVDjLxZO/alRBFMZ/c6MmomKhBLv4AIJiYekjCFopKSzyCnkGW99BbMTOQhsrBcFKsLCJhRYBNYYsWXNn5s6Z81nMGu+626XwFDOHge/PmfkmSOIk1XHCOvWn0ZdXsulPpAFZQbUgG5BlVDOURLWELEJJXLz3JMwTVOP0tfsLChIEmC2A4OD5g0UHebLLWQl5bAcBJAcC4i9D6FZRiUtGMMOHb9j0PXhGGtruA3hCnpBHzly+i5d+CUHNgCFPoDIDjcEJeQ8yNCxxYL/2m+U55Yh7mpFE8NhE7GiRwGsi7bzF8meoA8io6ZC1jfWm7AnVCPLld1DjPna4y/kbm4Djw1emH56h2oN6VFNzIKOOCI6DFCTKj48cvN6m9jtQC64yAjcXrjrnoBu/94VbDymTPSZvHs/A6RgsT0gZqC1M/46AJcJKx7mbW8RPL5m+e8HKpeusXbmNI1AFDHBkmZHzFpO9p3fkJSNLqEQsfgc6uhCQJRgy7qlF2ypXHynMEfy33/gbubc6XKsT2+MAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAH9SURBVDjLpZM9aFRREIW/ue9FF2IULDQuaYIGtTBRWGFJAgqSUsEmjZVgo4mFWBiwVVjBHwjGwsbCShExIAghoEUMARGNGFJYhIC7isXGRbORvJ0Zi/dWY5fFCwOnuHz3nDsz4u78z5HTlx6NDB4v3KjWvd0dMMPNUFPcHHPDVTF3XBU1Y/uWZHVxsXzl6e3hibgwUBhvy7WH3bmWHm5fres4MBHXEw/16s+Wra8lHgBiV+f6mX0tA86VlkkBbgCsNxQH3Bw1MBwzR83Qhqflxro63Z0dqGkKIOuCBEHc8SC4OGJCCIJIQESRyIksEDfS+9bIAE1SAFwEBCIHEzBzIocgEbGAiqMhdWxqWQTL5kAE3P8BiYCrYwIuQBAii1JAM0JTpAxJxQaQxUJsxvTbSV7NP6e2ukLSSFjT/cBJ4kaS/HEggLsjIvgG0Is3T3hfnuLYwFG6dvbwcuEZcx+nKY7mbwbPskSAZC4k00GEIMLk64ccPtCHBqVvzxAqCcVD/QAjwcz+Rsg+M4gQbahv37/QJts4dfAiAJdP3Gfvrl6AXFxeWn58/k4ybKqYGqqKmaFJgplh7lRrKyxUZpmvzDA29IDS1Fly0VaAX7KZbSyO5q91de+42t87SE/nET59fcfshxk+L9VuyWbXuTiaLwEXgA7gB3Bv7m5l7Dd8kw6XoJxL0wAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAILSURBVDjLrVM7ixNhFB2LFKJV+v0L24nabIogtmItin9ALBS3tXNt3CWgVlpMsAgrWRexkCSTd0KimYS8Q94vsnlrikAec7z34hSibON+cJjXPeee79xvFADK/0C5UIFyubxLUEulklooFNR8Pn+Sy+VOstmsmslk1HQ6raZSqd2/BCqVyh4RW/V6HePxGJPJRDCdTuU6Go0EZ2dnIFEkk8lWIpHYEwEi24lszGYzjHptfPvsgvbuEJ9ePMPH548Epwf70N4f4fuXY6rpYDgcIh6PG7FYzM62dSav12spfHXn2rk4fbmPxWIhIpFIRFfIzk+v1wvDMLAhka9vD+B88gCv79lxdPeG4M39W/jw9KF8q+oJzOdz2VIoFPqhOJ3O7mAwwHK5xGazketqtRKws3+Bto1arYZgMFhTHA6HC78XW6P0wYJmcAy2y+9arRYoPCHTpOD3+w8Vm8122xTgQhobqtUqms0mGo0GeDLckdOnESIcDqPdbnN3aJp2VbFarTfN7kxmUqfTkSLuyM8syB3pLMj7fr8Pn883kTFaLJbr1EHfbrdilwm9Xg/dblfABNMF3/NWisUiKPjHIkDrMou43e4CF+m6LkUMU4idcFc+WJwRkbU/TiKtS4QrgUDgmGZrcEcelXkKORsWJ9sGkV3n/kzRaHSHgtrQjEGCHJSAyBuPx7Nz4X/jL/ZqKRurPTy6AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKdSURBVDjLbZNNTFxVFMd/781jICiCCFoSC5YgGGAQG/E7EhckJFqMe5suNI27Ji7r3qXbLk2rSRuFhU1asESgxvoRm5qQoIAikECMdcIMAzO8++6957h4MyjKSW5OcnPv7/z/554bqCoTFz4eUNXPFQooLymKKqBKmvRwibdYs7t++8oH3QAR6YHzCk/l+juD+3/tolq7BClMUIHibpkDo4hGp6hGCoBXc/0ng9eGTtLZkUNTAqKSVpW0entLI40NES+/+R5HAKg+nBvoYvrubxQKFVQEAKmpUEVFKZYqxCbh31G1QBBlI54c7KLnsVa8B1VBRPFe8SI4UQ5iy2eTC8cBFO+FzfslsmEdcRxjTYKTdN+RIarL0vZAPaJ6DAAQLzhvMcbw1nM9qfxUHarK5flfeOJgkovPrjJZKfxfgfWCtw7nQz5d+BljHc4r3gmOgCE3zzODJZr73+fEIx9x78Pe8dMXV2cOAc4JibUkAhrWE9TVQahIIPTG84z1rNLcN0Z5c5rWR/vIdJqp6Qvd79aaiHUeFzuM9TgvWC/VrHSGv9KSex1fWaKh7XFiv0XH6HCjKxcu/aPAC9ZYjPWpHa8kVcifrhVb2CDM5AnCMtmH8hBX2P/DZI5YsEkKcKIkTmhz64w/+CVNTYq4bUIpQtiE2oTlayvx0krpfFQbmMR5nHEYK1gR+twPjETf8PQrY2hyi8DvsXjzgKRQJBDL1kbp7bNX16cOe+C94hOfWhDhheafGB49Q5K/RBQ1sziXMLv3Bl9vRuTX7mzdu/3t1JFnJAwZeX4IDQK8V7JkCTLbZOrbWby1z1flCXbaX8Ss3aVYcXP/nYPZmRvfv5P+vOr8n7CY/B1KO4ZPlvtZtQHKd6Bc//3HL87VAH8DX5rXmGdCnY8AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAI2SURBVDjLhVPfa1JRHPepnnrrT/Al6KG/YG9RD0EPFXsJCkaMHjMKIamVNQhqQW3LFqtZq9Yg1KXVcBhdZ9ZDgyblT9y8Z1fdvXo3Ua9D1E/ne6c3bUIHPtxzPr++5164JgCmDsJ+0/FI2BTu5v6n9xgSEZNWLh0BN9r6FfTTewyx1f3QqsOIre5r9ZvY0aM/d/U9Be+WHiO4PIg5n70mCEIizgM0MRQ4W+Bn93PPOJY+n8H4G6vUU8BFM8fYtL8I17ctTH7IQ9M0GBP5s1AowP5WguOjjIsTSYUyRsFXweNkjOHJooL5oIoJrwJazve7E2c8o/r52ksJDxc2YZlKgzJGQVAINPjC6y8qN8jwr5T0wJ35LByfZNx4JelnhyuPq9MMroCMZWFxxygICb5WvV7Hv+v6rIRH3k1YXzCDazabkGUZye+2hlHAVizNRDwKeo3Oohs53DlYnzEsCEWdU1UV8dhv5NM+KOFDfwu2QgcatcxtpJJR/WPlcjkwcQ0bG0wHFSuKgvW1FEqZpyAvZYyC7MjhVmFmGJXUXShMQEmcRU0cNaCJ97HN5lAV70FL2UFeyhgFRe/BhvzgHCTLKSiTQ9j2XkLlh003E2hPHGnkIS9lul9hp5a5hVLgCpSpC8jaBiEOncD66aM6aE8caeQhL2W6C5zlXye5cLPn6n3BPeSlTHeBmWOMo1aOHEMlfh5a+jI3j+igPXGkkaftNe/5Fzg5wGHjcHMkOKptJNocaQPdmT/bXw90YXDpsgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIpSURBVDjLpZNdaFJhGMcX9EExPVNn3Xcd3Ui3urnJbK4guiioiyjKPFm2QRSINZl2RDuprTZNaTLQ06ajizVhDILW+tpmYxXW6mKNXTSKGS2Xm+foP18vBjLRoosfLzzv//nxPC+8NQBq/oeyRfpAvYXVStMeXR2cWgoWtWT1hEJu+yuBXiG92nNYkg8cl8JfoPuoBEwrhXalOK/bL7NWFXRrqSSrEYNR1YJRi8DoJLC3yXGlUYqTCupnVQGjrIVLU4/RrmN4F7Ph85gfj90GXNDshaOByvdfO7SjqiCzMIVfk31YnuKwnBjE0qswUvMJuNQU3obo7RUFDpUol5qMIDUTQ3p2sEAU36ajSCU4uJrqhIor7NGFt9mVYv514CLWpoPIvH9U5PdMGM/vnoKjSb4m1wR2lhXIW7nibp2q3eCffMK4z1gCP/YB5uZ9IBmZ2rerRCA7OLCFnG/OMPCdbUAu/hHCracQrCMQLEMQbnDI9Y4g2HEEJEOyVGPv1pIJyEV2dBzpoQkIwWfgncPgLRyynWEIbBRZsw+CNwrhXmhDsiEgIxb3vd2HOdqNjDOGdWsY39vv4IvJidXrfqx3sJg7bUOmJ1LMkp5NghVXAMl2LxZNbnw1schc9mDF6MAizWBJb0fyEosfN/2bBS/uGxOkED9nz0/oHeDNkbKQ0eP6LoFkCz2zJW8w/9AgCrXQHq7NNEyC5ehvPv/yQQvtXRgwiCr+xn/hD7c3w4UciyonAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJRSURBVBgZpcHda45xGMDx7/3yzB6ebc3ayJS8rBDTkixRMsoByoE/wIkDcbQTckJRTnYmB07kiPIaRa28JM2iaLLJS0mYtzLbnvu597t/1++6TCknitrnE5kZMxEzQzEzlB679M34C1HFe8WJ4D3kYuROcF7ICyPzSp4LKdPWd5T5wxA1QjBEDQmGF8Or4r3hRfFBKUQ5c+cLKb9N1ISgIGpIUIpgeFG8GIUoTgKFN5wohVfmVlLyqpAybfuaCv1Dk/SsrjBeC1wYGGNPdzPlughjmsHQuxr3RsbZu3keTpRz976iuSd2ItSc0lxJUIVZpZi8CJTrIvpufCICjl58z6LWOla2l2lvqWNxWz25VzQT4swJD99krFs6m6uPx6gvRezb2kqaRFRdwIDMBVRh4/JGfpmcCjgfsCyQVnNjy8oG7g5PsK2zkZpTTlz5yOHd7WRTATPIpgKDI9d59OIm1XyMQgqqsgl1XaTjeYEPxv2RCdYumYMZVJ1gZmQugEEk/bz89oQtm9axcG4Hd4evMfj8PC3zXhH1HB+xnV3NfPjuKLziRHHeKERxohSiNGkve3ZshyRm14qD9N3eR0LM+cu3iCcmhbwINNQnNMxOaConNFcSWioJrZWUtsYSP6pfKEUVdq04yC+9PWdY2tZJFHvS77nn1M2PmDfUKVYI5hVzAQrFgrJs1RjDowMMjT7g0LaznOzfS30yC9MSkZnxL90HFhxfuLjpyIbOjXTM7+L156cMPHvAh7fjfZGZ8T+6Dyw4CewHGoBJ4PTgqdFDPwHX2V3XB5aEeQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHbSURBVDjLdVK9qhpREJ7j7vrLGlhRiaCFFikkT2BxQZs8Q7pgJ9rcVuIj3MYHSJdXUAj+FDa2wSaIIihcJVUs1t91c75z7yyLd+8Hw5k5M9/MnDkjXNclYDqdDhzHqV6vV5In4fTL5XLx68N6vV4DTyCBJD/EYrFxsVik8/lM9+AigGEYNBqNaL1e15rN5lDHpczasSyLttstRSIRj+QnQt9sNpRMJqlUKtFyuWzL66GYTCYP8Xh8XCgUaL/fqw5Y0C6IQgjSNE1VN02TEokEDQYDWq1WNV2+p5NOp9UbERSNRpVwdX8nOG+3Gx2PRyqXyzSfz9s6qhwOB9rtdmTbtkeAcAcgASgCW9d1ymQyyo8EVVSezWaqVSbjCaFQyEsAMvsBDFzeVXX+nnw+T6fTSQVDkBQ+fCnPATZ8sJmn87/LqaqKnIBnwglgc0cAYlQCOFKpFFUqFS+Yg2BzMMh+fy6X8xL0e73eF27pbuPebCRvKU4pfeFfFkar1focDod/Z7NZZcutu3W7XY0CIBqNhhvkIC1inzVLraXh/LOFY5tBYWqVsZr3WCwW8WK1ofTNr+/mOzEvCaDc469buHywHYN1GWQEPiFoBsDHr3+e5PHt1fzx/PPTY1Dcf079mla6MmR7AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKGSURBVDjLjZNLSJRRFMd/3/eN6eSDGCeLHkLRy8SoTSZhUfRclVC4Ep1FLcJ9QQUSEUHQqqCCmFXELCrooWFFBRVB4WMi7YVjipqJiWOT4/fde26LL2ea2njhLi6c87+/c/7nWMYYurq69k09vtymxodQown2RD9UM7fz3ers7NygtX4lXrrQQTN25Si7rr+fU3YgEKgOxGKxDzU1Nc0FPa3RolLAgOd5OYEigjEm5x0MBn2R+vr6dVrrS1LWgIMi+fzpfz/Zto2IZN6WZWUEMwTz4q3R4jID4gcAnLk1iggY8BMEBGg5FM6WkSFY2IBjKSafPMsIiEDl8uAfAf9296cA0FrnEgS6H0RLwgZjTFbAGN71/0IAIwYjGjF+D2zbFoCsC2660LEUQxeOsD/WgzEmp+4Tt/eSmkly/mA7jpWHiKRCodD2LEHH/WjxQp9zNvnkzW+IaLQ2pPJmKA9XcCxWy8UDj8jPCxYCzl89aMRBMdHuu3D81m5MnsIVhWsplixYRcXiaqbSKSKxzZzddgfHcewMgf3mXrSkzCDa77gSl92VjWgjaNEIhuHJQaqWbeWnO01z+w7yl+r5fxE0YaMYb3uKZVmklYs2wtfxz3iiUOLhaY/kzBQbl9fy0/vFROTFoyzB67vRojIB3x3SKo3SikUl5SjRaCOMTA4QKlpMx+BLekc+MvqMxhwXbBT9pyPUtX/h8LXVpF0XV1zSymVleD1bVu7h7cAr4sNxbjQ9Ye2iSn8XlFJVm3of9s0PBTEGEokE53a0opTK7EHkwRYsO0h8IE5L7VV+9CX9sZ6d6cia0u3lRfN2DqW8weufxuP/7sOKUzzXxikYa9N10x0Mz67zb4UIk7Pj5YsYAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJRSURBVDjLpZNLSJRhFIaff+Y3x3S8pKmjpBlRSKQGQUTbLhBCmxbSrk1CiyCJEAJxUe6qVQURtGvTJooQNLtYEbVKoVDJMUrFS6iMzs35zjkt/indBEIfnM23eM/Ded/XMzP+5/kvbhz5p4KqoWqIGk4UEcWJ4pziJPjzAerbmlERMMPMwEIYYAJmhqmiTlERVA0UjBAjn0YCARXHyvQ86eXEljZHy0qpqavdIDAx0ssJBo9/xIxgu20aoKfuMiVFDYDysPc+O6urEVFCAJq/wlDqLkOpO2S9cUTB5Scn8GGpFU2PYrqOE8XyNwgFzAH2ofIpst5jXiY7yekKTiDnwDkYzZ6gf+EoibVJRBRVELU8QV7AieNwtBURYThzhhwTgYjA+Fo9T1Yu0BV/8JdA1fBVDXUSHExzfEmM0l5fxWwyQzLcztJqGxV6lp8Lx1jL1KIuTIta4MpmASdKa9UvDlbGqIvspaVMUWvhR3QC5REn47eIvYnjzy6T8UPIVCQIkqihzhBRagqbUFOcraOmGEos0kDlqwn2TITY39FNYdMB0qMDfH07SHV6Ed+JomJEikvI3HyGSSAWeB5koGB2hn2X+ohMvobh62wvK2d3YyNz38bxRRTMo6yiitLSHagGljafu0Jyuh9QJq/eJlLbBKe7NjrQG6MopwFBfGzsb7b/bB7pPh8QqNHse6Q+P6f46UWy6TlSwGoiTKYgjLeVNr7rqO/dFi2+tqvS+X5omtVFx/f5sOQy1uNttc7vOxq6k0uznWHxGiVsMwb3Tg24vt9oKbFtb+0ZHwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIjSURBVDjLpZNNaBNBFMffJNumS61t1cRYUYwGvHgRj+pNUYmkh54UPFnEgrESaA0oloKC1UuEKmoRD6HgoSIRK1ooUhUMoYpaBWvS9IvmUCMFYbs7Xzu+bU2s9kOwC392Zva937z57xuilILVPK5/BbSkmtzR16di/w0QXNzhlB9f7jtZ6QjNA41xf8WmZoTAyHTuG6fsLbX4c2axh4+b+iZXBJx9cfLyxgr/hR01QZC2BIMZUPjxHfKFPAyPfk0ipGPgYuqNtlTy+cR4iG1g5czFgEkGM+YMaO5y0DwabNu8HUCR+vS7Qdgd3RVZ5EFrYlyX0o7fPpJozeazne9HP4BlUchMZIDimwoK671eqPPX1VOTNiyqAJNbUEFn3H3sUeRo54E1Q8Of9mDJ/Xj+hv17921xKqmurQFG+aE/ANH7uYC0VQwBpTXTsBoxOfaqLX0FS4anvc/OcSZAoKSQh8ExsahIVybZ0TOmTt/6opx5zyBLogILY/5WyYNIVza0rtIdLiP4739XELYVfH6QZpe6U0xftpHO3M2gcTLuwZlhyRIAk2Gnj+i+KtIupPp476UVWhLgGOerKgtyboPFbCh6gH7MQao9BLbWkuBanTy52W8mb/TNBooADc87Zxx2FJiYjDstAAAwoXANwO0i4K0kzo7hsYI4eK3XuIp51zUsN44DPTc9+2tHlD3fnQ5saAqh9vy4KATrGNuOYSfIaq/zT68cX09iiVY0AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJMSURBVBgZpcFLiI1hGMDx//ed78yZ4RzTzGHcRpEZUpqajbsmaYpcdpRYYGEhbGwUG2VhMwslScnCwoZSChE2khW5LliImDFk3M4333nf93mfB6VsFDW/X2JmTETKBKVMUHb04kfjL0SVEBQnQghQiFE4wQWh8EYelKIQMn5a2tvGH4aoEaMhakg0ghhBlRCMIEqIihflzO1RMn77Ni5EBVFDouKjEUQJYnhRnER8MJwoPiid1YyiIaT8pGYM9tVwIbKhv8bW5R3sWNnJzoE6KxdWackStq2YSmtLwu41XTRcZNxFtAikToQgSiVLcEGplFNO3/xAksDQlRG662UWzKwwu7OFyS0pc6dVyJuRIiiaC1nuhKYolXLC9tV1sjQhd4KZ0XARVVjaW8WAZlAazci4j7iQYnkkaxSG80rhlRNXRzmwfjrjTcWAvBmJZjx5XfBm5DqjI9c4cvYLk0OTsU8DqOsn+1p4mr4NM8idYAYNJ5hB7iKqxrmb5+mZ84DBgSV0d/Zy59ll7j+9QH36C5K1x57bpv4O3o45fFCcKC4YXhQnihelXQ+yZeM6KKVsXrSfoVt7KJFy4dI10m/fhcJHaq0lapNKtLeV6KiWqFdLTKtmdE0p86UxSjmpsnnRfn45uPYM87v6SNJANlYETl59hwVDnWJesKCYi+AVi0rP4s88G77Ho+G7HBo8x/Ebu2gtVTAtk5gZ/7Js36xj3fPaD6/oW0XvjH5evn/Ivcd3efvq61BiZvyPZftmHQf2AjXgO3Dq/snhQz8A9uxhvZij7OIAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAH6SURBVDjLY/j//z8DPlxYWFgAxA9ANDZ5BiIMeASlH5BswPz58+uampo2kuUCkGYgPg/EQvgsweZk5rlz5zYSoxnDAKBmprq6umONjY1vsmdeamvd9Pzc1N2vv/Zse/k0a/6jZWGT7hWGTLhrEdR7hwOrAfPmzWtob29/XlRc9qdjw8P76fMeTU2c9WBi5LQH7UB6ftS0B9MDe+7k+XfeCvRpu6Xr1XJTEMPP2TMvlkzZ8fhn9JSb+ujO9e+6ZebbcSvMu/Wmm2fzDSv3hmuGsHh+BAptkJ9Llj3e2LDu2SVcfvZqucHm0XhD163+mplLzVVtjHgGar7asO75bXSN+VMia/KmRHxK6/P/H9ni8MmjwqrNoeKKKkZKa1z37F7H5uefkTVn9Ac2NK5O/L/lytT/F57t+t+/O+t/eL/uf/NsqV4MJxYtfXxmwo4X/4F+NYaJxba7fN94ecL/jdcm/QeBnj2p//v3pAMNkPyOYUD8zAcbJ+189d+z5UYOTMyn2vD/titz/iODTZemggzADCTvlpuNE3e8/B/Ye2sJTMwyR/p7966k/+27EsCa23cm4HYBMGq82zc9/5+3+NEzx4orbCAxoMKW4B6N/727UsA2g2gQHyjeg2EAMGqEKlc9/VOx6vF/29JLgTBxoOIOIP4EcjaU7gCJAwAM9qYI32g+agAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIDSURBVDjLpZJPSJRRFMXPN46GWqRjZjkOhILU2lXUotzYqglmEQURZLtQbFEK2VLIlQVu2kXQIsOghDaFZS1yI4Vhf3CcwWSgNlmRY3z3nPu10GxEF2UXHo97ee/AuecXRFGE/6nYvzw+M5LpO3XnRNmWBRjqNI03S2dBqYXuZ50pp2ckdYhqE1VPCjKBFBprknAKc4XcjbELj3vWCXQ/7TwoqTdZ1ZSurUygurwa8VgcigS5w11gJJiIN9lpZD/ODTy59KI/DgBd4+dSLu/dnziQbqjeg2UWEQvKQBe0ejzSWm9G0FgBAHEAEJVJbm9K11ftBp0ISWQ/v0P+Ux5rFoxo3JWEJMzN54Ynrry8XCrQsXNbDYq2BMkx/nZ8QdToyNmxi6ULax88PC3j1ET/ZNe6FEi1VZZXIUAMhS8F0Ljh80oKvGvG86WzOADQCIoIggAmgiE3jfH51cmBTUFiqKnFH4tYtiISO+pgxsyx60eH/oaNIIoinLx9vKexNjnUsrcFihxLy0uYnZ9FfiEP2h8ORK30EmaGPwRrFsw4mivkjlSUVaTrEw0IEaK1uRXN+1rgkeDuoAsOh9zx8N7Yegv3Ox8tWMjBV+9fP5jJzuDb1+8o/iyu7EOCuaBI4CpQojZHuf3aoRRNGZIdMrWRqpMpJgqS4/ftcuRuzQcbBLZSvwCJx2jrjVn/uwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALTSURBVBgZBcFNaNdlHADwz/P8fpvbfJnO+M+XtKz1ovSqSEaJIUWRXoQKIoI81MU6dAgPQXQphS4dIiOQhMp7h4hAD84iArVSK8FU0NRtbro52+b2/z3fPp8UEZ77YPCN7kXzXsvJBnQhgYRIRNEu5dz4WBxON2+8d3Tf9lmAFBFe/Pjno1+/s2FtzmlxUAkAIiBcuzXn4LFxQxdvT/11+kzfT/u234YacpUe6KyrxX+OqHJKJKLQRNFuh+m5xjP3LfTE/bVfy7WeKA/e2PL290uOfLbtdoaU0oKIqDqrrCNTJ6pMlUiJLKFYvqjT9o3L3T0wr7teNP8ryBAkyMiJnJKckpySnJJcJVevT7trwZx1fcmbTy5VdVQvQw0QQV2RJJGS0gQ5qSs6I/tnLMyWtlJmbb5nnlTnNtQQQaBOWQiBlJOEKESVTV0aFHOzuga2CpmUQQ2BgpRIkkDgv9GLJkcuWLDyUV3zOpWOWpm+7sih4zYt1QEZSpsICgIRgTBx9azVq+40ffWkVqtlxYoV2sOnDQzcq+fm39WePXt6aiglRARBCAA9favMzMwYHR01ODiou7vbunXrTE1NGc2rm092vzqVoSk0QRSaQlM4f/wHnWVSq9Vy9uxZ23a+b8sr7/r38hXLli2z9aHF1d69e6OG0g4lwoe/zUpCSeyYmFBVlf7+fq1Wy0e/zynYWpLJyUmXLl1y/vx5NbTbjaZh+aIO61tZCabbL7l89bS+oSFr1qzx/LlvtUuxZvVKY2NjDp+82fTSqqF9u5R2KTHbSL9cbpQUQuXpK6foXWtoaMj6xx4xMzPjwoULent79eeLVerunqhhbqYZnt9Z3bH74dn5EZEFBcfGlzpw4ICdb+1y5tQJw8PDNj21Ob784vM03iy59d03nzYpImzcdWhXey52pJQeD9EDIAiE8OzCH7tGRkac7Hp9vJRyInPwj/0v7P8f4TBXams7dlUAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGkSURBVDjLxZPPi81RGMY/59zvN1chC0lSViZJzJQk/4BYTWNBkyhZsrDCgprl7JQFpSxsbEZdG5qFJjvKRLFTU4MsrGjouvf9ZXHOnTKyugtvnc6PzvnU8zzvSRHBOJUZs8YGNCxM/UODgziogDrIENTKmQHDgAE0AOyb3fDW/xzmYFbWYnWt8OJRBQCsfQF3wuoFVcIURAmVshchVEGFdud+6McIEBABR26Q2q3E23uEGfnwJdA+9uwq+eRtUttFl+aJT29ApAJUi7ZwaLcRL+dIx26RbIC/vgvm5KOXQX4iT67QOXQWXV1eB2RECsADcgNb9oIr8f0z+fh18tRF/MMiaccEzen7+MdX4EUigyDT/1X0uQOQDl4gVhZhuIY9niUI8oEZ5MEp/H2P5sRcMVOtAgZaaO7ggi/fIU1Mw4+vdGYekrrbsXcLtOd7dCbPoE9vVoCCQIr53cHkOYJvxXVVQorTIdX9UQqqYEaYsWnzHug9p6EfIEKyLmkUoVnJPqq52aFjkAIaL4nVSnFtVyCx3llYwHDDrJTu87+bNv333/gbANMZYUMccT8AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIpSURBVDjLjZNPSFRRFMZ/9707o0SOOshM0x/JFtUmisKBooVEEUThsgi3KS0CN0G2lagWEYkSUdsRWgSFG9sVFAW1EIwQqRZiiDOZY804b967954249hUpB98y/PjO5zzKREBQCm1E0gDPv9XHpgTEQeAiFCDHAmCoBhFkTXGyL8cBIGMjo7eA3YDnog0ALJRFNlSqSTlcrnulZUVWV5elsXFRTHGyMLCgoyNjdUhanCyV9ayOSeIdTgnOCtY43DWYY3j9ulxkskkYRjinCOXy40MDAzcZXCyVzZS38MeKRQKf60EZPXSXInL9y+wLZMkCMs0RR28mJ2grSWJEo+lH9/IpNPE43GKxSLOOYwxpFIpAPTWjiaOtZ+gLdFKlJlD8u00xWP8lO/M5+e5efEB18b70VqjlMJai++vH8qLqoa+nn4+fJmiNNPCvMzQnIjzZuo1V88Ns3/HAcKKwfd9tNZorYnFYuuAMLDMfJ3m+fQznr7L0Vk9zGpLmezB4zx++YggqhAFEZ7n4ft+HVQHVMoB5++cJNWaRrQwMjHM9qCLTFcnJJq59WSIMLAopQDwfR/P8+oAbaqWK2eGSGxpxVrDnvQ+3s++4tPnj4SewYscUdUgIiilcM41/uXZG9kNz9h9aa+EYdjg+hnDwHDq+iGsaXwcZ6XhsdZW+FOqFk0B3caYt4Bic3Ja66NerVACOGttBXCbGbbWrgJW/VbnXbU6e5tMYIH8L54Xq0cq018+AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKSSURBVDjLnVPdSxRRFP/N7Pq1U+q2an5tPqSVPQjhF1hYrElJBBE9RPQY7Ev00h9Q7EMLRSAGhUIP0UNqQkaYCOVDUJEZ9iDqurhGsaDpbOvq7uzO3I/uzK7rWi/R4f44Z2bu+Z3fmXuuxDmHaYFAgDPGYIJSaoEQkvW5MAwj6+3ImLmxuroW0VgMMEnTy4q55Xg2Nr3TWYrx8bHdBNGNDdzoe49/sXveVui6vkNgp/NwREdx59wWbLINjDLBKsAIknohRlevI85dkGUZi/Nz4IwjlUqlCdSvHlsBaYfDVYODrnJwg1igugbt1wJe/uxCgjkhyRIgSch0YSmQrQfK3AqbRl5RHVh8TmxUhAJRObqIV8udmE90gEuyyJUsmMY4SxOsfzmVLwiuFZUeFq+FdG1FqE5hbXkCY6E2zCZO7iSaPtOyOLL0P2CUHuOEeQv2NoATTXBUQZyPWDJK5FV0OAZhYzqSVEEQp5GQKjIK0i3YRfKDQldLmaYuiMoM+Y568dWOqrpulKpBUENHNDyD598vYDb+AzpftQhsdltGAaHD8fDHd2Gt/WZlRTliwddw1naBJKPQE+vYIAeQOvIIHXV5uLi/EpqmWQQy0i1I25M4NDR0n5NNT2thX5OjuF6OrCyR5c3GD8mKS53m1AWDwcfCe8T0RXKm8kWWwLTQyNG3+Y5qj6Z+G55Ur87EDKX7+IlOT0mJE4PPnmoi4bbf77+bO1BZgtBIYw8z6MMtvfjWpHrlSUPDIexzlYESCYaopihFCC0FMDX1Kd7b27snO4DbgUgOC5x/s3bZ7XbXoKfnrCXTLGDCnMCW5iZEIqri9XrP9Pf3T+xSkGs+n29a9Nr85y3M3MzPAwMDbX+18L/2G23Jn5HeUDltAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHiSURBVDjLhZPJbhpBEIbnJXxNxFsgjfJ8VixjYscXx7EdKzdWgdgFDggQm0CsZhFCCIEAcRx7EN2Mfnd1xATEkkNdqvr/6q/uaqXVaqHZbKJer6NWq6FaraJSqaBcLqNUKp0BUE6F0mg0YBjGXozHYwnJ5/MnIQp1JsFoNJKdh8OhCaGccIFMJnMUopBlOkzdKFEsFsuapoFzLvMEzOVySCaTByEKdd0cFOKVsDxaLpfg8xlY6o+sDQYDpNNpJBKJPYhCnTeW1+s1SLxeLMC+2cC+noMlX2St3++TC0Sj0R2IImbUF0JAhxhj4DPR2W4Dv78Df3oAu74yIb1ej1wgGAyaEKVQKHwRM+rz+fwv5LUFdnEO/nAP/vsZ/NfjDqTb7ZIL+Hw+CZGUbDarihn1meguIZ0OVleX4I9bEPslWCIu6+12m1zA4/GcmbOkUilVzKhPp9N9yPMT2O0NtO/XMMTrkItwOAyXy/V550bFfGo8Htcnk8k/iO0C7MaO958/sHrTtsUWc4TtiMViaiQS0WkTJaT9ipUQG+J1NmKn02kxL/HQcoRCITUQCOi0iZsnJrHI74iPAij8fr9V3LROC9YRoxwSnwRQeL1eq9vt1knscDgsB1f5f99VdLUK8adj9Q9ogTPkuLLcmwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJRSURBVDjL3VNNaJIBGBaCDnXqVlEQO0ixrE1a26G2uYU0tyVaA2lsHtS5HzuYhTkl0CHZmpT/0coO0UVS6AdrkCPFkC0am+ambea2GjOYuubmN9vG0/eNLl1s0K0XHnh53h8eXp6XBoD2L6D9Jwuqq6v3dnd3X9fr9Rmn0wmNRjMnk8kqSewn8wTFUTWqh+r9YwGTydzd1NTUbzKZkEqlkEgk4Pf7odVqv6jV6kA8Hl+nuGAwCNfgVcSeCjD9XI/xR2xM2ErbaeXl5RcUCsVyNBrNCAQCb2Nj46ZEIoHZbIZKpQKVU5xVWzu+OKzEcvgVkFtANvwMoYHzKUpBv06nIywWi5TL5e6pqanJ+Xw+jI2NIRAIwO12Q9lZQWSiNwuFry+w+O4O8hEPNmeDiDzuIGgMBqNLKpVm7Xb7NT6fP8RisX6y2WzweLxtKDrOIB3RYCsfRD4hQ3r0CqaeiBAebFsaNfPotGNkNDc3TxmNxqzL5Up7PB44HA7I5XLYDEJkIipsESGszQhBzLdiZbIXM47apY/Gc2XbR6TT6btI2WUcDicpFotXe3p6CBKFu3KmdfGD8vdwO4i5y/jxSY1pa91qxFBxuqgPvH0HLk6+URS28gEQSRHW59uwTCqZttXnYwNVR4oa6WHXYVHU24uJ1/fwbaQFa8lWpMdv4LOV9T1mrCr5qxNdt+uBlVnEHlzCcO9BvL/fAL/u1ELYUHl8R1buk5RuFEJWFEZMGNGz4BIfyg2pTpzc8S+0nN1H3BIe3fAZGjbeGuv8L5WMkmK/8AtkdLda3u0iOQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJISURBVDjLpZLLS5RxFIaf7/NCZqiZYYW1sEbTKWsTDUS0sFpF/0K7aBftulCbTIQWQi1r0aK/IKhFIBUodlNKKtBIy2qsKUPLacbvdy4tRmuhSdDZHDhw3nOelzdyd/6nypcbXnx25oWZplXNVfXOpUzvkb8JxEuXT9djpFvXtJKqSUWimlnpgyUC53f3fEskyQcP5JM8IjKykkDk7nQ9P+tmiqqhpe5ta7dHYsLzqZFZEVVVjUWE60dvrl3igZrSUp3C3DB3HIvUDHdoX99eq664G4/Hh5Y3UVVRN8yN7NwkM8UZxAVzJ47KMHO21qYQkeURzj085apKTUUtjdWNvJoeQV1LOF7Cqsy9ZT4pMB1vQkQRUW4fvxvFAJcyvVHPvitRbi6HmhIsEFQQE4IJwYVCmKepoY2Kwhsy6T2IytIciCjqiqhS+fktZglugoqwsb6Ftg17+VHMc2/wGlq27Y/Ayb7jLqLUrapDzQgeiC3hUPrYbwTDyc6+Z2fTPuaSAkOTD+joimvLFy+nG9tQnInv47TXd/Dywyjqxrvp1wQTxAJBA9/nf7B7837mwk8eTfRPlwMEEQTlWW6YHQ27GP80QVGKiAqNNVuQBTOnZiepX7OB4fcDDLzp/5IIh0sfBEHNSK/rQNTIfp3Cpeg3Bi+TWBIVJWFrQ5pM82GevOunb+zup0TozHb7qwUE4cnYU0QVEUFEi7dOjFcBHLx6QCtQhj88jKO4ivtjfR8TozPb7aO/c/Av1XwhyquVrS6YNue6fWJx/gvSRpXk80tR+AAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAH8SURBVDjLjZPLaxNRFIfHLrpx10WbghXxH7DQx6p14cadiCs31Y2LLizYhdBFWyhYaFUaUxLUQFCxL61E+0gofWGLRUqGqoWp2JpGG8g4ybTJJJm86897Ls4QJIm98DED9/6+mXNmjiAIwhlGE6P1P5xjVAEQiqHVlMlkYvl8/rhQKKAUbB92u91WSkKrlcLJZBK6rptomoZoNApFUbhElmU4HA4u8YzU1PsmWryroxYrF9CBdDqNbDbLr0QikUAsFkM4HOaCVCoFesjzpwMuaeXuthYcw4rtvG4KKGxAAgrE43FEIhGzlJQWxE/RirQ6i8/T7XjXV2szBawM8yDdU91GKaqqInQgwf9xCNmoB7LYgZn+Oud0T121KfiXYokqf8X+5jAyR3NQvtzEq96z4os7lhqzieW6TxJN3UVg8yEPqzu38P7xRVy+cPoay52qKDhUf0HaWsC3xRvstd3Qvt9mTWtEOPAJf/+L8oKAfwfLnil43z7Bkusqdr2X4Btvg1+c5fsVBZJ/H9aXbix/2EAouAVx4zVmHl2BtOrkPako2DsIwulexKhnG/cmfbg+uIbukXkooR/I5XKcioLu+8/QNTyGzqE36OidQNeDJayLe7yZBuUEv8t9iRIcU6Z4FprZ36fTxknC7GyCBrBY0ECSE4yzAY1+gyH4Ay9cw2Ifwv9mAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHySURBVDjLpVNBaxpBGH2z7rrb6poNG0lSi0VyiA1I6a2XUtBLyD/oyV/gvSD03Gv/Q7El5NZDhBDx1lPpQUyRbg9SoUYTsEs21XVdM9/QWdZePGTgY2beft/33pudYcvlEvcZCu45VLno9Xrni8WizANBEGA+n0fh+34Us9mM5la1Wq1QHSMLvPhVMplsZ7NZkfT/iNvUNA3tdhv9fr9Sq9VaQgFnfGtZFobDIXRdj4rihbQeDAbIZDIoFApEWudwi3U6HcFu2zZc112RS1aokDGGRCIh2E3TRCqVQrPZhOM4FZXYSTp5pSTDMERI9rgSmsMwxHQ6RalUQrfbravE5HkexuOxOCCZRIdJs9xLjPaqqiKdTguV1KBM3WlDCdySkKwoyooC2Sifz4u8XC5HNWWFWMkrBX2QITGJP//2CdbVT1gTB896H6JfrFIDWUQMxWIxkkysEn/y6wJP/3yFzTYxe5TGFceiBvQHpL+4XHl45uf3SO15sPU9oMxg9D0cOCdCHWs0Gqfcy2HslkUzxaF9jH3NwcbONnR3Eziii8Mb/7jF98nDS7buMf1+wRraG7w2sQP92gJecnCDx5jf2Hc3H9c/Jh+j5Rnwd3fELYXA5T/8SwC4GK1X8Jg94E9uAhNJxVeC7ewWYHDkhrcOYd0B0mCFUhT4PX8AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAMGSURBVDjLVZNLaFx1GMV//3vnzkymk5lEm/GRzWgVOkVcWRcRLK2YVHwg1geFQJfJIgWhmy7UQl24bcxQGjcqRHfiQikmiIKGKEWE1NqkQmjStNVOZ5J53Ll37v/porQkZ33OD77vcIRzjp0yV94bBTFmnRvBqIqVkbDFl+qksn/Lm1+eLx7644edfnEfYC6/VsYvTDkTTXild/PWBysUziqE9xiEGyRr1dBZOWtkuzr4am39AcAsHy3j7flYlN4et2mN6f6MlWs4tYV1D5F59CzdWzOkCy/jy4TuXx/MGRV/OPSOWveEEJ6x/kkxdGxci1X01jQ2XgRzG4hB1cGlUI2rdDZn6MoNspUz46anpwC8xu/H3xLkJm26i21/j7Mt4N5ZwhMgQuT2LxQOfIaJPXq1eXSQxygmNi+IUS8/PDbpP/F+TgRP4hjCWbvrqV4QoJsXSO5cZPDAOWSrQVT/lcLzn+RlmzHP3fg0b5Nr6M4i6UfO4KQPO5sRApFOkTS+wFlFas9heturuHQRIxnxsHK/9T1U4ytMvIkInsMZA9zjOOsAgUj5xP/9RtD/LKqzjcFHSyqe0RFYg3UC3bqMlzuINfZB2FqwBox2aJVgDTgDVktUDJ7VvRUnDU4MosKreH3PYHoaoyxGg5GgI40K+yjsO0747xIiO4CQEUmXFc9ptUQSIdJPITt/Ejz8ItY7TLIVI1sJSTOi195LoXKO8NYlZPMS6fzT6LBG0mVJbH8rRq1x32QPVvOdm+dxci/9+04h/Aw6uoufKeFI07w+T3NtjqDYT7F8gn+mT4cy5lhq4E27UP9azLp27VRQOEKv/hN3lycRYhjnBtBJEy3vgDEExSLZwRfQtWt0t5h95Tu34AEYSbW5eHYurfvJDU/QVzoCGYGxGwi/RVB8nNzwIYrlE/ixZnn68zkrqO4a042qKJuQKWOYGDp6Ou/6Slg/g9MGl4So5m2uzFTDXptZl6H6xkW3vgtwX6sfidGkxZhVjKiEShJBErEiE5aMZv71H93CTv//ct+662PTZOEAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJJSURBVDjLpZNNbxJRFIb7A/wF/A5YunRDovsmRk3cmLAxcdG0uiFuXDSmkBlLFNOmtYFKgibUtqlJG6UjiGksU0oZPgQs0KEwMw4Dw8dQjnPuMCNq48abvJub87zn4547BQBTk7q2CDZdDl1OXdNjOcd3tj/jJ8Eruuxzb2RX+NMpHT/MMUfHJwKbSgv7Bxnm9YciPRMSXRiDsb8ZjOGrwWjNzZ4UOL4pg6IOQLsYEbU6fajWRYgdpLilnYIbY00T08COcCrzTen2NMCj9ocgKgMQdLV7Q3KnqH3YTyQV/1YWTezEAPvCsjGzCTfkPtR/9IGXDNWkHlTFnmWysxfj7q/x2I4NDRxh5juNZf8LPm12ifBkimdAheI0smjgjH3NMtgzlmqCNx5tGnq4Abe9LIHLjS7IHQ3OJRWW1zcYZNFgOnl0LOCwmq0BgTEjgqbQoHSuQrGuEqO+dgFrgXUBWWJwyKaIAZaPcEXoWvD1uQjc8rBQ4FUio4oBLK+8sgycH7+kGUnpQUvVrF4xK4KomwuGQf6sQ14mV5GA8gesFhyB3TxdrjZhNAKSwSzXzIpgrtaBbLUDg+EI9j6nwe3btIZoexBsuHajCU6QjSlfBmaqbZIgr2f3Pl/l7vpyxjOai0S9Zd2R91GFF41Aqa1Z1eAyYeZcRQSPP6jMUlu/FmlylecDCfdqKMLFk3ko8zKZCfacLgmwHWVhnlriZrzv/l7lyc9072XJ9fjFNv10cYWhnvmEBS8tPPH4mVlPmL5DZy7/TP/znX8C6zgR9sd1gukAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKUSURBVBgZBcG/b5R1HADg5717764trfQoVUpasAfU+CtRgmERXEwcHFmMgwwmjo7+BUyOxsXVmGidDHGQEAc1NsEQxQsm4g9sKYWgUErLXe967/f78XmKc+fOPR8RFzE3Pz8/3u/3Tey/SgA5iAiQM6MR25vxz/IXv3agjIj30Ol0Onq9nkajYaZNQBCJrAA7jyHUG8UiQImzCwsLTp486cyZM9rtKRARIAQB1OtN+y5ssI/PP7h+w+Ejr5UR0Z6cnHTp0iV/3vxQTkAEEEEOYKfHO9UByye+Utv8d2mXqRJFrVYzOzvr1DOnKbLIIYSQRQ4RCaS05+tr90GzUdhlpoSIUBSFejkFUvTMHz2tXraUZcvNG5cNhzsiEhHiv3uM1UAJEWE0Gtl6+Lux8WOOP3vWrZvfG/QfaLbGPX38Tdd/WVavZwe3C998vN9wmP74jM0yIqSUpJTAk4cW9Xv3HZ4/pT3Tsbc3cHvtO0c7r1hf/VHkMGVMbXyw9P6uqEWEnLPhcAim2ws2bl1RL1uurnyk37vr3sbPJiZnpVTJgFqzgJka5JyNRiOQo5KrgZwro+FA5EqVBlK1JyKT2YkBgDIi5JxVVQUeb99x4OAxE/tmPPfyW1qtKYsnXvfwwV+yrIyeU8UF8Wi41XR4s4Scs6qqwOrf33rhpbdd++kTT+w/IvJIrRy3cfsHjWZbDqZqT9mZuD891s9RRoSUkpyzKg3AnfUrFpfeECkZVbt+635JnTInABpNmCkhIkSENBrIaWh9bcXa6oooiKBoAFFkge3dW+zCISXA3NycZmubIiOEIJIoQkQGOSWPJgZefXHl0263ez4rpsuIuLy6uvouPB7elREZAeQAoEBwsdvtnoea2Pof+BV374GHrjgAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKwSURBVDjLbVPPaxNBGH27m5jdaH5ZjU3SFkRiWkwt0l4qFupFEY/Bg/jj6MGLIPQigtCDf4BXLYZKK6UJSL2Ih4AGLGltTSUh1pgaJBXTEkNMY9NNdtf5Rlva2IFvv9mZN9978z5GMAwDrSMejz+sVCo3y+Wyl/5dLtd3h8MxPjQ0dO8/MBXYHdFo1D01NaUaLYPWJicnva14gT7/GK8yxi5WU2Rs8Pv9CAQCHJTJZLCysgKGIU6dKfrGMM+5IgKw6vXdbPl83ohEIsbS0hKP6elpvtaiiM5A6uvreypJ0gD9tLW18YLLy8toNptgh1AsFmG326FpGjweD3RdRzqdJjWm2dnZgIktXA8Gg6jVamBsYMWwurqKUCi0xyvmDaxWKxqNBsc6nU6USqUrImOs+Xw+dHR0gO5us9ngdruRzWY5G0Xu4wyCh9/BYmqA+QRVVakzpLZm2m6jLMswm82oVqs8k2GpVIq5rEIuvcbRrmHkc69gls/t6Z64XYAysSmKgs7OTq7GYrFAK8Xh8g7C7jkDpZ6CRV/nePKEF2ATRRRFUND9SB5lQRCg13/gQHUetiNOaL9m0N57A+byG+hak5OxszIpeJtIJLhkMolMpE3DYLEWw7EeZmZ9EXPjEzjk3IRU+QTLZha5XI4UJEQGvlwoFG7FYrEvyWSSM1PbhI0srJIGm+s39K2v7I6McWMex4fvQsu/aGz8LIywApeEbQ/C4bCbze+wuN0d8DudxWfwnr4A2ZyArhb+9lIwQzrYj2JWRCERfnB2ZGFUaH1MY2Njpzz6h3Cw+8RA+0mFsc4xqSoWohn0h3ogSA5AuYj3T+6vGbp+XtjvNc49Giz0XpvwSWIeRrNMPdq1K0JSAiimk/j8cjRiwj6juaXKi49Dm4bOek2G7oSxk8GNNtr/AJE93CiYMK0yAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAK5SURBVDjLjZBbSNNxHMVXDz3UQ0892AVSs4Q0shQRA5uzCFGL5Rxqc1u5mZpNnWNN533eaDr976blZeFllc7mMLMl6IOGqdOpS4vAPaRbb6FiQjpPm5QahvmFw5cfP87nezgkAKS9JI4+zp5Wey3Ot57AnMZ9rYnn0RAV6HHoz/+eZl74SYq12d2x0OaGnapL9azeF6CBeYxY6PSHrZeDH8OVsOmCsaA9BYva8/u+AKroo5V2cy8Wh1RYMz/D8nsV5id60F/sZ90XgBoew51pydxYmuyAY7YTKxY97AMEihKu6v4J4JK92Ep26CLBIEPFoqwl033HCGHqT7uOj69dhbAbcjFY+wAXOOd7AgQ+R/4CMIPPUJTsMEd1PBk71SjjQV4nQYUiF/lSAbo+tqCkvwi+eec0F/lnD28BZPRLg0+Sb6Gz4B5m2sRo5dNAMCioTQpDk1kM9bgQVaYMlJsy0f6pAen6NAQlB6i2AAq6Z/uXfu2uwrTZZMjGH6HCJEDxaDpyRlMg+pACtoqFOVXU/wurKI6GYkKEfMN9pKvjwK26ibjSUFAl12B7GrENOHi5RqQQpe0qzIeWBW5dDArb2ei2KGG2GSF7lwK6zBcMoffrTfOB4OeJVL5peeAbUPpSh9xGLQSEBvUjqxAo5hFfcn29a7oaXTMEXCPt40DWl4TAVLdVknt4LY3G614xzDogmQE4I0DCABDTDdC1ADEEROT4ocdSj51jmFK6ACBNSfzXxzrk4L+yg9kLMPUbiNdugKZxIFINRModuPLwNB4b76LMyNo0l71lbSew1oTYOkoyEJs3DK4RYL9xJtADDANwx5WifA6xvCjclnqj0pi4edm1XW8nQEr63JwU1FNEzQ6ktej900dBzptyahpk8SRCsk3wvPHCKs9KLEgQehuchiVX7N+73NXfL+Zkqi9OGtlWAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALcSURBVDjLjZJpSNNxHMb/VhTUi3pjVFoyj+wyPDG1sDUTE7ES1zCPuXRbZjZrSk63qVPzKNuc+ncmHmPOeU3nkYkEmnjhlVdaBPoiddGbMDEoj6clZEYlvnhe/fh8+P4eHgIAsVWE/kdY4wVWC7NqE0yXUZZLeebFvs7mu3+9bwnzvE1pMyrK6lzFYWxOYaSFbFuCYqaxfK7OEfOtbHzty8a81g1zmqOYKLD4vC0B6b8/Wz/SioVuEssjSiz2kJh93YL2FLuZbQn8vG9wJssfrH0ZrcXqVB2WJnTQd8ghCbmo/aeAQ7Vi5bMuLciDqSBDacsRDJtB+cPI73otHx8akqFvFKFLcRdn2adbnGLP7PtDwHSzpOWzPFZlgVRsTomUh9zCVGTmiZD4JBYNb8qR1i6Bjdi6zJZ/fO+GQMqw73oWcQ11SWGYrBBCzadDHkyDguuB0hEhotSuYJfaIX0gGjVvixGti4JLhBO5IchjWNS8b9f8VZgmngrpcBzClY5IbroJhuIE4nq5YJGhmCZ9/18YT30B91TnwFU6gFVsC2E9HdUDOYipuYrL0kMIkDIwX+TzW7DDIUeQJ4jaKCxS5QzdMAntUN46WDkgg+xlDJS9Wbit9oRT+p61riIf9jps5FYZ7scfWuz4CDyq1kJUokGY4b8/4adtPGS2RiKthYOkJhYkz7lQdKYgqOw8rBKJFYLiraDTec1LjVOrSJ0E2P1ASAcQWHQSVf0yqA0LVPZkoaQ7wyC5g4JOCThqL1BExCcTAWFLjKU6rgzW5oJfrwezFWDq1hCoWcP1AnNcyTEFTXoQbo8PIKTUFeSrJNxSecJMROgPC4hT6zuYyXGfr027jwBxHzhtAOuF4QIdENwIBDUDjIxpiPnpsE/dBaaSBrMEYtYAW28s8Z2K69Ii8Yt3ppfrHKMHQBWPGTIOqnAU7vFDsPCqmsmNCU+yFBt9O5awE8YCgrJ5vT8AXgaV02he+4MAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAM+SURBVBgZBcHLT1xVAMDh333MkxmYAYZOwbGGPqRaHq0gpIBGba3GR2KibjQmsHDXsHDjP2DSmBgTU7swUUk0ajemK1HapjYIoYRqi4DoUAsNjwIyw9wZ7tzHOff4fZpSCgAAgJHJ4UHgPNADZAATKAG3VKAufTb49c8AAACaUgqAkclhExgF3nwtdyaSjmWw7BpsD4R0EGxxfXNMSCGvCiHf/vLlHyoAmlKKkcnhEHCju/HJ/hdzz2E5EVw8li2NsIqwawco4RHDZtOdYHZjdk744pnv3rpS0gGA0VMNx/oHmrspSA9f1xBCpyrC2IQpuBG2nRhrpRCPJp6mO/t4h+f63wMYxbMPBoCP3zn2qjEv99mkSjUQVJwEBTeE5UB+vUxpf59IehetLk9fYxvXF2dav7k1etfoHT756bnm3hOaEWNTF6CaOCgT3N4yqDo6i+sVgmiRyKG/cWvz7ARFzKLkRENOv72yVG8CPbnaFu7YG+xEdZ4wDhMgWN32cJwqdVmFVT/OcrAHriIlIuR3XM48dgrfFe0m0BA3a1i1N9h2bZLxVva8JMViQF3GoSltsyO7sNy7RFSZ8n+7FPbiJGJJfE+kTKWUpinwXAtFDjMkGZv20WIJNpcFuqqlOVMlWR7EWvdxmMX37oNSCCE0U4qgYHlWS4ORIhntZG3HxPFDhKMRok0x7v27izOTIhOeIROdJ+JZlJ0yY1O/IEVQMoUvfl8pPGg5Es9x7eEkqfgRwkYO37FRRopwIk2tO0FbdomnjvfxSP1RbixcYXp+AqNa8XTfExd/XLopDiUymPY6pd0p0mkXU7iENEVENzAr1+hq60Tqks6DZ5GaT1/7aXTPyepfvXJ53HP9n8YXb/JsSxd1Rg3pREBdWFIbdkiGXIqVLUJagtePnwfggxe+4HBTB0BIB/Bd/91f83fm/lz5i3NtPbSmTA7EFY1GmQbdplgusrAxxYWrQwBcGB/i3vYcgKMppQB46fPnk8IXl4Uvz77XP2QisygVR9M1Fv75ltXiFKc7BjiaPUn+4R9Mzf3G2v3SJ5pSCgAAgP6Pet+QQr4vZdAeyCANAJSMatnTveoBIAqUgUvTFzc+/B+ww5qo63KzbgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAABbSURBVCjPY/jPgB8yDDkFmyVWv14kh1PBeoll31f/n/ytUw6rgtUSi76s+L/x/8z/Vd8KFbEomPt16f/1/1f+X/S/7X/qeSwK+v63/K/6X/g/83/S/5hvQywkAdMGCdCoabZeAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIESURBVDjLvVO/a9tAFD5ZdWwZg11w2iR1idMhxhm8ZOlS3K1rlwwZRD2EQCd7KIUOpmvoj7E4BBxElw72kMFLh5osBkEp3fwXlMY4TlRJtk4/7kffqW6wcDMFevDxTu/u+/S9d3cS5xzdZMTQDcet6xY6nc7jIAh2AU9830eAz4BP9Xr9dH6f9K8S2u22IL8rFovb6XQaEULQeDxGuq5/A5EXjUbjdMFBt9tdA9I+YAewWiqVbieTSWRZVigg5uVyebvf7+/C9kUBUN7P5/OvM5kMopQiz/OQYRhoZj/MpVIpkd+r1WoJyB02m019XmBH2J1OpwhjfEUEN1fRtm1UqVRipmk+6/V6ghYRCCHIruuGfxQk4URE8S3WJ5MJyuVyYv40coywsT0cDv+cbSyGHMcJhRRFCcEYQ5IkoWw2i0ajkRA4ifQABI4Gg0FYyszNV4AMeDQr4TtAATwEnEBjDxeOsaadvYnJSGEUYRFdj2PGmTLxOSaEKZ7LMCVccWzy8svBJo6U8Pz458pWPlF1A97aXE1UL2zS2rgbr54bQevBnXj114XfKkDevPQO/pIjDuofz94TymU3YNQnXMYeozRgUAKjxGdyABH6KLsOfaV/2MKRt7B39OPe+nJcPbeIVlheUg0j0AorS6p5GWj31xKqZRJtfSOlAvntPPnaq/xfX+NvE6ltVjnyz4AAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAElSURBVCjPfZFNSwJBHMb9UPOd5pR9hUnvIQrFQl26FHXo0CmImEMoQUhl48vBw5qWtY461pKU9PTsrJRsFM9l2N/v/7IzOeT+z/ehI9qqpZvW2Ia+VdciI3Rk20SIsWBeMUTdXMkVgdjNAcwxg8MbTzEuXU0uBTY3CZ5gDMuMEHlFm3PhhZaKMviJAbo4UV5o6phtE7jO5FEkHnKTMY60F+7sAlPiiDDvhUc8UHrHvvVCg8KE+NnjNRQwYJIee6lwo2dcKZlbJCxgg7jP/wmxm46oqz4+WZE0Hnh4jx4+UEWQLlkTF2bKrX9gyIIeAhOI5UWdyVM34scX38exOkTgKnLlqo/loalzRMzZXWhUTElmHutA7KhtvWXLtqQ3VVn8es2/8gUo3nl2LXz6SAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ/SURBVDjLhZJdSJNhGIYHkjAQgk49CMMwJKPIkyIcDIJSFA+UkqKDQM0y/CFRdKmlMVGWQ1O3ZR5sKjKXP4wSayyFJYpSdhAEhRDYQXUSGAvry6t7mYU/1cHDBy/vdT/X87yfCTBtqmlPispBuGeB6S6DkNNgsm2BiVsORupTtt7fClcKjDI3BC/GVUFYHIOnPpjqgkBVFH955faAaU88U+4JZvvhWUCXe+BhC+oKY9dhpBrG6yF8G0Zr4e65CXry4/8EhHuczAmOBUy2GQKt0jX/7jRwxYy30ErfBYOAwnwl4Mx0rAeEu9J40mEwO6iOdoOxxr2M1iVIt1m6M/SXzOC92IyrIAF33l46sw38mqLVYtByPNXEY4eTSJ/0nDFdK6PViQxXLvGgCYbKYfCyvhXgyl2i43QibVarQqD3PDQfcZik+4qZ/vXZAtfM0h0meAPp+vGctXAn1yJdP74idc0YpvWYmZtHkRnUprw0SXeVGW3ZXx47jJNuFN8lpGuZn5/PiUQiqdK10JkFTelRGg/FUXcABq4qYN8nk3RXidzTYgpj2zXjOhPT/cBQ2QnB30Kh0Fe6805J9y0NaVC930xt8vpotqQVk7b7mvtVSDcq3XjpZsS2K9jH4iS8eYTf7/f+fA1b8kF13SVwmZb0WIBGcBWUSbdIi9m98WyC96jzSjAYXBO85vV637nd7oRNP50tyaLKN237lVWCuwUbfHwO7+cRbLS3t9t3ursTfFjw91+dI4IjgtfsdvvnhoaG5P8GCA4J/iK4d+NMsE/wSk1Nzcg/AwRnCV4WbNt6UXBjRUXFVGlp6cm/Bgj2CM7ZadZYCc4uLi7OVMVtnP0A9SbJ2btHXdYAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALoSURBVDjLjZNrSFNhGMdHJfVl0peCKAKNoL7NopQ0CCqRQrxlUVoxK6eZk0oy03Ap5rXSYZsiedsWuYhGopgaqNNlrTR0uUtuuOl0lE6n87Kb/857aKJJ0IE/7/M+PP/feZ73nJcBgLFWCoUiuLOzs6K9vb2/ubn5l0wmm5FKpVqxWCyUiIQn/q5fDZRKJZMyCyiz02QywWq1Ym5uDgsLC7DZbFCrhyF8nu+qEuSJKviFvusAf8yter0eKysrWFpaAoEYjUZMTU3B7XZjxb0I16IWnR0vUVKUIS8seOi7CiBvJman0wnyuFwukP3IyAhmZ2dpqGNxAsv2YXiWf6CtpQ65OakiGkCZg6i2PXa7nTbMz8/TELPZDI1GA5J3u11YsGngsKvpLpyU7txO8qTfTQlmUGbB2NgYiLRaLW0iMxPQ5OQkHTuWbRRARRlNVDxNdeiAXC4Hh8MRMFgsFv5X5GwIeGZmBgaDAWw2+xsNUKlU0Ol06OnpQUNDA11M1vHxcTpP4uSaQNyoDYBOr8Xo6CgsFgvi4uKmaAAp8poIhIjkvHmysqsD8KjpEi5UHkDv4HdojBOIijk/vQFARPZpkuPgioLAqTuMhBcsZL+NhVRZjvTXEQgt24WmTwMIizg3vGEELyhFFAhZvwBvvlbQxlfKMpR1pKP+YzGSJKE4WrANp6PC6v95iNeoeYn5aVsailpTkN+SCF4TG7nNHFR25yG+LgT7cxge+kfi8/mCrq4uWGapT2kexLBxAHHVB9H4uQySvieoVxSjpreQgtyEsDsXiZIw7HuwZWl3JoNFA0pLS5l5j3M7Gt+JYfippiHRQn+cKd+DU892IqRkO67UHoOgi4cEUSj8M30cfqnMI+suE4/HY97PuledzE10yd5L0TfUjSHDFwzqlejp/wBW/lZcrT8Jvwwfu98t30MbbqNXXG5qSGLy9arLCfGq2IvR1siYcGt45FmVf/Ym196szdiRyfBbW/8bMwbKi+1SPUYAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAINSURBVDjLpZPNS1VhEIefc7wXTNQopKTM4IKRaB+GliQtKgpau3NjRcsIzEW1EQIR2kRUUP9AtHFhi4rAqKBCUDOEkDIQPzIIWpjX7jnvO+9Mi3uvUBAIDgzMDDMP/JiZyMzYjMVs0jYNyDDc9h8NCl5BPIiCdyChWAuAM0ghA0BTzz+z+rcHhRCKsQ+lWODN4xIAYHUZVLFQahDBgoAXTHwx9x4TAfFkd+yHgpUBBmbQfoMoW4N9fIiFQHzoEkiB8LyP+Nwdomwl8uoWtjgF3pcAIkVtppCtxcZuEnUOEIUUnXgAQYmPXqb/WQ/5NM/dg/3E85PrgBjviwA1iDNQvRdUsJUl4uPXidsuorMvSILQUNfM+fFBnAqIQGpkKCRFfapEQNTai319St/UfUwdzgJOhF3bmmiuP8Zqskb30hgjfjdbUiNDWqKpgnp08h5xx1Vk8jZnWnoJpgQNKMbyyiIHGrrIuwInF0YY1SoyFAxSDyg6egVECE8ukIgjmDL/cxavgqjHB8+vdJXDe06Q97/pOPK2BPCeKFQSlVcYAokkSBB21jYiGgimfF9ZYHt1PR8W3zEzN87w9FYiu1ZveFu/LIKBg+6uahLncOpIxJGra6Ezd5aJhfdMfxrl0UwN+5IKoo1+Y+tgvNbeeKrq9ZeX35xyennIPgMbB+QGorWgFVUFDbkfQzZXrv8BKB9RM6Fzq8AAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHdSURBVDjLjZNPaxNBGIdrLwURLznWgkcvIrQhRw9FGgy01IY0TVsQ0q6GFkT0kwjJId9AP4AHP4Q9FO2hJ7El2+yf7OzMbja7Sf0578QdNybFLjwszLu/Z2femZkDMEfI54FkRVL4Dw8l8zqXEawMBgM2HA6vR6MRZiHraDabH7KSrKBA4SAIEIahxvd9eJ6HbrerJKZpotVqaUkavkMC+iCKIsRxrN6EEAKMMViWpQT9fh/0k3a7PZZkBUPmqXAKCSjAOYdt21NLUj1JBYW7C6vi6BC8vKWKQXUXQcNA5Nh6KY7jqJl0Op1JwY/Hi7mLp/lT/uoA/OX2WLC3C9FoQBwfILKulIRmQv1wXfevwHmyuMPXS5Fv1MHrFSTmhSomnUvw/Spo3C+vg3/+pJZDPSGRFvilNV+8PUZvoziKvn+d3LZvJ/BelMDevIZXK2EQCiUhtMDM53bY5rOIGXtwjU3EVz/HM5Az8eplqPFKEfzLR91cOg8TPTgr3MudFx+d9owK7KMNVfQOtyQ1OO9qiHsWkiRRUHhKQLuwfH9+1XpfhVVfU0V3//k4zFwdzjIlSA/Sv8jTOZObBL9uugczuNaCP5K8bFBIhduE5bdC3d6MYIkkt7jOKXT1l34DkIu9e0agZjoAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJjSURBVDjLpVPPaxNBGH2zu026piEpTayhJVBzswR/BBVvXiyKiJeACv4LnnsRQ/DqIYcilApevQuWHIpgqIhiSJQiCrEBf9EGarqm2eyP2fGbSZMWjCC4MHwMM+99771vhwkh8D+fcXhTrVYf+75/2/M8gyqoquW6rqxP8vn8rZEE9Xo9RoBH8Xg8Hw4fgUMgBAGUNlI4ORlHubx6k3Z/EtRqtcsSnEgkZiKRCDab3yC7B4FAIAIiEuBE5jjOaAt0eTWdTquNbffgEfh9/S0RBMN1aeGKsjGSQHoMhUKwLKvfmXOcmD+luov97jLovyqQzJxA8pIciJRer72hyimgLsAYGo0owqaG5ZUl8gQmk2nvtKYXF4stpaCflVBEkmA+ewaatYZo6BmMCJ0LDsdOYmv3Ivthxa7R9ae9nn2MassYeOsrkJK5kj4VXsdMbpb2LepJ1qwuxhvPxdef13d1nUm7akiaJBiC+UFw+hgdGiac7fOwv+dgTpiqUdfVlWTf7ys3ZDiDv1EGJy0IGZwG6Bp1TdYphi40Nib7EdBlno/hVJQCOQVd15X0YF8FYwE87mLn8xzeradJnaUA3HPpjq8mpghIwetKpYJOp4NoNIpxM0x/IEMgLToaYqkaTp7dAHqaAuiMjwnuCd/tKNlMyi+VSldpGsVUKpWbO55BLDYFu/UCem+NQjTgenvwHBsvN5JfYtOnZ51u2//QbGVXlh5+ZIdfY6FQWCCiB7Syg8cka+TcXVi2D/PTfS5FKCuZe+LXHhfsX57zjeIr3t7aRDooX2C+lbF5aKJz9M6ytd0UvwHmbqDcpFnnSAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAEuSURBVDjLpZM9SgRBFIRr/EHXwGVFAxUPYmTgMTyEoblX2NwjGG9i5B0EMTIQFWTBaHTeqyqDHmdX0FlhHzSvO6n+qvp1ZRvL1AqWrLX5w93VuSXBJkhCKovMrpOJk4vr6lcBidg7PgVMWIYkWATEbv9wc/03AZkwiY/3J7i93STcEmxu7yOz6ReQCDFhFTExIRJWgox+gcwot2UUAmY5kzADzkBEL0Er0PUZReUGIhcRNAU5muI/E1JiZzjF4cEbHp+HyIx+C2otdPgqfTodoP5c/w9BgNn8sPD6sgFzFVu76ieIaGYhMtrwWiGVPRkLCLJkYJX0vyms8rQLMigWBqMj2IKZsFSWCbGM83xVtjGZTFzXNeL2spv3+fmf/QnCJu5HZwCA8XhcVct+5y9H3H2zjxE/HwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHOSURBVDjLpZOxa1RBEIe/d/e8FKeFEA2IGBWCICZYBSESBCFglUDSCJZaRBBbK1HQ0s4/QQlCgoKdoBA9sVBshCBETCNRiUUg5PDt7MxY7HuXdxgEycKwyzJ88/vN7Gbuzl5WDvDozeZtd66p21EzQw2iGaqGmhPVaqFodNTs/f0rI+M5gLnfmB0/MPg/le88+TLWU6BmgwDtpevgDhrBFETSORQgAQoBEbZvvUJEB2qAqg8ORw6BxRQeS0gBUkAMsPIdAIm60wNVKwEZrG+AW1JilpRotQNDQwCEOiCWgIXhe1w+f/if3hffrXMhxH4Fooa5kzdT0rNPi3TWlrl6bp7PP1d4ufqCiyNTzIzOUYiz1RWCJECjsuBA3swAmBmdoxu6APza3uDB9EM6a8sAFFEJYsRoOwBRww3yxt+Su6FLq9nqAQuxst11QDTcnX2lhc7XVO3jtw8cOzjMzafzTJ26RJUL0B7Ia020dNlsJAsTJyaZODlZziVj+swsWZb1AarJJUCMeCnn8esfaWruiIKoEtQIkry3mlUx+qfg7owd389prd6+9/7CbsvMrfaQ/O3dhdWzQa0tUZGoaDREjahxV8Dm1u/nANlev/MfAjw0JrMu09AAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALVSURBVDjLfZJNaFxlGIWf7853597JTJzQzDi9U6chPxCaOmi78idIlglEsEJJqFmIaDddlEK7EF3pKmJcdiUU3bmwXQiiGxsQQdBaF9HYUFucZP6SNHWS3uncO9+PiyDNGPDs3s3DOec94rOvflkyRrzRjo0fKQ7L9p6uBN/l2tuvnb4EII0VC7Mvl/K+7wshEvyfOga06nL9u7tvAvuAdmQ8z/PF58sP6fCAPXGH4cImKbeFsoad3RS/3c3SZ08gGeTy2WG0EeJfqIwVOE4CR0DsNBjObeIl/6IV7aG0QnoeI6WA+/fSDCRzGNPrSgIYwHEEkd0i6T7k78ctIt0hVgplQzzPI4xSDKYcLLanmCcAIbDKEOkuHRXxuBsRG4U2gOhijUY6Amt7W3UArN0H+OTZC9NYXCKjiZRGiCThXoZMskgi4YAVhyNYux8hkzhGtdEk69fpSzt4QvFop49mIyDIjiAdcegz0h4EuE9TTJ1i4/ZNBjI1hNa4nTzHRxfI+AHamP/O4omDOw/Oo42hG2uOtCTSfYVc4Rk27q9S2/wAIyMGt07xze5JdpvbT1248OmVlZWVq9JaiwCmT19CK833X/9A//EB5ubmCMOQjdFRfvw5R8JxmD33Kq50qdfr4tYt76NKpZKX4sBeV3/9g/ZWm9lzr/PJ1SV+v71KcDSgXC5Tr9dZ+niJRqPBsZGTauHsrKxUKucd3xUtTJfnCi/waD2ivz8LwOWL79GNFfPz80xOTjIzM8P09DRxHPPsS2dCgGw268mkFF98efPei7G25T83VTLRrvuAePf9D5VSSi4uLpJOpwEIwxCtDT99e631/FsL2Wq12hEHhzExMXFibGzs+tTU1NFSqWSklEeazSZra2t4nsfQ0BCFQgGl1M76+rqzvLzc6AGMj48ngiAop9PpG8ViMe95XgJwtre33wGquVzuBuBGUaRrtdpWGIZn/gGotkJJF2DBHwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAF5SURBVDjLpZMxa5RBEIafvdu7RPCMhYLBxCoiaqO/IHZWNvkBooh1WrHUwk4s0sTGQrsQwf9gK1gpQoJoY++d5Ludd2YtvlwuaWLODAyzsPu88zLMplorp4n85t3W5vLS4sPc6/VqgMKxIiRRJEoRxYzx2NpajFKMvaaxH993X+flpcXHl169SAv3P/Gge42Nm2//2TUlOH/ubO/p85eXc879dHF1lfmrXe50bgNwfeXKsQJfd37S7XZw95TNxa+7a8Aa94BxKXz+sgOA5JgJuWNyJEfe1m+7gUvkGsGtGyv/NcDt9x8uZCkA2GvGM8Fn5ueIGmR3B2Cu3z/yoNbaJpWI9uwR1NreAXgEuZhmAicJEO5kk2YGD5qFTx1EjRODk4gIsu0LuMeJwSMCxexgIIfhduPSsQI1gjwajYZN0wx+D/8QEfsC00kfdjMxVKn0cwcPV1p/8mx9MFh4BJ1BcU23T0JmyA1JuBlyx2WEO2Y2jPCP6bTf+S96U2WlbWXHPgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKDSURBVDjLjdFNTNJxHAZw69CWHjp16O2AZB3S1ovOObaI8NBYuuZAhqjIQkzJoSIZBmSCpVuK/sE/WimU6N9SDM0R66IHbabie1hrg0MK3Zo5a8vwidgym8w8PKffvp89e35RAKJ2ipp7WDxvjltZ6jwCr5W2bpHHtqUnx+77877jsZxzlO3roAWXuw5ha1pl9MZdAW2ig8RyXyL8rnx8G6uH387AMnUMC2b6l10BJPdAfWDGhZVREuszT7D6hsTStBNDurO+XQEZnEypx1a28XW2F8HFPqwtOBAYJlCde9EeEZCy4sTN4ksrRA4LZB57vZCfMElUyH4E7Ap86r+LwIAGIy03cDr/lDNJGR/zDyBiHGc3i1ODjUIWtqbdIIexVY86kwZ3HijR/86GmqFqJGhPWs8oTkRvAgb+uZGHhVfRV3UNni41OhU8EDlstBSkwjKjhnmqAg3uUtS6y9Dzvg0ljmKkFCaRm4CJT+/5OERtG4yqZMEwdQt1biV0EyW4PVEE1dsiiMk8eMn0/w9Wp+PCNK1CQ6iBYeommkIpH5Qhy5AF/6Mrf4G955tUJlXxtsHieeWQ2LJxvVuAAkoASUcmLugZPqW0qsprEQjDx3sY3ZIMhXt1+DNw77kdmnYKSsKKx+PfoTQtYX9KtzWG2Rod6aujaJwWHk8+uDawGITeA+SPA7nDQOYgwKcAYhQQajyIY9eQEYE5feLPyV4jFC8CELkAkWMDQmoDPGsQaWYgzRjEU8vL8GARAV8T099bUwqBdgzS14D4VaiBA8gZALJ/t6j1Qqu4Hx4sIvChoyDFWZ1RmcyzORJLJsDSzoUyD5Z6FsxKN+iXn/mM5ZLwYJGAX0F/sgCQt3xBAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALVSURBVDjLfZJNaFxlGIWf7853597JTJzQzDi9U6chPxCaOmi78idIlglEsEJJqFmIaDddlEK7EF3pKmJcdiUU3bmwXQiiGxsQQdBaF9HYUFucZP6SNHWS3uncO9+PiyDNGPDs3s3DOec94rOvflkyRrzRjo0fKQ7L9p6uBN/l2tuvnb4EII0VC7Mvl/K+7wshEvyfOga06nL9u7tvAvuAdmQ8z/PF58sP6fCAPXGH4cImKbeFsoad3RS/3c3SZ08gGeTy2WG0EeJfqIwVOE4CR0DsNBjObeIl/6IV7aG0QnoeI6WA+/fSDCRzGNPrSgIYwHEEkd0i6T7k78ctIt0hVgplQzzPI4xSDKYcLLanmCcAIbDKEOkuHRXxuBsRG4U2gOhijUY6Amt7W3UArN0H+OTZC9NYXCKjiZRGiCThXoZMskgi4YAVhyNYux8hkzhGtdEk69fpSzt4QvFop49mIyDIjiAdcegz0h4EuE9TTJ1i4/ZNBjI1hNa4nTzHRxfI+AHamP/O4omDOw/Oo42hG2uOtCTSfYVc4Rk27q9S2/wAIyMGt07xze5JdpvbT1248OmVlZWVq9JaiwCmT19CK833X/9A//EB5ubmCMOQjdFRfvw5R8JxmD33Kq50qdfr4tYt76NKpZKX4sBeV3/9g/ZWm9lzr/PJ1SV+v71KcDSgXC5Tr9dZ+niJRqPBsZGTauHsrKxUKucd3xUtTJfnCi/waD2ivz8LwOWL79GNFfPz80xOTjIzM8P09DRxHPPsS2dCgGw268mkFF98efPei7G25T83VTLRrvuAePf9D5VSSi4uLpJOpwEIwxCtDT99e631/FsL2Wq12hEHhzExMXFibGzs+tTU1NFSqWSklEeazSZra2t4nsfQ0BCFQgGl1M76+rqzvLzc6AGMj48ngiAop9PpG8ViMe95XgJwtre33wGquVzuBuBGUaRrtdpWGIZn/gGotkJJF2DBHwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKsSURBVDjLhZJfSFNxFMcHPUUP0aP0EoSEVEaY5QixFzMTRtLDCH1QqIbEKBCzTEyxPwotsbLUETSHmTUTm86mrk03N9eW253Oua2pW8OcS6Z3d7uzWd/uZi0qaQfOww/O93N+53wPCwDr7yyoJ0oqRG61oM9P3u3xkUUCQp3C7SnZqnZLsUDqXzK6wpjxrGPKHcHYDAVei3NpW86TkqSAcqZzTOz8vI4PLhp6ZxjmBRpycxAZZXJ1UkBjr4+c9myKJxw0NLYQlNMUxmcpFDZayaSAum4fScxHMGEPQx0XhzBMUBhlxsivI5IDCutNaqU1CNM8jRELhUFTrHsIL3Wr2J7XmXyEnQVdNUUCKz06E4LUSOK1fg1ygpmfPxpl7eI3/xdwmK/j8oUum/jtHERDC2iQeHHrhQePemfR2mNBToV6hZVyu2ZLwH6e4tClNqdVwyzL5o3AOEfD8DEMLfN96ZtevOuqhk7WAKXkJoRVJ+1VnPTcPwDZFTqhbHINVg/N+B6C0RUD0Bjol8KqbYduahEq8wqGDH7I9XY8rT0VOp994EQCUNpkd4zbg1BaSIxZKbxnuusdYfQ/vYIxsxerwa+4U1mNWCwGIuge1OAa56AqAeAL3bTBEYJ42AcV47uOsTG2fZnoKmSG5bjwFyC6sYEOlRvNl9mrCQCvxRXR2kPoVCxDYQlu3sAUhVcPStGtWcT3n4BYfmMeDwdmcY+XGUgAcq+bXGKlH31afxygYm5BbiZxv/wcOmUqfApE45BYzH+J4nHHM5SxUxW/7Tgmzd/B1beWNdsxwgjHbRSzTBIdXQo08dkQSSR4PkRAPDCJdlEbqjhpgTOZaex/Dmk3d3gpg2/w5t0gAjmVRDT1gi6653Rr8OzxPLq2+OhGfXF64GLWXjnnyL6sWP0PKd/8SStdk8YAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ8SURBVDjLpVLfS1NhGPYP8D6im8DKwrYhUaa1tEyyIXlRWtFFJlZQERIGUZKGI5dO7ZeUEl1YaKUYkyU1J0hE/ppzuOnUDbdpbp7Nue2crZ2J9fSeQ4LhdtUHLx/fx/c87/M+z5cEIOl/6p/DsjGnzWfIhnf0CJjhw2AGD2HpWxY8Xw/CPXAAi/378aNvHxY+p7viEhD416q/FTFfC2JLL8AvPkd0/gl+OhoRsdXDN1gsgLm4CghcE5opw6qvFeHpfHDm4wgZsxEcykLEroZ/tFQAryUcwTsij8WYZ4i6boGz5IE1HkWQxojY6xAwlZN0OVyfZClxCbzD8jMBywXEvC0IT50AazqG4Kgc3ORNcNYqeAYUcGllioQmklnhiKsavLsR3EQuQmPZCAxmitK9388RWFqRMAUCZyyPFSLGvKSOCoTG8xAcycEKOR+eeSSAfzs1e3lHdxo/17WHt79P5W3tO/nZNymMSEAxMezsbepO8y+Q484Gce6IrQ5hqwqsWUmkVQgaKhEYvosFbT4IHJl+vV30I4kyDlLGPGXMU8Y8Oc3P98p4zvoQvl4ZlvWkyliNro4iVDQX40pjIc4rc9iTd6SVm/7Bejl7JAMrhnKwEzUEvo/2tlN40HkJWkszTG4dmvqu4WyTBBnXt6rjEjg+ponSPf1FmPsgxUVV7prG/BiaqacQllp/GU36qwJBNB543KMvhFtXAHvHLr/t7Y4tBffS0Wt5hY2rZ6JZINgETnZ0SzDXmQZyum79PvPGtmi9rhS1uhIRXPulJL4CimmSYmIInLzxnh4qT6t3o0FXJnYWduG8yQP7u9SMRB+GHquoWEH2310l3P8B4M3c7jDaDNsAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKJSURBVDjLnZPfS5NRGMffq/6BIMhuuvRGKLqooItuugiCoi4qiNDoh2RS6BCnkA6mG+3dD0bvHDXB0iTtwm1M4X39sQ0ZqAzJJYGUNWFuMje3vdtSW9u38xxaDOvKA9/3cA7P93Oe9znPEVwul8XpdN4CIBxGwsDAQL3dbp8zm80NhwLQx2Qyafr7+8O9vb3HDgXQ6/VHenp6ZrRa7Vx7e/tR2ltYWDDMz89X/H5/RVGUvcnJSb/b7b7wXwApEAi0tLW1bVksli/BYDDEzD/YACkT8OO7x42xsbG9kZER7T+ASCQiLy8v/1paWtoLhULY3t5GPp/HVlrFuhzEtzOnuJLTCgYHByus6G/+AlZWVsSNjQ1+0vMpLTeqqopEKofG9xXceQcEX3mQcEjIJpM8bnZ2FqIoGjiALYpkymazHFBVJpPBZjKLaCKHXC6HQqHARXCK7evrK7OiXxdYcSoEOGiuKhqNgmUJq9VaIe3s7PAs19bW0NXV9VWYmJgoE7VqqALS6TRkWYbP5wOLQbf52c+nL2/vP7RcRdOLy3grS9BoNBDGx8fz8Xicp0VGSjeVSmFxcRFer5cqj06xFboPTfCtSvgYV2Cdfoyb1gZca70IYXR0dJoqT0YCkNnhcMQ6OjrU5uZmMKl3DZfKnk82eD7bQUOceQDrzCOca6krCcPDw510Et0EAeh3WHvna+/6SvdpTK26UDu8EQlnW45DGBoaOsnuNR8OhxGLxVAsFmGz2cq1gPNPTuyalHswKI3cbJAbeQYMsMsDJEl6zdoUrJnAmgrsXezXAlig/oZYD7Nyn59MM63ZvsgD2GusY42xbjQaS+x+SzqdLnSw51mwkUmltP/MRtr/DeMW8yghqDBkAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKoSURBVDjLpVM9TFNRFP7ubWvb1x+QQAtRIFaRmEakaYiGiJaAurioiYsxXXVxMHESB40TJI5OOihxq0sZTDBq6kANikAJNLSBAokQ29q/1x/69673PoSoMS6c5Oa8c979zv2+k3MIYwz7MYp9mvb3IBKJ9HB3T7BSFAXcW8Q3P/KvWOTHXC5XaBdDRDIajZ7jflyn03VYrVYQQnZ+cr9bTJjwyWQSxWJxg+dv9vX1fST81SEevLXZbKRWlLE++wlyfBO5+BZq5ZIK1BkkWGxtsNoPoePUaTCdHqurqxzGLpDl5eVZDu41m8148+QBVoLv/qv5aP8QBm/fR6lUEsznNF6vd2xtbU3vcDhw7IwHBTmrXqxXymC1GpdB0XnSDvfFw7C0n0XXwGUYG5pUOYlEQtJyBrnh4WFLuVwG7wEGvHeg0WjUIoVCAay+jVx4FJbWfjQVMjB1diEej6t3uIQkTafTU3a7HQaDQaUVi8WQSqWQzWZR4wwK3yZhanbD2uZCfuMDVhYDKrharQoWE9Tn8z3f1ScKCGr5fF59XU6uIL8+CUtzI+o5P2zOG6CJ99BpqcqCMxihCwsLOQEWIJE0mUzQ6/WglKC6NYmW7ivA9ldMv3wFc2MJJL2E2o95wS7l8XjyVJZlRXRTkiQIKep4Uop6JowDrAzLwSKUcgxgCur5zzjiuYvU/DhQyYyqd7mWkNPpvOX3+8O8H8hkMqCEoRD1obGjF0oxxLEluK91Q6ls8l5F0OI4D33osX5vEsnO6EmBQOCFVqu92lRbIhKR0XrcyF+d5lormHkd5kVOgGgaAOMlfHk2EmeKMkj+3sZgMNhO5x5u9Fx/Cg1d47OQ5ln2x/5pjN34vjiHyMQjH/nXOk+NuZOsrkhM4YsklmjvsD2PneWa+QnIJn6IP3aTNQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAEzSURBVDjLxdOxasJAHAZwwbfKkjlbJVMpJaYmxtSoNVoSsCLlekQSjcZNRUFFIUNxD5nqY7Rr+wiuX89M3a62lA4f3PL97n/HXQ5A7jfJ/Rng+/1LSsn72UAQ+HlWJp5Hj4Q8gguE4VAIw0GWwSAQWPl1sZhjv39Gr/fAB4bDAJNJhCgaYTweYbNZIY5jrNcruM49HwiCPg6HF6RpiiRJsFwuQQhhYAS7WecD7KzY7bbwPA+UUnS7Xdi2zdZPqNVMPnC6qPl8Cl3XoSgKZFmGJEkwTYOlzAc6HRez2RSu66DRqKNQuIAoigy7hmGU+EC73USr1WDlajayZZkZoqoKm0rlA807S6jeVoRKRRPK5RtB14tvJ8hxbGhaEWc/JLZrXisVKcvxR8AX6Irl4/8+03fzCbreyRfHFw9qAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ5SURBVDjLpZPNS1RhFMaff2EWLWo5tGnRaqCFRBAM0cZFwVSQpVHNQAWVMQwaSSZWtimLiKnsO5lEjKzs4y1zRK3oItfMj1FnnJkaUtNrjo45H3eejpCKNa5anMX73vs855zfOS9I4n9i2SHbCpvph8q8A9PNcCzcz76EM9EETj+DmmqENaeBiJ3mRyuzQy5mwyVMKqiFbzNN0MxgKZOd2zj5GMZE/ZL5ooHZAntGW89s7Bw5Ws25llWcfQHrzHPYE/51ZOQ0M4Fiitj4UQdbzhZSb+FJ63ZypJqp7p0UsTf+FN6kvoMMl3GmNY9jj+BckcF8/HoFldLzpZIqxhthJPVdkr2cifdb5sXefyAKLFvyzVJJAssisIxstILZ0DEyeJzpHifHfNBGamFZ+C9yC7bhG7BBxCrZZqWQpoiNP6S1TMBFDh4gA0VMdxfy+0NosftQX+8gGKkBY741HLoGhbnXUOZwKTn+gGa4nOlBN9MDxdJzCTmwj+wvEKPDTPUc5Zx+kOk+NxmqZOJTIXsviYGQVgKLAos/n0CbbIAS0ir1eY9kF4O+3UzpBYzehhaugQpdR3DwKth7EeyqEoO/oYzXwyKwDDN0ipme/VKFi0l9L8M3oYW8SwxWnIKI1XT7Vqb6i/ntLoLTHdulhROcUJsZuJJjCsvEPpyf8m8io5U0VB6FtFNIe6da84XFEcYaNrDzLDw5DUZ9cEwqm6zxGWYGPBTShogtQtoerV0rLA5JKy5+ubya7SdzbKKMyRG7ByPeIfvebKfAWszUdQFavKOI0bqNbCuF4XfneAvzIaStQrpOxEpIL746rQKOD2VQbSXwtLiXg/wNTNvAOhsl8oEAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJBSURBVDjLhdKxa5NBGMfx713yvkmbJnaoFiSF4mJTh06Kg4OgiyCCRXCof4YIdXdxFhQVHPo3OFSoUx0FySQttaVKYq2NbdO8ed/L3fM4JG3tYPvAcfBw9+HHPWdUlf/V0tLSqKo+EpEHInJFRIohhDUR+RBCeDM7O7ua55QSkRfVanVufHyckZERrLV0Op2Zra2tmXq9fg+YsmcAdyYnJykUCke9OI6ZmJgghHAZ4KwE3ntPs9mkVCohIjQaDWq1GiEEAM5KoHEcY62lVCrRarUoFotUKpUjIL/y/uqXYmV62ph/LSVrr30P4bEFcM4B0Ov1jk547/uAUTs1ceNdZIwB7V/GGHz6+9LXxY96eDiEgHMOY8xJAK8p4grZz5cElwNbwZgyxYu3EFM01lriOCZJEqIoIooiALIsGwA9Y1UcwcWoKNLdpLu9zvbnBWqNBhuvn5EDUmB0EH/1E2TZw5U+YLQovkun+Ytsaw1xCbnCOap334LC7s4Oe/ttvA+ICLmhMXRxDufczUECS37oAuevPwUEVFFp4/eXkXSdYc2IopSepnjtUh5/wg9gfn6+OQBUNaRIUkfDHhraSLoBKqikIF3yHJDLHaAkFOLciVHnyVAVj/S2Ub/XRyQD9aAZKgkaOohvo6ENgykcA07VEFDfQv1uf4W9Y8y30bCPhg4qKZJtMnjTPqBO/vhkZ7h3EJeRslWNQMqgY2jIAIfa/m5sIKSpqpPsGEiz599e3b+GchtD+bSvjQJm2SG6cNj6C+QmaxAek5tyAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAEvSURBVDjLY/j//z8DJZiBagZEtO8QAuKlQPwTiP/jwbuAWAWbARtXHrz1//efv//xgS0n74MMuQ3EbHADgBweIP7z99+//x++/fv/8tO//88+/vv/5P2//w/f/ft/782//7df/f1/5xXE8OoFx0GGmCEbIJcz9QBY8gVQ47MP//4/Bmp+8Pbf/7tQzddf/P1/9RnEgM5VZ0EGeGM14ClQ86N3UM2v//2/9RKi+QpQ88UnuA2AewHk/PtAW++8/vv/JlDzted//18Gar7wBGTAH7ABtYtOgAywxBqIIEOQAcg1Fx7/BRuMFoicuKLxDyzK5u64Cjfo/ecfYD5Q/DLWaMSGgQrvPH/3FabxOxDXEp0SgYp7Z267AtL4BYgLSUrKQA1KQHwPiFPolxcGzAAA94sPIr7iagsAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAI3SURBVDjL3ZLtS1NhGMbPH9CnIOhFIijIIwouMg1rDjOY5cuoKHqhbJzjQqfJMiqW5MbaObKTG+VIlpmWTMuaLpfNuRgtGQhF6WTNuRSDabj0Q32wPsTVcw4VgyKEvvXAxfN237/75noeCgD1L6L+I0BJU2gNkXcfN5JQmoLJvY2BZOFlf7Lgovdzfr1nKe9s/4vtVY+UfwPEeXcM3rEkfGMf8fT1AgZeLcBD5Bqdh+CKIpu9/+2PAJK8SmUJwXanD6d0ZrQH5lDX1I1qsxMqjRHmvhkw5zmsz6vAbwCSvJa0/dLQ+xZ1DRbU8E7YBt+DNdxDKWNAsboRF7qmoNZxyCmrRZriHDYfckQ3qW5ulQAk2cW5JvE8siRVbvbMgu+fgfHhNPTdcdTfjaG2fRINPXF0BBJo8yfACEFsLLWPSgBi2Fd/eBEOciEMzOIqaffKg3e45JyCrjMG7e0oKlsj0LS0oqblJCqby3GCU2IHyyJt/43VFHEbw+OLsHY8wR5lGYrLD0MvdKJn5AO6gvNSVaPzFgy9p+GZsOPNnA/W4SocsWYh58wWByUrOoqs3ELQGZmQy+VQKBSgM7ORkX8A9DY50mW7cdxUBHfYBnfkumgiBD8Lq1+D3Op1X365SdP0NMMw0Gq1IOtwqtMlehkGJ9qQOh6P20UAUgG7iEJEz4iOpQJ2ajcsW3xqcD7pGcENVfzsYHlF35UEmg4K6bjmY6TK4izuybmw4j9PgnmiT2LbP2ZePP8OiAqyZHfdgY0AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJrSURBVDjLjZNdSFNxHIZPnfS+usiborU2JaKIPvAmig0kkYSCCpHKsTnDolLXnBFJBQV9YC2VtDRThKiYzA9coW6abWSTwRixYqPtIqHTWGM7+3Bfb+d/ZEeHXjh4Lt/395x3/CkAlMPhODHzSIUpXTk+KUpAUdSRdbKThPfZ7XZ2zjaLeds0TBeLkU6n1wVfotPpCo1GY83HB3X40l0H04VixOPxPKLRKFiWFQiHw0ilUksF+QYWjFdLVxXkSnJEIhEkk8l8g/F7dZjtUmO8SopEIsFzc9AP3YAfzRzafh+0fT5oOIiFUCAYWJcMxs5Ksbi4yEPCAxYG/RxvzAz6phg09P7iC4hVnsHYXTU+d9Zi9IyEbyesvNrEBRtfeXDtpYffIBaLZdY0GD4t4QciBblPIZCL5NtJOBQKIRgMslzBwWWD1lrMtKswfGq3EG567UNDjxdXuz243PUT9S9+oP65CwzDIBAIrLGB1QJjpZgvIBvkLnO68Bv0sCn2YEJeAHPVDljbroOm6VLBYOSWCtN6JYYqxMKIBBL2vnsKp/Yo4mNPkP1uQvRtI75d2Y9nh+jHeQZ2zsBQvksYkRiQxS3VYsS4MPQngebNwH0R/j48jhEZ/XvZoEUJc5sChrLlAnKdDEe0s/MGrPz9ay3ChGxTdpXBB7kImUyG/ydyBuZz28H2KAEulNBSCHL4L9EYldMMb6DRaESDFXsxdP4w3stE8Hg8cLvdcLlccDqdmGu/ga/qEiw0i8C0FMCr2oDJykJ0lG7spMhzJtRIthy7faDojlK6VbXW0+0t29YxIqcXiDZ3+Q8f5p7zf7M8wtRUBE6BAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALnSURBVDjLpZNbSNNxFMcN9b3opZce7CHqIagegqAgLB+NyMIMFCRBSX3wPm+Z1ZZZlhpT03ReZs7ZvKDpps7LmKa2uTbTnO7inM3L5vxvc3P+1X37zYeVGBF04Mvvxzmcz+/8Duf4AfD7Hx1yDPIKg0dbHonlnYz1r8JsWt6VRUubk1ZE1Unt7e+yLv8VIOGzylS9jG2jegxry1rYbFZQlAVLCyqopDwI38duNr9JyP0jYIjHLNHIymE1G6A2WPFxQI8ywTRK+d/Q0KPB5NwK9OpRdFfFgcOMSTsAEDUUXJF1ptKWVT0kChNaB/XQGG2w2Bww2zahXrShoVeDtmEdZhU94D6956xiPbzgA/TXZXTPk8D3hXXwxTp4zUpRmPuxjC1y98rhASq6NJAqDejjpqAiJ6LBBxioT1w2GabAFc1jhrzs3PHA4XSCXcPBKgHZ3W4IRAOQzFF42aTE1EQzqrLD9D6AuC5hy2pZQmGjEqsuGlb3HrZJIPNxPritHcjIy0fv6DimKBrJ7HEs6sdRk33H5QMIK2O3LGta5HMUWHTQBLIHI2XHs1dF+8kShQrmHUBmoZFY/BkG7TCqM8N+AQSvo3TaqR4U85UYnqdgIp822ml0D41At27Dyi6gamFjIPIM+oMD0R92HE2RZykfoJYZxRlqZmBUOYcCvhpm0jArDdj3iMh9vq0MqvSr2PpUBM+MEE5eMr7En/P0Xg9I3AdUP48/X/8k3DUrq0djjxwv+LNQ6DfgIP1wOGn0R5yCiySjNBTIOAawgmAuvAbRDX+db5Aq86MZHwruYmasDIMTMrA4Y0gvHUFKsXS/bI+8Fb/bRt4J4g/wHBhldk5kbiXjlqOj/D4mxUzoZrjQTdei7/ZRbFY/AEiSO90PViJDnD9EIf5Lh5aJnRt9qSQtrOlt8k1DeWqoyytBzEVqLOa0x5QRhLXMQGhjjkAcGrArDPHP+ue1lYafZJAX9d6yyWn0Jnv9PwH2GPv45gRecwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHqSURBVDjL3VJBaJJhGDZ+F7Sduo0gYoeEDkJ6iV00t/Yf1H+il99TMPrFUjuY1XQKpeAOggMV9DQPnUTQTg0Xc6B5GSM7WXj4N6QIKdKgNd0yn753B1m3H7r1wQMvz/s8z/fA96kAqP4Fqv8owGAwzHg8nifxeLyXz+cRiUQ6Pp/vFsMsm2XiaEca0v4VoNfrL1qt1kQqlUK324Usy6jVaohGowfhcLjebreHxDUaDZCGtOSZBOh0uuVAIPC91Wr1nE7nlsViGblcLqTTaYRCIdBMHO0KhUKHtOQ53yARi8UGmUzGbbPZpo1G449qtYpms4l6vY5SqQTiaEca0pJnEqDVah+43e5+Npt97HA4tk0m0ynP87Db7WegmTjakYa05JkE3GBHEIQPyWSyXywWv5XLZeRyOfj9fgSDwbO5su7Brnjt987CFF7y06cvTJc2JgEajYZjFW+azeZDSZKOvF7vgOFEFMW7DIvZFX74LjCPwaskxu8r+Fl4hH2vdvR6Uf1Q0Vtv3+HkY2ZGWgBWLwPrc/iauA3GHygK2FlQj8dvyzh/+s9mQbyyBkvcx6PNewAzDZ+q0GPo3OfA+E+KAt6IV57vSdd/fV6dw5fQFGTpAqqCelRZ4tYU//mGeDXIbjyk2tSIzMT/ASTzlHJFEjXFAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGqSURBVDjLlZM7S0JhGMfVox+gqYZuQkMETYZNQmi2+QGKligiCBoalFragoqGzDM41NRQQy4VKDhUSyC0NLR1EeKIt7wePV7/vc/BI97NF36cA+f9/97neQ6vCoCKrVGGgWHswyRDQxkFVU1gkCQpWSqVKuVyGZ1g3+Fyuc5aJYrASOFsNgtRFOukUikkEgmEw2FZEgqFwPN8k4SWmgS0IZ/Po1AoyE8ik8kgmUwiEonIglwuBzrE7XbLkjYBhRVIQIF0Oo1oNNrWUm0m6iYBa6O+gd6pb6WVWCwmVyIIQndBK40SqoTmEY/H/y9olFA7NBMSDSQgisWiPBeSEAMLqIrvWyde1mbgt+jwtDIBfl7D9xRQSCHoOceb3YT8wymq716I17sIbM9WfGbtTl8Blf+8OoUcC8NpAxxDwKEe0eMF+Ba5z75/gaCyq68eNK7EwQj8Zm21UVDtNoPH5XFkL9YBFpLsKvwyglscfFbuR7kLc2zKItvc8TJ93ZwgsDkNwaFHZE+Hjw01/DZtxWvl9hXBGEl6XeXLpWH+zsIJVPa9hQtfmbgjyv4BPlWugike25IAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAANBSURBVDjLXZNrSFNhGMcPQQQRfYv60meJoiCtROuDZRcEA6MP3ckwS0tlZVlptnXRqavMaqZ5Ka1Jq1bOmWiXs466mqZzLs0103CmLp27HOdlaf+es2xFL/xe/jzv8/+/vA/nMACYsWpmDiEmjEQTMU+o/wvVFs+e64mAP3XGoWLmEtljzXv7vSMsXM37bHp1ZEPyK6+WsM+ifa+O4tyGuJHxzjQ79euJpb4AWwWT6tLv/zY1VI3hd9GOD8oQXtowglvNNhS3DfoQ9DWuB23K1R6nSeLh205+J18LMZex3mPOu41p9qH6aIfuQciPvHd9eGQcgIL7CrmqA3mPO3DvdQ8Uhn6UvGXxSb11Ztz6eHro+TIzeQOYLwXMhq7C+ebGopWebLYHFfo+qNhedFtdGHHxGHaNwdznQnldN0rqe/GoUgajIniys3BhK3kDfINILq7KSXlqQmFDL5R0m7BGnU58/jaICdIC/E/gjqYbcq0F6UoO8aW6K74ZCNveghbtqScm3Kkxo5Nu9vz4Cd7jwe2SUtgoyD05iae1b8B9diJT2Q6hV/D4A3bmcnaRohVZD42wjXsxOjmDKTo4K5bggaoSKRckqNPpwQ5acEKuh9ArePwB2zNr7LFFeohLDejjvRQyA6vTjcuyqz4zZ2hHWtMJiOpjkfDmEGLL1BA8/oBt6U+0u66zkJS34K3FiQF6tNXtxQttI3rsLgxNAymNiSjvzsfVVgkSa2MQmXWrxR8Qduq+OEL8HEl3dZAqzRimgY16AfcMQdpBASfZeJSY81BMSBpTEK3cjUj55rW+gNAEeRDRseV8FUQFHLKUXTD0OsDTPHiPF0bShyujkd8hwyXDaeR9lCK57hjCczb8/dbXHpYdiZOWe8LPPMMB2UuIbnJIvtEA0fV6HM9lsU+xG7ntGTjXlIgc40UkaGKwXrxmwh+g0+nCTCYTXrPcdOixIqw5rsC6JJUPQe+4G4Ws1guQGtIRrz6EkPQgb+Dplb+foNFoFhG8xWKBuqrKvmpPmmTFrlQtYZ9FG3Fj84Sk6QyOVh5EcGogDmTv2eEfYllZ2QKii5gilv//KwtslIaORuRuQvC5QEjzM4apb4lQ/wXCx9fe4QKeWQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJtSURBVDjLjZPfS1NhGMfPXfh3OG/E/yBImNkqrYGCzAthh+WNgXihwQYb2CoYukGwsdRLoYUWQbRAhqzc2Q91IrrVhlhLqznL5Tyb23m3s317z1szBzM68Lk47/N9Pud5XjgcAK7OVfM7/a2piE87HalRoLVHStrp1VKvLVi7fE9wns/WaXi58UgoH4kl/CxIyOZ/cyRKSKRFmF/tw/B4p3jl7utLFwp6baHiySnBxheZUkHkM8HKrgSpUsVGWsaDN/tQG/1PLxT02EIlRbBJBZtfZaztlSF8JEgdFqBMdnh8im7LSqWpYHJysqXHFiS5AkGMfi12UP0zRRm+D6fwxvPI0dWu3Q8QvV7f0iCgzQZKnl4WjqkgcVDDeyrYpqLoXoWtsbxTpLUyrlsFDA4O5vv7+w1MQBu7Z2dnEY1GcXsqjCwVJDM1JCixb1Vs0VXCdIoAXSVLBTcfhhEIBDA+Pg6NRtOtCLbpg0wmA7PZ/F8oWUEQMDAwsKsIiCzLUFhfX4coiv8kFAqhnh8bG6txFosFhBDG4uIiUqkUEzVDqc3Pz5/leZ4HZzKZkEgkGG63G8lkEn6/vylKxuFwnOU7OzvBTUxMwOfzMex2O+LxOJaWlpoSi8VgtVrP8u3t7eDoHvB6vQyXywV6Jwyj0YjR0VE2Zl9fH7q6uqBWq9lZPd/W1gZuZGSk6vF42IHSuPD8JZbfBpvybOEFOjo6WHZubg6tra3gDAbDzNDQ0LZOpwPvCqNYIjg6IfhBOcxJSGdL2PtewKeMiKJUBu8MQ6VSKc1bFFPDv8C7ItXhJ2sYdv/lDmOVodR4Z6R6vucXuxIEyKz+W40AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAG2SURBVDjLY/j//z8DJZgsTUdmCkodmSV7eO8EkQayNN8+WPry3YOV/3d2ib0nVbMsUPPrT8/3/n9+Nun/1hbxP6Rolr99sOTtZ6DmD7cLwZrXVUt5kKb5xb7/P17U/b+4xu4/UHMRUYEI1KwK1PwOpvnSOgeQ5vlExQJQs8atA8UfPr+EaL662QWk+diSPDlWnAZsWjufedOaORyHZ0lrgzR/ebkfrPnWbm+Q5odAzYJY0wFQI+OmtXN5N62ZVbJpzYzrB2bIfX5zaxJY86NjYSDN34CaVbEmpN4lK5hWrJonBtS8ddOaeT82rZn9b8vSmn87u6X+393n///gdKP/QM3OOFNi95Jlks0Ll6+bOG/l//OXzv7/8+ny/09PD/zfPD/vHtTmVJxJuXfxErbW+UuyG6Yu+T9t15X/rQt2/k/t2vK/ctKa/0Utk7YuyFeXxpsX6qcvXdswe/3/tpXH/neuv/a/cu7J/9E9V//7Fi57n1w+QY1gZsppnfMvqWb6/8iSyf8Dcyb8907r+R+QO2tbbNHEIKJz46bF5SybFhVZbVqY17BpfqbEpnmpfJvmJfESYwAA/ZPGvT+K5AYAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAK1SURBVDjLbZJtSFNxFIcHgjAQgr6VhBSFIhhJQa842JdeLBMyVIpSSUtFZpIIaqa5UNTpUKebmR82FZmmzpXiHKawhqKUlUVQCEEE1ZfQmFg3n85VLN8uHC738H9+5/mfTQNoNtR4S7iUidHmacYtCl6zwnD1NEMPTPSWhG8+vxnOEzDAZBe8ckm5YaYfnjtgzAI9+QGcuXlbA8ZbghmzDTHRDi965HAzDFYiU6H/LvQWgKsERmuhrxAeXhmi+XLw/4DRZjOTAqsBw9WKgHrR1f6b1JGtxZ6up+2aQo+EOTLBfM60GjBqieJZvcJEp0ysUOgvDaOvKER0jaLrpz3Tjz3NiDU5BFtCGA0XFJxyiyqdQuWJSA0jJjO+NtEzq7p6+gpC6c6b42k5dOVCZ5a8b4M1fo76s6FU6/USAq1XwRht0ojue/ztq3fruaMV3W7cZYiuk5YkHY3xOtF14siQqTHdVB3Xcv8wYgaF4W81oruEX7bszFWbQaIbwHEL0dVNTU3F+Xy+SNHV0RAL5UcClB4MoigCOnIkYN8Pjegu4Xski0lXt6vFmqjqfqPLcErg316v9xdNCWdE9xP3oqDggJbC/atXK967oJHtfuBxPqIbEN1g0Y1Rtyuwg5lh+OjB6XTaDY3JxYbGpJ8ZtRdJNeqWO0uj1QC5gjXZILoZspgdaz+bwDtl8oLb7V4WeLncWjBf1p3Kk1kLM1881I1kkVgXRaohdECz5a8sJXCTwArfX8LXKa5Xnsb1xozrXT3qU+NNp857k6PZuxa3gw8J/EedbLfbfTabzXe+KJrB2VbWPwOvLWrA1ukCewVeFLh1rXcyZ49S7UmjwpOyAlcMp2xvIHCswJ8FLl7fl4PGSzURmDw3Viarb/Vb+jUbAgRuEThuu73I4cpj2bsDqrbUvPqt9v8CPKvGd70s+8YAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKqSURBVDjLpVNNT1NBFD3z3uvHo339gFZoCxpqRAlBJayMG4wLl2hYqT/AhQsT1xoTV65cEFeiG5MuJLpAJTEmWo26oBbUhSIfEUhLsLUt0NL2fc44r0UDhh2T3NyZ5M6Zc8+ZSxhj2M8SsM8l3RybSrpblIFCxfBsqaZAOSEKBotvKGdn8aC0ed4OBmIZRm2zkPmxuCiFg/6uK8M9Ps1gxO0Sd6GT//ekmeuaKdY1K3rxjqYK+bIZ101KEsk1ZAo6qhrDSpEiU6LIblCsbVLkKwyFKoNhAdmijtEXa1ivaoIS7josVDWLuBwCYhEfXk3nsbFloN1H4OBknCKBU7IDCMgExbKO8Q85BFp9aAu4GpyEmmo2KMY7vOhs9+FlOo/1ioGQV2hcdNpAW5+Qm76FiY8/EWrzIR7zgmybJ1RVq6kmL4xHvQgHW/D4bQalig6/m8AjqSgtjEMJ9aNPft+okaUdNlbrTQaEq2MaJtwSxcFYAJOpPLIFFauzE1DCA/BFBhCuvYOzNtdg9ldZoaZZsNnouolcqYKudgUn4kEcORRE+vscaiuT/PUArPIzRPsvQVhOgBoaGv+PERvAZLa/+SK/HFbg9zg5RYLuAzKOS68R6T0PqDNIPUrAG6jDVUxBXXnDrTQ4AGVCtbS6rHEfj3XKLBoU0OqxuIAWlFoabrMEJVgD1ZbsYlhczO6h62j7lUAuX1LLv7NLpO/C3aSzNX7SpXg8kkskElfTwXW4Fnkonj47TNyOKVA9u92zA6JnELkFAYnk/Gbia/wz2WuYZu4PXQ31Dt/r6JH5qyner47pp7MYHOkFEf2AfA7pBzfyjNIzewKkRk9l+y8nYqKwDGau22rtmj9RPorcty+Yf377ibTXhJma7p4ZG6lzjXjrdEewfxl2ZqzjD9JZU0+1XOyXAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAABhSURBVCjPY/jPgB8y0FHBkb37/+/6v+X/+v8r/y/ei0XB3v+H4HDWfywKtgAl1oLhof8TsClYA5SAgEP/27EpWIxkQj02BbOQ3FCGTcGEdV3/W4B6K/+X/M9fNzAhSbYCAMiTH3pTNa+FAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJZSURBVDjLhZJLSFRxFMZ/995xXpYzaRn0AsloEUlQLSwqS5ShhGjTwtpZ0Toogly0iB4uWrWIVkLgvsVEi4wKsUULIwQxLGyU8TE6vmbm3v+9/0cLnXA06ducA+c7P74DxzLGUKHB3sPALZQ6h5HHkBKM/Ib2PyH8V3Q8GF1vtyoAg713UOoRsWSMSBQsB4wCtwD+EsxlXEzQzZVnzysBg71hjHlDtDpFVQSWcuAug6XAF6B9cCIQr4FCHhYm3iHEZW689m0AlOohVp0CIDeu8BZa8d04bXctLnVbiGKchalWJocVSkF4ewpRfLKa4OPLo6CHiO90WJ5QlLyDWHIe6d/HBBfWEnxAeE9Rfh2B+El9o0NmSKGDphDK7yKadCjOgldqRwuJkd+JJRso5MGxIVTTTDHfiRBnUH47s2P91O13mB7pslHe6t2FOQjcLwSl24RriuR+9bE000I+28L0jz7iu4rI0nWUO8jitCS6DdxSKoRwG8BAUAJfiJE9bTlL6/HF2vMdWutOpRRaa8JefkbUttW3DD0WBH4BnCTa3xtCuiAFuEVQXqhQtePqseMnT7NZu/v73zfheTaOsbA0WMYJUVzJMDXaiFdwkZ4h8E4A9LydrNi+d3EftrdyCktaGLPM768JIBPi2otD641iYCBS7s8eqQdgfN4HwLUicR4OS+BA2RPamFMp9bcfm/UqZlLKTXdtApRNN5urgVVY+d3Xw8uyt0pg2zbZbJZsNott21sC/pVgEUgmEgkSicRG+OJ/AUqpdDqdblNK1Zd/YK0WtNafN/r/AJRSSvzM+v9SAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ9SURBVDjLfVNLSFRRGP7OeO88fJAMGmqikAaalbUIJ3NRROAiwmjdQmqXFdRmaOGiB4nrMmjRpk1LIQjK7CmmCFHWIAguMpGhnMGZud7XeXXOndF8YAd+/p9z/+873/n+e4iUEnrx6wMSBw+BjY1BMgbJOQSlEKVs9vZCvnmPivFXBJuWsV5sBslNQKH317NPsX39I6AsIBGeFzQHRDqXamMXgtAGgfooFRjNzeCaRIXO3HVBWlshbEf1+P9R4NM7JDM3GDluIXYirL6UlfYJmO3Cn0mBq55dCcLnFpfAQhbtuFTphZvAeUhdQZ3ObJjOIqKh5xbp5kvbCYiegnyW6FLlqH/sdp3nR5TcVTB3TfniKhIlm5QhEiUon3+cBpV95o3U9FYPOEuytst1HouB2zkltQiU1IdwbbDcCuxsDm7TxTpR4MkdJkrBemjFfginUATqU5kaHfWCWlAHLJ+Bw8oBj/fs9EDIuJBlgWShCbieexHM/WL+7OUws5xGPt5RU7h/Or9qZYdfPvh2r2SiLP5EjG5I3wju46OTwUK9gVPtJ9EYP4B3qdGqqR+f7iYGGqpLV5BZQi2lhG+VrlUokvG1NI62dYKHODrrz4ITisThbg29WjKRThi5ORDDVBz+Fuk6/lgrMEklzrdfC9pvnXmClr1HdBktKnDEkPHladokNkJmVCkRgQ/6DUCNOa8MTC1PYmisPyAYet2Phd+zunQDAuPm/LRw+GDk7XA65v+Euaca4Zp9KhoQidfiQm0jpmYnEVaev/g+gjAxMPH1g4Y+IuvPOaBLtnQJiyVBRY+QJA6uBZCsYJi4UsULv4joU21VKgoqRqYeLif/Al7ruK6zYN/dAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAE8SURBVDjLpVM9SwNREJzTpx4JaGMn/oJrRMtU/g2xsLD1F/gDbK0lpaAgNmJnI1YWasBOELs0QgQDfsQ4Mxb3vEvgipwuLAsLszszb19iG/+JsHf6dDU3g9WXdzdtABIsAQZowjJkwSRkwyQoYX52+PYx8F0w0FrPFqfuuwP0P1W5ZW2hi9vXpViXsXOyieOtw+b1zUMr2T16tGnYBizYhqR8a2QjquxRkAjJsIhgGhsrg4q9CYDpmGWMerZ//oxgC1mW/clAnl0gIE6UqvXbLlIqJTYaDeibCBRrAX97ACAKwXIt4KgHEhEUGdQBlgOE4Khd0sTAMQZkzoDkxMBiAI1g5gzSNK39jJYQJKHT6SBN00KGpDFGVfJ6vR5kIyQetg8uh9tiH+IIMNb8hPOzNV2cuATAX+3kv9/5B7T5iPkmloFJAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAChSURBVCjPY/zPgB8wMVCqgAVEFP7/w/CH4TcY/gLh59ul9oLtdmZk+I8D7vn/4f+e//8hJqT/h+kGwqu/GA7oQIz/D7NiJiM22/8j3BD9/xdMPwQ+vyL1n+EfEEIVLGXEph9Jge9/JN1XfzPcAbrhH8NfhILNWEz4h2yCPZIJYP88fyf1D9mRB7G6AUmBAdQXYN1X/zB8AYfDebACRopjEwDsBmruXDxiUwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAANvSURBVDjLVZNbbFN1HMe/p+d0be3p6Lr7unWMbuCQbR3FQWAEyPASkYe5mHhJTIhhPPngDAQTEGOMIZBpFiKoIWiIhAdgYxI14cFEo1M6O+Zmx1ob2MbYhbEb6zn/y7n8fcCZ7ZP88nv7JN+HjySEwDKfDX6oMpO3Uc5fpJw0UM5AGY0Ryn+U+dZP/OI116evB3WsQFoWtA+c2MUM/vVmf2OFrLhhSBYKPPn4Z3wInYnL54LSF4PcMA9zbh043xr+eZXg9F/Hm0POys5cbwke8Fn0Z4YgCwe2q/W49MdXcx6zucEn7Y01VKqBxMhjjE5mXrlypLYLAByn+o8HKKcXC9QQ+jIp/LLwOxaMRVR6yjE9dR+aRo55RdN76wvcgcIcN6qKVRDCLz5/tCcAAA6dkbaof5eaJuMY0pPQTYp8OQCVOnF94Gp/UD5zixKjtbLMi+EJikC2C1WlPpXqpO0/gbZPdrowmBkGNxmyHSpqs59GLPUbyBJ9x2BKR2SdT+aGjfFZjtQUQ1GuF5TQfU8EhG5kkgkHJETUTWjK2YGpu6OIp+MXQt5vSghh0Rp/EsFHpwC6iLFJBpeigFFSAQCKRnRS6M7LavRtwfTEfZzra59jGu84Mb//bHIxrvy6Zu3dAq37mdLwDtTP/oSbCy+BcQWcUBkAFF0n93rv9ERu/N01wwg7eWSy9ErTnPctoSeSO/X4buf+7XklZVuQXVyPGtcHSPvq8OBhITgj6ScTNPJt98C1Q+1j4fqb6Zpg04x7yCgv+9iS5cBCnRXelns7z5fnh/X4O5TXv4md6g8YSY3BYOR7AFC60pELQicnhU7OGOHyLCNcDtuyoNwexFIV3g7VviqD9iF2qRvbDr6PPNIL76JJTSO/AwAcIqMp9lLmDbY1msWrKkCSw7A1At2vwxWKvOzL0WGze4CwYWV6UbG7DYdqYrPXmzspADicn5+dsZe0A9KtOJAYhrOoGBbJYG6TCX8oAlsfgLAJoi0bYPMJuN0prNvcEjQZf3dVC0uNe54TlH7Jw2srFqslOJueRdF6D6xMDEJwxK/dQbSlGpK8BvC8gD/PH3sobHuPtLLG+eo61WL88Ghr9tGNBy9nyY4RCHMegFjRnwOyZwOmE/1I3fjo6irBMj2no4+EZT8lbAFh2ytO/P9h2xBCxP8FbMDM8CUkkoMAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAChSURBVCjPY/zPgB8wMVCqgAVEFP7/w/CH4TcY/gLh59ul9oLtdmZk+I8D7vn/4f+e//8hJqT/h+kGwqu/GA7oQIz/D7NiJiM22/8j3BD9/xdMPwQ+vyL1n+EfEEIVLGXEph9Jge9/JN1XfzPcAbrhH8NfhILNWEz4h2yCPZIJYP88fyf1D9mRB7G6AUmBAdQXYN1X/zB8AYfDebACRopjEwDsBmruXDxiUwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJGSURBVDjLpZNLTxpRFMdd+EX8BixZ6VfxQ9imq3YzSdNVE2MNyEMYAeUNofIKEBjA8CoiM4BCgiQgaJqWtjySAc2/585iogG76eI/czN3/r9z7jnnbgDY+B8pj3w+v5nNZncEQdhLp9N8KpUqJhKJYTwel2OxmByJRIbn5+fFUCjEB4PBPZ/Pt+PxeDZVAJm5SqUCURTRarVUNZtNdd1oNFCtVkHBEA6H4XK5OBWQyWQwnU4xHA7RbrdRr9eVn8vlsiK2ZnC2NxqNMB6PcXZ2BhVAacu3t7eYTCYQbr4jIP2ErzWHt/0I780jnOIUjsoDYlcDjH//UYAOh0NWAXTmbTrzUmpew3bRA196gONqAndrARfJevkLXzJ9fI5dwxkvwG63L09OTrZVABMVTBuNRpfVegPWlIRPvhI+nF7gHZ/FG4sAzl2AP1V8YX4BYKJKa6nSy8srEZakiPeneby1CvjoKeJrurRiXgEwUZu0fr9/+a16iVStC9/FNSLCevNaAJPX69W63e6nxWKhdIfMT+vMrwKYnE6nl7WtVCqB53nbPyfxuSjyFvV4l9pU6Xa7yOVysFgsebPZvGs0GrdeBdBoami6ioFAADQXoPHFYDBQ3lQXUHFxfHwMnU5XPDw81KwAyPxDkiTIsozZbIa7uztFDHJ/f698Y3vJZBIHBwejFQClzbFIhUIBnU4H/X4f8/lcUa/XQ61WU+7A0dER9vf3ubU1sNlsGqvVylGqWZPJ1DEYDNDr9SztLqWdpcgcmTXPPX8BpLUNr3FYePgAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHtSURBVDjLY/j//z8DJZiBKgY49drM9J3idhLEtu+xjvea4nLNqsVspnWr2S6QmF6+Zol2ltpq5QSlmcpxijMxDABp9pjkuMuu28rIpsMi3rLZFKzIus38mm6OuqRxpf41nC5w7rOJd+i1ngnUXGLTbj7Tsskk3rbL8ppZreEu7Ry1mWpJSvHK8Uoz0TWK5U/nYIg8y8rgPsl+l12P1WqgbTPdJtk/AtoWb1CkBdagnqyyWilawVM/Rw/FBQyx540ZGm/eYIg8P43BdYLdSZiEcYXeTJB/TaoNroH8q5OldVIhXE5SKUqhXSNRfZdKvPKVkOrED+L9d/8wN998w+B4XIL40I48K8FQf/O6+7In/7mbb35hsD2qjBKNDLU3ExjKb7pi1Rx61ke89+6fwBVP/jPXXn/HYHlYGiMdMJTe1JJc/PgHQ/X1xQyplznBYuFnmRiiz062nPfof8DSJ/8ZSq8/ZzA9KIEzIQE1Vvuuf/6fufv2M4bgsz4MxVdPui8Cal4C1Jx/+RGDPqpmTANiz7MAvXI+bO2L/5ZzHvzP2Pjif8DCx/8ZMi/fY9DcL0FUUmbwPKkg3Hr7T+WOV//95j/8z5B6/jaD6l4JkvIC0J9FTtPu/2dIPn+PQXG3BFmZiUFzbweDLH7NVMmNAOGld33BRiNUAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKVSURBVDjLfVNLSFRRGP7umTs+xubpTJQO4bRxoUGRZS1CCCa0oghatkpo4aZN0LJttIhx1UZs0aZ0UxaKgSFC0KZxhnxRaGqjiU7eUZur93n6z5lR0Kxz+e93H+f/vu//zzkK5xz/G+l0+rlt23csy1IJQSjDNE2BL5V/EWSz2SAl9IRCoduVlT4YlATXhZxNOeFwCMPDQ1APS85kMu0iORqN1tfU1OD7/BKEuutyuNwlIg6HyAzDgDo9PW04jlNBISft2hSoadpBy1hf14jIRfJKh/ymiuR4/AQKhQ2pzsXFhUsuQ7yQJiLhIN4OvEFT8xmpLv5JB4JVJD/sSdM0BYpC99JNooitzU08uXdOKo6nP0G4PX7tZsmBsCpUxcRwpBaMMSgUrBziWRBwx0WD8xGJBEPeaQQv94AJB9QTImDweDz7gpVRjsUBtLREcDLZhWOBLJzVdMmBVV4ehSnwqOqeukRRAuGFQAZR308EG5MoLgwhGCAHc68R2vZCFSyiIaIEoZg46pP1l4aC5Q0bTZFlBE9dh6NPoioax46TQ92lJiQ3xkoErFyniNmvf++LhmgAljZPAnlyVERFIA/s6Ciu7JQIvF4VjztPy+WxLBu6bpArF9VWDuGtQXirXbj2JJhbAJgf3DIx0zeHd7k4VOrk09HRD227G4Uw4vf7E7XWFHyY4HUdtxRuvofibGFiUIfXKMJDJaqtD7CyOIJ9Z6G7u/s+kdw433rxcrzQi/qWNpj5Z1DVICZGdAxOxqCxGO0DG9s2xH6Y2TsLqVQqRkuWam+/iiN+P5heAcWzBE9lDFPDv35/GV/tetQ79uJgf/YIyPo6xef+/ldnRSmNVWto/rGAoqabudm1zru93/oOO3h/ANOqi32og/qlAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKESURBVDjLjZNPaJJhHMc9ddulU8ei/WkQRQwanbLD1JweDDaI/q2cDhQWOjGNwXTCBk5BbeRczZZjNx1sNWaBS802CNPDOpgo2y4h4kT8O53x7X2eoUvaYYcvPO/vfX6f5/P+3vdlAWBFo1FecGYYm5q7+Pz0Clgs1s0z5iJpvhYOh4vft0P4sR2A90kX6vX6mUIhGo3m3Orq6tCn6RF8mx+B93EXKpVKS0qlEorFYjP5fB5HR0fHgFYDPzYedP4HaEAaKRQKqNVqrQYbhhGEHFJs3O/E4eEhzcvlfWiW9vGCidq1B/XiHlRMiEUT0DTYOjZYH+xEtVqlIc1L/jRcTN5/SWNxMw2Fc5cCiFWLwfqkFF9fS/BxoIPSSf49dYxpVL5N4PmbBJ1BuVz+c6rB2r0OOiACaDwKCTmRPDtpzuVyyGazRQbQc2IwIUFwdhhrovZm89i7PSgWkhidT0DuiEM29wuyVz+RTqeRyWROmcGWH25hO7xeL8xmM5xOJ4xGI2KxGA4ODpo1k8kEl8uFtra2O02DD+PMl2h5Bq3gFqxWK1KpFJLJJAKBACwWCxwOB+LxOK2FQiG6h81mL7UYLMzNQq0YRWRnB1NTUxAKhZBIJLDZbNBqtXQtEAig1+spRKlUFk4MtGKMPeLBoJugADIwHo8Hn8+HSCSCYDAIj8cDLpdLXyMBMKBqi8HMtAFyiZgCdDod+vr6wOFwIBKJaMia1BoGUqk0Tw1UKtWl5f6rcAz04GE/hyqT01ZWVmC326FQKMDso2tSc7vddAZ8Pn+XRX5nkqGO87fHb1yYHLx+Wc+o/xaLxWWZTFaVy+U1Zli63t5eOXNdIjVyj+zp7u7m/wVntrWV38u6ZgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIOSURBVDjLpZM7aFRhEIW/m73r5gWB9UFEzAMsjIIIgkViFzFgJbHR0kqI2Ahi7KzsrEWwCQZsBFFIExWCqJWKClppEDTxEVCym73/a/75LW7AFIksOOXA+eacA5OllPifyTdbTt9dSVEVLxCj4kVxosxM7c3aAjivHNvfjaiiCSQmHrxstO/ABMVHZWVVCDHR11VhzWj7gJYRvCg2KBITLu+gaWRzQLp6uWxRlRSEFIRi+ArOJ2xIBFE6q5GGjf9wMH4cVMliJIuR5lvFScK4SIjQVU00toqQgpCJwOtXIAEOHWbNeGxQCl9GsNsyxIQtAM6XAGchCARh1SVcUIxTQkz01hRtKRefnEvBC94Hgg04F8jVOjpEwDoIAbxnraVYnzBe8bHs4pTc4/TMU+LyF6Rex41OcLv2jVzN+mXnwHsQQUwoHawD9n28w9jgAgfGL1AbPoh5N8+HZ48ZwdChhS2FxoC1EALaUqwvAcYre97fYmR8ks5PC2QzZ+levM/QQJ0jn7+Sp8LAxggiqFHMBgd9zSU6+4fh5KW/5V3bTb0I5FqYUjg6BjGCCMkIXhL9fVVEodGzi+LNHD0Pp3DmOwXQbFT4XcvJb9ROoLM/SU5IIZJCRHsjc7PL4JUUhZ3bJ+l/Mc/Qji7ySpXmirD4o4NH7ihZu+/8/MzAdOvX8vlKzAZjJS0luDkxL9f/ALqCe8YKiajkAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ6SURBVDjLpZNZSNRRGMV//2XGsjFrMg2z0so2K21xIFpepYUiAsGIICLffI8eWiBBeg3qQV+KwBYKLB8qpHUmrahcKLc0QsxldNSxdPz/79LD1ChBUXTh8sG93POdc75zDa01/7NsgGvPR09rzQmpVZZSCqlAKIWUCqk0QqoZWyKFRir1uvxIbsAGUFqXHQqkpP1L57M3Pm5MMJBKpQHUdF9BKIGQAlcJXOlOVykSdye3leO6MmkGQNyHw+uO/1X3bzGBK+S0B1IqAKqDg3986HeCZPffwvJtoNT7lOZLvUdtAPEDAKBkRzo3QwMUb89InN1uGGD3spdE214xe8MRUnM2MfppNW0Pqy7YAK5UKK2xLbhdP4hlmdxpGMQwwQT8ziNiI534c7cT6WrFazikzF2Eb8HS1IQEDdiWwcHAQmpehTkQSAcgNvSMiYFW5uUUMdV3HW+ywefGNqITJsbUUL75k4FWYJtQ+yaMZcXrk1ANk/33mbdiD7EvlRieETy+FJLkMFcjRRSW3emIAwiF1hqPBfu2LGSWbbA1uZ41SfWkrtxPrPcypsfFiWYzFGzGKTjFV28WEJeIUHETLdOgrmkI1VdHpCdEet5enP4qLK9mKrqMgedv6cyrAP+qxOTiUxAi7oEJi8frELoFoTLpa7nI/HQvscgSRt+0kV1SSW7qYtp7xrBMphm4Mi5h/VIfTcEq1u0oJaknSEdNiMYHET7UvcMpPEN31Ed7zxgASmk1I0g6dK66s8CRak5mVxjnfS05+TsZCw/T9baTx1nnGb47DrQksjE6HrsHYPz6nYt3+Sc3L8+wA2tz0J6pF5OD4WP7Kpq7f5fO79DfSxjdtCtDAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKrSURBVDjLpZNrSJMBFIY/u40wW5sNkS7LiaCJgakF3tDUMZ2aYZE4M6c0p2KiGLl0ec+cqLPErTTnbW1zltHwkgqSaYo6zRKjX0IZlJEg6Uwne/vcjyhKDfrxwOHA+3AOh0MAIP6HPxrJHgfF5Rz6kpR7ABIOFeIztGWeG6PonwSJbvTrNeE0U20UHfdI7kbSUBJCRbrvfhP3hHX+tgIZlwoFGZSQoRLuBjQUhzJwzZ+OGDfq4raCEt996JblYK5LgpG6dFz1YyAj0BYpQSwIvGhrTVlhlC0FtbHMryuf3mFxSIaPvRWY0uRitqMUC7N6qIT2i68bkvdsKbjDOz64MPoQ8+NaGF6pSNTmekGvwv14l/EtV7DhKnc7eCc3qVLd8X28DivT7WYMk0o8znSH8IHn6hWFK/4qYISoKNaclqTDnD5Mv1+CJjsc6uwwMxv1i5lvuCT3Rr4uGhfljr9JCOtgjYUVWxPHDB3EzJwBLXNAxjSQpvRBarMnEhtPgV9/EjntF9A6VoVM7VkEVdoYfcpoFmaBc2R9ROB5CbQj65BPAanDJgj7TUhpPo0nEzV4pK82B9VjUkj7MtE4LIFQyYZHCcXoUmhhQUzkOK7P67JQXa9DXBeQ0Anwn5qQQO67Ea7oSUNpdwqKOwXI0/FR0JEI+UAhYhq84ZBLrBJTYifTQk8BogQKFPUug9cGRKtN4NU6QTMqhXKkHI0vJagfuk1KkiEbKIBAyYGdmHh7SETsJd40pYr0Igcjn3/L6BHXD/4zE+JJzsnsEVx1BAGVNvAqoyFW4Yma53mIb2bDNd/ys62IoPy8wqw6yermjSLrYxE6OdOv4QMrqHWZxW5bYwVq1+z8VQamj2LeOc9y7XJjAFg5OybJ8J5Nv3EzyJG/HM3eCYaI2PVr/we4bY/dzdCujgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJcSURBVDjLpZPtT5JhFMafrW997I9rscA+FFu2QRurtlw5cQ4InLpwBogIPNFSiNJ4C+JVkj0QTBHQKFPQlJfwlanY1tXz3ARkn2jd27Wz++yc33XOvd0UAOp/RNGR/X5zeH9rOlTDVKAK3fsqJrxlqN27GHPuYHh+G4rXRQzZNjEws47Hli/oo/PxNsAU3qvWT3/gX3TPuHrWBhiC30nSktXDtKLB1NI4NKkxqBMqjDByPFkcxNBCPwbCfXgUeEBq705m0AZM+qsk2e3hau88W+4ANOy+XPLFQrkrcbW31KkOYJx9rBaAOzPR0gVHW6x593q9cDgcqB6e4sZoogMYdXzD0ck5ZhfLsHGKVfAqVoadKcMdzcLr82PuwwZCoRACgQCWVzdhoK2gaVpDAMNzWzhkAXamQpze/I4t13w+j2AwiFwuh7W1NXg8HmQyGSgUCshkssuU3F7AQf0c84kK3n68KFc4hXQ6DavVCqlUCqVSSdaIx+NQq9UGMsHg7Ab2jxtwp5rOvqUqia3CUqnEObWn0mp1KBaLcLlckMvloPpfrhOAl230/SGLxQK3241CoQC9Xg9nskKk1emQzWZZkBZCoRBU3/NP2GMBgXTTObjSjI1GA8lkEgzDwO/3E4iObXY6nYhEIhCJRHoWcIW6b1pF7egMlYNT7NROUKzU8XX3GJ+3D2E0GgmAm4Zbh2s0mUyIRqMcAGKx+BIlMeSiYu1K/fbEMm4+TaFnJIHrSgZX5TFIZNPo7e1Fj9QOs9kMlUqFaw9pCASCnzwe7x15xG6/rUQiAZ/Px9/5XyhZOMVGKlOdAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIxSURBVDjLpdNdSFNhGAdwKSNyg6ALC8GLoE8so49VRHVRFFQISlJeREXQBxWSSZDUpNrOTDoxSGvhmokV1TazLeekTBda9rVKmW5lYq6slgutOI7j1vn3vKc4rCAv3MXDgfPy/73Pc3hOEoCkROq/B6v2GdIWHLnhmK1v7ZtZ3PIuo9DmOr17iaUkLx1Ud6g2jgqo+JCU4x7Bs5AEe4+EhbYYMsv9iEYGcU+/VEZkYNkew7iJnHBrgl4YSeYEJJcIGF8qoKw9Bv8g8GkY8IaBthDgqatCsNGAq4czGbBLBhbv5VWT+EiL2Q9cfg2YA0DDe+AxBeqDQPvX3+/PdwKmfA0+PDDCuGM6A9JkYP5Byyy1SexgQM5dIJvqpJdCb4DWz8BDKguhhzxDor1Ig+7afBaG8hFnFDiyp1ZFgxa6JbcR2NoEnCLg2ltqfQBwUzcVhJc1+4c8/Br0urV/A9OKvJyxQ/qmfQ5so/D2ZoB7CVh7gN4fwP1+wEWjGK/XoKt6C9rOrWeATwHUugEn3RBjrW9oAI4TdJPCno80RlfsZ27d9+Eslxitcdpk4HbxCgboFEB1JvKk3CfhSjdQTXM7+yRorCLUZ8PSposvvMZX0bydtf2Vi9JT4avcjIr9GQxYrQBzC2zmVG2nkGIISyncF2mKLiDOKbQ+it8JCqy9dGCe3EH8/KMu0j9AqePEyoSAwFNTVkKAHG7i1ykrPCbAfmw5A46OBbjw5y9kz8nxZ78A90vOcDVd+i0AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAH6SURBVDjLY/j//z8DPlxYWFgAxA9ANDZ5BiIMeASlH5BswPz58+uampo2kuUCkGYgPg/EQvgsweZk5rlz5zYSoxnDAKBmprq6umONjY1vsmdeamvd9Pzc1N2vv/Zse/k0a/6jZWGT7hWGTLhrEdR7hwOrAfPmzWtob29/XlRc9qdjw8P76fMeTU2c9WBi5LQH7UB6ftS0B9MDe+7k+XfeCvRpu6Xr1XJTEMPP2TMvlkzZ8fhn9JSb+ujO9e+6ZebbcSvMu/Wmm2fzDSv3hmuGsHh+BAptkJ9Llj3e2LDu2SVcfvZqucHm0XhD163+mplLzVVtjHgGar7asO75bXSN+VMia/KmRHxK6/P/H9ni8MmjwqrNoeKKKkZKa1z37F7H5uefkTVn9Ac2NK5O/L/lytT/F57t+t+/O+t/eL/uf/NsqV4MJxYtfXxmwo4X/4F+NYaJxba7fN94ecL/jdcm/QeBnj2p//v3pAMNkPyOYUD8zAcbJ+189d+z5UYOTMyn2vD/titz/iODTZemggzADCTvlpuNE3e8/B/Ye2sJTMwyR/p7966k/+27EsCa23cm4HYBMGq82zc9/5+3+NEzx4orbCAxoMKW4B6N/727UsA2g2gQHyjeg2EAMGqEKlc9/VOx6vF/29JLgTBxoOIOIP4EcjaU7gCJAwAM9qYI32g+agAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKdSURBVDjLjVNdSFNhGH7OPOtnbicKXVrmbFEg05QS9hPrYlF4E9FuuuzOorsg2IXRTUO6ki6kG28SEm+aELpBkdJIndOyQJpL05HSaNkudG47nt/eb7iRJOGBh3O+77zP8z7vc77D6bqO/12RSERQVfWlpmlzdH/o9/uVv98b9kEOETyKotwjBIeGhvh9CYTDYYEIJbLb7a7u7Oy00PN9QnBgYOBguY7bawRGLnd2uVym2dlZsDqfz4dQKKTRfoTg7+rqkv8RGB0dZeRhmtnNyDMzMygWixAEAR6PB0ajEYODgzmqecYy4fciE0rkeDxeIdefa8fzqTROW82g0cxU4yKYKxmMjIywmYcJFXI+n4fFYgFlgNjKJr6kt/A+mcX1Gzc5Il8gtBjK5HJnukzT09MVstPpxPz8PJayd8Dxd3GxsQqfk8vMxSHCgZLATufLXq/XFIvFdnVmYpQHREVCQ00zXi3cwsKnCYmNEAgExksZ0IIly8uyjLa2NqRSKYTXH2P89RNImgLpt4ITR8+iuc6JnJjH2+JTXoS0GEAA/I4Dl8Ph4MxmMwqFAmw2G5SMhKuO21B1DSQPDTrSG2tobbiELalo+Lga3TgfNBwrO8jncjkLs89mzmQyJcuM/D27BJlcKJoMWZWxuZ1D+ykvtuSCIZ6ayJYzaE8mkzLP84hGo7BarSQgQlEVHBcaUSfYUH/EDmPVYdRaTmJubRKTyxPrBQkdlYPU39/Pvu0K2a8VRREvMg9QlCTKYJu50c/UODiX/Ro+rE5hbPHNT0nBlXSPnth1Evv6+pjIUlNTUx3HcUgkEiKtW7u7u7+1BA35jkaf6d3i2A9JK5G/7vkv9Pb2lkQI1eywMDLbtz/i8qpWZSpqqv1Xj54q1/8B08jE6o+fnvoAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ8SURBVDjLpZB/SFNRFMftj5IiW9saIQjGQrBiUagEFWLDydrUhAWzNNuWTZ1oKIUzf4RlzZY6sWyrLZXhfFszQ1eac2SQkYWW0yH0l1AWITSw1IXK+/beK0RBptCFD+fcyz2fc+4NARDyP6x5qInbVVEn5sw2SHdCL2ahQsiey4jhVW9IkBPDKbmfyibN6Rw8oLgrY0MnYaEofgcpPcitWldglLLQQhXqqSKdlIaNm8k8XDnBQWYMa2ZdgS5+O14YyzHVq8eQpQiFCTwUJ4YjX8SH+hh7wapNCQ0qMGdF/gh8/4SZN0Z87a+H13ENk89vwz85AiJ378xYq2ZLUEFjxv5B//t2TA87MT9KUNiZ3D9C4KFKMBz0Cbults1RxzVWoiAWv4ctCPieMsx/tKHzciwE8blPeCLz1jUFPAkRyhW35UWIPfB9noWjLBX2shQGOn898QsRSS/BET66xBWatq0ScE86NoUlORSRyYOYmJpH2xRQ7APy3gEXXgHnewCtsxPFRgXU9acgvyEMiEsOVS4LDsia0xJP6+EcWoLJCxS8JZE7QCK7j0RWFwmlmUCVU4lnviaMfnPD0K+B3CDAkfzwWkbwoTx6adqlxb1mFxS9VFeqo7KbxLkOEmdsVKyRoGu8AV0TjaBXreciDJ4cWhBgBN6KfaTffR3p6hZU988howM4aycht5KQWUgklx1Gj8+Clat7rIkW/P2IcWtB6Uhp1KJSeWsxTjEAJTW6agVHC/m441ZB51Ywxbo+xeoJaCbteWGVV6u5e9JcpsiE1i980eM5flLHAj/RuSCQZy7KaqNR585mOtOR3i//wUagLtdQ/KTH/hdr6PM/RhGjA91Gi1AAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKOSURBVDjLhZNPTBNBFMa/3e0/ty1tiZUChkZAESnGA54k4WRATQxJL2piYpR4UBNvnrwZPXjwiiHRBCVBUMJJ0UrlYtJEjI2JBCkEbLGhWGxh2+5u6W7XmY1LCkJ8ybcz+2bm9968mWE0TUM4HLaS9jzRxXK5fJS0h4lIt/yNtAukfUIU7u3tVbHDmMnJyWNk0rDX6z3u8/lgt9vB8zwoeGNjA7lcDolEAul0+iPxXQgGg8lthFAoNBWPx2k4bS8rlUpaNBrVRkZGBim4Uiz5tNXU1OB/Vl9fDxLkzE6/iTh10urqKmw2G6xWK8xms+4TRRGZTAbJZBJNTU0UgD0BJpMJ2WwWsizr/4qiQBAEFItFfYz6dgOwxl44jtMzcDgc8Hg8cLvdejEtFgtYlkVZVdFQnLInXnVPz/cHrm0BjAxoRFIsXSqZTGX4aL+0MI62didf13Ovw9kcePjlwZGebVswFlDRbPRFf4Gu/DQc3nm4Wk6jEJ+A2dlS7W4ojk3cbuzbAlRGNwBGBryyBFf7OajiDGz7D0JWf6K26wSvFLL9OoDKiG4AKzMT1SqUsj/Acmtg2AIsVWuALCK/UuRMdAI9KnITkUqlIEnSVoUt8jICmMK+WlJEJUMKtk6q5oRW2sT3F3PyzJxwnWZwJRKJjLa2ttr9fr9+DxiGgbj4Frz0Hgc6OqFthsCoOcy8FiRTbkXgyHhsUbh5eXhpjKFpDg0NHSKgu0RBcmQuenxt2jgaO7uxudZP7oELsx/y0udI6pZfll7a7By6BhM5/TFRQKUNDAw4SS2az/rePKvrPBVQ1iOYffc7/zX668bVp/PP/3mNOwGGfXp08r6j2tMnZgpSLJa+c+lxbHS3eX8A58zTPyvL4X4AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAH5SURBVDjLpZK/a5NhEMe/748kRqypmqQQgz/oUPUPECpCoEVwyNStIA6COFR33boIjg6mg4uL0k0EO1RFISKImkHQxlbQRAsx0dgKJm/e53nunnOwViR5leJnuZs+973jHBHB/+D/ah7X2LXWloilyMw5YgtD3CDiBWN4Zno8bQcJHBFBucauZfsolZDCru0OfFcAAUISrLZDfPzSKxuiibOT+T6JCwDMtrQzYQvZHQ5Cw2h3GK0OI9AWBzJJZFOxgtJUGpTABQAiLu5OOviuGIEWkBUwC7pasNZj7N2ThNJUjBQY4pznAoEWsBWwxU+JFXSVRTzmQWvKRR5RG4KVGMgKrAVYflexAAugDCEygdbUCI2F7zobk7FZY76DIDQgrT9HCwwt1FsBhhIu4p4D3kiS8B0MJz28ftfGSPfl8MPLxbGBAqVpptbslJc+fEPMA7JDPrIpH3FX8LzaROdrE5O51jalgid3Lh4b6/sDALh6971riErGcFET58gwDPGndG9JT6ReHcwfPorGygu8rdxvGxMeP3XtzcofgigWZ0/EtQ7n0/sOTe0/Mo7V5WeoVu61z1yvZzZX+BsnZx9opYLpevXp7eXKIrL5UWit0n0r/Isb50bjRGreiyWmgs76lfM31y5tSQAAc6czHjONXLi13thygih+AEq4N6GqMsuhAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAEoSURBVDjLrZMxSgRBEEXfiBiIkRjpRTyAuZGH8ALewmtsbOAVNjM1F0FEwURwZ9vq+t+gZ3aR3RFEC5qGLv6v11XdnW3+ErsAs9nMpRT6vme5XLJYLDZW3/erfCmF+XzeAXT/QgBwc7ewASUYsOHidL+7vn1eVzCkzNX5cbdhkIKjgx0EWPDyrpXu5HAP2Ujw+LrcTmBDuu0y1LV+JVaaSG83qAnS2iBzPDdZQTKZIsqEgQYC6TtBraKmUJoqUaL+TNAMjLI5RIhaW/VMTxNUtUbKbgTDFT7DK4pMU8bExhRSpLp1DzwaJFFFDhQRUwSGp7ckh4mM7ytKUqNVrzIREwSXZwfdtpdWwsRQXWpT2WowFRHZxNl6I+l3BvXT3D98bAjH+PNn+gIL+yQjrYYUIQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJlSURBVDjLpZNrSJNRGMdlr7qat+zKaoYhjqYphRCWCtKFoCj60CeRpDB0djHUSMOZm0JhGEmlNhczXXunDgy7TNcVcsjGpk6dNsiJyyjWNg3ZnJfef69vMBBkFn34wXMu/995DocTBCDof1h1cvBJnM5RTsBVyYLzBgvfigjopbGDfyUwK+Nfu2RsTNcTDO5aAk4RC1/KQ2BqjetbU+AiOZip/xNyLndQSeCHmMBUIQFzTjDWFDiu0O0qzmJKU4OvPSmYuETAXhKM8WshsOYR0NZlRAUUtOXt+Dk99hYufSu+6x7D8fEAnLozmLEq0V3M8ww1F4QGFEhz+Aa3QQmHsQPeQZJGxdRuEwnp+SRjwCs0FpwIf3guwfayKBE+owxzI50M3oGn0JbuQW323vE7uac2rSpoFB6Pll/M0FjEofDZe2Go2ocu0VGG5dpjUWOEXpPlp72X5h/irhBIcrNYNunp5s+31gFTWmCsAfiQDWiOgXq2H1Q7H1TPSVCfmjBaHY4HFzJfNOQd5vgFZGHmo5n7bEBfQlPMBNGVCqgTQZGxWGjhwivbCKorHb/UybDf5UFekE76Bf3lu5ccz0uxpIgBOvgMlGoXPeZhvnkbHY7GbEMYnHVseKQb4OquQF+JYMEvMIsElFsroTfQL/TqCBYVOzHfsh0++RZ4mqIxJ98Kj2wzc7qtJhLTb6pguJ5A+QXDLZfLTGXxi45762G7TUs6BKtirWZjWByG/opkH52pWvEKEyphRK8oLan9aurkgCSGslRHYVTCwQjNkDgSpptcqrMwafZd2cGUyTZhRMDf+C/8Blefvm4GxFC9AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGdSURBVDjLpVMxa8JAFL6rAQUHXQoZpLU/oUOnDtKtW/MDBFHHThUKTgrqICgOEtd2EVxb2qFkKTgVChbSCnZTiVBEMBRLiEmafleCDaWxDX3w8e7dve+7l3cv1LZt8h/jvA56vV7DNM20YRgE/jyRSOR+ytvwEgAxvVwui/BF+LTvCtjNwKvj/X8CbgXPOHMEZl559HsTu93uPQi7jBiNRgMEx8PR0GIxRB+y2eze2gqQeAXoSCaqqu5bpsWIdyzGvvRrBW7rdDo2I6ZSKeq7B8x0XV/bwJWAJEnHSMwBDUEQWq5GfsJthUJhlVuv11uckyiGgiH2RWK73RYRb2cymbG7gnK5vIX9USwWI1yAI/KjLGK7teEI8HN1TizrnZWdRxxsNps8vI3YLpVKbB2EWB6XkMHzgAlvriYRSW+app1Mpy/jSCRSRSyDUON5nuJGytaAHI/vVPv9p/FischivL96gEP2bGxorhVFqYXDYQFCScwBYa9EKU1OlAkB+QLEU2AGaJ7PWKlUDiF2BBw4P9Mt/KUoije+5uAv9gGcjD6Kg4wu3AAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALzSURBVBgZpcFdSN11GMDx7/+cv06Px3ePujrqNHG6RYxazbEaxdquuinoIiLqtoIQ1nUrogiqXdTdroLIIroJ2l1GDW0uNzWcHdGpO2tTm1M3X875v/ye5+kIuwi6Cfp8PDPj//Bf+OB8XbYp/UtNqjyLeWCKmCFxTBjGxHFMFISEYYgrhkhQJCoG3F3dWMrnFp71O5qrp44ebMt2tjSwS83YJWqoGmKGiCJqiAiiRizC+OQfDT+Hmzn/wcaqbCaVZDa/ghPhytR1+h/rZWxilkMPt+NiZeLqdfr69jE8PEXbvmZElJ5sLZnWvfW+54GaUZb0WN9WCs6jIGWsF2J+Gp1DRFFLEFFJ6JWzdmeTjmw9ThXP8/De/fJXS7giCTW8RJKjj+5nIypHVBE1VMGJ4lSp8QsMDY0Rbq/hopjVW5v4l6bzr/Rm7KPG2qpkJpNtSZZXektzOZZW1oic4JwgosQCJ595gu4DXTo/vTW1vLWp13K/nfXMjF1vnv1h8MgjnS/1dnVQm06xvznBP7311XGCeJvu1KdMjM2c//rj15+jJEHJi+9/395Yl36+JdNIJJDew7+ELibb1Mf4xhv41bXHuM9/+vQ3XlrD73qf7KnA88FLUFPhMTB4HDNHpI7IOR6o76av9QhbwQ6/F0/XHT4x+t7loc/OeGbG2+cuyInHexJ/bRmdrdUc604zMNjPyYOvIqaICoqxcu8m9VXNXFz4kSs3LhC4sM6nJIg0sXznLvPLOwRhE0Oj0wQaIabk1+aI1eE0JpaYzXCLQ21PsR0XuLQ4vOZT4uKYWJTIOWYWbiJqBGUBThwtNe04FcSU5Xs3aEi3Mv7nCKOz41Y0DvuUBFFEsRjR1rQHcT5qxq3VkC8ufkKkEYGLeKjpAP1dpxjLDzNybYzmuZfjkW/PTfqULE5enSncXu0tq6hCxaGqJOMzpFxEhTNqTBgvDuAlKhnJXWZv/jXW59c/p8QzM/6Lrne8HdFkqqjSdftDW+S+vwHrxbCSH7ilcAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGMSURBVDjLY/j//z8DJZiggtx9Sasyd8Yxk21Axo7YSymbow4QZUDJ8QyHoiNpB/IPJP/P3pPwP3177P+mQ5X/6/aV/o9cFrATrwHFxzIcCg+nnplzacr/TbdW/19/c8X/tTeW/l91bdH/5Vfn/y/ZkvPfb7rbHZwGFBxKnTn9fN//jTdX/W8+XPU/cX34/5iVQf8rtuf/L9mc/d9nqutuvC7I2Zv4AOjf/0D//o9fG3YIJh4wy+OS9xTnQ2699kyO7VacRAUi0L/wUPea5LTGtceW9FgA+ncNyekgfJEfZ9AcTyagfw+59ztcgolbVBsdMi7V/a+Xr/lfK0v1AV4XAP27O2tl0v/UJbH/rRtM/5tVGf6PmB74v/dE0//khdH/VVMUZ+I0AOjflxnLE/5PP9v7f8rprv8TT7X/7zvZ8r/nRON/kLhKssIZxXhZB7wusGu22Bk3N+x/1Mzg//qFWv+1s9X+q6cp/1dOUjigEIeqGWcgAv17AOjfS2RnJt08DWbNTNVVVMmNhDAANau2t3wToKQAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGKSURBVCjPPVFNSwJRFH1SPyR00V+xIqJVREIEUm6VFm1ahFvLiiI/oE1QRlQgUtgHlKhp41dlokVFpKmjo41M69MZlbi8d+Gec8897z4BoYcwREdj67fJsHqunkp728cjvToR/UoYs66I9og6OvjEA0o41FzeXWOfkB+6CZQIqajhGz/MRWQRh+dg3USCMNyvvbG3xVDQ5JFRJkXFNZZ8JNyZw1qbfTrUZuhwk1mihktbGRNxd45QqxvtroqMBip4pZcYHB4Rkhr44oh2H9bzJ/srHBLEYkoE1RZF5X8PLZ4qnmm3SqsOlQSpC1X6KhU+ssacwxlvW0ccSWnObOCdkK7ygUcSmijQ5BNsKeH1FMnOkK2wWOCtII9LDlCxBeuWCJh3tTynKVRJItG1meUOyqTMaTMT3KTTdwUNUYa+i3uCMvcSgR+2VTFAwo5xcz/EV6dps06VKLu/EMDUyeRw/7NcRoffqcXp+4I2X+DB9K/VbTH9/6Yey6MLfrtkV62d2cz8hmVcDPbqfy6NlFRFHkA7AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJtSURBVDjLhVPfS1NRHP/ce91wW9MZrjLLKCNxTEgcG9FLj0EgmbApPfQHBEHsL9B6CnrpRcQeQpIiWgwjlN42X3Kza7nKGEXRxFpMhVq7uz/OvZ1z5ubGpL7w5XO+536/n/M53/O9gmVZiEajd/x+/7jT6TwmSRIEQeDOvjEnhMAwDCiKUsjlco8mJiZuoGosYWpq6i3FHev/pk5PT29WiZm3MBKXy+WjIA1HH+NfNn93zG6z2brq9ziBKIocHQ4H2jwdLIZAXaTXqK5/ft/Ebi6aCJiUqkm7BUJdsSjsFVgQmgmYsUbdvubjqOs6b1oFdb5HfO08j7a2gUCsFrPuZzIZLCwswG63Y319HYlEgl+rN/0EPT9moJa2YZpmswJCKpvBYBCBQICfzNZMBdH/oDQo4ODxEfz+9gJmo4CKAoMYPJBlGfF4nCtYW1vD4uIiWhUZnq4Q2roGsf35JZwo7ENAT2QWCoUQDof5dZiCK5fOw8gn4O70gPyah7d/HEdbPiDz8KKtkcAgPFhZWUEsFuPdX12V8enVfXT2jQBlGanZORzwKGgnORhlbbiBQNO1moJIJMIJzvY6carbC3dHCab6hb6fCVJM4+SFKAxVvZW6d85da6KuaUZyaUmiKFTmgsCTn8Xp0GWYpWVaq2BotA+mtolWVxaHB8b6N5Yf3KSpk1xBsVj8mEwklVQqjXQ6jfy7OA71DMHpLsAytujjS3j9LEszTZjlLLxnToCo+vXkpN8n1E9h1ai8jYGrc92S+JUS7PD5q++75OhD/v0bZJ9PPm3Z76cxVK1VnhlVLProFh2cPbdqCIaWdeQvTLNXD529QmkAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALhSURBVDjLfZHtT1JhGMbd+kPaNElNnCHqARQ4TmnjRYRVSPk2hShMJ5IK2hQxdDqxZBnVkuYLpgg4TaeuzElutdXogyw/NNeHvrg258t0mCuuzmHLomVnu7frvp9rv+e+nhMHIO6kEsxzIZjlkLTO9Wcrc7xZ4b89MQ35gpfwZ8+fIZA7lT2j7yuM501karlj7L3/AoT0jXOcW7/6HF/2Ic+TtXWtTeQu6uSGuYMZkWIDr/tEAP85sZM7TRxGV/YSu9zxTHDcbHCG2GgN1CPwZQqm3nLItKyGfwKonGTOZBb4E8SOxFsAX8iFhfVR9L22gXk3CeXzcnjeOnHenor07nNIs6VQt04Tu1TO4+xUzojAzcF48B7uLFaiZaYYjTMV4DsJMLuTUTmqQn4R49PxBlTOIyonuM8yh/lu4utlXxHc7+2wzJXB6JOjdCQPao8CE+8eY2C5D2kdyeCpE6diInBG2W+IoQwQrgx4P9xH62wJ6r2FKB0ioRorxMMVG4zjKjx61QlmawpSzIz95MbEmpg3IJ5kHKonlOh9WYM6jwwlT/NwcViKB8sdqBlRoGrwAgXoRkoTA0nGM5GzdQlg3Iz//YDZA6yD675K2BcaUNV1CdaudrhcLjRbmqBxyNExaUBze3N0ZrPZtvV6fUNiVYL1GMB1ZHaxepjQ3q5Af38/Njc3sbGxgZWVFbR3taG6RY/Qx1B0trq6GvVIpdKemN/I0qWHao21CK6tQWMog0QqgVarhcPhgNlsjmqJRIyiK/J1GmI0GndiASxWj8Vq+UEDal06kPkklpaWEAwGEQgE4PP5wBfyI/FXT0e3sFqt4RgAk8m8odPptmmASF0QEeYJIRKJoFAookVrkiSPlErlIg2gvTGAZOqTyWTrdrt92+PxbPn9fjidThgMBphMpqimZ/QZ7aG9MQAGg3FKIBCki8XizxqNZr+6ujpM1Td2Met7mir1gNJ79Iw+oz209ye6Km+xbu69pwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIxSURBVDjLfZLPi1JRFMffPzGLNkW7Ni1aJUitI4IWLVpm0RTUohazqkVU0GhjGcGU1NA6dFQ0FX09QVHxVzr+eE9RRMw0NVslPcmn8517nulkOj44XO6953y+33Pf4SRJgiiKyOfzyOVyyGazyGQySKfTSKVSawC4VcEVCgWMx+OFaDabKiQej6+EcKRMBY1GQ1Wu1+szCJ0xF4hEIkdCOLJMyaRGB8lkMt3v96EoinpOwFgshmAwuBTCkeo0kRX/YZYbg8EAnb6CwLeJk1qthnA4jEAgsADhSHlqeTQagYp//B7j+d4+nn4BhMbkrlqtkgv4/f45CMd6lHu9npo0HA7RZsqGzD7eiMA7CdjaO4RUKhVyAY/HM4NwiUTiHOtR7na7alKhp6jKZgb4UALeF+ch5XKZXMDpdKoQlRKNRrWsR7nT6ahJxZ8K9OkxzNIhxJAB+K8TSKlUIhew2+1rs15CoZCW9Si32+0FyA4DPPpkx/23Otx6eRk6/QU8MW9gd3f3xNyLsv60giDIrVZrBnnGIA8cH/HYeh1ucRvZ7zxMn+/gquk0zt49Zlz4rzzPa30+n0yTSBCJQa4ZLsJZeAVn8TXNCozCOkzCbQIMlk6X1+vVut1umSaRIJcenoFX3MG/nyu/TYCjZ9zlcmnYS8s0YOfvncQWfwObvE4t3vTrVjuYhsPh0NhsNnnDtI4rxlN4wd9UlWml/dI3+D+sVqvGYrEcZ8l6Fr/I9t9VT/cHUXogzRNu46kAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKkSURBVDjLjZLfS5pRGMf7N3bxslsvtsWuJBi0i4UNRrtYIeIumuwHbAgvXa0mMWGjMDebmSzTQtNuXGZLZr5ZXRQUJjm1jWmGhT9Wr/1UQnQX351zNkbt3cUOPBzO4Xk+z/f5ntMAoOF87O/vc6VSiSd7sFAoiLu7u2ImkwkmEgl+eXmZ+zv/wmFvb6+JFPqPjo5wfHyM09NTHB4eolgsIp1OIxwO+30+X9M/ASSJI+GnRWdnZ6CQxcVFCIKAnZ0d5HI5BhkbG/NbrVZOAiBSeVEUUS6XWXcKqdd/oFavMxW0OJvNIhQKobe3l5cAUqlUkCZSSKVSQXQzC8uoB0M2NyLxDMhoSCaTiMVi0Gq1QQmAmCQeHBwwqbSrZdQNVygN53wBVv83VKtVbGxsMCUajUaUANbW1kRiIra3t1Gr1WAeccMeymNkroTBme8MsL6+jmg0CqVSKQUQw4JbW1usAx0jGk/j3YcvMPhySKaKyOfzDDA1NYW2tjbpCOR56DszwPT0NOLxOE5OTpihVPrk5CRWV1eh0+mgUCikJtrtds5sNs8tLCxgdnYWTqcT5A42m43tA46X4C1qPH57F6pXNyu3n1/TXQB4PJ52h8MR0+v1fgqIRCJYWlpif+G91wi99wECm8P4XBRgmn8Kpekq5M8uGVmx2+1uJ1EbHx9HV1cXp1KpoFar0draipaWFtx/fQszyUHMfDWDLmP4EUzhJxRQZQCXy8Xmo7ObTCYYDAZYLBb09PSA53nceXEdnzbtOL8+JoYp4Jd8Oic1jbq8srJC/zwCgQC8Xi8mJiZwQ3sZA4IGfUInK+4LdV5U0N3djY6ODvo81GE0NzdDLpejsbERMpkMVxQc7hlleCM8ZJ3pTs9/PPifIMn9JMpU9u+9n97/BG848JbqijsUAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAK2SURBVBgZBcHLjxN1AADg79eZttvddttll+WxIGrAV4QYTbxoYsSLgjc5arx68qCGf8G7J+NBEg8e9GqURDEmEiOJAWNUwIi8sryWDbSdmc60Mx2/Lxw78caZ1fXVo1EUAYAAACAIgICymrt/7/6P8er66tHPPzklNIJyPgNAENRqAWSzBEFdN9TzWq3y0ckPj8ZRFKmUwuxL6fcXrJzJbJ18xFKv6/LlX1xMP3Nra6jXW3Z3eyiKm0Zp7t1jtWYcaQAMh9uGT7eMkkR2+m9JcluSJEJxQTEZm2Rj00liMkmUeSqEOYI4APr9ndQzi+/v4OPz2m+tWd+zV2d2xaQ8pDfoaUUNcbMlyXIhFAgaQDAcDiXJ2MP1ymilNPn6X6q5OvvZrEhk49SsyBR5alpkQqhBDNDvr1PPDPrLhu89Y+XTbeUre7TXCo9MtzW7+y22I81W0zibYkSgQQB5XkiTzHA0NF6qPHiC/Iv/1FWuMf1WPklMi1SeJubTVABBHACdzkB3OdVfXgbNtx/V+eCsuDpg7+pf8s7ERvcP7daW6eSaqPGOgDgAxsNUkhRI/bZ5x41Zw66DlSdPXbZ5PLUr+kYx+slg8Yj2uW1hNRPQEIKA5cFuFgZ+z0rXpk2DwU53XjtgX7xisrXXoDuycX1B54dLbrQqdbMFYqjr2rmbV13YvKTb7cnzXJKkkqLw61MNh7+6Ijl/3eZK0+3nHzdqBvtbbRAHZGVqq5ppt7qWOn15MdVd6Or/ed2+W5lWkwfPHnbzsZZ2e8HStKCuQUwQQkPPsknItKuOxdC16+I9rc2Jqy8dURxMvHz2oX/27xa1m5irZqWAuCwrVVXZ2PGcjVUCCMIhvMpaCCC8OPdCNBMttESNSDWvlFUlvHni+Hc719dej5oxggAIAAAIAIGyrGzd3Tr9P5JrNp8Zt4rCAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJsSURBVBgZfcFLbExhGIDh9z9zztw6marQUm1DNZEQEdUpsRC2lLgsJDZNGmFjY2nBErGzENewIEUQRBBBJFW3IC6xqqYSd4tWtOPMnMv/fdqYUIvxPEZVqWbn6sUzm+tyV3OpTMFaQUET2eSN7YdvdFHhUMWudR1OY23NxVwyXbAiWFUiK8YfLa3ZvXFpDxUOVbTUanZKpmZ5Jl9L67w5NDY1IKKICHWZzAkqXKpI6seoftZsae/a7Ez3ikwoaZox63H/7LGACocq9n3fE06dlh3L4hOaFMbLMiH48FTntjWGVLgD1wt+Oj8/Y4zDX8r5rZ/ibYcWvjxV09/R3NJKyXh4JuTDx2HtHVrU28lvZuBap7ateYQxBpRxih9Ydhx4QuvceRQKAU9vncWYNF4yT1NHN6eP3olvv3q/JX7cc8EMXC5I29o+E349jA0T4OTZ2xtRmrqaKZ2zGCyCtfzhKkxDeXHuXvDm7etNLpFBJcSGSVSUn0MP6M6/gvg4PKSq45uupA4+33PJxaiRuMTo0CDRyCckKlO3YD0/2nfxL2VCzoPRk8v4kpxJ86IVSZfIwc3UM2PVfkBAFRuHJL7f5KtfxqqlZBP4McQ2orlhCQaIn70ojXj9sUukqC0TfjsJKL8JKbFkyTEmSYwYPBWsRLgEWCDR0d40Z2XfiEsAKjEYQBUQkAhHIxrcH9QbHzVF1CmiDJPOtPMOOLOSEca5hIrBgiqoBQ1RCUDKqJZQ66O2iMajqPUBYTJXQyH2h5HYA3VAE6h6IClUakAjVEMwITgxtlxmMlfLweehIxsaUBwMhv9RwNwF0WEqfgE9XTQvEQ+I/gAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAANLSURBVDjLVZBrTFN3GMZPlpgli/Gb8ZNftkRE42VsWYxuJsZFzZKZmPjBDYzhw7ZothgciMplRWe4WMGQrRNEwMJA24rSFjBLa8uhVDqGba1QaksrlFvphV44pxekz95TtdGT/M755/2/z/Oe92EAMCt9zAeEiLAS/xIfCvV3odqmN/cmIudtnVnuYdYRdSuj+bOpgA6R0QKfSfmtoViT0hPBN+hHlMfYqPl0gJ8oD1K/idicMfB1M2UR08m55GIf/E8Kl/+T7Y3VGAL4Y9SH25aFDMK5nnXDIsvjwrYqLmb5dYl0Y8Q6xtvOVESt5cHFocJlY+fe1cYnM7hnnUcX+xKSnnE0ysfRrnWjyzyL1kEd7MrDa7xX/mrxYa6DtDnMVBPz1WTzR47hlp1cnc6NbtMMenQeuLwRBCIx+CMrcMxE0PGPC61DHtzrFcPatScx0bzhKWlzMkEU31ZdK71vQ7PBAxlNE55QOIwXcwuI01kglgZuql2Q6J2olLE402a8mslAeOU3jelLFDbcHHBggiZzq2nEOA5/trbBR0aBuWHYNEUw2L2olj2D0CtosgbHb7DBoq6nqP3bCh+fQiixhiRdXBRVofuBAmO9pxB0ymG3tOOcxAShV9BkDY5WDwR/bDFB1GbGTCxFJmvwhqP4XXwdd5t/ht/eidUVFyZUBbgi6YHQK2iyBkcqFfoTDTpUdYxh0BnGPC3tjaageayEnUQJvxqJ+XqEpvrQLz2L7xu0EDRZgwMld0TfiB7i7C0jamQO+CmwUDINz8h1BBwKJLyXwdZ8hlRQAXPrQZTUiiFosgb7fpF8TowfqlChqIlFrWwSFrMeHm0ZkktS8K5CsNWfIj5dirC7H/0NhxPfFV/enzUQ+OIH8U+nazq4ry88QKH4ETQtBVim4OIvi8G9OPEa50la5QamBxsxXJdX+Z6B0Wg8YLPZoNWxry5UlmCarUdy8a/MdM6ZTyvkZb68+wz4hV6wV3b4Bqu2b8uI1Wr1RiLmdDqhVKmC+vovo3xgCsmQFoklymBJ/g73sRp7jtmRTjwu2yLPGEil0vXEJJEkttPvBQzVu/mhq7t4msTTJF7/Wy6vq9ga15ZvS2su5aa1pZ/ENec/HvofoDruXRuQqRYAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHFSURBVDjLpZI/aFNRFMa/m/eI0eBUBNuYhgrqICg4l0Jra0AFp2C7BMFBdBKngiCdxM2tHSIUwbUIkRpIh1jUVYoUB8HiUEuLUPL+3L/vnnvdooIpqT3jOYff9/Gdw7z3OEqF/QaL69wLY5Eqg0goPL9dZv/ay/UDCG0xMQJcLYXopuLwDmKpIWUIpQhR9B+Abqqw/EkgSgTiWPYFsKOGmDto2Gq1fLPZPFCh56DT6XjnHIgIWZZBKQUhBKSU4JwjTVNwznu9RqPB/srAGINqtcoGsV2v1/2hM/g4V5m3vHvfclGmwG8DWLzWts/Yw/W7nhyBnINzhKXpVwwA7ryteW01lDa48mUPt5KCOT9Vyx8buwj5uY3N92t4ke0iZ8liunQTM2duICPbU1SZwkRpEuOj47iw8RXnpmr5wrd3YC/ncGLrNc5WhjC5EyO0RCBn4TzBEvUAUmnEJkJqElyODQqnx4Drj34/0MIwTglCaMnizdYKyDmQ+wOgFVY3W9Da4FIxgNhYRbH5AFruQgBI4gD7x4PBQvwwW1rInyw+Lg/ZMMxtI/lp8X0voEz5J4NfYXZ0nu/v3AuIVSjwPzywVG3bp78AeAkDORpY/RgAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHySURBVDjLpZNLaFNREIa/k3vTR4qKFdpaxZhFfeBCUEF8oaAiulIkoCtdFATBRcWFG6EgCG5VfFBduBVBFIIQHwga3GlREJVqS4OhrRKjwdxc7z0zLq5JGwwSceCszplv/n/OjFFV/idcgKOXXg4BSWArsB5UUQyixGKGmAERQSyluKtjK5fO34Aopw6uMqgqRy6+GNF/jPO33qiqRgqAbQA3csW6tL8ZG9zSzdvJkl+3gGhf7XKgpx0AY5onv5v2AfCqQVsdoKqJWtX3M35LzVNrzSxA1K1JazXECnMBBiA9/IiqCKKQObub8cK3psmp/gWoWABiESCiffECNq7upeiF9cfzEm0Np24htA0KAChXLYEqFT9sqBhYpZQd4Wv2Gl5+jHzvEtbGdwB7I4D5rcD3A7zAYqtBA6CUvU4wept16UHaU2vwXmXpfPqQB7viJyILc3692WTPZC4wsP0AHR+eYG4eJvHxDqlkN2p0yAWQUBQwAPdzEw3J5cpPwqlJOvpSsO/k7A4ML8YRs9wFsCITQOr11f1/dBsg39NPZTRD173j+N4UFaD83cE6FKJJtHI3febxClXdhMhCkRBUULGohGzu2knb82ckF3XiOnHKn0PGp2OqyGXT6jrnDi07/aNYOOZYk7SOflK4sicbnvsFhzwbXdu8qEIAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHpSURBVDjLhZNbbxJhEIb3T/RWw78g2fjLvLE2ppe1TYNtvGuNRo6BcA4kIBBOgXCU3QXploCAmNQE/VY55PWbj7CWcPBibuab95l3ZmelZrOJRqOBWq2GarWKSqWCcrmMUqmEYrF4BEA6FFK9XsdyudyKfr8vILlc7iBEos4k6PV6orOu6yaEctwF0un0XohElqmYulGiUCiUptMp5vO5yBMwm80ikUjshEjUdV3IxX+45Z5hGPj29RcykbF463a7SKVSiMfjWxCJOq8tLxYLkPj72MCbEw3nz1WkwytIp9MhF4hEIhsQic/IJpOJKJrNZqKz7aWGm7Mu3l/quDppmxBN08gFAoGACZHy+fwzPiMbj1dFSvVBdL49v8PHq/stiKqq5AJer1dABCWTych8RjYajURRu/EDtmMV7y7+QWzHGj4FV++tVotcwO12H5mzJJNJmc/IhsPhFuSDTcfb0w6uTz/zr7MQLkKhEJxO59ONjfL55FgsxgaDgQm5fKHg+lUbtxdt/Jwaj8UWc4THEY1G5XA4zOgSxeLqD7h5/QW/jbkpdjgcFnOJu44jGAzKfr+f0SWuPzGJeX5DvBdA4fP5rHzTjA5MUZSd4oMACo/HY3W5XIzEdrvdsvOU//e78q5WLn6y7/0viZYv/mL7AwwAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAADhSURBVDjLY/j//z8DJZhhGBhw8uTJ/5RgsAF//vwhC7948QJhADkGDTEDHq2f8v94ktb/Pc6s/w9Gyf+/s6wd1QBCmi+V2f7/vrX3/79rO/5/XVH0/0yu/v8rC9v/M4BMIYT3Ryn9/wbU/H+S7///5YL//7cp/n/d5fB/f6QicYlljxPLv39n1/1HBu/rJf6DxIkyYKcr8+Mvc5P//wdq+lHG8P8dED/MYP4PFH9ClAGHw6UaTqao/n5Wrvj/VSXr/7spjP/3+rL82eHKXEV0mj8SLlsBtPE+yNkgF4E0g8QBOvk+kKwjj48AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAISSURBVDjLfZM9a1RBFIaf2d27H1kLTRUQEtAUojYpxA/yA1JYCKmtxE60XSxSxCb/wCJiY2NpK1GwCIEgpBBCQK1CihVMcM3m7p2ZM+dY3E3YuKsDw5kZ5nnn5Zwzzsw4HenpE+P6TWRjAxPBUkJjRIcxW1rCPnyi/fG9O2VqjIxRyEZAFSn3IliIo8hfAlEwEdR7VKQUEjlb1yYIVM4JhIh5D3NzJO9R70nek4oCNz+P5gMshP84CHHVHe6tNG71ad2tQ606PHdIXhA+75JCXP2nQP3+/gFS6ccbDy/4+iwpVTApcJKTDfZpVt723b10MMq40yrYmzu3wb0LC89nfGig+S+kOMFigUkAV6XRdEx9fdkl2oPs2e72+Rwk6ci1RzNeWqS8RwolaDGgRY70fpIf9Shml2f0OHXGkmgqi7F9BR0cl6AEkIhGj0lA4wD5fchApsCnxfEcqE2rVbFYoBKwFFEp4RSGIr4geUGTm55QRiubSOKZ9bOZhlECljymE/rA1I5c7IOm89bFl3mIHlAQD5GjcQcpbtZ6e7hahqZwznr5cqKStWj6H0hgc9zBQNdqO6+7mcupZE1QxVL5JzCj2mrTaGfUvmx1TStrY30AEF7MP0ZYDQvLM0X9MkkU8znEnPrJPrWdra6KW7m4/m19ogBA0bl6W/vSIeqimpsmgZk7UmFT69napVfft0fv/wFUf661fqqpcgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGxSURBVDjLpVM9a8JQFL0vUUGFfowFpw4dxM2vf9G5newv6OIvEDoVOnUQf0G7CEYQHVzUVZQoaKFugoW20EUaTd5L+u6NSQORdvDC5dyEd+499ySPOY4Dh0TEK8rl8n0mk7lOJBIpVVWBMUaJAzCFEMA5B8MwPpfL5VOlUrklonegWq3qEr+c/2Nbq9VWHs9XkEwm0xLUy/Lzn5KbD1exaDR6FlpBURSq4/E4HJ2c4jMwmYpcw6vf31be2bAHQTPVHYEFyAr7VeEACzfAQKPuSmlCy7LINBcteifSx3ROWutzlCAZ3Z9Op9ButyEWi8F8Poder0drXTQ1SNUeqalt22EFQrgvC4UC5HI5mow1EjA/SjdEjEQiYAd+HV8BF5xwNBpBo9EgBZPJBDqdDimYzWbQ7XapmeA8rIDLiRjFYpEm4zTEfD7v19lslhSgJ2EFXBAOh0Oo1+vk/ng8Bk3TyBtd16HVarkrCRFWYFqmrwAzqMDzBhMVWNaeFSzT5P3BQJXI3G+9P14XC8c0t5tQg/V6/dLv9c+l3ATDFrvL5HZyCBxpv5Rvboxv3eOxQ6/zD+IbEqvBQWgxAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGGSURBVDjLxZO/alRBFMZ/c6MmomKhBLv4AIJiYekjCFopKSzyCnkGW99BbMTOQhsrBcFKsLCJhRYBNYYsWXNn5s6Z81nMGu+626XwFDOHge/PmfkmSOIk1XHCOvWn0ZdXsulPpAFZQbUgG5BlVDOURLWELEJJXLz3JMwTVOP0tfsLChIEmC2A4OD5g0UHebLLWQl5bAcBJAcC4i9D6FZRiUtGMMOHb9j0PXhGGtruA3hCnpBHzly+i5d+CUHNgCFPoDIDjcEJeQ8yNCxxYL/2m+U55Yh7mpFE8NhE7GiRwGsi7bzF8meoA8io6ZC1jfWm7AnVCPLld1DjPna4y/kbm4Djw1emH56h2oN6VFNzIKOOCI6DFCTKj48cvN6m9jtQC64yAjcXrjrnoBu/94VbDymTPSZvHs/A6RgsT0gZqC1M/46AJcJKx7mbW8RPL5m+e8HKpeusXbmNI1AFDHBkmZHzFpO9p3fkJSNLqEQsfgc6uhCQJRgy7qlF2ypXHynMEfy33/gbubc6XKsT2+MAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALVSURBVDjLdZJdSFNxGMafc3Y2PdN2pGYjsdS2WFu1oiy8KKSINPqAGtgwhMgKrMAkiIigu7oIvRDCPjCKgj7og27sg6ALg75EW2roMldGpbk2t7nV/uer90RF2Drwuznv+zzn+f+fwzU1NfVpmlZCfGltbXUiy+P3+1/LsuxUFGW4o6PD8/dMIKFLVdVLxK5AIKBnMyCxQQtRPXUmkDCH2ErucmF9i5LL54ApOpgG7C48hdn5QN2BJwKJKwnvVAOehK+INiL03HxWTIlxkbfaRV20i2H4REkcFRljQ8QFIvhPAhLaiEpCkcwv0ZnqQrmpGbzqxv3oFgQnFoGxHQp9fRshZTOQiTANFzlygOUz8jHB9mIy7UM0vg6hZKFxfo0wdhz/GNBL9stgQZXDCQtnhYIypKRxoOgyNE5GO2PQVPld/Spu/ciNqheZ8Y+n5zX0tRsGXE1NzQiJow6HY3EsFstWAnp7e7/5l6ixxsbqIslbi8iTluinF93blx4J3TMSJIg74XBYcR+7s0ykFmQVYFRovf0MivM5nDz4KrJ/z4piyV2O1Pu7ME9zTy+Yk7l5t3HuLp5u1kKUEaanmRNIqMMU1+geeJucCZvSg3K31Vbg28ip6TfItRdBsAKzKpdYnd45bQIJzZSgjOD+10Lex81Mjr0Db4qA41Ow2CLA9zQmP2dMxhHixDWiYWoL1i9erGFPYVtTWqAp/eC1CfpzpkGXGQauDn7vH0zsMRIsJnEtUbraXqJbOBGyWAwpGcLcTA/nrqiFzh6YOXUU3bdjyMt8HjNxHELDiX11V8I3DQPSyucsFsv5B4fH/tz8gbUaPBt2gkXaIAgS+h9OZo62D6mHF4rzcvNMCFwcSf5c9Pl8Ax6Ph7lcri5d1/GbD7eqn2XGjuupwU364+YKdaW7QOd5fujvHQMhGAzOz9b9p3DkYSL+qDQdTX17H/p6qHMgdj3b3g+UOcQZKOdjkwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAMOSURBVDjLVZNNaBxlAIafb+ab2Z3N7Oxv/nYTEyv2LzQJpKBgrQqNUKmY4kUIXqUHT70p9iB48CKIiN5E0It6KFiwiv9FpAVpKUggNc3mZ7vpJpv9n93ZnZ35PNRI+8B7e9/n9gqlFAeIVUfPeN3zh0R0eVpYM1OanhvTCEY0f3tU79+ctnpfHM73fuQhxIHAWHnmkOGXPjgZyS09l5hnNv4YOdMhoQmigzqGt4nhfeub1fpnVsl/e+hMv/q/QKy+Me0EO5dfso/OvzB8grgV4HGXJC7jwAQ2oxxDuC36xZ+Rhe+v6iutZf2iqklReNe0tPSHZ2Nz84ujR7ht3iJKjcexiOIQI8SiixxcR7QtRORFlK7O9t0rlyy4KBEj5+YisVeez85wy9zGIUeGDDYhDhYOITYuoh2BvTJ68y7B0GnCym8XGq+KL2U0MrE8Z2SRVhqdPmlCsvgk8RlCkgAivRbUNKj1YPMeeu4wcnjRql7/+jVpyvxsPjbK3whi5LEAB0WWgBRgqwAaFah04X4V7puwdwddz+FXjJMSbXI8aSTYCgU2oKMwEdgCEoDhug/G5SjsmFDUoV+DXJ7BnpiUVCNBaJqEXfDVfwG6CjoKnF4crZGCVvNBug0IPXzPZOCnAunfk8W6ro7H2gK3A02gGoDeA1MDGx2nkYG6C24bvDaMSzq7ZfxBsiC7O+aNDaWOn0oLfl0HMwDlQRCAHYUkEGvFkLsp2G9Bo0n41AiNG6sMBvY1yZr6/JsV//XZZ3WZaEp2t6DvgWFA1QRHQbwjSDeTUGvCiSPU1ovU/typQPIrTV0yrrl3vE+/+8XlaCIgq8H+BtSLUN2C2ibsl8ArR+HYGE0rwvbvRTr96HsL6od1CUDDf+enK92JwT+982cWEswvRmiug6qAr0E4AV4uoFXosnV1g8bN5kcp7E8eOZOYKtmUqm/ZiDdfPhV3Zp6IM5k0SIUBstwmXKvCX5UdM6y9n2b34wV1IXxEcEBU3J4dprU0zODpjFBTIyoIxgjXxlB/PIl1eUmdLjzc/xceOVXddrB6BQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAInSURBVDjLpZPLS1RhFMB/M/eOr0YzH2mjghPjwoWGInWTMDCkmVZB/QPVrty1GXAVtHATLRIXtWgRBGGB2iKxIEgbopJhTMse9Jrpjoz4zuudx/d9LWxGh1oIHjicc+B8v/PgOw6lFHsRJ3uUPQP0eDweBM4DSClRSiGlzFMhxD/2r95zmKaZqaqq0gB27iPr/89m/UgkInSllOZyubg5JUhZ6yx/fIFKb+Csbuagt4Uz7i/4fD6C4ytYdgprM4Vlp3lw0YcQQtN3Vm2fu0XGfMOPaJTvCxaqbxqAdDrNtZPFSFmYGwtACIGeDQDSNW10tdbRXaDz8u0MEU3LJU5MTOQtz+/3bwGEEFuPM5LXCQ+6voy7rIyp1DGWlmxwbwEMw8hVz3ad18FK9BPV3sM80ttZ+pmiqKKA2o1fucT7Y3f4ujLDb3sNO7mJ/+g5ykXDdgd1+9aYXSxHVpRzoKYAe82mVC4AxTwND7PomqO7y6C+oonns8OMTA9QK9q3AVcCx3PzWZZFMplEygaklIyNDnE2cBrhFBw51MOz90MYLZ08HHmyDYhGoyQSCSorK2lsbKSkpCQHXFidx+VwE2i+BMDVU7d5/G6QjBxFF0J8CIfDzUIIOjo6HKFQSMVisbxft7q+zKwZImJOEuy5S//4BYq0QjSnrhy7uUaj13O93ru/r7P1BE21bXyeDxOaniT2bfWGY7fnbPR6+oHLQCmwDgy+GjCDfwBGL0x8usOKBQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAL2SURBVDjLfVHrS9NhGB0Evy/9HQlZmmbe0iabspbbwJm6IKnMLWND2dzcnKDb3CJyjpy3QR+MgoxMV06HNl3iHBO6qDkjvGVlgn5Qt1yOCD393l8X8EIvHHg4z3nO+7znZQFg7Yer/ATVp4xbcavjowO6hKin5vSKp+4MdZj2ANFXcZKiB0M+Kx9TnXK8e1KBQIsYQ/WpoSFLGvVfA7cqnhrQJoTGbAJMdylpqDDdrUHwWQ38jiIM1KeH3IZ06lADt+YUNahPDPubRAg+VSPQmg+POQMvbmXC11aEye5aDNsL0a1PCz9Wp1B7DAZ1iZSnJikcsOch2KNFoK0Aw3c4eD8zzaDfzMGQrRDjj3RwWfLQcTMp3H4tkTFh0QFRdEDhQEs+gk49vWohPLe5ePP6FdbX17G5uYmF+Vl0as/BaRTBe0+Bh1XnYS2IC1uEsRRryJAyHmi7+OedEno4G1OTb7GxscEM/8X83Cwc0jTcV+agt7EYrdJM1HBixll0snyPJX3H1y5Bn5G9++njwr+b92P58xJMgjg0XT0LPfvYDg3+7wAN6fzndWlj9ru23e3tbUas0Wig1Wqh0+lQXV3NcJFIBDZrA3Sc2BkyfOAbrVbr1traGlwuFywWCzo6OmA0GqHX67G8vIzGxkaGo3thuVxexWazj+4xMJvNWw6HA3a7Haurq1hcXMTo6ChMJhMIPzc3x3B+v5/RCIXCBlb5y5L4672XLhc9EA0LlLwdbbUWE8EgSktLiQAymQzNzc3MFqQWCAWQyAu3iEmluvI7ix7+quy/gdqRSogq+DDVmxgDsnpOTg68Xi8mJibg8/nQ09ODbB4XdV41s4XBZACLvnnkgp3zJcOYPJ5akByVlcl2iUFJSQm4XC54PB7EYjEDUnO4HIiKhSFiIC2T/tyTwXH6iESiDzabbbOrq2vd6XQyb1epVMxPkJpwpEc0RLvHICYm5khWVlZCbm7uklQqjSgUiiiNHxKJ5AqNbLr+RjjSIxqi/QVm6pQnUTAFywAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHdSURBVDjLjZNLS+NgFIad+R0KwuzcSQddunTWXraKA4KCuFKcWYqgVbE4TKJWNyqC2oHKoDBeEBF04UpFUVQqUoemSVOTJr2lrb5+5xsTUy+jgYdc3yfnnOQrAVBCsK2U4WFUvUE546OTcwk82WxWz+fzt4VCAS/B7kMQhB9uiVtQReFkMolUKuWQSCSgaRpkWeYSSZIgiqIjscMfSEAPZDIZWJbF94RpmtB1HYqicEE6nQa9xO/3/5OQoM57/qm2a3PGtyzDtxzF/FYMe6c6F1DAMAzEYrFnLfGZ1A9devqC8o2wpmL8jwJhRcbw7ygGAxJYS7xvuxVVVXklkUjkUdAshgP+DRVfureXbPPcuoKe2b/QDKtIQpXQPOLx+KOgf0nGCCu9smHiu7u8IGuDBHRsS6gdmgmJHEHfLwn9wSgqagc6Xvt8RC6X48MlCeEI2ibDIS8TVDYGBHfAO3ONowvTOacqSEBQNY6gpvOkp3cxgq8/Q8ZxyISWsDAwfY32sSscnhk8SFAFBIWLBPQZq1sOvjX5LozOqTBaxSu0jF5iYVV+FnZTJLB/pN0DDTv7WlHvtuQpLwrYxbv/DfIJt47gQfKZDShFN94TZs+afPW6BGUkecdytqGlX3YPTr7momspN0YAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALISURBVBgZfcFLbFRVHMDh37mPeXQ6M8VaGSvYilRgqmLSKErcSdSVaGIQoytkx0pDQjRx5Up3btSY+IjGFRhWJCQaNYZEQA1YMGWqlXYs6XPK3LnzuI9zzt8aazQG+T4lItzMK8/uHbuzMnhkqNz/mGDMStD+cnZh9YO3Pz8/xTolIvyfNw7tO7T9js2vj+24e3TzsICUWF3qUb9aW7g0t/Tmldnld5SI8F8vPzXhjG0f+WR8pHywujXj3rLN4A7WsEmOYP5FbMZn5soP5uTX3x/0uIFto8PvP/LAxAvjlSYqvkBad6Cvn05q+Tj+jLzOs3/Lk+79u5ZecriB4YHC8zsv/Y4+eQ1ty9jsKK35A9Rr47iOQNLDj0KGSvmqN33qwYu5UrWqlMPfstmCLwnYjEen+AS1qXOtUt+kL5Vd+RNzeyiYhOcGariKoqfE2bn10Y98pRQI64SL3x5m9fE99PuWsLnGYmO6P1hzVd9glR4lHGmDsoB4HloibJKNF9/FJC44JbxNBS78eBbfRty3e4J779nr+K5DLpzhWOMcI7dvIfTz/Lpy/ZRHqhyxCSbJIFawvToT1Tad5QZ6eZFoZgqfv0TA7gLQmuS7a3ed/+Ls9KseSnJW9+gsLBMvzWCTLm62zMjTH6JQzP/yEznTJe/n0CYldgq0vjrKiW9+PnD89OU5j9TBy9/G0MOvARZEEBuiW2ew0VXKuQ6NxSZtkyKqy6axo/zp+OnLc6zzSEXERNjuJGICxITYaBbEIjYi4/SoVBLEtBHTJT9QZpV/eMSIWI1NVxAdICZAbAyiQWLEdhHTweoQMSEoxb95JCIKg+g1RDcR3URMgOgAMQGiQ8S0ENNBbISN66yL2OBJYq/rbqMvbWeK2KIj4oMtgtyKmBhIECcGEpRjMFEkktiYDZ5E8Vu/vffMQwj7UBS5GQHUmQQrn7LhDzEafwIN5+bTAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFESURBVBgZBcG9S9RxAAfg565DI51uCBocpGhoqM1VaAjByXAImvoXDtr6D4JAaG2oyXtpKJGEltYcGntDErEhEI3kvDP7fb+fnqcVAAAAQAeg39XLqsVcyl62bTw8AkTE5tqb8WHOU1MzzUFej1+uR4SIzeWPOcu/TPI7JznNecZ5ngcrEa3YnJ/7fHehY6Kqqiq+eedgP7cH4zZ6dxZmnamKoiqGnpjTXcxj2tSVq/4qGkXRGOlrfDcvK7TJ0qypoiiKob5G9cWsukSHoCiqamQgiiqKoE12p2YUxVBf0aiK6ybs0qbu/HJZMTRQFEWjuOFU3aFNnn06vLCnr1EURbHq1PF+ntIKXiz/+fDTFV/90HHNTWdOTO69fU8rYH0tr7rzc2YUF8aOx3m0NYJWAPe76VmttzK1bzsbW0dAKwAAAID/tYu/URIDsoEAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKqSURBVDjLpVNNT1NBFD3z3uvHo339gFZoCxpqRAlBJayMG4wLl2hYqT/AhQsT1xoTV65cEFeiG5MuJLpAJTEmWo26oBbUhSIfEUhLsLUt0NL2fc44r0UDhh2T3NyZ5M6Zc8+ZSxhj2M8SsM8l3RybSrpblIFCxfBsqaZAOSEKBotvKGdn8aC0ed4OBmIZRm2zkPmxuCiFg/6uK8M9Ps1gxO0Sd6GT//ekmeuaKdY1K3rxjqYK+bIZ101KEsk1ZAo6qhrDSpEiU6LIblCsbVLkKwyFKoNhAdmijtEXa1ivaoIS7josVDWLuBwCYhEfXk3nsbFloN1H4OBknCKBU7IDCMgExbKO8Q85BFp9aAu4GpyEmmo2KMY7vOhs9+FlOo/1ioGQV2hcdNpAW5+Qm76FiY8/EWrzIR7zgmybJ1RVq6kmL4xHvQgHW/D4bQalig6/m8AjqSgtjEMJ9aNPft+okaUdNlbrTQaEq2MaJtwSxcFYAJOpPLIFFauzE1DCA/BFBhCuvYOzNtdg9ldZoaZZsNnouolcqYKudgUn4kEcORRE+vscaiuT/PUArPIzRPsvQVhOgBoaGv+PERvAZLa/+SK/HFbg9zg5RYLuAzKOS68R6T0PqDNIPUrAG6jDVUxBXXnDrTQ4AGVCtbS6rHEfj3XKLBoU0OqxuIAWlFoabrMEJVgD1ZbsYlhczO6h62j7lUAuX1LLv7NLpO/C3aSzNX7SpXg8kkskElfTwXW4Fnkonj47TNyOKVA9u92zA6JnELkFAYnk/Gbia/wz2WuYZu4PXQ31Dt/r6JH5qyner47pp7MYHOkFEf2AfA7pBzfyjNIzewKkRk9l+y8nYqKwDGau22rtmj9RPorcty+Yf377ibTXhJma7p4ZG6lzjXjrdEewfxl2ZqzjD9JZU0+1XOyXAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALWSURBVDjLhVNrTJJRGLZB/a9ftbl5R8WgEpEPUFTy0jS85UKbpuElUykFE8mmLW+joZXTLOclUMwLSKKkpmnaD93M+tPqR6vWdP2wVdo0yTmePtwyLbWzvTvn3Tnv8z7Pc86xA2C3UwQM8BDQzw2yrf17OLF+et+Vv89sSYKG+S6bc4GJgL+RY8qqjnTmd7LTee0+33cFCLR1NHPzf+d+Bo6F3+X7JaMkVBddwVvhNbGs8Xl81Y4Agj5iwb+XsKxT1hOLvA42uDofcDU+KJ6QYWLWiEJ1MkTp3pe3BSB1Bvl1+0LQSSxE6ENgeNWMwTdtqH5WDsZNDyQPRKFrqh7Hqg7jqMoLzHI62bWXWCR1bmgndVoDdFx0vLiFsiEJikzxKDClQFBPgKHyhKRNjOBo2tsNBqTOVVIneA/YWoGOmD9tiIbueRWumc9CbohCUqsQCV0x6JxuQN1YNZilnuAnuBm3SOC2+UwSGhaIZhb0L2tR3J8ImT4SSZogiNsjcXe8HPIOMe6NVoBRTAddSVvyLHCTbvGAaGRZEjpjoR6RIrdLhMQWIeK0J3FnrBTS1hikNoWRACrQFTR4yF2t7rkuoOU4/zGQU+e9nGmQ4PaoAkn3g3GqJQLq/kJkaSMhaQxDa2U4HokPYVhIxWAIZW4ohFLokuF4dQOAV8Ou9FYzcN2sQFyzCOo+JbI0IqQ0hEJbEY4ZOYEVcxWsrwex3CHDdDZj7fFxqnTLNbIqj4y75Dui6WktrhtzcJ4EKnuYi96YA/hBFqNGBCj2AxVO+HwjEEPBlPf/vH9mEX2cqaTjkiYTcm02mHn0ddrWmR5sHt9KDmJESLVu+4m85DSNu9R5zfWCE0id6D6x7+dSUypAFlkK7PCVjI+ZFJA+zNnt9htt4XzOYVJ2xh5TaW5rnxROmFfuxbu0PXgioq6RZl75L4AtHBLsVy+K7S1kxw822uQ8ayu27f0CZyF3rEtmMUcAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKKSURBVDjLjZJLaFNBFIa/ufcmJjHa1tYoiCIiPhCfoNKVoCIuFAWFLqS+QKXo1qUg4lLBhYIgNiiCBBRBxbe0Iqjgo7WgFsWmtmbRhlhNSczNnTnj4ta0xY0Dszhwzj/f+f9R1lq6u7u3jj65cF8XcuihLFvSvev5vzOsurq6VhhjXkhQmepiyF88zObLH/5r2vO89V4mk+ltbm4+Fvt4L51sBCwEQTCpUUSw1k6q4/F4KNLS0rLEGHNeUq24aIrPOv55yXEcRKRWK6VqgjWCaM+99LSUBQkbAE7dHEIELIQDAgKc3N00vkaNYGYrrtL8etpZExCBZXPjYwLhfd9fAsAYA4Db0NAwUldXN1h5eWOnU+yhku1n4a6jHG//QkxVGRj6hV/x+fS1QG64SMyt0tEzws3n3/lW0C8nEOzFVZqRJyHB73KFjesWs2NNkruvvnNiz9JJvlztzCPS1u5kMpneXC53LP/wCqW318BarLWU/YAfoxqAx2+GaoMVDUUf8j+rKCUTPdiHi2bkUceY8wrXQmCEs21rELFYwMWS8MD3fYql6ngKzus76ekpi5jQ8VjEoeIHnM704yjQRhAj44lYSEQmEezHQVO434FSCi0W32hcJwJYFCbMXyzWCloHVKt6AsGr2+lkSiBMh9FyQER5tG2bhpYq4IAFq4SYF+XM9QEKxdIEgu0HQoK7nbiuixGLSwThN+3vjtCUmIfCIV8e5NDaczjEKPtjHmitl6/+9KAvMSOOtZDNZvE8l/mzYVZylE0r11EfnQMO/KzMITVVk4iCpxTq758+sKhxw7xkdGOuFAxe/lzoWXXw1qUlC5pW1E+pJ+ZNR0uAEkFZg6gyvQN9DBcD/gCIAXUVRPlHKwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAF/SURBVDjLpZN/S8JgEMd9i1JURPSDIoIkS1FQI4iQgihStExrhGmydGObyZyyYRaybBRFQb/8vxcgBIF92275ApoHx7jjns/37p49LgCuQdzlXmEXd8RON1L4QPjM9NwbQtkXBE+eEWCe4D9+hC99j+XDO3j3b+FJ3CCcvu5a5wgQLXV6ceUT/3Xv3mWPAJayE5/fboAA4dw7nNjspmoDQqevlDAMA+12G61WC1/fP1BVFfV6HbIsUyyKIgRBAMdxVD8drf0BzIU5scl12QZY27ZM13VSbzQapFir1VCtViFJEsUsy6JQKCCfz1P9xFrFBlhX5cTGVyUb4D96oESz2SR1RVFIsVKpoFwuo1gsUpzNZsEwDDKZDNWPhQUb4D0wHHUwHCjZgKVEmxKaptHc/ZmtL8/zNLMVp1IpJJNJxGIxqh/yn9sAT1x31IHbx6L/FtiF3Sv6s+a2NMxE65jaUMwtX9CixiIiRkM8RoKc2XbRVGZhnrGcJcDAr3FQwC803UMOARws7QAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJCSURBVDjLjZPNTxNBGIerBy/eOAgmYoz/gCYoJ/XgxZsxnrygFw8eJJGDiQc0MZEElFBL2igkoBBEFLUWaYNQiB+gKd1WbVKUCgVp2O3H2N3tfvYDf+5s7KbGNjLJc5r5PTPvm3ltNpttn0GTQfN/OGCwE4CtErqadF0XisXiVqlUQjWMfTidTkc1CV3NNCzLMhRFsRBFETzPI5VKmRKO4+ByuUyJt6dub3D0qG+ut8FuCugBTdOQz+ehqBoERYMkSRAEAel02hSoqgp6ycO+mwPR2asRMTGCWcdBxRLQcELUEE6qWGRlsKKCXC6HTCZjlaKKCfxg7NDIBD6PH8fL63sclsAoA1GiY35TxfuEjDAnW6UQQsBuRLH6sRN53guOaYHnRn3/+LX6XZaAEud1TK9LeL2WQ4hTzOZRCeG+Ih7ogp59hdSXC3jSvp8ZutJQZzWxLFjJavAs83B/yyIp5c1XiSSGtUC3GSZLF/Hm3gmcOrT7rJHb8Y/AHxcwFsnAvUTwkyQRDU9hefq88ewXEFcuG007jPTaJ/z5F38LYkTFcDiJwUUWUwEGfu8YfO77mBk4g5jvJIKPjmGVmTAvqioIbebQ92EDdl8Q3UPP4Z9fAJsIg1l4Cs/d04jO9Zs9qSnISLoRDqFjeBK93ghuPQ7iXMdbtPVMIsWuo1AomNQUUNpuP0Br1wgudT5DS/soWu/M4B3z3WxmmVqCX7XmoApbNFM5C0eMX6jQje2EjbMSHcBKQSOVbGOcy9DRbywLfgOaoblOxI0zHQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKoSURBVDjLpZLbT5JhHMdZ1/VP1Cqrtco21kU3zevWVa3NXOuuedVmoU2jUR6CoRwcw1SYHIzJQQxBUXgLXg6Ga+mIwkBBBp08pYGvEOa393nbWC5Xa1389mzPnu/v+/t+nh8PAO9/6p8FBoMBWq0Wvb29UKlU13ihUAikAoEAfD4fKIrC5OQkxsfHMTo6CrvdDovFApPJBL1ez70tl8vI5XKQy+UxXjAYxPb2Nkql0h8rn89Do9G839jYwNzcHGQyWVoikdTzaJrmLrLZLKamppDJZEDu0uk0PB4PkskknE4n98ZqtSIWi3ETicXimgoDr9eLcDgMl8vF9/v9sNlsfCI2Go18EqOvr49PxEqlkj84OMjlb21trao0cLvdiEajHINUKsUxIM5EHI/HQTmUmKcFGHqixezsLHGHUCjcv+sXRkZGUCgUMDExAZY03+FwECf+sNWEhLs2vZq0YMZeZ+zv7ydi/PaNbK6W6elpJBIJEDFxNpvNiIdUWI4bUS7M4/XwFbwKO9DU1LSz5x7odDpCGj09Peju7kafqg1R62UUl50ofujC2oILkaGbENxp2PnrIr21Xdr3xnzRsPLOimL2AehHZ/Ft1YoZbQ1kwutfdzUYGBg4ypJ+rFarCWl0dnZCIxcgTTWjtKQHM38DdMcZbGUasZ4ag6frwveI4tyBSgMWVgs5FQrFLalUuigVtzWwTi+/sOC2Fm9jM3H1ZyXr2ChyZPxKhCTVwkoDdqdb2LXkFiUSiWBM14wM3YXSJzXnvpmsZSNUcyeTqgfz8Snohyc/+0Unju/K3d7eDpFIhJD8/DqzsoDSGoXiEstgyfJL2VDOx5B7YcSz5iOWPQGy460EO04zgbZTDOvEsE6M7/4x5vm9KoYVMdTdwwzVeIjxCg4GfgDxYPxXmKLFvgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKvSURBVBgZBcG7ixx1AADg77czu5vL7Su3d5fEmHBBElBBEkvBVyqNdgYrwdbKRsm/YG8lFgoiNpYWChJBI4IPTAKSByQm5p17aOZ2ZnZ2Z2bH7wunz7x+brw+PhVFEQAIAACCAAio6oXtze0f4vH6+NRnH38utIJqUQIgCBqNAPIyRdA0Lc2i0ah9ePaDU3EURWqVUH4l+/6CfedyW2ePWO73XLv2iyvZp+5vJfr9gUc7iShu280K755utONICyBJdiRPd+ymqfy7y9L0gTRNhdkFs+nENJ+YT1PTaaoqMiEsEMQBMByu0ZT2vr/CR3/qvrVq/eATlsobptUx/VFfJ2qJ2x1pXghhhqAFBEmSSNOJx+u13X2V6dfXqRea/LxylsonmXKWmxWZ+SwXQgNigOFwnaY0Gg4k7z1j3yc7qpcP6q7OHJnvaPcO29uNtDttk3yOXQIxARTFTJbmQmhMlmvRcaZf/O2nk6dNm4Xi/lWdOBZVie7SqiBGEAfA0tJIb5AZDgag/c6G8192LK++5IWn9mt3YpvJ3KPtxKNbP4paJwTEATBJMmk6Q+aPew/dLluqw297ZWPN43lLVdSaENl4ctXtf44KWS6gJQQBg9EB9oxczCu35m2j0ZqiXOh2O6p6YbFoFPOFsg6aqKtpd0AMTdP49c5NF+5d1ev1FUUhTTPdKChmpbIOqkUDmkAxLTSdMYgD8iqzVZe6nZ7lpaFiNtfb05MlFz3cPGg0HitF4lbw4N9SnN1x9/fLICYIoaVvYBpy3XrJ3tCz/8qm0cO/XL9BdfM5ragjn5VayR0vHvjP1qWf7ckm4qqq1XXt0MoJh8YEEIRjeJWjIYCVycJm1HL30o7ta785cvx5z979RnjzzBvfrq2vvha1YwQBEAAAEACd/IGTK7WimPkf4mk8xSgTQvcAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAImSURBVDjLpZNPSFVBFMZ/9859+C9J9PmPwpeUi8qyIB5JLQqEoqAQIUqCFiFB4aJWrsIgW0TLyHYRBFJgYBiUKUkmPYwio02kuZBMny8JzT95Z860uI93n62MBoaPc4b5zne+meNYa/mf5QE8GPp51VpajJXNIoIR0CIYIxixaCNZ22C0xYi87ThbE/cAxNrWpnhh9F8qtz8c251RYESiAD1f76NFo43GF41v/BCNzpy11Xfg+yYniyDwoXnH+XVVX1zR+NqEHhgjAHS9Tq6L4MS+YlazCXSaAODMwTIeDc9w6kB5JtedmKFpfxin5lfWKvCNINbiKeh+k0Qpl8eJJI4LbvpSz0gSrCXiwfZN+az6f7VgAU85NMZL6RmZ5WS8bI2C7Hhsah6tZa0CK+C50PtuFqUChCAH8Oz2TXIS95DpcZxoJXVFx4H6NIEWrLVEFBzdW0r/aIqGuvBbDN69RclkLzXNLeRU72T5Yx+FQwO8aIi0BiZKIEe5Dv2jKYAMug74LzvZdu4SueOD8Oo6+RuLqI7FeP/ZXg4ItA48cOHwriiDn1Icqg0VDPyYJLeiGo5dCWegvRIlzpbQA2uprdrA97lltpbnMTH9KzMLlFSw9OEpBU8u8nt5miVgYV5hFFPpV7DD17q+7Fk1UuBrg68NRgu+EbTR1Jc3UpB4Tqw4D09FWJjVTMy41iJ3nPWO8/DpqrbFuakLyjgxo+w3C51H+vSNP9H7LzNBaB8uAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAF6SURBVDjLxZM7S0NBEIW/fWCnQgyIT0QQDKJBFBRbsRCt/Ae3VRs7wVpIY6WxkqTXxgek8IGIIQRsYjR2SkhAMJoipDAkXNfi6k18YcDCA8vMLDtnds7uCGMMf4Hkj/h/Ag0QDocngVVgrM68O2DJsqx9/bax7vf7fK2tXgCEABBvftU6vuDxMd97cXEZBFwCr8fTTCbzQKViO71J6SYJIdxYa01HRwuA123BgUAphW0b93AtSZVAIaX6qMF7RaU0WvMh4bNVSiKE/EoghEQpiTH62+qJTIzLbIzic4FypYxXdmuwEKFQyPT0dDE0NOCKVxXMiU8SB6Seooz4Run09HGa2iV+fU5Tsd+5QTqdJZ3O/vhmZ7lt5mamsaWNv22K45sdxgcn2NmLgDHm1zW7Mmwi11umFvvJoBlbaDN1/cR8IVdK3ccIHFkABA4tbnNJgFJdBC/mZS2ejNGA5uBqkwahiSbOAIKi3nEeX2wPAPNAI1AENuMb98uviwGZtIAuD3IAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKVSURBVDjLZZJPaFRXFIe/92aSyYyTZGL9lygxcYwBi1hcqQtRIYoobtpNaVcVLIHArIKb4EJEwazEveAiQSq4EASzcCOiICqCDjHRWFQsmAYyZjIzzrv3nNPFs/EZDxzu3ZyP3/nuDcyMZE1OTuZVdVRE9onIWhHBOdflnNtdKpWWWVVBEjAxMfGTqt7s6enp7+joIAxDVJWZmRnm5+dr3vtdpbtnRgGXmbISQDoxnBeRG8VisT+KIqanp6nVaogIZsZAunH1yNTYXWADcOL/uRWAiAx3d3dvd84xOzv7xnt/WET+ERF+vXdxuKu+MA68AjZlpmz5O4D3fl8ul2Nubg7n3ImRkZG3AM2jwXHgEnD1ytD45Xw+f3vh/HkbGxs7uBqwPgxDqtUq3vu/E54+AL9f2Hv2VrC83Ozs7KRerz/6RuK7+3/Yw7lBPn7KIiKc/PExKXOYeMzH7Zxw7dkeVJWNbYsc3/yYwdNPgziBGb/8fIiAkCCVJeAYaADpNsBAHOKrnBuqgToAXl9/8NWBiQcMv/AX6cw6giAP2gLZAphC/ROy9Iqo8QH1dbL9I1jUTAC8BzWQiEr5CWG4hsLO/by/M47pBnoPDFF5WSZqLNLe14WZYC5KAhyYYeIoDO4gbF0HgSJN4flCll4iCsV+PtcymK+D6QogBDDnMBMQx+KLZ1TKjyD06Gel2WiCRVRmpqnMvovXVcWcSyRwLqZKRGGgj1TuBwgjtv32J9uch6WPdBZ7aF1qiROorQZEoIr6iEq5TCrXDm15SLeCeliq0Fj8F1er0t7bgaHx2kmAmZDZcors1hRBayZ+wrAFVCBq0N6oIq6JqcS+vE8AoiZvbo7GLrzHvPvSfuVEJP5YIvFdBYD/ALt6pUq4OEUGAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ3SURBVDjLnZNPaNJhGMd/ohkRQd0i6DCoY4fOdYjWOgQ777LLSGIRLQn/zJC5GnPQECK97FDbwUFbw2EQ/lke/MM2bYFNpzDTcIrYYjmdP3X++/Y+L/zGqA6xBx5+8PJ+v9/P8/D+BADCSTsQCPSeSLi2tqb0+XxGp9NZ/OeFRCJxLh6Pm6PR6EY4HHaypJvHUq+7WC0tLYlzc3N/i7e2ts4w8UYul8PBwQGKxSIikQjcbrdnZWXlFUvNbG9vIxQKwWKxzP+ZrIzFYqvZbBZU3W4XUiWTSSwuLoqMAFardW9qamrEaDSelYQyduHB5uZmLpPJoNVqodPpcAPq/f19iKKIQqEAm80Gs9k8qNPplKQlZBlrx87ODkcmAWHT5WazCaJJpVKoVqvc1Ov1YnJyUitRC2xR4xKyhE0E6XQajAz5fB71ep03GdL8JpPJdWSwvr4eIkQJl1La7TZqtRqfm5ZJ+ERHxiwQBoPBd2Tg9/t3Dw8Pj4SU0mg0eCIZk4C+WYcV/sEr+HRbAdfd0z88ffJRbhBcXt6lNHKXhFJiuVzmhl/fTiCquYH6Rwu6CTfEd0/x+dG1trdX8ViIzMwEaAeUflxIqdLMH+6db9SYGK/7Af0FwNyDny9vwXNHnhFSet2sOD2NZjDIBZVKhTeNRUZ2u52wu90vDhyvkukiPxeyKpXi25OR1drEC740Si6VSmBvAgsLC9Bqtc/ZvLnqm/sAEzV0An6xzg7Lwc7zfJOZoSFF7OHwrFOvD8xrNXtjY2MFtun3Go1mUK1Wy4IDl8bDqqutgr4Hu4ZTSKtk8PUr2u4++bP//gNDA5dHWeJ3wiYiEtP5byK4FJQG5P/0AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFFSURBVDjLfZNNasMwEEafHfcA7coUsigEssmZep2ue5VCobfIJgsbuklLS6DrLhJrvulClpF/0gExI8v6ZkZ6Kk6nk0siH2Y287vdrmDBKjOjruulNdwdgMPhwDWrJAGQ/HRzWZaY2XWB6WLamMdT8cUKAJ7ffobY3DEDNyHVvL5/eBCEYDw9PhSzCooifru/vcEdJJAck0dv0b9/hXkLTdPE0/Y7TOByJDAJM5AJ60XO3bjlarvdDuW8tN+eMsl82GQSMjA5XedjgXwSJCwIE1ifNQkl300ryCddJ7rQZ3Oh4ASlFuJthOC0besJsLHAxQihGmUcWupHMGez2QyAjQTOF9F8/qLQt2Px2mJFjguciHsCrMjBye14PPp6vR4gmgK2Wq3Y7/eU1wjLAVuiE5ifQW45YAmypX/+FRgA65/1NJbEH0d3cad+jVEKAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKFSURBVDjLfZM7aBRhEMd/3+7t7W7OmJjnxRjDKUYNnPEJHjZqo4WIEAQhFhY+asVGsLIUbGwVRMFGfKDpRWzEqCEKIko0GlQ0MV4e5u5279sZi+AjRh0Yhml+zPznP+Zy/+A5EdNXiiWILAtD57deCgKPS4f3bTwOkBI1B/ds62gOgsAY4/K/qAgktsrNu8OHgDlAKRLf9wNz5V6RChPMmJfkWscIvSmsCl+nQ54P11Gja0nRyMn9ORIx5gc0FVtwHBfHQOx8Itc0hp9+x1Q0g00sKd9nRUcbI28y1KebEJk/VQpAAMcxRDpO2isyWZ4iSirE1mJ1Ft/3mY1CGkMHRecJ8wtgDGqFKKlSsRHlakQslkQAU0UlIeUYVOer6gCozgECmpmZzaB4RJIQ2QRj0rRUXI6tGiXjlUHNPwCOYZHbzodPrVQmFlGjDdSaBkyxgbzOsKZrO93+/QWXcfR3gNfC0nADxaEi9ukIDL0lP/mF3MqdLG7bwDJ9gJ1+vVBEVXg5cZREhESErmicQkcn6oJTE1PbVE8yfYdl6/oYH76GYe8vgKpigN1zxgLAzU9Smv1C5v1dsvkDUBlk4Optth45xbvRBzT4OQ82z61g/uLXJKxHPJfMkhXULikh0QiokHx7RG77Cdqn+4OB84VaACfwzBRSpad1Kz3ZAuuyBfItm6kbfUj98vVI6RkqZTb1rkbijwTBKzq7dzg2io8DmIu3Bs+KmkKcaP7Hidui++ktnRJmu0KSbwOoxjy58YJNvWsxbh2Eu3h88fSYiuwwfxoDYOB84X2+72q767xFbfGPFR3ccDWfnw/xqv/M9dTfvs5GcTB4obesoqjIb6k/KyKoavY7re8z/KbjU2AAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHxSURBVDjLpZPLa1NREIe/PKhSNK2g9UEIKqEFRSgooi4sCJqCuHEpduEDwZU7/wGhu27cdKWoG7WQrsSgKAV3SnFTAqZCW22xlAbTpL0xyb0z4+Ke5mHrqgMHfouZ3/lm5pyImbGTiLLDiG+KsTfLTRQ1wwARwMBUUQPRUIvCoxupSIcBwJF9XRiGKRhgaqiBtZmowtxKdSuBmGHmChTMDDNH44xUDVVD/G1aEAkRMUPVFW5q7TTxRbcamGiYaKCqmOIK1FEp6fIzDu36SSwYBO53biFQUDFE1NG0tIqSLE1yOr3KicwdMse+8HW0f7iDQANFXI8tklAnN3KcS03TM3AZ70eORG8KS61lcw+O320aBAGIaLP/dpM+8vSeuopU8+zen6QmSxweGuwOvNJ4y0AEkbiburvdwlWWgz780gLRWJFI1KMrUYRalY3leqyNwBBxxW76Cb/AmdgE3QcEDXyiugbRvZjf4NurQi1fqNxrIzA3g/D2ZH2K/uAdA5eGsMZ7IrLOzNsa5lUxhYW5ys2Rl/PZNgKlsFh1g4OLBz9x8kqGRnGceLyHmY8+r5euU9xzHgNePD+bDffvHsy/Z3Fy+HN9ZdS8wjWbfnxh/cmt9Mh2efH//bJf88UPlfLU0epv78/s7OrD20+/T2yX9xfxXpKxy4ipWwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKrSURBVBgZBcFLiJZlGADQ87zfP/Or4wyjeWkgMSvH0lqYSUg3CSIoISoKokVtgsjaBG0jXES1CwJpFRgF0Y2ScKNBmoVWJpQhUlaWVuo4Nphz+7736ZzITPe8uP/JhSP9x0vYhAUIEMggq7bWXy5O5L6YmnzhwM5tcwCRme57+eCBt5/bdEMpMZo0EoBMSOcuzXv324v+PjV7+acfjy/9cue2WehBaWLdYK8ZPXZWUyIIstJl1bZper6zde2wW8d7DtVzi7JeP3nXs58t+eKN+2cLRMTizGwGm2Kg0AuaQhNEUASqsZFB2zaPufq6/sLeyNBbUCAJKChBiVAilAglQmnCXxemrV48b/3S8NSWKzQDzSPQA8ik1xBCRqhdUkKvYTCLnyfSXG3VOueOa/qiV1ookEmiF0WJUNCUMNCEXoThmSNWXXjVUHPZgsEBqRAFFEhURFAilAglQmQYjBlD5z+0fOVNRv/do98rKjKBArUlk4pEZiKVwsD5PZas3GhkbKPBs3v1Z0/qKl0FCtSaMpMkMwHE5T85vdvwslHd1Keu3PCY/h/v6Tedrk1QoKt0SVa6SlfpalVPvW/5+APMHHF41zsWj07LMwfNnjmknWtBD2qbaqaXvp8TUg2unT/q6eFJw0tW6KZ+Javu0jfWbH3e71+9qcw/AXrQtp2uY2xkwM0riqyt8R92Gd1wt3r5kKzTNj28Tp07Y8HQCaOrtrjz2Oc97lWgna21rTXnOr4+3Zk6/omrxtZaNHxethNE47uPTqCqMycsH1/ttv6BZv+OG9dHZrrlmX0n97xy+7L/5nMoM8vEx4/a8NDrmvKbbCeRACiahev8c+yoE7t3fBCZafP2vdvb+XwwIjamXPTamh39gZyNrClrlbXKWmVNWWuqNUu2bWR3+H8rUk+Grcb3xQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIvSURBVDjLjZLbi1JRFMb9N3ro8mYgPqSBCIEPoQSGYYVREkxxTLQsREkjlRG18doxZbyGF7y8HAONQUgnENEHQyFmJqEnoQf/gBDKl/na+1RDEz6cDYvF3uz1W9/+9hIBEP0f1Wr1XKlUWuRyOaTTaUSj0W8+n0+86a5o02GhUHjX7XYxGAzQ7/dRLBZhMpn2BAMSicR4e3sbyWQSFFSr1WAwGA4EA4jcMc0ulwudTodXoNPphAOCwSAPcLvdaLVayGQy0Gg0wgFer3fsdDoRDofRbDb5p6hUKuEAu90+LpfLqNfroCpisRgUCoVwgMViGdEvJErQfGrD4rkTP23WYzx70iPBbAQ0Go0LJNbUcbPZjHw+D/KdWHpe4PiQNJ9+wrrF4cvN2zAajb5TAFpM5K6n0ykCgQD0ej1kMhkkEgm4uwZ8jcfQzLjhTN/Do9c3YAxehZq5/PEEQLryxavVCsvlEovFAvP5HLPZDKPRCG/qIfi5B9g72sXnZQ9s34o7rBSKx2fifycPk8mENy2bzYJlWYRCIXg8HjgcDtx/pUbnMInOPAW64vsmsPtmCvjBA1KpFIbDIWgmcw+/38+7b7PZwDAMrr+8hO7RW/y73h/sUsBvIyKRCD/zdGzb7TY4jgPxBZVKhTfyiu08Yr2H2Olt8cU7H7ZOK7BardBqtVCr1XRgoFQqIZfLIZVKIRaLIb12FrfiF5HoMXxnmun+xAMhQS6HSXynsv/kMD3/Bc9MubHqnCOyAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAD9SURBVBgZBcFLLkNRAADQc1/fU6qkhFRMMNIQn8TUQCJWYBE2YBkWYQWMJIZmNuAXCSoGFUGIInJf33VOSAAAAIAcgLOFt3079flaEdTS50M6nT7YeggJwPFle6nhAoVhc370rnaXcwBSp62GTdxoGdPrkAPQD5OSbRFr6oLvjByA53CqY9YUvjy68YQcgELTuTd/khENbQk5ANGqFUSFnq6WW2QA5Op4VuhreJVEZACUAKiJkogMgIEKANFARAZAKQKolColMgA+f7vVkBkRSeYjvf6QAfB1cnnXNWTUhHHrXuLoESEBYO/aYjNUSqX3snk/2DjshwQAAAD4B9GUWR0G4scKAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAInSURBVDjLnZPPS1RRFMe/b3zk5DCVmlq+0ZBCoTEXWkEELmzhqiCocNWyTav+gfoX2gq2bhET/VgUIczKoVUGxthIKqX1tAmG+cGM7/56nXvezDCtDC9czpl7z+ec7zlznxOGIY6y5p/N3ZVKLcb+J/j+23uphczt6x3wLYKfe0Nne53DFBB8QQiZFkK8FFLNSynjBL86MzDY9X13t3qoAoJ7Cc6kBrwYwR8Ifn3OSzFM19POYu4xSzAmpG2gaRutQYFQStOW+H1Qhh9WcTKZRK1exy9/D+nEEI4hBjdtPAwPX2pXtC2FoWlu6yv2Pxe/YulLBk7o4MnVBzgdP4H19WW4LTAIqgxYFRGsyddtez7ej0cX71AFg+NaQWsJKRtRAgtYsKfnFEZGplGvl7C/X8Do6BU6l1hbe4PJyZuY6nKxsZFFqfSDz5UKELM92grGKIa3tz/SxQHBl7G1tYJa7Q/Gxq5xcKGwTEX6eC6RAkqgteI+7YFdlYqPzc0VNBolTEzMIZHog+/nkUwOYnz8Bsrlnxxri9pCMWMa0NyTTQS+tBXy+ffI5ZZ4Lp43hWz2KXZ2PnErVn7EBHCtDCtfa8FDmZlZYGlC1EhuP99VKnuYnX3IfrH4jeGobQ3X9hZlE1hdfdGeRyug85+wtjXwyCq4QRCwpO7uREewafqm/bv1LujJNW30CZCCBvX7jvtWys4hIGvfg+AkkVzFQGT/Xc5RP+fW+gsEgchGXj0/PQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAH8SURBVDjLjZPLaxNRFIfHLrpx10WbghXxH7DQx6p14cadiCs31Y2LLizYhdBFWyhYaFUaUxLUQFCxL61E+0gofWGLRUqGqoWp2JpGG8g4ybTJJJm86897Ls4QJIm98DED9/6+mXNmjiAIwhlGE6P1P5xjVAEQiqHVlMlkYvl8/rhQKKAUbB92u91WSkKrlcLJZBK6rptomoZoNApFUbhElmU4HA4u8YzU1PsmWryroxYrF9CBdDqNbDbLr0QikUAsFkM4HOaCVCoFesjzpwMuaeXuthYcw4rtvG4KKGxAAgrE43FEIhGzlJQWxE/RirQ6i8/T7XjXV2szBawM8yDdU91GKaqqInQgwf9xCNmoB7LYgZn+Oud0T121KfiXYokqf8X+5jAyR3NQvtzEq96z4os7lhqzieW6TxJN3UVg8yEPqzu38P7xRVy+cPoay52qKDhUf0HaWsC3xRvstd3Qvt9mTWtEOPAJf/+L8oKAfwfLnil43z7Bkusqdr2X4Btvg1+c5fsVBZJ/H9aXbix/2EAouAVx4zVmHl2BtOrkPako2DsIwulexKhnG/cmfbg+uIbukXkooR/I5XKcioLu+8/QNTyGzqE36OidQNeDJayLe7yZBuUEv8t9iRIcU6Z4FprZ36fTxknC7GyCBrBY0ECSE4yzAY1+gyH4Ay9cw2Ifwv9mAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKcSURBVDjLrZNLTBNRFIbHBQujG1mauDEuTIysNOpCiDZKZINRSYwoLIhGE18LYxHjgigRVCINRlEjYqZqKChP8dVObQMptAhtp522MPZBQR6lLdLACG3n984NmBgjLvQkf+7m/t/955w5DADmX8T8V4DP58siYr1eLysIAut2u1tdLlcrz/Osw+Fg7XY7OzAwkPUbYGhoKJsYQ36/H9PT04hGo1SxWIyekUiEanJyEgQKm80Wslqt2RRAzCpiluPxOCJjI+jv1MFYX4O2SjVelZ+naq8qhfGpBp+7msmdMKamptDb2ytbLBaVEntQMSeTSXrx7sHtf1TjhW3wPj+K4bYK2J/sh7XtRoghcWYNBgNkWUaKQD7UVUF7qRj3j6ugObST6kHRPujv5GGcU2PG2QkkxhB3NsOiOSwzWq12dGJiApIkIZVK0XNxcZFKSUY/TWxCTCjHQrgd459uY55/jVSwG3zDGZmpra3VYakSiQRI96EAfzZO7EDMdQ3p+W7MfzmLqPUcPGwJnA2nYH7z4hmTk5OTuwxQmkPGBlEUEQwG4Xc0IsZfQVqyYE4shjRSiFmhDIGGfHS/I802GtcymZmZu5ZfV8yBQADhcBi8uR7jNvWSuQhS6Bi+ua5CfJiHsMsMjuOidIwZGRk7yCgH0+k0jawAhB4WwvvLJLYZUqAE30dOYIYkGa47gK+iEx6PB6TxFymA1GoF0tLSIhAQPr68BXdXGRxvazDaV4C5QCGi9lIMP85HJCTQHhGz8Zc/kdQqojUmk6lZV6UCZoPwPjoCrmw9esirPdW58PVzSmyZmHUrLtP1k1uSC5Z7WOjToK9iD5pObwLXrlXMKb1ev+Gv21iwe510s3hz0lB5IKmv3mvqUG/duNI2/gDNuAiQNZy2IwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAADNSURBVCjPhZBNCsIwFIQnWvAGunHhSrBbQT2Op3EvCJ7JCxTcuhB0YytaW9N0fElbbIs/GZI8eF+GzFPE79X504dXXEq1GyytFYYYoPvh6RkH5raYJqE2GZtKuFljhI61mWlz55URY95FES88CXIsEQEs/xCl7rwx5FmAWKqtIEqAncEe2gWiyOCJRZVh7hVZ/erv0rYKkSNDv4qpELzjSTt3e1yfg1+fgAMMWAeCxghyB02+ORRf5W8HC/mfHdi61XJ162WoS7utXc30BXX/jFnkwiD5AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAH9SURBVDjLpZM9aFRREIW/ue9FF2IULDQuaYIGtTBRWGFJAgqSUsEmjZVgo4mFWBiwVVjBHwjGwsbCShExIAghoEUMARGNGFJYhIC7isXGRbORvJ0Zi/dWY5fFCwOnuHz3nDsz4u78z5HTlx6NDB4v3KjWvd0dMMPNUFPcHHPDVTF3XBU1Y/uWZHVxsXzl6e3hibgwUBhvy7WH3bmWHm5fres4MBHXEw/16s+Wra8lHgBiV+f6mX0tA86VlkkBbgCsNxQH3Bw1MBwzR83Qhqflxro63Z0dqGkKIOuCBEHc8SC4OGJCCIJIQESRyIksEDfS+9bIAE1SAFwEBCIHEzBzIocgEbGAiqMhdWxqWQTL5kAE3P8BiYCrYwIuQBAii1JAM0JTpAxJxQaQxUJsxvTbSV7NP6e2ukLSSFjT/cBJ4kaS/HEggLsjIvgG0Is3T3hfnuLYwFG6dvbwcuEZcx+nKY7mbwbPskSAZC4k00GEIMLk64ccPtCHBqVvzxAqCcVD/QAjwcz+Rsg+M4gQbahv37/QJts4dfAiAJdP3Gfvrl6AXFxeWn58/k4ybKqYGqqKmaFJgplh7lRrKyxUZpmvzDA29IDS1Fly0VaAX7KZbSyO5q91de+42t87SE/nET59fcfshxk+L9VuyWbXuTiaLwEXgA7gB3Bv7m5l7Dd8kw6XoJxL0wAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJwSURBVDjLbZPLb01RFIe/c3pbvdU2RYsmfUS1KrdaqkGQCANDzyZMjEhEYiBiYGCkf4LExEQiDDxiQARh4DWoegxERG4IQkQ8cnsb2rPP3mstg6OlcleyspKdtb71++2dHZkZ24+c7TOzywYljA2GYQaYkRWbSRWPd+V398+d6ALIkTUcNFjeX+iIvn4rYzY9BBlMMYXx8i+mnKGWW8KfyACwqb/QHm0ZaKejtR/LCKhptlWz7S1NddTV5ti44xCzAJjN6+/r5ObTN5RKk5gqADqtwgxTY3xiksSl/Bt/LBDlanL0rOike9F8RMBMUTVEDFElqDGVeC5duVcJYIgoH75OUBNXkyQJ3qUEzc4DVeSqa2ieOwc1qwAAVJQgHuccu9Z2Z/IzdVj5Gd/eXuSF7OW/+b8KvCjiA0Fizt97hfOBIEYsCduar7C0Zwul4iPM8rMA8TQgBCX1nlTB4jlE1XmozlOof0nnkg00tg7Smo7R3jheCQA+CCEJOC8kQUi8kJcv9DJKQ3MTMnGNtoF9bG17TVVcSYEo3vkM4AXvhYI9pK1vNyTPGTt3gfqmKZbVf2R1m6tswacZIA3KAimyclFEw7xJ1L0DU+TnE7o2H2NXocTYqfUNMwA1Iw1CcAHnldSnrJbbNHWsQidfYDrF0HAvmn6mtrbI4MZhgkuPzroDEUNSwXmh24/S2zNIXcN3LPyAqIpnV4uAokmRlmWdiPOHH4ysKMw8I3HMmnUDWBQx9OkuLYXTEL8nbmwBjLX7d864rsovpWvr8YXF6yMnpwF3bt0YPZD9PGNoeZnHZ/ZgapjqrBppkNgkRRUzW/wbVUOsic+TyncAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ3SURBVDjLpZNtSNNRFIcNKunF1rZWBMJqKaSiX9RP1dClsjldA42slW0q5oxZiuHrlqllLayoaJa2jbm1Lc3QUZpKFmmaTMsaRp+kMgjBheSmTL2//kqMBJlFHx44XM7vOfdyuH4A/P6HFQ9zo7cpa/mM6RvCrVDzaVDy6C5JJKv6rwSnIhlFd0R0Up/GwF2KWyl01CTSkM/dQoQRzAurCjRCGnRUUE2FaoSL0HExiYVzsQwcj6RNrSqo4W5Gh6Yc4+1qDDTkIy+GhYK4nTgdz0H2PrrHUJzs71NQn86enPn+CVN9GnzruoYR63mMPbkC59gQzDl7pt7rc9f7FNyUhPY6Bx9gwt4E9zszhWWpdg6ZcS8j3O7zCTuEpnXB+3MNZkUUZu0NmHE8XsL91oSWwiiEc3MeseLrN6woYCWa/Zl8ozyQ3w3Hl2lYy0SwlCUvsVi/Gv2JwITnYPDun2Hy6jYuEzAF1jUBCVYpO6kXo+NuGMeBAgcgfwNkvgBOPgUqXgKvP7rBFvRhE1crp8Vq1noFYSlacVyqGk0D86gbART9BDk9BFnPCNJbCY5aCFL1Cyhtp0RWAp74MsKSrkq9guHyvfMTtmLc1togpZoyqYmyNoITzVTYRJCiXYBIQ3CwFqi83o3JDhX6C0M8XsGIMoQ4OyuRlq1DdZcLkmbgGDX1iIEKNxAcbgTEOqC4ZRaJ6Ub86K7CYFEo8Qo+GBQlQyXBczLZpbloaQ9k1NUz/kD2myBBKxRZpa5hVcQslalatoUxizxAVVrN3CW21bFj9F858Q9dnIRmDyeuybM71uxmH9BNBB1q6zybV7H9s1Ue4PM3/gu/AEbfqfWy2twsAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALVSURBVDjLpVO7T1NRGP/dR18iF+iTQktEkHdDCjHgIGAX40AMMhrkD3AxcWBxMnExTigDPhYJcdFFHHxEo5HBVKlaCk1bFJJiaQuhpbS0ve29x3Ov0jiweZLf+ZKT7/t9v+9xGEII/ufwyjU7O3urUCh4SqWSQZIkplgsavL5vFaxsiwzOp1ONBqNL6ampq4p/hMTE/3UrM/Nze0yMzMzNRzHpd1uNxQ1NEBF8OsbXBk9BfHnI0y/64Bg60Q4HJlMpVJ3abBAoUgf4FpaWgI9PT1Gm82GaDSKeDyOnZ0dNDR14P3SNkL7fejtPwuGYbC1tTXGsqxOr9eD53kmk8kM8TRrqyAICAQCsFqtcLlcoKWAlgKLxYJgMIjFxUWYTCZ4PB4kEgmk02nVJxQKtfOKYzKZhNlsRqmqCXfe5pErM5CpPh2jwbDjJIz7+1R+GIpKJTASicBut6ulssqVy+XgdDqxsCyiSFjoNRRaFhKrwYfNKnQ4JYwNboNIWYiiCNrgikqVgHZbRVZiaW0cBQsN+wccR2Dl/ejuuwgLG1T96MRUqypQWA5ZlUOIDGU1GBag8RgUPsF2YhiC3Y065geq2JTqWyE4VEA7Ci0RUZZp/TKh8giMbBJu7UdUm2shZZ6jsXcSrcIGyqWiWkKFQGH0+/1w18TBlQ9QpG8SxWnNazi7LwEFH7yP53G8Ng8Ll0CbtVQh4JXse3t76nhMqRQGmpvV5lQjBredoLrugGZfp7VR0uxnNI9cx4Xd23jyPasScA6HI722tjYci8U4umXKPjCrK8sYaoqifWAUnOwDKe+ioctMOQ6gPaaDQd+FoPcVWf1Veskc9Zl890eumjsv3qtvM9CsXtpUEUvPgugf7wTD1QCG8/jy8EaSyPK5Iwm802c2XZfnGzl2g2ZP/V37w0NHa2hHYuUbwgs3n/JHfdFyUdT7HoznCZ0GzfIPSMVCsYTU/wbkK6iCy8xjQgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIjSURBVDjLpZNNaBNBFMffJNumS61t1cRYUYwGvHgRj+pNUYmkh54UPFnEgrESaA0oloKC1UuEKmoRD6HgoSIRK1ooUhUMoYpaBWvS9IvmUCMFYbs7Xzu+bU2s9kOwC392Zva937z57xuilILVPK5/BbSkmtzR16di/w0QXNzhlB9f7jtZ6QjNA41xf8WmZoTAyHTuG6fsLbX4c2axh4+b+iZXBJx9cfLyxgr/hR01QZC2BIMZUPjxHfKFPAyPfk0ipGPgYuqNtlTy+cR4iG1g5czFgEkGM+YMaO5y0DwabNu8HUCR+vS7Qdgd3RVZ5EFrYlyX0o7fPpJozeazne9HP4BlUchMZIDimwoK671eqPPX1VOTNiyqAJNbUEFn3H3sUeRo54E1Q8Of9mDJ/Xj+hv17921xKqmurQFG+aE/ANH7uYC0VQwBpTXTsBoxOfaqLX0FS4anvc/OcSZAoKSQh8ExsahIVybZ0TOmTt/6opx5zyBLogILY/5WyYNIVza0rtIdLiP4739XELYVfH6QZpe6U0xftpHO3M2gcTLuwZlhyRIAk2Gnj+i+KtIupPp476UVWhLgGOerKgtyboPFbCh6gH7MQao9BLbWkuBanTy52W8mb/TNBooADc87Zxx2FJiYjDstAAAwoXANwO0i4K0kzo7hsYI4eK3XuIp51zUsN44DPTc9+2tHlD3fnQ5saAqh9vy4KATrGNuOYSfIaq/zT68cX09iiVY0AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAADMSURBVDjLY/z//z8DJYCJgUKAYUBE+440IHYh1gAWLGIzgXgPFINBVFTU/1+/fjH8/v2bAUSD8N69exlBcozIYQCyHUgZAzGIdl1R6bGHVBeEAjW5Qr1QDnOFj4/Pf5jNMHzmzBlUFwA1hQIpkMZ7QKxErCtYoJqVoDaGATXcg/JBBnQAsYmdnR2GC27duoUZBuQAeBhERkZi2IKOYbEAop8/f05lF3h7e/8nZDsy/vz5M5VdYGtr+//nz59Y/QvDf/78QcbUcQHFuREAOJ3Rs6CmnfsAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFUSURBVDjLrZM/SAJxGIZdWwuDlnCplkAEm1zkaIiGFFpyMIwGK5KGoK2lphDKkMDg3LLUSIJsSKhIi+684CokOtTiMizCGuzEU5K3vOEgKvtBDe/2Pc8H3x8NAM1fQlx4H9M3pcOWp6TXWmM8A7j0629v1nraiAVC0IrrwATKIgs5xyG5QiE+Z4iQdoeU2oAsnqCSO1NSTu+D9VhqRLD8nIB8F0Q2MgmJDyipCzjvYJkIfpN2UBLG8MpP4dxvQ3ZzGuyyBQ2H+AnOOCBd9aL6soh81A5hyYSGWyCFvxUcerqI4S+CvYVOFPMHxLAq8I3qdHVY5LbBhJzEsCrwutpRFBlUHy6wO2tEYtWAzLELPN2P03kjfj3luqDycV2F8AgefWbEnVqEHa2IznSD6BdsVDNStB0lfh0FPoQjdx8RrAqGzC0YprSgxzsUMOY2bf37N/6Ud1Vc9yYcH50CAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALqSURBVDjLjVPbS9NRHN9T/0BWFBQUVIQKXigCpVIyygcDJUrnZdNEc5hlmZc0TdSF0bxszs3LvM3pXE6Xa3NL0TJTl7pcTY1Ec5rX/WxqCrHhp7NBPaRGD5+Xw/lczud8vzQAtJ0wWhLp+4kbUThSFGrQFwTrB59dE+ryA/3+vreNOMaPOmLkMeUT4mTMaoph1klh7pPApOLAUH4LPTn+X7qzLwXsKDDGj0wy8hibM+oCrI9pYTWGA0ZnWEd8sWZQYvXDC5g0XAzyo6BJP5f/R2C89OYeErlquiUPP9vogNgF1iYfbH10B0zxRMQFC4oszMsz8F3XBOqdBKqUs7a2B6fdHAIkMnu6le1w3WrwBLrjHSKWrhhYh72w2kVHjTIIae3eKFJexkp/I0YlKWhJdKsgZIanoTjMtlHPxSY9BD/YgbA2eGPteRjmWzOJazrmZKl4rL4AQT8TD4nIfPMjzKgKIUtwNtJIyxXftISclICN3GxYfHyw3FEEy1ALLIPNsOhkWGzLw5umCHCUflBLr2O29i4WXgnQwDpB0YY5NyapASmoxlxQrGAsFrAIWQ6D6Da0GecxXBaLFfLmuHI+TgrkCBCIYKqIwVKHEHWxxzZp758GbTrc9AqYu4WYb8kkRcnsLcPejzL5DKi3dfAQSEFX9RKRZkzxQklKIaqjD4PW9+QqVy+IxmdpOkwvOaB6xVjpa8QQOSMtY4DHAPW6GuLSVFwprUJxSQYWlRyMS9JQGXlw3PELZDB8OzN9c0hkdXua1/pYfTKonloHkeoWYVachCkuHZNFwZhrTMeCmov2rIsoY+wL2TaJJLKr4r6HzUyIpso4R9yp4mB8LWFgScPHtJyNjhx/CCOcCnccZTua77jKRkiJy51lmKlJxJK2lJBLoOMxiet+myDcKWXXXbBDGn/KTcI6brO7TUgzMcBl4Pk9d3tkhSB8r+s/l+k36mKOJpKW10VRh/TlzAOFJLLnTvd2Ffhf/AKfTM1hskDhXAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALFSURBVDjLjZPfS1phGMeFXdef0bVXMeiiQS0hNeeCuuhKUFzKEnU/lDEKxZazaEop20Ub1QpaRhdrjFVgGY4RyEYuj80y7SfMNH9l/vzufV9mrO1mBx7Oc77n+X7e533OeXkAeH+Gz+dr8ng8Y8vLy/6lpaWfi4uLybm5udD09LTr7ZTr1t/1V8nm5mYdMTuJuRiLxZBIJJBOp5HL5ZBKpRAMbsM1bim9dJqnxhxD9dcAv80fd3d3Ua1Wkc/nQSHRaBTxeBzlchnV8gVKFyF4VmZgsz72Dj17Wn8FoCtTc7FYBL1KpRLoczgcxvn5OYMWLo5xmd1G5fIHPn14A1P//SkGIOabpO1KNptlhkwmwyBHR0fgOA5UL5dLyKU4FLJB1kWRhE57r/JAr27iEbPz4OAANEKhEDPRPVPQyckJywuXKQIIEGOM5GekwwK8Xi+USqWTx+fz8b9BZ0PByWQSe3t7kMlkXxkgEAhgZ2cHGxsbmJycZMX0fnh4yPSaRgcbiUSwv7+P09NT9PT0xBmAFtVMFEKDajW9dvd9j+BLIMyCix5D2tl19g9gYmICs7OzsNlsLNfr9VhfX0djYyMsQ1amWZ/bMP56BoKOTu7aFtbW1tDc3Ay73c5apJ+SahaLBb29veDIkKlGO6Q1QpH42z9D1Gg08G9tQSwWQygUQqFQwOFwwGg0slxEdGO/mUF0Ol2G/UikwElXGrSa2WoU4Oc+o63tNlZXV+H3+9k23G43BAIBLPZXDGAymfIMMDw8XGceNK08eqJHn6aPAR4a9GhtbSWQNkilUhY0b2lpgUQiiVMA+Q+SV4dpYGCgTqGUv5PelVZHX4xi3j2PhYUFuFwuaLVaGAwGllONnM7EyMhIkmwzeO1oNjQ03Oju7pKJRKK0XC6vqNSqqkqlIp/rzqFE2vFerVbnSOTJu2x7e3uEDJz/C4Myz4QSsAdYAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAImSURBVDjLpZNNSFRxFMV/M40TjdqUqZmCn0GURSSUVFIUVhtx2SICqUXRVqptRBERtGpRC2vVwo0QEUWaUElSRDEW5EekiU1+RKKDOuPMu/e2eM+Xpq28q7P433PP4X9OwMxYzQRZ5YQWwO0no74UNcMAEcDAVFEDUReLwrVTpYElBADFG8MYhikYYGqogS0iUYXB8bnlCsQMM29Bwcww89R4RKqGqiGZFSyIuBIxQ9VbXMDqkhTIG6oTbdTn76LnwSsLpOJNPoGJug8NVBVTvKuu9GJrpza7l3Vlp4lW7GFqaBt97S23fAJHQcVQ76p73cVb6KSu/Du50YNMfuslHEiTu76InE2lUZ9AHUXUfJ/meS7gHYcrBthQeYL50VbCkQDDsT4yqfTvVHLmwF8FDoio71/VyNe3HKv6QLSqkVT8HsGwQ1ZOGTI7TGZ2rn5vc8eAHyRHBBFDVFExsic7OFLynujWRlLxuwSzMqQT5fx8GeNh4jw1zR2xJb/gOIaIm4Hs6U5qi3oprG4gPdbCmrCRmi5jrOsjzyJXiU9FlkfZEUPUCP54zP7CfsSKGf18ByXF7GQJI6+/8DRyhUQwH7EVcuA4Sv/IHEeTbeyou09/60UGurpZW7qbxMQ4z0OXmJjKwXSGxfUL/NvG6+d2Zi6fvRAiKMRePGJ46OtMtCCv7viNnp6VyrSM4OShvGRN5ebQvu0VWNZ8d3Li15mGm58G/9fGP3sKXaMRKZvBAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHlSURBVDjLpVPLShxBFD3T3WOUUUGYByhkI+50o6Bmo3ErAVG3Qvb5giyThets8gmC+DYQzEaGBMUnBhQRJAEXQuZJ8Mlodz28t6rbGY2b4IXqU1XcOvfc01UxrTWeEx5/ptbOssQzILVylVKQChCMkucagrA6JKTQtK+uJyc6Gg2B0npwvLfJ+Z/KH2Z+J+4VEJs5nFh4B3BLUhCrBILAzv1bmvvAbWD2rt9nCSRqCCIfCFtTdFjYoUVIwgQ0BJEc5UxmIGoJuGkTMeBPiQ4qq4R8MEpkhJSSyZhMPyQA/4XP33L6qhLoKGbW8wZnNwoG5zftennLYum8ot9+2uWpVRBQBTISc5tFsBmu62BxqwjPBb7sFNFQ52DlZwnxOOFeAe3pevihB07UArvguTGMv0rDo92x/jQoHyO9aZM43J2y2GNbEEJVCVgBt80Hv+5RJdLFFR0nZpAjwqXtQmh3LQGxcT9xkvymJ/WwIiEridajfVZB4oVXJeBbx+FSxdX98oOK2YMyAoV/lER/zrP9COsB0Q11JfH9sIzXnUn8IBwkfBzHp+dUrOYtGA+ohc6Xjcj9raA904CT/BXaWupM8lOhwssXXiR98XH6V7NPRHzDeEjyJTCPRzxJcHZ5kzdX77nP+Q6ZHT+VaotBJwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAC3SURBVCjPvdCxDYMwEAVQSxQ0CImKKldE19FRITeu3LihiGQGYYKbIBtkgtuACdiACW4NcgEnpKJE11j6T98+m9Wcj7kERIqsM6ymHwJ7dvQJmhvSryFK5N1rLFtc4gT8Bx4JOO42gC+Y6wM8pJ/D6Ec3dnOrAJ9ga64O0EtIDS3fBS0sGi/FklMCQXwCjQIoa1vZYsqnrEnAi0sAGWQ/5Zx9r/CkT+NW18QBWMu39TIydN1Xn88bUK7xEQPM95QAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAI8SURBVDjLpVNNiFJRFP70ac80w6FEJ2FqsDKmSRpmU6taBRGE4aaCYPatat1qtu3aRosJI4Ro0Q+EIP0QCTM4WhSBBqmkJJr2cvx53vfu69w3vXIapUUPPs69553zne+ee67NMAz8z+cY3aTTaZkIzxMucc6PkD1EoCV/T/YT2TuEdCwW060cm6WAkudofd/v90eDwSA8Hg/cbjfEf0VR0Ol0UKlU0Gg0XpPvYjwer5qJIkAglUo9L5fLopwx6WOMGblczkgmkytWnt2SQpujgUDgn2cOhUKgIme39YCcJmO9XofL5YIsy3A6naav1+uh1WqhWq0iHA6bsRMJHA4H2u02BoOBudc0DUzJw8PygHTG9I0lsM4kSZKpQBAJMHUDanMNe2ZOQS3lKXkeuv77Ev70wFJgVmTMhAjUGi8xte8Edk8vwNl9C32jtEXBNgIziUhMdGsYfn0B714f9B+PMH3sCvrlJ+A6m0xgVdc0BvXLM/gjF4DBOlbv3sMuXx+DWhZevSSPJRCwquvKR8i2IbxTPXD1MzWJk/w1zJ6+jiBb96zeOundQiCki6uiSYS8QwKvPIVv5jh47x3l9rEYj4APa9TgAg5Ez0maOrz2t4KlTCbTLRaLcH7PUuOicHubMLRvNPASsg8LIgp8UID/8H7oKrv6anl+zjb6GhOJxCwR3TiorCwtXL5tl+wlImiLSx6ZRTuknRHUP+RReLz8wDbuOb+5udg0dO6mY9sN0Vyu801Ls/LLYrPp2Z9W3anPTwD1kQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAACtSURBVDjL7dIxCwFxHMbxX8mmDAa67tV4D7wDZTolMlzpn+QoouNlyMZ0Vyc5g1v/JQPdYlJGmb5egbpLNsOzfuqprwDyzeQPfABc08A1FdOSZlLQODlFL2OkARThGGIfLhsIujxtUcmBWVETe3AcQNCGaMG9KTo5MMprTkvYdsCzYD/kWk8D9LMK34ZoDqED6waHaooLL1uMR0vUzRJ9roneVUStymL8S/wR8AaM7e7IrixORwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFGSURBVDjLY/j//z8DJZhhcBtwa5ou062Zhp0PV7udvjVNO5lkA25M1Cx4czL//+/PJ/8/3xX+9myrqgfRBtycppf26mDs398fFv//cKXh/5vjdf/vLg74ui1PMZIoA+4utF7/893K/z+e1f3/8WLW/w8X6/5/e9Tw/+YM+w9EGXBrpknbl7ud/789yPr//VHx/2/34/9/uxX6/2y9xWe8BtycqmvycJXbqac7Au59uhn3/9ttv//f70b//3oDqLlB7/uiCAXcXrg1wyDm7jyrc98ezfz/9U7w/2833f6fmWD+5Xyz6YtLLWYvlscpBOMNxIerPc7/eLbw/6dLFv+/XXP/f3aK9deZ0cpJO4KleA/EyfISjMbH6zxO/nzZ9v/rTd//ZyZZfZ6bqBJLUkI62WvSenW+68vTvVYPlqarhg2DvEAMBgD1ZuZTUbWrEgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAC5SURBVDjLY/j//z8DJZhh1ADsBjjsspIC4gb77ZZX7TdbXLVda9Zgs8xEihQDGmZfm/7/0KOD/3ff3/V/6plJ/y3mGjYQbYD9NsurBx4e+D/10tT/nWc6/i+5sui/+RS9q0QbYLfB/OrWO1v+d5/p+t96qvn/3Auz/pt0aRNvgPVyk4appyf+X3xl4f/ZF2b+n3Co579+mSrxXrCcZyhlMV2/wbRP56pRq+ZV3SLlBq1EOanRlEgjAwAXIuIDq5qm/AAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAADCSURBVCjPvdCxDYMwEAXQkyhoEBGKIipcRHTuXFk0riwhGgoke4JMwARMkA2Y4G+QCdggE9waxAKHkhJd+Z++z0crnQ9dAtzk4DD4lTpvYaAnJeVcQ7RHg+MBuzdQrCq51JP4PLioIhi4j0DjydLXISibG2dNBD13ix3NqEe1SN5pgeyb5hF0bGODRL2B4p0hlccOlk0EYTXe4tdKSU7/HQzrCATuXDShHAlooXYDZtJQkOGbwpcIb89bDJqvO/X5/ABgCuuOdgJr8AAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKLSURBVBgZBcFJaFxlAADg7/3zZkjbYBfTZIg1SNVCFjW2hgbUQwWXHkQDHkUPgkcdiuBFiEVvXoJ4kHiqiHhQLAUXqCjGiNGaSG1Ra9pqp5JI4tY0y5u3+n1R5xm7GgMmxVoAAgIAAgAgx5KptO143Bgw6fYjLX2HqNUJMVFEiIgCISJEqBEhQlWwdKbV+PiUWKyl7xCdGs0xalj5ib8WCIFaQKCGKFBVdPfQe5DeU60Y1OqELu6eAEyQbbB4mosfUawjoqoQ8e+fdN1ISVAiitlc5tyHXJ5lY5X6DoYe5+jr9I8DIrKMJCNPSYkFhIjNZc6/Q4iIAz2jjD7JzgEOP8/CNBdP08lJO2QFCUFAQHOMJ97mgVe47THWLvP5i7RngIPP0jdKp0OSk+WkxEqoEaG+g72D7B1kaILZV5l/k7J0bO5l68maN6oBjWSLrCAhCIjwz1k+eY75aTZWqW/nvpfovomZKUnWsa9n0FPlBWknIytJiQWEQBXYWqH9Bcvfaa39qqpyaZlJ80z/ngMGm4ddTzY8ujXnZGfEtpRYCRG1ivEXqHfT/lL+33kPDj+tqEpFWShVlq5ddce+e62nW460T/isIAahYu8I/WNAlUvOTSuq0pW/F2VlLi8zWZFZ61w3evP91rNNY3fOioGIrRWyTerbWb0kyRN5keu7YUBeFoqqtHytbU9308LVr/382/fe/4FYiipHwafHqO+kfdZWmTjxzWvSMpXkqf09w8b3P+TMlVk/Ls54d/cjDiQnxf4wZenblt4xulBk3HKXD7IRsoK0ICvc8/tborDNL5fmvLf7qFvbbRqmos7DdjWaJjW1lMiRIEWKBDnDQ6yr+Wq+MFCgYSpZcvx/t+Akg61CC8wAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFCSURBVCjPfZHNSoJBFIa9qLmMiNbdwGwKClq0ieYGCvGjnw8Kyk1RixZtCiJmEUkQUtn4s3Bh/pZO+pkfSYpvr6OEGMXhwHDOM+9550wEkf/j55ATWZXRaWtsSj+pBzEF5GTW1BGiz+ighqS5lxMA20EXQBdtBPjkKcRdkJBjgOJm2G4iDss4RN0h2lwLB2RU3bUbWKP4FuawgVdW8jhXDkjrkLIWb1DIYJm5SLCDd5xqBzzbPloEalhnHmAGPirU+MKRdUCKQJMlD7MUL2IFZcZQIz4CHnWblgyWkMUCCg4o8T0F7I9GJFUJA1Tpfh67VFhlvqCHW/gjkwlxY1p0XUaMN4u44N0BEd/4YryoK3kZNFj84OQqV9Uj4geenFj1mTwxSRoNOTsPDc9E5dRnHYs9taO3bcxG9aaKiV+/+Vd8AypJdaR1UheDAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAI9SURBVDjLpVNLSJRhFD2f/+QThVHKJ41Ti0pblCAKrtJQ7LGT0E21CUEisFUtioIeIEGLICkwahUtooW4aAQTcahNBWE1gWOY4yQIio8c5/vuo8X8jYuCBO/mfmdxD+ee+x2jqthJ5WCHFYg97U8wc7UIg5nA7EDkQGSz3TkLIhs5dWu84y8CZq7e09IJVYayQIUgwlAmKDsIE5QJH4aftP9TAZGDCCG9koQyQchB2GU6WQhZ5JVU4lHxAAZvvlEmBhMzOeqbvHfycYDIorzu9H935fExXO9pAIsisbjuPXj5/i6ADMG1kRnEkmtgKyDLYMugNGfxwaoikCNYUtSHgjgaDuL+83elABBwLo3e3ZPYyJn1JTuwL/0PLiwL4UKiESUFBrMLyzhQE4SzDlkCcRZsU/6gyw4K2YyR5OCsgyPBl8Q6Upa3CKzdBJNFbnF5xnHynRfyL8BQcji29hru9lWEk3HY0gq0ppsAnIM5c/yIqgpEBKoC9buoZrAqmosFnfWVqGvrQl64HqlPEUxNjGLl29dLOS9GP5qppPse3N+MqsOtiC2aVKihEyW1TZheyh0bjsZNI8/NHGrrQn58HOZZDwpnXmFfbRnUaH/Av9LZaDQ6ACAFYCgSiVz0330A4IkJ51eEgROXtz7QjUp4YmrNdsIUaQ/MtXSfryn6MYJ0agEbANZWPcTimN9WmApLy4c+v52gn5sFWPV2YXnJYHresAIPzXbjHO3ee+XXUrLXYxNiT+cVGOyI0J3frMiI4RHtXVwAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGvSURBVDjLpZO7alZREEbXiSdqJJDKYJNCkPBXYq12prHwBezSCpaidnY+graCYO0DpLRTQcR3EFLl8p+9525xgkRIJJApB2bN+gZmqCouU+NZzVef9isyUYeIRD0RTz482xouBBBNHi5u4JlkgUfx+evhxQ2aJRrJ/oFjUWysXeG45cUBy+aoJ90Sj0LGFY6anw2o1y/mK2ZS5pQ50+2XiBbdCvPk+mpw2OM/Bo92IJMhgiGCox+JeNEksIC11eLwvAhlzuAO37+BG9y9x3FTuiWTzhH61QFvdg5AdAZIB3Mw50AKsaRJYlGsX0tymTzf2y1TR9WwbogYY3ZhxR26gBmocrxMuhZNE435FtmSx1tP8QgiHEvj45d3jNlONouAKrjjzWaDv4CkmmNu/Pz9CzVh++Yd2rIz5tTnwdZmAzNymXT9F5AtMFeaTogJYkJfdsaaGpyO4E62pJ0yUCtKQFxo0hAT1JU2CWNOJ5vvP4AIcKeao17c2ljFE8SKEkVdWWxu42GYK9KE4c3O20pzSpyyoCx4v/6ECkCTCqccKorNxR5uSXgQnmQkw2Xf+Q+0iqQ9Ap64TwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAK/SURBVDjLbZNNaFRXFMd/72U+dDLNRItGUSeJiagTJ6IQhdhaWoopFCJiF10UBAXpSlHcddHi0oUbkXYRFURE/NiIIjSkpCpdtGoTJG20iUMsMZJokhmqee/de8/p4jmDggcuFw73/s7/nPu/nqrSe/hch6peUZhD6VYUVUCVeNPaEmcwYbn06/nv1gIkiA8cVNhQLOS96ZkyqtVLEMMEFZgvv2IhVEQTrbyJGAA7i4U13qeda8ivLKIxAVGJq0pcfVljhsyiBDt2f8s7AFSXFDuauXVvjLm516gIAFJVoYqKMl95TRBGvB1vWsBLpBKs29RMe9NSnANVQURxTnEiWFEWAsPlq4PvAyjOCRPTFVJ+kiAIMGGElThvqSORTFFID3Oy+xfqdnUyfLZHvWByX3UGiBOsM4RhyJ5t7bH8WB2qyp27fWxLP2dx8RtyrVuYL61n9Oe+EzUFxgnOWKzzuTD4F6GxWKc4K7Sk/2DPpjINuR3Mjv9Nyov4oGEF2Q/zuRrAWiEyhkhA/TReMgm+sjr1gL0bZ2lc20M4dYlUxmNiaBQTRC+Dhf+6q0PEWIcNLKFxWCcYJ6zkPl93lMi19RJM/oSfsiSzzQSzI4j1P+862v/YrylwggkNoXEExrGkfJuv2sbJtfcSTP6InzRElRaeDtzj+4EGth7tHwLw327BRDGgsXKXL/LPWN7xJdHzPupSSlhpZur2fX4Y+Yyx+XTtGf2qYSLrsKGl/lk/vflphFVMPTyFEPBqdhWlwYdcW3SYF1H2vUaKDRM5CjpA4aMzPLp0jMd3fiOd30x5ZoqbyYNkMktRxhCRp+8oUFXwfbq2d/JofIZo5Aatmz+mvn49//75D0NNh8g2tWGtoAphENbs6Kkqn+w/3afKAUVZ8eQ4W1uX0bWhhYmonqulTuZMtvYzUa7/fvHI7irgf/y+taODWkwAAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAK8SURBVDjLbZFPbFRVFIe/897rdDpgKqKTDi6GtmOLg67cuGwixsSNoQujhLDSjYkLumhQg+BCTFgpCxeCJDZKQggxmrjQxoRgjG2thRaskkxptECYEmWG6fzpu+/c42LKaNWb3Jvf4n7fyTlHzIwDb55JPTm0YymKJH1p8WZh4ti+Kv9znnvx7d5dTwyUarVGa3FhdnDq69OxmBnAJsmPC78Vzhw/sEnyzOih3qHdg6V6o9FavDwzOPvtZzFARwCw/41PU8WBR5YwS09PLxa++HisCjDywsHewuOPlRr1ZuuXKzODly6cje8zmwQAe189kRoeypXUJz0/Tc0V4rjBUHG4VF9rNn/9ebYwf/Fc/M//YmaMj4+/A7x1X2ZmZLPZEEBV8d5TLpfVzDAzVJV6vf7uxMTEkWgDOFx46T3599DMQA28N3xTw5v3HE0FA+6e3ncYOBIAZDIZyW4RAvkvnKhxq+pYqToSL4QCAeCcE2hnzIx0BH1bhSj4G27FykolphZ7QhHCoA0EIqgqHYFzDqdtcFtaEGnDd9YSzLMBCwFCIEJgdAQRQBzHxB7YqJwSo9pSQBAxAmD46kn65z8iVS5R680x3Ubbr6riFLyBek/NeTKpAKdGEEBh/hRP/3GeXftfobt/N82Fb9hxcZLJPV2vBwBJkrCuRpwYa7Ghvt1nVwhmQt/MCYZH9pJeuoB88jKZ658zsHM7Jnaw00J93XAems5IFNQMNcHEeODu76T7+uH5sc6WoqM5Qi87I4Du7m4qk8dZXl7m2LVrjOXzOOcoFotcnZtjpGcrjctfseXL11hv3qYB1O6FaMitqLMF58jlcryfzfKoKqpKpVIhn89zo7bGlR++I7+9hyjsonYn4Xo5wPAfipkxOjpqq6ureO8718w25WcfavCUrPAwCX8S8n39QT6Yui1/AWOZi6sZoXAuAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALcSURBVDjLjZJpSNNxHMb/VhTUi3pjVFoyj+wyPDG1sDUTE7ES1zCPuXRbZjZrSk63qVPzKNuc+ncmHmPOeU3nkYkEmnjhlVdaBPoiddGbMDEoj6clZEYlvnhe/fh8+P4eHgIAsVWE/kdY4wVWC7NqE0yXUZZLeebFvs7mu3+9bwnzvE1pMyrK6lzFYWxOYaSFbFuCYqaxfK7OEfOtbHzty8a81g1zmqOYKLD4vC0B6b8/Wz/SioVuEssjSiz2kJh93YL2FLuZbQn8vG9wJssfrH0ZrcXqVB2WJnTQd8ghCbmo/aeAQ7Vi5bMuLciDqSBDacsRDJtB+cPI73otHx8akqFvFKFLcRdn2adbnGLP7PtDwHSzpOWzPFZlgVRsTomUh9zCVGTmiZD4JBYNb8qR1i6Bjdi6zJZ/fO+GQMqw73oWcQ11SWGYrBBCzadDHkyDguuB0hEhotSuYJfaIX0gGjVvixGti4JLhBO5IchjWNS8b9f8VZgmngrpcBzClY5IbroJhuIE4nq5YJGhmCZ9/18YT30B91TnwFU6gFVsC2E9HdUDOYipuYrL0kMIkDIwX+TzW7DDIUeQJ4jaKCxS5QzdMAntUN46WDkgg+xlDJS9Wbit9oRT+p61riIf9jps5FYZ7scfWuz4CDyq1kJUokGY4b8/4adtPGS2RiKthYOkJhYkz7lQdKYgqOw8rBKJFYLiraDTec1LjVOrSJ0E2P1ASAcQWHQSVf0yqA0LVPZkoaQ7wyC5g4JOCThqL1BExCcTAWFLjKU6rgzW5oJfrwezFWDq1hCoWcP1AnNcyTEFTXoQbo8PIKTUFeSrJNxSecJMROgPC4hT6zuYyXGfr027jwBxHzhtAOuF4QIdENwIBDUDjIxpiPnpsE/dBaaSBrMEYtYAW28s8Z2K69Ii8Yt3ppfrHKMHQBWPGTIOqnAU7vFDsPCqmsmNCU+yFBt9O5awE8YCgrJ5vT8AXgaV02he+4MAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAK2SURBVBgZBcHLjxN1AADg79eZttvddttll+WxIGrAV4QYTbxoYsSLgjc5arx68qCGf8G7J+NBEg8e9GqURDEmEiOJAWNUwIi8sryWDbSdmc60Mx2/Lxw78caZ1fXVo1EUAYAAACAIgICymrt/7/6P8er66tHPPzklNIJyPgNAENRqAWSzBEFdN9TzWq3y0ckPj8ZRFKmUwuxL6fcXrJzJbJ18xFKv6/LlX1xMP3Nra6jXW3Z3eyiKm0Zp7t1jtWYcaQAMh9uGT7eMkkR2+m9JcluSJEJxQTEZm2Rj00liMkmUeSqEOYI4APr9ndQzi+/v4OPz2m+tWd+zV2d2xaQ8pDfoaUUNcbMlyXIhFAgaQDAcDiXJ2MP1ymilNPn6X6q5OvvZrEhk49SsyBR5alpkQqhBDNDvr1PPDPrLhu89Y+XTbeUre7TXCo9MtzW7+y22I81W0zibYkSgQQB5XkiTzHA0NF6qPHiC/Iv/1FWuMf1WPklMi1SeJubTVABBHACdzkB3OdVfXgbNtx/V+eCsuDpg7+pf8s7ERvcP7daW6eSaqPGOgDgAxsNUkhRI/bZ5x41Zw66DlSdPXbZ5PLUr+kYx+slg8Yj2uW1hNRPQEIKA5cFuFgZ+z0rXpk2DwU53XjtgX7xisrXXoDuycX1B54dLbrQqdbMFYqjr2rmbV13YvKTb7cnzXJKkkqLw61MNh7+6Ijl/3eZK0+3nHzdqBvtbbRAHZGVqq5ppt7qWOn15MdVd6Or/ed2+W5lWkwfPHnbzsZZ2e8HStKCuQUwQQkPPsknItKuOxdC16+I9rc2Jqy8dURxMvHz2oX/27xa1m5irZqWAuCwrVVXZ2PGcjVUCCMIhvMpaCCC8OPdCNBMttESNSDWvlFUlvHni+Hc719dej5oxggAIAAAIAIGyrGzd3Tr9P5JrNp8Zt4rCAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ+SURBVBgZBcExbFRlAADg7//fu7teC3elQEoMgeDkYDQ6oMQQTYyGxMHZuDA6Ypw0cWI20cHJUdl0cJLIiomR6OACGhUCpqGWtlzbu/b97/3v9/tCKQVc/e7RRXz+7OrSpUXbW7S9tu8ddv0M+3iCjF1s42v8WAP0XffKi2eOXfro9dMAYJ766SL1092jfDa17DfZgycHfvh7/hau1QB9161PhgE8epoNQlAHqprRIDo3iqoYDSpeOjv2zHRl7atfNj6LALltJys1Xc9+CmYtTxtmR8yO2D7kv4MMPr7x0KULK54/NThdA+S2XTs+jOYN86MsxqBGVRErKkEV6BHynp//2fXbw9lGDZBTWp+OK7PDzqIpYiyqSMxBFakUVYVS2dxrfHHrrz1crQG6lM6vTwZmR0UHhSoHsSBTKeoS9YU8yLrUXfj+w9d2IkBOzfkz05F5KkKkCkFERACEQil0TSOnJkMNV67fHNdVHI4GUcpZVFAUZAEExEibs4P5osMeROiadHoUiIEeCgFREAoRBOMB2weNrkmbNz+9UiBCTs1yrVdHqhgIkRL0EOj7QGG5jrZ2D+XUbADEy9dunOpSun7xuXMe7xUPNrOd/WyeyKUIoRgOGS8xWWZ7b6FLaROgzim9iXd+vXvf7mHtoCnaXDRtkLpel3t9KdamUx+8fcbj7YWc0hZAndv25XffeGH8yfuvAoBcaHOROhS+vLlhecD+wUJu222AOrft/cdPZr65ddfqsbHVyZLVlZHpysjx5aHRMBrV0XuX141qtnb25bb9F6Duu+7b23funb195955nMRJnMAJTJeGg8HS0sBkZWx1suz3Px79iZ8A/gd7ijssEaZF9QAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAK7SURBVDjLbZFNaJxlEICfeb+vu5tYCApd3CgsdLdpu9pWEKEUEaEUb4o5iBQpePCkHqwQqlKLB6sUDyLoQbBC0IoI4g8iKv5SSlpj2qYmWtgapCaSiGY3m9399nt33vGwydaoAwNzmOcZZkbMjENPn8rsGhm+EseSOz87Xx4/frDO/8Q9Dzw7tOPWrdVGo5XMTk+WJj47mYqZAWyQfD/9a/nUiUMbJPtHjwyN3FKqNlutZPbCudLkl2+nAH0BwENPvZWpbN1yBbPc2bOz5Q/fOFwHuPu+J4bKO7dVW8128tOlc6Xz37ybrjMbBAD3P/JKZvtIoaqhO/DDxFQ5TVuMVLZXm6vt9s8zk+WL372X/rNfzIyxsbHngGfWZWZGPp+PAFSVEAKLi4tqZpgZqkqz2Xx+fHz8WLwGHC0/+IL8+2hmoAYhGKGt0fyKp61gwPLJg0eBYw5gcHBQ8tcJTv4Ld9VYqHuu1j3dIEQCDvDeC/RqzIxcDDduFmJ3DU5S5WotpZEGIhEi1wOcCKpKX+C9x2sPvD4niPTgP1a7WGANFhyCE8EZfUEMkKYpaQDWJmfEqCcKCCKGA6z2CdHKpyTJMu0kxRWa1wSqilcIBhoCDR8YzDi8Gs5BZ+l9tgx8xe133cHNN2zj65kPmBj4jb2PDb/kALrdLh010q6xmhoaentuisBMWFl4h9t27EGdsqdwABXP3l37AB516ys0O0a9Y9QTY7UDLW+oCSbwV+N3Nslm7t35OABP7n+dUn43QC4GyGaz1L44wdzcHMcvX+ZwsYj3nkqlwo9TUywX/2Rm4QwXF05z5MCbvPj5w+SiLEAS97/gPYVCgZfzeW5SRVWp1WoUi0VcWGFi+gz7dt/Jx5deIyMxpy98C/CqmBmjo6O2tLRECKGfZrahjooN4uEEiQxTwc9nmfroF/kb8GeNaWNAJ70AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIfSURBVDjLjZNNSJRRFIafcRJSnGEszTQddQZUJCGTCiGjXLkaiIKgTUhECK6K1oGroE20adEmQnfVIqEYhKRgyiwlFBkcqVzYHzNiVo7f982957QQpxk08cDhcA+c57735R5Uld3kt+5u3a5fwi5jtL9/275PVfOHZDKp1lqMMWxWYwzpdJpEIkFdXR3RaJRYLObbnNlTSMvlckQiEQAKwapKb28vqko8Hi9SUAQwxgAwPr/xMqtgBUQFa6Gv3eC67v8Bnuehqhw9uLKtkRDaHWBiqRJRwciGgko7Tb0dI9hxBcdxdgYAHKvN/LvZOujSY0LhHrJf4jsrcF0XVeXl4j6sKkagMTdKZ/g4wdpO0uM3KfOFiwBF/2DV/kRVOdmQ5lRDmjM1szS4zwhUhbC/nnKg/SLR4Cdmh/tKtwBuTAw0zYXeo6qICCPDwyy8uU9161lwppl8OEJFaJ0afwbjeLEtABFpLin1k1ydRVWpDfymrfkQgcos4n4GFeyfdzSfvs6a692ZvNsdyAOuJa4Gsb4X+0urGFt6jtgcLRUfCYWPINkZVNbpOteKeF/ZuzdFuONC/XfP3MoDrLEDrufpQnqeteUsM2/v0dTWQ3kgg5pl8PmZepICBHFSVLc0UuZ4l18NHW73qSqDg4NaaOb5yAwnLj3AX7KImhVAi3z3l7XyY+4DqdGhR0XLtBmvb3dl1Eq5iqIiBan5igiqOvUX9fhxNiezxvQAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAITSURBVDjLpVNLaBNRFD2TjIq/TdGM0OJGXPhBFENq0aUrtQYJCJaC4GdZxI1IF1XBdiEuXSooBNKKisXfTkGtFqsIdmOxdaEUaSIlTtp05v2u902aTgIuKr3wuOfdee/c88685xARVhJu/k25jznOazJtxhhoAyibtcUExTkeGloR181Yf/f2TERgiHpymY2b/qfr1aHJPUsKmC3aPPz9HndW3EVBcpZaxplr9W+XO/ohpV7TQFDzoGvn2WV1nw+YVOnYA3tWG4W3xWURHE+3QDQSqEUCG6cOpXB/ZAYnD3pLtYejM8gdiOe//aBZgWQCNhJukhe/LyKZTODRaBFOAkgsLhr+wOp4zSoX2NG6DkLGBAl7BOuCm3SQ60jB5V13P3fjRCaFLA8bNmfbPRzZ79V+rTLNCojnduPTTyXc/tgFJVSEH09fgBQSD/ISYRAiXBAIqiECxulLgmzNlcxmb2NnejOO3TqMLS0eS5S48bwTSipcPzPAXTWqsoo5OYdK6KMifMbzGMwPwekbnKKLR9swNuXDYUkDL7LcVeFK9hnujJ9r7lytYVsTgYzUoTc/QbOVkF5+KZGNV+Mlau/dR/VgY6kxvv4o0+mb7yyMlNc8YLB76wb8ml3ANm8tCj2vMTntR4btal2NiZ9/mu6CMWQaLhKNXCt82yu0WW//rx2afZHR41H/vEzlSvCkjp2VPue/lFt5YsuGFGsAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJsSURBVBgZfcFLbExhGIDh9z9zztw6marQUm1DNZEQEdUpsRC2lLgsJDZNGmFjY2nBErGzENewIEUQRBBBJFW3IC6xqqYSd4tWtOPMnMv/fdqYUIvxPEZVqWbn6sUzm+tyV3OpTMFaQUET2eSN7YdvdFHhUMWudR1OY23NxVwyXbAiWFUiK8YfLa3ZvXFpDxUOVbTUanZKpmZ5Jl9L67w5NDY1IKKICHWZzAkqXKpI6seoftZsae/a7Ez3ikwoaZox63H/7LGACocq9n3fE06dlh3L4hOaFMbLMiH48FTntjWGVLgD1wt+Oj8/Y4zDX8r5rZ/ibYcWvjxV09/R3NJKyXh4JuTDx2HtHVrU28lvZuBap7ateYQxBpRxih9Ydhx4QuvceRQKAU9vncWYNF4yT1NHN6eP3olvv3q/JX7cc8EMXC5I29o+E349jA0T4OTZ2xtRmrqaKZ2zGCyCtfzhKkxDeXHuXvDm7etNLpFBJcSGSVSUn0MP6M6/gvg4PKSq45uupA4+33PJxaiRuMTo0CDRyCckKlO3YD0/2nfxL2VCzoPRk8v4kpxJ86IVSZfIwc3UM2PVfkBAFRuHJL7f5KtfxqqlZBP4McQ2orlhCQaIn70ojXj9sUukqC0TfjsJKL8JKbFkyTEmSYwYPBWsRLgEWCDR0d40Z2XfiEsAKjEYQBUQkAhHIxrcH9QbHzVF1CmiDJPOtPMOOLOSEca5hIrBgiqoBQ1RCUDKqJZQ66O2iMajqPUBYTJXQyH2h5HYA3VAE6h6IClUakAjVEMwITgxtlxmMlfLweehIxsaUBwMhv9RwNwF0WEqfgE9XTQvEQ+I/gAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAK9SURBVBgZBcHLi1VlAADw3/edc+fRmOP4YEzERxQYZGaQaQ8qRDCK+gPcGC1rYbjRWtqiTaAULWrRItwVVAaFBUIvhqjAyixIE41JB8fxzsy9c+855ztfv1/IOYPDH1/bg5N3rxnb169b/bpVt62Vpu1iCTeRsIB5fIizJUDbNI/s2rhq39EnNwCAXtVO9qt2cmGQNlc1S8Pkys1lX1zqHcCREqBtmunVIwFcu510QlAGipLRTrRlNCpi1CnYvXncpsmJte//OPtWBEh1vXqipGlZqoJuze0h3QHdAfMrzC0ncPz0Vfu2T7h/fWdDCZDqeu2dI1FvSG+QxBiUKApiQSEoAi1CWjRzecEvV7uzJUCqqunJ8UJ3pdEfZjFmRSSmoIgUsqJALtxYHDr11d+LOFwCNFW1dXp1R3eQNZApUhAzEoWszFGbSZ2kqZrtn7762K0IkKrh1o2To3pVFiJFCCIiAiBkcqYZDqVqmKCEgye+HC+LODLaiaqURBlZRhJAQIzUKVnu9RssQgnNsNowMTEmBlrIhEAU5EwIXLx0xl+XP7fUXzAV+0V3+cbrHHyjhFQN7ygnRpSRIgapDeSsRQj8+udH5vtfe/rxh21ee69zFz4JM79fP7H3lU1r4hNHTq9vqurEnh1bXF/MrtxIbi0lvYqUsxCyny6c9uCOXVJMdt11QAq1vTsfhZfLVFX78ezPF/+xsFJaHmZ1yoZ1UDWtJrWWuv/phFWeue8lcHT/e8789i4+GytTXT/0wlMPjL92aC8ASJk6ZVXD88e7Lsz+4Pzsd44d+MCbZ180VozCoNi48+A9U5MTz80v1a7O9cwtDiz2a3WTFTEa6QQpDX3zxxnbpre52f9Xtzfn+/PfWrw9PBV2Hzq5HkewFeuwDlOYwuTYSKczNtYRRs5ZSTPaPEDok9+eeWf22P/PLlOL9Py8xgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ8SURBVDjLpZB/SFNRFMftj5IiW9saIQjGQrBiUagEFWLDydrUhAWzNNuWTZ1oKIUzf4RlzZY6sWyrLZXhfFszQ1eac2SQkYWW0yH0l1AWITSw1IXK+/beK0RBptCFD+fcyz2fc+4NARDyP6x5qInbVVEn5sw2SHdCL2ahQsiey4jhVW9IkBPDKbmfyibN6Rw8oLgrY0MnYaEofgcpPcitWldglLLQQhXqqSKdlIaNm8k8XDnBQWYMa2ZdgS5+O14YyzHVq8eQpQiFCTwUJ4YjX8SH+hh7wapNCQ0qMGdF/gh8/4SZN0Z87a+H13ENk89vwz85AiJ378xYq2ZLUEFjxv5B//t2TA87MT9KUNiZ3D9C4KFKMBz0Cbults1RxzVWoiAWv4ctCPieMsx/tKHzciwE8blPeCLz1jUFPAkRyhW35UWIPfB9noWjLBX2shQGOn898QsRSS/BET66xBWatq0ScE86NoUlORSRyYOYmJpH2xRQ7APy3gEXXgHnewCtsxPFRgXU9acgvyEMiEsOVS4LDsia0xJP6+EcWoLJCxS8JZE7QCK7j0RWFwmlmUCVU4lnviaMfnPD0K+B3CDAkfzwWkbwoTx6adqlxb1mFxS9VFeqo7KbxLkOEmdsVKyRoGu8AV0TjaBXreciDJ4cWhBgBN6KfaTffR3p6hZU988howM4aycht5KQWUgklx1Gj8+Clat7rIkW/P2IcWtB6Uhp1KJSeWsxTjEAJTW6agVHC/m441ZB51Ywxbo+xeoJaCbteWGVV6u5e9JcpsiE1i980eM5flLHAj/RuSCQZy7KaqNR585mOtOR3i//wUagLtdQ/KTH/hdr6PM/RhGjA91Gi1AAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKNSURBVDjLpZLLa1NBFMa/m/uITfpIKzFJYxGaxkQDFnFRsrLgxm5i3dWl+Ae46Kr+DWbZTcBNhboQ1KW1uYhQhVKECFE0SEvSBrXR2Nyb+37EmYHG0hZceOEww5n5fvOdcw/X6/XwP59wWlKW5SABF0jc8X0/S9Y0CbL1q2T9StZHJOT5+XmPO+6AiC+T3JNoNHolHo8jHA4jFAqB3ut0OlBVFY1GA61Wa4PkFk4A1tfXX2cymdmJiQlwHHeqbdd1Ua1WUavVVgLHDwkwF4vF/ll7MpkEKWPuRA+cnhjY3NyEpmnI5/MIBoMQRZGVoOs62u02ms0mUqkUBfxt4upGe8B2vFXXGBnje/uQJAnlchm5XI6JqW1FUWBZFgRBYLk+YOXNL8FxnA9BkUsLkTg+7vzAZESB53msiVRAATQOe0bF9Jz1wDDtccNy0yEJ4Dkf/Fga7+pBJFJXsba2huXlZZAHGICuVHjogAG6up20bJuCsNvSIPI+pMg4Ss+3mOXp6WkUi0XY5M4hiAL6DlTDiOpErJHo6iZ2vik4IwKJCym8/aJje3sbiUSCCY4C6J4BOqpx0XYs6KYDRbegaiZqe20cqBYGzl/Dy/c+Crdu91+lAGqfOuJb5wqSqltyNCLxChFKPAeBJzMe4OD5Hho7Lczlp3BpMsJ+4+joKLLZLJvGer2uCweq0R0OBUSPUDXDwm6TjOtvDUbXhNm1MJUI497CDCSRZ2XQUaZTWKlUvhMnBeGgq8uBnnjz008Ve3ttx9HMB7EhvzOTQeHsMHd9ZNAeksuvmG06RKZpUuFjUsrDpaWlfW72/osB13CeuYZ1wzXswa2nd+2jk1kqlYaIYIqET5r2eXFx0Tp6/ge8rrdXLiWBdQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJBSURBVDjLhdKxa5NBGMfx713yvkmbJnaoFiSF4mJTh06Kg4OgiyCCRXCof4YIdXdxFhQVHPo3OFSoUx0FySQttaVKYq2NbdO8ed/L3fM4JG3tYPvAcfBw9+HHPWdUlf/V0tLSqKo+EpEHInJFRIohhDUR+RBCeDM7O7ua55QSkRfVanVufHyckZERrLV0Op2Zra2tmXq9fg+YsmcAdyYnJykUCke9OI6ZmJgghHAZ4KwE3ntPs9mkVCohIjQaDWq1GiEEAM5KoHEcY62lVCrRarUoFotUKpUjIL/y/uqXYmV62ph/LSVrr30P4bEFcM4B0Ov1jk547/uAUTs1ceNdZIwB7V/GGHz6+9LXxY96eDiEgHMOY8xJAK8p4grZz5cElwNbwZgyxYu3EFM01lriOCZJEqIoIooiALIsGwA9Y1UcwcWoKNLdpLu9zvbnBWqNBhuvn5EDUmB0EH/1E2TZw5U+YLQovkun+Ytsaw1xCbnCOap334LC7s4Oe/ttvA+ICLmhMXRxDufczUECS37oAuevPwUEVFFp4/eXkXSdYc2IopSepnjtUh5/wg9gfn6+OQBUNaRIUkfDHhraSLoBKqikIF3yHJDLHaAkFOLciVHnyVAVj/S2Ub/XRyQD9aAZKgkaOohvo6ENgykcA07VEFDfQv1uf4W9Y8y30bCPhg4qKZJtMnjTPqBO/vhkZ7h3EJeRslWNQMqgY2jIAIfa/m5sIKSpqpPsGEiz599e3b+GchtD+bSvjQJm2SG6cNj6C+QmaxAek5tyAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKcSURBVDjLrZNLTBNRFIbHBQujG1mauDEuTIysNOpCiDZKZINRSYwoLIhGE18LYxHjgigRVCINRlEjYqZqKChP8dVObQMptAhtp522MPZBQR6lLdLACG3n984NmBgjLvQkf+7m/t/955w5DADmX8T8V4DP58siYr1eLysIAut2u1tdLlcrz/Osw+Fg7XY7OzAwkPUbYGhoKJsYQ36/H9PT04hGo1SxWIyekUiEanJyEgQKm80Wslqt2RRAzCpiluPxOCJjI+jv1MFYX4O2SjVelZ+naq8qhfGpBp+7msmdMKamptDb2ytbLBaVEntQMSeTSXrx7sHtf1TjhW3wPj+K4bYK2J/sh7XtRoghcWYNBgNkWUaKQD7UVUF7qRj3j6ugObST6kHRPujv5GGcU2PG2QkkxhB3NsOiOSwzWq12dGJiApIkIZVK0XNxcZFKSUY/TWxCTCjHQrgd459uY55/jVSwG3zDGZmpra3VYakSiQRI96EAfzZO7EDMdQ3p+W7MfzmLqPUcPGwJnA2nYH7z4hmTk5OTuwxQmkPGBlEUEQwG4Xc0IsZfQVqyYE4shjRSiFmhDIGGfHS/I802GtcymZmZu5ZfV8yBQADhcBi8uR7jNvWSuQhS6Bi+ua5CfJiHsMsMjuOidIwZGRk7yCgH0+k0jawAhB4WwvvLJLYZUqAE30dOYIYkGa47gK+iEx6PB6TxFymA1GoF0tLSIhAQPr68BXdXGRxvazDaV4C5QCGi9lIMP85HJCTQHhGz8Zc/kdQqojUmk6lZV6UCZoPwPjoCrmw9esirPdW58PVzSmyZmHUrLtP1k1uSC5Z7WOjToK9iD5pObwLXrlXMKb1ev+Gv21iwe510s3hz0lB5IKmv3mvqUG/duNI2/gDNuAiQNZy2IwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ8SURBVDjLlZJZSJRRFMd/39JipZXZmCURrRBjKshkJW20CFGSQlAotENQr9FT1IP2HoFPFRFhCSMYGS1GEUUrkZHY2DItUs30kTnjrN9dehhzFAzqwuHcc+6f3z3ncIyL9/uPa80BqVWxUgqpQCiFlAqpNEKqESaRQiOVetZYv8gHYCutj9T5cgv4j3Piyrtlf+62VKoAoP3DBYQSCClwlcCVbtZLMfx2bEUjrisnjABoAHYt3fdPv8eSAldIsgCpAGh5EP4nwLaKfNIjAWIIALCzykPrwxA7VhUO5/yPQ9RVZmMnkhxdgSsVSmtsC/yPwliWSdvjMIYJ5pCo/WkYtKIodJ7C8V/wMh+oAMCUUqEB2zKoW+HBNqG20sN2n4canweAGp+H1RNusWBWiDlVu6ld8poXTYurAYxTbZ/0oU1F3O/5hWGM7tc2IZZS5DvX8ebdY3rpRmJ97xFRxcC7V/HAs679tisUWmvGWVBdPpPOLocNpdm1uP3yB4tzAkwt2YKMdzOxoJik7KNoTdkkEetvtoXKDNEyDTq7HIBhbxrgKuiLz2Ba/0dMy8EwY4zPcyAZZ/BbyrKFEJkZmLCupIB7rx3WejMVJMPdBB+dIX+6RokEpvoFZi7aTfPmciDZHYgctF2ZacE7dwrffiZYUJhD8Psg8vMNjM9Xmbe8Cp2+hSGj9NxMYSWTJFKSjx8i9Q0tQb8tpX54suVtWVqqya6QuEIiheLw7A7K128g7TRj21N5dSfNpU+bCedVMBiNd1y7UOMHQGs9pn1pq36SCjXpWGCrfn56ZfTsnoUNY+nsv63s16DTGRm4Oy/+M5bo7f1xdO+5t61j6X4DmUx477d3qncAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAI3SURBVDjLpZNNSJRxEMaf1XVVyA/8iH1fKdEKIzwpSIeCLmkRUaaXSsE6tB3qYLIQeTUMCwqEKNI6hJHRNamwEDSXCENKoaKNNjLCd9PDRuX7f2b+HUSzcLs4t2Hm+Q0zPBOw1mItkbEy6RiP9LSPnuhK19x6r6nn8MDBrlUBHc8iveFsN+rkOJ2nnhy78q+4ZbCp180ri7qFbmfjjb3L9UDH+MlMq9oXznHaNuVvgYjg3dwbJOYT/UKJkAIx0ucUlLVVOVWgJabiU4jPxPtpJBJU1bMqWpuFEFQVFhakgEbqhBKlkUyStUJCrEBVEQxmwfisEyPRgLUWp58e3xgKhBJ1znaoKh6/fYRbjYOBlSscuN5g62vrQSsYjg0j9T1VPnIu9ikDAISyOFUEtITS4sidxtCy+FpDSI2CSlAJYwj68ueIQoEYQixBEYTzwqBh9xLA+Ox2SlwYXazTX4QAQBAASJlZMP6cl/KK8nMLUF5agR+/fp7Zf3V3tVDgFLv1lRsqQCVmkx5SqdQcKTMAEFgyUsvdQ82kDFSUVIbcYhcKC2/egwhRWFAEqkH84wdMTU/7Qjk6cfHV/b8AANB8c99mGukk2bq1fFvm+uJSqAo+f/2CickJEcptGjn/8tLr98s+WM3Key7v2rEuN2+0proGYhWx5zF4yeTOFxcmx/5r5aV42D4y5n1LLvhi4NNg1vMWVhOnBQAAfWarVSgUNJKdri+YFmCIB0NDECMQStpvDKz1nX8D4+Fd1+gIFK0AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALVSURBVDjLfZJNaFxlGIWf7853597JTJzQzDi9U6chPxCaOmi78idIlglEsEJJqFmIaDddlEK7EF3pKmJcdiUU3bmwXQiiGxsQQdBaF9HYUFucZP6SNHWS3uncO9+PiyDNGPDs3s3DOec94rOvflkyRrzRjo0fKQ7L9p6uBN/l2tuvnb4EII0VC7Mvl/K+7wshEvyfOga06nL9u7tvAvuAdmQ8z/PF58sP6fCAPXGH4cImKbeFsoad3RS/3c3SZ08gGeTy2WG0EeJfqIwVOE4CR0DsNBjObeIl/6IV7aG0QnoeI6WA+/fSDCRzGNPrSgIYwHEEkd0i6T7k78ctIt0hVgplQzzPI4xSDKYcLLanmCcAIbDKEOkuHRXxuBsRG4U2gOhijUY6Amt7W3UArN0H+OTZC9NYXCKjiZRGiCThXoZMskgi4YAVhyNYux8hkzhGtdEk69fpSzt4QvFop49mIyDIjiAdcegz0h4EuE9TTJ1i4/ZNBjI1hNa4nTzHRxfI+AHamP/O4omDOw/Oo42hG2uOtCTSfYVc4Rk27q9S2/wAIyMGt07xze5JdpvbT1248OmVlZWVq9JaiwCmT19CK833X/9A//EB5ubmCMOQjdFRfvw5R8JxmD33Kq50qdfr4tYt76NKpZKX4sBeV3/9g/ZWm9lzr/PJ1SV+v71KcDSgXC5Tr9dZ+niJRqPBsZGTauHsrKxUKucd3xUtTJfnCi/waD2ivz8LwOWL79GNFfPz80xOTjIzM8P09DRxHPPsS2dCgGw268mkFF98efPei7G25T83VTLRrvuAePf9D5VSSi4uLpJOpwEIwxCtDT99e631/FsL2Wq12hEHhzExMXFibGzs+tTU1NFSqWSklEeazSZra2t4nsfQ0BCFQgGl1M76+rqzvLzc6AGMj48ngiAop9PpG8ViMe95XgJwtre33wGquVzuBuBGUaRrtdpWGIZn/gGotkJJF2DBHwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAF/SURBVDjLpZN/S8JgEMd9i1JURPSDIoIkS1FQI4iQgihStExrhGmydGObyZyyYRaybBRFQb/8vxcgBIF92275ApoHx7jjns/37p49LgCuQdzlXmEXd8RON1L4QPjM9NwbQtkXBE+eEWCe4D9+hC99j+XDO3j3b+FJ3CCcvu5a5wgQLXV6ceUT/3Xv3mWPAJayE5/fboAA4dw7nNjspmoDQqevlDAMA+12G61WC1/fP1BVFfV6HbIsUyyKIgRBAMdxVD8drf0BzIU5scl12QZY27ZM13VSbzQapFir1VCtViFJEsUsy6JQKCCfz1P9xFrFBlhX5cTGVyUb4D96oESz2SR1RVFIsVKpoFwuo1gsUpzNZsEwDDKZDNWPhQUb4D0wHHUwHCjZgKVEmxKaptHc/ZmtL8/zNLMVp1IpJJNJxGIxqh/yn9sAT1x31IHbx6L/FtiF3Sv6s+a2NMxE65jaUMwtX9CixiIiRkM8RoKc2XbRVGZhnrGcJcDAr3FQwC803UMOARws7QAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAADHSURBVCjPhZFBDoIwEEV/peLWlW5ceAcTvY6ncW9i4pm8hgsT2QgGEFLKdygQkKD2Z9pJ5nUyv1XE7zX5U4euD6WGBTatFVZYwhu5GuDKsko2WWhswU9lPB2xxqRqszU24ZMRUyaiiA/eBbk1iAAV/xLlbo8ZMhAglewsiBLgYmUI4wwRJSxyzFsPO916ndazu/ARClhg0drsPKrGkA/bZHrorkKUE8cBuKI3fMkhAkH4/S+IbjI9Vux/jNof4lmBvowL43Lmb/8gdgK2+FpkAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKrSURBVDjLpdPbT9IBAMXx/qR6qNbWUy89WS5rmVtutbZalwcNgyRLLMyuoomaZpRQCt5yNRELL0TkBSXUTBT5hZSXQPwBAvor/fZGazlb6+G8nIfP0znbgG3/kz+Knsbb+xxNV63DLxVLHzqV0vCrfMluzFmw1OW8ePEwf8+WgM1UXDnapVgLePr5Nj9DJBJGFEN8+TzKqL2RzkenV4yl5ws2BXob1WVeZxXhoB+PP0xzt0Bly0fKTePozV5GphYQPA46as+gU5/K+w2w6Ev2Ol/KpNCigM01R2uPgDcQIRSJEYys4JmNoO/y0tbnY9JlxnA9M15bfHZHCnjzVN4x7TLz6fMSJqsPgLAoMvV1niSQBGIbUP3Ki93t57XhItVXjulTQHf9hfk5/xgGyzQTgQjx7xvE4nG0j3UsiiLR1VVaLN3YpkTuNLgZGzRSq8wQUoD16flkOPSF28/cLCYkwqvrrAGXC1UYWtuRX1PR5RhgTJTI1Q4wKwzwWHk4kQI6a04nQ99mUOlczMYkFhPrBMQoN+7eQ35Nhc01SvA7OEMSFzTv8c/0UXc54xfQcj/bNzNmRmNy0zctMpeEQFSio/cdvqUICz9AiEPb+DLK2gE+2MrR5qXPpoAn6mxdr1GBwz1FiclDcAPCEkTXIboByz8guA75eg8WxxDtFZloZIdNKaDu5rnt9UVHE5POep6Zh7llmsQlLBNLSMTiEm5hGXXDJ6qb3zJiLaIiJy1Zpjy587ch1ahOKJ6XHGGiv5KeQSfFun4ulb/josZOYY0di/0tw9YCquX7KZVnFW46Ze2V4wU1ivRYe1UWI1Y1vgkDvo9PGLIoabp7kIrctJXSS8eKtjyTtuDErrK8jIYHuQf8VbK0RJUsLfEg94BfIztkLMvP3v3XN/5rfgIYvAvmgKE6GAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIpSURBVDjLpZNdaFJhGMcX9EExPVNn3Xcd3Ui3urnJbK4guiioiyjKPFm2QRSINZl2RDuprTZNaTLQ06ajizVhDILW+tpmYxXW6mKNXTSKGS2Xm+foP18vBjLRoosfLzzv//nxPC+8NQBq/oeyRfpAvYXVStMeXR2cWgoWtWT1hEJu+yuBXiG92nNYkg8cl8JfoPuoBEwrhXalOK/bL7NWFXRrqSSrEYNR1YJRi8DoJLC3yXGlUYqTCupnVQGjrIVLU4/RrmN4F7Ph85gfj90GXNDshaOByvdfO7SjqiCzMIVfk31YnuKwnBjE0qswUvMJuNQU3obo7RUFDpUol5qMIDUTQ3p2sEAU36ajSCU4uJrqhIor7NGFt9mVYv514CLWpoPIvH9U5PdMGM/vnoKjSb4m1wR2lhXIW7nibp2q3eCffMK4z1gCP/YB5uZ9IBmZ2rerRCA7OLCFnG/OMPCdbUAu/hHCracQrCMQLEMQbnDI9Y4g2HEEJEOyVGPv1pIJyEV2dBzpoQkIwWfgncPgLRyynWEIbBRZsw+CNwrhXmhDsiEgIxb3vd2HOdqNjDOGdWsY39vv4IvJidXrfqx3sJg7bUOmJ1LMkp5NghVXAMl2LxZNbnw1schc9mDF6MAizWBJb0fyEosfN/2bBS/uGxOkED9nz0/oHeDNkbKQ0eP6LoFkCz2zJW8w/9AgCrXQHq7NNEyC5ehvPv/yQQvtXRgwiCr+xn/hD7c3w4UciyonAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGgSURBVDjLY/j//z8DJZgsTV+9fAu+uHo8+GzvXECWAV+c3R//mTn9/ydLu4eka3ZyY/ts63T3k4Xt+4/GlqS74JONY+9Hc5tdH4wsmAmGgWv9xQKX2nMPnapOF4A1WzsEfjSzefLB0FwUHoi/szPX/05P/f0rOWk9ugHONWefzNl44X/B/L3/o7LXnn1h4fitN6i22Tx7W5tpxqYHxmnrChh+p6X+/rd10/+fsbF/f0REmiE0n7F3rDz5wb7s6Bu3gt3Vz80db69zTd1mlr11tUnGxt89Cw/8N0ha9YDhZ2LC+p8xMb9/hEdc+h4Ucu+br//JFXFNi5zKjz20KztiDzIMGFgzP+iZboQZbpSypsAgaeUjvfilqIEI9C9bf8rk3Wd8kz59sHV+BQysa8DA+vNe1+Trew0DfrwJCehfCceqU8fsy48ttS05xAkMLANgYP39N23K/3fq+n9wpkTXugsFQP8+B/r3DdC/pciS77WN1r9T0/v9Vkl7PU4DnKrPPJi85uJ/oH9fkpUXHCqOF9iVHn5gU7S/gG6ZiaoGAADG9LhB7Kzu8AAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJsSURBVDjLfZO9a5RBEIefvfcuucRUanGiJkYjiNoEET9II0gUsRC0sbASO1G0MVhIiCL+BdoJYmOnjYWJQsA0QRBRYkBUJESJ+dJLzvfe3Z3dsXiTS6LowDKzC7+H3ww7RlUBCJcuKrv3IkNDqAgaAtF74lIuHT+OPh9m3YtnhlVRXC5Wi3SVMIrkdxHUef6MFYAXVIRoLVEkB4k06uI/AIUGwHnUWujoIFhLtJZgLSHLMF1dxLSOOvcfB84PmLnxG837a7QcaoJisvRukDTDvRojOD/wT0DTyYlJpFDze8612aZ2QiigkmEkpVSfoFx4VDOHw+SfAKOq6MODB8A8cd3XK9Y1E9OfSPYL9RkqDkxCc9nQ+uHeFF5PlS6Pja6dQZA+2XW+YqWFkFYJLheqd8QsRaqzpPNVsvbTlbgY+v4aokbp8eu2E+uLuVAciCd6i4oj+jqyMEddWsGGnr9nEHV91AT1GVEcGjxRcnFwea5+GqP6Ypxsempj6C1OAHd7B+XO0hA1/0TiG9YbJziqn8eJUmPfuSs0d+6h/nZw6/uXQ7eGjpZ+LbWg88bXIIa11sWi3jEzNsrOI2cofxrGPDhL6+fHbOvYkKjRK7mD4EeK1fFTrriZGNwa6yqOWKtRrnTCiasrvfdvIolmW+6gHu8UX9+fKpmUQqkMMaIh3wlUMW2tpG+eQv8m7DXDj2uGhe8zhES/meVtdDe7LiAMuO7TlaxpM0EialPwKdV3wyzMTrNlg1AsTLI4I3z5ngSf6Y0GACDr23Eg1qQPH3uimvUEUDXzURj5KHybm/16IgmmIyT6VeHesUG5/Rt5eNFI8xvNdAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKQSURBVDjLbZNNaJxVFIafe7/5KTPzpUloNK0tIsowCtbiQgRRQReudCMVqYrdiLgQ01UrWUgXXZQumoU2myyKii66dOFCEUo3IiL+VRMFHactYpsMmsy0mbnnx8X8tEn7wuHAudyH97zcG9wdgKWl9zNgl7vvrVar51T1PndHVQHDzBCRFGNhqd1ePXb06PF1gALAhbONF+7PanPtymtP9G2iVK3WmJjYibtjZuNupsWVlYtviaRTwABw4WzjEPDRVGMy/vt3QLpCu73G2toqZoKZE2Mkz3PyfBKxgKplDFUA3rz7wL5Y2lnigdrHiDhuRlaoYJslrv3cWb7cfehka/3BxUY93+EGqolbAU/tqz+K2V/MzFQAHZYQ4146v55v/NPd81UxL6uKQgyY2RgQB025fOUPCC9COAjhJVqt38BlcKpKb/M65kbq9YfB3nQAGOVSxqXWCXDBSZTLBWAAMDOKsYibYURE0naAMjOzC5gc2Pc0vDwApJTQGx3UDJHNLQ7GK1xq/Q7hFQivQjzMn82LY4CqhiwWw8BBQNW2OxBK5Yxm812whNNnx5YVtBBkoxICkLqYbcugt9Fh9+xj4/RHtblxA7EMVZsOYZC+qqMqWwBHfvr829OjgRNIWkIsIhb54cr+r7Ms+3Bqanr0GjHzm4AnDy8vAAujwfz83NTs7O7z3W7nYTOjH3uPp7RuWZYNHdhtDrZIVda/8+fPWa06nfWvfjJxdfFTEd2zvPzLZyn1CCHSrx954/UPWi8DC2H0G2/VM8ebzeceqd375fer/9WvnTgDVET0oLsWzJDmPe/lzx64K//ix43WHQH1t1fmgLkC/TNPy8lFM4vuWhGx6G72TXX+UAqVd4DT/wMfm3vSJoP5ygAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAG5SURBVDjLpdHNa9MAGMfx/BtBvO/i26XBw0DEocLUSift2Lp2LupYFh2CVLA6rIMVmqaiqxDZxaJQNehSspCksdYXRNGJzOKmNz0IDpRSvH+9SBVEaNgDD8/hgQ8Pv0cAhM30fxfl5k8KfpvZ2gYz1S+EBgpem1etNk9XfpBeXA8PXFz6RvP1d9xnGxwtvg0PqLc/kzLWiGor7L30PDyw6RABwXEcLMuiJ6DRaBAEAZ7nYds2pmlSqVQwDANd18nlcmQyGVRVRZZl/gFc16XXs5PJJKEzOLMwnD29kOic1I8wPLenc/D89iwgCDNPJlAfp5l6NMZkfaQrp5aHSFiHiN7bT8I4wOX749itMu+++pTqU8RL29hxbivCdCOF9cnk4ce7TLjxLhBfGuTGGx3t5RVG8/uw3l/F+nANAC04QSk4RWRaRJisj/JgvYq5dofU8lAXOFwdIP9ilmzzLIMXduG0Fvm7aqtlJEVEkN0E484xxuwYI7VoFxi41U//zQiR6zvZrW6h4B9n3k8DMO+l/1zQS4CSIs7FtD6KvkxttUzRl4lpfUiKqPX8BUkR85IidiRF5PfMA8IvzWTWMhb2/CMAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJzSURBVDjLpZNLbxJRFMf7AfwEfA5YunTDTnwk3RlfMWFj4qKpKyfV2EVjhMwAUUyb1gYqCdWgQmqkRToFaRoLBcoUEGiB8hoQpgzPcpxzgREfO2/y39yc/++87p0CgKlJXTKCQpJKklrS9Ejq0Z3iz/hJ4wVJyofrda1954Tx78fZg8ghHwpH+e29GPvGk2JmbFUtxmDsb4CR+aLVm6dCh0muUKmDIHahdz4gajQ7kCtWwbcX5hY3khTGjiFjgBLN4dh3odXuAR6x04eq0AVe0lm7T+4EsQPbgaBgdh4hREkA2BeWjZnHZsduCYo/OlCoDZWvtSFXbcuQjU0fd3+1gO0oEKCys8cMlo2nXO/A1SdeeBcoymbNnAfuGiOkGjyx1CnQNj+DXgSofd+OWOwZS0XTlcdeSR5Y9xchy7ckwBYBVBpdqDd7UKqJsLT2nkUvAqaDBxEeh4UBCMCMqOvzfmCcGdBQW3DHECbVnVRa0Omdw6pljUcvAeyHwgSAAdgrmq893SGZDa5juPzIDbeZISBTbklVdGFp+bUMUH/ZjbI1oQ0NsUcyELOUFStKFUUJ8JkAcLC4mXi2BrTZIregsrgTTCZXgcEASAYN5SbmZEEkQvNNOkza6/YHsPk1CpTpozxExQNrWev2Bji+3pI3gcbEaRPi+aa8TjQnpOz6FyvcLVN8uMbxQ6LfhijHJ69QqJ6RSmpnPVJNuiSS9aE5nq2CzmwVZmnnr4c0+ZQXLAFqxebg/MEEZAp1MhPsOZrmweUNwQK9yM3oP/z9lCc/071Xae3cSxfzzLjM0gYT/1zP8PM6MzurszM3mNi/P9P/fOefb4UIeuRftTUAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAH2SURBVBgZpcE/SJRxHMfx9+/uuT8qlgR6mvTHqyGwKMWpbmhvskFa2spFRJxaGlprKBQcKmhqcWloaQ2ixcFaDhUKLDDJSFHvT+fzfD/ffJC2Go5er+Du/I8wPrs4Vbk+9nC74V3ugIRLmAyXIxduhtxxM0ziWD6ur6xs3Hv1eGIhGrs2Np8rdmVKRdrRVW/YPLAQNWLPNLZrtKsZe4ZDkZtz/+Yg7Zqe+0IqchfujpNycCAEPiwv8y+jIyOYjFSEO2bG5Nw6fzyfOUuqUqnwN7VaDSVGKjIZcufp9BkIDh6QO0ecd9UNtvaa1FoFCrmI4x3i6lABmUhFLkcmQgAXhxyCMzw8zNuP69TVxeWhE0S5LFu7B+zst1j6XEMyUhnJkIzEDJMhGUpEtVrlR7NIudTJTiuwuWckIctgXzfbzYAkUlESx5gZM8++88fcZIlUrXlAPp8jaSXIoZU4xShL4hFJnJCK3IQkntzpA5yUJFKdhRwHsREbJHJSHqBRr+MSqUgSkgMiAM6RcvkcvzZj9ptGd0eeljlRJrC5HeM/1zifXSMVxmcXF0unTk7IDJkwMyRhcUwuH9Hf18PoxdPIYbfWwrZWqPR+Y/fT++Tr6tLt4O604/WDG3f7B/of9Q5d6VldetMI7k67Xk5duDVQvvRCSjp+A5XMMGcdZp9aAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGdSURBVDjLpVMxa8JAFL6rAQUHXQoZpLU/oUOnDtKtW/MDBFHHThUKTgrqICgOEtd2EVxb2qFkKTgVChbSCnZTiVBEMBRLiEmafleCDaWxDX3w8e7dve+7l3cv1LZt8h/jvA56vV7DNM20YRgE/jyRSOR+ytvwEgAxvVwui/BF+LTvCtjNwKvj/X8CbgXPOHMEZl559HsTu93uPQi7jBiNRgMEx8PR0GIxRB+y2eze2gqQeAXoSCaqqu5bpsWIdyzGvvRrBW7rdDo2I6ZSKeq7B8x0XV/bwJWAJEnHSMwBDUEQWq5GfsJthUJhlVuv11uckyiGgiH2RWK73RYRb2cymbG7gnK5vIX9USwWI1yAI/KjLGK7teEI8HN1TizrnZWdRxxsNps8vI3YLpVKbB2EWB6XkMHzgAlvriYRSW+app1Mpy/jSCRSRSyDUON5nuJGytaAHI/vVPv9p/FischivL96gEP2bGxorhVFqYXDYQFCScwBYa9EKU1OlAkB+QLEU2AGaJ7PWKlUDiF2BBw4P9Mt/KUoije+5uAv9gGcjD6Kg4wu3AAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAK7SURBVDjLbZFNaJxlEICfeb+vu5tYCApd3CgsdLdpu9pWEKEUEaEUb4o5iBQpePCkHqwQqlKLB6sUDyLoQbBC0IoI4g8iKv5SSlpj2qYmWtgapCaSiGY3m9399nt33vGwydaoAwNzmOcZZkbMjENPn8rsGhm+EseSOz87Xx4/frDO/8Q9Dzw7tOPWrdVGo5XMTk+WJj47mYqZAWyQfD/9a/nUiUMbJPtHjwyN3FKqNlutZPbCudLkl2+nAH0BwENPvZWpbN1yBbPc2bOz5Q/fOFwHuPu+J4bKO7dVW8128tOlc6Xz37ybrjMbBAD3P/JKZvtIoaqhO/DDxFQ5TVuMVLZXm6vt9s8zk+WL372X/rNfzIyxsbHngGfWZWZGPp+PAFSVEAKLi4tqZpgZqkqz2Xx+fHz8WLwGHC0/+IL8+2hmoAYhGKGt0fyKp61gwPLJg0eBYw5gcHBQ8tcJTv4Ld9VYqHuu1j3dIEQCDvDeC/RqzIxcDDduFmJ3DU5S5WotpZEGIhEi1wOcCKpKX+C9x2sPvD4niPTgP1a7WGANFhyCE8EZfUEMkKYpaQDWJmfEqCcKCCKGA6z2CdHKpyTJMu0kxRWa1wSqilcIBhoCDR8YzDi8Gs5BZ+l9tgx8xe133cHNN2zj65kPmBj4jb2PDb/kALrdLh010q6xmhoaentuisBMWFl4h9t27EGdsqdwABXP3l37AB516ys0O0a9Y9QTY7UDLW+oCSbwV+N3Nslm7t35OABP7n+dUn43QC4GyGaz1L44wdzcHMcvX+ZwsYj3nkqlwo9TUywX/2Rm4QwXF05z5MCbvPj5w+SiLEAS97/gPYVCgZfzeW5SRVWp1WoUi0VcWGFi+gz7dt/Jx5deIyMxpy98C/CqmBmjo6O2tLRECKGfZrahjooN4uEEiQxTwc9nmfroF/kb8GeNaWNAJ70AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIiSURBVBgZpcE7SJZhFMDx/3neV/u8ZlhoVxAkESoyJYoa3BojDCFc25psaS8CWxoEhxAagiCpHCpqaa3AyiIISwjTtHIou3wX/b73nFOPIEG0SL+fuDv/Q04Mjp052ttz6WvR69wBM9wMNcXNMTdcFXPHVVEzGqsrhamphXPjl/tH0p4jPcNVubrQkmM96gpFHQZG0mLFQ/FrnvUqVTzwW+rqXBxoZ71OD80Spe5GVM4UB9wcNTAcM0fN0MzRzFE3yuq0tTagpkQBdyIJQhAIQQgJJCKkIZAmKf7zBeV3Q1RJidqqlMgyJQpqShQAEUGCkAQhJIIECF5ieW6c+uZ9VD7dJ60ORKZGFNycVSJEAQgihCAkiVD88IDa5i4at3ZRmHsI+RkiMyUKZsoaEQERogBofoFv7+7RsLkJ/XGHLZ2n+P72Bm4ZZkYUskqFVSKICJGIEH15c5Pm9uOwPMnEtevUN5X4MfOI77OPySoZUXA1ogQQQEQQoPB5Ei0s0bCpiK3MgBuaf0pb71nmn1yhimWiYGasESAA4sris6s07dqPFV/hVqK7rwMrfySXm6ZxxyG6aiaI5MTg2FjLzm39poqpoars2fCUkwdztO6uQfMTuJd5fnuK7r5OJNkINcd4NHphpdpLB8Td+dvE8OH5vQPXtyfhPZ4tAc4fgaSmg8XXL5m+e/5Wyj9kK+Xc5Ghfyc1xM9wMN8PNcTPcHMxw99ZfSC4lgw+6sSMAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIuSURBVDjLpVNNaBNBFP62u8nGhpCU5GAQk67ipaEgFQS9KKipsQcRcmjBmwfP1UtPpgXpyUNuPbRUvNWTJwlNKQihF4sh6x96qK3FtGqwamqTbHZnxplJNy01FcGFx2Nn3ve97703T2GM4X8+7eBBsVh86DjOTdu2Ne7BvbRmsyn8XDqdHulIYJpmkANmQqFQWte7YXEQKIXUx1X29IQwP58b5n9/EpRKpasCHIlEjvn9fqyulSGyU8pAGeVEDISTWZbVuQQenIvFYvKgXm/A5uBX5gtOQNt2JZmSZXQkEDV6vV5Uq9VWZkLQlzgts7Pd7KLZhyoQzISDRJAYipBulpa5JzK7uIsOXf+7glavmAwWBIn+AZndVcEO6UGXq8AlkCQiM2nVXgmsYvZHFnRfXEeCNpjsNU4Qzb6fxsfKJqylOZx/PYPFSx6aT2rr3MbaJQhp7osUkumuZMrPRsPj0Ddz0L8t4sKtu9CNhFJ/mT/+trBwf+GyZ6etQExBVdVW3ftUyLew/BinLt6Ab+UZlEcj6P7wBL3xsMoUNuoqeF4oFM4ahoFAIADfkZ+o1RpynKJ27ftX+I4awLU7e90fj0KlSq/iSs9ms0N8GhPRaPSMceIkgsGwnI6435ocxLlUCv71p7Dqn1Hj8dtVFe9WUFYObmMmk0ly4ANu/e4y9f16gwHPBuJhG1rXJ2xXHKx9UYndYPeUf13npeHY2M7Wxm2VKHGisjJHTQ3mncnfQiCLpXc8FWIAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALpSURBVDjLdZNrSFNhGMf/Z9uZnjldy+lKKF2ThsqULgZdLAIrKTHKMLvYhS4fgiKLoi/Rx6LID0aIaRAUpQSFEcIMiS6mhoFmN0duVpo6azd1m+852+lZSeSlF36fHv7/532e//ty5eXl7yKRSCrhqqysNGOWU1xc/EEURbMkSY7GxsaMf2sqEqaHw+HbxOHS0lJ5NgMSR6kgCqbXVCSMIbaTu5h0qEKKVcSASTJYBDiSdB0LtEDZyVYVidcRmdMNFCR8S1QR9tf8DWFc8AkKjUGQBYPgRLagE4YExthn4hbRNeMGJEwg1hGSju/Ei/EOLFdehSJsgc29DV1eKxg7IFH3nYRuNgORcFLRaowBchO18LJjGAtkw+3bCPtoUnT+COFcnRU299zdJSu1Voz/eAYuNLA/OhubNMjaZDRDzWkgwYRx3QiQcgcRTsRNxrAnPxC3d/O2+YIhDzrTEnidFnxqqr0cNUggthqNxhzbmYFZMlBgZUYwY/++kmydfgXcvR+pCUN8wjxoExfqogZ+osHpdEqWCw3LBEpBDAOMAj1kqEaK3AellK7WmwswMVgHtYbDl85PEEPsZyg4tkpBm1UTJkLZNnER/rADkXA0e2BkxA1e4qBPL0Toew043gNeG4/YQO+w6B/Mzz3+wB414CcNuD8pnIBX7MG84UewxvqgSy9CaKAKCl4E86fB9bRtlI0GCpeeetL5e0C6vo+oJ/hoCkX0csxiGXbMeY7krC1gQ7VQqmVM+FPR39wakYKB7MWn2zv+xkidc0i8m0hbb0iVld3fkavawElcMga7r0GfrEbIvQBfm1tCJRVdsfZ+b9+UFZOBSNTwPK9pOjfMaT56uMw1RxHz7SXsDS3otLnx4p4NVx72nu1zBbwzMiKxg6j2eDxv6urquJ7PQxJ7/ximnDzExVkw0NE9dr7e+eV+u6uS/szP6QacLE/9gCVr5waXLjKqVmSYIPMTr4KukYOFl9468J/zC7f3tq13JhENAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKgSURBVDjLlZLrS1NxGMd90ZvovdEfEBEUEhZIb0xMjdyLIuyGkiHGUFKydFKKJiRegjIyFJRwojMxzfJSaVOYeTfxtpSNuZ1tXnY2z27nsss5334uWloG9uLD7/A7z/fzPPx4IgBE7ISl3qWyelUvu9JIueZqeOdUmcCMFDgcQ3fntjSK0j/rwx+csesIZ3jbL1j6EbCPIej5DpE3QRIoBJ3LEFb74BjIxkbXVYNdrTixS8Ca3h/y6pSTfloD0UcRjCS8BJGbRdA7QRgjd1pIfhruyeewKOMdm+rCw2GBV1tXKZh7SIEVoqAjpwVS0AlIvhBSkCGyeQRcPYDogO1DNixvrveFBa6ZCkuAmSe1OtJpFVLATkJboWCIAE3+GYngI6ENgnUK+hcxfFiw9fWRT+RWEWTHEeRmyPhaMvYCgu5ZEpgkbzCCgPszBNsr8NY8iF4Ky5WnpLDArs41+zYnSPdF8OYi0qEcTHc6mF45mJ4M2Ftl4C1lYPU34KerwFNTWKmO/j2BfbiwghmvJuPawZsUsNVHgTPlEx6ANcjJeR9r5QfhWUqEJOlhbc+FoV42FBY4R0sPbPbKlz2LLeQB9aCbYkJhzpIFlkoDZ8zDRk0kRHYYrm8d0JYeEyyduUd37QH9pTBqvSOV9iy0wtmZ+VNAOm+HOeM92JtlYDQN0JYcD1BtmTf/WqRtbJ/yTxtUt9fXGhPBq5MhriVBtMYhoLkMQ1Ek5sqi3eb2O4l7buIvhlRPkmsfZ/ibax+iruosnpacQUFOOq7Fn5TUypJz/1zlnRQr5JSypRVKZRvq6htR/ewlriTH03vV7ilQ5NwaHRgchM1GY3p6Bq+bmpEii9XtWzCgqkhLuXSBTUg4L8XFxUoXk2K57obirH0L/ocfNQ8V8wE+uE0AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJeSURBVDjLpZNLSNRRFIe/O81o+WjISM0epuarEHuDqIFEDyoqEFtFD4gWQVDQoo0QhFARbowKNNpKi0DJRYVGqRmY5oPUBs3S1GnMcdR0/v8Z554WM44RGURne7nf+X6cc5SI8D9lBTh79/0VIBkoAHaCCIJCCxaLwqJAa40O4LFZpT9z/cpdaOFqcZZCRDhT0V4p/1i3HveIiAQNgEKAh83usNrfgp3Pj6NvyGOGI6AlceExPT4SAKX+/PnjNxMAr+GPCANEJGqhq8NlLtk53myk0FlN/0QO19a+Ul33Lp4OArRYF9SWqrmxWqb7WliRcwp7ynY8g5n0Pa+6vQBQACXX6zG0RgvU3djP4OhUMI7nBXZ6iEvPxz3QS4TyEbsykZjVG+0hgAbgu9fPvm1J1LWNhDtH+1qxSRf21IOYY9VERCm+dPQxPatQvolcS8gAgBkjgF+EOXM+OImpZmw/GrCnHcYYrUTZJrHFxBItbh4N5bH70hOHBUCFDEzTj9cfIGD4cfbWEjX7GvvmYxgj97HY/PimN+Fq7GTNgTKchh2AoMEvUxeBnKgOPF+bid96BJ+zimURgjmdzHhTO6qonOUJ2YjMLwL0vA4ThluqKT0UwBdIYqy7Ao3BrHsdrre9qKJyVHQCodgSBgS0/gzQ/eAExWntbCm4QORwE46aZjqeuXG87GTD8TukZmSRkmQPmcrk4iYGdE1JaUOGiOTlulyrfB+ekpJbyNT4BANtDupjLzNe9g6R1lBIPQOWXgD1+zmf3Bvn3ZGaYN2TnYLYzDde1/i5oze7Pi21YD8BVSdMJ0n4cQkAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGWSURBVDjLlZNNSwJRFIa1Tf8hElq1qCDJxk22CdsErVvbLotQbGFkZBYWRqCghqv2tXHRokACw4IICvoHbRS/8HPGGbXe7hkcGTU/uvAwA3Pf555zhqsBoGFrkmFgGIcwxRijjIKmJTCIolhsNBrfzWYTf8G+IxgMBrolisBI4Wq1Cp7n25RKJRQKBaTTaVmSSqUQCoU6JLS0JKANtVoNkiTJT6JSqaBYLCKTycgCQRBAh0QiEVnSI6CwAgkoUC6Xkc1me1pqzUTbIWBttDfQO/WttJLL5eRKkslkf0E3aglVQvPI5/OjC9QSaodmQqJ/CYh6vS7PhSTEvwVUBQm8iUOcxl2jCSikQBW44064Hh1wPuzCEd0ZXVATBThjNhzE7Lj+DCPyEcDWjQUr3qUvzj4/PvQv+BInsNxuwHFnxdW7H4E3H2xRK0xHnMTt6+/Vgp9Bc1gPr8L/eg7fiwdrl2bozBOb6ruwyIbEs419L5P5Yhlnz8fwPLmwsDdHIYNaoCPJoKtscnNgJUNvn8XM9jSFdJT9BVHxpMfQmzHDAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFlSURBVBgZpcGxTpNhGIbh+20+DUkTRhkcNLBIOmG6+Q+egg4cgWExhDi5sDm5SErCoB4BDB4KjnVTBpooCTKUOvx9n4d+ISQOQNL0usI2i4hX7w7fNi/7H88n7tqAhCVSiWVk4Uxk40xSYvlhezkcnr7/9mnzoPRf9PcfLHU7K0vMo3s5yX3goExadybnY+b1r3WHmeI0u68fM6/twQlVsYVtTGUwEMH342Pu8nxjg1RSFWwyk63BL2583XlK1TQNtxmPx2iaVCWVyObz9hMIgwPZ3EcSSlEVyyhFBFjMGML0ej0uLv5i858ATABSUhUpkRJzLZgxDH8Mucuz9XUkUZVp25KZ7Hz5zY3B1gpV0zTc5uzsD9N2SlWcQhJ7bx4BppLEfTKFJaoiCcmACMBcW11dYzQaAQFhgsCGCIMD2VTl9OfJ0YfDdlOZKEVmIolsWyQhGytxGllYQqI6YiZss4gOC7oC3Q3wOtNMt7AAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGWSURBVBgZpcE/a1NhGMbh3/OeN56cKq2Dp6AoCOKmk4uCn8DNycEOIojilr2TaBfRzVnESQR3Bz+FFDoWA2IjtkRqmpyc97k9qYl/IQV7XSaJw4g0VlZfP0m13dwepPbuiH85fyhyWCx4/ubxjU6kkdxWHt69VC6XpZlFBAhwJgwJJHAmRKorbj94ewvoRBrbuykvT5R2/+lLTp05Tp45STmEJYJBMAjByILxYeM9jzr3GCczGpHGYAQhRM6fO8uFy1fJQoaUwCKYEcwwC4QQaGUBd36KTDmQ523axTGQmEcIEBORKQfG1ZDxcA/MkBxXwj1ggCQyS9TVAMmZiUxJ8Ln/kS+9PmOvcSW+jrao0mmMH5bzHfa+9UGBmciUBJ+2Fmh1h+yTQCXSkJkdCrpd8btIwwEJQnaEkOXMk7XaiF8CUxL/JdKQOwb0Ntc5SG9zHXQNd/ZFGsaEeLa2ChjzXQcqZiKNxSL0vR4unVwwMENMCATib0ZdV+QtE41I42geXt1Ze3dlMNZFdw6Ut6CIvKBhkjiM79Pyq1YUmtkKAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKUSURBVDjLfZPta9V1GMY/39/vbGdnTubEhsOcFIPjDEdCvijEwletQWRRYFIoEkFEIv4Bw4EEYm96WYFQ+ACCixINxFKokWFmakvwzESX7fGnR7ezne/T1Yu2OqPWDRc33Pd9XdzcD0YS8/bu2Z16obObS9kAQZEQwxwiPno2rtjEoc8/5as958w8J0eNeeeJ+qs4xICPcc7/A2t9LYVkgYD1SOBCwAZPh/2Dl6cvYIPDh7lc1S0u4KwnTyP5pAEXPE9Xh+hKEx6ZnSCfFiioCWf/X6Bv8NavrM530CrR7iZIlm9h49QwjzUUufTzZZz1fYsKHHm9v/f84Dd9Y8MZm6mQa3uNZNkzdM3cYfTGOKcvnOr78cCV3lqOkYT7bk1BSouKSqPgwFDr2ztWV95aWdwNST329jGO/nT5y1fa6/ZJCTGK4Crjba+O3TaSsOfbhtXYuUoCSSiKpGUzNK5B7h5yZdzkFUJlDGGIzmEf3sJmE28aSVROmBej43C67p2m3KptyI4Q7T2iyyBUQB5MDpNbSvSO8sUjZBevfUGe7Wb+kMqfmY4YOFm/dmsxffQlZEeRn0axgsIMmBSf3WXk9PFgH9Lb9aH2Lxhi8xsqkeep2d/6++ODQZCQqihWQRZDyujXxzNXpXue/K8ttGzTlCksOePKJWQARQwGFFCMkDK1/qDOLLpGANHQU9fyJMbkkPfY7C6mbjlJfTP1rSvbr+4z62vrF/zCZP+KQhRb0mXrKP/wAZMDAyUM3y4pduxYuvY58m1PkA2N9ABX/7ODEPyzpunxwvjJvYyfG/jIOzZ0vq+d96+Xum+e+OR3O2OZnaZnYcvS3xj+mF2l/dy8tofna+OS+P49ms9u59CprfxSG/8TX76Rzx39RVIAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALDSURBVDjLpZNLTBNRFIb/6RMqtEDBFopFXiFGIERYmKgJUXBFQly4gI1LXbghcYPiI/JYmbhxLQvC3hjjQkSL4SnvYCRUCNJCSwSq0OnMdObeud6ZBIzB6MJJTiZz7/m/c89/5gqMMfzPY/tXwkYkUmkRhOuU0nJCyKvs7OyXPp+PHu4LfzvBSjh83+PxPM5wOs1vSZKQTCbjsizX1NXV7ZmLBuBPMbOw0LsVjzNVVZmiKIwLGQewRCLB5ufnv49NTGQYeZY/VQ6Nj/d5vd67BV4vOAC8IjjEqA673Y4stzuHi28buccAoVCoJ+D3dwZ8PqTTaRPAewf3wHwfHBwgx+OBRkjnMcDq4GB3FaX3TrvdZkVDfCg0QtM0c52birSm5f0G2O7q6vY7HF0FNhtofz/02VlTbIgM8ZORdvS+v4bME04kRRGpVCp8BFhtb7+ZUVralcF7JpOTIJEIhIEBYGjoV2Wiojj/DDpeNOHT8hJSothkjnEsGHT6W1qUYGsrtOlpkFgMOh/Xw+Y1MKpCZRQqhxTlVaK2+CI+fn2Hxc0pppC0+8OdhGhLWq0lRQ4HGDeHRKPQueOUB9FVNFffAGU6qE6hgyG2H0VN8QWIqizMRkb2a3ssebYfsqzK8Tj0RAKU93YIMI5siDf2vkDTuYm6Bo1qOEgnUXfqEkRNskytj+5ZdkRxI7y4uJRcXmb2wkLQVMoMhSgglMDnDsLvLkGhpwx2ayYKsgOYi45hbG10R1LRYP7Kz3Jz8+srKuYqq6r8mYzZpc1N3GqLQuFjVHkrMlFZef5Z4XzZVcxExjEcfrOtElyJ9bHPR3fhaVZW7kmX6/m5QKDRIwhuhRsZkyQ9Kkmtbbu7r6t7LKmG4GVXKDy8peqmeOXYZXrkcAgeq7U+02JppIytqbr+tkNRksZe2QMhRXWrS9Zp2bc+tn6o+QkxLL87j8znVAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIdSURBVDjLpdNfSFNxFAfwX+GbSGjhg+JDED2YBYVGSPiQJigYRRZGUBD0UuBDT2rkIjOV/LsH5/5oIlE9yHSbFsy5TV3zH3soZcQWtD+CmjPXcru62f127q9YM8gH93D4wf1xPuece89lAFgy8d+LrtOyLGO2WudOe+t1pQ55LJnq0ea7+b1NVTmgMFCU7wmEmE1EmRewh4E3G0DeZwQz5hETNjD29CxHOCDPlR2MsnHtFjNFBTYOgVkQYVag7SuwIAD+GDBL51QY1pF++EzP8PLBKQm4wwHlsYZUkb2fQs86oPkG9FCMhgAbVTbQ6RB+P5cHoKguwNJEBzpuH5WALA5os9uPI+XDRw5c8gEVFPWrlERtWwmZoFDR3a3l7cHaAriHqqVkxF/idJrmMtKdPqioyhU/ULkEyFaAgSC1HgFGqAvFOjxNzqC19QK+vHu0G/AzbSOer31HHVW9QcBNAp7Q/K8JcEcB4w9AH8Jwiw7OgeuYlpdKwGIcCLMxPVXY4a2X0luvJegVJZs2AWXgJ0q8EZR4YjPX9BwYri+UgIa/e3DANovOANBPM7+gMbTU8kkXfQm76M2fdKB5rWqrzNV3JicTi31Xobp3QgKK4oDliFK9ygzhTWYWQ8wkrjDjtvmwxp64E5RQrLmfxztInH/PRfoHaNE9Pp8U8GlOUZEUwJPNrRfjK7wvYPDhOQmo2Q/Q/ecvlM5DiXe/ADHD2LkNLqYxAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKZSURBVBgZpcFfaJV1HMfx9+/Zc9QtO0unOMdasEibGf65SLOCJWRX4p0gCCVddBVYF0FEF4Hsom668jIN6iJJvYgoRoOMeTBdEoORf2rqJseca8ftHM+e5/f8ft9P5+JcSJA3vV5OEv9HwiPc+/HlqbnRPeIRnCRq469KJiTtwjQo0+uS3lzVtx9JNG+eRaZvZfa9TBWLVpGpa+Dgb85JYuHnYa3s20+oTZGsXE/6xDZW9e6FjtWAoaJGdrdCNncZv3CVzv5h7k+e5KlDky6lRaZyVh1dWrP7c5ChWKdYvEBafhHnUvzc15S6trJi82FQZP7iJ1i0fbQktPQMn6tb8QBkFPOnKea/w7JbIAOE5X+RV7+ief0jkJEvTCOzCVpS2mQCDEUPVoAzbLmC6yhQzFDMUMhBkaRUJjSXNgK1lDZFAwnMo1jgkggsgytwyjl2tUotzzm+SViMWDSjJaFNJpCh6JE8kgcyoInIyUJB/7ohDp86AuZQtBItKW2KhllO0vk0sTHJBxcvgcbwFvAhsHHNMwz17qKePeDt2xf4tNR5n5aUNpl9tvT7F0e7h45g+W2CeV577g2ijGgRQ1QXZ3m+/yUafpm3Zs5NZ8eSFSltfQcm3p39ZsdR19FFefNBsnCaKOPW39cpLBCsoIgFS3md7U++QqNopr/cGM9SHqJo6xvTP9xLSt1kISPEwIbyAMEiUcadxRnWru7l8ux5zv85fsUHdjpJPOzGl1u3JKXy1Hu1u2SFx5snC57Bni3sHtzHxEyFsWujkz7wQnVEuZPEv/1x4tkNivZOkj724eObhpm/dGb6UH22Z8fA3u6fro396o091RF5Wpwk/suV44Nrow8fmw/vH2jcmYnWsW7ZYmluRIG2fwAIBqNZGcz/tQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJnSURBVDjLpZLvSxNxHMf9C3rqw6QHcVaIKHVEKQQuVtuaOrelbldTj5mrliQjYUtreqUrbYaObf6k9oOmTAIz8TbS6c7FdqPChBCLIq64hz0+Pn2/MaI6C6EHLziO7+f1eX8+328RABT9Dz8/+LCJ5CNUnI9YxHy0TeLDLVJ2xixujBvj6TEd+U8BHzHT+ahF4MMUn51pcmYmjMRG0EBsBPROLmDkOZ9RWPXW0rsKcGdcnHvczOQ/fitFNCDsiMsIDeJAylvLpLw6ITmgliUpyoWpeC5E8egggbiE6EY4EF2ITkQzomRlSMsnBtTxXRJcFLPTjU50qB5xo1B8vVCMU3QgahKMypkc0IgyQT7SImXGjbi77ZeuP0awPjOBZd4Ipmg9LN9SEslBrSQfIWSROL8eC6yFwqsFWfuFOQOENydAN6mC5zcVRIJRywWZqWaR8zXgEZSFwo7Wp41AxRrAsXgFJl+Ngm22FWo8VVDtxjv8Q5D2G9A96/ESSxAGBI0jT732QSA/Asy6Cx68vAuetBuOdpfLBamROnJtVC+sDGvxNe5HnMKRNWMKoCMUeLh+aArqoNJRBmX2Upi3n2yUPaQX987Rq8O1QnJQw7N9Z5xLPaeJRZeCwJFvr7qgousIfMr6YWftPrBuLcy2Hy+WPWW2/yyJiLOMWsTLYvtUEo5c3nkYDtkOwpfNR/B1KwTvlnsh1lYlRVuOFf8m+Bvz16rNK0Pn4f36MAhvpuED9xAyQQvcURLbexJg5jpOmNm+OthacMHbhR5IeQ0Qs5I7exZgntBkU8hU+XmpV4lGILdDVMU+/P87L+2y1u3sopMAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIbSURBVDjLjVPPaxNREJ79Qena1EO6u/GQ9CiFouCp5FQQET0KQvBQbA/tqf+BCEXoyauCl7KFHkoOvYimUpToRTyISVtsliImpCwkLUGqxvzY3bfOvO2+bOgljx32vdn5Zr4336wUBAGUy+V7f96/3PVaDnjNKty17DkYbZ1KpVLppu/7n5nbnVDAh7NXK3Bn4/tIaFVV59R8Pm9ns9nV8aOClZhCbwDguu5QIGMMiGn8rGlamCSXy80ggxfMXAAFPPj9qXipkizLHBQtSZJEQsFg7KBgTZroZGEArWc7TSAchXIA4w+sPdQH1xAMDGQgeXD+4aNIQODZjHaRILT9Wpt/Q8wwA3X/rXVVD3glkQD3h7V/vGrA8Bvz0Rf2AK/F7zRQoY8qIAPn+TLczx/xRPF709nzPOFHayeTyfkBg29vrEkj5BkFPdlu4NtHugH4wYUSqNBaziQGE5hXifXgMVfh115RdHr90TUOIkPNBZtutwvVahUURZFlYuA4zmqzsAl/v24BFhQSRXJFDYvAlUoFUqkU+VmMwSLIyKC1W4ypwISRr9PpgG3bkMlkQNf1YRXkL6+thIlN8y9PIDGgygROp9NgGMZgqOIqEIPa0yV4sPeDgwlIne/1etBoNHhV0zTjExn+Cxh041bl3c8rSY0PCzWIgGQRCxpnSlKv1/m+3++HSaKGLV2fmp9OjN122u7JxnHrYNTf+T+76nzVPsi2lQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKqSURBVDjLjZNdSFNhGMdPqJU3QXdCQXhT3XUdQqS0rNR2sRB3YWxMIyxEYtM22MJKY+kCo7ESgi5CK8MgWrimTN1xm24izuWGKUutOdP5se+zj/PvPackFxW98Ls45zz/3/s878uhAFA7nFGPSKo6HGZhp4MlQKhzJISd44lK7Rhb0kw/2l27Q87D+XY6tR5OYCOaRCjyg/VwEt5AGOq3S5B1zcVPXXu376+CSq0tvh1jMLmcIaTh+MxgdD6JZDqLyUAGd98voUxp6fmroEJrS3CCKSKY+pLBxGIK9AID/2oUXGermzEINKPpPwpaW1sLK7RjzFaUwQzZbWYl+7OLFMyzMRg9EWyR0c7etjISiaQwR0DCMkKEHBY2icC7wuIjEbiJyLWY5scYmouTbymcu0NDLBZHRCKRjBeQoKC7uxsulwsXO+wIEYEvyMJLmPmaxTQZxU66sJJRQkRwoc0Oq9UKuVyO8vJyASdwk4VgMAi1Wv1fcLU0TaO6unqeEzCZTAYcTqcT4XD4n9hsNuzUNzU1sZRGowHDMDx9fX3w+/286HccehXoy8cwWFaAYfERfHreBqlUCkqlUsHr9fIYDAb4fD5YLJYcRh7IMa0oQcKoAzs7gNiLG3BePwF56VFQCoUCZrOZR6fTwePxwGQy5XLpEOIkjIdVQMtBoL0Ya/dPo6d0PygyB4xGI49erwc5Ex6lUonGxka+zcGyfLCT/di9Nm8VwUzeUw0NDdne3l5ewAVfvX6DoeGxHEyiIkSfkmsnoWQzhQ3C4tU8vCzdC0omkz2pra1119TUQKq3I55gsL7NYI2wupVEIJSA+9k9jF85jkBLMb4pC7BQtweDVfls28kDH3L+Baneka1/PIF6wy/qeMbRpbyJfuFh/hZMgrzlAUGeist8B7UP+hUJif4NAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJGSURBVDjLjdJLSNRBHMDx78yqLZaKS75DPdgDDaFDbdJmde5QlhCJGxgpRJfqEEKnIsJLB7skQYQKZaSmdLaopPCgEvSCShCMzR5a7oq7/3l12RVtjfzBMA/4fWZ+MyOccwBM3g8HEbIdfCEhfAFnLVapOa28Uevpjrqz/WOsERJgsu9Uq5CZQzgqrJfo9BajNd5irEYn4p3OUiFExtCLmw2tawFi4l5zUMjMIau9u7K+qxeoAcoAA0wDb2OPwmfA16LiiaOHLj1edRLpkO3WmIis7+oBDgJbgQ2AH6gC6jY19N62RkcctKeVIJAhp9QgUA3kJXdONZVcq9JxPSgQoXRAyIDRth8oAXQyKdWnoCKrTD9CBv4GMqx1WGNZkeRWJKbG2hiD1Cb9FbTnzWFdY/LCdLKlgNQ84gyNKqHm0gDjqVHnxDHgA/B9RQkpaB6YklkZl62np9KBhOqwjpKFgeY2YAz4BESBWHI8Hhs6PVVSvc3v98ye4fP7T676B845nt040ip98qpWJmI9PWiU6bfWgXGN2YHcKwU7tsuc4kpUPMbU0+f8+vKt+Pitl7PLAMDI9cNBoB0hQwICzjqUp6MZvsy8yvp95BRuQUjJ75mPvH4wYo1NlJ64Mza7DPwrhi8cCOeXl/aUB4P4c/NJxKLMvpngycCrzxVFG2v/CwAMnguF80oLe8p27cQh+fnpPV/fTc95S6piXQDAw7a9YbWkezZXFbAwMx/xPFXb1D3+Y90AQF/L7kAsri9mZ4lrTd0TcYA/Kakr+x2JSPUAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAInSURBVDjLpVPLahNRGP5mcrWZhGgaLEwtJFJJqQEXgoKIkKBkKfoAeYKA4M7S4kLyDF34AF4eIIOQMC7sooqbECExImnSGgwqTTtmcubm+Y9MSAWh0AM//7l9l/9cJM/zcJYm44wt6Hfa7XbdcZwCD9i2DcuyZsEYm8V0OqXcKJfLRcJJVAIH3wmHw3o6nRab/m3zZYZCIei6jl6vV6xUKg3hgCtuJZNJDIdDRCKRGWgeSP3BYIBEIoFMJkOiG3y6ITWbTaGeSqUwHo9P2KVSCChJEgKBgFCPx+OIxWLQNA3dbrcYJHWyTrXSpmg0KsJXn3dC2XVdmKaJfD6PVqu1ESQlwzAwGo3EAfmb6DAp+2PtZxUTy0Ap+QSR0DkoiiJcEkGB2GlAIF6SsCzL8gkHE2WK5fQaXu1v4uHiU6iqSphCkFSpVgoioCCCL6nXXJlfoWuD8TX1/CrWlm7gyDTwvP8Im+pLUbYg8IFkNZfLidz9xXB3vQzH4+W4fA0eDg77yC/fwjGb4PHbEq449/8S0A0QgW+XwhwxAe79+AyLu7C5G8uxMJ4e4dql2zi2fmN38gJBfqJarVYrzb0ykc20CduxcTGxwsGOIPt2uIcLyhI+9t9ht/Meq8PijvS/z/RgO+ua9B5cBtNmuLy4Lt3M3sOHvR3UO2+GzEbxoOp9kk77G68+k43rK4UFvVPfZ64At2d/4TQtuyUZjhtYmLhO9nvV++rP/wHfnZcUJl+kcgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJOSURBVDjLjZPbaxNBFMarf4cFwb9AIgXBR18Enyw+i1gs4g01kphSlPjQeAtNzNqGNLVpNCGhEvBS21Rr0ZIK6ovFiKbNbXNpdpNsstncUz9nNiauErEDHwMz8/1mzjlz+gD0UZGxh0hFNPAf7SXa3fUpAKparVZoNpvbrVYLvUT2YbFYTEqIEjBAzZIkoVwud1UsFiEIAjKZjAxJp9NgGKYL6Zh3UQA9UK1WUa/X5ZmqVCqhUCiA4zgZUKlUQC+xWq1tCAUM3v6+74hu2cH4eUz6OcwFcvgYEmUANYiiiFF3Aq5XHIJRCeqHLOJbFcg5OW6Mqm495fL2NznYl7OwveYxsZSF6QUHEpIc9+eQgOvuFL6EMjC6wrg4GZZfIwOGbazX8TaPY/qAr5Ms72oOBt8WknwVem8KWmcCY0/S0E1HcXYyhjNMBAYH2waYF8izl3I4eGLqmjLjz9by+PRNxCMS0k0C0c+yMDjj0MwmMOGJ4+Vqtg0Yn+dwf5HH/sG75/4uWzAiwbfCQ+dMYSGQxdhMHMPmMFY+8MgX623AiDu9+YAADg35LErzHU8SGkcSI4+T0DoSuGRnoZ5mcdIUwdC9zd85OHpjQzP+nMOVmZj4NSZBKNVh9LbN6xslnGai8CxmMP+Ol81criwntgugZTysDmovTEXEUVcKV8lt520s5kjJvP4MTpkjyApVXCZmvTWKRqMh6w9A5yO9Xy9ijUgZCi1lL/UEkMUf/+qDHtruAn5BDpAvXKYbOzGTsyW5exWAfgrZQTt3RFu//yfHVsX/fi5tjwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKASURBVDjLpVNLTxNRGOUH+Av6O2Dp0oVdGEE37EzcmHShiRoCMWqDJiQSI6QjREtAHilQU0lQ3hawjEUM2pZSOn1QHi0M0GmdDp2+oMf5LnSsj503OZubc853vu9+twZATTUudcGgoU6DUUPjOYznd4Y/+dXCCxpqW97JJsfnXW7ZE+bX1jcknz8gLa0G+dHFGNdkT5mIQ9zfDM7FF4dde2bfRlQQkzIUtYjSaZkhky0gcZCCe9Uv9M5EzcStmFQMaknsD24quXwJdNTCCVJKEZKG4/wJu1PUApZWvIp1MkQmtcyA+qLYVLkiPpILOPhRgJg+w146j0Qqr5vMzLuFO0MitWMggzoHv8NRbDo9c3Fcf+rSce3JIkND6wJaBkOME4ztw2Jf5khLBkb39xBPPVNUEjnXJL1qXMphN5nDrCeJBrMTcraEw7SKvpH3PGnJoNG7ti7RsJKZIjOoFsYOVNzu2cD6roL6xx/ZXaF0iiHbiERaZuDx+ZkB9U5x57xJRozsZ5m4/tEs3rpFZrB9lNNSFNHXP6gbGD99DfBpJY+MWkLX9A4u3xtlxIGFBBNffTiNKw8mcP9NkL1MOJ6GxWrTW6izOSPcdiKJchlMuHWosuhRUcWzsRgz8MQyCCWyKJ6UMf8lAHP3hD5Ew93hI5PTtSJIco5NmYQEaiG8l0WbYxPfojIrENGqd74aEG52h8+esbJIljGfeXzWpYipY0ZMH5f0NLRMVDkcT6HDOqw0WyZ/LVL1KrfbVswD9nFh2RvBtiizmVDPgS0JUy4f2i29QlPnh79Xufoz3erZMrW+nuKed/Xzlpfd0otOTmrrsPLNHQ7uBhf892f6n+/8E/bIBuJgfmmXAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJsSURBVDjLfZO9a5RBEIefvfcuucRUanGiJkYjiNoEET9II0gUsRC0sbASO1G0MVhIiCL+BdoJYmOnjYWJQsA0QRBRYkBUJESJ+dJLzvfe3Z3dsXiTS6LowDKzC7+H3ww7RlUBCJcuKrv3IkNDqAgaAtF74lIuHT+OPh9m3YtnhlVRXC5Wi3SVMIrkdxHUef6MFYAXVIRoLVEkB4k06uI/AIUGwHnUWujoIFhLtJZgLSHLMF1dxLSOOvcfB84PmLnxG837a7QcaoJisvRukDTDvRojOD/wT0DTyYlJpFDze8612aZ2QiigkmEkpVSfoFx4VDOHw+SfAKOq6MODB8A8cd3XK9Y1E9OfSPYL9RkqDkxCc9nQ+uHeFF5PlS6Pja6dQZA+2XW+YqWFkFYJLheqd8QsRaqzpPNVsvbTlbgY+v4aokbp8eu2E+uLuVAciCd6i4oj+jqyMEddWsGGnr9nEHV91AT1GVEcGjxRcnFwea5+GqP6Ypxsempj6C1OAHd7B+XO0hA1/0TiG9YbJziqn8eJUmPfuSs0d+6h/nZw6/uXQ7eGjpZ+LbWg88bXIIa11sWi3jEzNsrOI2cofxrGPDhL6+fHbOvYkKjRK7mD4EeK1fFTrriZGNwa6yqOWKtRrnTCiasrvfdvIolmW+6gHu8UX9+fKpmUQqkMMaIh3wlUMW2tpG+eQv8m7DXDj2uGhe8zhES/meVtdDe7LiAMuO7TlaxpM0EialPwKdV3wyzMTrNlg1AsTLI4I3z5ngSf6Y0GACDr23Eg1qQPH3uimvUEUDXzURj5KHybm/16IgmmIyT6VeHesUG5/Rt5eNFI8xvNdAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHxSURBVDjLpZPLa1NREIe/PKhSNK2g9UEIKqEFRSgooi4sCJqCuHEpduEDwZU7/wGhu27cdKWoG7WQrsSgKAV3SnFTAqZCW22xlAbTpL0xyb0z4+Ke5mHrqgMHfouZ3/lm5pyImbGTiLLDiG+KsTfLTRQ1wwARwMBUUQPRUIvCoxupSIcBwJF9XRiGKRhgaqiBtZmowtxKdSuBmGHmChTMDDNH44xUDVVD/G1aEAkRMUPVFW5q7TTxRbcamGiYaKCqmOIK1FEp6fIzDu36SSwYBO53biFQUDFE1NG0tIqSLE1yOr3KicwdMse+8HW0f7iDQANFXI8tklAnN3KcS03TM3AZ70eORG8KS61lcw+O320aBAGIaLP/dpM+8vSeuopU8+zen6QmSxweGuwOvNJ4y0AEkbiburvdwlWWgz780gLRWJFI1KMrUYRalY3leqyNwBBxxW76Cb/AmdgE3QcEDXyiugbRvZjf4NurQi1fqNxrIzA3g/D2ZH2K/uAdA5eGsMZ7IrLOzNsa5lUxhYW5ys2Rl/PZNgKlsFh1g4OLBz9x8kqGRnGceLyHmY8+r5euU9xzHgNePD+bDffvHsy/Z3Fy+HN9ZdS8wjWbfnxh/cmt9Mh2efH//bJf88UPlfLU0epv78/s7OrD20+/T2yX9xfxXpKxy4ipWwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKOSURBVDjLdVNNTxphEH5YVhZFRCCNmB6UYmgIRSJJD6QcS0QTT7145NT/4KUXY4yJHjzzB/gDJl68NE0IJCbaA+GzJBQBQ1RU1ALLbmfeAqmJTjJ5331n5pl5Zmah6zpYSQw+n+/z4eFhxuv1xuhb5rehyqFQKJJIJFLsw2+jOHEpGwx6i72OjvB2ZQW/T0+hbWzgDf4J25TjY7iWl9E4O0NvfV3YPLpukAwk7GRRFFhsNgwGA0zb7Zg0GmGXJKFmcjFbrcI2OTMD8xCYY6XhHWZZRq5cFk75YhEagXRmZ9GZnsbAbEYunxe2XKEwBsCIYwnQbJT95/w8ip0Olii7m6hJFKD3++iqKn7RWSZ9p2kI0flI9iVAkv+v4IPTCb/FAr3Xg0pOGiuBmQjo/cQEvHQaSJX7ezwS6LiKdDqtq6r6qvb7ff3p6UkoC79xDMfKeEG63S6y2Sw8Hg9KpZLgfnt7i9XV1dHIxyK9BMDBtVoNVup8MBiE2+3G1NQUKPNYR0DPKuBHzn59fY08df3m5gZXV1dYXFwUQLRkcDgcwm6nKYXDYcszAOKKZDKJh4cHxONxcXIlqVQKzWYTG7RcMjW70WjglJbN6XR+ewbAjpVKBV82N7G3tyf4u1wuBAIB1Ot17O/vCyBaa0SjUVSr1a+SPiRDh3Z+fg4LjZFle3tbVLRJYJFIBGtra4jFYujRiLe2toQP7Y4iKrinuXZIKJs1k8mI1T44OBDd50pGoEyJ8+3u7ooKLi4u/ggAbpjRaJxhfu12G99PTuD3+0Xpl5eXKND6KvSvLCwsYG5uDhptIyViWk3xN+7s7PygkX3i+93dHZgKNQgmk0lknqV/gu+tVktUwDTortI0Pv4FgnWCE6f7EysAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKDSURBVDjLhZNfSN1lGMc/7+939ORU1C0iszwSG2duOFqNBQ2meJUoY4MixiiKiCCGMMauZYJ00252uYIuRlsgKJRsDLE/VBIhu3B/knVmInpy/jnrpB71fX+/99uFO3KkrAfei/fh+Xx4eJ/nNZIoRtx9Vq6xCTs0hCTwHnmPJOQ9ya4u+PYHKkdumSKToCQURVvFRXBLUhRZV4oQbBO4aBOIYxTHBOlVyt6Y3brL+/8RWIesJdi3D8UxiWN5glfrYM8yQToN6+vI2v8U9JrZLGFTE+HLKcwLqwS72wmOGRKpFP7X35B1vTsKktev9ZD9o5epacJX1gga3iKofQ2lsmjiAXow2Vt773ZPKWMk4X5KVUhhWl6hF/j+5z5U2+IHZUcvQFCOnf4SNzD+tVrDi1KA9yJ2hYX6N+enjSTs9/Uz2tXcIPFkCiKoOw67Usg9Ri6PWxonLswjDN457PIUNrf4jpFEYcCc8I4vwgMfVSUaTiM7h7eP8S4HcQEUgUlgEtX4yJEfu0Zu7O5XJDljiouUv2r2+pih8v2n0uHzJ5F9hKJV5AsoXgMTEuWyzN3sj+0yPYcuq2/bI9a8rQxJjqz/Pjjo/7oPEtIG8hsgiyHk0Tf9ObdBRxH+xxTqTmvFVFQOu3wGGUAegwFtLhEhKy2faHjHMQKIpzrL6l7CmASKImwuiynbTVBeQ/kzzzbeuWhaSuu3/YWlwacrvGgPaw+Q/+USS6OjGQw/Vqb3vlu9v41k/UFyD+c6gTv/2kEcR62m6sWKhaHzLHw3eiVyHG7+WO/9OZHpmBz4bNauWdZX6dzesrR1Zj7l/Uwfk3fP8XppXhI/d1MzcobPb5ziXmn+b0pcjPW7AMpFAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKoSURBVDjLpZLbT5JhHMdZ1/VP1Cqrtco21kU3zevWVa3NXOuuedVmoU2jUR6CoRwcw1SYHIzJQQxBUXgLXg6Ga+mIwkBBBp08pYGvEOa393nbWC5Xa1389mzPnu/v+/t+nh8PAO9/6p8FBoMBWq0Wvb29UKlU13ihUAikAoEAfD4fKIrC5OQkxsfHMTo6CrvdDovFApPJBL1ez70tl8vI5XKQy+UxXjAYxPb2Nkql0h8rn89Do9G839jYwNzcHGQyWVoikdTzaJrmLrLZLKamppDJZEDu0uk0PB4PkskknE4n98ZqtSIWi3ETicXimgoDr9eLcDgMl8vF9/v9sNlsfCI2Go18EqOvr49PxEqlkj84OMjlb21trao0cLvdiEajHINUKsUxIM5EHI/HQTmUmKcFGHqixezsLHGHUCjcv+sXRkZGUCgUMDExAZY03+FwECf+sNWEhLs2vZq0YMZeZ+zv7ydi/PaNbK6W6elpJBIJEDFxNpvNiIdUWI4bUS7M4/XwFbwKO9DU1LSz5x7odDpCGj09Peju7kafqg1R62UUl50ofujC2oILkaGbENxp2PnrIr21Xdr3xnzRsPLOimL2AehHZ/Ft1YoZbQ1kwutfdzUYGBg4ypJ+rFarCWl0dnZCIxcgTTWjtKQHM38DdMcZbGUasZ4ag6frwveI4tyBSgMWVgs5FQrFLalUuigVtzWwTi+/sOC2Fm9jM3H1ZyXr2ChyZPxKhCTVwkoDdqdb2LXkFiUSiWBM14wM3YXSJzXnvpmsZSNUcyeTqgfz8Snohyc/+0Unju/K3d7eDpFIhJD8/DqzsoDSGoXiEstgyfJL2VDOx5B7YcSz5iOWPQGy460EO04zgbZTDOvEsE6M7/4x5vm9KoYVMdTdwwzVeIjxCg4GfgDxYPxXmKLFvgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJlSURBVDjLpZNrSJNRGMdlr7qat+zKaoYhjqYphRCWCtKFoCj60CeRpDB0djHUSMOZm0JhGEmlNhczXXunDgy7TNcVcsjGpk6dNsiJyyjWNg3ZnJfef69vMBBkFn34wXMu/995DocTBCDof1h1cvBJnM5RTsBVyYLzBgvfigjopbGDfyUwK+Nfu2RsTNcTDO5aAk4RC1/KQ2BqjetbU+AiOZip/xNyLndQSeCHmMBUIQFzTjDWFDiu0O0qzmJKU4OvPSmYuETAXhKM8WshsOYR0NZlRAUUtOXt+Dk99hYufSu+6x7D8fEAnLozmLEq0V3M8ww1F4QGFEhz+Aa3QQmHsQPeQZJGxdRuEwnp+SRjwCs0FpwIf3guwfayKBE+owxzI50M3oGn0JbuQW323vE7uac2rSpoFB6Pll/M0FjEofDZe2Go2ocu0VGG5dpjUWOEXpPlp72X5h/irhBIcrNYNunp5s+31gFTWmCsAfiQDWiOgXq2H1Q7H1TPSVCfmjBaHY4HFzJfNOQd5vgFZGHmo5n7bEBfQlPMBNGVCqgTQZGxWGjhwivbCKorHb/UybDf5UFekE76Bf3lu5ccz0uxpIgBOvgMlGoXPeZhvnkbHY7GbEMYnHVseKQb4OquQF+JYMEvMIsElFsroTfQL/TqCBYVOzHfsh0++RZ4mqIxJ98Kj2wzc7qtJhLTb6pguJ5A+QXDLZfLTGXxi45762G7TUs6BKtirWZjWByG/opkH52pWvEKEyphRK8oLan9aurkgCSGslRHYVTCwQjNkDgSpptcqrMwafZd2cGUyTZhRMDf+C/8Blefvm4GxFC9AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIsSURBVDjLpVNNaBNREP42Wck2MVUilJr+YJC2KG0kViGWHsTSS0HBg+DVq+hJkIJXD714E8FePHnKpdSDf4EebEJOBq1NSbUNiCYNRmPSmHSz+/Y587YpCB4KGfiYx5uZb76Z3adJKdGNedCldU2gp1KL/53BcWyChJTsBaEN2xYQwqaoRWcblmVB5+RweOKgkHcipbMPl4DPTNLxjsMxgY2NpEvAZpq7qsANuglukdgv6sBVZBhBUtByCVxmB37/cQwNnUezWUW5nMfw8EW6t7C2tozx8avwenVsbq6gWv2q7m3bhMe2rQNmLi4UMhTYo+IL2N5OodGoIBK5pJLz+SQ1CYFrhLBIARHwUnhOvmCr10vY2kqh1apibOwKAoEQSqUcgsE+jI7OoFb7rnK5KTfSHaelNusSQQWFEMjlXqmkWOwGBgaieJq4jy+/dlBv1rFn/sHZ/lPwCxM6y2D5QrTVUiYnbypp7XaD5J5QseX0c5S1Ci5PxzEYGsHK+hIyn97B+OlA59lcBW1ks4l/Nt3B6/dvcX1uDsIjcO7kLJK5BOITU0gsvYDHNE21UZ8voGAYAfWJGD09vaSiF5X6DxzRjuLambtqT/dmFnG6LwpBM5OCFs37Um2W/y4pTfJS/XncndX9JoL1YhofiquYn32GhTe3YHh98GoatMO8xvid8MPByLEHU9FpjPTH8Hkni/THVXwr1B5ph33ORLJA7jYhSNglPMk8Ls7/Be/8gsufCT5oAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKMSURBVDjLjZNtSBNxAIcHQt+rL9GnlU2FIigo+lJRQTYGoaFRDd/Y1IL81JhzvVqaiEQZEmn2omtIZdr5Nh2lc04v3ZbOLRVS3NR8g9nci7ebk193Z16uQXjwfPw999z/7gQABIODg+eMZXJ0qsTQZyVAIBAc3SJCdnzQYrH4B0gTrGQ32jPiEQ6HtwQnUalU2wiCyOwoyUVvVS7a0+NBUVQEgUAAfr+fx+v1YnV1dV0QWWCAThoXJdiQbODz+RAKhSILdA9yYarMge5yHILBIIda64JK40I+g7LWCeUbJxQMbAUv4Av61gtaL8aBpmkOdqwxLKKWoaZrES0dDRjTXsIPohhDL8+iMk94jy9ovZ+DnmfZaEkVcXaWzXd9UVeNuc58eIZbAN9P/BquR09pojuqoOmCiDsgVrDxKMtTBJZGCkFPN2HOUIYVewPCThNsr7LpvwV3s2GskKMpeR8/vvHaifK37+B23MbaigkrE9fhHsjDqEYGR81VSE+LUiIL+gwgzsdyAvYMPNN6LNkLsEaRCIxngJqSwjuihqsmCUOmNsTExBzjC5pvydH9VIZGSSw3nh7+iDlz/p9xOijXFSw7bmKiSgLLlw+Yn5+PfgsWpqBBvBczdgKjeiWTbQQ1KUNwKg0epmT8uRgWYztmZ2ejv8TmAhm6HmehLkWI721q2HRPMNOfisCkFO4hFcark5ixjhuzh8wL/i14X3oG8DoxVpWCTvVu9DJ37X2UCMdXPRYWFrD54gsUCsUereQAGtOOoEi+HzRZAbq/HP3Fp1B/TQRrdzPsdjtsNhvMZjOsVitIklwXsCKWTNGOk3cO7SpMPb499DAjIfy5RBz+VHTim+TwzuT//c6/ASolxdSxQ5KqAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALhSURBVDjLdVNLSBtRFL1vZpKYTCQdUZNUMGahJbTF0roxG7NoqXQZKG6EQrV0Z6kLF0pDDSguxO7aRejKLLW7brRgiSWKVcFgq2JDSUJsYmKi0fw0M+m9Aw0KNnBnwnv3nHPPeW9YtVqF637r6+sDlUqlX5ZluLi48Ltcro/X9bHLBKFQyIGAONYZghOtra1NtL+6upoyGAwWXDMiWYvb7d75h+EugX0I3MamPWwyY8nlchmotFqtTGvn5+d7WNt+v993hWBra2tMFMVBm83GSZJESvtY5lKpBMViERRFIcJ93LegFa6xsXFwenp6jLACPZCVSyQS5IWRotlsFjmOI++qisPhoHWR9iKRCAQCgSqSc1cyCAaDEyaTaZRUKbiTkxOIRqOg0WjAbreDIAgqYaFQILuTIyMj6gQMA9rAcZuxRIvFIuXzechms0S4gv89Op0O0Ja3q6urm8TQKiwtLWWRLI+YQwEf99rb27mjoyNVlRSTySSgBc/U1NQXUvH5fLS2iAJAfU6nU0Kb0szMzE2OxiJvSKSOTipGoxHQTu14qYf2MUy1BzMDmpTssNnZ2Y10Ot2MY4qdnZ0SpY7HRj5XEOghMJb3AYt3K2ufoJKIwZm2TtnTtp2uaTrCtRDn5+cnrFbrKClRYHQKsVhMVWxJboIpHoQOlxt09ttQDC3Az+VFObu781olmJube4Mq4zgBOz4+ViegohOhsfPv+sD57BXow18B4t8ATDcgLdhgc2H5t3oPMAMFA2J6vZ4uFYTD4TxOYOjp6WFEAOkDqLPYAZ4M13IR3lqBV1hbzYLX6/VlMpnnGM5hQ0PD/fr6+s3e3l66lZAcfyQ/fNrHi9HPUC4moID9pzkedsMQr30LHo/nBb7u4Oi3MIMkKvO5XA5SqRREpLvlHyuByp+SHnK8BrIZBr/iTEbp9+x/n/PQ0NAAgvvpiBlj/mHN96Z85uAlLzObzFfjiPrweKEy+RdV4845vRqFoQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHcSURBVDjLhZPZihpREIb7JeY2wbcQmjxZbrIQ5nKSIYQ8gyuKOwqKihuKKy5xnJ5GRzteTIjTp51e+HPqDDaKSy7qoqvq/+qvYykNBgP0+310u110Oh202220Wi00m000Go0rANKlkHq9HhzHOYr5fC4g1Wr1IkSiySRQVVVMVhTFhVCOu0CpVDoLkcgyNdM0StTr9eZms4FlWSJPwEqlgnw+fxIi0dRdIxe/cMuqYRgw2SO2v9OiNpvNUCwWkcvljiASTd5Ztm0bJLa3GvTpZ+iT9xySErXpdEoukE6nDyAS35Gt12vRZJomTP0R+q9PYPc3MB6+C9AOMplMyAXi8bgLkWq12ju+I9M0TTRtnzp45pOZ8g2G+vMIMh6PyQUikYiACEq5XJb5jmy1Wr1C/vQ55CMM5XYPwr+1hKgPh0NygVAodOXuUigUZL4jWy6Xx5CHH2B313gaXcOxLeEimUwiEAi8PXhRvp+czWbZYrHYg3yAfvcFf6e3eDE2+2KPu8J+ZDIZOZVKMbrEV0gPz/df4ViGK/b7/R73EU8dRyKRkGOxGKNL3P3EJOb5A/FZAEU0GvXyl2Z0YKPR6KT4IoAiHA57g8EgI7HP5/OcPOX//V35VC8XvzlX/we1NDqN64FopAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAI4SURBVDjLlVJNaBNBFP52d2J+tB5iGjFpvUgJtaVGhIA/p+pBsRcRD4o38ejdQ5F66C235CKYg3goCh4KCh7sRVoETQwGhBhFCfgTG9GC2WazO7Pjm9E0S7CgDz7e23n7vvfeN2PcffrjhpS4KqQ/5vs+hA9w5YWKJTj5AQQEl3Tuv1i8PJEDGfOlvHY+N5LAf9jCvXcz/ZgRmy5efn+HOnPqwuGR94Q38HTWz10/ugjPE+EAgdTBpYNX/qm77RApFxgQqKXJllbXty1iooPwzwac6DjOHs/ADRLwPwTKLp5I4v7aV1w4lkSn09FnT161Edl8g6mZKdRqNXz8NIKItFEqlQ57nveBeURAQoJZwINn67AsE49W69jDNugmBBKUG5+cRCqVgrqlRqOO2TEbnO9+2Wq1VvQKSgVmGTiXG8Xy8zai7mdMZ3OIxWK6SIG6IZlMaujRGUOhUDipJ5C0BTOBh5U2TQB0u11dzDnXxZKmGPYKruvC9PjvgxAVzh0ZRYQZW4Vqhe28qlFTMfXqlFmmQYJ90zH3DfR6PR0Pdw/GegLVTWtAK5w6lNBihkMmHMfRPw53D5KoCUytAX1M79+FL9+7OLA3CnvTIS0smKap0d+5L14oFNKemgu6Bbl2c+lt1hX+TvXCFCZ2AIlKZatzJpNBPB5Hs9lEtVqFbdtaJ8Ito88ctGKxuI+Sp9WIBDOdTt/OZrMol8uo1+tzlNtQxITXfyUYtvn5+VkqWiGcyefzj4O5Xx9ItHsmdOWEAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALtSURBVBgZTcFLaFxVAIDh/5577jwzj0wSUmqMtKIiBltbbJ1FUCxVoQu3FrHGVRU3BVcKrkTcKOhCUOtOAyJ23WIQtFawpoooZWKJpnbsNJN5PzP3PO5xArPo93nOOfasXCgfAz48mE8UhzpiqCN0FLFrog7QA+qABVpAA/gC+FYyERlz/NC+qeIbT85xt4GKckMV5Voju6A09ELLzXqfi38PTgLnJBORMfPZmMeectsSeB7SA19CPBAsxgW+EAQ+PLaQZH8uXTj/S+UDwYTVOitxmAh6yqOjoR1CZwSdETR2Yadv2fPm6i2KB9IszQZzkgkVmvnLZcuP21VeO1rgs+tdAu1YOZxlKiHw8fA9iADPdvn5nxa/3epUBGOH39sqjETu2UJG4oUwDB2RcmRSHuevdtjpWgZhxEBH4KDaDflobbNrlVoRh97demHpgfTth+5J5ZpNw5kjWQxw6mCa7aYlk4bPr7X54XqfkfGIHNjAYpQ6cOH1x9fEw/cnP13M+Ik7bc3ZYxniMR9PQCElObmYptox7E97XK0MscbhHJgwxKrQMiZ+v9Y9u3knHBUCn08ut6m2DQJHe6C5WOqQl4KbVcXR2QSxwENbS38wNEapLmNi4/0Hv/r3zxvHN0p1YnGP1e/r4ODr9TbZlKBTU7xSnKG4lCUZQKMfYkJVvfT2c44xyVjKr6lpEUI3g3UOPIE1lu6O5aUTcyRjPjhISUGttYtVYYUJuXxudRZ4p/jIvZx+eoHvSopmz/Ly8jyJwBFIkD7EfMimYLM8xChVZUJapU4Ap34tbdHalfRDh7aOUHsoE2FsROQchVyOV5/Zx3ZjiFWqxoS0Wh95/qlHk2+9+AR3sw60dSgDOPj4UoVUAL3+EKt1gwlptd7arnf4cq1EfipJPpsgn46TS8fJpGLEY4K4FJxenicuodbsYbX+jwkZGfPNlfWNhSvrG/cBM8AMMA1MA7lELAgSiYBsOkk+m+KPv8o3gJ+Y+B9yFXCQeyJWrQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAEPSURBVDjLxZM7TsNQFERPrIielg5FFNkVy6FhN6wiG4hC5AoJVkAR+84MhWM75FNRcKWRXnPP3N9bJOEv0fDHWAK8vn1NZSghAgUsIwcpWFAlXp4fFxcAgIf7O5LgQBxskI0NPkLaz7pegRLsIdnOiUDyAHDoe90AiDnhzHVMtkJVbgDKlK67WkEG23QV9vt9bGOb9Xq9WAJUeXY7c53eBvVitXoiCdvtdq6gaoBccx3bsUMJJNE0DbZnQNcLaXnV1TpCEuR5iJJmQF/m/eObOvY/DNXT/pUQmwDj5Y4VkORCbdtGUrqum3Q4HCZVVTabTZLMh3QakkhC09y+9F8tnIdtdrsd47puCWDx77/xB7F6hU6PdBGYAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHtSURBVDjLY/j//z8DJZiBKgY49drM9J3idhLEtu+xjvea4nLNqsVspnWr2S6QmF6+Zol2ltpq5QSlmcpxijMxDABp9pjkuMuu28rIpsMi3rLZFKzIus38mm6OuqRxpf41nC5w7rOJd+i1ngnUXGLTbj7Tsskk3rbL8ppZreEu7Ry1mWpJSvHK8Uoz0TWK5U/nYIg8y8rgPsl+l12P1WqgbTPdJtk/AtoWb1CkBdagnqyyWilawVM/Rw/FBQyx540ZGm/eYIg8P43BdYLdSZiEcYXeTJB/TaoNroH8q5OldVIhXE5SKUqhXSNRfZdKvPKVkOrED+L9d/8wN998w+B4XIL40I48K8FQf/O6+7In/7mbb35hsD2qjBKNDLU3ExjKb7pi1Rx61ke89+6fwBVP/jPXXn/HYHlYGiMdMJTe1JJc/PgHQ/X1xQyplznBYuFnmRiiz062nPfof8DSJ/8ZSq8/ZzA9KIEzIQE1Vvuuf/6fufv2M4bgsz4MxVdPui8Cal4C1Jx/+RGDPqpmTANiz7MAvXI+bO2L/5ZzHvzP2Pjif8DCx/8ZMi/fY9DcL0FUUmbwPKkg3Hr7T+WOV//95j/8z5B6/jaD6l4JkvIC0J9FTtPu/2dIPn+PQXG3BFmZiUFzbweDLH7NVMmNAOGld33BRiNUAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIESURBVDjLvVO/a9tAFD5ZdWwZg11w2iR1idMhxhm8ZOlS3K1rlwwZRD2EQCd7KIUOpmvoj7E4BBxElw72kMFLh5osBkEp3fwXlMY4TlRJtk4/7kffqW6wcDMFevDxTu/u+/S9d3cS5xzdZMTQDcet6xY6nc7jIAh2AU9830eAz4BP9Xr9dH6f9K8S2u22IL8rFovb6XQaEULQeDxGuq5/A5EXjUbjdMFBt9tdA9I+YAewWiqVbieTSWRZVigg5uVyebvf7+/C9kUBUN7P5/OvM5kMopQiz/OQYRhoZj/MpVIpkd+r1WoJyB02m019XmBH2J1OpwhjfEUEN1fRtm1UqVRipmk+6/V6ghYRCCHIruuGfxQk4URE8S3WJ5MJyuVyYv40coywsT0cDv+cbSyGHMcJhRRFCcEYQ5IkoWw2i0ajkRA4ifQABI4Gg0FYyszNV4AMeDQr4TtAATwEnEBjDxeOsaadvYnJSGEUYRFdj2PGmTLxOSaEKZ7LMCVccWzy8svBJo6U8Pz458pWPlF1A97aXE1UL2zS2rgbr54bQevBnXj114XfKkDevPQO/pIjDuofz94TymU3YNQnXMYeozRgUAKjxGdyABH6KLsOfaV/2MKRt7B39OPe+nJcPbeIVlheUg0j0AorS6p5GWj31xKqZRJtfSOlAvntPPnaq/xfX+NvE6ltVjnyz4AAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAChSURBVCjPpZExCgIxEEVfZI/jGWy8gFewX6w9h7C1V1iwXRsvYCN4DUEEJ3HzLbIRF4zNZsq8/+bDOPH/zZgKVABHASzdVj0vAp6A4bH60CBEp5s6iV9TZZWAjULO0rqvFekbdq7QQUQisFZKG08Mw+prMwL2JUOkJwIr2Sd/cSMgGdqyIZVcDIbUJBDqR+6QgFPJAGcA5spZz32A3eRrvgFwMGHf7+AlJwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKrSURBVDjLpdPbT9IBAMXx/qR6qNbWUy89WS5rmVtutbZalwcNgyRLLMyuoomaZpRQCt5yNRELL0TkBSXUTBT5hZSXQPwBAvor/fZGazlb6+G8nIfP0znbgG3/kz+Knsbb+xxNV63DLxVLHzqV0vCrfMluzFmw1OW8ePEwf8+WgM1UXDnapVgLePr5Nj9DJBJGFEN8+TzKqL2RzkenV4yl5ws2BXob1WVeZxXhoB+PP0xzt0Bly0fKTePozV5GphYQPA46as+gU5/K+w2w6Ev2Ol/KpNCigM01R2uPgDcQIRSJEYys4JmNoO/y0tbnY9JlxnA9M15bfHZHCnjzVN4x7TLz6fMSJqsPgLAoMvV1niSQBGIbUP3Ki93t57XhItVXjulTQHf9hfk5/xgGyzQTgQjx7xvE4nG0j3UsiiLR1VVaLN3YpkTuNLgZGzRSq8wQUoD16flkOPSF28/cLCYkwqvrrAGXC1UYWtuRX1PR5RhgTJTI1Q4wKwzwWHk4kQI6a04nQ99mUOlczMYkFhPrBMQoN+7eQ35Nhc01SvA7OEMSFzTv8c/0UXc54xfQcj/bNzNmRmNy0zctMpeEQFSio/cdvqUICz9AiEPb+DLK2gE+2MrR5qXPpoAn6mxdr1GBwz1FiclDcAPCEkTXIboByz8guA75eg8WxxDtFZloZIdNKaDu5rnt9UVHE5POep6Zh7llmsQlLBNLSMTiEm5hGXXDJ6qb3zJiLaIiJy1Zpjy587ch1ahOKJ6XHGGiv5KeQSfFun4ulb/josZOYY0di/0tw9YCquX7KZVnFW46Ze2V4wU1ivRYe1UWI1Y1vgkDvo9PGLIoabp7kIrctJXSS8eKtjyTtuDErrK8jIYHuQf8VbK0RJUsLfEg94BfIztkLMvP3v3XN/5rfgIYvAvmgKE6GAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ6SURBVDjLjZM7aJNhFIaf77/k/9OkJpBWjSWtaUEREVEXL6uoiIOLULCigyi4VRy8gHQo4uIsuIhOOuigCJKCLWpx8kLRQqFWhV4SQ1PTNGn+5Ls4RGlrq/jyLd9wHs57znvEvafvbmktTlZq2g8kq2VWfl0HfJe7Z4/v7gVwtBE9xw6kWn3fF0LY/EtVDUrWefxi/AzQAFQC7XmeL+4PzVFllpIYI73hO2G3iDSawnyYT+Mxmsw2HBJcOpFGaSF+Q52aBMuysQTUrCzplu94oW8UgxJSSRzPozOV5MtEhHioBa1XduUAaMCyBIHJE3Ln+LFYJFBValIiTRnP8ygHYRJhC4NZMZglgBAYqQlUnaoMWKwH1LREaUDUMVrhWAJjVk7VAjCmAfBppVSOYHAJtCKQCiFClEtRoqFN2LYFRqy2YEzDQtRuYyqbI+bP0BSx8IRkodBELpskGevEscSqzThmOcBdz6bwLibfDxKPTiOUwq220t7VQ9RPorT+MxZLHYzNnkNpjdKaLUGefakONDAxk+P5whW2f5xj6/gko7fnSTcnmjN38pcPZeRNxxiDAI40ggWAveMHlfIs/swILfvP0TOcYV39DVtOX8VLb2dxJGONvhroHzjolh2xRl5VOI4KxwlauhoJzDxgz6le/M9D8LKfpliczR0ddmHM9Dq+K4roemznhr0gxC+U+f0AeJvP4W9Mw9GLS977kthabHZCjnj4aHBiX02ZHcasfQOd0URz5cMzK/LkAsFilgpQmrdRNtPC/K1qmV53t/WFmiPXUgnpONYkpbzka85W9aq5/l8AgOHu9svlwvR5W4kOZZspA7cPZ+SNn/95GW/b/Tx4AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAH4SURBVDjLlZM7i2JBEIUd4/kJu7D+g4FZxjXSRFHQwMBsMxFFE8VEMVEDhRURRREDTY18pAYKirHJBAui0YJv8fp+jme7mrmDjvtsONzuqq7vdp2mJQAkbHxgemR6+os+MUmpRpTkFfC42+2E4/H4cjqd8CuxPJLJZPw9RAQ8UfFqtcJ6vX7TfD7HbDbDcDjkkH6/j1QqdQWhcUcA2rDdbrHf7/mXtFwuIQgCRqMRB2w2G9BPMpkMh9wAqFgUAahgsVhgPB7ftPTqyd0VgLXxtoHm1LfYymQy4Sfp9Xq/B7zXJYROQn5Mp9N/B1xCqB3yhED/BSAdDgfuC0FIfwSQy5VKBdFoFLlcDpFIBJ1Oh3sgxuhrMpkSCoXi/uYas9ks4vE4BoMBut0u6vU6X7OrQ7vd5rFms8ljer3+2xWgVqvB5/Oh9fyMcDgMg8EAi8WCRCIBr9fL5xSjHEHcbrdwBYjFYgiFQhxAzmu1WlSrVbRaLTQaDRQKBR6jHAGCweD2EnDO5/NwOp0cEAgEoFarodFoYDQauWhOMb/ffyaA1WqdiW/hM3N5zXp8sdls9GhQLpdRLBaRTqfhcrng8Xj4nGKlUunMzF2wdr6LgI8EkUqlX2Qy2Vd2zJ7ZbN7Y7fa9w+E4qFQqv1wud7D1mmKU0+l0P5RK5cNPtqSTQgo+48AAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKZSURBVDjLjY/Na1R3GIWf+zV3JolJ40iMptZMGrGtVLoQpK66qagLV0VwI3XThS4EQQQ31Y34F7gQFOqqdCMtdGGCRXAhQmskgVSNmYAOmkySmczHvTP33t/vfbsUkyl44OwOD+dxVJXNSWfHJ1X0oSqjKuKpkKjoPMK1/m8rv38wVtUt7cx81sre3VWN51Tbj1Ub05qt3NXmo92vNm99ekStDPifHILuWzB1yOq44TbEyOebtz0BYkGSCk62AdrFdpYgcbFmq+7/PFBs8x+ylftI0kbiBkHxMGLgIx8IbjhGMPglmiwjQR+igjWyFZDM7B1U0XkVGVXBU6uJow6m9S+mNod229i4RWHiYG8FsXLFH7k0Fuw8CdoFG4VZtEj84hqFHUfQ/DJeWAc12IxeAL3sjxwH0wTbBNvGL4yQRet47jzaaWGjFoEzgs16KFgDSISaNmiKJKuQdjBGyA1NovkqNqyxOrtB5S/D4u1ArKcV4ObRKXPDFyPYaAG78RRJV9DkDd7gBDZVktpzNI5Ye9Ygqo1x6MzPhKUDTmd2as/8o+nrT84WJlybKU5QxCuU8Pu/wB/4BtRiMiUc3kdu+y7e/F1l8rtT5Bcf4vxymr7yPcb3Fp24Zn70rREc1yWLF9DuOzRdIRw7gUnvkUVr2HoVUxfyoyU4cfG9+9VdSJvAtxm/ddZmTuW3fYUEw6DjxOtlvHA7tm83+Z0H8IZeEj/7k/4/zpF0lomBVtNDC07Hu/BD4VM3N3jMzQ/g+A5ZWqO1+pJWZeFB4/Xz+vqLpzt8vy+qvqqGbuCSeRGNdaW87OEPuVNO+ddiSQw/iZXvreVrMcyJ1Wmx3Dp4vr4EsHR7uFSby9/ZKK8dISKnBdKg6D0e2J87+x98zpgrhVsXPQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIrSURBVDjLjdNPSNRBFMDx764aarTaZqmb9mcXDyaF9IeS/kBCUR6kbt3MU9gxCjp1iujgpQ4eutS9SxAUS1Barm6EYnRYTEPNpaAtbXPd/f2Zea/Doij+wQfDMA/mM2/eMKgqWxk/29p0vXyQLcbL7u518wFVXV6kUim11mKMYWk2xpDJZEgkEkQiEWKxGJ2dnYGlPaUrNd/3iUajAKyEVZX29nZUlXg8vqqCVYAxBoB348WbWQUrICpYC5cOGVzX3RjwPA9V5Wjd/LqNhOqtAcn0TkQFI8UKjAUR5WqrwXGczQGAE/W/15z+OHmd5EyOJu/axoDruqgqA9NhrCpGQGyxF3nf0FDTzIj7lCt9fRUvbk4X1gBZ+xdV5UxjhkfDXaj4eGLwjCESbqK57iQLziKf08ncud5w1fvbc7ll4E6y58C26nIuawcighGPCy1dWBWsWATlR3aWww2nyXmF4Mj3geyR+8HwMiAiB4NlJaSyX9ijERzjYVWY+TOBLwYjPr71+ecu0Np4lpyfD36cGvwTBLiVuBHCBt7uKqvhTfo1IoJjHIw11Ib2URfaT31VlLKSCnbv2MvobIKhb4n5vMfxUgBrbI81ohO58cB2L0Q8/Yq8cXg23IsnHo5xidW0cCp6kU8zg/RP9mttZevY0N3RsSLwvPwhQADIYxlnkggdq57rQ+EJgWAFQ1+HOOZ2BMJztefXfKbNInovsGilpLIgNvrrgU4t5f8DTGqAX1cDO6cAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHESURBVDjLY/j//z8DJRjO8F3q3d9ypOF/9b7y9x7zXAXQFTpPcaiv2VX+v2Bzznv7HlsFDAM857sJFOzIuT/hRO//wMW+81E0T3JQAGls29f8377Lph6rC0DYfZZLQOfh1v9tB5v/u0x1coCJB8zzW9+xv/1/xOKw8zi9AMPBSwPX9xzu+h+/KhqsGOjcgMZddf+rt1X+t26xNCBoAMS5eUDntvx3meDYn7Qy7n7rrsb/9h22/XgDERkDbS1o2d3wv31vy//+A73/S9YXvbesNRcg2gAQLtlU8H/KoUn/e/d1/89YnnafYDSC/T8vcH/ppqL/xRsK/tdvr/0/6cCE/9MPTf3fsr35f/byjP9Zy9L/5y3PeYnTgIBJ/g1+E3wbfPu8G5IWJR7o39v3v3h1wfvIuZEHnJudGhwbHBrs6+0aiPKCe4dbQ/XGqv/Ji5KeOzY6NBDlBd8pPvtzVmb9z16Z8b9hc/3/CXv7//fv7vtfu6Hqf8r8pP9J8xP/A124D6cBbm1uDa6tLg0g54bNDD3Qs6v7f/ayjM9BUwIPWFdaNViWWzZYlJsT5wW7WtuGnGXZ/8Nnht23rLAkzgsU5UZyMQAcp633iiwCvgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFESURBVBgZBcG9S9RxAAfg565DI51uCBocpGhoqM1VaAjByXAImvoXDtr6D4JAaG2oyXtpKJGEltYcGntDErEhEI3kvDP7fb+fnqcVAAAAQAeg39XLqsVcyl62bTw8AkTE5tqb8WHOU1MzzUFej1+uR4SIzeWPOcu/TPI7JznNecZ5ngcrEa3YnJ/7fHehY6Kqqiq+eedgP7cH4zZ6dxZmnamKoiqGnpjTXcxj2tSVq/4qGkXRGOlrfDcvK7TJ0qypoiiKob5G9cWsukSHoCiqamQgiiqKoE12p2YUxVBf0aiK6ybs0qbu/HJZMTRQFEWjuOFU3aFNnn06vLCnr1EURbHq1PF+ntIKXiz/+fDTFV/90HHNTWdOTO69fU8rYH0tr7rzc2YUF8aOx3m0NYJWAPe76VmttzK1bzsbW0dAKwAAAID/tYu/URIDsoEAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ0SURBVDjLlZNbSBRRGMe/2XRWZ2/D7G4sSuYaKVurhMZaIRbm6iaGERSSbz0EPfTSQ4j0ZNRLQq8WPaQgPfQaIWmUJWwrSYolkW2ul7S0Rrbcy+zM7vQ/EovJ2uXAj/+c833nu5xzhtN1nXKN+h6Jc1Sqma/fhPHn574cpG2GYTuDt9quHbe0U0vRiZrqXvHZfwXoHqnTfaZWg8ceII90jPy7mo5W9Vjv5fLltrZwa6RJLzbVkstWQys/FiiakEng7TQ6N0iD7x4vhK+mSjb7522NmFb56PRqKF+OyYLbcQQlFtCT8H0aW5ygHUTiX1uYX75WL690C/PRScwyZDDoNCtPU1vlKB0ueGBpvXy76o8BTpUmu1x5CpGWT6Rn0CMrk6fIdIQcXJwaSjMXfjuDqampXk3T6gGpqsqDMq/Xy918eoaUtEJriSjF1QQdiHcmTjYcKhweHo6nUqk5RVEIumrARs3pdHoQzIOFKzzPc8Fg8GWj2EW1+qX209IN8lPn2d0OoXBoaOiuyWQSksnk9YqKCg+ClHGhUGgPx3EfYrFYMQLIYB9YgnEnywTc+I5Ai6CfoS6wZjQal2RZfmTw+Xzh9fX176jgExxaYBhHBr8gCJPQgNlsfg1thr6FPWCz2Zg2ut1u1sKLjXcwiIHJeRhYBeXQZWgJ9COrAMyyOWDrTpyTDCLovm3jFpDhzqYKJlkGq9X6imUURZFVFJAkaQLzJugbBGlGgCUwln2J/f39KgwWOJWy04WWQ2fAXvAezm6wCFzIvB9c7Ovrq8u+RGzIAwk4068ryoJNWdh149ApnU4/zPkv/Mvo6OjgmQ4MDKR+Apt6owU5Oz7IAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHVSURBVDjLjZPLaiJBFIZNHmJWCeQdMuT1Mi/gYlARBRUkao+abHUhmhgU0QHtARVxJ0bxhvfGa07Of5Iu21yYFPyLrqrz1f+f6rIRkQ3icca6ZF39RxesU1VnAVyuVqvJdrvd73Y7+ky8Tk6n87cVYgVcoXixWNByuVSaTqc0Ho+p1+sJpNvtksvlUhCb3W7/cf/w+BSLxfapVIqSySRlMhnSdZ2GwyHN53OaTCbU7/cFYBgG4RCPx/MKub27+1ur1Xqj0YjW6zWxCyloNBqUSCSkYDab0WAw+BBJeqLFtQpvGoFqAlAEaZomuc0ocAQnnU7nALiJ3uh8whgnttttarVaVCgUpCAUCgnQhMAJ+gG3CsDZa7xh1mw2ZbFSqYgwgsGgbDQhcIWeAHSIoP1pcGeNarUqgFKpJMLw+/0q72azkYhmPAWIRmM6AGbXc7kc5fN5AXi9XgWACwAguLEAojrfsVGv1yV/sVikcrksAIfDIYUQHEAoPgLwT3GdzWYNdBfXh3xwApDP5zsqtkoBwuHwaSAQ+OV2u//F43GKRCLEc5ROpwVoOngvBXj7jU/wwZPPX72DT7RXgDfIT27QEgvfKea9c3m9FsA5IN94zqbw9M9fAEuW+zzj8uLvAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAL2SURBVDjLfVHrS9NhGB0Evy/9HQlZmmbe0iabspbbwJm6IKnMLWND2dzcnKDb3CJyjpy3QR+MgoxMV06HNl3iHBO6qDkjvGVlgn5Qt1yOCD393l8X8EIvHHg4z3nO+7znZQFg7Yer/ATVp4xbcavjowO6hKin5vSKp+4MdZj2ANFXcZKiB0M+Kx9TnXK8e1KBQIsYQ/WpoSFLGvVfA7cqnhrQJoTGbAJMdylpqDDdrUHwWQ38jiIM1KeH3IZ06lADt+YUNahPDPubRAg+VSPQmg+POQMvbmXC11aEye5aDNsL0a1PCz9Wp1B7DAZ1iZSnJikcsOch2KNFoK0Aw3c4eD8zzaDfzMGQrRDjj3RwWfLQcTMp3H4tkTFh0QFRdEDhQEs+gk49vWohPLe5ePP6FdbX17G5uYmF+Vl0as/BaRTBe0+Bh1XnYS2IC1uEsRRryJAyHmi7+OedEno4G1OTb7GxscEM/8X83Cwc0jTcV+agt7EYrdJM1HBixll0snyPJX3H1y5Bn5G9++njwr+b92P58xJMgjg0XT0LPfvYDg3+7wAN6fzndWlj9ru23e3tbUas0Wig1Wqh0+lQXV3NcJFIBDZrA3Sc2BkyfOAbrVbr1traGlwuFywWCzo6OmA0GqHX67G8vIzGxkaGo3thuVxexWazj+4xMJvNWw6HA3a7Haurq1hcXMTo6ChMJhMIPzc3x3B+v5/RCIXCBlb5y5L4672XLhc9EA0LlLwdbbUWE8EgSktLiQAymQzNzc3MFqQWCAWQyAu3iEmluvI7ix7+quy/gdqRSogq+DDVmxgDsnpOTg68Xi8mJibg8/nQ09ODbB4XdV41s4XBZACLvnnkgp3zJcOYPJ5akByVlcl2iUFJSQm4XC54PB7EYjEDUnO4HIiKhSFiIC2T/tyTwXH6iESiDzabbbOrq2vd6XQyb1epVMxPkJpwpEc0RLvHICYm5khWVlZCbm7uklQqjSgUiiiNHxKJ5AqNbLr+RjjSIxqi/QVm6pQnUTAFywAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHXSURBVDjLzZNNi9pQFIbzA+YXDP0zLV3Nb3E9a3d1JQh+g7oQLaKCimL8QGKiMdF0OjUTjB+N0fi9Ghim7aa8vScwglBKabvohZfccM95zntObjgA3N+I+2cARVGuJEnydNjief5LpVLpFAoFTyaTufotgCiKtw8POizrMzaOjfnMhCz3kUgkbn8JkGX5utvtelut1telNYf+ScPHDzL0+yEW8wnC4fCT3+/3+Hy+nzrhBEHwTiYTvCRrQwma2sVIFXCnDaAqA7TbbdRqtcdSqZTIZrOvLwCNRsNY2RbGrKI2FN1kddCB3OtAFAU4joPT6YTj8cjas5DP58epVOrtGcCGZVD1+zuFJYusYh/9noQe03a7xW63w3q9drXf77FYLPCerTOA7b00LMMYYzRS3YDD4eCKksmBbdtYLpfuk5zkcrnvyWSyFAwG33DMzjUblJcNymDtfKMAqkbBlEwu6J0AJNoT3DRNRKPR6sVE2RUwCUCJq9XKDd5sNmfAixOaBbUTj8efLwD1ev3dbDZzDymR9tQSuSAgfa3pdOqe6boO1gJ/AWA371W1Wg00m801gznlcpkvFoutdDp9CoVCx1gsJjFpkUjkORAI8KztG+7/+Zn+VD8AV2IaSQGFiWoAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKrSURBVDjLfZNbSFNxHMcX9WLgQ1h0kXrp/lhQdjGIEotegiCKiiIjjSx88SEpzZRIpWKFnGmCOubAS1YkmZlpXnLedtrUIpdTJ9N53Jnb2cy55fbt9z9OmQke+Jz/4fy+3+//rgCgCOfik7qjRD7BE3bCSQwQKlb7Xx9ujCQ4wv9Jb0H/qIRh0Ycxz19YHdP4zI+C1UKayCUBIXOdtmkAc4EgrBLwpsuN6l43Ohw+eEkUIFiNaZh2IWQhgGMFlx/y4yG1ptmF0vYpGF0BBOkfNZAC8/VQCCcH0MchImBx+KHRiTCJ86JavReqLyIGpyGPYIJeHmp9jGCQBQSYV+69nuZX2yuhqNmOwiY7+qzA7wlAZ/LQdGbhmAUECpBoKM45wE3Uz68JxwIMRosL6rZJChCg+irgPS+hsnWQCWyM121meMg0RqMxTQHGsTkYLRKrG1iA+MP6h3oWUEjmVxTSafaw4jgRHWI8tTweN0v2oarHJdNnnWEacTFA1SiAa5hAfoMNXUPLA+6UHcejmku4ULAHZZ0O9IYFGAwjTnCNNtlcQekmMYgU7THc1RxGkvoAEor348Hb86jsfoHUqrM4pdwCfti1OAV5EduHvDAKwOgMYHYDyZoYvOM5VOvzZWN5txLKhlSodXm4pY1HTM5aCvjILW6jn7ZGoD365QT0NuAGzZeZn9enILcuGY9rE5FZcx1ZH5JQ0JKNK6Wx2PlwlX/JQbLTdhntQKsFuFy0FxVdSmg7nkHdnofibzkUchuqliwkak9jd0aUMzpNEbHsKFvdQXynEZwr2I4zL7ciTrkRsU/X4WrJEXDNmUjQxJN5s/tE1r31K14mfkTCT5sP/eOz6DG7cDA3CtfUJ7ErfdNkXHZG1LLbuMJ1ZvA70iO82+6vxoY0xZpw/T9xhOmhB93shgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGdSURBVDjLpVMxa8JAFL6rAQUHXQoZpLU/oUOnDtKtW/MDBFHHThUKTgrqICgOEtd2EVxb2qFkKTgVChbSCnZTiVBEMBRLiEmafleCDaWxDX3w8e7dve+7l3cv1LZt8h/jvA56vV7DNM20YRgE/jyRSOR+ytvwEgAxvVwui/BF+LTvCtjNwKvj/X8CbgXPOHMEZl559HsTu93uPQi7jBiNRgMEx8PR0GIxRB+y2eze2gqQeAXoSCaqqu5bpsWIdyzGvvRrBW7rdDo2I6ZSKeq7B8x0XV/bwJWAJEnHSMwBDUEQWq5GfsJthUJhlVuv11uckyiGgiH2RWK73RYRb2cymbG7gnK5vIX9USwWI1yAI/KjLGK7teEI8HN1TizrnZWdRxxsNps8vI3YLpVKbB2EWB6XkMHzgAlvriYRSW+app1Mpy/jSCRSRSyDUON5nuJGytaAHI/vVPv9p/FischivL96gEP2bGxorhVFqYXDYQFCScwBYa9EKU1OlAkB+QLEU2AGaJ7PWKlUDiF2BBw4P9Mt/KUoije+5uAv9gGcjD6Kg4wu3AAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAK4SURBVDjLbZJfSFNhGMaf72znbGfNaTRboKViYQUqmFp0IxVEFyMpoaQVBCWhV3kRdBPdCN2kiBBRgURdpBddCDIwIYoILcwyJEJiC8tIJZuzze387TmLxGxn57dzOO/3PN/75xOdnZ3TlmWVkYW+vr5K5LlaWlo+6LpeaRhGLBqN7lkfc1O40zTNh+Ria2urnc+AYocecmxjzE2hh5yku158ocfwSh5ohg3NAtqKb2G7Hzh3ecxNcRPZu9FAovA9uU1mXst31ZS6rEq+oGqrQTWOGrVQ/a5qmvaJ3CdT/2VAYYA0EaNQfocXqQnUu7ohmVUYWTqBqUQ1NO28wd1Pk8J8BjqJM1gd8gANW/xIaB34la7B0vJRzKwUO/VbxFkT2mggIpHINA0eMxgO95bXKcIHg7/J4bMooGFaM7DZr+DbwiqEBPh9Lli2wM/kKp6+ndvvNCdAmkOhUO3Ilbk150BjBocbq9Bc58fw+Fdci/wzPTx4tgjLEq8cgyQZisfjRtX1oX0qp6CbwPzzcSytGLnFoxPzCB8ozb1n+EljfDGhQQgLEjurkAriGs/eQNKMweICSRJw8VTopoXu9jruZsMkLAA+t4VsNotkSoObQpkZVBCxfgpeWUImq6Nr8DPoBYNGFnFOmm3zn7dPZgYULpNBIjtTOM6T4wt2wOBuWdOAS5KZqhvMh08XhRINBDg6jtfIZVBL8RlSfihYZitCha6WIprWhUxhe7iAZppz5nK72qzb61Zw89EsfiRTOQNq9XuKovQ/uTq/1mVzt1OvzIpX0T95CUHfDmYhYTH9BW0NvXzzIp3904MYDe6kUqk3AwMD9X8NTnWN2eXbgJB/BUdqG1GklOSSSGRKsHWTAZ/CUygERK4hea769tGXu0rVg0WeIqYcYBk6hGVRYMISaXycjWEhqeM3NCmjdDDSuwAAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAADCSURBVCjPvdCxCcMwEAXQAxcuIoIFAUMgqtypcyXSqBIYNy4M0gSZQBNoAm2QCW6DTOBFbg1HTo6QyqW5QsU9vj4HK+wPHAJ88uhxDiuMwaFFk/qksUOF7cAJnmb8+rKmFXiN8sxgpomBwb6A7qUe7e2vw0Tj4qKNJvaLLkDRhRoS+QdGcpxQwml7pRaxpiowcGQZdHilVssoyu9VhsjAkmGgsCEZT1Rv/RHuH2BTqYa6xKlQmqPIda6ekGA47tT78wZ72Oy4vOPLEgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALDSURBVDjLpZNLTBNRFIb/6RMqtEDBFopFXiFGIERYmKgJUXBFQly4gI1LXbghcYPiI/JYmbhxLQvC3hjjQkSL4SnvYCRUCNJCSwSq0OnMdObeud6ZBIzB6MJJTiZz7/m/c89/5gqMMfzPY/tXwkYkUmkRhOuU0nJCyKvs7OyXPp+PHu4LfzvBSjh83+PxPM5wOs1vSZKQTCbjsizX1NXV7ZmLBuBPMbOw0LsVjzNVVZmiKIwLGQewRCLB5ufnv49NTGQYeZY/VQ6Nj/d5vd67BV4vOAC8IjjEqA673Y4stzuHi28buccAoVCoJ+D3dwZ8PqTTaRPAewf3wHwfHBwgx+OBRkjnMcDq4GB3FaX3TrvdZkVDfCg0QtM0c52birSm5f0G2O7q6vY7HF0FNhtofz/02VlTbIgM8ZORdvS+v4bME04kRRGpVCp8BFhtb7+ZUVralcF7JpOTIJEIhIEBYGjoV2Wiojj/DDpeNOHT8hJSothkjnEsGHT6W1qUYGsrtOlpkFgMOh/Xw+Y1MKpCZRQqhxTlVaK2+CI+fn2Hxc0pppC0+8OdhGhLWq0lRQ4HGDeHRKPQueOUB9FVNFffAGU6qE6hgyG2H0VN8QWIqizMRkb2a3ssebYfsqzK8Tj0RAKU93YIMI5siDf2vkDTuYm6Bo1qOEgnUXfqEkRNskytj+5ZdkRxI7y4uJRcXmb2wkLQVMoMhSgglMDnDsLvLkGhpwx2ayYKsgOYi45hbG10R1LRYP7Kz3Jz8+srKuYqq6r8mYzZpc1N3GqLQuFjVHkrMlFZef5Z4XzZVcxExjEcfrOtElyJ9bHPR3fhaVZW7kmX6/m5QKDRIwhuhRsZkyQ9Kkmtbbu7r6t7LKmG4GVXKDy8peqmeOXYZXrkcAgeq7U+02JppIytqbr+tkNRksZe2QMhRXWrS9Zp2bc+tn6o+QkxLL87j8znVAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJcSURBVDjLpZPtT5JhFMafrW997I9rscA+FFu2QRurtlw5cQ4InLpwBogIPNFSiNJ4C+JVkj0QTBHQKFPQlJfwlanY1tXz3ARkn2jd27Wz++yc33XOvd0UAOp/RNGR/X5zeH9rOlTDVKAK3fsqJrxlqN27GHPuYHh+G4rXRQzZNjEws47Hli/oo/PxNsAU3qvWT3/gX3TPuHrWBhiC30nSktXDtKLB1NI4NKkxqBMqjDByPFkcxNBCPwbCfXgUeEBq705m0AZM+qsk2e3hau88W+4ANOy+XPLFQrkrcbW31KkOYJx9rBaAOzPR0gVHW6x593q9cDgcqB6e4sZoogMYdXzD0ck5ZhfLsHGKVfAqVoadKcMdzcLr82PuwwZCoRACgQCWVzdhoK2gaVpDAMNzWzhkAXamQpze/I4t13w+j2AwiFwuh7W1NXg8HmQyGSgUCshkssuU3F7AQf0c84kK3n68KFc4hXQ6DavVCqlUCqVSSdaIx+NQq9UGMsHg7Ab2jxtwp5rOvqUqia3CUqnEObWn0mp1KBaLcLlckMvloPpfrhOAl230/SGLxQK3241CoQC9Xg9nskKk1emQzWZZkBZCoRBU3/NP2GMBgXTTObjSjI1GA8lkEgzDwO/3E4iObXY6nYhEIhCJRHoWcIW6b1pF7egMlYNT7NROUKzU8XX3GJ+3D2E0GgmAm4Zbh2s0mUyIRqMcAGKx+BIlMeSiYu1K/fbEMm4+TaFnJIHrSgZX5TFIZNPo7e1Fj9QOs9kMlUqFaw9pCASCnzwe7x15xG6/rUQiAZ/Px9/5XyhZOMVGKlOdAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALDSURBVBgZBcFNiFVVAADg75x777z50RmdDJG0phpTIwq1cqP9IBqlLaxNpYVSVIvahLVLCqFFoGEZQkQhgdGilUghaqRNIKgUZEmQlCBlmmOm772Zd+85fV/IOVuz7ejmgeHWxhgsRz8CCMiBnNQp/Xbln3w4XJ18/die9dMAIefssXcmjn326vIlMYZZmUIGIGfILl7r2Xfiir/OTbV//unM6Hd71k9BCbEIi/rKYtbpvxUxBAI50eSkrrNOr/HQwplW3FE6ni4O5rR48sFXDsz+dve6qQghhBk556KviKpIGSgiRSAEooBk3nCf9ffNMzbeGiiHhz6F8NSO1WdTHh2bNZhCk4Nl44+7fP2Sb37cK6NVzdCk2rplz9j0wEtaVandnbbpvZP1wbdXVSVOvfzI5ls7rT/9fvmMUyf3q1PbsoX3mG5q7XZHMmp8wdOOn6ulNG3VbS2hjDVEbPzw64PNDXnc8NCwRXfNU8ZBl65e1m53lcVcW9a8b3hoRH9fob+vkkVCBPHz1w5NtZsne19M7LVkYLWZ/QPGF92i2+mq69ILa3caqFqqMuorCq0ySsgZiNBuHy6+//WIXQe2u3/OBk3ZceeSu031Jp3+45CyoCqCMgZlETWJJgHx3jduevFa5+NqxeKVchXs3P+WRxc8a9Il88du99WJDzy/a0zIQRmDIgb9VdDUGURsI5s4fcQvZ3/QmW58cuQjT4w9Z2TmbKM3L7D01pUyUiajKqJ6ugbliXfPz3/4zYnOvq3L+y9eq8C/1y/4cmK7691JIUQjgzeqIlUMIOWsN5VACXXdaBoARobm2rJ2NwAAgJyyXrcGEeqplOqUMgAAAABAWcZUN6mGEnrd5sJQXzFH6A3lnKNMAowMlCBnBqooBKkqwn9Nnc5DCSHkHWu3Ht0QQlia5UEAmYwsAxl0U0qnymgf/A8eWStYAg6kAQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAABlSURBVCjPY/jPgB8yDC4FilKKDfJXZa6KNwhKYVfQkPW/63/b/+T/XA1YFchd7fqf/j/2f+N/5qtYFUhe7fif9D/sf91/BuwKhBoS/jcBpcP/M2C3gluKrYHhKhA2MEgN2pDEDgEb0f5zlvXgVgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALpSURBVDjLdZNrSFNhGMf/Z9uZnjldy+lKKF2ThsqULgZdLAIrKTHKMLvYhS4fgiKLoi/Rx6LID0aIaRAUpQSFEcIMiS6mhoFmN0duVpo6azd1m+852+lZSeSlF36fHv7/532e//ty5eXl7yKRSCrhqqysNGOWU1xc/EEURbMkSY7GxsaMf2sqEqaHw+HbxOHS0lJ5NgMSR6kgCqbXVCSMIbaTu5h0qEKKVcSASTJYBDiSdB0LtEDZyVYVidcRmdMNFCR8S1QR9tf8DWFc8AkKjUGQBYPgRLagE4YExthn4hbRNeMGJEwg1hGSju/Ei/EOLFdehSJsgc29DV1eKxg7IFH3nYRuNgORcFLRaowBchO18LJjGAtkw+3bCPtoUnT+COFcnRU299zdJSu1Voz/eAYuNLA/OhubNMjaZDRDzWkgwYRx3QiQcgcRTsRNxrAnPxC3d/O2+YIhDzrTEnidFnxqqr0cNUggthqNxhzbmYFZMlBgZUYwY/++kmydfgXcvR+pCUN8wjxoExfqogZ+osHpdEqWCw3LBEpBDAOMAj1kqEaK3AellK7WmwswMVgHtYbDl85PEEPsZyg4tkpBm1UTJkLZNnER/rADkXA0e2BkxA1e4qBPL0Toew043gNeG4/YQO+w6B/Mzz3+wB414CcNuD8pnIBX7MG84UewxvqgSy9CaKAKCl4E86fB9bRtlI0GCpeeetL5e0C6vo+oJ/hoCkX0csxiGXbMeY7krC1gQ7VQqmVM+FPR39wakYKB7MWn2zv+xkidc0i8m0hbb0iVld3fkavawElcMga7r0GfrEbIvQBfm1tCJRVdsfZ+b9+UFZOBSNTwPK9pOjfMaT56uMw1RxHz7SXsDS3otLnx4p4NVx72nu1zBbwzMiKxg6j2eDxv6urquJ7PQxJ7/ximnDzExVkw0NE9dr7e+eV+u6uS/szP6QacLE/9gCVr5waXLjKqVmSYIPMTr4KukYOFl9468J/zC7f3tq13JhENAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHfSURBVDjLpZO9a5NhFMV/bxowYvNRjf1IoCDo0KFJBVHEVbeCi5N/gM6KruLi6KiDKA6KIC6CQwdtBxfRrUGHFlTQIlikjTFpkua55zo8r7aDipALd3keOOdwzrmJuzPMZF/cOPFXBMmRHJMTTJiJYCIEESy+ZQGqczPIDNxxd/AMDriBu+MSCkJmSA4CJ8Pym+UIIAs0177S3Wz9F3O+WGCiMrmjwM3pbrZ4fvo17kR237XAtcolRvdOA+L+9TscHB/HTGQAlLqwuHWbxa1b9JMVTBDSHRi82qijbgPXNsGEpx5kouYo+2jpI/3kCUudiwzUJBgMAoQAjf4ZFtZP0mq/x0xIYPJUQQoQLHAsX8fMeNk7y4DVCGKw0q7ytHmByx/u/lYgOVnJUbBomAa8azWYr5b50unRGZln48ccYzrH5/VTtHuTKIxQk8dUdgMEE/XyN2YPTFHJHaZWFPIan/KriEccqT5ExJi15FiwWCSTo+CYiYk9h5CL4NvIhSOmctOxCwgh3J3vauAWnc8GEzInt2+U3s1nuEWwmPlOByzthuSUSyV+XUDWTOAJxbEyhcJ+pPgxc/4KnbUFQOTKx3n74B5uQhI4JEkMMHl8ddZ3d/tfzH+aZNhrzDDk/ARfG6G/LNZPQgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAL2SURBVDjLVdNNaBx1GMfx78zO7Lu765qQWIPteqiH+IKCjTmkClIVPHi0pVDSXBT0sGhLUOvJl0OL4AuVBC+CLXpoD1KqweBBWFFajOChSTU20q2h6e66nX2Znfm/ejCJ8Qff6+fy8DjWWgCmz9f3AR/cV0pPhtIQSoM0hoEyAdAFmoAG2kAL+Bz41mNzRqmJh0fzk689MczO9YUphsIU25EeExK6sebPZo9v/ugfAKo7gZFC0gGgflvjOw6eAwkPUr7LvSmXhOviJ+CRsQy7irnyp5fW33e3AC1loWQilIGucAgkdDoRQQRBBK0B3OppAF4/e53JSo4HhvzhbSAfBiP7v5pHHZ2mH2kqJ2cZ+uxjwqBPNzb0IstAgAEc3eGna22WrgfrLoA4Ol2eXfrimZw3QDoeYWyRePh0GZ0/RdTu0o8NfWnAwkYn5sPF1Y4WYtoVR44cNGH01+iwXzT1FvVj76CApUNVxI2ApNNn77EZUrXviZSDsaB9jRKicv7lxxZdM4jm433jabO0Asdn6eTLOC7oQpnfX3gFfrmKnBjnnrmTuFJiLag4RotYA7gmHLyY+LoWmcounBNvYm81cLEkgyaVuXdRe+7GuVijPlPFSfpIren1Q6WE6AC42YsXvjy9e//EtdXbyHyKyqszYOH+946TKHiEbcOVuXMEUwfI+NDqxahYbCy89awFcAEWhvaKj6YO48WQaDTAcXGbDcIA1k6cQuaKYCHruTTaA7SI17eu501Vzw4Bbz84OU6veobvlgW5rubHTy6Q9i2+B8nEvxWysFoPUUJsbANaiKeA535eXqM98OjFFqktsXQQyqC0wVhLuVjkpadHudkK0UI0/gOkfPT5Jx/KvHH48f/9gLYgtUUowMLphXWyPnR7IVrK1k5g7WYz4MziMqV8hlIhTSmXophLcUc2SSrpkvJcDk2NkPKg8XcXLeWNbcAoda52eWWsdnllN3DXZnduVkwnfT+d9inkMpQKWX69Wv8N+GEL+AdfSH+n2ppttwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJtSURBVDjLpZPtS1NxFMfPH+Arwb+jFz1Q9GK+aLBXkWQvgoRehRDYAyxEY2StB8SILBJnWZY4HyhDrbR06YssW3O54dRNr7a2Zbq2u3u33bt7b347LhhqYlA/OJwfB87nd873nB8BoP+xPwK6i4q0EbLl3tC4MkRGdpCMzEsalwfIJvVR0Y4ATjZpwyToQSuMlR7o4gj05GtosQ4o01aIz0lIPCPTtgB9hMo0jwlG1MFJXVCjdcgKVcgETyETqoLytRGqcBepURNWuqhsE4BLLs4Nk2x8d0JbbcbQncNorzHD3VkOt/No/j54y4z07Dkoi61Y7iA51k7FBQD3a9dDtfyyE2qkOp8guCry/vf9RN6LHw8xpBaStxaRNrIXACyW14j3IfftGpSlM8guVCIzdxLpwHHIU2WQPBZOLkXy3X6IHyzILrYh3EreAiDzinKGPMp9XoC/7xL8/TfhH9hi/Q3w9dYgMbaHAQ4stpBYAKRfkKgnB/n184hO9SMZCUCMzW2y9VjE48SPt7tY3GYsNJNcAPB8vfpKLwOqIS5046euYesxNBXxqQau4ADSoQeYbdzQAs/Xng3YoMbuQQqchppa4vDahvQ1KPFpxF37WMBKrL63wd+wQcTEUyqJ95Cshp+wgBch+SqQCXdCk4LQUjOQ5x1c+l4W8AhSgSb46kmevEolmxaJl6M84TIjO9/EItVDmjzGqh/kknezL2XoWSR9jRC6LfDYqXzbVeblMPN8haTbiozwiKfyGMqXVsjBFiyPWfH5BgmfrpBlx88UfkhFS/epTnDQRKiJMHOb1vud8F6nOvflv3ymf7Ff4B/4xZL2LgEAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKcSURBVDjLrZNLTBNRFIbHBQujG1mauDEuTIysNOpCiDZKZINRSYwoLIhGE18LYxHjgigRVCINRlEjYqZqKChP8dVObQMptAhtp522MPZBQR6lLdLACG3n984NmBgjLvQkf+7m/t/955w5DADmX8T8V4DP58siYr1eLysIAut2u1tdLlcrz/Osw+Fg7XY7OzAwkPUbYGhoKJsYQ36/H9PT04hGo1SxWIyekUiEanJyEgQKm80Wslqt2RRAzCpiluPxOCJjI+jv1MFYX4O2SjVelZ+naq8qhfGpBp+7msmdMKamptDb2ytbLBaVEntQMSeTSXrx7sHtf1TjhW3wPj+K4bYK2J/sh7XtRoghcWYNBgNkWUaKQD7UVUF7qRj3j6ugObST6kHRPujv5GGcU2PG2QkkxhB3NsOiOSwzWq12dGJiApIkIZVK0XNxcZFKSUY/TWxCTCjHQrgd459uY55/jVSwG3zDGZmpra3VYakSiQRI96EAfzZO7EDMdQ3p+W7MfzmLqPUcPGwJnA2nYH7z4hmTk5OTuwxQmkPGBlEUEQwG4Xc0IsZfQVqyYE4shjRSiFmhDIGGfHS/I802GtcymZmZu5ZfV8yBQADhcBi8uR7jNvWSuQhS6Bi+ua5CfJiHsMsMjuOidIwZGRk7yCgH0+k0jawAhB4WwvvLJLYZUqAE30dOYIYkGa47gK+iEx6PB6TxFymA1GoF0tLSIhAQPr68BXdXGRxvazDaV4C5QCGi9lIMP85HJCTQHhGz8Zc/kdQqojUmk6lZV6UCZoPwPjoCrmw9esirPdW58PVzSmyZmHUrLtP1k1uSC5Z7WOjToK9iD5pObwLXrlXMKb1ev+Gv21iwe510s3hz0lB5IKmv3mvqUG/duNI2/gDNuAiQNZy2IwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJmSURBVDjLfZPLb8xRFMc/9/ebqVHvEkaiqTJCEIkNmy4shKY2FhIkliwk4ploV00jQhNLQSz9BSxY6CBNtBWbBgsh3lrVd3U6j/v73cexmGk7Kpzkm3Nucs/nfM9NrhIRANzZM8L2ndhsFrEWcQ5vDL6Sk83NyJNuljx9rKiKxGxR3SRVjd7a8tlaJDYsjHmAsYi1+CjCW1sGWTtXJ/4BCOYAsUGiCBoacFGEjyJcFOG0RmUy+GIJieP/OIjNFfKv25OHfpI8Og41Ed4LrhjgJ77huyfLd/4FSJx7MSg6yLPp/FJqtyIEBL6EMtP43Dvi1M28P6QHFwKUiGD7NuxFeEDmVlrC5Xg7CXYGcQXEaVAKnCHf3zbsYg6nT8jLP95AnGmj/nJaEisR+wtcCXG6ogI+GkV8gdSW02mTo+2vFbyNm8IluxCbQ7yuKKpII76IN1MEtWsxBZr+BnhXFwQJxJfARxXpeTnNaO97RvseUvyRWPMxm/gO3D7QZTvLAOdBLPh43vrsdKcZ7ftA8bNh97FLLGrcQelNV/3b59mr2f3JQlBewU2KmUbELLBe1sCzfjL7jpD61I26d5zaz/fZ2LA6FCUXyg6M7nETLw8HK7Yh1fZdOduJIql0I7RcnN+9Yz2hVxsDAKfpzPdfH/Z6AsIUIhZxFSd4wlWLKb56BB3riVoVU62K3MgYLpQhNfsbf95Vp5zhyrI9J9PJus2gBLEFXDzNwKNeCp9mqF/tSASDzIxZvo6EzmhpnwMAfLmh9sbTtFlNk7PUmQh0kUldoKcmXDdUmhpvCZ1qcKH8ELhzsMte+w2tS8iXJ5jooAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHlSURBVDjLpVPLShxBFD3T3WOUUUGYByhkI+50o6Bmo3ErAVG3Qvb5giyThets8gmC+DYQzEaGBMUnBhQRJAEXQuZJ8Mlodz28t6rbGY2b4IXqU1XcOvfc01UxrTWeEx5/ptbOssQzILVylVKQChCMkucagrA6JKTQtK+uJyc6Gg2B0npwvLfJ+Z/KH2Z+J+4VEJs5nFh4B3BLUhCrBILAzv1bmvvAbWD2rt9nCSRqCCIfCFtTdFjYoUVIwgQ0BJEc5UxmIGoJuGkTMeBPiQ4qq4R8MEpkhJSSyZhMPyQA/4XP33L6qhLoKGbW8wZnNwoG5zftennLYum8ot9+2uWpVRBQBTISc5tFsBmu62BxqwjPBb7sFNFQ52DlZwnxOOFeAe3pevihB07UArvguTGMv0rDo92x/jQoHyO9aZM43J2y2GNbEEJVCVgBt80Hv+5RJdLFFR0nZpAjwqXtQmh3LQGxcT9xkvymJ/WwIiEridajfVZB4oVXJeBbx+FSxdX98oOK2YMyAoV/lER/zrP9COsB0Q11JfH9sIzXnUn8IBwkfBzHp+dUrOYtGA+ohc6Xjcj9raA904CT/BXaWupM8lOhwssXXiR98XH6V7NPRHzDeEjyJTCPRzxJcHZ5kzdX77nP+Q6ZHT+VaotBJwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJASURBVDjLhZLNa9NwGMe/WRKXpp19L6WrdVsZHgq9aBF2cFDRDi8WxJPssqMXDx4H+xuGFDz1YC+eBvUgnWDc0FqoL+CmHlylthurdWqG7bY0zUvtL5CSxYOBh+f5/fJ8P89LQg0GA9ifu68XMzOB8INJ/kL8WKGwf/y5WW817z/KrBXtuZQdMBRfuz5z+emcb4E97LvwtXsG3aMOfiiP1Y0Pwu3ineenIGN24nm//+GsN8U2dQ3bf4BnByJe0luIhsKM1+Fatecz9ovZs9NT7+QaPFoKG3sStOgOPrFPQP92YtoTif4XoOkyTmTgTUvHN5EBdxKFo7sEyr2Jnlr7Z1+jEarVqlCpVAa7P0U6pEg4kmqgxjgcfPdAP9xDnAPqu7/oQqEwyOfzwinAUDzvcDjSyWQSVzxZ7Oy/RSZE45JXw9w5BTeTW/jSfo+l1D1ks1kEAoF0LpdLj0ZQVXXF5/Oh3W4jPD6Ji+O3UNxeg6q9AsP28bHVwo2pRfBdHo1GA/F4HPV6fXkofUGVy+V5nuc3Y7EYOp0O+v3+yIZgkM9MURRomgbLspiYmIDT6YQgCAR2lVEUZSUYDGLojSSO4wwz/w/irbGu6+j1ekgkEqjVassMqSJJEkRRhCzLoyRN0wxvns07cmYYBm632+iQANKkMmnZTLAL7GfiXS4X6TpNRjBIxMyq1sp2iPnO1DGm0BTbIfZRzJ2Q2AAQkt/vH1WyJpjLI7F1ocQikcgIsF4qlRbMlqwjWWPrmJau1/8CtF7RM3ksOU0AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAF8SURBVBgZBcFNiIwBAAbgN5etvQiJOPiuyk/YwqLk52v9NbTtarDGNpbhoCknHKgtOXxDIU60mVI4OOxVbtuchaTkoByUMpoc/NTjeSIi0irPd5q9U/2J/uHe7s7mUkQkImeLi1VrcM+cZ56oXLJusKZaVohEThcz3fve+Oaz1+bdctdNNUPdFBKZqu54658v2q54pKvlsmt2SCWpleODl75aMKvtu3MWNJ02oymDlCk7N7zwR9tHc9pm/TDtpHFNa6WT0d4d930y54E583inoe6YmhHpZX3/oVnP/fTKvF/+emzKpJo9tkk/Rf+2q9qe+uC39x5rqBt30E4bpJ+lvUuuaLmg5ZymhhMm1OwzarX0sqiz33UN06Y1TKmbcNSY7UYMSycpM5hxxnF1dZPG1YzZaZOVMkgZSbXOpGMOOeKIA/baaqNVhqSSSIp01xhV2mWrLTZZa7Eh6aaQiKRIlcESK6y23LAhGaRKIRIRkZTppJd++umlk1JE5D9AhzZjNC9N+QAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAE4SURBVCjPfZFNS4JBFIX9UfOfpl306XZ+QYhG9UJtiihq4cJNQdQsIulLKhs/CAlNy9JRX+slKel0nFdCjOJsLvc8c+6dmQgi/+unKIqCyuucNTarb9SVGAOKsmAaCNCn3lBHxlzIEYC23wPQQxc+3lkFOPXTcggw3AzsNlqwVBMNh2hzKByQV4NGClGneWoOK+yUkFIOyOmAsVFcurMveMYZZrlJC7vaAbe2jw6B0HxEDPeYYfWBLeuALIE2g8/ZrNKexhGBOjPWQ+Bad7lSEhNs7tGewiQWeZ8y1sIRGVXFF80nxtewSeAOFXziBF64ZFocmw63rlFVPGADRR6owDOeGD7Ugdz3m2y+uhyfp8vw/IQceeqk3DEZjgg4uwSNhInJsc/aFqtqWS/ZuI3pBRUXv37zL30Ddxx1NEzXzZIAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJRSURBVDjL3VNNaJIBGBaCDnXqVlEQO0ixrE1a26G2uYU0tyVaA2lsHtS5HzuYhTkl0CHZmpT/0coO0UVS6AdrkCPFkC0am+ambea2GjOYuubmN9vG0/eNLl1s0K0XHnh53h8eXp6XBoD2L6D9Jwuqq6v3dnd3X9fr9Rmn0wmNRjMnk8kqSewn8wTFUTWqh+r9YwGTydzd1NTUbzKZkEqlkEgk4Pf7odVqv6jV6kA8Hl+nuGAwCNfgVcSeCjD9XI/xR2xM2ErbaeXl5RcUCsVyNBrNCAQCb2Nj46ZEIoHZbIZKpQKVU5xVWzu+OKzEcvgVkFtANvwMoYHzKUpBv06nIywWi5TL5e6pqanJ+Xw+jI2NIRAIwO12Q9lZQWSiNwuFry+w+O4O8hEPNmeDiDzuIGgMBqNLKpVm7Xb7NT6fP8RisX6y2WzweLxtKDrOIB3RYCsfRD4hQ3r0CqaeiBAebFsaNfPotGNkNDc3TxmNxqzL5Up7PB44HA7I5XLYDEJkIipsESGszQhBzLdiZbIXM47apY/Gc2XbR6TT6btI2WUcDicpFotXe3p6CBKFu3KmdfGD8vdwO4i5y/jxSY1pa91qxFBxuqgPvH0HLk6+URS28gEQSRHW59uwTCqZttXnYwNVR4oa6WHXYVHU24uJ1/fwbaQFa8lWpMdv4LOV9T1mrCr5qxNdt+uBlVnEHlzCcO9BvL/fAL/u1ELYUHl8R1buk5RuFEJWFEZMGNGz4BIfyg2pTpzc8S+0nN1H3BIe3fAZGjbeGuv8L5WMkmK/8AtkdLda3u0iOQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAADESURBVCjPvdCxqcMwFIXhw/MDF3HgqRIErEqdOlcijSqDcZPCYE+QCTSBJsgGmeBu4AmyyFnjpnjCZcrwtx+nOFB8Dl8Ba1lllWVTzNsoSWIZQnh6cdOxsHKRf58kUhF2X9xueYCFtwqiDFT4XmHvZj/AjfNrzCnHPLwCFa63cmaXDzBzrAtBPBUK03d7y2aqYGSqwMuFNpi7ou1/iVxBYqzAyR9NPrG9NuGHuCqgSCXKIGFTuM2Kke7RluaJB6bvXf25N1fx7E1Sq2rLAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ3SURBVBgZBcHPi5RlHADwz/POOzu7o21bIWVsiiAR1kYdJOwHdAgKO3QQDMqCTv4XdQikg1BCUnTQCIK6REVdOnWTClIRjAwNCdFy1t1xdnZm3nee59vnkyICAOSTJyu5HCsdR6PESju4fXG6vvFBOxzOVd7r7tn7Zju4vbF58dJnk7Y9VQMAaNu3PbTr03rtyR6hGqw/N/3u+6ct9mYrrx5+cXHfXpHLzqVffn3/2pnPl2oAgNJfPN5de7xnNGK8re733Xf0yCFtq2oKl/+UcO/aE1K3+1YNAJBTtdptC+sbRGHzrqruUDLDIaUw3mbnDlFKrwYAyFujmbZhe8w8kzOzGfM5udDMmGyjaPM86is/HrywuHzgQEoVWKh0ujf2WFjewfUb5DklyC2TGbMpqw+7c/6CzeHdH+oU1WOPPH+2m1IiyPtvWf/oQ/es7ra0Z5Wr19gYkVt6XQ486s6li37/+tvfxpPJido8pkrTm936RG46VMv6x9YMf7rhvzNn7T78soUqsT3R7Fzyx6mPjfdv5eF4/NqRweBmrU0VlHkfYevaOcPL5+nhFa6XL+mhB/TfqfWtdJ796spNqJWqo+oY/X1Fc+cfZbbtgYOvW3nqDUlS5q1mMKEU3fsX1Mv7/HX6GQC1OUnHrhfeJTJRkDWDb8hjZEkjTDSDic6OEwCg1kZEZM2/X6AQgUwUES3RijIhjykTAAC1JgqBIAqRRTTEnGhEmZK3lTwSeQsFANRmUaREFBFzoqXMRJkRU1GmooxF3qJMUAGAOtrSy+NN0oNSSuiITiXpgKRCIhJqeTICAHXMZj9fPf3SIYEEAAAACCSUcg7gf+9HV+4TlzZTAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKGSURBVDjLpZNPSFRhFMV/33vfzDjOvBmlRkuz0THKIjGN2qSrFkFEBUFBG1fhtkW7aB1UUNDCyIJaRC3aRAXWxkroHxpCRGaY2uS/GWfUGUfffPPe+1poUbvCs77n3HPvuVdorVkP5P8Ujz3ae0IVtj80w80U5l4i7MlO8a8OfvQmTsvAyXvBjR1EG1pZGHvD8PNbs/JCz7u+snKrdS5fCi3ZjuFp8NC4nsbTGldrmq234kx7p4hWtJEd/YxfKKzIJsoq4zEZq4zWdR3bHimWtCgLmH91FYDKvEKlM0QThyhOP8BfLpgYGsb1/Fwe25c0UjknoRxP3OubJjmnKBQ1ExmPZNYjOdaHSvUSbTyMPdWD8M3jC1tgz2Hu7WK5YvdWo1B0RcBnULs5wvPBFAtLJaojgpXxx5QvPCO67Sj2ZDeGr4TK1TP1YoiB6vPE6psAhFy2HQASm8IIDb0DKdo3DOLLvaaq/Qhq5hamX2Mvxpnp/8DgtmtsrGtE6FWeUbDd1TxNSNSEiWaeYWbfo9wapj9ex8OmkK0l2f+JgcQVahsaCf4RviysrCoJAU7JwTd9n13Hb/PlwTlG+l8T2NqCPZ9mvu0ivnAMQztIn/y9ZWO56KIBpRxms3lGvqVRn57Q0NJBKLSDyaFR9IFLNDXvoX6zRXYhj+c4aA1ogVwuOtr1tEhl8tTFLO58TXH1Zjf7dzbgj7fQfOou/sgWPDSy3I+ssphK51ipCIL2tCxkJ8eLyok3bQmKcNAQN54mMdZGEkKsOfUQvw4DSbzS8sZn8iqX/jEl1VJ64uDZ3sqAFQrJgCmkNDFMgWmAYQgMucpb00KAdh2lVhbnM+nR5Hex3m80WCd+AqUYHPPwkaN5AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAC5SURBVDjLY/j//z8DJZhh1ADsBjjsspIC4gb77ZZX7TdbXLVda9Zgs8xEihQDGmZfm/7/0KOD/3ff3/V/6plJ/y3mGjYQbYD9NsurBx4e+D/10tT/nWc6/i+5sui/+RS9q0QbYLfB/OrWO1v+d5/p+t96qvn/3Auz/pt0aRNvgPVyk4appyf+X3xl4f/ZF2b+n3Co579+mSrxXrCcZyhlMV2/wbRP56pRq+ZV3SLlBq1EOanRlEgjAwAXIuIDq5qm/AAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKFSURBVDjLfZNNSFRRFMd/b96Mb0ZHEbFPTfqQNKpFkVZYFO1MSFpEkBAYhBht2rnKHIogCNq0qIX2QdHOKFHJooIKlDIrykxLM0VzbMYZx9F57360GC0lpgOHc7j3/H8czrnX0FqzYKefVOuDm8rpDr1CaoVUct4VQglKcvfQdP8W7WeeGQsaN4tMOAKlk8VSSYRS8/Gv27ZYLMG1BGALtAZHSmwp2BgJc/T7V2zpIOT8XcJJDXBsgUU6lsuLIwV7JyfZLvysjEawTB8+7cex/w8IfBrqZY1VyAphsn5mGrW6jLLxMOu8RXS/68GxRSAl4O6x5vrnn54GJkZCHJgxYMNhZG4JJeEwE/1B2jpbA28uva9frDG01nC7zIfLLEJjApyPumpqsq2TWVtqkY4b60cz9/peP6xaldNAsgTEXJATL4aTgJulI+QU52kM0Bq0Qi7fTcKdj4pNYooprHg/xlwo2bR0IDaGKxo+ngRcXHMIoe+o/bV+WXgEFQ0iopOo6SAqPoW2E6AVRlo6JgL3hxa8gwMPyPBUGX8e0tm8QhQtamdlUaKgEhkeR8bDqHgEPRNFGxpLhPC/fSyJiXqaxi8sHWJgdAC/Z4frc3uze+ojWtnouRl0Io4Ss7g9bvy9T0PYunxB/M8WqBuKkZ3V4ZoeQgsHhANKgjMf09wxro12pFwjAKa3QmYXJ1OPwGtGcPmykcpC5iwroKF4a2pA4y4f2jgg/Wvxfmsj81HjQPrLthuZwU4scxqRtQ6kUZEaINU+mZHv87SeI62r6zpCb+PqSLVnbLg8o6d1VM/OgqOXAJb8RiJTeeaX8UF+2ado/Nn+5/zyUDt1RZu9fe+vICldLPkNkalgK6EwqgIAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAK/SURBVDjLY/j//z8DJRiFozbrLk/aqkc76/a8eDft2Ou/Ew69+lm/8/n7pMUPTsuXXlAgaAAIK/fe9Kg7/ubmsaff/h99/O2/48y7q+Tyz2vKZJ5hJGiAUucNRv0JNycuuvLho/WU24tytz67aNl5fZFM8mlhoryg0HAlcePNz7+06670y2aftaja8fy224SbW6SzL1lrNt+aY95776BJ593dJq13dpu13jqoWXptGUJz1WXVkp0vrs48/e6NTNoZM+n4kzpTDr5+7T/l9gHpzAvOyhU3J/vMe/w5e+OL/5lrXvzXKb2xTjz2QhncAKOWqzM3X//0Z97Jdx8mHHj1YsbB128P3Pz0P3bW3TNiXgfk9BturQ+Y9+ifU+/du4nLnvyXiD7fLBZ+lo0BGEAswACKXXLm3We/aXf2SoYejZQIPBws7ncwb+qeF29TZt+9LJlwNiNmydP/tm13LwNtdY+Y+/i/TNT5XnAYAANIL3vN40uTDrx6JRF0xBDmIlHPvepJM+5czJh174Hb5Pvv3SbceykWdd4aaGtQ5MyH/1UTLywDG9Cx8/n3aQdf/W/e+uxL8ozb20CCIu57jIN7bpxcdujN/+hJ9/4nLnnyXyzibC1YLuS0d/jU+/+1ky9swZoOkDHQuTHR8x//T1705H/MnIf/ffvu/Q+ffO9/ytyH/7XiLmwR9DoijFtz9Hkz6/qbl716736Tizo/XSTgZIGw34kc9ajz65JnPvivF3/+oIDbYQ2cBmhmX1qTMO/Rf7Hgk83C/ie4YOKCnkeCXSpvfNCLPn+A3+WgEoZGYCAZi4aeKXZvu/PBo+3OV6CtwUI+x1nBmj2OKAJtbXCrvPbVNufSYz6nA/EYBrh33v3k23f3v2/Pnf8+HXf+G6VdPAa0lRMkZ5Zy8aJXzY1/QPzfq/rGf/fyaz8ZKM3OABiskbcwY1E6AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAG/SURBVDjLjZK9T8JQFMVZTUyc3IyJg4mDi87+GyYu6qB/gcZdFxkkJM66qJMGSNRBxDzigJMRQ1jQ4EcQ+SgVKB+FtuL13EdJxNDq8Ev7Xu85797T51nwhqeAH5w6cAxWwDgReX7jwYfdaCIraroptB7NLlVQrOoiGEsL1G06GZyxuILicsMUH3VTlOqGKNUMUdTacj+j1Nng0NGAT2WxYosK1bbIVVoiW27J9V8G57WWKVSczMV5iK+Tudv1vVh5yXdlLQN+os4AFZss2Ob82CCgQmhYHSnmkzf2b6rIhTAaaT2aXZALIRdCLgRtkA1WfYG4iKcVYX52JIs7EYvFmJ8wGiEXQi6EXAhdyn2MxQaPcg68zIETTvzyLsPzWnwqixVbhFwI3RFykes+A9vkIBKX4jCoIxdCLrI4/0OcUXXK4/1dbbDBS088xGGCCzAJCsiF2lanT8xdKNhHXvRarLFBqmcwCrbAhL32+kP3lHguETKRsNlbqUFPeY2OoikW62DNM+jf2ibzQNN0g5ALC75AGiT59oIReQ+cDGyTB+TC4jaYGXiRXMTD3AFogVmnOjeDMRAC025duo7wH74BwZ8JlHrTPLcAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAABhSURBVCjPY/jPgB8y0FHBkb37/+/6v+X/+v8r/y/ei0XB3v+H4HDWfywKtgAl1oLhof8TsClYA5SAgEP/27EpWIxkQj02BbOQ3FCGTcGEdV3/W4B6K/+X/M9fNzAhSbYCAMiTH3pTNa+FAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHtSURBVDjLpVPJqiJBEHwf1f/UH+DydBTtLxBRUAS9eFH04MGTINIHUQQRt3I5eHBfW20XFBVzKgq75TGPNwxTEFSTXREZmVn1QUQf/4M/Av1+X+r1ekq321U7nY7GGNNarZbabDaVer0u/SjAyTIns/V6TefzmR6Ph8DpdKLFYkG1Wo1Vq1X5W4EXWb9er4SF/XA4kK7rdLlcRAyilUpFL5fL8heBl21mkHe7HW23W1ouV7Tf72mz2RBcGSKqqrJCoSCZArxexThgkEejMbndbrLb7S+xpQDWYDCgbDarmAK8WSqUYVXTNJrNZoJos9nJ6fzFd5uIow/oBwTT6bRqCrTbbQ3Ngl0c/Px0CDKIgMPhJKvVKsqAi9vtRolEQjMF+JiEAOzj0Gq1Mi0jKxxNp1MBw0U8Hn8LNBoNFR1HGSAhKzICFotFwOVy0WQyEZMZDocUi8XeJfD5Kvj5fD5FBq/XS4qikMfjMXfERqMR3e93KpVKFIlE3k3kc5WKxSJDD7AMuxAdj8eCiKxIgG9OZhzSl4uUz+flXC6nY+Y4eDwehZv5fC4uEzJDhBP1YDAof3uVM5mMnEqlGC9JNA49Qc2YO788xInM7/fLPz6mZDIpRaNRJRwOq6FQSAsEAhonqT6fT+Hf0l9f47/iN5+1McdPrPQwAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGeSURBVDjLxdO9SwJhHAdwIdpqrKmxNZqKuEUhSIyixCI0yjPv1PM1z8KDEonrOPF8OzcVhYoCh2gXp/wzcnmGgiDX1m+PQsZR9EJEw5fnWX6f5/e8mQCYfhPTnwHZbMapKPL9jwFNy47QYllVlWdZPsGXQKGQZwqF3CC5nMbQ4rt6vYabm2uk08fvAOLfHzcA+byGclmHrhdRKhVxcXGGZrOJ8/MzSMlDA0B8MZ7sBqYMgKZl0Oncot1uo9VqodFoQJZlCuoQ49EhQLgo98SHQDZYiaw4J4YA3Suuri6hqioURUEqlYIoinR+ikhEGACP664ucfGLj04PyPKWoStT/6BqtQp4nofb7YbD4YDNZoMg+Gl8r0CP2HcW6QhiWTMCR0cSqtUKJCmJWCwKu30dZrOZYjvw+71vW7BuCr3VTZB5q0hmLWND4OAgjkQiRotDg5bDYWGAeDxu2pXHeIhzS0EyY540dBDfDzOhYIAJBDjG59tjeJ7t9qFkUgTHse+vcXph9NOHRFcd4bysQvP8EfDtp0yhbZqH//tM380L5ZG0STFOrDMAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJYSURBVDjLY/j//z8DJRhMmJQd+x89/W4IRQbY1x5L8590dzmy5PuIqC4gfvA+PPIyEMfhNqD06H+L9gfG9p33/jr23OMEiX30DTj8yT/oFxCf+hAYfBeIfwPxIyBWwjSg5Mh/tYZHzDr1D34aND7Y9tXOsf2Lg/O/z85uNjCFn908lT56eH985xXwzXvygwYUA4yLD/9Xcm+QlS572JWesP7XVyOL79/MLKci22Rc/6DXvPH+X8um+79t2u7/tOu4/w9ugFHxof8wha+1LP89NHT9iaxZIf/BCpWie7/Vi+/N/25kqvrN2Oz/suiO6QgDig6ADfgtJrX0p6TMb1u/Xd+5Eh9M4k16yCyQdH+HYOK9H6JJd+tgBv7U0j3wXVvvA9wAg8J9/6sNAvT/8gr++8Mn1MYQ8aCFIfzBf6bwB3+Zwx/8Ywu7H44e+j8VVX4hDMjf+/8/I6v/fya2OyghHHCn3GuRw3TvJTZnPJdYnXVbbA436Le49Aa4Afp5u///ZGAJ+c3AIg5T4DXT0stjpuULj1nmD9xmW6x1nWu2z2W+6RenBcbxIHmga6XgBujl7vw/R1TDAabZscNommOn0UeHLsNFDj2GPDBxh37DDrtJ+u8x0oFu9vb/liU6khal2jPNS3UfAem3FmU6Gej+tqjX5rBo0rln1qI9GdWArG3/jTI0/Q0z1N3UAyxdgTQ4NQpreMjCFAqpOoHZRvnqUhpROhmmxRo8cAO0M7f8187Y/F8rYxMQb/yvlbYBiNf/1wTh1HX/NUA4ZS0Ur/mvkbwajOEGUIIBf5BxjDvwFIUAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALcSURBVDjLjZJpSNNxHMb/VhTUi3pjVFoyj+wyPDG1sDUTE7ES1zCPuXRbZjZrSk63qVPzKNuc+ncmHmPOeU3nkYkEmnjhlVdaBPoiddGbMDEoj6clZEYlvnhe/fh8+P4eHgIAsVWE/kdY4wVWC7NqE0yXUZZLeebFvs7mu3+9bwnzvE1pMyrK6lzFYWxOYaSFbFuCYqaxfK7OEfOtbHzty8a81g1zmqOYKLD4vC0B6b8/Wz/SioVuEssjSiz2kJh93YL2FLuZbQn8vG9wJssfrH0ZrcXqVB2WJnTQd8ghCbmo/aeAQ7Vi5bMuLciDqSBDacsRDJtB+cPI73otHx8akqFvFKFLcRdn2adbnGLP7PtDwHSzpOWzPFZlgVRsTomUh9zCVGTmiZD4JBYNb8qR1i6Bjdi6zJZ/fO+GQMqw73oWcQ11SWGYrBBCzadDHkyDguuB0hEhotSuYJfaIX0gGjVvixGti4JLhBO5IchjWNS8b9f8VZgmngrpcBzClY5IbroJhuIE4nq5YJGhmCZ9/18YT30B91TnwFU6gFVsC2E9HdUDOYipuYrL0kMIkDIwX+TzW7DDIUeQJ4jaKCxS5QzdMAntUN46WDkgg+xlDJS9Wbit9oRT+p61riIf9jps5FYZ7scfWuz4CDyq1kJUokGY4b8/4adtPGS2RiKthYOkJhYkz7lQdKYgqOw8rBKJFYLiraDTec1LjVOrSJ0E2P1ASAcQWHQSVf0yqA0LVPZkoaQ7wyC5g4JOCThqL1BExCcTAWFLjKU6rgzW5oJfrwezFWDq1hCoWcP1AnNcyTEFTXoQbo8PIKTUFeSrJNxSecJMROgPC4hT6zuYyXGfr027jwBxHzhtAOuF4QIdENwIBDUDjIxpiPnpsE/dBaaSBrMEYtYAW28s8Z2K69Ii8Yt3ppfrHKMHQBWPGTIOqnAU7vFDsPCqmsmNCU+yFBt9O5awE8YCgrJ5vT8AXgaV02he+4MAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALMSURBVDjLfZNLaJRnFIaf779PMuYPmSSjCUmYKBXREBLwEhUXIm2otlRBN1WsIoJLRcRdN0VEcKWgC1trV7pQBHGjokKrYBFNWsQk2gwpphNzGWcymcx//T4XIWpQ++4OHJ7zcnhfcenGk9NSiu9nA+n4ER9LLRxNAxyTiwe+6z4MYEgldm/b0NLgOI4QQuf/5EmIo5Brd1/+AMwBZn1p27Yjfrv/Bo8pSmKQTHqchFkkUpL8dIJnL12q1AoMUhzdmSGWQsxDjSACTdPRBATaGJn6cWxrhKJfIoojDNumvWUJ2eFqaq16pFzoygCQgKYJfDWBZb6hUCnixx5BFBGpMrZtU/YTpBIaCrXgMe8BQqAiiR+HeJFPJfQJZEQsARGiZEy79SeFmz/yVbLD7f/luBLe6F4DQKk5gEMDpXIOpZv4skwQxZh6gnIpydq6SXob8yTqd+NmuihklzNw68Kp9wBNkNSbGR17jevkqKrWsEXETL6KVGmGXWvqqXG7yf/zHEsELKpZTDLV6hrqQ4DZSFOii1dP71Gb/A8Rx2Rsm+2bV1PbvgU/dxmrSjDSN0DoBVNeZWb9OweDUweJpSSWki/8CXpa2hBmkabOLtylX+ONnkezIsxkG5qXVeG0t2X1kdtDhlIKAfTOBQsAvaNAYfg+y5qW4i77Fm/0HJoZEUxnmHzQx6Pq/eU9B3b0AWjiE3n1J4dIORaNK7cSjF1AtxT+dBuv/3iM3XuWopWJ53c1xxRFZEhneh2di3tY9O8r0pUioWwm9/cZJB7lfDOTjwao++Ycdk0KQxfvLhqWIa5cvTfcE8SqQylIZ391dx76mcHLRxn6/SF2aydePidHWg/Plh8UYkMvYGpcmgcIpRba/+ngqvDY/kMGWkzfneuMZF/MuA11G7880d//qYJ9BNi1qa7S3Z421qzIoEz/YWV8Yt+2k38Nf66hbwFu+Dui0xbh3gAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJwSURBVDjLjZPdT1JhHMetvyO3/gfLKy+68bLV2qIAq7UyG6IrdRPL5hs2U5FR0MJIAqZlh7BVViI1kkyyiPkCyUtztQYTYbwJE8W+Pc8pjofK1dk+OxfP+X3O83srAVBCIc8eQhmh/B/sJezm4niCsvX19cTm5uZWPp/H3yDnUKvVKr6ELyinwWtra8hkMhzJZBLxeBwrKyusJBwOQ6PRcJJC8K4DJ/dXM04DOswNqNOLybsRo9N6LCy7kUgkEIlEWEE2mwX9iVar/Smhglqd8IREKwya3qhg809gPLgI/XsrOp/IcXVMhqnFSayurv6RElsT6ZCoov5u1fzUVwvcKRdefVuEKRCA3OFHv2MOxtlBdFuaMf/ZhWg0yt4kFAoVCZS3Hd1gkpOwRt9h0LOES3YvamzPcdF7A6rlPrSbpbhP0kmlUmw9YrHYtoDku2T6pEZ/2ICXEQ8kTz+g2TkNceAKKv2nIHachn6qBx1MI5t/Op1mRXzBd31AiRafBp1vZyEcceGCzQ6p24yjEzocGT6LUacS0iExcrkcK6Fsp6AXLRnmFOjyPMIZixPHmAAOGxZQec2OQyo7zpm6cNN6GZ2kK1RAofPAr8GA4oUMrdNNkIw/wPFhDwSjX3Dwlg0CQy96HreiTlcFZsaAjY0NNvh3QUXtHeHcoKMNA7NjqLd8xHmzDzXDRvRO1KHtngTyhzL4SHeooAAnKMxBtUYQbGWa0Dc+AsWzSVy3qkjeItLCFsz4XoNMaRFFAm4SyTXbmQa2YHQSGacR/pAXO+zGFif4JdlHCpShBzstEz+YfJtmt5cnKKWS/1jnAnT1S38AGTynUFUTzJcAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHtSURBVDjLY/j//z8DJZiBKgY49drM9J3idhLEtu+xjvea4nLNqsVspnWr2S6QmF6+Zol2ltpq5QSlmcpxijMxDABp9pjkuMuu28rIpsMi3rLZFKzIus38mm6OuqRxpf41nC5w7rOJd+i1ngnUXGLTbj7Tsskk3rbL8ppZreEu7Ry1mWpJSvHK8Uoz0TWK5U/nYIg8y8rgPsl+l12P1WqgbTPdJtk/AtoWb1CkBdagnqyyWilawVM/Rw/FBQyx540ZGm/eYIg8P43BdYLdSZiEcYXeTJB/TaoNroH8q5OldVIhXE5SKUqhXSNRfZdKvPKVkOrED+L9d/8wN998w+B4XIL40I48K8FQf/O6+7In/7mbb35hsD2qjBKNDLU3ExjKb7pi1Rx61ke89+6fwBVP/jPXXn/HYHlYGiMdMJTe1JJc/PgHQ/X1xQyplznBYuFnmRiiz062nPfof8DSJ/8ZSq8/ZzA9KIEzIQE1Vvuuf/6fufv2M4bgsz4MxVdPui8Cal4C1Jx/+RGDPqpmTANiz7MAvXI+bO2L/5ZzHvzP2Pjif8DCx/8ZMi/fY9DcL0FUUmbwPKkg3Hr7T+WOV//95j/8z5B6/jaD6l4JkvIC0J9FTtPu/2dIPn+PQXG3BFmZiUFzbweDLH7NVMmNAOGld33BRiNUAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAImSURBVDjLpZNNSFRxFMV/M40TjdqUqZmCn0GURSSUVFIUVhtx2SICqUXRVqptRBERtGpRC2vVwo0QEUWaUElSRDEW5EekiU1+RKKDOuPMu/e2eM+Xpq28q7P433PP4X9OwMxYzQRZ5YQWwO0no74UNcMAEcDAVFEDUReLwrVTpYElBADFG8MYhikYYGqogS0iUYXB8bnlCsQMM29Bwcww89R4RKqGqiGZFSyIuBIxQ9VbXMDqkhTIG6oTbdTn76LnwSsLpOJNPoGJug8NVBVTvKuu9GJrpza7l3Vlp4lW7GFqaBt97S23fAJHQcVQ76p73cVb6KSu/Du50YNMfuslHEiTu76InE2lUZ9AHUXUfJ/meS7gHYcrBthQeYL50VbCkQDDsT4yqfTvVHLmwF8FDoio71/VyNe3HKv6QLSqkVT8HsGwQ1ZOGTI7TGZ2rn5vc8eAHyRHBBFDVFExsic7OFLynujWRlLxuwSzMqQT5fx8GeNh4jw1zR2xJb/gOIaIm4Hs6U5qi3oprG4gPdbCmrCRmi5jrOsjzyJXiU9FlkfZEUPUCP54zP7CfsSKGf18ByXF7GQJI6+/8DRyhUQwH7EVcuA4Sv/IHEeTbeyou09/60UGurpZW7qbxMQ4z0OXmJjKwXSGxfUL/NvG6+d2Zi6fvRAiKMRePGJ46OtMtCCv7viNnp6VyrSM4OShvGRN5ebQvu0VWNZ8d3Li15mGm58G/9fGP3sKXaMRKZvBAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJXSURBVDjLlZDhS1NhFIeF/oJBEK5ISiIJsaxkTAQTR8wSacY0xdlmbZqkTZ3cmmKprU3naltOd2u5UtFSAiuSaAUVGEKDvphtXuVu79xttfB7Ef16FwRhG+mH8+H9Hc7zPuekAUj7u9omQ2ieIGj0hqB1B76s76+vf4KmCeFh3wzBxekYVGykYdMALbsEtZsfrR+NQ+mK5m8KUOchUNk/vqlk41srB6MosxLDhgHqkdhAw/AilKb3/YrO+cKqQQK5OTS2IYDKE9uvcQZQ3u0vSrz1r7T3au/3obh3Zf6/gGp3dEjpJFCYPuC4Tdimf33Wa39ngfVtLxS3ulHuKdkid1RFi52EOWInvgIb8eVbyZTUHNYlPWLj89M2y9wVzC7PoPNZO446rn8/NrQKzVgMBVaCmhEBFx58RgW7igM9vC6pVvWkot842wL73CyUtwVox2OQ9hFLopd3lbdovAJOuaPY17HCpNytxFH0rfXxC9TejUHS8/JnnokXJfKcLp7VUIsyZxh7GE6XajhaaJJCYszFQeNl5Fxy/aC6vuwuHiecEVx7EkcWs4yMVk6U0kBiDouorq+Cqp50/db172W4qTN3BDTRlXbqg/6kR/xTuT28v4oVoBxeRVYHxySyXQaOKR0Io8QaxvbzASYlgOrKZDYCy9OvyDYuI9PAiajubvrrSsu4gMM0E9cHZCkBVFdXeiOM3kdxlDkiyGxbQpZhCXJLCPrRT6i5GcGhdg7iukVZUgC9rojqshn6IHY0BxO6fvG5AEN/ZcTaxTU6uJZet8CmqxdEvwDWpa/ASC8BSAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKbSURBVBgZBcFNiFVlGADg5/vOuffOdcb5cbKcjUn5V7poFJEiKMKybDYFgdSmKAiiokW1aNHSXWQQuGwR2KJFq2hTkFqUEbZRMzQIJS1nbPxjnHvvOd/b86SI8OSHx1/uT/ZeyslujCGBhEhE0ZTy5/Vr8V26ufzeiSMLQ4AUEQ4c+vHE52/tfiDnNB1UAoAICIu3R47+et0/FwcrZ0+fW/fDkYUB1JCrtK1bV9NnrqpySiSi0EbRNOHOqPX4lrX2bq2dLItromxffuzNr2eOffrsIENKaSIiqm6VdTJ1ospUiZTIEoq5ya6FPXM2be7168nxz6De+c7vhx+a39h/48tF8zN9nYqfrtyx956+4aj49swVMxPTtsyuc+9EpdepbXp41rGf/3oBL+ZmEKfunqiNBfv3TDl+acXqMDyxa8rlxaEUvH5gvQvXkpMXG9+fX9HrVFKdG8iKX26sFM/vGFen7PbSsq29WpWT01eW7Ns2Z02v0utWxrqVsW5HyKQM6mht7lX8duGOj7+5ZPv96y3913r/i8sU9j86Y9QGKUttEjkURAB1jMq4YClluWV6NUlTterSooN7N8opqasgEkFI2kJbgBxDvWiTs+evOvTKg/qdZDgqbq0Uj+yaBEmSIqlzUuVkrJO0TYC6jGKuSnSa0O9mf1weuNHe9PTWDUqEErSFQAki0amyZtiAOrVp6tz5qw6/ep8miqlOdnG59cy+WSWAKlOhkxMoEUaDAvKFr3Z+MBhdX51eW4PXDm7wyds7AAAAQJQwWm1AhmZQSlNKAAAAAADUdS5NWxqoYbTa/jvere6SRuMRkQUFMNWvQQT9TpaS0qnSrbYpf0MNKcVHT717/LmU0nyINQCCQAggwGop5VSdHYX/AYn4JwmEykruAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAABbSURBVCjPY/jPgB8yDDkFmyVWv14kh1PBeoll31f/n/ytUw6rgtUSi76s+L/x/8z/Vd8KFbEomPt16f/1/1f+X/S/7X/qeSwK+v63/K/6X/g/83/S/5hvQywkAdMGCdCoabZeAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIsSURBVDjLjZNfa9NQGIdnP4cDv8Nkn8PL6UfwSgQZOoSBYkUvZLN1lMFArQyHrsIuWkE3ug2t1K3O0LXrZotdlzZp0qZp/qc9P8852qyyigs8F8nJ7znveZN3DMAYg14XKROUyf9wiRIKckOCCcdxNN/3+71eD6Og64hEInPDkmHBJAsbhgHTNAM6nQ7a7TYkSeKSer2OaDQaSAbhC7efJGY28gZWPrUQTyt4l2lCKLfR7XahaRpkWeYCy7LANonFYr8lqzt26PUXIxzf7pCfioeS5EI2fVQkG+GVH0hlRVqFjmazeeZIvCc0PBXf1ohu96GZBEnBQMMmcAjgeH3cWRKQyTf4URRF4ZWIongqoOFURXZpUEOt1YNm+BzDI6AeFKo6IqsF3g9d13k/VFU9FSytK9V8zUJiR0WbBh+/2cVich+trodvNQeFEwvTsa/8C7Dzs54wUSBYeN+ofq+ageDZmoBX64dQdRcbByaEqoGbTzPwPA+u63IJIxDMrR2nDkUTR6oPxSJ8ZxYuNlxsHtnYLal48DIH+om5gMGqCQSP3lam7i+XSMfp40AFsjWCrbKHdMlGpeng2uxHpHM1XgGDhf8S3Fsuhe4+3w9PL+6RvbKGguhAODaRLSq4OvsBL5JFvutAMCAQDH6kK9fnZyKJAm4tZHFj/jMexnPYzJ3w0kdxRsBu6EPyrzkYQT8Q/JFcpqWabOE8Yfpul0/vkGCcSc4xzgPY6I//AmC87eKq4rrzAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALGSURBVDjLpZNdSNNRGMZ330V2GXXVRXVTICRd2IVIIFGSoJDWRUssRREJiswP1La16aab3x8tyoWl+T11tqmYmJbZh61pfvWFKZmoqZmp236dv1MxKrrowMP5n/95n+d5z3veIwNk/4PND1dz8z5nY2P0al1d0nJVVdhSebnXxt5cYeGO2ezsmGmtduyLUtnxOTn5+C8CLosl1tnQMONsseJsa2WlvpbF0lLHgtHoPVdQsHfWYLB/M91mtbuTH1YL0+lqxuLi7nyIitomkQOd5jrcQwMwMgQDDhgdZqW9jbn8/I8zen3/ktjHYYdHD0GISDEz+kzeyuVK2arZbHU/fwovn0FTI5jNUFMj1r24ertxdgpSbw/cugU3b0JREZSZcD59zHBo6Lhsubr6k3tkEKzNUCecagW5shLu3vUIPmgCo1GgBAoKBPIg24DrSRdvgoIWZKJYX9yD/VAvyBUVUH4PTCaPY8k6KU+QcnIEUQ8ZGaBR4+psp//YsTnZosk06nK8gmrhWnrbk+YGMTcXDAbQ6SA9HVQquJYG1xW4ujqw+/svyBZu3Cherr4PPV2e9La6abXCUQNKJaSmQnISXL4kjljGpEpBn69vsexrXt6emays90uSiFClpNDjJEFxTRBT1ohWVSSXc09zIesk51RH0YYd+v7Cx2fXWh9MqdUHJ1NTe+ezM3FJV1UjCphwFRITIP4KDSlnSas8R6Mjn74JG/qWaE7pD3A4ZqdusxMn4uO3j128qPgYHT0/byyGZnGdyUIkLpZwTQD1rw3UD4ijiaFrPY++NVISWPqtt9+Fhx8aOXPm8VSSILfboNXCiURvLA4jW4fZni8J/PmBDIWEeA0EBuY6AgLc4xFyjsTsdmpt4aht8jWy2ir/ewZbYffzCxaVjhOBymDdfjJtEWvO0iytf6nBvyCCNQLzUtrrs0b6/xNhTevE6BlD4wAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAEUSURBVCjPXdFNSsMAEIbh0Su4teAdIgEvJB5C14K4UexCEFQEKfivtKIIIlYQdKPiDUTRKtb0x6ZJ+volraEJ3+zmycwkMczGzTE3lwkbxeLE5XTqQfTIjhIm6bCy9E/icoOoyR4v7PLDN+8ibxQHxGzE3JBfHrgUalDnQ6BNk1WRFPjs66kDNTxqg0Uh5qYg4IkrjrS9pTWfmvKaBaGaNU4EY+Lpkq88eKZKmTAhbd3i5UFZg0+TzV1d1FZy4FCpJCAQ8DUnA86ZpciiXjbQhK7aObDOGnNsUkra/WRAiQXdvSwWpBkGvQpnbHHMRvqRlCgBqkm/dd2745YbtofafsOcPiiMTc1fzNzHma4O/XLHCtgfTLBbxm6KrMIAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKzSURBVBgZBcFfqN5zHADg5/P9/d53/87OmdnU2jIttiGJEZO1SSh2YcWFXHCBEpIibsiVO3GhlhIXascF7maoiY200iSbIYZxmv3/55yd877v7/vxPJGZ7nplz6MLxuc9XMIGzEeAQAZZjWr9/eyp3B3nz7ywd/vWAUBkpntf+2bv+89suLqUWJI0EoBMSCf+G9rx3Vn/Hpmb+enAz0u/3r51DlooTazrt82Sg8c1JYIgK11Wo1G6OOxsuWqxW9a29tUTC7OuP7P56Z2XfPXWfXMFImIsM5t+U/QKbdAUmiCCIlCtGO/bevMKV1w5b0E7vug9KJAEFJSgRCgRSoQSoTTh6OmLVo8NXbM0PL7xUk2veRBagEzahhAyQu2SEtqGfha/nUqDOlLrwKY180RbRtBCJok2ipQSUUIgK9kUetXS39421h12sW4hVoECiYoISoQSoUSIDL0m9EoYO/KB1Uv/tmbzI5z+zFo/FChQR2RSkchMpFIoEeb/87FV7Zcm1t1k+q9degtWemr1F/1dz655qIVaU2aSpAQggd65703cep9u5qD5y1aZ7f6xesu1yszx7S10lS7JSgWQoCbD/krDM38qzUlRpvXHTzI747+jc00LdZRqple/HwipBplh5ewhD3rHxKKhOppV6lnKYjkc+HHysF9/OfVEC6NRp+tYMd5z42VFTZYd2+ny6Q+t3bhRDj4X3QUHPh0YTs9Z0g9vTj0wnJx8abKF0Vyto1pz0Ilvpzo10mPnPrF+0x0GJ7dr2wk/ftn5qPeks9ff443bSz343Ldz0MJwtju2qN8se/G6waLMLJL2h0Y0U5p5yx36YkZv3ZNevu1+Eer8frnQjeoUtBCRr9/9/J5tEXFDyoWwbXm/vfuPfc350yPvHr5zdGj/4s7kbpitte5vix3wP04jPQSDxpk/AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALjSURBVDjLfZNfSN11FMA/3/v7ea/36prXWWirTZdlKtiC6CGi4BLVCqJB2/BFNmKMfInVQw8RK4lVD/VoEL2UWL0Za8HQJHNL5ya17lZz4aItXb957/V6r9v13t/3z+nBNBm0A4dzXs7n/FciAsCz747LgRdambyyiDOCtQ5rHc46jHE8ft8W+gd/Yrr/JcUG8dccZy3OCUb/G2hWrTWraoxgjeVWiaw569m0xYSW9qrT9NxxFB1atLarwNsBnLHcLGnu3hRDh5ZU4mseqb9Mo8xw7+Y4N0oVrL1tBbbv7PnrNMR8OpNFdkTTROpTPFU7yl01UaZ+nsMZ2/e/gPEPdh258Humbyod8Gjie/ymPUTqHqMzMsKZc1c4fynouzi4/8itABWe2hYX8drEiecE3vqx59ChrhMHt3UdhEiU8OpXDJz0vtnXkX5HJIJzgtWlTNOehasAqjLWOCeJ9q0iICKIEyLJJyCxHdF5RBfQuTS2tICgcFoTLv9JuJjtaXlFBnyTC3pdEAx6Hb21/tZuJAxwYR6ns2BLoBxVd+4k6m/CGU1h+gvy09ljxBgCUCJCYUC1Osvx6IO727x7XkTC64i5ibgSYldAeQTfTRP88AuVpbJYT+aA/qeHzftq7RLzX6paB5/HH3pjt4rV40wesSVwZTKT8yxfyvJAai+xlk5W0sP8dnLE5mcuHl7fQrJbbqh4zYguzCIKEIdCgVj+Gp3k/tReqi+PoT7rJvHHEM3bt3ii5LC/cSVC9fNVyZ0o5eOMQS9dI9rQjM4WqW5sgede++8H3m7Cc6p5HZAbaog7IeXVdVA48yG5iYlZFKdq2lr3e3UJSue+peZYL5WVgBKwXPSwHtc2XKJ5UtXuiGeOv05mbOITo3m4/T05sDQzu6u6nuVfT4/zdzlO0asiv6iYnVdWoH99iPOfqpfLC7xZztLb+ZGc2Nja1KtqcyWTHC3nil2eUb71ZF7g42eGzdF/AONCmjwFNk4lAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALWSURBVBgZBcHLi1V1AADg73fuuXMd5947jzuO+WgSylIhdROEJNFIkBptclmEuza1yPBfyHWLKBcJLdq0KFBMEotKxCBSNDVJ0xzHxzyqM/ec+z739H3hwKH95xozjblSqQQAAgCAIAACBvnQ8uLy93FjpjH3+ccnhCgYDPsACIJCIYBWP0VQFJFiWCjkPjx6ZC4ulUpyA6H/pezsJZPnWpaOzhqrVd28ecGN7LgHS4lare7xSqIUl61mHe8cKJTjkgggSVYk20espqnWmevS9KE0TYXuJd12U7vV1Gun2u3UoJMJYYggDoDx8XUUfWvfn+Kj31TenDazYaPR/m3twVa1iZqRUiQuj0hbHSF0EURAkCSJNG36bya3OjnQ/uoW+VDR+lm/m2o1M/1uS7eT6XVbQihADDA+PkPRNzFel7y7w+SnKwYvb1CZ7prtrShXn7S2UlIeKWu2elglEBFAp9OVpS3JaqI5lvv3WTpf/KXIO6LeaZ12qtfNdLLUsJcJIIgDYHR0QrWeGa/XQfmtLUY/OC/On7KxcU1ntG1T9YrKyJJe+65S9LaAOACaSSZNu8j8uvDIvX5k/TO5507ctHAw83j+M1fvzUvbbb120ws7KgJiIQioTzxhddB1udVyt1c2NTnl0b5g3+mBk38OtWvL5vbutXlqqx+ufeOn37+WDesiKIrCL/N3nLp13f1/VnQ6HWmaSbtdF7cVbjx6YPe2XfIot2vDq/LQ9+LzeywP74oCWoPMUt5XGakaGx23pjKmuqZqy3xi8/0FS9mKcqh6Y/t74Mi+456e2akwFBGEEKmpq4aaSj5qbahaf2PRxoW2O3t2Sporrj244NjZw+DYd4fdXrwiEokHg1ye5zZN7bapQQBB2IpXmA7B/seJi1dO2bPzJSevfmIkxM5f/tGUWeH1Qwe/XTcz/VqpHCMIgAAAeDj8w/Lwb0MDkVjDrGhx8sz/ABdNCpr3mlcAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJsSURBVBgZfcFLbExhGIDh9z9zztw6marQUm1DNZEQEdUpsRC2lLgsJDZNGmFjY2nBErGzENewIEUQRBBBJFW3IC6xqqYSd4tWtOPMnMv/fdqYUIvxPEZVqWbn6sUzm+tyV3OpTMFaQUET2eSN7YdvdFHhUMWudR1OY23NxVwyXbAiWFUiK8YfLa3ZvXFpDxUOVbTUanZKpmZ5Jl9L67w5NDY1IKKICHWZzAkqXKpI6seoftZsae/a7Ez3ikwoaZox63H/7LGACocq9n3fE06dlh3L4hOaFMbLMiH48FTntjWGVLgD1wt+Oj8/Y4zDX8r5rZ/ibYcWvjxV09/R3NJKyXh4JuTDx2HtHVrU28lvZuBap7ateYQxBpRxih9Ydhx4QuvceRQKAU9vncWYNF4yT1NHN6eP3olvv3q/JX7cc8EMXC5I29o+E349jA0T4OTZ2xtRmrqaKZ2zGCyCtfzhKkxDeXHuXvDm7etNLpFBJcSGSVSUn0MP6M6/gvg4PKSq45uupA4+33PJxaiRuMTo0CDRyCckKlO3YD0/2nfxL2VCzoPRk8v4kpxJ86IVSZfIwc3UM2PVfkBAFRuHJL7f5KtfxqqlZBP4McQ2orlhCQaIn70ojXj9sUukqC0TfjsJKL8JKbFkyTEmSYwYPBWsRLgEWCDR0d40Z2XfiEsAKjEYQBUQkAhHIxrcH9QbHzVF1CmiDJPOtPMOOLOSEca5hIrBgiqoBQ1RCUDKqJZQ66O2iMajqPUBYTJXQyH2h5HYA3VAE6h6IClUakAjVEMwITgxtlxmMlfLweehIxsaUBwMhv9RwNwF0WEqfgE9XTQvEQ+I/gAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALDSURBVDjLpZNLTBNRFIb/6RMqtEDBFopFXiFGIERYmKgJUXBFQly4gI1LXbghcYPiI/JYmbhxLQvC3hjjQkSL4SnvYCRUCNJCSwSq0OnMdObeud6ZBIzB6MJJTiZz7/m/c89/5gqMMfzPY/tXwkYkUmkRhOuU0nJCyKvs7OyXPp+PHu4LfzvBSjh83+PxPM5wOs1vSZKQTCbjsizX1NXV7ZmLBuBPMbOw0LsVjzNVVZmiKIwLGQewRCLB5ufnv49NTGQYeZY/VQ6Nj/d5vd67BV4vOAC8IjjEqA673Y4stzuHi28buccAoVCoJ+D3dwZ8PqTTaRPAewf3wHwfHBwgx+OBRkjnMcDq4GB3FaX3TrvdZkVDfCg0QtM0c52birSm5f0G2O7q6vY7HF0FNhtofz/02VlTbIgM8ZORdvS+v4bME04kRRGpVCp8BFhtb7+ZUVralcF7JpOTIJEIhIEBYGjoV2Wiojj/DDpeNOHT8hJSothkjnEsGHT6W1qUYGsrtOlpkFgMOh/Xw+Y1MKpCZRQqhxTlVaK2+CI+fn2Hxc0pppC0+8OdhGhLWq0lRQ4HGDeHRKPQueOUB9FVNFffAGU6qE6hgyG2H0VN8QWIqizMRkb2a3ssebYfsqzK8Tj0RAKU93YIMI5siDf2vkDTuYm6Bo1qOEgnUXfqEkRNskytj+5ZdkRxI7y4uJRcXmb2wkLQVMoMhSgglMDnDsLvLkGhpwx2ayYKsgOYi45hbG10R1LRYP7Kz3Jz8+srKuYqq6r8mYzZpc1N3GqLQuFjVHkrMlFZef5Z4XzZVcxExjEcfrOtElyJ9bHPR3fhaVZW7kmX6/m5QKDRIwhuhRsZkyQ9Kkmtbbu7r6t7LKmG4GVXKDy8peqmeOXYZXrkcAgeq7U+02JppIytqbr+tkNRksZe2QMhRXWrS9Zp2bc+tn6o+QkxLL87j8znVAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHaSURBVDjLlZO7a1NRHMfzfzhIKQ5OHR1ddRRBLA6lg4iTd5PSas37YR56Y2JiHgg21uoFxSatCVFjbl5iNBBiMmUJgWwZhCB4pR9/V4QKfSQdDufF5/v7nu85xwJYprV0Oq0kk8luIpEw4vG48f/eVDiVSikCTobDIePxmGg0yokEBO4OBgNGoxH5fJ5wOHwygVgsZpjVW60WqqqWzbVgMIjf78fn8xlTBcTy736/T7VaJRQKfQoEArqmafR6Pdxu9/ECkUjkglje63Q6NBoNisUihUKBcrlMpVLB6XR2D4df3VQnmRstsWzU63WazSZmX6vV0HWdUqmEw+GY2Gw25SC8dV1l1wrZNX5s3qLdbpPL5fB6vXumZalq2O32rtVqVQ6GuGnCd+HbFnx9AZrC+MkSHo/np8vlmj/M7f4ks6yysyawgB8fwPv70HgKG8v8cp/7fFRO/+AllewqNJ/DhyBsi9A7J1QTkF4E69mXRws8u6ayvSJwRqoG4K2Md+ygxyF5FdbPaMfdlIXUZfiyAUWx/OY25O4JHBP4CtyZ16a9EwuRi1CXs+5K1ew6lB9DXERX517P8tEsPDzfNIP6C5YeQewSrJyeCd4P0bnwXYISy3MCn5oZNtsf3pH46e7XBJcAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGSSURBVDjLlZO7S8NQGMVb/weRgoI4iIuCVuoiuBfBwUFwaosPqJODk5OLBVutSlMsuDg4OVWkYO3o4Cha/BNS+qLP9K3HnEtT07f94HATcs8v33eSawBgUGtSlVmVZYimVY3Ro8nQBJgrlUq2Xq9/NxoN9JL6HD6f76oTogEsNBeLRSiK0lIul0Mmk0E8HheQWCwGSZLaICwjAdxQLpdRrVbFShUKBWSzWSQSCQEolUrgSwKBgIB0AWjWRAAN+XweyWSya6RmJsY2gDpGawOvObc2SiqVEp3Istwf0Ck9hJ0wj3Q6/X+AHsJxmAlBIwGoWq0mciGEGhnALkJvDzgK2LB3sQH7mRWrjtmbgQCaNAVf73HyYMdTVMK7HIb3xYkt7zxWDkyeoQC273BbEfy8RPDrGixPZBfeyD4B5aFfgVo/XkQoegt9PX5IBEAP+OmXwdrhDNxhB1xhmzC7nm1/HTR/x2U1ZUXd3PMw+YOn2PTM4Ty8I97MlfcigyZgipBBR3lhe/zO4jQpbJvrkn3CT+8vh7avwsYhJlIAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKASURBVDjLxVNLTxNRFP7udDp9TCEtFSzloUBwY4FUF0ZjVDYsTDSw0/gjXBii/gk2GjZudO1G4wONK40CGkQSRKTybqGAfVHa6dy5M/d6WwMhccnCk3yLk3u+L9+55xwihMBRQsERQz2crK+vX3Txyn1SyfXDMnyE24AjwR0Q4qLQw1M82H4vGo1+3OeQ/RZSqdQTV2XnhkKzmqaoYJaJQj4P27LgcQGNdTocRmFzyWiJv2zqil0/EJDkt67C0oAGhtTmJpLpHEwSAPNEwBwCy+bQ7W1EsYlYWxiKdMSjvbPhniu96tra2ohmbAxovILZxCq0E5dh6M1g0jllAqYEZRw7lhRp1ZDdewW9tILAykRPingfk9Ti7BbJJ47viiC645cwNm2gYPAaefhWH4TgGB79JoU4vG6Cu0MNyMx/Bv8+hkzJtlWWW27yRfrQ0dhS+4sq0aAOqHQgOK8JGJbMKZf9/h1asPssyv56sBejqupuinEtEHI5jgNFURCuA5JZB6a0fPvBF1BLClbsmoPT7X5wKVqrbWhFqDMmFFHcKLLiNmzbBmMM7WEFAY2jbDCUJbFsMpQkjgUI4ifVWk21lqaXoBQ2mMJ94adi6wes5AxoMYOw7uBcl4JTEQFVULhhId5GcO2MJtuUEykXQRc+gb1/hLTl/VobY2JmctyfnTvvUwlEqCMPvdGEHrKgevj+wlTrxO8VL1+ebLaSc1gwA2kj9bPlYJGmPrx7bm0lrkbIrhrwewFPPbjbj+pzdSPtUh7YXsRqpiT2gp1T9NfEhcGR1zY5fEzjo3c8ud3SIKV0SJrp1wgCLjiS7/CKaU5LPCOcj918+Gb+n1X+b9f4B22tbKhgZZpBAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJQSURBVDjLjZNvSBNxGMeX9O+FOAkaLbehozdGRGiMQqTIlEqJMIig3oxl0YxcgYt6FUZRryLYwpFWCr2wXgjBIMJMYhFjgZSiEXOg5c5N593udne7u+2+3V3tT22SBx/uxe/5fu7uuefRAdCpKJdJoVHB9h9qFSryuSJBYzqdpiRJymYyGZRDOYfH43lULCkW2NRwKpUCy7J5kskkSJJELBbTJARBwOv15iW58AZVoBbwPA9BELS7CsMwoCgK8XhcE3AcB/UhPp/vtyQnGBi03pYXjyAbPQuRD2sSbmUFVN9NLJ5ux9DryZJP0nqiChzjl48Oh9oYRPTAXBVksgnS0hRWu7uxXG/EfL0ZZ9yjGHgb1t4kGo0WBO6AvcUVsFP9oTZZjlQCP7ZA/r4JpHM3lup2Im6pRsRai2PX/GjoDWEk8BWJRKIg6P147mfP+CW63d16RUyOQP5SA6rLAsKyA0TNNizvM4D9/A4Tk2Ec7nuPE0+vgqbpgqBnzLl6vv8N3+x4eEsS0mAvHAJhMoAw6kHUVUF4rkeWHAKXZtA15kDL6C6tkXmBffiZs/P+NE7dC4pBhwsJY6USVjBtBO/bCswrbfq2GS+Ce9DwyooHoRvaPPzVxI67IVfHnQA+2JqQMFQgur0anP8J5IVmYEopmdbh5YQO1wMu0BxdKlB/44GLg48/HT8J8uBesH6/ViDxC5DnWiHPWjAz0wleYCGKokaJIDdI/6JMZ1nWEshr7UEZsnnBH8l+ZfpY9WA9YaWW0ba3SGBWJetY5xzq6pt/AY6/mKmzshF5AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFiSURBVBgZpcEhbpRRGIXh99x7IU0asGBJWEIdCLaAqcFiCArFCkjA0KRJF0EF26kkFbVVdEj6/985zJ0wBjfp8ygJD6G3n358fP3m5NvtJscJYBObchEHx6QKJ6SKsnn6eLm7urr5/PP76cU4eXVy/ujouD074hDHd5s6By7GZknb3P7mUH+WNLZGKnx595JDvf96zTQSM92vRYA4lMEEO5RNraHWUDH3FV48f0K5mAYJk5pQQpqIgixaE1JDKtRDd2OsYfJaTKNcTA2IBIIesMAOPdDUGYJSqGYml5lGHHYkSGhAJBBIkAoWREAT3Z3JLqZhF3uS2EloQCQ8xLBxoAEWO7aZxros7EgISIIkwlZCY6s1OlAJTWFal5VppMzUgbAlQcIkiT0DXSI2U2ymYZs9AWJL4n+df3pncsI0bn5dX344W05dhctUFbapZcE2ToiLVHBMbGymS7aUhIdoPNBf7Jjw/gQ77u4AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAACoSURBVCjPY/jPAIMMCgxmYKiAEAOKwhmMDGZ//v/5/+M/qhI0BW/+gxQBlTDiUPDl/3v8Cn7//4VfwR/cVkB8kfI27S0WR+7rm/ui70X7i9YX88O7whtflANh7ouUPqgCBsbZLyBGAq1hRLBiX4BZiODBxgIpgAWPOYM/BgukGCl4En9jsswYkIIHKIzBgiiABg9QGINlxoAUPEBhDJYZwhdmDDZYWAoAtTEEdnXdy7IAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALvSURBVDjLTdJNaFxVGMbx/znnzkwm05lJ0xlm7FeIbW3UxDotVoOEFkTMotKFK+mmOxfdRMWFggutOxGquHOnBFw4CIq0WEEsihJNBEWKUmuTYMjXJPM9c8+957wubNM88G5/8Dy8SkQAuFhdPg1ceXBoYLIbebqRJ/KeXuwbQAvYBBywDdSAT4CvA+7Gx/GTJ8p7Jl89U2R3Otbnu9bnt/vuoI2gFTrubLa5+nfnWWBmN1DKJRUAy3VHQikCBSaAVEJzOKUxWpMwUDmYZn8+M/zR3Mp7+h7goiiXCSD20LKKRgT1EBr9/6/Wg/W2A+D12SUmRzOMFxLFYBcwnE1qOiF0+g6tFQFgDGgDBoVR4AHlmvx0e5uFpcbKfcDaUj5taPRiuqGgtWA0aKcwGgyCMYAY1poh71+/1QQu7lSIrR0p5RI0+kIMWAHrFNaBavxCZukdbNjCC7iEI7Z2tHrpiev3N7DhSDmfomMFpcEohQaM75GrVSmWJkhvfIkIxGGIs6ED0ADTl6+lcXEyldBYBxoBPIInvX2V4VKF3AMVzNo3dGp/0u5049ja5g4Qh7aYUqDvjoSAApLhCgOrX5EtDOGaX1B+9EXWfptFbH/92pvTsgM4Gw4GeAINRitQGgRSq1VKx89Df4G5j2fZM9Sjt/wjj6d+796rrqdmZguxtZdPjx1mtSncWXNstRyu9ivDqk52bxcf/gPice2fGT37Cs9kvy/PfTCZBTAHTp57Xpx7rWejxK0NxeJqndv/1ji28SFHTkxh/AISb7H/kQLiuyQHU6STx5P1xfn+oadf+i5wUXTy/NnH0m9ceGrn/zf++Jze1gSD2U1cuwbKMF+9yakXHsb3/6L40HMs3ogu3Xh7/DNTnpg+ujefOVdrRSytd1hv9mn/8BajZ15GBwaVOIQeGONAZQo9MIZKHiHIHCOZPZrZvPltSVUuXCkAM8AIsA/Y9+74p6eMRFq8KPGCeA/iwYN3sWhxVnnnRWT+P1A8aPl/RBTPAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAMtSURBVDjLVZNLa1xlAIafc5szk8xkMkkm5MKY2EpT2qa2MTVCmoLS2gq6EKooimAW7iQb/0I2bgTRIog0oFW7KQpCS7VqrSmmJGlSQtswqWlLLmbGmcmcZM6cy/edz00r6bt8eXh4N6+mlGJnxiZHR4APgSNAFjCBKjClInXm05Gzl3by2mPB2OSoCUwAp1/LHbcziSyO24gbgJAegg2urF8UUsifhZBvfvXK99v/C8YmRy3gt8G2/cMv517E8Wx8ApYcjZiyKbkRSgQkcFn3rzG9Nn1LhOLYt2/8UNUfLZkYaN0zfLRrkLIMCHUNIXTqIoZLjLJvU/ASrFQtnko+z2BH38HAD78DMConHh4FPn5nz6vGgqyxTp16JNj2kpR9C8eD/OoW1VoNO1NCS+d5oW0vV27f2PX11MS8MTR6+JOTXUMHNCPBui5AtdMpk8xsGNQ9ndur20TxCnbPIn5TnmJUwaxIDrTm9Jn7d1tM4EiuqZs5d41iXGefsZsIwYNCgOfVSXconJbLLEWb4CuahU2+6HO8d4DQF/0m0NpgNvLAXaPgu6QadrEZpKhUItJZj/aMS1EewvHnsdUWW/+WKG82kEykCAPRbCqlNE1B4DsocpiW5OJfIVoiyfqSQFdNdGXrpLZGcFZDPKYJg2VQCiGEZkoRlZ3A6W41mknFn2WlaOKFFrG4Tbw9wb2/S3g3miHySLdbNDd2kzYKVGpVpIiqugjF7P3yQ55pyLFWmCSyVokZPqHnEoYmsWQGuyWOGdexNIkRFOnqbGN5bRngjh4G4rMLd6+KnmQW012lWrpOJuNjCh9LU9i6gRkEZHIrpNv/QK8vcijXz5lfLijgS+PmuYV75+fPDXr1Wt9znfsouy5x+2miuoltW1iawBJV0o0/wT8lBvbv5WZ+gaWNlasz43MfmQChH777e37uT78eHDx5+BiLBROjqhDaFmGkQ1KS6+mlr7+XX2evc+nWVB54+4kznfr8pZQIxXkRyhPvDb9vIjtQqgFN12hLO2yUZ/ni8o8SuAa8NTM+t/GE4HGGx4del0J+IGXUH8ko86iuAneAszPjc9/s5P8DuO6ZcsXuRqAAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJtSURBVDjLjdNNSJRBHMfx7zzP7uKTGtLqSoeCCEKigiBQI0qkpEuHTp4svXjyYp2COhedDTok9g577aAlhtUhPBi+RLVlaBhr69uumuvus8/M/DusbikdnNvAzPDhP7+fEhHGx8cv/h66N6CXk+j5GVr6EvXsbi2osbGxE8aY9zbIl7sYFu93cr73065uh0Kh+lA8Hk80NjZ2lX3u76uIAgJBEGw7aK1FRLbtPc8DYIdAs9DTSdODCbqfTxMWIZfP4UU8rBEwYA1YbdGBsDa9vlISRCb7+ypjAhaUUoSAu211hFznv/z0aoGuG6OEWltb64wxPbamDVdpVl+/QSkFRgi7DjcffmU1bzga85iay1EZdqmqcJmY3gDAicfjiWQy2bU49JiNsWeICEopxAoC5H0hIooDtR6ZrKWmKkTeN0hhc5B/BVdwlSYzVBTI5hzLgKwvjEysEBQsc/M+6Yyh4Vg5796u/yN49Yjsh6cggohgChaAwBd+bRiW0gFVSjE1Z3CU0HK6dqfgKi6azOAwABIICGRzFscXLpyJMpFYY81Yzp7aS7Qqsn0G8/0PWR99gjUUBQE4LpiC5VA0zKWm/QhQKZrmhhiuo3YK2nHQLA8Mo5QiyFuW0j53uutAIJfXXG8/XPrGxbRffGArB87Ii76KmAWzmbbAcu32R3LrObwyD2tBrEUExArWKtS2JBby5Q6aH7c6uDz4HWstxhi01vi+TyqVorq6mlgsVlIopYpd0FofP/nl5fSefR4iMDMzg9YarXWpB47jkEqlmJ2dxXEcCoViENRWSTqORM8drIg0J7PBz95vy5O7rfMfwdWGR/X6rdQAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAEPSURBVDjLxZM7TsNQFERPrIielg5FFNkVy6FhN6wiG4hC5AoJVkAR+84MhWM75FNRcKWRXnPP3N9bJOEv0fDHWAK8vn1NZSghAgUsIwcpWFAlXp4fFxcAgIf7O5LgQBxskI0NPkLaz7pegRLsIdnOiUDyAHDoe90AiDnhzHVMtkJVbgDKlK67WkEG23QV9vt9bGOb9Xq9WAJUeXY7c53eBvVitXoiCdvtdq6gaoBccx3bsUMJJNE0DbZnQNcLaXnV1TpCEuR5iJJmQF/m/eObOvY/DNXT/pUQmwDj5Y4VkORCbdtGUrqum3Q4HCZVVTabTZLMh3QakkhC09y+9F8tnIdtdrsd47puCWDx77/xB7F6hU6PdBGYAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIwSURBVDjLlZLNS5RRFMafe9/3vjPOjI1jaKKEVH40tGgRBWEibfoPQoKkVdtoEQQF4T/QqkVtWrSTFrVsF1FgJbWpIAh1k2PNh+PrfL4f95zTQk0HHKkDD/cc7vP8uHCuEhF0q/KnmXNgGR248PZFN4/GISXMC8L89DBPV0Dp4/SsazJjrtfb9/vdxfn/BgjzY5M8Aq8nBya+V3h93vtnQHFxat4kszntJAAAxus1YvnZQV5V/jyTEZarwnwFLGeFZdT0ZFOJdD84qoCDOpQ7grZfRNj020JSEOKvwvxGiF+q0tL0N5PuO+Mk0nC0B0BDsYCCImyzAIktBBloMwKJLSgKYcMAcdhC2KpVlIig+H5qxcv0n0xmj4Gbq+BwC2wtJLbgHUlMEFJwUpMIGpto16u+kJzSACAk+WCzvNbe+AVljkOYIcQQou3TbvdOJo+g4aNdqzaF+PT43HJVA8DQpcVIiPPtaqlEUQzlDELsTpgYwgTAQIjQqlUCtpQfn1spdmxh+PJSQyw9CrbKgM7tvcISQAxlBhC3GuCYXk3cWP25m3M7dk88qbWBRDVApaATOSjPBdXXwYEP5QyCgvjE/kwHgInHtHYBnYA2owhrPiiuw0sOw3EZFEagIB7qChDiYaUcNIoFtP1KxCTPhWiDw7WbXk9vKpnOgsI4exjg6Mbq96YQPxm79uPOvqvbXx4O3KrF6w8osv2df17kr5YXJq7vnw/S0v3k7Ie7xtud/wAaRnP+Cw8iKQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHOSURBVDjLpZOxa1RBEIe/d/e8FKeFEA2IGBWCICZYBSESBCFglUDSCJZaRBBbK1HQ0s4/QQlCgoKdoBA9sVBshCBETCNRiUUg5PDt7MxY7HuXdxgEycKwyzJ88/vN7Gbuzl5WDvDozeZtd66p21EzQw2iGaqGmhPVaqFodNTs/f0rI+M5gLnfmB0/MPg/le88+TLWU6BmgwDtpevgDhrBFETSORQgAQoBEbZvvUJEB2qAqg8ORw6BxRQeS0gBUkAMsPIdAIm60wNVKwEZrG+AW1JilpRotQNDQwCEOiCWgIXhe1w+f/if3hffrXMhxH4Fooa5kzdT0rNPi3TWlrl6bp7PP1d4ufqCiyNTzIzOUYiz1RWCJECjsuBA3swAmBmdoxu6APza3uDB9EM6a8sAFFEJYsRoOwBRww3yxt+Su6FLq9nqAQuxst11QDTcnX2lhc7XVO3jtw8cOzjMzafzTJ26RJUL0B7Ia020dNlsJAsTJyaZODlZziVj+swsWZb1AarJJUCMeCnn8esfaWruiIKoEtQIkry3mlUx+qfg7owd389prd6+9/7CbsvMrfaQ/O3dhdWzQa0tUZGoaDREjahxV8Dm1u/nANlev/MfAjw0JrMu09AAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAEXSURBVDjLY/j//z8DJZhhmBpg2POQn2wDDDof8HvOe3osYtXzDzCxuM2vP3gvfn4MJIfXAP22e0Ies58eK9r2+r//3Kf3YOIhq17eK9v95j9ITrv2jhBWA/Ra7kVEr375vXDrq/9+s57eUy+4IY0kJx2w6Nk9kFzE0uffgXIRKAboNtxlC1/+/GPljjdABc9+q+ZcM0Z3qmb5LWOQXOmml/8DZz7+qJB0hQ3FBerFNyNC5z/9nrXqxX+Pvgf35OMuSSPJSXtPfXQPJBc089F3oFwE1jBQTLkiZNtw51jq4qf/XVvuwsPAa9Kjexkrnv8HyclFXxTCGwsyERf4LctvHvPuvAePBf8pDz/Y1N45BpIbKUmZFAwAR3nW32nUrY0AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIwSURBVDjLhZHLaxNRGMUjaRDBjQtBxAdZFEQE/wEFUaurLm1FfEGzENwpturG6qIFrYUKXbUudOODNqIiTWqvFEwXKo1UUVRqS2NM0kmaZPKYPKbJ8XzTiUQxceDH3HvnO+e73xnH8X7fLjJInjbgEekiOwA4/sbBD0Ov5sIqY5SVXiO/Rpospw01HphXrOttZPBMxCkWJ3NltZItq3i2pOKZklrWi9Z5SMuKwf2GBtJVxJotiqWLKpIqqHCyYO3/Z/A8UyirBDtLcZTi6Y+RdxdHAsnTAy/NM0TerCuRlE2Y9El+YjCWoLBkViyxdL40OpNmLuBo0Gvk12AuYC5gLqB2XAw8A2NBFZzXVHm1YnHq1qQpYs4PjgbmAuYC5gLe0jrnWGLwzZqDi33ksSTunw3JvKZ0FbFmi5gLeDswF2v/h4Ftcm8yaIl9JMtcwFys4midOJQwEOX6ZyInBos18QYJk0yQVhJjLiiald/iTw+GMHN2N6YOuTB9YieCozfE4EvNYDO5Ttz2vn/Q+x5zC3EwEyw9GcaH7v0ovLiN6mcf8g8v4O35vRg+edTr+Ne/tU2OEV03SvB3uGFQjDvtQM8moM+N+M0D8B92LjQ0sE2+MhdMHXShOutF/ZO6toXnLdVm4o1yA1KYOLI+lrvbBVBU7HYgSZbOOeFvc4abGWwjXrLndefW3jeeVjPS44Z2xYXvnnVQ7S2rvjbn1aYj1BPo3H6ZHRfl2nz/ELGc/wJRo/MQHUFwBgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIMSURBVDjLjZO9apVBEIaf2f2iRxMJUfEHFEStBCtRC0sLSzsbEcFCrQQVL0AvQAgkd2FhZyOkNRAsrERQRMFwonDM/35nd/a1OCfHRKI4MEwx7LMvM++YJADM7ARwFIj8O5aAL5IqAJIYQi6klH7mnL2Uot0ypaSZmZlp4BQQJO0AXMo5+9ramtbX10e5vLysXq+nbrerUooWFxc1Ozs7gjRD+TasIcZICIFaK7nCSomkYlAinQydiUlu3rr9IDZjdv/e3ecmaQtwsZQyv9F3Pq8ZH1eNzSzGGzEenA4txw8eYH+ETgNjASb2Npeb7dNZ+A5vfzTkKvYE6EQIDgEjhDGWeqvsC06jwvEjhwEYAR6+/PBo7pshREDkAKVCFQwQYBGMQCdGNot+A57O5ye56noqQgwa0USJRqngMg7vNcZiZLNAJbDSH3zcPFuoU1n2uHWFKDEAi2hw/iCcnTTOTRm1DjbmLlYzpKHypnVdzc5Uv4IJXKIKbpwxrhyz0XzMDEnEGJkM4lAz6DV953TfZX2HiihVXDsZuHLMtvwxMpyZUWvdYcsmuazvCn2XXIPBnRjf6d3toBDCjl5oXbQOrWOtQ3Lx6msdyd6qf+Y2AL3WZcnFpotUxJtuZfqd//XxEFABQip6nQYqLLlIDq2LF5+cO3OZ9z3tdpHV3TcAt23nfHJ4zoH/CweWfgFQJVPOGSHTggAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALoSURBVDjLbVNbSJNhGH7+7z9scyqepi6JobKmE5ZigSWpYV5UskYZkRJk0lVeVN5GF96EF0kXZXRVFHWTKynqKijFQmvqTYRMcWuYodtS59zxP/T9vwdc9P08vP93eJ738L0foygKdkbb7bHLhlxdF2HQSqcM/RJQGEiSqFsNK0PjA429+GcwewVO3fmcetZbzxOqsLOs2mA0hReeNSz5EvE5rzd/9P7p5A6H7FVjWSLyLIFvlYN/jcVcmMGPFaDcZITr0D6UW/UGLtf4eC8nQ0BRw95eJAyzi99/4rBkp3H1SCFYnj3/X4H+/n4DlSBqyByrggFLU1HtPI1kMiBCx7NgOEbu7u42ZAhQcg81K9S9oKbOMUTb4CmZoxHoBBZ6CoWu0oiEZDK50tHR0aOlTQhpM5vNL5ubm4WxnwrOHDYjlqaeKFGR1VSo6qYHBeEnMBTWYsSzipsd9cLy8rJzcHDwC0dF7jY0NKC4uBgHIw9wb+B9xjXxrIz22kWYatox7r6F+oQJVus1uFwuBAKBh6qAzW63a4edTidsNluGwGbgLa1DNXLNdagqGUGptQ1FRUUahoeHKzhJkgQK7bDf79c2QqHQVoHEEAwr71BxtBNS5A1M9k6EJl5DTJ8EQ1isr68zRBRFLCwsaFCJtECIRqMUG7SDPqK46iyQmMbXp8+RnRdHVtKHec/ILodLp9NYXFzUPMZiMaiCqVQKurQfBUYeOfkx6t0HtaJS9BvKW/ow++ERopZcBIPBLQGVoA69Xg+3200rr6DRNI28E5cgxyYpN476czbIqSXojV6Yba2Y932CyiWULEciEU1ATaG6xoHjjhxU1rQgKycERQzT/mQx9cpLT8iQE16YDlhAfo2hNEcB63A4ymZnZ4WZmZmSzeou3LjQhLWJAViaroPQlmT4/SD6KpTVHdMsI1SCM1qhy7YgPzz6PeM1XhmalDjaWhc3+sBK9CXLyjbkbWz9EykZhzpXlKm/wwxDbisZJhAAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIdSURBVDjLpZNPSFRxEMc/b9/P9b9uu5qWVG6soERCIringi6J5wKhTl2CvFQnQQi9dO3QoUudOkSHLkUQniL/ENWyrSRbUqC9dc1dXUXxubvvzft1sF1d6iA4MMwMzHznO8OMobXmKOLjiHJkALWysjIKXAXwPA+tNZ7nVaiI/GP/6jMjnU67LS0tJsDBfZT8/9mSn0gkRGmtzaqqKh7GhKK9zcb392hnB19rD8fD5xlq+EEkEmF0chM7X8TeLWLnHV7cjCAipjrYte/bI9z0J5Ysi8WsjR6bA8BxHCYu1eJ51eWxAEQEVQoAnLYLXOzt4LJfMfP5KwnTLCdOTU1VLG9wcHAPQET2il2Pj5mTKLVBQ1MTseIAuVweGvYAotFouXuJdQWDTWuB1vBZXqo+cr+K1AT9tO8slxPjTybwxV8jqxYSCNJ17S7S3LvPoKN+i/n1AF4wwLE2P/mtPI1eFqgl+/YprWsxum6MUB0+x+7cJMmZ5xhtSxjJZFJ3d3dXzGfbNoVCoUx5/k6Ugesj1P58B8vT0BxgTZ0h9mFhn4FlWWQyGUKhEJ2dndTV1ZUBZdWipj0MQ/f2L3D8BGpzHSUiyXg83iMi9Pf3G7OzszqVSlVeX3MQ+8sb6l/dprD7GxvY3jJxGwOucZhvnB7uGPc31o+dCrlK+VJsZ10WV01x8vq+cdh3nhk+PbqTS98yxTgjpl7W8PjKpPvgD7bjUD5Jjh8/AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKTSURBVDjLjZNLSJRRFMd/95uHOmrjo0zM0RTR7EFvg4oeEtQiKoRcRBRFaKs2QatW0cIeFCRUWERBgYsWFYQUUfawh20GW+SDHIcSdaRSq5n5vu/e77aYnD6JosO9nHvh3t85/3vuEVpr+vr6tOM4OI6DUgqlFFLKtHdP27bTvrGxUXgBlFKUlJQyMTUFWkNqgNZoQGudXqM1+fl5dHTcByANmJic5MiFLv7HzjSvxrKs3wAp5a+QUBoqIyfgJzQnm8wML0lbY0sHW4HS8Lo7jHY0pmkCYADYtp1KExBCEE9KRieSxE2F1iCVxpIOpkyd0ZqZGdi2jTOdnxAIIfgWlzjaJC/bh9frwXA05XSzZ2UHnoFBNuU+pefilX1pgHZSCOGCJCyFZTtkB/xUZz1jS2GUrNl7CVYsZyJSQ+/Dq6fTAFwShBApCKCFYJ7xnG21MWYF1/Hlw3v8wiJ3VjE5hWVBL6T0GB4DgOhQZMaLLyocYPdai7zKbZgj7fgDgmi4l+8/JNqaWpoG+H1eWg4tQymNz+cjNjZGnmeAUDBBsGoHyeHLGH6JL6ecDBnldmQex1uu908DznV2Ptno+mUFufEXkepNZfXBql0khy9h+CTWVAUjnW/UvU/l/bG49xaAmC6f226eari2Ymnl/gUbdxrW2A2ExyI5Wcr4s+6ESvxYWHP01VC6aG5Aa2vrHPE5HKtfU4wURRQWdJFf5Cc5GWK0q4f2wVD8xNnL2e5ghntjmuaquYEoC9c3kfHxBf13uwg/+EL/4zDlDecpmr840NzcvNV95w8JJ5uWOMcOHhYYivCjOwwORXiXtZmvdiZSyrdtbW11/wQ0bihIrKic662rrUD7zJeJ2PiB7S09g39rrJ+Ib2CJHdkBMQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAANpSURBVDjLfdPdb1N1AMbx5/ScvtHTZbSwDcrWlXXIUOdkZiRmioQXSYgX82p4YUKMkJjswpkRjCJckUWDhBCZGoJhYrwYMIUQzbhReZOZLtvqateVgdKVjYV2W3t+b+fl5wWSwI3fP+CT5+ZRpJR43LHkYZ1bopsJsZMJ2sYEB+NsmDLxkyo2HamUnd7Pd0cInkh5DBwdP7SZm+KbjZXtMVXzwVRsVPlXYiqXwoWJ7/siypdJYVo9Qth7Tu1t+PUp4LOxgx117viFcGA1ZsRDjJZTUKULL+sv4rvfvy74rY62oLJtuC2uhybuLuHv++U3B/Y3DwKA69PRgyEmWH+VXoeRcga/LdzEgrmIuD+Kudl7MAz6cUBu/WBdlS9UvdyHxlU6KBX9Ow7cCAGAi3Da3Vq5Wc/SHFJkEsRiWKmGoDM3fhg/NxpRT9xi1Nwbrw0gnWcIVXjRuCaoM0K7/wOMXarbi2Q5DWFxVLh0NFesx3DmOmiJdZlcO96yNqgK00HuoUBmlqMmHACjbBcAaISyDVyx4IKCFv051Hsj+Gc6i0Q2cToW7F9NKW+NhP24mSEghg1jyUZTxA3OaAwANIMSWu1b4WkPvoS5/D30jRwtcEMcP1R84+TkYkIbCjyTfVBkz2tQQAwH0nHAhQZBmfpoAaF3/vjrRsulPwfnOeW9+++vGdhaCLwtycTkKyTx2qUNPWDcBiES1LARXu7GzIMyBKfZR4BBz/44fr7vWK7x8rpFtVsSmjLX1upK5jacUhmUUhBmIz51FtunzmDZwh0s+MIImdEi8C60wWzLaUloryT0hNkQ9ZgNUTi2DW0kCRgGOOGIpL7FRvtnNL2zD97Ys6DjQ4hevfLqlW3uLpcsG5pTKr/FN7V6RGMMdDINx6BwygZsg4IzgvDYKazf0gHf7V+gnNmNZdODqI+GVanI913uL07OOyVjj3IrAUyk4a5ZBYcS2JTCpgyCMgRLM/DVxICui0BvAfhwGpqRhuoo9RoA+M8PnCu1b9mhjqW+shvqY071CoAwSMbBBUVRDQgyetkTuPgeOJ0FAVBaUmGryCtPvrHY9IJuc9EjhdjpCLNNWlZzTSGfvNYZOewJBj6qDVua5sqhNG/h7pxqm0x+8hTwf13vrDtgFPL7VFuJ2qqckUDf60PWkX8BnoTdhvAVaYUAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHtSURBVDjLjZM9T9tQFIYpQ5eOMBKlW6eWIQipa8RfQKQghEAKqZgKFQgmFn5AWyVDCipVQZC2EqBWlEqdO2RCpAssQBRsx1+1ndix8wFvfW6wcUhQsfTI0j33PD7n+N4uAF2E+/S5RFwG/8Njl24/LyCIOI6j1+v1y0ajgU64cSSTybdBSVAwSMmmacKyLB/DMKBpGkRRZBJBEJBKpXyJl/yABLTBtm1Uq1X2JsrlMnRdhyRJTFCpVEAfSafTTUlQoFs1luxBAkoolUqQZbmtJTYTT/AoHInOfpcwtVtkwcSBgrkDGYph+60oisIq4Xm+VfB0+U/P0Lvj3NwPGfHPTcHMvoyFXwpe7UmQtAqTUCU0D1VVbwTPVk5jY19Fe3ZfQny7CE51WJDXqpjeEUHr45ki9rIqa4dmQiJfMLItGEs/FcQ2ucbRmdnSYy5vYWyLx/w3EaMfLmBaDpMQvuDJ65PY8Dpnz3wpYmLtApzcrIAqmfrEgdZH1grY/a36w6Xz0DKD8ES25/niYS6+wWE8mWfByY8cXmYEJFYLkHUHtVqNQcltAvoLD3v7o/FUHsNvzlnwxfsCEukC/ho3yUHaBN5Buo17Ojtyl+DqrnvQgUtfcC0ZcAdkUeA+ye7eMru9AUGIJPe4zh509UP/AAfNypi8oj/mAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAEjSURBVDjLxVM7TsRADPVEK4oVSrGU1FyCjltwADrOQhOJe1DsMbbfYjsQ2g4h5cvM2MaeT1BIJNBSYMl69iTv+TOJYWb4ixWnEquqCpVX3x887bqxJSQAkgwRwEvsE97drM0wDLAooHZxXgBlsiAmJDl4ecPwTtd1ywJaXsmZqLFP5JBHPrRtuyyQ29Xq2nIU44mYWtM0ywJKOr7TOC9hjIOAOvwgcHu9Nr+5hYnAw/bI81EYvLTgBJ1lsA7BORIkeLy/MnVdTzu43JwFJPmwdFGjgNcRxH0BXsj757i8mQBzWhaqK4EDGZ1gyvV8+KD5LeRqPmCKQ/UYo3oSJ6L5DqwlOLz2ghiq6pzOxvZ1fuQvYra+73PrfJKXZcmK5t/+xmyf9PZAc1Cvzt0AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAK4SURBVBgZBcFfaFV1AADg7/zO2Zy7A3fVebdEQ2yCoeVfmmhQGlRgmCg0sEAoeivvWy/BiigYvoi9hPYgEfQYKGVgiIhaaJPSVlC6hU7v9Pon166755577+n7ovRtvZ3LjUiUAQQEAAQAQBO3HWrc8HHSudyIwRfLShuJOwgJUUSIiAIhIkSIiRAhb3H7Urnz++MSibLSRtKY/s3EuPsH9y4TAnFAIEYUyHN6FrNkA0uOlxMQdxC6WL8bsJusxt+nuPYdrVlE5DkiHk7TtYg2QRtRwuMKV79l4hy1Kh0Fnn6dVw/zxBAgIsuoZzQbNEgEhIjHFX7/mhCRBBavY92bLFjOcwe4fIRrp0ibNFKyFnWCgID+zez9iu2f8NQuZiY4/QE3zgIb3qW0jjSl3iRr0iBoQ0yEjgJ9q3l2H68cpncFY1/wzxlgywHyedQzshZ1goAID37j5PuMHaFWpaObbR/Ss5Szh5idprOHNTupN8naNEgEhEAemLurfv20cxfGXElXKi7qc/9en709tyz88XNfTixSLBY99JJnJqu2pbFEGyLiXLap7JsT5/2Xd9r31htqtZqpqSnHf0p136l6bd9+cRyrVCrGxsbcbKySgJDTt8aFyYbrlX/tGR527NP3nJ+c0z8wYO3atSYezbl48KDp6WlbV5Zs27vfyckdEiBi7q5fxy8pFAqgvHrGmT8bhoeHFYtFs7OzqtWqo0ePKj8/6BcUehdKNJA30TJw/5yfHw2A0cvztNoNo6OjCoUCqNVq8mZm9MRFO97ZqnrrpvijQb365w8pDpo/v9vZ8WnpXGrV+i02DW21bNkyrVZLqVQyNDTkhe3bDawY9Nf4VdfGrzyI0pf1dvYb0a/cajE52+Oz25t1L3lSx7wu7Zw9d36wMJtzbOkurSjI0rp7lamZBTMPdv4PY0MOogadRGMAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJOSURBVDjLlZLdTxJQGMa96K4/oPUHdFfrpntyZrXsoq25tlbroi6qi7ZuYsuZ0UXRWiv72NS0gjIgDQ1LS0wkwU/UVEREUkEIBBFE+V48ve/ZICza7OLZOTt739/znHPeEgAlhZpyB8+MLa58HHL63H2zy4muycVku8UZahl2TNJ688/6wsbd31yBLps3BNdqFCvrMYRjSURIvOdzzdAcmozWhTaLc+8WADXvHHb6RhYCEdEU2kiIJu/aBtwEywE3k2lQKjz8NB7Sjs7vygPMDu9ddogmUliNxsWaSGfwM5sViqcy+BHeFCl4r6YkzwzTnXlA9/SSh924md25qFDszMnmfGuga4pEd3QjiTxAN/49xY0c10MgjsuOuSssBdfh8IdBSUG1AibTDmbzAHrhZab6IzHQq6N3xo3+LyqY+1phMmig/9AISolm8yyMdo9IcKtt6HcC+h653uoScTsJ0K65jw5yYrWOOISrol6Kht4pcUV+g0efJwx5ADXtUA3a7aMLflHQoa0VzfTSoHMBUClqwL9EM4Lrb01JOt+zZQ7ob/c/N1qDDGEHBugKxO6mOS+qWswZRb/t9F+DxCLHAzQovsfdEyAYXn6d4cHBa7r7NXU/brwbiCpNtsNFJzEnaqp4KjufblDU4XbtJVTJL+BqjQynyvZl6e8P/nOUC1UtvehWNr+BUqlGXX0T7j14gpMVZcFitUUB0ivnBvQ9PQgEgrBYxvBC8QqVxyXz2wboVfKzlSeOxsrLD2VLSyXZY0ck8feN1Ze3Dfgf/QJBCig+4GhFlwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIzSURBVDjLpVO7a1NRGP/dm9ubpGlMioGiLdFBHCyFtksHZ6tiQZAMEbqZwTGgkw7B3cmugoOL/0ATujadlIZchCwGWlERF5XbNOc+zsPvnNvUQmMWAx8f5+b8Ht/jWEop/M/POXvodDpvOOebcRw7lEHZRBRFOr+rVCoPxxJ4nlcgwOtisVhJp6cREghSwngjh7OzRezstKp0Ok/Q7XbvaHCpVJrP5XI4OPwGrS6lglSSiBQEkYVhOL4Eutwql8vmwFiAmMAfvX0ikKdxa/2uKWMsga7RdV34vp8oC4Ebi8tGXZ2o60b/04FmFgTSl/RAtHWv+4GyMOr6v0v37k92kPRKmcuaYHFp1aiPXKgJPbBHzIkDbZlIxEn9dgRf/UT6+wGezRxCvXqsxNMN/xzBKVj8bZwm2vq0gha7jedf1oCpLHBxgZTsqUe96gzFpiHQ1kbbqC2b8ckkz81lca1gwc24oPEAEcWx0Fd/2Zbztuo9+GEc6CmkUqmk7rMuIglOFfIhfWccKiTwkIPx2CmggCAILmgH79vtNgaDAfL5PDLZNG2gZYhiAvKQSjsmhwE1m+ngBAzJTEx7E2bsWq221u/3N5rN5v7e3i7SroWrVxZQLs9DDEmdaQIYIAJyEQmwIMBRNEAcxclbqNfr25S2G43Geq/Xe0mjXdJLJS6/AM9RbwIaJyP700TCpdlY3z4CCxmsSc955clnZSnznnDz967KOrC+Dp2wc104yh6mZJzlfwCf3q+o0qkR9wAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ0SURBVDjLlZPdT9JRGMe5qFu2Lrt1a63LWv9ATRdN5xvLsnLRipzZpIVpigjyIs3XAOUHgopoWkggP5QXSRJwJQmtm/IlAWtt3XXTfubS+nZ+P1eby6ldPGdn5+zzfb7Pc57DA8DbL9rjrYxuVsXf7W5fuC2mYawpE7QRJZpDDfz/EngYVTN9qR4EPvlgXjCiKVCPWvou/0ACxDJjSbIwDefqMPxrEzC87IDUW4Pq8Vv8PQVaX7Qw5qQRgY9ePP0wDMeSFfWTUkxmPeiI61DlFOP6SAV/VwFtRMFQCwb4CdwW10IbVcK+aMHgohmPlwdBZ11oCctx1X5p/R8B9Uzzuum1ntj1Iv1tGRtb3zH2dgSa2eZtOOOCMizD5cGyzR0lGBNdx1TP5T96E4+4WttiWg6mYr3Ifk1DF1PBmxmHYlrGZkbFUDku2oSHOAFjolOuIpZ65rs5+MmKg9hWcJlZWB1UbsOhRjYz5r/MoSn4AKWWQg0nwFoyzndhijRobGWIq3XgPQU1sa2LqjCRHoc81IBK9w0OnvscRWQtBGFfEc4b8o7wNDMKOwnY3lDwZZ+h1idB/zsThpf6CezkstVN3yNwHFMrNGqCVRvlA2UQ6POkud1nTvE0EcVR1gU7JNSCnrPrWLRtw+RM7BKBXnJDP9eOYqogVNAj0Av0uTk7mtjov2+1p2yQ0hIYXnXCs+qEzF+HC9YSyIiIsK84XWTKP5tvPHdi11GupSXHW8JNW+FMAHdclSCCKDEX/iKdDgotRY17jTu31LhvHybT5RGPin5K3NWs1c0yW+lp0umc/T7b383NUdHJa44rSfJU+Qf54n/iNzi8zBtL0z1zAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFrSURBVDjLpZO/SmNREMZ/uVxFCGy7L+AjpAgoIUW4hZjCCDZCbCQgVlY+gaDNLghibbmy2EgQTCOp8gaWYmFrpbE4Z+azuPe6UVE2ZGBgzoHz/Zk5U5HELFFZ2/uzu9ysHT2OVZUAd+SOuSEXLkdmuITMMHd+zIfn29uH/YtfGydpbal2PLdQTX4uTEVcfR7bMXCSjoOS8ePT1NJfghKAVCYONhenBtg+vCcHkAOwcwOnTRiNRkjCzHD3TwmQZRnmlgNQTOG0mSPX6/V3TJNTmqw9FgAl0tY1nGUwHA4xM2KMbyom1Uii0+ng5oUFz1HPshy50Wh8yTp59tJCWaxfwt9VMRgMiDG+y48Kut3uWz/SGAKQP5ZEq9X6lrmMGGJhofCyclGhvyb6/T4hBEIIxBgJIXyaQq/XQ6WC8vJqHSCh3W7/1z/wQlH6cHd/vvM7bLgZbv86biWzhNyQFXvhTsF5DlCZdRsTZoxXOgYqlSAcLRcAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAK1SURBVDjLbZJtSFNxFIcHgjAQgr6VhBSFIhhJQa842JdeLBMyVIpSSUtFZpIIaqa5UNTpUKebmR82FZmmzpXiHKawhqKUlUVQCEEE1ZfQmFg3n85VLN8uHC738H9+5/mfTQNoNtR4S7iUidHmacYtCl6zwnD1NEMPTPSWhG8+vxnOEzDAZBe8ckm5YaYfnjtgzAI9+QGcuXlbA8ZbghmzDTHRDi965HAzDFYiU6H/LvQWgKsERmuhrxAeXhmi+XLw/4DRZjOTAqsBw9WKgHrR1f6b1JGtxZ6up+2aQo+EOTLBfM60GjBqieJZvcJEp0ysUOgvDaOvKER0jaLrpz3Tjz3NiDU5BFtCGA0XFJxyiyqdQuWJSA0jJjO+NtEzq7p6+gpC6c6b42k5dOVCZ5a8b4M1fo76s6FU6/USAq1XwRht0ojue/ztq3fruaMV3W7cZYiuk5YkHY3xOtF14siQqTHdVB3Xcv8wYgaF4W81oruEX7bszFWbQaIbwHEL0dVNTU3F+Xy+SNHV0RAL5UcClB4MoigCOnIkYN8Pjegu4Xski0lXt6vFmqjqfqPLcErg316v9xdNCWdE9xP3oqDggJbC/atXK967oJHtfuBxPqIbEN1g0Y1Rtyuwg5lh+OjB6XTaDY3JxYbGpJ8ZtRdJNeqWO0uj1QC5gjXZILoZspgdaz+bwDtl8oLb7V4WeLncWjBf1p3Kk1kLM1881I1kkVgXRaohdECz5a8sJXCTwArfX8LXKa5Xnsb1xozrXT3qU+NNp857k6PZuxa3gw8J/EedbLfbfTabzXe+KJrB2VbWPwOvLWrA1ukCewVeFLh1rXcyZ49S7UmjwpOyAlcMp2xvIHCswJ8FLl7fl4PGSzURmDw3Viarb/Vb+jUbAgRuEThuu73I4cpj2bsDqrbUvPqt9v8CPKvGd70s+8YAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHhSURBVDjLpZI9SJVxFMZ/r2YFflw/kcQsiJt5b1ije0tDtbQ3GtFQYwVNFbQ1ujRFa1MUJKQ4VhYqd7K4gopK3UIly+57nnMaXjHjqotnOfDnnOd/nt85SURwkDi02+ODqbsldxUlD0mvHw09ubSXQF1t8512nGJ/Uz/5lnxi0tB+E9QI3D//+EfVqhtppGxUNzCzmf0Ekojg4fS9cBeSoyzHQNuZxNyYXp5ZM5Mk1ZkZT688b6thIBenG/N4OB5B4InciYBCVyGnEBHO+/LH3SFKQuF4OEs/51ndXMXC8Ajqknrcg1O5PGa2h4CJUqVES0OO7sYevv2qoFBmJ/4gF4boaOrg6rPLYWaYiVfDo0my8w5uj12PQleB0vcp5I6HsHAUoqUhR29zH+5B4IxNTvDmxljy3x2YCYUwZVlbzXJh9UKeQY6t2m0Lt94Oh5loPdqK3EkjzZi4MM/Y9Db3MTv/mYWVxaqkw9IOATNR7B5ABHPrZQrtg9sb8XDKa1+QOwsri4zeHD9SAzE1wxBTXz9xtvMc5ZU5lirLSKIz18nJnhOZjb22YKkhd4odg5icpcoyL669TAAujlyIvmPHSWXY1ti1AmZ8mJ3ElP1ips1/YM3H300g+W+51nc95YPEX8fEbdA2ReVYAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAMGSURBVDjLVZNLaFx1GMV//3vnzkymk5lEm/GRzWgVOkVcWRcRLK2YVHwg1geFQJfJIgWhmy7UQl24bcxQGjcqRHfiQikmiIKGKEWE1NqkQmjStNVOZ5J53Ll37v/porQkZ33OD77vcIRzjp0yV94bBTFmnRvBqIqVkbDFl+qksn/Lm1+eLx7644edfnEfYC6/VsYvTDkTTXild/PWBysUziqE9xiEGyRr1dBZOWtkuzr4am39AcAsHy3j7flYlN4et2mN6f6MlWs4tYV1D5F59CzdWzOkCy/jy4TuXx/MGRV/OPSOWveEEJ6x/kkxdGxci1X01jQ2XgRzG4hB1cGlUI2rdDZn6MoNspUz46anpwC8xu/H3xLkJm26i21/j7Mt4N5ZwhMgQuT2LxQOfIaJPXq1eXSQxygmNi+IUS8/PDbpP/F+TgRP4hjCWbvrqV4QoJsXSO5cZPDAOWSrQVT/lcLzn+RlmzHP3fg0b5Nr6M4i6UfO4KQPO5sRApFOkTS+wFlFas9heturuHQRIxnxsHK/9T1U4ytMvIkInsMZA9zjOOsAgUj5xP/9RtD/LKqzjcFHSyqe0RFYg3UC3bqMlzuINfZB2FqwBox2aJVgDTgDVktUDJ7VvRUnDU4MosKreH3PYHoaoyxGg5GgI40K+yjsO0747xIiO4CQEUmXFc9ptUQSIdJPITt/Ejz8ItY7TLIVI1sJSTOi195LoXKO8NYlZPMS6fzT6LBG0mVJbH8rRq1x32QPVvOdm+dxci/9+04h/Aw6uoufKeFI07w+T3NtjqDYT7F8gn+mT4cy5lhq4E27UP9azLp27VRQOEKv/hN3lycRYhjnBtBJEy3vgDEExSLZwRfQtWt0t5h95Tu34AEYSbW5eHYurfvJDU/QVzoCGYGxGwi/RVB8nNzwIYrlE/ixZnn68zkrqO4a042qKJuQKWOYGDp6Ou/6Slg/g9MGl4So5m2uzFTDXptZl6H6xkW3vgtwX6sfidGkxZhVjKiEShJBErEiE5aMZv71H93CTv//ct+662PTZOEAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJcSURBVDjLpVPPaxNREP7ebna3bX62aZMmYnVLxZRSior1IFVIC1at3uo1ePRQ8CB4EDyr/4AHFS8SCl4FC9IQf1WRhmij2Ei1Dabp0rSxRsMmm23WnZWEWBQPHRjmvcd83zfz3htmGAZ2Yxx2abb6Ip1Oz25vb4dNh67rqFarDdc0reGVSoViLBKJjBKOUQsm+KQoivGuri4raac1tykIAuLxODKZzOjU1FTMqsBUvO7xeKAoCiRJaoCagbTOZrNwuVyQZZlEr5nHMZZKpSx1r9eLYrH4R7nUCgEZY+B5Hm3VBfDLT8A7BlHaeIq1rdpNlkwmZwOBQJgSCVRXbY7k3I8YWgpLaO0cgVs+hK3lV0jN3NdsBCqVSsjn89YFUXKtVgNdJkXaO2sJhHo0OA4cR+HzR4hMg9PVDXfnHhsRhEmJiAhktmSVzHG/X9jXuoKjwy3w9I6jsjYNsY0h83YRVZ1D9J2ZRqrUKzkR1J32HcISxoYFePrOopy7AyZ8g+BwgldzqOyfwGbJgI0I6iAqORQKWRGFNzjSL8Hddx7l1dvgBB1aUYbybB6L9tPwt/qtP2IR0AsQQf3C1NxzuPwqfAPnoCl3wYsGyt/3Yf1FAsWBy/BL7QgGg1aVLBqNPjb7H6//MmwkET7WDZ354O14iXafaIL34ms8gQefgthUuUbFptgM2zlMD2+NGZOX7iE9fQW5lTlIPUPQ1/O5dpE/NXj19fv/DlN6SdG1D48gD43Abj+I1fnUz7KqnfkbuDELzXbhRId6uNdvG+6XYQiVOXU9f3HixsKXf03jL2qvd7dZXvRWAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIsSURBVDjLjZNfa9NQGIdnP4cDv8Nkn8PL6UfwSgQZOoSBYkUvZLN1lMFArQyHrsIuWkE3ug2t1K3O0LXrZotdlzZp0qZp/qc9P8852qyyigs8F8nJ7znveZN3DMAYg14XKROUyf9wiRIKckOCCcdxNN/3+71eD6Og64hEInPDkmHBJAsbhgHTNAM6nQ7a7TYkSeKSer2OaDQaSAbhC7efJGY28gZWPrUQTyt4l2lCKLfR7XahaRpkWeYCy7LANonFYr8lqzt26PUXIxzf7pCfioeS5EI2fVQkG+GVH0hlRVqFjmazeeZIvCc0PBXf1ohu96GZBEnBQMMmcAjgeH3cWRKQyTf4URRF4ZWIongqoOFURXZpUEOt1YNm+BzDI6AeFKo6IqsF3g9d13k/VFU9FSytK9V8zUJiR0WbBh+/2cVich+trodvNQeFEwvTsa/8C7Dzs54wUSBYeN+ofq+ageDZmoBX64dQdRcbByaEqoGbTzPwPA+u63IJIxDMrR2nDkUTR6oPxSJ8ZxYuNlxsHtnYLal48DIH+om5gMGqCQSP3lam7i+XSMfp40AFsjWCrbKHdMlGpeng2uxHpHM1XgGDhf8S3Fsuhe4+3w9PL+6RvbKGguhAODaRLSq4OvsBL5JFvutAMCAQDH6kK9fnZyKJAm4tZHFj/jMexnPYzJ3w0kdxRsBu6EPyrzkYQT8Q/JFcpqWabOE8Yfpul0/vkGCcSc4xzgPY6I//AmC87eKq4rrzAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAG9SURBVBgZpcG/S9RxHMfx5/f8fPXyrMyOhGgoWrLJ4m6Ii2hrCyRwiKa2fg06aKNjLRVHQkNEtOnQUNReg5RLBJHUEhe4iEiUnj8+3/f7lR/j/gDz8cgksRfZyNjMrfMXa/dX2qpIgDtyx9yQC5cjM1xCZpg7B7rj2sLC4uTLB6PTodaoNfNypTRYZjcqa21rAtOhHVVqr6yyW+tRJbYFmRi71M9u3X3aIgmSk8zPz/Oi5yg9eZnBrpOYZxQOheDaoSec7W/xe2uAua+naTQamBtJQKKj6H3Ot83v7IunGOoap6xjRIe3v67yc+MdR0pLZFlG4oWRBHOjoy9b50Q50Nf9heg3iXEIbZ3h8+ow75cv4JvGxP6PJG5OEuSiozbQQ54fpxIOYtrgjy2xaa8Rb3BEXM/JWldI3I0kuBtJvV6nTp3E3emQRIcqQodF4u4koYiRarWKxA7xjwSSSCQQYA5ZBuU8o4gFSZA5yfVXyyTPLldZ/TRK0js8w725KZLJc1PkE3fY8egxcmfH7eYH/Y+R8RltIyz+aM3eeBhH3Qw3x8xwdyxG3B2XkBsy4XLkjjvJLNsySexFiT36C4QDM7+0SJboAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJASURBVDjLhZLNa9NwGMe/WRKXpp19L6WrdVsZHgq9aBF2cFDRDi8WxJPssqMXDx4H+xuGFDz1YC+eBvUgnWDc0FqoL+CmHlylthurdWqG7bY0zUvtL5CSxYOBh+f5/fJ8P89LQg0GA9ifu68XMzOB8INJ/kL8WKGwf/y5WW817z/KrBXtuZQdMBRfuz5z+emcb4E97LvwtXsG3aMOfiiP1Y0Pwu3ineenIGN24nm//+GsN8U2dQ3bf4BnByJe0luIhsKM1+Fatecz9ovZs9NT7+QaPFoKG3sStOgOPrFPQP92YtoTif4XoOkyTmTgTUvHN5EBdxKFo7sEyr2Jnlr7Z1+jEarVqlCpVAa7P0U6pEg4kmqgxjgcfPdAP9xDnAPqu7/oQqEwyOfzwinAUDzvcDjSyWQSVzxZ7Oy/RSZE45JXw9w5BTeTW/jSfo+l1D1ks1kEAoF0LpdLj0ZQVXXF5/Oh3W4jPD6Ji+O3UNxeg6q9AsP28bHVwo2pRfBdHo1GA/F4HPV6fXkofUGVy+V5nuc3Y7EYOp0O+v3+yIZgkM9MURRomgbLspiYmIDT6YQgCAR2lVEUZSUYDGLojSSO4wwz/w/irbGu6+j1ekgkEqjVassMqSJJEkRRhCzLoyRN0wxvns07cmYYBm632+iQANKkMmnZTLAL7GfiXS4X6TpNRjBIxMyq1sp2iPnO1DGm0BTbIfZRzJ2Q2AAQkt/vH1WyJpjLI7F1ocQikcgIsF4qlRbMlqwjWWPrmJau1/8CtF7RM3ksOU0AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJvSURBVDjLpZPrS5NhGIf9W7YvBYOkhlkoqCklWChv2WyKik7blnNris72bi6dus0DLZ0TDxW1odtopDs4D8MDZuLU0kXq61CijSIIasOvv94VTUfLiB74fXngup7nvrnvJABJ/5PfLnTTdcwOj4RsdYmo5glBWP6iOtzwvIKSWstI0Wgx80SBblpKtE9KQs/We7EaWoT/8wbWP61gMmCH0lMDvokT4j25TiQU/ITFkek9Ow6+7WH2gwsmahCPdwyw75uw9HEO2gUZSkfyI9zBPCJOoJ2SMmg46N61YO/rNoa39Xi41oFuXysMfh36/Fp0b7bAfWAH6RGi0HglWNCbzYgJaFjRv6zGuy+b9It96N3SQvNKiV9HvSaDfFEIxXItnPs23BzJQd6DDEVM0OKsoVwBG/1VMzpXVWhbkUM2K4oJBDYuGmbKIJ0qxsAbHfRLzbjcnUbFBIpx/qH3vQv9b3U03IQ/HfFkERTzfFj8w8jSpR7GBE123uFEYAzaDRIqX/2JAtJbDat/COkd7CNBva2cMvq0MGxp0PRSCPF8BXjWG3FgNHc9XPT71Ojy3sMFdfJRCeKxEsVtKwFHwALZfCUk3tIfNR8XiJwc1LmL4dg141JPKtj3WUdNFJqLGFVPC4OkR4BxajTWsChY64wmCnMxsWPCHcutKBxMVp5mxA1S+aMComToaqTRUQknLTH62kHOVEE+VQnjahscNCy0cMBWsSI0TCQcZc5ALkEYckL5A5noWSBhfm2AecMAjbcRWV0pUTh0HE64TNf0mczcnnQyu/MilaFJCae1nw2fbz1DnVOxyGTlKeZft/Ff8x1BRssfACjTwQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKUSURBVDjLhVNdSJNRGH6++enSTc3Rl9Y0KzRcoSHShURERRldlLGLMsqrCO2iLuwuL7qKLr0MoQvDHJigJkEbG5mGdzKU1PnvN7I2Fgu33Or7W+858YkrpRee8x7ec97n/TtHyGQyCAQCVtJXCS2GYdSQribQ1vhEeon0C0KgublZx18i+P3+43TJI0lSXVlZGWw2GwoKCsCINzY2kEwmEQ6HEYvFPpLtptvtXs9i8Pl872VZZuEyu4mqqplgMJh57O1Ya/e25jByExZaTpSWluJ/4nQ6kdZSTlXRAtvtIkXmTNPT07Db7RwlJSVYSS7infwGa8llaJoOTdXhLCwX7Zr97C3PdW9fy2BTFoHD4WB1IhKJIJH3HZPKBA4UOXHh4GXoGR0GQTd0vk+l0peuPW9aGm7zVolmLSyyKIoUTUMgPoN9uRIk635MRYNY+bYMVVFRXlTBz0PhBf/Ifd9FloHFzIAdULM4FhMh7jiyMIREfBOte9vwtLEL65+/anNyaFz5qTSdf3Y6P6sEXdc5CcO9Qw85UTQaRfJHktvYnTzFqpPzOV/HmEG+6awMzOgmyRahquHtlyF+p0FoTJCz/s8UGExHk1DRflHjDAxHBpBSNrldURQ0djaMUT/O0DgZuSyySPF4HPQS+QTS6fQfZksuBuQ+5BXlQFDzceflDWqkJh2tOCydqq/H7Pw8xsYnvILH47lC7P0ul8tWWVkJq9UKQRBw99VtFBcW4+Sx2q3xmeNcWl2F3z86qWv6I4Gl29vbe4RIOglui8VSzP4CK2dQfo09ksgf0kxoDhpPm/VG/0DOT1Z7wqOcYLt0d3cXknMVwaCmhjzRHi+l7pjqmq3b8Y1v/xg7ofZBTY6rvbp/t/PfI0AjgZ0qo+wAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIgSURBVDjLpVPPaxNBFP6SXZuYZWlsQbQhqRFsD1ahVgUPIuhBEDyKAU+ehB49FQTpQbwKggj+Cx6UgigloJQsqJcWCykppJVqTILi2iRms7szO86baVMFD4U8eMyP975vvvdmJiaEwCAWx4A2MIHpOM/+W0MUMekCQtDIpQdgjINzJqOhnDOEYQiTksfGTvWB1BMhoh3XBDQnkt0xiijGsbZW1ARkvt9WAB3UCRrEd0C7rhUlk7ZU4GkCzRwhlUojmz2DbtdFs1lBLndO7odYXV3A1NR1GIaJ9fW3cN0ttc+YjzhjYZ+ZwJub72WgJ8FnsbHhoNP5gXz+gkquVIrykBEQhvNQKpAE1BSqkzbIWq06qlUHnudicvIyLGsE9XoZtn0YExNXsL1dU7l0KB1kRpGnOquJoIKcc5TLb1TS9PQNZDKnsfToFuIrH+DXpPxhG73zl8BTPkySQfI5D1RTZmYKSloQdKTcURXbevEYhxpfcOLmLBL5k/A+LaJcKiJtSAVUm1YQYHn5+T+d7vvLJ7h4ew7J6jtg6QFSw2kcy42jUfoI0/d91dFEwvrr2vbundae+wvJI3ng2t29Fzh/FAc7ASnwZL2vVWfpdQnhy1Gol0ckpO546gC6K69gLczC9xroSoJ2y0DPGkJsP7+xVMjMD9nWvewoM834V7S/M3xuGjzsifux/X5np5Cb+/3z2x2Dx8a5IWoS9fTqInv4B7QMlwnqx2E+AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ7SURBVDjLbZPLa1RJFIe/e9MdExXRJhIHTcQXjIkd3PhAR3EWulPxL3AhiCsFcSG4HVyIS/cj4krFjYqCQRONqPhgNkbxgcRAAoomHdvOvVXn4eKmYxw9UFRR1PnO71d1KnF39h37t9fdLztM4GxzHHfAnWLy2WEaiXnt/eCFU6sBShQHDjv8We3pTj5+quHeTIICZrjBZO0b07ljXlrFTBQA2Fnt6Ur+7uui+48qXhAwt6KqFdWXLp7P/LYS2/cf4ScA7kuqvSu5+fQtExMN3AwAa6pwx82ZnGqQ5YG5MWOBpNRaYt2GlaztrKAK7oaZo+qoGWLOdBa5dGXgdwBH1Rj5OEVrWibLMmIeECv2hRZK5VY6FszD3H8DAEwN0Uie5xzYvLaQX6jD3Tl/9xWxrcz/8n8oiGpoFERTLg4Mk0dB1FExhIRGepKx8Tokh34CpE2AiBFiJBh4Oo+k3A7ldqzcjrW0kklgRcd6FvedI2mxXy6RKIpkQh4VUWMyHMUsEkwIIiyvrGP9si18zb7xZe99dp6tLLx34kt91oKoEfNIHpWohlhgd+9B1A01xXDGaqNUV2ynHqZ59mGw1vdPWinNtRBDARBzMg2oGyOf3xBNEItEjUzlX9nYtYN6bKSP3w99LjUbJogiuZBHI5qRWYao0LmoGzFF3RivfaCycBnPRx/w4N3QpyDsmb0DVUeDFhbMaHjO+YdnCRbIJLCmo4etq/fwZGSIOy8GNU/YNXbah2ctkKZs2tKHJwmqjuhVTB1Rx9W5PvoXSdrO/ZfP8Cebr4313xue2we3b914dKj4eXP6H4eZdX2Vcvf1AEvGj/f/13/mQPMZvwOnSeJok49LlgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAITSURBVDjLlZLNi1JhFMaHiP6AvN0Ls4vob2jauYiIFoGBtnFlG1fSws1gDBdXLhIhdaEuvILfjtfK0cyvRflBeHWUEBW1nHGKpmkcpWw+ani6r9DCutn0wuGFl/P8znPOeZcALP0ekUhE7vf7HR6PZ+ByuQZ2u91hsVjkUrl/PITDYbnP5xMajQb6/T46nQ5KpRJMJpNgNBrlkoB4PL7M8zwbCoWaXq93RMStVguVSgXlchmCICCXy8FgMDgkAdFolK1Wq+j1emi326jX6ygUCsjn80ilUkgkEigWi9Dr9ac6nY7TarUrc4BAINDsdruo1WpzQtEZRDiCwSDE1pDJZBCLxaDRaLg5gDispnhmvRKrJJFU/SUWBwqO4+B2u5HNZqFWq8dzAKfTyRIh6ZVAksnkrDpxkk6nIW4F4nxmrghMpVLNO7Barctms5m12Wx46bw23XRf/TF5JsP4qQwHT2QYRWXYW7+Ix6vXT5VKJadQKFYk1/g1x5z/kmUU0+otnHy04Hi4hu8HHD4n6elegr7/z38wyTA3xy+Y7mHvAb69UWDauI0PiSuQEkoCRil663CwhuMddlad3EfbD/F+4zIWAvaf0+dEm48+bdDYjdMYC3dn4snmvYViya9MYoe/NNx/fQdb69R4EKGYMwOGPHVhO0qt7r66gXdhKrJIKAkQq6nehqijflCmOov4ry38T/wEpFjkJMz8PioAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ5SURBVDjLfZJtSFNRGMenRkgY1BKiL30yEkqJrCjrgxBB5Qtmyy3NcGoUuqD5skEm+ZZizpTUmZEw33ML06lzGoQKtRRETXM2Z1LOTBs6LNNw9/w7d+IiuevAj3vO4fx/z+E5lweAtxVRvp5Pqaf8psAF3RQfngtBa1OvCet2Bq5Ge/80K5nkCntR7AwhsP0imF8msCwRfF4k+GQlmFxgYF7YEKerDJzV90vKexwHZm0EX2hw6juBaZ6B8RuDsa8MRiwbggL1IP57A7b6NK36kYbH5xiM0vCwhRXYHYKMmnd/gwlH+dvunPTOehy623ZLlrfO9oCVbA72JsMzjEPK2QP5Gb5UGewJxcXtKBLsQ2JKBkR5OkfHq/QfnKKlH2uONd0f/ecVioM8OzXyC+hRRKFAeBC3A3dAfHwn7ob71tCD5rnFlc3gKiVjM+cUlEbsqZ4xqLE81IT3Lx6gXyXDUMsjpGQqRip1Y2zwJ0W6tWfOyZUQQepEYxpZHW8FTFqsGdvRX5dORLlaKw0mcP0vTsHekAYPXkDFE3VxNplU3cREXQrMdRKoCnOI+5Gycu9zlR4uBbvON7l5nNbkykunGL0VkGvfQqo2QFJtwLNhIDHfZHc/UZvpFVThxik4FfEwNS2nDc+NBMkDwI0+4LoeiNQAV+sJcrsIxMnNJDD0noxTMFt4CAPqUiSp5xHbAcRoCIQ1BBFVBGFPAYFiAYPNSkxl+4JTYFYGv6mVxyBU2oe4LiC+GxDrKPR7rQU4G9eBl/ejMVEW1sspMDUk8V+VxPsHRDZkHbjcZvGL7lrxj+pe8xN2rviEa63HLlUVvS6JPWxqlPC5BH8A3ojcdBpMJSoAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKRSURBVDjLjZNLSFRhGIYn1IULF+2CiJA2tWob1CIKa+WqoghaRBERrYKS2kSLCoKIQmbQKAwLSs3FRDbeM03TmmnGG3kZc3ScizPjzJnRuTlznr7/eGFMgg485xzO977v//2XYwJMhZx7aDssVAsOISREhQnBomp/6wuNZYJZyLbaPYzOafwOZ1hIrOKNLNPumEPV1jVlWwLWzbY33RPk8jpeDZqH4rwfjvMtkiElorygakqjtBshGwFmVYhlMa6EqOt7YtT1L+GK5dHlmzzQ8mv19RCzESAvh4S8J5KlfiDMZHhN1GJPYekMM72M0UFAbgl5ZhS6rgLyymuM3ibzaxnWeN4ToqY7xIgXpgIwMJmQ6aSJpCEoAZq0Es1BXGhbWxOzCnC6PDFe9S1KQBDL5yBWh0ZD77QS+BVNfW4SYlqQbiaXwLWQw+XRVN2pAsJj3hUZOUiNmGslZNCdUEWfsHsd30QgjVUWtfFHzGDEm1Sa8GaApSuIuSNAdYefoZntASPzSRrtGq8Ho0KE4YIAp3M2irnLb5jfSfpkWEe1vTGFhl43fS+f0nXhAB3HS2g9s5evlnubUzAWsX8mhSsIc0lwx4UYTCymGfWl6a+rxnnzCKmPj9HHbay8vcH36wd5cvFU7+Y2ZmVrgrJHv6Jg98MXD7RP5/gwluHT2X0kxcyzSqjaCQ/KCT06SsuJ0oUtBykk2+UKQa+Y26Z0rOOrNLlSRtu6vZnCK3p3Fx3HivVtR9kb1/kpHbRP5bCOZGhyJrGd3sPyi0sgpvQtE0uC52oRrRVF3n/+TI5ZjXF/xliDgdr7DF7Zj6+qnMXbJbgv76Czsjhnqyi6Y/qP31nhqL12vr/lZKlPtS0jzyuz0v8BvOcGre/IsB0AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKFSURBVDjLfZNNSFRRFMd/b96Mb0ZHEbFPTfqQNKpFkVZYFO1MSFpEkBAYhBht2rnKHIogCNq0qIX2QdHOKFHJooIKlDIrykxLM0VzbMYZx9F57360GC0lpgOHc7j3/H8czrnX0FqzYKefVOuDm8rpDr1CaoVUct4VQglKcvfQdP8W7WeeGQsaN4tMOAKlk8VSSYRS8/Gv27ZYLMG1BGALtAZHSmwp2BgJc/T7V2zpIOT8XcJJDXBsgUU6lsuLIwV7JyfZLvysjEawTB8+7cex/w8IfBrqZY1VyAphsn5mGrW6jLLxMOu8RXS/68GxRSAl4O6x5vrnn54GJkZCHJgxYMNhZG4JJeEwE/1B2jpbA28uva9frDG01nC7zIfLLEJjApyPumpqsq2TWVtqkY4b60cz9/peP6xaldNAsgTEXJATL4aTgJulI+QU52kM0Bq0Qi7fTcKdj4pNYooprHg/xlwo2bR0IDaGKxo+ngRcXHMIoe+o/bV+WXgEFQ0iopOo6SAqPoW2E6AVRlo6JgL3hxa8gwMPyPBUGX8e0tm8QhQtamdlUaKgEhkeR8bDqHgEPRNFGxpLhPC/fSyJiXqaxi8sHWJgdAC/Z4frc3uze+ojWtnouRl0Io4Ss7g9bvy9T0PYunxB/M8WqBuKkZ3V4ZoeQgsHhANKgjMf09wxro12pFwjAKa3QmYXJ1OPwGtGcPmykcpC5iwroKF4a2pA4y4f2jgg/Wvxfmsj81HjQPrLthuZwU4scxqRtQ6kUZEaINU+mZHv87SeI62r6zpCb+PqSLVnbLg8o6d1VM/OgqOXAJb8RiJTeeaX8UF+2ado/Nn+5/zyUDt1RZu9fe+vICldLPkNkalgK6EwqgIAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ5SURBVDjLpZPNS1RhFMaff2EWLWo5tGnRaqCFRBAM0cZFwVSQpVHNQAWVMQwaSSZWtimLiKnsO5lEjKzs4y1zRK3oItfMj1FnnJkaUtNrjo45H3eejpCKNa5anMX73vs855zfOS9I4n9i2SHbCpvph8q8A9PNcCzcz76EM9EETj+DmmqENaeBiJ3mRyuzQy5mwyVMKqiFbzNN0MxgKZOd2zj5GMZE/ZL5ooHZAntGW89s7Bw5Ws25llWcfQHrzHPYE/51ZOQ0M4Fiitj4UQdbzhZSb+FJ63ZypJqp7p0UsTf+FN6kvoMMl3GmNY9jj+BckcF8/HoFldLzpZIqxhthJPVdkr2cifdb5sXefyAKLFvyzVJJAssisIxstILZ0DEyeJzpHifHfNBGamFZ+C9yC7bhG7BBxCrZZqWQpoiNP6S1TMBFDh4gA0VMdxfy+0NosftQX+8gGKkBY741HLoGhbnXUOZwKTn+gGa4nOlBN9MDxdJzCTmwj+wvEKPDTPUc5Zx+kOk+NxmqZOJTIXsviYGQVgKLAos/n0CbbIAS0ir1eY9kF4O+3UzpBYzehhaugQpdR3DwKth7EeyqEoO/oYzXwyKwDDN0ipme/VKFi0l9L8M3oYW8SwxWnIKI1XT7Vqb6i/ntLoLTHdulhROcUJsZuJJjCsvEPpyf8m8io5U0VB6FtFNIe6da84XFEcYaNrDzLDw5DUZ9cEwqm6zxGWYGPBTShogtQtoerV0rLA5JKy5+ubya7SdzbKKMyRG7ByPeIfvebKfAWszUdQFavKOI0bqNbCuF4XfneAvzIaStQrpOxEpIL746rQKOD2VQbSXwtLiXg/wNTNvAOhsl8oEAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGBSURBVDjLY/j//z8DJZhhcBoQMuUBJxCzkWxAeXl5PYiOm/toTtDEB0U5OTkCqamp/XFxcfvDwsISYOpsbGwUjI2N12tpaQUgazYoKSn5D8QJgRPuqdevf/nKp+MOf3R0tEJISMh/Ly+vBGTL1NXVC1BcADQgobi4eH5ubu59ED9o4r05Hs23WkBsd3f3+XZ2dudhalVUVBxkZGQUUAwoLCx0ADpZAejk/0AnB7g13JTOX/z4lW3pVWmgkw0sLCz+A53sAFIrKSkZgBIG+fn5AZmZmQIgNtDJ+4ODg/eD2Pbl19odK65Ogzp5v7y8/HxxcXEFAQEBBxQD0tPTAxISEhwiIiIcAgICEry9vf8DnexgnnNJKHbGvVcGyedVgE5OUFZW/s/HxzcfJRaATnYAOtkBWRDo5PvAUAa7Qj/xfIV1waUVIDY3N/d9NjY2lMAEObkA6GS4nywtLRUMDAzqgU6uBzrZQTv2DKdX442r6uGnhVhYWAoYGBgEhkBSpqsBAOTifxrCztZUAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAMxSURBVBgZdcFraFtlAAbg9zvnO5fcTk7Smda2SRvbLbau69aSUXWdE4rTuTlBnUxkYzgUFX9VLKJ4mQoyEMShwqygqKWKjKEDYSiuk152payKTdvFZZCmSdauTXNyTs4ln/vhjxLc85D1n82BASAMcqcqfPDgeu+BWpmXzl3XUqNThWPJtHbc55MRUCSUNQeT78WwFnWKNsAAw6oYaUryFUrErOEYl+a0C8mU/o2iyvD6ZNwOdW6aYAIPn8z1PBBx7x88OX8k0iBvpgyCKIv3KiH3DoFBqlgMt9gA3sAaHCs5KK9anr425UhzUKrnjUqqK+SK1MhcoKxZNTLPHdwYdb1W76cvLGZMEVU43aigRRUON/po15Wp5cvtdeKzDQp/j+RUmAeVWp9I1NlZbaxYsPP6sjWEKtTv4h55KB58e/z84vDpM9m3WMmULNP5VA25tzTdrXYspPSvbiwYo7FWz8dHdxzfkxhaucx7O6DdGAEx0gfpgb7QywEvnwsoVPPAXlIa3H13BD0BItKwV7AKJcLO3hkSor01vwZ3xdR3Xev2wB/dguV/Ypg+PXiU+j10Lw84AVUgstfFVsr0t1MXV8ObN/l6rKKd4xkb2Bkd3fDitqzkV+/H0tW/IRITPqUO3pqIn/I8caaTJfx+ocBMwQXKkbbWJvn1ZKLwcypZeuf7p97cFO/u+VZteRjlzDBEN0FqchqWYS4aevE+bva6gZ/OLCOTtznKk8fr1gmfuCWuZTFbHrt0eH94a3f8O7X1UWLMfwEi3ITg9UEuXc1ahUxf/JUTM3Rm3kJ92AVR4CjAnnbLXC1z2OyTjT/0ehr3feRvfQxG+nNwgg2zEEV+ZHzV0Uu7u/rPTeIWwhhDtV/er3+iOf7MUGz7XtHMfg3CmzBWGpE/e153dK091j9+Df/hUOXLlyLPNXUf+tFiYTEzdQwVGNCWGpAbmcg5hrYx1j9+DWtQVFGaNwy2b3seieFXMfPHGKRIJ+xcYj4g8js7BiaSqMKhSmJuwTb/OoVoZy88nhjSF6eKhm7u6hiY+BP/gzDGsNa+7UG9665aurUtCiaUx/Rc/tDuD68kcRv/AvFKVJouQOXGAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKNSURBVDjLlZJfSFNxFMf3FD1kT/VSTz2l1EtE14h6SbB6Ch9CqCgYbI3F2Kabf3A6F/vncOxuNre5Ob3MK7U5mgtDZQ9uOpdzhehAmbAUfetJGIRs+e33u5C0nEQPhwvnnu/5nt/nHBEAUa1Q8vfwOtSIZ/4GtHiu/DytTnTaD0WosRz7Ooz3WRaPnJf/v8Er7iaiX96C/2xHk+MifudDoRCCwSBGRkbgdrufi9LpNGgsLi5iYWEBav4+5Nxd6D48wbtVFsG0FS/G7uCW+Tyu9dcJteVyGfv7+2BZNi9aWlpCpVLB4eGhEJKxGzB8fIrwqhNsQgPTJzmGk/14yTXhuv5C5eDgAFtbW3A4HN9sNptclEqlhMTe3h4ymQx2d3fR6q2HJvIYXMYGT+oNxKFmMlUrpqamkM/nEYlEMDAw0HTMIJFIYHl5GTMzM0wymUQ0GmUesJcg45sh5R+iQV+XpmKXy8XwPC+832g01h83mJ2dxfr6usCgWCxifn4ehe0CGMtZtLhvHztPTExgbW2NuqOvr+9c1RZisRhKpRLm5uZASDPxeJw6MXRcAouhYovFwgQCASrGiTWSQl02m0WhUAAVb25uIhwOY2NjgzYUnP1+P3K5HLq6uo5q3gHHcRgdHYXX68XQ0BAlDUIaJpMJBoMBer0e09PT0Gg0R/88pFrR2dl5pr29HUql8ntVg/Hx8atkPJ/H46GkYbfbYbVaKWnBtaenBx0dHWhraxPeLpfLS1UNCCwd/TqdTtXg4OAOEav+dler1SqFQrFDxCqpVPqjqgG5aR0hLaxrZWUFk5OTAunu7m5otVoQMXw+n3DGpBZisXi7JgOz2SzA6u3tPTGBTCZTSSQSKsaf+V/YTMmdVR+nAQAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAI3SURBVDjLfZM7aFRBGIW/mXt3swmuaMjGBwqCBlQsRPCB2GknCIpgJSKKkNZGxM7CQrSw0Ngp2vsoLBS0srERUSMiKkFRYkLMO7t778x/LO7VxFdOMWc4//xn5j8wThL/wqnz9w6BrgIrhQNBuSzEQMp/odtnjm7t6m00cC5FQG4OK2rEkHHuyuP+/xpIdDV6GvRfvsWGvr5feuIdn96+4sLpfkxikReA9yl969exZecuEp/gkwreeyqJxwzMFjEwCQM6OmrUOpfAH1kJEU2k7x5sf1Fbunmzc/73sg4QDJ6/HmZUQ4UaiwQ+v/nKsb0QzEid/Ma1e25UnFuQtHPEh3eQwCdVfNJRBlBSpYaAEIyUoBaWdbSHB4hZAn4pztUJ0UAwMjT413gjQ4Og/eTRSMmdl2XErIpMWPMT+ew3zm4bofnsETePGDBUZmBYFsl2V5vgOkM0UpxqFppkc6Bslnx6ivrGY1Qbq1ixehnOuWIsqeCkzucnJ5KKz2KMmkzJPWlnL8s2nQQMJISxJP/I+8EHxDCLxRkUZpA1qfYe58uHMS7dvT8uOJySS4otbO4lipMoTqMwQbfGWd49CWGi1KdQnKVzTUqlNmwPrx1tAKS0kSxg+SgKk8XhMFHux1GYKpsLAylAez7QlExyRBS+l43ljb/MpuebrVWMGRYYKLPxMDfWlc9U61jdSxWwOqgHxTaQIV+w85HYakmZtecNWu2LH68f3IHYh6O+2N9AgHuaYbr9U/oB0sFcUlVzMrwAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKRSURBVDjLhZHfT1JhHMb9F7ptXXXR2lw/Llp3blnNZauLtmwtp15oWsu6oJZ5bKyFQiGIEIRIKoEsJtikWM1JmiQhtpieo3ISUoEINiJNE2SgT5x3ZiVZ3+15v3t/PJ89+755APJ4PJ64s7MzZDKZYDabYbFY0NvbSzq35867u7uh1WpjfD5fwXl+iixqtXoi2xfw/0ppNJrPOQC9Xp/O9vXTvCf4l7jKJkUOgIvH1bmGPlQ1D6Na+gY1Micut77FFcUoapVj5I4rnU6XCzAYDJuAmqz50hbzNdUvQJfu8d8BmUwGMzMz8Hq9oGkaHo8HbrcbTqcTDocDQ0ND+B62gzWeh8/ahPGOIkyo8ssJYCMWmXxLSwtYloXRaIRYLCag6I3rmKUKERmswyJtA5bDWKAtcElORAmgo4MMBqFQCIFAAH6/Hz6fj6RhGAasuw3xqTtIhZ4h8roZCeYpMvMjYLqqkwSgaW8nAKvVCrlcjmAwSNLIZDLM0ibEJ29jLTGCxMdaxMeuwmuoBK0t+zKmOLOHAFQqFQFEo1FEIhGEw2GSZp4x4ytTj7WkCyv+CiSDpViapjCnORJ9Lz1+cHOIcrmCAGw2G5RKJYHY9HxE3tVtmMuRDFzAt8kGsKoifJAcPvTHLzRLJAQQi8WI2FEjpvtvZmM7kJyrxGqwDIvZJH7NSTyUCnK/USgUpocdjnW73Y6+R3xMvaAw8bIVn9wlWJkrRXz8FrzqUxgZ6FsXikSJHABFUYxA0LgiFIrQc/8YsDQPtv0sBqmdcLYVY0BQgAfCetwVNK5m37pyAL9LcDE/nXIpkXLL4W4qRE/VruX++v0Htr7bFlBSsCMpqtibfnWvOG2XHh1+Xrdv93ZmTj8Aff0H4WdEl0kAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKsSURBVDjLfZPLa1RnGIef75zv3OLEDObWqcaYYJUWgqa40MmilioE2kI3XVXRFsmqUAqi/4G7brpxpaLgpUIEcaEW23RbKRYqASfKJOIlMbfJZDyTc/kuXaS1BmNfeBcv/Hjeuzh/494PxoivmpkJU8WbZteGnoTQ49yxLz78HkAaKw59NtTTGYahEMLl/ywxoFXOtV8fHQVWAc3UBEEQigu/1UhYoCEq9HXPEnl1lDUsLkeMP2qjxb6PpJ3jX/ahjRD/QmWmwHFcHAGZM0NfxyyB/5h62kBphQwC+ntKTFY3UPQ7MGZtVRLAAI4jSO0cvldjaaVOqhMypVA2JggC4jSiPXKw2DWD+Q8gBFYZUp2TqJSVPCUzCm0AkWONRjoCa+2bFVi7CgjppBFPY12P1MRkSuO5EXGjQKtfYjC/RH53li1Jvw+DADivAI6g4G7m2Uw3yUKBFruJVrEJtdjOzJMSZa9K+YMapfIRBrvuh/dO7RgGkPZ1gNfFu9EgT/8co1h4jtAaL+nk455eDvRVadt5kPjxTTZs7BVqa3305nf9x161UFkYQRuDNoYd6Rz7enoxQHX6BZG9QXHgW3RznLBjC4l+Sumj3S0qrp2W1loEMLx6WAC4A0s04wXC6b/oKI9QmLpDXpvCcecRToy/cR6SJi+nU1eKde5VR0V0VMT4Hu88vIgXWYyawTFL4LRi84wHVyrJeGV5RIaeqGPytl3de0GIf1CWpHqLZOoXuvYMYbOfEbrBg9spMk3Ic20nqsuHDl+eHJW+FD+NjlX3ZdoOvL7i/eJ64b2hT9xs/jRStjE+ltm7zU8TubWc++QXj57cP7qay9p1/cm14d/TF6dsXPnc/vFjuXHm6+2H19PJt33e88n5O8v1sW3NxXhlYmLuxDdnH15dT/c3MC9g0QGCji8AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIWSURBVDjLjZNPSBRRHMf32rVTdFOsDkJEhODNLGqXukgJpmiEURBGdEnbskNktrhCRQuaLEEikUhlbK5EiZmxjbWwfxvL0dHdtdlCx3VtZxyaed/eG5qwZct98DnM4/f9vN/M+40NgK1Y5p7tPTY9UIeZ4Q6EvIcQ9pQ3FR1O+kvqpbFWZCI+YG0RK5EhBNz2dFHhxIvSWjl+TdOSzyGNd0GJPoE+P4nogzPqpuGUv8wux64ahjIJZbYFy1Pnwfc3I9LXuDR1t2bnf8PC0xKHHL0MQw0gJ5yEmmhA9pMTYm9VOth9cA+rsdV1jm6lDFA0Cizabl6H9KH1d7gJ6kI9VmNXIHiqs5/dFfusQ5hg+PGbL/ipG7CWxPvAv7wEQ5mAKjZjPdGIDO2E9xwmgS7Hjo1dMoFuEIKMQvAtS8C9eoT4iBNh/22kuFrkxAYsh9ow661Bp9fHuqv4S9DiGTdPTa8SfM0QDLoOANl5TN8/jjHndrzrceCt2w71uwDXYJAJjhQULNJwQia4cXY3tMA9aNwdcB37MXRuF4Ih3qwpKLBegbUvLhGcqN6GW6fK8dp1FBP9F/AxvoBwSjcF7Q/fM0FlvsD8iEyycbFuQknDFLPl40QWnqFsyRdY16hbV+gdjf8Rraytm890P0opy5+VggNECwVJzllBldL+r2ErFO7uHYmx4A/Kxc1GPT9cSpmjnC72L/0FRS76cD+dhSEAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGBSURBVDjLY/j//z8DJZhhcBoQMuUBJxCzkWxAeXl5PYiOm/toTtDEB0U5OTkCqamp/XFxcfvDwsISYOpsbGwUjI2N12tpaQUgazYoKSn5D8QJgRPuqdevf/nKp+MOf3R0tEJISMh/Ly+vBGTL1NXVC1BcADQgobi4eH5ubu59ED9o4r05Hs23WkBsd3f3+XZ2dudhalVUVBxkZGQUUAwoLCx0ADpZAejk/0AnB7g13JTOX/z4lW3pVWmgkw0sLCz+A53sAFIrKSkZgBIG+fn5AZmZmQIgNtDJ+4ODg/eD2Pbl19odK65Ogzp5v7y8/HxxcXEFAQEBBxQD0tPTAxISEhwiIiIcAgICEry9vf8DnexgnnNJKHbGvVcGyedVgE5OUFZW/s/HxzcfJRaATnYAOtkBWRDo5PvAUAa7Qj/xfIV1waUVIDY3N/d9NjY2lMAEObkA6GS4nywtLRUMDAzqgU6uBzrZQTv2DKdX442r6uGnhVhYWAoYGBgEhkBSpqsBAOTifxrCztZUAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAG5SURBVBgZpcG7b41xAMfhz/v2SJ1qI2nVedXtD0ClsdpIdDARBlKRaEIMLP4OCZNYJGIQl0EQiYnJytSRRA8nLnGrSy+/z1dHObH1eapLL86FVUlIQgyX91+v+I+zT2aiQcUSVGpWdQa3sL29kxhMmovPZ0Ofs09momkQOu2GzlAHi9RJSEJnsGFrewct1vU09LOIxd6m9jhbh7cxULVQqWPo/X7Pm4U3DFcb2L1xkij9imFq8z5GWiN0v3d5/fk1pUhtQimlefezy2CrTZUKS+hnkQTWt4bofuuiNhapknDh2ZnEoEElhmvTNyv+cere8ahosIjKnZkHVZWEtahZo5o1qlmjFqtmH52MBouoaLh17G7FP47cOJwYLKJB5fH5p1U9++hkLDYDGWDX2B4mx6ewSD9LmJzYy66J3ahomumrB1NbRNMbWz/Ot99fWV5ZwiL9VBbLEl9+fWHT8DhV6KnUFmmGJhgdHOXH4gKv3r9EpZ9F5ubnWFpeobOxw+jwGDG0ivJn+Q/zi/N8XPhAKTZqjz4aiovN/Ke3PUshBhOqE7ePRsUiGlTun35Y8R+HrhxIDCbEkIS/gKBKja+GF3wAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ0SURBVDjLfVJNaFNBEP5e8tLXkKqtSa0kVYKplFIsFNSTIgiFhoL04FnsQYTSW66BkIcezMlTD1LQS7wWjIdA6qEVKq1ixAqSWBqMFWJ/EtvUtMnb9+LM1kispAvD7s7M983Mt6vU63U01uiDhfrErT68+VqEJeowTUuaRSaEhWsBN6bj7/Fu+rbSwKhoWpZpwrLqEMYfoDjcTXFogkmF2QyBrfnyt5phQtRM+DQT1901GHQ2yCcJjyOwKPirYsB7QpOggY4aBtwqTioGzp1yYq9SpSLHdmDqb1d+wKOp6DvdBrejhq6uLgy5LZxxtWEpvc5F9JYEC4+CkU/ZTX3pYwEXnAbO9vSgs7MTbqWMpQ/fsJIp6J/jdyPNGIVfIZ1OO4UQ/WR2wzDw9PXP+6OD2r0rQxdlUqFQwPNXXxLDXhHleK1GuhjGZigUykuC5eXldYfD4eP5iEQat26z2VCtVqGqKjY2NrC1tcVAGd/d3UWxWLwjn5Gck/v7+3Gfz9fBLe/s7KBSqUjjAkzcQ+MEAgFomsYFkcvlXhBuVml8pFQq1UeOl16vt7+9vR3lclkCOc7GPsuykEwmTcqLRKPRh/+IODIyskqzXc5ms7Pcpt1ulwA2JqARGVyknGAD/N8rjI+P71FCant7WxKwBrwriiJJSI89XddTLZ+RFyWNeTwe2bLL5cLBwYEUlM+0nyflL7UkmJmZcVIHN3t7e5HP55FIJFbn5+efLS4uolQqwe/3s+BjLQkIfKO7u9tJs7LST+g+HIlEJjKZTDAej39nPY4SqEfa962treUIOBkOh5MNfywWS05NTQ3Ozc09pj9wtRnzGyK4jfbwxX10AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAANvSURBVDjLVZNbbFN1HMe/p+d0be3p6Lr7unWMbuCQbR3FQWAEyPASkYe5mHhJTIhhPPngDAQTEGOMIZBpFiKoIWiIhAdgYxI14cFEo1M6O+Zmx1ob2MbYhbEb6zn/y7n8fcCZ7ZP88nv7JN+HjySEwDKfDX6oMpO3Uc5fpJw0UM5AGY0Ryn+U+dZP/OI116evB3WsQFoWtA+c2MUM/vVmf2OFrLhhSBYKPPn4Z3wInYnL54LSF4PcMA9zbh043xr+eZXg9F/Hm0POys5cbwke8Fn0Z4YgCwe2q/W49MdXcx6zucEn7Y01VKqBxMhjjE5mXrlypLYLAByn+o8HKKcXC9QQ+jIp/LLwOxaMRVR6yjE9dR+aRo55RdN76wvcgcIcN6qKVRDCLz5/tCcAAA6dkbaof5eaJuMY0pPQTYp8OQCVOnF94Gp/UD5zixKjtbLMi+EJikC2C1WlPpXqpO0/gbZPdrowmBkGNxmyHSpqs59GLPUbyBJ9x2BKR2SdT+aGjfFZjtQUQ1GuF5TQfU8EhG5kkgkHJETUTWjK2YGpu6OIp+MXQt5vSghh0Rp/EsFHpwC6iLFJBpeigFFSAQCKRnRS6M7LavRtwfTEfZzra59jGu84Mb//bHIxrvy6Zu3dAq37mdLwDtTP/oSbCy+BcQWcUBkAFF0n93rv9ERu/N01wwg7eWSy9ErTnPctoSeSO/X4buf+7XklZVuQXVyPGtcHSPvq8OBhITgj6ScTNPJt98C1Q+1j4fqb6Zpg04x7yCgv+9iS5cBCnRXelns7z5fnh/X4O5TXv4md6g8YSY3BYOR7AFC60pELQicnhU7OGOHyLCNcDtuyoNwexFIV3g7VviqD9iF2qRvbDr6PPNIL76JJTSO/AwAcIqMp9lLmDbY1msWrKkCSw7A1At2vwxWKvOzL0WGze4CwYWV6UbG7DYdqYrPXmzspADicn5+dsZe0A9KtOJAYhrOoGBbJYG6TCX8oAlsfgLAJoi0bYPMJuN0prNvcEjQZf3dVC0uNe54TlH7Jw2srFqslOJueRdF6D6xMDEJwxK/dQbSlGpK8BvC8gD/PH3sobHuPtLLG+eo61WL88Ghr9tGNBy9nyY4RCHMegFjRnwOyZwOmE/1I3fjo6irBMj2no4+EZT8lbAFh2ytO/P9h2xBCxP8FbMDM8CUkkoMAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHiSURBVDjLpZPLquJAEIbPQ+Wd8gAZnTirPIGIgiLoxo2iCxeuBJGgoggq3trLwoX3a9R4QVGxpv/mJCJzOMMwDUVCur+/qv7qfBDRx//EHx/6/b7U6/W0brerdzodgzFmtFotvdlsavV6XfpWgMMyh9l6vabz+UyPx0PE6XSixWJBtVqNVSoV+UuBT9i8Xq+EhefhcCDTNOlyuYhvEC2Xy2apVJLfBD7LZha82+1ou91SPp8nwzBos9kQqrJEdF1n2WxWsgV4v5p1wIIBOp0/KZfLCXi5XIrAGgwGlEqlNFuAm6VDGaUCtLI6HE4RPKOA4QP8QIJEIqHbAu1224BZ+/1ewMi4Wq047BDhcv2iarVKs9lMCN1uN4pGo4YtwMckBFC+BeMgYFV1kaL8EHvT6dSuIhKJvAQajYYOx9GG1SsOqqr6Bk8mEzGZ4XBI4XD41QKfr4bN5/MpwPl8LspVFEXA2BuPxzQajeh+v1OxWKRgMPgykc9VKhQKDB5gIRsCsAUiKxLgncOMh/R2kTKZjJxOp024j4PH49GuBpcJmSHCQdPn88lfXuVkMinH43HGWxItwBP0jLljlBxkHo9H/vZnisViUigU0gKBgO73+w2v12twSHe73Rp/l/76N/5r/AZGRj/URbdFDAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ/SURBVDjLbVJBaxNBGH2bpEkTmxi1NTRKTZtoQUHEWz0Igj2I4kG9eVNQhEBO7bEHc+yv8JAiHnr2B4gFqVrQRhObljQolBSTJqZJdnZmfbNr2rU68DEz33zfm/fejGHbNrxjaWlpRCk1J6WcYZxkgPGTsWJZ1mIul/vlrTe8AIVC4Qqbl5PJ5GQsFoPP5wP36PV6qNfr2OIg0L35+fm1fwDYPMLDj+l0OmOaJmq1Gjqdjr4dgUAAiUTCqSsWixvMXV5YWOjqvW+AxOSz8fHxjBAC5XJ5s91up7gO6tDrUqn0QwOTXYZSsoO+wGDB5EwkEkGlUgGb7mSz2apHajWfz9+sVqvFVCrl1P4PYExr5m16vYUjQ+c0O11DtmN/ebD95pG9UpnGzl7Y0Xz30ir8toAtLdiWG0JIvFi76piaGG7g9plVTD/5YLgMCPLg/g0YtMTwhznfApRBfsP6kAYJSKuN57Md5oXTsvHy7aEEfZMutHZfIRAahWGMsHAICMeZVsD+HmTrG8zudyhrH+HJLGyz7wEgRSh9k4nm+nvqPIb4xWuovV5k/2lMXJ9F8+s6ARqIpk6QsIQtTC+AcGTYpBqfvgBfcJTuKMi+xKfdMCZgIp6eRK8TYu2+w2oA4PwDm+5qVK218XmNLN7xxILqKfS7pGqTWekLmuVtV65STs8hA73RqJQQP5+CP3KKACamHj7FlGBDawfH00kEW0MuA8o9AmA6qMrSHqwTIAoM08hAkHkN0ES3UYfotBGdiNFu5cr2AmgJobOPET7nhxEMuU/o40soSjO7iHbbVNgnUen6pY0/AOCTbC7PuV44H0f8Cetg5g9zP5aU7loDcfwGcrKyzYdvwUUAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGxSURBVDjLpVM9a8JQFL0vUUGFfowFpw4dxM2vf9G5newv6OIvEDoVOnUQf0G7CEYQHVzUVZQoaKFugoW20EUaTd5L+u6NSQORdvDC5dyEd+499ySPOY4Dh0TEK8rl8n0mk7lOJBIpVVWBMUaJAzCFEMA5B8MwPpfL5VOlUrklonegWq3qEr+c/2Nbq9VWHs9XkEwm0xLUy/Lzn5KbD1exaDR6FlpBURSq4/E4HJ2c4jMwmYpcw6vf31be2bAHQTPVHYEFyAr7VeEACzfAQKPuSmlCy7LINBcteifSx3ROWutzlCAZ3Z9Op9ButyEWi8F8Poder0drXTQ1SNUeqalt22EFQrgvC4UC5HI5mow1EjA/SjdEjEQiYAd+HV8BF5xwNBpBo9EgBZPJBDqdDimYzWbQ7XapmeA8rIDLiRjFYpEm4zTEfD7v19lslhSgJ2EFXBAOh0Oo1+vk/ng8Bk3TyBtd16HVarkrCRFWYFqmrwAzqMDzBhMVWNaeFSzT5P3BQJXI3G+9P14XC8c0t5tQg/V6/dLv9c+l3ATDFrvL5HZyCBxpv5Rvboxv3eOxQ6/zD+IbEqvBQWgxAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALvSURBVBgZBcFNaNUFAADw3//jbe/t6d6cc2/kUpeXsEgUsSSiKIzAQxDdvCgdulgagmBXLx4K7BgRWamnOgSDIj3EusRangwlbVvOyba25tvH23v/z36/oCxLcOr7uaO48sxA9Vg7LbTTQloUtrKihXUsI8cqVvAtfo4Biix78eDItmPnX90FADaTotFOisZqJx9NUta7udnlDT/+vXkc52KAIsua/T0BmHuSqwSBOCCK6a2E9vSGojBUiTg0WvNUoz74xeTjT0OAPE376zFZwXoSaKU86dLq0OqwssXSRg4uXn/o2Fjd80OVXTFAnqaD23tCm102O7kwDMSIIsKISCAKKBDka36bXnX7YetxDJAnSbNRi7S2Mu1uKQxLUUiYB6KQSCmKUEYW17o+u/lgDadigCxJ9jb7K1qdUgYlUR4IS+RsPfhFliaeGzkhr+SyJBv74aOX/wsB8qS7d6TRazMpBSFREAjWH0lmflV21lR7e/T19fl3acmbAw+9MzT7CQRlWXrr0k+1OArb3104bvKfVKEE6fSEffv2mZ+f12w2hWFodnbW6Oio8fFxRVHUY8i6ya56vSoMKKAkCAi279bpdCwvL5uYmFCr1Rw4cEC73Vav1786c+ZMO4Q86fbFCnFIFAYEoY17tzSiTcPDw+7fv+/1kxe9e/q8R/PzRkZG7N+///Tly5fL+JVz14dw6eizeyyslWYXc/UqnVZLFEWazabh4WG1Kv19lGVgfX3d3Nyc6elpcZ4kb+DEH3dnrG7FNrqlNC8V2UEjG/MGBxeMjY2ZHP/aVFDa8/RuKysr7ty58yUuxHmaHn77tRdqH598CQDkJde+mcKAhYUFRw4f1Ol0zMzMaDQa8F6tVns/ztN0ZmG55drNuwa21Qz0Vw3UezXqvQYGh1y9etUHH5419fukxcVFy2XTrVufl1mW3bxx40YeHDp5ZQjnsBc7sRM7sAONak+lUq1WHKrds7S05M/yyF84efva2Sn4HxcNUm7wsX3qAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJSSURBVDjLnZPPaxNBFMe/s0mTVJuWtI21JFhB60UUKmJB8aJo8WBBRREEb179Azx7EepBvVjBmygeKpaCYIV6EhHxJBTspRRj1Cpq22R/zMzO+J1JA8VLpcMub3ZmPu9935u3wlqLrYyxhycuKq0ng/85fHXmUvXy1LljG+Bxwk8qA4MlsZkCwnulVPullM+k0mNKqQLh5zvLOzJLtdrapgoIlwhPVcuVgPAs4emhStXD3D4kbsw+8hKMNTCpQWr40qpUQ8kUiVIIdQ22cwE9xSIaYYjP9WUEyVFo1YlsbuU0Roc7N8S00MbSSctqWqUtFlff4fXSBKwROLPrLnJiAA/mviPbxlZDzehYhwykB42HJa3VBzDSfcuv//hdQm+XQdTQLQeGhTx1sIjp938wfrgH+Y7ACeFjMV+L8ebTGs4f6cfTt8CF0T5MzHxBoUPARIqpaO0j5bOC+RoP33+1DCGA2zNfUe3rwL7BPCq9OWzPBdhdzqMZp4h41jSpoJloxM4BPV453odsIODW3PU2khSsKWvU5QQhJtQgHPriBrDNFEEjskgk8+F758U3n28YGw+4SCkdfVwKsVAPCaVwbRPRQawsTCIRrEQSMWG30YoMRtbr306Bxb2Xdfxc015B97YMJq8NQ3FuEwtx8ua8PTtSQu1XAsnFhAoS1aq8m0t/E63bUL4/Wtc71J/H3ONFZFfp2UkqFjKQrENBCag8D2laHUAZ6yHXXPTjG82pa/8BYs/1DzaOKNnnxE3p5k5eyj6mJei/qcBX9J8htvo7t8dfFzerp+lA/ogAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIvSURBVDjLpdNdSFNhHMdx6YVIhaALC8GLoFcso5dVRHVRFFQISlJeVFYQgdKKiEprldrmS8KgWYK2raZGbaOcafamLVxq6qxs5qxIHYpkUiYsmVvn2zmnGBbkhbv48Ryeh//n+Z/D/4QBYaHkvweagxujb6cttzlOLuqtP7Wgx3I0tjr38Gp9TnIMYu6L2TEh8DkjQhgzJSL0tSC4rAR0K+i8EId/9BtPLq2RERnQ7Fs7xZs/4643b/qYN3caXrWY7KkEGnQw2AkjA9DnhN5G7FU38DzVUHYiTgIOyUBByqqI0ZyZ9bSUgNMIzeL6/iF4mqDrAQy8+b3fdJUipYK+51q0KfMkIFoG9EeWLfRlRrbLQFkilCZAbSa0ikU9DvHmF+KznmHzcZ81XcGHe0qpmOBHtB2bn+BXz/HQoofyJLi1B+qy4FU59Iutd9WIXRXTWaEbthdsprtG9TfgzJirFhza7zxWgXkvWPbDMzW8NcPXbvhYC+5qWiv1vDPtpvHKNglwBYEvmshK8YaA3LphOzw6B+134JOdQKvx54gx6YfPGO9/XZ4uAxXn10tAdhAYzY94KTQWQlupGBNCRyW+QgVDqkih7fJOp79em9x/84BhZUwULsMuilNjJWBTELAol5R0qKK8Q1nhwmBmuOA+PdtnTl3cMH4mxIIt19OWyh2Mf/8JB+kfIM92cUNIgLu5KD4kQC6uK9gaHOFJAdaz6yTgzGSAa3/+QmmdNf7sF2A4ynPOLQFtAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALvSURBVDjLTdJNaFxVGMbx/znnzkwm05lJ0xlm7FeIbW3UxDotVoOEFkTMotKFK+mmOxfdRMWFggutOxGquHOnBFw4CIq0WEEsihJNBEWKUmuTYMjXJPM9c8+957wubNM88G5/8Dy8SkQAuFhdPg1ceXBoYLIbebqRJ/KeXuwbQAvYBBywDdSAT4CvA+7Gx/GTJ8p7Jl89U2R3Otbnu9bnt/vuoI2gFTrubLa5+nfnWWBmN1DKJRUAy3VHQikCBSaAVEJzOKUxWpMwUDmYZn8+M/zR3Mp7+h7goiiXCSD20LKKRgT1EBr9/6/Wg/W2A+D12SUmRzOMFxLFYBcwnE1qOiF0+g6tFQFgDGgDBoVR4AHlmvx0e5uFpcbKfcDaUj5taPRiuqGgtWA0aKcwGgyCMYAY1poh71+/1QQu7lSIrR0p5RI0+kIMWAHrFNaBavxCZukdbNjCC7iEI7Z2tHrpiev3N7DhSDmfomMFpcEohQaM75GrVSmWJkhvfIkIxGGIs6ED0ADTl6+lcXEyldBYBxoBPIInvX2V4VKF3AMVzNo3dGp/0u5049ja5g4Qh7aYUqDvjoSAApLhCgOrX5EtDOGaX1B+9EXWfptFbH/92pvTsgM4Gw4GeAINRitQGgRSq1VKx89Df4G5j2fZM9Sjt/wjj6d+796rrqdmZguxtZdPjx1mtSncWXNstRyu9ivDqk52bxcf/gPice2fGT37Cs9kvy/PfTCZBTAHTp57Xpx7rWejxK0NxeJqndv/1ji28SFHTkxh/AISb7H/kQLiuyQHU6STx5P1xfn+oadf+i5wUXTy/NnH0m9ceGrn/zf++Jze1gSD2U1cuwbKMF+9yakXHsb3/6L40HMs3ogu3Xh7/DNTnpg+ujefOVdrRSytd1hv9mn/8BajZ15GBwaVOIQeGONAZQo9MIZKHiHIHCOZPZrZvPltSVUuXCkAM8AIsA/Y9+74p6eMRFq8KPGCeA/iwYN3sWhxVnnnRWT+P1A8aPl/RBTPAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFGSURBVDjLY/j//z8DJZhhcBtwa5ou062Zhp0PV7udvjVNO5lkA25M1Cx4czL//+/PJ/8/3xX+9myrqgfRBtycppf26mDs398fFv//cKXh/5vjdf/vLg74ui1PMZIoA+4utF7/893K/z+e1f3/8WLW/w8X6/5/e9Tw/+YM+w9EGXBrpknbl7ud/789yPr//VHx/2/34/9/uxX6/2y9xWe8BtycqmvycJXbqac7Au59uhn3/9ttv//f70b//3oDqLlB7/uiCAXcXrg1wyDm7jyrc98ezfz/9U7w/2833f6fmWD+5Xyz6YtLLWYvlscpBOMNxIerPc7/eLbw/6dLFv+/XXP/f3aK9deZ0cpJO4KleA/EyfISjMbH6zxO/nzZ9v/rTd//ZyZZfZ6bqBJLUkI62WvSenW+68vTvVYPlqarhg2DvEAMBgD1ZuZTUbWrEgAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAB+SURBVCjPpVHbCYAwDLyIIzmEX07hCH64nAOIuo1Sq+CZ1ueXVsyRBJrc5aBCPEeEvwuxK9XtDn0Si/ZU9gUg2Z/dYEuiuxSI5mRtwyuEIR5KOpVZYRUjjMLVVkIVCk6YPPdg1/LNQ87xdtl4JauaQ7CHjAfXeK5FH+7h9bNWB/9J3PASf8kAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALzSURBVBgZpcFdSN11GMDx7/+cv06Px3ePujrqNHG6RYxazbEaxdquuinoIiLqtoIQ1nUrogiqXdTdroLIIroJ2l1GDW0uNzWcHdGpO2tTm1M3X875v/ye5+kIuwi6Cfp8PDPj//Bf+OB8XbYp/UtNqjyLeWCKmCFxTBjGxHFMFISEYYgrhkhQJCoG3F3dWMrnFp71O5qrp44ebMt2tjSwS83YJWqoGmKGiCJqiAiiRizC+OQfDT+Hmzn/wcaqbCaVZDa/ghPhytR1+h/rZWxilkMPt+NiZeLqdfr69jE8PEXbvmZElJ5sLZnWvfW+54GaUZb0WN9WCs6jIGWsF2J+Gp1DRFFLEFFJ6JWzdmeTjmw9ThXP8/De/fJXS7giCTW8RJKjj+5nIypHVBE1VMGJ4lSp8QsMDY0Rbq/hopjVW5v4l6bzr/Rm7KPG2qpkJpNtSZZXektzOZZW1oic4JwgosQCJ595gu4DXTo/vTW1vLWp13K/nfXMjF1vnv1h8MgjnS/1dnVQm06xvznBP7311XGCeJvu1KdMjM2c//rj15+jJEHJi+9/395Yl36+JdNIJJDew7+ELibb1Mf4xhv41bXHuM9/+vQ3XlrD73qf7KnA88FLUFPhMTB4HDNHpI7IOR6o76av9QhbwQ6/F0/XHT4x+t7loc/OeGbG2+cuyInHexJ/bRmdrdUc604zMNjPyYOvIqaICoqxcu8m9VXNXFz4kSs3LhC4sM6nJIg0sXznLvPLOwRhE0Oj0wQaIabk1+aI1eE0JpaYzXCLQ21PsR0XuLQ4vOZT4uKYWJTIOWYWbiJqBGUBThwtNe04FcSU5Xs3aEi3Mv7nCKOz41Y0DvuUBFFEsRjR1rQHcT5qxq3VkC8ufkKkEYGLeKjpAP1dpxjLDzNybYzmuZfjkW/PTfqULE5enSncXu0tq6hCxaGqJOMzpFxEhTNqTBgvDuAlKhnJXWZv/jXW59c/p8QzM/6Lrne8HdFkqqjSdftDW+S+vwHrxbCSH7ilcAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKkSURBVDjLdZPfS5NRGMf9B/wL+keCbr3wStArL/RKEdQLCxGEGqLJgkQx0A31IsUmKRbohSxds2Ws0ja3ynLzR20sdb1be3/YptPt03OmSRN64fOel/f5Pt/znPOcUwFU/Ev9A/ctYUQICpqQESKCU8Wu6/9NrBQcQv5FIMbnuMG31Ck/rDMS6WNWgnFU7FJTWWZwmex2rUY4LxRJGPB83eTZR5N36VNyIioIKqY0SvvX5K+BQwX0PKXHEvW0T2fS/4uwXqAo/2TAKFzEL00cJQP5uCkUYuk8029TRFMXoqVADufLFLvHlCo4kpcl46miWFQGBZVbmn1Z1rf00WDCpzG2qvEpATtH8DZqyXJOSJ9AUgwMKSVzDqawfLEnDmUQCsd0pt78FIMkzldJFoMGc2u7SnComH+zhyVJTqeTr9oZ4R/nhGOGioeUQWor8VtmTjImyeNi8n7PUsED4cYlB+MTE3i9XoYejTC3npYqs0qTujJwepM4PEeMeA5Z3y83eDw5ic/nwzAMPB4P9+0PCcWsK4NQ6HsGh/ewlDz7QZeNLKLKVuW7XC78fj+WZbG1tUUmk2FhYYG7th7q7Uvhq0307+cIJyGehT1T0GFmZoaNjQ2y2SzxeJxIJEI0GkXXdZRxc3MzV23MS2uS0qPtDAQO4XUMpqafMCFrHx0dZXh4mIGBAex2O729vdy+fYeGhsZs2UHSpF1hDdYkeXmnyOKXM+bDOWaDWVwbFk8DJuuxfPlBun6UE2aRTalgZeecwcFB+vr6sNlsdHV10d7eTmtrK42NjdTW1uZqamr472UKfjfo7+/H7XZjmibb29sEAgE2NzfRNI2hoSGqq6vLr+b163zP1lPs7u6ms7OTjo4O2traaGlpoampibq6urOqqqrjPwDsCp2+T9HiAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKiSURBVDjLlVJbTNJRGOehXtl6dD20tbV66cGtrfnUU7WW09Sl3TRsokucuGGZInIXRRAFEQhMBNMCUkEDuWiKrTC1uTJvqVQP9dZDDW1p/TrnT2u5XNbZvp2d75zf5fvOxwLA2i2aJuoTqjEZe6e7XcHqqCJhnWmHclSCumA1+78IGsblidszbQi8G4R5yoDaQBUqfRXsfyIglhOWaQr2wbXihP/NAPRPNBB4y8FzF7P/SlD/SJowTxsQeOvF/ddOOBatqBoSYCjeD82ECtddXBR257N3JFCOihOmKT38BKyeUEI5LoF9wYLOBTPuLnXCF/dAGhbhiv3C+h8E8pG69fZnrcSuF6ufl/BlawO9s91QjNUlwWseSMJCXOrM3dxWgmGy+ZAsIvpqnGxhalVHlQzYFDUi/nEVqqgM3jU3xCEhVUZ+10Xk2XL2MASGSa1IRiy1xXQM+N6yg9gWM8oULB+WJMHBGqqM2IfHqB2+hWxLhoIhoJYMsWY8JA3qXe5iar0zb4Kc2FaNyzCw6oYoWA1eVwEE5gIUN2eioPEUMhpP4Iz+5D6WYkRsJwHbcxMG4w9QOchHx6t2OBc7CNjFqPG7CyF1F2JozojZ9yHowqXI0x1FWsUBJ0sxKk6hLuiQmKZaGbuOBVsSTHJcDwcc9Wl4X7bAO68HXZoIF7pICY7zUjaYJtb4b1jtMzYIfHzon2rRv+KC0H8T561ZEBKSdGEq/HM2/L58L4yUIPkVlT7+YWm4diu8FkCZpwSEEFnmjO+k08M5lsyatLL9G02ha1CFOAxYFeRsd1DeV7qXTFc/t4fzjd/HwzlT+mauLfsY6fRBek8eKnI0R6ANFTHKdKdnktf8GqKiHk7qVcflafJVZ3cab/K4gcQnavvn3kDzPwBTBMCdhxN/5wAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKFSURBVDjLfZM7aBRhEMd/3+7t7W7OmJjnxRjDKUYNnPEJHjZqo4WIEAQhFhY+asVGsLIUbGwVRMFGfKDpRWzEqCEKIko0GlQ0MV4e5u5279sZi+AjRh0Yhml+zPznP+Zy/+A5EdNXiiWILAtD57deCgKPS4f3bTwOkBI1B/ds62gOgsAY4/K/qAgktsrNu8OHgDlAKRLf9wNz5V6RChPMmJfkWscIvSmsCl+nQ54P11Gja0nRyMn9ORIx5gc0FVtwHBfHQOx8Itc0hp9+x1Q0g00sKd9nRUcbI28y1KebEJk/VQpAAMcxRDpO2isyWZ4iSirE1mJ1Ft/3mY1CGkMHRecJ8wtgDGqFKKlSsRHlakQslkQAU0UlIeUYVOer6gCozgECmpmZzaB4RJIQ2QRj0rRUXI6tGiXjlUHNPwCOYZHbzodPrVQmFlGjDdSaBkyxgbzOsKZrO93+/QWXcfR3gNfC0nADxaEi9ukIDL0lP/mF3MqdLG7bwDJ9gJ1+vVBEVXg5cZREhESErmicQkcn6oJTE1PbVE8yfYdl6/oYH76GYe8vgKpigN1zxgLAzU9Smv1C5v1dsvkDUBlk4Optth45xbvRBzT4OQ82z61g/uLXJKxHPJfMkhXULikh0QiokHx7RG77Cdqn+4OB84VaACfwzBRSpad1Kz3ZAuuyBfItm6kbfUj98vVI6RkqZTb1rkbijwTBKzq7dzg2io8DmIu3Bs+KmkKcaP7Hidui++ktnRJmu0KSbwOoxjy58YJNvWsxbh2Eu3h88fSYiuwwfxoDYOB84X2+72q767xFbfGPFR3ccDWfnw/xqv/M9dTfvs5GcTB4obesoqjIb6k/KyKoavY7re8z/KbjU2AAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAHdSURBVDjLjZNPaxNBGIdrLwURLznWgkcvIrQhRw9FGgy01IY0TVsQ0q6GFkT0kwjJId9AP4AHP4Q9FO2hJ7El2+yf7OzMbja7Sf0578QdNybFLjwszLu/Z2femZkDMEfI54FkRVL4Dw8l8zqXEawMBgM2HA6vR6MRZiHraDabH7KSrKBA4SAIEIahxvd9eJ6HbrerJKZpotVqaUkavkMC+iCKIsRxrN6EEAKMMViWpQT9fh/0k3a7PZZkBUPmqXAKCSjAOYdt21NLUj1JBYW7C6vi6BC8vKWKQXUXQcNA5Nh6KY7jqJl0Op1JwY/Hi7mLp/lT/uoA/OX2WLC3C9FoQBwfILKulIRmQv1wXfevwHmyuMPXS5Fv1MHrFSTmhSomnUvw/Spo3C+vg3/+pJZDPSGRFvilNV+8PUZvoziKvn+d3LZvJ/BelMDevIZXK2EQCiUhtMDM53bY5rOIGXtwjU3EVz/HM5Az8eplqPFKEfzLR91cOg8TPTgr3MudFx+d9owK7KMNVfQOtyQ1OO9qiHsWkiRRUHhKQLuwfH9+1XpfhVVfU0V3//k4zFwdzjIlSA/Sv8jTOZObBL9uugczuNaCP5K8bFBIhduE5bdC3d6MYIkkt7jOKXT1l34DkIu9e0agZjoAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAFuSURBVBgZBcG/S1RxAADwz3teyp3XFUUWNVSoRGQR3dLQIESBbUZt9gekm9XW2lRbNDv0gxbJWoJoCcT+ABskTgcDDwLpOD19d+/73rfPJ4kAANaejUx03t5eBZIIgKe34r3JB7OTVVvZuzf9lderiKIoip7MLba+xY24H4v4N36PC635uSgFIJ2/Pz7ppH19w66aHk/nqQCfk8LU1BWJAyMyo3Y1bV2nwpeh8nxxthg+Vm+ZUFVKHDjhK1UqlJeK52E61LOkasOhRDAic8EWKp/qxaupmdOO6Fi3bVyiEAQdA6Th7tjMGYcyDTcdtWlUoqYtypHmjy/atadrX6JpU5QaMhDlSPNTFX9kMj0H6rr+gYFCjnSw3XNZ2y9dPfT1lUq5UkA6+Phb3TU3NJArHFeKhtTkSBc+rC//0NBQVbNmwphzGu5oCztUGDz8udydbSrlVmI9eSkIirzYKZokESw+yl+EdtgL75eWAID/yIWfXhcZhKEAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGOSURBVDjLlZPNapNBFIafSdOvtbFgSi1dREEtguDSnTfStbgW9A6y9BICinfkRosRFw1mE5BoS4rNzPlzEfOrYjJwOGfzPvO+h5kUEWx6zt6+eO1ur8x0VN9E+Ondyy/udlLdPua8d8ZBrdIZoN1uh7szLTOb9WePgxpOdXjMzXsnuDlx/gGRzAxgZrRaLQBSSks94iPNJ0+BRL4aYpKJcER0GbAqns5mhptRRgNMC1Aj3P50sChanFULboJpwbUAiXCnlPEcoKr/BJgWQhWXMnEQE4DKmNrfHKyW/L7ZJBNyzVGzR4RSSp4DFh2sOhEpmCpWMo0bPzi4NWR76xqR/0SYA8a4ZkwyF9+3cD0kl8HyEqeA1fwpJUrJuAouGRNhmOvgjkhZD6AynuxABdNMSnXcHdU1AUXyRCwZl0JKTsQGAJFJhL3mHVwFzT8hBpgpqdPpRLfbpd/vL73/xX56v0djf5+d3QbV7h7b1Q6jqwu+fn7/La3znd88v3tkpg/M5JGZPnS3Vq1enZrky19GcE/tIr8QhwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJwSURBVDjLbZPLb01RFIe/c3pbvdU2RYsmfUS1KrdaqkGQCANDzyZMjEhEYiBiYGCkf4LExEQiDDxiQARh4DWoegxERG4IQkQ8cnsb2rPP3mstg6OlcleyspKdtb71++2dHZkZ24+c7TOzywYljA2GYQaYkRWbSRWPd+V398+d6ALIkTUcNFjeX+iIvn4rYzY9BBlMMYXx8i+mnKGWW8KfyACwqb/QHm0ZaKejtR/LCKhptlWz7S1NddTV5ti44xCzAJjN6+/r5ObTN5RKk5gqADqtwgxTY3xiksSl/Bt/LBDlanL0rOike9F8RMBMUTVEDFElqDGVeC5duVcJYIgoH75OUBNXkyQJ3qUEzc4DVeSqa2ieOwc1qwAAVJQgHuccu9Z2Z/IzdVj5Gd/eXuSF7OW/+b8KvCjiA0Fizt97hfOBIEYsCduar7C0Zwul4iPM8rMA8TQgBCX1nlTB4jlE1XmozlOof0nnkg00tg7Smo7R3jheCQA+CCEJOC8kQUi8kJcv9DJKQ3MTMnGNtoF9bG17TVVcSYEo3vkM4AXvhYI9pK1vNyTPGTt3gfqmKZbVf2R1m6tswacZIA3KAimyclFEw7xJ1L0DU+TnE7o2H2NXocTYqfUNMwA1Iw1CcAHnldSnrJbbNHWsQidfYDrF0HAvmn6mtrbI4MZhgkuPzroDEUNSwXmh24/S2zNIXcN3LPyAqIpnV4uAokmRlmWdiPOHH4ysKMw8I3HMmnUDWBQx9OkuLYXTEL8nbmwBjLX7d864rsovpWvr8YXF6yMnpwF3bt0YPZD9PGNoeZnHZ/ZgapjqrBppkNgkRRUzW/wbVUOsic+TyncAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGKSURBVCjPPVFNSwJRFH1SPyR00V+xIqJVREIEUm6VFm1ahFvLiiI/oE1QRlQgUtgHlKhp41dlokVFpKmjo41M69MZlbi8d+Gec8897z4BoYcwREdj67fJsHqunkp728cjvToR/UoYs66I9og6OvjEA0o41FzeXWOfkB+6CZQIqajhGz/MRWQRh+dg3USCMNyvvbG3xVDQ5JFRJkXFNZZ8JNyZw1qbfTrUZuhwk1mihktbGRNxd45QqxvtroqMBip4pZcYHB4Rkhr44oh2H9bzJ/srHBLEYkoE1RZF5X8PLZ4qnmm3SqsOlQSpC1X6KhU+ssacwxlvW0ccSWnObOCdkK7ygUcSmijQ5BNsKeH1FMnOkK2wWOCtII9LDlCxBeuWCJh3tTynKVRJItG1meUOyqTMaTMT3KTTdwUNUYa+i3uCMvcSgR+2VTFAwo5xcz/EV6dps06VKLu/EMDUyeRw/7NcRoffqcXp+4I2X+DB9K/VbTH9/6Yey6MLfrtkV62d2cz8hmVcDPbqfy6NlFRFHkA7AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJfSURBVDjLpZNrSFNhGMelD34op67Lp4I+RKBREkUNIR2po7LOztlxbY1amstyXWw2m06b6Ra1llpqBJrlJdNFVyqxixZmIQ5npVE20DCkYqaDDBVy77+zDQbCmEUffvC8L/x/z/Pw8oYACPkfAl5mKmWl+cJFMMTzoNsUBnXsQqhk4qt/JVCrUosMVBQs2yJg5igWhUMbH4a0uKVQ7VWUzSnQswJc4II6LqT1Eg6NkI99GyPArF1M5hRoBZGkpTIPI60WdFYexO4NfKTGLoEidhl2rotEmXbXgqCCqj3LXa6P7Rjrvo7vr2thr8/B4P1ijPa3ojFjxURf3aHQoIJqxWrbuK0Jzp5bmHzbzGH11uP2ZlSnx/QEXcGaxM5/tnlrx5NMAaZ7ajD1/p6XyTc38FwjgFWY/KJRKOUFFJQnpfE7RFSNk6Ux5fiEvmPJaMnd7sVT/7J14ytDozMx+WJ9nCJylsCcIp03oNHWfpMwgOMD0PUSaKoFrlSAVJwDMRfCfe0ySPcrfGEY8iCBKq1LpEL9grYtjJGky4BHd3xwQVRagBIjcDofKMgGjh8AuVQCd4kJP9Nk5K6IPusX9J6MmnE+zANOnQAsRT7OFPjO+iwgOwNQK+FWSoAsFcYeF6IrJ3raL3hniCbjT40gSm6FqnIQLkg8XXWHQTT7QXRH4OYm8HT/IWfhajPBlruK+AX9DUf1dv3K3zOcYDSFBs4XB2SEZuCgGPQWxkxzGdOsV/hsVfPa5dI1TSLl8AArJ0M0iyGxBIOUBI4dLPrFMnI7QTHRyqasH76p5gX9jf/CH9NZtVjmGMuRAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKDSURBVDjLhZNfSN1lGMc/7+939ORU1C0iszwSG2duOFqNBQ2meJUoY4MixiiKiCCGMMauZYJ00252uYIuRlsgKJRsDLE/VBIhu3B/knVmInpy/jnrpB71fX+/99uFO3KkrAfei/fh+Xx4eJ/nNZIoRtx9Vq6xCTs0hCTwHnmPJOQ9ya4u+PYHKkdumSKToCQURVvFRXBLUhRZV4oQbBO4aBOIYxTHBOlVyt6Y3brL+/8RWIesJdi3D8UxiWN5glfrYM8yQToN6+vI2v8U9JrZLGFTE+HLKcwLqwS72wmOGRKpFP7X35B1vTsKktev9ZD9o5epacJX1gga3iKofQ2lsmjiAXow2Vt773ZPKWMk4X5KVUhhWl6hF/j+5z5U2+IHZUcvQFCOnf4SNzD+tVrDi1KA9yJ2hYX6N+enjSTs9/Uz2tXcIPFkCiKoOw67Usg9Ri6PWxonLswjDN457PIUNrf4jpFEYcCc8I4vwgMfVSUaTiM7h7eP8S4HcQEUgUlgEtX4yJEfu0Zu7O5XJDljiouUv2r2+pih8v2n0uHzJ5F9hKJV5AsoXgMTEuWyzN3sj+0yPYcuq2/bI9a8rQxJjqz/Pjjo/7oPEtIG8hsgiyHk0Tf9ObdBRxH+xxTqTmvFVFQOu3wGGUAegwFtLhEhKy2faHjHMQKIpzrL6l7CmASKImwuiynbTVBeQ/kzzzbeuWhaSuu3/YWlwacrvGgPaw+Q/+USS6OjGQw/Vqb3vlu9v41k/UFyD+c6gTv/2kEcR62m6sWKhaHzLHw3eiVyHG7+WO/9OZHpmBz4bNauWdZX6dzesrR1Zj7l/Uwfk3fP8XppXhI/d1MzcobPb5ziXmn+b0pcjPW7AMpFAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAK2SURBVBgZBcHLjxN1AADg79eZttvddttll+WxIGrAV4QYTbxoYsSLgjc5arx68qCGf8G7J+NBEg8e9GqURDEmEiOJAWNUwIi8sryWDbSdmc60Mx2/Lxw78caZ1fXVo1EUAYAAACAIgICymrt/7/6P8er66tHPPzklNIJyPgNAENRqAWSzBEFdN9TzWq3y0ckPj8ZRFKmUwuxL6fcXrJzJbJ18xFKv6/LlX1xMP3Nra6jXW3Z3eyiKm0Zp7t1jtWYcaQAMh9uGT7eMkkR2+m9JcluSJEJxQTEZm2Rj00liMkmUeSqEOYI4APr9ndQzi+/v4OPz2m+tWd+zV2d2xaQ8pDfoaUUNcbMlyXIhFAgaQDAcDiXJ2MP1ymilNPn6X6q5OvvZrEhk49SsyBR5alpkQqhBDNDvr1PPDPrLhu89Y+XTbeUre7TXCo9MtzW7+y22I81W0zibYkSgQQB5XkiTzHA0NF6qPHiC/Iv/1FWuMf1WPklMi1SeJubTVABBHACdzkB3OdVfXgbNtx/V+eCsuDpg7+pf8s7ERvcP7daW6eSaqPGOgDgAxsNUkhRI/bZ5x41Zw66DlSdPXbZ5PLUr+kYx+slg8Yj2uW1hNRPQEIKA5cFuFgZ+z0rXpk2DwU53XjtgX7xisrXXoDuycX1B54dLbrQqdbMFYqjr2rmbV13YvKTb7cnzXJKkkqLw61MNh7+6Ijl/3eZK0+3nHzdqBvtbbRAHZGVqq5ppt7qWOn15MdVd6Or/ed2+W5lWkwfPHnbzsZZ2e8HStKCuQUwQQkPPsknItKuOxdC16+I9rc2Jqy8dURxMvHz2oX/27xa1m5irZqWAuCwrVVXZ2PGcjVUCCMIhvMpaCCC8OPdCNBMttESNSDWvlFUlvHni+Hc719dej5oxggAIAAAIAIGyrGzd3Tr9P5JrNp8Zt4rCAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJKSURBVDjLjZNLSNVBFIe/+d97LdTCK2ki3qJLBipE9KBWtZAkW4ebFkEF7nLZroWQBBVGbgpa9FhJ65BCIUGxl9EmwSJLKzMl8IF2//M4p8W16zVbeJjhzGLmO7/fmRmjqoyPj6uIICKEEAgh4L0v5OLpnCvktrY2kwQIIVBbW8f84iKoQn6AKgqoamGNKul0BX19TwAoAOYXFrh0e5jNxPX2I1hr1wDe+9WSUJfZRXlpCZmqMrZuSZJzivOCCxAUXrx6h4oSxzEAEYBzLi8TMMawkvPMzOdYiQOq4INivRD7/B5V1itwziF/9RmDMYalFY9oTEVZimQyQSSKrgJEZSNAJY8wRZDfNmCdUFZaQiIREZl8DZU1QMECRRaMMXkIoMawEgfmpJ1pdxYTeeRfC9ZaokQEwOSXz//tfFVTzO7qBhb3XkWixxsBJakk1y4eIAQllUpxZ/Q8Kg4rHus9tZX1NNQcZSm3zOX+FhrdmbxiVaW3t/emc+5E0SurHNv+cM/JpnMEFYIEBGVm4RvpsmpGJvoZnRrUnLdp8/f6iqO7u7vjffrRrdP7LzD56yNOPF4cLjiiqITqbXUMTTzl5eehkCw+2NPTU+Wcm62v38fozxw+eHZu34WXQFDhx8IUleU1vP06zPCnoTnraVkHiOP4cCaTobX1FPfvdfBg5AZWLDlvye5o5Fi2hdeTQwx8eDZjPc3TXTq2wUJnZ+cb59yhf3/hYPVdDu4+zvMPA9+t0DzdpeOFJm4mslfMcpBE6W8J2dkuLdz1H8DrioJLLPMsAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJzSURBVBgZBcFdaJVlAADg532/75zN/XSstrM1YVBUpEmtycigG4sQu7FBl0VE5GUdooiuRj/3RRdddBNE94FgFkJqehPBQLLInEMHbXZmDvd7vr/z9Twhe8v+5rQFqQ6AiAiACAAoseqLfMXHaXPagseOdUwcIWkQU0IgBkIkBmJAQkBAXbH6W6f5w2mpVMfEEbKEyTkSdP/kziIxkkREEoRIXTMyRnuW9ulOCpIGcZBn5gHzFDtcP8fSGaptBOoagY3bDD5In6iPkLK7xu/fs3yZnXUawxx6hRNfMnUUECgKegVlTk4qIgZ217j6HTGQRsZmmHmN1jTPvsvi1yydIyvJM4qKHlFExOQcr37LC5/y6Ek2l/n5Q1Z+AWZPMTFDltErKUpyUn1ICGgMM36Q8YMcmufyZy7dLHT/uW47GzDQeFNr9g3HL7wuFhU9UhEBd69w9h3ah3linuFxl8ZO2SyGPD01Im0kuvdyG1uZi49/4FjvJ3KiiBipI3tdVs5z/iNuXXB7e8AjE0M2smBts1KGxIH2qG7rSfKKnFQfAknN0fdpjLBykcVvbLc+0Ww2lFmpX5OVtcE0UdYpZUVOCmLN+GGm5oC65OpZQ+2GvKgUFWW/BnVgd2eHsiYnAoG9dYpdYP0GWebA3jVbe5XRfamhwdR9Qw1rdwv1f9esbt2jJJWjLlHx43s0WqxcISs99cdXljZPuvHQi/o1Wzs9xb9/eX68a3WzqWi1hPptn3v5REd7jhJVQVFRVBQVeUVRUVZU3NrccmffoAcenvH3r2fKkB23vzlpwaSOPkr0kCNHDyVylMi5ef+o5edeKqu6n/4PaywNA5LOKLcAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAK2SURBVBgZBcFNiJRlAADg532/b2Z2Z9fdUdfWUlwNooJIFNryEEUSBAVCVy9eIrwJngqCwI4Jdg46VBIdukRQtBAdOliUHQ0qlbXE9afdmXVn5vt7v54ntG0Lznx1axWXHh/MnBhXybhKqpRM6jTENu6jwSYe4DN8nwOkun7+6P75E+df2gcAdsq0OC7T4ua0OVhWbBeNm/cf+vbvnVdxLgdIdb280A3g1lajE4I8kOX0OtGhXpTFqJNx7OCsxxbn9nz8y+2LEaCpqoW5nDqxXQbDiq2C4ZThlAcT7j5swDuX1504MueZpc6+HKCpqj27utFOwc60EWOQI8uIGZkgCySEZuTK9U1X14e3c4CmLJcXZzPDSW1ctGJsZZHYBFkk08oytJmNUeGjtb9GOJMD1GW5srzQMZy2any99qddPcZlbfd81+27EyEy38882u/aHE0Wfvj932EO0JTFyv7FnmsbjRCZjKdeWX3SqePzvrnyj/dOPw0APv3xnpTCzxFeu/DdrKbu9jpR2RC1xkXlv+0arP26AWBaMyq4t1UKIYlQF+W+XiAGErTEGGQtVZNcPHtcSq0mtTJJP0+KojDaKeXQlEU/n+vKI1kMmhTMdKJpUfngy5tioG6S1CQt2ralpd9J8hfPXV7ChdWnDrkzat3caMzNUKdW0dSy2EEraIQQtKnVtkldV8qyljdleRKv/3bths1J7mHRqprW9rjSCbmzb+xSpxKRljYkM3nXh1+sezDakTdVdfzUy8/Ovnv6BQDw5vs/yXQkE59cfdtS/5Aguje+5a3nLolmjItS3lTVjTv3hz5fu2YwP2uwMGMw15PnmcP7WZ7fdvLoqkH3AJGt6QGPzNX6XfIQhGOnLy3hHFawF3uxO/aPHH5iZU9n0BuYyRfUqRJSEtpGCmN/rF93d1T5H4CHTHMseNtCAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAANsSURBVDjLdZNrTNNnGMWb+M3wRaObc/plSxYToiZzc94quCGCVRfMnwYtUiyuUhUQKqtcCmhatAgEaKlcBNFSBYQ5lSIgQ0GFttRCL0BBoAVUVFKo/UtLBXJsiZp5+3CS98N7fjnnyfNQAFDeK1uf6nVGm5CSquS28VqPzMY0RcweVjDawmqC+QevZi6IvfJk4f//e/ThkalL8RFqTg7dHqhFo6UJiuEGdLzU4oq2HISMJo0pH+VwLpqHIgoHfD4DZHQlB1V0l+GOpRFl/VdxXMsH91Eqavr+xd5LO62MkuIfI0vN1tLWcXAvD4IQ6YI+AESdyYtPq0+QzcPNEBklYKmjEa6KxvmeUkhbxNgh3cZhXxiSZteOQWEgUXDnBWhpHeR23sPF8wB3X4Gi/xaKTJfBVEchpI2NeE0aZFoZ/MU+naxC489h4r7Zmzo7shrGUaWy4fgFE6hRTYJ5QHxLZGe9uRFRmkTsc5vZyjjI+isQVREJavpvWw7kme5nK56hWmODpPIaTPIQPL4hRFeJP3T53mGUo/XhrhuWOsRokiDS56Gyrwbn6kXYJPi1hJHbS3f3dVQqJ1FcXYaxZh5s+lqAfIpJfTXaMwOeU8Kv023K52pc67sOyd08+GZtsm48/UtKfeypJbnx5cvcffU1dXKMG9PgGr2JsXvn4DD8g1nLAxgusp0Uunx3p/hujqfvS5+MDXGKWGLlNJOZ5AymW6doe1bzMnLMViMfc44HcAweg9U9p15ZBJTSgzPqvKCfKLuK/Lh+uVS2IZ71vYv9V9Z0aChJpiTjdcg+jGZ6cyYMCZhztmNqgAnnCAP2nkTo82kgGAnF80Oc+fvEojfHjha6WCzXa6EAkxUyWOVlGGRuwVgH7505DM7h/XhlTEK3JBB+BH/qO9+MpfOAN0c4S92RSXthPiaq5Hh2Kgn94mj0KuLcsVvhNEdgeuQAbO4kPZIA+IcWYNnWs8RHm+jYSxAki4WJVD406Wx01yVCdzsHT1TBmDIzYO06iUc5NKzfnTbyLTU94Iu3YN/su/3Vug1DVaI/ALsFpiICzYnL8bAgELX8za4/6dzz31CFXl89Jo8mVq3xEhzynnO1S+BS5UIl3IaqQyvIhoQ1az81fhHgUTB1kfMMc9XMf2cDZ5qyfm+5xVv9w9fMHr0Fh4yy26byoRwAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGtSURBVDjLpZO/a5NhFIWfL1bNoFQdREMRRAo62CqIhOImWRz8A9xcNU4uFd1asEs3cXDxX+ggFkTQoZRsUrGDCDpoY4VSEoPRku+e4/B9+UUyFHqnM9zzcM77chPbHGQKHHAmumL51c9eFNkYiAAMlpAhlOkQLNw5lwwBAEonj2CMBQYsI4MHIBJ8/dUeTRA2dm4Q2MbO0+QgyUgmOmMqRGQRsZFyY1drGNIJjQIcyhYNkrDIDeoZu8A0HQNIBQqjfClb7mr1kxiUehSgVITc6+mBzs4rdZOk4wBpChHq9R+GQLP1luaf9/zda9Bq73HrUf3J66cbi31ABBET+avnRmdfudNYpThZo3LtOlOnpnm3uULt09ZCuVo6UegnMBFGKUQ4+5UQaZitnRWuXJwlCsHs2QqRdChfngO43weECZlUzrWIyJLstrY5nBzj9qUHADy8+YILp2cAigNvID5/b/c6S8JhBOz+brBZX2ejvsZ85SVLb+5SPHQU4F+yn2ssV0uLU+cnH8/N3GD6zFW+bH9g/eMaP741l5P9nnO5WloC7gHHgRbwvPasPv8fJZl0Xd9fi4EAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJ/SURBVDjLhZJdSJNhGIYHkjAQgk49CMMwJKPIkyIcDIJSFA+UkqKDQM0y/CFRdKmlMVGWQ1O3ZR5sKjKXP4wSayyFJYpSdhAEhRDYQXUSGAvry6t7mYU/1cHDBy/vdT/X87yfCTBtqmlPispBuGeB6S6DkNNgsm2BiVsORupTtt7fClcKjDI3BC/GVUFYHIOnPpjqgkBVFH955faAaU88U+4JZvvhWUCXe+BhC+oKY9dhpBrG6yF8G0Zr4e65CXry4/8EhHuczAmOBUy2GQKt0jX/7jRwxYy30ErfBYOAwnwl4Mx0rAeEu9J40mEwO6iOdoOxxr2M1iVIt1m6M/SXzOC92IyrIAF33l46sw38mqLVYtByPNXEY4eTSJ/0nDFdK6PViQxXLvGgCYbKYfCyvhXgyl2i43QibVarQqD3PDQfcZik+4qZ/vXZAtfM0h0meAPp+vGctXAn1yJdP74idc0YpvWYmZtHkRnUprw0SXeVGW3ZXx47jJNuFN8lpGuZn5/PiUQiqdK10JkFTelRGg/FUXcABq4qYN8nk3RXidzTYgpj2zXjOhPT/cBQ2QnB30Kh0Fe6805J9y0NaVC930xt8vpotqQVk7b7mvtVSDcq3XjpZsS2K9jH4iS8eYTf7/f+fA1b8kF13SVwmZb0WIBGcBWUSbdIi9m98WyC96jzSjAYXBO85vV637nd7oRNP50tyaLKN237lVWCuwUbfHwO7+cRbLS3t9t3ursTfFjw91+dI4IjgtfsdvvnhoaG5P8GCA4J/iK4d+NMsE/wSk1Nzcg/AwRnCV4WbNt6UXBjRUXFVGlp6cm/Bgj2CM7ZadZYCc4uLi7OVMVtnP0A9SbJ2btHXdYAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJsSURBVBgZfcFLbExhGIDh9z9zztw6marQUm1DNZEQEdUpsRC2lLgsJDZNGmFjY2nBErGzENewIEUQRBBBJFW3IC6xqqYSd4tWtOPMnMv/fdqYUIvxPEZVqWbn6sUzm+tyV3OpTMFaQUET2eSN7YdvdFHhUMWudR1OY23NxVwyXbAiWFUiK8YfLa3ZvXFpDxUOVbTUanZKpmZ5Jl9L67w5NDY1IKKICHWZzAkqXKpI6seoftZsae/a7Ez3ikwoaZox63H/7LGACocq9n3fE06dlh3L4hOaFMbLMiH48FTntjWGVLgD1wt+Oj8/Y4zDX8r5rZ/ibYcWvjxV09/R3NJKyXh4JuTDx2HtHVrU28lvZuBap7ateYQxBpRxih9Ydhx4QuvceRQKAU9vncWYNF4yT1NHN6eP3olvv3q/JX7cc8EMXC5I29o+E349jA0T4OTZ2xtRmrqaKZ2zGCyCtfzhKkxDeXHuXvDm7etNLpFBJcSGSVSUn0MP6M6/gvg4PKSq45uupA4+33PJxaiRuMTo0CDRyCckKlO3YD0/2nfxL2VCzoPRk8v4kpxJ86IVSZfIwc3UM2PVfkBAFRuHJL7f5KtfxqqlZBP4McQ2orlhCQaIn70ojXj9sUukqC0TfjsJKL8JKbFkyTEmSYwYPBWsRLgEWCDR0d40Z2XfiEsAKjEYQBUQkAhHIxrcH9QbHzVF1CmiDJPOtPMOOLOSEca5hIrBgiqoBQ1RCUDKqJZQ66O2iMajqPUBYTJXQyH2h5HYA3VAE6h6IClUakAjVEMwITgxtlxmMlfLweehIxsaUBwMhv9RwNwF0WEqfgE9XTQvEQ+I/gAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALnSURBVDjLfZNLaFx1HIW/e2fuzJ00w0ymkpQpiUKfMT7SblzU4kayELEptRChUEFEqKALUaRUV2YhlCLYjYq4FBeuiqZgC6FIQzBpEGpDkzHNs5PMTJtmHnfu6//7uSh2IYNnffg23zmWqtIpd395YwiRL1Q0qyIfD56cmOvUs/4LWJg40auiH6jI+7v3ncybdo2Hy9ebKvqNGrn03Nj1+x0Bi1dHHVV9W0U+ye4d2d83+Ca2GJrlGZx0gkppkkfrsysqclFFvh8++3v7CWDh6ugIohfSPcPH+w6fwu05ABoSby9yb3Kc/mePYXc9TdCqslWapVGdn1Zjxo++O33Fujtx4gdEzj61f8xyC8/jN2rsVOcxYZOoVSZtBewZOAT+NonuAWw3S728wFZpFm975cekGjlz8NXLVtSo0SxPImGdtFfFq5epr21wdOxrnMwuaC2jrRJWfYHdxRfIFeDWr0unkyrSUqxcyk2TLQzQrt6hqydPvidDBg/8VTAp8DegvYa3OU1z+SbuM6dQI62kioAAVgondwAnncWvzCDNCk4CLO9vsJVw8xqN+iPiTB5SaTSKURGSaoTHHgxoAMlduL1HiFMZXP8BsvkbO1GD2O3GpLOIF0KsSBijxmCrMY+FqgGJQDzQgGT3XrJ7DuI5EKZd4iDG+CHG84m8AIki1Ai2imRsx4FEBtQHCUB8MG1wi8QKGhjEC4mbAVHTx8kNYSuoiGurkRtLN76ivb0K6SIkusCEoBEgaCQYPyT2QhKpAXKHTiMmQ2lmChWZTrw32v9TsLOyVlu8Nhi2G4Vs32HsTC9IA2KPRuU2Erp097+O5RRYvz3H1r3JldivfY7IR0+mfOu7l3pV5EM1cq744mi+OPwaRD71tSk0Vsp3/uLB6s2minyrIpeOf7a00fFMf1w+MqRGzqvIW/teecdqV5a5P/8ncXv9ZxUdf/lCae5/3/hvpi4OjajIp4ikVOTLY+cXr3Tq/QPcssKNXib9yAAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAF+SURBVDjLnZOxalRBFIa/e3djWGyE1GJhlcogRLCwshPrgI2NjaCktZZUCVaB5A1s8gI2PkMKGwu3CIIgKGuuu5ts7pzzH4t7k5tZSVw8MDPMmcPHnP+fKSKCFzsfXz1+uLp9PIubEoSEJJI3q0nIHFMw4IRPn7+/fv/26R5AH+DR+upub2lQrixBRBBARDsARRABiub8zth2gQ4wTVFO6hMioi2CIJDIcueg8cxL2ugDuAWbT26zaLx8d0QGMPcriyMAuhb6vYI6pRxQVeMrAUUBUFAUULS56sfo4rwESNfcIIO1azLPb3A0/Hq4/+HW/V+n4Arkjlwkc9yFyfHkuMRyTJHpMAOsP7i31lsesHKjs+qy8vMu/K7qtQwwPlNZzSZIlz2Pv/cBUjCdtzElsfXs7sI2brz5kotodr2I3cuMRsRkOcBd/1a/m/CzuXdw/HO0mIWtj5NqlAO+DYcHz7dmG26GJ8dSan5fXSNv7JMbYSJZDcHBBfi8r/+NP5dvHwJcdb23AAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAJiSURBVDjLjZJNiI1RGMd/59x35l5T7x2DGRGJ0CBfpUlRJMlCSRZsUExTsxpr1lIWyupakIUFFnbSNAnJRlJMhhmM7zHkcr/vvO95zzmPxR3urHRPnc7p6fx/z/88/ZWI0Mp6m9ukSQXn0wu698Q/py6vGXx5FQARaWmPX1p3Ov9kSJLKE5keOfLr2bk1+0UE1YqDsVzfxZ4NvUNdm/fp2tdJbMVTejdan3j6oj9oxX6QTvd1bjygXX2MzKJlRO4rS3Zt6bC1Qq4lgDP2U1L4uEOn8ihdoz2bh6hOdTpOqYk7255nsuvXK6XnSIS4MvnFT5cGM+GS80G2Y2G4Mrsi0EWUDvGJYfzmRDQ2Xj4ZKNG9y3dea1NKgTTEKEXx1a1VheKV4e7th5WYEZT7zuvhKkE975S11Tfvy6eO3fhwO8BKhDfp+HsOZ1KgsygVMjP1kKW7jyuTzxEEnUw8snRsGGB130E3eXfft6NnPtwG0CRKizc40454jat9ZubHfbz5gUpNkUp3M/6gjursYXHXKKRMuw5k+b8BoyTj7QymDmJqJJUyYe8JurauBaBtwSBbBpqzUcF8cDpoAhJNMK+H+ev6AQ8iCB5vprDFe4grIbaE2DLiqmSWnYW4mZ2ARERchK+PNh67CmKL+KSAuBLY4my9jLgaSAzJnIwQI+ItPvnZ6ORKiC3O3guzncv/ACIW4rkAI6JwiP09Kyw2bbsSYitNsY8a37RzAGJ8wdZ/dSTV9hAfapE28CHIIsTFgEF041Ta4aJIxPi4CYjiC+8vH+pD2Isi/G+mBVCPDV6u/y39AQ7XjBmT8uenAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAF6SURBVDjLjZO/S8NAFMe/l8Q0ASUUXRwK9R9wFDfdunV19Q9wcmg3/wHp4FLo4CA4Ce3o6OLWUZwKpbRLMdDFCKH5dd73SkvQkvTgeLnLe5/3vXfvhJQSu4xutyuDIEC73Rb5fQM7jizLMBwO/+1b+UWv1+soRZdCiGO1PFJzT33r4Hq9DsuyigFRFN02Gg1UKpWNc5qmehJimmYxgE6e5+GsX4VrZQgzHlfiwI7xdP5VroAOzCZMidaFgGVIENH5sPAdZeUAwzAQxzGECrSpVt0Qq0ygErKbAh5DqOC7dxWj0gtKEGSl5QAWiYCX009t18Wj9UxvK8DYBugHz3hN+hiNRnp9+PAINlzpLawBTedqlflkpcC/uUYVKFewrsF4PNZ2MpnozLPZbJOg9AgMYNdx0BJUq9U2CQoBvEYGzOdz2LYN3/fhOA4Wi4UG839hDVTf/4RhuJ9XwLdAy/5Qr1EWAqbT6f1gMGgul0sdmAMjSRK4rvv2F/ALQmi5wbpDa1QAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAALTSURBVDjLpZN9LBRgHMf1R/NPuo7Uam0aaV7G2uSvYki6c4hhWZe3mJw6i9FxnMj7RUNeIzYvnUtLuXKGXDV2yMm9JK10iDHlvOTuvN6369Zs1kZbf3y2Z8/2+ezZ8zw/PQB6/8NfG1H2B1n5JMPlAsoBsEkEsFyISqqdccY/Ba7ZGTJKvYiaygBDVGi570tEtjsBMY77NRRbo7RdA2UUAmq0IlsrZVN+Q0SmhzHinQ1xxY6wuGsg23Ef2sqSMclno7cqBtFOxoh1PYLr500RcYa4Vpvgqb9joDLIZE498wmLPWWY6rgHMfc25C9zoZCLwIk0Wxxttr800hCAz88zMfTQDeIS66BtgSKqVbei/xFmB5qgGuJoadStFSIO+BkWX6e7GFiQvAB+TmFe8gTCPNLMlnyY0rDX/GxULYd+GisDVVDLmnWo3jdAwLbFd2nK5uq3Fky/vguV9Ck2xrohrYlQ62Rjd46+EamedozUCdnEMrhJXmhM8tTRnucChYyFTVU3VKM3MNdPx8e6MEgqA3/0F/mc1DMic/cYuHFDTDy6MTypQv0kECsDaH1AVocACmkiNtVCKL8EQz1BxdIwE/IKpxlRvusp3SVa+1Z7u/qx0dS7gXIxQBdqECnQIJXzDNPvGH/kIKjHL2NRlgRZoRtiIyJTt15hMNliY5aXgOJqHkL4QFgrwKrjQdp2S3vst1DLw7AyEYgF7UlGSi5gtiUewjjLta2AmGWpUbTfQUBEDTI6lIgr4uBDKxNifgEm+/yhlFMxN5QASakPAsNLMd+Zjn6GlWYrIK2lJ4oSzddDQ7PW7UMEeJx7Dlgaw8gDP3Qxj6KnnAx+DhkuflWghzOVgym2K1onfdtHkjfSDFKYGUbHvXnlaeE2WBUWY7WvEH2Zzqi/agYHcq7ixMWW9pvRqYfGuTSDHafR34Gozg62WH+VQ17vzHd5w2PYmO40zr8A5dG3M3vHNHcAAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAIzSURBVDjLpZNPSFRRFMa/NzPaPNSpsDQVF4JUi3YtomW0MBCchbSxhS3chAS6mJpFBYmugpjSRS5cWAQFSUmBGIYiCbYYbOyfOAqKgwgqRNF79953zzktxoEspyAvnM095/zOdy/fcUQE+zmhYomOl23J9mcXw/8N0J5u8z09+C+AU3hC58Tl+kDbVqODpkCb09UVNUeNMciuLt0b757q+ivgyuv2s4EOrteW1cZj0YOIlrpw4ECRxvsvGWSXlvpme9M39gKEN84s1xtt+o5XnojXHapDAAsWxpa3BUcc5NZz2NzYfLf+NV567lQs+8cfKN+0HnNr4pVlR6CshlYai6tZGN8inZnD4kJ2YO7ux2sAUjef5NzfARHlqabyynIoq/DN+47x6fE1rYKRQJvzRgfpD/cXrgIAszSySAJAz24Fnr7wNjOD529eYGxyDL6nR2Z7093KN0+1CjoKhcwMIk4mhlcadkkQkaLxYNJvGJjwRkUEiYcr0v8qJ11Dy6O/1uzpg6Fp5Q5OqVuW5JMlaQEAIoYbBg6XhVs6BxebixppaFo1W8Z8VYVz+2R1xLWU94klxg9FiIYBaznV0f/ZBYBIoXF4RjdYklTMdVoqDjgoCQOBFRDn89YyfMMgZlTFShrXtv0EgJ7I41njWpKEJUlWx0JueakDQwITACQAcV4BEUGZEAqKiDh56U7mUcSSzFuSRsvA6jbBksBSfjKxYKcflhgr2wpMvHMvLrOknP2u80/X2WfmmbX8IwAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAE8SURBVDjLpVM9SwNREJzTpx4JaGMn/oJrRMtU/g2xsLD1F/gDbK0lpaAgNmJnI1YWasBOELs0QgQDfsQ4Mxb3vEvgipwuLAsLszszb19iG/+JsHf6dDU3g9WXdzdtABIsAQZowjJkwSRkwyQoYX52+PYx8F0w0FrPFqfuuwP0P1W5ZW2hi9vXpViXsXOyieOtw+b1zUMr2T16tGnYBizYhqR8a2QjquxRkAjJsIhgGhsrg4q9CYDpmGWMerZ//oxgC1mW/clAnl0gIE6UqvXbLlIqJTYaDeibCBRrAX97ACAKwXIt4KgHEhEUGdQBlgOE4Khd0sTAMQZkzoDkxMBiAI1g5gzSNK39jJYQJKHT6SBN00KGpDFGVfJ6vR5kIyQetg8uh9tiH+IIMNb8hPOzNV2cuATAX+3kv9/5B7T5iPkmloFJAAAAAElFTkSuQmCC",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAL0SURBVDjLhZNbSNNhGMb/EqGGUEEUUhgWUkmWQpFZ1oUkdZNQhFAeMkktQY288EgeKk+l05zHdI41tZNO5mHTEJ3OmTrPh8imTvM0tTxs6qbb07c/OTSjLp7v4uV9frzw8aMGWI9MSAJI+CQyEiWJtiv7AZoZbqh9fl3LD7+sLA46Lcv3seQz3fcFpLiamQCg9KHIcuNIVRwmmphQdORhtoeNma4CTLXkYlyUgdHqFMjK4tDLCUUjwwslIZdAAI0GQD8nrGsDMC3NJXmNSUk2vtczMSJIhoyXgIGiaHTkPobohTsNYLibdxkA4m65tVRch29VOegrjEQL0xu1cS4gZ4OcDZbvUWR5WyDH/ySKYm8iJz0e6dwqawNA/9QOagTSMTVml9awotFhdU2HOdU6+iZW0CZfxvCsGrIZNcrbZ5BeOSzYKBsA+gj7l0uF/SrdCFlWrmoxMb+GgclVDJGi+OsiMoWjulcVwyWby1sA+vA6FuzLOuZln2VLGP2hocuVnXPIEMoH0yqG7P8sbwNspLBJ0dAuV6JteAlMgVykn/lzzqnus+zgmWdj+l9AcdO0pHNMCSkBpJUPNehn3iw7VTT/NlyzjsOFedj0r4BC8bQDr1Uh7x5dQiDXEQFvzsOPfQZeebaIKL2Fd62pCH7vgispB7SOSXvNtgA4DVO8D83TuiHFCv0T5GTw2jPwUZpOF4tbGWB8CgZbkgg/rjPOxhlrbWKNdtPlAtGksKZnDuPzGqjUWmjWdSAn0+Xk6kAkCPzxrNIHUXwvxFT4IksUC7eCi7B6Qq1TRTU91tyGCdT1/4RicY0ua3XAndwTeNvCALf5JdhNicgXxxPIQ2SKYuDDvQrLSEpxMJSypV3oFWahUSKG5MssxmaWsaDS4EbmEVxLPQSnlP24kLQHHiwHZNRH4R7HGcfCjNTmoZT1Npn+5YLd053wZDvhVLgxQjx2STfbaNCZKCwjCit/K0y7QBTWEoWVVhGUziJ8B4LumkZv1vkXO/PSRSy+XJ4AAAAASUVORK5CYII=",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAKESURBVDjLpZO7axRhFMV/38zsy+xuEt2Q50bYgChGUBAVxUbRRlS0sxJsbP0HFAQJ1jYqtlqYTlARNZoiPlELCxVd0LgxwcnuxmT2MfPN97BIxAcIggcu91EcLudwhLWW/4HDf8I7feXZw/Sq3JZqEHc0QuUYCwaLNhZjLdpajFneV8oidBy3FquVd+Wy19PdWTx5eF0+iq1Ip9zf2MWfs1ju7Ui57UgPHDsfhY6/pEpSGXHt4RyVqqQZWaZrhkrdMPPNMLdo8ANLtWmJNczUJBduzrHQjJxcT3HEaUZapBIOg/157r70+daI6c0LEi4kXUHSEyQ96MoIakuS8amvdK3Os6YrBSCcVqgAKPVlGerNc+eFz0IQU8g6JD1IutCZFtQDyfiUT2FNntJgFrFintMM9bKaLpQGsvR0r+L6ZIV6IOlMC3JpQS2QnL99gHcLhygNZMl4v9jYbC9/IASoWJH2DMODXdx67jNTDZmphtx46hNbxVBhAxcnRkl6P5X1WpHGAlIqvtYDir05kskElx8c4c19jTQKqRUD3SNs6NtOEDY5e2MtV0+UwQq8VqSsNlb4tYBiT45MOgEWlJHs23gcbQ3aaAyW2cUKm4Z20ZBtDl4s0Ofcs16z/uVTJNXa9UMZkc04QjgaBwiVRFvDdO0DsVEoExPrmKUoYHNxN424xfOPu/FkY35676k73alcR4eXcoXnuTiuoL8YekorevPDKKPR1jC3+JnV2T5eVR7xrFyOE2/PPRF/C9PRSyUdSok0klBJRgobnR2l/bz4/JiJ93dfS8W22TEbiX9N4+g5Z37r8J7C5PuJl9Kwc3bMSoB/JiidEfPauIW20Ql/zKof9+9pyFaERzUY+QAAAABJRU5ErkJggg==",TRUE
+"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAENSURBVDjLpZM/SwNREMTnxBRpFYmctaKCfwrBSCrRLuL3iEW6+EEUG8XvIVjYWNgJdhFjIXamv3s7u/ssrtO7hFy2fcOPmd03SYwR88xi1cPgpRdjjDB1mBquju+TMt1CFcDd0V7q4GilAwpnd2A0qCvcHRSdHUBqAYgOyaUGIBQAc4fkNSJIIGgGj4ZQx4EEAY3waPUiSC5FhLoOQkbQCJvioPQfnN2ctpuNJugKNUWYsMR/gO71yYPk8tRaboGmoCvS1RQ7/c1sq7f+OBUQcjkPGb9+xmOoF6ckCQb9pmj3rz6pKtPB5e5rmq7tmxk+hqO34e1or0yXTGrj9sXGs1Ib73efh1WaZN46/wI8JLfHaN24FwAAAABJRU5ErkJggg==",TRUE

From aafa3539002e01cc40b7d12868ab043838e62563 Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Sun, 12 Jun 2016 16:49:18 -0500
Subject: [PATCH 394/812] Issue #376 create an alternative API to validate
 URLs, to thwart ReDoS.

---
 src/main/java/org/owasp/esapi/Validator.java  |  40 +++-
 .../esapi/reference/DefaultValidator.java     | 195 ++++++++++++++++++
 .../owasp/esapi/reference/ValidatorTest.java  |  29 +--
 .../resources/esapi/validation.properties     |   2 +-
 src/test/resources/urisForTest.txt            |   2 +-
 5 files changed, 251 insertions(+), 17 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/Validator.java b/src/main/java/org/owasp/esapi/Validator.java
index 43bd5ac3c..00d950d82 100644
--- a/src/main/java/org/owasp/esapi/Validator.java
+++ b/src/main/java/org/owasp/esapi/Validator.java
@@ -17,6 +17,7 @@
 
 import java.io.File;
 import java.io.InputStream;
+import java.net.URI;
 import java.text.DateFormat;
 import java.util.Date;
 import java.util.List;
@@ -687,5 +688,42 @@ public interface Validator {
 	 */
 	String safeReadLine(InputStream inputStream, int maxLength) throws ValidationException;
 
-}
+	/**
+	 * 
+	 * Parses and ensures that the URI in question is a valid RFC-3986 URI.  This simplifies
+	 * the kind of regex required for subsequent validation to mitigate regex-based 
+	 * DoS attacks.  
+	 * 
+ 	 *	@param context
+	 *  		A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
+	 *  @param input
+	 *  		redirect location to be returned as valid, according to encoding rules set in "ESAPI.properties"
+	 *  @param allowNull
+	 *  		If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
+	 *
+	 * @return
+	 * @throws ValidationException 
+	 */
+	boolean isValidURI(String context, String input, boolean allowNull);
 
+	/**
+	 * 
+	 * Get a version of the input URI that will be safe to run regex and other validations against.  
+	 * It is not recommended to persist this value as it will transform user input.  This method 
+	 * will not test to see if the URI is RFC-3986 compliant.
+	 * 
+	 * @param input
+	 * @return
+	 */
+	public String getCanonicalizedURI(URI dirtyUri);
+	
+	/**
+	 * Will return a {@code URI} object that will represent a fully parsed and legal URI
+	 * as specified in RFC-3986.  
+	 *  
+	 * @param input String
+	 * @return URI object representing a parsed URI, or {@code null} if the URI was non-compliant in some way.  
+	 */
+	public URI getRfcCompliantURI(String input);
+	
+}
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultValidator.java b/src/main/java/org/owasp/esapi/reference/DefaultValidator.java
index 492444200..f471b8a0c 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultValidator.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultValidator.java
@@ -20,14 +20,22 @@
 import java.io.File;
 import java.io.IOException;
 import java.io.InputStream;
+import java.io.UnsupportedEncodingException;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.net.URLDecoder;
 import java.text.DateFormat;
 import java.util.ArrayList;
 import java.util.Date;
+import java.util.EnumMap;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Iterator;
+import java.util.LinkedHashMap;
+import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
+import java.util.Map.Entry;
 import java.util.Set;
 import java.util.regex.Pattern;
 
@@ -35,6 +43,8 @@
 
 import org.owasp.esapi.ESAPI;
 import org.owasp.esapi.Encoder;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.SecurityConfiguration;
 import org.owasp.esapi.ValidationErrorList;
 import org.owasp.esapi.ValidationRule;
 import org.owasp.esapi.Validator;
@@ -61,6 +71,7 @@
  * @see org.owasp.esapi.Validator
  */
 public class DefaultValidator implements org.owasp.esapi.Validator {
+	private static Logger logger = ESAPI.log();
     private static volatile Validator instance = null;
 
     public static Validator getInstance() {
@@ -1191,4 +1202,188 @@ private final boolean isEmpty(byte[] input) {
 	private final boolean isEmpty(char[] input) {
 		return (input==null || input.length == 0);
 	}
+	
+	/**
+	 * {@inheritDoc}
+	 */
+	public boolean isValidURI(String context, String input, boolean allowNull) {
+		boolean isValid = false;
+		URI compliantURI = this.getRfcCompliantURI(input);
+		
+		try{
+			if(null != compliantURI){
+				String canonicalizedURI = getCanonicalizedURI(compliantURI);
+				//if getCanonicalizedURI doesn't throw an IntrusionException, then the URI contains no mixed or 
+				//double-encoding attacks.  
+				logger.info(Logger.SECURITY_SUCCESS, "We did not detect any mixed or multiple encoding in the uri:[" + input + "]");
+				Validator v = ESAPI.validator();
+				//This part will use the regex from validation.properties.  This regex should be super-simple, and 
+				//used mainly to restrict certain parts of a URL.  
+				Pattern p = ESAPI.securityConfiguration().getValidationPattern( "URL" );
+				//We're doing this instead of using the normal validator API, because it will canonicalize the input again
+				//and if the URI has any queries that also happen to match HTML entities, like &para;
+				//it will cease conforming to the regex we now specify for a URL.
+				isValid = p.matcher(canonicalizedURI).matches();
+			}
+			
+		}catch (IntrusionException e){
+			logger.error(Logger.SECURITY_FAILURE, e.getMessage());
+			isValid = false;
+		}
+		
+		
+		return isValid;
+	}
+	
+	/**
+	 * {@inheritDoc}
+	 */
+	public URI getRfcCompliantURI(String input){
+		URI rval = null;
+		try {
+			rval = new URI(input);
+		} catch (URISyntaxException e) {
+			logger.error(Logger.EVENT_FAILURE, e.getMessage());
+		}
+		return rval;
+	}
+	
+	/**
+	 * This does alot.  This will extract each piece of a URI according to parse zone, and it will construct 
+	 * a canonicalized String representing a version of the URI that is safe to run regex against to it. 
+	 * 
+	 * @param dirtyUri
+	 * @return
+	 * @throws IntrusionException
+	 */
+	public String getCanonicalizedURI(URI dirtyUri) throws IntrusionException{
+		
+//		From RFC-3986 section 3		
+//	      URI         = scheme ":" hier-part [ "?" query ] [ "#" fragment ]
+//
+//	    	      hier-part   = "//" authority path-abempty
+//	    	                  / path-absolute
+//	    	                  / path-rootless
+//	    	                  / path-empty
+		
+//		   The following are two example URIs and their component parts:
+//
+//		         foo://example.com:8042/over/there?name=ferret#nose
+//		         \_/   \______________/\_________/ \_________/ \__/
+//		          |           |            |            |        |
+//		       scheme     authority       path        query   fragment
+//		          |   _____________________|__
+//		         / \ /                        \
+//		         urn:example:animal:ferret:nose
+		Map<UriSegment, String> parseMap = new EnumMap<UriSegment, String>(UriSegment.class);
+		parseMap.put(UriSegment.SCHEME, dirtyUri.getScheme());
+		//authority   = [ userinfo "@" ] host [ ":" port ]
+		parseMap.put(UriSegment.AUTHORITY, dirtyUri.getRawAuthority());
+		parseMap.put(UriSegment.SCHEMSPECIFICPART, dirtyUri.getRawSchemeSpecificPart());
+		parseMap.put(UriSegment.HOST, dirtyUri.getHost());
+		//if port is undefined, it will return -1
+		Integer port = new Integer(dirtyUri.getPort());
+		parseMap.put(UriSegment.PORT, port == -1 ? "": port.toString());
+		parseMap.put(UriSegment.PATH, dirtyUri.getRawPath());
+		parseMap.put(UriSegment.QUERY, dirtyUri.getRawQuery());
+		parseMap.put(UriSegment.FRAGMENT, dirtyUri.getRawFragment());
+		
+		//Now we canonicalize each part and build our string.  
+		StringBuilder sb = new StringBuilder();
+		
+		//Replace all the items in the map with canonicalized versions.
+		
+		Set<UriSegment> set = parseMap.keySet();
+		
+		SecurityConfiguration sg = ESAPI.securityConfiguration();
+//		boolean restrictMixed = sg.getBooleanProp("AllowMixedEncoding");
+//		boolean restrictMultiple = sg.getBooleanProp("AllowMultipleEncoding");
+		boolean allowMixed = sg.getAllowMixedEncoding();
+		boolean allowMultiple = sg.getAllowMultipleEncoding();
+		for(UriSegment seg: set){
+			String value = encoder.canonicalize(parseMap.get(seg), allowMultiple, allowMixed);
+			value = value == null ? "" : value;
+			//In the case of a uri query, we need to break up and canonicalize the internal parts of the query.
+			if(seg == UriSegment.QUERY && null != parseMap.get(seg)){
+				StringBuilder qBuilder = new StringBuilder();
+				try {
+					Map<String, List<String>> canonicalizedMap = this.splitQuery(dirtyUri);
+					Set<Entry<String, List<String>>> query = canonicalizedMap.entrySet();
+					Iterator<Entry<String, List<String>>> i = query.iterator();
+					while(i.hasNext()){
+						Entry<String, List<String>> e = i.next(); 
+						String key = (String) e.getKey();
+						String qVal = "";
+						List<String> list = (List<String>) e.getValue();
+						if(!list.isEmpty()){
+							qVal = list.get(0);
+						}
+						qBuilder.append(key)
+						.append("=")
+						.append(qVal);
+						
+						if(i.hasNext()){
+							qBuilder.append("&");
+						}
+					}
+					value = qBuilder.toString();
+				} catch (UnsupportedEncodingException e) {
+					logger.debug(Logger.EVENT_FAILURE, "decoding error when parsing [" + dirtyUri.toString() + "]");
+				}
+			}
+			parseMap.put(seg, value );
+		}
+		
+		return buildUrl(parseMap);
+	}
+	
+/**
+ * The meat of this method was taken from StackOverflow:  http://stackoverflow.com/a/13592567/557153
+ * It has been modified to return a canonicalized key and value pairing.  
+ * 
+ * @param java URI
+ * @return a map of canonicalized query parameters.  
+ * @throws UnsupportedEncodingException
+ */
+	public Map<String, List<String>> splitQuery(URI uri) throws UnsupportedEncodingException {
+	  final Map<String, List<String>> query_pairs = new LinkedHashMap<String, List<String>>();
+	  final String[] pairs = uri.getQuery().split("&");
+	  for (String pair : pairs) {
+	    final int idx = pair.indexOf("=");
+	    final String key = idx > 0 ? encoder.canonicalize(pair.substring(0, idx)) : pair;
+	    if (!query_pairs.containsKey(key)) {
+	      query_pairs.put(key, new LinkedList<String>());
+	    }
+	    final String value = idx > 0 && pair.length() > idx + 1 ? URLDecoder.decode(pair.substring(idx + 1), "UTF-8") : null;
+	    query_pairs.get(key).add(encoder.canonicalize(value));
+	  }
+	  return query_pairs;
+	}
+	
+	public enum UriSegment {
+		AUTHORITY, SCHEME, SCHEMSPECIFICPART, USERINFO, HOST, PORT, PATH, QUERY, FRAGMENT
+	}
+	
+	/**
+	 * All the parts should be canonicalized by this point.  This is straightforward assembly.  
+	 * 
+	 * @param set
+	 * @return
+	 */
+	protected String buildUrl(Map<UriSegment, String> parseMap){
+		StringBuilder sb = new StringBuilder();
+		sb.append(parseMap.get(UriSegment.SCHEME))
+		.append("://")
+		//can't use SCHEMESPECIFICPART for this, because we need to canonicalize all the parts of the query.
+		//USERINFO is also deprecated.  So we technically have more than we need.  
+		.append(parseMap.get(UriSegment.AUTHORITY) == null || parseMap.get(UriSegment.AUTHORITY).equals("") ? "" : parseMap.get(UriSegment.AUTHORITY))
+		.append(parseMap.get(UriSegment.PATH) == null || parseMap.get(UriSegment.PATH).equals("") ? ""  : parseMap.get(UriSegment.PATH))
+		.append(parseMap.get(UriSegment.QUERY) == null || parseMap.get(UriSegment.QUERY).equals("") 
+				? "" : "?" + parseMap.get(UriSegment.QUERY))
+		.append((parseMap.get(UriSegment.FRAGMENT) == null) || parseMap.get(UriSegment.FRAGMENT).equals("")
+				? "": "#" + parseMap.get(UriSegment.FRAGMENT))
+		;
+		return sb.toString();
+	}
+	
 }
diff --git a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
index fce7c1414..d2ce97256 100644
--- a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
+++ b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
@@ -621,34 +621,35 @@ public void testisValidInput() {
         assertTrue(errors.size()==4);
         assertTrue(instance.isValidInput("test10", "http://www.aspectsecurity.com", "URL", 100, false, errors));
         assertTrue(errors.size()==4);
-        assertFalse(instance.isValidInput("test11", "http:///www.aspectsecurity.com", "URL", 100, false, errors));
-        assertTrue(errors.size()==5);
+//        This is getting flipped to true because it is no longer the validator regex's job to enforce URL structure.
+        assertTrue(instance.isValidInput("test11", "http:///www.aspectsecurity.com", "URL", 100, false, errors));
+        assertTrue(errors.size()==4);
         assertFalse(instance.isValidInput("test12", "http://www.aspect security.com", "URL", 100, false, errors));
-        assertTrue(errors.size()==6);
+        assertTrue(errors.size()==5);
         assertTrue(instance.isValidInput("test13", "078-05-1120", "SSN", 100, false, errors));
-        assertTrue(errors.size()==6);
+        assertTrue(errors.size()==5);
         assertTrue(instance.isValidInput("test14", "078 05 1120", "SSN", 100, false, errors));
-        assertTrue(errors.size()==6);
+        assertTrue(errors.size()==5);
         assertTrue(instance.isValidInput("test15", "078051120", "SSN", 100, false, errors));
-        assertTrue(errors.size()==6);
+        assertTrue(errors.size()==5);
         assertFalse(instance.isValidInput("test16", "987-65-4320", "SSN", 100, false, errors));
-        assertTrue(errors.size()==7);
+        assertTrue(errors.size()==6);
         assertFalse(instance.isValidInput("test17", "000-00-0000", "SSN", 100, false, errors));
-        assertTrue(errors.size()==8);
+        assertTrue(errors.size()==7);
         assertFalse(instance.isValidInput("test18", "(555) 555-5555", "SSN", 100, false, errors));
-        assertTrue(errors.size()==9);
+        assertTrue(errors.size()==8);
         assertFalse(instance.isValidInput("test19", "test", "SSN", 100, false, errors));
-        assertTrue(errors.size()==10);
+        assertTrue(errors.size()==9);
         assertTrue(instance.isValidInput("test20", "jeffWILLIAMS123", "HTTPParameterValue", 100, false, errors));
-        assertTrue(errors.size()==10);
+        assertTrue(errors.size()==9);
         assertTrue(instance.isValidInput("test21", "jeff .-/+=@_ WILLIAMS", "HTTPParameterValue", 100, false, errors));
-        assertTrue(errors.size()==10);
+        assertTrue(errors.size()==9);
         // Removed per Issue 116 - The '*' character is valid as a parameter character
 //        assertFalse(instance.isValidInput("test", "jeff*WILLIAMS", "HTTPParameterValue", 100, false));
         assertFalse(instance.isValidInput("test22", "jeff^WILLIAMS", "HTTPParameterValue", 100, false, errors));
-        assertTrue(errors.size()==11);
+        assertTrue(errors.size()==10);
         assertFalse(instance.isValidInput("test23", "jeff\\WILLIAMS", "HTTPParameterValue", 100, false, errors));
-        assertTrue(errors.size()==12);
+        assertTrue(errors.size()==11);
 
         assertTrue(instance.isValidInput("test", null, "Email", 100, true, errors));
         assertFalse(instance.isValidInput("test", null, "Email", 100, false, errors));
diff --git a/src/test/resources/esapi/validation.properties b/src/test/resources/esapi/validation.properties
index 45fd32b74..d20f7d9e4 100644
--- a/src/test/resources/esapi/validation.properties
+++ b/src/test/resources/esapi/validation.properties
@@ -27,7 +27,7 @@ Validator.Email=^[A-Za-z0-9._%'-]+@[A-Za-z0-9.-]+\\.[a-zA-Z]{2,62}$
 Validator.Gmail=^[A-Za-z0-9._%'-+]+@[A-Za-z0-9.-]+\\.[a-zA-Z]{2,62}$
 Validator.IPAddress=^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$
 #Validator.URL=^(?:ht|f)tp(s?+)\\:\\/\\/[0-9a-zA-Z](?:[-.\\w]*[0-9a-zA-Z])*(?::(?:0-9)*)*(?:\\/?+)(?:[a-zA-Z0-9\\-\\.\\?\\,\\:\\'\\/\\\\\\+=&amp;%\\$#_]*)?+$
-Validator.URL=^(?:ht|f)tp(?:s?)(?:[\\p{Print}]*)$
+Validator.URL=^(?:ht|f)tp(?:s?)(?:[:A-Za-z0-9%/#?&.=-]*)$
 Validator.CreditCard=^(\\d{4}[- ]?){3}\\d{4}$
 Validator.SSN=^(?!000)([0-6]\\d{2}|7([0-6]\\d|7[012]))([ -]?)(?!00)\\d\\d\\3(?!0000)\\d{4}$
 
diff --git a/src/test/resources/urisForTest.txt b/src/test/resources/urisForTest.txt
index be5183f7d..7702a90cd 100644
--- a/src/test/resources/urisForTest.txt
+++ b/src/test/resources/urisForTest.txt
@@ -1,3 +1,4 @@
+http://shareasale.com/sem/fusce.xml?sed=sodales&tristique=scelerisque,TRUE
 http://core-jenkins.scansafe.cisco.com/佐贺诺伦-^ńörén.jpg,FALSE
 https://wunderground.com/luctus/rutrum/nulla/tellus/in/sagittis.xml?et=vulputate&magnis=ut&dis=ultrices&parturient=vel&montes=augue&nascetur=vestibulum&ridiculus=ante&mus=ipsum&vivamus=primis&vestibulum=in&sagittis=faucibus&sapien=orci&cum=luctus&sociis=et&natoque=ultrices&penatibus=posuere&et=cubilia&magnis=curae&dis=donec&parturient=pharetra&montes=magna&nascetur=vestibulum&ridiculus=aliquet&mus=ultrices&etiam=erat&vel=tortor&augue=sollicitudin&vestibulum=mi&rutrum=sit&rutrum=amet&neque=lobortis&aenean=sapien&auctor=sapien&gravida=non&sem=mi&praesent=integer&id=ac&massa=neque&id=duis&nisl=bibendum&venenatis=morbi&lacinia=non&aenean=quam&sit=nec&amet=dui&justo=luctus&morbi=rutrum&ut=nulla&odio=tellus&cras=in&mi=sagittis&pede=dui&malesuada=vel&in=nisl&imperdiet=duis&et=ac&commodo=nibh&vulputate=fusce&justo=lacus&in=purus&blandit=aliquet&ultrices=at&enim=feugiat&lorem=non&ipsum=pretium&dolor=quis&sit=lectus,TRUE
 http://eepurl.com/augue/vestibulum/rutrum/rutrum.xml?imperdiet=consequat&sapien=metus&urna=sapien&pretium=ut&nisl=nunc&ut=vestibulum&volutpat=ante&sapien=ipsum&arcu=primis&sed=in&augue=faucibus&aliquam=orci&erat=luctus&volutpat=et&in=ultrices&congue=posuere&etiam=cubilia&justo=curae&etiam=mauris&pretium=viverra&iaculis=diam&justo=vitae&in=quam&hac=suspendisse&habitasse=potenti&platea=nullam&dictumst=porttitor&etiam=lacus&faucibus=at&cursus=turpis&urna=donec&ut=posuere&tellus=metus&nulla=vitae&ut=ipsum&erat=aliquam&id=non&mauris=mauris&vulputate=morbi&elementum=non&nullam=lectus&varius=aliquam&nulla=sit&facilisi=amet&cras=diam&non=in&velit=magna&nec=bibendum&nisi=imperdiet&vulputate=nullam&nonummy=orci&maecenas=pede&tincidunt=venenatis&lacus=non&at=sodales&velit=sed&vivamus=tincidunt&vel=eu&nulla=felis&eget=fusce&eros=posuere&elementum=felis&pellentesque=sed&quisque=lacus&porta=morbi&volutpat=sem&erat=mauris&quisque=laoreet&erat=ut&eros=rhoncus&viverra=aliquet&eget=pulvinar&congue=sed&eget=nisl&semper=nunc&rutrum=rhoncus&nulla=dui&nunc=vel&purus=sem&phasellus=sed&in=sagittis&felis=nam&donec=congue&semper=risus&sapien=semper&a=porta&libero=volutpat&nam=quam&dui=pede&proin=lobortis&leo=ligula&odio=sit&porttitor=amet&id=eleifend&consequat=pede&in=libero&consequat=quis&ut=orci&nulla=nullam,TRUE
@@ -13,7 +14,6 @@ https://harvard.edu/donec/vitae/nisi.json?feugiat=quisque&non=ut&pretium=erat&qu
 https://com.com/ornare/consequat/lectus/in.xml?sit=in&amet=felis&justo=donec&morbi=semper&ut=sapien&odio=a&cras=libero&mi=nam&pede=dui&malesuada=proin&in=leo&imperdiet=odio&et=porttitor,TRUE
 http://nasa.gov/ipsum/integer/a/nibh/in.png?turpis=platea&integer=dictumst&aliquet=maecenas&massa=ut&id=massa&lobortis=quis&convallis=augue&tortor=luctus&risus=tincidunt&dapibus=nulla&augue=mollis&vel=molestie&accumsan=lorem&tellus=quisque&nisi=ut&eu=erat&orci=curabitur&mauris=gravida&lacinia=nisi&sapien=at&quis=nibh&libero=in&nullam=hac&sit=habitasse&amet=platea&turpis=dictumst&elementum=aliquam&ligula=augue&vehicula=quam&consequat=sollicitudin&morbi=vitae&a=consectetuer&ipsum=eget&integer=rutrum&a=at&nibh=lorem&in=integer&quis=tincidunt&justo=ante&maecenas=vel&rhoncus=ipsum&aliquam=praesent&lacus=blandit&morbi=lacinia&quis=erat&tortor=vestibulum&id=sed&nulla=magna&ultrices=at&aliquet=nunc&maecenas=commodo&leo=placerat&odio=praesent&condimentum=blandit&id=nam&luctus=nulla&nec=integer&molestie=pede&sed=justo&justo=lacinia&pellentesque=eget&viverra=tincidunt&pede=eget&ac=tempus&diam=vel&cras=pede&pellentesque=morbi&volutpat=porttitor&dui=lorem&maecenas=id&tristique=ligula&est=suspendisse&et=ornare&tempus=consequat&semper=lectus&est=in&quam=est&pharetra=risus&magna=auctor,TRUE
 http://jigsy.com/nec/condimentum/neque.jpg?justo=lectus&aliquam=pellentesque&quis=at&turpis=nulla&eget=suspendisse&elit=potenti&sodales=cras&scelerisque=in&mauris=purus&sit=eu&amet=magna&eros=vulputate&suspendisse=luctus&accumsan=cum&tortor=sociis&quis=natoque&turpis=penatibus&sed=et&ante=magnis&vivamus=dis&tortor=parturient&duis=montes&mattis=nascetur&egestas=ridiculus&metus=mus&aenean=vivamus&fermentum=vestibulum&donec=sagittis&ut=sapien&mauris=cum&eget=sociis&massa=natoque&tempor=penatibus&convallis=et&nulla=magnis&neque=dis&libero=parturient&convallis=montes&eget=nascetur&eleifend=ridiculus&luctus=mus&ultricies=etiam&eu=vel,TRUE
-http://shareasale.com/sem/fusce.xml?sed=sodales&tristique=scelerisque,TRUE
 https://cocolog-nifty.com/faucibus/orci/luctus/et/ultrices/posuere.jsp?odio=in&elementum=leo&eu=maecenas&interdum=pulvinar&eu=lobortis&tincidunt=est&in=phasellus&leo=sit&maecenas=amet&pulvinar=erat&lobortis=nulla&est=tempus&phasellus=vivamus&sit=in&amet=felis&erat=eu&nulla=sapien&tempus=cursus&vivamus=vestibulum&in=proin&felis=eu&eu=mi&sapien=nulla&cursus=ac&vestibulum=enim&proin=in&eu=tempor&mi=turpis&nulla=nec&ac=euismod&enim=scelerisque&in=quam&tempor=turpis&turpis=adipiscing&nec=lorem&euismod=vitae&scelerisque=mattis&quam=nibh&turpis=ligula&adipiscing=nec&lorem=sem&vitae=duis&mattis=aliquam&nibh=convallis&ligula=nunc&nec=proin&sem=at&duis=turpis&aliquam=a&convallis=pede&nunc=posuere&proin=nonummy&at=integer&turpis=non&a=velit&pede=donec&posuere=diam&nonummy=neque&integer=vestibulum&non=eget&velit=vulputate&donec=ut&diam=ultrices&neque=vel&vestibulum=augue,TRUE
 http://icq.com/volutpat.js?sit=mus&amet=etiam&justo=vel&morbi=augue&ut=vestibulum&odio=rutrum&cras=rutrum&mi=neque&pede=aenean&malesuada=auctor&in=gravida&imperdiet=sem&et=praesent&commodo=id&vulputate=massa&justo=id&in=nisl&blandit=venenatis&ultrices=lacinia&enim=aenean&lorem=sit&ipsum=amet&dolor=justo&sit=morbi&amet=ut&consectetuer=odio&adipiscing=cras&elit=mi&proin=pede&interdum=malesuada&mauris=in&non=imperdiet&ligula=et&pellentesque=commodo&ultrices=vulputate&phasellus=justo&id=in&sapien=blandit&in=ultrices,TRUE
 https://senate.gov/tortor/duis/mattis/egestas/metus/aenean/fermentum.json?cubilia=in&curae=ante&mauris=vestibulum&viverra=ante&diam=ipsum&vitae=primis&quam=in&suspendisse=faucibus&potenti=orci&nullam=luctus&porttitor=et&lacus=ultrices&at=posuere&turpis=cubilia&donec=curae&posuere=duis&metus=faucibus&vitae=accumsan&ipsum=odio&aliquam=curabitur&non=convallis&mauris=duis&morbi=consequat&non=dui&lectus=nec&aliquam=nisi&sit=volutpat&amet=eleifend&diam=donec&in=ut&magna=dolor&bibendum=morbi&imperdiet=vel&nullam=lectus&orci=in&pede=quam&venenatis=fringilla&non=rhoncus&sodales=mauris&sed=enim&tincidunt=leo&eu=rhoncus&felis=sed&fusce=vestibulum&posuere=sit&felis=amet&sed=cursus&lacus=id&morbi=turpis&sem=integer&mauris=aliquet&laoreet=massa&ut=id&rhoncus=lobortis&aliquet=convallis&pulvinar=tortor&sed=risus&nisl=dapibus&nunc=augue&rhoncus=vel&dui=accumsan&vel=tellus&sem=nisi&sed=eu&sagittis=orci&nam=mauris&congue=lacinia&risus=sapien&semper=quis&porta=libero&volutpat=nullam&quam=sit&pede=amet,TRUE

From 2ff45b140a7e7b527a93bcdbc6bd7a1b3c188aca Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Sun, 12 Jun 2016 19:15:32 -0500
Subject: [PATCH 395/812] Issue #376 Added URL with ports, and added logic to
 prevent an invalid port from being used.

---
 .../java/org/owasp/esapi/reference/DefaultValidator.java    | 6 ++++++
 src/test/resources/urisForTest.txt                          | 2 ++
 2 files changed, 8 insertions(+)

diff --git a/src/main/java/org/owasp/esapi/reference/DefaultValidator.java b/src/main/java/org/owasp/esapi/reference/DefaultValidator.java
index f471b8a0c..8b830d56e 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultValidator.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultValidator.java
@@ -1331,6 +1331,12 @@ public String getCanonicalizedURI(URI dirtyUri) throws IntrusionException{
 					logger.debug(Logger.EVENT_FAILURE, "decoding error when parsing [" + dirtyUri.toString() + "]");
 				}
 			}
+			//Check if the port is -1, if it is, omit it from the output.
+			if(seg == UriSegment.PORT){
+				if("-1" == parseMap.get(seg)){
+					value = "";
+				}
+			}
 			parseMap.put(seg, value );
 		}
 		
diff --git a/src/test/resources/urisForTest.txt b/src/test/resources/urisForTest.txt
index 7702a90cd..2f28b60a1 100644
--- a/src/test/resources/urisForTest.txt
+++ b/src/test/resources/urisForTest.txt
@@ -1,3 +1,5 @@
+https://127.0.0.1:8080/foo/bar,TRUE
+http://shareasale.com:8080/sem/fusce.xml?sed=sodales&tristique=scelerisque,TRUE
 http://shareasale.com/sem/fusce.xml?sed=sodales&tristique=scelerisque,TRUE
 http://core-jenkins.scansafe.cisco.com/佐贺诺伦-^ńörén.jpg,FALSE
 https://wunderground.com/luctus/rutrum/nulla/tellus/in/sagittis.xml?et=vulputate&magnis=ut&dis=ultrices&parturient=vel&montes=augue&nascetur=vestibulum&ridiculus=ante&mus=ipsum&vivamus=primis&vestibulum=in&sagittis=faucibus&sapien=orci&cum=luctus&sociis=et&natoque=ultrices&penatibus=posuere&et=cubilia&magnis=curae&dis=donec&parturient=pharetra&montes=magna&nascetur=vestibulum&ridiculus=aliquet&mus=ultrices&etiam=erat&vel=tortor&augue=sollicitudin&vestibulum=mi&rutrum=sit&rutrum=amet&neque=lobortis&aenean=sapien&auctor=sapien&gravida=non&sem=mi&praesent=integer&id=ac&massa=neque&id=duis&nisl=bibendum&venenatis=morbi&lacinia=non&aenean=quam&sit=nec&amet=dui&justo=luctus&morbi=rutrum&ut=nulla&odio=tellus&cras=in&mi=sagittis&pede=dui&malesuada=vel&in=nisl&imperdiet=duis&et=ac&commodo=nibh&vulputate=fusce&justo=lacus&in=purus&blandit=aliquet&ultrices=at&enim=feugiat&lorem=non&ipsum=pretium&dolor=quis&sit=lectus,TRUE

From fd8826729fce7a7771c620a88b6f6dd080a3d149 Mon Sep 17 00:00:00 2001
From: mickilous <mickilous@gmail.com>
Date: Tue, 21 Jun 2016 11:29:15 +0200
Subject: [PATCH 396/812] The DefaultHttpUtilities and SecurityWrapperResponse
 add systematically a Max-Age to the HTTP Header when adding a cookie. Even if
 the cookie has a negative maxAge value (which is the default value). So when
 adding a "session" cookie (without Max-Age), ESAPI add a Max-Age=-1 in the
 HTTP Header and the cookie will be discarded by the browser, because it is
 invalid (http://www.ietf.org/rfc/rfc2109.txt). Wen the maxAge field of the
 cookie is negative, it should not be specified at HTTP Header level.

---
 .../java/org/owasp/esapi/filters/SecurityWrapperResponse.java | 4 +++-
 .../java/org/owasp/esapi/reference/DefaultHTTPUtilities.java  | 4 +++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java b/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java
index 9dd0632ce..c5bd2fb86 100644
--- a/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java
+++ b/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java
@@ -124,7 +124,9 @@ private String createCookieHeader(String name, String value, int maxAge, String
         // Set-Cookie:<name>=<value>[; <name>=<value>][; expires=<date>][;
         // domain=<domain_name>][; path=<some_path>][; secure][;HttpOnly
         String header = name + "=" + value;
-        header += "; Max-Age=" + maxAge;
+        if (maxAge >= 0) {
+            header += "; Max-Age=" + maxAge;
+        }
         if (domain != null) {
             header += "; Domain=" + domain;
         }
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java b/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java
index 3c460c872..aa39b152d 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java
@@ -340,7 +340,9 @@ private String createCookieHeader(String name, String value, int maxAge, String
         // Set-Cookie:<name>=<value>[; <name>=<value>][; expires=<date>][;
         // domain=<domain_name>][; path=<some_path>][; secure][;HttpOnly]
         String header = name + "=" + value;
-        header += "; Max-Age=" + maxAge;
+		if (maxAge >= 0) {
+			header += "; Max-Age=" + maxAge;
+		}
         if (domain != null) {
             header += "; Domain=" + domain;
         }

From 3a5257c271f22f18f6fdcac541ab19e96212d920 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 16 Apr 2017 14:28:45 -0400
Subject: [PATCH 397/812] Add display of Linux Foundation (LF) Core
 Infrastructure Initiative (CII) Best Practices badge

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index 9fdc99727..01d1c6db4 100644
--- a/README.md
+++ b/README.md
@@ -4,6 +4,7 @@ Enterprise Security API for Java (Legacy)
 [![Build Status](https://travis-ci.org/bkimminich/esapi-java-legacy.svg?branch=master)](https://travis-ci.org/bkimminich/esapi-java-legacy)
 [![Coverage Status](https://coveralls.io/repos/github/bkimminich/esapi-java-legacy/badge.svg?branch=develop)](https://coveralls.io/github/bkimminich/esapi-java-legacy?branch=develop)
 [![Coverity Status](https://scan.coverity.com/projects/8517/badge.svg)](https://scan.coverity.com/projects/bkimminich-esapi-java-legacy)
+[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/137/badge)](https://bestpractices.coreinfrastructure.org/projects/137)
 
 <table border=0>
 <tr>

From 4e38d0a2bd0670235add5a0515b03a74dca46e9d Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 16 Apr 2017 14:43:35 -0400
Subject: [PATCH 398/812] Add Dependency-Check checks / reporting. Update
 several versions of vulernerable dependencies (none which were actually
 exploitable through ESAPI).

---
 pom.xml | 48 ++++++++++++++++++++++++++++++++++--------------
 1 file changed, 34 insertions(+), 14 deletions(-)

diff --git a/pom.xml b/pom.xml
index 637284460..857d7491b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -126,8 +126,9 @@
         </dependency>
         <dependency>
             <groupId>commons-beanutils</groupId>
-            <artifactId>commons-beanutils-core</artifactId>
-            <version>1.8.3</version>
+            <artifactId>commons-beanutils</artifactId>
+            <!-- We need to use 1.9.2 (or later) here to address CVE-2014-0114. -->
+            <version>1.9.3</version>
         </dependency>
         <dependency>
             <groupId>junit</groupId>
@@ -150,13 +151,13 @@
         <dependency>
             <groupId>commons-fileupload</groupId>
             <artifactId>commons-fileupload</artifactId>
-            <version>1.3.1</version>
+            <version>1.3.2</version>
             <scope>compile</scope>
         </dependency>
         <dependency>
             <groupId>commons-io</groupId>
             <artifactId>commons-io</artifactId>
-            <version>2.4</version>
+            <version>2.5</version>
             <scope>test</scope>
         </dependency>
         <dependency>
@@ -185,12 +186,24 @@
         <dependency>
             <groupId>org.owasp.antisamy</groupId>
             <artifactId>antisamy</artifactId>
-            <version>1.5.3</version>
+            <version>1.5.5</version>
+        </dependency>
+        <!-- The following is only a TRANSITIVE dependency used by antisamy.
+             Antisamy uses 2.7.0, which has unpatched vulnerability
+             CVE-2014-0107 so we try to force it to 2.7.2 to address this
+             as we are already using the latest version of antisamy.
+             However, as of ESAPI 2.1.0.1 at least, ESAPI does NOT use this
+             library directly.
+        -->
+        <dependency>
+            <groupId>xalan</groupId>
+            <artifactId>xalan</artifactId>
+            <version>2.7.2</version>
         </dependency>
         <dependency>
             <groupId>org.apache.xmlgraphics</groupId>
             <artifactId>batik-css</artifactId>
-            <version>1.8</version>
+            <version>1.9</version>
         </dependency>
 		<dependency>
 		    <groupId>org.mockito</groupId>
@@ -272,6 +285,21 @@
                 <version>4.1.0</version>
             </plugin>
 
+            <plugin>
+                <groupId>org.owasp</groupId>
+                <artifactId>dependency-check-maven</artifactId>
+                <version>1.4.4</version>
+                <configuration>
+                    <failBuildOnCVSS>1</failBuildOnCVSS>
+                </configuration>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>check</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
         </plugins>
     </build>
 
@@ -344,14 +372,6 @@
                     </reportSet>
                 </reportSets>
             </plugin>
-            <plugin>
-                <groupId>org.owasp</groupId>
-                <artifactId>dependency-check-maven</artifactId>
-                <version>1.3.3</version>
-                <configuration>
-                    <externalReport>false</externalReport>
-                </configuration>
-            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-surefire-report-plugin</artifactId>

From bd199f6f2fc41027040f14104fe557f38d726ce4 Mon Sep 17 00:00:00 2001
From: augustd <augustd@codemagi.com>
Date: Wed, 3 May 2017 14:39:43 -0700
Subject: [PATCH 399/812] Suppress CVE-2016-1000031 in dependency check

---
 pom.xml          |  3 ++-
 suppressions.xml | 10 ++++++++++
 2 files changed, 12 insertions(+), 1 deletion(-)
 create mode 100644 suppressions.xml

diff --git a/pom.xml b/pom.xml
index 857d7491b..637fe8fb0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -7,7 +7,7 @@
     <packaging>jar</packaging>
 
     <prerequisites>
-        <maven>3.0</maven>
+        <maven>3.1</maven>
     </prerequisites>
 
     <parent>
@@ -291,6 +291,7 @@
                 <version>1.4.4</version>
                 <configuration>
                     <failBuildOnCVSS>1</failBuildOnCVSS>
+                    <suppressionFile>./suppressions.xml</suppressionFile>
                 </configuration>
                 <executions>
                     <execution>
diff --git a/suppressions.xml b/suppressions.xml
new file mode 100644
index 000000000..181b75909
--- /dev/null
+++ b/suppressions.xml
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd">
+    <suppress>
+        <notes><![CDATA[
+        This suppresses a specific cve for any test.jar in any directory.
+        ]]></notes>
+        <filePath regex="true">.*\bcommons-fileupload-1.3.2.jar</filePath>
+        <cve>CVE-2016-1000031</cve>
+    </suppress>
+</suppressions>
\ No newline at end of file

From 3d72ea0fd2842687793f284bee62ba29407a46f3 Mon Sep 17 00:00:00 2001
From: augustd <augustd@codemagi.com>
Date: Thu, 4 May 2017 23:57:59 -0700
Subject: [PATCH 400/812] Update to servlet API 3.0.1

This version compiles with dependency check only failing the build on
CVSS 5.9+
---
 pom.xml                                       |  10 +-
 .../esapi/http/MockHttpServletRequest.java    |  69 +++++++++
 .../esapi/http/MockHttpServletResponse.java   |   6 +
 .../owasp/esapi/http/MockServletContext.java  | 138 ++++++++++++++++++
 .../esapi/reference/HTTPUtilitiesTest.java    |  17 ++-
 5 files changed, 232 insertions(+), 8 deletions(-)

diff --git a/pom.xml b/pom.xml
index 637fe8fb0..224f1f5c7 100644
--- a/pom.xml
+++ b/pom.xml
@@ -138,14 +138,14 @@
         </dependency>
         <dependency>
             <groupId>javax.servlet</groupId>
-            <artifactId>servlet-api</artifactId>
-            <version>2.5</version>
+            <artifactId>javax.servlet-api</artifactId>
+            <version>3.0.1</version>
             <scope>provided</scope>
         </dependency>
         <dependency>
-            <groupId>javax.servlet</groupId>
+            <groupId>javax.servlet.jsp</groupId>
             <artifactId>jsp-api</artifactId>
-            <version>2.0</version>
+            <version>2.2</version>
             <scope>provided</scope>
         </dependency>
         <dependency>
@@ -290,7 +290,7 @@
                 <artifactId>dependency-check-maven</artifactId>
                 <version>1.4.4</version>
                 <configuration>
-                    <failBuildOnCVSS>1</failBuildOnCVSS>
+                    <failBuildOnCVSS>5.9</failBuildOnCVSS>
                     <suppressionFile>./suppressions.xml</suppressionFile>
                 </configuration>
                 <executions>
diff --git a/src/test/java/org/owasp/esapi/http/MockHttpServletRequest.java b/src/test/java/org/owasp/esapi/http/MockHttpServletRequest.java
index 4910499f4..c89a498ba 100644
--- a/src/test/java/org/owasp/esapi/http/MockHttpServletRequest.java
+++ b/src/test/java/org/owasp/esapi/http/MockHttpServletRequest.java
@@ -24,6 +24,7 @@
 import java.text.SimpleDateFormat;
 import java.util.Arrays;
 import java.util.ArrayList;
+import java.util.Collection;
 import java.util.Collections;
 import java.util.Date;
 import java.util.Enumeration;
@@ -32,12 +33,20 @@
 import java.util.Locale;
 import java.util.Map;
 import java.util.Vector;
+import javax.servlet.AsyncContext;
+import javax.servlet.DispatcherType;
 
 import javax.servlet.RequestDispatcher;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
 import javax.servlet.ServletInputStream;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
+import javax.servlet.http.Part;
 
 /**
  * The Class MockHttpServletRequest.
@@ -779,4 +788,64 @@ public void dump()
 		System.out.println( "\n" );
 	}
 
+    @Override
+    public boolean authenticate(HttpServletResponse hsr) throws IOException, ServletException {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public void login(String string, String string1) throws ServletException {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public void logout() throws ServletException {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public Collection<Part> getParts() throws IOException, ServletException {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public Part getPart(String string) throws IOException, ServletException {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public ServletContext getServletContext() {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public AsyncContext startAsync() throws IllegalStateException {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public AsyncContext startAsync(ServletRequest sr, ServletResponse sr1) throws IllegalStateException {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public boolean isAsyncStarted() {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public boolean isAsyncSupported() {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public AsyncContext getAsyncContext() {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public DispatcherType getDispatcherType() {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
 }
diff --git a/src/test/java/org/owasp/esapi/http/MockHttpServletResponse.java b/src/test/java/org/owasp/esapi/http/MockHttpServletResponse.java
index d45e3aa0b..0858f9be5 100644
--- a/src/test/java/org/owasp/esapi/http/MockHttpServletResponse.java
+++ b/src/test/java/org/owasp/esapi/http/MockHttpServletResponse.java
@@ -18,6 +18,7 @@
 import java.io.IOException;
 import java.io.PrintWriter;
 import java.util.ArrayList;
+import java.util.Collection;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Locale;
@@ -459,5 +460,10 @@ public void dump() {
         System.out.println( "  BODY: " + this.getBody() );
         System.out.println();
 	}
+
+    @Override
+    public Collection<String> getHeaders(String string) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
 	
 }
diff --git a/src/test/java/org/owasp/esapi/http/MockServletContext.java b/src/test/java/org/owasp/esapi/http/MockServletContext.java
index dd1d01929..b4b042fc7 100644
--- a/src/test/java/org/owasp/esapi/http/MockServletContext.java
+++ b/src/test/java/org/owasp/esapi/http/MockServletContext.java
@@ -19,13 +19,21 @@
 import java.net.MalformedURLException;
 import java.net.URL;
 import java.util.Enumeration;
+import java.util.EventListener;
+import java.util.Map;
 import java.util.Set;
+import javax.servlet.Filter;
+import javax.servlet.FilterRegistration;
 
 import javax.servlet.RequestDispatcher;
 import javax.servlet.Servlet;
 import javax.servlet.ServletConfig;
 import javax.servlet.ServletContext;
 import javax.servlet.ServletException;
+import javax.servlet.ServletRegistration;
+import javax.servlet.SessionCookieConfig;
+import javax.servlet.SessionTrackingMode;
+import javax.servlet.descriptor.JspConfigDescriptor;
 
 import org.owasp.esapi.ESAPI;
 import org.owasp.esapi.Logger;
@@ -551,4 +559,134 @@ public void removeAttribute(String name) {
     public String getServletContextName() {
     	return null;
     }
+
+    @Override
+    public int getEffectiveMajorVersion() {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public int getEffectiveMinorVersion() {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public boolean setInitParameter(String string, String string1) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public ServletRegistration.Dynamic addServlet(String string, String string1) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public ServletRegistration.Dynamic addServlet(String string, Servlet srvlt) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public ServletRegistration.Dynamic addServlet(String string, Class<? extends Servlet> type) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public <T extends Servlet> T createServlet(Class<T> type) throws ServletException {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public ServletRegistration getServletRegistration(String string) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public Map<String, ? extends ServletRegistration> getServletRegistrations() {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public FilterRegistration.Dynamic addFilter(String string, String string1) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public FilterRegistration.Dynamic addFilter(String string, Filter filter) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public FilterRegistration.Dynamic addFilter(String string, Class<? extends Filter> type) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public <T extends Filter> T createFilter(Class<T> type) throws ServletException {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public FilterRegistration getFilterRegistration(String string) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public Map<String, ? extends FilterRegistration> getFilterRegistrations() {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public SessionCookieConfig getSessionCookieConfig() {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public void setSessionTrackingModes(Set<SessionTrackingMode> set) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public Set<SessionTrackingMode> getDefaultSessionTrackingModes() {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public Set<SessionTrackingMode> getEffectiveSessionTrackingModes() {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public void addListener(String string) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public <T extends EventListener> void addListener(T t) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public void addListener(Class<? extends EventListener> type) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public <T extends EventListener> T createListener(Class<T> type) throws ServletException {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public JspConfigDescriptor getJspConfigDescriptor() {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public ClassLoader getClassLoader() {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public void declareRoles(String... strings) {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
 }
\ No newline at end of file
diff --git a/src/test/java/org/owasp/esapi/reference/HTTPUtilitiesTest.java b/src/test/java/org/owasp/esapi/reference/HTTPUtilitiesTest.java
index c58eecaa3..130534ee8 100644
--- a/src/test/java/org/owasp/esapi/reference/HTTPUtilitiesTest.java
+++ b/src/test/java/org/owasp/esapi/reference/HTTPUtilitiesTest.java
@@ -49,6 +49,10 @@
 import junit.framework.Test;
 import junit.framework.TestCase;
 import junit.framework.TestSuite;
+import static org.hamcrest.CoreMatchers.is;
+import static org.junit.Assert.assertThat;
+import org.junit.Rule;
+import org.junit.rules.ExpectedException;
 /**
  * The Class HTTPUtilitiesTest.
  * 
@@ -334,6 +338,9 @@ public void testSendSafeRedirect() throws Exception {
 		}
 	}
 
+        @Rule
+        public ExpectedException thrown = ExpectedException.none();
+        
 	/**
 	 * Test of setCookie method, of class org.owasp.esapi.HTTPUtilities.
 	 */
@@ -349,9 +356,13 @@ public void testSetCookie() {
 		instance.addCookie( response, new Cookie( "test2", "test2" ) );
 		assertTrue(response.getHeaderNames().size() == 2);
 
-		// test illegal name
-		instance.addCookie( response, new Cookie( "tes<t3", "test3" ) );
-		assertTrue(response.getHeaderNames().size() == 2);
+		// test illegal name - this case is now handled by the servlet API
+                try {
+                    instance.addCookie( response, new Cookie( "tes<t3", "test3" ) );
+                    fail("Expected IllegalArgumentException");
+                } catch (IllegalArgumentException iae) {
+                    assertThat(iae.getMessage(), is("Cookie name \"tes<t3\" is a reserved token"));
+                }
 
 		// test illegal value
 		instance.addCookie( response, new Cookie( "test3", "tes<t3" ) );

From 7789d652b93f29e64ed5e6a75039d9c87e75de32 Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Sat, 17 Jun 2017 14:30:31 -0700
Subject: [PATCH 401/812] Issue #376 -- Addressed Kevin Wall's CR comments.

---
 src/main/java/org/owasp/esapi/Validator.java  |  2 ++
 .../esapi/reference/DefaultValidator.java     | 23 ++++++++++++++-----
 .../owasp/esapi/reference/ValidatorTest.java  | 20 ++++++++++++++++
 src/test/resources/urisForTest.txt            |  1 +
 4 files changed, 40 insertions(+), 6 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/Validator.java b/src/main/java/org/owasp/esapi/Validator.java
index 00d950d82..7db159d94 100644
--- a/src/main/java/org/owasp/esapi/Validator.java
+++ b/src/main/java/org/owasp/esapi/Validator.java
@@ -694,6 +694,8 @@ public interface Validator {
 	 * the kind of regex required for subsequent validation to mitigate regex-based 
 	 * DoS attacks.  
 	 * 
+	 * @see <a href="https://www.ietf.org/rfc/rfc3986.txt">https://www.ietf.org/rfc/rfc3986.txt</a>
+	 * 
  	 *	@param context
 	 *  		A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
 	 *  @param input
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultValidator.java b/src/main/java/org/owasp/esapi/reference/DefaultValidator.java
index 8b830d56e..02595f5d2 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultValidator.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultValidator.java
@@ -66,6 +66,7 @@
  *
  * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a href="http://www.aspectsecurity.com">Aspect Security</a>
  * @author Jim Manico (jim@manico.net) <a href="http://www.manico.net">Manico.net</a>
+ * @author Matt Seil (mseil .at. acm.org) 
  *
  * @since June 1, 2007
  * @see org.owasp.esapi.Validator
@@ -1208,14 +1209,15 @@ private final boolean isEmpty(char[] input) {
 	 */
 	public boolean isValidURI(String context, String input, boolean allowNull) {
 		boolean isValid = false;
-		URI compliantURI = this.getRfcCompliantURI(input);
+		boolean inputIsNullOrEmpty = input == null || "".equals(input);
 		
 		try{
-			if(null != compliantURI){
+			URI compliantURI = null == input ? new URI("") :  this.getRfcCompliantURI(input);
+			if(null != compliantURI && input != null){
 				String canonicalizedURI = getCanonicalizedURI(compliantURI);
 				//if getCanonicalizedURI doesn't throw an IntrusionException, then the URI contains no mixed or 
 				//double-encoding attacks.  
-				logger.info(Logger.SECURITY_SUCCESS, "We did not detect any mixed or multiple encoding in the uri:[" + input + "]");
+				logger.debug(Logger.SECURITY_SUCCESS, "We did not detect any mixed or multiple encoding in the uri:[" + input + "]");
 				Validator v = ESAPI.validator();
 				//This part will use the regex from validation.properties.  This regex should be super-simple, and 
 				//used mainly to restrict certain parts of a URL.  
@@ -1224,11 +1226,17 @@ public boolean isValidURI(String context, String input, boolean allowNull) {
 				//and if the URI has any queries that also happen to match HTML entities, like &para;
 				//it will cease conforming to the regex we now specify for a URL.
 				isValid = p.matcher(canonicalizedURI).matches();
+			}else{
+				if(allowNull && inputIsNullOrEmpty ){
+					isValid = true;
+				}
 			}
 			
 		}catch (IntrusionException e){
 			logger.error(Logger.SECURITY_FAILURE, e.getMessage());
 			isValid = false;
+		} catch (URISyntaxException e) {
+			logger.error(Logger.EVENT_FAILURE, e.getMessage());
 		}
 		
 		
@@ -1249,11 +1257,14 @@ public URI getRfcCompliantURI(String input){
 	}
 	
 	/**
-	 * This does alot.  This will extract each piece of a URI according to parse zone, and it will construct 
-	 * a canonicalized String representing a version of the URI that is safe to run regex against to it. 
+	 * {@inheritDoc}
+	 * 
+	 * This will extract each piece of a URI according to parse zone as specified in <a href="https://www.ietf.org/rfc/rfc3986.txt">RFC-3986</a> section 3, 
+	 * and it will construct a canonicalized String representing a version of the URI that is safe to 
+	 * run regex against. 
 	 * 
 	 * @param dirtyUri
-	 * @return
+	 * @return Canonicalized URI string.
 	 * @throws IntrusionException
 	 */
 	public String getCanonicalizedURI(URI dirtyUri) throws IntrusionException{
diff --git a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
index d2ce97256..614d25f1f 100644
--- a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
+++ b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
@@ -1156,6 +1156,12 @@ public void testGetValidUri(){
     	assertFalse(v.isValidURI("test", "http://core-jenkins.scansafe.cisco.com/佐贺诺伦-^ńörén.jpg", false));
     }
     
+    public void testGetValidUriNullInput(){
+    	Validator v = ESAPI.validator();
+    	boolean isValid = v.isValidURI("test", null, true);
+    	assertTrue(isValid);
+    }
+    
     public void testGetCanonicalizedUri() throws Exception {
     	Validator v = ESAPI.validator();
     	
@@ -1169,5 +1175,19 @@ public void testGetCanonicalizedUri() throws Exception {
     	assertEquals(expectedUri, v.getCanonicalizedURI(uri));
     	
     }
+    
+    public void testGetCanonicalizedUriWithMailto() throws Exception {
+    	Validator v = ESAPI.validator();
+    	
+    	String expectedUri = "http://palpatine@foo bar.com/path_to/resource?foo=bar#frag";
+    	//Please note that section 3.2.1 of RFC-3986 explicitly states not to encode
+    	//password information as in http://palpatine:password@foo.com, and this will
+    	//not appear in the userinfo field.  
+    	String input = "http://palpatine@foo%20bar.com/path_to/resource?foo=bar#frag";
+    	URI uri = new URI(input);
+    	System.out.println(uri.toString());
+    	assertEquals(expectedUri, v.getCanonicalizedURI(uri));
+    	
+    }
 }
 
diff --git a/src/test/resources/urisForTest.txt b/src/test/resources/urisForTest.txt
index 2f28b60a1..43f795e3d 100644
--- a/src/test/resources/urisForTest.txt
+++ b/src/test/resources/urisForTest.txt
@@ -1,3 +1,4 @@
+#Format is URI,Expected test value
 https://127.0.0.1:8080/foo/bar,TRUE
 http://shareasale.com:8080/sem/fusce.xml?sed=sodales&tristique=scelerisque,TRUE
 http://shareasale.com/sem/fusce.xml?sed=sodales&tristique=scelerisque,TRUE

From c126de7b24c5a72008433f87162eb1a19eb7ce70 Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Sat, 17 Jun 2017 14:41:28 -0700
Subject: [PATCH 402/812] Issue #376 -- Addressed Kevin Wall's CR comment
 regarding the deprecated Security Configuration issue.

---
 .../java/org/owasp/esapi/reference/DefaultValidator.java    | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/DefaultValidator.java b/src/main/java/org/owasp/esapi/reference/DefaultValidator.java
index 02595f5d2..0c29ba579 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultValidator.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultValidator.java
@@ -1307,10 +1307,8 @@ public String getCanonicalizedURI(URI dirtyUri) throws IntrusionException{
 		Set<UriSegment> set = parseMap.keySet();
 		
 		SecurityConfiguration sg = ESAPI.securityConfiguration();
-//		boolean restrictMixed = sg.getBooleanProp("AllowMixedEncoding");
-//		boolean restrictMultiple = sg.getBooleanProp("AllowMultipleEncoding");
-		boolean allowMixed = sg.getAllowMixedEncoding();
-		boolean allowMultiple = sg.getAllowMultipleEncoding();
+		boolean allowMixed = sg.getBooleanProp("Encoder.AllowMixedEncoding");
+		boolean allowMultiple = sg.getBooleanProp("Encoder.AllowMultipleEncoding");
 		for(UriSegment seg: set){
 			String value = encoder.canonicalize(parseMap.get(seg), allowMultiple, allowMixed);
 			value = value == null ? "" : value;

From 4ef0a497e1aa75c74e4e2e9476255b6f25f52181 Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Sun, 18 Jun 2017 15:22:31 -0700
Subject: [PATCH 403/812] Issue 376 -- Added missed null check on regex
 pattern.

---
 .../org/owasp/esapi/reference/DefaultValidator.java  | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/DefaultValidator.java b/src/main/java/org/owasp/esapi/reference/DefaultValidator.java
index 0c29ba579..9b5197824 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultValidator.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultValidator.java
@@ -1222,10 +1222,14 @@ public boolean isValidURI(String context, String input, boolean allowNull) {
 				//This part will use the regex from validation.properties.  This regex should be super-simple, and 
 				//used mainly to restrict certain parts of a URL.  
 				Pattern p = ESAPI.securityConfiguration().getValidationPattern( "URL" );
-				//We're doing this instead of using the normal validator API, because it will canonicalize the input again
-				//and if the URI has any queries that also happen to match HTML entities, like &para;
-				//it will cease conforming to the regex we now specify for a URL.
-				isValid = p.matcher(canonicalizedURI).matches();
+				if(p != null){
+					//We're doing this instead of using the normal validator API, because it will canonicalize the input again
+					//and if the URI has any queries that also happen to match HTML entities, like &para;
+					//it will cease conforming to the regex we now specify for a URL.
+					isValid = p.matcher(canonicalizedURI).matches();
+				}else{
+					logger.error(Logger.EVENT_FAILURE, "Invalid regex pulled from configuration.  Check the regex for URL and correct.");
+				}
 			}else{
 				if(allowNull && inputIsNullOrEmpty ){
 					isValid = true;

From 1895c821231d6cab8e9c529ae17873177a14e577 Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Sun, 18 Jun 2017 15:29:03 -0700
Subject: [PATCH 404/812] Issue #376 -- Addressed comment about the RFC-3986
 link.

---
 src/main/java/org/owasp/esapi/Validator.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/org/owasp/esapi/Validator.java b/src/main/java/org/owasp/esapi/Validator.java
index 7db159d94..c01dae247 100644
--- a/src/main/java/org/owasp/esapi/Validator.java
+++ b/src/main/java/org/owasp/esapi/Validator.java
@@ -694,7 +694,7 @@ public interface Validator {
 	 * the kind of regex required for subsequent validation to mitigate regex-based 
 	 * DoS attacks.  
 	 * 
-	 * @see <a href="https://www.ietf.org/rfc/rfc3986.txt">https://www.ietf.org/rfc/rfc3986.txt</a>
+	 * @see <a href="https://www.ietf.org/rfc/rfc3986.txt">RFC-3986.</a>
 	 * 
  	 *	@param context
 	 *  		A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.

From 8e3b5736b2bc05a1d11c9d0054404ff76a718db1 Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Sun, 18 Jun 2017 15:49:54 -0700
Subject: [PATCH 405/812] Issue 316 -- updated code to account for httpOnly and
 Secure ccookie options.

---
 .../owasp/esapi/reference/DefaultHTTPUtilities.java  | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java b/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java
index 3c460c872..659e1cc4e 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java
@@ -41,6 +41,7 @@
 import org.owasp.esapi.ESAPI;
 import org.owasp.esapi.HTTPUtilities;
 import org.owasp.esapi.Logger;
+import org.owasp.esapi.SecurityConfiguration;
 import org.owasp.esapi.StringUtilities;
 import org.owasp.esapi.User;
 import org.owasp.esapi.ValidationErrorList;
@@ -929,6 +930,9 @@ public String setRememberToken( HttpServletRequest request, HttpServletResponse
 			String clearToken = user.getAccountName() + "|" + password;
 			long expiry = ESAPI.encryptor().getRelativeTimeStamp(maxAge * 1000);
 			String cryptToken = ESAPI.encryptor().seal(clearToken, expiry);
+			SecurityConfiguration sg = ESAPI.securityConfiguration();
+			boolean forceSecureCookies = sg.getBooleanProp("HttpUtilities.ForceSecureCookies");
+			boolean forceHttpOnly = sg.getBooleanProp("HttpUtilities.ForceHttpOnlyCookies");
 
             // Do NOT URLEncode cryptToken before creating cookie. See Google Issue # 144,
 			// which was marked as "WontFix".
@@ -937,6 +941,8 @@ public String setRememberToken( HttpServletRequest request, HttpServletResponse
 			cookie.setMaxAge( maxAge );
 			cookie.setDomain( domain );
 			cookie.setPath( path );
+			cookie.setHttpOnly(forceHttpOnly);
+			cookie.setSecure(forceSecureCookies);
 			response.addCookie( cookie );
 			logger.info(Logger.SECURITY_SUCCESS, "Enabled remember me token for " + user.getAccountName() );
 			return cryptToken;
@@ -957,7 +963,9 @@ public String setRememberToken(HttpServletRequest request, HttpServletResponse r
 			String clearToken = user.getAccountName();
 			long expiry = ESAPI.encryptor().getRelativeTimeStamp(maxAge * 1000);
 			String cryptToken = ESAPI.encryptor().seal(clearToken, expiry);
-
+			SecurityConfiguration sg = ESAPI.securityConfiguration();
+			boolean forceSecureCookies = sg.getBooleanProp("HttpUtilities.ForceSecureCookies");
+			boolean forceHttpOnly = sg.getBooleanProp("HttpUtilities.ForceHttpOnlyCookies");
             // Do NOT URLEncode cryptToken before creating cookie. See Google Issue # 144,
 			// which was marked as "WontFix".
 
@@ -965,6 +973,8 @@ public String setRememberToken(HttpServletRequest request, HttpServletResponse r
 			cookie.setMaxAge( maxAge );
 			cookie.setDomain( domain );
 			cookie.setPath( path );
+			cookie.setHttpOnly(forceHttpOnly);
+			cookie.setSecure(forceSecureCookies);
 			response.addCookie( cookie );
 			logger.info(Logger.SECURITY_SUCCESS, "Enabled remember me token for " + user.getAccountName() );
 		} catch( IntegrityException e){

From 22663ed9ab5f17ddebe28e22d6ecaf6223763e21 Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Sun, 18 Jun 2017 16:22:19 -0700
Subject: [PATCH 406/812] Issue 291 -- Closed due to Issue #376 resolving the
 original problem.

---
 src/test/resources/urisForTest.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/test/resources/urisForTest.txt b/src/test/resources/urisForTest.txt
index 43f795e3d..df34cbc8e 100644
--- a/src/test/resources/urisForTest.txt
+++ b/src/test/resources/urisForTest.txt
@@ -1,4 +1,5 @@
 #Format is URI,Expected test value
+http://www.google.com?connectid=68470072-44c2-417b-822b-d945dc0364f4&request=GetFeature&service=wfs&version=1.1.0&typeName=DigitalGlobe%3AFinishedFeature&bbox=37.5%2C41.5%2C37.8%2C41.7&PROPERTYNAME=source%2CsourceUnit%2CproductType,FALSE
 https://127.0.0.1:8080/foo/bar,TRUE
 http://shareasale.com:8080/sem/fusce.xml?sed=sodales&tristique=scelerisque,TRUE
 http://shareasale.com/sem/fusce.xml?sed=sodales&tristique=scelerisque,TRUE

From e5ebcab94a60ecf8a9c513ac61d8e99ac91b74f5 Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Sun, 18 Jun 2017 16:42:05 -0700
Subject: [PATCH 407/812] Issue #394 -- Refactor the URI canonicalization into
 the Encoder class.

---
 src/main/java/org/owasp/esapi/Encoder.java    |  12 ++
 src/main/java/org/owasp/esapi/Validator.java  |  11 --
 .../owasp/esapi/reference/DefaultEncoder.java | 154 ++++++++++++++++++
 .../esapi/reference/DefaultValidator.java     | 150 +----------------
 .../owasp/esapi/reference/EncoderTest.java    |  28 ++++
 .../owasp/esapi/reference/ValidatorTest.java  |  28 ----
 6 files changed, 196 insertions(+), 187 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/Encoder.java b/src/main/java/org/owasp/esapi/Encoder.java
index 2d2bfb7b9..cf83c472c 100644
--- a/src/main/java/org/owasp/esapi/Encoder.java
+++ b/src/main/java/org/owasp/esapi/Encoder.java
@@ -16,6 +16,7 @@
 package org.owasp.esapi;
 
 import java.io.IOException;
+import java.net.URI;
 
 import org.owasp.esapi.codecs.Codec;
 import org.owasp.esapi.errors.EncodingException;
@@ -513,4 +514,15 @@ public interface Encoder {
 	 */
 	byte[] decodeFromBase64(String input) throws IOException;
 
+	/**
+	 * 
+	 * Get a version of the input URI that will be safe to run regex and other validations against.  
+	 * It is not recommended to persist this value as it will transform user input.  This method 
+	 * will not test to see if the URI is RFC-3986 compliant.
+	 * 
+	 * @param input
+	 * @return
+	 */
+	public String getCanonicalizedURI(URI dirtyUri);
+
 }
diff --git a/src/main/java/org/owasp/esapi/Validator.java b/src/main/java/org/owasp/esapi/Validator.java
index c01dae247..12c87ea15 100644
--- a/src/main/java/org/owasp/esapi/Validator.java
+++ b/src/main/java/org/owasp/esapi/Validator.java
@@ -708,17 +708,6 @@ public interface Validator {
 	 */
 	boolean isValidURI(String context, String input, boolean allowNull);
 
-	/**
-	 * 
-	 * Get a version of the input URI that will be safe to run regex and other validations against.  
-	 * It is not recommended to persist this value as it will transform user input.  This method 
-	 * will not test to see if the URI is RFC-3986 compliant.
-	 * 
-	 * @param input
-	 * @return
-	 */
-	public String getCanonicalizedURI(URI dirtyUri);
-	
 	/**
 	 * Will return a {@code URI} object that will represent a fully parsed and legal URI
 	 * as specified in RFC-3986.  
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultEncoder.java b/src/main/java/org/owasp/esapi/reference/DefaultEncoder.java
index c40c0d60b..c24fac4b5 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultEncoder.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultEncoder.java
@@ -17,15 +17,23 @@
 
 import java.io.IOException;
 import java.io.UnsupportedEncodingException;
+import java.net.URI;
 import java.net.URLDecoder;
 import java.net.URLEncoder;
 import java.util.ArrayList;
+import java.util.EnumMap;
 import java.util.Iterator;
+import java.util.LinkedHashMap;
+import java.util.LinkedList;
 import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+import java.util.Set;
 
 import org.owasp.esapi.ESAPI;
 import org.owasp.esapi.Encoder;
 import org.owasp.esapi.Logger;
+import org.owasp.esapi.SecurityConfiguration;
 import org.owasp.esapi.codecs.Base64;
 import org.owasp.esapi.codecs.CSSCodec;
 import org.owasp.esapi.codecs.Codec;
@@ -445,4 +453,150 @@ public byte[] decodeFromBase64(String input) throws IOException {
 		}
 		return Base64.decode( input );
 	}
+	
+	/**
+	 * {@inheritDoc}
+	 * 
+	 * This will extract each piece of a URI according to parse zone as specified in <a href="https://www.ietf.org/rfc/rfc3986.txt">RFC-3986</a> section 3, 
+	 * and it will construct a canonicalized String representing a version of the URI that is safe to 
+	 * run regex against. 
+	 * 
+	 * @param dirtyUri
+	 * @return Canonicalized URI string.
+	 * @throws IntrusionException
+	 */
+	public String getCanonicalizedURI(URI dirtyUri) throws IntrusionException{
+		
+//		From RFC-3986 section 3		
+//	      URI         = scheme ":" hier-part [ "?" query ] [ "#" fragment ]
+//
+//	    	      hier-part   = "//" authority path-abempty
+//	    	                  / path-absolute
+//	    	                  / path-rootless
+//	    	                  / path-empty
+		
+//		   The following are two example URIs and their component parts:
+//
+//		         foo://example.com:8042/over/there?name=ferret#nose
+//		         \_/   \______________/\_________/ \_________/ \__/
+//		          |           |            |            |        |
+//		       scheme     authority       path        query   fragment
+//		          |   _____________________|__
+//		         / \ /                        \
+//		         urn:example:animal:ferret:nose
+		Map<UriSegment, String> parseMap = new EnumMap<UriSegment, String>(UriSegment.class);
+		parseMap.put(UriSegment.SCHEME, dirtyUri.getScheme());
+		//authority   = [ userinfo "@" ] host [ ":" port ]
+		parseMap.put(UriSegment.AUTHORITY, dirtyUri.getRawAuthority());
+		parseMap.put(UriSegment.SCHEMSPECIFICPART, dirtyUri.getRawSchemeSpecificPart());
+		parseMap.put(UriSegment.HOST, dirtyUri.getHost());
+		//if port is undefined, it will return -1
+		Integer port = new Integer(dirtyUri.getPort());
+		parseMap.put(UriSegment.PORT, port == -1 ? "": port.toString());
+		parseMap.put(UriSegment.PATH, dirtyUri.getRawPath());
+		parseMap.put(UriSegment.QUERY, dirtyUri.getRawQuery());
+		parseMap.put(UriSegment.FRAGMENT, dirtyUri.getRawFragment());
+		
+		//Now we canonicalize each part and build our string.  
+		StringBuilder sb = new StringBuilder();
+		
+		//Replace all the items in the map with canonicalized versions.
+		
+		Set<UriSegment> set = parseMap.keySet();
+		
+		SecurityConfiguration sg = ESAPI.securityConfiguration();
+		boolean allowMixed = sg.getBooleanProp("Encoder.AllowMixedEncoding");
+		boolean allowMultiple = sg.getBooleanProp("Encoder.AllowMultipleEncoding");
+		for(UriSegment seg: set){
+			String value = canonicalize(parseMap.get(seg), allowMultiple, allowMixed);
+			value = value == null ? "" : value;
+			//In the case of a uri query, we need to break up and canonicalize the internal parts of the query.
+			if(seg == UriSegment.QUERY && null != parseMap.get(seg)){
+				StringBuilder qBuilder = new StringBuilder();
+				try {
+					Map<String, List<String>> canonicalizedMap = this.splitQuery(dirtyUri);
+					Set<Entry<String, List<String>>> query = canonicalizedMap.entrySet();
+					Iterator<Entry<String, List<String>>> i = query.iterator();
+					while(i.hasNext()){
+						Entry<String, List<String>> e = i.next(); 
+						String key = (String) e.getKey();
+						String qVal = "";
+						List<String> list = (List<String>) e.getValue();
+						if(!list.isEmpty()){
+							qVal = list.get(0);
+						}
+						qBuilder.append(key)
+						.append("=")
+						.append(qVal);
+						
+						if(i.hasNext()){
+							qBuilder.append("&");
+						}
+					}
+					value = qBuilder.toString();
+				} catch (UnsupportedEncodingException e) {
+					logger.debug(Logger.EVENT_FAILURE, "decoding error when parsing [" + dirtyUri.toString() + "]");
+				}
+			}
+			//Check if the port is -1, if it is, omit it from the output.
+			if(seg == UriSegment.PORT){
+				if("-1" == parseMap.get(seg)){
+					value = "";
+				}
+			}
+			parseMap.put(seg, value );
+		}
+		
+		return buildUrl(parseMap);
+	}
+	
+	/**
+	 * All the parts should be canonicalized by this point.  This is straightforward assembly.  
+	 * 
+	 * @param set
+	 * @return
+	 */
+	protected String buildUrl(Map<UriSegment, String> parseMap){
+		StringBuilder sb = new StringBuilder();
+		sb.append(parseMap.get(UriSegment.SCHEME))
+		.append("://")
+		//can't use SCHEMESPECIFICPART for this, because we need to canonicalize all the parts of the query.
+		//USERINFO is also deprecated.  So we technically have more than we need.  
+		.append(parseMap.get(UriSegment.AUTHORITY) == null || parseMap.get(UriSegment.AUTHORITY).equals("") ? "" : parseMap.get(UriSegment.AUTHORITY))
+		.append(parseMap.get(UriSegment.PATH) == null || parseMap.get(UriSegment.PATH).equals("") ? ""  : parseMap.get(UriSegment.PATH))
+		.append(parseMap.get(UriSegment.QUERY) == null || parseMap.get(UriSegment.QUERY).equals("") 
+				? "" : "?" + parseMap.get(UriSegment.QUERY))
+		.append((parseMap.get(UriSegment.FRAGMENT) == null) || parseMap.get(UriSegment.FRAGMENT).equals("")
+				? "": "#" + parseMap.get(UriSegment.FRAGMENT))
+		;
+		return sb.toString();
+	}
+	
+	public enum UriSegment {
+		AUTHORITY, SCHEME, SCHEMSPECIFICPART, USERINFO, HOST, PORT, PATH, QUERY, FRAGMENT
+	}
+	
+	
+	/**
+	 * The meat of this method was taken from StackOverflow:  http://stackoverflow.com/a/13592567/557153
+	 * It has been modified to return a canonicalized key and value pairing.  
+	 * 
+	 * @param java URI
+	 * @return a map of canonicalized query parameters.  
+	 * @throws UnsupportedEncodingException
+	 */
+	public Map<String, List<String>> splitQuery(URI uri) throws UnsupportedEncodingException {
+	  final Map<String, List<String>> query_pairs = new LinkedHashMap<String, List<String>>();
+	  final String[] pairs = uri.getQuery().split("&");
+	  for (String pair : pairs) {
+	    final int idx = pair.indexOf("=");
+	    final String key = idx > 0 ? canonicalize(pair.substring(0, idx)) : pair;
+	    if (!query_pairs.containsKey(key)) {
+	      query_pairs.put(key, new LinkedList<String>());
+	    }
+	    final String value = idx > 0 && pair.length() > idx + 1 ? URLDecoder.decode(pair.substring(idx + 1), "UTF-8") : null;
+	    query_pairs.get(key).add(canonicalize(value));
+	  }
+	  return query_pairs;
+	}
 }
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultValidator.java b/src/main/java/org/owasp/esapi/reference/DefaultValidator.java
index 9b5197824..7b45f1d26 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultValidator.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultValidator.java
@@ -1210,11 +1210,11 @@ private final boolean isEmpty(char[] input) {
 	public boolean isValidURI(String context, String input, boolean allowNull) {
 		boolean isValid = false;
 		boolean inputIsNullOrEmpty = input == null || "".equals(input);
-		
+		Encoder encoder = ESAPI.encoder();
 		try{
 			URI compliantURI = null == input ? new URI("") :  this.getRfcCompliantURI(input);
 			if(null != compliantURI && input != null){
-				String canonicalizedURI = getCanonicalizedURI(compliantURI);
+				String canonicalizedURI = encoder.getCanonicalizedURI(compliantURI);
 				//if getCanonicalizedURI doesn't throw an IntrusionException, then the URI contains no mixed or 
 				//double-encoding attacks.  
 				logger.debug(Logger.SECURITY_SUCCESS, "We did not detect any mixed or multiple encoding in the uri:[" + input + "]");
@@ -1259,150 +1259,4 @@ public URI getRfcCompliantURI(String input){
 		}
 		return rval;
 	}
-	
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * This will extract each piece of a URI according to parse zone as specified in <a href="https://www.ietf.org/rfc/rfc3986.txt">RFC-3986</a> section 3, 
-	 * and it will construct a canonicalized String representing a version of the URI that is safe to 
-	 * run regex against. 
-	 * 
-	 * @param dirtyUri
-	 * @return Canonicalized URI string.
-	 * @throws IntrusionException
-	 */
-	public String getCanonicalizedURI(URI dirtyUri) throws IntrusionException{
-		
-//		From RFC-3986 section 3		
-//	      URI         = scheme ":" hier-part [ "?" query ] [ "#" fragment ]
-//
-//	    	      hier-part   = "//" authority path-abempty
-//	    	                  / path-absolute
-//	    	                  / path-rootless
-//	    	                  / path-empty
-		
-//		   The following are two example URIs and their component parts:
-//
-//		         foo://example.com:8042/over/there?name=ferret#nose
-//		         \_/   \______________/\_________/ \_________/ \__/
-//		          |           |            |            |        |
-//		       scheme     authority       path        query   fragment
-//		          |   _____________________|__
-//		         / \ /                        \
-//		         urn:example:animal:ferret:nose
-		Map<UriSegment, String> parseMap = new EnumMap<UriSegment, String>(UriSegment.class);
-		parseMap.put(UriSegment.SCHEME, dirtyUri.getScheme());
-		//authority   = [ userinfo "@" ] host [ ":" port ]
-		parseMap.put(UriSegment.AUTHORITY, dirtyUri.getRawAuthority());
-		parseMap.put(UriSegment.SCHEMSPECIFICPART, dirtyUri.getRawSchemeSpecificPart());
-		parseMap.put(UriSegment.HOST, dirtyUri.getHost());
-		//if port is undefined, it will return -1
-		Integer port = new Integer(dirtyUri.getPort());
-		parseMap.put(UriSegment.PORT, port == -1 ? "": port.toString());
-		parseMap.put(UriSegment.PATH, dirtyUri.getRawPath());
-		parseMap.put(UriSegment.QUERY, dirtyUri.getRawQuery());
-		parseMap.put(UriSegment.FRAGMENT, dirtyUri.getRawFragment());
-		
-		//Now we canonicalize each part and build our string.  
-		StringBuilder sb = new StringBuilder();
-		
-		//Replace all the items in the map with canonicalized versions.
-		
-		Set<UriSegment> set = parseMap.keySet();
-		
-		SecurityConfiguration sg = ESAPI.securityConfiguration();
-		boolean allowMixed = sg.getBooleanProp("Encoder.AllowMixedEncoding");
-		boolean allowMultiple = sg.getBooleanProp("Encoder.AllowMultipleEncoding");
-		for(UriSegment seg: set){
-			String value = encoder.canonicalize(parseMap.get(seg), allowMultiple, allowMixed);
-			value = value == null ? "" : value;
-			//In the case of a uri query, we need to break up and canonicalize the internal parts of the query.
-			if(seg == UriSegment.QUERY && null != parseMap.get(seg)){
-				StringBuilder qBuilder = new StringBuilder();
-				try {
-					Map<String, List<String>> canonicalizedMap = this.splitQuery(dirtyUri);
-					Set<Entry<String, List<String>>> query = canonicalizedMap.entrySet();
-					Iterator<Entry<String, List<String>>> i = query.iterator();
-					while(i.hasNext()){
-						Entry<String, List<String>> e = i.next(); 
-						String key = (String) e.getKey();
-						String qVal = "";
-						List<String> list = (List<String>) e.getValue();
-						if(!list.isEmpty()){
-							qVal = list.get(0);
-						}
-						qBuilder.append(key)
-						.append("=")
-						.append(qVal);
-						
-						if(i.hasNext()){
-							qBuilder.append("&");
-						}
-					}
-					value = qBuilder.toString();
-				} catch (UnsupportedEncodingException e) {
-					logger.debug(Logger.EVENT_FAILURE, "decoding error when parsing [" + dirtyUri.toString() + "]");
-				}
-			}
-			//Check if the port is -1, if it is, omit it from the output.
-			if(seg == UriSegment.PORT){
-				if("-1" == parseMap.get(seg)){
-					value = "";
-				}
-			}
-			parseMap.put(seg, value );
-		}
-		
-		return buildUrl(parseMap);
-	}
-	
-/**
- * The meat of this method was taken from StackOverflow:  http://stackoverflow.com/a/13592567/557153
- * It has been modified to return a canonicalized key and value pairing.  
- * 
- * @param java URI
- * @return a map of canonicalized query parameters.  
- * @throws UnsupportedEncodingException
- */
-	public Map<String, List<String>> splitQuery(URI uri) throws UnsupportedEncodingException {
-	  final Map<String, List<String>> query_pairs = new LinkedHashMap<String, List<String>>();
-	  final String[] pairs = uri.getQuery().split("&");
-	  for (String pair : pairs) {
-	    final int idx = pair.indexOf("=");
-	    final String key = idx > 0 ? encoder.canonicalize(pair.substring(0, idx)) : pair;
-	    if (!query_pairs.containsKey(key)) {
-	      query_pairs.put(key, new LinkedList<String>());
-	    }
-	    final String value = idx > 0 && pair.length() > idx + 1 ? URLDecoder.decode(pair.substring(idx + 1), "UTF-8") : null;
-	    query_pairs.get(key).add(encoder.canonicalize(value));
-	  }
-	  return query_pairs;
-	}
-	
-	public enum UriSegment {
-		AUTHORITY, SCHEME, SCHEMSPECIFICPART, USERINFO, HOST, PORT, PATH, QUERY, FRAGMENT
-	}
-	
-	/**
-	 * All the parts should be canonicalized by this point.  This is straightforward assembly.  
-	 * 
-	 * @param set
-	 * @return
-	 */
-	protected String buildUrl(Map<UriSegment, String> parseMap){
-		StringBuilder sb = new StringBuilder();
-		sb.append(parseMap.get(UriSegment.SCHEME))
-		.append("://")
-		//can't use SCHEMESPECIFICPART for this, because we need to canonicalize all the parts of the query.
-		//USERINFO is also deprecated.  So we technically have more than we need.  
-		.append(parseMap.get(UriSegment.AUTHORITY) == null || parseMap.get(UriSegment.AUTHORITY).equals("") ? "" : parseMap.get(UriSegment.AUTHORITY))
-		.append(parseMap.get(UriSegment.PATH) == null || parseMap.get(UriSegment.PATH).equals("") ? ""  : parseMap.get(UriSegment.PATH))
-		.append(parseMap.get(UriSegment.QUERY) == null || parseMap.get(UriSegment.QUERY).equals("") 
-				? "" : "?" + parseMap.get(UriSegment.QUERY))
-		.append((parseMap.get(UriSegment.FRAGMENT) == null) || parseMap.get(UriSegment.FRAGMENT).equals("")
-				? "": "#" + parseMap.get(UriSegment.FRAGMENT))
-		;
-		return sb.toString();
-	}
-	
 }
diff --git a/src/test/java/org/owasp/esapi/reference/EncoderTest.java b/src/test/java/org/owasp/esapi/reference/EncoderTest.java
index bc2e1afde..e7979af4c 100644
--- a/src/test/java/org/owasp/esapi/reference/EncoderTest.java
+++ b/src/test/java/org/owasp/esapi/reference/EncoderTest.java
@@ -17,6 +17,7 @@
 
 import java.io.IOException;
 import java.io.UnsupportedEncodingException;
+import java.net.URI;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.io.ByteArrayOutputStream;
@@ -854,5 +855,32 @@ public String javaScriptEncode(String str) {
 		}
     }
     
+    public void testGetCanonicalizedUri() throws Exception {
+    	Encoder e = ESAPI.encoder();
+    	
+    	String expectedUri = "http://palpatine@foo bar.com/path_to/resource?foo=bar#frag";
+    	//Please note that section 3.2.1 of RFC-3986 explicitly states not to encode
+    	//password information as in http://palpatine:password@foo.com, and this will
+    	//not appear in the userinfo field.  
+    	String input = "http://palpatine@foo%20bar.com/path_to/resource?foo=bar#frag";
+    	URI uri = new URI(input);
+    	System.out.println(uri.toString());
+    	assertEquals(expectedUri, e.getCanonicalizedURI(uri));
+    	
+    }
+    
+    public void testGetCanonicalizedUriWithMailto() throws Exception {
+    	Encoder e = ESAPI.encoder();
+    	
+    	String expectedUri = "http://palpatine@foo bar.com/path_to/resource?foo=bar#frag";
+    	//Please note that section 3.2.1 of RFC-3986 explicitly states not to encode
+    	//password information as in http://palpatine:password@foo.com, and this will
+    	//not appear in the userinfo field.  
+    	String input = "http://palpatine@foo%20bar.com/path_to/resource?foo=bar#frag";
+    	URI uri = new URI(input);
+    	System.out.println(uri.toString());
+    	assertEquals(expectedUri, e.getCanonicalizedURI(uri));
+    	
+    }
 }
 
diff --git a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
index 614d25f1f..7df1227b0 100644
--- a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
+++ b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
@@ -1161,33 +1161,5 @@ public void testGetValidUriNullInput(){
     	boolean isValid = v.isValidURI("test", null, true);
     	assertTrue(isValid);
     }
-    
-    public void testGetCanonicalizedUri() throws Exception {
-    	Validator v = ESAPI.validator();
-    	
-    	String expectedUri = "http://palpatine@foo bar.com/path_to/resource?foo=bar#frag";
-    	//Please note that section 3.2.1 of RFC-3986 explicitly states not to encode
-    	//password information as in http://palpatine:password@foo.com, and this will
-    	//not appear in the userinfo field.  
-    	String input = "http://palpatine@foo%20bar.com/path_to/resource?foo=bar#frag";
-    	URI uri = new URI(input);
-    	System.out.println(uri.toString());
-    	assertEquals(expectedUri, v.getCanonicalizedURI(uri));
-    	
-    }
-    
-    public void testGetCanonicalizedUriWithMailto() throws Exception {
-    	Validator v = ESAPI.validator();
-    	
-    	String expectedUri = "http://palpatine@foo bar.com/path_to/resource?foo=bar#frag";
-    	//Please note that section 3.2.1 of RFC-3986 explicitly states not to encode
-    	//password information as in http://palpatine:password@foo.com, and this will
-    	//not appear in the userinfo field.  
-    	String input = "http://palpatine@foo%20bar.com/path_to/resource?foo=bar#frag";
-    	URI uri = new URI(input);
-    	System.out.println(uri.toString());
-    	assertEquals(expectedUri, v.getCanonicalizedURI(uri));
-    	
-    }
 }
 

From c97f70735b30b41cf4f6147b4893acf3d61795c8 Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Sat, 1 Jul 2017 12:26:02 -0700
Subject: [PATCH 408/812] Issue #397 -- Restore search directory to maintain
 legacy search behavior.

---
 .../DefaultSecurityConfiguration.java         | 33 ++++++++++++++-----
 1 file changed, 25 insertions(+), 8 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
index 22b0f2067..1d59f2b24 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
@@ -15,6 +15,23 @@
  */
 package org.owasp.esapi.reference;
 
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URL;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+import java.util.regex.Pattern;
+import java.util.regex.PatternSyntaxException;
+
 import org.apache.commons.lang.text.StrTokenizer;
 import org.owasp.esapi.ESAPI;
 import org.owasp.esapi.Logger;
@@ -22,12 +39,6 @@
 import org.owasp.esapi.configuration.EsapiPropertyManager;
 import org.owasp.esapi.errors.ConfigurationException;
 
-import java.io.*;
-import java.net.URL;
-import java.util.*;
-import java.util.regex.Pattern;
-import java.util.regex.PatternSyntaxException;
-
 /**
  * The reference {@code SecurityConfiguration} manages all the settings used by the ESAPI in a single place. In this reference
  * implementation, resources can be put in several locations, which are searched in the following order:
@@ -653,8 +664,14 @@ private Properties loadConfigurationFromClasspath(String fileName) throws Illega
 					
 					// try resources folder
 					if (in == null) {
-						currentClasspathSearchLocation = "src/main/resources/";
-						in = currentLoader.getResourceAsStream("src/main/resources/" + fileName);
+						currentClasspathSearchLocation = "resources/";
+						in = currentLoader.getResourceAsStream("resources/" + fileName);
+					}
+					
+					// try src/main/resources folder
+					if (in == null) {
+						currentClasspathSearchLocation = "resources/";
+						in = currentLoader.getResourceAsStream("resources/" + fileName);
 					}
 		
 					// now load the properties

From 26911a1da4577622c0f9f60f96004c5c25fc8988 Mon Sep 17 00:00:00 2001
From: JoelRabinovitch <joel.rabinovitch@tecsys.com>
Date: Mon, 3 Jul 2017 13:14:53 -0400
Subject: [PATCH 409/812] Issue #389 (#390)

* Issue #389

Overloaded the encodeForLDAP method to provide the option of not
encoding wildcard (*) characters.

This would be used when doing queries against an LDAP directory using
wildcards, while at the same time, encoding other potentially dangerous
characters.

* Issue #389

Renamed the escapeWildcards variable to encodeWildcards to be consistent
with the interface definition.
---
 src/main/java/org/owasp/esapi/Encoder.java    | 14 +++++-
 .../owasp/esapi/reference/DefaultEncoder.java | 45 +++++++++++--------
 .../owasp/esapi/reference/EncoderTest.java    | 14 +++++-
 3 files changed, 52 insertions(+), 21 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/Encoder.java b/src/main/java/org/owasp/esapi/Encoder.java
index 2d2bfb7b9..a1a850b62 100644
--- a/src/main/java/org/owasp/esapi/Encoder.java
+++ b/src/main/java/org/owasp/esapi/Encoder.java
@@ -369,7 +369,7 @@ public interface Encoder {
 	String encodeForOS(Codec codec, String input);
 
 	/**
-	 * Encode data for use in LDAP queries.
+	 * Encode data for use in LDAP queries. Wildcard (*) characters will be encoded.
 	 * 
 	 * @param input 
 	 * 		the text to encode for LDAP
@@ -378,6 +378,18 @@ public interface Encoder {
 	 */
 	String encodeForLDAP(String input);
 
+	/**
+	 * Encode data for use in LDAP queries. You have the option whether or not to encode wildcard (*) characters.
+	 * 
+	 * @param input 
+	 * 		the text to encode for LDAP
+	 * @param encodeWildcards 
+	 *      whether or not wildcard (*) characters will be encoded.
+     *
+	 * @return input encoded for use in LDAP
+	 */
+	String encodeForLDAP(String input, boolean encodeWildcards);
+	 
 	/**
 	 * Encode data for use in an LDAP distinguished name.
 	 * 
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultEncoder.java b/src/main/java/org/owasp/esapi/reference/DefaultEncoder.java
index c40c0d60b..3e0ea4f50 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultEncoder.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultEncoder.java
@@ -281,6 +281,13 @@ public String encodeForOS(Codec codec, String input) {
 	 * {@inheritDoc}
 	 */
 	public String encodeForLDAP(String input) {
+		return encodeForLDAP(input, true);
+	}
+	
+	/**
+	 * {@inheritDoc}
+	 */
+	public String encodeForLDAP(String input, boolean encodeWildcards) {
 	    if( input == null ) {
 	    	return null;	
 	    }
@@ -288,25 +295,25 @@ public String encodeForLDAP(String input) {
 	    StringBuilder sb = new StringBuilder();
 		for (int i = 0; i < input.length(); i++) {
 			char c = input.charAt(i);
-			switch (c) {
-			case '\\':
-				sb.append("\\5c");
-				break;
-			case '*':
-				sb.append("\\2a");
-				break;
-			case '(':
-				sb.append("\\28");
-				break;
-			case ')':
-				sb.append("\\29");
-				break;
-			case '\0':
-				sb.append("\\00");
-				break;
-			default:
-				sb.append(c);
-			}
+
+			if (c == '\\') {
+	            sb.append("\\5c");
+	        }
+	        else if ((c == '*') && encodeWildcards) {
+	            sb.append("\\2a");
+	        }
+	        else if (c == '(') {
+	            sb.append("\\28");
+	        }
+	        else if (c == ')') {
+	            sb.append("\\29");
+	        }
+	        else if (c == '\0') {
+	            sb.append("\\00");
+	        }
+	        else {
+	            sb.append(c);
+	        }
 		}
 		return sb.toString();
 	}
diff --git a/src/test/java/org/owasp/esapi/reference/EncoderTest.java b/src/test/java/org/owasp/esapi/reference/EncoderTest.java
index bc2e1afde..c4ebd900f 100644
--- a/src/test/java/org/owasp/esapi/reference/EncoderTest.java
+++ b/src/test/java/org/owasp/esapi/reference/EncoderTest.java
@@ -471,7 +471,19 @@ public void testEncodeForLDAP() {
     }
     
     /**
-	 * Test of encodeForLDAP method, of class org.owasp.esapi.Encoder.
+	 * Test of encodeForLDAP method with without encoding wildcard characters, of class org.owasp.esapi.Encoder.
+	 */
+    public void testEncodeForLDAPWithoutEncodingWildcards() {
+        System.out.println("encodeForLDAPWithoutEncodingWildcards");
+        Encoder instance = ESAPI.encoder();
+        assertEquals(null, instance.encodeForLDAP(null, false));
+        assertEquals("No special characters to escape", "Hi This is a test #��", instance.encodeForLDAP("Hi This is a test #��", false));
+        assertEquals("Zeros", "Hi \\00", instance.encodeForLDAP("Hi \u0000", false));
+        assertEquals("LDAP Christams Tree", "Hi \\28This\\29 = is * a \\5c test # � � �", instance.encodeForLDAP("Hi (This) = is * a \\ test # � � �", false));
+    }
+    
+    /**
+	 * Test of encodeForDN method, of class org.owasp.esapi.Encoder.
 	 */
     public void testEncodeForDN() {
         System.out.println("encodeForDN");

From 603408f73173145258e8677d0e1364d2e60c876e Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Sat, 15 Jul 2017 12:07:52 -0700
Subject: [PATCH 410/812] Issue #399 -- Fixed mvn site so that the build no
 longer breaks on legacy javadoc comments.

---
 pom.xml | 35 ++++++++++++++++++++++++++++++++++-
 1 file changed, 34 insertions(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 224f1f5c7..fd8551117 100644
--- a/pom.xml
+++ b/pom.xml
@@ -309,7 +309,7 @@
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>findbugs-maven-plugin</artifactId>
-                <version>2.5.5</version>
+                <version>3.0.4</version>
                 <configuration>
                     <findbugsXmlOutput>true</findbugsXmlOutput>
                     <findbugsXmlWithMessages>true</findbugsXmlWithMessages>
@@ -412,6 +412,39 @@
     </reporting>
 
     <profiles>
+        <profile>
+          <id>doclint-java8-disable</id>
+          <activation>
+            <jdk>[1.8,)</jdk>
+          </activation>
+          <build>
+            <plugins>
+              <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-javadoc-plugin</artifactId>
+                <configuration>
+                  <additionalparam>-Xdoclint:none</additionalparam>
+                </configuration>
+              </plugin>
+              <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-site-plugin</artifactId>
+                <version>3.4</version>
+                <configuration>
+                  <reportPlugins>
+                    <plugin>
+                      <groupId>org.apache.maven.plugins</groupId>
+                      <artifactId>maven-javadoc-plugin</artifactId>
+                      <configuration>
+                        <additionalparam>-Xdoclint:none</additionalparam>
+                      </configuration>
+                    </plugin>
+                  </reportPlugins>
+                </configuration>
+              </plugin>
+            </plugins>
+          </build>
+        </profile>
         <profile>
             <!-- Activate to sign jars and build distributable download. -->
             <id>dist</id>

From a607dba2112bffcf005fdb8c9b2d4e08391e05ca Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Sat, 15 Jul 2017 12:24:19 -0700
Subject: [PATCH 411/812] Issue #316 -- Fixed error where I got rid of
 src/main/resources and also updated the unit test to use non-deprecated
 asserts.

---
 .../DefaultSecurityConfiguration.java         |   4 +-
 .../DefaultSecurityConfigurationTest.java     | 193 +++++++++---------
 2 files changed, 101 insertions(+), 96 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
index 1d59f2b24..861fced2b 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
@@ -670,8 +670,8 @@ private Properties loadConfigurationFromClasspath(String fileName) throws Illega
 					
 					// try src/main/resources folder
 					if (in == null) {
-						currentClasspathSearchLocation = "resources/";
-						in = currentLoader.getResourceAsStream("resources/" + fileName);
+						currentClasspathSearchLocation = "src/main/resources/";
+						in = currentLoader.getResourceAsStream("src/main/resources/" + fileName);
 					}
 		
 					// now load the properties
diff --git a/src/test/java/org/owasp/esapi/reference/DefaultSecurityConfigurationTest.java b/src/test/java/org/owasp/esapi/reference/DefaultSecurityConfigurationTest.java
index 0a7654871..fed8647af 100644
--- a/src/test/java/org/owasp/esapi/reference/DefaultSecurityConfigurationTest.java
+++ b/src/test/java/org/owasp/esapi/reference/DefaultSecurityConfigurationTest.java
@@ -1,8 +1,13 @@
 package org.owasp.esapi.reference;
 
-import java.util.regex.Pattern;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
 
-import junit.framework.Assert;
+import java.util.regex.Pattern;
 
 import org.junit.Test;
 import org.owasp.esapi.ESAPI;
@@ -21,139 +26,139 @@ private DefaultSecurityConfiguration createWithProperty(String key, String val)
 	public void testGetApplicationName() {
 		final String expected = "ESAPI_UnitTests";
 		DefaultSecurityConfiguration secConf = this.createWithProperty(DefaultSecurityConfiguration.APPLICATION_NAME, expected);
-		Assert.assertEquals(expected, secConf.getApplicationName());
+		assertEquals(expected, secConf.getApplicationName());
 	}
 	
 	@Test
 	public void testGetLogImplementation() {
 		//test the default
 		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertEquals(DefaultSecurityConfiguration.DEFAULT_LOG_IMPLEMENTATION, secConf.getLogImplementation());
+		assertEquals(DefaultSecurityConfiguration.DEFAULT_LOG_IMPLEMENTATION, secConf.getLogImplementation());
 		
 		final String expected = "TestLogger";
 		secConf = this.createWithProperty(DefaultSecurityConfiguration.LOG_IMPLEMENTATION, expected);
-		Assert.assertEquals(expected, secConf.getLogImplementation());
+		assertEquals(expected, secConf.getLogImplementation());
 	}
 	
 	@Test
 	public void testAuthenticationImplementation() {
 		//test the default
 		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertEquals(DefaultSecurityConfiguration.DEFAULT_AUTHENTICATION_IMPLEMENTATION, secConf.getAuthenticationImplementation());
+		assertEquals(DefaultSecurityConfiguration.DEFAULT_AUTHENTICATION_IMPLEMENTATION, secConf.getAuthenticationImplementation());
 		
 		final String expected = "TestAuthentication";
 		secConf = this.createWithProperty(DefaultSecurityConfiguration.AUTHENTICATION_IMPLEMENTATION, expected);
-		Assert.assertEquals(expected, secConf.getAuthenticationImplementation());
+		assertEquals(expected, secConf.getAuthenticationImplementation());
 	}
 	
 	@Test
 	public void testEncoderImplementation() {
 		//test the default
 		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertEquals(DefaultSecurityConfiguration.DEFAULT_ENCODER_IMPLEMENTATION, secConf.getEncoderImplementation());
+		assertEquals(DefaultSecurityConfiguration.DEFAULT_ENCODER_IMPLEMENTATION, secConf.getEncoderImplementation());
 		
 		final String expected = "TestEncoder";
 		secConf = this.createWithProperty(DefaultSecurityConfiguration.ENCODER_IMPLEMENTATION, expected);
-		Assert.assertEquals(expected, secConf.getEncoderImplementation());
+		assertEquals(expected, secConf.getEncoderImplementation());
 	}
 	
 	@Test
 	public void testAccessControlImplementation() {
 		//test the default
 		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertEquals(DefaultSecurityConfiguration.DEFAULT_ACCESS_CONTROL_IMPLEMENTATION, secConf.getAccessControlImplementation());
+		assertEquals(DefaultSecurityConfiguration.DEFAULT_ACCESS_CONTROL_IMPLEMENTATION, secConf.getAccessControlImplementation());
 		
 		final String expected = "TestAccessControl";
 		secConf = this.createWithProperty(DefaultSecurityConfiguration.ACCESS_CONTROL_IMPLEMENTATION, expected);
-		Assert.assertEquals(expected, secConf.getAccessControlImplementation());
+		assertEquals(expected, secConf.getAccessControlImplementation());
 	}
 	
 	@Test
 	public void testEncryptionImplementation() {
 		//test the default
 		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertEquals(DefaultSecurityConfiguration.DEFAULT_ENCRYPTION_IMPLEMENTATION, secConf.getEncryptionImplementation());
+		assertEquals(DefaultSecurityConfiguration.DEFAULT_ENCRYPTION_IMPLEMENTATION, secConf.getEncryptionImplementation());
 		
 		final String expected = "TestEncryption";
 		secConf = this.createWithProperty(DefaultSecurityConfiguration.ENCRYPTION_IMPLEMENTATION, expected);
-		Assert.assertEquals(expected, secConf.getEncryptionImplementation());
+		assertEquals(expected, secConf.getEncryptionImplementation());
 	}
 	
 	@Test
 	public void testIntrusionDetectionImplementation() {
 		//test the default
 		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertEquals(DefaultSecurityConfiguration.DEFAULT_INTRUSION_DETECTION_IMPLEMENTATION, secConf.getIntrusionDetectionImplementation());
+		assertEquals(DefaultSecurityConfiguration.DEFAULT_INTRUSION_DETECTION_IMPLEMENTATION, secConf.getIntrusionDetectionImplementation());
 		
 		final String expected = "TestIntrusionDetection";
 		secConf = this.createWithProperty(DefaultSecurityConfiguration.INTRUSION_DETECTION_IMPLEMENTATION, expected);
-		Assert.assertEquals(expected, secConf.getIntrusionDetectionImplementation());
+		assertEquals(expected, secConf.getIntrusionDetectionImplementation());
 	}
 	
 	@Test
 	public void testRandomizerImplementation() {
 		//test the default
 		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertEquals(DefaultSecurityConfiguration.DEFAULT_RANDOMIZER_IMPLEMENTATION, secConf.getRandomizerImplementation());
+		assertEquals(DefaultSecurityConfiguration.DEFAULT_RANDOMIZER_IMPLEMENTATION, secConf.getRandomizerImplementation());
 		
 		final String expected = "TestRandomizer";
 		secConf = this.createWithProperty(DefaultSecurityConfiguration.RANDOMIZER_IMPLEMENTATION, expected);
-		Assert.assertEquals(expected, secConf.getRandomizerImplementation());
+		assertEquals(expected, secConf.getRandomizerImplementation());
 	}
 	
 	@Test
 	public void testExecutorImplementation() {
 		//test the default
 		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertEquals(DefaultSecurityConfiguration.DEFAULT_EXECUTOR_IMPLEMENTATION, secConf.getExecutorImplementation());
+		assertEquals(DefaultSecurityConfiguration.DEFAULT_EXECUTOR_IMPLEMENTATION, secConf.getExecutorImplementation());
 		
 		final String expected = "TestExecutor";
 		secConf = this.createWithProperty(DefaultSecurityConfiguration.EXECUTOR_IMPLEMENTATION, expected);
-		Assert.assertEquals(expected, secConf.getExecutorImplementation());
+		assertEquals(expected, secConf.getExecutorImplementation());
 	}
 	
 	@Test
 	public void testHTTPUtilitiesImplementation() {
 		//test the default
 		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertEquals(DefaultSecurityConfiguration.DEFAULT_HTTP_UTILITIES_IMPLEMENTATION, secConf.getHTTPUtilitiesImplementation());
+		assertEquals(DefaultSecurityConfiguration.DEFAULT_HTTP_UTILITIES_IMPLEMENTATION, secConf.getHTTPUtilitiesImplementation());
 		
 		final String expected = "TestHTTPUtilities";
 		secConf = this.createWithProperty(DefaultSecurityConfiguration.HTTP_UTILITIES_IMPLEMENTATION, expected);
-		Assert.assertEquals(expected, secConf.getHTTPUtilitiesImplementation());
+		assertEquals(expected, secConf.getHTTPUtilitiesImplementation());
 	}
 	
 	@Test
 	public void testValidationImplementation() {
 		//test the default
 		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertEquals(DefaultSecurityConfiguration.DEFAULT_VALIDATOR_IMPLEMENTATION, secConf.getValidationImplementation());
+		assertEquals(DefaultSecurityConfiguration.DEFAULT_VALIDATOR_IMPLEMENTATION, secConf.getValidationImplementation());
 		
 		final String expected = "TestValidation";
 		secConf = this.createWithProperty(DefaultSecurityConfiguration.VALIDATOR_IMPLEMENTATION, expected);
-		Assert.assertEquals(expected, secConf.getValidationImplementation());
+		assertEquals(expected, secConf.getValidationImplementation());
 	}
 	
 	@Test
 	public void testGetEncryptionKeyLength() {
 		// test the default
 		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertEquals(128, secConf.getEncryptionKeyLength());
+		assertEquals(128, secConf.getEncryptionKeyLength());
 		
 		final int expected = 256;
 		secConf = this.createWithProperty(DefaultSecurityConfiguration.KEY_LENGTH, String.valueOf(expected));
-		Assert.assertEquals(expected, secConf.getEncryptionKeyLength());
+		assertEquals(expected, secConf.getEncryptionKeyLength());
 	}
 	
 	@Test
 	public void testGetKDFPseudoRandomFunction() {
 		// test the default
 		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertEquals("HmacSHA256", secConf.getKDFPseudoRandomFunction());
+		assertEquals("HmacSHA256", secConf.getKDFPseudoRandomFunction());
 		
 		final String expected = "HmacSHA1";
 		secConf = this.createWithProperty(DefaultSecurityConfiguration.KDF_PRF_ALG, expected);
-		Assert.assertEquals(expected, secConf.getKDFPseudoRandomFunction());
+		assertEquals(expected, secConf.getKDFPseudoRandomFunction());
 	}
 	
 	@Test
@@ -161,10 +166,10 @@ public void testGetMasterSalt() {
 		try {
 			DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
 			secConf.getMasterSalt();
-			Assert.fail("Expected Exception not thrown");
+			fail("Expected Exception not thrown");
 		}
 		catch (ConfigurationException ce) {
-			Assert.assertNotNull(ce.getMessage());
+			assertNotNull(ce.getMessage());
 		}
 		
 		final String salt = "53081";
@@ -172,7 +177,7 @@ public void testGetMasterSalt() {
 		java.util.Properties properties = new java.util.Properties();
 		properties.setProperty(DefaultSecurityConfiguration.MASTER_SALT, property);
 		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(properties);
-		Assert.assertEquals(salt, new String(secConf.getMasterSalt()));
+		assertEquals(salt, new String(secConf.getMasterSalt()));
 	}
 	
 	@Test
@@ -181,21 +186,21 @@ public void testGetAllowedExecutables() {
 		java.util.List<String> allowedExecutables = secConf.getAllowedExecutables();
 		
 		//is this really what should be returned? what about an empty list?
-		Assert.assertEquals(1, allowedExecutables.size());
-		Assert.assertEquals("", allowedExecutables.get(0));
+		assertEquals(1, allowedExecutables.size());
+		assertEquals("", allowedExecutables.get(0));
 		
 		
 		java.util.Properties properties = new java.util.Properties();
 		properties.setProperty(DefaultSecurityConfiguration.APPROVED_EXECUTABLES, String.valueOf("/bin/bzip2,/bin/diff, /bin/cvs"));
 		secConf = new DefaultSecurityConfiguration(properties);
 		allowedExecutables = secConf.getAllowedExecutables();
-		Assert.assertEquals(3, allowedExecutables.size());
-		Assert.assertEquals("/bin/bzip2", allowedExecutables.get(0));
-		Assert.assertEquals("/bin/diff", allowedExecutables.get(1));
+		assertEquals(3, allowedExecutables.size());
+		assertEquals("/bin/bzip2", allowedExecutables.get(0));
+		assertEquals("/bin/diff", allowedExecutables.get(1));
 		
 		//this seems less than optimal, maybe each value should have a trim() done to it
 		//at least we know that this behavior exists, the property should'nt have spaces between values
-		Assert.assertEquals(" /bin/cvs", allowedExecutables.get(2));
+		assertEquals(" /bin/cvs", allowedExecutables.get(2));
 	}
 	
 	@Test
@@ -203,189 +208,189 @@ public void testGetAllowedFileExtensions() {
 		
 		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
 		java.util.List<String> allowedFileExtensions = secConf.getAllowedFileExtensions();
-		Assert.assertFalse(allowedFileExtensions.isEmpty());
+		assertFalse(allowedFileExtensions.isEmpty());
 		
 		
 		java.util.Properties properties = new java.util.Properties();
 		properties.setProperty(DefaultSecurityConfiguration.APPROVED_UPLOAD_EXTENSIONS, String.valueOf(".txt,.xml,.html,.png"));
 		secConf = new DefaultSecurityConfiguration(properties);
 		allowedFileExtensions = secConf.getAllowedFileExtensions();
-		Assert.assertEquals(4, allowedFileExtensions.size());
-		Assert.assertEquals(".html", allowedFileExtensions.get(2));
+		assertEquals(4, allowedFileExtensions.size());
+		assertEquals(".html", allowedFileExtensions.get(2));
 	}
 	
 	@Test
 	public void testGetAllowedFileUploadSize() {
 		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
 		//assert that the default is of some reasonable size
-		Assert.assertTrue(secConf.getAllowedFileUploadSize() > (1024 * 100));
+		assertTrue(secConf.getAllowedFileUploadSize() > (1024 * 100));
 		
 		final int expected = (1024 * 1000);
 		secConf = this.createWithProperty(DefaultSecurityConfiguration.MAX_UPLOAD_FILE_BYTES, String.valueOf(expected));
-		Assert.assertEquals(expected, secConf.getAllowedFileUploadSize());
+		assertEquals(expected, secConf.getAllowedFileUploadSize());
 	}
 	
 	@Test
 	public void testGetParameterNames() {
 		//test the default
 		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertEquals("password", secConf.getPasswordParameterName());
-		Assert.assertEquals("username", secConf.getUsernameParameterName());
+		assertEquals("password", secConf.getPasswordParameterName());
+		assertEquals("username", secConf.getUsernameParameterName());
 		
 		java.util.Properties properties = new java.util.Properties();
 		properties.setProperty(DefaultSecurityConfiguration.PASSWORD_PARAMETER_NAME, "j_password");
 		properties.setProperty(DefaultSecurityConfiguration.USERNAME_PARAMETER_NAME, "j_username");
 		secConf = new DefaultSecurityConfiguration(properties);
-		Assert.assertEquals("j_password", secConf.getPasswordParameterName());
-		Assert.assertEquals("j_username", secConf.getUsernameParameterName());
+		assertEquals("j_password", secConf.getPasswordParameterName());
+		assertEquals("j_username", secConf.getUsernameParameterName());
 	}
 	
 	@Test
 	public void testGetEncryptionAlgorithm() {
 		//test the default
 		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertEquals("AES", secConf.getEncryptionAlgorithm());
+		assertEquals("AES", secConf.getEncryptionAlgorithm());
 		
 		secConf = this.createWithProperty(DefaultSecurityConfiguration.ENCRYPTION_ALGORITHM, "3DES");
-		Assert.assertEquals("3DES", secConf.getEncryptionAlgorithm());
+		assertEquals("3DES", secConf.getEncryptionAlgorithm());
 	}
 	
 	@Test
 	public void testGetCipherXProperties() {
 		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertEquals("AES/CBC/PKCS5Padding", secConf.getCipherTransformation());
-		//Assert.assertEquals("AES/CBC/PKCS5Padding", secConf.getC);
+		assertEquals("AES/CBC/PKCS5Padding", secConf.getCipherTransformation());
+		//assertEquals("AES/CBC/PKCS5Padding", secConf.getC);
 		
 		java.util.Properties properties = new java.util.Properties();
 		properties.setProperty(DefaultSecurityConfiguration.CIPHER_TRANSFORMATION_IMPLEMENTATION, "Blowfish/CFB/ISO10126Padding");
 		secConf = new DefaultSecurityConfiguration(properties);
-		Assert.assertEquals("Blowfish/CFB/ISO10126Padding", secConf.getCipherTransformation());
+		assertEquals("Blowfish/CFB/ISO10126Padding", secConf.getCipherTransformation());
 		
 		secConf.setCipherTransformation("DESede/PCBC/PKCS5Padding");
-		Assert.assertEquals("DESede/PCBC/PKCS5Padding", secConf.getCipherTransformation());
+		assertEquals("DESede/PCBC/PKCS5Padding", secConf.getCipherTransformation());
 		
 		secConf.setCipherTransformation(null);//sets it back to default
-		Assert.assertEquals("Blowfish/CFB/ISO10126Padding", secConf.getCipherTransformation());
+		assertEquals("Blowfish/CFB/ISO10126Padding", secConf.getCipherTransformation());
 	}
 	
 	@Test
 	public void testIV() {
 		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertEquals("random", secConf.getIVType());
+		assertEquals("random", secConf.getIVType());
 		try {
 			secConf.getFixedIV();
-			Assert.fail();
+			fail();
 		}
 		catch (ConfigurationException ce) {
-			Assert.assertNotNull(ce.getMessage());
+			assertNotNull(ce.getMessage());
 		}
 		
 		java.util.Properties properties = new java.util.Properties();
 		properties.setProperty(DefaultSecurityConfiguration.IV_TYPE, "fixed");
 		properties.setProperty(DefaultSecurityConfiguration.FIXED_IV, "ivValue");
 		secConf = new DefaultSecurityConfiguration(properties);
-		Assert.assertEquals("fixed", secConf.getIVType());
-		Assert.assertEquals("ivValue", secConf.getFixedIV());
+		assertEquals("fixed", secConf.getIVType());
+		assertEquals("ivValue", secConf.getFixedIV());
 		
 		properties.setProperty(DefaultSecurityConfiguration.IV_TYPE, "illegal");
 		secConf = new DefaultSecurityConfiguration(properties);
 		try {
 			secConf.getIVType();
-			Assert.fail();
+			fail();
 		}
 		catch (ConfigurationException ce) {
-			Assert.assertNotNull(ce.getMessage());
+			assertNotNull(ce.getMessage());
 		}
 		try {
 			secConf.getFixedIV();
-			Assert.fail();
+			fail();
 		}
 		catch (ConfigurationException ce) {
-			Assert.assertNotNull(ce.getMessage());
+			assertNotNull(ce.getMessage());
 		}
 	}
 	
 	@Test
 	public void testGetAllowMultipleEncoding() {
 		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertFalse(secConf.getAllowMultipleEncoding());
+		assertFalse(secConf.getAllowMultipleEncoding());
 		
 		secConf = this.createWithProperty(DefaultSecurityConfiguration.ALLOW_MULTIPLE_ENCODING, "yes");
-		Assert.assertTrue(secConf.getAllowMultipleEncoding());
+		assertTrue(secConf.getAllowMultipleEncoding());
 		
 		secConf = this.createWithProperty(DefaultSecurityConfiguration.ALLOW_MULTIPLE_ENCODING, "true");
-		Assert.assertTrue(secConf.getAllowMultipleEncoding());
+		assertTrue(secConf.getAllowMultipleEncoding());
 		
 		secConf = this.createWithProperty(DefaultSecurityConfiguration.ALLOW_MULTIPLE_ENCODING, "no");
-		Assert.assertFalse(secConf.getAllowMultipleEncoding());
+		assertFalse(secConf.getAllowMultipleEncoding());
 	}
 	
 	@Test
 	public void testGetDefaultCanonicalizationCodecs() {
 		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertFalse(secConf.getDefaultCanonicalizationCodecs().isEmpty());
+		assertFalse(secConf.getDefaultCanonicalizationCodecs().isEmpty());
 		
 		String property = "org.owasp.esapi.codecs.TestCodec1,org.owasp.esapi.codecs.TestCodec2";
 		secConf = this.createWithProperty(DefaultSecurityConfiguration.CANONICALIZATION_CODECS, property);
-		Assert.assertTrue(secConf.getDefaultCanonicalizationCodecs().contains("org.owasp.esapi.codecs.TestCodec1"));
+		assertTrue(secConf.getDefaultCanonicalizationCodecs().contains("org.owasp.esapi.codecs.TestCodec1"));
 	}
 	
 	@Test
 	public void testGetDisableIntrusionDetection() {
 		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertFalse(secConf.getDisableIntrusionDetection());
+		assertFalse(secConf.getDisableIntrusionDetection());
 		
 		secConf = this.createWithProperty(DefaultSecurityConfiguration.DISABLE_INTRUSION_DETECTION, "TRUE");
-		Assert.assertTrue(secConf.getDisableIntrusionDetection());
+		assertTrue(secConf.getDisableIntrusionDetection());
 		
 		secConf = this.createWithProperty(DefaultSecurityConfiguration.DISABLE_INTRUSION_DETECTION, "true");
-		Assert.assertTrue(secConf.getDisableIntrusionDetection());
+		assertTrue(secConf.getDisableIntrusionDetection());
 		
 		secConf = this.createWithProperty(DefaultSecurityConfiguration.DISABLE_INTRUSION_DETECTION, "false");
-		Assert.assertFalse(secConf.getDisableIntrusionDetection());
+		assertFalse(secConf.getDisableIntrusionDetection());
 	}
 	
 	@Test
 	public void testGetLogLevel() {
 		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertEquals(Logger.WARNING, secConf.getLogLevel());
+		assertEquals(Logger.WARNING, secConf.getLogLevel());
 		
 		secConf = this.createWithProperty(DefaultSecurityConfiguration.LOG_LEVEL, "trace");
-		Assert.assertEquals(Logger.TRACE, secConf.getLogLevel());
+		assertEquals(Logger.TRACE, secConf.getLogLevel());
 		
 		secConf = this.createWithProperty(DefaultSecurityConfiguration.LOG_LEVEL, "Off");
-		Assert.assertEquals(Logger.OFF, secConf.getLogLevel());
+		assertEquals(Logger.OFF, secConf.getLogLevel());
 		
 		secConf = this.createWithProperty(DefaultSecurityConfiguration.LOG_LEVEL, "all");
-		Assert.assertEquals(Logger.ALL, secConf.getLogLevel());
+		assertEquals(Logger.ALL, secConf.getLogLevel());
 		
 		secConf = this.createWithProperty(DefaultSecurityConfiguration.LOG_LEVEL, "DEBUG");
-		Assert.assertEquals(Logger.DEBUG, secConf.getLogLevel());
+		assertEquals(Logger.DEBUG, secConf.getLogLevel());
 		
 		secConf = this.createWithProperty(DefaultSecurityConfiguration.LOG_LEVEL, "info");
-		Assert.assertEquals(Logger.INFO, secConf.getLogLevel());
+		assertEquals(Logger.INFO, secConf.getLogLevel());
 		
 		secConf = this.createWithProperty(DefaultSecurityConfiguration.LOG_LEVEL, "ERROR");
-		Assert.assertEquals(Logger.ERROR, secConf.getLogLevel());
+		assertEquals(Logger.ERROR, secConf.getLogLevel());
 	}
 	
 	@Test
 	public void testGetLogFileName() {
 		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertEquals("ESAPI_logging_file", secConf.getLogFileName());
+		assertEquals("ESAPI_logging_file", secConf.getLogFileName());
 		
 		secConf = this.createWithProperty(DefaultSecurityConfiguration.LOG_FILE_NAME, "log.txt");
-		Assert.assertEquals("log.txt", secConf.getLogFileName());
+		assertEquals("log.txt", secConf.getLogFileName());
 	}
 	
 	@Test
 	public void testGetMaxLogFileSize() {
 		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		Assert.assertEquals(DefaultSecurityConfiguration.DEFAULT_MAX_LOG_FILE_SIZE, secConf.getMaxLogFileSize());
+		assertEquals(DefaultSecurityConfiguration.DEFAULT_MAX_LOG_FILE_SIZE, secConf.getMaxLogFileSize());
 		
 		int maxLogSize = (1024 * 1000);
 		secConf = this.createWithProperty(DefaultSecurityConfiguration.MAX_LOG_FILE_SIZE, String.valueOf(maxLogSize));
-		Assert.assertEquals(maxLogSize, secConf.getMaxLogFileSize());
+		assertEquals(maxLogSize, secConf.getMaxLogFileSize());
 	}
 	
 	private String patternOrNull(Pattern p){
@@ -395,24 +400,24 @@ private String patternOrNull(Pattern p){
 	@Test
 	public void testValidationsPropertiesFileOptions(){
 		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration("ESAPI-SingleValidatorFileChecker.properties");
-		Assert.assertEquals(patternOrNull(secConf.getValidationPattern("Test1")), "ValueFromFile1");
-		Assert.assertNull(secConf.getValidationPattern("Test2"));
-		Assert.assertNull(secConf.getValidationPattern("TestC"));
+		assertEquals(patternOrNull(secConf.getValidationPattern("Test1")), "ValueFromFile1");
+		assertNull(secConf.getValidationPattern("Test2"));
+		assertNull(secConf.getValidationPattern("TestC"));
 		
 		secConf = new DefaultSecurityConfiguration("ESAPI-DualValidatorFileChecker.properties");
-		Assert.assertEquals(patternOrNull(secConf.getValidationPattern("Test1")), "ValueFromFile1");
-		Assert.assertEquals(patternOrNull(secConf.getValidationPattern("Test2")), "ValueFromFile2");
-		Assert.assertNull(secConf.getValidationPattern("TestC"));
+		assertEquals(patternOrNull(secConf.getValidationPattern("Test1")), "ValueFromFile1");
+		assertEquals(patternOrNull(secConf.getValidationPattern("Test2")), "ValueFromFile2");
+		assertNull(secConf.getValidationPattern("TestC"));
 
 		secConf = new DefaultSecurityConfiguration("ESAPI-CommaValidatorFileChecker.properties");
-		Assert.assertEquals(patternOrNull(secConf.getValidationPattern("TestC")), "ValueFromCommaFile");
-		Assert.assertNull(secConf.getValidationPattern("Test1"));
-		Assert.assertNull(secConf.getValidationPattern("Test2"));
+		assertEquals(patternOrNull(secConf.getValidationPattern("TestC")), "ValueFromCommaFile");
+		assertNull(secConf.getValidationPattern("Test1"));
+		assertNull(secConf.getValidationPattern("Test2"));
 
 		secConf = new DefaultSecurityConfiguration("ESAPI-QuotedValidatorFileChecker.properties");
-		Assert.assertEquals(patternOrNull(secConf.getValidationPattern("Test1")), "ValueFromFile1");
-		Assert.assertEquals(patternOrNull(secConf.getValidationPattern("Test2")), "ValueFromFile2");
-		Assert.assertEquals(patternOrNull(secConf.getValidationPattern("TestC")), "ValueFromCommaFile");
+		assertEquals(patternOrNull(secConf.getValidationPattern("Test1")), "ValueFromFile1");
+		assertEquals(patternOrNull(secConf.getValidationPattern("Test2")), "ValueFromFile2");
+		assertEquals(patternOrNull(secConf.getValidationPattern("TestC")), "ValueFromCommaFile");
 	}
 	
 }

From 283753841aa927eb535ddfddb5c899fd7721d39d Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Sat, 15 Jul 2017 19:21:21 -0700
Subject: [PATCH 412/812] Issue #316 -- Added unit test to ensure search
 directory changes are adequately updated in the future, and upped JVM
 compliance level to 1.7 since we already decided that 1.6 is more than
 defunct.

---
 .../DefaultSecurityConfiguration.java         | 34 +++++++++++++++----
 .../DefaultSecurityConfigurationTest.java     | 17 ++++++++++
 2 files changed, 45 insertions(+), 6 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
index 861fced2b..a1f551e7d 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
@@ -642,36 +642,36 @@ private Properties loadConfigurationFromClasspath(String fileName) throws Illega
 				try {
 					// try root
 					String currentClasspathSearchLocation = "/ (root)";
-					in = loaders[i].getResourceAsStream(fileName);
+					in = loaders[i].getResourceAsStream(DefaultSearchPath.ROOT.toString());
 					
 					// try resourceDirectory folder
 					if (in == null) {
 						currentClasspathSearchLocation = resourceDirectory + "/";
-						in = currentLoader.getResourceAsStream(resourceDirectory + "/" + fileName);
+						in = currentLoader.getResourceAsStream(DefaultSearchPath.RESOURCE_DIRECTORY + fileName);
 					}
 
 					// try .esapi folder. Look here first for backward compatibility.
 					if (in == null) {
 						currentClasspathSearchLocation = ".esapi/";
-						in = currentLoader.getResourceAsStream(".esapi/" + fileName);
+						in = currentLoader.getResourceAsStream(DefaultSearchPath.DOT_ESAPI + fileName);
 					} 
 					
 					// try esapi folder (new directory)
 					if (in == null) {
 						currentClasspathSearchLocation = "esapi/";
-						in = currentLoader.getResourceAsStream("esapi/" + fileName);
+						in = currentLoader.getResourceAsStream(DefaultSearchPath.ESAPI + fileName);
 					} 
 					
 					// try resources folder
 					if (in == null) {
 						currentClasspathSearchLocation = "resources/";
-						in = currentLoader.getResourceAsStream("resources/" + fileName);
+						in = currentLoader.getResourceAsStream(DefaultSearchPath.RESOURCES + fileName);
 					}
 					
 					// try src/main/resources folder
 					if (in == null) {
 						currentClasspathSearchLocation = "src/main/resources/";
-						in = currentLoader.getResourceAsStream("src/main/resources/" + fileName);
+						in = currentLoader.getResourceAsStream(DefaultSearchPath.SRC_MAIN_RESOURCES + fileName);
 					}
 		
 					// now load the properties
@@ -1347,4 +1347,26 @@ protected boolean shouldPrintProperties() {
     protected Properties getESAPIProperties() {
         return properties;
     }
+    
+    public enum DefaultSearchPath {
+    	
+    	RESOURCE_DIRECTORY("resourceDirectory/"),
+    	SRC_MAIN_RESOURCES("src/main/resources/"),
+    	ROOT("/"),
+    	DOT_ESAPI(".esapi/"),
+    	ESAPI("esapi/"),
+    	RESOURCES("resources/");
+    	
+    	private final String path;
+    	
+
+    	
+    	private DefaultSearchPath(String s){
+    		this.path = s;
+    	}
+    	
+    	public String value(){
+    		return path;
+    	}
+    }
 }
diff --git a/src/test/java/org/owasp/esapi/reference/DefaultSecurityConfigurationTest.java b/src/test/java/org/owasp/esapi/reference/DefaultSecurityConfigurationTest.java
index fed8647af..5171da6a5 100644
--- a/src/test/java/org/owasp/esapi/reference/DefaultSecurityConfigurationTest.java
+++ b/src/test/java/org/owasp/esapi/reference/DefaultSecurityConfigurationTest.java
@@ -13,6 +13,7 @@
 import org.owasp.esapi.ESAPI;
 import org.owasp.esapi.Logger;
 import org.owasp.esapi.errors.ConfigurationException;
+import org.owasp.esapi.reference.DefaultSecurityConfiguration.DefaultSearchPath;
 
 public class DefaultSecurityConfigurationTest {
 
@@ -420,4 +421,20 @@ public void testValidationsPropertiesFileOptions(){
 		assertEquals(patternOrNull(secConf.getValidationPattern("TestC")), "ValueFromCommaFile");
 	}
 	
+	@Test 
+	public void DefaultSearchPathTest(){
+		assertEquals("/", DefaultSearchPath.ROOT.value());
+		assertEquals("resourceDirectory/", DefaultSearchPath.RESOURCE_DIRECTORY.value());
+		assertEquals(".esapi/", DefaultSearchPath.DOT_ESAPI.value());
+		assertEquals("esapi/", DefaultSearchPath.ESAPI.value());
+		assertEquals("resources/", DefaultSearchPath.RESOURCES.value());
+		assertEquals("src/main/resources/", DefaultSearchPath.SRC_MAIN_RESOURCES.value());
+	}
+	
+	@Test
+	public void DefaultSearchPathEnumChanges(){
+		int expected = 6;
+		int testValue = DefaultSearchPath.values().length;
+		assertEquals(expected, testValue);
+	}
 }

From 262c342723d9c043559ada1c440dc061bdec1161 Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Sun, 16 Jul 2017 09:27:46 -0700
Subject: [PATCH 413/812] Issue #399 -- Updated pom.xml so the base compile
 version is 1.7 instead of 1.6.  This eliminates incompatibilities with mvn
 site that was preventing newer plugins from using items like
 java.util.Function.

---
 pom.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index fd8551117..b66f5ee1a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -219,8 +219,8 @@
                 <artifactId>maven-compiler-plugin</artifactId>
                 <version>3.3</version>
                 <configuration>
-                    <source>1.6</source>
-                    <target>1.6</target>
+                    <source>1.7</source>
+                    <target>1.7</target>
                     <debug>true</debug>
                     <showWarnings>true</showWarnings>
                     <showDeprecation>false</showDeprecation>

From df2c9783b3e4112519af3722e21c3d7499eab101 Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Sun, 16 Jul 2017 13:13:43 -0700
Subject: [PATCH 414/812] Issue #398 -- Fixed hardcoded instance of HTTP header
 and made it configurable.

---
 .../org/owasp/esapi/filters/SecurityWrapperResponse.java   | 6 ++++--
 .../esapi/reference/DefaultSecurityConfiguration.java      | 2 --
 src/test/java/org/owasp/esapi/reference/ValidatorTest.java | 7 +++++++
 src/test/resources/esapi/ESAPI.properties                  | 6 ++++--
 4 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java b/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java
index 9dd0632ce..63a403879 100644
--- a/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java
+++ b/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java
@@ -24,6 +24,7 @@
 
 import org.owasp.esapi.ESAPI;
 import org.owasp.esapi.Logger;
+import org.owasp.esapi.SecurityConfiguration;
 import org.owasp.esapi.StringUtilities;
 import org.owasp.esapi.ValidationErrorList;
 import org.owasp.esapi.errors.IntrusionException;
@@ -168,10 +169,11 @@ public void addDateHeader(String name, long date) {
     public void addHeader(String name, String value) {
         try {
             // TODO: make stripping a global config
+        	SecurityConfiguration sc = ESAPI.securityConfiguration();
             String strippedName = StringUtilities.stripControls(name);
             String strippedValue = StringUtilities.stripControls(value);
-            String safeName = ESAPI.validator().getValidInput("addHeader", strippedName, "HTTPHeaderName", 20, false);
-            String safeValue = ESAPI.validator().getValidInput("addHeader", strippedValue, "HTTPHeaderValue", ESAPI.securityConfiguration().getMaxHttpHeaderSize(), false);
+            String safeName = ESAPI.validator().getValidInput("addHeader", strippedName, "HTTPHeaderName", sc.getIntProp("HttpUtilities.MaxHeaderKeySize"), false);
+            String safeValue = ESAPI.validator().getValidInput("addHeader", strippedValue, "HTTPHeaderValue", sc.getIntProp("HttpUtilities.MaxHeaderValueSize"), false);
             getHttpServletResponse().addHeader(safeName, safeValue);
         } catch (ValidationException e) {
             logger.warning(Logger.SECURITY_FAILURE, "Attempt to add invalid header denied", e);
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
index a1f551e7d..bf2a79696 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
@@ -1359,8 +1359,6 @@ public enum DefaultSearchPath {
     	
     	private final String path;
     	
-
-    	
     	private DefaultSearchPath(String s){
     		this.path = s;
     	}
diff --git a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
index 7df1227b0..e10b47e48 100644
--- a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
+++ b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
@@ -1087,6 +1087,13 @@ public void testGetHeader() {
         assertFalse(safeRequest.getHeader("f2").equals(request.getHeader("f2")));
         assertNull(safeRequest.getHeader("p3"));
     }
+    
+    public void testHeaderLengthChecks(){
+    	Validator v = ESAPI.validator();
+    	SecurityConfiguration sc = ESAPI.securityConfiguration();
+    	assertFalse(v.isValidInput("addHeader", generateStringOfLength(257), "HTTPHeaderName", sc.getIntProp("HttpUtilities.MaxHeaderKeySize"), false));
+    	assertFalse(v.isValidInput("addHeader", generateStringOfLength(4097), "HTTPHeaderValue", sc.getIntProp("HttpUtilities.MaxHeaderValueSize"), false));
+    }
 
     public void testGetHeaderNames() {
 //testing Validator.HTTPHeaderName
diff --git a/src/test/resources/esapi/ESAPI.properties b/src/test/resources/esapi/ESAPI.properties
index 2727d4ada..becadfee7 100644
--- a/src/test/resources/esapi/ESAPI.properties
+++ b/src/test/resources/esapi/ESAPI.properties
@@ -331,8 +331,10 @@ HttpUtilities.ForceHttpOnlySession=false
 HttpUtilities.ForceSecureSession=false
 HttpUtilities.ForceHttpOnlyCookies=true
 HttpUtilities.ForceSecureCookies=true
-# Maximum size of HTTP headers
-HttpUtilities.MaxHeaderSize=4096
+# Maximum size of HTTP header key
+HttpUtilities.MaxHeaderKeySize=256
+# Maximum size of HTTP header value
+HttpUtilities.MaxHeaderValueSize=4096
 # File upload configuration
 HttpUtilities.ApprovedUploadExtensions=.zip,.pdf,.doc,.docx,.ppt,.pptx,.tar,.gz,.tgz,.rar,.war,.jar,.ear,.xls,.rtf,.properties,.java,.class,.txt,.xml,.jsp,.jsf,.exe,.dll
 HttpUtilities.MaxUploadFileBytes=500000000

From 005173a2892f0a9bacd2b8edd98843751008cd19 Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Fri, 21 Jul 2017 09:56:23 -0700
Subject: [PATCH 415/812] Added simple unit test to validate changes that made
 HTML entities always lower case.  Associated with issues #285 and #302.

---
 src/test/java/org/owasp/esapi/reference/EncoderTest.java | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/test/java/org/owasp/esapi/reference/EncoderTest.java b/src/test/java/org/owasp/esapi/reference/EncoderTest.java
index 6aad8c773..5bd553b25 100644
--- a/src/test/java/org/owasp/esapi/reference/EncoderTest.java
+++ b/src/test/java/org/owasp/esapi/reference/EncoderTest.java
@@ -469,6 +469,7 @@ public void testEncodeForLDAP() {
         assertEquals("No special characters to escape", "Hi This is a test #��", instance.encodeForLDAP("Hi This is a test #��"));
         assertEquals("Zeros", "Hi \\00", instance.encodeForLDAP("Hi \u0000"));
         assertEquals("LDAP Christams Tree", "Hi \\28This\\29 = is \\2a a \\5c test # � � �", instance.encodeForLDAP("Hi (This) = is * a \\ test # � � �"));
+        assertEquals("Hi \\28This\\29 =", instance.encodeForLDAP("Hi (This) ="));
     }
     
     /**
@@ -499,6 +500,14 @@ public void testEncodeForDN() {
         assertEquals("Christmas Tree DN", "\\ Hello\\\\ \\+ \\, \\\"World\\\" \\;\\ ", instance.encodeForDN(" Hello\\ + , \"World\" ; "));
     }
     
+    /**
+     * Longstanding issue of always lowercasing named HTML entities.  This will be set right now. 
+     */
+    public void testNamedUpperCaseDecoding(){
+    	String input = "&Uuml;";
+    	String expected = "Ü";
+    	assertEquals(expected, ESAPI.encoder().decodeForHTML(input));
+    }
     public void testEncodeForXMLNull() {
         Encoder instance = ESAPI.encoder();
         assertEquals(null, instance.encodeForXML(null));

From 4a7357d07ab46d7a659790200a22fd8085b5819e Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Fri, 21 Jul 2017 15:04:53 -0700
Subject: [PATCH 416/812] Issue #403 -- Converted SecurityWrapperResponse.java
 to get rid of magic numbers and to get header lengths from ESAPI.properties.

---
 .../filters/SecurityWrapperResponse.java      | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java b/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java
index 3d8796649..515bf7376 100644
--- a/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java
+++ b/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java
@@ -151,7 +151,8 @@ private String createCookieHeader(String name, String value, int maxAge, String
      */
     public void addDateHeader(String name, long date) {
         try {
-            String safeName = ESAPI.validator().getValidInput("safeSetDateHeader", name, "HTTPHeaderName", 20, false);
+        	SecurityConfiguration sc = ESAPI.securityConfiguration();
+            String safeName = ESAPI.validator().getValidInput("safeSetDateHeader", name, "HTTPHeaderName", sc.getIntProp("HttpUtilities.MaxHeaderKeySize"), false);
             getHttpServletResponse().addDateHeader(safeName, date);
         } catch (ValidationException e) {
             logger.warning(Logger.SECURITY_FAILURE, "Attempt to set invalid date header name denied", e);
@@ -184,13 +185,14 @@ public void addHeader(String name, String value) {
 
     /**
      * Add an int header to the response after ensuring that there are no
-     * encoded or illegal characters in the name and name.
+     * encoded or illegal characters in the name and value.
      * @param name 
      * @param value
      */
     public void addIntHeader(String name, int value) {
         try {
-            String safeName = ESAPI.validator().getValidInput("safeSetDateHeader", name, "HTTPHeaderName", 20, false);
+        	SecurityConfiguration sc = ESAPI.securityConfiguration();
+            String safeName = ESAPI.validator().getValidInput("safeSetDateHeader", name, "HTTPHeaderName", sc.getIntProp("HttpUtilities.MaxHeaderKeySize"), false);
             getHttpServletResponse().addIntHeader(safeName, value);
         } catch (ValidationException e) {
             logger.warning(Logger.SECURITY_FAILURE, "Attempt to set invalid int header name denied", e);
@@ -428,7 +430,8 @@ public void setContentType(String type) {
      */
     public void setDateHeader(String name, long date) {
         try {
-            String safeName = ESAPI.validator().getValidInput("safeSetDateHeader", name, "HTTPHeaderName", 20, false);
+        	SecurityConfiguration sc = ESAPI.securityConfiguration();
+            String safeName = ESAPI.validator().getValidInput("safeSetDateHeader", name, "HTTPHeaderName", sc.getIntProp("HttpUtilities.MaxHeaderKeySize"), false);
             getHttpServletResponse().setDateHeader(safeName, date);
         } catch (ValidationException e) {
             logger.warning(Logger.SECURITY_FAILURE, "Attempt to set invalid date header name denied", e);
@@ -448,8 +451,9 @@ public void setHeader(String name, String value) {
         try {
             String strippedName = StringUtilities.stripControls(name);
             String strippedValue = StringUtilities.stripControls(value);
-            String safeName = ESAPI.validator().getValidInput("setHeader", strippedName, "HTTPHeaderName", 50, false);
-            String safeValue = ESAPI.validator().getValidInput("setHeader", strippedValue, "HTTPHeaderValue", ESAPI.securityConfiguration().getMaxHttpHeaderSize(), false);
+            SecurityConfiguration sc = ESAPI.securityConfiguration();
+            String safeName = ESAPI.validator().getValidInput("setHeader", strippedName, "HTTPHeaderName", sc.getIntProp("HttpUtilities.MaxHeaderKeySize"), false);
+            String safeValue = ESAPI.validator().getValidInput("setHeader", strippedValue, "HTTPHeaderValue", sc.getIntProp("HttpUtilities.MaxHeaderValueSize"), false);
             getHttpServletResponse().setHeader(safeName, safeValue);
         } catch (ValidationException e) {
             logger.warning(Logger.SECURITY_FAILURE, "Attempt to set invalid header denied", e);
@@ -464,7 +468,8 @@ public void setHeader(String name, String value) {
      */
     public void setIntHeader(String name, int value) {
         try {
-            String safeName = ESAPI.validator().getValidInput("safeSetDateHeader", name, "HTTPHeaderName", 20, false);
+        	SecurityConfiguration sc = ESAPI.securityConfiguration();
+            String safeName = ESAPI.validator().getValidInput("safeSetDateHeader", name, "HTTPHeaderName", sc.getIntProp("HttpUtilities.MaxHeaderKeySize"), false);
             getHttpServletResponse().setIntHeader(safeName, value);
         } catch (ValidationException e) {
             logger.warning(Logger.SECURITY_FAILURE, "Attempt to set invalid int header name denied", e);

From 86ffb3d33a2846b9b0a3e34a1ca0461f6a680247 Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Fri, 21 Jul 2017 15:07:14 -0700
Subject: [PATCH 417/812] Issue #400 -- Added mocking framework to maven test
 baseline and completed first minor unit tests of SecurityWrapperResponse.

---
 pom.xml                                       | 38 ++++++++++++++-
 .../filters/SecurityWrapperResponseTest.java  | 46 +++++++++++++++++++
 2 files changed, 83 insertions(+), 1 deletion(-)
 create mode 100644 src/test/java/org/owasp/esapi/filters/SecurityWrapperResponseTest.java

diff --git a/pom.xml b/pom.xml
index b66f5ee1a..7bc646277 100644
--- a/pom.xml
+++ b/pom.xml
@@ -205,12 +205,48 @@
             <artifactId>batik-css</artifactId>
             <version>1.9</version>
         </dependency>
-		<dependency>
+		<!--  <dependency>
 		    <groupId>org.mockito</groupId>
 		    <artifactId>mockito-all</artifactId>
 		    <version>1.10.19</version>
 		    <scope>test</scope>
+		</dependency>-->
+		<!-- https://mvnrepository.com/artifact/org.powermock/powermock-api-mockito -->
+		<dependency>
+		    <groupId>org.powermock</groupId>
+		    <artifactId>powermock-api-mockito</artifactId>
+		    <version>1.7.0</version>
+		    <scope>test</scope>
+		</dependency>
+		<dependency>
+		    <groupId>org.powermock</groupId>
+		    <artifactId>powermock-module-junit4</artifactId>
+		    <version>1.7.0</version>
+		    <scope>test</scope>
 		</dependency>
+		<!-- https://mvnrepository.com/artifact/eu.codearte.catch-exception/catch-exception 
+		<dependency>
+		    <groupId>eu.codearte.catch-exception</groupId>
+		    <artifactId>catch-exception</artifactId>
+		    <version>1.4.6</version>
+		    <scope>test</scope>
+		</dependency>-->
+				
+		<!-- https://mvnrepository.com/artifact/org.powermock/powermock-core 
+		<dependency>
+		    <groupId>org.powermock</groupId>
+		    <artifactId>powermock-core</artifactId>
+		    <version>1.7.0</version>
+		    <scope>test</scope>
+		</dependency>-->
+		<!-- https://mvnrepository.com/artifact/org.powermock/powermock-api-easymock 
+		<dependency>
+		    <groupId>org.powermock</groupId>
+		    <artifactId>powermock-api-easymock</artifactId>
+		    <version>1.7.0</version>
+		    <scope>test</scope>
+		</dependency>-->
+		
     </dependencies>
 
     <build>
diff --git a/src/test/java/org/owasp/esapi/filters/SecurityWrapperResponseTest.java b/src/test/java/org/owasp/esapi/filters/SecurityWrapperResponseTest.java
new file mode 100644
index 000000000..01eb5aca8
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/filters/SecurityWrapperResponseTest.java
@@ -0,0 +1,46 @@
+package org.owasp.esapi.filters;
+
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.spy;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+import javax.servlet.http.HttpServletResponse;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Mockito;
+import org.owasp.esapi.util.TestUtils;
+import org.powermock.modules.junit4.PowerMockRunner;
+
+//@PrepareForTest({SecurityWrapperResponse.class})
+@RunWith(PowerMockRunner.class)
+public class SecurityWrapperResponseTest {
+	
+	@Test
+	public void testAddHeader(){
+		HttpServletResponse servResp = mock(HttpServletResponse.class);
+		SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
+		resp.addHeader("Foo", "bar");
+		verify(servResp, times(1)).addHeader("Foo", "bar");
+	}
+	
+	@Test
+	public void testAddHeaderInvalidValueLength(){
+		//refactor this to use a spy. 
+		HttpServletResponse servResp = mock(HttpServletResponse.class);
+		SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
+		SecurityWrapperResponse spyResp = spy(resp);
+		Mockito.doCallRealMethod().when(spyResp).addHeader("Foo", TestUtils.generateStringOfLength(4097));
+		resp.addHeader("Foo", TestUtils.generateStringOfLength(4097));
+		verify(servResp, times(0)).addHeader("Foo", "bar");
+	}
+	
+	@Test
+	public void testAddHeaderInvalidKeyLength(){
+		HttpServletResponse servResp = mock(HttpServletResponse.class);
+		SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
+		resp.addHeader(TestUtils.generateStringOfLength(257), "bar");
+		verify(servResp, times(0)).addHeader("Foo", "bar");
+	}
+}

From 7c90eb797c52f0d070c2edeebcab2c9781f7f389 Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Sun, 23 Jul 2017 11:24:22 -0700
Subject: [PATCH 418/812] Issue #400 -- added unit tests for addCookie method,
 implicitly tests a private method within the class as well.  I also converted
 the class under test to use configurable header length from
 securityConfiguration.

---
 .../filters/SecurityWrapperResponse.java      |  9 +-
 .../filters/SecurityWrapperResponseTest.java  | 84 ++++++++++++++++++-
 2 files changed, 88 insertions(+), 5 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java b/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java
index 515bf7376..019b26c0a 100644
--- a/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java
+++ b/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java
@@ -82,11 +82,12 @@ public void addCookie(Cookie cookie) {
         String domain = cookie.getDomain();
         String path = cookie.getPath();
         boolean secure = cookie.getSecure();
+        SecurityConfiguration sc = ESAPI.securityConfiguration();
 
         // validate the name and value
         ValidationErrorList errors = new ValidationErrorList();
-        String cookieName = ESAPI.validator().getValidInput("cookie name", name, "HTTPCookieName", 50, false, errors);
-        String cookieValue = ESAPI.validator().getValidInput("cookie value", value, "HTTPCookieValue", ESAPI.securityConfiguration().getMaxHttpHeaderSize(), false, errors);
+        String cookieName = ESAPI.validator().getValidInput("cookie name", name, "HTTPCookieName", sc.getIntProp("HttpUtilities.MaxHeaderKeySize"), false, errors);
+        String cookieValue = ESAPI.validator().getValidInput("cookie value", value, "HTTPCookieValue", sc.getIntProp("HttpUtilities.MaxHeaderValueSize"), false, errors);
 
         // if there are no errors, then just set a cookie header
         if (errors.size() == 0) {
@@ -134,10 +135,10 @@ private String createCookieHeader(String name, String value, int maxAge, String
         if (path != null) {
             header += "; Path=" + path;
         }
-        if ( secure || ESAPI.securityConfiguration().getForceSecureCookies() ) {
+        if ( secure || ESAPI.securityConfiguration().getBooleanProp("HttpUtilities.ForceSecureCookies") ) {
 			header += "; Secure";
         }
-        if ( ESAPI.securityConfiguration().getForceHttpOnlyCookies() ) {
+        if ( ESAPI.securityConfiguration().getBooleanProp("HttpUtilities.ForceHttpOnlyCookies") ) {
 			header += "; HttpOnly";
         }
         return header;
diff --git a/src/test/java/org/owasp/esapi/filters/SecurityWrapperResponseTest.java b/src/test/java/org/owasp/esapi/filters/SecurityWrapperResponseTest.java
index 01eb5aca8..ecbbad138 100644
--- a/src/test/java/org/owasp/esapi/filters/SecurityWrapperResponseTest.java
+++ b/src/test/java/org/owasp/esapi/filters/SecurityWrapperResponseTest.java
@@ -1,15 +1,20 @@
 package org.owasp.esapi.filters;
 
+import static org.junit.Assert.assertEquals;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
+
+import java.util.Collection;
+
+import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletResponse;
 
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mockito;
+import org.owasp.esapi.http.MockHttpServletResponse;
 import org.owasp.esapi.util.TestUtils;
 import org.powermock.modules.junit4.PowerMockRunner;
 
@@ -25,6 +30,24 @@ public void testAddHeader(){
 		verify(servResp, times(1)).addHeader("Foo", "bar");
 	}
 	
+	@Test
+	public void testAddDateHeader(){
+		HttpServletResponse servResp = mock(HttpServletResponse.class);
+		SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
+		long currentTime = System.currentTimeMillis();
+		resp.addDateHeader("Foo", currentTime);
+		verify(servResp, times(1)).addDateHeader("Foo", currentTime);
+	}
+	
+	@Test
+	public void testInvalidDateHeader(){
+		HttpServletResponse servResp = mock(HttpServletResponse.class);
+		SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
+		long currentTime = System.currentTimeMillis();
+		resp.addDateHeader("Foo\\r\\n", currentTime);
+		verify(servResp, times(0)).addDateHeader("Foo", currentTime);
+	}
+	
 	@Test
 	public void testAddHeaderInvalidValueLength(){
 		//refactor this to use a spy. 
@@ -43,4 +66,63 @@ public void testAddHeaderInvalidKeyLength(){
 		resp.addHeader(TestUtils.generateStringOfLength(257), "bar");
 		verify(servResp, times(0)).addHeader("Foo", "bar");
 	}
+	
+	@Test
+	public void testAddValidCookie(){
+		HttpServletResponse servResp = new MockHttpServletResponse();
+		servResp = spy(servResp);
+		SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
+		SecurityWrapperResponse spyResp = spy(resp);
+		Cookie cookie = new Cookie("Foo", TestUtils.generateStringOfLength(10));
+		Mockito.doCallRealMethod().when(spyResp).addCookie(cookie);
+		spyResp.addCookie(cookie);
+		/*
+		 * We're indirectly testing our class.  Since it ultimately
+		 * delegates to HttpServletResponse.addHeader, we're actually 
+		 * validating that our test method constructs a header with the
+		 * expected properties.  This implicitly tests the 
+		 * createCookieHeader method as well.
+		 */
+		verify(servResp, times(1)).addHeader("Set-Cookie", "Foo=aaaaaaaaaa; Secure; HttpOnly");
+	}
+	
+	@Test
+	public void testAddValidCookieWithDomain(){
+		HttpServletResponse servResp = new MockHttpServletResponse();
+		servResp = spy(servResp);
+		SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
+		SecurityWrapperResponse spyResp = spy(resp);
+		Cookie cookie = new Cookie("Foo", TestUtils.generateStringOfLength(10));
+		cookie.setDomain("evil.com");
+		Mockito.doCallRealMethod().when(spyResp).addCookie(cookie);
+		spyResp.addCookie(cookie);
+		verify(servResp, times(1)).addHeader("Set-Cookie", "Foo=aaaaaaaaaa; Domain=evil.com; Secure; HttpOnly");
+	}
+	
+	@Test
+	public void testAddValidCookieWithPath(){
+		HttpServletResponse servResp = new MockHttpServletResponse();
+		servResp = spy(servResp);
+		SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
+		SecurityWrapperResponse spyResp = spy(resp);
+		Cookie cookie = new Cookie("Foo", TestUtils.generateStringOfLength(10));
+		cookie.setDomain("evil.com");
+		cookie.setPath("/foo/bar");
+		Mockito.doCallRealMethod().when(spyResp).addCookie(cookie);
+		spyResp.addCookie(cookie);
+		verify(servResp, times(1)).addHeader("Set-Cookie", "Foo=aaaaaaaaaa; Domain=evil.com; Path=/foo/bar; Secure; HttpOnly");
+	}
+	
+	@Test
+	public void testAddInValidCookie(){
+		HttpServletResponse servResp = new MockHttpServletResponse();
+		servResp = spy(servResp);
+		SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
+		SecurityWrapperResponse spyResp = spy(resp);
+		Cookie cookie = new Cookie("Foo", TestUtils.generateStringOfLength(5000));
+		Mockito.doCallRealMethod().when(spyResp).addCookie(cookie);
+		
+		spyResp.addCookie(cookie);
+		verify(servResp, times(0)).addHeader("Set-Cookie", "Foo=" + TestUtils.generateStringOfLength(5000) + "; Secure; HttpOnly");
+	}
 }

From f97a93ab7498579ce79488ee63f48e63b93ae4f2 Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Mon, 24 Jul 2017 14:53:02 -0700
Subject: [PATCH 419/812] Issue #400 -- Added more unit tests.  Also did work
 for #403, as well as #383.

---
 .../esapi/filters/SecurityWrapperRequest.java |  6 ++-
 .../filters/SecurityWrapperResponse.java      | 42 ++++++++++++------
 .../filters/SecurityWrapperResponseTest.java  | 27 ++++++++++++
 .../owasp/esapi/reference/EncoderTest.java    |  1 +
 .../owasp/esapi/reference/ValidatorTest.java  | 44 ++++++++-----------
 .../java/org/owasp/esapi/util/TestUtils.java  | 14 ++++++
 src/test/resources/esapi/ESAPI.properties     |  9 ++--
 7 files changed, 98 insertions(+), 45 deletions(-)
 create mode 100644 src/test/java/org/owasp/esapi/util/TestUtils.java

diff --git a/src/main/java/org/owasp/esapi/filters/SecurityWrapperRequest.java b/src/main/java/org/owasp/esapi/filters/SecurityWrapperRequest.java
index c267361c2..3f6a53f3c 100644
--- a/src/main/java/org/owasp/esapi/filters/SecurityWrapperRequest.java
+++ b/src/main/java/org/owasp/esapi/filters/SecurityWrapperRequest.java
@@ -35,8 +35,9 @@
 
 import org.owasp.esapi.ESAPI;
 import org.owasp.esapi.Logger;
-import org.owasp.esapi.errors.ValidationException;
+import org.owasp.esapi.SecurityConfiguration;
 import org.owasp.esapi.errors.AccessControlException;
+import org.owasp.esapi.errors.ValidationException;
 
 // TODO: Parameterize these various lengths in calls to ESAPI.validator().getValidInput()
 // so that they can be placed in ESAPI.properties file (or other property file,
@@ -217,10 +218,11 @@ public String getHeader(String name) {
     public Enumeration getHeaderNames() {
         Vector<String> v = new Vector<String>();
         Enumeration en = getHttpServletRequest().getHeaderNames();
+        SecurityConfiguration sc = ESAPI.securityConfiguration();
         while (en.hasMoreElements()) {
             try {
                 String name = (String) en.nextElement();
-                String clean = ESAPI.validator().getValidInput("HTTP header name: " + name, name, "HTTPHeaderName", 150, true);
+                String clean = ESAPI.validator().getValidInput("HTTP header name: " + name, name, "HTTPHeaderName", sc.getIntProp("HttpUtilities.MaxHeaderNameSize"), true);
                 v.add(clean);
             } catch (ValidationException e) {
                 // already logged
diff --git a/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java b/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java
index 019b26c0a..82e629557 100644
--- a/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java
+++ b/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java
@@ -86,7 +86,7 @@ public void addCookie(Cookie cookie) {
 
         // validate the name and value
         ValidationErrorList errors = new ValidationErrorList();
-        String cookieName = ESAPI.validator().getValidInput("cookie name", name, "HTTPCookieName", sc.getIntProp("HttpUtilities.MaxHeaderKeySize"), false, errors);
+        String cookieName = ESAPI.validator().getValidInput("cookie name", name, "HTTPCookieName", sc.getIntProp("HttpUtilities.MaxHeaderNameSize"), false, errors);
         String cookieValue = ESAPI.validator().getValidInput("cookie value", value, "HTTPCookieValue", sc.getIntProp("HttpUtilities.MaxHeaderValueSize"), false, errors);
 
         // if there are no errors, then just set a cookie header
@@ -153,7 +153,7 @@ private String createCookieHeader(String name, String value, int maxAge, String
     public void addDateHeader(String name, long date) {
         try {
         	SecurityConfiguration sc = ESAPI.securityConfiguration();
-            String safeName = ESAPI.validator().getValidInput("safeSetDateHeader", name, "HTTPHeaderName", sc.getIntProp("HttpUtilities.MaxHeaderKeySize"), false);
+            String safeName = ESAPI.validator().getValidInput("safeSetDateHeader", name, "HTTPHeaderName", sc.getIntProp("HttpUtilities.MaxHeaderNameSize"), false);
             getHttpServletResponse().addDateHeader(safeName, date);
         } catch (ValidationException e) {
             logger.warning(Logger.SECURITY_FAILURE, "Attempt to set invalid date header name denied", e);
@@ -176,7 +176,7 @@ public void addHeader(String name, String value) {
         	SecurityConfiguration sc = ESAPI.securityConfiguration();
             String strippedName = StringUtilities.stripControls(name);
             String strippedValue = StringUtilities.stripControls(value);
-            String safeName = ESAPI.validator().getValidInput("addHeader", strippedName, "HTTPHeaderName", sc.getIntProp("HttpUtilities.MaxHeaderKeySize"), false);
+            String safeName = ESAPI.validator().getValidInput("addHeader", strippedName, "HTTPHeaderName", sc.getIntProp("HttpUtilities.MaxHeaderNameSize"), false);
             String safeValue = ESAPI.validator().getValidInput("addHeader", strippedValue, "HTTPHeaderValue", sc.getIntProp("HttpUtilities.MaxHeaderValueSize"), false);
             getHttpServletResponse().addHeader(safeName, safeValue);
         } catch (ValidationException e) {
@@ -193,7 +193,7 @@ public void addHeader(String name, String value) {
     public void addIntHeader(String name, int value) {
         try {
         	SecurityConfiguration sc = ESAPI.securityConfiguration();
-            String safeName = ESAPI.validator().getValidInput("safeSetDateHeader", name, "HTTPHeaderName", sc.getIntProp("HttpUtilities.MaxHeaderKeySize"), false);
+            String safeName = ESAPI.validator().getValidInput("safeSetDateHeader", name, "HTTPHeaderName", sc.getIntProp("HttpUtilities.MaxHeaderNameSize"), false);
             getHttpServletResponse().addIntHeader(safeName, value);
         } catch (ValidationException e) {
             logger.warning(Logger.SECURITY_FAILURE, "Attempt to set invalid int header name denied", e);
@@ -353,24 +353,38 @@ public void resetBuffer() {
 
     /**
      * Override the error code with a 200 in order to confound attackers using
-     * automated scanners.
-     * @param sc 
+     * automated scanners.  Overwriting is controlled by {@code HttpUtilities.OverwriteStatusCodes}
+     * in ESAPI.properties. 
+     * @param sc -- http status code
      * @throws IOException
      */
     public void sendError(int sc) throws IOException {
-        getHttpServletResponse().sendError(HttpServletResponse.SC_OK, getHTTPMessage(sc));
+    	SecurityConfiguration config = ESAPI.securityConfiguration();
+    	if(config.getBooleanProp("HttpUtilities.OverwriteStatusCodes")){
+    		getHttpServletResponse().sendError(HttpServletResponse.SC_OK, getHTTPMessage(sc));
+    	}else{
+    		getHttpServletResponse().sendError(sc, getHTTPMessage(sc));
+    	}
+        
     }
 
     /**
      * Override the error code with a 200 in order to confound attackers using
      * automated scanners. The message is canonicalized and filtered for
-     * dangerous characters.
-     * @param sc 
-     * @param msg
+     * dangerous characters.  Overwriting is controlled by {@code HttpUtilities.OverwriteStatusCodes}
+     * in ESAPI.properties.  
+     * @param sc -- http status code
+     * @param msg -- error message
      * @throws IOException
      */
     public void sendError(int sc, String msg) throws IOException {
-        getHttpServletResponse().sendError(HttpServletResponse.SC_OK, ESAPI.encoder().encodeForHTML(msg));
+    	SecurityConfiguration config = ESAPI.securityConfiguration();
+    	if(config.getBooleanProp("HttpUtilities.OverwriteStatusCodes")){
+    		getHttpServletResponse().sendError(HttpServletResponse.SC_OK, ESAPI.encoder().encodeForHTML(msg));
+    	}else{
+    		getHttpServletResponse().sendError(sc, ESAPI.encoder().encodeForHTML(msg));
+    	}
+        
     }
 
     /**
@@ -432,7 +446,7 @@ public void setContentType(String type) {
     public void setDateHeader(String name, long date) {
         try {
         	SecurityConfiguration sc = ESAPI.securityConfiguration();
-            String safeName = ESAPI.validator().getValidInput("safeSetDateHeader", name, "HTTPHeaderName", sc.getIntProp("HttpUtilities.MaxHeaderKeySize"), false);
+            String safeName = ESAPI.validator().getValidInput("safeSetDateHeader", name, "HTTPHeaderName", sc.getIntProp("HttpUtilities.MaxHeaderNameSize"), false);
             getHttpServletResponse().setDateHeader(safeName, date);
         } catch (ValidationException e) {
             logger.warning(Logger.SECURITY_FAILURE, "Attempt to set invalid date header name denied", e);
@@ -453,7 +467,7 @@ public void setHeader(String name, String value) {
             String strippedName = StringUtilities.stripControls(name);
             String strippedValue = StringUtilities.stripControls(value);
             SecurityConfiguration sc = ESAPI.securityConfiguration();
-            String safeName = ESAPI.validator().getValidInput("setHeader", strippedName, "HTTPHeaderName", sc.getIntProp("HttpUtilities.MaxHeaderKeySize"), false);
+            String safeName = ESAPI.validator().getValidInput("setHeader", strippedName, "HTTPHeaderName", sc.getIntProp("HttpUtilities.MaxHeaderNameSize"), false);
             String safeValue = ESAPI.validator().getValidInput("setHeader", strippedValue, "HTTPHeaderValue", sc.getIntProp("HttpUtilities.MaxHeaderValueSize"), false);
             getHttpServletResponse().setHeader(safeName, safeValue);
         } catch (ValidationException e) {
@@ -470,7 +484,7 @@ public void setHeader(String name, String value) {
     public void setIntHeader(String name, int value) {
         try {
         	SecurityConfiguration sc = ESAPI.securityConfiguration();
-            String safeName = ESAPI.validator().getValidInput("safeSetDateHeader", name, "HTTPHeaderName", sc.getIntProp("HttpUtilities.MaxHeaderKeySize"), false);
+            String safeName = ESAPI.validator().getValidInput("safeSetDateHeader", name, "HTTPHeaderName", sc.getIntProp("HttpUtilities.MaxHeaderNameSize"), false);
             getHttpServletResponse().setIntHeader(safeName, value);
         } catch (ValidationException e) {
             logger.warning(Logger.SECURITY_FAILURE, "Attempt to set invalid int header name denied", e);
diff --git a/src/test/java/org/owasp/esapi/filters/SecurityWrapperResponseTest.java b/src/test/java/org/owasp/esapi/filters/SecurityWrapperResponseTest.java
index ecbbad138..c61a20a20 100644
--- a/src/test/java/org/owasp/esapi/filters/SecurityWrapperResponseTest.java
+++ b/src/test/java/org/owasp/esapi/filters/SecurityWrapperResponseTest.java
@@ -67,6 +67,33 @@ public void testAddHeaderInvalidKeyLength(){
 		verify(servResp, times(0)).addHeader("Foo", "bar");
 	}
 	
+	@Test
+	public void testAddIntHeader(){
+		HttpServletResponse servResp = mock(HttpServletResponse.class);
+		SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
+		resp.addIntHeader("aaaa", 4);
+		verify(servResp, times(1)).addIntHeader("aaaa", 4);
+	}
+	
+	@Test
+	public void testAddInvalidIntHeader(){
+		HttpServletResponse servResp = mock(HttpServletResponse.class);
+		SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
+		resp.addIntHeader(TestUtils.generateStringOfLength(257), Integer.MIN_VALUE);
+		verify(servResp, times(0)).addIntHeader(TestUtils.generateStringOfLength(257), Integer.MIN_VALUE);
+	}
+	
+	@Test
+	public void testContainsHeader(){
+		HttpServletResponse servResp = new MockHttpServletResponse();
+		servResp = spy(servResp);
+		SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
+		resp = spy(resp);
+		resp.addIntHeader("aaaa", Integer.MIN_VALUE);
+		verify(servResp, times(1)).addIntHeader("aaaa", Integer.MIN_VALUE);
+		assertEquals(true, servResp.containsHeader("aaaa"));
+	}
+	
 	@Test
 	public void testAddValidCookie(){
 		HttpServletResponse servResp = new MockHttpServletResponse();
diff --git a/src/test/java/org/owasp/esapi/reference/EncoderTest.java b/src/test/java/org/owasp/esapi/reference/EncoderTest.java
index 5bd553b25..45702ced4 100644
--- a/src/test/java/org/owasp/esapi/reference/EncoderTest.java
+++ b/src/test/java/org/owasp/esapi/reference/EncoderTest.java
@@ -508,6 +508,7 @@ public void testNamedUpperCaseDecoding(){
     	String expected = "Ü";
     	assertEquals(expected, ESAPI.encoder().decodeForHTML(input));
     }
+    
     public void testEncodeForXMLNull() {
         Encoder instance = ESAPI.encoder();
         assertEquals(null, instance.encodeForXML(null));
diff --git a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
index e10b47e48..c98620320 100644
--- a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
+++ b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
@@ -25,6 +25,7 @@
 import org.owasp.esapi.http.MockHttpServletResponse;
 import org.owasp.esapi.reference.validation.HTMLValidationRule;
 import org.owasp.esapi.reference.validation.StringValidationRule;
+import org.owasp.esapi.util.TestUtils;
 
 import javax.servlet.http.Cookie;
 import java.io.*;
@@ -592,10 +593,11 @@ public void testisValidInput() {
         assertTrue(instance.isValidInput("test", "jeffWILLIAMS123", "HTTPParameterValue", 100, false));
         assertTrue(instance.isValidInput("test", "jeff .-/+=@_ WILLIAMS", "HTTPParameterValue", 100, false));
         // Removed per Issue 116 - The '*' character is valid as a parameter character
-//        assertFalse(instance.isValidInput("test", "jeff*WILLIAMS", "HTTPParameterValue", 100, false));
+//        assertFalse(instance.isValidInput("test", "jeff*WILLIAMS", "HTTPParameterValue", 100, false))
+        System.err.println(instance.isValidInput("test", "jeff\\WILLIAMS", "HTTPParameterValue", 100, false));;
         assertFalse(instance.isValidInput("test", "jeff^WILLIAMS", "HTTPParameterValue", 100, false));
         assertFalse(instance.isValidInput("test", "jeff\\WILLIAMS", "HTTPParameterValue", 100, false));
-
+        
         assertTrue(instance.isValidInput("test", null, "Email", 100, true));
         assertFalse(instance.isValidInput("test", null, "Email", 100, false));
 
@@ -1005,11 +1007,11 @@ public void testGetParameterMap() {
 //an example of a parameter from displaytag, should pass
         request.addParameter("d-49653-p", "pass");
         request.addParameter("<img ", "fail");
-        request.addParameter(generateStringOfLength(32), "pass");
-        request.addParameter(generateStringOfLength(33), "fail");
+        request.addParameter(TestUtils.generateStringOfLength(32), "pass");
+        request.addParameter(TestUtils.generateStringOfLength(33), "fail");
         assertEquals(safeRequest.getParameterMap().size(), 2);
         assertNull(safeRequest.getParameterMap().get("<img"));
-        assertNull(safeRequest.getParameterMap().get(generateStringOfLength(33)));
+        assertNull(safeRequest.getParameterMap().get(TestUtils.generateStringOfLength(33)));
     }
 
     public void testGetParameterNames() {
@@ -1019,8 +1021,8 @@ public void testGetParameterNames() {
 //an example of a parameter from displaytag, should pass
         request.addParameter("d-49653-p", "pass");
         request.addParameter("<img ", "fail");
-        request.addParameter(generateStringOfLength(32), "pass");
-        request.addParameter(generateStringOfLength(33), "fail");
+        request.addParameter(TestUtils.generateStringOfLength(32), "pass");
+        request.addParameter(TestUtils.generateStringOfLength(33), "fail");
         assertEquals(Collections.list(safeRequest.getParameterNames()).size(), 2);
     }
 
@@ -1079,8 +1081,8 @@ public void testGetHeader() {
         SecurityWrapperRequest safeRequest = new SecurityWrapperRequest(request);
         request.addHeader("p1", "login");
         request.addHeader("f1", "<A HREF=\"http://0x42.0x0000066.0x7.0x93/\">XSS</A>");
-        request.addHeader("p2", generateStringOfLength(200));   // Upper limit increased from 150 -> 200, GitHub issue #351
-        request.addHeader("f2", generateStringOfLength(201));
+        request.addHeader("p2", TestUtils.generateStringOfLength(200));   // Upper limit increased from 150 -> 200, GitHub issue #351
+        request.addHeader("f2", TestUtils.generateStringOfLength(201));
         assertEquals(safeRequest.getHeader("p1"), request.getHeader("p1"));
         assertEquals(safeRequest.getHeader("p2"), request.getHeader("p2"));
         assertFalse(safeRequest.getHeader("f1").equals(request.getHeader("f1")));
@@ -1091,8 +1093,8 @@ public void testGetHeader() {
     public void testHeaderLengthChecks(){
     	Validator v = ESAPI.validator();
     	SecurityConfiguration sc = ESAPI.securityConfiguration();
-    	assertFalse(v.isValidInput("addHeader", generateStringOfLength(257), "HTTPHeaderName", sc.getIntProp("HttpUtilities.MaxHeaderKeySize"), false));
-    	assertFalse(v.isValidInput("addHeader", generateStringOfLength(4097), "HTTPHeaderValue", sc.getIntProp("HttpUtilities.MaxHeaderValueSize"), false));
+    	assertFalse(v.isValidInput("addHeader", TestUtils.generateStringOfLength(257), "HTTPHeaderName", sc.getIntProp("HttpUtilities.MaxHeaderNameSize"), false));
+    	assertFalse(v.isValidInput("addHeader", TestUtils.generateStringOfLength(4097), "HTTPHeaderValue", sc.getIntProp("HttpUtilities.MaxHeaderValueSize"), false));
     }
 
     public void testGetHeaderNames() {
@@ -1102,11 +1104,12 @@ public void testGetHeaderNames() {
         request.addHeader("d-49653-p", "pass");
         request.addHeader("<img ", "fail");
             // Note: Max length in ESAPI.properties as per
-            // Validator.HTTPHeaderName regex is 50, but upper
-            // bound of 150 imposed by SecurityRequestWrapper.
-        request.addHeader(generateStringOfLength(50), "pass");
-        request.addHeader(generateStringOfLength(51), "fail");
-        assertEquals(Collections.list(safeRequest.getHeaderNames()).size(), 2);
+            // Validator.HTTPHeaderName regex is 256, but upper
+            // bound is configurable by the property HttpUtilities.MaxHeaderNameSize
+        SecurityConfiguration sc = ESAPI.securityConfiguration();
+        request.addHeader(TestUtils.generateStringOfLength(255), "pass");
+        request.addHeader(TestUtils.generateStringOfLength(257), "fail");
+        assertEquals(2, Collections.list(safeRequest.getHeaderNames()).size());
     }
 
     public void testGetQueryString() {
@@ -1134,15 +1137,6 @@ public void testGetRequestURI() {
         assertEquals(safeRequest.getRequestURI(), request.getRequestURI());
     }
 
-    private String generateStringOfLength(int length) {
-        assert length >= 0 : "length must be >= 0";
-        StringBuilder longString = new StringBuilder(length);
-        for (int i = 0; i < length; i++) {
-            longString.append("a");
-        }
-        return longString.toString();
-    }
-
     public void testGetContextPath() {
         // Root Context Path ("")
         assertTrue(ESAPI.validator().isValidInput("HTTPContextPath", "", "HTTPContextPath", 512, true));
diff --git a/src/test/java/org/owasp/esapi/util/TestUtils.java b/src/test/java/org/owasp/esapi/util/TestUtils.java
new file mode 100644
index 000000000..f7f117fc5
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/util/TestUtils.java
@@ -0,0 +1,14 @@
+package org.owasp.esapi.util;
+
+public class TestUtils {
+
+	public static String generateStringOfLength(int length) {
+	    assert length >= 0 : "length must be >= 0";
+	    StringBuilder longString = new StringBuilder(length);
+	    for (int i = 0; i < length; i++) {
+	        longString.append("a");
+	    }
+	    return longString.toString();
+	}
+
+}
diff --git a/src/test/resources/esapi/ESAPI.properties b/src/test/resources/esapi/ESAPI.properties
index becadfee7..1ff0c4e65 100644
--- a/src/test/resources/esapi/ESAPI.properties
+++ b/src/test/resources/esapi/ESAPI.properties
@@ -332,7 +332,7 @@ HttpUtilities.ForceSecureSession=false
 HttpUtilities.ForceHttpOnlyCookies=true
 HttpUtilities.ForceSecureCookies=true
 # Maximum size of HTTP header key
-HttpUtilities.MaxHeaderKeySize=256
+HttpUtilities.MaxHeaderNameSize=256
 # Maximum size of HTTP header value
 HttpUtilities.MaxHeaderValueSize=4096
 # File upload configuration
@@ -345,7 +345,8 @@ HttpUtilities.ResponseContentType=text/html; charset=UTF-8
 # This is the name of the cookie used to represent the HTTP session
 # Typically this will be the default "JSESSIONID" 
 HttpUtilities.HttpSessionIdName=JSESSIONID
-
+#Sets whether or not will will overwrite http status codes to 200.
+HttpUtilities.OverwriteStatusCodes=true
 
 
 #===========================================================================
@@ -447,8 +448,8 @@ Validator.HTTPScheme=^(http|https)$
 Validator.HTTPServerName=^[a-zA-Z0-9_.\\-]*$
 Validator.HTTPCookieName=^[a-zA-Z0-9\\-_]{1,32}$
 Validator.HTTPCookieValue=^[a-zA-Z0-9\\-\\/+=_ ]*$
-# Note that max header name capped at 150 in SecurityRequestWrapper!
-Validator.HTTPHeaderName=^[a-zA-Z0-9\\-_]{1,50}$
+# Note that headerName and Value length is also configured in the HTTPUtilities section
+Validator.HTTPHeaderName=^[a-zA-Z0-9\\-_]{1,256}$
 Validator.HTTPHeaderValue=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$
 Validator.HTTPServletPath=^[a-zA-Z0-9.\\-\\/_]*$
 Validator.HTTPPath=^[a-zA-Z0-9.\\-_]*$

From 5c0e1de2ba09a2f606d26740a70a35fbe42a5090 Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Mon, 24 Jul 2017 17:22:24 -0700
Subject: [PATCH 420/812] Issue #400 -- Added more unit tests for
 SecurityWrapperResponse.

---
 .../filters/SecurityWrapperResponse.java      | 19 ++++++++--
 .../filters/SecurityWrapperResponseTest.java  | 37 +++++++++++++++++++
 src/test/resources/esapi/ESAPI.properties     |  3 +-
 3 files changed, 54 insertions(+), 5 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java b/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java
index 82e629557..343a44396 100644
--- a/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java
+++ b/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java
@@ -418,7 +418,8 @@ public void setBufferSize(int size) {
      * @param charset
      */
     public void setCharacterEncoding(String charset) {
-        getHttpServletResponse().setCharacterEncoding(ESAPI.securityConfiguration().getCharacterEncoding());
+    	SecurityConfiguration sc = ESAPI.securityConfiguration();
+        getHttpServletResponse().setCharacterEncoding(sc.getStringProp("HttpUtilities.CharacterEncoding"));
     }
 
     /**
@@ -506,7 +507,13 @@ public void setLocale(Locale loc) {
      * @param sc
      */
     public void setStatus(int sc) {
-        getHttpServletResponse().setStatus(HttpServletResponse.SC_OK);
+    	SecurityConfiguration config = ESAPI.securityConfiguration();
+    	if(config.getBooleanProp("HttpUtilities.OverwriteStatusCodes")){
+    		getHttpServletResponse().setStatus(HttpServletResponse.SC_OK);
+    	}else{
+    		getHttpServletResponse().setStatus(sc);
+    	}
+        
     }
 
     /**
@@ -520,8 +527,12 @@ public void setStatus(int sc) {
     @Deprecated
     public void setStatus(int sc, String sm) {
         try {
-            // setStatus is deprecated so use sendError instead
-            sendError(HttpServletResponse.SC_OK, sm);
+        	SecurityConfiguration config = ESAPI.securityConfiguration();
+        	if(config.getBooleanProp("HttpUtilities.OverwriteStatusCodes")){
+        		sendError(HttpServletResponse.SC_OK, sm);
+        	}else{
+        		sendError(sc, sm);
+        	}
         } catch (IOException e) {
             logger.warning(Logger.SECURITY_FAILURE, "Attempt to set response status failed", e);
         }
diff --git a/src/test/java/org/owasp/esapi/filters/SecurityWrapperResponseTest.java b/src/test/java/org/owasp/esapi/filters/SecurityWrapperResponseTest.java
index c61a20a20..8811f99f5 100644
--- a/src/test/java/org/owasp/esapi/filters/SecurityWrapperResponseTest.java
+++ b/src/test/java/org/owasp/esapi/filters/SecurityWrapperResponseTest.java
@@ -121,6 +121,7 @@ public void testAddValidCookieWithDomain(){
 		SecurityWrapperResponse spyResp = spy(resp);
 		Cookie cookie = new Cookie("Foo", TestUtils.generateStringOfLength(10));
 		cookie.setDomain("evil.com");
+		cookie.setMaxAge(-1);
 		Mockito.doCallRealMethod().when(spyResp).addCookie(cookie);
 		spyResp.addCookie(cookie);
 		verify(servResp, times(1)).addHeader("Set-Cookie", "Foo=aaaaaaaaaa; Domain=evil.com; Secure; HttpOnly");
@@ -152,4 +153,40 @@ public void testAddInValidCookie(){
 		spyResp.addCookie(cookie);
 		verify(servResp, times(0)).addHeader("Set-Cookie", "Foo=" + TestUtils.generateStringOfLength(5000) + "; Secure; HttpOnly");
 	}
+	
+	@Test
+	public void testSendError() throws Exception{
+		HttpServletResponse servResp = new MockHttpServletResponse();
+		servResp = spy(servResp);
+		SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
+		SecurityWrapperResponse spyResp = spy(resp);
+		Mockito.doCallRealMethod().when(spyResp).sendError(200);
+		spyResp.sendError(200);
+		
+		verify(servResp, times(1)).sendError(200, "HTTP error code: 200");;
+	}
+	
+	@Test
+	public void testSendStatus() throws Exception{
+		HttpServletResponse servResp = new MockHttpServletResponse();
+		servResp = spy(servResp);
+		SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
+		SecurityWrapperResponse spyResp = spy(resp);
+		Mockito.doCallRealMethod().when(spyResp).setStatus(200);;
+		spyResp.setStatus(200);
+		
+		verify(servResp, times(1)).setStatus(200);;
+	}
+	
+	@Test
+	public void testSendStatusWithString() throws Exception{
+		HttpServletResponse servResp = new MockHttpServletResponse();
+		servResp = spy(servResp);
+		SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
+		SecurityWrapperResponse spyResp = spy(resp);
+		Mockito.doCallRealMethod().when(spyResp).setStatus(200, "foo");;
+		spyResp.setStatus(200, "foo");
+		
+		verify(servResp, times(1)).sendError(200, "foo");;
+	}
 }
diff --git a/src/test/resources/esapi/ESAPI.properties b/src/test/resources/esapi/ESAPI.properties
index 1ff0c4e65..6e4bc6246 100644
--- a/src/test/resources/esapi/ESAPI.properties
+++ b/src/test/resources/esapi/ESAPI.properties
@@ -347,7 +347,8 @@ HttpUtilities.ResponseContentType=text/html; charset=UTF-8
 HttpUtilities.HttpSessionIdName=JSESSIONID
 #Sets whether or not will will overwrite http status codes to 200.
 HttpUtilities.OverwriteStatusCodes=true
-
+#Sets the application's base character encoding.  This is forked from the Java Encryptor property.
+HttpUtilities.CharacterEncoding=UTF-8
 
 #===========================================================================
 # ESAPI Executor

From f73b9dbb7b1460b669f68231d8cefee9ac39881a Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Mon, 24 Jul 2017 17:41:32 -0700
Subject: [PATCH 421/812] Issue #400 -- Got unit test coverage up to 65.5%

---
 .../filters/SecurityWrapperResponse.java      |  1 -
 .../filters/SecurityWrapperResponseTest.java  | 38 ++++++++++++++++++-
 2 files changed, 37 insertions(+), 2 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java b/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java
index 343a44396..c1de913c4 100644
--- a/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java
+++ b/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java
@@ -384,7 +384,6 @@ public void sendError(int sc, String msg) throws IOException {
     	}else{
     		getHttpServletResponse().sendError(sc, ESAPI.encoder().encodeForHTML(msg));
     	}
-        
     }
 
     /**
diff --git a/src/test/java/org/owasp/esapi/filters/SecurityWrapperResponseTest.java b/src/test/java/org/owasp/esapi/filters/SecurityWrapperResponseTest.java
index 8811f99f5..478f0b050 100644
--- a/src/test/java/org/owasp/esapi/filters/SecurityWrapperResponseTest.java
+++ b/src/test/java/org/owasp/esapi/filters/SecurityWrapperResponseTest.java
@@ -39,6 +39,40 @@ public void testAddDateHeader(){
 		verify(servResp, times(1)).addDateHeader("Foo", currentTime);
 	}
 	
+	@Test
+	public void testSetDateHeader(){
+		HttpServletResponse servResp = mock(HttpServletResponse.class);
+		SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
+		long currentTime = System.currentTimeMillis();
+		resp.setDateHeader("Foo", currentTime);
+		verify(servResp, times(1)).setDateHeader("Foo", currentTime);
+	}
+	
+	@Test
+	public void testSetInvalidDateHeader(){
+		HttpServletResponse servResp = mock(HttpServletResponse.class);
+		SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
+		long currentTime = System.currentTimeMillis();
+		resp.setDateHeader("<scr", currentTime);
+		verify(servResp, times(0)).setDateHeader("<scr", currentTime);
+	}
+	
+	@Test
+	public void testSetHeader(){
+		HttpServletResponse servResp = mock(HttpServletResponse.class);
+		SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
+		resp.setHeader("foo", "bar");
+		verify(servResp, times(1)).setHeader("foo", "bar");
+	}
+	
+	@Test
+	public void testSetInvalidHeader(){
+		HttpServletResponse servResp = mock(HttpServletResponse.class);
+		SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
+		resp.setHeader("foo", "<script>alert</script>");
+		verify(servResp, times(0)).setHeader("foo", "<script>alert</script>");
+	}
+	
 	@Test
 	public void testInvalidDateHeader(){
 		HttpServletResponse servResp = mock(HttpServletResponse.class);
@@ -101,8 +135,10 @@ public void testAddValidCookie(){
 		SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
 		SecurityWrapperResponse spyResp = spy(resp);
 		Cookie cookie = new Cookie("Foo", TestUtils.generateStringOfLength(10));
+		cookie.setMaxAge(5000);
 		Mockito.doCallRealMethod().when(spyResp).addCookie(cookie);
 		spyResp.addCookie(cookie);
+		
 		/*
 		 * We're indirectly testing our class.  Since it ultimately
 		 * delegates to HttpServletResponse.addHeader, we're actually 
@@ -110,7 +146,7 @@ public void testAddValidCookie(){
 		 * expected properties.  This implicitly tests the 
 		 * createCookieHeader method as well.
 		 */
-		verify(servResp, times(1)).addHeader("Set-Cookie", "Foo=aaaaaaaaaa; Secure; HttpOnly");
+		verify(servResp, times(1)).addHeader("Set-Cookie", "Foo=aaaaaaaaaa; Max-Age=5000; Secure; HttpOnly");
 	}
 	
 	@Test

From 271284e3c407e2be47d43062680e1fba6b058128 Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Mon, 24 Jul 2017 18:14:24 -0700
Subject: [PATCH 422/812] Issue #317 -- Fixed resource leak.  Special thanks to
 eamonn.

---
 .../owasp/esapi/waf/rules/BeanShellRule.java  | 71 ++++++++++---------
 1 file changed, 37 insertions(+), 34 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/waf/rules/BeanShellRule.java b/src/main/java/org/owasp/esapi/waf/rules/BeanShellRule.java
index ea0caa786..f90da574e 100644
--- a/src/main/java/org/owasp/esapi/waf/rules/BeanShellRule.java
+++ b/src/main/java/org/owasp/esapi/waf/rules/BeanShellRule.java
@@ -34,6 +34,7 @@
 
 /**
  * This is the Rule subclass executed for &lt;bean-shell-script&gt; rules.
+ *
  * @author Arshan Dabirsiaghi
  *
  */
@@ -42,43 +43,41 @@ public class BeanShellRule extends Rule {
 	private Interpreter i;
 	private String script;
 	private Pattern path;
-	
-	public BeanShellRule(String fileLocation, String id, Pattern path) throws IOException, EvalError { 
+
+	public BeanShellRule(String fileLocation, String id, Pattern path) throws IOException, EvalError {
 		i = new Interpreter();
 		i.set("logger", logger);
-		this.script = getFileContents( ESAPI.securityConfiguration().getResourceFile(fileLocation));
+		this.script = getFileContents(ESAPI.securityConfiguration().getResourceFile(fileLocation));
 		this.id = id;
 		this.path = path;
 	}
-	
-	public Action check(HttpServletRequest request,
-			InterceptingHTTPServletResponse response, 
+
+	public Action check(HttpServletRequest request, InterceptingHTTPServletResponse response,
 			HttpServletResponse httpResponse) {
 
 		/*
 		 * Early fail: if the URL doesn't match one we're interested in.
 		 */
-		
-		if ( path != null && ! path.matcher(request.getRequestURI()).matches() ) {
+
+		if (path != null && !path.matcher(request.getRequestURI()).matches()) {
 			return new DoNothingAction();
 		}
-		
+
 		/*
-		 * Run the beanshell that we've already parsed
-		 * and pre-compiled. Populate the "request"
-		 * and "response" objects so the script has
+		 * Run the beanshell that we've already parsed and pre-compiled.
+		 * Populate the "request" and "response" objects so the script has
 		 * access to the same variables we do here.
 		 */
-		
+
 		try {
-		
+
 			Action a = null;
-			
+
 			i.set("action", a);
 			i.set("request", request);
-			
-			if ( response != null ) {
-				i.set("response", response);	
+
+			if (response != null) {
+				i.set("response", response);
 			} else {
 				i.set("response", httpResponse);
 			}
@@ -86,31 +85,35 @@ public Action check(HttpServletRequest request,
 			i.set("session", request.getSession());
 			i.eval(script);
 
-			a = (Action)i.get("action");
-	
-			if ( a != null ) {
+			a = (Action) i.get("action");
+
+			if (a != null) {
 				return a;
 			}
-			
+
 		} catch (EvalError e) {
-			log(request,"Error running custom beanshell rule (" + id + ") - " + e.getMessage());
+			log(request, "Error running custom beanshell rule (" + id + ") - " + e.getMessage());
 		}
-	
+
 		return new DoNothingAction();
 	}
-	
+
 	private String getFileContents(File f) throws IOException {
-		
-		FileReader fr = new FileReader(f);
 		StringBuffer sb = new StringBuffer();
-		String line;
-		BufferedReader br = new BufferedReader(fr);
-		
-		while( (line=br.readLine()) != null ) {
-			sb.append(line + System.getProperty("line.separator"));
+		BufferedReader br = null;
+
+		try {
+			br = new BufferedReader(new FileReader(f));
+			String line;
+			while ((line = br.readLine()) != null) {
+				sb.append(line + System.getProperty("line.separator"));
+			}
+
+		} finally {
+			if (br != null) {
+				br.close();
+			}
 		}
-		
 		return sb.toString();
 	}
-
 }

From 9177ca3034b1af7fb7cd95a6433338b0b3a0ec03 Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Tue, 25 Jul 2017 20:51:55 -0700
Subject: [PATCH 423/812] Issue #327 -- got rid of misleading HTML entity in
 URL regex.

---
 configuration/esapi/validation.properties | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/configuration/esapi/validation.properties b/configuration/esapi/validation.properties
index 433fa0b6b..dd24e46c3 100644
--- a/configuration/esapi/validation.properties
+++ b/configuration/esapi/validation.properties
@@ -23,7 +23,7 @@
 Validator.SafeString=^[.\\p{Alnum}\\p{Space}]{0,1024}$
 Validator.Email=^[A-Za-z0-9._%'-]+@[A-Za-z0-9.-]+\\.[a-zA-Z]{2,4}$
 Validator.IPAddress=^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$
-Validator.URL=^(ht|f)tp(s?)\\:\\/\\/[0-9a-zA-Z]([-.\\w]*[0-9a-zA-Z])*(:(0-9)*)*(\\/?)([a-zA-Z0-9\\-\\.\\?\\,\\:\\'\\/\\\\\\+=&amp;%\\$#_]*)?$
+Validator.URL=^(ht|f)tp(s?)\\:\\/\\/[0-9a-zA-Z]([-.\\w]*[0-9a-zA-Z])*(:(0-9)*)*(\\/?)([a-zA-Z0-9\\-\\.\\?\\,\\:\\'\\/\\\\\\+=&;%\\$#_]*)?$
 Validator.CreditCard=^(\\d{4}[- ]?){3}\\d{4}$
 Validator.SSN=^(?!000)([0-6]\\d{2}|7([0-6]\\d|7[012]))([ -]?)(?!00)\\d\\d\\3(?!0000)\\d{4}$
 

From 158c78924d624e26ea8a0110a50371420ad4e2ab Mon Sep 17 00:00:00 2001
From: adetlefsen-rms <augustd@codemagi.com>
Date: Thu, 27 Jul 2017 12:32:27 -0700
Subject: [PATCH 424/812] Update AntiSamy and XOM versions

---
 pom.xml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pom.xml b/pom.xml
index 7bc646277..40386fbf6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -174,9 +174,9 @@
             <type>jar</type>
         </dependency>
         <dependency>
-            <groupId>xom</groupId>
+            <groupId>com.io7m.xom</groupId>
             <artifactId>xom</artifactId>
-            <version>1.2.5</version>
+            <version>1.2.10</version>
         </dependency>
         <dependency>
             <groupId>org.beanshell</groupId>
@@ -186,7 +186,7 @@
         <dependency>
             <groupId>org.owasp.antisamy</groupId>
             <artifactId>antisamy</artifactId>
-            <version>1.5.5</version>
+            <version>1.5.6</version>
         </dependency>
         <!-- The following is only a TRANSITIVE dependency used by antisamy.
              Antisamy uses 2.7.0, which has unpatched vulnerability

From 28f2028e3e8340147b8fce116d2706167ac0dff5 Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Fri, 28 Jul 2017 05:32:42 -0700
Subject: [PATCH 425/812] Issue #292 && Issue #403 -- Updated default regex
 size for jsessionid from 30 to 32, and refactored related classes to NOT use
 magic numbers.

---
 .../esapi/filters/SecurityWrapperRequest.java | 70 +++++++++++--------
 .../owasp/esapi/reference/ValidatorTest.java  |  2 +-
 src/test/resources/esapi/ESAPI.properties     | 25 ++++++-
 3 files changed, 65 insertions(+), 32 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/filters/SecurityWrapperRequest.java b/src/main/java/org/owasp/esapi/filters/SecurityWrapperRequest.java
index 3f6a53f3c..095069918 100644
--- a/src/main/java/org/owasp/esapi/filters/SecurityWrapperRequest.java
+++ b/src/main/java/org/owasp/esapi/filters/SecurityWrapperRequest.java
@@ -127,13 +127,13 @@ public String getContentType() {
      */
     public String getContextPath() {
         String path = getHttpServletRequest().getContextPath();
-
+        SecurityConfiguration sc = ESAPI.securityConfiguration();
 		//Return empty String for the ROOT context
 		if (path == null || "".equals(path.trim())) return "";
 
         String clean = "";
         try {
-            clean = ESAPI.validator().getValidInput("HTTP context path: " + path, path, "HTTPContextPath", 150, false);
+            clean = ESAPI.validator().getValidInput("HTTP context path: " + path, path, "HTTPContextPath", sc.getIntProp("HttpUtilities.contextPathLength"), false);
         } catch (ValidationException e) {
             // already logged
         }
@@ -148,14 +148,14 @@ public String getContextPath() {
     public Cookie[] getCookies() {
         Cookie[] cookies = getHttpServletRequest().getCookies();
         if (cookies == null) return new Cookie[0];
-        
+        SecurityConfiguration sc = ESAPI.securityConfiguration();
         List<Cookie> newCookies = new ArrayList<Cookie>();
         for (Cookie c : cookies) {
             // build a new clean cookie
             try {
                 // get data from original cookie
-                String name = ESAPI.validator().getValidInput("Cookie name: " + c.getName(), c.getName(), "HTTPCookieName", 150, true);
-                String value = ESAPI.validator().getValidInput("Cookie value: " + c.getValue(), c.getValue(), "HTTPCookieValue", 1000, true);
+                String name = ESAPI.validator().getValidInput("Cookie name: " + c.getName(), c.getName(), "HTTPCookieName", sc.getIntProp("HttpUtilities.MaxHeaderNameSize"), true);
+                String value = ESAPI.validator().getValidInput("Cookie value: " + c.getValue(), c.getValue(), "HTTPCookieValue", sc.getIntProp("HttpUtilities.MaxHeaderValueSize"), true);
                 int maxAge = c.getMaxAge();
                 String domain = c.getDomain();
                 String path = c.getPath();
@@ -167,11 +167,11 @@ public Cookie[] getCookies() {
                     // kww TODO: HTTPHeaderValue seems way too liberal of a regex for cookie domain
                     // as it allows invalid characters for a domain name. Maybe create a new custom
                     // HTTPCookieDomain regex???
-                    n.setDomain(ESAPI.validator().getValidInput("Cookie domain: " + domain, domain, "HTTPHeaderValue", 200, false));
+                    n.setDomain(ESAPI.validator().getValidInput("Cookie domain: " + domain, domain, "HTTPHeaderValue", sc.getIntProp("HttpUtilities.MaxHeaderValueSize"), false));
                 }
                 if (path != null) {
                     // kww TODO: OPEN ISSUE: Would not HTTPServletPath make more sense here???
-                    n.setPath(ESAPI.validator().getValidInput("Cookie path: " + path, path, "HTTPHeaderValue", 200, false));
+                    n.setPath(ESAPI.validator().getValidInput("Cookie path: " + path, path, "HTTPHeaderValue", sc.getIntProp("HttpUtilities.MaxHeaderValueSize"), false));
                 }
                 newCookies.add(n);
             } catch (ValidationException e) {
@@ -202,8 +202,9 @@ public long getDateHeader(String name) {
     public String getHeader(String name) {
         String value = getHttpServletRequest().getHeader(name);
         String clean = "";
+        SecurityConfiguration sc = ESAPI.securityConfiguration();
         try {
-            clean = ESAPI.validator().getValidInput("HTTP header value: " + value, value, "HTTPHeaderValue", 200, true);
+            clean = ESAPI.validator().getValidInput("HTTP header value: " + value, value, "HTTPHeaderValue", sc.getIntProp("HttpUtilities.MaxHeaderValueSize"), true);
         } catch (ValidationException e) {
             // already logged
         }
@@ -241,10 +242,11 @@ public Enumeration getHeaderNames() {
     public Enumeration getHeaders(String name) {
         Vector<String> v = new Vector<String>();
         Enumeration en = getHttpServletRequest().getHeaders(name);
+        SecurityConfiguration sc = ESAPI.securityConfiguration();
         while (en.hasMoreElements()) {
             try {
                 String value = (String) en.nextElement();
-                String clean = ESAPI.validator().getValidInput("HTTP header value (" + name + "): " + value, value, "HTTPHeaderValue", 200, true);
+                String clean = ESAPI.validator().getValidInput("HTTP header value (" + name + "): " + value, value, "HTTPHeaderValue", sc.getIntProp("HttpUtilities.httpQueryParamValueLength"), true);
                 v.add(clean);
             } catch (ValidationException e) {
                 // already logged
@@ -345,7 +347,8 @@ public String getParameter(String name) {
      * @return The "scrubbed" parameter value.
      */
     public String getParameter(String name, boolean allowNull) {
-        return getParameter(name, allowNull, 2000, "HTTPParameterValue");
+    	SecurityConfiguration sc = ESAPI.securityConfiguration();
+        return getParameter(name, allowNull, sc.getIntProp("HttpUtilities.httpQueryParamValueLength"), "HTTPParameterValue");
     }
 
     /**
@@ -393,12 +396,13 @@ public Map getParameterMap() {
             try {
                 Map.Entry e = (Map.Entry) o;
                 String name = (String) e.getKey();
-                String cleanName = ESAPI.validator().getValidInput("HTTP parameter name: " + name, name, "HTTPParameterName", 100, true);
-
+                SecurityConfiguration sc = ESAPI.securityConfiguration();
+                String cleanName = ESAPI.validator().getValidInput("HTTP parameter name: " + name, name, "HTTPParameterName", sc.getIntProp("HttpUtilities.httpQueryParamNameLength"), true);
+                
                 String[] value = (String[]) e.getValue();
                 String[] cleanValues = new String[value.length];
                 for (int j = 0; j < value.length; j++) {
-                    String cleanValue = ESAPI.validator().getValidInput("HTTP parameter value: " + value[j], value[j], "HTTPParameterValue", 2000, true);
+                    String cleanValue = ESAPI.validator().getValidInput("HTTP parameter value: " + value[j], value[j], "HTTPParameterValue", sc.getIntProp("HttpUtilities.httpQueryParamValueLength"), true);
                     cleanValues[j] = cleanValue;
                 }
                 cleanMap.put(cleanName, cleanValues);
@@ -419,8 +423,9 @@ public Enumeration getParameterNames() {
         Enumeration en = getHttpServletRequest().getParameterNames();
         while (en.hasMoreElements()) {
             try {
+            	SecurityConfiguration sc = ESAPI.securityConfiguration();
                 String name = (String) en.nextElement();
-                String clean = ESAPI.validator().getValidInput("HTTP parameter name: " + name, name, "HTTPParameterName", 150, true);
+                String clean = ESAPI.validator().getValidInput("HTTP parameter name: " + name, name, "HTTPParameterName", sc.getIntProp("HttpUtilities.httpQueryParamNameLength"), true);
                 v.add(clean);
             } catch (ValidationException e) {
                 // already logged
@@ -444,9 +449,10 @@ public String[] getParameterValues(String name) {
 	if(values == null)
 		return null;
         newValues = new ArrayList<String>();
+        SecurityConfiguration sc = ESAPI.securityConfiguration();
         for (String value : values) {
             try {
-                String cleanValue = ESAPI.validator().getValidInput("HTTP parameter value: " + value, value, "HTTPParameterValue", 2000, true);
+                String cleanValue = ESAPI.validator().getValidInput("HTTP parameter value: " + value, value, "HTTPParameterValue", sc.getIntProp("HttpUtilities.URILENGTH"), true);
                 newValues.add(cleanValue);
             } catch (ValidationException e) {
                 logger.warning(Logger.SECURITY_FAILURE, "Skipping bad parameter");
@@ -465,8 +471,9 @@ public String getPathInfo() {
         String path = getHttpServletRequest().getPathInfo();
 		if (path == null) return null;
         String clean = "";
+        SecurityConfiguration sc = ESAPI.securityConfiguration();
         try {
-            clean = ESAPI.validator().getValidInput("HTTP path: " + path, path, "HTTPPath", 150, true);
+            clean = ESAPI.validator().getValidInput("HTTP path: " + path, path, "HTTPPath", sc.getIntProp("HttpUtilities.HTTPPATHLENGTH"), true);
         } catch (ValidationException e) {
             // already logged
         }
@@ -500,8 +507,9 @@ public String getProtocol() {
     public String getQueryString() {
         String query = getHttpServletRequest().getQueryString();
         String clean = "";
+        SecurityConfiguration sc = ESAPI.securityConfiguration();
         try {
-            clean = ESAPI.validator().getValidInput("HTTP query string: " + query, query, "HTTPQueryString", 2000, true);
+            clean = ESAPI.validator().getValidInput("HTTP query string: " + query, query, "HTTPQueryString", sc.getIntProp("HttpUtilities.URILENGTH"), true);
         } catch (ValidationException e) {
             // already logged
         }
@@ -591,8 +599,9 @@ public RequestDispatcher getRequestDispatcher(String path) {
     public String getRequestedSessionId() {
         String id = getHttpServletRequest().getRequestedSessionId();
         String clean = "";
+        SecurityConfiguration sc = ESAPI.securityConfiguration();
         try {
-            clean = ESAPI.validator().getValidInput("Requested cookie: " + id, id, "HTTPJSESSIONID", 50, false);
+            clean = ESAPI.validator().getValidInput("Requested cookie: " + id, id, "HTTPJSESSIONID", sc.getIntProp("HttpUtilities.HTTPJSESSIONIDLENGTH"), false);
         } catch (ValidationException e) {
             // already logged
         }
@@ -607,8 +616,9 @@ public String getRequestedSessionId() {
     public String getRequestURI() {
         String uri = getHttpServletRequest().getRequestURI();
         String clean = "";
+        SecurityConfiguration sc = ESAPI.securityConfiguration();
         try {
-            clean = ESAPI.validator().getValidInput("HTTP URI: " + uri, uri, "HTTPURI", 2000, false);
+            clean = ESAPI.validator().getValidInput("HTTP URI: " + uri, uri, "HTTPURI", sc.getIntProp("HttpUtilities.URILENGTH"), false);
         } catch (ValidationException e) {
             // already logged
         }
@@ -623,8 +633,9 @@ public String getRequestURI() {
     public StringBuffer getRequestURL() {
         String url = getHttpServletRequest().getRequestURL().toString();
         String clean = "";
+        SecurityConfiguration sc = ESAPI.securityConfiguration();
         try {
-            clean = ESAPI.validator().getValidInput("HTTP URL: " + url, url, "HTTPURL", 2000, false);
+            clean = ESAPI.validator().getValidInput("HTTP URL: " + url, url, "HTTPURL", sc.getIntProp("HttpUtilities.URILENGTH"), false);
         } catch (ValidationException e) {
             // already logged
         }
@@ -639,8 +650,9 @@ public StringBuffer getRequestURL() {
     public String getScheme() {
         String scheme = getHttpServletRequest().getScheme();
         String clean = "";
+        SecurityConfiguration sc = ESAPI.securityConfiguration();
         try {
-            clean = ESAPI.validator().getValidInput("HTTP scheme: " + scheme, scheme, "HTTPScheme", 10, false);
+            clean = ESAPI.validator().getValidInput("HTTP scheme: " + scheme, scheme, "HTTPScheme", sc.getIntProp("HttpUtilities.HTTPSCHEMELENGTH"), false);
         } catch (ValidationException e) {
             // already logged
         }
@@ -655,8 +667,9 @@ public String getScheme() {
     public String getServerName() {
         String name = getHttpServletRequest().getServerName();
         String clean = "";
+        SecurityConfiguration sc = ESAPI.securityConfiguration();
         try {
-            clean = ESAPI.validator().getValidInput("HTTP server name: " + name, name, "HTTPServerName", 100, false);
+            clean = ESAPI.validator().getValidInput("HTTP server name: " + name, name, "HTTPServerName", sc.getIntProp("HttpUtilities.HTTPHOSTLENGTH"), false);
         } catch (ValidationException e) {
             // already logged
         }
@@ -686,8 +699,9 @@ public int getServerPort() {
     public String getServletPath() {
         String path = getHttpServletRequest().getServletPath();
         String clean = "";
+        SecurityConfiguration sc = ESAPI.securityConfiguration();
         try {
-            clean = ESAPI.validator().getValidInput("HTTP servlet path: " + path, path, "HTTPServletPath", 100, false);
+            clean = ESAPI.validator().getValidInput("HTTP servlet path: " + path, path, "HTTPServletPath", sc.getIntProp("HttpUtilities.HTTPSERVLETPATHLENGTH"), false);
         } catch (ValidationException e) {
             // already logged
         }
@@ -703,10 +717,10 @@ public HttpSession getSession() {
 		HttpSession session = getHttpServletRequest().getSession();
 
 		// send a new cookie header with HttpOnly on first and second responses
-	    if (ESAPI.securityConfiguration().getForceHttpOnlySession()) {
+	    if (ESAPI.securityConfiguration().getBooleanProp("HttpUtilities.ForceHttpOnlySession")) {
 	        if (session.getAttribute("HTTP_ONLY") == null) {
 				session.setAttribute("HTTP_ONLY", "set");
-				Cookie cookie = new Cookie(ESAPI.securityConfiguration().getHttpSessionIdName(), session.getId());
+				Cookie cookie = new Cookie(ESAPI.securityConfiguration().getStringProp("HttpUtilities.HttpSessionIdName"), session.getId());
 				cookie.setPath( getHttpServletRequest().getContextPath() );
 				cookie.setMaxAge(-1); // session cookie
 	            HttpServletResponse response = ESAPI.currentResponse();
@@ -731,10 +745,10 @@ public HttpSession getSession(boolean create) {
         }
 
         // send a new cookie header with HttpOnly on first and second responses
-        if (ESAPI.securityConfiguration().getForceHttpOnlySession()) {
+        if (ESAPI.securityConfiguration().getBooleanProp("HttpUtilities.ForceHttpOnlySession")) {
 	        if (session.getAttribute("HTTP_ONLY") == null) {
 	            session.setAttribute("HTTP_ONLY", "set");
-	            Cookie cookie = new Cookie(ESAPI.securityConfiguration().getHttpSessionIdName(), session.getId());
+	            Cookie cookie = new Cookie(ESAPI.securityConfiguration().getStringProp("HttpUtilities.HttpSessionIdName"), session.getId());
 	            cookie.setMaxAge(-1); // session cookie
 	            cookie.setPath( getHttpServletRequest().getContextPath() );
 	            HttpServletResponse response = ESAPI.currentResponse();
@@ -835,7 +849,7 @@ public void setAttribute(String name, Object o) {
      * @throws UnsupportedEncodingException
      */
     public void setCharacterEncoding(String enc) throws UnsupportedEncodingException {
-        getHttpServletRequest().setCharacterEncoding(ESAPI.securityConfiguration().getCharacterEncoding());
+        getHttpServletRequest().setCharacterEncoding(ESAPI.securityConfiguration().getStringProp("HttpUtilities.CharacterEncoding"));
     }
 
     public String getAllowableContentRoot() {
diff --git a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
index c98620320..f5a8fb330 100644
--- a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
+++ b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
@@ -1082,7 +1082,7 @@ public void testGetHeader() {
         request.addHeader("p1", "login");
         request.addHeader("f1", "<A HREF=\"http://0x42.0x0000066.0x7.0x93/\">XSS</A>");
         request.addHeader("p2", TestUtils.generateStringOfLength(200));   // Upper limit increased from 150 -> 200, GitHub issue #351
-        request.addHeader("f2", TestUtils.generateStringOfLength(201));
+        request.addHeader("f2", TestUtils.generateStringOfLength(4097));
         assertEquals(safeRequest.getHeader("p1"), request.getHeader("p1"));
         assertEquals(safeRequest.getHeader("p2"), request.getHeader("p2"));
         assertFalse(safeRequest.getHeader("f1").equals(request.getHeader("f1")));
diff --git a/src/test/resources/esapi/ESAPI.properties b/src/test/resources/esapi/ESAPI.properties
index 6e4bc6246..f77fcd433 100644
--- a/src/test/resources/esapi/ESAPI.properties
+++ b/src/test/resources/esapi/ESAPI.properties
@@ -331,10 +331,28 @@ HttpUtilities.ForceHttpOnlySession=false
 HttpUtilities.ForceSecureSession=false
 HttpUtilities.ForceHttpOnlyCookies=true
 HttpUtilities.ForceSecureCookies=true
-# Maximum size of HTTP header key
+# Maximum size of HTTP header key--the validator regex may have additional values. 
 HttpUtilities.MaxHeaderNameSize=256
-# Maximum size of HTTP header value
+# Maximum size of HTTP header value--the validator regex may have additional values. 
 HttpUtilities.MaxHeaderValueSize=4096
+# Maximum size of JSESSIONID for the application--the validator regex may have additional values.  
+HttpUtilities.HTTPJSESSIONIDLENGTH=50
+# Maximum length of a URL (see https://stackoverflow.com/questions/417142/what-is-the-maximum-length-of-a-url-in-different-browsers)
+HttpUtilities.URILENGTH=2000
+# Maximum length for an http scheme
+HttpUtilities.HTTPSCHEMELENGTH=10
+# Maximum length for an http host
+HttpUtilities.HTTPHOSTLENGTH=100
+# Maximum length for an http path
+HttpUtilities.HTTPPATHLENGTH=150
+#Maximum length for a context path 
+HttpUtilities.contextPathLength=150
+#Maximum length for an httpServletPath 
+HttpUtilities.HTTPSERVLETPATHLENGTH=100
+#Maximum length for an http query parameter name
+HttpUtilities.httpQueryParamNameLength=100
+#Maximum length for an http query parameter -- old default was 2000, but that's the max length for a URL...
+HttpUtilities.httpQueryParamValueLength=500
 # File upload configuration
 HttpUtilities.ApprovedUploadExtensions=.zip,.pdf,.doc,.docx,.ppt,.pptx,.tar,.gz,.tgz,.rar,.war,.jar,.ear,.xls,.rtf,.properties,.java,.class,.txt,.xml,.jsp,.jsf,.exe,.dll
 HttpUtilities.MaxUploadFileBytes=500000000
@@ -455,7 +473,8 @@ Validator.HTTPHeaderValue=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$
 Validator.HTTPServletPath=^[a-zA-Z0-9.\\-\\/_]*$
 Validator.HTTPPath=^[a-zA-Z0-9.\\-_]*$
 Validator.HTTPURL=^.*$
-Validator.HTTPJSESSIONID=^[A-Z0-9]{10,30}$
+Validator.HTTPJSESSIONID=^[A-Z0-9]{10,32}$
+
 
 # Contributed by Fraenku@gmx.ch
 # Googlecode Issue 116 (http://code.google.com/p/owasp-esapi-java/issues/detail?id=116)

From f6a054a04253d0bad816a153a74d5c2cebe6d001 Mon Sep 17 00:00:00 2001
From: "Kevin W. Wall" <kevin.w.wall@gmail.com>
Date: Fri, 28 Jul 2017 20:56:26 -0400
Subject: [PATCH 426/812] Update README.md

Add reference to ESR's "How to Ask Questions the Smart Way" in section on reporting issues.
---
 README.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/README.md b/README.md
index 01d1c6db4..33d8a62aa 100644
--- a/README.md
+++ b/README.md
@@ -33,6 +33,8 @@ In mid-2014 ESAPI Migrated all code to GitHub. This migration was completed in N
 ### What about the issues still located on Google Code?
 All issues from Google Code have been migrated to GitHub issues. We have a JIRA/Confluence instance allocated to us, but it has not be configured to synchronize with the GitHub issues, and thus is should not be used. JIRA is fine, but if we can't have it synchronized with GitHub issues (which is where the majority of our users report issues), it is not usuable. As developers, we do not want to spent time having to close issues from multiple bug-tracking sites. Therefore, until this synchronization happens (see GitHub issue #371), please ONLY use GitHub for reporting bugs.
 
+When reporting an issue, please be clear and try to ensure that the ESAPI development team has sufficient information to be able to reproduce your results. If you have not already done son, this might be a good time to read Eric S. Raymond's classic "How to Ask Questions the Smart Way", at http://www.catb.org/esr/faqs/smart-questions.html before posting your issue.
+
 ### Find an Issue?
 If you have found a bug, then create an issue on the esapi-legacy-java repo: https://github.com/ESAPI/esapi-java-legacy/issues
 

From a2808f1ed4150042cc5e4c0a8b1824fe05246438 Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Fri, 28 Jul 2017 18:55:26 -0700
Subject: [PATCH 427/812] Issue #403 -- Added unit test to verify that
 properties we add are properly pulled back.  This might seem pedantic, but
 these properties are only available during runtime.

---
 .../DefaultSecurityConfigurationTest.java     | 39 +++++++++++++++++++
 1 file changed, 39 insertions(+)

diff --git a/src/test/java/org/owasp/esapi/reference/DefaultSecurityConfigurationTest.java b/src/test/java/org/owasp/esapi/reference/DefaultSecurityConfigurationTest.java
index 5171da6a5..38d9fd31a 100644
--- a/src/test/java/org/owasp/esapi/reference/DefaultSecurityConfigurationTest.java
+++ b/src/test/java/org/owasp/esapi/reference/DefaultSecurityConfigurationTest.java
@@ -12,6 +12,7 @@
 import org.junit.Test;
 import org.owasp.esapi.ESAPI;
 import org.owasp.esapi.Logger;
+import org.owasp.esapi.SecurityConfiguration;
 import org.owasp.esapi.errors.ConfigurationException;
 import org.owasp.esapi.reference.DefaultSecurityConfiguration.DefaultSearchPath;
 
@@ -437,4 +438,42 @@ public void DefaultSearchPathEnumChanges(){
 		int testValue = DefaultSearchPath.values().length;
 		assertEquals(expected, testValue);
 	}
+	
+	@Test
+	public void defaultPropertiesTest(){
+		SecurityConfiguration sc = ESAPI.securityConfiguration();
+//		# Maximum size of JSESSIONID for the application--the validator regex may have additional values.  
+//		HttpUtilities.HTTPJSESSIONIDLENGTH=50
+		assertEquals(50, sc.getIntProp("HttpUtilities.HTTPJSESSIONIDLENGTH"));
+//		# Maximum length of a URL (see https://stackoverflow.com/questions/417142/what-is-the-maximum-length-of-a-url-in-different-browsers)
+//		HttpUtilities.URILENGTH=2000
+		assertEquals(2000, sc.getIntProp("HttpUtilities.URILENGTH"));
+//		# Maximum length for an http scheme
+//		HttpUtilities.HTTPSCHEMELENGTH=10
+		assertEquals(10, sc.getIntProp("HttpUtilities.HTTPSCHEMELENGTH"));
+//		# Maximum length for an http host
+//		HttpUtilities.HTTPHOSTLENGTH=100
+		assertEquals(100, sc.getIntProp("HttpUtilities.HTTPHOSTLENGTH"));
+//		# Maximum length for an http path
+//		HttpUtilities.HTTPPATHLENGTH=150
+		assertEquals(150, sc.getIntProp("HttpUtilities.HTTPPATHLENGTH"));
+//		#Maximum length for a context path 
+//		HttpUtilities.contextPathLength=150
+		assertEquals(150, sc.getIntProp("HttpUtilities.contextPathLength"));
+//		#Maximum length for an httpServletPath 
+//		HttpUtilities.HTTPSERVLETPATHLENGTH=100
+		assertEquals(100, sc.getIntProp("HttpUtilities.HTTPSERVLETPATHLENGTH"));
+//		#Maximum length for an http query parameter name
+//		HttpUtilities.httpQueryParamNameLength=100
+		assertEquals(100, sc.getIntProp("HttpUtilities.httpQueryParamNameLength"));
+//		#Maximum length for an http query parameter -- old default was 2000, but that's the max length for a URL...
+//		HttpUtilities.httpQueryParamValueLength=500
+		assertEquals(500, sc.getIntProp("HttpUtilities.httpQueryParamValueLength"));
+//		# Maximum size of HTTP header key--the validator regex may have additional values. 
+//		HttpUtilities.MaxHeaderNameSize=256
+		assertEquals(256, sc.getIntProp("HttpUtilities.MaxHeaderNameSize"));
+//		# Maximum size of HTTP header value--the validator regex may have additional values. 
+//		HttpUtilities.MaxHeaderValueSize=4096
+		assertEquals(4096, sc.getIntProp("HttpUtilities.MaxHeaderValueSize"));
+	}
 }

From e6a6cb6dd38693df042ead7b7d649354275cbb0c Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Sat, 29 Jul 2017 09:57:28 -0700
Subject: [PATCH 428/812] Issue #297 -- changed classloader reference in
 DefaultAccessController.

---
 .../org/owasp/esapi/reference/DefaultSecurityConfiguration.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
index bf2a79696..ca7c08d25 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
@@ -194,7 +194,7 @@ public static SecurityConfiguration getInstance() {
     public static final String DEFAULT_LOG_IMPLEMENTATION = "org.owasp.esapi.reference.JavaLogFactory";
     public static final String DEFAULT_AUTHENTICATION_IMPLEMENTATION = "org.owasp.esapi.reference.FileBasedAuthenticator";
     public static final String DEFAULT_ENCODER_IMPLEMENTATION = "org.owasp.esapi.reference.DefaultEncoder";
-    public static final String DEFAULT_ACCESS_CONTROL_IMPLEMENTATION = "org.owasp.esapi.reference.accesscontrol.DefaultAccessController";
+    public static final String DEFAULT_ACCESS_CONTROL_IMPLEMENTATION = "org.owasp.esapi.reference.DefaultAccessController";
     public static final String DEFAULT_ENCRYPTION_IMPLEMENTATION = "org.owasp.esapi.reference.crypto.JavaEncryptor";
     public static final String DEFAULT_INTRUSION_DETECTION_IMPLEMENTATION = "org.owasp.esapi.reference.DefaultIntrusionDetector";
     public static final String DEFAULT_RANDOMIZER_IMPLEMENTATION = "org.owasp.esapi.reference.DefaultRandomizer";

From 20f00ac5f168aff2dbaa5bed7a1dee3c7ffa46cc Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Sat, 29 Jul 2017 12:03:48 -0700
Subject: [PATCH 429/812] Issue #403 -- uncovered the last magic number calls. 
 This part of the issue is done!

---
 .../org/owasp/esapi/reference/DefaultHTTPUtilities.java  | 5 +++--
 .../esapi/reference/DefaultSecurityConfiguration.java    | 2 +-
 .../java/org/owasp/esapi/reference/DefaultValidator.java | 9 ++++++---
 .../reference/DefaultSecurityConfigurationTest.java      | 3 +++
 src/test/resources/esapi/ESAPI.properties                | 2 ++
 5 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java b/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java
index 13732ee79..2dc1e3666 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java
@@ -872,10 +872,11 @@ public void setCurrentHTTP(HttpServletRequest request, HttpServletResponse respo
      */
     public void setHeader(HttpServletResponse response, String name, String value) {
         try {
+        	SecurityConfiguration sc = ESAPI.securityConfiguration();
             String strippedName = StringUtilities.replaceLinearWhiteSpace(name);
             String strippedValue = StringUtilities.replaceLinearWhiteSpace(value);
-            String safeName = ESAPI.validator().getValidInput("setHeader", strippedName, "HTTPHeaderName", 50, false);
-            String safeValue = ESAPI.validator().getValidInput("setHeader", strippedValue, "HTTPHeaderValue", 500, false);
+            String safeName = ESAPI.validator().getValidInput("setHeader", strippedName, "HTTPHeaderName", sc.getIntProp("HttpUtilities.MaxHeaderNameSize"), false);
+            String safeValue = ESAPI.validator().getValidInput("setHeader", strippedValue, "HTTPHeaderValue", sc.getIntProp("HttpUtilities.MaxHeaderValueSize"), false);
             response.setHeader(safeName, safeValue);
         } catch (ValidationException e) {
             logger.warning(Logger.SECURITY_FAILURE, "Attempt to set invalid header denied", e);
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
index ca7c08d25..d1792c40d 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
@@ -1063,7 +1063,7 @@ public boolean getForceSecureCookies() {
 	 * {@inheritDoc}
 	 */
 	public int getMaxHttpHeaderSize() {
-        return getESAPIProperty( MAX_HTTP_HEADER_SIZE, 4096 );
+        return getESAPIProperty( MAX_HTTP_HEADER_SIZE, 4096);
 	}
 
     /**
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultValidator.java b/src/main/java/org/owasp/esapi/reference/DefaultValidator.java
index 7b45f1d26..074b44dd1 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultValidator.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultValidator.java
@@ -1097,14 +1097,16 @@ public String getValidPrintable(String context, String input,int maxLength, bool
 	 * Returns true if input is a valid redirect location.
 	 */
 	public boolean isValidRedirectLocation(String context, String input, boolean allowNull) throws IntrusionException {
-		return ESAPI.validator().isValidInput( context, input, "Redirect", 512, allowNull);
+		SecurityConfiguration sc = ESAPI.securityConfiguration();
+		return ESAPI.validator().isValidInput( context, input, "Redirect", sc.getIntProp("HttpUtilities.maxRedirectLength"), allowNull);
 	}
 
         /**
 	 * Returns true if input is a valid redirect location.
 	 */
 	public boolean isValidRedirectLocation(String context, String input, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
-		return ESAPI.validator().isValidInput( context, input, "Redirect", 512, allowNull, errors);
+		SecurityConfiguration sc = ESAPI.securityConfiguration();
+		return ESAPI.validator().isValidInput( context, input, "Redirect", sc.getIntProp("HttpUtilities.maxRedirectLength"), allowNull, errors);
 	}
 
 
@@ -1113,7 +1115,8 @@ public boolean isValidRedirectLocation(String context, String input, boolean all
 	 * will generate a descriptive IntrusionException.
 	 */
 	public String getValidRedirectLocation(String context, String input, boolean allowNull) throws ValidationException, IntrusionException {
-		return ESAPI.validator().getValidInput( context, input, "Redirect", 512, allowNull);
+		SecurityConfiguration sc = ESAPI.securityConfiguration();
+		return ESAPI.validator().getValidInput( context, input, "Redirect", sc.getIntProp("HttpUtilities.maxRedirectLength"), allowNull);
 	}
 
 	/**
diff --git a/src/test/java/org/owasp/esapi/reference/DefaultSecurityConfigurationTest.java b/src/test/java/org/owasp/esapi/reference/DefaultSecurityConfigurationTest.java
index 38d9fd31a..14d7bab6e 100644
--- a/src/test/java/org/owasp/esapi/reference/DefaultSecurityConfigurationTest.java
+++ b/src/test/java/org/owasp/esapi/reference/DefaultSecurityConfigurationTest.java
@@ -475,5 +475,8 @@ public void defaultPropertiesTest(){
 //		# Maximum size of HTTP header value--the validator regex may have additional values. 
 //		HttpUtilities.MaxHeaderValueSize=4096
 		assertEquals(4096, sc.getIntProp("HttpUtilities.MaxHeaderValueSize"));
+//		# Maximum length of a redirect 
+//		HttpUtilities.maxRedirectLength=512
+		assertEquals(512, sc.getIntProp("HttpUtilities.maxRedirectLength"));
 	}
 }
diff --git a/src/test/resources/esapi/ESAPI.properties b/src/test/resources/esapi/ESAPI.properties
index f77fcd433..9003ff97a 100644
--- a/src/test/resources/esapi/ESAPI.properties
+++ b/src/test/resources/esapi/ESAPI.properties
@@ -339,6 +339,8 @@ HttpUtilities.MaxHeaderValueSize=4096
 HttpUtilities.HTTPJSESSIONIDLENGTH=50
 # Maximum length of a URL (see https://stackoverflow.com/questions/417142/what-is-the-maximum-length-of-a-url-in-different-browsers)
 HttpUtilities.URILENGTH=2000
+# Maximum length of a redirect 
+HttpUtilities.maxRedirectLength=512
 # Maximum length for an http scheme
 HttpUtilities.HTTPSCHEMELENGTH=10
 # Maximum length for an http host

From 7696ebc32b6870b70d07c2b6462f2e223f731f1c Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Sat, 29 Jul 2017 23:18:49 -0700
Subject: [PATCH 430/812] Issue #403 -- checkpoint on getting basic unit tests
 to pass.  Not working in maven yet...

---
 src/main/java/org/owasp/esapi/ESAPI.java      |  20 +-
 .../owasp/esapi/SecurityConfiguration.java    | 541 +-----------------
 .../org/owasp/esapi/crypto/CipherSpec.java    |   4 +-
 .../org/owasp/esapi/crypto/CipherText.java    |   4 +-
 .../org/owasp/esapi/crypto/CryptoHelper.java  |   2 +-
 .../org/owasp/esapi/crypto/CryptoToken.java   |   6 +-
 .../esapi/crypto/KeyDerivationFunction.java   |   4 +-
 .../esapi/crypto/SecurityProviderLoader.java  |   2 +-
 .../errors/EnterpriseSecurityException.java   |   4 +-
 .../EnterpriseSecurityRuntimeException.java   |   4 +-
 .../reference/AbstractAuthenticator.java      |   4 +-
 .../owasp/esapi/reference/DefaultEncoder.java |   8 +-
 .../esapi/reference/DefaultHTTPUtilities.java |  14 +-
 .../reference/DefaultIntrusionDetector.java   |  10 +-
 .../esapi/reference/DefaultRandomizer.java    |   2 +-
 .../owasp/esapi/reference/DefaultUser.java    |   8 +-
 .../esapi/reference/DefaultValidator.java     |   2 +-
 .../reference/FileBasedAuthenticator.java     |   2 +-
 .../owasp/esapi/reference/JavaLogFactory.java |   8 +-
 .../owasp/esapi/reference/Log4JLogger.java    |   8 +-
 .../esapi/reference/crypto/JavaEncryptor.java |  44 +-
 .../validation/DateValidationRule.java        |   2 +-
 .../configuration/ConfigurationParser.java    |   2 +-
 .../esapi/SecurityConfigurationWrapper.java   | 111 ++--
 .../owasp/esapi/crypto/CipherSpecTest.java    |   8 +-
 .../crypto/SecurityProviderLoaderTest.java    |   2 +-
 .../DefaultSecurityConfigurationTest.java     |  47 +-
 .../owasp/esapi/reference/ValidatorTest.java  |   2 +-
 .../esapi/reference/crypto/EncryptorTest.java |   4 +-
 29 files changed, 189 insertions(+), 690 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/ESAPI.java b/src/main/java/org/owasp/esapi/ESAPI.java
index de93a73f7..4b49e8ce3 100644
--- a/src/main/java/org/owasp/esapi/ESAPI.java
+++ b/src/main/java/org/owasp/esapi/ESAPI.java
@@ -82,35 +82,35 @@ public static HttpServletResponse currentResponse() {
 	 * @return the current ESAPI AccessController object being used to maintain the access control rules for this application. 
 	 */
 	public static AccessController accessController() {
-        return ObjFactory.make( securityConfiguration().getAccessControlImplementation(), "AccessController" );
+        return ObjFactory.make( securityConfiguration().getStringProp("ESAPI.AccessControl"), "AccessController" );
 	}
 
 	/**
 	 * @return the current ESAPI Authenticator object being used to authenticate users for this application. 
 	 */
 	public static Authenticator authenticator() {
-        return ObjFactory.make( securityConfiguration().getAuthenticationImplementation(), "Authenticator" );
+        return ObjFactory.make( securityConfiguration().getStringProp("ESAPI.Authenticator"), "Authenticator" );
 	}
 
 	/**
 	 * @return the current ESAPI Encoder object being used to encode and decode data for this application. 
 	 */
 	public static Encoder encoder() {
-        return ObjFactory.make( securityConfiguration().getEncoderImplementation(), "Encoder" );
+        return ObjFactory.make( securityConfiguration().getStringProp("ESAPI.Encoder"), "Encoder" );
 	}
 
 	/**
 	 * @return the current ESAPI Encryptor object being used to encrypt and decrypt data for this application. 
 	 */
 	public static Encryptor encryptor() {
-        return ObjFactory.make( securityConfiguration().getEncryptionImplementation(), "Encryptor" );
+        return ObjFactory.make( securityConfiguration().getStringProp("ESAPI.Encryptor"), "Encryptor" );
 	}
 
 	/**
 	 * @return the current ESAPI Executor object being used to safely execute OS commands for this application. 
 	 */
 	public static Executor executor() {
-        return ObjFactory.make( securityConfiguration().getExecutorImplementation(), "Executor" );
+        return ObjFactory.make( securityConfiguration().getStringProp("ESAPI.Executor"), "Executor" );
 	}
 
 	/**
@@ -118,14 +118,14 @@ public static Executor executor() {
 	 * for this application. 
 	 */
 	public static HTTPUtilities httpUtilities() {
-        return ObjFactory.make( securityConfiguration().getHTTPUtilitiesImplementation(), "HTTPUtilities" );
+        return ObjFactory.make( securityConfiguration().getStringProp("ESAPI.HTTPUtilities"), "HTTPUtilities" );
 	}
 
 	/**
 	 * @return the current ESAPI IntrusionDetector being used to monitor for intrusions in this application. 
 	 */
 	public static IntrusionDetector intrusionDetector() {
-        return ObjFactory.make( securityConfiguration().getIntrusionDetectionImplementation(), "IntrusionDetector" );
+        return ObjFactory.make( securityConfiguration().getStringProp("ESAPI.IntrusionDetector"), "IntrusionDetector" );
 	}
 
 	/**
@@ -134,7 +134,7 @@ public static IntrusionDetector intrusionDetector() {
 	 * @return The current LogFactory being used by ESAPI.
 	 */
 	private static LogFactory logFactory() {
-        return ObjFactory.make( securityConfiguration().getLogImplementation(), "LogFactory" );
+        return ObjFactory.make( securityConfiguration().getStringProp("ESAPI.Logger"), "LogFactory" );
 	}
 	
 	/**
@@ -165,7 +165,7 @@ public static Logger log() {
 	 * @return the current ESAPI Randomizer being used to generate random numbers in this application. 
 	 */
 	public static Randomizer randomizer() {
-        return ObjFactory.make( securityConfiguration().getRandomizerImplementation(), "Randomizer" );
+        return ObjFactory.make( securityConfiguration().getStringProp("ESAPI.Randomizer"), "Randomizer" );
 	}
 
     private static volatile SecurityConfiguration overrideConfig = null;
@@ -188,7 +188,7 @@ public static SecurityConfiguration securityConfiguration() {
 	 * @return the current ESAPI Validator being used to validate data in this application. 
 	 */
 	public static Validator validator() {
-        return ObjFactory.make( securityConfiguration().getValidationImplementation(), "Validator" );
+        return ObjFactory.make( securityConfiguration().getStringProp("ESAPI.Validator"), "Validator" );
 	}
 
     // TODO: This should probably use the SecurityManager or some value within the current
diff --git a/src/main/java/org/owasp/esapi/SecurityConfiguration.java b/src/main/java/org/owasp/esapi/SecurityConfiguration.java
index 4d43d4834..7103f9446 100644
--- a/src/main/java/org/owasp/esapi/SecurityConfiguration.java
+++ b/src/main/java/org/owasp/esapi/SecurityConfiguration.java
@@ -51,71 +51,6 @@
  * @since June 1, 2007
  */
 public interface SecurityConfiguration extends EsapiPropertyLoader {
-
-	/**
-	 * Gets the application name, used for logging
-	 * 
-	 * @return the name of the current application
-     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public String getApplicationName();
-	
-	/**
-	 * Returns the fully qualified classname of the ESAPI Logging implementation.
-     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public String getLogImplementation();
-	
-	/**
-	 * Returns the fully qualified classname of the ESAPI Authentication implementation.
-     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public String getAuthenticationImplementation();
-	
-	/**
-	 * Returns the fully qualified classname of the ESAPI Encoder implementation.
-     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public String getEncoderImplementation();
-	
-	/**
-	 * Returns the fully qualified classname of the ESAPI Access Control implementation.
-     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public String getAccessControlImplementation();
-	
-	/**
-	 * Returns the fully qualified classname of the ESAPI Intrusion Detection implementation.
-     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public String getIntrusionDetectionImplementation();
-	
-	/**
-	 * Returns the fully qualified classname of the ESAPI Randomizer implementation.
-     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public String getRandomizerImplementation();
-	
-	/**
-	 * Returns the fully qualified classname of the ESAPI Encryption implementation.
-     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public String getEncryptionImplementation();
-	
-	/**
-	 * Returns the fully qualified classname of the ESAPI Validation implementation.
-     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public String getValidationImplementation();
 	
 	/**
 	 * Returns the validation pattern for a particular type
@@ -124,43 +59,6 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
 	 */
     public Pattern getValidationPattern( String typeName );
     
-    /**
-     * Determines whether ESAPI will accept "lenient" dates when attempt
-     * to parse dates. Controlled by ESAPI property
-     * {@code Validator.AcceptLenientDates}, which defaults to {@code false}
-     * if unset.
-     * 
-     * @return True if lenient dates are accepted; false otherwise.
-     * @see java.text.DateFormat#setLenient(boolean)
-     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
-     */
-	@Deprecated
-    public boolean getLenientDatesAccepted();
-	
-	/**
-	 * Returns the fully qualified classname of the ESAPI OS Execution implementation.
-     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public String getExecutorImplementation();
-	
-	/**
-	 * Returns the fully qualified classname of the ESAPI HTTPUtilities implementation.
-     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public String getHTTPUtilitiesImplementation();
-	
-	/**
-	 * Gets the master key. This password is used to encrypt/decrypt other files or types
-	 * of data that need to be protected by your application.
-	 * 
-	 * @return the current master key
-     * @deprecated Use SecurityConfiguration.getByteArrayProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public byte[] getMasterKey();
-
 	/**
      * Retrieves the upload directory as specified in the ESAPI.properties file.
      * @return the upload directory
@@ -173,25 +71,6 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
      */
     public File getUploadTempDirectory();
 
-	/**
-	 * Gets the key length to use in cryptographic operations declared in the ESAPI properties file.
-	 * 
-	 * @return the key length.
-     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-    public int getEncryptionKeyLength();
-    
-	/**
-	 * Gets the master salt that is used to salt stored password hashes and any other location 
-	 * where a salt is needed.
-	 * 
-	 * @return the current master salt
-     * @deprecated Use SecurityConfiguration.getByteArrayProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public byte[] getMasterSalt();
-
 	/**
 	 * Gets the allowed executables to run with the Executor.
 	 * 
@@ -205,87 +84,7 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
 	 * @return a list of the current allowed file extensions
 	 */
 	public List<String> getAllowedFileExtensions();
-
-	/**
-	 * Gets the maximum allowed file upload size.
-	 * 
-	 * @return the current allowed file upload size
-     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public int getAllowedFileUploadSize();
-
-	/**
-	 * Gets the name of the password parameter used during user authentication.
-	 * 
-	 * @return the name of the password parameter
-     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public String getPasswordParameterName();
-
-	/**
-	 * Gets the name of the username parameter used during user authentication.
-	 * 
-	 * @return the name of the username parameter
-     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public String getUsernameParameterName();
-
-	/**
-	 * Gets the encryption algorithm used by ESAPI to protect data. This is
-	 * mostly used for compatibility with ESAPI 1.4; ESAPI 2.0 prefers to
-	 * use "cipher transformation" since it supports multiple cipher modes
-	 * and padding schemes.
-	 * 
-	 * @return the current encryption algorithm
-     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public String getEncryptionAlgorithm();
-
-	/**
-	 * Retrieve the <i>cipher transformation</i>. In general, the cipher transformation
-	 * is a specification of cipher algorithm, cipher mode, and padding scheme
-	 * and in general, is a {@code String} that takes the following form:
-	 * <pre>
-	 * 		<i>cipher_alg</i>/<i>cipher_mode[bits]</i>/<i>padding_scheme</i>
-	 * </pre>
-	 * where <i>cipher_alg</i> is the JCE cipher algorithm (e.g., "DESede"),
-	 * <i>cipher_mode</i> is the cipher mode (e.g., "CBC", "CFB", "CTR", etc.),
-	 * and <i>padding_scheme</i> is the cipher padding scheme (e.g., "NONE" for
-	 * no padding, "PKCS5Padding" for PKCS#5 padding, etc.) and where
-	 * <i>[bits]</i> is an optional bit size that applies to certain cipher
-	 * modes such as {@code CFB} and {@code OFB}. Using modes such as CFB and
-	 * OFB, block ciphers can encrypt data in units smaller than the cipher's
-	 * actual block size. When requesting such a mode, you may optionally
-	 * specify the number of bits to be processed at a time. This generally must
-	 * be an integral multiple of 8-bits so that it can specify a whole number
-	 * of octets. 
-	 * </p><p>
-	 * Examples are:
-	 * <pre>
-	 * 		"AES/ECB/NoPadding"		// Default for ESAPI Java 1.4 (insecure)
-	 * 		"AES/CBC/PKCS5Padding"	// Default for ESAPI Java 2.0
-	 * 		"DESede/OFB32/PKCS5Padding"
-	 * </pre>
-	 * <b>NOTE:</b> Occasionally, in cryptographic literature, you may also
-	 * see the key size (in bits) specified after the cipher algorithm in the
-	 * cipher transformation. Generally, this is done to account for cipher
-	 * algorithms that have variable key sizes. The Blowfish cipher for example
-	 * supports key sizes from 32 to 448 bits. So for Blowfish, you might see
-	 * a cipher transformation something like this:
-	 * <pre>
-	 * 		"Blowfish-192/CFB8/PKCS5Padding"
-	 * </pre>
-	 * in the cryptographic literature. It should be noted that the Java
-	 * Cryptography Extensions (JCE) do not generally support this (at least
-	 * not the reference JCE implementation of "SunJCE"), and therefore it
-	 * should be avoided.
-	 * @return	The cipher transformation.
-     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
-	 */
+    
 	@Deprecated
     public String getCipherTransformation();
     
@@ -317,93 +116,7 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
      */
     @Deprecated
     public String setCipherTransformation(String cipherXform);
-
-    /**
-     * Retrieve the <i>preferred</i> JCE provider for ESAPI and your application.
-     * ESAPI 2.0 now allows setting the property
-     * {@code Encryptor.PreferredJCEProvider} in the
-     * {@code ESAPI.properties} file, which will cause the specified JCE
-     * provider to be automatically and dynamically loaded (assuming that
-     * {@code SecurityManager} permissions allow) as the Ii>preferred</i>
-     * JCE provider. (Note this only happens if the JCE provider is not already
-     * loaded.) This method returns the property {@code Encryptor.PreferredJCEProvider}.
-     * </p<p>
-     * By default, this {@code Encryptor.PreferredJCEProvider} property is set
-     * to an empty string, which means that the preferred JCE provider is not
-     * changed.
-     * @return The property {@code Encryptor.PreferredJCEProvider} is returned.
-     * @see org.owasp.esapi.crypto.SecurityProviderLoader
-     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
-     */
-	@Deprecated
-    public String getPreferredJCEProvider();
-    
-// TODO - DISCUSS: Where should this web page (below) go? Maybe with the Javadoc? But where?
-//				   Think it makes more sense as part of the release notes, but OTOH, I
-//				   really don't want to rewrite this as a Wiki page either.
-    /**
-     * Determines whether the {@code CipherText} should be used with a Message
-     * Authentication Code (MAC). Generally this makes for a more robust cryptographic
-     * scheme, but there are some minor performance implications. Controlled by
-     * the ESAPI property <i>Encryptor.CipherText.useMAC</i>.
-     * </p><p>
-     * For further details, see the "Advanced Usage" section of
-     * <a href="http://www.owasp.org/ESAPI_2.0_ReleaseNotes_CryptoChanges.html">
-     * "Why Is OWASP Changing ESAPI Encryption?"</a>.
-     * </p>
-     * @return	{@code true} if a you want a MAC to be used, otherwise {@code false}.
-     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
-     */
-	@Deprecated
-    public boolean useMACforCipherText();
-
-    /**
-     * Indicates whether the {@code PlainText} objects may be overwritten after
-     * they have been encrypted. Generally this is a good idea, especially if
-     * your VM is shared by multiple applications (e.g., multiple applications
-     * running in the same J2EE container) or if there is a possibility that
-     * your VM may leave a core dump (say because it is running non-native
-     * Java code.
-     * <p>
-     * Controlled by the property {@code Encryptor.PlainText.overwrite} in
-     * the {@code ESAPI.properties} file.
-     * </p>
-     * @return	True if it is OK to overwrite the {@code PlainText} objects
-     *			after encrypting, false otherwise.
-     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
-     */
-	@Deprecated
-    public boolean overwritePlainText();
-    
-    /**
-     * Get a string indicating how to compute an Initialization Vector (IV).
-     * Currently supported modes are "random" to generate a random IV or
-     * "fixed" to use a fixed (static) IV. If a "fixed" IV is chosen, then the
-     * the value of this fixed IV must be specified as the property
-     * {@code Encryptor.fixedIV} and be of the appropriate length.
-     * 
-     * @return A string specifying the IV type. Should be "random" or "fixed".
-     * 
-     * @see #getFixedIV()
-     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
-     */
-	@Deprecated
-    public String getIVType();
-    
-    /**
-     * If a "fixed" (i.e., static) Initialization Vector (IV) is to be used,
-     * this will return the IV value as a hex-encoded string.
-     * @return The fixed IV as a hex-encoded string.
-     * @deprecated Short term: use SecurityConfiguration.getByteArrayProp("appropriate_esapi_prop_name")
-     *             instead. Longer term: There will be a more general method in JavaEncryptor
-     *             to explicitly set an IV. This whole concept of a single fixed IV has
-     *             always been a kludge at best, as a concession to those who have used
-     *             a single fixed IV in the past. It's time to put it to death
-     *             as it was never intended for production in the first place.
-     */
-	@Deprecated
-    public String getFixedIV();
-    
+	
     /**
      * Return a {@code List} of strings of combined cipher modes that support
      * <b>both</b> confidentiality and authenticity. These would be preferred
@@ -440,67 +153,6 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
      */
     public List<String> getAdditionalAllowedCipherModes();
 
-	/**
-	 * Gets the hashing algorithm used by ESAPI to hash data.
-	 * 
-	 * @return the current hashing algorithm
-     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public String getHashAlgorithm();
-
-	/**
-	 * Gets the hash iterations used by ESAPI to hash data.
-	 * 
-	 * @return the current hashing algorithm
-     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public int getHashIterations();
-
-	/**
-	 * Retrieve the Pseudo Random Function (PRF) used by the ESAPI
-	 * Key Derivation Function (KDF).
-	 * 
-	 * @return	The KDF PRF algorithm name.
-     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public String getKDFPseudoRandomFunction();
-	
-	/**
-	 * Gets the character encoding scheme supported by this application. This is used to set the
-	 * character encoding scheme on requests and responses when setCharacterEncoding() is called
-	 * on SafeRequests and SafeResponses. This scheme is also used for encoding/decoding URLs 
-	 * and any other place where the current encoding scheme needs to be known.
-	 * <br><br>
-	 * Note: This does not get the configured response content type. That is accessed by calling 
-	 * getResponseContentType().
-	 * 
-	 * @return the current character encoding scheme
-     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public String getCharacterEncoding();
-
-	/**
-	 * Return true if multiple encoding is allowed
-	 *
-	 * @return whether multiple encoding is allowed when canonicalizing data
-     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public boolean getAllowMultipleEncoding();
-
-	/**
-	 * Return true if mixed encoding is allowed
-	 *
-	 * @return whether mixed encoding is allowed when canonicalizing data
-     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public boolean getAllowMixedEncoding();
-
 	/**
 	 * Returns the List of Codecs to use when canonicalizing data
 	 * 
@@ -514,57 +166,6 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
 	 * @return the current digital signature algorithm
      * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
 	 */
-	@Deprecated
-	public String getDigitalSignatureAlgorithm();
-
-	/**
-	 * Gets the digital signature key length used by ESAPI to generate and verify signatures.
-	 * 
-	 * @return the current digital signature key length
-     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public int getDigitalSignatureKeyLength();
-		   
-	/**
-	 * Gets the random number generation algorithm used to generate random numbers where needed.
-	 * 
-	 * @return the current random number generation algorithm
-     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public String getRandomAlgorithm();
-
-	/**
-	 * Gets the number of login attempts allowed before the user's account is locked. If this 
-	 * many failures are detected within the alloted time period, the user's account will be locked.
-	 * 
-	 * @return the number of failed login attempts that cause an account to be locked
-     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public int getAllowedLoginAttempts();
-
-	/**
-	 * Gets the maximum number of old password hashes that should be retained. These hashes can 
-	 * be used to ensure that the user doesn't reuse the specified number of previous passwords
-	 * when they change their password.
-	 * 
-	 * @return the number of old hashed passwords to retain
-     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public int getMaxOldPasswordHashes();
-
-	/**
-	 * Allows for complete disabling of all intrusion detection mechanisms
-	 * 
-	 * @return true if intrusion detection should be disabled
-     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public boolean getDisableIntrusionDetection();
-	
 	/**
 	 * Gets the intrusion detection quota for the specified event.
 	 * 
@@ -582,41 +183,6 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
      */
     public File getResourceFile( String filename );
     
-	/**
-	 * Returns true if session cookies are required to have HttpOnly flag set.
-     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
-     */
-	@Deprecated
-    public boolean getForceHttpOnlySession() ;
-
-	/**
-	 * Returns true if session cookies are required to have Secure flag set.
-     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
-     */
-	@Deprecated
-    public boolean getForceSecureSession() ;
-
-	/**
-	 * Returns true if new cookies are required to have HttpOnly flag set.
-     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
-     */
-	@Deprecated
-    public boolean getForceHttpOnlyCookies() ;
-
-	/**
-	 * Returns true if new cookies are required to have Secure flag set.
-     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
-     */
-	@Deprecated
-    public boolean getForceSecureCookies() ;
-
-	/**
-	 * Returns the maximum allowable HTTP header size.
-     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public int getMaxHttpHeaderSize() ;
-
 	/**
 	 * Gets an InputStream to a file in the resource directory
      *
@@ -634,28 +200,6 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
 	 */
 	public void setResourceDirectory(String dir);
 	
-	/**
-	 * Gets the content type for responses used when setSafeContentType() is called.
-	 * <br><br>
-	 * Note: This does not get the configured character encoding scheme. That is accessed by calling 
-	 * getCharacterEncoding().
-	 * 
-	 * @return The current content-type set for responses.
-     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public String getResponseContentType();
-
-	/**
-	 * This method returns the configured name of the session identifier, 
-	 * likely "JSESSIONID" though this can be overridden.
-	 * 
-	 * @return The name of the session identifier, like "JSESSIONID"
-     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public String getHttpSessionIdName();
-	
 	/**
 	 * Gets the length of the time to live window for remember me tokens (in milliseconds).
 	 * 
@@ -664,87 +208,6 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
     // OPEN ISSUE: Can we replace w/ SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead?
 	public long getRememberTokenDuration();
 
-	
-	/**
-	 * Gets the idle timeout length for sessions (in milliseconds). This is the amount of time that a session
-	 * can live before it expires due to lack of activity. Applications or frameworks could provide a reauthenticate
-	 * function that enables a session to continue after reauthentication.
-	 * 
-	 * @return The session idle timeout length.
-     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public int getSessionIdleTimeoutLength();
-	
-	/**
-	 * Gets the absolute timeout length for sessions (in milliseconds). This is the amount of time that a session
-	 * can live before it expires regardless of the amount of user activity. Applications or frameworks could 
-	 * provide a reauthenticate function that enables a session to continue after reauthentication.
-	 * 
-	 * @return The session absolute timeout length.
-     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public int getSessionAbsoluteTimeoutLength();
-	
-	
-	/**
-	 * Returns whether HTML entity encoding should be applied to log entries.
-	 * 
-	 * @return True if log entries are to be HTML Entity encoded. False otherwise.
-     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public boolean getLogEncodingRequired();
-	
-	/**
-	 * Returns whether ESAPI should log the application name. This might be clutter in some
-	 * single-server/single-app environments.
-	 * 
-	 * @return True if ESAPI should log the application name, False otherwise
-     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public boolean getLogApplicationName();
-
-	/**
-	 * Returns whether ESAPI should log the server IP. This might be clutter in some
-	 * single-server environments.
-	 * 
-	 * @return True if ESAPI should log the server IP and port, False otherwise
-     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-	public boolean getLogServerIP();
-
-	/**
-	 * Returns the current log level.
-	 * @return	An integer representing the current log level.
-     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-    public int getLogLevel();
-	
-    /**
-     * Get the name of the log file specified in the ESAPI configuration properties file. Return a default value 
-     * if it is not specified.
-     * 
-     * @return the log file name defined in the properties file.
-     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
-     */
-	@Deprecated
-    public String getLogFileName();
-
-    /**
-     * Get the maximum size of a single log file from the ESAPI configuration properties file. Return a default value 
-     * if it is not specified. Once the log hits this file size, it will roll over into a new log.
-     * 
-     * @return the maximum size of a single log file (in bytes).
-     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
-     */
-	@Deprecated
-    public int getMaxLogFileSize();
-
 	/**
 	 * Models a simple threshold as a count and an interval, along with a set of actions to take if 
 	 * the threshold is exceeded. These thresholds are used to define when the accumulation of a particular event
diff --git a/src/main/java/org/owasp/esapi/crypto/CipherSpec.java b/src/main/java/org/owasp/esapi/crypto/CipherSpec.java
index e8836a38b..973774533 100644
--- a/src/main/java/org/owasp/esapi/crypto/CipherSpec.java
+++ b/src/main/java/org/owasp/esapi/crypto/CipherSpec.java
@@ -41,8 +41,8 @@ public final class CipherSpec implements Serializable {
 
 	private static final long serialVersionUID = 20090822;	// version, in YYYYMMDD format
 	
-	private String  cipher_xform_   = ESAPI.securityConfiguration().getCipherTransformation();
-	private int     keySize_        = ESAPI.securityConfiguration().getEncryptionKeyLength(); // In bits
+	private String  cipher_xform_   = ESAPI.securityConfiguration().getStringProp("Encryptor.CipherTransformation");
+	private int     keySize_        = ESAPI.securityConfiguration().getIntProp("Encryptor.EncryptionKeyLength"); // In bits
 	private int     blockSize_      = 16;   // In bytes! I.e., 128 bits!!!
 	private byte[]  iv_             = null;
 
diff --git a/src/main/java/org/owasp/esapi/crypto/CipherText.java b/src/main/java/org/owasp/esapi/crypto/CipherText.java
index 66242d78f..3aca97baf 100644
--- a/src/main/java/org/owasp/esapi/crypto/CipherText.java
+++ b/src/main/java/org/owasp/esapi/crypto/CipherText.java
@@ -451,7 +451,7 @@ void storeSeparateMAC(byte[] macValue) {
 	 * @return True if the ciphertext has not be tampered with, and false otherwise.
 	 */
 	public boolean validateMAC(SecretKey authKey) {
-	    boolean requiresMAC = ESAPI.securityConfiguration().useMACforCipherText();
+	    boolean requiresMAC = ESAPI.securityConfiguration().getBooleanProp("Encryptor.CipherText.useMAC");
 
 	    if (  requiresMAC && macComputed() ) {  // Uses MAC and it was computed
 	        // Calculate MAC from HMAC-SHA1(nonce, IV + plaintext) and
@@ -503,7 +503,7 @@ public byte[] asPortableSerializedByteArray() throws EncryptionException {
 	    
 	    // If we are supposed to be using a (separate) MAC, also make sure
 	    // that it has been computed/stored.
-	    boolean requiresMAC = ESAPI.securityConfiguration().useMACforCipherText();
+	    boolean requiresMAC = ESAPI.securityConfiguration().getBooleanProp("Encryptor.CipherText.useMAC");
 	    if (  requiresMAC && ! macComputed() ) {
 	        String msg = "Programming error: MAC is required for this cipher mode (" +
 	                     getCipherMode() + "), but MAC has not yet been " +
diff --git a/src/main/java/org/owasp/esapi/crypto/CryptoHelper.java b/src/main/java/org/owasp/esapi/crypto/CryptoHelper.java
index 024150bda..341b202e7 100644
--- a/src/main/java/org/owasp/esapi/crypto/CryptoHelper.java
+++ b/src/main/java/org/owasp/esapi/crypto/CryptoHelper.java
@@ -215,7 +215,7 @@ public static boolean isAllowedCipherMode(String cipherMode)
     public static boolean isMACRequired(CipherText ct) {
         boolean preferredCipherMode =
             CryptoHelper.isCombinedCipherMode( ct.getCipherMode() );
-        boolean wantsMAC = ESAPI.securityConfiguration().useMACforCipherText();
+        boolean wantsMAC = ESAPI.securityConfiguration().getBooleanProp("Encryptor.CipherText.useMAC");
 
         // The preferred "combined" cipher modes such as CCM, GCM, etc. do
         // not require a MAC as a MAC would be superfluous and just require
diff --git a/src/main/java/org/owasp/esapi/crypto/CryptoToken.java b/src/main/java/org/owasp/esapi/crypto/CryptoToken.java
index 4276079f9..bf7286377 100644
--- a/src/main/java/org/owasp/esapi/crypto/CryptoToken.java
+++ b/src/main/java/org/owasp/esapi/crypto/CryptoToken.java
@@ -128,7 +128,7 @@ public class CryptoToken {
      */
     public CryptoToken() {
         secretKey = getDefaultSecretKey(
-                            ESAPI.securityConfiguration().getEncryptionAlgorithm()
+                            ESAPI.securityConfiguration().getStringProp("Encryptor.EncryptionAlgorithm")
                         );
         long now = System.currentTimeMillis();
         expirationTime = now + DEFAULT_EXP_TIME;
@@ -162,7 +162,7 @@ public CryptoToken(SecretKey skey) {
      */
     public CryptoToken(String token) throws EncryptionException {
         secretKey = getDefaultSecretKey(
-                ESAPI.securityConfiguration().getEncryptionAlgorithm()
+                ESAPI.securityConfiguration().getStringProp("Encryptor.EncryptionAlgorithm")
             );
         try {
             decryptToken(secretKey, token);
@@ -690,7 +690,7 @@ private void decryptToken(SecretKey skey, String b64token) throws EncryptionExce
     
     private SecretKey getDefaultSecretKey(String encryptAlgorithm) {
         assert encryptAlgorithm != null : "Encryption algorithm cannot be null";
-        byte[] skey = ESAPI.securityConfiguration().getMasterKey();
+        byte[] skey = ESAPI.securityConfiguration().getByteArrayProp("Encryptor.MasterSalt");
         assert skey != null : "Can't obtain master key, Encryptor.MasterKey";
         assert skey.length >= 7 :
                         "Encryptor.MasterKey must be at least 7 bytes. " +
diff --git a/src/main/java/org/owasp/esapi/crypto/KeyDerivationFunction.java b/src/main/java/org/owasp/esapi/crypto/KeyDerivationFunction.java
index 17635ce5a..da6e38fba 100644
--- a/src/main/java/org/owasp/esapi/crypto/KeyDerivationFunction.java
+++ b/src/main/java/org/owasp/esapi/crypto/KeyDerivationFunction.java
@@ -127,7 +127,7 @@ public KeyDerivationFunction(KeyDerivationFunction.PRF_ALGORITHMS prfAlg) {
 	 * <b>ESAPI.property</b> property, {@code Encryptor.KDF.PRF}.
 	 */
 	public KeyDerivationFunction() {			
-		String prfName = ESAPI.securityConfiguration().getKDFPseudoRandomFunction();
+		String prfName = ESAPI.securityConfiguration().getStringProp("Encryptor.KDF.PRF");
 		if ( ! KeyDerivationFunction.isValidPRF(prfName) ) {
     		throw new ConfigurationException("Algorithm name " + prfName +
     							" not a valid algorithm name for property " +
@@ -150,7 +150,7 @@ public String getPRFAlgName() {
 	 * 
 	 */
 	static int getDefaultPRFSelection() {
-		String prfName = ESAPI.securityConfiguration().getKDFPseudoRandomFunction();
+		String prfName = ESAPI.securityConfiguration().getStringProp("Encryptor.KDF.PRF");
 		for (PRF_ALGORITHMS prf : PRF_ALGORITHMS.values()) {
 			if ( prf.getAlgName().equals(prfName) ) {
 				return prf.getValue();
diff --git a/src/main/java/org/owasp/esapi/crypto/SecurityProviderLoader.java b/src/main/java/org/owasp/esapi/crypto/SecurityProviderLoader.java
index cacc9c9ef..0ad2cae86 100644
--- a/src/main/java/org/owasp/esapi/crypto/SecurityProviderLoader.java
+++ b/src/main/java/org/owasp/esapi/crypto/SecurityProviderLoader.java
@@ -263,7 +263,7 @@ public static int insertProviderAt(String algProvider, int pos)
     public static int loadESAPIPreferredJCEProvider() throws NoSuchProviderException
     {
         String prefJCEProvider =
-            ESAPI.securityConfiguration().getPreferredJCEProvider();
+            ESAPI.securityConfiguration().getStringProp("Encryptor.PreferredJCEProvider");
         try {
             // If unset or set to empty string, then don't try to change it.
             if ( prefJCEProvider == null || prefJCEProvider.trim().length() == 0) {
diff --git a/src/main/java/org/owasp/esapi/errors/EnterpriseSecurityException.java b/src/main/java/org/owasp/esapi/errors/EnterpriseSecurityException.java
index 93ee30191..396a91969 100644
--- a/src/main/java/org/owasp/esapi/errors/EnterpriseSecurityException.java
+++ b/src/main/java/org/owasp/esapi/errors/EnterpriseSecurityException.java
@@ -97,7 +97,7 @@ protected EnterpriseSecurityException(String userMessage, Throwable cause)
     public EnterpriseSecurityException(String userMessage, String logMessage) {
     	super(userMessage);
         this.logMessage = logMessage;
-        if (!ESAPI.securityConfiguration().getDisableIntrusionDetection()) {
+        if (!ESAPI.securityConfiguration().getBooleanProp("IntrusionDetector.Disable")) {
         	ESAPI.intrusionDetector().addException(this);
         }
     }
@@ -118,7 +118,7 @@ public EnterpriseSecurityException(String userMessage, String logMessage) {
     public EnterpriseSecurityException(String userMessage, String logMessage, Throwable cause) {
         super(userMessage, cause);
         this.logMessage = logMessage;
-        if (!ESAPI.securityConfiguration().getDisableIntrusionDetection()) {
+        if (!ESAPI.securityConfiguration().getBooleanProp("IntrusionDetector.Disable")) {
         	ESAPI.intrusionDetector().addException(this);
         }
     }
diff --git a/src/main/java/org/owasp/esapi/errors/EnterpriseSecurityRuntimeException.java b/src/main/java/org/owasp/esapi/errors/EnterpriseSecurityRuntimeException.java
index 6dab2a54c..8b901a177 100644
--- a/src/main/java/org/owasp/esapi/errors/EnterpriseSecurityRuntimeException.java
+++ b/src/main/java/org/owasp/esapi/errors/EnterpriseSecurityRuntimeException.java
@@ -100,7 +100,7 @@ protected EnterpriseSecurityRuntimeException(String userMessage,
     public EnterpriseSecurityRuntimeException(String userMessage, String logMessage) {
     	super(userMessage);
         this.logMessage = logMessage;
-        if (!ESAPI.securityConfiguration().getDisableIntrusionDetection()) {
+        if (!ESAPI.securityConfiguration().getBooleanProp("IntrusionDetector.Disable")) {
         	ESAPI.intrusionDetector().addException(this);
         }
     }
@@ -121,7 +121,7 @@ public EnterpriseSecurityRuntimeException(String userMessage, String logMessage)
     public EnterpriseSecurityRuntimeException(String userMessage, String logMessage, Throwable cause) {
         super(userMessage, cause);
         this.logMessage = logMessage;
-        if (!ESAPI.securityConfiguration().getDisableIntrusionDetection()) {
+        if (!ESAPI.securityConfiguration().getBooleanProp("IntrusionDetector.Disable")) {
         	ESAPI.intrusionDetector().addException(this);
         }
     }
diff --git a/src/main/java/org/owasp/esapi/reference/AbstractAuthenticator.java b/src/main/java/org/owasp/esapi/reference/AbstractAuthenticator.java
index d7de99f04..3a8efe763 100644
--- a/src/main/java/org/owasp/esapi/reference/AbstractAuthenticator.java
+++ b/src/main/java/org/owasp/esapi/reference/AbstractAuthenticator.java
@@ -156,8 +156,8 @@ protected DefaultUser getUserFromRememberToken() {
      */
     private User loginWithUsernameAndPassword(HttpServletRequest request) throws AuthenticationException {
 
-        String username = request.getParameter(ESAPI.securityConfiguration().getUsernameParameterName());
-        String password = request.getParameter(ESAPI.securityConfiguration().getPasswordParameterName());
+        String username = request.getParameter(ESAPI.securityConfiguration().getStringProp("Authenticator.UsernameParameterName"));
+        String password = request.getParameter(ESAPI.securityConfiguration().getStringProp("Authenticator.PasswordParameterName"));
 
         // if a logged-in user is requesting to login, log them out first
         User user = getCurrentUser();
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultEncoder.java b/src/main/java/org/owasp/esapi/reference/DefaultEncoder.java
index 0af2ba040..0c1682bcf 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultEncoder.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultEncoder.java
@@ -128,8 +128,8 @@ public String canonicalize( String input ) {
 
         // Issue 231 - These are reverse boolean logic in the Encoder interface, so we need to invert these values - CS
 		return canonicalize(input, 
-							!ESAPI.securityConfiguration().getAllowMultipleEncoding(),
-							!ESAPI.securityConfiguration().getAllowMixedEncoding() );
+							!ESAPI.securityConfiguration().getBooleanProp("Encoder.AllowMultipleEncoding"),
+							!ESAPI.securityConfiguration().getBooleanProp("Encoder.AllowMixedEncoding") );
 	}
 
 	
@@ -412,7 +412,7 @@ public String encodeForURL(String input) throws EncodingException {
 			return null;
 		}
 		try {
-			return URLEncoder.encode(input, ESAPI.securityConfiguration().getCharacterEncoding());
+			return URLEncoder.encode(input, ESAPI.securityConfiguration().getStringProp("HttpUtilities.CharacterEncoding"));
 		} catch (UnsupportedEncodingException ex) {
 			throw new EncodingException("Encoding failure", "Character encoding not supported", ex);
 		} catch (Exception e) {
@@ -429,7 +429,7 @@ public String decodeFromURL(String input) throws EncodingException {
 		}
 		String canonical = canonicalize(input);
 		try {
-			return URLDecoder.decode(canonical, ESAPI.securityConfiguration().getCharacterEncoding());
+			return URLDecoder.decode(canonical, ESAPI.securityConfiguration().getStringProp("HttpUtilities.CharacterEncoding"));
 		} catch (UnsupportedEncodingException ex) {
 			throw new EncodingException("Decoding failed", "Character encoding not supported", ex);
 		} catch (Exception e) {
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java b/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java
index 2dc1e3666..0e0dfdcd9 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java
@@ -133,7 +133,7 @@ public void setResponse(HttpServletResponse newResponse) {
 	private final Logger logger = ESAPI.getLogger("HTTPUtilities");
 
     /** The max bytes. */
-	static final int maxBytes = ESAPI.securityConfiguration().getAllowedFileUploadSize();
+	static final int maxBytes = ESAPI.securityConfiguration().getIntProp("HttpUtilities.MaxUploadFileBytes");
 
 
     /*
@@ -190,12 +190,12 @@ public void addCookie(HttpServletResponse response, Cookie cookie) {
 
         // if there are no errors, then set the cookie either with a header or normally
         if (errors.size() == 0) {
-        	if ( ESAPI.securityConfiguration().getForceHttpOnlyCookies() ) {
+        	if ( ESAPI.securityConfiguration().getBooleanProp("HttpUtilities.ForceHttpOnlyCookies") ) {
 	            String header = createCookieHeader(cookieName, cookieValue, maxAge, domain, path, secure);
 	            addHeader(response, "Set-Cookie", header);
         	} else {
                 // Issue 23 - If the ESAPI Configuration is set to force secure cookies, force the secure flag on the cookie before setting it
-                cookie.setSecure( secure || ESAPI.securityConfiguration().getForceSecureCookies() );
+                cookie.setSecure( secure || ESAPI.securityConfiguration().getBooleanProp("HttpUtilities.ForceSecureCookies") );
         		response.addCookie(cookie);
         	}
             return;
@@ -350,10 +350,10 @@ private String createCookieHeader(String name, String value, int maxAge, String
         if (path != null) {
             header += "; Path=" + path;
         }
-        if ( secure || ESAPI.securityConfiguration().getForceSecureCookies() ) {
+        if ( secure || ESAPI.securityConfiguration().getBooleanProp("HttpUtilities.ForceSecureCookies") ) {
             header += "; Secure";
         }
-        if ( ESAPI.securityConfiguration().getForceHttpOnlyCookies() ) {
+        if ( ESAPI.securityConfiguration().getBooleanProp("HttpUtilities.ForceHttpOnlyCookies") ) {
             header += "; HttpOnly";
         }
         return header;
@@ -773,7 +773,7 @@ public void logHTTPRequest(HttpServletRequest request, Logger logger, List param
 		    if ( cookies != null ) {
              for (Cookie cooky : cookies)
              {
-                if (!cooky.getName().equals(ESAPI.securityConfiguration().getHttpSessionIdName())) 
+                if (!cooky.getName().equals(ESAPI.securityConfiguration().getStringProp("HttpUtilities.HttpSessionIdName"))) 
                 {
                    params.append("+").append(cooky.getName()).append("=").append(cooky.getValue());
 		                    }
@@ -856,7 +856,7 @@ public void setContentType() {
 	 * {@inheritDoc}
 	 */
 	public void setContentType(HttpServletResponse response) {
-		response.setContentType((ESAPI.securityConfiguration()).getResponseContentType());
+		response.setContentType((ESAPI.securityConfiguration()).getStringProp("HttpUtilities.ResponseContentType"));
 	}
 
     /**
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultIntrusionDetector.java b/src/main/java/org/owasp/esapi/reference/DefaultIntrusionDetector.java
index d7b8f2b55..36c7e1265 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultIntrusionDetector.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultIntrusionDetector.java
@@ -59,7 +59,7 @@ public DefaultIntrusionDetector() {
      * @param e
      */
 	public void addException(Exception e) {
-		if (ESAPI.securityConfiguration().getDisableIntrusionDetection()) return;
+		if (ESAPI.securityConfiguration().getBooleanProp("IntrusionDetector.Disable")) return;
 		
         if ( e instanceof EnterpriseSecurityException ) {
             logger.warning( Logger.SECURITY_FAILURE, ((EnterpriseSecurityException)e).getLogMessage(), e );
@@ -93,7 +93,7 @@ public void addException(Exception e) {
 	 * {@inheritDoc}
 	 */
     public void addEvent(String eventName, String logMessage) throws IntrusionException {
-    	if (ESAPI.securityConfiguration().getDisableIntrusionDetection()) return;
+    	if (ESAPI.securityConfiguration().getBooleanProp("IntrusionDetector.Disable")) return;
     	
         logger.warning( Logger.SECURITY_FAILURE, "Security event " + eventName + " received : " + logMessage );
 
@@ -122,7 +122,7 @@ public void addEvent(String eventName, String logMessage) throws IntrusionExcept
      * 		the message to log if the action is "log"
      */
     private void takeSecurityAction( String action, String message ) {
-    	if (ESAPI.securityConfiguration().getDisableIntrusionDetection()) return;
+    	if (ESAPI.securityConfiguration().getBooleanProp("IntrusionDetector.Disable")) return;
     	
         if ( action.equals( "log" ) ) {
             logger.fatal( Logger.SECURITY_FAILURE, "INTRUSION - " + message );
@@ -148,7 +148,7 @@ private void takeSecurityAction( String action, String message ) {
 	 * 			The name of the event that occurred.
 	 */
 	private void addSecurityEvent(User user, String eventName) {
-		if (ESAPI.securityConfiguration().getDisableIntrusionDetection()) return;
+		if (ESAPI.securityConfiguration().getBooleanProp("IntrusionDetector.Disable")) return;
 		
 		if ( user.isAnonymous() ) return;
 		
@@ -175,7 +175,7 @@ public Event( String key ) {
             this.key = key;
         }
         public void increment(int count, long interval) throws IntrusionException {
-        	if (ESAPI.securityConfiguration().getDisableIntrusionDetection()) return;
+        	if (ESAPI.securityConfiguration().getBooleanProp("IntrusionDetector.Disable")) return;
         	
             Date now = new Date();
             times.add( 0, now );
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultRandomizer.java b/src/main/java/org/owasp/esapi/reference/DefaultRandomizer.java
index d7731c57b..6d2434288 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultRandomizer.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultRandomizer.java
@@ -54,7 +54,7 @@ public static Randomizer getInstance() {
     private final Logger logger = ESAPI.getLogger("Randomizer");
 
     private DefaultRandomizer() {
-        String algorithm = ESAPI.securityConfiguration().getRandomAlgorithm();
+        String algorithm = ESAPI.securityConfiguration().getStringProp("Encryptor.RandomAlgorithm");
         try {
             secureRandom = SecureRandom.getInstance(algorithm);
         } catch (NoSuchAlgorithmException e) {
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultUser.java b/src/main/java/org/owasp/esapi/reference/DefaultUser.java
index 0ff656a2b..baf3bdca3 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultUser.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultUser.java
@@ -44,10 +44,10 @@ public class DefaultUser implements User, Serializable {
 	private static final long serialVersionUID = 1L;
 
 	/** The idle timeout length specified in the ESAPI config file. */
-	private static final int IDLE_TIMEOUT_LENGTH = ESAPI.securityConfiguration().getSessionIdleTimeoutLength();
+	private static final int IDLE_TIMEOUT_LENGTH = ESAPI.securityConfiguration().getIntProp("Authenticator.IdleTimeoutDuration");
 	
 	/** The absolute timeout length specified in the ESAPI config file. */
-	private static final int ABSOLUTE_TIMEOUT_LENGTH = ESAPI.securityConfiguration().getSessionAbsoluteTimeoutLength();
+	private static final int ABSOLUTE_TIMEOUT_LENGTH = ESAPI.securityConfiguration().getIntProp("Authenticator.AbsoluteTimeoutDuration");
 	
 	/** The logger used by the class. */
 	private transient final Logger logger = ESAPI.getLogger("DefaultUser");
@@ -425,7 +425,7 @@ public void loginWithPassword(String password) throws AuthenticationException {
 			loggedIn = false;
 			setLastFailedLoginTime(new Date());
 			incrementFailedLoginCount();
-			if (getFailedLoginCount() >= ESAPI.securityConfiguration().getAllowedLoginAttempts()) {
+			if (getFailedLoginCount() >= ESAPI.securityConfiguration().getIntProp("Authenticator.AllowedLoginAttempts")) {
 				lock();
 			}
 			throw new AuthenticationLoginException("Login failed", "Incorrect password provided for " + getAccountName() );
@@ -444,7 +444,7 @@ public void logout() {
             removeSession(session);
 			session.invalidate();
 		}
-		ESAPI.httpUtilities().killCookie(ESAPI.currentRequest(), ESAPI.currentResponse(), ESAPI.securityConfiguration().getHttpSessionIdName());
+		ESAPI.httpUtilities().killCookie(ESAPI.currentRequest(), ESAPI.currentResponse(), ESAPI.securityConfiguration().getStringProp("HttpUtilities.HttpSessionIdName"));
 		loggedIn = false;
 		logger.info(Logger.SECURITY_SUCCESS, "Logout successful" );
 		ESAPI.authenticator().setCurrentUser(User.ANONYMOUS);
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultValidator.java b/src/main/java/org/owasp/esapi/reference/DefaultValidator.java
index 074b44dd1..81b7d805f 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultValidator.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultValidator.java
@@ -771,7 +771,7 @@ public byte[] getValidFileContent(String context, byte[] input, int maxBytes, bo
    			throw new ValidationException( context + ": Input required", "Input required: context=" + context + ", input=" + input, context );
 		}
 
-		long esapiMaxBytes = ESAPI.securityConfiguration().getAllowedFileUploadSize();
+		long esapiMaxBytes = ESAPI.securityConfiguration().getIntProp("HttpUtilities.MaxUploadFileBytes");
 		if (input.length > esapiMaxBytes ) throw new ValidationException( context + ": Invalid file content can not exceed " + esapiMaxBytes + " bytes", "Exceeded ESAPI max length", context );
 		if (input.length > maxBytes ) throw new ValidationException( context + ": Invalid file content can not exceed " + maxBytes + " bytes", "Exceeded maxBytes ( " + input.length + ")", context );
 
diff --git a/src/main/java/org/owasp/esapi/reference/FileBasedAuthenticator.java b/src/main/java/org/owasp/esapi/reference/FileBasedAuthenticator.java
index cee3685ad..ad4021086 100644
--- a/src/main/java/org/owasp/esapi/reference/FileBasedAuthenticator.java
+++ b/src/main/java/org/owasp/esapi/reference/FileBasedAuthenticator.java
@@ -140,7 +140,7 @@ public static void main(String[] args) throws Exception {
     private void setHashedPassword(User user, String hash) {
         List<String> hashes = getAllHashedPasswords(user, true);
         hashes.add(0, hash);
-        if (hashes.size() > ESAPI.securityConfiguration().getMaxOldPasswordHashes()) {
+        if (hashes.size() > ESAPI.securityConfiguration().getIntProp("Authenticator.MaxOldPasswordHashes")) {
             hashes.remove(hashes.size() - 1);
         }
         logger.info(Logger.SECURITY_SUCCESS, "New hashed password stored for " + user.getAccountName());
diff --git a/src/main/java/org/owasp/esapi/reference/JavaLogFactory.java b/src/main/java/org/owasp/esapi/reference/JavaLogFactory.java
index 0970818e8..9ad257f51 100644
--- a/src/main/java/org/owasp/esapi/reference/JavaLogFactory.java
+++ b/src/main/java/org/owasp/esapi/reference/JavaLogFactory.java
@@ -121,13 +121,13 @@ private static class JavaLogger implements org.owasp.esapi.Logger {
         private String moduleName = null;
 
         /** The application name defined in ESAPI.properties */
-    	private String applicationName=ESAPI.securityConfiguration().getApplicationName();
+    	private String applicationName=ESAPI.securityConfiguration().getStringProp("Logger.ApplicationName");
 
         /** Log the application name? */
-    	private static boolean logAppName = ESAPI.securityConfiguration().getLogApplicationName();
+    	private static boolean logAppName = ESAPI.securityConfiguration().getBooleanProp("Logger.LogApplicationName");
 
     	/** Log the server ip? */
-    	private static boolean logServerIP = ESAPI.securityConfiguration().getLogServerIP();
+    	private static boolean logServerIP = ESAPI.securityConfiguration().getBooleanProp("Logger.LogServerIP");
     	
         /**
          * Public constructor should only ever be called via the appropriate LogFactory
@@ -296,7 +296,7 @@ private void log(Level level, EventType type, String message, Throwable throwabl
             
             // ensure no CRLF injection into logs for forging records
             String clean = message.replace( '\n', '_' ).replace( '\r', '_' );
-            if ( ESAPI.securityConfiguration().getLogEncodingRequired() ) {
+            if ( ESAPI.securityConfiguration().getBooleanProp("Logger.LogEncodingRequired") ) {
             	clean = ESAPI.encoder().encodeForHTML(message);
                 if (!message.equals(clean)) {
                     clean += " (Encoded)";
diff --git a/src/main/java/org/owasp/esapi/reference/Log4JLogger.java b/src/main/java/org/owasp/esapi/reference/Log4JLogger.java
index af7045663..569f3a37e 100644
--- a/src/main/java/org/owasp/esapi/reference/Log4JLogger.java
+++ b/src/main/java/org/owasp/esapi/reference/Log4JLogger.java
@@ -41,13 +41,13 @@ public class Log4JLogger extends org.apache.log4j.Logger implements org.owasp.es
 	private static LoggerFactory factory = new Log4JLoggerFactory();
 
 	/** The application name using this log */
-	private static String applicationName = ESAPI.securityConfiguration().getApplicationName();
+	private static String applicationName = ESAPI.securityConfiguration().getStringProp("Logger.ApplicationName");
 
 	/** Log the application name? */
-	private static boolean logAppName = ESAPI.securityConfiguration().getLogApplicationName();
+	private static boolean logAppName = ESAPI.securityConfiguration().getBooleanProp("Logger.LogApplicationName");
 	
 	/** Log the server ip? */
-	private static boolean logServerIP = ESAPI.securityConfiguration().getLogServerIP();
+	private static boolean logServerIP = ESAPI.securityConfiguration().getBooleanProp("Logger.LogServerIP");
 
 	public Log4JLogger(String name) {
 		super(name);
@@ -423,7 +423,7 @@ private void log(Level level, EventType type, String message, Throwable throwabl
 
 		// ensure no CRLF injection into logs for forging records
 		String clean = message.replace('\n', '_').replace('\r', '_');
-		if (ESAPI.securityConfiguration().getLogEncodingRequired()) {
+		if (ESAPI.securityConfiguration().getBooleanProp("Logger.LogEncodingRequired")) {
 			clean = ESAPI.encoder().encodeForHTML(message);
 			if (!message.equals(clean)) {
 				clean += " (Encoded)";
diff --git a/src/main/java/org/owasp/esapi/reference/crypto/JavaEncryptor.java b/src/main/java/org/owasp/esapi/reference/crypto/JavaEncryptor.java
index 8190dab4a..aff901e2a 100644
--- a/src/main/java/org/owasp/esapi/reference/crypto/JavaEncryptor.java
+++ b/src/main/java/org/owasp/esapi/reference/crypto/JavaEncryptor.java
@@ -209,9 +209,9 @@ public static void main( String[] args ) throws Exception {
         // setup algorithms -- Each of these have defaults if not set, although
 		//					   someone could set them to something invalid. If
 		//					   so a suitable exception will be thrown and displayed.
-        encryptAlgorithm = ESAPI.securityConfiguration().getEncryptionAlgorithm();
-		encryptionKeyLength = ESAPI.securityConfiguration().getEncryptionKeyLength();
-		randomAlgorithm = ESAPI.securityConfiguration().getRandomAlgorithm();
+        encryptAlgorithm = ESAPI.securityConfiguration().getStringProp("Encryptor.EncryptionAlgorithm");
+		encryptionKeyLength = ESAPI.securityConfiguration().getIntProp("Encryptor.EncryptionKeyLength");
+		randomAlgorithm = ESAPI.securityConfiguration().getStringProp("Encryptor.RandomAlgorithm");
 
 		SecureRandom random = SecureRandom.getInstance(randomAlgorithm);
 		SecretKey secretKey = CryptoHelper.generateSecretKey(encryptAlgorithm, encryptionKeyLength);
@@ -233,8 +233,8 @@ public static void main( String[] args ) throws Exception {
      * 					Original exception will be attached as the 'cause'.
      */
     private JavaEncryptor() throws EncryptionException {
-        byte[] salt = ESAPI.securityConfiguration().getMasterSalt();
-        byte[] skey = ESAPI.securityConfiguration().getMasterKey();
+        byte[] salt = ESAPI.securityConfiguration().getByteArrayProp("Encryptor.MasterKey");
+        byte[] skey = ESAPI.securityConfiguration().getByteArrayProp("Encryptor.MasterSalt");
 
         assert salt != null : "Can't obtain master salt, Encryptor.MasterSalt";
         assert salt.length >= 16 : "Encryptor.MasterSalt must be at least 16 bytes. " +
@@ -311,7 +311,7 @@ public String hash(String plaintext, String salt, int iterations) throws Encrypt
 		try {
 			MessageDigest digest = MessageDigest.getInstance(hashAlgorithm);
 			digest.reset();
-			digest.update(ESAPI.securityConfiguration().getMasterSalt());
+			digest.update(ESAPI.securityConfiguration().getByteArrayProp("Encryptor.MasterKey"));
 			digest.update(salt.getBytes(encoding));
 			digest.update(plaintext.getBytes(encoding));
 
@@ -351,14 +351,14 @@ public CipherText encrypt(SecretKey key, PlainText plain)
 			 throw new IllegalArgumentException("PlainText may arg not be null");
 		 }
 		 byte[] plaintext = plain.asBytes();
-		 boolean overwritePlaintext = ESAPI.securityConfiguration().overwritePlainText();
+		 boolean overwritePlaintext = ESAPI.securityConfiguration().getBooleanProp("Encryptor.PlainText.overwrite");
 
 		 boolean success = false;	// Used in 'finally' clause.
 		 String xform = null;
 		 int keySize = key.getEncoded().length * 8;	// Convert to # bits
 
 		try {
-			 xform = ESAPI.securityConfiguration().getCipherTransformation();
+			 xform = ESAPI.securityConfiguration().getStringProp("Encryptor.CipherTransformation");
              String[] parts = xform.split("/");
              assert parts.length == 3 : "Malformed cipher transformation: " + xform;
              String cipherMode = parts[1];
@@ -383,7 +383,7 @@ public CipherText encrypt(SecretKey key, PlainText plain)
 			 //        and this method will just call that one.
 			 Cipher encrypter = Cipher.getInstance(xform);
 			 String cipherAlg = encrypter.getAlgorithm();
-			 int keyLen = ESAPI.securityConfiguration().getEncryptionKeyLength();
+			 int keyLen = ESAPI.securityConfiguration().getIntProp("Encryptor.EncryptionKeyLength");
 
 			 // DISCUSS: OK, what do we want to do here if keyLen != keySize? If use keyLen, encryption
 			 //		     could fail with an exception, but perhaps that's what we want. Or we may just be
@@ -475,12 +475,12 @@ public CipherText encrypt(SecretKey key, PlainText plain)
 			 }
 			 
 			 if ( cipherSpec.requiresIV() ) {
-				 String ivType = ESAPI.securityConfiguration().getIVType();
+				 String ivType = ESAPI.securityConfiguration().getStringProp("Encryptor.ChooseIVMethod");
 				 IvParameterSpec ivSpec = null;
 				 if ( ivType.equalsIgnoreCase("random") ) {
 					 ivBytes = ESAPI.randomizer().getRandomBytes(encrypter.getBlockSize());
 				 } else if ( ivType.equalsIgnoreCase("fixed") ) {
-					 String fixedIVAsHex = ESAPI.securityConfiguration().getFixedIV();
+					 String fixedIVAsHex = ESAPI.securityConfiguration().getStringProp("Encryptor.fixedIV");
 					 ivBytes = Hex.decode(fixedIVAsHex);
 					 /* FUTURE		 } else if ( ivType.equalsIgnoreCase("specified")) {
 					 		// FUTURE - TODO  - Create instance of specified class to use for IV generation and
@@ -912,7 +912,7 @@ public String computeHMAC( String input ) throws EncryptionException {
 			//			perhaps a derived key based on the master salt. (One could use
 			//			KeyDerivationFunction.computeDerivedKey().)
 			//
-			byte[] salt = ESAPI.securityConfiguration().getMasterSalt();
+			byte[] salt = ESAPI.securityConfiguration().getByteArrayProp("Encryptor.MasterKey");
 			hmac.init( new SecretKeySpec(salt, "HMacSHA1") );	// Was:	hmac.init(secretKeySpec)	
 			byte[] inBytes;
 			try {
@@ -965,7 +965,7 @@ private void logWarning(String where, String msg) {
     private KeyDerivationFunction.PRF_ALGORITHMS getPRF(String name) {    	
 		String prfName = null;
 		if ( name == null ) {
-			prfName = ESAPI.securityConfiguration().getKDFPseudoRandomFunction();
+			prfName = ESAPI.securityConfiguration().getStringProp("Encryptor.KDF.PRF");
 		} else {
 			prfName = name;
 		}
@@ -974,7 +974,7 @@ private KeyDerivationFunction.PRF_ALGORITHMS getPRF(String name) {
     }
     
     private KeyDerivationFunction.PRF_ALGORITHMS getDefaultPRF() {
-		String prfName = ESAPI.securityConfiguration().getKDFPseudoRandomFunction();
+		String prfName = ESAPI.securityConfiguration().getStringProp("Encryptor.KDF.PRF");
 		return getPRF(prfName);
     }
     
@@ -1009,14 +1009,14 @@ private SecretKey computeDerivedKey(int kdfVersion, KeyDerivationFunction.PRF_AL
     // Get all the algorithms we will be using from ESAPI.properties.
     private static void setupAlgorithms() {
         // setup algorithms
-        encryptAlgorithm = ESAPI.securityConfiguration().getEncryptionAlgorithm();
-        signatureAlgorithm = ESAPI.securityConfiguration().getDigitalSignatureAlgorithm();
-        randomAlgorithm = ESAPI.securityConfiguration().getRandomAlgorithm();
-        hashAlgorithm = ESAPI.securityConfiguration().getHashAlgorithm();
-        hashIterations = ESAPI.securityConfiguration().getHashIterations();
-        encoding = ESAPI.securityConfiguration().getCharacterEncoding();
-        encryptionKeyLength = ESAPI.securityConfiguration().getEncryptionKeyLength();
-        signatureKeyLength = ESAPI.securityConfiguration().getDigitalSignatureKeyLength();
+        encryptAlgorithm = ESAPI.securityConfiguration().getStringProp("Encryptor.EncryptionAlgorithm");
+        signatureAlgorithm = ESAPI.securityConfiguration().getStringProp("Encryptor.DigitalSignatureAlgorithm");
+        randomAlgorithm = ESAPI.securityConfiguration().getStringProp("Encryptor.RandomAlgorithm");
+        hashAlgorithm = ESAPI.securityConfiguration().getStringProp("Encryptor.HashAlgorithm");
+        hashIterations = ESAPI.securityConfiguration().getIntProp("Encryptor.HashIterations");
+        encoding = ESAPI.securityConfiguration().getStringProp("Encryptor.CharacterEncoding");
+        encryptionKeyLength = ESAPI.securityConfiguration().getIntProp("Encryptor.EncryptionKeyLength");
+        signatureKeyLength = ESAPI.securityConfiguration().getIntProp("Encryptor.DigitalSignatureKeyLength");
     }
     
     // Set up signing key pair using the master password and salt. Called (once)
diff --git a/src/main/java/org/owasp/esapi/reference/validation/DateValidationRule.java b/src/main/java/org/owasp/esapi/reference/validation/DateValidationRule.java
index 8d031a12f..f37f72097 100644
--- a/src/main/java/org/owasp/esapi/reference/validation/DateValidationRule.java
+++ b/src/main/java/org/owasp/esapi/reference/validation/DateValidationRule.java
@@ -53,7 +53,7 @@ public final void setDateFormat( DateFormat newFormat ) {
 		}
 */
         this.format = newFormat;
-        this.format.setLenient( ESAPI.securityConfiguration().getLenientDatesAccepted() );
+        this.format.setLenient( ESAPI.securityConfiguration().getBooleanProp("Validator.AcceptLenientDates") );
     }
 
     /**
diff --git a/src/main/java/org/owasp/esapi/waf/configuration/ConfigurationParser.java b/src/main/java/org/owasp/esapi/waf/configuration/ConfigurationParser.java
index 4eba04e73..68728cd25 100644
--- a/src/main/java/org/owasp/esapi/waf/configuration/ConfigurationParser.java
+++ b/src/main/java/org/owasp/esapi/waf/configuration/ConfigurationParser.java
@@ -68,7 +68,7 @@ public class ConfigurationParser {
 	static {
 		String sessionIdName = null;
 		try {
-			sessionIdName = ESAPI.securityConfiguration().getHttpSessionIdName();
+			sessionIdName = ESAPI.securityConfiguration().getStringProp("HttpUtilities.HttpSessionIdName");
 		} catch (Throwable t) {
 			sessionIdName = "JSESSIONID";	// If all else fails...
 		}
diff --git a/src/test/java/org/owasp/esapi/SecurityConfigurationWrapper.java b/src/test/java/org/owasp/esapi/SecurityConfigurationWrapper.java
index 769c9eced..efe655aa7 100644
--- a/src/test/java/org/owasp/esapi/SecurityConfigurationWrapper.java
+++ b/src/test/java/org/owasp/esapi/SecurityConfigurationWrapper.java
@@ -45,7 +45,7 @@ public SecurityConfiguration getWrappedSecurityConfiguration()
 	// @Override
 	public String getApplicationName()
 	{
-		return wrapped.getApplicationName();
+		return wrapped.getStringProp("Logger.ApplicationName");
 	}
 	
 	/**
@@ -54,7 +54,7 @@ public String getApplicationName()
 	// @Override
 	public String getLogImplementation()
 	{
-		return wrapped.getLogImplementation();
+		return wrapped.getStringProp("ESAPI.Logger");
 	}
 	
 	/**
@@ -63,7 +63,7 @@ public String getLogImplementation()
 	// @Override
 	public String getAuthenticationImplementation()
 	{
-		return wrapped.getAuthenticationImplementation();
+		return wrapped.getStringProp("ESAPI.Authenticator");
 	}
 	
 	/**
@@ -72,7 +72,7 @@ public String getAuthenticationImplementation()
 	// @Override
 	public String getEncoderImplementation()
 	{
-		return wrapped.getEncoderImplementation();
+		return wrapped.getStringProp("ESAPI.Encoder");
 	}
 	
 	/**
@@ -81,7 +81,7 @@ public String getEncoderImplementation()
 	// @Override
 	public String getAccessControlImplementation()
 	{
-		return wrapped.getAccessControlImplementation();
+		return wrapped.getStringProp("ESAPI.AccessControl");
 	}
 	
 	/**
@@ -90,7 +90,7 @@ public String getAccessControlImplementation()
 	// @Override
 	public String getIntrusionDetectionImplementation()
 	{
-		return wrapped.getIntrusionDetectionImplementation();
+		return wrapped.getStringProp("ESAPI.IntrusionDetector");
 	}
 	
 	/**
@@ -99,7 +99,7 @@ public String getIntrusionDetectionImplementation()
 	// @Override
 	public String getRandomizerImplementation()
 	{
-		return wrapped.getRandomizerImplementation();
+		return wrapped.getStringProp("ESAPI.Randomizer");
 	}
 	
 	/**
@@ -108,7 +108,7 @@ public String getRandomizerImplementation()
 	// @Override
 	public String getEncryptionImplementation()
 	{
-		return wrapped.getEncryptionImplementation();
+		return wrapped.getStringProp("ESAPI.Encryptor");
 	}
 	
 	/**
@@ -117,7 +117,7 @@ public String getEncryptionImplementation()
 	// @Override
 	public String getValidationImplementation()
 	{
-		return wrapped.getValidationImplementation();
+		return wrapped.getStringProp("ESAPI.Validator");
 	}
 	
 	/**
@@ -135,7 +135,7 @@ public Pattern getValidationPattern( String typeName )
 	// @Override
 	public String getExecutorImplementation()
 	{
-		return wrapped.getExecutorImplementation();
+		return wrapped.getStringProp("ESAPI.Executor");
 	}
 	
 	/**
@@ -144,7 +144,7 @@ public String getExecutorImplementation()
 	// @Override
 	public String getHTTPUtilitiesImplementation()
 	{
-		return wrapped.getHTTPUtilitiesImplementation();
+		return wrapped.getStringProp("ESAPI.HTTPUtilities");
 	}
 	
 	/**
@@ -153,7 +153,7 @@ public String getHTTPUtilitiesImplementation()
 	// @Override
 	public byte[] getMasterKey()
 	{
-		return wrapped.getMasterKey();
+		return wrapped.getByteArrayProp("Encryptor.MasterSalt");
 	}
 
 	/**
@@ -180,7 +180,7 @@ public File getUploadTempDirectory()
 	// @Override
 	public int getEncryptionKeyLength()
 	{
-		return wrapped.getEncryptionKeyLength();
+		return wrapped.getIntProp("Encryptor.EncryptionKeyLength");
 	}
     
 	/**
@@ -189,7 +189,7 @@ public int getEncryptionKeyLength()
 	// @Override
 	public byte[] getMasterSalt()
 	{
-		return wrapped.getMasterSalt();
+		return wrapped.getByteArrayProp("Encryptor.MasterKey");
 	}
 
 	/**
@@ -216,7 +216,7 @@ public List getAllowedFileExtensions()
 	// @Override
 	public int getAllowedFileUploadSize()
 	{
-		return wrapped.getAllowedFileUploadSize();
+		return wrapped.getIntProp("HttpUtilities.MaxUploadFileBytes");
 	}
 
 	/**
@@ -225,7 +225,7 @@ public int getAllowedFileUploadSize()
 	// @Override
 	public String getPasswordParameterName()
 	{
-		return wrapped.getPasswordParameterName();
+		return wrapped.getStringProp("PasswordParameterName");
 	}
 
 	/**
@@ -234,7 +234,7 @@ public String getPasswordParameterName()
 	// @Override
 	public String getUsernameParameterName()
 	{
-		return wrapped.getUsernameParameterName();
+		return wrapped.getStringProp("Authenticator.UsernameParameterName");
 	}
 
 	/**
@@ -243,7 +243,7 @@ public String getUsernameParameterName()
 	// @Override
 	public String getEncryptionAlgorithm()
 	{
-		return wrapped.getEncryptionAlgorithm();
+		return wrapped.getStringProp("Encryptor.EncryptionAlgorithm");
 	}
 
 	/**
@@ -252,7 +252,7 @@ public String getEncryptionAlgorithm()
 	// @Override
 	public String getCipherTransformation()
 	{
-		return wrapped.getCipherTransformation();
+		return wrapped.getStringProp("Encryptor.CipherTransformation");
 	}
 
 	/**
@@ -270,7 +270,7 @@ public String setCipherTransformation(String cipherXform)
 	// @Override
 	public boolean useMACforCipherText()
 	{
-		return wrapped.useMACforCipherText();
+		return wrapped.getBooleanProp("Encryptor.CipherText.useMAC");
 	}
 
 	/**
@@ -279,7 +279,7 @@ public boolean useMACforCipherText()
 	// @Override
 	public boolean overwritePlainText()
 	{
-		return wrapped.overwritePlainText();
+		return wrapped.getBooleanProp("Encryptor.PlainText.overwrite");
 	}
 
 	/**
@@ -288,7 +288,7 @@ public boolean overwritePlainText()
 	// @Override
 	public String getIVType()
 	{
-		return wrapped.getIVType();
+		return wrapped.getStringProp("Encryptor.ChooseIVMethod");
 	}
 
 	/**
@@ -297,7 +297,7 @@ public String getIVType()
 	// @Override
 	public String getFixedIV()
 	{
-		return wrapped.getFixedIV();
+		return wrapped.getStringProp("Encryptor.fixedIV");
 	}
 
 	/**
@@ -306,7 +306,7 @@ public String getFixedIV()
 	// @Override
 	public String getHashAlgorithm()
 	{
-		return wrapped.getHashAlgorithm();
+		return wrapped.getStringProp("Encryptor.HashAlgorithm");
 	}
 
 	/**
@@ -315,7 +315,7 @@ public String getHashAlgorithm()
 	// @Override
 	public int getHashIterations()
 	{
-		return wrapped.getHashIterations();
+		return wrapped.getIntProp("Encryptor.HashIterations");
 	}
 
 	/**
@@ -324,7 +324,7 @@ public int getHashIterations()
 	// @Override
 	public String getCharacterEncoding()
 	{
-		return wrapped.getCharacterEncoding();
+		return wrapped.getStringProp("HttpUtilities.CharacterEncoding");
 	}
 
 	/**
@@ -333,7 +333,7 @@ public String getCharacterEncoding()
 	// @Override
 	public boolean getAllowMultipleEncoding()
 	{
-		return wrapped.getAllowMultipleEncoding();
+		return wrapped.getBooleanProp("Encoder.AllowMultipleEncoding");
 	}
 
 	/**
@@ -342,7 +342,7 @@ public boolean getAllowMultipleEncoding()
 	// @Override
 	public boolean getAllowMixedEncoding()
 	{
-		return wrapped.getAllowMixedEncoding();
+		return wrapped.getBooleanProp("Encoder.AllowMixedEncoding");
 	}
 
 	/**
@@ -360,7 +360,7 @@ public List getDefaultCanonicalizationCodecs()
 	// @Override
 	public String getDigitalSignatureAlgorithm()
 	{
-		return wrapped.getDigitalSignatureAlgorithm();
+		return wrapped.getStringProp("Encryptor.DigitalSignatureAlgorithm");
 	}
 
 	/**
@@ -369,7 +369,7 @@ public String getDigitalSignatureAlgorithm()
 	// @Override
 	public int getDigitalSignatureKeyLength()
 	{
-		return wrapped.getDigitalSignatureKeyLength();
+		return wrapped.getIntProp("Encryptor.DigitalSignatureKeyLength");
 	}
 		   
 	/**
@@ -378,7 +378,7 @@ public int getDigitalSignatureKeyLength()
 	// @Override
 	public String getRandomAlgorithm()
 	{
-		return wrapped.getRandomAlgorithm();
+		return wrapped.getStringProp("Encryptor.RandomAlgorithm");
 	}
 
 	/**
@@ -387,7 +387,7 @@ public String getRandomAlgorithm()
 	// @Override
 	public int getAllowedLoginAttempts()
 	{
-		return wrapped.getAllowedLoginAttempts();
+		return wrapped.getIntProp("Authenticator.AllowedLoginAttempts");
 	}
 
 	/**
@@ -396,7 +396,7 @@ public int getAllowedLoginAttempts()
 	// @Override
 	public int getMaxOldPasswordHashes()
 	{
-		return wrapped.getMaxOldPasswordHashes();
+		return wrapped.getIntProp("Authenticator.MaxOldPasswordHashes");
 	}
 
 	/**
@@ -423,7 +423,7 @@ public File getResourceFile( String filename )
 	// @Override
 	public boolean getForceHttpOnlySession() 
 	{
-		return wrapped.getForceHttpOnlySession();
+		return wrapped.getBooleanProp("HttpUtilities.ForceHttpOnlySession");
 	}
 
 	/**
@@ -432,7 +432,7 @@ public boolean getForceHttpOnlySession()
 	// @Override
 	public boolean getForceSecureSession() 
 	{
-		return wrapped.getForceSecureSession();
+		return wrapped.getBooleanProp("HttpUtilities.ForceSecureSession");
 	}
 
 	/**
@@ -441,7 +441,7 @@ public boolean getForceSecureSession()
 	// @Override
 	public boolean getForceHttpOnlyCookies()
 	{
-		return wrapped.getForceHttpOnlyCookies();
+		return wrapped.getBooleanProp("HttpUtilities.ForceHttpOnlyCookies");
 	}
 
 	/**
@@ -450,7 +450,7 @@ public boolean getForceHttpOnlyCookies()
 	// @Override
 	public boolean getForceSecureCookies()
 	{
-		return wrapped.getForceSecureCookies();
+		return wrapped.getBooleanProp("HttpUtilities.ForceSecureCookies");
 	}
 
 	/**
@@ -458,7 +458,7 @@ public boolean getForceSecureCookies()
 	 */
 	// @Override
 	public int getMaxHttpHeaderSize() {
-        return wrapped.getMaxHttpHeaderSize();
+        return wrapped.getIntProp("HttpUtilities.MaxHeaderValueSize");
 	}
 
 	/**
@@ -486,7 +486,7 @@ public void setResourceDirectory(String dir)
 	// @Override
 	public String getResponseContentType()
 	{
-		return wrapped.getResponseContentType();
+		return wrapped.getStringProp("HttpUtilities.ResponseContentType");
 	}
 
 	/**
@@ -494,7 +494,7 @@ public String getResponseContentType()
 	 */
 	// @Override
 	public String getHttpSessionIdName() {
-		return wrapped.getHttpSessionIdName();
+		return wrapped.getStringProp("HttpUtilities.HttpSessionIdName");
 	}
 	
 	/**
@@ -512,7 +512,7 @@ public long getRememberTokenDuration()
 	// @Override
 	public int getSessionIdleTimeoutLength()
 	{
-		return wrapped.getSessionIdleTimeoutLength();
+		return wrapped.getIntProp("HttpUtilities.HTTPJSESSIONIDLENGTH");
 	}
 	
 	/**
@@ -521,7 +521,7 @@ public int getSessionIdleTimeoutLength()
 	// @Override
 	public int getSessionAbsoluteTimeoutLength()
 	{
-		return wrapped.getSessionAbsoluteTimeoutLength();
+		return wrapped.getIntProp("Authenticator.AbsoluteTimeoutDuration");
 	}
 	
 	/**
@@ -530,7 +530,7 @@ public int getSessionAbsoluteTimeoutLength()
 	// @Override
 	public boolean getLogEncodingRequired()
 	{
-		return wrapped.getLogEncodingRequired();
+		return wrapped.getBooleanProp("Logger.LogEncodingRequired");
 	}
 	
 	/**
@@ -539,7 +539,7 @@ public boolean getLogEncodingRequired()
 	// @Override
 	public boolean getLogApplicationName()
 	{
-		return wrapped.getLogApplicationName();
+		return wrapped.getBooleanProp("Logger.LogApplicationName");
 	}
 
 	/**
@@ -548,25 +548,16 @@ public boolean getLogApplicationName()
 	// @Override
 	public boolean getLogServerIP()
 	{
-		return wrapped.getLogServerIP();
+		return wrapped.getBooleanProp("Logger.LogServerIP");
 	}
 
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public int getLogLevel()
-	{
-		return wrapped.getLogLevel();
-	}
-	
 	/**
 	 * {@inheritDoc}
 	 */
 	// @Override
 	public String getLogFileName()
 	{
-		return wrapped.getLogFileName();
+		return wrapped.getStringProp("Logger.LogFileName");
 	}
 
 	/**
@@ -575,7 +566,7 @@ public String getLogFileName()
 	// @Override
 	public int getMaxLogFileSize()
 	{
-	 	return wrapped.getMaxLogFileSize();
+	 	return wrapped.getIntProp("Logger.MaxLogFileSize");
 	}
 
 	@Override
@@ -627,7 +618,7 @@ public List<String> getCombinedCipherModes() {
      * {@inheritDoc}
      */
     public String getPreferredJCEProvider() {
-        return wrapped.getPreferredJCEProvider();
+        return wrapped.getStringProp("Encryptor.PreferredJCEProvider");
     }
 
 	/**
@@ -635,7 +626,7 @@ public String getPreferredJCEProvider() {
 	 */
 	// @Override
 	public boolean getDisableIntrusionDetection() {
-		return wrapped.getDisableIntrusionDetection();
+		return wrapped.getBooleanProp("IntrusionDetector.Disable");
 	}
 
 	/**
@@ -643,13 +634,13 @@ public boolean getDisableIntrusionDetection() {
 	 */
 	// @Override
 	public String getKDFPseudoRandomFunction() {
-		return wrapped.getKDFPseudoRandomFunction();
+		return wrapped.getStringProp("Encryptor.KDF.PRF");
 	}
 
 	/**
 	 * {@inheritDoc}
 	 */
 	public boolean getLenientDatesAccepted() {
-		return wrapped.getLenientDatesAccepted();
+		return wrapped.getBooleanProp("Validator.AcceptLenientDates");
 	}
 }
diff --git a/src/test/java/org/owasp/esapi/crypto/CipherSpecTest.java b/src/test/java/org/owasp/esapi/crypto/CipherSpecTest.java
index 8f808880f..951db1e2a 100644
--- a/src/test/java/org/owasp/esapi/crypto/CipherSpecTest.java
+++ b/src/test/java/org/owasp/esapi/crypto/CipherSpecTest.java
@@ -31,7 +31,7 @@ public class CipherSpecTest extends TestCase {
 	@Before public void setUp() throws Exception {
 			// This will throw ConfigurationException if IV type is not set to
 			// 'fixed', which it's not. (We have it set to 'random'.)
-		// myIV = Hex.decode( ESAPI.securityConfiguration().getFixedIV() );
+		// myIV = Hex.decode( ESAPI.securityConfiguration().getStringProp("Encryptor.fixedIV") );
 		myIV = Hex.decode( "0x000102030405060708090a0b0c0d0e0f" );
 
 		dfltAESCipher   = Cipher.getInstance("AES");
@@ -95,9 +95,9 @@ public class CipherSpecTest extends TestCase {
 		assertTrue( myIV.length > 0 );
 		cipherSpec = new CipherSpec(myIV);
 		assertTrue( cipherSpec.getKeySize() == 
-						ESAPI.securityConfiguration().getEncryptionKeyLength() );
+						ESAPI.securityConfiguration().getIntProp("Encryptor.EncryptionKeyLength") );
 		assertTrue( cipherSpec.getCipherTransformation().equals(
-						ESAPI.securityConfiguration().getCipherTransformation() ) );
+						ESAPI.securityConfiguration().getStringProp("Encryptor.CipherTransformation") ) );
 	}
 
 	/** Test CipherSpec() */
@@ -138,7 +138,7 @@ public class CipherSpecTest extends TestCase {
 	/** Test getKeySize() */
 	@Test public void testGetKeySize() {
 		assertTrue( (new CipherSpec()).getKeySize() ==
-			ESAPI.securityConfiguration().getEncryptionKeyLength() );
+			ESAPI.securityConfiguration().getIntProp("Encryptor.EncryptionKeyLength") );
 	}
 
 	/** Test setBlockSize() */
diff --git a/src/test/java/org/owasp/esapi/crypto/SecurityProviderLoaderTest.java b/src/test/java/org/owasp/esapi/crypto/SecurityProviderLoaderTest.java
index cba2da0ae..4f597b45d 100644
--- a/src/test/java/org/owasp/esapi/crypto/SecurityProviderLoaderTest.java
+++ b/src/test/java/org/owasp/esapi/crypto/SecurityProviderLoaderTest.java
@@ -67,7 +67,7 @@ public final void testInsertProviderAt() {
     @Test
     public final void testLoadESAPIPreferredJCEProvider() {
         // Note: OK if empty string or unset, in fact default is empty string.
-        String preferredProvider = ESAPI.securityConfiguration().getPreferredJCEProvider();
+        String preferredProvider = ESAPI.securityConfiguration().getStringProp("Encryptor.PreferredJCEProvider");
         try {
             SecurityProviderLoader.loadESAPIPreferredJCEProvider();
             assertTrue(true);
diff --git a/src/test/java/org/owasp/esapi/reference/DefaultSecurityConfigurationTest.java b/src/test/java/org/owasp/esapi/reference/DefaultSecurityConfigurationTest.java
index 14d7bab6e..8f786460e 100644
--- a/src/test/java/org/owasp/esapi/reference/DefaultSecurityConfigurationTest.java
+++ b/src/test/java/org/owasp/esapi/reference/DefaultSecurityConfigurationTest.java
@@ -440,7 +440,7 @@ public void DefaultSearchPathEnumChanges(){
 	}
 	
 	@Test
-	public void defaultPropertiesTest(){
+	public void defaultPropertiesTest() throws Exception{
 		SecurityConfiguration sc = ESAPI.securityConfiguration();
 //		# Maximum size of JSESSIONID for the application--the validator regex may have additional values.  
 //		HttpUtilities.HTTPJSESSIONIDLENGTH=50
@@ -478,5 +478,50 @@ public void defaultPropertiesTest(){
 //		# Maximum length of a redirect 
 //		HttpUtilities.maxRedirectLength=512
 		assertEquals(512, sc.getIntProp("HttpUtilities.maxRedirectLength"));
+		assertEquals("org.owasp.esapi.reference.DefaultAccessController",sc.getStringProp("ESAPI.AccessControl"));
+		assertEquals("org.owasp.esapi.reference.FileBasedAuthenticator", sc.getStringProp("ESAPI.Authenticator"));
+		assertEquals("org.owasp.esapi.reference.DefaultEncoder", sc.getStringProp("ESAPI.Encoder"));
+		assertEquals("org.owasp.esapi.reference.crypto.JavaEncryptor", sc.getStringProp("ESAPI.Encryptor"));
+		assertEquals("org.owasp.esapi.reference.DefaultExecutor", sc.getStringProp("ESAPI.Executor"));
+		assertEquals("org.owasp.esapi.reference.DefaultHTTPUtilities", sc.getStringProp("ESAPI.HTTPUtilities"));
+		assertEquals("org.owasp.esapi.reference.DefaultIntrusionDetector", sc.getStringProp("ESAPI.IntrusionDetector"));
+		assertEquals("org.owasp.esapi.reference.Log4JLogFactory",sc.getStringProp("ESAPI.Logger"));
+		assertEquals("org.owasp.esapi.reference.DefaultRandomizer", sc.getStringProp("ESAPI.Randomizer"));
+		assertEquals("org.owasp.esapi.reference.DefaultValidator", sc.getStringProp("ESAPI.Validator"));
+		assertEquals(500000000, sc.getIntProp("HttpUtilities.MaxUploadFileBytes"));
+		assertEquals(true, sc.getBooleanProp("HttpUtilities.ForceHttpOnlyCookies"));
+		assertEquals(true, sc.getBooleanProp("HttpUtilities.ForceSecureCookies"));
+		assertEquals("JSESSIONID", sc.getStringProp("HttpUtilities.HttpSessionIdName"));
+		assertEquals("text/html; charset=UTF-8", sc.getStringProp("HttpUtilities.ResponseContentType"));
+		assertEquals(3, sc.getIntProp("Authenticator.AllowedLoginAttempts"));
+		assertEquals(20, sc.getIntProp("Authenticator.IdleTimeoutDuration"));
+		assertEquals("UTF-8", sc.getStringProp("HttpUtilities.CharacterEncoding"));
+		assertEquals(false, sc.getBooleanProp("Encoder.AllowMultipleEncoding"));
+		assertEquals(false, sc.getBooleanProp("Encoder.AllowMixedEncoding"));
+		
+		assertEquals("ExampleApplication", sc.getStringProp("Logger.ApplicationName"));
+		assertEquals(true, sc.getBooleanProp("Logger.LogApplicationName"));
+		assertEquals(true, sc.getBooleanProp("Logger.LogServerIP"));
+		assertEquals(false, sc.getBooleanProp("Logger.LogEncodingRequired"));
+		assertEquals(10000000, sc.getIntProp("Logger.MaxLogFileSize"));
+		
+		assertEquals("AES", sc.getStringProp("Encryptor.EncryptionAlgorithm"));
+		assertEquals(128, sc.getIntProp("Encryptor.EncryptionKeyLength"));
+		assertEquals("SHA1PRNG", sc.getStringProp("Encryptor.RandomAlgorithm"));
+		assertEquals("HmacSHA256", sc.getStringProp("Encryptor.KDF.PRF"));
+		assertEquals("a6H9is3hEVGKB4Jut+lOVA==", sc.getStringProp("Encryptor.MasterKey"));
+		assertEquals("SbftnvmEWD5ZHHP+pX3fqugNysc=", sc.getStringProp("Encryptor.MasterSalt"));
+		assertEquals(true, sc.getBooleanProp("Encryptor.PlainText.overwrite"));
+		assertEquals("AES/CBC/PKCS5Padding", sc.getStringProp("Encryptor.CipherTransformation"));
+		assertEquals("random", sc.getStringProp("Encryptor.ChooseIVMethod"));
+		assertEquals("0x000102030405060708090a0b0c0d0e0f", sc.getStringProp("Encryptor.fixedIV"));
+		assertEquals("SHA1withDSA", sc.getStringProp("Encryptor.DigitalSignatureAlgorithm"));
+		assertEquals("SHA-512", sc.getStringProp("Encryptor.HashAlgorithm"));
+		assertEquals(1024, sc.getIntProp("Encryptor.HashIterations"));
+		assertEquals("UTF-8", sc.getStringProp("Encryptor.CharacterEncoding"));
+		assertEquals(false, sc.getBooleanProp("IntrusionDetector.Disable"));
+		assertEquals(true, sc.getBooleanProp("Encryptor.CipherText.useMAC"));
+		assertEquals(13, sc.getIntProp("Authenticator.MaxOldPasswordHashes"));
+		assertEquals("ESAPI_logging_file", sc.getStringProp("Logger.LogFileName"));
 	}
 }
diff --git a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
index f5a8fb330..874e47493 100644
--- a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
+++ b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
@@ -150,7 +150,7 @@ public void testGetValidDate() throws Exception {
     //		  Validator.AcceptLenientDates to be false.
     public void testLenientDate() {
     	System.out.println("testLenientDate");
-    	boolean acceptLenientDates = ESAPI.securityConfiguration().getLenientDatesAccepted();
+    	boolean acceptLenientDates = ESAPI.securityConfiguration().getBooleanProp("Validator.AcceptLenientDates");
     	if ( acceptLenientDates ) {
     		assertTrue("Lenient date test skipped because Validator.AcceptLenientDates set to true", true);
     		return;
diff --git a/src/test/java/org/owasp/esapi/reference/crypto/EncryptorTest.java b/src/test/java/org/owasp/esapi/reference/crypto/EncryptorTest.java
index 787464cb8..a585be63a 100644
--- a/src/test/java/org/owasp/esapi/reference/crypto/EncryptorTest.java
+++ b/src/test/java/org/owasp/esapi/reference/crypto/EncryptorTest.java
@@ -279,7 +279,7 @@ private String runNewEncryptDecryptTestCase(String cipherXform, int keySize, byt
 
 	    	// If we are supposed to have overwritten the plaintext, check this to see
 	    	// if origPlainText was indeed overwritten.
-			boolean overwritePlaintext = ESAPI.securityConfiguration().overwritePlainText();
+			boolean overwritePlaintext = ESAPI.securityConfiguration().getBooleanProp("Encryptor.PlainText.overwrite");
 			if ( overwritePlaintext ) {
 				assertTrue( isPlaintextOverwritten(plaintext) );
 			}
@@ -296,7 +296,7 @@ private String runNewEncryptDecryptTestCase(String cipherXform, int keySize, byt
 	    	@SuppressWarnings("deprecation")
 			String previousCipherXform = ESAPI.securityConfiguration().setCipherTransformation(null);
 	    	assertTrue( previousCipherXform.equals( cipherXform ) );
-	    	String defaultCipherXform = ESAPI.securityConfiguration().getCipherTransformation();
+	    	String defaultCipherXform = ESAPI.securityConfiguration().getStringProp("Encryptor.CipherTransformation");
 	    	assertTrue( defaultCipherXform.equals( oldCipherXform ) );
 	    	
 	    	return ciphertext.getEncodedIVCipherText();

From 18688a03dc10679de97d3a41a1d5473674ad335a Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Sun, 30 Jul 2017 09:22:49 -0700
Subject: [PATCH 431/812] Revert "Issue #403 -- checkpoint on getting basic
 unit tests to pass.  Not working in maven yet..."

This reverts commit 7696ebc32b6870b70d07c2b6462f2e223f731f1c.
---
 src/main/java/org/owasp/esapi/ESAPI.java      |  20 +-
 .../owasp/esapi/SecurityConfiguration.java    | 541 +++++++++++++++++-
 .../org/owasp/esapi/crypto/CipherSpec.java    |   4 +-
 .../org/owasp/esapi/crypto/CipherText.java    |   4 +-
 .../org/owasp/esapi/crypto/CryptoHelper.java  |   2 +-
 .../org/owasp/esapi/crypto/CryptoToken.java   |   6 +-
 .../esapi/crypto/KeyDerivationFunction.java   |   4 +-
 .../esapi/crypto/SecurityProviderLoader.java  |   2 +-
 .../errors/EnterpriseSecurityException.java   |   4 +-
 .../EnterpriseSecurityRuntimeException.java   |   4 +-
 .../reference/AbstractAuthenticator.java      |   4 +-
 .../owasp/esapi/reference/DefaultEncoder.java |   8 +-
 .../esapi/reference/DefaultHTTPUtilities.java |  14 +-
 .../reference/DefaultIntrusionDetector.java   |  10 +-
 .../esapi/reference/DefaultRandomizer.java    |   2 +-
 .../owasp/esapi/reference/DefaultUser.java    |   8 +-
 .../esapi/reference/DefaultValidator.java     |   2 +-
 .../reference/FileBasedAuthenticator.java     |   2 +-
 .../owasp/esapi/reference/JavaLogFactory.java |   8 +-
 .../owasp/esapi/reference/Log4JLogger.java    |   8 +-
 .../esapi/reference/crypto/JavaEncryptor.java |  44 +-
 .../validation/DateValidationRule.java        |   2 +-
 .../configuration/ConfigurationParser.java    |   2 +-
 .../esapi/SecurityConfigurationWrapper.java   | 111 ++--
 .../owasp/esapi/crypto/CipherSpecTest.java    |   8 +-
 .../crypto/SecurityProviderLoaderTest.java    |   2 +-
 .../DefaultSecurityConfigurationTest.java     |  47 +-
 .../owasp/esapi/reference/ValidatorTest.java  |   2 +-
 .../esapi/reference/crypto/EncryptorTest.java |   4 +-
 29 files changed, 690 insertions(+), 189 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/ESAPI.java b/src/main/java/org/owasp/esapi/ESAPI.java
index 4b49e8ce3..de93a73f7 100644
--- a/src/main/java/org/owasp/esapi/ESAPI.java
+++ b/src/main/java/org/owasp/esapi/ESAPI.java
@@ -82,35 +82,35 @@ public static HttpServletResponse currentResponse() {
 	 * @return the current ESAPI AccessController object being used to maintain the access control rules for this application. 
 	 */
 	public static AccessController accessController() {
-        return ObjFactory.make( securityConfiguration().getStringProp("ESAPI.AccessControl"), "AccessController" );
+        return ObjFactory.make( securityConfiguration().getAccessControlImplementation(), "AccessController" );
 	}
 
 	/**
 	 * @return the current ESAPI Authenticator object being used to authenticate users for this application. 
 	 */
 	public static Authenticator authenticator() {
-        return ObjFactory.make( securityConfiguration().getStringProp("ESAPI.Authenticator"), "Authenticator" );
+        return ObjFactory.make( securityConfiguration().getAuthenticationImplementation(), "Authenticator" );
 	}
 
 	/**
 	 * @return the current ESAPI Encoder object being used to encode and decode data for this application. 
 	 */
 	public static Encoder encoder() {
-        return ObjFactory.make( securityConfiguration().getStringProp("ESAPI.Encoder"), "Encoder" );
+        return ObjFactory.make( securityConfiguration().getEncoderImplementation(), "Encoder" );
 	}
 
 	/**
 	 * @return the current ESAPI Encryptor object being used to encrypt and decrypt data for this application. 
 	 */
 	public static Encryptor encryptor() {
-        return ObjFactory.make( securityConfiguration().getStringProp("ESAPI.Encryptor"), "Encryptor" );
+        return ObjFactory.make( securityConfiguration().getEncryptionImplementation(), "Encryptor" );
 	}
 
 	/**
 	 * @return the current ESAPI Executor object being used to safely execute OS commands for this application. 
 	 */
 	public static Executor executor() {
-        return ObjFactory.make( securityConfiguration().getStringProp("ESAPI.Executor"), "Executor" );
+        return ObjFactory.make( securityConfiguration().getExecutorImplementation(), "Executor" );
 	}
 
 	/**
@@ -118,14 +118,14 @@ public static Executor executor() {
 	 * for this application. 
 	 */
 	public static HTTPUtilities httpUtilities() {
-        return ObjFactory.make( securityConfiguration().getStringProp("ESAPI.HTTPUtilities"), "HTTPUtilities" );
+        return ObjFactory.make( securityConfiguration().getHTTPUtilitiesImplementation(), "HTTPUtilities" );
 	}
 
 	/**
 	 * @return the current ESAPI IntrusionDetector being used to monitor for intrusions in this application. 
 	 */
 	public static IntrusionDetector intrusionDetector() {
-        return ObjFactory.make( securityConfiguration().getStringProp("ESAPI.IntrusionDetector"), "IntrusionDetector" );
+        return ObjFactory.make( securityConfiguration().getIntrusionDetectionImplementation(), "IntrusionDetector" );
 	}
 
 	/**
@@ -134,7 +134,7 @@ public static IntrusionDetector intrusionDetector() {
 	 * @return The current LogFactory being used by ESAPI.
 	 */
 	private static LogFactory logFactory() {
-        return ObjFactory.make( securityConfiguration().getStringProp("ESAPI.Logger"), "LogFactory" );
+        return ObjFactory.make( securityConfiguration().getLogImplementation(), "LogFactory" );
 	}
 	
 	/**
@@ -165,7 +165,7 @@ public static Logger log() {
 	 * @return the current ESAPI Randomizer being used to generate random numbers in this application. 
 	 */
 	public static Randomizer randomizer() {
-        return ObjFactory.make( securityConfiguration().getStringProp("ESAPI.Randomizer"), "Randomizer" );
+        return ObjFactory.make( securityConfiguration().getRandomizerImplementation(), "Randomizer" );
 	}
 
     private static volatile SecurityConfiguration overrideConfig = null;
@@ -188,7 +188,7 @@ public static SecurityConfiguration securityConfiguration() {
 	 * @return the current ESAPI Validator being used to validate data in this application. 
 	 */
 	public static Validator validator() {
-        return ObjFactory.make( securityConfiguration().getStringProp("ESAPI.Validator"), "Validator" );
+        return ObjFactory.make( securityConfiguration().getValidationImplementation(), "Validator" );
 	}
 
     // TODO: This should probably use the SecurityManager or some value within the current
diff --git a/src/main/java/org/owasp/esapi/SecurityConfiguration.java b/src/main/java/org/owasp/esapi/SecurityConfiguration.java
index 7103f9446..4d43d4834 100644
--- a/src/main/java/org/owasp/esapi/SecurityConfiguration.java
+++ b/src/main/java/org/owasp/esapi/SecurityConfiguration.java
@@ -51,6 +51,71 @@
  * @since June 1, 2007
  */
 public interface SecurityConfiguration extends EsapiPropertyLoader {
+
+	/**
+	 * Gets the application name, used for logging
+	 * 
+	 * @return the name of the current application
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public String getApplicationName();
+	
+	/**
+	 * Returns the fully qualified classname of the ESAPI Logging implementation.
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public String getLogImplementation();
+	
+	/**
+	 * Returns the fully qualified classname of the ESAPI Authentication implementation.
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public String getAuthenticationImplementation();
+	
+	/**
+	 * Returns the fully qualified classname of the ESAPI Encoder implementation.
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public String getEncoderImplementation();
+	
+	/**
+	 * Returns the fully qualified classname of the ESAPI Access Control implementation.
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public String getAccessControlImplementation();
+	
+	/**
+	 * Returns the fully qualified classname of the ESAPI Intrusion Detection implementation.
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public String getIntrusionDetectionImplementation();
+	
+	/**
+	 * Returns the fully qualified classname of the ESAPI Randomizer implementation.
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public String getRandomizerImplementation();
+	
+	/**
+	 * Returns the fully qualified classname of the ESAPI Encryption implementation.
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public String getEncryptionImplementation();
+	
+	/**
+	 * Returns the fully qualified classname of the ESAPI Validation implementation.
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public String getValidationImplementation();
 	
 	/**
 	 * Returns the validation pattern for a particular type
@@ -59,6 +124,43 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
 	 */
     public Pattern getValidationPattern( String typeName );
     
+    /**
+     * Determines whether ESAPI will accept "lenient" dates when attempt
+     * to parse dates. Controlled by ESAPI property
+     * {@code Validator.AcceptLenientDates}, which defaults to {@code false}
+     * if unset.
+     * 
+     * @return True if lenient dates are accepted; false otherwise.
+     * @see java.text.DateFormat#setLenient(boolean)
+     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
+     */
+	@Deprecated
+    public boolean getLenientDatesAccepted();
+	
+	/**
+	 * Returns the fully qualified classname of the ESAPI OS Execution implementation.
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public String getExecutorImplementation();
+	
+	/**
+	 * Returns the fully qualified classname of the ESAPI HTTPUtilities implementation.
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public String getHTTPUtilitiesImplementation();
+	
+	/**
+	 * Gets the master key. This password is used to encrypt/decrypt other files or types
+	 * of data that need to be protected by your application.
+	 * 
+	 * @return the current master key
+     * @deprecated Use SecurityConfiguration.getByteArrayProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public byte[] getMasterKey();
+
 	/**
      * Retrieves the upload directory as specified in the ESAPI.properties file.
      * @return the upload directory
@@ -71,6 +173,25 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
      */
     public File getUploadTempDirectory();
 
+	/**
+	 * Gets the key length to use in cryptographic operations declared in the ESAPI properties file.
+	 * 
+	 * @return the key length.
+     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+    public int getEncryptionKeyLength();
+    
+	/**
+	 * Gets the master salt that is used to salt stored password hashes and any other location 
+	 * where a salt is needed.
+	 * 
+	 * @return the current master salt
+     * @deprecated Use SecurityConfiguration.getByteArrayProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public byte[] getMasterSalt();
+
 	/**
 	 * Gets the allowed executables to run with the Executor.
 	 * 
@@ -84,7 +205,87 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
 	 * @return a list of the current allowed file extensions
 	 */
 	public List<String> getAllowedFileExtensions();
-    
+
+	/**
+	 * Gets the maximum allowed file upload size.
+	 * 
+	 * @return the current allowed file upload size
+     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public int getAllowedFileUploadSize();
+
+	/**
+	 * Gets the name of the password parameter used during user authentication.
+	 * 
+	 * @return the name of the password parameter
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public String getPasswordParameterName();
+
+	/**
+	 * Gets the name of the username parameter used during user authentication.
+	 * 
+	 * @return the name of the username parameter
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public String getUsernameParameterName();
+
+	/**
+	 * Gets the encryption algorithm used by ESAPI to protect data. This is
+	 * mostly used for compatibility with ESAPI 1.4; ESAPI 2.0 prefers to
+	 * use "cipher transformation" since it supports multiple cipher modes
+	 * and padding schemes.
+	 * 
+	 * @return the current encryption algorithm
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public String getEncryptionAlgorithm();
+
+	/**
+	 * Retrieve the <i>cipher transformation</i>. In general, the cipher transformation
+	 * is a specification of cipher algorithm, cipher mode, and padding scheme
+	 * and in general, is a {@code String} that takes the following form:
+	 * <pre>
+	 * 		<i>cipher_alg</i>/<i>cipher_mode[bits]</i>/<i>padding_scheme</i>
+	 * </pre>
+	 * where <i>cipher_alg</i> is the JCE cipher algorithm (e.g., "DESede"),
+	 * <i>cipher_mode</i> is the cipher mode (e.g., "CBC", "CFB", "CTR", etc.),
+	 * and <i>padding_scheme</i> is the cipher padding scheme (e.g., "NONE" for
+	 * no padding, "PKCS5Padding" for PKCS#5 padding, etc.) and where
+	 * <i>[bits]</i> is an optional bit size that applies to certain cipher
+	 * modes such as {@code CFB} and {@code OFB}. Using modes such as CFB and
+	 * OFB, block ciphers can encrypt data in units smaller than the cipher's
+	 * actual block size. When requesting such a mode, you may optionally
+	 * specify the number of bits to be processed at a time. This generally must
+	 * be an integral multiple of 8-bits so that it can specify a whole number
+	 * of octets. 
+	 * </p><p>
+	 * Examples are:
+	 * <pre>
+	 * 		"AES/ECB/NoPadding"		// Default for ESAPI Java 1.4 (insecure)
+	 * 		"AES/CBC/PKCS5Padding"	// Default for ESAPI Java 2.0
+	 * 		"DESede/OFB32/PKCS5Padding"
+	 * </pre>
+	 * <b>NOTE:</b> Occasionally, in cryptographic literature, you may also
+	 * see the key size (in bits) specified after the cipher algorithm in the
+	 * cipher transformation. Generally, this is done to account for cipher
+	 * algorithms that have variable key sizes. The Blowfish cipher for example
+	 * supports key sizes from 32 to 448 bits. So for Blowfish, you might see
+	 * a cipher transformation something like this:
+	 * <pre>
+	 * 		"Blowfish-192/CFB8/PKCS5Padding"
+	 * </pre>
+	 * in the cryptographic literature. It should be noted that the Java
+	 * Cryptography Extensions (JCE) do not generally support this (at least
+	 * not the reference JCE implementation of "SunJCE"), and therefore it
+	 * should be avoided.
+	 * @return	The cipher transformation.
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+	 */
 	@Deprecated
     public String getCipherTransformation();
     
@@ -116,7 +317,93 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
      */
     @Deprecated
     public String setCipherTransformation(String cipherXform);
-	
+
+    /**
+     * Retrieve the <i>preferred</i> JCE provider for ESAPI and your application.
+     * ESAPI 2.0 now allows setting the property
+     * {@code Encryptor.PreferredJCEProvider} in the
+     * {@code ESAPI.properties} file, which will cause the specified JCE
+     * provider to be automatically and dynamically loaded (assuming that
+     * {@code SecurityManager} permissions allow) as the Ii>preferred</i>
+     * JCE provider. (Note this only happens if the JCE provider is not already
+     * loaded.) This method returns the property {@code Encryptor.PreferredJCEProvider}.
+     * </p<p>
+     * By default, this {@code Encryptor.PreferredJCEProvider} property is set
+     * to an empty string, which means that the preferred JCE provider is not
+     * changed.
+     * @return The property {@code Encryptor.PreferredJCEProvider} is returned.
+     * @see org.owasp.esapi.crypto.SecurityProviderLoader
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+     */
+	@Deprecated
+    public String getPreferredJCEProvider();
+    
+// TODO - DISCUSS: Where should this web page (below) go? Maybe with the Javadoc? But where?
+//				   Think it makes more sense as part of the release notes, but OTOH, I
+//				   really don't want to rewrite this as a Wiki page either.
+    /**
+     * Determines whether the {@code CipherText} should be used with a Message
+     * Authentication Code (MAC). Generally this makes for a more robust cryptographic
+     * scheme, but there are some minor performance implications. Controlled by
+     * the ESAPI property <i>Encryptor.CipherText.useMAC</i>.
+     * </p><p>
+     * For further details, see the "Advanced Usage" section of
+     * <a href="http://www.owasp.org/ESAPI_2.0_ReleaseNotes_CryptoChanges.html">
+     * "Why Is OWASP Changing ESAPI Encryption?"</a>.
+     * </p>
+     * @return	{@code true} if a you want a MAC to be used, otherwise {@code false}.
+     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
+     */
+	@Deprecated
+    public boolean useMACforCipherText();
+
+    /**
+     * Indicates whether the {@code PlainText} objects may be overwritten after
+     * they have been encrypted. Generally this is a good idea, especially if
+     * your VM is shared by multiple applications (e.g., multiple applications
+     * running in the same J2EE container) or if there is a possibility that
+     * your VM may leave a core dump (say because it is running non-native
+     * Java code.
+     * <p>
+     * Controlled by the property {@code Encryptor.PlainText.overwrite} in
+     * the {@code ESAPI.properties} file.
+     * </p>
+     * @return	True if it is OK to overwrite the {@code PlainText} objects
+     *			after encrypting, false otherwise.
+     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
+     */
+	@Deprecated
+    public boolean overwritePlainText();
+    
+    /**
+     * Get a string indicating how to compute an Initialization Vector (IV).
+     * Currently supported modes are "random" to generate a random IV or
+     * "fixed" to use a fixed (static) IV. If a "fixed" IV is chosen, then the
+     * the value of this fixed IV must be specified as the property
+     * {@code Encryptor.fixedIV} and be of the appropriate length.
+     * 
+     * @return A string specifying the IV type. Should be "random" or "fixed".
+     * 
+     * @see #getFixedIV()
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+     */
+	@Deprecated
+    public String getIVType();
+    
+    /**
+     * If a "fixed" (i.e., static) Initialization Vector (IV) is to be used,
+     * this will return the IV value as a hex-encoded string.
+     * @return The fixed IV as a hex-encoded string.
+     * @deprecated Short term: use SecurityConfiguration.getByteArrayProp("appropriate_esapi_prop_name")
+     *             instead. Longer term: There will be a more general method in JavaEncryptor
+     *             to explicitly set an IV. This whole concept of a single fixed IV has
+     *             always been a kludge at best, as a concession to those who have used
+     *             a single fixed IV in the past. It's time to put it to death
+     *             as it was never intended for production in the first place.
+     */
+	@Deprecated
+    public String getFixedIV();
+    
     /**
      * Return a {@code List} of strings of combined cipher modes that support
      * <b>both</b> confidentiality and authenticity. These would be preferred
@@ -153,6 +440,67 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
      */
     public List<String> getAdditionalAllowedCipherModes();
 
+	/**
+	 * Gets the hashing algorithm used by ESAPI to hash data.
+	 * 
+	 * @return the current hashing algorithm
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public String getHashAlgorithm();
+
+	/**
+	 * Gets the hash iterations used by ESAPI to hash data.
+	 * 
+	 * @return the current hashing algorithm
+     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public int getHashIterations();
+
+	/**
+	 * Retrieve the Pseudo Random Function (PRF) used by the ESAPI
+	 * Key Derivation Function (KDF).
+	 * 
+	 * @return	The KDF PRF algorithm name.
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public String getKDFPseudoRandomFunction();
+	
+	/**
+	 * Gets the character encoding scheme supported by this application. This is used to set the
+	 * character encoding scheme on requests and responses when setCharacterEncoding() is called
+	 * on SafeRequests and SafeResponses. This scheme is also used for encoding/decoding URLs 
+	 * and any other place where the current encoding scheme needs to be known.
+	 * <br><br>
+	 * Note: This does not get the configured response content type. That is accessed by calling 
+	 * getResponseContentType().
+	 * 
+	 * @return the current character encoding scheme
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public String getCharacterEncoding();
+
+	/**
+	 * Return true if multiple encoding is allowed
+	 *
+	 * @return whether multiple encoding is allowed when canonicalizing data
+     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public boolean getAllowMultipleEncoding();
+
+	/**
+	 * Return true if mixed encoding is allowed
+	 *
+	 * @return whether mixed encoding is allowed when canonicalizing data
+     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public boolean getAllowMixedEncoding();
+
 	/**
 	 * Returns the List of Codecs to use when canonicalizing data
 	 * 
@@ -166,6 +514,57 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
 	 * @return the current digital signature algorithm
      * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
 	 */
+	@Deprecated
+	public String getDigitalSignatureAlgorithm();
+
+	/**
+	 * Gets the digital signature key length used by ESAPI to generate and verify signatures.
+	 * 
+	 * @return the current digital signature key length
+     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public int getDigitalSignatureKeyLength();
+		   
+	/**
+	 * Gets the random number generation algorithm used to generate random numbers where needed.
+	 * 
+	 * @return the current random number generation algorithm
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public String getRandomAlgorithm();
+
+	/**
+	 * Gets the number of login attempts allowed before the user's account is locked. If this 
+	 * many failures are detected within the alloted time period, the user's account will be locked.
+	 * 
+	 * @return the number of failed login attempts that cause an account to be locked
+     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public int getAllowedLoginAttempts();
+
+	/**
+	 * Gets the maximum number of old password hashes that should be retained. These hashes can 
+	 * be used to ensure that the user doesn't reuse the specified number of previous passwords
+	 * when they change their password.
+	 * 
+	 * @return the number of old hashed passwords to retain
+     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public int getMaxOldPasswordHashes();
+
+	/**
+	 * Allows for complete disabling of all intrusion detection mechanisms
+	 * 
+	 * @return true if intrusion detection should be disabled
+     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public boolean getDisableIntrusionDetection();
+	
 	/**
 	 * Gets the intrusion detection quota for the specified event.
 	 * 
@@ -183,6 +582,41 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
      */
     public File getResourceFile( String filename );
     
+	/**
+	 * Returns true if session cookies are required to have HttpOnly flag set.
+     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
+     */
+	@Deprecated
+    public boolean getForceHttpOnlySession() ;
+
+	/**
+	 * Returns true if session cookies are required to have Secure flag set.
+     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
+     */
+	@Deprecated
+    public boolean getForceSecureSession() ;
+
+	/**
+	 * Returns true if new cookies are required to have HttpOnly flag set.
+     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
+     */
+	@Deprecated
+    public boolean getForceHttpOnlyCookies() ;
+
+	/**
+	 * Returns true if new cookies are required to have Secure flag set.
+     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
+     */
+	@Deprecated
+    public boolean getForceSecureCookies() ;
+
+	/**
+	 * Returns the maximum allowable HTTP header size.
+     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public int getMaxHttpHeaderSize() ;
+
 	/**
 	 * Gets an InputStream to a file in the resource directory
      *
@@ -200,6 +634,28 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
 	 */
 	public void setResourceDirectory(String dir);
 	
+	/**
+	 * Gets the content type for responses used when setSafeContentType() is called.
+	 * <br><br>
+	 * Note: This does not get the configured character encoding scheme. That is accessed by calling 
+	 * getCharacterEncoding().
+	 * 
+	 * @return The current content-type set for responses.
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public String getResponseContentType();
+
+	/**
+	 * This method returns the configured name of the session identifier, 
+	 * likely "JSESSIONID" though this can be overridden.
+	 * 
+	 * @return The name of the session identifier, like "JSESSIONID"
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public String getHttpSessionIdName();
+	
 	/**
 	 * Gets the length of the time to live window for remember me tokens (in milliseconds).
 	 * 
@@ -208,6 +664,87 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
     // OPEN ISSUE: Can we replace w/ SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead?
 	public long getRememberTokenDuration();
 
+	
+	/**
+	 * Gets the idle timeout length for sessions (in milliseconds). This is the amount of time that a session
+	 * can live before it expires due to lack of activity. Applications or frameworks could provide a reauthenticate
+	 * function that enables a session to continue after reauthentication.
+	 * 
+	 * @return The session idle timeout length.
+     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public int getSessionIdleTimeoutLength();
+	
+	/**
+	 * Gets the absolute timeout length for sessions (in milliseconds). This is the amount of time that a session
+	 * can live before it expires regardless of the amount of user activity. Applications or frameworks could 
+	 * provide a reauthenticate function that enables a session to continue after reauthentication.
+	 * 
+	 * @return The session absolute timeout length.
+     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public int getSessionAbsoluteTimeoutLength();
+	
+	
+	/**
+	 * Returns whether HTML entity encoding should be applied to log entries.
+	 * 
+	 * @return True if log entries are to be HTML Entity encoded. False otherwise.
+     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public boolean getLogEncodingRequired();
+	
+	/**
+	 * Returns whether ESAPI should log the application name. This might be clutter in some
+	 * single-server/single-app environments.
+	 * 
+	 * @return True if ESAPI should log the application name, False otherwise
+     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public boolean getLogApplicationName();
+
+	/**
+	 * Returns whether ESAPI should log the server IP. This might be clutter in some
+	 * single-server environments.
+	 * 
+	 * @return True if ESAPI should log the server IP and port, False otherwise
+     * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+	public boolean getLogServerIP();
+
+	/**
+	 * Returns the current log level.
+	 * @return	An integer representing the current log level.
+     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
+	 */
+	@Deprecated
+    public int getLogLevel();
+	
+    /**
+     * Get the name of the log file specified in the ESAPI configuration properties file. Return a default value 
+     * if it is not specified.
+     * 
+     * @return the log file name defined in the properties file.
+     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+     */
+	@Deprecated
+    public String getLogFileName();
+
+    /**
+     * Get the maximum size of a single log file from the ESAPI configuration properties file. Return a default value 
+     * if it is not specified. Once the log hits this file size, it will roll over into a new log.
+     * 
+     * @return the maximum size of a single log file (in bytes).
+     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
+     */
+	@Deprecated
+    public int getMaxLogFileSize();
+
 	/**
 	 * Models a simple threshold as a count and an interval, along with a set of actions to take if 
 	 * the threshold is exceeded. These thresholds are used to define when the accumulation of a particular event
diff --git a/src/main/java/org/owasp/esapi/crypto/CipherSpec.java b/src/main/java/org/owasp/esapi/crypto/CipherSpec.java
index 973774533..e8836a38b 100644
--- a/src/main/java/org/owasp/esapi/crypto/CipherSpec.java
+++ b/src/main/java/org/owasp/esapi/crypto/CipherSpec.java
@@ -41,8 +41,8 @@ public final class CipherSpec implements Serializable {
 
 	private static final long serialVersionUID = 20090822;	// version, in YYYYMMDD format
 	
-	private String  cipher_xform_   = ESAPI.securityConfiguration().getStringProp("Encryptor.CipherTransformation");
-	private int     keySize_        = ESAPI.securityConfiguration().getIntProp("Encryptor.EncryptionKeyLength"); // In bits
+	private String  cipher_xform_   = ESAPI.securityConfiguration().getCipherTransformation();
+	private int     keySize_        = ESAPI.securityConfiguration().getEncryptionKeyLength(); // In bits
 	private int     blockSize_      = 16;   // In bytes! I.e., 128 bits!!!
 	private byte[]  iv_             = null;
 
diff --git a/src/main/java/org/owasp/esapi/crypto/CipherText.java b/src/main/java/org/owasp/esapi/crypto/CipherText.java
index 3aca97baf..66242d78f 100644
--- a/src/main/java/org/owasp/esapi/crypto/CipherText.java
+++ b/src/main/java/org/owasp/esapi/crypto/CipherText.java
@@ -451,7 +451,7 @@ void storeSeparateMAC(byte[] macValue) {
 	 * @return True if the ciphertext has not be tampered with, and false otherwise.
 	 */
 	public boolean validateMAC(SecretKey authKey) {
-	    boolean requiresMAC = ESAPI.securityConfiguration().getBooleanProp("Encryptor.CipherText.useMAC");
+	    boolean requiresMAC = ESAPI.securityConfiguration().useMACforCipherText();
 
 	    if (  requiresMAC && macComputed() ) {  // Uses MAC and it was computed
 	        // Calculate MAC from HMAC-SHA1(nonce, IV + plaintext) and
@@ -503,7 +503,7 @@ public byte[] asPortableSerializedByteArray() throws EncryptionException {
 	    
 	    // If we are supposed to be using a (separate) MAC, also make sure
 	    // that it has been computed/stored.
-	    boolean requiresMAC = ESAPI.securityConfiguration().getBooleanProp("Encryptor.CipherText.useMAC");
+	    boolean requiresMAC = ESAPI.securityConfiguration().useMACforCipherText();
 	    if (  requiresMAC && ! macComputed() ) {
 	        String msg = "Programming error: MAC is required for this cipher mode (" +
 	                     getCipherMode() + "), but MAC has not yet been " +
diff --git a/src/main/java/org/owasp/esapi/crypto/CryptoHelper.java b/src/main/java/org/owasp/esapi/crypto/CryptoHelper.java
index 341b202e7..024150bda 100644
--- a/src/main/java/org/owasp/esapi/crypto/CryptoHelper.java
+++ b/src/main/java/org/owasp/esapi/crypto/CryptoHelper.java
@@ -215,7 +215,7 @@ public static boolean isAllowedCipherMode(String cipherMode)
     public static boolean isMACRequired(CipherText ct) {
         boolean preferredCipherMode =
             CryptoHelper.isCombinedCipherMode( ct.getCipherMode() );
-        boolean wantsMAC = ESAPI.securityConfiguration().getBooleanProp("Encryptor.CipherText.useMAC");
+        boolean wantsMAC = ESAPI.securityConfiguration().useMACforCipherText();
 
         // The preferred "combined" cipher modes such as CCM, GCM, etc. do
         // not require a MAC as a MAC would be superfluous and just require
diff --git a/src/main/java/org/owasp/esapi/crypto/CryptoToken.java b/src/main/java/org/owasp/esapi/crypto/CryptoToken.java
index bf7286377..4276079f9 100644
--- a/src/main/java/org/owasp/esapi/crypto/CryptoToken.java
+++ b/src/main/java/org/owasp/esapi/crypto/CryptoToken.java
@@ -128,7 +128,7 @@ public class CryptoToken {
      */
     public CryptoToken() {
         secretKey = getDefaultSecretKey(
-                            ESAPI.securityConfiguration().getStringProp("Encryptor.EncryptionAlgorithm")
+                            ESAPI.securityConfiguration().getEncryptionAlgorithm()
                         );
         long now = System.currentTimeMillis();
         expirationTime = now + DEFAULT_EXP_TIME;
@@ -162,7 +162,7 @@ public CryptoToken(SecretKey skey) {
      */
     public CryptoToken(String token) throws EncryptionException {
         secretKey = getDefaultSecretKey(
-                ESAPI.securityConfiguration().getStringProp("Encryptor.EncryptionAlgorithm")
+                ESAPI.securityConfiguration().getEncryptionAlgorithm()
             );
         try {
             decryptToken(secretKey, token);
@@ -690,7 +690,7 @@ private void decryptToken(SecretKey skey, String b64token) throws EncryptionExce
     
     private SecretKey getDefaultSecretKey(String encryptAlgorithm) {
         assert encryptAlgorithm != null : "Encryption algorithm cannot be null";
-        byte[] skey = ESAPI.securityConfiguration().getByteArrayProp("Encryptor.MasterSalt");
+        byte[] skey = ESAPI.securityConfiguration().getMasterKey();
         assert skey != null : "Can't obtain master key, Encryptor.MasterKey";
         assert skey.length >= 7 :
                         "Encryptor.MasterKey must be at least 7 bytes. " +
diff --git a/src/main/java/org/owasp/esapi/crypto/KeyDerivationFunction.java b/src/main/java/org/owasp/esapi/crypto/KeyDerivationFunction.java
index da6e38fba..17635ce5a 100644
--- a/src/main/java/org/owasp/esapi/crypto/KeyDerivationFunction.java
+++ b/src/main/java/org/owasp/esapi/crypto/KeyDerivationFunction.java
@@ -127,7 +127,7 @@ public KeyDerivationFunction(KeyDerivationFunction.PRF_ALGORITHMS prfAlg) {
 	 * <b>ESAPI.property</b> property, {@code Encryptor.KDF.PRF}.
 	 */
 	public KeyDerivationFunction() {			
-		String prfName = ESAPI.securityConfiguration().getStringProp("Encryptor.KDF.PRF");
+		String prfName = ESAPI.securityConfiguration().getKDFPseudoRandomFunction();
 		if ( ! KeyDerivationFunction.isValidPRF(prfName) ) {
     		throw new ConfigurationException("Algorithm name " + prfName +
     							" not a valid algorithm name for property " +
@@ -150,7 +150,7 @@ public String getPRFAlgName() {
 	 * 
 	 */
 	static int getDefaultPRFSelection() {
-		String prfName = ESAPI.securityConfiguration().getStringProp("Encryptor.KDF.PRF");
+		String prfName = ESAPI.securityConfiguration().getKDFPseudoRandomFunction();
 		for (PRF_ALGORITHMS prf : PRF_ALGORITHMS.values()) {
 			if ( prf.getAlgName().equals(prfName) ) {
 				return prf.getValue();
diff --git a/src/main/java/org/owasp/esapi/crypto/SecurityProviderLoader.java b/src/main/java/org/owasp/esapi/crypto/SecurityProviderLoader.java
index 0ad2cae86..cacc9c9ef 100644
--- a/src/main/java/org/owasp/esapi/crypto/SecurityProviderLoader.java
+++ b/src/main/java/org/owasp/esapi/crypto/SecurityProviderLoader.java
@@ -263,7 +263,7 @@ public static int insertProviderAt(String algProvider, int pos)
     public static int loadESAPIPreferredJCEProvider() throws NoSuchProviderException
     {
         String prefJCEProvider =
-            ESAPI.securityConfiguration().getStringProp("Encryptor.PreferredJCEProvider");
+            ESAPI.securityConfiguration().getPreferredJCEProvider();
         try {
             // If unset or set to empty string, then don't try to change it.
             if ( prefJCEProvider == null || prefJCEProvider.trim().length() == 0) {
diff --git a/src/main/java/org/owasp/esapi/errors/EnterpriseSecurityException.java b/src/main/java/org/owasp/esapi/errors/EnterpriseSecurityException.java
index 396a91969..93ee30191 100644
--- a/src/main/java/org/owasp/esapi/errors/EnterpriseSecurityException.java
+++ b/src/main/java/org/owasp/esapi/errors/EnterpriseSecurityException.java
@@ -97,7 +97,7 @@ protected EnterpriseSecurityException(String userMessage, Throwable cause)
     public EnterpriseSecurityException(String userMessage, String logMessage) {
     	super(userMessage);
         this.logMessage = logMessage;
-        if (!ESAPI.securityConfiguration().getBooleanProp("IntrusionDetector.Disable")) {
+        if (!ESAPI.securityConfiguration().getDisableIntrusionDetection()) {
         	ESAPI.intrusionDetector().addException(this);
         }
     }
@@ -118,7 +118,7 @@ public EnterpriseSecurityException(String userMessage, String logMessage) {
     public EnterpriseSecurityException(String userMessage, String logMessage, Throwable cause) {
         super(userMessage, cause);
         this.logMessage = logMessage;
-        if (!ESAPI.securityConfiguration().getBooleanProp("IntrusionDetector.Disable")) {
+        if (!ESAPI.securityConfiguration().getDisableIntrusionDetection()) {
         	ESAPI.intrusionDetector().addException(this);
         }
     }
diff --git a/src/main/java/org/owasp/esapi/errors/EnterpriseSecurityRuntimeException.java b/src/main/java/org/owasp/esapi/errors/EnterpriseSecurityRuntimeException.java
index 8b901a177..6dab2a54c 100644
--- a/src/main/java/org/owasp/esapi/errors/EnterpriseSecurityRuntimeException.java
+++ b/src/main/java/org/owasp/esapi/errors/EnterpriseSecurityRuntimeException.java
@@ -100,7 +100,7 @@ protected EnterpriseSecurityRuntimeException(String userMessage,
     public EnterpriseSecurityRuntimeException(String userMessage, String logMessage) {
     	super(userMessage);
         this.logMessage = logMessage;
-        if (!ESAPI.securityConfiguration().getBooleanProp("IntrusionDetector.Disable")) {
+        if (!ESAPI.securityConfiguration().getDisableIntrusionDetection()) {
         	ESAPI.intrusionDetector().addException(this);
         }
     }
@@ -121,7 +121,7 @@ public EnterpriseSecurityRuntimeException(String userMessage, String logMessage)
     public EnterpriseSecurityRuntimeException(String userMessage, String logMessage, Throwable cause) {
         super(userMessage, cause);
         this.logMessage = logMessage;
-        if (!ESAPI.securityConfiguration().getBooleanProp("IntrusionDetector.Disable")) {
+        if (!ESAPI.securityConfiguration().getDisableIntrusionDetection()) {
         	ESAPI.intrusionDetector().addException(this);
         }
     }
diff --git a/src/main/java/org/owasp/esapi/reference/AbstractAuthenticator.java b/src/main/java/org/owasp/esapi/reference/AbstractAuthenticator.java
index 3a8efe763..d7de99f04 100644
--- a/src/main/java/org/owasp/esapi/reference/AbstractAuthenticator.java
+++ b/src/main/java/org/owasp/esapi/reference/AbstractAuthenticator.java
@@ -156,8 +156,8 @@ protected DefaultUser getUserFromRememberToken() {
      */
     private User loginWithUsernameAndPassword(HttpServletRequest request) throws AuthenticationException {
 
-        String username = request.getParameter(ESAPI.securityConfiguration().getStringProp("Authenticator.UsernameParameterName"));
-        String password = request.getParameter(ESAPI.securityConfiguration().getStringProp("Authenticator.PasswordParameterName"));
+        String username = request.getParameter(ESAPI.securityConfiguration().getUsernameParameterName());
+        String password = request.getParameter(ESAPI.securityConfiguration().getPasswordParameterName());
 
         // if a logged-in user is requesting to login, log them out first
         User user = getCurrentUser();
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultEncoder.java b/src/main/java/org/owasp/esapi/reference/DefaultEncoder.java
index 0c1682bcf..0af2ba040 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultEncoder.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultEncoder.java
@@ -128,8 +128,8 @@ public String canonicalize( String input ) {
 
         // Issue 231 - These are reverse boolean logic in the Encoder interface, so we need to invert these values - CS
 		return canonicalize(input, 
-							!ESAPI.securityConfiguration().getBooleanProp("Encoder.AllowMultipleEncoding"),
-							!ESAPI.securityConfiguration().getBooleanProp("Encoder.AllowMixedEncoding") );
+							!ESAPI.securityConfiguration().getAllowMultipleEncoding(),
+							!ESAPI.securityConfiguration().getAllowMixedEncoding() );
 	}
 
 	
@@ -412,7 +412,7 @@ public String encodeForURL(String input) throws EncodingException {
 			return null;
 		}
 		try {
-			return URLEncoder.encode(input, ESAPI.securityConfiguration().getStringProp("HttpUtilities.CharacterEncoding"));
+			return URLEncoder.encode(input, ESAPI.securityConfiguration().getCharacterEncoding());
 		} catch (UnsupportedEncodingException ex) {
 			throw new EncodingException("Encoding failure", "Character encoding not supported", ex);
 		} catch (Exception e) {
@@ -429,7 +429,7 @@ public String decodeFromURL(String input) throws EncodingException {
 		}
 		String canonical = canonicalize(input);
 		try {
-			return URLDecoder.decode(canonical, ESAPI.securityConfiguration().getStringProp("HttpUtilities.CharacterEncoding"));
+			return URLDecoder.decode(canonical, ESAPI.securityConfiguration().getCharacterEncoding());
 		} catch (UnsupportedEncodingException ex) {
 			throw new EncodingException("Decoding failed", "Character encoding not supported", ex);
 		} catch (Exception e) {
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java b/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java
index 0e0dfdcd9..2dc1e3666 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java
@@ -133,7 +133,7 @@ public void setResponse(HttpServletResponse newResponse) {
 	private final Logger logger = ESAPI.getLogger("HTTPUtilities");
 
     /** The max bytes. */
-	static final int maxBytes = ESAPI.securityConfiguration().getIntProp("HttpUtilities.MaxUploadFileBytes");
+	static final int maxBytes = ESAPI.securityConfiguration().getAllowedFileUploadSize();
 
 
     /*
@@ -190,12 +190,12 @@ public void addCookie(HttpServletResponse response, Cookie cookie) {
 
         // if there are no errors, then set the cookie either with a header or normally
         if (errors.size() == 0) {
-        	if ( ESAPI.securityConfiguration().getBooleanProp("HttpUtilities.ForceHttpOnlyCookies") ) {
+        	if ( ESAPI.securityConfiguration().getForceHttpOnlyCookies() ) {
 	            String header = createCookieHeader(cookieName, cookieValue, maxAge, domain, path, secure);
 	            addHeader(response, "Set-Cookie", header);
         	} else {
                 // Issue 23 - If the ESAPI Configuration is set to force secure cookies, force the secure flag on the cookie before setting it
-                cookie.setSecure( secure || ESAPI.securityConfiguration().getBooleanProp("HttpUtilities.ForceSecureCookies") );
+                cookie.setSecure( secure || ESAPI.securityConfiguration().getForceSecureCookies() );
         		response.addCookie(cookie);
         	}
             return;
@@ -350,10 +350,10 @@ private String createCookieHeader(String name, String value, int maxAge, String
         if (path != null) {
             header += "; Path=" + path;
         }
-        if ( secure || ESAPI.securityConfiguration().getBooleanProp("HttpUtilities.ForceSecureCookies") ) {
+        if ( secure || ESAPI.securityConfiguration().getForceSecureCookies() ) {
             header += "; Secure";
         }
-        if ( ESAPI.securityConfiguration().getBooleanProp("HttpUtilities.ForceHttpOnlyCookies") ) {
+        if ( ESAPI.securityConfiguration().getForceHttpOnlyCookies() ) {
             header += "; HttpOnly";
         }
         return header;
@@ -773,7 +773,7 @@ public void logHTTPRequest(HttpServletRequest request, Logger logger, List param
 		    if ( cookies != null ) {
              for (Cookie cooky : cookies)
              {
-                if (!cooky.getName().equals(ESAPI.securityConfiguration().getStringProp("HttpUtilities.HttpSessionIdName"))) 
+                if (!cooky.getName().equals(ESAPI.securityConfiguration().getHttpSessionIdName())) 
                 {
                    params.append("+").append(cooky.getName()).append("=").append(cooky.getValue());
 		                    }
@@ -856,7 +856,7 @@ public void setContentType() {
 	 * {@inheritDoc}
 	 */
 	public void setContentType(HttpServletResponse response) {
-		response.setContentType((ESAPI.securityConfiguration()).getStringProp("HttpUtilities.ResponseContentType"));
+		response.setContentType((ESAPI.securityConfiguration()).getResponseContentType());
 	}
 
     /**
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultIntrusionDetector.java b/src/main/java/org/owasp/esapi/reference/DefaultIntrusionDetector.java
index 36c7e1265..d7b8f2b55 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultIntrusionDetector.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultIntrusionDetector.java
@@ -59,7 +59,7 @@ public DefaultIntrusionDetector() {
      * @param e
      */
 	public void addException(Exception e) {
-		if (ESAPI.securityConfiguration().getBooleanProp("IntrusionDetector.Disable")) return;
+		if (ESAPI.securityConfiguration().getDisableIntrusionDetection()) return;
 		
         if ( e instanceof EnterpriseSecurityException ) {
             logger.warning( Logger.SECURITY_FAILURE, ((EnterpriseSecurityException)e).getLogMessage(), e );
@@ -93,7 +93,7 @@ public void addException(Exception e) {
 	 * {@inheritDoc}
 	 */
     public void addEvent(String eventName, String logMessage) throws IntrusionException {
-    	if (ESAPI.securityConfiguration().getBooleanProp("IntrusionDetector.Disable")) return;
+    	if (ESAPI.securityConfiguration().getDisableIntrusionDetection()) return;
     	
         logger.warning( Logger.SECURITY_FAILURE, "Security event " + eventName + " received : " + logMessage );
 
@@ -122,7 +122,7 @@ public void addEvent(String eventName, String logMessage) throws IntrusionExcept
      * 		the message to log if the action is "log"
      */
     private void takeSecurityAction( String action, String message ) {
-    	if (ESAPI.securityConfiguration().getBooleanProp("IntrusionDetector.Disable")) return;
+    	if (ESAPI.securityConfiguration().getDisableIntrusionDetection()) return;
     	
         if ( action.equals( "log" ) ) {
             logger.fatal( Logger.SECURITY_FAILURE, "INTRUSION - " + message );
@@ -148,7 +148,7 @@ private void takeSecurityAction( String action, String message ) {
 	 * 			The name of the event that occurred.
 	 */
 	private void addSecurityEvent(User user, String eventName) {
-		if (ESAPI.securityConfiguration().getBooleanProp("IntrusionDetector.Disable")) return;
+		if (ESAPI.securityConfiguration().getDisableIntrusionDetection()) return;
 		
 		if ( user.isAnonymous() ) return;
 		
@@ -175,7 +175,7 @@ public Event( String key ) {
             this.key = key;
         }
         public void increment(int count, long interval) throws IntrusionException {
-        	if (ESAPI.securityConfiguration().getBooleanProp("IntrusionDetector.Disable")) return;
+        	if (ESAPI.securityConfiguration().getDisableIntrusionDetection()) return;
         	
             Date now = new Date();
             times.add( 0, now );
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultRandomizer.java b/src/main/java/org/owasp/esapi/reference/DefaultRandomizer.java
index 6d2434288..d7731c57b 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultRandomizer.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultRandomizer.java
@@ -54,7 +54,7 @@ public static Randomizer getInstance() {
     private final Logger logger = ESAPI.getLogger("Randomizer");
 
     private DefaultRandomizer() {
-        String algorithm = ESAPI.securityConfiguration().getStringProp("Encryptor.RandomAlgorithm");
+        String algorithm = ESAPI.securityConfiguration().getRandomAlgorithm();
         try {
             secureRandom = SecureRandom.getInstance(algorithm);
         } catch (NoSuchAlgorithmException e) {
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultUser.java b/src/main/java/org/owasp/esapi/reference/DefaultUser.java
index baf3bdca3..0ff656a2b 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultUser.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultUser.java
@@ -44,10 +44,10 @@ public class DefaultUser implements User, Serializable {
 	private static final long serialVersionUID = 1L;
 
 	/** The idle timeout length specified in the ESAPI config file. */
-	private static final int IDLE_TIMEOUT_LENGTH = ESAPI.securityConfiguration().getIntProp("Authenticator.IdleTimeoutDuration");
+	private static final int IDLE_TIMEOUT_LENGTH = ESAPI.securityConfiguration().getSessionIdleTimeoutLength();
 	
 	/** The absolute timeout length specified in the ESAPI config file. */
-	private static final int ABSOLUTE_TIMEOUT_LENGTH = ESAPI.securityConfiguration().getIntProp("Authenticator.AbsoluteTimeoutDuration");
+	private static final int ABSOLUTE_TIMEOUT_LENGTH = ESAPI.securityConfiguration().getSessionAbsoluteTimeoutLength();
 	
 	/** The logger used by the class. */
 	private transient final Logger logger = ESAPI.getLogger("DefaultUser");
@@ -425,7 +425,7 @@ public void loginWithPassword(String password) throws AuthenticationException {
 			loggedIn = false;
 			setLastFailedLoginTime(new Date());
 			incrementFailedLoginCount();
-			if (getFailedLoginCount() >= ESAPI.securityConfiguration().getIntProp("Authenticator.AllowedLoginAttempts")) {
+			if (getFailedLoginCount() >= ESAPI.securityConfiguration().getAllowedLoginAttempts()) {
 				lock();
 			}
 			throw new AuthenticationLoginException("Login failed", "Incorrect password provided for " + getAccountName() );
@@ -444,7 +444,7 @@ public void logout() {
             removeSession(session);
 			session.invalidate();
 		}
-		ESAPI.httpUtilities().killCookie(ESAPI.currentRequest(), ESAPI.currentResponse(), ESAPI.securityConfiguration().getStringProp("HttpUtilities.HttpSessionIdName"));
+		ESAPI.httpUtilities().killCookie(ESAPI.currentRequest(), ESAPI.currentResponse(), ESAPI.securityConfiguration().getHttpSessionIdName());
 		loggedIn = false;
 		logger.info(Logger.SECURITY_SUCCESS, "Logout successful" );
 		ESAPI.authenticator().setCurrentUser(User.ANONYMOUS);
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultValidator.java b/src/main/java/org/owasp/esapi/reference/DefaultValidator.java
index 81b7d805f..074b44dd1 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultValidator.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultValidator.java
@@ -771,7 +771,7 @@ public byte[] getValidFileContent(String context, byte[] input, int maxBytes, bo
    			throw new ValidationException( context + ": Input required", "Input required: context=" + context + ", input=" + input, context );
 		}
 
-		long esapiMaxBytes = ESAPI.securityConfiguration().getIntProp("HttpUtilities.MaxUploadFileBytes");
+		long esapiMaxBytes = ESAPI.securityConfiguration().getAllowedFileUploadSize();
 		if (input.length > esapiMaxBytes ) throw new ValidationException( context + ": Invalid file content can not exceed " + esapiMaxBytes + " bytes", "Exceeded ESAPI max length", context );
 		if (input.length > maxBytes ) throw new ValidationException( context + ": Invalid file content can not exceed " + maxBytes + " bytes", "Exceeded maxBytes ( " + input.length + ")", context );
 
diff --git a/src/main/java/org/owasp/esapi/reference/FileBasedAuthenticator.java b/src/main/java/org/owasp/esapi/reference/FileBasedAuthenticator.java
index ad4021086..cee3685ad 100644
--- a/src/main/java/org/owasp/esapi/reference/FileBasedAuthenticator.java
+++ b/src/main/java/org/owasp/esapi/reference/FileBasedAuthenticator.java
@@ -140,7 +140,7 @@ public static void main(String[] args) throws Exception {
     private void setHashedPassword(User user, String hash) {
         List<String> hashes = getAllHashedPasswords(user, true);
         hashes.add(0, hash);
-        if (hashes.size() > ESAPI.securityConfiguration().getIntProp("Authenticator.MaxOldPasswordHashes")) {
+        if (hashes.size() > ESAPI.securityConfiguration().getMaxOldPasswordHashes()) {
             hashes.remove(hashes.size() - 1);
         }
         logger.info(Logger.SECURITY_SUCCESS, "New hashed password stored for " + user.getAccountName());
diff --git a/src/main/java/org/owasp/esapi/reference/JavaLogFactory.java b/src/main/java/org/owasp/esapi/reference/JavaLogFactory.java
index 9ad257f51..0970818e8 100644
--- a/src/main/java/org/owasp/esapi/reference/JavaLogFactory.java
+++ b/src/main/java/org/owasp/esapi/reference/JavaLogFactory.java
@@ -121,13 +121,13 @@ private static class JavaLogger implements org.owasp.esapi.Logger {
         private String moduleName = null;
 
         /** The application name defined in ESAPI.properties */
-    	private String applicationName=ESAPI.securityConfiguration().getStringProp("Logger.ApplicationName");
+    	private String applicationName=ESAPI.securityConfiguration().getApplicationName();
 
         /** Log the application name? */
-    	private static boolean logAppName = ESAPI.securityConfiguration().getBooleanProp("Logger.LogApplicationName");
+    	private static boolean logAppName = ESAPI.securityConfiguration().getLogApplicationName();
 
     	/** Log the server ip? */
-    	private static boolean logServerIP = ESAPI.securityConfiguration().getBooleanProp("Logger.LogServerIP");
+    	private static boolean logServerIP = ESAPI.securityConfiguration().getLogServerIP();
     	
         /**
          * Public constructor should only ever be called via the appropriate LogFactory
@@ -296,7 +296,7 @@ private void log(Level level, EventType type, String message, Throwable throwabl
             
             // ensure no CRLF injection into logs for forging records
             String clean = message.replace( '\n', '_' ).replace( '\r', '_' );
-            if ( ESAPI.securityConfiguration().getBooleanProp("Logger.LogEncodingRequired") ) {
+            if ( ESAPI.securityConfiguration().getLogEncodingRequired() ) {
             	clean = ESAPI.encoder().encodeForHTML(message);
                 if (!message.equals(clean)) {
                     clean += " (Encoded)";
diff --git a/src/main/java/org/owasp/esapi/reference/Log4JLogger.java b/src/main/java/org/owasp/esapi/reference/Log4JLogger.java
index 569f3a37e..af7045663 100644
--- a/src/main/java/org/owasp/esapi/reference/Log4JLogger.java
+++ b/src/main/java/org/owasp/esapi/reference/Log4JLogger.java
@@ -41,13 +41,13 @@ public class Log4JLogger extends org.apache.log4j.Logger implements org.owasp.es
 	private static LoggerFactory factory = new Log4JLoggerFactory();
 
 	/** The application name using this log */
-	private static String applicationName = ESAPI.securityConfiguration().getStringProp("Logger.ApplicationName");
+	private static String applicationName = ESAPI.securityConfiguration().getApplicationName();
 
 	/** Log the application name? */
-	private static boolean logAppName = ESAPI.securityConfiguration().getBooleanProp("Logger.LogApplicationName");
+	private static boolean logAppName = ESAPI.securityConfiguration().getLogApplicationName();
 	
 	/** Log the server ip? */
-	private static boolean logServerIP = ESAPI.securityConfiguration().getBooleanProp("Logger.LogServerIP");
+	private static boolean logServerIP = ESAPI.securityConfiguration().getLogServerIP();
 
 	public Log4JLogger(String name) {
 		super(name);
@@ -423,7 +423,7 @@ private void log(Level level, EventType type, String message, Throwable throwabl
 
 		// ensure no CRLF injection into logs for forging records
 		String clean = message.replace('\n', '_').replace('\r', '_');
-		if (ESAPI.securityConfiguration().getBooleanProp("Logger.LogEncodingRequired")) {
+		if (ESAPI.securityConfiguration().getLogEncodingRequired()) {
 			clean = ESAPI.encoder().encodeForHTML(message);
 			if (!message.equals(clean)) {
 				clean += " (Encoded)";
diff --git a/src/main/java/org/owasp/esapi/reference/crypto/JavaEncryptor.java b/src/main/java/org/owasp/esapi/reference/crypto/JavaEncryptor.java
index aff901e2a..8190dab4a 100644
--- a/src/main/java/org/owasp/esapi/reference/crypto/JavaEncryptor.java
+++ b/src/main/java/org/owasp/esapi/reference/crypto/JavaEncryptor.java
@@ -209,9 +209,9 @@ public static void main( String[] args ) throws Exception {
         // setup algorithms -- Each of these have defaults if not set, although
 		//					   someone could set them to something invalid. If
 		//					   so a suitable exception will be thrown and displayed.
-        encryptAlgorithm = ESAPI.securityConfiguration().getStringProp("Encryptor.EncryptionAlgorithm");
-		encryptionKeyLength = ESAPI.securityConfiguration().getIntProp("Encryptor.EncryptionKeyLength");
-		randomAlgorithm = ESAPI.securityConfiguration().getStringProp("Encryptor.RandomAlgorithm");
+        encryptAlgorithm = ESAPI.securityConfiguration().getEncryptionAlgorithm();
+		encryptionKeyLength = ESAPI.securityConfiguration().getEncryptionKeyLength();
+		randomAlgorithm = ESAPI.securityConfiguration().getRandomAlgorithm();
 
 		SecureRandom random = SecureRandom.getInstance(randomAlgorithm);
 		SecretKey secretKey = CryptoHelper.generateSecretKey(encryptAlgorithm, encryptionKeyLength);
@@ -233,8 +233,8 @@ public static void main( String[] args ) throws Exception {
      * 					Original exception will be attached as the 'cause'.
      */
     private JavaEncryptor() throws EncryptionException {
-        byte[] salt = ESAPI.securityConfiguration().getByteArrayProp("Encryptor.MasterKey");
-        byte[] skey = ESAPI.securityConfiguration().getByteArrayProp("Encryptor.MasterSalt");
+        byte[] salt = ESAPI.securityConfiguration().getMasterSalt();
+        byte[] skey = ESAPI.securityConfiguration().getMasterKey();
 
         assert salt != null : "Can't obtain master salt, Encryptor.MasterSalt";
         assert salt.length >= 16 : "Encryptor.MasterSalt must be at least 16 bytes. " +
@@ -311,7 +311,7 @@ public String hash(String plaintext, String salt, int iterations) throws Encrypt
 		try {
 			MessageDigest digest = MessageDigest.getInstance(hashAlgorithm);
 			digest.reset();
-			digest.update(ESAPI.securityConfiguration().getByteArrayProp("Encryptor.MasterKey"));
+			digest.update(ESAPI.securityConfiguration().getMasterSalt());
 			digest.update(salt.getBytes(encoding));
 			digest.update(plaintext.getBytes(encoding));
 
@@ -351,14 +351,14 @@ public CipherText encrypt(SecretKey key, PlainText plain)
 			 throw new IllegalArgumentException("PlainText may arg not be null");
 		 }
 		 byte[] plaintext = plain.asBytes();
-		 boolean overwritePlaintext = ESAPI.securityConfiguration().getBooleanProp("Encryptor.PlainText.overwrite");
+		 boolean overwritePlaintext = ESAPI.securityConfiguration().overwritePlainText();
 
 		 boolean success = false;	// Used in 'finally' clause.
 		 String xform = null;
 		 int keySize = key.getEncoded().length * 8;	// Convert to # bits
 
 		try {
-			 xform = ESAPI.securityConfiguration().getStringProp("Encryptor.CipherTransformation");
+			 xform = ESAPI.securityConfiguration().getCipherTransformation();
              String[] parts = xform.split("/");
              assert parts.length == 3 : "Malformed cipher transformation: " + xform;
              String cipherMode = parts[1];
@@ -383,7 +383,7 @@ public CipherText encrypt(SecretKey key, PlainText plain)
 			 //        and this method will just call that one.
 			 Cipher encrypter = Cipher.getInstance(xform);
 			 String cipherAlg = encrypter.getAlgorithm();
-			 int keyLen = ESAPI.securityConfiguration().getIntProp("Encryptor.EncryptionKeyLength");
+			 int keyLen = ESAPI.securityConfiguration().getEncryptionKeyLength();
 
 			 // DISCUSS: OK, what do we want to do here if keyLen != keySize? If use keyLen, encryption
 			 //		     could fail with an exception, but perhaps that's what we want. Or we may just be
@@ -475,12 +475,12 @@ public CipherText encrypt(SecretKey key, PlainText plain)
 			 }
 			 
 			 if ( cipherSpec.requiresIV() ) {
-				 String ivType = ESAPI.securityConfiguration().getStringProp("Encryptor.ChooseIVMethod");
+				 String ivType = ESAPI.securityConfiguration().getIVType();
 				 IvParameterSpec ivSpec = null;
 				 if ( ivType.equalsIgnoreCase("random") ) {
 					 ivBytes = ESAPI.randomizer().getRandomBytes(encrypter.getBlockSize());
 				 } else if ( ivType.equalsIgnoreCase("fixed") ) {
-					 String fixedIVAsHex = ESAPI.securityConfiguration().getStringProp("Encryptor.fixedIV");
+					 String fixedIVAsHex = ESAPI.securityConfiguration().getFixedIV();
 					 ivBytes = Hex.decode(fixedIVAsHex);
 					 /* FUTURE		 } else if ( ivType.equalsIgnoreCase("specified")) {
 					 		// FUTURE - TODO  - Create instance of specified class to use for IV generation and
@@ -912,7 +912,7 @@ public String computeHMAC( String input ) throws EncryptionException {
 			//			perhaps a derived key based on the master salt. (One could use
 			//			KeyDerivationFunction.computeDerivedKey().)
 			//
-			byte[] salt = ESAPI.securityConfiguration().getByteArrayProp("Encryptor.MasterKey");
+			byte[] salt = ESAPI.securityConfiguration().getMasterSalt();
 			hmac.init( new SecretKeySpec(salt, "HMacSHA1") );	// Was:	hmac.init(secretKeySpec)	
 			byte[] inBytes;
 			try {
@@ -965,7 +965,7 @@ private void logWarning(String where, String msg) {
     private KeyDerivationFunction.PRF_ALGORITHMS getPRF(String name) {    	
 		String prfName = null;
 		if ( name == null ) {
-			prfName = ESAPI.securityConfiguration().getStringProp("Encryptor.KDF.PRF");
+			prfName = ESAPI.securityConfiguration().getKDFPseudoRandomFunction();
 		} else {
 			prfName = name;
 		}
@@ -974,7 +974,7 @@ private KeyDerivationFunction.PRF_ALGORITHMS getPRF(String name) {
     }
     
     private KeyDerivationFunction.PRF_ALGORITHMS getDefaultPRF() {
-		String prfName = ESAPI.securityConfiguration().getStringProp("Encryptor.KDF.PRF");
+		String prfName = ESAPI.securityConfiguration().getKDFPseudoRandomFunction();
 		return getPRF(prfName);
     }
     
@@ -1009,14 +1009,14 @@ private SecretKey computeDerivedKey(int kdfVersion, KeyDerivationFunction.PRF_AL
     // Get all the algorithms we will be using from ESAPI.properties.
     private static void setupAlgorithms() {
         // setup algorithms
-        encryptAlgorithm = ESAPI.securityConfiguration().getStringProp("Encryptor.EncryptionAlgorithm");
-        signatureAlgorithm = ESAPI.securityConfiguration().getStringProp("Encryptor.DigitalSignatureAlgorithm");
-        randomAlgorithm = ESAPI.securityConfiguration().getStringProp("Encryptor.RandomAlgorithm");
-        hashAlgorithm = ESAPI.securityConfiguration().getStringProp("Encryptor.HashAlgorithm");
-        hashIterations = ESAPI.securityConfiguration().getIntProp("Encryptor.HashIterations");
-        encoding = ESAPI.securityConfiguration().getStringProp("Encryptor.CharacterEncoding");
-        encryptionKeyLength = ESAPI.securityConfiguration().getIntProp("Encryptor.EncryptionKeyLength");
-        signatureKeyLength = ESAPI.securityConfiguration().getIntProp("Encryptor.DigitalSignatureKeyLength");
+        encryptAlgorithm = ESAPI.securityConfiguration().getEncryptionAlgorithm();
+        signatureAlgorithm = ESAPI.securityConfiguration().getDigitalSignatureAlgorithm();
+        randomAlgorithm = ESAPI.securityConfiguration().getRandomAlgorithm();
+        hashAlgorithm = ESAPI.securityConfiguration().getHashAlgorithm();
+        hashIterations = ESAPI.securityConfiguration().getHashIterations();
+        encoding = ESAPI.securityConfiguration().getCharacterEncoding();
+        encryptionKeyLength = ESAPI.securityConfiguration().getEncryptionKeyLength();
+        signatureKeyLength = ESAPI.securityConfiguration().getDigitalSignatureKeyLength();
     }
     
     // Set up signing key pair using the master password and salt. Called (once)
diff --git a/src/main/java/org/owasp/esapi/reference/validation/DateValidationRule.java b/src/main/java/org/owasp/esapi/reference/validation/DateValidationRule.java
index f37f72097..8d031a12f 100644
--- a/src/main/java/org/owasp/esapi/reference/validation/DateValidationRule.java
+++ b/src/main/java/org/owasp/esapi/reference/validation/DateValidationRule.java
@@ -53,7 +53,7 @@ public final void setDateFormat( DateFormat newFormat ) {
 		}
 */
         this.format = newFormat;
-        this.format.setLenient( ESAPI.securityConfiguration().getBooleanProp("Validator.AcceptLenientDates") );
+        this.format.setLenient( ESAPI.securityConfiguration().getLenientDatesAccepted() );
     }
 
     /**
diff --git a/src/main/java/org/owasp/esapi/waf/configuration/ConfigurationParser.java b/src/main/java/org/owasp/esapi/waf/configuration/ConfigurationParser.java
index 68728cd25..4eba04e73 100644
--- a/src/main/java/org/owasp/esapi/waf/configuration/ConfigurationParser.java
+++ b/src/main/java/org/owasp/esapi/waf/configuration/ConfigurationParser.java
@@ -68,7 +68,7 @@ public class ConfigurationParser {
 	static {
 		String sessionIdName = null;
 		try {
-			sessionIdName = ESAPI.securityConfiguration().getStringProp("HttpUtilities.HttpSessionIdName");
+			sessionIdName = ESAPI.securityConfiguration().getHttpSessionIdName();
 		} catch (Throwable t) {
 			sessionIdName = "JSESSIONID";	// If all else fails...
 		}
diff --git a/src/test/java/org/owasp/esapi/SecurityConfigurationWrapper.java b/src/test/java/org/owasp/esapi/SecurityConfigurationWrapper.java
index efe655aa7..769c9eced 100644
--- a/src/test/java/org/owasp/esapi/SecurityConfigurationWrapper.java
+++ b/src/test/java/org/owasp/esapi/SecurityConfigurationWrapper.java
@@ -45,7 +45,7 @@ public SecurityConfiguration getWrappedSecurityConfiguration()
 	// @Override
 	public String getApplicationName()
 	{
-		return wrapped.getStringProp("Logger.ApplicationName");
+		return wrapped.getApplicationName();
 	}
 	
 	/**
@@ -54,7 +54,7 @@ public String getApplicationName()
 	// @Override
 	public String getLogImplementation()
 	{
-		return wrapped.getStringProp("ESAPI.Logger");
+		return wrapped.getLogImplementation();
 	}
 	
 	/**
@@ -63,7 +63,7 @@ public String getLogImplementation()
 	// @Override
 	public String getAuthenticationImplementation()
 	{
-		return wrapped.getStringProp("ESAPI.Authenticator");
+		return wrapped.getAuthenticationImplementation();
 	}
 	
 	/**
@@ -72,7 +72,7 @@ public String getAuthenticationImplementation()
 	// @Override
 	public String getEncoderImplementation()
 	{
-		return wrapped.getStringProp("ESAPI.Encoder");
+		return wrapped.getEncoderImplementation();
 	}
 	
 	/**
@@ -81,7 +81,7 @@ public String getEncoderImplementation()
 	// @Override
 	public String getAccessControlImplementation()
 	{
-		return wrapped.getStringProp("ESAPI.AccessControl");
+		return wrapped.getAccessControlImplementation();
 	}
 	
 	/**
@@ -90,7 +90,7 @@ public String getAccessControlImplementation()
 	// @Override
 	public String getIntrusionDetectionImplementation()
 	{
-		return wrapped.getStringProp("ESAPI.IntrusionDetector");
+		return wrapped.getIntrusionDetectionImplementation();
 	}
 	
 	/**
@@ -99,7 +99,7 @@ public String getIntrusionDetectionImplementation()
 	// @Override
 	public String getRandomizerImplementation()
 	{
-		return wrapped.getStringProp("ESAPI.Randomizer");
+		return wrapped.getRandomizerImplementation();
 	}
 	
 	/**
@@ -108,7 +108,7 @@ public String getRandomizerImplementation()
 	// @Override
 	public String getEncryptionImplementation()
 	{
-		return wrapped.getStringProp("ESAPI.Encryptor");
+		return wrapped.getEncryptionImplementation();
 	}
 	
 	/**
@@ -117,7 +117,7 @@ public String getEncryptionImplementation()
 	// @Override
 	public String getValidationImplementation()
 	{
-		return wrapped.getStringProp("ESAPI.Validator");
+		return wrapped.getValidationImplementation();
 	}
 	
 	/**
@@ -135,7 +135,7 @@ public Pattern getValidationPattern( String typeName )
 	// @Override
 	public String getExecutorImplementation()
 	{
-		return wrapped.getStringProp("ESAPI.Executor");
+		return wrapped.getExecutorImplementation();
 	}
 	
 	/**
@@ -144,7 +144,7 @@ public String getExecutorImplementation()
 	// @Override
 	public String getHTTPUtilitiesImplementation()
 	{
-		return wrapped.getStringProp("ESAPI.HTTPUtilities");
+		return wrapped.getHTTPUtilitiesImplementation();
 	}
 	
 	/**
@@ -153,7 +153,7 @@ public String getHTTPUtilitiesImplementation()
 	// @Override
 	public byte[] getMasterKey()
 	{
-		return wrapped.getByteArrayProp("Encryptor.MasterSalt");
+		return wrapped.getMasterKey();
 	}
 
 	/**
@@ -180,7 +180,7 @@ public File getUploadTempDirectory()
 	// @Override
 	public int getEncryptionKeyLength()
 	{
-		return wrapped.getIntProp("Encryptor.EncryptionKeyLength");
+		return wrapped.getEncryptionKeyLength();
 	}
     
 	/**
@@ -189,7 +189,7 @@ public int getEncryptionKeyLength()
 	// @Override
 	public byte[] getMasterSalt()
 	{
-		return wrapped.getByteArrayProp("Encryptor.MasterKey");
+		return wrapped.getMasterSalt();
 	}
 
 	/**
@@ -216,7 +216,7 @@ public List getAllowedFileExtensions()
 	// @Override
 	public int getAllowedFileUploadSize()
 	{
-		return wrapped.getIntProp("HttpUtilities.MaxUploadFileBytes");
+		return wrapped.getAllowedFileUploadSize();
 	}
 
 	/**
@@ -225,7 +225,7 @@ public int getAllowedFileUploadSize()
 	// @Override
 	public String getPasswordParameterName()
 	{
-		return wrapped.getStringProp("PasswordParameterName");
+		return wrapped.getPasswordParameterName();
 	}
 
 	/**
@@ -234,7 +234,7 @@ public String getPasswordParameterName()
 	// @Override
 	public String getUsernameParameterName()
 	{
-		return wrapped.getStringProp("Authenticator.UsernameParameterName");
+		return wrapped.getUsernameParameterName();
 	}
 
 	/**
@@ -243,7 +243,7 @@ public String getUsernameParameterName()
 	// @Override
 	public String getEncryptionAlgorithm()
 	{
-		return wrapped.getStringProp("Encryptor.EncryptionAlgorithm");
+		return wrapped.getEncryptionAlgorithm();
 	}
 
 	/**
@@ -252,7 +252,7 @@ public String getEncryptionAlgorithm()
 	// @Override
 	public String getCipherTransformation()
 	{
-		return wrapped.getStringProp("Encryptor.CipherTransformation");
+		return wrapped.getCipherTransformation();
 	}
 
 	/**
@@ -270,7 +270,7 @@ public String setCipherTransformation(String cipherXform)
 	// @Override
 	public boolean useMACforCipherText()
 	{
-		return wrapped.getBooleanProp("Encryptor.CipherText.useMAC");
+		return wrapped.useMACforCipherText();
 	}
 
 	/**
@@ -279,7 +279,7 @@ public boolean useMACforCipherText()
 	// @Override
 	public boolean overwritePlainText()
 	{
-		return wrapped.getBooleanProp("Encryptor.PlainText.overwrite");
+		return wrapped.overwritePlainText();
 	}
 
 	/**
@@ -288,7 +288,7 @@ public boolean overwritePlainText()
 	// @Override
 	public String getIVType()
 	{
-		return wrapped.getStringProp("Encryptor.ChooseIVMethod");
+		return wrapped.getIVType();
 	}
 
 	/**
@@ -297,7 +297,7 @@ public String getIVType()
 	// @Override
 	public String getFixedIV()
 	{
-		return wrapped.getStringProp("Encryptor.fixedIV");
+		return wrapped.getFixedIV();
 	}
 
 	/**
@@ -306,7 +306,7 @@ public String getFixedIV()
 	// @Override
 	public String getHashAlgorithm()
 	{
-		return wrapped.getStringProp("Encryptor.HashAlgorithm");
+		return wrapped.getHashAlgorithm();
 	}
 
 	/**
@@ -315,7 +315,7 @@ public String getHashAlgorithm()
 	// @Override
 	public int getHashIterations()
 	{
-		return wrapped.getIntProp("Encryptor.HashIterations");
+		return wrapped.getHashIterations();
 	}
 
 	/**
@@ -324,7 +324,7 @@ public int getHashIterations()
 	// @Override
 	public String getCharacterEncoding()
 	{
-		return wrapped.getStringProp("HttpUtilities.CharacterEncoding");
+		return wrapped.getCharacterEncoding();
 	}
 
 	/**
@@ -333,7 +333,7 @@ public String getCharacterEncoding()
 	// @Override
 	public boolean getAllowMultipleEncoding()
 	{
-		return wrapped.getBooleanProp("Encoder.AllowMultipleEncoding");
+		return wrapped.getAllowMultipleEncoding();
 	}
 
 	/**
@@ -342,7 +342,7 @@ public boolean getAllowMultipleEncoding()
 	// @Override
 	public boolean getAllowMixedEncoding()
 	{
-		return wrapped.getBooleanProp("Encoder.AllowMixedEncoding");
+		return wrapped.getAllowMixedEncoding();
 	}
 
 	/**
@@ -360,7 +360,7 @@ public List getDefaultCanonicalizationCodecs()
 	// @Override
 	public String getDigitalSignatureAlgorithm()
 	{
-		return wrapped.getStringProp("Encryptor.DigitalSignatureAlgorithm");
+		return wrapped.getDigitalSignatureAlgorithm();
 	}
 
 	/**
@@ -369,7 +369,7 @@ public String getDigitalSignatureAlgorithm()
 	// @Override
 	public int getDigitalSignatureKeyLength()
 	{
-		return wrapped.getIntProp("Encryptor.DigitalSignatureKeyLength");
+		return wrapped.getDigitalSignatureKeyLength();
 	}
 		   
 	/**
@@ -378,7 +378,7 @@ public int getDigitalSignatureKeyLength()
 	// @Override
 	public String getRandomAlgorithm()
 	{
-		return wrapped.getStringProp("Encryptor.RandomAlgorithm");
+		return wrapped.getRandomAlgorithm();
 	}
 
 	/**
@@ -387,7 +387,7 @@ public String getRandomAlgorithm()
 	// @Override
 	public int getAllowedLoginAttempts()
 	{
-		return wrapped.getIntProp("Authenticator.AllowedLoginAttempts");
+		return wrapped.getAllowedLoginAttempts();
 	}
 
 	/**
@@ -396,7 +396,7 @@ public int getAllowedLoginAttempts()
 	// @Override
 	public int getMaxOldPasswordHashes()
 	{
-		return wrapped.getIntProp("Authenticator.MaxOldPasswordHashes");
+		return wrapped.getMaxOldPasswordHashes();
 	}
 
 	/**
@@ -423,7 +423,7 @@ public File getResourceFile( String filename )
 	// @Override
 	public boolean getForceHttpOnlySession() 
 	{
-		return wrapped.getBooleanProp("HttpUtilities.ForceHttpOnlySession");
+		return wrapped.getForceHttpOnlySession();
 	}
 
 	/**
@@ -432,7 +432,7 @@ public boolean getForceHttpOnlySession()
 	// @Override
 	public boolean getForceSecureSession() 
 	{
-		return wrapped.getBooleanProp("HttpUtilities.ForceSecureSession");
+		return wrapped.getForceSecureSession();
 	}
 
 	/**
@@ -441,7 +441,7 @@ public boolean getForceSecureSession()
 	// @Override
 	public boolean getForceHttpOnlyCookies()
 	{
-		return wrapped.getBooleanProp("HttpUtilities.ForceHttpOnlyCookies");
+		return wrapped.getForceHttpOnlyCookies();
 	}
 
 	/**
@@ -450,7 +450,7 @@ public boolean getForceHttpOnlyCookies()
 	// @Override
 	public boolean getForceSecureCookies()
 	{
-		return wrapped.getBooleanProp("HttpUtilities.ForceSecureCookies");
+		return wrapped.getForceSecureCookies();
 	}
 
 	/**
@@ -458,7 +458,7 @@ public boolean getForceSecureCookies()
 	 */
 	// @Override
 	public int getMaxHttpHeaderSize() {
-        return wrapped.getIntProp("HttpUtilities.MaxHeaderValueSize");
+        return wrapped.getMaxHttpHeaderSize();
 	}
 
 	/**
@@ -486,7 +486,7 @@ public void setResourceDirectory(String dir)
 	// @Override
 	public String getResponseContentType()
 	{
-		return wrapped.getStringProp("HttpUtilities.ResponseContentType");
+		return wrapped.getResponseContentType();
 	}
 
 	/**
@@ -494,7 +494,7 @@ public String getResponseContentType()
 	 */
 	// @Override
 	public String getHttpSessionIdName() {
-		return wrapped.getStringProp("HttpUtilities.HttpSessionIdName");
+		return wrapped.getHttpSessionIdName();
 	}
 	
 	/**
@@ -512,7 +512,7 @@ public long getRememberTokenDuration()
 	// @Override
 	public int getSessionIdleTimeoutLength()
 	{
-		return wrapped.getIntProp("HttpUtilities.HTTPJSESSIONIDLENGTH");
+		return wrapped.getSessionIdleTimeoutLength();
 	}
 	
 	/**
@@ -521,7 +521,7 @@ public int getSessionIdleTimeoutLength()
 	// @Override
 	public int getSessionAbsoluteTimeoutLength()
 	{
-		return wrapped.getIntProp("Authenticator.AbsoluteTimeoutDuration");
+		return wrapped.getSessionAbsoluteTimeoutLength();
 	}
 	
 	/**
@@ -530,7 +530,7 @@ public int getSessionAbsoluteTimeoutLength()
 	// @Override
 	public boolean getLogEncodingRequired()
 	{
-		return wrapped.getBooleanProp("Logger.LogEncodingRequired");
+		return wrapped.getLogEncodingRequired();
 	}
 	
 	/**
@@ -539,7 +539,7 @@ public boolean getLogEncodingRequired()
 	// @Override
 	public boolean getLogApplicationName()
 	{
-		return wrapped.getBooleanProp("Logger.LogApplicationName");
+		return wrapped.getLogApplicationName();
 	}
 
 	/**
@@ -548,16 +548,25 @@ public boolean getLogApplicationName()
 	// @Override
 	public boolean getLogServerIP()
 	{
-		return wrapped.getBooleanProp("Logger.LogServerIP");
+		return wrapped.getLogServerIP();
 	}
 
+	/**
+	 * {@inheritDoc}
+	 */
+	// @Override
+	public int getLogLevel()
+	{
+		return wrapped.getLogLevel();
+	}
+	
 	/**
 	 * {@inheritDoc}
 	 */
 	// @Override
 	public String getLogFileName()
 	{
-		return wrapped.getStringProp("Logger.LogFileName");
+		return wrapped.getLogFileName();
 	}
 
 	/**
@@ -566,7 +575,7 @@ public String getLogFileName()
 	// @Override
 	public int getMaxLogFileSize()
 	{
-	 	return wrapped.getIntProp("Logger.MaxLogFileSize");
+	 	return wrapped.getMaxLogFileSize();
 	}
 
 	@Override
@@ -618,7 +627,7 @@ public List<String> getCombinedCipherModes() {
      * {@inheritDoc}
      */
     public String getPreferredJCEProvider() {
-        return wrapped.getStringProp("Encryptor.PreferredJCEProvider");
+        return wrapped.getPreferredJCEProvider();
     }
 
 	/**
@@ -626,7 +635,7 @@ public String getPreferredJCEProvider() {
 	 */
 	// @Override
 	public boolean getDisableIntrusionDetection() {
-		return wrapped.getBooleanProp("IntrusionDetector.Disable");
+		return wrapped.getDisableIntrusionDetection();
 	}
 
 	/**
@@ -634,13 +643,13 @@ public boolean getDisableIntrusionDetection() {
 	 */
 	// @Override
 	public String getKDFPseudoRandomFunction() {
-		return wrapped.getStringProp("Encryptor.KDF.PRF");
+		return wrapped.getKDFPseudoRandomFunction();
 	}
 
 	/**
 	 * {@inheritDoc}
 	 */
 	public boolean getLenientDatesAccepted() {
-		return wrapped.getBooleanProp("Validator.AcceptLenientDates");
+		return wrapped.getLenientDatesAccepted();
 	}
 }
diff --git a/src/test/java/org/owasp/esapi/crypto/CipherSpecTest.java b/src/test/java/org/owasp/esapi/crypto/CipherSpecTest.java
index 951db1e2a..8f808880f 100644
--- a/src/test/java/org/owasp/esapi/crypto/CipherSpecTest.java
+++ b/src/test/java/org/owasp/esapi/crypto/CipherSpecTest.java
@@ -31,7 +31,7 @@ public class CipherSpecTest extends TestCase {
 	@Before public void setUp() throws Exception {
 			// This will throw ConfigurationException if IV type is not set to
 			// 'fixed', which it's not. (We have it set to 'random'.)
-		// myIV = Hex.decode( ESAPI.securityConfiguration().getStringProp("Encryptor.fixedIV") );
+		// myIV = Hex.decode( ESAPI.securityConfiguration().getFixedIV() );
 		myIV = Hex.decode( "0x000102030405060708090a0b0c0d0e0f" );
 
 		dfltAESCipher   = Cipher.getInstance("AES");
@@ -95,9 +95,9 @@ public class CipherSpecTest extends TestCase {
 		assertTrue( myIV.length > 0 );
 		cipherSpec = new CipherSpec(myIV);
 		assertTrue( cipherSpec.getKeySize() == 
-						ESAPI.securityConfiguration().getIntProp("Encryptor.EncryptionKeyLength") );
+						ESAPI.securityConfiguration().getEncryptionKeyLength() );
 		assertTrue( cipherSpec.getCipherTransformation().equals(
-						ESAPI.securityConfiguration().getStringProp("Encryptor.CipherTransformation") ) );
+						ESAPI.securityConfiguration().getCipherTransformation() ) );
 	}
 
 	/** Test CipherSpec() */
@@ -138,7 +138,7 @@ public class CipherSpecTest extends TestCase {
 	/** Test getKeySize() */
 	@Test public void testGetKeySize() {
 		assertTrue( (new CipherSpec()).getKeySize() ==
-			ESAPI.securityConfiguration().getIntProp("Encryptor.EncryptionKeyLength") );
+			ESAPI.securityConfiguration().getEncryptionKeyLength() );
 	}
 
 	/** Test setBlockSize() */
diff --git a/src/test/java/org/owasp/esapi/crypto/SecurityProviderLoaderTest.java b/src/test/java/org/owasp/esapi/crypto/SecurityProviderLoaderTest.java
index 4f597b45d..cba2da0ae 100644
--- a/src/test/java/org/owasp/esapi/crypto/SecurityProviderLoaderTest.java
+++ b/src/test/java/org/owasp/esapi/crypto/SecurityProviderLoaderTest.java
@@ -67,7 +67,7 @@ public final void testInsertProviderAt() {
     @Test
     public final void testLoadESAPIPreferredJCEProvider() {
         // Note: OK if empty string or unset, in fact default is empty string.
-        String preferredProvider = ESAPI.securityConfiguration().getStringProp("Encryptor.PreferredJCEProvider");
+        String preferredProvider = ESAPI.securityConfiguration().getPreferredJCEProvider();
         try {
             SecurityProviderLoader.loadESAPIPreferredJCEProvider();
             assertTrue(true);
diff --git a/src/test/java/org/owasp/esapi/reference/DefaultSecurityConfigurationTest.java b/src/test/java/org/owasp/esapi/reference/DefaultSecurityConfigurationTest.java
index 8f786460e..14d7bab6e 100644
--- a/src/test/java/org/owasp/esapi/reference/DefaultSecurityConfigurationTest.java
+++ b/src/test/java/org/owasp/esapi/reference/DefaultSecurityConfigurationTest.java
@@ -440,7 +440,7 @@ public void DefaultSearchPathEnumChanges(){
 	}
 	
 	@Test
-	public void defaultPropertiesTest() throws Exception{
+	public void defaultPropertiesTest(){
 		SecurityConfiguration sc = ESAPI.securityConfiguration();
 //		# Maximum size of JSESSIONID for the application--the validator regex may have additional values.  
 //		HttpUtilities.HTTPJSESSIONIDLENGTH=50
@@ -478,50 +478,5 @@ public void defaultPropertiesTest() throws Exception{
 //		# Maximum length of a redirect 
 //		HttpUtilities.maxRedirectLength=512
 		assertEquals(512, sc.getIntProp("HttpUtilities.maxRedirectLength"));
-		assertEquals("org.owasp.esapi.reference.DefaultAccessController",sc.getStringProp("ESAPI.AccessControl"));
-		assertEquals("org.owasp.esapi.reference.FileBasedAuthenticator", sc.getStringProp("ESAPI.Authenticator"));
-		assertEquals("org.owasp.esapi.reference.DefaultEncoder", sc.getStringProp("ESAPI.Encoder"));
-		assertEquals("org.owasp.esapi.reference.crypto.JavaEncryptor", sc.getStringProp("ESAPI.Encryptor"));
-		assertEquals("org.owasp.esapi.reference.DefaultExecutor", sc.getStringProp("ESAPI.Executor"));
-		assertEquals("org.owasp.esapi.reference.DefaultHTTPUtilities", sc.getStringProp("ESAPI.HTTPUtilities"));
-		assertEquals("org.owasp.esapi.reference.DefaultIntrusionDetector", sc.getStringProp("ESAPI.IntrusionDetector"));
-		assertEquals("org.owasp.esapi.reference.Log4JLogFactory",sc.getStringProp("ESAPI.Logger"));
-		assertEquals("org.owasp.esapi.reference.DefaultRandomizer", sc.getStringProp("ESAPI.Randomizer"));
-		assertEquals("org.owasp.esapi.reference.DefaultValidator", sc.getStringProp("ESAPI.Validator"));
-		assertEquals(500000000, sc.getIntProp("HttpUtilities.MaxUploadFileBytes"));
-		assertEquals(true, sc.getBooleanProp("HttpUtilities.ForceHttpOnlyCookies"));
-		assertEquals(true, sc.getBooleanProp("HttpUtilities.ForceSecureCookies"));
-		assertEquals("JSESSIONID", sc.getStringProp("HttpUtilities.HttpSessionIdName"));
-		assertEquals("text/html; charset=UTF-8", sc.getStringProp("HttpUtilities.ResponseContentType"));
-		assertEquals(3, sc.getIntProp("Authenticator.AllowedLoginAttempts"));
-		assertEquals(20, sc.getIntProp("Authenticator.IdleTimeoutDuration"));
-		assertEquals("UTF-8", sc.getStringProp("HttpUtilities.CharacterEncoding"));
-		assertEquals(false, sc.getBooleanProp("Encoder.AllowMultipleEncoding"));
-		assertEquals(false, sc.getBooleanProp("Encoder.AllowMixedEncoding"));
-		
-		assertEquals("ExampleApplication", sc.getStringProp("Logger.ApplicationName"));
-		assertEquals(true, sc.getBooleanProp("Logger.LogApplicationName"));
-		assertEquals(true, sc.getBooleanProp("Logger.LogServerIP"));
-		assertEquals(false, sc.getBooleanProp("Logger.LogEncodingRequired"));
-		assertEquals(10000000, sc.getIntProp("Logger.MaxLogFileSize"));
-		
-		assertEquals("AES", sc.getStringProp("Encryptor.EncryptionAlgorithm"));
-		assertEquals(128, sc.getIntProp("Encryptor.EncryptionKeyLength"));
-		assertEquals("SHA1PRNG", sc.getStringProp("Encryptor.RandomAlgorithm"));
-		assertEquals("HmacSHA256", sc.getStringProp("Encryptor.KDF.PRF"));
-		assertEquals("a6H9is3hEVGKB4Jut+lOVA==", sc.getStringProp("Encryptor.MasterKey"));
-		assertEquals("SbftnvmEWD5ZHHP+pX3fqugNysc=", sc.getStringProp("Encryptor.MasterSalt"));
-		assertEquals(true, sc.getBooleanProp("Encryptor.PlainText.overwrite"));
-		assertEquals("AES/CBC/PKCS5Padding", sc.getStringProp("Encryptor.CipherTransformation"));
-		assertEquals("random", sc.getStringProp("Encryptor.ChooseIVMethod"));
-		assertEquals("0x000102030405060708090a0b0c0d0e0f", sc.getStringProp("Encryptor.fixedIV"));
-		assertEquals("SHA1withDSA", sc.getStringProp("Encryptor.DigitalSignatureAlgorithm"));
-		assertEquals("SHA-512", sc.getStringProp("Encryptor.HashAlgorithm"));
-		assertEquals(1024, sc.getIntProp("Encryptor.HashIterations"));
-		assertEquals("UTF-8", sc.getStringProp("Encryptor.CharacterEncoding"));
-		assertEquals(false, sc.getBooleanProp("IntrusionDetector.Disable"));
-		assertEquals(true, sc.getBooleanProp("Encryptor.CipherText.useMAC"));
-		assertEquals(13, sc.getIntProp("Authenticator.MaxOldPasswordHashes"));
-		assertEquals("ESAPI_logging_file", sc.getStringProp("Logger.LogFileName"));
 	}
 }
diff --git a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
index 874e47493..f5a8fb330 100644
--- a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
+++ b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
@@ -150,7 +150,7 @@ public void testGetValidDate() throws Exception {
     //		  Validator.AcceptLenientDates to be false.
     public void testLenientDate() {
     	System.out.println("testLenientDate");
-    	boolean acceptLenientDates = ESAPI.securityConfiguration().getBooleanProp("Validator.AcceptLenientDates");
+    	boolean acceptLenientDates = ESAPI.securityConfiguration().getLenientDatesAccepted();
     	if ( acceptLenientDates ) {
     		assertTrue("Lenient date test skipped because Validator.AcceptLenientDates set to true", true);
     		return;
diff --git a/src/test/java/org/owasp/esapi/reference/crypto/EncryptorTest.java b/src/test/java/org/owasp/esapi/reference/crypto/EncryptorTest.java
index a585be63a..787464cb8 100644
--- a/src/test/java/org/owasp/esapi/reference/crypto/EncryptorTest.java
+++ b/src/test/java/org/owasp/esapi/reference/crypto/EncryptorTest.java
@@ -279,7 +279,7 @@ private String runNewEncryptDecryptTestCase(String cipherXform, int keySize, byt
 
 	    	// If we are supposed to have overwritten the plaintext, check this to see
 	    	// if origPlainText was indeed overwritten.
-			boolean overwritePlaintext = ESAPI.securityConfiguration().getBooleanProp("Encryptor.PlainText.overwrite");
+			boolean overwritePlaintext = ESAPI.securityConfiguration().overwritePlainText();
 			if ( overwritePlaintext ) {
 				assertTrue( isPlaintextOverwritten(plaintext) );
 			}
@@ -296,7 +296,7 @@ private String runNewEncryptDecryptTestCase(String cipherXform, int keySize, byt
 	    	@SuppressWarnings("deprecation")
 			String previousCipherXform = ESAPI.securityConfiguration().setCipherTransformation(null);
 	    	assertTrue( previousCipherXform.equals( cipherXform ) );
-	    	String defaultCipherXform = ESAPI.securityConfiguration().getStringProp("Encryptor.CipherTransformation");
+	    	String defaultCipherXform = ESAPI.securityConfiguration().getCipherTransformation();
 	    	assertTrue( defaultCipherXform.equals( oldCipherXform ) );
 	    	
 	    	return ciphertext.getEncodedIVCipherText();

From 60394ce98604df716cbda96086c30890b84b595a Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 30 Jul 2017 20:54:41 -0400
Subject: [PATCH 432/812] Replace several assertions with explict checks and
 added comments.

---
 .../org/owasp/esapi/crypto/CipherText.java    | 24 +++++++++++++++----
 1 file changed, 19 insertions(+), 5 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/crypto/CipherText.java b/src/main/java/org/owasp/esapi/crypto/CipherText.java
index 66242d78f..b327d1a2f 100644
--- a/src/main/java/org/owasp/esapi/crypto/CipherText.java
+++ b/src/main/java/org/owasp/esapi/crypto/CipherText.java
@@ -573,6 +573,11 @@ public void setIVandCiphertext(byte[] iv, byte[] ciphertext)
                                                   "Cipher mode " + getCipherMode() + " has null or empty IV");
                 }
             } else if ( iv.length != getBlockSize() ) {
+// TODO: FIXME: As per email from Jeff Walton to Kevin Wall dated 12/03/2013,
+//			  this is not always true. E.g., for CCM, the IV length is supposed
+//			  to be 7, 8,  7, 8, 9, 10, 11, 12, or 13 octets because of
+//			  it's formatting function, the restof the octets used by the
+//			  nonce/counter.
                     throw new EncryptionException("Encryption failed -- bad parameters passed to encrypt",  // DISCUSS - also log? See below.
                                                   "IV length does not match cipher block size of " + getBlockSize());
             }
@@ -604,7 +609,6 @@ int kdfPRFAsInt() {
     }
     
     public void setKDF_PRF(int prfSelection) {
-        assert prfSelection >= 0 && prfSelection <= 15 : "kdfPrf == " + prfSelection + " must be between 0 and 15.";
         if ( prfSelection < 0 || prfSelection > 15 ) {
             throw new IllegalArgumentException("kdfPrf == " + prfSelection + " must be between 0 and 15, inclusive.");
         }
@@ -874,15 +878,25 @@ private void received(EnumSet<CipherTextFlags> ctSet) {
      */
 	public int getKDFInfo() {
 		final int unusedBit28 = 0x8000000;  // 1000000000000000000000000000
-		
+	
 		// 		kdf version is bits 1-27, bit 28 (reserved) should be 0, and
 		//		bits 29-32 are the MAC algorithm indicating which PRF to use for the KDF.
 		int kdfVers = this.getKDFVersion();
-		assert CryptoHelper.isValidKDFVersion(kdfVers, true, false);
+		// assert CryptoHelper.isValidKDFVersion(kdfVers, true, false);
+        if ( ! CryptoHelper.isValidKDFVersion(kdfVers, true, false) ) {
+            String exm = "Invalid KDF version encountered. Value as" + kdfVers;
+            throw new EnterpriseSecurityRuntimeException(exm,
+                        "Possible tampering of KDF version #? " + exm);
+        }
 		int kdfInfo = kdfVers;
 		int macAlg = kdfPRFAsInt();
-		assert macAlg >= 0 && macAlg <= 15 : "MAC algorithm indicator must be between 0 to 15 inclusion; value is: " + macAlg;
-		
+		// assert macAlg >= 0 && macAlg <= 15 : "MAC algorithm indicator must be between 0 to 15 inclusion; value is: " + macAlg;
+		if ( macAlg < 0 || macAlg > 15 ) {
+            String exm = "Invalid specifier for MAC algorithm: " + macAlg;
+            throw new EnterpriseSecurityRuntimeException(exm,
+                        "Possible tampering of macAlg specifier? " + exm +
+                        "; value should be 0 <= macAlg <= 15.");
+        }
 	    // Make sure bit28 is cleared. (Reserved for future use.)
 	    kdfInfo &= ~unusedBit28;
 

From cc279ab5d3749c65261f4afededf36f16cb092d2 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 30 Jul 2017 20:56:16 -0400
Subject: [PATCH 433/812] Replace 3 assertions w/ explicit checks. Throw
 IllegalArgumentException on failure.

---
 src/main/java/org/owasp/esapi/crypto/CryptoHelper.java | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/crypto/CryptoHelper.java b/src/main/java/org/owasp/esapi/crypto/CryptoHelper.java
index 024150bda..f76308e56 100644
--- a/src/main/java/org/owasp/esapi/crypto/CryptoHelper.java
+++ b/src/main/java/org/owasp/esapi/crypto/CryptoHelper.java
@@ -56,9 +56,12 @@ public class CryptoHelper {
 	public static SecretKey generateSecretKey(String alg, int keySize)
 		throws EncryptionException
 	{
-		assert alg != null : "Algorithm must not be null.";			// NPE if null and assertions disabled.
-		assert !alg.equals("") : "Algorithm must not be empty";	// NoSuchAlgorithmExeption if empty & assertions disabled.
-		assert keySize > 0 : "Key size must be positive.";	// Usually should be even multiple of 8, but not strictly required by alg.
+		if ( alg == null || alg.equals("") ) {
+			throw new IllegalArgumentException("Algorithm must not be null or empty."); // Avoid later possibly ambiguous NPE.
+		}
+		if ( keySize <= 0 ) {
+			throw new IllegalArgumentException("Key size must be positive.");	// Usually should be an even multiple of 8, but not strictly required by alg.
+		}
 		// Don't use CipherSpec here to get algorithm as this may cause assertion
 		// to fail (when enabled) if only algorithm name is passed to us.
 		String[] cipherSpec = alg.split("/");

From ef4cb9db36ae5a02cd9fb0101a6ee604574c2cef Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 30 Jul 2017 20:57:38 -0400
Subject: [PATCH 434/812] Marked main() method as @Deprecated.

---
 .../esapi/reference/crypto/DefaultEncryptedProperties.java    | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/main/java/org/owasp/esapi/reference/crypto/DefaultEncryptedProperties.java b/src/main/java/org/owasp/esapi/reference/crypto/DefaultEncryptedProperties.java
index 4cc2faacb..af7b524dc 100644
--- a/src/main/java/org/owasp/esapi/reference/crypto/DefaultEncryptedProperties.java
+++ b/src/main/java/org/owasp/esapi/reference/crypto/DefaultEncryptedProperties.java
@@ -168,8 +168,10 @@ public void store(OutputStream out, String comments) throws IOException {
 	 * @throws Exception
 	 *             Any exception thrown
 	 * @deprecated Use {@code EncryptedPropertiesUtils} instead, which allows creating, reading,
-	 *			   and writing encrypted properties.
+	 *			   and writing encrypted properties. {@code main} method will be removed in a
+     *			   future release.
 	 */
+    @Deprecated
 	public static void main(String[] args) throws Exception {
 		File f = new File(args[0]);
 		ESAPI.getLogger( "EncryptedProperties.main" ).debug(Logger.SECURITY_SUCCESS, "Loading encrypted properties from " + f.getAbsolutePath() );

From 935922bb5c95a7e0e1d1b2311ecf12a887f7a151 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 30 Jul 2017 21:42:40 -0400
Subject: [PATCH 435/812] Replace Chris Schmidt's GPG signing key with Kevin
 Wall's.

---
 pom.xml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 40386fbf6..25b4cebff 100644
--- a/pom.xml
+++ b/pom.xml
@@ -523,7 +523,8 @@
                                     <goal>sign</goal>
                                 </goals>
                                 <configuration>
-                                    <keyname>9F460575</keyname>
+                                    <!-- Refers to Kevin Wall's GPG signing key. -->
+                                    <keyname>8A2A524F</keyname>
                                 </configuration>
                             </execution>
                         </executions>

From 5e4e201e8552f94785e02ecc0c33e7c8d24efee7 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 31 Jul 2017 22:21:05 -0400
Subject: [PATCH 436/812] Remove trailing tab on line 881.

---
 src/main/java/org/owasp/esapi/crypto/CipherText.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/org/owasp/esapi/crypto/CipherText.java b/src/main/java/org/owasp/esapi/crypto/CipherText.java
index b327d1a2f..15a0b4675 100644
--- a/src/main/java/org/owasp/esapi/crypto/CipherText.java
+++ b/src/main/java/org/owasp/esapi/crypto/CipherText.java
@@ -878,7 +878,7 @@ private void received(EnumSet<CipherTextFlags> ctSet) {
      */
 	public int getKDFInfo() {
 		final int unusedBit28 = 0x8000000;  // 1000000000000000000000000000
-	
+
 		// 		kdf version is bits 1-27, bit 28 (reserved) should be 0, and
 		//		bits 29-32 are the MAC algorithm indicating which PRF to use for the KDF.
 		int kdfVers = this.getKDFVersion();

From 660054db9a8a366dee499928108fc9239894e84a Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Tue, 1 Aug 2017 21:27:57 -0700
Subject: [PATCH 437/812] Issue #300 -- Solved the root problem, now have many
 unit tests to clean up.

---
 .../java/org/owasp/esapi/codecs/Codec.java    | 43 +++++++++++++++++--
 .../owasp/esapi/codecs/HTMLEntityCodec.java   | 36 ++++++++++++++++
 .../owasp/esapi/reference/EncoderTest.java    | 23 +++++++++-
 3 files changed, 98 insertions(+), 4 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/codecs/Codec.java b/src/main/java/org/owasp/esapi/codecs/Codec.java
index ec02a806a..b9f545e52 100644
--- a/src/main/java/org/owasp/esapi/codecs/Codec.java
+++ b/src/main/java/org/owasp/esapi/codecs/Codec.java
@@ -64,9 +64,15 @@ public Codec() {
 	 */
 	public String encode(char[] immune, String input) {
 		StringBuilder sb = new StringBuilder();
-		for (int i = 0; i < input.length(); i++) {
-			char c = input.charAt(i);
-			sb.append(encodeCharacter(immune, c));
+		for(int offset  = 0; offset < input.length(); ){
+			final int point = input.codePointAt(offset);
+			if(Character.isBmpCodePoint(point)){
+				//We can then safely cast this to char and maintain legacy behavior.
+				sb.append(encodeCharacter(immune, (char) point));
+			}else{
+				sb.append(encodeCharacter(immune, point));	
+			}
+			offset += Character.charCount(point);
 		}
 		return sb.toString();
 	}
@@ -83,6 +89,19 @@ public String encode(char[] immune, String input) {
 	public String encodeCharacter( char[] immune, Character c ) {
 		return ""+c;
 	}
+	
+	/**
+	 * Default codepoint implementation that should be overridden in specific codecs.
+	 * 
+	 * @param immune
+	 * @param codePoint
+	 * 		the integer to encode
+	 * @return
+	 * 		the encoded Character
+	 */
+	public String encodeCharacter( char[] immune, int codePoint ) {
+		return new StringBuilder().appendCodePoint(codePoint).toString();
+	}
 
 	/**
 	 * Decode a String that was encoded using the encode method in this Class
@@ -131,6 +150,19 @@ public static String getHexForNonAlphanumeric(char c)
 			return hex[c];
 		return toHex(c);
 	}
+	
+	/**
+	 * Lookup the hex value of any character that is not alphanumeric.
+	 * @param c The character to lookup.
+	 * @return, return null if alphanumeric or the character code
+	 * 	in hex.
+	 */
+	public static String getHexForNonAlphanumeric(int c)
+	{
+		if(c<0xFF)
+			return hex[c];
+		return toHex(c);
+	}
 
 	public static String toOctal(char c)
 	{
@@ -141,6 +173,11 @@ public static String toHex(char c)
 	{
 		return Integer.toHexString(c);
 	}
+	
+	public static String toHex(int c)
+	{
+		return Integer.toHexString(c);
+	}
 
 	/**
 	 * Utility to search a char[] for a specific char.
diff --git a/src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java b/src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java
index cd72dc79c..c9ad38ca1 100644
--- a/src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java
@@ -78,6 +78,42 @@ public String encodeCharacter( char[] immune, Character c ) {
 		return "&#x" + hex + ";";
 	}
 	
+	/**
+	 * {@inheritDoc}
+	 * 
+     * Encodes a Character for safe use in an HTML entity field.
+     * @param immune
+     */
+	public String encodeCharacter( char[] immune, int codePoint ) {
+
+		// check for immune characters
+//		if ( containsCharacter(codePoint, immune ) ) {
+//			return ""+codePoint;
+//		}
+		
+//		// check for alphanumeric characters
+		String hex = Codec.getHexForNonAlphanumeric(codePoint);
+//		if ( hex == null ) {
+//			return ""+c;
+//		}
+//		
+//		// check for illegal characters
+//		if ( ( c <= 0x1f && c != '\t' && c != '\n' && c != '\r' ) || ( c >= 0x7f && c <= 0x9f ) )
+//		{
+//			hex = REPLACEMENT_HEX;	// Let's entity encode this instead of returning it
+//			c = REPLACEMENT_CHAR;
+//		}
+//		
+//		// check if there's a defined entity
+//		String entityName = (String) characterToEntityMap.get(c);
+//		if (entityName != null) {
+//			return "&" + entityName + ";";
+//		}
+		
+		// return the hex entity as suggested in the spec
+		return "&#x" + hex + ";";
+	}
+	
 	/**
 	 * {@inheritDoc}
 	 * 
diff --git a/src/test/java/org/owasp/esapi/reference/EncoderTest.java b/src/test/java/org/owasp/esapi/reference/EncoderTest.java
index 45702ced4..896a93661 100644
--- a/src/test/java/org/owasp/esapi/reference/EncoderTest.java
+++ b/src/test/java/org/owasp/esapi/reference/EncoderTest.java
@@ -32,6 +32,7 @@
 import org.owasp.esapi.EncoderConstants;
 import org.owasp.esapi.codecs.Base64;
 import org.owasp.esapi.codecs.Codec;
+import org.owasp.esapi.codecs.HTMLEntityCodec;
 import org.owasp.esapi.codecs.MySQLCodec;
 import org.owasp.esapi.codecs.OracleCodec;
 import org.owasp.esapi.codecs.PushbackString;
@@ -902,7 +903,27 @@ public void testGetCanonicalizedUriWithMailto() throws Exception {
     	URI uri = new URI(input);
     	System.out.println(uri.toString());
     	assertEquals(expectedUri, e.getCanonicalizedURI(uri));
-    	
+    }
+    
+    public void testHtmlEncodeStrSurrogatePair()
+    {
+    	Encoder enc = ESAPI.encoder();
+        String inStr = new String (new int[]{0x2f804}, 0, 1);
+        assertEquals(false, Character.isBmpCodePoint(inStr.codePointAt(0)));
+        assertEquals(true, Character.isBmpCodePoint(new String(new int[] {0x0a}, 0, 1).codePointAt(0)));
+        String expected = "&#x2f804;";
+        String result;
+
+        result = enc.encodeForHTML(inStr);
+        assertEquals(expected, result);
+    }
+    
+    public void testHtmlDecodeHexEntititesSurrogatePair()
+    {
+    	HTMLEntityCodec htmlCodec = new HTMLEntityCodec();
+        String expected = new String (new int[]{0x2f804}, 0, 1);
+        assertEquals( expected, htmlCodec.decode("&#194564;") );
+        assertEquals( expected, htmlCodec.decode("&#x2f804;") );
     }
 }
 

From 45b3d1680bf90133f1ac6fc2addafe9c5855de98 Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Tue, 1 Aug 2017 23:00:10 -0700
Subject: [PATCH 438/812] Issue #300 -- Fixed most unit tests.  chars are NOT
 autoboxed to Characters, make sure we update documentation!

---
 .../java/org/owasp/esapi/PreparedString.java  |   1 +
 .../org/owasp/esapi/codecs/AbstractCodec.java | 173 ++++++++++++++++++
 .../java/org/owasp/esapi/codecs/CSSCodec.java |   4 +-
 .../java/org/owasp/esapi/codecs/Codec.java    | 104 ++---------
 .../java/org/owasp/esapi/codecs/DB2Codec.java |   2 +-
 .../owasp/esapi/codecs/HTMLEntityCodec.java   |   6 +-
 .../owasp/esapi/codecs/JavaScriptCodec.java   |   4 +-
 .../org/owasp/esapi/codecs/MySQLCodec.java    |   4 +-
 .../org/owasp/esapi/codecs/OracleCodec.java   |   2 +-
 .../org/owasp/esapi/codecs/PercentCodec.java  |   2 +-
 .../org/owasp/esapi/codecs/UnixCodec.java     |   4 +-
 .../org/owasp/esapi/codecs/VBScriptCodec.java |   4 +-
 .../org/owasp/esapi/codecs/WindowsCodec.java  |   4 +-
 .../owasp/esapi/codecs/XMLEntityCodec.java    |   2 +-
 .../org/owasp/esapi/PreparedStringTest.java   |   1 +
 ...{CodecTest.java => AbstractCodecTest.java} |  38 ++--
 .../owasp/esapi/codecs/CodecImmunityTest.java |   4 +-
 .../owasp/esapi/reference/RandomizerTest.java |   2 +-
 18 files changed, 228 insertions(+), 133 deletions(-)
 create mode 100644 src/main/java/org/owasp/esapi/codecs/AbstractCodec.java
 rename src/test/java/org/owasp/esapi/codecs/{CodecTest.java => AbstractCodecTest.java} (96%)

diff --git a/src/main/java/org/owasp/esapi/PreparedString.java b/src/main/java/org/owasp/esapi/PreparedString.java
index 3dccff055..176421347 100644
--- a/src/main/java/org/owasp/esapi/PreparedString.java
+++ b/src/main/java/org/owasp/esapi/PreparedString.java
@@ -16,6 +16,7 @@
 package org.owasp.esapi;
 
 import java.util.ArrayList;
+
 import org.owasp.esapi.codecs.Codec;
 import org.owasp.esapi.codecs.HTMLEntityCodec;
 
diff --git a/src/main/java/org/owasp/esapi/codecs/AbstractCodec.java b/src/main/java/org/owasp/esapi/codecs/AbstractCodec.java
new file mode 100644
index 000000000..11d33f8a8
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/codecs/AbstractCodec.java
@@ -0,0 +1,173 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.codecs;
+
+
+/**
+ * The Codec interface defines a set of methods for encoding and decoding application level encoding schemes,
+ * such as HTML entity encoding and percent encoding (aka URL encoding). Codecs are used in output encoding
+ * and canonicalization.  The design of these codecs allows for character-by-character decoding, which is
+ * necessary to detect double-encoding and the use of multiple encoding schemes, both of which are techniques
+ * used by attackers to bypass validation and bury encoded attacks in data.
+ * 
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ * @see org.owasp.esapi.Encoder
+ */
+public abstract class AbstractCodec implements Codec {
+
+	/**
+	 * Initialize an array to mark which characters are to be encoded. Store the hex
+	 * string for that character to save time later. If the character shouldn't be
+	 * encoded, then store null.
+	 */
+	private final String[] hex = new String[256];
+
+	/**
+	 * Default constructor
+	 */
+	public AbstractCodec() {
+		for ( char c = 0; c < 0xFF; c++ ) {
+			if ( c >= 0x30 && c <= 0x39 || c >= 0x41 && c <= 0x5A || c >= 0x61 && c <= 0x7A ) {
+				hex[c] = null;
+			} else {
+				hex[c] = toHex(c).intern();
+			}
+		}
+	}
+
+	/* (non-Javadoc)
+	 * @see org.owasp.esapi.codecs.Codec#encode(char[], java.lang.String)
+	 */
+	@Override
+	public String encode(char[] immune, String input) {
+		StringBuilder sb = new StringBuilder();
+		for(int offset  = 0; offset < input.length(); ){
+			final int point = input.codePointAt(offset);
+			if(Character.isBmpCodePoint(point)){
+				//We can then safely cast this to char and maintain legacy behavior.
+				sb.append(encodeCharacter(immune, new Character((char) point)));
+			}else{
+				sb.append(encodeCharacter(immune, point));	
+			}
+			offset += Character.charCount(point);
+		}
+		return sb.toString();
+	}
+
+	/**
+	 * WARNING!!!!  Passing a standard char to this method will resolve to the 
+	 * @{code public String encodeCharacter( char[] immune, int codePoint )} method
+	 * instead of this one!!!  YOU HAVE BEEN WARNED!!!!
+	 * 
+	 * @{Inherit}
+	 */
+	@Override
+	public String encodeCharacter( char[] immune, Character c ) {
+		return ""+c;
+	}
+	
+	/* (non-Javadoc)
+	 * @see org.owasp.esapi.codecs.Codec#encodeCharacter(char[], int)
+	 */
+	@Override
+	public String encodeCharacter( char[] immune, int codePoint ) {
+		return new StringBuilder().appendCodePoint(codePoint).toString();
+	}
+
+	/* (non-Javadoc)
+	 * @see org.owasp.esapi.codecs.Codec#decode(java.lang.String)
+	 */
+	@Override
+	public String decode(String input) {
+		StringBuilder sb = new StringBuilder();
+		PushbackString pbs = new PushbackString(input);
+		while (pbs.hasNext()) {
+			Character c = decodeCharacter(pbs);
+			if (c != null) {
+				sb.append(c);
+			} else {
+				sb.append(pbs.next());
+			}
+		}
+		return sb.toString();
+	}
+
+	/* (non-Javadoc)
+	 * @see org.owasp.esapi.codecs.Codec#decodeCharacter(org.owasp.esapi.codecs.PushbackString)
+	 */
+	@Override
+	public Character decodeCharacter( PushbackString input ) {
+		return input.next();
+	}
+
+	/**
+	 * Lookup the hex value of any character that is not alphanumeric.
+	 * @param c The character to lookup.
+	 * @return, return null if alphanumeric or the character code
+	 * 	in hex.
+	 */
+	public String getHexForNonAlphanumeric(char c)
+	{
+		if(c<0xFF)
+			return hex[c];
+		return toHex(c);
+	}
+	
+	/**
+	 * Lookup the hex value of any character that is not alphanumeric.
+	 * @param c The character to lookup.
+	 * @return, return null if alphanumeric or the character code
+	 * 	in hex.
+	 */
+	public String getHexForNonAlphanumeric(int c)
+	{
+		if(c<0xFF)
+			return hex[c];
+		return toHex(c);
+	}
+
+	public String toOctal(char c)
+	{
+		return Integer.toOctalString(c);
+	}
+
+	public String toHex(char c)
+	{
+		return Integer.toHexString(c);
+	}
+	
+	public String toHex(int c)
+	{
+		return Integer.toHexString(c);
+	}
+
+	/**
+	 * Utility to search a char[] for a specific char.
+	 * 
+	 * @param c
+	 * @param array
+	 * @return
+	 */
+	public boolean containsCharacter( char c, char[] array ) {
+		for (char ch : array) {
+			if (c == ch) return true;
+		}
+		return false;
+	}
+
+}
diff --git a/src/main/java/org/owasp/esapi/codecs/CSSCodec.java b/src/main/java/org/owasp/esapi/codecs/CSSCodec.java
index cee77ccaf..a44cebeed 100644
--- a/src/main/java/org/owasp/esapi/codecs/CSSCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/CSSCodec.java
@@ -23,7 +23,7 @@
  * @since June 1, 2007
  * @see org.owasp.esapi.Encoder
  */
-public class CSSCodec extends Codec
+public class CSSCodec extends AbstractCodec
 {
 	private static final Character REPLACEMENT = '\ufffd';
 
@@ -42,7 +42,7 @@ public String encodeCharacter(char[] immune, Character c) {
 		}
 		
 		// check for alphanumeric characters
-		String hex = Codec.getHexForNonAlphanumeric(c);
+		String hex = super.getHexForNonAlphanumeric(c);
 		if ( hex == null ) {
 			return ""+c;
 		}
diff --git a/src/main/java/org/owasp/esapi/codecs/Codec.java b/src/main/java/org/owasp/esapi/codecs/Codec.java
index b9f545e52..3f7cd2554 100644
--- a/src/main/java/org/owasp/esapi/codecs/Codec.java
+++ b/src/main/java/org/owasp/esapi/codecs/Codec.java
@@ -28,32 +28,7 @@
  * @since June 1, 2007
  * @see org.owasp.esapi.Encoder
  */
-public abstract class Codec {
-
-	/**
-	 * Initialize an array to mark which characters are to be encoded. Store the hex
-	 * string for that character to save time later. If the character shouldn't be
-	 * encoded, then store null.
-	 */
-	private static final String[] hex = new String[256];
-
-	static {
-		for ( char c = 0; c < 0xFF; c++ ) {
-			if ( c >= 0x30 && c <= 0x39 || c >= 0x41 && c <= 0x5A || c >= 0x61 && c <= 0x7A ) {
-				hex[c] = null;
-			} else {
-				hex[c] = toHex(c).intern();
-			}
-		}
-	}
-
-
-	/**
-	 * Default constructor
-	 */
-	public Codec() {
-	}
-
+public interface Codec {
 	/**
 	 * Encode a String so that it can be safely used in a specific context.
 	 * 
@@ -62,20 +37,7 @@ public Codec() {
 	 * 		the String to encode
 	 * @return the encoded String
 	 */
-	public String encode(char[] immune, String input) {
-		StringBuilder sb = new StringBuilder();
-		for(int offset  = 0; offset < input.length(); ){
-			final int point = input.codePointAt(offset);
-			if(Character.isBmpCodePoint(point)){
-				//We can then safely cast this to char and maintain legacy behavior.
-				sb.append(encodeCharacter(immune, (char) point));
-			}else{
-				sb.append(encodeCharacter(immune, point));	
-			}
-			offset += Character.charCount(point);
-		}
-		return sb.toString();
-	}
+	public String encode(char[] immune, String input);
 
 	/**
 	 * Default implementation that should be overridden in specific codecs.
@@ -86,9 +48,7 @@ public String encode(char[] immune, String input) {
 	 * @return
 	 * 		the encoded Character
 	 */
-	public String encodeCharacter( char[] immune, Character c ) {
-		return ""+c;
-	}
+	public String encodeCharacter( char[] immune, Character c );
 	
 	/**
 	 * Default codepoint implementation that should be overridden in specific codecs.
@@ -99,9 +59,7 @@ public String encodeCharacter( char[] immune, Character c ) {
 	 * @return
 	 * 		the encoded Character
 	 */
-	public String encodeCharacter( char[] immune, int codePoint ) {
-		return new StringBuilder().appendCodePoint(codePoint).toString();
-	}
+	public String encodeCharacter( char[] immune, int codePoint );
 
 	/**
 	 * Decode a String that was encoded using the encode method in this Class
@@ -111,19 +69,7 @@ public String encodeCharacter( char[] immune, int codePoint ) {
 	 * @return
 	 *		the decoded String
 	 */
-	public String decode(String input) {
-		StringBuilder sb = new StringBuilder();
-		PushbackString pbs = new PushbackString(input);
-		while (pbs.hasNext()) {
-			Character c = decodeCharacter(pbs);
-			if (c != null) {
-				sb.append(c);
-			} else {
-				sb.append(pbs.next());
-			}
-		}
-		return sb.toString();
-	}
+	public String decode(String input);
 
 	/**
 	 * Returns the decoded version of the next character from the input string and advances the
@@ -134,9 +80,7 @@ public String decode(String input) {
 	 * 
 	 * @return the decoded Character
 	 */
-	public Character decodeCharacter( PushbackString input ) {
-		return input.next();
-	}
+	public Character decodeCharacter( PushbackString input );
 
 	/**
 	 * Lookup the hex value of any character that is not alphanumeric.
@@ -144,12 +88,7 @@ public Character decodeCharacter( PushbackString input ) {
 	 * @return, return null if alphanumeric or the character code
 	 * 	in hex.
 	 */
-	public static String getHexForNonAlphanumeric(char c)
-	{
-		if(c<0xFF)
-			return hex[c];
-		return toHex(c);
-	}
+	public String getHexForNonAlphanumeric(char c);
 	
 	/**
 	 * Lookup the hex value of any character that is not alphanumeric.
@@ -157,27 +96,13 @@ public static String getHexForNonAlphanumeric(char c)
 	 * @return, return null if alphanumeric or the character code
 	 * 	in hex.
 	 */
-	public static String getHexForNonAlphanumeric(int c)
-	{
-		if(c<0xFF)
-			return hex[c];
-		return toHex(c);
-	}
+	public String getHexForNonAlphanumeric(int c);
 
-	public static String toOctal(char c)
-	{
-		return Integer.toOctalString(c);
-	}
+	public String toOctal(char c);
 
-	public static String toHex(char c)
-	{
-		return Integer.toHexString(c);
-	}
+	public String toHex(char c);
 	
-	public static String toHex(int c)
-	{
-		return Integer.toHexString(c);
-	}
+	public String toHex(int c);
 
 	/**
 	 * Utility to search a char[] for a specific char.
@@ -186,11 +111,6 @@ public static String toHex(int c)
 	 * @param array
 	 * @return
 	 */
-	public static boolean containsCharacter( char c, char[] array ) {
-		for (char ch : array) {
-			if (c == ch) return true;
-		}
-		return false;
-	}
+	public boolean containsCharacter( char c, char[] array );
 
 }
diff --git a/src/main/java/org/owasp/esapi/codecs/DB2Codec.java b/src/main/java/org/owasp/esapi/codecs/DB2Codec.java
index 4ff63ea1a..236bed78e 100644
--- a/src/main/java/org/owasp/esapi/codecs/DB2Codec.java
+++ b/src/main/java/org/owasp/esapi/codecs/DB2Codec.java
@@ -20,7 +20,7 @@
  * @since October 26, 2010
  * @see org.owasp.esapi.Encoder
  */
-public class DB2Codec extends Codec {
+public class DB2Codec extends AbstractCodec {
 
 	public String encodeCharacter(char[] immune, Character c) {
 
diff --git a/src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java b/src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java
index c9ad38ca1..e3892d2f8 100644
--- a/src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java
@@ -27,7 +27,7 @@
  * @since June 1, 2007
  * @see org.owasp.esapi.Encoder
  */
-public class HTMLEntityCodec extends Codec
+public class HTMLEntityCodec extends AbstractCodec
 {
 	private static final char REPLACEMENT_CHAR = '\ufffd';
 	private static final String REPLACEMENT_HEX = "fffd";
@@ -56,7 +56,7 @@ public String encodeCharacter( char[] immune, Character c ) {
 		}
 		
 		// check for alphanumeric characters
-		String hex = Codec.getHexForNonAlphanumeric(c);
+		String hex = super.getHexForNonAlphanumeric(c);
 		if ( hex == null ) {
 			return ""+c;
 		}
@@ -92,7 +92,7 @@ public String encodeCharacter( char[] immune, int codePoint ) {
 //		}
 		
 //		// check for alphanumeric characters
-		String hex = Codec.getHexForNonAlphanumeric(codePoint);
+		String hex = super.getHexForNonAlphanumeric(codePoint);
 //		if ( hex == null ) {
 //			return ""+c;
 //		}
diff --git a/src/main/java/org/owasp/esapi/codecs/JavaScriptCodec.java b/src/main/java/org/owasp/esapi/codecs/JavaScriptCodec.java
index 7980155e1..98c38c7b2 100644
--- a/src/main/java/org/owasp/esapi/codecs/JavaScriptCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/JavaScriptCodec.java
@@ -24,7 +24,7 @@
  * @since June 1, 2007
  * @see org.owasp.esapi.Encoder
  */
-public class JavaScriptCodec extends Codec {
+public class JavaScriptCodec extends AbstractCodec {
 
 
 	/**
@@ -45,7 +45,7 @@ public String encodeCharacter( char[] immune, Character c ) {
 		}
 		
 		// check for alphanumeric characters
-		String hex = Codec.getHexForNonAlphanumeric(c);
+		String hex = super.getHexForNonAlphanumeric(c);
 		if ( hex == null ) {
 			return ""+c;
 		}
diff --git a/src/main/java/org/owasp/esapi/codecs/MySQLCodec.java b/src/main/java/org/owasp/esapi/codecs/MySQLCodec.java
index 7d2aacbaa..e43f13ca2 100644
--- a/src/main/java/org/owasp/esapi/codecs/MySQLCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/MySQLCodec.java
@@ -26,7 +26,7 @@
  * @since June 1, 2007
  * @see org.owasp.esapi.Encoder
  */
-public class MySQLCodec extends Codec {
+public class MySQLCodec extends AbstractCodec {
     /**
      * Specifies the SQL Mode the target MySQL Server is running with. For details about MySQL Server Modes
      * please see the Manual at {@link http://dev.mysql.com/doc/refman/5.0/en/server-sql-mode.html#sqlmode_ansi}
@@ -95,7 +95,7 @@ public String encodeCharacter( char[] immune, Character c ) {
 		}
 		
 		// check for alphanumeric characters
-		String hex = Codec.getHexForNonAlphanumeric( ch );
+		String hex = super.getHexForNonAlphanumeric( ch );
 		if ( hex == null ) {
 			return ""+ch;
 		}
diff --git a/src/main/java/org/owasp/esapi/codecs/OracleCodec.java b/src/main/java/org/owasp/esapi/codecs/OracleCodec.java
index 540920d24..06cca0609 100644
--- a/src/main/java/org/owasp/esapi/codecs/OracleCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/OracleCodec.java
@@ -30,7 +30,7 @@
  * @since June 1, 2007
  * @see org.owasp.esapi.Encoder
  */
-public class OracleCodec extends Codec {
+public class OracleCodec extends AbstractCodec {
 
 
 	/**
diff --git a/src/main/java/org/owasp/esapi/codecs/PercentCodec.java b/src/main/java/org/owasp/esapi/codecs/PercentCodec.java
index 42e1d040e..ed7e65dd8 100644
--- a/src/main/java/org/owasp/esapi/codecs/PercentCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/PercentCodec.java
@@ -28,7 +28,7 @@
  * @since June 1, 2007
  * @see org.owasp.esapi.Encoder
  */
-public class PercentCodec extends Codec
+public class PercentCodec extends AbstractCodec
 {
 	private static final String ALPHA_NUMERIC_STR = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
 	@SuppressWarnings("unused")
diff --git a/src/main/java/org/owasp/esapi/codecs/UnixCodec.java b/src/main/java/org/owasp/esapi/codecs/UnixCodec.java
index 489cf073b..3381e82f0 100644
--- a/src/main/java/org/owasp/esapi/codecs/UnixCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/UnixCodec.java
@@ -24,7 +24,7 @@
  * @since June 1, 2007
  * @see org.owasp.esapi.Encoder
  */
-public class UnixCodec extends Codec {
+public class UnixCodec extends AbstractCodec {
 
 	/**
 	 * {@inheritDoc}
@@ -42,7 +42,7 @@ public String encodeCharacter( char[] immune, Character c ) {
 		}
 		
 		// check for alphanumeric characters
-		String hex = Codec.getHexForNonAlphanumeric( ch );
+		String hex = super.getHexForNonAlphanumeric( ch );
 		if ( hex == null ) {
 			return ""+ch;
 		}
diff --git a/src/main/java/org/owasp/esapi/codecs/VBScriptCodec.java b/src/main/java/org/owasp/esapi/codecs/VBScriptCodec.java
index 31442127a..85ce820e9 100644
--- a/src/main/java/org/owasp/esapi/codecs/VBScriptCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/VBScriptCodec.java
@@ -26,7 +26,7 @@
  * @since June 1, 2007
  * @see org.owasp.esapi.Encoder
  */
-public class VBScriptCodec extends Codec {
+public class VBScriptCodec extends AbstractCodec {
 
 	/**
 	 * Encode a String so that it can be safely used in a specific context.
@@ -78,7 +78,7 @@ public String encodeCharacter( char[] immune, Character c ) {
 		}
 		
 		// check for alphanumeric characters
-		String hex = Codec.getHexForNonAlphanumeric( ch );
+		String hex = super.getHexForNonAlphanumeric( ch );
 		if ( hex == null ) {
 			return ""+ch;
 		}
diff --git a/src/main/java/org/owasp/esapi/codecs/WindowsCodec.java b/src/main/java/org/owasp/esapi/codecs/WindowsCodec.java
index f7abb3a4b..bcc53f626 100644
--- a/src/main/java/org/owasp/esapi/codecs/WindowsCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/WindowsCodec.java
@@ -24,7 +24,7 @@
  * @since June 1, 2007
  * @see org.owasp.esapi.Encoder
  */
-public class WindowsCodec extends Codec {
+public class WindowsCodec extends AbstractCodec {
 
 	
 	/**
@@ -43,7 +43,7 @@ public String encodeCharacter( char[] immune, Character c ) {
 		}
 		
 		// check for alphanumeric characters
-		String hex = Codec.getHexForNonAlphanumeric( ch );
+		String hex = super.getHexForNonAlphanumeric( ch );
 		if ( hex == null ) {
 			return ""+ch;
 		}
diff --git a/src/main/java/org/owasp/esapi/codecs/XMLEntityCodec.java b/src/main/java/org/owasp/esapi/codecs/XMLEntityCodec.java
index e248392ac..25b4ffbc4 100644
--- a/src/main/java/org/owasp/esapi/codecs/XMLEntityCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/XMLEntityCodec.java
@@ -41,7 +41,7 @@
  * of knowing about. Decoding is included for completeness but it's use
  * is not recommended. Use a XML parser instead!
  */
-public class XMLEntityCodec extends Codec
+public class XMLEntityCodec extends AbstractCodec
 {
 	private static final String ALPHA_NUMERIC_STR = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
 	private static final String UNENCODED_STR = ALPHA_NUMERIC_STR + " \t";
diff --git a/src/test/java/org/owasp/esapi/PreparedStringTest.java b/src/test/java/org/owasp/esapi/PreparedStringTest.java
index b288c1325..c3ddf8ece 100644
--- a/src/test/java/org/owasp/esapi/PreparedStringTest.java
+++ b/src/test/java/org/owasp/esapi/PreparedStringTest.java
@@ -17,6 +17,7 @@
 package org.owasp.esapi;
 
 import junit.framework.TestCase;
+
 import org.owasp.esapi.codecs.Codec;
 import org.owasp.esapi.codecs.HTMLEntityCodec;
 
diff --git a/src/test/java/org/owasp/esapi/codecs/CodecTest.java b/src/test/java/org/owasp/esapi/codecs/AbstractCodecTest.java
similarity index 96%
rename from src/test/java/org/owasp/esapi/codecs/CodecTest.java
rename to src/test/java/org/owasp/esapi/codecs/AbstractCodecTest.java
index 8a7a225ba..1472e5dfb 100644
--- a/src/test/java/org/owasp/esapi/codecs/CodecTest.java
+++ b/src/test/java/org/owasp/esapi/codecs/AbstractCodecTest.java
@@ -26,7 +26,7 @@
  *         href="http://www.aspectsecurity.com">Aspect Security</a>
  * @since June 1, 2007
  */
-public class CodecTest extends TestCase {
+public class AbstractCodecTest extends TestCase {
 
     private static final char[] EMPTY_CHAR_ARRAY = new char[0];
     private static final Character LESS_THAN = Character.valueOf('<');
@@ -48,7 +48,7 @@ public class CodecTest extends TestCase {
      * @param testName
      *            the test name
      */
-    public CodecTest(String testName) {
+    public AbstractCodecTest(String testName) {
         super(testName);
     }
 
@@ -74,7 +74,7 @@ protected void tearDown() throws Exception {
      * @return the test
      */
     public static Test suite() {
-        TestSuite suite = new TestSuite(CodecTest.class);
+        TestSuite suite = new TestSuite(AbstractCodecTest.class);
         return suite;
     }
 
@@ -142,7 +142,7 @@ public void testHtmlEncodeChar()
 
 	public void testHtmlEncodeChar0x100()
 	{
-		char in = 0x100;
+		Character in = 0x100;
 		String inStr = Character.toString(in);
 		String expected = "&#x100;";
 		String result;
@@ -156,7 +156,7 @@ public void testHtmlEncodeChar0x100()
 
 	public void testHtmlEncodeStr0x100()
 	{
-		char in = 0x100;
+		Character in = 0x100;
 		String inStr = Character.toString(in);
 		String expected = "&#x100;";
 		String result;
@@ -175,7 +175,7 @@ public void testPercentEncodeChar()
 
 	public void testPercentEncodeChar0x100()
 	{
-		char in = 0x100;
+		Character in = 0x100;
 		String inStr = Character.toString(in);
 		String expected = "%C4%80";
 		String result;
@@ -189,7 +189,7 @@ public void testPercentEncodeChar0x100()
 
 	public void testPercentEncodeStr0x100()
 	{
-		char in = 0x100;
+		Character in = 0x100;
 		String inStr = Character.toString(in);
 		String expected = "%C4%80";
 		String result;
@@ -208,7 +208,7 @@ public void testJavaScriptEncodeChar()
 
 	public void testJavaScriptEncodeChar0x100()
 	{
-		char in = 0x100;
+		Character in = 0x100;
 		String inStr = Character.toString(in);
 		String expected = "\\u0100";
 		String result;
@@ -221,7 +221,7 @@ public void testJavaScriptEncodeChar0x100()
 
 	public void testJavaScriptEncodeStr0x100()
 	{
-		char in = 0x100;
+		Character in = 0x100;
 		String inStr = Character.toString(in);
 		String expected = "\\u0100";
 		String result;
@@ -239,7 +239,7 @@ public void testVBScriptEncodeChar()
 
 	public void testVBScriptEncodeChar0x100()
 	{
-		char in = 0x100;
+		Character in = 0x100;
 		String inStr = Character.toString(in);
 		// FIXME I don't know vb...
 		// String expected = "\\u0100";
@@ -253,7 +253,7 @@ public void testVBScriptEncodeChar0x100()
 
 	public void testVBScriptEncodeStr0x100()
 	{
-		char in = 0x100;
+		Character in = 0x100;
 		String inStr = Character.toString(in);
 		// FIXME I don't know vb...
 		// String expected = "chrw(0x100)";
@@ -272,7 +272,7 @@ public void testCSSEncodeChar()
 
 	public void testCSSEncodeChar0x100()
 	{
-		char in = 0x100;
+		Character in = 0x100;
 		String inStr = Character.toString(in);
 		String expected = "\\100 ";
 		String result;
@@ -285,7 +285,7 @@ public void testCSSEncodeChar0x100()
 
 	public void testCSSEncodeStr0x100()
 	{
-		char in = 0x100;
+		Character in = 0x100;
 		String inStr = Character.toString(in);
 		String expected = "\\100 ";
 		String result;
@@ -303,7 +303,7 @@ public void testMySQLANSIEncodeChar()
 
 	public void testMySQLStandardEncodeChar0x100()
 	{
-		char in = 0x100;
+		Character in = 0x100;
 		String inStr = Character.toString(in);
 		String expected = "\\" + in;
 		String result;
@@ -316,7 +316,7 @@ public void testMySQLStandardEncodeChar0x100()
 
 	public void testMySQLStandardEncodeStr0x100()
 	{
-		char in = 0x100;
+		Character in = 0x100;
 		String inStr = Character.toString(in);
 		String expected = "\\" + in;
 		String result;
@@ -344,7 +344,7 @@ public void testUnixEncodeChar()
 
 	public void testUnixEncodeChar0x100()
 	{
-		char in = 0x100;
+		Character in = 0x100;
 		String inStr = Character.toString(in);
 		String expected = "\\" + in;
 		String result;
@@ -357,7 +357,7 @@ public void testUnixEncodeChar0x100()
 
 	public void testUnixEncodeStr0x100()
 	{
-		char in = 0x100;
+		Character in = 0x100;
 		String inStr = Character.toString(in);
 		String expected = "\\" + in;
 		String result;
@@ -375,7 +375,7 @@ public void testWindowsEncodeChar()
 
 	public void testWindowsEncodeChar0x100()
 	{
-		char in = 0x100;
+		Character in = 0x100;
 		String inStr = Character.toString(in);
 		String expected = "^" + in;
 		String result;
@@ -388,7 +388,7 @@ public void testWindowsEncodeChar0x100()
 
 	public void testWindowsEncodeStr0x100()
 	{
-		char in = 0x100;
+		Character in = 0x100;
 		String inStr = Character.toString(in);
 		String expected = "^" + in;
 		String result;
diff --git a/src/test/java/org/owasp/esapi/codecs/CodecImmunityTest.java b/src/test/java/org/owasp/esapi/codecs/CodecImmunityTest.java
index 7d35dc168..9a3b8806f 100644
--- a/src/test/java/org/owasp/esapi/codecs/CodecImmunityTest.java
+++ b/src/test/java/org/owasp/esapi/codecs/CodecImmunityTest.java
@@ -43,7 +43,7 @@ public class CodecImmunityTest {
 
     @Parameters(name = "{0}")
     public static Collection<Object[]> getParams() {
-        Collection<Codec> knownCodecs = new ArrayList<Codec>();
+        Collection<AbstractCodec> knownCodecs = new ArrayList<AbstractCodec>();
         knownCodecs.add(new CSSCodec());
         knownCodecs.add(new DB2Codec());
         knownCodecs.add(new HTMLEntityCodec());
@@ -99,7 +99,7 @@ private static Collection<Object[]> buildImmunitiyValidation(Codec codec, char[]
         return params;
     }
 
-    private static Collection<Object[]> fullCharacterCodecValidation(Collection<Codec> codecs) {
+    private static Collection<Object[]> fullCharacterCodecValidation(Collection<AbstractCodec> codecs) {
         char[] holyCowTesting = StringUtilities.union(EncoderConstants.CHAR_ALPHANUMERICS, EncoderConstants.CHAR_SPECIALS); 
         Collection<Object[]> params = new ArrayList<Object[]>();
         for (Codec codec: codecs) {
diff --git a/src/test/java/org/owasp/esapi/reference/RandomizerTest.java b/src/test/java/org/owasp/esapi/reference/RandomizerTest.java
index b73a0241d..32dc9bd1f 100644
--- a/src/test/java/org/owasp/esapi/reference/RandomizerTest.java
+++ b/src/test/java/org/owasp/esapi/reference/RandomizerTest.java
@@ -26,7 +26,7 @@
 import org.owasp.esapi.ESAPI;
 import org.owasp.esapi.EncoderConstants;
 import org.owasp.esapi.Randomizer;
-import org.owasp.esapi.codecs.Codec;
+import org.owasp.esapi.codecs.AbstractCodec;
 import org.owasp.esapi.errors.EncryptionException;
 
 /**

From ca044492e3678f38323cd1c89c39dbfeed920a74 Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Fri, 4 Aug 2017 15:40:50 -0700
Subject: [PATCH 439/812] Issue #300 -- Refactored PushbackString into a more
 generic class, and created a new Integer based impl to support codePoints. 
 Refactored PusbhbackString to also use the same interface.

---
 .../codecs/AbstractPushbackSequence.java      |  47 +++
 .../esapi/codecs/PushBackSequenceImpl.java    | 137 +++++++++
 .../owasp/esapi/codecs/PushbackSequence.java  |  64 +++++
 .../owasp/esapi/codecs/PushbackString.java    | 272 ++++++++++--------
 .../esapi/codecs/PushBackStringTest.java      |  41 +++
 5 files changed, 434 insertions(+), 127 deletions(-)
 create mode 100644 src/main/java/org/owasp/esapi/codecs/AbstractPushbackSequence.java
 create mode 100644 src/main/java/org/owasp/esapi/codecs/PushBackSequenceImpl.java
 create mode 100644 src/main/java/org/owasp/esapi/codecs/PushbackSequence.java
 create mode 100644 src/test/java/org/owasp/esapi/codecs/PushBackStringTest.java

diff --git a/src/main/java/org/owasp/esapi/codecs/AbstractPushbackSequence.java b/src/main/java/org/owasp/esapi/codecs/AbstractPushbackSequence.java
new file mode 100644
index 000000000..ee35478c3
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/codecs/AbstractPushbackSequence.java
@@ -0,0 +1,47 @@
+package org.owasp.esapi.codecs;
+
+public abstract class AbstractPushbackSequence<T> implements PushbackSequence<T> {
+	protected String input;
+	protected T pushback;
+	protected T temp;
+	protected int index = 0;
+	protected int mark = 0;
+
+	public AbstractPushbackSequence(String input) {
+		this.input = input;
+	}
+
+	/**
+	 *
+	 * @param c
+	 */
+	public void pushback(T c) {
+		pushback = c;
+	}
+
+	/**
+	 * Get the current index of the PushbackString. Typically used in error
+	 * messages.
+	 * 
+	 * @return The current index of the PushbackString.
+	 */
+	public int index() {
+		return index;
+	}
+
+	/**
+	 *
+	 * @return
+	 */
+	public boolean hasNext() {
+		if (pushback != null)
+			return true;
+		if (input == null)
+			return false;
+		if (input.length() == 0)
+			return false;
+		if (index >= input.length())
+			return false;
+		return true;
+	}
+}
diff --git a/src/main/java/org/owasp/esapi/codecs/PushBackSequenceImpl.java b/src/main/java/org/owasp/esapi/codecs/PushBackSequenceImpl.java
new file mode 100644
index 000000000..ea31e88d6
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/codecs/PushBackSequenceImpl.java
@@ -0,0 +1,137 @@
+package org.owasp.esapi.codecs;
+
+
+/**
+ * The pushback string is used by Codecs to allow them to push decoded characters back onto a string
+ * for further decoding. This is necessary to detect double-encoding.
+ * 
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ * @see org.owasp.esapi.Encoder
+ */
+public class PushBackSequenceImpl extends AbstractPushbackSequence<Integer>{
+    /**
+     *
+     * @param input
+     */
+    public PushBackSequenceImpl( String input ) {
+		super(input);
+	}
+	
+    /**
+     *
+     * @return
+     */
+    public Integer next() {
+		if ( pushback != null ) {
+			Integer save = pushback;
+			pushback = null;
+			return save;
+		}
+		if ( input == null ) return null;
+		if ( input.length() == 0 ) return null;
+		if ( index >= input.length() ) return null;
+		final Integer point = input.codePointAt(index);
+		index += Character.charCount(point);
+		return point;
+	}
+	
+    /**
+    *
+    * @return
+    */
+   public Integer nextHex() {
+		Integer c = next();
+		if ( c == null ) return null;
+		if ( isHexDigit( c ) ) return c;
+		return null;
+	}
+
+   /**
+   *
+   * @return
+   */
+  public Integer nextOctal() {
+		Integer c = next();
+		if ( c == null ) return null;
+		if ( isOctalDigit( c ) ) return c;
+		return null;
+	}
+
+	  /**
+	  * Returns true if the parameter character is a hexidecimal digit 0 through 9, a through f, or A through F.
+	  * @param c
+	  * @return
+	  */
+	 public static boolean isHexDigit( Integer c ) {
+		if ( c == null ) return false;
+		Integer ch = Integer.valueOf(c);
+		return (ch >= '0' && ch <= '9' ) || (ch >= 'a' && ch <= 'f' ) || (ch >= 'A' && ch <= 'F' );
+	}
+
+	 /**
+	 * Returns true if the parameter character is an octal digit 0 through 7.
+	 * @param c
+	 * @return
+	 */
+	public static boolean isOctalDigit( Integer c ) {
+		if ( c == null ) return false;
+		Integer ch = Integer.valueOf(c); 
+		return ch >= '0' && ch <= '7';
+	}
+
+    /**
+     * Return the next codePoint without affecting the current index.
+     * @return
+     */
+    public Integer peek() {
+		if ( pushback != null ) return pushback;
+		if ( input == null ) return null;
+		if ( input.length() == 0 ) return null;
+		if ( index >= input.length() ) return null;		
+		return input.codePointAt(index);
+	}
+	
+    /**
+     * Test to see if the next codePoint is a particular value without affecting the current index.
+     * @param c
+     * @return
+     */
+    public boolean peek( Integer c ) {
+		if ( pushback != null && pushback.intValue() == c ) return true;
+		if ( input == null ) return false;
+		if ( input.length() == 0 ) return false;
+		if ( index >= input.length() ) return false;		
+		return input.codePointAt(index) == c;
+	}	
+	
+    /**
+     *
+     */
+    public void mark() {
+		temp = pushback;
+		mark = index;
+	}
+
+    /**
+     *
+     */
+    public void reset() {
+		pushback = temp;
+		index = mark;
+	}
+	
+    /**
+     *
+     * @return
+     */
+    protected String remainder() {
+		String output = input.substring( index );
+		if ( pushback != null ) {
+			output = pushback + output;
+		}
+		return output;
+	}
+
+}
diff --git a/src/main/java/org/owasp/esapi/codecs/PushbackSequence.java b/src/main/java/org/owasp/esapi/codecs/PushbackSequence.java
new file mode 100644
index 000000000..58fe4a930
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/codecs/PushbackSequence.java
@@ -0,0 +1,64 @@
+package org.owasp.esapi.codecs;
+
+public interface PushbackSequence<T> {
+
+	/**
+	 *
+	 * @param c
+	 */
+	void pushback(T c);
+
+	/**
+	 * Get the current index of the PushbackString. Typically used in error messages.
+	 * @return The current index of the PushbackString.
+	 */
+	int index();
+
+	/**
+	 *
+	 * @return
+	 */
+	boolean hasNext();
+
+	/**
+	 *
+	 * @return
+	 */
+	T next();
+
+	/**
+	    *
+	    * @return
+	    */
+	T nextHex();
+
+	/**
+	   *
+	   * @return
+	   */
+	T nextOctal();
+
+	/**
+	 * Return the next character without affecting the current index.
+	 * @return
+	 */
+	T peek();
+
+	/**
+	 * Test to see if the next character is a particular value without affecting the current index.
+	 * @param c
+	 * @return
+	 */
+	boolean peek(T c);
+
+	/**
+	 *
+	 */
+	void mark();
+
+	/**
+	 *
+	 */
+	void reset();
+
+}
\ No newline at end of file
diff --git a/src/main/java/org/owasp/esapi/codecs/PushbackString.java b/src/main/java/org/owasp/esapi/codecs/PushbackString.java
index 1119b223c..9982d48e2 100644
--- a/src/main/java/org/owasp/esapi/codecs/PushbackString.java
+++ b/src/main/java/org/owasp/esapi/codecs/PushbackString.java
@@ -15,169 +15,187 @@
  */
 package org.owasp.esapi.codecs;
 
-
 /**
- * The pushback string is used by Codecs to allow them to push decoded characters back onto a string
- * for further decoding. This is necessary to detect double-encoding.
+ * The pushback string is used by Codecs to allow them to push decoded
+ * characters back onto a string for further decoding. This is necessary to
+ * detect double-encoding.
  * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com)
+ *         <a href="http://www.aspectsecurity.com">Aspect Security</a>
  * @since June 1, 2007
  * @see org.owasp.esapi.Encoder
  */
-public class PushbackString {
-
-	private String input;
-	private Character pushback;
-	private Character temp;
-	private int index = 0;
-	private int mark = 0;
-	
-    /**
-     *
-     * @param input
-     */
-    public PushbackString( String input ) {
-		this.input = input;
-	}
-
-    /**
-     *
-     * @param c
-     */
-    public void pushback( Character c ) {
-		pushback = c;
+public class PushbackString extends AbstractPushbackSequence<Character>{
+	/**
+	 *
+	 * @param input
+	 */
+	public PushbackString(String input) {
+		super(input);
 	}
-	
 
-    /**
-     * Get the current index of the PushbackString. Typically used in error messages.
-     * @return The current index of the PushbackString.
-     */
-    public int index() {
+	/*
+	 * (non-Javadoc)
+	 * 
+	 * @see org.owasp.esapi.codecs.PushbackSequence#index()
+	 */
+	public int index() {
 		return index;
 	}
-	
-    /**
-     *
-     * @return
-     */
-    public boolean hasNext() {
-		if ( pushback != null ) return true;
-		if ( input == null ) return false;
-		if ( input.length() == 0 ) return false;
-		if ( index >= input.length() ) return false;
-		return true;		
+
+	/*
+	 * (non-Javadoc)
+	 * 
+	 * @see org.owasp.esapi.codecs.PushbackSequence#hasNext()
+	 */
+	public boolean hasNext() {
+		if (pushback != null)
+			return true;
+		if (input == null)
+			return false;
+		if (input.length() == 0)
+			return false;
+		if (index >= input.length())
+			return false;
+		return true;
 	}
-	
-    /**
-     *
-     * @return
-     */
-    public Character next() {
-		if ( pushback != null ) {
+
+	/*
+	 * (non-Javadoc)
+	 * 
+	 * @see org.owasp.esapi.codecs.PushbackSequence#next()
+	 */
+	public Character next() {
+		if (pushback != null) {
 			Character save = pushback;
 			pushback = null;
 			return save;
 		}
-		if ( input == null ) return null;
-		if ( input.length() == 0 ) return null;
-		if ( index >= input.length() ) return null;		
-		return Character.valueOf( input.charAt(index++) );
+		if (input == null)
+			return null;
+		if (input.length() == 0)
+			return null;
+		if (index >= input.length())
+			return null;
+		return Character.valueOf(input.charAt(index++));
 	}
-	
-    /**
-    *
-    * @return
-    */
-   public Character nextHex() {
+
+	/*
+	 * (non-Javadoc)
+	 * 
+	 * @see org.owasp.esapi.codecs.PushbackSequence#nextHex()
+	 */
+	public Character nextHex() {
 		Character c = next();
-		if ( c == null ) return null;
-		if ( isHexDigit( c ) ) return c;
+		if (c == null)
+			return null;
+		if (isHexDigit(c))
+			return c;
 		return null;
 	}
 
-   /**
-   *
-   * @return
-   */
-  public Character nextOctal() {
+	/*
+	 * (non-Javadoc)
+	 * 
+	 * @see org.owasp.esapi.codecs.PushbackSequence#nextOctal()
+	 */
+	public Character nextOctal() {
 		Character c = next();
-		if ( c == null ) return null;
-		if ( isOctalDigit( c ) ) return c;
+		if (c == null)
+			return null;
+		if (isOctalDigit(c))
+			return c;
 		return null;
 	}
 
-  /**
- * Returns true if the parameter character is a hexidecimal digit 0 through 9, a through f, or A through F.
-  * @param c
-  * @return
-  */
- public static boolean isHexDigit( Character c ) {
-		if ( c == null ) return false;
+	/**
+	 * Returns true if the parameter character is a hexidecimal digit 0 through
+	 * 9, a through f, or A through F.
+	 * 
+	 * @param c
+	 * @return
+	 */
+	public static boolean isHexDigit(Character c) {
+		if (c == null)
+			return false;
 		char ch = c.charValue();
-		return (ch >= '0' && ch <= '9' ) || (ch >= 'a' && ch <= 'f' ) || (ch >= 'A' && ch <= 'F' );
+		return (ch >= '0' && ch <= '9') || (ch >= 'a' && ch <= 'f') || (ch >= 'A' && ch <= 'F');
 	}
 
- /**
- * Returns true if the parameter character is an octal digit 0 through 7.
- * @param c
- * @return
- */
-public static boolean isOctalDigit( Character c ) {
-	if ( c == null ) return false;
-	char ch = c.charValue();
-	return ch >= '0' && ch <= '7';
-}
+	/**
+	 * Returns true if the parameter character is an octal digit 0 through 7.
+	 * 
+	 * @param c
+	 * @return
+	 */
+	public static boolean isOctalDigit(Character c) {
+		if (c == null)
+			return false;
+		char ch = c.charValue();
+		return ch >= '0' && ch <= '7';
+	}
 
-    /**
-     * Return the next character without affecting the current index.
-     * @return
-     */
-    public Character peek() {
-		if ( pushback != null ) return pushback;
-		if ( input == null ) return null;
-		if ( input.length() == 0 ) return null;
-		if ( index >= input.length() ) return null;		
-		return Character.valueOf( input.charAt(index) );
+	/*
+	 * (non-Javadoc)
+	 * 
+	 * @see org.owasp.esapi.codecs.PushbackSequence#peek()
+	 */
+	public Character peek() {
+		if (pushback != null)
+			return pushback;
+		if (input == null)
+			return null;
+		if (input.length() == 0)
+			return null;
+		if (index >= input.length())
+			return null;
+		return Character.valueOf(input.charAt(index));
 	}
-	
-    /**
-     * Test to see if the next character is a particular value without affecting the current index.
-     * @param c
-     * @return
-     */
-    public boolean peek( char c ) {
-		if ( pushback != null && pushback.charValue() == c ) return true;
-		if ( input == null ) return false;
-		if ( input.length() == 0 ) return false;
-		if ( index >= input.length() ) return false;		
+
+	/*
+	 * (non-Javadoc)
+	 * 
+	 * @see org.owasp.esapi.codecs.PushbackSequence#peek(char)
+	 */
+	public boolean peek(Character c) {
+		if (pushback != null && pushback.charValue() == c)
+			return true;
+		if (input == null)
+			return false;
+		if (input.length() == 0)
+			return false;
+		if (index >= input.length())
+			return false;
 		return input.charAt(index) == c;
-	}	
-	
-    /**
-     *
-     */
-    public void mark() {
+	}
+
+	/*
+	 * (non-Javadoc)
+	 * 
+	 * @see org.owasp.esapi.codecs.PushbackSequence#mark()
+	 */
+	public void mark() {
 		temp = pushback;
 		mark = index;
 	}
 
-    /**
-     *
-     */
-    public void reset() {
+	/*
+	 * (non-Javadoc)
+	 * 
+	 * @see org.owasp.esapi.codecs.PushbackSequence#reset()
+	 */
+	public void reset() {
 		pushback = temp;
 		index = mark;
 	}
-	
-    /**
-     *
-     * @return
-     */
-    protected String remainder() {
-		String output = input.substring( index );
-		if ( pushback != null ) {
+
+	/**
+	 *
+	 * @return
+	 */
+	protected String remainder() {
+		String output = input.substring(index);
+		if (pushback != null) {
 			output = pushback + output;
 		}
 		return output;
diff --git a/src/test/java/org/owasp/esapi/codecs/PushBackStringTest.java b/src/test/java/org/owasp/esapi/codecs/PushBackStringTest.java
new file mode 100644
index 000000000..2a4ed84e2
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/codecs/PushBackStringTest.java
@@ -0,0 +1,41 @@
+package org.owasp.esapi.codecs;
+
+import static org.junit.Assert.assertEquals;
+
+import org.junit.Test;
+
+public class PushBackStringTest {
+
+	@Test
+	public void testPushbackString() {
+		PushbackSequence<Character> pbs = new PushbackString("012345");
+		
+		pbs.mark();
+		assertEquals(0, pbs.index());
+		Character first = pbs.next();
+		
+		System.out.println("0x" + Integer.toHexString(first));
+		
+		assertEquals("0", new StringBuilder().appendCodePoint(first).toString());
+	}
+	
+	@Test
+	public void testPushbackSequence() {
+		AbstractPushbackSequence<Integer> pbs = new PushBackSequenceImpl("&#49;2345");
+		
+		pbs.mark();
+		assertEquals(0, pbs.index());
+		Integer first = pbs.next();
+		
+		System.out.println("0x" + Integer.toHexString(first));
+		
+		assertEquals("&", new StringBuilder().appendCodePoint(first).toString());
+		
+		Integer second = pbs.next();
+		
+		if(second == '#'){
+			System.out.printf("[%d]:[%d]\n", second, (int) '#');
+			
+		}
+	}
+}

From 65646f174e42be2bd1a88706f53d6be56d94d4a7 Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Sat, 5 Aug 2017 15:34:50 -0700
Subject: [PATCH 440/812] Issue #300 -- Finally got the core issue whacked! 
 Now we have to clean up the rest of the unit tests.

---
 .../esapi/codecs/AbstractCharacterCodec.java  |  21 +
 .../org/owasp/esapi/codecs/AbstractCodec.java |  23 +-
 .../esapi/codecs/AbstractIntegerCodec.java    |  22 +
 .../java/org/owasp/esapi/codecs/CSSCodec.java |   4 +-
 .../java/org/owasp/esapi/codecs/Codec.java    |   6 +-
 .../java/org/owasp/esapi/codecs/DB2Codec.java |   2 +-
 .../owasp/esapi/codecs/HTMLEntityCodec.java   | 565 +++++++++---------
 .../owasp/esapi/codecs/JavaScriptCodec.java   |   2 +-
 .../org/owasp/esapi/codecs/MySQLCodec.java    |   2 +-
 .../org/owasp/esapi/codecs/OracleCodec.java   |   2 +-
 .../org/owasp/esapi/codecs/PercentCodec.java  |   2 +-
 .../esapi/codecs/PushBackSequenceImpl.java    |   2 +-
 .../owasp/esapi/codecs/PushbackSequence.java  |   8 +
 .../owasp/esapi/codecs/PushbackString.java    |   2 +-
 .../org/owasp/esapi/codecs/UnixCodec.java     |   2 +-
 .../org/owasp/esapi/codecs/VBScriptCodec.java |   2 +-
 .../org/owasp/esapi/codecs/WindowsCodec.java  |   2 +-
 .../owasp/esapi/codecs/XMLEntityCodec.java    |   2 +-
 .../owasp/esapi/codecs/AbstractCodecTest.java |   2 +-
 .../owasp/esapi/reference/EncoderTest.java    |  19 +-
 20 files changed, 366 insertions(+), 326 deletions(-)
 create mode 100644 src/main/java/org/owasp/esapi/codecs/AbstractCharacterCodec.java
 create mode 100644 src/main/java/org/owasp/esapi/codecs/AbstractIntegerCodec.java

diff --git a/src/main/java/org/owasp/esapi/codecs/AbstractCharacterCodec.java b/src/main/java/org/owasp/esapi/codecs/AbstractCharacterCodec.java
new file mode 100644
index 000000000..5868d2bc0
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/codecs/AbstractCharacterCodec.java
@@ -0,0 +1,21 @@
+package org.owasp.esapi.codecs;
+
+public abstract class AbstractCharacterCodec extends AbstractCodec<Character> {
+	/* (non-Javadoc)
+	 * @see org.owasp.esapi.codecs.Codec#decode(java.lang.String)
+	 */
+	@Override
+	public String decode(String input) {
+		StringBuilder sb = new StringBuilder();
+		PushbackSequence<Character> pbs = new PushbackString(input);
+		while (pbs.hasNext()) {
+			Character c = decodeCharacter(pbs);
+			if (c != null) {
+				sb.append(c);
+			} else {
+				sb.append(pbs.next());
+			}
+		}
+		return sb.toString();
+	}
+}
diff --git a/src/main/java/org/owasp/esapi/codecs/AbstractCodec.java b/src/main/java/org/owasp/esapi/codecs/AbstractCodec.java
index 11d33f8a8..236125497 100644
--- a/src/main/java/org/owasp/esapi/codecs/AbstractCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/AbstractCodec.java
@@ -25,10 +25,11 @@
  * 
  * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
  *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @param <T>
  * @since June 1, 2007
  * @see org.owasp.esapi.Encoder
  */
-public abstract class AbstractCodec implements Codec {
+public abstract class AbstractCodec<T> implements Codec<T> {
 
 	/**
 	 * Initialize an array to mark which characters are to be encoded. Store the hex
@@ -89,29 +90,13 @@ public String encodeCharacter( char[] immune, int codePoint ) {
 		return new StringBuilder().appendCodePoint(codePoint).toString();
 	}
 
-	/* (non-Javadoc)
-	 * @see org.owasp.esapi.codecs.Codec#decode(java.lang.String)
-	 */
-	@Override
-	public String decode(String input) {
-		StringBuilder sb = new StringBuilder();
-		PushbackString pbs = new PushbackString(input);
-		while (pbs.hasNext()) {
-			Character c = decodeCharacter(pbs);
-			if (c != null) {
-				sb.append(c);
-			} else {
-				sb.append(pbs.next());
-			}
-		}
-		return sb.toString();
-	}
+
 
 	/* (non-Javadoc)
 	 * @see org.owasp.esapi.codecs.Codec#decodeCharacter(org.owasp.esapi.codecs.PushbackString)
 	 */
 	@Override
-	public Character decodeCharacter( PushbackString input ) {
+	public T decodeCharacter( PushbackSequence<T> input ) {
 		return input.next();
 	}
 
diff --git a/src/main/java/org/owasp/esapi/codecs/AbstractIntegerCodec.java b/src/main/java/org/owasp/esapi/codecs/AbstractIntegerCodec.java
new file mode 100644
index 000000000..f43891481
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/codecs/AbstractIntegerCodec.java
@@ -0,0 +1,22 @@
+package org.owasp.esapi.codecs;
+
+public class AbstractIntegerCodec extends AbstractCodec<Integer> {
+
+	/**
+	 * {@inheritDoc}
+	 */
+	@Override
+	public String decode(String input) {
+		StringBuilder sb = new StringBuilder();
+		PushbackSequence<Integer> pbs = new PushBackSequenceImpl(input);
+		while (pbs.hasNext()) {
+			Integer c = decodeCharacter(pbs);
+			if (c != null) {
+				sb.appendCodePoint(c);
+			} else {
+				sb.appendCodePoint(pbs.next());
+			}
+		}
+		return sb.toString();
+	}
+}
diff --git a/src/main/java/org/owasp/esapi/codecs/CSSCodec.java b/src/main/java/org/owasp/esapi/codecs/CSSCodec.java
index a44cebeed..088463889 100644
--- a/src/main/java/org/owasp/esapi/codecs/CSSCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/CSSCodec.java
@@ -23,7 +23,7 @@
  * @since June 1, 2007
  * @see org.owasp.esapi.Encoder
  */
-public class CSSCodec extends AbstractCodec
+public class CSSCodec extends AbstractCharacterCodec
 {
 	private static final Character REPLACEMENT = '\ufffd';
 
@@ -58,7 +58,7 @@ public String encodeCharacter(char[] immune, Character c) {
 	 * Returns the decoded version of the character starting at index,
 	 * or null if no decoding is possible.
 	 */
-	public Character decodeCharacter(PushbackString input)
+	public Character decodeCharacter(PushbackSequence<Character> input)
 	{
 		input.mark();
 		Character first = input.next();
diff --git a/src/main/java/org/owasp/esapi/codecs/Codec.java b/src/main/java/org/owasp/esapi/codecs/Codec.java
index 3f7cd2554..c205d1b3f 100644
--- a/src/main/java/org/owasp/esapi/codecs/Codec.java
+++ b/src/main/java/org/owasp/esapi/codecs/Codec.java
@@ -28,7 +28,7 @@
  * @since June 1, 2007
  * @see org.owasp.esapi.Encoder
  */
-public interface Codec {
+public interface Codec<T> {
 	/**
 	 * Encode a String so that it can be safely used in a specific context.
 	 * 
@@ -73,14 +73,14 @@ public interface Codec {
 
 	/**
 	 * Returns the decoded version of the next character from the input string and advances the
-	 * current character in the PushbackString.  If the current character is not encoded, this 
+	 * current character in the PushbackSequence.  If the current character is not encoded, this 
 	 * method MUST reset the PushbackString.
 	 * 
 	 * @param input	the Character to decode
 	 * 
 	 * @return the decoded Character
 	 */
-	public Character decodeCharacter( PushbackString input );
+	public T decodeCharacter( PushbackSequence<T> input );
 
 	/**
 	 * Lookup the hex value of any character that is not alphanumeric.
diff --git a/src/main/java/org/owasp/esapi/codecs/DB2Codec.java b/src/main/java/org/owasp/esapi/codecs/DB2Codec.java
index 236bed78e..850d9a6aa 100644
--- a/src/main/java/org/owasp/esapi/codecs/DB2Codec.java
+++ b/src/main/java/org/owasp/esapi/codecs/DB2Codec.java
@@ -20,7 +20,7 @@
  * @since October 26, 2010
  * @see org.owasp.esapi.Encoder
  */
-public class DB2Codec extends AbstractCodec {
+public class DB2Codec extends AbstractCharacterCodec {
 
 	public String encodeCharacter(char[] immune, Character c) {
 
diff --git a/src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java b/src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java
index e3892d2f8..4adfdf84c 100644
--- a/src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java
@@ -18,6 +18,7 @@
 import java.util.HashMap;
 import java.util.Collections;
 import java.util.Map;
+import java.util.Map.Entry;
 
 /**
  * Implementation of the Codec interface for HTML entity encoding.
@@ -27,14 +28,14 @@
  * @since June 1, 2007
  * @see org.owasp.esapi.Encoder
  */
-public class HTMLEntityCodec extends AbstractCodec
+public class HTMLEntityCodec extends AbstractIntegerCodec
 {
 	private static final char REPLACEMENT_CHAR = '\ufffd';
 	private static final String REPLACEMENT_HEX = "fffd";
 	private static final String REPLACEMENT_STR = "" + REPLACEMENT_CHAR;
-	private static final Map<Character,String> characterToEntityMap = mkCharacterToEntityMap();
+	private static final Map<Integer,String> characterToEntityMap = mkCharacterToEntityMap();
 
-	private static final Trie<Character> entityToCharacterTrie = mkEntityToCharacterTrie();
+	private static final Trie<Integer> entityToCharacterTrie = mkEntityToCharacterTrie();
 
     /**
      *
@@ -69,7 +70,7 @@ public String encodeCharacter( char[] immune, Character c ) {
 		}
 		
 		// check if there's a defined entity
-		String entityName = (String) characterToEntityMap.get(c);
+		String entityName = (String) characterToEntityMap.get(Integer.valueOf(c));
 		if (entityName != null) {
 			return "&" + entityName + ";";
 		}
@@ -125,9 +126,9 @@ public String encodeCharacter( char[] immune, int codePoint ) {
 	 *   &#xhhhh;
 	 *   &name;
 	 */
-	public Character decodeCharacter( PushbackString input ) {
+	public Integer decodeCharacter( PushbackSequence<Integer> input ) {
 		input.mark();
-		Character first = input.next();
+		Integer first = input.next();
 		if ( first == null ) {
 			input.reset();
 			return null;
@@ -140,7 +141,7 @@ public Character decodeCharacter( PushbackString input ) {
 		}
 		
 		// test for numeric encodings
-		Character second = input.next();
+		Integer second = input.next();
 		if ( second == null ) {
 			input.reset();
 			return null;
@@ -148,12 +149,12 @@ public Character decodeCharacter( PushbackString input ) {
 		
 		if (second == '#' ) {
 			// handle numbers
-			Character c = getNumericEntity( input );
+			Integer c = getNumericEntity( input );
 			if ( c != null ) return c;
-		} else if ( Character.isLetter( second.charValue() ) ) {
+		} else if ( Character.isLetter( second ) ) {
 			// handle entities
 			input.pushback( second );
-			Character c = getNamedEntity( input );
+			Integer c = getNamedEntity( input );
 			if ( c != null ) return c;
 		}
 		input.reset();
@@ -169,8 +170,8 @@ public Character decodeCharacter( PushbackString input ) {
 	 * @return
 	 * 			null if input is null, the character of input after decoding
 	 */
-	private Character getNumericEntity( PushbackString input ) {
-		Character first = input.peek();
+	private Integer getNumericEntity( PushbackSequence<Integer> input ) {
+		Integer first = input.peek();
 		if ( first == null ) return null;
 
 		if (first == 'x' || first == 'X' ) {
@@ -189,14 +190,14 @@ private Character getNumericEntity( PushbackString input ) {
 	 * 			character representation of this decimal value, e.g. A 
 	 * @throws NumberFormatException
 	 */
-	private Character parseNumber( PushbackString input ) {
+	private Integer parseNumber( PushbackSequence<Integer> input ) {
 		StringBuilder sb = new StringBuilder();
 		while( input.hasNext() ) {
-			Character c = input.peek();
+			Integer c = input.peek();
 			
 			// if character is a digit then add it on and keep going
-			if ( Character.isDigit( c.charValue() ) ) {
-				sb.append( c );
+			if ( Character.isDigit( c ) ) {
+				sb.appendCodePoint( c );
 				input.next();
 				
 			// if character is a semi-colon, eat it and quit
@@ -212,7 +213,7 @@ private Character parseNumber( PushbackString input ) {
 		try {
 			int i = Integer.parseInt(sb.toString());
             if (Character.isValidCodePoint(i)) {
-                return (char) i;
+                return i;
             }
 		} catch( NumberFormatException e ) {
 			// throw an exception for malformed entity?
@@ -229,14 +230,14 @@ private Character parseNumber( PushbackString input ) {
 	 * 			A single character from the string
 	 * @throws NumberFormatException
 	 */
-	private Character parseHex( PushbackString input ) {
+	private Integer parseHex( PushbackSequence<Integer> input ) {
 		StringBuilder sb = new StringBuilder();
 		while( input.hasNext() ) {
-			Character c = input.peek();
+			Integer c = input.peek();
 			
 			// if character is a hex digit then add it on and keep going
 			if ( "0123456789ABCDEFabcdef".indexOf(c) != -1 ) {
-				sb.append( c );
+				sb.appendCodePoint( c );
 				input.next();
 				
 			// if character is a semi-colon, eat it and quit
@@ -252,7 +253,7 @@ private Character parseHex( PushbackString input ) {
 		try {
 			int i = Integer.parseInt(sb.toString(), 16);
             if (Character.isValidCodePoint(i)) {
-                return (char) i;
+                return i;
             }
 		} catch( NumberFormatException e ) {
 			// throw an exception for malformed entity?
@@ -278,9 +279,9 @@ private Character parseHex( PushbackString input ) {
 	 * @return
 	 * 		Returns the decoded version of the character starting at index, or null if no decoding is possible.
 	 */
-	private Character getNamedEntity( PushbackString input ) {
+	private Integer getNamedEntity( PushbackSequence<Integer> input ) {
 		StringBuilder possible = new StringBuilder();
-		Map.Entry<CharSequence,Character> entry;
+		Entry<CharSequence, Integer> entry;
 		int len;
 		
 		// kludge around PushbackString....
@@ -296,7 +297,7 @@ private Character getNamedEntity( PushbackString input ) {
 			String possibleString = possible.toString();
 			String possibleStringLowerCase = possibleString.toLowerCase();
 		        if(!possibleString.equals(possibleStringLowerCase)) {
-		           Map.Entry<CharSequence,Character> exactEntry = entityToCharacterTrie.getLongestMatch(possibleStringLowerCase);
+		           Map.Entry<CharSequence,Integer> exactEntry = entityToCharacterTrie.getLongestMatch(possibleStringLowerCase);
 		           if(exactEntry != null) entry = exactEntry;
 		        }
 		        if(entry == null) return null; // no match, caller will reset input
@@ -310,7 +311,7 @@ private Character getNamedEntity( PushbackString input ) {
 			input.next();
 
 		// check for a trailing semicolen
-		if(input.peek(';'))
+		if(input.peek(Integer.valueOf(';')))
 			input.next();
 
 		return entry.getValue();
@@ -320,262 +321,262 @@ private Character getNamedEntity( PushbackString input ) {
 	 * Build a unmodifiable Map from entity Character to Name.
 	 * @return Unmodifiable map.
 	 */
-	private static synchronized Map<Character,String> mkCharacterToEntityMap()
+	private static synchronized Map<Integer,String> mkCharacterToEntityMap()
 	{
-		Map<Character, String> map = new HashMap<Character,String>(252);
+		Map<Integer, String> map = new HashMap<Integer,String>(252);
 
-		map.put((char)34,	"quot");	/* quotation mark */
-		map.put((char)38,	"amp");		/* ampersand */
-		map.put((char)60,	"lt");		/* less-than sign */
-		map.put((char)62,	"gt");		/* greater-than sign */
-		map.put((char)160,	"nbsp");	/* no-break space */
-		map.put((char)161,	"iexcl");	/* inverted exclamation mark */
-		map.put((char)162,	"cent");	/* cent sign */
-		map.put((char)163,	"pound");	/* pound sign */
-		map.put((char)164,	"curren");	/* currency sign */
-		map.put((char)165,	"yen");		/* yen sign */
-		map.put((char)166,	"brvbar");	/* broken bar */
-		map.put((char)167,	"sect");	/* section sign */
-		map.put((char)168,	"uml");		/* diaeresis */
-		map.put((char)169,	"copy");	/* copyright sign */
-		map.put((char)170,	"ordf");	/* feminine ordinal indicator */
-		map.put((char)171,	"laquo");	/* left-pointing double angle quotation mark */
-		map.put((char)172,	"not");		/* not sign */
-		map.put((char)173,	"shy");		/* soft hyphen */
-		map.put((char)174,	"reg");		/* registered sign */
-		map.put((char)175,	"macr");	/* macron */
-		map.put((char)176,	"deg");		/* degree sign */
-		map.put((char)177,	"plusmn");	/* plus-minus sign */
-		map.put((char)178,	"sup2");	/* superscript two */
-		map.put((char)179,	"sup3");	/* superscript three */
-		map.put((char)180,	"acute");	/* acute accent */
-		map.put((char)181,	"micro");	/* micro sign */
-		map.put((char)182,	"para");	/* pilcrow sign */
-		map.put((char)183,	"middot");	/* middle dot */
-		map.put((char)184,	"cedil");	/* cedilla */
-		map.put((char)185,	"sup1");	/* superscript one */
-		map.put((char)186,	"ordm");	/* masculine ordinal indicator */
-		map.put((char)187,	"raquo");	/* right-pointing double angle quotation mark */
-		map.put((char)188,	"frac14");	/* vulgar fraction one quarter */
-		map.put((char)189,	"frac12");	/* vulgar fraction one half */
-		map.put((char)190,	"frac34");	/* vulgar fraction three quarters */
-		map.put((char)191,	"iquest");	/* inverted question mark */
-		map.put((char)192,	"Agrave");	/* Latin capital letter a with grave */
-		map.put((char)193,	"Aacute");	/* Latin capital letter a with acute */
-		map.put((char)194,	"Acirc");	/* Latin capital letter a with circumflex */
-		map.put((char)195,	"Atilde");	/* Latin capital letter a with tilde */
-		map.put((char)196,	"Auml");	/* Latin capital letter a with diaeresis */
-		map.put((char)197,	"Aring");	/* Latin capital letter a with ring above */
-		map.put((char)198,	"AElig");	/* Latin capital letter ae */
-		map.put((char)199,	"Ccedil");	/* Latin capital letter c with cedilla */
-		map.put((char)200,	"Egrave");	/* Latin capital letter e with grave */
-		map.put((char)201,	"Eacute");	/* Latin capital letter e with acute */
-		map.put((char)202,	"Ecirc");	/* Latin capital letter e with circumflex */
-		map.put((char)203,	"Euml");	/* Latin capital letter e with diaeresis */
-		map.put((char)204,	"Igrave");	/* Latin capital letter i with grave */
-		map.put((char)205,	"Iacute");	/* Latin capital letter i with acute */
-		map.put((char)206,	"Icirc");	/* Latin capital letter i with circumflex */
-		map.put((char)207,	"Iuml");	/* Latin capital letter i with diaeresis */
-		map.put((char)208,	"ETH");		/* Latin capital letter eth */
-		map.put((char)209,	"Ntilde");	/* Latin capital letter n with tilde */
-		map.put((char)210,	"Ograve");	/* Latin capital letter o with grave */
-		map.put((char)211,	"Oacute");	/* Latin capital letter o with acute */
-		map.put((char)212,	"Ocirc");	/* Latin capital letter o with circumflex */
-		map.put((char)213,	"Otilde");	/* Latin capital letter o with tilde */
-		map.put((char)214,	"Ouml");	/* Latin capital letter o with diaeresis */
-		map.put((char)215,	"times");	/* multiplication sign */
-		map.put((char)216,	"Oslash");	/* Latin capital letter o with stroke */
-		map.put((char)217,	"Ugrave");	/* Latin capital letter u with grave */
-		map.put((char)218,	"Uacute");	/* Latin capital letter u with acute */
-		map.put((char)219,	"Ucirc");	/* Latin capital letter u with circumflex */
-		map.put((char)220,	"Uuml");	/* Latin capital letter u with diaeresis */
-		map.put((char)221,	"Yacute");	/* Latin capital letter y with acute */
-		map.put((char)222,	"THORN");	/* Latin capital letter thorn */
-		map.put((char)223,	"szlig");	/* Latin small letter sharp sXCOMMAX German Eszett */
-		map.put((char)224,	"agrave");	/* Latin small letter a with grave */
-		map.put((char)225,	"aacute");	/* Latin small letter a with acute */
-		map.put((char)226,	"acirc");	/* Latin small letter a with circumflex */
-		map.put((char)227,	"atilde");	/* Latin small letter a with tilde */
-		map.put((char)228,	"auml");	/* Latin small letter a with diaeresis */
-		map.put((char)229,	"aring");	/* Latin small letter a with ring above */
-		map.put((char)230,	"aelig");	/* Latin lowercase ligature ae */
-		map.put((char)231,	"ccedil");	/* Latin small letter c with cedilla */
-		map.put((char)232,	"egrave");	/* Latin small letter e with grave */
-		map.put((char)233,	"eacute");	/* Latin small letter e with acute */
-		map.put((char)234,	"ecirc");	/* Latin small letter e with circumflex */
-		map.put((char)235,	"euml");	/* Latin small letter e with diaeresis */
-		map.put((char)236,	"igrave");	/* Latin small letter i with grave */
-		map.put((char)237,	"iacute");	/* Latin small letter i with acute */
-		map.put((char)238,	"icirc");	/* Latin small letter i with circumflex */
-		map.put((char)239,	"iuml");	/* Latin small letter i with diaeresis */
-		map.put((char)240,	"eth");		/* Latin small letter eth */
-		map.put((char)241,	"ntilde");	/* Latin small letter n with tilde */
-		map.put((char)242,	"ograve");	/* Latin small letter o with grave */
-		map.put((char)243,	"oacute");	/* Latin small letter o with acute */
-		map.put((char)244,	"ocirc");	/* Latin small letter o with circumflex */
-		map.put((char)245,	"otilde");	/* Latin small letter o with tilde */
-		map.put((char)246,	"ouml");	/* Latin small letter o with diaeresis */
-		map.put((char)247,	"divide");	/* division sign */
-		map.put((char)248,	"oslash");	/* Latin small letter o with stroke */
-		map.put((char)249,	"ugrave");	/* Latin small letter u with grave */
-		map.put((char)250,	"uacute");	/* Latin small letter u with acute */
-		map.put((char)251,	"ucirc");	/* Latin small letter u with circumflex */
-		map.put((char)252,	"uuml");	/* Latin small letter u with diaeresis */
-		map.put((char)253,	"yacute");	/* Latin small letter y with acute */
-		map.put((char)254,	"thorn");	/* Latin small letter thorn */
-		map.put((char)255,	"yuml");	/* Latin small letter y with diaeresis */
-		map.put((char)338,	"OElig");	/* Latin capital ligature oe */
-		map.put((char)339,	"oelig");	/* Latin small ligature oe */
-		map.put((char)352,	"Scaron");	/* Latin capital letter s with caron */
-		map.put((char)353,	"scaron");	/* Latin small letter s with caron */
-		map.put((char)376,	"Yuml");	/* Latin capital letter y with diaeresis */
-		map.put((char)402,	"fnof");	/* Latin small letter f with hook */
-		map.put((char)710,	"circ");	/* modifier letter circumflex accent */
-		map.put((char)732,	"tilde");	/* small tilde */
-		map.put((char)913,	"Alpha");	/* Greek capital letter alpha */
-		map.put((char)914,	"Beta");	/* Greek capital letter beta */
-		map.put((char)915,	"Gamma");	/* Greek capital letter gamma */
-		map.put((char)916,	"Delta");	/* Greek capital letter delta */
-		map.put((char)917,	"Epsilon");	/* Greek capital letter epsilon */
-		map.put((char)918,	"Zeta");	/* Greek capital letter zeta */
-		map.put((char)919,	"Eta");		/* Greek capital letter eta */
-		map.put((char)920,	"Theta");	/* Greek capital letter theta */
-		map.put((char)921,	"Iota");	/* Greek capital letter iota */
-		map.put((char)922,	"Kappa");	/* Greek capital letter kappa */
-		map.put((char)923,	"Lambda");	/* Greek capital letter lambda */
-		map.put((char)924,	"Mu");		/* Greek capital letter mu */
-		map.put((char)925,	"Nu");		/* Greek capital letter nu */
-		map.put((char)926,	"Xi");		/* Greek capital letter xi */
-		map.put((char)927,	"Omicron");	/* Greek capital letter omicron */
-		map.put((char)928,	"Pi");		/* Greek capital letter pi */
-		map.put((char)929,	"Rho");		/* Greek capital letter rho */
-		map.put((char)931,	"Sigma");	/* Greek capital letter sigma */
-		map.put((char)932,	"Tau");		/* Greek capital letter tau */
-		map.put((char)933,	"Upsilon");	/* Greek capital letter upsilon */
-		map.put((char)934,	"Phi");		/* Greek capital letter phi */
-		map.put((char)935,	"Chi");		/* Greek capital letter chi */
-		map.put((char)936,	"Psi");		/* Greek capital letter psi */
-		map.put((char)937,	"Omega");	/* Greek capital letter omega */
-		map.put((char)945,	"alpha");	/* Greek small letter alpha */
-		map.put((char)946,	"beta");	/* Greek small letter beta */
-		map.put((char)947,	"gamma");	/* Greek small letter gamma */
-		map.put((char)948,	"delta");	/* Greek small letter delta */
-		map.put((char)949,	"epsilon");	/* Greek small letter epsilon */
-		map.put((char)950,	"zeta");	/* Greek small letter zeta */
-		map.put((char)951,	"eta");		/* Greek small letter eta */
-		map.put((char)952,	"theta");	/* Greek small letter theta */
-		map.put((char)953,	"iota");	/* Greek small letter iota */
-		map.put((char)954,	"kappa");	/* Greek small letter kappa */
-		map.put((char)955,	"lambda");	/* Greek small letter lambda */
-		map.put((char)956,	"mu");		/* Greek small letter mu */
-		map.put((char)957,	"nu");		/* Greek small letter nu */
-		map.put((char)958,	"xi");		/* Greek small letter xi */
-		map.put((char)959,	"omicron");	/* Greek small letter omicron */
-		map.put((char)960,	"pi");		/* Greek small letter pi */
-		map.put((char)961,	"rho");		/* Greek small letter rho */
-		map.put((char)962,	"sigmaf");	/* Greek small letter final sigma */
-		map.put((char)963,	"sigma");	/* Greek small letter sigma */
-		map.put((char)964,	"tau");		/* Greek small letter tau */
-		map.put((char)965,	"upsilon");	/* Greek small letter upsilon */
-		map.put((char)966,	"phi");		/* Greek small letter phi */
-		map.put((char)967,	"chi");		/* Greek small letter chi */
-		map.put((char)968,	"psi");		/* Greek small letter psi */
-		map.put((char)969,	"omega");	/* Greek small letter omega */
-		map.put((char)977,	"thetasym");	/* Greek theta symbol */
-		map.put((char)978,	"upsih");	/* Greek upsilon with hook symbol */
-		map.put((char)982,	"piv");		/* Greek pi symbol */
-		map.put((char)8194,	"ensp");	/* en space */
-		map.put((char)8195,	"emsp");	/* em space */
-		map.put((char)8201,	"thinsp");	/* thin space */
-		map.put((char)8204,	"zwnj");	/* zero width non-joiner */
-		map.put((char)8205,	"zwj");		/* zero width joiner */
-		map.put((char)8206,	"lrm");		/* left-to-right mark */
-		map.put((char)8207,	"rlm");		/* right-to-left mark */
-		map.put((char)8211,	"ndash");	/* en dash */
-		map.put((char)8212,	"mdash");	/* em dash */
-		map.put((char)8216,	"lsquo");	/* left single quotation mark */
-		map.put((char)8217,	"rsquo");	/* right single quotation mark */
-		map.put((char)8218,	"sbquo");	/* single low-9 quotation mark */
-		map.put((char)8220,	"ldquo");	/* left double quotation mark */
-		map.put((char)8221,	"rdquo");	/* right double quotation mark */
-		map.put((char)8222,	"bdquo");	/* double low-9 quotation mark */
-		map.put((char)8224,	"dagger");	/* dagger */
-		map.put((char)8225,	"Dagger");	/* double dagger */
-		map.put((char)8226,	"bull");	/* bullet */
-		map.put((char)8230,	"hellip");	/* horizontal ellipsis */
-		map.put((char)8240,	"permil");	/* per mille sign */
-		map.put((char)8242,	"prime");	/* prime */
-		map.put((char)8243,	"Prime");	/* double prime */
-		map.put((char)8249,	"lsaquo");	/* single left-pointing angle quotation mark */
-		map.put((char)8250,	"rsaquo");	/* single right-pointing angle quotation mark */
-		map.put((char)8254,	"oline");	/* overline */
-		map.put((char)8260,	"frasl");	/* fraction slash */
-		map.put((char)8364,	"euro");	/* euro sign */
-		map.put((char)8465,	"image");	/* black-letter capital i */
-		map.put((char)8472,	"weierp");	/* script capital pXCOMMAX Weierstrass p */
-		map.put((char)8476,	"real");	/* black-letter capital r */
-		map.put((char)8482,	"trade");	/* trademark sign */
-		map.put((char)8501,	"alefsym");	/* alef symbol */
-		map.put((char)8592,	"larr");	/* leftwards arrow */
-		map.put((char)8593,	"uarr");	/* upwards arrow */
-		map.put((char)8594,	"rarr");	/* rightwards arrow */
-		map.put((char)8595,	"darr");	/* downwards arrow */
-		map.put((char)8596,	"harr");	/* left right arrow */
-		map.put((char)8629,	"crarr");	/* downwards arrow with corner leftwards */
-		map.put((char)8656,	"lArr");	/* leftwards double arrow */
-		map.put((char)8657,	"uArr");	/* upwards double arrow */
-		map.put((char)8658,	"rArr");	/* rightwards double arrow */
-		map.put((char)8659,	"dArr");	/* downwards double arrow */
-		map.put((char)8660,	"hArr");	/* left right double arrow */
-		map.put((char)8704,	"forall");	/* for all */
-		map.put((char)8706,	"part");	/* partial differential */
-		map.put((char)8707,	"exist");	/* there exists */
-		map.put((char)8709,	"empty");	/* empty set */
-		map.put((char)8711,	"nabla");	/* nabla */
-		map.put((char)8712,	"isin");	/* element of */
-		map.put((char)8713,	"notin");	/* not an element of */
-		map.put((char)8715,	"ni");		/* contains as member */
-		map.put((char)8719,	"prod");	/* n-ary product */
-		map.put((char)8721,	"sum");		/* n-ary summation */
-		map.put((char)8722,	"minus");	/* minus sign */
-		map.put((char)8727,	"lowast");	/* asterisk operator */
-		map.put((char)8730,	"radic");	/* square root */
-		map.put((char)8733,	"prop");	/* proportional to */
-		map.put((char)8734,	"infin");	/* infinity */
-		map.put((char)8736,	"ang");		/* angle */
-		map.put((char)8743,	"and");		/* logical and */
-		map.put((char)8744,	"or");		/* logical or */
-		map.put((char)8745,	"cap");		/* intersection */
-		map.put((char)8746,	"cup");		/* union */
-		map.put((char)8747,	"int");		/* integral */
-		map.put((char)8756,	"there4");	/* therefore */
-		map.put((char)8764,	"sim");		/* tilde operator */
-		map.put((char)8773,	"cong");	/* congruent to */
-		map.put((char)8776,	"asymp");	/* almost equal to */
-		map.put((char)8800,	"ne");		/* not equal to */
-		map.put((char)8801,	"equiv");	/* identical toXCOMMAX equivalent to */
-		map.put((char)8804,	"le");		/* less-than or equal to */
-		map.put((char)8805,	"ge");		/* greater-than or equal to */
-		map.put((char)8834,	"sub");		/* subset of */
-		map.put((char)8835,	"sup");		/* superset of */
-		map.put((char)8836,	"nsub");	/* not a subset of */
-		map.put((char)8838,	"sube");	/* subset of or equal to */
-		map.put((char)8839,	"supe");	/* superset of or equal to */
-		map.put((char)8853,	"oplus");	/* circled plus */
-		map.put((char)8855,	"otimes");	/* circled times */
-		map.put((char)8869,	"perp");	/* up tack */
-		map.put((char)8901,	"sdot");	/* dot operator */
-		map.put((char)8968,	"lceil");	/* left ceiling */
-		map.put((char)8969,	"rceil");	/* right ceiling */
-		map.put((char)8970,	"lfloor");	/* left floor */
-		map.put((char)8971,	"rfloor");	/* right floor */
-		map.put((char)9001,	"lang");	/* left-pointing angle bracket */
-		map.put((char)9002,	"rang");	/* right-pointing angle bracket */
-		map.put((char)9674,	"loz");		/* lozenge */
-		map.put((char)9824,	"spades");	/* black spade suit */
-		map.put((char)9827,	"clubs");	/* black club suit */
-		map.put((char)9829,	"hearts");	/* black heart suit */
-		map.put((char)9830,	"diams");	/* black diamond suit */
+		map.put(34,	"quot");	/* quotation mark */
+		map.put(38,	"amp");		/* ampersand */
+		map.put(60,	"lt");		/* less-than sign */
+		map.put(62,	"gt");		/* greater-than sign */
+		map.put(160,	"nbsp");	/* no-break space */
+		map.put(161,	"iexcl");	/* inverted exclamation mark */
+		map.put(162,	"cent");	/* cent sign */
+		map.put(163,	"pound");	/* pound sign */
+		map.put(164,	"curren");	/* currency sign */
+		map.put(165,	"yen");		/* yen sign */
+		map.put(166,	"brvbar");	/* broken bar */
+		map.put(167,	"sect");	/* section sign */
+		map.put(168,	"uml");		/* diaeresis */
+		map.put(169,	"copy");	/* copyright sign */
+		map.put(170,	"ordf");	/* feminine ordinal indicator */
+		map.put(171,	"laquo");	/* left-pointing double angle quotation mark */
+		map.put(172,	"not");		/* not sign */
+		map.put(173,	"shy");		/* soft hyphen */
+		map.put(174,	"reg");		/* registered sign */
+		map.put(175,	"macr");	/* macron */
+		map.put(176,	"deg");		/* degree sign */
+		map.put(177,	"plusmn");	/* plus-minus sign */
+		map.put(178,	"sup2");	/* superscript two */
+		map.put(179,	"sup3");	/* superscript three */
+		map.put(180,	"acute");	/* acute accent */
+		map.put(181,	"micro");	/* micro sign */
+		map.put(182,	"para");	/* pilcrow sign */
+		map.put(183,	"middot");	/* middle dot */
+		map.put(184,	"cedil");	/* cedilla */
+		map.put(185,	"sup1");	/* superscript one */
+		map.put(186,	"ordm");	/* masculine ordinal indicator */
+		map.put(187,	"raquo");	/* right-pointing double angle quotation mark */
+		map.put(188,	"frac14");	/* vulgar fraction one quarter */
+		map.put(189,	"frac12");	/* vulgar fraction one half */
+		map.put(190,	"frac34");	/* vulgar fraction three quarters */
+		map.put(191,	"iquest");	/* inverted question mark */
+		map.put(192,	"Agrave");	/* Latin capital letter a with grave */
+		map.put(193,	"Aacute");	/* Latin capital letter a with acute */
+		map.put(194,	"Acirc");	/* Latin capital letter a with circumflex */
+		map.put(195,	"Atilde");	/* Latin capital letter a with tilde */
+		map.put(196,	"Auml");	/* Latin capital letter a with diaeresis */
+		map.put(197,	"Aring");	/* Latin capital letter a with ring above */
+		map.put(198,	"AElig");	/* Latin capital letter ae */
+		map.put(199,	"Ccedil");	/* Latin capital letter c with cedilla */
+		map.put(200,	"Egrave");	/* Latin capital letter e with grave */
+		map.put(201,	"Eacute");	/* Latin capital letter e with acute */
+		map.put(202,	"Ecirc");	/* Latin capital letter e with circumflex */
+		map.put(203,	"Euml");	/* Latin capital letter e with diaeresis */
+		map.put(204,	"Igrave");	/* Latin capital letter i with grave */
+		map.put(205,	"Iacute");	/* Latin capital letter i with acute */
+		map.put(206,	"Icirc");	/* Latin capital letter i with circumflex */
+		map.put(207,	"Iuml");	/* Latin capital letter i with diaeresis */
+		map.put(208,	"ETH");		/* Latin capital letter eth */
+		map.put(209,	"Ntilde");	/* Latin capital letter n with tilde */
+		map.put(210,	"Ograve");	/* Latin capital letter o with grave */
+		map.put(211,	"Oacute");	/* Latin capital letter o with acute */
+		map.put(212,	"Ocirc");	/* Latin capital letter o with circumflex */
+		map.put(213,	"Otilde");	/* Latin capital letter o with tilde */
+		map.put(214,	"Ouml");	/* Latin capital letter o with diaeresis */
+		map.put(215,	"times");	/* multiplication sign */
+		map.put(216,	"Oslash");	/* Latin capital letter o with stroke */
+		map.put(217,	"Ugrave");	/* Latin capital letter u with grave */
+		map.put(218,	"Uacute");	/* Latin capital letter u with acute */
+		map.put(219,	"Ucirc");	/* Latin capital letter u with circumflex */
+		map.put(220,	"Uuml");	/* Latin capital letter u with diaeresis */
+		map.put(221,	"Yacute");	/* Latin capital letter y with acute */
+		map.put(222,	"THORN");	/* Latin capital letter thorn */
+		map.put(223,	"szlig");	/* Latin small letter sharp sXCOMMAX German Eszett */
+		map.put(224,	"agrave");	/* Latin small letter a with grave */
+		map.put(225,	"aacute");	/* Latin small letter a with acute */
+		map.put(226,	"acirc");	/* Latin small letter a with circumflex */
+		map.put(227,	"atilde");	/* Latin small letter a with tilde */
+		map.put(228,	"auml");	/* Latin small letter a with diaeresis */
+		map.put(229,	"aring");	/* Latin small letter a with ring above */
+		map.put(230,	"aelig");	/* Latin lowercase ligature ae */
+		map.put(231,	"ccedil");	/* Latin small letter c with cedilla */
+		map.put(232,	"egrave");	/* Latin small letter e with grave */
+		map.put(233,	"eacute");	/* Latin small letter e with acute */
+		map.put(234,	"ecirc");	/* Latin small letter e with circumflex */
+		map.put(235,	"euml");	/* Latin small letter e with diaeresis */
+		map.put(236,	"igrave");	/* Latin small letter i with grave */
+		map.put(237,	"iacute");	/* Latin small letter i with acute */
+		map.put(238,	"icirc");	/* Latin small letter i with circumflex */
+		map.put(239,	"iuml");	/* Latin small letter i with diaeresis */
+		map.put(240,	"eth");		/* Latin small letter eth */
+		map.put(241,	"ntilde");	/* Latin small letter n with tilde */
+		map.put(242,	"ograve");	/* Latin small letter o with grave */
+		map.put(243,	"oacute");	/* Latin small letter o with acute */
+		map.put(244,	"ocirc");	/* Latin small letter o with circumflex */
+		map.put(245,	"otilde");	/* Latin small letter o with tilde */
+		map.put(246,	"ouml");	/* Latin small letter o with diaeresis */
+		map.put(247,	"divide");	/* division sign */
+		map.put(248,	"oslash");	/* Latin small letter o with stroke */
+		map.put(249,	"ugrave");	/* Latin small letter u with grave */
+		map.put(250,	"uacute");	/* Latin small letter u with acute */
+		map.put(251,	"ucirc");	/* Latin small letter u with circumflex */
+		map.put(252,	"uuml");	/* Latin small letter u with diaeresis */
+		map.put(253,	"yacute");	/* Latin small letter y with acute */
+		map.put(254,	"thorn");	/* Latin small letter thorn */
+		map.put(255,	"yuml");	/* Latin small letter y with diaeresis */
+		map.put(338,	"OElig");	/* Latin capital ligature oe */
+		map.put(339,	"oelig");	/* Latin small ligature oe */
+		map.put(352,	"Scaron");	/* Latin capital letter s with caron */
+		map.put(353,	"scaron");	/* Latin small letter s with caron */
+		map.put(376,	"Yuml");	/* Latin capital letter y with diaeresis */
+		map.put(402,	"fnof");	/* Latin small letter f with hook */
+		map.put(710,	"circ");	/* modifier letter circumflex accent */
+		map.put(732,	"tilde");	/* small tilde */
+		map.put(913,	"Alpha");	/* Greek capital letter alpha */
+		map.put(914,	"Beta");	/* Greek capital letter beta */
+		map.put(915,	"Gamma");	/* Greek capital letter gamma */
+		map.put(916,	"Delta");	/* Greek capital letter delta */
+		map.put(917,	"Epsilon");	/* Greek capital letter epsilon */
+		map.put(918,	"Zeta");	/* Greek capital letter zeta */
+		map.put(919,	"Eta");		/* Greek capital letter eta */
+		map.put(920,	"Theta");	/* Greek capital letter theta */
+		map.put(921,	"Iota");	/* Greek capital letter iota */
+		map.put(922,	"Kappa");	/* Greek capital letter kappa */
+		map.put(923,	"Lambda");	/* Greek capital letter lambda */
+		map.put(924,	"Mu");		/* Greek capital letter mu */
+		map.put(925,	"Nu");		/* Greek capital letter nu */
+		map.put(926,	"Xi");		/* Greek capital letter xi */
+		map.put(927,	"Omicron");	/* Greek capital letter omicron */
+		map.put(928,	"Pi");		/* Greek capital letter pi */
+		map.put(929,	"Rho");		/* Greek capital letter rho */
+		map.put(931,	"Sigma");	/* Greek capital letter sigma */
+		map.put(932,	"Tau");		/* Greek capital letter tau */
+		map.put(933,	"Upsilon");	/* Greek capital letter upsilon */
+		map.put(934,	"Phi");		/* Greek capital letter phi */
+		map.put(935,	"Chi");		/* Greek capital letter chi */
+		map.put(936,	"Psi");		/* Greek capital letter psi */
+		map.put(937,	"Omega");	/* Greek capital letter omega */
+		map.put(945,	"alpha");	/* Greek small letter alpha */
+		map.put(946,	"beta");	/* Greek small letter beta */
+		map.put(947,	"gamma");	/* Greek small letter gamma */
+		map.put(948,	"delta");	/* Greek small letter delta */
+		map.put(949,	"epsilon");	/* Greek small letter epsilon */
+		map.put(950,	"zeta");	/* Greek small letter zeta */
+		map.put(951,	"eta");		/* Greek small letter eta */
+		map.put(952,	"theta");	/* Greek small letter theta */
+		map.put(953,	"iota");	/* Greek small letter iota */
+		map.put(954,	"kappa");	/* Greek small letter kappa */
+		map.put(955,	"lambda");	/* Greek small letter lambda */
+		map.put(956,	"mu");		/* Greek small letter mu */
+		map.put(957,	"nu");		/* Greek small letter nu */
+		map.put(958,	"xi");		/* Greek small letter xi */
+		map.put(959,	"omicron");	/* Greek small letter omicron */
+		map.put(960,	"pi");		/* Greek small letter pi */
+		map.put(961,	"rho");		/* Greek small letter rho */
+		map.put(962,	"sigmaf");	/* Greek small letter final sigma */
+		map.put(963,	"sigma");	/* Greek small letter sigma */
+		map.put(964,	"tau");		/* Greek small letter tau */
+		map.put(965,	"upsilon");	/* Greek small letter upsilon */
+		map.put(966,	"phi");		/* Greek small letter phi */
+		map.put(967,	"chi");		/* Greek small letter chi */
+		map.put(968,	"psi");		/* Greek small letter psi */
+		map.put(969,	"omega");	/* Greek small letter omega */
+		map.put(977,	"thetasym");	/* Greek theta symbol */
+		map.put(978,	"upsih");	/* Greek upsilon with hook symbol */
+		map.put(982,	"piv");		/* Greek pi symbol */
+		map.put(8194,	"ensp");	/* en space */
+		map.put(8195,	"emsp");	/* em space */
+		map.put(8201,	"thinsp");	/* thin space */
+		map.put(8204,	"zwnj");	/* zero width non-joiner */
+		map.put(8205,	"zwj");		/* zero width joiner */
+		map.put(8206,	"lrm");		/* left-to-right mark */
+		map.put(8207,	"rlm");		/* right-to-left mark */
+		map.put(8211,	"ndash");	/* en dash */
+		map.put(8212,	"mdash");	/* em dash */
+		map.put(8216,	"lsquo");	/* left single quotation mark */
+		map.put(8217,	"rsquo");	/* right single quotation mark */
+		map.put(8218,	"sbquo");	/* single low-9 quotation mark */
+		map.put(8220,	"ldquo");	/* left double quotation mark */
+		map.put(8221,	"rdquo");	/* right double quotation mark */
+		map.put(8222,	"bdquo");	/* double low-9 quotation mark */
+		map.put(8224,	"dagger");	/* dagger */
+		map.put(8225,	"Dagger");	/* double dagger */
+		map.put(8226,	"bull");	/* bullet */
+		map.put(8230,	"hellip");	/* horizontal ellipsis */
+		map.put(8240,	"permil");	/* per mille sign */
+		map.put(8242,	"prime");	/* prime */
+		map.put(8243,	"Prime");	/* double prime */
+		map.put(8249,	"lsaquo");	/* single left-pointing angle quotation mark */
+		map.put(8250,	"rsaquo");	/* single right-pointing angle quotation mark */
+		map.put(8254,	"oline");	/* overline */
+		map.put(8260,	"frasl");	/* fraction slash */
+		map.put(8364,	"euro");	/* euro sign */
+		map.put(8465,	"image");	/* black-letter capital i */
+		map.put(8472,	"weierp");	/* script capital pXCOMMAX Weierstrass p */
+		map.put(8476,	"real");	/* black-letter capital r */
+		map.put(8482,	"trade");	/* trademark sign */
+		map.put(8501,	"alefsym");	/* alef symbol */
+		map.put(8592,	"larr");	/* leftwards arrow */
+		map.put(8593,	"uarr");	/* upwards arrow */
+		map.put(8594,	"rarr");	/* rightwards arrow */
+		map.put(8595,	"darr");	/* downwards arrow */
+		map.put(8596,	"harr");	/* left right arrow */
+		map.put(8629,	"crarr");	/* downwards arrow with corner leftwards */
+		map.put(8656,	"lArr");	/* leftwards double arrow */
+		map.put(8657,	"uArr");	/* upwards double arrow */
+		map.put(8658,	"rArr");	/* rightwards double arrow */
+		map.put(8659,	"dArr");	/* downwards double arrow */
+		map.put(8660,	"hArr");	/* left right double arrow */
+		map.put(8704,	"forall");	/* for all */
+		map.put(8706,	"part");	/* partial differential */
+		map.put(8707,	"exist");	/* there exists */
+		map.put(8709,	"empty");	/* empty set */
+		map.put(8711,	"nabla");	/* nabla */
+		map.put(8712,	"isin");	/* element of */
+		map.put(8713,	"notin");	/* not an element of */
+		map.put(8715,	"ni");		/* contains as member */
+		map.put(8719,	"prod");	/* n-ary product */
+		map.put(8721,	"sum");		/* n-ary summation */
+		map.put(8722,	"minus");	/* minus sign */
+		map.put(8727,	"lowast");	/* asterisk operator */
+		map.put(8730,	"radic");	/* square root */
+		map.put(8733,	"prop");	/* proportional to */
+		map.put(8734,	"infin");	/* infinity */
+		map.put(8736,	"ang");		/* angle */
+		map.put(8743,	"and");		/* logical and */
+		map.put(8744,	"or");		/* logical or */
+		map.put(8745,	"cap");		/* intersection */
+		map.put(8746,	"cup");		/* union */
+		map.put(8747,	"int");		/* integral */
+		map.put(8756,	"there4");	/* therefore */
+		map.put(8764,	"sim");		/* tilde operator */
+		map.put(8773,	"cong");	/* congruent to */
+		map.put(8776,	"asymp");	/* almost equal to */
+		map.put(8800,	"ne");		/* not equal to */
+		map.put(8801,	"equiv");	/* identical toXCOMMAX equivalent to */
+		map.put(8804,	"le");		/* less-than or equal to */
+		map.put(8805,	"ge");		/* greater-than or equal to */
+		map.put(8834,	"sub");		/* subset of */
+		map.put(8835,	"sup");		/* superset of */
+		map.put(8836,	"nsub");	/* not a subset of */
+		map.put(8838,	"sube");	/* subset of or equal to */
+		map.put(8839,	"supe");	/* superset of or equal to */
+		map.put(8853,	"oplus");	/* circled plus */
+		map.put(8855,	"otimes");	/* circled times */
+		map.put(8869,	"perp");	/* up tack */
+		map.put(8901,	"sdot");	/* dot operator */
+		map.put(8968,	"lceil");	/* left ceiling */
+		map.put(8969,	"rceil");	/* right ceiling */
+		map.put(8970,	"lfloor");	/* left floor */
+		map.put(8971,	"rfloor");	/* right floor */
+		map.put(9001,	"lang");	/* left-pointing angle bracket */
+		map.put(9002,	"rang");	/* right-pointing angle bracket */
+		map.put(9674,	"loz");		/* lozenge */
+		map.put(9824,	"spades");	/* black spade suit */
+		map.put(9827,	"clubs");	/* black club suit */
+		map.put(9829,	"hearts");	/* black heart suit */
+		map.put(9830,	"diams");	/* black diamond suit */
 
 		return Collections.unmodifiableMap(map);
 	}
@@ -584,11 +585,11 @@ private static synchronized Map<Character,String> mkCharacterToEntityMap()
 	 * Build a unmodifiable Trie from entitiy Name to Character
 	 * @return Unmodifiable trie.
 	 */
-	private static synchronized Trie<Character> mkEntityToCharacterTrie()
+	private static synchronized Trie<Integer> mkEntityToCharacterTrie()
 	{
-		Trie<Character> trie = new HashTrie<Character>();
+		Trie<Integer> trie = new HashTrie<Integer>();
 
-		for(Map.Entry<Character,String> entry : characterToEntityMap.entrySet())
+		for(Map.Entry<Integer,String> entry : characterToEntityMap.entrySet())
 			trie.put(entry.getValue(),entry.getKey());
 		return Trie.Util.unmodifiable(trie);
 	}
diff --git a/src/main/java/org/owasp/esapi/codecs/JavaScriptCodec.java b/src/main/java/org/owasp/esapi/codecs/JavaScriptCodec.java
index 98c38c7b2..a10d9b588 100644
--- a/src/main/java/org/owasp/esapi/codecs/JavaScriptCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/JavaScriptCodec.java
@@ -24,7 +24,7 @@
  * @since June 1, 2007
  * @see org.owasp.esapi.Encoder
  */
-public class JavaScriptCodec extends AbstractCodec {
+public class JavaScriptCodec extends AbstractCharacterCodec {
 
 
 	/**
diff --git a/src/main/java/org/owasp/esapi/codecs/MySQLCodec.java b/src/main/java/org/owasp/esapi/codecs/MySQLCodec.java
index e43f13ca2..6552d089f 100644
--- a/src/main/java/org/owasp/esapi/codecs/MySQLCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/MySQLCodec.java
@@ -26,7 +26,7 @@
  * @since June 1, 2007
  * @see org.owasp.esapi.Encoder
  */
-public class MySQLCodec extends AbstractCodec {
+public class MySQLCodec extends AbstractCharacterCodec {
     /**
      * Specifies the SQL Mode the target MySQL Server is running with. For details about MySQL Server Modes
      * please see the Manual at {@link http://dev.mysql.com/doc/refman/5.0/en/server-sql-mode.html#sqlmode_ansi}
diff --git a/src/main/java/org/owasp/esapi/codecs/OracleCodec.java b/src/main/java/org/owasp/esapi/codecs/OracleCodec.java
index 06cca0609..ff87ea8c0 100644
--- a/src/main/java/org/owasp/esapi/codecs/OracleCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/OracleCodec.java
@@ -30,7 +30,7 @@
  * @since June 1, 2007
  * @see org.owasp.esapi.Encoder
  */
-public class OracleCodec extends AbstractCodec {
+public class OracleCodec extends AbstractCharacterCodec {
 
 
 	/**
diff --git a/src/main/java/org/owasp/esapi/codecs/PercentCodec.java b/src/main/java/org/owasp/esapi/codecs/PercentCodec.java
index ed7e65dd8..6b3d5d0a5 100644
--- a/src/main/java/org/owasp/esapi/codecs/PercentCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/PercentCodec.java
@@ -28,7 +28,7 @@
  * @since June 1, 2007
  * @see org.owasp.esapi.Encoder
  */
-public class PercentCodec extends AbstractCodec
+public class PercentCodec extends AbstractCharacterCodec
 {
 	private static final String ALPHA_NUMERIC_STR = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
 	@SuppressWarnings("unused")
diff --git a/src/main/java/org/owasp/esapi/codecs/PushBackSequenceImpl.java b/src/main/java/org/owasp/esapi/codecs/PushBackSequenceImpl.java
index ea31e88d6..c10f4de22 100644
--- a/src/main/java/org/owasp/esapi/codecs/PushBackSequenceImpl.java
+++ b/src/main/java/org/owasp/esapi/codecs/PushBackSequenceImpl.java
@@ -126,7 +126,7 @@ public void reset() {
      *
      * @return
      */
-    protected String remainder() {
+    public String remainder() {
 		String output = input.substring( index );
 		if ( pushback != null ) {
 			output = pushback + output;
diff --git a/src/main/java/org/owasp/esapi/codecs/PushbackSequence.java b/src/main/java/org/owasp/esapi/codecs/PushbackSequence.java
index 58fe4a930..5588ca91f 100644
--- a/src/main/java/org/owasp/esapi/codecs/PushbackSequence.java
+++ b/src/main/java/org/owasp/esapi/codecs/PushbackSequence.java
@@ -61,4 +61,12 @@ public interface PushbackSequence<T> {
 	 */
 	void reset();
 
+	/**
+	 * Not at all sure what this method is intended to do.  There 
+	 * is a line in HTMLEntityCodec that said calling this method 
+	 * is a "kludge around PushbackString..."
+	 * @return
+	 */
+	String remainder();
+
 }
\ No newline at end of file
diff --git a/src/main/java/org/owasp/esapi/codecs/PushbackString.java b/src/main/java/org/owasp/esapi/codecs/PushbackString.java
index 9982d48e2..4255045f9 100644
--- a/src/main/java/org/owasp/esapi/codecs/PushbackString.java
+++ b/src/main/java/org/owasp/esapi/codecs/PushbackString.java
@@ -193,7 +193,7 @@ public void reset() {
 	 *
 	 * @return
 	 */
-	protected String remainder() {
+	public String remainder() {
 		String output = input.substring(index);
 		if (pushback != null) {
 			output = pushback + output;
diff --git a/src/main/java/org/owasp/esapi/codecs/UnixCodec.java b/src/main/java/org/owasp/esapi/codecs/UnixCodec.java
index 3381e82f0..da2dddc0b 100644
--- a/src/main/java/org/owasp/esapi/codecs/UnixCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/UnixCodec.java
@@ -24,7 +24,7 @@
  * @since June 1, 2007
  * @see org.owasp.esapi.Encoder
  */
-public class UnixCodec extends AbstractCodec {
+public class UnixCodec extends AbstractCharacterCodec {
 
 	/**
 	 * {@inheritDoc}
diff --git a/src/main/java/org/owasp/esapi/codecs/VBScriptCodec.java b/src/main/java/org/owasp/esapi/codecs/VBScriptCodec.java
index 85ce820e9..ae7f1f6ac 100644
--- a/src/main/java/org/owasp/esapi/codecs/VBScriptCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/VBScriptCodec.java
@@ -26,7 +26,7 @@
  * @since June 1, 2007
  * @see org.owasp.esapi.Encoder
  */
-public class VBScriptCodec extends AbstractCodec {
+public class VBScriptCodec extends AbstractCharacterCodec {
 
 	/**
 	 * Encode a String so that it can be safely used in a specific context.
diff --git a/src/main/java/org/owasp/esapi/codecs/WindowsCodec.java b/src/main/java/org/owasp/esapi/codecs/WindowsCodec.java
index bcc53f626..c0a5540ea 100644
--- a/src/main/java/org/owasp/esapi/codecs/WindowsCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/WindowsCodec.java
@@ -24,7 +24,7 @@
  * @since June 1, 2007
  * @see org.owasp.esapi.Encoder
  */
-public class WindowsCodec extends AbstractCodec {
+public class WindowsCodec extends AbstractCharacterCodec {
 
 	
 	/**
diff --git a/src/main/java/org/owasp/esapi/codecs/XMLEntityCodec.java b/src/main/java/org/owasp/esapi/codecs/XMLEntityCodec.java
index 25b4ffbc4..45482adae 100644
--- a/src/main/java/org/owasp/esapi/codecs/XMLEntityCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/XMLEntityCodec.java
@@ -41,7 +41,7 @@
  * of knowing about. Decoding is included for completeness but it's use
  * is not recommended. Use a XML parser instead!
  */
-public class XMLEntityCodec extends AbstractCodec
+public class XMLEntityCodec extends AbstractCharacterCodec
 {
 	private static final String ALPHA_NUMERIC_STR = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
 	private static final String UNENCODED_STR = ALPHA_NUMERIC_STR + " \t";
diff --git a/src/test/java/org/owasp/esapi/codecs/AbstractCodecTest.java b/src/test/java/org/owasp/esapi/codecs/AbstractCodecTest.java
index 1472e5dfb..9e0a5477b 100644
--- a/src/test/java/org/owasp/esapi/codecs/AbstractCodecTest.java
+++ b/src/test/java/org/owasp/esapi/codecs/AbstractCodecTest.java
@@ -574,7 +574,7 @@ public void testWindowsDecode()
 	
 	public void testHtmlDecodeCharLessThan()
 	{
-        	assertEquals( LESS_THAN, htmlCodec.decodeCharacter(new PushbackString("&lt;")) );
+        	assertEquals( LESS_THAN, htmlCodec.decodeCharacter(new PushBackSequenceImpl("&lt;")) );
 	}
 
 	public void testPercentDecodeChar()
diff --git a/src/test/java/org/owasp/esapi/reference/EncoderTest.java b/src/test/java/org/owasp/esapi/reference/EncoderTest.java
index 896a93661..125e8ed48 100644
--- a/src/test/java/org/owasp/esapi/reference/EncoderTest.java
+++ b/src/test/java/org/owasp/esapi/reference/EncoderTest.java
@@ -15,18 +15,15 @@
  */
 package org.owasp.esapi.reference;
 
+import java.io.ByteArrayOutputStream;
 import java.io.IOException;
+import java.io.ObjectOutputStream;
 import java.io.UnsupportedEncodingException;
 import java.net.URI;
 import java.util.ArrayList;
 import java.util.Arrays;
-import java.io.ByteArrayOutputStream;
-import java.io.ObjectOutputStream;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
 
+import org.junit.Ignore;
 import org.owasp.esapi.ESAPI;
 import org.owasp.esapi.Encoder;
 import org.owasp.esapi.EncoderConstants;
@@ -41,6 +38,10 @@
 import org.owasp.esapi.errors.EncodingException;
 import org.owasp.esapi.errors.IntrusionException;
 
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
 /**
  * The Class EncoderTest.
  * 
@@ -91,6 +92,8 @@ public static Test suite() {
 	 * 
 	 * @throws EncodingException
 	 */
+    //FIXME:  Remove @Ignore
+    @Ignore
 	public void testCanonicalize() throws EncodingException {
 		System.out.println("canonicalize");
 
@@ -720,7 +723,7 @@ public void testWindowsCodec() {
         System.out.println("WindowsCodec");
         Encoder instance = ESAPI.encoder();
 
-        Codec win = new WindowsCodec();
+        Codec<Character> win = new WindowsCodec();
         char[] immune = new char[0];
         assertEquals(null, instance.encodeForOS(win, null));
         
@@ -754,7 +757,7 @@ public void testUnixCodec() {
         System.out.println("UnixCodec");
         Encoder instance = ESAPI.encoder();
 
-        Codec unix = new UnixCodec();
+        Codec<Character> unix = new UnixCodec();
         char[] immune = new char[0];
         assertEquals(null, instance.encodeForOS(unix, null));
         

From 914edd7584fa9bfa1e5a307787e64d82318a2aee Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Sun, 6 Aug 2017 09:55:22 -0700
Subject: [PATCH 441/812] Issue #300 -- Fixed a tricky polymorphism bug with
 Jeremiah Stacey's help.  Added a unit test for PercentCodec.

---
 .../org/owasp/esapi/codecs/JavaScriptCodec.java  |  2 +-
 .../java/org/owasp/esapi/codecs/MySQLCodec.java  |  2 +-
 .../java/org/owasp/esapi/codecs/OracleCodec.java |  2 +-
 .../org/owasp/esapi/codecs/PercentCodec.java     |  2 +-
 .../java/org/owasp/esapi/codecs/UnixCodec.java   |  2 +-
 .../org/owasp/esapi/codecs/VBScriptCodec.java    |  2 +-
 .../org/owasp/esapi/codecs/WindowsCodec.java     |  2 +-
 .../org/owasp/esapi/codecs/PercentCodecTest.java | 16 ++++++++++++++++
 8 files changed, 23 insertions(+), 7 deletions(-)
 create mode 100644 src/test/java/org/owasp/esapi/codecs/PercentCodecTest.java

diff --git a/src/main/java/org/owasp/esapi/codecs/JavaScriptCodec.java b/src/main/java/org/owasp/esapi/codecs/JavaScriptCodec.java
index a10d9b588..a43cbd004 100644
--- a/src/main/java/org/owasp/esapi/codecs/JavaScriptCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/JavaScriptCodec.java
@@ -87,7 +87,7 @@ public String encodeCharacter( char[] immune, Character c ) {
 	 *   \\uHHHH
 	 *   \\OOO (1, 2, or 3 digits)
 	 */
-	public Character decodeCharacter( PushbackString input ) {
+	public Character decodeCharacter( PushbackSequence<Character> input ) {
 		input.mark();
 		Character first = input.next();
 		if ( first == null ) {
diff --git a/src/main/java/org/owasp/esapi/codecs/MySQLCodec.java b/src/main/java/org/owasp/esapi/codecs/MySQLCodec.java
index 6552d089f..1bc902342 100644
--- a/src/main/java/org/owasp/esapi/codecs/MySQLCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/MySQLCodec.java
@@ -162,7 +162,7 @@ private String encodeCharacterMySQL( Character c ) {
 	 *   In ANSI_MODE '' decodes to '
 	 *   In MYSQL_MODE \x decodes to x (or a small list of specials)
 	 */
-	public Character decodeCharacter( PushbackString input ) {
+	public Character decodeCharacter( PushbackSequence<Character> input ) {
 		switch( mode ) {
 			case ANSI: return decodeCharacterANSI( input );
 			case STANDARD: return decodeCharacterMySQL( input );
diff --git a/src/main/java/org/owasp/esapi/codecs/OracleCodec.java b/src/main/java/org/owasp/esapi/codecs/OracleCodec.java
index ff87ea8c0..0021a8613 100644
--- a/src/main/java/org/owasp/esapi/codecs/OracleCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/OracleCodec.java
@@ -59,7 +59,7 @@ public String encodeCharacter( char[] immune, Character c ) {
 	 * Formats all are legal
 	 *   '' decodes to '
 	 */
-	public Character decodeCharacter( PushbackString input ) {
+	public Character decodeCharacter( PushbackSequence<Character> input ) {
 		input.mark();
 		Character first = input.next();
 		if ( first == null ) {
diff --git a/src/main/java/org/owasp/esapi/codecs/PercentCodec.java b/src/main/java/org/owasp/esapi/codecs/PercentCodec.java
index 6b3d5d0a5..ac9e9a59e 100644
--- a/src/main/java/org/owasp/esapi/codecs/PercentCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/PercentCodec.java
@@ -128,7 +128,7 @@ public String encodeCharacter( char[] immune, Character c )
 	 * @param input
 	 * 			encoded character using percent characters (such as URL encoding)
 	 */
-	public Character decodeCharacter( PushbackString input ) {
+	public Character decodeCharacter( PushbackSequence<Character> input ) {
 		input.mark();
 		Character first = input.next();
 		if ( first == null ) {
diff --git a/src/main/java/org/owasp/esapi/codecs/UnixCodec.java b/src/main/java/org/owasp/esapi/codecs/UnixCodec.java
index da2dddc0b..faeebad65 100644
--- a/src/main/java/org/owasp/esapi/codecs/UnixCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/UnixCodec.java
@@ -61,7 +61,7 @@ public String encodeCharacter( char[] immune, Character c ) {
 	 *   \x - all special characters
 	 *   
 	 */
-	public Character decodeCharacter( PushbackString input ) {
+	public Character decodeCharacter( PushbackSequence<Character> input ) {
 		input.mark();
 		Character first = input.next();
 		if ( first == null ) {
diff --git a/src/main/java/org/owasp/esapi/codecs/VBScriptCodec.java b/src/main/java/org/owasp/esapi/codecs/VBScriptCodec.java
index ae7f1f6ac..122e90aad 100644
--- a/src/main/java/org/owasp/esapi/codecs/VBScriptCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/VBScriptCodec.java
@@ -96,7 +96,7 @@ public String encodeCharacter( char[] immune, Character c ) {
 	 *   "x - all special characters
 	 *   " + chr(x) + "  - not supported yet
 	 */
-	public Character decodeCharacter( PushbackString input ) {
+	public Character decodeCharacter( PushbackSequence<Character> input ) {
 		input.mark();
 		Character first = input.next();
 		if ( first == null ) {
diff --git a/src/main/java/org/owasp/esapi/codecs/WindowsCodec.java b/src/main/java/org/owasp/esapi/codecs/WindowsCodec.java
index c0a5540ea..be22640ad 100644
--- a/src/main/java/org/owasp/esapi/codecs/WindowsCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/WindowsCodec.java
@@ -61,7 +61,7 @@ public String encodeCharacter( char[] immune, Character c ) {
 	 * Formats all are legal both upper/lower case:
 	 *   ^x - all special characters
 	 */
-	public Character decodeCharacter( PushbackString input ) {
+	public Character decodeCharacter( PushbackSequence<Character> input ) {
 		input.mark();
 		Character first = input.next();
 		if ( first == null ) {
diff --git a/src/test/java/org/owasp/esapi/codecs/PercentCodecTest.java b/src/test/java/org/owasp/esapi/codecs/PercentCodecTest.java
new file mode 100644
index 000000000..c1b2b7ad8
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/codecs/PercentCodecTest.java
@@ -0,0 +1,16 @@
+package org.owasp.esapi.codecs;
+
+import static org.junit.Assert.assertEquals;
+
+import org.junit.Test;
+
+public class PercentCodecTest {
+	
+	@Test
+	public void testPercentDecode(){
+		Codec codec = new PercentCodec();
+		
+		String expected = " ";
+		assertEquals(expected, codec.decode("%20"));
+	}
+}

From 946158b501d5d17c52cc5bbf88dedc7888fe59f2 Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Sun, 6 Aug 2017 11:04:45 -0700
Subject: [PATCH 442/812] Issue #300 -- We need to get more data driven unit
 tests, but this issue is now completely whacked!

---
 .../org/owasp/esapi/codecs/HTMLEntityCodec.java |  9 ++++++---
 .../java/org/owasp/esapi/codecs/MySQLCodec.java |  4 ++--
 .../org/owasp/esapi/codecs/XMLEntityCodec.java  | 10 +++++-----
 .../owasp/esapi/codecs/AbstractCodecTest.java   |  5 ++++-
 .../owasp/esapi/codecs/HTMLEntityCodecTest.java | 17 +++++++++++++++++
 .../org/owasp/esapi/reference/EncoderTest.java  |  2 --
 6 files changed, 34 insertions(+), 13 deletions(-)
 create mode 100644 src/test/java/org/owasp/esapi/codecs/HTMLEntityCodecTest.java

diff --git a/src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java b/src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java
index 4adfdf84c..14564372f 100644
--- a/src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java
@@ -286,9 +286,12 @@ private Integer getNamedEntity( PushbackSequence<Integer> input ) {
 		
 		// kludge around PushbackString....
 		len = Math.min(input.remainder().length(), entityToCharacterTrie.getMaxKeyLength());
-		for(int i=0;i<len;i++)
-			possible.append(input.next());
-
+		for(int i=0;i<len;i++){
+			Integer next = input.next();
+			if(null != next){
+				possible.appendCodePoint(next);
+			}
+		}
 		// look up the longest match
 		entry = entityToCharacterTrie.getLongestMatch(possible);
 		if(entry == null) {
diff --git a/src/main/java/org/owasp/esapi/codecs/MySQLCodec.java b/src/main/java/org/owasp/esapi/codecs/MySQLCodec.java
index 1bc902342..0686741f3 100644
--- a/src/main/java/org/owasp/esapi/codecs/MySQLCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/MySQLCodec.java
@@ -178,7 +178,7 @@ public Character decodeCharacter( PushbackSequence<Character> input ) {
 	 * @return
 	 * 			A single character, decoded
 	 */
-	private Character decodeCharacterANSI( PushbackString input ) {
+	private Character decodeCharacterANSI( PushbackSequence<Character>  input ) {
 		input.mark();
 		Character first = input.next();
 		if ( first == null ) {
@@ -214,7 +214,7 @@ private Character decodeCharacterANSI( PushbackString input ) {
 	 * @return
 	 * 			A single character from that string, decoded.
 	 */
-	private Character decodeCharacterMySQL( PushbackString input ) {
+	private Character decodeCharacterMySQL( PushbackSequence<Character> input ) {
 		input.mark();
 		Character first = input.next();
 		if ( first == null ) {
diff --git a/src/main/java/org/owasp/esapi/codecs/XMLEntityCodec.java b/src/main/java/org/owasp/esapi/codecs/XMLEntityCodec.java
index 45482adae..418f4c5a7 100644
--- a/src/main/java/org/owasp/esapi/codecs/XMLEntityCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/XMLEntityCodec.java
@@ -91,7 +91,7 @@ public String encodeCharacter(char[] immune, Character c)
 	 * 	<li>&amp;name;</li>
 	 * </ul>
 	 */
-	public Character decodeCharacter(PushbackString input)
+	public Character decodeCharacter(PushbackSequence<Character> input)
 	{
 		Character ret = null;
 		Character first;
@@ -137,7 +137,7 @@ else if(Character.isLetter(second.charValue()))
 	 * 	is positioned at the character after the &amp;#
 	 * @return The character decoded or null on failure.
 	 */
-	private static Character getNumericEntity(PushbackString input)
+	private static Character getNumericEntity(PushbackSequence<Character> input)
 	{
 		Character first = input.peek();
 
@@ -174,7 +174,7 @@ private static Character int2char(int i)
 	 *	the next char is not a 'x' or 'X'.
 	 * @return The character decoded or null on failutre.
 	 */
-	private static Character parseNumber(PushbackString input)
+	private static Character parseNumber(PushbackSequence<Character> input)
 	{
 		StringBuilder sb = new StringBuilder();
 		Character c;
@@ -209,7 +209,7 @@ private static Character parseNumber(PushbackString input)
 	 * 	is positioned at the character after the &amp;#[xX]
 	 * @return The character decoded or null on failutre.
 	 */
-	private static Character parseHex(PushbackString input)
+	private static Character parseHex(PushbackSequence<Character> input)
 	{
 		Character c;
 		StringBuilder sb = new StringBuilder();
@@ -268,7 +268,7 @@ private static Character parseHex(PushbackString input)
 	 * 	is positioned at the character after the &amp;.
 	 * @return The character decoded or null on failutre.
 	 */
-	private Character getNamedEntity(PushbackString input)
+	private Character getNamedEntity(PushbackSequence<Character> input)
 	{
 		StringBuilder possible = new StringBuilder();
 		Map.Entry<CharSequence,Character> entry;
diff --git a/src/test/java/org/owasp/esapi/codecs/AbstractCodecTest.java b/src/test/java/org/owasp/esapi/codecs/AbstractCodecTest.java
index 9e0a5477b..1456058bd 100644
--- a/src/test/java/org/owasp/esapi/codecs/AbstractCodecTest.java
+++ b/src/test/java/org/owasp/esapi/codecs/AbstractCodecTest.java
@@ -574,7 +574,10 @@ public void testWindowsDecode()
 	
 	public void testHtmlDecodeCharLessThan()
 	{
-        	assertEquals( LESS_THAN, htmlCodec.decodeCharacter(new PushBackSequenceImpl("&lt;")) );
+		Integer value = htmlCodec.decodeCharacter(new PushBackSequenceImpl("&lt;"));
+		assertEquals(new Integer(60), value);
+		StringBuilder sb = new StringBuilder().appendCodePoint(value);
+        assertEquals( LESS_THAN.toString(), sb.toString());
 	}
 
 	public void testPercentDecodeChar()
diff --git a/src/test/java/org/owasp/esapi/codecs/HTMLEntityCodecTest.java b/src/test/java/org/owasp/esapi/codecs/HTMLEntityCodecTest.java
new file mode 100644
index 000000000..a12f287cd
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/codecs/HTMLEntityCodecTest.java
@@ -0,0 +1,17 @@
+package org.owasp.esapi.codecs;
+
+import static org.junit.Assert.assertEquals;
+
+import org.junit.Test;
+
+public class HTMLEntityCodecTest {
+	Codec<Integer> codec = new HTMLEntityCodec();
+	
+	@Test
+	public void testEntityDecoding(){
+		assertEquals("<", codec.decode("&lt;"));
+        assertEquals( "<", codec.decode("&LT"));
+        assertEquals( "<", codec.decode("&lt;"));
+        assertEquals( "<", codec.decode("&LT;"));
+	}
+}
diff --git a/src/test/java/org/owasp/esapi/reference/EncoderTest.java b/src/test/java/org/owasp/esapi/reference/EncoderTest.java
index 125e8ed48..64bb88ac9 100644
--- a/src/test/java/org/owasp/esapi/reference/EncoderTest.java
+++ b/src/test/java/org/owasp/esapi/reference/EncoderTest.java
@@ -92,8 +92,6 @@ public static Test suite() {
 	 * 
 	 * @throws EncodingException
 	 */
-    //FIXME:  Remove @Ignore
-    @Ignore
 	public void testCanonicalize() throws EncodingException {
 		System.out.println("canonicalize");
 

From 62c5100f4654eab3df7191c90e458120fff71133 Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Sun, 6 Aug 2017 11:29:49 -0700
Subject: [PATCH 443/812] Issue #303 -- Added unit test to prove that this
 issue is resolved.

---
 .../java/org/owasp/esapi/codecs/HTMLEntityCodecTest.java | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/test/java/org/owasp/esapi/codecs/HTMLEntityCodecTest.java b/src/test/java/org/owasp/esapi/codecs/HTMLEntityCodecTest.java
index a12f287cd..bae3732dc 100644
--- a/src/test/java/org/owasp/esapi/codecs/HTMLEntityCodecTest.java
+++ b/src/test/java/org/owasp/esapi/codecs/HTMLEntityCodecTest.java
@@ -14,4 +14,13 @@ public void testEntityDecoding(){
         assertEquals( "<", codec.decode("&lt;"));
         assertEquals( "<", codec.decode("&LT;"));
 	}
+	
+	@Test
+	public void test32BitCJK(){
+		String s = "𡘾𦴩𥻂";
+		String expected = "&#x2163e;&#x26d29;&#x25ec2;";
+		String bad = "&#xd845;&#xde3e;&#xd85b;&#xdd29;&#xd857;&#xdec2;";
+		assertEquals(false, expected.equals(bad));
+		assertEquals(expected, codec.encode(new char[0], s));
+	}
 }

From 957a9c79f290b9d67dfa5cbdbfee78f6c2fbca4a Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Mon, 7 Aug 2017 19:50:44 -0700
Subject: [PATCH 444/812] Issue #300 -- Brought back a slightly modified
 version of the old HTMLEntityCodec for backwards compatability purposes.

---
 .../esapi/codecs/LegacyHTMLEntityCodec.java   | 552 ++++++++++++++++++
 1 file changed, 552 insertions(+)
 create mode 100644 src/main/java/org/owasp/esapi/codecs/LegacyHTMLEntityCodec.java

diff --git a/src/main/java/org/owasp/esapi/codecs/LegacyHTMLEntityCodec.java b/src/main/java/org/owasp/esapi/codecs/LegacyHTMLEntityCodec.java
new file mode 100644
index 000000000..e35296b62
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/codecs/LegacyHTMLEntityCodec.java
@@ -0,0 +1,552 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.codecs;
+
+import java.util.HashMap;
+import java.util.Collections;
+import java.util.Map;
+
+/**
+ * Implementation of the Codec interface for HTML entity encoding.
+ * 
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @since June 1, 2007
+ * @see org.owasp.esapi.Encoder
+ */
+public class LegacyHTMLEntityCodec extends AbstractCharacterCodec {
+	
+	private static final char REPLACEMENT_CHAR = '\ufffd';
+	private static final String REPLACEMENT_HEX = "fffd";
+	private static final String REPLACEMENT_STR = "" + REPLACEMENT_CHAR;
+	private static final Map<Character,String> characterToEntityMap = mkCharacterToEntityMap();
+	private static final Trie<Character> entityToCharacterTrie = mkEntityToCharacterTrie();
+
+	/**
+	 * {@inheritDoc}
+	 * 
+     * Encodes a Character for safe use in an HTML entity field.
+     * @param immune
+     */
+	public String encodeCharacter( char[] immune, Character c ) {
+
+		// check for immune characters
+		if ( containsCharacter(c, immune ) ) {
+			return ""+c;
+		}
+		
+		// check for alphanumeric characters
+		String hex = super.getHexForNonAlphanumeric(c);
+		if ( hex == null ) {
+			return ""+c;
+		}
+		
+		// check for illegal characters
+		if ( ( c <= 0x1f && c != '\t' && c != '\n' && c != '\r' ) || ( c >= 0x7f && c <= 0x9f ) )
+		{
+			hex = REPLACEMENT_HEX;	// Let's entity encode this instead of returning it
+			c = REPLACEMENT_CHAR;
+		}
+		
+		// check if there's a defined entity
+		String entityName = (String) characterToEntityMap.get(c);
+		if (entityName != null) {
+			return "&" + entityName + ";";
+		}
+		
+		// return the hex entity as suggested in the spec
+		return "&#x" + hex + ";";
+	}
+	
+	/**
+	 * {@inheritDoc}
+	 * 
+	 * Returns the decoded version of the character starting at index, or
+	 * null if no decoding is possible.
+	 * 
+	 * Formats all are legal both with and without semi-colon, upper/lower case:
+	 *   &#dddd;
+	 *   &#xhhhh;
+	 *   &name;
+	 */
+	public Character decodeCharacter( PushbackString input ) {
+		input.mark();
+		Character first = input.next();
+		if ( first == null ) {
+			input.reset();
+			return null;
+		}
+		
+		// if this is not an encoded character, return null
+		if (first != '&' ) {
+			input.reset();
+			return null;
+		}
+		
+		// test for numeric encodings
+		Character second = input.next();
+		if ( second == null ) {
+			input.reset();
+			return null;
+		}
+		
+		if (second == '#' ) {
+			// handle numbers
+			Character c = getNumericEntity( input );
+			if ( c != null ) return c;
+		} else if ( Character.isLetter( second.charValue() ) ) {
+			// handle entities
+			input.pushback( second );
+			Character c = getNamedEntity( input );
+			if ( c != null ) return c;
+		}
+		input.reset();
+		return null;
+	}
+	
+	/**
+	 * getNumericEntry checks input to see if it is a numeric entity
+	 * 
+	 * @param input
+	 * 			The input to test for being a numeric entity
+	 *  
+	 * @return
+	 * 			null if input is null, the character of input after decoding
+	 */
+	private Character getNumericEntity( PushbackString input ) {
+		Character first = input.peek();
+		if ( first == null ) return null;
+
+		if (first == 'x' || first == 'X' ) {
+			input.next();
+			return parseHex( input );
+		}
+		return parseNumber( input );
+	}
+
+	/**
+	 * Parse a decimal number, such as those from JavaScript's String.fromCharCode(value)
+	 * 
+	 * @param input
+	 * 			decimal encoded string, such as 65
+	 * @return
+	 * 			character representation of this decimal value, e.g. A 
+	 * @throws NumberFormatException
+	 */
+	private Character parseNumber( PushbackString input ) {
+		StringBuilder sb = new StringBuilder();
+		while( input.hasNext() ) {
+			Character c = input.peek();
+			
+			// if character is a digit then add it on and keep going
+			if ( Character.isDigit( c.charValue() ) ) {
+				sb.append( c );
+				input.next();
+				
+			// if character is a semi-colon, eat it and quit
+			} else if (c == ';' ) {
+				input.next();
+				break;
+				
+			// otherwise just quit
+			} else {
+				break;
+			}
+		}
+		try {
+			int i = Integer.parseInt(sb.toString());
+            if (Character.isValidCodePoint(i)) {
+                return (char) i;
+            }
+		} catch( NumberFormatException e ) {
+			// throw an exception for malformed entity?
+		}
+			return null;
+		}
+	
+	/**
+	 * Parse a hex encoded entity
+	 * 
+	 * @param input
+	 * 			Hex encoded input (such as 437ae;)
+	 * @return
+	 * 			A single character from the string
+	 * @throws NumberFormatException
+	 */
+	private Character parseHex( PushbackString input ) {
+		StringBuilder sb = new StringBuilder();
+		while( input.hasNext() ) {
+			Character c = input.peek();
+			
+			// if character is a hex digit then add it on and keep going
+			if ( "0123456789ABCDEFabcdef".indexOf(c) != -1 ) {
+				sb.append( c );
+				input.next();
+				
+			// if character is a semi-colon, eat it and quit
+			} else if (c == ';' ) {
+				input.next();
+				break;
+				
+			// otherwise just quit
+			} else {
+				break;
+			}
+		}
+		try {
+			int i = Integer.parseInt(sb.toString(), 16);
+            if (Character.isValidCodePoint(i)) {
+                return (char) i;
+            }
+		} catch( NumberFormatException e ) {
+			// throw an exception for malformed entity?
+		}
+			return null;
+		}
+	
+	/**
+	 * 
+	 * Returns the decoded version of the character starting at index, or
+	 * null if no decoding is possible.
+	 * 
+	 * Formats all are legal both with and without semi-colon, upper/lower case:
+	 *   &aa;
+	 *   &aaa;
+	 *   &aaaa;
+	 *   &aaaaa;
+	 *   &aaaaaa;
+	 *   &aaaaaaa;
+	 *
+	 * @param input
+	 * 		A string containing a named entity like &quot;
+	 * @return
+	 * 		Returns the decoded version of the character starting at index, or null if no decoding is possible.
+	 */
+	private Character getNamedEntity( PushbackString input ) {
+		StringBuilder possible = new StringBuilder();
+		Map.Entry<CharSequence,Character> entry;
+		int len;
+		
+		// kludge around PushbackString....
+		len = Math.min(input.remainder().length(), entityToCharacterTrie.getMaxKeyLength());
+		for(int i=0;i<len;i++)
+			possible.append(input.next());
+
+		// look up the longest match
+		entry = entityToCharacterTrie.getLongestMatch(possible);
+		if(entry == null) {
+			// We are lowercasing & comparing the result because of this all the upper case named entities are getting converted lowercase named entities.
+			// check is there any exact match https://github.com/ESAPI/esapi-java-legacy/issues/302
+			String possibleString = possible.toString();
+			String possibleStringLowerCase = possibleString.toLowerCase();
+		        if(!possibleString.equals(possibleStringLowerCase)) {
+		           Map.Entry<CharSequence,Character> exactEntry = entityToCharacterTrie.getLongestMatch(possibleStringLowerCase);
+		           if(exactEntry != null) entry = exactEntry;
+		        }
+		        if(entry == null) return null; // no match, caller will reset input
+		}
+
+		// fixup input
+		input.reset();
+		input.next();	// read &
+		len = entry.getKey().length();	// what matched's length
+		for(int i=0;i<len;i++)
+			input.next();
+
+		// check for a trailing semicolen
+		if(input.peek(';'))
+			input.next();
+
+		return entry.getValue();
+	}
+
+	/**
+	 * Build a unmodifiable Map from entity Character to Name.
+	 * @return Unmodifiable map.
+	 */
+	private static synchronized Map<Character,String> mkCharacterToEntityMap()
+	{
+		Map<Character, String> map = new HashMap<Character,String>(252);
+
+		map.put((char)34,	"quot");	/* quotation mark */
+		map.put((char)38,	"amp");		/* ampersand */
+		map.put((char)60,	"lt");		/* less-than sign */
+		map.put((char)62,	"gt");		/* greater-than sign */
+		map.put((char)160,	"nbsp");	/* no-break space */
+		map.put((char)161,	"iexcl");	/* inverted exclamation mark */
+		map.put((char)162,	"cent");	/* cent sign */
+		map.put((char)163,	"pound");	/* pound sign */
+		map.put((char)164,	"curren");	/* currency sign */
+		map.put((char)165,	"yen");		/* yen sign */
+		map.put((char)166,	"brvbar");	/* broken bar */
+		map.put((char)167,	"sect");	/* section sign */
+		map.put((char)168,	"uml");		/* diaeresis */
+		map.put((char)169,	"copy");	/* copyright sign */
+		map.put((char)170,	"ordf");	/* feminine ordinal indicator */
+		map.put((char)171,	"laquo");	/* left-pointing double angle quotation mark */
+		map.put((char)172,	"not");		/* not sign */
+		map.put((char)173,	"shy");		/* soft hyphen */
+		map.put((char)174,	"reg");		/* registered sign */
+		map.put((char)175,	"macr");	/* macron */
+		map.put((char)176,	"deg");		/* degree sign */
+		map.put((char)177,	"plusmn");	/* plus-minus sign */
+		map.put((char)178,	"sup2");	/* superscript two */
+		map.put((char)179,	"sup3");	/* superscript three */
+		map.put((char)180,	"acute");	/* acute accent */
+		map.put((char)181,	"micro");	/* micro sign */
+		map.put((char)182,	"para");	/* pilcrow sign */
+		map.put((char)183,	"middot");	/* middle dot */
+		map.put((char)184,	"cedil");	/* cedilla */
+		map.put((char)185,	"sup1");	/* superscript one */
+		map.put((char)186,	"ordm");	/* masculine ordinal indicator */
+		map.put((char)187,	"raquo");	/* right-pointing double angle quotation mark */
+		map.put((char)188,	"frac14");	/* vulgar fraction one quarter */
+		map.put((char)189,	"frac12");	/* vulgar fraction one half */
+		map.put((char)190,	"frac34");	/* vulgar fraction three quarters */
+		map.put((char)191,	"iquest");	/* inverted question mark */
+		map.put((char)192,	"Agrave");	/* Latin capital letter a with grave */
+		map.put((char)193,	"Aacute");	/* Latin capital letter a with acute */
+		map.put((char)194,	"Acirc");	/* Latin capital letter a with circumflex */
+		map.put((char)195,	"Atilde");	/* Latin capital letter a with tilde */
+		map.put((char)196,	"Auml");	/* Latin capital letter a with diaeresis */
+		map.put((char)197,	"Aring");	/* Latin capital letter a with ring above */
+		map.put((char)198,	"AElig");	/* Latin capital letter ae */
+		map.put((char)199,	"Ccedil");	/* Latin capital letter c with cedilla */
+		map.put((char)200,	"Egrave");	/* Latin capital letter e with grave */
+		map.put((char)201,	"Eacute");	/* Latin capital letter e with acute */
+		map.put((char)202,	"Ecirc");	/* Latin capital letter e with circumflex */
+		map.put((char)203,	"Euml");	/* Latin capital letter e with diaeresis */
+		map.put((char)204,	"Igrave");	/* Latin capital letter i with grave */
+		map.put((char)205,	"Iacute");	/* Latin capital letter i with acute */
+		map.put((char)206,	"Icirc");	/* Latin capital letter i with circumflex */
+		map.put((char)207,	"Iuml");	/* Latin capital letter i with diaeresis */
+		map.put((char)208,	"ETH");		/* Latin capital letter eth */
+		map.put((char)209,	"Ntilde");	/* Latin capital letter n with tilde */
+		map.put((char)210,	"Ograve");	/* Latin capital letter o with grave */
+		map.put((char)211,	"Oacute");	/* Latin capital letter o with acute */
+		map.put((char)212,	"Ocirc");	/* Latin capital letter o with circumflex */
+		map.put((char)213,	"Otilde");	/* Latin capital letter o with tilde */
+		map.put((char)214,	"Ouml");	/* Latin capital letter o with diaeresis */
+		map.put((char)215,	"times");	/* multiplication sign */
+		map.put((char)216,	"Oslash");	/* Latin capital letter o with stroke */
+		map.put((char)217,	"Ugrave");	/* Latin capital letter u with grave */
+		map.put((char)218,	"Uacute");	/* Latin capital letter u with acute */
+		map.put((char)219,	"Ucirc");	/* Latin capital letter u with circumflex */
+		map.put((char)220,	"Uuml");	/* Latin capital letter u with diaeresis */
+		map.put((char)221,	"Yacute");	/* Latin capital letter y with acute */
+		map.put((char)222,	"THORN");	/* Latin capital letter thorn */
+		map.put((char)223,	"szlig");	/* Latin small letter sharp sXCOMMAX German Eszett */
+		map.put((char)224,	"agrave");	/* Latin small letter a with grave */
+		map.put((char)225,	"aacute");	/* Latin small letter a with acute */
+		map.put((char)226,	"acirc");	/* Latin small letter a with circumflex */
+		map.put((char)227,	"atilde");	/* Latin small letter a with tilde */
+		map.put((char)228,	"auml");	/* Latin small letter a with diaeresis */
+		map.put((char)229,	"aring");	/* Latin small letter a with ring above */
+		map.put((char)230,	"aelig");	/* Latin lowercase ligature ae */
+		map.put((char)231,	"ccedil");	/* Latin small letter c with cedilla */
+		map.put((char)232,	"egrave");	/* Latin small letter e with grave */
+		map.put((char)233,	"eacute");	/* Latin small letter e with acute */
+		map.put((char)234,	"ecirc");	/* Latin small letter e with circumflex */
+		map.put((char)235,	"euml");	/* Latin small letter e with diaeresis */
+		map.put((char)236,	"igrave");	/* Latin small letter i with grave */
+		map.put((char)237,	"iacute");	/* Latin small letter i with acute */
+		map.put((char)238,	"icirc");	/* Latin small letter i with circumflex */
+		map.put((char)239,	"iuml");	/* Latin small letter i with diaeresis */
+		map.put((char)240,	"eth");		/* Latin small letter eth */
+		map.put((char)241,	"ntilde");	/* Latin small letter n with tilde */
+		map.put((char)242,	"ograve");	/* Latin small letter o with grave */
+		map.put((char)243,	"oacute");	/* Latin small letter o with acute */
+		map.put((char)244,	"ocirc");	/* Latin small letter o with circumflex */
+		map.put((char)245,	"otilde");	/* Latin small letter o with tilde */
+		map.put((char)246,	"ouml");	/* Latin small letter o with diaeresis */
+		map.put((char)247,	"divide");	/* division sign */
+		map.put((char)248,	"oslash");	/* Latin small letter o with stroke */
+		map.put((char)249,	"ugrave");	/* Latin small letter u with grave */
+		map.put((char)250,	"uacute");	/* Latin small letter u with acute */
+		map.put((char)251,	"ucirc");	/* Latin small letter u with circumflex */
+		map.put((char)252,	"uuml");	/* Latin small letter u with diaeresis */
+		map.put((char)253,	"yacute");	/* Latin small letter y with acute */
+		map.put((char)254,	"thorn");	/* Latin small letter thorn */
+		map.put((char)255,	"yuml");	/* Latin small letter y with diaeresis */
+		map.put((char)338,	"OElig");	/* Latin capital ligature oe */
+		map.put((char)339,	"oelig");	/* Latin small ligature oe */
+		map.put((char)352,	"Scaron");	/* Latin capital letter s with caron */
+		map.put((char)353,	"scaron");	/* Latin small letter s with caron */
+		map.put((char)376,	"Yuml");	/* Latin capital letter y with diaeresis */
+		map.put((char)402,	"fnof");	/* Latin small letter f with hook */
+		map.put((char)710,	"circ");	/* modifier letter circumflex accent */
+		map.put((char)732,	"tilde");	/* small tilde */
+		map.put((char)913,	"Alpha");	/* Greek capital letter alpha */
+		map.put((char)914,	"Beta");	/* Greek capital letter beta */
+		map.put((char)915,	"Gamma");	/* Greek capital letter gamma */
+		map.put((char)916,	"Delta");	/* Greek capital letter delta */
+		map.put((char)917,	"Epsilon");	/* Greek capital letter epsilon */
+		map.put((char)918,	"Zeta");	/* Greek capital letter zeta */
+		map.put((char)919,	"Eta");		/* Greek capital letter eta */
+		map.put((char)920,	"Theta");	/* Greek capital letter theta */
+		map.put((char)921,	"Iota");	/* Greek capital letter iota */
+		map.put((char)922,	"Kappa");	/* Greek capital letter kappa */
+		map.put((char)923,	"Lambda");	/* Greek capital letter lambda */
+		map.put((char)924,	"Mu");		/* Greek capital letter mu */
+		map.put((char)925,	"Nu");		/* Greek capital letter nu */
+		map.put((char)926,	"Xi");		/* Greek capital letter xi */
+		map.put((char)927,	"Omicron");	/* Greek capital letter omicron */
+		map.put((char)928,	"Pi");		/* Greek capital letter pi */
+		map.put((char)929,	"Rho");		/* Greek capital letter rho */
+		map.put((char)931,	"Sigma");	/* Greek capital letter sigma */
+		map.put((char)932,	"Tau");		/* Greek capital letter tau */
+		map.put((char)933,	"Upsilon");	/* Greek capital letter upsilon */
+		map.put((char)934,	"Phi");		/* Greek capital letter phi */
+		map.put((char)935,	"Chi");		/* Greek capital letter chi */
+		map.put((char)936,	"Psi");		/* Greek capital letter psi */
+		map.put((char)937,	"Omega");	/* Greek capital letter omega */
+		map.put((char)945,	"alpha");	/* Greek small letter alpha */
+		map.put((char)946,	"beta");	/* Greek small letter beta */
+		map.put((char)947,	"gamma");	/* Greek small letter gamma */
+		map.put((char)948,	"delta");	/* Greek small letter delta */
+		map.put((char)949,	"epsilon");	/* Greek small letter epsilon */
+		map.put((char)950,	"zeta");	/* Greek small letter zeta */
+		map.put((char)951,	"eta");		/* Greek small letter eta */
+		map.put((char)952,	"theta");	/* Greek small letter theta */
+		map.put((char)953,	"iota");	/* Greek small letter iota */
+		map.put((char)954,	"kappa");	/* Greek small letter kappa */
+		map.put((char)955,	"lambda");	/* Greek small letter lambda */
+		map.put((char)956,	"mu");		/* Greek small letter mu */
+		map.put((char)957,	"nu");		/* Greek small letter nu */
+		map.put((char)958,	"xi");		/* Greek small letter xi */
+		map.put((char)959,	"omicron");	/* Greek small letter omicron */
+		map.put((char)960,	"pi");		/* Greek small letter pi */
+		map.put((char)961,	"rho");		/* Greek small letter rho */
+		map.put((char)962,	"sigmaf");	/* Greek small letter final sigma */
+		map.put((char)963,	"sigma");	/* Greek small letter sigma */
+		map.put((char)964,	"tau");		/* Greek small letter tau */
+		map.put((char)965,	"upsilon");	/* Greek small letter upsilon */
+		map.put((char)966,	"phi");		/* Greek small letter phi */
+		map.put((char)967,	"chi");		/* Greek small letter chi */
+		map.put((char)968,	"psi");		/* Greek small letter psi */
+		map.put((char)969,	"omega");	/* Greek small letter omega */
+		map.put((char)977,	"thetasym");	/* Greek theta symbol */
+		map.put((char)978,	"upsih");	/* Greek upsilon with hook symbol */
+		map.put((char)982,	"piv");		/* Greek pi symbol */
+		map.put((char)8194,	"ensp");	/* en space */
+		map.put((char)8195,	"emsp");	/* em space */
+		map.put((char)8201,	"thinsp");	/* thin space */
+		map.put((char)8204,	"zwnj");	/* zero width non-joiner */
+		map.put((char)8205,	"zwj");		/* zero width joiner */
+		map.put((char)8206,	"lrm");		/* left-to-right mark */
+		map.put((char)8207,	"rlm");		/* right-to-left mark */
+		map.put((char)8211,	"ndash");	/* en dash */
+		map.put((char)8212,	"mdash");	/* em dash */
+		map.put((char)8216,	"lsquo");	/* left single quotation mark */
+		map.put((char)8217,	"rsquo");	/* right single quotation mark */
+		map.put((char)8218,	"sbquo");	/* single low-9 quotation mark */
+		map.put((char)8220,	"ldquo");	/* left double quotation mark */
+		map.put((char)8221,	"rdquo");	/* right double quotation mark */
+		map.put((char)8222,	"bdquo");	/* double low-9 quotation mark */
+		map.put((char)8224,	"dagger");	/* dagger */
+		map.put((char)8225,	"Dagger");	/* double dagger */
+		map.put((char)8226,	"bull");	/* bullet */
+		map.put((char)8230,	"hellip");	/* horizontal ellipsis */
+		map.put((char)8240,	"permil");	/* per mille sign */
+		map.put((char)8242,	"prime");	/* prime */
+		map.put((char)8243,	"Prime");	/* double prime */
+		map.put((char)8249,	"lsaquo");	/* single left-pointing angle quotation mark */
+		map.put((char)8250,	"rsaquo");	/* single right-pointing angle quotation mark */
+		map.put((char)8254,	"oline");	/* overline */
+		map.put((char)8260,	"frasl");	/* fraction slash */
+		map.put((char)8364,	"euro");	/* euro sign */
+		map.put((char)8465,	"image");	/* black-letter capital i */
+		map.put((char)8472,	"weierp");	/* script capital pXCOMMAX Weierstrass p */
+		map.put((char)8476,	"real");	/* black-letter capital r */
+		map.put((char)8482,	"trade");	/* trademark sign */
+		map.put((char)8501,	"alefsym");	/* alef symbol */
+		map.put((char)8592,	"larr");	/* leftwards arrow */
+		map.put((char)8593,	"uarr");	/* upwards arrow */
+		map.put((char)8594,	"rarr");	/* rightwards arrow */
+		map.put((char)8595,	"darr");	/* downwards arrow */
+		map.put((char)8596,	"harr");	/* left right arrow */
+		map.put((char)8629,	"crarr");	/* downwards arrow with corner leftwards */
+		map.put((char)8656,	"lArr");	/* leftwards double arrow */
+		map.put((char)8657,	"uArr");	/* upwards double arrow */
+		map.put((char)8658,	"rArr");	/* rightwards double arrow */
+		map.put((char)8659,	"dArr");	/* downwards double arrow */
+		map.put((char)8660,	"hArr");	/* left right double arrow */
+		map.put((char)8704,	"forall");	/* for all */
+		map.put((char)8706,	"part");	/* partial differential */
+		map.put((char)8707,	"exist");	/* there exists */
+		map.put((char)8709,	"empty");	/* empty set */
+		map.put((char)8711,	"nabla");	/* nabla */
+		map.put((char)8712,	"isin");	/* element of */
+		map.put((char)8713,	"notin");	/* not an element of */
+		map.put((char)8715,	"ni");		/* contains as member */
+		map.put((char)8719,	"prod");	/* n-ary product */
+		map.put((char)8721,	"sum");		/* n-ary summation */
+		map.put((char)8722,	"minus");	/* minus sign */
+		map.put((char)8727,	"lowast");	/* asterisk operator */
+		map.put((char)8730,	"radic");	/* square root */
+		map.put((char)8733,	"prop");	/* proportional to */
+		map.put((char)8734,	"infin");	/* infinity */
+		map.put((char)8736,	"ang");		/* angle */
+		map.put((char)8743,	"and");		/* logical and */
+		map.put((char)8744,	"or");		/* logical or */
+		map.put((char)8745,	"cap");		/* intersection */
+		map.put((char)8746,	"cup");		/* union */
+		map.put((char)8747,	"int");		/* integral */
+		map.put((char)8756,	"there4");	/* therefore */
+		map.put((char)8764,	"sim");		/* tilde operator */
+		map.put((char)8773,	"cong");	/* congruent to */
+		map.put((char)8776,	"asymp");	/* almost equal to */
+		map.put((char)8800,	"ne");		/* not equal to */
+		map.put((char)8801,	"equiv");	/* identical toXCOMMAX equivalent to */
+		map.put((char)8804,	"le");		/* less-than or equal to */
+		map.put((char)8805,	"ge");		/* greater-than or equal to */
+		map.put((char)8834,	"sub");		/* subset of */
+		map.put((char)8835,	"sup");		/* superset of */
+		map.put((char)8836,	"nsub");	/* not a subset of */
+		map.put((char)8838,	"sube");	/* subset of or equal to */
+		map.put((char)8839,	"supe");	/* superset of or equal to */
+		map.put((char)8853,	"oplus");	/* circled plus */
+		map.put((char)8855,	"otimes");	/* circled times */
+		map.put((char)8869,	"perp");	/* up tack */
+		map.put((char)8901,	"sdot");	/* dot operator */
+		map.put((char)8968,	"lceil");	/* left ceiling */
+		map.put((char)8969,	"rceil");	/* right ceiling */
+		map.put((char)8970,	"lfloor");	/* left floor */
+		map.put((char)8971,	"rfloor");	/* right floor */
+		map.put((char)9001,	"lang");	/* left-pointing angle bracket */
+		map.put((char)9002,	"rang");	/* right-pointing angle bracket */
+		map.put((char)9674,	"loz");		/* lozenge */
+		map.put((char)9824,	"spades");	/* black spade suit */
+		map.put((char)9827,	"clubs");	/* black club suit */
+		map.put((char)9829,	"hearts");	/* black heart suit */
+		map.put((char)9830,	"diams");	/* black diamond suit */
+
+		return Collections.unmodifiableMap(map);
+	}
+
+	/**
+	 * Build a unmodifiable Trie from entitiy Name to Character
+	 * @return Unmodifiable trie.
+	 */
+	private static synchronized Trie<Character> mkEntityToCharacterTrie()
+	{
+		Trie<Character> trie = new HashTrie<Character>();
+
+		for(Map.Entry<Character,String> entry : characterToEntityMap.entrySet())
+			trie.put(entry.getValue(),entry.getKey());
+		return Trie.Util.unmodifiable(trie);
+	}
+}

From 524950f2eaa65dbadd1583c2ed84e14b921893e7 Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Mon, 7 Aug 2017 19:51:26 -0700
Subject: [PATCH 445/812] Issue #300 -- Brought back a slightly modified
 version of the old HTMLEntityCodec for backwards compatability purposes.

---
 .../java/org/owasp/esapi/codecs/LegacyHTMLEntityCodec.java | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/main/java/org/owasp/esapi/codecs/LegacyHTMLEntityCodec.java b/src/main/java/org/owasp/esapi/codecs/LegacyHTMLEntityCodec.java
index e35296b62..57e5cb6b8 100644
--- a/src/main/java/org/owasp/esapi/codecs/LegacyHTMLEntityCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/LegacyHTMLEntityCodec.java
@@ -20,6 +20,12 @@
 import java.util.Map;
 
 /**
+ * 
+ * This class is DEPRECATED.  It did not correctly handle encoding of non-BMP
+ * unicode code points.  This class is provided solely for any fatal bugs
+ * not accounted for in the new version and will be removed entirely in
+ * a future release.  
+ * 
  * Implementation of the Codec interface for HTML entity encoding.
  * 
  * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
@@ -27,6 +33,7 @@
  * @since June 1, 2007
  * @see org.owasp.esapi.Encoder
  */
+@Deprecated
 public class LegacyHTMLEntityCodec extends AbstractCharacterCodec {
 	
 	private static final char REPLACEMENT_CHAR = '\ufffd';

From 31b7fa68fb89d21ae56b7bb4b024e3a616056904 Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Mon, 7 Aug 2017 23:22:53 -0700
Subject: [PATCH 446/812] Issue #300 -- Addressed a review comment.

---
 src/main/java/org/owasp/esapi/codecs/AbstractCodec.java | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/codecs/AbstractCodec.java b/src/main/java/org/owasp/esapi/codecs/AbstractCodec.java
index 236125497..99188bc1b 100644
--- a/src/main/java/org/owasp/esapi/codecs/AbstractCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/AbstractCodec.java
@@ -121,9 +121,11 @@ public String getHexForNonAlphanumeric(char c)
 	 */
 	public String getHexForNonAlphanumeric(int c)
 	{
-		if(c<0xFF)
+		if(c<0xFF){
 			return hex[c];
-		return toHex(c);
+		}else{
+			return toHex(c);
+		}
 	}
 
 	public String toOctal(char c)

From 4c92b64ca3d64ca7b8801f52203689315ec803a6 Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Tue, 8 Aug 2017 22:50:15 -0700
Subject: [PATCH 447/812] Issue #300 -- Added OWASP file headers, and did some
 lexical cleanup on if statements.

---
 .../esapi/codecs/AbstractCharacterCodec.java  | 26 +++++++
 .../org/owasp/esapi/codecs/AbstractCodec.java |  6 +-
 .../esapi/codecs/AbstractIntegerCodec.java    | 28 +++++++
 .../codecs/AbstractPushbackSequence.java      | 29 ++++++++
 .../java/org/owasp/esapi/codecs/Codec.java    |  3 +
 .../owasp/esapi/codecs/HTMLEntityCodec.java   | 11 ++-
 .../owasp/esapi/codecs/PushbackSequence.java  | 18 ++++-
 .../owasp/esapi/codecs/PushbackString.java    | 73 +++++++++++++------
 8 files changed, 164 insertions(+), 30 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/codecs/AbstractCharacterCodec.java b/src/main/java/org/owasp/esapi/codecs/AbstractCharacterCodec.java
index 5868d2bc0..ed73e4bd9 100644
--- a/src/main/java/org/owasp/esapi/codecs/AbstractCharacterCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/AbstractCharacterCodec.java
@@ -1,5 +1,31 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2017 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Matt Seil (mseil .at. owasp.org)
+ * @created 2017
+ * 
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+
 package org.owasp.esapi.codecs;
 
+/**
+ * 
+ * This abstract Impl is broken off from the original {@code Codec} class and 
+ * provides the {@code Character} parsing logic that has been with ESAPI from the beginning.  
+ *
+ */
 public abstract class AbstractCharacterCodec extends AbstractCodec<Character> {
 	/* (non-Javadoc)
 	 * @see org.owasp.esapi.codecs.Codec#decode(java.lang.String)
diff --git a/src/main/java/org/owasp/esapi/codecs/AbstractCodec.java b/src/main/java/org/owasp/esapi/codecs/AbstractCodec.java
index 99188bc1b..d6ee5ffcf 100644
--- a/src/main/java/org/owasp/esapi/codecs/AbstractCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/AbstractCodec.java
@@ -5,13 +5,13 @@
  * Enterprise Security API (ESAPI) project. For details, please see
  * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
  *
- * Copyright (c) 2007 - The OWASP Foundation
+ * Copyright (c) 2017 - The OWASP Foundation
  * 
  * The ESAPI is published by OWASP under the BSD license. You should read and accept the
  * LICENSE before you use, modify, and/or redistribute this software.
  * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
+ * @author Matt Seil (mseil .at. owasp.org)
+ * @created 2017
  */
 package org.owasp.esapi.codecs;
 
diff --git a/src/main/java/org/owasp/esapi/codecs/AbstractIntegerCodec.java b/src/main/java/org/owasp/esapi/codecs/AbstractIntegerCodec.java
index f43891481..6e6a9c1a9 100644
--- a/src/main/java/org/owasp/esapi/codecs/AbstractIntegerCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/AbstractIntegerCodec.java
@@ -1,5 +1,33 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2017 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Matt Seil (mseil .at. owasp.org)
+ * @created 2017
+ * 
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
 package org.owasp.esapi.codecs;
 
+/**
+ * This class is intended to be an alternative Abstract Implementation for parsing encoding
+ * data by focusing on {@code int} as opposed to {@code Character}.  Because non-BMP code
+ * points cannot be represented by a {@code char}, this class remedies that by parsing string
+ * data as codePoints as opposed to a stream of {@code char}s.
+ * 
+ * @author Matt Seil (mseil .at. owasp.org)
+ * @Created 2017 -- Adapted from Jeff Williams' original {@code Codec} class.  
+ */
 public class AbstractIntegerCodec extends AbstractCodec<Integer> {
 
 	/**
diff --git a/src/main/java/org/owasp/esapi/codecs/AbstractPushbackSequence.java b/src/main/java/org/owasp/esapi/codecs/AbstractPushbackSequence.java
index ee35478c3..bf9f78a8e 100644
--- a/src/main/java/org/owasp/esapi/codecs/AbstractPushbackSequence.java
+++ b/src/main/java/org/owasp/esapi/codecs/AbstractPushbackSequence.java
@@ -1,5 +1,34 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2017 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Matt Seil (mseil .at. owasp.org)
+ * @created 2017
+ * 
+ */
+
 package org.owasp.esapi.codecs;
 
+/**
+ * 
+ * This Abstract class provides the generic logic for using a {@code PushbackSequence}
+ * in regards to iterating strings.  The final Impl is intended for the user to supply
+ * a type {@code T} such that the pushback interface can be utilized for sequences
+ * of type {@code T}.  Presently this generic class is limited by the fact that 
+ * @{code input} is a {@code String}.  
+ *  
+ * @author Matt Seil
+ *
+ * @param <T>
+ */
 public abstract class AbstractPushbackSequence<T> implements PushbackSequence<T> {
 	protected String input;
 	protected T pushback;
diff --git a/src/main/java/org/owasp/esapi/codecs/Codec.java b/src/main/java/org/owasp/esapi/codecs/Codec.java
index c205d1b3f..5e914a4a0 100644
--- a/src/main/java/org/owasp/esapi/codecs/Codec.java
+++ b/src/main/java/org/owasp/esapi/codecs/Codec.java
@@ -26,6 +26,9 @@
  * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
  *         href="http://www.aspectsecurity.com">Aspect Security</a>
  * @since June 1, 2007
+ * 
+ * @author Matt Seil (mseil .at. owasp.org) 
+ * @since June 1, 2017
  * @see org.owasp.esapi.Encoder
  */
 public interface Codec<T> {
diff --git a/src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java b/src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java
index 14564372f..fd2c866cc 100644
--- a/src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java
@@ -5,12 +5,16 @@
  * Enterprise Security API (ESAPI) project. For details, please see
  * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
  *
- * Copyright (c) 2007 - The OWASP Foundation
+ * Copyright (c) 2017 - The OWASP Foundation
  * 
  * The ESAPI is published by OWASP under the BSD license. You should read and accept the
  * LICENSE before you use, modify, and/or redistribute this software.
  * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author Matt Seil (mseil .at. owasp.org)
+ * @created 2017 
+ * 
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
  * @created 2007
  */
 package org.owasp.esapi.codecs;
@@ -26,6 +30,9 @@
  * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
  *         href="http://www.aspectsecurity.com">Aspect Security</a>
  * @since June 1, 2007
+ * 
+ * @author Matt Seil (mseil .at. owasp.org) (mseil .at. owasp.org) 
+ * 
  * @see org.owasp.esapi.Encoder
  */
 public class HTMLEntityCodec extends AbstractIntegerCodec
diff --git a/src/main/java/org/owasp/esapi/codecs/PushbackSequence.java b/src/main/java/org/owasp/esapi/codecs/PushbackSequence.java
index 5588ca91f..bcdbff635 100644
--- a/src/main/java/org/owasp/esapi/codecs/PushbackSequence.java
+++ b/src/main/java/org/owasp/esapi/codecs/PushbackSequence.java
@@ -1,3 +1,19 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2017 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @author Matt Seil (mseil .at. owasp.org)
+ * @created 2017
+ * 
+ */
 package org.owasp.esapi.codecs;
 
 public interface PushbackSequence<T> {
@@ -10,7 +26,7 @@ public interface PushbackSequence<T> {
 
 	/**
 	 * Get the current index of the PushbackString. Typically used in error messages.
-	 * @return The current index of the PushbackString.
+	 * @return The current index of the PushbackSequence.
 	 */
 	int index();
 
diff --git a/src/main/java/org/owasp/esapi/codecs/PushbackString.java b/src/main/java/org/owasp/esapi/codecs/PushbackString.java
index 4255045f9..103993c05 100644
--- a/src/main/java/org/owasp/esapi/codecs/PushbackString.java
+++ b/src/main/java/org/owasp/esapi/codecs/PushbackString.java
@@ -5,12 +5,16 @@
  * Enterprise Security API (ESAPI) project. For details, please see
  * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
  *
- * Copyright (c) 2007 - The OWASP Foundation
+ * Copyright (c) 2017 - The OWASP Foundation
  * 
  * The ESAPI is published by OWASP under the BSD license. You should read and accept the
  * LICENSE before you use, modify, and/or redistribute this software.
  * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @author Matt Seil (mseil .at. owasp.org)
+ * @updated 2017
+ * 
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
+ *         href="http://www.aspectsecurity.com">Aspect Security</a>
  * @created 2007
  */
 package org.owasp.esapi.codecs;
@@ -25,7 +29,7 @@
  * @since June 1, 2007
  * @see org.owasp.esapi.Encoder
  */
-public class PushbackString extends AbstractPushbackSequence<Character>{
+public class PushbackString extends AbstractPushbackSequence<Character> {
 	/**
 	 *
 	 * @param input
@@ -49,14 +53,18 @@ public int index() {
 	 * @see org.owasp.esapi.codecs.PushbackSequence#hasNext()
 	 */
 	public boolean hasNext() {
-		if (pushback != null)
+		if (pushback != null){
 			return true;
-		if (input == null)
+		}
+		if (input == null){
 			return false;
-		if (input.length() == 0)
+		}
+		if (input.length() == 0){
 			return false;
-		if (index >= input.length())
+		}
+		if (index >= input.length()){
 			return false;
+		}
 		return true;
 	}
 
@@ -71,12 +79,15 @@ public Character next() {
 			pushback = null;
 			return save;
 		}
-		if (input == null)
+		if (input == null){
 			return null;
-		if (input.length() == 0)
+		}
+		if (input.length() == 0){
 			return null;
-		if (index >= input.length())
+		}
+		if (index >= input.length()){
 			return null;
+		}
 		return Character.valueOf(input.charAt(index++));
 	}
 
@@ -87,10 +98,12 @@ public Character next() {
 	 */
 	public Character nextHex() {
 		Character c = next();
-		if (c == null)
+		if (c == null){
 			return null;
-		if (isHexDigit(c))
+		}
+		if (isHexDigit(c)){
 			return c;
+		}
 		return null;
 	}
 
@@ -101,10 +114,12 @@ public Character nextHex() {
 	 */
 	public Character nextOctal() {
 		Character c = next();
-		if (c == null)
+		if (c == null){
 			return null;
-		if (isOctalDigit(c))
+		}
+		if (isOctalDigit(c)){
 			return c;
+		}
 		return null;
 	}
 
@@ -116,8 +131,9 @@ public Character nextOctal() {
 	 * @return
 	 */
 	public static boolean isHexDigit(Character c) {
-		if (c == null)
+		if (c == null){
 			return false;
+		}
 		char ch = c.charValue();
 		return (ch >= '0' && ch <= '9') || (ch >= 'a' && ch <= 'f') || (ch >= 'A' && ch <= 'F');
 	}
@@ -129,8 +145,9 @@ public static boolean isHexDigit(Character c) {
 	 * @return
 	 */
 	public static boolean isOctalDigit(Character c) {
-		if (c == null)
+		if (c == null){
 			return false;
+		}
 		char ch = c.charValue();
 		return ch >= '0' && ch <= '7';
 	}
@@ -141,14 +158,18 @@ public static boolean isOctalDigit(Character c) {
 	 * @see org.owasp.esapi.codecs.PushbackSequence#peek()
 	 */
 	public Character peek() {
-		if (pushback != null)
+		if (pushback != null){
 			return pushback;
-		if (input == null)
+		}
+		if (input == null){
 			return null;
-		if (input.length() == 0)
+		}
+		if (input.length() == 0){
 			return null;
-		if (index >= input.length())
+		}
+		if (index >= input.length()){
 			return null;
+		}
 		return Character.valueOf(input.charAt(index));
 	}
 
@@ -158,14 +179,18 @@ public Character peek() {
 	 * @see org.owasp.esapi.codecs.PushbackSequence#peek(char)
 	 */
 	public boolean peek(Character c) {
-		if (pushback != null && pushback.charValue() == c)
+		if (pushback != null && pushback.charValue() == c){
 			return true;
-		if (input == null)
+		}
+		if (input == null){
 			return false;
-		if (input.length() == 0)
+		}
+		if (input.length() == 0){
 			return false;
-		if (index >= input.length())
+		}
+		if (index >= input.length()){
 			return false;
+		}
 		return input.charAt(index) == c;
 	}
 

From 039040686faeeed649b1ed544417731dddc08aaa Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Thu, 10 Aug 2017 00:09:18 -0700
Subject: [PATCH 448/812] Issue #300 -- implemented HTMLEntityCodec and
 affected unit tests.

---
 src/main/java/org/owasp/esapi/codecs/AbstractCodec.java     | 6 +++++-
 .../java/org/owasp/esapi/codecs/AbstractIntegerCodec.java   | 5 ++---
 src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java   | 5 +++--
 3 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/codecs/AbstractCodec.java b/src/main/java/org/owasp/esapi/codecs/AbstractCodec.java
index d6ee5ffcf..2a71c1b1c 100644
--- a/src/main/java/org/owasp/esapi/codecs/AbstractCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/AbstractCodec.java
@@ -87,7 +87,11 @@ public String encodeCharacter( char[] immune, Character c ) {
 	 */
 	@Override
 	public String encodeCharacter( char[] immune, int codePoint ) {
-		return new StringBuilder().appendCodePoint(codePoint).toString();
+		String rval = "";
+		if(Character.isValidCodePoint(codePoint)){
+			rval = new StringBuilder().appendCodePoint(codePoint).toString();
+		}
+		return rval;
 	}
 
 
diff --git a/src/main/java/org/owasp/esapi/codecs/AbstractIntegerCodec.java b/src/main/java/org/owasp/esapi/codecs/AbstractIntegerCodec.java
index 6e6a9c1a9..61dadbc76 100644
--- a/src/main/java/org/owasp/esapi/codecs/AbstractIntegerCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/AbstractIntegerCodec.java
@@ -39,10 +39,9 @@ public String decode(String input) {
 		PushbackSequence<Integer> pbs = new PushBackSequenceImpl(input);
 		while (pbs.hasNext()) {
 			Integer c = decodeCharacter(pbs);
-			if (c != null) {
+			boolean isValid = Character.isValidCodePoint(c);
+			if (c != null && isValid) {
 				sb.appendCodePoint(c);
-			} else {
-				sb.appendCodePoint(pbs.next());
 			}
 		}
 		return sb.toString();
diff --git a/src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java b/src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java
index fd2c866cc..3976d9e14 100644
--- a/src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java
@@ -203,7 +203,7 @@ private Integer parseNumber( PushbackSequence<Integer> input ) {
 			Integer c = input.peek();
 			
 			// if character is a digit then add it on and keep going
-			if ( Character.isDigit( c ) ) {
+			if ( Character.isDigit( c ) && Character.isValidCodePoint(c) ) {
 				sb.appendCodePoint( c );
 				input.next();
 				
@@ -243,6 +243,7 @@ private Integer parseHex( PushbackSequence<Integer> input ) {
 			Integer c = input.peek();
 			
 			// if character is a hex digit then add it on and keep going
+			//This statement implicitly tests for Character.isValidCodePoint(int)
 			if ( "0123456789ABCDEFabcdef".indexOf(c) != -1 ) {
 				sb.appendCodePoint( c );
 				input.next();
@@ -295,7 +296,7 @@ private Integer getNamedEntity( PushbackSequence<Integer> input ) {
 		len = Math.min(input.remainder().length(), entityToCharacterTrie.getMaxKeyLength());
 		for(int i=0;i<len;i++){
 			Integer next = input.next();
-			if(null != next){
+			if(null != next && Character.isValidCodePoint(next)){
 				possible.appendCodePoint(next);
 			}
 		}

From feedef966c17b63df80715ec5cfe056d825cb842 Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Thu, 10 Aug 2017 19:57:35 -0700
Subject: [PATCH 449/812] Issue #300 -- Added test cases with mixed BMP and non
 BMP data.

---
 .../org/owasp/esapi/codecs/AbstractCodec.java |  4 +
 .../esapi/codecs/AbstractIntegerCodec.java    |  4 +-
 .../owasp/esapi/codecs/HTMLEntityCodec.java   | 80 ++++++++-----------
 .../owasp/esapi/codecs/AbstractCodecTest.java | 16 ++--
 .../esapi/codecs/HTMLEntityCodecTest.java     | 25 ++++++
 .../owasp/esapi/reference/EncoderTest.java    |  3 +-
 6 files changed, 76 insertions(+), 56 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/codecs/AbstractCodec.java b/src/main/java/org/owasp/esapi/codecs/AbstractCodec.java
index 2a71c1b1c..b9c0ac6c7 100644
--- a/src/main/java/org/owasp/esapi/codecs/AbstractCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/AbstractCodec.java
@@ -82,6 +82,10 @@ public String encodeCharacter( char[] immune, Character c ) {
 		return ""+c;
 	}
 	
+	public String encodeCharacter(char[] immune, char c){
+		throw new IllegalArgumentException("You tried to call encodeCharacter with a char.  Nope.  Use Character instead!");
+	}
+	
 	/* (non-Javadoc)
 	 * @see org.owasp.esapi.codecs.Codec#encodeCharacter(char[], int)
 	 */
diff --git a/src/main/java/org/owasp/esapi/codecs/AbstractIntegerCodec.java b/src/main/java/org/owasp/esapi/codecs/AbstractIntegerCodec.java
index 61dadbc76..635f2f1e0 100644
--- a/src/main/java/org/owasp/esapi/codecs/AbstractIntegerCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/AbstractIntegerCodec.java
@@ -39,9 +39,11 @@ public String decode(String input) {
 		PushbackSequence<Integer> pbs = new PushBackSequenceImpl(input);
 		while (pbs.hasNext()) {
 			Integer c = decodeCharacter(pbs);
-			boolean isValid = Character.isValidCodePoint(c);
+			boolean isValid = null == c ? false:Character.isValidCodePoint(c);
 			if (c != null && isValid) {
 				sb.appendCodePoint(c);
+			}else{
+				sb.appendCodePoint(pbs.next());
 			}
 		}
 		return sb.toString();
diff --git a/src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java b/src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java
index 3976d9e14..ee7139450 100644
--- a/src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java
@@ -50,34 +50,56 @@ public class HTMLEntityCodec extends AbstractIntegerCodec
     public HTMLEntityCodec() {
 	}
 
+    /**
+     * Overrides the AbstractImpl to keep this code performing entirely at the {@code int}
+     * level.  
+     */
+	@Override
+	public String encode(char[] immune, String input) {
+		StringBuilder sb = new StringBuilder();
+		for(int offset  = 0; offset < input.length(); ){
+			final int point = input.codePointAt(offset);
+			if(Character.isValidCodePoint(point)){
+				sb.append(encodeCharacter(immune, point));	
+			}
+			offset += Character.charCount(point);
+		}
+		return sb.toString();
+	}
+	
 	/**
 	 * {@inheritDoc}
 	 * 
-     * Encodes a Character for safe use in an HTML entity field.
+     * Encodes a codePoint for safe use in an HTML entity field.
      * @param immune
      */
-	public String encodeCharacter( char[] immune, Character c ) {
+	@Override
+	public String encodeCharacter( char[] immune, int codePoint ) {
 
 		// check for immune characters
-		if ( containsCharacter(c, immune ) ) {
-			return ""+c;
+		// Cast the codePoint to a char because we want to limit immunity to the BMP field only.  
+		if ( containsCharacter( (char) codePoint, immune ) && Character.isValidCodePoint(codePoint)) {
+			return new StringBuilder().appendCodePoint(codePoint).toString();
 		}
 		
 		// check for alphanumeric characters
-		String hex = super.getHexForNonAlphanumeric(c);
-		if ( hex == null ) {
-			return ""+c;
+		String hex = super.getHexForNonAlphanumeric(codePoint);
+		if ( hex == null && Character.isValidCodePoint(codePoint)) {
+			return new StringBuilder().appendCodePoint(codePoint).toString();
 		}
-		
 		// check for illegal characters
-		if ( ( c <= 0x1f && c != '\t' && c != '\n' && c != '\r' ) || ( c >= 0x7f && c <= 0x9f ) )
+		if ( ( codePoint <= 0x1f 
+				&& codePoint != '\t' 
+				&& codePoint != '\n' 
+				&& codePoint != '\r' ) 
+				|| ( codePoint >= 0x7f && codePoint <= 0x9f ) )
 		{
 			hex = REPLACEMENT_HEX;	// Let's entity encode this instead of returning it
-			c = REPLACEMENT_CHAR;
+			codePoint = REPLACEMENT_CHAR;
 		}
 		
 		// check if there's a defined entity
-		String entityName = (String) characterToEntityMap.get(Integer.valueOf(c));
+		String entityName = (String) characterToEntityMap.get(codePoint);
 		if (entityName != null) {
 			return "&" + entityName + ";";
 		}
@@ -86,42 +108,6 @@ public String encodeCharacter( char[] immune, Character c ) {
 		return "&#x" + hex + ";";
 	}
 	
-	/**
-	 * {@inheritDoc}
-	 * 
-     * Encodes a Character for safe use in an HTML entity field.
-     * @param immune
-     */
-	public String encodeCharacter( char[] immune, int codePoint ) {
-
-		// check for immune characters
-//		if ( containsCharacter(codePoint, immune ) ) {
-//			return ""+codePoint;
-//		}
-		
-//		// check for alphanumeric characters
-		String hex = super.getHexForNonAlphanumeric(codePoint);
-//		if ( hex == null ) {
-//			return ""+c;
-//		}
-//		
-//		// check for illegal characters
-//		if ( ( c <= 0x1f && c != '\t' && c != '\n' && c != '\r' ) || ( c >= 0x7f && c <= 0x9f ) )
-//		{
-//			hex = REPLACEMENT_HEX;	// Let's entity encode this instead of returning it
-//			c = REPLACEMENT_CHAR;
-//		}
-//		
-//		// check if there's a defined entity
-//		String entityName = (String) characterToEntityMap.get(c);
-//		if (entityName != null) {
-//			return "&" + entityName + ";";
-//		}
-		
-		// return the hex entity as suggested in the spec
-		return "&#x" + hex + ";";
-	}
-	
 	/**
 	 * {@inheritDoc}
 	 * 
diff --git a/src/test/java/org/owasp/esapi/codecs/AbstractCodecTest.java b/src/test/java/org/owasp/esapi/codecs/AbstractCodecTest.java
index 1456058bd..813330ed6 100644
--- a/src/test/java/org/owasp/esapi/codecs/AbstractCodecTest.java
+++ b/src/test/java/org/owasp/esapi/codecs/AbstractCodecTest.java
@@ -137,7 +137,8 @@ public void testWindowsEncode()
 	
 	public void testHtmlEncodeChar()
 	{
-        	assertEquals( "&lt;", htmlCodec.encodeCharacter(EMPTY_CHAR_ARRAY, LESS_THAN) );
+		
+        	assertEquals( "&lt;", htmlCodec.encodeCharacter(EMPTY_CHAR_ARRAY, (int) LESS_THAN) );
 	}
 
 	public void testHtmlEncodeChar0x100()
@@ -146,12 +147,13 @@ public void testHtmlEncodeChar0x100()
 		String inStr = Character.toString(in);
 		String expected = "&#x100;";
 		String result;
-
-        	result = htmlCodec.encodeCharacter(EMPTY_CHAR_ARRAY, in);
-		// this should be escaped
-        	assertFalse(inStr.equals(result));
-		// UTF-8 encoded and then percent escaped
-        	assertEquals(expected, result);
+		//The new default for HTMLEntityCodec is ints/Integers.  Use Character/char at your own risk!
+		//Characters destroy non-BMP codepoints.  This Codec is now supposed surpass that. 
+    	result = htmlCodec.encodeCharacter(EMPTY_CHAR_ARRAY, (int) in);
+    	// this should be escaped
+    	assertFalse(inStr.equals(result));
+    	// UTF-8 encoded and then percent escaped
+    	assertEquals(expected, result);
 	}
 
 	public void testHtmlEncodeStr0x100()
diff --git a/src/test/java/org/owasp/esapi/codecs/HTMLEntityCodecTest.java b/src/test/java/org/owasp/esapi/codecs/HTMLEntityCodecTest.java
index bae3732dc..c81031692 100644
--- a/src/test/java/org/owasp/esapi/codecs/HTMLEntityCodecTest.java
+++ b/src/test/java/org/owasp/esapi/codecs/HTMLEntityCodecTest.java
@@ -23,4 +23,29 @@ public void test32BitCJK(){
 		assertEquals(false, expected.equals(bad));
 		assertEquals(expected, codec.encode(new char[0], s));
 	}
+	
+	@Test
+	public void test32BitCJKMixedWithBmp(){
+		String s = "𡘾𦴩<𥻂";
+		String expected = "&#x2163e;&#x26d29;&lt;&#x25ec2;";
+		String bad = "&#xd845;&#xde3e;&#xd85b;&#xdd29;&#xd857;&#xdec2;";
+		assertEquals(false, expected.equals(bad));
+		assertEquals(expected, codec.encode(new char[0], s));
+	}
+	
+	@Test
+	public void testDecodeforChars(){
+		String s = "!@$%()=+{}[]";
+		String expected = "!@$%()=+{}[]";
+		assertEquals(expected, codec.decode(s));
+	}
+	
+	@Test
+	public void testMixedBmpAndNonBmp(){
+		String nonBMP = new String(new int[]{0x2f804}, 0, 1);
+		String bmp = "<a";
+		String expected = "&lt;a&#x2f804;";
+		String input = bmp + nonBMP;
+		assertEquals(expected, codec.encode(new char[0], input));
+	}
 }
diff --git a/src/test/java/org/owasp/esapi/reference/EncoderTest.java b/src/test/java/org/owasp/esapi/reference/EncoderTest.java
index 64bb88ac9..631dd96b2 100644
--- a/src/test/java/org/owasp/esapi/reference/EncoderTest.java
+++ b/src/test/java/org/owasp/esapi/reference/EncoderTest.java
@@ -352,7 +352,8 @@ public void testEncodeForHTML() throws Exception {
         assertEquals("&lt;script&gt;", instance.encodeForHTML("<script>"));
         assertEquals("&amp;lt&#x3b;script&amp;gt&#x3b;", instance.encodeForHTML("&lt;script&gt;"));
         assertEquals("&#x21;&#x40;&#x24;&#x25;&#x28;&#x29;&#x3d;&#x2b;&#x7b;&#x7d;&#x5b;&#x5d;", instance.encodeForHTML("!@$%()=+{}[]"));
-        assertEquals("&#x21;&#x40;&#x24;&#x25;&#x28;&#x29;&#x3d;&#x2b;&#x7b;&#x7d;&#x5b;&#x5d;", instance.encodeForHTML(instance.canonicalize("&#33;&#64;&#36;&#37;&#40;&#41;&#61;&#43;&#123;&#125;&#91;&#93;") ) );
+        String canonicalized = instance.canonicalize("&#33;&#64;&#36;&#37;&#40;&#41;&#61;&#43;&#123;&#125;&#91;&#93;");
+        assertEquals("&#x21;&#x40;&#x24;&#x25;&#x28;&#x29;&#x3d;&#x2b;&#x7b;&#x7d;&#x5b;&#x5d;", instance.encodeForHTML( canonicalized ) );
         assertEquals(",.-_ ", instance.encodeForHTML(",.-_ "));
         assertEquals("dir&amp;", instance.encodeForHTML("dir&"));
         assertEquals("one&amp;two", instance.encodeForHTML("one&two"));

From 3f9d208d8fe4ff5b6a03f78112dec5a6a0a909eb Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Thu, 10 Aug 2017 21:49:16 -0700
Subject: [PATCH 450/812] Issue #300 -- Added documentation warnings in regards
 to the destructive nature of the codecs on non-UTF data inserted into a
 string.

---
 .../java/org/owasp/esapi/codecs/AbstractCodec.java   | 12 ++++++++++--
 src/main/java/org/owasp/esapi/codecs/Codec.java      |  3 ++-
 .../java/org/owasp/esapi/codecs/HTMLEntityCodec.java |  9 +++++++--
 3 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/codecs/AbstractCodec.java b/src/main/java/org/owasp/esapi/codecs/AbstractCodec.java
index b9c0ac6c7..8660fb7a7 100644
--- a/src/main/java/org/owasp/esapi/codecs/AbstractCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/AbstractCodec.java
@@ -51,8 +51,16 @@ public AbstractCodec() {
 		}
 	}
 
-	/* (non-Javadoc)
-	 * @see org.owasp.esapi.codecs.Codec#encode(char[], java.lang.String)
+	/**
+	 * WARNING!!  {@code Character} based Codecs will silently transform code points that are not 
+	 * legal UTF code points into garbage data as they will cast them to {@code char}s.  
+	 * </br></br>
+	 * If you are implementing an {@code Integer} based codec, these will be silently discarded
+	 * based on the return from {@code Character.isValidCodePoint( int )}.  This is the preferred
+	 * behavior moving forward.  
+	 * 
+	 * 
+	 * {@inheritDoc}
 	 */
 	@Override
 	public String encode(char[] immune, String input) {
diff --git a/src/main/java/org/owasp/esapi/codecs/Codec.java b/src/main/java/org/owasp/esapi/codecs/Codec.java
index 5e914a4a0..cd0b66f03 100644
--- a/src/main/java/org/owasp/esapi/codecs/Codec.java
+++ b/src/main/java/org/owasp/esapi/codecs/Codec.java
@@ -45,7 +45,8 @@ public interface Codec<T> {
 	/**
 	 * Default implementation that should be overridden in specific codecs.
 	 * 
-	 * @param immune
+	 * @param immune 
+	 * 		array of chars to NOT encode.  Use with caution.
 	 * @param c
 	 * 		the Character to encode
 	 * @return
diff --git a/src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java b/src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java
index ee7139450..984a02105 100644
--- a/src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java
@@ -51,8 +51,13 @@ public HTMLEntityCodec() {
 	}
 
     /**
-     * Overrides the AbstractImpl to keep this code performing entirely at the {@code int}
-     * level.  
+     * Given an array of {@code char}, scan the input {@code String} and encode unsafe
+     * codePoints, except for codePoints passed into the {@code char} array.  
+     * <br/><br/>
+     * WARNING:  This method will silently discard any code point per the 
+     * call to {@code Character.isValidCodePoint( int )} method.  
+     * 
+     * {@inheritDoc}
      */
 	@Override
 	public String encode(char[] immune, String input) {

From 3ed0a2fa4dfe43c14bbb282c0662ed6d8bbf35bd Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Thu, 10 Aug 2017 22:13:33 -0700
Subject: [PATCH 451/812] Issue #281 -- Updated unit tests with missing
 assertions.

---
 .../org/owasp/esapi/reference/SafeFileTest.java | 17 ++++++-----------
 1 file changed, 6 insertions(+), 11 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/reference/SafeFileTest.java b/src/test/java/org/owasp/esapi/reference/SafeFileTest.java
index a946bdc7c..f2acd589c 100644
--- a/src/test/java/org/owasp/esapi/reference/SafeFileTest.java
+++ b/src/test/java/org/owasp/esapi/reference/SafeFileTest.java
@@ -80,21 +80,17 @@ public void testEscapeCharactersInFilename() {
 		}
 
 		File sf = new File(testDir, "test^.file" );
-		if ( sf.exists() ) {
-			System.out.println( "  Injection allowed "+ sf.getAbsolutePath() );
-		} else {
-			System.out.println( "  Injection didn't work "+ sf.getAbsolutePath() );
-		}
+	    assertFalse("Injection didn't work " + sf.getAbsolutePath(),
+	            sf.exists());
+	    assertTrue("  Injection allowed " + sf.getAbsolutePath(), sf.exists());
 	}
 
 	public void testEscapeCharacterInDirectoryInjection() {
 		System.out.println("testEscapeCharacterInDirectoryInjection");
 		File sf = new File(testDir, "test\\^.^.\\file");
-		if ( sf.exists() ) {
-			System.out.println( "  Injection allowed "+ sf.getAbsolutePath() );
-		} else {
-			System.out.println( "  Injection didn't work "+ sf.getAbsolutePath() );
-		}
+		assertFalse("  Injection didn't work " + sf.getAbsolutePath(),
+	            sf.exists());
+	    assertTrue("  Injection allowed " + sf.getAbsolutePath(), sf.exists());
 	}
 
 	public void testJavaFileInjectionGood() throws ValidationException
@@ -275,5 +271,4 @@ public void testCreateParentPercentNull()
 			// expected
 		}
 	}
-
 }

From 98aaaa06cb7ba37f932c7db26cb967d92695d23f Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Thu, 10 Aug 2017 22:20:00 -0700
Subject: [PATCH 452/812] Issue #278 -- Added default local to date test to
 avoid non-us unit test failures.

---
 src/test/java/org/owasp/esapi/reference/ValidatorTest.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
index f5a8fb330..8fb0a2e8a 100644
--- a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
+++ b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
@@ -142,7 +142,7 @@ public void testGetValidDate() throws Exception {
     	// TODO: This test case fails due to an apparent bug in SimpleDateFormat
     	// Note: This seems to be fixed in JDK 6. Will leave it commented out since
     	//		 we only require JDK 5. -kww
-    	instance.getValidDate("test", "June 32, 2008", DateFormat.getDateInstance(), false, errors);
+    	instance.getValidDate("test", "June 32, 2008", DateFormat.getDateInstance(DateFormat.DEFAULT, Locale.US), false, errors);
     	// assertEquals( 2, errors.size() );
     }
     

From c27d5e06cd11034cf2f5529da023b4d2ca43c72a Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Fri, 11 Aug 2017 18:34:04 -0700
Subject: [PATCH 453/812] Issue #281 -- added windows escape char to blacklist
 in SafeFile to adhere to intended contract.

---
 src/main/java/org/owasp/esapi/SafeFile.java   |  8 ++--
 .../owasp/esapi/reference/SafeFileTest.java   | 44 ++++++++++++-------
 2 files changed, 33 insertions(+), 19 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/SafeFile.java b/src/main/java/org/owasp/esapi/SafeFile.java
index 6a4f239c5..7df86bb38 100644
--- a/src/main/java/org/owasp/esapi/SafeFile.java
+++ b/src/main/java/org/owasp/esapi/SafeFile.java
@@ -32,8 +32,8 @@ public class SafeFile extends File {
 
 	private static final long serialVersionUID = 1L;
 	private static final Pattern PERCENTS_PAT = Pattern.compile("(%)([0-9a-fA-F])([0-9a-fA-F])");	
-	private static final Pattern FILE_BLACKLIST_PAT = Pattern.compile("([\\\\/:*?<>|])");	
-	private static final Pattern DIR_BLACKLIST_PAT = Pattern.compile("([*?<>|])");
+	private static final Pattern FILE_BLACKLIST_PAT = Pattern.compile("([\\\\/:*?<>|^])");	
+	private static final Pattern DIR_BLACKLIST_PAT = Pattern.compile("([*?<>|^])");
 
 	public SafeFile(String path) throws ValidationException {
 		super(path);
@@ -62,12 +62,12 @@ public SafeFile(URI uri) throws ValidationException {
 	
 	private void doDirCheck(String path) throws ValidationException {
 		Matcher m1 = DIR_BLACKLIST_PAT.matcher( path );
-		if ( m1.find() ) {
+		if ( null != m1 && m1.find() ) {
 			throw new ValidationException( "Invalid directory", "Directory path (" + path + ") contains illegal character: " + m1.group() );
 		}
 
 		Matcher m2 = PERCENTS_PAT.matcher( path );
-		if ( m2.find() ) {
+		if (null != m2 &&  m2.find() ) {
 			throw new ValidationException( "Invalid directory", "Directory path (" + path + ") contains encoded characters: " + m2.group() );
 		}
 		
diff --git a/src/test/java/org/owasp/esapi/reference/SafeFileTest.java b/src/test/java/org/owasp/esapi/reference/SafeFileTest.java
index f2acd589c..923b75ec0 100644
--- a/src/test/java/org/owasp/esapi/reference/SafeFileTest.java
+++ b/src/test/java/org/owasp/esapi/reference/SafeFileTest.java
@@ -16,19 +16,17 @@
 package org.owasp.esapi.reference;
 
 import java.io.File;
-import java.net.URI;
-import java.net.URLDecoder;
 import java.util.Iterator;
 import java.util.Set;
 
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-
 import org.owasp.esapi.SafeFile;
 import org.owasp.esapi.errors.ValidationException;
-import org.owasp.esapi.util.FileTestUtils;
 import org.owasp.esapi.util.CollectionsUtil;
+import org.owasp.esapi.util.FileTestUtils;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
 
 /**
  * @author Jeff Williams (jeff.williams@aspectsecurity.com)
@@ -79,18 +77,21 @@ public void testEscapeCharactersInFilename() {
 			System.out.println( "File is there: " + tf );
 		}
 
-		File sf = new File(testDir, "test^.file" );
-	    assertFalse("Injection didn't work " + sf.getAbsolutePath(),
-	            sf.exists());
-	    assertTrue("  Injection allowed " + sf.getAbsolutePath(), sf.exists());
+		try {
+			File sf = new SafeFile(testDir, "test^.file" );
+		} catch (ValidationException e) {
+			assertEquals("Invalid directory", e.getMessage());
+		}
+	    
 	}
 
 	public void testEscapeCharacterInDirectoryInjection() {
 		System.out.println("testEscapeCharacterInDirectoryInjection");
-		File sf = new File(testDir, "test\\^.^.\\file");
-		assertFalse("  Injection didn't work " + sf.getAbsolutePath(),
-	            sf.exists());
-	    assertTrue("  Injection allowed " + sf.getAbsolutePath(), sf.exists());
+		try {
+			File sf = new SafeFile(testDir, "test\\^.^.\\file");
+		} catch (ValidationException e) {
+			assertEquals("Invalid directory", e.getMessage());
+		}
 	}
 
 	public void testJavaFileInjectionGood() throws ValidationException
@@ -271,4 +272,17 @@ public void testCreateParentPercentNull()
 			// expected
 		}
 	}
+	
+	public final void testSafeFileShouldAcceptEmptyPath() throws ValidationException
+	{
+		String filename = "hello.txt";
+		//API dictates that NPE should be thrown.
+		try{
+			SafeFile file = new SafeFile(filename);
+		}catch(NullPointerException npe){
+			assertNotNull(npe);
+		}
+		
+
+	}
 }

From a663a4be2ff75b05e283e1365c8812c71d0570af Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Thu, 17 Aug 2017 17:03:45 -0700
Subject: [PATCH 454/812] Catching up ESAPI.properties prod and test version.

---
 configuration/esapi/ESAPI.properties | 51 ++++++++++++++++++++++------
 1 file changed, 41 insertions(+), 10 deletions(-)

diff --git a/configuration/esapi/ESAPI.properties b/configuration/esapi/ESAPI.properties
index f98cc5a49..82d7fad92 100644
--- a/configuration/esapi/ESAPI.properties
+++ b/configuration/esapi/ESAPI.properties
@@ -319,8 +319,30 @@ HttpUtilities.ForceHttpOnlySession=false
 HttpUtilities.ForceSecureSession=false
 HttpUtilities.ForceHttpOnlyCookies=true
 HttpUtilities.ForceSecureCookies=true
-# Maximum size of HTTP headers
-HttpUtilities.MaxHeaderSize=4096
+# Maximum size of HTTP header key--the validator regex may have additional values. 
+HttpUtilities.MaxHeaderNameSize=256
+# Maximum size of HTTP header value--the validator regex may have additional values. 
+HttpUtilities.MaxHeaderValueSize=4096
+# Maximum size of JSESSIONID for the application--the validator regex may have additional values.  
+HttpUtilities.HTTPJSESSIONIDLENGTH=50
+# Maximum length of a URL (see https://stackoverflow.com/questions/417142/what-is-the-maximum-length-of-a-url-in-different-browsers)
+HttpUtilities.URILENGTH=2000
+# Maximum length of a redirect 
+HttpUtilities.maxRedirectLength=512
+# Maximum length for an http scheme
+HttpUtilities.HTTPSCHEMELENGTH=10
+# Maximum length for an http host
+HttpUtilities.HTTPHOSTLENGTH=100
+# Maximum length for an http path
+HttpUtilities.HTTPPATHLENGTH=150
+#Maximum length for a context path 
+HttpUtilities.contextPathLength=150
+#Maximum length for an httpServletPath 
+HttpUtilities.HTTPSERVLETPATHLENGTH=100
+#Maximum length for an http query parameter name
+HttpUtilities.httpQueryParamNameLength=100
+#Maximum length for an http query parameter -- old default was 2000, but that's the max length for a URL...
+HttpUtilities.httpQueryParamValueLength=500
 # File upload configuration
 HttpUtilities.ApprovedUploadExtensions=.zip,.pdf,.doc,.docx,.ppt,.pptx,.tar,.gz,.tgz,.rar,.war,.jar,.ear,.xls,.rtf,.properties,.java,.class,.txt,.xml,.jsp,.jsf,.exe,.dll
 HttpUtilities.MaxUploadFileBytes=500000000
@@ -331,8 +353,10 @@ HttpUtilities.ResponseContentType=text/html; charset=UTF-8
 # This is the name of the cookie used to represent the HTTP session
 # Typically this will be the default "JSESSIONID" 
 HttpUtilities.HttpSessionIdName=JSESSIONID
-
-
+#Sets whether or not will will overwrite http status codes to 200.
+HttpUtilities.OverwriteStatusCodes=true
+#Sets the application's base character encoding.  This is forked from the Java Encryptor property.
+HttpUtilities.CharacterEncoding=UTF-8
 
 #===========================================================================
 # ESAPI Executor
@@ -441,20 +465,27 @@ Validator.Redirect=^\\/test.*$
 # Values with Base64 encoded data (e.g. encrypted state) will need at least [a-zA-Z0-9\/+=]
 Validator.HTTPScheme=^(http|https)$
 Validator.HTTPServerName=^[a-zA-Z0-9_.\\-]*$
-Validator.HTTPParameterName=^[a-zA-Z0-9_]{1,32}$
-Validator.HTTPParameterValue=^[a-zA-Z0-9.\\-\\/+=@_ ]*$
 Validator.HTTPCookieName=^[a-zA-Z0-9\\-_]{1,32}$
 Validator.HTTPCookieValue=^[a-zA-Z0-9\\-\\/+=_ ]*$
-# Note that max header name capped at 150 in SecurityRequestWrapper!
-Validator.HTTPHeaderName=^[a-zA-Z0-9\\-_]{1,50}$
+# Note that headerName and Value length is also configured in the HTTPUtilities section
+Validator.HTTPHeaderName=^[a-zA-Z0-9\\-_]{1,256}$
 Validator.HTTPHeaderValue=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$
-Validator.HTTPContextPath=^\\/?[a-zA-Z0-9.\\-\\/_]*$
 Validator.HTTPServletPath=^[a-zA-Z0-9.\\-\\/_]*$
 Validator.HTTPPath=^[a-zA-Z0-9.\\-_]*$
 Validator.HTTPQueryString=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ %]*$
 Validator.HTTPURI=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$
 Validator.HTTPURL=^.*$
-Validator.HTTPJSESSIONID=^[A-Z0-9]{10,30}$
+Validator.HTTPJSESSIONID=^[A-Z0-9]{10,32}$
+
+
+# Contributed by Fraenku@gmx.ch
+# Googlecode Issue 116 (http://code.google.com/p/owasp-esapi-java/issues/detail?id=116)
+Validator.HTTPParameterName=^[a-zA-Z0-9_\\-]{1,32}$
+Validator.HTTPParameterValue=^[\\p{L}\\p{N}.\\-/+=_ !$*?@]{0,1000}$
+Validator.HTTPContextPath=^/[a-zA-Z0-9.\\-_]*$
+Validator.HTTPQueryString=^([a-zA-Z0-9_\\-]{1,32}=[\\p{L}\\p{N}.\\-/+=_ !$*?@%]*&?)*$
+Validator.HTTPURI=^/([a-zA-Z0-9.\\-_]*/?)*$
+
 
 # Validation of file related input
 Validator.FileName=^[a-zA-Z0-9!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$

From 97366649c5caf81c9671599c400bd70382bbe250 Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Sat, 19 Aug 2017 15:44:48 -0700
Subject: [PATCH 455/812] Fixing some minor issues of duplication and grammar.

---
 configuration/esapi/ESAPI.properties      | 6 ++----
 src/test/resources/esapi/ESAPI.properties | 2 +-
 2 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/configuration/esapi/ESAPI.properties b/configuration/esapi/ESAPI.properties
index 82d7fad92..6a7ef055c 100644
--- a/configuration/esapi/ESAPI.properties
+++ b/configuration/esapi/ESAPI.properties
@@ -353,7 +353,7 @@ HttpUtilities.ResponseContentType=text/html; charset=UTF-8
 # This is the name of the cookie used to represent the HTTP session
 # Typically this will be the default "JSESSIONID" 
 HttpUtilities.HttpSessionIdName=JSESSIONID
-#Sets whether or not will will overwrite http status codes to 200.
+#Sets whether or not we will overwrite http status codes to 200.
 HttpUtilities.OverwriteStatusCodes=true
 #Sets the application's base character encoding.  This is forked from the Java Encryptor property.
 HttpUtilities.CharacterEncoding=UTF-8
@@ -472,14 +472,12 @@ Validator.HTTPHeaderName=^[a-zA-Z0-9\\-_]{1,256}$
 Validator.HTTPHeaderValue=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$
 Validator.HTTPServletPath=^[a-zA-Z0-9.\\-\\/_]*$
 Validator.HTTPPath=^[a-zA-Z0-9.\\-_]*$
-Validator.HTTPQueryString=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ %]*$
-Validator.HTTPURI=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$
 Validator.HTTPURL=^.*$
 Validator.HTTPJSESSIONID=^[A-Z0-9]{10,32}$
 
 
 # Contributed by Fraenku@gmx.ch
-# Googlecode Issue 116 (http://code.google.com/p/owasp-esapi-java/issues/detail?id=116)
+# Github Issue 126 https://github.com/ESAPI/esapi-java-legacy/issues/126
 Validator.HTTPParameterName=^[a-zA-Z0-9_\\-]{1,32}$
 Validator.HTTPParameterValue=^[\\p{L}\\p{N}.\\-/+=_ !$*?@]{0,1000}$
 Validator.HTTPContextPath=^/[a-zA-Z0-9.\\-_]*$
diff --git a/src/test/resources/esapi/ESAPI.properties b/src/test/resources/esapi/ESAPI.properties
index 9003ff97a..6e184a46e 100644
--- a/src/test/resources/esapi/ESAPI.properties
+++ b/src/test/resources/esapi/ESAPI.properties
@@ -365,7 +365,7 @@ HttpUtilities.ResponseContentType=text/html; charset=UTF-8
 # This is the name of the cookie used to represent the HTTP session
 # Typically this will be the default "JSESSIONID" 
 HttpUtilities.HttpSessionIdName=JSESSIONID
-#Sets whether or not will will overwrite http status codes to 200.
+#Sets whether or not we will overwrite http status codes to 200.
 HttpUtilities.OverwriteStatusCodes=true
 #Sets the application's base character encoding.  This is forked from the Java Encryptor property.
 HttpUtilities.CharacterEncoding=UTF-8

From 8f531164201d05c3a2acd7f3e1eb43c1f36d7551 Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Sat, 19 Aug 2017 15:53:55 -0700
Subject: [PATCH 456/812] Cleaned up imports.

---
 .../java/org/owasp/esapi/reference/DefaultValidator.java    | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/DefaultValidator.java b/src/main/java/org/owasp/esapi/reference/DefaultValidator.java
index 074b44dd1..d2ac1996a 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultValidator.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultValidator.java
@@ -20,22 +20,16 @@
 import java.io.File;
 import java.io.IOException;
 import java.io.InputStream;
-import java.io.UnsupportedEncodingException;
 import java.net.URI;
 import java.net.URISyntaxException;
-import java.net.URLDecoder;
 import java.text.DateFormat;
 import java.util.ArrayList;
 import java.util.Date;
-import java.util.EnumMap;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Iterator;
-import java.util.LinkedHashMap;
-import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
-import java.util.Map.Entry;
 import java.util.Set;
 import java.util.regex.Pattern;
 

From a9849f1421617b5087685daeb7239015bd753930 Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Sat, 26 Aug 2017 16:13:21 -0700
Subject: [PATCH 457/812] Issue #284 -- Restored original canonicalization
 behavior due to issue #54 being an invalid fix for a legacy URL issue where
 query params would get flagged as HTML Entities.

---
 .../esapi/reference/DefaultValidator.java     |  2 -
 .../validation/StringValidationRule.java      | 50 +++----------------
 .../owasp/esapi/reference/ValidatorTest.java  |  2 +-
 3 files changed, 8 insertions(+), 46 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/DefaultValidator.java b/src/main/java/org/owasp/esapi/reference/DefaultValidator.java
index d2ac1996a..92bef36c6 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultValidator.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultValidator.java
@@ -216,7 +216,6 @@ public String getValidInput(String context, String input, String type, int maxLe
 		}
 		rvr.setMaximumLength(maxLength);
 		rvr.setAllowNull(allowNull);
-		rvr.setValidateInputAndCanonical(canonicalize);
 		return rvr.getValid(context, input);
 	}
 
@@ -343,7 +342,6 @@ public String getValidSafeHTML( String context, String input, int maxLength, boo
 		HTMLValidationRule hvr = new HTMLValidationRule( "safehtml", encoder );
 		hvr.setMaximumLength(maxLength);
 		hvr.setAllowNull(allowNull);
-		hvr.setValidateInputAndCanonical(false);
 		return hvr.getValid(context, input);
 	}
 
diff --git a/src/main/java/org/owasp/esapi/reference/validation/StringValidationRule.java b/src/main/java/org/owasp/esapi/reference/validation/StringValidationRule.java
index c48286cf5..3163c532d 100644
--- a/src/main/java/org/owasp/esapi/reference/validation/StringValidationRule.java
+++ b/src/main/java/org/owasp/esapi/reference/validation/StringValidationRule.java
@@ -44,7 +44,6 @@ public class StringValidationRule extends BaseValidationRule {
 	protected List<Pattern> blacklistPatterns = new ArrayList<Pattern>();
 	protected int minLength = 0;
 	protected int maxLength = Integer.MAX_VALUE;
-	protected boolean validateInputAndCanonical = true;
 
 	public StringValidationRule( String typeName ) {
 		super( typeName );
@@ -116,16 +115,6 @@ public void setMaximumLength( int length ) {
 		maxLength = length;
 	}
 
-	/**
-	 * Set the flag which determines whether the in input itself is
-	 * checked as well as the canonical form of the input.
-	 * @param flag The value to set
-	 */
-	public void setValidateInputAndCanonical(boolean flag)
-	{
-		validateInputAndCanonical = flag;
-	}
-
 	/**
 	 * checks input against whitelists.
 	 * @param context The context to include in exception messages
@@ -267,47 +256,22 @@ public String getValid( String context, String input ) throws ValidationExceptio
 	{
 		String data = null;
 
-		// checks on input itself
-
 		// check for empty/null
 		if(checkEmpty(context, input) == null)
 			return null;
 
-		if (validateInputAndCanonical)
-		{
-			//first validate pre-canonicalized data
-			
-			// check length
-			checkLength(context, input);
-
-			// check whitelist patterns
-			checkWhitelist(context, input);
-
-			// check blacklist patterns
-			checkBlacklist(context, input);
-			
-			// canonicalize
-			data = encoder.canonicalize( input );
-			
-		} else {
-			
-			//skip canonicalization
-			data = input;			
-		}
-
-		// check for empty/null
-		if(checkEmpty(context, data, input) == null)
-			return null;
-
 		// check length
-		checkLength(context, data, input);
+		checkLength(context, input);
+		
+		// canonicalize
+		data = encoder.canonicalize( input );
 
 		// check whitelist patterns
-		checkWhitelist(context, data, input);
+		checkWhitelist(context, input);
 
 		// check blacklist patterns
-		checkBlacklist(context, data, input);
-
+		checkBlacklist(context, input);
+			
 		// validation passed
 		return data;
 	}
diff --git a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
index 8fb0a2e8a..bcef424b4 100644
--- a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
+++ b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
@@ -232,7 +232,7 @@ public void testGetValidFileName() throws Exception {
         assertEquals("Percent encoding is not changed", testName, instance.getValidFileName("test", testName, ESAPI.securityConfiguration().getAllowedFileExtensions(), false, errors));
     }
 
-    public void testGetValidInput() {
+    public void testGetValidInput() throws Exception {
         System.out.println("getValidInput");
         Validator instance = ESAPI.validator();
         ValidationErrorList errors = new ValidationErrorList();

From 66745aef119a661f35eb8ef9cbae2aa514926f59 Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Sat, 26 Aug 2017 16:15:42 -0700
Subject: [PATCH 458/812] Issue #284 -- Fixed code no longer needed for
 testing.

---
 src/test/java/org/owasp/esapi/reference/ValidatorTest.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
index bcef424b4..6222ebeb2 100644
--- a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
+++ b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
@@ -232,7 +232,7 @@ public void testGetValidFileName() throws Exception {
         assertEquals("Percent encoding is not changed", testName, instance.getValidFileName("test", testName, ESAPI.securityConfiguration().getAllowedFileExtensions(), false, errors));
     }
 
-    public void testGetValidInput() throws Exception {
+    public void testGetValidInput(){
         System.out.println("getValidInput");
         Validator instance = ESAPI.validator();
         ValidationErrorList errors = new ValidationErrorList();

From f01719ad13ad19e7f6bb7e88e2d384f44dd32ef3 Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Sat, 26 Aug 2017 18:10:32 -0700
Subject: [PATCH 459/812] Adding mocking frameworks for testing.

---
 pom.xml | 34 ++++++++++++++++++++--------------
 1 file changed, 20 insertions(+), 14 deletions(-)

diff --git a/pom.xml b/pom.xml
index 25b4cebff..ddf78c307 100644
--- a/pom.xml
+++ b/pom.xml
@@ -88,13 +88,6 @@
                 <role>Project Inventor</role>
             </roles>
         </developer>
-        <developer>
-            <name>Chris Schmidt</name>
-            <organization>Aspect Security</organization>
-            <roles>
-                <role>Project Co-owner</role>
-            </roles>
-        </developer>
         <developer>
             <name>Kevin W. Wall</name>
             <organization>Wells Fargo</organization>
@@ -102,6 +95,13 @@
                 <role>Project Co-owner</role>
             </roles>
         </developer>
+        <developer>
+          <name>Matt Seil</name>
+          <organization>OWASP</organization>
+          <roles>
+            <role>Project Co-owner</role>
+          </roles>
+        </developer>
     </developers>
 
     <contributors>
@@ -119,6 +119,12 @@
     </properties>
 
     <dependencies>
+		<!-- https://mvnrepository.com/artifact/joda-time/joda-time -->
+		<dependency>
+		    <groupId>joda-time</groupId>
+		    <artifactId>joda-time</artifactId>
+		    <version>2.9.9</version>
+		</dependency>
         <dependency>
             <groupId>commons-configuration</groupId>
             <artifactId>commons-configuration</artifactId>
@@ -224,29 +230,29 @@
 		    <version>1.7.0</version>
 		    <scope>test</scope>
 		</dependency>
-		<!-- https://mvnrepository.com/artifact/eu.codearte.catch-exception/catch-exception 
+		<!-- https://mvnrepository.com/artifact/eu.codearte.catch-exception/catch-exception
 		<dependency>
 		    <groupId>eu.codearte.catch-exception</groupId>
 		    <artifactId>catch-exception</artifactId>
 		    <version>1.4.6</version>
 		    <scope>test</scope>
 		</dependency>-->
-				
-		<!-- https://mvnrepository.com/artifact/org.powermock/powermock-core 
+
+		<!-- https://mvnrepository.com/artifact/org.powermock/powermock-core
 		<dependency>
 		    <groupId>org.powermock</groupId>
 		    <artifactId>powermock-core</artifactId>
 		    <version>1.7.0</version>
 		    <scope>test</scope>
 		</dependency>-->
-		<!-- https://mvnrepository.com/artifact/org.powermock/powermock-api-easymock 
+		<!-- https://mvnrepository.com/artifact/org.powermock/powermock-api-easymock
 		<dependency>
 		    <groupId>org.powermock</groupId>
 		    <artifactId>powermock-api-easymock</artifactId>
 		    <version>1.7.0</version>
 		    <scope>test</scope>
 		</dependency>-->
-		
+
     </dependencies>
 
     <build>
@@ -529,7 +535,7 @@
                             </execution>
                         </executions>
                     </plugin>
-					
+
 					<plugin>
 						<groupId>org.apache.maven.plugins</groupId>
 						<artifactId>maven-jar-plugin</artifactId>
@@ -561,7 +567,7 @@
 							</archive>
 						</configuration>
 					</plugin>
-					
+
                     <!-- Baseline for ESAPI 2.1 is JDK1.6 - Enforces that a JDK1.6 compiler is being
                          used to build this release -->
                     <plugin>

From a47d8e70ec57e362ed58225fd97b12cb5b7cf2da Mon Sep 17 00:00:00 2001
From: NiklasMehner <niklas.mehner@gmail.com>
Date: Tue, 7 Nov 2017 03:52:51 +0100
Subject: [PATCH 460/812] Fix configuration loading: Use value instead of
 constants also update vulnerable dependencies (#426)

* Fix configuration loading: Use value instead of constants

* Update dependencies with vulnerabilities

Close #426
---
 pom.xml                                                | 10 +++++-----
 .../esapi/reference/DefaultSecurityConfiguration.java  | 10 +++++-----
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/pom.xml b/pom.xml
index ddf78c307..44db96788 100644
--- a/pom.xml
+++ b/pom.xml
@@ -157,7 +157,7 @@
         <dependency>
             <groupId>commons-fileupload</groupId>
             <artifactId>commons-fileupload</artifactId>
-            <version>1.3.2</version>
+            <version>1.3.3</version>
             <scope>compile</scope>
         </dependency>
         <dependency>
@@ -185,14 +185,14 @@
             <version>1.2.10</version>
         </dependency>
         <dependency>
-            <groupId>org.beanshell</groupId>
-            <artifactId>bsh-core</artifactId>
-            <version>2.0b4</version>
+            <groupId>org.apache-extras.beanshell</groupId>
+			<artifactId>bsh</artifactId>
+			<version>2.0b6</version>
         </dependency>
         <dependency>
             <groupId>org.owasp.antisamy</groupId>
             <artifactId>antisamy</artifactId>
-            <version>1.5.6</version>
+            <version>1.5.7</version>
         </dependency>
         <!-- The following is only a TRANSITIVE dependency used by antisamy.
              Antisamy uses 2.7.0, which has unpatched vulnerability
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
index d1792c40d..db8e7f79c 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
@@ -647,31 +647,31 @@ private Properties loadConfigurationFromClasspath(String fileName) throws Illega
 					// try resourceDirectory folder
 					if (in == null) {
 						currentClasspathSearchLocation = resourceDirectory + "/";
-						in = currentLoader.getResourceAsStream(DefaultSearchPath.RESOURCE_DIRECTORY + fileName);
+						in = currentLoader.getResourceAsStream(DefaultSearchPath.RESOURCE_DIRECTORY.value() + fileName);
 					}
 
 					// try .esapi folder. Look here first for backward compatibility.
 					if (in == null) {
 						currentClasspathSearchLocation = ".esapi/";
-						in = currentLoader.getResourceAsStream(DefaultSearchPath.DOT_ESAPI + fileName);
+						in = currentLoader.getResourceAsStream(DefaultSearchPath.DOT_ESAPI.value() + fileName);
 					} 
 					
 					// try esapi folder (new directory)
 					if (in == null) {
 						currentClasspathSearchLocation = "esapi/";
-						in = currentLoader.getResourceAsStream(DefaultSearchPath.ESAPI + fileName);
+						in = currentLoader.getResourceAsStream(DefaultSearchPath.ESAPI.value() + fileName);
 					} 
 					
 					// try resources folder
 					if (in == null) {
 						currentClasspathSearchLocation = "resources/";
-						in = currentLoader.getResourceAsStream(DefaultSearchPath.RESOURCES + fileName);
+						in = currentLoader.getResourceAsStream(DefaultSearchPath.RESOURCES.value() + fileName);
 					}
 					
 					// try src/main/resources folder
 					if (in == null) {
 						currentClasspathSearchLocation = "src/main/resources/";
-						in = currentLoader.getResourceAsStream(DefaultSearchPath.SRC_MAIN_RESOURCES + fileName);
+						in = currentLoader.getResourceAsStream(DefaultSearchPath.SRC_MAIN_RESOURCES.value() + fileName);
 					}
 		
 					// now load the properties

From bc0de2ee400ebe308dcc4f0cd18e63747b666d78 Mon Sep 17 00:00:00 2001
From: Joel Rabinovitch <joel.rabinovitch@tecsys.com>
Date: Sun, 26 Nov 2017 09:20:47 -0500
Subject: [PATCH 461/812] Fixed the encoderForLDAP method to use a "switch"
 statement as was suggested by the maintainer.

---
 .../owasp/esapi/reference/DefaultEncoder.java | 47 +++++++++++--------
 1 file changed, 27 insertions(+), 20 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/DefaultEncoder.java b/src/main/java/org/owasp/esapi/reference/DefaultEncoder.java
index 0af2ba040..8100632a7 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultEncoder.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultEncoder.java
@@ -301,28 +301,35 @@ public String encodeForLDAP(String input, boolean encodeWildcards) {
 	    }
 		// TODO: replace with LDAP codec
 	    StringBuilder sb = new StringBuilder();
-		for (int i = 0; i < input.length(); i++) {
-			char c = input.charAt(i);
+	    for (int i = 0; i < input.length(); i++) {
+	        char c = input.charAt(i);
 
-			if (c == '\\') {
-	            sb.append("\\5c");
-	        }
-	        else if ((c == '*') && encodeWildcards) {
-	            sb.append("\\2a");
-	        }
-	        else if (c == '(') {
-	            sb.append("\\28");
-	        }
-	        else if (c == ')') {
-	            sb.append("\\29");
+	        switch (c) {
+	            case '\\':
+	                sb.append("\\5c");
+	                break;
+	            case '*': 
+	                if (encodeWildcards) {
+	                    sb.append("\\2a"); 
+	                }
+	                else {
+	                    sb.append(c);
+	                }
+	                
+	                break;
+	            case '(':
+	                sb.append("\\28");
+	                break;
+	            case ')':
+	                sb.append("\\29");
+	                break;
+	            case '\0':
+	                sb.append("\\00");
+	                break;
+	            default:
+	                sb.append(c);
 	        }
-	        else if (c == '\0') {
-	            sb.append("\\00");
-	        }
-	        else {
-	            sb.append(c);
-	        }
-		}
+	    }
 		return sb.toString();
 	}
 

From d13a4a99fe5793231a00727ef2aacd034dfbb847 Mon Sep 17 00:00:00 2001
From: "Kevin W. Wall" <kevin.w.wall@gmail.com>
Date: Fri, 15 Dec 2017 16:48:54 -0500
Subject: [PATCH 462/812] Update README.md

Change Chris Schmidt reference to Matt Seil.
Add reference to 'FirstBug' under the contributing section.
---
 README.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 33d8a62aa..3c5ccd2c0 100644
--- a/README.md
+++ b/README.md
@@ -27,6 +27,8 @@ https://github.com/ESAPI/esapi-java
 ## How can I contribute or help with fix bugs?
 Fork and submit a pull request! Simple as pi! We generally only accept bug fixes, not new features because as a legacy project, we don't intend on adding new features, although we may make exceptions. If you wish to propose a new feature, the best place to discuss it is via the ESAPI-DEV mailing list mentioned below. Note that we vet all pull requests, including coding style of any contributions; use the same coding style found in the files you are already editing.
 
+If you are new to ESAPI, a good place to start is to look for GitHub issues labled as 'FirstBug'. (E.g., https://github.com/ESAPI/esapi-java-legacy/labels/FirstBug)
+
 ### What happened to Google code?
 In mid-2014 ESAPI Migrated all code to GitHub. This migration was completed in November 2014.
 
@@ -39,7 +41,7 @@ When reporting an issue, please be clear and try to ensure that the ESAPI develo
 If you have found a bug, then create an issue on the esapi-legacy-java repo: https://github.com/ESAPI/esapi-java-legacy/issues
 
 ### Find a Vulnerability?
-If you have found a vulnerability in ESAPI legacy, first search the issues list (see above) to see if it has already been reported. If it has not, then please contact both Kevin W. Wall (kevin.w.wall at gmail.com) and Chris Schmidt (chris.schmidt at owasp.org) directly. Please do not report vulnerabilities via GitHub issues or via the ESAPI mailing lists as we wish to keep our users secure while a patch is implemented and deployed. If you wish to be acknowledged for finding the vulnerability, then please follow this process. (Eventually, we would like to have BugCrowd handle this, but that's still a ways off.) Also, when you post the email describing the vulnerability, please do so from an email address that you usually monitor.
+If you have found a vulnerability in ESAPI legacy, first search the issues list (see above) to see if it has already been reported. If it has not, then please contact both Kevin W. Wall (kevin.w.wall at gmail.com) and Matt Seil (matt.seil at owasp.org) directly. Please do not report vulnerabilities via GitHub issues or via the ESAPI mailing lists as we wish to keep our users secure while a patch is implemented and deployed. If you wish to be acknowledged for finding the vulnerability, then please follow this process. (Eventually, we would like to have BugCrowd handle this, but that's still a ways off.) Also, when you post the email describing the vulnerability, please do so from an email address that you usually monitor.
 
 ## Where to Find More Information on ESAPI
 

From 178f2bdbe3f7a9a1b402a9ef40063a4ef507d3ac Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 17 Dec 2017 15:11:43 -0500
Subject: [PATCH 463/812] Close issue #429. Details:     Update <targetJdk> for
 PMD plugin from 1.5 to 1.7     Update version for <requireJavaVersion> for
 maven-enforcer-plugin from 1.6 to 1.7     Update batik from 1.9 to 1.9.1    
 Add test dependency for Bouncy Castle 1.58 (only required for JUnit tests)   
  Added some compiler flags (warnings) for CII Badging effort     Update
 version of Dependency Check used to 2.1.0     Update maven-javadoc-plugin to
 3.0.0-M1     Update commons-io from 2.5 to 2.6 (only used for JUnit tests)

---
 pom.xml | 49 +++++++++++++++++++++++++++++++++++++++++--------
 1 file changed, 41 insertions(+), 8 deletions(-)

diff --git a/pom.xml b/pom.xml
index 44db96788..086f70917 100644
--- a/pom.xml
+++ b/pom.xml
@@ -102,6 +102,13 @@
             <role>Project Co-owner</role>
           </roles>
         </developer>
+        <developer>
+            <name>Chris Schmidt</name>
+            <organization>Synopsys</organization>
+            <roles>
+                <role>Former project co-owner</role>
+            </roles>
+        </developer>
     </developers>
 
     <contributors>
@@ -142,6 +149,12 @@
             <version>4.12</version>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcprov-jdk15on</artifactId>
+            <version>1.58</version>
+            <scope>test</scope>
+        </dependency>
         <dependency>
             <groupId>javax.servlet</groupId>
             <artifactId>javax.servlet-api</artifactId>
@@ -163,7 +176,7 @@
         <dependency>
             <groupId>commons-io</groupId>
             <artifactId>commons-io</artifactId>
-            <version>2.5</version>
+            <version>2.6</version>
             <scope>test</scope>
         </dependency>
         <dependency>
@@ -209,7 +222,7 @@
         <dependency>
             <groupId>org.apache.xmlgraphics</groupId>
             <artifactId>batik-css</artifactId>
-            <version>1.9</version>
+            <version>1.9.1</version>
         </dependency>
 		<!--  <dependency>
 		    <groupId>org.mockito</groupId>
@@ -266,6 +279,25 @@
                     <debug>true</debug>
                     <showWarnings>true</showWarnings>
                     <showDeprecation>false</showDeprecation>
+                    <compilerArgs>
+                        <!-- This fails:
+                                <arg>-Xmaxwarns 2000</arg>
+                             Must be passed as two separate args, as shown
+                             below.
+                         -->
+                        <arg>-Xmaxwarns</arg>
+                        <arg>2000</arg>
+                        <arg>
+                            <!-- Eventually desire is to use just
+                                    -Xlint:all
+                                 here, but for now, this is just to cross off
+                                 another criteria for CII Badging process.
+                                 However, this is main reason we increased
+                                 maxwarns above.
+                            -->
+                            -Xlint:all,-deprecation,-rawtypes,-unchecked
+                        </arg>
+                     </compilerArgs>
                 </configuration>
             </plugin>
 
@@ -330,7 +362,7 @@
             <plugin>
                 <groupId>org.owasp</groupId>
                 <artifactId>dependency-check-maven</artifactId>
-                <version>1.4.4</version>
+                <version>2.1.0</version>
                 <configuration>
                     <failBuildOnCVSS>5.9</failBuildOnCVSS>
                     <suppressionFile>./suppressions.xml</suppressionFile>
@@ -370,7 +402,7 @@
                 <artifactId>maven-pmd-plugin</artifactId>
                 <version>3.6</version>
                 <configuration>
-                    <targetJdk>1.5</targetJdk>
+                    <targetJdk>1.7</targetJdk>
                     <sourceEncoding>utf-8</sourceEncoding>
                 </configuration>
             </plugin>
@@ -464,6 +496,7 @@
               <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-javadoc-plugin</artifactId>
+                <version>3.0.0-M1</version>
                 <configuration>
                   <additionalparam>-Xdoclint:none</additionalparam>
                 </configuration>
@@ -568,7 +601,7 @@
 						</configuration>
 					</plugin>
 
-                    <!-- Baseline for ESAPI 2.1 is JDK1.6 - Enforces that a JDK1.6 compiler is being
+                    <!-- Baseline for ESAPI 2.x is now JDK1.7 - Enforces that a JDK1.7 compiler is being
                          used to build this release -->
                     <plugin>
                         <groupId>org.apache.maven.plugins</groupId>
@@ -583,10 +616,10 @@
                                 <configuration>
                                     <rules>
                                         <requireJavaVersion>
-                                            <version>1.6</version>
+                                            <version>1.7</version>
                                             <message>
-                                                ESAPI 2.1 uses the JDK1.6 for it's baseline. Please make sure that your
-                                                JAVA_HOME environment variable is pointed to a JDK1.6 distribution.
+                                                ESAPI 2.x now uses the JDK1.7 for it's baseline. Please make sure that your
+                                                JAVA_HOME environment variable is pointed to a JDK1.7 distribution.
                                             </message>
                                         </requireJavaVersion>
                                     </rules>

From f3cdc694e56f5bb5c248dc6294ec174df5bd6e20 Mon Sep 17 00:00:00 2001
From: "Kevin W. Wall" <kevin.w.wall@gmail.com>
Date: Tue, 26 Dec 2017 11:37:14 -0500
Subject: [PATCH 464/812] Update README.md file to fix minor typo

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 3c5ccd2c0..f6f3e4721 100644
--- a/README.md
+++ b/README.md
@@ -35,7 +35,7 @@ In mid-2014 ESAPI Migrated all code to GitHub. This migration was completed in N
 ### What about the issues still located on Google Code?
 All issues from Google Code have been migrated to GitHub issues. We have a JIRA/Confluence instance allocated to us, but it has not be configured to synchronize with the GitHub issues, and thus is should not be used. JIRA is fine, but if we can't have it synchronized with GitHub issues (which is where the majority of our users report issues), it is not usuable. As developers, we do not want to spent time having to close issues from multiple bug-tracking sites. Therefore, until this synchronization happens (see GitHub issue #371), please ONLY use GitHub for reporting bugs.
 
-When reporting an issue, please be clear and try to ensure that the ESAPI development team has sufficient information to be able to reproduce your results. If you have not already done son, this might be a good time to read Eric S. Raymond's classic "How to Ask Questions the Smart Way", at http://www.catb.org/esr/faqs/smart-questions.html before posting your issue.
+When reporting an issue, please be clear and try to ensure that the ESAPI development team has sufficient information to be able to reproduce your results. If you have not already done so, this might be a good time to read Eric S. Raymond's classic "How to Ask Questions the Smart Way", at http://www.catb.org/esr/faqs/smart-questions.html before posting your issue.
 
 ### Find an Issue?
 If you have found a bug, then create an issue on the esapi-legacy-java repo: https://github.com/ESAPI/esapi-java-legacy/issues

From 15b5b767f16cb590c5a6aba273a33da15bbb9730 Mon Sep 17 00:00:00 2001
From: "Kevin W. Wall" <kevin.w.wall@gmail.com>
Date: Sat, 30 Dec 2017 15:05:04 -0500
Subject: [PATCH 465/812] Update README.md to refer to GitHub's suggested
 begiiner label for issues.

Previously we were using the label 'FirstBug' to reflect issues appropriate for beginners to work on. That label was created prior to GitHub suggesting the use of 'help wanted' or 'good first issue' for that label. I have created the 'good first use' label (with the same color as suggested by GitHub) and replaced all the (now obsolete) 'FirstBug' labels with the label 'good first use' and then deleted the custom 'FirstBug' label. Updating this README.md file is the file step.
---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index f6f3e4721..27168a156 100644
--- a/README.md
+++ b/README.md
@@ -27,7 +27,7 @@ https://github.com/ESAPI/esapi-java
 ## How can I contribute or help with fix bugs?
 Fork and submit a pull request! Simple as pi! We generally only accept bug fixes, not new features because as a legacy project, we don't intend on adding new features, although we may make exceptions. If you wish to propose a new feature, the best place to discuss it is via the ESAPI-DEV mailing list mentioned below. Note that we vet all pull requests, including coding style of any contributions; use the same coding style found in the files you are already editing.
 
-If you are new to ESAPI, a good place to start is to look for GitHub issues labled as 'FirstBug'. (E.g., https://github.com/ESAPI/esapi-java-legacy/labels/FirstBug)
+If you are new to ESAPI, a good place to start is to look for GitHub issues labled as 'good first issue'. (E.g., to find all open issues with that label, use https://github.com/ESAPI/esapi-java-legacy/issues?q=is%3Aissue+is%3Aopen+label%3A%22good+first+issue%22.)
 
 ### What happened to Google code?
 In mid-2014 ESAPI Migrated all code to GitHub. This migration was completed in November 2014.

From b712af5a543e8428a44a363c96a4b0ee8d2e300b Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Fri, 5 Jan 2018 13:31:05 -0600
Subject: [PATCH 466/812] GITHUB #135 Updating
 SecurityWrapperRequest.getQueryString to return the original encoded string
 to the caller IFF that string can be converted into a 'safe' string by the
 ESAPI Validator instance/configuration.

---
 .../org/owasp/esapi/filters/SecurityWrapperRequest.java   | 7 ++++++-
 .../java/org/owasp/esapi/filters/SafeRequestTest.java     | 8 +++-----
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/filters/SecurityWrapperRequest.java b/src/main/java/org/owasp/esapi/filters/SecurityWrapperRequest.java
index 095069918..72f9f9bdc 100644
--- a/src/main/java/org/owasp/esapi/filters/SecurityWrapperRequest.java
+++ b/src/main/java/org/owasp/esapi/filters/SecurityWrapperRequest.java
@@ -513,7 +513,12 @@ public String getQueryString() {
         } catch (ValidationException e) {
             // already logged
         }
-        return clean;
+	/* GITHUB #135
+	 *  as long as the original query can be cleaned then we assume it's safe. 
+	 *  Returning the decoded 'clean' value changes how the string is interpreted,
+	 *  so we need to return the original query value.
+	 */
+	return clean == null || clean.isEmpty() ? clean : query;
     }
 
     /**
diff --git a/src/test/java/org/owasp/esapi/filters/SafeRequestTest.java b/src/test/java/org/owasp/esapi/filters/SafeRequestTest.java
index e4d55950d..e758fe02f 100644
--- a/src/test/java/org/owasp/esapi/filters/SafeRequestTest.java
+++ b/src/test/java/org/owasp/esapi/filters/SafeRequestTest.java
@@ -121,7 +121,7 @@ public void testGetQueryStringPercent()
 
 		req.setQueryString("a=%62");
 		wrappedReq = new SecurityWrapperRequest(req);
-		assertEquals("a=b",wrappedReq.getQueryString());
+		assertEquals("a=%62",wrappedReq.getQueryString());
 	}
 	
 	public void testGetQueryStringPercentNUL()
@@ -131,11 +131,9 @@ public void testGetQueryStringPercentNUL()
 
 		req.setQueryString("a=%00");
 		wrappedReq = new SecurityWrapperRequest(req);
-		assertEquals("",wrappedReq.getQueryString());
+		assertEquals("a=%00", wrappedReq.getQueryString());
 	}
 
-	/* these tests need to be enabled&changed based on the decisions
-	 * made regarding issue 125. Currently they fail.
 	public void testGetQueryStringPercentEquals()
 	{
 		MockHttpServletRequest req = new MockHttpServletRequest();
@@ -155,7 +153,7 @@ public void testGetQueryStringPercentAmpersand()
 		wrappedReq = new SecurityWrapperRequest(req);
 		assertEquals("a=%26b",wrappedReq.getQueryString());
 	}
-	*/
+
 
 	// Test to ensure null-value contract defined by ServletRequest.getParameterNames(String) is met.
 	public void testGetParameterValuesReturnsNullWhenParameterDoesNotExistInRequest() {

From 2c199e5e84ebee32e1147440c8ef9b72ecf8e198 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sat, 20 Jan 2018 09:19:24 -0600
Subject: [PATCH 467/812] Canonicalize SecurityWrapperRequest.getQueryString

Reverts last change which removed canonicalization from the return value.
Tests being updated to reflect the expected behavior, which includes both
canonicalization as well as test-scoped whitelist functionality from
validation.
---
 .../org/owasp/esapi/filters/SecurityWrapperRequest.java   | 7 +------
 .../java/org/owasp/esapi/filters/SafeRequestTest.java     | 8 ++++----
 2 files changed, 5 insertions(+), 10 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/filters/SecurityWrapperRequest.java b/src/main/java/org/owasp/esapi/filters/SecurityWrapperRequest.java
index 72f9f9bdc..095069918 100644
--- a/src/main/java/org/owasp/esapi/filters/SecurityWrapperRequest.java
+++ b/src/main/java/org/owasp/esapi/filters/SecurityWrapperRequest.java
@@ -513,12 +513,7 @@ public String getQueryString() {
         } catch (ValidationException e) {
             // already logged
         }
-	/* GITHUB #135
-	 *  as long as the original query can be cleaned then we assume it's safe. 
-	 *  Returning the decoded 'clean' value changes how the string is interpreted,
-	 *  so we need to return the original query value.
-	 */
-	return clean == null || clean.isEmpty() ? clean : query;
+        return clean;
     }
 
     /**
diff --git a/src/test/java/org/owasp/esapi/filters/SafeRequestTest.java b/src/test/java/org/owasp/esapi/filters/SafeRequestTest.java
index e758fe02f..e404f8c46 100644
--- a/src/test/java/org/owasp/esapi/filters/SafeRequestTest.java
+++ b/src/test/java/org/owasp/esapi/filters/SafeRequestTest.java
@@ -121,7 +121,7 @@ public void testGetQueryStringPercent()
 
 		req.setQueryString("a=%62");
 		wrappedReq = new SecurityWrapperRequest(req);
-		assertEquals("a=%62",wrappedReq.getQueryString());
+		assertEquals("a=b",wrappedReq.getQueryString());
 	}
 	
 	public void testGetQueryStringPercentNUL()
@@ -131,7 +131,7 @@ public void testGetQueryStringPercentNUL()
 
 		req.setQueryString("a=%00");
 		wrappedReq = new SecurityWrapperRequest(req);
-		assertEquals("a=%00", wrappedReq.getQueryString());
+		assertEquals("a="+Character.MIN_VALUE, wrappedReq.getQueryString());
 	}
 
 	public void testGetQueryStringPercentEquals()
@@ -141,7 +141,7 @@ public void testGetQueryStringPercentEquals()
 
 		req.setQueryString("a=%3d");
 		wrappedReq = new SecurityWrapperRequest(req);
-		assertEquals("a=%3d",wrappedReq.getQueryString());
+		assertEquals("a==",wrappedReq.getQueryString());
 	}
 
 	public void testGetQueryStringPercentAmpersand()
@@ -151,7 +151,7 @@ public void testGetQueryStringPercentAmpersand()
 
 		req.setQueryString("a=%26b");
 		wrappedReq = new SecurityWrapperRequest(req);
-		assertEquals("a=%26b",wrappedReq.getQueryString());
+		assertEquals("a=&b",wrappedReq.getQueryString());
 	}
 
 

From f006b5308eb54e2ba316a4b55e24cc6430fdcfed Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sat, 20 Jan 2018 09:26:35 -0600
Subject: [PATCH 468/812] SecurityWrapperRequest Workflow Test

Using PowerMock to assert the happy-path and exception cases when
requesting a QueryString reference.
This approach removes the test environment from the unit and focuses on
the behavior of the class in isolation.
---
 .../filters/SecurityWrapperRequestTest.java   | 108 ++++++++++++++++++
 1 file changed, 108 insertions(+)
 create mode 100644 src/test/java/org/owasp/esapi/filters/SecurityWrapperRequestTest.java

diff --git a/src/test/java/org/owasp/esapi/filters/SecurityWrapperRequestTest.java b/src/test/java/org/owasp/esapi/filters/SecurityWrapperRequestTest.java
new file mode 100644
index 000000000..3200700c1
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/filters/SecurityWrapperRequestTest.java
@@ -0,0 +1,108 @@
+package org.owasp.esapi.filters;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.ArgumentCaptor;
+import org.mockito.Matchers;
+import org.mockito.Mock;
+import org.mockito.Mockito;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.SecurityConfiguration;
+import org.owasp.esapi.Validator;
+import org.owasp.esapi.errors.IntrusionException;
+import org.owasp.esapi.errors.ValidationException;
+import org.owasp.esapi.filters.SecurityWrapperRequest;
+import org.powermock.api.mockito.PowerMockito;
+import org.powermock.core.classloader.annotations.PrepareForTest;
+import org.powermock.modules.junit4.PowerMockRunner;
+
+/**
+ * FIXME: Document intent of class. General Function, purpose of creation, intended feature, etc.
+ * Why do people care this exists?
+ * 
+ * @author Jeremiah
+ * @since Jan 3, 2018
+ */
+@RunWith(PowerMockRunner.class)
+@PrepareForTest(ESAPI.class)
+public class SecurityWrapperRequestTest {
+
+    @Mock
+    private HttpServletRequest mockRequest;
+    @Mock
+    private Validator mockValidator;
+    @Mock
+    private SecurityConfiguration mockSecConfig;
+
+    @Before
+    public void setup() throws Exception {
+        PowerMockito.mockStatic(ESAPI.class);
+        PowerMockito.when(ESAPI.class, "validator").thenReturn(mockValidator);
+        PowerMockito.when(ESAPI.class, "securityConfiguration").thenReturn(mockSecConfig);
+    }
+
+    @Test
+    public void testGetQueryString() throws IntrusionException, ValidationException {
+        String queryString = "queryString";
+        int maxLength = 255;
+
+        ArgumentCaptor<String> inputCapture = ArgumentCaptor.forClass(String.class);
+        ArgumentCaptor<String> typeCapture = ArgumentCaptor.forClass(String.class);
+        ArgumentCaptor<Integer> lenghtCapture = ArgumentCaptor.forClass(Integer.class);
+        ArgumentCaptor<Boolean> allowNullCapture = ArgumentCaptor.forClass(Boolean.class);
+
+        PowerMockito.when(mockValidator.getValidInput(Matchers.anyString(), inputCapture.capture(), typeCapture
+            .capture(), lenghtCapture.capture(), allowNullCapture.capture())).thenReturn("canonicalized");
+        PowerMockito.when(mockSecConfig.getIntProp("HttpUtilities.URILENGTH")).thenReturn(maxLength);
+        PowerMockito.when(mockRequest.getQueryString()).thenReturn(queryString);
+
+        SecurityWrapperRequest request = new SecurityWrapperRequest(mockRequest);
+        String rval = request.getQueryString();
+        Assert.assertEquals("canonicalized", rval);
+
+        Assert.assertEquals(queryString, inputCapture.getValue());
+        Assert.assertEquals("HTTPQueryString", typeCapture.getValue());
+        Assert.assertTrue(maxLength == lenghtCapture.getValue().intValue());
+        Assert.assertEquals(true, allowNullCapture.getValue());
+
+        Mockito.verify(mockValidator, Mockito.times(1)).getValidInput(Matchers.anyString(), Matchers.anyString(),
+            Matchers.anyString(), Matchers.anyInt(), Matchers.anyBoolean());
+        Mockito.verify(mockSecConfig, Mockito.times(1)).getIntProp("HttpUtilities.URILENGTH");
+        Mockito.verify(mockRequest, Mockito.times(1)).getQueryString();
+    }
+
+    @SuppressWarnings("unchecked")
+    @Test
+    public void testGetQueryStringCanonicalizeException() throws IntrusionException, ValidationException {
+        String queryString = "queryString";
+        int maxLength = 255;
+
+        ArgumentCaptor<String> inputCapture = ArgumentCaptor.forClass(String.class);
+        ArgumentCaptor<String> typeCapture = ArgumentCaptor.forClass(String.class);
+        ArgumentCaptor<Integer> lenghtCapture = ArgumentCaptor.forClass(Integer.class);
+        ArgumentCaptor<Boolean> allowNullCapture = ArgumentCaptor.forClass(Boolean.class);
+
+        PowerMockito.when(mockValidator.getValidInput(Matchers.anyString(), inputCapture.capture(), typeCapture
+            .capture(), lenghtCapture.capture(), allowNullCapture.capture())).thenThrow(ValidationException.class);
+        PowerMockito.when(mockSecConfig.getIntProp("HttpUtilities.URILENGTH")).thenReturn(maxLength);
+        PowerMockito.when(mockRequest.getQueryString()).thenReturn(queryString);
+
+        SecurityWrapperRequest request = new SecurityWrapperRequest(mockRequest);
+        String rval = request.getQueryString();
+        Assert.assertEquals("", rval);
+
+        Assert.assertEquals(queryString, inputCapture.getValue());
+        Assert.assertEquals("HTTPQueryString", typeCapture.getValue());
+        Assert.assertTrue(maxLength == lenghtCapture.getValue().intValue());
+        Assert.assertEquals(true, allowNullCapture.getValue());
+
+        Mockito.verify(mockValidator, Mockito.times(1)).getValidInput(Matchers.anyString(), Matchers.anyString(),
+            Matchers.anyString(), Matchers.anyInt(), Matchers.anyBoolean());
+        Mockito.verify(mockSecConfig, Mockito.times(1)).getIntProp("HttpUtilities.URILENGTH");
+        Mockito.verify(mockRequest, Mockito.times(1)).getQueryString();
+    }
+}

From 5f91df0a6a454bc5df04e2e64918ebba59f4512a Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sat, 20 Jan 2018 09:29:03 -0600
Subject: [PATCH 469/812] Whitelist Regex Validation Tests

Providing a structure to assert that the enviroment configurations will
provide expected responses when passed controlled values.

Performing a preliminary whitelist test set on HttpQueryString regex from
ESAPI.properties.

The test implementation asserts that the regex being tested matches the
test environment's regex for a given property. If the regex strings
differ, the tests associated with that property will be skipped to prevent
false-positives from being provided to a client.
---
 .../esapi/reference/AbstractPatternTest.java  | 49 ++++++++++
 ...EsapiWhitelistValidationPatternTester.java | 91 +++++++++++++++++++
 2 files changed, 140 insertions(+)
 create mode 100644 src/test/java/org/owasp/esapi/reference/AbstractPatternTest.java
 create mode 100644 src/test/java/org/owasp/esapi/reference/EsapiWhitelistValidationPatternTester.java

diff --git a/src/test/java/org/owasp/esapi/reference/AbstractPatternTest.java b/src/test/java/org/owasp/esapi/reference/AbstractPatternTest.java
new file mode 100644
index 000000000..3fd72ebaf
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/reference/AbstractPatternTest.java
@@ -0,0 +1,49 @@
+package org.owasp.esapi.reference;
+
+import java.util.regex.Pattern;
+
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+
+
+/**
+ * FIXME:  Document intent of class.  General Function, purpose of creation, intended feature, etc.
+ *  Why do people care this exists? 
+ * @author Jeremiah
+ * @since Jan 20, 2018
+ *
+ */
+@RunWith (Parameterized.class)
+public abstract class AbstractPatternTest {
+    
+    protected static class PatternTestTuple {
+        String input;
+        String regex;
+        boolean shouldMatch;
+        String description;
+        /** {@inheritDoc}*/        
+        @Override
+        public String toString() {
+           return description != null ? description : regex;
+        }
+    }
+
+    private String input;
+    private Pattern pattern;
+    private boolean shouldMatch;
+    
+    
+    public AbstractPatternTest(PatternTestTuple tuple) {
+        this.input = tuple.input;
+        this.pattern = Pattern.compile(tuple.regex);
+        this.shouldMatch = tuple.shouldMatch;
+    }
+    
+    @Test
+    public void checkPatternMatches() {
+        Assert.assertEquals(shouldMatch, pattern.matcher(input).matches());
+    }
+    
+}
diff --git a/src/test/java/org/owasp/esapi/reference/EsapiWhitelistValidationPatternTester.java b/src/test/java/org/owasp/esapi/reference/EsapiWhitelistValidationPatternTester.java
new file mode 100644
index 000000000..4a1bd5ffb
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/reference/EsapiWhitelistValidationPatternTester.java
@@ -0,0 +1,91 @@
+package org.owasp.esapi.reference;
+
+import java.util.ArrayList;
+import java.util.Collection;
+
+import org.junit.Assume;
+import org.junit.runners.Parameterized.Parameters;
+import org.owasp.esapi.reference.DefaultSecurityConfiguration;
+
+/**
+ * Extension of the AbstractPatternTest which focuses on asserting that the default whitelist regex values applied in
+ * the validation process are performing the intended function in the environment.
+ * 
+ * <br/>
+ * 
+ * If the regex values in this test are found to not match the running environment configurations, then the tests will
+ * be skipped.
+ *
+ * @author Jeremiah
+ * @since Jan 20, 2018
+ */
+public class EsapiWhitelistValidationPatternTester extends AbstractPatternTest {
+    //See ESAPI.properties
+    private static final String HTTP_QUERY_STRING_PROP_NAME="HTTPQueryString";
+    private static final String HTTP_QUERY_STRING_REGEX="^([a-zA-Z0-9_\\-]{1,32}=[\\p{L}\\p{N}.\\-/+=_ !$*?@%]*&?)*$";
+
+    @Parameters(name = "{0}-{1}")
+    public static Collection<Object[]> createDefaultPatternTests() {
+        Collection<Object[]> parameters = new ArrayList<>();
+        
+        for(PatternTestTuple tuple : buildHttpQueryStringTests()) {
+            parameters.add(new Object[] { HTTP_QUERY_STRING_PROP_NAME, tuple });
+        }
+
+        
+        return parameters;
+    }
+    
+    private static Collection<PatternTestTuple> buildHttpQueryStringTests() {
+        Collection <PatternTestTuple> httpQueryStringTests = new ArrayList<>();
+        
+        //MATCHING CASES
+        PatternTestTuple tuple = newHttpQueryStringTuple("Default Case", "b", true);
+        httpQueryStringTests.add(tuple);
+        tuple = newHttpQueryStringTuple("Percent Encoded Value", "%62", true);
+        httpQueryStringTests.add(tuple);
+        tuple = newHttpQueryStringTuple("Percent Encoded Null Character", "%00", true);
+        httpQueryStringTests.add(tuple);
+        tuple = newHttpQueryStringTuple("Double Equals", "=", true);
+        httpQueryStringTests.add(tuple);
+        
+        //NON-MATCHING CASES
+        tuple = newHttpQueryStringTuple("Ampersand In Value", "&b", false);
+        httpQueryStringTests.add(tuple);
+        tuple = newHttpQueryStringTuple("Null Character", ""+Character.MIN_VALUE, false);
+        httpQueryStringTests.add(tuple);
+        tuple = newHttpQueryStringTuple("Encoded Null Character", "\u0000", false);
+        httpQueryStringTests.add(tuple);
+        
+        return httpQueryStringTests;
+    }
+
+    private static PatternTestTuple newHttpQueryStringTuple(String description, String value, boolean shouldPass) {
+        PatternTestTuple tuple = new PatternTestTuple();
+        tuple.input = "a="+value;
+        tuple.shouldMatch = shouldPass;
+        tuple.regex = HTTP_QUERY_STRING_REGEX;
+        tuple.description = description;
+        return tuple;
+    }
+   
+    public EsapiWhitelistValidationPatternTester(String property, PatternTestTuple tuple) {
+        super(tuple);
+        /*
+         * This next block causes the case to be skipped programatically if the regex being tested
+         * is different than the one being loaded at runtime.
+         * This is being done to prevent a false sense of security.
+         * If the configurations are changed to meet additional environmental concerns, the intent of this test should
+         * be copied into that environment and tested there to assert the additional expectations or changes in desired
+         * behavior.
+         */
+        DefaultSecurityConfiguration configuration = new DefaultSecurityConfiguration();
+        Assume.assumeTrue(
+            "The regular expression specified does not match the configuration settings.\n"
+            + "If the value was changed from the ESAPI default, it is recommended to copy "
+            + "this class into your project, update the regex being tested, and update all "
+            + "associated input expectations for your unique environment.",
+            configuration.getValidationPattern(property).toString().equals(tuple.regex));
+    }
+
+}

From f5a190ff8a709bf712783cac12280c4f786c2624 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sat, 20 Jan 2018 09:34:08 -0600
Subject: [PATCH 470/812] PercentCodec String/character encode/decode

Set of tests for PercentCodec which tests the encode
and decode features using both String and Character api calls.

Initial test data sets are derived from 'AbstractCodecTest',
'SafeRequestTest', as well as the interal immune character set from
PercentCodec implementation.
---
 .../codecs/AbstractCodecCharacterTest.java    |  72 ++++++++++++
 .../esapi/codecs/AbstractCodecStringTest.java |  61 ++++++++++
 .../codecs/PercentCodecCharacterTest.java     | 108 ++++++++++++++++++
 .../esapi/codecs/PercentCodecStringTest.java  |  85 ++++++++++++++
 4 files changed, 326 insertions(+)
 create mode 100644 src/test/java/org/owasp/esapi/codecs/AbstractCodecCharacterTest.java
 create mode 100644 src/test/java/org/owasp/esapi/codecs/AbstractCodecStringTest.java
 create mode 100644 src/test/java/org/owasp/esapi/codecs/PercentCodecCharacterTest.java
 create mode 100644 src/test/java/org/owasp/esapi/codecs/PercentCodecStringTest.java

diff --git a/src/test/java/org/owasp/esapi/codecs/AbstractCodecCharacterTest.java b/src/test/java/org/owasp/esapi/codecs/AbstractCodecCharacterTest.java
new file mode 100644
index 000000000..f6b708a67
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/codecs/AbstractCodecCharacterTest.java
@@ -0,0 +1,72 @@
+package org.owasp.esapi.codecs;
+
+import java.util.Arrays;
+
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+import org.owasp.esapi.codecs.Codec;
+import org.owasp.esapi.codecs.PushbackString;
+
+
+/**
+ * FIXME:  Document intent of class.  General Function, purpose of creation, intended feature, etc.
+ *  Why do people care this exists? 
+ * @author Jeremiah
+ * @since Jan 20, 2018
+ *
+ */
+@RunWith(Parameterized.class)
+public abstract class AbstractCodecCharacterTest {
+    
+    protected static class CodecCharacterTestTuple {
+        Codec codec;
+        char[] encodeImmune;
+        String input;
+        Character decodedValue;
+        String description;
+        /** {@inheritDoc}*/
+        
+        @Override
+        public String toString() {
+            return description != null ? description : codec.getClass().getSimpleName() + "  "+input;
+        }
+    }
+
+    
+    protected final Codec codec;
+    protected final String input;
+    protected final char[] encodeImmune;
+    protected final Character decodedValue;
+    
+    public AbstractCodecCharacterTest(CodecCharacterTestTuple tuple) {
+        this.codec = tuple.codec;
+        this.input = tuple.input;
+        this.decodedValue = tuple.decodedValue;
+        this.encodeImmune = tuple.encodeImmune;
+    }
+        
+    @Test
+    public void testEncodeCharacter() {
+        Assert.assertEquals(input, codec.encodeCharacter(encodeImmune, decodedValue));
+    }
+    
+    @Test
+    public void testEncode() {
+        String expected = Arrays.asList(encodeImmune).contains(decodedValue) ? decodedValue.toString() : input;
+        Assert.assertEquals(expected, codec.encode(encodeImmune, decodedValue.toString()));
+    }
+    
+    @Test
+    public void testDecode() {
+         Assert.assertEquals(decodedValue.toString(), codec.decode(input));
+    }
+    
+    
+    @Test
+    public void testDecodePushbackSequence() {
+        Assert.assertEquals(decodedValue, codec.decodeCharacter(new PushbackString(input)));
+    }
+    
+}
diff --git a/src/test/java/org/owasp/esapi/codecs/AbstractCodecStringTest.java b/src/test/java/org/owasp/esapi/codecs/AbstractCodecStringTest.java
new file mode 100644
index 000000000..27d0ea12e
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/codecs/AbstractCodecStringTest.java
@@ -0,0 +1,61 @@
+package org.owasp.esapi.codecs;
+
+import java.util.Arrays;
+
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+import org.owasp.esapi.codecs.Codec;
+
+
+/**
+ * FIXME:  Document intent of class.  General Function, purpose of creation, intended feature, etc.
+ *  Why do people care this exists? 
+ * @author Jeremiah
+ * @since Jan 20, 2018
+ *
+ */
+@RunWith(Parameterized.class)
+public abstract class AbstractCodecStringTest {
+   
+    protected static class CodecStringTestTuple {
+        Codec codec;
+        char[] encodeImmune;
+        String input;
+        String decodedValue;
+        String description;
+        /** {@inheritDoc}*/
+        
+        @Override
+        public String toString() {
+            return description != null ? description : codec.getClass().getSimpleName() + "  "+input;
+        }
+    }
+
+    
+    private final Codec codec;
+    private final String input;
+    private final char[] encodeImmune;
+    private final String decodedValue;
+    
+    public AbstractCodecStringTest(CodecStringTestTuple tuple) {
+        this.codec = tuple.codec;
+        this.input = tuple.input;
+        this.decodedValue = tuple.decodedValue;
+        this.encodeImmune = tuple.encodeImmune;
+    }
+    
+    @Test
+    public void testDecode() {
+        Assert.assertEquals(decodedValue, codec.decode(input));
+    }
+  
+    
+    @Test
+    public void testEncode() {
+        String expected = Arrays.asList(encodeImmune).contains(decodedValue) ? decodedValue : input;
+        Assert.assertEquals(expected, codec.encode(encodeImmune, decodedValue));
+    }
+    
+}
diff --git a/src/test/java/org/owasp/esapi/codecs/PercentCodecCharacterTest.java b/src/test/java/org/owasp/esapi/codecs/PercentCodecCharacterTest.java
new file mode 100644
index 000000000..9617ccb9c
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/codecs/PercentCodecCharacterTest.java
@@ -0,0 +1,108 @@
+package org.owasp.esapi.codecs;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
+
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runners.Parameterized.Parameters;
+import org.owasp.esapi.codecs.PercentCodec;
+import org.owasp.esapi.codecs.PushbackString;
+
+/**
+ * FIXME:  Document intent of class.  General Function, purpose of creation, intended feature, etc.
+ *  Why do people care this exists? 
+ * @author Jeremiah
+ * @since Jan 20, 2018
+ *
+ */
+public class PercentCodecCharacterTest extends AbstractCodecCharacterTest {
+    private static final char[] PERCENT_CODEC_IMMUNE;
+
+    static {
+        /*
+         * The percent codec contains a unique immune character set which include letters and numbers that will not be transformed.
+         * 
+         * It is being replicated here to allow the test to reasonably expect the correct state back.
+         */
+        List<Character> immune = new ArrayList<>();
+        // 65 - 90 (capital letters) 97 - 122 lower case 48 - 57 digits
+        //numbers
+        for (int index = 48 ; index < 58; index ++) {
+            immune.add((char)index);
+        }
+        //letters
+        for (int index = 65 ; index < 91; index ++) {
+            Character capsChar = (char)index;
+            immune.add(capsChar);
+            immune.add(Character.toLowerCase(capsChar));            
+        }
+        
+        PERCENT_CODEC_IMMUNE = new char[immune.size()];
+        for (int index = 0; index < immune.size(); index++) {
+            PERCENT_CODEC_IMMUNE[index] = immune.get(index).charValue();
+        }
+    }
+
+    @Parameters(name="{0}")
+    public static Collection<Object[]> buildTests() {
+        Collection<Object[]> tests = new ArrayList<>();
+        
+        Collection<CodecCharacterTestTuple> tuples = new ArrayList<>();
+        tuples.add(newTuple("%3C",Character.valueOf('<')));
+      
+        tuples.add(newTuple("%C4%80",Character.valueOf((char)0x100)));
+        tuples.add(newTuple("%00",Character.MIN_VALUE));
+        tuples.add(newTuple("%3D",'='));
+        tuples.add(newTuple("%26",'&'));
+        
+        for (char c : PERCENT_CODEC_IMMUNE) {
+            tuples.add(newTuple(Character.toString(c), c));
+        }
+        
+        for (CodecCharacterTestTuple tuple : tuples) {
+            tests.add(new Object[]{tuple});
+        }
+        
+        return tests;
+    }
+    
+    
+    
+    private static CodecCharacterTestTuple newTuple(String encodedInput, Character decoded) {
+        CodecCharacterTestTuple tuple = new CodecCharacterTestTuple();
+        tuple.codec = new PercentCodec();
+        tuple.encodeImmune = PERCENT_CODEC_IMMUNE;
+        tuple.decodedValue = decoded;
+        tuple.input = encodedInput;
+        
+        return tuple;
+    }
+    /**
+     * @param tuple
+     */
+    public PercentCodecCharacterTest(CodecCharacterTestTuple tuple) {
+        super(tuple);
+    }
+    
+    
+    @Override
+    @Test
+    public void testDecodePushbackSequence() {
+        //If the input is not decoded, then null should be returned and the pushback string index should be unchanged.
+        //If the input is decode then the decoded value should be returned, and the pushback string index should have progressed forward.
+        
+        PushbackString pbs = new PushbackString(input);
+        int startIndex = pbs.index();
+        boolean shouldDecode = input.startsWith("%");
+        if (shouldDecode) {
+            Assert.assertEquals(decodedValue, codec.decodeCharacter(pbs));
+            Assert.assertTrue(startIndex < pbs.index());
+        } else {
+            Assert.assertEquals(null, codec.decodeCharacter(pbs));
+            Assert.assertEquals(startIndex, pbs.index());
+        }
+    }
+
+}
diff --git a/src/test/java/org/owasp/esapi/codecs/PercentCodecStringTest.java b/src/test/java/org/owasp/esapi/codecs/PercentCodecStringTest.java
new file mode 100644
index 000000000..91ca18b87
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/codecs/PercentCodecStringTest.java
@@ -0,0 +1,85 @@
+package org.owasp.esapi.codecs;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
+
+import org.junit.runners.Parameterized.Parameters;
+import org.owasp.esapi.codecs.PercentCodec;
+
+/**
+ * FIXME: Document intent of class. General Function, purpose of creation, intended feature, etc.
+ * Why do people care this exists?
+ * 
+ * @author Jeremiah
+ * @since Jan 20, 2018
+ */
+public class PercentCodecStringTest extends AbstractCodecStringTest {
+    private static final char[] PERCENT_CODEC_IMMUNE;
+
+    static {
+        /*
+         * The percent codec contains a unique immune character set which include letters and numbers that will not be transformed.
+         * 
+         * It is being replicated here to allow the test to reasonably expect the correct state back.
+         */
+        List<Character> immune = new ArrayList();
+        // 65 - 90 (capital letters) 97 - 122 lower case 48 - 57 digits
+        //numbers
+        for (int index = 48 ; index < 58; index ++) {
+            immune.add((char)index);
+        }
+        //letters
+        for (int index = 65 ; index < 91; index ++) {
+            Character capsChar = (char)index;
+            immune.add(capsChar);
+            immune.add(Character.toLowerCase(capsChar));            
+        }
+        
+        PERCENT_CODEC_IMMUNE = new char[immune.size()];
+        for (int index = 0; index < immune.size(); index++) {
+            PERCENT_CODEC_IMMUNE[index] = immune.get(index).charValue();
+        }
+    }
+
+    @Parameters(name = "{0}")
+    public static Collection<Object[]> buildTests() {
+        Collection<Object[]> tests = new ArrayList<>();
+
+        List<CodecStringTestTuple> tuples = new ArrayList<>();
+        tuples.add(newTuple("%3C", "<"));
+
+        tuples.add(newTuple("%C4%80", (char) 0x100));
+        tuples.add(newTuple("%00", Character.MIN_VALUE));
+        tuples.add(newTuple("%3D", '='));
+        tuples.add(newTuple("%26", '&'));
+
+        for (char c : PERCENT_CODEC_IMMUNE) {
+            tuples.add(newTuple(Character.toString(c), c));
+        }
+        
+        for (CodecStringTestTuple tuple : tuples) {
+            tests.add(new Object[] { tuple });
+        }
+
+        return tests;
+    }
+
+    private static CodecStringTestTuple newTuple(String input, Object decoded) {
+        CodecStringTestTuple tuple = new CodecStringTestTuple();
+        tuple.codec = new PercentCodec();
+        tuple.encodeImmune = PERCENT_CODEC_IMMUNE;
+        tuple.decodedValue = decoded.toString();
+        tuple.input = input;
+
+        return tuple;
+    }
+
+    /**
+     * @param tuple
+     */
+    public PercentCodecStringTest(CodecStringTestTuple tuple) {
+        super(tuple);
+    }
+
+}

From 6f60045cdd20e7b32cb2814734e58eb2c23e8ffe Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sat, 20 Jan 2018 09:38:11 -0600
Subject: [PATCH 471/812] Removing unstable tests

The tests removed from SafeRequestTest were attempting to validate
environment state as well as the unit functionality.  The intent of these
tests has been distributed to a workflow test check
(SecurityWrapperRequestTest), a whitelist validation test
(EsapiWhitelistValidationPatternTester), and tests for the PercentCodec's
impact on input data (PercentCodecStringTest, PercentCodecCharacterTest).

The combination of these tests assert that the pieces that were composing
the removed content will function under more explict and controlled
conditions.  Changes to configuration will nChanges to configuration will
now be revealed closer to the component that is directly impacted.
---
 .../owasp/esapi/filters/SafeRequestTest.java  | 61 -------------------
 1 file changed, 61 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/filters/SafeRequestTest.java b/src/test/java/org/owasp/esapi/filters/SafeRequestTest.java
index e404f8c46..db2f0d770 100644
--- a/src/test/java/org/owasp/esapi/filters/SafeRequestTest.java
+++ b/src/test/java/org/owasp/esapi/filters/SafeRequestTest.java
@@ -94,67 +94,6 @@ public void testGetQueryStringNull()
 		assertNull(wrappedReq.getQueryString());
 	}
 
-	public void testGetQueryStringNonNull()
-	{
-		MockHttpServletRequest req = new MockHttpServletRequest();
-		SecurityWrapperRequest wrappedReq;
-
-		req.setQueryString("a=b");
-		wrappedReq = new SecurityWrapperRequest(req);
-		assertEquals("a=b",wrappedReq.getQueryString());
-	}
-
-	public void testGetQueryStringNUL()
-	{
-		MockHttpServletRequest req = new MockHttpServletRequest();
-		SecurityWrapperRequest wrappedReq;
-
-		req.setQueryString("a=\u0000");
-		wrappedReq = new SecurityWrapperRequest(req);
-		assertEquals("",wrappedReq.getQueryString());
-	}
-
-	public void testGetQueryStringPercent()
-	{
-		MockHttpServletRequest req = new MockHttpServletRequest();
-		SecurityWrapperRequest wrappedReq;
-
-		req.setQueryString("a=%62");
-		wrappedReq = new SecurityWrapperRequest(req);
-		assertEquals("a=b",wrappedReq.getQueryString());
-	}
-	
-	public void testGetQueryStringPercentNUL()
-	{
-		MockHttpServletRequest req = new MockHttpServletRequest();
-		SecurityWrapperRequest wrappedReq;
-
-		req.setQueryString("a=%00");
-		wrappedReq = new SecurityWrapperRequest(req);
-		assertEquals("a="+Character.MIN_VALUE, wrappedReq.getQueryString());
-	}
-
-	public void testGetQueryStringPercentEquals()
-	{
-		MockHttpServletRequest req = new MockHttpServletRequest();
-		SecurityWrapperRequest wrappedReq;
-
-		req.setQueryString("a=%3d");
-		wrappedReq = new SecurityWrapperRequest(req);
-		assertEquals("a==",wrappedReq.getQueryString());
-	}
-
-	public void testGetQueryStringPercentAmpersand()
-	{
-		MockHttpServletRequest req = new MockHttpServletRequest();
-		SecurityWrapperRequest wrappedReq;
-
-		req.setQueryString("a=%26b");
-		wrappedReq = new SecurityWrapperRequest(req);
-		assertEquals("a=&b",wrappedReq.getQueryString());
-	}
-
-
 	// Test to ensure null-value contract defined by ServletRequest.getParameterNames(String) is met.
 	public void testGetParameterValuesReturnsNullWhenParameterDoesNotExistInRequest() {
 		MockHttpServletRequest request = new MockHttpServletRequest();

From 9d3d93a39d5192bac7835317f76a1cd1a26c921c Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Mon, 22 Jan 2018 08:33:48 -0600
Subject: [PATCH 472/812] Updating SecurityWrapperRequestTest

Test cleanup.  Extracting constants & static imports.  Adding
documentation. Fixing spelling errors.
---
 .../filters/SecurityWrapperRequestTest.java   | 137 ++++++++++++------
 1 file changed, 92 insertions(+), 45 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/filters/SecurityWrapperRequestTest.java b/src/test/java/org/owasp/esapi/filters/SecurityWrapperRequestTest.java
index 3200700c1..bf1a2d627 100644
--- a/src/test/java/org/owasp/esapi/filters/SecurityWrapperRequestTest.java
+++ b/src/test/java/org/owasp/esapi/filters/SecurityWrapperRequestTest.java
@@ -1,35 +1,48 @@
 package org.owasp.esapi.filters;
 
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+import static org.mockito.Matchers.anyBoolean;
+import static org.mockito.Matchers.anyInt;
+import static org.mockito.Matchers.anyString;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+
 import javax.servlet.http.HttpServletRequest;
 
-import org.junit.Assert;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.ArgumentCaptor;
-import org.mockito.Matchers;
 import org.mockito.Mock;
-import org.mockito.Mockito;
 import org.owasp.esapi.ESAPI;
 import org.owasp.esapi.SecurityConfiguration;
 import org.owasp.esapi.Validator;
 import org.owasp.esapi.errors.IntrusionException;
 import org.owasp.esapi.errors.ValidationException;
-import org.owasp.esapi.filters.SecurityWrapperRequest;
 import org.powermock.api.mockito.PowerMockito;
 import org.powermock.core.classloader.annotations.PrepareForTest;
 import org.powermock.modules.junit4.PowerMockRunner;
 
 /**
- * FIXME: Document intent of class. General Function, purpose of creation, intended feature, etc.
- * Why do people care this exists?
- * 
- * @author Jeremiah
- * @since Jan 3, 2018
+ * Unit tests for {@link SecurityWrapperRequest}.
+ * <br/>
+ * This test uses static context mocking! This can affect certain behaviors if it is executed in a JVM container with
+ * other tests depending on the same static reference - Which is going to be everything.
+ * <br/>
+ * This may affect some test environments, mostly IDE's. It is not expected that this impacts the Maven build, as
+ * surefire plugin isolates JVM's for tests during that phase.
  */
 @RunWith(PowerMockRunner.class)
 @PrepareForTest(ESAPI.class)
 public class SecurityWrapperRequestTest {
+    private static final String ESAPI_VALIDATOR_GETTER_METHOD_NAME = "validator";
+    private static final String ESAPY_SECURITY_CONFIGURATION_GETTER_METHOD_NAME = "securityConfiguration";
+    private static final String SECURITY_CONFIGURATION_LENGTH_KEY_NAME = "HttpUtilities.URILENGTH";
+
+    private static final int SECURITY_CONFIGURATION_MOCK_LENGTH = 255;
+
+    private static final String QUERY_STRING_CANONCALIZE_TYPE_KEY = "HTTPQueryString";
 
     @Mock
     private HttpServletRequest mockRequest;
@@ -41,68 +54,102 @@ public class SecurityWrapperRequestTest {
     @Before
     public void setup() throws Exception {
         PowerMockito.mockStatic(ESAPI.class);
-        PowerMockito.when(ESAPI.class, "validator").thenReturn(mockValidator);
-        PowerMockito.when(ESAPI.class, "securityConfiguration").thenReturn(mockSecConfig);
+        PowerMockito.when(ESAPI.class, ESAPI_VALIDATOR_GETTER_METHOD_NAME).thenReturn(mockValidator);
+        PowerMockito.when(ESAPI.class, ESAPY_SECURITY_CONFIGURATION_GETTER_METHOD_NAME).thenReturn(mockSecConfig);
     }
-
+    
+    /**
+     * Workflow test for happy-path getQueryString. Asserts delegation calls and parameters to delegate
+     * behaviors.
+     */
     @Test
-    public void testGetQueryString() throws IntrusionException, ValidationException {
-        String queryString = "queryString";
-        int maxLength = 255;
+    public void testGetQueryString() throws Exception {
+        String originalQuery = "queryString";
+        String canonicalizedResponse = "canonicalized_query";
 
         ArgumentCaptor<String> inputCapture = ArgumentCaptor.forClass(String.class);
         ArgumentCaptor<String> typeCapture = ArgumentCaptor.forClass(String.class);
-        ArgumentCaptor<Integer> lenghtCapture = ArgumentCaptor.forClass(Integer.class);
+        ArgumentCaptor<Integer> lengthCapture = ArgumentCaptor.forClass(Integer.class);
         ArgumentCaptor<Boolean> allowNullCapture = ArgumentCaptor.forClass(Boolean.class);
 
-        PowerMockito.when(mockValidator.getValidInput(Matchers.anyString(), inputCapture.capture(), typeCapture
-            .capture(), lenghtCapture.capture(), allowNullCapture.capture())).thenReturn("canonicalized");
-        PowerMockito.when(mockSecConfig.getIntProp("HttpUtilities.URILENGTH")).thenReturn(maxLength);
-        PowerMockito.when(mockRequest.getQueryString()).thenReturn(queryString);
+        String context = anyString();
+        String input = inputCapture.capture();
+        String type = typeCapture.capture();
+        Integer length = lengthCapture.capture();
+        Boolean allowNull = allowNullCapture.capture();
+
+        PowerMockito.when(mockValidator.getValidInput(context, input, type, length, allowNull)).thenReturn(
+            canonicalizedResponse);
+        PowerMockito.when(mockSecConfig.getIntProp(SECURITY_CONFIGURATION_LENGTH_KEY_NAME)).thenReturn(
+            SECURITY_CONFIGURATION_MOCK_LENGTH);
+
+        PowerMockito.when(mockRequest.getQueryString()).thenReturn(originalQuery);
 
         SecurityWrapperRequest request = new SecurityWrapperRequest(mockRequest);
         String rval = request.getQueryString();
-        Assert.assertEquals("canonicalized", rval);
+        assertEquals(canonicalizedResponse, rval);
 
-        Assert.assertEquals(queryString, inputCapture.getValue());
-        Assert.assertEquals("HTTPQueryString", typeCapture.getValue());
-        Assert.assertTrue(maxLength == lenghtCapture.getValue().intValue());
-        Assert.assertEquals(true, allowNullCapture.getValue());
+        String actualInput = inputCapture.getValue();
+        String actualType = typeCapture.getValue();
+        int actualLength = lengthCapture.getValue().intValue();
+        boolean actualAllowNull = allowNullCapture.getValue().booleanValue();
 
-        Mockito.verify(mockValidator, Mockito.times(1)).getValidInput(Matchers.anyString(), Matchers.anyString(),
-            Matchers.anyString(), Matchers.anyInt(), Matchers.anyBoolean());
-        Mockito.verify(mockSecConfig, Mockito.times(1)).getIntProp("HttpUtilities.URILENGTH");
-        Mockito.verify(mockRequest, Mockito.times(1)).getQueryString();
+        assertEquals(originalQuery, actualInput);
+        assertEquals(QUERY_STRING_CANONCALIZE_TYPE_KEY, actualType);
+        assertTrue(SECURITY_CONFIGURATION_MOCK_LENGTH == actualLength);
+        assertTrue(actualAllowNull);
+
+        verify(mockValidator, times(1)).getValidInput(anyString(), anyString(), anyString(), anyInt(), anyBoolean());
+        verify(mockSecConfig, times(1)).getIntProp(SECURITY_CONFIGURATION_LENGTH_KEY_NAME);
+        verify(mockRequest, times(1)).getQueryString();
     }
 
+    /**
+     * Test for getQueryString when validation throws an Exception. 
+     * <br/>
+     * Asserts delegation calls and parameters to delegate behaviors.
+     */
     @SuppressWarnings("unchecked")
     @Test
     public void testGetQueryStringCanonicalizeException() throws IntrusionException, ValidationException {
-        String queryString = "queryString";
-        int maxLength = 255;
+        String originalQuery = "queryString";
 
         ArgumentCaptor<String> inputCapture = ArgumentCaptor.forClass(String.class);
         ArgumentCaptor<String> typeCapture = ArgumentCaptor.forClass(String.class);
-        ArgumentCaptor<Integer> lenghtCapture = ArgumentCaptor.forClass(Integer.class);
+        ArgumentCaptor<Integer> lengthCapture = ArgumentCaptor.forClass(Integer.class);
         ArgumentCaptor<Boolean> allowNullCapture = ArgumentCaptor.forClass(Boolean.class);
 
-        PowerMockito.when(mockValidator.getValidInput(Matchers.anyString(), inputCapture.capture(), typeCapture
-            .capture(), lenghtCapture.capture(), allowNullCapture.capture())).thenThrow(ValidationException.class);
-        PowerMockito.when(mockSecConfig.getIntProp("HttpUtilities.URILENGTH")).thenReturn(maxLength);
-        PowerMockito.when(mockRequest.getQueryString()).thenReturn(queryString);
+        String context = anyString();
+        String input = inputCapture.capture();
+        String type = typeCapture.capture();
+        Integer length = lengthCapture.capture();
+        Boolean allowNull = allowNullCapture.capture();
+
+        PowerMockito.when(mockValidator.getValidInput(context, input, type, length, allowNull)).thenThrow(
+            ValidationException.class);
+        PowerMockito.when(mockSecConfig.getIntProp(SECURITY_CONFIGURATION_LENGTH_KEY_NAME)).thenReturn(
+            SECURITY_CONFIGURATION_MOCK_LENGTH);
+
+        PowerMockito.when(mockRequest.getQueryString()).thenReturn(originalQuery);
 
         SecurityWrapperRequest request = new SecurityWrapperRequest(mockRequest);
         String rval = request.getQueryString();
-        Assert.assertEquals("", rval);
 
-        Assert.assertEquals(queryString, inputCapture.getValue());
-        Assert.assertEquals("HTTPQueryString", typeCapture.getValue());
-        Assert.assertTrue(maxLength == lenghtCapture.getValue().intValue());
-        Assert.assertEquals(true, allowNullCapture.getValue());
+        assertTrue("SecurityWrapperRequest should return an empty String when an exception occurs in validation", rval
+            .isEmpty());
+
+        String actualInput = inputCapture.getValue();
+        String actualType = typeCapture.getValue();
+        int actualLength = lengthCapture.getValue().intValue();
+        boolean actualAllowNull = allowNullCapture.getValue().booleanValue();
+
+        assertEquals(originalQuery, actualInput);
+        assertEquals(QUERY_STRING_CANONCALIZE_TYPE_KEY, actualType);
+        assertTrue(SECURITY_CONFIGURATION_MOCK_LENGTH == actualLength);
+        assertTrue(actualAllowNull);
 
-        Mockito.verify(mockValidator, Mockito.times(1)).getValidInput(Matchers.anyString(), Matchers.anyString(),
-            Matchers.anyString(), Matchers.anyInt(), Matchers.anyBoolean());
-        Mockito.verify(mockSecConfig, Mockito.times(1)).getIntProp("HttpUtilities.URILENGTH");
-        Mockito.verify(mockRequest, Mockito.times(1)).getQueryString();
+        verify(mockValidator, times(1)).getValidInput(anyString(), anyString(), anyString(), anyInt(), anyBoolean());
+        verify(mockSecConfig, times(1)).getIntProp(SECURITY_CONFIGURATION_LENGTH_KEY_NAME);
+        verify(mockRequest, times(1)).getQueryString();
     }
 }

From c3870f660439e39a22a14ca013c8da17aa59eb66 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Mon, 22 Jan 2018 08:47:34 -0600
Subject: [PATCH 473/812] Pattern Validation Test Cleanup

Adding documentation to the AbstractPatternTest to help with usability.
Extracting message constant to a class var in
EsapiWhitelistValidaitonPatternTests for improved readability.
---
 .../esapi/reference/AbstractPatternTest.java  | 35 ++++++++------
 ...EsapiWhitelistValidationPatternTester.java | 46 +++++++++----------
 2 files changed, 43 insertions(+), 38 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/reference/AbstractPatternTest.java b/src/test/java/org/owasp/esapi/reference/AbstractPatternTest.java
index 3fd72ebaf..9cf1e0e20 100644
--- a/src/test/java/org/owasp/esapi/reference/AbstractPatternTest.java
+++ b/src/test/java/org/owasp/esapi/reference/AbstractPatternTest.java
@@ -7,43 +7,50 @@
 import org.junit.runner.RunWith;
 import org.junit.runners.Parameterized;
 
-
 /**
- * FIXME:  Document intent of class.  General Function, purpose of creation, intended feature, etc.
- *  Why do people care this exists? 
- * @author Jeremiah
- * @since Jan 20, 2018
- *
+ * Abstract parameterized test case meant to assist with verifying regular expressions in test scope.
+ * <br/>
+ * Sub-classes are expected to provide instances of {@link PatternTestTuple} to this instance.
+ * <br/>
+ * For better test naming output specify {@link PatternTestTuple#description} and use {@code} @Parameters (name="{0}")},
+ * where '0' is the index that the PatternTestTuple reference appears in the constructor.
  */
-@RunWith (Parameterized.class)
+@RunWith(Parameterized.class)
 public abstract class AbstractPatternTest {
-    
+
+    /**
+     * Test tuple for Pattern validation.
+     */
     protected static class PatternTestTuple {
+        /** String value to be tested against the compiled regex reference. */
         String input;
+        /** Regular expression string that will be compiled and be passed the input. */
         String regex;
+        /** Test Expectation whether input should match the compiled regex. */
         boolean shouldMatch;
+        /** Optional field to override the toString value of this tuple. */
         String description;
-        /** {@inheritDoc}*/        
+
+        /** {@inheritDoc} */
         @Override
         public String toString() {
-           return description != null ? description : regex;
+            return description != null ? description : regex;
         }
     }
 
     private String input;
     private Pattern pattern;
     private boolean shouldMatch;
-    
-    
+
     public AbstractPatternTest(PatternTestTuple tuple) {
         this.input = tuple.input;
         this.pattern = Pattern.compile(tuple.regex);
         this.shouldMatch = tuple.shouldMatch;
     }
-    
+
     @Test
     public void checkPatternMatches() {
         Assert.assertEquals(shouldMatch, pattern.matcher(input).matches());
     }
-    
+
 }
diff --git a/src/test/java/org/owasp/esapi/reference/EsapiWhitelistValidationPatternTester.java b/src/test/java/org/owasp/esapi/reference/EsapiWhitelistValidationPatternTester.java
index 4a1bd5ffb..d00d4c19a 100644
--- a/src/test/java/org/owasp/esapi/reference/EsapiWhitelistValidationPatternTester.java
+++ b/src/test/java/org/owasp/esapi/reference/EsapiWhitelistValidationPatternTester.java
@@ -10,9 +10,7 @@
 /**
  * Extension of the AbstractPatternTest which focuses on asserting that the default whitelist regex values applied in
  * the validation process are performing the intended function in the environment.
- * 
  * <br/>
- * 
  * If the regex values in this test are found to not match the running environment configurations, then the tests will
  * be skipped.
  *
@@ -20,26 +18,30 @@
  * @since Jan 20, 2018
  */
 public class EsapiWhitelistValidationPatternTester extends AbstractPatternTest {
-    //See ESAPI.properties
-    private static final String HTTP_QUERY_STRING_PROP_NAME="HTTPQueryString";
-    private static final String HTTP_QUERY_STRING_REGEX="^([a-zA-Z0-9_\\-]{1,32}=[\\p{L}\\p{N}.\\-/+=_ !$*?@%]*&?)*$";
+    // See ESAPI.properties
+    private static final String HTTP_QUERY_STRING_PROP_NAME = "HTTPQueryString";
+    private static final String HTTP_QUERY_STRING_REGEX = "^([a-zA-Z0-9_\\-]{1,32}=[\\p{L}\\p{N}.\\-/+=_ !$*?@%]*&?)*$";
+
+    private static final String CONFIGURATION_PATTERN_MISMATCH_MESSAGE = "The regular expression specified does not match the configuration settings.\n"
+        + "If the value was changed from the ESAPI default, it is recommended to copy "
+        + "this class into your project, update the regex being tested, and update all "
+        + "associated input expectations for your unique environment.";
 
     @Parameters(name = "{0}-{1}")
     public static Collection<Object[]> createDefaultPatternTests() {
         Collection<Object[]> parameters = new ArrayList<>();
-        
-        for(PatternTestTuple tuple : buildHttpQueryStringTests()) {
+
+        for (PatternTestTuple tuple : buildHttpQueryStringTests()) {
             parameters.add(new Object[] { HTTP_QUERY_STRING_PROP_NAME, tuple });
         }
 
-        
         return parameters;
     }
-    
+
     private static Collection<PatternTestTuple> buildHttpQueryStringTests() {
-        Collection <PatternTestTuple> httpQueryStringTests = new ArrayList<>();
-        
-        //MATCHING CASES
+        Collection<PatternTestTuple> httpQueryStringTests = new ArrayList<>();
+
+        // MATCHING CASES
         PatternTestTuple tuple = newHttpQueryStringTuple("Default Case", "b", true);
         httpQueryStringTests.add(tuple);
         tuple = newHttpQueryStringTuple("Percent Encoded Value", "%62", true);
@@ -48,27 +50,27 @@ private static Collection<PatternTestTuple> buildHttpQueryStringTests() {
         httpQueryStringTests.add(tuple);
         tuple = newHttpQueryStringTuple("Double Equals", "=", true);
         httpQueryStringTests.add(tuple);
-        
-        //NON-MATCHING CASES
+
+        // NON-MATCHING CASES
         tuple = newHttpQueryStringTuple("Ampersand In Value", "&b", false);
         httpQueryStringTests.add(tuple);
-        tuple = newHttpQueryStringTuple("Null Character", ""+Character.MIN_VALUE, false);
+        tuple = newHttpQueryStringTuple("Null Character", "" + Character.MIN_VALUE, false);
         httpQueryStringTests.add(tuple);
         tuple = newHttpQueryStringTuple("Encoded Null Character", "\u0000", false);
         httpQueryStringTests.add(tuple);
-        
+
         return httpQueryStringTests;
     }
 
     private static PatternTestTuple newHttpQueryStringTuple(String description, String value, boolean shouldPass) {
         PatternTestTuple tuple = new PatternTestTuple();
-        tuple.input = "a="+value;
+        tuple.input = "a=" + value;
         tuple.shouldMatch = shouldPass;
         tuple.regex = HTTP_QUERY_STRING_REGEX;
         tuple.description = description;
         return tuple;
     }
-   
+
     public EsapiWhitelistValidationPatternTester(String property, PatternTestTuple tuple) {
         super(tuple);
         /*
@@ -80,12 +82,8 @@ public EsapiWhitelistValidationPatternTester(String property, PatternTestTuple t
          * behavior.
          */
         DefaultSecurityConfiguration configuration = new DefaultSecurityConfiguration();
-        Assume.assumeTrue(
-            "The regular expression specified does not match the configuration settings.\n"
-            + "If the value was changed from the ESAPI default, it is recommended to copy "
-            + "this class into your project, update the regex being tested, and update all "
-            + "associated input expectations for your unique environment.",
-            configuration.getValidationPattern(property).toString().equals(tuple.regex));
+        Assume.assumeTrue(CONFIGURATION_PATTERN_MISMATCH_MESSAGE, configuration.getValidationPattern(property)
+            .toString().equals(tuple.regex));
     }
 
 }

From c4d77b142edc14d22fcba6b6d7f8ffc7f0221394 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Mon, 22 Jan 2018 09:30:24 -0600
Subject: [PATCH 474/812] PercentCodecCharacterTest cleanup

Splitting up the PushbackSequence test for better readability.  Adding
documentation.  Whitespace cleanup.
---
 .../codecs/PercentCodecCharacterTest.java     | 105 ++++++++++--------
 1 file changed, 58 insertions(+), 47 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/codecs/PercentCodecCharacterTest.java b/src/test/java/org/owasp/esapi/codecs/PercentCodecCharacterTest.java
index 9617ccb9c..ca7ddf1b6 100644
--- a/src/test/java/org/owasp/esapi/codecs/PercentCodecCharacterTest.java
+++ b/src/test/java/org/owasp/esapi/codecs/PercentCodecCharacterTest.java
@@ -11,98 +11,109 @@
 import org.owasp.esapi.codecs.PushbackString;
 
 /**
- * FIXME:  Document intent of class.  General Function, purpose of creation, intended feature, etc.
- *  Why do people care this exists? 
- * @author Jeremiah
- * @since Jan 20, 2018
- *
+ *  Codec validation focused on the PercentCodec Character-based api.
+ *  
  */
 public class PercentCodecCharacterTest extends AbstractCodecCharacterTest {
     private static final char[] PERCENT_CODEC_IMMUNE;
 
     static {
         /*
-         * The percent codec contains a unique immune character set which include letters and numbers that will not be transformed.
-         * 
+         * The percent codec contains a unique immune character set which include letters and numbers that will not be
+         * transformed.
          * It is being replicated here to allow the test to reasonably expect the correct state back.
          */
         List<Character> immune = new ArrayList<>();
         // 65 - 90 (capital letters) 97 - 122 lower case 48 - 57 digits
-        //numbers
-        for (int index = 48 ; index < 58; index ++) {
-            immune.add((char)index);
+        // numbers
+        for (int index = 48; index < 58; index++) {
+            immune.add((char) index);
         }
-        //letters
-        for (int index = 65 ; index < 91; index ++) {
-            Character capsChar = (char)index;
+        // letters
+        for (int index = 65; index < 91; index++) {
+            Character capsChar = (char) index;
             immune.add(capsChar);
-            immune.add(Character.toLowerCase(capsChar));            
+            immune.add(Character.toLowerCase(capsChar));
         }
-        
+
         PERCENT_CODEC_IMMUNE = new char[immune.size()];
         for (int index = 0; index < immune.size(); index++) {
             PERCENT_CODEC_IMMUNE[index] = immune.get(index).charValue();
         }
     }
 
-    @Parameters(name="{0}")
+    @Parameters(name = "{0}")
     public static Collection<Object[]> buildTests() {
         Collection<Object[]> tests = new ArrayList<>();
-        
+
         Collection<CodecCharacterTestTuple> tuples = new ArrayList<>();
-        tuples.add(newTuple("%3C",Character.valueOf('<')));
-      
-        tuples.add(newTuple("%C4%80",Character.valueOf((char)0x100)));
-        tuples.add(newTuple("%00",Character.MIN_VALUE));
-        tuples.add(newTuple("%3D",'='));
-        tuples.add(newTuple("%26",'&'));
-        
+        tuples.add(newTuple("%3C", Character.valueOf('<')));
+
+        tuples.add(newTuple("%C4%80", Character.valueOf((char) 0x100)));
+        tuples.add(newTuple("%00", Character.MIN_VALUE));
+        tuples.add(newTuple("%3D", '='));
+        tuples.add(newTuple("%26", '&'));
+
         for (char c : PERCENT_CODEC_IMMUNE) {
             tuples.add(newTuple(Character.toString(c), c));
         }
-        
+
         for (CodecCharacterTestTuple tuple : tuples) {
-            tests.add(new Object[]{tuple});
+            tests.add(new Object[] { tuple });
         }
-        
+
         return tests;
     }
-    
-    
-    
+
     private static CodecCharacterTestTuple newTuple(String encodedInput, Character decoded) {
         CodecCharacterTestTuple tuple = new CodecCharacterTestTuple();
         tuple.codec = new PercentCodec();
         tuple.encodeImmune = PERCENT_CODEC_IMMUNE;
         tuple.decodedValue = decoded;
         tuple.input = encodedInput;
-        
+
         return tuple;
     }
-    /**
-     * @param tuple
-     */
+
     public PercentCodecCharacterTest(CodecCharacterTestTuple tuple) {
         super(tuple);
     }
-    
-    
+
     @Override
     @Test
     public void testDecodePushbackSequence() {
-        //If the input is not decoded, then null should be returned and the pushback string index should be unchanged.
-        //If the input is decode then the decoded value should be returned, and the pushback string index should have progressed forward.
-        
-        PushbackString pbs = new PushbackString(input);
-        int startIndex = pbs.index();
-        boolean shouldDecode = input.startsWith("%");
-        if (shouldDecode) {
-            Assert.assertEquals(decodedValue, codec.decodeCharacter(pbs));
-            Assert.assertTrue(startIndex < pbs.index());
+        // check duplicated from PushbackSequence handling in PercentCodec.
+        boolean inputIsEncoded = input.startsWith("%");
+
+        if (inputIsEncoded) {
+            assertInputIsDecodedToValue();
         } else {
-            Assert.assertEquals(null, codec.decodeCharacter(pbs));
-            Assert.assertEquals(startIndex, pbs.index());
+            assertInputIsDecodedToNull();
         }
     }
 
+    /**
+     * tests that when Input is decoded through a PushbackString that the decodedValue reference is returned and that
+     * the PushbackString index has incremented.
+     */
+    @SuppressWarnings("unchecked")
+    private void assertInputIsDecodedToValue() {
+        PushbackString pbs = new PushbackString(input);
+        int startIndex = pbs.index();
+        Assert.assertEquals(decodedValue, codec.decodeCharacter(pbs));
+        Assert.assertTrue(startIndex < pbs.index());
+    }
+
+    /**
+     * tests that when Input is decoded through a PushbackString that null is returned and that the PushbackString index
+     * remains unchanged.
+     */
+    @SuppressWarnings("unchecked")
+    private void assertInputIsDecodedToNull() {
+        PushbackString pbs = new PushbackString(input);
+        int startIndex = pbs.index();
+        Assert.assertEquals(null, codec.decodeCharacter(pbs));
+        Assert.assertEquals(startIndex, pbs.index());
+    }
+
 }

From d44275761b28169fcff1ed9a61450a68855b7a9f Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Mon, 22 Jan 2018 09:50:51 -0600
Subject: [PATCH 475/812] AbstractCodecCharacterTest Cleanup

Adding documentation. Updating static imports.
---
 .../codecs/AbstractCodecCharacterTest.java    | 41 ++++++++++++-------
 1 file changed, 27 insertions(+), 14 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/codecs/AbstractCodecCharacterTest.java b/src/test/java/org/owasp/esapi/codecs/AbstractCodecCharacterTest.java
index f6b708a67..1101be47f 100644
--- a/src/test/java/org/owasp/esapi/codecs/AbstractCodecCharacterTest.java
+++ b/src/test/java/org/owasp/esapi/codecs/AbstractCodecCharacterTest.java
@@ -1,30 +1,36 @@
 package org.owasp.esapi.codecs;
 
+import static org.junit.Assert.assertEquals;
+
 import java.util.Arrays;
 
-import org.junit.Assert;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.Parameterized;
-import org.owasp.esapi.codecs.Codec;
-import org.owasp.esapi.codecs.PushbackString;
 
 
 /**
- * FIXME:  Document intent of class.  General Function, purpose of creation, intended feature, etc.
- *  Why do people care this exists? 
- * @author Jeremiah
- * @since Jan 20, 2018
- *
+ * Abstract parameterized test case meant to assist with verifying Character api of a Codec implementation.
+ * <br/>
+ * Sub-classes are expected to provide instances of {@link CodecCharacterTestTuple} to this instance.
+ * <br/>
+ * For better test naming output specify {@link CodecCharacterTestTuple#description} and use {@code} @Parameters (name="{0}")},
+ * where '0' is the index that the CodecCharacterTestTuple reference appears in the constructor.
  */
 @RunWith(Parameterized.class)
 public abstract class AbstractCodecCharacterTest {
     
+    /** Test Data Tuple.*/
     protected static class CodecCharacterTestTuple {
+        /** Codec reference to be tested.*/
         Codec codec;
+        /** Set of characters that should be considered 'immune' from decoding processes.*/
         char[] encodeImmune;
+        /** A String representing a single encoded character.*/
         String input;
+        /** The single character that input represents.*/
         Character decodedValue;
+        /** Optional field to override the toString value of this tuple. */
         String description;
         /** {@inheritDoc}*/
         
@@ -46,27 +52,34 @@ public AbstractCodecCharacterTest(CodecCharacterTestTuple tuple) {
         this.decodedValue = tuple.decodedValue;
         this.encodeImmune = tuple.encodeImmune;
     }
-        
+    
+    /** Checks that the input value matches the result of the codec encoding the decoded value.  */
     @Test
     public void testEncodeCharacter() {
-        Assert.assertEquals(input, codec.encodeCharacter(encodeImmune, decodedValue));
+        assertEquals(input, codec.encodeCharacter(encodeImmune, decodedValue));
     }
     
+    /** Checks encoding the character as a String.
+     * <br/>
+     * If the decoded value is in the immunity list, the the decoded value should be returned from the encode call.
+     * Otherwise, input is expected as the return. 
+     */
     @Test
     public void testEncode() {
         String expected = Arrays.asList(encodeImmune).contains(decodedValue) ? decodedValue.toString() : input;
-        Assert.assertEquals(expected, codec.encode(encodeImmune, decodedValue.toString()));
+        assertEquals(expected, codec.encode(encodeImmune, decodedValue.toString()));
     }
     
+    /**  Checks that decoding the input value yeilds the decodedValue.*/
     @Test
     public void testDecode() {
-         Assert.assertEquals(decodedValue.toString(), codec.decode(input));
+         assertEquals(decodedValue.toString(), codec.decode(input));
     }
     
-    
+    /** Checks that the encoded input String is correctly decoded to the single decodedValue character reference.*/
     @Test
     public void testDecodePushbackSequence() {
-        Assert.assertEquals(decodedValue, codec.decodeCharacter(new PushbackString(input)));
+        assertEquals(decodedValue, codec.decodeCharacter(new PushbackString(input)));
     }
     
 }

From dc20f53efbf026b9470ecc0092c25cbc7243b9f8 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Mon, 22 Jan 2018 09:58:25 -0600
Subject: [PATCH 476/812] AbstractCodecStringTest Cleanup

Adding documentation. Removed a copy/pasta check from testEncode
(originally from AbstractCodecCharacterTest).
---
 .../esapi/codecs/AbstractCodecStringTest.java | 26 ++++++++++++-------
 1 file changed, 16 insertions(+), 10 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/codecs/AbstractCodecStringTest.java b/src/test/java/org/owasp/esapi/codecs/AbstractCodecStringTest.java
index 27d0ea12e..eb31da763 100644
--- a/src/test/java/org/owasp/esapi/codecs/AbstractCodecStringTest.java
+++ b/src/test/java/org/owasp/esapi/codecs/AbstractCodecStringTest.java
@@ -7,23 +7,30 @@
 import org.junit.runner.RunWith;
 import org.junit.runners.Parameterized;
 import org.owasp.esapi.codecs.Codec;
+import org.owasp.esapi.codecs.AbstractCodecCharacterTest.CodecCharacterTestTuple;
 
 
 /**
- * FIXME:  Document intent of class.  General Function, purpose of creation, intended feature, etc.
- *  Why do people care this exists? 
- * @author Jeremiah
- * @since Jan 20, 2018
- *
+ * Abstract parameterized test case meant to assist with verifying String api of a Codec implementation.
+ * <br/>
+ * Sub-classes are expected to provide instances of {@link CodecStringTestTuple} to this instance.
+ * <br/>
+ * For better test naming output specify {@link CodecStringTestTuple#description} and use {@code} @Parameters (name="{0}")},
+ * where '0' is the index that the CodecStringTestTuple reference appears in the constructor.
  */
 @RunWith(Parameterized.class)
 public abstract class AbstractCodecStringTest {
    
     protected static class CodecStringTestTuple {
+        /** Codec reference to be tested.*/
         Codec codec;
+        /** Set of characters that should be considered 'immune' from decoding processes.*/
         char[] encodeImmune;
+        /** A String representing a contextually encoded String.*/
         String input;
+        /** The decoded representation of the input value.*/
         String decodedValue;
+        /** Optional field to override the toString value of this tuple. */
         String description;
         /** {@inheritDoc}*/
         
@@ -32,8 +39,6 @@ public String toString() {
             return description != null ? description : codec.getClass().getSimpleName() + "  "+input;
         }
     }
-
-    
     private final Codec codec;
     private final String input;
     private final char[] encodeImmune;
@@ -46,16 +51,17 @@ public AbstractCodecStringTest(CodecStringTestTuple tuple) {
         this.encodeImmune = tuple.encodeImmune;
     }
     
+
+    /** Checks that when the input is decoded using the specified codec, that the return matches the expected decoded value.*/
     @Test
     public void testDecode() {
         Assert.assertEquals(decodedValue, codec.decode(input));
     }
   
-    
+    /** Checks that when the decoded value is encoded (using immunity), that the return matches the provided input.*/
     @Test
     public void testEncode() {
-        String expected = Arrays.asList(encodeImmune).contains(decodedValue) ? decodedValue : input;
-        Assert.assertEquals(expected, codec.encode(encodeImmune, decodedValue));
+        Assert.assertEquals(input, codec.encode(encodeImmune, decodedValue));
     }
     
 }

From eb42bc0598099ae19b0896add592740aa718a38b Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Mon, 22 Jan 2018 10:01:39 -0600
Subject: [PATCH 477/812] Round2: AbstractCodecStringTest cleanup

Correcting imports that snuck in while I was working on documentation
updates.
---
 .../java/org/owasp/esapi/codecs/AbstractCodecStringTest.java  | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/codecs/AbstractCodecStringTest.java b/src/test/java/org/owasp/esapi/codecs/AbstractCodecStringTest.java
index eb31da763..b3fe53156 100644
--- a/src/test/java/org/owasp/esapi/codecs/AbstractCodecStringTest.java
+++ b/src/test/java/org/owasp/esapi/codecs/AbstractCodecStringTest.java
@@ -1,13 +1,9 @@
 package org.owasp.esapi.codecs;
 
-import java.util.Arrays;
-
 import org.junit.Assert;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.Parameterized;
-import org.owasp.esapi.codecs.Codec;
-import org.owasp.esapi.codecs.AbstractCodecCharacterTest.CodecCharacterTestTuple;
 
 
 /**

From 674dee017337b89aa1a28a9c67b5004f538ba4ab Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Mon, 22 Jan 2018 10:02:52 -0600
Subject: [PATCH 478/812] PercentCodecStringTest cleanup

Adding documentation.  Fixing a java generics declaration warning.
---
 .../org/owasp/esapi/codecs/PercentCodecStringTest.java   | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/codecs/PercentCodecStringTest.java b/src/test/java/org/owasp/esapi/codecs/PercentCodecStringTest.java
index 91ca18b87..a851ebcae 100644
--- a/src/test/java/org/owasp/esapi/codecs/PercentCodecStringTest.java
+++ b/src/test/java/org/owasp/esapi/codecs/PercentCodecStringTest.java
@@ -8,11 +8,8 @@
 import org.owasp.esapi.codecs.PercentCodec;
 
 /**
- * FIXME: Document intent of class. General Function, purpose of creation, intended feature, etc.
- * Why do people care this exists?
- * 
- * @author Jeremiah
- * @since Jan 20, 2018
+ *  Codec validation focused on the PercentCodec String-based api.
+ *  
  */
 public class PercentCodecStringTest extends AbstractCodecStringTest {
     private static final char[] PERCENT_CODEC_IMMUNE;
@@ -23,7 +20,7 @@ public class PercentCodecStringTest extends AbstractCodecStringTest {
          * 
          * It is being replicated here to allow the test to reasonably expect the correct state back.
          */
-        List<Character> immune = new ArrayList();
+        List<Character> immune = new ArrayList<>();
         // 65 - 90 (capital letters) 97 - 122 lower case 48 - 57 digits
         //numbers
         for (int index = 48 ; index < 58; index ++) {

From 93bf6928bb36ac4ac947d2b42c727c5513371b19 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Mon, 22 Jan 2018 14:06:55 -0600
Subject: [PATCH 479/812] Introducing Codec CodePoint abstraction

Adding ignored test structure to share implementation thought.  Has
failing tests presently, probably due to incorrect test structure and/or
expectations.  Working to resolve.
---
 .../codecs/AbstractCodecCodePointTest.java    |  78 +++++++++++
 .../codecs/PercentCodecCodePointTest.java     | 121 ++++++++++++++++++
 2 files changed, 199 insertions(+)
 create mode 100644 src/test/java/org/owasp/esapi/codecs/AbstractCodecCodePointTest.java
 create mode 100644 src/test/java/org/owasp/esapi/codecs/PercentCodecCodePointTest.java

diff --git a/src/test/java/org/owasp/esapi/codecs/AbstractCodecCodePointTest.java b/src/test/java/org/owasp/esapi/codecs/AbstractCodecCodePointTest.java
new file mode 100644
index 000000000..7d79d55bc
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/codecs/AbstractCodecCodePointTest.java
@@ -0,0 +1,78 @@
+package org.owasp.esapi.codecs;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+
+
+/**
+ * Abstract parameterized test case meant to assist with verifying Character api of a Codec implementation.
+ * <br/>
+ * Sub-classes are expected to provide instances of {@link CodecCodePointTestTuple} to this instance.
+ * <br/>
+ * For better test naming output specify {@link CodecCodePointTestTuple#description} and use {@code} @Parameters (name="{0}")},
+ * where '0' is the index that the CodecCodePointTestTuple reference appears in the constructor.
+ */
+@RunWith(Parameterized.class)
+public abstract class AbstractCodecCodePointTest {
+    
+    /** Test Data Tuple.*/
+    protected static class CodecCodePointTestTuple {
+        /** Codec reference to be tested.*/
+        Codec codec;
+        /** Set of characters that should be considered 'immune' from decoding processes.*/
+        char[] encodeImmune;
+        /** A String representing a single encoded character.*/
+        String input;
+        /** The int code point that input represents.*/
+        int codePoint;
+        /** Optional field to override the toString value of this tuple. */
+        String description;
+        /** {@inheritDoc}*/
+        
+        @Override
+        public String toString() {
+            return description != null ? description : codec.getClass().getSimpleName() + "  "+input;
+        }
+    }
+
+    
+    protected final Codec codec;
+    protected final String input;
+    protected final char[] encodeImmune;
+    protected final int decodedValue;
+    protected final char codePointChar;
+    
+    public AbstractCodecCodePointTest(CodecCodePointTestTuple tuple) {
+        this.codec = tuple.codec;
+        this.input = tuple.input;
+        this.decodedValue = tuple.codePoint;
+        this.encodeImmune = tuple.encodeImmune;
+        this.codePointChar = (char) tuple.codePoint;
+    }
+    
+    /** Checks that the input value matches the result of the codec encoding the decoded value.  */
+    @Test
+    public void testEncodeCharacter() {
+        assertEquals(input, codec.encodeCharacter(encodeImmune, decodedValue));
+    }
+    
+    /**  Checks that decoding the input value yeilds the same code point decodedValue.*/
+    @Test
+    public void testDecode() {
+        int expectedLength = Character.toString(codePointChar).length();
+        String actualDecode = codec.decode(input);
+        assertTrue("CodePoint test input should decode to a String consisting of a single character:  " + actualDecode + " " + actualDecode.length(),actualDecode.length() == expectedLength);
+         assertEquals(decodedValue, (int)actualDecode.charAt(0));
+    }
+    
+    /** Checks that the encoded input String is correctly decoded to the single decodedValue character reference.*/
+    @Test
+    public void testDecodePushbackSequence() {
+        assertEquals(decodedValue, codec.decodeCharacter(new PushbackString(input)));
+    }
+    
+}
diff --git a/src/test/java/org/owasp/esapi/codecs/PercentCodecCodePointTest.java b/src/test/java/org/owasp/esapi/codecs/PercentCodecCodePointTest.java
new file mode 100644
index 000000000..d44d16097
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/codecs/PercentCodecCodePointTest.java
@@ -0,0 +1,121 @@
+package org.owasp.esapi.codecs;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
+
+import org.junit.Assert;
+import org.junit.Ignore;
+import org.junit.Test;
+import org.junit.runners.Parameterized.Parameters;
+
+/**
+ *  Codec validation focused on the PercentCodec codepoint-based api.
+ *  
+ */
+@Ignore(value="Implementation pending")
+public class PercentCodecCodePointTest extends AbstractCodecCodePointTest {
+    private static final char[] PERCENT_CODEC_IMMUNE;
+
+    static {
+        /*
+         * The percent codec contains a unique immune character set which include letters and numbers that will not be
+         * transformed.
+         * It is being replicated here to allow the test to reasonably expect the correct state back.
+         */
+        List<Character> immune = new ArrayList<>();
+        // 65 - 90 (capital letters) 97 - 122 lower case 48 - 57 digits
+        // numbers
+        for (int index = 48; index < 58; index++) {
+            immune.add((char) index);
+        }
+        // letters
+        for (int index = 65; index < 91; index++) {
+            Character capsChar = (char) index;
+            immune.add(capsChar);
+            immune.add(Character.toLowerCase(capsChar));
+        }
+
+        PERCENT_CODEC_IMMUNE = new char[immune.size()];
+        for (int index = 0; index < immune.size(); index++) {
+            PERCENT_CODEC_IMMUNE[index] = immune.get(index).charValue();
+        }
+    }
+
+    @Parameters(name = "{0}")
+    public static Collection<Object[]> buildTests() {
+        Collection<Object[]> tests = new ArrayList<>();
+
+        Collection<CodecCodePointTestTuple> tuples = new ArrayList<>();
+        tuples.add(newTuple("%3C", Character.valueOf('<')));
+
+        tuples.add(newTuple("%C4%80", Character.valueOf((char) 0x100)));
+        tuples.add(newTuple("%00", Character.MIN_VALUE));
+        tuples.add(newTuple("%3D", '='));
+        tuples.add(newTuple("%26", '&'));
+
+        for (char c : PERCENT_CODEC_IMMUNE) {
+            tuples.add(newTuple(Character.toString(c), c));
+        }
+
+        for (CodecCodePointTestTuple tuple : tuples) {
+            tests.add(new Object[] { tuple });
+        }
+
+        return tests;
+    }
+
+    private static CodecCodePointTestTuple newTuple(String encodedInput, Character decoded) {
+        CodecCodePointTestTuple tuple = new CodecCodePointTestTuple();
+        tuple.codec = new PercentCodec();
+        tuple.encodeImmune = PERCENT_CODEC_IMMUNE;
+        tuple.codePoint = decoded.charValue();
+        tuple.input = encodedInput;
+
+        return tuple;
+    }
+
+    public PercentCodecCodePointTest(CodecCodePointTestTuple tuple) {
+        super(tuple);
+    }
+
+    @Override
+    @Test
+    public void testDecodePushbackSequence() {
+        // check duplicated from PushbackSequence handling in PercentCodec.
+        boolean inputIsEncoded = input.startsWith("%");
+
+        if (inputIsEncoded) {
+            assertInputIsDecodedToValue();
+        } else {
+            assertInputIsDecodedToNull();
+        }
+    }
+
+    /**
+     * tests that when Input is decoded through a PushbackString that the decodedValue reference is returned and that
+     * the PushbackString index has incremented.
+     */
+    @SuppressWarnings("unchecked")
+    private void assertInputIsDecodedToValue() {
+        PushbackString pbs = new PushbackString(input);
+        int startIndex = pbs.index();
+        Character decChar = (Character) codec.decodeCharacter(pbs);
+        char actual = decChar.charValue();
+        Assert.assertEquals(String.format("%s(%s) != %s(%s)", (char)decodedValue, decodedValue, actual, (int)actual), decodedValue, (int)actual);
+        Assert.assertTrue(startIndex < pbs.index());
+    }
+
+    /**
+     * tests that when Input is decoded through a PushbackString that null is returned and that the PushbackString index
+     * remains unchanged.
+     */
+    @SuppressWarnings("unchecked")
+    private void assertInputIsDecodedToNull() {
+        PushbackString pbs = new PushbackString(input);
+        int startIndex = pbs.index();
+        Assert.assertEquals(null, codec.decodeCharacter(pbs));
+        Assert.assertEquals(startIndex, pbs.index());
+    }
+
+}

From 46d2484972a4b5e67817c3c63c8c8ddf9b177c5f Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sat, 3 Feb 2018 06:03:08 -0600
Subject: [PATCH 480/812] Removing CodePoint test & abstraction

The management and testing of code point handling is out of scope of the
current effort.  Future work on code point handling will allow the
PercentCodec to be tested in this way.
---
 .../codecs/AbstractCodecCodePointTest.java    |  78 -----------
 .../codecs/PercentCodecCodePointTest.java     | 121 ------------------
 2 files changed, 199 deletions(-)
 delete mode 100644 src/test/java/org/owasp/esapi/codecs/AbstractCodecCodePointTest.java
 delete mode 100644 src/test/java/org/owasp/esapi/codecs/PercentCodecCodePointTest.java

diff --git a/src/test/java/org/owasp/esapi/codecs/AbstractCodecCodePointTest.java b/src/test/java/org/owasp/esapi/codecs/AbstractCodecCodePointTest.java
deleted file mode 100644
index 7d79d55bc..000000000
--- a/src/test/java/org/owasp/esapi/codecs/AbstractCodecCodePointTest.java
+++ /dev/null
@@ -1,78 +0,0 @@
-package org.owasp.esapi.codecs;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertTrue;
-
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.junit.runners.Parameterized;
-
-
-/**
- * Abstract parameterized test case meant to assist with verifying Character api of a Codec implementation.
- * <br/>
- * Sub-classes are expected to provide instances of {@link CodecCodePointTestTuple} to this instance.
- * <br/>
- * For better test naming output specify {@link CodecCodePointTestTuple#description} and use {@code} @Parameters (name="{0}")},
- * where '0' is the index that the CodecCodePointTestTuple reference appears in the constructor.
- */
-@RunWith(Parameterized.class)
-public abstract class AbstractCodecCodePointTest {
-    
-    /** Test Data Tuple.*/
-    protected static class CodecCodePointTestTuple {
-        /** Codec reference to be tested.*/
-        Codec codec;
-        /** Set of characters that should be considered 'immune' from decoding processes.*/
-        char[] encodeImmune;
-        /** A String representing a single encoded character.*/
-        String input;
-        /** The int code point that input represents.*/
-        int codePoint;
-        /** Optional field to override the toString value of this tuple. */
-        String description;
-        /** {@inheritDoc}*/
-        
-        @Override
-        public String toString() {
-            return description != null ? description : codec.getClass().getSimpleName() + "  "+input;
-        }
-    }
-
-    
-    protected final Codec codec;
-    protected final String input;
-    protected final char[] encodeImmune;
-    protected final int decodedValue;
-    protected final char codePointChar;
-    
-    public AbstractCodecCodePointTest(CodecCodePointTestTuple tuple) {
-        this.codec = tuple.codec;
-        this.input = tuple.input;
-        this.decodedValue = tuple.codePoint;
-        this.encodeImmune = tuple.encodeImmune;
-        this.codePointChar = (char) tuple.codePoint;
-    }
-    
-    /** Checks that the input value matches the result of the codec encoding the decoded value.  */
-    @Test
-    public void testEncodeCharacter() {
-        assertEquals(input, codec.encodeCharacter(encodeImmune, decodedValue));
-    }
-    
-    /**  Checks that decoding the input value yeilds the same code point decodedValue.*/
-    @Test
-    public void testDecode() {
-        int expectedLength = Character.toString(codePointChar).length();
-        String actualDecode = codec.decode(input);
-        assertTrue("CodePoint test input should decode to a String consisting of a single character:  " + actualDecode + " " + actualDecode.length(),actualDecode.length() == expectedLength);
-         assertEquals(decodedValue, (int)actualDecode.charAt(0));
-    }
-    
-    /** Checks that the encoded input String is correctly decoded to the single decodedValue character reference.*/
-    @Test
-    public void testDecodePushbackSequence() {
-        assertEquals(decodedValue, codec.decodeCharacter(new PushbackString(input)));
-    }
-    
-}
diff --git a/src/test/java/org/owasp/esapi/codecs/PercentCodecCodePointTest.java b/src/test/java/org/owasp/esapi/codecs/PercentCodecCodePointTest.java
deleted file mode 100644
index d44d16097..000000000
--- a/src/test/java/org/owasp/esapi/codecs/PercentCodecCodePointTest.java
+++ /dev/null
@@ -1,121 +0,0 @@
-package org.owasp.esapi.codecs;
-
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.List;
-
-import org.junit.Assert;
-import org.junit.Ignore;
-import org.junit.Test;
-import org.junit.runners.Parameterized.Parameters;
-
-/**
- *  Codec validation focused on the PercentCodec codepoint-based api.
- *  
- */
-@Ignore(value="Implementation pending")
-public class PercentCodecCodePointTest extends AbstractCodecCodePointTest {
-    private static final char[] PERCENT_CODEC_IMMUNE;
-
-    static {
-        /*
-         * The percent codec contains a unique immune character set which include letters and numbers that will not be
-         * transformed.
-         * It is being replicated here to allow the test to reasonably expect the correct state back.
-         */
-        List<Character> immune = new ArrayList<>();
-        // 65 - 90 (capital letters) 97 - 122 lower case 48 - 57 digits
-        // numbers
-        for (int index = 48; index < 58; index++) {
-            immune.add((char) index);
-        }
-        // letters
-        for (int index = 65; index < 91; index++) {
-            Character capsChar = (char) index;
-            immune.add(capsChar);
-            immune.add(Character.toLowerCase(capsChar));
-        }
-
-        PERCENT_CODEC_IMMUNE = new char[immune.size()];
-        for (int index = 0; index < immune.size(); index++) {
-            PERCENT_CODEC_IMMUNE[index] = immune.get(index).charValue();
-        }
-    }
-
-    @Parameters(name = "{0}")
-    public static Collection<Object[]> buildTests() {
-        Collection<Object[]> tests = new ArrayList<>();
-
-        Collection<CodecCodePointTestTuple> tuples = new ArrayList<>();
-        tuples.add(newTuple("%3C", Character.valueOf('<')));
-
-        tuples.add(newTuple("%C4%80", Character.valueOf((char) 0x100)));
-        tuples.add(newTuple("%00", Character.MIN_VALUE));
-        tuples.add(newTuple("%3D", '='));
-        tuples.add(newTuple("%26", '&'));
-
-        for (char c : PERCENT_CODEC_IMMUNE) {
-            tuples.add(newTuple(Character.toString(c), c));
-        }
-
-        for (CodecCodePointTestTuple tuple : tuples) {
-            tests.add(new Object[] { tuple });
-        }
-
-        return tests;
-    }
-
-    private static CodecCodePointTestTuple newTuple(String encodedInput, Character decoded) {
-        CodecCodePointTestTuple tuple = new CodecCodePointTestTuple();
-        tuple.codec = new PercentCodec();
-        tuple.encodeImmune = PERCENT_CODEC_IMMUNE;
-        tuple.codePoint = decoded.charValue();
-        tuple.input = encodedInput;
-
-        return tuple;
-    }
-
-    public PercentCodecCodePointTest(CodecCodePointTestTuple tuple) {
-        super(tuple);
-    }
-
-    @Override
-    @Test
-    public void testDecodePushbackSequence() {
-        // check duplicated from PushbackSequence handling in PercentCodec.
-        boolean inputIsEncoded = input.startsWith("%");
-
-        if (inputIsEncoded) {
-            assertInputIsDecodedToValue();
-        } else {
-            assertInputIsDecodedToNull();
-        }
-    }
-
-    /**
-     * tests that when Input is decoded through a PushbackString that the decodedValue reference is returned and that
-     * the PushbackString index has incremented.
-     */
-    @SuppressWarnings("unchecked")
-    private void assertInputIsDecodedToValue() {
-        PushbackString pbs = new PushbackString(input);
-        int startIndex = pbs.index();
-        Character decChar = (Character) codec.decodeCharacter(pbs);
-        char actual = decChar.charValue();
-        Assert.assertEquals(String.format("%s(%s) != %s(%s)", (char)decodedValue, decodedValue, actual, (int)actual), decodedValue, (int)actual);
-        Assert.assertTrue(startIndex < pbs.index());
-    }
-
-    /**
-     * tests that when Input is decoded through a PushbackString that null is returned and that the PushbackString index
-     * remains unchanged.
-     */
-    @SuppressWarnings("unchecked")
-    private void assertInputIsDecodedToNull() {
-        PushbackString pbs = new PushbackString(input);
-        int startIndex = pbs.index();
-        Assert.assertEquals(null, codec.decodeCharacter(pbs));
-        Assert.assertEquals(startIndex, pbs.index());
-    }
-
-}

From 172828eeaab482dee229b88e0c380893f12e0c51 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sat, 3 Feb 2018 06:12:43 -0600
Subject: [PATCH 481/812] Reorganizing new test classes

Breaking the new abstract parameterizations and percent codec test
implementations into sub-packages within test scope.  Updating
dependencies and references to resolve compilation issues.
---
 .../AbstractCodecCharacterTest.java            | 18 +++++++++++-------
 .../AbstractCodecStringTest.java               | 18 +++++++++++-------
 .../PercentCodecCharacterTest.java             |  3 ++-
 .../{ => percent}/PercentCodecStringTest.java  |  3 ++-
 4 files changed, 26 insertions(+), 16 deletions(-)
 rename src/test/java/org/owasp/esapi/codecs/{ => abstraction}/AbstractCodecCharacterTest.java (88%)
 rename src/test/java/org/owasp/esapi/codecs/{ => abstraction}/AbstractCodecStringTest.java (85%)
 rename src/test/java/org/owasp/esapi/codecs/{ => percent}/PercentCodecCharacterTest.java (97%)
 rename src/test/java/org/owasp/esapi/codecs/{ => percent}/PercentCodecStringTest.java (95%)

diff --git a/src/test/java/org/owasp/esapi/codecs/AbstractCodecCharacterTest.java b/src/test/java/org/owasp/esapi/codecs/abstraction/AbstractCodecCharacterTest.java
similarity index 88%
rename from src/test/java/org/owasp/esapi/codecs/AbstractCodecCharacterTest.java
rename to src/test/java/org/owasp/esapi/codecs/abstraction/AbstractCodecCharacterTest.java
index 1101be47f..438d86e26 100644
--- a/src/test/java/org/owasp/esapi/codecs/AbstractCodecCharacterTest.java
+++ b/src/test/java/org/owasp/esapi/codecs/abstraction/AbstractCodecCharacterTest.java
@@ -1,4 +1,4 @@
-package org.owasp.esapi.codecs;
+package org.owasp.esapi.codecs.abstraction;
 
 import static org.junit.Assert.assertEquals;
 
@@ -7,6 +7,8 @@
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.Parameterized;
+import org.owasp.esapi.codecs.Codec;
+import org.owasp.esapi.codecs.PushbackString;
 
 
 /**
@@ -23,17 +25,19 @@ public abstract class AbstractCodecCharacterTest {
     /** Test Data Tuple.*/
     protected static class CodecCharacterTestTuple {
         /** Codec reference to be tested.*/
-        Codec codec;
+        public Codec codec;
         /** Set of characters that should be considered 'immune' from decoding processes.*/
-        char[] encodeImmune;
+        public char[] encodeImmune;
         /** A String representing a single encoded character.*/
-        String input;
+        public String input;
         /** The single character that input represents.*/
-        Character decodedValue;
+        public Character decodedValue;
         /** Optional field to override the toString value of this tuple. */
-        String description;
-        /** {@inheritDoc}*/
+        public String description;
         
+        /**Default public constructor.*/
+        public CodecCharacterTestTuple() { /* No Op*/ }
+        /** {@inheritDoc}*/
         @Override
         public String toString() {
             return description != null ? description : codec.getClass().getSimpleName() + "  "+input;
diff --git a/src/test/java/org/owasp/esapi/codecs/AbstractCodecStringTest.java b/src/test/java/org/owasp/esapi/codecs/abstraction/AbstractCodecStringTest.java
similarity index 85%
rename from src/test/java/org/owasp/esapi/codecs/AbstractCodecStringTest.java
rename to src/test/java/org/owasp/esapi/codecs/abstraction/AbstractCodecStringTest.java
index b3fe53156..e54d1172d 100644
--- a/src/test/java/org/owasp/esapi/codecs/AbstractCodecStringTest.java
+++ b/src/test/java/org/owasp/esapi/codecs/abstraction/AbstractCodecStringTest.java
@@ -1,9 +1,10 @@
-package org.owasp.esapi.codecs;
+package org.owasp.esapi.codecs.abstraction;
 
 import org.junit.Assert;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.Parameterized;
+import org.owasp.esapi.codecs.Codec;
 
 
 /**
@@ -19,17 +20,20 @@ public abstract class AbstractCodecStringTest {
    
     protected static class CodecStringTestTuple {
         /** Codec reference to be tested.*/
-        Codec codec;
+        public Codec codec;
         /** Set of characters that should be considered 'immune' from decoding processes.*/
-        char[] encodeImmune;
+        public char[] encodeImmune;
         /** A String representing a contextually encoded String.*/
-        String input;
+        public String input;
         /** The decoded representation of the input value.*/
-        String decodedValue;
+        public String decodedValue;
         /** Optional field to override the toString value of this tuple. */
-        String description;
-        /** {@inheritDoc}*/
+        public String description;
+        
+        /**Default public constructor.*/
+        public CodecStringTestTuple() { /* No Op*/ }
         
+        /** {@inheritDoc}*/
         @Override
         public String toString() {
             return description != null ? description : codec.getClass().getSimpleName() + "  "+input;
diff --git a/src/test/java/org/owasp/esapi/codecs/PercentCodecCharacterTest.java b/src/test/java/org/owasp/esapi/codecs/percent/PercentCodecCharacterTest.java
similarity index 97%
rename from src/test/java/org/owasp/esapi/codecs/PercentCodecCharacterTest.java
rename to src/test/java/org/owasp/esapi/codecs/percent/PercentCodecCharacterTest.java
index ca7ddf1b6..76c5c1c52 100644
--- a/src/test/java/org/owasp/esapi/codecs/PercentCodecCharacterTest.java
+++ b/src/test/java/org/owasp/esapi/codecs/percent/PercentCodecCharacterTest.java
@@ -1,4 +1,4 @@
-package org.owasp.esapi.codecs;
+package org.owasp.esapi.codecs.percent;
 
 import java.util.ArrayList;
 import java.util.Collection;
@@ -9,6 +9,7 @@
 import org.junit.runners.Parameterized.Parameters;
 import org.owasp.esapi.codecs.PercentCodec;
 import org.owasp.esapi.codecs.PushbackString;
+import org.owasp.esapi.codecs.abstraction.AbstractCodecCharacterTest;
 
 /**
  *  Codec validation focused on the PercentCodec Character-based api.
diff --git a/src/test/java/org/owasp/esapi/codecs/PercentCodecStringTest.java b/src/test/java/org/owasp/esapi/codecs/percent/PercentCodecStringTest.java
similarity index 95%
rename from src/test/java/org/owasp/esapi/codecs/PercentCodecStringTest.java
rename to src/test/java/org/owasp/esapi/codecs/percent/PercentCodecStringTest.java
index a851ebcae..c769a2e01 100644
--- a/src/test/java/org/owasp/esapi/codecs/PercentCodecStringTest.java
+++ b/src/test/java/org/owasp/esapi/codecs/percent/PercentCodecStringTest.java
@@ -1,4 +1,4 @@
-package org.owasp.esapi.codecs;
+package org.owasp.esapi.codecs.percent;
 
 import java.util.ArrayList;
 import java.util.Collection;
@@ -6,6 +6,7 @@
 
 import org.junit.runners.Parameterized.Parameters;
 import org.owasp.esapi.codecs.PercentCodec;
+import org.owasp.esapi.codecs.abstraction.AbstractCodecStringTest;
 
 /**
  *  Codec validation focused on the PercentCodec String-based api.

From 2c960807e2060956848158fed146be375de92804 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Thu, 8 Feb 2018 15:38:41 -0600
Subject: [PATCH 482/812] Removing invalid test content

Removing entries that would otherwise test the codepoint handling of the
PercentCodec.  The feature of code point handling has not been fully
implemented on the PercentCodec at this time.
---
 .../owasp/esapi/codecs/percent/PercentCodecCharacterTest.java   | 2 +-
 .../org/owasp/esapi/codecs/percent/PercentCodecStringTest.java  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/codecs/percent/PercentCodecCharacterTest.java b/src/test/java/org/owasp/esapi/codecs/percent/PercentCodecCharacterTest.java
index 76c5c1c52..f9e1d616d 100644
--- a/src/test/java/org/owasp/esapi/codecs/percent/PercentCodecCharacterTest.java
+++ b/src/test/java/org/owasp/esapi/codecs/percent/PercentCodecCharacterTest.java
@@ -50,7 +50,7 @@ public static Collection<Object[]> buildTests() {
         Collection<CodecCharacterTestTuple> tuples = new ArrayList<>();
         tuples.add(newTuple("%3C", Character.valueOf('<')));
 
-        tuples.add(newTuple("%C4%80", Character.valueOf((char) 0x100)));
+        //CODEPOINT tuples.add(newTuple("%C4%80", Character.valueOf((char) 0x100)));
         tuples.add(newTuple("%00", Character.MIN_VALUE));
         tuples.add(newTuple("%3D", '='));
         tuples.add(newTuple("%26", '&'));
diff --git a/src/test/java/org/owasp/esapi/codecs/percent/PercentCodecStringTest.java b/src/test/java/org/owasp/esapi/codecs/percent/PercentCodecStringTest.java
index c769a2e01..786444b27 100644
--- a/src/test/java/org/owasp/esapi/codecs/percent/PercentCodecStringTest.java
+++ b/src/test/java/org/owasp/esapi/codecs/percent/PercentCodecStringTest.java
@@ -47,7 +47,7 @@ public static Collection<Object[]> buildTests() {
         List<CodecStringTestTuple> tuples = new ArrayList<>();
         tuples.add(newTuple("%3C", "<"));
 
-        tuples.add(newTuple("%C4%80", (char) 0x100));
+       //CODEPOINT tuples.add(newTuple("%C4%80", (char) 0x100));
         tuples.add(newTuple("%00", Character.MIN_VALUE));
         tuples.add(newTuple("%3D", '='));
         tuples.add(newTuple("%26", '&'));

From 804350f0f25605da3cf69df3885c133636f3860b Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Thu, 8 Feb 2018 15:44:02 -0600
Subject: [PATCH 483/812] Relocating Tests & Updating references

Moving the pattern validation test constructs into a sub directory
intended to hold regex-type testing elements.
---
 .../owasp/esapi/reference/{ => regex}/AbstractPatternTest.java  | 2 +-
 .../{ => regex}/EsapiWhitelistValidationPatternTester.java      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)
 rename src/test/java/org/owasp/esapi/reference/{ => regex}/AbstractPatternTest.java (97%)
 rename src/test/java/org/owasp/esapi/reference/{ => regex}/EsapiWhitelistValidationPatternTester.java (98%)

diff --git a/src/test/java/org/owasp/esapi/reference/AbstractPatternTest.java b/src/test/java/org/owasp/esapi/reference/regex/AbstractPatternTest.java
similarity index 97%
rename from src/test/java/org/owasp/esapi/reference/AbstractPatternTest.java
rename to src/test/java/org/owasp/esapi/reference/regex/AbstractPatternTest.java
index 9cf1e0e20..3e3847719 100644
--- a/src/test/java/org/owasp/esapi/reference/AbstractPatternTest.java
+++ b/src/test/java/org/owasp/esapi/reference/regex/AbstractPatternTest.java
@@ -1,4 +1,4 @@
-package org.owasp.esapi.reference;
+package org.owasp.esapi.reference.regex;
 
 import java.util.regex.Pattern;
 
diff --git a/src/test/java/org/owasp/esapi/reference/EsapiWhitelistValidationPatternTester.java b/src/test/java/org/owasp/esapi/reference/regex/EsapiWhitelistValidationPatternTester.java
similarity index 98%
rename from src/test/java/org/owasp/esapi/reference/EsapiWhitelistValidationPatternTester.java
rename to src/test/java/org/owasp/esapi/reference/regex/EsapiWhitelistValidationPatternTester.java
index d00d4c19a..2042eee33 100644
--- a/src/test/java/org/owasp/esapi/reference/EsapiWhitelistValidationPatternTester.java
+++ b/src/test/java/org/owasp/esapi/reference/regex/EsapiWhitelistValidationPatternTester.java
@@ -1,4 +1,4 @@
-package org.owasp.esapi.reference;
+package org.owasp.esapi.reference.regex;
 
 import java.util.ArrayList;
 import java.util.Collection;

From 4f903d37feb4b32c6d9d1f2339d3f5c3b45162c5 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Mon, 19 Feb 2018 08:06:06 -0600
Subject: [PATCH 484/812] Adding known exception testing for PercentCodec

Making a test that will fail when the UTF16 handling is corrected for the
implementation.  Also centralizing the test-scope of the immune character
set to just the StringTest impl for easier maintenance later when it's
replaced.
---
 .../percent/PercentCodecCharacterTest.java    | 31 ++-----------------
 .../percent/PercentCodecStringTest.java       |  2 +-
 2 files changed, 3 insertions(+), 30 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/codecs/percent/PercentCodecCharacterTest.java b/src/test/java/org/owasp/esapi/codecs/percent/PercentCodecCharacterTest.java
index f9e1d616d..419762dc1 100644
--- a/src/test/java/org/owasp/esapi/codecs/percent/PercentCodecCharacterTest.java
+++ b/src/test/java/org/owasp/esapi/codecs/percent/PercentCodecCharacterTest.java
@@ -1,8 +1,9 @@
 package org.owasp.esapi.codecs.percent;
 
+import static org.owasp.esapi.codecs.percent.PercentCodecStringTest.PERCENT_CODEC_IMMUNE;
+
 import java.util.ArrayList;
 import java.util.Collection;
-import java.util.List;
 
 import org.junit.Assert;
 import org.junit.Test;
@@ -16,33 +17,6 @@
  *  
  */
 public class PercentCodecCharacterTest extends AbstractCodecCharacterTest {
-    private static final char[] PERCENT_CODEC_IMMUNE;
-
-    static {
-        /*
-         * The percent codec contains a unique immune character set which include letters and numbers that will not be
-         * transformed.
-         * It is being replicated here to allow the test to reasonably expect the correct state back.
-         */
-        List<Character> immune = new ArrayList<>();
-        // 65 - 90 (capital letters) 97 - 122 lower case 48 - 57 digits
-        // numbers
-        for (int index = 48; index < 58; index++) {
-            immune.add((char) index);
-        }
-        // letters
-        for (int index = 65; index < 91; index++) {
-            Character capsChar = (char) index;
-            immune.add(capsChar);
-            immune.add(Character.toLowerCase(capsChar));
-        }
-
-        PERCENT_CODEC_IMMUNE = new char[immune.size()];
-        for (int index = 0; index < immune.size(); index++) {
-            PERCENT_CODEC_IMMUNE[index] = immune.get(index).charValue();
-        }
-    }
-
     @Parameters(name = "{0}")
     public static Collection<Object[]> buildTests() {
         Collection<Object[]> tests = new ArrayList<>();
@@ -50,7 +24,6 @@ public static Collection<Object[]> buildTests() {
         Collection<CodecCharacterTestTuple> tuples = new ArrayList<>();
         tuples.add(newTuple("%3C", Character.valueOf('<')));
 
-        //CODEPOINT tuples.add(newTuple("%C4%80", Character.valueOf((char) 0x100)));
         tuples.add(newTuple("%00", Character.MIN_VALUE));
         tuples.add(newTuple("%3D", '='));
         tuples.add(newTuple("%26", '&'));
diff --git a/src/test/java/org/owasp/esapi/codecs/percent/PercentCodecStringTest.java b/src/test/java/org/owasp/esapi/codecs/percent/PercentCodecStringTest.java
index 786444b27..665a8ab71 100644
--- a/src/test/java/org/owasp/esapi/codecs/percent/PercentCodecStringTest.java
+++ b/src/test/java/org/owasp/esapi/codecs/percent/PercentCodecStringTest.java
@@ -13,7 +13,7 @@
  *  
  */
 public class PercentCodecStringTest extends AbstractCodecStringTest {
-    private static final char[] PERCENT_CODEC_IMMUNE;
+    public static final char[] PERCENT_CODEC_IMMUNE;
 
     static {
         /*

From d9e12d6be4c2b556fafdaab14e4c62b68b30a679 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Wed, 21 Feb 2018 17:40:10 -0600
Subject: [PATCH 485/812] Really committing known exceptions test

Lost a workflow argument with git, so I'm making another commit to
actually add the file that I intended to add last commit.
---
 .../percent/PercentCodecKnownIssuesTest.java  | 41 +++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 src/test/java/org/owasp/esapi/codecs/percent/PercentCodecKnownIssuesTest.java

diff --git a/src/test/java/org/owasp/esapi/codecs/percent/PercentCodecKnownIssuesTest.java b/src/test/java/org/owasp/esapi/codecs/percent/PercentCodecKnownIssuesTest.java
new file mode 100644
index 000000000..9b163b4bf
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/codecs/percent/PercentCodecKnownIssuesTest.java
@@ -0,0 +1,41 @@
+package org.owasp.esapi.codecs.percent;
+import static org.owasp.esapi.codecs.percent.PercentCodecStringTest.PERCENT_CODEC_IMMUNE;
+
+import org.junit.Assert;
+import org.junit.Test;
+import org.owasp.esapi.codecs.PercentCodec;
+/**
+ * This test class holds the proof of known deficiencies, inconsistencies, or bugs with the PercentCodec implementation.
+ * <br/>
+ * The intent is that when that functionality is corrected, these tests should break. That should hopefully encourage
+ * the author to move the test to an appropriate Test file and update the functionality to a working expectation.
+ */
+public class PercentCodecKnownIssuesTest {
+    
+    private PercentCodec codec = new PercentCodec();
+
+    /**
+     * PercentCodec has not been fully implemented for codepoint support, which handles UTF16 characters (based on my current understanding).
+     * As such, the encoding/decoding of UTF16 will not function as desired through the codec implementation.
+     * <br/>
+     * When the functionality is corrected this test will break. At that point UTF16 tests should be added to {@link PercentCodecStringTest} and {@link PercentCodecCharacterTest}.
+     */
+    @Test
+    public void failsUTF16Conversions() {
+        //This should be 195
+        int incorrectDecodeExpect = 196;
+        
+        char[] encodeImmune = PERCENT_CODEC_IMMUNE;
+        String decodedValue = ""+(char) 0x100;
+        String input = "%C4%80";
+
+        String actualDecodeChar = codec.decode(input);
+        int actualChar = (int)actualDecodeChar.charAt(0);
+        
+        Assert.assertEquals(incorrectDecodeExpect, actualChar);
+        
+        //This works as expected.
+        Assert.assertEquals(input, codec.encode(encodeImmune, decodedValue));
+    }
+    
+}

From bf91374d3acb5cf79943ac9127a7fd39473af881 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Wed, 21 Feb 2018 17:47:00 -0600
Subject: [PATCH 486/812] Adding License Information

Adding license content to files created in this effort.
---
 .../abstraction/AbstractCodecCharacterTest.java   | 14 ++++++++++++++
 .../abstraction/AbstractCodecStringTest.java      | 14 ++++++++++++++
 .../codecs/percent/PercentCodecCharacterTest.java | 14 ++++++++++++++
 .../percent/PercentCodecKnownIssuesTest.java      | 15 +++++++++++++++
 .../codecs/percent/PercentCodecStringTest.java    | 14 ++++++++++++++
 .../esapi/filters/SecurityWrapperRequestTest.java | 14 ++++++++++++++
 .../reference/regex/AbstractPatternTest.java      | 13 +++++++++++++
 .../EsapiWhitelistValidationPatternTester.java    | 14 ++++++++++++++
 8 files changed, 112 insertions(+)

diff --git a/src/test/java/org/owasp/esapi/codecs/abstraction/AbstractCodecCharacterTest.java b/src/test/java/org/owasp/esapi/codecs/abstraction/AbstractCodecCharacterTest.java
index 438d86e26..66ff3cb82 100644
--- a/src/test/java/org/owasp/esapi/codecs/abstraction/AbstractCodecCharacterTest.java
+++ b/src/test/java/org/owasp/esapi/codecs/abstraction/AbstractCodecCharacterTest.java
@@ -1,3 +1,17 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2008-2018 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ */
+
 package org.owasp.esapi.codecs.abstraction;
 
 import static org.junit.Assert.assertEquals;
diff --git a/src/test/java/org/owasp/esapi/codecs/abstraction/AbstractCodecStringTest.java b/src/test/java/org/owasp/esapi/codecs/abstraction/AbstractCodecStringTest.java
index e54d1172d..c00cbf699 100644
--- a/src/test/java/org/owasp/esapi/codecs/abstraction/AbstractCodecStringTest.java
+++ b/src/test/java/org/owasp/esapi/codecs/abstraction/AbstractCodecStringTest.java
@@ -1,3 +1,17 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2008-2018 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ */
+
 package org.owasp.esapi.codecs.abstraction;
 
 import org.junit.Assert;
diff --git a/src/test/java/org/owasp/esapi/codecs/percent/PercentCodecCharacterTest.java b/src/test/java/org/owasp/esapi/codecs/percent/PercentCodecCharacterTest.java
index 419762dc1..2c7199c23 100644
--- a/src/test/java/org/owasp/esapi/codecs/percent/PercentCodecCharacterTest.java
+++ b/src/test/java/org/owasp/esapi/codecs/percent/PercentCodecCharacterTest.java
@@ -1,3 +1,17 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2008-2018 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ */
+
 package org.owasp.esapi.codecs.percent;
 
 import static org.owasp.esapi.codecs.percent.PercentCodecStringTest.PERCENT_CODEC_IMMUNE;
diff --git a/src/test/java/org/owasp/esapi/codecs/percent/PercentCodecKnownIssuesTest.java b/src/test/java/org/owasp/esapi/codecs/percent/PercentCodecKnownIssuesTest.java
index 9b163b4bf..2f3f1049c 100644
--- a/src/test/java/org/owasp/esapi/codecs/percent/PercentCodecKnownIssuesTest.java
+++ b/src/test/java/org/owasp/esapi/codecs/percent/PercentCodecKnownIssuesTest.java
@@ -1,4 +1,19 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2008-2018 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ */
+
 package org.owasp.esapi.codecs.percent;
+
 import static org.owasp.esapi.codecs.percent.PercentCodecStringTest.PERCENT_CODEC_IMMUNE;
 
 import org.junit.Assert;
diff --git a/src/test/java/org/owasp/esapi/codecs/percent/PercentCodecStringTest.java b/src/test/java/org/owasp/esapi/codecs/percent/PercentCodecStringTest.java
index 665a8ab71..38bb6fb27 100644
--- a/src/test/java/org/owasp/esapi/codecs/percent/PercentCodecStringTest.java
+++ b/src/test/java/org/owasp/esapi/codecs/percent/PercentCodecStringTest.java
@@ -1,3 +1,17 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2008-2018 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ */
+
 package org.owasp.esapi.codecs.percent;
 
 import java.util.ArrayList;
diff --git a/src/test/java/org/owasp/esapi/filters/SecurityWrapperRequestTest.java b/src/test/java/org/owasp/esapi/filters/SecurityWrapperRequestTest.java
index bf1a2d627..c5c1c3c5e 100644
--- a/src/test/java/org/owasp/esapi/filters/SecurityWrapperRequestTest.java
+++ b/src/test/java/org/owasp/esapi/filters/SecurityWrapperRequestTest.java
@@ -1,3 +1,17 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2008-2018 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ */
+
 package org.owasp.esapi.filters;
 
 import static org.junit.Assert.assertEquals;
diff --git a/src/test/java/org/owasp/esapi/reference/regex/AbstractPatternTest.java b/src/test/java/org/owasp/esapi/reference/regex/AbstractPatternTest.java
index 3e3847719..f05397dfb 100644
--- a/src/test/java/org/owasp/esapi/reference/regex/AbstractPatternTest.java
+++ b/src/test/java/org/owasp/esapi/reference/regex/AbstractPatternTest.java
@@ -1,3 +1,16 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2008-2018 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ */
 package org.owasp.esapi.reference.regex;
 
 import java.util.regex.Pattern;
diff --git a/src/test/java/org/owasp/esapi/reference/regex/EsapiWhitelistValidationPatternTester.java b/src/test/java/org/owasp/esapi/reference/regex/EsapiWhitelistValidationPatternTester.java
index 2042eee33..b6080344d 100644
--- a/src/test/java/org/owasp/esapi/reference/regex/EsapiWhitelistValidationPatternTester.java
+++ b/src/test/java/org/owasp/esapi/reference/regex/EsapiWhitelistValidationPatternTester.java
@@ -1,3 +1,17 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2008-2018 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ */
+
 package org.owasp.esapi.reference.regex;
 
 import java.util.ArrayList;

From 113add5fa9e280eb2bae9263c8c9868b963ec938 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Thu, 22 Feb 2018 04:47:54 -0600
Subject: [PATCH 487/812] Documentation updates

Feedback from pull request.
---
 .../esapi/codecs/abstraction/AbstractCodecCharacterTest.java  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/codecs/abstraction/AbstractCodecCharacterTest.java b/src/test/java/org/owasp/esapi/codecs/abstraction/AbstractCodecCharacterTest.java
index 66ff3cb82..aa7208399 100644
--- a/src/test/java/org/owasp/esapi/codecs/abstraction/AbstractCodecCharacterTest.java
+++ b/src/test/java/org/owasp/esapi/codecs/abstraction/AbstractCodecCharacterTest.java
@@ -30,7 +30,7 @@
  * <br/>
  * Sub-classes are expected to provide instances of {@link CodecCharacterTestTuple} to this instance.
  * <br/>
- * For better test naming output specify {@link CodecCharacterTestTuple#description} and use {@code} @Parameters (name="{0}")},
+ * For better test naming output specify {@link CodecCharacterTestTuple#description} and use <code> @Parameters (name="{0}")</code>,
  * where '0' is the index that the CodecCharacterTestTuple reference appears in the constructor.
  */
 @RunWith(Parameterized.class)
@@ -88,7 +88,7 @@ public void testEncode() {
         assertEquals(expected, codec.encode(encodeImmune, decodedValue.toString()));
     }
     
-    /**  Checks that decoding the input value yeilds the decodedValue.*/
+    /**  Checks that decoding the input value yields the decodedValue.*/
     @Test
     public void testDecode() {
          assertEquals(decodedValue.toString(), codec.decode(input));

From e5b7c0d8d9f93e1d8617db2362e2cf59b1d093bd Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Thu, 22 Feb 2018 04:50:16 -0600
Subject: [PATCH 488/812] Updating Imports

Pull request feedback.  Setting Assert.assertEquals to a static import to
match other implementations within this effort.
---
 .../esapi/codecs/abstraction/AbstractCodecStringTest.java  | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/codecs/abstraction/AbstractCodecStringTest.java b/src/test/java/org/owasp/esapi/codecs/abstraction/AbstractCodecStringTest.java
index c00cbf699..789c8a153 100644
--- a/src/test/java/org/owasp/esapi/codecs/abstraction/AbstractCodecStringTest.java
+++ b/src/test/java/org/owasp/esapi/codecs/abstraction/AbstractCodecStringTest.java
@@ -14,7 +14,8 @@
 
 package org.owasp.esapi.codecs.abstraction;
 
-import org.junit.Assert;
+import static org.junit.Assert.assertEquals;
+
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.Parameterized;
@@ -69,13 +70,13 @@ public AbstractCodecStringTest(CodecStringTestTuple tuple) {
     /** Checks that when the input is decoded using the specified codec, that the return matches the expected decoded value.*/
     @Test
     public void testDecode() {
-        Assert.assertEquals(decodedValue, codec.decode(input));
+        assertEquals(decodedValue, codec.decode(input));
     }
   
     /** Checks that when the decoded value is encoded (using immunity), that the return matches the provided input.*/
     @Test
     public void testEncode() {
-        Assert.assertEquals(input, codec.encode(encodeImmune, decodedValue));
+        assertEquals(input, codec.encode(encodeImmune, decodedValue));
     }
     
 }

From ce025aa4b5e2e8952d0cc87239cc916d88b84c8e Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Thu, 22 Feb 2018 04:54:45 -0600
Subject: [PATCH 489/812] Updating Imports, readability improvements.

Pull request feedback.  Using static Assert imports for consistency within
this effort.  Altering whitespace for better readability in parameter
construction.
---
 .../codecs/percent/PercentCodecCharacterTest.java   | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/codecs/percent/PercentCodecCharacterTest.java b/src/test/java/org/owasp/esapi/codecs/percent/PercentCodecCharacterTest.java
index 2c7199c23..7d4425ddc 100644
--- a/src/test/java/org/owasp/esapi/codecs/percent/PercentCodecCharacterTest.java
+++ b/src/test/java/org/owasp/esapi/codecs/percent/PercentCodecCharacterTest.java
@@ -14,12 +14,13 @@
 
 package org.owasp.esapi.codecs.percent;
 
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
 import static org.owasp.esapi.codecs.percent.PercentCodecStringTest.PERCENT_CODEC_IMMUNE;
 
 import java.util.ArrayList;
 import java.util.Collection;
 
-import org.junit.Assert;
 import org.junit.Test;
 import org.junit.runners.Parameterized.Parameters;
 import org.owasp.esapi.codecs.PercentCodec;
@@ -34,8 +35,8 @@ public class PercentCodecCharacterTest extends AbstractCodecCharacterTest {
     @Parameters(name = "{0}")
     public static Collection<Object[]> buildTests() {
         Collection<Object[]> tests = new ArrayList<>();
-
         Collection<CodecCharacterTestTuple> tuples = new ArrayList<>();
+
         tuples.add(newTuple("%3C", Character.valueOf('<')));
 
         tuples.add(newTuple("%00", Character.MIN_VALUE));
@@ -88,8 +89,8 @@ public void testDecodePushbackSequence() {
     private void assertInputIsDecodedToValue() {
         PushbackString pbs = new PushbackString(input);
         int startIndex = pbs.index();
-        Assert.assertEquals(decodedValue, codec.decodeCharacter(pbs));
-        Assert.assertTrue(startIndex < pbs.index());
+        assertEquals(decodedValue, codec.decodeCharacter(pbs));
+        assertTrue(startIndex < pbs.index());
     }
 
     /**
@@ -100,8 +101,8 @@ private void assertInputIsDecodedToValue() {
     private void assertInputIsDecodedToNull() {
         PushbackString pbs = new PushbackString(input);
         int startIndex = pbs.index();
-        Assert.assertEquals(null, codec.decodeCharacter(pbs));
-        Assert.assertEquals(startIndex, pbs.index());
+        assertEquals(null, codec.decodeCharacter(pbs));
+        assertEquals(startIndex, pbs.index());
     }
 
 }

From b468673f93155fcfbf1c0f7ed1f1c15c31731758 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Thu, 22 Feb 2018 05:12:09 -0600
Subject: [PATCH 490/812] Updating imports

Applying static Assert imports for implementation consistency.
---
 .../esapi/codecs/percent/PercentCodecKnownIssuesTest.java   | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/codecs/percent/PercentCodecKnownIssuesTest.java b/src/test/java/org/owasp/esapi/codecs/percent/PercentCodecKnownIssuesTest.java
index 2f3f1049c..ac8c6d6e2 100644
--- a/src/test/java/org/owasp/esapi/codecs/percent/PercentCodecKnownIssuesTest.java
+++ b/src/test/java/org/owasp/esapi/codecs/percent/PercentCodecKnownIssuesTest.java
@@ -14,9 +14,9 @@
 
 package org.owasp.esapi.codecs.percent;
 
+import static org.junit.Assert.assertEquals;
 import static org.owasp.esapi.codecs.percent.PercentCodecStringTest.PERCENT_CODEC_IMMUNE;
 
-import org.junit.Assert;
 import org.junit.Test;
 import org.owasp.esapi.codecs.PercentCodec;
 /**
@@ -47,10 +47,10 @@ public void failsUTF16Conversions() {
         String actualDecodeChar = codec.decode(input);
         int actualChar = (int)actualDecodeChar.charAt(0);
         
-        Assert.assertEquals(incorrectDecodeExpect, actualChar);
+        assertEquals(incorrectDecodeExpect, actualChar);
         
         //This works as expected.
-        Assert.assertEquals(input, codec.encode(encodeImmune, decodedValue));
+        assertEquals(input, codec.encode(encodeImmune, decodedValue));
     }
     
 }

From 5a65083bfd4d2c1966e00e04701190db6d397a96 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Thu, 22 Feb 2018 05:14:32 -0600
Subject: [PATCH 491/812] Readability Improvements

Pull Request Cleanup.  Clarifying the capital letters are ASCII specific. Applying better
whitespace formatting for readability.
---
 .../owasp/esapi/codecs/percent/PercentCodecStringTest.java  | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/codecs/percent/PercentCodecStringTest.java b/src/test/java/org/owasp/esapi/codecs/percent/PercentCodecStringTest.java
index 38bb6fb27..edec02321 100644
--- a/src/test/java/org/owasp/esapi/codecs/percent/PercentCodecStringTest.java
+++ b/src/test/java/org/owasp/esapi/codecs/percent/PercentCodecStringTest.java
@@ -36,7 +36,7 @@ public class PercentCodecStringTest extends AbstractCodecStringTest {
          * It is being replicated here to allow the test to reasonably expect the correct state back.
          */
         List<Character> immune = new ArrayList<>();
-        // 65 - 90 (capital letters) 97 - 122 lower case 48 - 57 digits
+        // 65 - 90 (capital letters in ASCII) 97 - 122 lower case 48 - 57 digits
         //numbers
         for (int index = 48 ; index < 58; index ++) {
             immune.add((char)index);
@@ -57,11 +57,9 @@ public class PercentCodecStringTest extends AbstractCodecStringTest {
     @Parameters(name = "{0}")
     public static Collection<Object[]> buildTests() {
         Collection<Object[]> tests = new ArrayList<>();
-
         List<CodecStringTestTuple> tuples = new ArrayList<>();
+        
         tuples.add(newTuple("%3C", "<"));
-
-       //CODEPOINT tuples.add(newTuple("%C4%80", (char) 0x100));
         tuples.add(newTuple("%00", Character.MIN_VALUE));
         tuples.add(newTuple("%3D", '='));
         tuples.add(newTuple("%26", '&'));

From 5d42bfe5544da508aafaa3cef78a0dde2b47d4a2 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Thu, 22 Feb 2018 05:18:09 -0600
Subject: [PATCH 492/812] Import cleanup

Using static Assert imports for implementation consistency.
---
 .../org/owasp/esapi/reference/regex/AbstractPatternTest.java | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/reference/regex/AbstractPatternTest.java b/src/test/java/org/owasp/esapi/reference/regex/AbstractPatternTest.java
index f05397dfb..89dd1f126 100644
--- a/src/test/java/org/owasp/esapi/reference/regex/AbstractPatternTest.java
+++ b/src/test/java/org/owasp/esapi/reference/regex/AbstractPatternTest.java
@@ -13,9 +13,10 @@
  */
 package org.owasp.esapi.reference.regex;
 
+import static org.junit.Assert.assertEquals;
+
 import java.util.regex.Pattern;
 
-import org.junit.Assert;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.Parameterized;
@@ -63,7 +64,7 @@ public AbstractPatternTest(PatternTestTuple tuple) {
 
     @Test
     public void checkPatternMatches() {
-        Assert.assertEquals(shouldMatch, pattern.matcher(input).matches());
+        assertEquals(shouldMatch, pattern.matcher(input).matches());
     }
 
 }

From 7ad97030300b3c0f4e6dc2533370445e0cfa7d59 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Thu, 22 Feb 2018 05:19:42 -0600
Subject: [PATCH 493/812] Documentation Cleanup

Correcting use of javadoc {@code} to <code> for better readability of
parameterization usage and suggestions.
---
 .../owasp/esapi/codecs/abstraction/AbstractCodecStringTest.java | 2 +-
 .../org/owasp/esapi/reference/regex/AbstractPatternTest.java    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/codecs/abstraction/AbstractCodecStringTest.java b/src/test/java/org/owasp/esapi/codecs/abstraction/AbstractCodecStringTest.java
index 789c8a153..cf48dcfff 100644
--- a/src/test/java/org/owasp/esapi/codecs/abstraction/AbstractCodecStringTest.java
+++ b/src/test/java/org/owasp/esapi/codecs/abstraction/AbstractCodecStringTest.java
@@ -27,7 +27,7 @@
  * <br/>
  * Sub-classes are expected to provide instances of {@link CodecStringTestTuple} to this instance.
  * <br/>
- * For better test naming output specify {@link CodecStringTestTuple#description} and use {@code} @Parameters (name="{0}")},
+ * For better test naming output specify {@link CodecStringTestTuple#description} and use <code> @Parameters (name="{0}")</code>,
  * where '0' is the index that the CodecStringTestTuple reference appears in the constructor.
  */
 @RunWith(Parameterized.class)
diff --git a/src/test/java/org/owasp/esapi/reference/regex/AbstractPatternTest.java b/src/test/java/org/owasp/esapi/reference/regex/AbstractPatternTest.java
index 89dd1f126..f887db57b 100644
--- a/src/test/java/org/owasp/esapi/reference/regex/AbstractPatternTest.java
+++ b/src/test/java/org/owasp/esapi/reference/regex/AbstractPatternTest.java
@@ -26,7 +26,7 @@
  * <br/>
  * Sub-classes are expected to provide instances of {@link PatternTestTuple} to this instance.
  * <br/>
- * For better test naming output specify {@link PatternTestTuple#description} and use {@code} @Parameters (name="{0}")},
+ * For better test naming output specify {@link PatternTestTuple#description} and use <code> @Parameters (name="{0}")</code>,
  * where '0' is the index that the PatternTestTuple reference appears in the constructor.
  */
 @RunWith(Parameterized.class)

From 3bf59c6c02d929412ad551ef566f08938e4696af Mon Sep 17 00:00:00 2001
From: Matt Seil <mseil@acm.org>
Date: Sun, 13 May 2018 15:41:29 -0700
Subject: [PATCH 494/812] Moved esapi.tld into the correct resources location. 
 Fixes issues #213, #244, #253.

---
 {configuration => src/main/resources}/META-INF/esapi.tld | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename {configuration => src/main/resources}/META-INF/esapi.tld (100%)

diff --git a/configuration/META-INF/esapi.tld b/src/main/resources/META-INF/esapi.tld
similarity index 100%
rename from configuration/META-INF/esapi.tld
rename to src/main/resources/META-INF/esapi.tld

From b54019eab92f58cdf017a26568f079b028cc5f35 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Mon, 9 Jul 2018 17:08:38 -0500
Subject: [PATCH 495/812] Updating Asserts for Additional Output

Converting AssertTrue to other Assert API (mostly assertEquals) to see the
values being compared in the test output.
---
 .../owasp/esapi/reference/crypto/EncryptorTest.java    | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/reference/crypto/EncryptorTest.java b/src/test/java/org/owasp/esapi/reference/crypto/EncryptorTest.java
index 787464cb8..180a590ed 100644
--- a/src/test/java/org/owasp/esapi/reference/crypto/EncryptorTest.java
+++ b/src/test/java/org/owasp/esapi/reference/crypto/EncryptorTest.java
@@ -251,7 +251,7 @@ private String runNewEncryptDecryptTestCase(String cipherXform, int keySize, byt
 			} else if ( cipherAlg.equals( "DES" ) ) {
 				keySize = 64;
 			} // Else... use specified keySize.
-			assertTrue( (keySize / 8) == skey.getEncoded().length );
+			assertEquals(cipherXform + " encoded key size does not match provided key size",  (keySize / 8), skey.getEncoded().length );
 //			System.out.println("testNewEncryptDecrypt(): Skey length (bits) = " + 8 * skey.getEncoded().length);
 
 			// Change to a possibly different cipher. This is kludgey at best. Am thinking about an
@@ -271,7 +271,7 @@ private String runNewEncryptDecryptTestCase(String cipherXform, int keySize, byt
 	    	// Do the encryption with the new encrypt() method and get back the CipherText.
 	    	CipherText ciphertext = instance.encrypt(skey, plaintext);	// The new encrypt() method.
 	    	System.out.println("DEBUG: Encrypt(): CipherText object is -- " + ciphertext);
-	    	assertTrue( ciphertext != null );
+	    	assertNotNull( ciphertext );
 //	    	System.out.println("DEBUG: After encryption: base64-encoded IV+ciphertext: " + ciphertext.getEncodedIVCipherText());
 //	    	System.out.println("\t\tOr... " + ESAPI.encoder().decodeFromBase64(ciphertext.getEncodedIVCipherText()) );
 //	    	System.out.println("DEBUG: After encryption: base64-encoded raw ciphertext: " + ciphertext.getBase64EncodedRawCipherText());
@@ -290,14 +290,14 @@ private String runNewEncryptDecryptTestCase(String cipherXform, int keySize, byt
 	    	// Make sure we got back the same thing we started with.
 	    	System.out.println("\tOriginal plaintext: " + origPlainText);
 	    	System.out.println("\tResult after decryption: " + decryptedPlaintext);
-			assertTrue( "Failed to decrypt properly.", origPlainText.toString().equals( decryptedPlaintext.toString() ) );
+			assertEquals( "Failed to decrypt properly.", origPlainText.toString(), decryptedPlaintext.toString() );
 	    	
 	    	// Restore the previous cipher transformation. For now, this is only way to do this.
 	    	@SuppressWarnings("deprecation")
 			String previousCipherXform = ESAPI.securityConfiguration().setCipherTransformation(null);
-	    	assertTrue( previousCipherXform.equals( cipherXform ) );
+	    	assertEquals( previousCipherXform,  cipherXform  );
 	    	String defaultCipherXform = ESAPI.securityConfiguration().getCipherTransformation();
-	    	assertTrue( defaultCipherXform.equals( oldCipherXform ) );
+	    	assertEquals( defaultCipherXform, oldCipherXform );
 	    	
 	    	return ciphertext.getEncodedIVCipherText();
 		} catch (Exception e) {

From 5232e21036f2959875c7ec7996406f9692d8e5fe Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sun, 22 Jul 2018 08:04:57 -0500
Subject: [PATCH 496/812] Attempt at SLF4J Implementation

Experimenting with one method that may be functional for slf4j hooks. This
implementation has not been tested at either the unit or integration
level.  I do not know if it works yet.
---
 pom.xml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pom.xml b/pom.xml
index 086f70917..6112a4e7f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -243,6 +243,11 @@
 		    <version>1.7.0</version>
 		    <scope>test</scope>
 		</dependency>
+		<dependency>
+			<groupId>org.slf4j</groupId>
+			<artifactId>slf4j-api</artifactId>
+			<version>1.7.25</version>
+		</dependency>
 		<!-- https://mvnrepository.com/artifact/eu.codearte.catch-exception/catch-exception
 		<dependency>
 		    <groupId>eu.codearte.catch-exception</groupId>

From 938b8c8b78892d6b93ef911cc809df7fa1949dbc Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sun, 22 Jul 2018 08:10:50 -0500
Subject: [PATCH 497/812] SLF4J Impl

Adding files missed last commit.

Experimenting with one method that may be functional for slf4j hooks. This
implementation has not been tested at either the unit or integration
level.  I do not know if it works yet.
---
 .../esapi/logging/slf4j/CodecLogScrubber.java |  98 +++++++++++
 .../esapi/logging/slf4j/LogScrubber.java      |  57 +++++++
 .../esapi/logging/slf4j/Slf4JLogBridge.java   |  91 ++++++++++
 .../esapi/logging/slf4j/Slf4JLogFactory.java  |  61 +++++++
 .../esapi/logging/slf4j/Slf4JLogHandler.java  | 108 ++++++++++++
 .../esapi/logging/slf4j/Slf4JLogger.java      | 156 ++++++++++++++++++
 6 files changed, 571 insertions(+)
 create mode 100644 src/main/java/org/owasp/esapi/logging/slf4j/CodecLogScrubber.java
 create mode 100644 src/main/java/org/owasp/esapi/logging/slf4j/LogScrubber.java
 create mode 100644 src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridge.java
 create mode 100644 src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java
 create mode 100644 src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogHandler.java
 create mode 100644 src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogger.java

diff --git a/src/main/java/org/owasp/esapi/logging/slf4j/CodecLogScrubber.java b/src/main/java/org/owasp/esapi/logging/slf4j/CodecLogScrubber.java
new file mode 100644
index 000000000..a5b797e12
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/logging/slf4j/CodecLogScrubber.java
@@ -0,0 +1,98 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @created 2018
+ */
+package org.owasp.esapi.logging.slf4j;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.codecs.Codec;
+import org.owasp.esapi.reference.DefaultSecurityConfiguration;
+
+public class CodecLogScrubber implements LogScrubber {
+    /* NewLine and Carriage Return Replacement values.*/
+    private static final char NEWLINE = '\n';
+    private static final char CARRIAGE_RETURN = '\r';
+    private static final char LINE_WRAP_REPLACE = '_';
+    
+    
+    private final Codec<?> customizedMessageCodec;
+    private final char[] immuneMessageChars;
+    
+    public  CodecLogScrubber (Codec<?> messageCodec, char[] immuneChars) {
+        this.customizedMessageCodec = messageCodec;
+        this.immuneMessageChars = immuneChars;
+    }
+    
+    /**
+     * Returns an Array of String elements representing the cleaned toString() value of each Object in the provided array.
+     * </br>
+     * Index references are retained such that the String in index 0 of the return Array represents the Object at index 0 in the argument.
+     * @param ref Array of elements to create clean String representations for.
+     * @return String Array of cleaned content.
+     */
+    public final String[] cleanArrayAsStrings(Object[] ref) {
+        String[] cleaned = new String[ref.length];
+        for (int index = 0; index < ref.length; index ++) {
+            cleaned[index] = cleanObjectAsString(ref[index]);
+        }
+        return cleaned;
+    }
+    
+    /**
+     * Cleans the toString() value of the argument object and returns it to the caller.
+     * @param ref Object to clean for output.
+     * @return cleaned String
+     */
+    public final String cleanObjectAsString(Object ref) {
+        return cleanString(ref.toString(), false);
+    }
+    
+    /**
+     * Removes newline characters from the provided String then encodes before returning the 'clean' version
+     * to the caller.
+     * 
+     * @param toClean
+     *            Original String to clean.
+     * @param asFormattedMessage Specifying {@code true} will use the specialized message codec and immunity to account for additional message content constraints.  {@code false} will use the esapi-default html encoding.
+     * @return Cleaned String.
+     */
+    public final String cleanString(String toClean, boolean asFormattedMessage) {
+        // ensure no CRLF injection into logs for forging records
+        String clean = toClean.replace(NEWLINE, LINE_WRAP_REPLACE).replace(CARRIAGE_RETURN, LINE_WRAP_REPLACE);
+        
+        if (ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_ENCODING_REQUIRED)) {
+            if (asFormattedMessage) {
+                //Use a more customized html encoder to exclude immune syntax markers for data replacement.
+                clean = customizedMessageCodec.encode(immuneMessageChars, clean);
+            } else {
+                clean = ESAPI.encoder().encodeForHTML(clean);
+            }
+            
+            if (!toClean.equals(clean)) {
+                clean += " (Encoded)";
+            }
+        }
+        return clean;
+    }
+    /**
+     * Removes newline characters from the provided String then encodes it for HTML before returning the 'clean' version
+     * to the caller.
+     * 
+     * @param message
+     *            Original message to clean.
+     * @return Cleaned message.
+     */
+    public final String cleanMessage(String message) {
+       return cleanString(message, true);
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/logging/slf4j/LogScrubber.java b/src/main/java/org/owasp/esapi/logging/slf4j/LogScrubber.java
new file mode 100644
index 000000000..33481183a
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/logging/slf4j/LogScrubber.java
@@ -0,0 +1,57 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @created 2018
+ */
+
+package org.owasp.esapi.logging.slf4j;
+
+public interface LogScrubber {
+
+    /**
+     * Returns an Array of String elements representing the cleaned toString() value of each Object in the provided array.
+     * </br>
+     * Index references are retained such that the String in index 0 of the return Array represents the Object at index 0 in the argument.
+     * @param ref Array of elements to create clean String representations for.
+     * @return String Array of cleaned content.
+     */
+    public String[] cleanArrayAsStrings(Object[] ref);
+    
+    /**
+     * Cleans the toString() value of the argument object and returns it to the caller.
+     * @param ref Object to clean for output.
+     * @return cleaned String
+     */
+    public String cleanObjectAsString(Object ref);
+    
+    /**
+     * Removes newline characters from the provided String then encodes it for HTML before returning the 'clean' version
+     * to the caller.
+     * 
+     * @param toClean
+     *            Original String to clean.
+     * @param asFormattedMessage Specifying {@code true} will add the SLF4J message formatting constants to the encoding immunity list.  {@code false} will use the esapi-default html encoding.
+     * @return Cleaned String.
+     */
+    public String cleanString(String toClean, boolean asFormattedMessage);
+    /**
+     * Removes newline characters from the provided String then encodes it for HTML before returning the 'clean' version
+     * to the caller.
+     * 
+     * @param message
+     *            Original message to clean.
+     * @return Cleaned message.
+     */
+    public String cleanMessage(String message);
+
+
+}
diff --git a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridge.java b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridge.java
new file mode 100644
index 000000000..324b6dc6f
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridge.java
@@ -0,0 +1,91 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @created 2018
+ */
+
+package org.owasp.esapi.logging.slf4j;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.owasp.esapi.Logger.EventType;
+import org.slf4j.IMarkerFactory;
+import org.slf4j.Logger;
+import org.slf4j.Marker;
+import org.slf4j.event.Level;
+import org.slf4j.helpers.BasicMarkerFactory;
+
+/**
+ * Implementation which is intended to bridge the ESAPI Logging API into SLF4J supported Object structures.
+ *
+ */
+public class Slf4JLogBridge {
+    //BasicMarkerFactory uses ConcurrentHashMap to track data.  This *should be* thread safe.
+    private static final IMarkerFactory MARKER_FACTORY = new BasicMarkerFactory();
+    private final Map<Integer,Level> esapiSlfLevelMap;
+    private final LogScrubber scrubber;
+    
+    public Slf4JLogBridge(LogScrubber logScrubber, Map<Integer, Level> esapiSlfLevelMap) {
+        //Defensive copy to prevent external mutations.
+        this.esapiSlfLevelMap = new HashMap<>(esapiSlfLevelMap);
+        this.scrubber = logScrubber;
+    }
+    
+    public void log(Logger logger, int esapiLevel, EventType type, String message) {
+        Slf4JLogHandler handler = getHandler(esapiLevel);
+        if (handler.isEnabled(logger)) {
+            Marker typeMarker = MARKER_FACTORY.getMarker(type.toString());
+            String cleanString = scrubber.cleanMessage(message);
+            handler.log(logger, typeMarker, cleanString);
+        }
+    }
+
+    public void log(Logger logger, int esapiLevel, EventType type, String message, Throwable throwable) {
+        Slf4JLogHandler handler = getHandler(esapiLevel);
+        if (handler.isEnabled(logger)) {
+            Marker typeMarker = MARKER_FACTORY.getMarker(type.toString());
+            String cleanString = scrubber.cleanMessage(message);
+            handler.log(logger, typeMarker, cleanString, throwable);
+        }
+    }
+    
+   public Slf4JLogHandler getHandler(int esapiLevel) {
+        Level slfLevel = esapiSlfLevelMap.get(esapiLevel);
+        if (slfLevel == null) {
+            throw new IllegalArgumentException("Unable to lookup SLF4J level mapping for esapi value of " + esapiLevel);
+        }
+        Slf4JLogHandler handler;
+        switch (slfLevel) {
+        case ERROR:
+            handler = Slf4JLogHandler.ERROR;
+            break;
+        case WARN:
+            handler = Slf4JLogHandler.WARN;
+            break;
+        case INFO:
+            handler = Slf4JLogHandler.INFO;
+            break;
+        case DEBUG:
+            handler = Slf4JLogHandler.DEBUG;
+            break;
+        case TRACE:
+            handler = Slf4JLogHandler.TRACE;
+            break;
+            default:
+                throw new IllegalArgumentException("Unable to lookup SLF4J level mapping for esapi value of " + esapiLevel);
+        }
+        
+        return handler;
+    }
+   
+}
diff --git a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java
new file mode 100644
index 000000000..7783fb31e
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java
@@ -0,0 +1,61 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @created 2018
+ */
+package org.owasp.esapi.logging.slf4j;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.owasp.esapi.LogFactory;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.codecs.HTMLEntityCodec;
+import org.slf4j.LoggerFactory;
+import org.slf4j.event.Level;
+
+public class Slf4JLogFactory implements LogFactory {
+    private static final char BACKSLASH = '\\';
+    private static final char OPEN_SLF_FORMAT='{';
+    private static final char CLOSE_SLF_FORMAT='}';
+    private static final char[] IMMUNE_SLF4J_HTML = {',', '.', '-', '_', ' ',BACKSLASH, OPEN_SLF_FORMAT, CLOSE_SLF_FORMAT };
+    private static final HTMLEntityCodec HTML_CODEC = new HTMLEntityCodec();
+    private static final LogScrubber SLF4J_LOG_SCRUBBER = new CodecLogScrubber(HTML_CODEC, IMMUNE_SLF4J_HTML);
+    private static Slf4JLogBridge LOG_BRIDGE;
+    static {
+        Map<Integer, Level> levelLookup = new HashMap<>();
+        levelLookup.put(Logger.ALL, Level.TRACE);
+        levelLookup.put(Logger.TRACE, Level.TRACE);
+        levelLookup.put(Logger.DEBUG, Level.TRACE);
+        levelLookup.put(Logger.INFO, Level.TRACE);
+        levelLookup.put(Logger.ERROR, Level.TRACE);
+        levelLookup.put(Logger.WARNING, Level.TRACE);
+        levelLookup.put(Logger.FATAL, Level.TRACE);
+        //LEVEL.OFF not used.  If it's off why would we try to log it?
+        
+        LOG_BRIDGE = new Slf4JLogBridge(SLF4J_LOG_SCRUBBER, levelLookup);
+    }
+    
+    
+    @Override
+    public Logger getLogger(String moduleName) {
+        org.slf4j.Logger slf4JLogger = LoggerFactory.getLogger(moduleName);
+        return new Slf4JLogger(slf4JLogger, LOG_BRIDGE, Logger.ALL);
+    }
+
+    @Override
+    public Logger getLogger(@SuppressWarnings("rawtypes") Class clazz) {
+        org.slf4j.Logger slf4JLogger = LoggerFactory.getLogger(clazz);
+        return new Slf4JLogger(slf4JLogger, LOG_BRIDGE, Logger.ALL);
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogHandler.java b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogHandler.java
new file mode 100644
index 000000000..c94b74cce
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogHandler.java
@@ -0,0 +1,108 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @created 2018
+ */
+
+package org.owasp.esapi.logging.slf4j;
+
+import org.slf4j.Logger;
+import org.slf4j.Marker;
+
+public enum Slf4JLogHandler {
+    ERROR {
+        @Override
+        public boolean isEnabled(Logger logger) {
+            return logger.isErrorEnabled();
+        }
+
+        @Override
+        public void log(Logger logger, Marker marker, String msg) {
+            logger.error(marker, msg);
+        }
+
+        @Override
+        public void log(Logger logger, Marker marker, String msg, Throwable th) {
+            logger.error(marker, msg, th);
+        }
+    },
+       WARN {
+        @Override
+        public boolean isEnabled(Logger logger) {
+           return logger.isWarnEnabled();
+        }
+
+        @Override
+        public void log(Logger logger, Marker marker, String msg) {
+            logger.warn(marker, msg);
+        }
+
+        @Override
+        public void log(Logger logger, Marker marker, String msg, Throwable th) {
+            logger.warn(marker, msg, th);
+        }
+    },
+       INFO {
+        @Override
+        public boolean isEnabled(Logger logger) {
+            return logger.isInfoEnabled();
+        }
+
+        @Override
+        public void log(Logger logger, Marker marker, String msg) {
+            logger.info(marker, msg);
+        }
+
+        @Override
+        public void log(Logger logger, Marker marker, String msg, Throwable th) {
+            logger.info(marker, msg, th);
+        }
+    },
+       DEBUG {
+        @Override
+        public boolean isEnabled(Logger logger) {
+            return logger.isDebugEnabled();
+        }
+
+        @Override
+        public void log(Logger logger, Marker marker, String msg) {
+            logger.debug(marker, msg);   
+        }
+
+        @Override
+        public void log(Logger logger, Marker marker, String msg, Throwable th) {
+            logger.debug(marker, msg, th);
+        }
+    },
+       TRACE{
+
+        @Override
+        public boolean isEnabled(Logger logger) {
+            return logger.isTraceEnabled();
+        }
+
+        @Override
+        public void log(Logger logger, Marker marker, String msg) {
+            logger.trace(marker, msg);
+        }
+
+        @Override
+        public void log(Logger logger, Marker marker, String msg, Throwable th) {
+            logger.trace(marker, msg, th);
+        }
+           
+       };
+       
+       public abstract boolean isEnabled(Logger logger);
+       public abstract void log(Logger logger, Marker marker, String msg);
+       public abstract void log(Logger logger, Marker marker, String msg, Throwable th);
+   }
diff --git a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogger.java b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogger.java
new file mode 100644
index 000000000..9d3c68739
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogger.java
@@ -0,0 +1,156 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @created 2018
+ */
+package org.owasp.esapi.logging.slf4j;
+
+import org.owasp.esapi.Logger;
+
+public class Slf4JLogger implements org.owasp.esapi.Logger {
+    private final org.slf4j.Logger delegate;
+    private final Slf4JLogBridge logBridge;
+    private int esapiLogLevel;
+    
+    public Slf4JLogger(org.slf4j.Logger slf4JLogger, Slf4JLogBridge bridge, int defaultEsapiLevel) {
+        delegate = slf4JLogger;
+        this.logBridge = bridge;
+        esapiLogLevel = defaultEsapiLevel;
+    }
+    
+    private void log(int esapiLevel, EventType type, String message) {
+        if (isEnabled(esapiLevel)) {
+            logBridge.log(delegate, esapiLevel, type, message);
+        }
+    }
+    
+    private void log(int esapiLevel, EventType type, String message, Throwable throwable) {
+        if (isEnabled(esapiLevel)) {
+            logBridge.log(delegate, esapiLevel, type, message, throwable);
+        }
+    }
+    
+
+    private boolean isEnabled(int esapiLevel) {
+        return esapiLogLevel < esapiLevel;
+    }
+    
+    @Override
+    public void always(EventType type, String message) {
+        log (Logger.ALL, type, message);
+    }
+
+    @Override
+    public void always(EventType type, String message, Throwable throwable) {
+        log (Logger.ALL, type, message, throwable);
+    }
+
+    @Override
+    public void trace(EventType type, String message) {
+        log (Logger.TRACE, type, message);
+    }
+    
+    @Override
+    public void trace(EventType type, String message, Throwable throwable) {
+        log (Logger.TRACE, type, message, throwable);
+    }
+
+    @Override
+    public void debug(EventType type, String message) {
+        log (Logger.DEBUG, type, message);
+    }
+
+    @Override
+    public void debug(EventType type, String message, Throwable throwable) {
+        log (Logger.DEBUG, type, message, throwable);
+    }
+    
+    @Override
+    public void info(EventType type, String message) {
+        log (Logger.INFO, type, message);
+    }
+    
+    @Override
+    public void info(EventType type, String message, Throwable throwable) {
+        log (Logger.INFO, type, message, throwable);
+    }
+    
+    @Override
+    public void warning(EventType type, String message) {
+        log (Logger.WARNING, type, message);
+    }
+    
+    @Override
+    public void warning(EventType type, String message, Throwable throwable) {
+        log (Logger.WARNING, type, message, throwable);
+    }
+
+    @Override
+    public void error(EventType type, String message) {
+        log (Logger.ERROR, type, message);
+    }
+
+    @Override
+    public void error(EventType type, String message, Throwable throwable) {
+        log (Logger.ERROR, type, message, throwable);   
+    }
+
+    @Override
+    public void fatal(EventType type, String message) {
+        log (Logger.FATAL, type, message);
+    }
+
+    @Override
+    public void fatal(EventType type, String message, Throwable throwable) {
+        log (Logger.FATAL, type, message, throwable);
+    }
+    
+    @Override
+    public int getESAPILevel() {
+        return esapiLogLevel;
+    }
+    
+    @Override
+    public boolean isTraceEnabled() {
+        return isEnabled(Logger.TRACE);
+    }
+    
+    @Override
+    public boolean isDebugEnabled() {
+        return isEnabled(Logger.DEBUG);
+    }
+    @Override
+    public boolean isInfoEnabled() {
+        return isEnabled(Logger.INFO); 
+    }
+    @Override
+    public boolean isWarningEnabled() {
+        return isEnabled(Logger.WARNING);
+    }
+    
+    @Override
+    public boolean isErrorEnabled() {
+        return isEnabled(Logger.ERROR);
+    }
+    
+    @Override
+    public boolean isFatalEnabled() {
+       return isEnabled(Logger.FATAL);
+    }
+    
+
+    @Override
+    public void setLevel(int level) {
+       esapiLogLevel = level;
+    }
+    
+}

From 0e51bb19b62457b9cc5c86abf6ca67e1da2290f0 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sat, 4 Aug 2018 20:04:35 -0500
Subject: [PATCH 498/812] SLF4J Test Structures

Improving unit test implementation and refactoring to facilitate better
component tests.
---
 .../logging/cleaning/CodecLogScrubber.java    |  32 +++
 .../cleaning/CompositeLogScrubber.java        |  24 ++
 .../esapi/logging/cleaning/LogScrubber.java   |  31 ++
 .../logging/cleaning/NewlineLogScrubber.java  |  13 +
 .../esapi/logging/slf4j/CodecLogScrubber.java |  98 -------
 .../esapi/logging/slf4j/LogScrubber.java      |  57 ----
 .../esapi/logging/slf4j/Slf4JLogBridge.java   |  89 +-----
 .../logging/slf4j/Slf4JLogBridgeImpl.java     |  67 +++++
 .../esapi/logging/slf4j/Slf4JLogFactory.java  |  45 ++-
 .../esapi/logging/slf4j/Slf4JLogHandler.java  | 108 +------
 .../esapi/logging/slf4j/Slf4JLogHandlers.java | 108 +++++++
 .../esapi/logging/slf4j/Slf4JLogger.java      |  11 +-
 .../cleaning/CodecLogScrubberTest.java        |  24 ++
 .../cleaning/CompositeLogScrubberTest.java    |  41 +++
 .../cleaning/NewlineLogScrubberTest.java      |  28 ++
 .../logging/slf4j/Slf4JLogBridgeImplTest.java | 120 ++++++++
 .../logging/slf4j/Slf4JLogFactoryTest.java    |  63 ++++
 .../logging/slf4j/Slf4JLogHandlersTest.java   |  76 +++++
 .../esapi/logging/slf4j/Slf4JLoggerTest.java  | 270 ++++++++++++++++++
 19 files changed, 946 insertions(+), 359 deletions(-)
 create mode 100644 src/main/java/org/owasp/esapi/logging/cleaning/CodecLogScrubber.java
 create mode 100644 src/main/java/org/owasp/esapi/logging/cleaning/CompositeLogScrubber.java
 create mode 100644 src/main/java/org/owasp/esapi/logging/cleaning/LogScrubber.java
 create mode 100644 src/main/java/org/owasp/esapi/logging/cleaning/NewlineLogScrubber.java
 delete mode 100644 src/main/java/org/owasp/esapi/logging/slf4j/CodecLogScrubber.java
 delete mode 100644 src/main/java/org/owasp/esapi/logging/slf4j/LogScrubber.java
 create mode 100644 src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridgeImpl.java
 create mode 100644 src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogHandlers.java
 create mode 100644 src/test/java/org/owasp/esapi/logging/cleaning/CodecLogScrubberTest.java
 create mode 100644 src/test/java/org/owasp/esapi/logging/cleaning/CompositeLogScrubberTest.java
 create mode 100644 src/test/java/org/owasp/esapi/logging/cleaning/NewlineLogScrubberTest.java
 create mode 100644 src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridgeImplTest.java
 create mode 100644 src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactoryTest.java
 create mode 100644 src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogHandlersTest.java
 create mode 100644 src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLoggerTest.java

diff --git a/src/main/java/org/owasp/esapi/logging/cleaning/CodecLogScrubber.java b/src/main/java/org/owasp/esapi/logging/cleaning/CodecLogScrubber.java
new file mode 100644
index 000000000..83abf6ef6
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/logging/cleaning/CodecLogScrubber.java
@@ -0,0 +1,32 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @created 2018
+ */
+package org.owasp.esapi.logging.cleaning;
+
+import org.owasp.esapi.codecs.Codec;
+
+public class CodecLogScrubber implements LogScrubber {
+    private final Codec<?> customizedMessageCodec;
+    private final char[] immuneMessageChars;
+    
+    public  CodecLogScrubber (Codec<?> messageCodec, char[] immuneChars) {
+        this.customizedMessageCodec = messageCodec;
+        this.immuneMessageChars = immuneChars;
+    }
+    
+    @Override
+    public String cleanMessage(String message) {
+         return customizedMessageCodec.encode(immuneMessageChars, message);
+    }    
+}
diff --git a/src/main/java/org/owasp/esapi/logging/cleaning/CompositeLogScrubber.java b/src/main/java/org/owasp/esapi/logging/cleaning/CompositeLogScrubber.java
new file mode 100644
index 000000000..b8ef15504
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/logging/cleaning/CompositeLogScrubber.java
@@ -0,0 +1,24 @@
+package org.owasp.esapi.logging.cleaning;
+
+import java.util.ArrayList;
+import java.util.List;
+
+public class CompositeLogScrubber  implements LogScrubber {
+
+    private final List<LogScrubber> messageCleaners;
+    
+    public CompositeLogScrubber(List<LogScrubber> orderedCleaner) {
+        this.messageCleaners = new ArrayList<>(orderedCleaner);
+    }
+    
+    @Override
+    public String cleanMessage(String message) {
+        String cleaned = message;
+        
+        for(LogScrubber scrubadub : messageCleaners) {
+            cleaned = scrubadub.cleanMessage(cleaned);
+        }
+        
+        return cleaned;
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/logging/cleaning/LogScrubber.java b/src/main/java/org/owasp/esapi/logging/cleaning/LogScrubber.java
new file mode 100644
index 000000000..17efe6340
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/logging/cleaning/LogScrubber.java
@@ -0,0 +1,31 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @created 2018
+ */
+
+package org.owasp.esapi.logging.cleaning;
+
+public interface LogScrubber {
+
+    /**
+     * Removes newline characters from the provided String then encodes it for HTML before returning the 'clean' version
+     * to the caller.
+     * 
+     * @param message
+     *            Original message to clean.
+     * @return Cleaned message.
+     */
+    public String cleanMessage(String message);
+
+
+}
diff --git a/src/main/java/org/owasp/esapi/logging/cleaning/NewlineLogScrubber.java b/src/main/java/org/owasp/esapi/logging/cleaning/NewlineLogScrubber.java
new file mode 100644
index 000000000..2cfeb236e
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/logging/cleaning/NewlineLogScrubber.java
@@ -0,0 +1,13 @@
+package org.owasp.esapi.logging.cleaning;
+
+public class NewlineLogScrubber  implements LogScrubber {
+    /* NewLine and Carriage Return Replacement values.*/
+    private static final char NEWLINE = '\n';
+    private static final char CARRIAGE_RETURN = '\r';
+    private static final char LINE_WRAP_REPLACE = '_';
+    
+    @Override
+    public String cleanMessage(String message) {
+        return message.replace(NEWLINE, LINE_WRAP_REPLACE).replace(CARRIAGE_RETURN, LINE_WRAP_REPLACE);
+    } 
+}
diff --git a/src/main/java/org/owasp/esapi/logging/slf4j/CodecLogScrubber.java b/src/main/java/org/owasp/esapi/logging/slf4j/CodecLogScrubber.java
deleted file mode 100644
index a5b797e12..000000000
--- a/src/main/java/org/owasp/esapi/logging/slf4j/CodecLogScrubber.java
+++ /dev/null
@@ -1,98 +0,0 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @created 2018
- */
-package org.owasp.esapi.logging.slf4j;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.codecs.Codec;
-import org.owasp.esapi.reference.DefaultSecurityConfiguration;
-
-public class CodecLogScrubber implements LogScrubber {
-    /* NewLine and Carriage Return Replacement values.*/
-    private static final char NEWLINE = '\n';
-    private static final char CARRIAGE_RETURN = '\r';
-    private static final char LINE_WRAP_REPLACE = '_';
-    
-    
-    private final Codec<?> customizedMessageCodec;
-    private final char[] immuneMessageChars;
-    
-    public  CodecLogScrubber (Codec<?> messageCodec, char[] immuneChars) {
-        this.customizedMessageCodec = messageCodec;
-        this.immuneMessageChars = immuneChars;
-    }
-    
-    /**
-     * Returns an Array of String elements representing the cleaned toString() value of each Object in the provided array.
-     * </br>
-     * Index references are retained such that the String in index 0 of the return Array represents the Object at index 0 in the argument.
-     * @param ref Array of elements to create clean String representations for.
-     * @return String Array of cleaned content.
-     */
-    public final String[] cleanArrayAsStrings(Object[] ref) {
-        String[] cleaned = new String[ref.length];
-        for (int index = 0; index < ref.length; index ++) {
-            cleaned[index] = cleanObjectAsString(ref[index]);
-        }
-        return cleaned;
-    }
-    
-    /**
-     * Cleans the toString() value of the argument object and returns it to the caller.
-     * @param ref Object to clean for output.
-     * @return cleaned String
-     */
-    public final String cleanObjectAsString(Object ref) {
-        return cleanString(ref.toString(), false);
-    }
-    
-    /**
-     * Removes newline characters from the provided String then encodes before returning the 'clean' version
-     * to the caller.
-     * 
-     * @param toClean
-     *            Original String to clean.
-     * @param asFormattedMessage Specifying {@code true} will use the specialized message codec and immunity to account for additional message content constraints.  {@code false} will use the esapi-default html encoding.
-     * @return Cleaned String.
-     */
-    public final String cleanString(String toClean, boolean asFormattedMessage) {
-        // ensure no CRLF injection into logs for forging records
-        String clean = toClean.replace(NEWLINE, LINE_WRAP_REPLACE).replace(CARRIAGE_RETURN, LINE_WRAP_REPLACE);
-        
-        if (ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_ENCODING_REQUIRED)) {
-            if (asFormattedMessage) {
-                //Use a more customized html encoder to exclude immune syntax markers for data replacement.
-                clean = customizedMessageCodec.encode(immuneMessageChars, clean);
-            } else {
-                clean = ESAPI.encoder().encodeForHTML(clean);
-            }
-            
-            if (!toClean.equals(clean)) {
-                clean += " (Encoded)";
-            }
-        }
-        return clean;
-    }
-    /**
-     * Removes newline characters from the provided String then encodes it for HTML before returning the 'clean' version
-     * to the caller.
-     * 
-     * @param message
-     *            Original message to clean.
-     * @return Cleaned message.
-     */
-    public final String cleanMessage(String message) {
-       return cleanString(message, true);
-    }
-}
diff --git a/src/main/java/org/owasp/esapi/logging/slf4j/LogScrubber.java b/src/main/java/org/owasp/esapi/logging/slf4j/LogScrubber.java
deleted file mode 100644
index 33481183a..000000000
--- a/src/main/java/org/owasp/esapi/logging/slf4j/LogScrubber.java
+++ /dev/null
@@ -1,57 +0,0 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @created 2018
- */
-
-package org.owasp.esapi.logging.slf4j;
-
-public interface LogScrubber {
-
-    /**
-     * Returns an Array of String elements representing the cleaned toString() value of each Object in the provided array.
-     * </br>
-     * Index references are retained such that the String in index 0 of the return Array represents the Object at index 0 in the argument.
-     * @param ref Array of elements to create clean String representations for.
-     * @return String Array of cleaned content.
-     */
-    public String[] cleanArrayAsStrings(Object[] ref);
-    
-    /**
-     * Cleans the toString() value of the argument object and returns it to the caller.
-     * @param ref Object to clean for output.
-     * @return cleaned String
-     */
-    public String cleanObjectAsString(Object ref);
-    
-    /**
-     * Removes newline characters from the provided String then encodes it for HTML before returning the 'clean' version
-     * to the caller.
-     * 
-     * @param toClean
-     *            Original String to clean.
-     * @param asFormattedMessage Specifying {@code true} will add the SLF4J message formatting constants to the encoding immunity list.  {@code false} will use the esapi-default html encoding.
-     * @return Cleaned String.
-     */
-    public String cleanString(String toClean, boolean asFormattedMessage);
-    /**
-     * Removes newline characters from the provided String then encodes it for HTML before returning the 'clean' version
-     * to the caller.
-     * 
-     * @param message
-     *            Original message to clean.
-     * @return Cleaned message.
-     */
-    public String cleanMessage(String message);
-
-
-}
diff --git a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridge.java b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridge.java
index 324b6dc6f..672d46738 100644
--- a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridge.java
+++ b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridge.java
@@ -1,91 +1,10 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @created 2018
- */
-
 package org.owasp.esapi.logging.slf4j;
 
-import java.util.HashMap;
-import java.util.Map;
-
 import org.owasp.esapi.Logger.EventType;
-import org.slf4j.IMarkerFactory;
 import org.slf4j.Logger;
-import org.slf4j.Marker;
-import org.slf4j.event.Level;
-import org.slf4j.helpers.BasicMarkerFactory;
-
-/**
- * Implementation which is intended to bridge the ESAPI Logging API into SLF4J supported Object structures.
- *
- */
-public class Slf4JLogBridge {
-    //BasicMarkerFactory uses ConcurrentHashMap to track data.  This *should be* thread safe.
-    private static final IMarkerFactory MARKER_FACTORY = new BasicMarkerFactory();
-    private final Map<Integer,Level> esapiSlfLevelMap;
-    private final LogScrubber scrubber;
-    
-    public Slf4JLogBridge(LogScrubber logScrubber, Map<Integer, Level> esapiSlfLevelMap) {
-        //Defensive copy to prevent external mutations.
-        this.esapiSlfLevelMap = new HashMap<>(esapiSlfLevelMap);
-        this.scrubber = logScrubber;
-    }
-    
-    public void log(Logger logger, int esapiLevel, EventType type, String message) {
-        Slf4JLogHandler handler = getHandler(esapiLevel);
-        if (handler.isEnabled(logger)) {
-            Marker typeMarker = MARKER_FACTORY.getMarker(type.toString());
-            String cleanString = scrubber.cleanMessage(message);
-            handler.log(logger, typeMarker, cleanString);
-        }
-    }
 
-    public void log(Logger logger, int esapiLevel, EventType type, String message, Throwable throwable) {
-        Slf4JLogHandler handler = getHandler(esapiLevel);
-        if (handler.isEnabled(logger)) {
-            Marker typeMarker = MARKER_FACTORY.getMarker(type.toString());
-            String cleanString = scrubber.cleanMessage(message);
-            handler.log(logger, typeMarker, cleanString, throwable);
-        }
-    }
-    
-   public Slf4JLogHandler getHandler(int esapiLevel) {
-        Level slfLevel = esapiSlfLevelMap.get(esapiLevel);
-        if (slfLevel == null) {
-            throw new IllegalArgumentException("Unable to lookup SLF4J level mapping for esapi value of " + esapiLevel);
-        }
-        Slf4JLogHandler handler;
-        switch (slfLevel) {
-        case ERROR:
-            handler = Slf4JLogHandler.ERROR;
-            break;
-        case WARN:
-            handler = Slf4JLogHandler.WARN;
-            break;
-        case INFO:
-            handler = Slf4JLogHandler.INFO;
-            break;
-        case DEBUG:
-            handler = Slf4JLogHandler.DEBUG;
-            break;
-        case TRACE:
-            handler = Slf4JLogHandler.TRACE;
-            break;
-            default:
-                throw new IllegalArgumentException("Unable to lookup SLF4J level mapping for esapi value of " + esapiLevel);
-        }
-        
-        return handler;
-    }
-   
+public interface Slf4JLogBridge {
+    void log(Logger logger, int esapiLevel, EventType type, String message) ;
+    void log(Logger logger, int esapiLevel, EventType type, String message, Throwable throwable) ;
+      
 }
diff --git a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridgeImpl.java b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridgeImpl.java
new file mode 100644
index 000000000..0999fc98f
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridgeImpl.java
@@ -0,0 +1,67 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @created 2018
+ */
+
+package org.owasp.esapi.logging.slf4j;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.owasp.esapi.Logger.EventType;
+import org.owasp.esapi.logging.cleaning.LogScrubber;
+import org.slf4j.IMarkerFactory;
+import org.slf4j.Logger;
+import org.slf4j.Marker;
+import org.slf4j.helpers.BasicMarkerFactory;
+
+/**
+ * Implementation which is intended to bridge the ESAPI Logging API into SLF4J supported Object structures.
+ *
+ */
+public class Slf4JLogBridgeImpl implements Slf4JLogBridge {
+    //BasicMarkerFactory uses ConcurrentHashMap to track data.  This *should be* thread safe.
+    private static final IMarkerFactory MARKER_FACTORY = new BasicMarkerFactory();
+    private final Map<Integer,Slf4JLogHandler> esapiSlfLevelMap;
+    private final LogScrubber scrubber;
+    
+    public Slf4JLogBridgeImpl(LogScrubber logScrubber, Map<Integer, Slf4JLogHandler> esapiSlfHandlerMap) {
+        //Defensive copy to prevent external mutations.
+        this.esapiSlfLevelMap = new HashMap<>(esapiSlfHandlerMap);
+        this.scrubber = logScrubber;
+    }
+    
+    public void log(Logger logger, int esapiLevel, EventType type, String message) {
+        Slf4JLogHandler handler = esapiSlfLevelMap.get(esapiLevel);
+        if (handler == null) {
+            throw new IllegalArgumentException("Unable to lookup SLF4J level mapping for esapi value of " + esapiLevel);
+        }
+        if (handler.isEnabled(logger)) {
+            Marker typeMarker = MARKER_FACTORY.getMarker(type.toString());
+            String cleanString = scrubber.cleanMessage(message);
+            handler.log(logger, typeMarker, cleanString);
+        }
+    }
+
+    public void log(Logger logger, int esapiLevel, EventType type, String message, Throwable throwable) {
+        Slf4JLogHandler handler = esapiSlfLevelMap.get(esapiLevel);
+        if (handler == null) {
+            throw new IllegalArgumentException("Unable to lookup SLF4J level mapping for esapi value of " + esapiLevel);
+        }
+        if (handler.isEnabled(logger)) {
+            Marker typeMarker = MARKER_FACTORY.getMarker(type.toString());
+            String cleanString = scrubber.cleanMessage(message);
+            handler.log(logger, typeMarker, cleanString, throwable);
+        }
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java
index 7783fb31e..32d000381 100644
--- a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java
+++ b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java
@@ -14,14 +14,21 @@
  */
 package org.owasp.esapi.logging.slf4j;
 
+import java.util.ArrayList;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
 
+import org.owasp.esapi.ESAPI;
 import org.owasp.esapi.LogFactory;
 import org.owasp.esapi.Logger;
 import org.owasp.esapi.codecs.HTMLEntityCodec;
+import org.owasp.esapi.logging.cleaning.CodecLogScrubber;
+import org.owasp.esapi.logging.cleaning.CompositeLogScrubber;
+import org.owasp.esapi.logging.cleaning.LogScrubber;
+import org.owasp.esapi.logging.cleaning.NewlineLogScrubber;
+import org.owasp.esapi.reference.DefaultSecurityConfiguration;
 import org.slf4j.LoggerFactory;
-import org.slf4j.event.Level;
 
 public class Slf4JLogFactory implements LogFactory {
     private static final char BACKSLASH = '\\';
@@ -29,20 +36,36 @@ public class Slf4JLogFactory implements LogFactory {
     private static final char CLOSE_SLF_FORMAT='}';
     private static final char[] IMMUNE_SLF4J_HTML = {',', '.', '-', '_', ' ',BACKSLASH, OPEN_SLF_FORMAT, CLOSE_SLF_FORMAT };
     private static final HTMLEntityCodec HTML_CODEC = new HTMLEntityCodec();
-    private static final LogScrubber SLF4J_LOG_SCRUBBER = new CodecLogScrubber(HTML_CODEC, IMMUNE_SLF4J_HTML);
+    private static LogScrubber SLF4J_LOG_SCRUBBER;
     private static Slf4JLogBridge LOG_BRIDGE;
     static {
-        Map<Integer, Level> levelLookup = new HashMap<>();
-        levelLookup.put(Logger.ALL, Level.TRACE);
-        levelLookup.put(Logger.TRACE, Level.TRACE);
-        levelLookup.put(Logger.DEBUG, Level.TRACE);
-        levelLookup.put(Logger.INFO, Level.TRACE);
-        levelLookup.put(Logger.ERROR, Level.TRACE);
-        levelLookup.put(Logger.WARNING, Level.TRACE);
-        levelLookup.put(Logger.FATAL, Level.TRACE);
+        
+        boolean encodeLog = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_ENCODING_REQUIRED);
+        SLF4J_LOG_SCRUBBER = createLogScrubber(encodeLog);
+        
+        Map<Integer, Slf4JLogHandler> levelLookup = new HashMap<>();
+        levelLookup.put(Logger.ALL, Slf4JLogHandlers.TRACE);
+        levelLookup.put(Logger.TRACE, Slf4JLogHandlers.TRACE);
+        levelLookup.put(Logger.DEBUG, Slf4JLogHandlers.DEBUG);
+        levelLookup.put(Logger.INFO, Slf4JLogHandlers.INFO);
+        levelLookup.put(Logger.ERROR, Slf4JLogHandlers.ERROR);
+        levelLookup.put(Logger.WARNING, Slf4JLogHandlers.WARN);
+        levelLookup.put(Logger.FATAL, Slf4JLogHandlers.ERROR);
         //LEVEL.OFF not used.  If it's off why would we try to log it?
         
-        LOG_BRIDGE = new Slf4JLogBridge(SLF4J_LOG_SCRUBBER, levelLookup);
+        LOG_BRIDGE = new Slf4JLogBridgeImpl(SLF4J_LOG_SCRUBBER, levelLookup);
+    }
+    
+    /*package*/ static LogScrubber createLogScrubber(boolean requiresEncoding) {
+        List<LogScrubber> messageScrubber = new ArrayList<>();
+        messageScrubber.add(new NewlineLogScrubber());
+        
+        if (requiresEncoding) {
+            messageScrubber.add(new CodecLogScrubber(HTML_CODEC, IMMUNE_SLF4J_HTML));
+        }
+        
+        return new CompositeLogScrubber(messageScrubber);
+        
     }
     
     
diff --git a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogHandler.java b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogHandler.java
index c94b74cce..3607b34e8 100644
--- a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogHandler.java
+++ b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogHandler.java
@@ -1,108 +1,10 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @created 2018
- */
-
 package org.owasp.esapi.logging.slf4j;
 
 import org.slf4j.Logger;
 import org.slf4j.Marker;
 
-public enum Slf4JLogHandler {
-    ERROR {
-        @Override
-        public boolean isEnabled(Logger logger) {
-            return logger.isErrorEnabled();
-        }
-
-        @Override
-        public void log(Logger logger, Marker marker, String msg) {
-            logger.error(marker, msg);
-        }
-
-        @Override
-        public void log(Logger logger, Marker marker, String msg, Throwable th) {
-            logger.error(marker, msg, th);
-        }
-    },
-       WARN {
-        @Override
-        public boolean isEnabled(Logger logger) {
-           return logger.isWarnEnabled();
-        }
-
-        @Override
-        public void log(Logger logger, Marker marker, String msg) {
-            logger.warn(marker, msg);
-        }
-
-        @Override
-        public void log(Logger logger, Marker marker, String msg, Throwable th) {
-            logger.warn(marker, msg, th);
-        }
-    },
-       INFO {
-        @Override
-        public boolean isEnabled(Logger logger) {
-            return logger.isInfoEnabled();
-        }
-
-        @Override
-        public void log(Logger logger, Marker marker, String msg) {
-            logger.info(marker, msg);
-        }
-
-        @Override
-        public void log(Logger logger, Marker marker, String msg, Throwable th) {
-            logger.info(marker, msg, th);
-        }
-    },
-       DEBUG {
-        @Override
-        public boolean isEnabled(Logger logger) {
-            return logger.isDebugEnabled();
-        }
-
-        @Override
-        public void log(Logger logger, Marker marker, String msg) {
-            logger.debug(marker, msg);   
-        }
-
-        @Override
-        public void log(Logger logger, Marker marker, String msg, Throwable th) {
-            logger.debug(marker, msg, th);
-        }
-    },
-       TRACE{
-
-        @Override
-        public boolean isEnabled(Logger logger) {
-            return logger.isTraceEnabled();
-        }
-
-        @Override
-        public void log(Logger logger, Marker marker, String msg) {
-            logger.trace(marker, msg);
-        }
-
-        @Override
-        public void log(Logger logger, Marker marker, String msg, Throwable th) {
-            logger.trace(marker, msg, th);
-        }
-           
-       };
-       
-       public abstract boolean isEnabled(Logger logger);
-       public abstract void log(Logger logger, Marker marker, String msg);
-       public abstract void log(Logger logger, Marker marker, String msg, Throwable th);
-   }
+public interface Slf4JLogHandler {
+    boolean isEnabled(Logger logger);
+    void log(Logger logger, Marker marker, String msg);
+    void log(Logger logger, Marker marker, String msg, Throwable th);
+}
diff --git a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogHandlers.java b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogHandlers.java
new file mode 100644
index 000000000..937f4a45d
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogHandlers.java
@@ -0,0 +1,108 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @created 2018
+ */
+
+package org.owasp.esapi.logging.slf4j;
+
+import org.slf4j.Logger;
+import org.slf4j.Marker;
+
+public enum Slf4JLogHandlers implements Slf4JLogHandler {
+    ERROR {
+        @Override
+        public boolean isEnabled(Logger logger) {
+            return logger.isErrorEnabled();
+        }
+
+        @Override
+        public void log(Logger logger, Marker marker, String msg) {
+            logger.error(marker, msg);
+        }
+
+        @Override
+        public void log(Logger logger, Marker marker, String msg, Throwable th) {
+            logger.error(marker, msg, th);
+        }
+    },
+       WARN {
+        @Override
+        public boolean isEnabled(Logger logger) {
+           return logger.isWarnEnabled();
+        }
+
+        @Override
+        public void log(Logger logger, Marker marker, String msg) {
+            logger.warn(marker, msg);
+        }
+
+        @Override
+        public void log(Logger logger, Marker marker, String msg, Throwable th) {
+            logger.warn(marker, msg, th);
+        }
+    },
+       INFO {
+        @Override
+        public boolean isEnabled(Logger logger) {
+            return logger.isInfoEnabled();
+        }
+
+        @Override
+        public void log(Logger logger, Marker marker, String msg) {
+            logger.info(marker, msg);
+        }
+
+        @Override
+        public void log(Logger logger, Marker marker, String msg, Throwable th) {
+            logger.info(marker, msg, th);
+        }
+    },
+       DEBUG {
+        @Override
+        public boolean isEnabled(Logger logger) {
+            return logger.isDebugEnabled();
+        }
+
+        @Override
+        public void log(Logger logger, Marker marker, String msg) {
+            logger.debug(marker, msg);   
+        }
+
+        @Override
+        public void log(Logger logger, Marker marker, String msg, Throwable th) {
+            logger.debug(marker, msg, th);
+        }
+    },
+       TRACE{
+
+        @Override
+        public boolean isEnabled(Logger logger) {
+            return logger.isTraceEnabled();
+        }
+
+        @Override
+        public void log(Logger logger, Marker marker, String msg) {
+            logger.trace(marker, msg);
+        }
+
+        @Override
+        public void log(Logger logger, Marker marker, String msg, Throwable th) {
+            logger.trace(marker, msg, th);
+        }
+           
+       };
+       
+       public abstract boolean isEnabled(Logger logger);
+       public abstract void log(Logger logger, Marker marker, String msg);
+       public abstract void log(Logger logger, Marker marker, String msg, Throwable th);
+   }
diff --git a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogger.java b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogger.java
index 9d3c68739..ee577fe58 100644
--- a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogger.java
+++ b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogger.java
@@ -19,12 +19,12 @@
 public class Slf4JLogger implements org.owasp.esapi.Logger {
     private final org.slf4j.Logger delegate;
     private final Slf4JLogBridge logBridge;
-    private int esapiLogLevel;
+    private int maxLogLevel;
     
     public Slf4JLogger(org.slf4j.Logger slf4JLogger, Slf4JLogBridge bridge, int defaultEsapiLevel) {
         delegate = slf4JLogger;
         this.logBridge = bridge;
-        esapiLogLevel = defaultEsapiLevel;
+        maxLogLevel = defaultEsapiLevel;
     }
     
     private void log(int esapiLevel, EventType type, String message) {
@@ -41,7 +41,8 @@ private void log(int esapiLevel, EventType type, String message, Throwable throw
     
 
     private boolean isEnabled(int esapiLevel) {
-        return esapiLogLevel < esapiLevel;
+        //Are Logger.OFF and Logger.ALL reversed?  This should be simply the less than or equal to check...
+        return (esapiLevel <= maxLogLevel && maxLogLevel != Logger.OFF) || maxLogLevel == Logger.ALL;
     }
     
     @Override
@@ -116,7 +117,7 @@ public void fatal(EventType type, String message, Throwable throwable) {
     
     @Override
     public int getESAPILevel() {
-        return esapiLogLevel;
+        return maxLogLevel;
     }
     
     @Override
@@ -150,7 +151,7 @@ public boolean isFatalEnabled() {
 
     @Override
     public void setLevel(int level) {
-       esapiLogLevel = level;
+       maxLogLevel = level;
     }
     
 }
diff --git a/src/test/java/org/owasp/esapi/logging/cleaning/CodecLogScrubberTest.java b/src/test/java/org/owasp/esapi/logging/cleaning/CodecLogScrubberTest.java
new file mode 100644
index 000000000..4f0eb3757
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/logging/cleaning/CodecLogScrubberTest.java
@@ -0,0 +1,24 @@
+package org.owasp.esapi.logging.cleaning;
+
+import org.junit.Test;
+import org.mockito.Matchers;
+import org.mockito.Mockito;
+import org.owasp.esapi.codecs.Codec;
+
+public class CodecLogScrubberTest {
+
+    @Test
+    public void testCleanMessage() {
+        char[] immune = new char[] {'a','b','c'};
+        String message = "cleanThis";
+        Codec<String> mockCodec = Mockito.mock(Codec.class);
+        
+        CodecLogScrubber scrubber = new CodecLogScrubber(mockCodec, immune);
+        
+        scrubber.cleanMessage(message);
+        
+        Mockito.verify(mockCodec, Mockito.times(1)).encode(Matchers.same(immune), Matchers.matches(message));
+        Mockito.verifyNoMoreInteractions(mockCodec);
+        
+    }
+}
diff --git a/src/test/java/org/owasp/esapi/logging/cleaning/CompositeLogScrubberTest.java b/src/test/java/org/owasp/esapi/logging/cleaning/CompositeLogScrubberTest.java
new file mode 100644
index 000000000..44eb515b1
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/logging/cleaning/CompositeLogScrubberTest.java
@@ -0,0 +1,41 @@
+package org.owasp.esapi.logging.cleaning;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+
+import org.junit.Assert;
+import org.junit.Test;
+import org.mockito.Mockito;
+
+
+public class CompositeLogScrubberTest {
+    
+    @Test
+    public void testPassthroughOnEmpty() {
+        String str = "Testing Content";
+        String cleaned = new CompositeLogScrubber(new ArrayList<LogScrubber>()).cleanMessage(str);
+        Assert.assertEquals(str, cleaned);
+    }
+    
+    @Test
+    public void testListIteration() {
+        LogScrubber scrub1 = Mockito.mock(LogScrubber.class);
+        LogScrubber scrub2 = Mockito.mock(LogScrubber.class);
+        CompositeLogScrubber scrubber = new CompositeLogScrubber(Arrays.asList(scrub1, scrub2));
+        
+        String msg1 = "start";
+        String msg2 = "scrub1 return";
+        String msg3 = "scrub2 return";
+        
+        Mockito.when(scrub1.cleanMessage(msg1)).thenReturn(msg2);
+        Mockito.when(scrub2.cleanMessage(msg2)).thenReturn(msg3);
+        
+        String cleaned = scrubber.cleanMessage(msg1);
+        
+        Mockito.verify(scrub1, Mockito.times(1)).cleanMessage(msg1);
+        Mockito.verify(scrub2, Mockito.times(1)).cleanMessage(msg2);
+        
+        Assert.assertEquals(msg3, cleaned);
+    }
+
+}
diff --git a/src/test/java/org/owasp/esapi/logging/cleaning/NewlineLogScrubberTest.java b/src/test/java/org/owasp/esapi/logging/cleaning/NewlineLogScrubberTest.java
new file mode 100644
index 000000000..01cc08410
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/logging/cleaning/NewlineLogScrubberTest.java
@@ -0,0 +1,28 @@
+package org.owasp.esapi.logging.cleaning;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+
+public class NewlineLogScrubberTest {
+
+    private NewlineLogScrubber scrubber = new NewlineLogScrubber();
+    
+    @Test
+    public void testReplaceR() {
+        String cleanedr = scrubber.cleanMessage("\r");
+        Assert.assertEquals("_", cleanedr);    
+    }
+    @Test
+    public void testReplaceN() {
+        String cleanedc = scrubber.cleanMessage("\n");
+        Assert.assertEquals("_", cleanedc);
+    }
+    
+    @Test
+    public void testNoReplacement() {
+        String cleanedc = scrubber.cleanMessage("This content should remain unchanged");
+        Assert.assertEquals("This content should remain unchanged", cleanedc);
+    }
+    
+}
diff --git a/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridgeImplTest.java b/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridgeImplTest.java
new file mode 100644
index 000000000..0c6c25c3e
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridgeImplTest.java
@@ -0,0 +1,120 @@
+package org.owasp.esapi.logging.slf4j;
+
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.ExpectedException;
+import org.junit.rules.TestName;
+import org.mockito.ArgumentCaptor;
+import org.mockito.Matchers;
+import org.mockito.Mockito;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.logging.cleaning.LogScrubber;
+import org.slf4j.Marker;
+
+public class Slf4JLogBridgeImplTest {
+
+    @Rule
+    public TestName testName = new TestName();
+    @Rule
+    public ExpectedException exEx = ExpectedException.none();
+
+    private LogScrubber mockScrubber = Mockito.mock(LogScrubber.class);
+    private Slf4JLogHandler mockHandler = Mockito.mock(Slf4JLogHandler.class);
+    private org.slf4j.Logger mockSlf4JLogger = Mockito.mock(org.slf4j.Logger.class);
+    private Throwable testEx = new Throwable(testName.getMethodName());
+    private Slf4JLogBridge bridge;
+
+    @Before
+    public void setup() {
+        Map<Integer, Slf4JLogHandler> levelLookup = new HashMap<>();
+        levelLookup.put(Logger.ALL, mockHandler);
+
+        bridge = new Slf4JLogBridgeImpl(mockScrubber, levelLookup);
+    }
+
+    @Test
+    public void testLogMessageWithUnmappedEsapiLevelThrowsException() {
+        exEx.expect(IllegalArgumentException.class);
+        exEx.expectMessage("Unable to lookup SLF4J level mapping");
+        Map<Integer, Slf4JLogHandler> emptyMap = Collections.emptyMap();
+        new Slf4JLogBridgeImpl(mockScrubber, emptyMap).log(mockSlf4JLogger, 0, Logger.EVENT_UNSPECIFIED, "This Should fail");
+    }
+    
+    @Test
+    public void testLogMessageAndExceptionWithUnmappedEsapiLevelThrowsException() {
+        exEx.expect(IllegalArgumentException.class);
+        exEx.expectMessage("Unable to lookup SLF4J level mapping");
+        Map<Integer, Slf4JLogHandler> emptyMap = Collections.emptyMap();
+        new Slf4JLogBridgeImpl(mockScrubber, emptyMap).log(mockSlf4JLogger, 0, Logger.EVENT_UNSPECIFIED, "This Should fail", testEx);
+    }
+    
+    @Test
+    public void testLogMessage() {
+        String message = testName.getMethodName() + " Cleaned";
+
+        Mockito.when(mockHandler.isEnabled(mockSlf4JLogger)).thenReturn(true);
+        Mockito.when(mockScrubber.cleanMessage(testName.getMethodName())).thenReturn(message);
+
+        bridge.log(mockSlf4JLogger, Logger.ALL, Logger.EVENT_UNSPECIFIED, testName.getMethodName());
+
+        ArgumentCaptor<Marker> markerCapture = ArgumentCaptor.forClass(Marker.class);
+        Mockito.verify(mockScrubber, Mockito.times(1)).cleanMessage(testName.getMethodName());
+        Mockito.verify(mockHandler, Mockito.times(1)).isEnabled(mockSlf4JLogger);
+        Mockito.verify(mockHandler, Mockito.times(0)).log(Matchers.any(org.slf4j.Logger.class), Matchers.any(Marker.class), Matchers.any(String.class), Matchers.any(Throwable.class));
+        Mockito.verify(mockHandler, Mockito.times(1)).log(Matchers.same(mockSlf4JLogger), markerCapture.capture(), Matchers.matches(message));
+
+        Assert.assertEquals(Logger.EVENT_UNSPECIFIED.toString(), markerCapture.getValue().getName());
+    }
+
+    @Test
+    public void testLogErrorMessageWithException() {
+        String message = testName.getMethodName() + " Cleaned";
+
+        Mockito.when(mockHandler.isEnabled(mockSlf4JLogger)).thenReturn(true);
+        Mockito.when(mockScrubber.cleanMessage(testName.getMethodName())).thenReturn(message);
+
+        bridge.log(mockSlf4JLogger, Logger.ALL, Logger.EVENT_UNSPECIFIED, testName.getMethodName(), testEx);
+
+        ArgumentCaptor<Marker> markerCapture = ArgumentCaptor.forClass(Marker.class);
+        Mockito.verify(mockScrubber, Mockito.times(1)).cleanMessage(testName.getMethodName());
+        Mockito.verify(mockHandler, Mockito.times(1)).isEnabled(mockSlf4JLogger);
+        Mockito.verify(mockHandler, Mockito.times(0)).log(Matchers.any(org.slf4j.Logger.class), Matchers.any(Marker.class), Matchers.any(String.class));
+
+        Mockito.verify(mockHandler, Mockito.times(1)).log(Matchers.same(mockSlf4JLogger), markerCapture.capture(), Matchers.matches(message), Matchers.same(testEx));
+
+        Assert.assertEquals(Logger.EVENT_UNSPECIFIED.toString(), markerCapture.getValue().getName());   
+    }
+
+
+    @Test
+    public void testDisabledLogMessage() {
+        Mockito.when(mockHandler.isEnabled(mockSlf4JLogger)).thenReturn(false);
+
+        bridge.log(mockSlf4JLogger, Logger.ALL, Logger.EVENT_UNSPECIFIED, testName.getMethodName());
+
+        Mockito.verify(mockHandler, Mockito.times(1)).isEnabled(mockSlf4JLogger);
+        Mockito.verify(mockScrubber, Mockito.times(0)).cleanMessage(Matchers.anyString());
+        Mockito.verify(mockHandler, Mockito.times(0)).log(Matchers.any(org.slf4j.Logger.class), Matchers.any(Marker.class), Matchers.any(String.class));
+        Mockito.verify(mockHandler, Mockito.times(0)).log(Matchers.any(org.slf4j.Logger.class), Matchers.any(Marker.class), Matchers.any(String.class), Matchers.any(Throwable.class));
+    }
+
+    @Test
+    public void testDisabledErrorLogWithException() {
+        Mockito.when(mockHandler.isEnabled(mockSlf4JLogger)).thenReturn(false);
+
+        bridge.log(mockSlf4JLogger, Logger.ALL, Logger.EVENT_UNSPECIFIED, testName.getMethodName(), testEx);
+
+        Mockito.verify(mockHandler, Mockito.times(1)).isEnabled(mockSlf4JLogger);
+        Mockito.verify(mockScrubber, Mockito.times(0)).cleanMessage(Matchers.anyString());
+        Mockito.verify(mockHandler, Mockito.times(0)).log(Matchers.any(org.slf4j.Logger.class), Matchers.any(Marker.class), Matchers.any(String.class));
+        Mockito.verify(mockHandler, Mockito.times(0)).log(Matchers.any(org.slf4j.Logger.class), Matchers.any(Marker.class), Matchers.any(String.class), Matchers.any(Throwable.class));
+
+    }
+
+}
diff --git a/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactoryTest.java b/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactoryTest.java
new file mode 100644
index 000000000..f1f7ba63e
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactoryTest.java
@@ -0,0 +1,63 @@
+package org.owasp.esapi.logging.slf4j;
+
+import java.util.List;
+
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.ArgumentCaptor;
+import org.mockito.Mockito;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.logging.cleaning.CodecLogScrubber;
+import org.owasp.esapi.logging.cleaning.CompositeLogScrubber;
+import org.owasp.esapi.logging.cleaning.LogScrubber;
+import org.owasp.esapi.logging.cleaning.NewlineLogScrubber;
+import org.powermock.api.mockito.PowerMockito;
+import org.powermock.core.classloader.annotations.PrepareForTest;
+import org.powermock.modules.junit4.PowerMockRunner;
+import org.powermock.reflect.Whitebox;
+
+@RunWith(PowerMockRunner.class)
+@PrepareForTest (Slf4JLogFactory.class)
+public class Slf4JLogFactoryTest {
+//TODO:  Test to assert the encoder is an html encoder
+//TODO:  Assert the immunity list for special slf4j characters
+//TODO: Assert the Level mapping content
+    @Test
+    public void testCreateLoggerByString() {
+        Logger logger = new Slf4JLogFactory().getLogger("test");
+        Assert.assertTrue(logger instanceof Slf4JLogger);
+    }
+    
+    @Test public void testCreateLoggerByClass() {
+        Logger logger = new Slf4JLogFactory().getLogger(Slf4JLogBridgeImplTest.class);
+        Assert.assertTrue(logger instanceof Slf4JLogger);
+    }
+    
+    @Test
+    public void checkScrubberWithEncoding() throws Exception {
+        ArgumentCaptor<List> delegates = ArgumentCaptor.forClass(List.class);
+        PowerMockito.whenNew(CompositeLogScrubber.class).withArguments(delegates.capture()).thenReturn(null);
+        
+        //Call to invoke the constructor capture
+        Slf4JLogFactory.createLogScrubber(true);
+        
+        List<LogScrubber> scrubbers = delegates.getValue();
+        Assert.assertEquals(2, scrubbers.size());
+        Assert.assertTrue(scrubbers.get(0) instanceof NewlineLogScrubber);
+        Assert.assertTrue(scrubbers.get(1) instanceof CodecLogScrubber);
+    }
+    
+    @Test
+    public void checkScrubberWithoutEncoding() throws Exception {
+        ArgumentCaptor<List> delegates = ArgumentCaptor.forClass(List.class);
+        PowerMockito.whenNew(CompositeLogScrubber.class).withArguments(delegates.capture()).thenReturn(null);
+        
+        //Call to invoke the constructor capture
+        Slf4JLogFactory.createLogScrubber(false);
+        
+        List<LogScrubber> scrubbers = delegates.getValue();
+        Assert.assertEquals(1, scrubbers.size());
+        Assert.assertTrue(scrubbers.get(0) instanceof NewlineLogScrubber);
+    }
+}
diff --git a/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogHandlersTest.java b/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogHandlersTest.java
new file mode 100644
index 000000000..f1152bdfb
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogHandlersTest.java
@@ -0,0 +1,76 @@
+package org.owasp.esapi.logging.slf4j;
+
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.TestName;
+import org.mockito.Mockito;
+import org.slf4j.Logger;
+import org.slf4j.Marker;
+import org.slf4j.helpers.BasicMarkerFactory;
+
+public class Slf4JLogHandlersTest {
+
+    private Logger mockLogger = Mockito.mock(Logger.class);
+    @Rule
+    public TestName testName = new TestName();
+
+    private Marker marker = new BasicMarkerFactory().getMarker(Slf4JLogHandlersTest.class.getSimpleName());
+    private Throwable testException = new Throwable("Expected for testing");
+
+    @Test
+    public void testErrorDelegation() {
+        Slf4JLogHandlers.ERROR.isEnabled(mockLogger);
+        Slf4JLogHandlers.ERROR.log(mockLogger, marker, testName.getMethodName());
+        Slf4JLogHandlers.ERROR.log(mockLogger, marker, testName.getMethodName(), testException);
+
+        Mockito.verify(mockLogger, Mockito.times(1)).isErrorEnabled();
+        Mockito.verify(mockLogger, Mockito.times(1)).error(marker, testName.getMethodName());
+        Mockito.verify(mockLogger, Mockito.times(1)).error(marker, testName.getMethodName(), testException);
+        Mockito.verifyNoMoreInteractions(mockLogger);
+    }
+
+    @Test
+    public void testWarnDelegation() {
+        Slf4JLogHandlers.WARN.isEnabled(mockLogger);
+        Slf4JLogHandlers.WARN.log(mockLogger, marker, testName.getMethodName());
+        Slf4JLogHandlers.WARN.log(mockLogger, marker, testName.getMethodName(), testException);
+
+        Mockito.verify(mockLogger, Mockito.times(1)).isWarnEnabled();
+        Mockito.verify(mockLogger, Mockito.times(1)).warn(marker, testName.getMethodName());
+        Mockito.verify(mockLogger, Mockito.times(1)).warn(marker, testName.getMethodName(), testException);
+        Mockito.verifyNoMoreInteractions(mockLogger);
+    }
+    @Test
+    public void testInfoDelegation() {
+        Slf4JLogHandlers.INFO.isEnabled(mockLogger);
+        Slf4JLogHandlers.INFO.log(mockLogger, marker, testName.getMethodName());
+        Slf4JLogHandlers.INFO.log(mockLogger, marker, testName.getMethodName(), testException);
+
+        Mockito.verify(mockLogger, Mockito.times(1)).isInfoEnabled();
+        Mockito.verify(mockLogger, Mockito.times(1)).info(marker, testName.getMethodName());
+        Mockito.verify(mockLogger, Mockito.times(1)).info(marker, testName.getMethodName(), testException);
+        Mockito.verifyNoMoreInteractions(mockLogger);
+    }
+    @Test
+    public void testDebugDelegation() {
+        Slf4JLogHandlers.DEBUG.isEnabled(mockLogger);
+        Slf4JLogHandlers.DEBUG.log(mockLogger, marker, testName.getMethodName());
+        Slf4JLogHandlers.DEBUG.log(mockLogger, marker, testName.getMethodName(), testException);
+
+        Mockito.verify(mockLogger, Mockito.times(1)).isDebugEnabled();
+        Mockito.verify(mockLogger, Mockito.times(1)).debug(marker, testName.getMethodName());
+        Mockito.verify(mockLogger, Mockito.times(1)).debug(marker, testName.getMethodName(), testException);
+        Mockito.verifyNoMoreInteractions(mockLogger);
+    }
+    @Test
+    public void testTraceDelegation() {
+        Slf4JLogHandlers.TRACE.isEnabled(mockLogger);
+        Slf4JLogHandlers.TRACE.log(mockLogger, marker, testName.getMethodName());
+        Slf4JLogHandlers.TRACE.log(mockLogger, marker, testName.getMethodName(), testException);
+
+        Mockito.verify(mockLogger, Mockito.times(1)).isTraceEnabled();
+        Mockito.verify(mockLogger, Mockito.times(1)).trace(marker, testName.getMethodName());
+        Mockito.verify(mockLogger, Mockito.times(1)).trace(marker, testName.getMethodName(), testException);
+        Mockito.verifyNoMoreInteractions(mockLogger);
+    }
+}
diff --git a/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLoggerTest.java b/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLoggerTest.java
new file mode 100644
index 000000000..a16c6abb5
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLoggerTest.java
@@ -0,0 +1,270 @@
+package org.owasp.esapi.logging.slf4j;
+
+import org.junit.Assert;
+import org.junit.Test;
+import org.mockito.Mockito;
+import org.owasp.esapi.Logger;
+
+public class Slf4JLoggerTest {
+    
+    private static final String MSG = Slf4JLoggerTest.class.getSimpleName();
+    
+    private Slf4JLogBridge mockBridge = Mockito.mock(Slf4JLogBridge.class);
+    private org.slf4j.Logger mockLogDelegate = Mockito.mock(org.slf4j.Logger.class);
+    
+    private Throwable testEx = new Throwable(MSG + "_Exception");
+    private Logger testLogger = new Slf4JLogger(mockLogDelegate, mockBridge, Logger.ALL);
+
+    @Test
+    public void testLevelEnablement() {
+        testLogger.setLevel(Logger.INFO);
+        
+        Assert.assertFalse(testLogger.isFatalEnabled());
+        Assert.assertFalse(testLogger.isErrorEnabled());
+        Assert.assertFalse(testLogger.isWarningEnabled());
+        Assert.assertTrue(testLogger.isInfoEnabled());
+        Assert.assertTrue(testLogger.isDebugEnabled());
+        Assert.assertTrue(testLogger.isTraceEnabled());
+        
+        Assert.assertEquals(Logger.INFO, testLogger.getESAPILevel());
+    }
+    
+    @Test
+    public void testAllLevelEnablement() {
+        testLogger.setLevel(Logger.ALL);
+        
+        Assert.assertTrue(testLogger.isFatalEnabled());
+        Assert.assertTrue(testLogger.isErrorEnabled());
+        Assert.assertTrue(testLogger.isWarningEnabled());
+        Assert.assertTrue(testLogger.isInfoEnabled());
+        Assert.assertTrue(testLogger.isDebugEnabled());
+        Assert.assertTrue(testLogger.isTraceEnabled());
+    }
+
+    @Test
+    public void testOffLevelEnablement() {
+        testLogger.setLevel(Logger.OFF);
+        
+        Assert.assertFalse(testLogger.isFatalEnabled());
+        Assert.assertFalse(testLogger.isErrorEnabled());
+        Assert.assertFalse(testLogger.isWarningEnabled());
+        Assert.assertFalse(testLogger.isInfoEnabled());
+        Assert.assertFalse(testLogger.isDebugEnabled());
+        Assert.assertFalse(testLogger.isTraceEnabled());
+    }
+    @Test
+    public void testFatalWithMessage() {
+        testLogger.fatal(Logger.EVENT_UNSPECIFIED, MSG);
+        
+        Mockito.verify(mockBridge, Mockito.times(1)).log(mockLogDelegate, Logger.FATAL, Logger.EVENT_UNSPECIFIED, MSG);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    @Test
+    public void testFatalWithMessageAndThrowable() {
+        testLogger.fatal(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        
+        Mockito.verify(mockBridge, Mockito.times(1)).log(mockLogDelegate, Logger.FATAL, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    
+    @Test
+    public void testFatalWithMessageDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.fatal(Logger.EVENT_UNSPECIFIED, MSG);
+        
+        Mockito.verify(mockBridge, Mockito.times(0)).log(mockLogDelegate, Logger.FATAL, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    @Test
+    public void testFatalWithMessageAndThrowableDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.fatal(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verify(mockBridge, Mockito.times(0)).log(mockLogDelegate, Logger.FATAL, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    
+    @Test
+    public void testErrorWithMessage() {
+        testLogger.error(Logger.EVENT_UNSPECIFIED, MSG);
+        
+        Mockito.verify(mockBridge, Mockito.times(1)).log(mockLogDelegate, Logger.ERROR, Logger.EVENT_UNSPECIFIED, MSG);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    @Test
+    public void testErrorWithMessageAndThrowable() {
+        testLogger.error(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        
+        Mockito.verify(mockBridge, Mockito.times(1)).log(mockLogDelegate, Logger.ERROR, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    
+    @Test
+    public void testErrorWithMessageDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.error(Logger.EVENT_UNSPECIFIED, MSG);
+        
+        Mockito.verify(mockBridge, Mockito.times(0)).log(mockLogDelegate, Logger.ERROR, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    @Test
+    public void testErrorWithMessageAndThrowableDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.error(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verify(mockBridge, Mockito.times(0)).log(mockLogDelegate, Logger.ERROR, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    
+    @Test
+    public void testWarnWithMessage() {
+        testLogger.warning(Logger.EVENT_UNSPECIFIED, MSG);
+        
+        Mockito.verify(mockBridge, Mockito.times(1)).log(mockLogDelegate, Logger.WARNING, Logger.EVENT_UNSPECIFIED, MSG);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    @Test
+    public void testWarnWithMessageAndThrowable() {
+        testLogger.warning(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        
+        Mockito.verify(mockBridge, Mockito.times(1)).log(mockLogDelegate, Logger.WARNING, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    
+    @Test
+    public void testWarnWithMessageDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.warning(Logger.EVENT_UNSPECIFIED, MSG);
+        
+        Mockito.verify(mockBridge, Mockito.times(0)).log(mockLogDelegate, Logger.WARNING, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    @Test
+    public void testWarnWithMessageAndThrowableDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.warning(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verify(mockBridge, Mockito.times(0)).log(mockLogDelegate, Logger.WARNING, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    
+    @Test
+    public void testInfoWithMessage() {
+        testLogger.info(Logger.EVENT_UNSPECIFIED, MSG);
+        
+        Mockito.verify(mockBridge, Mockito.times(1)).log(mockLogDelegate, Logger.INFO, Logger.EVENT_UNSPECIFIED, MSG);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    @Test
+    public void testInfoWithMessageAndThrowable() {
+        testLogger.info(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        
+        Mockito.verify(mockBridge, Mockito.times(1)).log(mockLogDelegate, Logger.INFO, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    
+    @Test
+    public void testInfoWithMessageDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.info(Logger.EVENT_UNSPECIFIED, MSG);
+        
+        Mockito.verify(mockBridge, Mockito.times(0)).log(mockLogDelegate, Logger.INFO, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    @Test
+    public void testInfoWithMessageAndThrowableDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.info(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verify(mockBridge, Mockito.times(0)).log(mockLogDelegate, Logger.INFO, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    @Test
+    public void testDebugWithMessage() {
+        testLogger.debug(Logger.EVENT_UNSPECIFIED, MSG);
+        
+        Mockito.verify(mockBridge, Mockito.times(1)).log(mockLogDelegate, Logger.DEBUG, Logger.EVENT_UNSPECIFIED, MSG);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    @Test
+    public void testDebugWithMessageAndThrowable() {
+        testLogger.debug(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        
+        Mockito.verify(mockBridge, Mockito.times(1)).log(mockLogDelegate, Logger.DEBUG, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    
+    @Test
+    public void testDebugWithMessageDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.debug(Logger.EVENT_UNSPECIFIED, MSG);
+        
+        Mockito.verify(mockBridge, Mockito.times(0)).log(mockLogDelegate, Logger.DEBUG, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    @Test
+    public void testDebugWithMessageAndThrowableDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.debug(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verify(mockBridge, Mockito.times(0)).log(mockLogDelegate, Logger.DEBUG, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    
+    @Test
+    public void testTraceWithMessage() {
+        testLogger.trace(Logger.EVENT_UNSPECIFIED, MSG);
+        
+        Mockito.verify(mockBridge, Mockito.times(1)).log(mockLogDelegate, Logger.TRACE, Logger.EVENT_UNSPECIFIED, MSG);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    @Test
+    public void testTraceWithMessageAndThrowable() {
+        testLogger.trace(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        
+        Mockito.verify(mockBridge, Mockito.times(1)).log(mockLogDelegate, Logger.TRACE, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    
+    @Test
+    public void testTraceWithMessageDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.trace(Logger.EVENT_UNSPECIFIED, MSG);
+        
+        Mockito.verify(mockBridge, Mockito.times(0)).log(mockLogDelegate, Logger.TRACE, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    @Test
+    public void testTraceWithMessageAndThrowableDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.trace(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verify(mockBridge, Mockito.times(0)).log(mockLogDelegate, Logger.TRACE, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    
+    @Test
+    public void testAlwaysWithMessage() {
+        testLogger.always(Logger.EVENT_UNSPECIFIED, MSG);
+        
+        Mockito.verify(mockBridge, Mockito.times(1)).log(mockLogDelegate, Logger.ALL, Logger.EVENT_UNSPECIFIED, MSG);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    @Test
+    public void testAlwaysWithMessageAndThrowable() {
+        testLogger.always(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        
+        Mockito.verify(mockBridge, Mockito.times(1)).log(mockLogDelegate, Logger.ALL, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    
+    @Test
+    public void testAlwaysWithMessageDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.always(Logger.EVENT_UNSPECIFIED, MSG);
+        
+        Mockito.verify(mockBridge, Mockito.times(0)).log(mockLogDelegate, Logger.ALL, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    @Test
+    public void testAlwaysWithMessageAndThrowableDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.always(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verify(mockBridge, Mockito.times(0)).log(mockLogDelegate, Logger.ALL, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+}

From 13e7a800efae4218ff3191421d3c63c414561ee1 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sat, 4 Aug 2018 20:59:13 -0500
Subject: [PATCH 499/812] Slf4j License Update

Adding license to new files.
---
 .../logging/cleaning/CodecLogScrubberTest.java    | 14 ++++++++++++++
 .../cleaning/CompositeLogScrubberTest.java        | 14 ++++++++++++++
 .../logging/cleaning/NewlineLogScrubberTest.java  | 14 ++++++++++++++
 .../logging/slf4j/Slf4JLogBridgeImplTest.java     | 14 ++++++++++++++
 .../esapi/logging/slf4j/Slf4JLogFactoryTest.java  | 14 ++++++++++++++
 .../esapi/logging/slf4j/Slf4JLogHandlersTest.java | 14 ++++++++++++++
 .../esapi/logging/slf4j/Slf4JLoggerTest.java      | 15 +++++++++++++++
 7 files changed, 99 insertions(+)

diff --git a/src/test/java/org/owasp/esapi/logging/cleaning/CodecLogScrubberTest.java b/src/test/java/org/owasp/esapi/logging/cleaning/CodecLogScrubberTest.java
index 4f0eb3757..76b668535 100644
--- a/src/test/java/org/owasp/esapi/logging/cleaning/CodecLogScrubberTest.java
+++ b/src/test/java/org/owasp/esapi/logging/cleaning/CodecLogScrubberTest.java
@@ -1,3 +1,17 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @created 2018
+ */
 package org.owasp.esapi.logging.cleaning;
 
 import org.junit.Test;
diff --git a/src/test/java/org/owasp/esapi/logging/cleaning/CompositeLogScrubberTest.java b/src/test/java/org/owasp/esapi/logging/cleaning/CompositeLogScrubberTest.java
index 44eb515b1..8c0aa9bde 100644
--- a/src/test/java/org/owasp/esapi/logging/cleaning/CompositeLogScrubberTest.java
+++ b/src/test/java/org/owasp/esapi/logging/cleaning/CompositeLogScrubberTest.java
@@ -1,3 +1,17 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @created 2018
+ */
 package org.owasp.esapi.logging.cleaning;
 
 import java.util.ArrayList;
diff --git a/src/test/java/org/owasp/esapi/logging/cleaning/NewlineLogScrubberTest.java b/src/test/java/org/owasp/esapi/logging/cleaning/NewlineLogScrubberTest.java
index 01cc08410..c50c6247d 100644
--- a/src/test/java/org/owasp/esapi/logging/cleaning/NewlineLogScrubberTest.java
+++ b/src/test/java/org/owasp/esapi/logging/cleaning/NewlineLogScrubberTest.java
@@ -1,3 +1,17 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @created 2018
+ */
 package org.owasp.esapi.logging.cleaning;
 
 import org.junit.Assert;
diff --git a/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridgeImplTest.java b/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridgeImplTest.java
index 0c6c25c3e..e59ad1740 100644
--- a/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridgeImplTest.java
+++ b/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridgeImplTest.java
@@ -1,3 +1,17 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @created 2018
+ */
 package org.owasp.esapi.logging.slf4j;
 
 import java.util.Collections;
diff --git a/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactoryTest.java b/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactoryTest.java
index f1f7ba63e..3018b5699 100644
--- a/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactoryTest.java
+++ b/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactoryTest.java
@@ -1,3 +1,17 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @created 2018
+ */
 package org.owasp.esapi.logging.slf4j;
 
 import java.util.List;
diff --git a/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogHandlersTest.java b/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogHandlersTest.java
index f1152bdfb..bf911ddca 100644
--- a/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogHandlersTest.java
+++ b/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogHandlersTest.java
@@ -1,3 +1,17 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @created 2018
+ */
 package org.owasp.esapi.logging.slf4j;
 
 import org.junit.Rule;
diff --git a/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLoggerTest.java b/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLoggerTest.java
index a16c6abb5..e2d7a5a2f 100644
--- a/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLoggerTest.java
+++ b/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLoggerTest.java
@@ -1,3 +1,18 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @created 2018
+ */
+
 package org.owasp.esapi.logging.slf4j;
 
 import org.junit.Assert;

From 0dda8ded7d89e0dd077f0d7ca47010db3fe5679a Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Mon, 6 Aug 2018 04:47:14 -0500
Subject: [PATCH 500/812] SLF4J New File Licenses

Adding license content to new files.
---
 .../logging/cleaning/CompositeLogScrubber.java     | 14 ++++++++++++++
 .../esapi/logging/cleaning/NewlineLogScrubber.java | 14 ++++++++++++++
 .../owasp/esapi/logging/slf4j/Slf4JLogBridge.java  | 14 ++++++++++++++
 .../owasp/esapi/logging/slf4j/Slf4JLogHandler.java | 14 ++++++++++++++
 4 files changed, 56 insertions(+)

diff --git a/src/main/java/org/owasp/esapi/logging/cleaning/CompositeLogScrubber.java b/src/main/java/org/owasp/esapi/logging/cleaning/CompositeLogScrubber.java
index b8ef15504..618af666c 100644
--- a/src/main/java/org/owasp/esapi/logging/cleaning/CompositeLogScrubber.java
+++ b/src/main/java/org/owasp/esapi/logging/cleaning/CompositeLogScrubber.java
@@ -1,3 +1,17 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @created 2018
+ */
 package org.owasp.esapi.logging.cleaning;
 
 import java.util.ArrayList;
diff --git a/src/main/java/org/owasp/esapi/logging/cleaning/NewlineLogScrubber.java b/src/main/java/org/owasp/esapi/logging/cleaning/NewlineLogScrubber.java
index 2cfeb236e..7ded513bd 100644
--- a/src/main/java/org/owasp/esapi/logging/cleaning/NewlineLogScrubber.java
+++ b/src/main/java/org/owasp/esapi/logging/cleaning/NewlineLogScrubber.java
@@ -1,3 +1,17 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @created 2018
+ */
 package org.owasp.esapi.logging.cleaning;
 
 public class NewlineLogScrubber  implements LogScrubber {
diff --git a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridge.java b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridge.java
index 672d46738..2bb866fa9 100644
--- a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridge.java
+++ b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridge.java
@@ -1,3 +1,17 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @created 2018
+ */
 package org.owasp.esapi.logging.slf4j;
 
 import org.owasp.esapi.Logger.EventType;
diff --git a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogHandler.java b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogHandler.java
index 3607b34e8..16ddd112c 100644
--- a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogHandler.java
+++ b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogHandler.java
@@ -1,3 +1,17 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @created 2018
+ */
 package org.owasp.esapi.logging.slf4j;
 
 import org.slf4j.Logger;

From 60d235088e28e865e0a0a56555739198876ae310 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Mon, 6 Aug 2018 05:15:37 -0500
Subject: [PATCH 501/812] SLF4J Cleanup

CodecLogScrubber ctr arg guards & tests.  Added docs.
---
 .../logging/cleaning/CodecLogScrubber.java    | 16 ++++++++-
 .../cleaning/CodecLogScrubberTest.java        | 36 ++++++++++++++++++-
 2 files changed, 50 insertions(+), 2 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/logging/cleaning/CodecLogScrubber.java b/src/main/java/org/owasp/esapi/logging/cleaning/CodecLogScrubber.java
index 83abf6ef6..957d2092b 100644
--- a/src/main/java/org/owasp/esapi/logging/cleaning/CodecLogScrubber.java
+++ b/src/main/java/org/owasp/esapi/logging/cleaning/CodecLogScrubber.java
@@ -16,13 +16,27 @@
 
 import org.owasp.esapi.codecs.Codec;
 
+/**
+ * Implementation of a LogScrubber which passes strings through a delegate codec with specific character immunity sets.
+ *
+ */
 public class CodecLogScrubber implements LogScrubber {
+    /** Codec implementation used to scrub messages.*/
     private final Codec<?> customizedMessageCodec;
+    /** Set of characters which will not be altered by the codec for this scrubber.*/
     private final char[] immuneMessageChars;
     
+    /**
+     * Ctr.
+     * @param messageCodec Delegate codec.  Cannot be {@code null}
+     * @param immuneChars Immune character set.
+     */
     public  CodecLogScrubber (Codec<?> messageCodec, char[] immuneChars) {
+        if (messageCodec == null) {
+            throw new IllegalArgumentException("Codec reference cannot be null");
+        }
         this.customizedMessageCodec = messageCodec;
-        this.immuneMessageChars = immuneChars;
+        this.immuneMessageChars = immuneChars == null ? new char[0] : immuneChars;
     }
     
     @Override
diff --git a/src/test/java/org/owasp/esapi/logging/cleaning/CodecLogScrubberTest.java b/src/test/java/org/owasp/esapi/logging/cleaning/CodecLogScrubberTest.java
index 76b668535..dc874b49a 100644
--- a/src/test/java/org/owasp/esapi/logging/cleaning/CodecLogScrubberTest.java
+++ b/src/test/java/org/owasp/esapi/logging/cleaning/CodecLogScrubberTest.java
@@ -14,13 +14,45 @@
  */
 package org.owasp.esapi.logging.cleaning;
 
+import org.junit.Assert;
+import org.junit.Rule;
 import org.junit.Test;
+import org.junit.rules.ExpectedException;
+import org.mockito.ArgumentCaptor;
 import org.mockito.Matchers;
 import org.mockito.Mockito;
 import org.owasp.esapi.codecs.Codec;
 
-public class CodecLogScrubberTest {
 
+public class CodecLogScrubberTest {
+    @Rule
+    public ExpectedException exEx = ExpectedException.none();
+    
+    @Test
+    public void testNullCodecThrowsException() {
+        exEx.expect(IllegalArgumentException.class);
+        exEx.expectMessage("cannot be null");
+       
+        new CodecLogScrubber(null, new char[0]);
+    }
+    
+    @Test
+    public void testNullImmuneIsEmpty() {
+        String message = "cleanThis";
+        Codec<String> mockCodec = Mockito.mock(Codec.class);
+        
+        CodecLogScrubber scrubber = new CodecLogScrubber(mockCodec, null);
+        
+        ArgumentCaptor<char[]> immuneCapture = ArgumentCaptor.forClass(char[].class);
+        
+        scrubber.cleanMessage(message);
+        
+        Mockito.verify(mockCodec, Mockito.times(1)).encode(immuneCapture.capture(), Matchers.matches(message));
+        Mockito.verifyNoMoreInteractions(mockCodec);
+        
+        Assert.assertEquals(0, immuneCapture.getValue().length);
+    }
+    
     @Test
     public void testCleanMessage() {
         char[] immune = new char[] {'a','b','c'};
@@ -35,4 +67,6 @@ public void testCleanMessage() {
         Mockito.verifyNoMoreInteractions(mockCodec);
         
     }
+    
+    
 }

From 930400a6739642114ec0cbe76436aa8aa3ccc8f0 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Mon, 6 Aug 2018 05:26:34 -0500
Subject: [PATCH 502/812] SLF4J Cleanup

CompositeLogScrubber ctr arg guards & test.  Added documentation.
---
 .../logging/cleaning/CompositeLogScrubber.java  | 17 ++++++++++++++++-
 .../cleaning/CompositeLogScrubberTest.java      | 14 ++++++++++++++
 2 files changed, 30 insertions(+), 1 deletion(-)

diff --git a/src/main/java/org/owasp/esapi/logging/cleaning/CompositeLogScrubber.java b/src/main/java/org/owasp/esapi/logging/cleaning/CompositeLogScrubber.java
index 618af666c..e919dd49b 100644
--- a/src/main/java/org/owasp/esapi/logging/cleaning/CompositeLogScrubber.java
+++ b/src/main/java/org/owasp/esapi/logging/cleaning/CompositeLogScrubber.java
@@ -17,11 +17,26 @@
 import java.util.ArrayList;
 import java.util.List;
 
+/**
+ * LogScrubber implementation which performs iterative delegate to an ordered
+ * List of LogScrubbers. <br>
+ * The results of the delegate list of LogScrubbers is additive, meaning that
+ * the the original message is passed to the first delegate and its return value
+ * is passed to the second (etc). <br>
+ *
+ */
 public class CompositeLogScrubber  implements LogScrubber {
-
+    /** Delegate scrubbers.*/
     private final List<LogScrubber> messageCleaners;
     
+    /**
+     * Ctr.
+     * @param orderedCleaner Ordered List of delegate implementations.  Cannot be {@code null}
+     */
     public CompositeLogScrubber(List<LogScrubber> orderedCleaner) {
+        if (orderedCleaner == null) {
+            throw new IllegalArgumentException ("Delegate LogScrubber List cannot be null");
+        }
         this.messageCleaners = new ArrayList<>(orderedCleaner);
     }
     
diff --git a/src/test/java/org/owasp/esapi/logging/cleaning/CompositeLogScrubberTest.java b/src/test/java/org/owasp/esapi/logging/cleaning/CompositeLogScrubberTest.java
index 8c0aa9bde..9dfc14491 100644
--- a/src/test/java/org/owasp/esapi/logging/cleaning/CompositeLogScrubberTest.java
+++ b/src/test/java/org/owasp/esapi/logging/cleaning/CompositeLogScrubberTest.java
@@ -18,12 +18,26 @@
 import java.util.Arrays;
 
 import org.junit.Assert;
+import org.junit.Rule;
 import org.junit.Test;
+import org.junit.rules.ExpectedException;
 import org.mockito.Mockito;
 
 
 public class CompositeLogScrubberTest {
     
+    @Rule
+    public ExpectedException exEx = ExpectedException.none();
+    
+    @Test
+    public void testNullListThrowsException() {
+        exEx.expect(IllegalArgumentException.class);
+        exEx.expectMessage("cannot be null");
+        
+        new CompositeLogScrubber(null);
+    }
+    
+    
     @Test
     public void testPassthroughOnEmpty() {
         String str = "Testing Content";

From 8f06148cc67d5d5207fce056eeaf9cee9f08c40f Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Mon, 6 Aug 2018 05:38:12 -0500
Subject: [PATCH 503/812] SLF4J Cleanup

Adding documentation to LogScrubber and NewlineLogScrubber.
---
 .../org/owasp/esapi/logging/cleaning/LogScrubber.java    | 7 +++++--
 .../owasp/esapi/logging/cleaning/NewlineLogScrubber.java | 9 +++++++--
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/logging/cleaning/LogScrubber.java b/src/main/java/org/owasp/esapi/logging/cleaning/LogScrubber.java
index 17efe6340..ee492724c 100644
--- a/src/main/java/org/owasp/esapi/logging/cleaning/LogScrubber.java
+++ b/src/main/java/org/owasp/esapi/logging/cleaning/LogScrubber.java
@@ -15,11 +15,14 @@
 
 package org.owasp.esapi.logging.cleaning;
 
+/**
+ *  Contract interface for cleaning log message output.
+ *
+ */
 public interface LogScrubber {
 
     /**
-     * Removes newline characters from the provided String then encodes it for HTML before returning the 'clean' version
-     * to the caller.
+     * Updates the given message to account for restrictions for this implementation and returns the result.
      * 
      * @param message
      *            Original message to clean.
diff --git a/src/main/java/org/owasp/esapi/logging/cleaning/NewlineLogScrubber.java b/src/main/java/org/owasp/esapi/logging/cleaning/NewlineLogScrubber.java
index 7ded513bd..f512ffaff 100644
--- a/src/main/java/org/owasp/esapi/logging/cleaning/NewlineLogScrubber.java
+++ b/src/main/java/org/owasp/esapi/logging/cleaning/NewlineLogScrubber.java
@@ -13,11 +13,16 @@
  * @created 2018
  */
 package org.owasp.esapi.logging.cleaning;
-
+/**
+ * LogScrubber implementation which replaces newline and carriage return values.
+ *
+ */
 public class NewlineLogScrubber  implements LogScrubber {
-    /* NewLine and Carriage Return Replacement values.*/
+    /** Newline */
     private static final char NEWLINE = '\n';
+    /** Carriage Return.*/
     private static final char CARRIAGE_RETURN = '\r';
+    /** Default Replacement value.*/
     private static final char LINE_WRAP_REPLACE = '_';
     
     @Override

From 80e983f456b636824208ad64f191727ebeefe2b8 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Mon, 6 Aug 2018 05:45:04 -0500
Subject: [PATCH 504/812] SLF4J Cleanup

Source Formatting, organizing and consolidating imports.
---
 .../logging/cleaning/CodecLogScrubber.java    | 26 ++++++++-----
 .../cleaning/CompositeLogScrubber.java        | 20 +++++-----
 .../esapi/logging/cleaning/LogScrubber.java   |  6 +--
 .../logging/cleaning/NewlineLogScrubber.java  | 11 +++---
 .../cleaning/CodecLogScrubberTest.java        | 38 +++++++++----------
 .../cleaning/CompositeLogScrubberTest.java    | 29 +++++++-------
 .../cleaning/NewlineLogScrubberTest.java      | 16 ++++----
 7 files changed, 77 insertions(+), 69 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/logging/cleaning/CodecLogScrubber.java b/src/main/java/org/owasp/esapi/logging/cleaning/CodecLogScrubber.java
index 957d2092b..257ba140a 100644
--- a/src/main/java/org/owasp/esapi/logging/cleaning/CodecLogScrubber.java
+++ b/src/main/java/org/owasp/esapi/logging/cleaning/CodecLogScrubber.java
@@ -17,30 +17,36 @@
 import org.owasp.esapi.codecs.Codec;
 
 /**
- * Implementation of a LogScrubber which passes strings through a delegate codec with specific character immunity sets.
+ * Implementation of a LogScrubber which passes strings through a delegate codec
+ * with specific character immunity sets.
  *
  */
 public class CodecLogScrubber implements LogScrubber {
-    /** Codec implementation used to scrub messages.*/
+    /** Codec implementation used to scrub messages. */
     private final Codec<?> customizedMessageCodec;
-    /** Set of characters which will not be altered by the codec for this scrubber.*/
+    /**
+     * Set of characters which will not be altered by the codec for this scrubber.
+     */
     private final char[] immuneMessageChars;
-    
+
     /**
      * Ctr.
-     * @param messageCodec Delegate codec.  Cannot be {@code null}
-     * @param immuneChars Immune character set.
+     * 
+     * @param messageCodec
+     *            Delegate codec. Cannot be {@code null}
+     * @param immuneChars
+     *            Immune character set.
      */
-    public  CodecLogScrubber (Codec<?> messageCodec, char[] immuneChars) {
+    public CodecLogScrubber(Codec<?> messageCodec, char[] immuneChars) {
         if (messageCodec == null) {
             throw new IllegalArgumentException("Codec reference cannot be null");
         }
         this.customizedMessageCodec = messageCodec;
         this.immuneMessageChars = immuneChars == null ? new char[0] : immuneChars;
     }
-    
+
     @Override
     public String cleanMessage(String message) {
-         return customizedMessageCodec.encode(immuneMessageChars, message);
-    }    
+        return customizedMessageCodec.encode(immuneMessageChars, message);
+    }
 }
diff --git a/src/main/java/org/owasp/esapi/logging/cleaning/CompositeLogScrubber.java b/src/main/java/org/owasp/esapi/logging/cleaning/CompositeLogScrubber.java
index e919dd49b..79ad7d4bc 100644
--- a/src/main/java/org/owasp/esapi/logging/cleaning/CompositeLogScrubber.java
+++ b/src/main/java/org/owasp/esapi/logging/cleaning/CompositeLogScrubber.java
@@ -25,29 +25,31 @@
  * is passed to the second (etc). <br>
  *
  */
-public class CompositeLogScrubber  implements LogScrubber {
-    /** Delegate scrubbers.*/
+public class CompositeLogScrubber implements LogScrubber {
+    /** Delegate scrubbers. */
     private final List<LogScrubber> messageCleaners;
-    
+
     /**
      * Ctr.
-     * @param orderedCleaner Ordered List of delegate implementations.  Cannot be {@code null}
+     * 
+     * @param orderedCleaner
+     *            Ordered List of delegate implementations. Cannot be {@code null}
      */
     public CompositeLogScrubber(List<LogScrubber> orderedCleaner) {
         if (orderedCleaner == null) {
-            throw new IllegalArgumentException ("Delegate LogScrubber List cannot be null");
+            throw new IllegalArgumentException("Delegate LogScrubber List cannot be null");
         }
         this.messageCleaners = new ArrayList<>(orderedCleaner);
     }
-    
+
     @Override
     public String cleanMessage(String message) {
         String cleaned = message;
-        
-        for(LogScrubber scrubadub : messageCleaners) {
+
+        for (LogScrubber scrubadub : messageCleaners) {
             cleaned = scrubadub.cleanMessage(cleaned);
         }
-        
+
         return cleaned;
     }
 }
diff --git a/src/main/java/org/owasp/esapi/logging/cleaning/LogScrubber.java b/src/main/java/org/owasp/esapi/logging/cleaning/LogScrubber.java
index ee492724c..4e833cdfa 100644
--- a/src/main/java/org/owasp/esapi/logging/cleaning/LogScrubber.java
+++ b/src/main/java/org/owasp/esapi/logging/cleaning/LogScrubber.java
@@ -16,13 +16,14 @@
 package org.owasp.esapi.logging.cleaning;
 
 /**
- *  Contract interface for cleaning log message output.
+ * Contract interface for cleaning log message output.
  *
  */
 public interface LogScrubber {
 
     /**
-     * Updates the given message to account for restrictions for this implementation and returns the result.
+     * Updates the given message to account for restrictions for this implementation
+     * and returns the result.
      * 
      * @param message
      *            Original message to clean.
@@ -30,5 +31,4 @@ public interface LogScrubber {
      */
     public String cleanMessage(String message);
 
-
 }
diff --git a/src/main/java/org/owasp/esapi/logging/cleaning/NewlineLogScrubber.java b/src/main/java/org/owasp/esapi/logging/cleaning/NewlineLogScrubber.java
index f512ffaff..5ba267a6a 100644
--- a/src/main/java/org/owasp/esapi/logging/cleaning/NewlineLogScrubber.java
+++ b/src/main/java/org/owasp/esapi/logging/cleaning/NewlineLogScrubber.java
@@ -13,20 +13,21 @@
  * @created 2018
  */
 package org.owasp.esapi.logging.cleaning;
+
 /**
  * LogScrubber implementation which replaces newline and carriage return values.
  *
  */
-public class NewlineLogScrubber  implements LogScrubber {
+public class NewlineLogScrubber implements LogScrubber {
     /** Newline */
     private static final char NEWLINE = '\n';
-    /** Carriage Return.*/
+    /** Carriage Return. */
     private static final char CARRIAGE_RETURN = '\r';
-    /** Default Replacement value.*/
+    /** Default Replacement value. */
     private static final char LINE_WRAP_REPLACE = '_';
-    
+
     @Override
     public String cleanMessage(String message) {
         return message.replace(NEWLINE, LINE_WRAP_REPLACE).replace(CARRIAGE_RETURN, LINE_WRAP_REPLACE);
-    } 
+    }
 }
diff --git a/src/test/java/org/owasp/esapi/logging/cleaning/CodecLogScrubberTest.java b/src/test/java/org/owasp/esapi/logging/cleaning/CodecLogScrubberTest.java
index dc874b49a..1febd85fd 100644
--- a/src/test/java/org/owasp/esapi/logging/cleaning/CodecLogScrubberTest.java
+++ b/src/test/java/org/owasp/esapi/logging/cleaning/CodecLogScrubberTest.java
@@ -14,7 +14,7 @@
  */
 package org.owasp.esapi.logging.cleaning;
 
-import org.junit.Assert;
+import static org.junit.Assert.assertEquals;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.rules.ExpectedException;
@@ -23,50 +23,50 @@
 import org.mockito.Mockito;
 import org.owasp.esapi.codecs.Codec;
 
-
 public class CodecLogScrubberTest {
     @Rule
     public ExpectedException exEx = ExpectedException.none();
-    
+
     @Test
     public void testNullCodecThrowsException() {
         exEx.expect(IllegalArgumentException.class);
         exEx.expectMessage("cannot be null");
-       
+
         new CodecLogScrubber(null, new char[0]);
     }
-    
+
     @Test
     public void testNullImmuneIsEmpty() {
         String message = "cleanThis";
+        @SuppressWarnings("unchecked")
         Codec<String> mockCodec = Mockito.mock(Codec.class);
-        
+
         CodecLogScrubber scrubber = new CodecLogScrubber(mockCodec, null);
-        
+
         ArgumentCaptor<char[]> immuneCapture = ArgumentCaptor.forClass(char[].class);
-        
+
         scrubber.cleanMessage(message);
-        
+
         Mockito.verify(mockCodec, Mockito.times(1)).encode(immuneCapture.capture(), Matchers.matches(message));
         Mockito.verifyNoMoreInteractions(mockCodec);
-        
-        Assert.assertEquals(0, immuneCapture.getValue().length);
+
+        assertEquals(0, immuneCapture.getValue().length);
     }
-    
+
     @Test
     public void testCleanMessage() {
-        char[] immune = new char[] {'a','b','c'};
+        char[] immune = new char[] { 'a', 'b', 'c' };
         String message = "cleanThis";
+        @SuppressWarnings("unchecked")
         Codec<String> mockCodec = Mockito.mock(Codec.class);
-        
+
         CodecLogScrubber scrubber = new CodecLogScrubber(mockCodec, immune);
-        
+
         scrubber.cleanMessage(message);
-        
+
         Mockito.verify(mockCodec, Mockito.times(1)).encode(Matchers.same(immune), Matchers.matches(message));
         Mockito.verifyNoMoreInteractions(mockCodec);
-        
+
     }
-    
-    
+
 }
diff --git a/src/test/java/org/owasp/esapi/logging/cleaning/CompositeLogScrubberTest.java b/src/test/java/org/owasp/esapi/logging/cleaning/CompositeLogScrubberTest.java
index 9dfc14491..bd694d2d3 100644
--- a/src/test/java/org/owasp/esapi/logging/cleaning/CompositeLogScrubberTest.java
+++ b/src/test/java/org/owasp/esapi/logging/cleaning/CompositeLogScrubberTest.java
@@ -14,56 +14,55 @@
  */
 package org.owasp.esapi.logging.cleaning;
 
+import static org.junit.Assert.assertEquals;
+
 import java.util.ArrayList;
 import java.util.Arrays;
 
-import org.junit.Assert;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.rules.ExpectedException;
 import org.mockito.Mockito;
 
-
 public class CompositeLogScrubberTest {
-    
+
     @Rule
     public ExpectedException exEx = ExpectedException.none();
-    
+
     @Test
     public void testNullListThrowsException() {
         exEx.expect(IllegalArgumentException.class);
         exEx.expectMessage("cannot be null");
-        
+
         new CompositeLogScrubber(null);
     }
-    
-    
+
     @Test
     public void testPassthroughOnEmpty() {
         String str = "Testing Content";
         String cleaned = new CompositeLogScrubber(new ArrayList<LogScrubber>()).cleanMessage(str);
-        Assert.assertEquals(str, cleaned);
+        assertEquals(str, cleaned);
     }
-    
+
     @Test
     public void testListIteration() {
         LogScrubber scrub1 = Mockito.mock(LogScrubber.class);
         LogScrubber scrub2 = Mockito.mock(LogScrubber.class);
         CompositeLogScrubber scrubber = new CompositeLogScrubber(Arrays.asList(scrub1, scrub2));
-        
+
         String msg1 = "start";
         String msg2 = "scrub1 return";
         String msg3 = "scrub2 return";
-        
+
         Mockito.when(scrub1.cleanMessage(msg1)).thenReturn(msg2);
         Mockito.when(scrub2.cleanMessage(msg2)).thenReturn(msg3);
-        
+
         String cleaned = scrubber.cleanMessage(msg1);
-        
+
         Mockito.verify(scrub1, Mockito.times(1)).cleanMessage(msg1);
         Mockito.verify(scrub2, Mockito.times(1)).cleanMessage(msg2);
-        
-        Assert.assertEquals(msg3, cleaned);
+
+        assertEquals(msg3, cleaned);
     }
 
 }
diff --git a/src/test/java/org/owasp/esapi/logging/cleaning/NewlineLogScrubberTest.java b/src/test/java/org/owasp/esapi/logging/cleaning/NewlineLogScrubberTest.java
index c50c6247d..b4c600dfc 100644
--- a/src/test/java/org/owasp/esapi/logging/cleaning/NewlineLogScrubberTest.java
+++ b/src/test/java/org/owasp/esapi/logging/cleaning/NewlineLogScrubberTest.java
@@ -14,29 +14,29 @@
  */
 package org.owasp.esapi.logging.cleaning;
 
-import org.junit.Assert;
+import static org.junit.Assert.assertEquals;
 import org.junit.Test;
 
-
 public class NewlineLogScrubberTest {
 
     private NewlineLogScrubber scrubber = new NewlineLogScrubber();
-    
+
     @Test
     public void testReplaceR() {
         String cleanedr = scrubber.cleanMessage("\r");
-        Assert.assertEquals("_", cleanedr);    
+        assertEquals("_", cleanedr);
     }
+
     @Test
     public void testReplaceN() {
         String cleanedc = scrubber.cleanMessage("\n");
-        Assert.assertEquals("_", cleanedc);
+        assertEquals("_", cleanedc);
     }
-    
+
     @Test
     public void testNoReplacement() {
         String cleanedc = scrubber.cleanMessage("This content should remain unchanged");
-        Assert.assertEquals("This content should remain unchanged", cleanedc);
+        assertEquals("This content should remain unchanged", cleanedc);
     }
-    
+
 }

From 14f4030671b7385715f3a7db024b2a0ed7afd756 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sat, 11 Aug 2018 13:55:59 -0400
Subject: [PATCH 505/812] Close #438

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 086f70917..d17277ace 100644
--- a/pom.xml
+++ b/pom.xml
@@ -152,7 +152,7 @@
         <dependency>
             <groupId>org.bouncycastle</groupId>
             <artifactId>bcprov-jdk15on</artifactId>
-            <version>1.58</version>
+            <version>1.60</version>
             <scope>test</scope>
         </dependency>
         <dependency>

From e0463ce7385b71bbdb8f39d76b7c7e5816022d45 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sat, 11 Aug 2018 13:57:32 -0400
Subject: [PATCH 506/812] Close #438

---
 .../esapi/reference/crypto/EncryptorTest.java | 26 ++++++++++++++-----
 1 file changed, 19 insertions(+), 7 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/reference/crypto/EncryptorTest.java b/src/test/java/org/owasp/esapi/reference/crypto/EncryptorTest.java
index 787464cb8..f9bce0280 100644
--- a/src/test/java/org/owasp/esapi/reference/crypto/EncryptorTest.java
+++ b/src/test/java/org/owasp/esapi/reference/crypto/EncryptorTest.java
@@ -41,6 +41,19 @@
  * @author kevin.w.wall@gmail.com
  */
 public class EncryptorTest extends TestCase {
+
+    public static boolean unlimitedStrengthJurisdictionPolicyInstalled = false;
+    static {
+        try {
+            unlimitedStrengthJurisdictionPolicyInstalled = CryptoPolicy.isUnlimitedStrengthCryptoAvailable();
+        } catch(Throwable t) {
+            ;   // Intentionally ignore (but really shouldn't happen unless Error thrown) and we don't want to bail in that case anyhow
+        } finally {
+            System.out.println("EncryptorTest: Strong crypto tests " +
+                                ( unlimitedStrengthJurisdictionPolicyInstalled ? "will not" : "will" ) +
+                                " be skipped.");
+        }
+    }
     
     /**
 	 * Instantiates a new encryptor test.
@@ -227,7 +240,7 @@ public void testNewEncryptDecrypt() {
     private String runNewEncryptDecryptTestCase(String cipherXform, int keySize, byte[] plaintextBytes) {
     	System.out.println("New encrypt / decrypt: " + cipherXform);
     	
-    	if ( keySize > 128 && !CryptoPolicy.isUnlimitedStrengthCryptoAvailable() ) {
+    	if ( keySize > 128 && !unlimitedStrengthJurisdictionPolicyInstalled ) {
     	    System.out.println("Skipping test for cipher transformation " +
     	                       cipherXform + " with key size of " + keySize +
     	                       " bits because this requires JCE Unlimited Strength" +
@@ -251,8 +264,7 @@ private String runNewEncryptDecryptTestCase(String cipherXform, int keySize, byt
 			} else if ( cipherAlg.equals( "DES" ) ) {
 				keySize = 64;
 			} // Else... use specified keySize.
-			assertTrue( (keySize / 8) == skey.getEncoded().length );
-//			System.out.println("testNewEncryptDecrypt(): Skey length (bits) = " + 8 * skey.getEncoded().length);
+            assertTrue(cipherXform + ": encoded key size shorter than requested key size",  skey.getEncoded().length >= (keySize / 8) );
 
 			// Change to a possibly different cipher. This is kludgey at best. Am thinking about an
 			// alternate way to do this using a new 'CryptoControls' class. Maybe not until release 2.1.
@@ -271,7 +283,7 @@ private String runNewEncryptDecryptTestCase(String cipherXform, int keySize, byt
 	    	// Do the encryption with the new encrypt() method and get back the CipherText.
 	    	CipherText ciphertext = instance.encrypt(skey, plaintext);	// The new encrypt() method.
 	    	System.out.println("DEBUG: Encrypt(): CipherText object is -- " + ciphertext);
-	    	assertTrue( ciphertext != null );
+	    	assertNotNull( ciphertext );
 //	    	System.out.println("DEBUG: After encryption: base64-encoded IV+ciphertext: " + ciphertext.getEncodedIVCipherText());
 //	    	System.out.println("\t\tOr... " + ESAPI.encoder().decodeFromBase64(ciphertext.getEncodedIVCipherText()) );
 //	    	System.out.println("DEBUG: After encryption: base64-encoded raw ciphertext: " + ciphertext.getBase64EncodedRawCipherText());
@@ -290,14 +302,14 @@ private String runNewEncryptDecryptTestCase(String cipherXform, int keySize, byt
 	    	// Make sure we got back the same thing we started with.
 	    	System.out.println("\tOriginal plaintext: " + origPlainText);
 	    	System.out.println("\tResult after decryption: " + decryptedPlaintext);
-			assertTrue( "Failed to decrypt properly.", origPlainText.toString().equals( decryptedPlaintext.toString() ) );
+			assertEquals( "Failed to decrypt properly.", origPlainText.toString(), decryptedPlaintext.toString() );
 	    	
 	    	// Restore the previous cipher transformation. For now, this is only way to do this.
 	    	@SuppressWarnings("deprecation")
 			String previousCipherXform = ESAPI.securityConfiguration().setCipherTransformation(null);
-	    	assertTrue( previousCipherXform.equals( cipherXform ) );
+	    	assertEquals( previousCipherXform,  cipherXform  );
 	    	String defaultCipherXform = ESAPI.securityConfiguration().getCipherTransformation();
-	    	assertTrue( defaultCipherXform.equals( oldCipherXform ) );
+	    	assertEquals( defaultCipherXform, oldCipherXform );
 	    	
 	    	return ciphertext.getEncodedIVCipherText();
 		} catch (Exception e) {

From 1b291d4dc68a00c74aa748ce6de344135e80248a Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 12 Aug 2018 17:28:55 -0400
Subject: [PATCH 507/812] Close #439 by racheting down default allowed file
 suffixes used with file upload.

---
 configuration/esapi/ESAPI.properties          |  2 +-
 .../DefaultSecurityConfiguration.java         |  2 +-
 .../owasp/esapi/reference/ValidatorTest.java  | 20 +++++++++----------
 ...ESAPI-CommaValidatorFileChecker.properties |  4 ++--
 .../ESAPI-DualValidatorFileChecker.properties |  4 ++--
 ...SAPI-QuotedValidatorFileChecker.properties |  4 ++--
 ...SAPI-SingleValidatorFileChecker.properties |  4 ++--
 src/test/resources/esapi/ESAPI.properties     |  2 +-
 8 files changed, 21 insertions(+), 21 deletions(-)

diff --git a/configuration/esapi/ESAPI.properties b/configuration/esapi/ESAPI.properties
index 6a7ef055c..bb10c6a95 100644
--- a/configuration/esapi/ESAPI.properties
+++ b/configuration/esapi/ESAPI.properties
@@ -344,7 +344,7 @@ HttpUtilities.httpQueryParamNameLength=100
 #Maximum length for an http query parameter -- old default was 2000, but that's the max length for a URL...
 HttpUtilities.httpQueryParamValueLength=500
 # File upload configuration
-HttpUtilities.ApprovedUploadExtensions=.zip,.pdf,.doc,.docx,.ppt,.pptx,.tar,.gz,.tgz,.rar,.war,.jar,.ear,.xls,.rtf,.properties,.java,.class,.txt,.xml,.jsp,.jsf,.exe,.dll
+HttpUtilities.ApprovedUploadExtensions=.pdf,.doc,.docx,.ppt,.pptx,.xls,.xlsx,.rtf,.txt,.jpg,.png
 HttpUtilities.MaxUploadFileBytes=500000000
 # Using UTF-8 throughout your stack is highly recommended. That includes your database driver,
 # container, and any other technologies you may be using. Failure to do this may expose you
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
index db8e7f79c..403fd4922 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
@@ -407,7 +407,7 @@ public List<String> getAllowedExecutables() {
 	 * {@inheritDoc}
 	 */
 	public List<String> getAllowedFileExtensions() {
-    	String def = ".zip,.pdf,.tar,.gz,.xls,.properties,.txt,.xml";
+        String def = ".pdf,.txt,.jpg,.png";
         String[] extList = getESAPIProperty(APPROVED_UPLOAD_EXTENSIONS,def).split(",");
         return Arrays.asList(extList);
     }
diff --git a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
index 6222ebeb2..c25052b9d 100644
--- a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
+++ b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
@@ -228,7 +228,7 @@ public void testGetValidFileName() throws Exception {
         System.out.println("getValidFileName");
         Validator instance = ESAPI.validator();
         ValidationErrorList errors = new ValidationErrorList();
-        String testName = "aspe%20ct.jar";
+        String testName = "aspe%20ct.txt";
         assertEquals("Percent encoding is not changed", testName, instance.getValidFileName("test", testName, ESAPI.securityConfiguration().getAllowedFileExtensions(), false, errors));
     }
 
@@ -307,7 +307,7 @@ public void testIsInvalidFilename() {
         char invalidChars[] = "/\\:*?\"<>|".toCharArray();
         for (int i = 0; i < invalidChars.length; i++) {
             assertFalse(invalidChars[i] + " is an invalid character for a filename",
-                    instance.isValidFileName("test", "as" + invalidChars[i] + "pect.jar", false));
+                    instance.isValidFileName("test", "as" + invalidChars[i] + "pect.txt", false));
         }
         assertFalse("Files must have an extension", instance.isValidFileName("test", "", false));
         assertFalse("Files must have a valid extension", instance.isValidFileName("test.invalidExtension", "", false));
@@ -523,21 +523,21 @@ public void testIsValidFileContent() {
     public void testIsValidFileName() {
         System.out.println("isValidFileName");
         Validator instance = ESAPI.validator();
-        assertTrue("Simple valid filename with a valid extension", instance.isValidFileName("test", "aspect.jar", false));
-        assertTrue("All valid filename characters are accepted", instance.isValidFileName("test", "!@#$%^&{}[]()_+-=,.~'` abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890.jar", false));
-        assertTrue("Legal filenames that decode to legal filenames are accepted", instance.isValidFileName("test", "aspe%20ct.jar", false));
+        assertTrue("Simple valid filename with a valid extension", instance.isValidFileName("test", "aspect.txt", false));
+        assertTrue("All valid filename characters are accepted", instance.isValidFileName("test", "!@#$%^&{}[]()_+-=,.~'` abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890.txt", false));
+        assertTrue("Legal filenames that decode to legal filenames are accepted", instance.isValidFileName("test", "aspe%20ct.txt", false));
 
         ValidationErrorList errors = new ValidationErrorList();
-        assertTrue("Simple valid filename with a valid extension", instance.isValidFileName("test", "aspect.jar", false, errors));
-        assertTrue("All valid filename characters are accepted", instance.isValidFileName("test", "!@#$%^&{}[]()_+-=,.~'` abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890.jar", false, errors));
-        assertTrue("Legal filenames that decode to legal filenames are accepted", instance.isValidFileName("test", "aspe%20ct.jar", false, errors));
+        assertTrue("Simple valid filename with a valid extension", instance.isValidFileName("test", "aspect.txt", false, errors));
+        assertTrue("All valid filename characters are accepted", instance.isValidFileName("test", "!@#$%^&{}[]()_+-=,.~'` abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890.txt", false, errors));
+        assertTrue("Legal filenames that decode to legal filenames are accepted", instance.isValidFileName("test", "aspe%20ct.txt", false, errors));
         assertTrue(errors.size() == 0);
     }
 
     public void testIsValidFileUpload() throws IOException {
         System.out.println("isValidFileUpload");
         String filepath = new File(System.getProperty("user.dir")).getCanonicalPath();
-        String filename = "aspect.jar";
+        String filename = "aspect.txt";
         File parent = new File("/").getCanonicalFile();
         ValidationErrorList errors = new ValidationErrorList();
         byte[] content = null;
@@ -553,7 +553,7 @@ public void testIsValidFileUpload() throws IOException {
         assertTrue(errors.size() == 0);
 
         filepath = "/ridiculous";
-        filename = "aspect.jar";
+        filename = "aspect.txt";
         try {
             content = "This is some file content".getBytes(PREFERRED_ENCODING);
         }
diff --git a/src/test/resources/esapi/ESAPI-CommaValidatorFileChecker.properties b/src/test/resources/esapi/ESAPI-CommaValidatorFileChecker.properties
index f120f748d..2ed48b437 100644
--- a/src/test/resources/esapi/ESAPI-CommaValidatorFileChecker.properties
+++ b/src/test/resources/esapi/ESAPI-CommaValidatorFileChecker.properties
@@ -334,7 +334,7 @@ HttpUtilities.ForceSecureCookies=true
 # Maximum size of HTTP headers
 HttpUtilities.MaxHeaderSize=4096
 # File upload configuration
-HttpUtilities.ApprovedUploadExtensions=.zip,.pdf,.doc,.docx,.ppt,.pptx,.tar,.gz,.tgz,.rar,.war,.jar,.ear,.xls,.rtf,.properties,.java,.class,.txt,.xml,.jsp,.jsf,.exe,.dll
+HttpUtilities.ApprovedUploadExtensions=.pdf,.doc,.docx,.ppt,.pptx,.xls,.xlsx,.rtf,.txt,.jpg,.png
 HttpUtilities.MaxUploadFileBytes=500000000
 # Using UTF-8 throughout your stack is highly recommended. That includes your database driver,
 # container, and any other technologies you may be using. Failure to do this may expose you
@@ -463,4 +463,4 @@ Validator.DirectoryName=^[a-zA-Z0-9:/\\\\!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
 
 # Validation of dates. Controls whether or not 'lenient' dates are accepted.
 # See DataFormat.setLenient(boolean flag) for further details.
-Validator.AcceptLenientDates=false
\ No newline at end of file
+Validator.AcceptLenientDates=false
diff --git a/src/test/resources/esapi/ESAPI-DualValidatorFileChecker.properties b/src/test/resources/esapi/ESAPI-DualValidatorFileChecker.properties
index 040de2038..0d9b3df05 100644
--- a/src/test/resources/esapi/ESAPI-DualValidatorFileChecker.properties
+++ b/src/test/resources/esapi/ESAPI-DualValidatorFileChecker.properties
@@ -334,7 +334,7 @@ HttpUtilities.ForceSecureCookies=true
 # Maximum size of HTTP headers
 HttpUtilities.MaxHeaderSize=4096
 # File upload configuration
-HttpUtilities.ApprovedUploadExtensions=.zip,.pdf,.doc,.docx,.ppt,.pptx,.tar,.gz,.tgz,.rar,.war,.jar,.ear,.xls,.rtf,.properties,.java,.class,.txt,.xml,.jsp,.jsf,.exe,.dll
+HttpUtilities.ApprovedUploadExtensions=.pdf,.doc,.docx,.ppt,.pptx,.xls,.xlsx,.rtf,.txt,.jpg,.png
 HttpUtilities.MaxUploadFileBytes=500000000
 # Using UTF-8 throughout your stack is highly recommended. That includes your database driver,
 # container, and any other technologies you may be using. Failure to do this may expose you
@@ -463,4 +463,4 @@ Validator.DirectoryName=^[a-zA-Z0-9:/\\\\!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
 
 # Validation of dates. Controls whether or not 'lenient' dates are accepted.
 # See DataFormat.setLenient(boolean flag) for further details.
-Validator.AcceptLenientDates=false
\ No newline at end of file
+Validator.AcceptLenientDates=false
diff --git a/src/test/resources/esapi/ESAPI-QuotedValidatorFileChecker.properties b/src/test/resources/esapi/ESAPI-QuotedValidatorFileChecker.properties
index a3a66ba60..af65a4ce6 100644
--- a/src/test/resources/esapi/ESAPI-QuotedValidatorFileChecker.properties
+++ b/src/test/resources/esapi/ESAPI-QuotedValidatorFileChecker.properties
@@ -334,7 +334,7 @@ HttpUtilities.ForceSecureCookies=true
 # Maximum size of HTTP headers
 HttpUtilities.MaxHeaderSize=4096
 # File upload configuration
-HttpUtilities.ApprovedUploadExtensions=.zip,.pdf,.doc,.docx,.ppt,.pptx,.tar,.gz,.tgz,.rar,.war,.jar,.ear,.xls,.rtf,.properties,.java,.class,.txt,.xml,.jsp,.jsf,.exe,.dll
+HttpUtilities.ApprovedUploadExtensions=.pdf,.doc,.docx,.ppt,.pptx,.xls,.xlsx,.rtf,.txt,.jpg,.png
 HttpUtilities.MaxUploadFileBytes=500000000
 # Using UTF-8 throughout your stack is highly recommended. That includes your database driver,
 # container, and any other technologies you may be using. Failure to do this may expose you
@@ -463,4 +463,4 @@ Validator.DirectoryName=^[a-zA-Z0-9:/\\\\!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
 
 # Validation of dates. Controls whether or not 'lenient' dates are accepted.
 # See DataFormat.setLenient(boolean flag) for further details.
-Validator.AcceptLenientDates=false
\ No newline at end of file
+Validator.AcceptLenientDates=false
diff --git a/src/test/resources/esapi/ESAPI-SingleValidatorFileChecker.properties b/src/test/resources/esapi/ESAPI-SingleValidatorFileChecker.properties
index d741f3608..8b6edc6bd 100644
--- a/src/test/resources/esapi/ESAPI-SingleValidatorFileChecker.properties
+++ b/src/test/resources/esapi/ESAPI-SingleValidatorFileChecker.properties
@@ -334,7 +334,7 @@ HttpUtilities.ForceSecureCookies=true
 # Maximum size of HTTP headers
 HttpUtilities.MaxHeaderSize=4096
 # File upload configuration
-HttpUtilities.ApprovedUploadExtensions=.zip,.pdf,.doc,.docx,.ppt,.pptx,.tar,.gz,.tgz,.rar,.war,.jar,.ear,.xls,.rtf,.properties,.java,.class,.txt,.xml,.jsp,.jsf,.exe,.dll
+HttpUtilities.ApprovedUploadExtensions=.pdf,.doc,.docx,.ppt,.pptx,.xls,.xlsx,.rtf,.txt,.jpg,.png
 HttpUtilities.MaxUploadFileBytes=500000000
 # Using UTF-8 throughout your stack is highly recommended. That includes your database driver,
 # container, and any other technologies you may be using. Failure to do this may expose you
@@ -463,4 +463,4 @@ Validator.DirectoryName=^[a-zA-Z0-9:/\\\\!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
 
 # Validation of dates. Controls whether or not 'lenient' dates are accepted.
 # See DataFormat.setLenient(boolean flag) for further details.
-Validator.AcceptLenientDates=false
\ No newline at end of file
+Validator.AcceptLenientDates=false
diff --git a/src/test/resources/esapi/ESAPI.properties b/src/test/resources/esapi/ESAPI.properties
index 6e184a46e..83246bd1d 100644
--- a/src/test/resources/esapi/ESAPI.properties
+++ b/src/test/resources/esapi/ESAPI.properties
@@ -356,7 +356,7 @@ HttpUtilities.httpQueryParamNameLength=100
 #Maximum length for an http query parameter -- old default was 2000, but that's the max length for a URL...
 HttpUtilities.httpQueryParamValueLength=500
 # File upload configuration
-HttpUtilities.ApprovedUploadExtensions=.zip,.pdf,.doc,.docx,.ppt,.pptx,.tar,.gz,.tgz,.rar,.war,.jar,.ear,.xls,.rtf,.properties,.java,.class,.txt,.xml,.jsp,.jsf,.exe,.dll
+HttpUtilities.ApprovedUploadExtensions=.pdf,.doc,.docx,.ppt,.pptx,.xls,.xlsx,.rtf,.txt,.jpg,.png
 HttpUtilities.MaxUploadFileBytes=500000000
 # Using UTF-8 throughout your stack is highly recommended. That includes your database driver,
 # container, and any other technologies you may be using. Failure to do this may expose you

From 91d09a6297521ca8384b92c493227c4e1cbfa342 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 27 Aug 2018 22:04:00 -0400
Subject: [PATCH 508/812] Remove deprecated fields and close #442

---
 src/main/java/org/owasp/esapi/Encoder.java | 76 ----------------------
 1 file changed, 76 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/Encoder.java b/src/main/java/org/owasp/esapi/Encoder.java
index 5b45c5cdc..454525eaa 100644
--- a/src/main/java/org/owasp/esapi/Encoder.java
+++ b/src/main/java/org/owasp/esapi/Encoder.java
@@ -52,82 +52,6 @@
  */
 public interface Encoder {
 	
-	/**
-	 * Standard character sets
-	 */
-
-	/**  
-	 * @deprecated Use {@link EncoderConstants#CHAR_LOWERS} instead
-	 */
-	@Deprecated
-	public final static char[] CHAR_LOWERS = EncoderConstants.CHAR_LOWERS;
-    /**
-	 * @deprecated Use {@link EncoderConstants#CHAR_UPPERS} instead
-	 *
-	 */
-	@Deprecated
-	public final static char[] CHAR_UPPERS = EncoderConstants.CHAR_UPPERS;
-    /**
-	 * @deprecated Use {@link EncoderConstants#CHAR_DIGITS} instead
-	 *
-	 */
-	@Deprecated
-	public final static char[] CHAR_DIGITS = EncoderConstants.CHAR_DIGITS;
-    /**
-	 * @deprecated Use {@link EncoderConstants#CHAR_SPECIALS} instead
-	 *
-	 */
-	@Deprecated
-	public final static char[] CHAR_SPECIALS = EncoderConstants.CHAR_SPECIALS;
-    /**
-	 * @deprecated Use {@link EncoderConstants#CHAR_LETTERS} instead
-	 *
-	 */
-	@Deprecated
-	public final static char[] CHAR_LETTERS = EncoderConstants.CHAR_LETTERS;
-    /**
-	 * @deprecated Use {@link EncoderConstants#CHAR_ALPHANUMERICS} instead
-	 *
-	 */
-	@Deprecated
-	public final static char[] CHAR_ALPHANUMERICS = EncoderConstants.CHAR_ALPHANUMERICS;
-	
-	
-	/**
-	 * Password character set, is alphanumerics (without l, i, I, o, O, and 0)
-	 * selected specials like + (bad for URL encoding, | is like i and 1,
-	 * etc...)
-	 * @deprecated Use {@link EncoderConstants#CHAR_PASSWORD_LOWERS} instead
-	 */
-	@Deprecated
-	public final static char[] CHAR_PASSWORD_LOWERS = EncoderConstants.CHAR_PASSWORD_LOWERS;
-    /**
-	 * @deprecated Use {@link EncoderConstants#CHAR_PASSWORD_UPPERS} instead
-	 *
-	 */
-	@Deprecated
-	public final static char[] CHAR_PASSWORD_UPPERS = EncoderConstants.CHAR_PASSWORD_UPPERS;
-    /**
-	 * @deprecated Use {@link EncoderConstants#CHAR_PASSWORD_DIGITS} instead
-	 *
-	 */
-	@Deprecated
-	public final static char[] CHAR_PASSWORD_DIGITS = EncoderConstants.CHAR_PASSWORD_DIGITS;
-    /**
-	 * @deprecated Use {@link EncoderConstants#CHAR_PASSWORD_SPECIALS} instead
-	 *
-	 */
-	@Deprecated
-	public final static char[] CHAR_PASSWORD_SPECIALS = EncoderConstants.CHAR_PASSWORD_SPECIALS;
-    /**
-	 * @deprecated Use {@link EncoderConstants#CHAR_PASSWORD_LETTERS} instead
-	 *
-	 */
-	@Deprecated
-	public final static char[] CHAR_PASSWORD_LETTERS = EncoderConstants.CHAR_PASSWORD_LETTERS;
-    
-
-
 	/**
 	 * This method is equivalent to calling <pre>Encoder.canonicalize(input, restrictMultiple, restrictMixed);</pre>
 	 *

From 2cb045a22871d0389b152e8c78a8f4e8740e45d0 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Fri, 21 Sep 2018 14:18:13 -0500
Subject: [PATCH 509/812] SLF4J Cleanup

Adding documentation to new SLF4J Logging classes.
---
 .../esapi/logging/slf4j/Slf4JLogBridge.java   | 20 +++++++++++-
 .../logging/slf4j/Slf4JLogBridgeImpl.java     | 11 +++++--
 .../esapi/logging/slf4j/Slf4JLogFactory.java  | 19 ++++++++++--
 .../esapi/logging/slf4j/Slf4JLogHandler.java  | 24 ++++++++++++--
 .../esapi/logging/slf4j/Slf4JLogHandlers.java | 31 +++++++++++--------
 .../esapi/logging/slf4j/Slf4JLogger.java      | 13 +++++++-
 6 files changed, 97 insertions(+), 21 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridge.java b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridge.java
index 2bb866fa9..5c17ee4f5 100644
--- a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridge.java
+++ b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridge.java
@@ -16,9 +16,27 @@
 
 import org.owasp.esapi.Logger.EventType;
 import org.slf4j.Logger;
-
+/**
+ * Contract for translating an ESAPI log event into an SLF4J log event.
+ * 
+ */
 public interface Slf4JLogBridge {
+    /**
+     * Translation for the provided ESAPI level, type, and message to the specified SLF4J Logger.
+     * @param logger Logger to receive the translated message.
+     * @param esapiLevel ESAPI level of event.
+     * @param type ESAPI event type
+     * @param message ESAPI event message content.
+     */
     void log(Logger logger, int esapiLevel, EventType type, String message) ;
+    /**
+     * Translation for the provided ESAPI level, type, message, and Throwable to the specified SLF4J Logger.
+     * @param logger Logger to receive the translated message.
+     * @param esapiLevel ESAPI level of event.
+     * @param type ESAPI event type
+     * @param message ESAPI event message content.
+     * @param throwable ESAPI event Throwable content
+     */
     void log(Logger logger, int esapiLevel, EventType type, String message, Throwable throwable) ;
       
 }
diff --git a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridgeImpl.java b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridgeImpl.java
index 0999fc98f..1aec9e247 100644
--- a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridgeImpl.java
+++ b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridgeImpl.java
@@ -32,15 +32,22 @@
 public class Slf4JLogBridgeImpl implements Slf4JLogBridge {
     //BasicMarkerFactory uses ConcurrentHashMap to track data.  This *should be* thread safe.
     private static final IMarkerFactory MARKER_FACTORY = new BasicMarkerFactory();
+    /** Configuration providing associations between esapi log levels and SLF4J levels.*/
     private final Map<Integer,Slf4JLogHandler> esapiSlfLevelMap;
+    /** Cleaner used for log content.*/
     private final LogScrubber scrubber;
     
+    /**
+     * Constructor.
+     * @param logScrubber  Log message cleaner.
+     * @param esapiSlfHandlerMap Map identifying ESAPI -> SLF4J log level associations.
+     */
     public Slf4JLogBridgeImpl(LogScrubber logScrubber, Map<Integer, Slf4JLogHandler> esapiSlfHandlerMap) {
         //Defensive copy to prevent external mutations.
         this.esapiSlfLevelMap = new HashMap<>(esapiSlfHandlerMap);
         this.scrubber = logScrubber;
     }
-    
+    @Override
     public void log(Logger logger, int esapiLevel, EventType type, String message) {
         Slf4JLogHandler handler = esapiSlfLevelMap.get(esapiLevel);
         if (handler == null) {
@@ -52,7 +59,7 @@ public void log(Logger logger, int esapiLevel, EventType type, String message) {
             handler.log(logger, typeMarker, cleanString);
         }
     }
-
+    @Override
     public void log(Logger logger, int esapiLevel, EventType type, String message, Throwable throwable) {
         Slf4JLogHandler handler = esapiSlfLevelMap.get(esapiLevel);
         if (handler == null) {
diff --git a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java
index 32d000381..82a894f88 100644
--- a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java
+++ b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java
@@ -29,17 +29,27 @@
 import org.owasp.esapi.logging.cleaning.NewlineLogScrubber;
 import org.owasp.esapi.reference.DefaultSecurityConfiguration;
 import org.slf4j.LoggerFactory;
-
+/**
+ * LogFactory implementation which creates SLF4J supporting Loggers.
+ *
+ */
 public class Slf4JLogFactory implements LogFactory {
+    /** Html encoding backslash.*/
     private static final char BACKSLASH = '\\';
+    /** Html encoding for SLF4J open replacement marker.*/
     private static final char OPEN_SLF_FORMAT='{';
+    /** Html encoding for SLF4J close replacement marker.*/
     private static final char CLOSE_SLF_FORMAT='}';
+    /** Immune characters for the codec log scrubber for SLF4J context.*/
     private static final char[] IMMUNE_SLF4J_HTML = {',', '.', '-', '_', ' ',BACKSLASH, OPEN_SLF_FORMAT, CLOSE_SLF_FORMAT };
+    /** Codec being used to clean messages for logging.*/
     private static final HTMLEntityCodec HTML_CODEC = new HTMLEntityCodec();
+    /** Log cleaner instance.*/
     private static LogScrubber SLF4J_LOG_SCRUBBER;
+    /** Bridge class for mapping esapi -> slf4j log levels.*/
     private static Slf4JLogBridge LOG_BRIDGE;
+    
     static {
-        
         boolean encodeLog = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_ENCODING_REQUIRED);
         SLF4J_LOG_SCRUBBER = createLogScrubber(encodeLog);
         
@@ -56,6 +66,11 @@ public class Slf4JLogFactory implements LogFactory {
         LOG_BRIDGE = new Slf4JLogBridgeImpl(SLF4J_LOG_SCRUBBER, levelLookup);
     }
     
+    /**
+     * Populates the default log scrubber for use in factory-created loggers.
+     * @param requiresEncoding {@code true} if encoding is required for log content.
+     * @return LogScrubber instance.
+     */
     /*package*/ static LogScrubber createLogScrubber(boolean requiresEncoding) {
         List<LogScrubber> messageScrubber = new ArrayList<>();
         messageScrubber.add(new NewlineLogScrubber());
diff --git a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogHandler.java b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogHandler.java
index 16ddd112c..2346143d0 100644
--- a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogHandler.java
+++ b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogHandler.java
@@ -16,9 +16,29 @@
 
 import org.slf4j.Logger;
 import org.slf4j.Marker;
-
-public interface Slf4JLogHandler {
+/**
+ * Contract used to isolate translations for each SLF4J Logging Level.
+ * 
+ * @see Slf4JLogHandlers
+ * @see Slf4JLogBridgeImpl
+ *
+ */
+ interface Slf4JLogHandler {
+     /** Check if the logging level is enabled for the specified logger.*/
     boolean isEnabled(Logger logger);
+    /**
+     * Calls the appropriate log level event on the specified logger.
+     * @param logger Logger to invoke.
+     * @param marker Marker to apply to event
+     * @param msg Message to log.
+     */
     void log(Logger logger, Marker marker, String msg);
+    /**
+     * Calls the appropriate log level event on the specified logger.
+     * @param logger Logger to invoke
+     * @param marker Marker to apply to the event.
+     * @param msg Message to log
+     * @param th Throwable to log.
+     */
     void log(Logger logger, Marker marker, String msg, Throwable th);
 }
diff --git a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogHandlers.java b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogHandlers.java
index 937f4a45d..c858b7bdc 100644
--- a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogHandlers.java
+++ b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogHandlers.java
@@ -17,7 +17,10 @@
 
 import org.slf4j.Logger;
 import org.slf4j.Marker;
-
+/**
+ * Enumeration capturing the propagation of SLF4J level events.
+ *
+ */
 public enum Slf4JLogHandlers implements Slf4JLogHandler {
     ERROR {
         @Override
@@ -35,10 +38,10 @@ public void log(Logger logger, Marker marker, String msg, Throwable th) {
             logger.error(marker, msg, th);
         }
     },
-       WARN {
+    WARN {
         @Override
         public boolean isEnabled(Logger logger) {
-           return logger.isWarnEnabled();
+            return logger.isWarnEnabled();
         }
 
         @Override
@@ -51,7 +54,7 @@ public void log(Logger logger, Marker marker, String msg, Throwable th) {
             logger.warn(marker, msg, th);
         }
     },
-       INFO {
+    INFO {
         @Override
         public boolean isEnabled(Logger logger) {
             return logger.isInfoEnabled();
@@ -67,7 +70,7 @@ public void log(Logger logger, Marker marker, String msg, Throwable th) {
             logger.info(marker, msg, th);
         }
     },
-       DEBUG {
+    DEBUG {
         @Override
         public boolean isEnabled(Logger logger) {
             return logger.isDebugEnabled();
@@ -83,7 +86,7 @@ public void log(Logger logger, Marker marker, String msg, Throwable th) {
             logger.debug(marker, msg, th);
         }
     },
-       TRACE{
+    TRACE{
 
         @Override
         public boolean isEnabled(Logger logger) {
@@ -99,10 +102,12 @@ public void log(Logger logger, Marker marker, String msg) {
         public void log(Logger logger, Marker marker, String msg, Throwable th) {
             logger.trace(marker, msg, th);
         }
-           
-       };
-       
-       public abstract boolean isEnabled(Logger logger);
-       public abstract void log(Logger logger, Marker marker, String msg);
-       public abstract void log(Logger logger, Marker marker, String msg, Throwable th);
-   }
+
+    };
+    @Override
+    public abstract boolean isEnabled(Logger logger);
+    @Override
+    public abstract void log(Logger logger, Marker marker, String msg);
+    @Override
+    public abstract void log(Logger logger, Marker marker, String msg, Throwable th);
+}
diff --git a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogger.java b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogger.java
index ee577fe58..9a08ef3b4 100644
--- a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogger.java
+++ b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogger.java
@@ -15,12 +15,23 @@
 package org.owasp.esapi.logging.slf4j;
 
 import org.owasp.esapi.Logger;
-
+/**
+ * ESAPI Logger implementation which relays events to an SLF4J delegate.
+ */
 public class Slf4JLogger implements org.owasp.esapi.Logger {
+    /** Delegate Logger.*/
     private final org.slf4j.Logger delegate;
+    /** Handler for translating events from ESAPI context for SLF4J processing.*/
     private final Slf4JLogBridge logBridge;
+    /** Maximum log level that will be forwarded to SLF4J from the ESAPI context.*/
     private int maxLogLevel;
     
+    /**
+     * Constructs a new instance. 
+     * @param slf4JLogger Delegate SLF4J logger.
+     * @param bridge Translator for ESAPI -> SLF4J logging events.
+     * @param defaultEsapiLevel Maximum ESAPI log level events to propagate.
+     */
     public Slf4JLogger(org.slf4j.Logger slf4JLogger, Slf4JLogBridge bridge, int defaultEsapiLevel) {
         delegate = slf4JLogger;
         this.logBridge = bridge;

From 120d7bb04dc37e918af48013184e10316eb94787 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Fri, 21 Sep 2018 14:25:54 -0500
Subject: [PATCH 510/812] Renaming Files

Renamed SLF4JLogHander (and subclasses) to be SLF4JLogLevelHandler*

Updated uses to match altered class names.
---
 .../logging/slf4j/Slf4JLogBridgeImpl.java     |  8 ++---
 .../esapi/logging/slf4j/Slf4JLogFactory.java  | 16 ++++-----
 ...Handler.java => Slf4JLogLevelHandler.java} |  4 +--
 ...ndlers.java => Slf4JLogLevelHandlers.java} |  2 +-
 .../logging/slf4j/Slf4JLogBridgeImplTest.java |  8 ++---
 ...st.java => Slf4JLogLevelHandlersTest.java} | 34 +++++++++----------
 6 files changed, 36 insertions(+), 36 deletions(-)
 rename src/main/java/org/owasp/esapi/logging/slf4j/{Slf4JLogHandler.java => Slf4JLogLevelHandler.java} (95%)
 rename src/main/java/org/owasp/esapi/logging/slf4j/{Slf4JLogHandlers.java => Slf4JLogLevelHandlers.java} (97%)
 rename src/test/java/org/owasp/esapi/logging/slf4j/{Slf4JLogHandlersTest.java => Slf4JLogLevelHandlersTest.java} (68%)

diff --git a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridgeImpl.java b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridgeImpl.java
index 1aec9e247..92aa347f7 100644
--- a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridgeImpl.java
+++ b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridgeImpl.java
@@ -33,7 +33,7 @@ public class Slf4JLogBridgeImpl implements Slf4JLogBridge {
     //BasicMarkerFactory uses ConcurrentHashMap to track data.  This *should be* thread safe.
     private static final IMarkerFactory MARKER_FACTORY = new BasicMarkerFactory();
     /** Configuration providing associations between esapi log levels and SLF4J levels.*/
-    private final Map<Integer,Slf4JLogHandler> esapiSlfLevelMap;
+    private final Map<Integer,Slf4JLogLevelHandler> esapiSlfLevelMap;
     /** Cleaner used for log content.*/
     private final LogScrubber scrubber;
     
@@ -42,14 +42,14 @@ public class Slf4JLogBridgeImpl implements Slf4JLogBridge {
      * @param logScrubber  Log message cleaner.
      * @param esapiSlfHandlerMap Map identifying ESAPI -> SLF4J log level associations.
      */
-    public Slf4JLogBridgeImpl(LogScrubber logScrubber, Map<Integer, Slf4JLogHandler> esapiSlfHandlerMap) {
+    public Slf4JLogBridgeImpl(LogScrubber logScrubber, Map<Integer, Slf4JLogLevelHandler> esapiSlfHandlerMap) {
         //Defensive copy to prevent external mutations.
         this.esapiSlfLevelMap = new HashMap<>(esapiSlfHandlerMap);
         this.scrubber = logScrubber;
     }
     @Override
     public void log(Logger logger, int esapiLevel, EventType type, String message) {
-        Slf4JLogHandler handler = esapiSlfLevelMap.get(esapiLevel);
+        Slf4JLogLevelHandler handler = esapiSlfLevelMap.get(esapiLevel);
         if (handler == null) {
             throw new IllegalArgumentException("Unable to lookup SLF4J level mapping for esapi value of " + esapiLevel);
         }
@@ -61,7 +61,7 @@ public void log(Logger logger, int esapiLevel, EventType type, String message) {
     }
     @Override
     public void log(Logger logger, int esapiLevel, EventType type, String message, Throwable throwable) {
-        Slf4JLogHandler handler = esapiSlfLevelMap.get(esapiLevel);
+        Slf4JLogLevelHandler handler = esapiSlfLevelMap.get(esapiLevel);
         if (handler == null) {
             throw new IllegalArgumentException("Unable to lookup SLF4J level mapping for esapi value of " + esapiLevel);
         }
diff --git a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java
index 82a894f88..bda561f18 100644
--- a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java
+++ b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java
@@ -53,14 +53,14 @@ public class Slf4JLogFactory implements LogFactory {
         boolean encodeLog = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_ENCODING_REQUIRED);
         SLF4J_LOG_SCRUBBER = createLogScrubber(encodeLog);
         
-        Map<Integer, Slf4JLogHandler> levelLookup = new HashMap<>();
-        levelLookup.put(Logger.ALL, Slf4JLogHandlers.TRACE);
-        levelLookup.put(Logger.TRACE, Slf4JLogHandlers.TRACE);
-        levelLookup.put(Logger.DEBUG, Slf4JLogHandlers.DEBUG);
-        levelLookup.put(Logger.INFO, Slf4JLogHandlers.INFO);
-        levelLookup.put(Logger.ERROR, Slf4JLogHandlers.ERROR);
-        levelLookup.put(Logger.WARNING, Slf4JLogHandlers.WARN);
-        levelLookup.put(Logger.FATAL, Slf4JLogHandlers.ERROR);
+        Map<Integer, Slf4JLogLevelHandler> levelLookup = new HashMap<>();
+        levelLookup.put(Logger.ALL, Slf4JLogLevelHandlers.TRACE);
+        levelLookup.put(Logger.TRACE, Slf4JLogLevelHandlers.TRACE);
+        levelLookup.put(Logger.DEBUG, Slf4JLogLevelHandlers.DEBUG);
+        levelLookup.put(Logger.INFO, Slf4JLogLevelHandlers.INFO);
+        levelLookup.put(Logger.ERROR, Slf4JLogLevelHandlers.ERROR);
+        levelLookup.put(Logger.WARNING, Slf4JLogLevelHandlers.WARN);
+        levelLookup.put(Logger.FATAL, Slf4JLogLevelHandlers.ERROR);
         //LEVEL.OFF not used.  If it's off why would we try to log it?
         
         LOG_BRIDGE = new Slf4JLogBridgeImpl(SLF4J_LOG_SCRUBBER, levelLookup);
diff --git a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogHandler.java b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogLevelHandler.java
similarity index 95%
rename from src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogHandler.java
rename to src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogLevelHandler.java
index 2346143d0..1e8bb7f7c 100644
--- a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogHandler.java
+++ b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogLevelHandler.java
@@ -19,11 +19,11 @@
 /**
  * Contract used to isolate translations for each SLF4J Logging Level.
  * 
- * @see Slf4JLogHandlers
+ * @see Slf4JLogLevelHandlers
  * @see Slf4JLogBridgeImpl
  *
  */
- interface Slf4JLogHandler {
+ interface Slf4JLogLevelHandler {
      /** Check if the logging level is enabled for the specified logger.*/
     boolean isEnabled(Logger logger);
     /**
diff --git a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogHandlers.java b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogLevelHandlers.java
similarity index 97%
rename from src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogHandlers.java
rename to src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogLevelHandlers.java
index c858b7bdc..d2748fe77 100644
--- a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogHandlers.java
+++ b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogLevelHandlers.java
@@ -21,7 +21,7 @@
  * Enumeration capturing the propagation of SLF4J level events.
  *
  */
-public enum Slf4JLogHandlers implements Slf4JLogHandler {
+public enum Slf4JLogLevelHandlers implements Slf4JLogLevelHandler {
     ERROR {
         @Override
         public boolean isEnabled(Logger logger) {
diff --git a/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridgeImplTest.java b/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridgeImplTest.java
index e59ad1740..8921c762c 100644
--- a/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridgeImplTest.java
+++ b/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridgeImplTest.java
@@ -39,14 +39,14 @@ public class Slf4JLogBridgeImplTest {
     public ExpectedException exEx = ExpectedException.none();
 
     private LogScrubber mockScrubber = Mockito.mock(LogScrubber.class);
-    private Slf4JLogHandler mockHandler = Mockito.mock(Slf4JLogHandler.class);
+    private Slf4JLogLevelHandler mockHandler = Mockito.mock(Slf4JLogLevelHandler.class);
     private org.slf4j.Logger mockSlf4JLogger = Mockito.mock(org.slf4j.Logger.class);
     private Throwable testEx = new Throwable(testName.getMethodName());
     private Slf4JLogBridge bridge;
 
     @Before
     public void setup() {
-        Map<Integer, Slf4JLogHandler> levelLookup = new HashMap<>();
+        Map<Integer, Slf4JLogLevelHandler> levelLookup = new HashMap<>();
         levelLookup.put(Logger.ALL, mockHandler);
 
         bridge = new Slf4JLogBridgeImpl(mockScrubber, levelLookup);
@@ -56,7 +56,7 @@ public void setup() {
     public void testLogMessageWithUnmappedEsapiLevelThrowsException() {
         exEx.expect(IllegalArgumentException.class);
         exEx.expectMessage("Unable to lookup SLF4J level mapping");
-        Map<Integer, Slf4JLogHandler> emptyMap = Collections.emptyMap();
+        Map<Integer, Slf4JLogLevelHandler> emptyMap = Collections.emptyMap();
         new Slf4JLogBridgeImpl(mockScrubber, emptyMap).log(mockSlf4JLogger, 0, Logger.EVENT_UNSPECIFIED, "This Should fail");
     }
     
@@ -64,7 +64,7 @@ public void testLogMessageWithUnmappedEsapiLevelThrowsException() {
     public void testLogMessageAndExceptionWithUnmappedEsapiLevelThrowsException() {
         exEx.expect(IllegalArgumentException.class);
         exEx.expectMessage("Unable to lookup SLF4J level mapping");
-        Map<Integer, Slf4JLogHandler> emptyMap = Collections.emptyMap();
+        Map<Integer, Slf4JLogLevelHandler> emptyMap = Collections.emptyMap();
         new Slf4JLogBridgeImpl(mockScrubber, emptyMap).log(mockSlf4JLogger, 0, Logger.EVENT_UNSPECIFIED, "This Should fail", testEx);
     }
     
diff --git a/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogHandlersTest.java b/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogLevelHandlersTest.java
similarity index 68%
rename from src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogHandlersTest.java
rename to src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogLevelHandlersTest.java
index bf911ddca..e5607c435 100644
--- a/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogHandlersTest.java
+++ b/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogLevelHandlersTest.java
@@ -22,20 +22,20 @@
 import org.slf4j.Marker;
 import org.slf4j.helpers.BasicMarkerFactory;
 
-public class Slf4JLogHandlersTest {
+public class Slf4JLogLevelHandlersTest {
 
     private Logger mockLogger = Mockito.mock(Logger.class);
     @Rule
     public TestName testName = new TestName();
 
-    private Marker marker = new BasicMarkerFactory().getMarker(Slf4JLogHandlersTest.class.getSimpleName());
+    private Marker marker = new BasicMarkerFactory().getMarker(Slf4JLogLevelHandlersTest.class.getSimpleName());
     private Throwable testException = new Throwable("Expected for testing");
 
     @Test
     public void testErrorDelegation() {
-        Slf4JLogHandlers.ERROR.isEnabled(mockLogger);
-        Slf4JLogHandlers.ERROR.log(mockLogger, marker, testName.getMethodName());
-        Slf4JLogHandlers.ERROR.log(mockLogger, marker, testName.getMethodName(), testException);
+        Slf4JLogLevelHandlers.ERROR.isEnabled(mockLogger);
+        Slf4JLogLevelHandlers.ERROR.log(mockLogger, marker, testName.getMethodName());
+        Slf4JLogLevelHandlers.ERROR.log(mockLogger, marker, testName.getMethodName(), testException);
 
         Mockito.verify(mockLogger, Mockito.times(1)).isErrorEnabled();
         Mockito.verify(mockLogger, Mockito.times(1)).error(marker, testName.getMethodName());
@@ -45,9 +45,9 @@ public void testErrorDelegation() {
 
     @Test
     public void testWarnDelegation() {
-        Slf4JLogHandlers.WARN.isEnabled(mockLogger);
-        Slf4JLogHandlers.WARN.log(mockLogger, marker, testName.getMethodName());
-        Slf4JLogHandlers.WARN.log(mockLogger, marker, testName.getMethodName(), testException);
+        Slf4JLogLevelHandlers.WARN.isEnabled(mockLogger);
+        Slf4JLogLevelHandlers.WARN.log(mockLogger, marker, testName.getMethodName());
+        Slf4JLogLevelHandlers.WARN.log(mockLogger, marker, testName.getMethodName(), testException);
 
         Mockito.verify(mockLogger, Mockito.times(1)).isWarnEnabled();
         Mockito.verify(mockLogger, Mockito.times(1)).warn(marker, testName.getMethodName());
@@ -56,9 +56,9 @@ public void testWarnDelegation() {
     }
     @Test
     public void testInfoDelegation() {
-        Slf4JLogHandlers.INFO.isEnabled(mockLogger);
-        Slf4JLogHandlers.INFO.log(mockLogger, marker, testName.getMethodName());
-        Slf4JLogHandlers.INFO.log(mockLogger, marker, testName.getMethodName(), testException);
+        Slf4JLogLevelHandlers.INFO.isEnabled(mockLogger);
+        Slf4JLogLevelHandlers.INFO.log(mockLogger, marker, testName.getMethodName());
+        Slf4JLogLevelHandlers.INFO.log(mockLogger, marker, testName.getMethodName(), testException);
 
         Mockito.verify(mockLogger, Mockito.times(1)).isInfoEnabled();
         Mockito.verify(mockLogger, Mockito.times(1)).info(marker, testName.getMethodName());
@@ -67,9 +67,9 @@ public void testInfoDelegation() {
     }
     @Test
     public void testDebugDelegation() {
-        Slf4JLogHandlers.DEBUG.isEnabled(mockLogger);
-        Slf4JLogHandlers.DEBUG.log(mockLogger, marker, testName.getMethodName());
-        Slf4JLogHandlers.DEBUG.log(mockLogger, marker, testName.getMethodName(), testException);
+        Slf4JLogLevelHandlers.DEBUG.isEnabled(mockLogger);
+        Slf4JLogLevelHandlers.DEBUG.log(mockLogger, marker, testName.getMethodName());
+        Slf4JLogLevelHandlers.DEBUG.log(mockLogger, marker, testName.getMethodName(), testException);
 
         Mockito.verify(mockLogger, Mockito.times(1)).isDebugEnabled();
         Mockito.verify(mockLogger, Mockito.times(1)).debug(marker, testName.getMethodName());
@@ -78,9 +78,9 @@ public void testDebugDelegation() {
     }
     @Test
     public void testTraceDelegation() {
-        Slf4JLogHandlers.TRACE.isEnabled(mockLogger);
-        Slf4JLogHandlers.TRACE.log(mockLogger, marker, testName.getMethodName());
-        Slf4JLogHandlers.TRACE.log(mockLogger, marker, testName.getMethodName(), testException);
+        Slf4JLogLevelHandlers.TRACE.isEnabled(mockLogger);
+        Slf4JLogLevelHandlers.TRACE.log(mockLogger, marker, testName.getMethodName());
+        Slf4JLogLevelHandlers.TRACE.log(mockLogger, marker, testName.getMethodName(), testException);
 
         Mockito.verify(mockLogger, Mockito.times(1)).isTraceEnabled();
         Mockito.verify(mockLogger, Mockito.times(1)).trace(marker, testName.getMethodName());

From a627f6d64809f4f570c9358c9ff335ed06949f47 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Fri, 21 Sep 2018 15:26:19 -0500
Subject: [PATCH 511/812] POM UPDATES (dependency refs & versions)

Increasing versions of dependencies.

The updated dependency for commons-collections removed ArrayListIterator
and CollectionsUtil from the library.  Those classes appear to have been
moved to org.apache.commons:commons-collections4.  I swapped the
dependency out to allow for the version update.

Similar case with the powermock-api-mockito.  A class was removed from the
referenced library.  Replaced reference with the latest
powermock-api-mockito2.

WAS NOT ABLE TO UPDATE
javax.servlet:javax.servlet-api from 3.0.1 to 4.0.1
Modification adds API to ServletInputStream and ServletOutputStream, and
requires work in the ESAPI 'waf' packages to compensate.
---
 pom.xml | 23 +++++++++++------------
 1 file changed, 11 insertions(+), 12 deletions(-)

diff --git a/pom.xml b/pom.xml
index 6112a4e7f..e163d74a9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -130,7 +130,7 @@
 		<dependency>
 		    <groupId>joda-time</groupId>
 		    <artifactId>joda-time</artifactId>
-		    <version>2.9.9</version>
+		    <version>2.10</version>
 		</dependency>
         <dependency>
             <groupId>commons-configuration</groupId>
@@ -152,7 +152,7 @@
         <dependency>
             <groupId>org.bouncycastle</groupId>
             <artifactId>bcprov-jdk15on</artifactId>
-            <version>1.58</version>
+            <version>1.60</version>
             <scope>test</scope>
         </dependency>
         <dependency>
@@ -164,7 +164,7 @@
         <dependency>
             <groupId>javax.servlet.jsp</groupId>
             <artifactId>jsp-api</artifactId>
-            <version>2.2</version>
+            <version>2.2.1-b03</version>
             <scope>provided</scope>
         </dependency>
         <dependency>
@@ -180,10 +180,9 @@
             <scope>test</scope>
         </dependency>
         <dependency>
-            <groupId>commons-collections</groupId>
-            <artifactId>commons-collections</artifactId>
-            <version>3.2.2</version>
-            <scope>compile</scope>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-collections4</artifactId>
+            <version>4.2</version>
         </dependency>
         <dependency>
             <groupId>log4j</groupId>
@@ -222,7 +221,7 @@
         <dependency>
             <groupId>org.apache.xmlgraphics</groupId>
             <artifactId>batik-css</artifactId>
-            <version>1.9.1</version>
+            <version>1.10</version>
         </dependency>
 		<!--  <dependency>
 		    <groupId>org.mockito</groupId>
@@ -233,20 +232,20 @@
 		<!-- https://mvnrepository.com/artifact/org.powermock/powermock-api-mockito -->
 		<dependency>
 		    <groupId>org.powermock</groupId>
-		    <artifactId>powermock-api-mockito</artifactId>
-		    <version>1.7.0</version>
+		    <artifactId>powermock-api-mockito2</artifactId>
+		    <version>2.0.0-beta.5</version>
 		    <scope>test</scope>
 		</dependency>
 		<dependency>
 		    <groupId>org.powermock</groupId>
 		    <artifactId>powermock-module-junit4</artifactId>
-		    <version>1.7.0</version>
+		    <version>2.0.0-beta.5</version>
 		    <scope>test</scope>
 		</dependency>
 		<dependency>
 			<groupId>org.slf4j</groupId>
 			<artifactId>slf4j-api</artifactId>
-			<version>1.7.25</version>
+			<version>1.8.0-beta2</version>
 		</dependency>
 		<!-- https://mvnrepository.com/artifact/eu.codearte.catch-exception/catch-exception
 		<dependency>

From bf09e7aa1828df764446a5f9c441ad6e9e5536e7 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sat, 22 Sep 2018 06:23:29 -0500
Subject: [PATCH 512/812] SLF4J Cleanup

Updating references to Mockito.Matchers to Mockito.ArgumentMatchers.
Cleaning up class imports.
Removing resolved TODO markers.
---
 .../cleaning/CodecLogScrubberTest.java        |  7 +++---
 .../logging/slf4j/Slf4JLogBridgeImplTest.java | 22 +++++++++----------
 .../logging/slf4j/Slf4JLogFactoryTest.java    |  5 -----
 3 files changed, 15 insertions(+), 19 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/logging/cleaning/CodecLogScrubberTest.java b/src/test/java/org/owasp/esapi/logging/cleaning/CodecLogScrubberTest.java
index 1febd85fd..684bab71a 100644
--- a/src/test/java/org/owasp/esapi/logging/cleaning/CodecLogScrubberTest.java
+++ b/src/test/java/org/owasp/esapi/logging/cleaning/CodecLogScrubberTest.java
@@ -15,11 +15,12 @@
 package org.owasp.esapi.logging.cleaning;
 
 import static org.junit.Assert.assertEquals;
+
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.rules.ExpectedException;
 import org.mockito.ArgumentCaptor;
-import org.mockito.Matchers;
+import org.mockito.ArgumentMatchers;
 import org.mockito.Mockito;
 import org.owasp.esapi.codecs.Codec;
 
@@ -47,7 +48,7 @@ public void testNullImmuneIsEmpty() {
 
         scrubber.cleanMessage(message);
 
-        Mockito.verify(mockCodec, Mockito.times(1)).encode(immuneCapture.capture(), Matchers.matches(message));
+        Mockito.verify(mockCodec, Mockito.times(1)).encode(immuneCapture.capture(), ArgumentMatchers.matches(message));
         Mockito.verifyNoMoreInteractions(mockCodec);
 
         assertEquals(0, immuneCapture.getValue().length);
@@ -64,7 +65,7 @@ public void testCleanMessage() {
 
         scrubber.cleanMessage(message);
 
-        Mockito.verify(mockCodec, Mockito.times(1)).encode(Matchers.same(immune), Matchers.matches(message));
+        Mockito.verify(mockCodec, Mockito.times(1)).encode(ArgumentMatchers.same(immune), ArgumentMatchers.matches(message));
         Mockito.verifyNoMoreInteractions(mockCodec);
 
     }
diff --git a/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridgeImplTest.java b/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridgeImplTest.java
index 8921c762c..4b8380c4b 100644
--- a/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridgeImplTest.java
+++ b/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridgeImplTest.java
@@ -25,7 +25,7 @@
 import org.junit.rules.ExpectedException;
 import org.junit.rules.TestName;
 import org.mockito.ArgumentCaptor;
-import org.mockito.Matchers;
+import org.mockito.ArgumentMatchers;
 import org.mockito.Mockito;
 import org.owasp.esapi.Logger;
 import org.owasp.esapi.logging.cleaning.LogScrubber;
@@ -80,8 +80,8 @@ public void testLogMessage() {
         ArgumentCaptor<Marker> markerCapture = ArgumentCaptor.forClass(Marker.class);
         Mockito.verify(mockScrubber, Mockito.times(1)).cleanMessage(testName.getMethodName());
         Mockito.verify(mockHandler, Mockito.times(1)).isEnabled(mockSlf4JLogger);
-        Mockito.verify(mockHandler, Mockito.times(0)).log(Matchers.any(org.slf4j.Logger.class), Matchers.any(Marker.class), Matchers.any(String.class), Matchers.any(Throwable.class));
-        Mockito.verify(mockHandler, Mockito.times(1)).log(Matchers.same(mockSlf4JLogger), markerCapture.capture(), Matchers.matches(message));
+        Mockito.verify(mockHandler, Mockito.times(0)).log(ArgumentMatchers.any(org.slf4j.Logger.class), ArgumentMatchers.any(Marker.class), ArgumentMatchers.any(String.class), ArgumentMatchers.any(Throwable.class));
+        Mockito.verify(mockHandler, Mockito.times(1)).log(ArgumentMatchers.same(mockSlf4JLogger), markerCapture.capture(), ArgumentMatchers.matches(message));
 
         Assert.assertEquals(Logger.EVENT_UNSPECIFIED.toString(), markerCapture.getValue().getName());
     }
@@ -98,9 +98,9 @@ public void testLogErrorMessageWithException() {
         ArgumentCaptor<Marker> markerCapture = ArgumentCaptor.forClass(Marker.class);
         Mockito.verify(mockScrubber, Mockito.times(1)).cleanMessage(testName.getMethodName());
         Mockito.verify(mockHandler, Mockito.times(1)).isEnabled(mockSlf4JLogger);
-        Mockito.verify(mockHandler, Mockito.times(0)).log(Matchers.any(org.slf4j.Logger.class), Matchers.any(Marker.class), Matchers.any(String.class));
+        Mockito.verify(mockHandler, Mockito.times(0)).log(ArgumentMatchers.any(org.slf4j.Logger.class), ArgumentMatchers.any(Marker.class), ArgumentMatchers.any(String.class));
 
-        Mockito.verify(mockHandler, Mockito.times(1)).log(Matchers.same(mockSlf4JLogger), markerCapture.capture(), Matchers.matches(message), Matchers.same(testEx));
+        Mockito.verify(mockHandler, Mockito.times(1)).log(ArgumentMatchers.same(mockSlf4JLogger), markerCapture.capture(), ArgumentMatchers.matches(message), ArgumentMatchers.same(testEx));
 
         Assert.assertEquals(Logger.EVENT_UNSPECIFIED.toString(), markerCapture.getValue().getName());   
     }
@@ -113,9 +113,9 @@ public void testDisabledLogMessage() {
         bridge.log(mockSlf4JLogger, Logger.ALL, Logger.EVENT_UNSPECIFIED, testName.getMethodName());
 
         Mockito.verify(mockHandler, Mockito.times(1)).isEnabled(mockSlf4JLogger);
-        Mockito.verify(mockScrubber, Mockito.times(0)).cleanMessage(Matchers.anyString());
-        Mockito.verify(mockHandler, Mockito.times(0)).log(Matchers.any(org.slf4j.Logger.class), Matchers.any(Marker.class), Matchers.any(String.class));
-        Mockito.verify(mockHandler, Mockito.times(0)).log(Matchers.any(org.slf4j.Logger.class), Matchers.any(Marker.class), Matchers.any(String.class), Matchers.any(Throwable.class));
+        Mockito.verify(mockScrubber, Mockito.times(0)).cleanMessage(ArgumentMatchers.anyString());
+        Mockito.verify(mockHandler, Mockito.times(0)).log(ArgumentMatchers.any(org.slf4j.Logger.class), ArgumentMatchers.any(Marker.class), ArgumentMatchers.any(String.class));
+        Mockito.verify(mockHandler, Mockito.times(0)).log(ArgumentMatchers.any(org.slf4j.Logger.class), ArgumentMatchers.any(Marker.class), ArgumentMatchers.any(String.class), ArgumentMatchers.any(Throwable.class));
     }
 
     @Test
@@ -125,9 +125,9 @@ public void testDisabledErrorLogWithException() {
         bridge.log(mockSlf4JLogger, Logger.ALL, Logger.EVENT_UNSPECIFIED, testName.getMethodName(), testEx);
 
         Mockito.verify(mockHandler, Mockito.times(1)).isEnabled(mockSlf4JLogger);
-        Mockito.verify(mockScrubber, Mockito.times(0)).cleanMessage(Matchers.anyString());
-        Mockito.verify(mockHandler, Mockito.times(0)).log(Matchers.any(org.slf4j.Logger.class), Matchers.any(Marker.class), Matchers.any(String.class));
-        Mockito.verify(mockHandler, Mockito.times(0)).log(Matchers.any(org.slf4j.Logger.class), Matchers.any(Marker.class), Matchers.any(String.class), Matchers.any(Throwable.class));
+        Mockito.verify(mockScrubber, Mockito.times(0)).cleanMessage(ArgumentMatchers.anyString());
+        Mockito.verify(mockHandler, Mockito.times(0)).log(ArgumentMatchers.any(org.slf4j.Logger.class), ArgumentMatchers.any(Marker.class), ArgumentMatchers.any(String.class));
+        Mockito.verify(mockHandler, Mockito.times(0)).log(ArgumentMatchers.any(org.slf4j.Logger.class), ArgumentMatchers.any(Marker.class), ArgumentMatchers.any(String.class), ArgumentMatchers.any(Throwable.class));
 
     }
 
diff --git a/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactoryTest.java b/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactoryTest.java
index 3018b5699..a74cf17a5 100644
--- a/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactoryTest.java
+++ b/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactoryTest.java
@@ -20,7 +20,6 @@
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.ArgumentCaptor;
-import org.mockito.Mockito;
 import org.owasp.esapi.Logger;
 import org.owasp.esapi.logging.cleaning.CodecLogScrubber;
 import org.owasp.esapi.logging.cleaning.CompositeLogScrubber;
@@ -29,14 +28,10 @@
 import org.powermock.api.mockito.PowerMockito;
 import org.powermock.core.classloader.annotations.PrepareForTest;
 import org.powermock.modules.junit4.PowerMockRunner;
-import org.powermock.reflect.Whitebox;
 
 @RunWith(PowerMockRunner.class)
 @PrepareForTest (Slf4JLogFactory.class)
 public class Slf4JLogFactoryTest {
-//TODO:  Test to assert the encoder is an html encoder
-//TODO:  Assert the immunity list for special slf4j characters
-//TODO: Assert the Level mapping content
     @Test
     public void testCreateLoggerByString() {
         Logger logger = new Slf4JLogFactory().getLogger("test");

From 41b20cd39f3f6944c271c8f4ac8119e2f293d702 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sun, 23 Sep 2018 08:19:17 -0500
Subject: [PATCH 513/812] POM Version Updates

Excluding transitive references for xercesImpl and xml-apis from existing
projects.  Pulling references to ESAPI root to better control versions of
these elements.

Also rolling slf4j back to 1.7.25 from beta version, which had a CVE
listed.
---
 pom.xml | 38 +++++++++++++++++++++++++++++++++++++-
 1 file changed, 37 insertions(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index e163d74a9..a68d617cb 100644
--- a/pom.xml
+++ b/pom.xml
@@ -195,6 +195,26 @@
             <groupId>com.io7m.xom</groupId>
             <artifactId>xom</artifactId>
             <version>1.2.10</version>
+            <exclusions>
+				<exclusion>
+					<groupId>xerces</groupId>
+					<artifactId>xercesImpl</artifactId>
+				</exclusion>
+				<exclusion>
+					<groupId>xml-apis</groupId>
+					<artifactId>xml-apis</artifactId>
+				</exclusion>
+			</exclusions>
+        </dependency>
+        <dependency>
+        	<groupId>xml-apis</groupId>
+			<artifactId>xml-apis</artifactId>
+			<version>1.4.01</version>
+        </dependency>
+        <dependency>
+        	<groupId>xerces</groupId>
+			<artifactId>xercesImpl</artifactId>
+			<version>2.12.0</version>
         </dependency>
         <dependency>
             <groupId>org.apache-extras.beanshell</groupId>
@@ -205,6 +225,16 @@
             <groupId>org.owasp.antisamy</groupId>
             <artifactId>antisamy</artifactId>
             <version>1.5.7</version>
+            <exclusions>
+            	<exclusion>
+					<groupId>xml-apis</groupId>
+					<artifactId>xml-apis</artifactId>
+				</exclusion>
+				<exclusion>
+					<groupId>xerces</groupId>
+					<artifactId>xercesImpl</artifactId>
+				</exclusion>
+			</exclusions>
         </dependency>
         <!-- The following is only a TRANSITIVE dependency used by antisamy.
              Antisamy uses 2.7.0, which has unpatched vulnerability
@@ -217,6 +247,12 @@
             <groupId>xalan</groupId>
             <artifactId>xalan</artifactId>
             <version>2.7.2</version>
+             <exclusions>
+            <exclusion>
+					<groupId>xml-apis</groupId>
+					<artifactId>xml-apis</artifactId>
+				</exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>org.apache.xmlgraphics</groupId>
@@ -245,7 +281,7 @@
 		<dependency>
 			<groupId>org.slf4j</groupId>
 			<artifactId>slf4j-api</artifactId>
-			<version>1.8.0-beta2</version>
+			<version>1.7.25</version>
 		</dependency>
 		<!-- https://mvnrepository.com/artifact/eu.codearte.catch-exception/catch-exception
 		<dependency>

From 7f1d95a54bbc3a12b46456578f8a228da334a608 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Fri, 5 Oct 2018 12:14:09 -0400
Subject: [PATCH 514/812] Close issue #448

---
 CONTRIBUTING-TO-ESAPI.txt                     |  97 +++++++
 README.md                                     |   2 +
 pom.xml                                       | 257 ++++++++----------
 .../accesscontrol/DelegatingACR.java          |   2 +-
 4 files changed, 215 insertions(+), 143 deletions(-)
 create mode 100644 CONTRIBUTING-TO-ESAPI.txt

diff --git a/CONTRIBUTING-TO-ESAPI.txt b/CONTRIBUTING-TO-ESAPI.txt
new file mode 100644
index 000000000..6cb2ee965
--- /dev/null
+++ b/CONTRIBUTING-TO-ESAPI.txt
@@ -0,0 +1,97 @@
+                        Contributing to ESAPI
+
+Getting Started:
+    If you have not already done so, go back and read the section
+    "Contributing to ESAPI legacy" in ESAPI's README.md file. It
+    make contain updates and advice not contained herein.
+
+Finding Something Interesting to Work on:
+
+    See the section "Contributing to ESAPI legacy in
+    https://github.com/ESAPI/esapi-java-legacy/blob/develop/README.md
+    While you don't *have* to work on something labeled "good first issue"
+    or "help wanted", those are good places to start for someone not yet
+    familiar with the ESAPI code base.
+
+    You will need a account on GitHub though. Once you create one, let me know
+    what it is. Then if you want to work on a particular issue, we can assign
+    it to you so someone else won't take it.
+
+    If you have questions, email me or Matt Seil (xeno6696@gmail.com).
+
+Overview:
+    We are following the branching model described in
+        https://nvie.com/posts/a-successful-git-branching-model
+    If you are unfamiliar with it, you would be advised to give it a
+    quick perusal. The major point is that the 'master' branch is reserved for
+    official releases (which will be tagged), the 'develop' branch is used for
+    ongoing development work and is the default branch, and we generally work
+    off 'issue' branches named 'issue-#' where # is the GitHub issue number.
+    (The last is not an absolute requirement, but rather a suggested
+    approach.)
+
+    Finally, we recommend setting the git property 'core.autocrlf' to 'input'
+    in your $HOME/.gitconfig file; e.g., that file should contain something
+    like this:
+
+        [core]
+            autocrlf = input
+
+Required Software:
+    We use Maven for building. Maven 3.1 or later is required. You also need
+    JDK 7 or later. (We generally use JDK 8, but compile ESAPI only to require
+    JDK 7, which means our code can't yet use any features exclusive to Java 8
+    or later.)
+
+Building ESAPI:
+    https://www.owasp.org/index.php/ESAPI-Building briefly discusses how to
+    build ESAPI via Maven.
+
+    Also https://github.com/ESAPI/esapi-java-legacy/wiki/Using-ESAPI-for-Java-with-Eclipse
+    describes how to use ESAPI with Eclipse and
+    https://www.owasp.org/index.php/ESAPI-BuildingWithEclipse is a very old
+    overview of how to build ESAPI in Eclipse.
+
+    As always, any contributions to ESAPI's admittedly skimpy documentation
+    in this area is welcome.
+
+Steps to work with ESAPI:
+    I usually do everything from the bash command prompt in Linux Mint,
+    but other people use Windows. If you prefer an IDE, I can't help you
+    much, but I can help with at least modest problems. If you have more
+    difficult problems, I will probably refer you to my project co-leader,
+    Matt who groks git a lot better than I.
+
+    But the basic high level steps are:
+    1. Fork https://github.com/ESAPI/esapi-java-legacy to your own GitHub
+       repository.
+    2. On your local laptop, clone your own GitHub ESAPI repo (i.e, the
+       forked repo created in previous step)
+    3. Create a new branch to work on an issue. I usually name the branch
+       'issue-#' where '#' is the GitHub issue # is will be working on, but
+       you can call it whatever.
+    4. Work on the GitHub issue on this newly created issue-# branch.
+    5. Make sure everything builds correctly and all the JUnit tests pass
+       ('mvn test'). [Note: On occasion, there may be a failure in
+       AuthenticatorTest.testGetCurrentUser(). If there is, run 'mvn test'
+       again. It seems to be sporadic and it is hypothesized that it is
+       related to some sort of race condition in the JUnit tests.]
+    6. If you have added any dependencies, please also run
+            mvn org.owasp:dependency-check-maven:check
+       to run OWASP Dependency-Check and look at the generated report
+       left in 'target/dependency-check-report.html' to make sure there
+       were not any CVEs introduced. (Alternately you can run 'mvn verify'
+       which will first run the tests and then run Dependency-Check.) Note
+       if this is the first time you have run Dependency-Check for ESAPI,
+       expect it to take a while (often 30 minutes or so!).
+    7. Commit your changes locally.
+    8. Push your 'issue-#' branch to your personal, forked ESAPI GitHub repo.-
+    9. Go to your personal, forked ESAPI GitHub repo and create a
+       Pull Request from your 'issue-#' branch.
+   10. Back on your local personal laptop / desktop, merge your issue branch with
+       your local 'develop' branch.
+
+In theory, you can do all this 'git' magic from Eclipse and presumably other
+IDEs like NetBeans or IntelliJ). From Eclipse, it is right-click on the
+project and then select 'Team' to do the commits, etc. If you choose that
+route, you're pretty much on your own because none of us use that.
diff --git a/README.md b/README.md
index 27168a156..c36670d59 100644
--- a/README.md
+++ b/README.md
@@ -29,6 +29,8 @@ Fork and submit a pull request! Simple as pi! We generally only accept bug fixes
 
 If you are new to ESAPI, a good place to start is to look for GitHub issues labled as 'good first issue'. (E.g., to find all open issues with that label, use https://github.com/ESAPI/esapi-java-legacy/issues?q=is%3Aissue+is%3Aopen+label%3A%22good+first+issue%22.)
 
+You can find additional details in the file 'CONTRIBUTING-TO-ESAPI.txt'.
+
 ### What happened to Google code?
 In mid-2014 ESAPI Migrated all code to GitHub. This migration was completed in November 2014.
 
diff --git a/pom.xml b/pom.xml
index a68d617cb..b4fb109ff 100644
--- a/pom.xml
+++ b/pom.xml
@@ -119,6 +119,9 @@
         <contributor>
             <name>Jim Manico</name>
         </contributor>
+        <contributor>
+            <name>Jeremiah J. Stacey</name>
+        </contributor>
     </contributors>
 
     <properties>
@@ -126,12 +129,12 @@
     </properties>
 
     <dependencies>
-		<!-- https://mvnrepository.com/artifact/joda-time/joda-time -->
-		<dependency>
-		    <groupId>joda-time</groupId>
-		    <artifactId>joda-time</artifactId>
-		    <version>2.10</version>
-		</dependency>
+        <!-- https://mvnrepository.com/artifact/joda-time/joda-time -->
+        <dependency>
+            <groupId>joda-time</groupId>
+            <artifactId>joda-time</artifactId>
+            <version>2.10</version>
+        </dependency>
         <dependency>
             <groupId>commons-configuration</groupId>
             <artifactId>commons-configuration</artifactId>
@@ -142,18 +145,11 @@
             <artifactId>commons-beanutils</artifactId>
             <!-- We need to use 1.9.2 (or later) here to address CVE-2014-0114. -->
             <version>1.9.3</version>
-        </dependency>
-        <dependency>
-            <groupId>junit</groupId>
-            <artifactId>junit</artifactId>
-            <version>4.12</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.bouncycastle</groupId>
-            <artifactId>bcprov-jdk15on</artifactId>
-            <version>1.60</version>
-            <scope>test</scope>
+            <!-- NOTE: commons-beanutils uses commons-collections 3.2.2. We use
+                 commons-collections 4.2. Package names are different so this shouldn't
+                 cause any problems as long as 3.x doesn't have any CVEs. May have to
+                 rethink / exclude / etc. if there are.
+                 -->
         </dependency>
         <dependency>
             <groupId>javax.servlet</groupId>
@@ -163,8 +159,8 @@
         </dependency>
         <dependency>
             <groupId>javax.servlet.jsp</groupId>
-            <artifactId>jsp-api</artifactId>
-            <version>2.2.1-b03</version>
+            <artifactId>javax.servlet.jsp-api</artifactId>
+            <version>2.3.3</version>
             <scope>provided</scope>
         </dependency>
         <dependency>
@@ -173,12 +169,6 @@
             <version>1.3.3</version>
             <scope>compile</scope>
         </dependency>
-        <dependency>
-            <groupId>commons-io</groupId>
-            <artifactId>commons-io</artifactId>
-            <version>2.6</version>
-            <scope>test</scope>
-        </dependency>
         <dependency>
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-collections4</artifactId>
@@ -191,121 +181,104 @@
             <scope>compile</scope>
             <type>jar</type>
         </dependency>
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-api</artifactId>
+            <version>1.7.25</version>
+        </dependency>
         <dependency>
             <groupId>com.io7m.xom</groupId>
             <artifactId>xom</artifactId>
             <version>1.2.10</version>
             <exclusions>
-				<exclusion>
-					<groupId>xerces</groupId>
-					<artifactId>xercesImpl</artifactId>
-				</exclusion>
-				<exclusion>
-					<groupId>xml-apis</groupId>
-					<artifactId>xml-apis</artifactId>
-				</exclusion>
-			</exclusions>
-        </dependency>
-        <dependency>
-        	<groupId>xml-apis</groupId>
-			<artifactId>xml-apis</artifactId>
-			<version>1.4.01</version>
-        </dependency>
-        <dependency>
-        	<groupId>xerces</groupId>
-			<artifactId>xercesImpl</artifactId>
-			<version>2.12.0</version>
+                <exclusion>
+                    <groupId>xerces</groupId>
+                    <artifactId>xercesImpl</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>xml-apis</groupId>
+                    <artifactId>xml-apis</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>org.apache-extras.beanshell</groupId>
-			<artifactId>bsh</artifactId>
-			<version>2.0b6</version>
+                <artifactId>bsh</artifactId>
+                <version>2.0b6</version>
         </dependency>
         <dependency>
             <groupId>org.owasp.antisamy</groupId>
             <artifactId>antisamy</artifactId>
             <version>1.5.7</version>
             <exclusions>
-            	<exclusion>
-					<groupId>xml-apis</groupId>
-					<artifactId>xml-apis</artifactId>
-				</exclusion>
-				<exclusion>
-					<groupId>xerces</groupId>
-					<artifactId>xercesImpl</artifactId>
-				</exclusion>
-			</exclusions>
+                <exclusion>
+                    <groupId>xml-apis</groupId>
+                    <artifactId>xml-apis</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>xerces</groupId>
+                    <artifactId>xercesImpl</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
-        <!-- The following is only a TRANSITIVE dependency used by antisamy.
-             Antisamy uses 2.7.0, which has unpatched vulnerability
-             CVE-2014-0107 so we try to force it to 2.7.2 to address this
-             as we are already using the latest version of antisamy.
-             However, as of ESAPI 2.1.0.1 at least, ESAPI does NOT use this
-             library directly.
+
+        <!--
+             FORCE SPECIFIC VERSIONS OF TRANSITIVE DEPENDENCIES EXCLUDED ABOVE.
+             This is to force patched versions of these libraries with known CVEs against them.
         -->
         <dependency>
             <groupId>xalan</groupId>
             <artifactId>xalan</artifactId>
             <version>2.7.2</version>
-             <exclusions>
-            <exclusion>
-					<groupId>xml-apis</groupId>
-					<artifactId>xml-apis</artifactId>
-				</exclusion>
-            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>xml-apis</groupId>
+            <artifactId>xml-apis</artifactId>
+            <version>1.4.01</version>
         </dependency>
         <dependency>
             <groupId>org.apache.xmlgraphics</groupId>
             <artifactId>batik-css</artifactId>
             <version>1.10</version>
         </dependency>
-		<!--  <dependency>
-		    <groupId>org.mockito</groupId>
-		    <artifactId>mockito-all</artifactId>
-		    <version>1.10.19</version>
-		    <scope>test</scope>
-		</dependency>-->
-		<!-- https://mvnrepository.com/artifact/org.powermock/powermock-api-mockito -->
-		<dependency>
-		    <groupId>org.powermock</groupId>
-		    <artifactId>powermock-api-mockito2</artifactId>
-		    <version>2.0.0-beta.5</version>
-		    <scope>test</scope>
-		</dependency>
-		<dependency>
-		    <groupId>org.powermock</groupId>
-		    <artifactId>powermock-module-junit4</artifactId>
-		    <version>2.0.0-beta.5</version>
-		    <scope>test</scope>
-		</dependency>
-		<dependency>
-			<groupId>org.slf4j</groupId>
-			<artifactId>slf4j-api</artifactId>
-			<version>1.7.25</version>
-		</dependency>
-		<!-- https://mvnrepository.com/artifact/eu.codearte.catch-exception/catch-exception
-		<dependency>
-		    <groupId>eu.codearte.catch-exception</groupId>
-		    <artifactId>catch-exception</artifactId>
-		    <version>1.4.6</version>
-		    <scope>test</scope>
-		</dependency>-->
-
-		<!-- https://mvnrepository.com/artifact/org.powermock/powermock-core
-		<dependency>
-		    <groupId>org.powermock</groupId>
-		    <artifactId>powermock-core</artifactId>
-		    <version>1.7.0</version>
-		    <scope>test</scope>
-		</dependency>-->
-		<!-- https://mvnrepository.com/artifact/org.powermock/powermock-api-easymock
-		<dependency>
-		    <groupId>org.powermock</groupId>
-		    <artifactId>powermock-api-easymock</artifactId>
-		    <version>1.7.0</version>
-		    <scope>test</scope>
-		</dependency>-->
+        <dependency>
+            <groupId>xerces</groupId>
+            <artifactId>xercesImpl</artifactId>
+            <version>2.12.0</version>
+        </dependency>
 
+        <!-- Dependencies which are ONLY used for JUnit tests -->
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+            <version>4.12</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcprov-jdk15on</artifactId>
+            <version>1.60</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>commons-io</groupId>
+            <artifactId>commons-io</artifactId>
+            <version>2.6</version>
+            <scope>test</scope>
+        </dependency>
+        <!-- https://mvnrepository.com/artifact/org.powermock/powermock-api-mockito -->
+        <dependency>
+            <groupId>org.powermock</groupId>
+            <artifactId>powermock-api-mockito2</artifactId>
+            <version>2.0.0-beta.5</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.powermock</groupId>
+            <artifactId>powermock-module-junit4</artifactId>
+            <version>2.0.0-beta.5</version>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 
     <build>
@@ -404,7 +377,7 @@
                 <artifactId>dependency-check-maven</artifactId>
                 <version>2.1.0</version>
                 <configuration>
-                    <failBuildOnCVSS>5.9</failBuildOnCVSS>
+                    <!-- <failBuildOnCVSS>5.9</failBuildOnCVSS> -->
                     <suppressionFile>./suppressions.xml</suppressionFile>
                 </configuration>
                 <executions>
@@ -609,37 +582,37 @@
                         </executions>
                     </plugin>
 
-					<plugin>
-						<groupId>org.apache.maven.plugins</groupId>
-						<artifactId>maven-jar-plugin</artifactId>
-						<version>2.6</version>
+                    <plugin>
+                        <groupId>org.apache.maven.plugins</groupId>
+                        <artifactId>maven-jar-plugin</artifactId>
+                        <version>2.6</version>
 <!--
-						<executions>
-							<execution>
-								<phase>package</phase>
-								<goals>
-									<goal>sign</goal>
-								</goals>
-							</execution>
-						</executions>
+                        <executions>
+                            <execution>
+                                <phase>package</phase>
+                                <goals>
+                                    <goal>sign</goal>
+                                </goals>
+                            </execution>
+                        </executions>
 -->
-						<configuration>
+                        <configuration>
 <!--
-							<keystore>codesign.keystore</keystore>
-							<alias>owasp foundation, inc.'s godaddy.com, inc. id</alias>
-							<verify>true</verify>
+                            <keystore>codesign.keystore</keystore>
+                            <alias>owasp foundation, inc.'s godaddy.com, inc. id</alias>
+                            <verify>true</verify>
 -->
-							<archive>
-								<manifest>
-									<addDefaultImplementationEntries>true</addDefaultImplementationEntries>
-									<addDefaultSpecificationEntries>true</addDefaultSpecificationEntries>
-								</manifest>
-								<manifestEntries>
-									<Sealed>true</Sealed>
-								</manifestEntries>
-							</archive>
-						</configuration>
-					</plugin>
+                            <archive>
+                                <manifest>
+                                    <addDefaultImplementationEntries>true</addDefaultImplementationEntries>
+                                    <addDefaultSpecificationEntries>true</addDefaultSpecificationEntries>
+                                </manifest>
+                                <manifestEntries>
+                                    <Sealed>true</Sealed>
+                                </manifestEntries>
+                            </archive>
+                        </configuration>
+                    </plugin>
 
                     <!-- Baseline for ESAPI 2.x is now JDK1.7 - Enforces that a JDK1.7 compiler is being
                          used to build this release -->
diff --git a/src/main/java/org/owasp/esapi/reference/accesscontrol/DelegatingACR.java b/src/main/java/org/owasp/esapi/reference/accesscontrol/DelegatingACR.java
index fa532ddaf..8c7698908 100644
--- a/src/main/java/org/owasp/esapi/reference/accesscontrol/DelegatingACR.java
+++ b/src/main/java/org/owasp/esapi/reference/accesscontrol/DelegatingACR.java
@@ -5,7 +5,7 @@
 import java.util.Iterator;
 import java.util.Vector;
 
-import org.apache.commons.collections.iterators.ArrayListIterator;
+import org.apache.commons.collections4.iterators.ArrayListIterator;
 
 public class DelegatingACR extends BaseACR<DynaBeanACRParameter, Object[]> {
 	protected Method delegateMethod;

From fe2cfff3c415d43f5c0a5f53dbba32f636e57dae Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Fri, 5 Oct 2018 15:43:47 -0400
Subject: [PATCH 515/812] Close issue #444. Delete deprecated decodeToObject()
 method and 2 related encodeObject() methods. General whitespace clean-up.
 Delete EncoderTest.testBase64decodToObject() method which is no longer
 relevant.

---
 .../java/org/owasp/esapi/codecs/Base64.java   | 839 ++++++------------
 .../owasp/esapi/reference/EncoderTest.java    |  54 --
 2 files changed, 293 insertions(+), 600 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/codecs/Base64.java b/src/main/java/org/owasp/esapi/codecs/Base64.java
index b92f35590..150bd29ef 100644
--- a/src/main/java/org/owasp/esapi/codecs/Base64.java
+++ b/src/main/java/org/owasp/esapi/codecs/Base64.java
@@ -15,14 +15,14 @@
  * <p>Homepage: <a href="http://iharder.net/base64">http://iharder.net/base64</a>
  * (based on version 2.2.2).</p>
  *
- * <p>The <tt>options</tt> parameter, which appears in a few places, is used to pass 
- * several pieces of information to the encoder. In the "higher level" methods such as 
- * encodeBytes( bytes, options ) the options parameter can be used to indicate such 
- * things as first gzipping the bytes before encoding them, not inserting linefeeds 
- * (though that breaks strict Base64 compatibility), and encoding using the URL-safe 
+ * <p>The <tt>options</tt> parameter, which appears in a few places, is used to pass
+ * several pieces of information to the encoder. In the "higher level" methods such as
+ * encodeBytes( bytes, options ) the options parameter can be used to indicate such
+ * things as first gzipping the bytes before encoding them, not inserting linefeeds
+ * (though that breaks strict Base64 compatibility), and encoding using the URL-safe
  * and Ordered dialects.</p>
  *
- * <p>The constants defined in Base64 can be OR-ed together to combine options, so you 
+ * <p>The constants defined in Base64 can be OR-ed together to combine options, so you
  * might make a call like this:</p>
  *
  * <code>String encoded = Base64.encodeBytes( mybytes, Base64.GZIP | Base64.DONT_BREAK_LINES );</code>
@@ -54,24 +54,24 @@
  *   Special thanks to Jim Kellerman at <a href="http://www.powerset.com/">http://www.powerset.com/</a>
  *   for contributing the new Base64 dialects.
  *  </li>
- * 
+ *
  *  <li>v2.1 - Cleaned up javadoc comments and unused variables and methods. Added
  *   some convenience methods for reading and writing to and from files.</li>
  *  <li>v2.0.2 - Now specifies UTF-8 encoding in places where the code fails on systems
  *   with other encodings (like EBCDIC).</li>
  *  <li>v2.0.1 - Fixed an error when decoding a single byte, that is, when the
  *   encoded data was a single byte.</li>
- *  <li>v2.0 - I got rid of methods that used booleans to set options. 
+ *  <li>v2.0 - I got rid of methods that used booleans to set options.
  *   Now everything is more consolidated and cleaner. The code now detects
  *   when data that's being decoded is gzip-compressed and will decompress it
  *   automatically. Generally things are cleaner. You'll probably have to
  *   change some method calls that you were making to support the new
  *   options format (<tt>int</tt>s that you "OR" together).</li>
- *  <li>v1.5.1 - Fixed bug when decompressing and decoding to a             
- *   byte[] using <tt>decode( String s, boolean gzipCompressed )</tt>.      
- *   Added the ability to "suspend" encoding in the Output Stream so        
- *   you can turn on and off the encoding if you need to embed base64       
- *   data in an otherwise "normal" stream (like an XML file).</li>  
+ *  <li>v1.5.1 - Fixed bug when decompressing and decoding to a
+ *   byte[] using <tt>decode( String s, boolean gzipCompressed )</tt>.
+ *   Added the ability to "suspend" encoding in the Output Stream so
+ *   you can turn on and off the encoding if you need to embed base64
+ *   data in an otherwise "normal" stream (like an XML file).</li>
  *  <li>v1.5 - Output stream pases on flush() command but doesn't do anything itself.
  *      This helps when using GZIP streams.
  *      Added the ability to GZip-compress objects before encoding them.</li>
@@ -97,108 +97,98 @@
  */
 public class Base64
 {
-    
-/* ********  P U B L I C   F I E L D S  ******** */   
-    
-    
+
+/* ********  P U B L I C   F I E L D S  ******** */
+
+
     /** No options specified. Value is zero. */
     public final static int NO_OPTIONS = 0;
-    
+
     /** Specify encoding. */
     public final static int ENCODE = 1;
-    
-    
+
     /** Specify decoding. */
     public final static int DECODE = 0;
-    
-    
+
     /** Specify that data should be gzip-compressed. */
     public final static int GZIP = 2;
-    
-    
+
     /** Don't break lines when encoding (violates strict Base64 specification) */
     public final static int DONT_BREAK_LINES = 8;
-	
-	/** 
-	 * Encode using Base64-like encoding that is URL- and Filename-safe as described
-	 * in Section 4 of RFC3548: 
-	 * <a href="http://www.faqs.org/rfcs/rfc3548.html">http://www.faqs.org/rfcs/rfc3548.html</a>.
-	 * It is important to note that data encoded this way is <em>not</em> officially valid Base64, 
-	 * or at the very least should not be called Base64 without also specifying that is
-	 * was encoded using the URL- and Filename-safe dialect.
-	 */
-	 public final static int URL_SAFE = 16;
-	 
-	 
-	 /**
-	  * Encode using the special "ordered" dialect of Base64 described here:
-	  * <a href="http://www.faqs.org/qa/rfcc-1940.html">http://www.faqs.org/qa/rfcc-1940.html</a>.
-	  */
-	 public final static int ORDERED = 32;
-    
+
+    /**
+     * Encode using Base64-like encoding that is URL- and Filename-safe as described
+     * in Section 4 of RFC3548:
+     * <a href="http://www.faqs.org/rfcs/rfc3548.html">http://www.faqs.org/rfcs/rfc3548.html</a>.
+     * It is important to note that data encoded this way is <em>not</em> officially valid Base64,
+     * or at the very least should not be called Base64 without also specifying that is
+     * was encoded using the URL- and Filename-safe dialect.
+     */
+     public final static int URL_SAFE = 16;
+
+     /**
+      * Encode using the special "ordered" dialect of Base64 described here:
+      * <a href="http://www.faqs.org/qa/rfcc-1940.html">http://www.faqs.org/qa/rfcc-1940.html</a>.
+      */
+     public final static int ORDERED = 32;
+
      /**
       * System property name that must be set to true in order to invoke {@code Base64.decodeToObject()}.
       * @see https://github.com/ESAPI/esapi-java-legacy/issues/354
       * @see http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
       */
      public final static String ENABLE_UNSAFE_SERIALIZATION = "org.owasp.esapi.enableUnsafeSerialization"; // Do NOT change!
-    
-/* ********  P R I V A T E   F I E L D S  ******** */  
-    
-    
+
+/* ********  P R I V A T E   F I E L D S  ******** */
+
     /** Maximum line length (76) of Base64 output. */
     private final static int MAX_LINE_LENGTH = 76;
-    
-    
+
     /** The equals sign (=) as a byte. */
     private final static byte EQUALS_SIGN = (byte)'=';
-    
-    
+
     /** The new line character (\n) as a byte. */
     private final static byte NEW_LINE = (byte)'\n';
-    
-    
+
     /** Preferred encoding. */
     private final static String PREFERRED_ENCODING = "UTF-8";
-    
+
     /** End of line character. */
     private final static String EOL = System.getProperty("line.separator", "\n");
-	
-	
+
+
     // I think I end up not using the BAD_ENCODING indicator.
     //private final static byte BAD_ENCODING    = -9; // Indicates error in encoding
     private final static byte WHITE_SPACE_ENC = -5; // Indicates white space in encoding
     private final static byte EQUALS_SIGN_ENC = -1; // Indicates equals sign in encoding
-	
+
     private static final Logger logger = ESAPI.getLogger("Base64");
-    
-	
-/* ********  S T A N D A R D   B A S E 6 4   A L P H A B E T  ******** */	
-    
+
+/* ********  S T A N D A R D   B A S E 6 4   A L P H A B E T  ******** */
+
     /** The 64 valid Base64 values. */
     //private final static byte[] ALPHABET;
-	/* Host platform me be something funny like EBCDIC, so we hard code these values. */
-	private final static byte[] _STANDARD_ALPHABET =
+    /* Host platform me be something funny like EBCDIC, so we hard code these values. */
+    private final static byte[] _STANDARD_ALPHABET =
     {
         (byte)'A', (byte)'B', (byte)'C', (byte)'D', (byte)'E', (byte)'F', (byte)'G',
         (byte)'H', (byte)'I', (byte)'J', (byte)'K', (byte)'L', (byte)'M', (byte)'N',
-        (byte)'O', (byte)'P', (byte)'Q', (byte)'R', (byte)'S', (byte)'T', (byte)'U', 
+        (byte)'O', (byte)'P', (byte)'Q', (byte)'R', (byte)'S', (byte)'T', (byte)'U',
         (byte)'V', (byte)'W', (byte)'X', (byte)'Y', (byte)'Z',
         (byte)'a', (byte)'b', (byte)'c', (byte)'d', (byte)'e', (byte)'f', (byte)'g',
         (byte)'h', (byte)'i', (byte)'j', (byte)'k', (byte)'l', (byte)'m', (byte)'n',
-        (byte)'o', (byte)'p', (byte)'q', (byte)'r', (byte)'s', (byte)'t', (byte)'u', 
+        (byte)'o', (byte)'p', (byte)'q', (byte)'r', (byte)'s', (byte)'t', (byte)'u',
         (byte)'v', (byte)'w', (byte)'x', (byte)'y', (byte)'z',
-        (byte)'0', (byte)'1', (byte)'2', (byte)'3', (byte)'4', (byte)'5', 
+        (byte)'0', (byte)'1', (byte)'2', (byte)'3', (byte)'4', (byte)'5',
         (byte)'6', (byte)'7', (byte)'8', (byte)'9', (byte)'+', (byte)'/'
     };
-	
-    
-    /** 
+
+    /**
      * Translates a Base64 value to either its 6-bit reconstruction value
      * or a negative number indicating some other meaning.
      **/
     private final static byte[] _STANDARD_DECODABET =
-    {   
+    {
         -9,-9,-9,-9,-9,-9,-9,-9,-9,                 // Decimal  0 -  8
         -5,-5,                                      // Whitespace: Tab and Linefeed
         -9,-9,                                      // Decimal 11 - 12
@@ -231,34 +221,34 @@ public class Base64
         -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,     // Decimal 231 - 243
         -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9         // Decimal 244 - 255 */
     };
-	
-	
+
+
 /* ********  U R L   S A F E   B A S E 6 4   A L P H A B E T  ******** */
-	
-	/**
-	 * Used in the URL- and Filename-safe dialect described in Section 4 of RFC3548: 
-	 * <a href="http://www.faqs.org/rfcs/rfc3548.html">http://www.faqs.org/rfcs/rfc3548.html</a>.
-	 * Notice that the last two bytes become "hyphen" and "underscore" instead of "plus" and "slash."
-	 */
+
+    /**
+     * Used in the URL- and Filename-safe dialect described in Section 4 of RFC3548:
+     * <a href="http://www.faqs.org/rfcs/rfc3548.html">http://www.faqs.org/rfcs/rfc3548.html</a>.
+     * Notice that the last two bytes become "hyphen" and "underscore" instead of "plus" and "slash."
+     */
     private final static byte[] _URL_SAFE_ALPHABET =
     {
       (byte)'A', (byte)'B', (byte)'C', (byte)'D', (byte)'E', (byte)'F', (byte)'G',
       (byte)'H', (byte)'I', (byte)'J', (byte)'K', (byte)'L', (byte)'M', (byte)'N',
-      (byte)'O', (byte)'P', (byte)'Q', (byte)'R', (byte)'S', (byte)'T', (byte)'U', 
+      (byte)'O', (byte)'P', (byte)'Q', (byte)'R', (byte)'S', (byte)'T', (byte)'U',
       (byte)'V', (byte)'W', (byte)'X', (byte)'Y', (byte)'Z',
       (byte)'a', (byte)'b', (byte)'c', (byte)'d', (byte)'e', (byte)'f', (byte)'g',
       (byte)'h', (byte)'i', (byte)'j', (byte)'k', (byte)'l', (byte)'m', (byte)'n',
-      (byte)'o', (byte)'p', (byte)'q', (byte)'r', (byte)'s', (byte)'t', (byte)'u', 
+      (byte)'o', (byte)'p', (byte)'q', (byte)'r', (byte)'s', (byte)'t', (byte)'u',
       (byte)'v', (byte)'w', (byte)'x', (byte)'y', (byte)'z',
-      (byte)'0', (byte)'1', (byte)'2', (byte)'3', (byte)'4', (byte)'5', 
+      (byte)'0', (byte)'1', (byte)'2', (byte)'3', (byte)'4', (byte)'5',
       (byte)'6', (byte)'7', (byte)'8', (byte)'9', (byte)'-', (byte)'_'
     };
-	
-	/**
-	 * Used in decoding URL- and Filename-safe dialects of Base64.
-	 */
+
+    /**
+     * Used in decoding URL- and Filename-safe dialects of Base64.
+     */
     private final static byte[] _URL_SAFE_DECODABET =
-    {   
+    {
       -9,-9,-9,-9,-9,-9,-9,-9,-9,                 // Decimal  0 -  8
       -5,-5,                                      // Whitespace: Tab and Linefeed
       -9,-9,                                      // Decimal 11 - 12
@@ -300,10 +290,10 @@ public class Base64
 
 /* ********  O R D E R E D   B A S E 6 4   A L P H A B E T  ******** */
 
-	/**
-	 * I don't get the point of this technique, but it is described here:
-	 * <a href="http://www.faqs.org/qa/rfcc-1940.html">http://www.faqs.org/qa/rfcc-1940.html</a>.
-	 */
+    /**
+     * I don't get the point of this technique, but it is described here:
+     * <a href="http://www.faqs.org/qa/rfcc-1940.html">http://www.faqs.org/qa/rfcc-1940.html</a>.
+     */
     private final static byte[] _ORDERED_ALPHABET =
     {
       (byte)'-',
@@ -319,12 +309,12 @@ public class Base64
       (byte)'o', (byte)'p', (byte)'q', (byte)'r', (byte)'s', (byte)'t', (byte)'u',
       (byte)'v', (byte)'w', (byte)'x', (byte)'y', (byte)'z'
     };
-	
-	/**
-	 * Used in decoding the "ordered" dialect of Base64.
-	 */
+
+    /**
+     * Used in decoding the "ordered" dialect of Base64.
+     */
     private final static byte[] _ORDERED_DECODABET =
-    {   
+    {
       -9,-9,-9,-9,-9,-9,-9,-9,-9,                 // Decimal  0 -  8
       -5,-5,                                      // Whitespace: Tab and Linefeed
       -9,-9,                                      // Decimal 11 - 12
@@ -362,46 +352,43 @@ public class Base64
         -9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9,-9         // Decimal 244 - 255 */
     };
 
-	
+
 /* ********  D E T E R M I N E   W H I C H   A L H A B E T  ******** */
 
 
-	/**
-	 * Returns one of the _SOMETHING_ALPHABET byte arrays depending on
-	 * the options specified.
-	 * It's possible, though silly, to specify ORDERED and URLSAFE
-	 * in which case one of them will be picked, though there is
-	 * no guarantee as to which one will be picked.
-	 */
-	private final static byte[] getAlphabet( int options )
-	{
-		if( (options & URL_SAFE) == URL_SAFE ) return _URL_SAFE_ALPHABET;
-		else if( (options & ORDERED) == ORDERED ) return _ORDERED_ALPHABET;
-		else return _STANDARD_ALPHABET;
-		
-	}	// end getAlphabet
-	
-	
-	/**
-	 * Returns one of the _SOMETHING_DECODABET byte arrays depending on
-	 * the options specified.
-	 * It's possible, though silly, to specify ORDERED and URL_SAFE
-	 * in which case one of them will be picked, though there is
-	 * no guarantee as to which one will be picked.
-	 */
-	private final static byte[] getDecodabet( int options )
-	{
-		if( (options & URL_SAFE) == URL_SAFE ) return _URL_SAFE_DECODABET;
-		else if( (options & ORDERED) == ORDERED ) return _ORDERED_DECODABET;
-		else return _STANDARD_DECODABET;
-		
-	}	// end getAlphabet
-        
-
-    
+    /**
+     * Returns one of the _SOMETHING_ALPHABET byte arrays depending on
+     * the options specified.
+     * It's possible, though silly, to specify ORDERED and URLSAFE
+     * in which case one of them will be picked, though there is
+     * no guarantee as to which one will be picked.
+     */
+    private final static byte[] getAlphabet( int options )
+    {
+        if( (options & URL_SAFE) == URL_SAFE ) return _URL_SAFE_ALPHABET;
+        else if( (options & ORDERED) == ORDERED ) return _ORDERED_ALPHABET;
+        else return _STANDARD_ALPHABET;
+
+    }   // end getAlphabet
+
+
+    /**
+     * Returns one of the _SOMETHING_DECODABET byte arrays depending on
+     * the options specified.
+     * It's possible, though silly, to specify ORDERED and URL_SAFE
+     * in which case one of them will be picked, though there is
+     * no guarantee as to which one will be picked.
+     */
+    private final static byte[] getDecodabet( int options )
+    {
+        if( (options & URL_SAFE) == URL_SAFE ) return _URL_SAFE_DECODABET;
+        else if( (options & ORDERED) == ORDERED ) return _ORDERED_DECODABET;
+        else return _STANDARD_DECODABET;
+
+    }   // end getDecodaabet
+
     /** Defeats instantiation. */
     private Base64(){}
-    
 
     /**
      * Encodes or decodes two files from the command line;
@@ -423,10 +410,10 @@ public final static void main( String[] args )
             }   // end if: encode
             else if( flag.equals( "-d" ) ) {
                 Base64.decodeFileToFile( infile, outfile );
-            }   // end else if: decode    
+            }   // end else if: decode
             else {
                 usage( "Unknown flag: " + flag );
-            }   // end else    
+            }   // end else
         }   // end else
     }   // end main
 
@@ -440,11 +427,9 @@ private final static void usage( String msg )
         System.err.println( msg );
         System.err.println( "Usage: java Base64 -e|-d inputfile outputfile" );
     }   // end usage
-    
-    
-/* ********  E N C O D I N G   M E T H O D S  ******** */    
-    
-    
+
+/* ********  E N C O D I N G   M E T H O D S  ******** */
+
     /**
      * Encodes up to the first three bytes of array <var>threeBytes</var>
      * and returns a four-byte array in Base64 notation.
@@ -466,12 +451,11 @@ private static byte[] encode3to4( byte[] b4, byte[] threeBytes, int numSigBytes,
         return b4;
     }   // end encode3to4
 
-    
     /**
      * <p>Encodes up to three bytes of the array <var>source</var>
      * and writes the resulting four Base64 bytes to <var>destination</var>.
      * The source and destination arrays can be manipulated
-     * anywhere along their length by specifying 
+     * anywhere along their length by specifying
      * <var>srcOffset</var> and <var>destOffset</var>.
      * This method does not check to make sure your arrays
      * are large enough to accomodate <var>srcOffset</var> + 3 for
@@ -479,8 +463,8 @@ private static byte[] encode3to4( byte[] b4, byte[] threeBytes, int numSigBytes,
      * the <var>destination</var> array.
      * The actual number of significant bytes in your array is
      * given by <var>numSigBytes</var>.</p>
-	 * <p>This is the lowest level of the encoding methods with
-	 * all possible parameters.</p>
+     * <p>This is the lowest level of the encoding methods with
+     * all possible parameters.</p>
      *
      * @param source the array to convert
      * @param srcOffset the index where conversion begins
@@ -490,19 +474,19 @@ private static byte[] encode3to4( byte[] b4, byte[] threeBytes, int numSigBytes,
      * @return the <var>destination</var> array
      * @since 1.3
      */
-    private static byte[] encode3to4( 
-     byte[] source, int srcOffset, int numSigBytes,
-     byte[] destination, int destOffset, int options )
+    private static byte[] encode3to4(
+        byte[] source, int srcOffset, int numSigBytes,
+        byte[] destination, int destOffset, int options )
     {
-		byte[] ALPHABET = getAlphabet( options ); 
-	
-        //           1         2         3  
+        byte[] ALPHABET = getAlphabet( options );
+
+        //           1         2         3
         // 01234567890123456789012345678901 Bit position
         // --------000000001111111122222222 Array position from threeBytes
         // --------|    ||    ||    ||    | Six bit groups to index ALPHABET
         //          >>18  >>12  >> 6  >> 0  Right shift necessary
         //                0x3f  0x3f  0x3f  Additional AND
-        
+
         // Create buffer with zero-padding if there are only one or two
         // significant bytes passed in the array.
         // We have to shift left 24 in order to flush out the 1's that appear
@@ -519,124 +503,25 @@ private static byte[] encode3to4(
                 destination[ destOffset + 2 ] = ALPHABET[ (inBuff >>>  6) & 0x3f ];
                 destination[ destOffset + 3 ] = ALPHABET[ (inBuff       ) & 0x3f ];
                 return destination;
-                
+
             case 2:
                 destination[ destOffset     ] = ALPHABET[ (inBuff >>> 18)        ];
                 destination[ destOffset + 1 ] = ALPHABET[ (inBuff >>> 12) & 0x3f ];
                 destination[ destOffset + 2 ] = ALPHABET[ (inBuff >>>  6) & 0x3f ];
                 destination[ destOffset + 3 ] = EQUALS_SIGN;
                 return destination;
-                
+
             case 1:
                 destination[ destOffset     ] = ALPHABET[ (inBuff >>> 18)        ];
                 destination[ destOffset + 1 ] = ALPHABET[ (inBuff >>> 12) & 0x3f ];
                 destination[ destOffset + 2 ] = EQUALS_SIGN;
                 destination[ destOffset + 3 ] = EQUALS_SIGN;
                 return destination;
-                
+
             default:
                 return destination;
         }   // end switch
     }   // end encode3to4
-    
-    
-    
-    /**
-     * Serializes an object and returns the Base64-encoded
-     * version of that serialized object. If the object
-     * cannot be serialized or there is another error,
-     * the method will return <tt>null</tt>.
-     * The object is not GZip-compressed before being encoded.
-     *
-     * @param serializableObject The object to encode
-     * @return The Base64-encoded object
-     * @since 1.4
-     */
-    public static String encodeObject( java.io.Serializable serializableObject )
-    {
-        return encodeObject( serializableObject, NO_OPTIONS );
-    }   // end encodeObject
-    
-
-
-    /**
-     * Serializes an object and returns the Base64-encoded
-     * version of that serialized object. If the object
-     * cannot be serialized or there is another error,
-     * the method will return <tt>null</tt>.
-     * <p>
-     * Valid options:<pre>
-     *   GZIP: gzip-compresses object before encoding it.
-     *   DONT_BREAK_LINES: don't break lines at 76 characters
-     *     <i>Note: Technically, this makes your encoding non-compliant.</i>
-     * </pre>
-     * <p>
-     * Example: <code>encodeObject( myObj, Base64.GZIP )</code> or
-     * <p>
-     * Example: <code>encodeObject( myObj, Base64.GZIP | Base64.DONT_BREAK_LINES )</code>
-     *
-     * @param serializableObject The object to encode
-     * @param options Specified options
-     * @return The Base64-encoded object
-     * @see Base64#GZIP
-     * @see Base64#DONT_BREAK_LINES
-     * @since 2.0
-     */
-    public static String encodeObject( java.io.Serializable serializableObject, int options )
-    {
-        // Streams
-        java.io.ByteArrayOutputStream  baos  = null; 
-        java.io.OutputStream           b64os = null; 
-        java.io.ObjectOutputStream     oos   = null; 
-        java.util.zip.GZIPOutputStream gzos  = null;
-        
-        // Isolate options
-        int gzip           = (options & GZIP);
-        //int dontBreakLines = (options & DONT_BREAK_LINES);
-        
-        try
-        {
-            // ObjectOutputStream -> (GZIP) -> Base64 -> ByteArrayOutputStream
-            baos  = new java.io.ByteArrayOutputStream();
-            b64os = new Base64.OutputStream( baos, ENCODE | options );
-    
-            // GZip?
-            if( gzip == GZIP )
-            {
-                gzos = new java.util.zip.GZIPOutputStream( b64os );
-                oos  = new java.io.ObjectOutputStream( gzos );
-            }   // end if: gzip
-            else
-                oos   = new java.io.ObjectOutputStream( b64os );
-            
-            oos.writeObject( serializableObject );
-        }   // end try
-        catch( java.io.IOException e )
-        {
-            logger.error( Logger.SECURITY_FAILURE, "Problem writing object", e );
-            return null;
-        }   // end catch
-        finally
-        {
-            try{ oos.close();   } catch( Exception e ){}
-            try{ gzos.close();  } catch( Exception e ){}
-            try{ b64os.close(); } catch( Exception e ){}
-            try{ baos.close();  } catch( Exception e ){}
-        }   // end finally
-        
-        // Return value according to relevant encoding.
-        try 
-        {
-            return new String( baos.toByteArray(), PREFERRED_ENCODING );
-        }   // end try
-        catch (java.io.UnsupportedEncodingException uue)
-        {
-            return new String( baos.toByteArray() );
-        }   // end catch
-        
-    }   // end encode
-    
-    
 
     /**
      * Encodes a byte array into Base64 notation.
@@ -650,7 +535,7 @@ public static String encodeBytes( byte[] source )
     {
         return encodeBytes( source, 0, source.length, NO_OPTIONS );
     }   // end encodeBytes
-    
+
 
 
     /**
@@ -675,11 +560,10 @@ public static String encodeBytes( byte[] source )
      * @since 2.0
      */
     public static String encodeBytes( byte[] source, int options )
-    {   
+    {
         return encodeBytes( source, 0, source.length, options );
     }   // end encodeBytes
-    
-    
+
     /**
      * Encodes a byte array into Base64 notation.
      * Does not GZip-compress data.
@@ -694,8 +578,6 @@ public static String encodeBytes( byte[] source, int off, int len )
     {
         return encodeBytes( source, off, len, NO_OPTIONS );
     }   // end encodeBytes
-    
-    
 
     /**
      * Encodes a byte array into Base64 notation.
@@ -725,22 +607,21 @@ public static String encodeBytes( byte[] source, int off, int len, int options )
         // Isolate options
         int dontBreakLines = ( options & DONT_BREAK_LINES );
         int gzip           = ( options & GZIP   );
-        
+
         // Compress?
         if( gzip == GZIP )
         {
             java.io.ByteArrayOutputStream  baos  = null;
             java.util.zip.GZIPOutputStream gzos  = null;
             Base64.OutputStream            b64os = null;
-            
-    
+
             try
             {
                 // GZip -> Base64 -> ByteArray
                 baos = new java.io.ByteArrayOutputStream();
                 b64os = new Base64.OutputStream( baos, ENCODE | options );
-                gzos  = new java.util.zip.GZIPOutputStream( b64os ); 
-            
+                gzos  = new java.util.zip.GZIPOutputStream( b64os );
+
                 gzos.write( source, off, len );
                 gzos.close();
             }   // end try
@@ -766,17 +647,17 @@ public static String encodeBytes( byte[] source, int off, int len, int options )
                 return new String( baos.toByteArray() );
             }   // end catch
         }   // end if: compress
-        
+
         // Else, don't compress. Better not to use streams at all then.
         else
         {
             // Convert option to boolean in way that code likes it.
             boolean breakLines = dontBreakLines == 0;
-            
+
             int    len43   = len * 4 / 3;
             byte[] outBuff = new byte[   ( len43 )                      // Main 4:3
                                        + ( (len % 3) > 0 ? 4 : 0 )      // Account for padding
-                                       + (breakLines ? ( len43 / MAX_LINE_LENGTH ) : 0) ]; // New lines      
+                                       + (breakLines ? ( len43 / MAX_LINE_LENGTH ) : 0) ]; // New lines
             int d = 0;
             int e = 0;
             int len2 = len - 2;
@@ -787,7 +668,7 @@ public static String encodeBytes( byte[] source, int off, int len, int options )
 
                 lineLength += 4;
                 if( breakLines && lineLength == MAX_LINE_LENGTH )
-                {   
+                {
                     outBuff[e+4] = NEW_LINE;
                     e++;
                     lineLength = 0;
@@ -800,7 +681,7 @@ public static String encodeBytes( byte[] source, int off, int len, int options )
                 e += 4;
             }   // end if: some padding needed
 
-            
+
             // Return value according to relevant encoding.
             try
             {
@@ -810,47 +691,42 @@ public static String encodeBytes( byte[] source, int off, int len, int options )
             {
                 return new String( outBuff, 0, e );
             }   // end catch
-            
+
         }   // end else: don't compress
-        
+
     }   // end encodeBytes
-    
 
-    
-    
-    
 /* ********  D E C O D I N G   M E T H O D S  ******** */
-    
-    
+
     /**
      * Decodes four bytes from array <var>source</var>
      * and writes the resulting bytes (up to three of them)
      * to <var>destination</var>.
      * The source and destination arrays can be manipulated
-     * anywhere along their length by specifying 
+     * anywhere along their length by specifying
      * <var>srcOffset</var> and <var>destOffset</var>.
      * This method does not check to make sure your arrays
      * are large enough to accomodate <var>srcOffset</var> + 4 for
      * the <var>source</var> array or <var>destOffset</var> + 3 for
      * the <var>destination</var> array.
-     * This method returns the actual number of bytes that 
+     * This method returns the actual number of bytes that
      * were converted from the Base64 encoding.
-	 * <p>This is the lowest level of the decoding methods with
-	 * all possible parameters.</p>
-     * 
+     * <p>This is the lowest level of the decoding methods with
+     * all possible parameters.</p>
+     *
      *
      * @param source the array to convert
      * @param srcOffset the index where conversion begins
      * @param destination the array to hold the conversion
      * @param destOffset the index where output will be put
-	 * @param options alphabet type is pulled from this (standard, url-safe, ordered)
+     * @param options alphabet type is pulled from this (standard, url-safe, ordered)
      * @return the number of decoded bytes converted
      * @since 1.3
      */
     private static int decode4to3( byte[] source, int srcOffset, byte[] destination, int destOffset, int options )
     {
-		byte[] DECODABET = getDecodabet( options ); 
-	
+        byte[] DECODABET = getDecodabet( options );
+
         // Example: Dk==
         if( source[ srcOffset + 2] == EQUALS_SIGN )
         {
@@ -859,11 +735,11 @@ private static int decode4to3( byte[] source, int srcOffset, byte[] destination,
             //              | ( ( DECODABET[ source[ srcOffset + 1] ] << 24 ) >>> 12 );
             int outBuff =   ( ( DECODABET[ source[ srcOffset    ] ] & 0xFF ) << 18 )
                           | ( ( DECODABET[ source[ srcOffset + 1] ] & 0xFF ) << 12 );
-            
+
             destination[ destOffset ] = (byte)( outBuff >>> 16 );
             return 1;
         }
-        
+
         // Example: DkL=
         else if( source[ srcOffset + 3 ] == EQUALS_SIGN )
         {
@@ -874,12 +750,12 @@ else if( source[ srcOffset + 3 ] == EQUALS_SIGN )
             int outBuff =   ( ( DECODABET[ source[ srcOffset     ] ] & 0xFF ) << 18 )
                           | ( ( DECODABET[ source[ srcOffset + 1 ] ] & 0xFF ) << 12 )
                           | ( ( DECODABET[ source[ srcOffset + 2 ] ] & 0xFF ) <<  6 );
-            
+
             destination[ destOffset     ] = (byte)( outBuff >>> 16 );
             destination[ destOffset + 1 ] = (byte)( outBuff >>>  8 );
             return 2;
         }
-        
+
         // Example: DkLE
         else
         {
@@ -894,44 +770,41 @@ else if( source[ srcOffset + 3 ] == EQUALS_SIGN )
                           | ( ( DECODABET[ source[ srcOffset + 2 ] ] & 0xFF ) <<  6)
                           | ( ( DECODABET[ source[ srcOffset + 3 ] ] & 0xFF )      );
 
-            
+
             destination[ destOffset     ] = (byte)( outBuff >> 16 );
             destination[ destOffset + 1 ] = (byte)( outBuff >>  8 );
             destination[ destOffset + 2 ] = (byte)( outBuff       );
 
             return 3;
             }catch( Exception e){
-            	
+
         // Remove these after checking -- for context only.
                 // logger.error( Logger.SECURITY_FAILURE, "Problem writing object", e );
                 // logger.error( Logger.SECURITY_FAILURE, ""+source[srcOffset]+ ": " + ( DECODABET[ source[ srcOffset     ] ]  ) );
                 // logger.error( Logger.SECURITY_FAILURE, ""+source[srcOffset+1]+  ": " + ( DECODABET[ source[ srcOffset + 1 ] ]  ) );
                 // logger.error( Logger.SECURITY_FAILURE, ""+source[srcOffset+2]+  ": " + ( DECODABET[ source[ srcOffset + 2 ] ]  ) );
                 // logger.error( Logger.SECURITY_FAILURE, ""+source[srcOffset+3]+  ": " + ( DECODABET[ source[ srcOffset + 3 ] ]  ) );
-            	
-            	// CHECKME: I replaced the 5 separate logger.error() calls above with a single logger.error() call so they can't
-            	// become interleaved with other log entries from other threads. Normally this would have placed log entries
-            	// on separate lines, so I also added line terminators here as well. (Probably don't want it all on one single
-            	// really long log entry, do we?) Anyhow, somebody should check the formatting to ensure that it's
-            	// esthetically pleasing, etc. But this works for me. I'm also OK if you want to remove all the line terminators
-            	// in which case the declaration for EOL should be removed as well.		- Kevin Wall
-                
+
+            // CHECKME: I replaced the 5 separate logger.error() calls above with a single logger.error() call so they can't
+            // become interleaved with other log entries from other threads. Normally this would have placed log entries
+            // on separate lines, so I also added line terminators here as well. (Probably don't want it all on one single
+            // really long log entry, do we?) Anyhow, somebody should check the formatting to ensure that it's
+            // esthetically pleasing, etc. But this works for me. I'm also OK if you want to remove all the line terminators
+            // in which case the declaration for EOL should be removed as well.     - Kevin Wall
+
                 StringBuilder sb = new StringBuilder("Problem writing object:");
                 sb.append(EOL);
                 sb.append( source[srcOffset]   ).append(": ").append( ( DECODABET[ source[ srcOffset     ] ]  ) ).append(EOL);
                 sb.append( source[srcOffset+1] ).append(": ").append( ( DECODABET[ source[ srcOffset + 1 ] ]  ) ).append(EOL);
                 sb.append( source[srcOffset+2] ).append(": ").append( ( DECODABET[ source[ srcOffset + 2 ] ]  ) ).append(EOL);
                 sb.append( source[srcOffset+3] ).append(": ").append( ( DECODABET[ source[ srcOffset + 3 ] ]  ) ).append(EOL);
-                
+
                 logger.error( Logger.SECURITY_FAILURE, sb.toString(), e );
                 return -1;
             }   // end catch
         }
     }   // end decodeToBytes
-    
-    
-    
-    
+
     /**
      * Very low-level access to decoding ASCII characters in
      * the form of a byte array. Does not support automatically
@@ -946,12 +819,12 @@ else if( source[ srcOffset + 3 ] == EQUALS_SIGN )
      */
     public static byte[] decode( byte[] source, int off, int len, int options )
     {
-		byte[] DECODABET = getDecodabet( options );
-	
+        byte[] DECODABET = getDecodabet( options );
+
         int    len34   = len * 3 / 4;
         byte[] outBuff = new byte[ len34 ]; // Upper limit on size of output
         int    outBuffPosn = 0;
-        
+
         byte[] b4        = new byte[4];
         int    b4Posn    = 0;
         int    i         = 0;
@@ -961,7 +834,7 @@ public static byte[] decode( byte[] source, int off, int len, int options )
         {
             sbiCrop = (byte)(source[i] & 0x7f); // Only the low seven bits
             sbiDecode = DECODABET[ sbiCrop ];
-            
+
             if( sbiDecode >= WHITE_SPACE_ENC ) // White space, Equals sign or better
             {
                 if( sbiDecode >= EQUALS_SIGN_ENC )
@@ -971,30 +844,27 @@ public static byte[] decode( byte[] source, int off, int len, int options )
                     {
                         outBuffPosn += decode4to3( b4, 0, outBuff, outBuffPosn, options );
                         b4Posn = 0;
-                        
+
                         // If that was the equals sign, break out of 'for' loop
                         if( sbiCrop == EQUALS_SIGN )
                             break;
                     }   // end if: quartet built
-                    
+
                 }   // end if: equals sign or better
-                
+
             }   // end if: white space, equals sign or better
             else
             {
-            	logger.error( Logger.SECURITY_FAILURE, "Bad Base64 input character at " + i + ": " + source[i] + "(decimal)" );
+                logger.error( Logger.SECURITY_FAILURE, "Bad Base64 input character at " + i + ": " + source[i] + "(decimal)" );
                 return null;
-            }   // end else: 
+            }   // end else:
         }   // each input character
-                                   
+
         byte[] out = new byte[ outBuffPosn ];
-        System.arraycopy( outBuff, 0, out, 0, outBuffPosn ); 
+        System.arraycopy( outBuff, 0, out, 0, outBuffPosn );
         return out;
     }   // end decode
-    
-    
-	
-	
+
     /**
      * Decodes data from Base64 notation, automatically
      * detecting gzip-compressed data and decompressing it.
@@ -1004,22 +874,21 @@ public static byte[] decode( byte[] source, int off, int len, int options )
      * @since 1.4
      */
     public static byte[] decode( String s )
-	{
-		return decode( s, NO_OPTIONS );
-	}
-    
-    
+    {
+        return decode( s, NO_OPTIONS );
+    }
+
     /**
      * Decodes data from Base64 notation, automatically
      * detecting gzip-compressed data and decompressing it.
      *
      * @param s the string to decode
-	 * @param options encode options such as URL_SAFE
+     * @param options encode options such as URL_SAFE
      * @return the decoded data
      * @since 1.4
      */
     public static byte[] decode( String s, int options )
-    {   
+    {
         byte[] bytes;
         try
         {
@@ -1027,25 +896,24 @@ public static byte[] decode( String s, int options )
         }
         catch( java.io.UnsupportedEncodingException uee )
         {
-            bytes = s.getBytes();	// Uses native encoding
+            bytes = s.getBytes();   // Uses native encoding
             // CHECKME: Is this correct? I think it should be a warning instead of an error since nothing
             // is re-thrown. I do think that *some* sort of logging is in order here  especially since UTF-8 should
             // always be available on all platforms. If it's not, then all bets are off on your runtime env. - Kevin Wall
             logger.warning( Logger.SECURITY_FAILURE, "Problem decoding string using " +
-            			  PREFERRED_ENCODING + "; substituting native platform encoding instead", uee );
+                            PREFERRED_ENCODING + "; substituting native platform encoding instead", uee );
         }
-        
+
         // Decode
         bytes = decode( bytes, 0, bytes.length, options );
-        
-        
+
         // Check to see if it's gzip-compressed
         // GZIP Magic Two-Byte Number: 0x8b1f (35615)
         if( bytes != null && bytes.length >= 4 )
         {
-            
-            int head = ((int)bytes[0] & 0xff) | ((bytes[1] << 8) & 0xff00);       
-            if( java.util.zip.GZIPInputStream.GZIP_MAGIC == head ) 
+
+            int head = ((int)bytes[0] & 0xff) | ((bytes[1] << 8) & 0xff00);
+            if ( java.util.zip.GZIPInputStream.GZIP_MAGIC == head )
             {
                 java.io.ByteArrayInputStream  bais = null;
                 java.util.zip.GZIPInputStream gzis = null;
@@ -1081,95 +949,10 @@ public static byte[] decode( String s, int options )
 
             }   // end if: gzipped
         }   // end if: bytes.length >= 2
-        
+
         return bytes;
     }   // end decode
 
-
-    
-
-    /**
-     * Attempts to decode Base64 data and deserialize a Java
-     * Object within. Returns <tt>null</tt> if there was an error.
-     *
-     * <p>
-     * <b>WARNING:</b> Using this method to decode non-validated /
-     *      untrusted data from a string and deserialize it into
-     *      an object can potentially result in remote command
-     *      injection vulnerabilities. Use at your own risk!
-     * </p><p><b>IMPORTANT BACKWARD COMPATIBILITY NOTICE</b></br>
-     * Because this static method can easily be used as an attack vector
-     * for those passing in deserialized objects, in a manner similar to the
-     * <a href="https://issues.apache.org/jira/browse/COLLECTIONS-580">Apache Commons Collections InvokerTransformer</a>
-     * issue, we are requiring that the system property
-     * {@code org.owasp.esapi.enableUnsafeSerialization}
-     * be set to "true" in order for this method to be successfully invoked.
-     * We apologize for the inconvenience this may cause in breaking anyone's
-     * application, but we feel that it is for the greater good.
-     * </p>
-     *
-     * @param encodedObject The Base64 data to decode
-     * @return The decoded and deserialized object
-     * @since 1.5
-     *
-     * @deprecated  Because of security issues, this method will be
-     *      removed from ESAPI in a future release and no substitute
-     *      is planned. Because as of JDK 8 (in 1Q2016) there is
-     *      currently no way to restrict which objects
-     *      <code>ObjectInputStream.readObject()</code>
-     *      may safely deserialize in the general case. Oracle
-     *      may decide to address this deficiency in a future Java
-     *      release, but until they do, there is no <i>simple</i> way for
-     *      a general class library like ESAPI to address this.
-     */
-    @Deprecated
-    public static Object decodeToObject( String encodedObject )
-    {
-        // We will do better when we attempt this again, allowing for a second argument
-        // to specify some sort of a collection of white-listed classes. Until then...
-        // See: http://www.ibm.com/developerworks/library/se-lookahead/ for how-to.
-        if ( ! "true".equalsIgnoreCase( System.getProperty( ENABLE_UNSAFE_SERIALIZATION ) ) ) {
-            throw new UnsupportedOperationException(
-                "Deserialization by Base64.decodeToObject(String) is disabled for security reasons. " +
-                "To re-enable it, set the system property '" + ENABLE_UNSAFE_SERIALIZATION + "' to 'true'." +
-                "For details, see: https://github.com/ESAPI/esapi-java-legacy/issues/354");
-        }
-
-        // Decode and gunzip if necessary
-        byte[] objBytes = decode( encodedObject );
-        
-        java.io.ByteArrayInputStream  bais = null;
-        java.io.ObjectInputStream     ois  = null;
-        Object obj = null;
-        
-        try
-        {
-            bais = new java.io.ByteArrayInputStream( objBytes );
-            ois  = new java.io.ObjectInputStream( bais );
-        
-            obj = ois.readObject();
-        }   // end try
-        catch( java.io.IOException e )
-        {
-            logger.error( Logger.SECURITY_FAILURE, "Problem reading object", e );
-            obj = null;
-        }   // end catch
-        catch( java.lang.ClassNotFoundException e )
-        {
-            logger.error( Logger.SECURITY_FAILURE, "Problem reading object", e );
-            obj = null;
-        }   // end catch
-        finally
-        {
-            try{ bais.close(); } catch( Exception e ){}
-            try{ ois.close();  } catch( Exception e ){}
-        }   // end finally
-        
-        return obj;
-    }   // end decodeObject
-    
-    
-    
     /**
      * Convenience method for encoding data to a file.
      *
@@ -1185,25 +968,24 @@ public static boolean encodeToFile( byte[] dataToEncode, String filename )
         Base64.OutputStream bos = null;
         try
         {
-            bos = new Base64.OutputStream( 
+            bos = new Base64.OutputStream(
                       new java.io.FileOutputStream( filename ), Base64.ENCODE );
             bos.write( dataToEncode );
             success = true;
         }   // end try
         catch( java.io.IOException e )
         {
-            
+
             success = false;
         }   // end catch: IOException
         finally
         {
             try{ bos.close(); } catch( Exception e ){}
         }   // end finally
-        
+
         return success;
     }   // end encodeToFile
-    
-    
+
     /**
      * Convenience method for decoding data to a file.
      *
@@ -1219,7 +1001,7 @@ public static boolean decodeToFile( String dataToDecode, String filename )
         Base64.OutputStream bos = null;
         try
         {
-                bos = new Base64.OutputStream( 
+                bos = new Base64.OutputStream(
                           new java.io.FileOutputStream( filename ), Base64.DECODE );
                 bos.write( dataToDecode.getBytes( PREFERRED_ENCODING ) );
                 success = true;
@@ -1232,13 +1014,10 @@ public static boolean decodeToFile( String dataToDecode, String filename )
         {
                 try{ bos.close(); } catch( Exception e ){}
         }   // end finally
-        
+
         return success;
     }   // end decodeToFile
-    
-    
-    
-    
+
     /**
      * Convenience method for reading a base64-encoded
      * file and decoding it.
@@ -1259,7 +1038,7 @@ public static byte[] decodeFromFile( String filename )
             byte[] buffer = null;
             int length   = 0;
             int numBytes = 0;
-            
+
             // Check for size of file
             if( file.length() > Integer.MAX_VALUE )
             {
@@ -1267,20 +1046,20 @@ public static byte[] decodeFromFile( String filename )
                 return null;
             }   // end if: file too big for int index
             buffer = new byte[ (int)file.length() ];
-            
+
             // Open a stream
-            bis = new Base64.InputStream( 
-                      new java.io.BufferedInputStream( 
+            bis = new Base64.InputStream(
+                      new java.io.BufferedInputStream(
                       new java.io.FileInputStream( file ) ), Base64.DECODE );
-            
+
             // Read until done
             while( ( numBytes = bis.read( buffer, length, 4096 ) ) >= 0 )
                 length += numBytes;
-            
+
             // Save in a variable to return
             decodedData = new byte[ length ];
             System.arraycopy( buffer, 0, decodedData, 0, length );
-            
+
         }   // end try
         catch( java.io.IOException e )
         {
@@ -1290,12 +1069,10 @@ public static byte[] decodeFromFile( String filename )
         {
             try{ if (bis != null ) bis.close(); } catch( Exception e) {}
         }   // end finally
-        
+
         return decodedData;
     }   // end decodeFromFile
-    
-    
-    
+
     /**
      * Convenience method for reading a binary file
      * and base64-encoding it.
@@ -1316,19 +1093,19 @@ public static String encodeFromFile( String filename )
             byte[] buffer = new byte[ Math.max((int)(file.length() * 1.4),40) ]; // Need max() for math on small files (v2.2.1)
             int length   = 0;
             int numBytes = 0;
-            
+
             // Open a stream
-            bis = new Base64.InputStream( 
-                      new java.io.BufferedInputStream( 
+            bis = new Base64.InputStream(
+                      new java.io.BufferedInputStream(
                       new java.io.FileInputStream( file ) ), Base64.ENCODE );
-            
+
             // Read until done
             while( ( numBytes = bis.read( buffer, length, 4096 ) ) >= 0 )
                 length += numBytes;
-            
+
             // Save in a variable to return
             encodedData = new String( buffer, 0, length, Base64.PREFERRED_ENCODING );
-                
+
         }   // end try
         catch( java.io.IOException e )
         {
@@ -1338,13 +1115,10 @@ public static String encodeFromFile( String filename )
         {
             try{ bis.close(); } catch( Exception e) {}
         }   // end finally
-        
+
         return encodedData;
         }   // end encodeFromFile
-    
-    
-    
-    
+
     /**
      * Reads <tt>infile</tt> and encodes it to <tt>outfile</tt>.
      *
@@ -1359,9 +1133,9 @@ public static boolean encodeFileToFile( String infile, String outfile )
         java.io.InputStream in = null;
         java.io.OutputStream out = null;
         try{
-            in  = new Base64.InputStream( 
-                      new java.io.BufferedInputStream( 
-                      new java.io.FileInputStream( infile ) ), 
+            in  = new Base64.InputStream(
+                      new java.io.BufferedInputStream(
+                        new java.io.FileInputStream( infile ) ),
                       Base64.ENCODE );
             out = new java.io.BufferedOutputStream( new java.io.FileOutputStream( outfile ) );
             byte[] buffer = new byte[65536]; // 64K
@@ -1376,12 +1150,10 @@ public static boolean encodeFileToFile( String infile, String outfile )
             try{ in.close();  } catch( Exception exc ){}
             try{ out.close(); } catch( Exception exc ){}
         }   // end finally
-        
+
         return success;
     }   // end encodeFileToFile
-    
-    
-    
+
     /**
      * Reads <tt>infile</tt> and decodes it to <tt>outfile</tt>.
      *
@@ -1396,9 +1168,9 @@ public static boolean decodeFileToFile( String infile, String outfile )
         java.io.InputStream in = null;
         java.io.OutputStream out = null;
         try{
-            in  = new Base64.InputStream( 
-                      new java.io.BufferedInputStream( 
-                      new java.io.FileInputStream( infile ) ), 
+            in  = new Base64.InputStream(
+                      new java.io.BufferedInputStream(
+                      new java.io.FileInputStream( infile ) ),
                       Base64.DECODE );
             out = new java.io.BufferedOutputStream( new java.io.FileOutputStream( outfile ) );
             byte[] buffer = new byte[65536]; // 64K
@@ -1413,15 +1185,12 @@ public static boolean decodeFileToFile( String infile, String outfile )
             try{ in.close();  } catch( Exception exc ){}
             try{ out.close(); } catch( Exception exc ){}
         }   // end finally
-        
+
         return success;
     }   // end decodeFileToFile
-    
-    
+
     /* ********  I N N E R   C L A S S   I N P U T S T R E A M  ******** */
-    
-    
-    
+
     /**
      * A {@link Base64.InputStream} will read data from another
      * <tt>java.io.InputStream</tt>, given in the constructor,
@@ -1439,10 +1208,9 @@ public static class InputStream extends java.io.FilterInputStream
         private int     numSigBytes;    // Number of meaningful bytes in the buffer
         private int     lineLength;
         private boolean breakLines;     // Break lines at less than 80 characters
-		private int     options;        // Record options used to create the stream.
-		private byte[]  decodabet;		// Local copies to avoid extra method calls
-        
-        
+        private int     options;        // Record options used to create the stream.
+        private byte[]  decodabet;      // Local copies to avoid extra method calls
+
         /**
          * Constructs a {@link Base64.InputStream} in DECODE mode.
          *
@@ -1450,11 +1218,10 @@ public static class InputStream extends java.io.FilterInputStream
          * @since 1.3
          */
         public InputStream( java.io.InputStream in )
-        {   
+        {
             this( in, DECODE );
         }   // end constructor
-        
-        
+
         /**
          * Constructs a {@link Base64.InputStream} in
          * either ENCODE or DECODE mode.
@@ -1477,7 +1244,7 @@ public InputStream( java.io.InputStream in )
          * @since 2.0
          */
         public InputStream( java.io.InputStream in, int options )
-        {   
+        {
             super( in );
             this.breakLines   = (options & DONT_BREAK_LINES) != DONT_BREAK_LINES;
             this.encode       = (options & ENCODE) == ENCODE;
@@ -1485,10 +1252,10 @@ public InputStream( java.io.InputStream in, int options )
             this.buffer       = new byte[ bufferLength ];
             this.position     = -1;
             this.lineLength   = 0;
-			this.options      = options; // Record for later, mostly to determine which alphabet to use
-			this.decodabet    = getDecodabet(options);
+            this.options      = options; // Record for later, mostly to determine which alphabet to use
+            this.decodabet    = getDecodabet(options);
         }   // end constructor
-        
+
         /**
          * Reads enough of the input stream to convert
          * to/from Base64 and returns the next byte.
@@ -1497,8 +1264,8 @@ public InputStream( java.io.InputStream in, int options )
          * @throws java.io.IOException
          * @since 1.3
          */
-        public int read() throws java.io.IOException 
-        { 
+        public int read() throws java.io.IOException
+        {
             // Do we need to get data?
             if( position < 0 )
             {
@@ -1509,26 +1276,26 @@ public int read() throws java.io.IOException
                     for( int i = 0; i < 3; i++ )
                     {
                         try
-                        { 
+                        {
                             int b = in.read();
-                            
+
                             // If end of stream, b is -1.
                             if( b >= 0 )
                             {
                                 b3[i] = (byte)b;
                                 numBinaryBytes++;
                             }   // end if: not end of stream
-                            
+
                         }   // end try: read
                         catch( java.io.IOException e )
-                        {   
+                        {
                             // Only a problem if we got no data at all.
                             if( i == 0 )
                                 throw e;
-                            
+
                         }   // end catch
                     }   // end for: each needed input byte
-                    
+
                     if( numBinaryBytes > 0 )
                     {
                         encode3to4( b3, 0, numBinaryBytes, buffer, 0, options );
@@ -1540,7 +1307,7 @@ public int read() throws java.io.IOException
                         return -1;
                     }   // end else
                 }   // end if: encoding
-                
+
                 // Else decoding
                 else
                 {
@@ -1552,13 +1319,13 @@ public int read() throws java.io.IOException
                         int b = 0;
                         do{ b = in.read(); }
                         while( b >= 0 && decodabet[ b & 0x7f ] <= WHITE_SPACE_ENC );
-                        
+
                         if( b < 0 )
                             break; // Reads a -1 if end of stream
-                        
+
                         b4[i] = (byte)b;
                     }   // end for: each needed input byte
-                    
+
                     if( i == 4 )
                     {
                         numSigBytes = decode4to3( b4, 0, buffer, 0, options );
@@ -1571,18 +1338,18 @@ else if( i == 0 ){
                     {
                         // Must have broken out from above.
                         throw new java.io.IOException( "Improperly padded Base64 input." );
-                    }   // end 
-                    
+                    }   // end
+
                 }   // end else: decode
             }   // end else: get data
-            
+
             // Got data?
             if( position >= 0 )
             {
                 // End of relevant data?
                 if( /*!encode &&*/ position >= numSigBytes )
                     return -1;
-                
+
                 if( encode && breakLines && lineLength >= MAX_LINE_LENGTH )
                 {
                     lineLength = 0;
@@ -1593,7 +1360,7 @@ else if( i == 0 ){
                     lineLength++;   // This isn't important when decoding
                                     // but throwing an extra "if" seems
                                     // just as wasteful.
-                    
+
                     int b = buffer[ position++ ];
 
                     if( position >= bufferLength )
@@ -1603,16 +1370,15 @@ else if( i == 0 ){
                                      // intended to be unsigned.
                 }   // end else
             }   // end if: position >= 0
-            
+
             // Else error
             else
-            {   
+            {
                 // When JDK1.4 is more accepted, use an assertion here.
                 throw new java.io.IOException( "Error in Base64 code reading stream." );
             }   // end else
         }   // end read
-        
-        
+
         /**
          * Calls {@link #read()} repeatedly until the end of stream
          * is reached or <var>len</var> bytes are read.
@@ -1633,10 +1399,10 @@ public int read( byte[] dest, int off, int len ) throws java.io.IOException
             for( i = 0; i < len; i++ )
             {
                 b = read();
-                
+
                 //if( b < 0 && i == 0 )
                 //    return -1;
-                
+
                 if( b >= 0 )
                     dest[off + i] = (byte)b;
                 else if( i == 0 )
@@ -1646,18 +1412,12 @@ else if( i == 0 )
             }   // end for: each byte read
             return i;
         }   // end read
-        
+
     }   // end inner class InputStream
-    
-    
-    
-    
-    
-    
+
+
     /* ********  I N N E R   C L A S S   O U T P U T S T R E A M  ******** */
-    
-    
-    
+
     /**
      * A {@link Base64.OutputStream} will write data to another
      * <tt>java.io.OutputStream</tt>, given in the constructor,
@@ -1676,9 +1436,9 @@ public static class OutputStream extends java.io.FilterOutputStream
         private boolean breakLines;
         private byte[]  b4; // Scratch used in a few places
         private boolean suspendEncoding;
-		private int options; // Record for later
-		private byte[]  decodabet;		// Local copies to avoid extra method calls
-        
+        private int options; // Record for later
+        private byte[]  decodabet;      // Local copies to avoid extra method calls
+
         /**
          * Constructs a {@link Base64.OutputStream} in ENCODE mode.
          *
@@ -1686,11 +1446,10 @@ public static class OutputStream extends java.io.FilterOutputStream
          * @since 1.3
          */
         public OutputStream( java.io.OutputStream out )
-        {   
+        {
             this( out, ENCODE );
         }   // end constructor
-        
-        
+
         /**
          * Constructs a {@link Base64.OutputStream} in
          * either ENCODE or DECODE mode.
@@ -1712,7 +1471,7 @@ public OutputStream( java.io.OutputStream out )
          * @since 1.3
          */
         public OutputStream( java.io.OutputStream out, int options )
-        {   
+        {
             super( out );
             this.breakLines   = (options & DONT_BREAK_LINES) != DONT_BREAK_LINES;
             this.encode       = (options & ENCODE) == ENCODE;
@@ -1722,11 +1481,10 @@ public OutputStream( java.io.OutputStream out, int options )
             this.lineLength   = 0;
             this.suspendEncoding = false;
             this.b4           = new byte[4];
-			this.options      = options;
-			this.decodabet    = getDecodabet(options);
+            this.options      = options;
+            this.decodabet    = getDecodabet(options);
         }   // end constructor
-        
-        
+
         /**
          * Writes the byte to the output stream after
          * converting to/from Base64 notation.
@@ -1748,7 +1506,7 @@ public void write(int theByte) throws java.io.IOException
                 super.out.write( theByte );
                 return;
             }   // end if: supsended
-            
+
             // Encode?
             if( encode )
             {
@@ -1789,11 +1547,9 @@ else if( decodabet[ theByte & 0x7f ] != WHITE_SPACE_ENC )
                 }   // end else: not white space either
             }   // end else: decoding
         }   // end write
-        
-        
-        
+
         /**
-         * Calls {@link #write(int)} repeatedly until <var>len</var> 
+         * Calls {@link #write(int)} repeatedly until <var>len</var>
          * bytes are written.
          *
          * @param theBytes array from which to read bytes
@@ -1810,22 +1566,20 @@ public void write( byte[] theBytes, int off, int len ) throws java.io.IOExceptio
                 super.out.write( theBytes, off, len );
                 return;
             }   // end if: supsended
-            
+
             for( int i = 0; i < len; i++ )
             {
                 write( theBytes[ off + i ] );
             }   // end for: each byte written
-            
+
         }   // end write
-        
-        
-        
+
         /**
          * Method added by PHIL. [Thanks, PHIL. -Rob]
          * This pads the buffer without closing the stream.
          * @throws java.io.IOException
          */
-        public void flushBase64() throws java.io.IOException 
+        public void flushBase64() throws java.io.IOException
         {
             if( position > 0 )
             {
@@ -1842,9 +1596,8 @@ public void flushBase64() throws java.io.IOException
 
         }   // end flush
 
-        
-        /** 
-         * Flushes and closes (I think, in the superclass) the stream. 
+        /**
+         * Flushes and closes (I think, in the superclass) the stream.
          *
          * @throws java.io.IOException
          * @since 1.3
@@ -1857,13 +1610,11 @@ public void close() throws java.io.IOException
             // 2. Actually close the stream
             // Base class both flushes and closes.
             super.close();
-            
+
             buffer = null;
             out    = null;
         }   // end close
-        
-        
-        
+
         /**
          * Suspends encoding of the stream.
          * May be helpful if you need to embed a piece of
@@ -1872,13 +1623,12 @@ public void close() throws java.io.IOException
          * @throws java.io.IOException
          * @since 1.5.1
          */
-        public void suspendEncoding() throws java.io.IOException 
+        public void suspendEncoding() throws java.io.IOException
         {
             flushBase64();
             this.suspendEncoding = true;
         }   // end suspendEncoding
-        
-        
+
         /**
          * Resumes encoding of the stream.
          * May be helpful if you need to embed a piece of
@@ -1890,10 +1640,7 @@ public void resumeEncoding()
         {
             this.suspendEncoding = false;
         }   // end resumeEncoding
-        
-        
-        
+
     }   // end inner class OutputStream
-    
-    
+
 }   // end class Base64
diff --git a/src/test/java/org/owasp/esapi/reference/EncoderTest.java b/src/test/java/org/owasp/esapi/reference/EncoderTest.java
index 631dd96b2..255519752 100644
--- a/src/test/java/org/owasp/esapi/reference/EncoderTest.java
+++ b/src/test/java/org/owasp/esapi/reference/EncoderTest.java
@@ -661,60 +661,6 @@ public void testDecodeFromBase64() {
         }
     }
     
-    /**
-	 * Test of Base64.decodeToObject() method. Should really be put into a
-     * separate Base64Test.java class, but this method has been deprecated
-     * so hopefully, we can kill it off soon.
-	 */
-    public void testBase64decodToObject() {
-        try {
-            System.out.println("testBase64decodeToObject");
-
-            ByteArrayOutputStream baos = new ByteArrayOutputStream();
-            ObjectOutputStream dout = new ObjectOutputStream(baos);
-
-            // If you don't get the joke, google John Draper. (And, BTW, you should
-            // be ashamed of yourself if you call yourself a hacker!)
-            String cerealizeThis = new String("Cap'n Crunch - every hacker's favorite cereal");
-            dout.writeObject( cerealizeThis );
-            byte[] serializedData = baos.toByteArray();
-            dout.close();
-
-            String b64serialized = Base64.encodeBytes( serializedData );
-            final String propName = Base64.ENABLE_UNSAFE_SERIALIZATION;
-
-            // Make sure the property is not set.
-            try { System.clearProperty( propName ); } catch(Throwable t) { ; }
-            String capnCrunch = null;
-
-            try {
-                capnCrunch = (String)Base64.decodeToObject( b64serialized );
-                fail("Case 1: Did not throw UnsupportedOperationException");
-            } catch(UnsupportedOperationException uoex) {
-                ; // Expected case
-            }
-
-            try {
-                System.setProperty( propName, "false" );
-                capnCrunch = (String)Base64.decodeToObject( b64serialized );
-                fail("Case 2: Did not throw UnsupportedOperationException");
-            } catch(UnsupportedOperationException uoex) {
-                ; // Expected case
-            }
-
-            try {
-                // This case should work.
-                System.setProperty( propName, "true" );
-                capnCrunch = (String)Base64.decodeToObject( b64serialized );
-                assertTrue( capnCrunch.equals( cerealizeThis ) );
-            } catch(Throwable t) {
-                fail("Case 3: Caught unexpected exception: " + t);
-            }
-        } catch(Throwable t) {
-            fail("Caught unexpected exception: " + t);
-        }
-    }
-
     /**
 	 * Test of WindowsCodec
 	 */

From 32dd026374de4db9527ff0b50778c74078a7cd87 Mon Sep 17 00:00:00 2001
From: "Kevin W. Wall" <kevin.w.wall@gmail.com>
Date: Mon, 8 Oct 2018 20:37:36 -0400
Subject: [PATCH 516/812] Update README.md

Add short paragraph of how this  GitHub issues is not appropriate forum for asking questions about ESAPI.
---
 README.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/README.md b/README.md
index c36670d59..09f0df50d 100644
--- a/README.md
+++ b/README.md
@@ -42,6 +42,8 @@ When reporting an issue, please be clear and try to ensure that the ESAPI develo
 ### Find an Issue?
 If you have found a bug, then create an issue on the esapi-legacy-java repo: https://github.com/ESAPI/esapi-java-legacy/issues
 
+NOTE: Please do NOT use GitHub issues to ask questions about ESAPI. If you wish to do this, post to either of the 2 mailing lists found at the bottom of this page. If we find questions as GitHub issues, we simply will close them and direct you to do this anyhow.
+
 ### Find a Vulnerability?
 If you have found a vulnerability in ESAPI legacy, first search the issues list (see above) to see if it has already been reported. If it has not, then please contact both Kevin W. Wall (kevin.w.wall at gmail.com) and Matt Seil (matt.seil at owasp.org) directly. Please do not report vulnerabilities via GitHub issues or via the ESAPI mailing lists as we wish to keep our users secure while a patch is implemented and deployed. If you wish to be acknowledged for finding the vulnerability, then please follow this process. (Eventually, we would like to have BugCrowd handle this, but that's still a ways off.) Also, when you post the email describing the vulnerability, please do so from an email address that you usually monitor.
 

From bbf431afab90b5b7f0012b13bcbc4f96cbeeb927 Mon Sep 17 00:00:00 2001
From: "Kevin W. Wall" <kevin.w.wall@gmail.com>
Date: Mon, 8 Oct 2018 23:59:52 -0400
Subject: [PATCH 517/812] Log special (#451)

* Close issue #448

* Close issue #444. Delete deprecated decodeToObject() method and 2 related encodeObject() methods. General whitespace clean-up. Delete EncoderTest.testBase64decodToObject() method which is no longer relevant.

* Close issue #385.  Close issue #386.
NOTE: Was unwilling to comply with request in these 2 issues to make logSpecial()
'protected'. Could not do so without introducing potential security vulnerabilities.
However, since the intent of the user submitting these 2 GitHub issues was only to override
logSpecial() in order to completely suppress the output from them to stdout or stderr,
I have arranged it so that setting the System property
'org.owasp.esapi.logSpecial.discard' to 'true' will do exactly this...it will
suppress all output from logSpecial. (Also, the calls to System.err.println() and
System.out.println() have been replaced by calls to logSpecial(), which will log
to System.out if not suppressed. So the end result is all or nothing. I suspect
that most will keep the default behavior, which is to print to System.out rather
than suppressing all output.
---
 .../AbstractPrioritizedPropertyLoader.java    | 33 +++++++++-
 .../StandardEsapiPropertyLoader.java          |  4 +-
 .../DefaultSecurityConfiguration.java         | 62 ++++++++++++++++---
 3 files changed, 85 insertions(+), 14 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/configuration/AbstractPrioritizedPropertyLoader.java b/src/main/java/org/owasp/esapi/configuration/AbstractPrioritizedPropertyLoader.java
index 75e6497c7..61c5c7d26 100644
--- a/src/main/java/org/owasp/esapi/configuration/AbstractPrioritizedPropertyLoader.java
+++ b/src/main/java/org/owasp/esapi/configuration/AbstractPrioritizedPropertyLoader.java
@@ -44,13 +44,13 @@ public String name() {
     /**
      * Initializes properties object and fills it with data from configuration file.
      */
-    protected void initProperties() {
+    private void initProperties() {
         properties = new Properties();
         File file = new File(filename);
         if (file.exists() && file.isFile()) {
             loadPropertiesFromFile(file);
         } else {
-            System.err.println("Configuration file " + filename + " does not exist");
+            logSpecial("Configuration file " + filename + " does not exist");
         }
     }
 
@@ -59,4 +59,33 @@ protected void initProperties() {
      * @param file
      */
     protected abstract void loadPropertiesFromFile(File file);
+
+    /**
+     * Used to log errors to the console during the loading of the properties file itself. Can't use
+     * standard logging in this case, since the Logger may not be initialized yet. Output is sent to
+     * {@code PrintStream} {@code System.out}.  Output is discarded if the {@code System} property
+     * "org.owasp.esapi.logSpecial.discard" is set to {@code true}.
+     *
+     * @param msg The message to log to the console.
+     * @param t   Associated exception that was caught.
+     */
+    protected final void logSpecial(String msg, Throwable t) {
+        // Note: It is really distasteful to tie this class to DefaultSecurityConfiguration
+        //       like this, but the alternative is to move the logSpecial() and
+        //       logToStdout() some utilities class and that is even more
+        //       distasteful because it may encourage people to use these. -kwwall
+        org.owasp.esapi.reference.DefaultSecurityConfiguration.logToStdout(msg, t);
+    }
+
+    /**
+     * Used to log errors to the console during the loading of the properties file itself. Can't use
+     * standard logging in this case, since the Logger may not be initialized yet. Output is sent to
+     * {@code PrintStream} {@code System.out}.  Output is discarded if the {@code System} property
+     * "org.owasp.esapi.logSpecial.discard" is set to {@code true}.
+     *
+     * @param msg The message to log to the console.
+     */
+    protected final void logSpecial(String msg) {
+        logSpecial(msg, null);
+    }
 }
diff --git a/src/main/java/org/owasp/esapi/configuration/StandardEsapiPropertyLoader.java b/src/main/java/org/owasp/esapi/configuration/StandardEsapiPropertyLoader.java
index 6a896a2cd..850b16905 100644
--- a/src/main/java/org/owasp/esapi/configuration/StandardEsapiPropertyLoader.java
+++ b/src/main/java/org/owasp/esapi/configuration/StandardEsapiPropertyLoader.java
@@ -90,13 +90,13 @@ protected void loadPropertiesFromFile(File file) {
             input = new FileInputStream(file);
             properties.load(input);
         } catch (IOException ex) {
-            System.err.println("Loading " + file.getName() + " via file I/O failed. Exception was: " + ex);
+            logSpecial("Loading " + file.getName() + " via file I/O failed.", ex);
         } finally {
             if (input != null) {
                 try {
                     input.close();
                 } catch (IOException e) {
-                    System.err.println("Could not close stream");
+                    logSpecial("Could not close stream");
                 }
             }
         }
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
index 403fd4922..504372037 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
@@ -153,6 +153,18 @@ public static SecurityConfiguration getInstance() {
     public static final String VALIDATION_PROPERTIES_MULTIVALUED = "Validator.ConfigurationFile.MultiValued";
     public static final String ACCEPT_LENIENT_DATES = "Validator.AcceptLenientDates";
 
+    /**
+     * Special {@code System} property that, if set to {@code true}, will
+     * disable logging from {@code DefaultSecurityConfiguration.logToStdout()}
+     * methods, which is called from various {@code logSpecial()} methods.
+     * @see org.owasp.esapi.reference.DefaultSecurityConfiguration#logToStdout(String msg, Throwable t)
+     * @see org.owasp.esapi.reference.DefaultSecurityConfiguration#logToStdout(String msg)
+     */
+    public static final String DISCARD_LOGSPECIAL = "org.owasp.esapi.logSpecial.discard";
+
+    // We assume that this does not change in the middle of processing the
+    // ESAPI.properties files and thus only fetch its value once.
+    private static final String logSpecialValue = System.getProperty(DISCARD_LOGSPECIAL, "false");
 
 
     /**
@@ -702,34 +714,64 @@ private Properties loadConfigurationFromClasspath(String fileName) throws Illega
 		return result;
 	}
 
+    /**
+     * Log to standard output (i.e., {@code System.out}. This method is
+     * synchronized to reduce the possibility of interleaving the message
+     * output (since the {@code System.out} {@code PrintStream} is buffered)
+     * it invoked from multiple threads. Output is discarded if the
+     * {@code System} property "org.owasp.esapi.logSpecial.discard" is set to
+     * {@code true}.
+     *
+     * @param msg   Message to be logged.
+     * @param t     Associated exception that was caught. The class name and
+     *              exception message is also logged.
+     * @see #logToStdout(String msg)
+     */
+    public final synchronized static void logToStdout(String msg, Throwable t) {
+     // Note that this class was made final because it is called from this class'
+     // CTOR and we want to prohibit someone from <i>easily</i> doing sneaky
+     // things like subclassing this class and inserting a malicious code as a
+     // shim. Of course, really in hindsight, this entire class should have been
+     // declared 'final', but doing so at this point would likely break someone's
+     // code, including possibly some of our own test code. But since this is a
+     // new method, we can get away with it here.
+        boolean discard = logSpecialValue.trim().equalsIgnoreCase("true");
+        if ( discard ) {
+            return; // Output is discarded!
+        }
+        if ( t == null ) {
+            System.out.println("ESAPI: " + msg);
+        } else {
+            System.out.println("ESAPI: " + msg +
+                               ". Caught " + t.getClass().getName() +
+                               "; exception message was: " + t);
+        }
+    }
+    
     /**
      * Used to log errors to the console during the loading of the properties file itself. Can't use
      * standard logging in this case, since the Logger may not be initialized yet. Output is sent to
-     * {@code PrintStream} {@code System.out}.
+     * {@code PrintStream} {@code System.out}.  Output is discarded if the {@code System} property
+     * "org.owasp.esapi.logSpecial.discard" is set to {@code true}.
      *
      * @param message The message to send to the console.
      * @param e The error that occurred. (This value printed via {@code e.toString()}.)
      */
     private void logSpecial(String message, Throwable e) {
-    	StringBuffer msg = new StringBuffer(message);
-    	if (e != null) {
-    		msg.append(" Exception was: ").append( e.toString() );
-    	}
-		System.out.println( msg.toString() );
-		// if ( e != null) e.printStackTrace();		// TODO ??? Do we want this?
+        logToStdout(message, e);
     }
 
     /**
      * Used to log errors to the console during the loading of the properties file itself. Can't use
      * standard logging in this case, since the Logger may not be initialized yet. Output is sent to
-     * {@code PrintStream} {@code System.out}.
+     * {@code PrintStream} {@code System.out}.  Output is discarded if the {@code System} property
+     * "org.owasp.esapi.logSpecial.discard" is set to {@code true}.
      *
      * @param message The message to send to the console.
      */
     private void logSpecial(String message) {
-		System.out.println(message);
+		logToStdout(message, null);
     }
-    
     /**
 	 * {@inheritDoc}
 	 */

From 74a38b0096f68a2dcd17427f054d5fe31c5a1335 Mon Sep 17 00:00:00 2001
From: Jacky <jacky.chan@owasp.org>
Date: Sat, 3 Nov 2018 10:16:58 +0800
Subject: [PATCH 518/812] #304 encodeForCSS breaks color values (#453)

---
 .../java/org/owasp/esapi/reference/DefaultEncoder.java    | 2 +-
 src/test/java/org/owasp/esapi/reference/EncoderTest.java  | 8 ++++++--
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/DefaultEncoder.java b/src/main/java/org/owasp/esapi/reference/DefaultEncoder.java
index 8100632a7..9a0eefa1a 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultEncoder.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultEncoder.java
@@ -88,7 +88,7 @@ public static Encoder getInstance() {
 	 */
 	private final static char[]     IMMUNE_HTML = { ',', '.', '-', '_', ' ' };
 	private final static char[] IMMUNE_HTMLATTR = { ',', '.', '-', '_' };
-	private final static char[] IMMUNE_CSS = {};
+	private final static char[] IMMUNE_CSS = { '#' };
 	private final static char[] IMMUNE_JAVASCRIPT = { ',', '.', '_' };
 	private final static char[] IMMUNE_VBSCRIPT = { ',', '.', '_' };
 	private final static char[] IMMUNE_XML = { ',', '.', '-', '_', ' ' };
diff --git a/src/test/java/org/owasp/esapi/reference/EncoderTest.java b/src/test/java/org/owasp/esapi/reference/EncoderTest.java
index 255519752..cdef5e06a 100644
--- a/src/test/java/org/owasp/esapi/reference/EncoderTest.java
+++ b/src/test/java/org/owasp/esapi/reference/EncoderTest.java
@@ -382,10 +382,14 @@ public void testEncodeForCSS() {
         assertEquals(null, instance.encodeForCSS(null));
         assertEquals("\\3c script\\3e ", instance.encodeForCSS("<script>"));
         assertEquals("\\21 \\40 \\24 \\25 \\28 \\29 \\3d \\2b \\7b \\7d \\5b \\5d ", instance.encodeForCSS("!@$%()=+{}[]"));
+        assertEquals("#f00", instance.encodeForCSS("#f00"));
+        assertEquals("#123456", instance.encodeForCSS("#123456"));
+        assertEquals("#abcdef", instance.encodeForCSS("#abcdef"));
+        assertEquals("red", instance.encodeForCSS("red"));
     }
-    
 
-    
+
+
     /**
 	 * Test of encodeForJavaScript method, of class org.owasp.esapi.Encoder.
 	 */

From 074a6f2bf2a406f69c6d4fe5c708a94e955fb467 Mon Sep 17 00:00:00 2001
From: Simon McClenahan <smcclenahan@gmail.com>
Date: Thu, 20 Dec 2018 19:12:15 -0600
Subject: [PATCH 519/812] Eclipse setup updates (#459)

* Updated versions-maven-plugin version to 2.7 to fix m2eclipse

* Update .gitignore

* 30: ESAPIFilter in RI should allow login page destination to be
configured

Task-Url: https://github.com/ESAPI/esapi-java-legacy/issues/30

Close #30
---
 .gitignore                                             | 1 +
 pom.xml                                                | 2 +-
 src/main/java/org/owasp/esapi/filters/ESAPIFilter.java | 8 +++++++-
 3 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/.gitignore b/.gitignore
index 7222a081f..0a3094a24 100644
--- a/.gitignore
+++ b/.gitignore
@@ -10,6 +10,7 @@
 *.iws
 *.eml
 out/
+bin/
 
 # Leftover test files
 ciphertext-portable.ser
diff --git a/pom.xml b/pom.xml
index b4fb109ff..85e457a1d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -340,7 +340,7 @@
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>versions-maven-plugin</artifactId>
-                <version>2.2</version>
+                <version>2.7</version>
                 <executions>
                     <execution>
                         <id>check-for-dependency-updates</id>
diff --git a/src/main/java/org/owasp/esapi/filters/ESAPIFilter.java b/src/main/java/org/owasp/esapi/filters/ESAPIFilter.java
index 5fa374e1a..9ca41f3f1 100644
--- a/src/main/java/org/owasp/esapi/filters/ESAPIFilter.java
+++ b/src/main/java/org/owasp/esapi/filters/ESAPIFilter.java
@@ -41,6 +41,8 @@ public class ESAPIFilter implements Filter {
 
 	private static final String[] obfuscate = { "password" };
 
+	private String loginPage = "WEB-INF/login.jsp";
+
 	/**
 	 * Called by the web container to indicate to a filter that it is being
 	 * placed into service. The servlet container calls the init method exactly
@@ -55,6 +57,10 @@ public void init(FilterConfig filterConfig) {
 		if ( path != null ) {
 			ESAPI.securityConfiguration().setResourceDirectory( path );
 		}
+		String paramLoginPage = filterConfig.getInitParameter("loginPage");
+		if ( paramLoginPage != null ) {
+			loginPage = paramLoginPage;
+		}
 	}
 
 	/**
@@ -85,7 +91,7 @@ public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain
 			} catch( AuthenticationException e ) {
 				ESAPI.authenticator().logout();
 				request.setAttribute("message", "Authentication failed");
-				RequestDispatcher dispatcher = request.getRequestDispatcher("WEB-INF/login.jsp");
+				RequestDispatcher dispatcher = request.getRequestDispatcher(loginPage);
 				dispatcher.forward(request, response);
 				return;
 			}

From 5e0fcf7fdd89439b3ea78b74d73a8c8282ad92bf Mon Sep 17 00:00:00 2001
From: jeremiahjstacey <jeremiah.j.stacey@gmail.com>
Date: Sun, 6 Jan 2019 19:11:36 -0600
Subject: [PATCH 520/812] AuthenticatorTest Stability #360 (#467)

* AuthenticatorTest Stability

Several changes that appear to improve the stability of the overall test.

First, broke testSetCurrentUserWithRequest into five uniquely named tests.
One of these is used to verify a user with an expired account cannot log
in.  Fix here is to explicitly set the expiration time in the past to
prevent the implementation from validating in the same millisecond.

Second, updated the internal runnable in testSetCurrentUser to generate a
more complex password.  Found that the previous password would
occasionally fail the FileBasedAuthenticator password strength check. I
assumed it was because the strength value was being calculated as either 8
or 16.  Stregth would evaluate to 8 if the 8-character string was composed
of only one unique type of character (upper/lower/number/special), 16 if
there were only 2 unique types. By setting the string length to 17 we
explicitly avoid this potential failure in testing.

Third, I had implemented a section of code in the tear-down behavior that
cleared the userDB file and used Whitebox to null the 'userDB' attribute
in the FileBasedAuthenticator instance.  Even with that I was still seeing
issues in testSetCurrentUser where the test would fail because the user
account would already exist.  To account for this, I modified all user
names to be randomly generated Strings which will avoid the test
unintentionally creating more than user by the same name.

Finally, in testGetCurrentUser there was a value being tracked for the
user compare 'result'.  Though part of the tests' validation, it would not
have failed the test since it was being checked within the Runnable
context and not being propagated back to the test execution scope.  I
modified the implementation to add the boolean 'result' check to the
ErrorCollector, which can fail the test if a mismatched user reference
occurs.

With these changes I can run this test in isolation 100/100 times
successfully.

* Authenticatortest Stability

In addition to issues resolved in previous commit, an additional
intermittent problem was identified having to do with file IO during
testing.  To account for the IO timing, the timeout of the implementation
was extended from 10 seconds to 5 minutes.  The timeout was originally
applied to prevent the test from running indefinitely, without
consideration for any performance requirements.  The timeout extension
still fulfills the original intent and accounts for issues we're currently
experiencing.

@kwwall confirmed that it works on Linux as well (where it had been timeout out with a 10 second timeout). Passed 100 out of 100 times there as well.

Close issue #360
---
 .../esapi/reference/AuthenticatorTest.java    | 163 ++++++++++++------
 1 file changed, 109 insertions(+), 54 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/reference/AuthenticatorTest.java b/src/test/java/org/owasp/esapi/reference/AuthenticatorTest.java
index f3dd16ddb..7d62b6f9e 100644
--- a/src/test/java/org/owasp/esapi/reference/AuthenticatorTest.java
+++ b/src/test/java/org/owasp/esapi/reference/AuthenticatorTest.java
@@ -24,7 +24,7 @@
 import static org.junit.Assert.fail;
 import static org.junit.Assume.assumeTrue;
 
-import java.util.Date;
+import java.util.Calendar;
 import java.util.Set;
 import java.util.concurrent.CountDownLatch;
 import java.util.concurrent.Semaphore;
@@ -33,6 +33,7 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.hamcrest.core.IsEqual;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.BeforeClass;
@@ -68,7 +69,7 @@ public class AuthenticatorTest {
     @Rule
     public ErrorCollector collector = new ErrorCollector();
     @Rule
-    public Timeout testTimout = new Timeout(10, TimeUnit.SECONDS);
+    public Timeout testTimout = new Timeout(5, TimeUnit.MINUTES);
     @Rule
     public TestName name = new TestName();
 
@@ -207,13 +208,12 @@ public void cleanup() {
 		assertFalse( currentUser.getAccountName().equals( user2.getAccountName() ) );
 		
 		Runnable echo = new Runnable() {
-			private int count = 1;
-            private boolean result = false;
 			public void run() {
 				User a = null;
 				try {
 					String password = instance.generateStrongPassword();
-					String accountName = "TestAccount" + count++;
+					//Create account name using random strings to guarantee uniqueness among running threads.
+                    String accountName=ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
 					a = instance.getUser(accountName);
 					if ( a != null ) {
 					    instance.removeUser(accountName);
@@ -225,7 +225,7 @@ public void run() {
                     collector.addError(e);
 				}
 				User b = instance.getCurrentUser();
-				result &= a.equals(b);
+				collector.checkThat("Logged in user should equal original user", a.equals(b), new IsEqual<Boolean>(Boolean.TRUE));
 			}
 		};
         ThreadGroup tg = new ThreadGroup("test");
@@ -413,10 +413,7 @@ public void run() {
 	 */
 	@Test public void testSetCurrentUser() throws AuthenticationException, InterruptedException {
 		System.out.println("setCurrentUser");
-        System.err.println("AuthenticatorTest.setCurrentUser(): This test " +
-                           "occasionally fails due to some undiscovered race condition. " +
-                           "This has been reported as GitHub issue #360. Patches to fix welcome.");
-		String user1 = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_UPPERS);
+        String user1 = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_UPPERS);
 		String user2 = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_UPPERS);
 		User userOne = instance.createUser(user1, "getCurrentUser", "getCurrentUser");
 		userOne.enable();
@@ -431,12 +428,13 @@ public void run() {
 		assertFalse( currentUser.getAccountName().equals( userTwo.getAccountName() ) );
 		final CountDownLatch latch = new CountDownLatch(10);
 		Runnable echo = new Runnable() {
-			private int count = 1;
 			public void run() {
 				User u=null;
 				try {
-					String password = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-					u = instance.createUser("test" + count++, password, password);
+				  //Increase pwd size to guarantee greater than (not "or equal to") 16 strength.  See FileBasedAuthenticator 711-715
+                    String password = ESAPI.randomizer().getRandomString(17, EncoderConstants.CHAR_ALPHANUMERICS);
+                    String username = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+					u = instance.createUser(username, password, password);
 					instance.setCurrentUser(u);
 					ESAPI.getLogger("test").info( Logger.SECURITY_SUCCESS, "Got current user" );
 					//If the user isn't removed every subsequent execution will fail because we cannot create a duplicate user of the same name!
@@ -457,53 +455,110 @@ public void run() {
 	}
 	
 
-	/**
-	 * Test of setCurrentUser method, of class org.owasp.esapi.Authenticator.
-	 * 
-	 * @throws AuthenticationException
-	 *             the authentication exception
-	 */
-	@Test public void testSetCurrentUserWithRequest() throws AuthenticationException {
-		System.out.println("setCurrentUser(req,resp)");
+
+    /**
+     * Test of setCurrentUser method, of class org.owasp.esapi.Authenticator.
+     * 
+     * @throws AuthenticationException
+     *             the authentication exception
+     */
+    @Test public void testSetCurrentUserWithRequest() throws AuthenticationException {
         instance.logout();  // in case anyone is logged in
-		String password = instance.generateStrongPassword();
-		String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
-		DefaultUser user = (DefaultUser) instance.createUser(accountName, password, password);
-		user.enable();
-		MockHttpServletRequest request = new MockHttpServletRequest();
-		request.addParameter("username", accountName);
-		request.addParameter("password", password);
-		MockHttpServletResponse response = new MockHttpServletResponse();
-		ESAPI.httpUtilities().setCurrentHTTP(request, response);
+        String password = instance.generateStrongPassword();
+        String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+        DefaultUser user = (DefaultUser) instance.createUser(accountName, password, password);
+        user.enable();
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        request.addParameter("username", accountName);
+        request.addParameter("password", password);
+        MockHttpServletResponse response = new MockHttpServletResponse();
+        ESAPI.httpUtilities().setCurrentHTTP(request, response);
         User loggedIn = instance.login( request, response );
         User currentUser = instance.getCurrentUser();
         assertTrue(loggedIn.isLoggedIn());
         assertSame(currentUser, loggedIn);
         assertSame(user, loggedIn);
-		try {
-			user.disable();
-			instance.login( request, response );
-			fail();
-		} catch( AuthenticationException e ) {
-			// expected
-		}
-		try {
-			user.enable();
-			user.lock();
-			instance.login( request, response );
-			fail();
-		} catch( AuthenticationException e ) {
-			// expected
-		}
-		try {
-			user.unlock();
-			user.setExpirationTime( new Date() );
-			instance.login( request, response );
-			fail();
-		} catch( AuthenticationException e ) {
-			// expected
-		}
-	}
+    }
+
+    /**
+     * Test of setCurrentUser method, of class org.owasp.esapi.Authenticator.
+     * 
+     * @throws AuthenticationException
+     *             the authentication exception
+     */
+    @Test public void testSetCurrentUserWithRequestDisabledAccount() throws AuthenticationException {
+        instance.logout();  // in case anyone is logged in
+        String password = instance.generateStrongPassword();
+        String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+        DefaultUser user = (DefaultUser) instance.createUser(accountName, password, password);
+        user.enable();
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        request.addParameter("username", accountName);
+        request.addParameter("password", password);
+        MockHttpServletResponse response = new MockHttpServletResponse();
+        ESAPI.httpUtilities().setCurrentHTTP(request, response);
+        try {
+            user.disable();
+            instance.login( request, response );
+            fail("Disabled User Account should not be able to log in.");
+        } catch( AuthenticationException e ) {
+            // expected
+        }
+    }
+    
+    /**
+     * Test of setCurrentUser method, of class org.owasp.esapi.Authenticator.
+     * 
+     * @throws AuthenticationException
+     *             the authentication exception
+     */
+    @Test public void testSetCurrentUserWithRequestLockedAccount() throws AuthenticationException {
+        instance.logout();  // in case anyone is logged in
+        String password = instance.generateStrongPassword();
+        String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+        DefaultUser user = (DefaultUser) instance.createUser(accountName, password, password);
+        user.enable();
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        request.addParameter("username", accountName);
+        request.addParameter("password", password);
+        MockHttpServletResponse response = new MockHttpServletResponse();
+        ESAPI.httpUtilities().setCurrentHTTP(request, response);
+        try {
+            user.lock();
+            instance.login( request, response );
+            fail("Locked User Account should not be able to log in.");
+        } catch( AuthenticationException e ) {
+            // expected
+        }
+    }
+    /**
+     * Test of setCurrentUser method, of class org.owasp.esapi.Authenticator.
+     * 
+     * @throws AuthenticationException
+     *             the authentication exception
+     */
+    @Test public void testSetCurrentUserWithRequestExpiredAccount() throws AuthenticationException {
+        instance.logout();  // in case anyone is logged in
+        String password = instance.generateStrongPassword();
+        String accountName = ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
+        DefaultUser user = (DefaultUser) instance.createUser(accountName, password, password);
+        user.enable();
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        request.addParameter("username", accountName);
+        request.addParameter("password", password);
+        MockHttpServletResponse response = new MockHttpServletResponse();
+        ESAPI.httpUtilities().setCurrentHTTP(request, response);
+        Calendar calendar = Calendar.getInstance();
+        calendar.add(Calendar.MINUTE, -1);
+        try {
+            user.unlock();
+            user.setExpirationTime( calendar.getTime() );
+            instance.login( request, response );
+            fail("Expired User account should not be allowed to log in.");
+        } catch( AuthenticationException e ) {
+            // expected
+        }
+    }
 	
 	
 	

From c34eeaa63488840e3a6c95201a472bb339908a69 Mon Sep 17 00:00:00 2001
From: jeremiahjstacey <jeremiah.j.stacey@gmail.com>
Date: Tue, 15 Jan 2019 22:32:56 -0600
Subject: [PATCH 521/812] AbstractAccessReferenceMap Issues #37 #329 (#469)

* Concurrency Test for AbstractAccessReferenceMap

SThis test case consistently illustrates the race condition resulting from
concurrent invocations of addDirectReference.

* AbstractAccessReferenceMap Sync Updates

Synchronizing all public access methods to this wrapper class.

* AbstractAccessReferenceMap Class Documentation

Updating class documentation to provide an example of multi-interaction
synchronization syntax.

* AbstractAccessMap field updates to use HashMap

With primary synchronization being pushed to the class API level, there
really is no benefit to maintaining the overhead of ConcurrentHashMap
fields.  The thread-safety guaranteed by the ConcurrentHashMap is
superceeded by the public API of the abstract class, and should never
actually be leveraged.

This assumes that all sub-classes with extended public API continue the
use of class-level synchronization.

* AbstractAccessReferenceMapTest Extension

Adding method which shows that it is possible to create a corrupted direct
-> Indirect to Indirect -> Direct Object relationship when using the
public update(Set) API.

* AbstractAccessReferenceMap.update Logic Update

Altering the logic of update behavior to avoid the possibility of the same
indirect object being associated with multiple direct instances.
---
 .../reference/AbstractAccessReferenceMap.java | 106 ++++++++++++------
 .../AbstractAccessReferenceMapTest.java       | 100 +++++++++++++++++
 2 files changed, 171 insertions(+), 35 deletions(-)
 create mode 100644 src/test/java/org/owasp/esapi/reference/AbstractAccessReferenceMapTest.java

diff --git a/src/main/java/org/owasp/esapi/reference/AbstractAccessReferenceMap.java b/src/main/java/org/owasp/esapi/reference/AbstractAccessReferenceMap.java
index b8fc30ecb..4bd77af42 100644
--- a/src/main/java/org/owasp/esapi/reference/AbstractAccessReferenceMap.java
+++ b/src/main/java/org/owasp/esapi/reference/AbstractAccessReferenceMap.java
@@ -15,20 +15,37 @@
  */
 package org.owasp.esapi.reference;
 
-import org.owasp.esapi.AccessReferenceMap;
-import org.owasp.esapi.errors.AccessControlException;
-
+import java.util.HashMap;
+import java.util.HashSet;
 import java.util.Iterator;
 import java.util.Map;
 import java.util.Set;
 import java.util.TreeSet;
-import java.util.concurrent.ConcurrentHashMap;
+
+import org.owasp.esapi.AccessReferenceMap;
+import org.owasp.esapi.errors.AccessControlException;
 
 /**
- * Abstract Implementation of the AccessReferenceMap that is backed by ConcurrentHashMaps to
- * provide a thread-safe implementation of the AccessReferenceMap. Implementations of this
- * abstract class should implement the #getUniqueReference() method.
- *
+ * Abstract Implementation of the AccessReferenceMap.
+ * <br>
+ * Implementation offers default synchronization on all public API 
+ * to assist with thread safety.
+ * <br>
+ * For complex interactions spanning multiple calls, it is recommended 
+ * to add a synchronized block around all invocations to maintain intended data integrity.
+ * 
+ * <pre>
+ * public MyClassUsingAARM {
+ *  private AbstractAccessReferenceMap<Object> aarm;
+ * 
+ *  public void replaceAARMDirect(Object oldDirect, Object newDirect) {
+ *     synchronized (aarm) {
+ *        aarm.removeDirectReference(oldDirect);
+ *        aarm.addDirectReference(newDirect);
+ *     }
+ *  }
+ * }
+ * </pre>
  * @author  Chris Schmidt (chrisisbeef@gmail.com)
  * @since   July 21, 2009
  */
@@ -43,15 +60,15 @@ public abstract class AbstractAccessReferenceMap<K> implements AccessReferenceMa
 
    /**
     * Instantiates a new access reference map. Note that this will create the underlying Maps with an initialSize
-    * of {@link ConcurrentHashMap#DEFAULT_INITIAL_CAPACITY} and that resizing a Map is an expensive process. Consider
+    * of {@link HashMap#DEFAULT_INITIAL_CAPACITY} and that resizing a Map is an expensive process. Consider
     * using a constructor where the initialSize is passed in to maximize performance of the AccessReferenceMap.
     *
     * @see #AbstractAccessReferenceMap(java.util.Set, int)
     * @see #AbstractAccessReferenceMap(int)
     */
    public AbstractAccessReferenceMap() {
-      itod = new ConcurrentHashMap<K, Object>();
-      dtoi = new ConcurrentHashMap<Object,K>();
+      itod = new HashMap<K, Object>();
+      dtoi = new HashMap<Object,K>();
    }
 
    /**
@@ -62,8 +79,8 @@ public AbstractAccessReferenceMap() {
     *          The initial size of the underlying maps
     */
    public AbstractAccessReferenceMap( int initialSize ) {
-      itod = new ConcurrentHashMap<K, Object>(initialSize);
-      dtoi = new ConcurrentHashMap<Object,K>(initialSize);
+      itod = new HashMap<K, Object>(initialSize);
+      dtoi = new HashMap<Object,K>(initialSize);
    }
 
    /**
@@ -82,8 +99,8 @@ public AbstractAccessReferenceMap( int initialSize ) {
     */
    @Deprecated
    public AbstractAccessReferenceMap( Set<Object> directReferences ) {
-      itod = new ConcurrentHashMap<K, Object>(directReferences.size());
-      dtoi = new ConcurrentHashMap<Object,K>(directReferences.size());
+      itod = new HashMap<K, Object>(directReferences.size());
+      dtoi = new HashMap<Object,K>(directReferences.size());
       update(directReferences);
    }
 
@@ -111,8 +128,8 @@ public AbstractAccessReferenceMap( Set<Object> directReferences ) {
     */
    @Deprecated
    public AbstractAccessReferenceMap( Set<Object> directReferences, int initialSize ) {
-      itod = new ConcurrentHashMap<K, Object>(initialSize);
-      dtoi = new ConcurrentHashMap<Object,K>(initialSize);
+      itod = new HashMap<K, Object>(initialSize);
+      dtoi = new HashMap<Object,K>(initialSize);
       update(directReferences);
    }
 
@@ -135,7 +152,7 @@ public synchronized Iterator iterator() {
    /**
    * {@inheritDoc}
    */
-   public <T> K addDirectReference(T direct) {
+   public synchronized <T> K addDirectReference(T direct) {
       if ( dtoi.keySet().contains( direct ) ) {
          return dtoi.get( direct );
       }
@@ -148,7 +165,7 @@ public <T> K addDirectReference(T direct) {
    /**
    * {@inheritDoc}
    */
-   public <T> K removeDirectReference(T direct) throws AccessControlException
+   public synchronized <T> K removeDirectReference(T direct) throws AccessControlException
    {
       K indirect = dtoi.get(direct);
       if ( indirect != null ) {
@@ -162,33 +179,52 @@ public <T> K removeDirectReference(T direct) throws AccessControlException
    * {@inheritDoc}
    */
    public final synchronized void update(Set directReferences) {
-      Map<Object,K> new_dtoi = new ConcurrentHashMap<Object,K>( directReferences.size() );
-      Map<K,Object> new_itod = new ConcurrentHashMap<K,Object>( directReferences.size() );
-
-      for ( Object o : directReferences ) {
-         K indirect = dtoi.get( o );
-
-         if ( indirect == null ) {
-            indirect = getUniqueReference();
-         }
-         new_dtoi.put( o, indirect );
-         new_itod.put( indirect, o );
-      }
-      dtoi = new_dtoi;
-      itod = new_itod;
+       Map<Object,K> new_dtoi = new HashMap<Object,K>( directReferences.size() );
+       Map<K,Object> new_itod = new HashMap<K,Object>( directReferences.size() );
+       
+       Set<Object> newDirect = new HashSet<>(directReferences);
+       Set<Object> dtoiCurrent = new HashSet<>(dtoi.keySet());
+
+       //Preserve all keys that are in the new set
+       dtoiCurrent.retainAll(newDirect);
+       
+       //Transfer existing values into the new map
+       for (Object current: dtoiCurrent) {
+           K idCurrent = dtoi.get(current);
+           new_dtoi.put(current, idCurrent);
+           new_itod.put(idCurrent, current);
+       }
+       
+       //Trim the new map to only new values
+       newDirect.removeAll(dtoiCurrent);
+       
+       //Add new values with new indirect keys to the new map
+       for (Object newD : newDirect) {
+           K idCurrent;
+           do {
+               idCurrent = getUniqueReference();
+               //Unlikey, but just in case we generate the exact same key multiple times...
+           } while (dtoi.containsValue(idCurrent));
+           
+           new_dtoi.put(newD, idCurrent);
+           new_itod.put(idCurrent, newD);
+       }
+    
+       dtoi = new_dtoi;
+       itod = new_itod;
    }
 
    /**
    * {@inheritDoc}
    */
-   public <T> K getIndirectReference(T directReference) {
+   public synchronized <T> K getIndirectReference(T directReference) {
       return dtoi.get(directReference);
    }
 
    /**
    * {@inheritDoc}
    */
-   public <T> T getDirectReference(K indirectReference) throws AccessControlException {
+   public synchronized <T> T getDirectReference(K indirectReference) throws AccessControlException {
       if (itod.containsKey(indirectReference) ) {
          try
          {
diff --git a/src/test/java/org/owasp/esapi/reference/AbstractAccessReferenceMapTest.java b/src/test/java/org/owasp/esapi/reference/AbstractAccessReferenceMapTest.java
new file mode 100644
index 000000000..810a2bf15
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/reference/AbstractAccessReferenceMapTest.java
@@ -0,0 +1,100 @@
+package org.owasp.esapi.reference;
+
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Set;
+
+import org.junit.Assert;
+import org.junit.Test;
+import org.mockito.Mockito;
+import org.powermock.reflect.Whitebox;
+
+
+public class AbstractAccessReferenceMapTest {
+
+    @Test
+    public void testConcurrentAddDirectReference() throws Exception {
+        @SuppressWarnings("unchecked")
+        final AbstractAccessReferenceMap<Object> map = Mockito.mock(AbstractAccessReferenceMap.class, Mockito.withSettings().useConstructor()
+                .defaultAnswer(Mockito.CALLS_REAL_METHODS)
+                );
+        Object indirectObj = new Object();
+        Mockito.when(map.getUniqueReference()).thenReturn(indirectObj);
+
+        final HashMap<?,?> itod= Whitebox.getInternalState(map, "itod");
+
+        final Object toAdd = new Object();
+
+        Runnable addReference1 = new Runnable() {
+            @Override
+            public void run() {
+                map.addDirectReference(toAdd);
+            }
+        };
+        Runnable addReference2 = new Runnable() {
+            @Override
+            public void run() {
+                map.addDirectReference(toAdd);
+            }
+        };
+
+        Runnable lockItod = new Runnable() {
+            public void run() {
+                synchronized (itod) {
+                    try {
+                        Thread.sleep(2000);
+                    } catch (InterruptedException e) {
+                        // TODO Auto-generated catch block
+                        e.printStackTrace();
+                    }
+
+                } 
+            }
+        };
+
+        Thread lockIndirectRefs = new Thread(lockItod, "Lock Indirect Refs");
+        Thread addRef1Thread = new Thread(addReference1, "Add Ref 1");
+        Thread addRef2Thread = new Thread(addReference2, "Add Ref 2");
+        lockIndirectRefs.start();
+        addRef1Thread.start();
+        addRef2Thread.start();
+
+        addRef1Thread.join();
+        addRef2Thread.join();
+        lockIndirectRefs.join();
+
+        Mockito.verify(map,Mockito.times(1)).getUniqueReference();
+    }
+    
+    @Test
+    public void verifyNoDuplicateKeysOnUpdateReplace() {
+        @SuppressWarnings("unchecked")
+        final AbstractAccessReferenceMap<Object> map = Mockito.mock(AbstractAccessReferenceMap.class, Mockito.withSettings().useConstructor()
+                .defaultAnswer(Mockito.CALLS_REAL_METHODS)
+                );
+        Object indirectObj1 = new Object();
+        Object indirectObj2 = new Object();
+        Mockito.when(map.getUniqueReference()).thenReturn(indirectObj1); 
+        
+        Object direct1 = new Object();
+        Object direct2 = new Object();
+        
+        map.addDirectReference(direct1);
+        
+        Mockito.reset(map);
+        
+        Set<Object> newDirectElements = new HashSet<>();
+        newDirectElements.add(direct2);
+        newDirectElements.add(direct1);
+        
+        Mockito.when(map.getUniqueReference()).thenReturn(indirectObj1).thenReturn(indirectObj2); 
+        
+        map.update(newDirectElements);
+        
+        //Needs to be called 2 times to get past the first duplicate key. This verifies that we're inserting unique pairs.
+        Mockito.verify(map, Mockito.times(2)).getUniqueReference();
+        
+        Assert.assertEquals(indirectObj1, map.getIndirectReference(direct1));
+        Assert.assertEquals(indirectObj2, map.getIndirectReference(direct2));
+    }
+}

From f68341f6acd9d9699dd16fad6e3f1247d651e3db Mon Sep 17 00:00:00 2001
From: jeremiahjstacey <jeremiah.j.stacey@gmail.com>
Date: Tue, 15 Jan 2019 22:40:29 -0600
Subject: [PATCH 522/812] JavaLogFactory Thread Safety #286 (#470)

* JavaLogFactory Concurrency Test

Test case showing that in multi-threaded requests for a single reference,
multiple Logger references may be created.

* Logic & Test Updates JavaLogFactory

Extending test to also create Logs by module name.

Updating logic in class to have class delegate to the module name with the
class name reference and synchronizing on the map while the reference is
being retrieved and/or created.
---
 .../owasp/esapi/reference/JavaLogFactory.java | 28 +++----
 .../esapi/reference/JavaLogFactoryTest.java   | 73 +++++++++++++++++++
 2 files changed, 84 insertions(+), 17 deletions(-)
 create mode 100644 src/test/java/org/owasp/esapi/reference/JavaLogFactoryTest.java

diff --git a/src/main/java/org/owasp/esapi/reference/JavaLogFactory.java b/src/main/java/org/owasp/esapi/reference/JavaLogFactory.java
index 0970818e8..810aae8d5 100644
--- a/src/main/java/org/owasp/esapi/reference/JavaLogFactory.java
+++ b/src/main/java/org/owasp/esapi/reference/JavaLogFactory.java
@@ -49,15 +49,7 @@ public JavaLogFactory() {}
 	* {@inheritDoc}
 	*/
 	public Logger getLogger(Class clazz) {
-    	
-    	// If a logger for this class already exists, we return the same one, otherwise we create a new one.
-    	Logger classLogger = (Logger) loggersMap.get(clazz);
-    	
-    	if (classLogger == null) {
-    		classLogger = new JavaLogger(clazz.getName());
-    		loggersMap.put(clazz, classLogger);
-    	}
-		return classLogger;
+	    return getLogger(clazz.getName());
     }
 
     /**
@@ -65,14 +57,16 @@ public Logger getLogger(Class clazz) {
 	*/
     public Logger getLogger(String moduleName) {
     	
-    	// If a logger for this module already exists, we return the same one, otherwise we create a new one.
-    	Logger moduleLogger = (Logger) loggersMap.get(moduleName);
-    	
-    	if (moduleLogger == null) {
-    		moduleLogger = new JavaLogger(moduleName);
-    		loggersMap.put(moduleName, moduleLogger);    		
-    	}
-		return moduleLogger;
+        synchronized (loggersMap) {
+            // If a logger for this module already exists, we return the same one, otherwise we create a new one.
+            Logger moduleLogger = (Logger) loggersMap.get(moduleName);
+
+            if (moduleLogger == null) {
+                moduleLogger = new JavaLogger(moduleName);
+                loggersMap.put(moduleName, moduleLogger);    		
+            }
+            return moduleLogger;
+        }
     }
 
 
diff --git a/src/test/java/org/owasp/esapi/reference/JavaLogFactoryTest.java b/src/test/java/org/owasp/esapi/reference/JavaLogFactoryTest.java
new file mode 100644
index 000000000..41a7c52b0
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/reference/JavaLogFactoryTest.java
@@ -0,0 +1,73 @@
+package org.owasp.esapi.reference;
+
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.CountDownLatch;
+
+import org.junit.Assert;
+import org.junit.Test;
+import org.owasp.esapi.Logger;
+
+
+public class JavaLogFactoryTest {
+
+    @Test
+    public void testConcurrentLogRequest() throws InterruptedException {
+        final ConcurrentHashMap<Integer, Logger> logCapture = new ConcurrentHashMap<>();
+        List<Thread> threads = new ArrayList<>();
+        final CountDownLatch forceConcurrency = new CountDownLatch(1);
+        for (int x = 0 ; x < 10; x ++) {
+            final int requestIndex = x;
+            Runnable requestLogByClass = new Runnable() {
+                @Override
+                public void run() {
+                   try {
+                    forceConcurrency.await();
+                } catch (InterruptedException e) {
+                    // TODO Auto-generated catch block
+                    e.printStackTrace();
+                }
+                   logCapture.put(requestIndex, JavaLogFactory.getInstance().getLogger(JavaLogFactoryTest.class));
+                }
+            };
+            
+            Runnable requestLogByModule = new Runnable() {
+                @Override
+                public void run() {
+                   try {
+                    forceConcurrency.await();
+                } catch (InterruptedException e) {
+                    // TODO Auto-generated catch block
+                    e.printStackTrace();
+                }
+                   logCapture.put(requestIndex, JavaLogFactory.getInstance().getLogger(JavaLogFactoryTest.class.getName()));
+                }
+            };
+            
+            threads.add(new Thread(requestLogByClass, "Request Log By Class " + x));
+            
+            threads.add(new Thread(requestLogByModule, "Request Log By Name " + x));
+            
+            
+        }
+        
+        for (Thread thread : threads) {
+            thread.start();
+        }
+        
+        forceConcurrency.countDown();
+        
+        for (Thread thread: threads) {
+            thread.join();
+        }
+        
+        
+        Set<Logger> uniqueLoggers = new HashSet<>(logCapture.values());
+        
+        Assert.assertEquals(1, uniqueLoggers.size());
+        
+    }
+}

From 48cb2ad8b58f3e272d8174bb7bfb4249d94d0210 Mon Sep 17 00:00:00 2001
From: jeremiahjstacey <jeremiah.j.stacey@gmail.com>
Date: Tue, 22 Jan 2019 20:26:52 -0600
Subject: [PATCH 523/812] Issue #31 MySQLCodec Updates (#472)

* MySQLCodec Underscore Escape Tests

Implementing my understanding of the desired tests from the issue.

* MySQLCodec Logic and Test Modifications

I am not sure this is what is desired

Tests showing the MySQLCodec acts as specified for the OWASP
recommendation of MySQL encoding for both ANSI and MySQL (Standard) Modes.

Logic updates to account for divergence from the recommended approach.

* MySQLCodec Logic (Restoring)

Putting back the logic from MySQLCodec removed last commit.  Alphanumerics
under 256 should be returned in their original forms based on OWASP
recommendation being targeted.

* MySQLCodec Test Updates

Correcting tests for the STANDARD handling of characters up to 256
including numbers, upper/lower case letters, special encoded characters,
and any value outside the previously defined sets.

This should now assert the OWASP recommended approach to Encoding STANDARD
MySQL inputs.

* MySQLCodecTest Updates: DECODE

Adding a decode validation to the existing tests to verify that when an
ecoded string is decoded that the original value is the result.

* MySQLCodec Logic Update: Bug Fix

Identified a case in MySQLCodec (STANDARD) where the special-case
character 0x1a was correctly encoding to '//Z', but the decode case was
watching for '//z'.  Encoded value did not decode to original input.

Logic update in decode to alter the lower case z to the upper-case Z.

* MySQLCodec Documentation Update

Updating the URL listed in the class documentation to direct to OWASP
recommended MySQL Escaping.

* MySQLCodecTest Updates Ansi Decode PB_Seq

Adding workflow & behavioral validations for the ANSI handling of decoding
a PushBackSequence reference.

* MySQLCodecTest Updates Ansi Decode PB_Seq

Updating ANSI PushbackSequence tests names to be
better self-documenting.

* MySQLCodecTest Updates Standard Decode PB_Seq

Adding tests for Standard MySQLCodec Decode with PushbackSequence

* MySqlCodecTest Ctr using int

The ctr is deprecated, but still should be tested as long as it is
present.  Adding cases for ANSI and Standard resolution showing mode is
correctly resolved.  Stub of an unsupported int also included, but
currently ignored.

* MySQLCodec Logic & Tests invalid int CTR Arg

Found that implementations would throw NPE's if an invalid int was
provided to the deprecated constructor when trying to encode or decode
values.  Opted to alter the constructor logic to immediately throw a
runtime exception (IllegalArgument) if the constructor parameter cannot
resolve to a valid reference.

It would be a Runtime exception either way, it's just a matter of when
it's thrown.

Alternatively, the mode switches in the encode/decode could have been
surrounded by an if block with an else/fallthrough which retuned null.

It is my opinion that this is a non-obvious failure of misconfiguration
and would be difficult to diagnose and resolve.  The immediate class
failure should provide the end-user with context on how to resolve the
problem and limit the time debugging.

Tests provided to validate workflow.

* MySQLCodecTest Update Method Rename

Renaming static method to be inclusive of the creation of both mode escape
maps.

* MySQLCodec Test Immunity Validations

Tests for handling of encoding with immunity sets for STANDARD and ANSI
modes.

* MySQLCodec Documentation Updates

Updating class documentation to clarify the intended support provided by
the implementation.

* MySQLCodec Code Structure Updates

Making a copy of MySQLCodec in its own subpackage of the codec group.  Breaking
apart the implementation into the codec and a strategy pattern controlled
by the MySQLMode enumeration.

Each piece of this implementation retained the original tests; however,
like the code, the tests have been split up as well.  Now the
responsibilty of the ANSI handing is in the MySQLAnsiSupport class.
Standard behavior is held an tested from the MySQLStandardSupport class.

I feel like this change increases readability and usability of the
baseline.  I am committing this at this time to get another set of
opinions on this approach.  In the interim, the original MySQLCodec and
tests have remained untouched in this effort.

* Cleanup: Removing MySqlCodec Strategy impl

Sample served its purpose and may be revisited later.  Opting to maintain
existing implementation for issue resolution.

* Updating documentation: ANSI_QUOTES Mode

Providing javadoc mapping from the MySQLCodec ANSI mode to the MySQL
Server ANSI_QUOTES mode documentation.

* Removing testMySQLANSIModeQuoteInjection

From research, on issue #31 double quotes within the single quote literals
supported in ANSI_QUOTE modes do not require explicit escape handling.

* Reintroducing  testMySQLANSIModeQuoteInjection

Updating compare to match current expectation and adding comment to
clarify that no special handling for double quotes is needed in
ANSI_QUOTES mode.
---
 .../org/owasp/esapi/codecs/MySQLCodec.java    |  65 +++-
 .../owasp/esapi/codecs/MySQLCodecTest.java    | 366 ++++++++++++++++++
 .../owasp/esapi/reference/EncoderTest.java    |   3 +-
 3 files changed, 421 insertions(+), 13 deletions(-)
 create mode 100644 src/test/java/org/owasp/esapi/codecs/MySQLCodecTest.java

diff --git a/src/main/java/org/owasp/esapi/codecs/MySQLCodec.java b/src/main/java/org/owasp/esapi/codecs/MySQLCodec.java
index 0686741f3..02e615dd5 100644
--- a/src/main/java/org/owasp/esapi/codecs/MySQLCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/MySQLCodec.java
@@ -18,13 +18,47 @@
 
 
 /**
- * Implementation of the Codec interface for MySQL strings. See http://mirror.yandex.ru/mirrors/ftp.mysql.com/doc/refman/5.0/en/string-syntax.html
- * for more information.
+ * Codec implementation which can be used to escape string literals in MySQL.
+ * </br>
+ * Implementation accepts 2 Modes as identified by the OWASP Recommended
+ * escaping strategies:
+ * <ul>
+ * <li><b>ANSI</b> <br>
+ * Simply encode all ' (single tick) characters with '' (two single ticks)</li>
+ * <br>
+ * <li><b>Standard</b>
  * 
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * <pre>
+ *   NUL (0x00) --> \0  [This is a zero, not the letter O]
+ *   BS  (0x08) --> \b
+ *   TAB (0x09) --> \t
+ *   LF  (0x0a) --> \n
+ *   CR  (0x0d) --> \r
+ *   SUB (0x1a) --> \Z
+ *   "   (0x22) --> \"
+ *   %   (0x25) --> \%
+ *   '   (0x27) --> \'
+ *   \   (0x5c) --> \\
+ *   _   (0x5f) --> \_ 
+ *   <br>
+ *   all other non-alphanumeric characters with ASCII values less than 256  --> \c
+ *   where 'c' is the original non-alphanumeric character.
+ * </pre>
+ * 
+ * </li>
+ * 
+ * </ul>
+ * 
+ * @author Jeff Williams (jeff.williams .at. aspectsecurity.com)
+ *         <a href="http://www.aspectsecurity.com">Aspect Security</a>
  * @since June 1, 2007
- * @see org.owasp.esapi.Encoder
+ * 
+ * @see <a href=
+ *      "https://dev.mysql.com/doc/refman/8.0/en/string-literals.html">MySQL 8.0
+ *      String Literals</a>
+ * @see <a href=
+ *      "https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet#MySQL_Escaping">OWASP
+ *      SQL_Injection_Prevention_Cheat_Sheet#MySQL_Escaping</a>
  */
 public class MySQLCodec extends AbstractCharacterCodec {
     /**
@@ -46,13 +80,20 @@ static Mode findByKey(int key) {
                 if ( m.key == key )
                     return m;
             }
-            return null;
+            String message = String.format("No Mode for %s. Valid references are MySQLStandard: %s or ANSI: %s", key, MYSQL_MODE, ANSI_MODE);
+            throw new IllegalArgumentException(message);
         }
     }
 
     /** Target MySQL Server is running in Standard MySQL (Default) mode. */
     public static final int MYSQL_MODE = 0;
-    /** Target MySQL Server is running in {@link "http://dev.mysql.com/doc/refman/5.0/en/ansi-mode.html"} ANSI Mode */
+    /**
+     * Target MySQL Server is running in ANSI_QUOTES Mode
+     * 
+     * @see <a href=
+     *      "https://dev.mysql.com/doc/refman/8.0/en/sql-mode.html#sqlmode_ansi_quotes">
+     *      https://dev.mysql.com/doc/refman/8.0/en/sql-mode.html#sqlmode_ansi_quotes</a>
+     */
     public static final int ANSI_MODE = 1;
 	
 	//private int mode = 0;
@@ -100,11 +141,12 @@ public String encodeCharacter( char[] immune, Character c ) {
 			return ""+ch;
 		}
 		
+		
 		switch( mode ) {
 			case ANSI: return encodeCharacterANSI( c );
 			case STANDARD: return encodeCharacterMySQL( c );
+			default: return null;
 		}
-		return null;
 	}
 	
 	/**
@@ -123,8 +165,7 @@ public String encodeCharacter( char[] immune, Character c ) {
 	private String encodeCharacterANSI( Character c ) {
 		if ( c == '\'' )
         	return "\'\'";
-        if ( c == '\"' )
-            return "";
+     
         return ""+c;
 	}
 
@@ -166,8 +207,8 @@ public Character decodeCharacter( PushbackSequence<Character> input ) {
 		switch( mode ) {
 			case ANSI: return decodeCharacterANSI( input );
 			case STANDARD: return decodeCharacterMySQL( input );
+			default: return null;
 		}
-		return null;
 	}
 
 	/**
@@ -244,7 +285,7 @@ private Character decodeCharacterMySQL( PushbackSequence<Character> input ) {
 			return Character.valueOf( (char)0x0a );
 		} else if ( second.charValue() == 'r' ) {
 			return Character.valueOf( (char)0x0d );
-		} else if ( second.charValue() == 'z' ) {
+		} else if ( second.charValue() == 'Z' ) {
 			return Character.valueOf( (char)0x1a );
 		} else if ( second.charValue() == '\"' ) {
 			return Character.valueOf( (char)0x22 );
diff --git a/src/test/java/org/owasp/esapi/codecs/MySQLCodecTest.java b/src/test/java/org/owasp/esapi/codecs/MySQLCodecTest.java
new file mode 100644
index 000000000..04e57850a
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/codecs/MySQLCodecTest.java
@@ -0,0 +1,366 @@
+package org.owasp.esapi.codecs;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.hamcrest.Matcher;
+import org.hamcrest.core.IsEqual;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.ErrorCollector;
+import org.junit.rules.ExpectedException;
+import org.mockito.Mockito;
+import org.owasp.esapi.codecs.MySQLCodec.Mode;
+import org.powermock.reflect.Whitebox;
+/**
+ * Tests to show {@link MySQLCodec} with {@link Mode#ANSI}
+ * comply with the OWASP Escaping recommendations
+ * 
+ * https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet#MySQL_Escaping
+ *
+ */
+public class MySQLCodecTest {
+    private static final char[] EMPTY_CHAR_ARRAY = new char[0];
+    private static  Map<Character, String> ANSI_ESCAPES;
+    private static  Map<Character, String> STANDARD_ESCAPES;
+
+    private static final InclusiveRangePair NUMBER_CHAR_RANGE = new InclusiveRangePair(48,57);
+    private static final InclusiveRangePair UPPER_CHAR_RANGE = new InclusiveRangePair(65,90);
+    private static final InclusiveRangePair LOWER_CHAR_RANGE = new InclusiveRangePair(97,122);
+
+    private MySQLCodec uitAnsi = new MySQLCodec(Mode.ANSI);
+    private MySQLCodec uitMySqlStandard = new MySQLCodec(Mode.STANDARD);
+
+
+    @Rule
+    public ErrorCollector errorCollector = new ErrorCollector();
+    @Rule
+    public ExpectedException exEx = ExpectedException.none();
+
+
+    @BeforeClass
+    public static void createCodecEscapeMaps () {
+        Map<Character, String> escapesStd = new HashMap<>();
+        escapesStd.put( (char)0x00,  "\\0");
+        escapesStd.put( (char)0x08,  "\\b");
+        escapesStd.put( (char)0x09,  "\\t");
+        escapesStd.put( (char)0x0a,  "\\n");
+        escapesStd.put( (char)0x0d,  "\\r");
+        escapesStd.put( (char)0x1a,  "\\Z");
+        escapesStd.put( (char)0x22,  "\\\"");
+        escapesStd.put( (char)0x25,  "\\%");
+        escapesStd.put( (char)0x27,  "\\'");
+        escapesStd.put( (char)0x5c,  "\\\\");
+        escapesStd.put( (char)0x5f,  "\\_");
+
+        Map<Character, String> escapesAnsi = new HashMap<>();
+        escapesAnsi.put( '\'',  "\'\'");
+
+        STANDARD_ESCAPES = escapesStd;
+        ANSI_ESCAPES = escapesAnsi;
+    }
+
+    /**
+     * ANSI
+     * Test showing that for characters up to 256, the only encoded value is the single tick.
+     * 
+     * when the single tick is encoded, it is updated to be double tick.  All other characters remain unchanged.
+     */
+    @Test
+    public void testAnsiEncodeTo256() {
+        for (int ref = 0 ; ref < 256; ref ++) {
+            char refChar = (char) ref;
+            boolean shouldEscape = ANSI_ESCAPES.containsKey(refChar);
+
+
+            String charAsString = "" + refChar;
+            String expected = charAsString;
+            String encodeMsg = String.format("%s (%s) should not be altered when Encoded through the ANSI MySQLCodec", charAsString, ref);
+            String decodeMsg = String.format("%s (%s) [%s] should match original value when DECODED through the ANSI MySQLCodec", charAsString, ref, expected);
+            if (shouldEscape) {
+                expected = ANSI_ESCAPES.get(refChar);
+                encodeMsg = String.format("%s (%s) should have been escaped when Encoded through the ANSI MySQLCodec", charAsString, ref);
+            }
+            Matcher<String> encodeExpect = new IsEqual<>(expected);
+            Matcher<String> decodeExpect = new IsEqual<>(charAsString);
+            errorCollector.checkThat(encodeMsg, uitAnsi.encode(EMPTY_CHAR_ARRAY, charAsString), encodeExpect);
+            errorCollector.checkThat(decodeMsg, uitAnsi.decode(expected), decodeExpect);
+        }
+    }
+    @Test
+    public void testAnsiEncodeWithImmuneSet() {
+        //The only value that is encoded is single tick. The immunity list does not impact normal capability in ANSI mode
+        char[] immuneChars = new char[] {15, 91,150, 255};
+        
+        for (char refChar : immuneChars) {
+            int ref = refChar;
+            String charAsString = "" + refChar;
+            String expected =  charAsString;
+            String encodeMsg = String.format("%s (%s) should not be escaped when in the immunity list provided to Encoded through the ANSI MySQLCodec", charAsString, refChar);
+            String decodeMsg = String.format("%s (%s) [%s] should match original value when Encoded through the ANSI MySQLCodec", charAsString, ref, expected);
+
+            Matcher<String> encodeExpect = new IsEqual<>(expected);
+            Matcher<String> decodeExpect = new IsEqual<>(charAsString);
+            errorCollector.checkThat(encodeMsg, uitAnsi.encode(immuneChars, charAsString), encodeExpect);
+            errorCollector.checkThat(decodeMsg, uitAnsi.decode(expected), decodeExpect);
+        }
+    }
+    /** Upper case letters should not be mutated by the implementation.*/
+    @Test
+    public void testStandardEncodeUpperCaseRange() {
+        performStandardNonEscapeTest(UPPER_CHAR_RANGE);
+    }
+    /** Lower case letters should not be mutated by the implementation.*/
+    @Test
+    public void testStandardEncodeLowerCaseRange() {
+        performStandardNonEscapeTest(LOWER_CHAR_RANGE);
+    }
+    /** Numbers should not be mutated by the implementation.*/
+    @Test
+    public void testStandardEncodeNumbersRange() {
+        performStandardNonEscapeTest(NUMBER_CHAR_RANGE);
+    }
+
+    /**
+     * Helper function for iterating a defined range of values and asserting encoded references are not mutated.
+     * @param range {@link InclusiveRangePair} reference to verify
+     */
+    private void performStandardNonEscapeTest(InclusiveRangePair range) {
+        for (int ref = range.getLowerLimit() ; ref <= range.getUpperLimit(); ref ++) {
+            char refChar = (char) ref;
+            String charAsString = "" + refChar;
+            String expected = charAsString;
+            String encodeMsg = String.format("%s (%s) should not be changed when Encoded through the Standard MySQLCodec", charAsString, ref);
+            String decodeMsg = String.format("%s (%s) [%s] should match original value when Encoded through the Standard MySQLCodec", charAsString, ref, expected);
+
+            Matcher<String> encodeExpect = new IsEqual<>(expected);
+            Matcher<String> decodeExpect = new IsEqual<>(charAsString);
+            errorCollector.checkThat(encodeMsg, uitMySqlStandard.encode(EMPTY_CHAR_ARRAY, charAsString), encodeExpect);
+            errorCollector.checkThat(decodeMsg, uitMySqlStandard.decode(expected), decodeExpect);
+        }
+    }
+
+    /**
+     * Tests that any value under 256 that is not a number, upper case letter, lower case letter, or a special-encoding object is prefixed by a backslash when encoded
+     * by a STANDARD MySQLCodec implementation
+     */
+    @Test
+    public void testStandardEncodeNonAlphaNumeric() {
+        for (int ref = 0; ref < 256 ; ref ++) {
+            char refChar = (char) ref;
+            if (NUMBER_CHAR_RANGE.contains(ref) || LOWER_CHAR_RANGE.contains(ref) || UPPER_CHAR_RANGE.contains(ref) || STANDARD_ESCAPES.keySet().contains(refChar)) {
+                continue;
+            }
+            String charAsString = "" + refChar;
+            String expected = "\\" + charAsString;
+            String encodeMsg = String.format("%s (%s) should have been escaped when Encoded through the Standard MySQLCodec", charAsString, refChar);
+            String decodeMsg = String.format("%s (%s) [%s] should match original value when Encoded through the Standard MySQLCodec", charAsString, ref, expected);
+
+            Matcher<String> encodeExpect = new IsEqual<>(expected);
+            Matcher<String> decodeExpect = new IsEqual<>(charAsString);
+            errorCollector.checkThat(encodeMsg, uitMySqlStandard.encode(EMPTY_CHAR_ARRAY, charAsString), encodeExpect);
+            errorCollector.checkThat(decodeMsg, uitMySqlStandard.decode(expected), decodeExpect);
+
+        }
+    }
+    
+    @Test
+    public void testStandardEncodeWithImmuneSet() {
+        //These values normally fall under the encodeNonAlphaNumeric test content.
+        char[] immuneChars = new char[] {15, 91,150, 255};
+        
+        for (char refChar : immuneChars) {
+            int ref = refChar;
+            String charAsString = "" + refChar;
+          //Typically, we should expect the encode to be the original value prefixed by two backslashes.
+            String expected =  charAsString;
+            String encodeMsg = String.format("%s (%s) should not be escaped when in the immunity list provided to Encoded through the Standard MySQLCodec", charAsString, refChar);
+            String decodeMsg = String.format("%s (%s) [%s] should match original value when Encoded through the Standard MySQLCodec", charAsString, ref, expected);
+
+            Matcher<String> encodeExpect = new IsEqual<>(expected);
+            Matcher<String> decodeExpect = new IsEqual<>(charAsString);
+            errorCollector.checkThat(encodeMsg, uitMySqlStandard.encode(immuneChars, charAsString), encodeExpect);
+            errorCollector.checkThat(decodeMsg, uitMySqlStandard.decode(expected), decodeExpect);
+        }
+    }
+    /**
+     * Asserts that predefined specialty escape sequences are provided when encoded.
+     */
+    @Test
+    public void testStandardEncodeEscapeSet() {
+        for (Character refChar : STANDARD_ESCAPES.keySet()) {
+            String charAsString = "" + refChar;
+            String expected = STANDARD_ESCAPES.get(refChar);
+            String encodeMsg = String.format("%s (%s) should have been escaped when Encoded through the Standard MySQLCodec", charAsString, (int) refChar.charValue());
+            String decodeMsg = String.format("%s (%s) [%s] should match original value when Encoded through the Standard MySQLCodec", charAsString, (int) refChar.charValue(), expected);
+
+            Matcher<String> encodeExpect = new IsEqual<>(expected);
+            Matcher<String> decodeExpect = new IsEqual<>(charAsString);
+            errorCollector.checkThat(encodeMsg, uitMySqlStandard.encode(EMPTY_CHAR_ARRAY, charAsString), encodeExpect);
+            errorCollector.checkThat(decodeMsg, uitMySqlStandard.decode(expected), decodeExpect);   
+        }
+    }
+
+    /**
+     * If the first element in the {@link PushbackSequence} is null, then null is expected.
+     */
+    @Test
+    public void testAnsiDecodePushbackSequenceNullFirstElementReturnsNull() {
+        PushbackSequence<Character> mockPushback = Mockito.mock(PushbackSequence.class);
+        Mockito.when(mockPushback.next()).thenReturn(null);
+        
+        Character decChar = uitAnsi.decodeCharacter(mockPushback);
+        Assert.assertNull(decChar);
+        
+        Mockito.verify(mockPushback, Mockito.times(1)).mark();
+        Mockito.verify(mockPushback, Mockito.times(1)).next();
+        Mockito.verify(mockPushback, Mockito.times(1)).reset();
+        
+    }
+    
+    /**
+     * If the first character is a single tick, and the second character is null, null is expected
+     */
+    @Test
+    public void testAnsiDecodePushbackSequenceNullSecondElementReturnsNull() {
+        PushbackSequence<Character> mockPushback = Mockito.mock(PushbackSequence.class);
+        Mockito.when(mockPushback.next()).thenReturn('\'').thenReturn(null);
+        
+        Character decChar = uitAnsi.decodeCharacter(mockPushback);
+        Assert.assertNull(decChar);
+        
+        Mockito.verify(mockPushback, Mockito.times(1)).mark();
+        Mockito.verify(mockPushback, Mockito.times(2)).next();
+        Mockito.verify(mockPushback, Mockito.times(1)).reset();
+        
+    }
+    
+    /**
+     * If the first character is a single tick and the second character is NOT a single tick (escaped tick), then null is expected.
+     */
+    @Test
+    public void testAnsiDecodePushbackSequenceNonTickSecondElmentReturnsNull() {
+        PushbackSequence<Character> mockPushback = Mockito.mock(PushbackSequence.class);
+        Mockito.when(mockPushback.next()).thenReturn('\'').thenReturn('A');
+        
+        Character decChar = uitAnsi.decodeCharacter(mockPushback);
+        Assert.assertNull(decChar);
+        
+        Mockito.verify(mockPushback, Mockito.times(1)).mark();
+        Mockito.verify(mockPushback, Mockito.times(2)).next();
+        Mockito.verify(mockPushback, Mockito.times(1)).reset();
+        
+    }
+    /**
+     * If two single ticks are read in sequence, a single tick is expected.
+     */
+    @Test
+    public void testAnsiDecodePushbackSequenceReturnsSingleTick() {
+        PushbackSequence<Character> mockPushback = Mockito.mock(PushbackSequence.class);
+        Mockito.when(mockPushback.next()).thenReturn('\'').thenReturn('\'');
+        
+        Character decChar = uitAnsi.decodeCharacter(mockPushback);
+        Assert.assertEquals('\'', decChar.charValue());
+        
+        Mockito.verify(mockPushback, Mockito.times(1)).mark();
+        Mockito.verify(mockPushback, Mockito.times(2)).next();
+        Mockito.verify(mockPushback, Mockito.times(0)).reset();
+        
+    }
+
+    /**
+     * If the first character is not a single tick, null is returned.
+     */
+    @Test
+    public void testAnsiDecodePushbackSequenceNonTickFirstElementReturnsNull() {
+        PushbackSequence<Character> mockPushback = Mockito.mock(PushbackSequence.class);
+        Mockito.when(mockPushback.next()).thenReturn('A');
+        
+        Character decChar = uitAnsi.decodeCharacter(mockPushback);
+        Assert.assertNull(decChar);
+        
+        Mockito.verify(mockPushback, Mockito.times(1)).mark();
+        Mockito.verify(mockPushback, Mockito.times(1)).next();
+        Mockito.verify(mockPushback, Mockito.times(1)).reset();
+        
+    }
+    
+    /**
+     * If the first character is null, null is expected
+     */
+    @Test
+    public void testStandardDecodePushbackSequenceNullFirstElementReturnsNull() {
+        PushbackSequence<Character> mockPushback = Mockito.mock(PushbackSequence.class);
+        Mockito.when(mockPushback.next()).thenReturn(null);
+        
+        Character decChar = uitMySqlStandard.decodeCharacter(mockPushback);
+        Assert.assertNull(decChar);
+        
+        Mockito.verify(mockPushback, Mockito.times(1)).mark();
+        Mockito.verify(mockPushback, Mockito.times(1)).next();
+        Mockito.verify(mockPushback, Mockito.times(1)).reset();
+        
+    }
+    /**
+     * If the first character is a backslash, and the second character is null, null is expected
+     */
+    @Test
+    public void testStandardDecodePushbackSequenceNullSecondElementReturnsNull() {
+        PushbackSequence<Character> mockPushback = Mockito.mock(PushbackSequence.class);
+        Mockito.when(mockPushback.next()).thenReturn('\\').thenReturn(null);
+        
+        Character decChar = uitMySqlStandard.decodeCharacter(mockPushback);
+        Assert.assertNull(decChar);
+        
+        Mockito.verify(mockPushback, Mockito.times(1)).mark();
+        Mockito.verify(mockPushback, Mockito.times(2)).next();
+        Mockito.verify(mockPushback, Mockito.times(1)).reset();
+        
+    }
+    
+    @Test
+    public void testCreateAnsiByInt() {
+        MySQLCodec codec = new MySQLCodec(MySQLCodec.ANSI_MODE);
+        Object configMode = Whitebox.getInternalState(codec, "mode");
+        Assert.assertEquals(Mode.ANSI, configMode);
+    }
+    
+    @Test
+    public void testCreateStandardByInt() {
+        MySQLCodec codec = new MySQLCodec(MySQLCodec.MYSQL_MODE);
+        Object configMode = Whitebox.getInternalState(codec, "mode");
+        Assert.assertEquals(Mode.STANDARD, configMode);
+    }
+    
+    @Test
+    public void testCreateUnsupportedModeByInt() {
+        exEx.expect(IllegalArgumentException.class);
+        String message = String.format("No Mode for %s. Valid references are MySQLStandard: %s or ANSI: %s", Integer.MIN_VALUE, MySQLCodec.MYSQL_MODE, MySQLCodec.ANSI_MODE);
+        exEx.expectMessage(message);
+        new MySQLCodec(Integer.MIN_VALUE);
+       
+    }
+    private static class InclusiveRangePair {
+        private final int upperInclusive;
+        private final int lowerInclusive;
+
+        public InclusiveRangePair (int minValueAllowed,int maxValueAllowed) {
+            upperInclusive = maxValueAllowed;
+            lowerInclusive = minValueAllowed;
+        }
+
+        public boolean contains (int value) {
+            return value >= lowerInclusive && value <= upperInclusive;
+        }
+
+        public int getUpperLimit() {
+            return upperInclusive;
+        }
+
+        public int getLowerLimit() {
+            return lowerInclusive;
+        }
+    }
+}
diff --git a/src/test/java/org/owasp/esapi/reference/EncoderTest.java b/src/test/java/org/owasp/esapi/reference/EncoderTest.java
index cdef5e06a..78a6dc537 100644
--- a/src/test/java/org/owasp/esapi/reference/EncoderTest.java
+++ b/src/test/java/org/owasp/esapi/reference/EncoderTest.java
@@ -462,7 +462,8 @@ public void testEncodeForSQL() {
     public void testMySQLANSIModeQuoteInjection() {
         Encoder instance = ESAPI.encoder();
         Codec c = new MySQLCodec(MySQLCodec.Mode.ANSI);
-        assertEquals("MySQL Ansi Quote Injection Bug", " or 1=1 -- -", instance.encodeForSQL(c, "\" or 1=1 -- -"));
+        //No special handling is required for double quotes in ANSI_Quotes mode
+        assertEquals("MySQL Ansi Quote Injection Bug", "\" or 1=1 -- -", instance.encodeForSQL(c, "\" or 1=1 -- -"));
     }
 
     

From bba046e5ecb2eb7216505e3516dbd4fb5b77dde5 Mon Sep 17 00:00:00 2001
From: jeremiahjstacey <jeremiah.j.stacey@gmail.com>
Date: Tue, 22 Jan 2019 20:43:59 -0600
Subject: [PATCH 524/812] Date validation rule 299 (#468)

* DateValidationRule Logic Updates

Updating the parsing logic of the DateValidationRule to not only verify a
date can be constructed from the input string in a known format, but also
that the generated Date can be reformatted back to the same String
content.  This adds additional security for cases where the DateFormatter
accepts characters postfixed to an otherwise valid date.

As a result two tests in ValidationTest.java had to be updated to use the
correct explicit format.  The data sets were using full-name month, day,
year content, but supplying the MEDIUM format. Updating the provided
format to LONG allowed the new check to function as desired.

* DateValidationRule Test Content

Adding test cases presented in the github issue

* Dependency Cleanup: JodaTime

Removing JodaTime dependency from Pom.  It had been introduced to
potentially address date/time parsing issues, but had not yet been applied
to the baseline.

* DateValidationRule Test Content

Updating test to actually use assertions in execution so that the intended
state is verified.

* DateValidationRule Test Content

Adding additional test case content.

* Validation Test Cleanup

Converting ValidationErrorList Test to use Junit4 syntax.

* Validation Test Cleanup

Updating assertions used in ValidationErrorList for more information in
Junit test failure cases.

* Validation Test Cleanup

Breaking the exception cases of the ValidationErrorListTest into separate
test blocks.  Updated to use the ExpectedException Rule.

Corrected wording in implementation error message on null context.
Corrected message in implementation on null ValidationException reference.

* Validation Test Cleanup

Test updates to use class-scope references rather than on a per-test
basis.

Removed method to create ValidationException.  Catch block indicated that
a specific exception had been thrown at one point.  I checked the call
heirarchy and verified that exception is not being explicitly thrown at
this time.

* Validation Test Cleanup

ValidationErrorListTest:
  Removed sysouts
  Cleaned unused imports
  Formatted file (removed tab chars & adjusted indent)

* Validation Test Cleanup BaseValidationRuleTest

Converting test to Junit4 Syntax.

* Validation Test Cleanup: BaseValidationRuleTest

Commenting out the current test.  Upon inspection, the test is not fulfilling the commented intent.  Instead of validating that the BaseValidationRule throws exceptions, it is only verifying that the test-scope stub implementation throws. Going to keep it around so I can verify I'm fulfilling the intent in the new implementation content before deleting that code

* Validation Test Cleanup: BaseValidationRuleTest

Re-implementing the tests for BaseValidationRule.

** This commit contains a failing test (testWhitelistSetExtendedCharacterSets)**
I do not know how to test utf-16 character sets, but I think it is something that needs to be done.

I have listed a concern with potential side-effects of using ValidationErrorList in the BaseValidationRule.  Refer to testGetValidMultipleExceptionSameContextThrowsRuntimeException for more information.

* Validation Test Cleanup: DateValidationRuleTest

Initial basic tests for general class functionality.

* Validation Test Cleanup: DateValidationRuleTest

Adding validations to ensure that DateFormat leniency is being set in accordance with the SecurityConfiguration ACCEPT_LENIENT_DATES value.

Still light in the context that I'm not verifying the value is derived from the SecurityConfiguration, but I am at least checking that the date format is being updated and that the value being applied matches the test-scope settings.

* DateValidationRule Logic & Test Updates

Updating the implementation so the process of generating a String from the parsed date and comparing it with the canonicalized input only happens during the sanitize workflow.  This will allow for the DateFormat contract for leniency and ESAPI's contract for security to remain intact (I think).

In essence, getValid is asking if the configured DateFormat can parse any date out of String being provided. That's completely on the DateFormat instance. If it works then return it, if it doesn't the throw the ValidationException.

On the other hand, sanitize is asking for a safe representation of the String. For that we can add the additional cross check and be more stringent in the criteria. Meaning if the same String that was used to generate the Date cannot be recreated from that date then we don't trust the input.

Tests were updated to reflect this workflow, and the data set used to check 299 in the ValidatorTest has been integrated into DateValidationRuleTest.

* Validation Test Updates: BaseValidationRuleTest

Ignoring the explictly fail case in the test.

* DateValidation Corrections for DefaultValidator

Adding another sanitize method to the DateValidationRule which accepts the ValidationErrorList in addition to the other parameters.

Updating DefaultValidator to use the new sanitize method and check the error list to verify the returned date before passing it along to the client.  If there are no errors, we're gtg; otherwise, the ValidationError at the first index is rethrown.

* DateValidationTest API Extension

Adding tests for new sanitize API method.

* DefaultValidator Date Validation Logic Update

Altering method chaining to defer to the getValidDate which uses the ValidationErrorList which now contains the delegation to the DateValidationRule.

* DefaultValidator Date API Testing

Creating a new test class that focuses on testing the DATE API of
DefaultValidator.

This is a wireframe commit.

* DefaultValidator Date API Testing

Successful interception of the DateValidatorRule construction. When
DefaultValidator instantiates a new instance internally, it receives the
test-scope spy.

This will allow us to check that the intended workflow of how the
DefaultValidator delegates to the DateValidatorRule is operating as
expected without needing to re-test the conditions already verified in the
DateValidatorRuleTest.

* DefaultValidator Logic Update & Date API Tests

Working tests to verify happy-path workflow through DefaultValidator Date
API.

Logic update to isValidDate with ValidationErrorList to use the
ValidationErrorList that is passed in with the delegated
DateValidationRule.sanitize call.

* DefaultValidator Date API Negative Tests

Verifying workflow and response from the DateAPI when the
DateValidationRule would result in a ValidationException being thrown.

* DefaultValidator Date API Test Cleanup

No functional changes. Mostly updating static imports and references.

* DefaultValidator cleanup

Fixing inconsistent indentation in updated method block.

* ValidatorTest Cleanup :: New ESAPI API Test

Created a new test for the static ESAPI class which verifies the workflow by which the runtime Validator is derived.

Removed the date validity tests from the ValidatorTest.  All pertinent content has been divided into the BaseValidationRuleTest, DateValidationRuleTest, ValidationErrorListTest, DefaultValidatorDateAPITest, and ESAPIContractAPITests.

The specific conditions have been shifted to be exclusively against the implementation (BaseValidationRuleTest). It is shown that the DefaultValidator uses BaseValidationRule in all date-related checks (DefaultValidatorDateAPITest).  And we know that if the user configures the ESAPI validator property to the DefaultValidator it will resolve at runtime (ESAPIContractAPITests).

* DateValdationRuleTest Additions

Adding Powermock tests that show the lenient setting is derived from the
SecurityConfiguration and is applied to the DateFormat reference both when
a DateValidationRule is constructed, and when the setDateFormat method is
invoked.

I chose to implement this as a unique test since PowermockRunner impacts my ability to see code coverage.

* BaseValidationRuleTest UTF-16 Whitelist Addition

Replacing ignore/fail of test impl with content showing that extended
character sets can be whitelisted through the implementation.
---
 pom.xml                                       |   6 -
 .../org/owasp/esapi/ValidationErrorList.java  |   4 +-
 .../esapi/reference/DefaultValidator.java     |  37 +-
 .../validation/DateValidationRule.java        |  42 ++-
 .../org/owasp/esapi/ESAPIContractAPITest.java |  52 +++
 .../owasp/esapi/ValidationErrorListTest.java  | 164 +++-----
 .../DefaultValidaterDateAPITest.java          | 198 ++++++++++
 .../owasp/esapi/reference/ValidatorTest.java  |  95 ++---
 .../validation/BaseValidationRuleTest.java    | 352 ++++++++++++++----
 .../DateValidationRulePowerMockTest.java      | 141 +++++++
 .../validation/DateValidationRuleTest.java    | 248 ++++++++++++
 11 files changed, 1044 insertions(+), 295 deletions(-)
 create mode 100644 src/test/java/org/owasp/esapi/ESAPIContractAPITest.java
 create mode 100644 src/test/java/org/owasp/esapi/reference/DefaultValidaterDateAPITest.java
 create mode 100644 src/test/java/org/owasp/esapi/reference/validation/DateValidationRulePowerMockTest.java
 create mode 100644 src/test/java/org/owasp/esapi/reference/validation/DateValidationRuleTest.java

diff --git a/pom.xml b/pom.xml
index 85e457a1d..35da50899 100644
--- a/pom.xml
+++ b/pom.xml
@@ -129,12 +129,6 @@
     </properties>
 
     <dependencies>
-        <!-- https://mvnrepository.com/artifact/joda-time/joda-time -->
-        <dependency>
-            <groupId>joda-time</groupId>
-            <artifactId>joda-time</artifactId>
-            <version>2.10</version>
-        </dependency>
         <dependency>
             <groupId>commons-configuration</groupId>
             <artifactId>commons-configuration</artifactId>
diff --git a/src/main/java/org/owasp/esapi/ValidationErrorList.java b/src/main/java/org/owasp/esapi/ValidationErrorList.java
index 2abeb70a6..6479ff376 100644
--- a/src/main/java/org/owasp/esapi/ValidationErrorList.java
+++ b/src/main/java/org/owasp/esapi/ValidationErrorList.java
@@ -91,8 +91,8 @@ public class ValidationErrorList {
 	 * @param vex	A {@code ValidationException}.
 	 */
 	public void addError(String context, ValidationException vex) {
-		if ( context == null ) throw new RuntimeException( "Context for cannot be null: " + vex.getLogMessage(), vex );
-		if ( vex == null ) throw new RuntimeException( "Context (" + context + ") cannot be null" );
+		if ( context == null ) throw new RuntimeException( "Context cannot be null: " + vex.getLogMessage(), vex );
+		if ( vex == null ) throw new RuntimeException( "ValidationException cannot be null for context  (" + context + ")" );
 		if (getError(context) != null) throw new RuntimeException("Context (" + context + ") already exists, must be unique");
 		errorList.put(context, vex);
 	}
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultValidator.java b/src/main/java/org/owasp/esapi/reference/DefaultValidator.java
index 92bef36c6..1a05534c0 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultValidator.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultValidator.java
@@ -277,35 +277,38 @@ public boolean isValidDate(String context, String input, DateFormat format, bool
 	 * {@inheritDoc}
 	 */
 	public boolean isValidDate(String context, String input, DateFormat format, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
-		try {
-			getValidDate( context, input, format, allowNull);
-			return true;
-		} catch( ValidationException e ) {
-            errors.addError(context, e);
-			return false;
-		}
+	    getValidDate( context, input, format, allowNull, errors);
+	    return errors.isEmpty();
 	}
 
 	/**
 	 * {@inheritDoc}
 	 */
 	public Date getValidDate(String context, String input, DateFormat format, boolean allowNull) throws ValidationException, IntrusionException {
-		DateValidationRule dvr = new DateValidationRule( "SimpleDate", encoder, format);
-		dvr.setAllowNull(allowNull);
-		return dvr.getValid(context, input);
+		
+		ValidationErrorList vel = new ValidationErrorList();
+		Date validDate =  getValidDate(context, input, format, allowNull, vel);
+		
+		if (vel.isEmpty()) {
+		    return validDate;
+		}
+		
+		throw vel.errors().get(0);
 	}
 
 	/**
 	 * {@inheritDoc}
 	 */
 	public Date getValidDate(String context, String input, DateFormat format, boolean allowNull, ValidationErrorList errors) throws IntrusionException {
-		try {
-			return getValidDate(context, input, format, allowNull);
-		} catch (ValidationException e) {
-			errors.addError(context, e);
-		}
-		// error has been added to list, so return null
-		return null;
+	    Date safeDate = null;
+	    DateValidationRule dvr = new DateValidationRule( "SimpleDate", encoder, format);
+	    dvr.setAllowNull(allowNull);
+	    safeDate = dvr.sanitize(context, input, errors);
+	    if (!errors.isEmpty()) {
+	        safeDate = null;
+	    }
+	    // error has been added to list, so return null
+	    return safeDate;
 	}
 
 	/**
diff --git a/src/main/java/org/owasp/esapi/reference/validation/DateValidationRule.java b/src/main/java/org/owasp/esapi/reference/validation/DateValidationRule.java
index 8d031a12f..d7cfe15d6 100644
--- a/src/main/java/org/owasp/esapi/reference/validation/DateValidationRule.java
+++ b/src/main/java/org/owasp/esapi/reference/validation/DateValidationRule.java
@@ -21,6 +21,7 @@
 import org.owasp.esapi.ESAPI;
 import org.owasp.esapi.Encoder;
 import org.owasp.esapi.StringUtilities;
+import org.owasp.esapi.ValidationErrorList;
 import org.owasp.esapi.errors.ValidationException;
 
 /**
@@ -60,7 +61,7 @@ public final void setDateFormat( DateFormat newFormat ) {
      * {@inheritDoc}
      */
 	public Date getValid( String context, String input ) throws ValidationException {
-		return safelyParse(context, input);
+		return safelyParse(context, input, false);
 	}
 
     /**
@@ -70,16 +71,25 @@ public Date getValid( String context, String input ) throws ValidationException
      */
 	@Override
 	public Date sanitize( String context, String input )  {
-		Date date = new Date(0);
-		try {
-			date = safelyParse(context, input);
-		} catch (ValidationException e) {
-			// do nothing
-	    }
-		return date;
+		return sanitize(context, input, null);
 	}
+	
+	/**
+     * {@inheritDoc}
+     */
+    public Date sanitize( String context, String input, ValidationErrorList errorList )  {
+        Date date = new Date(0);
+        try {
+            date = safelyParse(context, input, true);
+        } catch (ValidationException e) {
+            if (errorList != null) {
+                errorList.addError(context, e);
+            }
+        }
+        return date;
+    }
 	    
-	private Date safelyParse(String context, String input)
+	private Date safelyParse(String context, String input, boolean sanitize)
 			throws ValidationException {
 		// CHECKME should this allow empty Strings? "   " use IsBlank instead?
 		if (StringUtilities.isEmpty(input)) {
@@ -91,10 +101,16 @@ private Date safelyParse(String context, String input)
 							+ input, context);
 		}
 
-	    String canonical = encoder.canonicalize(input);
-
-		try {
-			return format.parse(canonical);
+		 String canonical = encoder.canonicalize(input);
+	        try {
+	            Date rval = format.parse(canonical);
+	            if (sanitize) {
+	                String cycled = format.format(rval);
+	                if (!cycled.equals(canonical)) {
+	                    throw new Exception("Parameter date is not a clean translation between String and Date contexts.  Check input for additional characters");
+	                }
+	            }
+	            return rval;
 		} catch (Exception e) {
 			throw new ValidationException(context
 					+ ": Invalid date must follow the "
diff --git a/src/test/java/org/owasp/esapi/ESAPIContractAPITest.java b/src/test/java/org/owasp/esapi/ESAPIContractAPITest.java
new file mode 100644
index 000000000..e23a60650
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/ESAPIContractAPITest.java
@@ -0,0 +1,52 @@
+package org.owasp.esapi;
+
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.ArgumentMatchers;
+import org.mockito.Mock;
+import org.mockito.Mockito;
+import org.mockito.internal.verification.VerificationModeFactory;
+import org.owasp.esapi.util.ObjFactory;
+import org.powermock.api.mockito.PowerMockito;
+import org.powermock.core.classloader.annotations.PrepareForTest;
+import org.powermock.modules.junit4.PowerMockRunner;
+
+
+@RunWith(PowerMockRunner.class)
+@PrepareForTest({ObjFactory.class})
+public class ESAPIContractAPITest {
+
+    @Mock
+    private SecurityConfiguration mockSecConfig;
+    
+    @Mock
+    private Validator mockValidator;
+    
+    @Before
+    public void configureStaticContexts() throws Exception {
+        PowerMockito.mockStatic(ObjFactory.class);
+        PowerMockito.when(ObjFactory.class, "make", ArgumentMatchers.anyString(), ArgumentMatchers.eq("SecurityConfiguration")).thenReturn(mockSecConfig);
+        PowerMockito.when(ObjFactory.class, "make", ArgumentMatchers.eq("MOCK_TEST_VALIDATOR"), ArgumentMatchers.eq("Validator")).thenReturn(mockValidator);
+        
+        PowerMockito.when(mockSecConfig.getValidationImplementation()).thenReturn("MOCK_TEST_VALIDATOR");
+    }
+    
+    @Test
+    public void testValidatorFromConfiguration() {
+        Validator validator = ESAPI.validator();
+        Assert.assertEquals("ESAPI Configuration should return Validator as specified by the SecurityConfiguration", mockValidator, validator);
+        
+        PowerMockito.verifyStatic(ObjFactory.class, VerificationModeFactory.times(1));
+        ObjFactory.make(ArgumentMatchers.anyString(), ArgumentMatchers.eq("SecurityConfiguration"));
+        
+        PowerMockito.verifyStatic(ObjFactory.class, VerificationModeFactory.times(1));
+        ObjFactory.make(ArgumentMatchers.eq("MOCK_TEST_VALIDATOR"), ArgumentMatchers.eq("Validator"));
+        
+        PowerMockito.verifyNoMoreInteractions(ObjFactory.class);
+        
+        Mockito.verify(mockSecConfig, Mockito.times(1)).getValidationImplementation();
+    }
+   
+}
diff --git a/src/test/java/org/owasp/esapi/ValidationErrorListTest.java b/src/test/java/org/owasp/esapi/ValidationErrorListTest.java
index 230e54130..18c6450f4 100644
--- a/src/test/java/org/owasp/esapi/ValidationErrorListTest.java
+++ b/src/test/java/org/owasp/esapi/ValidationErrorListTest.java
@@ -15,126 +15,76 @@
  */
 package org.owasp.esapi;
 
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
 
-import org.owasp.esapi.errors.IntrusionException;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.ExpectedException;
+import org.junit.rules.TestName;
 import org.owasp.esapi.errors.ValidationException;
 
+
 /**
  * @author Jeff Williams (jeff.williams@aspectsecurity.com)
  */
-public class ValidationErrorListTest extends TestCase {
-
-	/**
-	 * Instantiates a new executor test.
-	 * 
-	 * @param testName
-	 *            the test name
-	 */
-	public ValidationErrorListTest(String testName) {
-		super(testName);
-	}
-
-	/**
-     * {@inheritDoc}
-     *
-     * @throws Exception
-     */
-	protected void setUp() throws Exception {
-		// none
-	}
+public class ValidationErrorListTest {
+    @Rule
+    public ExpectedException exEx = ExpectedException.none();
+    @Rule
+    public TestName testName = new TestName();
 
-	/**
-     * {@inheritDoc}
-     *
-     * @throws Exception
-     */
-	protected void tearDown() throws Exception {
-		// none
-	}
+    ValidationErrorList vel = new ValidationErrorList();
+    ValidationException vex = new ValidationException(testName.getMethodName(), testName.getMethodName());
+    @Test
+    public void testAddErrorNullContextThrows() {
+        exEx.expect(RuntimeException.class);
+        exEx.expectMessage("Context cannot be null");
+        vel.addError(null, vex);
+    }
 
-	/**
-	 * Suite.
-	 * 
-	 * @return the test
-	 */
-	public static Test suite() {
-		TestSuite suite = new TestSuite(ValidationErrorListTest.class);
-		return suite;
-	}
-	
-	public void testAddError() throws Exception {
-		System.out.println("testAddError");
-		ValidationErrorList vel = new ValidationErrorList();
-		ValidationException vex = createValidationException();
-		vel.addError("context", vex );
-		try {
-			vel.addError(null, vex );
-			fail();
-		} catch( Exception e ) {
-			// expected
-		}
-		try {
-			vel.addError("context1", null );
-			fail();
-		} catch( Exception e ) {
-			// expected
-		}
-		try {
-			vel.addError("context", vex );  // add the same context again
-			fail();
-		} catch( Exception e ) {
-			// expected
-		}
-	}
+    @Test
+    public void testAddErrorNullExceptionThrows() {
+        exEx.expect(RuntimeException.class);
+        exEx.expectMessage("ValidationException cannot be null");
+        vel.addError(testName.getMethodName(), null);
+    }
+    public void testAddErrorDuplicateContextThrows() {
+        exEx.expect(RuntimeException.class);
+        exEx.expectMessage("already exists, must be unique");
+        vel.addError(testName.getMethodName(), vex);
+        vel.addError(testName.getMethodName(), vex);
+    }
 
-	public void testErrors() throws Exception {
-		System.out.println("testErrors");
-		ValidationErrorList vel = new ValidationErrorList();
-		ValidationException vex = createValidationException();
-		vel.addError("context",  vex );
-		assertTrue( vel.errors().get(0) == vex );
-	}
+    @Test
+    public void testErrors() throws Exception {
+        vel.addError("context",  vex );
+        assertTrue("Validation Errors List should contain the added ValidationException Reference",vel.errors().contains( vex) );
+    }
 
-	public void testGetError() throws Exception {
-		System.out.println("testGetError");
-		ValidationErrorList vel = new ValidationErrorList();
-		ValidationException vex = createValidationException();
-		vel.addError("context",  vex );
-		assertTrue( vel.getError( "context" ) == vex );
-		assertTrue( vel.getError( "ridiculous" ) == null );
-	}
+    @Test
+    public void testGetError() throws Exception {
+        vel.addError("context",  vex );
+        assertTrue( vel.getError( "context" ) == vex );
+        assertNull( vel.getError( "ridiculous" ) );
+    }
 
-	public void testIsEmpty() throws Exception {
-		System.out.println("testIsEmpty");
-		ValidationErrorList vel = new ValidationErrorList();
-		assertTrue( vel.isEmpty() );
-		ValidationException vex = createValidationException();
-		vel.addError("context",  vex );
-		assertFalse( vel.isEmpty() );
-	}
+    @Test
+    public void testIsEmpty() throws Exception {
+        assertTrue( vel.isEmpty() );
+        vel.addError("context",  vex );
+        assertFalse( vel.isEmpty() );
+    }
 
-	public void testSize() throws Exception {
-		System.out.println("testSize");
-		ValidationErrorList vel = new ValidationErrorList();
-		assertTrue( vel.size() == 0 );
-		ValidationException vex = createValidationException();
-		vel.addError("context",  vex );
-		assertTrue( vel.size() == 1 );
-	}
+    @Test
+    public void testSize() throws Exception {
+        assertEquals(0, vel.size() );
+        vel.addError("context",  vex );
+        assertEquals(1, vel.size());
+    }
 
-	private ValidationException createValidationException() {
-		ValidationException vex = null;
-		try {
-			vex = new ValidationException("User message", "Log Message");
-		} catch( IntrusionException e ) {
-			// expected occasionally
-		}
-		return vex;
-	}
-	
 }
 
 
diff --git a/src/test/java/org/owasp/esapi/reference/DefaultValidaterDateAPITest.java b/src/test/java/org/owasp/esapi/reference/DefaultValidaterDateAPITest.java
new file mode 100644
index 000000000..5e552c5b4
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/reference/DefaultValidaterDateAPITest.java
@@ -0,0 +1,198 @@
+package org.owasp.esapi.reference;
+
+
+import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.ArgumentMatchers.isA;
+import static org.mockito.Mockito.atLeastOnce;
+import static org.mockito.Mockito.doReturn;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.spy;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyNoMoreInteractions;
+import static org.powermock.api.mockito.PowerMockito.whenNew;
+
+import java.text.DateFormat;
+import java.util.Arrays;
+import java.util.Date;
+import java.util.Locale;
+
+import org.hamcrest.core.Is;
+import org.junit.After;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.ExpectedException;
+import org.junit.rules.TestName;
+import org.junit.runner.RunWith;
+import org.owasp.esapi.Encoder;
+import org.owasp.esapi.ValidationErrorList;
+import org.owasp.esapi.errors.IntrusionException;
+import org.owasp.esapi.errors.ValidationException;
+import org.owasp.esapi.reference.validation.DateValidationRule;
+import org.powermock.core.classloader.annotations.PrepareForTest;
+import org.powermock.modules.junit4.PowerMockRunner;
+
+/**
+ * This class contains a subsection of tests of the DefaultValidator class 
+ * SPECIFIC TO THE DATE VALIDATION API.
+ * 
+ */
+@RunWith(PowerMockRunner.class)
+@PrepareForTest(DefaultValidator.class)
+public class DefaultValidaterDateAPITest {
+    @Rule
+    public ExpectedException exEx = ExpectedException.none();
+    @Rule
+    public TestName testName = new TestName();
+    private String dateString="Input Does not matter in this context";
+    
+    private ValidationException validationEx;
+    private Date testDate = new Date();
+    private String contextStr;
+    private Encoder mockEncoder;
+    private DateFormat testFormat = DateFormat.getDateInstance(DateFormat.MEDIUM, Locale.US);
+    private DateValidationRule spyDateRule;
+    private ValidationErrorList errors = new ValidationErrorList();
+    
+    private DefaultValidator uit;
+    
+    
+    @Before
+    public void setup() throws Exception {
+        contextStr = testName.getMethodName();
+        
+        validationEx = new ValidationException(contextStr, contextStr);
+        
+        mockEncoder = mock(Encoder.class);
+        uit = new DefaultValidator(mockEncoder);
+        
+        spyDateRule = new DateValidationRule(contextStr, mockEncoder, testFormat);
+        spyDateRule = spy(spyDateRule);
+        whenNew(DateValidationRule.class).withArguments(anyString(), eq(mockEncoder), eq(testFormat)).thenReturn(spyDateRule);
+        
+        errors = spy(errors);
+        whenNew(ValidationErrorList.class).withNoArguments().thenReturn(errors);
+    }
+    
+    @After
+    public void tearDown() {
+        verifyNoMoreInteractions(spyDateRule, errors);
+    }
+    
+    @Test
+    public void testIsValidDate() {
+        doReturn(testDate).when(spyDateRule).sanitize(eq(contextStr), eq(dateString), isA(ValidationErrorList.class));
+        
+        boolean isValid = uit.isValidDate(contextStr, dateString, testFormat, true);
+        Assert.assertTrue("Mock is configured to return a valid date, return should be equally valid.", isValid);
+        
+        verify(errors, atLeastOnce()).isEmpty();
+        verify(errors, times(0)).errors();
+        verify(spyDateRule, times(1)).setAllowNull(true);
+        verify(spyDateRule, times(1)).sanitize(eq(contextStr), eq(dateString), isA(ValidationErrorList.class));
+    }
+    
+    @Test
+    public void testIsValidDateErrorList() {
+        doReturn(testDate).when(spyDateRule).sanitize(eq(contextStr), eq(dateString), isA(ValidationErrorList.class));
+        
+        boolean isValid = uit.isValidDate(contextStr, dateString, testFormat, true, errors);
+        Assert.assertTrue("Mock is configured to return a valid date, return should be equally valid.", isValid);
+        
+        verify(errors, atLeastOnce()).isEmpty();
+        verify(errors, times(0)).errors();
+        verify(spyDateRule, times(1)).setAllowNull(true);
+        verify(spyDateRule, times(1)).sanitize(eq(contextStr), eq(dateString), eq(errors));
+    }
+    
+    @Test
+    public void testGetValidDate() throws IntrusionException, ValidationException {
+        doReturn(testDate).when(spyDateRule).sanitize(eq(contextStr), eq(dateString), isA(ValidationErrorList.class));
+        Date validDate = uit.getValidDate(contextStr, dateString, testFormat, true);
+        Assert.assertEquals("ValidDate should match the mock's configured return value", testDate, validDate);
+        
+        verify(errors, atLeastOnce()).isEmpty();
+        verify(errors, times(0)).errors();
+        verify(spyDateRule, times(1)).setAllowNull(true);
+        verify(spyDateRule, times(1)).sanitize(eq(contextStr), eq(dateString), isA(ValidationErrorList.class));
+    }
+    
+    @Test
+    public void testGetValidDateErrorList() {
+        doReturn(testDate).when(spyDateRule).sanitize(eq(contextStr), eq(dateString), isA(ValidationErrorList.class));
+        Date validDate = uit.getValidDate(contextStr, dateString, testFormat, true, errors);
+        Assert.assertEquals("ValidDate should match the mock's configured return value", testDate, validDate);
+        
+        verify(errors, atLeastOnce()).isEmpty();
+        verify(errors, times(0)).errors();
+        verify(spyDateRule, times(1)).setAllowNull(true);
+        verify(spyDateRule, times(1)).sanitize(eq(contextStr), eq(dateString), eq(errors));
+    }
+    
+    
+    @Test
+    public void testIsValidDateOnValidationError() {
+        doReturn(false).when(errors).isEmpty();
+        doReturn(Arrays.asList(validationEx)).when(errors).errors();
+        
+        doReturn(testDate).when(spyDateRule).sanitize(eq(contextStr), eq(dateString), isA(ValidationErrorList.class));
+        
+        boolean isValid = uit.isValidDate(contextStr, dateString, testFormat, true);
+        Assert.assertFalse("On ValidationException input should be invalid", isValid);
+        
+        verify(errors, atLeastOnce()).isEmpty();
+        verify(errors, times(1)).errors();
+        verify(spyDateRule, times(1)).setAllowNull(true);
+        verify(spyDateRule, times(1)).sanitize(eq(contextStr), eq(dateString), isA(ValidationErrorList.class));
+    }
+    
+    @Test
+    public void testIsValidDateErrorListOnValidationError() {
+        doReturn(false).when(errors).isEmpty();
+        doReturn(Arrays.asList(validationEx)).when(errors).errors();
+        
+        doReturn(testDate).when(spyDateRule).sanitize(eq(contextStr), eq(dateString), isA(ValidationErrorList.class));
+        
+        boolean isValid = uit.isValidDate(contextStr, dateString, testFormat, true, errors);
+        Assert.assertFalse("On ValidationException input should be invalid", isValid);
+        
+        verify(errors, times(2)).isEmpty();
+        verify(errors, times(0)).errors();
+        verify(spyDateRule, times(1)).setAllowNull(true);
+        verify(spyDateRule, times(1)).sanitize(eq(contextStr), eq(dateString), eq(errors));
+    }
+    @Test
+    public void testGetValidDateOnValidationError() throws IntrusionException, ValidationException {
+        exEx.expect(Is.is(validationEx));
+        doReturn(false).when(errors).isEmpty();
+        doReturn(Arrays.asList(validationEx)).when(errors).errors();
+
+        doReturn(testDate).when(spyDateRule).sanitize(eq(contextStr), eq(dateString), isA(ValidationErrorList.class));
+        try {
+            uit.getValidDate(contextStr, dateString, testFormat, true);
+        } finally {
+            verify(errors, atLeastOnce()).isEmpty();
+            verify(errors, times(1)).errors();
+            verify(spyDateRule, times(1)).setAllowNull(true);
+            verify(spyDateRule, times(1)).sanitize(eq(contextStr), eq(dateString), isA(ValidationErrorList.class));
+        }
+    }
+    
+    @Test
+    public void testGetValidDateErrorListOnValidationError() {
+        doReturn(false).when(errors).isEmpty();
+        doReturn(Arrays.asList(validationEx)).when(errors).errors();
+
+        doReturn(testDate).when(spyDateRule).sanitize(eq(contextStr), eq(dateString), isA(ValidationErrorList.class));
+        Date validDate = uit.getValidDate(contextStr, dateString, testFormat, true, errors);
+        Assert.assertNull(validDate);
+        verify(errors, atLeastOnce()).isEmpty();
+        verify(errors, times(0)).errors();
+        verify(spyDateRule, times(1)).setAllowNull(true);
+        verify(spyDateRule, times(1)).sanitize(eq(contextStr), eq(dateString), isA(ValidationErrorList.class));
+    }
+
+}
diff --git a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
index c25052b9d..d78f2f38a 100644
--- a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
+++ b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
@@ -15,10 +15,27 @@
  */
 package org.owasp.esapi.reference;
 
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-import org.owasp.esapi.*;
+import java.io.BufferedReader;
+import java.io.ByteArrayInputStream;
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.io.UnsupportedEncodingException;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+import javax.servlet.http.Cookie;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Encoder;
+import org.owasp.esapi.EncoderConstants;
+import org.owasp.esapi.SecurityConfiguration;
+import org.owasp.esapi.ValidationErrorList;
+import org.owasp.esapi.ValidationRule;
+import org.owasp.esapi.Validator;
 import org.owasp.esapi.errors.ValidationException;
 import org.owasp.esapi.filters.SecurityWrapperRequest;
 import org.owasp.esapi.http.MockHttpServletRequest;
@@ -27,12 +44,9 @@
 import org.owasp.esapi.reference.validation.StringValidationRule;
 import org.owasp.esapi.util.TestUtils;
 
-import javax.servlet.http.Cookie;
-import java.io.*;
-import java.net.URI;
-import java.text.DateFormat;
-import java.text.SimpleDateFormat;
-import java.util.*;
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
 
 /**
  * The Class ValidatorTest.
@@ -131,49 +145,6 @@ public void testGetValidCreditCard() {
         assertTrue(errors.size()==4);
     }
 
-    public void testGetValidDate() throws Exception {
-    	System.out.println("getValidDate");
-    	Validator instance = ESAPI.validator();
-    	ValidationErrorList errors = new ValidationErrorList();
-    	assertTrue(instance.getValidDate("datetest1", "June 23, 1967", DateFormat.getDateInstance(DateFormat.MEDIUM, Locale.US), false) != null);
-    	instance.getValidDate("datetest2", "freakshow", DateFormat.getDateInstance(), false, errors);
-    	assertEquals(1, errors.size());
-
-    	// TODO: This test case fails due to an apparent bug in SimpleDateFormat
-    	// Note: This seems to be fixed in JDK 6. Will leave it commented out since
-    	//		 we only require JDK 5. -kww
-    	instance.getValidDate("test", "June 32, 2008", DateFormat.getDateInstance(DateFormat.DEFAULT, Locale.US), false, errors);
-    	// assertEquals( 2, errors.size() );
-    }
-    
-    // FIXME: Should probably use SecurityConfigurationWrapper and force
-    //		  Validator.AcceptLenientDates to be false.
-    public void testLenientDate() {
-    	System.out.println("testLenientDate");
-    	boolean acceptLenientDates = ESAPI.securityConfiguration().getLenientDatesAccepted();
-    	if ( acceptLenientDates ) {
-    		assertTrue("Lenient date test skipped because Validator.AcceptLenientDates set to true", true);
-    		return;
-    	}
-
-    	Date lenientDateTest = null;
-    	try {
-    		// lenientDateTest will be null when Validator.AcceptLenientDates
-    		// is set to false (the default).
-    		Validator instance = ESAPI.validator();
-    		lenientDateTest = instance.getValidDate("datatest3-lenient", "15/2/2009 11:83:00",
-    				                                DateFormat.getDateInstance(DateFormat.SHORT, Locale.US),
-    				                                false);
-    		fail("Failed to throw expected ValidationException when Validator.AcceptLenientDates set to false.");
-    	} catch (ValidationException ve) {
-    		assertNull( lenientDateTest );
-    		Throwable cause = ve.getCause();
-    		assertTrue( cause.getClass().getName().equals("java.text.ParseException") );
-    	} catch (Exception e) {
-    		fail("Caught unexpected exception: " + e.getClass().getName() + "; msg: " + e);
-    	}
-    }
-
     public void testGetValidDirectoryPath() throws Exception {
         System.out.println("getValidDirectoryPath");
         Validator instance = ESAPI.validator();
@@ -314,24 +285,6 @@ public void testIsInvalidFilename() {
         assertFalse("Filennames cannot be the empty string", instance.isValidFileName("test", "", false));
     }
 
-    public void testIsValidDate() {
-        System.out.println("isValidDate");
-        Validator instance = ESAPI.validator();
-        DateFormat format = SimpleDateFormat.getDateInstance(SimpleDateFormat.MEDIUM, Locale.US);
-        assertTrue(instance.isValidDate("datetest1", "September 11, 2001", format, true));
-        assertFalse(instance.isValidDate("datetest2", null, format, false));
-        assertFalse(instance.isValidDate("datetest3", "", format, false));
-
-        ValidationErrorList errors = new ValidationErrorList();
-        assertTrue(instance.isValidDate("datetest1", "September 11, 2001", format, true, errors));
-        assertTrue(errors.size()==0);
-        assertFalse(instance.isValidDate("datetest2", null, format, false, errors));
-        assertTrue(errors.size()==1);
-        assertFalse(instance.isValidDate("datetest3", "", format, false, errors));
-        assertTrue(errors.size()==2);
-
-    }
-
     public void testIsValidDirectoryPath() throws IOException {
         System.out.println("isValidDirectoryPath");
 
diff --git a/src/test/java/org/owasp/esapi/reference/validation/BaseValidationRuleTest.java b/src/test/java/org/owasp/esapi/reference/validation/BaseValidationRuleTest.java
index f7adfccdb..9bf078c1a 100644
--- a/src/test/java/org/owasp/esapi/reference/validation/BaseValidationRuleTest.java
+++ b/src/test/java/org/owasp/esapi/reference/validation/BaseValidationRuleTest.java
@@ -15,87 +15,281 @@
  */
 package org.owasp.esapi.reference.validation;
 
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+import static org.mockito.Mockito.CALLS_REAL_METHODS;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+import static org.mockito.Mockito.withSettings;
 
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+import org.hamcrest.Matcher;
+import org.hamcrest.core.Is;
+import org.junit.Ignore;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.ExpectedException;
 import org.owasp.esapi.Encoder;
+import org.owasp.esapi.ValidationErrorList;
 import org.owasp.esapi.errors.ValidationException;
 
-public class BaseValidationRuleTest extends TestCase {
-
-	/**
-	 * Instantiates a new base validation rule test.
-	 * 
-	 * @param testName
-	 *            the test name
-	 */
-	public BaseValidationRuleTest(String testName) {
-		super(testName);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @throws Exception
-	 */
-	protected void setUp() throws Exception {
-		// none
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * 
-	 * @throws Exception
-	 */
-	protected void tearDown() throws Exception {
-		// none
-	}
-
-	/**
-	 * Suite.
-	 * 
-	 * @return the test
-	 */
-	public static Test suite() {
-		TestSuite suite = new TestSuite(BaseValidationRuleTest.class);
-		return suite;
-	}
-
-	/**
-	 * Verifies assertValid throws ValidationException on invalid input
-	 * Validates fix for Google issue #195
-	 * 
-	 * @throws ValidationException
-	 */
-	public void testAssertValid() throws ValidationException {
-		SampleValidationRule rule = new SampleValidationRule("UnitTest");
-		try {
-			rule.assertValid("testcontext", "badinput");
-			fail();
-		} catch (ValidationException e) {
-			// success
-		}
-	}
-
-	public class SampleValidationRule extends BaseValidationRule {
-
-		public SampleValidationRule(String typeName, Encoder encoder) {
-			super(typeName, encoder);
-		}
-
-		public SampleValidationRule(String typeName) {
-			super(typeName);
-		}
-
-		@Override
-		protected Object sanitize(String context, String input) {
-			return null;
-		}
-
-		public Object getValid(String context, String input) throws ValidationException {
-			throw new ValidationException("Demonstration Exception", "Demonstration Exception");
-		}
-
-	}
+public class BaseValidationRuleTest {
+    /**Static Test Data.*/
+    private static final String STR_VAL="";
+    private static final String EX_MSG="Expected Failure Message from " + BaseValidationRuleTest.class.getSimpleName();
+    @Rule
+    public ExpectedException exEx = ExpectedException.none();
+
+    private ValidationException testValidationEx = new ValidationException(EX_MSG, EX_MSG);
+
+    private BaseValidationRule uit = mock(BaseValidationRule.class, CALLS_REAL_METHODS);
+    @Test
+    public void testCtrNullTypeName() throws Exception { 
+        String typename = null;
+        BaseValidationRule rule = mock(BaseValidationRule.class, withSettings()
+                .useConstructor(typename)
+                .defaultAnswer(CALLS_REAL_METHODS)
+                );
+        assertNull(rule.getTypeName());
+    }
+
+    @Test
+    public void testCtrNullEncoder() {
+        String typename = "typename";
+        Encoder encoder = null;
+        BaseValidationRule rule = mock(BaseValidationRule.class, withSettings()
+                .useConstructor(typename, encoder)
+                .defaultAnswer(CALLS_REAL_METHODS)
+                );
+        assertEquals(typename, rule.getTypeName());
+        assertNull(rule.getEncoder());
+    }
+    
+    @Test
+    public void testCtrNullTypenameNullEncoder() {
+        String typename = null;
+        Encoder encoder = null;
+        BaseValidationRule rule = mock(BaseValidationRule.class, withSettings()
+                .useConstructor(typename, encoder)
+                .defaultAnswer(CALLS_REAL_METHODS)
+                );
+        assertNull(rule.getTypeName());
+        assertNull(rule.getEncoder());
+    }
+
+    @Test
+    public void testCtr2ArgHappyPath() {
+        String typename = "typename";
+        Encoder encoder = mock(Encoder.class);
+        BaseValidationRule rule =  mock(BaseValidationRule.class, withSettings()
+                .useConstructor(typename, encoder)
+                .defaultAnswer(CALLS_REAL_METHODS)
+                );
+        assertEquals(typename, rule.getTypeName());
+        assertEquals(encoder, rule.getEncoder());
+    }
+
+    @Test
+    public void testCtr1ArgHappyPath() {
+        String typename = "typename";
+        mock(BaseValidationRule.class, withSettings()
+                .useConstructor(typename)
+                .defaultAnswer(CALLS_REAL_METHODS)
+                );
+    }
+
+    @Test
+    public void testSetTypeNameNull() {
+        uit.setTypeName(null); 
+        assertNull(uit.getTypeName());
+    }
+
+    @Test
+    public void testSetTypeName() {
+        uit.setTypeName(STR_VAL);
+        assertEquals(STR_VAL, uit.getTypeName());
+    }
+
+    @Test
+    public void testSetEncoderNull() {
+        uit.setEncoder(null);
+        assertNull(uit.getEncoder());
+    }
+
+    @Test
+    public void testSetEncoder() {
+        Encoder mockEnc = mock(Encoder.class);
+        uit.setEncoder(mockEnc);
+        assertEquals(mockEnc, uit.getEncoder());
+    }
+
+    @Test
+    public void testSetAllowNull() {
+        uit.setAllowNull(true);
+        assertTrue(uit.isAllowNull());
+        uit.setAllowNull(false);
+        assertFalse(uit.isAllowNull());
+    }
+
+    @Test
+    public void testAssertValidCallsGetValid() throws ValidationException {
+        when(uit.getValid(STR_VAL, STR_VAL)).thenReturn(this);
+        uit.assertValid(STR_VAL, STR_VAL);
+        verify(uit, times(1)).getValid(STR_VAL, STR_VAL);
+    }
+    @Test
+    public void testAssertValidThrowsValidationException() throws ValidationException {
+        /*
+         * Verifies assertValid throws ValidationException on invalid input
+         * Validates fix for Google issue #195
+         */
+        Matcher<ValidationException> validationExMatch = Is.is(testValidationEx);
+        exEx.expect(validationExMatch);
+        when(uit.getValid(STR_VAL, STR_VAL)).thenThrow(testValidationEx);
+        uit.assertValid(STR_VAL, STR_VAL);
+    }
+
+    @Test
+    public void testGetValidErrorListCallsGetValid() throws ValidationException {
+        ValidationErrorList vel = new ValidationErrorList();
+        when(uit.getValid(STR_VAL, STR_VAL)).thenReturn(this);
+        Object vRef = uit.getValid(STR_VAL, STR_VAL, vel);
+        assertEquals(this, vRef);
+        verify(uit, times(1)).getValid(STR_VAL, STR_VAL);
+    }
+
+    @Test
+    public void testGetValidExceptionAddedToErrorList() throws ValidationException {
+        ValidationErrorList vel = new ValidationErrorList();
+        when(uit.getValid(STR_VAL, STR_VAL)).thenThrow(testValidationEx);
+        Object vRef = uit.getValid(STR_VAL, STR_VAL, vel);
+        assertNull(vRef);
+        List<ValidationException> elEx = vel.errors();
+        assertEquals(1, elEx.size());
+        assertEquals(testValidationEx, elEx.get(0));
+        verify(uit, times(1)).getValid(STR_VAL, STR_VAL);
+    }
+    @Test
+    public void testGetValidNullErrorListThrows() throws ValidationException {
+        Matcher<ValidationException> validationExMatch = Is.is(testValidationEx);
+        exEx.expect(validationExMatch);
+        ValidationErrorList vel = null;
+        when(uit.getValid(STR_VAL, STR_VAL)).thenThrow(testValidationEx);
+        uit.getValid(STR_VAL, STR_VAL, vel);
+    }
+
+    @Test
+    public void testGetSafeCallsGetValid() throws ValidationException {
+        when(uit.getValid(STR_VAL, STR_VAL)).thenReturn(this);
+        Object vRef = uit.getSafe(STR_VAL, STR_VAL);
+        assertEquals(this, vRef);
+        verify(uit, times(1)).getValid(STR_VAL, STR_VAL);
+    }
+
+    @Test
+    public void testGetSafeOnExceptionCallsSanitize() throws ValidationException {
+        when(uit.getValid(STR_VAL, STR_VAL)).thenThrow(testValidationEx);
+        when(uit.sanitize(STR_VAL, STR_VAL)).thenReturn(this);
+        Object vRef = uit.getSafe(STR_VAL, STR_VAL);
+        assertEquals(this, vRef);
+        verify(uit, times(1)).getValid(STR_VAL, STR_VAL);
+        verify(uit, times(1)).sanitize(STR_VAL, STR_VAL);
+    }
+
+    @Test
+    public void testIsValidCallsGetValid() throws ValidationException {
+        when(uit.getValid(STR_VAL, STR_VAL)).thenReturn(this);
+        assertTrue(uit.isValid(STR_VAL, STR_VAL));
+        verify(uit, times(1)).getValid(STR_VAL, STR_VAL);
+    }
+
+    @Test
+    public void testIsValidOnExceptionRetursFalse() throws ValidationException {
+        when(uit.getValid(STR_VAL, STR_VAL)).thenThrow(testValidationEx);
+        assertFalse(uit.isValid(STR_VAL, STR_VAL));
+        verify(uit, times(1)).getValid(STR_VAL, STR_VAL);
+    }
+
+    /* *************************
+     * TO DISCUSS 
+     * FIXME
+     * Tests below this block are items which are valid against the current implementation, but have side effects
+     * or unclear results under certain conditions.
+     * 
+     * Once Items are discussed and understood they should probably be well-commented and moved out of this area.
+     */
+
+    @Test
+    public void testGetValidMultipleExceptionSameContextThrowsRuntimeException() throws ValidationException {
+        exEx.expect(RuntimeException.class);
+        ValidationErrorList vel = new ValidationErrorList();
+        when(uit.getValid(STR_VAL, STR_VAL)).thenThrow(testValidationEx);
+        uit.getValid(STR_VAL, STR_VAL, vel);
+        /*
+         * Side-effect of ValidationErrorList. If the same context is used against a BaseValidationRule multiple times resulting in exception, the ValidationErrorList impl will blow up.
+         * This can be an unclear event at runtime if a single BaseValidationRule instance is shared in an application and multiple parts happen to use the same contextual string to capture failure events.
+         * 
+         */
+        uit.getValid(STR_VAL, STR_VAL, vel);
+    }
+
+    //None of the Whitelist content belongs in this class, IMO.
+    
+    @Test
+    public void testWhitelistCharArrayCleansString() {
+        String myString = "AAAGaaadBBB12345*";
+        char[] whitelist = new char[] {'d', 'G', '3', '*', ']'};
+        String result = uit.whitelist(myString, whitelist);
+        assertEquals("Gd3*", result);
+    }
+
+    @Test
+    public void testWhitelistNullCharArrayThrows() {
+        exEx.expect(NullPointerException.class);
+        String myString = "AAAGaaadBBB12345*";
+        char[] whitelist = null;
+        uit.whitelist(myString, whitelist);
+    }
+
+    @Test
+    public void testWhitelistSetCleansString() {
+        String myString = "AAAGaaadBBB12345*";
+        Set<Character> whitelist = new HashSet<>();
+        whitelist.add('d');
+        whitelist.add('G');
+        whitelist.add('3');
+        whitelist.add('*');
+        whitelist.add(']');
+        String result = uit.whitelist(myString, whitelist);
+        assertEquals("Gd3*", result);
+    }
+
+    @Test
+    public void testWhitelistNullSetThrows() {
+        exEx.expect(NullPointerException.class);
+        String myString = "AAAGaaadBBB12345*";
+        Set<Character> whitelist = null;
+        uit.whitelist(myString, whitelist);
+    }
+
+    @Test
+    
+    public void testWhitelistSetExtendedCharacterSets() {
+        String myString = "𡘾𦴩<𥻂";
+        //(55365 56894) (55387 56617) 60 (55383 57026)
+        Set<Character> whitelist = new HashSet<>();
+        whitelist.add((char) 60);
+        whitelist.add((char) 55387);
+        whitelist.add((char) 56617);
+        String result = uit.whitelist(myString, whitelist);
+        assertEquals("𦴩<", result);
+    }
 }
diff --git a/src/test/java/org/owasp/esapi/reference/validation/DateValidationRulePowerMockTest.java b/src/test/java/org/owasp/esapi/reference/validation/DateValidationRulePowerMockTest.java
new file mode 100644
index 000000000..071c7b303
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/reference/validation/DateValidationRulePowerMockTest.java
@@ -0,0 +1,141 @@
+package org.owasp.esapi.reference.validation;
+
+import java.text.DateFormat;
+import java.util.Locale;
+
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.TestName;
+import org.junit.runner.RunWith;
+import org.mockito.ArgumentMatchers;
+import org.mockito.Mock;
+import org.mockito.Mockito;
+import org.mockito.internal.verification.VerificationModeFactory;
+import org.owasp.esapi.Encoder;
+import org.owasp.esapi.SecurityConfiguration;
+import org.owasp.esapi.util.ObjFactory;
+import org.powermock.api.mockito.PowerMockito;
+import org.powermock.core.classloader.annotations.PrepareForTest;
+import org.powermock.modules.junit4.PowerMockRunner;
+
+@RunWith(PowerMockRunner.class)
+@PrepareForTest({ObjFactory.class})
+public class DateValidationRulePowerMockTest {
+    
+    @Rule
+    public TestName testName = new TestName();
+    private Encoder mockEncoder;
+    private DateFormat testFormat = DateFormat.getDateInstance(DateFormat.MEDIUM, Locale.US);
+    private DateValidationRule uit;
+    @Mock
+    private SecurityConfiguration mockSecConfig;
+    
+    @Before
+    public void configureStaticContexts() throws Exception {
+        PowerMockito.mockStatic(ObjFactory.class);
+        PowerMockito.when(ObjFactory.class, "make", ArgumentMatchers.anyString(), ArgumentMatchers.eq("SecurityConfiguration")).thenReturn(mockSecConfig);
+        
+        mockEncoder = Mockito.mock(Encoder.class);
+        testFormat = Mockito.spy(testFormat);
+    }
+    
+    @Test
+    public void testSetDateFormatLenientTrueFromCtr() {
+        Mockito.when(mockSecConfig.getLenientDatesAccepted()).thenReturn(true);
+        
+        testFormat.setLenient(false);
+        Mockito.reset(testFormat);
+        
+        uit = new DateValidationRule(testName.getMethodName(), mockEncoder, testFormat);
+        
+        Assert.assertTrue(testFormat.isLenient());
+       
+        Mockito.verify(mockSecConfig, Mockito.times(1)).getLenientDatesAccepted();
+        Mockito.verify(testFormat, Mockito.times(1)).setLenient(true);
+        Mockito.verify(testFormat, Mockito.times(0)).setLenient(false);
+        
+        PowerMockito.verifyStatic(ObjFactory.class, VerificationModeFactory.times(1));
+        ObjFactory.make(ArgumentMatchers.anyString(), ArgumentMatchers.eq("SecurityConfiguration"));
+        
+        PowerMockito.verifyNoMoreInteractions(ObjFactory.class);
+        
+       
+    }
+    
+    @Test
+    public void testSetDateFormatLenientFalseFromCtr() {
+        Mockito.when(mockSecConfig.getLenientDatesAccepted()).thenReturn(false);
+        
+        testFormat.setLenient(true);
+        Mockito.reset(testFormat);
+        
+        uit = new DateValidationRule(testName.getMethodName(), mockEncoder, testFormat);
+        
+        Assert.assertFalse(testFormat.isLenient());
+       
+        Mockito.verify(mockSecConfig, Mockito.times(1)).getLenientDatesAccepted();
+        Mockito.verify(testFormat, Mockito.times(0)).setLenient(true);
+        Mockito.verify(testFormat, Mockito.times(1)).setLenient(false);
+        
+        PowerMockito.verifyStatic(ObjFactory.class, VerificationModeFactory.times(1));
+        ObjFactory.make(ArgumentMatchers.anyString(), ArgumentMatchers.eq("SecurityConfiguration"));
+        
+        PowerMockito.verifyNoMoreInteractions(ObjFactory.class);
+    }
+    
+    @Test
+    public void testSetDateFormatLenientFalseFromSetter() {
+        Mockito.when(mockSecConfig.getLenientDatesAccepted()).thenReturn(false);
+        
+        uit = new DateValidationRule(testName.getMethodName(), mockEncoder, testFormat);
+        
+        //Configuration is lenient=false
+        testFormat.setLenient(true);
+        Mockito.reset(testFormat, mockSecConfig);
+        Assert.assertTrue(testFormat.isLenient());
+        
+        Mockito.when(mockSecConfig.getLenientDatesAccepted()).thenReturn(false);
+        
+        uit.setDateFormat(testFormat);
+        
+        Assert.assertFalse(testFormat.isLenient());
+        
+        Mockito.verify(mockSecConfig, Mockito.times(1)).getLenientDatesAccepted();
+        Mockito.verify(testFormat, Mockito.times(0)).setLenient(true);
+        Mockito.verify(testFormat, Mockito.times(1)).setLenient(false);
+        
+        PowerMockito.verifyStatic(ObjFactory.class, VerificationModeFactory.times(2));
+        ObjFactory.make(ArgumentMatchers.anyString(), ArgumentMatchers.eq("SecurityConfiguration"));
+        
+        PowerMockito.verifyNoMoreInteractions(ObjFactory.class);
+    }
+    
+    @Test
+    public void testSetDateFormatLenientTrueFromSetter() {
+        Mockito.when(mockSecConfig.getLenientDatesAccepted()).thenReturn(true);
+        
+        uit = new DateValidationRule(testName.getMethodName(), mockEncoder, testFormat);
+        
+        //Configuration is lenient=true
+        testFormat.setLenient(false);
+        Mockito.reset(testFormat, mockSecConfig);
+        Assert.assertFalse(testFormat.isLenient());
+        
+        Mockito.when(mockSecConfig.getLenientDatesAccepted()).thenReturn(true);
+        
+        uit.setDateFormat(testFormat);
+        
+        Assert.assertTrue(testFormat.isLenient());
+        
+        Mockito.verify(mockSecConfig, Mockito.times(1)).getLenientDatesAccepted();
+        Mockito.verify(testFormat, Mockito.times(1)).setLenient(true);
+        Mockito.verify(testFormat, Mockito.times(0)).setLenient(false);
+        
+        PowerMockito.verifyStatic(ObjFactory.class, VerificationModeFactory.times(2));
+        ObjFactory.make(ArgumentMatchers.anyString(), ArgumentMatchers.eq("SecurityConfiguration"));
+        
+        PowerMockito.verifyNoMoreInteractions(ObjFactory.class);
+    }
+}
diff --git a/src/test/java/org/owasp/esapi/reference/validation/DateValidationRuleTest.java b/src/test/java/org/owasp/esapi/reference/validation/DateValidationRuleTest.java
new file mode 100644
index 000000000..3e25597d5
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/reference/validation/DateValidationRuleTest.java
@@ -0,0 +1,248 @@
+package org.owasp.esapi.reference.validation;
+
+import java.text.DateFormat;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Locale;
+import java.util.Map;
+import java.util.Map.Entry;
+
+import org.hamcrest.CustomMatcher;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.ExpectedException;
+import org.junit.rules.TestName;
+import org.mockito.ArgumentMatchers;
+import org.mockito.Mockito;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Encoder;
+import org.owasp.esapi.ValidationErrorList;
+import org.owasp.esapi.errors.ValidationException;
+import org.owasp.esapi.reference.DefaultSecurityConfiguration;
+import org.powermock.reflect.Whitebox;
+
+
+public class DateValidationRuleTest {
+    
+    @Rule
+    public ExpectedException exEx = ExpectedException.none();
+    @Rule
+    public TestName testName = new TestName();
+    private ParseException testParseEx = new ParseException("Test Exception", 0);
+    private Date testDate = new Date();
+    private String dateString;
+    private String canonDateString ;
+    
+    private String contextStr;
+    private Encoder mockEncoder;
+    private DateFormat testFormat = DateFormat.getDateInstance(DateFormat.MEDIUM, Locale.US);
+    private DateValidationRule uit;
+    
+    @Before
+    public void setup() {
+        mockEncoder = Mockito.mock(Encoder.class);
+        testFormat = Mockito.spy(testFormat);
+        uit = new DateValidationRule(testName.getMethodName(), mockEncoder, testFormat);
+        contextStr = testName.getMethodName();
+        
+        dateString = testFormat.format(testDate);
+        canonDateString = dateString;
+    }
+    @Test
+    public void testCtrNullDateFormatThrows() {
+        exEx.expect(IllegalArgumentException.class);
+        exEx.expectMessage("DateValidationRule.setDateFormat requires a non-null DateFormat");
+        new DateValidationRule("context", mockEncoder, null);
+    }
+    
+    @Test
+    public void testCtrSetDateFormat() {
+        DateFormat uitFormat = Whitebox.getInternalState(uit, "format");
+        Assert.assertEquals(testFormat, uitFormat);
+    }
+    
+    @Test
+    public void testsetDateFormatNullThrows() {
+        exEx.expect(IllegalArgumentException.class);
+        exEx.expectMessage("DateValidationRule.setDateFormat requires a non-null DateFormat");
+        uit.setDateFormat(null);
+    }
+    
+    @Test
+    public void testsetDateFormat() {
+        boolean acceptLenient = ESAPI.securityConfiguration().getBooleanProp( DefaultSecurityConfiguration.ACCEPT_LENIENT_DATES);
+        DateFormat newFormat = DateFormat.getDateInstance(DateFormat.SHORT, Locale.US);
+        newFormat.setLenient(!acceptLenient);
+        
+        newFormat = Mockito.spy(newFormat);
+        
+        uit.setDateFormat(newFormat);
+        DateFormat uitFormat = Whitebox.getInternalState(uit, "format");
+        Assert.assertEquals(newFormat, uitFormat);
+        Mockito.verify(newFormat).setLenient(acceptLenient);
+    }
+    
+    @Test
+    public void testGetValidNullInputAllowed() throws ValidationException {
+        uit.setAllowNull(true);
+        Date vDate = uit.getValid(contextStr, null);
+        Assert.assertNull(vDate);
+    }
+    
+    @Test
+    public void testGetValidNullInputNotAllowed() throws ValidationException {
+        exEx.expect(ValidationException.class);
+        exEx.expectMessage("Input date required");
+        uit.setAllowNull(false);
+        uit.getValid(contextStr, null);
+    }
+    
+    @Test
+    public void testGetValidNullInputNotAllowedEmptyString() throws ValidationException {
+        exEx.expect(ValidationException.class);
+        exEx.expectMessage("Input date required");
+        uit.setAllowNull(false);
+        uit.getValid(contextStr, "");
+    }
+    
+    @Test
+    public void testGetValidBadDateThrows() throws ValidationException, ParseException {
+        exEx.expect(ValidationException.class);
+        exEx.expectMessage(contextStr + ": Invalid date");
+        exEx.expectCause(new CustomMatcher<Throwable>("Check for Test Parse Exception") {
+
+            @Override
+            public boolean matches(Object item) {
+               return item.equals(testParseEx);
+            }
+        });
+        
+        Mockito.when(mockEncoder.canonicalize(dateString)).thenReturn(canonDateString);
+        Mockito.doThrow(testParseEx).when(testFormat).parse(canonDateString);
+        
+        uit.getValid(contextStr, dateString);
+    }
+    
+    @Test
+    public void testGetValidHappyPath() throws ValidationException, ParseException {
+        Mockito.when(mockEncoder.canonicalize(dateString)).thenReturn(canonDateString);
+        Mockito.doReturn(testDate).when(testFormat).parse(canonDateString);
+        
+        Date date = uit.getValid(contextStr, dateString);
+        Assert.assertEquals(testDate, date);
+    }
+    
+    @Test
+    public void testGetValidDateWithCruft() throws ValidationException, ParseException {
+        String cruftyDate = canonDateString + "' union select * from another_table where user_id like '%";
+        Mockito.when(mockEncoder.canonicalize(cruftyDate)).thenReturn(cruftyDate);
+        Mockito.doReturn(testDate).when(testFormat).parse(cruftyDate);
+        
+        Date date = uit.getValid(contextStr, cruftyDate);
+        Assert.assertEquals(testDate, date);
+    }
+    
+
+    @Test
+    public void testSanitizeNullInputAllowed() throws ValidationException {
+        uit.setAllowNull(true);
+        Date vDate = uit.sanitize(contextStr, null);
+        Assert.assertNull(vDate);
+    }
+    
+    @Test
+    public void testSanitizeNullInputNotAllowed() throws ValidationException {
+        uit.setAllowNull(false);
+        Date date = uit.sanitize(contextStr, null);
+        Assert.assertEquals(0, date.getTime());
+    }
+    
+    @Test
+    public void testSanitizeNullInputNotAllowedEmptyString() throws ValidationException {
+        uit.setAllowNull(false);
+        Date date = uit.sanitize(contextStr, "");
+        Assert.assertEquals(0, date.getTime());
+    }
+    
+    @Test
+    public void testSanitizeBadDateReturnsDefault() throws ValidationException, ParseException {
+        Mockito.when(mockEncoder.canonicalize(dateString)).thenReturn(canonDateString);
+        Mockito.doThrow(testParseEx).when(testFormat).parse(canonDateString);
+        
+        Date date =  uit.sanitize(contextStr, dateString);
+        Assert.assertEquals(0, date.getTime());
+    }
+    
+    @Test
+    public void testSanitizeErrorListContainsError() throws ValidationException, ParseException {
+        ValidationErrorList vel = new ValidationErrorList();
+        Mockito.when(mockEncoder.canonicalize(dateString)).thenReturn(canonDateString);
+        Mockito.doThrow(testParseEx).when(testFormat).parse(canonDateString);
+        
+        Date date =  uit.sanitize(contextStr, dateString, vel);
+        Assert.assertEquals(0, date.getTime());
+        Assert.assertEquals(1, vel.size());
+        ValidationException wrapper = vel.errors().get(0);
+        Assert.assertEquals(testParseEx, wrapper.getCause());
+    }
+    
+    @Test
+    public void testSanitizeHappyPath() throws ValidationException, ParseException {
+        Mockito.when(mockEncoder.canonicalize(dateString)).thenReturn(canonDateString);
+        Mockito.doReturn(testDate).when(testFormat).parse(canonDateString);
+        
+        Date date = uit.sanitize(contextStr, dateString);
+        Assert.assertEquals(testDate, date);
+    }
+    @Test
+    public void testSanitizeDateWithCruft() throws ValidationException, ParseException {
+        String cruftyDate = canonDateString + "' union select * from another_table where user_id like '%";
+        Mockito.when(mockEncoder.canonicalize(cruftyDate)).thenReturn(cruftyDate);
+        Mockito.doReturn(testDate).when(testFormat).parse(cruftyDate);
+        
+        Date date = uit.sanitize(contextStr, cruftyDate);
+        Assert.assertEquals(0, date.getTime());
+    }
+    
+    @Test
+    public void testGithubIssue299() throws ParseException, ValidationException {
+        Map<DateFormat, String> formatDateMap = new HashMap<>();
+        formatDateMap.put(new SimpleDateFormat("dd/MM/yyyy"), "01/01/2aaa");
+        formatDateMap.put(new SimpleDateFormat("yyyy/dd/MM"), "2aaa/01/01");
+        formatDateMap.put(new SimpleDateFormat("dd/yyyy/MM"), "01/2012'SELECT * FROM user_table'/01");
+        formatDateMap.put(new SimpleDateFormat("dd/MM/yyyy"),"01/01/2012'SELECT * FROM user_table'");
+        formatDateMap.put(new SimpleDateFormat("dd/yyyy/MM"),"01/2aaa/01");
+        formatDateMap.put(SimpleDateFormat.getDateInstance(SimpleDateFormat.LONG, Locale.US), "September 11, 2001' union select * from another_table where user_id like '%");
+        
+        for (Entry<DateFormat, String> pair : formatDateMap.entrySet()) {
+            String cruftyDate = pair.getValue();
+            Mockito.when(mockEncoder.canonicalize(cruftyDate)).thenReturn(cruftyDate);
+            
+            DateFormat lenientFormat = Mockito.spy(pair.getKey());
+            lenientFormat.setLenient(true);
+            Mockito.doNothing().when(lenientFormat).setLenient(ArgumentMatchers.anyBoolean());
+            Mockito.doReturn(testDate).when(lenientFormat).parse(cruftyDate);
+            
+            DateFormat strictFormat = Mockito.spy(pair.getKey());
+            strictFormat.setLenient(false);
+            Mockito.doNothing().when(strictFormat).setLenient(ArgumentMatchers.anyBoolean());
+            Mockito.doReturn(testDate).when(strictFormat).parse(cruftyDate);
+            
+            uit.setDateFormat(lenientFormat);
+            Date lenientValidDate = uit.getValid(contextStr, cruftyDate);
+            Assert.assertEquals("calls to getValid should not change the parsed date regardless of cruft",testDate, lenientValidDate);
+            Date lenientSanitizedDate = uit.sanitize(contextStr, cruftyDate);
+            Assert.assertEquals("calls to sanitize should return default date if cruft exists in input string",0, lenientSanitizedDate.getTime());
+            
+            uit.setDateFormat(strictFormat);
+            Date strictValidDate = uit.getValid(contextStr, cruftyDate);
+            Assert.assertEquals("calls to getValid should not change the parsed date regardless of cruft",testDate, strictValidDate);
+            Date strictSanitizedDate = uit.sanitize(contextStr, cruftyDate);
+            Assert.assertEquals("calls to sanitize should return default date if cruft exists in input string",0, strictSanitizedDate.getTime());
+        }
+    }
+}

From c13db6b6af65edb284853ef38e8c6b45bc13f643 Mon Sep 17 00:00:00 2001
From: jeremiahjstacey <jeremiah.j.stacey@gmail.com>
Date: Sun, 27 Jan 2019 18:48:39 -0600
Subject: [PATCH 525/812] Issue #188 resolution proof:  Test updates (#475)

[NOTE: The main purpose of this PR was to provide enough tests to so that GitHub issue #188  is now operating as desired and can be closed. It is not certain _when_ this issue was fixed, but the intent of these tests is to so that 188 is no longer a problem. - @kwwall ]

* SecurityWrapperRequestTest Extension: getParameter

Adding the set of conditional tests for the getParameter(String)

* SecurityWrapperRequestTest getParameter HappyPaths

Creating happy-path tests for verifying getParameter calls through to
Validator.getValidInput as desired

* SecurityWrapperResponseTest getParameter cont

Creating tests to verify result on null reference being handled and
behavior on ValidationException for the remaining getParameter API.

* SecurityWrapperRequestTest cleanup

Extracting Strings to test-scope members.  Test name is used for
uniqueness between tests.

* SecurityWrapperRequestTest Cleanup

Reducing duplicated code in test blocks by abstracting out interaction
with the Validator interface to a support class.

* SecurityWrapperRequestTest Consistency Cleanup

Applying the delegate validator interaction class to the tests for
QueryString.

* DefaultValidator input Validation tests

Test for getValidInput verifying that input is correctly forwarded to the
StringValidationRule, result from the StringValidationRule is returned on
success, and that any ValidationExceptions during the process are handled
as intended.

I am not writing tests for the use of the canonicalize parameter for these
methods at this time.  Presently there is no associated functionality or
workflow for that element so it's difficult to verify anything more than
the value I passed into the method is present in the scope of the method.

* DefaultValidator isValidInput tests

Extending the valid input testing to include the isValid methods.

* DefaultValidator ValidInput cleanup: Imports

Using static imports for junit Assert and Mockito.
---
 .../filters/SecurityWrapperRequestTest.java   | 399 +++++++++++++++---
 .../DefaultValidatorInputStringAPITest.java   | 184 ++++++++
 2 files changed, 516 insertions(+), 67 deletions(-)
 create mode 100644 src/test/java/org/owasp/esapi/reference/DefaultValidatorInputStringAPITest.java

diff --git a/src/test/java/org/owasp/esapi/filters/SecurityWrapperRequestTest.java b/src/test/java/org/owasp/esapi/filters/SecurityWrapperRequestTest.java
index c5c1c3c5e..23c06d3bf 100644
--- a/src/test/java/org/owasp/esapi/filters/SecurityWrapperRequestTest.java
+++ b/src/test/java/org/owasp/esapi/filters/SecurityWrapperRequestTest.java
@@ -15,24 +15,28 @@
 package org.owasp.esapi.filters;
 
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertTrue;
-import static org.mockito.Matchers.anyBoolean;
-import static org.mockito.Matchers.anyInt;
-import static org.mockito.Matchers.anyString;
+import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
 
 import javax.servlet.http.HttpServletRequest;
 
 import org.junit.Before;
+import org.junit.Rule;
 import org.junit.Test;
+import org.junit.rules.TestName;
 import org.junit.runner.RunWith;
 import org.mockito.ArgumentCaptor;
+import org.mockito.ArgumentMatchers;
 import org.mockito.Mock;
+import org.mockito.Mockito;
+import org.mockito.invocation.InvocationOnMock;
+import org.mockito.stubbing.Answer;
 import org.owasp.esapi.ESAPI;
 import org.owasp.esapi.SecurityConfiguration;
 import org.owasp.esapi.Validator;
-import org.owasp.esapi.errors.IntrusionException;
 import org.owasp.esapi.errors.ValidationException;
 import org.powermock.api.mockito.PowerMockito;
 import org.powermock.core.classloader.annotations.PrepareForTest;
@@ -52,11 +56,16 @@
 public class SecurityWrapperRequestTest {
     private static final String ESAPI_VALIDATOR_GETTER_METHOD_NAME = "validator";
     private static final String ESAPY_SECURITY_CONFIGURATION_GETTER_METHOD_NAME = "securityConfiguration";
-    private static final String SECURITY_CONFIGURATION_LENGTH_KEY_NAME = "HttpUtilities.URILENGTH";
-
-    private static final int SECURITY_CONFIGURATION_MOCK_LENGTH = 255;
+    private static final String SECURITY_CONFIGURATION_QUERY_STRING_LENGTH_KEY_NAME = "HttpUtilities.URILENGTH";
+    private static final String SECURITY_CONFIGURATION_PARAMETER_STRING_LENGTH_KEY_NAME = "HttpUtilities.httpQueryParamValueLength";
+    
+    private static final int SECURITY_CONFIGURATION_TEST_LENGTH = 255;
 
     private static final String QUERY_STRING_CANONCALIZE_TYPE_KEY = "HTTPQueryString";
+    private static final String PARAMETER_STRING_CANONCALIZE_TYPE_KEY = "HTTPParameterValue";
+  
+    @Rule
+    public TestName testName = new TestName();
 
     @Mock
     private HttpServletRequest mockRequest;
@@ -64,12 +73,30 @@ public class SecurityWrapperRequestTest {
     private Validator mockValidator;
     @Mock
     private SecurityConfiguration mockSecConfig;
+    
+    private String testQueryValue;
+    private String testParameterName;
+    private String testParameterValue;
+    private String testValueCanonical;
+    private String testValidatorType;
+    private int testMaximumLength;
 
     @Before
     public void setup() throws Exception {
         PowerMockito.mockStatic(ESAPI.class);
         PowerMockito.when(ESAPI.class, ESAPI_VALIDATOR_GETTER_METHOD_NAME).thenReturn(mockValidator);
         PowerMockito.when(ESAPI.class, ESAPY_SECURITY_CONFIGURATION_GETTER_METHOD_NAME).thenReturn(mockSecConfig);
+        //Is intrusion detection disabled?  A:  Yes, it is off.  
+        //This logic is confusing:  True, the value is False...
+        Mockito.when(mockSecConfig.getDisableIntrusionDetection()).thenReturn(true);
+        
+        testQueryValue = testName.getMethodName() + "_query_value";
+        
+        testParameterName = testName.getMethodName() + "_parameter_name";
+        testParameterValue = testName.getMethodName() + "_parameter_value";  
+        testValueCanonical = testName.getMethodName() + "_value_canonical";
+        testValidatorType = testName.getMethodName() + "_validator_type";
+        testMaximumLength = testName.getMethodName().length();
     }
     
     /**
@@ -78,43 +105,21 @@ public void setup() throws Exception {
      */
     @Test
     public void testGetQueryString() throws Exception {
-        String originalQuery = "queryString";
-        String canonicalizedResponse = "canonicalized_query";
+        ValidatorTestContainer validatorTester = new ValidatorTestContainer(mockValidator);
+        validatorTester.getValidInputReturns(testValueCanonical);
 
-        ArgumentCaptor<String> inputCapture = ArgumentCaptor.forClass(String.class);
-        ArgumentCaptor<String> typeCapture = ArgumentCaptor.forClass(String.class);
-        ArgumentCaptor<Integer> lengthCapture = ArgumentCaptor.forClass(Integer.class);
-        ArgumentCaptor<Boolean> allowNullCapture = ArgumentCaptor.forClass(Boolean.class);
+        PowerMockito.when(mockSecConfig.getIntProp(SECURITY_CONFIGURATION_QUERY_STRING_LENGTH_KEY_NAME)).thenReturn(
+            SECURITY_CONFIGURATION_TEST_LENGTH);
 
-        String context = anyString();
-        String input = inputCapture.capture();
-        String type = typeCapture.capture();
-        Integer length = lengthCapture.capture();
-        Boolean allowNull = allowNullCapture.capture();
-
-        PowerMockito.when(mockValidator.getValidInput(context, input, type, length, allowNull)).thenReturn(
-            canonicalizedResponse);
-        PowerMockito.when(mockSecConfig.getIntProp(SECURITY_CONFIGURATION_LENGTH_KEY_NAME)).thenReturn(
-            SECURITY_CONFIGURATION_MOCK_LENGTH);
-
-        PowerMockito.when(mockRequest.getQueryString()).thenReturn(originalQuery);
+        PowerMockito.when(mockRequest.getQueryString()).thenReturn(testQueryValue);
 
         SecurityWrapperRequest request = new SecurityWrapperRequest(mockRequest);
         String rval = request.getQueryString();
-        assertEquals(canonicalizedResponse, rval);
-
-        String actualInput = inputCapture.getValue();
-        String actualType = typeCapture.getValue();
-        int actualLength = lengthCapture.getValue().intValue();
-        boolean actualAllowNull = allowNullCapture.getValue().booleanValue();
+        assertEquals(testValueCanonical, rval);
 
-        assertEquals(originalQuery, actualInput);
-        assertEquals(QUERY_STRING_CANONCALIZE_TYPE_KEY, actualType);
-        assertTrue(SECURITY_CONFIGURATION_MOCK_LENGTH == actualLength);
-        assertTrue(actualAllowNull);
+        validatorTester.verify(testQueryValue, QUERY_STRING_CANONCALIZE_TYPE_KEY, SECURITY_CONFIGURATION_TEST_LENGTH, true);
 
-        verify(mockValidator, times(1)).getValidInput(anyString(), anyString(), anyString(), anyInt(), anyBoolean());
-        verify(mockSecConfig, times(1)).getIntProp(SECURITY_CONFIGURATION_LENGTH_KEY_NAME);
+        verify(mockSecConfig, times(1)).getIntProp(SECURITY_CONFIGURATION_QUERY_STRING_LENGTH_KEY_NAME);
         verify(mockRequest, times(1)).getQueryString();
     }
 
@@ -123,28 +128,15 @@ public void testGetQueryString() throws Exception {
      * <br/>
      * Asserts delegation calls and parameters to delegate behaviors.
      */
-    @SuppressWarnings("unchecked")
     @Test
-    public void testGetQueryStringCanonicalizeException() throws IntrusionException, ValidationException {
-        String originalQuery = "queryString";
+    public void testGetQueryStringCanonicalizeException() throws Exception {
+        ValidatorTestContainer validatorTester = new ValidatorTestContainer(mockValidator);
+        validatorTester.getValidInputThrows();
 
-        ArgumentCaptor<String> inputCapture = ArgumentCaptor.forClass(String.class);
-        ArgumentCaptor<String> typeCapture = ArgumentCaptor.forClass(String.class);
-        ArgumentCaptor<Integer> lengthCapture = ArgumentCaptor.forClass(Integer.class);
-        ArgumentCaptor<Boolean> allowNullCapture = ArgumentCaptor.forClass(Boolean.class);
+        PowerMockito.when(mockSecConfig.getIntProp(SECURITY_CONFIGURATION_QUERY_STRING_LENGTH_KEY_NAME)).thenReturn(
+            SECURITY_CONFIGURATION_TEST_LENGTH);
 
-        String context = anyString();
-        String input = inputCapture.capture();
-        String type = typeCapture.capture();
-        Integer length = lengthCapture.capture();
-        Boolean allowNull = allowNullCapture.capture();
-
-        PowerMockito.when(mockValidator.getValidInput(context, input, type, length, allowNull)).thenThrow(
-            ValidationException.class);
-        PowerMockito.when(mockSecConfig.getIntProp(SECURITY_CONFIGURATION_LENGTH_KEY_NAME)).thenReturn(
-            SECURITY_CONFIGURATION_MOCK_LENGTH);
-
-        PowerMockito.when(mockRequest.getQueryString()).thenReturn(originalQuery);
+        PowerMockito.when(mockRequest.getQueryString()).thenReturn(testQueryValue);
 
         SecurityWrapperRequest request = new SecurityWrapperRequest(mockRequest);
         String rval = request.getQueryString();
@@ -152,18 +144,291 @@ public void testGetQueryStringCanonicalizeException() throws IntrusionException,
         assertTrue("SecurityWrapperRequest should return an empty String when an exception occurs in validation", rval
             .isEmpty());
 
-        String actualInput = inputCapture.getValue();
-        String actualType = typeCapture.getValue();
-        int actualLength = lengthCapture.getValue().intValue();
-        boolean actualAllowNull = allowNullCapture.getValue().booleanValue();
+        validatorTester.verify(testQueryValue, QUERY_STRING_CANONCALIZE_TYPE_KEY, SECURITY_CONFIGURATION_TEST_LENGTH, true);
+        
+        verify(mockSecConfig, times(1)).getIntProp(SECURITY_CONFIGURATION_QUERY_STRING_LENGTH_KEY_NAME);
+        verify(mockRequest, times(1)).getQueryString();
+    }
+    @Test
+    public void testGetParameterString() throws Exception{
+        ValidatorTestContainer validatorTester = new ValidatorTestContainer(mockValidator);
+        validatorTester.getValidInputReturns(testValueCanonical);
+        
+        PowerMockito.when(mockSecConfig.getIntProp(SECURITY_CONFIGURATION_PARAMETER_STRING_LENGTH_KEY_NAME)).thenReturn(
+                SECURITY_CONFIGURATION_TEST_LENGTH);
 
-        assertEquals(originalQuery, actualInput);
-        assertEquals(QUERY_STRING_CANONCALIZE_TYPE_KEY, actualType);
-        assertTrue(SECURITY_CONFIGURATION_MOCK_LENGTH == actualLength);
-        assertTrue(actualAllowNull);
+        PowerMockito.when(mockRequest.getParameter(testParameterName)).thenReturn(testParameterValue);
 
-        verify(mockValidator, times(1)).getValidInput(anyString(), anyString(), anyString(), anyInt(), anyBoolean());
-        verify(mockSecConfig, times(1)).getIntProp(SECURITY_CONFIGURATION_LENGTH_KEY_NAME);
-        verify(mockRequest, times(1)).getQueryString();
+        SecurityWrapperRequest request = new SecurityWrapperRequest(mockRequest);
+        String rval = request.getParameter(testParameterName);
+        assertEquals(testValueCanonical, rval);
+        
+        validatorTester.verify(testParameterValue, PARAMETER_STRING_CANONCALIZE_TYPE_KEY, SECURITY_CONFIGURATION_TEST_LENGTH, true);
+        
+        verify(mockSecConfig, times(1)).getIntProp(SECURITY_CONFIGURATION_PARAMETER_STRING_LENGTH_KEY_NAME);
+        verify(mockRequest, times(1)).getParameter(testParameterName);
+    }
+
+    @Test
+    public void testGetParameterStringBoolean() throws Exception{
+        ValidatorTestContainer validatorTester = new ValidatorTestContainer(mockValidator);
+        validatorTester.getValidInputReturns(testValueCanonical);
+        PowerMockito.when(mockSecConfig.getIntProp(SECURITY_CONFIGURATION_PARAMETER_STRING_LENGTH_KEY_NAME)).thenReturn(
+                SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        PowerMockito.when(mockRequest.getParameter(testParameterName)).thenReturn(testParameterValue);
+
+        SecurityWrapperRequest request = new SecurityWrapperRequest(mockRequest);
+        String rval = request.getParameter(testParameterName, false);
+        assertEquals(testValueCanonical, rval);
+        
+        validatorTester.verify(testParameterValue, PARAMETER_STRING_CANONCALIZE_TYPE_KEY, SECURITY_CONFIGURATION_TEST_LENGTH, false);
+        
+        verify(mockSecConfig, times(1)).getIntProp(SECURITY_CONFIGURATION_PARAMETER_STRING_LENGTH_KEY_NAME);
+        verify(mockRequest, times(1)).getParameter(testParameterName);
+    }
+    
+    @Test
+    public void testGetParameterStringBooleanInt() throws Exception{
+        ValidatorTestContainer validatorTester = new ValidatorTestContainer(mockValidator);
+        validatorTester.getValidInputReturns(testValueCanonical);
+        
+        PowerMockito.when(mockRequest.getParameter(testParameterName)).thenReturn(testParameterValue);
+
+        SecurityWrapperRequest request = new SecurityWrapperRequest(mockRequest);
+        String rval = request.getParameter(testParameterName, false, testMaximumLength);
+        assertEquals(testValueCanonical, rval);
+
+        validatorTester.verify(testParameterValue, PARAMETER_STRING_CANONCALIZE_TYPE_KEY, testMaximumLength, false);
+
+        verify(mockRequest, times(1)).getParameter(testParameterName);
+    }
+    
+    @Test
+    public void testGetParameterStringBooleanIntString() throws Exception{
+        ValidatorTestContainer validatorTester = new ValidatorTestContainer(mockValidator);
+        validatorTester.getValidInputReturns(testValueCanonical);
+      
+        
+        PowerMockito.when(mockRequest.getParameter(testParameterName)).thenReturn(testParameterValue);
+
+        SecurityWrapperRequest request = new SecurityWrapperRequest(mockRequest);
+        String rval = request.getParameter(testParameterName, false, testMaximumLength, testValidatorType);
+        assertEquals(testValueCanonical, rval);
+
+        validatorTester.verify(testParameterValue, testValidatorType, testMaximumLength, false);
+     
+        verify(mockRequest, times(1)).getParameter(testParameterName);
+    }
+
+    
+    @Test
+    public void testGetParameterStringNullEvalPassthrough() throws Exception{
+        ValidatorTestContainer validatorTester = new ValidatorTestContainer(mockValidator);
+        validatorTester.getValidInputReturns(null);
+        
+        PowerMockito.when(mockSecConfig.getIntProp(SECURITY_CONFIGURATION_PARAMETER_STRING_LENGTH_KEY_NAME)).thenReturn(
+                SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        PowerMockito.when(mockRequest.getParameter(testParameterName)).thenReturn(testParameterValue);
+
+        SecurityWrapperRequest request = new SecurityWrapperRequest(mockRequest);
+        String rval = request.getParameter(testParameterName);
+        assertNull(rval);
+        
+        validatorTester.verify(testParameterValue, PARAMETER_STRING_CANONCALIZE_TYPE_KEY, SECURITY_CONFIGURATION_TEST_LENGTH, true);
+
+        verify(mockSecConfig, times(1)).getIntProp(SECURITY_CONFIGURATION_PARAMETER_STRING_LENGTH_KEY_NAME);
+        verify(mockRequest, times(1)).getParameter(testParameterName);
+    }
+
+    @Test
+    public void testGetParameterStringBooleanNullEvalPassthrough() throws Exception{
+        ValidatorTestContainer validatorTester = new ValidatorTestContainer(mockValidator);
+        validatorTester.getValidInputReturns(null);
+        
+        PowerMockito.when(mockSecConfig.getIntProp(SECURITY_CONFIGURATION_PARAMETER_STRING_LENGTH_KEY_NAME)).thenReturn(
+                SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        PowerMockito.when(mockRequest.getParameter(testParameterName)).thenReturn(testParameterValue);
+
+        SecurityWrapperRequest request = new SecurityWrapperRequest(mockRequest);
+        String rval = request.getParameter(testParameterName, false);
+        assertNull(rval);
+        
+        validatorTester.verify(testParameterValue, PARAMETER_STRING_CANONCALIZE_TYPE_KEY, SECURITY_CONFIGURATION_TEST_LENGTH, false);
+
+        verify(mockSecConfig, times(1)).getIntProp(SECURITY_CONFIGURATION_PARAMETER_STRING_LENGTH_KEY_NAME);
+        verify(mockRequest, times(1)).getParameter(testParameterName);
+    }
+    
+    @Test
+    public void testGetParameterStringBooleanIntNullEvalPassthrough() throws Exception{
+        ValidatorTestContainer validatorTester = new ValidatorTestContainer(mockValidator);
+        validatorTester.getValidInputReturns(null);
+        
+        PowerMockito.when(mockRequest.getParameter(testParameterName)).thenReturn(testParameterValue);
+
+        SecurityWrapperRequest request = new SecurityWrapperRequest(mockRequest);
+        String rval = request.getParameter(testParameterName, false, testMaximumLength);
+        assertNull(rval);
+        
+        validatorTester.verify(testParameterValue, PARAMETER_STRING_CANONCALIZE_TYPE_KEY, testMaximumLength, false);
+
+        verify(mockRequest, times(1)).getParameter(testParameterName);
+    }
+    
+    @Test
+    public void testGetParameterStringBooleanIntStringNullEvalPassthrough() throws Exception{
+        ValidatorTestContainer validatorTester = new ValidatorTestContainer(mockValidator);
+        validatorTester.getValidInputReturns(null);
+        
+        PowerMockito.when(mockRequest.getParameter(testParameterName)).thenReturn(testParameterValue);
+
+        SecurityWrapperRequest request = new SecurityWrapperRequest(mockRequest);
+        String rval = request.getParameter(testParameterName, false, testMaximumLength, testValidatorType);
+        assertNull(rval);
+        validatorTester.verify(testParameterValue, testValidatorType, testMaximumLength, false);
+
+        verify(mockRequest, times(1)).getParameter(testParameterName);
+    }
+    
+    @Test
+    public void testGetParameterStringNullOnException() throws Exception{
+        ValidatorTestContainer validatorTester = new ValidatorTestContainer(mockValidator);
+        validatorTester.getValidInputThrows();
+        
+        PowerMockito.when(mockSecConfig.getIntProp(SECURITY_CONFIGURATION_PARAMETER_STRING_LENGTH_KEY_NAME)).thenReturn(
+                SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        PowerMockito.when(mockRequest.getParameter(testParameterName)).thenReturn(testParameterValue);
+
+        SecurityWrapperRequest request = new SecurityWrapperRequest(mockRequest);
+        String rval = request.getParameter(testParameterName);
+        assertNull(rval);
+
+        validatorTester.verify(testParameterValue, PARAMETER_STRING_CANONCALIZE_TYPE_KEY, SECURITY_CONFIGURATION_TEST_LENGTH, true);
+        
+        verify(mockSecConfig, times(1)).getIntProp(SECURITY_CONFIGURATION_PARAMETER_STRING_LENGTH_KEY_NAME);
+        verify(mockRequest, times(1)).getParameter(testParameterName);
+    }
+    
+    
+
+    @Test
+    public void testGetParameterStringBooleanNullOnException() throws Exception{
+        ValidatorTestContainer validatorTester = new ValidatorTestContainer(mockValidator);
+        validatorTester.getValidInputThrows();
+        
+        PowerMockito.when(mockSecConfig.getIntProp(SECURITY_CONFIGURATION_PARAMETER_STRING_LENGTH_KEY_NAME)).thenReturn(
+                SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        PowerMockito.when(mockRequest.getParameter(testParameterName)).thenReturn(testParameterValue);
+
+        SecurityWrapperRequest request = new SecurityWrapperRequest(mockRequest);
+        String rval = request.getParameter(testParameterName, false);
+        assertNull(rval);
+        
+        validatorTester.verify(testParameterValue, PARAMETER_STRING_CANONCALIZE_TYPE_KEY, SECURITY_CONFIGURATION_TEST_LENGTH, false);
+    
+        verify(mockSecConfig, times(1)).getIntProp(SECURITY_CONFIGURATION_PARAMETER_STRING_LENGTH_KEY_NAME);
+        verify(mockRequest, times(1)).getParameter(testParameterName);
+    }
+    
+    @Test
+    public void testGetParameterStringBooleanIntNullOnException() throws Exception{
+        ValidatorTestContainer validatorTester = new ValidatorTestContainer(mockValidator);
+        validatorTester.getValidInputThrows();
+        
+        PowerMockito.when(mockRequest.getParameter(testParameterName)).thenReturn(testParameterValue);
+
+        SecurityWrapperRequest request = new SecurityWrapperRequest(mockRequest);
+        String rval = request.getParameter(testParameterName, false, testMaximumLength);
+        assertNull(rval);
+        
+        validatorTester.verify(testParameterValue, PARAMETER_STRING_CANONCALIZE_TYPE_KEY, testMaximumLength, false);
+        verify(mockRequest, times(1)).getParameter(testParameterName);
+    }
+    
+    @Test
+    public void testGetParameterStringBooleanIntStringNullOnException() throws Exception{
+        ValidatorTestContainer validatorTester = new ValidatorTestContainer(mockValidator);
+        validatorTester.getValidInputThrows();
+
+        PowerMockito.when(mockRequest.getParameter(testParameterName)).thenReturn(testParameterValue);
+
+        SecurityWrapperRequest request = new SecurityWrapperRequest(mockRequest);
+        String rval = request.getParameter(testParameterName, false, testMaximumLength, testValidatorType);
+        assertNull(rval);
+        
+        validatorTester.verify(testParameterValue, testValidatorType, testMaximumLength, false);
+       
+        verify(mockRequest, times(1)).getParameter(testParameterName);
+    }
+
+    /**
+     * Utility test class meant to encapsulate common interactions for preparing and
+     * verifying the Validator interactions common to multiple tests.
+     *
+     */
+    private class ValidatorTestContainer {
+        private ArgumentCaptor<String> inputCapture = ArgumentCaptor.forClass(String.class);
+        private ArgumentCaptor<String> typeCapture = ArgumentCaptor.forClass(String.class);
+        private ArgumentCaptor<Integer> lengthCapture = ArgumentCaptor.forClass(Integer.class);
+        private ArgumentCaptor<Boolean> allowNullCapture = ArgumentCaptor.forClass(Boolean.class);
+        private Validator validator;
+        
+        
+        public ValidatorTestContainer(Validator validatorRef) {
+            this.validator = validatorRef;
+        }
+        public Answer<String> throwException() {
+            return new Answer<String>() {
+                @Override
+                public String answer(InvocationOnMock invocation) throws Throwable {
+                    throw new ValidationException("Thrown from test Scope", "Test Exception is intentional.");
+                }
+            };
+        }
+        
+        public Answer<String> returnResult(final String result) {
+            return new Answer<String>() {
+                @Override
+                public String answer(InvocationOnMock invocation) throws Throwable {
+                    return result;
+                }
+            };
+        }
+        public void getValidInputReturns(String response) throws Exception {
+            setupFor(returnResult(response));
+        }
+        
+        public void getValidInputThrows() throws Exception {
+            setupFor(throwException());
+        }
+        
+        public void setupFor(Answer<String> answer) throws Exception {
+            String context = anyString();
+            String input = inputCapture.capture();
+            String type = typeCapture.capture();
+            Integer length = lengthCapture.capture();
+            Boolean allowNull = allowNullCapture.capture();
+
+            PowerMockito.when(validator.getValidInput(context, input, type, length, allowNull)).thenAnswer(answer);
+        }
+        
+        public void verify(String input, String type, int maxLen, boolean allowNull) throws Exception {
+            String actualInput = inputCapture.getValue();
+            String actualType = typeCapture.getValue();
+            int actualLength = lengthCapture.getValue().intValue();
+            boolean actualAllowNull = allowNullCapture.getValue().booleanValue();
+
+            assertEquals(input, actualInput);
+            assertEquals(type, actualType);
+            assertTrue(maxLen == actualLength);
+            assertEquals(allowNull, actualAllowNull);
+            
+            Mockito.verify(validator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(input), ArgumentMatchers.eq(type), ArgumentMatchers.eq(maxLen), ArgumentMatchers.eq(allowNull));
+        }
     }
 }
diff --git a/src/test/java/org/owasp/esapi/reference/DefaultValidatorInputStringAPITest.java b/src/test/java/org/owasp/esapi/reference/DefaultValidatorInputStringAPITest.java
new file mode 100644
index 000000000..525584b6a
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/reference/DefaultValidatorInputStringAPITest.java
@@ -0,0 +1,184 @@
+package org.owasp.esapi.reference;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.doNothing;
+import static org.mockito.Mockito.doReturn;
+import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.spy;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+import static org.powermock.api.mockito.PowerMockito.whenNew;
+
+import java.util.regex.Pattern;
+
+import org.hamcrest.core.Is;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.ExpectedException;
+import org.junit.rules.TestName;
+import org.junit.runner.RunWith;
+import org.mockito.ArgumentMatchers;
+import org.mockito.Mock;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Encoder;
+import org.owasp.esapi.SecurityConfiguration;
+import org.owasp.esapi.ValidationErrorList;
+import org.owasp.esapi.errors.ValidationException;
+import org.owasp.esapi.reference.validation.StringValidationRule;
+import org.powermock.api.mockito.PowerMockito;
+import org.powermock.core.classloader.annotations.PrepareForTest;
+import org.powermock.modules.junit4.PowerMockRunner;
+
+/**
+ * This class contains a subsection of tests of the DefaultValidator class 
+ * SPECIFIC TO THE INPUT 'STRING' VALIDATION API.
+ * 
+ */
+@RunWith(PowerMockRunner.class)
+@PrepareForTest({DefaultValidator.class, ESAPI.class})
+public class DefaultValidatorInputStringAPITest {
+    private static final String ESAPY_SECURITY_CONFIGURATION_GETTER_METHOD_NAME = "securityConfiguration";
+    private static final Pattern TEST_PATTERN = Pattern.compile("");
+    @Rule
+    public ExpectedException exEx = ExpectedException.none();
+    @Rule
+    public TestName testName = new TestName();
+    @Mock
+    private SecurityConfiguration mockSecConfig;
+    @Mock
+    private Encoder mockEncoder;
+
+    private ValidationException validationEx;
+    private String contextStr;
+    private StringValidationRule spyStringRule;
+    private ValidationErrorList errors = new ValidationErrorList();
+    
+    private DefaultValidator uit;
+    private String testValidatorType;
+    private String validatorResultString;
+    private int testMaximumLength;
+    
+    @Before
+    public void setup() throws Exception {
+        //Is intrusion detection disabled?  A:  Yes, it is off.  
+        //This logic is confusing:  True, the value is False...
+        when(mockSecConfig.getDisableIntrusionDetection()).thenReturn(true);
+        
+        contextStr = testName.getMethodName();
+        testValidatorType = testName.getMethodName() + "_validator_type";
+        validatorResultString = testName.getMethodName() + "_validator_result";
+        testMaximumLength = testName.getMethodName().length();
+        
+        validationEx = new ValidationException(contextStr, contextStr);
+        
+        mockEncoder = mock(Encoder.class);
+        uit = new DefaultValidator(mockEncoder);
+        
+        //Don't care how the StringValidationRule works, we just care that we forwarded the information as expected.
+        spyStringRule = new StringValidationRule(testValidatorType, mockEncoder); 
+        spyStringRule = spy(spyStringRule);
+        doNothing().when(spyStringRule).addWhitelistPattern(ArgumentMatchers.<Pattern>any());
+        doNothing().when(spyStringRule).setAllowNull(ArgumentMatchers.anyBoolean());
+        doNothing().when(spyStringRule).setMaximumLength(ArgumentMatchers.anyInt());
+        doReturn(validatorResultString).when(spyStringRule).getValid(ArgumentMatchers.anyString(), ArgumentMatchers.anyString());
+        whenNew(StringValidationRule.class).withArguments(eq(testValidatorType), eq(mockEncoder)).thenReturn(spyStringRule);
+        
+        errors = spy(errors);
+        whenNew(ValidationErrorList.class).withNoArguments().thenReturn(errors);
+        
+        
+        PowerMockito.mockStatic(ESAPI.class);
+        PowerMockito.when(ESAPI.class, ESAPY_SECURITY_CONFIGURATION_GETTER_METHOD_NAME).thenReturn(mockSecConfig);
+        
+        
+        when(mockSecConfig.getValidationPattern(testValidatorType)).thenReturn(TEST_PATTERN);
+        
+    }
+    
+    @Test
+    public void getValidInputNullAllowedPassthrough() throws Exception {
+        String safeValue =  uit.getValidInput(contextStr, testName.getMethodName(), testValidatorType, testMaximumLength, true);
+        assertEquals(validatorResultString, safeValue);
+        verify(spyStringRule, times(1)).addWhitelistPattern(TEST_PATTERN);
+        verify(spyStringRule, times(1)).setAllowNull(true);
+        verify(spyStringRule, times(0)).setAllowNull(false);
+        verify(spyStringRule, times(1)).setMaximumLength(testMaximumLength);
+        verify(spyStringRule, times(1)).getValid(contextStr, testName.getMethodName());
+    }
+    
+    @Test
+    public void getValidInputNullNotAllowedPassthrough() throws Exception {
+        String safeValue =  uit.getValidInput(contextStr, testName.getMethodName(), testValidatorType, testMaximumLength, false);
+        assertEquals(validatorResultString, safeValue);
+        verify(spyStringRule, times(1)).addWhitelistPattern(TEST_PATTERN);
+        verify(spyStringRule, times(0)).setAllowNull(true);
+        verify(spyStringRule, times(1)).setAllowNull(false);
+        verify(spyStringRule, times(1)).setMaximumLength(testMaximumLength);
+        verify(spyStringRule, times(1)).getValid(contextStr, testName.getMethodName());
+    }
+    
+    @Test
+    public void getValidInputNullPatternThrows() throws Exception {
+        exEx.expect(IllegalArgumentException.class);
+        exEx.expectMessage(testValidatorType + "] was not set via the ESAPI validation configuration");
+        when(mockSecConfig.getValidationPattern(testValidatorType)).thenReturn(null);
+    
+        uit.getValidInput(contextStr, testName.getMethodName(), testValidatorType, testMaximumLength, true);
+    }
+    
+    @Test
+    public void getValidInputValidationExceptionPropagates() throws Exception {
+        exEx.expect(Is.is(validationEx));
+
+        doThrow(validationEx).when(spyStringRule).getValid(ArgumentMatchers.anyString(), ArgumentMatchers.anyString());
+        uit.getValidInput(contextStr, testName.getMethodName(), testValidatorType, testMaximumLength, true);
+    }
+    
+    @Test
+    public void getValidInputValidationExceptionErrorList() throws Exception {
+        ValidationErrorList errorList = new ValidationErrorList();
+
+        doThrow(validationEx).when(spyStringRule).getValid(ArgumentMatchers.anyString(), ArgumentMatchers.anyString());
+       String result = uit.getValidInput(contextStr, testName.getMethodName(), testValidatorType, testMaximumLength, true,errorList);
+        assertTrue(result.isEmpty());
+        assertEquals(1, errorList.size());
+        assertEquals(validationEx, errorList.getError(contextStr));
+    }
+    
+    
+    @Test
+    public void isValidInputNullAllowedPassthrough() throws Exception {
+        boolean isValid=  uit.isValidInput(contextStr, testName.getMethodName(), testValidatorType, testMaximumLength, true);
+        assertTrue(isValid);
+        
+        verify(spyStringRule, times(1)).addWhitelistPattern(TEST_PATTERN);
+        verify(spyStringRule, times(1)).setAllowNull(true);
+        verify(spyStringRule, times(0)).setAllowNull(false);
+        verify(spyStringRule, times(1)).setMaximumLength(testMaximumLength);
+        verify(spyStringRule, times(1)).getValid(contextStr, testName.getMethodName());
+    }
+    
+    @Test
+    public void isValidInputValidationExceptionReturnsFalse() throws Exception {
+        doThrow(validationEx).when(spyStringRule).getValid(ArgumentMatchers.anyString(), ArgumentMatchers.anyString());
+        boolean result = uit.isValidInput(contextStr, testName.getMethodName(), testValidatorType, testMaximumLength, true);
+        assertFalse(result);
+    }
+    
+    @Test
+    public void isValidInputValidationExceptionErrorListReturnsFalse() throws Exception {
+        ValidationErrorList errorList = new ValidationErrorList();
+
+        doThrow(validationEx).when(spyStringRule).getValid(ArgumentMatchers.anyString(), ArgumentMatchers.anyString());
+        boolean result = uit.isValidInput(contextStr, testName.getMethodName(), testValidatorType, testMaximumLength, true,errorList);
+        assertFalse(result);
+        assertEquals(1, errorList.size());
+        assertEquals(validationEx, errorList.getError(contextStr));
+    }
+}

From 8ffe783a283520ccd32b3a48dc4a2f2762d7fb1b Mon Sep 17 00:00:00 2001
From: "Kevin W. Wall" <kevin.w.wall@gmail.com>
Date: Tue, 29 Jan 2019 04:59:42 -0500
Subject: [PATCH 526/812] Misc release cleanup (#464)

* Release notes to close issue #463

* Changes to replace deprecated method CryptoHelper.arrayCompare() with MessageDigest.isEqual() which is safe in JDK 7.

* Close issue #246

* Close issue #462

* Close issue #364 and general assertion cleanup.

* Close issue #417

* Close issue #465

* Add more details, especially regarding dependency updates to address CVEs.

* Add WARNINGS to javadoc as noted in comment for GitHub issue #233

* Update OWASP Dependency Check from release 2.1.0 to 4.0.1 (i.e., the latest version).

* General clean-up. Add paragraph to discuss CVE-2018-8088 and why ESAPI is not affected.

* Update to mention PR #467 and closing of issue #360

* Fix typo in path for configuration/esapi and add 2.2.0.0 release notes.

* Change release from 2.1.0.2-SNAPSHOT to 2.2.0.0-SNAPSHOT in prep for release. See GitHub issue #471

* Preparation for 2.2.0.0 release. See GitHub issue #471 for details.

* Try to clarify by example the git commands used.

* Added Jeremiah's PR #472

* * Reference issue 188 as being closed.
* Udate status of latest PRs.
* Added 'Basic ESAPI Facts' section.
---
 CONTRIBUTING-TO-ESAPI.txt                     |  13 +-
 configuration/esapi/ESAPI.properties          |   3 +
 documentation/ESAPI-security-bulletin1.docx   | Bin 24998 -> 14676 bytes
 documentation/ESAPI-security-bulletin1.pdf    | Bin 649591 -> 68722 bytes
 documentation/esapi4java-2.0-readme.txt       |   5 +-
 .../esapi4java-core-2.2.0.0-release-notes.txt | 361 ++++++++++++++++++
 pom.xml                                       |   4 +-
 .../java/org/owasp/esapi/Authenticator.java   |  25 +-
 .../org/owasp/esapi/crypto/CipherSpec.java    |   4 +-
 .../org/owasp/esapi/crypto/CipherText.java    |   6 +-
 .../esapi/crypto/CipherTextSerializer.java    |  96 +++--
 .../org/owasp/esapi/crypto/CryptoHelper.java  |  23 +-
 .../org/owasp/esapi/filters/ESAPIFilter.java  |  21 +-
 .../esapi/reference/DefaultHTTPUtilities.java |  12 +
 .../reference/FileBasedAuthenticator.java     |  43 ++-
 src/test/resources/esapi/ESAPI.properties     |   3 +
 16 files changed, 548 insertions(+), 71 deletions(-)
 create mode 100644 documentation/esapi4java-core-2.2.0.0-release-notes.txt

diff --git a/CONTRIBUTING-TO-ESAPI.txt b/CONTRIBUTING-TO-ESAPI.txt
index 6cb2ee965..a344923c7 100644
--- a/CONTRIBUTING-TO-ESAPI.txt
+++ b/CONTRIBUTING-TO-ESAPI.txt
@@ -85,11 +85,16 @@ Steps to work with ESAPI:
        if this is the first time you have run Dependency-Check for ESAPI,
        expect it to take a while (often 30 minutes or so!).
     7. Commit your changes locally.
-    8. Push your 'issue-#' branch to your personal, forked ESAPI GitHub repo.-
-    9. Go to your personal, forked ESAPI GitHub repo and create a
-       Pull Request from your 'issue-#' branch.
+    8. Push your 'issue-#' branch to your personal, forked ESAPI GitHub repo. E.g.,
+            $ git checkout issue-444
+            $ git remote -v | grep origin       # Confirm 'origin' refers to YOUR PERSONAL GitHub repo
+            $ git push origin issue-444         # Push the committed changes on the 'issue-444' branch
+    9. Go to your personal, forked ESAPI GitHub repo (web interface) and create a
+       'Pull Request' from your 'issue-#' branch.
    10. Back on your local personal laptop / desktop, merge your issue branch with
-       your local 'develop' branch.
+       your local 'develop' branch. I.e.
+            $ git checkout develop
+            $ git merge issue-444
 
 In theory, you can do all this 'git' magic from Eclipse and presumably other
 IDEs like NetBeans or IntelliJ). From Eclipse, it is right-click on the
diff --git a/configuration/esapi/ESAPI.properties b/configuration/esapi/ESAPI.properties
index bb10c6a95..e17928c07 100644
--- a/configuration/esapi/ESAPI.properties
+++ b/configuration/esapi/ESAPI.properties
@@ -77,6 +77,9 @@ ESAPI.IntrusionDetector=org.owasp.esapi.reference.DefaultIntrusionDetector
 # Log4JFactory Requires log4j.xml or log4j.properties in classpath - http://www.laliluna.de/log4j-tutorial.html
 ESAPI.Logger=org.owasp.esapi.reference.Log4JLogFactory
 #ESAPI.Logger=org.owasp.esapi.reference.JavaLogFactory
+# To use the new SLF4J logger in ESAPI (see GitHub issue #129), set
+#    ESAPI.Logger=org.owasp.esapi.logging.slf4j.Slf4JLogFactory
+# and do whatever other normal SLF4J configuration that you normally would do for your application.
 ESAPI.Randomizer=org.owasp.esapi.reference.DefaultRandomizer
 ESAPI.Validator=org.owasp.esapi.reference.DefaultValidator
 
diff --git a/documentation/ESAPI-security-bulletin1.docx b/documentation/ESAPI-security-bulletin1.docx
index 65d941b93774eb9b5aeee19940177fcf1299748b..de1cf53dac670041f85e8d96bf62c87318b8ee01 100644
GIT binary patch
literal 14676
zcma)j1C(UT(r&eFYuYxaZF}0bZTGZoThq2}8`GS&ZA=?)=KS}*Gxxmr?s`$H_NuD2
zzsTGfkr7#$U&u>=fT98*At3>I{;aZqKLqC2XI%$lD@S^|-`C37UP%x}MDQ)o9D_7Z
z*Cu6Qqx#O!nGA7n-`I%@@C<43B8|-rdFVEImEKRxPlt!Z1?#wPT^_}Wco1OaZGPeY
z`lo%lTh0#+9U(H!X1Zq8g~B&S232FSBhaF8kG`ps;yQ=v#6b>ojyD=(jBuEZ?sFj9
zZRQsYZ)d(Xv+CBB{tb=PB`!H}?@LkH!kV<$aO4_8N=*suV})A9e!_mnw^~C_i6v6Z
zTgEfbmjoA{rbls;y^66?bezy&QZCsAhM6eqT8c*S>OVeigo`I|kMGk9%y(9Adq=<V
z#7w7)L?q-adjrW!K|t<1+zTK5di)t+06_l#IY3Ci?r^nrFrs%fc5*VeF?FPKv$krC
z@3rY;fDOL%45xB66PRNogx*mwH?vBBMnJ^IU?R0oYH`{>K183HAv^bXk-B+#_!ymX
zdN-GG0^qZ>DMbc{h4!G8G^`dH)K7uS5kZq=#e?G&d<!BtsBbrChT<PkCftFilTKGU
z3oDbr4KYAa2_{t8QltK^DdF|Ay+xp!Dh4dDN5yi-KAw9(#e&>q?IzSL-$cQWz6WWS
zBrKFmK!DOx$g*`3ikgl?JRyAeTAgl2CB94U2`cI|vjNuIV?ooJrIA{RK&`CvJ;=&=
zn^8|fsA)hgxy|>Jh8C09!%`eyKrH!jBQQ8?tfD1>kXS2kUtg&)p17kJnSd)uuP$J#
zZSQmTYg;7&h(zOI)SFytpK8Ixkwsyr*vA>F?fGKOqes@j;@3d>y6N-r9ym64Q(!DJ
zqz3815L}wg_ToyFOs@;ar@VUl-?lI_brzBV0ss#Ft1WQ<ZHxc$SR-3QXKP~{r{5O&
z%X=qPWgIgY5IYZ58E`qzfsD=u?9D<?dygYcZ&;%<+G!TmSjCl)^*&zcen@1>#)qM#
z+yk5W6+ftyuP>PUq>-rrNjg#juR3Zrf%%VyMzGiTNOy7ZwEMW&aRvuszY0&g7ty|o
z9ra}6Bs>M0v4tdBsG1O5O-h#~V&j&j8YR-2!4|ArIESqa)l6sWY2;JXEKuB7S=Nnh
z(f)8?+l38|-=~DUoj?`NPzJ_EDh=-iz4tgHik8XF>FS(5J`62DrbCZ`rBaJ(F;;J@
zE8r~8yV%qngDmFN#g_N)8mXNFhy}{DRLOr5H^J?erj&y;OSdQY2L|elW**tq!kM*b
zT<s)wwV7$>I_9tvMHpgfsZF#8rc0n46|bCBFMpDNk!)GyFhlkeNb~*#mZjqQnO1Dl
z3`t}US_^+(5mCkLyiR=ugC%GSMW((QjDcAB%H8fzH&#GR+u<WT@Es28i4be+w$;ZG
zFaA2n=PfHzh$Xlmhea;<eIYi`@FPC5Y+Ub5*K1j?%2C+!bBxnRp%|u&S~NhxTe#1j
z8TlP{Sf*ytUK6Z>4wR7!0|wdp%JRog7w(F8yHusE2JPuy4nGUKK$g_2iP^KFmWLc0
z2~m-)1*xa<m5iS#31L&dVEOu!%WWdfdn;{Uw5V)U7D<OQZ3_U@iRQts`W2@NzI8UY
zEQJ=z`5mV9IV?&v1~vyz4fiuE>H}8Z4{TLB<$0vEJu<Cd<cVujxfJQBER!;|aI5Q;
z+*~i_2X{+6z3TGgJDVWssVVhOct@$gLgG=~i7xVMJwz4ozt0MH`_;?|4_$QB&$lqJ
zR1%jONNaS;Fw!3q;HKkrU`>_yjr7vVSJpwl;jyk;mPnWvlz95I3zfD}5x;?<YPA$<
z&XPQ#s}4!dMQc5*_=R$3`S<1b5HCT@Sz0$VFO~5n^hqDF_=%w-6sfA8HQHG+q`K^$
z?+y&zP=$0RE3D-lCu5v!uN+y6<7UQ_i#677{+>GCdS>3&zoyML+<yyW$p4-?Cbl+C
zO8N#?#=mDxXZ*NqKLeu3gICZ#kMjzc;FmdQKeaqMvnSs$W^>US;+xdqcOIJ+amYG~
z5@XZp-R!jTG<v=YBraI#4KxSN(E|QrZxI{Kk><(U^G;OUUS++Ge!+{leFuBy%bS(<
z5u!$}sdhm&#->(<3Y>->l+ABatt${PjNbh!&b&(2SJ-I@ZLAi_#;#+)9PaT@ha-<|
zWKnWD-I`9<6v#9D(l~ZPwBv*3oZt81t*||W(A6tyP^vflPhp%u{I2EeK@>-563Q+?
zq)hmPg>*N_HNxAlcDNux3wwnm@$~s}PdjNlv5Y6_COyPScT2uEwh$liebXr!n8~1B
z#4Nce)!U&mhRC}7T3$O^l)|=+1e@e1YTW`nL5BW{a8`b}<u-A%3zlhnS1r4Bw>3!q
zd$^(URcq*fMJjsG|F7Y;ake%vcKDSyeh>GcT5t64`1C+cB*jDKD+C#ld{(GYs;sQM
zZ~@`g3rb=|yh^g#U2QM!%c2jYK0a!25an)*$qf=CcS)j)%YcEEPiUvYrlyBo%bx#&
z*wMvJ?_Gn4{2g;YatHBs5SaVCi~AFZM*QaqG@HDpTq5>hf}}b~8Yy8)GVuyEztS7h
zNEDI<(oIdVp<VxaNSHh#2^)dcdm4Wx=o4!-NJ-fMj~LQXqA5_RJthMZJ&Aac7M&?1
zuaPJ@!c8?LWa<6mCfq}Ds&%4CX#0)x8P^Yx(Oy||F<U_g)KOhhb*HMXVX83fczlQb
zv3X=*O-&{2R;4D8G3wYxF4F5Xtw_dbCjXlRDUq(NhltDa`nDfF!lstdDDF%c-R_M>
zEGk`Nxc;<Ca<`ZTp%*`QwLD#d8ZBxHAKDI1VE5ANf7z}!F?I6*M(oyE%N1CkJ@^V=
z6tQ#C)jNWI`u^CvZ|1r!5YGp&-56$JCuWNA{2qALRy3y1oL;l@+3#vdp2KZ-yjQy)
zYJV$@BINw&%;t=eesxia<8c?twi7DQTWJ4^p$nIL3110br8vOrhfZ$VJ<%8m2Ny*`
zsezl~Q|vGa+Mq|Lm3q9SXK&zFdW&__tp&}wQH21unZkqkitt7;hka`)n;G!uHLdt^
z^WCn!Q}qIYjElq^isgs3PoqiAw5<X-N6n5BE>^3T-z(O$n5%nn%vS14UD&+EQe9k?
zKD*6jeK0Hchjb}Qw{w-@boe0|uq`a8ipQLs#w4O|^x!gOoJ4K9CY!s8IR|{`rRI5r
z=AGN_P6^LRgcQbo1ogh?*Wj5new8|V|7($ho{4sA`zt!EA^taaMf-Pja56KtHm3jU
z%J|!3&(&pYSJ^PTE>#iRn(M5_o&7mQ&VHOP7QrDm3&k`DOI1*QAviARf;+eG@zr0i
z>4!dR>aVHfhdG;lOSi&nf<MyzQI4>hC{s9^u8*gIZx!dUVcQiW{&bV{f+Q3oEIzgy
zy{}cF9y;*p!5r7AVzs|FsL9#*G+^9KF^Gf+a;A1|0FPRUYPrGsxR)gv!(Gsz<?{hi
zA9OHLjkjM6ztq5)N9AH2v9uw~AUhG>>7tu7kAHBfq@`t5$MhDp3RBiqD*F{vM4NE%
zPjcC3V$-@|P|kr0LqEJ6e7I3>W5VD<e;mB>WN#YJ)4EPXgEB#t1RSFr!79Wn@}JVO
zp!q?$%w{%PE9ytphtEs)Z(qBYT+yGI0QcOX^XmO<5Z1+9OQn7{<Id}y>6(_w*Xi#=
z*kAKk&)aZFy$r)_tF~7gRUF%O`aY+)xvqa)xKuAuZLgDdH3s8rt(dWnKf<CiVaqMf
znDbyHsq+tIYBTq(0&J%-dXSAR%c)ahlovE2u6XFc0VClNXi;(Lq(+fEJwNSOkWq`l
zugH2=vb@F;EEP*>Nq7WM7HWAV8Jq@?Z%&>Ns<Zh-h7q#y_#U4gxBGV?_^=A9w%KP2
zb-q44>BjI0`0&2n@8{D`x|Qzwyj;)e`aJc)Dsf&7s>*%!x!)UH%6YqfBL?x(+=_$8
zpA8jvO2EzY{v@CW4q`+yMaBrrxIo&p%fEwJ%mnVF8$^0HiDmM`_cY!C{1P%3fO2(m
zr!%@8ATN!^3aAeG0@X6kaq6HSdF){!HQmPoKQT0@G<<I8WmdPYS!(N(-lI`Omed)W
zxVB~}?|>VdN|Cs+iy{bX;7Uom@0{Y{FU6~JL?@yx9Yu*X8^;8rosTqcY~p};qCGZw
zfj7TDQSdbcH#u$wEj3LESw(VJnOm8i$s>}uh}c#SEj^Pv6{<SXt~7TRNFVp7H&LO)
zL2_!+T4%IhM5OViaeYZ7YPhWQ2u`XaUTZ&jC!$!`cT?;T&U+yaKhp5;pHxN3-CBia
z8Rvn9llHrW!Z<Z;H;V+!bO?^KN*NkKxA(th)-saW_g;}!MVomc+cQH?cyA2ADLw6E
z41W-hZ3Gvml$xr9wLv#aPV>-tJ>S>g!e<Y8f@1IRaCDO&y2fReKR>-vx{vlXb$y?j
z7fx!wU^G7CpTuk>WPVRZ%;xhQwTgwJWqXo<ObKd5rbA?J7xgcXDTPK5%=E<~uSXma
zbSC)HM~X{ZA-TT%lqfi{oXN$f1dLs-eQ`Jk_g2#?pAZFHiepg#Eo)g}e>@q<!Eu$i
zh`VGp$@4wE(ir6#eEV+DZ?5dHNIy?c^p)kZ)!$uxs#BP0fS1x@4->>5yI5ND<)`{w
zg*D5@#EN-%L58JDs^fH?WMd=M^6B}=&J84<pQ_DzV{Ax5G;8oVx|S%^Q39p1KKcOO
zxS|L}we`V*@8tMwsWP}0QygTeOAV}J>Dl6|wsgl`_XXP=ccvTwoQ*RJBdX~Z-$TDT
zIXQB8KoO03T;D!M4h;z+&nHmSit3*6aeYEHMUIr4>g3kX7v35jrh4s31f!zsma+|`
zo@4-wys>fR@aoKCTZnCTt)ANJBP5SyiV^i;9gbAHwWinlak&(x2?#jfDawV0PHDt1
zC_dH$1PCW&0{t;4msTMKQEF4QxGTP&)OMfKAs$AsQ4WNJf*}hUjL@?z^p<rjv+dn0
zi<-*KWV=fGW)q2n#46RrmO5%va63~bT-c~(;oEZ21vXefv)kcZ#gC`V4jwgZi)>^1
z*?DnYPgJXpG#FE_`Nc`3rFBI<3l#RE+&h@i4Colzhi0KJgaxq(JW~H4w><5JO#=r|
z-sZ+F1?7(mHVbus7m?0s$J<iU_AhZ~36pQPM(x2`?c~KPI<{Xlxkilg8-3~?k3Rj_
z@Vot<NSW5{(1s8)yYb2gIb%pK()<qod&MF~xfa|51^~q4{I?W<@b47h=;Ur?{MWzS
zb*)K<H8$j~OT`+u=ED!UBzsA0b!uhG=-oKiX-wq&yg@=t;D!R+tV4-&{bmb#cN{)`
z9etqKOv2?r@vyT>c204j*dv6a_bXO@pxgBa1kcT9Y2u4oJ#z$|2kQuMc*o8y7jvJE
zRyWpWS~~G9<Qy<3b3O$dpN|9E&Gj6+>mx;*(PtpOR^1gY!oCEZ7%r|h@>f<EbAn52
z^#*c59nt1aPxMy(0o<`xmhK17{;xhOt0?p}%*+9d3=I#Nq4rH^)p$*pwdaeDC2XYS
z2+z-R8`H37S!8g_2}gABx)Pp*NE<`9Jl7>ShMJy-dnasqNXw6P&2>EYILoRj9EVO)
z2D*06Se-Gm<9CuDt$Kc2i*Hcd(TB9>XxE)Gd&_l3uGm)wP^4O!4l$_EcwG(W6FpH@
zomRaY2~n*|KNHA>s~#sDVTP#6&8*yti_<53;t;&Z-e*6-*T<vLr#z9gOpcjdo$R*#
z@Dutj%4TYwaJ2BOq<mJGeVp`$mR!wZCypz(`>4auH!$`>f<7TDW#niwH*b}iK8bVU
zNAM&(!(V}tJl5{yIho0IQWexu+wkI|@OXXVy;m#Fq-Rc#ZoZv<(J3|UT#Ajd9MC)E
zc+BU@@;FlJN%L_m$V}aMRKp&d6Ec@Z7CpV*i~tW8gsXF7!>@$7Q3~DV!FeCO)y6pu
zbn4#{SO()WMF3$QSSIh1Sn|aRZj2v>Bv+qwrd~R7B?GhhGo!h!!OF%!MQ511CrU(0
z2I7R@9uBRA1ps|v5l~QC3B<0T2_pZk30#lg8V>Pl1)HF&k(Hl4r(zq?8}39J+i`0M
zg_m{---*__^i1<oLfD2F`GO`X0_Y3{eeqgUiOqS&UU7-Ypw}A9g#8Tj;GB02>B1f`
z-*{>}FFg9}xz}o3A~DBp$o9TL4!_R0Ss3Rmgg@YT+HJVVnWoB5=X4rudFeu4@l!U!
z1j}k={@D4xng?Eu$9g4+b61%$lWo6n`4M6M=Z^OQb}C{~eib1<cv^J3zdTUMQD1@L
zOU>I{)mb^FYJ<;WsrQd}_u_kjuAC;-bjMbr3S6D~dqdYjFLZ0eO%jCqd*VmHm*t@Q
zfJeP<NfMKDF*^a?O2y$g>SpL{m(qNbL^`mA$l1=i^xC!*HD;Az4NGtf`ZoL{(-_m+
zRnwr9!-I4^m$i8inL~8GL22Kx<C;_DS7idTo>Jv7wiAyPwGr0?OxMiE34T0NerEaM
z(izx!eOVTN0ur%b+SF%Z=k42AKnV9`*gyJ4G7!OtZ3R&~I-qK=Zpfao2Vv*04F+KY
zNj4B6B|5$@F`5v7UV{^a?!eW?4&VS2hJ6MVM7C{d8AP-V^(Wjw1e5C^M9+2;q9M5s
z<`>_A^ZVnj`Q|U8h{D&wYJdFx*i97fCWH!m9Zcc&OXt-9j={flLjJ2wLd1ACq5oT>
zHG?1`9fZ)qzu?@zl>UbQ(b(T`e>aeSw)(?5gy>gag?_<*_w_gYk3Ri=qW^&lbO1qq
z`{Q9&ECW_dPZh@-c$|G3%X?e!n{MAaB_Q}_Xrs)wda_WpK}>j9h+R6HA0unI${h?J
zN+<=eh1_vA4Lvd@i2)frjkHh0NzM|~&8tyVvJ7_@FvCHK>fRkPycC~=%;_gC@4q)!
zt-T6-`n>E{HBmZNhNR+QMCC2s%qp^wGZ!HDkUf5(N`r`W>&y|;&+siXXUJchH+a@E
z1Vx=F+}uDst8q+n?t1YIG^yjq3~huNHh3Kxi^5BvB6UvYM1@>4(NCF`dE1BFjQl&=
z(^MD9ow|>?r_VB}MFo=PFkw#a>@!L7z9YSNhVmlyzPzDj4iW+F@r}I}V&C>I>|>3l
zX$UNd=}?44JKoKhoQ8?HrVqI!`(2T{Q?#|DF0PS<n4zN&-I0q>jcVn+I^WMQFgJWd
zJV)sjwzl*3Fsu2#ew@c_epq|I-Q-m3zQ6oj((V5GloFS)r$|b!TpN~fva#9#J9A@3
z52b(OIY=lWHa9vbcnA$whSETiGBq)5zzPxP@>#Rz&>bx2aMJ8pToh4Ew19v7E^<<T
z)zGEy0BWBZcbqYnw(uvTC&@IL14O~@b>Q)Bdx3%}syrc<2LyJ`dc)m%8ItNT(ww+t
zh=Pb~IPn;stjSyL`uKH6Pej*iYYWA#0l6pEQ%La8^4v*gqugrX+ufmD`U@k5Rdv0g
zazU8ai8~#W<(L)M=`@7P%hd^GcyjYI{E=y8K04cln2tgMM_ky(n+9Xn^sl`i#AjRG
z9q2v0iGqr(lu>G<CQNM7^H}DFAPMy&GPE!*N>55_=&;&sj*yDAWS)?YO%bN|@vFn>
zG@_i$)-;Nn3iAxk3%8*)vE8;jhG~E1@@;m$dTiJXnY^k_xTsJaiAsqcNAA)V$Gvg)
z0TLwTR%Zb(AEC_lNO}yU!ZzTx2ZT=`D^+VAcl#(nX7Adlx2@)+teC2;&xKjDhpl6H
zvq8$<l<{N_tXRr~^kRpFGFpWp1LKtwW2c!qz2{a?70K|IJDo<^=0J>?yb%YnaXL3#
z3n{pK!)UL#&DV3vTeBhI=0#NJ6Jn3svSb`dx5cuHg~RHa<S3={INNFEA2zA6qa7?f
zD(f%C=H#|*q=WN)N~fyvUxqMldzalsE9T`vqQp^KB#A|rSJB15#hyvXzIw>MRku#P
zG0Oo@ws~@ItCIG#g7`W&gy4RPI%V%ryBm%OBc$bd0-uIS#QJ$J`)0|{S4Z4i`7T&}
z&`|EGl`BH--J9-7nvN&%^(Lvrc|!kS&|$qC;J6z2tP-w33{6yYQB3F`r8t=UwZIz2
z*puz+j`GvCq}Ty(l;*6$gWr$k0P2$$zSuo;^mKgXTA2&@=iBfXh&bl?n7i)GC~%L#
zp*#32v#rZ-AwSLSW2vGyF%>vMMuUd7-Xu=EZ!=IB4B%}s$8WS0F8lc1WY4D5_Qp`X
zBDE=d3tCB}kf=5z9iNJHL(d{k(iJr8SFp%+l$H}DFK5SH7Cx@)PI$K7ZOsXca~?B3
z{`yniT_wP(3<Us$fBA1Kvj2VZ@aI1FInSyMPHX(-3tAw!=@wvdA%#7CcY>-e!Hp~|
zY9wI`00UcMBWbW^aUW|nIyUDu&_z=NbJl!TJdt9h9OoTJ!&S#xyUQ=2C$Zjvda5&M
zanI+|g)3%7)DTC-Tft%(1&v~#D~N@FK;50yUGYgNwU!&+y}-a;Ee%TX>FKHa&2a@@
zIW}6v3M&#ZqlvSkfYT;Jk7Q^~X_#qdti-Pp++s~7zz;U?qvY|^a}84+oB7gdm!b?Q
zQLraS;qY3Y98X0%o!HkZkMi$7sx6W1VXo5Sq@~$b_KKd!cPT7CYa1_?&gy?tCWr(Q
zjwJqknL5snU$m^I-^(t$L9A|kAb)FaKIYCJy*6ne>}WiK8;R|^T`QK~<2E_e=hlfN
zC(O8F*ZEz?Jc(@CY*#O7A-c6o9A!Wa81;Nyd<BcP15no5{z)l<y?xbfgl{+3n<+Bs
z;0+QK2;2Ztd!J)OP&bJARr+W;ttcitOT=Gh73CA2%EoqCz9inInUy>}uQx>2W&qHs
zNQC(+FW=jb<E+|Uox`(0AmC+sufFAvw@b+nbve*d@QFHE_BhdFEO={ky$$kE@z7PW
zZJ-L8?|qOwNJ)ohAqNXZ+yQVtQ6^zCagp??Hse<{-{ksKjO`gc;8DnH(KylX;qDwB
z)wIr@#2K2mQmDWt1L`ie?QR#PP`F?>B3~WNiNEx{HCXeSKDfA2|D^x2+qMWfyDFQ~
znM%5bNoFXQw_(MNt}^b6H|&>9I*xt?7OM*r&DqjQG@M9yQfL@kzB~(M&3A*}<;<5p
zjLP&tO)K=7e(fEynctLm)$_RlSeJI|tp-`gVQEV-_Gjck&q0>#&Wy7q%`wPBJ5l(C
z1B9Psm2G%HTl?ftZ~Tk5aV56yrtbLmQ83Vns_(IwZDQNV;{1<&7K;kr4gd;dK#Okm
zI(-|4y<t0*<Zx{_Lu^~i>_mEp>fDX@^D>RzNU2}TaJA55paA!oXFG(AfMW^*c4dG;
zXhpHJknvfrE=&yQa1R$PsKFht2<gx{4p5JAfRQ)w!{?WuwV;E@4&e0s0{#%&Llj^A
z)*=Np>_Aa&=gTC)MG&E?>MuS$e4cC5vEVoscECI|gi@k#$Dx;|rZiA;BQO#t!h(rG
zMj+SWsAzBrGw}wJRCNQs0h$Qew53niwi!f3wet+KTZ9>)7vcNj8Sw5rqkCjLJ7!Vh
z&ZJR9!9#lz#A0o9qDgw9iPlGg6Xt=q$K_)>-p;X=DjDbv__~)6rN(11=CXsCdC4D$
zGurm~l|EQ9i;tH!7zZ)#LJ0?AVG%w<{9-5SBrdgvG2{pf5Lr-bWf^TE)!&e%8EkG$
z;Po1*D1ghiPnKuK8^-|C_XQ)Eybe2DB5Uispnv{{NB(yUyt4&S7u<EksdZ#R9G=_9
zN3SW;MWVz-tA>dHy$>r;4Ppt<Q!{F}wzxtunaL?V0{<u)o)Y@CGFBbuCiVCH#Wl!<
zd@@T_b2x=Y`#^likEva673+p@P|xzk3f3Pglo7-MRu~ETAw#{ghPzn2HhtX+7Ld7_
zm<iDL{i4sG0wKAg-ju(MuK&y*<q!JCMv^|qYo$;;Qg>o7D(BUAimcu{FQiX6@`_ai
zexwpf@|ke=p+8|gW*Eo%N<Ovvf~EJy<&cKH)T|z<TugQiVfc&$)OVjBx-+gOgh()n
zd!zHMc$y9P=ZN|8X>GP|3ur`j)6HXni=x?0C5$T6xhowRr`g2?o%&c&>Je{vm<ELB
z%Wofg(14JOAWTL>@m4pTnfY92CQ8&NPLt0uHlaH)%IKq>@>BDx@{nlo&QI1QJ{qm=
z&RlL}V`lSOj5Wwb7`=&hHM<>uI57M`f6qqh-ZKo?cTu8leGeT)1-K9NS<3O&Z6jE1
z+S5YsdZYs}vDZU6O9&kO_pe8-MGW}5WO4Dy?c`c)f^Y0;TTim*O@vRPCEdmz@zY*(
zLt(SrE9{doae?iP>rvug#qLPrxTDDx$}w{u*GKku3wA~6x~V;?jz7AT32mr?tWXws
zP3V3IH*R9_$dLncZ-%yJl|>2j@<Q93ojr(5Tj3lAKvvA+=)a1FH5Y(7*hV3bR8EE5
zXLuAx_{`q7do+8i@R_@w;yr#{<K;SE-0U{b>8j|y>>IrJj-|!RXVJ}7=DOLuxhQuf
zcj)~xnN;VmnH7Jd=k@VmUKMa~F@=0E9Ce}7cS{t%C`#6K<5=+q2JYkP@wG#;poV+O
ztR91Cs}!m0RTmq4AkcPoA{rD1HFUAi*uu`61(-q?U|vw<8WJiIArBBI#IfkLW-(mj
z@fIPVC3#&hMG4lQ3HUJ#QvK`1PSfy1fpS-4rqr_ZKnQb&3jK;goY)3zcV42WWQ~ay
z9BGm<KqnMItxhOx1OdB@k()2<VL>=n7h=draH!yjXRy{S9)N<CSxFChRLg`efK&e1
z)|*!jE8608bU@$UUxHl8zobSP>B+FXj<T)(wewy?42(}p=DT&;(`i|r@|MPKPZ0)p
z3#JA4i3L=!%HZJn>-(&|f##sS=CIi}WZGJP5<cd$vppy%TpTmPCamn8A=nxV0AJC!
z7%$XOU-)AKveO`<Qsn`n<t43Y+=u8VFgpnG=q*ub8HhBXRajR1n4sMO$~$x#1;xB_
zz_5tB(=NN`He!PnIDipV6yA`WpM7ak(L7dy)t8K8hDo%jD{+WOadNtYfjTDApa2HI
z9EzJygw^+U*1=?f9YG0TMT(PTNNJS@biunDBI_iY6Z3CuzYrP2elrASqcD0~-Z=rJ
zC`LU4F${(=F2Clh^bi}GlU99_KM*s}6BAYAg%uCbmy!gL_e}?RClF`AWhZ5x4Oohz
z(w@_88(uzIxt^IQA4i?OH_Y>Iss+X_;-@uYmY<<XeC*L-X{YU4Le!secoUCYj$`mk
zcICJ_uNu&?$&m$zNp(PFgMlEZEo~rP^!^UEj_=Q%^R{ySc9lrVEi7C^%OHdli%fr+
z^%TL6Z4^(wsuv*C&|iHG$-S4A`QBq{lxCRN!<dujCy~gAY`3Q|6d9t15E1VQlVQDp
zP3HO2JsDxfwfL1#H(7PeKMs;kWjw&Y#E(DTqgNl%J}xwbA0$^K05M%V1jZg)ME1~c
z27V854Fs9o4)q)2U5W&8#2&yZd}0#-DmP1k&gsY_2n3x0S-itx3w10X|0Ofy)nDFM
zh&WVu(cc(&6lN=A-*5&ZT0hg^d%V~UbB!250#d3QW<&CAyk$#|96N-4gp(QUpzkjB
zK}v`(hl>brJAGkm=0P!|8Cw1j5e9+bAm-16S^}IYPWF#VVIT!(*^4S|GQ?!uYK87|
zjsiKJqz~~zmv?nh1s2;>`J5z%Y0xbkkGKR#8(h4>fr<k}Gl04dQ7ye+AUjNteupU9
z5~qjpy{~h{$?kr(M=32RLm#0zg@Gjdl(;#_4@9Inxlc3pm4Shgnu!O9hi-xVAB18R
zru;ygPn0IGkU4#@@P@?j(e!OI;*Ea6@^CdLJG9z{c$hd#A@yxXy_*_6pC9k?LZBh~
zgIi$ZKlu_9pQGtPLY&Qqr4z+R`kpr*UTbBhC_Ciq=H%qm@+kmOF>Y^_Kt|kStjt95
zm%^mc*XgRYB45}wMEbz4Dh$9Q@!r<zW!#F&0j5xwIcAP1pOoVc!Fv2P6K1ypSZ=(b
zfw>?+x}@37fXN}fqk+ErfAb4QwA9|OVHBD0Ht3!C4x9|UgEYZ(IXFy@3WQZhGV-}9
z39ZHje>S&v&XMAsve{<|Ol4j~X4mQt*QHG#8EFIvb1WX`aVh5`h!7ukKPZFV;*Hci
z?~Qd<@aq%SgzBvyHTRiEjBM=cT01@Y=UpM$gIOF?2AZ_|S{~a%9<d}AGBwscGQA#s
z=o@e+!1Lift>Q|wHHMNaMk*dE80<v@q%@3&RvPLfTq|k=jNNPIBh7+EtAZvIF(ss_
zEjlbo`WH1d0+pXYBaU4=to*6Q6l}TQk9+xKC%@PlLH;zOE=36J;qsImpXR+HX1|PE
z;-&KLy<|1H0I~$#E6GdhqMNsW-Pa<>eTU5Nw|Ss7I8%N&Z<@}@)%g}H()I}RWld_g
z^;dLpI&s@i$=6+0H0{4W<z@8UB6t+EO~}p|qwqJID`iK91~3wxT3~!Dfi1ysYuk);
z?qwI=`2@A3_{Ae;`}^%CG9<lF^+ok49$+>+<o3!4$&3N`6coOnw%3a|iU-74kgzg<
zO?H@fB$VvSVpZHG7gW9FGK!Xah-T$2q_lcL3k*R+=m01Swi(`@`i=jUM?nYR0gQ^G
zqsyw_RasEng9)L25AaqsjuX(#T#zDG5&IQKSl@Mkb-X)Eaifb~FA%!%ehFiTN-6Cb
z*Xhym{#n;__;NF|<0a|sQLOAtt{k5X$s=(8P-0-q0j~{w0Biv<RQ-h}0l(Mw9janb
zKcef+{;0^{1L;YEaT#^1FUTGPaSeFHeXCl%0qN*YJ?;tM`ha}_2F91T*g<pGX_AB(
zjt=vhJa`Ne*bGvgs_U9gH}d%ylP6LSvEd%4T`mU?_F15w1G0Z;t}~#Q05bcWWl+}A
z^<x>{_M+LssyxHFzn*FIx`^=YQ~c*DD38Rnyuyw*+sn=QWFF#I>z$JUu>P;KxprO2
zi&pRFxgY2tjwo9`Z%>=!m><=AA0fcqV)fsMLxs!*QoUU6FHj&p=QXroYv)>hRv(NR
zrY|GE)LHDseJ)WjzX47Ng-8?`h8;njAQV=N>y2G@KI=NZ^Dxc2U3xg;d))mo6N(o%
z%ha6tGL=2R@pQyu{7DA2Cs*pQesQ09YzBE3r4`YfKeDw?LQ-ytPs04mv?nz`I1sI0
z+JJNU+~c?G&i=4WU{{Mvy899X@yH2<pI53-@9CW#$QzXo8^|0LhHHZpSBJH%J_AeP
zrZRZkJ?e^P&*>X?K&ex>WsvotA>?8oW~?(Ey<!ORY1oerMTLED=#S6nbGj;nZrvHy
zuYC`5l!0bHhC8c+hB{u-R8srH6jDr#yI;`*<~5{2rwWbGqdf})!F{1F&|?^c<pZc*
zL);h;p+qBFN<j)hj4=y>Uk!66dJ|ItN%ZyFWZmrr;Jn^DJ1UVul=w>+L`B-RSL~#~
z!WkyKn56ntK{E&$H{KAL7eprH!)c%|BLI{>#4#a95Mb>-V!Xi~X#xZIhRrFIC%RZs
z?{T|0jy9yyI8A!9I)(UbM0WgZQwaRUaGG70re;CSxN$bMI$@^s;2|b^^J*ffox1)D
zXD#+o^iW~z46uy=`sM<=<ZqA@m;JuQ^t!QrR}yd@3CV7Py^QClzInM8q1e<jP=GLd
z1InBe?qO=hmOZll$C8&6CdLubM6*H`9?*Ho{1mkE7Eb)U6!L40=OTSS*&6w)O%K6D
zC68=7a8p9L?Zvep-Mc@EhHhVPE)zkK2|W;{j>L?x3(^$^bZ8f|E1II_)e9F`+w}tG
z4U(zqzqsNbJFu!TU+19)Vc_PlPZ<pYzQxI`z{cdpKOrequ)`iNe+5Aev-cPXKtzU?
zaEz_1s)Zl_Rw79JbB+QT9g-iAn_1v(HzY=<y2FYyhHSlJhqx<6<(di*U`T4(3Nd_3
zY3q4d^ebCZyCSXc*Q9VOdwrMG=Mht(K3Msrn0uzNXe(8lG@})omdA|-RWk;A#(_P9
zCVg7ZDpL-$%9-erct2Xf38M*drn@#;K<F)jlZ<SYy8n%vp3KY)0zjS2?+GlxxQCty
z{N>nA$&g&BU;)Dj6{LbD)I?nXe1#xaGLPk%Ifk~m77n+UcnvK5ive1~NKiBo;41G+
z1SPsHEnJ`*Mk0lBi5!RvA%NXDBGLMrJXnB5j1qR;QfIR)gs;s(fh~qAGzd*)+OuS|
zb1n1G6wAS)xs<84;+Z7SZMU|f?i_cH!3K_F_MWN{7Ob31H!Zbbx4tXXX5B=#>#`K#
z_eTFlND4N`_E(3EZmjF8a7#y9W!}T^O4vl^jj2s0Rop7;6wFMicu@;8$YP{y{e2eN
zXLPgqkv&sr^axM>Q#C59HHRnb;<KzSkqgrnZE&d}=s9xt$5c6Cq<hY=k@6tlNtISq
zL?7*p+Jdq5c2b6F(PA4pC_o}15h@=4#RQDkfEzk)9BE_Pdn+1>e>)H?_=Q0gNe9e%
zxRnjIW!P(_xkIql1EZs|l4}r{R>Lh=x`(y7nvh>&BvCDwL;9`?joEc{%g^Y_tZ$zI
zI>jz<3Qm{3^~vZ``vB$=*Mf33OE&Bef=>KG@W}8@s%akh8f+jn{EEKuEQe-Qs5fm9
zU`(K}+r$WA<oUJ{j3CQnq_zd(V-J7l0b;Z|S`8EjrDNf{p>lY8)J{j=E-)?2H9dt9
zXO?Qq)rxbQe$JvEZbMeWcJ(QB?$OiOS0{EPWzNHle8oz@nY-pbRg%_df8w;Ho31>X
z4e@Le{&cal_+c*BXEmA_LBz<KD(N!5el5vXHRw>1Zvw4oi?VrpK{dkC11JV>Mp7W_
z*tZwJ!zp|5VAuP>1%Q_pO-nIsyohoOrt&(wN>oRBZiC7Lwk%OyC7Fa&8sTkT2T&Dz
zNk99K6IzdUm!fhE7bk5A=%>0~)kbz|>Zk;qvdeM7Fbd~7l#P-a6(wb?G|7W$Emj}3
zDkWiPo4NVOSfoo;Qw<uaqP{$-Es5m4X!O}-WwF*B!<Ff*WN0=F+<t$ah*xOJgmVR=
zP!eiYGFv~Ppm*ho12{YDJcaRgl!)EgK*W+PgHC>Eq<5D^hOioL#D-#E?^d2AJnGQ5
zAu(=hG$}vpJ<|1Je*CR(k{QdgWJO1MyEC!~Z6b=MvlBW=clQ1D8j;!Ml(ZB9G7iGx
zFM$f9GT^(Y%qw{g9L#r1-WtHy+f+O@?NGN5Mc<~(;nw8urxH9xzIJMGN$smxlE5=*
zpe_Ww_94Y4l7S+O86!C+Cl?uk9{fxp))MYb2j1J%!c#=Q^tW{AZ&s3gf4=2=DK(~J
zRVr%6A*fa?Br;(k+FyypDP!Xb#w#4dsP9V2;iFa}QPgXn-`|rY6?bPHVm<BO;bRG-
zT;LD>wX9Dt&|_+>i9o-9_wRl1$IavS3R+Jhbq_JwwH-N@6Sk(QM8Bi!)1xT&#@bb$
z7@yy2US03H_C4p~qj!%eWLwfbQM$9dCaD-~k>F5Dcoq&f$0Ma#t?s!b-|nYxYJ4|%
z*)muV<x1HafZ{FcK&C6*V85zP6V9>VUDu@LfqMvQmiapP=(YXEYBhLXd9Zn9G8N*T
zGN#&Vf&o(vl2JIedZx+<#CKpA<t=P_JUpVj?gi9*+EIJ}OkN>lshE1X8S<E|IB<?<
zcfV@~v<PdR`?Jy(G=C2PBB0t0+^<PUgXzrM1%d0c=KGg*r0hkXn$;2Pj>0yaoINw#
z2~v*NX{1!}he#4$+RAvMH%9rf16QpqNqfiCm7Dye(JO6EUe{dsAqMV8b0%{73z{tR
zBtBH0t+?xmp66BKH0!LFmpI<b_SHP-E5OZ;fQ@N*y=me!L$9~m@-lg9kLeuGVdYs<
z_BrqBrscT_d73F?<*q^>miOp=N6rV|Z+^fV1n8U`Isot*`rme=QGW3Qer-g{JJ{Me
z(i=KEI@wzPCWtl8$=Lcc0DQM!zJeX&Y04|X>Y=i5oz)D)c&diSevfHbh@yG9q!wb~
zqFqi@%-i!elgNMKD$hbuZbRk<-v9uGI1t^0;~UhhR;^RoHS}^1H*T?j!!77#a|=&P
zikC@?G#bKa4d=3mP7%x(6u_SPWgWN_A%^Q4+AaWve=C8U1m$2FgS$h*7IK&uWl+^|
z$UU8uJ*XblioHL*`?@N=D)r5=!yekCj2j$ZJ=R3s7kEiGsPvT3_BgoTZs!}N;QOrH
z(zd}*DBR_)GmsEN6V<L*ht2Z@ne2&*WZRXJ0UWs4P9isN)Lxy}VxF^eC5ABfTaYGo
zTK1|-q8N{5oAcoK{IUu4YEg-1HLeycjJvh`H{-IZ$8uSz2?UnQ84SV`<`<q0Ebfc#
z;>ESm%8{BpS5b1FHo}&oQkiwEOr0L&^81F@i{4WpxvpP@2oR7NPE8Z?zbK}p|CM6;
zi_rJCLG<nHep@3e_TPM75hLeS_J%JdRKsWpwPm>xzCV<QvWrB&j%KS&ZtnVr)|t3p
zPGqLFS~=Dhu?tDBv?s46qfz!qR5zSz-YoJ=s}_h;WFil7nT-O%tRCT3Meqr}1uGf(
zOVM%=1+x}PeCiEXI;a~@3W!nBORg<`x0^xE?%-Cp6UR_qkZ&Pi2ebGjO7KKlHT|et
za&zOM>v0(z>z?VX7k~u$y3c7Yx&NJsv#sKmLb{mtiflDs?|~4L7VN<8QN>5p?QL1~
zw2m%i-=JyX!fDy3BHddNBO%!P{Q!n!wykdAY`Y*TogOo5=ZCEDcQK^suuWR5Eb;pz
zYebtZj@Z2{hRAo0R@;d%ACTXJ8AxN0gz#%HJAb|ZdzHuE-fipf7dzTJe%z*?;1@gk
z4LYI|jvaxO!lj^TtSAbVvP!`@<Z3{mu@-Fa=ffb0%N)x|^!5hF8c@-%14VGp8PP>5
z0Tv<(0O^TV8Ii!{GPjqoU#-@DM+F+m5h(cNY)GkDY6&Zi^SW;nvh)`J7{hlGGfV4!
z1~vm2w9j#l6y!D*+V-cC+FQX9^g4iOD6Cy*n(5a47O-F$IbjSVIuE1zxk89NU?C_p
z3QLA4iuY@cnWWa$tt4tw((_Wk_C?vVbunVk-EF&2co19XC(3uVj>^}PJf(AGDE{L+
z<UlC6HNj8p051F`%G2IkDK;^4=_3M?gxF{%PW^r);yuT3+h@%!ckR<Vw0i}xQwp`)
zI;+ag**3|l@T~SVRHetR8;9-%Ud_=c?G}g)@sS)^yorSOGVOi^sfD2yC@$`hPR5`8
zsu(jLb8>=${i!C2b*W6qx-y$UUhwDfO`9xuFDNgws@;5s&v3u3)O*I{ZTibXKmKd|
z$L|=VDfElL{;TLiSIOPZ*irkp*LNmP{${ZUUV4X*s3x}T`yxuNfFO$<<z>cM+G<2R
zis>{r*iLiiApy^qG}zUmx|?(@n<Y3jG0QXs`K~O7%Y-wI_ed5uXe*z&U&n6NEjuaE
z-G5>rt{e=nG`w@o%-0G)Qe#I*wz0s7486ltS%Z0^Qt7E4-o>HIiqbRuqzImoEEfo)
zA;5+~$O{dEwo4C$y(hw{?y`x6TyN0#A}WPciodDxGbq_7HoksgOT)8+2xyltVM9wE
zmryhvF@l6U?C?ZGN?z6mRy{oNARxh4+`Whrel!5BE$oFL{$ury6$#y7xo3a)G9N<f
zN0hoC!P36e-S+@eB5MYx!@aXl))QAJgWe!MwQklI1n;+f+D-gEhJj7P9<g?xGR5dV
zV`g!*OJF1@Vj&Qo?9%6jpzK;PosE?8XN@J(z3!}Xd7X{EWwBGaza(UL{WWdW9TixA
z$Dp}i#4&j(AYfF$-}PgE7Eb-HANx=FqnhlWz(1>eexGjsErh?C`ai0y{t5rH(&2Y0
z(BD$|%WeLG|33<Y{;BCt694bYh`;6N*Yp0R=|Acu{)zvSRsElMRfvD#|AYAdPyC;h
zyx-jGzXcrnU-*AAvHz*!&okuT+`YdA>Q`p?pRxSkOum1D|4jM+X^0H0e}Vrzbp9v&
z&jj^*PW~;F41Xl0zgG$WRPbj|{+-AEmNv#e6#Ofz{S*CXu=vm3Look=HvCr@|0n!U
g*Z$AmSF-$H<BPl$82IlV!v1;zKmY(<w%_0W7Z8!VzW@LL

literal 24998
zcmeFYQ?Mve(<OLp+vgtJwr$(CZQHhO+qP}nzDIMvzh@@8r~6^vyDOr0?1;+B%-U5e
z*N&)_@>0McC;(sp5C8xG1OWF0*FLd;0078f|4sl1AT1#~TW1qnXFX*PdlM%eT6Y`k
zKZPJb<oN(V|Lp(I@xSp3G$+f*4e}#|-jV)<nbwu+-0Mdd*voTMMqtcMxk6!g;csa4
z{`4%NVKMV7+%FdI`0TxHY|K7`QRxUn-<MZQXs}(>Lqs=cFfJwc#N{1%p&1~MB8RZV
zH?sV}ey*$YJZb@s7Pp}{X+qcrJ|j2F2PIt%C`j4%qyg&rOW`Ky8%c4$C3_YtWd)Ru
z5Vjcf;w2X!<$+ju5Xrknj0a`BVARtvEtz3oE3XJbcmkdDEgr!J2}x1K!>$Bp2NCqp
z19>ue;2(3FB6*|&wjlm~PsnU=U-E)ESDkIeDdf0q3STzkL{hMjW;?3|8LsT4Lp&3S
zHfj9<@0i|^>rZxaB7k+J3ITHkbpHs_au@M{PdOdx0hjpG{wlSAk(MHN8IEh?g%!;I
z!b@`Og+FY=7KeSN8cZU+`x9e0){RPB_Jb280Z69&l{R8ttwjI?i@U$l<i#px;zXUe
z>2zEpgk|^xKej7dp@^%r$8|3tz*P47;*lf{e1H8Uz+uQV{%ZVWS^U=b?+g6>1qP7+
zA7G4^fYtW&?~3d{ltTZ5v7V!ewG$off5!g<-~Wv<``<l!bmEpIumDWx9q69HxDVSF
z6yf5=u6ThP;T3Rj#x<ZD+;s6~Z%@&mPWdg})914(xz((otYxk;Zm>E7jg|cMEPb&(
zD|ef=C~$d=ajnciGgz_NdJ9{-RXXm3<O1$!hN{BDrceQ5UP4o*`XcR+@m}T5cpM2x
zrMQG??3d`O&fc+SHQ>yQ(oGFm3$r`^mN9i!y;V3JHY{H#)4TPl2-I<K1G^1cLrQCj
zQO6idiWh1uYx+5ooCL#aDAs+8!j%`{U%jZ<5NgN*$cVWoZ<lOfO<j2BjY5yHIxc(y
z4QezWuTP<%COUK8e}wiwW2D2#iq!!a06-TW000L70?^IQ(U|VP0mazP$i?O#>-~rB
z{vXf){^PuVe*X79rqyihvcwU7bT58_LXv%r(8Zq=YlmB|l^c_p6Ovwe>(Ur@p|2Nr
zKo5WZW{tRBYFn|{a$NQH(}!<(c;#a5zTii7s|B$NP7Fg!?7#3kra)zo?3R7P|8%S|
zrA{QDND3a(^t*pY@#*$t@y}BG8lM(2^E4C69M06x7)iqB2@Sv~kcfLTDRt_j;k$@R
zjpD0=F+&9^RkGQ*qt98tj#?aEI7FW9(MfWDoVBi4ld?yn)Ir6+f{V>_XfAfd!<#2x
zz+5M3z+j4(DyIS;ROXYYz%rG<ho%hvX01d+8Bx+RgH8$WqFXrPWY^wkADu<GeV7YK
zrFuP&H3X0SF6px;NxWyGp5*CiE7uIG*h=nCxI3eO)`GZqHBGC6g=o<vqqzngwu}#`
zTf-%XRgx<tqMc-k29AE}sGvyGX=e2$H~)45Ls6HhJOD2XCWbOo&+VDXUSJvY0ohgA
z5wxp{&RB10P4T*Xd%WTREw6);KG7MRr8QyNTdj_f?Yh-L5L#&!<=~diIU3+p<I1P*
zqe0N6adZaDK(UBo;(Z2DRz;TxAc&li8QU&Ap#tbZWS`Rmeq%pTiJDIgGz3<Vv~(uI
zGwU=+PX$cb@3E)ecP#FU5kDtv`(xghH0p=@G<$`5=VRdozjM;;AwgbQ*CsST!xbD|
z0K+6$)G{*i`7)~lQ)yOry_OApKq1WF6wgscu~D%%#s6iuc`0;GdPcWLJZQhArFX9K
zxAU;UxA1~>Gi{T?H&&4rIC_1Ui6dK~C4*Bi2&$4<V#W?`bA1e<Msv-m*xNKwTp8DH
zc(%w%sP;FW*c8_#zE?VSeN;)F(gAo2GH=1ZMt_n>BVeQN0k&%3Vg)-2byN!q&hc#I
z`8bD5aFHyY(kr#pgf=(VIdSaa;KWSZIyjT+!;K{?GqZb>vRtRQZX0`~hSS9sdapir
zN_~P#^DEhkRsZE?kF|5VL=PMo*~TQBOKyI%&a|6fOR`i`>%LfoeA2P2W$DsBXNLb=
zZ4CLYjK-nL#1T0QntMRSh1n^I<XbfGmKuAAhm-G(wzCU$c0}Ft&QBts3@g%7-iteo
zBjU^+UUR;t4U+J7LFxIfc|C7t+*%s6`V-Rcu|r$Wjr^l59;umz894XNDnbWB<@2iM
z{qV0Q{Vz&ZS<V$8D=`2-e>wmF;y;W3Dp~)1v0C=ovOQAGy!{6F#D!ohRREl1ltUtM
z)8bjCIB`y7oJ;}vtQ3%Fo~D&lPD)mpRpA@nhM~t^pJR+$lw;ictrM|KAf(u=6;gyS
z%nEaPU-RRAnDhH+hid`nlMOU?axry&W}4ZfE;Omv(8>9J_I2ImTS{EsqVA#Jd{;Az
z^L2bpJNW%*<GZ6vTQF>UWvd7!V4XPe?P}-jl3Tht84+o0e_PXC)BulSmn`gRZVF#T
zU)a&9zo&au=<cR>5jxvzb!fg%0(pw*nF&hEo;X+?D-zN23+lKnbiXN)Ad6H(x1#&0
z-^w+5u1N!X`UA5l7G3k!Xi!+yq|@Dz49z)*E?lP_2|9tlf&H*ROL>ZFCrb?CJ{q+S
z-w<k^v<<#B#G1>6)#{!{b5US{41Y!MW!uMcUG(ut)5Z}baed=}5(XF-S_Lqw*xd{V
zigWG_U#5w-FrURrBo`byzBX?PIl|GDQr)AU1pmZ6U)~QY(hbtr7gMyusyEB(zG1$W
z1^=NgoGz!Hv1>G`)RxL^;ZL;K)AQE)lhLZHty{;ca6KbbZEm-YWpKQKFl~rOgMV?R
zI&?BsgYLC9RmBAUOWM=xGpeTaYm})|!qx5xIoj;)=2CifyNn|z_E8eycXl(Fd@DU&
zTNI_y%Elmr6ovm3b&yAQtoNR=GcDQ!SaQ{AqgiV6h()ElrB^!C*4N&~w)wo;)3Ms`
z)qK|tF87)DyLZZ$$%`7b@3KM-2amYcCEdCU<i9oQdpHLFvms9fe?Q!^7VUXO=gPod
za!QLINF0f;#~za=kolHYlaOD<)yaav!rx{Z;z!Rrm8gm5VZiqmr^N>sGy_i43*+DP
z@Pf2x;^%=+Ou-LcK+&3JqcvUdr$o5woz(}%hx=teM9s{uQDM%%_zyg&3Z%*I-e+ci
zmqv5YJxPb6KLi4m9tP2RYAA(b8qcN7U!9<EFy=IcG#l3%i?w=3MMd-Sc5n~(4Uv%J
zzsNqE8OB80^AM_g4P-uGA;ir#219p2%+DjHB>ahbO#17rJLP{=LUb>4NzK3aV_Otx
zkf_|#ZA7vc7#vw;8ebBHp;;3Vw|Q&Ve6hfxZ8X`@>$9vAmF#UgI%Wucw^eieRwA^5
zdTX$UIZ}|xbR~ZqpA3B|=cu%*9otpcve!90!-r7QFh)S^Xz*^a_lRN^;>Xe*G(CB7
zcW+namm<f6uG8;kg+7E}vSx<}SL4Y)Sm9EEoa{f*tKH$}7flrr7FIIaq>8>?-*%0f
zrJlUp2E=~vZ{HN20o&36T((XaZUfmR_Czoi^9h9Heq7o)Vh49JlaH=_T?6npgzZG-
z<4z)37v>J@U{KT@dYLxCZ(Kw2Fo2sDs&%^PRQ1}o*JOI7fsFA??MfMRCq)X689*Z{
z-D(1su3Q>c!C>6y3hn5dw7o`&vm`U6kJx<cJIMeTldY$c%`*8K_JOs=b!d(~?pg0s
z*%MF1<gPCUV1rgjv26gY2I86kPY_6QO=L}Hr*l~A@)+3ndi}!#2WF=iKE1U;s7Cco
z>KN?w*<Tg?R{ngVJfhNRqe1BC)8od0h?A(lWAFj0!%Q*C3=u?Iv9HPjrUDxo^&;08
z+Ii`TbUR)>3-Lb_+iIHnF*B$~SgjA+p|id8GGV`n)`#oaLx@z@49wscp3pw`kq&0`
z1S~L>6<;uCuaxn#t5!o7tI!B#^ja>DsGYolj>v{w2hZXm9CZY_e#;z803q@LCb<|H
zYsE?lHUe_?=}5PNb@FDp^z~nKX2GJYhxC1Aj$c1_cJf@nWyW2djB8h1c>TV2CA()t
z;|_k9<Xn9_EiK{!$(bjgA^!>l4FRQ&N<tfGnVS^PzI+D}3{vVe5iI6#glg5>VZ$KC
z^Y@Bh$mf^zueH7<(s*sR0!|ZXo`vMOZ|!?u@WnIDak{xx=_Kl&cUru5<$OBhrb^K4
z0Vt47MYjTcGAmoP+xnfh8@GMYR;*%1;}&rdj+7dF(}^89v&Vj$#FOeJnR@LA>@jwp
zp6y-F@PylTy|A#!`q-(BYOYfdW9Fam2=G6brrN@d_Gu|!%~CgQE%o{LUhM9CMAb!E
zp7z_*sQm(!lV*pTiv6zo(BMM87b!Wr0?y=yIQ<>Ri1FIlqnX|KZs1LqmL*ro3+@qd
zfGPg$l#Hn0x*u@fdbf;Z9qKC6>=fL=$i6xq@H25mxLVSsV8zqcV1z4QfcD&5%%gR6
zn!*O6bb53Xn{B^xmP?oE(=pj-1>5PhXj4diy5XB6d9XpL*(dCkP0XqLKCqJ9yVW=D
zIBkag^*hL==~)w9BDv-`aJ=hOMd#&Fr44brw8*3_-1RjZ5$i8lyaBc9ITM`w<|^bx
z2h5RnY<N~8@Ang62B@ODf*#Yf<@{m}K3+Gi<HF6kkNFOTw6LBXmDkrQccv4re4tyZ
zljLDC;{WX(7oDR4j`o%o06M4!CNhId^v0@g+Ly_lF(s>x-J@OQVDeeKlaq5F)~Io(
zSpDW+sZG0g0Cx+(_mcr>?t1OV?TcTGL@XqdBY9^KBNV2tv3kC47@0;tJ(^o`QswOA
zF_S-yBXimMLP5bDY<SK9#`k3sfh4}>(D_1^n&`&V<Ek#m67~BNSX(Cj=KU$g8O*{I
zt-wHEcAbJt3G%t6b+Z~qDF*nX)*-oOv3Lrn5Ur?Q#^^h6YLB;Ks8)q^Vu{{&g$?l+
z4_p-C3X9+k{KK5vI(R=GLf9tWM|6&?Z&EyKI%OYYn-Ho<9Tp_?M+a}vb2ICST&C#d
z$uwqVd}FB;mK8$z!!DPt&i&);tXo=41LTAIYbQkhz|L8?y#Yb+Cex>v`c)lQkVV_9
zT52J6gKD&TukG(C<dF0|7Q)qdE`+WUF2>2ofjLxwLP%ibf!q$O=xx7ck=vP++J^l_
zp&`X2S2eB?2h^47t@!JMz9kXeL(7&33Lh2JNWNW<#Z;^3D#XL>lJCsoPw+K`j`!cv
zt{ftopW@_6GL>TGH5_ao5RNRiM-TcjSJI`7qvi(1rxG=Nflw?cgg9eq83frS%cT|a
z)LmvOrq2VGM0fNG*RCuwJ+O!CjrP42FFp8&Y}wz5O9ePF&<E?TEhg|F)!II}nMTi7
zb9zufHX@#@wU0$Vqj0wGcG#jnFTy|XX~O(%TP<C)X8t)KFBGnJF1fXNXJzGo{$z_J
zW$@s!5e=Ljc&p-9gvnMZhj?GyAk>o}Xq@=o)wPX#!}X=lU(1z-?(!YLc*1S8Y`5$*
z@Il@!?qD`%k?M(<V|6a9l)-5bmQ6R#g>x>=2qB1JSC)J@z8j?@537CNs%`x(8^j;N
zl`&hFeiG${zq-iS$zW*W14igeUkp)Za#W*fp{w=b;L&R9DykFn&XfFXEcNj+b`tdg
zM*rZ(Fz<wm)O()u51<+8*K$wqre6-;yO=t^N#$S>>lvudIQ9c?oO7K4R3C?Q`hC)m
zwVfgTJIqPoR^?y59!i-AK@|G{02iExs2_Le30tsw^3J>$V7sm~zXv(;bWGbBlu`a?
zs>m&jm<#G?ITUZAF{PW6DaQmb-r!A)u%nl8>Lx}L0K`xJv;r@6>F3aTTa(E1al2wW
zkFKxJe(bq#=OhmOXeuk}YU&{*YOgGf&29|+uD8#dtIM5jbmZX}ENxGY)-PK-dQa!a
z-a+QqX-~&jkKM>xSm&+`bVh-nim#><iQEY2#8E$)J%so2Vsx0W7%>zeKvj^TtN2ex
zH<4sA7Scdzt%WoRsp+gRh{AI&FXuqsmZE#iTK0Bsn-*PN)3_BYr4%)cac(+t8wj#d
z^&1&RA3&0~7?3oSH1*Ey#Ad=*Kj>kVn{d2-Es9&fbr@f-kDoI0$aK+WgL6g9S4dkB
zpJK5bXhdjDA=Z;iQJ+L@kHJ2Qh-(x?#sR((O{W!;dMJ(y7px>#Pu#1_vV&)YX1wJ(
z9c$mRYQtU0LD6YMG)GLT-lKMSVzV&OFXjoNk`6ZzSypq=_nvu~N5kC8ch|a>K|k{%
znr{1gf%VQBx9`MQxo+jikB+#82UcW-xg$^<0B<JnxMOpys7T~4x97dad(asl{TyF+
zPgw(Zv8tzoVAG6+yPlTVxb5iT>O!gQJ!yFbT(xEN!t2|>VJ<+J#7U&c2JPiyLT@&h
zFCk;yi0#*jjBk%pI#%?@I5PDiWU!jZUe854SY@3ogcF*`3j?pmS@_zr%qH%O=_?56
zbQ#V1U+P9Vod>o@G<?-^*F9<~e+@9LwG0iTDHhG^{B~Iu_*(Ze?Iv=eB1?idDnVV3
z0861(2Y$e~Zu-Bcf3XMg<+`GLep^I!;G2mzN1(qN-p+zo4C?ngwP_}H2~ClT>gixk
z87T2UX=-}l`&s83?nuO;_mLd)2`($;1t`xA<J4>FLKb%8<{Dz*FV7?LnFM@1K0H`~
zQ`?`Blh+{~OFJ^lA{Cmkb_`fP3Kg(`2|vP_{SGlEd+D7lROzG%yTccq`9uAagbnJ4
zV;hl7cDG0Oj1=H~F>EGE6h!1raOz2Gc|<e!mmK&V4+SSKkr9KWc)wu-XZL~iqlxY}
z;Q#O=so1eie}-F;@V*ng>%*~oY(|7GdGkNJR?Of}Aq;(7EAWHo0^2i)n2#h&?eB1k
z0|%1F3d9x{6u;y?iu>zhy!Jb>_@gS~y`?7rU6afB8O!R8|0;-zj4;;xbUiR*^Pss)
zROf&U#(LJ7PeD+v3-?Fi(r3w|^FTD4@Ov~K7-cazdxCukZi3`TE^q#{Q$kN+Tg45m
zDe!l%lKM7=2eq0kmvUrvd^`S)wisAFcd&lVXW@0D3M5g9s=MM!?Ft)0G)_MzIRgr5
z_KDxMI$FR0a)E4hep-9D!N;+=qNzZ`?&zVP3gB_>@FJoE!Y=n2VXG?;q>+g66l!@I
zR&`7k+8npy{DEaiY<Uw`?CKwtqU^l}ozFM3A$oorU<mhM&1@^KMlp=18KtSz-l^cl
zis9I$g)MEIOcA94vr)f3Q(yXOu$2k)$=Oz6$+Z^)BD8(EW^UHi^k&}_8Hycf>EBBK
zT+$ClDCpAwZ0k>O7EQk9q_uW6Sm(gv<sxA$HZDUO;NLS6rl0K62Q7Ijj{=mhFfh0=
z(-7{eFSp9Zz{FLZ=Luar5CHZ?`vH#Ry&i<c(PTtwe<pa#$jq-qLSS?%xaE#}l`Af}
zx0BcTSRn<d2kLn)_&ADhSY-||1;sTC;8V1NZ6Hhspn-MdxF6hCi~k~A-xZn)(NQwq
zCYe-$uf!U1yd^B9aKJDmnC25-7==nLB#Ub$w^JC2jabU!EF_ZVR7MQy2-<hvV}Z@D
z^@Pw>-7b`0pZXhOBd0@bnymb^3xLW*i*B*P_^k9dL_22Npyf~lcB>6Le1lli%+%&F
zz4#|nGdh1ylUyqTGD&7YF7;c`7<oJkK*itLmz8q7Kr>N66|WeQ2vw5+(~*CIC*hBD
zpWk&p6FsM~Fi0sNAnG;`rF+FkyiUJvD~kcFV?=A}DBk0~es!u^F`>M~VI**-wDfb2
zeuw;$q=jhkJ0df(pfYQW9T0`}V<c2IJDwi|DgTD2$eC$GYi`HnXv&1lYF#zf0)$*K
z>|XPoS*^N!_26OVDSJmy!6Y49RcS+R$8IBjzC~nGxjgJW=bGS>GMO6_^<#&nvsK~t
zbOabSkyF4nD1nA!{#uHhA{~erAvQqZP#oJ=S=;_?^!%>wStiLM4jMv=AlAV*>gIJo
zXjUs3!Ne7|q;WugqLs(;yfs(|iwse;nCDu2Mk<TGou|%V8z6sRz>b%_S%A?152z1|
zC?$P*ws?I^)<<Gze*rXZb~A3^!BpzXbTw2`;JhBITC0Lge<61|JI}=76dO~mFxI?<
zzL30oJs(B~#P)Cz1h&Qi5N86Q&{|}<Vy;pl^5+w0=Bw(tIihZKi<dcBUBq3Ap68*U
z)7%-e9ckdpq>F{!ZeQQRPs5YJl=Z?A!jD?xGlAv%DA0H5_zHPHBo}2<*~#n%`Jj1*
zZkl=BJ*BZBgdQSy87Lk9&pey|G_3`3o5LO}qB{CLWWD_(k3@W95M)>2o9Wnn-&Tkt
zXbiO|$pIG7v^tFF7-qlU{k{Mh38#272U293rbNtWkbMGvM`{a;*&?t$J6|@T0gyc?
z+VEk5HvKc(2<Cy~sq{kdjq;)PVZ|~yQ4+5;W66>9Pec7*C0m^%6o;pE^w~OLFZVC<
z+?whfJ7O)rfaHjfORCQ`zTc?sXAG!cGI6hyrwJjIu>L}Uzvf2956J+Yn#Kx&)K4Gy
zVrEY)NQeE+?B*kv2Wi9#Eu%N;K@m3Dl%i&4?h?-x0;Pdkb=BH@JJ`gE+E6eBrZ1<<
z_MT0OGwN>44%%tBU*O}(s(zEY<(Jv+=Cx$i2L_^Ic-TiTyTEW-uQXoVDaEv&D1$^4
zJhbu)On8DT{E5zRrv#XZ!mRntD{x=Xx%LPYpDE#^j70+H?qxIYNT$j55Fe%=l2#bv
z2j=&k`uaxq@aw4d;i1==P*|uTXoKLQ(#hBPukl{cgjm$&{jf~vngR<GFWFGz^-n4o
z_9AxR&0!^AdYgmbe3mDU`|sGFOv`KtIQ(xC+4%TCYZ!y8a&gYkVCt~;QqQ`aIcWM+
zd9jm!ppeFb$g<@dE<(_r47y~9%9T{@GGr?)KwMylvK58p!$26!!5x<MsJ>NQvg&jr
zNaKrM3?mcUGbJ{b28J`5EmO$ZGHX7V8rSs---95WQC>BBfZL(OUf-2B1XJSKM@*xz
zX{F#M)NBXN5lBfvVPd1B6;g$01GO6Ca+piKBE4hA_~H}aZr;NNX{Cru2+t7=grFqT
z^6UuJ8K)=b%*4d2`{;ScY~sf>d<!gq+<gTIPuMO?%LlHvc1jVn1La<7=n?v|zEqqz
zH><e=_AmYMdFGAKB47d#1{NNZT%<62Y56vqWg?wZ^6IcVJd-{FFk?>$hFMvO83F{4
z4G5T_Hk?J-+W?Yb97LC4?i8?vdf>lVg>R=zdm=a}J!nPv_8i6b0$ZOsiY(jC!@Z8D
z>PR1G(OB$dP2QLy;K4e1{-j8et3f4E?iyI8rk%rpu&Cj0%V`a7r1jDR1!D=}k=h>U
z^3GWw5-m;!-msqtaj>+^4T!(hD}S}mNVvi-VLp4=JmN%ts>n6Em%&6x#=Lt8zuM(*
zIS{ESkalg<h?uG(@XBKwE+BC9xxu2!Yfp7zOrf8Lk3=N~$?6k_AX0lIHoyOb`~sjN
zrP4R3xaQ8k&?kBzITeFke|W0c1vk#&dCVZY$;&EL4Sx|TE4yRTnz>FE)dZ*k;KJtQ
zDKN#lPPf(||AEt*i6I=ZFB0m0W`!;XS2Ig?Zt(9i2$3t=chun$6|7nm3_;0?$)RnX
zD5oyaDlhO;N~56UVs1UxYDzv!ZmZqsS8*W0+Oj7re<G<bezL0nCgMK!3skW;d9?d&
z{~OfU12h64$YBoBZ4N$?T%K#8VcQkkK{DT5`a>7}1Uo^vf^%*be1h=zk6^pc5f&kL
z*7a(#j<SDQAvZ)fMmtYi7Ka0x8+23I*8U&2rx1f}nlw&L%bgt>G~lWG2gs=1{>S--
zHtu2sMO^0af_nNHDOetY#(k4QmI+_*MaJz!V4)vc#!p|*H=i@|8#D@slO)&aA8Y1O
zN4c|tZ&_JRT-_*foS_I0O>EY>x$2+co1AmJd%}P>!eq15-aZg9ySY=pO@AhOjGvde
z-`Yd0-@j+SMsGHNpOvUULyV?94pp;;B*F>G57IOTQNT8V?9fBej|ah*4{mh6H5B((
z_n@-<MstUBOA8+_aZS+VIEyOLKhMP`)<Vs-rQSG^=tLkeL;dgt_JV7t=wo|bZEb9~
zpKLbtC^1zoW`P)A7K${P3YGdayA;^!DgCz6%UDsV(e|iBYEhk4s5#&(?ZMnMYc^##
z@Y%JqG!StqQ-in#gyB-u3826}@TwG@y$$H0>}1+Q$v9$Eq(ZP_0%{`yQMZxB2nyJ+
z?(6%)v}-QMgGvij<S}ik0SNDPMHww5STsB{pHwX&j&fWZ53wl_AU(8+VKX9FcdYod
zjdxuQpF+-FtrgICyg6u}XX}R@+xr}L^+~?cQ_p#K4*-*v6d$l!0ah^CK^j0U>&OY6
zplGBD#iSJK<z;s>p4Cz%VkyiYmMGy`G6-s-!yV)_O1hp9G|H`pRRW9SFck@aV1iOn
zf>0vbI&wcd%X>l+!*N^7Qf`pG9TC9owToh3e}P3jl#&7W-yBpC{P*^55uZlnK77#d
znq;JgU{Ii()5R}kTfKDy3lUPF+_E)KEcU*e0quYj`jKlwBP4S&IK~5YYJi4SC|q%N
za*p`gh0%XfDWUYw6Z%j)uMNYJh2%+{F`?)O9EGIGmw^zuCY9VBw1S=4-$Hi=Z~$^Y
z#r;57^kZ2b2McHjrgJ`wH24BvQ#}&4?zORT<v)qc6puSZ{VX$if@&Z~X@M@P@1k*S
z-75ZQ^L$eB&R#=bhOHnMJd$p`i`A3dQ<DdtAS=qX^EH7nWz?zo3<jR0j3Ja|H}DT2
z5J`Fnl2U3PK(ZH}x5X&Y^i|FBG1Y81{~_=6`~j&1?>z|8&*>BBX5frXk7_~iDm@-u
z>a}o@Wxws;G*}jZlbR;_3gp8B41OHMKF<g4C?!T_+(ad$WQGlDbQ+)U-<~NWy3uM7
z5N67)|I=O>Kg0L-q_2>hn`MF-Xt}yex*iEckm`}GPX5@uFE+qN88JSYR5|8`<)d40
zVR`mGy(}ON;i={NjNMp46SP5>rEyvWxklSXMV^7x<;#WLuu76t`f*h7!zT7=&29s;
z=xQUB00$crd(}Bv7g0p>n4UP#1#5J}e<e=DUxt*-s2?$CHQ*U_d4hHUg>c!p9F1=t
z4vOSPe69aTTc^h}cG0|bH32WXGS65EPiS0As})q|iQ~M-Md$gv0vouf+bX?jvjkBl
zM+|JXL|!(aGUKTdUqw|gJn~oA`lV)xDd`hv8E9;f#xV&J&ydDL6rFkm&1;GjwX=rv
z#y<08%h}$UCKM?cXzScg87{#&+&zNF<6w_{_=;{qvPQpg`t8=0ffdng)9ehp*0y`A
z1cek$iwM)SJ}oKP6An^bL-cd3L>ho3X1TKQ+VXfs7qLT^aKxmNU{3ipsf5o&ZACy%
z%oq7lQCuc~z9f>Ga;R_;FB`fl7I#KOlAVM^VDb!V4rk+&SMht~G2-Ly)E;8z$mJfm
zf<0mWfZIs94-~%x<`xhQ(<id-7`pJTQxyN4Xj-1zsCz_j{J0tIl|J|TW-B}rFvN<(
z%XRWc^>3=_t!2p&RVUm{ZV(vg_N}r-<-(0t>=I3h_1hS!c2)6s(`a!!T$G#TcHdTE
zTg!z~sBNs$CTujHJ;on(Y^fEzeWo@}N;N3fHeM0Ek6zi7b;FC|-<Z!*D|ytF1>1eN
zY`As(0-s0Q;~^N{3obOiQ|*3Me6qo`nbO07GF-DF=*}cyCQy~4W35Sj|5>1Bp?|;8
zWl2Xc%qW;vA;bE?-;<&|@`X8(K|ve3iXxI@GB~i4UGz-i77uA`qb{G@&r58L8z#_(
zl<#t?L&rud3l|ewa_z#WnKM`%?^bGZ?FSn?mlEXtEd}gRK4xayfhsiX>cI$2KFi1N
zEwfpc9#HW03BObzuwLgtLKPN3C<l}X&JS}et<2tYnXxGY4}+|rj{tdxDGajV(gNEm
zN&irV6Gn*r^+&<3KRGCogVuIBu14sFDMF=InAaB1V?@QtySyY1i*P>7UQj9^mnQTs
zKvUC;@N_3=)CUW?OInjGk`_7MK1?zaOO1}?CTiZzH4O+iqz90$46urC23;}-k~O$i
zm(;v|T+hjtVX;Q#Ue5Vh#!Q|(^m>mUbJvvIrz%|T0<ticHy`CUfnR)(n5lrgkB{Sp
zgT${8S%NjZ*u`B09@d-Aj}wezCL-xm6(P)<ZW$x&f<M>+$csl?rCSC=x_fUZAU(J~
zS$E)vP*-tN1R|g0T{2L(G+4o`j?Jw(Q9p-2rkkLh)s!^GLsM|k)P*6?WK|7u4#Fru
zP(2BVq*4jlvp*SeiVVQLtWFDCap-OCqpomU*`8fo7#nAnlu^Z*I+u|lnGi6z9Z|t7
z-N|VWW;DqWodohIn+75QV(ph$07`cb1K)~o5hLUs;MsSc&c@@%L!8@7N`(+&A$=Xx
z(U`X(29i|3<Yrb_MD9nQaA$V@-V4w@K9iE)m+fV*&#qP*#NoJz`h-h-MTHMGe+qo_
zV3gDPLjm!GbGaiQFX4%Pa5caiFZO(y+Ofli)p&nbRPq|>qZNFSu~_$z)|T$~Xx8@L
z7J@#u{0rwJJ)a#w$s62g=zP7lK87dWG0LOpgd)U`j%TIle(cPQnCKrb$#1gZY!p`-
z>t9lDG_LSC;D@q<BOEb^w^7zD8tMgy3F%#1R<sI;=hK@Ejsk6j$#2<fZ%X;n*$k5W
zm`GVSG$Wz_o`~9v<_Q&c9Ofqd`A9)|N^<2BK|{DM(F$~zv|IjMhX&ds_!2zMgRU2i
zjK5z&G@=Pt)SY+GtxpX4*eyCi``YZSUq(F?o2-Zy>a>ozPMJwveH)^t2B@a1M35WF
z{Lmsf!>s$XRttw~w0=*)ky{dkC@~bM091KcRl2+<I6T!*ZFoUH>t7)Lx>5+yY8e|K
zn@Ee5kw98}E|&5^i!_g!k8+`GKuBKpXpHxLY#nxWnye%246YMFAjHWrfS1~GDQ0D$
zIP{kZg@C6^7KWT#9hCuesY10~euj4I(50wtcc8vn*$MMtAm4B1Rn1XP?egD7%t}p9
zDi*alP0<ch&_Wq}6wkrS;ui@p{I9?*0e~5_aug3h><{bycoY&iu^z!V0~@Kw*7U)|
zQZ8tSc_DDvFW^U_@0Z$d0z1KOa%ABlg_(~6<=3D%PxKV>pwdg~;+dO6prWV&ro1+8
zHYy>kjST`@yxPWSNh%GalIc^r4d6CnWO5lqF@(sR{#67!?rOaVv!PsuJ#+Is{&4As
z30hh+Qa6+gPJ=Q9q4EaeC(e@@n9z}x-=2a9hLaBvt|n*#uB>FK81%Szhw|2h?nh!-
zY35maC<k8qiQLmh&_?lH`-rN&$n0aS|DPKSg|&qT8MWBsWQ>H#qbkS`p80^t^*_Q+
z*A+$Vg=UyQQ)r~BRih)ZJ;e7q6un4}l=i5aJJg^6%p3feg#IfIE9_Wo-uXsGlcr=O
zALJ^Yfz$^wkH{hwg!Nz+pz)XDT6MG&GgK<+ip4<(`9cEJt2UARWjIPPD19BIB9)2#
zzyCI**>{&hsx<+l1t1c!(U*oF8co=$R_&aUr7KQQU=PtIt3iS;E<@;<=1I5~M#b<w
z(7xZOAaVWl<hJ08Ap#)jW+F-;8sv^G^CLE@3$DuB&^8!kAW;FNVNhW|nwU-F%)LPM
zRTuJNs};PWhl3UydXkZf#(od8Q#m<z-l|UuzdMHDrhA#wo+jXCEw7A&W&jm--w75=
zlv-+&9cX*5-0GYv8Tiw?iz=K&jXPCMeKQ2myz`ZrNbX*SH<7vXhPcC0joLfleL=o@
z4Rd>ndewnX9`zmS{Te|c&i8M6>vq2OFKXWWG<(zWvn7P+OReDY#8Vkd&zMS5-d2bE
z*16}S`jZ-BCQME4WnfvnD;oBzez@BtPiRy=tj7z@bxj`XuB-@`;~t*v?hs$!pbl%-
zPPxyYFOQcY^?9?`3A<DzYZvdm3+mo@M*v>L?N>!XO<D!VbdumWmgPY_SEC~?lSlkC
zXX3<~En+|+2&eUiTyLvl7&*Odr*}1r=)iQ(z2nSWWL(u4gEPy-_banLop4jy7sNWw
zE>oB?q$R{SWl_5f-@639!d`e7fAv)-ijHwdh0s2S3_~|dRv)8U!Ac<37_k9Q_BP0D
zrWm^Mc;7d19ek4v7X^nf3a;<^T_E;HycJoNlubH-_Kli1is3~jf~Tc!>VAN)1NAsJ
z>5RR<7^Hud`(aDu1tz|XCaZ?L0DsKNK78^)U0!o|R-f>zSOUv}4?;u&T&N(RHOOCI
z$5bpHFr&h36LyC)=DEQ(Xl|EOMkKm)c77t!Uytor6;=h$L-)FT6b=KIG`|7Pkjfc1
zCH<IU=yv8f+olBl(|E((+i9kZk9WMx3y<ergS|d!1^55npIL?(BY#a8?0%E*E`{r2
zq&-f>JVSLkB$!F!pAF$c32)2GoUUZ7Oc@Rt9#LPNE<7gqO(-gb{Zjo$%lJR*BI$R8
zD9ZoI|BJB!08sxQk&&~xiH!-}e~k?PQAJ*B$k}bNqV&P9yZv#tGa_@v0(XgAZ^)vN
z!5+2^!?TD;U6(K9UzG5{-aPUL9O^U(LtVECGtde^TQB)!-r%&xov*7GQ%oFD*G*(y
zkF4P(M*2AV{Kdnss9L)ngTX~2ppe_t{dSxYB7X4TPpZG!!F#2v@errX21$PiZtkH-
z*lme<+v|#4QxP@{)b}A=bJ&VXmRw6qEruUb*FB|>(6^lyiAL>?w5LFLhd3X#w&+mR
z(urh{;ZEMi7~jQ;tB{+QPkLr`JmdkZi%9hBH#5waKsE~*00Vc4iC5Y%0m3z0ef5{?
zj|)BSeMA^i91z~B%E)VLc5s2LGmA>stZ!|uwe#KRv=*?hw|0-TSEjFd!>*yy0`&pb
zx5Qh!dg<)(6qp03zY8i=O=X-B^{d&Put?>9b;xyXTdii%_Kx_O%$}~1EnBiSX;d!+
zGseeudT-gZG;-P)z>XhbJG+mWHErv<+=m@MR6D!>rm9&9jbh6WUpUr>tHIs8Gh2op
zPj9-Be8=ivv&8fc4Kyb&lxo6w5~hi4!Pq-0ga?2%R$l<Au#g;G4<o-lbSEZXg}LV(
zD8b}9p6Vc&ftJvlS8nNnSAxN0D0;j6c&p3h6B&cg#pQdyct03A0_W2doUOFU4n9$#
z>-)Z*8^bT+%k_PFTtHuO*BJf%J4Dv^_2t2WuxLg)8%3A*^?E%KRmc1N-6e*4FB2eU
z@*Y1bT$ptXar1<M!lddzLPq4!i#i0c^cXoqoXkFuDFynS8;SEgLt&cXhQq-*+_H}g
zcv1xA?&COz=#CH(QHYxDR=5s$>p07)t*mJv_C%TC!7edqd1|OQdSm3RKGGG1Jl5AE
z0p-F3FD3S1D~!YNh9QdrCn1Qk==9|u4|Q{^c)9M9_BT+9SM{7$1Xr3$hOwB4EYmcq
z)dI#hL-hjY$JM&Y3*3dhYSA+ar&D|!YML?_AL%sxfissJM=b&8Fg*p<7r3fia(qDf
z-9%fC^4?h-L#)SNT%+YQ6~ISIc5gtwfpVvJs<a^rB@$10p*w(sj;QTjfNju0GX!^@
zn9_(Z9vq<%<HkV+bnnDA^xW+pSQf4G6OJUdORf&A&Eh<q85)6y2@$ooTecm!FNgx$
z$WRg%#idMjjQOK$aE4sjcIw~|iY<8(U5~Fe{?mqLBdgv^<z)IbLa+zIt&!WU1LAy3
zFQ@IEc!MY&;Yn+`>+q|V-Rt+`u$w%Ou9tYOk{-o;Cu&`Et9j>Pu+~c&6T6&(h^^S7
zo8+2D03Ymy)9H|Sgn~L|U%`x#-rl~T-xL-}+ecW1Iouvf#%pIuSTG|2jzqE}c&HGw
zwz%eD{+-He+4@o_yaorUN(XQK0F@^@j|GZRv~nKD+)0!wvtJ{lMtdSW(6(-<x;BK9
zsjU-n21O)HtDup!fg?F+0(wQizMhns1wxac{*f~KgT;#dT3-~%#_g(Tn`RUm{elql
zz~7j6(R1#z+%`LTY%-fr6CNAp@4kEFisZIt<~6oGS5(sEH5T;x$*vbN-3cQ16Ouev
zMl3Z28JX0)!j=_FS{B};!{+O#y=>?hJ7}HMj+i0Zph;3)FzlyN(uVQJbXJWv0~_R}
z{fog3Z&|$(xFW#{T519;EK^DdfD|(s)vqJ+w5I};vT{+AL_;Ikz<r$rpsTZv)Tq&6
zRb!JB(WdJw3ss4CVK|2H03udH#QNC2FK%VN96yP+TY6-^-oCA@)|Pa~2!~YXV@&$M
zhQstCgxQH|nR)I6nk|$fL68Sk1bC;)q-`=+A0_Dtop_2P#_yc+!YAZ5Z#Bp!Ft0W&
zbhLA6GY_ruZ~;^a;>#xx7Pu1EAI*JV^iqQI{lLvH^kezoHV!k3^yW~Z;>|JwB$QVo
zR7k<seCmvIt`K#etuAVbR76HZ6(qG%)oVl!V(W6N{mR`f9u$G{EX%|cz#uM6zgw?V
zfg*V}juUSuN{xoMO`P{KF8r+N{A8^#8KI=DK7<Byc+;**9lO*sFFOrH9tNu>EDu$H
zrbX5H$;BTQ5%x1xE2`D((Wx12_WQ%`QF?V|VTx@6f^YCwK1y%XKG$<tm+`lPR>F7p
zf(U_ier3JJ81O~VMYz~}hsGe*bY=>x&1#oL)hV_s=v!y#Ub5&K60WGeIg9H;4yO%{
z4)=u7S?cTc%~%>{7WY@<$iaDbzHyAP^f}`bIt_1Uc$^;4Js47H31sQ}97+B20&r6J
zKOZz=P0mMj|4VACdUvHK1_b~x`zNpcfAzCYCeF?lwq{QMp|xhUjo5#*=0i8{NB^uH
zSK%X&&5ykWl0jOY1fNf`X-X6UBofE;@mJRpb1Wz8kGXtbdgo_p)ew3eZ`;geK$XC_
zt<{Fxu;xQ;V#|4~*3}VsXKeLKzJ^+psH?XX&*OmS%j24!u6AO86|CV9l(e(ZqN>(a
zu}hvctB}hf4fd_^9G5;`v1LZ6n9Fvvv=8Uom1HZ=k|7;d0X`cXK>$lug4R`ar!i}T
ztw_o7ANb93;zxS~)VyCb*cT#SvKc|uvs5?F=XQne01RWcY+*j?)y-c^SVe9cQM}%?
zVWBN*NAxUjIY-$yLY4302ciSa5Z#GLcwpvon^I>j(oQm_*0<?-rHZ@!<*bRf(R3h}
ztmrbUW1%N${EOG+kv7A+^vq2dVEsb#s^gc2q{tg=jLN7R4LXCuUh$1uT8TLoP?<mn
z;^9pU(HZ#b?Q?kRzNJR+1aPn)Av04ovQqVuj?I_qz-Xrp3z966+EhQuoS|U~@^NGP
zOg<w|&YMyVu$b5ugazT8vnSovZJ<?+2r~)4CUa4PXe38$r+!=s_qXJ7j^fq(9A9hp
zkbSp9Xt}PxGamCmq`ujUdExtBfcLZRzTkG3VPm;Uv(K25&wL!%Tmsk&d(b7to;xe^
zXL&BI8ky#skWtlmsY7~-mnE>lD6#m79hjomlLQ0~N7j{#G-IyZec}pm^p5B!#lF%C
ze6Coh!=f(bLPros?6E>T_$TkRa`O<`{j}E0aY-8)VWyWzbob<^V=p;_Lf`EQ=cwk(
zv@JI<D-S?yuaeX7&SPU%`)R~ej>=)13bCu3Wx5z)>9YG?wxO3G1@L^zWG++QyR2=<
zNX5RGMHyfg{HdU?bUD)n9GXFY$U0(P$((~2g^Zwu1R0y54KPcm{&vLtDJF=RhXj;8
zMOB9_#OYmPn4}Qb*ymi1p~#dI=1DACHOv}Dsgb?*Levdne~yS-{SzC3UgQESdtJm6
zQ;~IeCn)`mQzv`*2?$$%S)3q51b&h%t6R7-;Yc<&zs`s?O2XOGfeX@}$L*+y9YYhx
z4ep2D-(y$ALlcghX3h)hppAWFVIXuifAe@#qa7@OS-3($xHhzxNBAO$zq2NS)ee{o
zZ;W-+fEpWh7rz)Fz2HF=l;7Xxn8E29VcXF790U;K&q+(O5UEHOj8R`vsE{6JWPNYK
zT*u=Lzct*y^k&I{8Q)+@=AYQ)S_h)FgAD*JUn28*sYKct(su^1|FM?6<IzXIb``<U
zTx~&~UmwB%XP32Xcn<B0F~j;Mja%nx1{tCV_|W6gXfpptt&hs%mdp-)<S!&Q^{w?>
z)=h+LAL@-D{_N*Y;R+zcccjbhr5pSt#<up9lLYg&jwr%ws>>KC(Y@`rgBd@fS&%IF
zK<nzB_4jGd0@(XPc}~aUz1QlSKc9fDUvrx(Q7oAaHVdpAi?+{b*!Mz)$Lx3z*$_6q
zx=AAF#fLsfDUtY07}bo9`E3eVzi;AGEwf+2hni;n{Qjkjge<_1GEt|TzkOO!0lx9l
zICR~wdbrjVrUm6-_|0Nd>PK|*UX<l<qESRB@)ZY6V88=?93v(qQ!TzKJmfEof8Ltl
zkWUl3%M>s6*Il%hRjTcJ5%(3ghS3DX8{4wV470QOSFeq2a>1ItLr=_zHXSA4Q<s<Z
z+nUzUPO>TySkDoUHhr_Qd_3aPFYBW<U4_XDmOpW}C}+e|HrPeGe{|7D=+`6u|FWbW
zDVo55LjeGAO8@};r)lB8S`wU`J*-XstDtUcZ#izUBKX`%{{{@b39D(fmPwMf7Hu-g
zW{SFgN-M;Vq!TOa9=7Z4jRb<+9Sa(h+I$-#62Iy<beW|wuJ(0*pLUF@p#{UerJWwX
ztTU(EJ=GlX(awZ@u2eBCK@d&tY0|!JEP5Lhe7w%g@qIsfBZ|_|Lc=2LhoR^8Fuy4{
zw`0Tzdd+cDdC$O4hh=f$xvPSt4IGU(1(v<vPoC}$L}tevaV|`mbK>P?Mx^@_hTOTv
z&eV3`dQHdK|B&m`iXZ#7yTKVy-eeHoWPoo8_1mC@<~N^7dgPwGOHLc>A|7+N_6zk!
z=>{<pbrdEbfG&|4eI0j{9&Dhu#qq*d$3SPjac5-N>7TW3_nLB1xfaQ5gXIMtGj<H>
zQQe9aJa`*~v>t5_r3M1b0cx<_ea$l*z%>n?>zu2%u)Q5tY;w6`oD}PDYK`GQ4&U3w
zf2=sBojPa6YDb`=jA~E$Nsp!fUK-@+O)M%4VaInd*X*zS%|T!lWLetdaDfLsIe<!Y
zthc5I+gI-j4^Z-tgTPrs<Ym|K?;DSrYgkvKiggDH1OlL@L!*`Ag6jp!ZAyiMaof0!
z-IBBJirpVw6sE@TZvRGM=LR6t$vis)LIzu#cCyXBNsVxq7{&YQX)^J<&G<!Vv|;`E
zgv#MdFn?N))Bh-geg<OO?)^1w3bNNixX~IM#2*2%$DtR414l>U+ORz4heQScl_Vfr
z3~eFzGL3*>v;VH)FL&9-Hm78sr1E!cS>?Q<Gu+i1mheM7@BV%@T<}Bfzw)6W^dUM+
zaV`?wPMuBL3)}FBnu^3krMt{laLAm+M8&`OH;MQ+fj`eyU~oT+j`ZO&Q=Z=79BPek
zpVVa@+W7<e+JoF7J#9ylFCkYcr5N)t0aZQL&v^}-pguKaOEl%u9bqmd!pW0My{6Fr
zJvNIQa7``vW-jY{hx<?E!Jo3+@UoPv<wsYEceK{O;VPITepYoJ93o)@^?9txy5;0H
z1$30_lZ3XC{+obprD5VsTU(}amp$fVT>X~r$Tc8~&D!HZR{X_9Hq2uVTe<|M(ixm&
z?Y_C6HZ#aqUxVy*v5HWcpfquYWlAfskF?chPAjb(Q!7go3`kBn?p#m@G)Y#iM~d$A
zF*ut1GNtTX>^=C`<d9R5_pex&PfNxrmaZnOqB~8q(OYB}_xgw}7I4mU{d}xGsDP3H
zS9ppyk_2@#Q9FO$DA!gf8(U<a<rd+Q0xXJ+lQ;?tYbWidD8<6Aun>_Aa7ukCmil+Q
zDzJE#Ghb6(?7OTq8|ELWD$ORQY%^Fc0E%#Bp<leG@~+TaR(m|ulhv>~DM8cuc~jT~
zF%hXRiBm3E>^CWIEdFoCd@%Vw<#NE~ef$}gxXB3T_@4;{V5zKB6*QqXBBm$7tPIq6
zT__B4JEY6H&~uyD5X)WSd~@vbOg2dJ%~gsM#uPS4^`H|OAXTAN^HzmiC70yI*({Gg
zDv$`wSfSmJ{6q0<faVyFqyR5ucee2d<5~VCGq90LPscI<gJRCQFR1dl|ExB*|7_5H
z%#zP|k(Yd*xB@(q{wIj!E(nUv6>|a`AT<8MLoiZmAt%r({l7c^N6)ZAyCC^L$2+i$
zI3CFL%^d;`mjC7RIp6>BzlCWpNbP30?Bnu4mT!htCb0vGY;}<gu8dR$N^K30RFCY2
zRDTbTWg=ET-{zG3kGq&q0z07j|2Ne4L>IO(`y;8og;UVsGPeh^fAfU^;K@W5K=BN0
z%W=%W`_4p`f1yo2<$og7C=n`;IDt_A=S89X%V=KDGl>ll0-pm-T&&1oJS%_U|F>g?
z$N#Tmk=_5>@d{%7f09JtG`0J;x(7sJ00t-*=@$Q%+MF5YUxt5^+}OtLk7fE7Pr*hi
zJpS2OECm5g{>wx>>tEN57CW6JZ!V{WJ<ugb(6cfyrv0WqF{OUtzFDggAhSlp?GgbG
zpb{(#0`_)L<sr$L9N3NiTlIjzxcuy>3p?J0?|>3#hiLFdVM)^dPaD;dC~Lp+X@L}~
z+%Er{e6J3~R+8`$LN${o2mjP80gnc4u|QD#`IV%mf4#^p8dhLpD;|T!^GAQsx^fE4
z(Vh*m@;gj8djqf}q+D`_zM6ur_v&d71U7VLk}q<PD5^cato&Mx(9nt!XYQc(O%4CQ
zcINH`-Xv#x<4*o9HHb4w<naf0SH_;)x#Q>JjjM=;A+i23mdGfs^GB!$N@X8?Y%rhT
z`i&>1FJ!evG}hEWcbtgX`mVZKAS5<p?DTb!^ZFsZ79N+?wA5TqhbNy!GqP(f^D3(8
z>CMYw`&HGp1TQ}lmd25QIp>t7rKA;(QFhm3f+ayVY&?hQ&=EaAfv2eyW!AM)x766<
z&1ZWUX0enko(V7_P1fht7IvFO&H~vcgCpUM5bVEH@)wnU#6D;mEVOx4*{><7R^k5Q
z&nV5+m|k$2MKk?k$FnNv5H`N;#kHt{_jcMBD)$Gg=(KP*rRUj+XsvtH6i~N%3~S%|
z1@NL@^Izptu7ofG^TyFF$`Z?=Vu){<XW;9W^W*^A1brAD6v^hV$b7G?)c(2ysXV{q
zBCv`E_~-Tg4`6Efx6V(SP`ud<1o4i4+^ZV%v0cE^lnaM6?e5gQ8r;XiqMY4$cr>EV
z7U7YQDCzq#d{wC$+C0G4(b2JnY>cfJ@?m!2+3P8A0c(LoY+(NOkRMWF2e}y+$?nYV
z-*{J6hQdDIIh*e-Z$u#ytz%;uon038)~V5*(-vT3V{L&NOyp195m;NivlSyZybw+S
za0eE-G{zc^e=`!tWmXNoly6wj<Fjl8+}_c2QFy><SaE#E9hFMyPT2kWWdK4`8;ubl
z+-olTogmHqy^<oSA6C~9W^s~9;6<w%d53W_Wr9YVoTFZEFlxxIHZjp{EA)0(iWEq8
zUQvV;+#@|~P7XAS`fyPkB)+z9-v%?Bu?YzBV1U$s*&{YSt7@7!amkQeGK5+M(n_D4
zyPPbJ&qn>}<41<)(OaMAf-14J?y%CxBy~*s`v{(z5z@@4!Ed3l0o~x}-8ZD&M4OUQ
zxh&etk+AAz7~rXwUg^kG5|Whpi%c-q`Gm|;%_vsoVoLNR;K++UB2XzvOIWEv^KxJ)
zKkMlGNu)>pQ-?;^ZI&97yUk4M1DjVU&R4hD+nPVo*YhL3WJetGJGD!3#gyO<E?*a)
z0u!;PYuZ+#JF};xd;@~3%wEAUmz@`Pb_SV8;xRh##-gxEGXvV(Q55`twR7HIO|1PE
zk93qK2!bFWy%!HHgx))ZUZi&r2py$~bOMM}sZyo)E}=^m5UC=OUZq2jD!kF-xhltd
z*Zl+D$q$*Vti9J{<|&^i^PSD-_-@4Ml-cLt&yTT=ezvO#Loy?~5&&@LcV^VFb+eJS
zva&RH`+<)JuG8IkexiS^ib4?Ey8Pexk+E*^2S38HwMpzFEFM)ZUYwd$zFkg#6ETpx
zy3{oh3&qz3P>BWas*3tgH%;8Yr|mgP%;{^|>s`p$a-!I=1wQs^01A@pfd^o?uD;JW
zWu1iXd_BKty*ybzq=}e)K&eOF2IVk9^#*?Ia)vnjP)vbZtlu{^n}_->IW2nDwTgbJ
zH|SaEDfeptW<(>2j~&Z5RrY44A@@$OG%dZOal#5F9JQpBYFm$@`Jgj@QTWEoxH+s`
zOg4{+=#4i{)ZRWR5qn8FbO?@k30eJnmCF(=xqi8zjtFAj2A9=ZCr0n>t}rhOm)mZ;
z%{HrO$z-7ls6?KH3Y-oyu+2}1mPwQQ<#V=i%pwhVQ>+a%M7lS1TuI3rZFl-z2`&a<
z`iTN$^<+6hG*UKqnOJUdYbbvi*sFQb8O`9|5QFc#aF#Tzic+dFhlul76}H!-VaMem
ze`&U|tPG7r(^U7YHNQrs=Y6)Y-FF~a=OLam*#{@Q34DyNS-H1m-(nd~F1uiUOs`2b
z&Uo&;=<RILY*f+fk%pN`5L4wTHn)Yz=^_IOu4cL*0G51NP=RZCcSSFx)hJpoMn<EX
zA^3ZJOt)Ql(qFOaNCbAIyoKevMS06UD~2(=eQu;52wx5hmMzAY_`sc#d@+zrek(Fm
zwLqcmVXsh|>GTU!>}ybLB*V_6b3A#!6j~lG@F4L`3ySzPK;rEiREmsva5Sab*hpNR
zlP@#%FHfw9JA;?8DoytGwiVZo?+vfHxcPB#nL2kJ4V6|;LBP~wA9Lzm`Ocr+J))#-
z>6`Fx5`U~s=pedhrgrHT0G^XceKz}$5-SDmJtYz41sfkAGyvoxP@uM8@v%3UkcHzS
zK|&=L-yZCd79MMrbx|s2<3569ShjxhCoWNL>4&$ucQ_YvTd{DE53E(Lm80|A_Z6lw
zr@fuvmfzjN9?0pBSACEeLkwa8k2U5H@}z@UxJQsXgvgzn!;Lu$yF+)0FFm#k8miqx
z2aya5=II=zrvDO1)TG7;df_+{_gS;BvZW$MIGF8&UUo&|I1*vCs-kU+XwoTF5{m^8
z(oIv&G-~P6pD73WsE*pBrSaUB4aJ0?U5M9+OmJqQZrNjwh2ykDD1Ue{mRP~bQGGJx
z$uCqxdCb2K4*dGk*Pgy9Qf2w^>%*BxAG=80g0q)Ao~H9rJU)<@J2_GbvL4nSR3%qh
zCsf&=x0QUrcjNL6ze<(rvykDaGzAfUh$}XV)<e<kMhKX<NwAavFY^WU+u%lQrk9zm
zY#b~5!Oxga->SQ1`aHd;g4|`ITFm*>+O6b@Yh0|Gi_j-s-A>p!o#%5NrC7@i4R*$`
z$4bHOmM>Y3lQT0-Yezq=5&6I;)CgV}`*54=*_}+%Cdq7*s`n1u9tz=K7%)i4Km|d(
zyltO*YB9vRbI%f51r`)dM$MkEm3j{jxn=OC0ph9E@xK}@^n4OV)C3$9FnLn?7!o=|
zL-_1_g;-J|81;5=eBkA~WProsCm3R16|%0WN&4^{3B6_*5kI{xi^^uMKcR)w89gv?
z!`x~@%!=M5^R@h1>z%54AW4yX+!M3SOuJ8XnWWzNns41c(V5_CBS98dD`!gfkqR$&
ze}m&nfE%M&#dmc54wy)A1B|_dHHnANI-w+T^V_Hlexo`k?nh&jV&CwJ%r(#gbeIm-
zKT=aT>)Zk?DT{G?s3pL#nYw3eX`E0<X3Pk&>DiRs(MrB~eTTIF1v8OWE8j6Qa$Owt
z8)gR8zko=xKQf>2_e7#GDd;;IoA1P9Y4I1Lv6*8gRPZ1{bC)E}L`|0z&LH#ch@t;q
zbBlp*4BPjeVUefh8^cC6BN=uO$*})ea~XYSSSR4E-Z$CE!#DW@!~W~2|277GXV_nj
zm5~hl-S{7d#rT_H*)aj8B*_im7*_XphP}UnG5DQf$wmV)zA<d?3-UMKb-OK0Cx>J5
zk_2kAf62|-QKPDmr%9n}V)!i^P<CkE+wlYCGMd<BT{DyPQd5Q@zFI@Sm>ree6GKAm
zM|U5eyffU{kv?3S0TT8&H2hX0y?PhGt15iSqT>}@CH&={V2F@B4qiaUo&kUsBz|hu
z7=wW-VOFLX1(;V_yNiQXSV>u_H*nGxC7_v?xOeG5%yNzw)_{cA8#>)ekRm2d5%L4^
zAl|_FT;r}1FgiStzhGm+bnY|IP}Q`|gDt)%71t^Er~o^9fQ0lcVy;;o9Z303<<;at
zGQ2FLIRl6<f-3TvNd(>*uM_l=Mi{ehg=_tKsIX|~<$}7osX246su?$#$K`?@wX=A1
zK)6N_Hs~A-(&)K(m|RG7TeJuWnxE~^H8i#6(`HPpu6$i9bjE7?oZaYHsWvS=1D<9c
zy(mR_pIxbXo;7-^>eyJU;(TA`PAd5*NKwbd{BZ*Ya%LWUZV^b7j9cx_E?z9dh?ssT
zAOOaj4>`Hc^ZE{z-4M-2_p)zry>H&?o%_@zf1$GrE)Iy>*Xemdg&K>Va;=22xZ7g&
zwR%`;wsU%BVD0Jft}@!19z@B5Azve!wi!dXNzcR&N;zgDc+kY-xWA~=gY8A5zxp0r
z5Xj=*K^GHPN_b8cd~?uwf&Ppae|%1YwlSPCw?l->G++ZaOH6p(>eF@Z?*z-_Rh&Is
z+VYeoVXcDiBgl=DZ^z5^`F2@8BXsXUcK}Tm3Tov1>|j*bsu1dCL<9qbjLhKN6cFau
z79hDU2T5l-HR0NpCei_t!e}tvKdWGHt}1HrI+*z7cb>lLGs<;spWz|}O;UYceLNVu
zO}Mf$&k4lph?P$gl@u6Rb7Ep#Sd&h;=7lD^V?orVc4nzSS)-G`A>K4<A!1XFIyy`4
zXAnVAHSTh@6Y7uzixs`Nw8UVmh)kCfYh!(XnP4FFW%6ah8$x?`vhe|4=~G=eTer3D
zU#WT(!+utM(L~T?Gj`B{VATG)vMmO9L`#to%QZD@bmV#l`^scdFnE*Tfuls0tHFYa
zp(ZnQy;$AD&y}wc#-U;RQ7M1}5>$9zQmz@bRI+=7p5nE3*by=Xw$UP5DYLLIS}MBO
z$E-^Zu0j&5y&mvJ7Eol?v{WzQqrxXU+SxR@9pM8tQBEcIrsR<h`N7%n82e9$;VIgB
znd2DM30>5U8PFAK-g`+m$BPoXA>7Q?jSXL)<C9#LQ*sJfC#IKi=*P80tAZ`kbbO7c
zhnHR&`R8s-#&%p<zKcIhkP|{(lkHUqe&fVh{dS~mWrw-Q?<qD5eC&bs(7T=k*DmX#
zA%SBUgMQPp4YyW8QPgzxe(D8D^Cjk=DkO;F#+x>fSx}#m=}`p8<S1kUi<*lQ#Ff(&
z0{M0q2^q2W-?S(s*QaT;J5F=qG~<5|C2ir4fM&|0>UG7Kt(h92zHxY$qQux?As_Q0
zb87NgRjSmwM~dna?N<asZm+3+=9V`W7-Wz%ZlO<Nl3-u^X<}L9;Lr|Cax>2%&za=&
zKA;jt^ip)s9YTp>7lsc0pqm7eYPDc1x{J84Qt+^Fq;Xg=m*-*fhG6O3OyMLYTh+!o
zBBY)CsY6!tK4XWA#e?lVe|dxa*p_2Bg%CCgEMSH_oZ62LXf-0Z2?S-qoRJU4dlQVa
z&*w*$FOy`yaOT4}?+WINu;Xi;e;9dU#~7$7M;Xyol0AVlXAI-lm#6dY@+^G{E$dux
z=E{~sOIv178<=|X821joS-)P!zSGCpL}0tQ)WTCZ#=2*2n1wa-ER(H?G-a4d3RYVB
zwF|)gK~HvG`4#U6+u~U_q{muqJ0>mnG-Tw4#+QvS*x6$P3mud~J{*UM^W4F8)^HdI
z<#Kv!E=)8&EY@ymPD9G8Hn08(BH^>S=6H->sm0+j%%w26WHG-UiC@Ax>1~VultfUF
z6*p@4u6)L2gldcPk*)VkGYqX7-RphBv{#{xQau#-=?m<-UbvHud1l@eCH6ajKlN;&
zeEvwQ$BnJZ)g1}_vemuy5gC<N2;6D6H#W2?P73FLj8?0C-e72r{04@MAH4Z%2QhbY
zvHWijL3WKFTTraAVkg(Fu37X}$v*GYnokz24wx+7@7vq@-_*yz9oqTW<>4=#oKnha
zHQIY1LtmHSak)?pt;d*Z`eXMcO~qm`W5*x#8ip7_^F$>x_%vPgCkXGmVMLLfY$^Ar
z1dU&xC~_1dyY{h~u8?TL!p2D{&ZK0DlBEcBBSsrOQIy?HIgZC4?>l^VE-VK0ARsI4
zPJ}_`ERK|$xC<Y3s;ZVCz?xK{K<rLbC-s|IBh;c1e>?%prIH{Zzem0zoIABzg#ymV
zj<LAsg%e!~H9ZJDb~rp=&^`=)*ktx(KfXGMIrEkF2@ypQf-j&x%QAW4`AD6vx`TGz
zZYjXe|HAgd!NxkCzK%0dRb5Er3#^uK1n`cQuv;YgY`z9-wa+4!V1Jw8qoQ|Q)aR7-
zeUzikGWkiR@`nqdJ!av4`>*bndp7!Rm7-R>E;*#)rV~jfrc+p0OZkB6a{KhOb=eqs
zn*UwkM&BSMtNty%7CE>RBHzB>va&+v+-jPdJ^bE0$Ksoj0~bNh5sEKnfH#{$qUcQ^
zB&}#I2FKwPz@w}uC9O_v%W9O~>>7%=8G*+>Oz&h)ZEuv7kIx#o*v;`e9tCYZ`h0Oa
z^l}feDU&-CYulNC^L(<S*EF_>Ea`y27Z$B@+RL5TOD3OSaZjH+a7d=yIDMs4SKgjN
zfOAl7n1Fu5N^+8y$Moro#QqmS79};*Bz}i*Vkv)p3r5ZGNL`U-=6cr2o(8BLnQvG`
zgt^L8aQ2P%T=sWODS4R%x$<6Cb#^EB>>5X^m00^D12Uxb*ReY+X&2E!5>GWsBO@Gc
zq&OExz$LCndpDdDGP|JNZAn$k>*GQ9XuO>X#vSSljm5%Jk?YS-NeYjYvwVTsNG~rL
z<V!J+2ZJ)UZ7oE>B?1_v$gNVN8m{+9?Yh-QrKFK-(BF5ot%~9dUy&Bq>fZ&@kyu4Y
zA}~7lbFj2-a!Or8>yBeskOYtKe-_?iKp6_?P)K)y@-w+pqX-@rR;koi4dI2`bG&da
z)7^&YJna>h@`0lh-kk%-*iuPLCB3F^rwuz^eC5Apfl`V%ZLhmzqzOz4*AxsTN+!5A
zLG3Mf3yp;k{rMtn&y&uhIUq1(kSKfvd#=ELE$S`)kbxzUiXsVJtqzxvfu!h+zc=i1
z{^5iu|Auku^z`7Vx5HWbBSFj~90<ORJH(%}`l9-PZY<LFWI(LzJY*0r`PH`92$UoH
z;3G3G_dEY~5JZ*|q%5`>tC&(CO5lCGe=@(lA)?)ti)%8(qJ74&)oP(-EN+EB7E%7Y
z1(NKv7d}CbkIG1Zxb;s9^t3e7_@xvjUgND}2NwZM=d-9(OJJvDffSt_7FesOs3?zW
zP5`gc&YOKYreo4m{>jJ)Y8q@Noor{5A#OcM`@M_+XM1k$WRyG|PN+nRmV!tkbO<%v
z$K;jC^+>rsZLj--+dB;I>d<q;peJ%vSrL2TE6jxw71((hIud`)qO;<VC_+-uVXukD
z2YkyMLIdmAdLOWm)zwh-(7MDpPZo&jDR8W`P3pfG-Yq1$PTYR1pzp6)Tn;X7C!V-=
zdnSjfR9|>77ubggxh<jZf=SswEd5u_R@io4%nUSDj+M|hL#Px-AdxlA<P&);PLED+
zlxP|_y%!~4bQ}M4ao&W-4gkD0-3T{v?!2Xq{i)OW@w;rCo`*jDEqz*ts*kb15P|{;
z#4h{HC96BOX0b#m0u30k5KZxO^#K8v6ox$9nCJ~`b$G*dSwn(NQOTE|*Z9gno_;qH
z_zaM<oGG8}J1cIJz%ds_k~u3pJI)8yfLFK1$~m8TiSJIS#`q$y$-l2yaxJg%C34L0
z#rb8-aCCPtvvfh$4*gv^WayO2b<6i<%_YITt;%bROF3ZMyt=pXg{iMf&#vJKv=@oS
zY>A!ic;W^yh>^*UCka%RzY`Ai_E9c#%m9+-O4+hV&t+z<;)G#YN_Fu;E<`vuSBAvM
z*=PoGsRIrqYFu5vo{VbM5rA44uA^W+xrd-p>}U&*k|!xE?tB3$2~7)8uxsS*RCCdB
z<l~`pWYAiQ7Ft@KC8U?k=ADC^J~!LiocAJ9W{?sqi_)YZ7ml~va4E^~=tIwB{4mUG
zIR*pN@w1y+%x%W&Zekm125lxvi`$6CgES?j6=%#=n{hnTu;Q%Uh)vtXuiqVA(&}!s
zq2}gb&NHM@AL?&l6ZfMvrf*cm-6kH&yjA`Lw;?g~CUL3&Yerz{j=k1KSnmd5b$M8D
zfdC>4l2&ce!A(p&@aWmf?tI5{uV<~T%#DgHg4n)P9~FeObiY_+v<;-LFz%?Oh+t<r
zyIsB!xHt496gsXg7d(kWYS~MrD=RoT%)YBn9xQp_+Jh<Estum=dK5Oy^R)I>bz3rg
zFv;doD8;1X3dm{=RUX^hM_!JMsI`PR%I^cO)ntTjCy}<yz)p{GvjGpgwyxc6CLBIm
zA71Q0hQ*Vaywyi<(@+tDmi=32o5O2~u#`wSIp7Q<YKiRrgHm7dPL}bbiXc-9^N97O
zq$-z!3c)S6xd9nq0x8sC#<fS|UH9uL8vKx(E+3RbH^J$`uQ&TL`XUQ3&2YfPqqOKb
zam3WKqLLj2_vZOt1~^_<=0QKp)S&yCNCEYbUgVRGa9pg1-j`5AX98;x^Xz~VoDB)R
zu8R$<#|jFs)UU52KG@(P@Rt$ylZ}&589=H-{>uD7Jwhe{$&uW9>p4pN4jN+)g8mQe
z(VLYpIR&F+Jd6?qmHF*QM{QqYBedR@3Q9IB@fW{65f~j*P2wr84K|9M!#!<~Sj$oJ
zoO)F-?WWN>ac73>E?g3mzoGfroHm-_t}W+owhon4$tG^n?2_eTQ17{ZVCC^N<SX(o
z{=d7+H57K_VD{%AdE^-P+xCZ8c{Rn~4StWX{#D(B?4iE|T3;3Zp6mOoa06M@{(q(X
zUUj+}xB1g6<HjGtH?PXC7SjKeqjLR_UoES@YH_t-@u$TM-w%sl%NMW8uNLS0lyeLH
zBmbXLovY%jcWHi#EoFWaU%6*<)#vxs@=q54fF2A0TwOa~RsX(}_*E^V`HT9Wg~e6*
zRo44yu%!LtNBl;9SM^tC>YsWmy&w83^Y&GTt24(>2U3F{4!_MKYKrK{W(ok{B46^z
LmM&}b?bCk%?%5N;

diff --git a/documentation/ESAPI-security-bulletin1.pdf b/documentation/ESAPI-security-bulletin1.pdf
index 38abe25149ea1b83b41fb290333a49664dd34801..b1ca473b08013244394ed10056963ce43cc3e758 100644
GIT binary patch
literal 68722
zcma&NV~}pmv*z8lt-Ed8wr$(?ZezD?+qSvewr%gW`99D8Juwp#=S0kWs;pX7S+yco
z#JYZ!nPiHh;&e>(tT1GQ#e?00t%G?m%!G`D4#w6nyu1vuX7(1YmV_+-j3_gRTiLpr
zIWvgc8o8Q@nwdD5n(_0)xVSo-8QH;jX8+ZZi92eC?_I4ce*oE@UrY=P3as@58?#FS
zcE&nNHbn(n1a3_G`am{7F&kgzOTmMLS6wGdAf`%um+YD@;`?!bpIuMx8}4+`-hNx{
z%lrOZeA}h)4(&7eae{ec$~K9OJI_|`aD8^7YMSZ$bZw;PH^+w^c@7qB``tJK42T8H
zy-lggWGpJBAeUN+h?=C`|EkA`onD2p@tlHmWpx)!`z+!q9BcsXjIWe?-k4w0?Nc-#
zDtdCX?aeh<wNCr;Vr4g&9nr)>*1I)pBrg^sUn<(c81{wGXXi{mzsQ#f4ATYsC?_hV
zF@Jz`<#ZL*m`Y8b8Ls4C*hiYLAS!*>cjD7T42xZ1u}N|1!$$yApEe34CWXeHC35}K
zARM{wptlinBYIb!IfkDtA<h4}E<M0A`$(I(mmq#kfbt^^B8Uh84*tdJ=LUsbYaow2
z*j1iAYw+#<y{)tE>ivB`xf<25DbkMB7UILS^LtuPb_@S=m{#XaGOH(<fB*xlc$X!n
zT8GGUz@U~hwvRsxGv9M~_s)6!`~DcQY?YxbuPkUCz11NZ4yy0-5<@T4^mf~Ih7&54
z=L`et;-;*rw0)h=6*zGP;Oe1Oa#ZN;{)da#{yJahW)u8|NNh(a?RqoBu*~U!X<M%s
z<@)jb?4Q18nF7N}ub$>VU9#Oa*mL<h`MX|UNe?eKF6HZuFrPAwI`>XQ1Fnce$Xqao
z_|Y1wUt8L;_pA3+Zkx^x_+i34)ZKKa!G~K0C&@NlwgmtbgwkDJxF9~>QVh+V)Wb1d
z+Z~sR$8at4NB0&5wSsTi#wlUcpQkTVY00k<5&zGx@oWM@^ls31Y1gm6pJhTIycTI}
zsk1j+7JuDfq3O&3>772jgOFNiGfJ%->A7&)<g&?%m%DR+v;~uTP~yzl-05~_Hky+i
z`hG82sTJn7PzMaF)l9^qwM0IO3F9KuRhMUp9pf|SLuIF&+t3-L_Fg<vWcrm5z5m4)
zFo=X!*95lcLy2mPVIS+pe76(A7}g>{@zZwJeswn0P}s^7B){DnIq0CzGZi)GfG1{_
zCZ@GTkZpJ0S({4Jg*)b<|K*eesHy8k9*YD9qXP*d|I}&*33MI0Iw--zxbDW11in#)
zO3rG`J7!Liaa?q;h(c1^HOn<`h$eh@$XsuG5Kz$Nr%m~ZPV^K{dt__aztnuQvF`?&
zkYYRcrqK_!1mbA5&cA7t<!xyw9#>ujCQV`E-f+Qfst)O-*B--RPUOy9vI#_Qv}_Pe
zAv>Ur->Aa4pq~_-2l=JS+&Qm(ivy^U9P&|GafkoMW<^;GjWH+_t5_3*%uAN?HI6FC
zzMx-?U``!R3)f;0aNbp!hjJ3d-ei-UeX#s(OV-Uj-e7aPvjICD&)%4$$nTbBR=7s+
zAJ_K}|G2j7_feX0hsXKHb))6%qRd|5(x9iqbS&jTe@vD3Sr;v;f*q|*<2L;m4&ZM`
z4A+XVo{0bN)%b+1`A2Ud0Qx*}M^L|LHdu+qvhcQ92BkJ(oU}NHHmrV85qd;A!^B3d
z5UhT%IPYft-DPwCcdR8chS^emdH9Nl7I`GbSW#k$uju6e`HG3jnC>!jg==<R4t5ph
zs+eo$log$m%u3CI_$kr$%^2O{5;Q1G2FWdY!5G~TF`|D%yr6ZHy$o(@q|{?B8lVaP
z|6?<^ww|TpmV{K#&*z%auAZr{&c*GsS(>WNZ_@=vDU)3Hv|RB<1j}VhQ>-p@KB(~&
z{*-38;XwU>Zg>&5*=Se<ehwJ8*xd8*1LEW_fIS}rhMojP<h6$Z3N>%gm9t{xTd@10
zP}4Psai<fXuDA%7JxKDu=eoJC(;rSx<M`Fm9T|SxK$caVN*u~}yq@V=F0kzDLs1A@
z+5`Nj5+9;#9vD%thaHJSPgd?mKiOtWxJ8)v_2DRt|1*L1fws&A^S>sPzNt*jKEzE>
z3%6qqMqp)ToggA}orGW<=~Zt2bBOSfD$rYkz+L1ynsNi9E_!lzs4k;b65EY}8AQi!
z;ZHs=49{O+L=ueMnBu^W!*vFG<Rh1Jn{eP7tpNS&0#i_{Q9{{sXViLY%dSB$cridh
zF~W~e044hK)gR4ZE(yj`P)ZIW14sn#<|W55<e4+1AvxKVf;Rja)_g}Wut#KnTvjX3
zmO<RVtON=+zR%BRCb8D6-{&(|>aD$bok6Ka0rc)R8NCd9WcOXf?G2~pH`H=Qb(M3P
zQl}|yHGOVFGUFQSZOTYkmCQ`)148jQH!T6GQ(P-u+;UizIP}c>)x>ggh=Ai7S(Im#
z!y!dXjfTV-m=Se#_q%QC^iCiN4u<@T+<&~a=+?ZtnzkJj()T+})2d0K(41FKDG#T|
zo`-&1g5b?hDXYQ$vy_@pjpE$WK3*3iUXwf(XKYlOn?_z6dU4okaH=stco8rYo8pKh
zI;6Oj&gTm2tHo7Y8}GcT<~5Gb^ZVCeC}Rs(!#cwDV7pP-qR=VxFUt%UP-Of}FCEhC
z#^TaL;U2%mbnXj2o+~d1%UIz>w7z^1m|5Qjt_c<=Hx#f4W<Jr-kLaE&u?P_ua*}PY
zvaI6)+u=zH&m%`MXvx|LZ5HuaLi*<T1}QlO3gXAOedsXX(mNVwIL3igTvcK<5hmfB
zI$A{0xmL4~ac<T}?las4eMvO93}zc$6xG^7H9ynXi0664EbHBDr<D%79!?)0MSD=a
z6e5eryv5oDc5usJ#FKkdI`jH`BuZ%_gfl8p_|yV`aqj9#ve|)K73k&23X72{NjeIs
zHoWJY5Mt9i1>Fh>6wZminL^RmA2UmqBpQDguDuB}Pn3XC4;tRe@JAk{E?v;cdS&`~
zBo`SS<!i%Np`jgiF_3JLY8_W3)SaxBMrSgHG5S;?PmqH#j<MDVhAet9sl#Yr8r461
z=ncbIkE%mKcuA+?8<`yVcyG<#@8J4&+kZxS?nl&CJ$m_sE}XH`ZU5?KFUoD_W=zhm
z1rB25U>XtPV-L+8!8Jn%R-d=gXH$jdh4!<x7T-&qb<&VhR3(ndRan^CmsN12O_uV5
zs_5Q;=V^stql?qT!>GBt*GWp+yk*-5-`{nT+ycR)#!GujXjzVUrH1GqPxKlom-sYn
zO$o`-z-9`)r<z!1HXfq|4e{ZLyfeBel{mr3;>6N1gyDq53s0V=uMHlA#th4mI3>$o
z;9V*cHb7q<Itq8s<7%LsDbT@U-tD%&=?|G<;$tFh6&;^Yq37Mkx)KztZh^U}tDH>W
z#7(6zxZu>RYfHO96U?vZUUjL;O5G2#UfA(%OelpINSS@lCwjt=)_|Q)P<5N5-fSRp
zu6xG=?0BYYCaT+<Z8G-4wj%2WV|loaR`&D)Q$-ZZq7cjRLYJpx_(ewNFQkFuUrbZl
z;*4kUgaiTJ2kS`1i|`pk8So@CB33?Idx5-W@l5qo`4qJJFW&S0vA-WDPu@j*jRlhs
zfjTkD3hB8f{^Tm`ydFV-Z(oeS5#r?ty1nByyEYwt7XpRMxLri+kyod(k_TB}wzaH_
zKHDWSLAo>XzUN>bVwd=?djVnbpU&#!mxF~#Zh?)~c3ZuYLr*LJ5+{N0$uex`)OrJ<
ztOR@3A3~Ghf&3QfV`fu8$+Qi#Oo7SSw#aU>uZ?`G_n|zk|14=&b~lQ5$p|1#Kn413
zz{Oc-2bp3JAf`3IH;~7Lz<@JtUo{Nv9V0ZWa5I$;MOu6%etKsGrYSLVn8%)F?X=t~
zn=+rVGdqyI;JrxEY88KcP&b@Y8$3tvvva7n963+PK$<{H2cZV2Q^``d+~T&ecsnEv
zt<JILqjbq{8I&IjbaCekU>zT$(J6{!FS2p;GO$@%I6nTl&M#tyBsxzdz*`b<a7xSG
zWLLZ4aSgwbaV`Rq_-IPMnI1GF3{!^>iG-ol)J(?rXjDxazH*@gPCXvbP4X9thHwi+
zh5`}5IC-oB3O_P{zP-Z}X?vw7c!!OHsuS-Qgod7|?Z?gJT?8efQ!hPKWTaHUjzC8N
zK81!^lHT#^LEAm%_vuUS_{|DNb&=UFB4Wl^Iq4--nDh*P8OdQxtY{CuZwI<(NrlB|
z4YV_)d*Q0PUovQgTB5Y2b5lfrIj3%j=z87ILq9Hm2g5as^34t)mT|nM%si2dAPTyd
zt$28|TT)lrrXO{KM}~6JRpStvc4GjiE&8y~t8d}_%M-z#I+zX&5^^^gQ2Ys#E^Bq>
zHoMf&uCD|J%fLEoOI!&>KJRtjs+?x0<D!8QeIcTfn@I#>v2v$4l6kcuTZDw72Da=K
zwUY%2L3gf_9&&$*(3J0C^0I)((P;z8I3*wSE32u_0zH*cTA}4HeHPNhN|$a|FXD1t
zr;EF>Y8So9NOPwhTzyl6+UZ1Lr0)8<c5eZGeh+t$BGZ9$ja!R-Cb$(bL2l-Xey67;
z?Zm8?y5nYpOnM2+(q4JjS_fdVNUDhdSJQnpf*{Wu?ilfkrgUrPSC)mc3rQ<?36DBz
zUZrcPy6zlfjPu}4eU6UA<mGk5bxb7awQ<5{up3fv9G5+-ZKDa36}7~*0g3h|IC9_o
zF5BUEncPi~<Bm{va+773m<NNP36HrvKs-;A3e3O+{zG-`6z?zQLwbMG#Bc-q*rNzl
zNwjr3fcLe7%p#3OpTnYr<Q{O@S$(@Z`a@}ChmltCLv6HsAt0f7SZ`s;LGu&zE*b>k
zX)ZcDPfcDSJH2*8OnW-m>KK+oM8`EPvGYjlRJ-+)erR~TZ8FqZw&FfpK^ojmDN~ir
zYjt`h)>22}UXc49Rj*04>Qr?WQdB7e3*xr2u|ftkeDqg}EIuv0p)xn~2*-`NisY0K
z%uNFNnOOnGH$>AuBMi77ErP8tbwGws>|kn?qQc9VmuH<aXW62d$kq=t8~~z{p^<4_
z@CHG)kLiAu`4vXW$oq<wdrn~X)TqZJvV64>ka}g6kxBf_c5YDR<qu!5+lX>vK8<ut
zZvHASrt|sIi1Hyb^dd{F3hnsymv$ARHn_LkA^y|no57lULKVi$-t@mf_#f+Ec82*E
zng2CdI9WLVef*z6w*N-f?EepBJ*^`Xb;OR;J6m_=lFyS!JIT%(dYzjgXfFlf48?T}
zPJ}zA|9m5%T%k&qa-}{?PfGjfx|vG0{7|LPa#4(!m;22{`7>+fl8)i>`ntIoX8`z?
z*I1T<kD3pQ^XJvu%@x0dl(puX4r?<&H0a9=UI}a4_2;ho1(>ncj^p;dxb$kaaD&d<
zsKv;gGhg;}(w)|NEBib>=*#@YM{i*k7UeHGTg77oaL{&(s`Gm8Thhv4yds-=?!=ey
z*9pVD<>vdHwSutko<19W=_DW3^h@fQcgiW|?vAS)qL*7hOIKGnfuLb%)K%XUuUc=*
zT$g(*`1JF^$h)4YN^Q+LeSO2Nz8QDT7wxwk=HdI<*X@iEU+2klV!#(-N-a+>F2gY+
zo6oIA3111@NLrmhpYO-x{qy5?YwI@i`>gV&Q6;#6{mS8QjRPCVwga=iHAWjR=Jdec
zV)P7_G%(4XLe)2%FT+E&R>o;Y7HLpHvR2l?3ab#IO>gsd3&&tZN!^3cKY`4(%~#DN
z^htzJEY7G+mI$}DUTQcF6LbaJ4P<)Vr=$h_+jM=4or^%`ZjCL#lGv{rg_D^jt^kH)
zTRIJG&~&B@s>L2e2mmbZ=%Ol}?QJFQj4hoXnN!N_d060CqF&pQIGV~mDjvr1lEa8&
zR(0h)q6h@A@#IXleOAI{YcvB=YhlyYiiC)9J19Afyy7r-lOhlm2-iB*x<zEVOe>eN
zfwpzrcXc>T>Zox#f7lZDM9GIz+WMf80i{Y#jDEsb5{;_gXpx6cNM{+Q>m4jOU26MS
zc9vDWG{8rem52x&yPozv?dS4dtWL^)Z*}25!z9@{tGzNQfg3+rug^S&2mXg<yU~|5
z7)bP%=o+cezsv%`=1CmGp~iV#z*Sx$nfI`zI3$E!HIiqV{p2;6r!z6GY#rlXEMiD^
z5R9_?sY2~CscISK88&FYo^Zo4n{m3&`tqXRk6Bw`<_AE|qW$CH+Qi~B<D?8F@F=7M
zltlve3q8Lu;>}pGj!8Z2*JoLS5OEzhF>*=m#w#9La)lgTu>)We@KsjfWZw^zF5COt
zODB*Q>z$^=S3nN_tWcNf?Tjb{V-pUK=p&kHh=oIH#X4#Jg945l$WUVqSK)B>`#j$K
zsy&v3AFsq-|0}>qxC~gRU$Gg{XtnKV0h&~62trKrN@=k^dqi7KDcmn-CiSxWH$3e!
zNLj17=UDke8NruvZh>)NxSFYe`*@ri5$C1nDA-)?@RpzwbDm(bv(DS^qPTn_?5*04
z+x$)uF;{$zb0m$UZ1&@D(C0SO<U@jN7(TX3)GZ%|0lXMH%w$4&xZ`l4p!~VT!oFFL
zviS|q^05=_dtN5xbe_R!MFfROxT4+fEnJQ_sD*5IS;^Q>vcGV@;U^E?yZS}i&}t61
zvmf%#FJzjJRt<4(mq8eN`q{oG9EmiAm#%AprVb`zkoL$WwfE1aiRFkBN?r0(I*dJ$
zyCS*g%S&lOEmYy(bRPILG2^r&IytBDr0bhMU$L#Fi`mwwFQkDl%-6_h7~DNkvjout
z9ifWbpNP@vK8XqmBN;V@=mZqw3T{iKamX!*D0uS<C6Lj(XA{w2DoJmsv}VZ0$0LO!
zLH|+>E(&+WG%JTofb<|tZ<r;6GeBpmph*d1sfkhg5L7y7G8ua{hmO@a&gBBTLKt=y
zD69LXX9FJ$a7u+lm3`_$C3BWm3WIUzuDosaV|!3LR2D-c^*it!qrC!A*EgXY0m-Cy
z_wSj-%~>A>cM>gNj7XPPh?4|l5(c)!FG4UToa_^c3l7E9tKVldLJSS_h_=85+%gj3
z?eWb^ALQW6b#|V#i$J-sBYZ#B|MS5pH950WX(&Zc93H6=B!-dBUiynAqiV1paz%*A
zMzs$XYrw%<zq=H^5qrX`ucw>irC!erF4xvPSx$0lMf$Zy7#HT+ih~4rmcU7gcL|GP
zk8D(+M~JwkhK3B6DcV9Jt3_<fJw%c^%($2KOeA&#f}>PzWxTk`4uaz9hza1l^;<~3
zAN~+-mO0lb$kaGbw^9e-*GV|f9D!)935jWiN_B>}SJ1S1qoLv(XrW(B!hi<MFIgpZ
zXwq&`bB<Z8nPpS+GbqE$-GA%|;S6p-SK)2@!YBviBIqGZl9s2~SF1u~)-<KP$II5Q
zzlzJO0M%m1(=ej}FWiaW)$}w5wRmc^><{gqEJ;k#F$u>cAOK<W2^X|dFYGo55TLuE
z?|C$an(T$jt7#G*M~pvF`Lie1Q?1E5j=5fs9^<xU(blo?9B9Fn`1pfI&4<r?O`%7j
zVGE=|yI@+d==Hlv;0fXaKQ1AYIgpQC!aqn}K|5>LN5EQy-xTNJ`*umqK~!gs%lf96
zJ9E-1s>5(x-RjhUQ?9rv>HMCDp4@i~%1@jX>(`~~;g#D%t~;P<(`>_;p8pjBcS5Qk
zB<y{@ZMM_qs{S1X$K~ywTwVhzTtp|h0u59$H^Sq}kI-n7uO*V^e&dc!l6z&^c;Olj
zc|hh?;t9RA;uNQupOg*(W^^(G+h)m?m(g-_OkVs0yCqnIE*l<m*nuF1*hDCkj{`60
z6_KY2t%dvNu>>QIridY``Y8btH(B9agf9i51NQ*|T?T_+8LsxB?oq^fFp+4s<kxY~
z{hZC{%LY{h%jGBUJMaPdu&pm@F>mP#evkM>m$PAS_g2$y-h-9#;Re^2$?c+BajWJg
zji0~ZKFMNqj}<smNhu7*1U-Ra0KQSD@yv@*<efGbBbPQ?LNd0I^ul$d1pTG3Q4H;7
zx%zT9fTCA(ooERe>7RMZgRsouO=7D0W^)UI(#9ZfQTw7<ag;`}%h_xqb4x|9ZY*mI
z5;Gn(C{36fPW7(=uS!Z{Vu4AR8{^t(WAHGt14L#ba33+kHQQ8UNVWtuyo204>;$fh
zRm)2v3{-p6QN(T<6bsu&Cfk~|+h@K#+KRS71#|ce6`1k4=rd0r1!$!eb+`BJ;-@R+
zo+drfCrf*6(mXOj{~pgueCl0f!OTH#^2JDnDeKxJup6n|U@-M$tjTJ!hWqlcHdRpe
zK_?t18T|OdhGn}v%}w+ek<I-v{W<n=l;5T{ohqi0_y8UnC|Xmji+#>H#D>3t-np;g
z6Uc%M;AhQX>~9PNxdXo@%3M!B9CDZT%fCwb@tR@23hqV?!U$UB2lP0(Q*ohzvU2iw
zZy=fR)7Cl(ED>;}KH~0uV)q)hmQ&T2NY}&dF(9Cc=@j&dU8dw;2ZMjVPXuQ)9tUjz
zW%6NW$oP5WjeV7_VMOV~3%GTHPmpiwIoph1B>Qk5o?r(UnxTk<iCvv3R_jOS12W58
zc*=|=Q~+w6+!X=Qjk{r+-UEH>N%Es{Y%JMSfsKX49aQ3qNP^;_-MpBzvuw_%3KzCj
znh+TSml(Ct4Rd@jXx(DMtcs3tnPpnfMz+qs#+ZGi=;InZsTZ-?q9DKTu)~Z$Mx#D*
z{JSjT^wcwt7k3*8bqX?8x>zqE*2Ctlt&rv4^4glOa*Nn-xU5~<q=2to?@U4Hx&XU`
zle}hE4g{I^xeypi69_RQ5Mm4@9}2KyRXVzIVeo5O3rH{DBBLf9P6U9~XVP6c(a8{P
z^=AP2M=>(}_y>9~&nK)5`~30$Admmmz5hyLW)3#C|0Rz(|C>DK`hSwgQgJkG$p6UW
zIj#Wmt;{Qk-w?$Kri2_6phvfRD(r;eprn{TzL-_*stH%>aessFZdqBjb#2~W)zC|J
zp3ckKesa)0A2zZFjOBlRMmG(99N!&$-tC(a@clLn$sq+O1iUTp>e@C>H;?jN6!#zB
zUKR=R-ix=-AM$qTC#u~$$}cM!E?RTHhRa_seOqoh_*cC6vZB8GXRW^W9~2zoX4`HS
znU}g6qvm~3`Yd0Etfr)FGEaJQpN44}57zaXBMv*!{jv`0C+3r==mojh4zC^|e&#f?
z0k}qpn#l@sw^leD2+)8T6>Aw8gM%$b$je}tO?2{G>Y-JiWGenJcO38i^wn1(_=nFs
zR0&7z`GW`5N0ijwA&FJ)ece_tnxVGau;JzTGI^Te2200>hKbb^1jIB}^=)?CE#qDA
z)j)5~!sfkQy{hI;zYXui{uoje3k;A}mhVTc9G0=JF%Wn{_)u;~cI)-p{X+f&&AHIf
zuofDWvWx{**k)>C3S6NWQrrf{06CDszeR%fZXpx<wj+l_sE<(Qp<&cG0vUQJ9-H#e
zE~cffGcLn^tZDI5K6q*+yjDr>*K^<#2liHnZNwELrgE*cuQ}p^ImL2-`Kr~Mf@PZ<
zgSLxQvp4FtKNxQSoTa*@?N)=eb|GulnsM}w`FM^XuagVz3XKuSQg;?u=$;V?hkT`|
zcm$)lwQguTC`^IaaDxty&G6lX6_Mm91?4CmaV8m{{njKnR%pB}D(bNzi#W;vi%-Y*
zT*FT3ELU_$4%7*|($sa+?U2vZ4#cNNcv_JcF(3kvH7Mphb9S6>8fY`{Cf%L(A>|tG
z6gOpfh+^)L<89aq{R5xN)4nzydh4}29cTB(buz8>8v9D?l7WqmPD3$m5;=#1`oJ)m
zd*l=O^;aqD7ut0)D#e;pN9;f<9fD}&*+gdZB1DmTyd#)J{q^KZS!k6Ib#SfFjaN$1
z`l}LTV-%QLv@{_{B)HEaGWXM>j3nee*w5QzPbxXh-F9|VOH-^A_J&-{P@waY;X^^p
z?qUeiFH7I0e(Oh|dpPbSqqUOi^ANV7KpAhn<!Bc@nr<DHd5o^ApvIL{1ISC>L*Wc+
zS7iu|!CgNe6`)&z5)J?FYq^}61phBjkP8rp+qj?X@5T~Y4Wv5irdNkV)8CHTio;qg
zU5ZptbQ`{^(X}fIT|NskVVc2lQ!M-xBylx>$4P6{+CO;Xm@1(uwowoqEhIQ5#GB`$
zEI~MYJqjq+g`Nn4a;tZn!}6E3P{NH#AC*0Oa&U$~=Yzv<<&dJ@Md!CB6cnh~WA*W1
z+-zt<3d{P}UUklX+Gfc;e;QsHq0tsHkPL#U&XzKx0Rjagj2ee<Bui`WMsUp(KWvPT
z@DO1Z$7f6%m6QV-k0Hh7OCMXAr;vb8I24W-c_3|QnnUOyOEaKtpe@oEs~RjwIvUzz
zm+P4#><aPFuiU)5!PsbyQG8o37Bv*{TNFe;Zv$jH0!Rb}j@jvXtJpP{&A&Q@cx}|K
zD!N(=o9#3$B#0>HEvFiIf>m7fl(GQlgutGQSS+TC+;lC|L%#Ny=EG}-Ii5lbA(eau
za7CFS%<y-h!-p#K?&omJ?(-n7#)9BR>_-LG3g-}YYTXXD+z3`sN}Ewl5-XyKiP(KK
z*8PlYh(vhYAT}2P$v@o_{mO*Pjn<@XE5k=XPL~ymV7i4dpE$x|yw_U!X#;v1u@cju
zH_;I(LZ?2#sE?oV{JLks?RZgXzFjS$U9_`_hcy#7iN+hUBg#w>31Y~Ok>%c4IijZO
z$Z<1X(i0<N0>1p}1P3OZ5O#2ddxpX82C<8V*YxrvpmG_suP;lHqt<r-kUFP^VO047
zo*+ap_isT`3t;d~Nrbk!AyC>az``FN2#d8<FHj<>ykX~mZlzTZaTvdoK~TBTD{<eh
zYLg=4?MaS|0zHQVQDSi9-RAE<fVg3|&Vh_JBoDfr#EJjXcC`{9{MJjI#%vHFYl+0~
z9B&+V->bG7oMC^j=Ov8fCJ-0hY)Ga#M~O^|cc4oS7h($tP_%88sz9<sNkD{Ge=|wk
zmeYP(dpFF_Awga<>~mN^+{9*K1b$*Kdy7ps5Wb~D6)hO1a1SH^{bHH^3$Epd4Xy<r
zfCWqIZVLX+G{u1bhotVEQa57Ie82pWSbBQ>Oz2sY5VEwWBqWr4Svp=werC+mD@ut#
zQ662TY7@yY2pooa>&UP2k1y4tqx&X)G7J2C5_PK&*<yVJosWmN5w+;;1C6ay?_mQd
z0c?mJ!m@HA_SNl#X)alHjSvL@{I!0CzF&f_sTfEqZC%IE92-}#jq@_e`L=%`ue^Z5
z(Lzy}*ZxaYhJ7uLO$%jm3`2iHkj+J3XYkIvIefsTG%<mq4<4TKmCq9Bx;4qaK&bk<
z5zIEGGh1n3*cwU43A0M4x~c}Ft}-qB8D%kqu%b|z*^o?RGV3l8fhdkzLS%w4_}X`;
ze_?I7)li9?C#WSU5Q2e`Ls?WHnZcMo4qmyX9Pbw|_n_oR8mW*eMzWGeTV!OmZCjbF
zJT+dR>)$R@2^i+grW(>>u1nm6POQ$`W*%4rX(@)K6Y?&gT`{`;PMT2j>_5!@cVvAN
zO*tJy=!}ee=XTtp*HsjFY@Obw*tU*(^PQU8D|WYqPIvOfEQh~SuIF|jLSp#USTKzP
zD_r%d#upysh>ybIDHkzkT~ZxsB!=LEncDCtD4oVUn4<SFB2_k3wPs4u8AdhT=_^Z@
z&}7oigJi^l<hc8)a28ZjvCf-ZO9ay|G_%j@UH*>vI+JiwG!=4(7WThjE1%porxrho
zVSuw)37;h~p2e9SPYn)bQn&0>JP{$V$)+Rk;{m1IZARkl<7AY~HrJVZESI3t5HQ&6
zk?9_#u3%R0rAzuVrkS_T<4rLYuz+yJq#D(0+hy562?<jqWGCyP6hDWv_na#;l90Tk
zP(J?>bayh^1qzh>xX_PAOfWx2c4t3^OZpWQ_|g_GQ~7XJZn1n(^C`l|^8&k4A9t;b
zR9ugR*{73$wr<+NNni2-EW1JmJ~DS6u%egth;bI*;VK2y+7Mqo$^n^3$y49Xjm|<#
zgWh05whd9yWrjyubFH1Dv$efu2>lkR0tir3AKE&O1XB2zq@&hf*knffA|hcCEbXGS
zYGLaupz7O@vSh%*Q*3YXov}LfT5b2zuPy0Eb&+~gtl%MDO;;MxbxA@#DM^4EH-ToH
z+QY4(%93>ZsB)_a;ArvS(tKYvfV21}TZf_`7_i_Un`&^09yShAwES~`^85Y?UnwK^
zqj@5gET?Y|D(4NY4;L#~i!*u0dT7x?C<#LxWT*2cq3k|mxLzh9`>dN74zhmR*1Pru
z&sOGlbQPwTlW5e0dq!@}M;N%AM93EPRdQT0>z;#0)MMHvl*fKd_Ro#fyrlLJ*)oh3
zIMm}P_i1y~i4Ir33m?PRc2b=>c_)%_u)wQkO-X?>X@)iFJ%XcDUg@S~{bU+--cslU
z)wJ$4rJG}~6TkWnb46`#uCTm)%JqEeiMwbj=PGc5p2kRfIJm3pNqA=Pr3)kLoZ1ZM
zeTm3Zv*#1=VM6x=VRnz~VABRDG81G_z&O1@g<A~6GrN--t~&ZRXMnPjBo98NQx@nA
z9{v)yX<F;r@u8!au!2ll;l=fvd${!N;4-y^1-dV|QDs5j)H3hEFlmCR<iW-aBNQEj
z^N#Q@=2VZ9?i9Q||K{-rtmp*rJ6SjjCluQ%X#A<oBbw|_EJLzC)TheDTEvtr6mP;H
z(p?oYf=*T>2PebDn18>huSbfqt`6&8Hn>8<Z*B*I(h%a41T78SrHt|v@o0je)(l@N
zhe8%d<F~AR*Uj6`oOBHA*5Py|F(5Cjo;$V2e-`E1L@t^u$AyO{k?vbH&KX4(dk59W
zV^k&FI1Jb(5~8uk^ZTDWw{omkrgtPlf;%63w0jT*IrY&Hq9e>U3b6181N@Rj_c=Y!
zy2MMJHS~gSd=@$Vk3+~ZPqek}Qj*Xn_}Xce8Gzi_eD(2XL^JOq$WdvphX@*k_?|jg
z%*kYZu55szsuWJleLlbwJ~<iXe<jQAtI(zT1{T0XVn%L4@bREzSSqQ<&r4edp=aFv
z?PE%D>SxVWgk5^Mt6p_REI;YWjIz`<&?oI=S-R~H<GRxT;jHOw91gstgXjji%+e+^
zDLS}BL!%_1K`^`4R-p1*?EVTZ=w96vm!ww%dIK8YROMpUH|rC(HnkddLSQ)E&xC8B
z)Z)gBIytY*Ia#}l3jeqo?Wk}3_Tlnp5qsG*BAE><-9W1w@bQ1gzBmuZ`yWW@Uj+J3
zAc2|Ve+LqnnEo3oG5wpi_kT;$YtfmE{fCvdXEiJVf-nZt_8`KbiRNg8JQSd&My4ri
zz(JgXjdwR?W7LUiq+QD_flm7!9>w<j7fu&TL^bs9kC&VN@-W|?cJeNaWk27K&uP0k
z-vEIgtQreM|IKw-gzwzXgZ&8q?rnixa!7_*YkuGFug8xvek+gn&$rR4#;T4BD?Ww0
zvR><=8ukl}pEu3flgb?pZ#MO}r|LQw{ALX|4TYKoOzlyNOpRuPpZB-Xwtx7Ez_Q_@
z(3UZiVHgr#V9|I=>arQ@qkn&q(B6%;+j(N}V6O@HyE5(Z1x17X*upiOMs_v>$mF#u
zG*EXVdo=7E8PF&5^E=`2l-1<>48ve>RyBMPXAK7-faE}dU)BpOEoIe&uiJXi+P4*j
zFDtFO=zI~3(?pwF?$WXE=21qV)2mo)1ae6&<Ml*hYn<iVQN7GzG4YTVA{X}dt=C}7
zmfq+L%N0UL@V%c)dy>xYgWnNd7T@m2SU);!-9VRx4hNFh!6-H#yj*Qka_po<#*G<=
zCX3aMn2x@OchH4;okB5w@AT}OmEa*uE7sO{A*}=6S`tnm!DCxSCO3)dlujm53gU!w
zHtRY4LB*gUY@H3V`#U#S^KKLX4>W5nce8EHT&fDwo@NyN!A-(ntid<T3)4Q3JsX%6
zN**1E;IJjb{s#kiZ4Pf)v&U-s4^~T!OWPvjj7}Oz>0Eeza}DtIt=lL87v<R8xr^=v
z5aNW06M3xi?=U7YD{ckGQQb`9K<q<x-;niFWq$Pf;lPEL*brl14fzrRa>mt0JRnxM
z$9>;v8}iFryKu(Rv2iCjL<$oN%9N(V_QxG$0$i5{y3c)_wK>aH#DU(%M57V@6%u6S
z8t{-JZe)tg7tGq2uoMNO-dA>hJDes6+!}x3JhCZ97527C1ejyG40di`d*g}4vGw=y
z=U7PjN83yeiO(Lw#_9kO!U=Ixq&Ag?!KeXqG);3;0z82-bxY(Q!Fke6h6dM(h8PD$
z{I*Lg|I&ae+D}^m-Vv4$xA2E4)GYPRwQx+HVT5e~4knJu=R=<N4S2a#5xjCgMry)J
z!5OH6&4Ap~8S<ft9%-Z*>Tm4^lmG(eEh3J$V`FjB;OOWkwG%3027Zrla9R6aSvuHo
zDFxc#GPL0POo#hJ?SL@H1Ql!eRbcKW7|IH=!CwUD5EMOn2M#OmuSkX;qAlFX32>uQ
z_zSpEB-REt%Hqj_Ul9&_A-yB<XU?IsWH`|FvJoNgn!f4P9kh0(A|EEn-o_=Bjw6@>
zu~l89EOLd#=qNd#Ps1p3jQw^Av^rIG;;d&)<Vxd_L}d$!OKc16-Lco)@;Du#@@6R&
zS9ACoZk7tjG}7sWRnsn(d?%P8Jbndp3SQ?Q+5L)Dur*9sv|?vU=YOF78c}dPfIQZ~
z=GheSo=F_Rd!^}#p(HjYh#N04PN$9^n}AwvP}99m!McC2!h(I9EI%H{FCU0R%@5Ya
zaZ0b(vK-Y4sv1iXZ6=Eb;0`nZTQEGsTJ^4Z+cIG}2YiW6iyMSXNpud-Xk*os79FFE
z<E6L2zJUtG`{=D}r*%GYl~2JLF>46y(YDd*LGoH^<eRHra*R*i{~*~!=I`ZeIcvp&
z2rePKj(|vdT=J9zy%fTaj*YGFg{5Hsu`E*JgIQ@YmMN|RPvAg?b_0Kqb0@T6Ol}MQ
z1YC;itqq5J;@|z<Dlw9f@FXD23aXvmy`)YbBJYotFp1Kg`py<DxHeX$kDn`MvPNZh
zvN7yZ`dCy%S<1Qg84X(<-yl8l*+DsFisiI{@g<m)k^fVneqOA&LG4lp5}hV@)HP(w
zt0;!Gan!RC$1G)pJ*|a1>9a%AI6b5qCZLd7$_!RT2(ewO*c^&eEBUJKvlDMc*$Hz@
zeJ_WvZX*<IPg_k@*heJ;{Q4C0^Ft<UX2JqbJZccJ(YU+CJPvQNQIavN?!dgJT(KzC
z>J1_{H&T4i&rMK(0bQ3^PMS5^Jbm9=oC?lUmG~RBSyygZn^6btzDm<zpwMXQLwT4<
zB6E&y9d~2eZf%bdf$(x-#43pObm+HsflEoxs9XH3PS?uBNP=y^qwKm6UmPMzn^Sq8
zyY)raYx2j9gzR4cWAZ+hT;Zy5_xzYyfw94_`bp1LlK>G$MK}Kn!pBp>qiJH89QeAT
zL=(o28nQtUQZA0ESE;|7;*56&>HR^LUps-+{7tv7^k$DC?Hm>9tWyJ!ZZ%SylWQzb
z-H3$Keo}m`LT(GQk~L)_@GEOdqYMZ})ETA$%~W`ic&GO|==u+;OhA_D*P8ihI~~rr
z(v-#oyKaE!o6?Xj{V1-&6X?m0t@>ykO$?b%DG2%~yRsqV(HRwr4_9l1HdB~;9TMo~
zH7D7reC=KfA!AkdW$FeZy_B_DPBO34Qn$=X-@ae5fjJ_oEZk`O0O^`KO>X8V`NQW?
zz~*UwUyk?J-kkSr&l!bU5mT9Jap8LcT5Dpoo`%M_DELqh9f?_o#uoZ#S7qI)bhq$H
z+1r)>N3!3cF!-Sq8t4=nBvzb*_gg{YZaLfZxJoVaM=j@p;i>@x7O+dBbS=-RzE;0V
zz{`%9F3Y~Jj(Obil=g(Z@~P?6TL5o+k<z1iwL~$OFqWH*@Dd04UIy7R{l!l2#R*-Y
z)m{QgZ_8H=EK%?*siDa`s|2rVzxMR6y=R}g(i<Z$Xg8Aid^4(WO$Mo@rER2kD)`L8
zF@~gD%R~tWun{@x)j3O>I<3c1<f5v1u{8FaBO}pNd@={F756^Eb-%zzdK>2u(@W0<
zqXnc?2<AJS&2OcONO-rtL4G@)w^F{({g*Cb73A~fDb`u@p;2~d_O3aMavGZRp_4jS
zdspohz>)18)34Hp7LiHNc~fEkOX8;@i^M<rk44yS5*!+p#>rtOb0cvruQgN^<4n$e
z0PJ3ujphkilPd;|)yldI=S&8M;AIzAT_8}13Q?aT12k|qiWB|Ik>^arU$L*h@VAuS
z{(eB8J*A!~OQFI2a)_fk=!4lkVdEjHz#3sv+oiv#;&jH-w=dXRta-)L8hh1Gsg2Q9
zvFLSCwEo<?fE;an$>jSh*QYNk#6Q&BpE<4b6t3E-YY<Zh^UL3dwLafB^~%ZR6T}~;
zRJSDT;4m6&xhuL%1qxd9djq+%94A^SToTK8MtrwDiVJe<3c|z0TBx?9G9dXx&`R3+
z8B(XYM_%jpeqxLiXyf6-4^+@PZqrk3lJ%910U(3;rBukccNz68{wCwSyfbxC0rH7i
zH!A=YZR9)q-P`RLjZm3}pK7hEBG$d$Pq1ZueHbuPu~wei9@BdS=STGtsG3TDqRBO1
z*{jM~{4NVz`grv4Ho;xkLX$d3YuuiWTG|>(#eA{2GD1fd-!#q=$L!Bf*1tP7O??}<
zSCvUSX8Y1+u!GiqsPTTH;P0tY=3@Km&!y!#wa4(o{q<`Qc<1GyKNgfZD8B}%?>ZUd
zO?yA_W&3f#kj#K_NS1M7sE!p#Dig98ino8hy>+@R(|UX@*h7h3p$;+H@4I$6>5qGj
zeIP`4ednU@Xs^jrP{X|_j%}nzUNroDrE^Ub*{5<kj2m8b)(ijOE`s0b1v*bc9arLP
zou=>}Cf)2cgFs=q>crcLTanVPZ#cA>%U(Fu@%5&kEdAPDQPZN?#TREez4k|~gaSv{
zE4GurQPvDi*eFy#Sgun5_P0@VBQ=bJj%4L2mQ#^hcfi8F6^o2Y$9-m%j7t^voWJ>=
zv_{xP;56-)_G>XzePZ0z&rQMRCL`}5aZUw_H&-NTx1L;izzHA(n&Z;G*W2<&e^`q9
z>q^gcncxGGi>X&wLeJLB#G`kg_y<YI*9x_nToikCYLW>n0pe1<hN9c$XhjQtEjDXP
z-4&-w+<VVUA+hr<d(J6@4eaxu>W5<#ff)|1NNKhW)fk1(pInGux~L7O>ef5Prx24G
z55?bE+j<ll-S30v{;a(4YySfx{73r#hY=W=SpHWug@yIMF#^lK2}u7FBm7sP4-+8^
z3mXgb|54WC1MP_>w&Aa);h~@~%a<|k>q;+7NXkSc2xNpJNr)s2M}$Y8Nt6*!$TbBF
z(x@u~5(FX~L@cZ-C@3n533>py6WkJ6)5G}EMHkaB)e>-5lg#|lS!Uq^($m;J^v)GH
zlr?bce)*_sqgh#H_l!rT69Vgyrru_AtEsX<7Iq-|{g=$;GNmB!m|^fOZ?7tKd8#s-
zgP{bC2xRrFLCfVNZTss@Vjb$v21(jL>)I*pI!`4tat;cTmp~PP<6?;#pnE#tCi~0m
z3veltrwg>o#;CuaeSzYkZ)T1mOtQKEwj=!lV8d&Rl^6q`O;A3rePrb|;K8q5C1U*y
z&b;V+Kes$b|BbP{c*@q2o7o8aN!7j+9<PY-!sv4*K$0E#m`T!2ctP6p51mY5R83!>
zI=(}KL4b$-4h@l@Oi-F<YVbXHA9=aVV<cpvdJ9cn3bYD_K$IfjwtbBu5$|MXmWY{|
zz-M8%*m~W9{)PJBK%K4{{>|_;XjKjm2%eR(MBE7S7*NCB>IGakJ44RFECG4w{~5id
zwg=kUjG)i=$Tvgf7Jt5liW8}D#4Jz&38Oy{eq@bKhy`%!QQU{m9_F3EzOsMQ`s2Z$
zT)rOqFd2lYj1LMY)T8#EAF0j6?g%26!}rBq%o*KdOOZ*u&Ua(?D8wf5otdPAKf=3I
zi*3#e=MM)~%^TYjY5cP{YHZQ;ZAIwm=$-l}f}#f&g9OFA@9)!*!kSmoTQ|5b03Aih
zmT~>0YAxKEKl}(c!WTyoH$F5)L$qqGz!vC*QEkQ*M>HIgeB&&5GnP5M=;ko{d_h#G
zR{4<ofyOPD6R5S=O?+O$=D1aNP~3^foyokm97r)%O-KXBBEK<qE@JoMtS~n>M;yb5
z_nd`KgFSil7xgjJiBBdCQ0&AU^6Lz0P5&ZecThEm^!XyAt1d^ZLeMv3kUg?vj3S$q
zNYlP8(MA|TK5#L3O-KS(-+|%&&72GD5Aba_#_seN06<Zs#7liR8(fXtZU`$pdnOu4
zfhP_f=_Y`grP8_Uwy1jiWR(DlQroFo&21(yvFngo*R0o(D3F4PT>2MN_$5ixN`L_O
z>rWfsr=j4$>u1Hp_e}Ntj#5*k#9)t<%6_u`AG`KEwoJaFq-#v${l4sjFKMX`=d`EV
zvjPt-J`u=(HN}jLfi&n%BAj!@`pGc^@dGnj=qN6HvX(qf575S3PLBiK#yq+O3|y-y
z+CwD?0QC8*rrmr--*=;WG~|yzC=rt|Cp6O@_^P1sq7?T`C|3kNR9V{78u{eAtkx)U
zL_P&+aDJMgU=VHSJ;{;cP*yeIlzV0!WWhmDYH)M5q+g5Kv8V~g;H*0Fg~o@8?m{pI
z`w+X9xUfkQgO7rTD{MyLdhltUs*}Hw7;&j&9DOTiOL*Jo7j&C!o2>rm+rygRrz2Fv
z2sEkuMHNAKSQ4>S<_^j9%52KXW!gcP6pLQ~r+GfMUxF8&RaEP~rEQcSC}MxqtugPO
zn%f<dn^Tu#qX@Bq!3Be;D<Qt#JCM?wmK7e@4i{-rnjZF8C^Exswj7eDVb<8#2$8U9
zj@+J@mx=>PqbPwXaiPtKX$5{UaIYMlIKvpkWrVvNf`xo`lSh=$YvE-+^dJQuQlxRQ
z@OZN!tVKbPkjlKSYVZnS4}wg#<YTu0!a?M%D*Y}eY?_P5UdL8WacW*!mx%QMO$XV?
zNBf5qECCP*(6bYDEO`QHCQo7Rsqu0Mfy;TH-ukc0iKL(omhh{tB?1QZv<1Pii&`Jj
zp+FAE0-;*NMUfL<=O%c8-_Li`z?XJ5L2g3i$yfCd!R{*ML^&Ov*9TmeZ+&?Rej6w#
z$OHS>YZ>81=%!7DW646nIVZKS{zSD`SB*51JpnaXbUZrjA5jM7aaFL6B)LnkA&d`4
zHErc}75<6}6?NOrmpmq;2X<JTgPS8jdcQYF{1IG<iEx$YC^cM>tW%$+pG(@c{CEe<
z<2n2Cp@1_)zC!ZnMEPJ^9uktr5b9m)dt9l1T%uPVk3dr?<LO(01Fb+mL_KnbKoaD`
z%3(+4AqfBx9DDO|ysvvC7sy-whwo3gYM`TeJ<UfmCxDBP$(%fA2iM-!X0K_OT3LXS
zp11e(3}&A0Q@se6`|hPb7}riY#$D8#vFV>Gy&_kXvNob9Tb3~>ttocc#&lb8)I!K6
zDfTh(tUrVnnQ&e-%usSiTuuAo%eKrDUI~Qb13GZ(ml1a##{+jCB?DPy_`(oJILvmR
zeiB4{efJ0PR)7CaEmvD8)8{soY%cs=ePVY<>xGiczzEU96eX1`%uWA121;5+vy)~y
z9z#9mU3C3&{nff<s%^Ys*f<Fl&IlzQylx2HFF!M(69Tku<cJkK{U?<ZE!c!JMB}&T
z?SLlN2$D%O%M;5>6J_fkO87FTai2y;QG8P@Q#@m7jxwD@JM6I#z3ixV&$K-hJ?^yR
zirK``bmu89jI<i0?cWXu<VimK29ziimyyL(?^O4ugQkb953Dl1HE?N8$Ic-g1Io5K
zl-owVgN-oTB?d;CM!II&X8L9w2D`SF?Dp&qt+pJt9Q@{fQ;oaNG@Bo-H0+4&L53q=
zPTJNJ`3YEM7f#e|L=J~JxF<&#rQ(%?`hVK?bo8nGegB*^#Dw_hkBT!xHh4N>xpn}Y
z6VXEok!$1kM8>W-NhR%0*j~AuNvF&?qM`Q^hRnj0qCnvl#j?3v8oshyzI+;G4DfnM
zyV*V!_IY!WVFM|bxj@QF15_O6m3$f3^pek9UqO}HujdL16zF|m^*ZiX1}Hj+;&!}m
ziXOYFT=FPysNAX~mg@FhhGGN++@G(QUacSLy6=$%fX<SXXt@s}VIvvA&ZaFr0zAiT
zRd7fU!tf*Qn`)pL3xQB97i2=Ah`AcyfodFbfSm27I5uW=uYhhiy>`5IYy@g6kLr(Z
zkHSsKxR|-DO|xmH(61vMscI!PRQ)vlJpDv_6A3a1QV29q+lZ^Fx~U4KtRi)hTj*=q
zu7!2m>#FLK>O`D8okSay@w8C&QI(38MCqXoP#Q$FP_Q{cbr&ciaPJItTychC%lWN9
zAxp$dnW)Ye%J)7yPIq^^n%}=g?CeP5s<*tWADB<@w^e=W=N>*Ee|q{$Qt7g_JTA^(
zw`NMbC$<>)KDVNthpSLgUxtR==3do(k4f%v#;6f;+~7H|xtffWMca!{UGIy-!*6BR
zk?{ZUD3Rz7^WfxEfgrBGiZl>*_wF|m5sQYw2$MF+JByk<wYWEnSaO*(l{M`NlN6|Z
zZT`C4o!RuQnE3?fEQ$RRmXvT}E!GH~C<s+FDdZQDXC%c6I}aNlgd2>80H@lM@;&Yi
z_4AX8CAARv>D~7wIY@aOOK%tNn4hz>WnH)WeZr}P0Y4-uJ0wdxBpoEl2u)Prlg>|1
z<!Aa?a~E}(HdGho5YvZ507dT413M;LkDM;fj{F-Z4Fe&uScn0d!kGF1&A*Y`Vf9h1
z%G@4rz4x$6K-S+(eqHIMku7&rH*Wi-tZg#)MB@5#v#owE1=Z@><EN4ivZyFeK_<(6
z@%2+vM)skx#(R)W#|K(6n}Hka`Rs-{YW6{)kR&^R4Bt#<C3gQ*xqofOHCx6VyV@&_
z-@u@{ZXVV%)PVXS`Ydf@kHEmEL(SDk{K*aLz>n%|67gOMX`aM*#5iev#hjNI6i?{a
zQf?Dq>85;BC=$G`NeP};@9Hxp>4XGJ<Dr3m_2E=z^SZm~*G+*)h5}o+Yx3sK8;kvA
zYt5{~jqO3y%P;Al!hHfiwj*3nX;-dc^IRKonG*AFC#`-j0C0dwu}iL{!_5TEI3%%b
zzEPhfg(3Cd4~X?$?5UoWj2YkUfBxAW64N`2Z}a%67Fqok1fjgRVSd*wBJ^7};ks=^
z#z#J54NUdxBOFCB4VPVi8L3Ifcm*+!!Y^!m+W-OT3Ou}nD2-3$HEjTG-%!g4NM=Ow
zA&OyzXbP5Ec0~Sr?T7FJW?Y?@l^UMh%r=)lVSO6ADzh`+lZhdx)&v3z&A;};91a5d
z)IOEgzAyHKWKL2&iG$wrxIHfv#-;jZCiLGPDtSmiAiH1J=2?8peHA-)rtjMca4ukm
zrq!3K4XoQHQ1VrX##k3Zg`c`bWVUg9x+VWqP8vFib4qYKxbg3!m8+|CIkO{*zCf}a
z!e4A>aqQM0{HZe-(d=>7@>P+%_+0Lhi+Q>JJbUyeaKB!7jO6J51S8`Q&fR0QOl)(H
z-gPLcK$~xto<7rMcF#xzPm5<jgS82<3mSuajN#Ztlh?nvX_3*xS~Ek-yuKjWcnZWI
z4L#2uDP;_44#9(NyojGBmNM>@Ydi{rkp8niA6<s9H!;&sm`)8kvZSf!H_r6N#Kv@K
ztiAsrJoUk(Vf@%n)}(Hs0NXo~eAuL~`#kgzW{taY&8y0DbDa~05VIxV|Hs61ImhMa
znTYKwtW|OFq?P}(A2yB=G>`2;ep<r;5?2?Fms1g{(rK8GVueGR2K>~X7LWPB0u*t5
zGulR2Bs=>kdCqgjejElIpZ@<N>@9#QX=1ifWN}~IWpU@=Ebi{^?(VS2!s0CM?(XjH
z?(Xg`2j}v>pWS=^uj)TlUDKUOI_Wu+)YMGpNv4$<-gJoDAnbFm=S_RWVfa&w0joiU
zK^I~hGWlQOA2;H*`A)_m(b-b5u|(@Cd6wD}DnHAF?vdlWFG*5jT!e&&L%B@DxqKXk
zK=*FUOuN|X_LrJUFc+5Wzg}OeFAZL(w>(Fuw3)ozRUzOtSLuNf_?w&ui<Mk8*m-(x
zsg@@7bT23Ms#aGLR}$3`X$;$TUy0?DuYgQKXslYY&$%<T<9|ra=;ss$JA(wtaj@z`
zU!GkP24%2(@{>q5?0C56v>JMCI89}EHJ3;%mv*){*14!`9@=yrge~o&l#BD*`2Pj>
zSe36GBgW|lgU=sXFXYRO6M>OfaZP1be*?$PbPtEUIPvPT@nMm)kX^1=0s+vIP#BEm
z{f0)Yx|V_`lUuVH%DmzRd7+^}`Nl?g9F-pU>_0882EAXN(B3jruUN=QlO5sj(gqXZ
zVhpOzw+DWv`amM1FrOh<PAnz37+4<!-7JQDZ9zH;w>q-Y4t1Bs<#}K726ab%o;*|X
zfv76KyC3{q-|_zH>-_d4_WpVm8VV}JYV?x;XTwAdfj<cpBHMwU?<N`_AJDk6^zHN_
zF)d^x1$}sYSPBIhl?Px>tVv0~NSBClhB+3F02dK16Fw167hVx=19wp&fa!0|GY$IW
zjW-}Co)=rT)(osUMEC`?ZT@|6`V8l*^6780|6XU;?(jIbr1xqa{?h6x`wsS(65o2j
zFW8&~tT1iT{2Y!&6bifV{!x_gQwYPcSk75%9p#;P%&Et~+dtYE@5kzeq$;<{rbxFG
zJZ*;2u`G`S9UsrLzC#z;yXGrOb`4ZIT(#py&Aq5};OI)ZYw3Eu^6hoxVZ={YYwOLK
z!qTMmUv{k)Ry_<^vV8VOYxwwfTOLFm5p6dQZd=~(4Q^ZS+VAr3w6t#}0X|b5_D&<x
z+-RuddpXQfkMg|qzlqy>#p=9pVV_+&yHM$Zy`<dHmJ{s!F86z)wJrQRt`XmqRCqN-
zbe_>~8whche|Fin`uOl1ja5N~vFe>*$69|9wS`4aR<Lw<+8A?<OEIy!mm(=uF*WVT
z1mv7B{VuEPO)g-}$+`nQ{ezQ9P7CL5Kr*x&%=fqgB`-{1YlZu=pD|RKO*3@qReQ(E
zKilRCno17UqSeXSR5l+WW(32Vw^2F=Rm543beuYR9R!Zx6zD2t9Pu}bWA!f)QZO+R
zY1~DAeu32o{1`pqd9iD!xIr*sbRo)|h!J6X6zt(mW21r`Tl+oN2RiTg#ksTH+T)w6
z?askshY1<xFnwv9Ej;=I{A#~JGQ4AaVv;s_89UtqH0C!2a9NO4;UV@T^R4&Oq;<iW
zNa?R_1|*xoY$-Ba!sjHnaTAMfLs!5&57|Pg!JAjQ^YlaR5F~4CkUCPM7$>fC&>8RM
zdcVh>_1-~~F}3<e7Q1!QRXzo=be=NA*C!{hd%3H<M<+(T@052|rhIeSIsWLl1sf!`
z{uTp207peaTpdIyv_aZXGPRBdz}1EI23M1u=8Z|i8|>ki#XG9`l52q^=B<^}d}N4u
z>>vx}$ikWAU6sqTcQRD_*q1b+SK!qzS?BdEJ>A;IAE9riHk)-(pgL;;hzrt)DD>fx
zqXNM(J(I5z(EE&UhU{HFB_FOuf96DxYKsu|8^Oya=qhLu889!7=69|>CGfvK@IEcn
znca+y>uGlD4T9RjiD(%VpyLUG3E6-}nPXGVy+qsOl`Pa`idEp%j^ZT>ftL%z=av67
zxVY4FXV$5kgWxs@e?&df^->T5pYQ0FXp<6h_bpE7VLg{j8OMYXX@z(LGq4p`ijEZX
zLM9v!hR%5~uUtmf##AJ1g=dANgVV*RrFF(!MK=UrCxqLT#0`Lq>gK_e<F2p^fv(!s
zJsqy-b1Q14;9hk<`{_o@!StYXKHSPF-qCC}mFeOBK0PYKd8Y{w>u?boEn@hz7L!SS
z;S5hhYpR6!u&|B_THdr2s~CJ>X$;ovl_+N3FI|r8V46Z4+t3yG^^gcf81PBpbq!c7
z)6?lJ_X&Iu?DW+3hU*-1p!R~?omXv;wNXw}CPJSYg1g>Oh9dlpSO^{jKIg*8EI~8X
z04wEEtim7?lJiYOAG{)w@oW%&ron15t~Z)=7%Ts!K2Y7=c5qufEgB<DlDRW%s03&<
zmFBKJ^vL72vD{dbBx|Ye4R@^##SMgrj}J-ram?e*Rk*QoN!5J7?VnaP5xVzuh`5V!
z|CHww#uLc#Mzf-H5I!DoFZKKs%vyZVEIIrJ9kQ6uFMfoj{khNGrvNW%kkrYtj=!TS
z`NM-{k1JZ6Mqj%^8Q}Q-<Fsl)&d$Teb>}Q$s>{`UsPoT+7GaCs>|KM4o%HKB+$-W5
zl#8>?R{+~%0<NOw;zzE>QG04@Ad`2dYWx;n^BvQu8I@0#);L{ov(e9xMtg42_J@ro
z^%jm4dMnA6=*g&-gEb2tTh?J?*1A9DA)tBMHGZP=I24URNahVyNP4J1amQ??LcL;U
z^7&k-GLX4y;ULmFJXnQv73}u6I-1ifp4ngJb_+8)k>O#WO~5mht(Ju|*K_qI+apAm
zq1uPz(a-j(N<Gi3AE#=1-UU7l-sdj|V{F#yjb1#!)5F5T2_zOa8+t`VT94DEE+5Mg
zP_onGRi!K+Ps<C1^GdzOa)M6jDRzIInbeFB`nKJWhy^buifQm2VNyd}K|^w}X*hq%
zX-oDfXHA{SCfDq+!cN(Qh~!#umaC7%U3S+E=ESrKx^Fe?j#AAJ>#nl7s3)PBZeRpR
z<UL-5^H4)^?z%Cv@;C&NLAN7{Y@>smq`^}dgJJX~(C9lB#yD9F2{{050qQ3W!LQ^X
z)@;xAXxe?;0Ek`Kdax>zvL_Y6yk&pQYjRuWmZ&bdWzx&<1n5912FWWawS1I%U0FCI
zju+7iyuy$3?|SPB;*YwvBAX9s)mvJ@feB1H?L9cMyX63#j)Lidv<wjtt=6VvSc41x
z8p1x<5=|-&wpe@v?A9F;**=t0s8c3ZRJ%SX`*6+5!!ldqlUr^)=xh#9sB>lZ5~=yD
zGCFCoV@Yzi-xXVs&3KepPRVfOA;ykt(~6lw$)pX;eWxhWtP<c->Gef-XFR<lcGRrx
zJ~%#)#0jgf%pj@u$gt<5b!hY%h5Rt9=zgnn-SmH-oYW#2HPG&BGqY&VMvPa8oZ^_w
z7>7x`MM!>6xa-AW<*+7)Gbv$kkob>ak>&|3O09;Is^cbmq3hsIz`DNdiTT2(-pE_^
z?g4Rg{6aSyUDxKdR>!{ai!AvT&AQxo$aGiIfE`Ue!znnXruQ8{uhdF)rnG4!(;khf
zXeY>%PeH+@GtgqBHovyK21MMVT!vh;0dbxakjd>mNp2wp65%~LurjofZ;t*1B2x)p
zF>*xIP+|z<ijh346HES`9guW*!Qz}nwvndz^CY0y%CwR`5ka=n9zJ!i>Lqq2HkOA#
zUpFRg(-bmxWcMAmA55o{MM95KjxC;__SU{GG&qZH9K-Ca^xn3Q)~KNcly&=gox~BU
z3)<SVrkTG<-7T0!uS>m4KGRCw*m_qL)@mYcn!G(`jlc042^ts*Jh@ELmY^H7Im|Gp
z*qpSXh`Nb_X&cyR9m>BLq!{no&m^6?nS!->!5qI>r`f0bkTKxB`-3d~**61;r!)UJ
zGE~I-+$_W6eOjfL`4!lS>rQ}<G!`ex2yC_Jy9QLtCRnWl=o3(9))9-<+o~CP3$3I5
z4Y>t{tgRP2pgHQ~IpU3BJBx_x%*^V)hyXMTJftw)t>w{PF=WsUI%7!Xo&B)GvQVc9
zSmwO$QQuq|$)#nQ1B~WTPxWj)3cOyzn|MAB)1tQS<%#L|H>_%kk3Qej9_+##&x7{=
zXf@*fJ?ZlTwNI~xve$;kIlDdU(@$dpOrz1S{Ebl+v!&HxDw5AO#h0DYd_@>GnM<>7
zyU?~rg<U5VU5>({mFVM>kWdKDk^_ZKid~0mbP-~2EMJ^~LK}kl<;5Ypz(m<(=PRL2
z_$I?3ebnay1YT(A=I;D_$qYNpVvN63j7IiPlMt^n_8o4VTCvt;sDL?=FSa4d!of1G
z4w`d|G2>co+f*x|Fn^JVY!E3FSry&{28AIVKVOFVitr4t;LgiwE(9+?w&QF$GAybr
zIhU(WmFaa$&ibrX#<{;wP7cJ8@4Y&ZRrUg-CO+OP22R&b?dG>i?S=p?wjG8;Rs4TZ
z<fF&L8*>jxb}X_{{0dR+ETGX05keo^t|uQ0AWn53M9%#=+R)BRV4mQ<MM%4doRRq3
z|A4hjaJ#NBPw*8kbLsd@Ro5{$&)4G!3xj11{2gQtcp$ElGpExm8+&Sk>cD$591hQ6
z2<pJwB*<Aa;xqglN38Z7)HnU<%GbClha1v<gRM%<`^W$9o4{q_O;wi>wx|AN*8JG=
z3o$L9&1u}}P>a@eNWxlUMSz{KmNcPt?_+M3!PrrjzAxlzV+nh(QyL=Q+jQL&@BOtw
z>d!_&JOt#-V0T=<Fdg;)Ecv)dq&cC@?NqQgT3Ib&cXM%j5K?cx-{GclF`Xg{y6sS7
zez}Gh*Fl}AeLc`8cE4bSdyJDNej}v!m@{%d>1$PQpb!f*hLXlW;+-T(c7v?2uSR*#
zk*p*k$#2p0*W`^kNQ<1&atnJGgG9*_Qrcw{WM)3dx4cl((<^5Up_>>7dj4i9v2B-e
zu~S7_ubS-FIsy8mH(}f5c~wB@G%(T%yP)q;kSP7gCibmio%aoHSZJoU^gd2iH;U(F
zp<HK(7ZznS@gvThIc>l<Yu(8jbAZS18*16x=kS&0AQznHK%Sg9*7<rKVa2-%^s7`W
zUw5q%t>y*#X-}_KgEx8qhIr@=wk+}_INFO|hZ<(gl5Kv@W`B@+U{EqG_I-XseVBqb
zp6dTuulbQMXNjT}j1vtJ;Tnj;fe+xbn`ecY%K0%!Q4y<xOp#h`EWDzsYQYg_do}1>
z&bSLux1rbStXNhxnhSeFoC()!F#P<{HQt#+lBDvs^maKwclkQdnZ=Y|1ImBs6HNu0
z;;H>^)cZif5d3^IJagPMyNXv$@ZD9tT7u!)k%KJ|@-7FAyjZSUk5=aZ#{%!c2;^@k
zh^aX$^z5SM(Wh*<{?Lvph>pqR5<@g5rLib2@;)X4lLhHzhiNX+y#Iu{*`VyY^Z9Za
z1AGcE50A@pdZ=8Bori_$+N)8KoJ?4pu!73X%S5J$$lR=Li-D%fWATp@A>GZyw$frs
zD!O4#FQUCOG<po#xZsWl9Mo=W2RH_pWU-m=;WavK%-zN(NAcY{iYH0j?Pvat1lSSL
zwiFv_ewbhcFpJmXjN38#VPgJWm;@fXT<-f>kQh+NYi&0L!=YdleV)>dW8Q&S8Zlz_
zKLY$5YtzSMkO81J(%|vG(io-a6R8$EP@@OGw**>Y^g4@ANqoD>1tC`K=h797m5sV@
zr^SuoOy=+?LNl&UMdwwN7ZxcJpZQI1h!Cd1gme@X%fhQ7o(Op|hwy`H5=5Ij(&<LS
zUuqbQ*(D`b$`N!iSwCOhh+2(QhWRjUtXZRfVhSy6z)+_~xs)M63gK>AyFI$?&-mV1
z;PbB626u^QYhUwn^YZ#IYfQrLG_|kSZ6J-?O(|K7TjzZv@YH7x_s31w^64Ka?_U5_
ziVJEBNh&-0CO>^MeHb1v%aiCCH=Z98Lyoc4@a*#7U~nk|2;9M@3<mrZ$oE4ikT>}K
zzk!~4y^3|ZU^@`$<$5NEit_=22!BXZgbzD{oq6F?+<4A};%hS!HTqP?9`_C0-3XQ!
ziwhx_*R<@s*&9@IV3_RC(g#nW42I0f$EXjgT%-4bMUQCP^784KBPWRib7Ty;uklM9
zCL+$bUl4f%KcChnmwwNIeAG$3_jJaYdw(+wLWRfyOQIvig%JP1fMSs7*TZo7)8-Js
zh3A+sMjx{=ylRZ-wfQM=N6y1Vq8~;wSw>4DXw9w-V}YQ7SxeeK3cIi*2*dv!OFN0M
zh&W^@i%S?~fIS#-rYVH?{CXS}O?n&rJY$zWTVYNhltv!p#>u)Si3&va2UtZVi2~F}
zq0TQ>p9w{Ou%?nJKkznvM*LZU^cn;Lz=TQGs6os(xRYLW1B{iZ$8fI3&*9KKhkg26
z!=vCU{RU<g4h?6ElIg9sCJ@IVR}3Q!{CGTo=6x_&h83+1ahiYh1~2(ErDP9}D~9`7
zw%D%)fnT;H$2BcPk%?X-L!I8=GJwuk^jMz9$VvNjzZ@ZW9x>uC!7LeZAOWdJRs`S#
z2csC)xw88<0ZTJ~y8BAu$}xI_5Hv^GI{u#Y5D5*>tPyP+k8%<Gq38lp5cv7Wq++IN
zyT*Nq+4=<BLG!#OMP&Ze@PbW`@}*JS`9kuAH|6L+f0GIrW4CV?O>w8>taJeIpx5o5
zT38r!yBphoeYSZc-{`pI@}St9;On`X<{@bs%>nE{gycYmu=y(yT8B`02dI1V{V@b{
zBmWcV$AzO8E5k{uH9Q-|+$=qJ9F~?QS_mz&%c2vboS$Vn%&wAl*&Qx}v>nkpbnUv~
zGgl>jl~$P?dyGLF2?>M2@TB;_)_xT4sm|jC%U7_N*?Ys0$#Ch_bw{>d7<n-0@Ns(K
zPPcrLAeH@Rs$15@JbjFImVKJrwdbXWOnedbH%_t**rX|X$dSH;>;=kh(G<aZG%uJ&
zO+xtejN1k4i;d?y{O-UW$!F5!-4NGQU+MO&gk=OCb>MSjowpr%{XBY*On(40lL?98
zbOWrj9xmG`rE<Lck1{gc`T?rq3GoG2!Cw)gWz7`)PMvh(Z@Aex?8QMZ*z$ZV7&1cW
z<^-*9CvOhEA>!{NMCrj4I25U2_Sm-FaKo_HvyBxo%3<Fr8!UvCIm-)6DC9b4Ji?LJ
zZcsQkV_Kzb1_r7a`Et+vlz2{KCtT;t7s&q5mXHoxAQ<C*|20q6QH8g|F8fFBJgL8<
z%+>Jrvh5z>whejeN?xs0j5w2h=UK3Fwa};BC%18@h65{jyJl@6ZJ`3~WcT8C8VF|%
zmfV)Z6eK4s<)X>_JceYDU}Ro#RM?SrtyEU|*b*JFlzV0mNvp=T%q0-N36{cQAtr*D
zKcC-|WedHsZiWlWrB@nXtVs(tnyN+KCz>AZrnYeouyMwC!dv4j&=rkK0?)!uinJSa
zJm_fTjINzx3sZ#3Gy&IR$To>mv|W-5r518Gfc`{ZgKdY=gk4VSID<(WW4)H2U}d4k
z;5=y?tWMbDYhS|m*>eDG#{;dJIE=Kr6j#Z@fBvl+Y6nIiDbqNN+wuG6O1T?LS|X0S
z04W;}>;pTTqdc-5?n$&z1b4U%{zW~h<(#ExpGD4MrtMWjgv_<Ao_%0lMGV{<BR?dq
zJ;_XsX3C#C3Q+C}(SAp7@$_Y}C9%^ywO*(l0d2O)!_h#<PJ!g3CPnR%JQcqX?DBS;
zZA_W(4!()%Xs{2hjTq5w%ovdzKBs{WWmoP%nKv#`{IQ>EB|tXztug!?J)lzq9)oSl
zN{b}Na~t2fcXHaYN2kT}EjsVJ81u$J+xce4kGDOL+vPzNjWv$kgu&xRl<=IR#+YOF
z;rmG(`Yxx>H0K^(SGgm795^oh@w)QM#+e1+=_=_HH-y{w3K?EvN3KmW{`lz=jreL`
zc4vM7`jNe#lf8vDAPL@_I?c&}zK3k1e}i<L)T3F?9+#tx50M-NKqrDYC=?=<88|kA
zpD(&eu4G0AkNO+_S;?KoXIuFw(5QE0aza~UC@JG)-D+6P=-Tj454{vWTcZ04rG)CH
z?c_sIGyfk5H1uTJpbgJX7@OLYsALXUXyqWtWzo&yGCfFvapB;3v(_!BnIwbWUR}F@
zVtB22KqIj4H$cY+67eK8@ZG#bA-dnW{Nnhe0crnlV^+{J#u}2LW6G_}Kw(3n4S6GB
z|Ebnk`_17^6!~B4a<HR~Y#$E?xv?>wE7c~DF2L7k$Rx_exfPcDqYasKDo`v6v1#%S
zXc`cOT)P+eRF7pAH(u1~z6@`VsFsF=3*^p(Bjb^*@V(u@4@DHHVb#*TubrsPD!n|j
zkd-3Kq&&SV5B|FQ@WP7^WDZ_>IbF+oM}WjQ!#(O+u;`18UCj;CT8XA$Zfd;wj?&kR
zOBzQ%uK~U7KW6K)ew7jA^sU}6*TnRXcaz@hHke#`KS{Z`sISE`Fn<CaXELrlj25jQ
zbq^UTJGUkoJbQ=ep*z^ysJ2Ecg(=&BTpZ(0p4-h;(`q>52;U(kjhd|u;#pGC1|}dT
zljdNv>tlZLbB%F|2y!A33vdZQUV_6MbY$5g^NC}T7M{dLU<Xv7o6F2{#G!#xrx&DA
z%wws=E%fpbB{U39><iooYzW*+ZItb+Y+Q|8IcLRAJ;?>~h3mys1={t0qt00?2{~qS
z!lB;UZ#3*=4)|8)dnFA)c&R-wafbI5jeup7xX}!J(0$4H<jr`B%s`H)#8HxOPzE6c
zuZ@W=)$C(^CvY?S;Lp}(*!_ktfD|zO<OAPLuR7+i$gV(|j`^%hK%S9Ypv#>_w~gn0
zHjVmhHC=bDv;{ktper1aXupxdV}V^>P<Q?5k6-NL(^&k@T51oS>`yKxvzm^Cw(v=L
zsPM4^$l`+eAF+m5!m|a&;2Udc1CNi9v4znVvlT&x+T#g+*5QFEvxa@&`%r_B8K?{G
zC>{1Mj9ty>fzCrDmnX7FdhKO<_dz<OjX(l~#;e8Ph&5U(!Av-=?}O1dSlz=st}suJ
z8w4GeTQ*Y>pv^-;e!p3eDP?aj5VlWS-QeMEtj+|7GhRKdF)26hCbqB-^&5B^fr3aW
zn^9Vk&RWk0<`modpinoI@}?#zs)s*?wyY>#Ez%g(8?Nv*ulDj5CY3ZNkn+HV2fECf
ziKk77v}P15R4FyL79<0+;l{a)G9S@pH;Xz0#4OodK(6Ju?;D7d#`JcrAxT-%mX2o>
z+t8?yK+8s}-GbRmZ5gm6Z#qjP2BChuExy>?{V12*TWiVg$ps&J?6|${G&+6#{goNK
zg(>UG0`iVId>WZma#h;Z_ihhAYnkW|izOWud*h%M4wDuU!PYi0O^JK%n%0SOlJOyn
zk5M4%>q|jPY;UCQj%7KYcYV!B<{u8<G~(m<yDRP+m$eU(u<ZQW+ne!k-ftFB&HNPH
z4%2NZu75H^#1SdHGfZpj(wFg;yEtu)#$UQwP5C%y^cVAl+n6WuWWQfH#F(ZHFvKnk
zm9zgYsn6mNpz9Ys6F_sEMwrq+6PtR==m_DFq!9r<;rTQanRb<b<ht(^yR(?`PTbIF
zv|2NPjnId3h9s6GBn%UD_=c%}9Q?Aw`<P>%?Onfv!Ga){M6p%`B^Q;P$W7x#><MBs
z2y{xzH|>KotMhf5e+MVIhwM<O#r{GR1#dz2jwT+)GKO;r;Ck;PQQVcsi(C?0dwqUz
zx_2QjfS*IEFM5rT#x9z2`Ris1B_mDMJNGd6H|}EY%?HE5YSh{&u!5ribc&t6+J+zZ
zn!HkDId_f3CXVflkkOj0Qp!SRB`a3eAr|`=FzCd<o09{b5i&CJE-?ZM;nC&`P<2%_
zsH@%MHgr+T?XVcmVW?XArn<%p67g7F%g6LtZ=nenH%{rJ$YwTjM5!^dQl0m&@YenG
z{4YI%lifvEAD#>K3kKzfqf;^5LYW?)F1=fUkztX(uTR_Lhx)S!3rb36Gdx`T%!(s#
z{l9lX&hjceYv+rT28i%!6%>%!G`B9?&-%4gANtqkZGz@R6rEG`s8N;~bR{>S><YW~
z>xOQ`9}0$6t{RNaMpRK|YFq?JOgGJqH_g3)UQsnEN`sb_p{+w0vVf`0vgam#Aot0x
zw-p*%u;L8$QZ|;9b=ER(Vsmn{v~v~H+h%_o_*DeT73=24P-mgt_=}%I3~`O8p=0U;
zxm12h7iYh5OAll8OKoR#2c5A%dWTqUnx*X{-H5F|jm4GT(eiAE7Ml`1BG49z*H=aR
zs-b04Z;c#L^Ws637hUZ2!JYigR8nFjeuRuHu8F|sv1hSw%GH{hI)&3jQi7@_r@_e6
zs(<mvl<k`9F=La@9z!B4JA>9{`_qP57LWJK%8w#Wx4T+B>-DGb0=n?7XT2HcmzARr
z_m|-vHx1f0M_GhD{8QbKvP8Yy4J?QDgid=d&>bWI<W=(<l*`p>gXTKTK-Nj4{hfxE
zE&D!O{JhhUzwPi+mDAmlg^gT}R>0hwthfWJ_Iop3wRn#f^5KbJ-*44v429uu#r`q;
zuAxz<jKPLa=J*qXt28Ed!rQ;}&0%Hl(@~2IcJ2?VJVF;OM<84}T6c&(CS>1m8_h&F
za@%y=vF<a&Q+25PM02<B_u+}#oan%n=zhhyA-P^gtnj$c2h98J^b}X=z_UCeToP`w
z4{dhoZKVg`Qv4nfc#;3Pup`#c%XLtlvH7ywuW(j&q*Q)!9*8mfw|7}Z|K{$3!xK@a
z`IaO^AIwWz(}mw|Bz#zE6gS1K<9>PQY}&$Ej*vB!m#Lnh(gxw~$bu9a`K0hKhfUgY
zcJe$LFA?6)3h{0F4X2~twk5jcuEcP>kM8o0uFpQBx<+`dUssVam5vYlAAy7zd{4$Y
zCJ?UN&G%`yC*ku-KzzluL|O~&=evUD?H1Ih#=t#_QiifDM*%Cs6`!e8{I!J|RL4$_
z_XnvxrzAJ(k1IZpwV1bqGG=X)QwF`&!VeEukAwKM(v7-A2F(Dc%%34cbeik+RW64V
za0_<xdf^=pyfX`W>;A&6+#6t?Vp{q-bhaqMk$ox7Qc&NYbe<ISnS;cXZ~CSl6x-GI
zR+BKg-)9+Bc*<t(NLuXWWmZeb@%s~2bs_p?Vt&34r)$ymeFl+`J~s8+eO@eUZ*8IX
zg^@}(Ddqbf(YbuqFbTFwvX&oZ5$Zi04aYt26-#r6Zz3Q5D4X^_ZC?0IiJ8Ox^y65x
z#}Dz&Y(}t?uk>(sM#>)_A7gxa(J%GMZ5nrdY8toIX!;PZHA6VB#~3d?DQE3DYUX14
z(Df3ewfifh5f3=SB>ru6>K&4-$Ds}Rx90ZRw=JaYw!l~DgkA^M46VPxH%K6BWiu8I
ztknLmT7d_Y64E9twt;5_yL0EwiBesTsf3|y-49e7X67t=BBB!4)|h)c&^Uv>&IjMM
zlfqhxBke#4xVGCcp4Q>FqAH!IAJ?ZU>#vc(JATaIk{|(<W|SESwG1Y~do7&#+fgvK
zYs?AXPuak$jz>9>-KjEgBW3QP9U}xQIPj)|rpDIkFRdJr`1~362oHT}_F;g~P{P4a
zPB$U$3P-aWWv^}f4Cvxo1$+{vKG8lYK3VCMOT%sOIYDTB7)H4@qs=qTW6sNX)|IS;
ztiI+W4fPsE<;)d!S`5pZjZxKAb)S<AqgQ`_%-3|^<n9R_5gmn3^1U9tRNdGiVG&%P
zfv{GyT%UBifiplLAXUO_;=HMfI}EQ!vl3SYSHjzvVK8B9Yw!=hVwM4w;C3_8`S4D*
z{Gs+xbX=YEk`N3+1b`k>oaVp~V0!nvSjQ1}I^lID+;B+dT_*UVe?qvctlMY%9uIpq
zqx0Y|+giR5?@u5IGtP0-!Y^A9$gVBVDVq@BFC^3cb^>V0$Jg#(kuhC!hdf8o`+x5;
zQJb^&d5(6t$9^GFu6Wb|wS^JQGJx8G3X|klEuaW4myelghQVBXx0z`Q&((}qE$Gik
zT01;V#1_lod8Jl|ORD44RcbGZ{WMe~BPFBb&yuDh-a6hDLpmwh`^pKV)Ywjklo0hQ
z8H(E_ck`1E@#LdR&iKM@7_CRDla-aJ1;(voT?KpQQ`T+@e-srjD^m|jl-3&v3UVb&
zERs2ka)qfXDxKAopI4<F)fP-t)wUM*YKJUhiW)0(TO}nVr16V4E@!gKTVYKrpvXth
z&a8sS$r5_sTM$BB77!Z9GHXv)H8T6D<-FOfL@lzlotY}{EAHImQ!+Uh?sicVt^^!%
z0j860skdAOxwVC@jhjlP@e8VI)YuJ~ExL+cPK+?D=HE{_BWT^G5Yt=GBkJjy#=tx8
zvb-t;JDcbe%1kSZ<2EF{E86CjPAWTOO6c1>(KIH3^Qx-zOgC!tR0o-wNaL(!i#ibH
z6d+gK7|!6Ke(9+3FO~y3ta>G&fdav&DGx+7u*iN|RG_&g<{EmJHzOta`K`5(sdJDI
z2aH_eD@rO*v*Cs$p<%&2lIU(aIxZ4{xQB64Wl}iQJSq>Do|1AJ19<X^dR!!D+0v!-
zWm!<WQDJ8B^PZNLWm343+}6pnu=?eOra~RTvqZqtXb?;KlsS1xsuVQ^J>3m?q<&>p
zcZyu*dCS}Y1KiVW9uo?Il6(0|6H_9W0~nq|@oXn@l_hEyf@$#jN)W}4b3Im8GQ^;Y
z9RJEB)|r~n!-PKuI&*%dIpsNxu;lmEkp&BqIxhZ-ON>s9MfsVVId2InQ=mq9@CnLl
z399nEr$M8R#PCO%8azvV9Mk0?DAOk2R2CkxgSal}7bInxAk3%YTOEPvoVU_ZYL@(v
z?xAg%Sqm!qm<^I9E)_?u)-(@yR@^4G$&?B|N`Z5dK(A|zV_i)JRRM$vo+1KiBw2lV
zHw&sgZB%?0c{jT01;!yAnz>L(9vAewQY`E`7QH~(dBF`bMsfU$oxGyU)0E?AfOPk_
z!%U}l&~|SxXXhx$eU*unD&>1dr<7Wyvz*T%oW;b<c?AK*j;HlLaJHiolZ-=^rNl)l
z1sxwOk)ubR=)B@JQKlF_Q^$@Ez#Mp{u$T=9zI@7fMddNcxRV%<``_Kl5>TMyRQg^H
z63eE6u_uWeO~JZOReal-zObAMLyCOaS>vT*K~Cwsls$V1;D_wqbz8lr8c(n%s}inC
ztX7Ip9@JA<l|e+?J{yo$AO5YnRI{+~WeQuRs)R@%G&GabB)+&tL-Mh|UC?B<|Gby#
z3%5pcl9a4V-%w%lxO_%Zd62X@Qc}KfA1yM2qeb2i0|MJ4a4tS{MN)K=#l%Z?^Y|N?
zm8FlsV!p&}KNy*rppUIA#`@R@Zo*FwXW30GGSrs?8CqpWC-Qx?-t0hB4YezIPK~%@
zebic5(TKpYzvJoa>Ae;(j;^u>1b<=r(J8SdeMAKeCW}W}upuNr_Wj>N<7)N)&M;c*
z%Idm;j>obR!zKUr6O|dyQjKOdwKf2ArVdDhaWoJZJT8a9hS)<z!?Gr+*3Pab59KHO
zn`4YVGZ{B%x_|iftQ8ms3s(yupKes<GP)&~9geM|ke$TMP)KHGk{cNZQw0E=>R48P
zCn&UFbE1BapTR~249dHD#Z8;y{M`835FX5=;h_P6-2yY3|5mQRdH-!cSt**eG`iv2
z${$ik?3O(8Lz&T53&8qs*G{VM`&34C%V^#FkZ<f^3WLj2;I1befv9k>ZQ?1h%v3Z2
zBb37_!mP16j3~neFX_n>wEBSIIBJF|DTW1<4z~&yewx*_vF+pXzuH*#-^svjhdWmN
zT}(C<c1uc%8ZTUI=~!wRO9v*unKo!5gP;;9K}42q7!^e)cGsyd&g5#j^%kCR2*7pF
zdi{10BA*qsJJCiG?&iXgEVVkY#F0K!nP-v<MpM_QIN&ar<bfjpqdOn2P7{)F$vIt7
z89uIyNcI|QAY%jJoT8?sfYc-Gz}~&F8V0e+qJ1W#^cTD!4V+8L&3^j0>S2C?Ke06V
zEQOg5Wp!~@dyulE7_40N#3UoMD&MCViF%%<Zh5<4;Q>I@DlC$Sz56mVee!C!k_8Dh
zf`h2&1C1El<`8`g?hx%ohj<J5{GClPgTYK2D%%wt<9SG*Y#=yc{}ZvC)XMWI$$(75
zX_+uEVLuC*W@JNM;@MAK;xZ7<2Shct3xS4ei;!l7r&>`Ccma__lqD4XRI(j=9w;>$
z<uB#P;JDIyQxqiasM2toM;!MSCrG{mml98in6h6+9Cs^36z8Qgod3ogEkQp{naXHO
zLiW?>97#~jk^P7d5`To(IsXmInG`52Hu^=pb(x8|HJV0YUDS=7h49+9gWw(I1NGX!
zg5(_qg75;sc{^(Q_#jyxIv?pFarT8dNPWx>s4a8{Y|tgpkp(Wr%c-g)Zi8ydsLjmL
zN<~@Cc}qpm%`vFO9>fK_6=1@GjbJ5%<fzjp0x)1l1K1vl5jz`(|Ew2(C+pt8Q--)e
z-Ju1a@Qd<?Z5=E%QX}B-%%0MIq6<vC1tz=5FO>%}&S@uyf7sEKWwRFaA$WhZV2kyw
zSRbne;AD%y)VtKpaF++CIplX!s$6S<+nDw?qfg8FeJn7xrSY_Rrb}4Ib7dFf@HTmm
z&7E!08KN!rG%r{$qGdCqBb+b1y!?o-A;776(3O$jJoCHFp@iWr*nD)#@g}J+3o@d!
z-!t&G!rlsH41#(w24YQ6KxNTaE^v5@nw%ND-29F&o#8f@YPgvjPL5=O%p4D9J194U
z;4U+8USjrEgqg1;m<Ky9cB+aUUGQ>VlNVyZePOdbCbZX%a+5K$<v62iu&U4y1^4L}
z`_Lu0oqIiac-WY5g5Zu>(cozlswj^gd0}f-L%?|wtCyd=U2#vauD3m_(q~DiGb3Qo
zt6Qd3(XF6xf2g#ON|UK$n#e@O(pivxRVnw4Sn8|CE;X3<tcp-^ujrl_oF=9FHB@e<
ztZgGlR*v5wWaGRAUEd(uW;#Z2Se1Gq@=zU1S;)EC6pw#~r9(D7ba5bOsw)qMp*bR2
zVkYNxOZBIYQ&;YEO~eQY&r&J>a@OO+dRD~jIu@{5VxX%8%N$?5$!jTz4fQa-XxcmH
z`KX*G^bv{uy?s*~ES|MmfhA?!h)sSnSGGe9kZ`Um7wN@4|5z&-u?k7v7eKI@bCe*R
zm0Ec~fRc~sN#O-Y2&3agUIU$59mDE7Jy>}y+0gXZm1dQ-&thrSO52(_vtZ-0fj41v
zTl}WW{M4TFSLA}4AvlwOIk8rcOAPF%qQrO*2AMT?MTDI1eB_b)k2E<UGV4o4QHQ{!
z*_`p8a2@k42K|;8*sU(p%or|G+pFU85Eo}1oAOI#6;o=hWQ)v@_vb~7nHzr{Qw9z<
z8w(|b#>g(Orp;K#9K+Or3FpiBe4SDBryAtBDRUPGlr>5Don;IOBVKm4Gp0oV1|yb4
zPdW?4y1CWLpEw1|g#|p$n{%gL*z*$rLx^x}r{#q80R^hO_|vk|U>4Jd(Xv(PPOMYY
z#k`eDyU4NwB_NW=tpe3A&f`W#_PH5gQ8tiUZEVl8p3MD$C-|Z4DbbwX&7vrAK!ZJ;
zW@GQ=a^6KFe@d@%l7PT2{f?2|i+RFGJE8VNVQC~-LB~sPLnz3s(;9c7Z<Hl#q=UL^
z-1tLx<If^w72(slF+F!hb7VjFF(Ua9brr=@x7e7jErtS*4v*)lPTq=}SZ8HXd>wRE
zwNXZrC{kU%T^*`kd7JJzy-7-T*hxoGdnJWROYpwu>2>gnC4P8nr}oB$4X<48uz@V*
zWAVe|F^?fa-SOJCTcVngCU3qfnVZOhuSx!kYo)2Dcm8G?(pW1gD~3sp2YD`cbMBpV
zK$##5guOB7uS9SlTDJqlbv|^ZXy3++Gz0cIj5onRy8~?c912D5h&8RvU$CbFBe_36
zovj0P=E`oSd65Qlz3Zlx*~BpZvcXWMK_5Av!`QQ9Mrv%j)(=rOGh<htJYxwf6tn3O
z+*2EO3cV_5vPi=1_yEg0N=6NsUntW+)F2o?)UW2?v3>?eh@HskKZRr-d7R9Xs&$JN
z0djxLF^PeSw48@+X21`5nX`wEF#owJS4bOj9}YUgVbJ&sCWDG2lDD0V<TQt2^t)1!
z9D++Jr^y6t?#F={%bA=R{*<Ogyv)62N~T*>>~TVYC{%*4!qRvg)@RGL0@i1seNprY
zIrtzj;;b%%$@-gQ(|A5p%1u(wK4Z*8^vJ3Lm7>R?tA@4!QpI1x+g#7Q_$X6m6UI>K
zR(gug8Bfb2&qZRl3C5tCqyf@|F-<uzPE&!`^va*9Jco?BVjd<H5hW`frl>7E`9H&M
z#94o#j;9_pl)#g>ZEDN&$QazaIptUo^}YTq4IXc8$U0i6jLH;bbJ}sq2LwJFVpt{g
zIP;W@iPffj%3dq-wv6?*8g(02dCQ*XmN$8M`|Mi*y$yre674QGaquS2sg|U6^64$i
z>GrR%)WUT%qL(C>xr#bzY=M*OJPJnaI2WNmQ9b)tGsXGCdyUlBzTCiNYe7{?bMjR8
z?7rW2Nz33>bqFUBn6qhnpEF=<BQuZskO=UqH0W-nS5};`*LT4Lqzq-c9^K>EUF5ee
zaYap@o3`-fSkddzpAty*CD;aG99z3A#T+)7Q9h?87$A%RS84B-JvuN`<UerQZBE`H
z)GC6!AF`}mvbEKqcy%j-@jOSn5>MI&+Y(FlzZbd#W`5ez-BygXnh26*FDy`3&3ZOH
z%*+JkmX*OOL)Ll9>y8@J{iqNXJBrt6zg=klxKk<0YNdbOQbvmXweY7>RQI#hGumsz
zGy2x95^7|tj9?yjB<Vi8q-}A>>iM0zc&V&<__L-p)=@@B;^Wh$fWW2T61MMiqBVA%
zrtjnERPxqE)#?+$h3vW2rNB1wgXgRF^AzGUvo-eb$4aXrP^&1bwsQW$uH#H{E77~F
zqcy)`ik0+cOI0UU;p%kup$zvk^ECDie^$j){JN`cl$05_4P)Z%wM_cf*C9covvhR6
zWAWWhHD%vd-9+)jMuq%2s~AA_SxX%^ZY=*TFVbk<a(43f(P!ssjF(QvXOX4YEo;M%
z13uNCv0V+W^E%)!OG}aazPYaVI(r{hR$`sQU$p=aR>Pv+z^Qq8%2@bJ2E;xT(6g+T
ztoh1!e*lZ0ywo;!ii)S_^_V;1T-0!k*^oLU-%x&4#wKgq{;~U>R}r66C>*3`wXJK%
z^0@J9a(Ro^%2(*qi3MNhNDsHE-{qiIlAd#zy=MOm?N$Zuxh>^Qh742XwyS1eiuu_J
zt_4}@!%;2h8Z#l?j##fg+9_%HC}}uL<#t8>)`Fa~ELKi&c*u+#hOjA`dHQ;s^mZm#
zqE{?wI9OsIJmF1(?5ZgG(;*tDIow9gX+z<wEiB6;^^qOBC2+SzM?xX@7e)3f17k4S
z%?FpHJuh}ED0-`Se~J1zL2^@d<Obt*vBrLfE&&gY!mcoyUD?q&P=*6XQul%4g4#ob
zjG=6wETO$P7E}4QT{2T?1SNsHEVhr$v6xAfBR{s$EE9cI`F6YqyO((?)-3TF$`_jk
zFMX#~5V7@1Z!oq<<yIMvGdq?-rB;tjuGm=btA3>PBQFNcIUQNlMGaikKrD}IEpEuB
zcj&p|NFMb{Ni4o=tqxffw>1WV1Tj+Dh)_X3dTM=Rv<>yjOSZytX)IKP@ff&3Z=&LD
zw`timKk|w-8E|Z$H^JJH2_{W>){takx}+u0dR-rb?U4+3e1B8Q_`TIE@PS&R$u+3@
zQlr)urt2|N-QWVgc5z?}Rq9f8By}OQ7bl@ymedV2&CMiQg$ALQ8cM^0NX9;|B%Z}T
zAIE3}7WX+&GLfMUW=y4aTr{!NI8+j&?CXy`3dexqQya+@*`HLbt)8Z${YwU?4A3KU
zOCI6=kwOy(nJ}+M;*unOLFV{MrkEFNnV?)^EKAxVLsn;#(t9qEFGzL}K1|z8sT3+k
zRzOXqFe07M92~nVwU6;5B_}pb1)xJVS2)^RFJ)XRUHAkAqogPvBT3#j9>*+^6DQrP
zYM@9&Wgne3_zc5dLb}CIUP@}`uQIGO@{MLhWyIYbpi8#rSl-LQ7mI58-Lc%bJoK-E
zge%;LC2^h#APkr2Z>umMiwt`&REq3}3Sd{Xjj>n27S9&NwmxpBPrBEB2^|jGltf4+
zwlbFZ4}Nd7l<_rD8RN15WC3=7fNHEM5qO_OX=whsKC+^+;~zg#3hV%5R0%+IKd2}1
zj3nf-gdpt67K7@sp5)8GTA)u2>89+<-~g;Qv$!_x391$Hi@JEZUw<*FCYb`pcNj0x
z)lfxA68ac>ed6}`fD~~`aYkh_;v{i<av1+`qJ(dWu^`dPza`&t;(U=EO8axZ^Cc|j
z`00?bZ7(EBl!u2D#3!p50$$+A6R>g`X0ou9Nwh+B$-cA1Dd##N*Ti36M?=Bce{Ysj
z?(Jb^|E*6WK>d}=?>w;4{P`K^d(0=(?e+op>PyS-LI1x1b^MFJ@efc36FYzj@IOc$
z|AmJBRdH9@!`_5J)Xvsf*u=@m(Zb%@&hg)&tbvUQgOI>KKN?{ZO9NFGB?DV0*ng_=
znmG}%e09EL1O@Hfwdj}_0gOa+EKICKOl<6&L`+O<Y&r}Q&IZ;NMgq2G)+R)ZunYoD
zMkcn-M4SK)ScZQz{WG8gFtfrk2pQOmn^>5cJO3*P%b?_JVxvmL@g?(*hOZjHCIF&;
zp+yv7zi>kStFjR@`~Lwp!paHwzmyEtiJyo}lZOukazl)r7@}2Q1!7Z$vBVKlg?|)V
z5EA*NQ7H-`8(?_6I(n@~&Wq%NFL!R$^n^e7)Lpe%+}O0U1+yF+RoV?Xw{=FzjLMx<
zoYg7bHd>K))qWm2;?)kM|7zYUbY1}-ojIn^bxuv$&bdz!>aLzqd5>b~4Y5V&d?xa}
zX%ilv^}RB_$tKOqdBjwxdZbM{WlRn2jNQayBtA6T9Sv<b`=%@Lg88fm$A{}A30qX!
zv?2_VM+|+?nT+MCAB=6-CKPnOU#%$VkDjc*aYZ_ra|UCGESH<o&6CwD(l|5HK{)Sw
z`&CLWO--{l3~;AZmQONYX=Pw;Ha)4G(%q-B{<t4>u79FySXgI*Y%%H4W=z_ziq?wl
zLY&^O>d}bp5}b&ATR=>GQ$djN@%D55pfJBxQ;mCT$T)bjGQSNUi0dlN9$^@i_JN3s
z*4vR9t~ySL*6X3#$8<-#r8$LrwwlMhg{p>mhUg4<^WO{u5)uTy!TLCSjA{&+={wvL
zU6bEuUlZLEZ7TtPYd>ITyPXnr=X{Z}?~xVsPKY&aAA0<l=a2Lqc%km4H=sPT?@@NN
zPK0FIpnj$ifN@jue7hGqA<i|;4hD(jM?!%Y;7yJueAD{fwS6^9Q|}8`=#8-r_d%!5
z%`=~Dmkrh6?jD_6e|Jo5NZ+$XX0*yUh}AfMY;w&>#5*e#aHI}^><Hn7+7~?<dc}Cx
zSzUF!ru)t6$Mfj+zCZEGF<Ca0m~nw;omMIL`M6_`A8pdbhrkNx{onlU|5Z`oza5J~
z$;Ht5A1_mObTRptDrn$j^3TovzxtPjqm#3cxq;(9UL$SrpM8!mhf}jKb~bm?Vq;_^
z;$Q<1v2m~vv2k(`F*C7$_1TD6Ihlyqz8r<^3!R7c%OL^mUvy^XulApGMrI-aCkrem
z`#(IaM9iE3B9<>)PgWMruknBIFf+6Lr_2}6m+U`tFmo~zF|&U8;Mb9jnGN=<{d4@c
zF|++k`&TzR`xoCA{U3Wc{;}yF9u5v7_Ah<^+W0l*U}pbU{-1eSnZMTY<;I*}JpZl*
z@MXup^RoQMTA2Q0Zg!3@URHJ@c9t)`FZ)^9S-<T4I`_r@wH_kYuaLvW%1Xq}`n49o
zKX!lV`%gRAzt+zFb)J=p<KM=~$_UH)b^Vwa|G9`?%Ky8g^B>{ne}W*<*A!paMX(IY
zb}F_O{}dl5`ZwnMf1}WUfu;UW>2emvf5iTmK=j{`M*sjb)Bg|h2+mn)Ddm#a?CiLP
zY%F#Q@mr(`+&R%&f4d<C1dP@o<O-k`o~`FM?MP#{r*Nzd{J~7Lm_+J#SO>*aG>QU?
z*g`6U+K{z+DrO-<w*u*3Y55j~PDL^d8gr8cDdj)wX_EY#KR1t#P2h?73F<BzNHV-1
z_k6uRjXr--(A*qX6P`@l2E;7j-V0lnjgtr-A3-~KY{oQm91ZlLn12#<3cbhpZI^Vx
zzrzVGgE|r5Vd0!L@wV-KcE8#o1E?Y23APA>FH3}qK@PJA{!HH_^kXVRqhoac8qjC#
ze8``khrep-`86lMeCE-4demKYedo-5yn?ebu*TRf*WHG7`|T^ebFvL;Q;z7qW$nj~
zx)(lsD*v!cW~5l|M+g+Ydbs?NbO0LH@!q!3XZ8fu$<HWsf5n1D<O+JREGz!ct9OS3
zZMsz9svh9gjMH(^o7~JdO)x@C&xExxwZ7rGW1suR?!2VwJ#8Mf?uEYNvr({vWc#XX
z_`g-b4RrhmHqIc>ijr~Wm|YoH{O`v_y;RQ7yatP(yf3_8X#}AJLRB|($5rM?u6f?q
zoB@Wgr0pXp@!Ll^KjKlnkWc?yO*Ct|$9ZpxwN1P3i;Bg^je=dekUz|=^EsMLXYn5{
z-FSLomb>He^lg+;s&VI;3%rtg+>qBtZS~<RS{r6vK;PsYI}DIta+-j?FeRXSa`Dgl
z+=D+w<|?gUtarFGh&N_P619iQmZ(x&l9ed`ye653>H$JH!>jB$s82a7Jmw8O`)og`
zMen283aaqaL4HI|b5L_vqM;=pMT@ZD9ZXbo<}EI4>`r-(meMKdiu{q}4&#bE{2LmF
z$>8ctV+ze97MLPdqv5S=K<|6x_~%MlOV!0WT<mjllT@j}&eFeg($;*I{W!?ymlA7n
z_zUV@n9mNha3k!7@dA~u@F*r{!*oB5{KW|S<a!vqUAo8K_?wqe%8a%t?U`Ek9TWH7
zTU)3@!pEOad=*sz+6I2@4J53@T+9j^OLR&~eb5&VzdiZL=rRgT-8|I$mX|l~&TeRY
zNMd%it?WM0ehWN^HOHkRd(IY5W$S4wCI&30mX?7QQ||$ppt>Q%vzE;{yY~7TcMYbk
zUxVs;+IHpahYMR_mRB537@IqGyvKzAXkS$rUp9=TISlXaHh~w6C17&oL{^VO#}M1Z
zwr7h`@D8vb*o-!<2k6+$?Mu~UzLV}4rx-Za0^v^8lwDa|&0m7GdDp>%Q|qzU(=<>c
zQR(Vf|5e6@;4LVK&(VPAQ`kl-=U3lUW~V*BhW*YBLQm*BI=%4Cy8VqW^(E96fCOcw
z!Xpror7veCNHr<p*u}%snmUi#pb|Kat2$w@LBAoo0m#Tr+Vy%l$L{-e*J6Z%x@5J`
zZkNh<0ia{1@`RX67lFfMh#A;b@r<OQ)Ra%67%M+=e~8+0p}))IxzGDt=q$goHnd*C
z>;z`HUEz6+YPM}3e!eX<!dYFey>Ev8LM1Hkuww_V8bvuq5T5fL-&A@fnD$~KEAr+q
z2RLg_w<>bV6{y18q4{f8kf=+c`3wGmxK@*{4;aF$3LN4dKhuBV9?n7#-mdwcm!a7p
zE5%|t($GL1Z{%*YFvATj&BFm^ltrFyxVicw<%Cn%o;`ao)vcejw(i!iz*|12v1q*D
z!xzo^@03T;k+|lBI>Xumx?clOh-EJ^E-BhZKyMjmtQf0RX&MTe#VO@6E$Q4NTNRZ=
zsO!U@r*_DC4IgZb{akA%{j>rSMiWX^UCIgrS*))5H+s2DqAW97)9&wl0`;z`yi0u^
z$Yr{01GXZYsD_k(tfFk_?nsS(ZF6J=#z58U&3nt-Bww>0EGb8sBU<n+g?n;ZO*B2*
z!OF$L07gDT_{i~oi0udwEc%A~;_&4?CE5pYm+?$?(c-BQ{$MzBt|s>t;1&Da8D&!Y
z=)KXr{HnC<h$KTkttIvSvI#wH(rySid$mP=-Ty2@E0V`k9sCHR7tHa~Sf|v$uaH!I
zm}YV>aJOCYDG_>LzyrZUJ#H#69BxK-0@0>NrhsffB=Ff|UJzMFn|^enW5hmo)pS9D
zWX)_rfsR>`o;7wy*nua!n%V4%!=rFA8Qs898(Tv@VP9#@T<SUY%`dhlw?;81Nh!gA
zM@?Pc`DYPzk~Vvn*NFcc1Qu{Y`kYXOdabpS@AWu_B4Ko9$nN8Gc4Uf*?V^p*pmd~$
z4R6)k?IsrBGskOdu}g>?UiAMkcF)1F1mK$RW7{@PY}@9EZQHi(oY=OVOl%t`Hco7P
zxp(W^-MhOV{_2{Zn(msZw|cs}e*HYDND8AwZCHueeAc$0-;0(ZQBIxuH1#-I6fZLv
zubQU9o?@Ot{Q7?&@y!Yf3%d(w6~ggDxksy)LpP~cvSg3Uim7O3s|4SYV4OXN@o=J!
zXuGha<x}b}lhhHvB|DouSoMgz$Z%26vW`K}wq#J9-Dg9qlVYZYaVl9oI$~bHHI6GS
zDqk;p26f|UEiJZCwY_gz-;QA^v*g8c{cTy7?t%k%MRl>|xIgaS<6XFU{BeDDBbVh@
z1)TdI0|mYgD~1>(HvaN6{B1{azg01c-FJ=H)A>hX&5}_@{tL4bo7RFz-1+eyu*-Gt
z!WF^)z=bs4>4`K7&!rU$Y#EC0k*?RZm@v2nYUo;PFs6!S@uB=ZSMo6^=pQpBg|;MR
z;j_rzD6Dd_jB9CtE5ACQB5T;K<M4ZIiMHDFocq(+DeaK;B*sE~Tyn;j3({#xn#{pU
zuZBT5R4398p>mh{h1$2LG<WI3e$sZiIVmk0<MS8Jk@#y(W=%-g$sa%3XW+-+%$`Gn
zE56PiF8!tWB1gMyLQ2RMNY?|dHbDTimmNVHSWH9AAnnb}wV%`I*Lv1w7|w;j%jos}
z#|~m|%Ta>&CdP2my~2U(t~cf^aP6ojJx7s%W={Icb~q;?#4PCdCcAZurTXv;S1Fen
zymZ%2HrbG996$DDHrjs2Zv%$1`n)h-WA*WoBvbMZa+q=Bj9KLy1^@C%oJOBCo?c5k
zlYe_1SWj7z9f-jv|1zuEVRlS64<WnSIteVx?Kk)upAyA(y96{}cUlF$&m}#Mo*~8a
zDr4lFmXkjkK;yf3vilHy&y>`=F7!JBMxSS_6)5!xUERFi>AUmEkap}M?6smJEeJRk
z&nIVDaGXLxdH}>Vag<y)v>dnSrZ?4{p>^33lQ2U4Gz~=QnDF-w<kX9p>7lNv2&Ute
z`&Zy`*qbR;hQZ9K=oii&sTm?o^|fGGu}4i)Ua{lCgL)$FyT+4d{ezM;FysE#3c38=
zxkeTq@dIAqWMv-<Z-swEdR8)dq<{Jt(zZ06%+HRKrb{-ZTT}Tp8rxK~)t59(=-e<}
z(cYuj(MO|6hP|WQFs;3b!S4E`D4J0_BeNqLp%+D8IcO-3Ed!Ki-j`9A5!EFsc`DOY
zX}Gk?X$@}}v^124>7<rv#|H$V*VU-9WcSvXEVVwPb>H>ECOGnbE>WJZHJ?TDIA0dG
z^FD$;p2r2c@&Dm|`-1mf3}EKod-iobAD(G1zk>5^XJ(!p&-i{xYR=9y=>F|((@T2F
zF{(!f!Bs6xubBi|(8(d130p)_vkYC|zYNoCl4<E&FASp5Q9Yz}JuFbo{=N67iO$}2
znbx*KeuzaCFSBA+75YeZ=^`?VB3{K1@PQLGg-RLYIjlI-pcRoxe4GB9Kln$M!Yiyz
z?@8CXBto>dwZ65yvR!*ouCwKD=ReKAO)aYBFf$a7Thh%*7eaj5ng8Z0apL-a>#$~J
zf#=rb`*oXO2)2354`}s5%vA$np_g|*R<OPIJtB5gZc?^UZu_>K97=|MA9lXyeXf3(
z>UU;MzP9o76=^&Po0haqc1iZ1&_#H}eQvAVo(~M)=E}9fLfo%~^}R1wo8Y$-GA`zG
zokClK!z2%=f?tVCK)-e`D7Ds@JnH<CXN9_eg>m!@?ez(>q<@^mu4Z29)xVvL8brsX
zNmGUDG5_O?L#{EC%}zEG<UJ#RQBnLJyNn`kNIw;Ro4{QSom|hZgUlX&!kh3d*sp%y
zr<Ksf;IH4`JK!r8eus$uiwb2Fqe|0P^L26}a>6tf>6%I%WkOk~E=iY;;YjbrHs;xO
z=e=s!WB%1VCCXl)_i^=NvZoI6`=Jfr_{u)E=PfQyz=9FG&G(fj{CT<oi@?X`cHkg2
zwU6gfx7N$Vbo30B4ft4QFksSgtx9@6OHE?Mktm!1X}37Ph+%<BIGJC(7y-7*xjm;N
zBOIJw9dR@?tCl+_XcYZ-JkQf#BbX-{+{eiWpX>2-x1%uUS3NJlSTZ8kf?b*?fU$TX
z;2}#MemC*bfeBRE7)I=um$Fco2Lm2ugqg!Z|4xc+o{#qeTs}Uha62KubHLl$*-`y^
zHuos}i`}u=eli(xRx3Q|g!-mH`C-82gxdGc!1dL6dB$=^waw?W<NV>_q%!4S#!2PD
z{T|li4P3TsYo=5AgnoYKgW{t#bZF~Nj9FfV-^XPrXq21;U)B*R`Vh)4U{$z6WVRgn
zg04FN`55e1SZa`TLC}4q@G`)A-fLK%{BjCpwm;24t(<yEMGk${dx2WiAbHPwHkV&1
zuleegB|}Zlk2q1At(j3tj5UiDA7^WlPBFC#5Vv(|@_4v4z9UZ!`}MG~Ls9N)5mN{D
zJ|$jN%@SJ$cf}P4GUj^)GdjHqqZSP@69E-qj{<M5z%06$aYdW`paK3ULZ-(H+)R`q
zL~g3%q#d7KrIH>kHY|OAC&Ar`$e`D>H!l)r|D5K|yLsRB>~7=!z1RCB5+yczGOMrE
z_q5~A>s4QR?4h}S?RN`ePVmnmb@J<hephmiX9WWwFV|3H&Zh%T$=4fou%}B(R2asz
z#tJrtD*9`oSO}hyuN$>y^%t8}Ay|x|grM1&VOUd{zg;mCDgL;E0@rFq31~3)fyt<%
z8qKc>8Svf+{VDf5yZ#yiG?4SZAHcb%^;+}!Hj0|Ae;xR>tF)>RphPC7E17s9P8z&l
z84h|TAXUO0fTzuwqqM>bG5DFIU>Vy42UDG=oFrc7zuOItUU$f4v-$&0!aLgNKW+!e
z^!@hy>$?Q~=w6?l`w4BQdJY&YS~LGfd@kzi;mU8v&BJKFA`y*}y1q@o5vwvfI**WN
zA|9FRR$`-<DfT6VYoT2i!cRcX!?xpHA;Zi`4<pj&qQKDS{{FyqqB$-w`Vy+2!fpmW
zMp%6H;j2EAz(rF~$|6Sf3KQ9?dqwy{e3^u)N}%Lr;H~SHdsU!LKfkE#tGqVj#!3V~
zOePr#s79ix@A|n1)By5kx1ToAmJ7v4AvNpQax*esrE-evgd0pTJ8lc!?Ek9`yjY|!
zWm7sO{7cNPD)8OgNjut39P`Lcej9a5wxdP@_P&p@ZErX6+q}b8wDJQnfV6BbK=A&a
zVZs&x9eriOmf#Hb$_clKD>TPR8~BQ;gDyX5V9-fBk{U)oZPUtx`lDuRr7&y&)`@3y
zOR-th?qYuT%6;4xl)CfN_GgoCo8LuDc-YYp5D*7OC2i8xSpxonYaA5xh(pG=<vXa&
z5jDj2u@<;ED7r3cvM#Sbr6UnL>LT=-oqy<Ey~TsF1`B{4JIrsGVY5E6_^iXkuJb8b
zcjF^-%k|+xhQ=Ir6ah4E140T!DcOr>(8Jkt{;Tx@MH1aUt2q9w7*OFuotfaUC5GHu
zIX(FTcp!oM`8x)@KY#8uk3!#L4sx`-c#m)IgY&@ta$|({W{c$>D*b2_My6BOnC~AV
zd-Ihzx6~;W$m(#hVi3kgL|D)g2Yz{Lgz%7J+Dif?(MgB>0Ngadq=|@RCXdA_GWonR
z2GO$m2Wk4odF3>%{2pEeay(YNm(N!|Wv3Y2vqFimWViqh+|VCv5GKbt!bi}$z;a5k
zN^L=RMc6c8qktx{m~b%#3)z@}Jp-Y3280N3AdvV|@B-+m7{s?^PS2h_1F+IX=v$$D
zgkSF>OoFpRL`<r{OnIk~!vos^kT1ykYdm-l;rqFqsbvC;VB(d<XzL&iEL((x;4gBj
zvPtCvDDdxLJ$~XNm_WlIzJrbesevYR^#K_@B7^+Y;}%5xSOjswjQs&q5l#`(iXiKI
zSW{)^8bkScR&sxWhal*%d1+J3Z8@n&J`5oL-~%a{K9<#&4gjx1fpg1~onjTu3prHF
zU?{RYAWDb;=4LV828?KJkc|g@vp%;uuL|BC!@~jV<-*$zW0?6~LpV^5pj-<29z(ON
z3EdIU2~I(ZoCszSQawx5iOrCb#zr=CEUcn$AIw%n5TcQkGP4d)A0*TegG%4cR?)W&
z5q&$LF;-*+jS|7ROc59w|6m^=%Zoh2_IJJJfC>rn;w|ZgBtVx?!8^jjd6k5*Uq2cE
zf)SBSM8njyg#_ofAc<JIi7Axqsi@>q0l=VBEUbLMo^r}@tZYaOtgI9e%v;%tu7!SY
z4Bu-y8xcxG6}m}#dyske66=NY4ojG*auuAcO55YWMumpfMhStYcuw69uf$2emJREH
zhfT=vB%zOYaKa;y`4XW*(#!0}6d=j|1~S_wG%G>yIXcdvf<}EQVo)qyENow)hKulP
z?lzZ)KvP<JkXMZih_F^>td}S9?jubT{3x(U<aqaJb0D-}PPkBL*X8(Q70qfQ!@!8I
z0zYb%Xk8n()~;cB^Cs__X;VyXo?(P^XF2QS9x2v!?!CVz$g8cL+S$5x$Y$*}SN{m+
z*J(F4yoXe4uH-Q0xBu=ny1Sv2$=KLlI5ck*)V1`?&o3`+^a|@BTx{gn&ChSFoI@1a
zQEF2sTeY|=8`-+48^d;Qq_uHt{pG`0*gCg^%p}T|X^zBaPw#4Jm^5^b#MiAwFfYTm
zU<F=(T6r?VbZBT>7lI~QI=wt~Y^k+y)HX=O<)$0DYGhmAw5e6aK#t%NGEE;VT?$AM
z6ltz2i009@K?rZ}UjBRLwr*?dLN8`6*3~pEpP8e3CCBbw)ugLq2dQc^iSH)Gu2?c}
zXl>gRA=k>j2~#Pb1f4@sksKC02TpT&<(58eh|I%t8C%l~%-Py`8EeOmS`SHvC%YwX
z?p@~Vis=IACWD35+%z($6$HlpSR5lWK5q-|Oo`h(b1D<n+}yBii(pr`rfiXHnuOk0
z_U6vYfOG-QUGlhU>|PRYzE-{t&~$03Hc0+^3>1{30(VNJ>D=FSsonD>nf=y^x2613
zZ>2JkgK^xVi~@wIha3b*ebYc~C6AzOy^vg|>oHusS|cgZOXCN08B!)G*VzvtVl#^W
zmg1BiV9khuFrr;BgoO($;Zun53=6=nE>s#a6RLfH>u=PMo~jNY8J}iEfd?ebTM!|P
zi$1`K*t6ElZHE=zu@AE%E#fHBpB)m76F!cT)XRX2e~1{fF>**hGgC+rfwgEUs^#>b
z#Bz|ygtl`6BHjlaLC|$$C84U?Yr9-JH<+JCmV`trgNLjuf+af<Q0f{GNYYn?oRXfI
zr5g@&ndAa9={3e4m!ypv)kyMUwIU_mUe>J0Nx&~%m!%IOR;0;vX(CrOXcDVCcX6!9
zojSCny5F=SO_roH_Oevz`~484_Qg|WMCsFqE~wKb)7me$Jc?u}P++20b(s@!wV07R
zOi=22Oh|sqP~2)sQ!v|(lli42MYh{oZ>VusthJ_DSH?+d-CtD1Nj7q$)Rl3QWGp9o
z$SoshwEpMI!kJ9;Uljx4I;}Uz0>XPDwK^{m>Pjz2YA+_M2!wibL&^6w)fPl-H{~7s
z)2de%1~U2VK-ebMawd$*G-VAxI8~7prU(j0L<vn0)B<TZF@ib~Q?<VdVLE&k#Nx3Z
z4w){T%MmTu9_=*|5<C&yOIr!*cvWyRENqvQL_JC^rss9<ES!z><{~)bkh+~--q97b
z40*Q&dnLqxJ#`S&njdGB!ooJp)q0L`>SjO(vFO;GhF6vpxjbZ-1H}0)zz*m*vYsDq
zi_gY}I!9idJS_X}qbq;aKZ9$ZZCY#aA)?>=&$t@o2CX1$lN#l!ntq~)KoJo!TKbg)
za&&Mnd^rX`zvma!R9&E_p@%pysDL)Esl_r7yg;?(On#augJr+WXGok<^h<{7Cy_B$
z?0}BdAg(dCv?X{<On<geD>INWGKG7#C$JdNgqmVsfr><FKC^0k^9j7U=k`%E@lA%j
z`*;|Eg=wLiB^*-yZj1kz>hN-G{PEdU&I%V0X-La{b-0&if?*H%+kinJVsfa}O8+T1
zc8d!u*dN(on<<71Hb8rbNtL!qm&{61yA(ggYg6bry4eb1!y_`+J{f{xK2EwXEs=L%
z_<TYF1@km#vQedg=Q{6sILad#IJb6^?w#q+!?WYhve<e?MrlRXzL(g>PM(Ib5-aib
zzixuUA+S?9ai#Vb5o?IKlBj<(mvYT@iyXxVe@kyGaFsF@@F8Qc@$c@MRwXaI{DE*h
zw)SPjF)u<vbOJ}f;L7YFT4yXGF=U?bF-S1YX^)Xjcr>+2St8CnN=<4WgcFeobG6_Z
zyQEsrG%-oQs&3U0N0gDC)k+f*71xY{jC2zeXWM*JU*V3-CbK0wns=m7-?&)7iDl*u
zQXeM9hX16s4mW}S#K!ZzOuwtIrxY_{nYv;2TF5T`EGI-9&!Dp;W;nPqMu9Yu!qsr;
zG(F=LWSU|Y*?`FC_!SE%$shu|KX76lYCNVeCXdxHLm1PcWX|D}bsBJTZmpBDko1l`
zfq8;!(v?rKB{Z3J`D(|}9$J?db(fE?R+7U|R@ahY!cKn1h~ydW&Ko~X=Ch1=wPal;
zm6B$9G+pCeyh!3H55I~4PGbpM!<Di;G)_|X4rQLh8rx7OmmkMFH{2$DwM!aR@i8K-
z{QaW{tP`FX5u4_hWfG>%sR<Ux%@VKphE~Aolc%L7xRuh(`Dp8k&nUc&sN!WuCYSyW
zGMsP;ERu{{rdS>sU&t+9hL@&n|5iuBlKIzK3dfLaG{R)+e`b73Fq7b_5f@yX7Xz>`
zz#00mpc&*MlW+p#U-)-qh`pSrm1yZMb!>u|!LAIU8HTyeLNR%2p6kLTAa&e%=F}E{
z1x9T4EZbcwl4?SfZaHWjyNorNIo`vKZ#ynom^!Ff`4llh(?})$N5VdE2YB6R!B4U$
zs<`odG^2vPPBjmY)X`JmQh|6m=rSfAwPg_Z=pclHLkrfmI6AgPI1kD-8&-S;ppE*#
z&eXNG28GYjV4(wRD?K0CiA5I~2J1(4ML@>9LE>FzUuEFOGgoMRRi1TQ585K1Fa>QZ
z-39N3f73j9e;OrzdKToqp%-X@PJL?~u4;$D<AR?mmb3)_X<56j+`=3uHNLSs4gR2g
zsDwLbXZle7fuTk?@76_I7LpyUREDKAkzz(Fd1zqY+y<MA&sdkdXKBnWv(U<dpJ}MG
zFg!z+KuavO1T~AWD`#E})UgEzJ~2)=+sw$L?3=mfHQ|b$MJ{!mQX{)*NzKNbmV}4)
z%|<noBkK?8BU;*r>$Nq-&YquFob`}{9s`n^#mL(E$B#WMIN4ES=2!`hDmN}=w1c^N
zVeF>Rttg3uNuE7S@}xPFtin{woco%H3W4U2pIcZ;@bo`0yeq~&wq?>+W17Vlr4g+{
zs@I-F)Hpa7+>E%T#;U+7-6tyCL3(XitFji^uV#!SaGN`OV+b?Li?+!Xxrqa_?7xfo
zjcLP$In#|y+U})B#Tmo)S+t(&6N3v}`7%!m=F*KeKFN+L+3su|B891kIkx>2#|j9V
z12bqi3vf>0oyz|j2YZiAPqICz?ai;ZGE|K_ai*(z=&(E3n@|!OZ(!ItI8F6B)w$`U
zyw%>SlQp~K+y~@y<4UynH6Kf>5UJc{%nPR~S4YpCD<EP@Dw7ziKnE)(Oj2S?pC2N8
z+)-w@Pn2c|TA#I*yOX??GSgJly);?`JBCYz?(cZeIu1>+4BvZ(OjBA8oJ@ruannu~
zzHEQX501a*$=DLfTL%}@FRCJByhvp9kltxh1CUA|O=4v^qLNM;St-zf&-CaxhtDmq
zi<WTambAg6`US%d`NP<R7Vz<pq%?Y^w;g@o+T=Oj*q@tR2t^zJ1(&Mn5$^aRWjygq
zeuP{HkE#BJG*!RbhRaxR#~;s7cMs<N3lICc^e=Tt=3naAcc1!1ySnra<Hu^ZI*BIF
zWtn@OXen2XFUHTC&Ck-7vHTg{<W8aQK?=uuk@@jnbtzvzySvk)!na?4mQLUFW$^DJ
z%b6{a-fwd25><S<T6k!~&6~PH=>X|8f(XjH(xw>jxm>V1PVO@$$=lPWU_MHt@?H5P
zv(Fd{-)4@?TcbmLg=&-CA9b4)#e%R7IG3iV32B8N5$Nb5Wv-bPsOchg8vmR4Qt=l*
zadI2K<T`-=tBdp}A~3F2^!cENN7`&<^7>c$_Dh0w`|WslNk<|F|6!+{4?SO#?q)3F
zc>8U~LeF4qdqJeW@J`eM2YkqFfj!&m?T*eevra3ZEp7bRSoJr2l|JcQx^ArQw0}hy
zqcG+-$WD&MUzhKbAt}GM$Ngw%pQV^S?Qngp(Vh8&6JxKvSMHB1Fu$3YyyXM)sTb{o
zmow*=tdpBWu&*D&PaT+7J%}346B_C0(>_gs_isqQZcqVjcXaf26^cIvpg%nre+7u|
z4H`v#A)4ZB2PKr;t-I7G_A!Or?gJ6%why~;0J+Wz?8^oqlHa7Gy!3<l8C=uu1%hq!
z!1^~J?BoHS(f0VDecVC(i38m!Z)(A|GXOkl8KL<6AFp8Bc0-#ZddRKhH)|_;hL`BP
zt=bK)OSCpu!`d}bN-P9YyL*m!&wGCeB(9lZl?Z!jk|?)KM-qAQAQ}cv9LBtu0)wG>
zQvljgH^+j(_3PoF0MfYt$jz1k189QNRaj8hcK!HI{>xy~UdKzhUH*9aQyGJJ1p5sQ
zYMZ;gSX{V)5#{dw0B>kLfAhF{{=n<0{tJWQPRFgq8cZ*0$2NjGzVKC-9+GOQU3&Mr
zxks3P8#NB@nc(gWZrbQMW|z{t%lK>q=V1TJ`{j`aGy^tU+Tn|>nhYU%@u0h{N|ZEA
zM`&W(*#foIutL+o^bCilp=}g)OTp}PdPOW`caM1L=>ls`ZW^6E&bWL=_m2kfp?%(G
z9YC9LxE*~5aQfS>05ZF-4TV}7-FOVryP?qC`M|3=gZHlO?15FNYe|561CQ;R7Yxwa
z0f>T1JoT9Y=abXW4t`#V_-Q=kDc5#kbrO|Jz>#pUVlIHfgQX{E(!g&Wj&^1R#)uw+
zk|DRAKzV9qUlWISva)?Wz<l5#<G^Etv$tZ2cI$AkgxpiO0z3V1Z=a+|(PmK0Oy>^(
z96H+{;RIVIv>S{aMAevzoy@@w<RUQ05AOtMFdJW^Y#F)}rFz*g31Ee#9B)i6t4>i5
zqy+`90c;;-6$AeVvi}uj3VBKs-Gbtnf@`M-(ea*tTi}6d@w?og<6FO4!+!Sv0D%5e
zfBXly<NRSL{~fEb{!i_>|D6T>4{Gv1yq)O(>h0(hjBG3&T}}UQcgOz2=l*AS_v3iz
zSlE6*3p*R<4`yNK_^<Gej^+O^z5Ds-{{y}I590D)&<iW`&zk@Ej{gI_Fmti|AH>W5
zT<fKqC}$tc2p4w!iq7R09wpdE9<sDR;<y$r{tRki)G0|SN{sjN9DQJy>;}Zwy0aQ}
zRa`yWGSBbn9Bc!)m&ZLaz@wlH+}W*#mtm=Geu)3|WxAu424>F^Pw=+kB9hy5$hRbZ
zZPv?Kxd)*@>*)%U&F<d&@+%98Be_L?F8EfbzHk?&bMB<0g~1k4%7xAvePUyF(%=<U
z#~hY7+EH2|F*s<x6-CGTAHaziCRbgxA5iY!;v$o#O(~#_S!|gA)9@EFkYyjn6Wy~-
zL=Uwtk)wD#p)Ey#=sE)YE|-<+F7S@#(D;znO1^lVD7`q+r}P8-RT%GGeQ1pmeW;9c
z*BAv4-Tt;on4a=v;BCKuf7`)$18^;OWiXH4XHP<sF!X;KCzk*5Q~&qD`G4_b|8Mj2
ze{^L`?El4;{ihfEv0(q<xBkP2{fDLcUtQUMTCShD`){`FzZtO~L-ymcxQPCDMfIPf
z|6df<e~!<89jO1kIF9xIvp9~Koso<Ef1a=_A7~$y<(?a^=Pj1W9C8*ZigzbesOS(f
z2&gbIiUcGO;z%h$K>%FFkM%VfnF^5v4t&n-;%!j@TWTB=5gUS1K~5|*s-lfTxA|*j
z+mMxbav?z%yLb0F+u_cP3Wc`%<lV=>;e1m4?aM=HQD5^nc*=sDWK45s|E}*bxlLaL
z3SSILVwC}5VkD@?KlsTW3B?NcBbM&O$AVjUUs9u~sKHZeu(W8DIv?>~s*cT5=U-da
zqyhb>;~xf#pulnIDuOr0cnJ0uFnd4FuVGB&B(YO_tEc5Igl)E4wNv|0KiB9Bvv1$x
z1mSPmha)xhXv)2&1x+YZG9uRP^JnlN=ef#zsA<B1<4;?HZ+Kix7ZHCL;kQu(xWPfc
zskx<wUO~~yMckOAahnG5^~;~0xVZM0kfGwkl%-}DE>dRzpjs$+{(FOPD?nlwqM7g$
zdgEXoV@Yly5l8_vrtuoT9mBQ%14N@kx*L6Uz&*Mh9h$LEm=}Twj2DDXkVA+@W-IEs
z$oCX=tp}#A^!F)VYbL2teQ$o<?yO~jVuV>F-M)uodb{)%IL*c|gd_TSh<m|J+Dm=A
ziqCJIC^M!B2d;NU?l}lvbVNbi5cqa1%6+3fEU(B#0bqN8@forgSdJ*ABYO2#AU7EF
zH{Lh+$-brs=H(lRZ{T79hcs5G!hrzL@Wq_A2}bH1gbPDl*tVYw-02tCCpfrhK-9ky
z%22}xGB0r77(eI(D7qn#?%(4MUMRV<^9L5hlE=ohbIF|=zF})b*<!jcJE67%n!G@;
zH=+kF3CBK8vel^m^xM!)MEHyy$YeRPA<sIkLAgV?0a5X;@E*|B#<R+RMe=TvOK<|j
ze8fNo0R0qt8Vv4SxCiAnBpRs;%{JA_8D_+|MX+5kCv1*cqmVuHs33u=4uN}7m#caa
zgDC!6cFF<wts@0fikLnK$Jm_0vRF}zN9ET}AgZW%QOPe1GyTzs-eUgxiF_F`>*4;x
zQNb=ETEua92BFaq;YJ|7sXR6h2Cd+yLLd+%lR0NEeDufwrB<5@w8n|8oS6%=@w(|5
ztXy9q_13c^d6i{LO_FOq|6Z%KKeFcT3n}tRrl)945I#N?<MH9<3RRip*TW*xQEc_(
zuEUHPEU=l?kb{hR%2Ov;EApA(eWtECPQJ-L=~uPD#{U{UN8rrUYOB$4Pt_tEyi$4z
zBR!BJgu)^DqTwIpg+x2T<y~}RZ74hCU5<v=SS~fOpJE`8AHgJ@W+^AMdLA$Je-7cQ
zxb~diJi4H3VbH@xKISoY=Byi*ew<#qL5?0v7R*~rwEZiK%Y%R%?nP6coD<f9p%*M|
zBfI?&(WsL>*?wePJ`w@1CCR|CF*_0L4>=reeZP+TjC6fJ2#!5h>EuRv%{tco$Nes8
zh1D`?L=1te0g^cNtqITxt>IY05!hRj4@PGPRs!NdoO%-$J4gBDl5=>kOlsv|AqMn6
zWQkEDAkt#L0|mh<0Kbq)pejTe2k%rOk~LA#BjWPYWg(iRm~m95Gatr`c$jJyHF#=%
zSN0fcl|}YUwQx*%5h!xkW%#o8-dLsZ)Y1qD^fDqg7q-pMKClNr73Arz<>f@?NJJhY
z*$C6NC}pLPkKe=~Q$QJ?f^iE^1dopAy$<-CCq2Q;O6J^<DG3#d2hU5&aXV)x2<{Jy
zo-+>NB+E)2_YWX3Yv2ht!Kr6B*MJKHk7M3j=F%(VnU8VAfqhYGOpcj2!q73vvrUWK
z-{2V{WDw8fFLzq`wiw1ahFRvWhx@EiHYZUuNL@3rVq;3xP}HrP|0BW=%lc^(;mEq4
z+p%h2{K&44=cV~qGK+=qrwq9M4;-mk-v=AP4j3@-9*_^%R;7({RO+|V%&*~x!}Pj{
zgY`1+Kd0|^e#>!W^??3-7QSY*GSrgua(>maBIQb<LT)P)TVho*EdDSR5)`WCUy&r^
zNute*M71l>`80g!z$Ho&vaP6H3(&dllFJhns6R>eYOJ>9eLdWJx}`~}(8{%}zpWC~
z^3gp)4MUlJ{Ux_e@q?Moy73`fFNCKWabba4`;|30G~T?#ILsOSlSjUA;VL%-8@F6u
z#R566`~ljKL(c{l>mJoMzX|7#vl?xE1{wxGVh%rx8=tR!TQz|EIT>a=;y%ywg1@Kx
zDK+RlqEng-mlXIaGBkeD`nQ}GGi;x9K+*KIWAyf|Xsy&oUcn6!wK2phcWy58zOQJo
z9}==?G+SLrK1!}$rnK2*K2RSSzmDv(Ihv=5ptTM+i6Ubm`SBOmJWiFu6rRz0J}lm6
z0$(SRA1kCPe}k`4JVOZ6%e3>#TloIK(m?aTgRrO7#?nK@9j&F_`BwAm+5Hh0HtcVo
zie6TIujI>QZI+<Yd@c*kv|d@gw1$<3{MUkJ_%p;wT;|q{){HjI)-pSV&D>ty?OY}k
zg7zLhNW`%vE~A45M;y1IDC`VS$jyTx<X7+_afFFsE{~<LK<w8-50kUJtbcFu>sQ*}
zU$95MM_1n}e%{wTYt5Hwn|AF7fjixirZ&1!Vx4katZ$ijm5#|M%y;qszBj+oVg|^M
z7OiP0(#uQ_KaEx;^2{A^H{+3dP;F#|nNF?DvpvhUn^9}nM>HPR3~=c);T$7|gxe<s
z=1tX2lf1)*0lH&>Od4&p%+io+EcLqNE&xA6aQR_%8hh%#-zn%G%TnKne!FFqv!Abv
z&L^G2pcAolcJ3^z$h#N<5L*-}Co$-V=Lk@c^HzgG(7%gvf%I5Ly-$&LFS$V#wwu^x
zQitt{;Tn3L*BQiftWj}hYcN~=UitYde9Awt`8QJ$+3*HD078mS&Zp$Spc?ZlEHx}J
zL1}b&m7Q2|ydTxE+?MF%cwc_q(whC%QT>7E@zpECK`FJ)rE9;~aoI0!#2?C4+q6-P
z9whCHF=V7ts8*i(o8@7F+MISNAbfPxXWK=>3p;M)kDdj`X2azP+!j*bQXvcp+yb_L
zH%!a`y+<gK!ipy>3(ydT-=}h<z<0Uf`$}NGpPlYU-ItrARt%Q!ca&xPGYgDG4C4+w
z%GgUVXO}3NJ|3i<m5rgMM8!8|7-N}@i_1vRz!A}iGIT4Yrez+6VsNF^-=6Qa(d22@
zio6TDOT4o_^3;(|<L~giPreLJyvtkwpS6C$!GoP;tL(c1dUXM&b7S4WHgCgm^%6zM
z^fTeJ*{Vr*!7!;8V`&&&3Q~kSLDXY;S5)Um9nJX77k;_bP;d1m3l(R58}ZTZv5?Bc
z@LUU-0^eR>@_ct%6_&8YIm+_wS}Re#xp_|P00uZwr-9e$qfj}FVS<+QPw0(N%c>9x
zKXBO!p<j3`sI^#b^Zp~nQlg!0pssU96al=Ika4%89H$!7<w^Ai;CG}TjY;6J*+(q*
zZ@&sq71B6II#U(Ho$|*{xG%#0ciX(z7CoVyKvJV4!0?@$1qVq1g;qS;(uccYC=MU&
zoYMtjp+MKQ__w*2AVZ(P=kS>@U2Dn-0s%w(>>oytPF_CaTwaDE^q?`iJ38#I{^zl0
z6J8R5q}!Aam67PXXzaL;=I#e6%bADF=E{e+=FSK0MYYm8sV)XznT^s1UCW%aR!?Lv
zg7~IO?4oL-Jt5kt7=yUXip5Q#xyD~Mw>vI_uDM<H>Yff0xvD%n!%Cd@SDRlfH%-`q
z0uTiTt-DP}zoW}`c9<WYoU2;drg$2UmV2mJsGXha`N$vpI=&W(<H(|1CBwJf5GWM2
zB7~{YhA*R`xXX+4<K|4E!F<6oV51<ZNqVk^a%1b2=9HDy{rXfvWP~Qy#`_`SX%C_0
z4NK>Us?q+TvP0)=I3wjA+<b%y<P9cE?#UVvC!Gp1afXsb2G0rd#=xP&&PnP>!VL2c
zny_N0Co(t8I5hop^MUNh*)GtAUB2;Z)bk0jo8yzu9iB}NETD~JS=h@*jz4htIq17Y
zxbpoKeLkW<YlNnbtoD)@PtL|3yQQ(=wc-@w$h>7hWfv!8ual8-gMtVLM~6)-Z=f=O
zG55$->bXym<8t0`>twW7usaV?0cJfJlLV#wg=Gs_63UxWsa2#r3!4^x-Er1*M3aI(
z;do@p3vX@&N>I18s<irG&u%C>NY^Gyt=4&0J5m&|Yr!k-=_xmO_oTM0p79w6qJ`S8
zo;;`IBiu~TlAXZ5IXr!9&?@y7iGjw$KEC4oO8|`*%hjJRr|o3q5Pe+Or1o6K$S<3-
z(njuRW0XK!`#rzusp6tPy!9Z1(|sj*-{UCwqq~gI^YHAWD)o7B@z&xpz}%%%dXXX_
z58;v$Io6dz0y$**dXyku-+ZvE$Q2|ivT;oY9JZ0%vE#_OLx`5oIm*1Go6mKe23uD#
zgU6`AD=zwE0CzYj(&{nGA=#j1H1+sJeILSf&{e?F^A&2F^zvpW-zUx4TjDN2h-U>>
zq;IR)w7+{XB9Ao@3H~-W2QrMirW0}A?p7(#C_2IhLVK2zphrXA38yN?RlLu!L<z2}
z1RoCaJ;GJrZef_3(19SCSlq5eAPjF|U$#+M1Z~}Bv<p5f(S#8jya?*ZrMZQjoy0`$
zqPa<(6;V$uR|X-}dAy*OMG!LHa3%!WLKu!mFZq{tN{@6oiE12oK^&Im?NDS?EG{hk
zjenZa<p7jVveR{o^E36RJa3aV=4Zp*ooBI$Y7BpTE?3}AILM=xymKLQhIp`E;ZG8<
zvI=!n(C?si;p&Rr4a`nYv}zEJ_=!g8pjZ;iqCLJKx6Q(8ilV?*UIz<fNQjEGCe|7j
zc9LJC&I)4!pfI5Z9^?1IJ_XwVk%1KlNe39!APFd#HX+3qWJFkRl7RteI$E-bHOXJ0
zH$`P(oR|3sIU)iH2utuw@xnznY{i1=`3%h%;;H#4ys5J2G8U1wN;ju=sQGHke+@eZ
z-}39zYL{!;s@wSKZ74T~DXSGkKf$gky@%zE%N~9&-lv_^)Im$oN>tZL^pN_Hpgn~l
z&=7=41d7Q6B9TPGf<16k3Q8FGA4<Q&GCicKdCZY!{4{R{K=a}<(q<0Eb#5SO*7D#>
z@~yMSZ?ondt9)7b>@>{zVhG6_3}}N`EDJ4dDu2px@rbkB*5w1U)Jm62968|E1@7e~
zD@5t$+fR~gvEmYbySMaJ_ym@41b4N8rO`q+(`gDn!8Uzux0LwN(+`5>HhS{a3G`Yn
z9$XIE8W9i0gChw*6d`8IM{Cw+!YnK-zQE(4mjpdLG}E@M95;|Zl^=)>h<CL!T{yIF
z*Gkof1$9w7zagceD!AmFYde0Yie;V7Rm{I(r|fL3UQX#kpsM7~yowhoF=xt}B@bhX
zL6T)8(@L#`l-r2JF-c4?9sO~p6*&?f)Hu+vthS8tj4{o0tYlqgUFIELF#K14$#Ti^
zFZn6sDdSnQv6{PT+o~R?CTW;;gW2#jRz$T88uQQyk6{cFzO^clTqOZBKymm5z{A15
zq~I(EV1i6(l5V?hI*R5;@WM=Mk$t%iHupN;30`~l)Z30w8g!B!0nW<Z>M;iZ+2C?H
z$r|d_4kxr8^|@V18guvIDjzC(0qu)&XC8NRC+-uL4qX@*$_mIjV?lSW+DR$M$Vtgd
zN5n@*wg&5KPB{R6+iNDdG&Ej?xb5?&`WxZ#xK&;A$}$^?C%{QSe8WZT<tbr*3?ir<
zZgbl>_?`|R9Ic~d7rLzYYLsQyyqC+rqUJJdzJjT*?ol6In%Lw+YKYZUb5>-3l{CWC
z8RY5jpC)@OcU(<an&J8fa0?!uL=wwGu2aGAoLTX0ShA9xCP7K(W5pGOcOpFA1o7k%
zk`q}d`{fzUzTmA=$M54h(A0i5!pa;jQ)zG<O)5=bZvETkmBqZfzk!MvyR0V)+8imc
zE+<A)TdK^uOUgX}S{)ng${umBNwdf?3h%ZwmI!5_8PY9yOKtQZj2GuZB^on6`#e2}
z8*G)R!Mc;L_-ho|*x-aCdF+m}H<jGZtmN9F^pqG35gx6<!(e3D+&E+8EF0K8$UNXW
z+uHllS^v2uOQ_dZ%4P}JEnCU+R>$=I=a}o(%rcL>J0B6ob=6}|67?D=sf;L^P3MQl
zteWvr%0F7LJ&459SuRoF+!p=<n%9%i_xJPO{haXr<OTAB&&5ANpuw(cf?%!zpZJp?
zpA^<JM<f}4UR){OB!{2)-1qeb$cfX|9R{z|sAw7@+D^Kf+)LW4k$jn5QZ6!oU8QtA
z*YQ&0cR2>|LBNV*nFdY>Wp2qp`9r^Fa23QmWF4N*&Tbjx#fhPOMQ|0F%8S|BGAGut
z=$86N(09q;1a}OjI_nFVX--q;JmTNdNCkEX_e5Jcx-x%vyHdvCq@<;W)7#jSZPe0B
z?S~=K>^|I!k6*<CZ{Vvt%;uH70e^uoPaisI`BHiru*(rHLaW3+mn-RCGqie0XqJp}
zUa;Q<Q=%7)S!cPF7l?ls{=?CUDmypZU+<*;O=`EWobj}0?z$pMEahLrD6CJR0wezk
zXBgKjbaO6u|3~O%Eq<NKtt=r<JLTM&kjDCSoPezGpCQTl-t%qo^M`#va#l=bw&wil
zYdL7=NwOMlp28e4U!**X1U71t7$bnyIeV})UWN?&JQOH_uoHs{E@yrZ$yhX_b!uy>
zQubE_V|?mhJs-uA;x&61i0S3IphThlAA#?%<UaUT$W4D5SxvX_pL?e>9jXJO<%kEk
zW0{pvXRB1<GvF9YT{;se#E!d@RsOC)xm(|6lW%%`x*&cu1>V^W5Y$MGxO`SiO0?&2
zSTN$r=ge-ZQ)K|bY}ZIKCE4Q0&IYgYuSe%G-oLb;v0j9h#WZ6^jtzD{Wt&b_9y~qT
zeTlq4(BH(L_heM^5k<yu!@^WKR)45|^csw7P`DeEpCOa3S-Wm~@V4zs!3~k`*zWFK
zTh*#xH^va+f!ql{8g&YcX=bAk=H@+|-)Xj!9ju?Wq5G_J!AN724ACNDV7tIC@Cp6V
z`F7Mu+@jwcS@F1t+HQzzc%KB^@(>w`!{;tzsIJE0VKYh92>c~xev(<T=m}qSm0d7C
z?9t|5N~D^{@r1*OZF_LyBy~WoLf8(nT*1?$8}4$Ujk{8&eb0)YAAB4xc2{?FU0l2R
zt(SnH4iDw$^mYro&sKu2JIo_@Cx|!(tQJF>d0X8s!-EybmBu6+$R)aaAwr54yLn(x
zC5t9w-KD)l3Dh{sq{#Uhu%`JW6JuAIUL0Gj*Gs%D?KTs!G^!~s%~ueyAE~&;DpV~G
zO{?4Ka-RFd(NOGjYxbU7LHqI%sQOFcCvG^z!Kt73hzne_nwP`AA4AvX8b4HRv5YUA
z0R4|=1UnmQ19R?*l7OyM3v+JzP3Kyld%+xEMs32o6z_y1_ngpyl@H?#(U4RGLfcV3
zC#jOXws4yXt>AT~^boC!6^AjFEI&Uzj{Gk#e2)OeuiDzaywA%m{aY=a=rVT?T%2wW
znw%S2H224?hm&}}PYGTC`ok}CLT};MEXvdU6BJX59K_q?<xu0CioMR8dRP1}w)Gqs
zwt{5!aAcI$9Bx-b%RkGwFRbe$qHDoO(?i(A+ciZ0fFgV+JNURQtwS8fEhy~uu#KMF
z5xLX-W@a6v%(9S&k)!FD>?j+qSovjF$cN!LNdMONo=k|es<%Wh^L31KP*|(sa?6d}
zqsV?bOZHoEyYF46)40<dc_7;9f4zrB$3bqNo_mox_$WP|THlym0xN9#Oj{gDYBo4M
z#rrGHV5C2uBRKvo$=}R*9hVZ8HnP(3(Gj-t@zGH;%0>ePkFqQCbnQmNOcu1EisUBK
zBHA6^jCtckl~Of^Dre6v!NQQz*i**R#d4G_&~nX87^qx)I1D))DlR@eEKUKD5YmY(
zBC{(sHq%kf9Nmkol8HWtkBJlx!+?IY<Rp-0G0=Fih+OS5iEb4BH5%+V)$^=M@7`O&
z%FFXs`f4(eJrbrlL46eMtVsTGnL~(=MbKlE$_xwnvAi`BxN}jGx3Kf^Hd5~BFLnk&
zaJ=(!f$V>3-}7^+mke(WfMsM3`38d1>=2WR{Ybt6_a`ABArOJ*e!<!nKX6qijqD9t
znM0iS+jETo;NSd>eM03#o%@NtdxhN~cFEJ1!=0n$#wl6EV3pwoy3(~sb^y8}vM(~h
zQYe0()44@&R&0a(D|ap7pMM49j=9ml+h9K^+pOCLd$md~+=nw_$miq6h}Buc2x0q%
zJja%Dh6OL|$BX{0q(N~RTo%1HhSwPBLo^bZRW6IU7|b0^ukRl37v)!DSZG+ahbeAC
z8&>pAV42@6`v!2Sv8*~{Fw5##=^pmk*k37T1cMKaC=dt6bz-iVpACU~G5h8xhMpNG
z)~vZm#SMFDledPg|EE+V2Q*-;g^MtF%2gwmi2bQ!eW8fvrET3*{h?iB8?=A&ZDA|(
zK)P1iQe$B<^;>H*OqPkz+Li~!xD$vJBUVsRZ|Xz~w}>;mx&_?C0nNfT$YiudOFQJr
zr$$aG=m4XpM#M6%MQbyF8Q;6P6*|_jyQqau(|F%TYcncyM1FaL9gV{+eWjIjaBY?1
z^+RT(J62A}Q}R=hix5HbE{Ob2)SeN^=DuC4@u+d-4X>lTL$lVb3dE^}a@SJ(((yzR
z)0WOa+gdkT8{<t2_b9TqRK|w(iPmM>CjBByrzSQx;L_@TY+G%8r#F9Ho1x2>j^5td
zLN2z7jd6bUGVXNZ^U>UE14K{1Dm#zGsF-`SG)#il_ND~{S!lO{3hN<$eA;#JW&bHV
zpsuH8dvVv=`r)wID=7JuSscZ<QXSzgAz+l0;fD2{JM4H&9UvH|v(Y`YgZ2}=?x(Lk
zcaVm=;X~)7lx5x^E)4~VsnJDUFUgvOHiB^3VUpUcS0OXV@J^~*okycq;{$AFFX%Mh
z&z`=yxNoIR_KrgzLL#M_+lpZyZ~?$g$l|pn04%Q^TY;}M1-cu+wgwIf&a6AlQFdvi
zkNM5v*xb-T1r2o*fu#RLXUfzwuN^{<SM+YL?uQ@Q2-QR92dD7W04L~CU`ib;0v)I6
z1_sn^!&Yq2b@)DB(dDk>(~O;3-mnKJg)v6>1nV4FL%9XKu!K8FZ}5Jx=XLdL5B9hB
z0RFfOdCv`6B)r*-L9nfIv~^*V<8K=z*YQCOHG8m$!ii*2O9O2Z1U$y%*mMjJwx_iR
zf@L<6I+(Czcl5Gz?E>=wtQZn18~lN-#PI?iS%e_TRbB9uBv7$d#Bl%M;B0Ja0T+bZ
zySyI;FlZw*GiaPvAT}b8=m*zf$HX$JTwA+(V-p54C8@yf>cIL$^JRlBM{xr8h|itF
z2H}95|5}U^umL{L#<Or@<B);n&0GqAyFpPW<oB&Hz_fLWuA5$D*mQD;+*#ZO5#^#*
z@-^4ikpXBMbZu_#nuZ-)Aq1TXfd+JL+0ArNb06o|vgcRztS?hAiP|XuHrFP`EmVBb
z*_mKnmq8PNHjxV{9f&C)ltI9B3~G<RfGxa*T|x?gJ!__AOzcB4WMXpI5#PgIeCVvf
z{t#v83IE#z&bn{DmBa64cNd(wd>oVw<6$K>Wp0~3BmtdHvHofVfaVV6w+18pk;QoL
z?g{a<LkJojqwgc!nrz8mAEZ#(24=RFG%R852y#lM0Yc)d@iiH!rnmWP*U__FgN#R^
zx<6Ebrzc+p47I(xtYa%HMc<JjhIo@YC)`)%mso|21u9_kC^e<hm#Oq91P%-<`M}D-
zSXi1emP|uqb(A?V-m;3Rnm%UA=A`O+G}XADWW?1}4)K<;e)nkF@|)UxX`;Tcv%Ju)
zRfkKHzVZ*90!`JgnKT(QRn_#RCCSufr}c-*yG9f&nyNo4{6+26g(|sF@6^=RM|X{9
zrY%6ttx5LFf~l!Xj0TG`m6URUcJo7xca0nC>kEgC8!!RTL#mTvPO3_-w(G^%M`FuP
z%Q5Gb6PYLhN^k}=6Vw#yplL~G<Nz?BOchPGuFh%~X<K%i%FuqBiq_8Zb`vk9$7UPs
z09BC5WoG>(P!$lk4ikz^9hQ>vZk=2WHSOQpy2`9MHKq$xHRaiQByzRcN=iCEK?9n^
z3bep#Q50$E<;}n}$rI5NrRI~vVvEtz*gV8!HW?H08h9w1idxD_%DO7KbgL?<ved@#
z3C5bP<HcINC?<$WzfKP2E33<?I_x0e0G&utHfL{C<apqWieP=ooTk~IFb3)U6*bkh
zSL8=;jhRU{9p#<XVU{LNuH*@m51L#V+5or&%HMjS;tY$(xLs@92I!kLOd2}MDhNQ<
zSlEn2kD9P6s!q;5ql6}{HC$~tIG$Ll#^&s8T5M1O(CMu~2bIR%(3a4=(dPJUouR1g
zGNbEOr$>9B)ws-wI9`9F`H+A?X;WS{$OvI6@V9}UT_gkP_}Nazfz?@vf_0~&U#KHe
zYt7a$PRX0%MWhN$PVMgp(&E_dk%A&Gt-|NouMwMBw@OQ>W&-h!0}P=dAydED6#$5u
z6J2YI-DHp}tqnRORJX0dH7kV;GsEhHc&OCqK~AKQ|DM3f%TJw5r1sHQIp}k0o0~t~
z&WWUIf)DF{LrU#&OMYd#Cb&4_7lXfgAy6SrV1J^O?*)myQM4rCRi+mE$7)F_Ki=dl
zODCPz@06=0^$u%E!K_N(tyZTN^Sk!1mZuiWEKA>|u1YJ5{xos*`c9CKogk6*);LKm
zOpw3grphQ2I=yz>ZqjEItL1&f%21qX(`As=m?ZW2jg#qWFpuk(nIyf@WgONiGfTCI
zv6Ly)n3!P7y=pBdq8)!^sYoc7b0_slxsr*gN!+bg#ufWjk-q+{p3->dl(yd^)or{<
z>=XW3_TD7c<=-TF>@Bvry^Mm(F*a|HM?+9S_BzpfJEv~$=^jo$3WIfUjqV)IE)T4M
zV_I6E+z|_C1#Ki?vK3OGi8A8^ozE-2%t(0N#00E>Xb=}g)>A})+*pbb917F@!WExX
zq^X__R7183lMr9-sR!vk3A9JN)P%F=s7|Q`vKC@k(E>DMInagh)zoLs?*;Mc!y7X-
zV+{0Wl;f){4QgSAAMf$#WRqg&HxFzgT4Mm|FjOZS_951Hy=;X#SaGHRDINwt{*#%S
zQ0Em${*4c$!!IwzKgSOed)dU$Z2dx>&wkTWNfwlu`^O{*u!@xe8?UY1hqZD7;3o8G
z1Fj?JZHtv5hcxgom_3BDAf^gsb#36Q=c4dLT+M|nzb`=0m~?r(vIr2O4$UC1FO9r@
z7|70B#6R3HL$NsE`Qyu29?g(25$Y2{SKSjIsvCt1o%`jX-f|M8R=h;t>I&`h{785f
z^>MQKyz%vjf4mOMf?^N;3f0tzL4P5}cnk{vL8^siu8OAz8;<b=%1~AjIqS*Vi^G+s
zCU>!(xvgqjv8ICi`-&@T@#tW~{^<QPv#tWm2Z*hF{f~MR2xfSJwAO+F1Q$By#&16T
z(M!cpf*^oeRdZGA<z8;phMrkSs)^HdLyz4T{;tdNAVK;_-cV0I0c~@r2=rY>f)7sq
za<%6|f*#HwmPWPV17yFS>V-MhAhRK<-#<1xfa0usc)6o9LeSRFbCfm-vz461lLlie
z-5mtKtWOkGGF%*RE%uct%cV*~<HelN_6us_RV$ZTow3a%EW%r~+xb;>Wss4{fV!F(
z`X$^L@;Z2feohY05vgtJD3*IS`gm7~$19fJyy>{d&S124{}dt6$EVQ@Al-#Q5VUBs
zA@Ct%{r#ABFuAv<hzzYS%pLr_8uG9TaE`!P|H(NxY5$vTR40Ch^)IId$CW<d^dOPA
zI(SS2Ee$Z7n2){!$z~7rpox2zT0cZ$EO^MDaeuj=BE!r6+`^`cV@2<%E1t)ndt@T_
zO!vWqCr~SjDU=(jaqMD=cl40Bbo9iWK|Ajh9hEcQ9k_V9LR*osX{mi3Ax)KB!6ST<
zsD?R_PoIn2!)wNRpSv`fnDu+&VHt-wc7)$kbr>zGfZmR;@+!<h=T{y;;E+nRq}UOu
zl@W7wKK1t;=4|NQX?&}V+|IO5-ZRR)&iS%DZhR9xf%<@h2x*{RG~DZC==xyMFc;zp
zNk~Po^U?7;%lmkEMvsqvyGT%nV(WBFJ@fMaRo!<$MYSx88bJ_21x(}&B9kLIBS=ny
zfJhi%2tyh`vWO&6qKG6>q6kRNNdyE0M6yVhBtbz$$?*2zx#uaK`%ZXwz4bq94SP>d
z@7-0^)z#HqT~+3<z)j$zr8OJu7B+pGtfoA{M!f@}K)hTt(6n}2<ksSo{+0%gr|B+o
zDZ^T^QXJ|v4?F8QDqCv~p1aFTkdMxfRLz<LJ6E`JTTHrz-n;Cr9>vaiI-@RUE^~kO
z(tV_|<nXB_PHik=rI*>}T}buut-++zwH0bz4`OLzwB)PQzE<4PjGnUenc|QTU_mV_
zSW=!JyMA8n@ba053Lkos<{pP+O*!Hq+)_-JkHO)OFH<Eq=!0cE{M*bOY%7`HQ5kc^
z)*59%o{qI$Yxh4vrZ?r;8%H+Bzwgw5-c2)mMy`F?WW1TTP`)BevMpm3(t3@~iZ{d0
zzA^u(UjI~;-th4J)5+?(Z_q263RXtKcZ$GTI7XAe{FyhIWUCs5{p>dkUXDT63tT<x
z-_f5-cslVEOXTJti>Zx2L>KjinIU2Sh*s`1|CWNlFInn(wXP4SzMKbh#UIe3JueeE
zT0v=7K%XjpSs?mAon~fs>y(@6Cf%1UsyRfpLTZ+J7tAW)@q|Ub=FGLF#Qxwi|1XBr
zp{;8<e&JW1#j)RDxyg{9pib@6Az+Vh9o?k2$7(uI(XI({%W$_ZT@B6*dGm@B1WrTC
zx<VT@>$%jsz&vag;qPYJ1yin4rN-Bs1Z6l>my=EC9GGiylhbs+FkY$LX`1~)^W)W`
zprs=-%I}3?ZCA;4E+OL1zt5j*Io#FtHGUg%`YGA%!j+UGF@8mckMU?}6@f<mfl$q7
z)73gJF4Nl^^ewM9nSQG2LcTIzzM_L6Ykf0ckRP32y>x6%&0;93o|<0!h>PK|Q;zQE
z`*^cvqWsGx%c=B{&Qao5GpDEHuh|ZMiYw#Dd})U~r|V)SSO2a_LHzEER1ce$!*ef^
zXYulFx?=^(rXPDpD1?ZD+E#0-Jq*u8yWeI%3}Vl`iq2{8IR|;87qxnw>BC&MqTs4E
zCViu*g4Qt6k-2XEeVJIr>C3#Q{fsi4QiCrarP6!Eg1;&#C4V}BYD;(|Q%CT+&=W20
zJ2lQW0t`E~httR2Y_&HChHdmn1V(S454gBiV(+<8RB$i)(u1Bz?72Y{onW*d?gi(g
z;mjiaM_+TlLM=?*_?1v9lHEOVuc9oAD`mI?8h<kM@?)WA-rLz-C7xCrIYbuDuVpml
zxl8MxKKZ72E%;6>tchMMPuh4?9p&M9NNKDB=sW%jiH{5ZGVAF>{LQC__~mzYuJXOV
z%I8tHxHDB1(alr0{pC|sikGt04&{o1dd-Rguy2^?&NTyDIXu!{6>+P2wn}|9M|otb
zO8xD~`Y^x2`HidV&hjFOnNjsM?><J{S|0{|^{)85H3*WA4u8hTR_hI%T@M;~+tAax
z;@!fzb#w$Ke|iw+*Iqs{EfBd(V;eKE@bSL<I%SFCl8bW-r~TR1Lr*lYMNbQZuWfHs
z2t};-tclHix>)|<)5Y!dAtw3gN+HUT{hli>a-Ek;g~}NR7ruSsrPBo`sDY|KhgZM6
zt1=<bR^mF&;hD^k7~F1cxbRZ$HgJ4>u&S=aUW&HzNHwjW?K#enfUgeKwKZk0CLMGS
zCF(23#a&jyR(gG{(;2axU)o_mhTlm*2znol^<7`%Tc<JNV!lNuZFefa&Yku3zF0oy
z!1BlFeGRoj8VoHHb2@R?V%pP_Pmd;$JvgE~S-{78Vz`<2*s#0@XLt?ms?ful@zntz
zlW_V+g4aWfC_=_QT5N~B&@N=0N+x|Tz6LKRe|f>9^(Hm@iMTupW3oy3p@JQr>OdtO
zN#ARC+KyirGP-m3xb=k4vCV8bvu!gWVg+;SV;QJU<66?Dz>?N2N6y6)ts_mYURbQR
zfEr!r7aZ!NT2pj?iXNM{n4ZE;b$q-4m-igEA@4*EB{n&1=gWb$V99McwnYAknyx0i
zpGPlOM>}07S2!qrbtaK(9WT08AidqKw0+&1aVuGJ`;C&<h?1z!YaU8$YS;+hL<!}Z
z4qJ^{lN{xm6MAjY_t5&|IFB&#;gNf?BQB9E!)-|mPLVDJO*zA_l4@qTYdm=FZ^J?=
z9Xn-5g1C5WCh7;c-6Xkf<C?(N8o=evdi!>=FF0(<nYnrFbNzBxXMKuw>1Ce9y6gq)
zDW#AX%N?2yoc9^Mwhp`Lu;tXCLaVnAxO%3p#(vpsFZf{frO8V9^R(`SIi+il67`UI
zasb_u0;Q`i8<=lmRHgBa@6bfL3RhQR2pjoT#U%2j=HQKw%MG0QJAS<7Bg$9bnx}!K
z!#&NGgjwCMvbobQ#rp~~D0wA?iBR@uhZ%gHh>`9*EBBBLqv8^ouvk<OCwzD=QGr`%
z)T+^8DMhlFhFyhs!ro6fEzE{;4IE^x)s(E4wXEi6ofjdXY!5$T>4@$>q=!lkzq?qJ
z7q@xl!Hzwpt27&p*zy5S9X1-92XZWKKEj3SgLby3h9IHVcDLu~^Qp5;5+s>h*{qDl
z-yx=5m-bnEigSy>B9V|nvvX@~9$TtxE53}MLOE9Yo2qmt#OU*{u&wY;5c~#H!-VJ^
z8b9hTQ~M1*lp$y|WmB$&dMqtiHP`T&MoDUON6?=vlVNM2&sSu-RMAXR-h9%Jcwtyp
zh%Wy+1D=Mv>l@*uBDW8rvp9Y*<#-J^ZarV#3XPxPZW}TUmppa8J~J%M4Q}&_=Po6_
ziHEsFT7=U6QvFA|xziU5hZRp<tk;@;^sFd_dH|o`JIEWpMj4YHR`w<_GmK%1vx|Wa
zM(*YaoJjR+o#pQ1H|1VVm^MFe>Mv>8by4X;Ml~p0+a+@D+WT^8b*-3-ndS00zXSkc
zN}-sCvaiw`IvvPkP(8}&4G|eQZNVPpS6QYCXubr-OP82T9WL<Aa5qF|6=H5H=0^m{
z=n{?5d<P!L=+<M|ZVS@G#;))u9G7`k6!Cfd0?~u<tT~&>km(&sN|R<J<yj^vN?ERs
zn-^e~rWcr^q-B}t<P=T`!tUSE=L=~<cb&*Hy`|BLj?Da0+>uEiLB9B<I9wmz9K=>v
z(D-I-h;txZrl2v*h~N+vN2S$toct`KZMtt)6KjlVYPioq@qKk<Y2o{wBZ4j<3gS$q
z!>Q7F8zYE8DXHPz_oQQEWz>_5Efm=0`;S7$y`cS)5hv3-QYJZ1gmEi#P*4VyL}H$w
z>QiEbOf|9R5l))$bWr9=jXXOZ7bmT2gE;Rm%|w@tGB)75a_wcOQtMj%p{$tqf%sHj
z-M|UDyOdB~>73(CQBRcFG}*iPZV%lm4cb?6=x|cBpRtg{shcatE7_T!b9b1;J|qI6
zg;yhQZ-a$5wh#Q#*>uto?cLbIP#~P>fBQQ8)!4$4zxX;x+FG0b%h6#^fMFE&w*bSW
z=%r978u7EA!(a7s03Q5fF9!ta2>Q>5(tiyw496n=%*!F7h2RT0F0<m{7d^v%ATEG`
zf{lwaTxa=l+SWc}f4Yn_rcF0%a?JgU)lW+_jthOGP}I?GeC6!8I!os0qg$9@!>Cv{
zboTh=QYTcH0wN)%k6uK{FjV4$JGccQW!UfB^o7;qi+k7nsl0x49X<2S#RlZ4pgV0`
z=+gVX=nagQ1da14HC4JKpWehTnxXAZG;B^bnJ;aDe2`xSynR-1haOu9=r&LtQ#7%8
z-t&!2f?39|sePJ#-@xWTu*;x>O`G{g56yK8Ixf+8x!ahYCTJg*!;7zHu(*&gxUozY
zHj!Nnwh-o0uj^lFo>oC!e}yeNeuRSsE4A_vBUNSoY<vwcZnHFR$Ii|tj#Wi$Io)jC
zy;n=vLMGI0-+r)VLJXTvRQLMoEp4`QXoz#eoM)nEC$M#!qNiW1b|+JN=OApueD!tD
ztjgJM?Fy#fRNhGB)x30h_Et>7ykR>dDYV+lU~?0bC}zUdI)oKdN7N%OVPq2gMzAaa
zCn`Ry9J9XuQsIx-^>2pe{kQD-hkg`r>`#6a7?Mj46bQJBMgt!p7%v)53SvzPbPET<
z$O3_Pfymq_Ah0b0`~5qL6qFYTU<)`-QUY<TS<!$K1|0B|K%jwVfO0h8aDl`kcVpI~
zfGY~~y$<Ppq`FWD;AnvXLe`>DFiI2(h=vP1K>Cngf&n7!?tTX%`jVpb{(+aqFR^YB
zB=-M#K>Ql(7QpgPV%<WqXbk2jFAZS|qFztb!rV5vu|017dQgGrKwc0-1GR1tg~V+E
zA@<?isD?1{>QwNhAQWeR$m1A)vT~|R@6->ZT=0`r;JXw%Q@H;MrGUnxd&N{K0;z>|
z{tsiYCT?zSkJ1|tiaCyK7{-m?vOYA`s&jEiU}b1)*k#903MQHrE}0*<&;ELyW!9B&
zfm>mTwCqu?auL=$aX};RSCuwJ=R%M98M-ZmjL;rf;b=W3^%&~C(K52h#kOQDc~4wi
z!?T8Z63oH5<2-0sds;NdFfQPW;h2XPYy6;VO{>}1ra^rB5t*vl)Aww|0p|i&d!3=P
z6%F~?FW0Q&3j)ve&Ms`cK8!I`YLam`?vP%B;Wc?u#_`oG!B%-IpWG_;Pd6pzAME4Y
zTokM4(OnxnkT1EdvLo-LUN8}TU%_kX;8LRTBs*;X=?K5l*=S)?{c`PhTs52<sVreU
zO^J3}SMZ5W!A?<248r{vj<qbbfW!Nm1SWDT4Vj~9E+t%l7CB!sAN?-HGNWxNqR_Bh
z)m6<koRLi~<?0f|OICocop7I8-f6;i!nRX5UZCVcNo&Nm!4(Ap54g^(KeT&W;Ur8g
z<f41i)fUOgBWo0{!JA}#6#XE3mH30f_c&J9j=F|f^NddjG$%3U-JkAh@@g4rE}gtF
zxxoAQuo$jW_<`KB8_^RsOO8vY)j;>inXd7*`WCHL_(_FrO$cNfo|8JWT}H-tN6*U`
zYwa3T=`+Zo)pDu@d4Fr-*o@i?MF!R7XVJ_>pQ6!`Vva%0Et2o9vVA-@LDsLZeITI|
zwI;Dd^`e)*{n63h2?JvRj*XN{OW&R==vVnyiZkB}T)OjFA`st;HDz(I$eUNd`&M$^
z)zuCcG71}%CxlZ+)^SQ)#In(k6r6|Ya2lHz``&jeS$H(w**3rC6D#vgUc;=#gj{~1
zHVNvy`k`aEZRrAT^bu@>wOd7qx390tsj{u)RDa(J!Hj%_SQMjUF!0VU+Z#^3Mip&8
z)KeUI{OISo4bvJ2F|#|uur4*;9Uq+?RwWHkQB%rV|K-MZp5n`mhD?USRfTDV)oFz<
z!I3Mpkhv|fnT@5}JKKGwMJG&_jU|`11K$~53=wqBcXga@eTXb@yV6DlWRwKbSY~DM
zCSKLH<mUs$YOC>1cWoYs>D;`MO7I#IHjB|qZq3oNdzhNHKk@6U%{3<hB>ensQ-yO=
z(_Lk_6~v3-wab0lo$K#nb>UC5zVLs^mO1QEl9Yc-yO-8VB*E~qX-U<_eC9%p;ML-%
z)><=9JM*>Pmss|!rMP~bEg3NosXjDas#9bMwPbHktBg#q^o4(kZf~>gr3*M%6kv^u
zDC|))FL?W$dw?#k=e~KISxbqUo=^50ZBzc@sJGU|ol`QYda20HPA=XYB#mWSj((np
zu9QLcnVfLgc&zaL)TXVR`W2CgMDHrE0WHXv_w-Wk(|*eXC%OErwB2kIXge2H6X>3N
z7DnC^-be1wPUC?m^sTX27iRIV5r-5SOFpfSB3sJ88bqDe-+XJsQps&wvGd9%dGMjd
z(WA2Wa;ME24`fF0O!M8oFs)0+%F1`>O4dq5<|NapOql~*p-p$hI}qK&6}Dmm-N@}v
zrK)PO9Gk&z528ceFm!Fv#R^DOj_MxuQKv2H40+0|PTR<mt(Cs)Nx@;>Cb{I{XH+dF
zrp#^)TOmGviTSy*saeay8Akg>AuoJJ9bfCW%)2U_bt6~4eOthfO98KoKZ?I`(u_Z@
zZy&r`-*aRBG3BWXgH{#g??3soBHk%XMV%-sEPs~PeZE!nb#}Qz?)JBVg^+>emF)}j
zhA(&Ibq63$W{4S=N5$1TPcv<Fs;wIoj1rzkA+NC^i;hhzB?f<?=YQOLMeS-32ZGaj
z_&V=uH-o_(s;0_(VmQh%b(BVLd2U(mU^~zUby5cdyfnwlKIQR)1{@b}r<0XbuFPuf
zOfhV<o?7r(iJr~*V4Hs~!?Iy%fab>6_K~j(*QbSiAW-9rWye2iD}56bOrJE0P!+Fr
z3TBs2xyZ+tcKH6LWNK;3b+?#Qx@lBuN=j*JVde3_d)_K*!x2m}Co}Tt>95op3kZbI
zX3i?;*mo!nR6L37)YAH}C4B1T+AVT9?K5Yn6FZLYP_`Qi9~A&imV@7kOin0_e_dy~
zOn=G=lf3e1j#BK*H&K@DcfM=)14=WW&1N_hia9ir=jgVGU01DoU#+Kuj&_3gp258u
z;+?YzK^{i1G!&gWui)xbmZceeX_ZUC$;tInnY!x!+VeBBH(B|f0;iuul9MV+pX6RU
zXQmoNr>Ahq{M|zX?=ZJsmJ5se)!U=QZH?F73TrCW(@Slkk)6pZhLCGgeIQ!U(tK(7
z(frBwmfOxVswRG6XT=&$UfGmnWblGk5!O3r?w5cf*e`v}u?`<gatckBSa5H$9CBFP
zl(M>4@s)*z%gr}C0wsV^sLpjSPL_3J$_YS9cSG+hE%%iS?<_}gWsY!sNedd-JiSo$
zplR@<oBJ?}%!G1_{>lU0y7l<11JC8srs)o8SGH|+p(26>RKkO!crGS81nN`e*fB+3
zSz?JWaO>?fUVG*ftP_-=Q;$8GcY=KC2zz^BH>*rmSCgWt7VPsd;o)e_VN7JJhTjCk
z)R`u#r3cvi_M7oo?c-CSQ*RZ{H+#p7<5M&hw1|gIsfS;_EPXN$%IIf29f|AmCWP3e
zJQ8k@;^Vsj7QY=4A9^XcC9^e8`aHj2Yo1^0led;3J{O*yK{dicSRjp*FBqYXPl9i|
zw0=gY>*?Br9KCpH(r>EtNp&jBFa5zGkVh-yz{SZ~I+|3|m$Ne29dC7nF?1L64-d;0
zn|^+uYHfEX`xrNEb7`9Y$5y7#D5yDa{W?bT=2tw0fN0WM><6ga<;7%XC(cTdb7zgM
zdY;=;7vl$d?$)(3sB%bMxtU>q_b|r=l<*l!w;1p_ZQpP@#hP>SS$F+CvdGan=X&$+
z_cv$RcE1n0hInxwAz)zk+%8Opk#i+Q?3@I1B(DQ&%$*_xdc)4sw3P1zQ;0j#8zGv4
zlqoc=*f-AT7}I5GeDq}OOR^$WVqsoT!YvP_EDpq}qntVr#^9Hcv7u|@9T3NtMJFPo
z=#D*ZH<C*1H|1?pmE+Sg%e{}HG$6hZbIV#&ez#<Oa`M{Erx(s%_PnBVcj21aj_HMa
z-z-1dLD&>eDCXWc)fd*Qs(<&<2j_cC4KGZdK)VYPxRMp`-pM<2j)q2>Jn~5%>r-*u
zRnu5@Q`n=_<%zGdb<ji8`<nL|%L!P8AF|BRev(prB7E&Z>_zD+3Hli|!)_tQUUqq8
z^V(-}DT|cDjLDei>&e>_yiaS2)$DHOxO{$M`!<sTQO!zuijh&-GM+rv@p*{ZH-CT6
z_{ffHu;Wb1?C`Ni@_`zG3{RyC>nLtbzkjQ%Gp?>N#u{`(B-lTp%R1zxuB4O@EAhB4
zvLR7A79L<>qTeBJ`9%5nxnqw^m>h4!)rv8OvPvj1F3ae$Tbc)r)qadcH(xIG*tR&5
zaQEoMU0DwakX(|VI!%%Wc``?A*z-m9TJd)j>>Zr3Y(`lQne{N{Yx8;1;>Y|xJTkL9
z*8iMW&2i$6>>Kd=3ygQIG;X&=m_XZd*dKHIW(*GH3i@~4Z1j}y4ikz!r;s!^wlDmt
zXkyr)Die(=GQ{IpKsRRcmd6!#4BZK9s<U~w14;v)UX_j*<x$_{<kol(#C<(ZsUfAo
z0clTJZMr7)jr}q7RI7vItA-$}%F}Gu)>v!ln?FWS(j4<t4i1(|?kEM<T6Wp%wBXZG
z76LQ_S02L(71Pgxeb33BY!tkM8WlVnMAmf&FBEwOs(7~nQrTS__7Y9ie*(_(=8oC{
z%ZS6>hm5<~v4Ue)qdyZ^7(!MR{oz^awef6YL0Pe*c;+Cx0(*{(3-tx$!0HH+=H~K5
ziucS*BTj{~%!jcWlVLAz`CYJN6En9=2rgP7y6bqWRG3E=v^NZHWtHTZCs(xfytGW%
z!sHYcC=uGrA0A`&KkoUO(7taDZ~pqz{^H@GAv5!5ZB?Gnw!PkUH4Yk7B@j+OE342G
zLKl`*2)(@`+&46Cl<)~uLLTnsR<A}IHPF)@?o_sZrEjdetaoVU8`WEU#X#3xOn8~-
zlxfv#(a;Jfsq})-uY?bCA7@<HLQv8JA3qTmq|QGBou>2&yyEUgzCOq_C+sXdQ7a?#
zbs0OLZ}7VMtFwQTo9cupw|H#WrTSWZhPAP6r`NBQi+exLtSpzs8!+CtN>8pxZ;=^r
zM-fY~BA*@-ihKQ%Fn!MDRKu$GdX>{FT3)}4H+W4AQoenJ9A4l2#CPc+(=)>5#DcEZ
z>+S~G1W|F3@(ulL=KVqCa!N!>XFd1w4TEUH^TW3;h39rD&FSAfL^)dTedVyZ<R*bG
zdi?Y9vTJ9SwZlrqd~5&or|DDpg*gf5G7<N8e&p8To(|(qahnbdpNmYY4nAJRYdl9q
z7to&g=7_TMnR=e&Qs(Sdq!Y1Ge0EUQk`CY9l;Av8Bzsc)^rygUqvx!Q1N%<O-Y<2!
zGk?D<cg@Kft)6p{<-^c*+Orvb=p-XD#YN4Nce{91xRYyd1rjR{)TxcXHlaY?s$ZlF
zW#8{trhaTJPdc_O{zg(p3*;2d`|ytIkf7#U8Fi)SXs+5^t+W3Ud-7!NokQ^o+}Jal
zjYZN_wi%;=r_NbPzQxqE9O9`x(ram?L3}J~o6n_np0htp{8KPDpEgnHj=GwCg8d9J
zKWd>r!}p0Ad0tnBuSFWQak?&fhshi(yxIM5n)K}J2T9^>bQhKtExGPLjrzcotexb~
zB$|IE=-hsH*`kvo!9^$Ax)tUTR$Q?fr{iU_r9&_C=SAj3S!ie9W2(kZo*bTj!1-Fc
zOuEe>C_$}E+VL&@!d>$U)1+`-q49{IhdmKNv0Su5TM<FZpqRHa_Y{e*B7zbWnx#cv
z-!+I{wkuAUQ_d7jI@{cyBAAph8<-&PBwdin;e4g%L_)rxvAH^vy?GnOJ>r;DsNQO>
z2Cv75prb6#C;e#X{Zt4a7sn1O!45ARmpN$jLavKK=yF?fEmQ3jt65lrQl5BLzoJRw
zOhLHzNiHZ%_C4oC|BE*`DL9S>MkC%kQs~}EOvRj&J|f%8t{B0&$iQ<>P5!}K`yM6s
zBO|vscqqmK!mAO_Zau)Sb}zOb*<L>$@$gU&J^m?k3gTuV;9+z`(os}X*wK=1z^;&~
z-G;O7$e4_d*0rvB3ayLv$1ff7HaP+hyzYCXanXY=Bh%Ox_R!0R%ZE|s#Bcz=$W(Kt
zouLplLda^7!S5bLyxigGORBx8rn=M*>F&$mFYqMIoPIzh!mY&bSjDZzFOYIpOqAB^
z&{*7Y(Cv1Nr2?(_xMaFgpi~|FqwZUELFN869ozTrgM`@JDt}?wX5JSLmlBya>=l_x
z;r@{Q_OL*AXswI-DrKLze*EZgLtcnt=POezY#SRtp4b@a|K9w3|1rI%m{+~;^1>xM
zBGPvr^U!;mi%q2$yU0$leo}=h+@}A8GkQD+1R;<)>Tw3FpMTW{d?6Q?#Lj!2GEf9K
zzI9PG=z(@goHIHLrwaFIT{N#4<v*Xra$?%VY~n0kQXmq)uJdO3fYvAkp`;WqU)x~n
zy+n!m6hQWkj*Qx7k+7Q2{r>G@)w>Je4Ep=y=AQ3kj(fO%zGL}HPKNG!hg98xOX~9}
z%j1n|O?Ofb<C)=f*SX(s@^p9~TbQPU3y$$aPas88M(NWvfOF7?<j1UhOXKJ&$d0)k
zpmc`ERyFnKJ~#egs<|pIZkmvi5tFOaa-Ww=O1P2#7$Lxq`lD{|*m!Pkx{+0El*GyF
z@4OhX^LT8W44Kh^f)g}kpB`oO=+7nU%-)-#BADPql_{%XSEIu%G(T{7sMD!;jGopN
zGFEtkQ(F!)RIUR()TbRd@q&NxEQD`kt>Lb*Y4JV3%A3V1c8mzD&54c~Xqm<d6HQb9
zJIC@J)npGgn%z9|f~U>m;>7bbW3J@9dB!l$5Q-SBS}c7Twy%%M=8Q{_+W~jk27yM!
zfq({hq?q!{Q}Xt-pW`%;T$Zmox`SRjB;1K{36@Bh8w6ipj(JFT((9Z`&Y5_Jg!O#u
zhaa6X7&Ph8#;Ox{!X9)KN{iO=m0ae$#2|%Tc`CsdC8aec;=hn)q1dbPUJ9pRFRw%a
zV@{)FNDwA3BXZA~oFAS~tCD)JzliCNPs^q~?W#@h%H@kLin!=*dj2Z+2y<-AG=fd$
zcIT6@S3Ix#l<ir1(<UE!+<bp^wm7?O3C3Y2$TI}?Wgkw~t)z|vl7~m07(Ax@7<zY}
z&Mo9YIAdL?y?X|GvgHhIzcc!}a`qcO4lY)hFm3y-=45W+nd@E=ubea{35lf?>@Pm`
zug5B6A}%@hqlAZalu|NXds=m53sc#HE>k}yemsFznJ~UX5jyNsBbC;0XCus=Udg;C
z6sEys_*4Qe8!_eiLB-0F$(}+`B!$5|UYX{#uqkbCxTkUZT`Q`&QqjTwzyg%M4Xv~N
zZKi5N{v><a5bR6le2Gz*-SQZ?QAGT~^S1i<_FfJT^!xYb2Brm%#w4w`nsjMGu%AHs
zAM4XwZjJL?vBw>Jy;kbGc)t5l-`#X!cIQ>>>)_f9@;<nxW0}Lz+kCIf?Ro=N`(i4T
z>pz}a#q2n%v3#~KX-<D!ChC(g7icnt(F;#jhK^@4EcOT6ZAm67vlZ0Zl!QHIS~;ex
zfAe77Niw<Y)p?nBj7bOAmW~M6DKOJ^g65kh@wC&}p05X9jb=3#!dT365i#Y6)zS5l
z2Wf-giG_L^+9h|p1`g|S=}o>$zLA;ZXD}n07AC%7?R?8`IC!(@?ev576BF>Eb1nG_
znQu;)Fick}sX9>JT~^_fr_?KUN?W3iO?$&O;Ygw6MESw1JNf9?&<uSY%aCNRwniVB
za^1qQ#1E~Vgv_vTy>IF%voOzBe8gz}!zEqZwcfInbqAEclprsepPh4w>s9(Ze&U{p
zh6OG%P$v3@1Et<dx=D&by=`>!ntx#c&fz&(mzaBJ{NyZ}UXHIcvYCnO8Qn+yqs0{7
zvk2_GidEf>M?BB1CP1f$t*(B47^yh@aWGD(!m?E}x!);Wgul=1@&VaXpN{8_$=k(f
zjoUPr7Qhw+`-=uNZQo{;m?Ym<(W;7>t!o;3DWvAyGe`TiOzj|dr<S~Cw@(KV2RrW!
zcX4Z-Pmp#T{(`}24Q_oyWOp0ftHpIkJ$-TtQ&dj}oC`iC6Y2`T6SOh>2zLIZd;x51
z=~!H@$JVU8ZC%E8dmieV#yeK77R@NB;_dMl!_Y4V=XnvWbIshew(%*$Eil2cbC7k*
zF?sFw>nx4ElH4xzrPTiUm=y{G4ddkx7^U+|T2C9les)QC?cBZ+*-ev#-Fnm<)hE{n
zDA?b8-(o+JcSO#TPiij>Uw8<s3Za{5c2Z5B&3zM^ol_q&!{4#9z>oVH1!MBxN$})~
zb*%I9@Z=I~7<k9?I7d2to*&04i1y@iyXjS1Hp8#x@YFN4wZ=&>&NEf9a`IbLh|30Z
zO@(P?B12R?Pj-d0Ji!G&`{`xb45)+FA{vKZj2yxxy=V-{Hhb+E9prVhLXoH*&G+S*
zJE%f&S*k*DKHe$j10ONwtz0iINs^r5#2nX6J*ffZK{1yq4#Ctmv1h|4MABU9MT>ze
zVS%^n;Q9x5xn(*xIi43A9p6IKW4^AUU*$2exSeB4oCme_&#%6L&#p3VymoeDVu|hf
zj8z*MvnE<ZG>*E2DW>~S3VQSs$#&Yb3f{C(Z=#M4dn8#}p8RS>)#s3zr?Iinf8@Bs
zvdHH4!7}ToI~y%VEriAnu@8%~e4EuLukIKGFO^f*So!pMEDrFDp#?YHK#Upwmz}Q5
z1bFw1;h4Nq>%iV>S)1wshIDnoVgsp_PwLv8Ymc^%JgIzCcT}aNT@3w5*qcMRM$hY0
z`mtAz2N&a|w($oygQ?q<pQ{j8KOYj-IMP0UKe2aAj&`vdv^sWf)rVR|m~i>wn=yM}
zbvL##GN)QybF{i||Bmqfk)E+cA||EI<>4(~L1ENs=AN<efQ+R;Y8s8}Z`r&z*q(a0
zQwU3s>CrBZil;6;q8^FAagcU#pEC2CF)ya-$90~xb_;#xyesRYbMVoJ&-EvnSq491
z+%8u+tQ;EDqH$qgOrTvX+M0aTciw1+35D~<4jTCm*z&6q%<c5{&sP*(?MLq~VIR%@
zy4a)lDk=x{T)>b|gTNP%bFVhqeyhcC^wMPR$`nsjmEfR9m-gfo&)C$^k`lU?A8q3o
z$GCL&tDP_P&IeyGp_tFGd+cbz*q1~rHBqtsiI-lhi}oGpGem2Yc~R(>q-&NDxaZfb
zgYwhqMBQy3FZG`+Ek5qd5k4g7AsgWR<c0xm5zq9jW6YB2<<o2C$UE9Ej=Vn`bHm7k
zN=5wSSY!dKPiQ?TaL!KaU_CK#_IL-IVy!(Qr7q-S!z*g0;?s4`0gTc;hj>_T@EmY7
zI>I7FJ36BNWYyd^&9{9c<$YJJP^s2uQHtTArO`AuoE<-vps7}X&1Dqd0I@Wm;@NZG
z%dLLd*X{Uy1^n!=ApL4)P+cQVkm}Lu!KmDRvbb5JWNHTD;)gdmQi;^jvu_48a+W{&
zK6Lv~ED=qeAehxR7C~XB^1R$bXF6=afc%~_lRo*QY^VF3sQuXmk9yd0zSdp=A~hVQ
zW&&L`x!n79EQvxVyUtIr@I$Vp?&Ew*3jIfQuefrJv0B=gklEb$7Y+fH)_hv`>0hW*
zULs-)L0Ydz4hP4X^96gpxl=Hu`zEC>i6R%Ar9D4q#P&=e%U@+|Tx0IBy+mFo=HRJ#
zxv0YpcFcZc4BhQu?b+z(o5oKvi};)-RjqtuBivHW4m^;iFFrKYcEgq0^%LXMRskO@
zo!NAqb%1bYmP||$jT!p~MHbCDNFBMBpr*FCjBB2{8s%gIgvlsv!54Om&&o%g$+{^(
zDd42Xy>2O}=<PnK4l3U6$KvF%D)i+vOMDYT6O|OX>*5l}QxBUqD)PRBibHk6_*<yL
zcrQ}NX!;O!mJGZj3l~k+Iap4Q6>OmcHfd7F_xt{VL2=jkMY4Yb$t$71o4)~D-S5Hi
zevjDpN1^^?{?PpWC*l53C?MP)2FSCE#R9o2p)knLX7Ilr?hknM-x$Jw3HJx2{`?&y
zMI6DLXu%3Yp#IDd9;Rej2RZJyBItL2hW(;*MA~5vUW)zTb*Uj{@%t~IvEILR0qn66
zl2Ygg;;c5Bs&b_gDw^(%Z5qC*!6YqsCi7q`fr8S4COI$VX$I>2@YBsqdAAp;1KEzZ
zGKzey&b=7ULpSDjwnaLN44(LQ4spmtu6#|{NyjC4<?@5)vaf=UYu4QmZSSmUqR`Q{
z(YtFy+b5u~O(v>MQ~26RD~UJV=$pDknDe1dJCKEA*^vX<J9A98lUTZ=sW7@@oYO1j
zKKiG<6f5~X6f41-VXI+lrR~G$=t8c9F&+`EOGh3EkDQlNHoEIK;^;OVdA`QBjNQ5Q
zk9g#7#_#(xruakKGmu01ht#mUmSB?A_qzocx@$uI)#AI$r$5Ez+wJF{EWXGe;_}G?
zFCtmcfy}0WCHuEKIAF*AUIv5-+`aoTMKh3-^>@Z0#jFG}&5|lpf>j-CO*C*sJ+P{@
zELanFooMjmV|xdXs*yPktZL*y$`}n8ut^}O;~Z_B987SIKw{Y40wtU&-iVZonq-hB
zCBQ{vVFq9c0>PH(s7DFgwPmxycA*Ax#*!Xk1#IHG7gBS;HxiSplPu$M4z^BqKx9h|
zAYCtz@Y;^lu!$>JN&`q+?Tk0Usmn=%<ynb9Dqm4iuoQq60GA`{?&CkCr~ZL*yHemk
zfW)qe{+~m*OQ;_p{NZ@Ze+WV#$1aJ6(C_pG4n2^*!M@WM_MN`4-TnjQ$M@fMVfyDN
z?Y8#=N<dQJ-x=;dh0}L{q2B=p&Qt7S_`NHD7@7Yoo&k<+0MGvb|1Nj`7FhLn_<@w`
zd)b{5{5!t`Z}^?zNrb$FH+9rw{Z8}mFn<Sfmo&TlEoJKj3?#%4%|b~y{@Cp9xcNQG
zs3M+V1(vjRFvU6S4liKNQOB7O^<Xe82+oSZf`D|(C?p7&lprt=Y1I8Isl0><5pPQX
z29lP#Jn6%0V}!RR+6r0$<A?xq0l64iTZ@~M3PC2eHhcg?KLWLP1pPIjfIRmg3@|ey
zKtM8RI0S@Zg~CuE?EeIn1(9ec2nLffJcG<_ZGn9CByhlXU|Sa>M>_$Wqmdn6z|zRs
z2#j}hbiz4;O>sm3W-+{}2podi3pR;E{yr^{aDbFhI0k?nfrXInkx&roFF<W<ZEFs)
zfM0hcI^c|Kb^(V$pl~n*1O5)Uiv^A#VB|yuE=0VE5fNu90LU{3S36SQfGmhM)_XD7
zdw%b)5&k;{C^*0e2ndFR0U8B@{{;+OaK<2lvnhyxcO(MzcLqD-aX{2+Cu_pL2u-?|
zHx-f6mJuM~CV)htv3r5uE6x56&=?E|IA{d{vWY{We*s_<XB@}|56~NA>tGHxF~<uS
z;|XA(lwf27u#P!ijCAuqgG-WJ|A0%-yZnp>xC91pHH;OCfPs*I2C^f-+~#<qg_H3v
zdwgecFcBEldx`kN0k2*0^EZeHhhacifQV?I=ivzWU*g@rJ>pD^2qI8!d(yDuHnFvK
zw8NQ*$V+p<AS7skiw4n%=;R38s5;<n9q>d~;8qE5jdLX05=g&G+1l6vcLXAEui`?$
zIRIA;CmS0h2UqSt9L>9P*x&Cb7$AgDtZ*c07$AZF7~sg?Ul|Jj9}t8zv;2L6><Win
zw%DZy5L=o=n?GaRe<GCs?^)!B)zRM`G{E6dBn$zFOgIJ&0z$X{`>FG{Nowzu^xK5B
z%Q&P-%h8zt22@jE!Zx)vak2qe-Dr0X-kl2&q)AM`#MS{P00Th<9B|e+BS)M7pd;fP
zLB#9CJ>p<jSNr>Yjew#^3{OJnH|9q`Ab&2UfX@CuMeZM}7ceAgOv6cn7!GhXpkyFn
z|0zy3wRIs_+Zvhvu3_xXBj2ZSpu<2A0aMZ(>4vxCCb2mTkc1pIMpifz3nPL#&T((|
z{WDDj`W-_OR=<r^B%s{=rFrqs6{!C(hW|`c0dy1;D-1<K5XhPU3_ck8uMEAPbQBY3
zM@Nu}nT?o<k+q4FwGq+Qf!i79;0WkcBCx$3@y~P<7#ahNAQ*zga0mnzm|bCj(EKYM
z@yC$vG7|u#2>`2zKCgtfpdwg8iuBJ(P#G*Gs0x-Blmbft_cDU2DpFu|ML`u=u(}jb
zC?%~56l+QgDocZ<)CHBm@}z$f>Vk^;eE%Npf2QO7hBgURKsEx34jS^8)c5~Kkp5>X
z6ckBXN+AG&0-W-Pq5;$qsK2H?|814w5A~egy^y~z>Y;E1AnK98ZV(b!Ln4t75aut;
zVb*{Ua|G=Q`&|v%4sVBZAguy_Td|npoWZ+#zJ!yxlOquffxuuG<R2|n;QtG41ce1u
zXJC;+S}39cwe^2oxRPdHk{a#e;_?IFd&c?h7Si7*A_Bk-aLXWp@SDH|{6+qZjDHFY
za<6QZG9nrQYeirq4VWr^+eZU-;(%|8My|F_M6d>)04#k;1(aYFI~?Kr>Rs>qRsvW@
z_X;b)$=dq+KM1hXpbae3a1N>tI5Qk+hYaTkEc-9wO>vsGw${c*4!b*Kl)EKLID*s9
zC71C8U@Fl1zKup&^@A0GDU26bscLEP{kRK&{6Tg~0E<{#2Vq$mSy>1KAqjz?kPrwO
z1zfSfM+RUM2n2#e1J@t!QBdGFDbfdML<(3V1JdueSCFa#q~3iT4d^JluY&>AfbB_B
zCllPi>LEyvlbQhP?$!sIMF1e6NKOB%c{p$nl#@V!1Meb%07v|*Nnlox23Fp@(t-eA
zV<Au&6beNGe*zFB4+O$P;v*bD5Wti`c^#l9C4?1;p#<La+aKTngaq7$%visdp`cj6
z0<ilVE8({?;2UY%jr8~5Wk3QKKnDL*hJrx>$DyCgAb?xjFVCXT=)G;AU~rO`+)wWV
zvIb!RPW!103W1WcxBOIwf&u96DFf;O=8T`~LE$jcHuRonF~8J9!6Br*xS#960mA%J
zM#^Hdw;mGEyZ4r%NxR#7-iP`1eF$KKX>UCQ;#YhT=wJE+1^9Xa?EG^ZNGOoEX>S=E
zvzN{&B*4hO)I+0xc^?Ww+FSj(4HOLUp4?l8_?6Bm6u@PB>-|9+Ff_?I?58$>eghoX
zelCLpgK;mNfwEut1r9-D0V(s-```cz{qijIS3X4m47isrK-n*S4s1#N(w7KeXK-)3
z2q@wgSdai;?S%yihe7x9E)otbefHo1%#E16@F5X^6xdS_1=#X_=_5c${8|tG3(P1e
zFj#+i9|rYn8J0B9|3qgL3QO9x|G5nCC;Z`Aq608B;~YrIzBKS|I6yRk)opD7V-A2T
z$(SQgFtcUdmD8jz(yV%{!V)qt2_!}mgF;FGLQxu!UI;i^8U~R@0N#KSXlYT(Kd(aC
z%$Bw_k+Q&<SUEb`u!3bIpfWNt2uUmkBY}h=C4e0;C=4wjftCe?0UEHt0#ekGXyicL
S6`?3Ju*E>h#U-O6OZi`NdQ9a2

literal 649591
zcmd?R1zc3!`Zg@0fHX)-4IvE!GeehjcS{cGP(!DnfOLaMw}61sod!sU(%m8m(kbx{
z_;`+<$Mc+c|G)S9zW4K|?mc_<Uh9sv*1h(1-S^y8k&t5JWaq*{zgva)gN4os-~hl)
ztgz4p1%VnK_U1rws58_CZV6O@TADinK!~r^fC^AMOGa}$HcfRV08ri8(Z$qR!_nMa
z4Gwn(aPeH-q6l@gmbJ5hBbvE9H8%qwZZj7~{J}yuw==uy;<B+{`nu`^C=PeAa|S?w
z@-Q<eJplN!IRJ?J>Hy*Rez@wx0Pu5Tm-qdtF@)5P=7`3=i>+qv1b1;XHFrV?B?Y&0
zzC3UOxGtLnN`U~p-%r2*&Z|CwQV;;=A763-IKQhU#SH*KF7Fc-2C6v1P1Vhv^?(Q)
z0yWItoq@8p2qTGoKZt)n$X-eb6t%O1J0q02Y6QT^ci92}^j#UyrO6SWu4Dv&uKG3r
z02R&6U{Eo*yB^|O4gfbN2*AS!LR=R|2#!$632-F_P}&jhV*kTeS08}tKn+Kzos<2g
z>ZTq*adn`Cxhu@nTuoXGA&Lgn#0hcBcdvanj}w67XG>l-{KJw`FdJucN1&7q)Y)9Z
z+!StR4pcC=vvhs{;NsxEddkV!(Hv@vh3=l(Wbg$(C53%K3Apfo{H@&U1!1pvNoIoo
zVr@WJb!VGYn7AX=)2j8)^**Vt8<2~$nA8}^{g7C#nM%p^DhPPVzGF5zwcQgq<1zc_
zVj&@}g2!-cE&lMNH{|eS;kbfW1Wg%DWMHOkc-QhR#@wU%fQc~wp&%n-p8kxRGhF9K
z+s73+VKptloVM*_fz7>#r0kKiY;kSlJ2Jq=qJ~_<r`@zwTRvTLtF*$snc+33QEuCV
zyO#O)u$Z(U5{XAN4yzC6x}|)nl-UX&GUY$RI(y)#YpkuzN`~q~pvYE~7e<YJX78vw
z=VtPOE|EP@LXlV;Ux`>e_UO$}IgG;qvmlu@kYEfe|JhAfhG+3er2?v6=9#B}wENt9
z`%C4oHzoLFkWLE=%!i%%(B|A6$H$cOyA)6cmjQ?i9i_BEPWM_KGVPgE38E9@5H1mR
zyO*8G@zyF3w<knxx%mRQyJ_oc^+G$Ie(Q=>^F7E3u_*u~vpU{<H=`v4+(Kpwa4S10
zJxZA?3~>&ka1ZCw;lF?K=C!>?eoLzROxW(X_3HG1Ct!@>jcX68COP}NzpM><B?qvp
z3}uL(9OHi?ON@i`%8E?AY4!Ja#JFHjus9zl(mBEwo_6K4qL&<h7pY{Dk%2yq&22Mc
z5R9jOQ)3tpP3W0nlE@?1{X@!+g<MqfDn23+t}BaZpKe`KH@Oa=i5_@CaHNj(Am(v>
zl<fUkR9`ehirg)MffAZi!X|!vY9EyY50V?JU$iktI$O2by=^$-2cA5}xdn-t^T(x>
zIYj1WhY)$#cIOe25stS$dwfjc0nWWKLd&hJFz6yq<9XL_GemQ82PcpE)RwaKS;`9<
z-KzWG80RBoZjvgcN~-*{;z>gl@iKYjV>yHQAsYw{Zneyo)jd)dd0LGqsn5JO#qG*Q
zs%kG{)NY6c&Zy2|T(cgarJj!?&fmju**R?Ss!@4EO?7`KQ{rAf4)RB1TLQtSJ|rG^
zwYp`f@KcCy!fS)vnTxem<)O8xgC}3Nd1*<Hvo!6C-j<2&s9NoN9Tp(@?*^r$yu4xj
zX+ZOJYn)8}nUCsft8!)(wZaA`3CA9*#2e}GXp_nO!n}e+70Fj_*2(EXXU(oRz<j|D
z#KubHwm#lLpEcP7Y+P`joNCk;pok>pp6$GDH8Hxu%2}egZq%EIMgk_)HqCw$=eLIJ
z9}Dpp)65Bl7A7lM>M+h*cXB>F-$$`XAR|vEr$4pTec4E;wC|c}T-Xwn1jE?;I-puB
zB~9HB#P@kuZ69-K&^`YCk@3Q}Tch#!?~e;;`8#MC&(3KuRodA4Tnil{5-yO)F2dK+
zcJ02#47ChOE;A{Ue5vD#5dd;UPpUDn8k9>)ABO^-t%=&}Sj_6t^m);JWG=_x29RGX
zS1rX8MYYXT5=6BT3!eKJ`Rvq>U%uY+)}51U7b9~k=#;1yG0Fi{sN@)njK)v6BCm@%
zLmwZdg<L;7O;4xt*KHBU<uzsVq#Vb!QY080gym|~C5*JU`G!d1H<?JK*RVWR9!Ac{
z)y|ZTdbF~vS=}YVj?<lRBVVfZ+p4+zeBtLTB;4V96WFZDHQ3At^YTV6md{k!?;OlW
zSwW}RU&lndKQuMe?j0?W{-BuOtVUQb=@V;@QpCR%sOf^mA>a~(gblgxyz*vI&mIq+
zK(vfIzZIqF(<wHkKqPT5Nh~nJ;VD?GNX1UZsvg5Ba7FGSf7iyB9o-A_UbZMow>$Ng
zzlkE8eM99~wsk<5Uy#dQ(kldNCGqZ>aW<_Cwi1ur!0u6zCn?7D`#yq%xob$OOsYm^
zlzj(rd6h}5P<}Sq3uYvlTO;`-R`3poNBYUm6m{FWWq~5lWX`_&8g_0yc#^Zl>lp<t
zcMbs!-@UkM&x7R_j?gi?B9EQBiJvgmZ=C56CuU69@CbiuY`#ZT-YevM>-@>iGMC_U
zN1ck-(R4w&JodR;*W*%C)|+|vGC%8>HkHk6F#5;o6+O?vy>qjYsC{E<Vm=yI@Hzz+
zM~EHh#ek~Bf+GNQj)HbesBO(u&>NW~i}e%Z{32>J(gc=LQOZWxUG#TyPb6sP#r>$n
zPUmw{r1>BEU)MiOP6YQ$qE-M&Q4<B>E*%bT9yN~KLd)Gxb7~ebh6;&|>vdn;FrQW1
zG+b@9oxOcZ$mFpy*hsk}T!%uALpFnRoS}%3ifq*i)9<;T$bQ?#H&jafapQnik^v7v
z5hFtf5%r4dT?&!P0&8T00tSI>xo`Jf20hJvbm!i-2JQ>4;49**fS+yEet~`FN8$z+
zR9eR=Z8%dEvovk4oTTY~@$IxS=+)tMS*E1vbO>>PMp9Lvj<~OY0$FPKr_@tlN#<tS
zrtmi6!Bal%N837L4RJ_r2H8}=d@B@bU-6$-lsneV$!lmN<7<Y0CYa#r2kaqpr6b2>
zo2DxEddC@y(fFs4Y@-jYG8@_UPHd>0TT{X~RC@fuOYK-gDir;XWyiUc^S_1@=!mr2
zy`Jmzw9D_jXgB2;+#Gmk7jN>)nevg^b75vxkw<~KuiLW-g7RMC0S?K#M*s!f{MUFK
zc%Q1&+zq_FCf+;rSVj_Yq9lM^;7D7Kj!v$fyAa5x5(7imc`;_d438FLz~?j}XWC;|
z<K;S(Ku<$yMr(+x)lFd8B}7rSK&gMO^O6c^0Rmhv7Y+<jZ7kJbn3Lpr;_~Hd6ftJ|
zZFN~ESc(F^cuGX1h59=MHDH+*Gm{X+AWrtA$P)&V#jJXL!!1#c*^YB_E^PtCIOnai
zD0HvH7b?o3pxGFOq2i}`Oel}T8c)Qs8KXv!;)mHc5WN+g%=y99=3M4;6s^Fwt+FWv
z(HD@m4cu=@Cf)C|xu;MkaL7_42P+qGlJT*oYPyE5b@QnA!!@4!e$&dj6ZFNEb!yY`
zxz&d<7Swew`Bo2+YS+wn12}`XtWnD=@ZJ^FZ%+6|n$Lbdcegx<);-hDi88$&UD5jq
ziI8BZ=F7NXS{lc;=?7%?eIjAk<|J82?Bf~Cd8XTu)B@0LG1nTa+IY+7>&^rR0kFbk
z$82<WsoVACWK(^g*oJszYhRY#GMJKeyugpMe42T;Kie?2-+M?<VU^n|@f*t&+z$u7
zcDgAfwiIU7zeucb?s$*4Lb+B?GjK6&AwPTkiRoUg^sN;#T=PI#ICp?h%FUaE^riMk
z%`A#2+)_s^<Fw}DDx5MH=n{-bxK+L)raAI2V7g`JmJY`_tSgBf_VijeQNfs4yoBg|
z4^S;O>-NM%Ih944D2%No^u|lXEX)fzN5~aBnLi}2I*bf%s~B6#W1_l>_wp7;L`q*5
z$fpo4tuXlnu6*bls-SKR5icU_bc2+tmxD)nxDK(_od<Z@(oTK4`U-X*%m><cek99K
z!y4WuQ7R~Q;CHcXwSW0UXE9Y4=a8TRe<916olD=xEVzJ~TawqzNz;j`o!U=UWH~A<
zj+xx=)<dr#<LO(0eT+<X9vwW$Xnaw8q}KYJv&xEkC;5{vP)&$TaQ78L@P^19yidY^
zLL%OjmxeS1&R$$3`|2(E+(YEf>}#~ow{+ozu7Hw)I^a@BYm_I^b02~IzO7mXp9Z#K
zbZ6WL^4G%rcS&%sE7O4l!{236^CO`&6t&q+lX7&(MO3{`+Pl}tBp@e<+4meJvxwJ3
zeb*T*yVw`eQk>%u&iqa#2kREz9whM5!$LbsnEt(|-_{<=CryTZ3kLe$Y1L3SxuK4l
z>_8uLF9K>c*mo`O&WG*9uBMV;$Ywi-<^oK>0BQxm4I_>I%(|yOO)nZ1pZ~THAAND2
z{oWkjvD2ntelRN#BfP56H2ZAe<OaK0@(E0tE`aP*0fo>2RgQA*y|#WrMUkmcaqD31
z8}+D=CEh!aJtf6oeI$`qdJyvJv3=F2zz>Q;B$brKf;SHEwC)9L-t+=LiyF3|-*l<&
zOz3<oV3fqR##`;-_WmJ_w(B6>J3^qW^QU`v*>p)&r}*h)HzW??m~r@GnbLDC-MPtL
zXGdnH%Rw~VKYGALHJKA02v!M*E?0gooHAZkjaQdl4{Pr22xfBseCOPB--;cE#XYTj
z{B8kraFS=3@`FuPuEHVT*X?glzI{t>T}mA3U&2;iWuR`KsU0CJSFbd5t@0_|c`*VO
zY=6E#t+=dw*Q(M7(a(LVxGIGYp2Nc@Z@L!mQ?c~4_YR)aJ&zbUR6Q@{m3(!+>tm3H
z%Tzti&;uAOu3+m+bLQw2XcsDOaE(4}mseiW4n+FYKpNP-@j5!q1hw88)jz&{BQwLY
z3-Zl?=UaiqD~ffN7hTx)cSRiA89v=0bltedQge@eq8~T=S`C^LWxFKyj1<;;sY%dO
z?q*t!QuZNU#KM+7QSL`b;u&isOJ+<FIQ6A|PVx0Sd1+nhN!548`YY+NhF+rd<ymRk
z8>wnCzaT7TR`6Y@E%MVjzNLa$nz*&yy}Dtl%H06$DLB*%H81BnYH`uw4D<unJ>{U2
zbI^}u$%<JgAW*26d*GfP;ddq&wK}Jtt#$K|P$Sn5U4tj-xt|a;fu<?rm7g5cXvG8B
zN!CAg;d#d1S6_F9u!TEoxo)oN6b)T6yDI|i;PGdwPgJ?y9n|tAs-_!bLzQI^t=eKE
zTIFkZ3c2qzrmYgs7mQX?1$!@DHoCm`<cSX7C+4UWf0?oq_I|i6GlO0UjEWop5raVO
zH$ryMdEywt-<z~;LyGOCB73*C9oIwNWA-a7I|O`L@xXkvf?tJRQ<C}et!(3rnD%0h
zKa!|R4rd{`V|+Uyd*<3AtYp@)ekHFi*>|wI4pVkY|EVKpgjEV*Hbp}*uHLuCw{~Nu
z;}&aCEUDeDvj?f^WL)WTd|515(o9qrDB{QXs5>ibja%CxLPDotVeTl(XEfYxKChI}
zGZOtdwmwgTKv8{$>42p~X5hA|!O7lTg6yUicnWCqQDD$e>m=1$n(Ssupz<9tc;Q+{
zA}oG9MZH@;u7N=A)cTNj3;Lc=Q7;r})v)mmZ%>z^#HV1sbWCB7sI#M7B96PGuIUsl
z?Ln?K*e@xWL+r^AOQ|a{62H7E)SbgrRd$V`u=lq0;yxOhV}iuv8Y@hr7bLDZo%xX>
zr=cr|olDF|(QpP6+M`ZUPoBbxBA|x$#t0Yr;q<f(9>ui8aPN}~Id1nd1tOuM(YRGd
zw{I_=<j8kzG`%N#s5SmBkfyCq7pd}k$(Z{QZ$s56n7l>cTjc(k<qq@WSkG2dqn!xZ
zffgXwv#E!C`}nq-lBaRw-su|CLrL#Iq?imjzGi!zf$0R~FtInK0j!<k7>1IS7(rQD
znb#8^7mm$A=6&<@Jx2#NLH*TV=x?PM7|c^StEs2NB~wyNoZ3X9Q0Y{?l6`|2w>PD?
zzjBuRbz~0oewc!GSkspbj+|@`c5~K4WhOBYC<h(h3=$v}d6+S4=N;SG0@W(m<k%_4
zuP1vmNsr^--@Se(!_ZITC4L;g<rhLqZ5>NJ{<7$pmjawDLeoBd)w6QZp;nvd<vk@M
zknE3<pGU1~1okUe9v%)RzR7)`XlfyTJ=?%to9@7{^z9O>0qt_C8S@(T?&{WH+sYJR
zf<b|Lpj(=pEVg{Vw2ZSpSh~7+S(H+1AMF{X+>4w;qeA4J@n^;?4f%Qo<&MbyaLr{s
ztmokahg0#>`6mz0iN2*j=GGJ5QcFYAG#acp;oFe8X38@V+TrPm{W{9;S}%Lc3>?Gh
z<NOQnh+R<**%U>gGjBfL>-U2<^ADDt%1*+mh5GzLrf;sv_@W%;uYVw6FVxfRUT&VL
ztzp~2>Z)s=Se?Xdj(#BGJ$i(ce|#5oP~6-!0>vBiZ?-)ZS6<W6v$u(`<9KPnRq@9D
z!J*2SP=m&<jdRF2vv^9XXEn*h1eiNG0OsXSQro^dN9w3&V&*?~54;~)`<hR((-zly
zVxA{>ye|dIxN2_d@D{)IlxXKReq~&U941xn5@`X(ma~;mCe1rbHVU!I+*guC?COJS
z0#SUgG^7n^4jYV8drjTDct)g<ynwUkrS54lPCM-`Fh>!0c~%9VgviMH2z1H$$Ak8p
z+Shqs))}F_{_6Oy_nX6^R$EOARR%ELH|1-@Z4P;#)=kXlcrTI^bTM_QcM2O3aYhTB
zW#wZ7H*04+nmrjYyoCFCo!hx8)4cWXzvyc$0_CsGs&a|hy%o66Y}&#{O;9PBw@Oq?
z89^MRseSB*_Q~kQw(`<062lneT#weesArpB(3t$w7;594{4t-lmj(i{OsljMCd*@D
zvZm2Cd^9u}9j{mu4gyEs&-O9WfQUP&-#x<3Co9RU3$`c}eAk~s19WgM?peMy;~gSC
zNB*t3V1jd3r`uPS*r>}S3_GDFPuji8z|hgL4T!7yN{QS-GPjeJR}#8)0T5v>T#}a;
ziU{ZVJaO}VmHfnn>+s8<1s>{xwUlU;TO(}@YnHUFZ}*&xNuIw~oDT%@H`Xu}Z!G72
zo|%pDB%8kw6~M<JsN1Fh(>ee+rI+>q`B1yOEfxlu$wV^_7&D4s`P$G%HM??OcLx3Q
z$&Xyk1fNM5hNm>gJ{q!&Q^$xAvZza0`8AIe+~w1H>&I?w8{a!Zwr<+)Fhh~_xEN5u
zos!_J`X<mU!?tuXsixrL(sM~(&m$pS+yl+ge#6+~v9!98hl(K|8}6PSi(zTyb1Q0;
z7BBmv*^AH5j#%=x4QalZm~wr5baAbXrt}J${Q>CxKxr=_&>wK%6(W2IodVTeOq?&_
zVGRVTdv#R_YHN;wQ-NYoC-bX2M8(7<BqdqIp*AoRM;NOZ+{O$jX@`IiVRn{4ZJ3>?
zofGVDpD&+~Fn2O_gxNd89RXKpFHj2R=;SQ^0O|+;gAkbWALpDPPQ>G8&JPf1H18EY
z`!jfX`Q)FZ{d>z-xbKyyzY`Aub6PrGb|#C!ykVxIc9u5g01lw2lj$Xh%)`ZjKvKV-
zvw;vF#G&>w<}k|#-@g)dwY(Awzy;<;VBYTEKXCGJ@m+PQ{l}dg96+5vp1N#9-Pzn$
z3-QR+Jz`gQFB=yEAinGXzzISC-iU4yu<xaT5MZo12%+?qb$(X*5?219^bf}<!0fDn
zYUZZS2nd~ri=BrHz|99?=i&xHc=_15c>p}1%Vx#Y5!kWzCH@PPLO|}KKagZmQ)d|5
z4uKPEs>xpdV|?K3Z12Pm1iHDovBTY<PWJ3@M@t~nCAj@FlnmhfS*}Y&{fAt?89IpZ
z!||K(Vv86q(7z8ASu=$3Va^_GGJja#42m!X!W>S3D;yoD0oSyHT|(0c(_8`UKZ|gA
z%asUv0M0AC-2m`+0^;h*4*~x?aK8)k!=U1_5|_PR>H+#rja+^NA}(vdrDY`)q4vNZ
zq5>tf5xpTijrdaC!wKQyODY7wd4=>}x$^HL65(Woh-wHYfOxO;`C0m_Cw>U1>}Y20
zh?qQ#Ke|DXFKXtNFvNuQU=&4AD(07LjElX!jk)dRc>M*`zv|^jOMmml-^I9+>eq?!
zUH!kF6MVnS2@vS#Il;pV{M(%1=H&YOoPdBKpsW7=m=loS&IxYLt9$;K6Pysl2xbEz
zSQ5ne=LPWa@czT3xMFX9vE82-p(}s=aOXcPT;P8_5dX!R#rd6(`Te4WSW|wiS$tQ+
z@E1vcW?cUN;hX;`s6hUiZ~n8O!ujt;6~3!^`iqDD^RRL?d%g?!KQx69v*d4K1q9*!
zWeV~9ehP8?GKDx1>)q89;so=6|2&2Gt`?$S)c!fJ{B2<Vv)Iq|8#i6W{=cu~|7r^T
zLBal$xc}1}`cnwx{B5lH%k}NMY=7;Xe>>(QHYI;^4kr)fdp!Tk^^NPh1AoMP4)9;a
ze7>v2<rm-lEwUkE_K!vF=b+EQ!4BaDaB+j!c@PH>gdN0%Am_Q+Ir;w6xQ__?Hi#(W
z^i$xshuNDu+CpJAKyxRkJ&euF+!YAo-~_XYx>&k6IRiO3K#0v5`vYfNn?LUnKtJno
z#e)9`Oux~C6U4`kpy9b7eC%Kd0K@}gN6_=%wfcWr5AZK~{G2)QJ3Y8K*?9mEggd}|
z00<WcJ0ej65!2XtFG>CXXd8xb$K`H^-4YH*>`&QE;kH0~;MJat?YlFqpsr9L%*n~c
z+zDuA?u_t~2+T|f%)$L<S3rJI;c@}^3s-=6c-SETFbDW@8_5OcVux@6z?|IdeE-de
zvU4?Kw?m97gc`0uQ&%S^c2f&m5j(_Ngb=+eV%rLL6uJxI71iQb0E&uV{^!E41Qh32
z0m|}=14R+%lKd*l;y^V8eq|}3nmFR3xP%JgvW5h|k_1p(jb9Ncd-<QJ8o$C_5FesV
zM<>LVRtWTGBXIp<grBz!zwzUDBY^lgF2^C54>277u*iSm#{U=DfcqC4{B}d~w^imJ
zwocstY~5%5{u=dfFaL-I>T)Oi`yJHJuYG)f+U8$9`eW$+EmHmK<^P9>zl{QHoSgsh
zyWcNyfR7jQulKpX#sMCLCV#y9asTGskMB?0+^fu}Uo^kWqWaf~Pk&Eo`g@wwkK`tx
z6c1uhe|H8i0Q^U=1xmU*ORGC0GJy~gM_L`ki`a@^-Geyi10en)oQHTF{4dg?z*mk3
zfUlZEOsdP45Yy>jra*zN#=-wk4iwKXGvMc)&p%Isf`GZN7LOm8iF<0Ao-KTeH})Kn
z1m*ksdeB#K*05~DLy&N5nwe`k8okcSfw0+Ef7T+~G=U9D*~s?YFD2<TOd)F)4Tl^Z
z&NUK5VQrosg`q?%My-=ID;e4?jl}b90kscX@Dq%TTKF##(U|->h>S){jAZdXK2oDA
z>v&5eqrSZ_5OI9W+|_1#c%sQ@x8MKv^z?YY2p(osQ{}FcZXUL;CWY|<*gv#jS3tC1
zt`l5rnBEqa-t0Oky2opv5w!s_gq(pb(C(;x2zD;Zt@CbpI`8L0AEwCQy2moo;`3PF
zsX~EhA4|R7hsb?zer;NfJ`8wt9;PE#rz0}w#UdOpv5Cs29h&!!S=qL3^226*ZieND
zY`Qf$^+(UM^j^A%8%YGzZ0r_Ox!2wGfpNcz#NsC8&FSA9yNAr|?H_MNlgjQnQ=)So
zb#$`2UxY(vEAx<Mu`(DrsUp0E%~j%s_qD7}BI-9gWtK3zZ+XmR%gyf@KSj@sP8PPQ
z6VU|kVO7*uZ9c;7-`5g^g5Ac*&OUEi`EGl*00LJwKGluS;ICM$u<Oo5NM9Q}akH32
z_iY}f7=ycWMd2<$(04irpC}tUB;T;2uT*aBTSLysjxpjVq+*HDl$n5zQwc<{;(){x
z+=L!Hc^uf$##mlF&RzuyPC<2=sr>9Z@G(8eHL4-EC$XXzEJ7{oJSQ9X7LVK3z}LNH
zo(mc0k*b&<GdX3x9v+o&$&<vfT4x(UB9O50Vu75$L>LH@hBSmjB`N!Y0Y*JBDXx6+
zhUg-9*}xFKwrS(PX^ocq7G=V``9UU?cZC`B-W%*q*-sw0dFt$jV;at(i*mFJ8k@If
zx{h8LjVzGf2c<KuT8xh@;8`ZERh&M?+oCPlr+ujNkYg5xYwg~<HpI>QC6uegWP=1N
zfN>YZ!Do%<X5v!!HaT<m-ol&lQMe9P^FU5ZN%6T~705N9Vdp(2Dd9%VO+(FP3;(2v
zLvP=P=LJVGI%*J}^xnH<Pja7%aO9oZ9!ovd>w!|K*+r2`Cf<OWVXwd;r(l^zJ?O%O
zUFEPavjx@7dctpe?%ODS4#?LVa`P;`pdQcs6Yxg4CX4!SWJ5Y`C(w4J=zcC$8`U3-
z<f(c`x)Diaob{k&$TfG{CTLWZ87KCwfo0#|ar@rmg905CH6_c~;U_WAIqrM=Bd6Ww
zd;XT0+Dl%aM({#{a*h#Xc|yvWWzySP<u+P?ZsKCB8%%;%`32Cl3SF@2mX2ldsA3aN
zM(3Ut2@6HlIQ+&+HQ|t2foy-n2W$7^{WmIED=yLzUlWo(Ed+n1_rMznqUZfEso2zH
zUVL*XA~GO7z@~KTmY%6lTpIfQb@18Xpce(%gCn98OE1h*xuVQUY!)NFqu6-N((6)X
zcDNq%$rI&p2#suGvwDDY&&S*^i=r{c@s90Q&jW_Jd75FWcm$mx@-G;J!EQEsZc${$
zAPUUm^-4aq({JxQyL;aSrvc8bgDZ(dP!6ieJ68E3{9dH^Y*jDh%|K0>0vgEU{bNGk
zi});e&~se3f02z$i7hVvQY4rfXc7%2B48&CtbV^a#0y2aq4~{b`&OSOJGr~XUT=jI
z-gQd8F!y67g1H#*!D=LKzoPf#os}XeDv(LeCeo$O?3!cL;VZ2k$09-@y{GFrZg(hm
zy7L2HeNr;*u=y~|wplp!`shM}pcYTlf1`Z6vWfU~84Ae9e5cn%V_LH-z3DIJK#d&V
zu#3&#;oz5?L2%O)J9F0dbl}=iVl&-wuv+?^i3?)2nuK?*o%JDc>5|GzG<?=GicRdD
zYWUpOK8i;%$f{Q#F;P*jKvfdRviU?q*-DR>z)K3{)XLhNrElCQL&JqrI9&<e7u*U@
zk<%#vs0F?*ne25$yGF+_bE7m)3(7M|rg~qx>lsY{P4K<aaxnq}<qp|y`j0ryr!;72
zg{Wt$9$56ew@exH2RZJ&H}8QcFeZO$nAwu!WOq31z>SU)4ovBsd%9@aP8wW-vyiO2
zlM<LJyOXHdllv79*$nNX0m*n@FSy5#wTwT<TLA}lxMUpKCe$$WZ2IE1*Mr;M9sIn?
zMUNgmA<jo$U45-M7q9?rf4`3tf1RR=;gdXkv>%g-&&}2*RPH?J#cD)Zv~{^bZMk2C
zXv(J%1Gp@i7t9@1r;rWR8|Ddr9u@xtK*99T%+{KLI_g95c7gQG(3~C%F^X>5v|hMS
zzVE<B-##TdjoVV>T~?eJasg{UszQ!;e6+=+A1c<J1KPoS+M>_;(OxGn!d6kZB339y
z`SaQ^mFMJXBT>~u<79ezhDM&G8oyK=L!F8RsIqH{bmT~IJG47C2UPK`GUnfXnWiQ0
zs_3$kqf3WLu6)0xgGth@eT`X$N!SMZZqSytZ}uT6<ih!x$=jH11-cmk#V21@B~y`S
z)Tq&`WAa-5g%8))%IX)P30&}LjuA*p$EymjLu-!MNU`K$J3hC&PwPZUMwBcBUgk{)
z9sqFDm2or`3ODfW<|Xb8zXxR&qkk>^%BZ)zl^u31)ndc)>pG*yqPb+L`}GOl{$`%Z
zwy{_YQiDgV=xsM+#e>?;PUdwCry}B2k&)(oxl%uPHhD<wNw|#aRdvs`r`~M}jSdif
zT5p<RvqhEDMu8MNbt9;3%yH?3FKp<uxZ=F%ZJiqK;e{X>m9bqt95Qkz3s8u!N9xU)
z>1c@~T!xs*!pH4CojTcOawvQa;UvSJv=VeorU`wl5&mb(TD;6|U3mG~Z!=ZC>Ws+C
zNacz1mp&3U1m<2drtsrGn0URZC@~07Qd+$K0Xxj3TE<{ajChjLx`v$?Z$KvEAe_r2
zhX~V~d$+RGY&!87bspDsit1WDV{~WfryyDXfoG2G6Bm78TKNu;Ma3MFHU1-FwCyj~
zj_0YPlafr4#-Q3AoZc_&8mS4s4CBiVh}T&k$8%T=r$weczNV*Ir9vS#jN`)Lijn`?
z`IV73x>m-j+?|_Behu<b%J{I+(Gq9=9^WGhF0yG7cWzm-M5~z3QtO?S7uF58h)&4@
z6@oRi>bJ-avHT)0G8b`|B^G-vUXN-B!tX%dt`(y0V-bNrT*uHPhz{XWpIY*4@7a&<
z7`kOXD~_tD{-vf(#lT8-_XBiJH>H04y%D+OYiv39&%k{t2R294n67(=*l-`cWU2SG
zZ(q4BIuK+Ltl6aZ=FwQMkA>!;K*kIvoez6nKiAfwjAMTTftgAk%6yu3vF>|ufI%+&
zlIGU+pcwhCFWXEV{RvGk9TfC$ZSbZHq0G?-o<v|Lv+cAyYGJOmx^&_f!=LmbQ(XA1
zwWxD0=^x_oz;)mCDR%h04OO@49dRQ;-yF_$=Gh!EQ*Gjr5AkhM#y8Mc(QykhoP3#-
z`k|LB@O-`Dv^}D@a{r5Y017DbFzE&q^8Tb{Sfr#lGmCW_ZBt;Q>ox&>z$^Tx{kwe>
zHTo<{G>X^zRGh)j(`}n(w)kL9ZL~E8FVwN6ij#y0^G|lD+_!Cvlp0hQ=P?;xCEXKx
zOz@82W!)?NOi~SpTN7KgMt1$!haCi-FX$(|$htIL9r8Ydy&gF{8(1-S^vyVC#uRs<
ze%DzP|9o>bAbe)QfH92YDX6i7Ui?AwQ>r7vyo?Vjq&{Y$&?oK0YR$vqOATj)!SyB!
z#BK5~SC@Ae#F*uyeHb>yNtaL513k%!`Y<Rlm{+A6E#wmMq>^(N($bg9vtzq`t-GH=
zbI`a}=^BH%P#aB`BaLI3fG<(+KjUyOQF5)KMYEDO-wvZt-t$7+Qc%(mSvg>PG{`m?
zkHc}7PtC7DiuK$>QqE=HAHr&qYiY{Jx2LhL*PYISH@Nf8FdoRKvK-bq$h-;?IC#)h
zM|V6$<Di>bcv3qrN`fcHsf)+xTv8!}FuL}aM<TDyJ>@dU&BTu{KF3|`qzy<mzIgaG
zZs&l;`E!d3f3MQ&W0v@9b^UE#ut8X;<^q@;ui<(8*1?TjIe*6FkKm2heFWM9aVdH$
zA*s*4@xY%%1f%HKH|X;OFqB!f7Cs<pHGTIuFzFM<VdFerjeJ_(s-^f+t>jmgY>9+B
zOHy{RoAqPw1wLk(WEHI&7q@%bb#{`$H3(?-6BA~!M=XUvbP=&&F+%_i9(7ulAvuj~
z-E>wFDn+M)Yfc3-{<%fR*V%CQ?Cp^>vFmng5c+HmsfZp@Yxxd;xh;wkPt01=1}fPy
ze@!_kE;+?OazFZK{ZSh1cu5s}hXLl%B(BmlEr}!0GrLN_V{EHA5!VSFXdI@rCU!1s
z+Ncj*S1C4UL{kubTcWH^RqVJgcO;A^hDkFIgz=)MPCQ>gy1Gp+ginqnPV5}8kXO^I
zc|Q*NA?$2e)S%0U^;Lhlw?P8~x90~N+hjKGI6YEv_IhEO9Y&yEEw3?*G5>YIQ?h23
z7fHLF0yqmpcbB;UY7<kWVP8#|G1#*NkC?xx1-v-o9gO6r%2o4q)@5$nk6zGqTT4on
zC1_QeRLQf44w8E5uYr_R5L@!sx|9w6{?@3SHUc>*mQPgH>emw$!?_gniJ|$YnNCe2
zAE2(WI7ZWI)O#6psDuon$#td;D_NgSZTd&gdajYD*3DE~zOT{%Dtna)h}^W2a0pa8
zZ^7m|pPZ?--t5*|$*e6(WUHR(z8U%~nf>VcMH|x?tr+pkv3Hc(%8Ev+jFj?3dLscy
zRQ7o9wbEC&WnpWLgYC&*_HOJGE=d>1&xVxWE+RznPTxQAG4$P9p=D5%T`{xPk7pxN
zZoc(I1iY#=FlxTp$c9_2%@01^z`x169=`ly!V|ngQZ@B9&9A$l02{A27EW-2esn`^
z@wTq`IG0O1O=-BT-i6|v-)2fiB__Wl$gSNl3lHg4skYx)j1)a19c7)%E5d^DP$MMH
z_n~AmE$!xtnWW7-c)?N9`ZcL+7L^-=Ua>a@Ww@|Een{hLw&Cm9PHrY4Q0<}zC+v}J
zzQQYB5HM}(6Vj|@_!ORI@Z_Mkhjx!JHR&WBcQ$g@NCCs)aUX;nD&(5!sdpDIY8uVE
zXTuMxW^uw676w%*ODKM_OZGO&?IA_P1^fI*&+A?k&3C%rN$;Ue=~Zi+kHW2tUUm?!
zc=UxYj@G<W_X|)sy1w5+$y$75`1Vto^z8DRl=>&6caq~Y4HxdG<I|Y2`Zj)|UTAU6
zqo3MgWA+|Uim~wt>OA#DMGjNG+eJ7dS4MZ!CE+}8dWOq%!*xqFr+J*na@zIVuxfGG
z4bbbbXa=QweH4~K{B#~4#5JzLcrhswY@IXHW3%ijoMuR(h$9zejI!c(+xkU5p+?f>
zuiGlMI?W#qgb>ZA2Emu;j@i+2T_&-L?zmOk*3Z7R;@KY%pIQ5+OoZiBDEh%uG4D%|
zl`1)EfpfxsJ;Phxr-S^aK?3ZSgXA!(M#IsRd75jUX+6(iL>I$)>fP5wn;Iz!_d3OE
z7R;VzgMIZ3pbwwdw%<LOk=rUca#Uh=$EI(W10iS6xfVoO9C^_@>c!7wkB=PNFYiuq
zgVVeEMw7zJ36vhbU94$Ka<lRE^95Ib?J{s$dghd+l=JGXxA6I>zCr7OyEac=FywRY
z8B6fjhtbh?q^n=(F8Cl@$6x1_^^L@O7~RP8yrV;K&grTbD<8+Xysw{W3ravkK29Ln
zZ~cs$%LIxF$X+(N;jcg>$vq^A!)PD{(|~C6d&A0BPv(@LVBgz(R1_F|s{UlQ<zg=(
zYs{&?&9`f6g~esEKS&s49Nbxc+I~AYVVLJo?PIf3I1Y*O6EnpA82YXk38#jEvn#&>
zS5zw-EfnNP!dw%3`lt}i2Jg4oBv+8pFL2f0P$i(4B2WpAU=?hDrqEv#39i7UfBBTS
z=&w&*L0G>$^(zDXPx24`fwTI-w*Myo0Q{ZM|0w~1@2Y(7XC&$Bo+}{`i5OQ5+s_#Y
zS66<B_~#6S@1p!bq5t<Y5WrXBU15@c$3_7NUgeJr1inAz(_B6AL%{#741}v*ezf!-
zK(v>|hyN2<IlmyY|0fu_D^&A`!ascYGed_Ufw&Ru0S|)ULU2J~2s`2l2nPgl@qdg<
zFooKfx*&=-;f{Yrfbjk@V1LVX|1<EP_b2clk+x&=Z-f2d@7V3{!Tz7qCH|BYbM@p8
zyZ-e+x{~Ox#}6L|*H2kpoWEpsfqu$hfk1v@ctPCUTz`e^E0{ws)7$`H@E-|Ykncpm
zA7n4$X#~iRVB<lEBq2m579yAB7Z3c*W&dX2Tr!DV0A2)@ivYm6xH&GFT}}=}6*td+
zF>d}1D$xw?W@iJ3n*EJUykhCTbBzf8i=Bhb?2^dygxS-ZLJ<rby@L>~E!5iF^Z}wy
z+}!EUgd5*4+Wre7`@6OXEx8fdejvnTfgnn?uXO+ah_;-+Bw}5au>Uf8|5Lu^2P5+{
zOY?UQ=Z}K+|Bi@3m=+NU5Npx*!&O{Bkk#KmUC}`Q4lM)u9v1&+O4B)i$tb*P`iJ%Y
zf|udrzFO0M=4A}vlQQMrIMEjauO(4FO7@f<_lk}nwu?O$W#hNFXQqRega-)Bo!)iS
z(-F2`oR1WIrEf5=%GSlC&wFwHvbdPvrI60ho1ny~<;4E@{1sY%e_KjT!b0!<u4Tzg
zu2>g9p>_Y{7|bMgq8uuS{+1EXLkC5dzPLr`5mBh#>F(sNCC&2@Rrca9{b7tc=Owl0
z-Mg0Bkf(Qwc{%j)P(lRAo1`9XKmV3B{B-`@N*H)PzPI5?3ZzW1+!hNzI<#Yolce1`
zTJ7()aiDH1*BNqCY<fDs@TK%ybq{fNTM+b-30RXZEHiw%V9kZ%gFWd!HmAE74j-kQ
zC*xLWvo3wueKp!nD(yW7$uJDX?x%X6!uIQn<*kSobDt9{HYyOukaB@@b`Im8FYgw0
zR7}uy`9WN?$yo2+TI#-j#=iN0y0=_^sPUT(b-gP|%Cc^2_w7AJF7$`wvhH|K+}vrr
zuj?k=C?B{zJ%D!DUE$0bS-Idf(O$ExTaLRI$sIc1Q`XvuQufNO0IxTu$mdJbX4xII
z*p^eJB2CNVs1{(Z{wZP9n}poWDG(_^Zo@q<@WR@=T-*_g=n;ys!4p=XAI(QA{x6=V
zLC({pOHp6yhtGBw&H|UX!!<`kwu|R?Ct?Q*@e1{4H%huO?^e)tV7R@=0fk_9NCe(w
zlQGjJZw;B~BW2@cHGAJss1z6aR2SExk3+a%DX2a!yP@dllpnK#=BbBkdL#Do^4$yB
z*}!tfe)SVjxVWxiYDSy8w?m}J4tmM4W~yNpp<yQo)0`xW7KK-2`Kg&MitOr3ONUSD
zy&UMFL$=*K>2PMUaKPSv#K(J|+E@5k%NUvcATx1^PvvlNZ@U^8Mgu~fNGW2CQ=0`u
zz_H=z`<e&XAOTq^Rnd|IGiQyn1=_WQCDEAPHDZ?K20nx1kF5xe^<{G&Ivw_h)o{3+
z31P#F*qDkxp#-jr&UF_l6U!&D3ojfu9k~s+n8l4{c3%tAvh5tHYW7!#fmZugH95+?
zRqz{Lsc}r8U*wL%iW3qwD^s>9)8}Gr(Df!LUbPTk&=@)0^xAn3mQP(4^;`&D5X1~^
zB5b-K8$WX^sVAbJS+R_bewynn@K(LbTRn>IzM=gE8vKo29`R&kU=d)VK8r2b)oium
zNgdae;VuVXGNsqv37^xD13~Ni2*~unRw7#uhf*?UJF9^3Xm`uPZX1Ku&g$Y#LxYQP
z%fuYsTW^QbmOuB(kiUM0mbCtbvA|8PnD(PFTd<i#GfSW82~V%whgnL`Z-=uS`^!Rt
za>_J$x9{jJ`!2Sj+~29rqKMR-#1al!#>cOqzvwjlnBk|qemCRv2vbl5SX_1JF9*S-
zd|)o`J>fH_niHj#M#)WF|75onY~PK-Q@ggI?uuIb_L_4>uZu-6A@ts4AoxDi_5nZZ
zivpD94HJJibY?EP1*FgGAy0&Di+bsvuRmrAkHd6(hle$@`(Y=JU+JYMdAvEzy;GKS
z!w<R(j|^MIxonyafmn`~*cW$|(Od${CW$`YiM&&NLk@Tb?(s@KAQP<!1qGw4O$y?B
z@1BmIv`j;@z%aZeFURA?Be(sueY)D^4eJy)d6snz{nr_~S=Y~Wk;k>;D2^i;7;j0S
zfrmDqt+i=eJ#~On=FNyw)VftbowXu1n%3C%gL|)~cGJkYJ1`{yqevsfczr!grCIG-
z>D%n?&zjoGQF%ATlDM8cztuq}T{fukjijU{TGV-A?1lz{fAWs_j2=_j*bS`66jT(J
zCHY!nQK3;og*t)x<_LL`G%Bh1^z|!+*n#*k+Y&~7Y6{$8i(DbpqQG(q{+VpPDz5Gb
zPFnTnX$0N{X?<B3Z}~Hj7TP5PCCQs8oQG5)C0n}-HQ!*I4=Kh#JE@yN&>$JCyv-H`
z$erY)p)Uf9G|_z$bdNJg>lbi8$(u#jW1O41Mpjons)COf@zqd`3QaV8om@>`IKvYs
zjR$q8xm6fGloDlX%Tt;ReEGaz;(a+<_D7KeR%}`((pE9GIoSmUip;s^dxfGB9n1&!
zJGJAC=m;N-9c{CW&f~v4qY@k?{5p^!qd10qE_U?gVv8m)n!)=xmmBGk^n!+!=EbTI
zcChLm#u^b5R?eehtmcKB2ZoF%;$UFLd#fodotdx)1$o9nQ#FU)VQrE3s!jx~E_~rC
z`O`-n)H19ofqgGMfP}_FU8P(^X&cqm%e%ELUYoRS)}=BxOy7Mz@_xF6I>>;!T?#uP
zuI%xEW_08)g`0So6XwhsO%TfJ%HI{RsOS<WW?gab(Dm#6DvNH5N9nEWx#@{_Q`Rgh
zla`rV+ofjk2FasVm)nGT&sqi+MYy-TbNqDH^hw-(l?!#2w_=Z(q@2V14idA~Y335w
zRbwZuZ&*fuTCwa@xb-5@)l(w|c)q@U6Ph^irQ0c_gvmw<w`b^jus;uz*b1+=|BDlS
zxyYn``4jF(-PDkMjm7+VkK+6;a60-K(~D04J>{_XL!1>S(rvQTZm}z(v3z<5UJ~WR
zZ8LZ%Q2OByvnAfs_f*VLm1YE#WvSB|=mHe%i*52!HW=y2-aLE1xoJj1XZ9r<4gKM|
z&)p|jp;HHL!%{4{I#uFWs63djBAqpEl<0N}5E5Tw!nh_pA{M#jJ0p;I`@_UiZlcLa
z-b@U2D5*N5g(u~~hdDT*Jx<;&H*!8T<In@LuWx9LZiV-ivC*n%ouve>>KQsJJ{#oJ
zJtKJVFa^t_0>4%(tIppWygn8fCDvAkeS6ZgzyYl)`tj04z!}FnYCrF~C+5VF-%L56
zX`F0<SDcKJ!$9W-G=1Q4Z3}5e@r@VmB=!^Ol21j6Hn8ULxfnji@bR*FC60CpN+hdm
z2qx9fnBDFYI@n&5tB7u^Tk3~Hi9gc{87lSWeNnEyPSvTBRn^#2r5HMVW5+K^$n*hb
zK3{)Wl;8u9UilNO@gcEsPLi_QolVz|+VPeEBXsB03|_)R5g|#;?iSuMK<^bX0o1xB
z%ytd8tcOQ!clXXv*3KSO7T<Z8DuExQEak;Cfi-QT9Q5>6+#nM18{>}VrrebNzL#q^
z1gf*XeucS6eQ9zF#EchWuSig(8#hB~FTT@82!oO7pvd=DXBpE}kQW`q+)zJYYMKZX
z_(Ful@hHng&GtZs`5_X>8_6%1`|j<U0>+9m+rR{c(rt!KQT&}wC$IesE<07rl`z93
z8aGc5OF%H;X0M9NJF|-TXN)O=WDH|tSxwYPE?7kc{MxGX7;P8fsi;M3B{JRn%q$jn
zl*-5iVu(11veye^BFf`@_NbUT9>N|PW1!ztjkPLH|FBn@p4d%!EEjZd>unjt7wATR
zRBkN&rV+J5W2T#77vx^v*kDxvxgp1Gof7cw;gkh7Xo9pS#U`SYJi(`~bnwKY&)$4s
zwmu^+A_2}`H~e7B|A?Z&=kUGjYSWljE#yv2Z1Juk%BPzih479zwMwOorXlC|S=ALf
zekkYeyq#eT6wGFU43;xEshGAS){;$>oHW}r_k@8d^i0{W<65J@(w}(GLx8Wg<_6PB
zANy7WL7zfIV;xk8Tgm(BoIbi1Je8Z)wEa5mrK%I&X{EF&!m;%suo%45Wg#cylw;LY
z-C-D)rORdgX&E=mnKp6S9lCBLb^hpmUU6IMdKicZ8CwbH;W;ftiRYqEZ=6|KG-V50
z?-bmp^@Wr?p<NP7{c3}`SJ^CqQh}rdq!LR|Rj~XFG2b3I;5OCM9^;QQWAPmfdF0Bk
z%*eu1*5)B=S)D;ZCE*d8jG2!?=I;`aV@9zhKo?4q-8B7X{x0QfOX(=J`ZEi))fYZT
z9bJNq@^1GY-3dnuAAGijmQv4?;CoblG&B~;pruLJ*F5EZk8dX?a(x>&$c^Nam^HLj
z4%s1wOXMcSM^ejxK{to0f^Y3?MX_B|H_<L8ynTB8Yu*G)dWDshpI|nL-#040W}99J
zn4PnP-QTIX5$IdFYQn^8+g#<iNX#$wsK}xA?JU1mzHXkS@s39C6OjZ*3zP?fN$a^E
zH0S#Jhj=m7TW@sM^$>u4MLq~%W5kXUQQ5~1n4*{6iWN|+>2Ed{%v3Y~g2){lY4BO%
z&oW#Yv5#Tn=RYbZ7`1!ZV6j{J#j<M*EBm0EYzgV(d#!R-l=*_BM;2#%3Ey6evMy{W
zY1D2XwZLm1TjS=0Mwd-M9d#O;>c;_V1J7Vvc~I53*!l{pA`JP|YHU@h=0WY(s*k_9
zoG|$XP!PUcD=B@JaM5V8T4Qg4#emuVEX!DaMQqlymtg$(<Fr3dFMj(ABBu#vD=zI7
z0<WA30{t#n-1EDWiVe0_T@&RY!vt>YS}32u=*t>jxtZvPOwpD2MC3#{Z?HFBCr|o4
z$8K%oe1N$xSNlxNYsNxvpKyqnLlTobf21LuPqrs_eGzNX-!8j}(B?^?P^AHb9sQVJ
z_f4v62j$57;3+PafTvhXNuTMl#We5&vjwTX+7FdMEk-tQ_BUSFbAUzG=p7yOM~}kh
zoDW9EHyuJH)75lv2TOI2sR)SlUuw~*<FB9Py*=ko^o<Jj7sJndJL4MukSTk32CR4V
z){{U@b;*)##d0!CsemgO{d&oc?ANb{ioKuv*bW9fiz?MEH!+F4#++}X8)u4akMSdo
z+0_Q)@H`BV6UMffpo);aF4pvNF0&~ku{lXnFpC4JO3F}2y$hhcAw)Z(&YQ&jZ8%>S
z6qMvp@9`##)nC8fR&OAq7DxDP-o1&|)$;z>@>de6fwWtyz4~UKF)Mb)15{|tgkjRK
z#K&KqCKj4`dV46nUMW8vOiPyVRwheao$!hqh6P#dS3Xnp%v5RQS=*M!&2YXIYtpPS
z8oE7_b%)&MjIalikuA=7mbEBaprTu=UN#}JT-l!<JF&{jRQ6SIwU6iaB$HN3&j|pt
z|7+=l)An@K#*<Lg>Tl;eeyN+GO*0A7xLycR&pr#A*w#$CD%1=Ynmtz)Y>g8G)6-Ez
z&noKGX~rXW4LGZ3UMKa|><fU=-8_zbzyf_Tz>2=Tk?i6d{%nYE+tt6c{R?jv$}AE)
zSFmbbOc`7>m2+dqT=d!8eDU3ixUbO0$X)#BI9fVv`AhR0A5;uz`6&myoM8kVL(>tX
zw%2Fo*4N+rWb?07R7@7SkJgi>7fXgd=v$p&*>S;^l8uxj)Y14-y}Q97OJd2FbGDXS
zb5~4x6D4CJd`V?QXIM%KiXEsO;n?}`g<|8<oigWFebu6Ax4IwA?R3byr1~%1(y=8`
zU*#d&7=3!%EbvWLV#Bh8q{hrW0W8%8<5z?1qz5~!cWNi53DgeX;N6?jsoxnWV+*eX
z$-^TA@;{FbZ6NFh!}=;ogH-!k-t@tIHwYcy^nj513~hC0y(pyJL&eyz-al36dYbIg
zx3u(ufkM<=!)dEh+B;6?y(m1BwK&{2O@>Qx7yQLYT&vKh@2JBUA|@B;0_K_~-3$9x
z=M}Ph-o2heh11|YA{`C01659RIhdp67n2sk^I~rb7(IW*=ZIa=vI3=giH0O%exG(H
z#!~?|F<2C(I2s^bghdm8?M|fU=q^`WRjjAEJrvk0Xe0qcm%yEC!nM;Su$-+^GJVi8
z`1qjTv5*#9EVfKRLG$APhm`TkP^8@LZ+V6Dj>y~=E$}<g<H@WxaJyW@TVl_+1EP_$
zN;#!qmM=zbwiQW(BZ+aQ1>$ufbuaBEd8*a-v)=Ho+}E;nG89*pDHbiAWOlVqH66ZJ
zLHK;fN%S^M$R|NE*n5c?Db7$dEh4XnY^26Zfaa(?al!DB2^mA2y?NmM=&~1GJV_kT
zt{q)WEb9(9u~wo<SCn6L`t^d2y#jZ!wEMHjnq1_kXlA07ouACY(=xND$y;giLv9N;
zRfgsaZ_+!zS<_%iQqs8Qb;^J&e9VM(d~7liCLg^6N6OPy*Md2U`ix7-MiXh7T_-rn
zOdXqcJU>J2JsnUcebT9MPvCP&xmQK+qQW9=Ld>ptUG>f_$Q?c8o6&_#yS<HmA8ww{
zr-PI@(AD>El?K~}NpHyZ6BzYE3(*y7^kcO5JCJE<+QPqyF5iB-%A&7e`j*t|?Hyb$
zay%Ou!%@E!s!}Pe+w~Ss-7vKGO;S0UX}!Fps|Ebh+j2ZnfZNHU3gZ*;Ucy>JzMx#i
znrhBqq4S=38+u_Gdsz@4nANK9kxjVJ9k2G87X%G>8_%A;OVowql4S*U6NR@_GGjRw
zEz922N3-Z|U3IDSVZp-CNVwlU4x9xgdoLw+^LE6wu9mDh3K{J9eQ|zi7e3#mab|<~
zg(5su*n+EiikFDe^9gj}rEdgsJ25b6c#z)9$LejR=vlR5G0-mUwDNU^x0d;v0($;U
zjK^!YPxK!?go~oJAs1#N6P9odXI6d<WXd}!(tPMz2JTej77i6M>qcd`P*aF6`1sVi
zLM{b>;RSrnZIYg`MaWlJ+pFpg(R@Ij<uLuu)v=VgDO;6LLv*hC(*jk16BY~iDP~DG
z2=lqXE8?4j(;YN5ugHAYEA^JC{KrLFd5^vT3>J3{R<`+hyYouy^01<!yj+bhf<7sK
zo;`uwVTidQq<&FM`tDqW2P=c^x0K%%sQ3f3`wg58hJe}mE-RJz*bzlgf8g0%ybyNC
ze}iZLV<F5RWinSV_hqS!ldByN@l&LT;%GCtsmo=dEcB|>`3la4T$awTnZg~-*$}`s
zo1?jnIij4M4e{fh=1%O+?#_RPvN?Y#X1W4S|3cO8ST+|IqJjod1Ox%GBk0iYdjA(#
z_Wx;3e<^o@{9GdP8>e!D5#HoOR0;83Rd0PKDZVTIU#R+TkQBexJ6-Y+oCqEQQS?M_
z3b%2xH#ZfMmADJyxa5lvhs!bs7bnDtiX#l}h^Q_{oGK#9>z$n8c9-9a!)@&mXLinr
zb7eO>b4SEc-Nn`x>gYlL&uXbSe<`NALe2m6Pyivy^AM2zANIMj*8jEk`K8VZQJeUe
z#b$p@6%HPDM1>0{4=+0p2vNm&X|4Zj?ej|w7Ubs&lq;6=Kjn%3_S43QrRIu6{T*TS
z-|<9TR}2rrA6Lu}*LS*z>pNY<bww8;ob)ftcOZY15B-n)gfZtY^*dKh|CoLMoF@W-
z!2iG##p_PmO};1c=9zm$GS?U#AhfW>i~^fzb-<`WQ;NBhkJITvqD~uD#fm{^K74la
zwJL}JNNr9ii65HU-TboYAh{s%jDDs$&AYz-n6c4qvo$D6d*R*2@%Vba4CCD<l_~cA
z{-;}?Meb&+&>1o>>P!izXLu}7K015obI?|&i+*^qaFDQDVVxX7n9NtEyy&&t%nST#
zJ||e05L4lVEL~d=_n~BLe4xap$w}N&RN2Bra`~HD?>82ujp9=k`m?NIIqhP#NOy;v
zkzlc>X79U)K(aJ(zPHWIr&>J_zg8jr(s`Bn(MR;zLo*JJMQqADH%tcK11i7RLUD=A
zc8@f_7QSYJ*60RXHuhD$?zf5`{H(TQUI%t}_+Olz1ymeOm-h(-4-Ua0xWnKM!QI{6
z-5r9vySqzpcXtTxF2UUie3Lx;+PClSp4~HtLv>G8^<1i^>3i#6zx%^QGNHUr{IO$@
zKioIBE_+V2RUmQH&6aC=_bW7o5Fb-Wn>PT5+P*;@b9)l^2L1Ir%*4~uXVO_f&FED+
z%|>&W@wCB?Bw>UsW--ARJ=WG@Kw2b)W1`JZB;G*n?*oHh5IsH+vBiDr6Jb5zEy}a}
z>_$3Hy1R6<NRzIRu0MPGt^Q_6UQyLT2%pJV5!6QK=S{o@q)%aX<*W<F^vFXM@vc70
zIsaa|r4&NShppM<;WRBht_9ZiTjuo7j*>(kOU?Y!AIUO?7$ROiJO>=53CPw64ScV<
z#sORF7T9=Kt&eZXc*$?jgsO1-_2N<c#>(bRw2n0;vtT+}Oi`9`e`oc%pFsyZmhL32
zol93G(CJklCVLyYZ(5D|NZg*n)9I~kkIe{>*HFrY?#k!!N!*}q!8$WKtWFree@B*9
z5Zd9z(YIwBLCk~$6B03;6uXH0Mp_Y_S(iz6SdZiLEL#kp>JTcT=dyA}LZE8*a9CL;
z=r^x1n@iu6u)+G)ZnGvxPiCAM`v}b8Mlb2WnsHe5ijOJ%cwz?OR28luDXJK{QzyF7
zT?&^Y-J{Bv1lokf-)oGRNHf6^olKU3^~09>$m6`H5eD}6mRcfaZ2A_yuW94myESmc
zOgR$r7rD3T>ot-~W@4rdaappUrJU%svV*5=XcUr$^SZF~w;J|?TrE`FtZr{4kvIgI
zdTt?Eoii`gQdln_V(yH23ig`~EkAKB>Z6Lyjhhh&=y*Gkc|zx@7RhZUTkrMX6;ly#
z!0<bv3bGc=!Sx2wS*yUobbrm7-Bk{n6%`EPCc`~qr;I2>e_-_(ht7XUDj)*Aq3Dnx
z>0v#Q91SPdcRq_+x9}4c`q`8i!^~W>JtIW0gtN3Wk6;zgQQcv6&rb*7_zpjNr;bzb
z!JP!Fa5Gd_+uoGw{4s?1z54mvxU2A&W*k<_z#xc`#m92cx`xI^<~A00y9)L8k3D6a
zTn}cj<CTNA-mJS*fs+esA>bo`CCH$0ysxBK`AqR1YIf=8S2SYv=x=k!ReDr8yqVTw
zTBe{&1u#l8tQ*c$=R`cl5(w4_x{_2#vacDrgpk|DI9heSRQ(H&HMr)<1Z#2hrKm+Q
z;#wLT?tI8yoMI+IOlo(yeDW?y*<>a0{inK<x6_LERu(@Ry-Up`RcR6<<WuxYWWdP9
z6C<$n7=Bu-;8(E?M@!MuSX!g3=A<k#WA}s|aL?E~`F>VTmTT0{qgG`BZsYQ1G1W`L
zI*eehV}GD{tRKHHqk~8<6fK7@aMcNmejF&<Lj)b`OBbq4=Q;G5o!zuv8V;UEscf`K
zpRQ`x-8=le-onjfnHn}07mm41#IC3Y%0<}+WNg)=bM%dw({{SHKXy|qe#23rQm274
zLipz4w59cEkfkQ3!U+|_?CPhcAIp2O(C{!A2GUoVjSBiQs&)Rwsct8yA-e2{0vx*_
zD<ZG6Nu(`ilXEC&4nugdMh<byvhPs!h)QQG;PdpRTt?WA_vx7l&yjb~q6An-%!V#J
zNZzOzH)1ZcV<UFM+e76B4i1zwdx!{Stlb$%mqGs12v!(O^@z~Y=9ZptNy-O8>X;T>
zjL_31B4ed3m37%L4}N%3!-uB?n;IZyeJIYXqe!3U+wI^6Ge`pqcRq#HEl~_{jm6K`
z>2D#q=Ikk7Z+^|cR~1LCY{hRerF(Lql8E_GJ9LSpD7r!w0mKwMomOZ+;J)>h@Uryo
z(4WO^5pV|`*a|9u=hDU3cNwB9(tN=nkChx=e!_9!N`1@&9GZ+>4ECT$S~LUh3dJF9
zIpJ%$k=@8nP(J6wB@oA6wO8zM;|mkMfY)UqpyL{ER?IC@*BK+_<jg!hLq0e0?m<|3
zqJCL>;e5jZ69om_4Q9c_C>D{OBTvWrcF$qI(19RFgA#+9+$Uvx6czn=Le^-XxA-AW
z5`;L)2>BP)H{0*Kq~Xeh1V6y+pT5_c%kT<9Cez<R)YEwID$CrP6$IOb;rSVBc{3KX
z)&)_CcR2Z$g?=KE6<d5HGKD&1fO|H0pkhpL3*L5&N+~9zm5LjWel}3cR;7^PW}9*x
zQ2EkV-o~<@rTD{a6`UY54YFw71^yRGVEs_h^JyCoMBft>HGf`KuGB1`0G^MAAq4Fp
zqNjSDI<s51<V$dH@+@y%w|+4QQ|Ff&`^zF~m!BMn)bBmvtcYwMI<C_|QFSs^RvNB_
zD|*bB&aiLQ<4KL!f6jPPbZ(vCx=qzG95?ex)jEi1PVps9sM3izA`fKVJIAf*2RT^m
zAa%P6BANMA<c_9MQpu`kWHmR+6o;4a-pl+NFGGEss8FPpgNJ}`km?p!;pizF77uK1
zd3omfs`z#G>IZCi4R-iS95g^`BPl>{IAitB0OypM#Sc{|#2d9t<+AD(x?90_B7R|z
zZgPHGyLbjOZEyRzBvRSy*RO-6#DZ&sqoH-UPPQ)o@>S9a)_$LA%fsDG{AOLB7xmna
z27&y5PqUq528q|Y2*iqr?d&cA9c#0lybBLxB_B?*#<L!Wy{T{VTf^X6f3EnKETsCd
zE}wwCZf0tikRoqBVr^+l#a1C45~aRFrhL5l@bA6vf0kGMT`l)t$@$p-NzV75`ECEp
z{ro_J*>7FxKO}zi0LFjfxY4uxjfunvRKWpj{<A9VPusse!2SJW|3kF;M}7CNysAH9
z*+0ac|M;B$R`~aS+0@U-`cH5dc4n4;mj3;F^3J~k-B^G`p}%eFXZ}w>H%7ppr|EyO
z{`Z-`S^sam>%Tcif1F1~CMH_o1(+FryW0O3=g8TJ*2)Z+#^Vpt&A`NrM&HaDh~zN(
zE%T!V9{)w<5KtDP`Ga_2W?^OjH-V6U5t07!4E{$0n1DbLpm)c}#0o^CFa!RN&Yg>q
zKJCAdG@Q+hT<DygEUo`WKlxo2GvxlCEch2$;vc8xf3^TP5^M}#nCMw)f%JmE?D;<o
zfj%(94y`Gp>tA}cKS-C~e`-1a+kfzNTug!KcJ!PafxjHh41fp*LmFUm7kf9`-?6Lz
z3bXSsy2C%-*?(gXJ#ZEQM~#Vr<&P!6m>d&O`S;tp|ARgM>v+w76;omO7xmvC*Ydx!
z0Z2Fm0Br!GkAT1=Mxem<FLVAk7W{@9Iofbo08{2z)4I^Q=vi8RHTiw=_o)2mY0vO4
z@joCJ=O5o&KHzZK*po~A?&*sP?H3hbS3p9a05D$;P>)Ui_6{NiVg_OWVh>^i;sE?H
z25|(b0{H@>0xa8u7y?TSAOH}05WwFW0f$-;IP~O#9KR<A5HQFJ^j{eP3^V{HG5~-K
zSWU{t@PDWQq;nWL85sTVF8|NBCYFB={QbEx%jlacI9kz315+5W{&lkl>Y9NH?*H2D
zW@P*;R`w5hW~IiMH7+aiI^;0#t-W!f@fF<14{>&WhS$iJV09RV1gkEVkwz4<hF_ju
z*n_oBJ!s-j?<c4W4$h2gw2Q+|2|0(EWC$cTBnhM`Bzt5A2Pq1~j5)y>LtPXy$f%lA
zMud5VQZpPBhU3Q`jmQx4ps-MiLy*2=GrDh+syD|UP^fYGGLZxyByguOq`E=K05ZU=
z+eR=@$o=Utm{Lce21PL!BVM5WT9}NcTb5-oe`Q8vz%EA6^Bt1Nm|`L9;E<tw@fc*Y
zgICD13j|>9%BBSzmI6eAPr(X(CmEOc>{9jM8OMl)zp`;M<w#A&hwMkPZ6A|!U}bq-
z4P(NC&9Y+*VMH8)pMI&7B{l%qemfu3-3o~s+>#@v0)r2&00b0>+Ar~Fm|9#L9;O<L
znYykBkdEm<NY{|g$m8Mp$qG|reb^OEsX%iMTBNRw{85>ohfH<?H=s*2UG0jB^YTq4
zN2~{<Gsy4rUMNwYF$-{abi}9J2=H)84-MXy<?UFh`25y@7=P?(5OH0OXLvY}k#CW8
zQ5%e=(^Bx6;kp>TZtmT_Wl#{oZ6I)4=1d^OkFNGes1PwuW(T+t8K$3Yd__|h9x>t4
zz@x4h0~j!H!EU4>7Px^xT4*~kA6Mv{-fX(hV8>oH7`jKe{Y)RexCr7<pKw27JdQ&?
zhxecmUg++L`tVufhf)Uw%FLl6?bZ<>(%Zwg`#+{`QxS5He<J~ef%p-?5s7`{>QhC|
z12=_Qh@s5otN)U)MJvlU`t=sO8`ks?SNMw-$hY9H+eqvLg1xwku|I_*19ucYYKaQM
z<`L~NeAycbz_-K=m!Wqjwud96lh*>{6b>r#wU)zZ21o_$+CgS&>6!?3k<kU)dG1&d
zLqfoSG7Af{YvQ9^>LJF_>&Xh@GXxvl`U(h(aF9<#jX<S-%MI%m?7N1y528>MCG3?1
z&nH<CLsT0fy&oB-s`mZbD98!j9%D+@&y2N2ElUGFB|0=5TN5@dN?*;WN~{OAOPr#*
zWhV+lsmnkg3GHoY496#XfGJG2!q_8)VkAxmrGSC%N8rf7So-B--TpVI@0!E`m9_a?
zje8<209{=_U1iu<IIge|d_KT_zocI3^f#^=N$FmZpBdcoND$O4_2bfYR8OHt@a^Ej
z!mvD_cN~hwcTzs3o(EcI2R0f>r(jn0#-!sGp!%Wm_^N4&S;x{8O@M$v8(0_@gpoBt
zImLi4i+hT9I&wVafJ=&vbfj`6afzpfiYXYvkEc82(ul>@M<@#%!YD*++idp-R)Du5
z<qb<!qZ7epZFR)yLqq$aQ1nTXU=rlyvMYf5;UXurM}l;7U+bEGJ|O5@qmJDr8SM=b
zGW-e(@i}MQBa1!hbC~3W5s#ieqA|JNIWp*1aoPhPF;DXkv=nujg(R5LwlL}u{1~70
zB;}{pdOl_&mMd!5>#OUPv5dn?)+iF+D3eMI)}<3o^y`xBbv^Fv#MM1>ad)^nU!69U
zuZAD`yg4_!-rK&v?f0>=2D_jqe<#z(dIwDCct1Uve4)_tetOQ9q4RdT+N4M-Zb)}-
z*&Ef{EIAOB2Y<SHzCRNo=6y}4LUG)h`IxLz3^ChLHXLiH95+TPqQ>^TAJ-ajBR%L$
zHljj@zoE0v#rt}7*>rS)B4p<i`hBz1mRhEzkqZ5YQd8t<lId(AFH~>1MND4q_Ejvt
zC_ErVxP6Ab-9C9yyX254w7flw#f|2xPQsR7OCS4)s01Uc*|_Y4VcYmxOe%YD>IK6p
z_K5I3mJ@waSr2+R-U)$Ygw;%cO_tW_-nx6M@jY`(qBrj;kpriYNn3K$yXuB^)MU8Z
zO&q<$;^+$+f=HU)@o2aYdgWv9;?2d9O1Q2-uT<==wInT4C;4FV4|t0zJmDNm()x_x
zF#BI?My%4*Pt?xq<8cp@`V1G$6<8JK@*B%-qwt3$W~3~g3sDVcJJBS*NWARPI;;aY
zVyqJu59zEWYUm(!tv?KGf>h%UT7&kZa$AdFNf)GrUtir`TN&qL9cSD1n%pAuoPQK1
z__m%7nVQp<s~%&PuZqN<Dzi425Y1*qs+O;?+ggjxrbnxyQjsQfLb{Y29-`#g34gxZ
z%2T4~cH(Z{{&aL`R_7vKYs`DkR3OAya?6;y7Yk>}883!aZt+supGMGiFk_jn^FVSa
z+G?iVwAvm%QAS%Bv!b+!FmGkTaKbWo2KHkRSW9A^rRy!vm}H&l;v772rQ%qga+3Sr
zI-=+xEew1-x3wyolvUGY=^!sG@tnTP+p%?fd@Ic+c=Z+He$6&=mf8P=s24$NXGMa(
zYa4mfCA3Mv`|M-m$oH<fHHO&5f~^;^9t63)74~Tx*ZBvzy&-aQx=og+%xJ>z<kw!P
zf%IW3Zj6?$%(rr=gXHFi6H?xX`Q+qb{P;q85qbAz^p>s-Iw{P+vUAn?o(oS{eS+mP
zi53d5o8pt^?RjsZL=PV@@6OCB*57?rekj+pIu}5Fa&FxysY~;gTZ|}g{rj7<WttNN
zGl)XK6SF}o3Xnq48}&)(7k2oo#|~=F!4H)a?VJQ<_s5-)Bn_%F`)XLK))&XqFDQ9>
zh^5L#V{K#3I6-HIoksvK=!su0=`<B2a6{g{8+&?%15NSn8zr85JY6)gH@Y;Mm9MYI
z0~5I&nu<DZUI=&3oIh>W6J}9WciW%yC|M3RSmsix-j8?rMk@s@`Q0CsV><^FGe_mZ
z;a_&c@=Y9=bNQtVm`-3%D(;y_r%j>47ho%nFIq7+SC}lN?Xa=yC)kZ8^DUFY#<jP{
zQ%bZvEoO$*H7{~?3D}lt-T)>RYB|i;%A=Yh&Tw|_Vj6Qd4A}|rlPcyH%JtOP5K86t
zwZ%i;o6fgn>~vXu<e5F>+2BKPhzJj+_%D-lEpJ2LFSLIxSE)OZFG9b++;52C)0da<
zHd1&6U&~P!7*lf{C!}Z6j@eaamN4H3lr4<3BGt`JjeV%uH*a;0nZP=igJ@!PtPi3h
z^y=JcY_G!5Kz@eK#pV1}Kl6rUwHC0FDyfiNn%R^h9&Cok*kIhP*qE}yn7ZQYrb5*q
zh89&!av>sM8Blm$RDxe#y&DS@Had+r-fiSsl<aa{>s7Sf6(0J>;ycw&NGI<*?n&S0
z5;(Bpt44~HyKOs0I(CBVYp^#BfqKgnPcz1^rk$x^&K9SLEmr4AnEg-zvD<#vt7>QU
zpw%Eo`?Q~PYLC`2SjC2oV#}FtJ#lxI(A-m&Il~gNLSg1#f;)mO`1UE!yyKA~Vvxxy
zT*Cin-}L1P?R|difDNv(8Way3ETu(k2R7F80@b$TsN1-^1#?~PMn}wLTD5ffCQ+T}
z6t&*TykX)*HsZ2WooNtMu1%6tg4BZEcQrrKlG(6_Vd_SUq;=C!GQo7yA88@|AJluT
z>kHP6<?8$K)M>{sA2Tf-R+Fks#wHw^Plk=Hhi6%fq#<h#Pi1CCQ#uwRU>GV#hs_e7
zh~C=l>hV&%43#$-PY&ePcBdN&WEU&k@l>Q?(|q_U*D0h<{L56H`tyc1ze5sMo#U_U
z7c&Iycz^I!J{>KV8dHKbQbYHxg8`I-xC_c1JZt6;oAS~$hvLDY<d+k3;}p@wI9=)R
zK&n?c-4*O|;Htou<)u&TIB9;r)jo16R%(yBaLUN}<@cuCP-tC{v138Mc=OV?eYC#b
zH!$0l-Y28dCB>o8QxUv+?Koprm++ySccGXU|IPJr`||MW+fEb4>HYb(?G@v@m&42P
zqyMI4d-Kcg&hqwt-+)VSxk~U$p;X$++uQxY^Zn)N1e(xZ<acZO-ub?}^~$$SpXRqI
zG_3u_uJiNF&gM1`kE^}&{TCO+vbCpQ6Wf>7Uw4bklOJ5jy56rK-etUbTRK}?JiP38
zmnZJZ`@}W_5n4MsyWCx_&hAbg9w6uM4j(SOhgMAF>(ZZ@!{+iQ8(G%e*T%nV;Obco
zT+<_Jm{peUHz;;bDOk)VL<fp1EGPlGlq;p0ssf+*)UARHfN6;$#2G8Yp}dzB$tIuJ
z)KUzB;;|B8L!ve}sXftbD{T}PmNeXjl^l;+3^9JKe3f}SNqxPWd$d;&U{*;tE!Cik
zbq{IAJFg73J~>)+r)<djTsg#YVmBHu;QQ>^V9#6=Wzdj4e{~xuI3+(XAaz$Q$Nf<e
z;cyOx?v7ZTdqXZ-Yp(9oT?F5H^LOlHr{vaiyhWPjRweZZ{F8I7b?Nd|4X3FR>%ckg
z&>_sL#ZcPw;sN!yd8Pv4_gkjY+q@|Ysfh6gWu-BZhCGFEYO)qZNV`!>FOrIflky$1
zeRZ_FWLqca9|JC0dkab?TI=)s3nPBHJSut%m@<iFj2nm9zYu;Tq-y@#P~BhY4F34H
z8bD|2w=W6wVE-T=f0zE<iy82HnfSkZu>k(+2iOxEFhT*;o&2uN0L%aY^uqq5B@6H@
z%Wq2XpY7<tnm{}>)1STIfG_NSZ~xC%Vfq6kW&%=|nStAJnSr_;AP5%N+wUWWKTG?6
z)&BGDAFd<d3nS2dXJlvp9q##4@Ap-H*J5I2`sXe2f8{s$o0tDzJCSS*Yz)9~;-74^
z^gx9GD}edW0{TCk%F_(kuX9TGk5j+A4}028T;V@~fr0fI*ajtk31cAqf*^-l^i_z@
zQ`aaatjI{->L{+t>S8GAehJTFACRV}uC{E@bl7OEabG*pNWHw4)kZmfv38NlSHH4m
z^8S7?l*pLvG3Ax*aPe#7;_C;nZ{)8rd|GN=^LsK}K5ifZ>2)AGNy*7c%$lC_JKsN?
zTR=|tCnQU!DmIR`f^JnE*7PQg8119sbN?dwX6r@&?eTELY4#X_xdt1g(FLq+e|_X`
zLtZY+4kw_L1_TWlQEzjQDZyX=(7n;Et+A3+@0_H~JP#JbgMV^is!_9cP=%!hE*p79
z)%)3*Rvnn)st^IhF!h5XQn-4ulON{kk`Mj@D=ml3e6L4WY9n6Gxe~}r&^>tNO*B{R
z13@D%_6_WcT<&T~#Ne${inN(d?Q3sCmy&@;F9wLnK?`hBR#&OsFE5bA9O?Gw_Nc~%
zH77M0Q0k#)Xoci@?Ikm4LCzYUiz#RClQ{4T<vA^QTd+wL*0wr><?C<YRsC0M{WqM+
zv_C!1f7+vWo7U^h(S2K0-eBEry|Y}=6u44B#D?HHeY@R3XV+n?HrT%c1H)DlNtn`A
zLxcMI;e<jLaf#<HX%{j|tCWMVfr&aK+b*)_gTq%^ijM$4?CH@JmQxi<!t&4ey4ESL
z#%_2lsb5ib0!6@~z<P2}1ydza4I%lUT(^8d?qFp#Z0daBh%`(;jjn<R!z~$?{^+ph
z&ZcOr;$_FWhp7r;C4hMI=X-@>$&zb<^lr|G@iev)GrIV2B{@m~p_kwO+P0cV7u3pl
z77eL(^bjrMi6`Ev@Xl=d9?K(*AdbNHp7>0({ceod^=;%`v4gaPE8e~qtAw4TGT@l8
zl&m6n$;Vjp{X2NZJ4r6v3&i9voBM~#_7%pPWf$=6NQG52hn(YxWA2x1uc}W7Y!6B%
z>dLRof<87IHl4gS#1R3p0A%6b_sB16Fh0*ULznLwh;*DchnGGD?<k1x2KVpTFprbo
z>(Sgne=3S%KojZxt=0d3@LukRk?^>sQ|lE)5dnSS_ep!m5oQTM+Lr=<8Uu!s3tE;7
zkF{lK8W>oO!J!LY;YZ{9O;IO!->uZX#815>S-gRdGXp`wzfg6H>eOCl>nN9AbvsHn
zK?<%OTtq*fC*JNO{BYb(Y7AUU3_eziD$NEtj~|iCH|#-v%zHKeUlYDh<HI|upb{pG
zYK$5^3)OI^=FYGlDQDo|oP_glV@EzM!Da-HF5aN8zq+N5-e06v-@(p?{q`8Qe5d?^
zrzKsxmqj(-aQnLLf{erHGfrgTC)IXF+-~L^cmY}Xycs`qZZqv3bz1zm(Hst$rm~pp
zN`I`%@*23W*OxXZn3t7PlBpylOHpS2q(}vHx~?td(FcO(uUE;b9YxKddf4Z&&locO
zWHMJuktawF1@*76_Yex7I5fQ)!MPtDmE*Fq5fVB92!&4tm4zvcJzCPp)3272aI4yH
zn~`uU&M+#*VOkBya#4;cTQ@yvQ`W6MFO45XVr;4!+tfZi7rIuWCbJg=z@vzXsrD&b
zThrA&sfJgssnq0k6t@?CT0NOBAzLP+k&Pbp({6ys$BKBGIm_&z_5zJ3<ad8s(*Drv
z*shVCqQ1egslwV((>@-TFh_i(8#k9ELqAfSuu@BNU=UPp*`em)!E%eKryZ`qxyjSz
z<eV>KIUvrh?<O<Fkv(!WR-OFBpp4J3n}GgUdup`LQ;dsUo=QLW;buf3(ph6l<(q%g
z13tUbEY=*ke5B5Y=xYl2ROlN4yY8B8C_8U4F;8lhJ2zcCQqT2SYzixXx6iz;Ym=ne
z)4dM&LH2p=T*aITjEWrtS^Zi{8_2I}KdkSars^U``A;NxOCSB8Sh9bbrY<f_F1O|k
zX)6mmTbSOujRJPe;3gZ|Syv<XH8gCI!&@+mSfAJKrF9BA5@2$A2feDBJLSrdD-Oal
z_WY9?b!oEO+9RUJls9JOg~9f$mWx@>{o1>GHaydfJn*dZNqOLPZiyYk^4p8;-uQL&
z!;N^VrUDy<CE})L0}d=|S!qpov}>`wFd=K&h)YFEKTn?3&*b)c9*oWbH1c(k(wm!P
z^~$>uJk02gF@9*t$9dG(FD(pHBT@!+e3ZCcqBzs#m&{ZgsT0(8k}o7Fr3mfa#Ec_h
zBXujIvsBd(R{Rth`uwz!D`&=&^GV~$uT~F?t5D9(_FK<Fr$+{8lTfum1=8TU8s;dn
zg56=Bbhj}v+C$#*fj@^vzL#&uNR-8}!s77ZpcTziQ_+StqnC01-q{wV85@bvlL7g@
zKk+y`Nq|^01XV^-j7H(DAq96r1s6>lWrEcSblu|I!{y*v4@6H8Clpzwtzv^VGbtB-
zlQDRf^?jIf+k|QPPqQ;v$ElN}J6Cs(F^!d>YnD@`8;{ew$brvh6^vMms>(N2y}3d2
zObJn=y>-R)i<1j77kAZncZ}FBm{&ilJ9B@~0rcc0%oJ>34w%n-ivvYwU^K@Px%76S
zH)cLb28iv`v~hu~%U4Otiyk%dK*Z5f7Z^-0ki|@5%s`jK$4(L*xqc-}UH#GTx|Xzh
z;P9ZiHn%Z5)6a@7m``;T{FLGa`uOoBK%11jo~OZ!uT;i>ZvPp%ijJVe?<BDqpvok$
zd&yW@JP>t=N?Rga4Nwmww3%5zhhkzP?JzvD5$`Qz!8S6^m)Y;H)5%hg+$VJ~<GVA|
zanYc{hjhhu(=sww(m<hImGxIG7%lGotl0CpS};&Cm`<c(E~t|aQv9xse*47wnwj0L
zI5IrFVBhkVuh5ISHFG6_(^cfWD9hHPs-D%3szhPYuEf?-c2g7!mb9jhlp#(&oXDom
zKv^Rku9C*T(OvV{F{zBEK<%4I-gwPd<OY%yXis(hGU4L;Qq83=Z<o!315E{7O3QPC
z{>kzue&E$M`7-`Q_MaGyszKEu>&hNgFHLaa6VbimSQ$GIjF;&8;{y@Y&Ba2Od9=)x
zsPNttb^NhjQe^i5-omDSR;NUjaZ{S%&gcr*&!7)0DkN~Q`L(C7+ui7-s?OWJK}A`!
zXq{@4a%y_T7EW=k#blBX>uAH;daVR`$nHw|*_W(7e#|v8kLA2Qp^t;vF@cY1muTA(
zqc48)*(h)PY~qg*mnM|UGHm>#GSJzG@F+Z_o`R1k+XB4=K7KG)9}3?@T{msuL~w33
z43I9KDy{q50$iYMP&V=iA<6GZx8Zv6p}wPd%Ph$};%+nd+CYCt)+T6|^mh%tB-{q?
zwJBNEQ5ZRdo<hnZ;SyL9aZS5K-4^TB?nRk9*bNvGZ3(VUza-Z~&yBu>(j(i}>xJ)i
z_RF3=iJlUAgj#*QatjHDLO{m*VoCBkil6P@oNbFg-<E8Pu$>&x2JM1$UU2M!*oer2
zVokOt{0PqMMYa98%$sqWv^O#U8){LZ;{<9Exr*R5!<JbOW!q%#R=BLw*A^`|_)?+Q
zy{tOQmSh{IR|YB>h4x0{8YvmM71{zi8F2xTmQ+(vRZ3N;Ii@<U+HYD&Ra#Y8RlNDz
zwAjzfp-ABj8C8C^Xj|HCoL+r?PCX<&0=*A<Jh_p8=xK3Nf^m{@0wxq=6k{Y~<h0kC
zz!2fy<$yXUZGN!aEPy{CQ&uEJI7PgKM3P_*u?$)%K)lzGA3QfhRyakFoJ5k?6^bMP
zI^Zfmzn867l|Ob<6PPrYoEQ~R808w;EkKhWo<PHI_|+J_Xsy5zNf@aXN}8XPz&}P>
zl!y(g^ex3M1l4aHzYpE9me-h?Ff@UMpOC;;m!uzsI)IIzx<@jEKoBLbBv|yAz%OC@
zBTA1b0P*%CE}z6S;@n5H225euIC;Jp6vL0PUl1`q5Lbif#Q?st@v%v>2|r?Qe-E%J
zuwGuAiC9u8c#XRR-*)KLff9kvMtYO{Nrpq<DgGE>n{r9NO>}%A^JdDq^LrKn7xeBw
zY)8NSqz`$3hWzy-9`WKSe+=;gd4r(+ESgrNeLuSDE6$g8F<1YzH?VCd^V5g9CGXw~
zsPA$HU4`y{&8NSnQ`rNy`SW7Hq1h#HJ{7)YU5O+U-pd6Rm*y9n&dJCdctFb_;*oI)
zF9|G3xhAA-2uVH2%|^@4azZ1ZILnHxLVNSmIh_z$5^)Ji@rt^Bt4_S6>izXb&gHV~
z^;QxZ;sO2em~W2Mbt@tzw00Jq7Sue3&kSZ)%scAe>>p;COPF3de5Sa^GWr6Z*q$ig
zBs-E0%_<j&4bA$Pe~h@OaQA1r<r4hL5Z9I>VMX#jh)#=I5+z|ptRlR9B*I4Gy%S*}
zSa=~aAzFAMN=H(8CMri#c_cC+@aA_*Ru~y887|DS8qN>8?w`6%425h^K*{EJLpGut
zMM<ke{zcwF&XZt8j*!b0at$)7oS>7t7Hy9|+Cl!1^NPH0ozNzGF4zKQ1UqV+usVMh
z+LW^vVUIEzNzR(18Eua{+CaXT^NO=?uH>;pnvk7qDY*QNL5?H?F{(!`h8#zvQGih6
zBzkN03fYHEM|})>?3J{$J_(ujiz6}z)FDa|;v`Xq1Y5AIB*r1DeFO<A(jX!XG<d*|
z08f5Af<>FH6Q<x8DJZfOC}BU}9I~IUKNEP0NKB#3{lXB1WuKka=3%C&_p;@l<)U&t
z!>*x6^&Ag9$S?BR{jXU@HOL`lHw2s7eXk)ChUD-Bmi=q7_vI2+r_s8;9vQ3~9?g5B
z=v<c%v!Np^BP%1eLd8QB8U}}cM92*Q_yV$uaD+mL1#M4}h2$<hkT1M7QFS3lc~Ip(
zVvPv}xL-ei!diCZ$JN8qqs&bL1j-7OkSZckLdQd+1=#ar5~Rim`ZpmVLqmV0BFNGu
z=tt6rHcm7CM6lvOWe>9danvrsfZRs_@*Qm-JK?)rC;t=jKJ4xBA-NCV6V$#8Ies1v
z{}af5H2Fooiw?gV(mr^?X3i_tzFWefY?hE4gc1JeEV&nXbk2}V9#=#ym=Wh_<=RUx
z$g(TkwtlaE7xZ`jip=Ve@!FW`Z-DG+;S>>5l6u4g<O9Ss=sM^+C`M?hfWO~CdZcV)
zOGW;_Fa2IRs$b?8vSBDfzAu24*sT^6%&(Y&PZ)479HSR<_xZ2z`^*WOdF^4>Fr#Cp
zKefnJLP|q<k+edS8C7<S64y5*nw&irm8-6_Yn>uh>WtUY(wOs%Bf;%{q*YpMsOL8~
z+c!MqRhD<u&c~L6-<6FfZooEG-I^;ioP~|j+6XM>R?)Tf4_5_MJ!y@#Rh_Iv!|bnX
zakkz&g#w>^vM#IWcPU%js?L!K>2<!*8gCsJ&_;IZyY0(g)K*G#)D}KT1lsA)8bKyA
z5O`3OYpm2NcFV6O7Zs>n&g3Tx4=G_J8`IrUqtTU|UOHQ!T}q$){HeNH)3O^1|FjY%
zh1<&#0i6Y(She#yO0w~g1Xv>a*d0=<0`(~5G-R!Zh~Y{4$sP1mlc}5CG-RMkXyd*z
zyd75SrUSNd@}aTiz)eGoW}~Ib_#&fnVq>`~bwf?V#64Xza-**1Rjmr*yNiW?(+2Z8
zr@@Ki1=FJ9h2q>|t9iRZ<AQ6sR^mokW#UGwILorqHVrx~@)a~F^y6&mbfzs6Uy)gj
zvwEQP3Ezoa`4XlNleVgbUQly`UHXn7m^aidQaVN(g|owHqiPFZSjfuc<+*L{?3@*H
ztrXsDd67RUW=dnq$3D_N<31LDwh6%EWh#Mgj1^<G)ic@c_n!l1&n?gJ9j4Pa^`^H!
zwb;=hwDKkymn%`i*ISX-nKGNjhPXIXtOG@o<CNv{GK(_H(O4}~MNWoG9wl*QVey!a
zJ&RyU0=|X$4qHZC>7=ftU<`Wo=OI(sa$83m+XtzHZv?p)*A>ZNrpWEWmZ$F<oOqSq
zz0NXv70J|WKyIYgVR>M_s438)kTO3KKA{iEKZiwP=gz6`)-A9;H>#$ad#+<#U5bJb
z>7GRf&5#~u7-@|q(YVk$>_CoY7?r4P1o9$dcoViI-DK<oX*X<LWS7WeY^??SW330y
zde|wx$3}5!#RsB7o!=wh%^x>XUs*w4=sDlJaK{}ELC9?&G1{G%F81jLe7e3>UIMsa
zWO{A3TrR;C1Yk8k$aF(qLVLmw*`-sep@y4azCUMw2<Y9~zb45+dGPal&!z$$0u6?|
zK)`{BISDqa8c>WFx06SKLb%PY!fto2wz&ktpd;k9@-IQnqif%~>2m{$!N9p_Dt7Hk
z2j%w9{8u4Zvl%j^RbjMj2`c>NZILQ`C4kE#@G89=stCM78WjVNO4T1&dZ%<zG~sxI
zEw<E~;j4nNw}hLat%EeSl<Rk`Y&k9A53X*{9xos$k`LFQAG&{Cf?U%!V|znC^m?Vd
zp{c)raD{Rz$i4M1Sq62<xyPHkme*{8dw<G7f33!K&Y2>|6~F7zUV@JP;*!hi(ue2z
z2~ULgTxg1i<fxf6;q5K%_KE4#-(*Y86+SCiXLr=~gLXjjmXYgz_Nbe&XrIFOUYl)Z
zO^cW9hf9vv4;ukZTUxFN@V)qU^SDpSZ`i6kAW3dys>fc`cLX?talcgKM&(kQ3fH0w
zKi?ay``d;D_NYjH+ePfgc-Vl83${*r9qt(FaA-0#IghqVIlyam8D>Sui^Lc7xkioN
zM7|vqP;Eq~!KmGI(Ky@BaT(t5sQ%OhKIKMX8h+@PwROhDqxb+$F-14;VO}yH|G5zJ
z%{#?u1JAe*VOu87XxKf$W5&I`pMbira(tC-zR?G$XZO-hJ_%mjc7p_XVaNm%nVL<?
zkjQw#;KL2@!W=yGWp6V+ia&F~`1IWD!9F6->f|4g7j;&0Yu&)Ty->ZvMdd=ubaz+J
zb(^t+0YZ2n22;8PF}N@}OA`fyR6c=cndwOm%t?+pN=|)pMU%@)%Eug~_o5Pc!F8h)
zLzyI0CC*Bw9|tbPgHK6ON$7@Bhms(Sh2xIa=tX4~R?q2b*DEqQmsk@fg<vYP_#4$F
zJ{}p;9t^s|kD27F5m50@kV_uwyHg(+Nl*uJq(C0_&_50JhA(*&XHj;%z6Y~5OM1e}
zNFpW3ery1sVcma=S`QjJR=w|ys;#Y-8y%vj_!ij#qG#H<%7w(hXHt`}Btpd!GApG-
zG785Jmhh?lWwP$^O5Qd0h2+4y`2Eg%x4W*0(B=K@EyL1SoIwn^6g@#aus7=zS-6-T
z=K9*63@ZNy_ujDM%h5F~3|WX<3$z~w=8PnwYg(vHW(sK%LIG5H+~EA-a4I7+DLo;z
zq@?6@;lc7J=7xK}TecQzNrKV71T*kL=Zn$fz2y0WdRL1ywaEHGBFL<`lV~s6MSNZj
zWoOUmOFOyU0Mr4>OyQXFUTX=N5b=>ve4Tv8pL^~SlA7%d;{_@v%8l@AILTP~%0mT%
z1I5>k@{ohMLi(UXhB9MB1eiFNJYC-I*e-nHTf4YeVCni7u%4%4TQ!Q6lhzA-OtT`K
zOy(Z7Se6W&jLW#CkK%`7m!@CGdW9-kCerkq$V!}k=*qBA^;I(VcG%OUNQjH~8iWm|
zTuYiRw>YHT?3lkes8x7KJ7hc+uC+6t+@Bd7csZm|qydp5iesgHt|=mKi5vE{nUh6x
zKTWSS(ozcM!tV`(^K)Wi>+}<x>BSbxl?0<lMySN6M<?+j(g|kOL^!pcVqs`j3jix*
zdy(a$j1*b=(bZ9I6sdCdaz=CX%innTi4^(`SB%ip^O*8VLZe)rw?I18tUe;LZjFwE
z;x9L{(pJhe4;sh{EfHGg__5W&AEG^wZ;0UdM!OuVR`%tFoWV+SecmkOrd+>eVw5So
zVzr3Q`#=_gVxM%&Y3DxaP3F+n7aq1|O_W_=bl8<Yl5tw3*y$V}hnp|;1nwqgnoTaI
z$3YV|tAMQtMinO<DUMvFcr<U{qW&Fg+~`CR0*|!>LZxQW)f0(UPf9(hf}2VTH$CYa
ztQupp42r+RDpEdPyRw1wuFr=ydRs|Lf$+kfs+@rYB(GklEYnOh<cd*8uyUoe1`ZY>
zvpL;cIcFBZk5T9Su7ZLUd33h6oJq2xb@O!;VLU7r!DMdk74?*lsQxI9_T^`cXkw%{
zDQ}Tyc}Gi4)My-#{Eht-=F{R*migk}V<oPPR{GbNM6~_j&z43TYB^CD##egU<_~TI
z0&dwRbo~ZP<j5}toV}FONLk`52C9bEvB6VwJ79aA5Ip7vG3$|1upxsL*6`#5xFqs(
z4Jg92zDwjxI)%1G)vtZj3R@{r1~$L9Bp>V`f{23pd`gF#7IfFtSJpHodsh<}Etpbh
zWOSe-=(cAfHfG-4(uF^?eb9ILF541w7pE0AolB8fB_M!CEjHVFNE|UH_9KYmqg<&%
z`8f2^XNe%8?{x>9I4z+Z3meTfG&+T>$G7w&b|co|!o`c2@??7<<#Y9<^F4`0%^)i3
z^zC8}SEi23%k<VwD@H6schEO31$(9q<`G<=6yUQ44OlnUEHGSKFgWXa^{@)|&!8gQ
zEO_Dc*D|<XgUxjgnqmF7N1+?JyCK;kuN{H-f-Nnkk-vVm6mb!~1JEK}4);^9r#TSb
zJv`V4=A8$lIk_HFekIJ4XL?dcXZyx^p`n{rESFL&U#aU|7S~?(pYH9Q_S@QBLh!|J
z33n(d0FFPXm^Dg`jWZ-wNQ`5|uULqM<2LG73?Upzn#%!K>R+!Af^L%!&@fJgQpq3$
zlh|1Xa)#9Tc!!^XXbU_%Qr=TZ#u6<E0pj-#TR$rF8ZhL+@!_o?C|0%r3e2M_!^+s9
zdaS_Q=t{SbGN_%HTCe3Zxx1gv<P_&@C@JlC9CC)mltt3pqztX!yK*ODB1h`sMbfxA
zIF45#qC^o5u5qH`$5a<g>I;M&S8g(nYW$;zq9c(E86pP~^<4%^VP{!6t{LSCr3E=>
zaknK=8?LGn3{@)Joh8H6@?~g7(9&QRBFfj8jC7OIqCPg9QZ{KM130Vz6KXm-$=Y@b
zEdUj(xzT;~wPw&caQHEU{Zd5V!((v6eX=j|t}r_2D3=OwHDve*b=;H!9qW<^+6!Fu
zyoEzx`Q?Z_8B_IxBe>j-aB+uiAHCJW!V1=DqAS~eT~4re`Ut>XCs}NE)i_^<R5rF1
z-qp4euO^%;OK%5pLU^PXue({ESPgkO6m2|BOa?wwWvDhhSE(JY`RIx54|MgbT_+On
zL`4OE`U%g&Esxq3Xwmagd0Q+RMzVB<{0eJ(txDGP%u9gv)4|$yXj&C6$J7<uVcq&B
zzGvB+0h&O3W48D8SV7CGl;;XV&1vmW>l7?r$4Z7{(r%efXDxw6HE&xUOTL3pXww(%
zcKs2ru`tNhAm<+tO&XYtdgm){Mv<v$J!N}W+G_$NzI~5hqys6Ja5<96U|4xF;?m>F
z8!o%BK`X=YsRDD1^PSURu5=vjOyLK-EE7aHe-KWUL?;<zPIR5(9|(5tWs<h)W4yG;
z6}&*`KzelF*_hw&al~fYUmqfHL!-*^89*#X@vi~)YlBxvX)JKii(|LZ1hQ2Y<r2A#
z96g=S+JXD!miM*N(>3c(NChePU&V5N7^;lZI=W}botxdP9?DD@^QyUy<-Pvw-)qKE
z(KpT@rQoI@b?_r9Cmu@W-e~i5zZo=6-pD{KjjkC|o87Iy5=$zX^DK|QPR?C#aMgJF
zsG`Z>>VE=<>Z-A9%|g*D;0%>~4zr*qL7d$30M{O{aPq6IP<n$n=(C)>DY{s4h)luB
zJf0RP9?jz^-dcXqNwRu-nohH!i#nrz!_Z4`l5_wIOJ7<HX8Cq9Bu)pTtt4is%#FS(
zwkK%WnmG-siHXJ4T;*L!cmut$R@r)$)HzDkLx9KlN-t(AW9=E%Rec+aHk1DP!7sMc
z%RE&VIXTzZ<z}6*V1xFM&6-b}8j0DtJ;Cv&=mOCc?WyR~%c<x{?KzMJuE8p!n+k$P
zNe5_&#ld4bNcSUsv!rNI0|EM%-^4>`Mjg-x%LfpakWy)DbQPWD^0e;@FMUg*rd&++
z1;fk4jLZ3GSyd<W-$Kz1DugL$H8SFmXwaGEkjUctSqaBES|m-PxMFELts;Jm?Ejcl
z<T4=LmDV75`*7Xe$1rT}tt9E44X}VLDC}9{$z3yG3Z*{{$M`&3JYhn1t;X~26&a>O
zdvl|O!uXQ1Y`~r}-p@RO9S<&JuVpV$Ybq)&`MJJ!&oC8@E*-Dq^J2ifrD4N@LDliq
zE4O4|=v6S+iaKV>dhYDJm<`*+ghTqv(`r=Rli%9`>}A4+O8+M0@HOwXX@Lo`&si_z
z*3T^qMx8#leE%um9AQ#!%*6V({2O~%m;tod$#FT%qTWaoDQ!3B`$r{C<t!`l^c1Zb
z7LutFdNb7H$1rx>-OoCkad%Q<k99EmWXTcM_9VxV;)Qa&ZklH1^KOX>$@2xMhDnCP
zgJeS|yEycr6v`g_f<X_X%aFYa*KvccFxOAoC7(PANkhN)nKsk>oOc!V&{TzY2h<6Q
z;<#f<ZFf0Fl_YVGQW8MYl=i3uWKbV{8{6q>xi2vnSX49df$o~Kx7ian+3#9GUS~n=
z%PMpwrTi(X7?4#ogN`7Ur)h?#;nisI<KPB{Ow0A5{dPqxKVQk7e#X>(Pvv0JB6_TR
zV(dHS?sRFrcq-kbHA_G704BGEGj-SX(K)p1sSx(~{ZfrJ(`w|RVwO&38n9~(h9{o^
zRez5yp(kY9uSlBs^+|*B^%^Pu57153bNNxCWz(pIYKG6_(@#Ms6{GnKDu)s`V?%TB
z(VfaXB#tXrDl%N33SPizH0F6%2QNJ?F7J}CaTy)ok#VE8S!4LGgc{h1dXn(UDZ1?L
zdn2We+-|B;HR@VZbb=JF7(6R-D!-W2GE#EoQ}fc2eeX`Hpf53EXyBVw<~CSKTwPV>
z@iy9jv^({m4z&EzRl#5~==Z~5vUG}>7`@1$O(}of87R>S@FXQ`vx*K89o_LUI~q^E
zvl}A`RYOwqBRMg{+$^Gh1ae>VB~#?dEMlQG40$lMQFqr(k=}Slk81QV9|%Mmo-C%Z
z@BGB(%E#4}%NYzl%x`jC<qGYsMQhaYHcO<_rOck5X3s|4PkKQjm^T?-y<2b2+(_xk
zU^QCjOKYw3E2{hMkrg&G5*clIjWr*H7T%QC!ckhKkPr7d8ko@1X|??7wL?)}^N~J0
z2wc_)t2;23aUOy>O`$3;anrXKlnh|tqF~{mU&&z|N(ocpZ8hFUQBh2Awn{bNG*KFT
zbZ0&PwbV_&P5Ko0h@<)WR=ghRa)rso!`Zm3HCn9+T{6lcKsgtz=}cP2xzH-CM&3O{
z4B-TM?cn7a;(q@u-g@Ymv4ZK;nYwa_yw*?uaRLcpa@vhTO^9@j7*>HQp=fCjLqa{{
zp7yOeI-*$uJ3Bot&S2hASa4WwK32ZX-d$a&RhuN<%ep~?JW)?v;h634lapj?!!-96
zOvfkK?=7&ENA$;OYP^~IGnkGwW~T8Hm&P|~?I`woVn2mTkq(|67_S;Cj5xIkBXUbI
zUsNka_A!+*<&ii8Sqy%Xj;kc!wr=s(T^D<^6J(l;&o*^d0)7m95%-kB&W?{uL-`&l
zN?~s}g<YA*Qm%x()9<8Iw=hRa7EC${L8=_xs4R)K^m%6ZEcX`&#x@0obyr#B#jFF^
z(30?zVu&9xIYI}G5Uk8rxKP5hpN&N5X<jgQ%^)S#uM@V%_zR)U$(PCRnuL!nk=_HP
zf_3x7(Omlc{w`~-HUd}EO9S(+3tOUgpO+N|qe{~ls>t_9xa91&XSRMZGU~I!)AQMX
zCeHa0Z9Oy;X6R`({D{TmZEPt%AM?}~{*#m1eUl>YK<_o!JS+7u&wJS6xH&>l!#JY#
z`QRD<GQ-u5ys@OJ%2iH=>ba7^R+Uu1BI7=3m84_eIrBLQJNTkvUf`nQ>QP(%1<a<!
zr)dzgeSg$&p!|ha{YZny`1M$XwspG6a(wHnqP5pZN)V`oqjX<DUXUM~v+GgT-F#v4
zZKdk-QtNSO@~xKo3VmN9eWd||z2e{;{B=vUMyszggx5J>E9=&jU@}Kqv28w2TJc5z
zt0OpAr9<S*PMPzQTw@veh>0tHvM_gY_S=i!hVr}Z(`;1Ph5dI&85O9uD?{aAp+V9B
z5u+%6vg`xRmjHT$9Vcj(I$>Ir{xnpTj5K^HiUBpSm#(vosI^dd{}RR02Dw-4sj_ap
zZHEjmG#s9%q7y9lS(+PSf8_)HDuF;OW(6NZ%G*mJO;f5@{QFJ_+Om@smu&W%U(g)g
z-#&`S;-JPN=9icP@P!8un9SvAM!P@p<LG8!>H>0z8^qF1rX=J&cI(XaSK8N@M(S9y
z8>MEih;%=hV@-UFGrc4-r!F#0uuZf*_qlK|#)!FH>D+kOxOmXr@0#R!IqkS#v8e1=
z<ncE&<nrKV-nV7H705<9MZ5dt#hr<cEhN)NoD?26qz&JOb|1ST2fHM3eC&56hYowG
z(}ljJdE#?p`rhqPb9y~DL-Sx%nGug!o?L#1wf?wf6d!McZ-K{X(6a;1IA~buZh6!!
z)N<4}Z=a=dG@mwC>Xtg9woo#c8vdCsEp?P+;(-RoBCM`oQnZVNL>Mg_xZ}N=ggCN^
zl(hJ;s+q{;?A7jBkDgRve7G5D#8@eUWH2R0ACG-9jg6A~0rFBlW13)<@SP@A*qhS*
z=<KIy-z`%dgYTP>WQHC;Ii}=SZBK5aNtz(pKwrGD-GeppcN)_waR&I$O9YM7HZQam
zKFam3noqc?m(fs2E|gDOr42ryQE<2th8m82@|WVND)eM-XSR%RV~|cwA)HIvG-I7F
z3`OacS3f8VrAt+_dF<F&PUeK(NY-BTt*wN!<j7-8(gsdfH2^ME;`#Ce5kU>+M{a30
zy|kUm>OWd*cJ$l}ES;*%9s^nooWdSk@@Zx?`usi&X}9t(Ck;$a45pj$EMd0L_0-~8
zTqktS+K037SnZWC!Ll5X@K)#m!ldvd+?OycH}5HO73}TzvNWILk=2^>RJhZvwrU5q
zqqo?R!%y!x4l?ncZ}%EX<cM6xSUM818Ar=-5^FV-W6GyU7UUXR@*SZaoMxN_c`Zb%
zaZK=8hy`(Fnne-di8k=2Mb%l$E)O@nI33n5n<-{YU|vsfzQ;Uh%LztzSX`gE6be(h
ze<xSUpuJk4H&bi+xsOkt2<a-Y(?3U#f>QtL0At`-QBzFAAxx+8(;)A$#<*NAbYvJU
z&GeVc$<D6Pds*}X`K9*PO$q}KpTREQr%2Mm8M4(3VFP05rQ&l>Di=pTrF7k8nwx_(
z`$%Y_!$FJSsriEu^jNN=zSmMD{4&v-g0AEuo&|&z90k0A@W~7YE@mg{WDbfQM$~6e
zR14)1@4cBlx@seJ!!j&^h`fiG9zXQE3c>tiBAy(aEFPoRIi%x_Usp9{<PuD*+L$)L
ze`^t;ayQS9%@^9S%P4vC$4m5Aw;7Jg&BR1u@)_|n!^1AN{3}uwYy?(r62%yd`h0Vi
z_CvTs2ofz!dk~!$AWT~>yJYNEudc))t~ALx_-<_zEM^6KdKk>?G*)5ry4BKR66su{
z-5sbL)mQ0o#{Tj~7}m|5<TRYihT@ab*sRP0hT^H>PUZW!wK8bT1nc^S;(0{*hNDe0
zs6_G?k*(;hxTAj7d}SJ<iPiSGX*Hgdbs7<t*`%cGdV*n?7pz1xl?%5>E859}8F2tY
zcHxNuyL$VD%Gac66RWjse%MYI<@eSU4AbP0;dg#LQr<7%dq+)i%2g>;#qWMk`AxHf
zQmtM=Tvi9x=Ra2+s?({H>9B>zLYrQzb+fqW5%$-h$BK$3#59X$X(Te@S(L;Wu9K;=
z=^uWEttL{DmMY^(V4-K$gEBo=k>n>2&=66x#K`5@<agPQ#?dYT?uT-d-UPKGqS86O
zi7AWaW;YFlko@ph2og!)Up=%vqV`z5yi7uRo|6_LA-5g#@lDLTCq@?<n&zLtkVau;
z8R1x{*pXkgL*ZQDU|<#|!R|<70hoJ^O#Vz+GJQ9#9AL3GEK{Q|;!f>5H!C!vEd+2J
zw0*rsr|@hrN>H2iaJLL1!CW+s^zBT>W&&zKj2q|`r87md?VAdu$0hfL^WpBl__sbV
zTGy{&P)4uMd8D<0pEy$yywVEcj6nSord-Ss+ht;r=1$rTvP(S$V~V%rvnCyiuV1e%
z)|RRLndbsawjpSAYs*%_qY__BJb^lJgerHN-5Cr_)ykCZG~^Q89J-6JZG~ik>6V3R
z3l0uWWKUzpLJRl*Nc#$~IGQ!<-~j>zcL?qf90p5p%i!*A!QCOaC&AqUgFC_9-Q9g~
zcbT8udw1{M{bj#@_j%5oIen(5re?Z&y8C^rs<%YniAmJsyPwS-Kq~-0e+H}FX2&eN
z7avsKEub?J&FmJfZm~^NG@JI~*02^G72cl=v9A+lFtN<dh)_vlG?M5vKgcDB1#U<Z
z$v}4AKC00Id@|HPp(Kfx`1n@JZDeX^M5FIh4kZ>?&KBA*VC|7#fB;X5fdkttZUhRS
z?hjW%PXmIA{cRy6(Ud!pZ#{NxV=XV<dy^K%Lg0^Ee{jf%O===!Cqf>j%#4&Fw?B1P
zV=P~&ox_aXAmVH|FCtg>`o<}1F{}7FWDk(^oEpg3B-+a@?c$B^_mp7s(Em4H@Vj4Z
zxrm;TJ<c-E0}J}$$!Vq}$=x#S;Frm;zC8x&h>lw0-uNK|cCC+e3NA|XAY{-GA?Q&#
zeHR5%dm)mD9X7yjV7dLYgI=a?M$;V|T+;CVboZtipC8+SD?kqO_qRR7#CEmMK>A<A
zZ$OiZWTi0th~7$MA+sFc<V4nTDbb$Z-Eq_m1dP`7hJbE!Tamm{&W!9r?4p*@l1tYW
zIzj7*H7LeDP&O3QXCA6HSj>L5W}GAI#q+YSg>pYflSWn{U9kL6N$OF1t)a!{r_`DC
zsld99%a3{prW0@{AI`h|?bEN8`~!p55x*hxOR2-^GV!Cl)-+Y4LE$W*ZD0_J?9J-C
zlYl4U*Eg!QUuMO`4BURc(0cuFt98UqzICbb4uk=O_QMT6Qpza@3eN{>2804w$(OX)
z4nDPxI%M1qm`;l`(+zfJq@U$}bI3YZgi(Pq>q|jH>rkq%r}JDj_t5;(Jg6Cdx?GVj
zylyRa7|jacH)!wK-Pk7_80OXg9Wy1ZDKl!-50<KWF&CU?rsh@nM#OM2ol_&zuIo~r
zYU|e}%l&SC?_g}H3ChsfAkuB#h}HyTd+*%XYZg&?iC?RnxQ^)7NbE4`KUe*5-09Bj
z#|3If_goJZIHLsPd`iRXIMirBZ-jeKqj~m*)t^GM-t<ZUk%TG@4s?;4oG}6}hAYQq
z_Txrc`|~?P%_84)c%*%hq0T;?!f5*(X;wVle`2m7KK;al@c>`{PM0};r@NCz(gbc$
zLs28_g1@kYe8%gCvTCgTclrd*?!h`~lhUseZj8hlqpmV00{Ap~wDBla)(&mTTo{S;
z^iQQ<HHrX*!|3srAms$~25P|7vlS(9g&}@Nw0z=Ev8;cJrF|`SiWBo!RZ4e(4`n<j
zrL+=#e66<6Yq|L4=db04O*~1{6V~6StSBx>QXg(#5ngT+42&9T)KshE95W_}@kN+S
z{I$g=D?=&`%GhNj8!BW;d^&0pMXBabh&Qkd4aihz_UtwiD9;%+NI(5)szZ^Dsbu8q
zg5x%m6IXccopYQy>tUEqg@tezv9inFF%7Eo@yVlVpw9k=cGaC$sW3Byu$k+_9hs}a
zBi7aze;x>_G*6|Myvkk;<12E+_TW2fhF+AXi~p%isu?F^G>M}+T=_FfO5(h#Vc5ix
z=`%{Y5%xiPNl3^{ebTI;1xb(F&r!<6Y69F?^N^_ShjH4S?^}jAjxw66S@~&E^n<@H
zuf)thNjOzEgx;WPXicX_D<dMSv-(bKDi=G{<gLl>8M!+3wpIv<riSIJC!b(XHq$3t
zN2m`8Mp2lFmhPH8cWadQc*948NZLl5Ob#XoYMO@74_yAZ$tS_wJ2ifox{vTVuQ1P2
zvll(EVlb}ns(ziuoTB!8)24-TB}5~XqzKjXbt7~~FJAauB8jm-!wc~dwy6^c8GSFv
zbm`(R-3IcDWKa#|70|_Q9=b>-eVdtTdk(aFJdN=oo$Bhyi9M*{I!gTB0<RTg_3QOU
zy;@V|IJsHS$LWk2ySZYlm8^WA?5Kc&ro`(~;|uQ(+@=6@<u2NQ((0Ej6Uj-M9PObT
z2b8Hr6vWzsJXJ=6gsh1rJ<EcOGJX3StF8;5_T3NSK&H$3L<_J{<*|vC!jZL!W7c8k
zK(l6VuN_+(PGu{Z)rv@h!D{ud){Ib^%@l`^saK`31YD}DS`q<K469SWd(QN+tFtMH
zTv2b*%D&peXRA9_C#y<MP!Bq=0oBIZ-KX|8>1(rbud$+nbIv3KEL7|Rwo~gAGOxyg
z7V$R#(y6BUwG79tWf8vNPc8Wp>VBi5X%Y38!44rb%@KU_f~p-i?2osj$~Dz3nO}Nz
zvJ^KrOS&DfBbw=Fr#fz60fc7isMh<2#k;od;LKX)huLn?d=woRL#}@PRtHQ-d8tNn
zov8+H9JVKYOFWg}p-w!BYhK?8Lvcxe#i&C=iOk?^+(Yv$6|j6t>DbA5*~B#-+kLRa
zM7MZFQ+MCagT6%9GiWY+&xC3g!_z&vcve$sm!a09INXaFG^3=UvO!y{zE!K5Q#hs(
zoq>&NWuFJ?+&?!}-+L&b0ydQoZe3{#0Goz1cf0U<R-KCLmQhi{k8R>C5-;cz%ZE{Z
zV5{r^(KJ2M1*zMuoIUBYxm5@!b;<?_tmv@n65^YVdjzdCf@UQ4phm`f4(N;9)#IsV
zbE-IHD|o(-?cZiQE@+wstEB9zm)9=qDp)a<b#9Bbc<14*X&7D4v*OC(=SM}~I9SD}
zqQZn($!{@f#q739%NC>n2W(0!JqLR#3z8#bj!9^DuZ#n~2r+TwUyn*B8u7{o45-_V
zCH<tDk;}S%9zMOCCmwZZGGj_do+%!SvC?<uE@dtYM5G@~TaCO|>EUYP9yzenJiS&{
zeUSDRysZhtw6e5h8x(nF8~4g7pVevTHF8ay1v1{mE34i$D=KL+R~p^b)~uk>7we~K
zTE)+Wb!5Ny{#x6G3zTzD9@}$LkFZSEyk$%kLY5Oag3oYJ4ihY-V`5;A0!LVBh*cI3
z`j=It=MEpb7`(CMtOLD637;6$*chq^?ky|vld(3jP&IQ$Kc1#3BA<4Xk5YFeh_m}X
zw@1f-LqWq2KuP*uvM&pzg)jd3Y;tBJo9v{Zq|i=fkpdxT)I~ul@J&84;goRvn9feX
zLh(>|dd-)@sU4D!*{SDnm))Wv)!or1-wkdXpR-SCaTvEJK0~;>h&0!gqi?<AKlly(
z;zk#4%S(P4=|oxMUx7%B>P;W=)@-acEZo4uShEbZE!<FJTKVppE=h<@+%!X8pCzVl
z9G*vhlL`_Y?;Jf=&A74T9PclIC3`W${D1v~Jpvh3^2w3AR-c;c0xv2s*J7TXunYTu
zkFYNDAYOd;_y}@aM?_<mMA7K>%}fV|e%>-a?TsQ{e6=zBGgaFTLNBD%arS!d1`D^P
zRs`FT`zQV~Ki?G3@4l&*XSfYfS4-88huxenm`)Gx0p9TGt>1ua!ZdJB;opE1SxWRy
zjo5&ZK%isxlp@$T1Q<VF2oJFShAMY67e<PmtwiKR0F!PL0IbfMA_prA3w3=1#(V;a
zgRdA*bc2A8SySlXD}1NMH|dS_*yDMA>>?m6Fb6u|O9=2*81$GGOALq?0cnD-c$_>4
z0LOknK8>`SDJdU*VUQcxH~^@WHT4zzdNW~_PoTc6DOB(kA^3{f2>_cuDhwJLFHDr#
zjJ$IE0Omjid<pndN47t8+!-&#0SLgS`yi!f1OWN6r<%qK@d0qzQ;E;ciYHOy7O+kP
zXzBSPAbxNS20$hEwKKg3HlPJ2T{CNHZ+u_NO#<~xPPP)8Q_9<PhwLfCKV@Q%@00zh
z<paKx2Nd8L2hf6?jw%9T$(nKpPe)znpOnWw=m!GpK7rnWoe-P`Lx3*en%5PH0LQ_=
zE5~-Z>?ytXJ(gfB<aBWn(7^b<4Y-B~5HI}ayW{;S^#R-IfyrqRCO!HSsQQT?e@uue
zVq+~KYMW)yA!`b{QK(Smo2E(Sb|mwHykd^(``7I5`*vUdlm1k{6rVWs?>^J~3PZ>}
znSPog(~ANqpwDYuUdwjP8{XeF#ikGPtIYyBx<XRtzvy5-78)t?X=!Qk6@Kv85_}K7
z()!&nBfWfO94=(Zq;RMS&E$UpFI|T&Ee)qY&&TvKtJ<a*&Bv|MI})gF&QuEevRpd8
zP@aHn>27L3qZG@D1Pg92EhWI8&}S1(i=vGe`0laQSGpahxXR4+zR%Lt?050@H)-bZ
zVdE&RM{zN-wJ)_l!jti^QDfQh@gnwkYYqFNiN9uWX~i(L(FkR(7&p33@ZNqDF)?e>
zE?do~uKgBq1$XP+`n?PH=fvU+0kE`b0yj-_Y7coi&^vp3y67Y!A>pL$7+FB!FqJKp
zjRAS+lM+mFR)=@C0!EZ{`P|%RbD4BSsW^IH8MzPgAceOC?k?HeD6^5H5nNXI>!^!T
zULUUeVtB;&KDmw$Fd&J%WR+@l`?vLx65xZ-pF4<hJ`g;B;X?|9Q76np#bZOM0Qk!9
z7A0>ujx5G$d83MGJ~ZZn)^t7?zV)D?ArLd|7a$-8vDR$uDL!T*3&9XG^1qub;Ei%w
z+qaGOx#{?^>wUxwGA4bd8_4dQ875F}6!*_w&vkL-O6xAcb5P9hmE`F4e(-+S9kKe|
zps7>3aPrmFG+$aunI2+#@B<M4O-TV40UBXhlM18~!XG3d4a^HJ^n`wV)`Xj&?`)+v
zX6hQXoEYRO<v%KYb4V+IgqV%0G{76bUGavAA-PW<29KEe&@`u7BL+tb4x7W;QuyjM
zb4D?kFf0qmCx7pfrrlwo@|CPu-+v<4Qz9l~iq8zSI%K<Xn4~npyw>9<Y>sD0ivdL_
zlK$nse^;ZyWCn>xG1AIrAy3PAj4G;DpzQKO*^Hy6QBxD9kaZI+@c{o%sl;H_E(>QG
zLT3NPPa&U1vb<4_I%Hu-_k#s6(rxA?O)*Ntrz|}x##22!g*ERzZx9*}uTnjqG&v`V
z;5x{k&A*6RE#@xYnxF6fO!%2FP|Ev4)J8S+lP;wV!RE-|MCE?LXJf9ACtW-&(~?WL
z7MwzIR|f)uJ^;jilLFtjv@cE$_^b}yyvE{G?dhYgLgNpUBw155n<)5~@o5923PR$4
z+WB%Fc033paw-&}&rtF5;#iB~lgtkA==68}jBp<A8Gav2BZouX1RDs$u4HNk0&kI|
z2ZL*};Q+}@^7dgT7FpGbw>OHoBF47mz%Wl$Q^s*yQ4h3YT9KR8+2dJ!p7cV2CV{4@
zwE>5rZ0nHU#0#@uEq;SJ(wI9JP9^HKKs!zkeEq$_vFJH+@LXKWpOcawiAeO36k_Tg
zF$;&BEpsC58pO=V0lSypF^ZXqHTClj{iCBb<57e<+(zd&_4CZY9oU=OyK8#j+MesY
z_VSr$st1gx=iwDnPRx}TnH6*63!@`Ot#sfiOo=DhKoZAMNJgr3<=BuNZYDdGI_3n}
z=o<+A2K~b>DIM&z<u9HCmxI^wzbM~6vBd7j8x)5rWSJ?ne+~GMrSPfi6DV$<Bm3hg
zBCxY)IX4EysB4^!b$zXYk-kyZM?Xln)THFwpiaN=PoG$}u6|U$&k9CDfQf={`7tF?
zNAsJ;W!Gs}-_d!3so34|(zJ2wz&UMoJo>q+x}x^%vNNGGzjL?KJIHhKwgzEwq3Z|b
zFWFF}>{ZDeHAfF?Ior!t?-4`!k24NjM`H5Zc=0iv*_JtTqM|`!w%@1?)kSUK!)zLf
z&6U&ONj#Jr{0UO2VvZWwzkB90FJ<k%(<Bj^;?5AU;jOc8OtR!kTcUvl+N4>?+rgU{
z+hJ9aC>LXPS|r5WNChK>Nce@l6+%T0yhGt-)CwY}Y>)e#M80TIF?CH$GMLG<`{`zi
zk-z(bS*N>)@o+Nl3vPo?g{440G+V!MaO-+DJ^e>APQI+{TwRI`vLJXU&;W)D6Iomm
z8sp1}b&mJ>=IE+$?RH`n!dpG<Lwoc~f*41p<lU-A`hG9|jT0>g5VjEpN4}XG)hgo1
zB(a2YXcwL;%j|l+xGW`3_t?l-rieI;MoqgkTO#v7H91<SHFytR;fOC7Hm;Tuz^DUs
zGR9lY>*njG!jG;SL+`OEPi=0$8;U$Nd}8WdGw?dq1cAO0=|6qk>cfM?oxAjov8{d<
znkG-A+lz~&`IymhmmbMt_SA7vyJOXW5-Buzhtms*Iyb}j{c)bYQ3rv9J8}=qR8XQ3
zu8Rh+JxA?9S^)S@`gcv`;zZ(X{TMf?KP38<wiCBGs}j9Lfg3BhA^KcOwH!;R!oH_N
zxtaJ1qZ6*2HYsl2Pf2diJvX6(p>>Xk&nLV=<&c((g_qkDnuoQ+kn1+Nq7z>s%l6A{
z(8C(2O_ZZ5^bxTvbWgf-<y;){=xJPUi9W^Ed^@O5%v&OCoLuEqrEv4@2(u~x0tZ2M
zkUfbNk`q)VQV|?IUwo`_IdNU=b0Tv6M4Hzo;gaZ+_oAUu+F{@(e<RT)-etPrlRI3H
z;BEXgdskW#Wrwz>v_u<2;DREJ@VW0D4LLYc6agW-JSxmU8vYCP2rMt20O$922vK8r
zuHu~1H3Hvs^_{Fgh9^jjAy4IlnG6oFEYy!a7{iz()rpT+lULHf^gk83+a{rQdm&kx
zP4nTQRQDVh#cpv)U5Ub4o7A|<KYTpV3}rNx5l%WuFkj7z8#8ZkI+jDh03D~`5hKUW
zKL+Np`)D^)ye!-$(xSwXv^jpn$m=_e7NVMn7tG1+)-y8VlwW2OqN0#(psVh>@)Iro
z)EcLftMoaxmojDmr~#M3zgs%(+Dl^WwEFw~wxrA(jj3-I#GgJMU(~zy3W?D%@%YT$
zVP>5;X*2@7X~3Vvalj{$L70S89>=O{)`)f9g8LH#T=KJ6&v8LY+6yewH4Klp3kdmC
z{*xdTIopB#9FAO@UZD7%8TH6A{X{kU=$6mnu&T=(;1b&Wka&0bU>Vo6XEhetvXR?Y
zJbj*EPPKAoS$Was<d?f99;dUeQN|AimsJdLwcVjztzDWuozHZn%2j@h^2~OOV9oK`
zkM<iHHAA{JP7{;&_v>Ocu=G0H8q?p)jpH)fzAG5`z{w|_j`>oq#q4D~&Gs<h;4-&1
z-(CDHpc>230c2Ft$TVI)-(s)qX}a9KG?Bi=;lTOI;$|>HVWlaPnD`(vH<>7-$2?Rr
zuUOf&QX5^8+E8Y<5^(5sNTN|^wX*7LHtXF|wv>C7B(TLF%kS!OA)x1(+gzwy=NeEq
zv9xV{`{k19x@Fg@T)F_D>Rbw_Zv3^V*V6J3l@gee$60<a^DK9_c1C(rH)m;uX=OIY
zHA|u`<nerTop(4_zE<<nbKNxSd-eT3djZYb6I>gjc@XEE(CF?Q-I(sYci1=cc;Gr)
zXDhk*(V{DWkYw%sviWMg;g$^H7#Ag1^P@o1Y?(iw62u#{Axk<zyklTQ8s<50Thi(d
zGp7xSC+~g8dXzIq3(tCK>hFqu2t7eVTU(IW9R1`vRe;O*#a^qDf;4p@{5kfx_b5D_
z+k?bq5fnKl%1MA4>@o&s3O1TZr$ZZW4c6%eJ-8@LNY8`Js?ycJ#+!Rl8w+R-xtJ{8
z;CYWO%HRYp>jY!YPi20NF_K;UY(5uy$SUsbzB%mo^pTyM;%X<*tYDRU+aDKx7wYKQ
z!D4L<Yw<jp=!$Dp^uBOh_pNU;<vns!Y&}dEU)r|BQTRMe;T*}^(-^WC!^G<0+~Y_7
zG&Vv9@FhdRSd386BVi7d=Xz!6iqm%iE(f_5d!cxjV`?0UP1F>^MZW!v=#&Lz<`Xlm
z3z{Vyrl@^vcKjxCs~#PZvV*7@3N)!?nmC2vp5Ch)6H-<Z3!mI$BM%GYt5w2ckeoTn
zkV!%ISa8ql53o7?({Jw>4~lJ*tCCN3Em48Ok$xs@XG|U*Wlw%v_W1*^;~@&~r3kAM
zxkQSHW5=ac4vB2+7xx9$OwE&Eo9E`wr95^!!Hmphl9pPmhKeM9*Lw<UicRVlBU;IO
zdN~>4>MQu?d?7u-j>oK0mH~KZ(=3KwJ*Pym`~a1}q#1Egl`Ph0j^Z%<sGV-#@9HE`
zS%g{@M+Bc06Hun21k_!gn?iTiQuFN+UPuVc>7+N7p9Q+B?!RF287xzx)S&VuijGI!
z812Qs&H2IX@o<_;NClZ&Tp<c`$=}1?V&~PltYIG|jGl-^%>`)2PKn8JU)hMS@G}YA
zhK|v0OveG`qz##d#BfCoUxQ38DLH%jv&p4LvZ7;OO2G<!qZET@4MB<?tquwbtv@p~
z=5-pKs?dk_d2Zt-30xXK3wh*;F6D;&lwvTJo1%+Z3!B})dcrCmV`rw%F=O%=HH;gv
zjJ!(gIjO?Mo=BJUfX`Wi75Gt!nG%^k@~K9^V;qx6b8<?3?Vgdva~IAu=5iV%f+fPG
zf8Vg$zcnZ0^0Ls_Wi?hoBWL;L@J!rST)bmGV3Sy3vJGtm_ig#bkR(6k4eL3{1`&i=
zisFg|S+HG)fx-D~D9|ww27*QoBQz-VfvBhHo<SIQfyK!_h%%@;)<he<tf#w|R}!Nx
zfiio?uts~NDe!d&AFmz;?_$b07oznS^J0?=!1w{igk7;DbcS5}<&2vk`WVe8RUG4m
z@yE4fK|q{tK&zBjdPPV%Zbm?B-8m>|@1ETl8bUR&IkvH&Cd}XqW!pq%Er-r4O`#zD
zjjR0Aq{1c*wF6%mbp8(oW5Bwf7mYl$ThP`~xp<MEWfuGyOs!j&4okBH3G{)Vhd#_1
z1%@0Kln^`#90?2wf)6x5)Dv<A{vGjZyDyqk?lSUQ$_$D(2-~q=ZCEQ{>(SJa;(mx}
zV}^A_s$C9Ap|<@5-_Q6(D4!9sPK8JzK`4Gw`U2hLT4CHs?n1kVVxar{V*EdxA&w)}
zKxIN_LS@4ANi~y8o2%3ypVGYuZ-=ACu|TJHdP>7J=p+XpS{uhXu$3`qt7xDqzlr}8
zZ>Oz+(#|D4FOIlGI|ow{b-_)k)qw0qc$Z*Y-1~!P#!a6yObr`atR2t}GYyT>-u33|
zFH6`A*bJBq8m<|JdR^F7c!0l5yUDuN8!lyB7}Rz|<sUpKWD5lBVMdjYoST|M(s~_-
zE0pjGp6_2Vk?_rYNaXcUY_8>Rt`%iIBvCVx?K=?Q))1=~t=^#LhHqc}&i;~z^6t(x
z==jN^dm&MDC=>go+gI#DJuO|NxSA5sOt1PQ?d^Rr*&6cw&<9@}O<bv}+uXT#{i{$5
z<&qZ{VXVU8IEwk7q~U&Tf0B-_q0S#~L;CjX@x#89<UmNEP-SxKh%`?B9fk1|I@{M}
z%Z=Obu`s+Q-(wMY89tbCsZo2uYVa;|ZG5?Ug4sq1Xx22}4H||uS4FmvI|l{IjN1tL
zk}w=HbT7kM^bnA%9>GeE{8SavsU*$avoC3e>tuP~2Cxsw&fL#wje0`6pvVsR3hncb
zABi8HAN2{=4f+mOpWRNr9w_)m(@&(`VEyeG*_qio#X7CsyE{B{xM<{-ZP+uoanv+e
zAQUJFZ2*5=X1(eR@m`!qs_c!LKl8d)meyU;6T<8j=Q>~<#tY#}822-H{cU@t&N*Y7
zFnHUS*6F<1jtQ%An-r1wBDbA&-RQ$xFX$R*>vmAPS^HkQ{d%*V&I`63)E)9Tl=kZ;
zd_i)8PV^gU=WfS-)7b9`1!d)ube2u8R$tbLkc6-eg&Y)HlvmFTqq=@Ctsj4uVOcw#
zO%EIHSL^m0RSj)jq~TAiuP^Vag_;ZTmr(F|=SQjx3AdsslY<r#b7weXUtjYBkwJK;
zAs9Qj@;-1ouLBSf-UupoNYLL&!jTpVVtS}#!kqm;`ePNjfZZ^7;MygM$^+$;asAr#
znTgxQHjHNG+V#kqFsoRg68#y>k=F_v<snQb8x+p0>u=J|5+lEonYtYiYz*LJGo`g)
z)jtxSaBY>5D69^Wk_`lkSmQPj{=gSChDT5SENc4xKg)>+Sn^}Qe?m?H4Ej`1=)Q2b
z6PaP-$5pb(xlvqws(F9%4VhN;I}8O((P>z8&d;J>-v6Iv#?d#Lru6}4H`cc-@EZ-x
zZcJ~>;WkQ{-HMPikUAMYyHUI?)(e>_?>d+>xIV0Sa8|E{Q9bq(Yto-!R<A);eb*VT
zQ(^f2&-3TshG^*6Uz4NaOGHne;T%r6UPRc!A?*0Q6iXi;Gh&ZCe=gk8)Tf3wHR<aK
z321#s_)as@A8WcT#eVS%-+eNY-$FctgF-Il$KUKo4yXpUKd`!iojpP<S-@1U?yEE{
zHyqLJNofh^^u)Hhp}#0ZwEB(mPvE@t+BBujR{&WI(_Qq_b-Mw_>k*Owy?6DYB7?aU
zKO{!_(@nR5><%FOhN;M93-J>U3fGh$eE-3&oe%y8+@P&a>1US_OByiM9j*KAO}Ba2
zFH-UEM<Sa|do?XYY}hI4sPs!~$l8+8AvEv*i9U45E7V@`10vh+OWo~DX!rta_(E^k
zio!b{`D7;k!cGB6-Y7%}jNmw6l_;@JoBXYRs~fyrtIgxD^StNw!t-=aozWVaG`1-u
zj9>f{g6AIjaE4hU7_C}5Us(5+&`vF))fy~gMXX4|AJ~dHe*5uZgj%}B3!Uk3;sQ(4
z$3FqBN(m<_Eiw65yj$y=F|;k-s2_Y}7VH^<Xi{8~i)d2&CEf^pOc|!l$oFG`)$2&@
zaB(p4euU}>Zf{7>V3Q?t_Seb`<IFxh(*XdNN2u#)#u#k~JVA~p7HouOVwe|o_+~wB
zFZ^YC8^+F1&b}Q3krHEFVDyMs6aJAS@F_WOzY&AoiKf)Wy~@$MU`CXYuj9k;|2w^#
z2w_#-?EZ~3H}mV;HAgN8Utk1mAuh-6kuotAnPGbMH>-Nw5y!(cdyjE;DlmikiX$6@
zDDVYrAuNaKkuv_rDm2TOj?GX|?KCQ`EGvle9RniG>6a>9owEKI!iACXd-Tf_4Zuu;
zr{O^X+7YC!a}Ydmr#U>}Hi0icF!E=n_Z7yBem6?{!ZVTwwdHsI3GflB{|z;Ca(n3~
z96Q2~i1oxt?_{B>{0rMT^a0;thToV%yS`~?XIuxaGq2mMljw8Vv3x{GLLP>>@Vjq^
z)+eiYJI|c9>4VA-!;j35aP%ev!3XgP$qni*vpu4{4Tc4(4PF;s7fKiI1-An84y6M5
zj_Hix3~&a2mVbuA=n%d{L9}-R{pk1H?)eGxAT{WN>l-&xp0{3aYS#Jf-}1a8>S)yQ
z@7JLsif^OwqOgTd@rP-Dy-DvnOcoqZ;8#059&%XhiB7s84W80aC_{gqcIa+o5G1zF
zGbW~*`BKowl{)<wuRQIJ{3q0JZ)wTR;IJmH{oazeIBR*SULHX!emeUE^BI{|WqX=@
z99l~>P9AK)OKUP`nn$Q5En-bT@RMti!$NaUpPD^=+s3kM&~}ZT&|O`xsoeV}^LeY9
z-EmCd)>~)o)LEx(E%H~Yre8>xemH!ggot1*Wn_Lvw~~6eiQDQqC&}C<)fk_MT+z_|
z4O3xdMfHQVLB)e4QBbbEEMBP(Uv!VX8$xuQLo+5#k`~P-<z5RiXp^H{?sm07HT9C;
zhdFYVvU4<rvgji|opLU`l6(YUIv48Efc~ZrDk&I-Rp8w$QDA`mThyL+M8RG5u-$qT
zF9hdvp>4Z(&BT41Jk2nD5&ImE!Bgix3~RhRbCqZtMt3}|M?SuX=SZjCJ??6TTxFd^
zb4d}Y_Q*EQC(wPQt}n5pzVuf!jMpCc;zUcBF2H0gcu>FdpntYmIDbA7)`e2EstC90
zOTIuDy{tIWOhE_MbPg&CEoA5MZ*?L@*w82XCc+A{(-y@7F?mwpA?RB_=E3RPAm$-C
zWrSEknT~|<Af9$M*|V(%D4pr1g-_W5M%$Blkj=Kd-GoLv8hFr1+Y#&q1p_bmA3q9y
zYipM{XZ0e=Y!AAlWbOpnu`+jn&Xd2VUTJut`i8Z2?(N*dJ#m^E;tcve`?A|~l-{AX
zMl5|qTkE>D=ks~92B3$iwxijTp7g<}hl;tq-|<D%XC>*#y<;Wmk~>r4kH+Emr*gxP
zGoUL8j!iIvdx4VM!sn0JJ7a$$8cT%aL031Uv~?1c^vLY^`o1}wh*qnBYD0xn`lTO^
zCHvzWop%$Rce=BF@PKc|EARVe6t?6Ib{Dgq7s)o$W0wD)<-z_(?dx|LJ&t$yKGA!X
z7?40ceQeG1u{$c=Zp$a+#WRMI4$ZHT`Kr$PN*vA?PzuM}`x8E~Xq_EAupx%xHF^gp
zAJZE9ur$~2$;U{MlBc^AtiuuVHOQ`$ZnuAWbb1;B!+5E7<LJ^osJ9izgq!KkQyhY(
zkw+mCeLfq{D(`Kjo9XQHyDc8D6<PT9uurYe9_HplQNIeCad6J;thR3Cd3DKL^ZcfY
zOpObgw(Z{4(xKm~7RlHXsOtkR7=gmiMyOOAUfznM8=>`X|K{E<x<&4qQK}R|ZO=An
z_JBw2+Tek<jj$|^>HgCMmatnfY1T#44(2UL<ofWbPZxN&v5Lkb@@FY?o-KbCbQ=GX
zk0Ox$%yb|h1Ai1!I8Tb8Pk`EeRq%WF15u=i9j)p5N1|wo52FP3v!T`EX`KJos6Lum
zt_HcLhSF>aWVFp~^UqvP33pI3Pp56%Yw!@BGRT>_rv=El`>--2Ca1_fE|+}Ny)>!R
z*=Q-hTaHhPDqc^uiSjlXK}kAn<=(<sK6v6=mK#f*4oVRtA$2GXIlonpq|rI0W4wN0
zV{~P7StZHz7KoG!6Sf)rRp25WHSnd2u9gJN?y23p$U-;CP$k77)aZ2s;bl1BMbkpa
zHBL^#TBeB`9V)6=w4Qg*-J{o3@8R;A`{>1DF*D!lN$P69n9vt7L5ft|PglZjgPk_t
zr4h4*T?+V+Hz(A8Y>umciyHz|TeOt;@jF*?ZuA|?jBfan00io!J-r^;b&F)U4|+L*
zbW?CS2BG48#MuXu&aOL8#$Jj$bdsK!b3C7KnVa@Cflkj&!T{-TCq~w(x($b?y>KBM
z-!vYYuh_n6ccFcJozdOt1|bd3HObC3?0QAdLlw0*<!5kDq)$5Y3ZB?y9kq7^WqrqF
z30jPG>Nb_jh7COq5j!|TO#feobLKm~gMZ(J@x8c?zIzULRd?Z_T7OaYdRH31Mjrk1
z(ZQWX&Wp8%nz>8OUcwyo+4FuWbUAUzyW#J&w6n^5>(Wp+)S`28T+1CiyJ+f#yw-6m
zTwK4{Gs9fwVqY6ktfPIrX^E@m=>&z4!ZS|!n*$-Go4f3rG<^Z(=vt_;JY~SZSX-r9
zvl30~NE-jS_3n1q+S|IKvY!X^VK(wk0Xc+ND_LN8G4B3k>QN5+{4n+}X%?HZm}V(F
zQ{Dd^3l5&{qon_5q<4z?-=PDr@P4&_FiXjak<b2t6xBR08YJ%XRoaUjAbV47EEJ)2
z`Z^^m4dz<5T&B93T=JjCo$hjf@t5Ys?mr|Nr7@i(_AexE$)TA0gCJ_!{FgWdCqdza
zWYmAhGF33b;rvfTkZV~h|MNVItyQDf(ZuWfyYko#++2JPk7&WMiTqfubf+ZgfD4FE
zjqJ<V0EG8mhz7E^y+#KC-n$OADZQj$oMK6UcmO>UbkRWj*BRQBh|)K~(+t&g&!l@R
zl1>hr)kRME8r(~1O@on51as?)<2v^{n{w4QWy$t3ZiOdWWIDIj!#yMQaCMt}cg!|j
z{9b5lAq(neT(ikh&Zb7`|C@|(-Ze~bP&Z?qP5yUz!VOnjz<x=s;`2=3M{;<sE3jJJ
z=ee&cQP(JayNu^?ZBxE_Jk!+TQKxoPId4?iXBg8%5+Q)&$#|pw-!XQQIoZGF-l!tg
zwenUE;#)@mV-+H9efOU2Z6fWBA_<K~pQ9Yt4wo;Tq)TPx#_4LS1U?h5C}lho5p0bo
zF=`nvkPqQ#{O+$3OJJ({`okpRe_-XXn@kR;Ml~-aB@q)3XGXErYa?tsw*!-xDPk#%
z9e&D2e;<%yOJ<2RbFcg1O85^_P#vkVOi-yVNimsWEH>5P94gZIA6O4=rg<@IG!Y|J
zZa$m7F-)fn38Kyy)`_-F+Dkjm-_uYpM%gbc66Kn_7I&tYGjC|)le)I3vAsn4sdn$L
z1ZG2mcGl*JR}zzOdvl~-PFKOAW=CI^!Rn4Xclq77xpZMm-ix||m9&dO=ij%`LcE<r
zw%#_QNNmy)MH!vBXa^73!?k{6U?o)Bu+$DH-_+C&Dc?A}gKrHxWJTC4Zh|r_!c<!M
zVxUKr=}rEHW;ZxTn=K4MnCv|3j^&G2m-Zv|E{{hpW2(K(d|EyBT8Aqui-*?c<3>+6
z^xg{L1BOtycReXu(Dj9uUgF20|Lft*>0eIQM8blp2olWIa}53=iuh>0mhs{4ZNS`p
z80`zOgA$C4S!X#@@OnquM`K6E9NV{353Sen=b&ZBS=OOu&s5emcjoK`v(|l`6hOV~
zM>r9g+WAl*y>pbc`3BoDOl-rsmV@O<H~lC|uq!AD`CN;>a4B4=ViPM(A<H3+_H^=v
z8LQ+Y9D{5Jl2S$IA9>I>9aBiEB$V$X`<(Q^dTsPq42U(HuObodhEhFV;`-FxJHdz{
z?JWmw|MGR|;a-*c*PXh!9%pXD>JDHovXa!u>TGn-I~`R>sKlLbLo_2_rxz4cc;>Zf
z%E`}?0zCd~iKf_u<sH>)&0(XoZ(-&#4)}8Dv`L)~NW|oR+-5SU8(b^Ba4mjXDf_wE
z1uyt@U4)f&t-G1~Xc~&|wOJEaD6zDda@AZGq)M#tFSh5R{0mubDG<gix=r`ya*@=Y
z7eq-|^Z#WlMZ$t4&pmEe;U8j_tjW3GhPX;A<mkVYyXWvEw(I|i?73r_+?PkTY)D)$
z>r?wy_)m8Kf;I6vH4Jakp8oKuDsykzQf~wKo^%?6eOY%y6(r;gg1bEA$dXw<RO!jn
z@_~P(!vGc4(Jm>Vi)eYIL&15nr-u=@T6@@$b*zUU_ws)v5~a22?F+l}F#ccSLVM7W
zZY+;K@!v(2_MijZP#$CAUlxQdi84mo1jSBU&F1vD(%N`CowNwOJn}EA9MUTa2hobI
zagDjt#Ca!p&V2=Z;w!8N(F(4SjYiYNxqsObFJzZaS2&1NG>Ze|PUGi|nmhd*_-MoS
zx<@sY?A3-f8QZ(&`G}t0lk;yshji6P6VBOh0c^DUq7LiriMh+RdYzYfO8YDXfQR;)
zF;gCCvs*PJpzFV4#gzTJep8Adnucrd?qlNgSsd5c>2rP#Bom<TPv17j@kDmg^;{7k
z7w5ZhS6=MxM+)<Vx8C<g2>y<>JqF6>-I>u}w7$6`?b0QI^fUfVG!U{ilI8x_bP1V2
zu|Un^joXz^5&6ratmIs*X_9zC!xmVMAWP&awYX;iX=7Jl?)u077)r(vD@$K9(WS%i
zzX(0GvLIgbP850DKelbm5@jxAj@_M@G_`IANXo9%_tHdC>1tcmmjQ}yE7v`}c(U=#
zgKPC>3C|ZxlrQ_#AZ(&0h|A4qmC?sH{LHuEnYqeXK1!7dsH|$z0pE)l1a?vsH5D{Q
z{FCBX<Xb=8L+>E}e~N<EoCAiU|40s|f$S7%_#4A-&BS@wJCo5zBklfc>&IYSd`sNo
z+3szEVqA$=`T3U=nR1Ctko9Y(^G<DBZ$h)NuW5-#L1K;3yE^{9&QAs{i5B@dj-)EU
zn`axGl4q4rrqO7+pHj+HjuJL5GDp&QGhQ1~Cg60OZH1=e310kbR&IW{Wl_O@B*|OG
zm1?K4NdcLE3ZfN9r?CkEiQB&{R5+Lq1x2@nM5izqR2;P2=*}6O8>qE2-FW#k@KD;M
zju2g`Z-UffQ4Bu1JK#xYU}Q*Vpu?{|oyN7jCr)@eG(YI}E$8nq#j)Wp?efWcy;$uk
z+v%2Z(*Tw34a1M|9f|2}8Q1lZ80Q9H@D|ULWD;K9x8S+f(O%IME5KOgHkthd0elF6
zeaQx{7t0mZt*qOJENI8qYF%ChZKD*N2Zai@B-6e_Tg%@|+wkkwx%y6Aj!1?>PWi5H
z`EK5jTxnlV3vCiG8I<@G9ts7Rb;&<F-X$9e-9F%w>?p78&lk@}GU?j(*b1x#L+zo2
zygVozp**8ZiTvJpy@1WN<A`>ADjHusBOdFSvGeTbT*eG0z}Yn5x9PhWKvZ!(13MSl
zWLuJ|JQh4i6xrlj1{Y}+0EB0llvjjDpgAw6hn3jm2KcEim6v6DFtBBm85JrdJBYEC
zg*%wAmOsDJu>41nS7Z1o`5PbYyhMi}(v8C3oYz<XXglQV@M#9ca?uuyop3A$g%Z(9
zj6CT$dW9m%LjJsqxIra)xqlVEWoc^z6utkfAX<o#cQL^lW@6xCXrlhP(An}#kM4>?
zr7G-rgYe*JR+O1hVWAq+UOlghMa9f}z<54IHmGOd;VeKpPYw-4853S6-Ab`sb|94I
zC3nYH^enyOD?L(6ErdrRr~95c^-iqFcC$^om7bTcWEQSep{42etgvsz_t>V%ZDPYF
zpe)0+M?vk-zV;^xKn+dj{V~l6Yv$sS(xX?=GO5v~zzC=g=%lZz-L(nm#P-l8J4RYj
z5TTmlbOEx2n0aqHWzKK-EO`~lh?hTZqh<muH<h%!i-bH<!|5NCKT|~&{Zdfj_!Vxb
z66bg-P(%v~cPJtU(L2zSgUAiB(TjuCIk8kk6ke&bKpIa4F_)f96)KlrUm0$jCt*wd
zhgPns7Z(7?h;m_FS+2F)3ZV?v)Azm;*=gHIFNC&v2RA3z<g<7^b&clvY))Gb1QcBq
zdXu+x(lic@rVtKwGVq_e)+|j#2OboG>sFeRfK6i|Hgm_(rj3VQW@|->lY-|ZO=Hft
z4T24c7@oA1eb~P#x$bOMHw4QSek~cH{SMwKt5<}x25zf}Fy)63#?DUv;^egW@`Z%Z
zMusHB_3RF|T&{cIM$PQ(*=vmDZKXLg)<}>C^OqIx=@ro4B-W}Lq}JTydCmYN9@KEX
zcHw1{Bo}rcmsEZ_IlU@!EHJ&Q)Yks^_r2hOjQ_|nrhYb;1mf=?m&>`V+BUmYUWrZ&
z?y();Yw?NU`-o>_71~)&KpnD!LZ`fiS02-+VnB+pd)UIkeapeP*&pEc);ESUXh(JX
zw=@;1!-G-&DB<6s4GBf{6$xp}?phlku@#j#%N2d(Kc1?QdsObyGK*c7abOu}p**c=
zp1NS(OG&VL7-_i39LB0l=uY-Ij7(BKjCNFRzpZZzf2^~I{O)GqeIQ?SI$Q*=zy41w
zyj#cua`WkCkZP5Nx3qdg;M;n*t_(cu1tw1I-}B9^F~_utz%PLLigwJx);t9Ro2}k?
zGG>8Wn-ng*U~@Ob*$aodN0a99SNNLvQ!&c<Zp!bB+?dXT`?88@$owysixjP61>}Ov
zl((-38l~sfat;xGDs{mOJlns?H}I(cRI6L0$)Zx4sHvnziH00Qg?77&&O`r@y3I<m
z7H!nkLw|1=@8x*mR=yU7*(r-H!0!HY@3ePd!_jo>I)6~SjA?6;t&B<OIFpq|jcUwc
zbiqyU&i&$<WUQkho60?-4{bfbptY=?<DTqw8`m8~G7L`<?^@iq4Y$&{TR0hC$RrVS
z#rsl}XA*PG=>?UGJ?{T}cIvkV7z?SeNyHB;P&pp7Z9SiEBGkjUZk~YGA3Q&jBB!;D
zSBklfABLP&95UWKD8vY%qD@0!V{)lV3Vg}=O|h*C^>(ivO4@}2lN&Ab<4eWhn3ep8
zj*wN=S2PbY(S*wN!f?}Wk^3~edafZy_blf*TUOpc>zQ)b6*ZzIKRv$RuT96PRIL(U
zXLN0IxfFc8YI~;DSC>8JTo=Ne&Np?ikmJcR(}Fv9>LiOYTio%$F>T<D(=e`6j(Rv_
z;7wv#(Hgo!JKzaxlmQ`YR&7Ju%7CC-mg$ZpBh7IaG{HO1y@o6}mEF^h)L(<u=N{qv
z3do%E@}!M~1QnTkN|kL}e*%q8ULO7G8|<ogvR!0lt_6;Nk2aoh?UC#}=h{blHm|T^
z&T=%iZX{G_gp66#3jpf<=TMq$)}6a_>IrWHO;Bz_`kY?aVlDHfIH!K4SRgU7mzr`h
zx}=jfjK=6(+RxdZKOi!8#BTf^1a3+zZSLg@H>HcVg`LU7uGaxxP}85kq_=3#m5tY0
z&n~I=z2ru(<T2ENdutodG<51U=5z|GndhWp4wIUkhR2+TQFR;=nHRE<b(NnZXkL2v
z;btJhJHAsd;`3O~rS7$&lrkmihnQpPxoW{EyR%!b$f1`T^JNp5OUke+(Uzf^J>#;{
zSFLF((Y01B=eo2i?AK!hO_HC|mh0z?CUG|nr|OWe+34Pec?}Pruvb4)tJc$ue9JTK
zP*gZU-*Mh)o2>9CEr+z-)F*~;F{r0ve{I1oIUW%Zj-BHU?xVRulDXQ$cy8!M`u#f5
zLG;7v2J<rUY|??1>@{b6OV{(N?;A9a=l3KoQ4-p>3NfVyg^hYeqlrcPHP^q!JSIUl
zQ?qe`wJ90uEeS<Kc?S-KnzF^UI+oUnnoD`VCoLID%UlXyXIPy%=HVOg)!SH{p2lEU
z_F(8ExUN+8{x#EAW*)6#nEnb6^-`RSET@Ts3Lul$BF8D)$dJ+#Rnd)tGrJ0Raad;Z
z@^joVM`07~lGFmQR-s519MENzfBpxS+Z>!#V{ylvCZ04mR_WAM#RH3$RlkdpzvS;1
z=Yu_BFF7&o)5Gec55$Ua3w1c4=92vmW!s&p*8!Mz#3m8>s{ke2bg8;gQ7zl>>lDM5
z{CN+hk{K*3&W_ns{qmGosJ@~lU#Wb5+6r);0xZo}D&C*A1hiPvU#Cd7<SP~zPFoUO
zr-&bZ$(^g8vZ!)OX4KI>*p>(FPuezKrG9vRJ>|7f$atqiEs{7e-cvY|wm4ikk}uqb
z`1gg9%O;+g!pph+J7<7TdbA#B>u<7ErLOMaMt5bkc*)b*v)JZz=6HvBtz@Xl$vu(z
zbaF?h6~XK{a>(<5z0=JppE<%=IX7CfAQ$JLAn|@V$Li+78Bs6s%sI?v;H<WNZiioI
zbZQ4cJ`2anqUkn~12f3CgM&?4d=XUSl})eLAAzGnQhad%bbnnaNV%P~;!RH|-fgMT
z1QtV=A{BYCv>?&Dvv|J_j7NMWP*%!q(QXTerf@FRl}4F|(M*&4&Pn_w25%YSnp&l&
z@mZu=uHhOciAt(gZkMs@Rgs$MGuvUJhNfzH5)6KF3wgDgsM?FmO*mK=T}Q#GJhX^5
zCnxklY?>v<X97!13F}Ln`GeSHIBj?iI40TwG%<Mllht)8!oI0nXpu%Denn<rrE$5m
zSu?6ptHHE!*?M|quy~S|NqogQ4k!17|6sJ`WchHkr3TOWR>76j`BvBU)cKbAZ)y$w
zcZh^>tJG}ja>I7CMfDMg`UD5lH6r<j0@GC_&S7@G`xZ3Wt;d+2mWEGEn4UGn-pIcd
z>0@^EFjZ$|b~9uwOHJI^T%r{s3oxF@hG7GIph!hccItoijjHgbpzw*mPyC&dA!j4E
z@AsNVDuujZ1ZOX|ghMPx<Jyjkb|WoE3;vLD^K)tci~PAul^R9-n)1zSS2wA62*E(v
z0b^59_0de-AQ@?JOCtAS$jGQcwPWH!!_X1qSg(Pj{XEg~j^z@A^QGpF^g#HxJh0oG
z`hL2eooj!sDzDLPYU8}fxN#_n$Q7PLj0z?s%7i^J1k5g)NXCpdVH(;bVyI3P9B-&j
z7aX5P@_?2?baIV;7fap81K}x;xxJ&<gVbN7N(rV=J}Nqe-UU<7Hdq@js-9@GqJ+P=
zZW3V4W%0oGu+j#9z9n%uCA(!_b4`7;aa^-LsT+Cz-7uH+7<XF91Q?ykjC-a}u4^?x
zq4k~9+W`g*4wsicB?4~clox*wj@}UNZgqc+voCHE+%J=BJdB0xYcq~@7^SIY`1g4-
zj#ZQL-j3}pU`;&bzWuG{V=bxj!hA#Ty1G4@O8o*f*KtazuLC%u%mKV!=PC3Rh*wpz
zz>XiR6awW8Nehe}UX*2hD%~r*ZuXjOI*`-0#>VA4VjN;Pzr^y&h~1(0)r~h(b`Q=a
zzR)UPWOrDm?<;j!9-Kkt>#iX-T(qfZ7B0`ZqL(gLyvApCwQC4CC@yG~J~^a=G%wE$
zc`_vO@l?<Q(hky<Pvab$-i2Sh;3_1>pJLg6?uMJdE?AK|1}fl)s%JUS#Pby{OYH#Z
zT@@Q*JJU~;v+QV``3je$R)DYL6v_oQ1Q);NO8|p3(66TGW{=prNOOL*O!f|zTbTtP
zPq6A97d~0Km*Be+0Z}Ms&(RO>LfLyuHbh*Md&2baLrS_tW;f6e&-%N|BSqr%@U=!-
zd?9)E-HUvN$HeYKEKwA*E9gx*3Wq1((<cg??YaRxhR1|q`STV>*aH+UIC+CC^=5%3
zO$iY44LVdomHV0By}G~R(wKK+8QRcJN}hD>^W}U69}4bWjg@x@_!#DRsG4<OR#bjJ
zIlg2$y2=|gMvlJoWbkMPYmfo@t0yy`C)Fi&E%zStDnxqW@Nri!hV(bu?o2AqW^K<V
zCQg)JINg%Un!t^RV?OAkjYA*5gsd3M69=zd3>{ZAy_<4M%5O3UJejqvqE0#8jp*4v
zrm?SIXGz^9=o#lqRYm7+{Y1g;%d7|?to<9Xr;rUj{1rWqx597i#mr)qeGd879&wdl
z25qT!)Ka=6QoD8_82}>|)f!xe@IyGyvK#@miHu_NF_oG=`b8t`p385~Dif=g%Cao;
zdsxSg;WxZuo@s{4OevWSj@tJ@l}GDvCr|g|yEfJnm8&bC>y8bVse7$Q86i0@o)0_V
z#9X~-ADF8pt(Wxh;3bRt#9&X0q+EmOzw4!*#;8~IH-neJ2DITquxp-#dC5g^f_=*M
zN9P(a1ClJCl@CFhLU|9gGc+gGo2$}=KH*mizhVfyr@^`6q?`{06B1E^(pL&OnMmHs
z;9Ox+?1!AL?c{hP)#!zA0#N-$q3ZT)mVOnam%$0j=(@}(7q#kNJdN(p6JaKH*so|K
z{vi><57_<@FQSS{>;V2QBC%u3GX$wUj|69f*<#mUqrtYppq$jsmWjHvKk1x#{ESeS
z4Ocw-(bkF&1bv5hYEP_;NlwDx6en_EXVaNYTIB6IRx|Eve~7ebc020P&ILEp)fh)R
z=Fu*Mv(ITUXdBR8c%&VA>$!J$g3)s8!d@8v7J*J8j)(Zp|CX~vwxW4PvZ}yg*)S=Q
z;M460uK0b>x3OB(cZT`(su3pj!(0*f`_69zk0DgCpdcD*IW(Pr%do@4cecb{j^g*8
z*x4S4rUhAb{+#|>#69gyxd_ooj_IvV;b;XHCr)Eg44PH(>p8m}Ik0P=2Q4v}rl>8H
zB?xW?Ee8%p_q6?kn`%0;oC<_Q?6gNWCJ2r*Y+NNa@Vdp6O|inawDJ``bLwqY|Hyk+
z<j<*3S(WT_B5XbzSdZ}DRqd&{HP39tl4N#fjC1zX<`dz~iu+=IQL;xc1fc%u4shCy
z$b(L^p;P}hv$LljHnZ34>~B3ISoCq2kr|Xvkm8$!cUJLrPWd{CI5yyyLsL7aita6D
zo@y+8G&zNIoXx-mjmWMdYRV)3OeJR-72$033EtxQU}Wq*gb!#5_ZhEnHlRJ@+3_E<
z1~lJ>R4!Et1xG6*-OLoy74&2$`Ma*WjgyHX%$z$Nyo)h&=bzi^JLkT`XpI!t##Ajx
z!=^V28q~;kI8o+x&EHP_S&rn<xZ7C8HGy_q_!{7JdxKp0_C`y=z3mz+!4O}!1OADC
zaKir!xcfD*!rUBe^R;KRVp3M!g1UqQvyptwJqNEjX4+=EDTcRlF-_eXSi(i4nu=Lm
zT$No+AF^ij*8Of&S;f!WJpL8WCh=CP4W_RYFLVnptX{gNs+tNn<I$#Bu6B5B>8)Ej
zRt!PP?8_UyCvU}4Rnt4Zeod(m+EKJdoo=~+>nsUWrV3KTXE-M1ii>>@DtorrNwhwP
zSOS!%vQtn!tn+lW3g=W0YU4dhWy+mZh6*)-9yYZZS{h%_yz4wBJ#*-rehf%v6L2Pd
z)11zJf;{9v?f5!Aq=C1=+S)ic#pgYiUX=uTCB39dTQP;_ebaYFmQR%hyeavkdxe+o
z2mgz=w*YRV`MyMBc4CUm%*@Qp>=<HZhL{;;J7#8PW@ffy$IQ&k%xtf|@3;T=cB^))
zwq9*LRqOUS=icrfl}6HN=1#X)7I${>#Nj*A2VLoG-p?g0bbBX&1ctp6mxSKlQ8=!5
zY(9g--M|sjG?;eg<oxr0H=o`2uGgWD;w;F;;uI7US8n|L0CWm^_;AoirG7d$blE^-
zr|fFIf4+s>YccD5We?*I(%EX2oX_&^eb?|<t-Pzaa(uP;Y`o4<)5wFU1i5R_{IHJh
zCp|Y&YSmjg;vhNj(w;I+)7jg}c>X{8mg!o6?e^+F2}Lsdo6~7#x??O12k#1>cy#mp
zdX1B6=eOf&1Bu<k+34u0Ot<7nVzXn(0|%pqw<a5Vi}@tVQYDphthgaY_J%3R+{3%w
z09W#@pDK^90xXAXT#knm;|SlAz66oc(ihH4o+?*XY9@XRM7AaP6Ms`xwDa=~qot<a
z>MH{OMonpHRiSyBL>Qi@+RzCLXrW&u6QtKyhn7+Y=jxu6C7!2lY~r63cyvFU;B#!^
z8h!QN6g<F(ibChxO3=zQ;v}#<=pk_2isrf+#C<YCd}D(7NPz*4IjYM{nD=OMUp0Ru
z7M<V#n+ZPXK2lAYc&y3)EhB!1cHYnMRaeVe^^&$;AF5y5Eu`<@s}zPmu}Z)zxLoA1
zc#0!3>r*o8)olUecd9j!Z#=CNFGetOU$bZLf4@h5sAb>ZCw4a?eMW7ZTA6yRC37sS
z?L@+y;Y54y*4pwuL=JXcFL7+F>wio6Rs?pjm=1OU_UQlGBg+Uk2L1ROrU#c1gBKPb
zJR+I{X$&UXSE3hOF{MSZK`H{wsF#xwe+|+Gy4m;ZmZ}|23!W@we2=jmObf~y)CIJ1
zj|wBg*q29N&t7kR@)Ri3->+ggpRkH47#P+!yfNRce}vO4L7nCmr&NSwc_|s|!K4@J
z*Q5SQ@*h{4<{<AEdeRB|y7ilM2x45ZnNASQ{HvzlLJp6hQ2v)XN?+P<gmAZLf4l}L
z{cxoTgOP`FAszk~us5!-#+Zs$gPMNO0s&0Tm!|gzBfK_L72;<#cMCc^49OV6=157t
z9K%ur#;+AP_H(H82Y)%frMch#3qx|DisD)x+CJaEZn<N_X5XCFq6NBHoBY3IMq8#a
zE!j7OkZ!PR4#E%U{!QN}obN!09b3WwQT)=Bg{Y+vTv;5RQ3}B6C9lEqLbU8buR;3-
zu`2Y%1#~s;!6Bs+*OVc6dDP&+LERg?f*(vZ`%Afk?>t4$F^l;Nd>a4nqRIaspt@PO
za5>Tw9Vbi%96qB3v0|EJ0y%PFsObN9h|Qqrm#pspKb4Xm8I>(E>MLY4x6p5=mwojg
zU^DuGS0RQ}dFuFzv?jZ*A;wfV3L>mD6ln<LX$Vny8bD<uBxsSbifVB-PxU*eWL?oF
znvh?eA-}ej<FaB&#!wuH6o1u9j;M``w)XMLB**~vdGoZRC=Z7li^3$;7VggS@{YKY
z)1^MO`$HV4^0dP!lZi(P|JU%x3|E2^B3Y)0)ZzaYvW-GovbPZMemU@M-4eR`?zVJC
z?C=08eXc*Z+NrN}&_orZDNg`me0e1jsP`dx_=<BRVW4%Q|4R&>fS*bQ<7N>wgFYJj
zl8KeW0^wxp`#*|;^J&;WVO;#y^^um~PI~!!vIv<K{w>MKsk5R7$4}kx9}K@gN4Gwi
z{{v-)c982@0&wYxWFRlmv~0mMgwcy*$l{Wbhh>cJsKm2Fjygk*sI*1c7kbQ$z$L!G
zEeVF9#_|W|5A9IaafZ=G5zFi;0G^dO!)YgoPa7yMiE>gJs=O|sw=}iI(M_h{Oky0O
z_Ffb_2<XD>@ib6{8Bm449mWp08{6Y+WJsX@3l$LyDT9>~M5sn`=lmq_+(0H1kb@e*
z%8^5E!<j?A_2caqG+C^;R6%BNz#%Wmw@kC%+l=o1SDcP+E9xIu7QwCkkER({p&7v`
ztYIXPJCgaFGj7}8I_#iy-M)g#H_}J~U4MeAsll&E3fg`QuvbuEU4%UtkWc=WD$-p4
z!ji;eP<a7Y&S!vx7=wHh$_aLu$eK~}EAM67(mcUMY+>jSVcQ_;;em7u{t~#GYsbqg
z>KhDuhqu?w;!$Vddvbk+0_H>9qX797`UQ;@3~evhKkOO}Oxhe=dgzZ9q+9qGTfi0_
zc!!v8Gwct^S;hY<_Z}x3U&_F=tG7K=W*tk44u8n)mlQe7%|Oo0IL#?>Sz3Tw4*xkd
zyL!Ru@PV$*?)^W5Dr(sCiQ>+MiaHkmXV69FXm)z*u&9p@U0Zbh_Y*Is_O}ng6_XA<
z#2{aqo_X?MVVV4?8OnwRPZX1)xDQD8PxGV};Le-W4=ZMSqHl_JpqtFlZ4Ib*=mHNj
zji~v&a$Wh4tf2GHpgl3{d^$_7ZN6~$GbC<|XKX@~hoOcs1n$V>J}FUl{a=CipNiLo
zT}4ltVN?eyR=!7O2#^@zr<F4O0}F)qO>FA$O+XU)y5JDKq1&<Ny6R&R8reYYU(ln}
z%AxGEF{k-v9TUkoa+)@MGS+`>y=_iJVVDXH@+nzP2To1-8VNS<L|5ud-$gA2YLBJr
zoVV-qEDB>(c{RDRR6V9gSf9h(wdldaBPo(^KFTyG^zt7}4h%H26-MtJMCM*J8u*hJ
z_%wlj3p9Z=vwLpI{M&o`)GxXgNu!UFS|Xy_GKkq-og$kXM2CWgW@&4;!+fD@bi+F0
z7q_ALGL%eF$S9)4SI=>GF8I@L5~7zx4_Kl%L<jV*WmlgrVe${mEHfYJskT7csCujG
ze5j+t>=cZB8qv*x9m$I=I?b}4Xb*><dt$Sq$Eb~qjuP3(r4(#pmes@Y9%~we9QJC{
z@zCS!r>?@OgJSTUf)E(}ei$Fl>{mj_dw!@B`~<jGGdrA&y|U=d{;NIb`ot-a<iB}(
zGPmd%2WZju58M?EvYLP0MMHk;_l01!6T)>P1dAgi_)bxIkOSo_L)+5t|Nj~u+Lk~5
z|Fb!PZu?y?S2z#zhF;T5_t3<K9s#l2E4O882bc222CCU_wO5q!t1QcC<*`0=3(Oka
z1q4ekZT%YmjBJyqzn&le*oJX@)1|&Cdio|a4O>M$_rg;Bn5f(?3&FGY;#Jz3$+x|W
zpo+EGA5@R*yi}(+%no`Yt!uW(b$(8>Kk^L`s;LH1Dc56u+K3c}aqyOQ1Vu=*CeUn>
zs>I##-Xx|C&Py_W(}t;n;qaZ_5@&>tfZFYG^KJTRt`+!yZWw%%<qD}`(DaGiplHFv
zdy#8UJHF{cjP{)BC#F_V_j>BHsY5LI!@Ci9ec^{B@T*A0E$4{lL9X%1OrZj;1+xK;
z`uk6>;+DBnFH^^+33X<wK6`en!XeW{D?#w9eak;4i|AbA3ipY|?Q253E*QGM+81xv
zqxM_&!%N?8#}A|!Xqq1Engv={{w+;JFGTPf2rn=ff6bavl@s0=@aG&XbEBkF;VJY6
zh;tzYrxB(tO%@F#7!JSmUZ*R@6x*ytla5Q~`1OmT89sl^N287Cy?0qV^uunB(RCqh
z0(g3;3JF*C<9`nde?Xs%-?T6$UYmB*cki5)b24$udp$t=(e(VVLu-Lf0Dov7^m$ym
z#D85k>h?Tyy|iJ3l7*W6@_ujX>)F$}#m|T`243I$z6HhzGX{m^AN=L<XdL3Umt;$^
zrbkvj!*nKeW6Q}7dP^6@%&%UEz%D;E8x!KMzr8+h%hxq{8!(if$}M&~o)lPezu_%J
zJBk*#HH0GHQhn@{|LFiW{rLl6>Y%$eHhC-9H-_=;0f>GuIXvHA*VteC+Hd}J``_Pg
z{1zvM5}4N>pO%v!C|lVOZ;rk|#H&fL53U{on5V-ppSb_mMM5w9l>4IL9Sy6i3O2U|
zY+fsbtVU>p7fk*;CNDGe&C~%`({rezu#gAN*kAcNW=%`&V@XF0>AC~1RfO1`R&}B^
zgV%N@ZY|8b+F1Bi&`4^(gW=wlu|E_33KU+;f@M+lut2#LeVIhvN(JXt!s0K1&sGYe
zp!y?{uuTNcEBpjG{e|GiZ={mx;PeW9Vh?QdC(@}Oqs7z977fnWbQ$6h#natjFC2oO
z&_|nJ-f?n(5O=n|9|%+bd$D>UN6l)g91NSyOV|t@4?9Q5YAO@VgGJDGp&w2bJ@Oe7
z`<98-1YIumelU$1h>K}k76)Z2Q%7bF#qArlWjaF;`QbY2am#6s7fD6aKkbl<Ntzr&
z?@($!`t+gGMXotwlGiR9z7gSkIkZ@fOtEvWe8Z>M*RmMUJs^Il65A$!C&+LY<r9qe
z!S{z;MP~Q1PR9KBr?ULVP06@fE4#ep3Qt1A2xGCNx*6Q$34{;a1lXZJQ6A*u!S;sm
z;lcJyhuc$SdDsVPEsqa?4<*%2k^oydEF_6b35iTI2|!0f!WV*5yzfkzE4R~s<QitM
zf&B8_hd`K(&&JEg;ZEiF2TI_l4Kg3Fs#=3e1}j}nLu4=<)#Nqpr`Jo!TKJT|j2vBd
z*%NDmgUmQSe<kvIVBQ0!oi8+f2m}(TFH#&~H2NgUxUs-32iF&P6I6^ewz<2nY@OxO
zVxiby#r;lu?zf;BvDaY#`qt{>Vlqfy-H^FGAoF^D#qWfS*7c`g=mjQkb;?|=-jSVH
zL8aLc88r@hktf%LC#5}F*b|+&&^+o=N9oJ4?pl7Yg1YDwWNqF+3s$EQTP*rab}2oR
zsQOF6MgZV1)j*8=C_2UC`sU4}j7x6j_pLrO^&%q9UH)Agw<-!v2dnafI2zf#;TFZT
zJ^@SJxM^mFM^Q#f^C<&;<_3JF`#ThO%wxDaLt&!pxP<v0_T6=t`FjO`N!q>dYj<Se
zTHqcnsTmO$gu`5zsv#b2SP(J}cJ>BFBWIYao4-bMZwuDR>etf+C1Ti9cr^Qp*3v(J
z7Pq%S=Z>A-_PBW+@bFs^FSR7n5ACbHOA8ZHWt6Ea=-whNPOBT;!S0bD{{)~lcKXKx
zlkXB6n#1g?jQ1<VQ>y`?pC#*}%I!brl6L4%N^8TgtxA}3#EXxcZEGog_F{Qryz_mG
zk0n$QqYqkA@U5`;TU%=xoD*cHl0Bq@5y`#_pr7_L8S*WCc?hvF{LlBrbYvQgxXm&6
z!*bvbFV{b>nII@0OMX0mjF~GaHDg#hdmu{eo>5#UuT{e&D_qlavchB%ZOh@IR$N-0
zge<J>Cj?`jRz)kP_#?!7@0V%0NpQHHVy_Q)6|k4m=GdnANA4H&Vl(Hv5}3~8-cEGZ
zam49Fyzdj&nhUZmGf7jQWD&AaYfusLQOHmUltiu>J~jr%T{+cY-s^Z#Rw~qZl?n$T
zjoM=yl}3CRqp^$ziRSAiiyGBjrW9{Hm2##UcXIsO879N~u}U%mU0%Z4v!7A1B<duK
zwVxby`0Pv{^0O@GjtPFNEx#>mhK<E?F=Z9#p@3gV@@yGP@&znj;>cZv5<Kzf#Ob4~
z()Ig~9;^BXcEuEFH}?$L^uvd_M0y!PzX;e7kohGX)yJNIJ_>u&QZ5<^I|-83S?UAp
z%;mAn3yTir`f%OF*^!$e&*mZ^*gM>jo}GU3U49XmKBPC!aEFSb1D-dMw^RNq{N=^$
z6;I5Op5Q0=3&vEp?+4T!gIym``IyM=Vn^u;hB0lD!=Fi?7E@w8ax={d6E|`34)-O-
zUOph-lxc*4aiqGQo<=>nTVE%OI@`EYb-LbpO=}KkM<t4D)x54^*hoEouw++GoR8L{
z#9hDZ2r!CK{Fi^fGw6{{zx`+%7yV<E0+U+aImoZPXP)pZdzDpUJ1vy0GF6>bZGJio
zHgA(ZVfu0~-2sh#pSoZZj7ui3EAaMmC>KFtXx$V?m!Z62IVgFwOax~mZ&Cz@pR6$|
zf!n#{8PJGmtxj{AQtBannP2o?Bt0;Ozn|(6h)-mO#uXhl!aqI_PlaV!9ywC9uj@uk
z+nznIPl<xTO?|rCd*dcBhZ=gY=M}DcVqXZxS020l`K`Km-rJOcOiigSO7+w}AB?X`
zv4q%iSp?}pX;#`YuNxtoNm=B&HnMR}NrtbHHNZP+#fDZ#=Ga4;L)6>$OhmRJZ|}#;
z4>DIK({}gGKTo-F=@+~tkM+ekW6+i>B6?*BB;QIa!&XjIGAK7WiPySA$_thS$32f`
z*A3==mE`@kgLkO&OUciFoh&6i48{iRyOF2Gb}Cl=)d-bn?Mu}dIQkg%%B4s<2%Xtv
z5>VVQ*ByGryCu5$Ty+2b@rVahy+-1_sJQ+e;p()nHK?&y3cg*IG`Aw|Rz_zok@}Dz
z5a2jhcGA;0k>Lua)4C7|nojj+sivX?PnFAFrxho3nXiHy^n4nxb$+>!iW=Y;kMpwM
zJ(<$=`vOS@rE7Z0{0gPSVM(IqbcWABi)OxN><o4TK<th|Yy$g)HV-%l$9>gGvdH5%
zQQ%6Xpf=NHzmds)Q$i-8_lGB<R9MrN##ouo;28HE>5{Q1taTyKDzeasIGf)sVFP*H
z0_Vh9rphHk*K-DE^|8c2h7~-sbtAB$O8ZjWV~O2W=$)>0W#pGy<sVOz0WoiV`qkMB
zq5`zoVh9Vo;aMtNh#OIFA_a~cr{Lp0cWJTR6>(J7ab>=DO3>`{cO+<$)@J-16Uuzv
zlsQQ5+n~wsF|4Q?Z>>6!F57GSCm=fI-<z%cbzbq!KI`b0&hbQVUaJtK(duQ8>iAnM
z!_fuiuydP|3f_`W17^C+AG)j1EG^JBrjhD(Q$nGpc|X*w$lLPw9(6bxT5;I47Hg2{
z&%kym)z2wgn+=#M7UVCi)S+MBwAoqb{#ZU!FVrC0oPps`f&6H;>hR@_%Ar9fjI)zJ
z>vHi`jgZ(oCPNxbMB^ePl^QMF!T}bgE9@$><@6C@hAO{)igqFHol0iO=de774KD_I
z=?pJMdaY})*=J~ei*_!9?-n!HC^&)p(JEFF7I*ddP}13VlpaA{0k*?wmBTsTroLvO
z)Avd!9k|Kk)a5Snfyg$uI2PH3cUc3BKaHeZOx|o^ee5YVL-MMtBt>iq{=TDrO=HiQ
z^(ty#a6~r&kO;jUxRiY7Ydgo-aj;M3l#>N0gq4d0s*e>Hb`*s-4`4Hi7+>Kcg=Zup
z1DjSf&ik>;hfatVG>f&&Vmy+ZtCo!K>*>F*R)klC_amMfTGc%DVO#2uxoD77E*n<g
zf2k(6qOV3=5b5C71lDCWaBIj^qN&z;7w8z`SwA*J*ZP<eSP@v^S$)oYBsyojTfG{e
zy1lBrs+_7l*q&`He0{)rz*-n~A$Y|-MSb;ZufE4=?_S?LvDP!zGtRU@YGP=ds9~sQ
zsGq0{UQ*LATm5scxbXaN{~%i4&9~gO+BTDAIoVKEYqt8RwYUm*)~%j@-o0Y09)H%o
zYy~=n{8!g3aT(`)vNHM1`oYC2xAV`230>Xe()|MSs-!_Dl{Hmmb3u~SsdZ}Hcx7Up
zAi8?F3C;3?CJE2*#6oag_?e}NiK~0cedt^4nZeKD?4fM+(|yId{uM&ck!%ev_X^&L
z724?J?gq=fuQ!lZ<-Af^#@6u^qw$sJH}LLBXhV)BdRE0}6fhc|dq21$ih@T^&r)zn
z2A95a$w$?Db16^M#ot&wH)O_5jvk(SJ;!+s+mMg$Gq<<Ojy66J)k*u<xF$Q#EJ>86
zjMPUfL!JD1MRo4r-nb~1o)>NJZWHO$*Q?Z34L|2PA+QX5578`SUy3e`99i0DVmMf)
zG4dH}RvWl68b2RVH#zh6lsn5`Dt2LSqHmh03i~-&cJ5poSu6MOvUFH`?&ADQ;#aT^
zN_pgYU333K|HIO%(S5B4Psq8e;RB)skGo4}{N<j^F{`Vl^nQbVSiz~2LsSygVey25
ziP<4$aWbvTgu_HUUnX3p)}H-D<;3}op;?_{G47eHbJ56X#_<Had#hu%V|GVh>i$@w
z8ux96`;F$I;-Mnfn){f$Y?R$dM)!!)q1YiB*Mi1Q2f3~DhSNque8&DnyF;DwaYfQ>
zW~03L#;Mnq7oiz90Z;ajhWx}b?WHTYS+>^?IO|aXi%Oo6VkeGu<*w4``N7fo7f5e^
zFTGFA$2fwc*}K#mly!;6*wg#g7wuM|>}nuIxwC+G>{<!Taj!!;eqQj<IcNsrPWU@>
zK6z~K_%035?aE!sTpndvm0s_@K7x%ij`!O0ngRs`s@8Y;9)6bPqj$pdx(u_UKao0>
zE`RXd%S&E(HK(u2>FnU2fc~?z3b+9CKDHj5Jj+Jcv)c#Dh%Ok`cIOi>Y}aPz7$2P;
zotz^*i#(Is7WfAF6e8__mmj*34lu3BrKfA<>sIrat_?hzk*<SnM)PtPau;+brmlHB
z8tW$;#~X#@ZOZGVmUTRTGIKBN%-S61GA~dr2<Dxd$LN$FTNK(A%01WdE-+5`n-?m7
z)~~H!*s$>+rk1|$QdiAov_x64aZE&eFlL1vmIv?9?a<A4xEXZ(;KR1Xu&qY#58n|x
zvA@Kv&i3fTIYLmGbo<@ed!ljaU>ouh?po+t_)^X>)-KI=sk5t-uX`u%o<AqEVQ$;t
zv5d1DskXl%dP&tdq;=9+xZqyi8LbleSlcXge)mASQsy1H)8C-3Xee&zb5_+K9y(Cl
z8j2Q*S3Br+-W*Ez7=5J>>V5Qh&k#NTtoE|Vxk7M}%q;~>0D|_s=m!ZNx;Lf|Yk5C`
z;p`pM=h-(4c{N}VuzGep`*_k3@s{A4z~18p?yWc@`(^TJlBfGl?*@aL;x+tDY~u4a
z`AH^Y_D$`*Ib-8v^Zn-p*N5kar@R0#GTZ*;mEb9x6XI?1?R-N26Asv{d~$jJ$d&&d
zRABd){Jh|NEkQ+Uu$2o-fjm<y{&`q+V$V3;7{^Sr&bqFXg-;{lY-cU~Ea~iEOe#tt
z%JqQUR(|7vHzgyXW7VCMi_bm!c5u&oI8|Qb=40=DB0JtO&M~7n9*O*rXOffvbb!j6
zZFacNweLQDtI1<~&^XG||LnO@)zLZe&0x@$C@(}*?1Lt+{fN*fhTyjLS@f<)<7+)A
zS7tGt>cB$R`M`r;$C#c?Ar*tOJgiDJ6?bql?PkF{-^q>53|#lKL-i_Bd$p%>b9q*3
zi$U)>BljW601oE;dTgV{^#E?-&nL;MjMJ{;gCGJ9QpQhj8BdyV3DbD@V70{MD9ukj
zpr-O+N6CS6(O=rnI%nnE$Rw*g#d0PM@lV6)C;$)bnfvVg%cbSeTw0}R@Ul5OuB4^V
z$->df?U?RJ$I$YNEu9Q~ec;0B7&#zHGnNvag7qPb#%c^(b(CUzS!l&)Xbj<UCIZqd
zEq-j=l-MjAx8>tm?ea!%WPxRYVD_Q>0O5jPzsOKdZR0aJ!`9~z^9)svW?VKr%5Pcx
zT(10zhUC`dLsR@$@UpdP{AI(DO|;Qox`zdO`Zz8J+y44{<jg8&{fS*9>v=f$G`mMN
z@6$Sd!RB(cciRokVfC9C+tuwZuxTjbXIP5HJ6>fFkDcRe@E@^BVEUu|tze6MAKTqK
za4hHwQA3Bodw0ZaQ^SQP<$EUIeKiYa-K=YZE(|rX_{&x{&!@n<!OunU!4ccml$U7B
zB{2T?u5<Q8ot3+fKA_@5@6nT~+o!<QWbNki!{5K|Y@S;)m7DbsK!LJB-`hNPek)$~
zuCyv2EhpXxH5lDs@5<n4i9xi;YM}B<i7lND9$s@wrrqMiZ|6iSqH=3?f}mGM+S#G)
zNG7Bv&-D)L50|MKz0fk#x+6%EY@&&sHw8s$GW!#>crNqf>V7(w-<&@v<$K-he&;11
zEyGoR#%CfexL^utNEjSvwJa1lDck50|HV&8{usWO6QKHAO>oR1s)mu8Jg!vVLUoyB
zoA4oRY*wJ8i2E&n<XCa!v_aQ^8gb=8$Vo_~1a^a|o5Oo7@t~uqV^g1*CDq=0^zDz=
z4O>?2z!xU4VEU_5<v-or0EMr5ymY$A!C`@Jk8wlopR%-n+6hQD2HPM17HZ{HvrS=B
zif?5BX{1FqX~hGhG_=k143JPbw!B#kE8cV8Ycb8#mQVZXp0*-)R6Xn8TU+Ry{ut)z
zm|Y^rpL?|Hu3@zq*sC1{4WO>s3CqTBvxHv6V+_F!$a4MAr8O<bm=E6p^C|#18jc%{
z4>%k`9YS3<)emXVZrJlX@gslQMHuymO$mg$ihPo)p4K}PTnim#_e<mgk(WWLg77CP
zd%%a(-amEFhtymk=o$PWbv7s<*IdvgG1-(cC8ptXlviO4dUk;Db8dKDS}^?xHKI;}
zvl~d9)j9rK(N%Top$c4dy{!PVVQCI@u3eq6wnlJSZ9A_VT_bMJcMjA#b7>4}?REm1
z==^qUo5PM0Ni&Y@CtA1A!SEnFeVGbZ=Lpd4$IfhFVj9QB;D$fd71*>j>O2$J7cl8O
zslIL2st&~7^x&9#T1fk`t92QSz4<~p_oT`W5{h&GHnRs{Z<c*!>uMwe2@jx%cHwuM
zbHw}hMvA#hRS{iY27}R#B=<^d3R~9=U7m?H4ZKPm8ch!NQ&VzjpCq?0-YgQdg!@do
zn!NN`s8y6kKe?vM9MpeShqS2ouiWG{?$<UY#eX!pDUg;pvzaVjN!P9LBfAsRlr0&Z
zs=MQf$wQu{;dO9_GW63=Yn&bYq<si^&kHx#*I^G|FnKlC88O#+nQpt&NEQ+6;)|F+
zmME|1Drce5TqdX&*QyaO7q#-lqiNJ>P+AqIX>@K-(gIbCnx%BVjBuufzb#mSoz5Q&
zMVk+o&1bNj=S4=;`@`j-ttFv(`5jR+7~{Db;UVq48LB!qo3k~Wv6%%H@~h$mRF?ge
z=d{dUp+>e$U!g)&Y%G&6n4@o0KrMZ*c%`3iyTq(~eVA^uCHPM@+4k8;IYn_AFD9Iw
zrvQ-79+3~JMUf{dY`%~iIeu}<y~lci-#%ekCdynUGE;6sdL_j_kB5BS^NOA8Hfr9h
z)p`k!dI9&&l{^OX@IA_7F#Kc<e^975|5QKArlDd}(G$tCy0=pjKLYeE6nc<WM$F`w
zJaa#&`}4Vw6#hM8Du|vp8WxDsNse&I9H>f{%#!k8KHum?l&ys*j$@Wn$e(lK%jA7L
zN-Y?hsXrS2#g~riQgqdqN!6G6{Jju=0V)2Y#3#W6{RnE0cGjeTw=lctjO7LE@3zJ}
zFUhSxeQ`Egn?I9A3C2vh$qRzVYmu&eCJmdFQuRWGc&92*(3;>xK@{e_RCh3?ViCu}
zDt?2O`*_kBfuvQ;7Hz;IeM3Ba^&au1L-~@_tg>p~GP8=rJ9$G)!R3^1u3PQ0@W4Yy
zVf^)ue_Hr*@ztVJh~vkCISDdRbjSlyv|WG%XCDdfHX!N>R>CcSgtrfXzYQA=3x}UN
zWFN;PwM3K-i&hs}Bg_uq|HT}%t8Uvdgv2E#$!QXKg<^$*6)W43y+m{);sapb!<dHl
z(V)<LI(@&->)G70{VvtLQjK2umXW=CA`Z+qKexT%2zB`|1;QO_y;tsS9@vshx&V3H
zyRN#oyo&W`zP)pINAb45t?w<LUhZ3Vb}Nv+L2rgENHukv1DG)+5>;@Gq$F5_yLqRX
zQzglVb}8cX@U$2F6a0;76fv38%%Sod_m}9Gvv|dZ5%UO_nU-U*xyg7Obu(zmfyu@g
z6Wcs9+dNA6vizd&NEC;PmOc*rYyxT8f|=1|+283zpiu!3VQ(>DV*IrChvd*1e`WCX
zdzLdM{a%gxy_r%jsV1_~860Ub&;Sth`)_P+3Sk^u{9hj{gJ>2*8Z*q?jzj(lgaSM^
zMzk>C+v}BwylP6UEt2na^@Y45tBy#2-8?b7-{qY1KdvaR+{TruREly{ckS`^KI89;
zN|_GCf^mdToeoc#j!a>~sx^RX|BKkoL2TS(3V>j5eq4PO)9v@BDlI@B*XK)iRPZ3y
zdx(D*<yqEyzz7ztSmZbCB<2!CBzz}!2OJYYG(}_9Na_;9gf_uoGE$JPH7lE|+h&JI
zc&TAt>x^DC=bcT)-$@CJcN7^kY~YH}#{-fFi0Q2=CuhuJksVU!4v!o;v&tt)%!Ul<
zNYKM2XjNgu5sYp1@)))`C6R~^3tyC?l8;9@gCdGZ#KSq5G)w8pOh_Zp!&_ueaqbWR
z`H|$nA#-eToJn_*<n=rXJACG}C`>u=2=qnQ<915t<}6|9AscSPW>J*(@hO&o2u^tk
zTs6$v^f{zHtGdv|gJbuM$;I2ie1hrd7#3r0EGC_8wG?@A*<ypXZxbRevoC1x)Q6*Y
z?YJOZvkH?D+@bpYT5~jHaR*S{80J<9y3YGZcO|D{@k$XtVVou}O%<q13EQ|fQkkG>
zHHwF>VGM{h(GX2*vT%~=CLJ#%4mFN*C{+gla*4x3Xv0H>i2w5l|78$s0suUJ2RwfP
z05lFfC(;`rzbE9qb${NuX1O~aWUx@gr#|vtrluC}EyfL1lf~<WGkF<3K{vLzT1juv
z#dc^pEVX9_W6Z{5gvUD9MIDQL3~_EeF~&#g=3_jCTmwv5U$(s?{`xZcW(@xwmL*pp
z?H`M95Bj>NoJOhlC!JMEp8BeIPY65q(j0vA8t<%r<dGI#cNe_M_=0Um)+0V^pid7o
zCG<_q=mtY>i)zQfQ2}5p%}SOB{|JzirIV$L0m6BS@_LC{HS~Ck8r=XQha~!Aqs`$7
zuFV>rGmg3DJbLfIM;QEF&1E-)^o0)<z1ZtlTk+$+$40bZM}KyAm=`zv=8g5fnMqB5
zVK!^{>^i{RpI<p(se6s(&rx_iy>Yt}uKz7?g;h7@1@N%HnZX(>AN;+2-niX(|Kj-|
zL$~6+!mFA6qEU!sx$55V=y*6?wK7pFW6eLQDWK-^O>tA`9L0yVG5S<S=k30aWzlJ@
z6<bhdAtbq|gXW+MI6r`SA+@KAQ>&Zcx^<(c$K$i_g)x!UZAD<d$+oxlb}Y6E&;{c2
z$18~bdM&DYoC_y-=4<p8@S%Gr=4-!5YJ^(B)y$rD*&2I-wP<CRDM$FcxPLEB9l+xZ
zZel(15co@cAsld#F8Zr-LB1y%7mi?>q=N#Gcsdbe3;gRdQAg0ZYM&41GaTM25NYI$
z8#;;Y?J8B8ueR{k-847p?)`i_k%)6Ix%lgK&@{bT*Q5R+tw~C&_Z{_YYV2U*3U@#G
zz7SFG&U$hBq5JvGWa$yFkVlYW8<d<DyPx}T{j5{5dHD5#>^5~pCgQcYqRkenx*bKg
zjKiwZ8@CN5$Ggh9`2Ma9s|!bq_|hiu0^fpR5%^KBTE<tF+SqImT{?MQoM>S?CF!`V
z_{qc&Xj`M|iF5e$^H3gV=~8*mqObFiFP8+L%Q7<}18ea?x4x0C``2ZanIC8oHQ?-8
zvh{L-TvhX_1Y-tZO%Jzk$YcD{DY4T&dKd`D&F<ubk3c|?bCCOvdE|4oPvQ*DSBSQZ
zZuaGs$rQ_7#=z#v+ii6?oBKc@zZ!$jq+h3odlPeq<my^)s*9fM_Q>OPC+zxNUF4F6
z&FO3HOvt2~i9oC?BZ<T2o5?H6^vz{;KI8h~bXngc>f}}!|JdbsOPYpcVb^aASept#
zlXdeeBhYtNcy7I?2A*(Utm~8eixdJdJxqu}m!%m*lWi1Z^uoGxP8wRa@t5wAZ*Qx)
zo`fq4GSY8{FP@lH8l%J)O~HI-bk8}>!$AzB-Outzw6N>3@H%+gblua?Q^n1!G*QM>
zN<TbtPt~YgXURN0(InO@5o`qo&R2LZ+OOXQemfIXd?5~SUr~ziV`=bgNaZyYq>skZ
zoz{ibVOfDt;mW=6v23Z#Y+31j)9|blQB+OwzHaxpdxI4az`lZq&1AcGZ4xoEU-}3L
zG|CRQ$8AqYZ)|&O4b}sO?!~-iWjwGE+*fPtGW!4>lVmQeW-^`6Ppw#(xJNiRq>W++
zQ4S|Hb`&>tdH4wlW_^8h-#>1h8|;;%quKS+3*;85hxkLxooXLs-A0+LF)F)*C_Y|@
z9j&HxUo38IYqCGZ&l>r7Q5+>#E3L!bf+F15h_j*_Y)`TY%$Ib13?~lKoCOZoa8BVQ
zS9>P^fKKq+_GF(E{RK9fHQ8){S6eT%6xkztd%$Mvgs4zD97qVh3VG^yDvkcZti$8?
z68huART-q(yzxUpr2DjeTVb1$ofV~rIIk2(uWGlos=U$8KZ@}2kDh<E?lq0kt1kZi
z`%LY~J-xoFULHoS+a2Y^EDB)NJfYXU13_(RfuPc77X9wFaL7z;D|zD`xR_3$)qrdb
z{}{uY1tvduh_<phj40v7iKM$2WHBExs0V}X619G|31&9<$l)5j*gWU%eO^wJP0$&o
z>NC$(!<f$-#B>U@`IS|j>j?Aq(LYK1{Eg4r>si@wvAv<I_eH?77ZV8K=)Dr(t*ua1
z7hD5ejM^Mx_>_sVR$CvWSZPh?GqZmWZwfLD!r{X|_lcc&vmA}=TK0`C0&}%8r*HLn
z2+smkwKqkmb&rIQY>tSth(J8JRS@Z>f4*SsHeP9OO?rB0=b9ya0@dSiltL%BIdW93
z_lEj5cY8RU4;EYDo~>xNs*8ah{WB9BIs2Ii?!wtApUKHyWjsmKizNe-TgEOJ6VvG(
zSLO{HA8|XrlU3(_=KOEuldGZ+H$f}Uv>6-ihRVTL?T}vqmw4I=qXgS6-YU%)Hi~7Q
z7<o3p=Z0dL7nEy@lYxak3wv|C+ACN5w(G_w_PdV1&JT`ECv=Fb#?xz$D_5>1r$Wu6
zFRf26k1BePJ<;96PbiHaXwT#BaB3UgttT@%snBoI!N9gTw8k!Yy-TOb><gHAJ_Uo0
zzc`d{o}~3%2(259e+1Yd-trqCf|QS{ptINcC;D7DsuXEhwbHzf?~Bi;qo!7~@YJan
zoNQ6^k!lgS(?8ta-`h<$H;F2upBulXX?W_Ui?{|e=(0Roz*)Ti0j=`&HiY9((O3=4
zT=w!HCUvT|MB<!~7cKVesXpC|$mL=8BJYl7kK?zU&!GHSX5Gu-q2m~E$i~oGEVe5d
z%H9ChNhMP58f;y6)Va;IVzmN&Zc!<?DrzRmyuMsj8D7%xx#M1e(9KiO%F45!*~|2)
zqUC#elh!2c$>ard7{^76jgvK%Whp3tVUd1ncFS%x36UK1Jao7seNMHP35yXK74jy6
z&-niG=vtqgZZ8ouQ8sn^O)cY+!{9QT^~h%}nbr`R-0R`pi6=64XIZdrw)fQ5#NzFB
zcVy>tn<BX}Sb#g^4yvk)!EPVkFWbDpx%h_Z-qTYQ2a{dIHH%}ud(r}y?;V-G`GDFR
z$-RT?>XCKF+~*v>64!!RX7;93a;bY3XNj-TX9Z&Ay=G(Q>$_GCD7`($%vRXbYG9>K
zz2bP?A>*3ieb2t7PJu?4>dk_#OS#`W;%b&nLqDyV@uU0cWP?PHK(S~!P&qB{ei5;k
zp|f&%T0D{+Z_}#s!EH~`!1>Y<M&x6g`}LV|B6*6Z4|MhLf#TerJNRJ=CA%nQGCCyS
zX#9369!ww|M!Rh=U#)BQiN!J#UauW>d!{qpHbpcYTgS-jkS$IF>FopD^OC|TSUlJ{
z*#E4VTWB#sLsHqC*W%mH*rF-cb@TQ2UqKfNZ349#1>|=P6Zz?XEuH4uxPEahq8eJY
z7Jc`OxB6D=tgRf<S?DS82=LSzLT#%(7jBCA<6<XA)TDewcW2t(QuO_`_)2S={-JgY
zRr^;pqpn-ZIf^N)LhXAWu>pXG^6jVk1V4r<Ty=eQ07n4F(qbRC0Ur<jFXRm)ia?|Q
zq$Q5N&A{`sh8mG47#@-{RF}H?J{tp$SKaC(xw8y@d4kCaM;*eVSo-fII)sYZRSJt(
zk{FWYbUB#bQT!5S#B@38GvHw)bUAKHV3v6VmE8)Ug`dkArr35bb&uj&RHNwwt?rN7
zL_6^tbve>NFsy|?x+>uG_Nc-zV@dtdH-(V=^rQc$hm%XyOn&(mH6J&F+VS*ri*)n_
z0HoYHCgQIfUu#{%tfN+q<$Gq(+#Z=an&7W{{llU_Om}O9x2;e+RpJp{?O?j{5X7Qe
zn4@htKr9o)xFcz9VZqf70C%96@2$+ygi>$?7?6QhH?a2F@e<}^Z0-T5Rl_6=2Wh;*
zIRAh|7irG`dhJMwp#w|aKI<8b8MVH15IyRhcMA{#ftK*{YgjT6u)A$$3b?K#gzNiL
zM~V~h)gc0x<Y`abA>%3}gOCE&hf7KxU8OZ}O&E5ha-TIf?(`5gzSSp+F%SfzN7naj
z`i!*2BuWmbx%+lOz)kpq<`FGxPm{Y(wyKbXcf8RlU|Cy6qGTJS)Ytv=5lk5bNzZj!
zE^w2MVt58bYI6YHtuXFB;%CKY#qDZ`Mr}IU*z6cHSOy0%ylt|o5)#^7kXsrADt17f
zSb=(T%d|R%wQ5O<x`JMu0c`v;8aHUPjsZ~D_aOh$_e|VO>W<N$P63atVNo@K<wvkQ
zE!0t0NL67ZUV}gF?;^@~j!de;@}tAC0Lm4UJGKr-ul7H2-}MJ_SZ6jz@9pl45?&Kv
z?vd>IaNmuqg7bk9r`t!xjvyAVjU*uu4`PS^_~1aSI|Rf&M?j5e62(SjUesFgqdw&R
zX%q}{aQxHg^`Edn5OcKyvB7`XKfcdOuOi$z;NSUQciE0?IPXMNrum<7<;zE(!62hx
z50Z}6iBuPWIOY9+PbLTd4w4_SRq3OU_4{DF>Le_Mu+4}`$xd}bAfdr2%!Ldv;r(6s
zD;qt{256P4;NrEVw)*|n^u$u*Qb7{0LE+Y5J~uSDwD|kJKV=1OLyqXOD8`kgw>?s{
zQedkZ;I;N{?nz4{jv%wN$yG~$@!`SDfisy_6MUWALtYbFL3R5Fhy6E)ihABeLAZ(3
zor`)MJ>mxw)JH9z!^-JO{X`pL8~mQ@oO8hXS09$xH&cwK@pivITYRrE#9Db5K2K9s
zdm`;|NaF!W_e7t7b(IA<wZd}Y^yt2F@;~MLy>(73P73uGZOd0RpmoArh>%tTd4HL?
zEnyfi1ZJPZ3%ugv<g8Y#j@c}BR=>vVpEUK}ZU|+m`5ul#Z$N+2#C}GSebU7IV{sHd
znlYX?<@bQ~!=LQIpWd;Js7c>sG|H~xu9&UJXoDqe<nUYB-1oG$Vi&<S{q<~we4bTr
zMoX_ofiO0~u3b<Y?l4ybSJQMu63v7Jna~84HBOyhv)T~cPh9p&SNoJHY7t+Iy_rX+
zijS1lZ7&)P{#eyNT&<k@p5NpBfa^+k-s{3?yt#Al@$%+xdYF5Je3*F@#(J_ReB*R@
z@^pDW;%oo7v(XXoXs#0IR9M8|U!T0mn=2`mg_-34otl>wkv47<o`&-C54Hp!3S0KR
zC?Cc>uN8J9<B3TUW+U$jTN32uC->>d{fasVKXi>YKQto=0feu;A?_&=J33B1y%(vz
z4ioa3p~rRhj=(bAj*UGBODI7&K|Q5?^b-TQVZc&whC;tWOugRPB>YbCPO&UHQV5JX
z3co`QCci_@7~mS#iqwb7XLyIv$7{f8hw0kt?6l=cprY1In723W1_1T?qWYG^hB6sq
zwuHCiy5o8@uW?Q5ant$4cjmamwImQCP{VsIumhaBfs)dXB<n;SxFJ<UPDR{}@#~G0
zVGfVYBO_svVp4*il?f}TF^!XAuH`9Er$RSjRIL@qEKkd^@t;F=jxR7yP>4;d=cM{+
z>6fG>O{du0IES4=UYHxGRj8%NuOlt-%&z2_a7pN_FINap1@Vkm7)2|6Lh5W7Hm7mo
z|IjY2qsXB=B5Ji>U_%*CW|C{;TFS$6V-I+3(`mzdZdJmUK9G4f&kddn4pq`S=Ah*I
zfjtC2lR1-lbh|#o_oVx$a5Mk?m5k*<mlDl@VIU6eoR=`t=vgV%*o==fc<(PhpAyt5
z6(4D@tt65Rin{+^V#iUXLR!e>PO?e^N({I;5hc`gAE^cMN;a+B-vz1}R8THJD%ovq
zs`KBaH_}t`@dVR4S$^Sq(TFL>nnv+51F0Dn<SOrDjbn`@n(_F9ZBB+5^e@@T=yg@v
z8c6$0Vflf{1)#MbNHbDr94xp_x`-?Fy$iaffFh$bg=)3VjSbk&dda#HAJ`Uj(p^-Q
zBE!vv2um+f4Y4NIwFJ)uk_0(>sunb7NQFp>rs;Qpk+T?=915Po%%gew<LskD8w(DZ
zSpFn_)Ad5W8T>hLHNofi8J~uS(mSdVAd$D9OO&L9;s?z!O@aWGcQ~_I0ShPirqpJx
zfLY-!ZS3vWq_6x2{&-gAV{KSF2y*ImM7=RXb?{O_DhumVeN$o1V5{bX4hZK6cuQYI
zf^tdP*QbW3zH((E=q%#}$%>F`9+@5m#c2f5CV-aqjH+A?`n7k6byJh<CBiTLz<4L<
zqadPi7T7IPwp$VCyk7wYy8sSp1?J!QrB~BepH8p_olqT4W~U;M%<&(G0aZq0544p*
zYer*@=!E7E{0b;`b-1Q~!`0Ev=qh;B!_oE$VhHqIecP8(rCf&gDIuVLx9Kwu!Tc7I
z`l&iCFNoNKI3l$7dpw6ipM~->;0^MWd@{x?2b~jP6tXxqGJ}hGg1%MU2mL{BzuQnx
zW{>RG7c;IQF0yQ4xXq!>9QYQ*)3H`WnWzI40`ENMY3`&UEF=d|;<>uI86$o~^tAo7
zJuO^E@z>Ev`4D;i)M>f=^g5oFEW%UtOytZyrMz?rj^Iq}%rKXpFm;ZaJWq`Z`v7~$
z_=s+f5BvwoUCAXN;|JIS<*qsUBo~T95jF->?-Rx@^OC-NO>f2z=&`RRUD4A_MB*V*
z2A!Nh!{uBK11_K;_@RQ}6~&hKh&Sy|to#UrX39sJ$9i#4b_A_eDJmrttsE1L>4GMe
z%C}TqDkW)sEi{@DfgE06W+ZB)yfID_+%x9=?xo5wx!T+a9s8UJWqZSN8T)$lEn_4i
zU<Wh)v%aZd_6`Jpo~-dWT6bQZs<hzOJmW&8(75=7;U%NQ8%&3?#A9=;GX&4n(lJQ>
z!ZG30<q_PwR`F6Ho=Hka1A%hh@SEEN_nOa&H!SN3wF9G5#}UVh$~r-fo)yQ5!4<z-
zIzy}xy@c+XjS<6ru_c+rLdx5?8|0?0ybf^f+_y+)6;*1Q+WVg-XiZ&J6$W?-90`p>
z?#k{cT>4>xjAC0nBjQO_9p%4-Qy&w?D<W^YZuq5b6r1!JRuiIQ>P1S$(zjyGfz5R|
zPqlS0CJ)q~e;2$*_#19R>j)l-M~W+Op7zbm&vP7N8uw}A8^4Ug*Bul|&yp^zur3GW
zL;lqm;7-G5+g494lbf$7Jhq?R9de&xjW<cjV&)t0a3l}IWmH^<Wl=<*Or=EOM1k@T
zWj4&C&0<kpK+7mWVVeHv7lqo%A^MB8lg0!Xo9X`u5kRpY+5BGI!Q!v{k;G{NZa-4g
zPn8ZRmJR#C_g(5<ka!*<Rt2fQW(Q8~Urss?K~jnzQs6-tcj6~m2J`J-k`wbUfsnk{
zCoIM9k3H!nRN}*wErW3d!S70Zl8}RuV7sixvi&yky*Af_b)mZlzPlR;?86#o>usB-
zA0b{7hL=+s&Z;grPvtP`x#>MOPW*Put34*=>ip_w`85Qyd_gxEqZ`olJi+&n;hBRT
ze%)2zT}7Ue_Y0K^ospFp-5WA*jY!vvUHy8me%+>Zlsnam{n|JH$4GF;0S3r}7p(=+
z7Pz;@ugA;*s8)tj$wWy`SUdkzOXrs%>l^gE)Url=EhmgP;<y}%nAQ^8XxnHDLh2CW
zo;3E$?ENOIUkSbu__sQsuWFW{S;l@UFfJ|>+)rsgC0~7QIV<if7OZ-W5u)Zi4;1MG
zk{rTq!x1j_SqOQ2x9D5!vtQCiBi7-h%J3g=BwG0<0DEZQ7#Nb&2PI@gCrOc)s9TJo
z@7NgP)LDXI;5Z(lT7VT>6g@piSPXD;G&3Aq4`Fhp_{*!Zshu6>HIdG9Y71q1k!K6H
zv6kxQsOBBS58*<=M@(gRbU_P;`{J?$%EDQY0>Y#?nHkQczToT6WZrk)cTV%0&18m(
zY>MD|aM~YvhKL|hJggCPxU;+6;@a*1?N3YxsL7L8WuP=-Yd<5}?aR>$oOG60S8y;L
zbOEH%iK#Rw3yc90(&!=~BAZgUZ5XAR@TBCKG9Al;5&slX?PWpjR#56YFC@N~`WrY`
z1_1||kCz#wfQ|SYrxY(;7PJHOS~g}4kw4fY1vITBGG>imOSNB%EwcUEN52gMpo2ZM
z<rmPf7TU0OJY?Vj#_>F&5`)VMXjsmq)RYhz$EAcQ?J%*Dy<{1ZjvW$>9rF7li1R2D
zfP2^6FN6~Eo1F}CC4$o&*?yd~RI?1)(OcUi!vtk<jLavMVm!%|B>Q$0btk#A;CaSt
zAv(pRsp0z=GpJ@}8uhZMZAiF>?$(aNouIlTXHR9Qj8n};KTKHer@DkL*8bgQ>#ISI
zQa?syn##~gV=WAKDRr6q_B!)QIhp!T2e^hw&;7Ko(v3=Vnp<ym7}uk}c9Ng_89b4@
z&m`WM#a={TAho#aD|QnG3s8o($C!gtOz4?L+Y8}lppqmqn4>vO_&H68e@&2kBB!63
zm|L6w@jxj)lgYTz-AV8c5qcnoc4uH3>gp$qM`*^efpLIdj>a_B6R{PsZ5X~+MV-+C
zNZE=Jb)p5{srJL3m-H4i6US|YnPb{uMs+&Qqs6MIp(^QMNtV&r7ql@4sHh=JIg^1z
zQ6(LKl(QJ=JX)ZN+79u*QL!L_Xg=}3yNKq|n1uf;0;GkK{12|ge%Sw~Z{ac;;?k-R
zz`qsdzkU2OY>;S4RY*ZwUd%}tX!LKOh=MlaxRbE|gu@fgC;An%Axo6e{FZb!VJxj$
z6Dy+;k^HZX`)7-POF5fJ2K?JR6x5a&`b#*}uI(QWK=&nGbNp(pSIyf4t-=MRt1*`Y
zMJvlF^zNnqn=BX0*lYbhZ7a{I#F>EBM69D9FZ2=3;pnq@ar7Dt=Z`KFPRTB~N`zQo
zFtf;hZV1+eIByKYr_cw)jXUp@GJOo(R6KDj?7ql~3a{`{IBYJe=T|Y<{W=u77Gn%c
zcVnbe5&=?yfD8#^ftShM0PQe@IH^(Ubm9PB_cmU<q1^x<REoV}h0!Y{R0?C|fEWe=
z3W4AZj6IARSA4p=Li26iXEApw%j*;(Js%ApEEC;WwJ+{(Q(F9V+2U}#K0}GX7@$5M
zl}}6hPOvVjz@FIXH1lZD6A{M>rgea|@LLSVI%gZx$Sq|agBZY@GVBOrowg0jFrxp6
zG(lFJHdaJY)WNCzNVS3^F9c8l5JQao&JtlL7m*L(Vr7bAiV~8qtxdUSOv0A&Gx^J$
zGj0yS9f6p$dIaqdn5nL`6iODD=?1DO{=*7kNy7{yHV0UvrHq;f;iFoE??Y<)W%d8`
zN$c~TOp(kS4dqcL9ZA-T!W0G=h6+#>>bLRwn9IeANQff3EFl)+!gmRm3L-{h+5GGX
z!{Cah^r>;jr)bFK%q1E4iuavDR%F5`1fBaw!<4+cusis^d&ZQayJl)+rQ>&s29b;_
zc+FjVVVp1&P2~VP8Zp?+#KXixKL$#MFYW<TnZyCPBjF+6nE^z!A|In84hxCI0kUD=
z>nMefqF}dw?o}x18f7NTk60#niMT^N^U8x#Mnp2EG&HI!1{dT)zPBm;n#wf%ojans
zFY;@>=$8b4^!K`i%n|v7y;>pHeZ3Lgy-%E4A#}sv3R5dSqOf$Jj>~X=AnJF6x)Qe+
z#@Kg+(hg^hW|oww>~v7!3c{@d&Pj7sW%!Q&jG2*wDn%<LG>Q49M582RDaCC`m+(pX
z3FaVH057K8(=UlZg#d{q8!;EF8CRqUHzR3j6DP;~t12NuURnyPpkiSI)ygu!t12zQ
z#?sKzAGa!VE~z12Gc8V*YH0*5fmu?BDibwfCC*<d?JIC;#5rL`N}?3)n6fZcTCOkz
z=q5S`4N&wgBqr{A)=#rc8(ASDE)(aE_OGM-zzTahv{<T_W2>MM6VfPZEo%L50GL2$
zzp%L;Q#$D}H77l$4ANt2OL|P{A+<K9Ykn$K#ahu%W1li+9*ty1vLclsIg!TKuXW{%
zv7Q*tn}jqCX$I14q<KgSk(MAWM_Prn7HI?0W~6OMwMcuI5VTQZ=KYj}pc`od>_bRL
zkxn3;K|0S^p@1YK#fJ7>n1Gam)GA`#HsW)qP+NsrNV!P8kOoAo2O|wb8X2y`*JF^1
zkRC)rzY5*;Yayso(v>emS_ykfeO@S4Bh3uk6Od}c_WW>K6i!Q#Rv@iLT8FeTTy_hU
zXNA1ad_4uJ8fhl=D^zwnm1Bi9Nb`{vAuUB(fwVfjzg@7`A#FtBWw#^oyuIP=d&B7f
z@_0Io@3RJJef@V~g~yOiA)Q6Kz*tcfk`XB`bli)YA*F`bX&2Y^<=cnO0lud4aiP!k
z+q)oTBjq9WK^llO<l>tDenrEPMn$a0B3UBVrAUtYwGccU>UU8^=(`p9!tDgFFVT4&
znI?r2@5d$W4Zkc^Ax#gjtFCBA2=czoLYf=;ZHg8kEsj_(Ls}WtxFF9q(C;?yx1Z<e
z5C~=9AxA9ms3QS*!jS?z<7fpu?`Z3H^IGcZLc!5VJy+1jHpD-nV4!WdUoDg!S%kUu
zcC4e9U*%f^tYC<3lz&QLf@6SxO2`i5aNAgabzzEQFyXMv>{gDEz_yMtz)p@LV3y-S
ze>JZakP1fGEdH4VV{N7Wn!;R%4cN=!1`cpc@YnGCfKp(wIsEer2Rl^YFvpZYd_k$L
z!oR3+q@$W}CSeV5jAK5q$gv3cpkpb}=2!uAJ5~cH*eU`^g{os+pk;x>=JPKtoZ{H%
zUs_OM3;I_SR@;Js^a7u)%D=jBreh1R#<3kZ-&PgKC|pGO^Enm-ZPWeh3aV_g{2L3G
zI(F6L3ddgmMxGzY4C8d$T>qBB)!54MK)t=raTvJKaSXV{aSFKIakd_JIW7cp3ip;r
z1$q?BvMum$FFa6g^lzuuc7<~em&XB*apXCHeg$)Fi~V~GPvMwz99(Df{J@}s1-51W
z1BGYHoB0oLJ215HLU}6e#kQ6H!$nc$X@u?TZDV;CU|e}NuvvK?Ftxl7Fs*zb*+YQs
zZ7TyK3YOW{_>UE=w5|7_D(X@`JTUqa%q|}l7+tW&w#k3CV7+at|3Xn-`B*|rz1^q0
z)PJF1lWm6@RWz{NQIA8)E7Yiht+w5&v2?|R<AkRP&jD9^8E~Cf0&eswz%AZ*;C644
zYUH&h4K3Z}Z8>#G!4BI#HLhT{?V#GMbgwrZc)*)M$nC@4Otl%`I(2!$KHCxhiqd1=
z9RG@t9ma#U<7#T@DQ^$LewW#2y@P-kyhGL0aZ%n8K%;lGn#yZUT~%<zc3Mp<IBq+q
zwjUSgH3OS@t-w@oncAM`PhDGZ+RoH2<I=oNV0-WQsT&H;*(Ei5To>;|!bybFfZ5&|
zz&!74U?1;1;6U#};1KT;HJjI(x_R7i@A4@J&CEPV%^Nq$yGqS7OLj%=!*S|1vto}|
z2aX%-T?@2$H>d-7&eYmaei-BJN$L=DlD(xmd|at_b3Hn|+tlGaf9jqvwzQ|KqsCQu
zYYF$%+dl7pV9<LASmiwmobEjVoaH?Ooa;S5b^o{pK4I!1bGki49XoEZPgciLYnE`%
zGGA;R@|>wh%^CJgwRGG{{B}TJLY>X?r=Bop+H?5#@};2vu&36JTjOg5JICHbb&Ol@
zYfIRv-rnTP0&ex?0(ba&0eAZb0QdO@0}uL!sSaLu>KStndq1_p+|NEp^^H5?8(ELX
z2~YdRs6HIqp*X^W>?73RxO2WD!UyZ@GUl_X!Ga_9(P~<m<a5`f;+vqRnTOiVYE{wj
zavx!^-X2w61sq#G9cU?^1uQL}3v`q(P^);YfVrrmd~v{P9$~kt)6JvpW$LUVU->d%
zkg$qydihFq7T+2uGn?&Bb*|Z5zJ?>Wi)NLtSC^Ts_VNCiMRUtH5pKQAUQoURxVU^b
za9R02;L7rY{+Ya1z-cbCPgEC}o%TuU;-WR>M}X_gj{`TAp9XF%Kc_A>kGD@#mlf?G
z-0ft6@#cy48S2WSeNKr`A&gg7nkPDwU>|h01Rimw1CKj1c)oo`U}Di}XC`vaIdcM&
z%#-Z1)iuS;*#js!`>AWp)9mxq^~H*PUSL{rymOGc-aNy;P+eJ^<QxiY=^TM}kQ10l
zI3u*xJlnoR-DI9;U#>1IPIr#3#|)<#M+W(U*~OVoYhYf;HZQcVQnwc8ILio~_1MEX
z9@x)05je;>2{_a_4LHI%1320_JFu|W?3@=^f_B!bJBqE&h3XF28-Ppfo6*BE=Muu@
z=oNC%&*k=Q>h5BvbJeBD^8?F^$2->sRuxZlZcww$tL(MvzT!#F&FVgG2iBTbIk&-H
zYu`iPsFv`eo#EUMoaQ_PoZ&nQob5aToaa1)-)NTeJia^X;`?r}@AvODZ?+#&4;C+U
z3H7*yaJfrX51O~xkE%z^we}PI9B{=FCe&f^Dpv~5fj#y!>ha>Wu2%K9!POSH+0`kq
zp?I5ZU|@4`tt$)sgmZ&!#d}=2{_5iWu3o@Ht^wf@yq1rHfjz}XU4#8wich$P`M1zW
zw7>X_Ya}0)Tx0x)i_hD(1`b&SSCRjMMRq;tzd+Z^QA@1LhHHnPw<jzKF1LTCCB-!X
z*vh4b&#^Q7_YIu4v~^8Ux0)Bas)0BTLBZ0=HIp9`R}GN9sU^!bADHV}q%P(o&eZc|
z@jex!4?KUBP?qGIqNbL$^i>1XeKSM;xk~0<t}3=H!&jq@D$DfES4VL_Q<YGb<6Fdi
zj&CUto}?<JtcPy}yhlIZYBk8u{J=y@FV|9ah-H9lMNqa3cC8M^T86pS`43n|x;FY%
z%NW-d{}fA+YkM#OWp<&=gRZ^76pPJuAP{eHyAG?fEE8PEf~_p7>y*F7GR1Y)f6P+t
zx)5w@ndy!ScCysCjs6vu`R=%2mSvH<SuoeK)Sc?zVp-u%3-+?CcDD}>u&i@;2@VeN
z4a-J%c5s+wi#snkk~50HP|J3ApWqnFF84tGE4YUQi$Wv2Wv_cU@PK<1@UVMq@IlKl
zw<Tz^oN|{2-IlX%M{t7Wg1aK9mPEOI!6_w1cQ9BT;<SY$-BtMYi93Z@N=cl1da#~1
zx@Y-oN}9RnVx-2o5v(cP;$9G}DM@uN4$d!0b1w@nDrxUt8FZI)p_19|HU5nydG7VW
zr6qmbn_v%gZ}q!NhPZbChr4(Ct4l_?_W{Sc5Be9CSlmZ|rS9YYEhP^3X<&u>oPT?X
z&%=O0kA(hIc@*GuPkeAi;b2dae}2g<Ps`xylDVFAa1R`T;JT6po{aFhZ7x~t$wWKL
zJURXgB`ZBWf*VWLc=`pml&t3rvt*NJP;h(6R?pDjE`D7E_m=GNi~vgqR}UT_JY2Hd
zGdje;gU1L@5uPQy!1q!a6~dBz9<zUD$w7}5-~EWE41GIpb5t5jPJ5hTJC3j!zrHF{
zOV05l$@y?)8ex0Rdn>zGnP+@u7qYVn^Q@9*qJN!L@k|0A1}m=YV~zJr3vuAefrLW{
zhZi39%<ylwCV6H9TXN*AwQ>~USZlgxUWlnyTC5qKh5o(POwSS^@{yC{Ssr4om8FCZ
z!U}%XSNaHpA++}JtnweT_Oq?2tg;UBto5I=4z;bXoNgWA+2B8G9qri+G<&xBFIcUf
zT5wDJE|s$g=UU4=dxEjWRu8<Q)#*7@xxhN!bF^|Xa^MxM6Fq0p^GTlbmCLNtDul|F
z))^JDy52gwBDQjkbzVh6<$C0&RBo~^tY}ra)w-mjExbB;Z|m}kPL(^Xt17bKjcY4%
zD|d%Hp>=IVugZPa4HW|_4_Y@@46Zz4-BvNI^0>8@IKaM&kr)d?qYU}&&=_sqQ!xf3
zK1SQh)7Jfbw6z|pD8fhwuT^=j_<z~^{-8LLE6uE?)$}k7!!Q~KGYn=J%wUYMj4{@+
zS}e;L%No=)ZH%=t!>|n3^`q+-O?P#50X;3IX<C?7Fsv4{IvMM<oQ{xX4l8t6)?r!Z
zSeDfin2=c=OXw6>tH4-C$U2O*oUFk2GOHR8(s;D7`=1>zzL(WiSy@?`FTeLPl_mBo
z%zF=<cN8&%oc9z@@S^j+qP=%Z_sj2ODM5Ibhe{a75=vJvLYtHx?9-LLcYA27(jWD<
zbb>N~{g-k!c$MC%48xgJWdwAFG8*+1bha`Uve0?TBpeqg)1i2Jw=x?_!fzK!p-Yr`
zgK6D#sj>j&98ea6XK1^!97?CFm6cEyw9Hy4m#$IPL%ZmDpE*=SGrqXc9^7uBeWaZI
z?;u}d@FFexl0!Dk;h`!c+5sIpOmtl|s*&6wC($I%3Au?@aUDVdqC>RDmlixlAMj;D
zO*9;h&_SuQ%|wTNIr?#^ljv^j3qrk^bwj;$7inRLE<z`XK273>`*e>lAN&OzhX#r6
zrTct^!Ew6ZR}2va#1)|-dce0=k0RPkScfhU-Th9MuPitNSIa@4^*IcWe;@16C3@I*
zNcZxgEA)u3Hh7&L^)-No^KfR&$LU@^G(q$f(buq_3e6GSP4rEA(kFxO1`qyT13m3i
zz*B=C58b9`eJ#NydfwL-T&f@UMZh*L`Hltek~Y6X^gYrJ7w84w@!$=5(RU(vi(dAf
z0-sKzP<q98CRoVtZyAkb@V1t*&_lkeWipb@A8wg$pXBRWW+QpLvt|C>VV-YUAbA!c
zkGo|V;$F37B~ri#TGk@F`B2Mxq=fHmHAhPM?$$Ucp|>?La)3YCnjEq7r(4s4d-=iE
z%t$pq)S45i;V-o2gWtT=S{SM4ue27wyUb6t?u{_|?0}zYEen?M*ILUXB0trV(Q%ER
zYjs3C{LR)w*sHeIMl>T1zunqEGza=ls~idP_ga-mn7`lJ66xX}wzfrj1XF7y(kED3
zk45^0gx2Gc0euGQ%5OaZb1r?RL*^91&el_rv-&JgNNqg>I-~U*%m}crA9h7r&qs!N
zOY6nRh>+cSIT9A~TE`<@u0)cvp!I6_ys*1<CNiqev$)|_nDYuHtv6skyV80qm?o6A
zF2TGqzx8ggP&m-K8hyH8Z+!rDAhRT)I)Grtq}Qh=U;$kph>wi9G6PA$e1Qq1L?#6>
zkp6BDZh^?O;0a{uu}a4UK?~$UX~Dp*V4DyQ6h&r*uE3tiygnZkdII|*3qoIDe`FEI
zIgw?dKVSpD1~co(3ejuAK%h#WFGtp~elG{>BUxA<HRGooCC@sV$j1ku{e`mum<tQT
z0cS8D&wr053nKyEI8Gxv6UR$Oqb&)u*Q5DF7vfqSEfz)t?xV%zcrVdq!dO5JmJ5@C
z0L)%t4tum*m=1*W8S7D9A0is&m4QxZvDrX(RO313k%w3xZ4l-Iz52ZJC?_lgP6jz)
zF>o3*oQE^ZfkAza2~Wp*FVSSCd6di<k19mB2rGdhm^s4y@o1Z{7PtWOM3_Y$jR@<3
zOToROIdBDZTwnrXJWF6In2G!4=rN*?zr7l`cJzdp7?=x|iOGSR!4@$sa68y0W(MvA
z<LEWtxnRWE={pasweGtJF{%ozc#bjqF28q!iSvzz?lXzLt4Dg7WZ%pYl}Yo#+-*bO
z2t8yneYe_8pqGfg3p&TQ+HPg?eGl3bm_pwSMC@cv=j>Dwlw7P@+IKR0)%f;Qrc6z0
z&u|W6{=^!dQm&@7XEP4>uJ%0U5a@#XRTXA%Os$&LzME-KbK6T8PTkdB%E)R_`vFE#
z_XNkWZntBeY_B%vRzx!`>b`f^m^SG`dkqs&_qW$G$5dN8!yH$u+C}Dsdbr)goKovR
zpHQ9c8goYF+k-@hnRBYUy$iGo`n(!w8wMR}8^&DP-oso}JKOu1%W8LfKQpfOwhu5@
z)syXKnHlwT`!HtF_7Uc~I@mtS+)#&tGILA4&_2d2sh8fJXYQ(3fCCSx6YZ1Csyfv^
zt$Qe}+h^<Ml(F{tx;gb)`+^?1{l}~7T>B#PK)u<%%p&!6`^wwL)I0A^vKIAT`x+as
z-fy?EN$SJ)bvDIsYO7|`{noIV&GILN<JesP&Tt~T%byxf-dY-4<j)AFfzA$RvU~h_
z;T(3KzaX5??)UEw7qT{gNw}D;@|TA9vWNW#!ewlo-ySY!o&M^ugXR4-;X|z3Umvao
z&4e3R)h~uQHsJS!Wj5s3jyTy)e=w}D-TrX6h3)lsh1(2$(%%z~=+;ud>hB95V^910
z!^hb{|3LTzJLEqbKE+<}4~NgNm;58)bL<uWX!tyoGX~{M_$R{`*(v{Y_%eIVKN}ur
z=lt_W2HBhbh458+-M<*T%HH-bgTCWm3D2<i{A=$nfL;fEUo(fVvk$en@D0wSC5CTt
zRxLTa#3g8H;k(>UEi=5zrD{3h2V91hALO`ft*`@ed0KJsI#;0WZC~SdYh@i4u0$(u
z8|F$i2h@!`g*%`f>WJs;T5U&CU6t0*ky2NualsQ@wI+9@*Y#>jM^@cQt)(LubX#zS
ztI;AIyFef7*i|>A9q%aO>a`QW%(^-4RL35U(av=2<3#OT$9~SEo$s)5ns%|Hiao7e
zhE@XIaaf=Ab3tvqqmBz}S3AhMO$UipI^0~B6zEX(5r<=pBe}*(#iOI+lD<};uMD*J
za6Q^gM*#cxju4)McXS#yNmhsO+QN}uu1~w((XB^fT)%b$^niBjh}&4bA?qrPS>ii-
z@#yF{sn7bkv)WR}X)^1)k4)%g>K^rf5u$!W!7u6o^;=}7erKYP#k9j@LC=_;HN~T6
zO^K!#&~v7jOv&hZQ>y6|^nxkV^g4Rclw<lhddc){)3?#fG5ce_f>L&r?f5cE-QnKR
zgwl5WWXDfXdIAXgXhKH9L6nhTPpCn*gtrsg(Kiy_PxvuvOPEYpM&D1kn{XdphuTyk
zGx>fs0X>hNK`)>x^en1I^{4_hpl_lY^cUzD3ZZWFGZaSuh<=W)qJO61(Ep<1sprt|
zsOPDdD2hs@awsd_zev4I9j0h1jbf=Vl}kma<J5ktkNP(CHR``pKc&7A^SzkwQHt4P
z_EJ7`(A-A(%@OlAsTTA5=J%<f`CI0{rjD4uWBwZ|WF9gPQ%B7s<{wgB<{z7XOm&<8
z*8F$W`{e7t<K}DTpHbg3-!v~!e{Ehg|B^as{+0Px)G70C%>P3DXS|z@8rbpTju)x_
zy5na%)~P|u4oem_Yk9-+2DNJWxFw(ZjpcKeV(Pc}O9kq8mM>aLO=e4(<)F!8sj$?T
z5-fjiX)vW(oEEn!!{W6BOrNwIwHz~j&eCl;Y5G&kcPwX22k>_QCWmFn@(-r3TBa@2
zrbf$*WzOWb+_2m*HCq-e3#Jy!FD!RVt$4qb>4@dmmQ_>Oa^JFUio~MW=S=U%CdIyF
z`cCZ2v9Fu{CN?|vv!>zLFU0buE3r+nJ*MT@zl!~<7`)f#WXyB1-;EuLc@h6TxR{q?
ze-L{yCN1_->`!9S@qV3{?AU*dor@`qosV6N*&X}K*nf%nk~Q0UKBmh0>t|kz`FX-`
z6Mk#PUwrW>0y-Y0<1d20a1Zbhp?w8_Y?LjY{t71!ibLXsubdMviC4r4aZ0=<&Pmov
zkCY(olu|24qzoxr%99GD-BL;UgM;Z`K5ZKnZyrSAZSjtHPrNTaluQTH-|PabGJ}oZ
zBR2jUL{Yz^euqq8(TOMquDwcjgd)>-P2WY7>3gQ{!L?!2_fd@LN2VX49b`wS#q?9t
zPmz^;%k+%tXQo*cNA`lolU<<CnSO5iIZ7b=Kc6@K%Ji$~U;m1sVyKP3cDN(Pf|AL%
zPbo3UG0Es7F)1-AD3$Ekd?h9)CI`JrzH3U4*%Pw|Wst9!UW?fq^97VizVXN+dp14>
z^^d2LNXuc3#54r)gP1Aii1}inSS;=p%fxcgAszx<D>jInC<7F+MQjrzaP63QTs$G3
z63>X|#Pi}s@v=BBUKMA=>*5XZ7U(7MuDA-<R>cPrk{~LRAl{N7+La(`dPJ^B5DQ5V
z_iTtws*(;%bz8(K@se9or2ypJlnH4HbV%xyx}{#}<c6G<2BjhC0+CBl-ZeN^B+bFm
zP3blq-I4A=nMKll>7i_rI^q4PXLy4(@OR}ekTyvHi9u-~W|WQIKs!(#NG$pkh!qus
zJcIUt#Gw+9XHhBo68V1cO<*1U%fUZGhsl?NwNPFI$cu;p*@>Ev2fc*+NJB59cR@aa
z-UCSmK6)R$g1!avD*8_#>FB?pGw7q}yCAQjA&^Y;Ly*_e{{YECKLYs}`k!bV>UR|+
zhy4A{kE1#CPbe4tZ;(9n&mf;fzW~WcE9loy_ciqY(5KNl$Y&@M6^ja~IN-iwvXA>u
zfcp~B9<q<Sgi5DgL!YN!r(Q>2Bws9+0vp=Vm&o6_E2G|`>d=>|da541N%nM?lkXD`
zQar^Y8zoT^s-V1-g6vc))rK6vondqc*z+j*GwPdE7y1U(O?9KU$oGl0z@!(^+telM
z5_*TaLj43aP!rVOAt&|s)ZZh9`Uh$XvBZ8|zydjlx8_=NkwkXS$<|L>3s583G1p`*
zwiY9gwZvM2yySZsh3t>>S?jESj{MeltnZ*^=-WkfpV)p8{{L=-BtQxv9gqdcHL%M-
z5nvDcx{xBI3t2+0uuCWs_6Ylg{en%X5)KP>f>Yo@+yGSw2qB?U=oWf~lfr3XP#6*}
z2$zH_!h|p-TodMmo5F43j&M)7FFX`YAXYI!+$pAt8Dh4WCl-ji#S&pcEENxkcClJq
z5NpJGkr74FBWhw$42xZ2kJty&FAj)j#bJ;Uaa0@=C&g)TR-6Y}6qm&n{CClI)bC)y
z3BHw33l?hv`~3H^?}H%E6Dv<7R{jF9@)wDf?<7|K60!1RV&y5s%2SDzze21$jaYd)
zvGR`+E6*TSo=L3ybz<dN#L7QLtUQ}o`5VN_KaQqAa*3^fg4lW<vGsgn>z^XFzKhuU
zr-`k9hS>UN!PZTvh}ie%h<*PD>QyQo>>gY89%9*lN-VpCe5devV$FMrHGhFv^FCtD
zUj%Dzg)#6h^)8G7{I$ZDi8b#h)_j2aOX@FSJYbtHC*LU?B-U&r)@-Myz>Xc%G&POB
zYW<q^YpBY4*m@X!&B|I?{Kau%FtHQ*DIVJXSwwlxBgA(Cx&gg_lW^`Lq^ALcfFZyI
zICt6n0^jB76|;UnNS<6JpYQRU<oi6Q#a)jApX2*IgJKb2k5Y)i4|s;eeZL<#4}aEk
zfgko<68CQc|K>+LS4112N-5??Jrm;L-w%?fPT9+kd8S0CXNsTnTqBtF%!xd}t(1{t
zRVfz(ii4l^+~nsyx5dyV$nQ?&5WnELBX)lXdX-vI#-isQ!LsK*zv6i)p45Sl`8BUe
zJiQ70n_u@@#X+wXrx=3Sn;;H-IB-58&bw1c^rngz9)*zX%@ESO+2W-~A!K^<#4DQ+
za=ZmkgQnx!l#uV;Efji7o`_;^DMr%??HY!#*L&cpQ0BD@<=*NKLenX2PH=c@o(Ap#
z{|(`gx1ONZ%MdhpMU191+D)9gXSMjIbJ}fz^Lhl?t8IsS*uNww-r$F!>AZHQ>7sT|
zXz_*#+Pqyt#M|=-j(PhY!*Or_BRJt5cxs&To)yk`habZ^?}%{TJNg*5xAjHu*wa9q
zP#T2G-brEHJN-n!HE~Me#A}L7@?G`LJ{4xX^G~!LT;3eurlJVfy$eqR@wU<;-0&`L
z;FfoJ1NizKz&)jn9N$+W;zQ+_u;g7K_1y-^q#P&5cfD&L2Fa?NkP?(rkCd_MU4H}*
z6!UgSJC!q1s&Y<5N}QCToF{3va`8#^`5=fEB~gr5k{?5ok|w4onU5h|$=M1iPq`fB
z_D8tb;L0e+Nd?Myl!K(*%GIqrvSBA%`!(7x(KaekW;WWkRJp#jPJ~M?1E+vJHjV3c
z*>u$y!+2cH0IqBIvAs9l0Nm0ZM(w$22~v2DbU?Ww*_B&TwX!7DD0iiLWfl7uiBTTl
z^W@#YM@XU%VP7J7d=^Rb#Y;h7k`(r(NL{{ksmGUvxgEc=)aT2U`hB}FKT89?BI&Ge
zk2LJtM|c@H9k+!v;@gk8QyTTzaJkZ$uS%Nq9hRnjb<(WQDb4$MX~E}~7JVx5k=O@e
zpMcwNS;?1Hd;#poq&4tA(RN<<*<`aXgv-F!<TziaoapN&z9;HyxAf6QnHYvoiTVOu
zFYFuTWM8kG<~u28`c7~3GtLivhx=a6@eRuPz9G5LcR?=pT_Wf9f)DS}f&Df1+mB#C
z_sepb=K}G^@SLbG#wh{V4|%t3J{G4Ka=GUw2KJ9pzZ!+?@Z7`L@R8VO8oqI>uiWY*
zqkb|9`4IR)@P)+pfj^XMy%`w9Zn2-s)FC(cu3)>AIp2gV`=-dT;=3ld_~wYs0)NPD
zzMFEycbi;0=DS1E<Gy?H3EzD@Zsk+Hhj=`Z_d27R<a4T3KCdQ_aS<H{1}|bRl`pD0
zG0(}Dft!pmB9E)7n78o#Q4V};Y;7A?8~kF7EnEiXP5G*_D$l4HxQ-k5Lw-Eo<m+m-
zd_&EXZ>a_HlDb>ItCrw;V@|^FAg`*W@&i@(4IjoqM!g!5!Q)Y0n%k1cs55!jZG61(
zKA4B2_@HNf0G~Emj5J<}!+jCOV?4Q)D=|MtIdTgh;=H6BoCk9gv_WH%a<1uavkCWc
z(`vI7zh~2f<^&IF-s!P4r{eR3vt(`16W^Rc;uo+xoY#}ooK4~lh&wzf&3PoI08aCy
zHy4mN&4>v+S<SmWxy>cm|9f^dmtwB-6g3kr^z3Q2W8g9B+1Fg{+235_u{GCY9`;l<
zGoHiEB8ka>FFke59&)d<S=)%2aLi-GD5NZ-41CSQHwT*>S|_PjG`5Sz298Y*CWyu`
zM(lyhB4xOn!|qhSgWMCnALqv$jeldiz-@rvO>OQX=WyH@g%Kw{f~ScEaowUZ-Ilm+
z12~?GVtZT{jnSSEn|T5{J~TGNvDeo43&&j1xNB>Sh3ks%#d)G_VvMcE6xB}BbhWxM
zORXWciesMWxXM-Q8+WM;L6Isp?omCB`&6xQzZz_`sbPXDwX5;4+OyT(8|&0Q0;k%K
z$5$h-4m7&evyG}c+!#<to;coMe$W_FM;klUvBqw7vawg4j*hp+lj`io@o9CQU{GDa
zAY*SxU2MFdE|c_<x)L3OjaSsQ#tC)3amsJr7=JLX8n5}|NPXt~iI}q*Z~Bw5?}-A(
zl#RFjX^nUMndF`C`EwfY`|~k(Vg6`*=r6=RC7R!D@)x_U{=M!5f0=uyzZ~16JHvm-
zo$ar6=lL7l1%3|41@7H`8JC0G&t2kI+@<~&65B%myASx=+;)G2pxS>7w>fS*ca8tJ
zyWW4o&G=8bMgJMh-ENQn9LcZw&%1;Ei|(-hGL8Y=UH<VXH@kcMSEGK(-RGZi_xrEo
z`H1_h{}!H8xJUeV-J||h_n7~Ids0KV9o^HK1<yyY?{?2?Nw^I6f|i2&*}bTx<8kF)
z*0S6yTCRId+vQ%@iki&Yo~Af$ANKF~T2rF7ACEbb59-~Ntl65<w5p~|?J%x;Q;t^G
zl&?8)pEnh1d{eRJ#_!d%S5uqHv_Mn279yNra4zP_rbAjc_LWVwT5nT>cCv}nPGi1n
zQnaC_7VQGIUEE&yxT#IMMC=)Cp(&zWX*#A&;C4hNL?wh1x)J*0zo7g9{R_%6TG{+}
z0Ja?QtjsEG3){v<*kkN*_5^#1J;R;@eV)C@mK&lFTxQ2vhap$l8TLARgT2KrRgbcF
z*;V!dhd4|1A{WmkeLa~=sb1jH*#=!82Y}1sa#>E7>dCJsa=W;q>Je@aw~yP;*|;k1
zFjvPpIi7QKDi`2F?4hVYj!v$d>*Y?ewYqSpxj}9S@?9YH!!^P=@iqKJcmiJMf9@>U
z_E-L0)<F-#*r)(`fvkfjk#*1)$vWsuWF0gaF^EGiBOWA`tcJcqRzqJUtDzqytDzZW
zHS{&I8u~g}4b38}p&uiwp>L4Y&>XTF`f;)vnoCwgKS5SQ^I*(Pp?owA@@cXfT0mAq
zKSNeSKTB3ai_kC7FVW}F{{bl`YodQb)<pl5tciY}tcmU=YocEuYocGI(y4S*O4dZb
zMAk&h$eQSv$(rbXvL^Z!vL<?ftcku!)<nyxR_a}3qmEEVP$gLtb&xgDuaY&<uaVWz
zY8dH1KwqbRNc|8UCTpVKAZwy;ku}k`&7J0NqB`<_<<*-nntzBIU|dfir+LZzOT@tV
zy^nDJsVJ~%tISSR!0cpFnG7bI$pa~1b~7bRDRY3aGu2EDkshXx>1PI*vmnFF2s6rz
zF_X+RGt0~qsb?5QWIW{lJVqlr$b>=HgLGlRc4PVk*v%&myGbI?#};FPK6(SJ2iuAn
z+P?s-2iuB;*h(x|%9p@~@S6EEU>%3ShOm7+OY9?_tdl<n@8tqZ!q$)ow(vgK6SjjS
zu!1vSPuK!>qVI#eL@XegSisBB|Knh{cs=|h(C7aI7KVHM71HZzWDWdP==nP+o%C@A
zl?Z+O8tL6k(yy<R9?hcOrs~kgNRPe&Ju0IdN`W5DC9B+@pt_(J^GGj#()fQQ@tXFh
zs2@-l(Jn+;i>!M#`-84Fzd%=S7p9Gg&^2^D-K7h2jILphW1*St!knN*+M^3|iq>e2
zIRj_533HC_r-LA25WURvB<-R5qQYE+JdX);nI3==&eFq%jOfCQ6MYr*=;Ol7&|~!E
zhJ>9HQQ0Utyj`R#u4D8xJsTBif}S^IVY^6EP^(2<q-*ptz0AbHnQbD?NjK>g={CIv
zvW`W%BhJw4jG2jxigb@j+%C{M5qf~#L(ekFx;U@tBHd@wm^A4QleSsUEj51V>}E2f
zLa#A7QGpWmvh$hi+vEmw3!YQBAxlg#7H9Y4Z_V7LQ<=RRg7YOaW!q#G@PH{N;$R#s
z($BLNHXhPLdg)l$BsPVqeO%adrh(03IASkBHW$A!7Iqg~#O`rEWcRWAS=(kgTS}~Q
zUfW_%GNZ7Ebzxd`Ve7Dcvrb~WBFnRGYzwT4ZH5hC`(Q)Nb+(hdZ5i9m_L3U)lG0By
z3Zr04kxisM24t(8fLm4GiCbSz#VyUAW(V0J_5yo}y+YTp6L8-Ylzokzqdn|R_BMNm
z4zu^5e*Nry_918DtXu-OlS}0?xNI(u?ss0{3b@@|30KM;;OtyAR|7Q`p_ZduJsD+T
zj^RYk!)aV8?csu47|Oz<mb?+k*-yp^yb;$$Yg`Z4$Mw_I+yIn40r~1-ERAqy;i!fi
z=0-q|a%0>iH_gp*^JFY*x^N5JB7R$LnOou3xOJBqMk|&+SDY)+l}v0Lp5#iSM_ieB
zG`eyC`L04&v1_lZ%vDa0xg7MQ>kuvlk33hct3kI^rqIQ?WS8P<VH~bD+T)72jxh~P
zn(Mgh1hjIC>y+z^>zwO6*lQW|K(Xth>#}PcY|i1j3Npi#yRH)p%xCiTz9RW*vBluN
za@_#jaxJ;;GWo7mxT3fofK#{d@q7|f$ft1qd^(@S=hCzMF1`rg!SCVs@%uq+#Kw!+
zPI9)2Kg`!L4&KT0yc<O217O2giun-V$#+Ao8|Wb4%b#S@_|w=<`9Xe&zrbJOukaK6
z6c3}8pQHQun_!PJemDL$e}})v?gI-|n0)>|dj;BNgxv=tZeGp+?y41M<ZL;QUX%;K
zp4aI$c{eacqFln>mP=tQ&pIdM1LBN0gU2;pD%+VHxmvD~>$wALx)cwsJ%Fte*bMX2
z8h$L~f*kN`QWk-!Fy9di)^lQpA^lQHFUuZhx2%DU2jP4U<eLS)N|W&&({h*G19j|^
z`{e=otUN4_5EfjPM==A+WAY?CZCdV;XNk-M&zW_u<3?oiG;G0gpYxi$h}leDgpzU2
zWqCzjlh^4nxl3m*!d;2738W9&G!xgvwZuOZ@PF}U6%vG<z)*uis*vg&1Y0>JWC+=q
zljwROkMjrxOtG+AC~>t3rA(P{K(GtdLJf0Bs23QxA_^YYlAsAeA&f_?&?WQ;eRR-u
zLg*I;gtNl1Fe3B`qr#XlDNGBq!aR$F1;C=PEUXA?!n$bY^29hXkv=QTyO!utF&T2#
z&<m~zxkC2j&>p-i$90|^#5;57{*ApkwPFLkAaZ1Pj<Gj~UdMZLgjx2su|MY+J@&*s
zI!oeRVOCs)v9`v><6Syzykr48b%4Fvpy!7fMM?s0%yCX^?%ZL)TS!GrqLkuFG<NM6
zyLFfbsY=W@cIu>)y*isabD}$PF7a*>O?~o@Gt57r876~dva2B(G;-cX6kULJIu}3|
zor`bPyj9~|2I+J5k>eHT%3BL>EjZUe)}8D49Bl@PqvP<onm|o}P6SD&lWPlW3+XhF
zOga;uV@j|kRKPP5$&3b(8I6g|WnxIoYbJA<9b^_`Au(?(nZ;PiEan+9b9t7`T;fU0
zn?PdT=Sj?)NaidrklD(Mh)Qfo6v;c0eTU8lL^&gn!W_kU%>2TEb!Xetp!}q>?M*Wv
z?gNmhqkKrmo5@d!G(hGPkfWn~0@D1aL-{pG3k?(-*sH@?tEc660Qcay3{d_!${#}N
z_;4Jw8f6?ZfXi>#2JQ)vw?X+=paszO1VjMGo`B=qaN_CUut0hWaOMMWPKP62$D8M$
z5*GoNKNyZANXMTJmDqN!8kjL~U56t@Pb;B+9O-a;190ncRAM_@`fxb10J(5{*T5>^
z!J{ZgPk?0`;{O$ZwkS_|0^ohhvmVFxwl2?oIvm^$=`KLg2LP@eECG}n`Sv^|_C48l
zNEx_HJEZ%c4hO3twGl)}TD1kyJoQG(07N)Gy!ouHIOs8s>pmO@H9&A%8P09sAIHHk
zpbL)Oz&j0kda&=w_4z=kfWQ+F0(3qB-H+m6|0Z`o!naYrjPlsPCchj!`zU{G*vZy@
zjrL2ljfS_h?Z~5b+TfI}wizA6(XoZgGHl*awau<^e~tpi0F!`eXIllX1NfJN^ZI%G
zPS{5rTyPR!;slO8xC~eUtO4NtZP;&>>+fp=UuDC-3i`zc_uAkd8|DGo;B;sQTaM0`
zwtT%@8~76^T(^P$umPvope!3M>yXjD(e{LUv7fYI?#E>oZ?-co%ckgM;A=MEa$B2T
zugCgnTOV!s6QiGSS=cw)fcI_CPqyP*?sw>Yhkx6k?QOv0HW+udb4DKX79>6a+x>FR
z6OixR^sifd>;}rVV7rfv`pbWdpKNhH>I);zO&_?$-`TF~c4-6tx7{+1!RBmt4Vwjf
zvjLae9_YU-kdXpcSH$b%wjxO%Px!qmfPX81e=D+#aS<H{1}|bRt;jWau4;3PR21p_
zh40_s!0lse+ql}`7h`Ny7+j3)zha+W$Bp~z^zl{!_gCQOz_TlW|0?SAdJ|rPcc_5!
zDtP0*596P0JpRNy(K<hYk2i353qI&sAHt`&A0EMWp4`fnp)DM_l@oUv_Xdn>xjIKX
z>hwN#IQ92*!1ElC&!Ot)F=thR?Kt2*62G+Qc^&W!5^q4<;lNyX%iyza!#0hWz|ji;
zPQd=(aoXUyLA_kZkPbXX9TxzX09SM#b^xb2rVRcBzI0qO?wxaP#!NF?cyws93=&J-
zgnEw~_1ezE+c<b5hKcg<kWt2MXPdptxF>r5lFrTK_Zhtn$h+M!&YjwVb5Fq2#De3_
z&6sY+xe?cG;KmkgkL#i_+P@_>OL9IMf2BJ&;;u)0*=6J2l+8AYj;)GLBgNyc*SQ(<
z7~`q}Y@*_{0kDS(X!8o_zY6HTiYo@d1}df=wfBl^2IlnfRRR560sT|~?O$>4$>R-k
zW5s;{%x&x@fOT`c*%P)L?=+CA1CKp>1|Zu=^EStzy#N4wXD`_@{@|VMrFwnr2XxM|
z+jZX)1&%505YO3b^mn#H+-7HV?!x?G7j>T!&2NWz%?@#x9pW&1Shq)e4*=pRJH$Bl
z0X;6TpEb&X_OnAwVjt1@827&&VhH<~fl0m1aogGPeX{_FCF~12ciR_@{18LfA%?K8
z=`o;v-MPWdmF7*qR0;7!WuiVGsZ7)76qVp3E5S!rLflYUthZz3UVT1-eRpNKUPh%u
z@8`-x`naluIb<dH!%FafmAGv1b(Jl;e<#=4^f8BzalI>{Un{}qRUX&tUJ3SBc}nl|
zN}TVU{$7=s!(hBsUe-BbgL8qyDzECkvJ%EwC7v_g(D|+s*XOQoySTmZapkIR&)60!
zp<NwFZ%4cv<GHct{`QZ%G5(O&%FMauar`f;rmN_`ArzYd$OhyA3IMwSC0o)`BRv4H
z1F8WvfO-G}5CI;51_%PefG$7}pbyXw7%*@aFbo(0i~`00lYnW!tnsXQzye@#OS-(}
z_X=PQu#S+`42av3CIXTHX?lK~S~CGTfP6q9pm<BV7f=Q$2RHzSjQq8L1^@?;0Scf6
z&<2PAjscDXP5@2;&H&B<&I2w2E(68^R{=AC>-u|HZvbu?>C%=on*XlerX-y=?qjxG
zUj;lMf8rZGV*$W;eI{u$#qIM<3Lt$;ngz(+lI{Zhf9B3SN~$7T_h-(sz(lYR3K2ny
zYAt0dW>iEO1VNxO%Mwr!D4~%-0TmPw&_<?K6h)vFg<I`_b_s%r%HS*@&QKzvG6`G;
z1r<=H%DVCWBG<e9hJW54Z>_g#<>%M??AWnm$BrE*&PlRc{`Y_7^Ep?U&vohcUH<Pr
z%-O$xZm=Kq|3BHQ`M-R6m``E)zdinUJLmK@p8+=B=L|8Q5&!nzG3Ilhv#elN!Q%z<
z3KkZW6fDsvy02hq!ODWw1@9HCFZirrbHTQP9npw_y#<E~el7T;;B3N6WSGBrA}diV
zQ8$sBxFV6CXq{-6=$N=6(Th(};#U6mpv2I`or!z+j89BSOiMgc@LA%CXhdQ`;<?20
zd|pYsmROZooA@BHG4VyBEV13R+m+a#_&M==;$$L~43e42^O6@NYbP&BUYfWk*(ljO
z**4ie**V!gnMn3d_D|lP9F`nqK4aA;IWhTAaz=7?a&GeJ<l^Lu$<pKsK5r%8Nq)p<
zQ}Qc5Ta!QV*^@kwJQCfPJf8kL{Xdxa=|U&{7n#4xiIauZjQj`tS6H*Kj``Fq%rSp?
z=C4U%%fhRY#|y91r?5+553?s^{~v#G!Abw(LI%IMkjXDDROS~K;{4*md7gf8p&Gxq
zki{=9T);0b)Zn)kvg38*O`Qwl&Eg%MhVkO~Q0JQXi1=uyQ~aLz{Z6;|r1)f~AU-wz
zu#=3>iLY^Pim!{m<4lQfj30I$;@1~m{QuZ9*RAG`;`=JAoy#4k{?_!ztn~VO(w_tA
z&yj!Q`k2*S|8$z~(f@I~<vCIMQ#t)HD?P`opd7QhbBt0>p4H81lGc~3<-h&!tJ43y
zF8%59-+kuvu>U)!(7C)IGJll|suk2MsAK+e3i9}CQqZ#Cs)FkZx)k&%DCDni!GMAx
z1tSW^6x?T|lM1F9Hp{fgORq+|9<>rn3RauBs=_aAIQ+(j$8T)-@%(tc6T~~kJ3C>#
zYy3th#_w%Zj^7p^Wai<H_;BZ<_?Y<JPTlzU_yf)*@rUAnb8_Qr<7=Hu<L}1bbuNql
z9RJzL`+scRP2Cb)X|QiN%wQ#WCcHVkIlLLXY0yI$PJ!QJFh86RzY;zSemT4wt*$WG
zC~Yl?wMn{){;k2K!Z4w4J%!^9&kAyc;k^b|ptDGA%i-ngu=5b|;nu6PZ|$&rH@pjS
zcsNiP%}0JUl44_Lw>&K0752v4c8tijy&Roe@U{gui{WkHci?#kMmLnU;!XVuBn{!a
zu~3PtU67B&atGw2;Z@+*pwo!nZ>5(i^l}Zn1KjGjM1P3ECh#Wk{Gct^5(`McX2@F+
zrB>l^dTEP}cr$+it=6M?50*>di{W3uAAzrx52^O(w?p0noNBN!*o^sV7IXsJ(CT*j
zy#svPalH}YY=iB>83rE?P4C`Vcn#18w}np|oF+}TD)=<5@<B)FPe!vO{JX)G;WGy7
zN#gDmch7KjA^QE$Ukq;!W?}OnI`xB34b~1mHkb&?)Qh<LHMjx!kl<T`J*4Sofc<IZ
z!Pg1>95joOkCeWf!or*IbzCjtYAy6T(RM$0D!9wYyNA*|8Qf`j6mC&8BzFgen+)y?
zOy+nEq~n|k*BMD1Je-yo^smKE12C7iBfte<z3?ww9jGV?y)*Ew;68AEaI5Ahb`j_a
zqqATck_KQu)7K<BgJ?b+m1`d1H7wGq2CZt)ss=i*arHGM+mK8{@*m0sx2m{7Pbdop
z%aAmHmy-`BKfT-0pGez$Bo5pO_kfaI3YH)*VJs`*D=o*vm3X)ke^y4OdiY;5u6kr(
zJ@i}P)n4$7#qbGb7grZzZ6VecVr?PT7Ai_61C0+p{ra}YELvqTx`S9d$hc0K?apAh
z7u*Og1J82RtTjKIc|3{ccJK&zGTcmV{GptY#H^!@;4<(mxLLD|{yuE(vl6v(&&8`I
z;?5cAn2g#8E(6aB15*t=*XEwM8^_w=@I#>_&Y4(W^mof2JZYd2d1vt<7fCLXTs+Lh
z!(4k6|8s*QW~8^-Ob(ALhv{VjZCm5{FtA=U7M+dYGVm<@woq<M-w!Pk&wb#0tj#B4
zo3ye_MJgey-yv5ml7aA*7O}h#o`rrE^PVM%nVpeD9@OYe3`a6v)~wL<zL)q*QcC``
z0lQKIv%{AR9*nvhoQ?dL&;`xvc!^nlS*sPvHZ=RO3bMfF*vS|Av*9J-JUln8{1(`M
zjJEC3-wkgBzHRfF%K0W$bSJAICV6yPxe+Z<+`^00HW;qxMLWf#9^(F6WPWGz`5R#@
z(0HS{!7h1Ac1<O2cgr8M9(xe;#$YxvZwzJ=`Nm*2@ox-fvmP6R*~~>_Q2HnEe-4&w
zGxibGmX%<ZtzFUORI26%>&O%LjJW$gGutk9nJO6iK71Rkrr8>W=hIlf`L@pJsy~@^
zJsF)6upW2~D|)ZR*c(D~R#%U@+K<fXM`c(niP@WEzYABJ+bTiZgRz^*5VH!r#$emv
zJF1g(u13-z*vT6F(_nkn%kPoddA$!MH!I>#D!*9~ZZUkhDtx$~b>T=qETj$`MUqX;
z*}z&mCuZuQ`!4GxVD?XIHcdr3N}eBOr5|PG9@RQcBWn;|7O*yD#~T^`X0VFTSlCP}
zTYpqxjxd%<^4aeZzH6|jt##~=BN^AAn7M=UCfiY~<`~OeHFnuIm8XGrKt^$Gx*l%E
zAK?Ov(UahDs>fpP7F3JQaCK`MRV9+q->4xiShK<ou}j#gcT%Hv5=paDyB`HR=<7G?
z=bwrUSKmPMLU<mPvvD}x@I%2327e8PGk2<@E$FueJO)0=c)tL>@PrvrMmUQ7U3Qvt
zmy$!QI?~G)@H6y3#lokya?*P*@Py{Vy_Cw?k9z(w{0Xo)G<TR@Z|oN_Yjv@+7YUW$
z-40Gbzf_}kPX~81#t8=Vf~~42=)Ay)4$DvXIV>#J*uxfzQkX0B=PM^oT{71EqvF9h
z_&9m)7ck4&RH{GIl}dSazO4Bd%R{ppYSh&j*N?#uhBpm9G5j?oE%D?x@Bw_-&bZpb
z3u)UaSYfbZpq+ZIxY>6Us~^zJ^{X5H3)aqnuORP$g;v2dgTH~@LbJxb0N*a6$2ZYm
z8f;L$Ve>RN4fzQyw8h$H_(0_A!yWjn%zs#SYv!(OoWXgj<VN1n*uObyX7on~T2sS>
z=KfHvIuV~2!%tXu6Uac}$GUs>>PI(&SAuz9CfEm@W6<8~CeUmSCZa1;@x<M))0hWl
zf_*^g3_*W3)@CE=fn-3a8k<4e4E1g>56lGnfYNV;W`8u-S>#@>7(2yyJ`z4M&GW!a
zun$;7o#}6)bPf03DQu>&_NKKNyrK-pP7!vBuv3JcBJ30qjUrj|J4w^;3HHJB{n*(L
z-vHl$|MjCSM8l#T=@z^K!^+s)Lfb1r$tQ&7#OKAq>gG(Zdf0&~XR3tP6Zt=c?gscB
zVMkWCuoTHwG^;bx+QDlECy9HW(C-2-21lxuUsY&!AGNJUt997_8ObQEM6W1pO%5xD
zk1JwPdyO>uNEke;R>7aTLk<s%M^m}$XhjUi6I&1c_O#u``fbVCr<cyNCRW8nshB7g
z6QyEis+cH=e~do^(f8r?iStOIi5}S-_EeVY<Zecxz2G0gdqz?_owqhKGs#AqlX+xU
zrp{~3X%6yYY^K0B)2N;9&DdD<rBh3@X7b?*MrYCH!xiY{adi%oIe2@osj*XivmR4D
z{A0qfp5vB(splT$Uxp7F{bzJS_cw(DOg!7D!Uu!J{pH}3$d`m;3@(zUi@w?Y4F(s}
zwwo{-j^_J%IuUHpvkQM07H-n>kl;M7zD}zbgs}^eUx0<PU@7_oIGIk;y!&scdiy)z
z*MrT3L0z3^gG<<#XQ2NsGy9z|d>)-<;z2EG`ZK92zrcra^)jy36h<AfU{BDcU>Ewj
zMm5l1q$eJJXYI58PuvyE;9T&L?%VzKIuV<DC!^!eRy^GjqB;@D!@5HVk6`B=unhbL
z{0=*N!7spZK?U-Gx|<b-@53j7Z*yM$gVXWry6X$B;ofgentMXsxfv`&(txXGXNg)7
z|B+}`2HQmU8+;E7kAS~elm&xjNMvC-n$OVctR%r%B;0w1Pq9Bf#U1HK-~@0xcbH#u
zC;1Wgv5PoCr*v0oa!Gf{`{}U|d_$Es%*JN6+J@ud<1LpRgJnpJo$zluDaSm<<%bs-
zyb(Kx@UxrNd+;h2;%StfICkR1=T*k?s^Sy25s%#){R6yDxq+SgEfUppuwSaN`(wGs
z`_`iF-wbX9mw{)|F?B5Jz+69sX6MkHIKuhS#m3szI%)c=BoAs>lm&y!z_VZvjgG6F
zp#Ald_$9PGpjGMqz<u%q;5_gH?kA^kCY{ci^g-^IW^-@AIo&;?J3wzSmTSVl(y7^R
z7pAm!kT;W^V2}I{xc3eQTSPt>ZwKS;V7#3zuY$XEc8)%$mBSrlZN|>I+fRaTai8!y
zBbvtvdJcDDpJBhDMS5vSFAeFXA^M*ws=;*i6*Uhhf*X0Vp;px`BI!vq{vcu}!=0>!
zwq&(M<!2+EolU+ONi-@XH{f?LqWf7>_oM%9c#s*fs0i25IXVa=2?qsh@lbpUygL3@
zM^cS!TmbeCvy8R9Itz!_Mzf7%i{#-#u67doYv9ME6IA8w{1G~3(hoCPI~Rj}I19hZ
zDfm}mn63M?aJ*VY?dYXFHa}s1{1MB`vGx!c*NHn=#nl&BO<Caix_S;ziZc3g@~Tjk
z4vSUaV((MKJBxeYb2e|qnmWsRS!7o+k_ZcDWHY00@SJH?m0jSJJT#Hl?3C*qZR%Av
z^U@g9`T9A|*Z&eXnvKD1R(fMFoB3)Cs_hGr>cB31;7LVL7}eGuN4?qr-cJq5(Mdem
zt<!g~LTL6uW!I+Y1@c^L{3G~TMzM&tyQqzCND^&Ut%!yre;>S^`ml?(H-W#znu61`
z14<Iclu@w@(Z2wE0h?4*e~Hf8!Sy<K1Ove=cI2DGMP%1;xY3V#BOl25YYiv9V%FME
zQ8s&@k%ydQ%^KAC=wt4wj!H9lkUB6`cl)uYS&t_*k5PAK^C?N94x!>xTc=u+;i_po
z>+==~V^3=j@;7Vs`D1m;HmFgog0EtA&k#3lE$V7Ru3pT_viyGe5HwRSW^XkovfwJt
zW#95Vr%Y&8&@y(?<Lse2F^$t$!Y{PLMuk+@-?$Sf;S@8JQ`;$>(*vG8`ipf!_ol1D
zN7S8Db0$%=hGW~dlZnlV{Uw>$b~3STb0#(>ww-*jZQHhUa#ZIxoa(CX>UGh*FILss
z3;TWg_MO~=)31>hTu4x#CDzyAeSr%mDv$*Kh?2z37$2=94^JtsVO$PvwQexxtMk~}
zOQptcyj#n3OdJKdQ(7%xkc<|opvszwgD|6gi0hT12?0-^1ol)K{vF}yI%yJk&f>p_
zH_4vS-guu-xt_f8mC`J9`lY?g05`zkZS%by11*=i4^?-6n-`jv5Us+Ss=N!lRabIt
zEA*GXZG?BtiFMuKmm4LscU#vq%5fJyiZSO{815LTtK2PI>uUJEAJ<9qk1&D}Y>kc6
zSl&|R@7t1#w=Zqhh@K-;%m~<JM%zboCSz8YnAC4)G2Yc=xIP689DE7(>CDfx(;Xc@
zvvNp?h!7f=x`DqN(X;YYdgtaxgmo&Z?!WSMSu-h-3-BX);@sQii$8M{0Uw_mnYn(z
za-!&0qrnAfy^tKVfQ*FdX_|LrFefXR>;?R0gS;<7K^!8VsE^8HWV2-GGammDr-x^b
z+t+LJS>C#r@N96gSZ0liVo+g`TMGigapCT!Y$*3`qi&(ppI!Lyo&9~(JBT(+{8`q+
zWhQ>nUDRsj!k57x>OB#;x^WAwak`THAKPAicMbF}#HgJw{9hFkOdG&QF&p%xyi6<C
z#OHB{YU&|82Q@9kCb>I$AU`wud7rA&BP{U&(Wg247g850Bg^AjFMeSCe?|E^dx3Np
zZc9KiMQZdu7=<MF&g5=%E6zE%?|>$eUq=e}jR3GdWREv1t<g-&gDKx5)0cRf&`vRM
z0<95|DD+BUFUf!?6?XK`*1cR$ruSQh6sJkF-DynISI+V{IJE!O**?BbWMi6T2iiC|
zTk9$`J1TtF--Ba;&Ih*V{Mu{MO2^p}n#vwWZ1KMSR%%pq!NKLTV~;@Gkc42NQ_G+e
z@pou<q|PHLG=_oZ^5D<fp3Lfx8DP5>_71rUr>?-r0{S*H1@f`U1rubLESjs>m!Ods
zi@S~mU7z)8)(+*iZzJ4T2vE%iOZHM>$Wiy&{IqY};2*F{$5uEPJIJZ<PeM722};;C
z%VfsTvOsg>(4`Tw?&yMK#I;Gj8^<#<4<|BwYh7Bch@039dZxq@g!TBs+ia`t<jiNC
zvoDrY=&wULY%bTxv>PKbhD{L#>OhD4+syOSw?T<fh}$Nt)F7d#<Fm(_GN5<fR**Zu
z2;k=5H<J_nNqOxs{wbd*#xoj!?Xf@6lm5)3y#59W?-%zQ(r;-!@6O*$=yZ6&MXIXT
zj5ZOBpICByD}~>ai5EL(iW2YjQM?|m9-iBGfcjef;RBSpdzbRrbQ{43pVa5UH2w-r
zB|1#I0(MgP_Znje(|{K3GkGHM&e}AKqn%htwnq~<G1O2X$4}yQC;)n!Y6t*MTJRX=
zW8@mmo>F7#_HXt#@Z<uQ0v_nwp!J_gbe<E69&rUCRlFbK@1Lv?=K&Ppe!jxHq?%y|
z1QY|?Qu~WX3D0*_9WWIkzSPc-LB;WIVL8E)*YrI;v<rPu_haGfEfklA=Q>fojLRS|
zV9piPYJT+G#3SJ<^ao`z-7V_i>rkIzF+A_C_)ab0$^P`pT4VaFsj|D1kpG#?KdP@f
z0PA<?TTX-I&o#EI2;s5H3MENje)Cn$9}V`}YTyKRG!hcNzLd5}u+pgZ(?ni(z#vCm
zi=~FVV{~Ls-)jdSkiDWc<yBYp--(<PgImu;O`tmt<{;_~wrEYCvefvDuIIEY9!YGk
zZF?BV;gr)xAHoGq0Xgx!?iKcNzZ1R_g5Tn1NQ?Ly8ELeg&AgyFe@0o}<5XnLoP_RL
za-QL-mo*u;s#FJ$SN};^Cjp1F^txd6B3fXJ9bB~NVAaSH6Q4w~73iTa3q2?+g()a4
z2@uOv(WHN&xiQ@c{TZAwpfoFHquEqY{}?zXkSnO*pt>Exomp_bD7=TL5V+l%TQMTr
z^RcMUe~;eT8!kCW3@)D0{2{IJ$7Q}T^Xdo6&P(Z?b90VWrOWpykqhgzk6NvZI%ygO
zd$NmXKG?HBtzV)A(@!VCG)>}+;?W0*TqPMVc{d5vZ;FK@nSPW~4*aV@kcxT@+6(On
zPybGh7Ek{~H)mFD<aYrG%$W!xDj`}{TiJ#wcx`w}p}<*CCQV=<ifxuFJZ|EJ|6NE-
z&R2e@DQ0KCRaiir`p*V6km+Y!tzRw<9`c%hq9XD~?D7hjZ|L`Nk+&@8OmY*)4;7!F
z&UmJupS2W|p!=#lqvO5GCymuFr!f<4O(KD7K+)3r=mw6GCysNH%QpjB#|+FS09B1Q
zjzYHRrWg-aybw_DB&-#aimIzJM}Lg?tHcN=Iw;P#5K^bH@lrt>nq4pG_R-s!Q9=(f
zi+D$Vr~2Pn-p!(I#6H*bBFf-FBP6`=Bhu7hvght6NF9CacftkI1Xg?KBAdoX8RxmH
zAAI;L-e++Q0SUsK#E(G!tPhXEsi%IM`lM63o^9%tfv5v6N2+{go4LI`0TY$S6%uF0
zmC2i4UArfx*y$(1{W+r!_Q;adY5@2#J@|{OJ)xs3bp4&L>3eZmJ8c!<r`}(^N^uSP
zUJ+E6g7EUh^RPADc3z7suFIa);@l1Np`KPJdv)|$MvKp3BBh1N7FXzMByWs#KA^73
zXCBEDKhQqDlY`<G)lH@=YbYVwNOS;2&5e3sXfi#ic<3J?sj!O{v|bS4;}-m!TzuQ2
ztj*oL>_hO{noa_FU*Ol0e^R&t<t~#45r+w(l2*#$Dm<Q3BX>-}O%qzVG_PHe@fz-5
zZxD^B(Jgdq{MnKw!XDHPT%JMvcyo8HH#s>zUv&3B$2FE~7@yde0s6b`q8lE{E1VV6
zE$-R%3hQr3pN!_NZx^u`Tfma3w>iX2Uaz~@MmOg_R$#Y%yV(ary?`>y4zG#Dlb(^M
zRXjoZ`9I}{KtkR<=r8sb>Ge0d=_hG5n2#;+Ea<VqlXL7gQOgB!oGx+%vKpn_;y~S+
z<eo{i?3jkWNzD_nkOui>-;hn$8e_$=ZD~I+i_5kT((Bq`FZd6oPo$B7tO=1PxT@dS
zp_<2Xkg^|=h@Kk9I4#lQw>Kn<y&g@H_R!prIy+~UR@u`T@YVQ_9NyI}UOHPeoJ8s9
z0s5L~<^^_u*hyp&yUP7ZiIcD_ORs=NlGc=+>Y4Og_0rWh%Hf66@T$<XV+PPTk||8Q
zRt9$L(5RbJie;=!GCsYlhAD|H#9$z2UJi)t&GeH_UiK+B(fS>~^txNiD9_kN-#2Aj
z4auusrMlw;FQwRRbSk2Kh~G!SuDsZMEYAH80^m;0$F*E$D+^i>@m0i+6-%Zg4NBc}
z^xCtl%V&Nwr<9H^!V4-Z<bF9$Eox^1$iUQhOdwX=RcupzkyV}caNkrL)zS{iu<#XD
zu+%pO!K4TYGUOi@<dByW6k_CHSEw#&J<8U4x<PrVdgnX8D%piJLB?)9)AXmDj|JKK
zZNu+mb7X=e5$ck(Z%n7Yt+TAE%i}nzUEN*&dOCW5htR}wXkL{I!rbEr<;^B*a{EjZ
zXllmc8scE^By7bGkPL(FfH!m&_M4l@7IY3KsYgQ(L0*<TC$Y**p@WF0ti5YHf^@h7
zUlAX_O)0$~KQJNCZt%~)BPCb)M~DE3YP8U#;7`B6e^Pb8QIRXOYw>&NTsA43f72%r
zo4|#$ZR8$eF(>k8=v&U=B^cw29Z{g{%nDdHkxk6L@-xA+v4I^0{LK;n^do-n)UGNv
z1%A&(16|k^2tG+Ge5QZ!4b%?{K6oPg2d8VC#NXF~*WYIpP}=-@ZST7VdPR@d!@cou
zi>@E86~e)1uJs|g0%9y4bZvq+`IbFUk?8}lS5^YdgOY$quCDz-3g-k7Z$UjX+Zq+}
zb!_70o~~Wn#^-W*t*Gzd9{7e80?AC`U65Ppc~csJlC~z(xG+z)auhe0gE_12zpJyM
z-q8NJZ5K?J!V%>zsNG-iFM?Wc|8OEi`!{{)|L`t7?fD>(y+-hfIMIG%%kdcI&$;!R
z8vN!5UMQ8%i+&(+t`j{s&WNGAPHL?vC)@D;G3#n<KOS$b-f+g=h^cEQN@rigD^3=}
z{@ZuEK9=Ll+}-@S?^>>9q9kIO))ebk^ck-`A~%LN*u<JeBOD-9%#GExo#<)y%Gq6e
zzdKi&-RP-LKnoLiRog0m#k9s9ggy7@!F_jt+Ig&LkBX*Ef4KY*7*aHT>sdo5=q6c=
zV<I2IV}D3_4BOP(D}VjDjd=VwpuL5cpy9ULe;y^Sk>DNvJo4iSn9>7ztcct>(7-E(
zL@eB^;~q_^fmCM}WIdw;>kG~}pe6bY>kJ3<l`5%4eMN1gafN@KUmyvblNHlNj18(l
z{i4Z44cUuV6ar`WAv;e9_$1;kXYdBkqRg$dWJ_3+dE*@Bf8{Kj`&nl6jP5Pyj-;m>
zL8ZC>EyB%zzd{)3WogQ0NbR_bQUDeVyKkLP5A{(lyy)A2kR$1D0_dRuGvg#F%O(uT
z(svCDm%(3t$+!J!dTpz37my*GA>P!xEMxIh(7lK6C1dc!QP(Sktw(6`PppYmU*S<u
zVl!KE^S617F|~neX#dJrX1U7qw&V07=ph$H&WFdd6Y(Q4^az9>zlGb;#<em@GFwR%
z?lVCbfL={!e6c}2o{bMxJqX!S*7p7?Q9V|92CD+LtBjEPU$YlFusqn1GVd$LfHu*l
zrf#|&!W;Di^cVq6g4UTgz|H=F_Zj>edS)HwGoS<UmZMk0>sj&omvd83HMBPQ3x*){
zC(bhdh{!t+a>GaHb-nun<Oq~KU*+fyUk{YjB^Wh{VTUmM>SQ3a&IbX1Xd!+FGQWgA
zTkvI$J$|QM?KKK77ui;52d%fjJNoWV_IGulyaD+t=h3OS0rYw9RUFh1Sz7;s=QfTO
zhiL4_wvs)`@!Zvhfh~i^i)9Uy?N&gXNHLu|$a-W~j5%QqlmOZtik&DQ_A?4Utd>I8
zQQ5@5t?g%&iosiy>B+YX6R<AvzUjhmrpz_C^KVFK@^9@2c(&9D1XjAX=qB>oP(TGX
z+CDBZ`AGhS@BYJ1!-HR_Tc{AiRPdUIH&_Sa2p#tw+QtZtP3YCY;eY${NX!5Fv+$ki
z^T4qXGW9Bvaa=YeHfb$=tSX9g7<Q0}K`J=4r?5f|X65g|CuqB$#R%&I3p=?<UyvpP
z9wxrmOf~e6ThRJo*twz)*I09>@zVl<!8o4J1Pst4*V|g`>VaGSvbBpSzF=7*HN<Fi
zzk+@HM`Jbu1yyOnx9`!ELIU?l($0xP*z)ZO(8}cfixemXZu_^u&3^>j<<>(qU>Z<4
zYNu>MjaY3-xZp`4!ukbHK~Dk8>1QZJz3Y~SM02$8)@AAW_V^Oe!*HxA<Vf_t`RKd)
zh;<?brqBFf6rx}fsLb`CN)P8W=kLE{$xnY797Q#Oo-H-|bVB}yvc+2AH7Jj%-1Hmb
zqO&(}1N|TW#r*bP4Ig}ID_wh@VNZnA_IRC#qnRb21|I^G<d2)&jbhh6g@EPp+&a^3
zg=gMM4GtD<RXt(AK6w=s@$7ev)cfQuHap^^ou0>#O2PR4s=fVM%p$zHd6SY~@^p0J
zsCRk>y^tXY-aYY9dY4d4Q2Ul7v1lb&M1V)wx14#M0RfLxC^ke%M}Q=HuqVu4x5lI2
zYW9ucL)*Q(E<4p@iqwPqqeE8V3vhjZ4wYS))ub>U&tI*!sV>ETALlQNV{Dqo6_S8;
zD`z91P@dkG@n%<+<eUjNvT--3FoM9_?m?9tmjzMDd%Is&NpblC6p@@7m1(qUc_moZ
zPQ_Er^GjPR7umwl($1s))A<0=_a?L63AUM1PPlWny*8amb6HdqKem8u*@&q(p(R>J
ztr{q1o8cc6UtD;SEpdx{?_}`?rmo$4*MbN9g3F0D)AsyAnh@3LRNzmF7ZP^kgOl8H
z6QI3R&#RW*E+ELRAcKv!5%Fthh9fwD%6|4Zo)7lgMq+2%PTCO&rV8s%ncjnY)_F!_
zX9AIR=WQSsgvhFGxF{$3P_@i)apC{)4b55G9-0%N!_Vlk6ZccJiplPfzO(_H(Ei4@
zncO?YSj{eY&WIdxQlf}sBPXxf5_mupl=91MY1YerQxDI`{QYkuUM-7)#WsgSJx9Kh
zwU$hDz4@0XZ<~s`{Do)4jg^>(#`2!YErK5=hvFCD4s9)}3(~M7>8P5dT6({nZLr#e
ztpoY(W?ossoRT-L`0oq05!>Vfa!=9isL!f|LV;6pz{~8Dqw>|v71cy+OEXqByqUjz
za8Y&R_0zF+!fiZJF|Vc;-|3R}naa!`X)@PfBJ|;>z_YZ2fd;yPW?ciXx+onuJITbv
zuI>U6J9I1ccbjV*PRV7xbMM+NK#_VH85=wi`e}2woC{@CAnvxyXh6xos?e>`up0FN
z%R?g`jZqnuHTX*ET`Jbdg^0+Yb;1eLkXfeMvdUJc;vH>C3S$npO@`ejh)vD~z>PGb
zusMu+F>7RLoxU%|2<T?}h=^%T0mY`NXFYlYRj*`xg+h$_qZPv?>7fz!E3QG%U*8at
zeV=KOmqYV^pVImT8mOk8lK#y|M0$T`wev_ZU#WgV8GFYl<rH){+L5S-(SQN1UAyMn
z-;yU7EhY9-aW}lq&m#?yT+HGs@wI}?oFjJ}bYqgsu$vJwHg3weZYm_!s47CN5;K(X
z?FfPmi}>%o>NvfuyE5k@{UfAl>+Q+Y@s#4`o40>^j+6f}H5WN$S*1HP#y}6Mo^^$`
zMULMYz0-<}&}JL(BB<I-<ON-7PxVjr^Pl{6pVKTQmwosqd)NAkfwjt<pLV}M^+6c-
z)KZ_Ah57gfSY{eLLNM}WW2+N876f<;I-yZf9Vro~lcbS3bJF2a8P%5>D_B-4IjxSx
zrWLR~W7WOE2#J1$li@N#-KDi_sT70Ga?PkwiQU&_rB40pf*kczo+~jMx3epoV3#K7
zl0AF}siIJm)l6#L-?6!0T2;Gu<ohHr>bRK2e5Nxh*ZbCCk6TkRpcZwk7Y*@N7B6q9
ze~rnWX5vmmSn95STed7_Bk4Rhb%`UJbNnve`^tyrkP4M6Hr6d$*DWV4YYu;Ld!Q+X
zycT>xFW7Kq+qm79dc|$mKZDhir}0zcag3-cJbq|Ld}%lF{wp^!cimA_saZT<s_RCX
z*b_76#wse3G;}vPd)afX{O88?f!{~FS!{m+gCC(PE1{MAnn>3fvC#Z2o~_@61=pwl
z0$8PE7^m!$B(ao4Fdt6W92<+sID7@+&ge)Ff9GG^z^F6oXt|^2Tm2>-<?AQw&HOvp
zY&twDFN;S`!gM-<9$eU(6nuNQd!%!5p)W7^Zb-v%gGonz+<;w@t=1KH1O=xPcZr1V
zqmSHlOc2W=EtyGf|Nb%f5xoLzt<J4Zk4(}}o_u628=|wy?W3`wWGX;{c`LZnJGGR&
zI+ol?I+a6%7ns%*K|&T!jQTXUBpB$3CR-cBIiZngj?`^|$cdqFDKkP&i#O<S!<$IC
zh?Op9IcaD0Ix6CSPi<1p<PGf}!cpJ*0vMK+R;a$`ZS}Hp4<AP#zHEYK58q(02e~N#
zikuOUc5SmLkg$HkK5Wc)&A@&D@c7X;F}^SU)mRgjMAm0#pK1=ekQCrpt7nz_cLj+Q
zQQC>ktL_?+7qmO(v67jWme{E752g#+;Nc1O?0xmiuP7tgdw9#;gR_2RWO0Qv>{%np
z2QwZuaQ+ddyo*0RV-IIop*bRx)j0!tq59CoWn0qlT*q#+=QstOvr{EhL}Oxi44a&N
zlRurU92(*GtPrz}=IdMAuzb-x7!#R(erTV(M|&=JL~e%N06GvZ^X|A9n5bn;?~iBR
z<eoDcY|HJ)wf}xmg|<^nh4-x)0Y~p{3_&^&->Ws2V|+2+L2szHUePB8a**%G%%a;=
zJ?AHC_))U7r*mNK5C<(>5Hq)OqY%T`HZ>F^^7PXA+<U95IHE+V9z&t;Z{b<eVheHA
zC(aA;f+mavpJ904dVW}_k=R8}mEWYb?yUv+zM#6(*GP5#txiEc(C>AFQx59sl0uTI
z_x?wgnY;zB23Brd%<B!d9H~}r`GD>X?zpSm72dTe@mcCV+6Ts#{kY@i>^fbR?Gtrr
z(#FP$#N&JOVJyL|=|{-s-oj?t-{W=ZtY!f%LseCNmfEJFw4>ri$CseIR(hr4gvawk
z&U=lIi<^t@BRU4mJn$}8`Fwq6{b2n}PT?%)tUog<li<j^xOQ$<qjmA*@ZR+`Ll1pY
z?1=Qp)jXAL6!&a=`>T7gDS{8TXqTNCvom64smi&^sg2JkbB$n1nirYd&k2gJFKcF!
z+q}prV9)Jhp*+e-H2)~Z<twW5%D*mud2zG7>}@{nQqU{Z(BBXy(Fsa2F;@x-6qOQ&
zh6g5++20WofkarP3XDt>LQG5!LR{EUF)@6fg6D`}>r&tcEBVvNg4fpTQnyay;hJjk
z+x^LFnblQwnO9q$Y0zt99Z-r#2FiozLEwDu?iw|!9?c!54A?gfkqtJ1+68(a;5&`Q
zE3EEL1U2TCPlCUHV4Up#md83D5P03@O@z!cF6t`f@9n*wsF<!Qj9G%@vIA=YJko_B
z3hJ6BUKKV!hGMcOP!J4a-xfg{hIn~_`Ik#3d5WiqoGv08OBu4`;0~)7^mrcfCpYCQ
z^IVOxt#LLEo)g=K{yEwJ87Nq(<t#H>4U2?HK*=p_AG)pnZLluDhOI);A#V}3FW<gY
ztK@Z?frglRv7iOw04oARAjX<5=ku~uRco3IJ{G6=*H)}3mUU_x4J3h#fdUZvHfxRI
z^k<kr(m-+uY8U`|CM|ak@_MfpX^Vt?(Dou=%K6IX0*jx-UG6%1n-YjGxT;ocuI*As
z`2BfzU`0o5d6sOAzX1zS40s!u1W_(@MqC_g01l)IRDf;5Jf~QG_{Ia~)aGEHlP_0C
zeZ3d}^S=Ky1Ovdxq~k8YZ%z<Uwy)YI17ZeRLvXpCUCU{EwQmyvMFXiJreO6>7F$(Q
zP+)ii9Rf8WztJ_vi<KHTiXPu%n2nJ5Fr1h+6B=am(#+D=;y~X(QHU^>WP}*hObTvY
z`=agUKv^8w5H;8;>~)3~W&51%gx?$AShFm&4ifhX$pVPJ!1+qAl;2bUW?|+G10tYE
zAZ22zw6a!Bpn)kcJ@5g782euRH^y6bi(j7=(NP-7UCwA8zsZ}QB>uZgHOkw-wO@sa
zG%Zh@{nQn+V@k=&RO>DOS9hZ5<EGo-a=QfOkNoEnU)Uh-g94|e)Wa&4u`A~9dq!p{
zR#bDIe$bjwfsoil0-ZqrS4JyBqB22_<GVIzG5_bwrS0$GJ3Ebisn?<Bp-d9VYoWp8
z_TJqJ&P480<REEg^yD6>W$2^nUheUbe>JR}J&UQqANDwa-n15oZ=^PVF+-B-f?DUi
z0f&sdveUwoRXK0|w-`3{F<4tgRcXd?Y+DLZh2)7PKh(z-9QBi?F12c_Y1wVO$^n-h
zy>@9+n0u-nR8VtL)-T$z&Hlez#qhLo#7h*WJcNb(zHKck2mGav)!Ak1?5aGfKC`y+
znt&W8)mFW-+dJARp}XL}YxUk4b(!soWsV7Jqx_$a*s_fun6&hd$h9LJ<JwFshq6_z
z13rubZ)N<z;xn*zj+!?xuTy{*HVx)7TtFq!G8FApe$V#bMuybXI-Pxq(T^xj8BNCQ
zGEAAjQmTweWgU#F9zJEawJHbbv}2UUc4wxU($TW20J&B_qZ5^b`8Dezx+Q>W)t@@d
zv3U~;vm#8SuqJMa4qI7354lUKpJZs3gpoKya0gz)csW4U0`$kOf`~go+?{XnH3msG
zkS+I`KO0&ec{a#kM)V$KNWNQ$Mpyjp;-5-|%uvp?o%QXMq~vpkcuQusIk~PO0z=S-
zJ>=dqL9e%(!zOud$ElvrAl_y{wC{z{GPU{MiU>>g-QQx-TvddeIm6nqaC0p>!j!m3
zT?u?)2TQg+*45D#Fou&n*!UpVyH>{S%I<Jo39n_w-CModvEOS>`ZY(N22<d`Z0H~X
zKY=YR$F9Z$Z{p;;4;NX&m0#*j^X)$HK1}8<GL!Z(nLE|mizCSob*4c!N(LCzL}pdD
zUt<&!1I*<osj3&M4`nQ8@D`xK&zV>(%KT%GL;1;PA@3=1-CuA^r<jZq#_ab45aVD>
zBkhTAhUhkMAGPSNp#itP`@m-cD&QG64s@S3H`-QEo;#jG-<mrpQxBgzW_2%fw{?#_
z<}Xs5JpKb<J6((nIJv54649n|nhF)pKgY66W~~GD7sF_}qEnzoQej)4_k!|6Fy#4%
z7f@tD`yoKQEawzjb{>QSB)QDc3Wq`Ys?5!>HNB7%2uHZ1=Omvp`)@n6s*t`<URQMK
z=f9!T+LB6&GoOZYHCK8D!{*vG1L^jx4J6qW!gD0|>WzuZ&<IzzcD_yXrv@)0%eUg`
zpA38arwu)SCPA=oLb3N$m6+TW-1p{-6BZL<Pi+eAOv2klB71q|R%qK}i!%Qz4=Mg0
zt(;TT8!b1c6*^e5EG5C5cTh=%J9Ad~8+m%Kk{Nl1pb{x_;x1DtmX#o*Y?<}bw6tPU
z?4Yz`QVz2ua8d+$8l0D2HDBhHs7x-&g|iH>;Nofpm~cU|lCN|DSjpPDFj^^Gxcokq
z%W@&|OwL~LIN|XG92H#7>mC(n&nsi+eydOF#=rj3*A3SzN^vnfRrqj0#ghVeQNoi8
za$)fd+MFIZ`Qa&>lG}V@tD6`)!>k)AF%9Fx6jPYMn;<bm<3k*i$I`|gQ{d2sAfF4{
z#vor9(MBMjFWts3pGW)Zn=Yg50+}u`=PaHMn0o+c4>CK3K5=^0QO{>Ok^MlK$k%LR
zoyg;9gY%KsKP$UO^eHHx@lLNUpA*q4v7R>4s<58@rB!A<<ET|-Jtw18N?b&I46Pfc
zHfN=qvN)@y8|Pa{{6Kz>{!w@~H+5g{`<HWuYQw*28tVhcw!rq)VO6}{S(Fzr<U-CX
zUhHhlD{AhH&MSFzkM116cv`gXp&kAOcB2!nehueUo8kVaGpy2`h-7a(*#Rrj!AvDk
z#=mAX&++Hq(c;^Hy(ba-i)2^X>+?ld>+ogUi>9BhUhM*6Yq}RzD8|$)((!|rhEM()
zqY^75KMryU_y?Vo7^NgVXpjqwz5gP!DuU91+^B@Z2}{t4h?4|FDzSJ#%SaE)J<WE;
zhg=rCk<cgQvDzai6*$JnTo%8P@~IX^o>zK*WhlSfF_uXzkZ^Gnn8k-_DbWwh+Lj>h
z7r4$N-6~U`LO>qldP2ed!afBHp@~S$Wq!ydQVh;6KFXtc$P-kI*2_=H<$fseRSblh
z2BDD-vOxKpPs$E)`H$;FUaHV<R%l1iGi)<pmOV366xTClGo<dGs1y3Yf<4B}Pat`)
z_k%rqP!!TLXEQAF9@GZ}dD<i$0eLp;o>V12?wH&?T(BrEkJU#c=O^ZCv|v!#J){rl
zf(6w?@F{zSnJD6GWLIE1d&;56k95hq+@|O5uz{}y!>v|`)4D4is0Ry3uPMo6ug9hb
zOH8jdNlQepHK>Nz&U532?9TJOhJa2R(bZv=0#w_>)S1*K$8if0K1*tT(ko(18R`=X
z_JTQQy!1IuUU-FB4_>A-y^%Zm;9tAecTQV%wYZ#nacc(nKdoaqpjD1Nk9m*nL+l|R
z`~04|y1lmi+MXz-uIRVRf1IPNKDrUVwa0ygz2dAAYEBIqAgRizH{uDK(ZDC=Qq6}^
z@#`NCzjk8Nj{&baqXQ$D5xe|bYhb#<9%?Wjdr-OiMv0h%_2%z#3);jf#XCuwyi}NK
z1@b>ho6J@0nxr$&$T?}ts+TX7m?ADvAL^E~m8$D5Cf^>=GcXqPZJtV&`X9sbNSe&&
zNty)QyMac3^7XLS1gyfBiInWZFK{2Q*0MXc6l<lGzA)AVPHn$Gy@|TUb}Fve@qjsa
zsRWMeCDu8ze8<Ghs$;eJ!%D1Yyd9K{9NcUZJ{1>}nT^-LM6PFe*+1b1lpGyQViOrB
z4Tt$wxMz6ZKY<pMoER!v4iV>t#$bQXKj8$FJO?6r90uow-M|EAsat!V+t4JDne~E+
z_12?j7#oyaA1Znr0VfTUnU&gLzdX0vn~<4}%iu7>Kg|x@>=1H%92w_@(ZIy8XE@(K
zVE~j|7EB@;Dw+WqM-!E~j@4lQ%|C${OhOP{!c0~{lO&qqEh@SK2}cv1xsKDoM7L)+
z4wPI7GTP>Q1v~~O#y!JD{s})o$+f{Hnjn2ly?VxD{nN5Q+1kO(T%pI`(U|MF3{3QU
zhClriz(L8O!6npS$<IO(CT5i%-^C@6prZ+3ad_~U9T^Pv-Ft>d{1cQx$&0}yCLy9T
z5pj5knH@<D_KkXm|M@43fs(6(OH@Hd>mcK_qTVNEjEr-~k4Fc6Kj_kMC85U&&?Epb
z<VV2?^u7u=TcGDT%@su)f$uGPF-wgux*KZEbA%6bZ5fwUUZ>d3b^?muq5a{^Gu$`G
z9O!kg*Qs!|1br{;BSpL@d9UOnN4!LRFYP0fvuJ*==>y1#qj<eK?sI90^)tx)>V9cU
zu7Z?VnsNDgw%CTK(bjnhLb{>q7E%M4l}7pJbxc$Nk-an(RIWeI6j=OrtWKIQc{UTT
zHnmVr%IIjfucv7$1u`^hwP9>pU#HDek*UT=-<&iwdbSijb=*-=MSYeu4qO!z_QUt1
z_PD@vDc1JdhkyJ&gd%?e=zy%?9`lQ}6Qn0@Y4%}yaoekKR`a9}!n8AOK&y~bGuwP>
z-cpT+&#%;=uQb&r9n&zRA9Z9{x~&KoS8KpDemT>{TB>BqDf}Wd-LO*ynev?WL<w)E
z6zRy$FFrkaRqhmHS{S=`>=db<-#R0{r|WzLM8B1rde&u+OTH_<J!$(?2$^-6TRaww
zuN!@K3cMay7APEc3LaKEJ#f8h3n)x2ZJj`R=IIq;Z<WRz94p^r2)?RZ2>mc=%bt|{
zQmJ=4WYd|Dd^+19?u6;zxG8Zf3A1ma-X8zj)O}=p$=<?$_IhNqqUwPA$Q9~<0yiK*
z*md~eMM&UM?}ilJ$>AT}3NU0QkmzY=M%&zD5yBhn(ZGS;GX(3HBH9K|h4^C#=MAI0
zL;eU&+~@oZVb)W8jq5$Rxg(njTW`QQ9#Fk){fN2M)69%~*ymOQf>n2<fgo!@%Mf%>
z1Ey9-`~s>5w9){#HY9u>);pkH1`+C$Scb?jgnvu5ts!*n0W3qd?_fW2dl?d+hk@Ip
zAOQ^@g(P=y2*S|q(EvcpM+x&Cg3K^@dsIfCX$zS84xUaJzWtwemNH2dpNA5wTq5PT
z^3bvbtBUjzY8B-LISzG&vSJnZg<p-oDpm0p)Ebp9RG}A?1S)w;Cr@!7Do*pWmC@(T
z8pUl@*XCUtMK4s^=YKy$trk3%`B-)H<|37ep4RZ@$CeqdDh(~bUX=Yg{mWZ9SyF$R
z$y?1>5_OvRz2h$_KTU6|`dyN79{Bz>Fugk4gk)LJ$15Y0e|9G60=}WbHK%Zb)mHBd
zc$)iou=e!#mFzAaI-a^edX*JW_WRepXnn8M3HT~mI?K6-`l#P5;X0Y{jM^+~KDqb~
zPNi-q8?V^qnW~$9)Gdv`*OgTZ+d58d?TX4pPV4r@zE#VMI#=y(4X=vMMM3LsmmXdV
z!a5{v$%=wSma`U@US7+rI)Ju$Mg1brS%(X-%|f@1QCq#De39d<&84r+Qu18mF1Pes
zJv2!kQ+Yv!Z9yJUd2XJyaiXs%w$%DGO;XP1uEf%Sh%GK7v?#&SCOwr}PI+#eol7CT
zSPp(}wqbWZRGAMzC?|Q>aALxnVLo186y-7L%&{Stc=FpbHT%%xF7RaFM0{@Tp2cTE
z_R#b$(qrMC?PJ2)%pcbRDh+t(!q(qmxXEspmUozQXnPlnYZjV;dZ^1b+hHz|He(iz
zYdx5DV;1PKCC5&jDt&0ow&87LmZ~see&}=;@-jQlUO#U0)wz3U&9>xi+{JM>?tPb~
zX@He3ZdR*ll$>sA)~ac!mVPyXY?h>HyO`Q&mi01I!6lT2cxYZfW5b#;fmOd?!?reo
zR6lpl+CIT#7Pn&knD%k#&trj<)^`}rV-=gWcNolL2}qkejBYhy%%DFkYc;FNz&|v@
z>9wHBpgk02Tktk1N~=H2<gsH+jheihga<Gk5l=<|?26;&mOMs0Ry+ng7EX@t-SnKk
zcDjxqUEf-KHd5A8Hq_VEH+(OxFG1XL`GyJ4yDpI&w(Pf@w;aRT3f5;Xaoj5SCJC<q
z_FHb$ZNx2q)<-Teo<!Zs-V*pGK9)cFvvzz>eGh#veRq6MCY{Y&w_4%XLoUhOYTNsD
zPZ^!M-Tds;+pX6dFL|FN-8$d?v;#j@HjaP0`Z+wcy=?@2Z`(?|W(6*?U8Y)(HsCMC
zpAx-RI(PM4s$03%Gl<-eX%)PZ&AmwNs+*_Qt_ZJ@Ji|KrHc_ui+{XDXv#tT2#T|2-
zxK|Z!lYCdY*NmPi9b=oA-`T}P`{l;<ZwZn>RLmJvdLu~@RCHL$d@?|PjC+DqFxgB(
zs#Lm^4TUWQV<KasU?M3R@d%D|xJjf*tVx7P%sToA)(FuE>Im)#<_O^kIxZnDIxapg
zHZE}*iiZ#@%dN1<FB3--nf<<DmDX1V>$keWP4yV{b79kicOTt9dv8;(hOt)}&gdTy
zHZv0se`@6OPmngm-2$=*ZuCNRUu{1)&lkuaq?V}@e7gH9!O@zLWY&2p9L{R8E020m
zBT$AaSk*KkGy~L|jQKRiV{46TS}JN&U_Q`z{lnx~l;ISHJ>N9V{n@l=&Fk*6Mz<@R
z8B5XXPB(uot`*xi2!Si1AoFk^E*V0yN0Rq=KTf`*|MpXC_~kf9d8A(u5pW;BqC0sY
ze+f7E<5FhO_OeX-?f33CWxhT;JglMu1dc*qz_Ix`r+p2_&)$u>%GHgf$|de?tI+uq
zmA2DQY;>DgDb__d_VtV-orduTWtam`D{Yh5STfE^BGo{$`%0ox6U8tVq|&<8K+A;;
z{g>dKV;KRBs;VkvrBw-@L1|kV<MJfmBp-_7A-7WxcX6h&H@~TZs?cYOk<BQ~+n1a7
zM|VVxFGA;9%ga`DT5VCIrS)otpFPAaxjANRS|eq;KySi{e8is^Zi&|!79P%~*0GZ3
zUE=<}Ey=zoZlq5vP`fzBuWIo=?U~rUU8&fuX2}6)O`qpga!rrtwgMvhxUqoCmeH~T
z7W!C+e4fGj-Im_YM~BN&h1ZYUrR7rI;^+*$=#;^zhgnYtJzl2H6kya7t0$};6;pl6
zz}V@=p6Okk7f(l~9wSq8%Fx)^!QHJF<Ry;n+ZNB}FASdjP1X6V&$kxY84OWNUu>V0
zcKY=sv>^2j7C5_I?v8<t!%KU&54<>90n_+Y?{|HPgR}0qF$@J<+8qV)BaGUW_D?^Q
zth3x+XZ|Gl9&eQI?Jns4U+c@48lI+rz-6R0Vd-;!!dwi&n5-Q=Z!9liOK;RLQB#5t
z<2;_p-p1))E~?Vg+7F7IJCqCRoe1Cy<yIgaRZyi|1|^=dorrx0r!QVs!A5pWPVWw@
zbG6KRLnqv+`EzGr*LjSEQN7J=Ema8c6uWlu;a~ORo19wcm5uiO0OMky`&*z7DBEhv
zxooO|er>fu5z1UhnrM)Sok8-ncAguvq=mZ$#UWx0T+BdV-c6pR20Oa|JNj6NSy-~+
z!F1#_uQx*jO9N^~SW|G*&YwKOJl*BQMxcugdfUkAHs&9T(H-?eUuD#zu)8q$?Oyvl
zdnFwLMk2=8vA&2MF&$J!bjBe1k2CXUpXY#U@MqDMUoB`=aO#Na-+g<$9lRDQ9X=iW
zrBM7}{OvaTK6}x3mUW7Ch^4R`gy!CyUcz2NdnXKqH;1UXS<4XZEKY#e`lYjTqJ8sR
z-${TZ&t&YNF@bq^-yMND(+;9~s{+j)r;}GH)~35%+$p{XIjhVMKv#E&c>&vgq%4~a
zzBlVzlLE@92+cH+hsNCB-HSgwFWf<@K$BWuOFhN(?_s^n_jVgNBjHO9@o7JJBTI&f
zp^DH2?w0vpErT5?0$R6~3V$ruz^su;8}r)w)u-i^^K(}uzT&L0N!z2^yVaNTcURE%
zT-{+t8|>Ps)q(R}SJ-xn&tUv(^Y!oyd$!-e$`-`tJ*4%Bc6+YRKrefy%f1hH5aeA_
z{%FZ-8lw6J(-ZjD{H{W#Gy2!EuA=HQ{MSSMm+{>)4H-2&h8MdK_PR&(DQQtN02W(H
zinSKZH>5Sv5st0gRFgXSX#Xc9fKersZd>>V00NOmT-4a2_qB$nSi@q1_D91J2J{9A
z>?{y|8lLs1J^<IlnNF(5B04~hUjm&3-fW;EUiI>ud^uz-Fg&=|2y2p3-o|56c-RkE
zhIJhIU~R4Cd-UgD#`n5QB?=BA5$cK+%>_Xk$WsjeUOCM;xjPmH5V8d&a+g&HX}|%q
zDloBbQ$<EXFW=%cz3y~gM=dM6tr4q<LIa+DT+UQ!K-EDlI^y$=RMk{94bxa&^$(`8
zk7^F4vFHMd&7y!UNq^*#rCKz277)cXlv@<&Qp8Ox5`CAzMrf23Gf5?NW#iB!+EG8Y
zGN$z^-i&N=bUcIX_>us6>ty0i4EO3w5LrjO1v9YXb>;815_A<P_PFD<Blx)Ymd8F-
zi6nyico3Gy@OD?A80+)u@YOB;@;+Kx)O>pDqnJXblTtx@`b#2d$L9mjQZ?>~HF<tG
z881X*ivyJW0j}QD3n{-)FLs`u>>)DAbAX2}bE-u`pSzy)&pb=UJWH6<G!KGDX2GO%
zRf_%`*{`|XUvpxmmX@)8e>{AzNvBxpWGc(0D$5;o+CUn)>2#0MBJ>OJ%8czF8ad;p
z7Jn7w`x4f6MSHb8zz%B_^*%oLR8C=V_K4_2wl@;T`SaN;=_Q#ndP^`^8f&}5!ZJy?
z!@@HuRd{6tke|2Ao@U!)IN<Tc1h|`RLg#xtK5#aFFq^ZR9P%vN3?FzOctc0<qw~RH
zX3kAgTJ+%=fjFBrGGlnw@}?qH+n?t^_VFy*1=P+y>PxTrO`yJGr_u{-<DY<T$sngv
z3mA0W`(G78Gi(q0qG35Y3n4~v_v(iY5KM{IgmM7*ZA^6k5W3bS(}F;2B(>NFE{NlC
zPp}9En1h_ddW7B+_zMLE%Y4#-^Y3moL&mjzU6=LXeFCt&6)qj;yBlGK{lsr=rmkEb
zep@FPeZR9`f1&d{%K^b1ANVg9ec>9|2GjbxJ9;#MofmayPx_xKhbtpTe{?4cHLlMh
z{U~>)+|@qKcyB~Wd|?KVEpJ4VpGmdf6{X(eQH3zDgfJ+5hf#(0BZ+VOkrSTtEN(<u
zcEgMYkpE!{VNm<hWIg90?1sHln=$O-xtFzNkIB8yxZs2!4c=-V_JC=CjTuo^L_EBl
zYZ*zN2MTDkcLajp$P)~9^MV#{JHLZ<_rA11bPu_VPq-fLpk((rxrb!=NqNwz4U|{V
zrO@@9QyGC)`3N57*DO;Je0Z-RjD_3Anhpp?9P|r@91Jw|ybUz<!x?ECiq}?p?7uW2
z3eq(FP{UdSEswnDM_p*1GSaOrI7jGeG+VndI$Fl{kyY=jvb$(7oNCUK-U(m!Fht`M
zBKYy>$t`gnV~<zM)mPhP`jDt*Ghp#|>m>YT1zpT3Q(cFye>u3Ivzl<3*#1W=vLj&>
zn_vhfj<$jHVDd0;;F&9vv9+9uP0$ld(}2upC-F1N-ke5AE&3VcKx5hDGNd)LU>FB(
zyOHgn(lhfOPDLO0YApD`gZvQp(4)FwRcNbWOVN6HYc|$i2lE+XmGN+Q2CWT_U2tDC
zSD#XD%kK)`UQAM<xUwPwJ3fa@AJq4+Zel2712nm?wCf*3wW>9sO?Ts8IB^%-o<vWD
z?w4n+ElikwVhmHArM!!V$Sc8T8_CuzF)Mfj2tEu=xB%=m0wL5lib<3=3}3n?N?)ob
zOkc((NMF(>4qw_P#7T@b&dh;kouP`Z1FcPRS3T~G<(Hjvqv|lH@J`f8+D9|)6uZ{J
z)&aGChgsjfe+N`jW1UPtxRkUm!7b~hXU+cn!z`8>^P%~{rK)vF-YwAU(Cf}?$luAF
zEsPU~J;(;P2ixmTWyoL89BUvRw7yU|pza^-9R2tu-sczVM%Y>`Nc?wOgP=mp(DTF^
zw=k~%t^0x)l5KOe@yRRk%4;PjI=+kSSf8{H=TXuB<U8hcUPb(U#uh3X=p*q)z&A3s
z363-NDn^yep&B{sEo(n5fGXSZ{QD{8C%kmbyOEo5u0O=Pmw7V@apYs3e;2?O;d3Ek
zo>0H6xy#^^%rlmS>70OJSvOpSf(yr&l0`qMdX(<8(YmwlymHa{<-Fy(<q+1|w}E=u
zekt`N;MT-9^fCIensw&8=X*BkbkwfBad8Q7Yi=LfI3lt~Zk1d&zJz`H>ov%xw;Xj#
zF!jLCw3~o^fq4(-5z<Mfr&OJ)zD~cBbT8xa<QcK)qi0zit-eTql=O7@MCXp#3ElAx
z5!e*fGp&a6z#z@nkdbw8j$oX_92H9&>4r*^H1i>06Uays{Sj+Ps7f8XD$QSTr(%~q
zBffuWp7^5OFg|Kza={VvspE%Ko2MX}BfL7DIZYsi-G<XP+!k|07Z1!SujyJjIS+gP
zj1E~C{~5bs>M<z@Pqe%8h*dJdc4>QE(|^f})_x{)UPWE|h8nT)K<O$(SKA)Ye>p_q
zD#TdZp4WdVafuka8q<jrJO6|7*Hg082im_qsSmm(Cr0+x46F~QAJ6)h#roRAsGP#f
z(P%`*AwzP##*C#NhNT|)^Y5so9^f-Hh=0s|n~Wt*Fcu;FbeqvkIy=9LF9*Kbgs7ef
z1x4^qXh{UbW#PjL1*BKmv{u<9R@q`2%qtqqwJfK&EvKAkvrqmBut|9h%6ggoeU#gF
z9Ro=Vtar0*yEu<{Fk?3QU}5^eD9p*fSEl?>f!=yJKVIv?pDNo=#(s7wj5>-}A`w_g
z&bBF}4*O$X>yF2?z3>yUQ0YXKDoOcZiQ~IXga6&10bZK9HGBPX9hGjSWjZJhR7s8e
z<v=GMp^`rO%cJZkvLa=f+(Ic&V^Pz5Ht$^hJ%LMc_C46czm!rT#6sXbRHwMz95bFU
zxg|zSo&$RT)htE2h_WS~d@=4lkB@Y{1(J{a*0i^lRFoy{kK&|z@XDgbd-4x4p*gBm
zku?i!!eV9T(8-yQ?yJ`Kx9qX6X@L|tBaOS}#<^M5*cZ&J(`-kgh-H?Bk0w6<zRylp
zpf1PPnE-3^Wx<Yd$(!n(w$tOjf>kZ_tIK5hb>>$Sj7v4$gcpB*&Vp)O$&jk?f=Z*A
z{z6Enp50gaVpgIb;n`!qq;#6hm*9(f=Wm5ijyk@guwVbmJ~10GN-wYe_;Fl3_Pe}b
zN9+kl_PYSm@V00j-lY;!|NSj(E!-NdRQ~6h$@>{Ke*hTiOkj1Gmq}wSlHvJPl<PZk
zL@)X5WxK0iAy0C?|E!s9?Bk-gg1FB^(=GVX?}s*OfCESF{>X+})Qgb)H68+46K($U
z%#iI)U9Rfkvt8p=!Ei$;$W7-<N{{enIr{oY;5t_bds`z#&kXsK1F8R=KTeI{;^PQC
zw#SV}2<_uYJ9aNErB~BE@viuqeM)_@hD$g$8JpV=l}UEIWAw$^J?M@r>Fbm9AH$bN
z1YN%ex!tt`=2W+;nE05V$Sr~P0NvM#{fUa_q`BfJ+Yp)x)ug%F3Qvyc&A9x*FAts^
zg@Yq+P!DZIVb%D%5Ear%Y_$*`eX*A*IQ&WpC*NqizL#1nhNGbqt6PRGyj&M~zRItD
zm5eiM>gTJey7JY9pKA*jSebT~Zrk3HU-I_^<z9}T9__?OZ)+bsU+JAaevgfv@pn<Z
z=V^VB<_UC})Tfp`B><(0`+QzWL9l4KsOt)@TL%-;BW&?xM_*ie)xwGjHumz74Aws5
zYJ$pqC+e@b`iAJhWT4;SXOXZXJ4_@LaP2b)Lp&(g0tEvxF#o@8!ZRc^co6?*Oq^1T
zKoeFXqmh9SkI1D##h?t#7gPKT6Z!wsczbpy{8`*~hh%NFg5{2eCPM=jFztnkG7PZ5
zQjEk%B7%UxNYD!+WycI5QKf~0lVb6Qp@aDaflNl`i6mbNMivexb0vj-f3Yn*bJTgX
zE_BJa^+vumsm11H_E^#ATW|LGM7ibrBlro&{a|@o#C-ykwVL)vkX(!2GaB1pBni?x
ztAH{eW*Uq!80Kj**P7`bcT|*~Sgh6{EV!^lRRcwCNaR$II&JoM%|PHgezlVdsYE<F
z3NZ|5a0z)Zgl|c;+anm6HeQgE%9f(u3=dMDDMb_GijSV?Ho9UZ25T|F&roF$R(XmL
zD5wx%yeq#vEPkIWSZX&SS|msqdJ7A0dfzt|{hXO73T(LqOaRW(@Mv%M^gxcx-B1%0
z>zflJZhm^aEq(3S0|)l5f`~R?xoxFD@r;rw)vE=O&lO-H=?Hm+0xni^z)rJSd4Lq#
z>#lCjRHJHW`~&f4d=zff0GI{{G|jfXj9P99h(UM6PpM-+Q=4%R^2SV5NG@hp&W#Gd
z9a9;&Ny+gdPY@Xiy9o+cE)gubXkI++nWV7IZqQDHT~^m|l7lKRR3^=yt-n+F7F9Pi
z?a8r`SvD4T*^Rs6aia?F=8jDF*7Rtqimq|*rTsDk2CviJlUZ*PLOZ32b~sAI2IYs3
zru@|#%PQYwmo=}JJv%^l9attnMziUp(6!|Re~_CHR&n?;!lop7K<LZ#*MytOVv46+
zEhbhrB6tDpfFpV+qzN^HckJ%(a-T9AZUQk{g|Yg?tkt214Tte^HT-!L(^f3p0Wbmb
zP+#0R9HZQ9qnPa!ty=)|u6BRnbd>SCy4c!FUIgEXSBk@F_tsU*)od;xzFpxSGHO&{
zesw*77u%*s7lkaTJcF0Aeoz^pg@cHLvSLyK!cEQ(0+%TZ3d@b|U-%C?3ojtIAP*Fx
zL<Wm_<#3zLG|l`EtsjBv7*_tG!@{jF=caX^KiJw&=DwZnGAslbB~un|E`Ov$3ln@x
z3wm*Fku%kO%;{t3*QIz7f1bublyw+p5F{leMd!XoT`7vI4V-9!8PQFrxyai`2!-h8
zc6!yQ8!9vc?+a-`oay0Q^1$CPp1D72lmVdhVc@!o-z_2y+gMz<5PY!L9-us~f5_Fx
zx0Hw9m;SdP&wI1&A73~=yt1Qx4SFvOoT9cmWVC$4(yGr!A|$cWVRft3?7H=0zCz}b
z0P^473OJZ!1xrIj6o6?%p_U)dy=zWhu@^-X2D;q?I!R{v;?KL8sgG4J<I(O3zm$(>
zO0$O`4#49o<FTRyuUHSEPadAm2iO}0a#+zG^aA05zlmfj!|NkVlmPdNx#caY1|pUo
zv-tF*da7#*m#kAdrx_!tO$Mg&Iitwb9+`5LX=z@&J`7Kd#Q~9~k;1v2QM*d?5$%(E
z-l4n=;@JN}>NNKpF{+|Ebr|PhJ^4&?2>dLV$dHx$bshI5@}LBhiGXy}%H0`iIr^Vi
zi~Z}QUs}q(zv`Twe|h(7y!yl|bq7R`u9{$g{d-UPC&V`T)!hr4fG7zLp7Z9_npR%?
zJv?u6bn=m<=nn^gg{Il9p;Hmr`6*}{`BQ4-3o@?>98F(bnCZv2EVyL;wQomL4d<pk
zmzrfta%N~?Y$O3d8nQ<Q#7I9U{3}Hv*p1?~b(Qava%L9ekH;x);f1n+#a4$@RPOkw
zHr}~4Qi>xlD(J#zCpz(^8V<f7(SBt*gT6jitYGUI=MC$PCwrgQ{5@ri^nY;nP0^VE
z-Ikq>la6iMcG9u!FSc#lUu<`5+a24sZ9AF1|J-?)hgoaZeLJUWRn@~;t8h;3y?LPB
z5(CS4tC)FYS0A_nylkuv3FOV*U-G0}jeF!8VfnM#CL3zJetwc&Y%BstoDg4El=pht
z3Wq<pY7q(C&vedMFJ~LZ@0x70EXr}yc2gr<^1aEUTj0Z@lC&nRYOmY*onBIQZ6ffV
za_Ny&Te3a8lUKA7b%eKXjx>E%jS6k#u=j0<?<ke{B>3A7<s6K)-ESlm&I|gl?C4C+
zlb)-*^((Sxg@VCn?7LDYllkZQ?L%PqZrfXaC!29x*vv%4U_|}2%oH*DVFp$Qt{aty
z5lpgDEQF)i13hl(1g&02GWh+2hH3Cny_kDzMDkJIH&@CPb&)#R8g!z&4@Ly-M}A~J
zUiBkE@0k_TVkC|jSeGNHYKoQucp%KodLZ>;PguELv&<V>@2Q_?4GJujX@LR1+g&Y{
zvfs{NXFm~)<Ru68nE=LF7yqU(Cz;8ExU`3g+xcWtvGh?KACLH$Lt0s~>9hK%9k&4i
z8=dT?k=KIPY*IpurR0<t-(>OA<J@B2r=r|Ct7Z&cZ%x#xW~!J4@8zwAn(oT8NL+(}
zCc#~!`(891YI(9+-YOL!)t;_^KWyDY_PKMXsG!WrSNhp7;%BdK`It2~oY}vXG2rnv
z4wS;nf>#pfY3nDQth)9Zo^`48oXq*gK7)}gt#dorx3RMvd=X1l%p64d*6*#STRYKw
zsAw*kwE6leW4w{GJKntVlpPnwDuB#dYIWA%J6u6>R8X^=7rS2mKzFFQ^C9vsR8kL)
zlaSAJ-DVt(-^|)6K&iAu7yr9I7QeOhJ$_UZB>mc!2}uTZ^^P{Wy>_scBJ_{@VRL+T
zU}-1rh`Mw`)`l2fUHBJH3goXGI4ykGW|2QARmi*Yfa0JZ^WZzp0xC-E%FPe>#h=SD
zu&`FeFS~qCcP_{o*k;2U0u*_g+fUczA$KW8l&ujAb~)zQkzJ%hx-^=E1=v?G1R7}$
zqa2*5iOOj1C&uOUI@9eUe(iR~_cpno$L&J8)9RB{+odhDS9G)rUNnaZ1DTn^4@|j-
zQn&zhDN-fwPiyecCgFb9d@b)vq#mx!p##(oLr-^10X=d_gcpN}H%@<&aT_LzC7g2`
zm)aqO=7P|L0MmTdilh?)>QGD6EWpS8M0TSAd+3od6&6_aheB%nr+wx|gr-f?uD9n%
zzMQF8#iOX?$4J>a<gs&xs*0Ow(%brhy~zM;{a|{<(gDlLT%%q75hf>z+Fy3dlf2Rh
z#Gija7_?UI$9cmYNF4G_WoPXDvr~4bb-*Z4V^+*Dwc)!@^%vBZwCX}H6K2)7$OyI*
z!^k#Nd{*cnZ@eo8K!RAHiHY398CvgW0?j{uaHM$OIk?<kN?wyGSTSG6z0in<+Wr{Q
z+jadh1KvmlK#jif@guO^j*R$YrCins!rnlqKM(5c|Ecx2`Cb47hfTk+yZNoBfdLcM
z(Rg{wDS<m=AMDYqmAS<M9jLw)P~@PsE&0jkr~?28=HiGS)~*`LngJ7oL}QLB3?BT(
z$5`ZX9;z!Tb>L}vervDs6gyP!;-REk8OdeTZcrE8D&HSF20^aldm{YfD4sn?>!}Lo
zH)e7ZWwCMf^|WNvmQZZ!`&j#>ODl5(kuG3B7%!)9``7-}(6k?l`Z&P=PfrW?HgZC8
zT4l@R3(LF2De(jYC*W8UqoNrDaxL?En%Se9Im5<cD-~vbE4EJOq-|Yr$fIhrH4q!y
z4X-<y?7h?$k|xT?dh9$_v*IG*R}2q|nLIRJrL~V4{~WS?@_Ml@w9R@dp*^A6m14l2
z?-!MtobJdhKbciL#;6~oOh}zJ>z%P6R(W>(k~B&4lo#uQjJuhZb~BU|Fz@DcR)dbs
zjE6*$Yb?<bv$`EY1nmjDk5AR?F4DpQ_;XD$j;uZQF}nZfZit*X&$9WBvb)7Q#j0=K
z3DEn1V!`z>FfZAyW$ILA4sY3ox7t>tkjsEma}Q%BTE+P00AUCQt~TwlYx?6sH?`?6
z(Q6bF;7f*0=wRV5TJ&Xg6SRZ+nNhp4=oRyN;iT~<oEx->V`9aFQy7#sU7B#Nu1Hv<
zK)AK*`23(@^&@<a%6VWGU*7r~aea57S8@oZa$=Pll(O6VUWTWOKU-{*%3xY|gBl#+
z{9M3C&ej3Pny5q2_Qy9^4+z?Cq#qGgg+DIx?{GSZsDG&3=1Tj0M{X^%@LfIjEOpR2
z4e8_@>n#4=X+T9`+7HC=*$CZRF9tYiJ;F-(Gp=)PN;lACK_b7hGHlB>gOGX=UXhek
zkmsK?)7Aa$t+Gy3C<t^HdD{qN>A6@t-IWNaGw8pVz-ICmo+x)^5gxDWOCgqZUmBB*
z1v{oM)5Y^vbRYMk!h5}Z-4zRyO%F9U7HAtB2GvEn7x#ZyY{-@*BO#VFOI=sEe>ilP
zpI5qkIroeUYL~NKFUr142wk%fhBvLsnl_m~)F;#v5b)sKVR^{#XY#=eMw>~e^&=@(
zepQ*e@XXWqhgj;NYVwme7b?c9l<|MvT2r!QdI&ioYG9xVU!&*)W<GR-PDxz#6g)Ga
z^b?#+wkK~b_~k(gCG_-hkm5r{yt4VST-vRCE^j7IU~BkK@k)$R%{<p>{}CSL`Rd90
z+LkiuZ8MdPtZvF%t=ZrJ0Cv9LME^v9Jmm167B*3!oJ~cEm+Vs?@T@e@d*+nZ`m<rf
z6abaq<jN2<RL}vs`+gKZ;HGQ-0VZdd>ma$=ZYbd+N~30R(t4equr}LxS#kHDm|Ks8
z_i*XRfu;`$z}C{|lEJ1te^ienvUZT`u#M2ux+{sj<j4sfiz&xx8I2*il?!1CJ;W`J
z-@{Q_7Jc{+{pFX0%uCT86+Y0y`ER*|mxgBT)U88s3|U^qjr$s|k1zd%Vw3ZD?)f9A
zGYVKc=0<RbLXNeKkM^W~Dn2{Ln#5sPy3nw8%uEE5&vFkV+eO=Tm>NEr?+ehUr<E!e
zq5!`wlt;_J9H9fOApv8W%qFR=8X2%;xUCTqDpgE=9;zYw)8SG}&)dS}81&)(gal&H
z<M#6my+BaWKo(Ar5+vCtqfQsBd}2C40go6B#zTfNPrF0!TLQD^UbC9f(LBd?VIju_
zxk`vN#caLoYlKQkf>m?oX3udkdh)56`dM;ByQYtpTWEGIe)K)%*M^;vn_}fw8MO{!
z;3h~hxw<=PwV}j;kEUXfkA**0zOe8Xr$8Mg#f}{GVL8Kf#W)hBp5ib1*sUl-AI1C(
zW}j}sLMQE+(yz6JfEH;5aUoPAg>0)$$eOy1LJW;l2HNRLn|8Pt<_>ixtoH+ig3WWq
z)pHGIUTDI86nzCsMC4n9qj3S;1z&-qqF~-4QwzU#I#9S2i*qdIm20;Mr178DbccmU
z{+S$ob%as2=aLgdQu+LPCJIp#pkm?Uak~b84aVtYG@SkdiBV|5nfzOYE{H^+4E8bC
zpoIdVgeM3C5bYEkAs$_KI4~sii;ZhvdVq>be>i&6&5tjUDL>``KPiNXN+7So(S2A!
z<=C%Jt12)V7|x%u8hEPJXZaLETT!rlS(C@v^s0MAzb=ZDt>>k07nwil+G2^58~C+Y
z@=TqGksr(y;mxO-4_h<SUl5eMfG+WnndI^vWNvRiX3^;8xTi+RuJ;*!Wz1AW$|^ni
z0Dt4{b1P;o1S<%B$9oGzM7x~I!Z{gJn<<*^_a8fm$vqIyT~wf1Hl1Io(|rPRpkS^$
zy}s)|X~iAW(EXG|L;I9TieMYEI5KqT-S;rOo>zD)RTT!@XqyHx=&yp45tE{QQ{Vc3
z4?L=RK3L8LfJS-(XKP>_RJYh6ph;F66jiIZvKh8pYkiUV`pkI6PLfex(j-Hne;BWz
z@6Q>IGLn|&Z`u#l`dQz8@AAf6$*ULQg15H35$!)?;49P)+mS(Cu%9Vn{RvhDc`h7-
z(MP`jN6IM$^=Q(H0O@8mEgDwM+xBX>rv5^~u8cPzm4(sTvFEhqfACzp^Y1;=<T)@f
zsd&Db7&gUQi}R4-i?R@xBf0BC-=~W27}EnA+r+Wqb&WE-Hx+j>m-6!JS(XpwIdFVm
zK5q3nXZtuT-$ku$@`P}mVlk#`^{x=Ad~$+%oc$EYcE&lo3?Y)cU3AROx7sNS;@VW)
zGt+S#7m1yL-_z2!=lyUgxRZ1w$Uk}I4_N$H@DF1!JKScLmx#aQm_L>2u?Fn`KS*9<
z2yJCE9V#zRY%PY!5Cb>~OPeu0yODjFz7jW|DiMFIj>fjE73|0A^tV6cYfBF>KzZUX
zK0ENbXYlM)53t;uk+lP$FH!Dxb-N*CL_4WMK$P$iN4|gX1t3Gh!I;<@J2^X=7})&B
zv@^7XgJI_6AY>%`kIBo+AZB6hY~siuW^LeXB4T1>XKcbCV`6LOY);6+%*4+R2lIc1
zyJwjsj9T_HB8Faj!r;vd-z0F>{l#1h_D9euT~|KsjUOuelM+&i`|*@)Rv)KA7$tu{
zeWch})|@<>BW_on%I3ahS%CZNb5?T4i_^S60bCvMhO(>f8f~IzUp?F_te)O%CfZx@
ztdHA?^LnB9=;f|ITcNzu$aS-NTnw*GQ1uxC4?Jd~k*@v&7m$PVKIi<G#5q%)dZmfr
zxc9jH1(WUul`GHCxJJJ=8f-ZYw3ZmY;$V=zG9f_G?J24A=~A^D%8|RfFMa5cLzm&y
zGh~>#SKo}oA%@rwJM1jWSTmxL2w6f>rjab)SyM)2w*g#9u31$m2`Ss!ig+we04YLQ
zQ)Bph>ke;BM9Q-Kw}M%qQq6qkRKoidm<eFpIOFS_^=o|QV785s!JCA$)IwzK?;+Oe
zmYnYV7bq%NL(l&s7@YrK!QkRz;o|)7$S@HyGc$9ra{k}Zx$uG3P&r<_@wo0{VT7F+
zqGhCY!-R-~{l(}Hgtrd>!O%vW@fQQfLW@=enzKeo87c%x3q7T=GF36ztbIS{O9okF
zBs7sHSAJS&_}Z{aXOaVCyBo_ag0DN>t_aCpJ#xPEdP=@o!nnr0wm!4&bDrUU{Q&!c
z9A{6sqz0MkmbG04>V7%>qfX1R!fe6&dB4OD%zgvpZ%!6+WtG<>MvoVEnmqq7Jh(Ep
zDTivVz%1y^lbAm3vaCghR@GWOKS7!k){paV){arFg%dABsvlgT4UI0^n_DKi2`UH*
znxXq_Zq_G9noFJxY6dPBLF4TydY_pKZ8$&5-9S$=Q(J1z12uLWeEHaC81$MfH2d?C
zSGt`9{OLNJEWAz<FZYme{UDZ7UGw`svZ`RmIgGdp?$55G$LCl#f5@=^_V`ehuF=eH
zB-+>Xr{J!Woi1m?yX@g};KtC0t*&wYUcAKV;KiT+vE+mCeqXU(qx*K*ky#A-aYOQh
zX1&Q&=lR6-@2#(E#*&*(L*qH3AH<+01&EBrZ=15W{rez<^DA9zs1Ky9y5GAecGq+z
zA0;l?%YM4v?ORV}`?Tn6e}7}v>P>Vb3HbYb9S>r_uka^}V?$bFEpnO(^Snj;1QomK
zW5zWGnWEv?l}lXz4PIC7LrsuE0OfQCPD?@p4A@nvj8ty;<%XQ5h}1eevci(-jxU1x
zRPjmTJBQy8`;i2B7sq=tU*6_i^0z$j2H3f9+&|(2Zg~Z|GVu7fNoD#nNOoU+V#CWq
zvkPxY+}L(`ko#$R23+x_<>wQLdE6_!Mz2dR%#+&;S9i{>@cc{tTgS|RPLxK(<#I1;
z+qJd1VTV4_J(znpKR*U6^movBtPpBGV#s%me>#Nl_qtX1e_THbeZHCRo~}?z5h57H
z|K0XKGH(PRDg#Hy?5qUB$db~&VR3N>93gHfXSbJ^e&ZGj!!7i&ra{BafL+$2s{O`r
z?k8Un!2Z&)UW*JXmj<}#S5)j`7olN&IzGt%D45p!=yMqE7ULQ6wc~xXtI6^nND0iy
zN|D}vv2ild+kf4z3+CMt0L3l+9nGsob&h76R3=*7+%xNkW5{3~h9~8b+GiKC{)fO;
z{8X+L_6pz1?^~d0%@6#;DCJvxcbk}a@Kstk3WKiGvG-#srEM~r#cV-7m)%85r?$9V
zs<M(2K_=&bAyWgObU{N+dvkPr2*ZU^-@wd=b>)nao05@mAtU9yVzUGmwQ9^dFnsC)
zkhKN^2J3zWXz#`0ve7ls6b)psOJ2jbM|T$Hy4V)0|7@5)WWVLNv&xy1Qi4X-I4cSc
zO#wk12aq-0Jd!t%E*X7Hgk+m>zXBrecgFd;_()ASnp-!9P^RkM)GkQK78_f&<sxo(
ztgzK~tvq=M5`b`}Ze0Bt7RaoP3b?pFHNTP-jx0sjR)~wlBCD!WwGI>?{?06?a78^}
zK|VyV2|^=7{Qk}XQ(L>x#*#pcs|VK(M<VlJy^$i_Wr@%rHO!8X?skS*yEI-ku~xtV
zoL0kC{f-J<qhEW_UdgBLj=i?B{-=GBgrUQLmpRY;XMU;GD#cO}r2Z#FBlp5d>Cdne
zY{EAfVpw3e>)a2}ItO!p79Cr<!Q_P23OH~##LG~&lqj~K0^yEfbr9DmiIiGY-QdFN
zc*DM^9d!xA4zP}wfQ`KF%^)$2Ir0<XD~0!DI^^{jI0*m81y^?I(MPy@#SmqpW|zB#
zO~G`9<J+d}e@H!xb@sw5LYFtPH-+Olc5L#(NxT7WS=n*;<v3+#lA2_hK-93wz3TVB
zqfd+6YB!B5%Pm2vPy3F;i|v$yg!Vgg@0OdKIPhv6^%?C0JV)$Y*d-yx$Kf4o9%W{u
zWA+zK*D(V<71NZb-v>h1fBb4oHWZmmN^Qt=?#5i(C)bj_x2ucp)ZE6k`rQw$)FG(m
zVlY1$F}$Yj$}XLkb+ZsTVt$^#dg`T0OQD(%cXtEY2c8hC`8$m(TU&iS$+Ld;J}yWY
zHcb4{d;*!GY=+cAOP<r`zZA1t3#_WDuHCLHL)~A^8*{t&aUQ^oO(Mk9VbI@H(6#k3
zlD3(ly4E$c1dL5{W|=8e+hHoBKsKM==QxDgsB9lp=c2>}PC;2%!4v44PTa4kSTMwL
zU)aNk9nxr>ZMfL@__)}1SJzb4_}Dj^MPzccze7B{byu&k>+*krJ<4A?O1X4skr`=G
zq?3Au!w=7|R9ID}(mJ6ls4w1TU+xYlp1LM;=@i$o!}(PKxSTLQ-62lW&slPYnogN`
zxL&z4EFqZwr5BB``088#w9&bfb054UL+2!u<8DaG!>yl{>C6^l!jdRM<7a>#Qvz@Y
z4)c#Kmj6IW*AhNXSU{(GXzcO+%2)p_&^()wClT#JUv(O>0Ccf)D%i$-l=Y+N9v*hh
z9kn_7)Ls2@JcE-Io@^Z!NR_NJi9DxcqpM6*Bpn)6lBCh6hLvy?yppg9#A=v6Inr~J
z786ujZ2ZLqTGcrlTo$9BS@x4pFila<tw+WjKLo5m<R@~SBA>o)@;r|fL;qOa?>(#c
zwIm6g9=bzjC>LE{yOp7np-Zm*OIcHn&0PnsE-KA+W%23cc{E$5F4f4AHqA%@Iuz}i
zhT?xe34$ryVrXxgyeV9o2U@@nlV;9vYw&UTR?!Qo5L0C`Ig=5^vDq(+>QYkQV<9{d
zAl{-ow0J0XDGlMT{26*J4(I1K@-@mP%CacAms#7BrO$^eF)f0ohJ%h1U=nm)_5YA_
zO*QIH9Xw8^CJo7wFDFNvgdU-n$%X&Ir<X^{+K*E1QRAaiias@JxaanaW>nzYA?G>%
z6>e-c|B+H4_QTiAY1|-`k<DhY3KUCY*)a(c(S%O8NktNtm+m)T?<_n^ouk*WBGMo6
z>O<oY?JG=D!gE6s?w@!;G8$&U6U+q%gKWz4K6$jJ7&%tKD4cBkgn`f$901Sz8lbGM
z7ajgL(Ao`L0@z{b&uH0I=)zEy;(TRUUQ_rsR;w%f$aH1-%a0eAm+#ES#+LUh&0p)U
zB)|e{-rj)sW9Nj@bjDz!lV0+&4H*fgQq262DYC?<g9>$Bflu`8)V$>UkHOfSHh)!t
zY9t;GVx~+YD`%h>7KqlusLu(Ve>OLx#`<P`xFs(xUzJkDZwebtLC75sZ~Tn29MUqD
zexq{cQ<1GD{)P^TZn*_~$@5jgbckg!l)Op@LnI0-I2<amSek2lBUN#n*rlUC1<*n9
z<An@WER~v(E!?SXDq>a2Wx+SlbAuLSviw~YhQ^wyv7mc2#Z7FT?rn|27XD5+WO&t-
zPFYmR@aA}x8Dh(UHF&KmYY&>-6Ip`h&UOPV5*T!`s6mTLS!Mtp@+^BlJj)G}_$f}c
z%F2ABPQ<05ne6jJ$hD*1S@F$G?R`Rq<>(eCSU4H`J(fbKDjz*{30OvlAzvLFii-C)
z!+rW~BI}x!RwlV*?@Jh<>dvj4AWJz*Nz*ko3&t@Xcn*-a+9B@rgYcD^I4c&)F9u3a
zBv?Q+*y*1VjL3_y2qy}XoOrN2ai1MYUl`JEQ233nh&uyuRwNV!NuL(d?qv9ln20+a
zaVIuXC`sRKc&z~O1~$@@Sa5fEEer8QIMg~xUtl<+0CA&Oa7y?LE)q6zA23{j0I66!
zcrIK45vdc2h=KS(3`|xeJOYZ^K_!Jh_0){{Q>FOW*i)_8%-9o9Ofdc+obF3F|7_wZ
zRooMQ%ERoVRctrvtWi8{@)jwhmvYLK-c34>Vf>aQ6K4E|lK!PpEN;wAI4{iXBT@`$
z+^$#bWzsHQ++or#UF^f$C0g9Y+@)E(9v6u=|BBz%s9LOL+^$(HZOkoR49A>JJ#U#l
zq-<Gwwo^_BH~a6}#EIj;w1+)V72ZP3AM6fwOA%f}G}LSOFXh7RxiY=WKJXciyob1V
z9!`NYO*FJu%8$DkR`6!8LJ)J-ujs>Bjv)TH`(KTa0BvEWX8NI}!IgGQEexY`Lu;L1
zOq>-sTcW&CBY_|m*oI_#h67=oEhlQ(Ua=Awq4bQx7`i?7cYSTJ|HUy_P!pSj%f~V1
zqH4i~K<@>0`ky5o@D-=Cy^l6nfHJ>S$)`d<J5KZzi~+SxAg7Wd5G9Lq%oy*SOvcE<
z$%#?%<CcY5SRETrAQHk4#A?J-V%oscP`CITQCt&z#LN{p`L&Btfo}xT<!yZ@T|ePH
z9J~C^T>z=N8<A!c#Heb8%~XY&T^D(omro#@$Ey_SxEi76TKbOm+G+<ol|%Mrdxpp|
z`M^NA(2;8^LVSR6VVjEKmC+N^b5PD||AmRI=+^Lsp=%I+)`U+jEK*DG1JM8h(HBg-
z5q>XwtPt)!;*$^NE9lCzU^vca_^KCY@1;OwA3wDU850Ln=Ir24ClV*n(l|SV>i!OC
zeRi4;?jsmYKe`6(qw#ba_zE!JxKr+ngHHj|>R!(^TedT<@}513yy=><a>FGd;yoh`
z0m>H5fFd`AH>h|MTT}KtQSf3&uFD=YE}h{=nC*dy#B&bj@f$<LG`Nv6->$x8D)02U
zY8<YSH%7hw2_9S$nNrKY%mJ54%&_UA6Naq2xc~4^Li|zbldONJTqbA-xc-=+_ZcT?
zDQ@|<;*UQYy+R-Kh*X=X>Bm;g{K4a#Q#!EWoI^gKA^hu1*i1w(k`=@W%QOOJT(QVV
z?wsTwYq;wOo^o0}j)elKsve8<{OKa0CuE#9szDI+=zHMohLZe5Z%rUvb-`m@_gY~M
zRR33<cE@+*7OYl6N6iVsQ|(JCx1>c;Ao3B>oiiSSd<-X|b(wFLVKYi9sTPtGFBg$Z
z<(HgIrRr4KC4)Ie)2)1<QE?B*&;4^_Jru5WQUQoI`6($8%PiVz!n3cBJWItbHa$QT
zYr+atbCsjbhmW=!UL4AIaz4Su;~tKgiV!_sndPd}xE{jCcNT+*NebnK7MBvc5)&^Z
zBqv%!atW_PB$PEK-^5BU`bWJjWl6)VzN=1H^5!-&&C~*YU=!jeAvc#DuM8s~$shl!
zdC>T2aR<Ey7&s2;$EL$?ChEhZr&R&tW&L+SjQwVfel~)AvbU}Nrs_jx9o%hnepaN$
z$C8qD5l^C`LNal@OPf0dQlccFmWi7wk}4L6Mi3o@uhhbl3As?JS|~y@{$tmTbks(~
zwN0a``4!W;=`4C<ELE=eF>;!e`r7d;)^Ce20*&rq*{&jZl;TXDF~2bCUVx_%xi*0F
zmMChFfq#eYMxZtp>iJq3`u&Y-*X!A#&!?p!@Ws$J@B7JDZDrNZPN3k_-ua_3=#Xdc
z7w1dca7m%ZhX4*KfGK^$3j>LqU*f7e3JLew_~_;G8F61HIsZG=ExtsOYIN{jh!8w1
zj0=Q-9-g3t_WFh~iZ+!xmz-t9xoz^HUrV)5vEH9`zl~XiEWvccmW9!nXO)V_4ASvz
zLkqP#af8}zBPuJ!j&H64nY!Y^SOD>knu}h&I|4VB$Rh|>pt3k8noC>dpyUEkdeZ)Y
zqpV&_bl#6U;e(;452glpAM7@bCfhO=w_(lX3mKq%)J)pe^iJUs@)gQuUczO5jo_d~
z&>0)@?Bw{-Kg<*uqYioaG~7^6>37%4H~PIX4CYqF^%28cck;fnf7|oUgrsL*{1W@C
zG#JDg$f=@xMZi4(ZHK1>9ma0d?mKLK-}7SBcTG0b6%5~2(I|uOss2x9tH>N9rpqf<
zYGr;Hy5*rPn7?uV*i3V`p@DjL9$$>JB^PBX-(p~1bkO&fbxN$`I(HuPs7bl6la>&n
zWIZ;<&rM)8maptf4(M0@?SZg%JX9sJ5?HYYRL&Cg_M%x`JC|Hvl@7)W=h&xRN2K_t
zXIJuAKkg~1!$5UOmfkhMHG4+c1dy&gGOXw|Tg1?03sG|kNPYwmZF_!6gZg#v@Fu3C
z<z}0VAniGU3%B#|_uELwMjg-p`omnF_S>VAeg?0V;V(9jyi2TNzQV}xk+x)RA3RUJ
zA+NC-*KmZ0Teu5^WzZO^e)HmaR~@1W-nnv$5sTakunL|5ckyZ8bHv}zAn2EL60SSJ
z#3?D2MM6$BW!X5K-WJSx{mOPsz}@rxVRfu0P*cszkR#x%%k6j92?G&vRr}oeOqCxb
zm5*}Y)&n*L*$wr<6o)ecZ4Ai_iWTtigFpg~6Ew!3O&=cfXNEubUkJjP9V_yLHvF^9
z3Nl#1Efu=g;5We(yQIiqPs#b(KPLWhT~(#YY1!^MnPj%dgh3P9EPjIHgp!4eT`zL5
ziT*0vOC2Suh)RWspGzw8QWYv9A?r$jJYDJx60Xg~zC(ST=Qk+5<*L#f>Ck|S2>?||
zv(8wR4J-^&)h}Z_q1LWBD_|@ru9J1n_!NJ4Br~z}j4b4NamLk^G`6lO{MuJd(gD)4
z&Ke{!j#`HEw~<eG-O-f<&nS^<{&n}3{%_&zl^G4$o<wbi5bX1!g-~!CrG$=lUGC7L
zxlr(gEuCni8dzZtpDI0Zyu1?#|1t}FeM&_V&DuXj<w3yT;ocGM__x#HdW2ulx43(n
z0|JCOg1pf$(0g`B0wNzjZhZ!x5#@<;M7&{dWd}GA^@P3A958P=_k0Jmke-R3h^|C7
z0$TALK=!-`)CSN8Oa~wau)-h1=aHn5U=h2*J;K|<u?H|kl3R%%JWd*BO7fiY8uD23
z=JR5O2}1dyx(K+@-ega*XV&vtg!=RL^VEeH!eT;nVY(1K=~+?VBu|F(Nb&+^@@7c#
zK=VHHy7Kt)HuH4yx@YL}wq_>tZ1QqumS$3Bj%E^OvJ`~PElask3EHg(J_N#+{QjLq
zYe5L~e==aj5R(Yd){}GF=LyF7@ltLt7h5Q!PsFhq##X$3?5#M47Zflq%{om;GR9mH
zZ0|7(-0)$glc@>5BCM<Tn-&QUV_qk`cJ{Dg^FDJ}F(B0Rjo*;GCW8Ku??-wG$o~f6
z1?l44o3B-*Z`lK#ovbCWV6i;vXHA2R(g$Cv3<13fpR<B)6eRKmQTZeKj(SORgY*&S
z9dg<I8WF@}pJJttXx2_pyzh=S6Wh^+(v5&1$Y<SiaIKURcPd$or`E^qj!Jrgqx5z5
zCe!-wUu|-0Gk4=0KqI<gI!yS6lQsmT72#1{n1r{~7s4>z_N;97+mJl^EA;~_qT_aR
zHhMz08M1vB!X42U^d*JB7SH3#&g+`Me|<-HV{oz-!-qSU&J1UznQ8lr&mH;lk#^0L
z#Pg8wZC|i8+FhUE!hcc(VLPxya#r9|ohLVV^UjQTsQ=y`_3{bo&5Z$IjrVrg(fSrz
z<3_eB66Mf<e3a<^f{gy1NYlpaY(Q&05Z(cO+y>#c^>duDeTn2+1ovGJ<^@U{glG1A
zySMNK<gCH~wvwD)CYhmEZqNU`_OnI7i-K1aruLHCJ<GV?1J@7a>JG>M^>66`=%3?+
zm7A=cRpXvQlc#+N{&0l^kl~?Y&^>YoOgs5LBhK%ZUEe)Y+7BeTUZ~py<A)6}chFn1
z#&zWz+O=!eX8XSkBOC%j57ABfu{z~NSxWDdP5O=3ZKNEV;S`4;yn2~Tq4>iMU$h(W
z0wUcw((kumo1ov2MmvN<N(j}Dd!6^aVa{Ad^>BN;9%KTu9$}@v57Dy*9$UK-HSt|W
zcYZq-UuZeUp*P>$|1yPNs(%N(AG^<VOf$y*5dRaYjvcfofgK^J+e6~LbtCM;?@7_?
zX7CF5lyEVBKqxN}D_12~9U57S$GM?@2me6U4Z_&<afc;&M|;83`rAE{V<@n{#@S@4
z@o3{7I38v-?9(m>V#~HXI=KsPf8XY<ik^~qTWuLkb5m{E|9(e3VfCk-t~jnkhfN;M
zP{621Wix71&0uRirtK7d!uVl@FUYu~9IKuP1LhCrnP}{yRu&%-hNH4`$m?KR`-iuV
zEt9$u3`+3N+*QK}H_kg)%~D+YyS<9LWs1-!8B@b&FC<|9kU`=!r?&COqjU&(VPR`v
zx<+pbs#*K|embU`q(xZ`WpW+4K2c5+;8M*EnyF0&H9f*oOD>de-lDX82bLL`%_cz0
z@{F500S+rbn|~hLs5{!*MR2m&PgTs<tii)ksvfzEzo(;{iKu|`v3TJFRc|wRBJ!@C
zSKU_4wchiwA0gKJ@8$bA^HmgspFa**s4qmqdzU3up&++4dQcs<db?D~;r#wQ3f^fa
zO}6S_MZ(-1^WJ5OhK}dY8k45a{D9m^7V?y1Jkx}@v5bl0Ai>(fifn49_MjlC+~q42
z8U5$<3Ewcc+x!qoGq6OgkFTG5H*emi0?3K0R~)b2LwLf%!l<x1WN5ztWHjSw1!`I-
z)~*$>HZ1Wk64XX5$Qa|~7--x;h-nF5&xE>8M`K$}Wps}h!MTeY)MFo)VDI;Ip(^1K
ziCi7`{e)ANxt}H(eL}M86w42(;-+jz=P>EU#TXiIx&E!mY5U5AkW#zU4)v3Oj6~(J
zl&2`Jx1_AEi@+pa_8I|E86wCaDpMcw%+(r<$MzsWKC87oN3=CZ<Q7!)ltU;j)h%Vw
z)^ufZfg%N}-wFNhVn4)1gl2J8y$k|kuVz%Trj3(ZBdyu30s(kNa84XrDu6(?D`ywr
zsPR2ovLO@8{N<KPJW5HEnc<}HG<~@yo7?e~?Da;j!*#z$gSx8eRvf#{SMygnmD`rH
zUmlaynR9bj^PEjI&9A5G*8CDKVV2!@9M>;>^7~V~4l9hLHLjz+R1CFYmF<<S?xMgi
zgi<T<X$R8>J_IWfqd=xDZnj>1U29z<(@9rMTs{i)KQKXs0TxEOW}I;2g=_n(FTS(3
zlBx}7Un=y;rHjB64R}UVr*>EAglE*pOR8VK0^NU<nnjU|hA<d^eFWZule)vm*m~4p
zKACznp!krp3UQ}JPGWTv<CtC9%jhX}eC*PgZM2owIl*k#oeaW}kmy|!o)OTmlu+Zm
z9z-6twE(j`zCz;VpWIVjfSsvn5`d8nltMuL&Qxiv)6DQ|?LH-@SlEDPv~Rg!W{RmB
zBT%fOslgP9&D5)>bW(mfe|mlsGUyb3X_le*_!#fkk(Gw5AHNm1K4T`{!H<4U?T>)Q
z#-CM2Rw;YV=_Bh!?<%}_M;N-u#<@J5=HNBAWG2H|>n2L<(k<8QZIRR~5&TOoO!S<-
z5dreK3Mp)NeGwbPsRpz8FU~d3VCfnfIhnTdC$-*9BG6Ea8}S^lB^X6#^xip`h~l0<
z4<#{t4Koz@$T;tA$a;SmcrjX-$C8d9PL{8vtpxRAR;(KGV>Z^-sxk~$LwmzB6or82
zfO#Ga(T$r7E{NdIYfv1-PN<{*hCec0b<tZ=G3I;-NuAIrZD=dEI_-Q}C@sF8lQKx>
zY~xg1NGl;Hf8%X`p=Iw+bYR3h4iM7Y?bVOi9DQ365wGk2ZHkUjQZ~JEK~}k{opSI{
zXTcZvoRpohepLX0;mu!~gz}5tT{{QK{t#^00=viaUW9|6sNLpBdhxCp%Asukg#5sV
z?&%nt&2nDixjlYehB~^kgQR}B$e5`ug0-CapvvbluKxT5_z&ZI&R00_ogBrd#n1fE
z6~E446j$SY!FU9~PBt-*R`EW@LFF6e9e<7*9ZkU;B&io5uSI#ItMri;6VuJO$RJM4
z(&{4;<Dj!cH@bB6rLLci8pzI3MV2FaNE(d09^|@*6)zTLce>g~DB1dOAI`YDYI2(x
z%bi!<RCG3Q+yv{mno}k4sK4JC^RBkIqq91$s*v8D$<--1Ug=;oLj7H1elrK$oxGou
z*FNXOk;MdASfO=a!|N;<?j3A^7q6!$36h@L*QnN;XwXPlJ@AD+=44!#yLhtx0`@Az
z`H+(rL&2ktl$@$?=6Yh}w5Rc%C^Ek$RSaBUoaE(q*8WWxdx<=dNl%VV{fADoaV2Y+
z;TbSR*se53oS#MstT?LP*6uWzf6Hd0@olyd`(DI*Y8QP}9S7}JrSW>2sMh_?ezJp0
zjG!BbsnOEwvG&!U%g8i!<zwDX<Gs@yPpAxh%Ak_Yh#Fk<La#c}W6TRqJN;bsM~|QB
zNLK*s;e#=LC>VwlV+Nf+7SB(SlHr%!t%nqsj}(kHuxyq~9W>pfb3OHRPOz024w(8!
z^tM^NUZZ@fnN45kf8g|L{S`!Pc5lp!{h;9?9bnQUT5k_7feHIL<)Wr`r81S^Uo^mJ
z70EU|W~ouZG&_QQEz1f(MmALTil9%V%TKht`HhB#cKk48cnXDX*cIp<-e+c!2Ea0c
zfs3N@tg5xQF&Q}7iAwXfX{G$5p+N|hLz_{~!Xh2X!h1&+;+BGAG$Ve^%4<R!N{YkY
zgBv{I_Dg+(!%oZ%yj#-QWIB`Es?JDDOJ3e(c<4ug?8q42YtWZj&A~Dn*s{vTSd(0?
zx9a94!l0^)Ev=PxXW7VkWv9jZNWkggpar`R5!aA&^^H1(8UsyVsa8O<oydB}4uEN7
zKT}qWIJodpqxeRjJ;Q^gLXrg~D4o=>eL9PA(b^tUqn|IoKP7Z|S;sJA)_ftuBWiFG
zac{}iX)K-tXeud%TkI8fvstvEPf-d|-5ZuZz~bJ9z@Qy<I>e1`<wz<w@Qx%~AVSRJ
zQ&CphUTdpbWTdp7v}PsRW2bhG)=fZg?s<4Lq;o-Hr?OZwMR1YbL7}3CT}e-qtN%Kl
z&Lhy-E3^;uJOo|tbyHS}niBO|JPZ`;FAywPOx<yD*JRifc?)i2oj`XcU^){IVnUQ|
z>^cf|UXl$8=H9xbA1~@q`hZJL-j`cQOFf;B?0+G;D(1|cr0!jpl%rv~iqL#GFpkNl
zsT}Ic*YgoY(}o_eb9kcNHcMQD7CJrk-%@C^7v1^0dxcR`qk9<Zmb~ch)m(EmmaW1*
ziZ!j;JV`0ZW)<1w*Ji6G>zZG!;pJaZHp>4!8i3GI8519%88xsGyqlM21hHHg7%5~K
zAop;UeX=R?a4lAs(XyhXL%!tPa^iSu%^2dxacfNs8Zjiof2&Q*pGCUHiDT6Pi4a4d
zEZZf$U=Y3ei@w1@ODSR9+X-kLCO`RwLN4&ev9}cNbjT^siy~P)Mv`fk1wKPbPgY7%
zzbnqxEZ$jec2r@f`#2XZ{XF$pkMSnO-o#;B(JqxekE`w5byb&v)rXP0_1FuymvMc`
zYUl1Q=s}m>ah75cyCLqj60Cl3tt#kEE*tD&7?Ul1fDcCwAn9gj#M7Z=s=clU2Iv5R
zCZp^_bK~a81(ihtQ_RHAFnzEkz>>cm_LqGu26k$pc8<ShkkPkof@>hp060Fi<XVua
zCT$lESp|&O&xb?2+aqGCH*Lq=yagQhi!KKa4k^p{TKR1X%r!%JzJY(6$}t*-Z+#Z1
z9CGMWrsS?I;bMaeL{pGM(V@wHOIFHX+P|4{luJoV5x}vNCTm~_G@H-%i3dgf5=o?6
zD6?E(v!3L0uq+_2;qa$Qyb5)k4etUCK$ouR6}8+N>=bMPCes7T`lV8>BynUeZSu$&
z<J0LH8w8Jz%{$OpBkaq=`B|a*)<j_sN&I2F?Ht8?4HW{r=Qy5z2r6q~hIa)PfygUk
zZxI+Fz}I7Oy)|FfoUTN1uWlI2dg~u8NU57g75Ex>Y07%ZW-KM7b2!?lwe!gtITRn8
znJ!O_wwBHVbWUHXP>Pq#%J-3ZbK;}Z>BDk7Pxl?!vtg6Gfa>%)Ol&k(Q!eA;t`lhk
z>$j4iK58hWXKhyHEQ!${!1O^9H*LWD8rnqNDX$BQqqyxY<Xjbcl{VYdY-AW0gD2+?
zoPj&<GyhI&(zYb1BvNunjZnr|h{SN0KBLuD%~*&AxHeN^5ZQ9@p}DP<mB@{(;H`(=
z+2t~Zxl{SeXmVzfO`O|7s>Aj+bKliBgZYkbTRAS3;Y=3t3*<wj*!vjkKkQLWoP6M#
znl6*+j)dZSZ~Klq9}nQLQPRh1hZ;sG%w0%M3py+|LXlK9Ll1%RI*#6clbGAPXQFO~
zw-c(eBs`Wh_CLu88YmcX1_haAQ09NI%<2%Y7$&R~b{GQL3t}c3ZRYPhc`?=&+<|=*
z3Mf6%MGjF?=yo~*LpxNvdrq<j0hY8Ka~uI8Q<Xr+5@zU{Z_CZP9F*_2x8(Tj_3DaO
zyQe9>?os0H?|W8@E4n<{wMKn71!=k&$A%>UQPNM*-YPUrmA}OnYr(~m5_33?&@-8l
z8dojl7t|-jQIA8nwHJVR69)t>9mVD=!Dhn14lSBLTACQ|S<@5uq_TfH7^be>zBp^{
zrF!0T%yQa%%(_|bvpwDnFZVhUOWI)1)vdl=Ev7w|x4%1|Ka{TCr>2X!I6lnh<HZGp
z2+W=_q!-hAofCvVihmUW@nHKU0H)a0s9G`>(5s_~w%MfVjd0>(d;D2T3}~dku-aS$
zPvpsGoJb%#%=&`04JA?zSm6yQpp`;r9vOqDjPh$sR+j0rdv}PCdDRB&pnO))<HPSM
zkcMGusF9{7cp9zSxmuVVCSH8C&NzdF$|Z66u4<kKex)mMx~aY8ERStjw6@sh@8&?l
zo~8Q4-~XNsPfDDZX~C)ms=lq89ZBI+byDzg$w`*jp6OVuU3)%f>0}J>sTpRPdVf<c
zGoO8}V(r1C0{d}e$W4lqf=Pwvq`@Khx=e~LJ8VV}<%CfIqDgZ3;ZIg4ChT&V3gOb}
z<bVnlN?U@-LAK&>8XmH!>f^kNw}%cU<6m9yJ0F<b7IO;>E6Y7QUaOX}3$aqt?`E*r
zU%OL-sw|ETDcJQ5N@j-?WHK2GdT8~>D5UeprX%#m@*|WPT;1O#u~UrH{i)~1Xn3oJ
zm2zle>;V^yWX5FjvR{hz2ie9kq*jU18hN7@Ei--=2Gl@l%85R-h$y-F1@jD6#TJXJ
z84<~Fu?i-ONLI28bCbrS6q!%D1g++@2k7+KgcG{-wF5p$Ni38$KCmYXTrS6id?pfi
zSpgo_+6qW|^x6TVD0FCyC(%9=pLob4#A+#nmOEDO5>hY>pAkI%NCwG~OeeEhBMZ?b
z$K{2KxublK=}mQR>(TrLtkt0h4{3ZCIiHuqqSsi4NbXDyqZglf=6mv3EH68Y-dJ34
zD#`Y325<Y3(oTm&88@Ib4Q;lrwq0aIiEDdw52}mE8^qI%_k6HOm53RTqsRnpD3etf
zX1{4286{su*f>j!I5AV@peWFwT=zB3JzFWAI982=+$_5*O74xy(;{cYx4+-?v${+m
z3!4Q(9p+6?NZ{lj;Vnrh1bwh|**25&f(=RuaIS3GY5v`>3@?*~-REe;p+OC;QnyX>
zu8`R0%qaGszILwdlN=8J-qHn@vTG+ITj-PevR{n~8J7&R17ub{`!89_51~&Em!yqg
z%y_FqF|O(_$0q1?-Oor#?hT1X=(kxcWZ`^}DK3X_!&vQ{KV)M2m(ZFH56d<uU+N+c
z?GU)W7f(R}S$}^I(dOezet4pq9?Hpmyv64C#6`uL^&}%BA1Frh*w7qpbL|_*o{c0`
zO0o<+_;Fc_teM+tsR6WQF3yL;hRhBf*$P;gZK-s-@4wQFT5wRDyb;88a<Vf6*(#S}
zCGb;t+Vv(~O5}S?CN$g)2E#QUzG>zH0_^(K>w`x|HIyBbIyXuC7sEsxPTLL&Nd?|i
z(}k$K*nB=P<-DH8G}~|L6Z}pFekKAF2IjYOY%@%AZoY0$!m2kZJkAL+yFU`%uHh02
z6ulgBi>rz=ADH_rPJ5)4XZ#%A%SGPGwX0QXn?9J-SX>;U$f4<Cer)h2@^MKCxJW8J
zG=Dj4NWu^miY3)>5xAxB;Fw^T#1bad$>bCh%f1NE5J(HeOvU=jvuh?%fX53|D^Q_R
zd!q7<g(d5inSvc=hl?Ee6@8EqBfV}@S?Y)oBgcn}kP;(BNc@k?*B*-CuWv}`7TjIF
z!XOcpH+4gkk6c9Zn`1=wyHrH>y4v&*9F5lG!>c_%xxxf%egd|l5AfiQ7kpx2*ll8&
zogTqfSTeMcE?{l^weZS7pDDVn{;nGO)n11LuN1v#Ysw(bs{paJp#cjlN3A_9K>GKn
zZgAtjtz1MtCV_n5`*((>e1_(jGVLLj+7VXD+}K_fZFj(<J!q7j@ohA1H<r)KF9Q-K
z_5uV}YtvnbU@e6^=GDjz-C$YT|M(pW&ql$~Gxe}-|LI4!-TfvWC7=6ZF!-)4)xH&w
z!9Z!^dm$)`B7=V-|L9s|j!*$Qk*XP@>?@M09TElfyzuBAV(ibwG0zVCvBcP~k8|dF
z)pgMZ(ny4QMq;Wbq@R%(YLlshk5`O(M+*V1B-%~uFcBU!kuRKfdeXQQ=ShdSh?hI*
zh6=*9y<#y_5rdk41Eqz>L{Oq#^Dt9G3dcubs$_vQ;kxgE|E5!1V;E?an!}{6AvX%8
z9%v0c36(?MXWGchYZ!2+9gSHR`4*~Ip<2@nhjm5Y3(O8_)i)!ehod4{(F`9Kngi#7
zb?BWE(ynbl#JHdx_-~h2OdF1se&y9*k9cuFqC7l(VP8|WGx$q=&3i!XA{<AOON#T>
zRs{O(N~|05@KWNQNH?@mNiB6L&&4b*Yy_8Cw(=Z$)M0-z1bcCy571a(LQ-bZP74LO
zOw&1EkG}VNlUcC>feaWv>&@X9jFhHWEwf;Pp;a4hqp6t|k#s&Rdyhw(5(8-2w-D8}
zP?*>6a@?A^`zPM_=aG3y34D&%{W(84OtU{Mu9@#;1^klZ>HG>2b|xOm=$6UHmL11*
zshe?$xp1LAz9a5yT8w&S71vamCR05X6Q%%pZ_(YUVP?crt6$6ru31=`TVYRcIxbps
zO4d;ly)Z?RyrDFtiim;IjLc$^Iw{X@Jw2v2FnTr`{VX0EGX%q7Ez|KpRal_P!t}g2
z=Hu5JMZ#@d2V$mI5Ijlxlo)ocp1vvb>UON_Z(t#&1zP2@?vts>`$*92{OgzqtSS4x
z^MI)-xIxhjo4$#Y=Fr)UTGk$JD&*xk>3*D<0gVWytkF?i6H1y>?~pUUP9bs~3_1;p
zTe<>=Gy1rO4!0P?I&7c0xj;(Y*9_B?>1zP~a;?K+1DiHUv&1Fk$K%D#7Sy{=?fPHO
zVjFZu9+g^DmU*mFlE!PJ2Eqe{N!LOyjd!)BsNWX7W3DSw5|6dXM+R0hX=T{xHD)IN
zC~zBNje>lKdo5Qq2u@2w9u3hi88y!HQeYnX@wK}^8wfABdTj&wAm0?IJVDIt;kzog
zkK(!xj9jt}tNh7RTU&x1RV!oR*`<2x?*n-_8K=>oTBbuBV7OGRUFOxYte;_c7J!SG
zl!v6C-DC7?K`D0->IoF?avFnZ>f=gu)}3n2B{mbLrbm<Jx~*sxdH+P~^6)3epXx{k
z^pfgZxr`@VO|z9|wIIB!lNZa8`NC5*%d;L+rmV4C<FY5UL}!!);IG2Z-AeSyc4>cY
zMxY;Q3h_DVUxPitE&@oV2p*}#n%_benb-$(L1~79ayHG&aGsM=s}#>V#sbxD>ot)+
zVrqx@Du)-X`Gvjs_33t#ki2*PM%L*b2Y}&lj+(2PK{tfN2G`u5v#B(!^}#<zmPCP<
zfjTAN<VQah1U~jpoGsU<qYW{q`8D<_hgnsd(9DzP$O`eG<?B>dq8WgzM08LuSSfS>
zR<{txmK$E(@{;W{Cy;$?O(ZT)De1EE`f^&i>~!g#v^B)xn?XVU>Ez^~xvC8h0ubM9
z(T|C1)v}0=V|NO?t&i2ftrU3LL<!E|{uRi<S{m9gZxldypeYivC+nm;{h+Gmx0XXa
z2wB!;13m#{)udiG!SxMzhN#o~=gX?(JUEa?pF{KP&!L}b(m#)#*wY!_;{B7aen+_x
z`P|@Hqp64MyExe|LX$K_b_|Yq*QY-=L_U@$fL*a4`DIAk_}sgNoco*!yEj0}??9%z
z_!yXJEfKcRz~29myN#iIscWnBQ4jAji}JmCn|H^*&!R_18H4GrOL$HBPJc&#)B|;^
z?$yE@!O(h7ci4Nmb;CMdqr*>KR=r}8bMx4sk6kr$<6?=P$Avel>*_nY$BwGfttc4+
zq;PF&tDe<mMzc38YgjgMN1LeCboE)#v7~hHilsVbE$`)x;#agyTvak=WSfZPj-S}K
zQAeZEtEbm3g=)79Up?f-teQQjrRNP<>6t#7Vw=5d^s}kScg+HV0(Dzfk<EuL9rElN
zttd71In-OTOd-bwJ#se#F)~-L99FW`7^KBgFAu{#D^FrTgUai;&!Tm6hYu?;qheO@
z)CwjK>lmE4d`fYZv`<iNf}WHy1DnR8yYq4@L!>H@PERtHp`2DL@e8I+#r%946Droi
z)UA@2&r0+9Gt3&iR@3NQIh^;3#tt8`vgsezEa{6R<p90r;sO`w3~b1rg37qnfQn(m
zCqOiM=BiQiOC^3?)MAmzqS~4uWtBL}iD6kX0Cn*Ke;^N}xskh4RgI!}M%A{`#baz}
zwPFITQCXlE1u0F=xonL_E`RXCRLrzN_;~OnFrZEeXp1qyl=2vbHN--{Qnn-GVN-1>
zj&&KiEVv9$dsUaBsx>gA*}|)4*VI4!%Lokv(Q^m)l7+rZtXcp5cZelJwn9zagh`nx
z$*9R9?^2{?*s4)wlM)^1`7D4!t-9&mTC4%dgn9;}A{P74n9TgiT<uDg9PHeAg_I6_
z9YsT}BaP<MgJ<k!Ksu&zx_W`b%E<2B9GAV3`bt+Vx((j_bmgA$J0#7R8Jqg-FDtyU
z*G}ijHlV3jaxxv|8ih4!$8s2(gnG?9fQFW^A#BnL4QO0~Gj=spxzqvLJVuK?gul_;
z7T_^a^v>nQzXWwThnMbV5++l-IJH!ko&hga*Ea(f+cp6(c~ZgFVWl`|^0u!*)F?yX
zx^xB=IAM7Y-b@i~5m455Q04K#=UH0O#z^73e73G^`^%nV_S_1*kBeN?IBk0MzS^j)
zTw7b4DF0uyy#-iYO_wejLV(~28lZsy!5xBI5&{HwcXw@Q+}(o{Jh;0%H16)uxVw8_
z@_qmOGjr~oJ95r_p4IQJ{qD6^Rdv_y?pjs5%Bxi(w1@`zN&}myYEdcO@GMS0FaXE!
zq<RiqY9?XEr`f!V11}2PtqklaI^<vIo^Y92!$Tkb)q{iO?oHbfolP6w2op-5&5$;i
z7qQQx8$EESRR@do2ElKy`*ipG(hwiEQB$h;%>Lo%^j%K%#25LIFKb_2yFyqggP&gc
zs`_c-PL0sf*E(<<d}$<9bF=xLh(b5!au}?Z2R1}g4B<}}g6=cJ@4O-EN6k|(D)H|9
zZD^qs_|OQmJfy$`HjYyr9Ddmu-l(jJ;gm<Jv#h(HWe!~=Gsp*J&6(v5^IDycpLp*i
z<>T|c_Tvxod3@9-T7Hei;rPhl-&<ML9O@o@@042Cj0VkXiXW$w=>_bm=oxL7EbeZd
zVtZr8Akku~&i9KO-*JRvKBzF_ab*PuNKmM;gm-ON#d}@2(T_X`pL3e}e2y93q(0|$
z4mhMN*-S8i<&t8Lj`_hSUi*`%GR{o|WGi<p&L9;%yc}W`jyBsLjyR5ooC@AM5%|rD
zz-|0(hjh2tZ^UKS!mGzP<3e@U4X?s??2cgf@h$h>$tn~n)!l%$rzSMie`IY;6sn(!
z33d>sM;ib2CUvi`0rQUo!LdER5$v%BH10aVozSs6c>7k^)YLI&9PT!sk+zuO6d#K<
z`!Q3$5sBSq1n!+LJIyw!(X-FQ_N|DigkyIw_G!K&TDy-#+;L+Cfg|t7e!->6X8;-O
zN6=^S=+Vcy!k&LCZ!V#x-hAE38dHT$l^kop=GOjFOvnxKACcPSg-wP0L^UxY!-Y+y
z9^-=N24(<p?Bl;u&fwLNYUCA@eBUV<<AUP~%>Z)Qmj;fc3+^EPG2$D$<1^ik?vq!+
z9kp?cQYwARO`B1L&&?sYBmKLIkeestLVC;@kGn1JL7k)*TD@?2dASAGf`q44ii0(U
zjfJIQ$mk5`@rboqkzfv&%N<j&n)K}()`S)2!=4gV@VBc5$m<IMKiVq`y0g(I?*OEI
zlVFp~pVKwB;?*JX;*}<(F>%#q%O%Q&a-^Z4y8EXRaxpyF0aPR*O>yx-5CZLnRl~lu
zt-K-z=AKTWff%X0yPx`%1%>vVAq#1YrwJ_`-QoL#)!vfq0!_nAQ0|ss9rZhhx}>m@
zWhCkV9Tv@Rc2TmT2cVajJ6?FtG9glg{EyxIr>>KPADo7l$IDG|NSO*BPznkPobT>%
z<5;8$bii2wnbw)Vb*Qi5#j$6wI~BwbW#J_Z_myb4a_%+fXqME9LrmzgqV2@+hV)p>
zYD$(XO|06rg5VFk{TIXs1~fA96w;|pnAoBU1g;X2krFRKgPSmumlFY7zW69JLC2Md
z@cQ`HpFddU)@6L;(?s^A=8~em(za%fi_X_!gB$-U{4H0f*uI*ED^E^qa5V7j{Nkc)
zTv<r#8DGs^(t~L5Xp{q+j*)3==cedW3Jtf8fP9@;cfn_4o}p(w3SeU5qcP9x@a>(K
z$0jqmun7U`Kzgf&u$T?(?S<o?B4iQMyS@8*jcjsz=kSlkMY^i_LbybVfX~?l>ZRM8
zNigDa>I2x{OF1>g9JI2LupFx60=VON6I)Ye!YJ(USSi=#q@;|?-(VKSVi;EI$fzg?
z5i}*Hrze?>nK?S<bDG=)E+~*^u`9lh6NBY=*K6?RmzYGyT2ZHEVY6v+A(x_rqoZgq
zY%YSt&9~jtpDXSyl7>t;J-dv|KbR%hH)WEyvA(IVIn|`d)9T8bYQYpUQzpj^Qk&Fo
zGxp(i<ulLXDUS5VSy1C#Rys*_B(a&x$p0A46EqO^@AQ)GMsxr-=}^jNY31PgZ&)*#
z#nQO6=gU#&#n-Hhl#rS^)GLYvfpUC*gHS&xm9#&^nog<^Oy)}J-aXxYoh&3bVKq^c
zuTvW?(1)!>t+OgOHPXb2vo$l)nskDzDf`w#o$vn3dp>kG6!_Urid9E9F>#9plPm#5
z!fm4Oq|KHWgv!RkR`qR!`a3K5U=r78hppJwUuV~?gOECt%iqN8jC^%KQLb3b7ET}0
z+~ysXz>Tzia;lX}<6R9W6tr=v2$bE=ID*?S-<-N-#>dF=hLV_32tEluEkqO$_MqvD
ziuUJ-Gt)2#gE6bxvVBA5+h{(G#C#yf&1#LKyGpp_`H>%cn{aQ9UFj@fb}K%Yo~+*g
z{GIlVX|sUvKzAQQ9Ll3cNbr_k^|JFZz;WdD<Ip_6@dF*0PLRLLV0T3S=xS2?{;oh}
zOiNUTA?gDcZq^X3z{L34$atTDB;|fAl2n0)hXh5koJVn0JRyOzA>m~nT_77puY1aX
z!smM}8JfOjj~syF#XuzC!O1SwaF%8`12suD&zPbiUEb7nW6L6a0L<Mn6OW$D{K*G|
zO&)=xAeypAzI%D8UJ@*fp7;Fm;(monmoBeEOv)0{ITtiJ+?Ioj_DzaUqoa$y<yyLh
zg-|I%bXbNAUjGVeI<^7bDCn%Hi*f`9e{19MBj&y!B%Cl|5MG&{o~BtTRWvZ4awe^q
zas_->UaL@wwg{Zx=?a$;sz(UD2(RCJ=NA4J8bPWQ2D~H?x&@{j@`X@U%wPl=fMjJ!
z@KhhO8ib>{%5M3|`mx1-jIGEpGjxlEVs4Dj-Ja=b1UxiG?9!GHQJz(m2m2qW)JOR*
zs@?*SwX=yK2E@qHlRrZZe+T;$;Z(9L6%-B>4p6}%Z>Vsl_?yxJMmsfdaNe|WTTw_D
zK+NsGk6&tAx6^Qfn7I#W=FHw&uwape=VkdgV34srtFwLT@+u44gqF=Qx%tw6LR(sz
zjbe9$5cae@eLg;%<wWI3AsF1U1=jng_^OYTY%J72E$JS=aZEZOxzsNIvD=p2;gR`7
zv9#EE@rB3Lj)p+C(%}nq8nqRlLIcrr)DqD%y^`XQ4}$mX(Z;^Xmt=$f0KOm&M)hRm
z!_rz&#7t{bz)aKjWa9NywRQ4{A>nP?J34*LgP@FR3sCZUs*5^3j~w(=J*YW7OXGK5
z+~9#PZV2Cw3e^9k%6fgm(wt5y#<2M`rscDE)9xw)Si9yIbyv6qIg~EsUgsZ7N$!KL
zzFwJjm3f&bp$r=g>kSVkt$dIia*J)0-Tzpd;iN)4E8aw9!evCFCNMmp$>^|eu8_g{
zG3Hk@-CLKBeQq>nqhnEs0e-Q5Q+{E7Dc|v>B{jT$=H`5w`IN?<kD?|R@Vi|mWUSY&
zGy&y@*%y?-IoHHb5m<h4QaSh-xEV`dkg0ut2(O#cj1m8wS;MuW{%Vc%z5iXeh+!;n
zD#tH&Dr~BAYJCc>AXJ_(2s@WOr#AOkVma02;}z3H#7C&`?=765ZwFjmjkDsIF*6y5
z26nG4kt<bV$s~}h7yEmnFuC_HBQE8CqWy4;H=Z~ab)~G4=1#O6QjMviIL&V0qHlOO
zW|ri7=Oi`w%Y&j_VsVHPc8CQ>iq7I!OR>%RQo;^Vv$mrrXsrvOF%*5NjMk&+R^coM
zP97)4^L8rp>@&1t^TEL>{amGAU!2I?$)c#C-OYOMd?Gv^G)OXNE1tJiy%n-$_G_qd
zOwEj;e4&_qQ{%TDeGPX>$=1A*ad$7au|<p}Yl)P4q<f2HrTazn`2afYC}*QdnkCCR
zvC`A{Rjq6A;tu~h|61!R^@Y?~W6MDi_B8dh!?cK*)NIc;J2T+Veb9rMF$0j-!{V+J
zoB9}&Ho-M-EG3RuakivTy~arKp^&wx^=ju~=WdY13W^U6eSV&X@9Uc;GhKMOGO6rX
zir2K=sfPNgLm+aiSe3`)$eI8J^%rVxz%NuFK9MPv`RV6df+T!)4&DTp`ti4-<`RNQ
zc_dY~ZX3UIoh8*}?TjX$16YzKFI~XfM%155ot-ZFwkw9`hcA)_lMj-Tlhl(P+1utG
zU4SAN726lXEyJ^F3iJ!{vGEo3nCf<FO0~^=yU%EcXEKP3b@U?exVm*{jVG^N85KIO
zWd;L%L(8q<myx}n-eKuFE>m@?S#xFmvKY%f{tg{Qc#@VEZ!=<U#%hLOhOEmc^-Fj0
z>1M9LKf^w}ia!mye%Fj=HqP4xtCV@v9>}bXS1lhFa5p=d)K710a*uhF<tKdE0K3BY
z(FdKs@9}hx$=Vst?kL?!bUzQ5ReGM*$$XpK)KYEd<5l8RrL<Z5dS1vXZNaQKvq}2G
z%~UcxM7}qzktR&;(##?v@kad%WR|>L@cz5B$=jh1SHPEbwLT<zV(*N!+s$m1(yHCi
zI(3BQxl7-`0p)!!QYWJ^El|I?hwZi@T$TDrqh1uM$+9FS<axAyUX>pw+qY!JKmjw#
z934n1z}l%m<dA0tI%j^Iv1)gM8H7=u%dfP?q2mtUm19<4o`gwi{8-<a&&Y>Sxqw4<
z`~?}WBrmFp(}EC*$lZ2~ho|(SpTos)|H6^A%uVI;Q31rlnA)LcqF3N=|EZ*fK#c>N
zGTWlkl3VDgroi~(ak%6FBSg9*G7Y1d!cCWl7h=%StLX8z%{At=fNN^Ia$tWr`D#Bn
z`_^(HP^O_GVzsKIww?79$0?8OZOq0`TBzFU9h7Ii*||d$gTluW;d}YH4ojl{Uhw+0
zb6$PIYPGH$!NK)7s|c_4$ItX1Ie$rwT?9_sAp1-remj`%vEo+&Ce7HVXY33WvL2%7
zRW5jO)HxyHJ>GR<GP``+s`@#APs5pNvghFmRU5{E;{)2j8;0z>j}azYN$$c#oM58-
zkW8JXK_tsA|9gudTwQOk(CTwY>#Mp@`T}+Cg4y|VddbB`xw(zS>_uE_>*c6s{pE;}
z)P>Z@!{%yQvjjcmLxzo9`5+-(%Ay4$epe!`_M4P_E^x%i*n{%70iZPhEQQm%abpwI
z)}3@W57rB6u2Ev7B`nm!9mWpxTaYpI`#t8UG$CWY7U$!7C0`O>@AbXX^xdq}UjOi+
z4|DnWR8J}UXZ$n8Ys7T0=pDZmVp~E}yQ3}c9Z2-Olb1C|v+y}eneWXHt>|QlPqIsZ
zOu_!pdS}m0PsvaD&Z-hk5(<D`N75}SjyFdVU)<0{cZj|$`P^bW19o~ZUVFycI30AB
zKxtnBz|y~$zGnl3R!DZ!F$;0E-=v>jL@frSwCt+ly3F{e{TN??YfTMbefRmMJeHiU
z2Gfv7w)O?UYN44)QLbp(**h}vzDm@>{C?0+*}bX7y|}j$g_w{+?X_@0K58huSlajg
ztm0AhRa2O1NrB1cXtSB=D3+(>M>p6l`Y|~EE#T=gZP+bqwcYy?``{88WQSm!%o2;o
zgp$7TZ@354H3M))zsRZh-UDNMT^7j~d?U;mFAp(#r{VdI@*UpR802puPm<K8+Y@_I
z^$*uosB(X2z{E>ce}`ay3C-%#CJA<<WIi?ifw4`Bhq5Cbjj|aIqu;^#6Va|?`6K!g
zEYa(Wj>wMJr%X<7c#&{?gmjplP*gJVP*lEh<-cOzt??z#z_=&OK;ra9uJ4drh0$7t
zo!-?(&4+WyAad7)CqfwP02TKUs=RMHZ4TLiblj{Gui{U5yn6ELm7vtMie?r8>kO`y
z8zLPxy%`nD=J|qsp3)Atq(goBit*IjOa|6WHV<ve*KpOg9AH_}4kT}X1hyphmUUpC
zqC&9AVaC6pVN{?WznWjQlIcnZs|n!VAbC<)3EXmVzS4p_T4g)scJdX#yP<GGPT7j=
zNrg?n5ZTyzY;b~;d5tXtiy8z|@#=s|Yp|{t9q!D{xH%2-;bfDs*Yzu^m*s}?Y6C{G
zkO!>E`e+x&1?2_@nI-bNdIx(s;o+-M(kHHRg2y+9Fn=<kIETD$`~IlBN;n3yBIJ6q
zc4uDg3Am$tck=yZb#myNXZZVe$5oouJ6i77obTX1eF<s7Mm6|?hV_V-ijnVyZ}J5N
zk`oGdYQRk&v?IMwaVFxxE`z)RL%6E>oO1m3mTevCy@SXr?ag?{u8F?Vw#Bjk4BsmF
zNYkdwxG}n?YtCm;5?FFoUh~ZU6P|)pAQ_UM9%9UwHrT$Q!=>W=7^j2n6**Q0Z+^@E
zq&C)GcR=tJd7m%5^5DH^0K~k0fS65(o-$5%c||b$QT$WV35i|CE3piC{CCI!ujoG@
zt$P!FdR6@S@RI-VQtAa+!XOdLt?5gho?qm~woBUI3VTKAVEurr^Zv|)pMAk^$J6)C
zbt5=Jq8&(@_=dul=L>s1=B8IuI~EgmV*BTx=()bHnP7+BRDB^yL_LNDwrki3P`yU?
z(mVZ_h#=;L7yBBS3RX!5jm8UAzXsNYTT!nVO$P3NX&7G#^8+p8y?Z<C%3p)j5S3sA
z?2CJDXWMxOnP}@)O}l_^J|GHvE7%bHfX({KT~BDRiUoijIVWFoK84$bg`APYNWYuy
zY{R;F<AlKrH{+ex;c|*%0!Pp;T#jh5?Yds;RiZ;MhX(RW)xkA^9raPZ<#&qv59R5U
z=3!0ox;HgY<nHxqN@Ua9);FH;o-m$pe5<r$$gKf8!GSwJHeJ_IKO!o;MzDEL*equ3
zM!0^ZgXaWj4>)Dg{7c+VnI1OOZ_(FhNuEs0iFjevI^ex3daOHv$OBezi|wFt*u(ED
z3}ZbH>**rDaN9$57@ZIwQ4R&4X>|nF1rQM0i&h;@;hiv#n&F;N&+0lzF1K*0JU^T{
zj@OX|LGj(6P*)<emL8m-^y{g853kP9-$VIs-@2jj!{oISf5E-QdVK##$%)DjYy5?S
z6M4jYwBzNis(;1c!`PADq1~?i6}|n4tQFS{mBD*(73mh<4fz?Z6#@EcwjDi#_|y%(
z+2r2}ZnMchg}B+|-wI{3$&0)&=~h&2nz#t-cTe1eP;V)8j4vz;1n>c{x7dXC`@f~p
zHC+%r70O=PA$W8a%(z#fbO}D?2ZX_$4&7_Wyh{2xi=wv2hv_Itj4ZC=6!D`Eq5f`s
zs_b-#JpCQzu_)hCf&uZ3awTI3nN+_M(|ZZhhfhMQFsrYxbl@hGeH3-*=U}gW5`NyW
zqzS<Gwp+K`p7Kw4hVFQJVXiu6V7h%tX{^|MuZj38m}d@7ldoX1<Rj)4qc4Z8u_YNR
z>S#1K7??eDim{>%|M`jDCJ4as=wrbKpuj{G>9B2Xi@b@Hx&E~K?U(eOz=u}B6}D#R
zt5HH<*=L~y;Sl>Q(I^k%25HY%9Bs-`u3k&VPT0-DGi&k9Xmy(oqBwFr#}9TYAuD78
znH<2_#9$0oSv`tD$<E;dT#mfKdaf&$gY~ZNqdgWY=>%KX#;|00Mk~A)PA*qlv+MP#
z!|sClQ27fMso_CRwiimPCwM+|CUnf@y&7X@|8!`~0gF_rR%Y&v%a9<_Hi?j@*U3~{
z$l01{#^`MOftzu(Kh)R8SV(|7SfV&4f_rc3Wl=`mP>wO<Bp^-}7lJvFKU-v{nuu-*
z4yfokY<t&q<f=h#9D{hw8ZC^UuulK*vs-EkSoIA1;k7d?HE=gPX)*@hjgYPLwPXe!
zuXm;N`W==^p!~Wi@2s!!7uva3?3qIpyd0BIbpG|l)6^P5{RQu`l+;6y1>x1G{?VUp
z#E$^LtFqTizxvv|>pB=^;8y}ykH6bElGbxX>92CEa^BK=O(PylZT|V#-g=<(!+X9;
z_hx<NNHc*t;xh`vi|9>B(z3fayNXedQtD;hUbkwUf$oM-nt9@h0P*$oGXDVn(}wE>
z^%H<|TPbfKQR9!Z^%tP^k;PyhYs%y1)cPIJy8S`d-b}Eol`%j`5^zrx*xI``f*bhU
z<KQiQ7i#PI28t-<JKBzSN@){s4d$yuy;-VtB5a<gSFsg-HeY_rgb~*HVEK`72@T!v
z<O5-=w*AX2d_xlAI_%<Ac0wzfMnLv5+^J?(a;Nr`Bpd}3>L%>c5BsVpN5*>eA^+JX
z;!)C5s&m}eZjjwm_bjmFcjJ!9fZ8Lcbpo}(N$H*TDx_7965z(NuQ6LYA3;;T<c>(X
zk}q2ZjH!w-cQGsB%&$^79m~D)G<yP=nHaPK(K<K_xW!kXVk^oyxP@28Yurm<hf&z2
zZio8N0}mvvSB$Th1|3{GXm^pNz7o!)q8&&DHZ>l9T(LdhvpL^;CIocedcdIhYWrw=
zJC5z3oiacoG$Ey~=#Fbyha*e5JOSLCcn-ZC4<_i8WW3*aj>j#zQ-ZjMD$sz%;A7te
zlS%gh?U|GHwwbI^mrK=1{)2I4zWYK?IKU<&L39VV*OOuUGfO)>d>F**jG*=c7j+ai
zY|_gXUuM*c8J|fQR>~E&N3UH4<x~d#5D)e`4CbNRi_N$_iS-f9Idv7*D`wFK-xL>S
zhOb$PpjoL2hSFrh{#j2B2I??@;>5i4BgO_<Qq9ZJ?Sx`YodXflD0(|1*{Sxj=KGJ%
z;m`d;yjtoLp6`J>XSUN<&%M&QGPQ4WQisat)u`t%)H8CJUSq!%gN-GBr;7g;8{b=(
zI=cLgDDrpfBDwes1zUx6jP4~v4H*EghFr~!8PImhVCsFcOs+R)rRd-cFrAgJTcdO(
z{iX~;T-JM&a`BYL$_hDoxOjFO;fQ5tYYMT4(xyyyKigM8AG#+l&1&zVKMTwneUHn%
z({pZBL(+46*!1qeYrG!u8^-Q#FI$jJxY2d@a^I?iMCSNL5&%8tz=PaQs!0hs&VRvt
z<?7_ZsMED^4SFVSI(X*{&h5SXeVZTS2Fd7Ci1F1%Iw2JK85<f<Y_2`+A^G6o28+It
zd>eldxw^>D8hCQ61?kQ*x<c>(qt^&@MlyR{-3A{BT-^ywTG>1kM-YP<qk79u2~eDm
z%WJ(L>yEd4A*E25$c@Ok&4nQ2aI^H&`Q)uQN?E&RIQ{KQYF^9Mo-@i=_Zxu?Jl@cq
zQ(moh?NicPy=3E7zl1X+(5;1w&nQF8?|Y{s7Omv?{t32p)GD@rQ}kPm*08`+?8~h4
zYvy&WwzaFepOj!~9>{mIT4zCLY7Nzk!s{9vLpmIW;3J>@wdeu}3PG+1t%S7u8;CF(
zq{H!y&y6^89pRS511mT8ne#A_`=v^V9wF(vu+Myn47i({K2uZLAKKpg-b$<F70if6
z{OEsQP|yalD9J_BopbJZYU@5Zb;UYE;6*$5Orm|+hudH}={(V)OT$kqF^Em=oGBRb
zWAHuo-ER?(AA{(Fn}M-QKO=|(H+=Wbgccm}U0+LeiJG)GX?Su-b*$THHIKLCHQd;z
zyua?pE4WoHO)Y6d+*#GQVcXzKb0r#aJbJCM>qM<~sp%)a^q_U4h0or{Sa55nzi`U0
z5h2zpYF>8UQa0m>TH1{S+2Fp>Jh_EmG8vMbPVL@0Q%svankTkTMepOFzM~+AWUmv0
zp2%*gj=R)mk6E;DoMxVMrA9=11=b#dtsBVc>$11vtCynV)hF!4xu411@X*(2-$Cpo
z12tme%_q)0fu2eaijXt&TbFu@XH?$9+hmX4y3@C<;VBQTz9;LhxBR<eXkvq3O}VJ(
z5puRNssXX_zVZEE2RAbe&!r<DV@kKvwQq+Bo+7^TZodS7n??HsO`ZSfZf3*+VxxWK
z>||aX^nW$Iqa=rBZ>GmS#zcF{olA>7@BQ@T-b}B4jEVpIT(n<+@Zm|EQyNW;0)al}
zpO(~IROEl$5pm^<pzTNbx?H<TjNG*xke|Z6WQ3lx_1o}VCJ+$2;3>)}O|%~s=(3qH
z^(?MfLBBA=L=Vm0N=Lh+{Oef#SY-hn1jGNs;nedi{N&c}fi~*r?<&Q|iTpApPobXr
zv(<g>Axn8LKw3zZ`3K}euvD^(GZm@T;?@tEUS_uJArzj#b(?UMnAC=P$TBbV)7*nb
z;awj#2MBs!3E*!Fg56A1j#QL*TJu44MTFX$qF`RrIr+gfHIT7tT$}Xmw_%KIa9Yx0
zm`mk-g3nMkg_P>u!I%D*t%w_m3y!^9jqR7}E-X6<y7>2}$=?aaIeMjf(gz=xE-7=l
zROVJL%F92wifkdm@<4P8jR~{`io)j3`pKqUai=8EW@m@qrWZMff+$u(e3_90S7n+}
ztC$f2&#qjG?M5y4cNc4td5;h+dP3*$BP85OH3S@3)4n6BGX=ctF7xMJKHITzf6O`M
zvW6VAxR>2rx2!BWrq>-`tu)TgP9L~7fnXxKn@)9S`F$eSiFOV;cYIJiBukCzY{Z9&
z<}h8?B<Bd^%NcX^@b`aqJ-430tX;4nsCD=PfU8M+D{qYyZU*g)$c>f$BT!0;i(?aU
zUa8<jqg*pc37E8nAL&x%BzU=fQUb**0C5ftNXp8N*Xd;qFdXX?I~-Y<b*r$gkdoa_
zvEp-0>UOiR*`+lu;x391_t(j1q_qLCO610hcK=(DPe-hiaHn2kv8+42Gj-LGJ`8v7
z44=%^f$SeY_Ep1%alJ$ES6^@I#fdtt2JyP_Kl{wxBiC}T;8;~pY@E$r`me<|;!7X_
z9b&*c2X4a4$EREl{DByDu|Ko?;v8%@iWO5we}@1RH}`XS_`B)_nR{*BIi<)O8XF>Z
zT!GrFw<gwey=EmM%ZQ~dgJ(^I=|0_@*fV(}_fz!VY=u?q4wB{U4kzAM1x>GT^{5$y
zX&E|LnsH~!j#*T|jqJ_n2^&Zn!R8gOXV;$UiH^$C9A>JHVe7FqJqE>!J1y%89sR%#
z%eNWN=xgbZ0n;iQH%^nda2uIA&Bs!s>P1k7rIHgOeg5r*UR!|~yo)dO<a2Bw?J>ZE
z+Z>VWC%P_pCaf+WmBXP7evp)m_JzMr!fD-CpO{b6!4E}s=x;rV03TKe0ofEDz<TDy
zQcw65pI=V2XgzcQAHg&BpolN_ZxWnm?5fw?>jBD6*Kt2K;78lubF3NJ->0ab!Ym=t
zpy%_d_#;p`+g(}f!(x)Mlj$L320e*5)&oh|m7l~<73=Y#tOM}h=e?*1-WkGTX3_N|
z=&>@f4s|&hSZHx_fDCSb&&fuNqDV2tP<F-hv;vgzJxi{I?eRT}uB|Rs4$>I?9D7@j
zA6+8?YZg1NVy?TA4G>3D8z~--rqDP3{_0%vZ?Z){7D7J;&rY{M+QGMN#}OyK)N^%>
z^8C^U=n_rThsiTXx4tTb>=Idxru^m$u(wz&`_pA64^fjhgh%M%4^f~NS9TK)ZsMtc
zwJ*G1Q1uf1G^Z4r^jJW!kjRslMwQ;1rvo`XzEzNr$LwwpA;icKYyf>JCCqOeMqX&s
zA<()f=4oh{b+mD;?|KzDR}tfCU!CmwtvYKlSY78xXtNy>)Ec%s7}V+w#c?-JJqc>|
z9<Z`uTTsAoVC>gt+`yhypm8Ykw{%zpcRT3TlfL)s{w|p)-qm@9*uYqU405ovn@gCZ
zANmABN5F99gs@tOA7V2|O*QUF_8cB9@b^e~*N90t@DC@}GduKr>Z}RQZhb2EoJ-~W
zs1eP{q!G(WrIFwStfynvgrc}xcMLJ5Iu$V^5U>s=3U<O`1mfSYZ)|^XOgxc|tRvu<
zt#{THTtBt>y8d=!`#^gYPek|kbJi8{1{d|HbKtZ76>;8)lM{z%vpf{>UV6$i`WZeQ
zSUJkoZLMM<K_-RzfSHE}Y-ASK5CA8#E<46wRB2jIq*XmB2Lm;&(TvGQ(21oqR$GxP
zrgm!TJ)&%J31;_QwK6?_JupsdZ9CG5B-@^_9@}k{GHr`#<Uq|v>)~hjwSPmopH6O4
z4z7xnG4|v9T*!ZGiSqgyp8?W(k#CW;x|D)8y2PFE%2pMd1CHK;ulirHm0ydRr&nM1
zYyKt@KMq)~Kydn63CrQvy&0~neV)q{)650<0pe~Ww-EREsFBjlrV(|>Vw7WE6xM)R
zM*s}Gu+rx@843(jB`lRJwS@+rMKPs5n#`p(vs(NpMaBJef`tBKB@3!`bG^#{L_7&S
zvk^Uiwvn|<eU=VDrzEyH$@|HCJ-ODnX?*E9^Mt+*ycalGVO$Npf4KA%g(fVwk)$L8
zx){MtG3pic&8}@9Q<}6%HQFGyoJ2eNrit^`*jC^qn-*@D3?oK7YFdITAt+p5kVR~K
z_)MQLxKdV$ePBRXb)Jfrz|b(O*djJAyz(C;U!|<{)ywR0r<uR*+NSqQ+Shnd?lXP-
z<_76(m81Cc#wyo%@$Lb%p3+;7sw3%JkAf)zgLe;{o=F$R4KDFTH?~)wMNT$WRF6})
z{`X*Be}jMA5&(N6<e322Zg&UNN5Yn^wSxhigWgqtz?IV`9@d!alnG(PZk6p1^YDi$
z`=#Vuwd7xQjD!ZZe4uztKp<NJ`7P!)SSBr&uGNB<K#7ZJz(rlF_#Gp1E2WU7Ls_dC
z@Ni>;s`#c+%M#t-aOEF3Un=e!4q2k>9VXf`T3#ylO|G%2qT?6@R$*|^3RzuKaU87u
z;r){>H~;uqH!^QfMdvu!HUj@q{ulCT$%6iGO$#)RmyO>Emn^)Ju^UvQlCSKlYL<$V
zlO1fTxRxx)IA~wihu}Ea`KKFT{k-rWx8zncqr)?HRYX=Z!^7J)Rk~I)9m4?)s=>)|
z_46-z1tvQHt4KKxw*FXh{FPTQkaMl!*mT=(=OGMv$&n=fJ`87rk>yx#Lyc>kyoVkL
z&G8sCOxq!h`%?<7KaROcITrhd#g>Y@hVL6x8UIn__agmvvAiPGcCn-){kE|pTw)v|
zd#hCR0P;cEb3jg)tXNbQ?|`fe=L>JTMg<GV>5~ls<RoMjZ&57+a(uIf)~E=$#DcS8
zImHA-R0sdo`~{YU=X|lm;u2#N+51bA%q}+kFMoiX^sGy}SfYrDVcC05F=7!>V61&*
zCFc8}ouoM@8y}Zzfa0<9SNE%Cey5M@qj$?|n{)2ECHr;nT)Pr~+c*?&Iwc>J1(d{?
zfv028P^E$(fF<oZ`b4c8IU9-PK_|9E^_wJ66MHrMR~wtmmvv+-%$fL@xi~2*2(I65
zQ(R9S=ajG+S-U@Qru!6>N>29F=+Q*kcuw4T%t2~ks}ao5JCpew8=vt?Ti~o6j&zRb
zj!2IA6du_1w?6<A53Ujq7I=@=7RbVWm05dVWZ6`k_nOErIPUT&L2O4NdwDc@zPe^!
ze{x4%h~ay{(#L6936j_3k#ubYA&!iB=3djK9J$0?18&laEN2{BT^VhjzE#(QqOSEU
zi<lEk67YZp%n1#xfD_=6-4XTzZFqwiWO}5m18KH&vQ^vFoinAGBr&a-nUlg9liRnU
zU%i@mY^BgTr&V#p8cbN~U@nmV^s{xkqobc~L?A4(5tIiixn^*`*=?G2M*s6`UvpzV
zyZ4aYijd-olny##T^KbZp1R?3Pj`HVyKJ~7KT7az=%CbdwDt@bz>!mNKkQ}c{JDXV
zb0jk_fs}m5fyM6W(|Hc{>O8lWnR`S;8kC<qga&pRK?(i0pfLVh)E3teS(UWE2}&x9
zYpAU59U@ZllOt9<6agzfuYBH9ME4FVq<hCfW%2yx#R~Udte!ppwv_armXQ-Ir(loC
z8qO+v;G8G>YI!*QQB-|+TH-0>@Uif^43C>$5M3F<K{1Hbr0cljIoz{6Ezw+d$fNi$
zi;@!WeKGFZ)itz8aj|W<WO4ai&bl!Y#A1~k*7UW9zQ3LvuTHw>DDkIlUSGZQFLr_!
zj>Dm9R)d9Rl;rRgT#(Tmo@{_+jP3=C`HkNYH(gb&&<P?Y>p>V*Rc(K<Gaegl7D&1;
zpEWbA@tg4S$E<jRspzl;%D+j2sb-0!IMF6bg9$tq6H$2j{tPf?rLiL$aD_pA<@b|$
zkHlaifx%F8m})fhgTYV)A|5a#>{kMHmF!UqtNh4MYL32G@?Vvo<gfc<moZtkP=2v6
z3K|*q9jD^4-0IZ`r{Xfmrf=(U1SD^^LB>bQC<*bcGNV1NH0oR!B<b<Y_HyE}YKDHl
z0Ivl7vRQo~b*``8%hp=5;43-F5VLKW7r39cUf!?!d}WZIm*9dUKML3vm6Z;?FA;s3
z`7VSS3|nh02?+Al@T_8<tYN)ufnx<bPfh*gRDsd~DqFrt(ocO3Op2G8d|6^vLh>TN
zfP{H85nN|23ea70+rV+^kyXiunmqOHO0N;#M^1aDv~E=Vfbv|WXPkUb$!_}!?dRW#
zEth|q$@VbMti+*7PT^cOrn7xQxk(AGN=Xl=xJj*gVxTeq@tKET+Y;pMTtDV6UQp<N
z&XAcFTF^2LWEgLgfaEL;Ru8%h|I6?FTl0KNmYNd9ww!5edWAZl{e^rh_-V=Cjs0eI
zfz)Nb=M%9BvQ1ZV+9CJbGB0pHZMnQ(`x)CPzdQj+UV$_41?v5faOKzZXi`M{QTuu7
ztR+jATgjbguU})=<}W5qSxQcEM&c7h6VG}I%<Mt4xsPG=`Evv|hR-KgSOf(9(^1Xy
zZCTh#73*@QE$I~+d}tQ)?cf!q5Y_U}g+c(?Jp)9dTb88K?qspb+09Y|w6a>Y`_iro
zd}e+N=hIJ-Ek)Ld&NKwS%Srtm<P@VAu?wihzd9q)oM)0U?q{da)u70Wr`?2|rtzMr
zekE~6qCQU{9o@?g;uXSjmW-OUm-{xek9#McV>YUGMQTlb9!ILZw@Ix^n^M;)RHR<r
zn5x8X&K6i=v|<*aGTc0^p$m7RRBmz=qEuG3kDaR6_Mt-WZvWw7z|23jPL52ez$A{l
zWT-r@|03}H^Uoc0+G61qGpxIBQH=IUPr6m<91mnh0@l~ciD%7tj7dj&r(9K<^QnN(
z8%0C6F09Yx^(VMDPnhfcme=Z;^`29Qj>5JO#$#8?F89zl6^!mD@OrEE(v5V`L$#u5
z@Oo<{@-*Y|Ly1iC;kZE@ex_zV`8b0@Tm4C$8EvszGTns17Jl*4rU|Z@Xf^UQ?Xhdg
zCJXJn5jn0%lT1vOX1<3l#9C2VWtx3HyMKUPWxoF()&sP~cFDyP1~~-9mw&8-|0>pc
zD`dbi<bk3H^6~f~>u^FC2DMTg6Z><}gHOG-I3lpi{Uzs@;wy|xVyCXR`m@A;SItf5
zUg&Z!t3ScMX^EYXq)v^U_)d))%ObRN6Z-Iyy)@gh!X)*vI+d{~+u~u+ABu<MSUulF
z6zc~4FAV{b<4LS(jBa;BgnZ?t8@ZRKQq8hTyT{SSHcb%nU)~J)1tc-^82_aF67L0y
z&<8DB$V)}3%aYHzsmp@T@u{ps{!#jLq^5#$`K3CU_2|{#N%r*>m7Y>jkwOn!Jl8$e
z*&`$S$Ne%6(1$Ub@_l4R|9O)Wd$PFre0#V!cFEHq7#e!XImYE5IXNb6)xlysMIIHA
z^-C4XjZtFa3XMKu$%QLX<@cV;w3-hAEfb&PN|Vc#7v3K+94^tOVi$aVdLe5~9ChEv
zjbu%zDl}SkYMF{uH<bg+>~a1h-9XC2IIEQMCMMgmOZ0KAy)cf$xYAG%?nvmh7;O`B
zq;L~5=8f2_P!n=o%Y=|Z<1VUe&Ozp~|3&7XQ?;aW<%XAnjcXZV#(|Vttm4!Rd-=D7
zY3OD5kZ3Fm?^iq_c^07{Y#iA=UYb;)oCAtOdC>PJB%T{;;}+d?JI(4MnfW}8?>V6>
z<<bod3yPd&mC~wLgJQ$6p^ue}3*E$dU1uf`b3p~gvh1!}6G)N3!U6v8t|*fo53t{U
zBmF|nUmEEz8is#qq?@N;^itbuDp;1ef%#`S$s<G_G!8NgUCGHAoL-2x<PneI?xk?!
z|9Wlz&$XcIh8}8L-h~}CT*Wn7YTFJ!_fk^w2>EqRa(;Zp4caXCQV%f=kzm>^Gq;>#
zRb0gl)0agox@^S&k=G6PS%q#}F9r^=^-&liRJMK?50LUvMcH+xKOUT_N2iGucWBAT
zm9FcBscb(jutAu9i&=+)hF(g_y8u~ur+7e1{Sq33{Ha=7MO)3sm*k(Cdzx!1)V$OS
z?%z6Y`&Y+pFOE-WeV5Iz5x13}hjSg9HuR(sM0$FBHz<ZtB8neoSD&9+@#)afele~0
znT^tRoHsHhrqA)Iq~%W^7nMwoOc7<eH(kFy`gX)q9a>FkI@%%ETe84@6t`erGwV9o
z!ljbdtmxWwEw~VAax$@!r<pfwLOkUm`yj(4;G}$*QO?E=8@NtI*Sl4ZQ@3u#i}6Wc
z02#TW_q1pLlCkAOS)<-*XF*3tsi$kMhXLwHW{ME_9rnM3r3th;2c6)`*4ZpXKGagc
zPPOlRa+jLe`Q+GbaQLTpcl{lqv2*6>8Ws6Lviq>S8S<WU;>?Y%lgHLhg;R(1F#=X>
z&L^+)n~d^>0jI)U-3XiXpdHZn*Q24s;oG+Bz6^eL$XT$*Qxn*-LVkE)uX2q`SNo9n
z=+0;ZUccV-(8xVC!g~J9I@fo@oZa6)iE@?I{H5P1%}cdpam)d%*cpNvrC(|s+DP-W
z0IG13^?SMaN9(sn7<+4WV|}erd-tC|Sh1cY4?h@Pw9YqMOEve_Trd$u{DLxH2pB#0
z4nY&|h*_cf+nz&@k^d)T)g45mDnYw>j8SVBm$BHHoAdYf=vUzIh12+*k_EEzZ1d)$
z;*t4RARV5@StGtNd`*S#u(42Fpy|%9L9nf#v({>J=F~<CV<iz~!_2!C0`t%Ed8$?9
zGlwX%qo0rIj^=e;i$z^a&xRL}ZAju9cl6TdL&Q@UC!tyzA%iK5=;p&NmWN`HBO0!4
zwcc6fm0@2@J&p!Y)yXN$hLyt;X!gXWgn$@DS(=-nKJ(a7x1lsh0RGA$89eQvuUmRd
z9hL?7Jo_uM(b#7j`kwCuaUXMMt%Z~}{MyDL6P9CDc*!q$JXn2|=aZEXu9DtMH~FX@
zcKI|FgSb;bmu+SheEXI^ga_=3X>N;q+{0I|Og@v<f(`{}MBOH=#&)%tK~d**K<h;v
zHNj<E&n`BgbpofkvzO30<9#iAZ$j(FJf!>P)SWkkcs20$y+;^K@r|pePx`v?oR?>>
z=jzTa9J}5-XmIbT_~sey;{vOPF9}N4KgL^bVTpQ)D-g*(bYqtD2UE&+;)JbH^M;?5
zD}A00$yFOypiMFpk}okS#FnhdEcl<3l0?Hr@*RhpJmplJ{LXrb;%R>HDPfLl%bakb
zwrXQ3yoBO5f5%@XIT3a;@lHCNIR!LQu`orMqclQrH2gxxkt(7z0&dpjg2Ffd5#?JI
z%eKWX?P06Op|v4gi9Gl^%A?7B7hIllh&tHu>AlwAO|9*y+|Ny9P2S(32)qo>#JG9G
z>(#2(QW|^=r9^rCMoAXA|DS*cDpLvv7FjQ3@n6hV$aD3^0UqEZZ1rUbconOH8N+q3
zq;*&`p$J05p%Ha@$-HNFi3QH&OI_dqvsxZBuw=ytfh4SzcZ)(zMW9L$$B{(3P5F||
z2he65?wx9SGfPZl_y8@JmQp``Rz-KKX!oepv}4kB7}IDk{N0?(9R()O?A*55$liuA
zoCiC8Qy(AC&K|}_0^Y@+mK$b@yxmp$1z)-0#_Whq#rwdf#r$XiZE3Yh=|W|z&8Kj?
zV!DE1R(Xwm>A0kfJW-$izF3IZbMT_>>oa>F1pXjx`sQ^lJn(jw3W~p_o%LuQ>luDt
zCi~1b&?bEM-ylsg)1{xYTyAqKtjFG@4_p-R{(ErKb59h1d?V03S`Gt^fVPjGAzO5P
ze8!AiOX%BBzI9Mpm4<s(`0vAyW9%W(ne~@JfCn9<>uv=JL4d=LkHJsn0%+~toNujr
z?1$RbnJ}%pI}-f`ZKzfP<`aFvGLd!q4BKlq0B<s8Vq_aEoOKg`FV>2;zAYf4m$Vs^
za<$9m=P2rV!&iQez8(0xrH|<Zn?T=wVSOpo?Kj8@c**||oMeR;c@L-f{p(eR8M3wv
zy@FYOw1rl5w>S$(bcVjK5l*%4;{i^+Tkv4Q|1}`Msn;b5f^&s)waXgUsT*jcxLQtM
zd+T0mAmo|8TlU?ZJrR&h#!t((SD^O{Xo;gad+HcU0uJ|jvyrXo3{$1qG~-DJ0BNCZ
z_}D5fNX09>geGZdn>ylVT7`{s9}(2$F4U&G;ko8C(Be0AfLtmOzQbEOT-a)}2iOZ8
z0OOZwW&=&e!qcibVp3B1BMa`(;(a<yo_P-Ugw}3=p>YmKxc)OJ*W7qdfIzY|b>mUv
zGf&$qT$dg>%TRONhMO|9I)(0dg$i;-3sJO$ik|Qab_n!O;Nf#Ai?y<OSw~H2*_c+~
zfu{8=XjK?;MUh`vzbtWY66Vm*id44-(mxr45Ka{xHtwr&E}eABj&R^BI*K=F6W<(c
zc(@lfxlC)e?3cD4tLkgF&)A%vD7hTz@&sD!{5%3wrV7>q`#@;(BP5Gl2LE-k35hYQ
zb1?sug{C>|Pm(}p%}~MVS68o(!TLr$@xdvg8wUESeBbKiEed}q!g%QD+Qseb)*ya2
zMC~5ITcmsNRTR%CWNl>4M&T<%<kB71v76ZD$N`z77EuE*Cq!c)HNkEtXUUn`QEMQT
z^{-=L$WT5hYhhnD4NF0YL?LO+f11?b2IsK;k3bv$PMplsbdxdsF(<0+^Lc{s^F-hO
z0ok*u_40qhx^ra?;qSq@^?bqCqKAP`wy)5-zB;ky>i_$(o1q>6Ai$-W5Xg)k2u{{G
z|1s428sP7ruh9Hgplem7w|C8n&hA<22$7TdFoxvbAc!9?Q#xSxUy_XTCPM|B^!du~
zXN!Uk6uYiy)?Kh|TSDr!gfz-XOaBdhpE_;IlxM`N(YH*a<!U|MFSV@^zA#xo{7Z3`
zJKQ|A$5$CxJb8O+#->_(Zbjwd`rSgUD_6)uP2oDItNQIwNNe%#A{A)_E-G2(n#H({
z@w$10W2?0L;L9`KiCW=4#D1!G_8yl~HqG-~D`6>`%j)@CS2fM8@pZH3*J}KHeR&Ae
zjd8r3`71~Awm5o$59A`;?2w8LK>EHDmvvk7eL(Vtdqbmu%Z7aSdEr+rw!R{G%oE!q
zUMJU_4FKWJE~iK@7x&1xZA1jnJ|*jaK#eq_P|!kWQy|~3oLlajJ-)eXJwa0?^G6X3
zYZdn|#6SeG^GXGywDa_oO(oIGc9n}Xe<ec*yY7rvS5GVEelLKlr@32_<|`|*0LqoK
zcq>FSuKYVm!xt4~v^4`_C6yCD8=EqY8S<MH2|K<yIP!uTu8}P9mGOWz*Z3L-_ee($
z^($8(O9U;5NHm)@Tkc?uVm)eIprF}FJ<4U`iyX3kdO+#t7pxrpxxiC;9Z}S>5v;<*
z%8b~wDmk~-RboFo5Uf7kUs63Q=30_cA9t;0S{8>{CoHuj=3DZ4?gdhuf-uo-*GZ&!
zyMhCE?fyP-u=|>-Aw!8f)erZdB@4@Sbl0V+Hb$M`N7uP{BXLi0n}bT`0uoMHv^t8M
zP#53BBgep)y#s$b^wDI-dx;1hdh=B%zf%_JogTM!u-70Y{Qoy;OZ+eXQxLjdvgCia
z1N+Z>oxlB^f5Yax1i*T<poU$LIGSxg2?JLbdEnHa^6}2UACdsUvHGgt3iCircJPjP
zGc{2Y3T85l{WO=X*y@@RCTog@8>fu$LQdpd9nOCG^BRz#tM&=v$Qk0Io9>Vt@n)w6
zRu=(T_EW;RDYHiU^Zz7K@`nC8zEEH`Rt?q{_;=U;R<)V>r^ynV;P6Gk-S(_`h{zNk
z7ur1`Wani8oYqK@GuX#>0-a@N1Sq;6;2v?>z$da@#HXCkL6RRjsM5Y{-S7uv)asx}
zubK9d^2QXN8UMTCH4E^+j;;w73jZ}oT24!$&v6*RS56rbPyU=lzkM+VB3d9iOrFz>
zn8#&31JU`pMXQ9cYY?QQHsjT8kkzB(@qUny{;OZua;|-B*KpBXA(0zxcLm8w-5TI(
z-tJv@ZdV^>sK9I?OHp-~r&b0H_!i|C9`5U0rA-#4spXc+?%Od6@XtE4(mcC(Uw7`W
z2;)W`W!AGq(qGKIfV}pv1)7I!!+jcg<zI~hQ;NBzEDmu6MG~6-H7brTfMI36o2SXi
z7`MhjRvq``FteT^<X}Bj)2%A>yz$lu_sT(5``7)zlyYt>%T-)KnS{IHKJCRY3xw{!
z0P@zqTn4Aqb5~fd;tT2|S`7E;{{xDW=HlklOLuiZ+u=F12?!IJ$qj}6VufLTGj=Fp
zgo%YnlQFKQ@0(xbv{pCsus~W{BvZ5)l0S~Ln^~HWk6NP=Iz1(Bv5`~#+CP8JY|P2~
z2UEM<d*&b^4bd<0qHjMaBMm`;BUYWSO+81;pxWvDqc0QYZH$bKj7OYDA3Pv8LlpCj
zx<xxkf?6L3y1F-)K5%gekAz17^*5Ii$6u$OvR&Ba_QmY9!|BClPed!IoZDRu5qi85
z*qn=;s&c5&lPe;MQf9)-Z9lR>_^wN{gy`6@{La^PRjVHTI1tI{6_H=y>W&QJ<SOnd
z(<26sO*+RKeSTow8le;Jiu`E!8kq_*u^?-)ue1)I8<M9lYP(pO4w;N2){D5om;va=
zkdk$g-4NA<f_HNc0~}`^%Ern*NsaVMp(!e-Hh*x{_$FzKXBp(4P^8FMHd$*|u4vn%
z)IB%Qp@jBw66ae2u-MX}MNsGZuT$M~g&)+h^^5c@6vIkFDioP(Nz*EJNN*h%Br=i2
zr1AZzM|&ctCcRGzPQu6Wv##U%LgzT*HKs$A4XJ*F@R8p)bj%I?+IMETW*^jfgJciq
z60<&J<jmmmJ1y6ZcrjvY+0;_BzkCAg`sqWdB52kn`kS=et|$_p=x<8u%TNAk*<&$S
z{~c0K@wk%4Q5CbkctCRoj^W^Sf?~s9AwaYJ_ynwH;zxc8^SMJ#1%8kOjaG-e*k}5b
z<T2TyqiFitY6hQK`0_V=B*9Q#bH~BZR5>flXym~ZL{3Mjn^2{wzF1LXhK9i$J7J+C
z2V_$~sKFISm!ZIoxY+K`ZW4Gj2E(I6=?16ao3a<ps%e)iK4Rbhi-BvB+_-U5BH=$F
zyRYu629I~3zebrB#~KL5P8#{!HWQy8F(%Tr3u&l&e(0UU_h?8po%G99H6tGzX>W^0
zyS+P6kdCQL!(rb4kQMQN3+CFY<tPMr1iXm9eJJ%Q(glPC62lyj1YZ3FyYw}nk)C4S
zQfr`NuEHn2<>-{OVT}dT+t5CuSow<XQy0|IXyphLLGpLL%xk+4s7_iM@YO}JDfwI}
ze1ih6p0s?fWd9*aoL?nVGAN{EFe&qcF{io^&DP(r+4{I_!IvpY>DF51rS7v)mkp0N
zuSkFmwUasLO>pDKJFd}cRe=s$-)7QSRe>Yf(yY6aDEFUXq2<-uOMQ*!?1?_lRBef3
zkP`#w(~4M?M2bbkD>G--PZ3!V+PxdG`<7^rvh4qNQVylpJjTf!!&-7ZN3{8~^BC|1
zx(c*X&<nZ8F>0YvqFpCYj2(LpyJp8G-*cX(U3mz88{0*}Iwy*a2knR>QSIeI81cW*
z`TU6cX3g!9DQru6>4w+mNOEkQ&ERPW96Zz$eB0eKG|Fo+bZepEDV5JpCUGF*Hy^S}
zwqN${`)SOk2YzM=*yBnWwKDyO^;z_-D29M2Q3mCEBc4tRk;J37RfM{=WJ4go`3R=P
z|2g@_Q*ymb^pP#NjpA(f({oancFe8$x%N1LF23kYN}aj+R7h31E8BHx&&u>%JwAc5
zqcP@HaOnWmzWg#z?9o&eR=&;yOxZl>H|oMwo&dDMVnZXSRPzlknB0cCJizW-yGx(0
z|CSqZPdj$T`O!SpgkLeG4yH^l;yvP=(w3!#Cq2cgW{s0F{feUaP~1D9n0rzX*LpZ8
z<o>(nq8y*09MY5@CEJ>)q?4SycSw_^m&kh{Iov>2tsugoSL!LYedp{?A8Q@lM?w&o
zXbzc(m8$&}BE{wx#$D9FFT|W!c54=8h$p6<u1Tk96wP`6OxhygQ1w@SLByfjd!DDC
zZJIN=7-8c!aU7cvq?7yhNY0WDdU@HG47*L#uwRJIE?iP-uCSeRsB9uu4o{vI*L|I7
z2WsWGd0*{ISU0;N7PX?3l|vQJhYqxwG};@iZAbKMe_L!`VYu0F6&pMV-u5Mvshe<s
zaZEN;0y%mQj~o&Mzm;-K0)Fts)(-I`>|beIpq$`eu^Nn!lBAMr<x~wVu6CI!SDgr2
zH&?;W*jn&e=rqN#_jA2`yAU2Og84@mS8=s+w2}5s$N<nattJ8D2!n_J2eCj-zbF{a
zb_wmbX-|ey_>MQnUj`%KOkSS_=Wxz>v_aY{ybk}B-c0{w+9_~5RKhfGX3<C9hN89b
zF*L&`u*qvLV*Ev|fDMYigq>bT(O1w3U&A+Ehd4n#OBG%NFJPgWw66fwto&5unfQx|
zpO|?t00!bORKgAwud@a=KoYir3p>CQ#r}RG&+qeGzXPKIRq<a9<AB)kPX?-1KQZCI
z3o1oP(MO`VXf1pU&F~4}_eJ=95nfe<R~3DuS1ylwn`Fw{B7FL1Ce`nhzJNE)#mio&
z5>dZfx|n^d*<MREK(#GD*T2zREs0s#=3OY;xyo*@(#-Q}O^51msJ`y&996$1-J9!n
z;FZPtx1m`rnS-ekhLTr*)MG4Ud|p0^1%Criz|-(7`d0($_o`pi)^+4ucqQ|D)(hBP
z%$k(72EJR2&o;}C*|&~*M)#C!cCc?Z`}PV4-*xd_mtHqB8;<Fy8R2!A$fcIa#cv&a
zw%J)l`ys4>b+8^bKr19Uz75c1X3KHDh7{}p&uhkK9elRfUqI`}-wNSKULOTR*e;>{
z4(GAr!&jUAr?T%1&JDmh91Ft5+FxB}++oHY|Fv*E+yax?PoBVkU1r|Fhh6-)8UJm@
zf1B~&X8gAqUv=?S7hiSpRTp1%#Rx1K$D(o6L0L6{I=HBVi#oViHI5=Q<FgW<m1ZvF
z!2rmIA{Yomb#ymlsW{QyOmw?Mw@Y-pM74{B;#eq-h2liCi&f%8bF=?)qWKEA60U-)
zVH{i!lVJ+n4tGH%OcRok#Ti+gk;NHVoRP)xX^Brud|Kku5}%g%fYQJh7{Odx^;@fp
z*jB!=mQij+<JwrGQ&}<hu9|moi2AK1e7{=0syvtRQ$OO<b&M}hj5jv!-EDjUo1g`q
z?xg)1QeGXJT!$Vvpv4X7u==Y@KjTW{wFXxy-z9pUWxEER2c--zqM@&3?zDj8^=vOB
z>K1#G^iM1=_a<ch)N-@_spVFpXfy2=Xyf`R?*V)`i4Q07+oaan2IaG~tGxEKwt8h+
zS2weNi}F{tw}A_2xI^SR+o1!#<~=Fc!+Sg|F1@nupGH2)n}E(Xqp{5g{Y3IP96OIT
zNPC5s#3z&ZWD=iD;*Uv`NTNg%C6XwSM2TciKf#QTCh^fEKAOZwllW*-^wQRP)!V5e
zxLY?0x_&Ywqga!)_s+%k%AO0!fs0Y4)m}Zen}lK|P^=l)?_REQ9JU*y6)WX^*F1t5
zKGKVG<>Sm^Z;i<3il`2xuT;jBBv-2DN*8jKVy-fZtCY#My(!tw-FJHqeQGX>dlQTP
z=8Y`+%&RWi=8Y6VYP?a@c%!KCMp5I9qQ)D=)vLMs1o;F$Q>Ah=>+0v&exCg=(#MzB
zei>fv_Kg@(SSRZ_zL3|-KiW{=-Ka7eCaF$L6V=T{zxwLPbcjsHJcfNkX@@bdi@ZAg
zLPcpE5n6|D%pgkZoOQ6C^>ZujW{z*sJ|UfUuiDuT9q={hrhv6MQCo*k#Izn!_Y%Pl
z(d!VsX-$fFwOW&I<rpg?e-s~@3U|Uo9Gk|mhpB$^)K3d_ed<Z1UZ^XRSII&uQdhG=
zXoam}RA#<sirh>*yZR^k7XuZZu0eK_Av;Cbf4T_z?-5~P;xB2PQh$+W3HC0QzvjFd
z@R-Uc%;@8^zlA5^DHWf4UHJ@cwazh>@^`eqhZ?q@<37*pdry*oVBa6%Pw)~RFpG9J
z{8{B8j?bg5g_k+@3h#Z5?Z3cZLG`;17I3dOY2V_S_3$>^3-PQ5Jn4N{yti34?oG%h
zwwJ;(SnlP?IPD5p$+1<mtKmbosiE{=e)yRCHM6~rYkfky9zKP?0kst|FkWti&mjR{
zKnw40#Xg(yu`RHb%6l98U1+19?Ob<<_Hc=hIs0XTzW7(3S7xFOWc=}F5v|Gw$Eawa
z9Y&4E*qnD^A-oUFo3n(9=L6a%SgP}Dr4wi0YF4Ws@wyp4Q8{+6>wHT4H~0*`fG=UI
z&bgIjlu9y6CHhr@ewCnKCC*NceWh|Q@7=5OZ>68g-7ojLe$yN8KLm22FZ6@{FaQoy
zzjd)U;m-#j+XcLjF_Et?Bwt_XAH?=iUY>t2Z7~dC-*DpKTWp^M-)8${-dhT%a%?2~
zPJ`3EYX2ErD*$J5>?}Bk>zvE6^Vl9u8{{=>rG1%@?TF{>mjPKZ`lrI3@DRr`*^pRr
z$cU9>#7Z(^B^j}jj96K;X>X#4xh-mi&G04kkR=Ba#{)0%#*4AK%6giLsVhr8heAD1
z#w3=g36v^LLX{@%%UGQI7U$G+&KlH}yi8>kCmQh-==K!6qOXp}JaYh<Hs4F(DXFxl
z=ooF*3bn+WptDw-cC|N&`e6q3!wf1dYGT^#tkq5(u^l>eJ%KXm8d;)F6R5U|nZX3J
zm!PVOQ&q*Os^VBWft6EfD`VlS*uI*IX&gjU%|W}L#j}*_E{;9aRfF)}hgBWYLq_YV
z4ms9fWofXQ?6$13sIuZ3_*7TJdEM5^OIK9d64@hGqw5DgaA0(%a?0*;<^P~p-zGC9
z$V>?`QvwZEKYyAaJ0(y{7X?h9d<lG@RcF-~X=myxJHec{GS_RF>$S}7TC*RO$53xA
z^VdowCz!uhvP)}swY)(`Yl3J^5Uq)Hh0JkkE21;OoV7AfYni9D%+p%tX01O=)o?G|
z2h+T@cz6O2PvGGRJUoGiC&ZO{MbYSWQX_RzBX#Otwa{*cEkF<DH^P#;;P0@9Od`Ml
z2|3UU)cW-h+CGq8$F`dN****o2On5a0DdS0way(xdlaY)bu=8Cu1u(xI;odB(T7fS
zp_5vvlUk{Bzfqpa>$BiIIA2))3*aKS6fT4B!S`Vdq}Qpf{_$-87_Nh#z)#^OxD6&j
z_B!@%UdQ0)kY3ZaQg3xqZ*@{{by9D2Qg3zkw0<2(AB2s6G~gc%_(uc2(SUELs&)<8
zGfu@)n_g|vrYn*J8A?^8ajB}u^(g-yluE);x;j*qVKa5tZ^(;EWuBv!d4WuyR+bqk
z%Z$wWO{q#XDnd;Ixq5Bpq8tg7!$mn<RHFntyLenR-d2rT%s5CbGOB=gRcl4KoCv-W
zu2O3#ylxys)XJImE_jITX&if4ty-08s~S%9Wn>MkB{Q+g@jfaJX}jX^NGM6iBWJ6#
z)}^C*zi9PCAq;_2GiUdb3psPKt}3Zb*>3Y@2%q>hb<c9tVjb2=VvROYY@O~Utq{Bb
zFTx*SCb8icd0aP-m1GIm&g0s7R6!wDjU}uaOGJ**qHCpM?%{H!JiRARS5N6ZYK@-m
zM_lCa|4j8adZ`eab#MCU&nVQoc_A~um^o7KYW23LqjI~h!pXo!8>^uX+8xRt^wsL*
z63$$sR^RX`vsdO-nj^@9eXw3XPi5I=vTQRt-RwV-eI;-P+W{Djuk_YGMZOT*boEwM
zgw%UnKS>qIIEA7AqVRG1{kC4_6RwP3#!!e_d^3hh)S?o#%#ov4Q&bj=vrekJWPTS^
zJ(p0GHFKw)Fx3*pwalTz96I=MEbI3%Yl-MuqPUhQuEoD&L~<?j>fq-wBCVE4t0mHE
ziL}}x_5BwPma4^4%~+}yOEqgtsm%E?cV4HS4zZogvQ*ki39RJmZ04segduRMww8;v
z)YG7Z_!bqeq{5X{xRUBtQr$|bTS;{*sca>ct)!}zRJD>SR#L@Es#r+{E2&^56|AIs
zl~k{is#Q|8N~%^##VV;*B~_|)6z>8(r<#*gbCOC<QprgwIZ5><soo^jo1}7+RBn>W
zO;Wi@DmO{xCaKUQ6`G_vQ`LtQhoajZ*q|M~?qICyxm^c3*?~@WFvfPqs8(v5m>a4*
z(VO#Iv6IXBDs!}QZY$@uilO=wT-Td{m8Tf(wA-~`&cNDJjGeS!@j8|MiOT&yz3|Q@
z3$&vCttie6)V-BeVF#<hohZ$Wtf!ghs!xJZ<W|&V28!E?;<lo=t*C4(3NiylZADRA
zQPfrxwG~Be6~6uQ`+#(g*ZKRudE(Jy?(T)gx~B4uFx(6G=}-Q4d)1j|8M^)!2CJc{
z{u^E$tcld$?8?Kt)RPXW&l{?L)_~Ph*SmO?@>X-52ED>o@0_CluD|+g(Ge_?%sk^8
zD$2xQqOO*xt0n4ciMm>%u2wxQVNHs0xtpo~!nDgeAxpdUwO!T*3D%I3HKenjHebuW
zh}XaxQnH40SVKD0z6omI1hp?Z%`vUhUIYE3@7*iC1~EkU&Gcf-Wt_Q;vq~97?Wvyd
z#90-O($6J}Xb1B87|t8Y_ApV#Ds~ie8mIam#Y%P*J%};4appG8+{UQ|%cup*s0GXD
zL5#VMQ+<!37cu5L&V0w2?>O@vXTIZNXr>CzS}%Dsv4fkQe{7HsMUbw79sSIF7~{H}
z@ue%&nb@O&T-89XY9LoR<f?`P)&wqgaj}a_4r?HXW!43}_hI4m=sSl|jb2DKdLcc_
zqi1=#E+0tVxB@1_6u2EKMIKkk;|h6PA&)EMafLkXeVZ81Ci=XIes1D^o3yVasj-wd
zsd49Kd~pCXlFxP#q{ms!7^`_-HRG#he3gu^GBdtP#!;!qF^yvnYma<%FEuEu|5o)~
z6y^`SkIbvQt-|2{&-CjATVLv}7JcLpbBwpu9P8~duOxcI-e>HsGq3i(Hph8QB8Q{f
z+1tk6&Fpd6GuGR|xjVSR7wlamOwQ@#)o(d(o4)d<?t7@Kp={<&D8w!5TQt~O%+`8S
zeS@lcRcDra+f4Pnss^vN(Vq$2@dmCqk?Y^+Z7^>}S#I%W@eZ;VTie;%!FzA!oLjs(
zyxPpG3B0<=yN#>8tgl22bA?@OZQ`sXuYTt(H*4_d=fp71c+q=I|KBVQx1wUcHC2SH
zm>6WO5QFr0FV2L6zjLw5zd%I&jkHT>)8DaJr@vdVzy6JvuAlAS_ggN}g4fw!CrX_%
z5p+g~3TLDUIj6yy;%H}-`ZjXjIh?ajO@Bj(`d)JNZ9Br$-~X8Y?!jtdsPFbB%e$h~
zXcG~mgLa3Am}M}6vn6}go>CzTFVNrI7!iH{+iy4DnDq_krn)Ql>Rosd_d7}af-6iH
zRpK$O`3Bo{umIi^5h+BZZ=R^Kh8lirm@&jUPLx{o#5y0o3m1zD>k^J%#`ZY2C(%w8
zVe8klvpIJTwD8_-qTLRNDtngUx91uo?0N8-sPI2dPhJwG{<((VKM!8U;;#Vx@Glfq
zjL<5)OauzA5v7IK86ygBV#K$IFr!{ocpEBiiMK^iybJHaLRbV1utWs&KM+AH09U|R
z_#uS#cW_o&PtwlA?u?dsjxf)W!gAghIPhCSv3C{ruKGXwZJ`B>5?}K?>H$wWB5Iz&
z9sf6CMRr+N<mjyh`)n=ptfAax7_^9TdzQGxo-3x?^Tc%jTv6_y2QO2}zXA)rWZ`vq
z=pno#z*!;A3T1zTC`Uu0*8$&Y8q(idYO*)X-Y|Q^`kX<$8pNwXoMUlLKnxVm@c!Mf
z7d#Ql-w2;Wg7FU(!|CO4>lC&pz#Y&4OZ7La4yQi>`V+u56S2)iY%`G&3}OU>_WKUi
z>+s@R>BEUS-X7yl&xqUu<BeYA(u-Vrk*i{lp5)S#TzZmAPb%oibYd_>Z*upGK^1=!
z*mnn{V=qMPsh;N2(_DI5K~HPwX^oD%m$2Mi+Ii3wb1L4h(blZVinB%?XM?+Yx|^8W
z3!bp(nMKbmdSjsqLEW2lPb}SwrNYX-bJiW_bI1AqH(2E_6!VGl5K&%Qc)2Jq{4sa!
zsR#KelqI$T`P64|hm+w(_zV0MUWYf}16alSei<x>IILi<FM;pzex<EZqB@GUMv3gG
zju@guTxXnu;-YT`N^6`7BjGd%h=6e>oGTiQ(ePgog!AFMZ~<HlS8~n|Aq-c+)i4g2
zedDKG=X#jP_RVk$;D5%?;5L{9li@Ci!98#vZ00>*!d5Y#p3kS}^Nn^iX*+bVy#sc#
z{S_MJi1}oSDl$bCQ9R#l5cBi5<3}Ap7RlcUUqL5)4Jpx>|926{-wk_UFL)y06JSCP
z^nyOn7xJJV90rHu`8lG|=D0lo@}U5Z6cPI<_78?)UJrq9!AbCKI2pbRmvSE7Vt)_D
z@EW_=H^NPTeS{xtS77Z5tX+Y%E3kG2)~>+X6<E6hi$t(Ul~(9>5yB!NETYvKi-fR9
z2#Z9pL<CEy(N@so3VK&T?<&MGMsIJTF&K(r2pkQ^z_BnChQV++4vzOm8YSMy{4czT
z`J12xT46J6fiGbzBw-u4(B@6FP3Q}G(9aub52QT;PJmP3bQlfl8#Qx`0r=#_sNy!P
z5Ww$;qZeV+FG>W4iNG*g5k@P*N*`pNm@W?kOH3zEN4qukeDcS4;bLlxOL%=5+vC`t
zM4Qgf;V!+kU-LfKdAM75yK*r5(>XYpiB6>rRYYcp$W-47T~B02#I52%{(l&LiQ-O&
zN7()q%o2mdY<L6e;4Svm!`qDJ9nO1~_B~h#i=YACXMZD*OT-79yA+nea##Ut;B)fy
zCeCRgZ}q|lHq&lp&bxde;{#Y{J=R%|b=G%BMT4m7b*w0*Hi+goiBjK@R49Yds$v)d
z!{K;10aZPTmguL3h+@q_7WEd^EXA6Gs41e<6j5r5C^bdY8qYD*)4G8+O2spk{CN-C
z_rd*80l(&bGiV=!-vCy(o`5Q@`6SnPitVT28K{P5fh=$R9_DfURnD6a<WGxiZhc7P
zaIU`yo<-4r2X$f>de%q<pmOalbghx>A0qpQ$oN%-qtVqLz|}BL*E~_tOJ(~^CXZw?
zd4#+e$Hr@j6LMje3N>QGMr;_dO6bcqdb}qv-bU*#w(kbUO_dU&PZ3?E)KS?j5G}e-
z<U)TVub1$;t6yqPRUc*@)Q2Knfw?Ga8+5=9(a5~6VqRA<ud9gfM&`DWxosrQ8}%GS
zjsChn_w;C&P!D#g5dFDRkUK@VQw4X5aHk4g4P`2CT@_8$SK7aihl;0I9i`wK*ad(0
z7FqAYd(cE(ul8I2Uq3;V@<tx?Q$&XUbaIwjcUB+tjN|z3s=kMc9{bf`zZ&dUldkS{
zWl^zzW$z{TRrYL8qAH!NeK<l+kE*|cm#!wL(9-G=MLnXZ$1K!i7V1IeCT3-+$5lP5
z$D!PP5O*KM6-&8dDOZScg(&Zi@{Ur@93+P5@$@{FD#lX9ShB|v+HV|}9n|kC-S3_%
zpnd&~WcnMXzoATj%SG`&=}EU$_v=AV7R>Y_%W5_BpeAFrnyg*~Grib<-7^-=4WhY0
zv^I#=2GQ0a+8RV#!{}-lT@4FW^Dcr0SOTnv(9<A#8bnWn=xGrB4E}={Yh*NyjHdCx
z7*iUGeumM_Ai5buH-qSA5Zw%-nL#vDt-HeLrCNK1(aA768Ad0==wy%>Ek!5Q>Sh-a
zH7lc&L3A>RP6pA)AQ~A&BZFvU5RD9?k74vNh&~3<#~}I`L?46bV-S5*Yq>DG7(^F?
z=wc9E45Eu_r4%IogPHiBpV7s3Vm^u%2GPPGS{OtNgJ@w`<aO&nhn~}NtWb^>%CSNP
zqpvt9{)c2@t>Qqh$nwYF0dbYC*#B8f?emPTY`ni`9PFDBal}8E$?h!J(@bh5KS5`&
z(oE*cR?gCH<=m&5rKqM}KZ?Wj+VMcu%)@erfd$UKXBVmtJIH#6i6>FV9u!pUK|SAw
zclK9P>mw93l~&b4^{s~a|I!ueR33utD;>+4teh22lod{t6;4#<89DMWu#6nmV&$xO
zqO5pSoz>3FwzKjnXZ;nl#_82zl=W9RYp!xuK2c`0#hz#6*tN{=YuXc)O1Ar7Ci}f&
z`226M?=9@O&^VG=ozJXJFT6rjFsqHsYJK6Y#tF>ode+WenyU0vtym5H+{j=%S0Bw@
z373is(1sA&5JDS5XhR5X2%!xj;y*<Ehlu|W@gLIpeFbe-j_>sk^88>%R}4d7I2;cu
z_n$<28nAvNu0y&OxIyRNgX#g|J4Aeki0=^b9U{I%#CM4J4iVoWVmm}^hluSEu^l3|
zL&SE7*bWibA>ukjT!)D35OE#)pVk+|dWcvL5$hphJtVHrSSdi&O7#qnu>C7|3+mx*
zZ2S)U-=%#I7Q!N6B|(*nE`svl4>)%zEQ95+LO(;Q*sn@8gr%*Uu2O4=mKvg^hG?ld
zKxt=Xt>0#$vJt9Oiz?MRU={+*LV&m}&&)yq#f>l%0o27pbt9;51l5h8x)Ek4kWt-0
zraGF{!>k0Dl>oC6U{(UmN`T7LLU|+1PJr17FgpQeC&26kn4JK#6F_+*S(RyknF=sd
zfy_(=4ywQo(2=Z}2{1DORG6wDTSHW3NRNXDX@@D+utv%Fzc`|&%-pTP+1WVjDP<4O
zCc5gEP91OiYJr2FNvNk<rSwQWXDg*grQ(bOpC10FpBh>#{*6x#CDtm%TBYL9%(Ji{
zb{vi!hjXNYBNf=NBJ(tEkm$#3+{bL(_fMY+=_f+o+d9Lkr`v~%r}4s}V!D3%wUF&a
z`nl3{t}u%${DCV>_p2v|FN=DvP|p?WGgp{Z_!Iq<FDy>MJ1p@S74b7f`x|W6!2);_
zcC&9Ucw#y_KOLQ)j?PcFh7v2sQCXhCc9|HC7g>0bh31#zNfx?aj_yxK_ow4cmNlDm
z=RgCmm(s&oMt^$_sx{Z}lMDQrTu`o+>m^<P?V{(q$O$9J2_wh}<>Umk+!#Sl_^9w2
zY;c`11kYQA=QWZOM&NlZ`k7^vo@QsFXeJW{=}nX#s0`H3-AlQ9f9~F&yN5EFD5Nvd
zJe`e(aOWZ1S>4so-Et1fKxcJFmD0qX^l*t@m6vwuU8WxH*0t=_x6-uk=M*P^s+9v-
z(RrYDjpLlIi0xWgtEY=k>Q!;K_OJ>GXGRubWRdQgI(tP-g@2I#pqbq(lX4y5YIQPS
zS5(9Bm|*7la1aj(;vqpsSCd^;Wu6xY@t7bZYh+}Ncui10GajKmB&eSo&!(LN>F38m
z=BFMXrb-}Jy`*EOo}Sm!^LBdPPH)@M9`#gKtpe85!y0-=R4_-kiCN-=%yZ;0y$jR3
zFue=Yvt9IT7d_iW&%*R9OwYpftc9MnWS$>~vHL7+8=!Y#dKb=mW*nw>Vf%US<4o_`
z@tjg@8^}C2Zlsq>@SGexCkM|7r0W>53tQGu!vr(Wk$2JKSLpF`^w>|2>%~d*IFhNd
z%IR@AJuaup>Q9x`pDL?=rphX($K~C=eH^o#uCzkhzbCM*Dy`Y<p9ATNtDGJub=5UT
zX%UrIy82Q+AJU%jlCHp39pLxjOvDY*Ram<BO7Hj5`+9mmzdH_&q4)duT!>Zs)rk9g
z-jeBgId-0(sSj0;%jvQ1tzMa+?(}FqJz7tX`qQKSIug@$p`RYTPLD$Ls5}#yT|F8?
zk5-9q{j<-%GF8a%tSV&CKX^`-U4c|(RUlmv8`RIkdipHw8of5tpQUw2;<NwoIaEMB
zYtf&xm0-)LQn7zhZ%4E0?OoV&7xs*1l&;GYqFU`{!<@A0WomDwe1RT3AeyCost)(-
z&l>RnY+aA7BiK5Mt@~%Ipy(x^_m<0gZ@JSB+o40{Kf@<-_$NefDse;f7X#SJ7mny7
z3dNbczDQg~=D9*l6eGnHaj&>k+%FyyKNOWzp5w_kkBDo<qvWKBcv8$2H;Gze<N+$n
zCaklJe^p|oNQ&Qzl+jzfY8+}DD&8~t8hK)&ahP$qXfQ0p5{r!jqmZ@UK;t;E)HvBF
z6`vRZW0d&RxWu?rY&1f~<sxBRX<Q>V8P^&&i#Fp9<9_jX;{oGAqqp&U;{~ISG1GX-
z=x1y+T8+bvE&THvTaBbqXt;)F43ttHVw@=Z%D%=avY+f{d`AwD1B^0xxIEk#A$`(k
zoGNW;8zZG79pf~4ge*2rmq*K^jkD#ka;R~R94?PH&XXs|QX?q8Bg>3S<VbmjahW_z
zo@IPro-NNY#>n&JdB#|IzP!M=QeGr4GQ#o_88WVt-;-mEAIY)u2gbGXYI%e46M3V&
z(U>G}mgUA|d8@q5xLr<>Q;n(eZW%M~k@w37jQixHvdVZsJ|&+rekq@o&l=O^@8uti
zN93R6OUC1Jw*0eECFjZ4jHl%5@^zy|*2#L~Ir*M^&zLC}$;HMW<r2BXm@SvdWyT!2
zQm!=qELY3b#$35ZHXHNgdikj_Uv7{ajlal*Y&G7HU&^FWFJ0Mgyem6ohp|Yeq-Qjk
z(v-$Bv$xsXSZ?+)`xtRE*X(bsFb_BLjWwoa78q+yzd6WQXBL~q#zymKbC~hDS!Rwf
zTFo)$IAe=B!Tg!A!+g<v(b!`yGnW~A&A7S3@OmBED_0u%)AFB@X8!N;XGtgj&-qK_
zG5JgLKbGg@f0ExOFU{ZO>n*SI9qO~?t-hOmx5}7rlJ5?Azwb`po$}|tm@g(PefRqA
zlhb?^z6a&QzDnOT`G{}2?-BW^kAHH8Z-(zN`Izr<-{bOe-_yS5<P*LZe1DM7`eyn5
zENgtVzE|aozB=Fg@=v}cz7OPUzNNmn{Ht%ZZ-ZRmYxQlDjlQp}LuB0QXBElMts|^K
zvfUbN4VF8sA=c4yr**6~Om<qwTgS_9tP`!1<Sy%EYlPfmjkL}%P3uhSO!E-yJZp^E
z$GXxAn?=?*YrHwg`muGbIoOI=6U-sjP1eokFzXiUR`WP(iWN0Wte6!uPqOZ{9x%Uc
z{lc1VmRY~Do-j|dp0b`X&#`K(H_Xx2+tzY(ytTqwYnEH<taaw?*59m+<{egxwb{JO
z+G=ez@3CCVHSe`{T3?y>St;uqv%=bA?KK~?P1`hoZuhc#nU!{5JI|bE_qX%Shi%I)
zFdwxC+DDj=*~RuT=HqsWeS-O<{Vn?x^J%-x9%0tlr`xBS&)a9(qs$lV(e`L_rhS2Z
ziTOwS`}P=fj(xR#tvT18Xy0tUX5VVxZN6bw*uOO2w;!<|GgsJ;+mD+c*;V$F=34t1
zyT)8+KX1QaerC_IXPckfbM1NN7xsMnHM7P3#Qx0OY=2>YVY+sU-D0-cTkI`nyS>%k
zYHqi;+3jYBohmre>?}CB;Iy103W5b=bB-;TSa4g;h=SRUku%Ea>*VKDIcGcP=lssO
z&>5RE)0ynto%5>mrt@abo6g(LJ2`JT?>X<~yzMM<nsVN8mOJtP$K98}M^R+|zpBoJ
zBanpY>P+>Jgc|~Z03pEuA{dbS5D-K}L<C_`@j_jdV-*xUP(gHE#T8veg>_}!RaeyY
z08~IhIm4lxLR3UR6!4(`-+D8-4|0L~`&WIsruubV-Cgh1`&PfHiugFNKCmfbbzo~?
zTg2MHj=-*n&jNb`*%6xp2LmS~wrdEMh_7{oj*R$5SJ%}ezSA{zOvE8=YdhkYj?-?$
zk2*moM4Z(1bi;_Bb#t8@aZ0z*?R`RL=+3_Cx~uN$i`G4LA76~_r-%4#eX+jSS67eF
zm-*uL6?%-Xz8<T``x@%2^)<ex`Z|5RFG)|<cluiBIeLySLqDV+@^#RU>nD62^;7y8
zUuXTCe%_a<U(}0z-Sx}*RbNm2Z~dCDzkWl%;Tx#m)NlGO)Nkpxe1r6Iy}~zGf2ddc
zF4CXsb-qjVdcDCnQg7B-zES!M{iW{;eL!dXuG9zhLEkvHn>)~Vl{?5C?7PVw?hg0e
z?2d3p`fhPYxubozxntZbeN)_V?$y3&?zQeD-`(!@?hU?K!F9oPzI%h4f?Is|1-}Yr
z`{o3X1&{mY*6mk!fbUU~=e=&mobzAo-;V~-mGu9i^9~d~^A31N;OBXp5Z{SowmH0?
z!YMM(P&=05c)Jj7Esk~h&ga2T_Lhd);C<(1nXruI?+G1e)_DhUoWQZS%sIaCmcf5h
z#?;x~4lf(OM=ILFV#+)i@*Ll9%0?~w%=-rQ>++Nn{>^Kf;?j<VD0w}NpVGl9X?(aw
z_&sR#o}4%A{ZNrwP>RX(QyEiN@m-Ws%Mazwl@<Oi^e%EJ;PIp3^D^Fr_fzrDr63(=
zN8z))T{yDxT2O&^G20s!l0E<1uAp4;G74Rt=tX+Uo5=Bxy|s8MYa!JV`RoW&)}q($
z#`*4?r^HeZGNF_@mwGF5(<r87v0n-wdg?2<tUc_HaA-=M%-0SUejiA^EG&V!Rxc%A
zU0KW*drl{FLeId+G0u^7`X^U8$1Tb(yZq<AX`Vw~Z&k&l$;yj)8~9ERSFW7}O5YP|
z1IG>T?ZewXfa9mrKHY=m9=${*8hXYZ?s?DIke+AOdEa{<ddt1<fA4mLoYB`RUB+jH
z&vGawXeh<-(3x`HJRFPi5t2}QDt=Roq+FYq2C{3dw<tux?<(-$s&HAQNZ8zxHh3Fy
zPZCR@o3j=0w?R9-&07$r8D3vhv=+2xGGxnw)AMsd?#Pqa7*jSPG{>;e5l%7h^!HN{
z=Z(WLr4X%9+r5miAAQ==!g9`A02#2F?`ocxlGpaC8Sya=t~H}!`0OZZSmq4_tx)Ma
zj^>TtDd8i8FS1$wXIDjg&YmkQQ!&1*@SZD(@_s+(Z7p<Of@WK!e{JwyH({w|=iv*(
z;j7N{Ju_A|IAe8*DGugnhheSk03^^0<*4B^4$qJ-#eIJtg)sh4A&F9Kx?E`*)?8+I
zgG|WrVrCCG>gEy)N@$nPj59SP6)ZoO6G9p?x0f2_j9A_vub$V~$hHEbN-E1EGh!^w
zH;Ne9pGt}RCKo`WCzaF;<XRR^6Ta)PW)4cY4=l=|=H@X{W|;Z!BG(cc({jgEaBmJT
zxVh3k@9JbDt3rDH{~hN=7CN7K>Q}F!H<RPv7P#_lVM>9kS*7uYx6RvT^p?V!ONh>~
zBgJXm-VKG$59h{K<R8yZ{aQ-h#f;tF58kmb?l#BAq2tUtBQcA}+!FMTqR%ovcY9x>
z?OQ?==r#wv^<jj$kh$WhcQ}L+ODKE0x1FCs;n9id95ZuJJZk{%+t0Z8V7RXLQ1i>s
zwU-yjX*8}7s@;>*dOqIZv#-1_O;}QUIL-dtST@V%GmJ*~c~xxQu0a(y<*Yhy9LuPX
zq%Dpwiu8)#$K~}UK1(TdbtP-_E6Y{l(W+@##a$6SYMnRDyEp%wdKt?(Bk#z2wb1#l
z64DiFuXmN#-Gm%}ufUb}%mMB%ne!7%yi(<kd(6_@v&LMvIaq)2GEQZCL2nwz=Ruk+
zFrMcICws5(*;*Wn!sE^YmU-rEVyUB^k&9VgKgOZwGG#XW3Q$&rP?k3uZ!?Q&)7bAZ
z`U4QsH{n_qg?_{3&Gs^(odoeanmHu@+~BlAb?+^F=Iv$v-jg%)Z01VN{Cr8?Ja;}?
zg}?n6{g{83<<6Y0&94<#-tjY9W@cgYm&$Lw3Tr8){*1i$UCdR}M;0N?Z1lS%*6|Hx
zt{01*I5V7o5!!C3v)L~wZ5{x9y&pnzgyzNj<*%!fcTy!^_;SXj3g%u>nK=V58$EY%
ziC2$=zS$Im@=bqVOpA-vX-h1x7`HgzQDFyd&2aj$GN%6B$H_D8!r#?@msyx_pDE!x
ziT4F#gd)Ah(8J&ELivBE)>pj)iunS^mfyP_zndFdC8bnUJ}l0kGvB*7>oSV#uadbn
zXj5O6J{M7Jt`&JlCF`%6Q7_-u$#Ue%y^Bh>qEU%;lrRz(J4Po#gHD34S*AL9zA&u)
zB<4{{aOak(%+g&V*OOX?vQmqF*{TwEW=j2EbY+`gD=H5|GebQpUAH+Nt4tw~j$cw@
zNft>VZq3u4a&7d=&BY~@pK<y$XV*a&`KkC>+cM@qT*(F`mQ=TQ$U9W59>w%3a8)#K
z;cetE$A?R}%A**1U0B!4{mmWSiq5B>roOBKvudI57nQ!3@Z5e0xWU^Wwqwls)_gEO
zonzlu#)2}0ThHc9Qq{P!Bij5=$2==<XBZ1CLi{tv1M|FV@_n@*T_Rr`F21i7q(fru
zg@4(52gl2~wAtPgZ<e>pd$B;yEN>ao=6#hkGYRKYu4OWCOQA0wMe5G`_O=K8xr(iV
z(Z1|l>&HWkoWivjYp*hv(eu==UTn_SN&XsQ>;{wgY#-0I<b3ZapmpLsEGoW4zG~(a
z_jr?8-wDk@E@M9e^mqAu8n-i4-wF=RjNqse%3I5J75$7|BcBKJU0cSbW#-K36#RD2
zm~(@%6)mx`XLFv`=&wt2&oWTA;^z~3M*U75^&-QzlPmbSz=z+(3ZAvgGW77gU`Q7>
zvDu~CaGEd7S>Ph`zAj`+=v_<>eM9EAwU*~;&DZEf+zX7=(nUP4ny<ESdGqk@m-0OF
zi~J7r&(kj8>&99rGy}Y^Kue4bz`p;PcTw;wOlF}u^IN>2*CwQ|^Y_0!%xOt{X5PXE
zriJYgLe>`?E-Gy%mER(B73IvChd98@k%xNr66W5}n-0yeoA*4PuNAQIU`m$v6wj__
zh2LaG{<;d)y}IyO$@U~?+vV}ZX;bD&A;tIqS&p>>-pDTI_A(;fl5jMC84i6B4t-HD
z=Zn18!*9*d&6vNam?vyzrq>!NbarOb&#ue0_g>19X=TatTKPsyV+*$oPw}&2)2;Jb
zRlZFa8M1h^S!S%&ajY!;+iA{Q3-fj<qgcK?lXGe-_G%gIJ4-D+Y`w`n_h4uo^QKp>
z%wp>){LSMcN~Q)lI3DJ~E|sbQWq9x4_^_P$LVc@DT4R_u%lO}!^156NKIga4Kf_AQ
zw-G(h$mUHsb|%H7$@$OFEcDZ1{I>IYl=NohrrVwWOI1ajx5H=?VZL}Y+`E=}AC;P?
zz&k6O{Xx$7Si;qEfBi3%e?>k`XWyCQi(+a{C&L|~{+vz{zG~e~`RZDl+y5uRkH!&_
zHj$?`p2~)n7FpPet&FY<csl*mUbB|~$Cu{yu=2aIw!v#$=seR{uX&kg>ffAa#ufgm
zjCYZJY9lx*^3>r96_}3aU(2h-@do@Z(ktG&vbLd^cai;n|6Sy{Q~v|s2~U;j3w&ib
zuTV+*7?qVYAI1L`Df$I9?_VULFBxT@x8;$eq|sc`REi)oRt=zm)SCv;oz$0R&`g>_
z_s~3=M)T=Kx}W|*YiS{UPTBN6eFMLh4#IDvLqgJa;S<&9u&5zw(GMa<)S=_T7RmIp
zXe+uP)>jM=4b6HdqNx}nt`SLMl9(Yf#nWPm7%p~;uf#ZB(PSd8XflOYG`WjcG?~FG
zn#|-CP44CuP43|pO=ihfvXz+4t8v`xpY1;`?)U#}*Ac(iw(UsUPOuYYoITN=D7Ag9
zeXVru>+G9l(7x5aRW`71v!~03ysk!bd$v7WwzMCxpOLM2{fut*OZH0H!~V!#Ew8jc
zRf%#uuZr=eYN#5@Wva1iD&OK&G5*V|V!W%`s<!e2m8R0<a+RU_$`z`=8Y#2XC^brE
zoAof{*JeEo`K?(GLmpPQs9WVxHC^2$kExmJ0eM0_s2;S0dRVQqr21TaZe^+sYKzrP
zZByH=Ug}HrrPW96QoF6bYQNfV^;g*{+Zw<tVGLB?sYBL<>aaR&4d(SQhNzS3q%~Ci
z=2+G+$LIL1%XsyRtDT^eXiah&IL)k^oEA<?>vmrKVk)nGF~iAlI$3u+=Q&-hd!6o1
zPwRfCw=>9kh*!UOoL9ei!nw-1-+IQG<IJ}{;<YZ;IZrwZto6=9XQ8#xdDeN>+T^_C
zEU`8_uRE_>Tb=FBc59pSh4Y2AT|c1bSUb!b57w9ZQT?d3)2#Gh?b1){h1OpEoPNRj
zO24ERTVLy!^~=_``a}Jpbx^O?tF7<!r}|UtkXg~e`d)9=o2?^eMF;DsS<%5dW>$2t
zesa6H-L2zp4|jld(jDv$j*#wfcSMBcj&w&yM7m?#F%ePjIQOcES|r6`ULB|-`QR;z
zgpZ(V@D5dnkE9y#)u|@?DBk<GHv4E^Nyzv*6bm1P-#TQIAKt;QO)e0vLfrVe6bIjl
z%uZG3l7_F3>n@!~LHMq?UY9Z{9=;(Zz#EIdW@uFsHAfp-PzqYrn%bbGw$uTXj?@|L
zIgfgw-rm#)?dc021K#b2Rv7NB1Ma;Dtr$w9kn3{zNE%IJP|uY#9xa(b6VZ~ZX);=J
zGyM^5xD8z15E5WIYX1|w4eq}ad1t_<KnBc23+{nWrdjY!X*PT_x)(l)?t@Q(WVjz!
zAAoO8bKqOhgYe1p5Iu~mb0I-mLxRkwG<p<1ogRa4Pk)9_rpMvWp})Xq&=c@x&9o;$
zSpeUGo}xu4;RQ&arjS1WpeFPRd@?Pi|A6u)y^S`!L;vNqwmt&=V_Jnatfn<+!zb{`
zyi!vW$gQ=Ae@>f_ax?8jdv?J$rQNg_t=b2Pmd+Bb6-%`Cbcl{4{R#R7t@@QbI!6#>
zTnETFAGH>dB9ert26-oW-6th#ikjpTQ6h?}iCU0=H6Q_FsFsKou@o)pKpMtE2BMen
zs!&Qe!XYi<L>%G)5ul*ZLQ}kOg-eMdD1uZ^)D?B9vxpb*)I}tS1Ug?NibQH4>WO;P
zNYoe2(S{a~us&W_N{M!&6XIrdsTz>B{ZM;<(I2%B5Cc%VS!pU3l6M%|VAh*b;tFvE
z(vJ~lCHHaS52$^jxCXUP61SlCTgC0D_YN@)HBJ|IqQ<+#UC28_%s}3!#X>xXXT&qq
zOgt<8Mk(Ss@jNAqMdAf&E?yKbQ46tHECFS=*iC)J9<i6YiGAWL#1Dx>)K`2jzNh};
zF!->aI3kYF0C7|t1^ox{1L()ZG0=Y$KZ5>~IF4K=#0lylPKuM%OZ+T;rk>&#@eB19
zzlvW$|4sY``YCY=bWeEH8>5J%?$VMLT_7W51mZsFLp)MOB3?~aLmXoawKZc5rJ6AY
zaf~sDV~jx@V+`ULV<^FlF*Fck%p=s%Ki~f(Mfw-`pQ0%LU;WRK<A2`2m;(MK{=ZXw
z|I7YY5&xI}HEQU8-TywN_&@NkqNe`U{xy{B|HQwZTKhNnv#5=KtA86P+x@!`-|gQ^
z=lJ*ezbD~8>_1LEjATR#T_%#^>}qy(s%O`*qY;m>>rexXa5kN5o4r=r+m7u}B1XFe
zO12a2L~3cqJhIG~M-Ilk>k-~y-$+sRP4-QQPqrshq<yn}GgUWZA)SY@@HSk%-M*b-
z>^tl!h)=brBIPuD8sgLK>EvRhyo(a-8TL%ni}8{gW4wF-;T(Gob+8|_AEer5O)6?`
zKWsmY_*{D~;`8iz)X{##egx&rx96kGNA15*eftUfNzfPA3(%6M?7vb?`)T`W)V|Pu
z25J6g{|zNSXFrFMpSPdK)tBs-$hH^TOOWgD_RGli5Bn9AxzzqA(!Xl|i|X3{wqHZZ
zuiLNV-rum_z}5fQ|3ORMwBH0}nY|2UzGc6K65h7oMhWlO?;-E|_WRV({=ohK^yT()
zim+GME2xgW(q4%>{mA|Zc|W#4M#-z}RY<eiUX8q;+MlAvwf0)%U1zTY{WE(#Qf{y}
zpoEQf7E0b~e}R-=+F#;1@3eQ~E_T`b(W(RX*SOPf?C(&^A^R{WN9<#`yC3Zn$aT{G
z8BhBc`xMIeltrCXgsMj8s_Lp1)mODuG@YknR4jE>b(Ehn(FJU3sFaGM#wwsR)lsg(
z2%~~3NOcuFMX7idPcbS%VSG`EDv=zc%}{Hj%^+;78dI`rqM9JyR5hh$Mzf(7&}>qu
zxoWLigAV<M+8h0bIzYe4K-fWb#MMr!6QwA#zHzcy4GbyIQ<;c&Q{52nt}ejU9;yd5
zRXtTNN>aU5Z<O3e^~Kfxsy|8?pa!6{fodSGUZ@5m{Sb8#(hpU`P|n3_I8t7sMo^l%
zRE-1$8Wqx9p{_u#F=`CrW7T-1nV=@nIYzre{1$Z!(%-6X1!cOLjx>K#cY!`r%|;3L
zss~U$^ex=!!|GwwJ6Ao5G-ltiWU~qxTDU+xjrc-^(MP?Y{*JsatEDLOpXxPASFfu#
z@idmH|02!1>OIu*zWRVN)N-}LtkJ1fg7TsI7%g0-R-uH|YBkcYQEQOq6ZHwMeyTnN
zeXUwct<*ZTj#?U>50njR1Hz4JBigV@Z9)l~)n=sMqPCz7+tfCM+tqfGMk6F;G(v>X
z2&tOU2&uEt2q_vG;dkUWE2QBn^g_}`FQi1H7g8g$P8vebkyOj9mPW#?mPX2nbZSyP
zvt}A7wVm4JbE2IXs^P>s7{#1Ajvr~1<4_|f&WQs(=mg1cR#Zd!1Sb*c8#oP-rjgT_
zf=&~sDN1YRG$RRJvjxIrCmDHLIxUet#c7L_sZJ_2aN0TTKuLGfDb{K4w5LR9q8Uiv
z!Rde!IyxP3wUdL<4Z0~bC#Q?k1-ZIA-9f*=>4}uRo&G3ofHMebhB!m0nsbqJ5n4FX
z8HJW#?u<dnS2=$`YbQF_BIP9KI?~Sd&P^z7vhzoZcW!g0px&v@ov86HX9jh4W;%CM
z7v~;l7M<_Rc4ni-d!75y{yEMZq<qkM5LX{^9s>Pg=V7#Dt}_p{JmNfplIJ_~QSxKX
zW2pVl&YzL%ap!T=3tgF78(kS8bY*G>UHK(Sb{0E}DaBdhECC&QGbqrTDZ%K?lmNZ?
z0ZKM2q)}_5JtKtn49esBacZvrqW?lE`U(96;?SfKKBu2Ynnn5rq=7z7X-1!>bfZsG
zJEKoi2cu7evR<!8xIu3K1zI)oLaRnzXw?XzRa0wd)!nG6+uiMscn`M+HFJBqy(q=)
z?e+$xkK32h+<tC9N_YFa{i(e>zy(Je{Tpe9yWn5<6892Hc1O4)kawgzl3KWzxtD=5
z%Do(EM!Tbt2HH7F80U_o3*D>StDyTyIe~TbUaXzRuqGZ8*20ap9m9Hd3~SiES;Owb
z8n(k4c0bmz2e5{HA#2z!YuNFuVfSJU+hPqnhPCP#<Tm>BP-x6CtSk3sUAYhI$`0$w
z16WsfSyzr{{WyX3<N9<rG~*1`j8j-MZq1r;8f(UFSu<`2z4$>;9)eGYUi>h$%(?Ix
z(2g-i(j)L0tR<(jmfV@O<SwiwcV#U(leOe-tR;_OEx9{u$vvPYKZU#cD|`YyP0u5~
z2pV$&y#${@i)jh9q`yON&Vb&$6guud;WOw}dL8jMph;&ylU@dt@fP&y)~rvbL7#q?
zQt3VTwm|zU5&sarEwt>9(87=5+d|hi>#DDYPlLw22J}y$XQ$C;@M+MtKL=$!ZGbkv
z5k4K7_h!7;E$|tXMLQ7x0$O+mwD8@yx)(kjy7)fa`&YCdDCYq5^3L=%^zsz?7J7LX
z=;ep#eEJ@~D;=gE5&sFAdRNxeyFpX`l`f#);4|qIwDt>xS=6S7kkH+G2uoO$&Ki9E
zd>VX|s4l8QORfRkJ&JYrXi-~4BMyxnq0!f)SznK0eLb4>^(fZY>#)9Vv%aoaU+>HM
zdVki}2eQ7dSzoUUeZ4+Khz6no>TM{J5O1EV!AsFnv_#3RL<;ajYtaVrROs|IpwqXb
z>LN{~p~iI40r8H|@}q>=@h(=J2VFl}bQN8xrZ``m4|=A^gx=pxbVIzm=#6+E(HHUl
z;zERj#SnxSiJ?e83`igfNZ?|WGh7TuIhTmb5FZ6p5Dio?23N-d8$<ycjKiH?CB{Sh
zp8%XtM_dh@V2f+TwG;=mFbVg5otTXH%|H%{kwbqVhdY2Pridwc0#kt^f<O_|@f_|1
zmZ-~EB8ss@4KY*9MEq{?SLp6f12d#BW*Ets;UdNiBN;PX#+c!9#tfqvGmK`;a2aEU
z%Na9_V$3j_F~dm43>PzIxP&poaK;QH7&BbVnBfw}48s{Sj9|<#lrh6F#tcIlGYn(Q
zFqARFFj-61qE0eeM$@@6R>mUkmwv>RREWpPIK%@oK=ow2jHgIhPu4@&R5nG}TDGQu
zOp|GdcaohDA1;T}rSeL7CBm_CEcxVkIUeC8ISJtuIR)Vp@(F5e*2$%&a-m#^@EQ3G
zCCTUHb2M1KBwwP2@}Kgb2w#=2;_6%SEu?=(zJoL$%a5srSs@qUMhUG#ZkC%VS!T&B
z8Y1`0{h(yauc^6N6_=7NIBI0p!=)xx4XXyinpRC}X4ST8(;&-l`Kf^ww1NohT6J-?
zvDFyq4LZ8Q>ST4Ide#(c3iY)9WZi{urga~}H?23RCu65xz(}tGFBx>?0v)|h3H~>L
zkrIKCpg;MS11YrvQd&)^{x!f$ZGo3Q0sT{;rVc<&8xh~+--37+5L5;b)K=>1-v%6I
zR@B{r_!s`2i0}6Artbbdz*H9iQ|$w$`U=P@0>}#5w*Lt5RdxRf{|Tz)Kj}XS%Fq6v
zDcb)F5LYY^m!xRhvVDk00)0gTeN_Vzs}2kn2Mksd@hH1C;?clk3V1Arv>gjn7GzY`
zhf!G<MrF1gwBw=Q8*J8=u~~{e$({u5-ypFV#$dJWTkKm9H%P3XJq75iHqh5JPz=`U
zW8Y)n15_}}o&{83a92EIs$PtyVi-+1jHY@qnz9&8g>Y01W2YGVMf*jRX|Pi-#!E4b
zlpIDx@r;OiF&2tpEaWm4>cv<nhEY%-#y<|@pI-JFdksqa#Qp?V4gPT%|MX(y6T>(s
zhLKDRqnF-{UivV4aTvYyWArkB(aVL5UR*{m@r+O6flL|#=QL7{peq|>(t(jlhDuUN
z(7&6j=G2k#NgD7;E9l}WKq(oFQtC5G>7v@HcGR7*N)N^=8NezXkiH`jOM6BviHulM
z8L@N#VmS|Jsta(-`9Lf^aJ8rE2|c?P5K9|IENP5bG8nP6W5kldh@}k>%Y`U&5O7N(
z<Ca#8TT&UfbYR?)%DClx#w}^;a&<ZK8uZeG(My85Qe6p(!7v>d!(5>Lp#FfA6V*iA
z-PP)9+|e~^64G3!u7iGmy}BNGZ&Wvea<jS_p+P(8jCQ&++DTxvQ(w(cGteG`c`_LD
zv{G}_9K;RsNnzyEhLKMikk4b(R{dH18Ra|<6qE`S^fc%T)w7`d4JfERP|#wua0#$b
zM_{3Ufc}bl1u2&T7o`Iiy^6N|OZ^+@^fh3l&Ww?|03*GPXZsG2()o;(G8rj#W27{O
zky3X?N<A1Ur7=?K!bqtbBc%%%DJ1|YtwWm)MoLiY)q14a0F0Ez7^w$iq)fF{ZAD9V
zs2xDOJJn90pj~Pg)lmD?KEw~G0|*U9>dP1@N*z=OfsPKT??E@{$X3VIaZpaE6TnLb
zDb)p1`VA>P<xvz=0D&-smm-`9U?+o`Vi`55e5gqRHAO@3j{$ayW$aWF*r^UEejun=
zASi`$41$Vv0uFQu#!*qZI4XgvJBdJ3QBFOlK58+TDwZ)-O~zEpNpg}9Z|*cl8iT3o
zhA~wurxhp$S;aE4(qUwk=A@x^gRJa)Xe!F->~sd*pedaXO+`7qoL(rwV5%r!s)1<F
zg+NwO&R}OS;s#$uF}{j*hC0w9oQs`{(VpSX2*gJ^BN4w0SSyOLRxGgAO^6$mRfkcQ
z%_vJT%IeD~t3RWxfsC>=qpZ5l1I`1;Ww4gbSgSu{Egi;M^MS0Q7+KYIo^YN({7L6Y
zs_#7IJWUy9-ED*hO=U2eN_TcSyC{IcIf5eNYRA<^I5ch;D4XKGrAy-u25OQoFgY-p
zA_G$cQxUETtfHjAr-4tYX<%Jo9pdW)>uGRcLtq0n4D1N(pvHlNfkU`@Ja7W^-vYmZ
z;srcvY9I(DX{jYO)^)U>TIe_(M?-W_2Z6+rG?0gGquU^Ct5b0`O}7V5>!i;`n$G$>
zP`c@E2nXpw)Ibl_L#c^bN1K}I5qbm-(wFK>K_9EfQX@TC--4^t^`Ah$Ti*@JEIkX9
z*?Kn8->2^b#h}Lw{UC5-hJHi?WdJ=shR~qLu0V`WBV4GT0S^2daAO7#<4e?$5o2fl
zhW-!r(C_Q_LH|&HgmAUShz#`j8FeIG19T=$v)-5+dt=+SZQHhO+qUg&>}+h?<{Mi#
z-+#|^b@f!&oH=t^)7{li&E;Lp1aPyR$1Eyc&vNne<-_B1m&O%LBENx}oF}~zyDacs
z<W)crjnzgIUv#3kq056G3{OY@>7+Nj90+gVB^rhmjivyU07}B+Kn<mh2Ggg*8;ZO_
zyukL2wi=Sh+8kgHhH(MzZrmho$eR(PEMqys6@cG>--|459BnC?;H?m?L?4vtGBklZ
zpuGa_)b81tpmN}HipYuoS!Hnf8U|VUYgX>>Xr(v-L4Ow&67IZ3X&Qx6d)%$vOFteD
z>|{3yy4FgSX>Kdnm9bqsT->8p9M~gf6&c&X`1x&TY2Axh2jyY%$|ir1d`xmJRuA-|
zI*g(I)t9Q3uO06M@0FV>sT))qW|V#JCBN1OjE@>rsb2GcZL2fD$Sv^6B@w0-NpF2<
zk$Npwx@}LHm824?8vlU6sr(!}fgWBil%sh7I9@fQAL$9ubkXX9)XBYgtG+I43dTZ>
zGAtd=P!N?7!=)X6M1h^%X?S=Pjcdsb>9o^;qZU6k)Gx`80<(|oD;z&eDr&!y2szfu
zB*WqbIHo1cq^xDqVmi8|uK4fFt2zzStX+^O^=(*gYd16!w&%m{-6mXfSkI}cqSMcC
zm>HLDb`_*tMXfHR)m;|SlJW7aIexMIEq2)*ze_b{R{>c7zLp309VT{H?6pucWy>G-
zI{h9vf`~kmGdVRVc%;8?eYm{&^ERc7&GD@b<8PGe=`lkmf7)t!!JGU&<=D#^Q_|R4
zx>zML+>fM9b2HhvS!Od0mjkfy%94~-aK`4&saiEhTsCsLApiF*M+^N;+QhAQLbKmI
zBDm={x*B@0jqXl#qqVx8vjgf`!u;*Dx4j0>;9IM^1#E)8vn&MWS2ZZZ?t`?5o`@Y_
z_-4K4=`hEu?)n;CrVY?0X{oY40PdXwCP67%K-X1h{EK5X{t$<FuX~@HT)oexqgYdN
z<025D-QyCaURYOMJ{dyHfNk<+ra-GxSo{r>*1kL&PM~3$*2t&>HcnfFO(l_-1Nh!R
z^_>1Kc<^SS8c7a!rULzb>!d5mG1D$7cC^5AlAS_GP!c6`c18R315M5s_Mn+j^*e<|
z@951b;~BWhGOX3gnWw2owL;U%{ej6YaHQvk66f)h*~lPc-F|slgDc6g<I=Gx`v~oP
zW_HM_R{3@7For1QV#dT(g`P>JLs#3dwgk0y_HR4P%`V!tlbyl~b(ykmS#5GgzVYey
zLQE<mbj9TNI!pRW)zMLYeGNx?6yh!Qb!p-QNioe6o^;tbBc1B*RkD(33NaT|SgB=5
zv2uU6OQh4D3aaGijx~pN5H_`M=54DSqGrigiVkWm5>L0`BMs!tWzLo7zeXzUx?-y}
z+%RJvjlAHs?@a2J@rZaDW0<?K)JBt4!Lm$ivW1F{OMEV+<V)I4rRqz%cO@JSc{t);
zY+5=3EnP}F5;0v`x-xc;5^O0T4qaLNl}kSvmo;B9-EDHaVo(kZ*;3&j<GPgdv5h0;
zO1kT0rizAasuP98Y`POAm?m^qlBO6rsdjl@shUHlI}b}E*TGWdCL-37F||V~=U8u<
z9#Krk4DT$?(eLr^`F6*4ZP}cousb16IbUiuCG;jbR+GjhIkq3}l9qL7+QDx+R<pQp
z87tF01z25F1EhFa_)n(p%=3GQ<CYNIp})fXPAe-GOH1EsI8$r^$Fgu8DV?a!R7Htt
zwA7koUcXF`F`C3(V_u$5ExlDGs)CZK&(xSYwKNNB3aWMJadw?+HZ3#i*uHd@W=qeB
zJriwOVAwKt<t!bWj%d?-7-?&31I<KUAp*cZm~YBBJTGK9+#jGVytTFNtIn=CWB~{I
z(s$xUy#>?;L=cW$x>1LM;=)s-5KZ}x7-p|st4FiF<3vH3_8K{K|J-ewKXIY8rhmo`
z;r*vj`6HU7|50fFQDBf$TVdE&Xj*7+mmE0*y;W-(X;3fDI!!ffSUXVfvV3Akv&-Cy
z8R|53GiuoMPC>Pr1Pt#ZH+43=OkUbjFK7A044F37HH<>r!r3CePd$q!;BaGcQ^I9l
z$Lw=GjLK{hk!XcWXyAP^2ELoP0MZiw7b|SiSrzED2;s3j87Y<)#fj#}x$<YmHX_&N
zQq2r4O`kT`w5^mn)X5y{ZsgKT%^#7RcGk3Ampbgom~J#Vx9}iadyyW3J{U#4JFoyo
z0{<7YwBxl3^Y!Fdj&dF17*Meglogt3ovyhN9_cuO&rb@|Jr|_SfWc1+>BSxO=!U&_
zO!@HiJz39L&m51N&0TNQt7uuha(nveJba-eV!^OMaMy$G?es$d9S5r)2XpQQn~-18
z+ywpmm<@d`z`YmpY4Ni%ca17@b!2fb0=pL_I*uWo{3Fx%C##%dV~C_dN4s(pn%4rH
zcP-!s#$F1<enK|5vyVw8-R!(+Nn7akH+vZe`w7DMhb}I-8eW2!d}l+cl%Z}U5M54T
z%RGn}38UC+M$vwHk!6!lPD^2*+O4%onxRNgXW(uvCuGb}4saYrFdREgEC&sE_A=xV
zGk7n>ajW}r>-lag9U=g9Wy!Es%JjcbHLR`nTl*PjKxnr+b<!)*gATZBC9iViclaNE
z1qYCWP=%VdsQ#FQ$(Wk-KMQ>^c=C>$jyJ|$Eji+GT#(Z!p-f|p?+HrH{B`_xl@_if
zWvKyCAjoTthR_oKs!*VGebUasw_&=(V)xV|!A5HFx#}6~6On-Nz*Px)IP0-2mO+<y
z&)54jBTfInrrFSILa>6e?wv39sRnNVZ^Ywv#k_3y@m3<gP}b)G2Y>{C<eNb>DjfIs
zJ?CS?VVAH5-~sdDA2swbB!3v~iVgZfe+0KR?3?4TW3o%Q#AxSp#={^k^1uI$%RCjw
zk$9ZSJzbPtnPn*tsjaY5BEqRDs>q0)V`zh36OdV(CsKj<3)9i?TwZo@?rv%RBqOFf
ziZYvZTAI(cAd%0uLL=|nC_B8A+Cd`u^OF@|Xf2qC@4zVU2(bm!&Uqdi{)Z|-c}v5s
z^f+Fahoao;Ot;wCZY%3&bnAf6$XR(;(Av^_E)(YAhbQdCt%e{vLf`>aiy?_Hl}beM
zspx@ypn5=s964ne1$zy7ae3n$tXo+r3Lbk?ja=|sY*p&&5!wl;QhGp1W>S$8@y^T*
zZEN6@m~%VlqJZ>(;Dxq@vMu;kysZ{~4R5N1O!Qt3ZoI<~3IBz`E$cum!qV~}V<fd>
z{Qu0k<$))R#%H6c#135Rt+c7+XP7_xX-+;&tMhCzG(K8C8Coq5Hvdw4Dt<CDe^eVw
z?Ed^bY$COj`Xh<_(fN^3{pgIP_SCFKwu%B_+7vrAd(XFHO&pz5r}-GPTVHxsHKEv2
zGntSY2P6zpG?raLRTvOE3Z;(X93gN7b2ez(jySeAU=xVpcPC6!I2L0^Jfw{&#B+%%
zvLzQCVHC67b?B(;#w8u#JKalNMcjQiJk!`ZV5{}0u=vvtLrygbU?4^_3@{Q1M@0x4
z2R1}A41*#MP=X>0hDS4`GK3n)>-%Q_a@}SgjC6y^siRP9it8B(K#epE8VHdy^udq`
zo1ljqCy_F$%$tR!jE{0{Pu?A`KVbmfddhliOIwfJDvwoqI60LTZ&a>g38r_zFML8b
z=wk*q6YRJmy5QJq6zslvfxC#`e*&Ko?)4nFCHrsRQLy9i2@wO%Mq5TVP%l-fR%=x2
zwW{==L7-jBk`NhznNp+IpUGXv{v*pFT8~b{v}%?3H=sK-edof!ISFV{vqU{0PO?M}
z#xU|bD@J%<%!;H@5l6(2Mlh$uz?El8_nhk8M_aHu<S`OQsN>LQpk`#$MOpl`A3g@*
zzaHVguC`07#Z5-B+MVPLT%J>o@51;hcbB*OZP$0<en;^GBh6@OR?d$?uG<h9t0YoR
z*iUEl47bGE2XG$}^b8B!#RBVhfezfM!*}np?6l;HR2Tw@9id{!t(yN8J5u%Fe{k!6
z0A-(MQ(=Uvb&gYMyhQ6xMC8?FsD@M4fp^2B+wYcRX!J=kH2g-p#pbdjOlcA}%laP;
z_0VWOCjf|&q1Ah13!PV-S9WQOK72a(&c7h{?9OcmKIJ<22vQ88#89Nz3)KfiE_!Re
zStA$O&VcGr2jv#H9=X>`c70R7^d7zg6(7hR_(bv+;x0z|znMOXUyfe!RWjh8&UWVM
z^699W2GCKXI6YL|59^u)lNqVXlQs5u(@}Lr5hJ^C6fUn0+X;T%55~dr1$J`doua~U
z*BAzrsm|(E<@<FQ2Drr;03G{xqCTupExT|0?q&PH-5zbLQ=`6Lgx=@N$N$=b?kS^E
z_1r+E;%PQ4DO0I_X!)012~52qY7^8MeaG0d^ZU!|*Aeosql11rtveD5a=*I3yH22^
z-@9eME`CGzm?@4aGX`&pTmc8m6!1cPDf4>=8Q!-l3A{>EM!j)&rCoiyQa<@fKrfRi
z!7ITFjdJ(B34<NEQMLF>EUH!130j6I6Z~iaCzTUcLf-N4<M=<{VI$P#`*A-KKN4@6
zJk0#s^uzk8HU`xBek3m@Tmv}JZ&oM|y?PBq(IuApaNz}(6`GJlGoZKQ((wX5VQ+9R
zCRG2}&pVZgUV0&%gkYDXS%UO(2^h;&&rNP7Si`xJF$K#e5g6!&yz#atng%{2RSdC3
zl$g5`Y>?f^TOzQASQ%s+#+0a7JuHVv=_DG)q!g|1T*+BIxLi}OsD*AJ#U_O(31O*x
zo4YDTCK4=pBj}DcUPTI!Xl2{_u2GkVgc-tisNMz*9Flhs%3hRv{Ofi%LW~R4%|qmq
z5DLYqPoD220+RW4^SSNGcVVI-N<pal!}TrcspwIyp<5tAb}`#jgR~0D<2jQt$Khzf
z<M`W>`QZjF0@&FC8TyO$1?mai@!gr-_nYGTpZK-x8I;MV#GB^3{*u#3Rn2EQEA1B3
z@ZF6_68W;!p{o_E@R6M0S;96`zSaeI5PVn1i%jzj3T$iiGX?C)E87z@gHqta<m@L6
z{+WleNVR)LzbE@}Q4Db&wtHTI%Kk=K>`~SX#)^BRd#`(`duRJ>1qoh(*au$c-{-Hy
zJHKj$R4Zm0_|=Q<NE^`AKI_?s-hs=G8w*1g`V5i951x0Vg&PSS7giP&wby<l_+r^c
z=}qHJ<V_{di@=0{*MS5Ve72iPP50tR&W)iB7Y814lgy`P3+312Jdk%4cUShB^orc2
zOO8V9%Yp&jXo$Ob0@=n(kYtAt8cc2=Q4e!6$YYqx4p;ND$%qIwGhT5cw%4vhA4xKR
z+JmNf#oarEhd3WRfnX`bZwQ@706;Gr{N<OPhi*8O!mp4|JPLjeq7u;JPoWP73oZuy
z4}YV*Pf#8&8Xf?HtE&0rY|rY>luRXsuB}PVkq%lQ3UW~J;m@>+;0!Sh5%LSC4LKVg
z8@{n0>g61!7{W5Jq+qqLr0)v>brl&BlqqncKV~;U-l3dY8Iu#E4Nb8BT;Il?v<<Bd
zYZIp797HKVOP;q?@tB!F%RIQ_H{^w4QaVvf_+N80h*#)S%nbY*X$z1$8u&$_cQyV_
zwy@$^<567BKb+`T@n}LW1V-kQI~d_;=-`Rq4_}P9o<V%eJLe}KLSGEu3_XIHC_W#d
zKU+_Mhfj6yF#Rk-bO|3Wvs9P#Xq(<4^uM~x`+A8(K2pAdzHGn!zpKBo{TA(Dtsn>k
zs|reHhh|MrUD-*x$g+{AVOD~*29E8u^0_aQwCKEfy}7+9x{!L1Swm#{!|grW$m@~X
zuyi5UKsfN7PGJgQ3MS|c(Sq25$Oee9acJRJ!gBWZ`s~|+X9DM1<LZvz-GSalEPMsU
z57J89F?ua2RLs%fpwTLnD^ckp912z2XgAS{UR6$k<_u%pwV?&F<o>1GBH7&#CF)8d
zjTigu6Ex`NgGzQ$>K?$~RP58-#-b1m-IxV?Q%J2-p^8K3cPYbU4N&Z*)01YW!~$d4
ze*`<LTc*W|`wUPt$T&&?`-x&9qVo%uk*He6lNK`-N|Yma5G<3%=Q}q@W*@A)WGRNm
zQ)wrw&yCelLOKfw;N`Jb=1=SLmlnx)BK-Z*^<DO(Ob2TVVbKds`L1ttLm{AIug<O%
zOx7u)JQM&S2ad^C13HooTquOH=QLR<(OomL;J*$inl-V98mAzQI5o28n#1cODUj>i
ziuwYj)mXc2gAv=)AqTr2&M?QD9$q8YThn?${V@43`K!0a_7dJGRsV}GCQmfv#i|XM
zCo*qnrf?*gNf2&V=mo(Oo9)0<IeNo^%M<w70EV)k>{j9-dB9~t9EgHnjw-rU+n`Gi
zWLPVjQXI+yNd@@2Mpy+DyHW+?x~WgUQ$D9rl?@pF1NA&O<&}^Tq)1D|)e&qp6Vm$1
zh?wHy+<#zJ@UVB36go+ZGT8Um;g-LsGE^lobICf`=2`W*Q{_y7-Y+*vv4u+5rJ&QA
z(a}-z2UlZfW9By%V`*d94g}0Um{Hpin}`(xP6=<~Af9ZNM3x|*$AHyNqq)F0w)36*
z=f&%)9kD2^>i*N#%uZ&v0+JZjBB9;|VoQL?HI-MAZ{4M&=A5ayTM>M65)$vCsa3B(
z@B9xcIsKbD$M<e#W85jSO+*W*jd^d$C)yj{_;lXIcy1n_W!B%BqCe~Ce``)lTVyr@
zTK<yOKyA(Sl=}Ss6nU?GA{1SJ{+nk=c+J-jKmIOv^Rwg)<tx4|7ua-|L;P}ohl`Y5
zBQ;C1OE=ni<q&Jz3J~}Z@nD0TUh+|RCihiWtEn0u>TuQJ@)bN;3bBu{<!AG!auIXk
z8_-+%eGz)g=1kO~=Fkin=}3CXw^e>t`ltp7ZH>Hi_K~sKBioPi?frYhJNFCc(l-#U
zpS$tj1KPB3-@f5y1q$l;;|8QB*@xya6xH1q0{F*W?TFVWpne1xCOH4Ou)(MA!MO43
ztZ(7<WwPQRD#Xg|4)B0>*n`c=PbyAssULwKfxl26ksgtH_`3zW19uWuvfbfSvw%LV
zD5XPgIUj{AF}?$^3Pf-4DvTB-yo0bxL~m)%SuA0{*;r&hvA;7sgFHdLLp+l*Ny9S>
zwh0mMYTb}Trj+iD|1^u+B$}V2J(@LUy)g@j;3htk#dkx+k#Wm>5$st(=@Gpn=SsYQ
zdkAj_@JAw9BA<^LLH&jb6PFNF8h|-G3r0uQC7vPfN}iRZbmMJqg7su0MXk3@(vYN#
z6b{$<=A*OT)$)L$yB+z#KPlx8Mkx?xC;kgby4U6;*hajGNE_kF@Q)<oU0cC0M4e_i
zQU;;y&wlnk9i&$<WdW`r7g$q0;o?S&VQQNkMwlH4AypX-E~?lIjA2qd;WYm`O_ze~
zS_ZTQJha;jRs3CJ8~B-RIGaeTyCC-guA53^l_JVu%RL%}7UeOW_)qhzP_S$kvL-(;
zb0A40rjfWXWZ~P5dm?*N`Z)XI`NID8rC8A;M3qdMr+|ciOt?%W&Ur*WE3E%Pp7=N}
zk@i)ROq~x#{c5pSp|+O*u)1Z@k2rPdTponI0DUE2VDk;@q14_=;b*W5P%T0p;b$ns
zPej@aMI$N=xwe1MLMf7?{u%uD!Re>NJs@{yR^S~LOktoIjz&u{^B%%2hUllEj$j+`
zLCe1d4yw6HMJ(tG;Z7vpC=!jHG^kmgBL^9dSg0$GzK(wxAO9~8IW*+no^GE+f@VlE
znVpI@GSFRf6G>=4IJnr<FV|UmJk7C0GG4i9kp`0lrdXafRZ<ASO1e6QR%)dL=8L@-
zjhF-fHzbK-k&%ccisHu{(umu8)QgM35GqW?W-9CF(HG@ezOoq~)nBN&c@AGFV-83r
zkmbu|?&1%;;RAZMO_&}CdGLH+v^L`8-vHeQ68o`JMEg#822bFU{Ib51!ZHPp4tO7!
z&ChWS{j+k!O^|XZZE#DF);}2vc;ka)H&71<5`^$Y)ORF}@G0bPhl=|IzI`wF9AGaz
zlDa}u#@W$D|BM5r^V9TYzQHX?>=G>=B#S8(LpX_AMQnviM>`3x1$7eK#I|E%g}0GC
z;NN@?pGL3BxfIbWgm@C-M0q18&;3-tna)-6l=Fmr#;4bOV+4}?sWVAq&>1rE%zgcR
z3ppw|B1Kugi!nvND>3J=h3Y7NTtZusGAEsyjdSoOWm-&Od+OX591A(?TFn9k?X0fN
zuk)ksZmmw)I17o)1t7j>y*MSs3PjY|^hA4?eDbw^`Z%gxzZE}$Z!l*KjrT8IjksD2
zZgBWF{+|TaHuDFZkGcC!eINjXm)Sd<2o?{McOW73oBjhLmeJer1=KEyC6fKe{s+-}
zWqLlRL>*q--anZ_JU`7woSNz`<o6Rs&oV1)w!ca0tEOur)lue)hUps9WF3^{ZkXkJ
zG#fI8Q-eGdcX_M~GS(GC^*XC{9k?#{K*}A{WMk1hoVJ9xsp?VuM`pL?D7xm+U!KQF
znOsz?H3@;=24)(?#oVB0!!T<-90l=E9xDMe(NIZ&h;3|S;(gZopT8QiUNlW*)C0Xq
z-COHvndoNfvlFpbSgBEfpDWPMFKruSm;;!in46A9!NHk{v{CL?nN3w{;p<z39r*a@
zQei9`LZP56J90Hz&{w6vSejs|YhWc~{NG3JetRP~nfy_;T$yI$aQrd)P9^yl)<)g_
z@li>b#tgJ}oUYRTAz0vp*M=D{g+>QCH3{k$taq69`unTY2FNi!kL+bZkam$kaujrU
zYTd~CU%V56&AwHLA=)kViZPdQp25PZ#0Jg=4#5U5h_#Kbd2kCy|8u}(i+@gTf)pv2
z{$++BTQ5mADs_wVUUvPoHPjk@m85!1TY!>mVD+&6P$F=(ZyYs+ILB{xi->rtmbJKF
zR?;VuS5*iA)?mvfx<<=*OSELy7!72tU{2EsTmtQeEuh${=8Pf2Z5kx5YEQ&DZpfnV
zYoqV)iUz!;dK(4Y_ZMbQID-3>UcGNOz2fzzp$f08cgeP<*pME|3+$1{okKWJr#Hv9
zyDnKff2&70p>%TDsggA<ud7W(J=9hxf+sJjH^;V#Ww0Gcrd_TBttXpXg%(WSG`i!7
zm!Ljo>Pcd)Y3X^dfFc>jc5f6vG>mZs9UzBTMi6_wV<rM`0>9bT;X%fvz6f3ziw4>o
zA?t{Z6RBoSj_I^L9^>3*&i6`hja&>sW60fA^OPs3RHM{b9^Xjmd+HhV2CNeJSxSS4
zBjCeD+#!kPxn`{Wu657WIFd)J+cj^SXMN+cYWJ?24gZnYE!U%{u5t#dSxu|4U>L|Q
zD(*_^`OT9fZ-e^+*_%MmlFsqS5u!$9ng2R|Xj=`GBkv{#a?ZNjPD8u_l^#97OXXIS
zJS35h=@-W^G>|V6`;tRQQ4acXu)xnsO#Rd^JS((GdA)e_h2Pe3$7}_Fq{+l<|CLQO
z6A1v-8Q-pyi_P29BOdFFV_BQaH9=2CgO}5b#0Jy`6zR_PILR~aA@wH#`K!${j$N$F
zIM?KoLy9(U+M3$D+7V9h$=|Q;ZNk<CZulD3QB0oqHip=Hq#x{zr&6cUtP`B4`A@UA
zX9w4~KHbNhUAh-i@3I14rXGzQN~7l({*6kH$eFNtRbZm9)Mk}mPCUmO^2J<Z;?Z-h
zl4^bTGGEzt3I>a_g*_g;8=h0DzbwY|(rRGvQ#ivDCSmE@mr+fjEc1R|Jor=5SJA#0
zAMzP`66}siPT4GAAJBF{<4(iBm~v~rz{&4_u?^}tQ>$Oj%Ka(GTXvuN1p7qQ&LA6B
z`!!ElFOEM1v=i(t(4l4xaSEvpgRq08HSJ){X@A0~2O?fMRD-JOy`=4{r}7OX)pK2c
z9d0to_^N^Ts})dnqr1P@qo_yWwwAUylgZ{?%@r3Fcq?z3;FYkfc=r3n(o4%nrpGn*
z?(vaLJz6l=KAT3(-MgcPpBzcjU6TA{VHLGh+FZ$V2*LhJK!2xbfSss6a~RZd3&nC3
ziC2bQ*6t;C9qxrSU4j7a5M(}Nk+%Ph3}TrtY}L6Ril=8u(KN@2+CKT;h>4IDy5?{j
zgBopgq=@-O#TPLE+pWZHv~w5dvGf7wS=8&GD`Hz{Qy^+c>*(>7Fn=n}$;5|)zHn*V
z;U1g~%I>_IC3{fflfVrMeM8Sc!s$rR(?YwUXq0P9Z!YVC=Q_v9=E+VSWYeWJF6wcp
zudU)v_fEIj*sIP%tFPI^&f|J@+5470^dWVax6Ey5>sab8vkk^Jj|6Qvd%1H&Yx>A>
zO8yB5kbcqe3|_oMP89DVD~k6F9L>*<bGl?Pd;F?x`;FO`8RR4Di;U5)c0-OU0vWf*
z5PS=o%MU8IM^QY`+t<sF_(Jo67CC5l(5isq3(*_YvgdZ&NsiSUwj<=Wx3jlXfYBAG
zHoFx}${a~TZ7|1ENv(nw8RgEhukx2?e*}?F;1<yc(P$K*0l@)E0dWFx!dz`oa*$Fo
zq7ADd6cF`7ypNoW>wt{b316<K&>Q$v$+d`cino|^E}L8hP;@H@TiQ|c!#k?*TI4yE
zI@fifTQ38sJr~hc)mT!EuW%Q7fcl8sM;~MU)w_3@TA3rtw3K0?oW)+m7S>x@G`Ey5
zC{<O8!d+UlIG0Z-)m4haU0^oHngyDAX5JBsyYQ`j=b&8fuJyv<Dew|{2B)0suJA(U
zsdx_opqDE@+jaN}$(?P_cZZBS_bz@S@zi)}J;PD1d}_Ku`S9FI?_)k(4K_uXDfsL=
z?=!#2?o02(T8eY0xx@Le-FokPEVkX>b2ZI9f7Q0WcWwi&Jv+bk9$gh=6l(mmYI+li
z^eVTWJnjQa*1LB3;hG~{jkDsOJG|^THF365!JF0`s!v=;a=*++D&WeD<{eUHn1)<f
z`rp0p*@G)D+HEcDSKo{FrsA!(9crJ$jmDBs&0VW-TD{^p53(r$K>$^w0IyM>WrfZ5
zLt-3FcnA61wpbLgR+q7c!?rC%d(qB`>@%K~oON2Z;3MpdNpZ8rrp={U1%L$GidUp`
zYqW-T%{y?KLGHQU?i=@6tR#S(ZC=HSaUm_*69DSAo@v@WfO8|QwXef;Oi`P|bt!SO
zN!nz#&MjHC;PLdDyK&6HI>l}j>14cM+Fm;Ca8h2hu_~LDv+$t5BJAfpvee@}vi9{k
z%~3WZ%q7-o=*cRhmXo$AdctyH6BlPuc%RL}W0W(-v%&*pmgVB#V?=F_KjYBS%+$HC
zkLj{~6U}w)UV1p6WtSn!BjS_Rt|^u0lQB^bH(J7WUSQ00{03Juw#j5F5z^@9)b!+$
z3248X|6`_&S^8Pq?UPaKBj0g3Gj3Yp+T6MN_4#Qt94~chcV>5C?Ghs0%DI5uUW=$!
zc@fT%D#MEBhGVbN`G(!_H$%p0sx{69bn>87n6=kw%xTGKinC9|o?#d`Zh>dfYcTnA
zu7eaCC9U5C^B{vL$7EAij3jI9>Hs<&aYFc{VY?`oD|_2vBiYQ7>4c%F7TifjjDzQt
zqOh#p<ekuMbsdtW^0C+}p?y2un9+;knAvT8>wN0Lv{la2srwZtXxotN%*735uC!M3
z-O(<XWcbg<9JoUw&XjXZMb|;)eX3dQze7yc84t8<s#?es6}9M-t}*MWODu+1_VOo&
zsBO<!-P1K@(}yzmQm>ixvTBPblM(q7hSP3S&gq`zCJT#G!vgp+7u@8HWrN_JF@~mN
zFi&+`jgfSU9F35cILARv(#t<jS;qpW&#AQwvBpOg;|iA;^jB`;Paaau2l#`d#TFwJ
z?}ZM5GET-^SU54mP-3-3^F8O}&e<St33Cfn0Nc~vq-plkUK;?A8Pvv>!hyu4xWkC6
z%5yE}^MX=smaWTmC0R&?J>YEIKF{dw^i6i!r@yEKeREB=$z+iGyqJIo<9Ch}&qeL)
zw$HTiv&~AV(PWO*RjJe@%cihcY{e$i6rmBfn!wCs9X+ac^Bhea6aeypEWpMUC5yJ*
zE^9sA(kSsU@=@}nLUtNuDrLRZ^O+-)V_6a3s_s%tJE$lcW=<rQTrKG6uLJ1tEKU48
zN!$Xr?N8A^=sCf1OzAWaN5l%%LXUP<5RE7THFoT-*Tb>XYOUyK#a_h9xM4-VDVjwY
zjc%D+-Y>4MNPFmn)r`haFFAHP<2uQ5%y`9ml^!XaVmc3b&GVe$aNI31fg5#nSIwwT
zO$8kSPaBLRHihy|=L9scopJ-T>9-i=+7q=kj{CP^PoQ~DD_P<?GdbD%HM9k1Tu!4#
zbV_1jbYyCaV#(Jp9Xn;)WZgFHQQIiB!>+7!sQ;QZy%%}}&^&C~Pqmp|HaSOGtmYic
z7CEIe)iUKu;Xm45bo|L!Z&UW%WVz6|-Q3@oiO^28nrODheH6`zbBfxmv>MhC9SI<|
zb*%-NE_S(epz(xhr@>f&kPhNOFQ6;aVC^y~t=hzD6<Bd!`lND>w3=&{PKxCzt(Yb`
zu%1cJDxBc)+I*EAh)%a-ciNnKaF9zO8}S%rHeWyJSyh-;{+T06<(ij`899n&Omk^P
z6V<YmH4*hu16wAyQBA>2Q<}wm3^|n0^-@jvtYw@?w^C~*ZH44=8+BQs(vwZ+SmA~-
zc>dG5WM24NwmAn&Q@>+#X5VpT8_{k-O+Ntny!dmPCbgjfKm~9yOK{m*IA&OgAkB-e
z#l@m0Tv4>bvDb6c{tNe@?Y7b$15l!`g<i95S<AVcc3xg^-tm9O@EPkqTkIG)73ed2
z{SFl$yg*c<pZGw-DC+Vffpg!{AqUY8ES!^4cJ|<!L*7k9(b?{fq@~lCJ1QaX=$fI>
z>{4Eg!an6a6eJuM^xe&e2LbUx^#RKf<P&(G!?XwM<DV(2qr`qtI9j2PoUNPV_LSZ$
zilg%WtG-txM^1K?x(kUNCh5RkKV!Emt)I7}<bFaB;=mi02Rgh~Oh0{sI=og*KaCdR
z&{J+d^{)+2{aES+w0<%TwPv3xQgu%1F2Lljk1-Ea^aX`NOsE)`{V05ZLJkT3wxBhf
z|Krp~<m4r`(CI^dj>EUw{Ljj$h9lf(KsLm-2Z;L#<$5wES!@a>Sx;DXl1mqk`w5-{
zce}(_G|Qn9>Ht@O!*-BcMN1Xzi$I3kemCRwpa<i@pq}EDDo^;m%6+BBhd6O;^dMNm
z24T^y(a*dX&=)6WNyySht%z>XCpXa{rA=@z`w?B;KbX=8j{M{3C9h4=H1FjP<NM&!
z4}C*+F(KkD5?dtRupKS%ImDDoEQI!!Sgbhj31wbey*We;SKjWc8OM+Tl3a4y^p;%=
ztEw*st3NitR!cLMyJD^~-I$$L$u2k>@>$H0>&v$)WCnn28lQZzfkitZ;4PZ|uDz((
z#JbY))=n(}{*jr8M#)V?qxF*JX-AA0i$?iX)+{XVIlNX&d@#LwOK=zXNNhyvrTJw*
z_7+?%x*o7Ko7Q0VmNc8wykw)LR=uP#jtreN-><vfZrnjdzo@N?T#3ElT#c+-z3epq
zS<iYAx+;y`bqTrtlHjGm-2pDm@^3|neXsCF;_d;tbjACMvh4*ZG|HH^9^&e^az`vg
za7J9tf;oc-7yViMOqai-@FkXUQ*=w*tb146l9TAD{zn3T&O2)pKLgVFNq2|3R+@k^
z{-%9bUOhu1(#V^}P1>aE$Zy(x=#cT4X!t{9#yoTs36EWe5*jm7lE2M<FC0>=-Nh&W
z@wIRd^PZx&b5B#ASPnhR-{bjbH^ycX<)moUX5A*8%TkS@DxOn~NV=2CGEl6$44HI2
zie)gb-)8c{^jf>81f6u^Zy=U{wpJPccU<-0&}2<F+gYBg9A{A6f&%9(nFdM%J%#^@
zSgf3xGUj3QBP-qHOUCnu-i&{!!uuT2u%JhhM^xQ|4BBDr$#+mHMPUXZ&-y?NSefN9
zj+k8QIf4F>=3Ijjf8#L$ZyY-ZJB5SuHDPjYEdGc16ih4gV3kzIMPn7<BFV@o5}*?u
zb}v8<T`c3@2t0zY3Ux{B6!}VJ<6HeJ;*we`@<6!!AXZ<gUuj%`R$om*a_Z#KD@5*q
znuUG%YZdW;xq9I)yOf)W3aIximSpu$cI3CH@__0jljLrdwtAbK%`mIq=^Y98>^|Px
z7sg%U?mERY{3F`^O-0I4RPuw$;cx_L!qu}p@8ieU^?x8e{L3<r)!WoG%64@;<YFJ$
zxly&q_9|xAfBTI&u`K(DKWeAA)IHLBZy5dVYjw8jP6;hDwqoK|SeATwXA2%4_gIA7
z3x5qqEpZ;ZJM*8h_+E)p#*1ie$(q(At7fZVz)5ZnptaudY{;#>$ZVOOHyReWupS`|
zwn!9mnZsF(^5P`tL=*fwzooN48o@E6ZD?DMXicfrhpYc*m8d!kb+zac(=}D6X=r`k
zdaXrUtDq)5qiJak%Vvs|Xi&qSodKZ?YM=?>4U}u3wm~Z|BsiU+#rV%i@v|MT-%ZLr
znv-9FLu5d9Mz*WZwXc!N3UpH*?@EPP<l%>nQHuoYl4<bf3O-N2tL*faD`KvxO~WOx
zIMcE#*qv^x4j+;noy$(+aQZak<1%9D(d%Pc93!(2*t~4Olet-FP1CSIX;%>A#?%ww
zr<lK8$tI-T<Vy==pN2e#CtuQ0I5RLqvg;VqE*)HHvMl9{pVyr(->+EWo&K4<GO}5R
zJW;%RXcc`TQLU===``y#tzETVx?v->XusoUnM|Y{nb<XCUH-eQ_Q}?1l4DY#xxi7j
zQ*lC6nm%MHqbHG;fLL-$E;Z-sG@vTFunxK8?i`(Vn_K4Poazui=@mcKUclHAmvgm#
zN@Xt7l2hMWj)1FVDl%GdPE}nH?O63Z9D0kLs=Y65n)>Iw2Xnuyalx$vb!QG(EtX?Z
z(~#3jJ9C;;0UsaTG_VzTA7oltg?%E;0<+QTS8eiXbY8<OF-eg5ZL?S--a6|#t7>5t
zg0?yVXx3OIb`8`qkrIIOY}pd+-!Rca@s<J0*wT*^e6`9zZ5QK*x8Gna2xHzL-te~>
zb&a;EKWZvlTbMOm!yiL<Nac!uHz3c`|E*z`6*d(f+c-QscBKVdaM4kAM&Q}UxuG>*
zYbTqaW5(S%yy=hC2Ueq}uhqEKqEnCT_4n$I>N}~sF3ysQ=e|>IG?^sWq(R!4PD(x1
z1(G1RB-sFxAl(2X&?E*TDBeU%bUr28#KFY{;>Uxyp9FpNgrjz<2_!+X3uIUa^etnu
zq9ny_0rtRc<DdgMK`_z)(l|k~e5i@W`g6}3sf<^q)7!{X_Cxe_J5n7WY&-76BX8%r
z?3p*$i|%dv!Ap#0Y8Q+8gIb)zX|MkVe5rsrGKOZ0#wQ^$Z{yc0r&ef+&ibNb=aDP>
z*VY#V&a5P1A3EpIxj0sRp&5-)e^2RR>M&a6kwQ3>N~l-*OH1MN`nHt0l($_W4UW2q
z$cBqPdZ{XG`ocj=xFu?Sb8ZW|4N;%sqYZ>j+&XSEqs@}dQ_DsEP)>~!4V^$9`Y$bU
z&<!d5RvSO;9oKf6vYLjP_L@$cHkQ^JX6ux&fz=>Z(g-;y_>Ph8lH8vjz@D!pm<@#>
z5rMY=#h1kqB?C@6Of^ff+`5BM+~ev21|AplH&Z}Syhb%#t7z)K&xGbt)A-2C@Q!e#
zZ8$qIG(sr@K@ZIFU%re4aiMv4?UAH^A*aQoFU2J7NfK!=2ig<30r>e4_x%=9+ERw$
zeQx}CE~8>J9evj2e9412t=g6nX<{Dtou3J{kc3OKD@4PjR)a{l;mYpX)i?5cJSADQ
zk+30oRZQ|2N@jRVAWIrzxWG(Ga_;eX&*`Tb@@7(=7hRcCf}Lfb6oKa7QBS{)TVBN1
zKK?&^E3QRnebhLI>zKyR5Q+!Avf0FO3|Zws_XN8c@Wk4BwGiFmD@op(t%aRlDAGC@
zW+lR=@AWGr9Y#MMGuv><jq#48vm>b^n_&dC#U?3sB^%>8mUz8~C-G+<+9ejdR`@fx
zI{-JiA^NKI*xc@=626S{q#ZI>EbJUiJfN(RCA(nuPYx>ABW5>?69CM{jTmLe45X3^
zOL5hD4DV7V#sF%KxY`TXuJ0Q@B;!(fB-zGQ1PlK#;bInv$k;oMG<Se)9nKqm`|~x9
zK`QJ@g)atrJ-Nr-3Kp*NVOZRwC16?4WC^7v{xc4#NvscrC&HK9U^DUQL#l|xh``nI
zQj#PVzZM0r=NZGYsJC0E%t4#Xe~R--t_J^PIu1u5gJ=BI=pku#yL=ynYO%~3kj*46
z>|;9Sw!s<^>o22loUL$Q7K(~S<xAXv^jp2!a3&qaF&J<NZJs~t0V`yg^q1?nL_Rb!
z!LgHf9JO_`ZBuy?_x1Qir?w&dz}`gUIUtF$Th;^Wr6ye0GP*5*vQhRK)Z%JAvmN!E
zh`MdG0abqVSBb!GqDfs&zmInp=U|^5*+-|QK~v1TLZb1SIVR}Vs~^B@!*=D76@g;E
z6zdqV)qv`i)s3iC!ufO;`y64XD)DfPK-NP7OjLyjJ$+;!XOn<U^d^DqApXQ*WW(|V
z_1@Dc`_dqL)Q|}9HN|U`S=;aydjh}vbpd;wVAj%IigM(r1kX?s%Z*W_q~_@k;uU%Y
zmes(s6Ik@8HGT`f<-&*L@0iEn<yu+yh;aYR285_Hyiph3D75vgnk-*I*pbp3Vn3(@
zA^PGKN5T;m8OymklUMr2dm#zp22rFIGkj~fT7hpNKY%3cNMWPkPEd6q=Sg9R*69vG
zgGLPJpTU?aei<TJt#ek^&4y!&0V(RmGo}wrkBnW<V6YOQP>WE-r0Xe0Y}<`e$+bWM
z`&l-r-un72$?$G#VqAn_1vnjw+tu2>K)zHnG(?GKv@vNS@xYHcdI<5W(-qgD&B&_I
zp246RNe_aaWQ8I)FBK|;D{+t}9IUwJm?d63<)?&VSsP(&gwqp2#p50_^$_NT7E)_5
z3Y6EX%u|HfDmSZLUi{{M!_=<3VVvjtrH+0SN$ZW$E}7CiN<$5IBIlNEp^9f^^{A-7
ziXt{gB$PW^$*yqkgEZ|k9@150eph^MNK}dMj^Jv(b{b5|n0=}fKS%sq%5i;$x{B>Y
z#(4M-yui58*`Yzm{1x3lOI%|J1g|tIycg3zy3^t04|_|cxNahCi#S7;SYE>!FX@1U
z<~XDSfcAT--Ll7<{Ef<9s(7vqogzl1GR+$NM-+Liy|8NWibj>DBk}o<VMm0k{uR#?
zkpA;ne|EUYc%*ya*(&$0V?H)U;cfUnOekAl4k@9<UXnO)fQYD1F>*cch9NPN;-9lV
zIh&Mz#mP%KA9^ebC|2aFo+${i1X{v>S$G+w!#Pk1j=Lc&^Gc0ad?eMe9KWUwQ%1g&
z@%E#@>O#h0TgtGJ?|)2|Fk~C#-dRgz^As!w(-!Aio8L`wjK)3Nwp0;p)mjb}3Rf#2
zp24_oM)HkTYau4Di5qwE{>rVwN}H@+PlB5}z_+^Rxx3sk>Ppc+5qNOY6VvVD5Z^F)
zi*r8##>-&&8xjwz6yK#Hi13=YthMxi+fPb+(6~!%k9eWt@S^<k<3kBY_7KcPFuNg|
z)YrR*AD8Nvn#S)rt{Q?lnz~U6gyOSn-%OO14He+Q{x?|Q9f^3@!L^c6%2;(%bweeF
zw<MAZ+{*!K_Ba9MZy*Cy+AYHihi?sKpn}!F;~(!dPz5kMguc;;J1D8~*CxPloM0%M
z^f<6q`s$D8YaFx|W@P{d`R<EO+T$D4Y{(t8AhxUmZMrf9h0+qJN<BRuO`s#_LOhSV
z49jcr?+M4xH|6O=LnEA^aWDqckU?D^ZYY-TtxMH*m;~xv>(6b!;}MZO3nD5^Iwk9y
z%#S8Vbfew=RqX^7ZS)2br%gD$x{=Ia0_QG-SdqlT3&s?7kisN?;^GxHPu-oU`cKnB
zXdUhZ$u^I{8G{yPg*;~3@td{&DUzT1RH@glUzNygLX=UqWwha(VW)>#R?iJCqSG<R
zPSaC1vnzs8B2^N6Ouxz)8dC5av}OxND?)X@;*L0)W7wL<7%n4Ds~+ow0wazn5Z{4b
zPd45G)M$dF?me}yg<1_!)vk5pm*ykv<loQWrJn2Ng9+n2yWf8cu~rRneT%ITKmU%c
z?5UG^`sbxi(CU{#HHI+ni7CcCC}%3-j(N;?(J5spxTYA*&hs33w&81wvUc8;2n;>w
zYcwG9I5sNM;H-Bhn_4gR*yVv^6GQ2Us3C%W61)k4F2$OE1JkE5T!A80<;+hL;VsZw
z_6D6c@2vRZNi2QwzY85c|K*#vB|KZtGj~gX?Q?jFpBSSVqZuum_S^HONObA>^5#kO
z*>>3u@jm|eynjx>zQO7K=BKjqO0XWy+6JyZ`?G7A!iJeo>i0WC<QRd-Snir%rU%^e
zjtxJlGDvzHG((xkSkd&5%wJ+FSo)mRSkdj*&xta_5bVfM?8u)u2s<(iThbp}G8kJj
z6k9R?n-Z8q8Rk&FCSIr;f<yVwp}Zfg%e!m&h8zFZS4Ao4O%eH_*iNWbpdaYttBy*Z
z7)vE@+;F8;;GAD^<%4<l@s34LjIZ?4i2~2Aj9<*Lpb4*DQ`MTtH^bry3^QMp!0d|h
zaBvS4%d3`rQg0O_>0cnqd)5?&0u1HjKQjd<yaC%`&|SY!-4%|+%0XS+G0$(H7x(_j
zhsE*Z^njh;)SS%Z_4@a?eIcJL%!-{u8~sH-ze@Vy4?BWOKG2nb1$me6)Q$lRpW0e_
z(eI$2R8COkyPHeiENW3*exWZg>SM1;28t)N%VTd)$6E%Vb~^NnEk(|Px#OKv7P+YM
zG&8C)vbMeWC$Y2Sa?Z(8L0L8bk!yP!D4JC2NIu0y88*LIp4omJTA5*WuKZNYP<1Kc
zq+}wOxk2eQzp1d61Rgftj$U5|&kU+O^o>%ve_b^xe(zEqCRTv^^}GD%OL#uA<l+6m
zA8&g7JzvNd|MC4WjKzQ7DIEX}rrKJsWp9Ye&2PlYO)B}LFJ9$#wI!FCOg!&>@w`e6
zkWEUa<LvPoLnLKe)O&{%ts&ydP0Hg|6<gFK(6$tsV>e}0)ccO{O2eM=#>#ZY6qO-u
z1q~JH_8-aitP{GCA?2@U4=z*OdR)e1FL{!$KcFH}v)g)(8Gqt@51#a@%n!DdS&)MG
zYN;TuvASw%F}f&|5xs{If6TiizaT2|h120~ZG;!t#Zm$jxBh}{v$TbbgO{vx(v(1u
z1R0_Hc(A;8pZPBGctE#&ZSQs(>GcK&<kWn-tbC-W3gW<L3JE>Dd<u!;tv9H)-<Pvf
z=G<;Zj6_c|ucm3>Wci9sur?t+F>J)3&LeHz=fC>)cXB<ro9}3X)!x$oUNospW;B3Y
z7>aJ}n4QmYXAPt2DC%y#)`fAo75ZTAoxFy05KNFKNDnsMOPHnMMm!Eq8wg0JgpD#W
zj4?;sGOSvqb&cfN$8R$Q)^38YZ3wz2+P!2jP-jOw=+97{qv<+)9s<5?Zw}_nkL6&i
zIf9%qOv;TdOR9&OmMe2aT9Gxg&v}Mw#?2M6URD@;oYm0g)9I^t&O>7x<ROs7Mv>l!
zdWp4#Qm`T>frLoJT|93zPn|E8ZcrLez2ooveFt-av?USeRP})CHkz}T;LTV!674oQ
z`4D8f0J|ZxQXh9cc%QrOK%E4Chh2Ar<4wmWzrvsODyUlaRNtI719!#7GOH@OXJrAq
zXdIE3O06g#p2SX|bDk1f3?`4fFmusQ7iHS6%o>s7ShPtkb|_Y;;!Eu|@$W93n<Bxn
zqZ-+2kvE04gy^*~dO~EN!Ta-zz(urdwtbU(#6E{Dwq2wno%SGiC3UNz<G!tIlYPpa
z6LVULG&=$`i#9U^wZ2BH%GNEcW3fi!8vwW9^^Kq|#?d59qA0Rh?^R>KyXe&#C{sq>
z5{J{?Fg@6qRG`obagl$5Is2zT;YosAGUk^SW|<?vtl@Q$NDJ#TdC9;-nt(^d0t2SL
znx$o<TRMh;WKqg8M6;|#Q0E%J3`Aw@vgp#0(v8hoNNW&6eI#p?m_hkO(%VNDq4ZH|
ziTZ))M|mn-V-KaN+>8&2QeTeVmm51o%pk=aKC^fWl10pD*!!Y9ig-8VAOJ#bktT%*
z*QeK(PE`z}We8pG&(1qu2Sr3ks(oT6!pBER3>`OQ*nqUU-_=Im1H6*KPbUY>WEiSW
zx{3DYA7cw$B4|{;l7oiTD3V3}K-g_icZ18gR-iPzx+to`Ue9$KJwWY*8G~{Y;k<l!
z_CVbj=<^x7oIS#GP}-*2p~wzyvz{zj>_{QAnVMKaNukOp+5F*{q^pezUm^&Ix9dcv
zs~e?j|LqwkR!*}%MRsFBJ?(PmQF(Q%(v{G<s^*?ZCd9Q#1wh5~I`FSJdh805D~0L^
zyKbywigc0C-TUK?e&fm4I(4;Game(F)RVn!E}aa1Nak30h@?d#VwqGpAIwZM1>Gvr
zi%pgz$W<L*b+qBwBRv+lNoHjnGfN#KDK#H!uVtHR_zL9#`tZ=Oi0|Rwy?%u0A$uO*
zQOshY*F$^)nO1Dl(LDy)WghP<+gtd2D)biI!0d1d#I;h~dk_6mkx*HBSFz!uFq7Y0
z*|ICk_Z}Eo?|?E*%9u6D>okt)&tb~(ci0lp<vBa4S|3-AIsMDpWVJ_@$G2XDryx(E
z^OCcB3b)Bjo#vq9pL-H_kTTm6dM2Dqu<6>xvr|@~_2WO;aak5cy7G3fIWGm*BU_5C
znZ@Ol9p3@lhE7;Tt<WXM+h_Q8;_Cix)vSJ41`z4wj9trg*3uxUy~Z}}=+4&RZPP1d
zCbeOe?NW9oma*x@XQyQ@Q`(e&=i)64%=%HGXc&o5j4+dMPJ_CJQfmyPNn=HzvJ;Dp
zP1+1mVVr_OeJk_iTQev6_O$7KLRtDxKGoA*GNM|^xMcxgvsL<}5>DLRMJ7mqbdqk)
zYpdRxPpKF0b0J~T#mfuI^KMWDJ4)g1yx?*+oWkv$uyQu!!fn3b@@GcjZViM-U#!Ay
z>u^s#5CuE9AFZHrHu#_H!15JHg=?2^&z*qsR`9~@KM0S@f{Rvx<*m4d+gS*Yn)v74
zU<%hZ;hxw0i&i1M*sIKXzr<JI5@^d_Q;#>q(X~zPR8WTq@yf~3URNk1MM#xVqCWoo
zNR;HC_53@&!52SU^8w#0^3OY=9p8Sc3e<N>{)Q~0UmREM>W9C+z;E>S?0$*eu=&H!
zkmUaOZJi;>Ss?HO@q=Oy5=RdZM-Mqw1(~yf6>ilGx1Fiz1<h|bp#yUMQziug`FMa(
zU@8#&W)UvmL?HMHD_qWjP~fX7Qf{6bDL=;-c)`8>LzTOnadZ`ss5PNgJhkU&E`DKH
z`TKGLLwTW*d?2WPXp~>r${!x(FEH}A=mq<90z-VTsNayvAK$Q)Ut5%>B0Ie|MKE5c
zD2ulz1+m|1@*{eIoL_GFvEPb#MRFp&Rr^v8W%8YTf$N`PKP+_pbBF)xOL!>lbf@w~
z@gBmy=3m*KW|(!`@*b0YjZkbP9ZR0dZ3(H`P+Fz}s-EQ+&*HcrD7_RL<BineT}k%0
z&3E%l4R3C&nBh57w30JYp$EGlS>TF+X4qi*lf`crXvyxsxDg(!A~=C=F%}`RKqad5
zWu^W`z|HWI$vzpHAS0?3C;5j3#}zSpw+(vv)$BUjtkoAJpcn=zH+)a&N+(dw0yauy
zZcV4w_oFPs+mc@9iPNQAr@Ef~fwNLizHcZ|Rv3Mi857d6HuF7@J!UEEO>%Rd9g(*A
zI?gRRmi(t+o*8rc4wEFFeY{7fZ6urI|5~V_Qn^brdaWZgW7E@Wjo;gl|B)+E?VRw^
zx5r4St=JxMMd@T53-k7F57`(}ZSpD^NSI@_2xoBEPr)cvk<_GiwOC#r;c;O4MtlAr
z0AxU$zr{qZE%Gn;mwfZxS4^p}crRVpcIofwET{HG^T>^PvC2{9S{5y}Mq8Y-lk2cV
z>l?)BhA37c?y#M=W?a3(E0;^y!)C<TdW%>hmb;dXRX0yWMQjr%#A$I^bYU~tZKg<s
z{X<UI8t-P=7q2n&0_Y!-dZqSGLzG@%F$+>Rg2kDKS%S%7{q`PXp>dh5F*dMP*3GuM
zy4<^Lrx5S#te$6kge2!PbB<%*{>+jmWVm{9gQ?XuAmlbgg@RkxT~VQ!%@E4iLD#6-
zCTIN3;(Iz*uX)54cVpgBWtml5Bwez_)f%0hqF$VKcH$dsr*X|O<UDb<QXA$XcJXc&
z`>L)8GdUEdg6>djtk#j*#^P>faSD^ebs6)xAuh^|aucShhBR)Pn`P&@2G_JxYj5Qi
zI6argx#%Dlq!&2umf(uIs;rGdjU~^u<V<m`UA5duaviy9LCrh(K5Xlrj?d?o&56P@
zQ|sLmVcwd4FUR3AAK%Ld<Ce^=nU9T2aOC&zX)IA;ya92x-%B@F3ybx^d+F{uspy_g
zDixC@6E-Q~qD5`3+CE`hoMy8gNNlIH;;6EXNL$jbba1mwI+o6Cll2YKWIa;fppLZ^
zk@_4)(IvgG#odi(nk^j|1;(S_H7lgj3w(ra7YuZ^P<ibTZ@qcQK6OpA?N>XPm-K>b
z!Zkr>n_8Kd?k9}S+3Gwo?uctlT+@m;OHa_#);U|c=&_|Ub4;_r?rb$p0Z-Wmc8@q)
z=}dZ|u87VvkI;qIVbv<=F4be`HE`vTQ>$796UU@8=?(k#MfW2|+qGOemQJ8KTA_#N
zXuXAAg5_G;NN<8W&ARkVKCPz~fxl-niMJxuM#BKGv^3z4JNACtBwbz~tPcW@+^0+E
zAd^pRTTXA3-6*ppn5!)b{9~q>X?9lf!>;67(vrsud^a;<$>b-muJP;jE>DzCccwD8
zSuLA{o$;6X2y>g?Vyaynf7~?8?DCELoO7IB<4*Z8e)m=ppXgrUue%SfmGSw^@U2JY
zI5zic&??xv)o%p8IcZ#~CAl4bhM8g3`GfkMtFz7wr@>VyY}5yDmSJbYHZ~)i)CbKg
z=B;`}OtUYFnYHDrC5sKB%N8egh`r*dF<Z4{aY5X?)?b(7>J^j4WJjim(8*#g-6jU<
zQRh>UgXKcnA`XD#q}V0yi?PD0a0tA7$=G!*7y5RBSS1cwqPJ!w%`FpiEX9d=^$pjw
z*R;S}qGGma6pyeo%jvCQXU)}F#zby97MxmVJTt<K@%aXwL3fv6j-7rUceXc~TqN^|
zdEB&O&37fc5}d`Js5<uQ#+qGvA@^#Bx(QkAGg};JsoL5zXQ$=#uAx4=KJ7t<blF9+
z#cU<Z2q{vcq?6LwGS<LK?4D`Lf&fpQVprJ>_R!wrP&kAxp`LS9TsddtEVfD8B-h4~
zT(2?DZ08EO5_>Cq!X<E-bO|@WrBSQ&g8LEh>v8ru*TLkNrnn_`+dIo8bJ<)i=cy~=
zVg<sL!1p;bc#~iiFu`v@?9Uv_LhHRaq0{+P=n?w)d_G@zDhvu!mRU>GwIG;zTwpx2
zLc8!>knH2wic{-}I@{%VImt6>PP8Pr6vHFI?b>mjns?1(&UiLOx_z_E*$I3&U#gI*
zCA)bHo3!b~Z0U(Kaut!r#D!Zkw`SN4X--;qESZJcs5E?IUTTz@rN`i`b?K4IW!@5#
zZE;c#*j}=oH_K!#RwP}Q1gYE9D$Ud*5{12R=&_gF(JjFmai&yf8KeAlX2h9v^N=qE
zb~xhLzfs8?FlW4-zs*y34K9}}kIkshtIuP5_>r4EmeKkhevIj6`aB2|VVav(T$#>d
zY?t5V&pgo^sg^=xCa+-&Tvg5_V1c#FBi`h)xDS{y^%&F0*crS*xxuh0&O=5pRNu|I
zim+LH1z+JRag}51ScUm9Mp?2Qna)(cTF~Asb6FZVSA+BEwL@o*Z4&Eq_FL_yRxo3F
zTtOFSUN>5<A})lDceq?iec{cd`XRGmZFIG{IvknSIWWJ*-pYSBk)fP~ZH9m1oHD#{
z&Kr&!c7WFwv8h*goK_~zG6d#}QpN;gYYwx*Y%v0l^L<Sw(9$PhY*+YQZj-poTyGlY
zb^Ik-&&=_0%rO7bo4{hOj#?u?2Qk`x?LLBNf2REzf}X!}{t8^(^O3^+k;46v!u=be
za3dYSqke(vONM{3|61lzr3qvrF*Tj|8hF>db%?(LuY2{=;4=ZA4*+)Y*1EY3lt_G%
zs6{l^@jx;XLl^?d0l-7vdhQzs$4q#?{{Yd{80%|5sS1DW-}yhzD8FDKF^w_gFIPr?
z{^Wn&(I+<v+>BdsqNWe;H(V||s5`6L!ME{#Z>%@jTYk;&EjOij$$G9<Uq9{b^$yhK
zn<~LIHMrGO0Ir#;J0nZ*{<`BE;7qU4OsQvjlT8Knv4NyOYQP$J8W<1E2VMm>0$HG}
zmYxT;11G_RfImP4ErBF&RIP)n@U7=HeWuE?18;fV8K{9ltwC+3x13nH=Ks>=dd`qe
zY<UNWT~pGPr{zXs?#e6TC9zJN1xJGu!P($KFfX_iB!g=~V{qptVLrpnSEC_KO`p$D
z6|G+|op>j_vFhE``{7n_zdqlIcOZ26${?8rwrn!5y5L49SxA-yPkpZ}g=R|a3tzi$
z(6?$ghtj>}zQe$3C?}L}^wdNGPjC1`MFDGYI=E~|4{mzPEopfF6?bs|n)_x}O~hM{
z_ggP{+v+)Qo<F~)G+_PWviYpK0Jr*QOa-_f)UU@|UKIr+x?WpbldiVeo1pgj&0KFD
z9&e`9HiN6Xyj`^}Q>9f?kCZ*}zrZE`uK&P)>_4ks1mD5n5<ZVVf2X4=8i>EyZmO*5
z^H2Kc@cw$vc#4~A^|-;mQnhpA#FSE(Uv^NvSG{-5Z%XlR+0CX(+-fAjD5>M5j+7OQ
z(n*jE^aslWmBF-NcAzql8w>{ag0+FgKo1}%y}^M%Yj6l&@f2()foFkL|4VOdK#RBH
zi-8pIc|o8!&>t8KOa+ku6Oe#y!Hsxvvpsl3j1ZH=0Wn6*5XYg!>Vj+jt5L(FP+V2?
zol{ei>BQ&vZ{fwEOTKY+gzEC^@^4uEkKXCHGI({__tf{a?yQ+Gje95jTUQ1{I=seP
zZq<0puSTy%YdP;gbpcuBv(|U{T7CV#dEZ7=)Os8$1@+trq=qWMdw(!Ca2QMm7Lplg
z4YUUcFn(>phM+6x2}T1<FfTBumI5^aL%<v?43-4kLA`$^*cI%!(H>L+8G*6@7OeVv
z%T{f=6SQ|c&_k@iEO6!L--HUl`~Ps6pb!OYpG6{I%SBqj_Bo^tX$SXKpC|h#FtWb}
zBKs^-1fu&K_%=1N7sJT@dHD3$7f>yF4*4R?D0Kx!*m4+QtuUihgQisTMZ~7LqPc=N
zG;e6$Krqdlno7i}`I6>K$UTigV?Y`;b(%WlzNQ|Sq#MTK2QU^l!>7U8;L~93Fay<}
zz-PibU<Rsxrg^S;j{KSCdz$Yd-I^b3evG^i)w&+2)_ocNuN=LaL(L)b70rj550O5o
z$9)yVTrJWM^Hx29d8@t#^HvR>`}nye<m=~j=Pn@s0%olGmoQ^h6lSdY2FzGB0y9>9
zQ+=)r8HIVPK7e_vegN}Ut--uiKZJR!{u9hwwF&c9{TSx0+J<?neggAW9f6pefqbaT
z)McVEy34vxp;}$GE(eX(eNOi|^tW{Rx_mTVR|Mkn$6ypr1o5{4{cZT<*6-*%IuDwx
zdsp`^dR`aQg;1T2)^TVGRP-)EMelc^qL&I4JrIj^i)b2ra_f_7rY!XL)l6AvhMFl0
z{R1^q7MiJM%0mC}!j~_68NGbrD;K_se(J)&g+E8LFMRF7*U+2`Ll=h7&t8aL_y(G*
zMr1Tk&8CGGT-d&_jTWjA8GTKS$Y_xok<r)H$cq-Mkr(~E8hOzYHS(fgP$MsDhB>vY
zFsIgCm{Y3(=G3ymoLY96Q_G=G&?lgT`oC$QKK1D+lvFdLqwnh9*Y}_g^}YH&G@$>Q
z{%a_u|GNI`D6Nm`zkxFPZ|a|+oc;s-2dJQ*&`+YGeo8-uD*A8fzlDbNv-$-zqJN?P
zOZ1=W|4RQ|^iT93>OVv~^{4t%^iMBVT&zU9F4kPELEpb<zGy*vF5bR)2mQ)L$3+MF
z)r<Ep-bec{;umrBpI;;{66gTT`t|1^3U(rWzl?<id%v>(+W1Wrk{KW#=Mhz87AR#A
zW#Bb~%mJUJ5(VTXP|}fkpp-~lCgMOT7MvGDAcS5$-+N5PAu-+qBHnidN;|$)P}=mK
z`c8gj-uUIyOdaRiV0N-ffY6bG%8&N{`yG8!v{AHIUQ&(}X^RYRJTBZXZ7=OFdS3DD
zy5a4{3am(5fxVvhX0&Yg&7JGm{f4)N!rIr;i#CX{@{+g5inLc&OWWTbt9bUBuHZ=p
zR^3`rpq}}5BRIB49Qd@p0uX0<KvbFndpszsr9r&kXZ3CSYJ8Psf-j}$xmt%J!<(l?
z+Sk$x_baf{_M+$YF0}@Q7Ep)EBJJzFWxMaxmZiTfT*)X;D=&OQFoA2zs*8Hwo+E=K
zM=E3+aqLSaOUN#OQwEAQUe7MttJ?QiinLb~3NznGe<$|pz;%OqclCbdC1tyBKfaRj
zw(xp#_46w=|DC<_fr=}u^Zcv#UR98$5rN4-QP5ZvMNy%Oq6!KEgb*M!Ap{5#LPNU#
zS5Z}9gfb!`i<m|x8yU=G*_cI)Y=(_&Hj9x>Gl&=wX^b((3`Ukg#27P?i7m#+V9Z2%
z@BLodZawPip0j72o$${4)bIV?efQlzzkBcR-dEJyQ(Lf7*tNgz(B|Rpz-0c6xvt=0
zQ93P)y(NXAnM(z^fh$EWv#n)&V4CEM<R~x~xDl9dNhfzdb+9@xSmerRCV4Oi%Co{U
znp-ZB`_xwS9QKg%I77FVvP0^f+UD2IQO#2o<NL1B+#Z_RGn7@<e8+6d>!*3nTcu^b
zTU)8gxRrjH<~jfMeP;_V?zd&e?=_b^EE;RR)_k*YYWG}$;m~kFNs;SN)}g$DjYCHZ
zIJ2tY;l6fKHzM&LW-^zW@0+7CyY@af>}g)g8#-K_<u_NG9~LYYET&KGG#qm5J59<u
zsxXLn8jqScTNI?G(pzR*EP-57j%6*%mf3)eFf35eax0)}8EZKnC^@<o@C2Fy0o3dX
zvfXXzZ@J!lyCQP`$^B=_7s-`k%XSji3E~kBk*&7HQjlwoqI>y<*$`+e7)>9qxV+~{
zVQ4{TU}Qh3ouaEnSNDgL8gh8`73T`V4><~J4tpxj(i$Qut|rzQlHn?y-Cw=GWPeFs
z-=2YecLJm4ho!USqs`-oruLePTr>`|xuPqx##~at7v9`^BkL|HovV9>_MfNe3<Ls;
zq^^QVYL{CUTGoh#a4oJDKiQiD)zqsEnBUjgGC|VcM~_-G@8eqZfsjCWOMc6G%aedD
zP`9r=P)^EedrNj8YRj@`iA}c>%|J^>Rx#<Bk|m#)e4cbnuS#Aez0?;ZU*LGjmn2`}
z1j&qKh7%=ok~vN)xh}cR$s{)=H@R(+dC5E%Bw3IwaPN>TNtU=^Ayr7_o(pdcZ{<S5
zi4(>>AKo6`&V`0|gm-Z74DSr@<if(c!n?S4g&z+;&V`3}hj()k;XUC!Tx7%x5gP6<
zBJ>g2+zS!;5&2vS=`*W1T|{+6HJ2Ar6H&wMj(92JB`!arKBAu66Y+Ay%UnT(HNwgj
zM%W|lTv3EG!pZH8a7Vbg;s|eqmwQqEW%-x668Tr;U*Y!2zbgMKS1Nx^{u;Mm{x$j6
zxH9?I<zFYB*)w16nJ@Rum;1By<s?(YHh=9S?NC13{}1**=<|BDzH^-5JLkLTyUg*v
zGroDkQ@&}UJMSCujgq6|zFXv|!*|QKK#q?2+R4#T-(}x8Ir8`h$&t<1<U2`@YJC=R
zRORdU4g8xPPu^OWJ0dvVdRvmlAsN;i)AMwLRTuT`IimTVF3P*+eUf=Go6p}Y3iie2
z5BuWsR(*zwuB>!lfv==&xM;1QPH*(cbc5at`u5#s@0$K>HlN~3UiYbd+MP`#<Z4lH
zLDOE&EBb7n5mFaV{gHmPKa$jm$M?`5<PY^5{c?Y$Z_+pFa`=zsxM&)Tt2t%*_JTTH
z)b45TTIR*Fahie@moH9Vls~Lntmw+_svj>K&i5AH&+OS9;=jMs=6~dW+!*YeY~1d0
zc&0tojmm~z=Tm=gW4hj$c{Dw5$I-$XeS2fEmfIboKa%|@e^VE=72hE7ZqDWRmJNF^
zWZ!&wzVUd<r5Cqn%QMFtPh{!!!};wy+IKe5ve;|eTV61d{iw0S7ngOxQ{c^R2=zT}
zywq^9vA-eGH`u6X)a>18)cfKZ!*-7DH8*CbOzdzpUh>5yuNKz$ax1!gQP{53hh`qF
zzpvAJ2fP<jI=q*5wD0ZAxv+E8yS%s4yY5}j*zOCVW&WaA$ZJO{?$A6}bm<*gv)PX_
zALV5yujwy(C%m&h&Jynnw@ek?^2K?_yjQ)e-n%<xT5hMze2>&kySLvvq|^G$Iq8`x
zS*vB^-UaWIqN~L-zH(humL^M+b0TlGkk52vKGJDTGEz%*zG~Fepg+Z**U;-(@pt)7
z`n~?6zHVQ@f6kxfKkb+M9{7j-<NhiCjQ<+BhSVgfOSx~uSM9y!lkFMsUUz6bD?X1)
z?L6sgbDs3`{vzMBZ%#Kz>U2=2^}oJ9q%q%rdvBe8)4$}u(<nAp<@mLuIsIiRdks5E
zy%!3{Q?m0ncWyNL8=H$x&>AXQD_YCH-Po$XS*$Le$zRG}@~#!$PsuJc>Y}o5Hd;Kg
zy`6d4zPOzJoc>Hwm-@)YzQ(egvBug)SLRZlNJ{r%;{d6tA)lx50<pwSe<`uO8h@{I
z(Raf)PxeKR&6VOU^PlzK^vAn3u1I=BdYw~Vy(`k+?i=wR@jLvN8*c81_g^IC)ag6#
z@1gnkjCjryn_ls?`Gb7-^hJ1!Pwq3{?V0cP%y;|q^xa5%>3eJJd$;Eg`ys9Y*AOST
zF1Rka#>mmIT~0XVnjyMjo6L2Q9F4kekfUzbN%G0NhFsUl(REjc>lQgW=NcwQ?XIJ)
z9*#e<<f<b_O)i`3%&+^2xBf5UuJplMzi||QlkWUK>f7~Gt|_BS-)?R*#U)JaczmGM
zB+HyK7VGK~mW}JCksURz+r>pm)v5<MVp^B#fk~xrPfKx486ME9=oLF2r#((sR`%}b
zH4eSxPgpjDyKX0}?VMLlyOxrwjoX!#`YCs?Tj5T3=euj&&F)rrUxl}#%RT14>RxuQ
zl5R*vcC#n9vdq2a4)c_Isy%fc54mPLxu%$0(_i6rUm~HeyJtzr@U4)m?qZL@(`nGE
zvt8$ukCb;zXA<wHc9=#I<8`?SVfyyO_{1gGaKiGgEK{f9RNBq7%j$glc+Oh(S=Z&9
zTAC)$8PA}*mfWk)!;yQ8c}8f84w8<Mq)X-YSC)BH2ct-OCOy;oc6Gk8M*T!bMnBhM
z<3M6)Qh{lDcUw_^!m_E_xbB)tOi?{Zxj;%OJYhNEQo<$ms`-lPRC>@$tK?X3s7?=Z
z-KHg+#2N1<Oqi<GN_ChzTQx~iq9<ut@!TV6dEj<6@C`u?@gyaETj@xzENf`5D)m%X
zTyu|AwO6$_^fsLKv>oIc&NiI$<Te~}XM1vKnKl?3@){iO)rMmpuA$4^rdrh1xi02T
z(;9N!c8$BnO(UvsWo6pTfmZXJc`jl3Kx=Ak;$x4@Q&3!lQeAhi?Rac%(@*J%U8p9F
zF6A9_o4GCLIw@J%j$Tr#7j2&6uCyiHsp6ttM@=g8TyC3k%GGPAHgRc>h!rindebhy
zxN15@Z6zVNurl$OA>0t2qj23esdinawq{hCMqUh4J=k&9*!-d^(~)>AcX4MMy<@^e
z!UQQLa-U4zxUSAOsf=s6lP0Ze#y;-Wxb>bkcQ&k|jFg#$ev=9ob=-Y{)}Q+>>?z8l
zC6>`d>yPAV%v0jAkvev{U7mou%Dv!z;_e_NTjd^dD~Wd96GzTcdq{U*CE-sHEwMv)
zEwRx{#4hV9uU5`_x;-aJedM}txo;7BHM{%V6XYs-_krTBTvATDI@3nNt+c7)F4KnU
zfl+Bxx=v^2xvuHz)L}bn5@ubea~F$?)OSs?!g19D^PH(OZH8{9r^f9hHR;G#HmU7q
zl7kzbQO~?*(Q_rW!*j}W-ZPgNS~yPHqt>{#tJg^GXoyP)Q)>(cx41t%wS(E7>OsOS
z*L}4jVIg6{*lKJgDVk24qV~DFEpsX@CE=ENj#%6ilU8{-t;^`L_qaBdGse}l(`gq~
zA!$>lrUu^AMsl~}8T33Pb{N_aNi0$B?rSI_mQ_makhIJ?cSplfQr1fMY(r&3Wrdf7
zQ#VAC5*Z^lyPedDi{xO%v(nH*T25QTuxG>bv>~M-tD&aB>&|WnN*p%2jO)fReY@eF
zaUh{AVb-WD?kXHtXBT%ROcZzNa<kTQWh!Dbrfzk1+7Z_y*ZrKe#2~WWcil918vBfE
zuG_hb#%z^g=e)VCxF|;?{gc9^(nXo)TxSoJnn=9*C1njQv!Z_2Y2%vmwrRw)LC@{1
z%hBYnB-SKcH8r^|8;cWrQ(F_KOg6&<!-K>W*Tp<b>T%^|U7hMi;;?dR$EK-dN2T(%
z>-EHIsU2#)p<ESiY*n3iog-~}*%VM7A$A@}dz?7sx|0~Hd}Qz0buR6;G2ir5{lt9U
zRGm1S`ouK7<8)Fr;aOvqAu4+&?M`C5aw?N2B_5Y~Ewf$SuQwVDYS9oyTY$MOv-HhA
z*tkynU(-F+gS0N%ny8hL{&&haklMQAaqi@fvq{zVv!-hIDt<Zco8q^g{U^k;|AhEg
z|DO=Q@q3I>O6-5okFwmgta5@pPB%_IdD9KuD96jg4&3Dg%Qe$e%M#H|7%ZG%8Z)h>
zYf1PqV*xoDHr=rhKgu*{j^l*rJEnQdILF5*H5=sIiL?#N=-XP=TmSnI5)}THhxeD=
z!qbYiSeyEx;zF`4q0{u(a#jA+vRo>Ydn~J#_1N>)5NniG6@C1WMSD7W`=R24?MXoy
zS1f&&e#?MXZMkHbwJazX<Q`R#+(SZhR_!5+)vWK(s;wdQWAcDD-l$TWjRkg1%#qX;
z>!7JipKot9#Vh*KH1-MOoGwe#pB%1fc7$lB98t07ZLizZwnxd6MwLBS+haYGHk-Pl
zxMVDeUNe^LFH-cG)w_aCl?HizpSIGzZa)!o%z7hrGCE8iNNy@yNNtmM8?U4(omuKZ
zxlFA!RchtBi%v&EokFiRCk5rL)OA%X$K2NjIYaly@7iuCb;{Kqr_msn%ThNqVOqJf
z#@Vhm8$z8$hSCI?ygGJ6r;fEnPiWFBAMUwf3(_pa#LG)`DK9-u8c)9}AF)O1ye4mk
zM-iqvopd>|-=@~D+W6XFwJf9B7H>;Y+tRmdsvOnH)3G;fS&lkoaLh5y@tloPbJDfk
zW41g+pDEJO6g}YRjMi)09o@Df$4OhIu7~DnPeJmaX(@HuctzpT8P$VHk7$k#r)cFS
zk}Gw&+N@Ytw^c0HPb4joR1U`46axxP<wM)C*c)|SWzE@rFFmyd$ww+>I<I;(!;`vV
z3QD>h+hkd{UDIz*ziOI_S<=oND6rj(8BeQ9a%hjm#M^FX1X34m<K^m|XXPW>topI&
zV0n}BlH!Tl>=;q#jk!7Z(l1mErFJX&)9$8;3G<p-$BH2|`F!$-vD@)9dA@$a$){Cm
zyKFa&XOx$0_et&x5;mMchAhXtzRIy-G^neS3$*d6ld*HrVY;(%p=Arsi<$vlN^C*W
zlv-=NLh@ImyC@H+&CVrlP{p$1xZ#@fbyJTqVCq%WDuxc6)YqmBBu{H@DfBv{Gb`q3
zMtRIx=l!HRTDhj#SfCkGTu_ABN*$*hHbt1jv+I^)FnYpqMm}w;u^DYgOxGNN`daIt
zd@edTy10Hwd(3W$J)fSg=!-d`SWODuHDq7Tu1Yp5s}y1C5bHx#r1gxkVCUJ`LG5Le
zQT<S>&NyR8NtVT)m*23Akv222>$?1Dsm!t#bCa|InYPp#qIr^3Lt26%@4RAywwT0p
zog=X|y*d53+#~nI+_bEd>z<@HTZSyxYyH-6MZfWe!WBDbxlpmDekk`OZE9y?9vKZ4
zYsoUpU29ybAt}gmwPLwqnY2iivP!v-tTh?sPvrr5Ao?zCWd^Uc#99(_)H-MCie59d
z8;te~*128R?RPZ;jyOe!;h0^a>97{)^OHG4sa<35vlcj1wN=R@F;jL?e$swCS{XZH
zzp9P52RqEF*OkH6^LCe|FZzNbN?)9D&(LFixNF_IVI}u8s<b`Y9$l7hxPDA?LZ46C
zXTIiyE-Th%Fecqj502^5mPVh@W*JJg7v&z~NK$BYm@__k#7TOEG^KjbIBz_ol^Y*u
zXPn2<7S!d6>&`BDx8g$dvNlK|Cber?ospKISeq%x*k)PRW;rXJk?F^sDVAH#Bbotc
zsqTojGAEEaDGy}aQ=5~^mBC3tX?N@W&OE2rXpXt>>`9$B^zJ@=z^2e^7PMzmN1R8K
zpQf&8E2B@SM-sF#OS-Jus`}$bl_uX%Y3;V2wCAUeq>k9DG^_RwbBdzRKAS#at+U$f
ztH~kS6oo78s-Z?b8heHAHhF!&qfNe1Un}3x<;6VK%1IrZpu1w-)+4_`jz^un&eO^T
z{hBSbbkR|l%$Xw7`}OO#$kbD|o|vW7IQ^{6o5b7NZ9TTLw$mBm%JsUggnNhbZI=@-
zk(NAYo65PTxNBKI7^Ez-T_o+YS36}JPK~RcvYj(rR*dP6kiN%ZJ8GNB7_}|g?%2BI
zO=YcRF7>3TOMas&UpYo<bWAtn+|-_Rj5@9ybfn$2A5YlGP^FD!EIJnJI~@1O_P`j>
zW@#f0kw$~#ykk;v+%cyc&Um2i)-T)C$@dIL)YZ<%F46H&cQiS~7O78<H8`dnH#C<j
z;|!ISC;HZyF6E_|c;`7&iu1C;XbX)wcVIeUBYV4kAvMH#dzU}vKB<j6yO!1W3@N5-
z=|j$&I%C?JI^evP{FL;(GyCIXmJ}lCch5S9<x#4lq$1~|y2$!g=hPvM{FLq}v72#i
zY5j4<RdsIkaZR>Duh1)l?S4C9^nksLj1i~OW|fz$SFDq<A;!tnm7QlD<p)k$A1D^I
zS@v6L!TN=mVU6EDX7yM-_UqOrYrwu{mZweR#l=iH4EF7bm+Cw6^KFmycjZmml;n|&
zChLg3IbF2QTNiaR^&J_DX}2;KW4o;@)_c0!)@pT$W-Q65y_p`I9-KVy$W4uk>54h6
zP0?PfzmQyFuXU6po70uH$mGf75l4Z2z}{~kQu?)}iateO^jgN5jFRZ(<Wc*Roq5)2
z)uWwv<Rh`+d9vgX<t6=HQ+&ck>YOUi!A0LSsuIeL=amZkSi(K!B~8DsEB3rS+g@y%
zl5=G2yQDQHtE{=vv(|EZy0OGM8goSNO7+;4_62L3L*@u~Xk%5Rb}RMAlUM9vntXkk
zZPVJBbknX>t|x3HY|vE}$;z|;ad`GW4$uC_;a|=FIQ+)?>~nK}cwVu6#gxto+ZRJq
z$S1%3R;Y^bdeUv8n@w&?njuG1N%Q1rJT#bm^4mviL&(v{^H0eqzkTTNV{$a`{MzBy
z$<gVgZgSN7{2lW7X3z2KS%qYtpT{%*Y;HeEm;QgV_y5+h|Btxl&2YaftYvF|Q*Qnp
zVVbw@+q|_8kiB;6lb#=X+qpkw|6|hqyTY}Sy@T5yY{M23Turt%^4Up_s>$9N+>PyI
z@F}vLA)jr*gJiP>hvO{W2FZRtxDGLlkk8TJD`X1~o+NuUISwb=G)O<0bP60Hn+@^L
zkyz%)b_Ma)k&RqQ>Q?(_^i6==h+HlO-v`h|6h~BXdVC)s2j2(C#rFYr;rjr2_&&gH
zd><em-v`)(?*kOz`v8UbK0pz^53m>C2Pnq(0ba!S0ZQ<FfPMHrK<U5v{7d*=QACR#
zCu2Id?Z|KK$H?AJ_O7ktp10|LJ8ak6&i}rhp6@05>ECny?AA`@b8m~UXX~DS>i&n)
z^7cIbG2z}!)9=dD?+f4cwtM`k>1uzQJWTeBzdrU$XXz#@mvu_7O0UYoWg+CKTUISQ
zNwzwoIVtlHO|`5Inp3hfvO$>**L0HOa@l#=h|ET`^onZPDA}%n^pi=G;3-)MwrOm0
zvS|``0lPb5YmznL^9=4ow;ONc90^?~o8Q_Nx3-n7ji#A~x+i-;KS^86`~T#9tvL}n
zq@~igw&vljt-JBo)_lCRbr0U!T7b8<7UHd~MR;rLUc9xn7;kNT5pQiR!CPDR;jOKu
zcx&r^ytTCqZ*4t*x3-q!t*sS!YilLm+IkRgZLPsuTOD|7s}pZ+b>Xe8ZoIYCgSWOe
z;H|CRXXXC?sN5wIt>gr}yz5*lDg8TJ`{TD{A&%`-htD^4s<*=M%HO=^ckO%_*~_-}
zu-_m4&HM2p+a;TC$<T-WW*B;&$f*(qHjPBXH<2v>w(*^OH{UH$@F)3G{23xQk@MY5
zN3??o7a+$c$>({pkC5#=wg5RFAo?>j46)F6Zv8sr%CCQ&Q4q()DQ+8noiP-@&KQGV
zXM6#_&KQqhXH3AaGbZA98I$q5j9UCIV+wwkQHS4U)c;?Oo%rvY^cR!pAC;>pB^Gc3
z`baPi)KI>$0lp4RF66u5BC(k`#B-d*CaDH*fE@_)ZSW@eJ?QhnQScNcUk)0;BIt*~
zJ75p=3drl=3^c8f2fzU61s{M5;3h&kz#uRi#5{&y0=vL|@FaMTQqY1&z^62)D5c|D
zr4)=DO`;6*z<7`c$H8V0@oa7f5!<iUAcsJH%t?e@`2MFE%-A9+c_9Y!W$**|K8g}V
z82-P4Bj82wbMz{{mm|F<{|#t9g==M7q-WQme*(S%eii%)cm*M|Ab$dU5t>BE{~i1!
z_@BV5IGYXPtnk<1UxE&V`8v2497Xz1K`up@&*A^uE@3v;3L<_9@+(0Y(koHE7i_>)
zxVzAc*ggoppUzFCe*^h-@Bw13LP!Pp9&jg^4i<rOa1WRVc7d>J;Ur@FEO-WS{zvGM
zTH)iM2mCz3oJQ^jL8OO&6|4slC(lae--90m8yKl=^SC4b5#;w*+z{a=_!#^rYUh$4
zP?>)Yd^hwzMcPo>B1_NrAYVhOJ`GJSVn+E08qf}YP(r+Jp%@`w0YjmOy@@^aEI)>8
zkzf9QfL}(Kc7)%CkW<hcfP5aZ79nRLe-vb8avMYn`Rg2+#S33Sek;MF;68-!Lzrps
zHN^a3=sQ8AR<Ixq5s=>vMuUir{~_dL@EFKy(2c8DJPBY3!s9GI0S(e1!qNoPsqpt8
zQplf!oP*RBK+XqQyF<MTJot0)FjxY94SXlk5Qf;G;V*!&Y60;}{|>Sgya^5B6cMM$
z%Fv3luQ5t$2s?20C1?h4)n9?I4bchx40s)Sw0&tXvj-5?F8$b69Z|00+7#%65C;9f
zupNZu3qG(JVUQOoTC4ax<Vc)Fufii=(kN)E!B*}d_zGbom8Bvy9`OB?VjSdcl>8k=
ziIngM^eTQ4XTJb`1^g<mYJq%&a@#1Q<Piz~3&ijgcYGf5eeeeOb?_c|6Wj!U$z*z8
z((h6EGUERUi15N1_!wscl(Gy;i5+x+PLSpL7UXiU5}I#=uYoM5-vU1eE`a|4eivav
zQDPCu?^VdSN|*#c2!0rBLwZ<A{x#^@l4&`d!nJO27xV`3J>biTA7w=>gz_bjm3%FD
z7_@>1k-{^K{5y!o2E7gU`YhxN;Av0~p2OXLjH~9r{|5ak$_Mqxvl9C!unytpq5lr}
zLxewsoFXs65a>txuOQ41py>mVQ<2%&ZD?QvvQC6V`S7d^QNm;-J%};%AjVUw=O8a~
z-{t5CMbm?nllDvX--N7#Jc#iB0{%?$IYQ(@SORf((G2q7-$VaXkfr%9V*45R5E|rH
z`YRCjDP?s!ix^OAQdkuKeemZv3u_d6K-i~<@{txmc60S4OcUfVup3vg@?@#{6!<sb
zd0dM&C8GAF?a+S!WL6E0^fQn@0T!Y+m;*n_5#LYz5bNjP7$lk>LGO~J&|Z#GNZ!0n
z<Rj46AtXjI9(@{bqhZ7^&@fVrI8yZa(hsxo3ug~(P7~P&IfMGcf{6a7i@Qb`PRV!T
z?DN!@<5>#P&-1LG|K#Qh?LBbTj<nT)EG5UNEZqSbz%-oo<7^}3M#$wLMohkz5oh;-
z{|*}T;rwx?0eh)eOh{$)xBNj$nV05TWTWjea(x7MuLIwM@E_#P5Vql}Y)0rY0!k~m
zC$#jSPnVcc&P2n%j8alkN|}FH1ARSM#vMhwz_?7)AbjMF7l|I@9iIuhahE+TFPw{x
z6m(`GxHr$zaTY{v3QthWzodQ+|9)ImhZ>Kg9<_+t6w5$XVi>{24^nFpP9uCeyBFeV
zfs9&^>5;a}n=!PGaIcS}#C`#yX2sp~F2wJp-m)B2gWmvAo}z<U9bz`qd4X_*k~h=&
z5#PaT4QD?J2B7&auDV4-ij!bGEl)9tl7E@y6nrnc3VJ7<4GEt_Ucyn!4JeIbg!v_M
zv_@wl{Nc@RYGViq?@{n<k}*!OfGuDJ^bMO|MBb-S{$y^#|1HZq&RS@_@E@W!CNx2Y
z=ggPlj)mY}I(HN2aTW7qx{)e9&N>)Tsz{HN*_e}hlHvuFVIR_Y3fKOG#Q?&3#dugF
zJTWQ!Y60y<V6%p;HVA$nybHbq;dda0Z-Ff4VGwx~n1{@4<`4+qM);q&_Fd30Kj)vJ
zp9bMY3v9mgMVy5{CVmHWLH~Y`$wMI8yMR_Kj3XrTGcltPZ?d`oF+UQ}rwJ?IS%iUC
zCZcZ?eg+x7F8^c5@Yn?}<S-C@l$a0w0^~Iib3GCBI00oVd<mNSAm&yA^OKq1dkch@
zE?_PxGV4XJA|j;t58!_WIfP_$E|xa*1|svuHzC9S6eZBWs}wNz6fr9iFy9nx;Af!!
zHVB_wM0oL=I15iw5THo|*-QblU;;VxFfTxcr^>@`=l=yn3G<i}k@1=mrNqMqc+{!D
z(wPeW1-Kt)`@t{5l2OY%{A7X6G%*9>Ssh^x#iPaXdhliNS4cDZ1QGKH5wj|h)nhZ_
zsR5by&V1$;ob7?k#zfQwKMBH?c+3cRlpfFe@SpRMgd33CF^~HI=my^do&Y}s;_f2S
zEUIxY1BjkhWc9+V8ojz;M>)X4MP|eB=lO>q=A=B@ju^QW8>tr__Q|uEI4f<8-6CrX
zXum=dh;dDb1=+k0eU!+01GH8_huHoRd<qRLM_^+syDzL%z${f@GjX=^fH|Om_AX#m
zM1b}3Ec}NtlftTnfcg?xj}g3OW0a^_5i=m-Pf{6okw(L}DFt)4{G3-{V^ls0A4v__
z2al)>%!0-QW`i<N3Z{ecAUs0>^93?XW#Oqu&HU9LLGv-NANRs6fLP-}jKWmk44I|v
zz2HZoVScFq27#G~Asq4p$VjsQZ%|}2tWQI;7yM`N0GN+BnU5OEzn7!)Wg7lfXx<4T
zJv>T-$9#u)BL`9Ml<xx-U>C^dW$=E57*GYi06k`5B625UuE8^JAD*yq0{-^LA$Nex
z8~+}{qin@@LBqUyHgkLhJchF`LaqVd4Jx634)QlZ7Un}BYF2<pEuj3xkAQ48@ioXr
zAnHOyE(F+^l=X6~HDQj-vvCAt;x^2qx53W0!7_Qa#==@|6KnMd&sM<x1Ndq96^{@<
z^DWWaNSXi4uEIJPkM%Jg>lHj!T6pw7JXZO5^msC~*=^{Zq-dK`tfxuQ6Ux57+0N1V
zCJn!v%Djt(f#1SbkTAx{kV28IEMe5(vHr=U{}Hh!CSn~!WF9YDc_^W4s=`Z@BG%SK
zcoBR&h?MZ?y?J=}Jl6eqHV!@qPSI<5cn&;PV}!Oh!e|<xS0d&QfuEq<hJH_c4rh@b
z2^$}=e#@&s=7FFLMK<=au^3*8l&znj_mi<cA3cu@J&BafHL(6EVueIx>o6GE1&lu8
zE0`I@BUL;~;1Oi3F!SHpyiWV%H}o_;(6G5r7s$quTOh^`Df|{Gd<hw9U&?ZUwDFbD
zU>ua9<V9vhOCZ)o1*~L}c1mMlrHwvWWIo0tW(f#`JBq&mv0^M``X3?v%*J57Qh2Z;
z*6~C(<{F`AtKu2R7h4-d2@7nr9fSTH_)QQcBkToHYeF>m4xB|h;^Bda9aJN2gFYLx
z0E|H*tV;%8NCtmWhP6uB1k!v8VXzu6$Pu%ZK0_hBI-wNhEJcY)e~g%o;65-HOa+q>
zTPJ-YBl@6WEm{xx<Qp;)1M_ogxlD}3gi_{_vemyZ+y$eX43vCfvjrr1k-Ul=T|o-r
zhmetrrm&Pg%MdZn^6)u%wnB*2ODXD9d<;FFJBXOUiEK{CESX(<4`e<nTLFfb%deuh
zfma~1_0l}#=$%Lj%0$wDc@Vrc9$uD&d6Kw0FGEOp<Khhv9ykwAkH=NgX6UgdFNOCd
zUWUx(HH@$j5xxYE)+%DYDT9X~MQkGaIuSDq8J?<$Z2i_x=lde_8`+vR*3Wr17ls!h
zV{?HKW=n_@Em~%x?UBzwt31BBN@TXu&b%o$w_@{I)TYQ*xmlf#z42utqkrbnQh2Om
zOEHU)G7p)R6~+RQt*hgSk`%2{L?2F{iF0(dlWH(th^&2KrB}wvnXPrRCmk&PtginH
z<u;5*?_ebcKU2n@IKYb*@pNDtTXl!GDWX@AVU{Fgej5CL0kM&J3SDVotp>ig02>qF
zwTkT71j=7vzmCG5CgACn2-}vj**aT=KEf@NyRcD)l?G-~Qnto|9LZ2GGOR_*(09qO
zN-twik+8NevYs5PA|kT~JgtynZX$(siCEJheg)ODr$21=)J#2X0Z+2{S800qFN5Es
z6h1|tdlC<jYQ9Y=MIR!<UzNglm9aSv>vPc8iOd2MxQpa0>;0l>xk*uCQk1!fmL+9Y
zhhADdM#G5k69iT}7_Vh)#ALG%HbODq6?z%kvWO8-WR`>8Kw$Ge%$`Kpl?XpX#@YqD
zFUm&-ixt_LKf5~{za|(Z$4D5&FGC+L#VU#ny_^iP6r-e!%{A~0QHuUn#F!;uMlVH)
z$uN%=U*_sy`E|%$9YRumm{Q6#hbV=gZt)@Ptqx^d2fL*q4^sv;G14c<<nHwByK&V|
z!2942!0+Jf0r2paOkx(>arO)}KLpveNW(S-C2t20;_M*g9LTNU2*Upz<fD*Z1HXcF
zu7F=eem{#avtU2?x8N|&z5)3agpY*$SI~b5ny*4*08QW>umddGy7qsucP>y?6z8I@
zNB7<{`#t;p0ud2;i%3S~B?69!BO)Ro5=7o2AOa$yA~6OL2@*5}2|+>>2|*-8k*Fbv
zNDv88G>Ff`F@_K%iY}vs5av{UHQpn0&${v4b?!Rru61Pj?drd)tE>Ndbk$$g|CpJY
z_d~)H$ipL!W`roc^N~M5YS$880B`0l#Pmuq3#W7K+i(y3EAmT7!AB1X<oyVfnhKNJ
z2IRja{yAu}n(#$j`*Y5oKyo*1jeHP%2nl)%a;=$>S+0f;!@b0z)B>B}X0CmWvmbKy
zPmXqPgX!^X_{VS+e3STh65a~Qa{#>soaTui*aFFkw~nhiA(@Bd0wh<$;V{YBCWPHn
z7vV3E3?)1SM&QfDceSMh;acRAc$U8-p;nl2iw(z+-@s`62D?wgWBjQnV(;B)B|iPU
z@2pkM4m{n_p4D9mKLD`@>USBdG@&QF0r{<r0h;rczX^_jqijs=)}xOgp@-LxbJcqI
z9HdwAeo2_og5Cia!n^Ax*f}rZvG7hua`+Ts`cHi&;cDbp5FUt4+pQzqPCf^a6PM?X
zum;w`G4KL77&d}vK;2K8q@YK^LC7y8+>Ee-&gvUO-j;ALn=3P7?_(q><TGIjmf>Zv
zA31dEs?uqgFq%{cc+!!`uOj77;2)3>)+dqdK>z)$_Vjtkdqc`duR<OnTtS%8mwpV%
z?_4P$d6WFCL&6MB??vKP%y%MRgJhwrAxO}n*5u@GJo|@8&c%{{3G%H-GVnCmgqZJf
z_AU4Z{5@x#Hj40acs4wPIBwk7g>Yv}d4h0j@-~^6UAg;E!dJuYj?@`f$J)Rit}b!y
zXwrERJ_9#G>Yn-uq^_!a$v@?##xakZ;#QzI`wslr(Uy*(t=l_^d6bxp6;+V4pCRc}
z&nbr82=jFMFzGPj(ms-5l;a_;{drx{gm0q`Tmx^0vxwOOrjWFR1yVbPd?b=iq~olz
z?UA>q4{>`fXzzM3eTcJXGOyH~Txp^QH?ufKYO^6NNKw<&<@K7kcL{O!0K6MsXX$;9
zF#U-h!QH=sq@$C=$#59#fhM;QpEjtwAn!u?M$u0c38OL{Abc7u!ttcAi||yqkem!6
zJcZo;jcd<BG6!;2p?MwR8JW?jztaD(hEl;Czk-ox1=b1Q?cQN7=G|yx2Hxh{Z>l>j
z?M^&33=XmMdZ`Bt&xFiVyaM57miix->Sl4!@C@ozAGekY8NI9Vq}+)#uOmFVu9M-_
z<o^mJSE%!Ce@M6s>`0nt!YbGjUSszSnrr9To)b<YHR_wn*qwOlQc|da!z}gr_F8YH
zj0tPMvT=Hg1x6z5S#K0E8I7wMq_z}3#I-ec7ow_G%}w}Y_EUYv{-V$7M%X!y-9xBa
zs*S>0nQRWX!oH?OnwdEFy+AyVq_g2S;N`Frt8D%3zC=}9_Y}|d6nETb^DqBqdt<ww
zP=5kXTB<(wj(VhAZNir!xvXxx?E?w-wtCiQ5WcW(gDpq9vS#MmHYY79wQhE&r5U^K
zq)ytk>2vLjKrsjL8r5~P<0$kwSacB9VzY$2_2iw>le-w|KfuFwx0p$7r5)`f`Gj3$
z{Ykk4cUe-`OxX3=W;Xw5Zw0#w-(X+jU>i0ge><0HW$)#&DyKUB<3W0fsq_hU-C+f}
zdcdaOx!GBN8&;#?AUG1XVIBE&VmgcE_w9P6x)?g^dN=OagQx3JS8Ldm)r791hUYy(
zi!jvFEWJf_gM_uIF0gv|M{iq3uorc^tE=H$HIyeEMR*){9PLtL%`{4y5!eOW&UrkY
zvw;1A8U1&trE}`m+y0#Ja52Mho_I^xeV88^-dbnqT}>HXQ)gGVui<%@*p&Tu$@5~H
zXEPJGI=Pa0TrJu@N)7L2C4p9ikCVe5lv-CxZL^pu?EWQNM&r2ZQM(D&l#wmLAw0_n
z$}3$rn-*bvj4<i+<&Gmr?FRJR58ZZw12{VzwzD%Ge>^4Ims(K+JHu*tKDNhdIEJe(
zhqds-dK-wH7k|^n_agR*^cHI&F@0kzTh?5gmwDS-A#+>R7<p&%=~k<ck^jHj6uc(3
zWtmp66Wa6_pqX(z(f#OiOx<E(EyH$wP*eYp+w}E^a4!AxVxI0|a@&>up#|(=sVkYk
zUyW7g3gYyG=fI25b{}#w6v^4-LD-Vj`G0J)JUIhx*nECY{y%~pWK-ILy{aYY<fxg|
zNUnmn@Ya5evmetBT!y@}*kYcpqiAb57F$zG-cz^Pz1-?z8Mkf3Qa7!$y>}P1I@HEj
zL)riND&ZU9Oi?GSP1UB>$Hw#yAs;In*;Zp|^k&0X65dVt5Owcbn-ldCyq2@i**u#%
zVC&@cx?c8d-I?SnWy>1Yh_ej`+OYQwlFPZ{<%BOJd<N|5h`gHnwtz#BcY-%_c8WMd
z*xfic*fuD;m{MDN@*l#kAhflk2x49a`->k^j`n%~Ri1}F+d`uU^G37sJH>}KhlHDP
zwj1~DjQpy)ut`%|nx4v@?L*8T60RZ65ZGN@C9IvQE&U0sI~V@I_Bq5yZr%kc>bVV5
zvT87rk(T-_QD9_Jq<6B+k=p&@uZG*L#YtU3{9g7Qp~~c~IqAFzN6TA;wK&=Eba<D&
z)@xJuk_n&1waqD!7Pc<=E3Ni)nV1)$u^!y98+U(+@L_gFwIWWazINH%zDjESY$>Qu
z<Qddwdv*@I7cM2AKZ3K6j6{c1<VAMQXsLJCwY2wwFIuYZq}&m9mS-8ZhG)YTuzOv`
zj^8M+M@aema0&bt{GKZ*(rF31kn`DfUl^9iRa4@8qfXMAxFgy=uWpRt>9DD#`bT}q
zo@UtE)_GG>=Ubk9+?+j=lwT&!xwah5eJ2UKSE?;F#Ig<PH-)V!g*(y4Eu3wJye~Wl
z-a;?B-^Hw#UrOD!W!f2eBUc~l-@-e&s-4}J$jEAy?cahI5XSBrY)$wz_-o6c$H;`$
z^B{IS4?Akm?T0zRo}Uwp!`WF8aQjbK9q{HjGGm&<yZ~!|fVH_w?2Q$~uVf9#TSm-f
zq{bc|?@~wPpE7d33u^;&2cH#(3ReAs?8FPQ;-HoilbNi-cHz67LX61+%rOI#ApL)U
zRn8!mUVo~iJsUg-ndt`~=Z;v{eXI(;vm{_W_L+YL+1(Mi4>|K(A4`JA9LoC{bB#Z{
zw-}Nwj`n#2E{DuseOA+g&c4bnYwt4d?(}&baooz?LUe`Qz++xn!9JY8Ydjr0oq|~7
z6&4;fA31Y#g(XLw37y@**)C=?OA5HzD=A+Cu>*J$;B?-Y=M!e`tWGD~0S@GB{j8aJ
zU&>lJ)B<NcCJvSj?`iTwd3jh`0<2m1zd_>GbNQYnfc-y+)jG(2l_2{xf>^2pXeNN%
zXSb5?)@Uf50INI!EL}lXVS?<053sYyV+QTHb;fhiEl=t{k9>qJHP5YB)iCdS4Z4!0
zCi~s2B#2ErxQMeus8?=3|GktQwl9A$a#xFnB4Pd*#6A#Y-8SIX{w5;FG9Pqb18sNY
zEGt&QhqxE>O^?+gQ<v;n>R151`K-AIUPX@e#%J^%a68A|=h|;`mbtU9q2liB{0UA#
z!n#0!xqr}of8oBKpe6)3>)(b>uvY0qj?A*}A^ZfEmPe8N6v@xwpO83P-&%MV#Ma^W
zB+UvW*nhlX$gwmkEFlW(pNGvS@DN-;oaOe8-YuLR4{6sPmOAeOM_Q08_Zdj0!8;%p
zKTTO{+L!t@e3v};V#MWE<(%acJC%>+M86Jy;>bAjC-eY^xvCn?V-NI()N_iRFAyFM
z>7zU}pvjewl}S6x9=X+63A|gVrK>3^>Ze}IJNjwvvKe9z@ops!_8jk5a1$j+9`rp(
za>V%y>0qnz?uXQ5uQ$AatC$yftS@`mioI{r&%3p!j~z+*W90O)74%(Rj`%q=$-YF*
zek%QY(wqhV;7ISvjuA!g=Pjp)!II;xA-C^AEPer206kiYhvvOU$Zegg?WFK+dR^L`
z{{r&%Ty+56j^u}MLj6<Q+WQFCvX{eiz2EtqJ)c^{o5FYfHf=WGcA~ybxxY;gd2iY;
zS%qEi5Uh6y);MfTR=a|3XXC@@e=q5u1DEg=thEIwQ+*JA$XRv?dVeDPW4H=#MZSUX
zk4S-b9dO?VJ&XKJ<m`eAuqquO4?Y&Zz&!4PebQ(B+IKsXn;>y(>k-m<8P4FU=Q)cV
zK7b8Vvl}zOu8)BG;_LxZUPYUwC$D79v67YOO4gu*^s(M|(e{2~y0_;E5oe6C6UOa`
z!tSy*V+p&GwT!cWVEvSxLILy;VD&ageG9TrBk1;}40P{St{MiXz#A;h+tzX+l9_M~
zoMma=xqQ6^P+Y;YKAMC8Ay|L_2^u_jaEIUy!QI{6VS&H`i@Uo9U0i}YEbi`ZS$uKc
z{_d^1b>FN1|JC;QO`kJ8TW9U`?9BAE)8ja>m0^r;VZ5_hW=vASmo246<BZ0ay6q#z
z?>a`efb;ggHY7nLny#Zv_)33}>G!P}vX&d(u0W~fSaX8gpCb0Sibm^0$pzfy&BuT{
z>^3wn#mmmm!yoR@xkGGnwoma754eJ%JGLI<FDM<Nyn<re9Mn%_tG^51;cf9&iD3Ta
z+NzUE%k<>x#%?3ZmX$k14{iE(BvCb){mLJo!NZ5)JsV~JukvhtwnA&d1FBBR*X$nb
z)9R!qw1}83Sv6T*+OGaPnXUy~+Us=enAuM5G=SiATo-l!{fX()WcN(`-`=gzX`g-#
z&hTKP`lCHGc||~$c#`>3C~xkX;1)eft1=-<DFOlGk+mlxkvt?}xVNDi$GdpEoG<n%
z;Kze1TXQ(C)qYEI)w~kvY^5UsKe8ZdsjT-KSGQB;T}z2L<TGo4q$fvV@^QyG`Qi9q
z&N(!FOsf()QKIGa;z;&;jl&tjm|*u3y(NM7RFoR#f|mF6ci&hPgU-mP{s@xGjZ9bO
z`5afqCMG2mAdl5q!U}Uf6|a{GeR7XaI1i|FOJBQ5PcKaqIPyR-K${4d<&}@wdX1a4
z-=$S2C!4_ir}Zar-2mR7zs3}_8!H)mxMmbwMwJMA<;J#_`k`S!!(4BIW^0pRw|Jts
z9(_r&v2S@|fmn`-TUpsq_xmDXOU|fMw4RosmiGP98i64=&XhUIRN~tjSO00y<q`r;
zt^m?1Ji;Shf6zPq8lhftZvf4oQll+~-@O8H74~bCqQ1OI_>S@kQ5UmwLS=^L5S`!c
z)w|IQKfx};=z8hHbcgS8Og;y#22&Lyd*HPRq@ftEnzkYsQ&R?_;P6}V8(B{Ly6E4I
zh-^va392)xzrL3k)7LBUj}U_95Aj_0KU^6P5$`mb2?cvy`cY!U5vpQ}`kwuTds;_J
z7{4z7GH}+Bj~dvWD0!7KP-X^Y){O;k7=PNK{3yXVzlE*AZhZORF-|Zo3XC5XD1U4B
zThS5}S32XO|DkyySYPj4=mLJXGD}8Ry(`>r&C-KS=F|<29%KODv=Y2K<-%xY&Rz3_
zI_Qpge(Q?f3s^}>qS`Cv$FH35@GjO+I_x{pmdAwpg=BK-Y+2){qg(<iey)Ubr9ju)
z%z6e}T2Ekyq@$k0A+Y$K8L8FQ(K8WK+u~K&!e|&Sp92S<L&Me8PyhVIzzR>MiL+~S
z(sbj4B<BsP7KhwbF6Ko?{!`55N-N%H!>q|gg)z@uMkia(A4Eu`p($Mqqg_^?=#$sY
zj!abM7SV2&K1GyA_sV!;ouY!f-`!gDMC8`(8wIi#02>e67##u|uiNctIp~EHzN{1^
zOC2}Uh3~#MGPY(&@aE6_?TfgD<%sTjD}8AaQe@{<u5AqDw40e;k^=AQOQOKjUuM}Q
zI1(;m8xPK79rnIEMf5*qXc|Y7`pEX-HLGqBv)urDz})_!y|ImjQ7CwWYJ5ib=H1hK
zK;P20K9PTGA8Y#3FH)0Awv4$^YV~uWLD24{SY0pvhJ$)BIVgsdAP1+#Oci5|S2|Yo
zp2L<&pRMGgfRYV2&gE%($&Y6>oq>G2qi)+fx$LkSl>oQ=kG8_Nr*eO~z~Zrfox%qx
zxhy_ySwim_4By_~p16-PP}j-ctL;}lrq0x?%zGI8JZCiO@{@0jP4)F-$f-fA=Hr#Z
z+~HGX*f`*OSD_f_<crg-ucc<!E4VT7Ac?}~Pi%8y@$9iOMeUQ9V_w30h0l|+HmkNP
z1X*(k;OZfT4>tJ@tvlbpJNhJf<?2m%6x*R|1hw4OWcukGU&oA<AaMIvh`yR<*X*_`
zCb)o`4|RRZ-9F*>qu_{N#DVMhmpO}<Jy^ggA!c>Svc=Qpl^Y1!@x2X!Z+L?i_~VKA
z=#}6fH4V7>l4E4Ko~m_<5|3_}r0`n->djlK!;TRb0RO7Kih1`7(l+18(!}J`+Ukk4
zH6ouTCEOGmk?YfW-jJ&sa+5(aXMsn1qB|kIo;r8z6wD{W5bn(Z4@yUWqGIUA;a{Va
z8ny;Kaf>xsBO4qU>-;b?ItJ+~EVZL~h<ZccJpMt@T=rwY_Qtdt_}*%B>YaZ?IF>47
zU~_b}7f}|Nbv)t`u%#x2;e7UZZbBKY`D>1>$7jo<8sYpj-LJ7@h29gLBTb!lNtPj}
zsF8m{O(zW6G4v@hjJo6TCCnmDGyh#A<s2uZJlR)aQ``0X1{HrF0Lt)M^x{>y-;&~i
zaTDkuw=21N;&5Xj{}iy|<H$^cP|ZE8F`0e!xjyNs8Jx4~p^V%z64N~Lb=5D=rlb!l
zm+m`-)0IxPW<7*ZZvcxV(KvH~hmSb?gdFM``^9sKR8+*z=jp&d3C=Qs$~UrcLOJbO
zm4DI*mk@frgFSft5+B{o8ToXg6R1y^<H1e4$cM=SQpb|Mj4zz`-At5efybS(&Nkz>
zTT3;|(y)e`Bz|U|>m>uq8XnmWl~|!huPW0RzgUM_es>AP3M!RN3wmQf2qaDfbR}mg
z-VQaOT37<#?IPW~<n2k^qplF_sZh5`3r0<J8Kj@HU1~j2dMd7w+l^<ZtjOIVwyXsk
zu=7k^a!rrk@5wr+pmf@Lz#tnC0qQ3{6-e<QmtR;iSh~D)W5kd8DWqP1Vm;9z?R-Vz
z72Cj0yMum%V+*$X7UxCdhPZ(F#OGHzJkOK6u9<|o_FDPbV`<jcEz7la9lJB`brTUE
zn>M&pR)I?603be);L0YhvuDU-5{kox;EydKZ-4f!ppH+=DZ?4TatiY66t2$tWi_#-
zGs+97S?RG$l&1Sfk;6LsXZbCS%|&<dll^*BGlbiFiYeo?S`Ie)?e0m<hz1eZ;JUK)
zo%|bt^7GcaB4q6oKc($Z^{pVK?I`svkkWR7`c{n6cAENDlG1jL`c{V0c9Hs4p3-)?
z`c{e3c8&Vn$>c-p%;lTM@`~Hcb;@i)Dt$X#f`mJVr)jqAo9(-zfeL^AD7Y9%f>QXS
zJS0J2{-_v9&>(+Qi6m%)KdMs_^xuN42V9T@k?H}Vk{~WUAhHxlQ4dHe1+vfsa!G;w
z^?-^}pcFlzg%k*^2lST$4e9|q1*10ffd3IG5DacC6on}bqR|J!MMxSXqz}}P25IO6
z2Zf?Sr9q+kz#M5%jy|wS8q}l@oR9`h=mQU=K?nN4S833zJ`i69gl_=E7mkvY0ZAGF
zC559rWI+G_Vqpl3kpcM|0!w5-DTcsK84%bIxF7=>Gz3CrKpTeQYsurxIhntdD6aqL
zlqh^Ya#9&w{bnxLX8&MXvkZ83-3!Q;7i;+B=0<MjogDBzjGCObA}U|o6$d{eu;(8F
zltv<~#yCHf&U}6_Dm?dl_>BCYDDH)8u{Cj0r=*)G3MTvokdtwIDz$x)TFV`a5}8bX
zX?4L~bbdnfPhD~(kWq2_4L-$1yrAAFwpJeV(MD&?p}^+lNP3tN0<!M17{fP2o2<&u
zW=<hPVeZ?$Q=->+e*K0Q@_GGQ+aFnEbeZixb49F#>CqB^%&8md#4ViinpNvRHBn52
z1$!M2Y|F*rob_{w;ZLdPQd;+aVp-j7DEeZ!KZDcvnMHI}$$x<k3$FyUPtH7!r6<m;
zM8Slk5n%&l)&|k{e{l+GmR=<{kKmJZOXZZws-7i@gy&4`H7}^j;MQvjoU2AYMMdt}
zf**29#DpenxpJe92f9c`rL&7O2heXNIMVnclQdk<9u9LUTuxVi$mrUyMn8SS7nS9`
z_8rUzZ`>W{$eM|GpwI?bbz3)XMyvX5L!;2)72kwqAELAA-i+Gu4kq8`G%E%rz7ym}
zi%CyVX`k3aku~W4_$A0nvu*0>PTtUE5y?Fu%g|%-aiFw-=F!i{pW8A#2{VXd%ai-7
zLTKG)rd6@nQ;XwUU9^-Q-19iA1x1n*FpzMQ`i^K7$wMK7-8#Gz`Cllsm*U)IBp{Wu
z@|h>_lUxtE?MIz%j1b~?Sw@(e2sT@9xckmmyBxXk6hhcGZMi*`$5e_D@p_QASevn{
zLQaYa(cg3Sj5(sNVt90GYznTYdnw&1K3UJWu;W@h82~GU*8K-Q&ZPUzWFX4_nXbP(
ze?`zbr?2%-$s~{rUtB2EyO2s<r@lA%qF#*2fAxA!FaFO)#VHGWl+F{p_{vydkg)_F
zqkbi1Gsqb0L{fQ8Ty9%~JaJ@$N$JvlnOvK`{+?KPP0HUBDq@9Z%)f#RXcZm_<op@k
zSsb3dj7v2sI3u!*JGm*Nhxco>=ZA!yD>BIrAXLr`X%?qHb{2y!U2uPC&FQL@6L3gH
zsj-a?xq-AR8_Qx`wVI~%+$u?mY2fjJ@7i_2GZRN^55#_AIp^g1OEx=hH`eV&>tay%
zz=bbLTgMsrR*tKM-A+)X!3F~!&Ye$S@COKU%vk-jf$OnT^_a$X#!mPRkx#LkxqK<7
z$FwEvVMFky6XDoDG|StK{36L@#vOY_VN71b$=aTo$nV%`!Zv6}9X+}=$GbBdfq*DR
z@CG1oz}^hd3EELq6!^!H-+hs-663>V@5p~Y`*>sLaeM_^^E<vM8dd>!x(<~NB3Kg;
z!QfW~o86($0wf-JBq$(gV3fZ;Zwk>323{Te<1f52fnW8mNc&0Zt6w~<o}pzA8#g6_
zH=Ea`ML#?bOIwI)JGw9CRbs&UtDAS-NQ1HjL|`k&wp;qa;u4bOT=~e=izHr$cLmh!
z-1?5zPfDnY0wgm(PfQ3Bms8`=qX}p8S!M`{CM+HKuV%Gb|Fx@3#Bj0Ms<39K84$7V
zJX5sAoEq@sJh`!^$rMeu6~&Xs`tV=b+UxD7tb4PusrRIu?0F|7W~?|Q5}q8~rl-Xp
zOmnoW=u}`qv_I~VSSPkLJ@l*_Xc0>Dxny#<gq9k&ERtb_?XcQi{xYgkILOAPYhr2|
zKEGI<32CgyG4Gq{yS}`Iinxun8JS-(r`>M>06AlARsesS=#6dIQe;|7T7h23gt<Pa
z%OjWkxNQ_ucyZcB+Shw;ms{Nbm|6pJehm8D``yyB7?j7{d;5)UEDWw{kk$!ynwwig
zZ*BhF@_Rg9j-qCI#j$nXAE&M2@b4gHUmWo7q*!n|@8f5B#k0x0-$lJdEO4{Ht-1YV
zfijgCo}!cSm}W&|FK4u3C#eJJIo`mBp|rlV_dX>IrzA)a9#I`pnY%w*?khn~{9mXC
z{0BGs?qIca%IarUrKr<0FC}6xD>8lF+9{EDcA!iXnfzXVHR;^v56dwGXF~QeJ=Q{I
z^_>QVQ-HT;_)`Fi`i=KzInlQ(dCzrI0H1n)jAdxR?S%Lv@ze{~B!FXC2=mNC<nf^3
zdEBxSbr~9d+nV?M559qR{RYCBLD;QNez(45H5WnK2lV;e?uaQvQg%<!)B^cT!6I?2
zM~1&gc+36<5!-eaJRiY+1aN=U`y#kGv@_L<Szy|i4P)Kvf#wmP4gVaUt&{$R0VCqE
zh{o?i;J*3^<oUBIP6$V~hJtzU_Y;NfAbmA~P-MF&Rq{5e357n;?T%&<NZL*Q^u2L&
zuB_s3_@JtXTi{|TlPZ3=URla9mA*QDDM5{nUOp3+k7{KZZl{VyX?Y*Lbu|Hlz8b9D
z&KSI0)i@I1E!s{NbR2UWQ!C<^FBq3}%yyH8R?0k!&pNu%5P3HZGo8hJ5Z2n$ct~PB
z3Vp7YyH^q-n*j_=4DtKl)EZWH)mol))|xVQ*4o;2)W$X3LI&o?=@skn^q2aU-S>{>
z%jh$x52$kDEmFB$W%T19MIW7imN}KxwL!Gq_Ec?#lV+3!R1kJuZF-Y7YUXu#7PM{m
z1m@N0547kj+ZL8B_Iz#9l3-dH6}pC%HJ7dP@96Q1sS7h8k27P_W2!l>SJzs{@vh~r
zgl<+3r`Jnm27g8W2L0t<qg~UwY4WF6(M#*#6c9m|Gsx-CN0(8QQ&bI_nVFuMjlCYd
zt~@@zwmVunPQRu<(wJ>HT9^ixV;v<NC0Lsd$Z^d5iG+OT;5B(sF=4%z(~lZ^`f(-7
z!E{wH+H37=uC`BejP%&3oWN?sYBRe#`Y?)fJTSVF2Ah*l6HOC6o*%6_Rpp@P5`d}P
zEUbdBWSYh$FR}bgI#QXBY46SN%^!+=n|wV4I9`7N(z3G+vJLVqc1g#C${faolKtf-
zAm9n1Jcp52{!XQhIDfj=#16JsxfdP*nog=taeuy7krzZi4}c_~=|usc_~PL${4)0h
zz3F+vzh}NixW~E2dFU2_ibTBtjD8vg=xcw0Cqp2mL!<XqVP=k`i=3waxPV`^fQe6y
zPkoXEqy^GG4ECe<%X=p^{5r|eUa8l&shobWm?x=R(2}hOtS;x?JZw8eIGoVPG!$vK
z_uncThuwE7`Z3Sty~r!uy@2lxu&p}L@x}=HY8*1MZm`+@UI|_ba*AFnwkdu+Nzz>@
zN?Mh!G&r&`h*+@G!|QBv(>kql(`qw1c2+%w?ErM!tZeE%N9HXr8Y?rliI2_0{(j}W
zIb{D@SH#$~GM&u4Je|yEYc;a52ruoV)0Hx5Mepg%G;KzHt(kEYx-XV!bT%l0*I8PK
zq&CP8btwHJ@*SqG8F8-}$sUq__{j!$P|0jy7dS{yHc=kwOkXo1J_Ji#qm)e1u;(dq
zX9;ehJp`LyqgYJSus5{_a*y01<pa;q#bj3q!_*tOK2_Q|d|O^z|5<-?W-x1c;L|~~
z{Kz6iJ$``$5OMus*I2{NwMMz7>RMkZmuaDsc4!KREga@>*z2S<cQvw3&A>6z$m$el
zXO=$zFKggs3>;uMa_r3Z{VbQ`yl~RpDUlZ4DXWZUxfUBKSo#_%oEq$ew+UAC`+mT|
zW#@y{3&+CpEqPVlnRsL^91U>%M{hb4m#c=O9uD|<xtcTaRnwJ-RO^+9=D9|Erwlu0
z<7hkPZJoyUuvS|itPQxqD7^8i4cuU&5x=IZ5&uGOMgO}IEyTb}D96SEe|^Mr=jFBF
z7E%}O4OXuz)it;`-D6AAq4!YzSGB6s(s}uFuNy*<l%q~k&j0mNB<~k_B6^ajyeOl{
znFz6HmZ*RTN8a*ez+~*?`Q+hb@MPj-<m6ditH_lIswieiGEhB4J#-$(8NwOb7~B}@
z4%A0ELv6?L7IOW5t#nv7c~SiVx#vIKL`*IWF4U%vO_&;?tsy=kkHL>X<dD!1$>6~d
znvjwZix7)YD8>XP^G9YBW=!x$FbWt`=qrG_jiZgCjpoVwuJSzay!$-vykyH{D*=lc
zJDieyNs4EheVTllX_{r4XPQD8r!)#J3=M=96B#WRCI=b~TP10sXJxMaacO9(Wol;X
zW~yguV(MZlYwBaFv70p1F~k=KqX;D@6&H*kiV3&;MgXENxVPM~tg|e)e6)0{x2d<N
zSFAU1HFULf6?3(9HFmXjHFtHt{&)Cvn12|5czIZMxO^CLSbXR*WjB>IB`~#6;2@4E
zhA9yvCKN>yksaw(^NRs%WB^iAT!UBRUK3q2UPDrou4!lc(^ksX)7I5i#8$>u;`DY=
zug0qeSc7abVoYyRZgOHwXp&)~W4vP0Y7FkX?OzAAlk$Cj{C=x->Z#j@a3RJ2bz+ck
zFr#0me`T<IM{h@9$8Y<28(~Luhhp1g2WLlRhi#{B$7Aqd5WhdAFJ(}pf1z(-Feg$7
zXM<n^YlC=$aD&vJ`9=82@yYV(>JAhvqe^KEa?MY*jJM3TOgM}^Ogzj!%sR|C%=wb|
zCHYI*mz>nh)a=xx)P&Rw%~;J$&2-H;%`DB7#ni>j#rVaz#jM4Q#T-xO3*l|YZTP6r
zwrP?EZkdd#Svf>az8t=hI=HOrSbMInOi`_~EKp6fTtYRfGF_9S!P<Q8w5+v!UxTqs
zTe+dlT5T@9>_#o4EW3PJy`j!pajv7xqih|_t9qj}XQ4KjK&}-RNi{QUTq|AcRV!aB
zTB}kkSxc>zK@>|APn1oRl^L69EWy>3F*VY*+p`-qY&M)UJU8q%95p-!&w@cbyf)lE
z{5%YcM^2E8&!LW?QY>y${hlPXC*QfqFh@5hsAf07CZOV{{5*DNmijd*T2Wp>UU5uj
zOnOY7QHoK4QNB`2AYMCTId(bGo2h}Zfxdz3M*aACc5Akz)TA`QikVo3W_rn$XN`T0
ze2r<1WsPTzLNB389#aZa8orEAK~YMP<#|8zdiA>JI_SvkDCubK$n7ZVXzYmb=<G<Z
zm~<^iFjg>CF#d(zkHL?1$4n$mj5>qXBHc{eY}ulWO^>ae&5!MwEr_+3m4a=DErD%@
zt&Y{hY~KRUBH2vcT-{>cjMF^(KUsQ*PRHA_y=bn4_Z{~w_pe4l6%ch(lO@|mr$((t
zwMM^2-W84&wiTKcX1*VM?0n>WoO~>N9DMXX8twphCwDD(HFtS;zuVzcwx!A?;-$5v
z_NC_~SS_h3rbUdo&;&f*NLQRGS@s~jg}P<G#l7WNcR?4byP^BKn!8%PI<$JXYC6L=
z23bqW$k9pEiPy>2NzzHs$?;)@$=Tc3OWJ$<yMf<<5L$v-C|V|*2d~IUe?Wsx1sz_o
zJv-DoL_1tMEIJ%I`~klJngCOP2tWoP@pAjLc8_@9e_wQudoOuub47TWF-q8V{dnJg
z|9lU-gzpP<5VJ2dk@NkJh&Y+L6n;368n_SS1Y!UcfdBT1f9ZU&e0ZJ$f`CUrEg%oD
z1&9dj2NnTwfs!9>PzgU~e4M~-#C6BJ{jAU2rpEn?Ta#P)uHLcjPdIMB7>f=Aeg>Y-
z=M`K&JU)D%&o<!={crp8`s4a9`iJ|E`nCFb`dj)D`}_Ng`f>Z``rZ1Y`p3*A>I#}$
zo12<D@ANN%wzsyYwh#JosKB3Ti)8ndXOtt9Ta^cu7nCQIbCf%$bEnUz52u5t6Q?7m
z&x%@Qu4E!)WM%1PViM<*ITJaPvgz&U&lt{V+x5N6U2|QlT??<Rjx>)<m*_(wAm>J1
zCN9RN?@ja`3?59d?+b}GBM1;tNbiWrNWuskq;AAz1a(9fLJx^aTuA0h<Vwn+cc6zd
zKxsSm0p-5AzSX{kPgeJu_oftJr9VpfN{vb_N;49S1PwN`HA)8(uM%r1U6N|1J`2+*
zWRzq_9d0M?3Hmcf5@L8kw&aFr?_=K(%!Y*pV3~x4e|Z1l-MiXhrcaz$Uw#fc3Fn~F
z<$t3Lfc#NZid7N|6&6!{FTScj_nJK7y8|2Z&4F*(20P7p<@GzB<tZ7jtl}-1flYHP
zQY<oS;t>&5e2D%Kjjn*9fH{uB^pOd*3Zn{B@XP9FU%F<hW`Sn<X0AK)^PlIx&ZW*h
z&rQ$e&O>8q5=kH!OL?om7-rdL$!Do&S!OwA1!nnNz5Xz;e^(_bLyP(lg(Ck!9%T$|
z43!b1@<Szxz^CQU%S7HR_4L=;hgp+(lW~(5lf#o~lbA+|+ya@zjlC^fn$1?t;?45S
zCe1d@KFuC?myTMVznb}VaY=BqKV{=(<LDFV<LZ+FzCVe1%6j^EYIr)_jlq3a9^7|b
zoDZL;onvAtQVPTq*HE;?X%<=)iWkZkniSd;`V@NXUP@`1{wm~G{`wW`D^A*{H0-pm
zY4}=1T3A{*OJBUcUwXp5myM~Usp4(}+<SEoZNVc^K|`fOOW#4o5^VYFe{j&ncc#pz
z)TbJ!6sCGCV=QwlUk?KgHxH{V)m%;g%Y|vXy1NRyTDhvZ>RksOQcTh0>*Vw0gT*!?
zNg@HC1xN&NpPBYSW_@ieG<f0tCS%5x#&#xI#z45^60CWtd0W$66TTR>xVX5xIJ)?I
zv34<iabQujX7E1_%Y@I^#~9py+mA7TF&I6d(5KKpz8}{%+ZM_1kez@Ji8$aGu}NCs
z1gq#9>BqDIyv)3UuIMf$cB95JGP&3s^w+oBaJ}FQ1NQ|IVV>*zZIxbpm$$p^$xX~q
z!}YDU0xz0Ng*`ufi;H^CWEsZ)I6^E35+R{=!F3+}&rn<_ekZHo4?%W)tWGLHIzd4}
z9zg*?nvU-s3>~~3f-i=?Do>?%$#=JRRd?%m85al_q8AhwI~OV!&`W{)ulMQzdjNl@
z*USC=*%jXb{vHehP4PE->3Yh$Pr9eL8az-O&dKWh?l1oG_X+uubl9K#b?FKJ>g3X3
z*q`Dx>q+!p@=9nzDB&BZUd+8mIvD#xtWK<4Y(=a@%qU+nUvV4Km)lp}#|UBpfj~zf
zFHk=S7sLUI0)=A7&~VZ;QoB>$QtHc|$`Z*DDG<qLN@dDq%Ey~pvr-(%^A7)F&9+Up
zO|s26O=OU}mAaL_Rm70OP{5E?r;?-|q^6-Rp|YUCr%a*Npjx0Jl@g5iCBL`5>^IfB
zOxh(J_K1g43CWPCEEP(=n#*q`bXf$f1iEzzbhUSJshXF4s+A8cMap?Ah{>N@{q~Uk
zP$5W;z;qg|6Qdcq8UK%Dktj8BrfaX4ff2<yTP`EQGAo(|U-f@i4w{QlqY@C9sG3aj
z<hpE1W3cZAK!E^e@Afb7h#LHd_DT2=_~nea1uwp5^Xg~iAktt65}_}lFN*eWcf*mu
zLIi2#MxsS$xXLK`y04hm_@(R58wtc8bZ_o;&t1AF5QXrczHtjLqLWjr98quLbd7b{
zb!By}b!h~G%gZZ2)xr><tj%AW5t|LR&@8h8*S{YAhbDOuv@L#~pbbs@9%XPe|2j^l
zx7Gvmwk!{A^p=|M9sF-ipiv3Q`+z+E>c@gtF23REySwT)CinrJpVIO3J;(-_#GoRU
z`X9znx8_71l6zp^S{66)a_8&bXHrd8zkj0IWJa9tkzq8oCR0JBZ>U!OFDf^#P+HNB
zRvKZk=8<3weUdrX_}z*9l(Y$cXMtM*o@Oa5)mGm6->>6%**e&k%`m-ttc&qyWdqrv
z>!CuZ9Ixp#x<8F0*ST6Q36Q=3UW_Q!<fUy|2<zb0n|&SU+*H`K-z@(r(8yw1n@5IR
za1JUGoD}rj4niWm!@JfwZ1^!R0!Dm>tCJ2#i!&$RXwmK8S_@!sW3Y2?@@+l}KMEro
z(!UvgLy1t08&LVi7SWJC7u+af$AVwr%t8kzGSYWK?*Sj4KHV8P_EZzjvlux&qgXHo
zBHI4#i3k98ksH=TXb0t6&@sF%nH4{m?Pf+OA<}$X@m{^<!*E<~x!(H{B-hH96B?aD
zA%EMNb<k&PaQ3_T-*rUoC*ST_9rCIbCc@69uhg2aN+!5`zGiAnwJORwzq@xBTVA=I
zDcdpnHbpe<%Ir``1sdc-;6~!c<0j#L%Z*jC$R=UU>iE%-z>)U>mM=7xJD(In%!^Ji
zlgsj7G-f#(V2fl4?q=z#>AL7b`6)1d5`ASqiKTp(D)D6Q9n@H2S=r0-=N?n^(nw0s
zmU~6mCQUcU#POqLOv!JyIX(hSbRy)6x9fp^fV#N!_iZ@bxSseA2I8-1K?OA_4hVYx
zRc#%`7CGQOw2tnb*FDu`y~%Be{wqf3F#77HwIlx{m(?uA=XUh^c_o`)R~x|H)>z*K
z$Hu^UR(ka4fpO6DFPG2JNa_fKZ*2lR3>{W&3#s2i-zy-l0|9+O#e_srYAxul9F9cQ
zNPjqr38S=P$KKg}B|@)2ibj}!bHhDCd@$o7W3^hS6mx#W7sOHN_8!d|AS%TfY%1Ej
zgrq$Zj21nxo)6ANz86NCM0LGhBjLrL@^H=do30nSAnmp2JA+Lk3~8jlo5>@SEpUk1
zzcUX^u&-q@&FJ{@qe@61cjl)>!1$Xp#4|+3pQw`<mdLIYmbZtGQm)BJ4yxnktQ;vP
z56LI{HQD%KFM6Tl!OGQ4%KWXL8v`8BS4VN5kT$uxyw<zw5OSabsSWmV6LeJr-W<J*
zL$d_wk#3m$Gp-be*1@_JagtD{uQJ&uk+{6Iy1}Y=44m^YmOuP%n4VF3Bn)PvoP^$W
zQyB=ngGFR%2#Rj+v)S#4wHI8#7poS(V(^%H%0%v%az`X$qDaI=3+!_|bTpG<<Cvn9
zuse9OE4#cmF)Gr|%+b$;*`F5Ep1ynyz^gEve(#EtFlWshmiZ%W{hO_v__zwD?uUvw
z|C0IpBwo9<Ta=lXzKvi3+a_L?RrP~R7zIuSBD%|sOs%(7w5PI*s(lM$yFE3iV(E%z
zv)4NYK>)#3;Lv*#RhapG`<H9u$%b4T;faB=EE$+dlZ&6a*PmfQy?=l<oumC7&4!sz
zfmUH%z30}v+%w&2(Mi0-HR|`A`{g>OyUo;W*K^fXlIuJwlF6MRcjLdKmL@p}opPd*
zyt%6M1?Fu8$jb@}HO6&^#(`^Inxt2wkhFtKLkB^LQOUvslfHM8sJaC4sGH#IN1Wm{
zkb43Mbn;3b<b7?7Z=^<6DH+^QMRln4n<OcLBKnxvFXOOH7sd$OD~i?sNNQ7~V8b$_
zeWz^WTiUN}Wct;8$m~lCk#=&B{#$S0@FYk3$Ci7#>niv)RZ$HwNEUZubI)Cs_L%TK
zbbR`^DkH9+f><B$_UV#*vkD_i?|5kQS@B7p8@>cy)ua879Ds}UjBzL#H=Jm!X8d=8
zQLULOinjoruV#*7?u@WS;P^Ycz{a1lli03r;16o{l4Hx0Q-XEPf7<GmBW`}EEjOY1
zBlT}<y-({u^D){XZV>#%MZQDtb_gSC&FkR&3+bwuS#!(dUw^Brp_mzp)*4sJ?%vBL
zZy};V?R+SQS%%u4?^g7dc!^1bju7t#0O2@p5O>ifVele50qUE&(<P_hwy;zBozFUJ
zU@d1^a-|LNzukDxjuM#+|B@B9=ArtOmT|bo1d$BtO{F8F2t7P8p<4<0q8;K^R+BU%
z*!15}ZB|(>zt@t%i5vyunMSgI;I%A^eg4Dd`iv#v@P(6APd0W~oCD`wv9b7qjr2S=
zN1#s1(_i%=Tt$SYcLwk6k?oQGy_tXO@iqt1e(H}0KG28b*awS)&d<JeuAVvFz14~<
z!#&jMM6SGkC2g4ys1wNit_gt)!Q;(Iz;eciwwSKR{}A-UQ#73Tqq}y#?3%>J2n&WR
z4g8=BQDTV<7xqUpG5M!C`orA(3maQx+Sh?mG!yd>7Pj8hG^5ecY7X;70yf*IuZ;s}
zIwm2NEWPuoMmC<GLI<5ZiT+<i@yg(cYCR?J)6XwmSds0}3Q1rrH}5Mudr*k^mlZUV
zjDn`3ZsMP+jn&iG@r-0k*y`FnGH)wBcl{TwygQ@~$o^l{*VOfY5$uafF<*MD4Vk{C
z|4}_1;|{Q*9`Nfw8oaSbcvYHYe(Uk>Byi$QPEcgk9rLtLXpctsl*=#PHFbW6Wqi5T
zv1=jg^-j~}tl~<pGqz&C@gb-NqY3c5;Zp}*&w_}j)(2+PEi<ww`e1+YSmxipSi2EF
zn#d#Rdj9-}R>OZZ4n?ZD)InzmP9N)$fXr{20$;x$rUdW>-oU$46T%XbC0_(T_l6qZ
z{X!!R-x6i<{T_nZf1aoL>a4v*vN`e}Bcso*<lFsWo+#HTKmGqhE-38(MTtK}4TfMq
zIod<zNXGs}<vaD`TM<!O_Qakhxc+fNW=n^bJw?QY)|VdWP;_32_Arv$`TwP5NNy$C
zGQ{zDWYn9E?WA<HqJ*_B8}ffXaK6*Pc!g{k@I29n`tO~CiC&U=JOAgTxlZ&_vZzPP
zMZ@Zyw!JSSS4T3T!AKN%Z(zas4njF2C|&HQeD}_g@Gj;z0Hqn{k6&3A5#5i_kE40-
z)-}2wKYALx?WEuIpxUJ;GeEhQ8EwHXpkpb6Q(h;w3H{jO^UpJfqBM*DqhMdj8D~q6
zvVpv)Stcm=)B5-m&I>*QG`gX5cY27O<(nS3PgTD+)T;RBt&_CNb^R4TOqBmfp&KoN
z>}@`%Z9PN<1LLZHVB<-Mz@!dIP}V5&j40V7e?NU6QVpsaShS9;4Dpz=XJ%Iw73F9v
z56QMZEDfQVJ1->2p8ctVUO)GLA!9w0Dy66v366b&xl|j~|9!wtv|!0yHRY&Vu+=Ql
z>l78TLx4WWL4YA7he4Umd8R(oVYz%(yk@&hTwKX^#-!OUnq&C!fB)d)3Yxt@H3V$x
zCIi-^no(cNSxh+0D+VIx?yGr8)em})eKoT%%dd>w1S`fp6zyU4oa(5NbMH(Vx-=Po
z{Ew=KT5e<H##m7WoNK85i>JQObF8hY_uHZDpfya_y{352K$!V06UT-F^sV)S{wC+9
zXqVfep2eZxN3P$1PtAlIww=4=wYz%h?&EKxe6!A2Ho~Du)(>u*R-0s-g4h4pu5~_Q
z1^_Vc5Uz8auri@Wd*)5}cLn!Meq6t1?#i(okUn=w9NL*$ngO|x&P0KHq_7UG{G5*Y
z*m_kk!*u!~4W~P07Kl<$nq`=(UCIHQ#&1?uDA4Gel?+m;1|e(e>QAO`T=5x0KvV7(
zy{Iqp)TLOkc=TQ8%Qs$Ox}uzMB}uDnyI#t|`rr75$4t4FL?z-hW^K@x%Jt`V-7cxW
z%HGCx#-i-{-K0whev=&1+x_FcCLdkCK;-<}SA0L7O?6=(YdNu^=wLc|S9m$SkveAj
z-Ey35ewL+1Z5rNm_O91*#w{72mC$m`X?~IGrzLshneJUi-o$mO+o_C0N9WjeImrZ=
z6-Rplk=dD+&m~oBtQ&dB;@qkCC2mGnu@WS?#*95n076m}wTN>no!*^ot~kSRi{_Ke
zX|A)Rp5Ci(1pdYR80#nHcl!M?Rr?g@7NudS<n(>gDJ7rubEdNl!s-@=T~83dn2T4i
zq-EHkCkgr$rQ-A-k75sjsH2U%DW-MFHiyZ7>s;-~hmKHT(mV>k(G&?AzoQPKzspTS
zP2u*}mA7k>q*s+Ul?AW+E1N4nbFQDKV3d9kSUuG0As))J;o=$!^~xzT_w&CcF81*y
z)#CJ<_&Z5w%A+1PmvvuBqOO>1qi3B|9Xq!`FqA+4&E}Jh6?#KRt-5-PTDP`NLWOii
zrCSL{QbXOpTD<D$dGZsI`8920fpKq5MNNP6-uL)vw&9ixwM)8NxPqJpi#_J3;y)=D
z$){A=&0wJYd>$PN?XasQZ6)|z31R=7F}shtY6Rk`-9@5jxF6X%e(0j~McQ3v7PiGH
z+HF#nS<`mZ>D5_=C#p|#dpc&_f)qqUiV5e5Z%I|%o4i&=;ar!Q2I7^i<Q%BG(;{1y
z;D61KguMH9!umdt|FlIBKq+)tktDgRG{Ng7M*_2rrP)o%M&7mZTD}Uyas8bwndM8f
zwY1CbmhMgBk<K$F@VZ~`sO^>QJnpgVmF>jKP0Y{CEt-{=jh~f~DKo)Y0x7+0+g;s`
zJU?}m;4R?48UIo;P&e4p+tPbQkX@E6Qfn32u(c*&cI+}6_ql9hde8LDR~fotDb{Q`
zvbtgN+TRrvnDK+db*8Nkwr#=~vAw%rc%;XbMO3Up{JFMXh+nc^1T0UUm<uXloxj~v
z{K3{9bjK5x9uEehItTv5cI~g|^{r11WsM5M?LhYuf6`^%*A>f?XK3!)o>1<xHx-O&
zIqM||{uKVgI#7SiGp1Lvxqr&eq`7NHLXnN*uVl;KuacG?_j9F{-miK_Sq531We0x1
zR)C~fwBbJAlRsM=k2U#K4QP}FCrwe#G&&>9*P7h9M{L&xCyrT8Od&nY*NWU3BDPD9
z69<+T8&3`MH6eGN7u)5-iG#|E0e)cJPen-uq=r4IjroVZvWe}olV6@eBcuXauuvSi
z$lt~g#{CS3qYRF8I7B@v-%qa%y(egiLoscJ<1ZX=o!y-RdkBv6zgQ@Dt6}dM;BB`g
zC=FY&P`K^I-T}DC0|VgAad6^v;WcFx*p|5(GT$U6DZlw!h>1{>8{x!-fuv@|D9y>S
zxv+-0u%uJNDCNb{)5F-=uy_{43R_y$-yNh4)&GdIvLc^>h!r=0M(?S~?c~ImeqdSI
zkWY_`6}E$<K4A@uij7avQ~f&UqnMr&+ZDlyQ=lftPYZM9#5#h%H#H!sJkSsoHMux7
z`I@{~xV)HmYS=Y9){z<c^om$vpIBiGNXnp2{UL2g*PPs?1teDrlJmz&!w8eY7b_$r
zcP`bZrHjd1c38Dgk{HkPFBm*5xn_7ye);Kdnpsqh#E@lH%aGjLCif#_Z2!y)u@j_m
zxz!fFG3v0@bcyxEDHy*oE_pHKiw52|x#t$lUMLjvh3!DyB@eMg4hOGIM2?)iGk<u8
zluZadM*|d<Qy*g34N3ONtQeAt;zQ)xrFd=nSfwcDQ_T|O_D%4tM$K!qC_|fe&cae)
z2VB?&GTc;h@f}eeQFL|2ls~7vh`|S~clI5joudX@;LG->3GZY`C&8%lNW~`oJsp7A
zU<|rrbEn-A{klbJ`ZD2tO-w%y{-<db)VhH}d3^3L{tAZG>z<bj7PJ1!C&e$|*NS<(
z^}%}94dLuu%^T+`v(5g_tTwVx?vAhyp0D)o)E+L0X8?3=tvfVZGyejdbUOA+n{-4n
zA9!5x_%h`T9$X>%k{R?tw<6%VY7-aezG527{h%2j-SsE``o!{*3NcNCNV$0716VqP
zJ$3{<ne}@fFNL3Y1yeD%MDK6fGB>(HF9`il{+_g)kGIuLuO@k@)iLb?W&E);%5(6q
zjJLN0ycFYme6H3hlVDqZQV4DWU@9wXv$f)Vs5Z1h0>4bDU*>O9{P6^MQ{%GS^J`~1
z=H|kA;M4MkHmG_X=%F;vy#G*ok#a7Zcw^s|QM(=l`!(-#p%3v!VOE-dyzGEHd}~Ob
z{uF9Z@gG~Id7tkmRGn7OT-$jPCEq)l)#oD;#fyERMGUt}>dHw?9F${+8m!tPu#<KF
z8#ct}ES6T0(ef{B$5AbZ6T#Ct*v2liRdWHwQz7hGocUkb6U?Uu*faKjG2bXfe6&`P
zCO$5CyBxef{SAGpx(p+qUE&I!Z++&y{B-d((XyNx>e!K2J))hoPHFm<uNq5z9{yxw
zJ+Yl4-(>W)h?;<|7~c$2J$<|8+^3XD^5rP^lKy(+GijeGSv7Gbk;lo7vf}1Q{VMD5
zm+Oz-RPEu(Q{_i*ywQoJz(qlaZe`<N^2;Jmta#c3F$%b*KdRZOPH)xA%n>$C>KuLW
zCM1@2C@DC!<dsk(H96wu&7Pk`xyIm)Q^-#^%5wdfB~vmLdUSA&>K&eKzITem8M!t@
zw<uo`k8YuMYVMBOniOT&R1<gV&KVwMZlcLSI5JRkQ6VwM<WUW>#m*T0XR5NO${Dpb
zHeT(psCCQu80|L!Fcc~i3v?dfft`QOh7g{!ug8{LN$>|*Tr#YuT3iwR+Y_{R>b7H2
zJKH{ZyB>US`~VD9d&ZudLyfue&HjZervkum7?{AN>65-lx)brGRfve`cZN!?cY4Qo
zzU~VgKQH=>K7wG)Fcl~Y)M9<2-M~}PyYo8xGW!;=_q^;g@E8TFfayRz)}ie}p8nTZ
zIdmnys|OcFcglX~zE&L}We--nBj;uhwZ2h)OC3Zx=ZF;^l|l0c74T-2qVve}Mkk^t
z6er+$tP_WMr4y5r)Eki7>ccFrk)OGry`NE5eMh~5R!Jqe0$j;9&o!@gqI1G`;&byb
z^`P{Js>u3lj1*RBexMY5CgHCoC97ER(DYo?(9~R1_3Q|qa{E(R5B#1l{wr8aQ%p>?
zPb@nu!Z+@dv>GgvA|2$Sw&#*v=A#|1p5MT2@Hvcg``wg!J<gdp@|2S9cV1A0n8lR1
zn)sTShZ2K#SayC&v+6Y-ResDN{R3#EZ!cf<8eb!fzF#e0PE7%!kHa{(Sse{~0n}|A
z_Jytre{UO!MQ-&wU7viuG8(?xwz*S8vs&b*CQ#hAJBv&to{4HZhk7K=j(Ak+w|}2-
z;0e36R%wgFN{!Q-W##bM`s7$-NAWx&fW~pnk_>pVeacGo$spYP@@CD?;j(>1EE=OY
zSN-pt<b27aBNW}ns1-oqvz^<LTa-t(N0&#`$HM0#KZu~6zg<pEXU)X&#`4C}#){CQ
zkPLaLEhU?2@o0RMS>tG&{!v2m$5O^3*Fpm%Q=Bw<QC0>DRyq?_#R0Ppxgqu127Uv)
zA<oNpOX`jA84-orx>NF2NQ7Bln;71(eQhg4vVa-slE!U9%J7I;X`6^XEjZrn(wgU|
zJ_RzwX78I<77;@z<ixB6-e*YQf_(H!sBjI>B2iE*NpUHiS)p}$;P%S`jGK+`DU{A^
zwDh!0w?JrJs@##d7q}6!Y_f#M-Np?q!pc5^Js??xnMUJL3PAWk%~lz2o7P-N6E8*P
zimIDuD;wl%<#DgIMFrdVSLiG^4t#I+skB`=_kXU%+$vdC<9g$+79ngiX?vp>zS!I(
zckGVj=USUrUHE|sf$#y~cO?i0$m8!jtfnPj%LdwW5(ULb$rBDy9=@i@DNZvFe_l1>
zjT$qr8%A2S_=^QgBkA%hhHeYa1T{}wGs7XUYVjcWk4+%>QBDY673!2@)u^b4mmc&e
z*Z%OL_jhF3u3g5UTdxRwLXh>Z$*vVwz{sQC!5H1i!78+?Jg{krIPf{pV@YmR$GeGl
zrlh=Xy}TCm{wU9R0p&qj=2pXVKQiC+{Geph6enXBavKa<Q#SK8jye5vZss*LQ7bU}
zSfXZ^m3PfUDYjjkvM-f{9$s17)PrvZ>N%@@oiGUrP`(cdSFDoJH)be)#eIvXp(W>1
z?Cdok-=Nwe_LlxvdMTtv#eZ5M{p4|~^aVfd28>JaR!y(aYVO#BXJ0RRTykjeSo~1?
zuew?I$q^FO#kc2#?N^sdfvD{4SA1<P8AP8`QU%Csw994ZQQ}jMD=!^A*LTdp+7*8u
zs-&iZJ{I*010Q8=p%3J#pL(#)oQylb;}D7mv^qhhgDD<vQpK`5rJV48X?HuFo&?LU
zyPuy1*{Y*>p8-5D0I%8$d<`0aXAiGTrS)v$VAHuq#Eck9wlUcfGR_{YMH(S)UrdHq
z&c7pjQh%6Rhc-3EYcnq8CJ0e-t|y`>-_zt#h)&^f{+-EWF_h+<oXH4HcG=bCQDjOO
z+56a{Ton(4%v}n$>~ks3fdPXp1W))1^S8A@r(st&`5XL3K7ZI6Q`%H-ld1eY=5Jp&
zvKvKT62@0Lh3rC~EHazsL$|a2z4!G+im{&^ILFA`%0!mLZ@-Vz@5)bSol;0j8(gBu
zlZiT!Z*(&mXAO(ZC%I81XtA6~7T1kv`PT;M4OdaYs!tX_)yC^hRMC`Q_;vZ6Qr&WB
z1(i6pC2dPflR1<W78S-l(;m?t9iNU%4ga!e0tgOvC!T)J;cY$ptdljX=q02|)38@J
zD=o0VrI9sz<#$!O&@|Z;``~-xcT!r^sgc_guIXg0gF-Kyp($VKVpZjqJr^!faaD<G
zxoT~JJ6#O_BbCuu^Pm}YC_Zmk{`<DZzQ#UJL#s)vX@=FNUQHgX#M8ykJEU#MSVU22
zMu+poqTRe*oU~!R@pgu$U#2GA9?zza_pf*bKH(wiHsIpJ8Z{?~=E(jcj$7u{)<<>x
zym(D@56!<ObdhU{;`Z!T?jcQJup_5v(ZANfNa>N|@q23@JYNgvWEynT!sbci4s2+H
zfQ%ry__u4Si{;iaA)cDb7N^5$va@Hj=W6&L^-ajk6_mSm=+g_Yf6yzRe?n(J?4s$O
z&sRvOYhw@j-r&yX$qx|b--UUFc`x|{e){lAC<GDOA3W4^<;@bdnAURTY|j|ab2;MY
z&0)$#JtFtU)RRk@EUHgtDi}HX_&2^PA2vPbi<bkBzUI3V69g&ldtB1`(&Y?5AN1Oe
ze35cM4zm27NN1|G;qTAeB?;A-7h)Ul)=fTjz`j)M^2T?)MnE4{h!5R6?@^wPGf1DG
zNQy6u=%{u~>=qH}LXW#t&5IRPlDJ9}5(~o}`kE-^eH~P$hmspbYtI6RDfL?y{|Vc+
zrs#<fwdSnl?3O*BvSF*WE?FhDmp+GQ7TnS^^JqX>3X7Ia!liB6>ta!7$ES1ZACdi+
zyK|D|He#@Uz0?DRh*e1zr1v^W_U6Rm^V|L=6qa835m<fLnBLN%_Py%i8o^jm+EdHU
zqLkmXcn=sjW%YR@y@+tuy-Vb|@@~B`q{(i}&ZnVnxiDc_Bd8FSABr>)F}KbYpj+nN
zK~@;!)u`lf^GfEqPNL`>@r{sD$c24QwQ{A~b#a2f__7UoSaITDj$eX^W5J#JmSmJe
zZOjeZDu90SgUi@wXar0;xolXFB1$cKe9ld(hD~+Wj$@?RFM2J!UhV$DaC(WvdPB_q
z*TKkF=Q=-iWmf$xQejr{EDV%du`HDKq4r~5G_s7jaXsnVvKgCqOC<^wUb_NrGL>YK
ziHd1|c)}pP#c|)uqC`{)Q*xKTi!@B3&q;Ww688V$^gbl`ef^mxF(u{bU?x`ivH6K&
z>CqrJZkwm{)#du7);wez;?ea0g_U#6Y^89BQpb-AU48i~oc?S*_UB``Bi{^O@M7f|
zMq!>_>FFU9c}6d1%kJ~~z@{BZTU76guV+R;leFi`XFww>+bhbW;lfxyMpEFislZER
zI`R#y6_WA>^ye>_N3Q@HlI!24he~+;PwvL!#O09GDd%^`iZO}%Sy~z7elN{1=m$>2
z!k=(OA*F~|lVkB4D~VK&iFC>4hJ|HWe&YsBdF4Ld8ih0Qm@r8xgafPttoVKYeSQf7
zUN;3|X^&f8A5dB2P|LowUY*gEms@ekw%mle#e+?sBu05k!8{CWyX4pqK9ffR9VtY~
z2I2Ox)sP=k+R5b4x2U^d*YRo+ORXN8x{=?jE0)tpYf`DBNNa0oYQz`M&&|&jroEi-
z^59PlT1V5EWQEeeNB9zIw6zi{X$zwoCbeajOY3d~o#Sr)+<ZSOru(;6$d{d=7I|QP
z)1^}Dy+x~)!VBXqmv%VNI^dZ`o@h8eICXYU7|G<yY?7kQwscGC95N7tJROTy4X9Kg
zZ4Rp;U@49Nt^RlVv0XvaBB|liyu2A>;*G|A_{;Ctx6WzWLR#)7d@JKM?Tr(Swt4f@
z_wIpf107xVHcfRaE5x&Z3G6kNxK^4Lo0cg~S5D*NrI`d+#fu?Gtn!?RN366N5EoN6
zuPR%ni3CPdSsq>W;fy`TOLZQRb!th-${w+EekLW&2;bgk9yNsokKudx0M2*(VV_;&
z7BQxz2Iop$n%8d&Bk0ZrZ3cqhZXT@uu%R|U)XeiNleGR2zYsPQa45Cdi)68i&b_#0
zLpo{xtoi(1?)>|Q-v|9@Yadnc2-R>;zE}lq@PgwW_aJ9bI_Bch*`K4B59C?2aLcRT
z$+c;>J$8fCPUf(<vc5ugl{NaDhRnJ##-DgEyuUSy$rfV{$n;{kN*H~$gs%6xmfdm(
zfIZII7t+&i^m^ND%p<$M>?}9$17w}QIxCI`{|cj~v=R|br%Vc_l+NGfj;3g$q)k~(
z2%@AcrKB8wPM(EjU1icx2pr7v_-6`@U-@KDuw9Msd98au+X0;$%RXSg)$D4TGg_Z@
z{c8L(Omb(~qJQ;3Nu|vR=u2zwKkRCsvxEFx0YglXr_U^aIsVkjhshZrN%}cO1fGh*
z#8fzK$caooIUy<4>bUmzSZt+ct9#-a_um^MMS-w;^I%`)=p>xI&-dY(R0j}o=Tcp=
z1&F+J#wslg@_bp%Ppvo-aaw@uv;X69=ksmPkv=ZCSYyLxmt%qte|o8P=H%?=3dvhk
z^D5GGk9|F3SN_J_v##B1-Pj?m38DkFGv8~>P+NWr4f9y#JJGu=BHbH&xB%4V9H(5+
z->E$>0}whv8$AvO77uz)B!J|Njfq>ACtd$Up@E!D#oLm5wr8G~-$PgNPjfF4{<5ZK
zTCb?Dx&E_4M>#O&x_{9|ZdqSGqfh^K7B0&5{>5ea#q@pU?_1%)TpdS^Nt!R8&_0GB
zQv9X~s_E`ClsT9A@&Aza&cV4vUBBQ-a$+YZwr$(i2~P0Dwv!Xvwr%@~ZQHi(6HmVP
zes}KNnVOnErn;+ot-Z9@ue++dcI{q^CKZPkCK-apzp=MiPqUU~1?K`00dm-XzE_Ma
zQR%mSQlXLxRZ?|%X?l5=MPYgcdwIZF<&{e39|5-C@QVG5l5Bt|wS)x~Hjzoy`vrqW
z*(#;;MUzJDOVzgp5NA<5HPb~hI_Jdb#anKTk~8Ku|LStfbBMMuo4oZ?*-f$M8I88?
zsU<FMwU{}>ho5{J3iB+FxSfIwv)5;f?gd-<E+>4iutajo8-gq|zU=)`KrZaL40}{-
zKXD)#_PnZ@ux0_3bpYHN`lK1p4JUK+j>#H6-AR?16i+VN2P$A*mQf~keJ1&@D9;*n
z^URc)g6(h>5Z0A8t$Ih%q>U(H%WwUAE3agG0qUjS6p+HE#Kq4r^)#p&$k8_2ZVx#L
zTA}BN*f!69BJ`F|aT(Hn(s?5GR>0AT=rRv7lK;Gq&yD1D0(K(P(Cfa;8|raN_)rpH
zPk`qSBAlNoceu>q$F;=zT}W3Wkm~`SF(EBzr_>0)?}HT*?DRLUU<gqLe<b9o9bA5l
z@1M%iL8Mno{CtvF5rY2T+$jAg`>v_ceRi)u@$(djQ}}}<PR;B(m=yMzxFJYRSzI%t
z2PwG`6lQMqAoa5cm7PGv=Z|k#v%YIsyYY%p=+k<E?4KA#mN4vTaD$_s$hbz!4~o7r
zXP3+~hRF}ZKA_1K*X)ULgDIa_x`s^+sJxnX$eQ}`1;4-+&#&sS>3xQ)nLDfGvi*)*
z5+wt`CYf8S<T=~%RYjBo@ylmlOXY0^;oE-RpWsg9Ix;0p_0zWfXgEFB%hEpza1MUK
zQFj~23gwYf7|bd*-J80594eK_$mQ1#7JI<!5ZWFzXv4LgLsJ)4+oNlP!3~)7aLuS5
zVs3-Do@or-2xvnXKXtFn#i@<A8K8dU-zvzcP51U?b7EPV>o&yO^nY}sS*c35UXc_S
zcyr=mpN+Wz+4P%yFcei)T!mg5HNj|_+guSB=nZi~Y?@cNMc$0SdtmXDeb%S=z->Rl
zSdr@<pl}j+nyI;=;`8l%u=Es1G$7y$oIceT6%Vt$A>;G^c+m6|i`o0}fuK8Ys7ImK
zHB97=8*&QmDWb3k#TR6IYK~iEdV|LoVfcXCRdQ^fsnY}Pj=aHr1euwi(qnDpJ%II!
zO00RtJayZG%BdjIB1lHBggB9SV;=_bFOFKP7+YYLa@;7&Y<waTb6gAFP=g9=sbmR)
zb%`3#V*!{EpXJ1n>rZyWo2oYu?EsgnO(tJc2aKTSN;MJES?!zE8(T*aFU{t&XQMYj
zvksEa?KOS3e2@YL(#g(SG1Hkx%qS(Ju}ZHS03+q{jIHh6v*?88t+DBBW$ql!eA6Gq
z7xLkIyJk9qUYwYY<~VM-wZp+5tZ5Itz3HQKFj+p(8Xyh83f#AFg`+yol`Td|(@4)4
z-_%f@?~iKMjwf}UV<**jos!e)3r5D;+j483qo1o?8Dsr^1>Bod1pl-bQa?DDl!iBa
zq9wyu-TdPcSK(fsy{D+HWEzg_Uc}FkjENb#Ka}Qb-^bpFwU=mZtQo=5RAtRDwTjRb
z5URpQCz`&}vrVT5lg^3CzBC~IIYgQ&sysrP)<?eji%Cq5DZwB-Lq&Nmk(o?3oyvMF
zwZ1sBb*eDqu2}eB4DZ(IVAUb+1(C?>d>BS|__X$STiFzn;ww=WiNV9Ud$!<0OX)2!
z`&me-OunAe;E6Ob?j~7VMQDsSwL4HUQU||Nm{cq$l%FczP<l8KS<H}o&<UN2X?h^i
z*r#7w?x#TjO>!;iXHcNV-nLs4$TMBQzYChBr5tKNFnaJ7Tqhm?Ujv#DNChMV@&Q?Z
z!%0un?R)f#Np|Mdg*1m_t<u%?6?@e#f3(@uHW%&KwCU8=7ww(3gDsEJ+cUIbm*>9U
z?AkcXOO1}rEl;~byF|O0H?=o6b~dh}u12nj71!8p2=w#L4$bY=R|w0Sk4~Lhs&``t
z&+*HoH8NYV?_D(eW8q&l>|Y*g8OPa2*sVj=VV2b1o!M;9=q_0@E{EFSYKmH|s&<J`
zAN%3dFE!PVug6L18!<-KX&!^P+6PJQcXhfZqrz{4O!(_%m6tN3PF<=|kDll>uig&1
z--|2|I>HCX%W!{HU;Mwwd<s9fS3(XWMp~CF#b5s@5;>5w>#Dpt*LII%crtV&hhf}7
zez!L{ajeptPG$H<br`eJ@$c}>Pfd*7@Wysv#uEH({yom?Ph=Z4`EktGXlrlm3PpJ6
zYd-SZ1-sic=Evbne*d5(6Ce^Jf%9k*sbP?}PMsFDf>YH7eSPq11W(z`^w_7y+-JnX
zXJ9*3Lk9V#sWtIm{q6o<Gr6pSE1kag+<T#z6i$58r`mDtz;vL%CN(^av5k?VlY_Co
z^?yiP0}FT<W=<|bM#BG)nuLs+gzRjb+JuBGnuN^EjD+mWEQIV#OoVLgEZ>8inuKf|
zY~KVEvnC-6GwXj*?3#p}O#d0<`j)c)mo4+Rl$DG9zoaZo-z4XM4KlHOyJTf$`VYzW
zzec~Um^uEV!1}Gg$-+#?#>Pp=#_}DL?LRJ9zoW7;u@bVfFcPw`{6~}R+n$Z_JG?gG
z|0NGD#{ZSa_uT(?8PoqJ`)2<C9qeq(-#~rOk%NVhgOTn3^v1&Wzx!qXp7=M4?B7{2
zvHZ6d7yExr=Kp@Mv9J-caWN6HvU7c3IsStH3o|<*+xK1gPW(T9*tnPpSr|D9Iloh7
zXJq|``+w*%ep`K8vT+fzu>Y4Aj{o-ljpF}~0`s@vKX;m!mqFaz%E{P)LEK8;$yn6b
z(ALP9LDtyD)X9vHiII_mnd`qfCPHQ=W+pCXetvkE|M}>+W?pzeyJ`+L-b{1?=rr2a
zjI|lmx&XK`O;+O>xWip>hjdd0Jbw)aH4a3jGJ|4+0tH7v?FsGYK>d6*@MTh37=F2L
zg2G=jAg%qlq<QhClrjH82Q7kK_sByulMa2K(vpg{o<mx@K7ZSOcB^z`bu>Aem`HP+
z%ETgrA_=7RH7ey}?r!A5#4VEmwi6JoKMmOxo)@LWbOz7FxggC&vj&@T@V?X-A0xN1
zf#TttMStUSU4M=|$pkfu!P-2X(S4~;4VGsMM<m?<bn|v;xw&jF2zCEQE1Xeve*`(k
zox{Hsj^vFe9#z$nZ(Fdd-|qo+OCMPJrfSt5uBo#8K`gv@_&dAZV*iY0Yvgh(IQES+
za=Wq3c3j*@oHr8jF;t`TGyP9DuoB?^d-BK4Kh>|Xu7B(2rdOb!5qVwp1W;!LCMS8G
zJc-&LYFdpSONfgMVAmFbEr?518y!S<_ZFBwZ!SprnoGK^`3$c^9or;8;18nVYMR$3
zTUOkKF6fUK5g!|oZ8VxiF56@x;65DGWb5r1om$jZ)K$<+s?^8OBn=0@CQVM*?=(Cj
zF?QnmB%iwk|CnlT%e1a1)Ivp~`0RiEGjMkwp2}Z6x_49C8TRsM0ZkU7c}D);W9_I!
zfvi}+eKd!-!sc5<)lj8P@BlyG#8HAUe+gFP9$~Ci8=<bkF2uy*mL0f^2mJ2hc!~P*
zSKa+tRANL8pjVzrykN~22Pf4`KH@XwA0|RzMx+!DL%LGlipn`g>e4lE2W-iyhMT$l
z<Rg=Nq>zeLi^@(?%TK*P00KVceu*TYJobsE?`Z%@vr;-UDifN8e9)bvY)f#3E{t@P
zPrqtNErlBEzXHNfQA^dHcrWz%&Wf(Yoa@a;#Lmh<7N{HFkjwL`#o5Mq7pOhJcg~gG
z07?=uxvH=2r2(%$TK&jncXVT9zaGToipp4%is!!OMEU%^Zv^;4{==%gZYQ4b1Mhv@
z5tPlT|64~TUHbpY_*mpCeS!8zn#C6&DeWMVj!7hZSwkeAE_5H{b_ZJ4Q$&4<s(p$y
zBoJ{a5gw{*WW1V?%6juO6IzBJwMc$-n*F#G;mFUJ@pk$#1_{y?+!bvj-khsBt53NZ
z9i7WFlU4Tg{4Ub)VOq$L@UAAq>_o8RIUp2$QHgCVOyv)l#a)O#DhM)T0|c<=SDj!#
z^qiC~gaCJECR8%y&E_Gkm+~gd*j*nQW)+aJKSqNDcG6yPw3&+ktfl~rl^g@bX!ggG
z=`}XmDc9yV7r9LTu2(K49~DcAxEBA`<tX^;E?3%CUZ2mat_nb*q`!NEDM54Pv%$!@
zKDcvmtk;l8-ZW`Ul@kXmST?p`!?H+HB1)P4CGKs7aS6{CWjR<GoLYKF!rLFV)@pk6
zQ`E>PtHTc#B44abHGhMGSUJPY<{C>#*jYv8A2~-F&795AwEPKg$RV~^8V>(^Wmk*(
z%<BF@+VV=>E9C<+9z35s1&xx;KcFz0r^%zeeVjRDTY{VtKx|=4War<>`l6ud;uPi1
z6h0G&cBD81`zVFrCk45jBR#&6I8Xx~897ZN_Q@JqL$ZNoQBt(gzz>nUPf&g@7?ha(
zOJjf>S@WnTkpe-eEvvdK6b^ge@@42BcB~oiU!h{tcob)cfDJv<7$PVQ^EvB11s->C
zRxEhW{xLX0!Z2TPW>&#jB+%LwPX9({^|9Y;L+QvcWz0gJ;>?@kpq660dT`91KMx?-
ziecG?B@}S6b%Sy>xlN^y;uDb2;PaWeplzZkAHq%uIrapYTu(Ryl7~IlI0>#bH%R8Z
zX7ql}UJZTHGqqQFA;;=b`l<^^H1QA<)w^jK3UELf&#^<K#>C3y2*y0uL?W~GGVy~t
zp9N=UWKyWlLTyLo_fnV$H%wS=>!0?DzhOuJf`qi)8-Ubn+qcO28Gy2)e-;qM8woLi
zy&OE6{Bx*DZf<C)1<2Lc%P+st;AyS&{EATYxXm>Zx~7m-%Tp^bqkNW%V$9o=EbC@X
zpkcBPu({chHZKb)Eb{Aeh_WR4DJe1Iy#U{d@yPmgAB6!C7$g$>SK;d1DO`hp&fcyz
zPPUE#p+P|&i<*8SXXWR4KVuGr;z@kh?-U>;WBv?ASg~XoM1&-V5^98K!PG&Qh_d2o
zmz2(gV?bcR99_Cs<UQ#^7Uf;D^AoGMy7?pV;tb2a2+teQ!TQ?p$O?ir1Q<cR6jtNp
z@j7=rU?xYruDTFJ*^mcOPWh6oy5!=b%*fkb0d@Nq4zAT+YjN+2-uCS*-?&@!E~Er-
ztv4!)NuJpU?!kv=BwQ{epBVLgm~9RL`7iElXYmyK?82-}Q+e3=wG4N(`<BKeH@u<s
z+Lx;H*pc8{FGT1hJTpPh25=`!y*jKVeSe2YJ+6$L92WKL3M50F=(HxVNA(EIF<BiR
z&zYk-Ee8eN%tYEP6!Ah*(JyRX>f&_A9)vE$zon#rLgQ%0;pt5h>YpBgVd0Tz+t8ex
z#Z#f>P}{KU3Wvw~`}bnOZ5yB2PLviU;i#@dr~R!cM&+$lV`;g(b!S;#h)J1Bw1Ij2
z_>CV;1)4Q~8A%+p>%@1P9-RZRA&M~^clp{z#b_qqivF46K?zzY-m{4JX~x@vk%`b2
z)d5vui5)evXZiK=JO|mhmZ4sC>G>fB8fVObH-;{Dv;Lb}UiQ^3y@OF0-PjGyG0XOh
zQ0=-YqX-Q}MG4P_(l<e2M%|{o5HN+G$?HVME#lQVR!t*=#PKqr_4}jWkN+_70C-=b
z6e@eso^L{aR;i`f=lGuozTA^#g7By19~gN^sy%;tYU3N79t#UqCW~pqBNwHUnd`h|
z!%x|3U-Vq%>jrLFcqq&JKlL9Bh;7f)e`9l`s;KcDVYRsrkn5(q)o)xF4r6GN|7k9+
z==HiVsv#SO3hE=_-P&d%-ubx4c;xLR9Jstbd*Kf%3s&dk-t%wErr?C~C#4oE4U~kz
zrOIW8+vrj#D}1^@1r_!v1f+?^j?qLLlFq7_V~f*7D@$P~6e|iQkeU07%7~*yJ$WMu
zAtGkrV+1{ApXYxB)KMa{*OQ|mv1ZhW5DzX#=}G6IvHVNYSL_dg?#!M!PjCXyqj_O0
z6~Kg)ko9653U~<syAq;}MnNM#6K-wYFDTd%Qt&%=4u^R*_+eLTp_>RsmkoZI4n5$z
zL3^b!D{&;WkVxLu;Vh=262%lqUX_o{S*nbiE0(Yjk_kFv4o+!Fz+mhLH&jPKE$(GB
zlg$<gGAzWq(6<~4qYz)RAp!v-3K`{@=9EdfVG#UAepeLSiY!5?s7~3ZH(MB+2uOW_
z!7o=G;EZj8t4c*2qr8t*fXFDU3{=)W(x4K8$S4<;f}Jxm2|Y7#P^BvBD8|I>lfa51
zr(j63k!JI)!%_rexr;<KE(eo@EC-Bg?Kq;!Cb4=2*Pe1lbH7~b1sKhtP>`uaq+KoX
z+i{M5V&~p0o=)}1ki|j8BuJIVS8CCK1GR@GLS8I0_m$#uLgrgTD9H_of`9#XvSSvy
z03R+(mz_);2?!{kh;We{lS$%wk_*+^$Da8!(3=KopyCR6Lr}#TkH{9po$^w#9&Tva
z=cLFQl{d9IjbzJWDrO0G63>}3DrUhtjpWW!EMf_F63?C*33Msi;DYuc|1J>x9v$dI
zvD-}g9vrBfax;#?PqvFe`pyFVrP4Po^{+6{hjteg#apS51m!b35K-!1ZXhI?r(hq4
zv};ZvBx#3QABW^Wcj)W58yo2B_#1g>7s(dwzA6+OB2GpYU%pa&J^UVKUmB3VU>k6D
z0zJ<^vLXI;|G-WR(Wd<I8<7!F5348XM>~iOL<_-=#}5TCGd&VFeID<7;9~N}ScUIj
zEmLC`t(3<(2Ey)33qdujpTJLP!E<)?RcD;Pwtux67p+EhI?-p!*?d)>GFFp5-q^Y7
zo78KpM;vs(ay_@6cprxa^tb;A^fZ;!J~yr?<K(Q}Ctg&yQ{~uk=={a$dSpBdz!cQm
zGIbO_LwiD-uE}jhOM68kdd;}sAUawZ)6RPf{>S^4mEAX!C9<;29C*zs{E|xYD14$O
zQ7djV2ojf_7M7%raCXrjzR*njNQVJ{jJqc60rBnig4up-ud_X-Z?#<(^xpdPT5&<`
z>EUm+W%!|KT&D)0MMF1i6(azejnkefMdS|%L(-P6IN&<=We0PY3|G+HoIM7$>|B&y
zU+6yOe2P8aQnbY@$V@4jPVEWjOkK|(-*aQsOi#|+ySeij&XlvT0)mu^ii{oT`Vv)z
zhVNNl+4+iu<`n~Vin_wPq&|?i%RhbG8zIciqP)4&tE1;S&#WK*yn4*=owYwGl=?(D
zDd<s5VMMy49~-SDMa#k(j<b$Uq`9#;uSjKs|6ut6;_L4F29iA_-&=6AjJ|}v;BKMa
z_|m9lZ9}JNS<|?HZTZ-E1`wmuj<8q{&{k({%4@2wHS4?K6QG6gvK}_CR;Img3_E+;
z%0`at#s@E#ybLj{lS#Y`NvMUT*NSlWh~B4F>O|~-8IrV$xO@XF9FHUKlftbhprVaS
z9wlc|{+uwzBOVX&N|;ZsP}0?;_&pedGuRMi`8v>GXZZH3TErB`aIeJENT$B2R`G%3
zDGXfj;U*3m?w0fu3PLhksH@4!FRv*!(+uNWzcb;OC7&GD_8KlBLp%dB!~=AF3kMa?
z6Vu<D@=w#V@H^&Kz417dKc#UXu_Q=obF--l!jzbOCRi-I9#}0XCJ5XQcVAgwxF2l3
zFoGb2kg?E?d&he@gWD0^s9)OeRsV2qm-iWl6$W)fzi2<_|2f_!+!72c4CF+{40K}%
z{1U(<h$INz#@xmr2)&NlM(XD8qUhr3qUmDULbi=*9@5;?MS3_aJlS59;SY6!8f`}o
z@I(=>uV2t4aZBXRnuy89`oQo{a0^7q8hsxqTnWQ;A3DK;agXBvK?j#|Pgo-D_mH#w
zH=kohf$Z+m4Dl@Fn#c)hQjiIF8ZXP=ni)q<t`$OKkL<c=n-A9V6K*jYq3Fc8<p&@0
zk{!lcxQ^&^p2uvJ8SEKk#Rm&_l#Ortp;^B=4Rbf+I}s47Y-ng^*WiIkSmjuZ{07Dy
z1b~_MDF*yyE#Wwe$GBuWv;G@H<hmCV<LHc_KY%d?63J~|?8Lszfh*BA(Tq5}{{#w8
zBxANREPyIonEH%*CFfjUSH57`7l`Iu&{l_RVMlcG<sx`>-7|5OYjnc#kHraeh%>-h
z&<$7B6T90FeHJG55bp$T4dVV&ZtroxR$_Vt(3^xvvyQYnRPtk!@>&>tBu4r-7c~;C
znP84{K^C8Z{?)`X!YG}p+utty#pPudAH6O8tzJJwu<OL+o$x#E^780v%IBLGZs}1q
z6;+6F2dW4x816NLI*orYR(9A>zyH8k=8YfeKeC*+pr|Ett9s<-nTu&RZT&ev=0z{M
zMSp*B1K)ghWBV*vJfp9?F#-1{>Z+Q*pdRleYUZR^VVzXwC@32_eMUE;Vdwp)xA$FI
z;#hU`^KR8e|7qbwqc+0x#UL>v(+o5JHTVjjXoRQ*=SaU*dFmufe#zqS(4qv86LQ+o
zZ@1V(8&wBTprQNA-CwL~iW^lL$G5|ho7;;HT*eXcGnPr=<bS}5q*U?0^kWu*GBJjN
zNXwAVB>eroYs!bCpYks?8cf8hiM^^XrBIn8ReVk5&ouW<`Sd69wk&Q#pZs-g?Ta2n
z1Ndy?NxIuCpUw{1VN!#ZFA(02%G@fuR%YDf7gLUL^lXpZs;vry5VXM{w+2gZDe%z<
zPq?S=zLyM~EBi?9q-0qzKA{MB=<lkHUv^Sq&e(jHwSQ^>(c+arZb3+d3UKpJT<WpS
z!(tckfcX!x_6NeC<}p1y+s?aWqF=%w1P&`{h+ZQ)Ib%ZXKWJ#_^uebOqXbDGI9f&P
z7Nu3fA+cuBg6|B*G<RtmG^_(@T~eg_K;c!e;g)h$sEb{*z3*nM;UTkIUfyHZO%+Gz
z_z|7&hmMM(oaMq;!g2;V6fl||S%XTZHJV8FEW(=c3cargwy?Xs(gZT~GgNhj8Q`J7
zHL&!fwk|uG&M)P<(w$|FpV7uptM8X*{HiJds>{cMg0<LI=Ea_5CmS*G%t>1nK`>cG
z;2n}YXa#0$a>l0P<}dn0nkIU=eYwkqcvT!3L`Ym#?276PjBq7u<`n+mt=#gR4ls+T
zii{LOYQkOa!!4kaY+S)#^}|RL<VY3!wvLeoU<#y?SePVndVgkef8V^&m*;Psz$9xJ
zvplcAwO_prU2-(jS2Gi=-2A)4K=s*l!<q8(K5RZn3gcj}lIcivrMvasb151x2us0z
z;<4LN=<Z`7sEf}z7koZw%=K6;h0;!#<2C(@tnI|9IbsqcUT^M&kmab(aFSMl+-Xp<
zj5D%oECsz^6>);0SXtRUx?|8Lnyj8Iqd5V?$Wdg_L9RcORxW*)GDlqQ^Y4M=d`wf*
zl)u&RG9WA+___lbRfV%w-pP_x{YODdcX+IQoMX%J?A2rXX+qPONq!;Skv_cvgWYE3
z^G5l&n!H=rAFh;!6w9fIRIe_L?x+A6w(57qf&>XQP^M&jk_pp(gq{u?7ebbRQKQP+
z!SF2*La~`ECE0T%)l0qSOG&-B5$z!JtA+`7B=d-^V(PXLKLq++%wcR?`mA`BrB7cj
zxuQ7zoxbg-d=BSCBQ{@Rx}_T#P3a^Zt)`Bz|DRU$whmrbRwen0Mtt}5;#|G8SxJ!d
z(#naN`Vki#I5sr5mt_nY8{s?D-rP7>S*KoD;URR^pYY=9l?nhNA1sl`=Yj+-(Yok*
z%n8-=R7~m$*A>eN!<dw2`N}(2L19cDv|E@MopXdNg2&^G1(>yb<IS*`!2yDL*&#S>
zeYZXF=4tBb2bKMpTJX2q3WtR3oUNyq50>=JS37mfi8TD)Yv=dk7QLzP`$1q0)7@n=
z%3*^AZyKSNhmbb(CP(|)V4%Pkmv&tJ&s8tNRV|fJ8~M?tjLBKt73(GqbNWJ9#Ef1*
zjQ9jlt4IYeit@5ui{1x+Es5*MdDw}hZ0!IS%dxpN#pJJ$b=OQvDH5Av&{$6=3dc?r
zl+I1vuc_LX@To6-*&^&|pRUUXm)A4&f#x7#9CTJUepofGs`4Ar0M`qNH~H#BYZ&e3
zVjl^vq$e0hA@m|7I{u7!F|_j=$N+C{D2g%yd8KaM5NBhjRsF2oabE1%*`k+3Si>{3
zpAFIZGxQY^HHhe!O49ZEI&>c3yyBEaCcUHM9d;MNp`|bkK9#^N?R4V>E=5;%6evFk
zfZ(lF{GD5ejsvq)xg?Iiv2)@tE=9G-hM6Pl?P?m^TXq|5{)%Z$T~2|-743QM6o!h@
z@>w*MYTel_f&M1bW&f}_=Oa@WTMJEZvr!<NjrQ^9)>fq5n-}6F`bAjDnuRv^YUi=;
z?c{0AdN)C3yX6Di2Xm%+(TSQ=nLxRHdxX`2MlL!60?wGlbhvSESiCViY7KR&G1-AA
z)oe;%m=ZumbpBzNSUGu<f3h`1U%L2Gkvc$<ur6-@*Q^345~=nc6v@_)rk%c?&vATp
z%C-Z=<O5tbjVkk`M|2Ta={}{3$)13Rd#M&<Ia`FB>sxH^j7I1AhoZc_Kb?*)Vlp)!
z`@bJ>J|Jc1J+Or%#v+!gH*On)C%e1c7H!|`h8Hzq^WmL4vj(@Slh)V&dU9CQQ*5O+
z59l)1v=z4(Xsy^=S`8a|vD45~cqih0RNN`f*x_GFp1Sx6U*=j%Q;4izHWeWAR2{pn
zl`h}D$PbzAU{bD{HS!EY^uaMtCt+C)*pdrS>cJLwWXs*9CPy%XX=lyQhbPpLav@XR
z1haAu9DooFW|8BvQlXzs^b&f{XsgC%aNZEuQt*G$-qy2q#}?oo8gn7;cQkJopbpAp
z9v0Qxsk2!x^*IiohVWk}4|0RclMSY!;Y>Hr<@nH({MCj<Mi$BOTNg#jlB)8Eh5+q;
z`zbVEoyTrbD^4=6c}Lq$=LBJ`uMun#{4<&A1}-3CScuyfRMwYy+z5$qi>QIPk}B37
ztXD5+j8^^qO=VzB*FKXONvr{!j4fc2qC~idLx?N4H(rivnsfg;$Nz_;Wc^3Ie!fjj
zp>lS(LkiC+V=u_f4!Ypi2o`D99I((o-d|~Z$z`j-uJ<Yp>BR%4e{c{!DNTXC>*=h>
z&(g+P(J0*!1|{U;88>VJ-6i=VskwQ<)~fSTw`x4OGIL1mn2&!lrvS}nHLHbvqfe8W
zrSG5f>g#7)T2a<uE#mjtc}H~Mo5dN+Z<!dr8>$q=!U_(Qxz5*?AT+8!ntR$H>a}pj
zeCEyy!n*J^+|U3!hbu~!aT?S4vbxJ{Wu=(ui})LvJ{Dna8-(N35DgQJ$0*H^{FAs<
zBzEdU1w!jboi${&Hn9BYZCm$#Z^p~R^s;yA>SV7Ayz>)$vHmrAbum)|Zz<~wy1M*u
z+Ux12T~maJ#AdDTF^z!tZGZ2IP+gDVUz-nz_Jml5GRlZCs|PFj8Y`(8CTW84{HlbJ
zs`yO*U{u5PpJM;19m{B@XEJNnfA1Ki8E*#9uxm_p_P^FiwIw|WB7W(M#2O@LqHgk=
zz924ton>WRZ?4|z{p0eoZfqw?J=fjRX}~6~U3s7VdR_9ls!bCBwDoLyEH70d($kWd
zl3$z>UQmUAo<N@RXxU8Jkz&}dz_l}yreXz!tKunB9`qvz31=badZqENxrmMc%NN+O
z;eUb_fqSGmImum6bc%rFFHc+#C$@L#teu&s@b$E8c2U+)CL6$U=^kbgro)_$I6>N5
zyeSV6jVI&4f`+jymp;-xH}ik41nX`dURNuo@*1zyv)r1Px@ZH<glcNqA=*ti(CV?^
z&ou4MJEo`bJY3p?Pqi`NIhnDYj%OR!^S4*;E@Hf9v118mL%aROjr`zp<fUqZS!Oq4
zYi9!=i+SgH=a~~Gq%&l(oFH&TM1&y%>T83i^37?i`G{whXpL~~IPbXTeTl6p3Ha24
zhui|cKPRB{rN+R(yY?7SJtxFC#W(kZ%*dYgGnD75r~!Ap(yx<$1Uh#&pKILqo3_Bl
zxnf2mr?*30wi(~njwp=jE*;$$V`_9+-LG)2b(L3C6}Opu)(sJZ0CwxzE*l;=EAn{4
zKnZUKhk^nsuB5b|jZK4v+XW$52+;1C6}ZtOjv3&p(;^MKp*$26)1;X9E4)GMwu0pM
z?n=vPJC4DG_vydz3k%eSLyXN2e|T__NsYV|fklGX>R#Yi`P+>NdRn6)OO9;`X3z@3
z=7fK?gW4Re`L0(Nq&@qz=IVFrr_ZZdxgKGe0NjKzmJX*=<sLbx;kgE@C30pufB(S;
zG*~@N-HTW|(_5!@<hP*s(?S9vBOxaHrxLaDK{=K)@?c8KPs)k>RLel&#Ep$-x-=-~
zAx&mjf&+i_PZT{m-XB36^&tzW&0uLB!9;e3*<jb3Hm4uLa{+Wlc43+Rh+`1Hbfu?9
z-}&_=CV4+(&Y~O0XFD;L>@a+A{@6`MOx*PkD^d|{LkXI*rxHaF1+skAalt%YJTU6&
zuTVZwkK(}F-zqJj;X1y2?+;Q{btAn@>MGptIl}cph|EfulNvi7cfgM~Zr9~+%<rPD
zXga&NnYG;NGM&H0N!K(%ckf^sKW^f%>h!U<tH!C}>MnHqYiQ|sUTKmt-g#fF?QtpB
z=c0KkMlSbP_aIIpO6;&Tb2k|5{OXEPjn)QX@Xql#7&HqW{4>K)=E>QO<yTmV%jHUk
z^YEi4zd$nHQzPr&$ti|iNvC-jv*35>Seyuaxl5nWVl(%k+>#^31<Ihuh53by*tjy}
z!Qa0`l!Fc3J8d}gmrY02SM34^#m6{vl@5(cCiY1k@A`@mI>_s8i)7fX<+-BcYsP#w
z*ld}bDT8V7<!H$c9f`=}{ET-}P`>J#7P88w?hXy-<pFt2N2U}PcQgVo2MsAKu$sxc
zDbkkO<i?`T{3?9?r?uEg`Y8KLJyB0$oN*Sjw~4IOC1`LG#Y6<+-U6A4&(NRLAzxkb
z@xP7#9NHC1GpMbatDf4`_9H_wr-U&7a`wLWW$_B)fxdFu6A@y3M53&sbR&J~8pC{&
zag5k|$e@8vD1uEV`%on$F_0djvC~ZWlSr{|LY5U&_M1#}yos2fbGY}=IK^zUH;|2E
zyD(uE%S3^wN$2<g)-xhJE$E-2treTI^Ioux-=E-qi<pAeOKJvNPkoID1{Pe^^!kn{
z&?@a2#Y5JLzP4$C`9tRg$jT^y(C>wzc;;eh!6EjAY;T_W)DRMMqkiThP_05xcq0>&
zRf<kLGO?nZjRkzn?k9%oU)_v0R2HzbgY~F94E$>OAbQB*^E;>oCm3a`(9|j7;ZQ{4
zeaL`VXy6Zh6jZ(@yIud?5#i2BMZgwy4&H=?Wd<LvISbrD`8(KR>*8W-r{V(VOtv={
z3^*tprI>|S867FL7g4F~RiRUd_n@M(e+#Kv=&n+T<yi>4$ZHmzxggT?C{$FNV1ktC
z)QaUixJdt3^(7y#$I@M>@nKx_6I&cF!1A^>Y$N|&*4n#g{|3XJyeM;b6IzX_Cdrbn
zl4pHWvB(~cER*a?wslm~KdSu%zpZ_Ap4;p6qA%NTFl_zZG2C$?_fLAC#(3@DS#qKb
z`y-5G1%-Fb!oeI7okti=Lv@_1Dtf1ra2~L*ESYuBbUStCQx6lix0T3H>eh&QlG+F&
zC(_0UejK!XJdNmGsHu9_nAS~tPM=3`2<^D&B|PNt)E!@8Ccfq#OY9Lc9P-XVzo()=
z4)TRuQssJ)jTC#?;TYWu+RiF1K$rBXc-$7rYTQrFi!l|WwR-K<>?w;Xp4gFALh;Tf
zo71!3$FIS-<`{k0y64Q5=2um>Cgx!GU}2l%CSF3)%`<-<uX^%v&`A*}ilXCh3u&Po
z=KJvs^`#yDl5Qf!{+XP+h|M(tdR+dEUZuhDnCr50Kxt)6SdS3^=wIHw*MWT({G3Bh
zbLUo~EIn=RZ1Y;`L0tZLnYY}Q=WU}^oxNb8*F-seV65<Y?!-~JN@IFGCAqdOeyHit
zYCStTVbImS(LPPiK1r+!cDpbA#h2`TNJj6kiU13<<S=2xJU67@TgXs{#ua{&PvRe7
z?{0n_y8}GBpreHYRMNM|nT@1d87HVFZS)yEyuR791MFH!WTEKk$7rc@azUMxz)3CT
zw5j1ys}ui$Q;h`th+RtU#J5__Tc+n^R%p|#))Bf&g2ljaR{InTe=PhRtFx@7Ig<Vd
zd9mu@UG>!ew8#0t{pCGu?<zd;x*%-PbtWtkt^!^?KqWF<X`VVw&^$8T6W%&@loc4v
zNixlp5<w8%@~}kfv1B(;jgmM9inu}HFr+iSd&KqmAm7asOPRteK-%BBSHnIr;Jaf$
ztDHTR{EjCnp}P?9!Q1e7CB}k{&!U2+NfRy$qph#e$2!H~JOgWDO3q(eW+)SIco=4y
zJo!{c(T*JpfZXUs_gerxIef4+c|XbVE;Ru#yKW5-5PT&3PN$t=Ptfz1d5R4a0%^eo
zfA`NRJ|*g2v}tg=e>!~}-134Eqe2O1_<T<V7;wvELwZ5@7wXQE$DDOMl=^RTUya>z
ztQ2qIQ}FQt;uT^H8DhA@c`Lr=wz_Mr5w`0(%4>>hztYYDh}v9w6)+ef$0p5{I&D?e
ze?PK1w?ADf&o84UGF6p#8<v6e<p9>1Lbh%i*1E=|?6KVGb+5z9=&FWIzptO8Z9?^l
z7t545o7r;`-BNtGis=vTl|_%mCVsP~uz+GRo^|<tf>smksF8_OXKKeg_BY%>?g^=u
zk|Nrx)*o*Aa%WO!@lVFM!}Qe&uf+_NqcVV*Js>Ci=rB@Cof2O&kf7E27_KF9{0sG%
z)Z3KG(ezDb_0pOJ|D7DoY=Y8EefxHGY9LbXJOB%UXO_gTBY37n5t%#Hdz<+e7BV$<
zG$CIVj1hsOnS+CQ5vtY{@?KN@Bp9}wFScC?p1s}s`SA7bd$~f_eS-6mR{Zk6l4xkW
z0&)sys6xod1qG1cuo`^)Q_Oo9*Btilh5aiyD!6L%e?t$NA%91AH7s4!M1I;hn9P?<
zcVlbn<|y+D_}ZFT)9W?v-p4%{LUs}|Usqe+1fKyYU~f4k2NKN^*rZY1$jRaW?d`rz
zu8~$<x(I4@yP<z_A}~8q*cG7p!Avb2SXJiiN7Qe`(F;vaHne2Cg?t+eb@N1!NSNjl
zR;WhpX{EZPe)^*l6h_ed&<YKqK!0+0Y=ds8Bvp6*rRRB8`e`W$LCpOdlNJpPRuxH6
zMYIadNhP+p73jw*mGBVU_;aloymblm5B(C(7N&6rfp>I5@8<}kIv%a8m>w~;GcehK
zE6>b0$EB(>fxKvHI`b>@m}{DAa=5+zsjch$t?RKWNw{AC^NOgbMWQ+hm-Mz|DZt&k
zlum8*D($GEX@hOj5Yy|hG~;S2)#<ZDUo8@ADhpr0<|N$|0#Tk|_|Mnb81lZjcIVUJ
zh0u0nw?pML4UheG6p8D`P)!^4$JM=yeZ>5Ahr<PYxn{9taCD~+J0H=uaK6e^F9jbO
zmV1K^eM(u=y(pDhSFd3T={5Pj&lcZfx|6(jQRc@z`XLF!_IMPZ4}hy=ooM@J{`mOW
z(cCF>_;B4Ad1LF8b10*+LmEAPpIQE3KL$5YJj7ephb1;TzmNp{TAN2)^{;|<dHwD?
zQgu`T^v5y3s+7FFrqO9VM**>#%pC&SU{q|wn05Y5!PoHUb2;cDh;yBIiAITbjdl$V
z!i$PPA0dks(|anA%lzIq5@efnTJBRk(NEz)ru)4)k>j;U_cLSc)B7~#|Mh&?Cf=*b
zKqc-*J7wk~qGpbxgkr!IOeg;C@AW$m-#p0<#k|oD*F3g}jaGYnj+@BesdL8P3GBRG
z(KVa$05wQ6G@f!sJj|Y0k^|;4aQNSFY%x?xoGNTdEQAK2f3A^s(-+GPC;%Z3vupjz
z;oP?@8pIS6Cq$VRohUIbRH$So4xsalWF48qPNqlglU%NU=dL_d0&XjG*P-Fk51M`X
z0|Ea)|7U#X%1QS~JE~M5@n)z7{osWUF;(h^OktAIk2#Cv{~0h;M`ZR6zp$eg(mZ@7
z7^sxn-K<DQD~@es4liR_*Os@_fpBWE<P9&gT))OW!JoL$5bxYaU3lJWN7-^I*rsR(
zni17UAW4SF9!GtkDTy|&W>`J{plSA>d?W+R8ZaU`U?e2rEj7lyWOT?H@4_Tg{Endu
z|MX!M(&QZ*8==insMjP>eu0>?y;cv5uvY1xGOJsY4VAobCvOva1}Cn0p`Ev<-)c>o
zX!YM&s(aJzcO)O4t9L~op7$O=%~AhT;4|S3{vV)#Rk$-2Hdd&&p&y<z_DR)ezg)UM
zykh?kM25zeiM##k)<QJ^v8vEnk`+Olk^!{;70+%ZRAVi++TawR+9eMqq8om{Z9ou}
zBA49N(@SU>>a{9@VqZ^jo8egH5R`Z<8PBUbHXaJVu_mENX#D<znNZxiDp8HNTW;)r
zghR>=?M2Z;eXL?sUArl9IToueKuM=!Zs=$(4)USDup_(htiVx>YuqriU^|gV=nI&5
z94g(d@a>Rz75k&u_^#sMt+2!YB;i=vjqHw|YMP{5a;#!xe^iL7hCGG*OL5F{Bnj+L
zNr$E;da{V58;etV?0j^`Z?+X~qtcI^Do2!D=g#AmZVo1@(3FYcOk*O#9sNE(d$6PQ
z|BJPa?eIGi;}a0wC=5-N1Yt^G?!Z7MsN3CCxC;YwL#-<af}JJ@=1$`;c+773F$>(O
zCLY#z0TC}faMDCf;>?wFZMC8x6>J_TiP72f!ALSBp)<z)f!A(>rfW;WnJ1P>CXWR{
z&|H9Pp{N#6mNku{R@^x#baPr9nfc#y9-F|eQHQb<Hi&EXg~K6}vxuZ~|2PI63BCf&
zRY^C>`@Pi=be&>&0VVFg+m;xn-LcD2_Sm^J$jf`C_im|d6IPz~RjP@JwMp%YpE5LP
zk5=+CWl^h(bVYmR1D?p)ytHggO@mf!O)H$hB2>E1x}dwXBVHqBEJP~(_#svcef|Tm
zi%POf4PSQe%Ft@Yn5x+T<gwq_+ChkJV?)tx#1jf0>1o@E@oJ1;KjRV70yj1>CiIEt
zSEUPHBLL)4UKlN?2E?nB<A#-97o$T@aTpaPPtyHRCMNc61}yXbCsYfNRujppOCiyF
z@m5wbr^{m1;#om%p)2V}6ZT!Gjjg4I77831p<4Lk8b#XVPf^YJNsmRA4|Sb{)xme_
z1OH~&wnoniA|qDY#!?Y6WJr|w(tB$-aO}Gy+|O@KxsR%35#1^WCXOPXkcXdHXhPXu
zE;N@qM|e_gzL625<H@C|TNvk^9QTw3sxXbG)HQhzg*f11MDWNjk>uDHR-k_j(w^qk
z%<i+H9qxv@*~Xv^@KKz}Etn#P1S$Qp8?-tx?3lFo7@dA?E7X}y+nC!zSw~}xmT!_)
zY-lj#;j}P?eZ%*#&oYn$xwqjCkGRya4@uvRnpLHrL#@D#=QpF#ok-}YbL=B`(}Mmk
zCi}Ryl09Y0&C*~devZ<p9{6&ifkZItX+^-Zzb8gNp0U4lp|>`glyA&>w5DDIO6C7A
zwfG{EuCWr0XQcNc8DoASpbl@=!zCPmGTrwt%S=CxjGtNJS>CC8Mk9jkZ8p`wV2j~<
zd4$vJ(KQldf_`Bk$YX5SGjWLCQkI6_1dZt`l>f>&G9s04KkeB}hSzuib7h~YNe5YS
z!7n1x#0#BK`=3;P&U1EN=p(vIsRFk)E#+n1=t0XWWeo37|HNww<9N8`DGmP`QW>f#
zy?%BYLzdhgr(3*^mDR6VFqlGZGy=9#9cwGw(97}Ek4;Q6MT%w_CKr9J>r*qj?7Y3~
zmKHM|QYMU#k<q_;P6V!n4Sl_@Evrz(E)7Nzr8O;kQv^)nFRN2@p^v%lcalsC7!i(p
z&{uj*Ct<%8`NAmT16Eh)HU$P|sovrPp^Qx0soHd5NfjIh<S8N7iO5fRuP)Why)tVO
z-d6mY88y{4vRv5}ND(EONXzrinbt@XDV{pHmzuA&trI%Lfq`5{VS8uRa|q0JoYp2A
zuq){p@h4ux?-7kEUl=|<CwQjEJEO=vN!O;>&lH(1`)@7w8tN)`QqST{O`DTLF2k!k
z@>EZc{CTDgW@jc`byb)Q81=6AIgXG8OjXDDOV6czk8@@<spN$v3e20AwXU1|&6~FA
zS5NL6It|;qe~Z$Jxw49_By_sAO~;yEthNj?*sR-H375|qGwvq&m8&O@m^G~VC9=m&
z*j6`n64sp?r}v5mbuw1Z><-f==qpCA*||2af{J;Y*Da_=C8~zc?OtYwFF0OcCQ^rv
z)s60p(yksF{35Kkm=mfn;l1!1$haei&mlOZ;puFhQ|~wE8xj_CJGb?FMY>jZow>Ex
z31}dUL+~_e;GHtnRq7@+OzvJfZPd0nk?c9GzdPhC*Nt4>6*y`+#{I$zxcil&M|0zg
z<64i5z9vfv$(93sHrDJW_vy*<@70{bC5|Ab2{dO?LpFttXM5MsvWb&76%`TOCTIJ=
zA)s+GQzk+S7%&Qgj}Q?<4NYqnHm_}P518Q37>&1mN~iPAP|H_Ow4|$7^iKuCiTD~+
zM_K&Z#ML=q0&_BVT!XQqPo1&mNNVX^s=xz3;*~xVvIs5Z5-J;^z?wC9VkBcZ|J|Ot
z@tcu%@W5UKZy%GP81s6ONr_43<!)0<o~CHeQEA(6sFU3?P7FJ9_HNBnOkO}aQqF;p
z(JtyK1N~PXV8IP25*LHLU|QcsCuT*Kputf?S2JS%lrC-Ml#K5KOp?x$!Tt11SPf)%
z+cCIT2LF|6j^zv=(SKB*+fhlle3_WKfiSH-QeKkch9|F{kI2E$w=)wre_6nOqo>B{
zIfIUe_hbsNuloRtxm%wA2llCk|Mez#<Z2$hpsZyI$<M5f!{rz7jCHRWS0(0-T^+vw
z{2=2x33hPRTVz&HQ8Tam;N~*v(cF+fH)_kE;QxV`7g(*3!Kzr^nZ7iXwsxe4Z&@ro
z@NmP1beCS$1lr(|H!5ejhkxlc98x+xWzTh@+O=)_6!B)m3;)v!G@^av@R@tZ+NFK>
z!U^1^?=2t4y{Z44eNvq2-64-*`}$cHU!be7khF@BTQ_}Bn-TwG!%e4wqT8xt&~{iS
z%62T<ydh*mjL{a$*>I+h*c^WI$8Rsceg&$dWTw96$uzd8R&+1H-+qotIRzlS@dV2l
z*DG~X#1&@r75&Hd2B1v8dS}$}omG6&skoch!EF_sBZVqQin82;9mH^+M?=|6cTsr2
zU>ZW-7}$B{fvihWk%Hx54gZki_2618u>MMfji0g)E5J;dP|dl^F=Y_4yCG#)HW>`y
zuaR#bJv;zr22=g1ygL?6IQnJgC-@c2A50@$p>amY=awTr5pA*a$++`TeliQbZg07&
z6r#M+4Uj&ujCSe5yoh#Yi{RKC4>oaNnt5m}4K@)l`Zj*O8mv=L%s<`DMOX{i5n9*G
z=vuuA1<dI5e&+D7Db_wcP)v}hmy<%6*-|R*vIJ&pNyLw`GDEqv$k=z4?7S05<5MIR
zMyte47N&QI`yXg4iKI)?y#&&dNQ|H!c+|&dl2mY_X-sNMFWD800Isl=hK=LhZOAo-
zCyCC#d*J!e5aP5dU1`!&=8W(`ui>C_*-sDHOM{l^@35k0GWVE6a881i1nsDZfARm!
zZ1SC_*?GX{yc8ZS*?9ox{J_hciciW!$%OEmN84cq$+Q72;psUAv11NMK+PQMDTB#8
z>nTIV)sa6S?dFS~N3xR!FTv@dg3UY%P^S9eA+odhS;Em{j>y^QJFm9m1j=?SMOQ*L
z-a>Q${qI=%3c_v-wB%*y0KCM)4gf13wF89D+=49G+<D;Q^n#T)UHx)N?U8yRIDBB^
zbdJY{Qyf3-HOJ)qfXE~dn8&rN_fw|g<O7k%=`p9_?1Yvl@SW$kd&S{&_MM;J8K7`b
z+Qb_^b+Ai^l4t1|g_9530fJ_-`^|goJRo!8ft8>ZV)OdX$iZ_UXBG#{Tm6?iWX?su
z`TLy*eoikq`H-GdS`7;2*vEQ5qksuf_Oa^Yt|a4eiZO>?bA4ip$v68<ao_o0cIlAv
zhdV%+Om9f}x1LiEyVo=o2SZ6T7Z%P*$P!RH0EoOoz&yL%D+?zcNQq57AX#*2WNrko
zYF#MLp0Y5G4_0El0|d#`0WCr7IfdfP`cdMz;Az43i5ay&G+CNzFI?3p(!8l-)4blk
z$g5bvTt(DTnO0dm9_G;AAX7zXA!dr;;atupTJ=FKShEwum?pml3T%Y|TOButZR9NP
z+%OlYP(@+WZKGJwu&_E&IS&Q+@D6)7d>jSEO8Hq5@+!D)&Fj%x(=FeK7Qh@IBy!(U
zA10LwF3;e{1Rt}O!;!4*{F$QWt<nYxOR<K-$&R&{pZq?os>&8rbNiDb?$?%yi-LZx
zvbRD{BYv&tyo+lt*O7eFmLn-7m`EVp5q?unKb9Xbr<`=vUy+Ewkeoax?^OR+;Jju>
z@MON$)FZVTBjIlzr$83`ygZMr{=(Y*{rvpAToh4bq%uuuu?Xp}_;IeN`no#B0&;AV
zbbB-wlgwOCF*>DvM)1%fKW8%;x#mq_-O_$QV%BWqcjKl4*brEepu7;G211UIF1Tm7
zVeBw4M%2}5i$qM^a0Cx#J<=#YvxgEE+R@~LbDT0+7%U>*>09biStnY`X$@J4P>zJ~
z`O=Wn$HSQ=eT<qyzE@UMYEqV}6KnEDPIflbRI+p_1y?VRQqtk6gUS#!RGm$Ejm#*H
z1Zn`_6LGRIGA#^Y-tVaz$4vK6$YOe2T;>Mm+z4ls8TqI@z=EPG*{spsYU>xdT6~!i
zKo77}5vw|B-gvB^0ArDQ4?rtfl&!nY-*j0mF+1h>m0co02K^8UuBcH#xR(0iz}?6#
zZz;)|YbMN&&z5c`!kwKQEio7^X%M15a_XCW3_QE@l4CrsMSE)lLgdS#Tw*nr#%ZV&
z?Wvs2p)CN=0Bo}srE6Y^uLaa(CHeS5QPOHfQhP7qo33mrrLJq1+g(?`mCID2kFZ|y
zHF_oGRL;u&dYH%$E}Rmm);f#9%e>4{Ng|NOeEe$8yye5uyX>obtauPLKB;4FY>*aF
zNk@3<Csv$-pmdYtDgw4=PF0-hP0*bD;8iS39gM@k0R7Wbw;LEgsqge%9o1@p*TK;D
zRv;t8W7ApO@GiYp6~ZIL;7E;<3vYX^&1BN2>w}Aqz|@DYL=MJ-S6|^@US^2HmET6X
zqoaHa3p=lNk(rNn$48cI4h2K)*N=QWJBOs!F)cRz=|H|^FZa!oe%>KmLj>hKBcH7F
zlhO}E1i>n;t)EA7Mciy9^L-!&_<|o0<pKn2f2#Mx<kQTPfUjQ;AX&jveOkHAs3*TL
zDUW_KYN05SIlFqoqZd$`x+q1Mf7M}_`Sik?b#+i_al`FG==4yy`aR`5f}%ZwW<{Sk
zEx^X_fCcP;-+;OH0%z3pvx4UbX|0LS>Nec^oVXSZO#0L4l$`<cB@)Ui$AS6&#UQMI
zdbYVeSo7x{+c>*jIj2}wN|~kwl_SehS4xRNcvOQQ!R3RUsO3w_Ryt`eMrHQ`+S{E+
zMN>Q-8o8jZ&HOL0(gj$3QYCV#71Sy?8;hNC_~)S^XDvf@aM<uZJR<QCy%T4W&t!SD
zm2Jo^%lartsFj&6L*joQ)-$nO-r%jpQ@D2xyE$+_ws4sh&p}Ci9QPyAq^b?PL&EQA
zJaERI2)l#N4!0uF6HAHm5pIQ)V${9KbYRR@Td<WZnXCy6jLTyXHl1h~1hE=Z=wlRo
z|C<1ce?CNiI<Zi5lHbdCrhY@quAsR=>-6GeHhJoc<uVH$tB*vB<<fIWD(l3Y7L7>O
zlAhiAT~r*-9nB^ZEcCmYkQP2BCN^d|Hgk|8Aq5XSU@8|QltC~ivM-jQmXrSfVC^lS
zB5Ag?UEHN{m&V=QyK#4S@5bGo#=UWOcXue<p>c=8-5U2xf8UuibN)MP&HU%ywKh*h
zzOi%1E-EvtDk3X_@l#+h>!BC~9C(&cN`C~jDQW1JAshrF+hZ+$l3O(gDAnZRgLzYl
zZG@4`)Iyv>H}1{ipUGdyIY}w=>pQUU;$p;qGSHE6=<?~_;h!I~m2d~TlwFM3nSbBE
z1T9P3x9KDAx075{|2&lpdiSw1hb)DAp<rKe>{jZH{0vhb=eAtm_XcGNysBFoo%-uo
z-Y-&MQ1oic)QVJ}V+Qt%>f7x%foy5i<oZEZG#OtXPgFp;<4cL}RAr>VID@|#yGd!M
z18~bj{fPvocaEaJi%YYulzwg_p;6vqivU-)_X+u`Z&V27)xXD2_?5?)z{!5sE4SA#
z2EA`nDka<pt{y4#>S+;yEY07%Ikt{N=|S;AP%smw1|GO9q*=lw=L4s_epqC%)^ZCp
zhS@9UU6rPcFy1%98mN!(o|$Xe{7w^1bV5heRo1FqOu~~m<fym1H(`R7Etj%@)kZze
z_8SdT4Le1|rvD&)>qoFG`*-3SUo@6sZg8ULE|{F%Rx<X^ku%a6dGv+{5yymKdQ&}0
zoQ#7;dNQ<3vu^n8<AxvYg3p*}uli?@U!LwwC6%)J@WK1val`q?LZNu+gN850N817;
z$Gh%r&?M6{y_3Uy%0F9v9&!UO<Rd|D6&a=Nag9wl2=hmvNM>ko*ChkY5KF7qG(;C7
z(yjN-U>(K~jFi*y%P2F16)I~S8y-2*t?Sp+805+fD)CDzYgiZ^X(Z_l%~027H|WTC
z;B1&$iMEsq3tAkRtA*11ng=;FAy(rFt%6%=Jr$fI-Rt%We)o|3m}ZNc`RC`$gZJ#U
zJ+i>@fr-kD3gYx(j=K0$(hy1Bqy3vTCL8?Zk%{en2f3;Y?H=pxCVSpi?={1!%wN8<
zl*R8&pD1DG;kP!hHuan8T;<-h^9%`vx)l|_wAjZ`2<W@gU2*4AUvaa>K6nkK+fPaL
zPRL1CWWRphzV1j3J0l<nyM-@DJ$W4oyL~I_fAZt3^%)@#yKR*G_`9H7SY#(#s3uC(
z=uRbDu&t7<@U6vquiOi}wGD`&dm7(){GPY9owfO#^ljIEiiqt~l|6El+>6~Sg0~RS
z9Oq&4;pT#G@dXQCnJrTS*q1)JK0RUA8Ggz1pDu{lkuF%Hm=a7Bh*k+3zcb0O-2oDP
z`A#naCh+_4b=>)N$#7;^rpZ*`P|DMs2y4l|ZKSA7ZKb3~a}(~ykhV()N;vfb4qP>5
zhut#mJ8MUlB7fIh4Sg0fb{nQrThvDSawldw%*A2Eh{Li|7pS7~oU{?(&di#betV9?
zJr{xxR(>0qN|vmi+N8rA`TNv(mxvrTg2e<qaoSkiRvI=+AgfGHR*JnST1HkjGd3-b
z2kp@-hoq6Zk-L%owtepWqaV9sdWaGI1}Cgbk-1LMV+=y_aF})Z5NlLoT&>3}Qi?T^
zImXC^!hl!`Gf`z{$zBHjOi}jkkfCtz__X}sYu)G8MHlk|Qxg-JR2}&*V=OW9%iPw3
z^ik9It77YfeVM%HeE0+74XKRdd>qn(*FhD~bq;lR=FXE|hIg}?&j%U@5C?ODUN><o
ztr*wUd5!x86|cxd-VY`2P27v8Z0ad^^vg+`TAd4+C)7G8@uz`jq}Mao_1D+eSlli=
zE~)0)bp-U$n7m(b`fJDRho>8XB|EXKn@0{D+{ipg7+jgMRb-0>iwdr7o_Um+^X#9q
z&o$58TkT8?y|;RL?F>Wit@WFxcFL(pL?uPJMW--$Ba*Qg#lwngx*qoGwoEf4Y}~Cp
z4Ii#jyH1BrA{=Na)Yr7ODoZMtlxorH;OmOF6$VlVSh1#b`I7k;8JZXc&{A+NbKVq)
zvA@A|5OU!^F#N&^1zDFik^Y%nK*vmv)7W2cGW}E3-)4A=+@D-L8A;D$O36IO@hFeH
zsPLKiIhj!JX?><jO4HP0Z+Em}bWO_K)ZSFpRM*saZ(+1(bbr*&RNPb@L!Z6H;#*?r
z)bOV$q^qAbJLL|~nD*KCt;+fB?0Sa+l1qlFZ-lvxS5w;z$Cl##E}|V|4<4#DwkWUd
z7Ey-PC|TJv0pC^>8U=9YZ*0}AIh{`0zsXdtFjIb8(w<kjC5<u^7E{~|Nx~)5t;PPB
zt(IpuAJ@vDmMhdAoDOd2CZz#h{)@<5=e)&SUJ=j8CzC=@ik^oDTr|wR(q9_*L@|hk
zu?Cy=DOnJwbUDR6Mc?qvUZ=%3MU7eJeQpKJV(x%;rxq2+_AT6p$Z7~U7&>Tc<W;F>
zFA6#t@L@@XD41~|`4D|#ud#|s9p0Q9lWZ<CUQ9oKGejKxoR2b0TcENCUSP|UZD}gD
zv0al<to~ljG9VT+;Dj5}FVRmneX-3a6ArXzUR$D*(%CJ_x+CRx?T-(U8g2g;sFC%%
z>bvx4dt;+p7X+^1ILcU5<CJ7qQbJmr6)%Y!RK(%L7^9{Q>JFvX9F=<+cItH6z&tGT
zJ9`~k4%klVz+GPCR-F7-bXz&q*`%>enMwmw3kpeCW?l3vm66ba_bfDGBBg29U2{r#
z+KAWn?Z>_c_Stxl`f0^)n+P75znmFuJ$k!X*vT6l;FQX)e~ns~E2)`6_EFP2286DB
zVHOkga#Ce}RU9ij3$2$m5^*jjozX8KuDeIgK!TkSk9ZAZ8KPl1ii3X!(mhg&@+srf
zPv0LZ-z>{{j2Ju{T)jM+_Ke(24d+H+WtfG{Bv5fZ{}frhA@^P`baOZ4pZqF$h{lgL
za2=Z&wmhwK<&cp(X73Sv#62=8Pr)VlxxxJEw<_;1G;jF68xa$8a<q)NMhwsXS=7hO
z?RF=J@B`{ZVHt~$wTv@cwW8vcf|XVHgj0dLeB*LTF5z|Y4XjD<PytRMHFxWI!2ZIo
zp7dIoKlBbMGd1biFmZ3omDMkb?d_eDHPUA4%u2EK7miO(oe|}uz3SdZ0_6!SC~vD5
zLylb+o2z7WUAqK+EKN7))oyVc&&Dd^-B}4mJb0Q(m25=^hYT!{i<a+y&d+MwDYe3!
z&{A5-ra5b6#7oceAgHyNQ`Q&kbTwWmN=+Zx@6^W4PQ8@z+(~co#7AXETxa5^XAZOM
zGoOXpa(56KCKiM_%lH~<cl{%N4a|_%Rp;B@%8#?(bU*>a_NF)!i)_dZvedRm6EJ}g
zHkh*qh#6x19kaL|rEZP{qEB)_R$1^TT7?B=SJdpF@0N1k#3o#9K(urMU+8|0u7|wv
zZGle)96%bNf<))brvD0;FFOoUjL9v+$o9nh!4hVT?akT>9n`lb4Cn)p0(1-rYlOb_
zVy`j{(m{@*Qz`SojYB(tuo^&G`RQ`ucYpO7wD_c#>(N7nfo({8^9zpO4{_gm@L^Ng
z$4YeKTQhihUSxD`5u$gr<mvZrvl~k}Y~9HQVfNYJ#G_^Gp%k+;CNTmwM`AfvrzTk$
z)}bIa9tweGPU2Tka{SrftcO=P9;YTxEyx$wKkk1SQ_f>M;e3%7^f(7zkf^CfUHaX*
z10jK=2FMkHFr*xkTCd<@mht;j3H!eCbuuD#GUQ^GZv)e82}EKRrnD&`_mCPr_BpZ|
zetKvr(9^0a29s)%uG-8OYUAySX|C}N=VynV1fB8Ip2EEuGhS^Yy-4d`hW-VMkTqiI
zpFUTk>cODV+rctnOQ6WbjpbP8+a)06cGn^xpb3x~E8gQ7;M=jsLdihcK(P3y`*8!n
z0f7Kp{}8_re{sK703T4%K)|4fPYnRI<j+S;bj{-j3HUmG0Rabs1%%=g`V55h@*|=G
z>o&@Ppn@C)IHO!*D<CPP^Ft!%b)&2Y-8%we0P;edqdriR;9xIsciTKUnP>oNV8bt(
zcyK8pNFAv6F2WR;H5e1vAz<?my2n;YF9;bZxSxpu@kiD$*mPb+E$9-UHYjQ6v;Nwk
z-M=a_XnrI%f2>913R5}idFjK*gy-z&2OX3@x(Sy}ZB12Anhm`Rj${A|{Mw2~1<@hI
zTmzv2r;;xKQ}NY@y#`7He$KGNqoaE0K|a@q_4icHDP)H&v<o;9sHdMGXf|ANf-mSD
zcs3|K0Q80*<^|&$q`(kYh##Y09{>eNwQ$WzjNk?9Mej988${v5!h}`=o&|9nWc<Pd
z(zM+Se8uVLCSm)&>Sr5d-1cmkJ|gnDf>^3w86yXZ%@64pxFi6C7zY~$A+Ng<`Pb%Y
zx6Bf#Z8RX=6_Ab`I~GLa<^=wjSQC#hltK!EW(UcH+Jf2w_rT5shmBZZbPx$TXx!m+
zI%;_-0NR4tg4FWoKL=t067NS1Pyw15;M&165wu{mAf|w>A+3R~!LC7$gPlX2gVy;y
z`&j{f3^-!JQ~Y%RU>cx!2GGC#yeg(a4SbEEMQZ{{mcF2z=D@fpK=4up5TN%Ug&X`s
zhOP-jGJqxkAo2JS%>C1Z2t%@H{02Zs@H7K%8AaK)gIu}(&xFB@{c3yZ&N%_eUy<(F
zFA+b1PQr2565P5P2EFhCJ#z>iKo3FWKr#W6Ky*7?F7TK1UkouI=Kc&o{7ceHv|orX
z2pL!_wY;QDnJA}|FfQg0?W_UoI6dc)2CiZ?ym)^bdNb?=l^Mv#@c`lq#_Hehr}?pB
z<Hv%NLYP1-7phUFArc^Su5K#q8pN6mlriUpLT}Y*Du`A259`DlN|!sN(^G<_Wt7uX
zs6F9cxjnuF!H<iDfibyN#gC{&Ov4~lj={+og9GuJYtp4hl+%|`htJ0uLjE;EM_=#+
z6(ABo3PHH2iG;nmFS&kW0E|F5RMfy!h1dsS!5W7d!LvY;F}`)9KJwUkqCVaN!#xp5
zL`5FivN%cJ5sq==d@&yn{0{uF{3`*{fH43qpd4Tc-~hS;P5^j-3x7`kX1`{CS3g((
zd%t^sUr-m2cjzV97urkEOK4(<7nCJPFBmq^cdRA&7n~(%F9bI5Y>;fQe;mFbHl(3?
zyq`K<h&|4PZo-K@L_c+sgzBM)RKw&gB8gNJgz7<m>O`W7fmI!?_N%VFv&|{q5yHFV
zAGCzFV^wg0;dLJ$FeZEhu~Tph5rlg|gn_SruvHAc^McNj2MM^0hI^JU1z`ZE>*W;*
zW<5b}VYD`C#oT=vo^H<sGbig*J~wq8CEZ2KGi?+Edb4l~>D)Z?v|NmovqZP-9swYL
zTEENq;9HRGz)b-=RMjAu;E8|;fEti|t~2sp-ESQr4j=@|Q*B1v3xYrU#rT^6(YBRr
zh@}$`Bryg3#{m;N;y##~J?3$+WkbX4EkSIS*~DlKw8IEzQXrJkF5s7ZmtdE0%hleA
z6^mWL9JZhrTaVs+?<m%;phUS7gj>}sJ7m(&{IwRV_N+`o$eYydp{njk_ZdU}<OM2?
z2?-XQ`2(0aD5QMw9g+(tb&}st8GL@cWm1tWfx0BG$X{fCOAl(&{FXkjf-{{5&Ka!S
z!t4Ybw1fMrl+hctg>C~+z}3TR7w!y%I03*e_@h;TQ!Y_w7!=zDd`P@Ov*qBV+RSwr
zq}ujBoq=S$LGcxVhfMdN8YWzHEIN%M-_+;_XgI;O4+*f{)V?j4f?typaY<Inqu-oI
z`jj3fmw6-UxPQkO%9)}#tcQKF2<Wm13ttB)g2S`vD$pjgUBb3!J4&oBTX$h{o~o^J
z9Lc`YCrsvXO4g-$U&Fs{B=7wKz_G-7Kf}MCCr?mqg7JZ~flYx;flh%lf-r(<`zQM)
z`>O{z?y?*3UQ%3QUUFO_T{2u&V_$<CFxDVHV1I+Mdnblg+=TN&!UyXDL4rRhVYHLl
zLbxZ#nfzEs0Ne?v+z0#T+z!n-rNgOek>Sc^0u%Pj1?&Nsfa(A{0|*1KDiAR+b=U*+
zZYVL(e18=K1SU)g@Imk+0Q;Xq#DK&OJoa;jau(_&l{~n)A57Mk=%|ewG-bw?vl}N2
z<pXFhw*ce?a4-<hmwQw^*8e4OSRc~Bhw%D3C3&dBi|4pnn0tSV89B!NK@t!}H6`}=
zitWk41nma0=jiVa$Om|VxY`i@hY1kbfkFDg+kq42e7XdS_;tXXgYSmF^n+z7EyVk=
za=4o;L#g!#s}^F%v({GRxeJhC*BlfXhO!0cGQ(Da-HQum4y17@gv$~rYrP9=0QvjI
z)9K^uZ-v-8t^xhZe9u94zbAjzB6uj?spFY)FWT<+Ews}qmO9CYfQ|r;RliNpYH(YS
zZs-m04QRXIPZ^&tt2o@$@nAvQ{bQK+2|F$z-y&ZGI(+|}>0rKJG~w+&8UOVT1&su%
z4-(=}3Qz>v3SmE>o^^x0A$dW2Avb^%0DZs?A>_b{{bm6;z)e3GJIur0l}S)RFhS7u
zP!K`m%!4ZiU_2p87tq8{hYPIwJ=hcKA_`Csa0FZf;Qu}+fu=wVpem3ZMCTH=7$@5<
z?ds2iMVdXd<(sR~IUiruQ`h~&H>)Y5FT^50YEmZ5P>2I7Q6*~7lKdb;MWMz?h)Fc)
zLPY6$i90}zU|?Z>`sXB-S<jWtsx1_@S?@`U;I4R3DWV}j*qG^H1Hf46dJQn~U>;oc
zNrQ`Rves_g&mAuu-`%d$xer{UCo?t=o*%uYBs7ql7L+GeN?H4gN<)79o`c%4!Vm9b
zf_9t^6$ETO&_n~`9&o$PA4a+N4F$UVZMVPS<F)ZU-njohO7{?^lGQyjUqh8DGYO<w
z&XMAfc_y|}qE0We?itGEn@~;*r<RA$O$ZH=r7;)oH9zRq4HI!=U|w%pQINATUq#Zp
zI1GD^Sc296O5l>%+@4+^^2%D1eD8^O?<~`KMa-7Mi5HT3;7Ea+xq6^%ny#`;q1q&w
zX#IP4rg&yF%so0Y#&*SpExN}(ntNmE2ih6$2z%C+$5g*2*Xo_49mAwB?TTGoYeZ%}
zK{8NDCwL5H*|qSBMkfkMC(zQKpsKkW?cCf5)}~+fuy<mz6Md`(pO#Ov@`q<u3&#2b
zVOLDM9jC`ypr;+9j~@}qiQ`(xbDu8Dc~w97)`$q>oY8iS*FN;s(4iy0?>4@##bkD?
zJX>nc2n4-DI7=}V<=aX}xBZ#|m3<WAh-GilZet4)rva=Qz}Y_Gx6`8FdZT=^^^<iA
zL5GP)VYOZ6?Bjrw4>P|dUUiC(;F|*Bey`)~J6zvJi~+k(fFfT&HqSoM6)Ru3Z!e>j
z`pK-m%Z9_@&qY^RUw%GyUUgK?V8li?eam&rm>#f;O2<m)D*h2S2P(%7hcoJp?C@E>
z#w;5?Qm6SWoUDqES#>IWD{reC-x{qgysJm#&fk?6)n@7E&9C-GyBpLWUGGr6+*25*
zwny^$+!L_GJGiz7VD<2?wjmg!jRfK9AMKNf#09?e$B_EqU+shvH6Ou|==RX*ekq_0
zb%KnmBA&qzX$z20|8xXr_P1SK{Fo%3!4dJ|>ls4(3p_!g$&^m;aW<c4=tbIsB$_{6
z-9z}w_xo&{M{lDXJW&%yosH~>8^2q<U{!n}jM>t+_FbzL<cxNIhp)~atiD9Z8mP`J
z2X=_=@VxM5^<7gfzk%uXOKaG^wK#TKc@20k=Y)7*m{#leotz)xxy`<&0koG&jD1&M
zTqDyj88-T!A3)O2Rs)c)Py_~TFEuemR!zR73(!*{uk3y)K(k1K?)z<^L5MIGXz0#F
zha9}uQ^SY-FXCzH%W#_g&@)2TM9htq&+aZ~SbCK9W$q%;BThE9Afok^8yAZJMwnee
zv_(=h&5WWbPnm=`#!(3gfoeg1xRXlUe~3+FPO5QLG&8EAZDkVb7)NC!x~goq2D&Ss
zvr6&C(+O5g<kL^T$Maj)70cc=jAZ>dl^o9ESe~Wu{HXbQCsJ3e`~k|J{F#4BPNP}h
z(oaW5vlN$E>1<Jd7s+mrnaGlvlW@n!GHc?Xjihkk#K$tm+0aXQeQqkw_#V$1mvNN9
zn(0uaJn3}2O`@w)5D{TAS<!E^f3~%RvqT#?njvCDw7Lepu3OL^;p7^3&LD*k?10YO
zcnbsykRg2uyq+AyA9_0F>DF|h{+ztBtCX%|5ie~W-@5BKR!|`$HC*sRMv5#Nv3~EP
zMrye5hfese(%$plK-+*OPrn2M`L5E}f50g!u8MhvU94?TLXLcQ&TiZ2pl!`O%&NWj
zR@e5lA5kL!&mOJKuD(^e7GbQmw<)m&vU!_h$Q94lH40}9<y^)K%hltRKl|gp9(dRM
zp$<<#{H{{5&T)ct+@D6tl1W<8M+zkvJ|@(bWoR5J<Va0Ol$<u9cwI7A!*lqq0nIDT
zVQQ+BE)#B|L>7bk`(t3>KS83I5GxA%Uw}T6CxIziNA>eRRCL)3`1(D?bUurCaai|+
z*#81e_k=|8ztH!Os6WNy_`-KToWo5N^X^KRv<Xf36xA@vO{Qz;q=s`OphQ`yetwBV
z2scq63tVy9t>0DnibTGvkariblvPI+el{^O#Px_x=^GXwW1r1@&N}El*fNEEkFz6S
zyk;Kx99dezjKN-%H>fg-4H>PtkfMrHPh+fRI$jp3nV4KLD*aKUiPQ{YcJ&;m#Jvt1
z)LBm{_oTjq6m-u&nBfzo`JGEbM02dl`C%u2@w$LSo`&Z{%zXWDII31<0x9b~?P}Rp
zk*B<SLX&szCN_Nr)gjA{RKEIZWV6<t;*JK+w0`tX2RH(}<{ubIeczRQ4ydX6ZT0dv
z+jMY5VD)_vGQQhbTZ4P*p!+^Tw%*loBIB|OC*4v@;qhz`%W|@5PbVWpEh7d#r@S0r
zaQ?Y;L%#FVrWhVWfO$h{)^w4Y52I4+f;w%tVp_*27C~}$N7v}A_uI8C3Pm&D`?7hJ
zP3ibs`{+fy5pQese3fzIiN+a^T6^^TT~!n3{UfCleYx(K#m8;IjTJ8cQZ!b^zje6f
zbls^POcQY{Fk{R%x7`s~!eV8He>U{R_XAgq2`rfJ(Kt%cUc1tcI>|i4umYG_+3QCm
z$H?%5!vFe#W{)Z-#wyoS%7s`QB97X9ga2f?1Mh~y7^GvAe`Rge$oND2XBB%Zzl;BK
zmeXeZx#w@A3(|Y{@nW1Z$>6XwwxWE@)gAaH6#ag=2UM3qh9!1B#rpKy4SqhgdU3ZV
zGqH!UH2%Jl_K&wEgjQPN^U>ILmfin%G3tCYirp9Jr9Y&|1vRuqmJz9JM<dsFq!G$m
z1GCv<B*JDNbkd5d-d==P1Hsu=mHsOzy>_m{w93BK9+D4DBg(#<Sx@;<@7<+BJ*3(I
zoWodpSUd4^Ig5#EaK&h>Do!1Zu$t*`8G`0N#b0wtOw6}@I+z^tQFf3#c2TFD3)etr
z4b-fZw(*QTjjh&G+ban-x+~V5d_%|Wt4opXg9pxP-_Nc-M~{2d&ptusl->FSQWf<V
zn^*W*;;@WMZzOtfoD`$`o&L=f-L3?A;ko@3)q-pnq+Z*%Y6pmhR5<WxBi{`Zw1R&g
zT|x{XkXQOTP_DXMJ<;lUX33lf^D}{a_OhBf*pBzpoyPom_3UAA?XdR^7;p_I;zM@I
zxxmD?Epr0N2*?inF@FvP5dPfkz2X9$sJcMU2%oj{SjyPt9|__DH{Y(f)NnwVM4F<Q
z>S^6#j6cYoKj0ROEDx|(Wy*SKx^Cni65aP2>Wc7QkhX3|NEV);tS)m?c<EX)z3PUM
zAGFvm9z3>ms4d+pT}pPJVQ5>|bw9J&O0He+>#XJf>Sz^QoWXy#3GZo4bQ+PG67*Ul
zhy?I&JM_>w)rpvnmbRm2a6BJF*@8OI|LbD-l967EJ|;BJTozr~ADEC1s9MtHIQ_E4
z>NM%;VLPDmO)qF)^}oYm2^>M@i)9$C9l4FuKVJ4GQ;ld04b4~hDD6HGub4|GFUC`}
ztjG)73<BJ3$KK9!VDCe(hOw8u8=VjJ+R?-OAo(Gj_m%0O=fnl4FW{y7{*9=U0ap+q
zMm9D2On5WlHL5zKxTwRQli9zy2E}%Vz^b?14f*0jTL{`O<=q+M(sR!CgZ$PT#sy26
zk5dd($q1gcN30rfj_>ZvstmuLP5WxIl4^L@P;V#qEz8A5gZFIva<1Vc=_<JV*(BWL
zEr#cF4zr2&sRut}LbkWmdqEC?JumqkbvLM~ZQrzOOLT>Pc%O|3w~ssCRy-m@Jc~Oc
z)iaC(ug7}7n_3}QI>WoKf6b~#=a$OK-))u5N>{-ro1*`{MlwY&#x0U1yvyASAwKLF
z$jA8)1n^M~mv?m>kNu5?JSp0;2Kz*gs+lJht!$~W@&?#Mj@%g<)g*P(oie)W(cd(d
zB$`NjyOxGrj~>J1n+o2x!L_?0-{iY6w0`16*{;6JVN2S;$y06)c)D#iA&+mKnp@eA
zhis+pitqd2W0LtAzw~FwPb?pIeBM>6WlAf9H7<4gCNB$1Us^i&J(n}FhA~X#P^M7W
z(!xU{wye>+{a4b;#slQDiyviH0%g{m+`iXHMq7=xh52*0)rR_4d5gtg$t#HMtKA{)
ztX~~1rkDg9lii<FnyVehe-vlU`P^ODZh%fY=DgnCoggZC1kQcF^E{TEXnI$8My~gb
ze$9GQ3VBA*XFq_!$9YoLXFWLC$2WcETV&d_-@JTFZz8hhGdme8H74-X`6iQTFbOs^
z{ry<PQNHfg<T`DFci>I=OpxBGSSu3VJDSz5$lW}(dAOtAJIQgJcj`^;fQtxg$v5|P
zv#EQ+ouTf%^-|;5J>l}Nk9aZm9g*rapw)Sii<dkbfb^7)Pj;crS4bRNx*Z|+SD+lm
z@NQp@^Di}?wlAI9_;+WLfins+ju$t3xugU^NjDgu)4OKg%D-}ZJ7dearZ~!Kq<3*d
z7FV+#JpD>KM{q4l{;_crmCNXj#y3!C3uP<I2!B00CT#6tdMLlSy`*iQ?wtjkX%1O%
zqM(!5G<?rAWP9Zw@*#5NUR*a+Z5w*?#P?<N`R2P&d%xxL?7QoQytH}p5F#x6Wd3kq
zXZu9G_{64n+ZNd@+;{VRtM&+b%OJxKO?dOhG4f#BqMFyv*lk?-OP3k%2pd(R!+f_9
zZn9LI%BWPKed&h)RXCHQf}0=}sPtWd22rZ;%ip3>vC47AOM1*$#)*SSOAmLF5S&D=
zJ#|9jSIxh{#t<}E_{(kYf}9MH1A(0Yazg&`I4tQG+K%jSkMA18<ry7;>~QskL11_Q
zy7hq=i)eQ{P{%9wzld&05$3IKNoWUUzOD+p{oHaHJN=q+e3N0&+*ibuguDHj8E&y?
z$PU}~a(u&K^?x=FxISto9k#zzrSG(H|3RzuTb_BwNwnj7=!uvP=a}<Q>p9mV!9m-O
zsyeNGqtg7mSgTf2xwB*ALRtB(W8;@9j^TNz@+!4m3(=~k@bV~!Mw_aIk$J7w6@&SC
zDV<6c=SIb<q&<suoyx@Wy;iNT^28P`Wc9H>eoY^N92)ul1V&Xq*|Xr+p&y%XYt`ac
z*B+baX<eaGr*&u~Q9s%Gvv>L*UyrJ!0}JvhwQY+|oyw4M(^f4`_3{G?_dg1G)xy}k
zN6X*YdHf?d$=|`X2j=VkgurOkV*ESapO%z|?D{`W0eta<6`jidKiM`PTWD4-=sGtx
z>Qu)6NjL7l?DC<^JN`4>%C<i(sp~}5BNSnUpt@2!B$K#~I3}C7NOQU#?K0@DnZ~v!
zv`B~jK~_6opKje+VS2lhU9#f2(k_GO`AnZ~TkGGx?e@uhuGIF)sIEtQ4C`y;V}EM+
z|3o8krB+)nOm25_OqM&J8P;8J_;8}O-eJ%@pPA5gSR)_OB{^pq)`e=7?*AzLoLyxI
zpC6($3OTW+eScN-YI-~EvUBVB6ue{Vh02gor;9C@f$vGI8BGx9Meic>+qnZLJvoD^
z%XC%j*lYE~)d-qm^ZpIInsZ0ET9C!Z>IL!E$71c+JCq>4ENnu0AWGRtT)~c;oqi$q
zW7bBI(WVCbw%U*B^^s((ZQrr1RzdX}tSNVrBb}qymmf?WyNo8Qnl6I*t<nwGW?Pam
zHio*qJF~-HtyVYP{H}zC7FS(k@1gU1nwAHJqe7NBhqxA7kvR{_n~3~Lt)J7bP6qRt
zrrsV0ZGnGXvj%I2aAWE(Ach!fI$<f7UFvF=-NLzxaphTy2Qq@1vi<9=v`zR{-J&f8
zr@GWGriOx=yjPdZIwY#-qX|-MVhG~9Ad&}gXOi*qmr&+3rSwfV=Qmt|TB}v8dbX!d
zYp9O4H*XYcR;x-oEISS#OTb)UUf7B@TQ}pe4)Wr=7JF}Azdg6CHWBXd4|)>Z3qRLw
zY=#gm-}%*Yx`>><Ns3lZuVeK(lxfMShP)$*64XZJg`=~_<e9x8iB9B~K!wx1CFMmg
zi75`ee^q4ljmZmF6`gpY7iCwN;|sUQDcQbIRJppRD$`J%8~@8A<ZloDa2hoX_UmT!
zc_GDXsxtq)@NRKM(eSj^s63>C68Asy-&?p%9|8W=ZD3PL1^ho+x5aQ4_R3!JA{e;j
zm_p*FPS2ECb}cx>oWdar(xdjEEOfHIri+bFTeh%Jn_;1)cl?8~nL24LH6;fPDYHTo
zIVrQ!JVmLbLX+eKFEO6|f}PBnT6LZcP1zwS8YJm~3YBrm0XlXzsR1cmB<a2iwsFZm
zI&wCtzB;zkpTUXf<5E2te^7^h`ZGY2IwdiHn>wY?PmEe4DL_}L=BH2J3?uEU!wjRg
zY<Jzw$xojtiB28%TaUtx%=x+Ug7un)F{$>9hB3LK^+Jnhha;4ukm_GUdWA7>F?!sT
z6Lo5>+G+fx0}e{3a?}g71LqCBw@MX1_4;OLX*(TeXf2)b3Kv<GXw_va^-7)1*&AuT
zv(r_26spQ;nHu{FEYnURO+58aKm4rG6J#&SK3<S_);!Xq&8(l9Q1fU?%&N}z7__)Q
z%*~n>c0S4Fsqm^Mq%pruuY9vA7u0`eEAl;F5L8Y0B@N3h^{wc~aspE}D#@#I`&(%y
zi568}5{U&hNnYq9I?7S@%B}oa!n6bqeS)GiPGf0XrLCfv2+lQizUq5}#Ct>NS6pfn
z(4e`ZyR|1t3&!g^W?TJ(lrYV^ivzyrRbLRKhVG9q_@}(sAxoPE?^e%91BQ1e+0<qN
z15PJ@$DWnqZZGUQH^(<^Ja|mKCb&nu=ss%6j~cS-jB(IX8sZ*;6?hN$mFsI!oZ|u)
zPE`^Y;8K*M1$SJWg9&#$FX()jy+U1@`IAJdthgYPx-{vh$E`fUQ?X09MR7@J9xk<o
zd3f18FMq!4=y7ISiDlx(_k><8YAb=DM&+fHF6wgI<Dv%D1P-b1l?fc#Gnk561-5@o
z#C}L=4J^D|mT~n-(&KRfi>gX_bFRwPqPWAD+7@*0Ow7IUi1)NRzOJkI{i*BKHPw^T
zgX%V`h86N$#{c!H2+3QSm)u3kh?1N`X?wC(6#ap00E5~lU}bb}f&bCFAJcn0gy%KJ
z>V4^Cs-sXs5p7PTsK^G6Mp=G9TCAi{g5Fe$`a0Hz1}8TX)ii<1IKVZ*O&p6Iy);(_
z)--F{`ZhwX+iGvDBX6}VM&pRZx5TY46ocV9m_?uJI>;uA$%s8dt=@`!Os#H}CR(HQ
zXCkd;D=e*gorA7g`M1VVwKA*1wo18?WAw_&AM@0*E=}3<zSCt16%y`sckLZrIMQd@
zW;!+-*85JY**ygNYo^cZhs+0rJDvM$wv#cZ7l?ZrzKw&~P9f@L7kN)UD&8?ItK6=h
ziBIQFL#yjo#`CVFTAQM`{CQoplUem(<rPB37~dMfhW^7_BPwHFqp*v&QlcG$Th04m
z?mqO1u$D*nn78h0<uR{$;>x_MoOevg#b~&*MlHiFfo7vxc~kz=q-Lwj?Rt5adg+C#
zT5TVVi^hOj`H~fetI8(#pVq`HzJ*|%DQ(87S~r&QmR)2#5h`wys<rgNxt3lG(===C
z5zM<zN;Ru@-{L54CaPX2ZpJ0rR{EUG8s4^7_>@0IQ{||7cb9iLu6muYeq<j$tRxci
zbY2jyR#u|E8KWd7eyg3WdhCgjXi{2`E=5A~y^=z7Pdgjsmj5fWX84ifW~R!l6#MP5
zXXRf_qqBYeLOO4r?*eC0nA3RttoY$4Nt(cx*VSHH8knZ_=V?|eZI)A&2iEaWl_%Dv
zQCo`NW-4!z9((>6Z7Zn|_7+cAkowN6*6plW*rl$hn{@0^!jRXdR#sl^bHeiRl&P4c
z{XZtPjfYz`_T_m@&)4pSVDHj-wRx()$V*l*OYYic_Z~QL6DGPUa!QS*vsGLbGai5z
zU@~W=@g6ka6n0TChG%zC*rp<nRx-*$&CcydlCmoNz-e*6q7;5%KSsimTo`@Al6)8n
z`JM9Lew5@@IsGnDR=NF}e<~DJ!}=1qWWvr8S^`k96t}^o)>2WQsqGU`#i?uKQPmZU
zc*&a-w(0&EQ%*|f%ZK;U*RXo3+H6!(sqw!8t7XrvQr8BdUe8nBel+{_Zx>rdBSG@X
zYJt)irR{IGlAYP8e>oi}f28Y4b@h>CQUBI)yoVrplk!K?8T#HzM1}p+|4@wJ$tR0@
z4QcSRUfwPoq{66jey?xNqyO>`kI^-MzMY%?{){^5oBzm}8$n_-s6<^a6F`@YKudj$
zIkX<W+6y;&QqbWtYMI-SSuVfZm%!OEaqoSWu=v$|A|biBLva+ZQXsB6?~hB^`WJgN
zbWWZlUt5KlbaXb9r;_rJHcVNU>I>;)<brWCE9Qf~5gQI^Ls}{;6w@dLwXC`)s`8LJ
zOhvW0JP+!!m^=@vG6_Z64@kZy%t=dnC(J3InMEWt1pNG+z$PcT^GD=QNGL48NSKq5
z6#a80)Pp<D&&je-*DlEL89ge@5Ewlwb!ikG)l@vQ5T`1NG4h})5@CKtpOt3jN1qjE
z=AW^|96+Zo`dD}>VMbq7im32LB~hs$0VAO<NokPUG(+jBd{f1o+Eny5{g@=^Mjc~D
z{4;+%oF-k=igVq^SV)&ss!3Z0DoOb>(f8)2r*+wn2nteIg}Z<D9i%QyR`Q@Cm!_tr
zGQ})Jr!L6;>Oox)^VOqF_d*K}r#RLg?x;A{2W~`ZIQ*EiS9DZE^|h)fhQ))%cNQgG
zdlo+(&zH+Z<z-?i<3Z%Kg!;LEpUgH2QSROTv`J%~gLPl#+?|wzvz45K6QeJBiJ;yN
zMy@}#g_wiWo4V=?mQ9~-iy#Ll2WgjhNsOmU*hP#df8je{MTB6Kxgwz4P}f1ZM7}HH
z{u0)_6I*?|)Xwec$nN1rLxZyu>Z88|KLBbR@uX?>hwByL#?XEZLzD1Cd9K1^_wam=
z`&D1B{I+A?%)|6n&%>3)&Mwm@{lnWlh0tt7Zj^3nKKyQOy2_VZ$y2h$jvjVf1<8xH
zbHvHtHZKag0~wb_FI4$@lwDjMgx%=s#$okqq3N~b&#RH^xv}`SKNMNI{IF`NtuDDa
zA2RT~CJ{?*gKkTAu5{e^Z~3I$KpD5mD~7oA25Fc4)D;IU-3V-fvNAw=tNv9t=zoq!
z)It(%=U;j}S?0#R@kICXjSq2N%Hl^E+tEe$HQVtqAmLR^1*c_NEQB1ffAqs`M9wdE
z5NK;$6LNTVLlOmtSP0a;qU{vdK0Pqh2A$hvwrd}p3!r4<5ITgMY(wLiw_Ap2CW}=c
zC`V)y3R0MC5B17NGuCvDFjL~l!yXLDvu9!A?i72j8+l`;xdvOC2N#Vr@(;OHU1ykk
zmfs(&y80JC!CzSqHMsktbOlCC=yo_ez9{L~oMS|{uAH1iCeC+KJM|~?n59}buef+}
z`Hm{q295Z_Ad{=_Z1z5m=;vXxj5xa?rGL$wuc}{hR%>T)_Hd(eX6VYl&%K;8YS=;5
z2_LiLCeZ=Kh;4&Y&j()wYUzZWOo#pHnB1mt+A^a<Or2w)8-lCor=OW>EVco6F0v7a
zas{@xpl$Zu+hd)JA)ohjK7jg!(w+CcKA;c^F}{8B{Q>PgC>T8<e>)&2@fvm|e`W5q
zJybhT>Qnu`_JD<b`NTLef%884+|BV8<sP{8GDm~3)xGukg+BOd^UBrh;bLo}SPb}9
z{02=pD9;oweyRLI>Juz}CI4Xl0>3~^l&17CLUqOE6V3dB=i{%x4O=k~?*{iDJy6?=
zR5_u}53YR8&W`^#y%+-h;@X_W_dA`?K%vW{o7~Uw0tk*wSWyq)_|etdKkR%wK-26<
z<a$TG1@lOMjPm77&d`7K>Dp0D_L5{o{XGUcIRx4A>6m^!IO38(2mhE$LieeCEB6Mu
zSGe}U<d*U3rAd5mQvrwr|2WY5fG)?2C^^2{0WB-A%AXs3GH>5WDmD-FU~kFVKmK0z
z-(utVs50vh1d?_|3f%&;1$p@<c6@OK<49F>a%j<wZ09Om>38@}O*^)4gO_@z-o0be
zCiHB3LbgWIV)|SyeT-iqv^$Y_UR$bsrCL4<%yUhoFi}LYMnUKHn5PhMTz7_SJ9cE9
z6gvP%DtHDD_z2-UY<t7*vUdeCwk_oEy9T;~ye?R$p6SLWds^f5)a_z$*Ym~n)Su|9
zY5P|T-%Ug9f?m~etG_~5^*A^EHHcK(W+5g(wpA6y*lbO1(^Hw1ZGM9G_L<KNk#HxF
zTtH*{ZxrrI-*rc-8#}t```=^y+ZgbLYxpGrANAkirC10#>gJck9}N3Sy%hKVD{g#y
zT;aTm0sjt4W7c;zfoNXgl`ys3N7xphhR|gO*vMi<;J(X<(>L|qJ%G6Yq8~_HdXp7G
zGOtWe1F8+wPlMNMq0J2BPlGyhvt=&+v;Vnd=nEHiNDgSjK)2LOdH=s6L7+E-)Y#Ff
z>ZH$OefW<N{AKHdJRhbz$kX`R)m2$xOM9|9>d{!2phsD_D0$?p<dLaYQGrE!GBD~<
zTlfE8QOBM@U8h*tSM`F2vZD_iszp((Q?OuzNbLYwu5AWAI!^r+S(PU<ElA)ontjLX
z;LouM)q#sk^KLQ4!M_}RJ{;Xq*1AtB?#*|kI>Dap(dj%>j_Wp0Rc!%O&F?7lSC3Nj
zY{EI;Mv!ZbbLBs`nfzF|sy*CO*L<Kp%}s6acB5Qh8&`0$(PylYv8Hn5BtCLtKNB_W
z)*9JnwmDP(wnnDWwmmt9U*&8)?Z!s>)&~5Au3q+HVSI|^g|2UkCHvOqslz4v3lT>5
zIQCZfFRbnvH;fyFE2JIv%NLC9jioU1t;P7vXW6P^%R0~M7{+FAa+|H@<}~fIeah#~
z<t<6Qd#-BFj79eAHZ#4&p_3;!-A&))JAIZ#4>J9MBBsDmGlgXYn)Dv%^alepBCG8{
zS+ANfWR9yI3W25m{~PhfPx|&>%$*;o^q2V&+6f_Z<v`>A0!KOog}(6v_W*$M1OL}D
zAD8kO=z-4yxJT976hF|N@1es2IpvXn-+&d_X1`~GuO$_l^BO2XxHcY`-h2eg+QHQq
z@jv4Fy$O0QL@)+b5Ag9b@e}6g<SRH1plZSuuHF!y8ycD$Jl++@hJUfCoYIu!F}EZ?
zW$6LgZAL*>{G8*@r-T)`BT*%fxVd75P3l((o?zU5W=LgbL|C%8ueh^{5ob00U48^L
zq+Owzm*jJX=3Y4MK-wjYc0<=wf1D*WPea?&KyPNWdW9qPdrqH?`UOw#Pe@{gzSc}-
zyxhMip`Uhzvhfe&!Mz=F<dJSh{JU;Y_VL5s>nT@oGF-(@bJAd=Zyw_hnd9Zu+>doe
zd(tQfPE~e}bn=3X>2986<g0lMs+?gtakj~3RqfUG#ArB`TH}t#%Z4S$k;;1wRa?|d
z>C{jnRQth8-<YaMY?M$q3mx=))nFYdX}4_qYIZZU&yEjTg|F8VXN|Aj-vT?{zUaLZ
z+xo^f3l0}UKiq(1Gh80}Tc|%PyeK^H1F15GW3a9#q-m#G<_}h<IvC^e5s`nFf$FgX
z%Awrmg^snidgiV!Wu&KYJSKlR24}I}WaJ(o@S7iU3;!EZ<SkB(0C;WpbQGt}Y!v75
zAfDhm)`rtgRNK{{1!tE-x{a4<BOXzr9WD7<$q#MnEiv*nsj#~mHct&sJ<dlbdyNPG
z-7=>YNK3CUCoR@x-E7-c$bFqqThC3iXVC|wm5=c{6sH=VV;%zM%;+{baa~GhxIbIB
zzD~1aoqA!~cIEvk1m*Dz$kNFnh0<Tz&<p-Tgh=hXX$NlkP7NA<Q*`t(msKW1b9C16
zVQF;V!n860|GfPY4-#*W;mP60$_>XK=)>f)^8W|ERRRp*@tXjei*^g_8P162x_$ps
zF(0jRHf-TY<ish@nP-|O^IN7|gB+z+@xRFL1M97R;;LECZ`zw_jTH4PA|=MT7K$Ax
zkj-$2A)}$3ktBLzk>UA+@X~=LidUGHaV%}=ZPL7=*^|@D(_*H|;Ymg^^5Sz=pTF!(
zf7WA-^s`5m6dC*+$!1ibdC;szVF**ZlC{2mjeq^3yQq2c`gZaBwt26OR_EoEC%~gf
zlvxrZHz!VcoR4-p9rko6;{ET)kGuceeK+Y(JfFv5#(#z;UHnH|a0x>Gs8kAIkWx89
zu;^6&VB`up5Pu~=>C-T!Jf(d2UCuR2Q&cgUYP1$%{z2U%gNa`*MIwBr??)!#;JN;(
zUXZ{Km{3&E>0Ej7BZA%=Btwr7rcU9Mjn6U{pTwO1DPTjw<qH|2Q+=pKt}wH_KmLm|
zwlmy6g#;Qtjq+^NLJ>vkIAxi+NOFrj5!r;2FjRKMJPN5fk+8Ind-e*mf=i1HkH4pQ
z;1>NG#fNN7`LIvESx<7fZeQueTD$$oLB#@u0g47BDX^me)!rKwzg0jdF@z6N?<AVT
z>~%?s2&Zq`ys%DzY3lWbzga%z&28_%8${=Co~KOb8{U%?9FxO^`bo3^u12ajUd}4i
zKpJK$8;T9JJ&!9>2h8i+>#)kVN8yxu`7aYREmJh;XXgC|3D`P`#TJGtm0+snLi04C
zV^sFoE~`H6(XA&s1_38Mh&f>6;G6-EKngq77D$zVkKbSdU1~tqK+hpu{o8x^LCDF@
z)lgi^yBhP(s?7|yS!8sA!^W8GaVQx2`b|?>5c171N;DxY)cn&_bN;8|r$xnW9w{C1
zuoEhK0`jW-e&>XiXw?6ms6ypHk*3I_FrRTCSj_8K*bj8fs_QW4b=gamW*=4!eNQr{
z*;Ju_^Pght$If$8wMk0Bep%SZwWDvDELDZ=NC&k4kN9NcktfDG<>0mIo`OBz%6cV%
zAJgwZSZls@mBG2)=SCXMx&3eBP5w4Gys6+Scn8+#p3T0Zo-u3nV=S+nc}SgaNS!XG
zdg<NRYXC?KrO*5j-lLAtWps%VSdIO^kUj?UJiK^#c*jP*Kl7FkWe5QF$9%G8r^abg
zG!u=@FvcsMY^PTffjF0R5BwUCZy;)c2SS;**xZ*(f(f4|!b(yDZ|Sniy<e{qis}YR
zte8>!MzCe7;>|Tyxdq|UsZ-YE25mw{IQI&TSge|Q&19gKUD<~Yv?`g>0;bU;2MySu
z@|m%tdcGlu88hJqPGkRXCAjnYCaf21I*9u~Q6QxOGmL-Y(iMUm<_lp3m@i0qk7Le=
zMbMF2ip~E$8fl{%;mq#ukZN@>r_k$z(%n@e>ee66^Fz2tb;lJ^TWtqE=6s#WHanDO
zy(z|tKL2Tgb3GWn*1Um(WAqG4d%giC0AX#iK|w1#m6U5f_N(6XaGB-C3df@ffnPf~
zi~j$k9C;9;w&uu^0`&r-`dj8>aue*!45UdA^8g$mUBd~_0iN~q1(TDXzird~yBcrY
zvl=h+L*<>&{l@#5eg5nKqrvh=L1sgo(@aoTXS@r#(sXjRKT3_%v0ZH6CF*_d{0^c#
z&Rv%DI!$b!J!;$%H+7MXrTV*x-s~Z@>76$R7xXy9L4YQZ&rYBPL<a`UZ#l}GqXj#`
zUm8#dWMP8VK?(rE*^#%vB?OlDumiR12w1%b%;fMzWQw4=5fgUn;SYfnB(|U}>9+%F
z&^j&v(+@CZAq~#<xba}iL+>0J@DW572VObFf^ur<{<JXk-H|}(CW|KYDl&L~eTlqI
zN1&u$pWJNc!`#d+I5qNaZiLFN?uo`dE%|_#?bLnz($56fu-b>T3StVM-K9ho>3+#$
zbSBw{IX^B;-uR`|{z)<yidxpNOvzIjBXiWhr2;An+*uLBG%6W1@9%k2Zxiw8aY-b-
zN+JobtEAK<l%l%@p&96L@gxpPB68uwk|^B&z6i&-ZuvfdrA^(hsp0vuVa{4%3z@m#
z(b55mWNQF1#2T=(#hf^noe(cLW8puA`Cv7&rxc3<wbdA<2({HTF_KGE-?d~hwkL<j
z*VJQ-hX7$n3<LfJ8>Uz26I1}xryu^r|DMzzV*OBqNYu2|$KkaUjJ$ejh$mp>*b)|g
zWEbxj50OCz{0xc=JBVYRVLymXiOad`6EmzfFE)t#jw>3)y1-@p0XP573({Dyvm9_Q
zgr)$wUyuTztAJtyUWvddA*fT3bpy)bfT<paOY>jgT_Ei}$yB?W`6ZhZV->i3ow)MV
zgR|vVHUwFfW7NAeeA*%ECzlokdX<68JSqPt9FJAsZQc2;JE^jpn?_RR={FlaGB&qy
zX^F%MEP5QywTFItvpB)y9ATi%fe+UtD+G#_56(hxfM|1b1k&eZo*|6!tIfm;L7Nma
z!)HJ<KweiCG_N0Dy7<NPsQn6R!>8$6P<t#$OdJbc-Rr-((C|g-K+qZi(k)qAU-ws3
z6oXcft1Z-8HE7ioL0W3@*=lO@+XlKU@N#cJx@c(bNYGm2Lq<b6R#*@2EpRX^2^hH>
z=89F-rJ3YAM|o9NgHxoL^zx|tKnR~LSl5kd5jRJmw&pXEwky{1FMOM~bf2GI;QMSU
z6B+-VIa==x#cc&iJY>~3o(NOhpmtzuiBOv08zhm&UIu$iZ9_>-zK4~WrXavV9oc@#
zdfA*W9bi@ixnw-5K_9$I!wCnVvLjm+_s{QPwwkhAvI#kJS+e2Wud@y~A=qDyYA3kU
zHt2@@2gG1#xxa$CS^t1zb8_O#A7%<i(5v0ag^eM*lK44oaw!#J!IeZgf8iJC|LQG*
z@ZK##G!1YdAhl>n!<I$M|8B&FBNlJ?f!Y3VEN;bpT!<%9I6bY;L*e$wm^0S~_D~V5
z8W}y?2=!CNl?OoI2CLq@#TqLA#MOb;yY2|*m)eBkNnkbNHZJ-6V&TVO1lF#0Tk`^T
zS}A*yxydn|+3m;@C@&w|z3+kYY2Z2rEwB+tecl-9RcibyddFE4)!p(Au^f4BW$?%`
zb}tlQnM*G6iz6&aqCw=mMhva*`qCSBv-rw=<(f}sp0{F|dHu{i^Op08rT;gAk$Z4)
zqV?c@u3Db~CR9CB%B|P13m$?mgi=oYl#4%G_Jp06x&GiMwKWByIQAawiQi0iT-eYQ
z0Xscm`04$1KlTtP1^45Ku0u1~YU3$fX8L7u8BMOfV*Uf2huK)K*Ll8rH&YRJDAM1J
zsAcI2!wPR;o@H@pHnd_^P91*tabD8%@+CW(aO1RO<ZD0Ie?r=9#C6crkj0D+>}$U~
ztG(omrqd}Sw5U|<mcJojh*llayjX2rYsT}fK7h*~*(ub?jiil?KXWUM*mEH<g??^d
z?k={Ca*b!-d@g05Pj9m5(AQGV+zix^sMP#Vqg&$G_(Iq437(#1^eLWdP<c{cN<&I)
zE*6D-Da$GEOf<TC+y#6{-`E@a?xI$$oQ8wQlzw25{$XYECoW3?lrJN>w8f=+!~x<7
zl2;dgHsjC%{X++2b~Eq*^Q8k{ka1{g?CM(SrDHCB|AoNIrPw*dzP53$1#Qie-Wh%4
z(G1!w*+>(PVa6`jrNwnj+<+uFuW+E$AtnX5OrwT76dr0H5gIyV+QN8bw@h?vD&mbp
zD#v1^Jt4-6TLU+Bb0UP3FUOO5$ub5t`Q603lU=h5PVYpUK7H#2abXj}z9!c;%F6H&
z(=FZjqQ)!vxpV00d5yQ{fHQ#XS@2MsinDeNp~>!4ILR7FDm{um=2ErU^V|5>$U!^T
z0h-kc)Gwn)oM%=8==;-i>5(bT&Dq7=GH*#1I~E)+97Ooipz(!{B>(83xoLdCl)caR
zyk%1h4Y52MZOAdp$2!4_KclO-aaNLVIuJQ(eOZ^lRxTIBi6Ng@YY`a9&#Z1t{vWcw
zIx3E!*%yaEfDqgR1b25x@Zjz&Zi~CSySuwXaA)!01Xv*G;_mJ|zI)HR=f3mKRQ;x>
zPXE(AGu1UcB{ieDBo~wi@Lmrm`kHsp<C)gsJtd(qCi=5~M*uk`opuFEP!jfC<#sU+
zP~!;(SkDqVro;DIq$p^{ul7RxXhZ|`mnZZHf3!J=9dxZ=(nsn)9!lN)@3C@5K5X|i
zhR+=IVs{D>VWJ22BW>xgPD@;UxA`B%AJP$R;oKZgZ12_vJnrw7uuDFh(um@ZDTcBo
z7ff_E+Es9)2qAX<P=F{W8?ueD;G3pLv&l-}Q^j5ABn_dDu=2OgifMmJXbAwSNEFL`
z8>8B}qLT|w`C>?TAoXNbp(l!3g>YU{A;Rfy$C;}W^9OjLNf4K^QS-HnGk{K20-KKF
z&#Wr>iVWe!EJ9aPfV8RvQ^}?Br}pGhC(8mS%cZgwd4w{pD#J1aS9O&VV7W4<Y6U_1
zuK`&CvsqP!=kp#gOQ%P+ce#t>ciz9EO9Wz{mo5{(0}=;i5+9_{PSZBnKjr;;knK1B
zDwMQ^%*I!8f)m;xiFcrkT-)(CpQ%l{UoOoWOS}QU3w0f~#yLEPLHJ|Ma;<Iv!9FIM
zGCv@{ggmA|A;<T^b8H~M=OabK74-%{ovMRShW*b2>Ni;Y8_FeNp85OI=RXpHTj=0+
zQEv)<+W*zW7}8R*u~Mt1XQ7Fk?S?Och5r$_j0PJP<gg({5B>h>K>-hQNr*%iMkRPU
z9r<IB{)ZdR_6R(f+2}9^Tr{w0{`9@g8+`VdZTPE{-s?GqBU$iyL3;U;STP%!TL^el
zTLT<IvfBe3^W9-%>!POThvuof)CPnPE!9WruJKyv$D#ALF`r5MJqCWuCcAy88_mgn
zU~0NFri!Hzot$h*#fzZo8wp1tqRm0U(Y@lW*PUs~>2}}u3%Tm4{3xa&9mwFB?i739
z?YB6~8*&*lXN(m~BYrvSvWQcT`kd0JgM$A>Kj|AR#Bpjy3bD1C$dBFk_}$HF=4>QS
z$F^^Le?8UW0BumZ)wp?W|14{3YRLeKx=hqC9=*tEpq;91pR#N_A|%Uam4t4;(_M3n
z?}7^;GxP$8Pikc$6PZ8Y?Fs^^FEyIi^a{CTl(K-}(#%TR#c*JuFN~5fbTj_G<;lva
zC5+uaJ%Mr8crzcwKW==|%BX4cG`~2d8?Y#~q~Tk=)=Ox@^+r#7S~G#UShMQ(oiZ39
z(az1@K6Sb7J$Qx00DF5-C{j#2!aOXNztRStxn0q~KY=nG+ty{nn&8|GSkH|nn#~u^
zY*6U+qWv2|C$j-l?nV-FUL^)oS=HgY_41i*u&uDwR^|C_ZD#SD#rBARLwsVv+%Ua#
z>h8XL+A5pHyTn8DehTFU?~r!)v?d3A<FtFMu@}tmKf8{;<Bb?7Pv@q7*H${d)ta=i
z#bMX810IK)T{rdsPafv|7N>nSHg{SF<&VXLGAfPFPo^x#Q$$#tYB7G4^Oaq2A0n?5
z@e|{?Xy#_1chfo!7PIeiL+s<_*D^}^(x=LQ!TS&1^I+iQk{aJH@dMs_+va|E=hpji
z@!Sb6n72EW<v4WK+`1bI0yN`rPe2^0W-pfJFC<{<akUPm9EQ9Ds-i{{=hWyaM>B47
z*X@0ED-?6<%>$fR+Yboq#PQr`5WHsEe{3?FhJ;SFhc~UMhgv{NVhvK=qMM^E)=Vc%
zO1Ti3b<yawK-jCsr-iMMf#{FVR_ZexWS<@Bg5TZikA9gWWPZWYpj<U{x3jhFu0v|d
z;@4~xuczsZAGS`VCr%AEocGi5ruYpEqNz(Rg2u8=4b(w`_zl#?x`TH^;BCiLw}!4T
zpL@3V#yZ`B6t^V}9Lxjvdrec_`6vX9qHb4`Gy^--C*b~X4Mq%&N|nKs16@vyn?mFH
z15Hjo^~sd(gS4DDfO7?bUZq4@<xC0Cxk5YIK6w+0B_EllKc1m3bQ6eI`vLr&;!5k7
z{>6gNZf56??5<|V15*=g59ajut7ASbj&U^)ru4o`V=k>*ack<4g0y$V<q}@=<8N6?
zR=*pG_{ZxT1<C-s|FoxE#_F4ibjItO1<Is$|LNqa6gx^LU_CP{eyW%v<Es7Lvc1GB
zHio^>d8Fpbv2*7)rXJ^{Ugnf4$=IlTM7iL4t8AY!UkkAHDMYA=<9SN<EV+f>2T|!}
z&-bkppS=1Do?{lIHMrnAh@RB9Ms#cKcahw^1Ud;jomoK+*`Ir+mj6`u1@q-iuga!;
zq~9?=Haq5A;3{v`$(dRpXil_Rv7=D^_axgk@3A0%E8(7F*Ilu0(p|US|5US3_aGK{
zygrt@QiHnsD&d|rjc3>FJC>_n%Z2V`+j6!M$(ilJez&~X%=r6$MZ*xMTBuL(5P6<@
z$o;H+0-5(+Au{2KVJ1J1TKcwZ==;8&DG1>iRAgOJube)dr#Y;72THOIx@KZayMCLO
z-?ynGY}fAfWhZpG-#4;8v(e$4(%(9Jk6J=DPcB@;H>Bei6B})K(G?pBMAG`QIYB%T
zE{vNL%#fYw1$z>1_qw;Dy1rtk_RRd^<ko#*!tnc?|5x@mlCRB1pYA<0)3@Lk7X5Mi
zWD3=h4S}60j;AsgDJ(9n;Rg`R=BGY`YRwAL;X9rM1p^<xab=9zX#^)NP~J6e0B*9!
z6a85G8LZeyw<4_@vpP<j=!QAVy+0CuoYCC2bo(V-x!NASLLheGLb=Kw>w0DXVLwCH
zmkD(oEC3mK$gUABQJ0E4qx$opA6sa%0kH*~oPnUbo~)zXm!unV77{F2FE8@+kPz<r
z&k?^KX6_0spMPJ_3Ax2LtX+yC4U0N{6h)rnd4A_2|1JqjMD|q^#WA-Vd#B6)0@yk9
z^;D)_%<m_I12bHdcnv=sY+MxOFlPS3vW38>qw1KD#>?m|g$G{xUabJ1b!Ne=W6L{G
zu$e-*AlY5|Z#4$+3->hd{%2bU`FN+wL7vNVZ(sBWlmpmQq_+RscOW-_;L5yqP{BNn
zZs=aHxWfq``@-VU7X7n=)YUxNbCTBXv6Bl^Tshr;bNld2&!3@$iG|1IKVPmIj12qO
z021Ml2p>k8!6PH6`u!~szFD5bH|~HRFS^+?ydOyk7eAbjp?oONlcC)0Jvw(ef(>Ky
z4C4$iy>{I0<>O}(ks_v!onQ*W{+%&`9KpKk^T|zLWJ1FsjdIoSlbdFupJ}b;IJOmH
zU0dK(Z_klxEnm)MHdQJXLiXj78`7y0BL8+(coQ94Pozba<GKf)akV*JQbgZZ7WfzR
z-rHo-Kz6Y@HrQ-<>As~6A{NYS#M&RUdx3;JtuPbjuQ>MfZK$hgIR5;-IU7R1zpSGB
zlD~{mA551SbRG<L0IHAGI)<c8%PfY+0M#dIuJy0xGqScfg-Vkas_eY8RkgS|Oofv!
ztp8c*W%^7F(AsowI&8nw+adhhsf7Et-A^J&=6P!?@JG=3Y?CAmF%C)+6W$olC0I%F
z|Am!>(BE8J<<uH|+L%@pEs;hw5zSN!62I93Q^*)1?EfISMcKE8Un2x@B{%%>i0fC1
zw4KyIL)`vI;UZ;^#X~>@I~-(W&%iU4St<Lwv}3Aauk-&77{x5$y7zGd#-0pG^ZHi(
zg3JPzR7>Ud^Eh$uN3V8}7aShyp7wPGwFNZ=>S5g%Kg4*7A^F&Um4dRdQgxcNk}!Fi
zyz$H)?TJ$ru42Lgw}%We5f_cnkH+tm@Z?^Uyh#!{Rd?eV*gLa57=V;C;S@19!5KYD
zTTJw=PCrpm-`GkfXpq5cnn4L3eJ(V!Kj((&9jE{Mj!GR55D=27QLv|0?tu*iPy$T-
z8jFt9w)~vVvc92l`M35yuU6&Ib)-1)MVO-2`Sr62vpHfw^WXkfLFd1P<y?q}{8Tt5
z?qbjQHHicG`;PaUXA{5~UCw#ktny1y2tyQ+99|V^|C8b1InTnM#yUKE;!4>R-@@y=
zxnEBlsjqfFVh(UGJ+4Hlg`KZphyNT={i#Fb_D5zxkEd2Gr+YP9u!Bz7P`4*+BW8di
zi+xYNuKbC*GTvu5vnriD6?Db~Z7<)wB=EpBFI>O=PBrgeKjq;CG$qqkap%fcpcO#Z
zrL61{4v<8x$_i8GbO^U_c!=$FgNl{A>2HFlAcQq9>u0lOJu#Sm-mY0>HXsf$UB&1i
zCFRQaXW}>ys9lbhbA_kdJ?hr&#_yCpVT++MGzy|c+Z)3W_!o_60}mVyntUX2zVhsi
z+HredyKfNuj8ZaC|1Gjj<=bLVh@)V--n&eD$LPFVEnrM7=$Um3BaYWD!S1VmAmAe9
z`tFMAb#W?d{IoTNJEG9%t$RX+T=jxOld2N=BIEVkL_jh^d3vUBj2)or8QCX>aq$v$
zfpYjl*aT^C-GJOO9@<&~-?&RABud!`GsaFnBJia5-R0h@6Sg^t>M;Ji#t>jS(CscB
zPkePQ{hCwZ>}<B_tF4kz#z{YunbHpI_*(OcPjAC=3()zFuUu6XjEEv#pPx*R&~9We
zg=pf&Z9IfA<$gyhV=<x$B<@~yV+eX3^7R?|i<U1h5ZCSGbjO50tHZ%_hh`O#SSpQL
zk3fIt$_p!tR<z(JUJ~RtpD3ebDNJ`Nne$rSNXmIvH0%p*!=q%9h=@|!GD`lhW<ZpZ
zfiUukWWX!UZ&LWXqBdW)a!0)88dHwu=u%gU+CsdPa$8p5v82swc@1gvZBdJF@<QC~
zlhU%0>Ox!xPEqYpxfSb?c67&+)6o$%gnx9RGP~nRNkjPPNK)&Sri#?`wy4@Sc|NWZ
zr>N3b_2c}cq$XT>B&qgVUP-FPC?WS+UO~!vTU6=`2FJz9ib$S3ia5zjTEknkK!jrg
zpOh4Zk&h&QzS3CKU!Wa*(uP4H(?seEtf6g5O@BTd!D#ocA|}As$4qkdo##`kcU$1(
z5SoMhEl~f8ecL|8!NF6-$DzRuYCc-NO?uKiayQYxB{rzh_qnG#|DNoYIGL+rCE@sI
z_7%JsH5CmfWYE~65n*!&bUK;mJHej_&+19}s$h_cY4X1)8Bih>3nx?(j;|2^-?UU0
z^+Eq>+tIS?dF^4E{QnesY~;#6{0em}T(rR8ut(fIVf}}tQ7}Hkrq_L;)^qGW;}Pys
zl-<{YsTgF6fHjDlbvd-xUzI{}Ax?cg1kKr$ash0Rb65wR60il)W3xLEr~P8e+G+T2
z=*irv`t=_;RJ~}`L{q(dv$cds_t+ttBqo)rtUdF8OUmXL{W(|BIu}~^@a)V-)kea?
zPKGPzIP)D{?&|OV1CD>cBg#4cop9mUgDn5tap9u!Sb`|gOkJlVw;}U%w6^jSSNa9$
zaufW3g|#q%Lj9Z{5YT1I!IF*BZ)K5ZtBN7SgXS&A%~yUW+K6oPdB>#~`URtxGypor
znN7Zr`jrpg-ua4U-$N3r=5u}ubQ2qk82vT>4Ak4FjlAC9+DniSgr1+wupW9AJ+=sr
z9f#Ajz5KlJ?$r9w7fMj1@K;Uj-vk~r?A!`8iT*KftFifx|G)_s4XdgM8q3fZy`H~1
z-oJdkb+S9HhS<HGIpz}AtUkX;$v&HRw`x4+#l9_fyID>R$lO4Y)aPleQOi5#YGE9@
z7h%~Yqg|g=`r5}{bg?UxPkU5gF{kY1no>r~m+5dhO*a8~uYVb>iq5lcvcbhs31kvg
z>`E~bE%fV^zh~_BI@NCGIqV81Wh}pEM=8MfT&kdYR|Y6><`)O_DZIv89AKkIc{Z*4
z#)4&3Z@yx8i-|KY+ZDc2{TF!J72Z>M+6kXB%=U=<;n=s_=NFS_PMC|jLyX8>&wk4~
z010{>&!6wFif<UUkV417ba(>;elgNGG8dvTl#<*m21^4)zA*n&5RBj}8F7aJ(_vPi
zeo&vTO}dl~3;s-22yXu$Yaq0CrUqf@mw>gYYre9`C2T9H5@fzqv>Iht>`F)_c{SZw
zW93+dsshja5fTGme|>puiC%>ny|^eHSgcG$E)4SJCG@W>W;e%-%>TeIFIOSUALyrL
zV~-u&COEcx0wfMMlQHw+7alD5{Akf1ezEo>%Vun2U+`@bXYRV}T8nI)a`ro^mQBzs
zlGs59bwgwlcm&aZef5B@dm&<0@_9#yx0aRHs+|4h^fOfK_t67qx%5MqVwy;#4-quN
zz89EEzT{)mNT<FPNf@qd{qir{)cr4F>3K6YX3kj=4PSb$j^P;;%siOd@@_w7Y~f?Z
z0wMm8f^w80vn^28!#S1biSEjT6c>9UKw>uPw)<f;4#4?^^RBCm(C@Lni=^swy#TlB
z__A-HeEUK$K8j>S9DQfG74d7g=4#Xs26e|t*T{L$nfW_8i>|P9+I%jlrF^nrWW$Z*
zvPOH)L3me>g={UeXG$*3pcJ`B!aX#F<<zajd1T_M6ij;p++D2LO}`KG>iu4>{`uVG
zuEbZo*%|mNiNtqV{sV!zp7G^ybkEV8-uTt}&aSa8B~)iGV>~s>^>P^bR_-9rS>Z~U
z{fzs+-h7ct^L!KpcrjnH?(t{diYg`_i^2G#uhz^kpwSQA8*7BtY#nb`t(~^rv9S4s
zya&CTpSM4`rT@0v%Fu3G##6U~FY{XUL}(tUcGt=&Ka74K6Qj522>JKf?B?sf)&zfh
z$L{nogLIBo#;eWLuXZF>Ck!KBIgp*NTy+*NCF&me;6zlscQ^Xp&APfed)ciTuiA$~
z_DZ?c@}8@^epF(mD!a{j$e&yAEZ_x&EgIO2yzB9j;U`6T#C;Lpg4)D^U=)Q&dMjl2
zf2hTRhk!P*iL$TjlsNUx>1P}?>o}J6A|_aM7RnNIMPgxFDm~OKbYV1Qk*8yiWAG=a
zG`O@7B_<Wy&3}SpMy7#R{#W^I;*T*`(QInJX!XXl#<+Z^RAyhY>r9e~y_u@Kr>MQK
zWHJ~_oar^jM6}9vsU=4+#&kXW1%9yZ((p>R14wAlRc+%DM}v})d9`EJ_eMo`d3Gf{
ziUpM0)kqlQlx&lR8Z@=O#U=frbsLFrOmr-J31Cn<OH$e8Ff9-em)F1<pW8VcgT0dV
zD7~t?vgTEJtjMNhRwYTq9c9~1yHfUOzxv&!yk0K0BX>n*n$ab$PWMh`m()rNN<rCy
zF%9WbS+9DLf74`Aefx$xj+ne}qA8K=`Izo4>+ws7iBtoS3QBk{;26Pn3~2xe(fieP
z(Y=3rFXtFfkEUgGjL|LXqSQ}C9b0kC(Jkwu&)TsX^SW|*>}XILHr4$#*1EeghIpm-
zSljTchdF7?Y&0%0k#sb9mWh8yeb;!2vNM?}Bh_*jGa~`tG;3n4`l@1;@t$VIG_NVy
zR;^Nbw6dd;KCcQMn9v|YToS9?ql~T$syb2nQyxa=bHwA4tvXLJPf;QxC_&83*({br
zz6Q+jOt~q)2CwV}9I?4%yz~%gY&%vj7xqx1tF%^l?eNSyVvl{*NU(|(7;p)x5_#+A
zgt)Xuci^<+j6#5OO_q)!TzdR^Z}M3MITU_%le1={e5Wv{Fpph0f0+_*mxq=quly{X
zn#OlgmesV|y_Gs8Iwg9l^~xqwP?v9)Z?CXVscZsttJW&k81)y==FZaWfKkneyE@v<
z>Wq-NH#slWo;vYnzcf;-IIAktGMqUAle)Xg7A3VN^ybq_g=g870+IsL=4#KT7MW*d
zL5Y>3QzdF(YHj%+QH21{LfZrCN|l?@Cv<St4eitD(fm`zlVxQ^UO`^PdVXHfwDSI8
z<89S^)~(eo^*rg}_)W@D)YJK`+7aI?Z#TeZ_PrQX&UK9H8APzScw{w?>RGg2-f~cP
zIC-S=MEI0-#Q&u8v~uL-S+!o-azuC=0~C2zgjCvsJ8x``Bt0b{6|M)JH_TwBZjE!b
z)?>dJM$S|9RT7u5&cAx)XRdMfxE1;xk{zHT-(8YZA?Z^m(ruFSs}2SG?N9f#XDE7z
z?aU5oosnycZS=ZHtK1!SjyWf_&X7&MA)mBo+r^AC(#~_YoL#^PTKklPMklFb&T*|<
zokPyK@6c;x)x>M)GwLGcSsVXZ2lzGjS#Z(xEaohxmiG*Om9&k?&Ca#8J@Bj+rmm`M
z<08;#F$kU#-n`vc$=;(cPFDd-45dS_4(rAf%cf}`Zdz;EFt<H7tBE$(TwvOw%v0S%
z-LlLh_gbJV=gedMy2~|mKQ5PZIU_es5OrC0T3aEBYkcm+L$CAib!eGd=Sbt|b%bk5
z*~(na+RoDMW20;1KFTz%cFDesLY`|C8EVCvsf9#<YwIRw*K%AmxpA^<9_uiVrj7}b
z8BtA0^yM(zDcLsMHr#32FqUy74p%9GFxb~rmVN3k3D*>xbaOfD9FIa3E6lLCc8x>5
zL&aS(>z_7V9a~*X-I^MfJ%U!tX@Yxv;e`dfd%}AwW_)x4bRaX~{IIBYQ2pRTO3Q-#
zpu4Qsd^u|_cx!lWnC(>0xV>K23!-UQ{Z~6CWmuZgP{2;0&W7X7qAQ;=CM_D_RMfbp
zUS0<OIA*a4ZCj3_)`g%(LgabypNaLX5M#C~kKPKvU3>Fz`K-SYg&FLL!c3Q4Qx#$w
z@>7q#tKoufO~>73lhZT7Ey*oOXg2H0c3#rM&C~4=LQE!6e$(Ulg#OplL3`Rm&ZwnL
z{l)Jtui4@J9dV&L=VjHhyDu{)Z|S$E<Da@m=AQR~jR?a#JE+l@>+0QqP0M`KOHUK^
z*Nq_0UA-Wy)7OVTFXleTZ28-E&&kc9c?zK0$8+9y$YZNE_et~YU0mbBlAqkMv42=i
z3+OtM|GwGQkH6-`FXdL>?R~Shhr1SZmvq>zf!7r}Jqk^2R9y?YS~{_R4uy2qHNU)&
zUiH8UM3VcwR~;Q59iHj_kV0zb#gzIMZ%<9M*#ifM1qa=SiJ^zBhusHTC+Ix1y&teo
zPTxU);2FSO7`0J&9C2Kj4HLOaj$Hh1=fj>Pn>Z>Scqa5-YYyzGsIBU(>hXje*;TrF
z>WJ9P@@uLvR#o@;>b?Jfd={EnE7^C|i0tN9wh$%Ge*UEQ>ws3=9U;JK83QPoQunPm
zZ7fV2jS&}idUR#S2I&a&TB4!2|GYgp$2Xd#aflrFb&S{Yw5LVV1N8t~gNJ`k1<=Kv
zWNJ^mihWvF#_`tubNnyf^M#eZW#-yClf@1t19PO}7Wu)^n)V+IVVT$DO&s|1dz5vc
z9!1;hiIt5Xkn>hQCVPS64{A24M@|2f4btsG<vF|XDYw?_vL~a^xtgB#E85hnsJH6^
z?Y!Y?NQ|Kkhmc72ZzY0zW6=%Zk)Qn%v`yLh6urA`)n#A!wvUGK@|p{Y&d?|I>tfP2
zl)PNoV*4v}ySjU(T*$h9JB}Tfq7by6QY6ek@yMx=NFFbK*n%6hAeKObqNBODTP>E8
zafU)pK?xVIJ1m|uzU9Ea=4bQWz~)7?GL379cfZKo*gk+@+qf-cUCneE@Ab*@!A@+%
zj`R18r^MZ{Roeoisc+j(&XEt4zMlk~P~Sz!{JzHG06%J8RAr^czw@)7+%=&uH$3$b
zB_4krthD?XZ`isaX~XFn(**AWI!BDCV~AZe=l6j6`*Pd>-Xkt7S95+i;h_M}2H$tm
zS#j(HOvM$Totn$TV;WCC@AvmwgaUP-%5nET@QBQGvFthHet5KFUD4_SP{p-y_GK33
zXo~nR2l_%mvfENze!!8F`!pg(!UE1pB`CC^lNc;O+%+8Fi=l<fniRt*N20J<^g~@#
z@8^XS^4^(hxl_3WboPoM9=9g?L2+B6v36WYykmN3ZWxz(&-{=m2=Ph_?p09}zQas+
zl2xR{*070qLuP!5**H+=LFjC+>sB*G9D8^SDsxBF_^mA-3(ty0-Fd;6<t)ITG~@71
zS@QN^Sq0lSPv0?r@OsMpv6D^so0<>tMBvT6Fh%xr85(@ps;UsjL-+WK8m;&{GUz_#
zxtWhhEm_scr;qx#@Jp-PUw*jHUrc_lXZG&z5KSxyMSKCkyVVMyVE#=c(~IzG8+Z<<
zT#JOD*(0Bm*|r8)&CjM`IKHttT9gafPh57}!4PrbJ!vH0n;Yz6rzkU_J4`fqD7~@h
z+_ZS<TMA#PAvishsxFT{-G85Ky%4Ot?h54oRfJ;qbzDE~k&Kpu`N4{0wPUQH(9vAq
zaPUPs$MFUGRuxY561wTl#*?AiSP1pWy3331WnEQn6?wbat(N=8GXrSkEvsZ7u;Z)j
zLi(%fN;ZgORXR284XDPK$x79mUftEUk-a9e0TzcY!_VfP^Xl)+G0y_@*5Sfv<AXG=
z+Wi4|7zKm#_Jmy+0svgcks6}m=#i|@{nh}{y*`_nBHG~{xxQ76utl!)7CcMs&8%?-
z?rpVz0=RX7<Zi#eUypkj3p^YIDeSMz;48Cz>JYsyxf(%<kdIJN1n)4+E_T9xFHH8!
z@R8Tz!*c?NEI8g5yG;VlOy9WUwr~3ADTQ=`5he@fYXsi%mtD?PXw)ygTMiggha??v
zthPfcW3#6)pmQ-{-7m83aHq<D+OchwV%X78MA^Uh;oq^WDV?{6dfp-31jpFBfIk~f
z7`gbYunM}s(2|!_SP3bF_{cv%g@QA06(?CMlwgbEn~-(yH3a+}xw&q#f94!t_+Vd`
zl464F7;&E*9_(_t*Yx<EZz25DVOE+|5P?@e_iW-9@Oya~6P*tND3WQ50PH640Dk`d
zwXu$D{!BTyOPhV?i6p_(DBn-ryHOw5t%O4|U3({~$7x|mysaTHn;zm^%au2k0{PCl
z;lOtNX2*M0Bc468>wEcvi3;?06wSjFVgdSyTRzoz2RrGEnGHR-_1={Q41ceC_QR;;
z(REm@bwYbS(hA`K8|Vakw_fT*N0yU|OkmQdK$yYL_;4KUt;`qlW&Q1LE;P$p76@D{
zq=eC04)UEirYQsB0M^Bxb#}pZP`4lZaO?%bl+JYHdCBxQo>sz49|&MNmA$~QHh-Co
zyyZ+P)v9@-Zh;+pw+3wQcW>2+D`<{z=#e|AbudZim2@sA`oN8G^;jDDch>3$;R{x|
zMa8}O`E*~r-um}*)^oOV)blfG+Ge%6h2Px%a~JsXC3nE}*ho94$MV9m<mKQY1PJ=D
zL^zht<{FuJ?BOXxGuA560b_|<-Boph3hnn~8P`!(1$c7^?j_-;yW8yV#cn|#M()@?
zvKc$0g*mR}f&<wq&bedmB+`TpuyZRUpq(rjagS*cHlsdHpEe;^o2B&@fLKgYU<38&
zru(lwW%VN=pam?6H@o^>(@piP#{33IAGqh{@^FG9(bTj-INiHOOUJ9|`0e3y?(Xwd
z;(g^kop2EU!@3QUz;Oe5Yf)8DYS_LQjl(Apr?!97Gi-Uk7s1ulhSxu<e}&4^FH8YC
z(>Uiok9zLyZnq`vjDxTG{g<SBjWGjLj9cb>$$@sp-S5edWTPuY>HIP7FUr#fJ`ZXI
z@2Pn{d1uX6iCygspyC?g&12tuh%58`!VhEXz5`OvwDwM{R|sxXZYF7g*y~P<$Nhy0
z@<dPFC(W1!Z?B8jho=pOZd-~ndj)=3j1ylO^CJyJ^ZdqvDYbOoc`kA?;qM+{Ku&6B
z<+!VJ%*q)2H_~|b9#3EPNc9KS-@SjZpH($akRMes2t3aT(%m2%-R0(rLFUauddiQr
zSM4d*q^xnkCgo>+{y;ZxPVG+Hgmd>i4g5w~P;Kztha$woF!v;NZ>I*}TKL#xb%!+L
zEFwbA-Op9Cm>vcLGcA7Aj3IY9RE^0SnC@H<IO&O)+ReBkN^kx~@+|BLYssj#Z(_c-
zg6xy;L^nOjS$*#U7%%_us>Fs7a0u42sqLiqu0t1!((c+v0BTNAtPM*o5cTnpb<T~J
zJQNY_-<HCGxFtn?HS@Zk5CsV3Klcf)LfV8L-Xxn3MXG5pgesPWR5Gc)v?4D6+*bSz
zI_6cMY~%2cx_<b`O9+Q+`jU59X+;7zs>^~?8oHXgr-QRX6@I{0Bq~U|!Vp(To!<bx
z+?6Qx;d041fN<lT1alg6okvf>pt*fWSqjmd1+4-71H?&HFE8?3=<>5`s&^ouSo&_h
zsH<G@IRKEZ?6WE*x!X`xs}OAd``YgrKbe>kRCwz0{ds8Qc7~wa5N*TH=F#!TyH)#a
zyUUCI9`Wv@CyiOWzIDZ`0Nr*>r3CPo(}<)e5nqVJj3R;P;+%a)0?w>%M;2gjesXcH
z@rHT%*ZFL#z5a}CTb*TGeABOV@<`t=^@SM3xN>5oKaJXW#CNWqzU2&RvdZj4Ep17#
zCTbvLka0zwZhftnbT>k)gK|WvgSwIgK<~JIFxm$zbis_|e6UEjP)OVOzul~FXP0tU
zdUSG--5z?AO1qwOzKp&q`6d>xtZq}8#yVc97Phc-Q4=qxbYAVf^zDgDHb}OGe6rpI
z`=pGi20+6o*rVB_j>vS~T!_Xz13k-Ym(sHtseMeqge1`}D{PX&u^GTF@+Mk`Pqz5s
zljNAwPX^J5l}>qAJ**5`t-eytU9Hndh)2Ak`+5}*5EpqX4y`o2DhCLQkZ71!G=A2Y
zRE#530@iC=M=Q#JRfeSiGFz&*)t(D@WpA~)+{0CAVB~G*+eptLo}k5)^x}0@JNzUM
zy$IT_+CkOZ56hNE#;06}y|fAy*y#XWN9j=V1UTicRSyGC4|@Z|x6D46YrNSgIz*kK
zs@{RQj?^I!Al$E6xERNh+vKUK5^d_ai?prM?HF7?lWC)8ZQa1s$i&{F=~T@-tlsS#
zTtC_Ias1nqb^Rzvb99RlZFl>GG;G@~6nNPUAnp6Ny?VB4c;a^Ec*cpwch7rID9jg?
zEk3L;g))UQJUxYM9^wG@nD?0HDb)~ViRC}%ImgQdp!P|6a>C_-tH>U_ZOyqM<{f&g
z<axVyPS1~9t9@sR`V?+${A0N1u?~M85?3A0-1VIjw<MbkNN>q8r@q0PC&H)w@a2iJ
zc6}0-VbaCY<<R}y$&;&L6@AVV%pDl@r*2qk1+JDCR3MXIYESzh52ddVOkZebkDm;;
zh*+PgA}k$x9H&VO4piQ3BG%Ud(?vBXg}H*En~$VCMm}PHen=_oY$@9j1UiPzvVcu_
zbcvp}kdo`XjE!%G9ccUnSj1uELK-ay<Rm|_9|(YVyfY&Nn2N`hl6Y@)z?*b8%Q(H9
z*Gf+=_Lm2fixj6Z_BEE!x+H6Gi=nom<0U#94F~FN)*Yy|#II<zoUbHIxIXXb8_0ga
z;{_|5j)!PZm{aSYPU8_z?YUhFK1z|kQQRwYKMA+#cA(etuc0pnk@ypeqW8O$iQ5Yv
zl4%DLy@@Cku9n<zgLm-TTADsHrKO5)oBZ7Fiu@=DTSu`+c!M5XS8%VG)ZB!|=|Rer
z_V#HJC(}}J$8V-A{1M+-nZzb=yl}D!+hqkIXFkP6U2;Kd%>w;3{6X@7=EyZ#;0Vo!
zvVyuP{g;QxCvlPdxqP|DkUZ~x94=1mSbM2Y8f`ncN`KwZZuA($qj&-qC<uPua|WJ?
zdSP6WlU#1n{Q8d6M3_MHl~#)bbCO2wd&GBX%t>)4Y1~or49_U61Q8$cN~sc~1gcpY
zmEtI8AT6617jRa-NwS@n9G&y<`%NvyV<D~xvN$Q&unjMOFB*$NDNJRMwj9=(>7{;)
z1H9wRih4Qy)tv0j*@5fGKDG_YC7sr+0IhKdyL=#J3z+O1lOE={A9bvBhPs7N+^w`4
z-V_%u>7YP@8K>0ZuKSXq9W}J|X$)ItP`|v}U74YT=rY-zfGlgsjDV>nyoTe4HRcN0
zIfj=-@IU&ySz4pKf07hKzV&$$5wKfO{pgWFNW$OI$X*aHVf)dG(9v-v2Qdg3e7_3M
zC|))`WQ2wnZPB1&{uyKqCdK`O0U($Da`q`M)bJ&qLy=%M|K}{VPrRI^h`RF6mSTAP
zA{3W}B9z_Z8F)4c+z~vzZ^q6A-hv%}EsWC~!aebY@&1gk#S&6tnYs%lef1vOS7z5w
zX3k{uX6>Ph-}d<g?oT_g`dQ<{=yOUlzPO$y+TNq9FSPrJ>@8THR99B_F^@j4-*BH1
z6x|>{AQoSHSbIJdvxMe|%lXXt>?;+Xdqd!p&$13X@vbO)WN0ysS9Vo*vbM8C*Ss|z
zYV$d|JH9%0PPq}g{4FBJ_iQSHi*|k8z|DH49V0S8^B4F_B$diLLL}Bg0$+hH(PzlR
zzZz`IDw$64EsjG{xeJi==~6PI=nLC2k=*3%M@ACQ;$n3?+Ua27p==Ss$%;MI$eAh*
zC9i9SYle}z$-{W_boTNzj}{LuN1i_di0wI6Q^lXJMVxT@nc0{{<jk^gldJ$nfWTQl
zV?ZQNT2>mxKJOmUj(3O${1m_j5c8yKJSARfHR&P63F$)f0NAbjKX7NF&<u5rcH#3v
zjMf9KK=WPL=639MqH@0GZ)jv7ZofEzcY`-*-j|sd3dgp!E=)_@%n#>Tk2DY5{&TK#
zs=2N|U10=S_nG%w(&y~wqRY>d&k5JCd$8fx`H$abg{+05zml?&{#=%vl*D*Te>5M|
zwPun)Q%ILdxK`O?4{x8)4Snuf)s3xkU-16a?75^HLGLr<O<dAt*b@@3w#VPr;Wl|6
z53FfNyMOe#hTVBDc>IK&nU_hZn8Z90Q$C=vx9ASYnwSJnuNv8wyzOy05gz?sTMejM
zu{;yWg=9j=!_Ftp;|FY=xUb&VUq~p=Snt100i2knp<@dKVvILPxzJT=AB!F-b}05R
z#um~;Z}>FDP75yJb}dar*Ekvqa({54d25JoS~o?OF3?E~Db_}+)raGkZIN-S$&pc)
zi)GuCW-6shD^FJBNUM(~7b&aKO_f$T@5C3d#p{%g4KCqSVsEvo+k64ljEM*>RT3Mu
zXz+r?cPr75pi@P%y;I^;;VYpWHRfR*JS%g-dfRj(qVtM_q@|%`JE|^pThVIU7`~Z&
zG0Ww1^WS&awdBNUf9NHnf;nMJj+={hs!+foJp3|~5`xU?X(BzcdLb88^WHo5IUN|h
z%!;kb8ZKE+uxF#B^Eu&-ifbVaXX^Kg=q`0n!URQUDtO!A*Q1|crv&X_A`)eEvbTXF
z!$A)*!NA72%KzLj&uG5NKl9t*pA^Eu3`%&=^ZH<Y#W3pmq!Ggk?Z^j(iZaD8Pz9*Z
zPeM>sd0PZn=|J|929~+dS7%OAs8OUJsbeL-UBF8)3c!FAQ+dL(4MHmye~-bUm7@>`
zR%m<+dQW&tF1+P4`F_J^68;#nEOmH9f6FPtRUualHfs(cYF4um&s_n#4lWhAlAkg)
zqijN|&XvYUnsG1hD_+C>q+b1b!sg?Wt7FUa;#a1R%)u{hd}tuCly5a<0<%Gtahcks
zrpl!y4AG4^XjfXk;|ehhD-E=Ab*>V#kqw13YmqI57}Ud&Wbix7;fXcF>c+)#O<ytA
zKZ*}ECf1nj#2cA@+n24vHfpI~j)wrPnkf+vS}=#Sb847IKw)Z9a@FKj%tm*Ok+h>n
zcBmq`K{cDnz?k0>1vfJbJjwj)d@-InWjdJUb(}MNL6J4T7QQF*FJ+1_1|*h|?P)D&
z@$j!@#$Mnrd<O4Z9}^`z*19k`3QhB&^XePu`OlhbvnL#h9E&8QsLFW|s0|=imcry8
zwI^HYS?S5t)Oaii1j8Dt)JpsVV<9~gj5y`ACzm;Jd2d(;uWqf1oaX4{=u|X2WjPU=
z7}!3z@w!n=2~Kr~!|urGaa@(w5_qTtNUVcZDC~l}cDvyHQW}xTdLdFMFELHMkc$8i
zE&4+zyJ`C)lLSZp1yk~=t4pVnRcq%8F`3|ME_mp4_pY$kwm?T}ZI!$=+!I(F%M-NL
z7tTINEYg0a=teV(<`$+B%im8N5T9^H8_qsP9KzFkIbxX2A3NN(y>{6frYvvBA?)wq
zO;mK(_6=Y+!J|iU#WTDGiywt<#IT-R|L|paYXC1Q&VV6zP*WhJ{sC%u3&Hr3XBgrT
zUX^g~Zg9*aF%OHchHj*~maKHkA~F9fx>5!2R~cL46jW?a2phiOKAY!R?*VV#j1x(b
zdAHHaDbh?^J5<}F{GdM4V$50KxXEX|Uc3%!;{%c5zv9uk&n%v~!w2omMf*ni`(gH!
z=mRCQ6gO}?ls{%Ge$2`wtf<^@C|>CY6tf2ur@_(-qon<so{5UrhiREA#{RKLe2D$+
z1TFgab--^36om&SQ`~x?+cywO8sh3JI@ktPm*nrg7m_|o8v5rRw9Ru^kNvqY`^R3$
zyU2)S*TNaKJ$&z09<+xaTG}td1L1gXm^5>kG`r!Y8hiL3`z!YID~E*k#l%031TAsn
zJ(+wEivdW*J&3Co%(@t-MWo+I5nP##PSz3sz2g0wa%k&Og&~3{9F%BBhQMVq<Ak!5
z`?LB;;FY@J&;5a!3xa2hjl-THM{p$i-8ueGFtz@Fup7hpo+^568^06X>_jNJ{@H%`
zY!a`N8n)9Ms?I!8HhD$F<mVKV`1Mx{Aw=H&NHmj(*dKTGh3xU&s3v*nu1epK6^(Fb
zU>!f)FL5<NNSYw-FMibr^iRsk2h>kwU7A?1ulKmGWawW+$<Q$e$l|byHuLC)`$?&X
zDc&qMV3{6z4@b-c)BU}vB1hxP{0RpG31$B*HTHecWr4F`b*SZuBZ#{0!y$-3>BGqk
zj~WzDhMHm_T=cDPBf28G2y@><7wsdhE!Z=vO^@RL2oDx>vX6Ld`!E-kzOxtEXDIzM
z3ebdlq`G9eU2OdMbI%@uJxnEoH@k1b@GE;5dj_wp*&a(s#=v(oG;=nm^oa>W<PUK=
zZ?yTIJs*46Tsp6;!5&L)#=zkOk-YI9OF+herWxAyM+ehAme~KkFiDOsJY$m>Rz%0A
z-u}j&8bkJH+<oK|8?<AgY_W3&xr)@Na|RkH#u^q>bRreekahy^7nuD6bN4eZ?Ay|n
zHQTPomB2&euJwb{uI_`|2>$`rqrbPm_V}M2<77(Q@gWXvrWBcq5^r@Oly~e$<f$Gi
z{edM;N7UvytKt54F<%(Jpw%D7JKR@<BmBEeW2urm7zCCZ`Rbm6nn2@!p{Nj6BA}HR
z;S9%^g*8Vhj)YSY?~4fqzPS#5%@<J241xm(b0+YH%~Pp^bunG$HRd>)aD$n}7tt@I
z9;U}k4z@Qo(|_6mkPHV%ma6D6Gmx}2kYwyL*AAfA^`~e?#2tfH8G}_B6L&|vD5>3$
z(fj6h>k_sKyGo0>`l(}S5#@6wH=ZiS&U#Nze3Z`+cyW=`x{~xC_{Z;xpBt(|_LZzV
zPxA1MSI<;WRLV`~pCR~289P~G^*y5-+GuSHpGVA}r$W3*+%*{77ay_CJE2bKp-+xQ
zMjE{v$@D){;h<Bweo9}r>;03-PD(iFT^;|Zi3!n#2<+5pX^}KG=r+bJA=2nN{pK;#
zXWcV!VlkQQ3uW1kgx)3y`7+snkWrRZrlR5$$QzKD?oh&#MbIli7we&_vZn-_E{Q);
z1oN3LR!b$@BgF&z3S4ao#a_a*CncAGQo@2u(91v*tEKq0F&}y&a4Y@&v(esMa>g{2
zQ$jmZyP%0saAW4<ch+nC-fZeve0d_Lbe=s%*o@ZCM(eZ59^+s37zff@qYc&*2fHXk
zGJYZRjFPcrlTMJ*B=P>z*!!NbH~mp@(T;>OPMO<`>ao<^Q#BvaZ_LCuvG1i=F=MQ_
zXF@qLqr@bzq%FCwuvZN^y{ed1<8V;7guYFh2)jbUfT6ojEpyX4Q5pu>4y|@Jp<P<Y
zDMfaVE+?bPgiYfRsdg5|qXo|Rm+^4oKy(Qvdur{3CLgQu;bb(WzKe2By!v&j(H>((
zWt2#j+1+f)l8o@Y%&o|Th+24dlqyDTdE8ML&rl^EQ9kG>t_gPjNAPDQ(G9Cym0p1|
z=Id<LJzo3?C&%=C6SnD5r8zLiNapDd+sfgHH8rXAK8$@t29WBi{mVodX8Lpq(qeWQ
zRQA3$*oGusftw}o7{f8B1KPnB4uuX1rQ=g`ht`@%H@L<?OfUljI}l?np!13PqHuj8
z>WPi{XrRl2;JUD9A}TTicbA=+&IAAs^H37r6R+41k1J})#3-qx24i|E;IR~Xn~4og
zgg;e+DnW%*<6t(&d8Z>@`$SL`C}~ocM!iOre$xtvBV8-LYF*JzQ9$!AU9i>LoLG&T
z6-I-6O_A9|NMc`zkk~{VSn@(xDX$lurEq$F-#{`Gmv<uSBdb6H9P@ItKx=YC5zX%+
z8>A()*d2e0(;q_6u{SkOI1OgfwzMkCh%GIo-lJ-W;GfBbT1f-dw2@jWU3`_XB0{CH
zWU*#)qdynKa1zE>M-9)w4AJ~UY*xUp!^yhzQ<0)=X3~@W>51dAqlTqBfwav~lE6<r
zJK8lh3-O#*jzQJ5<71(#Q$R^2buW5cN69LR9RU`aH2h>(1Wu%eJ^7e)eon(Ptm#!t
z7N@d;iJVY&H{kFp?NTOCPMmHsKa(YhVC-|HR{YN##GV~Ced!ja2BtuPl}tJO1<HjI
z11+a&`VFht<WZuEUTw>oVlgX_%a`i&beHI4KYvp1UeNNpUFO02>^o-0-DfWZTCY?=
zl(+G_@nlnwEeP$M@tKjprmjIlNyaOuJ63yzbosqd<;3oU7ztu?E-?b|Vm3N!y$>>l
zW>Dh)<19<C{V!JTQNA!qYDvB$2~Bulba2U4-Ya|3!I8|(m2cqu_@)Hs!`&UK*#Ut!
zsJw<9j4xf3Z8*ge9Op8uOy7OR5#wyev;S?%dfzC!d$pZtQ-eq2+m7_UbaBU6J2F`&
zsu|y6Afg!`HxGBO{>Cbteq$dwOYh1iWYgc22c-{|y$|ZV$aVtCi%%vSq*&j$sug>I
zn~l3!XAcN?ue?UU=Ck9o3uNs%?UH-Vahc)^_S^GD@T+RX_BgY5Rn#{xYfO6L>CDzs
zotXF?o?#fOvw@>Xb={jg0gI9Wjl%{zVStc6`k7^scn>W|fao(z9=-uId#~-8g&W6C
z{h8*`xPU#ub?--liF*!d7X>$J^7)Lj4De{qo_rB`_c~{D6d#dG`tqS#U4>i|zKt?r
z;;4t`=`om-QK;z50OcJ%td-w@-mUOh5mCLS{LAni*RFb2&z#QI<fj@gVjSPzXK?4?
z;MiS@7q=Sn#GTMS_o$AHjqlack>0zGZXLMref!Hx-E>_e8;W$?{;|-^?6v}U{Y0!L
zpKhn24adQ?5xepY?v$mQ*mJUBdEb6Za_OU1NlW*$yqU*5={nI<i28U%n+UGR)MC}x
z#T?HjfxVwcsj@|HF1?9E7tbmh<zMP<cRM6Mbl!xrQ@J~;xe7pny#A)F&@+1Q(T-_a
z<99b;gHOdu&PJKWn&)oHnTKd9fXpTZXR?`ZtH6OvqYI~|z+<hQx$-egv>T0?T~$74
zSJO&nB#~MA<~9bU)n(B&meT7V!Y!LkmNxBubc1_|VQcc9rX;F1E-|E6TSWMLEn(Sq
zBX12`N5w~m`8}BM%44zc<aU#SaM|&p&ah+_@ddpAp*F+K-2HhYUZ*m0<u78b1>UlQ
zrQgM!d(_x{?B5)V^aPOdqrT!pqyazB&Fzu4OMCKB`d>k$JL!?%bIRKj?lWg~4(1QC
z^(wVj=0Y~taxxI#$=PNOMn!dlBk-klw9P=kXK}?!2WTTs+OfUP=Kb~YJ=aa7&PVYr
z!Z=wLRr=|j=40DFI>Dt2>MpM8)rI51K}!zfZ;?W(P{r*SDy7SERH-`e!UH7xs!Gdg
zgt<vs9#ybTWU_nlINi%4=UV%<v1m-!H^mPQVHorGIA3d6BE>CTnpXsg4GiS=QC~H9
z^*H#gQagjrvFek~$_ZSqTe`&C#!j@+eDb6lKgaM7$U;@O`dBy4eb<ffW#26v`QSgi
zU)%_L&JRw3E@*(~PZj{X)rb^4+3qr-ieo=Gji%b6Ou4><M(Y=}>X`)j5(*dMxVv4)
zxQn=`Bp0w=+C1%j(jWuxx%8>P;5+@a7KdU)$#Lo;&m2ol|M@iR^(SgoV9mbD_}Ib(
zKN!~|)#aBsoOIuZLsecu1xFqqlebVaj*DOI9*<h7o^RkGObr={iy!aodpSmJo<#He
zZv^Gs>7uEZjtlCK-&;|M{IJ(>>p@Q%_!JB?y7f_RTHn8aL5_Mk?@AoIUUlK=m)LOO
zJWkoDB$|H{ZACLpi-Az159RGp%mU!4yC>oSRf|b==EUo7*vP1-ml$pPiDr#!Uq1}H
zpCac~atJ!ik2kT)CSybym`x@PH$BTcX@Vxqjyq7i{)M|zyop9TG`x{UyPCYITmPmi
z60*NjD;e{u<;uzJcwBi)&prcH*mU?y4v3p+)c{P)WgH$QU5T^1^H;#JznxYprR#cG
z+6|1Vgzbt<#VuF19^9sfIW4q0=S^~_J4IIxKxW)=>hd6OWu_8=$EFuTm(=kcwj*-=
zcxFY7cI6)FwVmTDmm^w8s+|h+W36`@@-9JpYUGXY3OLQC>}fP^*Ibo>dxY5{{v~cz
zN_1z@ksUQjXIGto)@|(k0IOY+BwuAI^T^plm89g;Rojh4;ksoORio*AMkvJIG7`gP
z@UL@G!c6)U*H#Q1-=c*XM-fW2Dn*PL0b|Sp$GC-6Q%O_}ZZ+<~*JDa6%2$c=9$BZG
zvvKE;b+?RK@H5k#-EGgfb4v37pY-CBoF5kBe`K(4gs=B=b8lrY&lV}`Zd(65A*M4@
z=ba1<C*~)ng-PoUT06(YY2pDN4d)qtrYL~tA5*1bH(i|9o7nL}(1$pB_Cw5m8gz$l
z6!}`DM?U2kOfdu>dnguxa?3Qn#YVmU3rFKfFLlVftR{)V*0qCAaFFz7YHUlv)7;b{
zZ(U1EAm2?L2mLrFWvFNh&OA}`MAo4c`9JdAmxad~cV3_j*tK2+G>Kg&o+6eK-g>j5
zTaSEt<z$<dczReo@#FZ$;rR2vg<rNgkve6QHFH0Y8Gg9qHYt%VTcBs3YAq|Hw3W2%
zr!J@H0J&`|^x8^r@=N50mMk6l`kP|_xGgi7)<x7ij~0ChtsDN`xf?jvjwp9dC{vp_
z*7d}B@r#ATgcg4mDW*^@CV5vg`R%P@cNbQ}b(}D5CnGE-;|iHAqd?yud9+=rTb{?0
z6!Lwjk6(8-tq6NdEp`<K-szV;$y;wVZI5Ga)~`lRv6~)BSGV{bq7=4q^7>o@8E=HH
zlbII_Z(Fw)Ac;DDR^2NC-ZsMNOu{L7g^NC+Z}CGd!8yCQ2iP{ZOg9(Yg?1)|cHXFd
zn4VHrXJq)+mj6V2qkI!<+=?Zqymp0vl=tJW<pa<+*$ijA?W;~kf1P4QRgy=(9w4E2
z)1-JQ8J~%NIuQ4DT#{yutij5{XL?dYUZHd4F#6k>dAxSAY1KL8epB!MAU8AjwXJN(
zULk6Ze}!UN{lM;W6{6e*qP=NN+W<ua_U-Gern_qe@A;Cvav}itqz{BM_l|Anzs|gb
zZn{O3-^l$imfqG6!qDyqU~UG?E4tr5Ji98Y-aXz|z%h)99S<O}cdQP-#DKS@6xq(K
zwVW4Mbgyr_2R+it=dtpmcWhqxob!UIMlNwBR0s9U1Nw$_y-O)~(!n4zki?92cjDjz
zy~iD$7w1%M{bH}*v@iPQ;u7hPg;WOOlem+(iiFpQS6a&DyrsO&le9aHcu)(s3bj{M
zH#}?WvQEM^mlxsA>7DDy@*Cy!y5+eT5(kVUj|FM5>~p+Nxb}+hKVikt^|+j?Q;Itb
zp!vHAX;JE(!!u8Fv&_lYG5>`x$+h>EWn9+Gb4yCGdCLv+vYFdFOwE7!TUB}%Xp!RF
zGRXz{eu=rWQ%7j?Pv-3LWSx9h;Xla4L9#q-DrK<9ZW$3C9~G&zrY3A?X*)dG;o<#1
z0H#1$zm%<adZ*@2H>VrLJKde`<T^c^9ux!J)QcKBg-#)*Iz>)j$o-sth*|6u<Lp3Z
zAVsllPBXU6>F5k|M&RsdXEgjV&KSgp7K5zqbaI_DoJkZ1T{Z>bQ=O^EbB1#+B{=6f
z7f^~b)0v5w7djUr=UL7y$QL;mLDqIX9i2;@OArFxM{&@7TPQ1PYt(j1ga+IX`9Kuz
zu-1cQ>AyNqO0<YJD1jtysJ4;r$~MxuY$M&3ZKS)gjdTyTk?zhm(mmNmx*OX__h1|8
z?rbC7lWnBCvW;{nwvo<f8|lt$BVE8Y(w*2wI-hN%JF|^+0ozD-U>oU<Y$M%)ZKON0
zjdTaLk?zR$&;D}yy0WGYAP8*>ZOI~81l>_Ai=jKTcFvQ7<zVO(t)pAAjxJ;!T@=*O
z6Xit2KSQ2@_*!4*$;omu;-4v}K<{YX-I8^8Q90dxjywliI9!9zlru~9_$+x5<bXE6
zSY84-pwlmdPB&Pmx02V$YcQ6C>-72Zx^kMmm0TbfAdc4WZRI`k9!g;Q?HJbVjaaic
zV$I%!HG4bO?AdaOT!N8F>+~qL>yDDo$>$JLTX)B>b$1ii<L%@-(BR3e!Bbg-=g4)?
z-N|yjT#wP>1Nk9jt;bX4NAe@cT92o)9#3OEp3Zu_J?rsg`EU7ej2vG=n<uk2Z!W)r
zHcytDq0N(_&7lS4cDbFJu?=}DYxWfRJ#>09Yx8ET&C}&Uc@QC5r?-(mL8r&EPLE}s
z-qgS?qFA;$k2ZXU30Z6QIKzTwk7dms$C|w{Yxa27>{+bYV+}a6jX3D{Sk~{Z(FFQE
z)<}SUkA;3ug0C&rUA9z@Gt!K7glJtK%U0{rMr&yNShihn%z8hbE!cap1-swsV09qF
zdfs{-W5A2ni}1A#p=GVL)>2FBed~Sr8>}y&{lB!n42}V<tWDM?q}pn2h5wE94Sa2L
zDB0#vvdy98pYFe!TKli@-#{5WD&+Ye@IOGA{s;YwsfGUu{}Ygx_?JS~qeV*|Eed(G
zC@LK-e&W%hL%Gqy;L)O$J;<I;KDK6*Y|SWnoJe4s#wPZw_N&m;dTeOIV?#DuHb&WR
zV}x*cY)D`$#~6FPy&fTYglNm7LIOsGjYz9Ug?2nDI6MYqvkhd7y~o~zv)U4}30p$O
z*az$b7#j}ThvDmyAO~Z>&ybH{BxsJ2z@ucgmQ3X_AdSa>_80>cWD6rfB5VH~C)$Zd
z%orzzlAKs44ss)m2Z?M~nZjd0j+5%7Aza&7rm&6W|6}iKyy7^ne5-o8XP6ekgb=J?
zjEO=BMlvA^CPc=V$QWacF(w2PMN5d5$XF{QG{y)G13@s;-Sa)nOn=O$WGoYf$V5?C
zmME-@^{|35lCgq`q9qDZ6wJXykvW90MA5!mt?b!7?;m*Y?J;#~nCiY&x9Z+oRlmBY
zs^)%mCU}6&U^9U7i!c-1r_KS})LobNvpH-Il=fxz%kZ4+z`URR3i}n{`!M@3JSQ{6
zJ?h+W54)4y37=$c_zcVnh47v1)!YPg!{hLs?AVM~XN3fHR>)L$Y;IzohPgq{KEpl(
zG-QUjN1Y))!&b3X@SW`E+{{+9--PcqFlXr1IU|GpHq06KsB^|=*zdA?;XB#w8L!S6
ziRzr8hdJW_JSX!+rn>)gGy4kr3OpgZK;zY2pb6?O(9Hxjqff<t82cf7lAVzEt2-g@
zS9e0jt2-g%Hy3O!K=*Babn~O=9)#&}dJ<t2ixS8IDN&(n<t%x(+$mpHij_TbSn<kN
zlmTU4Sy3pZF;E+5kZ%N<<s7*}u9rKNIC#1jsJejSPJo8go{%FH4Go7bh1SDc!`b1I
za6`B|><UeU&xFr~XTz)E*+@bpJ(3f?9;uG(4lP9LBL^Ul0(oX2PgQt-*c1+ik3*ab
zFW#jLp9@_LuSPn9)xq6?{$PD@U+{pu3+fUMb_UHso4h;dk#hn9ypah1NMGb+XgzWu
zToM@q{;rUNaF2`u?<uH3d?Y7wC2|dT--s;9S%F}%Ab3sg3@*ui!P}vjU_~e`lp%*h
z#nAfQasjlsA#f&eD%1kOC|88K0*i_x#09T}YLxj<a%e~349K7mIG<K|?+UF)GeQ&5
z{Ah7>FK{lo%QrL(e78g|0pHl@OmsfF5M7S0gvZ0dWArgLnid@ZigY5cXiKy!dK#$C
zhi9V`P&Nf66e#PF96256$HS9KvU~vav!<L-_9zayPgxJ_2fbX7&nm;RN4_kFWeL)q
z${x_l4uzBVDf5uNC7YFe(9&u722d`@dCE$lIZ!UQ$y4&}fDjr8osP7HCPJg3tD*VO
zLYM~Gv!KV^@Xl~+xH;?(kEmL_89|X$&=8SiPNX7I8rcWZP70?)455|qsqi#tem1lm
zu8U|v^W))u(D8c68#*7}8p#V6g-(Es9HBd5Arc$e0v2G7*dm^Y6fTcs0k{6}256}~
z?1Eeq;mmL?)XyVJ@(m?XNmFW6yBr8=q3&A)MS-1xDtRav4)z5HgF|2eW@R{dlEmOy
zu#dLjSkM4<84gWE*1|#1dtc;2<aXq2l#0egE(hx);mBa*R)`8zg(`zn!3)F+LUF-1
zWp5}WlpiV!6@sM~D2>DlLXDv&cy}XsBXA0=BqNjoR*?pM!6Od=uY%xZu*t#Tt>9WH
zF|<9jC$v|Vf)&xi=$&XZni!3XZVv~+CMu&f(LLdkC>K?tj?i%Q1W2Ghv=AKytGF6n
zk9wota6_~#+6XczkIsb8gcQ(2639IznjBgPEgXwKmK5C)E{Zlqjp6L*aF~rYf}QS?
zOQEhds7;@IQXW+D<tu@60h2-nra@|DU<(^T6zEp2LKs%gE0=-^&~Ik~@qxNv7T7^E
zw89Vw%HhCxU{WazECx~nNlJ_o6L1Cma&_Q%pg(X5dcue-Dcb{cf$M>rfz`l9U_;)m
zv?xuAQQ?AlV0qy{Fwh!|4Q_#VnSpHiMld~?qg;h&1p!xZ7xcH%U_~HTsZ<)3s4}Wd
zD9Zs>8I`ZeOMzJ>Ls5dMff5*ZU<6XU>gdx5J&=q#yI^FJpmiR(O`+tmP;q1m#w|?$
zJEG95>e*YQ-d}^&n`<cb)U5`&Q5eyvAN>GExi=srq7ew6QBSZYspnPiMIS)eg04aM
zta?XGGWrn0edr?yDd>+7?ni%tkgA>@eE@6m11JqYh_e7c=inSvpq|rw6hDF=L51oW
z%*WIdmqqwl{4CmqpTkw?ar_<p9rT2H>q-f3#Es}ld;lLnrMMNhqNi{-Hls5927UuQ
zqaxu7s)#B=&#HL1QpLm10Uj<zRa6=EG^z$vT#afd2&hiQ!`}gX+m7nh6@DAw!*|gU
zSkKR*E<k$Mk&U_mC{6_Y_92qgb-1FUwIKCpY7K>`bqzuhfb;jFe$8h!DQHyl03fI_
z&F3_qLvI0s%0TBenVN0rZ913EMeooBbOD;A_tJaOyYzl~KboRnp<B^Kx{Yo_@6jgu
z`)FD{&o!f-<obZwVE&3`)q5qbz!E`&u4);r9?hw@Mf^@Zdv#r#qD?`+*M3R+C3HhQ
zE%gWWoYaE0KwF4D)D~%<Kug*uwPom*_8ILnXjRK;IrL}k3GM4>O?y&1jn>J@9sD_R
zatCiEr*iP;$w?fXPR`)qFObtWI77RvUB+J|Hxb}W?QQKH{2)0;gSYFnx+MINZkui!
zF4R4xdkR0MYtX%fi*yHd2XUG1WnBw?T6b7?7(b&sqBG(Ook`b)D|J0O0e@5XzjWjH
z+qw(7i})XO@9C!T_jH$am+=d_8QlzS)cs2L8~h?*#Rc3P<BD<N!!aMne2m-lN%|yw
zM88|V8yf*TZQyqOZ8ip*$x0aa0t!mNK3M%G;Q*|Dx8NX~!lvL5pq(@vCM#YXfwk^7
z9A&fFO8hDyjpy+=tU`C=Np=sr2fxeKv-Nn2ZD1SlMY8h5mtf7w<M&t_Yr{*di}m4;
zSdkU+$E?hT@d|s4J%-oWKK3>I@9gXBN&Hv#6nhH)2Rq3AghK33*&&K1cLY#c_D%Lp
zO2@v<{(*{NKV+Av2iawIg?fmb{-AO<<!vgY9^O>6sfa4vv};od^%yzdK^1R$X47-j
z6Pv!V>3OPb)3-M5p`P7Tx2cZ$#-{pB-=(SnnLG-%jHxPEX%S4a6)^}o>Hjn0d!;tX
zCP~ss_$2?=+_f?#+2lldyDKV%<-HI&S&^giY5BZ7AzzYbJQCzF11;q66nF~c7&(#T
zkj8*kkxu|+KBSHE3Mt!LC9eY=lq`+8Yavf3DOpL9!oX>-G$lusOeI&or0i6Rq&E4E
zLMyD2qGT&2YRw?O(kj^$lXL+}SW}M6+u{G+yb|P{R_35iiOQm~s%!*MKno!j;ugqv
zPAQia(jMhF<U9vdlhT-c9%^|S+EWanO!7cYm!&=_40Rlo2BoudCA7mP-H?_*4r}ms
z2gqSeu92H$uRKrc3t<#Wn31nam!&K6f;1!zfxHssLb(v65+-Tswsc!=kuCs_Jsu*d
zHsG2p4@kG5#9^ruKI7yr*&)wJYjT>LAvek#;RdvQ(lwwbB^IjXj7gGGrIahRN+!r*
zt5T=LD-Ftikarujs_5^ZYx1&khREx#q!hp6Qi4Qca*J{bN*Ix6lv$ASI7sSdK&$jC
z{h*CCA{qEx1gV+>3DBM~r5WmWNx2?K4WugFil9<R$~ky*++7Rv07FmE6A00h1ntsO
z^c14#OY|kAp{MC-m>Vec7<`hQdS67DF!pCdNI^Le?nhsPkP7b~Ll2-*^b|@%&p_CU
zo<)`D^XMNSd_lc?Ed%X?@I|yALMCc~@F40!-6#v6!l%$fR0{P~ludn&+KI}j0;&L&
zQ*KIzkv>2T!YF>4`YAd<4O7FYnHr%+&>>jy|0^<3Z&K&cE3}r@q9b%19fyqSY2$YK
z2;GiM%p=TR^nIp@X+l3>4l#$&Nv4H)1^tjY%p5^KQg1^VWUP!G{aC&A=nUgyj-j72
zL(C8wV-}f@(OcU0weO>MwZGK<5>078(0+g}Y8SPO=#us$?MLW6-A{ERXj=Dk-CJl@
zUD5s~CM_lnU5oiv%(u{Q)wSllzEj_cey8{7J?OfAP(Oiwub<SvhwkVv>n~$kKck<)
zjQ)!L3fAi9^mAB8{E9e6{|EiYSikv^&5z(D=<y{~h1%njKoiKCKq9_ZEOea}Yg|a|
z5~JdPIBYlgQpBs`f_O)wrA(;=Vy*9tZ$#Sax*#=6t&+)kTr3oe#Ts$1*yT{{260AQ
zaIJ~UK$&}&QliDZu4>7pmc1Yy7rP+OunPh0Rmck^+phujv{WK`fqvFs0p(to7R5rT
zUmB6lNt4o?v>_Hc;?(@K*d@n`4msViBIk&A#Nof^t?`XGl4VJ1mHWi21d9Q(IxCL>
zKA!?gE#O&$?+j@VAR1V0iGbOqOgT%+mKuO-ioHVGDpmrIPH~Ugnnp*Q$Vr)^gGj=W
zEM6k@b+)Q<*eR7ub&^2p>l<+yr2SGiv`K+*LTnOS#1;D$iIw8T(~zH}C&cr%5zzrW
zih!;QT3zE>gS=<NGT>S$cKK4IDyJZs#9=7mgd<t16-UK+pxq;$up`kZu1iUx(Lq6Z
zHER9#NV8&8%CxOY<F?~6ax6=J>6CO+3QA|BRdHS(lUnWRt|2)=bV&Vjj+7$jiKBp2
z56Jt7q$HDM0@P@87TGHtE7G_$Za2Uxv_P(wD?oasVli-1q)dCdJ>9thG982U%@#RT
zoPc^1%4X34t)2$^p`d3^f6|x#@AhSFLrfd#%lHg>5x{uKC-ML7NYz?)@CL8oJ>x^Z
z1WTbW%j)N+eDywqciJ-VJL%o9<a_%qJG`wb)vVR;+X7UGQ25%s)4l|2(0|@PW4r9X
zBX0Fy5{twtalf4tTWw*dR`iRfM8AF5ktxnXYEir?u8JEHf;^-C8UF(0DFONhpiU55
zf%^DeN~hMpAfB_`;`4eFy(7HYpJDY|R`_~Lp?|xj#_IR)@aJ0wd>43wzmV{ka_qzY
zI}#F$oUvk+owEiBcPUTwJGVd$lEhi5z&a<c+WMqjmK~k~e=-;E75sbMnXXZP3!l?V
zae}3=H_?{`C34W>4Zqiy>IX>TkNQtoUH$?8Y5y=kWXbo{^EsU0_gV@q`M~)S;Vtb0
z-Uq~Z+Z4fnwlK&*<?EjTzJSlfRjJP&1E^?Bx?o?1CxF46Tcmn%);|O71$jv}$TKVT
ziL;_#8nP66r=bL`&mhiPc8CHA-dS(Akng$d%L0jK`wsXFL@(Y`-hSU%uitwHbTR~K
z!IuD<TlMAf246j-$GrkKXZ82i0QIDApJfNU?f3Nw1HvVK$ald%;lCs$_~-psK^M#R
z43QRtuprnfW{bIEomgwTA$F@;>=#GGTuDnL3E?_C11;K8#S|&lzwTcaU7&fte?=^}
zH;M70;GdC@{|?A!Ml=EaPJ5a-2dO(^vp6nJLf$P>s+2BeL93@llXX=*V;>fa>>T8p
z7c*^H!T_|%4|SgNUiZZkyX2=p_6DKRebdYG&@xY|zu4RCFLO;;YP>=C4$)s}DfC?P
z*Z7v8E;G<7h*E)+V_lU>ZDHG>RAHaz&DNk;B<=Dy@%8=|-(~L^Vg>#dztM9G^xD;%
zD0uJMfNBK}Un*bf-vgnA=$#XMslAl96>8THwwMh0H-M_q-$>s2mi(O8&*w-6XR4GS
zRojM$Re()&+7~1<a3x4NOsqoOfUqi^w8w~((v*GKzARP|+W~nL*<);B|EN>|()ELF
z?S>w+3bt`gDuv*I_uC;qE7^F1)$eVFUg`4s-I?x8?{T7OPl5M1^vY`>HPW94e7AjL
zzTFTCe5Jl>NZ0$SofmwALLyiP1j_*A2>PyYf_KAr%V+bMolDLoKJ1(Fn)tA%z%{{{
ze3zm0o4y;qCEuER!&~P`1=~p_J<^vhWI#_S^mO_ukY|i#fG_oVpufcV6MYr#oBm`z
z+?xn*)A$^p<kNbtfPL=rRS3zxPO#e%?>TPHyXeb-Q6&r!Y79LPMjyTu<O-t>v``?e
z^ZLOeroH{WiOwxB!`I@|_%uRz2oE8QNAL)u@F*Td8vGW13(@#({5E3nJNO->#TW5K
zq{Hvy_fZV~0Dpk=_}BQ?h{f}G9&MsHibJuKKnZBGCR>w@;xx0GS#*!)islN6*Id<H
zMW52lY35LZ=9=aj`m|<VGmjEA*EQGCXEZl7H&BvhL9>AFr9*TGZJ{G{1bvo1Mju1T
z^sDr%=sx;2`Zbh7zfQl7?x%l9{}83pKcatx9-x0h{{*GcAJ8A5&(Xi4e}%TvzovhU
zK2QG}{ck9p{tf*b^ac92^lwoHeS^M%zDO_73n-Ibq!-bH^dIRzqAdDP^q<f+`eXWI
zw4MG7{TK8Q{Wtn=D4Ss!7JZ3{Wnxhd6UW4%FEjB>Jleq|FbU`@Od^wra+xG12|dhg
zVYZ+=CYeb_Uu9C56qL`TGO6fmOd6Ahb~0O;t>_UZok>RpOa_yI9%UY69z=!AHf9@o
zjCqK82o*73V!njF&U~5qGTOy_h4~74oOzge7!@=5Og?%-XVckGiO!*OpeJ=MoeP!f
zJUS10O6S%2P?=8DiKtvB>i{?D0=fXI(1mm%^sFwTi=ax~G2IFDoUUK@6ZCxSJF)Me
ze~f)M_FdEvdolJR`d;jNvG1XMvG2#ek6wuVW$Z6e<0t;VPyBzM`2YTA`2V!~wTA!l
z1{|SD)I8`Ybd+(4rcy_f!`PAR@R~|{Dtjs&ryZkQvSY@v0N+>4<BoM9%W=m^3+B#j
zN3mthq4Xren-e{iKs8|=hbJ?<;7k&>I5RD<;&feeR(0QU)>#YPY3_WZ;%;&~+=|fW
zo^UU?SKN0zv?s|m=*)yr<t%a*xf890&iz1L2(){;`<z8auTyYVxfM%=TOq;d<#T%z
z$hY2fXKwpkZ$j@bw_<H-AGa>|miAUyYxqUatgz2n!k3#0fGX9kw9j?iX&-l%^d>mt
zJ6artq-E`MJ(bV~uXCETl&^EnI!4V~o!6a<klHYhcMO}0oV4?%bJbC3PI69~liDXc
z?l?DilT)x3dm4;h>vqq6qtbEJ5rul5>NssaWmG&SPj}~{2?2%R(t2F3SZgw=J%j<M
z%WghbSnC;eE6yrXdw#Kf&Lp`N^Qrdn-hEuMwWjw#ui<X}NZ_^$$TZed>B@rIdGFSZ
zOY9hM?K3ZOd*S&37>u<h<TCVB3KHaioSn^FqGQEW>dJF&xT-s6o!7Z0Ug%ux?(6Qe
z*sP<j3!ahgK2M#)>lrsHCbPRq*kYacur8bXj?3ejv#wZIJl8#o)_ftAJK?zrxg^hO
z_bpGIXWCiC-!v+M)-?6^HW4j!+UTA__;2e?=RqI*Ik(cW4(%D_u0nf;JlUS?-m|@9
zK(VFwf+f$b@T(o`)~23O(}mt}Z(oPEeNL!$7J>b&gU%<~=d8;{un~*dS>&j6l$mlm
zX)e(+*171|!wmyf3s@)DNfWI(NcvKTx2Mv{5}k3y9Y$iA9DEv2IQBXkRU1C<I1hOs
z<%mL<2bp>tg&?I9V9ySCzYey)ESMc$#{h(@YRNT@E>o#93Bp#e<(=*_YrdOv);SxT
zr`(NT0hJwb9u{o(ih!Ki)<V9@H3qhx?TPPLw|IEg?G?5NsTNyjorg7_GF@?=<I03Q
zX9|=DmM-);Tfw?&opm6~9In{4W=#`f-HONG5$C9MmI$$)4a?=;9HZBAr8l;BOM3%I
zFAHov&$`#GbY=<(e1qwlb(vUtM}|;sJ>82Ojcx_xkn1>a^xjQ5qP+#Z+Kwh?RmVh6
z7idK5XllO>-1GRw-fGJQH{~h-J#@8Kk@7)naa@aQ&6#4#A^p)c))94<JIh^5@RoAN
z2&wMvpr1rnr^UvtxR+g1+#W8G=%$nI81AXGOmSt-ITz}wv=(>7KufNAg08Tq+cemH
zi$v%R$33mC1W&VTiz~H#&Qj44M`G_j7!M8zS-thWZBXYzu=7>Vez3G$(i2GPKl=h`
zWw~PjtbP~73L#6#a@DuPTURO3n5)21>}unTVDA~OPM6u0?#dy(#kJef(%t7ybT@hW
zt)rwDxIEU=9j7~%T}!Sd7%6r;cY02_B-bElaLTA~X|AxV&vV9e&NJCgTNgT_&|6DL
z6gpLVPqjdg<<E5_^NakV)#2*oPYJhrMumO7`+CjobKFe#VDA(c?e+9Z9ano#8oiyF
zu9HHkX$s08b6s#<aI`qfg#=HE)8(wP<~y66Cif2RlBdYC)fp5Hbe6cI?i20-sPnLU
z-Kum%U6-B5O$p9^*IDOycV9;n<jr;`!<gfOK;Gm!bKU3NqcC#TIY*plT(^ZzbDe9b
zC(a^u_w~d<i!Zq2gbGuhC)cynQtHWcSDMz`HSWC~T}H*Iz-Un7DK|PyXWf_FGtTag
z7EhI@wj;yguoz$z=rozT`>aM!o%<@(HWOr#;VyO?9c7Lt_i6Wn>xS!=({IY__PATD
z#qN1$ox2OP;c+Xf$8d!H8O$;t06rx5H^c$T)1yoXpH)4E$*QmLKJ*lX6xCOFzv?SY
zRegnNs;}^Ks+VvpI*RP*^T>%rl#OISoL>dJ`2+MQ8bm)vh3FiFBEXvy=<6!td|ds7
zl4A58nnq8k=<`VxeU_@|^C|VN<1$R+I8=_~0c$>wvjA(pprXu16<@xHp9XxnU&WXI
zq~gm1D!yz|@#R4kSvKPyz?6sZDZrF3t6s}jRIg<(RREaM2bl6{z<<wBm8g%Z0tDHw
zBFHx=H|0fdQ+`TD@2Eb_i>goa_o`3xL)DwPNR3e!&_~n+pv)COnb*-8!IwCe;7h!j
zTB4TlJ%BPl#_`lD^;i69>Teo^?*n|f89$)8M{_UUMo=csB`6c;6MTukrg>1a4Hsyp
zHPiSp;wQyL#7~O9P7o*FMGz-`oFGnIOb{o2f?!Qt0$9_8pQJnKPFzZETg6W?k1$W*
zGUiF99DkFkV5;%AnHpv<-b=iz_#pAC;%4Gk#RlS6#jlWGiNLLlj|t+#Oq4l>zfb(C
z_$af;Ea7funfW8OFn?nHf_Xr(cd$o`v=kPhf?BL-W3;h2L{Ka~PEag<mE07H`v{7~
zuW5H^ci<D`ZcqF=xz7{#Ym2o{;2)A-f5Jb~mTRBGZ)m@v{RaN2_Id5|cu3ozZNUFb
za4jCzzNS5a|ApLpiGQa3p>_oSTzgjgCVp4@mi8C;eeFBi5AYQg<Nkr%!jBgK-7e!r
z71w@5ZrI1mfM_@4Kk7aOxc1K~qWvo%+I{%8u2J_Q{tw+h=?+p@cSvWVwB+tYDnZw!
z>!LobGwTE@k@$<L&+2}zdy{%V_m=J#RJ!gR-7l$ax>?;Um8ZL+`wjI~K(sfgN6EfN
zY8UY-Q;!p$GF41`%G47C=~5*G=~7P;q)U|&q)R<Te9crD@ikLV6JIk`uK%(AC)6`!
z*CJJ^AJ&gj&*|UPk5RQ`ry{jmKd!$(eVgoMr|R?<^%tq{=-<=7N7WOrH1%ELm8SL*
zuQc_K#4AlT=s(miQQy-q>u*sn0;>Kq)kO9pQU<agoqCz<M5hjuYvZXlR>RWN5wib~
zYG-3umNK!QW<O1RpI~mPi(qc*D8bxRH^JOg54(-crp#;(n@b7gbPMGqy9B9T_EB~h
z<s~}<DTRHKEu{ivPaqXy%h?JlOm+iO#|SQ`juTu?y-IL7)kknS^%{GSHBcwm7PgH#
z$r{;i>J8S+3e+%QbUXEP*2%i4e`R}FiF%V&*bwzLp!3(Mci5AF$S(pS{~7fw_UC}e
zuc?T9o_&jboBAF53wD}XU@rqAzXgc=5zVJIJ-Vq-a~~k`63zYOwtY=HxnEK9h0Tv_
zeiT-A7&(ytzcBYp9yM-Of2%4B#=$%o!HQ8iszSR_J*>8y5Owr4w+m^G4p>sSQb_d~
z8{jj{mBTa162t9;l#8o`lwjU~|I|x6k9Hx=OSwml=4E(i;4<Oe0rNEuI38`V+=f)0
zd74Z9Z=*6+ZvjUL)6?{_TDw$ohvR{j{~oDY!$fz9Wwp7vC*f$CY4S)4S8#CDSk0{+
zNwKW*m3)n5_27bGg3}TzZnvqHlT4G`1!FZI!zTjuNufb#76idBj0khWqE%~6w-#7S
zt<}~xtJxa1p0!@F-mtFOC|isz&6Z)?ZrfqYhdlcsPf!@KCIEdNQ17$u2I`Y{DXnH9
zXuWJJYaifG9~tL|kCycew&(Msrpc}){yaZnY~wE-ndO^!2S20o2hPHXE#IoOwLp2L
zLIdG$>#~Mz4(nNA7Rpp?QQ&>THei_O=sbMeQfpc5-p}Rn>s$dp(ACyHV4Cc(9ZBgf
zIdlQqT_fx?l?x?8xlncVe0$-cuu#`tV~Rf%HdYJqLQ03tG-+xD&fSE!?JDq|7p86N
zcG^}3oV9=FE7&Nz-+tV--JW6}u}|8k?X&hdd%tkqz9_WXX6&tkU|l2fvhTE4*-iE{
zc9%754;u3M?bbe990#(ntb$x@Ru8wE+tMD#Rk!ZvPI8yITik7a&%uQw<HkXLui4w&
z43fEaZ~-(F=Hoa6ca2LhRvX)nv~sBj%eaE(4R}+*-LP!%)WHS5%rw_d8L#n8f(cr1
z6ExuhT^twsg>h?Gm;`CA3LDlOYZmCSQ`O?2^@8=5tx%ODW!-H{hL|r*Lz|0*GggCD
z5^h4yQ`S`LlrRnT9fG$bARob65A+CHn+U0M)?L<X)+MljN?VO>k8LkV>bAAsdcZmc
zHWF*CfLwxb-MYmzXZ9Yt4Rx+RTFKdnT^<}gI>W8;J4_A6A<L@4%U|WM9?j?H%`^OY
zQ?oIZ#3OTHnK>Q1dIq5`fB&;7pdZdQY%|(MZRc%Xe%RJ%YqFi@?+CRWwzdI&fnVnG
z4%S#ky5qZc30sez?sna^0n2LFJ|UYM6pD<o##n*o2b!;gm6Uh2aayz2;5AJizTGw;
z<nlHA%AqR)D<m1iLgt~{rXt%N`*r(%+a-|Lf-r4o?Ma~jt=3q3t-ZlsLaYKLu*2SO
z7wqTk<5ru!&R%Ctx5wKv?Il1pVlNW*Lkp(CiY9Cm_ETU#{q~!-W!s89*IsUKws#AY
z_G}KB%1z~mZgc5e7MEwqZLcJnHujljxq?=K^KhNqpn2xt3BJ)3-xgzv@9uA!Iyz&l
zHVib~;49mW2N!y77`%o(9i660zN>wJYdg5YXYgs3GnO;$d-xVE);!M}oA-CSxFz6n
zfaff(=2mmEd8VVnn8TgrhPW|q3TiP4`5i}QTm8JZefW^X=R^OA9y-Yz+lmk0Zr{^k
zgI;=qAK(i)GuOurHn$qDa7%ph;VfexSK6G-?c=WS3SZ3aA|ud|6f*jd9!N$VQ@Ldo
zc;|6Bra5@y=&;!wFtX9)rw9>ZC<aD32L2Gm=olT+eB#Ia#E<!jAM<~PA2ViDpQfUg
z^XMUj8Vde@i<;Yp^_RPwk2mh>9yc^KA8*dxH`Aj%IN#jx^8TLGwkAVyPhR8grksP7
z`*yVK?lCteyc~b%R(G(wzxz~kZTIvGN!=SgsJY?Amga`Grk-6r`wmw2boQh-*Y0a-
zIbh&ksD06BXgWM)+1Wn&lBws`3)wGE8Ws%e-%Gayd%`cAdAY<gYZ!j1;n0xbgr&sb
zFt2pBSm+mxFB-e&+DBpRAMIHpc@D2ZzB?Aduwa=yI05C&wx6(6SxnzcH7CDNdnjz^
z>X43<8yqimznE`K=M!IE<kR>ajrEOfFW=-FTiRa!-|T%2R2$iqW|dSDv`h$bh(i;H
zb_gL3AvAG_8)JpW7}Lb2F;>$c2^nN8m1L}+LP$cYf6x!a<MD93EbH+SLI~@yj6;Zr
zcnER4EXyz+!Vp4;n-D?>P1A(<Ff8Na5Qp{beXnP__vdVO&zv)RX7}`YrzCFaRn>d%
z-uv!%KfiiD+_23gShE{7-lT>wR|hd+F1+LFjc(g+0Y;36+7MM*Pd6>M$_?AC-L1K<
z-qt$%f_Fa}AKOz;v}FSBkP|S`^X?Tm2czQ}47eJ~JVi}}yWAUgP22YeSZ)`7<HZ?Q
zuV8d;g>!8OL(7e`ky2}l=SKK+L>De^+=!;Zm~=<8ZTfJfHO;#}deqt;-tneb+oOfy
zL(!73$(x4y)SAv74VH3smvS3h*tEtCn;!MZ<FyAo`Hfrd+=gvC&D`=Pal1?pY9(rC
zSZ<kMMqoU9?S&2fjrGuC+(xFyT^@Mk_S*M{XBeIPs{1-~TkK{Y+llas&~AI$5MX*-
z*+};d{mfMOZg@U?FW~YTy$)-;r@JXBN_$-15_i0-*K4Hfgm&6xO#{4k)28=2BE{i#
zPhTU&BzQ%y$d7ohcvhm5-cD;;Q&RYmHKnl_X`Zg5U5&HRQ4ecPb6RZ0HodI{^|5t6
zSjua>?J$DS=GG&Za^LBn2lQagW@@}iZj;c-j<Tc9*+#xW1Ozi@+iFecp+@6jq-%R2
zT;plez<30#*-g^{7k$K<=DBMRFbN??WU2M4HL0N@l-*F_4Ma!1fzW8vG#3S{Uux8W
z#p_#c*$eF{AuZ^5iRo$C2xKB1hmw%}hf4UKkhwvPbR6<9v+f7T{u|WrDblA~MnZ9+
zIRC7Djp+#;MRLpIz}--p(-O)C&0lGmYUydYbIBVDG$ncR=_8)qmWLsAsDjCAOla9+
zQkm37Dr97G+$+{>`*6#u7uw*7+Ra|A-5j|V8Vn6GBaz#-tfp;GcZ830gp(U}ktM*E
z;3<)uaI~=})az0UMh_dwi?oD#BTqw}_Ha}kIT((O_#+z;OG9TUE|L(L4M#l#k<`$W
zNPVcQK^rL!EqHF&ZimyunV#{ceoyog3*NTes0%2<&mybbJsTi5(2~VIY`fWbJ341;
z371DFZBM~tmZNJ{4|mU+5+#__=pHxV8E@PWU9F(E*7An5R@Od@Y_s*ct)59hzSf|%
z={<eX&6fMEnW6oy`JoJ33m_?w8}_@ewwj`5unM`gFLE%F5M5wBtv9&qp1ZW&rUxvY
z4Ed86?y>?o*0t8Vt%}wt>+w{!Rz^p`FE&~SqLX%_F_lTMSwdZC-ta&Pb%nYj#nx@l
zxaWaqz_SDML|WvIH6=6}8jUR3%iQz!QJ8PC0x;tt8)(#d!?vf4KAayuVh@Ll_~OP{
zTL(SRxZ$bvW=FNrqqe8?06M@w%OWk|x|WTwJz5dk4!fcmV6Sp?5*>EBHQiI`8DPuk
zzSet<Bc5F*hue*&z$}=Hd=yE6BIdED2t1W#M#52hVW6mi;G#@U!*WA^cpy9!^3W#Q
z<P8X$jE(`z49ti7==tz<>yvOdGaFuPtZ%s$q#D!#SJ(^XL3rG|Kd5n9!dJm_!Q0*C
zo@n?+RJ7?MH>2iAp0^|#06#X{&Cx5KsF!Y>wFe+O8w88VvlG$bM#^*76OB5+@WOz{
zd!t>^F?(+?RrG>YWm(gr#&Bh%)YFG7(;ZI_z2nC)x3kesW(j;W$(GalfY-Dx!i>3M
zFXSgK<$ABUO`_cTto3?BxFPIyG#G_Ww~4;d$hYpYX;IO;zjdeeQCmX8V05l=qd^On
zGu}GWMtPHLSz;y31?|YExgEHBO6xj~A(au02U_HgcgK68$cmX%drCxyt#+bmFB~5-
zHXMyGpy~F;)y7-lLyZNtJCTXVh&RL9f5{t}4UL7yBKJd+q3Ot$C(+Yq&j?4OabN?P
zbhl?9{3uZF>GsG>D(wpGg&#FOL^gzevui{Bb}d`hveB{uv;MFr*}iv)We!4au6O4~
z_j~G)A6p?BG>*9ABQ?>a#@WUth!I5$1-=8Z%(~F1vBz1{V6G?J&*0ZBYdgd=e>l-T
z?1^uDYP-W-ch7s<JvW%AUc#%U>l%65b&2&q^*mzkM{YG9w%xH4^iX3@q##nt*U;mh
znMltiwy`DD4y_yvb+z0MD<CrRk=u|L&4P_Tj+BO@;oVE%2`x*J!;viTiM7aq(46OP
zINDIgJoV&5#*siSkxK+Y{*wG9K`J+t8-#-T7BxgDsXwRwf{39;sYxP^`Y|<6JWu_K
zdXxA#wMqSkI7Iy&^@K>JeoyTY={UzZtb#&(M)i{FB_czWr^+Kf8*?Y-4v`7Zxbe@l
zPPdE5z**8OkRyE?u0~l>DQ4hbB_@dnL>bPN&S3^#hZ*?SaNhJf&YLQ6-c*J2COz?M
z$eRo}Z!+P$={)33FAz02W8!eeB;brm#2J%>GbR~lOwBlB3gL_?j5DSv&X`(p#?*#0
zrmx_P=?c!6{s^=5*Dy=pj#>KK3N2(qgE$-dAzoqpCT8OwAvT^=AU2*<qZP(v4C3U;
zSjB%({E*y-*myDtvZS}kEX>0nQ9M#SBENvy_#DOGDGBl=lpm3&FauwW8TeY1ACYFv
z!(Tx85oy6ZydCrKmoN`sk9qjZn1^>@9^Q$0co*fR{G=N)CYki0b<8A(nf7m>b<AWR
z=G*@r=G(uC`St;{j+y*3w2qk^MC+KzZ)3jwo@zrKNB#hF>8qGae-mX=<Qitw-@=Ug
zy883#FOYAee2UyuA6K6ve}njQg#z*C3MJyt6_nbhwkcF7t5T@d-%$Tl5rc9lMIOqb
z6vq);uFxX3T#=8mC&dYrJt+!N_M|w4vL{6`%AOQeD0@=qA$w|57%(3$#(Y2K7m6^-
zfE3@vjQ1dByuXbZ?;*^1e+M((cQE7q=a}&x#*FuOG2?v~Gv0rJR#z)V(CTW%PcV=D
zGt6TzVjlbFn8#j1tE&~ic<wFDKE*QRP#;#RP!6SxLphZ411N`5#-kic`9YLJDH9-v
zDp!68WlzduD0@=AjIt+X0m`0~Cs6jJEJWFp@+4$WJIW%+aq^W@klkERzJYn*-w`C4
zOLo1NvsAVHKX?2=&boe&D<zcmPcDwYx1xUQ;t+gpaOH4r^<p0f^IrWTR{_#ISK{sh
zX&Tp`<nnO+`&=eSBNtgN8Kj}hBOncMDQ^1z(tP<YAFkR`C%pHD-0Q3V<DqzqPhq<a
zvFrd}V%G7U>|*UW`-oj+pIv(D4Agpsbm54QOFtCs)<j`Q7#C)QamyT^!e_uWL+lV=
z!miYg*N!^_{2cp?OW+Rc`}rqABK?rPcX?f~3#>H}?laEzNm{8wa!8`oC3T5;(wwvg
zQkS$QC(4H;hg>e#$u3!zqjEa@HYaz>eewWYQwFudP;UY1Ly;A5<U)N}zAC4~m0^&_
zYgz6NcSmHn5z+6cH^g%Hxd~b)^4yf8UTooJp@mUHY^}F;oVFN}#WwDtc#T^UJ5ZbC
zb$LhXf@jUiyYPfAsRXsCnS$r8$>q|Z9Boc$J|K5DA8bzLQ@F?CMBVkv^L&Z;kazHt
z;;L9LZt;_~UPG*qZiuDt2;<ySVa8D}CD9Y~gp?vBLCFv&q@#7$*%dxOKSU#31=p}E
zj(VQpH-#Zy4K1N@Th^tn=3=Q|nrp6UX5>T|i+9@LfOhmW-+^&~@oByfWukcs%Higv
z=2dyU`I@{d%V<oS8TkF0oZfsB#%a#1tMytF;p%k3E=Tz!7_)Ravv&OQI@^Z|(jvcS
z)|qwAY$21~<uqKqGawvd`{)9}&gFr|SAsMj79O!f&VWP1SMZ&+UUo>BX9qY2ETM#b
z2KBx58C<Egj@Qx;;oKmc-QlOfa`J_7cAoR|!(0b<lk4Gb!83=T|BLiP4n|XOfu${4
z=7hWYVZNOo6)DLq(egbhfVF-_YL|ND{C}{RNoiZ!1WhH&hvZzjNH)o=d>83Qj-vj7
zy$ngi(kP5rCydw;xWWN{EyI}f!>^}7!(CFL<dOE|>(aDjly68SaOR0@m%VW919?WC
zmlwebWI0xjmn&r#+zHu5KpK<g*gpL*JAf^|f~T2nW}EM2*ZHy9aqfUM7p#9%$QAR<
zH_bN%JDg>~8tz%<z$R~sx3~%MjyM9-K3Je(NbC`BgZ<ryD_6w=ZUaX15w|7s$f~7)
zybBslkRLT`nzQ6*%{g+Nv}TBvS3sw!{G^oT42V<WL1cSid8>S!xWP~IlZIIFF|s{L
zEyW2l&VFQb?4mdeWffT(T$uz`x}VRGvOzzab=SoyVMf{yJsJ>~#3fWmd@2z<U9|;I
znr&`rE@;kcE^aObE39d@G}mLFOmFsMJG|9=8~mXIodXNxn|WysSu2vER-#na{7@PO
z9j!MPK)sRX4Jf*1J+{oY=4)W#44-C*y;RB{<;!>@_>qSX@Y8gjcv#p)UJ8Dy;SO>X
zyJ*ct^H9}8n2DZo#e#{;5==s_a9XGo3t)~JXCDZaZar9FRCvI(h^1glU{9RRFu+;(
zLhiPhz|-Pk9%dkZq1JnG>EaTn=W0;D*#Y7DrGu9a3RjtIWQE){uFa@3>O@U-HlHmX
zsP)1q9TZb}5n7WVX4S5UIhHH6tnr`_D=36`Az9S%T7Fy1gHk}}!2Eba=;m_x1%81p
z5cM1{?9?ZTHK3b3(IVCh$lr$8yZkc0CS(dlLb*^U$ih0`#rJas(EmvxT`U#`*lu>f
ztTSf);~WfiVg3cX8WLvE%!@s?gr{ND%(dfSl{3~v{)!=1TElOz{uT9C1VQ~Z_16SR
z{gC=0#FoFI{sv;pkEkEvw^toRh(NogBh;IWQSU*FdSAe(_Yg+CpTMX$4Wr&qVbq(B
zQSV`ldOw3vZw5xapT(#*6QkZ2G3w36sQ2?2^_F4OTaHohIgEOB81=q}QEvrCy_FdC
zR$<g@z^K=VQExRyy(Wx$&tueEga4i2g5pbnbn7tE6&3$U@k62$uPON&Lb1em5sD?g
zhfpjricl=^eS~6(`<UgQ#w`CTX8G4K%l|fJ`8P1j{~Ls2iND2M|2F3O|1;+LcQDug
zcbMycjJf_N6i>;-Z&f?$IARZD(2rsanuIav^B99BV+{H+j6n}#4Eh4bpoj1pj+gKn
zj$FKk;~2uAWFB70aU3w{EUCquem&;&FJn&MfjNCA=JZ{d(|2P|pTV4d1LpKSnA7)R
zPT!9?{Z`EBw;@zYekEo+<`?83X5^<ZBmZN}$j@O${wJ7`pMP#gvyc2KLXhO&Vix`h
zX5oK}S@>Pd!v7Al@J|tfB!7<(q~eo!y~1bkdW8(UUg5KNy+S5Jkc!VC1gXeE2vRYO
z5TxQiV%GajKqWVb(f6>)tHuA*@dpuF)y?2hLRr-j)CLPdx*E)Z&uB0e&dI^U!7Pvh
z#xO{pU~&*JQB}Ql93)FHE|><ADX<GtW#Cy5yrQZsunkg4U^}q)f8<5);;Y!i*bLl<
zWCF~rwB;WU<=*90LypBB*t|FvOb;Fj=DQ|>uAnz42X6%Xf-|<6;Jia^?6T^NN!E$L
zD4S&-H1-C@0&{`oz;-a69(7Fx?Lql`pgK7?6I^69Rvnuf9Dv_;bSCTUg+=|4wT*2N
zEY&O4E%qV1VN0&NWga%wuokxTY`I~hEP!gzYxJg2aF!KPtvAgCtJ4n&1=TC;taZ!L
zTm8uBFjt(-r!#~R+9<3BAFv&Ut+U;%MYvU6&X$_=lETnoxK&OWt~KZ{ubQ_dlWoRW
zD9Psjiwn{{=|TBJ>lA<0I%}k*oeP=LZrP~#q~Wj>Yb_NlwIfowR0*}cl1u871_V8S
zl`WO7T1%_TExFanXncY)S8;L7*c;5}JTN}qz%&{i>uhj_3)^Ps3agI0!gaD)To>1S
zd6hGAj`GKx$hC9B)%o0*p<dKB=nZ;qQY<von+MIy7Yo?}vBFl)O`B@WBDZEUiP^R~
zsAuGkie_%kX2*Sk-jq{iqtGMKyltC-bI>FGy^9N6g>=t2$6qz3UGQGWv_*ptF0UHZ
zsGYpx;us$rOx9(d3-I~S%KUfQXt7&$mVEv$o5eo}difQ8y&;u<WF#8&{O-Acv4Xz=
zck6OZ@Xz>imgl>Jr}?4ajI~&25;W)cSG9`)Yuklq)+rl|qAlMXSDkOFIiJE>E-aoi
z3I##}y~*TPuh<sFZQJ^VO5@zQY}<};v${_>a4y@hfi!RHvkg_Rh|64ssm7!+_L}qt
z3+khsS5C<VQs#wq+tuo1Nxr=LPX7!Y{8f2Xmv|vle%wqn?{7}JP)D1Mn-_MP)2ips
zvVm<whjj|+TD~UVlBeXS^3uhH@>RCQw!<DgH%*U8H>5{wg0LYiTHA~%!SUb&$;D*a
zZm_d#M_|FIzBpRF3zokfcw$tWR>69~|G)!sgLO#9!ER*#!Ij`TOR)t=$7}*U#vW#K
zzzz-t59#LvdqG7o8oU}D3f`?83BDs&2Frtw;7;T8Q8q6aAD9fRoe!`Fj9s>S#w4(t
zMDVU%U9x#Fcv?TNpSR=(p9PD8ESp!otDnEHW1Y3mvc*Ck*#CXDg>A8J2(#=4N3aFL
zEn$L7p~J#f`K%ZRo>JpTp`Wnz+<q>}k}g<;J8ZqUpVb@J#5AG6K?^;?Q}!Y45grOT
z!m5~U&<Mrs5|q;NYeE4#Vr|nuI=gd@;Iv$!byg3$VJ8gmB;l~|n4My`#1xS*F~&}#
z$EGlv4Hg~pu?}mglxV1D3&5|^r6Ub`DYxpV^|5V6ib_}E+>oA?=8alpo6?Hp3hqd*
zvQa5h%Cx0R$-!8O4PKY72k+?=Qa6@Q2Tjtrl*wdDcco{7Mck9(9U0QP;Xw6#-2t%o
zLsFgCPiv)JS#z#kPLK~sMb;@thViJyE6qsxl3k_@9T#@a^_zGT!&=P4wtP$ax%SIX
z+519)^|AG_d5u%kDQu0Y#vQ(3ca=KkgbjMKde>NDZF6r2!7q>vRPS<EVD_7#pKyVy
z1#YzNfT7;zvbn%lr)}QAGPh=;40q50{z(gWxCNn<TNWMcLvBqhySRWx1{GtP;ac^h
z^Kq8$sxCQ8PPMjhX0Bf>kq>fZ@?oxwqq)H#Yb0Q%c*1S-@q8km&L259&F2P-co#48
zEFa~s!&3+Od;9=D!!PnXT!8n2UuN>B`8wXj&-0amIk3w^;Mben9zV`z83}>nlleoz
zO5Prr=KF%le395`d&G_D^F@ys7O#k1)>4=&`ow<QU2(K7RU8v1!D|b|IdNKCv&~np
z7<xoe>}99KVR2C0<crMh)|-}e_cn~1!(kQ|=uNQ5gSM#HZtJ!U7_)8n&b7O0Wc|gl
z>fP#C{*YWOm&!GAz0AmdDc@$7@5{I439x}((A|douvu;DX-<*v$Rp-$*&_4uO)0-Q
zPVQ(p3|5nQaY4?3vUMTTxY?Xxy(#PDHo3>yC(laha*MU2dZl_r$g+-D?^~xV4~%Qb
zij7B2^=zr3hApi;sLN%aa&f{<;hJ#UVn3Tp?{P<~`(XB2auw9&m6<Qtg;n+@+vCh-
zZ?U(*0@kc;)$wAInBm^8)LF`zqRU%c$@%@J8d_VO&#nq>XQNyidmsJA`dNnM=}|7j
z(Mu1r*NjQ@!t2j21_WN<joY?ZYmdcii$D9UE|nI~wF@ocQEO_s=Hj5mZdx@=&}DQ9
zT|t|z9Wd+F*bW)$D-YY!t52WHpr;+3);8Obb6Q(G9j;oaYBz45Pq7`c<=XP;x$`OJ
zLAH%fqK^u<%QZ#^EgCZ_?+c9J=d#a^Tb~M3woH0~ErlrBBGj`J>|>#Wg_!CN3#+aU
z(5zZa5>nxO4d_`X=!H^t)@f(&uoj1d3!hKnDgYfQslTWGo&Xr3q6kv;oa#9^_dbXH
zK8O82hy5>%!zS9nbKXVo1rzTce=zf?Soc*D%8HfOmf>4bvEYEryJF5)0q3S)oAQ-_
zG*P_?(*4)&`E-QB74Vf4N|(o1j_ddPvf;Ph*Lr+OAl)={gVgcbbzkcLa^`q9+fdq-
z;rCWI7bO0-2iaH4l#W+DaRjQ$9K((=$8??UOxUS##yiuUN1Uc=lhah&QI?@!dG(e-
z=O}UBtI(EZ*D?+>Tq9PM8B6MPr#qbS=hS8WPLtFAPEF?#hv<}jMxVzw=#TX$`qTZn
z{vuz%=fTn;|7m}n-|L(7jrs5Sj8&7U4bFJiYE@ZTwqx2&)ajfGhY_{FP~$YY_g9+?
ztNImpk~__L&z<3h=esssPm5aIaqbj%q0iBDpy^;!YSRH<yMMmvuup8ts%2j7K=(Xx
zzpBjL>F7T-dP?n{cBVU~-??Aa6a7lnG*jff*VN)vFs`O+mLZ0H^_pd!iJnq76*K8f
za#;o%3-_{1!(=+9oBU3be!i)r>1I=pfj4ycV_mCFw|s-uvU33XeA`#(tn`gJ=vO<c
zO3p@oghO<MU+pMooF+%VW7wBcHSO3&{c>iaarKory(gp28PqTRim}Xj*EtS-A9M_s
z*7@Qb?Y^|e8DF;V=;>m({)(gBvF2Fzl{xx-g@%c;?5Z;FQ=j^rTE9}3QGNQ=TMnZy
z=}g#HajL&U>zFRBE3K=VuI;F-*Uyw?pN*E*y^eHY^wCHkppjg^$v^Ki`v-iT{;U2Q
zzD}R$U-Xyz@A@-+d;S&wuK!sR)uciC1AWE%O};DseBXXwhEMD0bZq*}aGx-oQ^1kz
zxBI4jb50o1vr%-olN`fNlQHa8pP|o`yxxbj0vgG23>!L{@(c;CE%#B^lIyWs+oXH-
z8t60JRM1rF=yz?n$4(jDla=-Ey{3957HOzLTcK^@o0z6H#?HuYwOd`M10Cp_ERC#F
z(NyCw!{`ixM#JuKnbCRg)oaXkcfWDevF3i_FfvCR{jc3@y6ul`y5sXSjrikzM!(Bn
z>1Uz8*L@4VW#5`_6Z$*uf8d{KO7I`?cSDar^7Z<<eEt4D{~_O~U-n1+JN`#y)Bbgz
z1Nt)TA9~lai+tO@us_lF#JwK?kU($0uev2wB>16H1>r-bR;dYvDpnPXSKW60^X(Z$
zgrR(nh(gIC+Mv8hTp_N(z0sRtU&Jx}C5Y*hL@vbj2k<l$)AMjlKaSr6`w~f!D&l3l
z_tXg-TMKb)t-*UwnHBkpmx&9C6N(eWMa4<QNy4Hyr6?w>iZ3g^OxP5qic-R^cwO;2
zaY<37s3Pid6uyk3uou7Abp^lIbq()T^(Xl4u6Ddv)xT0qC?<%1qj*E{25|%L{{E+!
ziMxrJxPOcHeeY5{Ry-!Ys`#zqw?sGQ+P;Q&xaz?>TzwtyaMg=<xcUZqH;cH1_qqBe
z-skE^c%Q3TywBB-@jh2S!TVf2#QR*mf%myu#QR+R9Pe|rq1sSACVs7YqIyC+QSGXJ
zNBmZ`r+P;GPED#wVh<im5&uQ4QO6O_aI_^M&K@BZ`0Xo7{j&OHP<pYtm{hCJs7uKh
zbs0q7=P+~k0nFURW9IIIn7K=UnEMU#L-_5h{b*+`G7;^pMScYBtVJF`J8O|2MLTPe
zNinV%7x{b)6XPM1V|+1w^5Zdqm;m`g3>U+ZhhmyzTF6hJ$V+|_BJVi)nV7$f`AhQi
zF*7kU<dK*k$NZT5Ld;KMenRHN{50kv`9&0w$(K+>CUa3lCXb=WOXi`-OCCp&m(-%j
zOMVGOUQ&<u=BmMabJgO#xy*QPt_yf?t~$Io*Tv_4|J?6M2K_G^WCMD`iS(d7(aA<l
zo8~K|PxD8bKPH<r9hwf3)pTk)Nlx=sO*hGFdNf}rMNOZkkCZk4Uh`*Uv*ufxZ;@fm
z9nBpwqWP}o`(#w}1I>N%k2PbO3Gz=g>zZ}4L-QNWZ^(bW?+g3BNOtZ!vF`-=r~6*n
z_hs_tzBBtu$*=Cy?bDH8+o#{BCwumt-*=w;`o7wIwPY{eJ?tA01v`kL_hR9(*#GYM
zgYnxHWjY}q%S;#3i=s2r0iPb`7Myc1ZCJ7}10dBfEPN|ml}tZK<%|Qq6|NGd1*Afz
zhG9U;V^D0*Vagfr|7PBJ?;WLfwH@z!Rt(sj$bJ9#Cmdv-G3k|rqO9YymAYf}nZ1+a
zd37faYw1&S<y$9RXZG~vXZDWgxXTKcwQ;BV-4)s^h0CWzV^YClQP#=zN?l%GUR{y@
z)LilPQ*&qbDreuRdD3-qT|4JCx;+qwj1YT<-838?C`cNFzZc+WcZZon?maDy+Hj1{
zdseACC7v8Vvzb??rQK<$1%=u(dqqq7^5Vq8<zwMOqxMQ^?Aa*P*XT@z+2tGB&8kUP
zG2;ablbNV{kU7F!WfGa|=#J=~Iz^?fsJLwJRQ4-*#aH2u<L}(BD64S!m7bFd?G@%8
zGk!Ap<e{QGU8c6Z_=w)cJSbf(TrSFTm!YvJ=q}Pjp9h({Fd8OihM8v;QID8KW`$XI
zhtKS3;|iB6Z=>Q4pG}14_Gk;;88A9IXjChwiW85~?vnE26Ngd1PUz9Np5TjjkLMJ1
zpnk!#YL1Peam~G7+<hv}eblYBtXtMk*JwRw_Rj1bTc|8P+gDn2EL^r%c{^|5lvt?)
zl$Tw6-C3tyJ~ge4bEmlrPaHn8Sr2zRIexPHWVd$ic+Saj(4(j=JUQ^n6zIYTI-n6Q
za8J7Dm?Lg86YCDZnJ4h+VRE5I$?j2iKa<Z?GA5>uv19$A>(<b<mBnW&Dn}|yPbRy~
zSd+Lo^WFXKPIo7aYL>PT9mm4Rj<oyhE03=hcOUOzyr7jt=0@&qctW=^>Et-lANphl
zwC&otV>H+wXy}zZX6Ti?vxz6iPdQE<)#oA&p`yJ~w#kei8!NhoP+VRe(j)Y7oEb0Q
zDp;(X%DoRGL?5HISF~4(>Pv6DlEw5D%Sg|K%f*SsSD}YS_cZQ@8Ok#Jy~!lHd+|tg
zxx1LtfNV3N-!AtU>JgSiR2T)La9?q6yEox%xz@}SxgF4B7Zd*vmW^z>)9nFk=q*};
znW>EY4*4CJn7&JX7iOvNk>4W}<PXRn5K3~K949DplAI(|<P<qYsL2^}hKM2O$T=dG
zd`Lbdo+B5@MM9%|QTZaVPx*%O4I)nYGv&{S4=8`G{5cV?{Dtxt#0QnXRQ{4kQ2t8!
zE8;`SH<fP^`;~7g-y%M&d|UZ8kw|q>UBpMIZmOF&K=n{P#7C)Ks+UNj`lvqQdFmE*
zi%6#Wsea;P)BrU=9Heejw~3Eacc?o=3iXhBNW4HTPz%H%YLQwbK0z%}OGGNQOf3_i
zq*kaEB8_^BdW-lJ^)~f3kxu=Z`Ze)sYKz(;4pZCIHt`v1huR@Bs9kE8_$>8|dPZd8
zIs9{Y4$s1K_=|WB&sObI?IS*~`he;K#1Yj8RUah2p!$&NLqv}1!>SJxUsQcW^%3Hz
z>Z7WU5-+KqS3OVUsy?Rr7;#MXan;9(Jk<-T7l`AkPpCdYXjPw7eUkW+>Qkyu5&5c5
zt3FM<tjbVj5Cy7CRVHylm8Hre3RT&vY~rNqi0TMYq{>m{5T{f}RY!?p)iKpE;+43m
zxGAC}ZaQw7_;TD#+zfF#ZZ>X~I1@J)H%FAl&Bx6H?tCAqzK>MjN2>n<kScjk+3_CU
z%c^<*_$M5H5Ybx$^a`Q0dgyif5lHp)GJIO-O*mIW&ta*O-U6wdUV?9hwFK%Zt%dXq
zuAfJbfs{k{)59QT(l<d$r|-}s@5jdfZ)4+ooT^D#_ul_&l`%&4y?XzY_W10X&EvB#
zj=W?#U-Dns`}(k|t~1}m-uoN~gAAqCT0MN!9L|@p&*p%9iv$soAVG$r;e3BWsdXqN
z)^QliP-+QdDKXYqODQ#mP-7TNjkSiMlvqnBmr`mO##)9@OO54P>p0dp2IgJA#UyQS
zZzuD|eV#t|@!8M*op--`eeHL>Ypvf}XPvVHa-i@@Idfm})RrNoE&ZI*mZS>o&B)6*
zy=5rS9B3_!+%UI&FtsUrB70T##Fh>UpO?8WD<gAXz!~tfkm+l-3~kO$Kj(`MbO%Pg
z7lW&Vigzlg1bPBJ!HA$PXbvjD3c6<By!ZNgEm~HF^keeL?1>F?j-vd&fc&KF9c3lR
zmXx+EO3Tukk(b$#;SaP{3t7Y42eZnylqNPm(GYx4dA&NmTJKM+wtBDo?Y?PWTd=n}
zgQdvQbmnGHI5PrKkF{pBSC<t}If{6C*%KLg)lHf1Kx_J$P4xj|^}*^x)rT|k<o&_B
zRXN#p`O!%cfxXNY1?Q{1)%zVq{w}30zoq(Q^(oJ6aCP;FN2osIZwO2%ZP|kvdE2|$
z5tzu!-I9|RnI7h!&0dw^%!}NtFO61O<o$tF&YD10Ahn>mz|ZU&s14M~w@VV)bJ4MD
z%TSh;%9NE!GXno@|KiTr$FzZxKzTuw(&k_A-wUh@XdfF4L~ZX@c5j%=p73As&u3)>
z8n++u?@3?d9re!#3bXt3GB)3H6r~r?aWF}h-Tx%b7}LYji#HeeqJ7uM-c%ofiC})P
z)HfYy4|WFng9n0b{>xM^LsTby!89U3mx42FA5Bn4^~dTfA{eAIKM?-d@xZQt6fg$b
z13jL~z-doqP!o&|Rt4q)*U1VKNi8h5tPy#?(pJ4PqbI$xdW|K#I?->Z8p+L^tRAT@
z2;Oy$SBE(dx>~CvtBbQ{(+|q~H`F>aa{Dvdla!46J6jw@o6D*js`s!ODvT_QbkrAS
zY^s0kboH_7n(CT>%<3__-%+%w-Z7KfR2rR;rL@WW<^7KOKx@XX>aO&}EPHijwLRT#
z%TQWuP1Wb9rUn8%)x*JPI^4mc;BM;sTF4SN-EDz8)MK6vUT|Lv-U{ZphXSYBRbVi1
zK5#ME5j+~W8mtfQ3r>5AlP(3v0>{aRr-CP#WyrIcPtUoBg1W%{tX#Zr>Hb3=`jCe{
z<e`5KJd|2T`@19Eqf>vHQ#nW7BP!87;v963)73fmHI-nWb5D})tn-w6h^{WXuhLbI
zvy(mr`z7~&y1MLacMnteL+(DhYI8QZJ5_?K*zKgNMrXad=bc{R-QTFpsc*ddk5Z53
zvQzlQ)+l|rdosIQp3f{zU1RlIYd2mYP3K0z+M^@AK0INMJdi%iLZnorbjtJAsjX3#
zb?(XJ{Y=MVSZj?<R>|0q-c{J(y04qeT_q1FrHNNlO4F`ocW2ioEb7BO@t#Cafv4D0
z<2mFx<~g;!q~x+^*0bP^^4#{y-V(3u$@T8te$(6NJ>os??e<FE9*U!<IAs*)-1ZXB
zWzT|V5uvkqNY8Cgnb+w(ubfB?Gbs8y$+sPC?n~LV21V(0UsHOOvqrsXoqJ3-sUOX+
z&st;6N=`H=o-lWZ;exzBr2=JQrKzF3PI-zck6BMVD^clg%H_JZ#B-4Hx#PX>?e?jB
znypdET`6N}mtc##)+xD6AFhuwb}1)xlc{0Z-R?<iA>Fx^(y7#2{T~@lnUNO@y;~(m
zn^I+IcK5RK$pg&7)+i6zIyFq8vZWRq#;7E@tSmmWr^csvntVmR3h#L;$*JXX6l}j)
z`rwH*RF2)g8&Bwc5B!2R&o}Kk?2q(Vy?cE_o&vH7+0@tOJK?+JyXKoDi=N3WRf>#V
z-c)aM`t0_b@;q5j>s@E9O}t7a54TDw2eP{jW0|FyrS2KaAZhB9v)Q#Nt7Usii@tWp
zkVmjiIoeWG3GrEnjFFl3x|!59y2-3V`Z;$;_8qdod`eqRY1$=vqER}s=;^W&YIK+M
zd+7+zydlr0uaxKA)9wqKucSA*hxFmu-Q+QT3Rh>yNx!0xDyXwgS<a_jO0XK*JYk*;
zvO^cuIji+bkKNNiPqClXQRxHExM##O>s<v8$n);<)_G5}`q_SyH0^Zuc$z#--hPkQ
z8}2oFx+tdCGrYZ(bXspA-K`-j7kKVb_>*L_R=V2bx#IPEYrRrwzIV`j(K|}^-s`zX
zzE@7=IOCb8SOuQLo&nj;YTeqSkJ8O-UPvw0N0H~(S?k=_43j%FtfeIENytsNXN;!L
z>QgPP#u|CPFw&q{=d5!|ueB#7$I_f%Z?yA+{I5?pnbK>#Z5cJVH(trFS9+<m1^n>d
z@f`Bb`J%m7eXD)3-kaIA-U;uNFG4Oe<fMkBwCS&#Bx-}}QWX7F<A^0Zb!AqQF_Qb9
zJfF~H4L5WeI<5YK+JajBDt(kbN;zTm8@n=REbDYLg^{|+v`Z;%x=SgY)HYLd>OCv7
z&+8@q9m`&NvM^t%Kg<*F(|PNBY2=4hz94yAz2}Ut*LT);l=&f9NAgX3kNa-<?s~Pp
zK40JV5}(_*kM5rF-SBmI^z<xER7Zo}LEj8{?6iNSFUObfYw>mZF8Ibg`+Wzj?aT`{
zFWB}}p0`eAKFGeq{Kcv@t|Uy=hi8nYU2~tv3FcQgZWuZ(&6{UaCfyzGUOMi&d#$??
zG7@s-0exNZaovOT{lw;GQ!3>7q-gS`(Za|CySvYQHtTTe$`oo}*|o|E_tE@%*=zOd
zqu9Od@SQ`+2lW>V4;!0I+T3=fw4l~9Xc<keOs+I&jPbcqX?^L%sd{6it9|o=`-ZzS
zxj1_;{kEmq(qA~fdC@3X2Hm%;?Yc?bq~U@=(T%0t@I)&0_6g;LJfE7e^<sK)N{fzq
z3WJ7vrVA-&^-=Bz)Y^N~T5`3@ZbN7Gps~T#u5U~)uxhuaZak*no79$~Bo|YSQ47f|
zwO_aTc^{nJ&HCSjL)6kbS<g#$>yhU-FIcCHx2?6*Zi=(J3ooaJd9UMt`hFn&@Zqmd
z9{&2|&*;}DzxO|uYesPXNk*ic+LWOZm6Nt+`V^E-+kV2Mn{r6kVcWCGOjoU&^60AB
zv?isMuJ+rA^(YOd2>KM1-J7E6DrhU%q@pXQ<s@D0GTurl|DE>n?(a$>!lK{hYHQ5m
zgQOaBydl?o#j-jsHRi&$xtJ<joo%mq-sZP8>o3_(+s<!Gm9@4}?S!#id)<&|uovgp
zw6=9NW3I|p5_7{=D^Hl`&BNw-3f*J7XdAUn*;?t|>5X+Johe@~*PqqRD`9e@ZjC)>
z!%=gMQmlB_hbt$QbINc`(WX<*Jm;=BqdwYMs~>YzTBaR#xm+%HG{}v1MXr@=QxeTJ
z@)3$xv-X^Fu&B(uMmN9dludRPI>y%yD5vDcor`hnVn^blTxn|uj81Egt0HqGb<kS6
zA=*4ZR|gDb+FiyheV?4=xV>}16k&;Qt#-xcRO-fEX5(I0X-qJ6@UJFQ2h9W9t6WEo
zS*{Z<w{F~;W1EXJGW%%5Q{pYFi*vTk$@j@Vdy{Iml~{UBy&Gcf`*IpgD%+?$mr!d+
zw5%=?l4|Th`|jAw$*U|C_7-E0;h=es^T^r(b7l6l^Z44~I4Nl)v%u6FdnN8>_VoJj
z<onLk@zKunF=nmo9JC*Oe2={|S<9Zu<W5<Poi{8Poyp<4`OFcykv);4*gOz3WX(zO
z8nfc+3<WzE^wV*ptdy*rhW(b+Db|gHB^Q$hk_NVwY@6E<TiTS<V92$NS~?6(hD77}
z%Daw4hc%_ik&#ehZgAx4&DwDDfFW1bvbwj=*zY=4I`nb<8)D;jZLEurHl>-pvGMw|
z8x+f}<hiXg*$0xfDf8>YWBQbnru?<%oVAv-=3(nKtH!o&z1CQgdOGf=sc47Sy4vh@
z6qs^iidfA%@3W_JQTf-0?;MV~D>oVh_Kemls<$z#qN_2sTF+WbjZX7`@wzo9Zk;j9
z)@qb?E+pKy&R9B=sVvqT8}GQ+xa0M1liS!Hw@$lDH}9$_FLB*+hq+f8yUhb~s*e0n
zJF!08nP(o*_vIvJHD{mDO12}m<A(Uu<F25-&#vg^tvd4h{WjT<o2xSB*-|a5DOR4X
zJm!LJSDei1*w$EjMt>>kUZ&S3%c-o6Z4-t)`XKXv!%0)$+HqT!EiY>#Yr@iNYo~bK
z?3!AQ)7HOpIB9%+mf@tWFsX*x*062V+-1C~ok*&&tftmAXxVMBZ<|YAmE3BY-j*6u
zl{9X<n$%<{j;W#+ql;anR^xYEvE8@bk2~#@HXN1PO})A`%3<YHob1d>E=Nl_<Tz+D
z+wPcajE$BXN|@ua?WVIXsfnyo?%1Qh;25FvOx$T@z?APybvBxc^k?n)j&siNxK?Ma
zU1z9?6_PI+?8$yhhe<~*u2F7`DU!Q4)@?c^H_NTs!i3W?RfauEynZsJMn7b}9GelF
zs2evFSatdbvGE4Ml|yHK(zv!gbHrMaP)lviZ9e4cFx?{GY<G3WjOqJWTZ=6-Uy1E<
z>1=tiC$lCtm~HKA2VC{++Erw8y7pNW*Y4P3TBl2q8{^g)GK^VPC2m)YhOVMqRj!r|
zM@<o~-nc1Km8-9CPP@yHVVKvpyV`W~x_PZLHp9?GW$Ys>HnD!gawB%cZnm2p$F%KA
zB3Z7;G0gfKCt2GbK}TuQLH${ymfGioxNbwP=^8ubIchr#*;V#>dz-z(e!#rP6p=g_
zCv9l4j5+(Ar;Y1$YuIT&>b&Uev7bmjZtr!DQhyffB(J01Cj)1l$!$7nI$&*copoJM
z;;EmQD-xW?<wm2EwNZ8zQ<YGX)1VEvpS2I!FU3@8Ta$)u&X_9ugQW4eLPum$gJTUH
z@u{sPS2JgIha7?<ET+oRVQjYFh^dM_XTN4!mwUi)lKP%L`vpgQ?u?}+USl7NJ!PM^
z-?Buc-i#fvPwu>8N~0b&*GYY|b8hFA%yW)1=S|B6<IP9MtPflfDJPXkCDQ5NSiXLh
zsYUiDPdTqTuNw}#RF(@_>rB0tA<Oi}i<Spuw+ZKz)1Pd#TuQy3yvuTHTewRTA8kDv
zJL0?(<JMoGmfGqXGWEJ9twn|1&ik$z>T&Pp3@0tPg_s;ugek%uX}A|RMXjVcxz6=K
zH^1|ce$sV=+TdB2+Z7upk$()hhFq82k#YTxPOqJJO`E$iE8_<Bon|X}*tIySRpXtQ
zyOtYt+_KzC>T(R&&88fa;y6iTgwE`hkK0S_6_wL+t8Pt-x7clomM_Lc#ML?1Iir+u
z<+AyT)5uzrQ)`d5uU2N0*O`YcH?-x>y^bb%G$tpx+~JjPn$lvAnR1eM*`qBTDV6eh
zI_O?W|IV(Ger3V#w!63L>>A_wY_~ioUyYlKn=|#sUA4?mNpd#&*UPE0<(A`=v)S2d
zK9lUU>SC?=!;X2!tYg7(TSxR^efXne=EKQ*H{PNCzQkE>uQFZBoQ*ATwp*3hgJ!R(
zH>U5=G0O?+U!|A`xjgBZQl{)tx{?}_j%`ZRN`?%_VMmud7~@Xvaop3&$>Fx^NlkW@
z-7L4-i%cykU5-V&$|>6;oKB}--W!u<E>3DPtu|*k_FHb)(;PMS*torp{p3wlYizwF
zWai=TM;`uu<l*l}{_K7~@_Q?)ku86E{*a)u-cyOX`)mF5Dd=vmwG%EF3P?A<w#;Cq
zs~JNPT}`jer%ypQQ9-i_-RRm>`V@4-6^V2;uvT9YPgiI4cj&5b?P^2xJ3YiZvxksL
z@fda-WT_rksa7ofH|Om?xW4xu;`~>*KNfaz`COJGrT;Swbhr5@&Tu-T_$ThK`kj0K
zgY&(V`;V4KOXoV(;}Q4Su|l;%Lq`OCM$?ss&gd1Zam23B(P5^~h!x5Th3=%`E;|%D
zb5`Udg`yStD@s>X(2=&HicSq(r_tdCvQIAQfJG~cC=N?MNT~$rs6e{;bWlvH+s7a7
zLs;I2a9_HwO2lr2B<wnnvFpHsT?Yzw9VBDdffc(BQn2eF6}t{LVAnw!b{(W+*Fgq$
z9b{tHK^Ar$WMkJs4t5=E#IA!}>^j(lT?cvCb?_K=9pq!z!Dj3_D8R0RE!cHXh+PL;
zvFo4+yAHNt*Fo{aTKxZ_7DI$X5`Hxpa*lYEDy;qY&qs3T%%`(xS=axr{tv^xmlNsq
z|2N^-{cZ|d`Um>s%O{h2ekYy&cgutF{twUhRQ8_tQ071N%<X@?eDBF-`M+~LNasaW
zZKxebW$39;Jst6(HFR|*)Ejz^jy<6Rbj^+h9JlGzlYT#i@rE8kn1RsY(2>xF<y6K)
zFOxis_+AQI9D0S0Ss?r5(mc@q&e22%`y57!>^KFy_d9r-QrknHi~I<amXC0LpxhKL
zEGmqxTt4~m{l<Uf{l;%eZ>eOw<=BF^94mOsaWdX=Y{grSQ}CAKRJ`SQ1Kx6+hPNE2
z<1NP-c*}7n-g2CUw;X5VEyp={%kf6M<v15_Io^b~9OvOJ$B*GH$N6~6@n*c`xBzcC
z-h#Ir7ve3)Tk)3TBE02z8{TqUjJF&=j<+0d$6Jm|@s{H!@Rs8;yybWY-f~=yw;b=n
zTaNvB%W(j2IS%42$JKbtaSh&b{LzP=@z68=FP;$+Vh(A>tYuVXA^#ZXr_e~Bv+rJu
z8h$c8`+P?i@ot!q`Q>=yf8u0mE-at3e?0s<d9^N|&F{+pb?=?~&F_@QB2+9NRdl%N
z2m*Ht^};?nDue?<i_k`ro9^#h)>Q}{2p5F@D4m^j9K{i&;{e5A_YY7Tid_D$)|q$y
zt5w8*wMx=ArAw+X{7b7A|I!+de`$Rb|I(U(e`z)0|5?}L|5+39|Ex*)e^&YbS-La_
zWwSq(YU#(oIp6|t8aNKT3;Y>*LM*~J^H?E`Kqs&Qm<Q|wb}$r5feNqy`jf!(z**oJ
z@F2oyA>RQGL$eq1ag=r?FcxS8=HPBUum*SoI0alp3SM9sFbjzJw{Qj61Uv$4172e&
znt^uU1NQ8A(q>+ARXA+I{*O+zcmh}s%mu~+1>iYg9S~_Qt^y+Ew{Jp@fP9bY){Q;J
zPXk+lhuM>gHINs9-^DJdI^d@n3fF<Z1is0_lZJY6=JzDOj#wW7Rv@)4kV|lP0dhO!
z5g^hRKLPm{z+VA>4SayRYk;4^?^EGL;>UsAz%Yb7juQSm<QEY#1o*$P<}e7n0{kc7
zDd6{j-vIt2a2#nO9raI^k!nzVgUOm=-2Dfn%y(#i6^InXmx13xtlt2y0sjj6*MLY<
z{9nKeDD5rCe+l{LkVVMcN&~<nz%K%S2JGd?{8pHRoUQ66%;CuVQz(S|31AXR5{;7M
z86^|)x(NLTf%DM7lHy~)zXP5jvxkT+2m?#1w?PlDkVe>D;U+YFz<)!SATS)7XAyE1
z@?Qhdt_6e?e+Zm|<{sn^E#oA`f;B?$?9`qa9>QIuCcw_Ze;|F-tcaRb!{5YD0&{`z
zE3p~~tEz$GXORNxS1g2#+NXIdOOxwwLtY1Y4EP*Mau{+y@XH9Z9;k4;L4H5v&mc!X
zWC6L10$+g!^{)9aWG%1=*a3vk3roN^RMe-5-$u%Mq=~jbJuSP-b9^7ikV*;(pQo8P
zOCR~F;d{hq7=}W>3VPU6U4iib3cLypPvHkZ3Ai0`QG@DwXy8$r4?xdLz8`o3cuutg
z_!$bH0{I)jA%;=|WG66+V~CpYeJnh+ZWiVdU^H+ga10@P7>31g47p93N1;zb+#JXW
zz{h}UU_9`Hz;NJZj>z{lCX;8fT(W@Kz(VNz8EU@5ki3!M3&2-^0|>bZawqU*Xe>Zp
z9y|-R_Z?_ogz9FXh?MQnUk45XzXSa~$Uj>~_H;9d^=061pno2C7J1b`{uN{yGD<6c
z6NoZXzX22;A<awBzl4;31bG4YOJED|rzi=mExwAB4Uj*CbZ$a^9r_GB`(bD{;;sVC
z5v0I<U=^?z8k9tmfNw!>0{$2pUV~2oZ$pEpAU4b74Gcp=arb@5>#M*oLW5cp9l-U#
zMBw{XKcy6Yi*)V*Q8sA@M;Z-6BzT3C2|NMZi;&5XJwPwYe-MZgYG8RyIYM?Lj1dUS
zXtp4Cc!hWx`kw%g1IH2TTaeGFY=obNd;<s%k^Tbd{57x+ny(|)n@AJ>DURT-02#Iw
zk-qu|2+w<u@ug1Eujc(mNFwW#7cZ0C1`YUt^aaTMyeDUO)#wwX`o$p@hQ*R97$*_=
z7<XPZLb#QoRK(bbz}dxx#Th~~G`%dA`Z<O|7t+VLDRe=D5kxo-d6@AuLXtJ7kURQk
z@oki+8(}bN6CNeaS5)^2tDtELNkeL+5x$8MHZc^Q$K9_Zg@ce!Ak1mt3Dq77`2=#A
z;K=e7f3&of?xN2ZUO>K_3*7;ZtNd(CVcb=GY4I5AH((h)3Li!Ie%N*|<7U$9u>2rw
z{ypIL(SPniUSC1JV87zx;#$IMc=jh5k_R&TA7|-MnHj(OFgREna_r!>h8&+}98zp&
zC_Kfus{p<s^08jc^imD83DxEal<)*<hm9{YD3u4{4<O%<F#aj@Ew-S4VEP{|vi^1$
z^6QJQvi_WT1zCVNr-V^n7()&ApgcW{rK`)3dpRFvV3U579OYNHa$7M*A>Bn8z;-0q
zM|=Y^_W{lUJ`W9^NNR))!8X<K5Dg!Bp8*~PeiR6=6ZZjOPZ6~#{xcAqP0|6aNbMLf
z4NnB7C-HHRvyNoQPXWP3BrrV*Oi2P`5#K@zl|UJo4?Sl)cM<Xt;Ky(`iq{eDerI_M
zWq0F%xGREzi(nBF*ah_rEEZ?WuL4g4Ig558Ogh4V$*2v`{}_7sn;P~}?}3K18ibe7
zQY5r22~1T4SC?Q(i8G&U#BBnCQ%Qe|kf;~Y1wHJhhE*lbe8B4@*hJ#|VJ(pNKQRc;
zIaLo3WtQThM~>1Aa0fJCCL%BG0U%GGKl^>454am4!CIw95tpZca!O!{YSf4bb}gb;
zRD*FzX!Rm54?IT#zoq#b>jz*xkuyD5O#B=WJ&%ZI5jlU}2}F&HXc07@Vt5aH8=fPe
zW`(Z-k+J~K7w~if_g*k<X#&W-_Y(B{AAR_Y3^ND`J(!5pMA%<~U$J!)jEoF1ZxS(I
z5O_;p0R&4FQ-zfbarZo!|7*Zsqs^kFNSL`u+_v9DEX?)9;|OyediaTG1a5)`T%DK$
zvoq#&#L84?n`BjivvlrD$VG$?(9D^|>V}N5K(s-F9$rK%7Bis%uNHW{z-Pn;AiPw9
zEMT@M@%hMs<vL}WJYWD}_`LZ0VAnhs%pxVuoYBT5o(tw^5})B>)+}+h%srg<0G)W=
zB8<^sEYdE>&jLRO{3KWzXE@(Sn7_wp4i2V%5qcN!qrj(u;G7~@iU^)SV>H8D;HQx$
zI1ky7;Z@)q(p(1y1^!09$B>ugUm>>vzXT1~mso&O{Q@#Lu$r^PGeDG3;#`iil+Odf
zkfk!n&jG=Ih($0g7Cw%)%;fI^`+)y|Se%!(0-piq1Gy!^zC>Pr&Zw=B!Ey!826?`I
z;6DQI0@nh;`oxa_tAL!v#Q|Xx@j7FPBA!~}^AvDh3HcIt+JPEpA*X>;&@@5r0Ad~?
zaXtwyDuKa@7l2^b64<QtSy&Y<LJfZwFoP5S1~Ok~!2B*0bFNUdYXN<f$XOi50*UuI
zLtsP+h=sPJ#;jT32!1GF6w|=NL-~x}4Mbl`%$ez%7WXrLh47et3twRxbqz*#v~&@@
zw20ZO1}jTytQ3i8Qz9Q#`T7s~WC1;cG!5i)@G0PB+{K75bn<?Ht!qgbzXY^mfv+my
zi3F_72;i#%Y$BOic=6jyQKYFy+;N7X+%h&M3lj*BH5`HSiaH=hRe_Iy;JO;D9?)!*
z$*`M-kDFNWQ2#w-zAA;DM-3h#y~4PkRF2#~h4RENjxwIGBvbkyV;VI^d^P%c4VaG_
zeWSoFk2+O@w@X;1(O|4pzmL}}LVBSoMIG_+4n3;GdC^wLkK=hc2j<U+RRT45g@n}@
zHLR^hzbDqAv}FhnJ|p}ZDf|@r4+AYg4{#^22w}d2biNH4qmqEJSU3P43;&dcQ5WC_
zq2PF-U^}6!VJmPyHM~gT>oe6zzm2Wa61yYRppMjUaKA-fp9Ve)d>YsY{JZ7aFDHBz
zn#0`pAoH~g*ighOnJ}`Xp_C7EF9Py)yyL2LjC6z=tfkQGTZR6Rg+bd?gL!IzQZ2)f
z-!6Uv$ew)xPoW^zC)iV{zs}Zs1+2G7Xk}_}PJyQewkg54C6q@E>xrB}fh~)LVD-O(
zFTp>>Ry-FNsZfJw&tw=f2+ofghhPELa*H7~uqibxpvKdwv4$pLHB19`DuMBe7|SI1
z9?i8?n3*ySXWg9Fq0NT!l|AmOO>9;uU^ExNy#+8yHTZBS_?U>bT+J_88xh*jQYII#
zlm1DB1V0flMvL%jHD6)ot6Moh&OIiUzJq?7$(-+Djaq{?rNIiJ8f-+(c?(}(jc0Ws
zahBeMkYEmKtdFTtHgzNrOf?k!KsYp^VBnz`@zvau;TvlBPbgS{#F-E07+71@fW2tk
z$PqoB)Q8#hM#%6h4ZKCoXE(fWL|$sFB1%}}r7`g;g#_~#uyQM)b_DdO0#>jEFi+_W
z%7eZx6gCV+3Zdww)x54ZAS6<gu>L8*@)GYkdGCtZr3UG1Fgws-Uatmw)bMrG(_oMA
zYLR>60xPF*mm$r089rd&>=0vQvItDavmhPy1Q7nO#>%h;meGKvt1&l`o=}}44e$5B
zRMk6SL)5PZY*~Z;P|bPZo6FBdVFdmy16GeE{?yz9d5_9DGiqPra~$4IF@8zlpAw%L
zVLqtgJP>1<hWi!L*I;x|!>`nQ*7g@64RjZ+K!cjnfd6aY0~(B^8a`g<LFTL#ek<|v
z!vdjT@1bCr>Uik6M`6q&eqKd#Izwp~IKhzSYfK&lKC+CrFaxcEhcg_3{v^Xk)EwFO
zUy=#>6ksMW0k|5tgCQ}iDvUu4p8>wGEK@F$2Vwphxu9(7$AO!n?_e0(!;r@DDtK}g
zR%2M0RLF;cXOQNb(5E5pFQB;!`3`Uankv}gQ$Q8chlcnD!(RbWp3sj&{u$ClzM8KB
z=b>)_ejeC~FlCV606x1M*AH&S<bMK=0bfLUrZ^J!36a{Me--Kc0P?>8Zvp=n`Mw6Z
z4)`Px<)>MB6+E^Ib692#SW^5s<jX+RPG}+!=@S#HLVwHR76M;~=26I%z<y{@Yvi#E
zYmvet(nqO?$1?m5@EY(Y@Fz&&w<!6Kfv5%Q<(R$#sg(k~?3-C?3sqPlslr^F;m3fR
zfNud&Bh;c<84x$L1Zl2>-U3ZB&<wpF`cY_*rUcKCz6AYg;2iLa2!9ds=McsV8R@HM
zp+OkQ4b6HW?63X+5FQ@78wkq~53E9eScOrW=|yOcz&<Zw#qTBd-M55q;>6=%=69J!
z18%HAdl$i=#Ae+65=RzB+yj}fW}L&guLD=Xx{c6_yZ?ewemCy&FhdCQIQoPY9GPB?
z@kRUv!h|C();iRDJ){bn@8RxB$X7Tn)v|dL<nzEEaYPCK9VzqmOg{g89(PaR?g`xG
zqv0Kt^Ycjm*N{I0d=A(F{37r-z&DZ3i;$m&{0!t`Al5boC$JIN$8r?v7K_*{fZGju
z?Z90=GvX_3d_{$StD6G+8p3Y}@^Aeti2D>Y?_>59pMo6@K=Vo92yh1a^?aQi@@>TZ
z0Ix4tAQ>_^iG*+YC0^rv^@gwK3_y=rp7bbW3CJ1yV@SURSP8^hidYFdo1v-0%5xp;
za1$Coa1X-p`u!kq8*nG^V?YnE9C#A=HtdGy6$*e}lxG5WUqW6lL2l)UTt0y?FF^A*
zK-8~@dKXdS;)j3{NE6;D!as#;kXJzl4-v+=j3*jnISPH;&Oq*^>rp%Fc`ac6#b=$x
z(4Pbk=S=k&!gm8d3xr=u8IW^<`M@GRgGLHq&f<$KeF-ykDUa!e8%t|Q|9yn{I?~}Q
zy5E528%W_>kiW%k3%Qb^#8;<#q3Hth`9&Sl*#-G?=r_P6M9jg}ScwwLkXjk6eFSl@
z!b*pse;H-l1+2zh@Enn|<tLCkf1-ZKze1QZh<gS(z6lNHGUC&a`3&(4<cmN)_dkLf
zxsSMf?*zVU5Dy~EL6oqITNSmF4?X690_G87Cf5M}4p<0$72c(Ry!;(K<VpU#DETnt
zZeRm&3OESFO0otFJPfQg4DBck>j@h4jT*jMj#Wf;0_R$+w4v|~;bq~|4B1{L=^2_c
zF+QWh>cKpl)v_m|xhGo*X$NBVErRa}-$vZ0SzO`8r3@AOj)v)vqh7vEV>MgtoQIy_
z*VtYup=+rXe#LMWvA%}zjck{Z_<0smdLtwf94VTmqdG*IGM1P03Ub8Srtm|=y~&a3
z#lvh@mGHEnSF!J{hFL#=-51s+H|dYCT~b21(2ss{9{nUM)mLa%%2p5NF`9pu<W9Eh
zNod2jMbEN5SHeq6uOR&?=7Aw^vHq6rgOZ+NNMY_UFAC{lxj@slbdmLDOctw_HD^?8
zwYdXxbC$cC?HQBu!PuJ^+m}AJw2?6`SmTJw%3`ta1cf6@`7B?CQYsKTWTaz|%dj`5
z72jI^a7jn_bB2@xJ-hfb>}y(&Z`odEvLs=)QjL_`-adjJvYz!+Z00Wf8*-muafO$G
zF9M$hehGL4-!rzswl~=~XyhTcp}C4DEny=yR=l596+*-6y_F$(GNE*3sS;d~)hxbQ
z5IWv2U<hC8faVp%dIit&3etZLn&<GH-6o{=1+1L>2b)a`ufbbhTk3<n7kEX*_F~;+
z{=7s;vpg%p)Q~*QQqUx#JU?aS5xVen&tRVQS=dU3cO76FO@PT_5%RsI+Q-HhSoL{W
z_)WHbj^?Dy=7&(i=b442Pc9u`wT$+)1Lgk$a(N#34b=V@xZPl}Cd^q*E&IS()IM8P
zJA{<C<4Kz^qkI7+tYoE<v{+l<>p3-S*Bp5Zi`5pgTE+HRu_r1-$;%PGf%zxRI7W~Q
zOYQscpBGS)%LxC&rNel3KfDX2Woe2wcwK;{OrEBJZ!mwhvAF6lvyxCRdJ!p)U@TzY
zGE~0J+GFJ+tCyybb;x}Z<ze-E7Ng7?@TeTt7AVI-R!&tCVGq_!8qg1)V!Iis4gRHy
zeH%+C?pw-)W;JY>gr{cT(S$($4)Ar=l8Sw^z*0j<;@(M!6+;>mFpQzN8Fl()mb<71
z-b2~imNv6CvXp?H<o$R$3;UMgKiT^ZaII>r-L;bJ<lFoE4!w7fs`TD_IdnwIK{|(C
z54{hFs0fH1QBjJDjtxbMGJ^#HX`-NF?+xrSh$sku@@6~ZIphBibLZYW_dd^X9^Rdu
zot?6>R+6={_7{Y2LT>92z6Rmj5#9>iKo^noPZ(!&h`5P;>)Ug`kkhiOxfu%SZ;A0v
z`?Lu+KwE5`)r<6{<JGubB@u69#KY&4_T2#vEv;O;zV|KiPk}d4Z=0qfO1awO`8vSc
z9Jjl=$!S#7VkX+y1!;EC4>mXBEEtyenmJiUDFg7dHcEMjXOf%UT)8M+Y>CmmyWspj
z)Yj%7eCk>%hx_`w*2y)lEUTNlcbmd`b~C~ZT3zetBXhH(*cQa>!>G89+qphEU&Ufg
zU<rq|FDhBwbiSZ{YYuv_5bF8S`5&>mXom5JQTh*P`v^CK$J8k8!syvd$3-&p+#}@n
zGOA%zp8&njrM$|~&BnO;?1lur=y`xUqyDbdSE9Yu+)NY{a}p6?|Ir+9G3H4ZW3aX{
zSd#}0;1SWltsercat&rx4cog~i8aznJjJeS06Ue&3>(4n6JmW8;;CAL^lPxT>46yd
z)TuEZu|CJ%sKUBEz-m1B5IWQzhY47^4D2uotQN!vNOLvT3ES}&b{K>Au`<Cvh{5Vz
zzXJT(#cQ-N;r;O@d2~+`Rj}%Swv}L%J0E#s4Hn$s5oxd^Z?3^pZxzHETYZP{U5M`t
z%!l<Vw6>t6M`)eiQ_;8D?;88vA5c#%LH+%Xs`owk6H;O|uFHakucE{kP+M>Hg^pmb
zw{E=8%xX{u`jP35u-Dx-08vkY)wuB5B6K2g8aclY+~dO-MWOWw=qbYMgA4G~`*}u4
zGZXP6o%ScZPley{uZWZ%p(ZU5h7PN|o(qk`toE%#4t{41)<s>>b1CxiR%Ps+CBQ`q
z>=tRilj5y;@P^XftK`?6Ul)V7G<s8eD>0~)z#eo0`#ak2kIz7@UII-(D|tQmXDq_I
z(K}<%vm23eFu0{D;=OOfVDwj(i!s>!G2mp?103l0sqe>IPXT=xwbFh+$m<$dR|iib
zA8)1HkC+3%9gqvZBiYEe9r;7QP830jD}mm#q9mSTk3)NlD?D1wWW;;BxA&jvhqvBC
zDbE8J1F^ynJjKcYo1kvk9|_Q3#{1lEN4(eZ(Ide*&<gsI_MSG-@6-TjC?7-Dcon=2
z|1{<Kq!~t-{Gj~Dz@tD|Clq8hK)ixxt@0tp^XD?eK&vv)xJ_xGMjh%wONDN$U`tUe
zJfaTJru8Gp4SKPHHA8=a(jhzYVU+R}@DyT7p)GrnGd$c>UF6_({PV!qJVHNu4O}!9
zZO0fTW`gq2ebj*%vn=8*^&aYwK)4I?`3dOx5Yngix;%qC=+i4=jm*tx`O$Yt<o`AB
zb<|BDd=mHp@`nvX!hWTo*Xy|m_XRfh(t+?{AjW4?9AS(ncIEGA2){KIA|^yXVxK7V
zyIOUS#%p}oX_cpt!%%NG^A<Mr7j|QXw_?@BICB#ax^Pe*Z($EwVrNQ&hHh&GHfO^6
z+0}3Y(m#uscTuZ%F&bm1Lw|;Ru#cm>&zqOocY%;KE3>X=m*U-}Ub4_Gj85A7q+!=g
z5qg$TPj4smd+U%><7Ya^n(@9a&!DG1L7qRN{$5A+{o-Z07wSI@SRGgq=>6HCWe461
z&bJi(W&92`c3X4-#MeMPb~z1p$^zITg8d%x6gk^o)3DqUEVnKPSRMlCL<;*g>Q<y2
zg7_9d@Js;u2L*i?dBTEfJTGCF)A-#b%zy^A!4P9|2$~q=Z(xTp*!MAht})<*M&J$1
zTtNfM?Z!Ij1uI=RN;uz3yY?9FRvj+Jt}gbv^#Dr5&Uga5t_HsM3GC?v^Zm^3=X5`t
z`}r67KMC9qd<pmhaz5x#mqpC0!1sYi9opGBx0{`TgMlX<3dD=Oi0O{-jmT{*!borR
zQ|J-EyMU{J_c)Z-0SPguQQ}tM9^mtcUkrQ}G2bFQ4tPIs0pkCRawEjdM4t12hY>Rp
z_zZ9d;x7d%;4-{h5jX~z8+m?&r}v_DEfBLC_zChkgLqIte}VX$k^VAZYar-gS3wRz
z4TXH<(+K;gPa(Hzh({{~C}39(xv_F^X;23R+DcH;YUR1H5^!N(tBt6+x6U;IpLk!0
z_uY<R;CBYSbnNhRtDiR!-xlxsy>g5I!D2r%#&e&0dJd)B1Y82#gnCX!O;Bgc|1M=d
zAX*)QPr~!SACP7kFazl8Tn1s^g9c&nh6;e*3+NPlCQqTPPEIbg|H|feq>1npb9dlv
zo}Rnz2BMyF8*n{Jc@1xY=fy*aNyAgrP}~N595F=^K8~>GM(~xm19$`CA3-<^xE2U$
z74HC1qI?VZ4a$8F;dMaY*S_t!@D!Y>w&1Ck9sh2AAUI!M2?VueULZ=BGmzfLmqr++
zi1EnNb0*|SdS2}cM4!qUNHZN_^qt%e#MrB<W8ZlQXuA(7y`SfIejY@41>#%bEy%dM
z90>W<;QXKnu)o8^+rZE9v@_z-cC#7b3J5=kaB+mU#az+KtzKYJS?$6hd@90{jw=$_
zb4lFnY)}b!4p?+{B&-tU>+UTBjY-1`!ocT>F{d;3P}qOD0Iw>>JZs=HWAN3LfzO6o
z<nq_>Lebuf)qkl6o>UE7txO(-y&nr&Br&GR189W+GVqSLb=9!)chr~#oQ=LiUkk{K
zxE1jjox~(yJ0R#Rh5)|@`tj;cAY@8Ohm4VjL3ze_X!|ZVzHM~)G7#g5gyb?t8^$ca
zm={DTAY`1q9MuAj237%9LK^V7z6vou<->>{i1=RU*^7XmAs&1vJZGZq5>Lfr2u}l^
zMY*7oER3fGkVAdsiIFV;PX>qlObztD{qO*hKVhsuO(e!Kc@6TxY#8`3cv3#*YYxu$
znmfFtjJG*>|2=pb2k?tFULVK)tnylk_m;;RKrci*Qflvuh0!Cx9HhJ?9zp9CA|A6L
zqYfI9tI#6}%zz1u4`Ee2#Tcc1ZjgGbow@XoGL13Q>gEo;_c(Tf1l9?{`!>TzNcb-+
z;Z-FtiVFW-r1uT;Uhe+eLvKHUb}al}hF?v2uQt#5@NtsfQ`&#q>vy31ZnFP+<vLiU
zVB@kQv%^0kMj^Zw*gm$HIoyk<6%d9+EAa7sfc=4kfW3fSfn$M9f$e~>VM^EoWi{Zt
zz|Vmn17ST23V5p{5Ve(Wd)p(zTY>KY>jF0dn*bXCC!)^tfvtewARh8==MEQh8sWzf
zE(^R7xEb+R0$~HR^S;C5z-7Rl!25x>0;>YoAcsl_KMH&bxB&6@AUqq0TFH(;Z-IoJ
zQ`YfzNFb=HUI$GodAlOgYyiFj91pw$Pa|M6#GJxgEs@W8#N+{@rLrM#2hyV~yHa&H
z3Gw5A$ABk*F92b!m9GN5{qRG))f{0@&#w`KcNKb8bw>P~2)_k93Y-dr6<7H@S0G#%
z2z#uR+-jJ8+|%X2$w1IVJ_kGq+>MlIsU7ECjPK3of#|gW-c|wpuZ;f^ybb(X{mw7G
zl@nOi2N+c}bPD6YcW4UT?GAWmo`s(4b!u;0^Iq2QR^<<1|HNKi0{g<se;o`DHw6tv
z`7ho4m-w%v4&HYf9>wAo_-P+>`B<Gj%jtk95#QZgjed?>AHp{k-!%lU`qh_<(a;dJ
z|3U;l459<#r^9!Y5t9oD+X(-HeBJ~;j5Ny;eg<uU4Uj)W`ud1(4G+~qvA4F<J&(bc
z6<;Ljmw~X~2HuYmy1a%jwAu)J1+1p3H1YxcWpV6-ti#R@^eF*5E&m7|&Cli%VSFQ_
zyj9lgm9Pd2zXpIUMZ*fD;ma4m?@{5~`2h9=30tD}-`aSucxZMifJGEDMF7t|<Glf~
z&Jo^c*lXY33YP&|dCSrYgu9_FuoNkSn0CMy5T6FD2kZ*;ZLf<od)@bmVw&q~hV7JL
z+hq7x81MTE-$nU7-a_fJ1!y?L?JL=FAR_nOoW;O@cX=0b_WeEweRL<nOYv@RybGUj
zH5>5*y^lR&njuXBVMv5Ryd7t1V=T2Oy)WxP&-3Unc$<qifS{Y|>phvFxnqu#Ue-ix
zzjgUfL(W&?txSZk#kYzbkft``M<Tug_|X66z#6=pAK$v}1bQ2<{~GaYv=?6-NN{)n
ztBB3P<-E|L<sv5+*rCu^ovNBBr4&l>UwFZeA;&`!{p^hI8W@&UJ_suf=4b)l5dM3^
zxv2A1j;n)muw!6MkTWncXzbd1UoYgWN+G@fZp(kGyVvc}%WBBqf8F5ia^AQ9O;`WG
ze_!CW#s0{r3F_%B5;YNj8`?Vy>A|;*uTkV5K{2nZVwDv^4>gbo1-~Qh?5^a0<Ald1
z(n)5{o-&>ajG8iH9L*R%blODP;JEFwo~_GJeWLT{DL<u1Q&B2I`REeMBlW2nbs*<S
zNYssn&`26jQ><p-)25N3VpP_Ks!|<lK+P$gdb{tcsXGm&Q8a<3(rm(yiXeS1N>Fhs
zM{adcml{$F>PUTP014_r!|+R~(`XJABH6J=k92C=vwPPvG@w_{&Shvha&T+bkV?=+
zRFJAuBWg))sT1|3fh5U&&67!EXcA4Qxkw#SNh)u1t3i#eX3?1{(>%l%q&&9OrKkcG
zrkYfbnow(MM_nj`2HCn+p`Lc7JC?F&2F;I4%}YrtO%<sK)uN`<hT2nC>PLeqpo{4;
z8bRY|GR>qv(1Og`Q!~X`hf)DkzyiP$!19?x$4`@0f%Sncft`T8fP*rJP8}gf11AEf
z0p|c00<X@@oRB4#1J?pK1NQ>o0e<IDso@hRO;Ck^C4l9Cm4VfPb%BjXP8pi1S^~QO
zGl0W^S-^R~CF9488mevqt_I!<e0coC=@Zmu;CA4%z&*f&z$3sn#!t!|uigWG0{jYi
z!akg$P6N+53=}W|<^dK0mY8HOK{;S$V0B<!U}IoQVEai^hEEK-0DA&6vRwQi;Beqr
zU>0x&a2{~cRNEuL65tBpEx<c~Yk?c4j+r<zco?_|_$2UY;4a|)sS`4@f|r4B0Y3qL
z13c|ei>Xs<*3v0p0bmJWd0<swU5mAKQ($XgI<OnC7w~e6b@UM6XkZp_7H}bO$<*mt
zQ}qqNmB7`&^}q*!k501`(3^qVfzJZ>01pC>0G$uMu<}v#pSVgpa+ITs{+B}TH_ZMK
zCag3Eb~H0K6k3T-{$GkSHZFS%Q?3g{r`6`M<4wN*jbUL&!3zJwm8tLrqriKDFoR=e
zasM5rT`(59U@Y@@Snz_e;ss#-e~8k~Zzb^C`xhQ6ZbPL&C--~(7k*``@()qi8RwFJ
z;>uL|0<gdZVIw;`FQ!}QUfN8%=vDfJPI5V}&8@j7592Akh;QQcyoq=65&noz2qE%`
za-z0qEqaP!Vv1NKZW8OopT!rlh^#Cd%5<3_N6T4qiCiTgkWb3J@(p=Ro>mD}L{(M|
zRl3R`XkV1@ye7ZOey=FU{lz)%YyalnCRR1ceZb@IHBm4x`@PxzoAmZRd=K}^N@gM3
zqZNH@?w|cNkBYCk;%kxYZ|8e7`+ffO?6oPJqqZehWWO)jGRJ+d9QUKM=U;MOj{6na
z%PaX{j`wp=vs8&3_e*o!pU!??Iz7kzs_f-esQjCIJ8o3ill{J8D*O8tduG3{RxZbV
z`5gBZv)@<OxEFTJ&F3jly<vQP_V@a+#_;$$F}}`<uZw>#b<Lge^<aEG8ec!k-s)PV
zviCx*;n{0h`^g;l`?KHIS)Jql?i}}PbKGzG4G+8f%{lIm=1BiW_WSxdxUhcP?7dWf
zWcKGn@6B<)KF9sm9QQfebiD<1+(3{m8pkokF*C>PF*9S#V`jEvW@ct)W@cul*p8W*
znVFg1WcUB~cmLaWy1R6%s#U7i=;(~3?kX+^_lLLO<lzsG0K4v3QvgR;)bjkBN{ac~
zGHHOlNJUj?kv`;zD5s{S74#)D)tG$!+JK2y0zso%>t>fB7rZ5rug;&uCquPBog_Gq
zi@LH3vhq=Ec8={YUWu|T*dYX3G=FJvG}bpT>Rx(K)ur5zz+X~fm(obiRv~)b#RHs!
z9@RAQtZH16Ed}x0%K-X=w$2}d3bz#E8^-2MNQ*dQ`VTL8o!+=0gpK@QRoRa-#u?7G
zjLy|XBeFjR8P_CCHTK@J@f*KpasS~Xx@F@kJpo|=KoF+Di(BkLB8|1UxE3*EC2ZQ9
z+n|%Z7Dev7GpyC^iM$cXS|xz9m>1d2s}@XtdcB9wjg)klb$Cc~zD@_r<fW#%l^jUw
zwW+-QXz73Ta0O3=;&r}d&`@=1Th8@;m2PxMEq%>(y`qc~r+Dy);o)7)2)*?4t?1g@
zYxb%8S!%c2R)N7rfhB@!)baK6YRuc^pnD(dfb9>9ws&dNEystUHkdI<4;H{i1e={0
zgPoX-ofv_gn2w#8fSs6+J^u@P{!jLNMD~1o_Izmed<ypbls27pYuEm3QJ5=H@hefl
zm8j{JDAtvz+Lb8B)u8ZJ^vzcE_pRu#t!Us@^vG5;<yLff4?(gIUzs0YnJ-_NKcATo
zpP3(@nJ=H2Ki`QD--#dJi7(%YKOeRaAGRMKwl5#HKVO;;Uz#6ZnlE3PKcBh}pSmBP
zx-Xx)Ki`TE-%6g&YOc;|z7AK8&g^tG-gNavLSpfm=C;K^`1$77wv`W>0@8=e@9IFR
zvv^TcVl97^iK>3h`h<s-ZbSBM3l3@a_Nb^?3<n-6_#+YRzQ?I?P*5VFavQHvvy4qU
zj0x*joWtgdo@W|!Tdz^hjLkay!{#;rTaAnUXPU?Dw<Nf{02AP2_(2}TIa;L<)e7B8
z2&)5s1Iqbv&JhLY4B@n}LvFH=^>n&6x~H%XCv_DD*Kx=asZ%X_b@<|Ph)jQR2I6M;
zB?l^bzj)N&=p9k%9o#z5YonmqwP*T_(M*KC)^!jV1OeB7U=jqLK|u2l2te%HDuuu<
z&(AYkl^d0}u1V7<!g8!<;`HIIw=%2^gFxm#&<_Gy|G+p1tp5XjAduW<uisL<QvPsb
zXx6<l**PcR7~@_pc!KySM^~QQTFs>t#I#n*xHg$d*_Yg|VA#?Pl0da67`o*A1FaxX
z0|LSSBqjd<NWwk~>fE<p%E;Xd0>t3(DWVXJG2EO}z6T5fL}FK}&MQBn?Tg2+TtGm^
z1_Xru0lVUHn<OsFAoBKEBbP7`C~gCRw142ABnSkI|4IJ!G5#ls0)fMSlB|CKBzZ!(
zXu#6ml1|?a1c5Fh6Xc9N;hxg11QYBGcrWB}zxp1I>0k9m)9O@}LO6KG2_~n~4k&mI
zG+G)3r(|uRM+F*3=y~;4)vMvOZS@yKZ6{VQ^3z(I`Ikt^$8axR(-H&=!NLUZVP3*_
z^VP?TLP5Mm(V<>167PjAponTH!rt+QMIm5DZK;Hi?Mg|QW(R4ldMT~F)X1p^F!c%%
z^zGwT4C}az!GC|)FX5syjZ+<<F^uA}i1u6Dy6Tmrpcn;}|3%o&-+sJ_yOMMfkq+yn
zNKljepy<xPRf;Sd2295tsdLb%qic~H3pEQh4=qoRm=tE9tfQ^d9EzCdJKA|USUXf}
zBEB=YiP1*jhvLVoh@|I9+1WObzQlJ>t|0NyB#TapwC{x-)gLjr+TR)86?TxSk*mpU
zq*)|dkgAY!k#LQy#%IQB?VT7*8pyahGZLo~E|NfzL5(yH_YC*gX`RTF9`3n0uSCD)
zbDfLw9!bB(BDBtW?e$$W5Il$c6Q#K^-M6l#ERa-&daR6NPJ9N=>|*7MbX=5Je?GpM
z|Cm*N?e>Ubwz9Od#w8Ym*khggiln+uT=OaRjf|ePGUv_fu9v;`i(U7^Flp!aR@4{?
zQ`bZHg{olJ;8R_%m3w-=UAL5MN1n0C<qh{J=eCdSzN2i~D(}BUi*B`pjglQl>SP<W
zg%1NJ;+Qm8`GtQ>01WD6^y(s*H1U`;3Yavr^y&w_CaF;QhP)9;5cKNk{S+$5`I@E?
zc82sLiTxDLNFuE_nERB!6UvVU*vj@m?F`g*2H4t`BCQ=laW+dRC&a4{21vQcGohtd
zIEH~SnZXs`mR*N{i1YTyLU5Vi<cP@y=9a_}SwQSKh?M}bBjSjSPRK%*8Q<i%K<u=5
zjFz)1RxYiy$XQ$8NQjm>yHr7OJW|`(F!Vhm*SPe_u0g;HCsytca^ktkVQ8%j5X%*s
z113#mk`oV&y+`5)31V}li6~~pzePGA3*=`AO_`7*F)x5vXJi4C3?bR1c<8h<62Bt$
z(41w^epT_%>PIAgRW`^1;h@e+(nLpQ<VX&cAn^f-UlPdNX@*cvb|=}xsaZ+U?BE>i
zg^KPxZ{y^NKGYl-@`<qFJ;!~V8_dg6x4+6Kr3@o1OQqqdEsq7WkkZ)*Ujwpo-;Du{
znOJKn150u5TpXt?Ogn4Mo5=cE_9{8<@B2G}hiY25TqMP4k!2QL6l_t2bDY`pwp{Ra
z;YYPrFCYA(k2_4u`s1uTJm$2l+;wK(hiR`g5vcRcADjlCMl-r@iAK|MZpjDJuMgG?
zo?_Y4N)BTmH2KwMn|3cj(#!MxrsxfEqc(=^>Ma50Q~scYdD9|QeUZluRwFdW;#T8$
zrcln?Rt@RyHVAd~6bN~q+yTK;=G+mY({lKIyGM9ge`b$8vxZfs7^Y>J3%Wzdn)sx{
zyolnZLtXV4>QzaVm(hAfYGdQ|>X&)}wNe(lnmd5nO#ATS{@Dx_TvRBI>?hSFC0};3
zD0{H$!lyXc(CU6RP1OuU@|F^VVNFT&SmBlyYJh|-jG9Q&wtQViM~K8Iunsx75f{;h
z!%z{sS+-RP&#L;Ql#E-NMM2OtY(!E2iIqiKYP;Qk?Dtn|Xfg=3Hy3)+lo6S4Onz7$
zq$wzx;~M^?J;+|Xs`%80T0LP~WE*%Da9LaLJxN>kUNXhUUx}(|3&KP4+EQp~fk$y|
z4HSi=CntHJKT+mk*lkr+RAwhHZM7wZ?k8D!T^EI~A&{Jc#$f|)0r-HG)9DvVu5#`C
z#qijdk`I3B8G_^Je#aMu_tX|`g2lo9$QSeX_!jZ(Y2&}xp4!<M=5Xo!6-<HS{d)eT
zW;6Xxv%>~qi{p(4>erpFBNiCsW9|o@wlf}96Cnx*$wH>7k_l1<Lnoo5D2v0fp{FRD
z!(7PZy?!?qs_bXQBLVMywv<d6h!ZNay%5{?CuLUyHi_z37qE||?S098eP&Wmz^5>E
zj4t%9s)b<dAnWqiUgy5(Iq+@rZSs?83bewxff9a2Ssrw>sPE-ca?>R(ZbXz=iOL%J
zb#lV@ii#X%6<MLQk+e#aB3N>K_nLEjC)HWekRtx`RVF40rP?7PLi+O`CLYY%ofd`V
zIrCxo!O9K&CxS97O4W7h)9~fsYN?GYlUD5~krm1f+49O%oI<S?$_{@gpsJUZta;1P
zIt>rOoj0TiGn^GL-5lhOru%<;Q_<?g4p!jX7r(@vlvMi<G%T6<r5}Z8U3LSFucU;2
z-%^pEj66{G0qyk7EDM)2D>)+uW>C}gMRN-sP}T)bj|EnQR!xf&Cy4LRJq?VDQ0|zx
zg2NPV#N&p^<I>}0w%bTs@fItG`L^3=TKlxwR;OlLtfYDUPm}iQTdbsbgHN0GZXeqE
zi&g_q5B97yn@JwG+E|{yR;|Xpo;iYIx)Cgn4}-T@iR1ruG`|tnY$nyITeM_d9|c*#
zA8?eofv(bsuik2-c{WCVIF=6Ah;yg0lESZRIoHV<GB<ff8O~=g)Q$$+ib$ri>5p`v
zDIA=q5MBO7b!96WdSwvi4FTNfO2$U(g?ZpA?9HYSW%r{#a~BQOrVtJ4hk0Nr?3Jew
z=?tPilNAj$GYD%po_iBL<5S$gP~7x)i^X2*hh=~)B&QIO>xaD|D(nrW5EbidKLd)!
zCK(JT{w8qXfUd0+#zVcZj7L=Q+F~)FOISexXyY1I@Kq)@;Tlz(lv`Lnw^)qw1_VKe
zgbK^B%ZMWqjZOGiq=*CFqKfZ>H2V*r2I{<j4{9JwpszmSXm_9n(xHKLXdpQns4v=M
zM;zrgAf6ISp-53Ob%w!k<Zl81M`157g=k+tOfdu?&rl>rDif<XB1e*lfC|`QCsn%8
zDG*CcA;K6$Z6zrZn@=H{*9)5i^<*j%t4twk)DN2r1<2DCiM^)~!RduDM*wChip1hm
zh@|wxn8N`x+y{y142J3h38rWYMUIlGtPF;f{zUTvv28hG`hx%~^1t&qT!dJPfqaK_
zPv#$~lUE$PbOlN(5g|fpL!>uh9(g$wBuOJdb`7}1gCn+f9T`8#N5mN=q>~i(6gi}%
zlbQBF>FFnu?Dy7wE1M;av(b4UOhoSPdSs+@?^K^<*riq8U8#NamkB)(VC4qn1x)=?
zpg1ECCIZMOptcI*15uvWlVNw%ZE5xs;S9h>$lZtK68KWE#tML?simn-mgFUv!gkRf
z0vCy|dtR>m_z83)f;Xg#K#lHJlR^pm;0}eVB<JDwee71{s`%4=9`ED>?}@?6tnfFZ
zdrcfJu>e$en};|Fxg9pZ$=gBdPr@xlU2{7+r$3y!Q1us^POf{9aZWy}=T$e_?wtsr
ztXbuq-K*ywa<s1AxbEJ#qa+rck3FNr&6=dv$)kIAu9=#I)yZr_IQvpJMy}x<N>vHX
z9F?fdWDVj&Q2T-janYlL=j!T9EVeMqznbDK4Y*QixrVFi+HpysMhWdoaLJhVZ8&~K
zCFFZmZ)#~6*gOA9umEUqZt5?u9Be8#H8!68<cf*IGZg)9fUz9da7NZ1Tl>xtgPc@P
zw)*folfK%lvD(bJG^b@zrd`*3M*KSRV_8O<_H`7@ZtK#P2xz_S^|`UI;rTu%(o|d6
z9Di<ce9X9>v?1<PSLmFmWqG`A=&bSbb5sguYTLT7xu&qWwy=10rv1a}xLXjRSa{j3
zxvsFek@UO9qjVE!eJHA>IoG1u0<U-aK%vd#`YdcBU~dz*(mc}1kw3gGhen#r;zIyX
zyB4J$go11LS6tc_`*3G1Bly;icVZHv<tN5YuVz5F9RuwIX$wj6&Wti2V08b9h;|aK
zg-B&*L^F`C=>@1%H89@_x!9mCVOd^3x9_HzjbkHd^*6FLbY3UT*50azrZsV1Z^cH#
zYVf=jyx3m!;%{c9^lW0gt#kRj<_J%v@@%-fJ;B8&)><^(;Rm-5)Xh(P3zp1W<;mf_
zZEio&8wz~O`^;MIs6mZLV<MRy>Z~yZ7fPAkWA45azIqqd$?aC|=)+qA7cja#Di<W3
z;qYgqkErg$_&0w{T9J@gy#!2}fsk6g3`{z*kWjt2A>{aeR0btUl-d3t3<_h&_5HXE
zi)J#n{RDr%*2-!UqK8uT>(xqTp!0=h_hZ>AzY$G@-a7Rf0SXd;kn$45D2xfQk|PO{
z@vR0{siFso&jwy<{OAdR2D;@uXo>v>wrahmvULsfIU}6!;z`M92EyfnN=Zt4{Wr+-
z(v2#3iftz)oTU?G;U{Hnr59zvZHo7b$)FHg%_sRUWk2R+w5ndp!OU{73n0r0%}TJ1
z8Y{NV0<cR(N~g^tu+8r)ug(0@O2|s7S=6NDnC7_OOEyXfW}{D~USK-atfw{ZS>Fr1
zfYyuNGu{hace5{8?-gFsmvfV+T5io7`8reX_q?4t1XED=;V&^>;@uXXQA^z_=bLix
zZC--irJFO>r_OinFFfyEAN<}&cYycM+2Xsyhs&0a-VaYh$1>}?<`=H_PTt(lJed;$
zkUpQc(tCzaL+Z5RLpXc(5Kc`>0@E}BCW3W<MAC#Po*58tWS6=|7Cmf!qsCJa0x%0p
z-6;wHm;zI0iXs5!BdOt%t_nSh%!!hQ3jLZEw6$&OEDGy$^ej>|puk@Yj#4}do6PiZ
zQpB@M%nVXeOtWhZ^fXdbvnve@mQq}^8xHixMfvkroawYh<;O;C>G%iov$L8;ZmAnZ
z(Z}YDl6>~9$JUT3zD6-vRw5~}MhRG!11Yse8Cce2DQ`tS0F&>jJw_o|W<jZvw?VG6
z9fljMmnqJfRVKXj1ZmM@g9j+LrO(vYPCJ=@+e06bFUfhuJW`%0u5EYX{~Cu*q6{Jr
zqUexxNqQtcab8R9tp0Tl%|<asHb&_tnIN4AMy<=FH7x1<IhPBAqKhe_%P0wJAK2Q*
zt-C?5lfp-hi2g$&*s!-wxAiKo#zU2`0#h4T8(A5)JeZ|7O}DbfNtL_;X94y!7_QGq
z_qIlOiO~YB34S%`y!Syjn4aeh)9E``uvTxCZgY*hi|G<m2lW}+1N>`%XJ15(jv}8K
zB1;6eaAZE2+-!;39Jd)#V}!bJWj?FiYKhhy?+Id|C|<s_++m5t91AFNTeO>MXM?eW
z+8osh-hJo`=R0%T+DS2Zg%c+QHZEN4%W(|_6Sfu0T<mm-i32kkHcn)H+DU+k9y4Gh
zj7(G^uXMV>#EqFa4Qo8isMt#~Q~EvOg~O4|k@a5UMDxT0yU;dGQo&R}ovC=;4F{cX
z3}N=`M^JZRpoib*ukhdVc87zsg|EL?SH7$+Xw+De&RMXe3obPg8FTC%-kEhKIrqgi
zZkoQo84-yk99SbOA!88*@RZA)jL!|~d7aG89qPfHsg0iDdNyXZ-!9J!2m_nVr(Gw4
zDXsx;^cED7@AFI~2xxi8x}@&iWDTb{^{f?owpyz9)uuR0Q;g+Q#TH(|C8&uAIISsD
zRTpD4x+vjPeMRUhftDXH(g*=(FFj4o0a_6WDEn*4TzMT@iHc}W!c=A<*iM$RqI0zz
z^;%4)I`+k7PKCs09l9#>PTJyME0eZ*A5JcA2Ao~jU;Lt0`F0#TCNj?kAD2-PZUhTx
ze=bJZ^5T7lY6{b<bALE9ZFcK#yt0kEee#Vv?G%63-)8bw=uB51>%U0E|LtfVo^X-T
zC39OLIrG>xYF&2<vbRsqUXIe-%5Zuk7&G+di^t*$ez$yhaWs1JwnTqjm1J3)=-jq8
zW@>kG!7Ybu*0VVc#Cw@E3ecfTk#lOS5xryqG%M4az6g&7=F>b%+2B5&W{?{hW?%M>
z*|@M1;bKL77Y)|$t=(?1abqXWz?%4O9Bkj)y4_*p<s#KW(!r{UO$+-O-f0b1UDooj
zSwG2pcy{a6y&0W>0v-wF*AaoL|E<6WiGr;_j6n!n?>nYk%<ljnm~YTvg2=!Arnmuw
z!%&fkzwR6QgaGVJ|AvGl$OBtZiG>S7oDZB?(bQiXKQ}f$ox5M>-=EX_(^6T?jV4po
z>gyL*B$P%K=gamtTO>YSx@%?3KBF=jtAI-DzVCI1Y!@l-M_C;FEV7Qxl($Wtw_V+B
z?gwx250k6TlNsIvAEir088>W?Qvz#Wqxvy5MjEG41_i1z+oQS0@OFbhNjy0&1TLI~
zCieA%J%hS~3H~Nt`#-<7y1vQs2A6M%-s-nvd*Oc4KXQM1ejr)F@ug;uRrWuB2zwEH
zax7A_2UuJr_r~|e3z210WQ%=!CV3_yN<JLD4gK{|@Ft#TQ0z@K(!Q^9)a9Y%m3Xwj
zxTk~c|3(ENL;YPKmjpf#s7s0;sI^UQD=ZuP6Gqs&pWm+9Purk{NP{83LzF?1AtNHs
z{e^gsu-~9x@up;lp{*W+%Bw(CMjaIg6=&FOpLu_G4{aZ1gnYPsL~Uf*Alxp>j(53C
zGe=X%iQ<v+F}8E0IT32u%dq_hlVj)uUhG5g8LRPoR4BX|ng_{2Nb6oj3f%-zH-<z%
zr#3BXnDsT`_2JIzn`fETz1G_|$JDk6>jeYzy65DE!-jQ_@Q1pG@1F`<MYQpo5ys!R
zd4`X#n^uu8eEzy_u}%nFAnA6=(t_@F-zQ<veihb;sZuM#NCXu2GUlqQ(#}Cs1tj*~
z{;I42mY|#jLh3e7iDeO^6~s{!g^Q!9{Yr{6EJ&j!XEA_K6VD=VG(amQzAx~tAd57B
zGbN&nX{_t7qg>WpW~yUcuCH^gd#<xv{<{2Y+5VG8JFr5&33`(4+mkZ&RvJ57mf~G5
z`I>wcU6!Kc-}o@`hBf|)_voXEtU-RK8@0&SBx9Dd%RKJJkg#PP?q}XNtvMj}ABFU=
z^W-_kJa^J!*(`;uL!o_$eNt&+N+D8XR3)OuzQ0|1d=s?rh)f*CPnOrb6A~&F@tPr3
zD#k4o8nG>0e{m>#?|+v=JCkb(zu0vyt@Nx5FGjt#czNeeYE2zVd!f6t3f~{YdP2%d
z(8Q}(e4Q_gh*zjQuqRsY!LXw|DhjgVJTeNhQkJ8`E>$*~o^Z`EMsy46&)osnlzfYN
z`Z*tInhtO2F0k4))x@X8wXaF0#nHIdocsJf<w2pfj=$9<xY&eim2lU*f^_$(Fx5f#
zVh8bn|40s>U&13%$#k3T!rj>6X2<p}jTwEI(NO(fP>V680&#v?pMmVm@85NjU`@HX
zcX!9_7{??_)sfCbNk{c5CaNXvj)j(~=ku@yzfv!-BdACFNU<*9)%PBAftK9DvBR>G
zZrAp)+M?tzPw=Oc|56Zs5x978tqHZBjlauzoOSoZIqpJmw6#8NK11A*GRHDF<$Thx
zb{6*$@l}JBP2^2>{*U9^`u<Wq-}0yIarLDzuLv_owVhQf#(P&6#+qtd(dOQ@1D;I#
zzV@B|<t|lq_}9Tu0ft0{&|OomGx1dFQWyv5-1~rneJR{PmXYwydi183(K+Q}bS`%<
zaSa=L0XO&)@if!WzyO}$O1;7s(!Ig6NbMVxuu)aGDs1yLBC~t%_n>j1qs8o-Mwj5g
z-HF-onsuLDv}g+aZG*66R61L~8{7Te49(|)8}XOX%<7Cuz&u@v&X$m4eOszRsg6qb
zMCm-&JQs)C%a)ti<$z-Dc&0<N!tZFN8J-Jh<8A5LQE}rwwF%)phhlqJo`9?jDC^><
zD<@#gh0tP4%$vkB9BsuE1+%7NuF6p>YM|)$wqBSI(Vu=aTVcxNvZLIip2FI09ebXu
zBA`r1{tZn>eq5BZB61i**rlB(DnwYRCSMy{qRk`42-^PI``x#dzi>S`)S%efqx2os
zjJTKO9-^I!oe?;>AE9pGY~L?q_DVKoo9z%vA4?wX^{*a=x=k6Gu{5iUN{lGj@U0{E
zwrOHvFy*j5Exn*Wwbl*=954=_UXN*|pK2XGjSy-UXR(~Mo(pe+Zm42WLWjZ`<#L!v
zNP_x9FwqqLreI<y99s;dbdyUX5}=cZZDNpzMu%jFt?wA`7+xdnpk3QvmpuiJRN0ke
zP$rL5-jsAuW{*^lD0s@S2;A40<(<5iiI<5gK9}juBPh)(&MGk}MwbH>WlD_7MieK@
z4oVNoN0eX{VU;FJDHU1D(8?0a4wV|ql*%}jc-~2`9C!*|=`-6M2#V~JFZvvKxJA7`
z@y%YBk5ZorU(7$z8$}6rU*vJ_u-dwmW^`U__AY>v@AeG02eEdcOrkCa=o6dx<jTd0
z6zzpku~`)e(36xHRAC7+pITXnia~lYdPg*ut!%cNgnY!+@odA=b;%8}PBQ{ganduS
z?FtWFXW+}hb<qX{qr9>2zz6eX>i{y{$|>pwXgb)_fcsuZ-TWHiBh)BZtzMYz0vq5{
z;}y<!bFc7r+!T!_S``f29(Jp=RZRLGdaKk$O#2>ws|<cj@E($D7&om<{9{7#D9X*o
z4ew3Y4cLm)xvpjKL&!tP!&3J~`3K*Pc4HRG(G6KV)!xpgOK|Lj@pjG>EiO9e73A=y
zTYSV{I+)ASg>u%?rn07Tr}7oWU?owdL8W3vV<im5^|JCZ95aDRWt@2@(DRFOaoOy=
z=h3hUJr6`=j&YWzTN@yUJQeG1j!{LcO1q#+d9e)V*sM#sGq%dH@<i+8{lw`W$+7q)
z;HBXu<0bE<?j<cKU!qo7e}SFFOG+`mNZjPbjFCkxO*c(0tu~E&oMaqTs<udoNkgGX
zt)z5j&g6tyDh++yZJcaedE9B-N-Dib&|Y%3kfV^Jyfx=|L34g>>brX5LP?`}=SmH$
zQhL>SK3)l41zsLrE?(vMy!0HpNq7TOgN*5+*=S>U!~BZ6Wqy-dyL7u;yYOn+df~c^
zH;-sT<_gNn?A%GWnB|B0T}R=RsiRS*!r`K@qiI_}6&(+R!Ew;B$nn6*jYGVHf<u2B
z^16jqs#R_kP$j>7mgQL80mmWTan%9zUE2}L5wA_ZjdmTduC@-L)qGKQ5u`m;elOCg
zbvYk=U;5(UN$}49{`(#A9s1qGv&t*4i(jW8JJ%b?r=nA(Q&7FIc!G03{^Ix&`9kxe
z{7(Ds<=Orb(xu@2%Uj)B+FQ<B&3pV07Aj<AkA)5PTTlt%cntj=ivf1skG>!IKlI^T
zgT#XXL3)Crx=p!bHB+*NB@A;|X+LO!?t`R)Dud30)`M94bo=D`Z2QFfu=-s4Nc+(G
z9Eq(_Bi-`nk60li8T4iJt@XWkf9f~cwlEB`Pq6o-SW`1gGfgm0FibEhV<uy(VB<uX
zN1jIDL~2A-4rmRq?&|K!?b_~&?_%w`?vm~*?ZU<XmQRl$YacfMo-Qv1qoAWu1Q=x=
zV;*5%NH9(_NYkTaO-wOLACZKWQYyk$$SfV6(^I!zF<3EL(Oog;G&!MnOp{KLPM=7n
zO`}b(N<9|QTS%`oYUVJBN_9_jPk&8^N)JvEO%YAEA4eI7I3T+HajS69dSG`;WZ&4j
zux4V#TFqq5Y|YS|=A61Z7CbHrioHxeZaj`Lwti54fP>zX*MvzU9lnX&SfGZS)RiPD
zkz|-cI><P|*b`?BXppQQYZ$8?t5;M_Qdd^TrZ%Uc(_mF))o4<4QhiWgp%JCgN}5f&
zO|lwQ8igzWt)vmD+&*s(r=d`JyuiEQyU?>hxPY`Uy`Xt2WbWHI#M#HW$~md7TiLXr
zj#D|l;J6UEK(nBHN_*;M-hLl)-*TUDUvcl(xav0V)<?E9$C^KGb-R++#H`V~u$W{z
z+633UzcjE+wsd0|*ksz2+QiXhr;%t`SUJ65p<%pgvZ}XgwQ6ZzkJp4(pIMVxo7t>Y
zr&X)feCsq_)x3J{<vy2XB(wCo!gQ|op!*>AQ2W6BO7e>8UfcPXcTn4^x~{r`ZAIhk
z^gR7c<9zkJ{oL}Q?;-zT_aXj)>EZT4;(_Yn6n=w{^A5he?;M&_FUmnwN3@7|m0>M*
z7xOS>YseXuvxvip^MHK>PbmspG&6sAdPntgX>aLd>0;^J#2(iP*WQ6cnqz{KmYtTX
zii4xLx70B$Q@VH)%dv>VoePSyKBF&_W5RX<X2Qcb);{PKaHx6s>rnm>XzXuad24tG
zd1!RVdPr-Wep_=}a@%rSa2s*kaT|9VcH0*297@|cdSch^SCvv;T;5#XZ5~6l%F@fS
zz|y0%Md>u|Fm5|;uhf#%rrd_DX|6@r&f3D--qh;U^3Vp~#;G}|sa2&=RbK^LWwpq{
zc8R_&(!74|7`$G3;owa0$p85J5%CfF(Zo56Yg6ke>mchmYd7n#%7)Id+JUWQv2C%H
zt*yC5W4(RN@}ln||6=zd{(|Y^_Cn%<>f#i?C;wiRM_Xno{zUxo?%Keuj=PULpL>@Z
zg$E*wX!6ITLRM>*-6WArWN}aZ!fl<gzj3{Bx^b{^^<hqNpZ(bEKF2=CY3tVUgXaC(
z)pza2#iK^|&W#$j`SgqPUA!Z_GrS$VZM^gGd+9srYw26weVSWkm-0@>jmC}SPMnVP
z&eaaC4);!|PP`5M4cbe<rP?Kgb@OA{W01^MDJW6R`r&<`XK9y%4#6h>=I>2<ohZ6R
zwqcc{^zHQX^uzKin)}K-mZyam?FY*%%LmKb^Q-fFygSFIsOL71Vh>|a43G7$@-7^&
zp6Umjcc<<}f`?*I)*H_^@OS@r!8hW!d{73Q(2uX)vED(SfKN^DR`1yE6`fP-JGR%w
zSGHG;_x5+FchR@O_u@C>cZ|37e`#F62y@^u!5@6s5aA0TXTUwbf`j{m3w|a3nh)OU
z8|v%FZ~NQmx7Bam-=;aNQ>ZQ+H4HT@HN-V+HuO_S?C3|JDYhAKn$QkVRghNS0&_S`
zeysR!{AN$VmPB}ff&T#y4-XRs9R+^?Ne&6?C)|V8Q|xE&zuzO=bMo7=hG7X;6Jrf?
z4cP+j;`;?c6IAp!E`M^rV*f)w4F6>R#b26YNHalWgvLVzVL>y$LS;8)jVP#?shKI6
zSrahQP}7hp;S&Rlf=7PA3M%EM$!e7V=8)A1R!~>4SCCc+IB_}AIgvO~+7R1t+wjqQ
zS86!Ue!TWg+o-c6UEoaoFb)h36b&2<x&=K$25w_*FK@eU3xm=|3AS)_&~`9%kgj2G
zpluLXArQbg2gwA;1WyLi1<?gp3%7(2<wd3tPlWIxM-~Vp$9Bbzi76YXl90#Yq@n^M
z#zMxT#=@z?6h+O5BV!MS+J**(lElmnR1CZec<e}KusD!7@HjA9F<Wt4@%Quf6bTwd
z)~A0nqn~4)<DC=Wp^itvM;{0c3X==n<_AujPNz<DOuJ5p9nBn#m<T#p-t8X+9UUAs
zfzncJ9QBxp-l;ZFxly{Yx)Hi@xbX;!O&6&ubO5FkvH+b5FU3EA!_rt;aq*0_hQEMb
zKsliJNJhd<LRms0AQC_WI8|URw2)fPs^co8*|!;)PS^z$%TE+)0$Z_n_4LLt?FZg!
zO{i&-Lhd6C2kP|t^z!v~^-%N`^k(&B`bYH8YEM)xD;O4VH855&SCP#l&%@568waEQ
za_W=o73&}BVdy98FYcVlmPV%UPPFjhM;7;^Tz6fMxhQ+6dMJ8WaMSSucuBQ!=|U%?
zlKU|R%6C|<+gubnNV|Bu09`CyJY8HH=zO?**nIeWSbQjalNG!-Ok1aa*nHi6E&n+E
zhPt9?gaG7OP|6Z+r-P=O)4D`4sRvjf844vJk$U0O;4Og}G|o}vLyFSa@)nhV>A;$*
zi_HQvI{&bOGDU(9ot(&uAizM*G5WCjvI?M}kfi)!6YRojHJW1~Ui|TFGz8*O9ppVQ
zNiC5tzA<t**__4vhT4Sh0&f6sK(XYIn+c7RZrB&n_)o%l@<T1$YR)b{38!(5;u2yL
zwhP09?upmN!(=g-L5-gky!oq!ue*;mI0D!vM3?9#t8l_Q!xaaNhA)>7fow&<9B@yW
zs2RC6F-9Gx6huOA!sUz@*u&#-eR<%@{4St=o_{I8;~xf}x(0218o(>6^bqZmb%n~O
z7tN+vN;JUn%w(G(-_T+@zP3`yIz!m0@ZWqF(*~<lp0cN$%oG|{hjIRrnxV8+;TNE^
zRsFRaUNu_zM6L+m@MIduqh2aXb#GFb6~!R9uwXW)9;sd~XU;NG4GPlr1d84Q?uEiG
zWzrcMNhntnhx%WKGUGmqXgKSW7f|^JkDp8lLLF||EI}?mLVc$jj{BPj#uHf9ThrG~
z2r>=_ix7CwlJ{dmDLUJSFPo6~U%Oxp9N{SR1HPe{ZDUAK=g>_3{R)GART*O~T!rRX
zIn?;83+)EP8S2Y)MaRK|{O23Mfz|N+cc=kpUngIud>S@jo7_xf)0)ZXe~|GDR^f#_
zjK+?VePJ59k=LF_|4XP%1g|d{Usm917`F4zFeWx(#<r*^Ho(We8i5Cs#fs<L5rq-=
zV8shv4f<rmN`uuPs(z!ECITk;WF-pO00kE7L#W<>53jrC%Rr%6(?&Q|gbA~~rkp*l
zI)^aJ3eh)#1)VVK%{R~6OP^a>J1#YGtl%5(goBNP^m=LZFLn{cyJ}UEppVghXSi3M
zTTp)xd<nq#2529O6i-mLs(rd4KOmp+hA>DC>Vzt$h)BX>D1PNZhvt#Uh1aQ18NqBq
zd3||9d_szuXCgm^SrP|)L=ct>9CzlV{wNNJs1_CH0iKXfXirr{sPsP8!qP`#_|)?+
zz;MI=)&9u^#vSU|r9|oY-38kP(gpqblBiq0SGr=~ou2^82~6fo>R+Jv4p@TLSGT}`
z%s;z-Xt!W~mNyfr$sF}vQ1p-gP=f<rf{h!@Nen%uQly5)r6L<6m?#@X24t#o)Z#P3
z_e*ct{>Hfac15x<pj<i!*fQP1+EUxo=MGWtl^z@6$%zJU2QAr<%u|mm5mj5G(o3vC
zalu`J;080eub6S!%TInjGURnjjn+O84AS^DKnKc`l|UWG?#^G&=mo=7+f>6v@rQTn
z>o`BTFjl>A30|C}PV!9pTlO|v+!%%!##y3b4mR@LkNs$-C~gGYMgzy56;ySf)1_*t
z255Cyb=Z|3paKahFe@<X;KL1`Z&7h8vguNFb8%}0RvQI)R2{-{@DgHCu7ns53X;KA
zBL(~4yO2FdAM6WjaJny@?$Qcti~-5pyeoZ%HFJt_{VVX}n3cZNa25=aHBg?bqJ}06
zc@_yi6osPUkigNB%oX@7!eK!Pkpz}sRY<L5Q$-|^abzYVB3q6COTo0cHEL6<*qHey
zQlv`xfD6{4I^w}7T%aJ4gfp2!!wEl@Xq*TQl!N2<Ro_>ib_U}IpnVBm{&w%k-Y+S(
zg5Qw#_*3}9Wrht1thorSybZNqSSP`@zW?TV9R;tiKC()eYz7`neHc~f1|LPmN-nFv
z>8t966Y656i+`uvt$F16t#QF`H4_&wPu=m&z`L{Jn-<K=mm}~T6(4P|HgpG?Be$vh
zoN{_|3|YJ-v*fwdmE5@d)IBdB?@IBN-IPXHhOeN?7pRQ3rRbyJo2u?xTlB#CGAggS
z*Fv6nW<_z~x852OS#btE;LNa6;#WZ#;f`i>g1puVo>C1(4?0mxV`@Qlqf=Ha2cnJ4
z_GR(h4b8YLN%{rJ`66&fX`pk(GL?MqS)R}p=}^y1CjPDh95P!Z1Dz}qDEeN>1<JjO
zU+|5?3{iJF0q6dXL*;^_jucu@c&7|9r_-};NAh&X^3kom_He3%II{LE1r?C%&~0*c
zQ&{WYRy$x?rA+cEmyt&*f(pAKTlk+cc3fFsdb#~Fp`0@DO(5E?o0*;Moaj&EB7b~%
z#&=`2%QEW3X3)*W@qLqUhpI4S4WFcs+R?IUh--{c_?jM#y1aQhpEI9x4=R<Qf(I(=
zpyC))@jHLK!rVk(YQiv$tW|vdZTJ={eN+gh9G{A&2PlC&C6&l+>r?$z2LeZ<{{oK7
zFlX^(uOkQh5^|=!c<;Bac|rUDp~-*=p26{N!P9RU3`-G4<ZwguWJrY(Cb5;pj6oJw
zND6VmNn;e|L7J*g4%Aqd;xiPczC{ar)W2R>XU1oSECQ`q#p-gKh(k^0L2Dz?7v$X*
zesf6gvBxu|UCZ_ca;wCNm|{3M)MH8664<aE0Oc{9?L<%zDo_#3+z27iiLZSh#EWAP
zY$kpmMt`vbHxW#>fHCY~AAj=wK6V6NLE=q5@om_CxY8J++76}$T@}jW3oSV7*L2WQ
zhf!ZD%)0qNJt%gKB@Ms`jiNSVW#SAcz%pjWP=1A?P)Z(HNL9^bNwM(t)CUf<WK85Y
zN{lH=z=MDZ0f-#o1#J8y0|F+vBG2?A!E(G28$ohZ5$d{g-vzxe9sA_97W!)D{)cK)
z7fi&Ao?8nY31Iz_42I(?#a|?ViY=OJ``<|64ah|sbW5nZ*LX+{)0qDtF_18(F)=}H
zrX{N=t<JzDXp65^5VTNLe=^LV>XaF$fRO6L{8U&|tl)NxKgs_K*-a;mv<_nK!kT$9
z68rBA7yj=5RI%6cE57m~XhKv#(Lz)~R)KYWseoMgqQYok4%P46qwCoMC5NW^(veUV
zH{%A-qAV;gbcjso`dK(HuTES@Wjb=JHpK$lW+bpkZITK>Q=emqemCmpwM>y6dGn8S
z8Rjdqn*Ad$Ns(>K@>(lwwQ1rxPuw<WHTW&4p!h(LPhV@WRlyDNnNT@@1i}mE_Q@X6
z{}-4bY+ktZ!vjVYt^({AnTQ94hzH4Dbii9|3?Fiw=&u_wF?<*pV!~~K1aCyc0Uvz-
zHho#=9}YOg`~Nu{52XKhZ^rcj{$_?L8jKrzLcae$nXx0J!I-hL{j@K9PM{hu)->ha
z2i^iy(qvj^JVp`^6snlB?f$n4jlcWrk;<3%?>RbPcT_%J5L4A(UjDamYW3?~)0a9}
z60QHC=1|djg<(AcjMj=%Y_s(SJpVuDSMjgATtrU_A%gF@o`el_0S|#w?TBs|xgJO(
z|HzAGfVyyr5{Sg;1hfguuP5>sS;x*z5|w5P%kza7c%h5GQ^&oik=)l)EXyQj9t&K%
zZc+Z`u>shy*ucdc%l+sK&vj<FqYc{VpK8Z+!w|gGD}4+9W3*z#;EI!mkx$ouBw-up
z|Ed!4s^W(ZocaZ$PT_loJVXm3VidjssT6!DhDN?wfo=7&&gc#4r2o%3{&&fwlGW!7
zQ=7<tH!X}&{=X2+Q~6{3MBrnIVw-5;3=d`Eg<PpaG_cTJk#aqsd+mR!N4B$&>O_T&
z^6KP;aPn=EK%Bw`ao}R!yk3*PTm{4e7>>`VPvjr6-!mfOE2I(y4a&gNf(8L#vbbq}
z0;{-b-8^H1dXVzylo^&fjbOQ<N#l>oBylchyJqeG!)koxLe4yPgSx-6`IH%)dZj=)
zi%BD7WmRwd$-a01jmD_SJi}DEkK@ekxzo>loi7()R^OU_HVfx*0jj_|!CatanjT4!
zly3w?$}@9xt8dR|6s`sNMY^Hhz^_niP+BvQ-zCDda%8?*^MA~f_}!AKr^bvyc#-l*
z@O?92{xBnv0AKOJ-ZLXfYa(LuY1#^Stq!sL3|o5mw^2Y^6^bGu9=`IX8W<mkW;S~%
zznGkC@1G5|y*R+|I5!uPw#RU#BiQR}5W?O!yn^r`)cK2XOL}*vU1p)=_19yl`&iz~
z=~cLJ%`5Qp1{tqeXN>$Er@Dc!-HkE&ezhv1yW?-hD&0zQw_WI=RkumDb$3|TvHY=B
z_YuXq*LdIkeYeENS(<pYn)g2Cdy&NbRJK<9=b78hWYx$j-Gz64Fxs}X9X@UR=uXhI
zmXD|Z)#)Wd()4{>So!uz3t3fQ)k}Iy<(iWf+oFidQ~sK*(eux+o=>WvPr|V$(W~kw
zxo3{bvk-cjk3b@w={#yV-a=}XYNhUijiQbIcP7vDxDQSBv?uWh{ms?=A@v6(=_dnA
z63{CxllpGRSeiW+U_EpUV_jqi7+n+_pfj^W*c2U3Uc@POJ;8{9(9nQDcT+|;me6qT
z3rEPMZ-c@Mo?XfeHLxJ!%?~%1IUEf@{3#GsYn`W%E-JENZ2OGFCNIKELQr=(5|5Jb
z5#k|q9KVNJ$hV!HUyc(_0@$T`1_J9{;uyVZBRrW>gcB2nk?Zo$UPsPCDb}~Km)X_>
zH*FcW{cL<^s3!^}y_)S9MB^S>ZdhpMQ5eV#S9DG;wy$UiA`mAnW4kE&cDirl2u4rk
zxyO`&^{Q9m+30>DSKQnh&^x`iGZ=EJ4lelGwBHzZ;&ns`Lr^FCb_0KEb0c(P_?299
zcj!Rt4c^YM*HEM}dc+fPd>!sWaT!8f&K$c5$o`=#w*?sQFoX_=kTE@A5>yp(0WwWu
z_3rd4q&-g}qT^-FjD-i)U|uH}bukABhZQs5mJm{Fa~G!S!0F2E0z9K4={+o<!%-)%
zuNwYS(fuEa@eV8Ka6FJrcR|%}u0SRP+}@ob1-H(cETY>!Lh3Y-1vYqHhJC=hf-aL~
zxa$ETx=xmzHp&q$$_C1jmVfnsD6?J95Yg2@K3E6WJl!N1ZEyt$r-FRgCZt{fSs+Ky
zMLGn{P`aX`jC8$6MEA_HOR+}KWjF$ib9+FC3&|YcrpS%02G^9_CG>fCL5E9$9C{X1
z4R8Z`lWFFXreYxKPM-jRpT8oZ*JsUmqgKso9$*NmzPUvOJO77j+#>)wTn)4rKuC4Z
z4anq8*t@f+kmd@9gx(Kw%Q>V*^&!CsUnoGh0pu1j5p@+0XkbXX)8~M3k1*(P+sVAZ
z;r9giA@BsF58;6Rc2F-yBI*-RuWBUS+Dnk5QPAN&GRKOpl<!gum&Cn!+Y0cv0z}kg
zyrA(R>&9LK#@}M0!=phyBnqh}cmSC;NqY76K|W9*p)+L9yzjl27#vgzsor^vU=4Y7
zKj}gDU<g8YVg9=6NA#l$LiAt=*a|27rt^dFzp3)pdX>LC2_T_kWbJOl34<;nAX7F)
zuijsfWf3HF0BCf4VKpwGA6{ENKsfSHm4Xi*zj~$_2@is~(QlN4jAR6_^}CXKe@)n=
zqtGy0G8cYM#jEQtH&bNFz>Z+;f%bjP9i+gvU_a=B4gwi(K7C{aQn!uX>!zne*W-bq
zDyUWuH|R9!=6=y*utPaF+&mQ`hj99ym*84wN^ET!tS6J_fDAjC*}Fo^%hL4G@lNFZ
z-U6Xk3!(Z5a_(wr?|uiO!*Uq9j`~+4O9CZBk!t)<F4Vfq@7NMgUB^sWw5c!ty{SEO
z!_ME_;V`G@*zHdC;*Mn`vl*FOHt*uFjyvCAtm|sdA2N<fqsKBhJ=LpaiT>Oeq8~0k
z=NHRlV|6?Zrv}bS6is+=ZaW_#zazi9&wetxk-8mnICQ$rdT$7)-hpn4vzSzrLb}`C
zTt&&Gx_Y08G$-Efd!fChvtIP^too8iSPG_cQC<yO!L!9^Yl@QZi>Towzr_33nh!9z
zv2mI1p=L|weouHll8uP7=f2LukqAu;kA(W>d$8z8Lq878PCD?ut-OOTJT5PlpN1#2
z<EJ#fM*B8GU3kAeUczxWTO4-{ibPCwccg8y-8_N!JBvW^yxc|&;iTzWbHDD1K3=ZX
zXlCC!0i!PtHjjvWA1@-cM|Iv|7vDcW-md<fIP0`Cbyz<&A4q@xIp}sj{<7;6?X+R*
zI<me=)Y;vJM9_3`uP48JH+Zf=#;5VoA8_ytn_a%Kwyyq~uXCr9e49b6&2f_d7wsZz
z)KX`S$y=r08y(@v)-9V#V^&9rFTPvvA)zRU+ySlH>GG5M>A?TMFn;s+S>W<j3u6;o
z+u3;n(|9l;IBVl-cEo=dvQssy-X!hK*!dg~d4bEbpEaKk|41>K(qvPz)7dB*q;fS&
z*^=z6;>8`5JRSO(|GbEN%O|6HWb-2b&GJ_z;_+PKXrhBg)@E;uP|9XXiVol8QztQ#
z7hj`+<z6o1X;SRGPUo%s@aN~VvenjujRYeTM(PHRgW*kJG!*#{Nl{or9hjSMJObW{
zR}4YgHLwePT~Wm?Sex$mvsLf;*aRcepK=d-5-@P1tk7TIv6R+sW@Bry<X%RK>b7ey
zqVV#Kn)U{ai+G;Z`;)69N;1bI-z;A*Gsug&Dy>srvAlIO-1oQ3_2Dl)Z4X<HlgW%f
zNz&U@oolX>H<ZW2X|>K@wLY>puE#Dv?blIolCyDTJ!J%^qdxe!+m7akk_kSW?90sh
z^D^0Zw>M61mk;f`>C<NSyW8_Go+}3B3B2<^Zxn#*xxuiT>l~LGgGCkIr;*KNuMN(l
z5%z~~+ef7p(Gu1kH^T!sD!d<s7mZk%RNnVnO&>J&-HvBj2(KnLuh(=FbYaw8jJh{B
z<F3|lF5WXUm$VMXZ`&6^2X>aDkI5Yiw~@&o@0luXeyd(tHar*&Co@hFT^^UEp`kjJ
zl9}qQ#skNbUT?s`j?c1zvEAH_7j|Bzh{9Uq@h-!NbGD|QpQ~a-%-G+B^`j#gBn|M|
zW$VZS+M*k0NKYFJVtBYi4MI^Z*GK}~f><5b7d^GB4_&RQ54)eUHaQL-x$Jp2A0O?b
z@Ta2#M^e5}>PLASMSy22E|I}vH60)&jHG6#%;Wr#%a0S0Ln<w)$g2ax{lae*0K_3g
zME~G>W<8MFmMxSpH#73Ol5kGrJN`&MD<xO{%Zt*2x-3%G)LbYxKce1^7z41RP*z5a
z^t@k@%^!#SUQbzZ;^PFD67z^mG+N9xsFkIqO)gH_uIYv-s{f^dwsEn^9GY?K$CwLd
ziVEeEW;p3L<y__1dK#!BVL1poHv=@v`!?ZR2!9!<EoI9$FrJyRyLFD>wi7Q5cR32L
zK(#j4`;Bwr6_-lZWzU+~kJwuV`;Ge-(IVPpCOTa8#EcYFESDr#=6wuO4wn$LPeNxh
zVSf%|glgBu3XY-qv5x5<Zmj51+Rfsh;6WKEEZ2`7JoP{UH9NO(^m);Ztlogh5vY;5
zWyf2NKh;G?mnOE0uPzGLD`=**3>T@slV@s>z39!xlg-rVm$w2bbJfz}U61H(f9414
z?G6cS(^tud+G6kLgo+T>_kwcRY3TmowRx`KSU4aS&3~QpaigVFAq5U63K5x5P;7<b
z-(=}L$l_n_m-4f3H%*uE|8(Pc*%9ac{-RoTwO1<TGo4KL&EJ#-437U?;s<}80iTQ*
zS$uQ)RA`GK*$e_qqd0-*v9?F&U_$iaIV=Kqs@_zk2rpP1PhEV;?D9zRNxwVxK(NL8
zvdmcnBG|5Zh{O+tN&$3et0%tKEG?nC8^*`WJLx#D&~hCt3ti=w3z9?Au-E}4;<1Oj
zcGweqx|?RH3~S;+$6s4F%a&@4vn<d9)5*v2vtTfy%X&4g`42{WKdfJW;eaNaA;aq)
zomomw^VbWH-=Bz@J0RsW7mN}Uw12bj&%Ki=P)wVhyhc+vD>PCj2Cd*T;X-i-j3IoN
zx_9(=9TXY1w{0R<&BvQmo>QJrYEcc-3yajsR>SA%Gd;CC+2_!}ZXyY?fQh|JwMFF0
zHQ84o$~{>zxFxlMPUKxyd=c`>LrCX3^HW0+s|)b_Mr?t%757Q(?-jKu2Qe30_61p1
zS;R6&G!y&dTebf2!SSA;-4)4OyY?Z{$==C*yW7A<hqHS`L#@=M1iQH*+9~@O{05wN
zVI^}1f-Amu>K;3x1-{&BM>pNKHtxe!o1)6A4;D7RTL9oNb)>9yDD7gg{}fl{cW{3J
znww*gZNr-v8xI~&B#o$uH-UKv>IOO|zTQ`XLTc81`mF%XM<)cf=Vi)oO28TAEsHgX
zD*{1q7M;!FL}n%O_@nbQ%iuiOx~_BT$-p@*P%;Gr_lzGYE~TEVJcH@`n7t8?EuDJO
z-cMjy3>qq9sSJV8thYKURu{l47aCXFLp$<Sf3c)yR6c_Fg*l%$TKBf(sXB_nvVGKa
z=ymARp@ewQRB90|ZM7Ga3ns#L6d8{lIEWv`AH>M3NWt5medjgP3|_oyHok1sKTKdL
zI*s7Z#H;0KmkAsnnkx<qO|;$@+`nutf@L78ljY+5q#jCk`#ueI>~$IN@jJf>Ofd|=
zRmU;a5yitW>5D&xEc1tC>{)f;Qa514v!dyb$oCF;nX<MB|HyuoyysVC3D}i#E7g!2
zcZL>-?3`f?CXao&Z7d39OLoNCm_IB01jTNr!dKKi@b<?Z-YSzOdb7JCLe5*G59VQy
z`R1J0&Wf)t!Z_~(Q>puJyc~H9f@o;CN!Ql(X_*mB+wJvdyQ<TcT$$2X^Y_|ti}X}n
zRy>en6J@Z{{avml_)T>R%o_}-GNS1ZWGH#nHY@Z+55xvbru{Bwgm8dXT(`JVs#l~n
z!l@(YENUk?mJogifR;p>-hG2Km2!C(g_FeqR^pX1HBEVWgoSA?gBbIZ(i<L{Y`-FZ
z=BHV-{2uE$((YuvsP~tiBA&0ZVU&u@03tT5!aIPFRRF*0^QLZe!Ixo~+$nKSHotNd
zxxZh+k$Qe3nB+LjqwXut&pGVR!Of$^#`!!Iv%q+ClX094<O$VC3-Pga%<AmWuvi3#
z;8zR(u{kLZKaI|NRaTq0@X(I%vw!lWXQ8{65GA?Hr08uGC{pl~A{PDCap)mH?D&FT
zu3fls%joHQ=q~S4cdKrulH@0f_rGX+tJq3{c1f_!Y`2-2nVFfH*=@I(+RV(y%*@Qp
z49CpO%xz}&_CGUM+LiW7Gt#aU58szksp=srD=U=|K`;R#qTPA)@x;e2C)>q=7KwA7
zp?lig-hIq-JA8WqOy9txO~oZyhMaj2YCiAxJy!YWZlu1c4D*EGI^U4d-CJdjr;N;Y
zV5fqM;<#E^tP^u^NK#s`wjDH{KzXS|uHxdZO*&mCs!A{u`CA3mSSye*$d_1l)|?2M
zZ3#NUDcywr)%YD(9&sU_KH|-EJ*IFB8GbpL(5&#8xgsT%kro{y^YA^4iXg>oti7Ep
zKfUp!nE0R9)*B?ayOkU%_~-sF8QVDGzwgtn{cD8pJx($kC<lTLGGv6H+k3tHNj;Nd
z>jcX?uYw&VmlhD7`W+l=ga@0%{4PZ$xMDEJ^|tX`lggTH&ild-VZqaxz5^e|*C_;U
zYKy0VZuvDh`SZ}%ok_5}w@Y<0^9t_j?bjyY2Zz{=w^96O>f?C7X4WJi2$y)C2$&=@
zhpO+RWehrVF+RP&v(H}9^$B=y;40IIdi^bHk>*H>$Fy(Lqeoni96?Y}U;7cI1Lx;k
zpR*Tckz#%LT?M@t<uo8Z<uoz%;Ee;ju{TF{3RC}d*a$Q9E4(>~ib$cP8ist*l&aNZ
zLKz_0RU?N96y6tA6#wl?_9wm?TARKv;i4)t!Jh5M!#as9H~gJRxW$f$SyAUMnzPEU
zK7uuTD<yS604bf{Ekv$C0}c;4P~f*8f7uyy*jib$S;vdJbavmuJWrI~vR$aW^G+W~
ztnFW|*j~2y!V`xfoy_yJ{J1fYLy7&yEFEmH9_QBD#>4YtgkCf)j;oIa6B!mNJ#bUV
z{U`Eavj_SKJV}6<PzsUX&j6fur49VDUOnM2k4{nYFSSxKzra+uxq#jC+8eM`3u+^!
zl6NBJad}w|DU~+UbXMJ02}g_CBzZEfqT6wn>tBY+#`=1G*1wgchrQuq-Nj}MGQDGB
z#>Y<AvwjN96yP0G?5yG=?tO6*OvGiVP%@!}R4QJ<@95#uD=c{BABm<|geCVy&7umd
zW1825v>;@+C=`t{gBPuH=P0A5Eiv&KXqln1Q39t(hh^<L_5k{$3JUI2DFRQvDPJ)N
znRL@zfpki5TIN1RYqHi#RtcbRs<tx6LW^+IE0z>th1<dP3)LREgAKE2i}ei4+%v!b
z=;ZShBpk1aRT<`ELL#X@90GSo@FSpKNiBA$OT^|dWz|83t+$ROl9C`kW&EB3`C!Gc
z@`PS`FOl&RKz|i*Fn?Scf7A>4YPOsSMl!D;?rv3xt+rYlGCgJ+<_g7EE#7q~OM{R#
zm(ZyEJ&P6LbE)wo1DSxYq@4jI^b<r5;<BxN36&y540U3E-5XRAb&sI7P+j7qWq3tv
z<}BCXiJ=hH4>+A{uDfvAr!(>!uKHz9S7+2>dWkD$!pB^o@~2Jwep4`rsC}d1kiRM;
zSh37{R>c5q<$!9jTqWD=mf@E8Q>`ZX<ud@C;k>kuwY-}$WoakC%oJ$%t;I{|E4h;d
z`rh&Q$C7A}D$+0j1R*oT1G!#9_Bym_lKhy;4GWZ`FCj5?yC6tM2j10=2tIex!-;k0
zyr+LFvIYa{-u*t2EgSga<vW2o(3UchnrH55z8wM7FbF_`DeK@v))~@X8}?zloy@b4
z;lt8q->#)YllVT@-;K-UWE&mjU3JfS%n33mt1Fu5{XzV)aE<_LYWLg8+0pcu?f)q4
zjja%1S-4q=n27#I$;ZbiVQJ%R>c}Wz^UK*(%+$pGw<)8XshzpA1rZw?vw#2s?0;SE
zp5>FM7`x8&6L|fKCSZqDImFQ-ERwP+M27fT*ubyOA3QWG1&om6y1BHTnYhBBL8h+v
zz3WQnbfsWy{abx4k>UsUFR_u7_g_H8)uy4y!Rj_XZ|*I(b*EWYc+XThK?5JaZRP${
zLD%oJ@hIVF=it}_Uh}ER>b?6t>Bvy@ugFR4#hGM#WLGErAfcP1?{9H4dh0D>iZ?wZ
z!}CNF?y;O!+s*6YzfOzZVqFGMBjC(o=_U4C9%Z<gR({TF4dJn-6Ep%GPCeZlxoYo&
zl5J6Y4(ZxYtThEhSq|^CV>_UanKiHaVPps7`~TiTn%O`pY!Y>U4kGEI6QcQBk)M`!
z%25s9C-Im`IZo~i17Frto7xB7A$8cvyHvHxN_kz&VpcL1LWy>WIzeURHFJ3kgt+X0
zD4gii$7tp0>+Fnj332vgI1*L=KYbEE>30{UerDk~zZ3|a)*TW(sO{6hcTkmPRf?(X
z(G5X9phypGBJn1*$(PfJrE=l}Iw8sN#o$Q`=lfbJ2vS$$WZV0JWBVmyZ^a9T-7~UI
zFvKyi(UenC88OqH&oBgU#O3qvm_qHSaQ_Vn*#5Ujz|G0Y&HBF>!A!)$#LC3M_WxwX
zg%^~!s^r_{WOo92rB(ucyHpFgt`?*XlM#Tr9~2W{$w1Q5Z)CCn3NCU@%<mwQu=TJ_
z8$1dc2t!Rq+-)ws_HaS5cERwofjU#jrkC}30ZX*O<G0(l{r9^U!Rw~eai*hr4=?L8
zDn}ISuwL8gYSR9=gNcFu#)(=<)3wQDch_%c2la`pS6ysgok^{8e)2*}Gz2%g-04-#
zYgP<idpQT`v)r7wQ0Aji-{D13lM=a_tR1!wo8d%6Cf`C+Ia7<Kil?^#>WyCWs)wzy
zWDhW3_wQ`A;TPUEYoCLHP;$3q+s?>(0|j^^kAv}}o*RVsZKEnzD3iBEZrNjox2w(w
zjNv!E@b~r;4m#Zdm2|>qKbXr)C(N4kL=3wAA7(wnt7<1*YY6gC0(dvfZzEW1yB<th
zgiLw#y(q5)_Zaks`nPU7%~*dxOak06Ck;H`YLE!}KcA7r+#ujEIXS!yzt^;*E<cj$
zAEYC3G#JOQGM1n&b?3I-JO>NbsGoD|W9k(#S<LX;f8RD7;S;zD3^%GLF>3R8jRis_
zyKcTIY)(%H+do#Lzth-Z^Dl7h>!uk0Cb@k5>&fi<wBNZg!|hpgxxWe)8WtCA3R@WL
z%3PIw>r<i|OTg`DeF0Kk${@`tp=AT&O0dw#?LTlq7dvG(>A-zeS)jIbbTgrByl7ZD
zBbj<ObZ&j&9fF;1yg&;mP(|MwkvoHKsK$3T9H!8C^QH?wLtDUt=cEN8JZKGPaY+?W
zm_+Ly!N*1LLnrN!=SwwAb#At)tVv`4uvr6XX|^`_+<*BHlsN~psoWkY`7G)sjBVC*
zrd&zYaARe)xb#xNZN56$819OGfBJf5`2=5fZ+Kp~O7^HC)PIEWb@z{cZRa>YnRMOc
zXI=ZG^yxKAv6M0|{Rr}1P;AM)diXX}+4;TTXN$Wf<eJSBxs>yJ>+RsmEomuRj`s*Y
z<<WZN@tdXmeKjw!oYI?|-4E{MvsUVZ5#Qc*`#R>}t^Mlce1xt3Z^!mEr3p1xyZN%V
z;CiZi=s4WSbER3`UE-PO+Axdn6#sW}u!Dg|gUeE;R!Pre>5P&-(6hX?ZZdb(t3Jce
z#e1uq*QNAoG5gCa!4Zs8y87zl=$Z4{s5_a!hOSO>uF<+<o%g-$7bYlouPdI_e8diM
z;eqb3Ovf<->6-dT^Lzb4*ugoY@d=2v-{q&Dyb4r(<RfiI6!p8`ot>c5H=%Z{pQhnU
zP8ZQQ`ge`M_n1QzL<@*)K)aBjQ41E~EY<LHE?%J{D(y?_)5^T^Q|(j0i`@ldvPt&j
zX@RW&+V?qsr>fhz!hbzx$NyXN8B4(qP<yL}sh#~Qi76*dk3kB}hq`CR7l_hM&xO!p
z<Os<gw_25JN!c1FxLNa2Fa$78X>QKtKbnhw(k&+*HNaMDh^Fe4>(FoCR=XaQ>wLm5
z4Qfdi-aQbS@3G?KDi-$k-tO7KbLmgef1iym-JY|bGi)h6>aZ6vs8=q9oP#{(c}jh%
z@K^a3f60I9d`f(3@T+H6&@M;MCzqiv;WD8@MVgPL+54NCBzf3i;r2^37;6lSGd1dP
z1hLn9*kJ2UquU+0ULBuxQRWU<d*J8JVBP_}Aq>YjZz5lSA1J=uy*by1UazPh*k5#h
z5x^U;_0yiWG5dTj)dIigvN}VBuD>5xsH|eHg`Op5U(Zv?F4^>s`o1g0BHya_-#gih
z2Q0Kp*ynP8PIi>eJ-;fpJKRPE>qP=hGR&sSG6kwzN_f=NwUq@-?}{Q&$A@Eac}tp#
z+AJQ*jP^!VCEy7;nv6zwg*|-U51-(FKi-&oCT1gcPFZmPaS)h2vn&3j=<YLCKZk%l
z{?hLgbhROjf9C9)odqfpKJ}}4dS}<w8dM(h_L%)-Kgm*Jm0}OdW^do(42(Wa{7ZZL
zKER0i?o-{>(uL#cRNp&{DNuG6k+BTX6osB11>ba&Og2ON6ynicOQzT1Xy7F6!~AB=
zoC)|4Z<P0O)Q%j3w+w}SeqglR<Ck=lr{b3lZKj&EKyO8;)Fwxe-=jWSA_wL~Md3^h
z1DbjUn8kkuEvMS|V6k?tt|WA}z9wk!W~%3!Sl)56%he)QB3LX|rLb`t{&YPI_IiyR
z>|XZGh@zfBJb8<h9pLtL*3g*q03%p7U;FGiw#SCN7Ifcrmla(^Ni_XVfuSy0J)=mH
zonqpM`guPw`qQMnjeXRN7<F6CK;DBe^C+Uu$Us3}s~nTu%QS+POon4DVfy&-3;woD
z=Dbjl_Jll)bL#GKEabU4m+m8P6H^21u@UD4#x8B^f{}ruS6w|U2>7!<^i)q)=j|xp
zSCpTE*|06Yizn;E5XJRPQWXNrdmnqUwrV*;EHflq{FlZKmM!`;Ej7l$T{7DW=E4tg
z!>_yZExO)=gOmV)nI~_KxTSE1VARMPB~bFIC3&ZTZBIqi<r6%^W=c}Ls(^Q^kEKTI
zA=SH$!ES-!OO_^Ht7@iJRI7<`<Ks}e!dji%GWLDT{#{xiP|y<`_QG9HM}u!}j?{Z;
zbMQC&Cb^Di*}<Ez#1st<EkNy`5W9-9kRoWF5q=C6KT&|z=3+h-KXjUT&gW}ywyXt9
ziP3QEVxIwwuSV6!*?(@^*Eb7rBmOXK@e3{1sftdevCiq2>TI+biX!tGrkSeu(%0G-
zj^MJ=ADQN~%$w#X?+Kbu)1&64^@W(4go*=4H3Ok`rU{|?Nh)!zpki)<SFPp`Ec%^v
zd@qq(F6|5Jf9J1gGR056EW#$k@PnmCz=zrO^nMEd)NMp7&FpRJk4=@cbP}~5Dbb#y
z?>D+nNO<!Y6eIj{ke~V*KSw68twLYI<+BD>?`vZ-R^n_?Vw%sKVhHxub&-!UR#jDR
z+m3Xe3{;$l4<r}7&9T$-D`|9ZjA$t}(hSf<ksP36&#6MNNL2TjyT#SZ>y#_7TD%Tx
zOtWPwuX9=3sE?YZazJq4uLWkvlkpWDdi-II*+4N&bm#kPeaybH5<Ue)xuv=t9NZL4
z2tofI#i$w58ld>TnETb}*HniI>qWd~61?Rf(vQlWMLJz{>?t@+O;=`hyw`-LK381Z
zTv%Aab6`5tp8-$Td?sY;!o>k)-Ya0ucOH#g7Um)6u4)p51qG)b*%Dgi5Y4XD(jcma
zjTs}3R6j?cRH$Z6nnH@hzQ48$Vs**+A9|zKj3IMY=NJ~!n|q~2KOzm9lnOk8I23ke
z9J_!2u(da)O>1EIi56L3KW^3F9tWJV8kL5Glh{6$R5s~G+Fq_7mZ5Xuk^N`pGdUbz
z1~<8EbSDOvo|ckf+LAF)?=wg28_e;HuB(!3T2`LlZ`}@8fd0qcYc&cPqN9yv{l~WO
z92Yajhn{~vph7X+Zd_M8#E)G8gV~~*5)3f7T;+hk^-<o9jo}wyV}oWM%)LG$(10^E
zNq^Isp}w^45bGx|k-A8^!f1eK{EKDAj?PA7!MlK%kG@o~=2omyot2Xlw_0$=|HHJ&
zwSnnP=4RQ54yE!<C)vquh~obC=ZTa<3!1rfy)=Nec$EqWNxdvvuK;LPsfsslMyo8+
zq6WfJr^wdJ0a%N)NPx!F3aQ5NXmG_^L_kZG$yDPUG^gS;QlJfWMv+C5aS9rO%Azc@
zDgaw$QJPsFV5zbwqf9E^j8-bctPY4nQ&&-wQ6?5|M^i0IqXUvrQ^+t216ZhsWtkNK
z^(s;E1!@2kYCthnf^idCVG*>9G8IsYS|Q#z7;Uf^ivp-b4O@go0yLtAlx9`}cvC}4
z%^3oGRSu=+GywuChcfY`;`Y>@(sQZ+8){IM-_moUu)S#MD!--n5(j9-JJ2juie&cU
z2k8Gv<i}LVq~obVWMNCuU{r==_u>W^LgWEl)Kw~4MNG245=b;)3(+8{jf-Yw^Akmq
zMdAZx`wIfyq~;jJGtmTP9Mk}$Dj!6^XO$0qz;)4!2Ee}PMF-F;eVdFHR{Wv@5LLlT
z+V@BEOWtQx`OpS17QG~*<;vcsqvgunN>YCj0V!3y>41_d-c&#+l`cl0mr55c@VeMt
z63|-gE(_o+US$Mc7rBc9R*K!_0h-0`;(*j*cWD4-vAZzfq}W{nU|#Gl0VpkAr39*~
z@KFO%RW6eE9jFNs_m!y$;*Dd`kYww10UFe<(zkJFyv3`;Kv!xKl_n|Vlzn097U^4m
zG~MD=65yxGCMB?2Ws?-RrLsv5%vRYX241RcQUI$}Hc5a}Dw|}$Xq8PO;G>EjC9qjV
zj}*A1qDKx)R?#B{+84h>qov9^q@$(E)N2D|i~eoJn^7|)?2Aw{#O-@iPbZ3m^6UMd
z!@C@f<!kT%UtH|5{7<a!vHUj>-v|*}#FHjG6Q9JBb_<v;+0>4I_?0K0#G7bgLbe6E
zF4X=g_BVVPr8=T08nim52t7apxtdHz*mQ!rHOhh-dnUXn8j_w^N6wi?U0bXv&O(^1
z8Qd9X&bz=v%qiknOeIpdk$OdJQHm|HETAmMf?^KdN>j4^Ol%?CD#9wfB0_;YLk5kc
zf~111f{2DPLxe5e0%cCD07lGI?0_`KA<sd~gf!<ik6El3SrNO8Y(M=64FwGej=X7M
znSNYZ+<G(_PlyHh5}pEER0a|`4H1qATbjjB7mhfpTu*GF#oRJNmlVmx)b&T=aq@BE
zbNR){GRl8(jrc_41p;0_Un5w`|H6|HHs7NZqZT6<qj-dGB0rNU!74ir@na{6B}qwO
z#wSL>h~0`I(lny3jbcguCT~zmPahRSlQoqf0aKPEGli8Rl%|F{3s+;INjeadBi$BW
ztWn>yO?r<%rJ6&gc@J>hLH*1=<t?x$9aGP<CmBo5tEGPCET|1fR9#C=;uUj_JN=RT
znS9Fl`-623Q_PR#Evv#?qFs^tS#ta{;1snWw)}#$0BP(6WbR$;8o66m-B+>QEqptM
zEF0F7Hh~TOfnv^=<tyeCp<pG#ppd2(rCVe;HNt?zGyW8!;*M|5>9=>vDRx0=#1k^V
zID2l<CaRcM1VL%TNH_uc0jZc*I041F{GtrIoAMQLLADrgc#9+ooN&C<KARGpa@whI
zfvp(QPh0YJ5obR#<P-MZSkLy<Qv#aK%u|K}-iRxrj_gy80^JC^{As%q13QwA_;EX;
zj+|4T0_*aA_N2~?Q<?(W@(bAWqgJur{Dz4L2GWis3)VSuwR_`nc2s>aXW}^su@gx>
zguHu_8tpu%i0O#7WB+Li9@>4_01k0IuBg{^<Q1b?i2{Uw`GU>5l1&`@R-o1S$CVNP
zla5VU7T7M`Ng27qO=SC4;PfTa3Z)s5;TS0NL_E<J0?nC{Y^f3)VHq<NRs|W+VvXTA
z;pY)%C{uaTD|4eIsPcu<D=I7O&V^P5s+Mi4XA;Ec#elMevcNLFefYo<v8;W>L{f$N
zE=uvN6MqVcEFU4%G8yc-mvB@E5JJiJdNGqxEgT0s@MN(pOn(6BG^?;U@(IQ4sgyUh
z1)B0dnp*rOBe-_+g*}oG!(-3e6B{H!tY-^FK^Ma_5fUYdv6|ftFT`LAABRLalEiDz
z15s=A8zQDyX59bj#Tr}2$bK#AHcCF8KkbS7STOC0Vu}h8-avx5S4<%0d(N8pHkmi=
zy%?EFmA(GII4nku?1fLoZJY}t16VZ=M2XN7Qz!s0aJSmcgLGwC58n^362qvlEXkl?
z8Aid5fEQy{Q&nVl`K=a#Mxrnjh~J`Z5a6m?*gCa*_=)^R^#}X~q~-e8JMRtt4gC$m
zg&~-q=$hszA!H9YA_&wk!5<&!rhdX-GkutSx&AW;|5h`RnJ1rUFQhk6yQr%IkbdCa
z(BA$Z@Bb3--2!&NuC*}TcUqpFdmwxlI%Yd}aBjX3-ND{mtYe<pchz^%lX~GdWS7Oa
zG4l=meF@&U|5|RFSKoKfXq|ZEwoE@>iEfn6?j-i13e}k~*2IFvg2d`f-v}6MpKqCH
zAN#B}Y<A*WK)CjQ{j5VZ<yC6IZ-Jf#4Gw^svhLcLwC+YqTk&em;B;?I<Mh0Sx&pg`
zxB|I?ykdF2-G=D_Ys0s-1KY7O*zJaRGds=n$IZ7FGF&OF{X4tTT&EAFhoA?c2crk_
zfpO^@^u@p_e`jEpanZfVw$i!gocfHiz`uRJNO#?C74VE_u*=WeMD4tsBA?GHiYtQK
zY6G3l`R5*TCbR+JFNe+A&334fca)`%g{{R_N^?GYzIy(Wu0{xf#<aOp(tRMQ2yJT>
z^qB^iCY@ovZ)2dnc7LSijW2E6fX1rki$+<>QGRj0scuT>>O8e9Cp`k=5&{zAr+fK8
zileIa$o8cy|5@?w?pv{j*BN#`FrQo(BTON;k;)kdlB?Iq&SE>IJ)avwK7UO&LnIoa
zQ3L_vF+Ux`B_CV&Tx0>xN_3%RG1LmSLbSBtYca4w$wF4WtRat2t-hF#t=&k)0_6e~
zZd?SlB`IVWGYTPkgN1{wB#%ukaI8_ytAbIzITA!p1}K#l7JGF9<0<fj_jH;@d9n6a
z`M}n$R`<+Qc27J}^<_VaRh2<j*><d!g0}zApuM=INHbAD=8Z)<^{3qVQfm_VI;u}Z
zh3q7~gRy$~a0qbd6Ux#lJM9!HX<cvg_^u-fr8bgvWF%$~ap|$`Q@zu;(IK;Xums$;
z%r5eNn0kL6xfJr?4T-v0yIVtCkEhDYcosJDlzD@txMI=lDI-}a-=jerCIc=~Cg@n;
zQzm`fCyUh%s$7B@_UbOh*w9|_&@<-QLss2XK|#ARUOg!!TD2tPHDs?!#sMK^CDeog
zzESD2=^SI4vD$J^Mp=E8+SjD=XlA1;Jz9Ylu2fwk%wE2d8qPit8g>q(e_jV=?KC3`
zdqRV5VoX~AEERhq<-|g8^cI~Yl{9MKe9iF?XdaSc&fS|<hGTKeQgk%m_K~XlX|MPp
z$nXFCwKy<Dh#hsVG;JzB&fT}xr`<=fD`!Mn2cm^k1-1-o?Z4DVV?<sDs)a}gHvJ>z
zM`XZ4fOwyX5y&4LCc-qRNr>YgjR6#S$Y~I4KOXz!j3AYu<e*AGnuQRQ5VBz9AVh@F
zm0;9<9QC0Yu`t1;LCgIZ_rLAqGNNOGq=Jy~H_n5`LWlwl6e4Cq;ex;dfrknO5e)z}
zf@Z?P0*42`3jh)F%Oi|~dVqNQ(Jq8Ii+c+30NxPrBM#!>$A=I_9LUQL#yG?xkaB;h
zKVZ~CEOFpupbUL5WIt~G!Ro*`h!E>QG5X-s{I&X^vHY=wkWM9Bb}K+(`#^>>xNN%c
zEx>%iV?ZVS3H`4Fdck%;c0hN2{F{itdO#7u3_-*EgZe;rYx@lS1;Gq|_<;&Q34jSe
zd_jMJynw%8y+FVGeEH!{=#J!$`NDsLc*AjnaYIo@_=0}}dBgKBftTh6_J-vK<%Z-2
z^oH*S?}qLM{)Vj%$sN`m#T|4Njt`L!k`I;-^a6wc(iN=wpPr1^h_ViB6;aF|g9x4v
z+6Ii^M+>N~|NB36lh;2%WM@F9KW_l9|3<)uzixo8e`dhHnIr($|8KzGe<BiV|H^<$
zf7$?A{~gd?5C$j)Fa`(?u+$%zU{ihKeIb1ieXo5URhEksF`qN_-`r1vBVQ-0-+1r2
zCf`mMe*gX8tI7}aA0ya(4v>GcK=A%QE&uD@-81#i+)w`!5KmU$@w{?PuAMG?V*WGu
zy>N2l=TY&hh_u_wM?RC)pSEW<yk5(7RohWox3J360+V~cX66dvmDN3BR_~NoW768t
zx#mMRnPW85*y^{m)9`Q0^&RJv#7x<(9xJ6!Ya~7<=+X_W`mK#2g*Hxh_BBSE=K?=W
zp$^}ww_tF48wYhpPDi)$4zkMdz9oj#y_aN%S?e$vF3(mcvKF4RRdCgJ21bC&yx9gP
zbNXD1-@5MuXjn88W{y!8VuQ@9Kam~N(B3vJtniV|KaC<!SlOIL50cVwWCNiaF@thy
zI+sPoD>_kYRC%L4wOrS1gReWoAy!+-HsP66wRBe*5Pc!Xm)^L#mXRQr;<Va+!N>P6
z4n5?ez;IH3u{>i9c!9!qBD-e#tz<92;KnV``>Pk|*_NOWtT9_L*5B;2<Lmc~HtWsV
znzZZBKsMFvcZ@6%J0rcoZb`H?L23wNGvpYsK14oC<<3A#?SuNuJm}OBmG;qEv7n2~
z?8e-Bd@83o=<Aw_L0jmH#y%q~e;$$(bZR;XlhcOhMC4;5k<=-Z`OR#tS^JTo{&q0T
zkkc+a0pn8eNO)GcCchfcx<}JRvv@gMWH;xm`978HV!w3fR>!-h?~d_oA;Y4571|TF
z71`}0xG~VO?<D7@KD4n4ww?&rh=K8IV-1mSENqowxnj+){Nm(dqwq<p)RfaJ?Xn-%
zBkB?;eNQGZe@A5#D_Q-{hI^FzTalR2O8E-=iB6#mb2ajU{E5a3r(Lt@uhVGv@U~H}
ziM<o;;@^vzwwC&phuj7(4gmA#;LUxs4Wxi)mdwN==N~}XWM61QgbhmO6LjOgOYUgs
zZ8ony5I8IlI&wp!nTFKwAMap*)^vvUm!Y+Dw%1x|(rk&jCi!_y*<v+{skQEMutoE3
zU4RcuknNgi=6yF2NwD7U5ny6r@J0D9c(xPE%YuiK<pAj4jk+~|Qin8!f;>4v!YYTy
z!MZUYrp~b4-6bYn`T#itoF}Ek14f-5qY15-#%!6#CH(dly?r`1j+=&0lNS$P1V|e$
zk{22z9^_feLb25C*&gs%cp7bfNgsDYN@mb9({EcuDatw*bHm$SpB=<}$P>CXNwwab
zCR<J3oQ3c&TFXm_W1=o(<YdizxevFMw}5v}XBoMX;UL^1%FgVc*`9Q&h!d7GU_LH!
zAlu!#;mz4D@@iAS)n&Ri65tzN)UCdP`&p}j>+m98Gl`}ZGYNxliI}bdmn!t>*V$JS
z%_H{pSaVkg2}j?Cja$gfOJ3zQa>^Q+BDV_oPW?8&D-0iXKT=+r055R@L$Gjg2Vsa)
z6P1-tWC$)oJa?B+P+WI=w^=-%=nYv}RYOBqQ%7r7p*W>)tY88CqFk@sW4oHH&a_dR
zIY*CX<U{8etv<dPRx&rGC8ld_@siHVNf*wB_HJ2r_}}4z9x?@#3Z*!7_1^C9_w~zK
z*#gsvWszwIQ59BA>71?AsNbqKl`lvJTKZ>nVd!-yfp+!{*@_SAw)@6F^0mN7Bq#J<
zQp6|c&Oj<R2<0osbSLp6J!Ni9wQ2O^f8}P_ZFZc?#TLvI=<Cgc>moSewq0a{`oVRJ
zF58!Jr*@q&l8!z5H9M`D+Y{&KJFch2H;ukPU2>)_yn5A*QGSbE*j-nLB3miKYOW~g
zaaLA-(Vm)l)^u(>Hr62)7ndN|wo}AoR?S_24|?woF^1CsbNRt`;8?VIl=V)^Vx=Yu
z5?ybDgOKrb*>+G#>Vu8F6Xs$}>;-KFRu&7j^<?0kW(<5S1MH1y>0~w5+Q!k;a(4FR
zRJ9Ioz5P;Jp!-4|U;#ac^Ous9SGM2FVGB~IdhAULW)Wh!Q5L&1-m><?*($KHrL<v>
zTe<d7tQ%B-s0&nptSbTaQD)lYB?f;a!GmDJ2qXtrx@_@suX~MXIriB$A{#*8{hjw?
zrtoZIXMLsDFol(&WTGX?LA<qmwU5EPgXEY#C3(8wG<te>(&d1o$9-*RywXsxakpt*
zC04oiJj%>u(|^odE~lg2ax`yvqEuc_Ltxg730T&7F?Q=PZLpS8!Q0z$)<Q^_b#?dn
zG(_HZkX;T_zvi(<ej-@!yH#i&1A7QzjCZygV4SQUs*W+!Wuwki%@jl#o}5Uep%94b
zq!2z5jGDl_5zKFV#KieJjQ<$T+hM#phkg+AHrx%h^KP<-D@#_hxiAh!@2NvRkNJKC
zC_|-OcaR;JH3iY*c&r(8YbBf~@LTRS+*Ipv+TDMj@vAfa{FDu&S=sS=sDbsIE#1Ba
zy4?RWXZeyG8I@NI{~iRSm;YsM)N5$~X5;%5tj#H#OG;+r<GZ*zFRoPsNU?A;cV%yW
z-CSwd!Rv5BylnsQqwfO?NJG1Y!?E_@C?hX%T3X4jM_U+Qh(Y#pezcy^ejSr}Hs?}^
zJNL{Uv$E+FnN&(QX~KE*)LS=k9||uN#)RXS-jk@5=A_t0wJ%!3IpCjmj~!g~)v4lV
zC*HQ@Y<lM8;al(GjVV)4bK}U|HkJyX<|XF24nFNdEx1?s*MQt_Tgsc9SwhO$dWne0
z$kAT6^EdK|<HgN!s%#64%ucV}=E_O**d97B(a25CB3@%NxywUEE9CNWFIWz#$+G|L
z309jluIj&XAa}>Bx6Q?_g6t;1+~Q!KU}G+{#1C_>d=$_awL>Z?E?G|i!pdXNvT0}8
zj!{G^rHMDVdulwnb3B_uHU4c}ve9+^YB~L|oy)d~y!!pG;kaGd^8kD8JJhgSk5A`j
zvp*!T8{pj@@)8f#;L-K4ligOk?W)hjKa4r$ZtbnHGdvN-e4KFT^tkyMrUhZ#YQ60k
zj(W5DwQ{EMHwq)D*l3u$8SctZTdU!zXN`0j!D{FF&#CckOj~~zmOX%w!$(8)yAo-W
zx%sLmC^c5l%Qa%7C^J4T#R&cZLC(t8=Ju`o1f#V0mOY(+SE6t(2WKZ|7qQ5cLifCd
zpy%$5bPuw%H<dSWIm`}ryWOM8Me>*5RjZi(?}(036n&DEQ<VCD4f3?S{P{18ZBDrB
z%#i1)fp;?pfixg5Nd$zxdp$Vn5b$ajRqN*wo%F{%C`2Hkh_=c#Y?qK@P)j$)S4N0#
zj32IvC_dexyY&U8T{J_x32r4rrBk_!zKgR}hf$&mC-8Jq%Jn^KxaCrb+V}`NJAI5A
zTcMCeSvOM2&Ye(p+E`7Zg`c|lO22$PhKgB5@)@%>^jptnyk?+iOd9E*$@94gh6{0I
zN1V9+XaU1-qyss&e{&#&V%i1zx-;|CbP&^D%EY}T$IbehsG_8rLVgYrW*X5E;xB56
zr9}0AXJkGP!xBUHxL$^uxctN~2n2o@CMMoq%}eg+uRd_=Z*LkqGqYqZ?oXSLezG;Y
zJBXjh^`x5x87SX|vXs2Md$PX2Ua*A(YZ>r3sM>yOWeyrU6b(_5q%;9H@O&mD%Q+)o
z!}Wji_x6m)-K|yS751(!e-53GqtXnbJvLGEu&X*-m7Ffh&6TGQ88^2z(6Y$6Du#S&
zWoc3w3TjEVC5(Ut*nF|VQR8g4XE8%gqoOWdBTUQ13UbcPZXXOS4H<^lQ<}DI^?(Pl
z_jD)p?lTnu3i*cZR2VFD7d*=Fb=4KALh3Ps6p(_JvKN=<T)TOR-<D|xFScwh?2Ze@
zItmh9#3}y*6qeDmt7Jc75iqPP|1{raomxknbkpVPramj3U?7h;VQ<sd+rB4wx+v_k
zBS)oh^TX7;PuL`i@_Xu5k+OH(nK<5<VfVK{UOtkhMyXYOzL6gtrN2>7cIqm!(EUWB
z=$7=01d>f7Cvr*3?c*^=I1Q2IG)dFRik0=F)k}E6GjLK;YTqZkKS$p_(LIMAGAm=n
z{^2J?O?IF#cJ(TCgy$z`6f_jO)pt$KjU2^i=6fc5ZkZ2s&tc4IJ<d(TD_qD-NQyU7
zTfbLtq@6mGamz@4V#YI<kYOQktTE52HH<yf>XDh5;q2@VND}8z3_Myr&hmPY2^z~g
z|CzLBJ@1nJ)amtH*XHHv%ctJW+wBJ6<{+Lz=TGE3$G<>x-F~vkocia%HQYj_%Pv5d
zbr!|5P|nS|wb*+7V{Z~<jKe_~2;v&4RK_BtR^Rv#2&-zS+rl8;H3x*9+oa5TM%_6&
zl1zp7fb|;8O*?(V_A9QGehpx#lxdwichn7QYy9-peCOLKQxjK?g4sU&ZQsSbq931f
zDerXi%Q6V+LGc*c0;P*OqR0IJi?RnZV*&CvEg{ktllR5af!{}mQ|smq>q64v#KzNR
z-|$;U*O)E^ZS0;dsxb*3+P>euE8e0{{!Cwd^3*camckxbsg{xgavP8M?ztQV=Mj{N
zPZi-t@U{Ax@=1xLrj;ifnbfynk`IhC-cq{VmQJT<b;b6xk80&oLdTMd_22oLWn=9G
z)3ssxYge1Tmbz#JvsD{B=$}ty6mmu^*wE=PMqOiE>0IV%d#1<f0o+Cj9szNzlwia&
zW27F8RaU)Tl@+@5+Hx!jOX~X73_I^Te(ycsz4YYdH&g?USz%+{IE{ngeN5P5DdN=z
zS$!C(?!&ONDR(OsHaXsYr}1tCJ}*;VUSR}2Cv#BSZN1md4;l6sTkp{bx1$}kJ528{
za`4~lhQ7YWgAWUS-sdl+Gxl1aoPO@E&q&w$_2)hJymoDWu1_nVeEl6=PO%LGo=yh#
zSMyPcb<&~#1(IsW#ry{pBBbbbcXnh1oG7uG3+H{|xcS1IR{X;+Op~4p^Gz5Es!sEK
zHPte2zajQ8PJH@{#|X5O8&GS*p?dvJk(W<fNo!ROejI1aWv|2zDYnXETIYTo1MokI
z_v7UiFYFkX)Gt68*iEKtdo4X}G$jPTrEQGhC}z?Y`>@UH4K9f12A6K9Xt>VJ*dom=
zF{UgurYw>(_h@pXN#XHk?xoOfqBO+@X$$ty=WYNN?u!W*6$eH+erC1MVsq;t<bT!$
z?bNfPlD0^dywFRgs5MBGL0yK_N$R!ugF$VpB_bhylgvpK!CSF4Q6D<I$m87Qaj&&k
z*#7(8{5-_M?Z6v+*ANTZ`s>sq$6~f#tC@W4rMZ587S^-TS-b(44G*6}$95Y!=`6tY
z-3a*kYg`VwBW20Uv%@v2IpZPX2_2#M8@fHBQ^HjTyMt}tUKgf&sxNtB2*ZLC;-cG0
zYbE(v5u1x?zBs&07Fj=a-?{@$*=1_4*|<QNEu&AW5Sleq$)rsAZ&Us=Pdu2LBc7+f
zy+gs#pPpb&B1YeNYH~bGh4th@X@MN(yh9~jHv+MGvoteFF@$St$f*JeI0^Sfq(TYv
zDQ{ML%doUV=hQ@iqRz39UcG1=c&bNm8%hL;Te@gPM;txu9h@wDl3r5BZ<_K+6=(%i
zT~EX>^?K_W=S+351(algZb#R$;#E|utkw2+S=6(ZY@})#x!4w5OB6~AghJ^@4BbXr
z)|lZj{Z2RelK$ouZx`7@AZA@iH%4n8xUsO}{kZczpe5A#q++f9c0+>_!L?R-a3cy-
z?6@XxLw^T<y2ip@&P{H5fSpB1*ALFh_s53oG6hM}AZdBFh~;Lk?F&`hohCz;M1~?9
z^lUr&hF!4bNm#<4FXsO4tg^oLkfDx?=_0i~dYDiFooUbAbWqiZLKLZFrA_ml3aWiG
z^lKIz(*h(@#GRm=H;S|+vbuu;FB6oPxTUu^^!K>)7p045;%Z?p1@RsnQ6c$3y76H8
z|2r7>@WyMA=Y^szN#N}BW90szPD6CZ`-klJqr%asfNN6vmlR7gc&P4NIziR=>@6E$
zkK(8|CqlsvLJgxPSbQ*z_?!$owYs@&J0BAv(?uTK@6__PaA<cPPg@S?WH&<PxxJ$#
z$v|(=cZiPG14a4*VvwQ2wS~o?tS<AGAupT&@iLU7muusivk_EzvaXq17%*OxHc3RJ
zaKx!65Jb438N?cNfyVV|R1^a$IAR66Ia3<sg3%aoQ@iHU-Tdb*FScDN#4^_ELg5g4
zz5(R@0zX_)Xihu2i1G99hz3yl;57<K43ntjlNCPKVn_KpVyNWVMiA3jd*Du1V=lR{
zEuo^FGzBoc;(mqY!&b~n(?JYmIg`VKayX+P{m4YhCc_nKARrSZ!Ums0Wk>DzL{LUR
z`vsX8Mhn&ZQ@zqVjFy`~SwNR(3W!<~6PHDMbxWb=+3@gh4U+FR<nyJI8bIX}3+X*{
zf`E;U2M)r7Tt$81@G4ISvd{GgwTb!k37lI<{DE&=)}8<M?WFvU`?XaADgj_{zc%r^
za@e0JM)-bBFy7Y6UEvI0gN!&9ZAo4Wq2;MJY_myet{O$4m&gj)2uYF4@>ih7GJ)EA
zFT|k1Psk{lWoM2Jo2n{rVF^$(^|N0Hrr~e=zam3<EbX0lmm%M&MNHtiL>yw~{bOa&
zk09+2zGF(HS$JH|dP+WR+t<wg6za_6!RQ#l8zL3T=e(GQpNL&R%$c7)xt4aoAXraX
z>_xGRezA@|u;R_1Oya#rEt<@gfq?12dq7vIM~GF+U~E=E=QrDcRXerGu-z{E4YBA!
z+IPl*XhHsFanWaY>Z8Unfb$pfclJ}_T)cI<q>3mWugVrXL^C%B93@>H4aqT=GPy@H
z_00%f_-py49dXRTW!ZK}k6kCx79HYZal32%+!H<IPF>hrYUO7WsI%u=Yya-#wXbKZ
z8g;RuVY5(Y3Ng*vs%$mq*y^Ua%YOH2b@f`QxmaKLwP5uNu|z-h8tK{o8fT3c?P{jV
z#<3&F4&9t{bt@)sLyOntZ$)bLn0J?7Lno%pGgs18<|5r9K{&pG=t;?wIlAc>&3K~v
zVMvbb-S~7stavGR0Lo!7((Ss`7tCSezgRlA1FLx8<he~^ZqfP44;KoS!;2FM$D0Rm
zb{Y?5DiQ0NKthb)8n=bY_e+TC96gSnlQ$TVNlZQI+jmCH%BR<{72u`Vpr9GdZ#J&s
zh{l6KLG@G53L`nJ<{FVb3iXWZUb2cO8D_lh*L|;rpWa36J-8JlYJ$}OE9Eh^K&vm!
z+Z3YK{ZTlmx2w%{;zei9lo&;YR(o#vOI!S;wAdGz<=`!+0diBahW_qKto8TOxBz-l
ztZ!FlW$z=fbfIDP0)}EJ&v!2a<!aoA(BmJz<6L4NB_Kd+4bD|1UZ_*l3o2tZl+@xd
zSdSOS5E=s&l)NM7;2H+#p8{FN7ng(9Dw#bk)#cVtFY80@_KDHO4#MW)EsD(qT~mx0
z8%~w?F!Z3gJI9w@(*&+?`+JE{S8sDuwppY`3%Ir-i+^KZX9PHXe#?_2L03fCC0W}C
zJ9-3m5JVbrUl`0~+JoVkBWjx?il5+(UpY$gI!b9fo`Aern^J3AQHyK+2S8(0K%I(I
z{-T6mF9oJc!W&MLWj_bFd^TS>VX=gg2uZoBue7bud?~DVEr)QLfo2mRT&$vBgY_1C
zuv4yVlk3k%#=ks>5gbmzre7D~qiJ1IrK_c0Uj>{<?9f(fslB2XvFj7C&VQUAPvcQD
zpK}FyW><o&$GMz)kj|%%b%(ZjTZQ${ErsT3ME?DF8qf!r)}0JxsBz?OC6Y&tW<&{y
zHQ|0XQ(@MK&nL+KN$?BmxEVX!9&$tBqG8CESWY2EKO#lPPt36{D!ka0A`|TGeM;UK
zgOdILg)txnk?v3tjD=qlSS{PB9C^HeVvz0!ETO}!QSB&<j#Dh{k%1KlebF?tFlq>F
z;!VkbnuZ@JzkfvLe03k}FN?@bSXh8kV#&KcR<)g^<LYdf=dL&Wt&binjmSiFt-6L6
zY9o9^BGl10cTL0Y)}O^j(23qMyXf+`I{rMlI{mx#JjFiDOIVG&wj8x@@G@Td!hHU7
z627I!VlNIvCiFzDE2Z(GIt#$-L^FOUw!!+>dcaB302N}0DQqdV5iDl(=uLPBnv*KO
zMIv|}m9bPX$(HW(4#i-*>c(@ajK1v8!x;->EMZVP!c-c+gE`m1!nauQFY5jqRCH%~
zj$CCI+!10;C*40cZ}~=UQgBWLL30(QS_sy%v8{Gy?qSS_?;o60{2~y%0~c`E_<X8a
zuXpEd(|PPX%E_(e56})sw}N#FHvdisd&#rGje-0&1*73Q0wFX9Cj~p>o6LxVz61F5
zA9R|}%6gc==Ky$uen<>w73JqhvBJ+2C?u>vC_^bGSPq~4o|i@$)0!kAt`+_U;t)dZ
zw3JZLS?x00l$nR8<om5C^w@LQ+YtM131}Vs{nDP8Wf#1UrVgp;(tB$o>--XXBSEP_
zr%0m$9`1=>8H0YwCK1Lh=10+EaHEM8usxV#R0c*(@T|ZOT2s*SkEbB?vyO_<?4h9t
zlg^dpDCHnOV<EVK>qi4OG}-JOV3%ty>^+|p7ENn>JfGeUGOfA&f@+DEu%1F${$686
zAi0B#+!xQc7=H?lcU)$K_9wYG4!+d-IN*9c4DZ=yD;WFD;$|pRbFpdvZGm>lF~YAI
z{=~Q5;CWVH4+b`4`<ctG+Yy#uu42Jpc1qeCB>z_bnh*Qy_M!t@-@MU16?D&9?V)F?
zIBarUL*V8^Ie&e?RO<yRaV&9BqWTJ7rcKpM4bWE)QnhkqqSNJf6c(qcmQqI_v$dGD
zwrWq=FRyoED#(&Y40*dGO?XcV2f%7FLLF@G2L__ar<rQmapSU~DwczDAFrRoK4!N*
z43wfQX(Ix`kT90<32rwg-lA|N%soY|OOCJU4a;MC2SZ{mpKU~P?rLar1085W(wPNa
zch<cB(6v!YX(j2|AqTR`jJTx|@nf%LkC-!KnthRg>LHh71J0t>BRz>`C4j1~HAG`4
z^GCt^2+5-j-p#=90R|O`vXDHd@*h#nw$(5Xs>mP?O?s_A9;?}J@je1rd+yB6kn7N=
zxq_EWMigS$3u@4)wf+C;{2an2V(^<Q^I(GK%sI%K((b&}&wBW3Www!ga?4sa>W6vQ
zMtHbJ5}ED$!AZ|xWExbsR0XmbP8#oQ_Vmid!NX0NEA-he9b(&D`cj*O+a#IjM4_s`
zk|YgXJ*6PoBU)N;2A2mbQD~ZDFrCZZ<kAy@AolHRF~V%1T7`H=jbbC#y)lMxg@UO3
zmD32iDdcN}Vf+v*o^;NrLV82*-O=EL(nu$EBmXAMvf-utMiC{6mmflzRjLoH%w^0B
ziwimiNu*EPl4Z`n-D<#4Til(Y0of`D#2UqJ!akj!D}DpfC<o^qQUqbGWKA*v?R3G3
zs366{hx0X@*SDp}{l*oO;YslqPF`AXo0lzSve)p2It^xFH7QUt*(6=UN(~Ey;{g>A
zC_a8G#-@d>^OnD*nQAfQXEQ}xv}PL7j_@Jkfl%{Hd=nx;(TSB&^0@{-?d?bvGW%KS
zi6~I^!Wlaf*ygHOsCOMtBd9Vb>F8utwqveIGHq^pvQ&+IXIpEv$Au&is*nQq5IHEy
z^jadWzoKOB*H9dXSFc&^$L^A=>aHiC$zV@nPi?F9Ui;4n=T)gOungTa-yl)HT-mhZ
zvU=k3ujsPLBQCbAt)jl2AFy#gaKg&LX>t@SB&E6gQP0uaorulHq`!05B&eNS;OU%p
zNI5O-CwQeYein{XQHL=?H@n2Cx8yi8bd3?|Q<+7a=1+dAJ&Q9MA7OK7&`1J=k>tVz
zwYS=ex1iV=ngEy(a^-Biiuy2E)49T`U-^JZ`h=%k<eW)A8b0;lm&Z9l<QxnbSXc{E
zfC4l^4;Xo{mDCQp{wr5F4AC^{6@38&GI}^uo`kViN;z(Kr_B~L`QMx*oU%$-l^!5O
zdFmhb{oxs$y1DK@=@%BIEx)Ls;|oD+kww(RQYw<t0Y|lh>h>htmRrxCxKAHbS2lJ#
zJC{Kt$0u3Yox`xaUZ2w+HTC`a-2yk2TPHCHZabdmknVVaBf79|cGIRDo7_CkCnb7j
z#|lIANd)BE!41Nj1DD~tH|DA3trOek`8P2MSdDVDQs6;q#Btc6rXC@noKGQL1CC7t
zEIfC>rh!4$`fUbgwPHGoMpdJI(!ztWDMR5V5uF0`x594DXXhGQSAWBummpFwJt9;(
zmlPl3SL-rXaFFJcl8os#kHgdZe~X{hb-So%wj_dFy@j4f3>ZOCOa6SRziFqz`*&6-
zqeduJw&}+4S$d$qPH_Hdz2((Uj-X^tOxsBtH$7nL8@csnoyoe$G{fo|P0ApCncJZO
zKaT3}Nz&PGSx|MBF|8LcP0TUU(^rOu!XV+4$qI()k!-^spAi=Gj`b5G&1(i`id9Xe
z10rwrW|f9#z1!%0eYBm6zbS(((&GY%bnX;hSW#Hpjuy8melk<ZG|wg#Q>6;e@qno?
z<X15HH^DmzWy3|<7*iQDy~7?O%Q-x&^eL)2?pgh4%PNdd3Lnnxx6~+Z=nysY@=>+^
zQ=SRq)_lCl<2PDO4kKjK;_jYes$S9&fBcGB<H{!4(5(!XuTrVqy_m`Ad&KfZljQ*7
zrM_4adOv6~*oq)1D5s9T^HqknMOJ(&@{r^pt*k&Z9FQAn&<;wuv>gYahTsB^kDqbq
z0so?ERxVT4DMDw5RmTf>p0Lhc*<bHy&0Ol;)4aod?dBuKT>rwXXh6{3PK~ZtF;<1O
z5m#d=r>Ubqod4be#r?AKJf22>T=03sV2^;ci1;{9$=H@KSJUHWXOK8R4WkqZs&-%%
z?YoeYZw#;@Rwo^vVs<dLQi%ff*>U;PUG1tmY90Jqx^RLPxb}w(^&S!>yK*Cw1Kp}Q
zFns}s4$uAsD{{*iez~(ip4l+3#0Omm?mKyBZzXYOM5q3-bRUaQj)p~%#yVbYnWP-+
zx60f&nTklYdTJLQp7UP@T_{|or>Rl9cM_G(rU3(eZ|#z&(Ic2pAX{*;+{o@qC6{5>
z^m?zl^N!U|rQ}P-@rZS=a9#}fYjz|pQHDf-G4&meoBu+iv%C8atR5pPeCoJ7O6qUK
zf+7Yxqb0iH)_e~^fV;px6ceSp*293D5UMy1+JDeoT6S1ekd@>Zpg296a;#pouU-Ti
zODNkCp`aime+sDgM8|(5sT#mZ3@Hn3z%(+JppWxeiq=9;)=9b0Rf(G5V4U?;WD4A{
zak+muT`8KKN&6jTERV44MsQ^!XJF9|syhaas8DUO<1k~!r_?h2`pw&tPuXP#E2z{{
zpmr2Ks3g$5>X$VbsA<F|8d0NJp&ruRN1E&I|Ic<zn>zzz-tde{%@e-ngRmZ(ovN=Y
z5K0+wi0Wr}KO8>DPuL%VJX7z&qe$NK>V(j*LW@7_9>4@i+O@X%PM?J<9}9H|;ne41
zu_PYgtAh!*3?nlRj3Ii5m1m>q7X45xu0@o`@lfsr)j-r-+4HQlMb_n2EF&vmktHhi
zu<mw;e)*%ipOKV14e{lq=_{rfkW(-AnYchj(`l1L%=~GdyKeGy4|PxYy`*z|Z?23S
zr*^h9)TChq6At6>(l^c9r1K%DT@C0{$056<2xpEFv3&k@oizxV=XLI{YAt-I*#*H?
zXwrr#_Cd4{hRhi5E;NKt!0?k)IO|8XZC*8c6S*+&TPKwn(>V152oJ!jtR@R-JAjoc
zbxxTk8GF`LR8#nkpKOwkbNF)4?m$WbjV?&9<0nItfEJw9oOSc4wWGwuZp?a6vpZpz
z75=aIxE-+sx}K~V!{CIZqi!Xu<jCr~R62_e5_6JqwIzyFWRE3km!u*YLS!E6$%E>8
z>j=XAm;2yp<Y)K78|^bxK=A3nIV?2IzB$(y>@=*>Wp^N~9~@NbpXF1x)lCa+ti)fx
zlyBa(U43^3P_X6TD+6f3<Nq(x-ZH3;Ci)W&!9BP`65JhvL(t&v?ykWv9^8VvyIl0*
z?!n#V;_h~FmgoQ0R=r!b-}b{ypPuTOIsH3ls%!e#aeI*27Sd7fj<{V!<2Ac(k;Dm3
z=mIOsB7HCkUnr+=&t(``(zgK3Gpdo-FzCqxZvMu$yZix8<}n_&MoP!#i@o@T)sV2v
z7gJ8*9ns6rzzB(1MKWd>&i1x$jjw-nhvn7Em!v$+UgiEU7GDo$2K(@+iBCwoVto;y
zGnqR<Oy}HH0DtG)_a7zMheEb3idF5#ziSDi;`F@YR37)vI<N7sFH*3+lVF6M=7DZZ
z>O@3`DdIft(YlP<C?!YK9#53_XC=IQw2}>(LAfSnL2ic~q5dP6*_Y{9CHL<->+3lT
z7b5?vuvpIgjuP$<MJapNPu|FwnIs;_ZVk1$q*OySMzEm#W4E7N+NSNkKeMgtF<dJp
z*pkW{m5f~(sNfXH@`(sZ1W8LAjCk^I$#L+mJw8(<fA)V!-G>&`2rH2(;mMv!zx^tS
zWNqBBTwH>XB*JYFYQSbqgHH|fBcXw%%qQ|kBxOyb3qHJsv4|cVM%f7+tifbW2g5{&
zCxW*83OuS3VtaQ0`E>`zJ`!GJX<y?EfR44pP>H;Kjudu^_6-*}Q?bvSmL)~j^IEj}
zgZx;2;1_DO*;K;})FnuIXy#Rddb0Tis$;<T;8O3c=2OnB7xKmIY9*Ten+*y)J0o#v
z^$W&JW_r(<Ch=@eaqomu6&cdqnMOtHU6@qxC!IQ_^H7wP(tS*P($X=J6n0DXBQ5W-
zlW0-znt_gu)GS!|5iRDcc=ah|Q1YU0@(pz+VKn;|g!+syT7dQ{$B&|TONwpjD=x-e
z-rp3?tin>S#wMHrDaZUyvLZBxf-GOmE~eO;x&Z~kqId;8HCO!znDC=P*QOY@p3-IV
zQp;{6rk<Gw!Gp{2j8>hJf#&ppp1)jsgWMm#EdU#zBeNewvFH<U6B7pk_2j;_`{&VG
z$D%<{X+r*2^Z)w27rFPjZa*w}MB{CYTy4`QUwAuzgAeRvERbu`XZQ@s?wR)c=a{W4
znWDUR^4DmFSn7ssxYP^VV;6KDy=k(h?RSCJ!W%`k!Nm7})o%Q`RZ>7*Bc*EbSf2-1
zvjk&`dB}RTf{G0MpTmc~8Y>vRVSStR1faZ<u)SPbHE=5_5Y)_xKjieDZbuuu&CUbU
zUam!3$bePMA?n=wq7^bHl`rdw@-@gaQ!$pnZ*8b((U*_b)0s9t0TjGc2a-iSZwg82
z-!LYi0A@8m+}=hcM>GpkZ(z*R`_OaLyaVqsMp(l3nD?3UO>3PVm6(+ORSY)WKF;q%
zJnkVoIvGy6Qp7>tc!?+Nn|TSxygoO?>HP>=8PNRPs`VqWKXzJK&8eqNCF{)f@Zc#x
zRgdgN1XB79&EIG4TXQdi?iSR;L|yOOBeJY``;qF*JzYUkFA8#06A$3C9P$hjSdN(D
zxbQuXU^XisI$7eOtC0CS4`VqI?W%5?S(S9>rByViWj!ndVRPzQ3N53q>_k4C>Tv5A
zG7H^b=q9=XM~@jtIc8}aB%GSxkI4GM1#(~DuNLVG=EZ<VBbM~a;bLsa#(Bv&xNjf4
zuNTVK<n?@!oL|UYCj?na$7*zZ3RRG<&Yf0KVkVA0%a;yPMVF2XRo=BqhwyYB!Z!Qn
z-je1Ozma-L%p=D1Do=qmlX_@uxo`B8Eu1sXd;<!vzL&9kjeP<9oeSj+iZJ~xLE@un
zVYu}o$LrB0=!jI^$HxL)EELR|K1va?5|Xr%W3WIuJhX@iu#)gM*j$}TP}xi<9U=<%
zu-t&UxW;dm6^aCh9I?EKd!)E@M>G17BfnP8Us_EVvLnyYw-Zbb`gD3w;CFW?DM-iu
zUBV%158dJzEcKJikNC&t{*^W6y*&sICi?+ChFK5kiN8nq)9`-P4ErYfT!-ct<S_Hk
zlpHXDGk>se5$ZKu@RAioGLkaNEyLDfY|Km?NxmKBFo<5Zp$?!fDhgjTBBK=~|C0wb
zx3`3I81keH9B(^X-zZ4iFn6eFLzuPoMYli^D{oH<;Owl|$H_N4_+PUuEt`KE)=?yH
zNr~ggWODjo2&@p0l*NZ;ElmUG6f5GIzj*!$ACv~ut4u`H{ZxUArDL76#_0C0O1@&q
z<K%@2)qyX)V`pclm}sdq$E)sjC+<G0cX+?OJ4=ihq{R<;C*Z$Xpu8MY(3D4&luW>r
zF;RTJplsZURe>LIS|A|U%zZjwR_Ei)msMeEF=pM7w49(r;DWYO%Xm@G0QU#Zq~PgQ
z#C{o~yPfGuo|Hz7tac)PLQd82mGLb5W{Y!Ac{EF`oZni*yu)K^Fof?m3AKG2G3~MT
zHv{_iXk!}qzB*;F(M5}4iFzji0$kG-<8e{x@P!w{_A?m-39HgskMgvy$sx)r!{!nf
zg|ii@OLiN4TJ-EE3D#s9o5v=5n@Q&@#*9;wj0i}YU7Y(lS8n#BdVQO-$F`#<;q;g1
zytN2)QPmxf?A^9%RdKV6fr78wjuaM*5S+t|&eF^|$Ko9~2aa;`YtP1+z!eU3K6|~%
z&WfXnf-cP~rYxret^A_-V$>}xpGC=R+#4f_UB;rpEWSaTJ@5W0ksbkhnJYs$J6u-B
zUMmTEtzw5{WQDC;+fc6hQP7!dz(Vsp<^}Pp?B+yr%$r!d0=DRRar1bZZBDG2`aw`T
zpS_&@N_*Kv%4B4}-eGly{`7QcDX(qyt>^bP`3ch6;DhcvW6`XIWZNFJ)nZ!}&G+Qj
zuG_(O)TXy&1ITI;eJH_MT<h|e0q-q{?2tn>AFtp`8-eBXBR7)_1D0-vL?Y3zwrdR3
zyPcHjJu;VSgKd`<gX>ZpG8%@+I^4b6e=7_n|4>B8eS=kTEtE8p*4{AV9q}0-EyA%V
zlk9`cg~_(bvrf=r2A}JVsJQr-4itWuh;lV-EV6m_g;g`I9&Y~95UV+%1u$xWu`cXU
zH0R2Qd~Y|ST_AR66}2o!I^c(j-so8^&T-`*UkU8&XS3)hQug1y6nE^jyjLN9PVer%
zkp6!!=-=sQIXj|7kXI9%I2(7#bA06eH>yebnwjiS_Ihh|!**Wp&Vo3@1-K`w?6@9|
zUu|x^;saPH*aZkKn9rN5oSvA`(M%W4g`6ktybHYdV^FUovRO4fI}E4F<)~iMFJ2Bb
z*bM~VcDXy-fv%@LejQ)$2ivIBW4%MwuX}V8Q~hyC;&~_KSl*e9d8Rv@ja?<T@J`YX
zT?zKn4LqzpCV3x7j?)n2wD1J^0~89-<t$av9<RADu*1i%wRkoj=`C;s$4X6!tzfUy
z5xblRbBPo$X^Aml@+6I)Q6;pCOwP-pIDV_Dqe}**&%ks3Fmu$hJJiyBLIoaczEA~C
zTQ>8d;cu8Uw4j)x)`$f}+$>ev3&0vbqYOS`u^Lu=v){FYEB-x#^*07A%AybmsHm7+
zKUBlPzj_EHoq}bKqbSIe@iXu_U)SV?l~9y-Jo~WWqSNLi-jE4}qKahNa&8t7g$i#A
zliE%OW%K{r6`?`DcJYX{oN3iv$;jxgqGDNt(asRgN95?in>Zc#gd`Kz`L`_qEQIV3
zG;b5&c0N*)PbfIus9#oH^4;Z=_jGfkJ6fuOA`xBA;3sI2E7Y*W$gV^W1SrlXX$wm{
zyZi_cWlB6~EIwVjrS7(G%vE7B23*%kK8EOO0-v)%LW*H?hY}7g(P#aAdHVO&l4_>o
z@8~M~rN_;ce=ZBBt>>4D1{+(Gle+_H^4t$6Wz-II{UKG)Bktx@T@awRJE$H`q<|g&
zE-*;t$n*8z*<=;Bhi%AOqc>Nh{UO>>rT$jTfg9DyP*Yw^86wSU3XM=mV>F6C-=vY2
z82@!C5GOm=af#z2|2>_-aALLTh(=)@a+jhnt(1=PCMJ%s&!hYCXrlQYP8nyOFIrQi
zn~LlRvN5Jnd1ir}S}o5S6)%5C?og21ZdxIH>~Mj7oNozioR>K_zFpi#sjirVtta9|
zfZ%O(f@K^YZbzMk#F1)8?k$w=U&8%XjDma#$YE6|_Zbs<Ya9Qez1h^d)Vv3$G0B`9
ziK_EPXQM-BK10ih#4fj~m*cbqp~q%9owJlT9odC8s(uw(j#%-`koCCvw4`?;UrSxT
z%vrsHLED{9n~q6e+w;m|<XZ^iP?Ljiu4d$lCj32$q~Ec9nr*9nEIapl=UHpIFgRx8
zB?Rq4Ptrl?vxGW{mWBqqlO@RH`FP8}$pPTg2-!^kZ4Gc26sRxXL`IXd>*k)jU0CH-
z5cghj*%$-ffUAhkk1xIX+K?ME-1H)ADCUYZ3Q7JTo<dJ|7TyvurT8X<L7|YJNd=bY
zGaZ|<eA`(2gFE?0&=@vf2?4~Cqsw+lJF=%@?JXG0A36lVxJG*X^d#f*y+R@bOFZhY
z;ChHS3Fw%WGv?Q6HAqBVJq$U1z{FZMtI{<e9iCe@Kg)YBIvlx8AR_!b$L(=M8_4us
z{57?b4m!S{zU;)Hd1v3Ek@~pWd+WaM@*!{|&5{h5voddV_1lifHtpDd3G02t#E-w$
z>S;MP+v}G6=)paMw9Bb{x%0Y{OcyfMwYEWcoYu0%bl904Wd2NHHgH^H5T5rJ{?FRi
z-OnP_2t307(7sTb!#e%C|GW)#QZyk>aqi{+ZQ9tW2o6gFhESs%!$~~XDcCZq02t#H
zi`p?<ED}qoUrX+hcp9N`T6+8hYbNs*TL3Vm!oL~aOZ+bfMZUj<r~4mYInm7xUJ(-h
zQ)^hd^yqVmsfnhccO=q*+J^7|I|pNZ`?wKh_Z6nb4Fzz4_2z^C7*ed2g>)z+{#pP7
zG!j8A3wE4@6FGpV6Og&fC&cUHi3$v|2+t8Lrg9~vch~{l#v;VS(7XWdKOqNTC*Gqf
zt|$m+o%fUCxLz?xc?hpXr@A;*5r>EwifG%$@y8BOvw}RXWqDD$YBRr|tjT<du`=DV
z{Gw1L;zI_InK&2~*{k47Xq<9QAeJpLF+&`_>rFhB&4q5!d=$q1C4ouaDfJ_4SO2HY
zG!D2&N@p@VR}-2KT*ys?|I=>Dm#c%Fx;b6lyby>@bHAN9ve0<H(wO!f>6#p1;?1;e
zl_VmHn&;z+a!{MfuU>&xx+ny&botJ@LWt1+nXbo#OY=tu4>pJs*ws>fa|t~Ob_~ZU
zBs@bq#3Bv3)`2c{S>mN(!^2$WoyraTX(b#2{yGeV8U`AnIbhDyQ<2lFFGU%uis7Uq
zyd)ve5r<t`i&5Ol<7iY3OJDqcD&#WPGRsoDE}>-8UGerm)u}Em)}MA0(EdTL3+F>*
z?PP;RiPVTHRbEkALkzX@z_k&d1x*+Rpt5=2yitM$nJKF*v!%6W?$EVS<(<e6zv*Ay
zDbq7sM`Ai7`}%H~kkzRr>3MoLXLjk0%P}$J6G-@n@<IGAR;rdcfp9o-hpx7>yV)D(
zz>a|aUAcnLEp1ki#N>qA1%nt#+Ewv_9C@^LqKAmAt!>r{c~#qUdSSJT-Uq-*za0Bk
z;2XI!*7Z9!cDX`z-*Y-#pkm8;A#d8=XDtfx!@)WTMp$17#6*Q#@V~%EAq>jYe2$xw
z{Ymwgwq-0W4Mr+F3PYerj3jOW*ADq(le|K*A~~YtL5?m|vuI&Kr=n3=r(Bs?xM3fZ
z>hpH8?oEXyc5<}m*?I8DhWu990a-cmS#$tG*1avv1G)6*wcD*HUaSo;dQD`{|1jvp
zU6em=;M`Ct+{rhX$`R8$_`0x87HKpZ{ML8eYhfDTYLec6V_Q2AlmxfYnfcu%jW(rC
zY*SiXTTueES#$KeBdM>;5_5}V4`zq1wrkrxP?#rn21sLQv(2|=RRvwXm)Itmm{!ye
z#z>k~?z0LFTLS{`E(@-)s$h$XvR|Kmfhj<j|1NL-;cUe@bb9TI_mlgrZN_zRmi;M{
zs8V)<lJfo5eUJ!7P#iT+l4U4DRJV}7^2k)FawG&pe$HhvUUWx8ewn9Vh>SAdzbC$t
z#B{6Z19pctRq}>IUFJ0flN2x}_x4U@-`;{^V_F3Wa0iY-R|cBS$de5HK@}Dj_o;au
zBZ{c+xae}Uq`b+1oh0wd=CcXLOco~5-G4bLI;R9N3GgL!4nC?(<W(3L5HlGnHuWy%
z0#iZeG)b~{%*5JG3yR7|bM<tEE(CesD;;0h3FKS-)4P%8OLKj}61#~;9^;9luH!eK
zJ=-VWEKkOD$sFAAb!MTE4_})sKHuz@XpVFCQSjm}_aK8s6|vCw-&MYnArqBpYd84>
ztngL78wjM(RfXOw2JyygpXErdDsn4TN>a%>a1Hcvy-PinZjx^5DsMAXY$w>6keIr@
zg6cq~dkgaiYIt~2IsCtPCbRcIyL%{d>8<&dXW5M|kJ-g-D<k#PQIo$d4h~Ee#u^n;
z6RXv1n>}jZUxv?Lj-(f`#{(#SjPu=6MzS@%N$4pErqHNgVJGYoeSt;~d@;SBF<~HT
z8BG%iHi$pFN;QZhdz^pd9zWUr3LK#6$U0lj;UC>$-S8-?=ik@*y+jFSb%6Zqu1$AH
zR`@k>ik<Cd@+{MuM`EHMH!HaQTKssTfOgTxW5Tff{HPVXTm8GJb3``9G(9+NzioAx
zyCoD1F6M@t1^Z#5BSrS{s#*^dax-?7{?MttE+AV^&aiPZ=S{>)GtpJQ6Q1};eZ=<u
z6va3Ct&*UH;CNues-?L~(*;R*7JvygE-EW{H+<&pxJP3mvm6U(VV8a+z!ePIC=)D5
z#pCk~mc>aYc7tW2CK#q4E}U3?SzD$zhqs7KtADh86!(T79h=h(qa8Hyzxr{h*J6w}
zasnr>M{}WZ7}<4({Ma5mid$tsQ_Q%F454TDNvkiuIqJkpH_w2)5#;pIH42&PWZf%D
z#RlE()mMyD_wpRsq^j3?9S?c#m-xMoyac27b?r#6C1^BWM?!+lt8|^sNex?0nJzpv
zGWEbZKE-VA8hST&8cAc1z3W>^dO46JQz1<d==_B;$3T<CsAr`p$!7#o-TqG0A&0D&
zotZiOXmZ2OsKuj|w77QjIBbTz2=TGMBOw_z*IjYm*)Xg9sLN%pN1EE^s5fw1PjLnN
z<W!{e$kx%NygNE<5-dLnBe>O5X_ruPU52jR%6jP6M<!VD{`l7Q>dl)tm~TduQf;Zt
z>nS}jh?C-Qy9e<s9?KBC%cRX-D|3l#w@{ea#MAQ{S96hG{H+FDYQ4|&<jkVSt)$IS
zt=V)zrnBCUq1Aoh8N8EzRhza>qxYkF!XF(lNq@9M_tGCtdiNU=taRsly(EcD*;tT&
zP2{?3*!?bJt}n8&6wYLXx5}7iLKQ>6KFxUQ7TQO3O3-2-*>_%tq+^~PX~f91XwdM-
zuwHE3gme$Q*VP-WW~I^rpa)K9cM1dKDh&y2zh~U)C0h~gJbiO#OEME3Vt;HP6&wYC
zzrU93Et5C)FAkdd>`oA7qyXD<5>oW>digx-+_jaarwAWe<Br6|+4^+<RpB;O4A^42
z2(dBQd=7b0*&z{G!=e^?Vab^!vT4T~b82#IJ05e+0<0e4a)qjy#*X4PqCg~dk~Aff
z_0~9zoZ+@_&1J4Q6h!1hdY^T7Ead2ZR-(NwPN{G$rj}iM^;!@3x+2x3KgVT$j-3Zt
z6$Z|A{5ZJQa@}aJ-PwhIhE%AR-0gZZ#lECj7R$7}71-63l%mDT?DDWD4lHBc=o-_|
z`Q-~$<yuCq_D=4&0IO<MsP_~CWkfM#!e7RxyrX+9e2jVWD`n_~*dt2$<sPfF6X^Vs
z2I@{hd#lL~I+Mc7{JOTYcHvvb2A7C?-?WHxxFhO0fPi5dj}TtH<)iF$b$cSlBTADa
z>SPTz?#yBo0?HF2GUn`jKl|YcUbz;zWMT+);;QMeK%}%~^Dc1ATc9HfF{?AGA@7uc
zyN99Lr#-6rv2BD*L4#^737p1&m4&scyq7l3rv3KL0NbK!&tLRnsC-{oLFE%S@>+)-
z(VMQouvnDjJ$7BFwZS&B%ahRdp0fALE|fuq>&>T#W`{kA4Expa*x|jF&2I5_<j9Y~
z7r1MGp|<fvU>o8i@h+r1;pjJ5cj}PLS(2EgiZ=c`Ci&xa5~G#`j0I+(sQ+8%(XW2$
zonwsPCbO^k`fmnnsP>p@asgRr^55iorzz=IMoZ!9Ag-g(Jd9VJsnRzR%aS+P;_LON
zZ<as(2zYb5`c<9E-b4@Sl3{`7_Lk9aEFksjKTl<(AxXBy#}1;<PxVt_Z*UytU5ICM
z@S0qZk%B`5>%iMweq?n;yoy_}s7)Tv<)fY@kL_N!g%&ys^{7Y&dLHK~oh6W;?xi#~
zbbT>z?@7t>lL;~UiNnu=C&Uj9=($J_-e9y*!Gi_xP{4U`(329gFuG(O&yR{v3q|UI
z3Q!fn4zRk@e$aQ_O`o&Tbzs{S{a}yhv8I^HAv165*Sb;XT9!gtoL^5iUH%x!-)7|U
z;4864*WwF;;edr+z&Ad16dj=eX`O+ZJ1)={0ldD5wOJYO?WbxjR*BzeAZ;NsI!RSo
z6I$Hyr*|{T%}Wc*KO9K*9|SLbfJ0Z%y-7Rerr&2?|5pplXlIWH8}*p%SmBDT`R^Xj
zEFc(qQ;e4vI8gFEcV3S8;Ul*##+4RKjvwOqqCt?fU}X0JswJNk(>6(=9>@=V-n-0<
zY<{OsVal7JHTIt3mM{19N&nFQ&8`sv#jg*yFQ;G%^YviLnF~t0Ob8y;@Qx`&V^Wmd
z3z?%FjBqwrZ5+8ZtfRR6ZhZT~0x|%jlT48rN7gph=W$*$IBFu?6~xR(*VC~|O6Ee1
z$xs51rEdY)E3^>*t>-DxO<hF$$)6QH^_cA2A=2tesd(HvK^uWn&H_lNh7t=?r<Ec?
zWHp?I5BzflU7yB>q!#_RWE89U@zzW`QtpR(EKtF6&+vu4RiA;RPxPRWBoP}exH*M8
zb00j8N}-;GnH3#muM1)N+T;aeu2^Ac)mX!5;J~3NQH%CMZ>UC|-c#h%pEr0*A#*#%
zW|275%u3uHUNpv`Fze|_#1G7+pZTU;7$<y?S7JHUBVE9T4Y|==KL<4!El0iZ1z@Ih
zNI2kep)YT`a`!YRp*+05Xd@d#C4R>J#0r9`9nE`8t^U;Bfv*ia0ae**llOlB{sea@
zSWbQ0miPMf9zZ&G5rB3G{zE#`$MC7QXlnjxe2UYH8l;_roCJc-6~H|%@v48Lw8Zb^
zG-8+(8O6YpO9ZDoE>tiCzIx|6GkwS3A)0dT*MKqM{|p?6h{*k+31iYua6H|GG`@Hd
zgnQhUr}mUJ<@QQo32%kRA8Qy@w;{v$TuM5m`5nKY68&o{IsP;>!)HGhF#a^tA>pf%
zWrHslC}ceN=~u=bvuIyfKMmlGN>#!DTTq5^@gi7VS#LrHdqWWJ?rUfMrJE2)5eyHU
z$q8&cfzKr=oLQx5PrB2$UY5N3!5`kMqorWjAh~rj%Yfw2F*Wb?NgFsBuuvmgn!|yj
zz`JFH#Uc5Q0r~^djTNQ88_Hwra_#MtFO{qg-9OQr`dJw&zZ*&>TEViI^<v$xL5+Sa
z6x4X)F2X0(R-?_kRbL62Y4K5wC9iP*-o%f-F6oW=gr564cOdfmJOx#`CI7c8!PS_d
zdBK>0WQz02%d#OG8EEvVC}dUdOTtkJafa>eKwk%TLBnEMcKLqx`g@OZ$m{~^bc;0k
za}<*6^g21U{uDX|GynVx{g_z<zSLLhU0||TOR@!Cb|c751bMoz?PCPIqNn}0ES)eH
zKV*`rcNl@fu5n~D^Bw)nXPHt-KeY5}AymdWKcs;MQtcu#f43uMVecbLU7^o%H7J%s
z^*`ZLvFM&}17*2E+F%r*5#y9L7u1K$HQy0`6VdOg)jYG!L9=}{XrM12&a`yN$Y-B(
z=rj|b-TQ9nOdp)42=94loXP*w{Kmj)%3hoBOYQIN$q4_O1aNxcBj1UB7%`MP2;N=@
zkEe5j_fHglB7eZG_W@T2h&pB?-Dq!e%IAs9gI(el!GZeZ%(Nq`vMJ%tt!_hpVRhIG
zzTq@CnPjdmNZU<u6wP{Bgt5)>R@Aaf5J4b}=eTzoJvX$w3pvwZi_h|7<a}L_`Y2lZ
z6$!`A|F5sj*zxsr*9ZS1QZe?8mxE05nPr1~imu%Ks9MCkEXEth^7GA1D1p1kUKFG!
zl#a%jK)cU6x1m|*7+OIK-DIzSYm4s#ZJjBYeOCF-fvr`g!%q?zp$-?<KLC8a?tK;9
zxui3I%myNTl3+I@*Rzn1y;S>GcK|noJ`6BesLe=eq0dW5Avbg}uP*dY`*R>}yw^0F
zNP$dlllun>LTL7gx{+B^FfO9czu=|NjgqnOtpq^Y)gcT2_=uLoO?#^<L+^5Ke3yKX
zk417`Yo3`vf9E3ck3#jdQrw=6G!}LW+ni!I6h7!hG?Lt>Z)3JX80VpSmC$vo9~X!1
zg-$!W(R<J7Kc<gt+4;r~QuISw3D)F8&~a8Et~mc{tCjb>xg~Pz#x<uvxZpPiKQ-x)
zM;hh+>9rk^5vC97;o^__^c&L(SccBT$iEr&?>qGF`zK&D)V1HIx2B&JcZ^enp4Ad>
z=-nTj#<`#k^C^^u9zWs_d|OI79^mDHX}b_<JG5jzi!~7-?xoqChQTL|cki8o(h5!b
zTuKHxNy!()IS#FgC-VtOuCJZ)e-pP9a|o5VV;1JS!>vU+Ifku8a_4MTAEqWRCA+iE
zJPFx9WEPc?8r5RLUX-&G27j`f0S8Ome&r|+&CT)(E*+%tMFa+}TYLHhP~A#?EH3DI
z(5gcHnfZinU7vvSlR+QL`GP|a{#>4jCEChj_Y?V)^DChx<vcV4^2#uq7^;;0AFo?;
z%gzlrMhf7JlR|g3xtpcpJ3C0v4{b$cMf}WNu_I*#q9jmd0KYDI_s17zMZrt)o#*$b
zN^6!;hcLo1XC4q?_9)*leIDgg#m^0e4d|pqM~z|YT#Uv~gaaN<8pGxh+7B-%a|IV4
zp9T02?(v6*$Sr)X-V-G6Kc#4EsA<5~1~T`wOSAcY-=Y40KaGFA!3XL3iT|^SRz<h^
zW|j12^R1dwdFQDb=G^#}PfSyPJP&auNYmTsv68VWj)$1g^niVELOCM!rLi3VD+T+?
z@hzbd#)tf?N~yVCjn(&|$_gtx29Nk`iv^(7vt6aAuKB{*DGD*`F<NmrwE243>8}R&
z+WBpW`TF>T;^??n$Tbe<GF1Ynj>1Te`;<)#aJbUNy#9>q1gU;GHr=(y`E+Q!HGN^Q
zcMZ+xe;#R@M?PA)x{R-rq2<mJyJK8`zN=Pt&%`xbyHMG-j6ZZ|E)Zm}E!8+|dXwqr
zPp#{kni<{Nvs_B_|1}@%p-f1ur#FH(ZRb!wsQ*g?VT~T|Nf@^+9b_^SS?KPqM4et5
zT=+=1=>}zOg!>&hl>OBjScxr}Tw{(Mtry@!bV-3dpygbF@y?a+3eVx6jJMft4$=zs
z5dk46w|TwTi5NgxuSNh7?i*%UcV52oPhB>Vo&_EnAvbd6;RZ7<7n2A`)OKO$%pAC7
zl5}6Gdysouv3p17i$_|iG)}P$a@ElS#Vi@<Eh|rIC1Ywyo{5g4SkA1dstfji5IXM4
z9=8PFbEw4L8JeCdXj_R0jf*judM!r?Fq+OEs>HCT?+1YJ^K0?j6F{ioq9U#@Q!Ktg
z&9~*Sb|*$c(mKxl({lj)F%){j#|`V4is+@Pg5*BZl2|F_RoMfAf{m~<Wo`7Mdaa)w
z4T|VGVWMq3H%IMzQ3N{<6z_Wv(VmF2)_>m#arbm>4#^V<qqlb8>g8Z`vdk}(qIy&F
zV&)j;X9>%OHj*)Rq^tJfJd_pgiDaLPK*roty2IpTu>sey(OwNL&Vl=c8Ik(?<bi^o
zMUunj{_6RlI#y2jUtA@T9jN=QXhqtiNj761^efymD=jdLgsCa16T%sv?%Xl5RwZ5~
zm44z6F(k^VO4Algtk83M=LA3DY6lSgJNe?Z6xb2J<V9GkTSo3Jcb+nB9p!6M-c@0V
zGDx@lv!3W1dI2bg9NT?xnJ`*pP?&t&@UJb$3~^O~O9F_=w1VZFa=&E@L@x0H6E^H9
zYx`XX6`Q@J-o|#c5jC~P%@|(_So?_teHv*wzOm{j$Bep*8G#RH{D>5f>)LfQMx1^o
zrG<1=h%2p3$xZp4iGZJ*L|+GWeZKjA1I^<)%l9q-;B?s5x!eGG7U5qUz6ooc?KLlk
zyxHley-M{Fy}O(r%0Vu#2*ncpO=;FqBc)BVBQ_=M(Ae+J9MNUIrlaN&=?WQne(Jg?
zL;Vcb5`+G6k1|$OKW%S(Rx<0BT|hEHs9TLvt52nFB04|jaI0eBR<&gsD96WFaC%VX
zro-ICO$u4prtxVyayxmNnTY2CF@X9uR>&M7It@}jHe!8On_hN4J~B0)k&U$Yb~E44
zPV&d2wVQz*oL_9$zf7-8ajYx_vg<%=i|RBtuoBbGtBW<<Mc+-|JDP|gb1!h)e0U^q
zh)v9WXS}=2%@h37%3oB}!9$3WH@a}2JjkLgL0B*+B8D8iy4m!bsDqok$!;cnvl-VG
zah_YO!LR~1X~*B<hqw(|W3T$Emz|y?w5u(C1eblx_U`83pz=7e`7be>GKckiPLRoE
z2zZ)m$ziQ9_=Gjt@k`%e_#LCRw^X`FEKv<L=Be0?B@x`*w@}q;yK?j<{6>oXkm4s6
zVjGkc{psesjuyep^nmNaqj~?JElU@fgGmA?0m3SDj>frA?hy<rhY$+~XwA^w^AIkS
zcFrYy+K$4G9v!l@JXpep$X+|U>0(O`RY9ADVz~@yo%n;K{Kv|}WX07GN1sxw(aMm+
zr^W@#ep|YelM^G~0$X=A9lpP|(<|iBENG#-MnF>bDSUfGiGpY-yLDXWlU}tHhMs8_
zJ44^kXM?h~)<|3&MOl%4K|s{;GpI}?;{Zd7ITYx4H5y{EAUKe<ZFI8ruT?u>s+5Cc
z$ih;cd^X3LnoZr6l|cT!Gp(`q_i4wP9!+N26X!IFXKg7okD!`BN_vy;40vw2b}BY5
zIzFvR54sK>5#d9QJ(}t(1$p;0HSRD(gk~AVgZopo&`%65BJ8a6Q_Y>EkzF7`%#}<p
z`}i)ITR68?JW1p=&w5?+S=Z!XZ@`XKkQ4LU0>Q<q?}&^V^Y1pE6&it@1|NwKTjq_I
z%Cq`9Q}5C1$(4<rxHBNccj10{xvpdVO>6aFKVRU@?D|Ni=>GcX25H7NxyM;kkSO+f
z<g*(Z{UA=~AH9&aW5V49D$`@P#xU3Vfm2-dp7VaaZlB6{pID&L^?J317UMG~+ocld
z<*#`2NIrjt>$P#!WxXe^!I(gM{K3t9`(JKHW`{ksmq-BP#g@hm^VQd`NbZ|Z4<f(J
zrkfH^c)vLJEATbRi`~ZPdj^D7om8Xl(Z0z4LZzKQFLV4kY2YQ-nTJeq;aYSA&Z!m?
zH-&DspRP!uQr#__bL1l~Y>nAEF;pCQ?X#uf%aEQ_BBtr7^_wPCyyQBhS;AA&Rz*Hy
zHCP59z8k^!hl&*EW?(h{XFIuigu6J<L%|k%sNdX4SC?5nENfd~n`qm|sp~<Qzc`y7
ztz4$x#X8tSyhD+=XT`&T!r-dJ&;LSn^ZCbvAZlk9448b=`!l2KrEAay%q1f%IC!%S
z1yBuRAoS4ae_?*v0R?b?26t>ee|mUB0OY`d4FWDMdNkgmo|xM;Y6BcdALQY{?A`8y
z4@|INnVu$GK+xtYROe#g1>@#3=jAK<r4K&952jPW|6+FYnfRgebEh8+cxRIjp;Od2
z;~xz8=OrT?*rgkye5r@rNz~1a^xwVXo8Isb8_1o{-H@TpXZA}U96)T)g~1%MnxZPZ
z<aNUhN9RtrJMTj_YNt#$#QCy=5WpRHfqVJte))>|;EM$y`wXV;frwuwU3{bwYdECq
zX4k@E{`4QCh!5&P7hadBK^G01-dGPGnH?d47X{ZoD3?A^06+N7iyJQSOE=0;cbZwx
z6t;{D#R+JzOm`C;fZN{z22c$P&gh0zY<deloWp~mE`87d2Jj!#dB&@iSQ2mehsA09
zU44sV3(q3loK@k^fb;Y>Caf&uq-HqDrf}TLb+}G}uO564f+(Gcmp*U+16Xju2NV(N
zPCv)7{FEd6pRLm#g!L-3EA;c3l!)e$8gKw{uJh+{fc3?qtE^9*`j=Vgoul3ENiPgA
z4<p{y_Lm(v0EquZ(0}smgz5DAWRL}fUDOst1Wdww$kLnjfy@6w{qhVJyxIfN*?dNL
z5QOR!f(9>kL-a05wnYZUGm?I7dgDH1!*{A}K6_r;eFn>IdP6^)!+@)UE?zg=$N=d6
z7c!e4DLw_DIz=@-({j~m)FUx3vyeMwgdKSvs$jqko2#EX&o-aMFVEn>q<@oC$v%N4
zm7Za51ujW2FG>lv^%{iROD3>~=A19}pgQL_+n@k^-4L(Kb=b~##7;0Ym@Mdmo&3?f
zT6TvI17Hz&@$->@;1UQ0j{YB3V8Nl?O=JK+w9YPAa6)B#tclG7@ueP8r-uIp@8!TO
zYZoHm0v1f&4dJ;IK<OOnaSy|z(^`w<*M?2D>AAMvWBX4-R=c_3I-3G71pY&TsvDy9
z-`ETP3xfy2txZJMWJqM$ORi=&e1GuEmr{L(g#ZVbhO_^zBLNrg-4NDG@i!cWpbLj?
z2xRkF@=}1Qu?*L#jaLK!dvc9-2e>NLrr%K4>46Ylb`Su%&^kYm`_K)Phc`F?7#95P
zPFJS5wVzECSTm-?3}P5;xZjQg3~j^>x??^h2Rcwba0PrQaR&yV3$_!!8v=Xz3jN^w
zkFGgO?_WvKh4STHkOKn1;q!lj3A)bmz4VE6-EJ+UQSrnzUN6w?zDY{@h&jr*cG&bL
zc{u+J_U?8UdU(SI7(jz}+C`T<@$k>T%z9L(jz0IZk>Y7wuN#v*g!KFeO3(%L=CkPK
zE6zhFROdURdKpu#HVOGc=|H}=faF{$vN&UvpzodYbfrFJuXV<u;;MK_tD0_sK76ME
z6!;y+pwi$@{PI<?-EJ7`LbEv1o$;pMJ2|qSRi@#Gy%ioc19zB^mOb8u&N&X5rlU_i
zKWwLi{{`zMNpDBE&W6RZ-NVk6M+c5hTiY3~eG^H{Q0(39EpY<Tf}#RSb@t!&k+XXf
zfz_*C3>?Xr0pkZOqFRgsb7VT>TD~R?hFsK4N9Am@gSD!`u@pU)wsL}MnB}AJi(jYV
zL*Awixb^d_ZCR^X3j9}O9zJ&!bE^T+?%)m^4FfVe+YR~Z@j0j#hPGtU+-MK<J9A*<
z5Fnje-=c}7&2<Wtemj0B%yxKQReI?qK-w0$thd^5wldHe=|issO2sX3@%Ab&-)&Jx
zZd!?1=7!w<wIbp_i-QBwHEI8xx%qO|G)iSDb|xwiRJ&x}77>v081uM`99_9Ee&wOZ
zU^*qC0QOYQHtsftgDaUj`)NX}>nvNFy4yf47+5|(0i3vaHHFtVojDu@#iZPhShE8t
z71cAga@Xx~*2+n_yn1LV^EC6vT$YO2GOT~-NUZ-`FtDoAPMtUIuHj9cpT;@~2lnC=
zA`JWpAy*T)-!d1>`S5m(l0J1zpJb3I;5ogTdjyP8V-LcnFX5Qu2znMoqS7CzV<Zr<
z#-xPhCFwO{I+v-QEt7Z8DXTRMnHix)uAg67&KNQb!d?#<oo|-Q#5&Q>0;#i*WJgV|
z_im<(EB|RQP{Hu7)my}_hcqZP0z8*-e0+>TgI4u|ZIRj-8rj`6PS2M}#zNPOo3>*Y
z+vasRHPyr`g1%sx+RmNj4HI(2cGHiitRO6(nb+6Vm6tz!T_9$Z)4tk|gB8?P9UT0M
zD$Ru7Cr{%_AvSx!6LkRBX0l$TCud?Yrb)#xW=vulge&Vmub)g)ufnL#-N|%MyA=~w
zGdvYNFgEqN7~FPtyTzmg8F~tMtXg8iZmE$75ilRD&CMrbUXl@i5~4p{&*3~J!9A}T
znAzE|?iV1bDfw(bS{g}~0I#|)yqUvvosi}8^RS{X??SN!I?rLSGsr~}=}HLuh0Vc-
z+DZCSrTjWe@ClfM`MR)m*pyB6G}~d$N~omw;z#t3#{NcP{=z3n`Ie>YdV)y)riT<o
zy+h`tusRH5X!<F1>=PQ1`wvq%%_c0`?xS5dh-vWv)6JRKV_h{~)w83ElQd>G60!W}
zC4BkMzbVpSqEOip4NZRh&+*SvmJ-U7A_)eCFK;eR71Qx6;#_@}EuMY2E(0?cqZ^dU
z9zROmtOayv5D&3ia_ILG2gFqg<VmAFv^Efb7z;rn%V}gXW?fMv!uX~eLE!ois>O4|
zF)8>youIi$TiVICmbO)Xg=`KAv)z@X9;2(&>ONDSwzzLzjiZ9V;gBFSYWHR=kF&e8
zqT!{Z6H%w7mcHdK_X{AOo37uhE2zQpsNov6ua1vU%Gwe%A9N~#HmXCMjv5-xV=MYg
zNEuC~?wfL55M?ff)-Q9neMcwBkTF8;bWamE*?rXGVOa*!*zsOF=MipluT1rGP(j8k
z{AORk>-Ar!*m<mc(eiSMXU9@z>w4#m_5mJ(NITc^F{@u@A7R%kwmN$+LsNz~VS=nQ
z#x~}EQ*{nwwy*;!wn2_1vfNaL)CUt=X<^I6Yx}-`Nb=Wgu$}u)`Htq?`YK!AyM5Ct
zc8ibrB#cyA#%1YPwNeo4<R_{!Pj;n7N`;Qmpp#Qg2Zcv!c+$qzwkj^OFcK(<++PNb
zh%3vFor*cdr4-+X_}PwQd0Mt*^_9B)CFo76WfQ)r2Gf?KxQ2drumdC-16YX;xP<@m
zP!&5?<yO&cevd6X>}lmEjU|s))avBVHZo(XD36ii)NLT%x3?dji*+I*szWtHI0so;
zwMY~Q)ET#%F4DD1Ogfch@ns>?(K(Jf?c5VJHt&{?L>TopM1n|G<n2l>sHAxg*tNB0
zi}l#;R<099Q!-8#WqCnnR3vs&{1W<4Ax%+9F*G&N5U&*G3m&T`>OS1?A^ZElF_S`4
zYtQ(>h@RrpVCA8x-JsK*-)ton+3V7e)ZN6aCCoz_yBU}&c4O9kH-mr0C(_db6bn#x
zf3r}tO*x{iggoTS<V5q4V3)EjW+wh2j!eO4Nn!ZFy^XfNdO(Q)iaH_ufI`lT4t=1M
zHOqUnVKMz+<mNZ;bK<95#hb!-jJtLL&$c=}`xRw71zx?iw7624xvlit1NAfY!T=)9
zG_-#qvQiQf&b-aD4NJsY*9|ZlUyk)-X8y^SiI5A}fj8`!^a*}An`d(EgG#Ows5#Nd
zCozU&Eok@><jw6D;~`vqS`kk&X0)*ctH<j7`J*FxY(<3!v>9n7hpApqVtdMIGF0WN
zA0^qBIN5ai9lKgwO`H7K)mj+V#6jb_d)sSCTx#$6rj((rX-tSiZ}Y<=12`INTE9>@
z3<-+-6k44rXOl+F3+c5UQI19?LQcJkH>*IuDQB_I2q!emd!3bfoq3u^8~oLB87$0f
zDOY={EY=^|c=p{)TFfX%IC3ns0Prgt$1QRvG7p+08BvP;@$__bGm&(+5fMn*Z~G?g
znG})RAe%B2b5hDhPVn&DzWG?H=R8r4v@xg!2WBRQ={k*md`Y&5)nMd&|E#PaV|>6+
z=-w)A%seG+jEan0wXnMNif-NvHiL=Ug=cT^$}}x-JJK$)2hm{cpw20UU?p)%*Uc7h
zfvDT(F4%dM$0I0irquzzP%(~ne9WqEm4Y=rV7QWL-$aw=6t^HpQ_q&IK(tROzeIej
z3`6Ydm_Xir*UbHRzd}cwWWxROdr(^)<_^{l!~^27GrBXn7kuFLe0OiprzO{apWCnG
zWxT4?s#L`ZU^GM}$K1rU#bd!jUYCs*9kwHfj)zVqL;;R59n71VRDp;OdCV%0T9T+l
z^M`Vlu+!0a811nMCAc#?r%bS`i6=>8CwIu9Zxt=^S^Q@HREEuOH99r*{WG|3yzG9%
zKp+3D+EW2Y<8Q581MnxOVMsEL*=ez467EIRpdSpL1518ytlR0PDgR^pb1th8tKDn2
zXYZ};yLP_6mL=H1+7`LWP9{S<*I0t%6(LVZa3ys{DEQMVzA>Sor~9yHWh{a9W?57}
z)6p*8{g)s(mlXs%S7G!C|1#4~=*-29O^;9r>n|ea<4n>9@pL-iNn~vhZe7=@gcP2F
z$oR{#$W%@``<{Y3gWwG-CVG-?oRGC)iK(1Bn@wwi)~uWs`|RKvm-w%JId(hkzg+Ci
zlrm%-Gv>*g_Gw%Ro>-jG_ezXu+_X-uc5F_qS!-upm=>@%-(A(eDVrX*`!h<L{xh?Z
ziDI7R$73{jqu8#X-f*#b+2<wqY(3RXPvnn2{Z(r$tLJ>L8&g-_Oh70K>hR>-mrFwY
z?LkDKs`N#M4YuXxx>!xsb`k1t3=yqr-j4I?zr4Oz^fak%3bU@>zeaw$#!B#dO#9BE
z0D)SPQ;Ed;KPoQPJlb)M6j$8rWvc^gRkF#$RLW^286*`lwtc|l_EqQAmQ~N|&7L55
zc~Zc3I5k@KZ@wB6Hspb0&F{cDqe)YVf1yiQwQri+eqnrAm!;)x?>Sm*?89UI6m=B-
zKR+qqLSY2dMV8uzgvro0@_vSckApKs^yUaFZKls}V4C~RBra141ZIU4VTg8z{R$(n
z{%I(cx$y^vJpqIE;5Cz76hSIy<^ARb%sn)@evx(a>^tce>M^r#A$k6hSoEhx>#X&A
zqM+B)X~69C$?ch*OZ|{U&a2g_n}Ud&$fB;#^(njADmsm08g0b^aV}y_QRAEK$U?v=
z9RpL9Wo0Q16T@1O;QI7_%xsld0)1JljBCnZ9OWzBzS`I-dr`9oBt(Jx)cMT$NTHg^
zl7WV{^eavR(l0(_H=I)%M;<vQca7Sw#mi~Cw3>?kR7$W79@CYyunOTnYh_A)<~0_0
z^Eo$Ak=G+3mAkZ3tk@3lFoik}jMm2$W|#CW=d`&DA)J}r)~hM&OX#V+wKB1_#JexK
zEx7?R8jKb~Dz_`Qzu^Rx#E$(UN#&hN`ub62@?ay&yFu|tIlhAP2=6v2m}~X8xA#?M
z4K0CB#AiFtq-}1pR&@G;vF<lloy74CuCK({^ua-tq5;+yHKT75lf*}jX={yfq_Nc7
z;jhhekDQ5hy-BbYEhcx5WVJRatG3QM$Vh)Iqq&Fa)}5f?kytNJ6&hCUorfywgYnlj
zm2`FS+iJ%Z+DEbdra!9L2LvBbyy{7u9Ef)<|C?FWBG<E<AmJ;NRfX5yAy<FxR9EuZ
zC!cdC<7rEZtU~3nuC(GKI%j!3T{`$0^VBKogU2UR%JF9|7(3^mU-{v<bXL99eQ^(2
zl&$O@XAF0<$52&eWn39~eVtni6TpGaDt9XF$DXttiImfiJ+6#(yK)3xYoIgNk}cOF
z3rKY6N8~WEBpR}Z2+KfyksquCS#DEwtjZIzS-`Q^@{X7L?bDC!y~AuZU0q@eJbOuX
zb@i(!(>5v4jU%3xl-hYIJ+iF2N+xjncieC?gF?pkz>!B<hG~(Qn8Hwb`w+V#*_=)-
znX6z--42bqkbTMU87X6afJJzmv1Sjyb)mJlIZo6qg>pv1*?d_aT=7I2_hhaho(8s`
zTCI>ylbVT@!giVFbZx|(NwO0~8lQZ%Yf*HIU-74A%#c0R%(7r*GEJ?p8?mrn3-l$4
zl^@#8%8NH*$4c<JN8-2+xyhrt8H&FQI<%8Ql4>jF17sRhf-QuUv=jN1UbSx$i`a47
zemYDN7C2*U`E)0xuG@8-!;|752RHBv(hAb@&<a@DHY7p%Jm%5+E4U5n>BD2b4x24_
zd&!W5zj3JsF4<-?G1MnBW>T+=Yk5ri7(cYP;f>>|{4i-XTWPk(X1+_|o9jYf{gaUb
zKFt2L*=$)ID;b;WN!y74#fvc7KQ@M#e*h}ucEy5r$l_`t>Ki=dJcdlii%E7^Y+=Rg
z<V=L6DVb{9#^UPfGVq2^)Yp;y!*w{`<MVn9(DyA&$vNDccs|$qVQ@M<`s$@so|5FH
z1xy*bol)#!qLnW#8ZJ)Bx~=QdkC`1^y>mW)g{=GKST*QZ&5lyvITz@6mZ#|4I_sP`
zB)ygt9Z52g&{&B;6CurhLO6KeVr3U>em`j_M>u}hQS7pM|5ELpG2m9KLi~ku`_C}L
zwrgRGCMZPlee!Sc^U8E;+FVywMu_C%$)fmTR}82n^m?J@@uPb3$z02Gc*n%Lf;^A=
z`*zCYde`Y~%d<wNd#6H)3j}_4Eq(QzyNSmEtC&bKyG>}1bpbK)h+eGt>HQ-e(YHcE
z%L#0oF^6>Yh(*S(#ux2GZ9FaT7c(b=m4yrj#3qV0yQd#p7#j?b=6K!3jB1zlEwB0Z
zF@aTq#TN|-Aq4K`T+AiE5Ad~?vUcDliDfS&iL22WB8ewUStt#e=Ay-yp~RCK4`0`r
z#VOn>yee$rwc{0Pk-_Aq_Duz`ChI#SY$*Neh|>K^Nnz1gJQSbfAh%^HedHW4m&4J#
zK593UF<m&BnX+Q%&{V>C=3pSlTdWL!609u!jz&vTb@-r}aoaA>$DAt7o6Vn~yjtXD
zEw^K0H3O?sEZ;P=a8SIqq^ze=s$yjmvGM9^ZK9n6TDGb#wo^NLDJijQQ;ZN4I8(6V
ztepdJl_~t<D-)vEa2ie|?bDe}B%Rfs{aEH?M$TB9K1ww&jXoK0bq?t!zcQ~b+k7|>
z^Ku%n1|_by;guO&q;Fu99{IFRW_MPX&$Sg_Q2PY=1ie<iVm>#VKrEE4-lq%4-q_*V
zF=aX{oU6}WUDr1)LQ$xqNz-|M4^Cwot(qJq7zOu9heE!g5_Q`5=P7YzWs^3jl&BPh
zM)@))3lh3Uyh0?nk2?lg_gVL+FQSjQ?}ux1bXVV>jtZ+C+TG`7rz^C$C92bZXzOu1
zjTD|Iz{wK|Se@+Z^P0(LSEx+vx+WMHrLnh!sS21qCa%#MfD`3bQn$9s$D&>do~iL_
z`3oDRI0+;Mhs!=>l%`!dyQqTt;AQ<|mX~wPliWpOKW{8O11~N+Ya#liQ5IElQdUQh
zlmF}x6tc?Zz?>=gibvaZcpa(l@?mHlD@%2`9(&sGEj+tP*ms|t81|)U``Sje`VWn{
zh6x{J_!3wNyNsO7tl4F_69~ZtfD9pl(8%?8f^Ci`y;$gB@XDmAm)&FVf}Xj6=}mEV
zypFnu`+*a@XIyUPTE?TM-4MzPMxMssFEa@|dd~L$u67y5JSi=7<Ok}`M}0d_3(Rmv
z<(b?WFKPfw*G{7r%;36qWAPlE9gVdX<Jkyzbz*G{eIB>H>!h5@Iv`=2^;S8$I!+aD
zL+k9Zw}yk3T_r&$mBo1D+L+(0y3cQ4@89+|32nQ!%4cD3&J4-<jQ_gIyb~s>oemZf
zEPr(wR=5=JStU%^@qKuaQ_b`4CTGh{yNNX9{kkZ`bpvF(H9P+%2Nv50-KF1i@g&^4
zs%-BUMxVzoa3$Cz^a+?(c(0RD+VifuNvP$!l2)&R57pMOxO0>gNYw0VI~$d=78i%G
zcU#C>VrSwV_G6@9L72`>ajr%37T%$oo*lgpT(8~B*@pEa5OnR2XuYW?>i(6Nq2J!s
zI-ak@=kmmp_r>gt-+XPOAH`R(?fml3bjBoC#I%L?R!$cduA&M+PGt$sHghBv0_UuZ
zO;k-GC1n-qJSl1FvnDI(qcCTNRvEZ=pU-Sp-R?r|tSk4J=89-nBIJ2yeaqdl$N|<>
zag9mjv&!tDC=*NI9>TMs+jPN-o#FfW#PUS;j>$BA$|4!~lVwsGZ8|k@adl%keY3ko
zD7LEviIPUy4z1qWhbhzAx+Ib5)}Qv+x8Z-$_7*^KbzAy(2uTPY+#x`4hu{qaC%C%=
zcXv;4mjJ=Fafiko8h3Yhr*Vgmyzg9_@6ODfTl24a>es6tq`Nqqeb(CNoV5vf+-is{
z7h(#VcC}fit!wr;6<j)QA2-i;E+WV((khk`7ww-6E+(dSWQHwtQn}I|Qh+V;Ql?=F
zmS%@I;Xqco0vtLj9wXrOr>$Ih5?0XC!2C%`e==LOo69_#9?t~$mq>b&dG_`;?pQW2
ze~G)KLTP@9$ybE~&5g<@9vI=^D;pk|J?#Q1c^=Iw=ZVLSXZ>+cv*Zgfjf2brd6(Pb
z^aYq(QRaSyYzgamcXD3;IoY8_p1S&K<C%Of?NOA1XZ|L7&%^NoJ4fm+)64B}oV>t}
z$nmaKg3sg3dw3~QLN0Y`mdy5?av}Q|C|yr8l`oo?cZrgWySLk%N8zZVpE1jcN}8{0
zHi^ztIPX=R^OKN3YKD}CHNXsiDZfWFEMj(^bKjJQtIv|4E5FLn%&I%Hpx*2a@Vch6
zn{(`lF3iVl5`{HO?%J^PC*djWxISs=lyPmo;XGUEa+Zif6=pLt(w?n~G_B!2Y4c>h
z#EGF1zWkB=A%1Z5!k2C{Gr!zpjl5bhx0GKcJ@%SKqGlx<)qRQjgX+-=;-Se{!g1J!
z6Q@xdCejpGd&WgF>Urro>F!oi51ByAf%dJfF&<q7`_w{C=_!OfGcN_!_<}Bq065kK
z_29I61xp;acYHBvzLUj9XjAsVTwRT4v9okCiGX#zi6y-x(_Ar@A=JIxIg&Yt^t2g=
z@+6?bNWbYg$XdOAx~sZR^I(1c&12K|G;5aSY@_zGAi|W^@bh?^7MPKSFyovePNqxR
z1Zmd5oTTdU%AX#^KfOP-g6TvzLw^DFGRQu@Q!^9R8DM{DRU1{Sb$NlxLzAO4gkG>6
ztY|N=k3($VDXjNX%x5jD78?q*g|$xD`<iuOi)4-#6O5_~$5}2}*J<barTBYXIh?W}
z;dPmRpe_O6^}(8)3j$#vBBTPF;t2tzM#dMtS?aZ96qQJVRe-4t{34t-)084*18T*L
zT_d(>z2Hzi^m(TnD^bc8|Jcw^3i|36a%5GVK=#$|yOxir;+Y8jYabQcRAgbjINm&e
zXx{j_iDf%=_GOXJpJw=5BO&e<ltxN|!NJg-+1LV`-zDJI|Hvx=xz(?$a=PZtXm<b`
zTU7-eOjSiQgUBrJcRqnoY~2&mhWYyrt*qK5Xck>4T0g@mc;wf(bLj!btE?`9VW8H5
z2148nl%&-+Rj+WljM^>gU@${VPX)q)tSK7yE8QhWCJSm>#y}P|d6U};X6ICv&6Jii
z^7DjQRZ9Y<$zM&A#Z2*vj5-z1wF}i4rc&a~x+Pc}bCMRu*JCtjMJbJ;bSv<I2wtSe
zqg#jhX=}{&)yj)h@2Xs%-lVnq?dXi02NvQ`PCdk!U43P}&Q7wFA7br0=UsEH4HZhW
zOUc9Eq52BgvP)x5&qG+Hf_4$tNz2*>J*p2O6>JA6g8KIAKPqLXS6sG;ZQ*!t{FX|>
z@lWq<PH2~5Er2oONWK3~n4CS&Sus?u)R~Ogu?VXmFezPbXgGh{ND;(TSdUG|TA8?r
zp|+o2vJyl?*RC2awO!!pQW&3yv{f*3KA8qMg-g52Nh**W$$Aj&FJqbRcnJL^R87ke
z3@{C<hA<ZUihkn(z(xK@I(3Fd?+coR?<z;W0`JJa)@g&f`F&WaSBd09%3fOEt}#xw
zq13D3`@c$w@;arvY{C)v5P%sp+Thu98w24<@$qgqJtN7{Mg2BjvW_x<AU->?Wjl~s
z%yU+E`TcXTjsR6GKPSE)+zlLcJ96MEkt_x2wDrgL&u^gjGoc~`Nk6y4-e4yEXi}B&
zjdkCU-_*WW#i`Iij`_xH(5rr5Qf%#ulhO)(?AMsBd)+2k7ikZ#%HSt#!QhXt+WjOx
zU0+P(=V-zA`sSN=$mK+F`j4GiFGB6_;SiD$@9>S}Ij@)_=Q*$Rqt;i1bEmx#qE3Ly
zmwRuBUIQvOq6s1orxxw8&0a+wu86hrynp_L3B7L^+zb_AUm9)9-VSSGM09efJ56`E
z5v`9o7~l>WpiM(Rau_j0k&$<@1|k$K(?m3{RImp(2gjZ*{TdP0(OoxD4a+mQqe}D=
z&rSci_x}q^OLMY?DNRwt)%|{AX8svQ^9RE!=yk*<Fp`lE?i9>@c>JXk#4)hM7=!v*
zf-rOPhKkioJUm@~Bk!MvJ$;PQ0k+Ixp<bF78=BZN4|Ur;C5+Pkw*8SbUW*W*+nXuU
zd_w-q_l2UeQ(u&zg~61#B4doycXCW&Azq3Xz$~4aS#e#_0rP@Bq`T$T@$08{c>$gK
zx6L1#!>8HB{B%C7>6V;`Urjb`XpLSIr`gC#=B594+KCAmRk_M8JN%kTmoxlJ-dLgl
z6j%Tv-nR(i!pj;C$OjSMO`z{veCNW;7=D)zg4(C`3hlc{_AST@EXY%uoB&TwP!C9s
z4KPa#Vbf2KM>^#Y9f|YJC$_Mp{*P+F&Y*vn9}2avN9D*MluDB`94Ei?`oebax2*q=
z`QBvQD^CqBPYs!U@$XM`sb@Okw+uNC@$yd+RL_Bbh`8T7=!wDqMQ21AgYoj)g0Z)+
zJil>0>inq&>XWlK>gnG+uChI_VaP|*h;n&!!qCuc)@xIizL>Ty+kKB#EC5(ip|MoE
zdzF@M7Q(p=Qf!%B8QGmc9Y6jA>epX?J${UJr?9oAx_*?L)w|ry(^Tt@%hBZg8d;{8
z=qkatM>rh0_TV)fZ}0U+#w`{^1j)7q6a-NqPR@Ae^aSf17^;3sphwk`V);h6_%f+l
zsJ?>NMFEJ&q!({bDcSE9;y6rM)Vo<+H0+w(hSqggLO+`eA-f%EV3XyJ+B@sT&VuDd
z2Ox-?@9hrL*KzO8{q10!9llA<X<hCu^2tbM!z5>Je@927bKW1D5sDTY=86FgZx*v~
z9!UP@aB(hzd&l0G`#7cS#KAr<nR{t*Z(Ew(xuJeyDAnrt4{K`iO2sxWY3YgDGcS}|
zYjJN~8q2w%ZlWud{@B6xw^hLn({qe3`N=tm*Wz*vcjtgfAT$Y9WoQeA9sIfOtrZ4r
z*b*vsBN?NU#J9s=AIhFmrwg|$l+FvgMQ|IdMFWKk_Tbd?_Ypla7%qHiGWig`|FFS8
z@F~(|)PxrNMv35?-e!XhMXHM)7Qn=aS?X_VLl72tu=cJFg}hBD;Z2M#+~OM?Mhxu$
zopu@sb<?{tFkU&17qoSUweCw-DUCHt7no)L>s9A+#N|Nb)$4MCvo*mRXkhj0X>NlY
zQ;I{MC5SWS=1pGZU=<9nFUc&t*{?;<aw1;iH%z{@aomQ%mnUJL;MNpoq0{+M4*m6J
zDF%w~*X-3W<7v&;=lR`tUl9;vj2na>QMtg5wp|qhj21{D7nXfWAZ$(0M0Orn<|4^8
ztspIu0Sg^F&$kP@YWl5j=>1Da5y!V|-JN%#c-EMA$p#MN!5Ed}%XpOVPW?UvFAW-J
zTa)ZbH<|9mrYAOS1J$NEXutV$l>Z>W|9}j;`Ub0x7=_;F(?@MlI8B7kqmNcFw%kDr
z{EJBIP7Xf9qi=g#eIL00z<4J2#rHHDoC^{e-%X~TDF~X{HZ~F|2OFl<cf2+F(&Rp_
zP<#8jV{J%>rs`n5QaSGQ7kWU~>59#xhGwghGS{-vGXY0?MO1MxJ5)ut4(-5tFlkFO
z0COdrxk_N9GmMLTk|{F+)=@HFUw{D3IYG9^kBdBZ?3|TC@a3}|W$-wBkBEXZ%`kFM
zKIe4yw~9hq%7nS_8_2-YEHxtCp=)Hn_|Y<oT<Z74`08DU665>QfOZ>1gddrV2wtzj
zx^Ke#<QQ?g+f?f?yW1TZ2}=X<Rz(tCq3NPZ22k0c8MG<N+RLpVOsrzoVOWu_)PiMn
zxnAx^E*>k=McnN0g?!j-S9iglZYM1#oNSslQ$8?WRdYc~3&i?H+VtLRdHbIXn^EYb
znvMksQWN}1`^h)F(di@;bE($AqbOveLeA<bi|KMSr*^BG#w0r2t2SfVH|}c>%A0Ji
zwMq8LUSEc60rEoxB}OgE=aw3#r^Qt+%IW|by0kdV5%EytoR@B+>uP^zJK~*Co`7K>
z?z2d@5aI`@r%wkZMBwx_1_<l}h6jY5@;kvF?>0-JIsFK!x9K7a^{aF0z?mWB`XVak
z|9P#-GU~F1B3suz<S5+2`e$`b{B8{7ORZ6veT1q->lVIiO|&tdYt5MW!g9Q*B~hEx
z@RqOH7Vr8UpWUJU@H5U+#}maDUdv5|TCem<ozD8^;!w_-KN1TP%^HSVi{&GWriHnF
zPAA!#-CvbIn@)L+i?+0v)hymEgq2#psON_>Cf*4x+l#d#z~c8&(t_?RpGR(bfx+jK
zSb*Z3o{X>bC{9Bg8A-brm4m<4s6^fG!9I#tx<31HS_QhfICYuzr5A8Km^K9oUX>Wh
zBEySD`|-{e@aa36=4yaY-TR*(apYI^Oej$Ck20Yh{1nCh_>He_9in7lenYh3?pZM7
z_n=y}Q#;um;8y3WL%joyh_%~dEEub=w_70pF`NYO!Mbn@>`*855d|-;ubjDG5@-m^
z+<IN8hmq~lZOP}8Mx<qD0tsCV*OxBTAL9>*wm=2X4O7d#ZfGN(u)pUR4S+RGifPx%
z7B(T5z~X(gMKIQxNz>OyYwPhK(UF@s(|!1@s&x(n(#RMq(fS2Z@2YxEwI;8B7UuSJ
zD-}%+UbuzTfG%%5SmB$V2!+FIafMP`eIDw!$m>JLOnvUGLhUcJ(p@tUl3>8H*wAR3
zSlhvNWv<MNo%s)Jx2(WW!7zFxGRb&%G@~|B=7e%WLjRss+u2t#uTJb>W!fho2mttz
z_H)Q<3qLGfw5B%<;IdVW8`dVcvi1YWJBxsowq)kreHz~m0cr5|UK1L_CV|_VTjc2H
zDAziKsOP9#uIb2r@OF=jbG@ME*Lz1Ym1C(o;diK3{tIh6j1q*>3GnCNcn!cLE<yo8
zbV3%ydhjS3L9+s#m?SkHD*XTV*6`P}a(iaUAITq~a|Os3X_3*~-y;Y1`*J8+O!M~h
z+$DocJ6q!FYLiZ)76w6UUM`B589(kcVB=og*;>?lWxW;g!?&H<U;c`yDAHOoT3-yv
zM*wYYblK}Or7taTy(&<*)E{-;ZWev_zz8z8Z3~6gK682l)3jOUk2)y{Yet@~w3+Rb
zqNr-cy=0N-#U*sI-kk`wZymBa{C$@D$x2*>C8sEHQ7Nhs&Q68@n7UW%ZGBN24#TjE
zZFeY(cFO5`7?yDp$41w`W4)!8&3OHvVBECMr3lIJfnneke2eVmVU+ffp7;(SYb3~X
z<<8~MvjLgfLDm~h;E~|dr3$g$3hFaL885hK1hUW4bcevoEK3UgcL3zC@gpLexyXWj
zaS10O838b?|BluBB^+V$KLPTd+b}aRNK5De0fm8h9i2o|%1=TV7xzdceaS>2f^BQR
zj4r>GrfqH~$eaE2g#2l#vo-l<Ah<Q<Z}5nXiL^VDljiO36Xm?6q#)Yb1g12s$62S&
zEVG8v46#piOTjQ4Eo#o!-G3v5SlDSU%}<wP4XKh|bE))Z*pn6eOqIX0TjO_mfA)<I
zfN=1=X6)<2ZnmYvI2)HKUTRgi^t=d#B{1esTgzdbp34*~wJKD4UYO!2E5>Q;YhwcT
z%ZW96NP*5>c85oZ09m#Ndh+yDL&5chb_&mzB}7?g=*gv5j_faC)b$5f<mmrHI8PZ#
z#p`4`F~OafSb`LVl=MEJY}vO2oYU3W!m&%QbyJm=tgFM!a1~I&3eBe{{rpn(sJ{Y*
zu|7(L&m|mtE0iene~NWnl0I-Uj|-^h5JL-MjEpjv_0B^S@jY6fI>{dPy-_ak&L}`k
zTXDr`ZHcgH!PnUxVuieXL|h2S>L>j_#r~;-R%9Sb*G`4EeZvn;KGD)zc#6|w(q+%i
zhRC{kGzItJrZ0f|AY-D_L((+QPLRy(VCbo1@WXJEA|XpzjwXN@Z;&D1dY;p5yh%C0
zKX}VIi(SQUh%+|Guw409;tXuyEz0ro$Adw<sTGZ=m1LctE8I9MTrXnyA(2Vr;Onr9
z1ghUA?DgTaVQ|r<UxYbd{bM=gcjmqZrTQjR7nb&=vVAwOb<LF)vw0EZ8dpsA3%I?r
zWy@mirWfE!obw2!Iyi=(rTNa>Aea-2&@b>?iHWr~#R@xLm!r&p**Ob@766mH+0%Jl
zF+m%eidimzKih_c6cqTz#s_{e>OB@e>ZgB5rbc182Ht(P_yYb1*dWD|4WlrkinN<x
zL+h`pW5dj}yVMcB<axTUCH>|)ZIKPy@$0af7_p9hU2XUV19b%0XutbIUeWq=mB0BV
zfJE!Nb*8VIv*{5YqLa0*doD63q^3?IBP*>gL{2YcL+k@hVf!Vn9DKo{>z2Z(;wQ)H
z(~shoz{n$+Ku9i$jFuY+I|25S<MX*gnT*WvdUN^mpd0_=`+ZT_f7zmtd;YYaF7z0a
z?~QsXllAm<lJ6@6R&G4}#DM?aR>y^%u3J50vu1)eeOLp^WO#<v8%NT7JpQHk`y#UJ
zKL3K1Z!bZ)R7hVcFfkQ-Tup*f9hu>TXhwuJXL2a0Pej%nL35pPiBiR@r#<{ceT(Rv
znz4x&>*4#;TJ{Xl;|7cO2GSmgEVWIsl{fj__ixJ4n-35GP=kTYfU~t|<VX*fO)x1D
z;Vq;$P?Y!IwL~Gi?+FRofut@DZz3aB$4~%V0*Flc#P3);GXk(DKltM6$qFKv1@Zqg
z^G6Ra;A*V`InvYR5Ufu`cn_Hk>@jrF4ET4@5$X$tkFdI0d((`D6}h2FHvEXTgKJX?
z^#`7{ZdwVh5f)hnBkd1iQ@q5VkYEmM%Krk}@?g6&70u#~E^5usHe+qV&{&9n1YNJ_
z-`OyI4~5c1Sk-&kYP=4+?O(Q7SLLDU{{`UG8La;NA@Pp>uYuB<JO=&0f#4r?=-oNx
zrQvc|Nw%4=SV=Y?!=U$@3t%0SWo!Qm_OJ%sNkpI(wj($nPh^R4KS1tZwYa46C;a{q
zpYBGPQ?d*>gpb&FN6-c%(YoGcjn*5xlUii8dIx(ovH%<CZD2Lwv@-Fs1)URySg*fe
z4*qcef$~YcHp3DAUqX=kSOZeYL2m_r1fm&#l=_Ek%r^yZ`AeP?alaq)QQn5F4(%t0
zd+W>}K!8Ym`~N0nN5AkxzePm<{MR5Kk>5-(YW_nu+na*_DfAYye7`RHA<%~dy)*M8
z(py`~AVGe7xc|}0zrPWAEQ=C^^taLYPIqTi!)7%9xDwZg4oCdVHah#|e-~f?`NQ5Z
z;dYvQ_^$&FB{fw9iEmW0%Ryr{g{@C1LK^s7wZpRGgfpx>lF7JFGLC)~_o&_ZO^Nag
znv-mJ)klo1B|NNj{03Dul%ad!D(z;=12bo8k^Lg#PNXWL`N`oI!$XTxME+pP#YLmZ
zNwGbvYzKDv20W^z@Yv(-=bY)>=<yk`J@f1fR{1+zD$nrP77=lsjprG;Xg7`EjLE!`
z6S|=eRBp`noRcm~6Aix_;Tx4m?@N=SWeaLs5+qOav0CL?Z<&f`z{z_CM)~>9ig*LM
zhUqNxzXxWfIZDI73%T5VDuv6~0=NE`Ys7_V%t|teg?W-wKzF)^nXG>gTuLc_J@p!v
zOy4xBN(BXl4takd805ybJ<irV{#m~*v!#4q8^$7VMs@C7*(oq!TK}_l2I|an;2Vy~
zqvh6u@XxKhyOYqu6{=$U+bu7A_m~|k-_*(PT9uPc$v>Z*Z(>Il!ER+2$=Bz(8vS{3
z74(5zDArE_Nw|7pct)QlUsD*y2=|(W65vO5FFe0;?X-(~m}Y)i!Z0_OWfqvO1B}}&
zkzUsyL(jjTVNf%cXf=l#C9hL1*Y0v-WejlIg5t?NfXz^DNLzof#|IwSH}^h~yZ9S7
zQMKAP51p?BB5&4~u7I5)wm{EJ=6ZH<Hiz&WuVCiNUhypiW+WZ#8&)4^m_$z<J5{zX
z5pun<4zyZETH@j4RXMh2$#srlxF)Tfd-Qvletg~ZrZpN-PhN6L+#@7opI@;=bjnSU
z$G=ciuKKkSa@KxrzT1bFS0ijznT&1NSip~;6tZV;sJ#M1h!qhs_1?cdkSj-hi=4H}
zk6tX)?n|lq!v}*>HP{DZhw6owl&X<F&w`7ofhtOA?nF9$;#bm6PG3-L^QY8}U-k!_
zS1wAa!8eyFDX~1NP`7k1y!_H0;se(^$*)0?!jBRtj#B-awF}m!Go<>5pT##2nn}V}
zG0ZopMlQp~C*$Yy=V=FS&mPY=+U8|()zjyIYkTBYZmdIx%5Q0J;b~RBwM%0j8nhc0
z&-A&a7SDj)cxY$(^mu5e!7rEs%fFycUPH}{M#9ptpoF$ME~ln)Qu)_>|8H{+N&-W*
zFeb-MwJ`7nX66^CXFDDFXLGuk63xRf*X5(1mFE;&m^BAR0^)1^DO|3v`x~i_wAMVl
zu68((&Nme6D24+LT<(9?S#z-QlHZwn2w-=g^AUPedn8V!Z9if`>ibS_btNBiY`T7U
zr(V|Htbk)q4RvJ!jDs{!_hdzGQqpb`aV{_?{um;f)_lsiwy7xdO^%`LrB~fUdV87`
z4rvh(PVOsZlM6*A?I-n+=<u<zH0{H_Yo7Y)#py(iaQ02{Qyb-8*Rv8xOWw5mKA8;u
zdazRWy#|$+<5UhduSkm5_-!6oT&6l{>tPoNFxS}Yy9FF*(XKKPxwsLR^~*&|;Kv74
zH|f)zs1C49pM@y_^fAg*yJ%`oLoA#0@FHjXNS)4tQUQ7xGP8YXPG^4APF5wU3q~^`
ziQf8?10M25yi+bCIM*2Fo*3{QR!)|>BaU+#9Zn}J`;QvU-sV>*JCT7$%OKW5h+=Kx
z%4+bGaBH4ldW?jT#sGI_`_%TCh-<b9I4(1F3Afof@tQuAo@M`yb0nIAx%l##IJV`*
zSlXdp@Dgps0^W4F(6``YXxphF)TOOkMljxii@cyK%t>E{bshP!F*_1?je~v>n<x^k
zBlpJO-UE);^m>-(_+&?i`f*{4WpEpzqBg*>QLR?vutayw3KNMIzjGN^8GC5_2N`*J
z=bK*%AD^bnudJq*hvpmAxPw|**R2tYPK+*>idmDk8r3WuuHGh^yxaD}1Dz8*hq%#p
z+M$<sj67}E^>Zr+;+X>>JM;aFKsNu+5sqFY@A_mnz;Br9x~+~&JvoX?Q-i*`peuBQ
z<p+pbZG{&dT^JjrdsdF{&Kaj`J*SARP>f#(UwCG@={UqbQXX$P)vR<}X#nDW0vk5-
z={XAr<{L|z7hd2V>S$eYOgG)orC!_1pmin@zc@}->(EE1_0T9`wZ}YTb-qZV;?Reo
zWhbnn)*ZCr+6H!dmTL5FU21LhNF(qhu=c<1-zf??S#O4XW|&oInZ3kc=?`4n8UQbz
zy-phQ!BEAqVt7v8Fe^SCu8ue;hr$D%HszEyE$v9{uDYg1z_JD64b)}~?3B!6zU!Al
zWOmlx9u8eS>63#WxW1XwK7>E-zvh0YREMxdxm^agth{G0p4RVYYa2c?$Cw>E;>Jzr
z=Q{@D39fIt6j*j6wr-ZSY^LL7Uc~qA9Es>)8oS=mC*X_N*lgOc6}aK|$U2X)sXSM(
zDI7^}qX4UH_7V-yGR#(=I$1Vp;f*Y`66-7zq#vb?tevl6onqmSwAbreJP7xk+j!N<
zD{5jthmPpLu?K~n5Zqva7=ogbHwJ*<jUq-y+MhblQ3TkymA*Efv!vozK~eX@y@cA#
zY4Kq@WE-H3#|Nw%M6Xb88<j~0clP7<H`jcd^WcPC4^+a_w7y{?XAcsDK3@MkCf3DY
zkDhgEta!<u!?))*(Aw{@f(qdk>nZ>?0Azd_qQ%_)@S!KF2NG^PhWZnwne963(vfpW
z!@+rK>(1TllgChVqSdm}DScwxrXrNkvCSvL<01X}bc~Pg=f|g6S3ZaRj4GSj86goE
z%~&DJ@RjD88@_7130lZr2}?mW5Tjp2Mz^{(&>oD9I2xm5&=y@z>COSJb6T@U=e&@5
z+VmKV?y0jzbuSgXK-X%Fh&bIkS|-h3*xDLfP3l*@-;t+{z{%CsyIc0w_?vg_yS{>&
zCwOPnp4vGhGlbiofsH%w@q;5*DLp2edv0!fY>H3$j*}2*@WP7-@Nk80Zsr$&Ue#9(
z)7mrh2lL#vSjSf&n2sS5?<PsdAAgFLQM;xg!>RIGlIet^>D=@regEM)A;7pJe5|6f
z6S1<BNFwg`NS?=Ag?#qoIz`YSjqsI)9Jj(`OWF2S&@8*qA+FpUCGIl`+)i)@x!iRb
z$pLlrXNAs1I=y8KCOn}&!L01B=uN}--Xr&|efKMyk6q6NHf)hP=#POOm&J(>{9Wpr
zyb5tibQDeN^F=NisqQ@^+krWiJMwV{Qk+E!TS+DFoRTb)_gOVAljyvqSkIle3fNe5
zD6xjv51Kqc>Md%P+jyG?DT&s<K=yV{(!7b*R}8&xe=A{&5cJ?Acb=~u3gY`^S_TVJ
zDxagC)x)r;nLR{LPJIbaZ;NjZ(bGplMvS|5K-9DAhh>0k^TpuC4tX`tg5nlM3#US(
zP$f_o^MgE&SHY}@GHWs&TRMgW1LPj-<`&+gL5ioZfP&L&AvbsP#te@yb%Y`BY@p!5
zj#|fJ!@THr-mIl2$-4Tqgw3luNvC96<$Nj&KRv0eV`y7pq|hc*DI(`VpZeKkgQ$qA
z*Y#o5u}L_y8B1Gtuewl>ROhDBVwohl77~c8S{<i^r&|3(ris?R%wX;<vm^Wf{kOTd
z9{Ol2stkDSece)(wrE7RZ;0lI2QUrhUhAk0%S`tbUox9F52}wC|LV;hFdS<doclz|
z)*lpJ-12K`rt(T1r(EuxMJyDaVVej}d9>k7zgu{vHc)bg61Zhp;X|t&)pb^>+Dxm=
z;Jam5zQsIiH)mFFp%j%0SE<17MBOWWS*g%`sK~%g7as>#DZlnbxiCH)u2N2$&8(6e
z-ryHzVon!5UAZ8<L3~{0fH;mpj>Q;>MpZ8Y9kXEQ;HX|6?xCV@s#z3<a{ntjr^0q=
z)}RMW?&>d_>>)QIC@Ylfc)}jQAZzr~%dBSYDl8#){@-XeVF<dyY@GeruOZ|bN@<O<
zMd!92K4~kbl8$jDl8#~6#d}~(V)ipA=~LEn&B%t(5dA&ZP|Nh(4A<DW)yt*&8JsJJ
z0G?E05~mQK)GNJ|W^9VrPV<qr051xL^v(f_)3dKvdiV@0eFM&CXJ4B<P_37{v{`0N
z-@Uvlv&@<yYLu)^HO`tN$}D&BIvy(YyZ{uyezHE)IGZ04zCUaH?qsRYo#J#+Yg*Gd
z{KT)(^$>|BVaFo5{@QQnX1jk^jAmimA~mjBO)WXjvZBz<HDjrNzodBiuqIKfd2T9s
zi49c5USw%hH54{KnEx9_$#WJg$!s7~mSi^&<yEES7?a38)3_aJ3ClPasigr}FLM4{
zl@*W`yQJNON5q^_-FM6_Y`P6oV@|I~&V5#|DB3-&X}I?wtSN%72DiCqmq$d$_`*@d
zn$fL-Pcu(cl}g77KD5{^I=V4@mL$HJdV@a3HuSN5ASW!@PUZRsVc}!jv+kXPhnj;?
zpIwR9_&P;N4oL6iZe4?(erOp>$LY04iRRW&+~J8T0@|hpE*4sp%%9{^#Nqm>=|NPw
zq0Ys$N0PwCWTohJ{6-*J^M)3mtN&w-+l=|K>T~2%i=s8jEm=6VL5I1rWAN02A3<&9
zhPabvUqsiF8`-@jYv9b_nwGuG4F0m=fcJ4DpAV3C(wpeuX`^dBI6`6Z+0VQyt#L3Z
zW|#5&fH{xee%?Sj8R_AjF=(zfamMI;-hwcBNFT&$!R8cS(HOR5xG2@VWblFogC?o&
zd5aW!eT$HY>nl#>XJZ;2NG5Hv{ti}HRdcKoOO7|y*#WeB{o+0h=Ckk!Uu7f)1LHnE
zaF}U7<(c&yon@%vn8qj(jUW_9Kg9jnxI3R-Y0T20jlS8jzeO9jln+wIjfr!6pX1Hs
zmg`#PuruIPqODUt`LOaWCy}WCV^@EaaRJp;gR1ikXc~PwNsq_c<sfyL4NN~hVI`qv
z0|zf%5p!A0AuO~hEVLXkt+9faMPeOJQ(~LLT3S_f`FU0z*Mh3K`oh~FqDiZ?cHr_k
zl{4ZpVgrnB?hS5GncupTzq)x}#13+^->XI8sq8I<M5sAedVp}8lWb3&IZ}(42Iq&2
z=1c=pix&s`hyDiIMT=}{Oe>=$qiM@OfT_e&d2BTmc?~H~gNP`W!X4+vIteqeo~424
zjq$SdQ_0*CQZK#=q<^B`LW;8s6tCZCJ9)og`isutK^mh>E5}@A&ne%5d-pQ6P>Vaf
zC8ku&<Seyt0cpxIaKFa)c=@aIiQ=47z6JMggpi?m9uI1qQJ^?T&~Xk$sc5TlaFeN;
zTMiW3VAU*##(h&o;L#APRH$@+TvsM});FsA*7A5ih!5}bm+l2%45zzK6k{1Q?H<x<
zzoe%51LLLQ<2PYg9zpf&nlJ`S&xE$dIR@@1iw1Jhl(sDFH<q+CR-Fx)`WJQlL@sGs
z=x>xLva+%0)cXv4t88qzq&#hDxHQ%iRukpvKI@EgPk(P?Y;}kPEY@EjBrRs?Xm~z;
zxg!7AZB4LnRer==b99@B<e7Nxu~+*&M>^Fq9><el;pJy)3FFjUWgI*-4-{4)Z>nQu
zC19&#6DB0KFHp@dWhE`q6;5l-QxB_xnZ*y=w7DTo1TNY{bD~6Q4>QriQxhVWRf#ha
zlTvt&6Cz7ha_p9ql6b5WM!XDi%$AChdeRJX=$7chc*0{MQdPpHpj%*cEskv-N-d6M
z{1`9eJj|G_S3}4WTf&B&z2@=o5sX*hqqoy8D0Zp-;ZEX^k=5cGc*&yfzSVh8cxFGP
zb)O?}+->9(+*mW{O87k6jB#x0_`F~KknU7LR8(E5PV)jq8j0$p>lLI2>B2Z+b+zm`
zR&_Pt-+@eBEh`Q~T`ltuuyT!asi<zinQQ8XCzmi8hf7V*8iY&5nvESK73T#PTI5kL
zlo-A>RJ&*+H#e>PMJ`^s#FbPG?Bh~a1;d$}R0fcnn@~S8^lz*aiS!7^WEFu)$5?Nu
ztPo^GNWq?Cl#3x_*uJc~@>Q4z<x@P39nE7_hwU%v@Aa=#eB6HN_5u#XmyGq4$^$oV
z10f}NWR=zf(|E)F2GH`|-iE#<=-h_)ZbJt`=7FQr{_25-zD>oJxFx_FJY$Q}^0Miq
z6hashjXO(|+?BFR{h?)(@2v~giNC8MJcRej2f3pugrdU}LuQ?7l3OQ8xO_U~@%`Fz
zzi$U=oM%V2ICbOC{?hD98swLv=yl0jOFz=JgPuekgCpE<_bNop?0qSCgb4shY=AvX
zOZtE-kEp9H-V?*iG$@ho7Xu#HQ?McD-FOJC14xSN{3z;Z-V06$QQj#k$GxIm!c3E_
z)d!_Ja<32`mrx@kDlt*Z2BTAUQHxg;;^Itx3{}4nu*UzL;|H$7>uOJN-eivOIpXi!
zgl$|v?383o@~=ww1$Q@SfV{f84(|<GcV#cYx*V_+8|Wz^6A(vDKkHRJ544qzmj)Fr
zz9(z<bzFdMd!mi{$kRopv2sQ-+=yfw7OVDN##DBhouLWWbBAR>^Lj*i`MUI?f1@oj
z`KtC};Qi?<!cIXKY#Ep1uK<kPh07l5cz^#mI@KSonNydS5qP6(JE^nl^DX6!aRRtg
zy{k6(KhSJQW{JCyn)KcFX?s8fBaRQ$rJYJQ#9n^wYfNe9*dwlCJ1-xl8<N6Abs(k2
zfSja#d7fpNbuS?3z(?5T>+&91A2+St0T8+a!SeXtnneg-@gC9S<v*J^kgQi<%0*84
zKg2g5V0H10+v%H10+q~QEQL`&8p~F2A_ktIpfKKi1uVg6s^X{FFuL6i<y}?k200Ha
zK7j<PWo^lUx26^8m<Og6X_z~Eq2T+y6E5wLfhGI5rEn}0eD=HuVB42JO-UVMtzc8m
z9OaORDVsPb+9fIRDRo1!Co#gl4aw9=3?!ID&^aHfcO+bKm8I$~SKQ1ny)0ub0K?{9
zv*393!I@=%7eh%1Ml?<g<N1}sX<0}HZkP2*DSyokM$E3ieU{f)eH~ZW`UddkhLV>z
zB@%gk!}sRqBQI}IByxy|3%HljFCBSpNATwMgBS0oJHtutI}ESz1siTJ-<5Twm&_Mp
z=HPIFJM9<k<d983U@A&f1)MnAb>QY&ijb}aP5{^0#ZKUWNBbs?T=S(7HATPyLPUvv
z@(m_H1O?<%TE_|GbME@@8iJ8vWStWb$+!A;uuXEXgXolGACgy|{cw@*e2XL3dIrM3
z-{@d0d@x_@J}cWm-GK(*obl`0+>S7EAmq-q5bB@=j9KbLdhc@3K9CU-;%)@wGh2n-
zbxSFpplaQYQ=*l@PHa?H^)~Eox-@SDtUE(<T7}#xB7`E9V*fb~--mVnITuv8kRU`e
z1oUDFQe%oX(<DWKQE9uFH!JX8Hm7_`)0Woc`PrI?ZYHb{z(KoqNxGFl9G9FG_P{Le
zg+tbgP_T$bkP^~fEAMIZJ_1aoE4HuL!vaanPfua~bjg_x6DW7qLwTzo`@kgrgiY^_
z5YP9nkH}ZvgNhZ^gX&UD^`~3a1>bIbHeU$P7J)Z_#l|*)eq1D^Dw@R7!Odin+Y`E5
z7jO&~nn}0upypEl94^gwVqbKxqRV=d((5X_381vg4NckG8_wrS{RX;kd`x)`&KTPx
zkUJ@C(fvA=xf=+!;fQF9zIh+vQ?Hz89`_ql6*n9a;8PALzSGhoTSO6VBHs$#ua0V}
zKVP0!PpHQSf>#GsgObDQ`u>K+aCb(i>kc=T>kTMCP#}bnTo0A79heZ-!}vDR*OU2W
zPJ2L-(KnlHG(xxPG6`!}Ew@Bmn0|P@-YDWR6Lf-ms->UCx~=w45y85xs{ap2;Gx@J
zDteiidXcwINun!7*r>gzy{>z8x7Y`a=Eilf#E8QS*V6&~xi{BENDr{FFVk1LY{n}%
z^e;bNQ_8-23zzW)3Z3%%>$iWJ{M+0@+uVMrCV6k>seU+#XQcj<Q0+|p56$oL38Er)
zetbaiWqLESwo^waXbWwH0BtyV@DG}Rs@!`u=kVQv>kAvf$7Caei7<<#XepLTQxUeI
z-dvoy&!m5t4GUSvHTjKn`&OZU3FS_&2_{Zy)4)YzD9k4)`_@@c<o^vwG?3#;0{f>0
zfrxH%;U<FIY?;uhV&yL@2mU3xS%bV%M(N}rnV7k}zQYNFOO(pH_iCPg#k>N_MEnyw
zrgs3T^t`?E&z@<yBNG>{NxU-u4@{k_l6;-HKWG2-u_%RLJ8C&;vi<@g&N#|E)GfuV
z6!F;qmFX7D)!eE14-!h%&U(pV^5XL+Bqrk?S^HyO)?YA%ag=C_LJXBEEN(fwo`L%}
z7(MV{)u}_hsl#=7)<zPCSe@`6g$sd&>bFs&nU$$|m5B0l!wPfn_PQuK*#ofFIoFPE
zF7s6$e(l$a@vY>`Scf1fY|Sgxb7<$bKD*}>Degruc=i}H9waNK>B=d`4HVj`DbW}8
z8!FWoQ^zZ9RTgUg#gzD3t1x~P>%dL6B>i87Dv}6ayFLMYM450Rb>Rqm&~(4|bAH*v
z&p0WZaGu(0+*ce6qfU|&W+^lg!5GTV!cqDR3^Dqf889rlJLvb{fZ9z!w9DzRP5Q9o
zcXAU18|UiR4-hbHQ8pYd7!<tpc74>*evY4c-ug3)mmMWTcYr-=@biJ=&9Ji+bAWrB
zD!@<Hs!Y~eGoC^{^i`NBBg@zk(ZBz3SWrwJrC&CJqrdP%jX;=RRBlub-2we=9AD9y
zu_NZ&RAFMrSa-gV4NdO$+u$g3N1V6)-(DF;Nu?g|ctmk=2+hc4e0V4OUM*FWe@AZA
z72SdG?H^$Vere8MB-IC`a{WvenQPU_h=2@T5d34Z^YTTCov$7((th^Jq1I1s<X9W*
z$0zyo#kIs0=<I9t1jvdSZpvTDuO!PH1>MQvbB2(L+HO)tq-fVkGic^vr4?bNN&MKn
z0NY=J9rx^kVQF>JI#IjusGj^;3}P2==@k1v{}JZLWlr{wULXsI-id2si0mT&y!e*h
zrFh5nfIp+3@4Wo#V4S;ZmjJa{Fw0qtG6lguW=!ytThJ%Z!21(g&!TSvmj)MT!CoX|
zGN0~({oru<-x}s;kX~TGl703;?cb$CZ5Ga|6}!L;UM3mS_=G+#3uj8{|2b9wH%a?o
z>7bm@&QrZKFNs`U3aud5RB__7ndzJA&#~%BB6Q&yznI+~o3#1LW=0M!&;PYh#&IjZ
z6n`oX*kGrq60zSer^Q)FBl=&Onp26}7dRfolS-++L~hqIDLUci5QUji#|IgNmnjiY
zrC`DdM<<%ORoLxn<a01m=j@iCaalYvl1Z^y1k5LT8(&mYvo9#1b(twgex6!Rey-(#
z9Pb}W)fmdc2f6(<8jbTq?j~>?@8rD9);%`orV?G}*ZP3Ghgt}O#Hk@w3vE~YziHk-
z%bglNe?29@T|#S7byB(ruOt#)p}MzqkeKrpdRD)R*$p*R5q;M7(sfX~ZQFG}%~=~b
zHC&T8HP=;taJvy{;%bt?y9zg~bMdTWSjJusUC4^;Ji059(sg%`bQpPZ&e{R5n|P@n
z9_<j_u+4&+A3t034J|z9SbUo;ttn**v65DCGUe!@+`%z)0k97S@2p)u5}YRM*5KCC
zdT}@5wW1v}-Iawkv1ntlVL##nWf)(cALt2xl2*iEKv39tXFuN86AG4D&xM$!oKKFA
z7E_mID5N8Mv(@r7p5L482sq0)T<5!-K0O|L^)Klth#I@E8_59F@2q-cl8;QL9)N|{
zGyScZKamlj2g*X%&vte<ojbf^Td~OF%EEXxmVqSK;ch+YNUf1OB5F!^6Uq=#(&jv(
z@Qp6FA+j}@LWi8%liHW5nrHt@P6YBrc14_J&_Z$H(xp@;=x_xX0x?qzMjy`?U}etd
z$E@D<U)Gg&_%IARG**9On1JyJ*V=7aN6^}CZ42|#JF_kjQ3o-6%sjKA81Om1EB_0b
zyciH}syE|ZHOG4xATkoa4t|Ii2SVV+d;D;H2orv2<OT<R<V!*?-BH^SQYitk^nh9U
zBbf*TyF9#Z?JR?sF9s}};w|F+ieLI`wSWdbJDUI(pMge+;{8<mz473-oc&%iv`&^f
zKtRnN7Qa$=SM^sm_1!m)?%BJ!g*u0$BAky_P)?Rt@K0b1Tuz=4Pg_R$mQUQ?iz+G}
zuc$`D>6D5EItWia5nxQ+C(|$!E6IVp1%=rz%JLnX<L?9fRcHb>$QQ#j7+;ez!PV-0
z?*2yWg_T5;)~)zJ_;PD+?uHs5aOV`J={rtBu-Xl&wh+OS-<%6salQ*inJ&_{9-(#*
zo(r1w+V2Wc72indcdelsV%V$C31=b#uk5E5=iX6Nfc?O(gtMJ}$3f_`VM9IKW-MU8
zZy(|8k5LfF)K~AA>vaOU%r2%d<e@tFI^<x9`SLc}-9@FX0h|f&_A-g?`wYC^-&^lA
zBmGtVa#S&Y<-vK?KqbHA470xr8Bx{fWB=usBe4M~2Y9}T=oGa<ABG#+8__jMh--n`
zU?jX=g9TvVPK<CLzXugc!_gE<!w)H?+X0qN^*knaP6D@-_)gDXGDxq3yH7Jjzq7%e
z3JTh?h>nnbUxF@`>bgQ+R8jx!K^XyJmiNB41f@NULDyj}BY(qxq?I23G_3^Vviv2j
zOi((v&Xhg>yD}3SL%X0J1IYAFp9yK>6#fCVwWG`y&#K27qOthn_XUk^o`mo2wtuPc
zNXXZsA>vn6j72JrE;%aiSl8n61xgag&TD%lvSj)O+<}2v(Ykh@|2&u~l)LHhcRM~$
z^%>suyXk0;_F3N27bC$>oMU_xcRNDQDgQ4_^j80(!;$S<?cGt3)2<r#MKOWfG?M4;
zr{6M;X#ss*nN#FtwV-{x?`?f90xE5BcTi8!mW4<~U<vo+$CpsgYPr?*{Y6MTnt_C+
zvwRpAGH)Lh_(x)Q6H$2-vW&$qB!kna#z>{6VWg(>B&TB}rv+d1$;}U`nLi78cNE4U
zTL#hp!Zhb(<1phf^krKlV=R+{*L0d0Kj1H{1)j<OWthP<&-0g&e>M}HvN<8#IcMpz
zmV$?EP8>}pn0i@fGt@;5=M2uZ$f8QF1cJK{vBMDY%<lt~sspo#BHDWxmoM|ch54FF
zx4sS1JzZtOIzc-^D&5vX#$DDTfuNIt(}mbc?y;|@9lLrpEvh;?Uzt+MYERI1vRLLG
ztz*Gs4#Q?DGeUXe@K_V@6y110_@?V4=+*(=Au((Jou%h5rh{r;Y(a$yXqR?Jp2nde
zD-yTf-tks*ZTZj7Po53i_5r&$S#k{W$gM_5-mP{4X7%7HhN55giUU{U&gj<EPpsl9
zk#<gAd(I(&_1ACgDWB+kF2^XAPN|GTv!0Y^XGS7wrq^p*v@rKKbjLWipPjl~FVyR4
z;8Q$Tt*V2`7Y{A`LG5xSprv6<Aqrs(x#xUTs%$xbGXq&)TC=f%pm>qM?)V8872R^y
zp-kwNY?c+ca13zP69(88&8nLY`$sgkzXlVoJ|o+HS^P<v@gEXBDSHvcN!jyp+4XVR
z%CXMfJy!LkWo@*wYS-NjBDdOuIk~leeEx#eG;f%cHcOf7aizL>S@>Nnt58oIt4JPb
zQ0Wj7cVp+Qg`$O`qjVQhPqW^>R<d4;+QsfabqXGvJMG-H@BVst0UJ9Q7Q!H8tek?D
zI;^fDB<j9yvXNrQ9w<!2B5!Q_FfLXN^HkdBeu@n6%(?g8ywUH`1r!t0=0$VwZfKD`
ztKllSQb)*lwfe0edmSI{44XNVAJ5`nhEDfpeO9cBuxe-*>*8sq`aHHo;M80jwxH^!
zGmJ!k8taUSVQZLPu7ce9TaitF(@En@LVQ4Y*YoLScwR`X!=9ytfV0CaU-&IF=Yc4;
zo+X&_R5)|skWE9hV*`oRDKc-F)hgW9`H8Qmgz0#HeZ}ashPS)qqMOkA5YlaBU3^tj
z3SBfyGfeMTedGCqFJsf&5AVT1)xnRVXozF0?<j5YpikX?PNyn~;yNgVbxZ|Vts1BW
zaA&{z#&Fe#6u+-Y51-e=7e!YZ=7s&-d)gBrc)`n_Fe0_KccbieYIEWG1bJzr!?@0w
z)2xP{8!Iy4pQBe=MsIu#MZ^i}Xr#F!6{1kO3T{bi!B<%=+|9lak`yjFS5iehm$Y^&
zS+H%a$7p@F1tlI;ZfhAi6*`_UgA_{c#SZ9=!l)01R1X4N)Es2{4z}IaEoF)?JEPN7
z4}wW~PF<ae42BOR(rP&lnNCvEG&S6)Rqh(!#N(a7rFq0{AQJ=*gcJcI2V9c362b;u
z{03dhJ=kk6upC3~Rcura`;G2x3S{Er^nf>(E|2SYu2Vz%OK#`OCY?1=u@5Cv_U1hC
zr&rY0^w%*04nhu&yCJ3RGPb~_)=4jID{U2BjuG1B=79KO<2}Uf$=p_p>t9m)o33NJ
zaWMX+{YVZ0rIX(f+8u8=Urw|qM~<u3ueX}(SBLy>M2c|fcgkua&0WUSQ54ln08P>1
z^Bp=8%{RK+wLK442`g#PMGQ~Ut~s^E7r*SRIj8WE&wddsSFUJ;tbEqlLM#gLj_m#Y
zeT3%=`d;pX){(bIOsza)6u=^2Xx2-z8y5CX2xvniqA&TmEvPyC29~qvr$0k9h+6Fy
zmGc1SmsfPo&gsPU&ECw-p75#t8n5}?7k`e^6OdeO2xv}B%7d6IFfvWSR=ZaPfP$Fs
zf+`~nO^qBvUufZYXmi;4%jC;GdP;cvm~a7c9TK0Yt(THf_2c)ISRzRB*|;_a-7F?s
ztQQ^=xG9gIu4v^)<6WZj`Y?+`>kkunDS$rY$@#)3)vZ;zSvzmJw0eE>@!)2D^)a|8
zS!+(y){bLE1Li~r$J%&@CvBOA{SY3Wh8m3Ixi%b<G<r1bf83ODaj4-nzbg);NgM}#
zZCY?~S2fg8&FWdykt4_fG(NZH-y?C*m>oUG7?3BrpDZpJI;+)y96rb<WuQZ)6S(ez
zfRu0{Z;OM1(A)DqW}#z1f*sOHcn>o&GGyc`zK5Xi39GuD7@j|qUmrIN&|Cb-YxUk{
zsZZR@mfYS<w*Q%E&tLt%!2pR;<8^$)wuKNK=cxR3rr|=T?gOE4Nl#m1bV`q`Ia1Yx
zr^zW>57_!c$$Mg6`EjPjb}t((mECHX;LO-mN-~%nli2dUX}VzIYw68leyi}5<Sfg4
z!#gTt?D=w}`l655cALB(BffPeO%p*A5yA9qeUTo$<Cw2R%2DDs9gv%cqR8;BcE;$i
zzoJ4)I>U_hz_+}MOcZ7n4GtWQh$9K)up<yyqDf`!V09!Dj0U|zpUWS)m}HhU07_0s
z49IrVUmU}Zz{~L6r9?F*?C6^w*+W?}jX+<!B)#mCrQZJp)1R{D)x(pP-D)Ww{V2&K
zP4YJ7%tVLzZK`7IuK>Va6b|!;VIg(lY$XwOB~2AUb;s<fHjh<~uldA?1!^}X0mkdx
z!F4`JYl>eU3tl|d#7brq9hB3!4>}m9Qy(JjAm|9y1)Ox^x@OFVT|h1T0=$$@or-OV
zl8Gid07~|ZLCLB}peKGk8;6=$nIDLGy~rmQcfF8Q6Z}BKDXtb=lf=C#4L6@8ZdHXI
z<4!hjeH_KD6s3$|8oh{rog4%LxG=z4N{iGN)Wv@WJUUFq=^n%HVMM3-U-XNWh18je
zl|@|O*6}UAO_OqsP4=6G<A}M`t0IPJ1`U7h0S&hC82jXsm{dk-!x|foDndyqjVi)O
zAr4w>bKchI#89CeG4eRQKN1t-7BC64zOP{}Et)3;__2M;LL@#{6q|LI3BR(>zRbP$
zYd#T+NF7tQ522%x`8Ij{<vFzt3;SqCwyvt_hvubNY8YRXdN}GZdSpfwSKR^g8LZt*
zwq4!;4ds@Hy{K`34&+k{Xrw|CpuZDfV|v@2<tAnO(U>Kwiu3~oLH@Kde%~CdVxubl
zz})MLJp{#p*M+Q(iz!22CL_K89WvB4D55}U`A!vR{d2Dk_W$GSsP;%1qWf8*W|^X9
zoPBlDV~(SwOeRX67vhc=;;a;Crx^V4Z<EA1Xf_()b_;z<ad!)SOW)OzzZx0}9G;R-
zc)q;-iTd$~TwuHeu3#O|3ujM!)HVN%nbc>MV^mD4)nS#lGfQxD^k(Rhi$_EgS!?qh
z58BTj?0Xr<YH5Df8TrKLFY0>w_GQaMjq9VE#-NeQMmB?|B`X4fiqW43sB#Ls*~W6_
z_?P*JT7s8*ZVgZs?EJsXrJW}}H27#|)b2theFfQGaz?CO5YXkKRH659sKXu^01Sbh
zRJ7qaV+^!0Q#t;J;?uvTK~9J2^KJ7W4HKHi@FfxM*`s2XBLl6u$EtXqevt{ND+c@m
z3xtTzY?z{4$sNmjIEVH%-<38mU7($itUHs--!)NL_v4<!yGTs?J%{Ub4)4T6Bve_v
zaIC>e=QT}q=3QmmGv(6{ZeFB~K`VpSM)7A0H<pLY%ZV#}^gCKESknP3;1gq&vp`qm
zE9B)EWCM1H@$GprJW;=BWvRz!Z-2*~m|OQ^nCI^!hR>TTkS+^!o&FgR`;AdcoM)T!
znU)3D3K+RE@>bU?c4%Au!@YnF@oc<6Fk>=}o-p8^|5J$2Rg4&F!J)C-S4E>xVI{e6
zIt*4Jx*Ewz6vsJn+X#-p63k0s=o*pFsNr*5V~U^k@r2-Qp$0HZglKBiG%4u~G&+UX
zNotg;Fpg%~Y)k5*kI;{VDQaXKFqTv!TvP$wUoSA5>(M=hbxJ$Mm_pq3k`lUo*9A|B
zk%Mvc-d%T5tV<ALo_C?9(M|`KG*xnZ{9LwCCyiiz_=$_vl_t-B!bfMv!TH_UL2CQ3
z=!5o-zA+oo-oq~KY8huM2i}c~aSZS_&}tO%j7W3k@;1^c1#e`h5q@dqX5<*o8Bu4y
z)OqGS?)d*>>n(%g_@3`!+}&M+I|O$R?(XivA?V@|+$FfXyF&=>?(VLOF7WXA{@y$<
z{#A2o&OP1tPSxzxY*qK2ZYfVnqr;yr-1m!Dnx42u=U2{8H};;rKJkt&sGZ?2nongu
z$&RjZa%qlfvO_nJ?21FTMEES@u1rZ5C1?$a_OwBF`d&37@d^jU6lyI=%fDUCVR=Qq
zr+y|+N9Y|i-tjtT648f8@*g<yin%4SjHeA|yCf4)UM21y{+iWLOiYsCe(CTv*kCCg
zL;VNo(g9L`NOnB{ND99+gQNtgjz=Z;Y}zH5u_+JO+vU5yX^k%KS!6J^MyR;73Q!wr
z6t(>lr%R#QQeD)byiMUVYDPoUU|5u8)BvcZMQ$%(pIw`#bm$r|EmhhrHt%`5cXt@t
zD_<@;m=>ND@kKeDk+{dL<X@=?4k|9n0kMY{lPY=#7CCJ5_RIRuc%>`yZJYMX0p$SR
zTia-Y{cmOUwpmGK)Rm)(iGM0Ad9fGLY;)Aq-m7r<kIN2i<6LXjN@IB(7TJok?Yhql
z-H)YeOFUCulRR5IV_l<`N9+zZ&a$sL-GAQy@nOnZ@76SAC{6Or@C=<_?VRhJJKcNV
zv^(CoG}t#d-Z<Yp*gSB%=kqeidh3Sm3eS@6GBji<4PPEU-xoL%JVkc$_J-`X%BJZ$
z?jlz-axCLs@R}psjd6PQq3qVm2Hzsw%A6u|tl(b6zfia@;hpyK>FS<BbL?&1_Uh+9
zAa)6Z0rQ=z3&3>BLI=l&<70sVi9lPalTpR*$s-g&vuBS6R*9tETi*OJ_OX(!Gpj4S
zH>`85YrOZrx!Mt&g6)3`dg3L8?u5SfEP*9O5<2lEx<J3!^~JcrzBrsfdPI42wS<O+
z+4eYs5=Qkuw})d!sB!Xu(t_sZfei{5FIQA7leJFI#3uNvD%6Aahvd&?EHV?^rStYp
zO74aK_3|T&ht@0it7m68=nVvG(Fa($W;S~#@mIpXe!BA+z4Lecw8=O?y)%l}`CtX4
zSMA2#7$tJPCw%<US<gLDN{)FS{aA1K{Tch2Z+|#_V>K!Vng&gq69Qs|r43I3y8wpu
zSK;U0k#msIyU`)jhbf@^Vu$5kYdrQt7m(I9zI{%bC<vnbU|U_EhEKY{Ju+d24au%c
zRtoKQ(iXyuMWh)e-#u_@@MX&)P)uV9<rvU7EOP=nx$|;uuxu#BB0ixCGYyBshUTW#
zhKGk6C94gvgiDXv>}vh39q}Bf4Kqr)4mCnlioXu03Eht8F#RPT4f;+kR1%bhn}m}@
zj{A=&nwJ7VP7(rAJTTI}qOXwAaSO}JDPKO1QUA*C{_;w|;(gV4M~Th$X0552<EEU}
z58;xW=RRe+S(d6r!5VW^Z9Vbh`S_tGxzLDvEH~Kl1fP|Q9ibCSkSNbY<37_R@{}nQ
zSr?Z9!a>;g_Uq?5+EPGw|HxZDA%2xku0!$6G|(rM+Yw0SW7mDX_Rh?y<d&#?#H#RP
zm`d?(HY`IuWuOh{;g6y}l$)ljVeclL{z)qPTzGf__`#U4unasu*q`tTqdC}$bqzKQ
zW7piB3(eBVW)>+cP<WS}UXJP)-XT7@lwAHy%_$q+^F*6UeYJltyNXrr@t^4S32DI|
z%P#C)THVR31wL8B<^-R12esc>187Sa;JoQoqLI7NVpani027CkAbs?h)o}jp;2xuz
zC$X(KNp(tr(5^M0=37Y1kt*(3uY%(c-g?6NzNN*&N6m<mnto@Y+c<*0p!&|)dSVK=
z*7lq<uL4W|{ry9tsjX1Dqy2K}ePq7BUayT*(?`cY2l{kC;V#NRW2h=l3K{p6ys(-0
zyb{s$Yb?eAY}^Sd)6Z)5>FOp$rFv^V=y%-}FDiPI(i|I=#t>f>33wmbDGkYkSc<BT
zV)^#%<`0ZuBC8EfM$vadO4ke_1fey(GXjuW$x`17s-E0cbSsyO#5@B|LMcvcB#$k&
z^<i&eFCxV--Q6+^JD|z4pXx18@l9#Tc<0!on-H#LD3)$uG29*$#l@=zsIfXXnvC{O
z1P$MX<`!b@d?GJQMaNrj$W9<PBA7WF<`lmC9bmoxH+Q&zzH2kv20ZD`RT8Q^T5{xl
z#Xdj<^CO9+X#Wi`>J=B8=CS#}Y@Z2zSb)BrmY(lj+|K*#jWWa@x~6>j8=Sx&x|Wy_
zqARs8G@qLn@|o52u^kmV-H*xfTvodTSk89uqy@H#y}*JE8ZLj%3ZEL?OS+zkD9xgU
z80O_4W#W4iX7R^ZituGgHkJn(Xjsb|&6(PY_0GcBimyh`##B+B|A-SQ{DgJq?hpX7
z>Iw)BT_0|qIG^mxm7^L>Evp&z{B|q|^hMm34UYb)82ke6A0Kv82%_yac5@}L{Q}CS
zfCNiqWC2ACPHP0pL*xnV&r+@I(<wK0-RhG1pIwAX!Xt49(hr3o`Kgi@mv((oVHqaQ
zcT+b$UF$DY)TnCB%NEYh+Mc*^&k%eOzAsRJ0p|;vUoa`0S3z;>IK~srB%CVpR*A6$
zFPyK}{sPYzTx=8nOkhMS4v!IL$7+NtwuUc;a+T`vEB#{bT)poi>s-9=#`EaZnvyfl
z?!GgGUK*4G&aHMEmZS}KcxiOmUWi^p)Kd9C>8@vAs90MCYb#k>P1hSreVQuaWk&$H
z_|VTWy(zv&1G)d85FQS{jM}GuwtRBEjTv2Eo4Ur-^y3g11ixFlA-DWJA+T?r<y;{s
zw5tP3EgNTk89nd~f-ku`VAieNkUbVo&@a+wDOa2erJYDHBjBB})r3kQP=|;jdH+u4
z{KXh&n{Yvb9gYr>VvGEM&hby7raW>diu_P;G)et~;GdY9`|bHuExKd6PeXKEL)2+e
z;2%J`S2Y4>cW0+zFunp%h#g;}ImZ`W58P>&O;+e++k4t6llM6#)5sU+shBh2Q(UBl
zCDNI4F%LWZVZuAtN^}}b*{Mo&4b$_$WHc1aqNR#qG^nKlVKlj{3f&W1TWH=x0{Zjw
zg>&-GuHkU`F4ahlsh8Sml9LK9;xiep=I~~>OyHLmd33lE9R-+>Vv}zcj8IQ#MHI@;
z5y8$;EZjCqPK}8dAEZEcVtV7)s>sIbiFuM67cW2U!G+tSN=f53uSorr=rNv#TWs)K
zrOs8YdAsm{3n1+918Mvnf9IoDrJ&=7fdsjGeMdTxJN!^^)U6Y==~@|AM7yeijBK-p
z!>Afyn5R6**#-N~FlH8`u8_)HQ-rqaXJ7j7{`B??`f@#W*hr1m3cd0_9ms`cS;Ufu
z7qq5$l27DXT0k;u5>-^nBXl5~^P+)Zq^@@v3GEA8bQ7A?8s^BN9#G1cbP@K!kL~fV
z#|2ws4#XePGo1x~ZNcz`d|O)6uyT_TPJLw9$tc@zrc&i9)}z*(1Z;S@Sl{<C52H2A
z66~@F!k=YqF~%~gsDoW9{zRs?E`C4olkN`o|E1*@k@NDyFUVs`onw}!ae=YvOpX(`
z`m2_nc!n^8Q;BX-Uy|)_-LSdT%Ejd3r83}2()J?tLbHxT{+Mm$T3F6Tjfb*Ev)ZLZ
zOy>eglUME<?AW`luqtX9WQ1@TN&!{)f=Mz!f>?A^dQm0WSDv^K%3YsW`jVF()~k8$
z=u<;5jUDMvAMF48K!f~)6e2uAD6wITzzd@mfiF)^nm$M9pKB}}$uS}ZG18C@nn|2d
zMF{styv*kbX8(pXri`F$DM<C)`_`*g(A&Q)Vge}aO-KaU3lo-Sf)tW393Q#WI(i4U
zV{cFZuqU3c{GyHH+t7cyKMX^jUf$>yg?C87CPhEdtYe?0<GmMzrO1Vcmy?OOD%^wm
zS)LVF0<XiU1|bIpD$r0ug4KnH5W+=H!v~U4^yNh4O?iH+B6p}@%rIg5>+%qP&)AJj
z#+yR0%FmMB9fQ+?*8=xjbkYb3^oxLfBtL4t(OzI@79eS-4x!0Akl7ujy$9Y9s&D0y
z!v}|9S<S@n1!!MO&N|_tn9R;V6U0hAYwYCJ@z4eaIZ_J52!(yZ2d)Q%<x+x-jPvr^
z`$WNs^r8OgBl%)`yl*w~&@!T=w(_K#JF{9l*98ssn@0uH;lQdfp}aDt4yvX%TV3vY
zT5RqJ_mPBcXS;_Brz4lJD&N`e;ZQ+}j85Gk%Z4$^!Z6AXY0JwWtUq(nTRF3C?HNM|
zPsOQKN%ryV!iDbz`jPw<MK5wG=(bim-Lrh7&g}0&it@uAtlrc7w{5xolY=MS#JR4Z
zP28=ZNq}gA8XRgvnxyU;51Q$$Sa(5=y|M)_w_3w4dJAze^c&-l*O{tu7G$(taGfZ(
z$*h8|o1EsQI{!aBH_S5vcVv*=qI=$Vykl)QxrP&*rjt|zxAPx89pandy-8<Kul$SI
zH=Sk7H^_5dIHy4>Mdvjglt(IL*-d!I<-?2nBkOWN2tVdIpg2#EGvtCA9AVKt;~adH
zn<%FQvS`imB4Pwv*|E;TePJ25Sd2(lztFU)QH7+SiORG}EjUmD3piAH3#X)v8DNdM
zC^17wg!OeZ?{~j`j}vfMD+;3i9;HQGI6%37kYn96<Rg>#N}i!tl(!5HFbD@oue~7G
zQkG__!m?P9Q~OxaJz`PEGHPnnFxay|`$!Bq1Rv$xGb|uQ5v19l(?3jy=1cJm1rq8P
z!a{h2<O&UX4}M3#ce}Ac(9YV+N6*)a(EBIz&<bg{2ip7~iEMqwuu7mpA8|q375^}a
zgf2NS&LWhj!^JTXtrx+RWW$l(V~YI-A-ado1(%3cgH{7Z5KR1gH`)nik3p)w5JQ%A
z1>Lcpa>`ViH;VYSFLqh^sO^U5;15;~)a$57%&#bdtY5(fmWR!wL%p0O3@1ZLqc5KT
zo^BaOE~^Jy1r_f!o#T2tzhb60&&IzNoY&Krz`G5;>Q6QGw++h&rOGJg`Exgqe(dbM
z^GSpJdDPUNP^+a=t{H*JYZ>=zF<vgw`Hzx|b9S#od;VM5>lXj-BprJ~4;OshkXBn`
zhC&M8*^I6%@^ob_Hwz)eX0eC#FJF~h`n#46YL`nh?KhSRG;tqN|Ju2F#~D@v#AWjh
zA{sh2H12}5EI|_OeB0jOYs`0l*A*X=foFd!|5%M-cL%H4*Nl1xy$f1u4fJxB>X6Q<
zq5Z)v9zA5_2zok)Zoe(AIQASbJpX9psx<bt5Q;p$^p4kIFme#@E#!Pbr(f%(^6T+f
z^ftJ4EB4%J@;y9*e8rohw5*mRWfAeL@GJi`yHX;#r*iV1urcqch`3u)QMfTavPt%~
z)k<P)ArNRz*DZqNO8$j<`*0kIImR$k0Wzx%dD&iW1a{882TBMkPPf#bPhR8z9+{Is
zbyzEHLu06`nq2kPmPg;ZVS3dH)%h>{*FAZT_ePl8TpSV@LtU0Fd;jXQDt$(~BAM3C
zAOfGbK9(b}Ogx($>HXvon|)ma8TiA`p6&)WDrruCzUnlN)sjv{IfS*vO|~&~o&T_$
zZoV-*!FlJsvRKU^EN=%HAF+{X*XZ-a6}&aRtb^%KtrN2OFb*bz_A_kFbcns_>;d7K
z??+<gn?NmSYsy{*w$5s9BGs^09Q>NryVOe>%)g)(>NUF?prCh;-xjP47F&2|xnVxL
zr!kRz+!ZrC*;k*8`Tiegr_+vr3vt|y+KCj^=nISE%WdZi+HXEJEe%%ag~Wv~NM>3p
zS5N|a+O+R0zu9J=!y{u$=PnA<)=oQRGsy2^2g%->-ZyQ~cOYFU9!hdZ;8&aUUnZ_R
z_hkH3!<M>hg<(wnvASPndnJ$F^YE#oF-PFB-VkUL7@)7AUj0c2e~*0V$mg^7&XS(;
z&az`pYJBej<Fht+U0U<SD}HV5s?^`KsD?j0OF@^}pjZ<aAWiU;DA>1(lRQ9qrT5_s
zpZK{I%tI<}olX+depPQx_p;?6iaIgZJvOtp?oKMG;wgU8i?@jBjvIwKZN~K{!at{Q
z_@tAq_3FD%z~hwVnT@w^(a}j&LdB<#SjMV1ThrLch#)r$Rti6GcSOhKce}{y+r_VG
zABM6WMvLQ9fyrgr9=i)4)R*lxp3WUY20$u9Ta?|l@tUEp+yybV_vhKP6EvsJeC5t=
z_uy`+AD@-{JX6d#3&8k09+Mrszf!||wsia9!+NFBd^b=SNK0r4_VuT_mHc~39No*g
z_XF+tV!m=XRh{LIdfX<Z-q7)%y!ElPz<kWkfItTS-2#w#gs3wz5lqfN3*Y?8x4kz`
zK%;4JXD4p9a&h(+(*bD2krU<e%IsJAp{_*pv-b6bMC3dc{kO>UOt=%LgmBUHvPM8*
z%!Ao$&U_gIg|KC|rcYry)~wC_7I&61D^Q+K@C7N^q|MVAYLR>!$NQDbFZ<&#PUpGS
z-Fng`nz!=^o`ma<X-)}7f?L8X@>Eh+<*OBc(^Dvj68CO#qPIbi#uLwBGv)%zYhFVb
z;`Br-y649l(K*X<?nx%F5e|8gfx_9M>O6Da(UHz>BkfbL_Op{&X=u~+)lmxvSo4<Q
zhJK26_XIQHZDl-I(B_$}l+hYORJ>hp_og>)s3w%=A|*?g5X|VdmRL#RPpzvePpncD
z?B=s}erI(;hpjd4{iEe`Kf&dQs3^zJs>*6lsgT&pwCnTt8@k1=)QI3Y1#h8|$3ach
zMC%*Uy;8=@2km8NaqZKzhs6s_figbLCNi%iNvE!(W+cTQCv!;}M;4x6^zSP*mnF*F
ziN&?cM=S$chJ5Q&!~kEp)J|$G)lFuJwA7xZ-UX@@PP0?boRO|Y<HzFr?>>U#uj_%+
zgI7`@BiH!1r(96xZ(q0Yk0%GZ3<i9$RCi65JH2w#^9DyW(Cua3X8p*1m2pCbi_N62
z2H$2h+Y@eEP=gN?XPzK-aH9v!5sUWqeCM>WjvZY`f&Kxmbn}Ilq9v@KD0=x|ibGGK
zZe}J2x4G8yvXq(2xxM8%U%tUh4a|p%<xjndC*4q8i=MFxM-Q8^g64C!*KKdhEl=aw
z_yo8DyFZ9`Ybw3UKA#4!uLuV$1DRs4xSb5Q23yU3uyA)JjJJwL@I71nGMkeAnfmfM
zF&>L!69+hm7mHeWKIrCfIkG)X9I}iC$_>|?Q6omFPoy}1u9+^q$Xp!WPbyx@XUV-;
zPNBECApn<4!t1U`8UgYhyd9ZM)a)fpwVQgcsW`5r3B)bFYaLf*r1Op^^-DiRw)h1*
zV*GoPsQ|#^9}^`pG_}&lSk0A0t11HIKRs_dc`V!?i8E-~&jsUY9z}$7E7HE++}?zH
z6FIkDuiifI;5^3lS9!;O>;$EIi+Z^jj<_xdAuMVqVpuey)=qzR^!8AATZr%UF>`?&
z1!aVhgzzA39H=b~#n}u1MZ(cjYnJXpzt2_$k8?UIW1_m^cyL^Rc1K=#4Deo#;Mm%T
zbK$PNM=TmXMzd;pmG2DRoZCx+Lwg|Kby&+Mph341zyzMc=u&!{HNxe#y|@-w>++dY
zTaUQhz=c~+@iqlWVfgx3Am_njto1D3iah_Ds}e-UlV?r+uA42?Cdc^ECRn*yaJIr+
zS-xQix@~NVcZv|{elg+;AA7AdP(6AoLQ#X<``zEIG)Qd=cb@CxQf(vLuT|{nuK=z=
z;6gRffoJ`slU7vvXh)xrz|YCBD)aQ*?O`0|z1q-ZJC&8v1M#S+S>?T%Yq5#L%0bTk
zY%!)_ol{gPNSNx{yJYqdp-acv;ky&Zd+<~t%#xx!XJ+E(Rxt0^XD3sl{A&Ic*Yl+5
zyz)<rN*QRf#QJ$_BmBlsDf!(7K*+XF*o)9`Wv!@8rPYjAD}nKgtdX<_jw+3KeJdYL
zVGO21C_cjkcSq)&66G9+#~3h58ttDA8zAf&;>?R&)h)Jm({f(jX&VzZkBc?w%N69j
zaeS-8^2TPx<$2vwLi6f*WXnq(Sc0J|lcyQECFafX3l*+(sYY^pECr6GQ|pp?Md`+9
zcfQvJ?b5>O6<mAp$z9+tzdzH2w?hv}Uq(bPxvfNh&M#N=-mKPqDv-$s9Mitw%YIW3
z>ORXHy-<cyi8}~cC}!#Y)ECC#F!x5un*S@vUP26F5K8m7_wpsVJQTirX^Q*&2PlE`
zB{%vJ{%qQlj)G_uavBkVdFwWzolfb%G?CEEdK_6%K(Ds+H_NJeEL6g5Ha)ajqaDvq
zgLz6fC93uD07JsZnL`e%HF8}$@kKM1im=j=aZ%gP%!;2QYqhGo{&nbzHFawxduWcZ
zb3Dd%yq@`ILFV5pw#Tg%$gkW2)49n-cm3AT7U8+s7wP#TK65KRX47qNn}zmy^|wQY
ztXx|wv}XG;F&tmy*B4RX`XcIIWb!{k^hMsk@sC)oV3=*jaD0J(sDscm#+|z++MWAq
z^wtF<j?H89S6BV{5N5Oich1j?uO@UuHH5X~$D_qvsr4sA)7&_lztp}m1$Re71%!?c
zj2*WvU!-?T+im}eAnGT``QDG{`rJA0-aqF73owW1MK07A1>Ad9Gb~6O$$d=h#`=g(
z+qJk6HKeL#2P|pp?@!}L+4)A)w+)4R1G`^++v+=qr13iKK$2#jF})Yfce?i~LstZV
z!4-pjv*=CEk3U}y!}y(cz6G9X%b`l_9?Q??hMu+jfO&1BeYI#H=SS+-%_;Ss_MX18
z*+O%K0}K<MA@5%koZEr?%=}^i##ObqN?(3L<8OVLlfpouC!9OS?!hgLp1*ICdQ)0n
z4BhrUOY0YxhwITAT>dlK7W?4>#Kxey`mv!n{7QRJTm2Zd_E$)s?(Yyu<_|b^lm)Ec
zfop+{lDc`Kd4XkkJlsw-BM9H&zhkCAFhSr(o&`oh;Qr<dl!Hk7-4VzD;ULj1vM$0u
zOXeiLBjx;a=c8|+K!%k;TjM+T(x!x+*`|X2&#LC%4AIS8w|VtT)Fj+XYZ3snY6Stp
z4z2|mc}}Ct-#SCOna^`t{#DQYD>j%>pv?EqL1wd3g#$c(hgh?VCf>0X8`q#A#Y{|g
zkF~73FOu~0OU3_>SbUM@uRy+fX>9%c(f9uxO1|{@xvwd@`1}rvc4noM?HgaCn*VH-
zG1*+lx`685DI3SCD&AH+20KMqGmFXg0c{=ED=y8YtheYC&Qd+3xZA8ZGf+C-@of5Y
zx<qMdebtcwx-08Z-aL1zX~ujUj~?toRNxS<ob$gjA{5cv^l)O?p^ZyZ&DyZ%GajtP
zKE@Lj;yiP(Un|kRJNYlU;fNQ)#(4jt>m%?H|8<eH|LjviX<G%S+LFyK!*+)WYk>(9
zLK@vgC&E?rJd-&*btaNoh<YtJ@)ub#C#zDT`|3YSyXa4zHMAGd?jG3AiKdpcSmgbc
zRzke}3ao^jgGH$^;w;1Bv<3sP(OyjLSiXn4gE4d0wQcn6xrpz$IR1Mwfh<QS{0Eai
zVHLPwBXX9%kdAD|qK3(ZQD(4R;Ncgw24u2bhO|`@eP%ND6f}O)pMW)LtS!fX3-eQ&
zTtyYR$HAH8o#{dcxdxujnR;gpy8UDmoHF$;7<}l}kry5|ef7ebpAS4$E298J^-ALV
z(to0A?9B(<r7(?Ywb155Cx2pnSoOWiM*%gMmaM?e0U^Sq5xLO+KH)#6``+cF-ZF5W
zD#4!oDyaX8e4gRF+vz^kf<GvgG)hGN$X}z-D4LVBq!z*B0AKtouMFw0pn}-WN~%oE
zK}x2jHjCxYF^g2rB!T#h8-XYi+zu{u1oJQ5v6`iMTi3|4x3*`&-^efHz2p^R0`vU@
z;#kItjBNsEfOZN0D!S-CTV={x*2&O$NL9@$izASp2Q&LqIg(@YB|??0a3T+8=npL?
z`#l0D_dUXkrC}iH@sNsLYnEQ@S>|defw9L+N=WC3frQSLsVCcDhuj9$L7Uv>_Q+sW
zBLo}6W=e$4VGYG$jfYm!agFn`vX^IdXR4T`VnJO-l1TgLro`dK<dtRQ@I+HedgtV3
zEP-bmKVARk;Z*^GWsO+O+va=n1&I@?GU8L751Ir20g0FoN@qB_&>o5C^H=Vb*(t7b
zSj8pwAek)G?F8afHVw~`M>3tUNZJHHUNka=9G`;R?^LY;X`Hn=o{b&mdph)FZ^t;)
zfkN_O0=G^{fRILsN|$^ZJ}s}BWnz7RF1){m4nCE7f`*8Zh9<Nhrw-;rvpG`**>s{6
zc~47~LhM)UT{*gnVOr|tc*HfnHK!_k?ri)u&xVYU%u#$b-j`#)poY2ues4NSL3CA~
zOB{aEg2BbY&WnwfB_S<7F>Oq4_Q>PTc4Jxiz@4@?_#$G>G0ihCRq>8Fd0ui$y4qap
z1*|z0b?mC_R%JDqIXO-yFWguEvEbWFh%ZF-CDYrU;p-@kiXvc@lnN;xQu(ji9Ua0b
zU<^=@T6#F2=OrZ+tV;&2{3ijdjO1Iu?!u4Qc*?T;1V~zFmp<B}*wjKgjUI|X$UBV}
zdd@Vn1H6aFU%VtAP`n8Qc!YI%;Z*?`C1d3`+o?OMyb6lqTb>7<ZuP!OJ>iMlX{2QC
z9a*tm90y4M0E|{aE~y}_uVnP`k9V<;Gy?Iz&jh#IBaSEbBl!1U+f6_yY}@14qA$Vv
zU}L!lO4ifUcepc*$%wOmjSeZAyz2Gk-48L^L;j2uyU^W<Nr~2IxM0f~GHFq2wM<Ca
zWFFwmIHu@{_Uc{1PJ(-ZbvrAQNUWobnkAba;Mv0QQb#*Q(@V#wcgf~`Pbs5UHcP3R
zEB`&FtfNk<s)%e`V_Tu?*3KulSYlZbTM?YzaYkgDe^%~Io8MD`ItEh#ZcR`T_QRnl
zk6(<7FLz2qK|^g}QJxdh&vlWgoJk#V!NMMam6AgRl9Ho8d;*G;9n*J2{)YVjH%PWM
zr<UdTpRT?<A`d5SS#Ts}S%76$nL72T>r<V8n22dg#v2Hei0S)7abe{PP>Gn|!E2+I
zLv=;`y#q|UVY|acAn6di$R){1RIzAtA95sk-@8BHP;X$!NHDP1Ab%q~h<E2Nj1V3n
zi!+aCETFk8{`ePt*XO=veXS9)eX}KE;OOl*cPKR{hV+dIfj|aP=o`~>eAABjTu|@o
zx&l+T;1<b3!}5BR3z@r$Af-Ebm7v3i4}*xCa{x46F&=#M99baUvteJME2NV;3mOs>
z`XeOUjTvM*0Ma>-$Cii|H$qxoj4bdEEC%H71y*Gt<s4n8L<nrOT#O(2Qh^I1^oz(v
z&~s>ts6~aT(IPOa9FQ3if%f67=KM`i4aB}99yjFc{o(eor2o%>%FKwz0!G6oCl+oO
z*Dt2g9rylov>u^ff`7T897UdojD2LkCz5`3ai_sV?IH0cG#LTFiGM&M9|+G7p|I_d
zlgJi-4zE3lNV;#HU%6TyO+caM{eTk{gCqX|SNso6j1EIAURex|YDrr*!vxPVEQ4c!
z^%Fmg1AzZKUtg>`Kb63)Y8u0=y4X;>x_C*q)<OrT-tdewS+@q*;hSt%zHHTX@c!sX
z{m-Mib;-xByLtIKv)kV)*Y9H@r@J@KeQG!=89Fhs%oEZgFr=6f4NaSDXZg7{LHcVK
zO@{fM(Q&Wh(k+uOqF1uko$MV??ViTBD91y+-yvG}m&(g`y4JP(?lV%;=lL-S++qeh
z3g0rh?=7w8NA>bzQd<9N5<1f0_c0p8d*1&Xf$W8PxHIfCH2ikj759`h{0v4Kl1eTF
z#WdhcN>rZ<z+{I6kv$+0Va2jfphEg5Z9_YF+&d2N#@$fPOt-!WDu1GU5?c$8#fiOl
zf;{u5yFrF4uPC1=t0UL@PYE=1u2k)P`l#`x&)4_cG#Vh$4_IZ={o%YxACONSFdT#m
z9(N~9@d9G|z_Wj66GqYd%n%m6dq#bR9|0wQ(wPTbLqKdpgP;L_1o}S{g&`gM2Xm=-
zLA5VN;^VF$UY;?mPrVWOdyW~JI+K%63;_I%(Tk3?YsM${ig#!)#JlgmY0-C75a|!}
zx&vV`N3EAibIQZ9Z;)*+@kPVodjsDXdRR!VFm8_g6G=a%1U4$41E0a~tU=s+z2F(G
zd*P#Mx7*R5)a3=f1nhmKGD3&*-!krO{;CQg!}$`RJ%5)e@%>{DVW}19+d=U1JxZQ$
zEK}HGBAJwiOjwc3C^Ru(q75d)nTdV>oB5FYNVHl!zHrC{4|c}wz|+gq$V{(v;D;dl
z!*xPFK#Az}e?r)Y;O)sarT8Za{{I9T^miZglkKF4|2e*3ygqeBe+Zt>_8wzDT$f9K
z=4j3KmV&?g%mtL!f^QK`|D%)!qzjA}vDx(H)2Xq5mweFENiu&B++!bA#+T}YqM}o0
zAqG5HQAB9=!M84;r9OyQ@BAC^+nx!P0bebM*VO)}w8}s`-KyL{)ZIAu<+2Ksr%X5>
z9oMBa+$<-A_C_#vA?Q5g81IHk1TpHnkbb6uefp!nJf#HydZQV$_>g2~O{|IekgCPQ
z^I`v^E)Oh}(w`7-Fr7)sYF2;-&Y=Z57C_`X`J4FNHy?;!FZ&}Sxgt_M3Gc{ngge{G
zQNlx0bsX`Z#5dQ&GtDRHk53oUeIuWJAK>wPc!!0RdL*5FAN=MY6Ce2T-klbCjVfGk
z!mE;HYJftbN8wdH<x*zp_KV>Q!7{blLg`iPN6f^)SZN&$slQ^`uOx>*%rWp6%HLFQ
zI!G<#mVPXWP@}H^!0$d3M&6?0pSWeYe$0_8tpWlMoQ*$o(+<GiSVSI;Xh)L{L<Nl!
zQJ<R*@b8dl1CR3zDd@;^lYGG+M8MAiOQ|gKU=hAe%jJZBl#|ekP~BjwL#!*q`$DJm
zaV>x?_I-FJLG8Tz$Y8L4sGEZb<8RY`#6j+VQm}q-m^VIX&C#j;?&>`gQliH9W~VBk
znfHD$w-upMj*{Jhez5Y!2a3?01fs%+6NoUs30i}pa0U=@ia;~~cpE;|SA*=qwLdsl
zbIHZMgu|mh$<0B{BhN|kx1|*O0PPk=J(!}b9s=HOB3?fXmsi_^2gYIW(lpA<uLFRm
z<HLF9&dUz`W`2fB$zLmF$SiG`6WP^8(8hCOSObQ~8?G+^-~P)zIuzGga;7JpA?z_Z
zN{bRP&gCcXojtG1Il;kF^GJ14yxuZ-tD@-7cQluC^@Al;N+17p!X20ZHUHo@m^zuU
z9JvIxw6Fc~oAIU5FFNKEEKWY{-F=jFTFgg}kXp>*HC^ECca~RV+%N(kg2tnS@l?HG
zpkEx^Q!xXE$yB(Ma{kELcknAukUL|9@eFBXT3ZwEiTsd)pvX7urc(WOJe@lj^HHji
zL~csCnmx+^sx)#re{dZawuXbrkwk`gDo4>&5aSd26S{pdh-WN1_iO*1Tzo#L4eG_2
z?rwkis}Tw`9=*ko#Yi+aB!@rTSu&;;8I8Z_M>+^z_4h;@LdNa+NVJgz2?*kDXE^~@
ziyU=}450WyL}t;a7Z0vAnwut!>ZdAQFY$npl%J+e(Gfva5S5N(@NaKMvWmpupZN&|
zbrSa&;qJ+ToP3y}>F*PYNA`}0YH8eh7&mk|aoqavZs<w*|C{pVn;OAvdVcMSE+>Io
z&+}#fI{lyhzm-R?T>o?ZADxl37wm{A{=bPBvyzOLLbz=B|GT<2<d^G=u)IeuARXy_
zU~g8K5&eC@{DgGL>HidrSz-CG50l>~q}1Y{toX0tR0aR@><RfWVJQTxct4=}K)(;1
z%?e*=JfPZ%eAaz`KuyXAtc;(KYQ}w-AV0l?e_enP`D@iYlcgk8Wk#iVT;*JKdM<jd
zAg&RO1BhjS>@60Z$^nBAtaqV^3fPO7q=|eh76TVu4!NFkHx@%AHdTQ7fI3}I*)zq1
zIH!DZf$lAaam=2@NwwlFLQ}ccLXs7BZBXKBm9_HsAhBNtw|w@+-X&uB>a@GQ3kaMS
z*zTr92&D*EvEZ?i*or{~awehv_6UR*hsr!7Q3z>&p)(9aQEP(EvQ)nc2hX(E<6$di
zm@2cu{cxYcS>UyZbfhy*70FhMMzCt!BOc_B_tLs$Cd#hJrdQ{$W$@3#3+^sETCMtJ
zbSu>KlD|j06DRsor7}VH0rh;H=e3k~<OR>ERBWnKk0huzsaEl<eaog#yeMF&eBTxJ
z=NNiHz@p3}QspwaV2#e7j08&&pEk?A2m)IXn?4IyW!D}&Gzo(KBp+5a|8OABNmhB?
zUPMq0-rJIrhzj*#f?$S2GGGuj8R91law81q*O;{yLKWBmvp7zm&cYJty-J|Qs9tFg
zOFS16S<G95&+g#tP$V#gW(9_|2PNW~g+GH~1>Q8g3SN%8$@fs87jEc=T7bJ5d?MM3
z(tWa&f0vNg@^beF*{)#(cWI&Kg`Li*P-mZ9Z?;@9(pDM);h0VtU41|xl;B9Fhxq%1
znJ=s(Sc#(hxLKKY4#eObygTAH^jQBWKe>4G*uF37He`n37A$?}SrUzMu0ZJPfy@jI
zKlwd%Su%}EvHij4?@t<QCE%zUsP%cX4(KpLLnxZ-OXywrdH}ybqhfK#L!Sik;RAXC
z+dkZeE*dL>OOc`cgjA+h3TEd;dU<-GEJ8~eoiCHm5w%c-8ao({$3F&$2@R7T$BB=l
zKBJO-t$qBGl&6I7tOlZ6@rFs3A-7GWSojtL^7`PebC2u=^Qw@~*%dwz4oOu{!n*A}
zW)c6`7D*C-{BuBg;((GY14ExA=AV-rzOU-n0RP`=!nb|5GsLW<??3LJ2|)@Y%B6jb
z{s~4wd_cqr(cV7B2gC{K|DAlX-hXgBe;$1j#(Tpa-RIu)fz67t5=QW{iaenEVs*=K
z%qZNTKTuDKDD@LPU`<Fn&UHP9JWGtI0s6C^fw$-6;s!9TvlchA&kN7rS7f_k?q}^-
zVY|OHJ63)n1|h^2)!}|3H=+r#;r@$X;$49PVX_zS%BJAzrmQ4;p8u}FLYGj_&f(RK
zrt_}8V#h$Hvg=q<^3bxLoZs7+y|8Bs?X0lbh@_&&e|_DUCnS&m61g!aV^|JUy9vh|
z88#$=0?{-uLlDFe$wjouH!5?ZEs%sHBUt|_MvzBrq7|aOk)wzb1>%LL2c(DaAhJQT
zL9!vTNo#+4Ar<KM8Nbh?rRDiUn!@jK{Sy?^)q#VSfRJF9Ads+pAkuaHK+S!b?a}2P
z47yT-P>EgtVTUc@@Zjs5`#x)D?+~y8GfOl%ETr>^jWpzfwa2qiTXR(4Ol-=g*$Y)q
zRJk1^74R=8c!xZZOqHCyzyWe~C8w!^{9*QO!Pc<*c(%oBCAMjeTma2K;>QI6Ou;ZB
z)=-T*o+*^6qy1ap%Hy7PvM5T=u%@>l4Y^{iq1?ltIPt6y9%N^fJ&1pj5#wn0Xv?O#
z+}CfQrgx?Y{`%?h`uD4iR=-fRW-JO6Qzi)niC3%Khc`7V(Sr{oKttfzbPt2K!&%UZ
z=ldst4S<xV$5SdUc%PnW4JFP8fF+vj|Jc4J-DJe24Ecf(aklat>~PjGEwmVewqAU$
zd!*3ZJzwEOBYJ@5)t8+u6Cj>l9?;3p0Vd7g2>#@G1XP^w_MNN{&khxGALmpPzb;PA
zEOF@8QkUk7LLb*W-_K6z);iJ5?Kw;>Z-1(=EodxxvTY(6;HP%Kc3(8N65P}5Yt$Bw
z0+vrv_hl$z@7R~(IMt|~bSpmHWq<>fjo31La5WIKHTwv&fA$qC)_W!#`FRvCm|q)c
zZeAflZk=zO-qY^O=WKOW+aIIt{rsmQB58+hEOzYQcQ7R$V3REk#=$@Ab3NDX`>~WY
z1@ElhzI1@QJLRDmDUo3s89^jzB$4rx0PST-A=?UEj;~ZA$I=&a))%Q!e!w)5efc{@
zNlU8dRF$d5aaFqPea|i)PWodcesy!UYXo8dviA0p7i3+#E4=ci7oqaDmm~Hh&Jy>W
zZ7Z#>Pl{v-q^U>ca3YzdnWI;I^mZbMZZ7&dpkd)VHBO5ZqfJCc?vl+GcS#j1F?N(5
zEF-TeTlHHkJp<#5axE7z?znC^Qzn|6<~e1mOJ8>?eII11ZXcT*<c`WXR~2`Zg`3f~
zvqko4k#@QL_iP+H-8j94%3pH@kJ<Ku4zp35W0xharriyLZs61X(bh)QxsAVe<iD3h
z?JX@K;(XE@Hc9-emJL2_SXp3Oy_Ak7LjlXVB!S5~BLUAk-9qG9_XBgP@sYPL@Bw=9
z;dI13zNFyHca^E~DJ)Ak498sU2gq&GpxeBAJlUwowLVHF8_p{voVP9eDIOqIomy^-
zV5Nx8GpVrBcCe5cLdo}eLo6kAvOt!&PeWRI7(q^)_Rt}?)%KY5@he|*S4U`y`#&-D
zDQtRz$#sy6-}_OHi8iXc5snFBRSG!!`J{ACI2Tx#0jr9wBa8*1>-v*W+9s2rS1v}O
z)qN1afH@Q@MLs}c)^x#QKeI8xu}aew<0th9lS83<U1yp>k(RqWUP&VMUjmB({z}<A
z5*&Wgg)ev{T%}Q+DZ>*wdu8N%Hu{6$(;m;4B0bl?kd)G02j9a?ln@Inn}zn+z^;JW
zV5q;c0?bHQc2tzmZrVzFufN*TTg{Ye=CI>Ngd>#-cD^c_IZB&mxaJ53;L^^?Z}T4F
zyC(4bY&%&E|8+CZH~D0soWq?Ki5WJYGq49${bcZc!Y3AJpsAS2@K0udv+X`02eT5G
znWGlaDqsb6{c8%c=2yv}OyPnnJnNLJWLDAJ<0J!1M&)4R7{d{t^H|%GE0C0R(A6MI
z)sT}rl4I=r=yI=$ZL=|=txI?MZUfsYCF%&rc`AKfT(dqe9P>DN+%l$Z#(R}LfCq^u
z4rrH(-j|u$9ni`M3wEtN1g6C(JqX>AcHN|F%X`IN+GWQT!L9z!9zAWrIW;N34qXjx
zo~d+@s$<bpbTA`(&jH(tS2|&7Q709#2MXKqG4g4lJvAyK?K9udI0KfkK_8N_c>}7d
zZUf_bw%Zq1L*^(iPNVqGn;(LE^C60Hwgq%uy&OVYH^Wq^vPC+qAN(1Pgu=4!wuMHE
zR~n0s!-=e@y!6B!Rb@k`Oa9MOdN4N+Y;f;RSsRkI>B?XO?D*5`ibn&r!;GirxrJZ@
z_khk00zaDyv3nusu!8FnZ>43AZ6=NS7qX`9<wXcVEKeI+F-xI8aV8lrbu4NcHbOAR
z9(ChjzwmCg)1a@ACbv~`Ph9?<{dU)gc?n^W_Ny3=!qXq*FnA9*?t}p^?eqXQJX?eO
zRs2=Md9fzA2O9{i8Stlja2-pl9XsKJ(Y6tS)OHj?J#Jrdhj7ZEusqVxo1E`aIO{Yh
z{UEW~LTzY1k7g;2Ip@1Js<dS{x=U%gHJI<g(0wW``_n;IsG3o`<1Tr7Rtjt>syPoR
zH;4+rHy96CHSh$#uY#(Z8S8JJ_q#4@I;!k(NipuZs<dTjx%&*TSo&s^GG=S|uvoEi
zWML$(S8S19!0C={_tl3UCdInve0@pNaS~=Da>aZSQe6k}{WLl0xpA#&$#jRN4;j?%
z5Y$}t<ej;w3xCqGB%$R505^brmvks-Hk`0V)N75zccZ#XYq@OVn$;MsfCy<GGMeQw
zUyK}d=&XjQV!83T)oP8=t=@wmZvE(JdDm?HReKq)0VQCHEIpjwo8aI3ap|zXl-)z5
z5#tVrb`{)P?C`fEa|`pF*7!k|ruq$hS{L<&z-h4ElJRWU1enk9sbFTKlt_!m;H?T?
z>BDY%f6v4>4%}p00-8s?rO<faft?C8n%ZB`6}c)Zv5`%DLoavsQNo`fVG>N)V~hp8
zw9uWS_m(&e@m+B@P3qEsQd@Y>i?&x=j0M+yiZ8?5E1qoE6WxcdL%AAfj#}KONbNhV
z3~rw6w9k=0^Q24+?yl#)X*)hK)1Oy8{gYK_hyh;D7Oi4^_>En*K-C*2*~mSTsvoV*
zfx=UuTjbfqlg!3%v*!=i@7{;MXWD0iXbODA)l3;~bLW!R$9ziZ3U6{})mJM($DGYA
zy01(t1VRR@oX9N>5t9MyI~ygOlU&W8iBb;pZ?)DBT#cU<L-vhtwRRU=aR8P5`j_`{
z6~*<jHHyBy0s#b_$RS5Uu&c-}70h~MNR$<+fWg^%=T;2|$OWWz6sQQxe_S{_-+dgU
zA-j&i9Lkf|VxO4phU{q|WmJwz2%596vX_XOvxB#JT+}C>*F(3?t8H4Mx;;5*9MX1A
zyw?Rb!slD;0*>vu2kj@J*O_*V&06@Kgm4`g0@5y3Kl9F71W{gdTWgVvY-?84K=ThM
zQ0(8iFHdLdiAR<;8mvTxJuli#>n#Tj(MIgj)}kOnRl-(DtXPn-T5FrNpvF$FDU?@p
zOlx6MQS=3sF$W*rd<>EUVb87ysv{JBVPO}v2##;9_;d>{_jG&KclT}0b;{$ri&(QX
z*qORB6l8w%K$u=ALXe__pnJ|WA|N%Vtsw{ITN68b`h;#$P&aF>XZM8%V#7+UpI>az
z!lGRCqN0MUHAk&p#ypbkctj>Q!^BF|e<essEh++UJ!1Tn8SS}OJi*0C*m2%+XzhSn
zzF~pzua&6s6ge@bo%21YZM3X&ed?Xd{%GkmH*<aRJ~RH>RgTxKq>xQ3N?^xb#=_7W
ziT*5&D)yvJx$qO^jTgte%L-OUA&&-+Hrj%X7ioDt!~Rrtd1G}(#SB63-aArnLT?4v
zns1_SF2?2Wb?-lSJl@z~;WzArcXxv9?SBrh>Mb7Z1V=uq#ePeV*^FH<7IUMv7v3L%
zqi)UhG>4sEEA6ZZ&bUk?^6Jl`g;gdb3a!K0p`Z5;om!ve?0Byz<VoN5-&DcbSm^no
zwf<-!O;zR1Y6mU1FdzHJSmw=Oe9*YvJFRdlt%NGJy1!|q!*^!(KyJnb1^W;KrMfNe
zkQl;Xo>=oXhii2Ak;+bun1bjjl2U$|1$H8E4QUwdppm%KZ`2_)c2-FX!6C;CP$#Q*
z!UJ^-qfZfE#N<JAt2AGUxMVv{v_G4%<f)=}njYY9OO#ZH(D#SXer72%4!U*LoqnZi
z^Nfd3-7b?zO|)C{FdhESsUPB6J!zcgc{=iIbC4Ozca(|U{vXMg$`7p)w`!VZ9x$-9
zQXKsz|Iocr`nw}wn>2@m;ubrIxqT6;f2_h;P=DY!tkh#w4|v1E`Sk0e5fwK6bdv9!
zcjg~s2$D8~)7o`hK;gaW_YQRLs$skQNpn8F5X*<%M;o986=(Ovk6FM7F=dM#OnDYO
zWp32-7|(%x6T!jJu_rDZ(4VyCY^CUyf||3W$aC+P*_1S;5D*_ep<^ZUpV*1YGUHDF
z3*8y&w!vde2gQ!NYNy}pGP)5#(^h*pc)6)@O4q2`V`>$wZD#|fQoH-Bf;95=i^4y>
zdVbe|^2ZeGv@CC<l*g9&3%i*u*R?@t;`0ZnYdlUt&IF#q{8Ax($EF8+Xt&4jzs02-
z<75{If(3OGI3Azi5}Id*5cFVuHWIM*Ye>*ru1?{l=VIQxJ)|0<VSU0xkT1_ynXbN*
zT;azY(0c+ea3%NabHo!M_J8M4CQ$5`=iL6Ft4hb*^WV?N8CCAR^_^b*5$fDwMXyS%
z0Xudt$gvl4t2%98H1%uHm2u9xYmEbU^=H>sBN*S6_jHT~NzY0nmJJ*8(?;0qW{yw3
z8N_V^dQ6`eHhOTM4<-c;`DiAQGeY@RQ-s#YjipqO3bbt*@F?IYlAd@0ORR-kc#c%V
zON_+4N-W<K)0$cPoH95Jaw~Bpk8N3xWR(ibr;@@agx%5MpYcd3Q%dj_%q)|-cdO*1
zq`T&DQR|DEAmL)V81mVe?f_@SbJy8oVVoB*pe!ZCyA~fyO?|&AU?>Z#<&hD34C&C2
z|6%(8D1m}NUrXwSvk^FAB6=S4uWhW3>=*36_n<|7#wmoK*FO%@$-JMW6eWOpXpbZj
zSr{JP!xUDu)4#KD!@8tJ)q)#h<tYs@JbdB?D!>s4mJs_!up@;Q77{8SXcNv=u%x<a
zb|W8yj~WodyGkXw7kd*VcO#zkt9qh;rQH=1fAgRb?Y`PEg|li7#vSU$^|+bkGfiaO
z?WVoLq3%u-?G6gtOrXyKPDx{*$40-gt~*WnAYZK{KT+=>Nmj7EuNTrzcsokEAI1up
zO!-I?;o@{L{P!Hj7}}_tUD0--M$tvBtAuIeOPZ8(qa;(F3=?zyz1(Wf!xWXgD#N`3
zmPBw+w{R0H&t_6h{lV~drDS^WS*^#em*HK}L(}<A^@Q^qv!rQD)p;y=RS%rW)w^<#
zI{WV_YE7O;9}w=Cd4{nA%Ie#<MJj$+F=zTIUZNj!#k|rdYr7kSx|QQaa6rg>EQ45A
z#$=RVZrJzP!{Ry}3R6k>`Udb9#SylA2JQE5Wg=RK0=V>Zi+n60vhK)JQTYf41lhvq
z*C#E!EU>93_V^W2Rcf%=_dVtYjrY1`Dy1G<NDf-q{Ejb2?%v1Q%287n`tUYr$Zk1E
zI;Lv~tOpCL26OS;6^(8rTKcqQ_nk{&ukPqtvewGnJF=*kbI6?yVAA^S`GRg!NSERQ
zW$WkkaKtc-cl8~RHFGm;o9UGlZj2ozC$SwB;xul<2JZQ49Z5AqGx(b}%a1c&o4i_b
zc}P|&p;tk2l(z1;24OQzR}JGB9YvX*yy9BwLF4C@a|W)^euo{IHU7>59bzg-1{%NX
z2*fry@g5{H^xkxrYi8UxnU-^A3L@JcLsQ*7^<l+5-5F{I`mqgq&b4XfSlqMWuut~&
zOaDsrF1b@roT}*`4|EA_ax$TuHfB-o7QOk*A9pZ^ssW*E7<Q5T63%UT^o-6rNT%ks
z+HeL!Uu~CN+O&<1I|!NQxjSUqRC_lkL+u`zehTT=F1ICtAzv*xsUk65Avud)yIF;|
zo^@Y!DJzq@;f7^CykG6r$qJt^BiaEwH&RSQdxs4$Th5-^&j)_KzK2P^i>B}sEs=US
zB400*cA88rle$*^6`#FU1pKW=zFx|8LHrPX$8Y5ns1UyPfK==pyzzghS^>s?MEY2<
z>S*l4gckRnZ6W{K6eJKTFmk&_jXVD;!UlHTAv=Ic{Lk+j>vDhluw+fJr&0(Ff8s{c
zZX<E|Rb#<S!fp<NlDm1Q)n5)`udCG?d+B^HKIJ8qiyXuhkK}gTzpgWPFill%ETOms
z(x+w4+bG*7WuDvjN}l$YmIHG1in$D1SJr2mA&!+}9hklu#1&TuH{B=>p1P##<Zf1v
zbbM9bj=5sZ&4ilAD4w4Fq)zQu3Ox?Qrk*lJF4AqCT`bjRR-PJ0mcz=P4o0y*)jY+G
zf14Wls{=hRuC|t1%gvfP+iOD_(t2FRR9`Djj8tB23wwD$h(jV5EZBh0a~|wBJ@5~U
zyxM#-Kr3Ie-11Y8gL?22=ltwSY3zqP+;KQRad;Nxj4*qBEaj&6wxoe#>#8T)<1!(r
zQ+Bv*b*^-I^Q`45qp+gatYCfKs&u=#H=*u;-17H}l302#TPytdhJ_Hd>JertIT3>y
z?;TiY*x@LF2UBP4zedysx^D>zX58`a_Bd}mI@3oDN{O(m*A3fLs4}+Sj3~+*Y**#J
zDOjeg{^+>CZ7_<DhN3-~4Vehh`e7+1F2+%=q)h#gP)pU7a^s32&y(hq1fn%z+vRG9
zvbwjR82t2)7r_{XG$&q_U5a;*P%xw-xTChA-X;tFCLcBu{!PqZ`s2q`k}#X|ff0Vr
zZ<<`z-xI+|12djkSP$(oN8}~HXW35WVKGha()}%Q)dr$jw=H`9f<j)H?m0)_5})u(
z7nt2ynahm`%sYzT=eY4}ADB+{qK#f#9@gbWUSl5&s2K$*1jo9_1)1Li@Z&%9UtKMK
zyfU2DX0+b;O&HAKpN3DY&+(oL+&i3do&s14=X!s9{=G>0P<S<(csfyYn*d++UiCf#
zj0h!Hvxf8Fr%mb~aJdj>SX{}}1iTPF5owM2%5UEo3+);nRA|#_O?Llv*{Ia#$n0x&
zA>hiMchTfZa&@A3<Gn)u`TsF@7EEyj-5L(=?(XisxI^&Z?k>Rzwm@)qf;+*2LkRA+
zxP;(gaR|<$i(bC_-5+slYI=IQYR>f3bXD6q&zlmIM7E=_I=vyfA^j_}S9n11y#aw6
z8$5{G(Oigxrl*_r-n||p&$bUb{Ff$Qa=HfY77m+MKHTfO<|MkebrAeASKqrjHHOeb
z!%sya(R;})7ZYB4v(1Y8@2WFjv|Q7%T7>q&X(1|uli<u`<(>VD@#K$7zu#(D{Xf3W
zLh#bOp%KqSY3Pq)DfEi3qR`s!AA=2p)wF2eu%IDIznDGo$LNg-LV~t<#;Ncm)E^9#
z!C818C8;%dkJd-ODO#6&1u+SSbsi)YH~fGul>d+!U|&JdnC{*pqScidN^v&<u;kb0
zz7rdXBH{;aEzR2Xi1f1<&=-Xxw>eskZw6x;^#RlgD2gY|zjOww(gumm2YFtF2Dyv4
zi?9h5Zj5L{KPPXcS49LR2PJc#KAk=_o-ses(OQO#z9xV!m2{F`IG&74`-KK5EhKHY
z(f~ljZ)24jyQ`ATA@nE@8;-P3M0Z@5C&e0>j7r2PEsy5mwzx^(xALs3)9{s0{SDGs
zl^7f!z8@hf)zfE*g}FuAew?7UrN;xq1gdJ$_=nnT8}qC_OpW5Xzlx<t_$JZv6w;XO
zlI;5L{=7=Nio5!8)#)+c?$XVMz1!T6(w##8-O2`eRi@BGlNmoQlD9;w3g<YoPA0t=
z_h%Tj0YV!!s-<NmH~lH0LgWi^bOhaCJ2#Cgs(mDjr9yU3U-mB)ufZ^PSpy@Ew#Y!n
zrSI(x^x0`@juon)gJ)Am!F{Q9;BQ9lSoe$HR;)t0IZiN+j@;Fe4C$0>xoS@7fA@Hx
zYB;|?+~io33MOXX<zn{V@?jx28HV?^^kQBpvErjBMbk0}+t8(^0+~G_{>-RasQWNl
zhzv;?vWBuhK!m`~XWML_qrj}#y_)Z_wG14e(kwRTQ*Pz37;;u(D8TJETV0tFz)~@}
z1q+FQc$as#E&m80k}@JxLii&k!-cee0(oefyu?=s0Lqf#0^wuUNHI_2a}Pc&+1m*j
z3Qn6!1E-5Ya58`pCgvi#kSHxF*VMkj4lvDIyqKC^vDi>!LOwo^2lxHAo$Fomhz>Un
zmZ8J3$sF_p9*EdA;2PkM1HP{fTWy2^AGy%}nOY_x@Q>BxbAs?nsF+2&`SuPXCrBOV
zs8^(SPXLIS94!KJs2w9Z_+)+!ok9_ztk;ZuQoW<-JhFQy4`1xjroJ=9q~%yJek9`?
ze-3lVZkcL`&4dyin7>D=V(`g}xIdFx5`q}QXf;w5MXvsd#qT(dFfK%D?5*OL$7xyV
zXRuAg!hz{McdmUoBbDcsI|)9=2`<2a&jdWl#)5f#GPx6ERi#vA@*}h3MpW7DXbwOp
zQ7A*-w`(mYxUI7Vrbr0Uh0s-^*1z5-)M~;o3}m~g^4XDkB|t~jMsck>nkEdKUASHO
z1j+s=^vt{bBokNY<FO*=#w1fr2uwsOP9RApO(xSI)gYTC;UeZD<sv&wTuu;5Y)kM>
zV3X;iCfJE+m5EE?v_a{R3H?N$flBb{N2ExJ<_c!H{2Vgk04)Ha0Xu@1`4snV?v0vN
zds4&#=Q%(I?UBs|`X<<G9-0<Y2INSB_y8uBcbPRtHD9TdAo%3_)qsiL?ip_VnuSSa
zVsMJkGQb3%M~3}2a|pSjzhDxC$vxw6iy0hK_N>H<z<@ROs0~=U_NXP=GI$e9x|Jb6
z(bzQzK^%K*;a)P-O4xl8CI_2aP+Ia@Z2V3&jiL+WOFH!gO78fRPZI!g&HLv~V#}cN
z#M3>OWS2Y=4;XW8^k#$eCgEirnNY@SwFmJz9@FRx#qO}O4oXEYI6j2k_N$PVdjSj0
zg5}OYySs$pB9^8MW}eJX*2twi4lE^l;+fPlMWdxx20!rZE}+)L2j<osx+?7Z262?u
zbpoTiO_^F&bpkplq$fO1!e&2~s+yvP7${{i7$|ocmYk<dPyPnF%W0i?od*>@iJe`G
zUvv?H%>vIZ?1N5>!K2t}c@=68Mho5F{bf8B2ERuRcGGL5MZX1}?GcO%@N39Ao<<|*
zZqY)z$Ym%kSxcnq_;3!e5Ac-R)q!)O!r8`Oj=A7O4rMBPpaU$M{{~2G&wRs9x+4cl
zo8u!UORmuy7~bJXkgNfb&5i-9i?FT1=FRo3qMrD$yXHLUE)BBdOJ(Uwu7B@FM&}qB
zgpRJu;e$4%xZ#JxRDv8MZc?ZqE1%l9M7{rXi5dJeC8&k$Zy*NGpqbw5AvpuJFG9oS
zIEq-<1DwNs`X9FtFDka|z~l(*USQz08(h#|(v1T)6xUt0MmmEFwjLpa*>&QLe}5@9
zcD=wT7n>Gd8?Ln7NMT4puj`kTn3Nq<@Ps3R{>I^BJxpPhh{HKs!U|GxpKblP;MXtE
z3I^gg>$mp1=J2`)k^P2RH=PGIpQNd=*SC9cy2qLEWQ_W;mEU)`niP8V9?CFm?>;%M
z&ZRWD_%WAD!cJOuO)5kzoJaQmSTS26rcg#2jTp_ejcmT?AO19B3c}d`8_H5reV<5D
z64qRr@{e;x#%m%@_WELQ@Y6WORxlU|n0mRzYY#F#K!YN||GnlwV|vny&@LfDl|M&Q
zk)51im1R4JT{l)Uz@yaFBQOe*ysSgB&-fFubW_6lvmOf=LT9N0z=Paf!kf$bd9Fsy
zDg11s0(K2TQ-q>_ZJ_m5TzZ?Uv|nP9t;?)mNCj1Gb6&PY4`wzOl$iEfZ+Eo+iX=i`
zEYuh&{G@H@RkhDaj!wZUiYxMkC@FdkcUzRg3_tlSwh2JV_GGmIZCoS@7a80f1}q#h
z#a@#ZWjzp^q9Q$x{t_iualx}v5*WcZdI~jSK!jgnJ0Uu8(q_hZLWBlduvsdeN^KOu
zC3=_NUj~8yTzZ0UFImBL?mivF_4_a7KzBd!WiRkV`cU44_K>k~Z)P&;#TLM@5XY5$
z7X9Ktycj6s$2IolCg-^a==mTeCXsa*jg_T=)#lkZi8jRK$3DTa%||Y}%E&DQECEWl
zw*WQUYfMn@GXjT}C*Zcp_M2k*cjLul#?nR`fx>6$$H98Nad%Wc`IGOwqtC<rg6?iX
zHV)7Vko%_Z<K0?>@Nvudr~8a|@5;|RJxxGo8~C+fbi5)GvvY?l8eYjkId@_=bv(RL
zClkKEDGM9E-aAu*MJ+V%Y&RPkseT9U1oD`}K&Wo&z?AX6I1~4XY$V-dqxXLR6Ik#k
z#6f}d7dgk9+3ot9O^QFBY{>Vc9jU$xk8UbHS^7IS=D_sr2c3Tn>&=#Dmc$t!yj8Wa
zf<}JiJZ1^b@KvbD@RhgAxR;BYXpncQIuw`+L}@TKQtU3AaFdIBk+Go}qwS-y8taT{
zfD_;xYy)AA3BUV;s~wXL05vyu4tIGj>s$Z0ncj|M`8|yzj;Xy}#-tx^NYd_{1Qy;p
z_COUCWnOtw%Qsv@^u8}h@@Pd8&%BgKJb2Lwyt1T<i1{`=l>M5Nlug{d66h6?R{YHO
zxW+|!e;d8)PF{3ZuMu1MN_*>scD5sNTN0A5n(&RBYL|zXhcS)wv=I|r#&by&%@O*y
zX(+U(Ne}T*Pz(%m#vE2JPO{2;(^(`2kc;BYn#0yLp}qb9Ne}Z(h{7^i6@XZnE1<p#
zoKI|Y(^vV_?u<*3*`rUAhZy81oWlWr$(Y`w^$49-LeEHaLU7_L5&f+UQT>Swvf+bi
z+tNd6I0Gdr3Uo}`y9|Z<8>-WJDc8eZ_`k~6wgLyXRYu*r_rBcjf4LGnT{|O2ANC>^
zxVJFQPexE=AKw8o0RqN{AFk&rU$^W@xoYu_joqixOcp&hiKBCwHbdWG$+=H|VSG%U
z4t;{QOxTlN{Y}Lb$*6_U>{#0ET}M0gtzJij^~ElfK~3#-ewjXtJRQ!T=O3@R5?tDy
zO;_pic7-#+B&!Ga^2fr2Be%~bAoV-vw*?U8gSHrEBW8mzMAF2WR`J;<bvH#wP8}+w
zIKzXxoEKvJy}&x6Pr?)DwS&oXzg{eA%Pr{!b}t#dRyN64vDC;USuuUbIb}KG&4hmh
zOsRHa96}z>sqh=enNxA>u|clorDvXeGjM0?6+(h`lKgnuM>1VAr%*X4IFcOq-2vvY
z`dFX1tRgPsC_nD!(R1951Ik!wT+{qQ+-X%8Ez@xWC|<$uZHN+d73&!mS3Pe_fG|%$
zp3J5?{|C@AXJ){|)LCH_>}@Kq<V}~XFYoBB5-HkQFpENvdc;Xt8D~4sxYS^P^SRo9
zLR_bbF(AQ9D(UTN#iWUIO|OY3fRsA0d$!R{-zB#2(4%36@~p}s#>`5xW`*EP0lmz>
z)*;Spq$l&pX9a-YGt$((W1w2=5RXw0pirp?P^r`%#U%b{$Dgb^O0v~6NmSdqs%xjr
zO8|_%^bt%RI!h&}*@qybClMf~S!YT)xwu;BxJVbheZri9DpJ$^Voo7RhsCopTdd&`
z;ua=E-W#*ZmNa4t{nxY~I=J%VD}&zO!<s8EDPS_KFt?E2q(~@2)2#`U145!lYm++m
z>nmACUkSL_8%^KsjZ*5E0O*;U&zbzKWuIJFqtJ+b0-;%{P*%*GGd18FZ6)8H)+)ze
zow(C1ItZ_SWVewSUBkQYn(^M5XLxr_yPj*BaU2#Xde7Q3&qZfa<URD>OkGnY8mM%h
z*)XxZZ>&BqypnUO>XYPY2jDBf%TF(W&itE^F(l*qZs{@O!|BeMmY%Vbk#A=I^~TD9
zrY%MQO4*mZ*$;+B3#7QsKK4N<7L}c?1-~I(QFsG-!-EOI(vr~^#noZPm#A1M60D97
zq>tRaQ4(PdB}HS)bKXFVAbfM#zOV1=0+#|eJny&U=CXWO0yii?jOoGUIgba@Ts7zO
zc5Z2hG6;Te)WMeX5j_y&h4wv*dVvyx-%H=E!9WF;>q~GeH6IX~cYI(Jp#aOh!Mqp!
zAgLqaz~9O{;(K5;ig7FDyHfj!43@Ls&Z|NJ%S}HpI?V%Bu0Ib{7*-pyh{d~=dR?jA
zIKLafGM7F4t^C${nQvEQSJa68ZY#;H6x=T~KVp^mpb<t9;@GIO!FG;EZ?vokU%A5Y
zs_Fjw@vOXQ5m_a2V!ijcm{N2GzzGncFioOlT_zWD*uq%&<k-$HLz=jg0o3|v#Hy=R
zo#ymi#4-G*;Tq!~6;aL6kA@3!Ec&@&yl^J;t1<EAk!b~JPl;d1q0@eU+@f}0PI-)S
z%f`k7SM=pb-^d}9cLZ=iTWtRczCGFJ>1P;7QskcODV6LNmF!gkkodMHK`ge1CI@KA
z0mXY7aEF9Z>}j0Buncll12HL6P_g`C4&Jz-93fa#N?xym{=~D7L)o{Q4~VbG)6ce+
z{09KjbXBisW;-Fc>qmsCBjRbRL{mR>zDK~cgA{0S*g>J?@>^iO9mcekpq+=9od;~M
zqhvL-)vkeCbB=zWQB5g3nf*#yQSXhGBV7-`DB`&*PkNGFno05!|8q@quaQOGXqWj5
zzRF2eg?Xx=vN1VY^-49M<Ky}}Qd8!NRsfK>Y5Lu?v2jteI+L~hqgoQFV&bBViLY-e
zrm!GD@c!H9+M3LO*3(mSF;VeA@<8(GtDWv0KvgE)OMK<3huACUtn?TQ>-vApGl>RJ
z99CUEt#!2XG0>TE?V#Xy9J-z)(Vfc}0C1@c$85{}k^uF9dcWh?zzfd8-NnAVpb<vL
zC*?FPMB-{|tvs6yt;Y#R7L5Jpv(y-(YFXv1(NQ$J=d_H!4c>V5%EHY4I`uWTZ8oWX
zPUgujNy`3>I_|!y=?v-b(l4n8Ua5*o49cl|^pbxvl*>IUbaE{!8$fvESq#4BS1PG~
znhM}~bv~I_j>93}_`QFgG*8(s+o>ss%^@JPk46!jc9UtR^6}kAHCD0W`}lVM+7I(9
zDK_14%0fu!{&FBWoT+}ln)FdkwN47~7fyT^h?PI9$#fpiI)em2?#m&JN^EWn=JjlK
znZ6(WZ#In}>8uN%GkhllDTManAeJ59jHX`AnTn*i&iJjz$aNtk3ytGMd+N<2HH6|}
z70r5nUuwulJc(NSq91{Y$Ic(Qvh++7f#Kg{A+(iS**pAzXpv}9MS!B{m<0zB+eprS
zKIr66&Pl$EZB$E)UX6xflX_kYv0IstFp<cQ{4Zwd>dmUT684~uMZ<r!o-Xc7RVT^%
z7Vpg4e{|-2gW!dubHs7_ePJOL$C=MF0f*|<!yVBFS#~P*K7yiHBFS?gTNQ-G3Jk5h
z>-KAW$D*<Y&V4}McIbx66v2rmP4c#;ry0FTCaMF*vT$Iv#7_6W1(9`ACC-30wvlfK
z%I|@(w!aMmO@&V{>cy6I^g}22a)%_;>EeZbr?dFR*C8eh>P0mfaqIh86`m!5IQmJ>
zB)9$a)0LuZ-*K0n?zDHbmPwaImKBx>4~dt*jM?gk?|nI=4Y~0Go2b<j2H3OsJ48Gk
zcI>R|{_|16C&3JGU3mVf9fArnKkhbi!<7#WXh@|U!8t_KZxb5fd7t#H9p~=8Qzx%G
z8H-BhAxXD(fnNEyn_?F_kWWeEJ^0gp-pAt8g?92onuikG9Ms0-7h3~!I;H6T+^Zt{
z0>XlRhk!2uhoVUzjTW3M?o6&SQ+|%=?r`{!XIz^Kp934#Pwo}45&nEUFg=jA@!9uR
ze?Rp7^tJQ5s)j`_NH0XX6F2w%9<`tT9h^^ii1Us2?P?q7nk+ajk2z=6q$RS_PdjXG
z8|hMDy`tR7Y{#4zYr4p2PwH4(3CW;c*6K=bSNBr&ET|MdPdS)7HKFaBsPIcUJFaNj
zJnv*x^D*`P>$$Q~nzxg*TPnI*V6<kmc1$VH*Iw{^5NBO2I#lqlaI5fi##bXtx!_Ff
zJV{)uuxswKhl$6m50|@{H&^K&ZCRL6Ht4^Xv!9Y?o*I<|F5k0tm3?8)vjaOa4$R)8
z370#UMOn+~?-}p)?lH$$e9Hpc0vl|+si<od?k#<5cF7H0eT#|(Nvb*QH;6V0&N+RP
zpGaG;0ITYrCN$Gzlmpi8i+)jBKS|V`#}$J4!V1S3&Bw137~jtB5<E`5?K?Y7|9aNd
z49%a5?T<rLZxTv8<^nv$wZ-`I$He6+^D0+b=B)1l;__*+^%C|COnZjPYv0a|^z$kw
zwCUu<d<roNrwc!y8)@{g)8vu9-QyjA=TLrgz+X0yYC+!^ts98=XPqPQpT4kS=zP(1
zEM2g2GyFIb3<`F*>KHjZ9jp4ey8g*Gcfz05WLbJ2mmt7ZdNzzQQ0QCD7l|RKM8RE`
z07YJPepq#WqkLO$kiUGs?G0drIOQ61kcAPYG8@U=lO!yC^3z_o!d`cg^h{m?-()zT
z4yZRruQDEdgYtGhCt*0Z!r?t#d17)kP)cz(_!K%Wx2!ODt}$SSP=Sjek93X~jZz1<
z6#=UqQEz{aRYBn0Q(USopA}|!Hu2|YYGdRc<zQ=<rBm@qV&KrCoC8f)7%H6QQGpcr
z(Q@fBnD|QHg5PrL1BkSr)7naMZ<ES}|GcFF+YX2thrcqzoNe2sfsaRs`JoGzY<ivj
z@MS>3OLVf5_PbRztZ|lS>zBD({F1a!K0+>ga4k;f80!Lm6bj-nBBoy&KYv)fADZcd
z4Md)X+oIkEeE@7?Rle6y#arBd?2#DTdv;N+{l~Fsw}uI$3CV{;oxHZAwZIVWc<&y6
zGRCvdH~;8smURZ1JF~o>Ok=t2t1g5#$qrNpBSedY%5P-XK5W@D{T3*whaUSp_Mbud
zvqy28k)$wb+&-xG;2jJ`JQNVS?OtgmTHD3<aP?*%u3aQhc}Obd>-%&+jXFpVu5fm?
zs0Hyb@E{H^H+KGd7jJobKE-(fcItPyWg?r&NX6oG_ho0X-EJ^lv&yvMnxBc8<1<a4
zpyXwU_jl_iUI^ib2>s3;-fhXb<G*$-?>p!@2BfGZWx3#4bnzG2#l_o^it@D%OnvEE
zywV*@FB*{`0S}4bjpm#hz>gq;Tjqi-Nq+pQc@w+ME9(_!kkI%uvFSik|8ts`b{k5j
zY<_v|>T^+6#8LLAa}@rR;={}RJ|5hb>fmc`<JesZ6U@uqa_<YIuSFy27r2ASZq@A~
z6y?d(e2Uh<u1bHcja|?uQS-TRuF$4L93=CUJW{>%oAlrX?&Q}eLk+?;dv+QILc`1-
zCo-l;SM8wQkuQK58i|qRkFB_E571uXm5|T3#`;$e3vIuC{JGPw_A>K&@;~|=&@#7a
zvs(OfT_!Ls^1k?s0HX($16K2?PEnUW`Z3iQ(n4&T|5v{aU#@?G5&}zq*$OMbv0Xbh
zR<%<~F{vn5*q#4=s2B1gl9$=1zfH|(^><**3LWydF#Yh^V_Skv6HcmzPP$AaviCTV
zmkAe4_v)4p^RXq1Cuim2O>t^jlU%%!Eds_~6$5WvnuYRC4Xb-v#@+1Fdsg3B;j4_$
zl~ZMb;L+WEbpfIHL$#815By&`WDeHfaJlB|Up?B*(a$F>cRaG6#(zCfLKjavBMzMx
zU-wvdBlF`Q1p~v4gcxAt;oh}z9H>4Vx8Kd4Jbudg`oGh?r;9ziz*FA?bELDj>-u5x
z$$E+Pd~U{<Wx_hiNslMflL^m>%`9s}Khrk0rYbHoQ=R8EPs7_vKk<{BAFpHjacp`%
ze+?ZI4HHq{r*;DJu{cZoBa(I2NFZzEB^Lr=RBWWx;KG1{fItjLZsUTPeL;HT>&ICU
zb3-@1wX(W$__pTz;ZVQD;sm_=)ng_(o%Kbm6W-RMAHCmZyqEq&2t@dN8Kyl^fGyar
zT}Q!~cpa0<|DNC989(=Z*xEUMr?Q*K2n#0(XKnFHL=Di8k5`+O;nDns?NM({w00S#
zErUE|H$+Tu-2tl+L$Cj?aW=*6oh$3nritl9R{oH~AxolIsAyaf;1=d&-Hbc=IfHJE
zS@NgHX$f#j!9P0@!b-NUEvQ6do~NH^y%=IF)ia78(x}O4Q$`L_2#lz^`}O92dI0QK
z=txQQq*>Q%HB0OeoIr9(j0-Yj5+tP~+yC$j4yBh=5^4CJIqh>a0fljm*4P`V^-77Q
z+v|(D^)p8h8(z!s&@-9t=bB42Y2plZVigeM9ySD78?PP#9?uffQlcc{ld?PBa|E&_
zi6w%ifF*_{g(aOOnx$xo^a!U6UP+{TjC;bI0zeI*aYSvR1zvq&S+0pVVKsQmq^6Hm
z4qC8~X<qx~daE4tQJEou)`s~uXjyd-zPwH;-R)kOrHH%W)5k{UFKGv?7b-?l268Ej
z0bDdvF)UxwGx79rexS5Q+(xKH)J0H4DBO06Zj&y9RRG0iZ9iryKDLKs&nW|>0kZ8<
zN8LgDS4zjUH_rsi4+bXMqgM?G2h=!T_>DnR`q4ku|6mDayqy7`Nkb%D?_uC9t3<#$
zZ~d3+%SZ~?3TS=YL^+=itgdBR{+_}E4^sTAI~GiA>v@)QgtCS5+Hy{&MW+L&rVqjo
z=ni%dv~^~3)~AW4v!?Z@dJggk>lntZettJt`071r@SLy4FqWp6?ZncU&F;m1J?)c;
z>(x`fxby2FG{!c^Hqy4$Hqo}gw#+u(wyS)gIX>96`KJM<VUpn*dnLyq2Suhzrt75c
zq|YQrjRS>?+OG;DMMJ*YoF$Z{@g?Aiw{yv#!TajqdY@3ARNdx)IvD4v&W%pgs$WY+
z%UCgLOLa>Wc15k499`Au^cUrx{Q)a$$`F*+{3f#xBGulS|C-ENHXBg{;kXwC^Y0>3
z;a*1&q+jCElpf;I!mo&kqIS4AiQlhj|H<!iaem)=Ki|v5BKlgn7qVS}%6=<=aRcfE
zA&~@E%iMW;bktd5x=|wdmZpV=&)bI9->&4hokv?omm~d0Uq;~uQFnQEp9Wc<ZzCz*
zsM=J^Na|6xz%~5WZ)y^BiU{(V3DvBqI@!23h;_LM&>vF)3_nbM4AzB}x+2Q|MUU$w
z!S~_QtLb#s392{Fy1agG0rDev5x#;|k{7t6IY!m_+yy+Q+&)_WV107~s!aI)a--RW
z`&VhH)*Wmg;2g{!@aW{p-<D0|O?OnNU*lh+8>Jh3t8o6w`Poi%`j7o(mLU9dA_m9n
zXw*!$^%RcWF5jq(v|GOIPt@?sd%-ADA~F?6O0iMiZ5(S5G2ueuWC9qMH=!m0j5A7V
zoWLPdafPu<Hi$RsYTcG{`?k_~u(UkVfXhXHF}Fbq>(9McNiB)spJpH@W=JI+#Bv;h
z?2qA*^qQ3tPt7(ff#8o>7?kD*d(0Fcys~ZYWzi>>KV17J^0v<O!keZ&OfvPzeC2x7
zJ$Ug#3>kZxkJ7E;3Kv6x(1X&yE&b?5Cy&5feSQdu+l>)jq)Z(8+fb%^RQ<sJxGz2V
zm;Gc$T7A$IM&kutVBc>kA$L})Fv>owf6aa_&Cx>K+p}bsz7W};c8{Eg>edX@(fBps
zl73@);4fFKx!qD$2?KP_#y{<x)jPw(0M41Can$STyFqe5<aNJS3EhAlp38!RL(#sF
z)7Z(`FxRo8kF#}3W$5fb+2L=sW%FU?VG?WA1ld074!z%fu`j+(BXuZvW!g?hw|5af
z&Pu%@rD$86$+{!mxW&Aw-x^)1?R4xo2BS^pVtv}hpT*U%q$tTUw1#~n=`J#?3_oCB
z$r*dh^|dUagw(W);yo5gNuog*E@>{E=R(YDsnz0N!5@2Pf@=hhz|>H}WoPBvy5Ry^
z|1iNspNRWgw%9kKmV-1S+1km_0{%;8F}CpKFe+Thfxm}JuM{nJuzQ4;D3>Z$D6^^C
zLGF0%FeVu1mX!Qqn*xS8(hj{2TYV*3sQ#pW*%KIBPTZ1D*!)<#=bVfAvT6)YzgVwl
zcs>663{1-_y94K#cG%z}Rg=C{FbW44rh}wgw$AZ`et2L%!eUnVqmy519*LVI+AH>K
zy>17}#)o>umdIA(M5@LlSGorzhwJDq%$0vzg3g=ER7|~y!RBwgfDdNqQA|f&<Abu<
z4JUJ_AI$aq8Gu{ZPl!&g1A`m}?FeXXTLcB|>#@1&tra;2(Y^0JIp{^gn3!LQ!Zmn@
z@I>&btaHQ?>k1;CCH8MN5P!@c)Tjo{Q`&O<Ns^gnUQ8G~rX0zP1;Yys@sU+0PvXBt
z?2B9)-5Qz^Sw1|=K8Ng7`1YXx#~K*kH+=N~K`aoa%ma2w{rwXmY^>Kut)&ICm{!h1
z_<CX(5X{Ki25URGY{lLun!S4r^KBfxY-5JvsF|Nrj#ZMOIpU$Ye+}rY2mZy#XwdZb
zIDqJ11&_h9?45}I6c^OFZ*r<+6~nSii|9*TF_Q5PdI-VDWleY@s|ILp(!qo#4Wm+P
z=KPHf6vHln@fNoSCQ1x(t7?Zs9-dR%)s*SxdbD0sEXncEd&)8Gz}qgUp$C)Eh;NUw
zn2`G(`IxHnHUHA0V=bK-MY6P6eAip`9Z$j?;Oca?<jpIAk2aw<ek?l2N}z?;d>7-V
zq?7d=6(W@ThV9SM{8zxI=`OgXV!T_fP%3!IsJ48B5Z<a7d#_J)o0Gmp+lCe2COzXO
zT(0AtR5xWH$Par;i{Ha%$tVw?^4&oQug~N=ca%w`kJ^{xc(v8D5f=;|7}FF_?x<s4
z(;l`2zYTM~z)wxGP+G>pO<y+I)hb7VhXWiD`(h~~tbIr&Rd%6>g+{RiKXHRWZn2&<
z-YpOHu9>*Haud4z$rg#T{n~*TR5TKe!IW*8VmZ#7SISISA@RP1KgARiCD}^G-BvNp
z&?Id9@@<Fin>_8WIm5pN!uT5N=;<*}jzoF1uP5fZ{wz`iEW4*!Qy4w*UPR@-g^KfF
z)V&bj_6=uC!U|Ia{o7Mj5>>Q$`dpgY9^ayP_R%i4;ad!=m~-CT7)SS#w}vGZFw8KE
zQ!DYVt?}8~AsBh`4F)PnJsa_|D+U>MS&a~U%84{h;R-MMjYSA(uy`^bRka<E$!mV|
zq?Gp`yp9Pz-4+0uamJh7guR@hwRfR#NXGh}MYr;wS3d;4|LIY=XXI<L-51lWi6w8h
zCiY+wPnyT|a5G?p!4;0473o^6L&N87!ehp=3#_WT{Y)FF8A2A{KjiWaAskwQRXIt&
zD27@tzkKdJ+7(Euj1xv$B0PDO>ox;Mv1^Qoo#QavX`Cf1Nnki%R8K9Lg%)rP+9fgL
z_D!mq-N*DBk|ch0#U9<R^kapu56AM36$=oxq``ZZU1^d|D!t&c&bKd4HWRz0e1KgU
zqEj#=ytg8-ucMdjHwzW7B41LTpRrouITCV*|J0KjcrUW%HN+id_(t=<aT&a5|5c3~
zFC#x)pcQWb`q;9fXuzq{{AooPMFLe+(ejY_^cm(+{YbP!flO)|e{m(F_M2@<ma)t;
zp`YY2A9c$sH$%&a@f}-&m=odY)Q)}YHTA5v%`e$*s#}sR#ZP>wui-#AL2zWN^H#uR
z&6Yx{Z+}jsFrJ|O;DPE&K1v=Rk22qCGiSVjk0EiWY@<6e#5u)$*KDrJRr)C>r2Hn!
z)@hw^Wi_l)A_Ad)Tvk+4tAl_oew|zYjb4v!c1Ah1Wjg%$-&ZiC!Vl4zuo7+wKSTAE
z*7GS9fPfzwg62$T*+&FK+=#I!`igdSYPQ&iB*B@MMatW59))N(KPh6B7fe;>-93rD
za4n%5)`V&S|B4<&m;9py=H!v(=N<j?o~e65fVyz}sxWMkSiGTVd}?S2gtZKZc#^L?
zB*u^LT^q|GDe6E8r0e&DKLX|^lH4UNz~n2JePKW9LwiLw!IB75?cH=oaof(-@H2A=
zHthY*dq4^?8}Vw75*vsh;kO+9N6w-1FIeMHIWHKwC3L2a>McosXRPn{Z}yYm1l8(q
zV{*XUdkRfE!+VuW$+F(UYo03tIr$@P*D3$`!>d{ne@znpkfB4hD`rJUikak2f1nv*
zy2rh~-!aovIHf`mEBgk#kPH}8vU;y$u4mM`#yMIHPb}6@^-vg>Z;R~DTnHTHtzb*A
zs5j#P+k%1iz4+8=5p|%)J<0|Jj2p{Wg#FqzWX{2^3K}*)1W^l`<m_|PQ|do4iP25Y
z<lE13Z3HBa9CyW^L0DO32l6%o;*DM(fTYia51&^$kX_-p1~zX5?^b)J9>G%e@E5Y)
zXCst1rZeDS575r0-aex{Ts!H;kS}zvyf5LZ2w}Qps}kewV{JajU1sr2yW_oAv_tEQ
zIM5QiC0)k$nkKKG=L*x$pk6kG6%2<1q053K(L5OC5!sR=-@220rM2~^n{?zbc<xKl
zGO4ux+tsBDyx;*D1-fC1gnww1S4Q=(={3S7Tvum@_4a+}Q2K8jd^^m!E)8Oz3@LA7
zwiUM!T&Of+S+5_q5{jMoJm%D7m)cDBvj$);t+;`)d_qGOQ%^$0hM*?Rx9nHuajK&b
z*=M@NB2D4<UNac)nf{6FoKkukXAzj}W%`%PFVd+u(j<WYfo+Qc#PQn$Gk~<iS+IG>
z$ZrwX&xPYKbWO(Km0*v^J>YNnub%Kn-<2c>g{Son1)#zIy|bZVtV4I_5Q^^nP`z{A
zP5YC`@-wm@8*c=Gfg%ftD(v!Yy8Y?b1XnoR*2tDniR><m#Dv@YTT~w#Zp(~>SSyw%
zszNbQnYS7EYb$r|1#1G{34=saoT*6}c$Nbvk2>UoVMI~PoOyi+RZB5<ky*%Cr9LUf
zU7Vl?!rCY$o784>=EaaHL!3GS)_f&4nwa@xYLvaw=IHIC;`aE(SMyKSEQ*DM!wao*
z)uFGmjXSRqKK$@F0$4bHczesju<7pz(8uuXEV{<n-!-lj>{&x=0FWB+wH%KVj3Lz$
zDeNd2=$H2O_Y#&R30M`8W&RcH(OEr;+LJ(VL#j7MGytGDF^h~W8qB5c{ixB}Khx0h
znYLFu7J&2H<dTwgmz~@$hyCWOhPCPad(wLMRimu6j~4pmw`-QLpf&^JEveuwf=W35
zYZ;or{>laztR2e2Gp(@{xbQU?ai-}*e9^x=y>D8m=@{KQaIj#OeQ_%W!xSQIIvv?k
z{!H-|IeLx|x1SqI(H=;*IAgq7E}IVb_r;FB_GP_N3L<@uw&iG315dYbVUDdC*5?at
zV<kRXpE8+n_0|+tL*s4XW&rPXo81$)`h;_E&M~!^WhjWggjLqH++=^Yi^t>7H5LKe
zD_VstI;m%-hTo7o;6}?S5blp9ur0a(SZpinrMRUkex*GID+Hm`_Jp@FGd1k5kZ6S8
zU%f}6ZqUK?jvas59qz#h+)!9rekChvV42_;MGlD&^fC#^on4EvG`JNv_=}Y7NS{nM
zBNm&<-L`#>y(cdVxGwQ~;8_}+j3EZL;hNMbU<Dtu?~IZG&lwBUs=yI<bY>*IYMyv&
z&j}CQSAE>^|A^mAkN#0{i}D<aRXTZ2JLHE4PX^&r?eR5Znt$_|s6HcC|2&4B-WTgZ
z9O+M$?6sP_#X)z2ACIo&cT8u4+_!bzzR9*QE>kO?aJy?LS!fE^Q3x)7!QC{7^Y=%n
z3`P-u<Wz63Y@(H01Qu!R?*M*YpUm}z36<(TvVta|F7-8EYmYL9WH=wl^0_oOK{cL5
z57-xI4%>m3Ui<tnSeFqwM^EXUgvZM=zpP`vX7R)ukLcqF`^y8r*}iDKX#I>EYatey
zxDdUg%l!wf=bY-wHiHu#Cw>cZ*w%R1s1wD4!b#Mf6o!eVYn*fzm2nkqXC5_$4Id7t
z>a-x7nU_3$eOMQPz+dscWsY4ofKZAKe~a8EtzUB&t@;QwlIZ1(xf4GKOH`iRhrXrG
z;&i@E2MK+*f>#BE`|hxa7X9`q3I~4hZ72~Bkwfz>d+odIO7Ny6k!9SJAm}E3xefLD
zvytZeC)Mv5P_)t7cbMLF-bGxL`VhPlN+^LPX!)f#+MoZrHuWCY*<5~_`KK42I*;?f
zZ+sG_j8+3@XO9KL$x7Bvm3KbUE~pAi=2~=X`G$*@ve^Ybk01(xk3HMcl94~qeTi&L
z;2kEAFF(zgYG)E|-)h}o<6-tnIx}fL#B%DGe-S)v&j5j6Sne!=3T|e{J$s4OCLY?4
zz=GHa6sDDbDg3vOZ*2JuI?^chHA_{G?3`|d@}IKx<e|PY7KvBC93i+Qg-?4NIbsE@
z4OuftjAddVJZf)UG!hLAaz^q<l&8dVWBx`bOdz;+$p_C~Lkj{dx82Nll)9J02yT!J
z9<Z0#yNx|+m?7M62EYWr)b_aJEZWkYZq-BQ-Y4-(=0#P4nva+<8^5lqq`L{I227q&
zp3SE^_3VPkS^$*YX+?iD`i&)!@>=?#TW5`WbqNIQzz;LS$bBC;4`YOmn3JW_Fn0YZ
z4tsfl<y`juDKK4|*FgO@fI>S#E<%cJCK83Mvy$M9>P?$FC6M$*3rL66V)E606<rvC
zutMta@Ht4z{_u+EH#gcl<UAR|S<yAz^ScLCn8cI8du?F%N(T{u(2_GTd)#)FaMD&5
zjLRPqXZT7vxh7e1;3&)KC;mjnuLyBTE9#CR1_5CO$!H{_1S>7j`^Im-`%~2QBoVx8
z#)Uxmr0I?%pd5SpP~X+9e2rjKD2ltlTc%0R6W^ua5m$KaCGw@wBHQeFL^s|N>A*$t
z0R`x=SoU_!UUHkOba#L&%zDdl%WF&7E-}-vJt~*HvA@<!CK#m~?zx!t+6`l7XBA7c
zh42}@@DXMYf8*=}SPEmav>-kgi<<4Oa_g*TtIgwncI&0FB7BDZQf#rWW?~~MV6i(c
zHz!4MK-(~dD-<i#9Ig*b4Q=lv1tY~RRPn2*o2`dk%$=0^gXC#JV7|tm`?uxQlWuUJ
z-OM^;6u(kBJv~O$dn|3ru$&U}@>~kBEN+?!V+TG%8@-Zixwn^!)koKH4*Cu-m-R>M
z195PV*&(pEZ>nMJ;`iY_^cm{!=U3>nWENP^v;3aiKTQR0dTH{XDpufUQ<EaKe4#`V
zlI<gc@VcY9JRb=pFSSsny|iK*{z0e==X=)uYC=HoP74raZBW;Lydp}x=JA86Bir^*
zlN1FlKc+^j;R^~uy+Z9I6@1_!$pa?GmS#M^E<W5)Fq6sv^9LGhNk7LKs*Zw~tbeBS
z2yXj1aDHVf=}`LEYl5o!0c$&MzhABq)enCe!gq-QiXMn?2%02JiMO<kh6=L;v|@Xf
zS9L#aVs;STfKbaLEp3e2i{@TPDIxT*+my7?OV)MvPpRWYw344AUYvtn``5{chb|hS
za7|8}T?^;cX`qm8K*+c2W}7j~ihnQ!*$)0321Mi$OVXEuANd6fOG7?9{-8!s&3J;{
zi-j3!W-0CAiviN=S&A@2UP=#}9Htc-j)_Z(wpX)pb}mlu^x^q}mS^oj1r{yDnrp}U
zSh3%_FmSH#-Ng2^Vy0ME8sawDG|H(fhcwJVzatV%rxH^_vvAt397dc(grq{Wtd91q
zrYz;SVEE#sGfHLh^n2O8<ZAPmr6jS|kyPct|1Rn7^0vL$j3i-kG(@5ei#}9_l3m9e
z9#|%M%&~_7;r8Tejrc%$+z@Mr9(5aIo&$sF9)~kHb%hgexeu!|y3|ji;?lGgtWp;j
zF&6_Ymm4IMB16|n)XKC^-#)|L-8!8vl^G!D5RA$1T|`m!;kv>mAL^%nlrg(lmNKyG
zhuHNY?yySAB>z3c9N08OgWf+QodMqE=~Z>|&T!f8T|rn<A&9}j(Fw{`Rs-w(ysw3k
z(?*w*#Ui?G!v%weNO>c#Nr;*-i|}&Qm@dCUga1lxvThK$=$r+jj&Ax&zz2p0*D+)D
zV%$YaV0Z>Kit=6}97&>{Bc#pB!Wq(TfkoH)DFx(wE-zRNrnz^_amle<5wk+84rgd<
z^(FSoEifNlua?nxY5(O%ZXmeCF`I^&AlFUO2*DaFaE&9ENFo>Q_9JXPTf99kr%jp1
zPxVDm%;N&FA9Yil2VZUdhJwZn!)p{%$=dlus`h~IgDW~?YSFAuiM~>WSV3%{VAGM~
z=tJ7FxUUVxgIl*s?fl(Pf@%hZC;wL+C<&g}o}&2>kfT7A8_5TN@XZEh1v68)Y6xd)
zq)%f6$wvUEgX3F?Ab%@P&sr60RxwuufE|muHOq39x!5l|d<g*t&jYL^kB-NqUab=A
z@b^P-Qt$L-0uR~jrOLLFb@iqF5-%>WQ$eCY3$JK=e5hp~6~dxu-|}gCWHw}ZtB0xZ
zlW?>t)MiGxn{G(MSSP%ZNt8lzV3of4k<c@<3++PpijT`bNWD&1*pSGdc7WiotEbO>
zkbfdgv&e2?mJ7aTrfA+CG_Cb}k4)t|Vje&0U?)d`xb_q?qXz}c%jBsuYrS8#{%4eN
zu|8^c!Yq>sqV)#6p+~SL?P$%2f{lP&@Q{2tY6sCpxRA5bNrXB{9}&NC<T*=8L8Lol
zA7{(gB1DLewC!W?+?p~mDJoXhK#&FE1Iy%few<8e!v5c&((VTRtP&Pdr$mp5N)T;n
zNgeHPvyxUK|ALihry&j60EQ-Da09tU+MmN5;&q^ZMWR_zSZgs0*Ifz0kq<L*?9X3e
zb|P3QPH;g5Um?P@LYIQtr4da*G|eqkyO#UNva66fp_Ff0r5<|4x)Px#)52dhrY0)a
za;woN*Y~UAjVeZ!-{nSa_Kx9JmuYLZo!a-Q86^MeSzRO`X-7P>yD+i>moyVwy2BL>
zIm1k1B_pWVM2Re7dyj)}D9}2HyG>KreS$~+c<J!0PAWH-eq)XGAWVJMe_-iDHC7YX
zHMnc;)V*t75mg&Fkm+Q$iHeT8T+%XS643q}rIE^29qzgORg5ZAZHp$ZS4c(zHu&UY
z1d%m5Q+{5Zt*v6A`&y@iKu6MZhVbloW?-mtTIY|bt;##dbTd=I3om7fw#GN?#7E_G
zlNrm7!?5!H37M1WG)x&vBtoCN0negSZ%|+XjHgiO?DP!#B+AUYYxwxbBW5v^jMOR<
zS}1;JpgM6<^fTF>%!79)5>)+2GHUeE1B_-|<m%iA<EIQ7>qi*;1pjDK;yJKf!h)6e
zYw%LtKo35zxD|a5GsSoSg3LeHMIvKL3aN8=L7a+0)ZeC}_KgyQcR`%~)YvyS;Gj$K
zGZ@QXauhFW+RvTSXj#e(9?JiK`~ZKGjdNJiaPb-L0d)mq19Q>_lucwlKu{FjO}e`Z
zQ~32D$nPY=Ou({(@-dH^D?$u|2a4(`d1=}R8_-jE_Lm9R(<egPRoM>=NtDBsFCLEs
zHuNdXb#FIhfHnwEKiq}2eR&Ni$-2|W;I+b)IB6g~CHks3XQWW2B72Q7`UQzyG5qh#
z!`AV=Wdz$xcFgD|p8OqM6rhW5V6C0D^ekVIjkY>-0Ir#nA7(1z1>K$Pfjh>qE4V^!
z2!J&3O6VswC5vb+^;+c#>M>ZM3Y!)K`B?rtGzgkQwmwh-XYUX*4IN1PJ>VupzXnWo
ziqW=E-r>#1iSM||HZ->rT210T2SpQ~%b5=^O@DBUESj}QhkuKy{1M$7Uoyst2JKiQ
zScdpoIZEDd+0)q={Lnn|!4-513yz`=*jS&nF}Y_Pb}E?@#+t@AnVcOu-ui3db@Lat
zgH%ihAvr8WN|Jo}7#XVhFwia29#DnIKGr`=4~prQ339g&{b!-F@}U2Wa>HlCVpN3C
z#0jLRe;|(mIXi5iweNg5ddZCvKYHvU6BW`S&Ml>8g`;C5-pnws{-nDoyi(SXhZqb$
z6S~=unBvdJ?@V(s^e0t6p{J~Q4$Y7V;+rm6w%-^V{-WdX>|+iSgqr=qYAPX@gc7Cb
zwJL?+oDw^5Lf#cX?C-}N(1ZL$4qAylmvSe%G0;|cmi=6;nCPk5YO)tDqwCxCRmGwx
zF`p#t`Re4433e-UM9^@9)UN&v-_c0}%Ths;mgOF<B#KqT6##p+MhL|^g@9(GPX=_y
zU0TO;&uwJ7!smn!Mv$P@XG*)LJ`dD{I%@tuZq$!v$-U6V4k8Gd!x=&c#SQ7O$)Np!
z=$r`YDduLh8JovnE#eYM&#C1ClqCi8sWstby{V5JvgWnH4zSrMPb6D<mzHx>C4D=u
z-H4%W{cs1AyqB>)I{PVbO^uT9dHyLUgA3*-kJJGp#R3(8(eXxqY|38v-FXolUf$n-
z5%Zca6F}UfvqdEWD8bkyx>%1Rb98~S!I<8WLXtx-CV!E|T^5-g)Jt#GuxrY&k<KyH
zLxn;pYQlZPr{_BnJOyrkpi&~deGLWxzeGGUKU?h4m@w$TWm<39<Jt@>TiSQD^m{il
zxIDAH!aq89;@8cF#n78azvCNe14v2lVe0`O0{Y$^p-n@~sSjl%OIT2?G<cR$x7DD5
z<WHIf;o^^-j$4Xb<VP<*U~`0ITL>W%CKNgSAop*PW}x(xqU+a$%ppe1JMEGy{VxbN
zEEcdaJbXXY{OEy?WrLkvfl{ZiL^T%{d)os?x3s5T)Ycd6a08}u)@meISgoOyUF-6U
z%sMh{XzlQVAgAR9dVA_8w#Yv=!;%T;+wVLzv1GW^zyLf5l{1BmI2MimP)x~a!k~kX
z<!lueFe~M*sz|9Y&ZW7|_T`XRY}AQ#C&-t`f32VIioOKLsB-dR)Uy;Qk;t@d7>AoE
zg84!`KZ(TtF?d~u|8qo1olG0=&FaxQTHRR0_GU`gSB&km1h?3eU#Nw484UgkG#40^
zve!<R!)3g|ZR&-k{G-?D<YHK{V=bxBx!JT{Cp3Q3xko}91T6c0Z+FZCN}L}wF;Zy$
zGNrs%i?k%3ydf+>BT<m6?oxxx=i#(qyu44k4@%Mvh<-9!D*Wm^zCZqCAr~f2jq#;G
z{V1(Sg6PZ(wFM@@^sPjmZ2oRFzhX`|usQ^c$fV3L{fXF-WRgNn(CWY?%P0<UkDJB9
z*x!5~zgcMG_oVe>I{e+nt3yfgntQ|)%ZPl1J93t)k6Gg0v!_nJ9HVZ&ZjnU%c}FCi
zn-(%|CnM}2QGUYiD_h9POEek?1=1|Tv=onrilJoop~@OZ*2DF{9+n9x9NEZ9z%dRK
zTJRy(B4f%ri;Qx^cp`zk+(*(INj~^f7-?@aVZQ2zwuGfle(aRJCg7j!N5|&dk8%*0
zLyzSgF}Ea|Wh;fybK?{SB3fg=m>JU5(|zwb>cS>Ra`W3M!Ib_j<FetY39U6U{kaq$
z>_Ae^sAmo@s4G`C1GSDi%;Al?#F%3zS|vdWQua>Wt6b@-neUV}I@_@Ip}ow94N`g_
zkH0c6DzY9E#xLuMX*$a^D>2KS#5uC3K0#FCszj_8_~1$MpcHqo!-U*{tHCYnV6KL8
zFRP6zs7Osj00|=2<<;ZBTRz5`HRT?B8ElMS$-L*I?<=<{Sg9&4O}zj&5#V-BanO39
zWJSE-q{?FTGs3DlOJd=iX|*fEr?Rl(ctu$+)s;eA1PSQ!;e<IK+xHA~3cnD-<?S5j
z#EibAh{lwsCz>gxa1HR{QI1MeV!U9=S;O7z7k7MJx|%zUYP*_SjNCUYsRI~rNn-K5
zGG<S@5f261gcXhB*(}|e_Djg2oM2)ODBBK6pkjUVs55d<lX*Rj?yZ<x@-@s-2u-}i
z_OxIVbGzE5l9N@~{P4bVW$^85FZK#*X7zxNR}+_KYM>zq9;~&aXJnJNZV0kzazsiB
zKkzVM+%iIG+=wvCY0N<nj$Eo3c&&3f#2w8hvQ8o^;X()wzw*B2-~kuD){ZRL;S?It
zl?_Vk*wfbFV8kZ;CMX2UP#A<B)uGli1plxqSAO`0+A~wU%xa*JdZyH9k}#D(By19e
zO7}a{YQ*+g`-Oty6z6IQ(OHKONJ=M0pwoTg-jG`3f_!&Mzy288mo<`Cm+5AyqdPy@
zP_yGtT!>p#q7JH2_tcnmbKM_H@nNzE7wLbMAWiI5`-25~E;mri*;Vcn9Q5SA;lPHX
z$QWm3mg;@fz0$YABo1Gao9dJ}=)xk0I~eqWt6lD~AZhflpwo5z)R?5Tx|xydcx}n@
z<##kF&g7Y1h^Qks9yl{%6aysjAj91lsSj7M6DQ%TI|Gk=@|v;m$wU!o{<zCIG-k1i
zGAy1nqeQv3+}~G>Xjg)$9O)S9u_TkpNE6*gU85OayRT{x_cAtDIoM3I7hPNwnR@X)
z%6vpBUGFzr2{MG_n$+VKWQ2S;`9|AC;QYvapgY>vAm2AMdlEnCzym4CR-t9rF7=xZ
z?=7$Td7Fb>Tl?*rFvgx1I7`+62^1MfSD+b@reX@9otG=h&@faqo@ClCdk9K#Am3w6
zsgbH@Ec%_qIBEZ{u9xV>i$;>6h$>y<z}O#Sk1s_dmc4Jp`iV2uts_*zPy)l@WopQ`
z#bo$?ogHuD0tb8iqC;_azfHLG3i3ofuQ5~&;ShSXg=UhaUT4OWQ;<@!fj!G+W8W@m
zN+i(ylOLAHsLex9*ZGlZ2AaiJlzQ(KMl;*MR9^2JD6<i#_adP@_Oj-LkF+vDTz2{-
zV)0N+*%PZzvLQ_DC%Z<K#pYN=x+T?-pod)YpAslf=q4WGr5SLTqkm2YAc8jplk^~^
zl$xkz=@1gg=gZxbNlW@<>G}^)l!sN8g!z;!H3=RbhalWs&C9!1AQGn71`3ugwSK6H
zTCn-%+8c5Qya9R7`B-+1)f7eJ#Bc83@eU&^gDoZgs3vfBWw%C?qBmnHlA*H%DT+e}
ze3xoRM6#Qx(6EG0y^%vndXPraV9r^8XbO%HR4L%6@}>ug2IZ1WFvL~Ba3QzNg!Z3v
zY50H~cF$Ic@}`qPsT-wTfe;3S=HVF=f(f#pi%XbzBFQbgq$}#DiStqz&8I$pkh#!_
z3#sruw0HdE^z^gvhGo?^IJsg`gZ^oTR<bBgJ7Q2L&b6XcC+Ej+Q*SPTim~dt+xdL6
z?^)G!K4phhT#3l1XsH$d!`)X!#nm+JCLy?m5L^QZ5F7>=oZ!LT-QC@Ty9IaG!QCae
zyK8Xw!Q~8jzjyuL)mi`5xj1WPLv?j^b=6bVd-crp?#3&m#>n9)3;@eU5@st-k7_de
z!%Rx6u{Fuji55iP;`w?K@iWvJF7uto3OG%!$ge5xlJ9+!y`pFpD3>;JjZZJ|WC{`e
z05qK~`OGZovh_#cV4P$-OCb3@-P{HTzg10bV=7qL-*n33ikM5hbl*g`_y>*g2jm>u
zSkcxZ9)nCN>aUZfU!0oU3g0s4E$uPyiOHhj1*TAV5304#6q3zkJrsTB;**kf<2VtW
z{sl7yx<UeHa$mg*M-j3{c99P#D?pg#XPn7{Ekt9^VVU;kv*+Lv;x}e>$V-nEg4${p
z=TJPJiY9_u^491`*Jfue)O(m_B1DORBKNKC@LyLVSi0FC26Z^BlUd_6;4QCJ>P2e0
zzaPeILZE&Z4@2c$%bw@x*6Z=c{9V5N!JRs4J;prB(R)W&H}8GOiEyn;PWFL5Ii2+#
zIP2=x3=O~8El<m!fZj_TD@9xn*VZ?_!X0wjn9ew12>g}@b_8<#Hri+vUz8VFu2JHk
zseDAVkt<k~iOg?PZ%q*D-l+LX`D%2?SKQdOa)6P*u&~};uEE?;_^@rzlF&vzb{+m6
zN4Wl&zG58;>+F!VGC5N9=^A`)olxrxXGn?2J6DiR;gk|PSm_C=k>g=O*ZVQ@U)Ax<
z->|$@`)Sc38L!Y)q>an^0Uss;hFn<@Q3~3~`?9lVozc41z}6Y60b?2Z1Paxg{Ql~A
zoZKCy<^2vq?K{2iQw3J#-0XznZ_qn!wZB%FCWq&i!Oy<M`x)M8xUQGkf~!<_-Ti_n
zT=($kN(p}X%67Xk{sQE$)AcjQnE7-`#9?Q%GZazk3azqd^~)md@+@uWC1Pv-;AxKf
zzP_k}WY9GZz<C_~;M*elxYV*^bs6vyD)`KT&LG=6affaI<29S)C0gfH{89cwE4Iu(
z_voo;xZS=bY4BOBPpxpd-P-;r?JDCkqp!Qt>C9{Nw^yjb5h$F=Z7$<`wJ}3!zJ+~I
z6~SDv(;)kRBvgU_)PRUx02_L$%BZeUZS@G-mOhnIoT9|^o4718P$T3N?Q%yDI%VJ{
zt2dP`jpcA@BM0g_Qu?snF=4D(&n?@K1Y)Wag*A6m$6X>%S~K)wmt)E)$?@YpC+*$A
zW&befAw^8-A=1hN>|)cj=yiVkZg(4D9!PDyn&08#efMb%QW1OsJ(_~Sdg=wf6&q=2
zdI~U5%2<;v>TucSNn3hy5|j15&SF)n<NgFTayA3JD6eKTn%R~4l`3q%JC0v(;9w<0
zh}eA|Y|^#0E<wk~gXzOmip<vSovCgq?VZ_;%TZcdn>aYQq=Z(?GM#z1I{-ae|A}=?
zb^TG^`x2m(p+t3GKwZrj4l#|ntgc+9y2GXOx));7Csr$0Fy-pZ{N#MUy*-&MmJwyK
z1?)rQk!0F;$-*CdxXV-_vaFN+`a-zLGlqF82FyCUHFk@OX?CO0oBC`jxv8O}g1T~J
z)1-6DMkm!b5(BV3H`OHxvVsaWpy)MXMn*zfeK*Cr-LFT@(W^{xj3zwWtmlqM436^W
z(L1>$$fV!m!$~4l2aiJLlT(e?Xud4maMq46=qhwa?6XEB^|npP_8i}d-~&cbWUtK=
z4DuH&8b?PJ7@52W6Q3MQs4NbxSPhe*t{Vo^iMkmsrQ!qM4Rv{MM|WHpYu`nlbNijM
zbUG9DI=@UzexixY%v;D%8+Hw|h7xLkCw&wi!mKeD9Ac@Vm>hhrUK*CW7&s;=4hlE5
z!BdFf{NOS!<dLT$qQjA|z#=Pd+vkKWm3Z`WQTHOv0m{0rsgO&A;ea1SW_s^6W}7&*
zXu@C4UL=W%8{Dpw^oR2_cfw3EAcj{jO=OgVX_W0WwE&nZHu}|ds&PX-3;q`_lZ?MY
z;;JkfMppd{^8s#hu4v)MtB58|4XK!!kpsizY|26eCWWs>hD;K9MQt^FV7Vvbyi&-#
zTn+pSR{%6k&m5)*LNk3|DuX`#eo)>DRBuw6oaZ>nPOD!{mJq|1l&zkDC(RAq5Q^9^
z;T+Kcj(CjO@DuP8q!nk4W{pbLjsvocQn#e*rGW*mg;Ir)a-`G1>A6P0G~M)A5zhTL
z&dElqlZl4w(S-)I^i2U$L6RE~7KxNlJ}45=fpS_ygMz7H+&E4zHuw*=T})#zVoJ)$
zh<f+3uH_%I;nE#NT2snI1oh!%L(5HPyXMBU&=ihg0`=eW3<|fZG3LJ-bBlCL&m8je
ziw5BH<BNLcQWo=B5*QuC3EDcB%}%x_^V^EXfXOiVZ^@Gb@;|TXFD5yv3q9x3ubDR`
z(yGteGi%&oPIX<a+wQPk;;)&e1IO%Krsl4;5%M$k`!Gfjcc9xwkXU>hf4MBQ4A-Y9
zjeyh_!k9?!P-1i#SqEAyHFqfuOK^r1Mj*!?l^K#H!l#<AGFsU<00zW2a1E=HhMkg&
z3@PWBrbg`BhKA_@4e?1Ph8HV_@ku?kBj$jVQwF<X{4%|r<VN+mVc_MRX7xDrmaAd3
zN;i1KXa~?X=5EQo3$r73`E|{zjYaDc%CJaf5H%UY5E{s|mTc7+eK+df7e0bp9YDlr
zHlk{&+Xh^_?An37gaR_-jR<*mo3o@eCf!Xu_K%E6?T||{ER8sNP9HIGH2U8yJPy;0
z5LO2g0os$b?riK9Q+E`1QrY^X5~*W)N+s$BcF0G*UUJk|4lEIZL!}$>$@>N>6{yz+
z>SsuEj~?C}Re!iv!F~`2y^s6OP#i|dUs>EjDP^-ft_Y-?{ygnXk|miXDNix|b=qIN
z(5#RO0|kr%&L_#Lk;c_P7e&pJlZi3@Sd{opZ*ZPVb2c__BR}<<@K<pcx%4t-3<*I>
z6Urn}`?Ml+N;w}9Mv>d}dsF#AdEm@Gj9o!vjA%;pu!en3<I=K3@D8CJ>WcnBa#NkE
z$Wtp0xW2??obyM0VqHE>9DqPVxM{|oC9SB%rI(W*L%didFC@QUU!*=sGapNV(S$7A
z61Y#6Mw#-Q&$FTflf)aVACUN2z6S}=RalIpBP7iX7!1qS2P}r=9~g$=@G}oP1JX~J
ztdfC6`ANoPlNvh~mn<`kr-@E`mVh4dO0a8klF&_}(@3*?UyIRdPScLZCHIOMH{<|3
zuFI^usDqTqVPX4>B%>V}sOk>t%!d*39dy?YcT?^>*b&|8MBHS$VXWzXcZ0U<Uc+D&
zKGdXbLpEmKCpT<xc~NN^Xdg|D15lKtVgxd>t6o)H`c&PixFkG6re>j*NK-dh$E0Qv
z=P_(vt#EBq-L(o(P13kdKlfX(IK?R);jWHM?{@00XD}L3F*O@axttzVr^nj+W;dbU
zZAbU=6vsbMSc_q9>7QCBsRlYZvM1|%ntb{t&q|jnj4wx?A5q%%l5|wfeAd2jvv!17
zMfY|=Nk-FxZRNMybBf-}Nac%k1Y6e0HP{`kAWU=zc3DwA#8k$^RQ%iYVw={UrB*v?
zML9KK4>?&JU_$F5DrSsPT2NY(f-(+2SXF*B0M8LU|J+^ap*y9k)lq46^ag)QPpi99
z>qzW6(J+sfHNOX?7sCGV%I<}*sjlbe7LmIcXs#9TA9_*x7`PnYM?C2YFX%PZ4s}4-
z%n)`&F9X-L1O7u#L~WnvtR;SgN#&-^5#9q##D1mK#yp)P@wX-R=_;$EA46C34DnCT
z;X&fv!w=nU7y>)T#EdaM{VnJMhPEG)zVQm=!=NQ$3T&+qlK^~zTCfE44L?NR_y)Ou
z5YTu05RK{^Gz?F2A@d>Hg;!t)7EJ}h*7*<}=^G?oae0c)L4cOzA2j>~B(0(d>M!6G
z;6@~=Vh!rw<rQc{BDqkAqSAtmR{1DkX!0S+fLA{rQa}^fN+Bj$gF#cl5ZG!aCIR^d
zmB5o!u>|!uLD-NUhy=C*iAgeuNwkRN6iG;uUJM0TV9*vm3FzB>h^FBc@PsIq`w(rx
zD^LfEwtyy}Z}cHL!#C&%g`|qSKdzNm-xHpsnl5O#oLB!EHu{bxsK1k#B+w@aABDvB
zOHls=F$vy>=+dBmTKz$9F91oOZ%`^6i7jJLe-SZB0i=LTVoMv;e@9HB!Ye@g9<32u
zU`zHx^qOywIts~!@P}wBUIAO*pe<;$V3@{Vr@~|rkNw?jp86ZHL`keDBz8z>Y`#JI
zq$F&=zFj!s8Z0{}&xTO4s?9Vn`w{)2eMEwMP-#TH+4g*V*WOL)^2zATj5ArQ{?rHc
zjF-DR@D7e>ThBdJ>P&>Yr{E4LW82O>z54c@(Pa-G^VTT^n_4Q(^}DI<db_*No<X00
z+xgwg!5lF|8jX1Vjli3HY{^ZgkZpU(`ttYpc3v0G#HhJ&s2fU!AEf?#lMhQc6AGb|
zZ<Ti7H29IpT3_Rqld`wE6>nqZIMh_%u)VBiVCX1-b#A}n)hbKr%wm&Lv%vjaZ5Al^
zGMDYHEhCaHVN-1J8Mqo}^@i#+p8Qnm>G80)xo73$Nv);G4Lgvx?O}BBIpdI$Qp|rP
z+mZpe6`*n4+fZqldf13oA7!@u+Y(JF-Ko*h()XA+FVgnZ=1{u3ba$3iZ^=|zBz?rr
zncHg^<brH;p{m)pcIo=;4Ls{@4{6|}*+jjCIy~pUYc)*oyEJdXsw&N4v0Ym@Bv_Am
zIedaLV;-xc{gc-cmT-yi9H4Yj-xAXP0AdcfS>Rl9&FHe*LQmpcbA3s)aHu0)Hf|l_
z>~=E<c@Zo3VnFRa`u+j1e*>&WeENcC-YzXwo2Z$kb47_<fX4JoXu;zNH@sI1i$HAC
zxMgMAYVv*Z537kKrr^~|H%|nKJQJq0)jXW5^wKw{Q`GlA4W|N`0=cWe+Jqwo&^1xq
z`BKKwr6?H_y7#GVnRNS9_lvV3c{O42Qwa9~ijb%8Y~6)HCddYps;a_kkTpb57MbBS
z!7Njl_Y;b78OC@P1q3xQjuT^by+>KCSBS?sS|&VChE$`x>;i%Na0GdJ_RF&wG4>&n
zQ#kBmyL&CALRb_jw3A=&(`cuNV)>OQ5-uo2?^wbKX4LZvg%uEIWV!MQl}e}4i)&qF
zYh^4HIKZ*4s<lc4^1?GB4vHGnfMU==eiO(@q4*%nwRl&a4&0KQ<ye$4V_7SFtk7QQ
zaiCPI^^}iN=z9>wUJ_B5bCAehCRrGB@Tsq8>Hx{@poG0(6h!U7YXAy8_;s(Lq3BhJ
z?;yBc%!#3JSNDFP;5bPG#U_!t&zc&z`^hs_%^J^gNXpLbq;u?&-ZL)n5)N{5-k+jJ
zc)E=-X9lkxtxK}iVYOS~)j^(fmeo-XXY$jH3>V<(pVmjj(@iZGo|m1~<JtK3r2|X5
z`eu&T=ZtTRoa&qVRt}#xPVBrKZkpR0VV8YRKHpThb#omM+C?^#FUOpGyQy*O<vL8a
z8*5fMfd($M?rGY3IngzHHL#sv0Ov;Rax6Uyr3(wo3Jwn+?4dl`J-_o5;vEPzReJsa
zPM{v<-=nRF1LwZo%dGI#Pe<<eIZ!?MS(au@TiC0uNb=-m%pN<yu1q{1n!j-Ay*Ny*
zfUDURZpOL5c1;PMnm4l^_Q@xpDF>bvt@cdVc`qoim}?YaN#I@rSo$f1Fkfq?3k=64
z8##${&&;LTUe>o)>6%JdzBX=k0PmXZDb`*}zVCFU&m|}|Gj(PERF<B#HU$7bynYF>
zdkF2C^{nibjkPZYHgc_eR`>es^`PKYny{DWnxt8#v}biC3OUa_uYC#x#!V}lgFIpD
z)~flE3ET^Jjae<J-y;GmKE<r&*B=tN7OduZ%{GGxTa{k2Z}zpoo=+*<nWzW+_Z8gP
zkq3JB4cu8$2Xgl{+&N<hcK0o#lL=rVc44iFMs_J-2T!CP)_W)}HLt?my~rzd4_>3g
z(EDG{TxDL%h&E6gnqhd@H?qr_4V^ap8=4V#xHqE96%9(80d91zP^}3qysO$)K{r*v
zX}2E8JoHA$nY2|#GvFo}xahWmw;2xZb%|;Hwki*qv#hwyrTl5#9l2V)F?1nvu5Lwb
zWm^?qRkup7?@-(GIP%z_x!?wKUt+ptxUD%;wOX|*tU9flT7@U<m)>}uvACwRjI3gw
z3R{70V(LehPL9tUUD{n>Tf0_eP8*yiIS$iqXq^{U1y6t7G&?OkbPb)CIX7xf4@F9M
z2N%K#FaMzU7=a&#AA%o&AB-Q4ABrED8k8EA8j>238k`!Q8k!oZFGwp;MT$k5K+-Nu
zEBqX^B~T_{OX?E6_fm61U@h}ysoB9bKQODgV1Vrh<4-@rU)c0NwZHR1^D=zIz~Jp}
zXrc@;ac~Hy2>Geoooc75#IPI220NThaUq!i@3i7}vwCyAdb4`^0wPkFS>cz;U{_eX
zNh?mb%;Mu`%G6;(2$$_LmB%FrSIq(aVQLW?H)hHflFBJ(7{@jZW9r344=?H!*DI?W
zS2itSn#IKnFU=3>mDDS@8D}+3Wl~_CVOmILOKwcYAK{cJBa@0LPbyc*{5DQKO+87S
z4;r(#%owdi)!ShR%Cz6%l$yZ5dkV|`dhx&}Sd$Ian7LQ7$44u}LZg^VDLa6n--5PP
ztQ(?>&{)(js~@cvyI>`^+Qjd2NV{F?7F&Np#X`aI3pVyM;Wsm?!#7!gGo+zP{2wLU
zAXHWMzLTP+vL>h-`!57m6j_(YbPWvZEM3;n%aXleR2!@G>Grc+@uT&00(D-J_Q7m6
z-$zjep_%Y-v|+OWp3oU0*p)%E2qqGmITPgh-N|c_OS`vFiCXKS^zGe5&ld}J%1aW{
zh2+D*G?Z@=B0<8B&@Mb)@R$7V3_HTNphTigqM?^>$^Ay3B(?z|h8H;djf49tJmnL6
z8?)TeUGDAuUUmYJgcAkANNsGol99^er14j9{Pq)OAMZyaqu1i)6N<#JAs?s65b|-R
z!YGpH$-*j@<t-^?Z15Vx1p?g$xq2=cj&ygr*Sag$7>{1o9`7@Bl#}>hD6O8;QcVic
z%VP?sG<IS2iIdoTqX25sEN0=uSAgvS$Np$W4$rM#zxMtR{%3fi=V)Z3&#0aT9fL;~
zUU+z(IviU))LW;6CG&7IfhAnrl&C6BHGJFW*D)u~fyFsolo9yFY&(zx+qyLIg1Kr#
zm+5%y$YUO9tPt*fytOH?;d_08wJ8(fcYOS{zbV7d`h;s!$)g>;ckAS}{*>xh%*UM7
zB+YM)sopkJm$bI4CZn_^@Jv@}`G?3wX&N0Y=*v@a>iPUeOMvb6%t_@I|Kbe#`J>jb
z*3)obc9F3V+ueCamF*poiwYAKjlhssXj=Op!>mW1j?t`+pYQ=y@zTE7{8T~25%wdk
zF!llOWzm~>fg8{wQ35Sl<X_N<et36wqXu-?PhuN(sZZj}b}@W}9P7ESPcfB&BN_nc
zN<`DA2K>U|_tfoWKp)UI{0Q(DF97XUC*mMwbA_MVee(GoH7tis6*j=<U-a9bTDF0b
zv!BIZaU$_3JIpJY@fioVHBDiMDl!_j<gMA8og=erX5|X2d7$<{e5HYQ-tV1vW;3ia
z0u?e6vJ%j+GxiFY@=7C$BmT+7F2#B4S(NgnzD>o*#cP?B2R{#3YZTHH()>q@5sSsf
z1r<t~5Go6i2S4*FcrOz3_bC<7nopk3nY`hc9yP_9FLhLK>(H!KEcJgf)vBe#m!4Cc
z3m|cMLP9CVE5`f%+2JSq8x)Z5OsBQLiuejrM6p_-S_gxJAN#uqP|mcBH6KA~L_o{|
z?Ex!mo}?^!r;7&C!=HCpLp_~>wBCm(35|s6?CP8Mc29pkLw;!E<V#<HFOM=>>wr!F
z!$HsPPVPyMPCATkN#DhU&Rm_;N_1+~X>1RzVYB}}IOE#9um<)ALH2zvS8-PUdG984
z;+8vfvClizLA50w3yZ!|UGWPI7UnFnYg{L5;igL{9!?{4W1p>$?>-B_t3(N&R<V88
zRTi5KsWr4vR;xoW>szcwft>E$t!MzMoLRsv0UZ9G)z?q~&ZdF2zbX#7R%u!zNOs|{
zBJQqps{ahNhNtCcQ1=E|BbRj{H^A4gvn+czTce(IK{>-k#v<g&o~z0fJLfoqDCAn?
zS|Ho3a#K(~J6(U9`1F<E2sid>4gtpgqz^yFM_Er+cSu24Oe5G`D;buIxz3beIv7lE
zlgmw(&P2v5K>RsT;G@4tWDWU5Au5L+<CpWqupdt1y}5KE<Yf9EaKwlE>BTWw*>QB?
zT{ERhtix14;#EMa>58336!~n{VpMjW<4PRu7nea16h(|9x}uT0wu>w5!9IyFV<Yg}
zh)4R`bmMsXz;{EFb?I+}kV0nOU1%-o4PCVJ5}fP6d8ry}Y!q}l_O&eu;dHv0>5=^s
zIV1MNY4DKxe0j#s@8ya-b8MO%!JfUL+rf5ZJ=`2!^HC<@p7{V1-w=k7U=r$s^!M3(
zJyYlyo644)GIr<<1Ae=hwxL1X^?p=e0+v-y@ENvgtrLRToZ^~;RbAm;NGpY}u?180
z4T(qlkz8`~!#2C2Y#ym6NL;bdi3H9--B=8dWJUh0o+-CF<_-zdLe%Y22gK<-UmVb;
zh;kyg9@-BW3EJmv&thm!j6;usb<>8Xn??qqpTw!c3}UBA;#G6`Jg_9}3pGsTtvrHg
zYeRD!O$s#vrfKyoq3aQ7RJ$yQ6{m$bOmm=|5}KuoZBQG@jT6j^IBMm^Xux^#_n%)d
zwB0M<a>8Jy4~R`2(6{pDzPwi{!Y4&v$Tk#@lmeAsl;dv}2@+O?j|W7!T^OKd*(D*_
z2L@<eGkkbk)?o0sZO8hqZ3+{d=sFL9f}$u=Ws#P0k(RwiW4cDeUgpM;1mA)n-Blyg
zBKOat-EnYG^j)L?YEJpLy$2I@mdajib10h)78{OWIw4)DA08(-HvwNV1F-pj$<T<C
z`N|M{`h~Rh4Ay72eS&68xc5W{KN;$u9qJ<<zg06qofmTJa9o6P94D-Zx&Eoqe<am!
zsefankILxIwh-!GMj|Y;nHW=DXm&J!G0jN3g;M-6JvOt6o_H*3lZN5l_b=UWMW~-`
z-;2E4Qh}LNZL<pXyX1l6-J*DoL>|s|Vxw$x_3NH=j597bQy3tfREms(lYJTD4q(a!
z?e=PM_kDl{2CDsBYYFA}*?LSvccZl|ws{merzce|0Qt=W$uo4j-M8d6gX~ivT+ioB
z)?COtm$h3KUseWxGK)1gpEXy^CMbusTMqvt1xoOzz$*%reK~x_TvmMnoBqU&DEOYw
zfDrzR(~z4?=yy}{mC$M%8KqtH9p0Zc^Pn1jl23cTF-EaCJJ8L7&E@l&rp2Mh^b9b$
zEp4p$fS`kH?n7`!h3~gH&yr9{aKa1U;>Y;j3xkwCAdF3Kh?RkMzNu~9XLhcm&N|0{
zsVYO=(Py#d2+6^C0s3IFifTH?0O@v$5%XY*5e0Xgkx)2Yo$NcQDjA=iDj6?5joas(
zK?4N830oF3vV=k85;huO6{hXCHn~gN0o)?!MtK@(Gvh`Lnn~M0)yVj5Qx8>7X}s|&
zJ`0M3Ld`Jah3}|)H&<_r1m1CNxxmz`Geip2CDcM~yj2bM_+T-uyNbcd5c!sFSnsXF
z`^6n!7tUMV^f$HiQhsmlR#D-)Tgcz*tRjNn`6@E^aAG9utimSirNhwBXCTusWI$yl
z8ddlD@w!RSuk{ZCh)$>XuxmcKF)tQ%yEo&4VHOL2of^s>YCrRq_O|eqiec9v&qOx8
zwds|aLA$HNx;Xm47$QzQ)sJ8G^V2T}eY}f#9ouB}-u@S~h-0Zkm-(3C%5n}JtzR8j
z2Rc@!2w6c<6UI&?s+FJA%vkEi8C4y9_*5MOwrh^wQ5i2_C{8kBDo!w>C{8iL%tCOS
zon(AFJHaSpL7HHkQ>vaFrvQP;LU@S4)J-)WL|}Z!d;DVvp*BW6yGOxf;f-zK%Z|+0
zw(Qt8<geV=NCCIncMrwytqoDGmT2H*-Gj!jRXo$ZH9Zo>p(&G?z#JM&NwsC4x`wY7
zHdKonvo$^56kxbkkQ#5L&v-P7>xC547WrMkq}zen2dS+MDS(W&=tDBjG3m~Q(~!~I
zP`cU^Td7}_Sm*jM$5c!SO8wu7&_aH~_cDEt4$8VEu}fydfwlOIu*lC5<aeUZp`WoA
zdHGwMXGhqO8lb_TRw+;^<W3hKO4N<eJ=ds?0*oBmzG#4aRbBt4(h*o6xHR-Mc)aPk
zd2I*VEgOx7ku9q)7*|MI+*q%Ua}(h<7H3D)fIz4d`2u+;O=`Q~eCiJ8QJgz8qsM9;
zc#(2D@`&k4)gHb!db&<`k#I-#$ovfB724jlwn=mrdHeDC+l%@*+O$s@WdC<!I9%RO
zSANMppmnkaL_(i0#?VroVrQ7{@3pex*U6_b58xd9U47c6wTy|GKH<W@<;xsbhWiLD
zLmHBuW&8y<)T+B)H_7;`YUl;7J~J*D4R^n?5T7q<%9Xw~s&<MY8$B@#d%|RIWsD?z
z?aEj_Uustq`4b2O6r5$6XNtifYaws(g{)Xs;oAXAm_kqzJ}9%T@%IYZsBO28sUfwk
z6G7O*T+H{dI=U!KY#S{Snr}{lvL`4x%PS$aPG*BE78Fi_awid)%PaA=PG7c9C<a%K
zZ&CXfkD)#E50nR|`M=4bVo5|531_FN{kYOP-)rCPZ10iE;Od^3{Zhm1V8Ver=~$C}
zyeB~8loS6TJESHzL|P~me2;xsc_rbcY$dtnvhqe(t?}ih4eQ0l>v7)c3<;*D;KQQa
zr|B-r1F7hHxyXCDjQgpd_ft{#Q$hDriT6`}_fxU=Q(^a0srOSp_fsFA424R#HMqt?
z;>t7yTJKD{2ldjg<@g@Hje8D`dluhbwZ8)??R$;L#JTf&kCCR4z!E^$kXP4`AC9M&
zJY)C#1~?<1au>aY>W!_`#m6xc1h7O%Xg61im}}J$aeS}ABIqgBb(l~o`PLK+Sx|6=
z=^@Bd8KEpyLdWt6s=HTLuCf}Njx1!QN1s9Pi1ZpAHpsVIX9JEw4xcIli##Nz``ZSS
zO+ez;QOw;SHr=vBI@%9dA)!5ax>*f;>NI5-bD?-WBO8h~femV}`(oaN3T}Kp4{{dg
z{G9%AENHhIapUVb<cMW=N^UHzkn)$^vWu6--HVrTt^}kB;gO7f+~CuwOT5QCw?UgP
ze5f<qqE2r>+inKjD+-sWr_pz|M9AsB=SJ*a!3#Vm@VxKu@h=(Ae#K@(c6WO`L-%f=
z3o{uJU_4HW5a-lYpv+#Cc9A%A6VdD|PCcVuBWvd&bD06z{+jD=OL^y&;IoZUV<kIJ
z6w{Kd$d*Op^(zXsO~m-JzUb-Z<3%43UTuGAIw`+=>AYQRg&uqx6MNs<?RCrY*~}w_
z+A{&aO(Nsy!MXJc=>-5hC$~fYUPkOS%U@;{LdoI74ZD3gCACGK6-FL2fE4C=F`!%Z
zZZm^MAL|a8G&5$4vo1qm&h=$x`E+ft>pAVQ`I3mpNccUqVZRNk$(O!&{SNs|u2FNW
zZ&Dc|45N+<^gLjOyInE+txiWf`$N6KX9Aw@s5!fwx7j>kd#Rkm!LrU`Y?lPHYhAD<
zO7s_aKd^;@Jt7R`mFIM}3i2<Ide_1N+Q#@ZI<Zq2^usDGe<$j$h<ozDUKC@@mg2aT
zaL{8nGDu#e@I>jQRi6BA&~7D@Lq9AFql#WL-Ux7T67ocsVu=X{vkl{yj2Z0catTlP
zare~X$WSC#3tiZ4DAy#^>icey<5fun`B)70_K)ow##F5Gds5Ncg5Q*&#%5smKz^fB
zCK@>*xxkBX(({PKjaC`a{xnbs+Q0sixg>@amu^{Q2>*6O7Fnn@*#NQ&##+uoAb3r>
z$j3O8o!{HE%16jKXwWrGb0)IgCO=*0$5DaSj^_;VcV;+g<acqNya@8XZ~iS_IT8KC
z|1X}ruX_t$03}+c==;KtZ;J(f{{KU6U0(9Ganf{G0pfe@=_<ow8L5{F?KOme1RBL}
z3CMt5j31nswcpgV<brg~LJ)d?eU%Lh0TsRbsz0s!JqeGtHeQ|TxN@|fz)~W??jV}}
zquBkgPwyw*|BCRsxRCT1Xqy~}?PaD6OWyK(Kb)>Vb&SdLrN^z3?A+cmAUGv9YdDVa
zlb#(05<L=@o{ckQ>yd!S<u-|T&k&A4x#Wam5u@&6fLZt#C>MT<Zo!_b<MiofHCIuq
z(zY*y91daji(k6Q3$7yO7DZ<-2uJ&K4P@0-Mb~1x?VCGdYo=ps60g2Iq6!aaa+lFp
zmAG?qchYhesabJ?G(a6fze<yYKr^DM19BG^S69Kk5_BRD26DIz7gmid;oU=hE~ExS
z6^a(zUh3!ML<x)?S+*$yR*{3>8#<rxW8QujWk13;UAMQZIZ)LVoB|szC8-_0A1g2c
z2R22rVI|kQ%47<g@I_oV6|flhG_FYI9E~-W6M^-T#)_;D?eJ8W0th6QAFXpbVmX}D
z+nk3FeNhfakK}LMn7JKfmmA49El#Bn>_Z~CnGN^0wwnB(A_eYHTI(fvs^|~*8zfK8
z+e=IGmljw?w~}5Yr$nlI8Qt>2oA1gLt|n13RvPB}tnD2M$5xUS|Lj%;u{CQc+ruXs
zvySC=ZiUZ;3#mFA&bKts@6<dcyWZj1{~l$dp-H+mJ@&7vukFHI@oKB`NJ&V*GjPMs
z?Zx0}sJc?AYL(?#HakqN@R;kGV-hu<Y@R)|xT%)FdzzeT^{q*eS^t@s@s?$t1oIbK
zU7mzO9<dE2v!iMJj10vWJePtX-KF{B@Y~-V2AgFzZpcEn8R-+2myc(w)7~tu7l?DQ
z{ia=cloxe5lj@8FmhS!QtDP~2;!C_TG){DKQzJBnb_%&a?w}N6b!5f9eW_QmjG5qF
znVOP2baw8}1KUbH9|_(x#Og;*r;A)@Mo!nn-g?^XdvJ{p%%fG}>7pKy+%>wGtZ-H$
zHf;vx?v2eMWg^9?{utr05*yyT&uG)_`1yA2A;ho7%lYJL4VlA#*$#pI_F9!NIZfXg
zV89uZ#-wdkep`d9M|TVRwK@64x+x%VBK(@G<oawCuP=dT9<t6U;#x8?;VHHNQ{zZo
zI4(!4O`zIC@~|T|#Byp!orh(sXo@nUi<BcyeK~Gp$y|vE3*2-HPQ?Pw&>YO(u)1IT
z5J}`WEviDOrvKtLl^dZaxMtGYV$VXOvdVsQn?A(Dfo-|w#=NPnuW52V^{$!1<Einh
zf6kN}cwqJE>MnhHG?eyheaVca;t(%#q?=PnSyT2BKWJQgrWk%yVdqea@+^7Rd1vH)
zJ!?*MqlzqW+6c?7gi&kBvvW}B4-ZJi1DKG_UW_?=B34sMx`}8+M4Otl&FQ(b#elkF
z`8{mW2RrTsCr3FH=aX2eXQT|&GbVmT0Rb{>+uhtIn#cgW<)3|qfg&w5(c<m>&2KJl
zre;HM+rhV2E^@e)*F4_RGkL{CKnpimvOGtrAJt~~g!)*Y2vrLlrD=G8JX)u3fCC^$
zJqv|_^Blq1wOR_!&!t|n>c4peYvckC0(QsDIK9rQ;-fu&_n|7QnjJ(+x4Yv2c-%#L
zf@e@3`nQ^&ToV%4@IK=na}e=6$`2fCDHX|_$nDU25@DAO%25I@<*E{u+sO-Bk;KgI
zU(WPhq~&+)n_YG{T6Vi(URv~eY7yCLwdhRLJdaL(a&QYtv9B&I*qbIAWJ+?hpLa2a
zyKzyl6Ed>q++@j-Y0UI)=F^;vXG+RIHD?VF9#aPr;-A)AoTe|Xj5XI*+q)lSmq*m4
zM9G}pb`NKMOA5T1#dT4LVb)(OLY_19&mb!FbXc0uBzLs8kNgsPF<t*>l~fdDN+T3`
zXQH&Uuq~!`n;7fVz|(51;v8>>HRp4v0N%La(o$$$GZL8U!PKGho+IvSc1b3%&}dHK
z=rgqEc-Uwv*SZ2~Z|^<r@TIKFpV)LcJ*}0NHky`?sd9bWAXWY>F9N5~$eRQ8^0ngL
zS^1j8f#g~gLE)H^7vo*rbj?TknFljz@Cu;73$=4*jlZ1C?LKlZlSYzF!D{xhv(+=z
zWO^`;xq5PKn$_ybFCn_GuDnVMD+6E8qit)oOG!@j-Q@`0DGildl{<f*4j_hq7PbvU
z2#_XV&<8KYsVp~LX(g=MnSl?-QTh2V4bw_B^)^E;m6W7#_s=dTuzXkhu*px|ot>wP
zL6`N8+Cc6gXAH9`(Eaa*sHzkf1GRF)(H}n$v}&`Y6y0mPj~~(<!d9+_#9r7wzZI|>
zj$|&w^jPpm#+lWNU%T6AtG<YoG~SM_UjGAv*@PvGNSrA$-S81A#-&PmYAPG45mri!
zJ||L5FM}KKI^}$n74bCy6S{?SHB4n4o<}&uff^iC2Edpz@F^be#F2ITfCrHWAu9oU
zwd(*^7lrEFy}TzbSBI>Mj(y1@7RVydIp+#`g-p5{%wG#Y4u|#z(L=JCN7jh6wunuZ
zZ{OfP?ltFj=Qbo>y>AwJnrtq}{hEiGP4QL4Q&Uyy{Z~3Efp23{Dd`tGUUC~xfI^j+
z*|r@2Pwi8Nj!GQOKUJQ(+-B<8Q*3X?t6{l#hM8vC9cv};e+-2aHl{~XmL0*vIdH}Z
z(cTHzY@(D^m|b6(-29IJjE-1`im)HEBCx9qnZVjTgmcx^SZ(U;3aPtRJ~f{DWJmBO
zDAC@uE9N|i4+%n>c#vi!Ni-{*0BC4#%wK5hpnQZ3?~@2mm%LXdOGmnWm_-P&Xl_yE
zCey60Zh|OS;uqW5*cj>_rDYPdEkGkP;g-y?5qWHfbJp`(RMR|jQ(hO*oIDDKedGOM
zxU?m^y-{{LHcnDaJ=};F?P`T&<-V7;lJ<$xG>@z6c_SIHL?DGRI-`}J5zvNg=%_g2
zAtm+A()FPm(?*5+VKg6U_6PXKeqi#I<aT6#ymnWDJ(p)4D25jj3!q$)lJSG5P;u4G
z^`(2jzN6kIugNMX4$tu90-3G!EXMkS>(ZQJsN3B86J-$U@Zrgy=r7>Dgtxr~R?_E~
zb@d+rtdy8tPi@l>GghBx-xbXWTbq$FNBh`9+2Ms-p3QY05B*^}T4bb@(GD$qZ!VFi
zU1alB`|?5QrvxFrH__O=Fu3Q9iB|J-g=r@hQ9hIUabsH_|3uEshG8CR^Of6jcG*&6
z$M$0&|IJFxB>^g`NgVTXn_O1Aa45}PDCzF9_)3$>N(%2`N?zQo*SPU~=b?|vWR?$`
zqosj6NQ*SGVa43jR_$P=C)r()cdJ%nlRrCM3N`Was3+!EN)E_*Zs`--gGqy4{*VvS
zVG%HYf1a})?cR`YwbM-qy4{bkf}QP~MUz;@miZ8HR;p{vk>f~uVq)jVv)}Q|98yRq
zWQ&UX{-uY@B|%Ih0B<-~Q%g(3hJAq1=?!8&-im9Yy^~1WVFVO2xW_NUNW(Qw%TQSY
z*lD#`-Kmgl#bv{Fv3l+e80NsdOLY8}ZaQ^jR8KI}il>&am!kYjvWJ`CDAMqFj%MH!
zx!>1Np{!^A)Ra*Xj`Qrf&Xq{nU15n}Ty_iHG6gw7`~Awhm4>T#Ykii4hOj5OGmP#@
zRZW`pVf7ZX;#Z6k6&QV3hg!j2Nw!S4SKq21d_5J)IKZP|)3|ds|7DJx1LTA?S2vG=
ziuF=<jg&9;7T8Uc>oR+rwNJ2VyDbherGaLk<qxDGR=cguD*|3F?uvp`ayOqjR318k
z`M~1z8mEKYeL?gwqowk3`_xM&ub#aVQh!2AwTGK8EP!|(;M1Sl{T~G*dXZq|Wr0J6
zhl>&J=iUCuN(o7P0=1ff7IE>E2Di2s(R>}q!6ipHz$>i7a>zu}!?C<QHfxgi(enbQ
zU831d?y>IKYQ0`w>>~a{rANyb6@%>lSYYcHm&<l?uNNHGv7y7-`-8lEIrV@m`}&5q
zr`{2dYE_OpRnMAv&S{bIt?q1en)m`SM;KIxQ2}wF3Cjqj_Fza!gluhS?rtkl9S?3n
zjuIs$LoAp2c2vStV&j;WW3{8lOV>&z3+hS0=-ARRwx_kO3gpbz%`_!KEsV@zujY!m
zY0F(xbrcjW=KI@Y+|H93MB%_%3({rThPFcnm#S&E;n3^J<tn1FQFXU5&z(psN!(Ux
zD<mn)YFguqmi%0o7y;jd(cn;{RrWmG3C@?}LO~dbFbBX+xa+dxI&7lFlxUjBRo;3Z
zUO6j_)zb`(?yBgLcX$mHijh_+hpnk5QuV4(^}UD5H7@JHhmSJn@hi=J5ien@LluIU
zPo!7RW%Q3QtzfF0`bR=j6M<RbGXe$`T!!<9vlOg);vK8gbewzN_>>*yF&gF7Y^&x3
zcA*pam$A%etzT91v-g0$Q^?sZM{4d~D;IAQB2Y|MJ}NdB-0VkDW7BXz=7u6E%Tjnd
zQa>VAKK0-u)B;SILC)4)crt2Abtx7eD=<P>mISwt1)Grvd;{SGF|5}e-TA=ufRs;x
zG%2=+C*6cb0jF(%<HkW!Ihz+OEb_o<r}DKmT-G5Cxnes~hZL8+<qS7llPTc#O#0M_
zg_hYluX!I#z6#F*b3>Ni{@ry&or_ng*9g;dhp+rgi1_H<0U_<qZow`~5*N~w$vk&P
za@y{xdxHf9(OK928PmhZ{q<RIcmj@}I7ZazEyk(f;?<pQN3#{qleQ6jj|PXW*2bbK
zSBzOpn|p9(n%D?zA3M*$nB%n~azz-;MZHAXuk+Zo(<ZR;`r?um5weDtUFU{<hD6rG
zJu9x_;n<uRAWO>LI`h1))=a7P$WdGKd(Ro~b(fuZZnxXpfHWG^E!KG=)E2GF=h*}a
z)aG>VQ??dC=7fAnjcg(TZWU*P*=1h`*}BNW^fE?@eXDi=hn^ES2pQyd8##1HR9)tj
zKJhzEEQOO<{2S5fg4swQs1#M)np$+3d(JRShja6^uIedQqW;LLT+4ypa-{?A+Me`A
z(SJ%214+G(#Yu=~2vM#V8*F!Wre1QAwxq*1lh!CDL{P)?FwRn9>?l%gmKPPp7(wJp
zyx)<wii$bHS?o~u;l^Rlxh+p&^^P$z73Rc3!VME=gl^7|!blWnun6fVlkTvW44oH1
z=D{Hu=+s?aCHgRJ;eer<b%D?5c{)d<NhKN=ncR<icF99o8zgAmG)+^*cGL7{VA$gU
z$+m<;-@qzngX$?XGdz~WRwH1Jm`3DdFsaEGe@TAwU-r7fB>lv{Ley5Qy^v;`Vt8F<
z0yv)bu_cINlP76t$Z8*mo7ZfD8KHt?_DhN98j#KAO7%kZ2nK19=eC=X=#%gGV-hi1
z1NOsY3HIFva*hm7&7>HC=9;&;m1~%nmCGO}u_keMG#mZzH%GXhngK&Q)E*@+8r#<m
z&L`15X9~ztvu8J|de0lZ(M35*)K)F#1L3ROW?^+^2u7CNILsZMgUc{wcuq&(NXpHX
zteUNh^y}*x%O?D~pQJ!Xo>=q;vx5;9S0|?-&tQQaIv1ch>g@<68!3iV1ophev1tBr
z+Wips6^$7ah<~t))yDc1Rw$2*>{zo_oNH$B!h3%M^#Rv#c=F24wtOrOXUBjnaFu?{
z6PHUzXF340TI;K$<+uyhrs4$?C2;g%HWyIqS`eSUI;R_Jr3s@)YCs>C3Ys*e$3Kys
z7)`v>B7L#i*|g_&=vkKh<+APB@1=3}=CPMfSh+NvQ-SQx*i1+K;Lx9B=Vqls-fUBW
z-Y|Kkj8d%S^ibd{Pg(8d{Aq>C2{G>>9l56SL&J*;9;ln}EtlHSsuekA8j(ZZZi--t
zAnG;HdZon(G!ZMAKv&MGui*78o)IM+LymG}KfAlrWj9lA;S?NSW?(DE(;~K9W4jJ;
zXkM-i7m9Q`TmIOV&QsyoGav%XSI3sW^Jz?pNyDL+#X4vuEtCvU$0Ub^Dr#Se&~68E
zsc+M(ilAM_S#mh;xvzJiE5D867S2-P1P4AJr9`PwX=*t;SO^KW!_pa+46U3@LtB=y
zvfj>Tl2UmM6<gzab=$y4^W~NZ3+{9H`bY_>90<(TxX$-_?Mb;G-+3VZPNu<GdvO20
zBRz2Z6x$)p)vX*#Q%+V>s%W3(xS02m?pU8I?RIqco{(hA>utIwJS{SUfu+8ky{&<c
z#b44&*Ay9nk&T&{p7<}RMoh0p%uEl|ASMQ=K^_BPA!Y`$K?)2&2%CwCm>B?olo*-R
zh*=nzUny2KVkTDBSMgVhnT?nQzyK*Ry-F~?$}&M(GBPtlC}xNRfZ<ge%WEf$^sf{n
zq}4wZq?VPLnV5x%1;Ph1L)x>vwqkwlnc>wSw%1lnuR7Tv+97>GC<b~6lZo}Unt}ec
zPo~#43=ELw%q&1+R<_qp7#LrB`76ZuY6R0?ml%NzuU0Ta`v2<_D?|uVgvc|pvOt8`
zUcF*ugOC9FS1thX$_2i92VjDb|HuNE*dYD^Ub_LXKol|pUd;lq{I&3JGnQ8X{t*B|
zFa@%){o9oFuK|CtW`orHM<Ls*?GUpdnjxB)UL6Fm{l%2wl?1#hWdgjS^4C}<roX^5
z5(EDRgo*jJX8-_#&tLRkp$4$Mwqa$0C}v`L<+3ur2A7$hn309`pX+acSeajaVSe?6
z^>1JpSc#b!USVJbzQVxz8X4ACoB;IykPt50UvMBm{|g!GYjgngfY%Em&&CL;VPSm@
z3mYS(TS)aQ$qe!RABZ6#gfxKU-2di+G-aTF#qA$&AvDC~fAz4vhM5gw^K0ldi2pmm
zS^g)%Uz3_1@_Ln|f7SD99fbOi$$#r!v4Qybnz*lS|8Fe&EAua&|FPm9YghoUPQMPM
ze}~ZP;CUT3{|=bfq4G~(46n%nu?=$lXE3}DgVzB7u?v#?e_KFO`8Co1&2UJ~E9cdx
z|9L@j{BIUPlKY?k5N{!Q{F=aj%aDwG%~gm#=GW}}H!UG`kT^iH?>`y%ntHD}_qWUh
zLE{y#|D@MHdG+5YzZ&tM+sMBt|Bprg?<r;m2<niFiQzTkOu*N8Lr{cpUOk3zAin?0
zVP=5f1gUu~16bMq@%eB0)nkY(6J(tJx390t{`$(vNhf4tZf{^qCuFW;Zy;cxXQgjI
zCvISAWN!?)6G85W%>OAdKyIjzNU?BpBP0BK4|YyHa))(S@2S0Mys<oO6;-R5RGln#
zTBxd3to^d|i@KDiQ8a$J*&Iha$_7q5YM%u@aTO}RWbP9VoVM;pf;5ufcfNP5@O049
zKj3DFk2!AAHB>%+C8JvtzHsBHHhMN1O-<sk+YxUxbMb!r20%t)Tx4QaNT+tGjbm+*
z@rJc-MscPlqon!8<Y#LJ)DO+V(qxU}s3RT}YZtmVP7WRt7HQny?hMzHD^odC)+U#)
z_r2?_-p;>JSC};&Eb%EE&aU9UlZ=HPzv8n~v+OLeLYa9BS+H2(2sYnaRmU%Leox#A
zbEtG>zP96{zkAvD#<U#fLyDrMX6>JydeF&RxTAMbcuEddD@Y>iUAy&q9xKIQ4#oV(
z;}QQi;e~o~rJ55f50VNCgyvoh@d+hD-uJY~bt6Yz?gt0ROQYr<a*S{t@o#T24i&E~
zN?vlGC4QdjvdPtX%1PZ!3Z@0VjYoakpt&^ev19mP!*u{igdOWWL8kI#k!^pwzHIb%
z8U(ajY@#XlMXcZvbidna!$?VZVs(9&3AZ#=-La&|$pl#>r9`8VUwZrDh;h9u=QQ<+
zI&!Rq#s1GgcC^taGL?@N#KPG>!C&YRhGlvr$U`M5EAbPb=xMFz&e#{h6>qwIenJy$
z@nNZ&C`*-EXTPyyiy!Qs3qq_E!TNmjPQAkiNx3x9KqcA-Bkc_fuAf`>mHJOM3&O~b
z6#<W^)sA}^>zwhu$Zl89T*$Er@>YqPXI|VtH2q!H9Em=DMtk;xm0_%TMt8`!JEnig
zFv)O(-*KPXeIkd&_cBN|(q!xLn(A0V0JQC2wn^{!HLh(XWpC|~+oXHA>o%)1raKj&
z%|B=l0bO=p$kyk9Ug#d@AJnf6Y%PfrU%nEE`U(7aeZS0iXd*^>E_vKaA*wUDKU&;;
zMuT+ze}DfBmHGIDjKk^2wl%Nz{r#g>8Qb^3kI=TJKfKv0-pzKf&m%oq!yNrg$(G5A
z$K_O>MFv%xlU{|#F-)Mo&HmjEPtW%tP6_}nqPxXI4+JpZwTp>y&5)KwKfLW?R2AxD
z#m1_RQu%Fe1d|w=7@9Pc^fc^Cth0*2^nz)&E3f@C{E3DTQHv;1ZtUJ@_!^aeWWOj4
zw;-ykQnyKS-JgN9R~UI1Em!YF%JrcfX}P_o)=P~JX_iK<N&h_CKaC*ky3VDPX2foH
z*wWNIQ9(;dO-_Rupv<P{+EY`sZIJi1r;%+zW&gQGUMpnDaPqLmG>?xqMzotG!hjew
zt2DO_|IqxKq}^(^#GL!|P>A=2l~-xrH@hjAT}LV*b0?_~M_?o_hRHV<2Y*W6J{_U3
zfAnJdp7YPHseAfoLme~Ni-hT0cCJ4<-WjB4B<)c$dcB7|xaq1(2e?v+`xnyzhjrzI
zCC9~`*C>=2Gi?VLAxG4#h0-J-0ov4)CHE+ij7~VD6ip5=F(M=L%RGI8;?fG9rO9z&
zsf}xEnh#R3f8Fn22Nm+hL)8JNfTMH#VOQI;jn4$srwE0v9<3{(9KY3pinv>*u&_>n
zU~lVya<WvLSv3~?ixBJh@_ZKjGaWsN%U;3`zaA6z45Kstj?ssJwKR(T2$3%)O{m^R
zcb_AY;D<Ijwbv>FS-Hy-PKVO7h^hO;ot4aBx49~oalExHGXcYn=U=6I#fCq(=_|G9
zm$)X34M{0jC>>RM)Y7z=HIj26meRRTp80O4)9;?Du2v`aonZL3CF549xe2o>`-)d^
zu*@#{x-=H9t@!&Ycco<2lBOOm;j`Qo|9A^c=!r60;{d0iJM%mLfZiV5ZR&4lW_Ii8
zVhY=ATIlPp);1f_C5_ExQ_;W4DGw(&K5#>7UeqgcK8NCXRfg2uoZ7mVLB&NNX~jAp
zymNTvP_nmWG*EzOl-kkf;!loHYi%A=vpM+KpJ&1-1$(%~ez(BqU4VkFr2vh&XWisS
z&6A^mk&e;}Z^P^^D(<^WR^y99Tk49b)qSo2GGc2@(?rmk`f5}nwNX=HuCB)ZDGVH(
zei^4hYSG4zlfH<-yvfd*C1X?KTRGd-l0j`1I`3N<5SB5ja!x{vtVBDgY%cWSyxREE
zFRN$jkJ_KZt1MJ#HTK)e^E%9(`l6A!>81+)#N)(-8mWF67o6?i>pdIJ0i{AjC5Wt>
zQ<PhW{*TIzv$-1q&Xq>eJ7%VMTX;7;xbIQRi1BN>*T!25hNb<)s!^PPS{n6ZIhWJO
zj;Ml8G(?=(NGO(N$EsX$R$X)B9D8Pmh1LijX>$zgoS|N^Z<7=AuZxeUm)(j{?h_H!
zP+^h~moOdiXaB@|>9`5|8O$G)6_5HBDbLzqOZj9H8@PO<+X4`BchxhY0vLJMTv*{M
z#3(S}-+f*KbpIrd=`ldMLaO{S)nh<CDDVXlfsuRt%YtG~uuXF*`08TH&T;pkvrN*{
z#v8ieBae9E`N&WD!xWn+ov+0ezw5IpORf~oFGMvpMQq{e60-H^F=4{HPDOk*xR(pY
zv)DTZqNr@$W74yXYg)S=QtcY1Ld)u~O>~5n2|HS~QfGr)!JH0R4cslDf|OHOKla<E
z$(n$4N&6*d-@?fc@p_0C%7}$B<kNpv(5S%c%j@qEz)m`3Eg--$&N|UzWxkxXkp{Nm
zUH(RmT#7EwOXl(@uW$Kx<&=g`pG=xvqV(1>OMSmc4sUd^5B!kDxNhkS6y(w%tf_-@
zT^ye=p;KTLsd`s05bfpv9l@yN!>x{uiD)ee^;jp&dDrD2zNbjYRBl?@w9Dsuj{Kiv
zv;J}Oq%W*;y_A^_6@}iXh@OsmN-i^`?toH$`Y|W66KeMY|M*;Ge8mE0`^_CGa2&;X
zTo2XIEf*h-*(QZZ-ebRlu@h~n2Zd{aRiKkP<c4$}2z8pc&KVYgoaP$?{YTLIh<ZW4
zNc96M%HXt?ruWfTxya85e=<|?bjLy(3>yOH3EmqCsf+pn;Od0c<<Rco>!Jr|gUoRG
zw7M0%EBv(qo%um#?7xM4kmYr_I-7o6i2K#PHzOHPfCG^Z%)o)*6hD>_?|t3NLKrII
z1M*_U(U2<RiWCbf^Hn5jqjmE6Ncy1oK)=6)=X-zr{t`|VUKK7Gen;q+>4zO@OBP;q
zUQ%AD&i}*OTYxtbE$4#c8M8fRW?N=vW@ct)W@e9>nVFfHnVFf#%*?dD_vOpWCT};%
zZlwSFyHwp>I#T!1saDsiqV#k3WA{_{OADz7%4Pp+DOf^~A_f=1nhr+}VJw(Y4_}0+
z2qy_h5uXv3m9|QPPmnht0v-ewS}?}v16mv>83BwCjo^<I4b_#n|2Z|1R|Dl^??sxs
zM=X#FRQ!p%D1k3U;~U%~wL>5p#d=6U2+s<LG6n|o&Fm32QvL}AF$qlk6Of1weowd{
zCoPeKpPR-jltU;BHv)J>0ahE>3d19cfeV2UEa;PqBGLut{Xr~FD^5$GsLNfvVFFA7
z!A<lWuw&pCP0+*~@LeJ~WMvKhQ~H{_cN_duocs#@Jusjj_zIyz;F`JgJ#|M0*r%Y5
z2kxDvR|B}4Byk)5Jt=?$e2dW4f9D~@iM!7R+#9==n%6aQM}_d6sJEQZGjInLm<I7Z
zLs2_#BRs*wcZU@so5VG0N6pU!+*>$}hv=CG0SE95(K`<;0zlbFPQewSOazyK#|l+N
z!RHja2JYPh<{@y6*pc%SDcREV!$;tjyoT%b2Zn{iA_#%QDsb039sfvZkKWOiZw=o0
z(Yp!k0{<R!x+#WyiMM+J+zh`VZVS~r3Cse&A!;iy(1Eq<?srCTh!bD|IMn`5w{-^@
zU_o%02(E(o{%7Y6SOxwZup(h=G_VnA3)1Mu*64=b=tkB{v~WMDs0Z7NXQnMkjw(EX
zAF#Qw0<y630(=yE_*9bUQ2Ocu;S8T4P!q5FXUEd-3N8bgZZB)%JclGhOe&kNCNpbB
z#%oo$CNXPSWU(2}l6Xb1CRX=Xue+ZUV?yJ72NQ5P;1D4|377&<<N&WMDA{rKC@gt|
zcP}XE*?B;C9+lz;u0^OR+*b%cFC9PxKmP=WA|iPNpbSI1fip%Cj-U>Z_KOOU^R4-#
z>pc)M%!&BD!qa38Vh#LID8hAup%NZ|b1n(R=P=Oo<ZeA68%!Il%M6hYjv=<fOB<fU
zt>5DiUkXT6M_7VW6uEx@SAys2CN&Yh#|G~W=|aq<&(jH^_1AS5oc6E)>1FgQ1wMfH
z`jJbSH_cBPc{~m;4ju+@|Kt<8&*As;3(0EM<>u2CoW`V2#tVLplZp}2f|O0BhoCQ!
zI005DLG<=x^!q-$l|;YKZl_U!OxyW8P2kajRKcBsQ<$F|zLAWTz$m9VsXc-pjC20b
z!0u(mfEff+@P&fBybSt04Zoa_<0OI+K${Ub{ZBIA0A9&7g1LRs5d>ObxCjDaIU6K9
z;1h>}=@{v}bA^g$h+ABMSHL~~9N5~yWjCO+`oiu@YW?h!V$MU<hYv&erCsz&cXd7G
zi(xK1<}>6TEa8h~PGjT?=f*{}Tc{H;#Ru`^cfoS3xBtCG!7^j{M)zEW^B2O2Qh`d0
zw{KlCyie3U!d!TY56}(k+@0t&K3DiX^xSleci6qosneyw>BD7q3B#rg07uEB)hD8^
zIEE*0YX?R+Td~@SCs%vVTeEZR13>8}nR(@nbOK+{Uq*F_uay0!x2XIiP-b-r7K_8n
z9`FMGmu~?Auo>-$JJ%`tgon-BhIvALApHcJXwrJ6cxk)s>)L*6`D8T)^i)aO4RT^!
zkRD?#*amdsUT_vuCA3yO;jH8D*!cH*52WVy?r2x!Iqrf^Q5ACK_G;OTvo1}$$~XGK
zhf4`$mNpu`mqF1Z2eZq&7W${B6#A#uT&>(IoE2nt5=OW+H(k5}EZu}(Q@%yMSI}5!
z&kwvacybxo>=gHzzf1z11E#<;-F6~o0OvwAah<fP@N3>VJcOq#4>o5<+{Y#`_Y6!Q
zlG;4|{M}XC^V6kGfv@};u=jyE)rB@HIxRAcR2wdN(Sh8;bVy#evf1-W!DyWAGL_})
z2x~}dp1KOAdt<+I8&`UnjLP}TVJjdjDbIdavd&<hl4;<aQlCLmQD`8jyX%UX+O77@
z<o$vY$TY&v1u5a_uHZsqpTRMwu=qX6F@s@FosO9ne#>SgmAeX-#vf@^&;J|DIPi4*
zl)sVHRdkNXEshm?+qYG01<~`Va?AlVlO)5(DXa(GnfqiPT0MBZ*Z8~mwNriOsv*y?
zcWUPRTGaYV4i%tW+Jej4YyLG$$q-td!Tz)-uilk1BNaE@NZKRwPa;#m%V3}Ck*en>
zdu8fu+NN>Sl9e&95C4}6mx(vOi{`L-V}vs1VjUk<nFW*e?{N~j->3`w$xCL7)=b|o
zm`otb<ocRfg%;<ui<R0EElcEAD-8X|#!lOE=sBukScksn797K|qHjYDomcfcd5!di
zpmR>cHZ_C%loFUb?kK9MFp^7YrOj9xD(+nh)Ef<aUh1@!8|DjYZMehhS8fiLdT$ou
z|9qFA_AT2lvbEO`c`n+YD!QgN^y5Sn0*!-J&naW5akTha;?-T3mrSzWM1kW@F?fB^
z{DXR%UAay>J?xDS>s$T1AgIQYBFM^ax2d}N0T(mHrv2B~VQ-Tq*_VvS9Oe(<C+TOE
z3KUf+4L#H$s2zkAD4CvWJvL9+R*Uaw?_ZaGv{=5`edS+uJ}mvTZ2}!YiW~iSKmgu*
zLr2$pm;(G-;|xQZ!w7<DGBHKek8#3P9pNWor+fi~U!(zT=8r@PpPA^PS%wrZo(%!h
z_3g3CkW8P%oqG45vm7Lj#qh=g909uAlz*g6gIYzYW*{AOAt?Q=kA1aOfhhElD}tCz
ztDS0an0tf^62Gf6_M;pNU|RcouSC5!r3BoX^ue$~f$BeFvtqtrr(_Y?a_nL?yt@ov
zZ_sfPz2Ia-JK_|f_E@*TQS<N5ht`F*@~!+r-SgCjOpd%s_9{&{q6sdKsro}<xAcVX
z!!-5b-GWkuSm3eycKr+A1+d|Fu$`SVo}4+?jbqJQnZ9GZ(1F}}G$q#7aTs}x_73iK
zN^;HWzK%G;1ri+V1GyD|c#ZN7{|W44{8JJ_0rsjN%oeM%8=-P)-LpQXs@HKbWpJ8z
zeTb?Zk&1a1X5GNZaM}TcV{m+mcXE>z^C+sEfpkKlgG!rYYsuB)#^A4rqqs0&gM*lj
z=`yrY)TU#SSlzZ8FIAO&wQlbvy}NE-xdr=#S@Oj#B_rH{X8?I>e$)2HC12E>!V9Yl
z%?8-hp0+I<Ot1en94EAZ!3!9zOBpAD=wEgnY9C-6<c=K(SNW7L+<rN}M_~J4gF=}B
zaUA&P;vKY0{^_3jYb?&lE(ggRlO4DFXw+SzjYjWZHUpf;$i4oal0UTnpbB|E7pnG$
zw36(SIa6nZzNoBP*b?);qnJK#vtw+Ibq2MAfyt*3pZ}bMHP)!3stZenG)BYV9lQSt
zg>$GM1Jr*H`kR2cQn9a*eerd&Qqm$a!76xcdE3=%6tkKq_!%qy?e&_Xzb#fJ==Z@v
zYwL?!#8x@#NP%9VeCR-OTz^thQUVeR%7kusxV@@Q80e^uCZj)9W-l^Iiz;6tBM2G!
zo&06vG^*Vs0O672axKz9L9JQAKt2>bdc`VH%4UkrymRp6q*t?95npeRK9thHTuOX$
zt~6>EjIC6@>{^u)CQ_A9X>=c_eYOfdaw(LFWE<6jyBwwR%Mv$Pr@>r1^w~Tx0$GeO
znyu1o{<P!q&u|ITsUk-0tbUAWBxs?J``!pn>Y`pEIg)&$G=B3cC4DP@-dtn?(675Z
z5+ae=EQQ_gALk$Ki0nV#J4qMdE5>fq7TDN^EM-%qvMdAnk6J0yN5_pDRwLrZr?S$@
z`^xp?ETo&(z#+p)G>n*y4%~~)Gd`6~L{Slf=YBPbLxWnhcGbj<QbA)GK|+pQw2miH
ztJMkOk~SZl&K|lK$?AmQO5Wa7rFpJV9UeIqnX&4*M{ozRbo)Ra?foUl!0<+?7~&@$
z5+CF-K_;%={GLF)x?KmDted!xKsr>~7pp+6?<eq|EIoMuj&sTr8MI7XN=(XJC~iC%
zBxqM8LJp^cuY5fxk5n)3Q)_XTbS@q>N+`!Z5zBV5cVRDPWwJM@OZ|GwT{@<H(zrC)
z5%KBVhkwL!UQUUG9gR1t!aw{3dsld$Hx!ugg7sgTMq~5&ggb*&kHpJnCR(N0?f9LV
z&5j|#4Pkz0TMvTCdI+robLXsUAFLzn(ZwC{IRE=>eB2FFT{@q@rnAK%esso3C=dk2
zV#2FXz8hCd%aFNMb?ZT*l~T^UXf(Iqc#%oswWzToRgdY2xw5mR{x0KZ{z$g9{i)!@
zv;)gR0%ggR%icpLp=?`e`K<1;g`j-lyY=+BuJP($tNC&2O_!UZQ?<l!M-1trxGoJ1
zjg_t{8-t|krVSRak3{T_#iIO0Z8#fW%M!mcVs$E0+0%F}>*(r+3eHl_QQ0b%A2!tm
zSe<ztltP45?~dXIaeUQCW))6ptH{~Fg$~cPcLGNu+H9077YDnVTPKdc+L=Vi(9n9_
zqvmZuB10^620XHAK0gYfFTmv;1xkCu3TmkY$QxB>q6jWQB)s?9xS&uj$!Tj8<{07y
zBm5H6XTLN-;pYjKOdAojF5)7MknbqwB<nnoM+@1A(%aMSw>BP_gf5ssw7ERA2a!FV
zD$>;u&u1(g)$LLxi4a3+(KnAtDJEH-)5saP2AS$l>oc5?(HWS}wQNPKl(fgosJvSK
zn&cZDIq(GPuW*fG#>eq~`<`r_$9s;=Dex5BV^;T`2{6u?nM$_K^P{@z6QBT^U+!AE
zEePnq_kH;XtsOUUU1m!3_~RUSZkRTNj;!IU1+g>C6n`g2CX>x0$RjDb&CF|x@uv&5
zSJ)gzCnPf^spHD6kSD|MY`SJOX`8R!HcuiM!s81!H2t?N#H5{&gO_YH4|E!r;&*4w
z6}7X+v(hX(E|N}E&apL76*W3w1S}K7#%{9GK@#IH5ENbODHLjWv*gFphxMdK{}wIe
z%2NLdCBB+37%GidLA%0hX^z!`gaXFhn>66LDAQ5R&PyS(6$yVqL)6JZQO{o0G%s4s
zMXbls^ODw}rJAH{+-IuXoQF^0${*>7lS|=rPRDfVo>j3;MF}>)<@&BOa1(wXyj3&?
z?ILF-kneGNpmMIJVswAFk}6l4wtcuT7kkiHe|uE9Sw~mwp)|Ngftqu0n8TwL{iXq<
zDA}|jkP1?W06!9}DkXb4U#^)kx<8JszsSe%Oc<S<WZZV|uGAZz8d=8TUsZb$xQ^yS
zzYlX4jx?(t#gVS0nm#mNg8W39ElA&+u6pw91#_XYkGe!u-K&M$aed%rQTR7Ysy9)}
z&AwHWP+?qge%%9#o#uF=E_s4yukGOCLyF9$k#XugQ=v?!^)N0b`oo5EnW2**qthZ1
zC11TzRNQ$)Njaaq^Wyw5RYl9KcMLsMsj@IIakXA0fvt|h_CZNl#$In@*|@KVkml}S
zMZtueZ&zV0fgxN_f3LXrRybP=sFV#sML5%<DJ4U2#nZN@k2uMr;k#syrk-z&O{R0_
z4T*`E*t;|!5;s$4rC+sPjNsr_Eilyuw=-omKqQM{hkC1_LTtMaH;b7gZ1q|Aa4Fi#
zkSUx+3W}Q2Wu(A4HEz2gfu4DsZayjFh+%T2hK8|?h#IFkywWZK=?J1-b!{S0sFaD@
zJ23Ac<!PYxnK~87f@JN|7rJ>g(4^-!M}F72Rq_&Au1t$#V1b7arigjPAp9(nt>3-Z
zw7P?H;_BVBKKRR*`bwNGf56&(&l<H4;k{lpJK;q95mU8xU`LR8awN*zbBr(;ZP&aP
zQ|jI_Zo5oY^+Qa|%(-<V>ru_y^L)ci9-}?sEBr6|F(7zGB&@3j(I_lJ|CcQRb&MIK
zk**`yZy=Q-xy)r<d-MSym!O3#b(8E$9F~JVX2<)IU!4I{>>akq$4~|+;AvlaR(f1w
z1<(fY%J4j&WD}^KL_@a0_m8vK5$gEysa{cp(PH=*T(kaJdyTp9gp~Q52L#RZEaQ?e
z*^`G%V=d{5FlWcTvu2>}id9LWH~M%cTewP4DExaFw^7qN`pzSZ@-SB;HxB{r(~8ei
zgc>h**f7O91-rcCDXf*mlka9V1$2|8@N5k)-l-%rJE>IJEsU-lyQ=|9FAz2ayW|hi
z7K7*gkvejp5K!coRJDr(fktywra{m8abe*_GTP#>^sYXPshR5V@p+YMZAR`7ee{@b
zVb#P=`!5Pmqg;#hoo26Xop&NEQLS??rc_bgDx2|sPn8j;Fq+@lPNTiyD-8oRk5f#G
z`&*he_}Eq)nU_XZ<zEn`OT|BDR#I->>{POLSA-l=Si=5>4;rxK-n?17i=tA;5L^xx
z+(t2Y*A$%PMM)klfc#ueb<1Y!ZmrON$+%_oC-Sjgy|>OXXlB0bwmh1f%ZSpdjC`Zv
zGBGo=9<B-mp(?E6?Z1`!Fan`6s^Z<dom~GD=}q4j?Ey5L6iV`x81Kn@K}9WB8ooHl
z+_)&5Jn%<JN&XyJ?2h|^MSYPudSu6vmN7YdiU=Mxs%ARN``2Cty-|iwgi8=jD-I-y
zv-4gAfka5+-lg6kVmi8BU_bUIpF(8t+qqJ2fyWJq{n*N44I0g+HkHTL0>$Hn8qfR=
z1go&dUkl-TX6?pV8W`7fV`CI5)_gYFa?(=$k1deq<wcZ+>Wg(ricl}y3svwll5L;4
zhgU-Z1VWP1AT$kG)Cp@w!jt*<V$lk+-^%LH1{9=E$17X*Xo_FFUKw6p*1f7!D-2k{
z>ckA{T15#{FAuMWp&pi&m9CYEk(CPf+{sD=yH$v4S~$ggWiiqkUS{jZMKsj0>-5IS
z#UX|Ep#j@22eW#Q*bThc8yvGgqjyp0{i<z*T%#dWi}ZlAn@Eo<xUw$ck3#+Rr7Ku*
zEbl$jU{c#8l?ROuyWkzYU%XUg-srxx{H;|<D2o@qq%;t(rd{RR1r6F8c)UG~4Yswe
zT|}9UXI%)zD>V-$%cn-mMr)CqDb1*<wVV$6HkwX38zslY1FoRt#gC+Dtf=cynP{x3
zsnwmm%e%V>Bue*}C^~S$XN~K?#I;TaQ_<(w$j_W9N0wDH$Wyh6>Q^X13+FE!ja6J3
z!hfY6SoM}sS+SA(3zhCrbrQYeyfqwamjw2TbtTEgA(Q@A9NlL)V30WQ<<%~2T!8$J
zP!~5*9;x%DfpwKIHsgVCA6~*p({0&ly}cDDeq!4yd1e=ddOVifv~F|6l*xDAK=j&B
z*~WOeLO=G%?(3Ut3C=@#W2BHHWxD05fD`-aHg#_pE=i1<?=i}m+PYNdW+bgld8iCc
zs)Udz*U8XBD%EF3YW&k@hP<WIzJ4%IC4ziH=(SI?mA`7CY?C@&u}n_fGSER>aTF&y
zh^>^_e2z0orGUIulu$)Xr#1(hWv}a#<C3n!?MbH2AZ!lw1sUX}OR@cTLeqk0dvzW!
zHMNy3lc5*F!X$jQ`(92p{I$DnLbv2;phwdK<7q^@P?VRyEPazB2**$t8(O>(9i%|r
z>i$BQ8co-pHF>p~ymhh!%itB5zHz=_9+GvEmQ;|jFgoh`Y+4`JPE|sYuKU`=l)g=6
zG*wvjUTiX!(P-7X;{5%CiW6<}(4cAVcpk~1Om1M>PRHnxHnYRiuPUT`{42RbhYlV|
zgDIaL+Qk_82hwtoKa|FVrr<>jEJ!T-ifC+a2|=N#fO{53;4g3ascHkS)=MWny0fk}
z;q$yd9Cj0$ScoR?pS6i*jKefaoE-k)ZfVbCbVoW3dPkI{tEu|V&l9(&v#5jY!wCfi
zj_u~?{UZ_D!N00iB{M@HLXkj|k*9y7&y!B6ar#6BE2S!6F*i$3Y*salF?YPY(zqv(
zlTpN(A)R-{O0^(|xMpeKElVh>vu#x^+`^}8PJKdb`?G$YquGra)?f16)?4r15+&W8
ztwfkyRhn*cs&bvQ180w>+>n+F2o%u*f-RXpiDpn2fFs#{bElHE_AV5dMWqU>wwp?L
zD&XL}K}tLnx))QDs!m;r_@wK$_oZ}FZd4M~x?G-eY2^bD`~j1f_voqzU@Em0NXuFC
zmC5uU=Mh_v?kweu#q9N38&=}w`m^)ZT_2mXm^Y_n2<4I(MH%Y_^kRvAY>Z*C2_Udo
zpK>fde@d>UA58B7kCr#`w0oK6>NAGQ>Yn1o({a?0EeXc5A&!50;25rema(+7+&5T#
z$HrohZj_R?1ndJ1>~ASRo(^<~w+C_Ujl%^f^sjamn-qf?21);J4M=I0j^46)3YV(p
zDjd^yj+P2zX}<3t;mBbo=+}<ryjuDjk0E9Am&ck}sW<X)NtG&$IWc364sVECXSLvN
zR}}Grbor&FWbXWAq4p<Z9p&Hy5?01cpePQxD1B&qy~%g`AnlU=-OXKrx!dW}Crdde
zruL{3p=rZ_R$&g$5H6>#P~pZsYswB-W|J+!Alau5ami+za$w&y{WOGdUxNMOBA8DN
z*;aqwDJSq?NPZx?DMk{~+Lp)K&2PCn%M*Mgx>>uCBmW9>rNK2~t9^c>5q`P!Attxf
zfsf7%8(R~U9QeAsx%62Mxxxue3HeX(Tq(5c(@OtL*2jpO1x#0A*f4Q08%?{3`++tO
z_~`?!fZZ?r6;(?8iu#Fa46;R3@N4!74fWI~<RtbOECom4g+HMq`~)7K3+02U9!J9!
zOF`=%ya>kEMF_Xw5$_eeC|M+!ZZmpXeVP;PgRNf6RIh!e&p9^`D3|Bgh)<6u;r$&!
zZZ;~!ZFqpU_5>CXNYOCw=+~vy{dCH0XPc&}9?#=0m828tcC^=yo65bFBv_u$fFn=T
z0eC&Gs$}$!;1fE@=v+bH6L?=9;&){S=JcO8+c1~N^3pX$!Xr1FP~_Bzf4fz+dP4O(
zz~fj&B2fJ!DMD`$5~d?><X5IDBX8(O29!gS{ewB+_mIz}45sD#JmorI$w!bTqi@U~
z&1b97s(l~i*H>s{QAMZ2Z=gjBVFz7N2<<)In~Qp>lLuVkP4{2XXh0J;u=j{aVFz5v
zB;%8ZUC~ntJ@h-U9B-}Yw0j#OxFjHe+`i4yj$eJ7HEw!0jacRljr$@p5+;mZO?9nf
zxG^;OJ32KGpBYNRfhglloOLeA`F~o`1;r`*!>y$XGC;>o`xn;?Sh_C7ocKymo%#N&
zZhegN7p#NHPaGvDmUjn}xYfEJkbVPeP(Z)|aI)XG7<=%-bpgm>8dAhigpw#Eh)rz+
zbo#vF04EychDyE-xWpV%f5;Lb{g4=723k@$qmU3${j#o&CzmNne!qLKlPAyVJFko*
zmt}`3AFlC8P}jIgr7Y2%N!H!GV}17NeVb$tQ=%(+HWPUdoMC8lZ5a+!rwq>VBH^a8
zWYE_8#N5+EJC%`o&IjrRZp`0~qEKH;_xzWK4hMWm6$;<U$g)iANt~$joItPc7Oqsz
z#AUQTikyhK0u0A6*qIM0Qd3V|whO7^6D!p?#T2?zFO-#!Pcw=t66^(>3+{|VPT5qr
z>`HOwujP*2(i1da?Z~2$0~#mx#H!*jP8HTpPI7z`RC6pLUfL(u@iz+#JUMg9xA(Iv
zJ7Oxmt2IB9x<xj{!nrPPz+Wf{g;d&(0x!l?x}3_=Oc*asWAE2~E>aslXkH>Jayv#G
z8kIF`F81>u1n1fAbG&K@QyTgd&FQS+hJ|Yw`Ev#nj;WsA%gtCzi4L#svIlNZK|Wpf
zhRFsTHj0o*9f)GcIB={kCQY80#ue=s2Op4R0M4pk0yA@;8wP!hSsm*7*_h+BtBir2
ztQo#<75nf&a*Ag|Cl<;#w_e<s-L1C{9h}=vp*AchsbP-=ah{r#b)<<$I?~C$c)&T)
zEBYWRt$QwZi+p6lE{EtPyp$1^+$^bS^S3<dY0@aJvT2xU@xns6k$0vRcHq~yI8<9r
zABe)J@icdKYb5^8g;p;i&?#ZOFTtWwG@xHlS79Exi7m}buQW6)duCT!XSR`oW2o`a
zY^iMTPoG&CljUY(&_1M4J2B_Xl(0V5UXmj56B-Lfzj#T`-5Q6-smq}{f=noM+pU0l
zNGy%AN6NHn_Qb`g{AET2Agb?Or9RPAKlm=~dG|D%y0vaB$;El(mauh_d6=cMw#7W3
zQMufR&51_^v5Ju9yS@bH@@AQpdsxrOR9*O?AtB%`eYQV8V;O_X9aI6Sg<3j6Ay37y
zuz^=OYI!BH<X9?q$0Kz7wba7OKpYhKg_G29T^5t0uY`xvQ4%eR#m%3clzBNtGckR8
zynNISb-QVnb^hJ~?3FQIC^MbKHLOq~Gfg?+I6Xcg+QL1Vc;RSrwi@W3mX)3zdonc-
zHGd1~v}Iy)qGr~*S{3;EZaIzBSu=8CXLNe`p4Sm^-toOLw-Q%sYs19&%>3P^Tk2&W
zuveYP^qAxwQY!<LlZ$bh#PlN`pwl))J0(2`^u!EAbDX$Uh+4)ONb3;!z__hcE#>4p
zKhr75rRRN;`F#6$B9BhC|6g}!Yd-Zhk?E;<t~nUS{Lss>DFJ2gq|1q{N_H5CTSMyW
z8CDN#V?P|`yE=X@7Al+EEbV|B{7x>1m~1v3mtwte4$OM9l%#T0WKp_%)^w7<)$o$b
z(cv7oxdKKn?=%h;LWwpuFX=SQLHbRIi>mG-DdI=bH<Q0u6SE@3np_0$#-_(o#c-}0
zX6UJ{W|ysVIHl{Us#8OEAh&kz+}0!GQ<Rb^>IvMmm9{Ziv86JOM@JrquACst(3s3V
zpYH)1P0kRCxQA-0F+A&;%CsiCHI6dM-dV-8no8Oxh4|i86)qOu@G$BnsK~|ySb_T%
zT#>GZZ4UKZSrgEkt+J&|dP56#9Zuz#d5LmJVdL*?t0xZZ4F?&S$(Q6~Ib@&XBh-|(
z_`L2_J(*I0j^;*(ZV30xt1oT=PP&hHTnx)(n3*T!)s?qwO!A9H`UnO5(HtCH30xO*
zMsp1hPL=Yyy3F#Tx@`O#^pgy?M@Ox<^X!m9M-4GW1we;?4cz4R$w+T^9^F<?QtPHN
zBvpFVKr>}16$yik42=uvkPzk|p-@JyP#$b@?-9bMUsQz67HY=7Y&2DW3phf2QLx`8
zSAg1Q0R-Qkrdq!U)3YO@lD>w*l%2aC4D=O0mhLLI3&SgH#JRR#wc5*GakFhctTzq4
z9R9v6bzk$Jl9c-hjSR8GRnYKYw~zY(i86%ZsH5guXbs9%Hlr14krSIXhaz1_+Z7)o
zu&r^@>9ni3HWK}nS);#!)_x<|9y)7i9%%Q(9=F+ZzeBPM*pit$iZ&T#^MYZ67(tKB
z2pvg{%23?jCpd~8QH#hBiM^w=*A|>gABo*Q;E1iqW#e<VQ6hGU%XdncM`XJhLHEt5
z9Z3z!(1>LKW4nvFgR{pGn%a)Jqqk=!FrlzFk8$|Hww+oWV<<BhKI86`WYAUOpAlX<
zi^~RxWq@I00USyH<IQmPDFvn!Mqa?|w|Jvq**IeAVcA4t=EJZk?A_<mx74Hul(6>)
z@J;aSg#kyP`|mhx=p$tOQvxGyKiPalrr7r_`KGA%J)<)6N6coq=kj6@gER2&nd|B^
zMq07=-yzwO0Y~in8zC83`;@#>^7|EnQ{^LWsBDQNX1r5!`|mlOg=&pYjW{Fdei@@9
zt(jZ&2Q3Y&OzD71)=F3Q1G}3RRsLE*bCmHCu|gvwkS5VdV=-~^lz~mY7fyORc{@9`
zGI#6xK=RVp(0FMiRF@JRWo2UqGiHZ4QE_o{YU(5#g7`S%!h$Mots?aR@<7bwq%!G6
z1wmv~4FX09L0@z8P{BeuG56&vuuAweCW4ay&x|s4>9|ZJ)$_DLZT0ttSBe_vFnPWD
z8N%;=nt;Srx?)VfN)VTTk+*`SS0_|dP|@@qaIbip)KHKfUqn(#>Rr+D?c187oTco?
z%@rT6P^E2(r>miFWF70axx;@y%9g%k2C2j)BskD*q8H9vgw%AD%L)R_OULC#iHHh8
znywWJJ~+;-;L{ihExRhRGcvxzKT>tXflX?T#FY;<3SL4}Y*<py_3i{7*9$)$O(${k
zNr;OI3W_SSDrA<5kBP*H#FWF08zW;OxtNCaX0e#Hl0n5PD`L|Y3B3LwVkv8<O2Y4^
z)g?0KH@3L)4J)gfvY0)_;1+nk%#Dp3a>^-xw<nOI%;E&nbGHVv+-fAG%WIf~CMPuk
zi;Y6*LAMdS+(^-0KCiN&2PbzG;Per2%Aw>GgLNCSn5&jA9+yN!1*pT%9^tOs8zv!v
zl@#>V4_0%SQBDpE{rfirJigygLzzRLQKVvv!cKRrCm|uBPRuC2o%*6pm1dU1op>xy
zX!RbZ3Su?dy%0oBc`KFuZ3yL2s@QpjGBIT4f%$4=S^47&>PaxQv4r_4-~+Mn9T7QS
z$SL+yEa6iu_On;uxmd7SjVayh{P{-PW|Us0K`Fdx9OlwC3YVwL@J#r2Jt#UZAwJKl
zW07%kL0PM*F%q5U^XTv2I1rOYDzezMh8HnsJPJ~tD4DFpG<9Y5Ji+EgWflX)VIru!
zsgBh)I!;)%g8GF5LuBT&lp9xyJVRfAyo0J^Clg^l?*qN|XY8qvS(B+5fLfw0u$5jb
z0#%M#uRao!rOT$<_tyb$ICFX)l@+&wbU34s#sM($rcn4L`{|rqa#ZUW(-6_ux#Puz
zR?|gkw7b{Bxb^&b)OJC!&+~5ZdimktN&}jRzP`S>wjR4r6U*y`@}zb9Kx$hcj|S?%
zid!}ExIRkvt_P)-XUUke+~9I{g=IG(g~i)+*{xcp)iw@d?w}xH9gUch&$0Yc?Ku01
zS``SCCWni)3S?umtV?px!g?28TYtMS&*Wmo5jnVvadTcTnu&RDi9}v<sbe!C@h29F
zQcjyV?1Ki=G*14iLG#nvRylbsc`g3K<3b;mi;WmXR1;LY7PZ)115g5;J`#~!K^PSQ
zv3z*#{pliw9C^lAJXNf+LIf3s#nF^}W4c|)kyL#En^*2SQQNe$$rSQ(%N(bhKDkZ9
zwiIr4xc0f`@5c7J5H#hbnM~pe0_A(zX#p9@iXN>2A*4IQTh06Q&vmml(GH{6$Tl?0
zD!@~#mXM4S$(K>D^+l&h2&tWK3#%t8S>EdJCltFAkU)^XxTh`3*vqARpiZ7D*gPrY
zU{%km*yRg$(d^z;QDBR;a@gtnA}Oq7(P={19_0pp>`^Misi!IN94szX&e`nL%EJez
z&jIY*<xw;xd*v7Hi{BG-GmmD2NG6~EgoawY%)frQOiK>nAM$Vyhe-(erBr#R9U)T;
z-062d^DczY42nG(IvbTzSz5)%d`<RAwqKs=2pB~dY9X@Ih{I%3Y+$d&xM9jTc2!H9
zc<OYQ+<6HoAH97Hb8Kg)EWUj1mrgwub7o%2Btx{9_IKJz1V5qZoj!UVy@gBLI>*fa
z5`ugjm>UW&N01`>>pjmS>7?KIVsqFX$_1bGo&0NS<Rb|=ZS|%hU(;i~mcl&m(e8fY
zSVVGJga_4YrGeJiYJz><gKk~lTvEe;WN^!{?8IIx`AqUH;7}VdoHvN=^{z=YBz%I&
zP#}N~Pu=8@Kt~t8CP8NeVnkFZoTO^!99lcbt{?1Z2AzzEEgnv(b;W8jdirXuabkS3
zRNhJXJDKW;lquo$(tsmDEH`f}L#b{0{L-A}5{D?Eu&jbj<wSYjKp;BW14h|siA_Rz
zy6&;A>8S1T)~yArfbr4tR91bVzFwRrQ$4ctUi;2{vi;dYZC|O{t&^(L;~{IyL+$FK
zv)l-Ri%Y?sC99k?HL_DCKs;klGL~!DN$KM(PDkp5p`bJ3ilMx7KTv}1Ae4L1i$t#I
zX>+AH>@3oYWk}|NrPHU3Jp2{6paI%7weGWyEqN2nftmuH)hLE~+{ghm5_><-6^shA
zLElzo?9X_zTvn&&<Uw_i#KR17zwqxjy4ttv-w9NJEc9L6n?2;GfbqW+V^yw?V~7d!
z0EH^|&(q4fh%~lSIwf;qk!WoU>J7VYN5{mrattjQHTKv0#=>Q5GzQv}&;pX7-{{@m
z3lp+dQ%bq&qnJjW`xl7H(yAPKd%wMGR4c^~eg`YDvB^nxnC5x+i&a_Y8A@_;k-5uH
z?Sqf)j24%uunm4cZ-}EnZo}wp#BU;#FyBh)UCp0LJIV5kq5_9WrzJn!)`aHo&0ZHw
zihgG)Ggn3&b+nQ}U8XwEF37PozAJB>XK4FKOjW*C`rCBUSB|+A-eDJaUu57&xS3C_
zu#v6O7*>ySXU#JeyGVCuz_aDs7wxy$A08kbQBJF+)^i_iW{hRLw%#3bGd(S~R#JzT
zCsXt?jX9-TL|K%c8L1?m304uQOm`BqkUbS`aM+_BR84r1xX4`kZd5z?OoWeM#w4e(
za9!1QT)b%Afn}emdE0+_y%@dV?!Q5SA{C%;>dZJk{c+%G_gLEG$@0K~oEF3uKS~{_
z%qFvsvYqBs;IHprH7LDP1wXiBGl^<i%@;V~{M;O$LSp;QF_S@-Ye#+5OHGC9v*|$V
zV75K0G~sFf9h`PJQFS#`F#su&JcOpP-mzS%BDrlX@wPwOG&^iCnEFC<9w}573BIh3
zbY^-N=ShB~pr$f*)}+X7bEnv>z42R**?E9n|8;E3v_4M)aMV?nk-96A!Bk(($&l=l
zGKnpJr8BWZ)t%B?&wt0v&{SwurTigUuHvkLL9uU1Xu|SWZgP>2?JM9gWyW%Ff*6pv
zjKgJ2<>o>h^qp{K7U@WKTIN0#`858ep&tt)4X|#~>oDb;yQ(yrjhyu`)I90Ji9Khc
zd}UsB;`1CtHicuse-_GK?|e^bFsS<7$KJx=vQFBqPHGP)%HYN*TZc;4EDV3IO`X>A
zb;-$;5M{gU?d4LfyI1XP%D)zMwkgX@SD0X{Fn-sO?_67|W}sLJs&UR-uBf;c|IR}#
zpWA3g`-Gn=+L>D?A~roe`&W0R9{;NBX1?B^W)CYj7T|>vW|_@-vdrx^cbEm%9(_U9
zsYCU#tp^QrvKgWTW`xpU<bO`LZ*|H%>Rv$^&mXXq)D^$rK9f7rNYqeOl6dk}Q?ghg
zz$OwInJM8~X+hI%nY+~TRZ^mK{XSm)<-oSCP}fkM^Ho&B^w1Hmel%U5ae>{)aV+b7
z!qaGRENh4pOz@GNsPp*VZQ<fgv~SXC5#prT>C`tS$3*9K;4P4tdONzPaeyPR6`97S
zSGeI7ur+Fba6%z7{vm!`s!nw(Ak-x0&VOOHe_3emn7EcYvMGT~Wn9N_jJ?GtTZB~N
zC1BH9AM<od`GizAWspl?F~Xj39lsUH@)+NaH1u*x24XJ)aA7D@EF&pDuom7_k|v9}
z6Me=G<eFW>gc;9_UW0&W1j{S=kO^2LlT*2LpE~!qF2T~OrmTu>lAaex((YucP<o09
zLbQ?h8uv<!@d|w9vZ(kV(8u1};9+tkp<F}Rv$|v4gTI5G9psb{Oy3+5Ih_1UzBPdM
z)~Fi7fYBhK8(y2<ED{)6p5qo|Cu)l214kTnm2QHL8&3U~XwRf}@j11L!?fMMDcH<I
zRRS5++)Tgj5UG1^PDqDJV8GO25Tv0aC~4F<xt7oL-a}AOmL;tXRsNf1%f0{$?9%CI
z{W9I&uOAWKJoBG;ud>~^4<@qRG!I}iE<CT75;hdGPk%!Go(i3x8FvknGHhFHgnH#q
z21k%g1PkT8grMnvibFHwGM!HHb&(e~U=(=aTZ)zosB5KzxjN9<P@2Ahb1jE*Qg-n<
zg1mguXi|J_|H>CO<VQim0NSNX6NI1ef2sL_a!b`d@+|lcf9dP7%k3%~fkJc*M;R2H
zi<HzO?+TpMyRPr&3a0)7!%gL=2d;(4|9Pj_mPBQ})D+HIG08lQw47#xs(h!lgHU+*
zHds9g+vERN1-?8&hCsRBK^7n^;tA@ZOS8a_z0lA7jD^ty`!;wyaw#ljIP*+cr>07v
z(eer8&B$H512vAEQH|J7DVA}B&Xn|zmi2uI_sB!TqDi69aFS9cA-Ik_53tJ*s8#!6
z<!T)9Q*Qu-HLd~?s%kgGE|y4IKPf8q-Kjb#iB(x_hftS%dSyD^&_5-Pnd8x{>K(je
z8Jw(WdWqppx}^q6v8)NVvB}Rc1_uo<F~2e3$xN3mHBpRscVeje6WtjKy(tAcoiE5J
zMlXJ}hAg*(UO3GJV|=ok1tk_!B^EO}9<%gtatP{BK%e!+h?xb0WKv}Cg1i}{q*3So
zm{$HXqJsxuLv*W5Km+gA&8H1?8yA}#)nO6qf?R1Muw*b&c8q5M^3g5v#V`PJ|4P;A
zEm3`T?1bIfC0t!SYk}1Xlc$2(sm)gnICcW>gc%6?b)O+N&2jty>8{yN8o}^5XHR3p
zvpcFYKy=?3*wsAqMDVID7)fA`L<YM#2redc$0#TI1vv3x|IjHm!UQrTG?$sR4!?o1
zA0jZJL!lI25~aMJdjlNOL}u6iO?a`$2a!OS;M;4!xG0WsgcRGxJHaH>3Q52h9pxLd
zEr<{h_aTJNd*Zrp5D}zJ@8ta)hTBBT%Fs`;XK>-9!r52-3EQjhiYBfHK^Z8bi>`=K
zsSkD@pd|~E&Chfmgz*gh*rQz%{4vx$00iE{_x!UfKw!w)4lSxjEMM8v1`DY;2VH#!
z%#_JF)CWC%Ao?2d9r_ETII_P__Yx@wJ$RAQHGP+5yY~T?wHPB9U>>mtpWTbI0@WxB
z_D}=M9SnNi@BO@H8p#UD#|kQS{TnOTW*68KjAYk?733Jf4g=aiVP9y-`YckooC(CZ
zN3vy+)wDC*f!y$x8>%i+Y6)wv#)*2rk8^9&0IPWm>dE0E5G*&q1=eBc>AQJe31`UH
zgwxr(?<!LiZl9FP<+@CqVAJzo>RH`=4;Gp>JFnPP&HlKL{XpQn`8PCYD%VU{fp}N~
z!^F>^QT=53OKZ>r1LBeu0|T!#c*INDGrK0wG_(<$%z9W2W<$j3qpa5Tn88*w_QI&^
z68lkNl&G7FWu_?Ok@=cRaYu^;aU5(alsneUYG1i83UsQboL2DPB^drpK*yv4(KGNG
zgN{u6NJYnE`1MbvEQe@OW1Lx~p*ltClKB4;<q*;5`G*=}=%@@OCDz-_x)cP{=6lRM
z&7@hn2rYgZO8u#Th+zV%Bj#NK9!dM5hKTpSl?1E&gc>1+P;$_4gFj*|@XdkpQ1H~L
z1j_<NK|;j;m;ztBQ)t@^o>jVbB3C#6T_o;U3lPz`Hig2m>J10#Sn)&s<x2Ml^_Tg;
zYap^tl)_t_M+8ru^)#(Y`1nM-S}(W3LHuW8dkmMVtEixDb3l7~OFP0>6;i#b%%0l+
zGh*qJm>PL3%zcI|nD!deZqz4TxdvP}r~eJ2i+>N5XWyKfbiAThdk>Z4O4X}6h|me2
zq3464<v&Es{xU8`(>2!V!_e%**obCofwicaYQvoVPr-W60P_(cz_VAAX4jm3qde(a
zZrt&rMzi-1Q2Y~sJ#-T9rBT<V(a#7(9t$JRRvoEJmH4;CeQ%~#pO6h6!OJU>rzb=r
ze^T`Qu58b0;_avSEAORw*QL3C0es-}`1Q+n>MW13@OI=CZqJhqeCOo;6R^W?hF6@u
z2DfTam77<;wct{x6epL~jKWB)wabDF4bF$T?>L;=S!YNq4O16PkHUi?ck`+oV=gA1
zd}HcHZY8zbywek!4xPNE>g{q*SM^BRW;r35y+jm`)%4L<CiBiOZETGdkOB1V`Z`Y<
zEOk`7QfJH-Jk;CVAD5skuDYcyiubxoWqL|wxfd!8AL8qMRc=AGkgYQKxpEiv%Hh6;
zQh&wo-mZz>HU$2<oHMuAV;)ah*LS~IR7K}$$T~9NBC3ROEZDGoAS?IP*Fb)c6xW>Z
z*q=aO0jN1xOFiK=DB6C>yU4D{+Wt=0>=nT*J5nosmujCdi(uFImVs6^*b@6!f?m+s
zyhP`^&Gwk(kGK&o1kUKc;gzmSXW>@;H!)vTXNGTEXLVPnQ*gljb!jzW`XfQlz+3#z
zDD(<$5+BIX`X8KVlUxuZLDQ`nS6_K`LV~?#a6x;Fc)OWj8)vH{y{!avNeO#sMFVzi
zdAyMO$7@EP$AYYwE$j8tFEF#PS<=oCca`&dz0+?JYY>LL2JCd!Ss-gYvQxAMmics?
z;hP~i+K)yLd2G8RBvEP&MX}HkM1lrl@$LSDD3O`uU{*SBUuBLiF|MjUG)JG5RND|y
zXhcb6VD?WHOwIwG`Zwi#wH%Dtj>n!e+8nhXQqu_v>YMy>X4XA2KHrGQv?=?zg0*KU
z>$-Ek^(Jxi#FwcX*;6|`6OM|_QI$3Z9i6~SMJHtNH#Cl!fR0P$qh}EP?<sR0QQnrQ
zhENTUxa%BnS6idcH$<E-0UWTgnNEf#*sE$H&P(6on)Dur6{=!y@sNw51=FfJcJ1Ud
zvp$C>Fm6AIECh!x$vOS$$RT@OYm_BS+$3Keo2i<Cr-_=0r-d8#Qa|Q3vE|_l^_0>d
zth%nK3Rv|n#xB5}zoB=`1Z><3-x=JV#+j_>AH5jx{z!IV0qlG|+<#yf?jOJ(F<lup
zEvet))j?$2HuD@W0jDSTiwMKZCm8v!iOi^8RJ2|7Q~___)<rWffU>B9jIK#kf6?5%
zBcFCaR`;^67-H!ofuIZV3CqniC7XzpzWsKJ#(cBfw)g3Kp5h*RPKre~G+d;sgITpX
zQbXCsuQXgj{l*$^*FIRUZVOgW&%b;CJzz~Bl|IoH$f_VYT8t`R3q5E}FoRu|7~nl!
zPEFWRS|IB`p|lXh{YWkFMSYAd5Z+Kv7(Av=y&tmBuzyf-0uWrmQTqF3A&ss{EB<u%
z7+kY*0?GKjf6R3EiMygG_nN!HWCeHk^Xz0_|4it|&}Eum>XW#p@Az5WXHf&A9sF<&
z+5u6)x%PGq<O!~!hxxC^sCafn)XcDekzO7H{X|>%wQ~YX`7q2Pm2F=JvMO@L^d0Vo
zx#L&*j+QGdvp;MK3&B<}?2f<+WV@iFAhIWU9>4=!#E@nRRlp|1Ut&jvV9n2mQpQ1h
z5*=6d8VFD|dyDZjQi~THyJY$j;6Rj9T$tqWPaiSk@y*O7=8R@XB7c@#u;D>}56t2p
zCh%}x`FzlRB=_>}*1-7n+OowsDBDkoPpOTvouOsLswm%v&90adxmeP{L22bsIQm2F
z@E^l)<&fys|4z4BvFta-WL~dXbtZeqaNMnV@a=+w{m9{g{xkk#)AHC@fCaN{^<R$)
z{_=D0p)ZIqAir(ana2zD*Nce;$k+a>k!zsKKfgEbf(zvp&~>-&WD~Fw+#jB1{mD%>
zuHIN(2b&PjQ_sCquJzG-oN}z^5y)>>tzC(C7sC1K8h#Pic;BUA^TkI?juz)_Twi}v
zOj#>qy(si+ou1%l;Xp2H@o#pAf@k3zp6oVd*M^GD6B@v5U)$7VU*dd*?my{=grZM6
z5@}j7rh50g#nrAeuCC~{!55)>oZLVee*q>wMX;tZIIzm~lHnb{yPxdu_FPbIf36x-
z^IVuyJzP(i-#cK&uEYQ8gxR7+@d7+Sbo%AMF?x^N)mWs8)XsG`JrlJo+lHRk9Jwgz
zU{aGXg3)XQ&@BYq+ShLyZW{N{RUxMP!-w#P*;Qd}`aoTWS&@`Lqx&GAp*TUK`w_1R
zb;x5~57D$^w^n>v_O0J@o|)=Y@I4YwoJam>s_HM~i*&w^@qd!<SN|{a=DIzL)ro$0
z-(LoFZ`G!{aJ%Ai`(Y1}JC=zQyZ<|)iz;yoO+($p2uVZzNDEyf%X5b0DxWC;lG>M1
z4$iZIHO?39h##>;3JpeB9j1x(fG2Pd3(4Yd2W_z6{a3=9(<Zne`X8aeU%y>*fM6MS
zd_g&9{(xaz^Zvpy#Y61)>)x?5041$27mAuOkUz&5x<W}OU&9S@Msodd3$8;me$$84
zVGFO_@{>k00JW+I>cDlEPhUx_f;?1-sJ3hXlgt$WVpFgaiPRD6$0C3IeJRU&^FKqv
zkXxd?|G~b3YM+jmjKKwiDhJ|OlK$qrd4^>_%lfqhm3QeN7^?0UNQW2ndb8dev*mWs
z#d=LA%DP4EztU_j3by&bBXp8g&qC>Vo^ZuG2^aS-X=tWRODv-SoWlzgg{Ye>GwK$+
z=@O`~eJcuwapmFQA&)4lArHALOp$!<Kd^cfmi`yl@Sgu1<^N>XK$Yz%lmu<c{`wc!
zANFm>!Sn~udGIed+NhyV6!{-si>OwzCtDNG+<pIq-*(Vm^RBt~>V)U9|I;pDMGuSb
z$=K0G_<xlC(vGhLH&fhP4`1*M$D(u+2N}qLTw%I?QO&Z7F-jvu#xGPBUKU)F#ySWY
zx>kh{MrYx(lY~x*QC9TyLH>^t9H2HYqeT%RSzMv1C16D{?}Pq(4&15_62(|;o{4M4
z6Lj>$!}AWvUuCfk@=y&TyK+M7L{+6IrGx)bqOKS?FsX0_rr;h7Q~zF8Hs?Q}5<q&e
z7+e`!ZboR$6=ijh4QEZR)T4Va8%!IYuS&v9Fi58#3P3FT{C#hEFNKzgP8T1sj5MIQ
z+xN^*Eaxg3B<Q=RZG5(;<HB!C$)fkB=dyZ7YW$CWqAL_LFNkG8^Dg!Z@Kv8j4Z3H|
z;4?($AtspA6Gr6mQ{V~R9_D=f5Sd;1sFkNKc>svv34hCW2{Us4ubn^yyI3>2BOXjJ
zNh9IR6FF5NAK&7Xy_D%ZVsu<VsUR|2fMlSVE#f<h{El%7Ot-&=F6czSc0XkcvbF#E
zE=&vJ=MNV?@`73fHhgS)Jj6O(<_RFjDE=c-$0&C=@g02Lr;`8u&q}r~+dKM_{_uYo
zj%|8DOa4S&|C`~p32i;(k+Y+D<r$jhl7Xw2r7)C}RqS0u(V7tglc|f4pGxq!;DkGs
zg}-<ZUmZ)43Nj=iTJ%Ly=p5^4?*$|SwU5BrkiP0^_SXARdhq&(YwiH8YM^HYKX*YU
zJr#+$k?<c<&=CD^8VSU>ZA>zK4K2z>9vu$bHxRn5C3sPd^{f!(&N~N;{r@2;!PZbx
z7Wf0=ybZyG^bmVQIctKk;gDOpJkJPHT)=-O8Yn%~mc6Pfc~z8gD=XoamqjZr4wsz*
zpxzCAvnj9RLA>jFWKf<*fAXm9ko?z_-6O<)A|X5Q1g>GOHUwex_Dq6RQ6tzS_QRnY
zb_67QHYA_bh@C%Xp;B=4s$u|7(?i>#JA4GLG2ovpHZC|iMs7!5?^A5}5WC!d5}WFc
zRi+v)7kNq+Ps;6)fW}6J@_7*KVlUSk>PkfkBgzD2I~svS<zj|8kW=jlQc&Q0Uo;po
z7_2xr@Qe)z7T`Yoisd_Q^b8df?P=U;ooU?cWv`{TwyLWumk;l4il7xLzfFP`WnhWh
zeI_|e#6f1cbA&<ae@n=N+H&XrU#U<rL0(Q=hz$AvO`w)LMJW7t#4KlySooh3roxR1
zO)e0P0ls!`x#yx<o+3)&?TB>;1-mLzkf7c-3FT1!ME>HI+|)aTQE*9V>tDbwvQBL?
zI!!9o`0onr{R`+tQ?yP&r3{jpdZ*9|Cah((XDnxQtrIl&NvVnG?WYX0f)*5N8YkW6
z!`RX}E`N(t!rDFOK5Lgg$JmY3#flOQ|4AwY?FeUA&7a=?hG^7$MqeeCbm~6i9+E4%
z4L^v^{)?&)o`sO_c-cCdSg+7?2}2!%H-y#Xk*@!snrY7N`nbO+w&C%5J6V_6_I`aF
z|BqY!A9nn|tLP6GW9J{W^lbN!R&kNa6)WW1J$f!L3%$hO5{Aek6)=h!rOh(tSPSjM
z_x>x2Ql_G%6m<jh$p40b5vlOzJksMuZ>v-I7I|Ky<9dP9`Whpnh4~nI%?-ar()T9l
znhk!1xa&pG5$)2Rnl1Nc^s@3xZHr<YHu(VTEdA<yhitYqHCs^R%)Nh$%Rh|c)8~8!
z{z%2nT|xv$X^9odh->X&mb!cs^P`guWwKT@m>zo!Iop&e|GaDAQlgUFWC|?&)BR3b
z$Vc`b?4n~~O5$Ir!Mj&f8L6_|R7>cL{QqL@EuiAcwzl0)2$0|e_YmBJI|L7|g-dXE
z_u%dx+=3MDPH>mPA-KD{)vctv&*^i%?(hEpxOa?qJT>>bX6;&4?Apw=YKyuGs3~*?
zP*axUi1B}B_2kpi8`@HZNvdfMt}9?BRW&G4E1K=(Im!G9eQHKe7g8XM;dE9BZal!R
z%1llfaj;lGjg|8M%<Mq*bXH`{Ke2I8-R9hh7g@U+Hg9p%Zy>8?c@#5h)@~$OOq$0~
zud@AA)hIU{iTE_%Wy3Xkv4GV{B=)TF<Zq&R4V3p-rErFNf1T$JR{Pf0+sJ-y8`d>C
z{FWAAnKZD@-ng@sRuyMplwgi0VOPt*)m?a$!sMh^FaN&aOnqvtP;NAXfX!&EqmhH(
zVn`c1v9BFj=!{5E@)3*Y;LN^kEQs|C-sIFH#$5l?Mvtm5d&>;2Q!h<SAN2`VOC7E`
z?}>1fJ83q)wJn%{GAQCq2EpAjX@@x8o)e#tZ9DRN3`g&UzHLh%#cF&7kF%A@nCC03
zwSxxSmG91{T8m%qvdQXM@;EOBS%cCW6WW?#w07Z-K*m%}5jjv(nj#}3Q;Sj~>9AA7
ziuQLeSd$d(IWgE38MF07I!e(OB|1u{e#o>QLC|;=kC(M*H%M2o_}f;ZBE4)Q&lU`2
zQo$nIpk*!uh;mlUTWpFDoc~Px?e{oQ(UNz1M$wXcx=zu8H@{BNj2i+I?f?jQ1L_n^
zXds}>mJ`hO7km@&7S1w%+z!q%cl@^iwm-7C17dgch8ItthV8Qj$Qg2m+vSb;Md}Q=
z3>~Px#_qvK4eeVS26mnpUKMQ49L!s&#+JT89y}c~bV)_vr{ks{9wH3y;^Cve7r5TE
zsSW3+a~Hk!xE}r>vYknCLfEg3f84K)TL$tucBa=p(bT--ZKtT74N?*FlGH6pQCbHu
zrCy0Hzb8)(Uo@|w6P1ie#3dUc+;Q-1I&f`ZY8v-y>aX7^b_hER6MZl-Rn?_4JmBa^
zS6|vfbXMD<KUmCP(pngC3~#P!mgM8=XHUA@7G3dJu1C5m#pu;JNG-oN>R@m7s9sHl
zUcui<1$tC>4Lpc%u<WCTO>dE@l3y%ueoN}oj?q0ZnB#IL*h*EKua>zkiQ_yl80AW-
zmYFGuV>MJ$Ok_30VW!m&G#su7SEEo2G#spuQlqFk5UxuDJ}ztZY9ZUry3rIGJZhSI
zgFK!?4VkVb4w?tGwRSVSQxmi@tZk5S)(IoldI#HVsFNk{b`Je}$2SwUhkxWmJCDhr
zHZYaglw*J#MZX@!InU`V@jZp38spl2v$p)!Nl1Nob_7tOR9xdfsTiz9B+zYZZl!Ei
zXM)P6(um@)$T=ckuo@(cB(Wil%$*Ba+d35I;Eb;-a64j2BXl!aNp1a5JfgjRm#=%#
zFRMY_u62F|el$(;T#(+Qi(l5ubW(JOuN|7A|531no+5q~N?l#VluBKFG;K9_lKn^s
zfycb|QJqS&$mginhuMo#@^gZ%DQAg=Y|DgfJwkJ9XJv(KDj3?M(?QaWLN=5oRL=Oz
z@a6;Qhi;)`5zf5R7qUU$77ca1j_o{NtXw>b4kK#_8`nMkpqp^F6Uo#GlX1}ZOeTtm
zsWmsWfc(lCBgK)VM}&J<p0L7_x|1vQ_!3hW5D%(;W>#bm0e!(nycLbOpDAd&Dzf$j
zlR&}le)t$9k&at&{i3!=)^cAl>3%Ao&#_2W>t~2$u=#~+vS9SGh}jcxQr5&iT=X^I
z!G@pkyPwNz<RDHX7A<mK%CO~Fkx4_)<?xW5H8JKudk_B1TUx{mgUM?t;Os@VBIZ&G
zRiPHJ5=Nv%#JGWba%;iwYVM1+g&<Xv`V4QXIL~q4#|Db(dDfo951iE)euUOt*EX$9
zvpFOVyRQj~zXSGHVuuM&j(XZo?Tp&ZUn9;_8$^pZCZ`c>siS2?&)*pIx!?!UC`AF7
z9^q=wt!mGY4~f^3s-EEHpAmmotDExm?&-l{bL$NuK9*Jj@AB2FG;FIH_@5fhSif^g
z+kYrn^Ca~Ctstmf(cW6w-kYjeQN*#hP^MOqui%;Q>r>V&zdv$Na}|+o>u*?rDf3ZH
z+Wui(rB0LVRYVuJ3Ym>eJPxb%Guk!P$1y5mL%`hWgPrLE3iFu&&RU9f(zI~J4}8N#
z?zF==o>XnP+uav}iabPP2PO=kb(5`TEt5<q4Hq0z*m$+~pA1zaF-!!^9UNNTx|W>Z
zv1-%kmF}ePp0_$ez6(c)?cwa%$l}QuH$gfF-<UT_Gm!Q0>VjwvCukhzQmR~vX)^|s
zh9?Y-dz-to&Ik{$8c~eqJJ`3G){+`&i@UU(E-*ZXN)`pyW*cp_xv_&>j^u)~mp)8e
zC7ZEJjSy^I^xYm-a*Vp4^qgt)ztBtOreZ1lO=WkT8Surr@Hh5tnG48_qL;^S1se!y
zA=Nf)qaCgsL`2;|otuk6XYx@D$|Cd~eLT;v_(EjYCf70+jWzkh#$3S{Wk~_tfUiGg
zuXFh*d3<K*(X-Lsg>mby8S+LOOkLJF%L8`XU1j0oh=^R|Z&+b(bwX?lFt;Um1{t?+
zJe{n&_h#<a9<(~;_DL$$=IgqZadL4{%y3qYhBzKu&dpNyO=<e{nrnu!s6)OMuFFSF
zqn<OV^-sec4x4Ys9vHuj=-N3{N!X=IoaYQyns$pbO#3AUw8CnRuwblmQ-2?Fx`B6c
z4tj3u8qKgazL{&4b~?gszCw07uxoZqTw1WGXZul9eb{S$*tT<6<$hE}-h61teV}tx
z(vp4=NN|xxU|&u!>9V>)C`ELKIBY)M0Bv;LV%7M5gVs85Xu3(nZ0UXVV)lEmxQLZX
z%#V?4GDoZ2vOE9fX4CGjlJf@0&Z!8%0<`2V&B^jAt@M3%)&v4dwl&>LbB0^5?aEut
z#&K(N3!TtMY%+0_y}}$~jvL-T-$d_5%l;CLLqEmgWW@EJD1lu-Yg51Wl1Vvzg$mXj
z5Z<95!#3`uHKZPdyWkk&q?NP8w^XQ6HcqFqi+#i;+U(i%sotZLPs>0D<H#o`jbZR4
zUDJXA>jzDcvt3o|xl=)!7KvEWASmC?p{Ql?ZUz6iHbW=KIqmqy;~8e973ApUBIrdo
z&Zx30d}L=>q&d&I?&Mtztl6cev)iBxJxRc0P;By>aCc0=q&~?%*XFc~v>GqQs~L=A
z7vuRn|G-@-iM7xtFS4#hpkDL{lRz_iF3qVJ&Fspln8<9%8K<&zQS7emI5w2YyeXSw
zwgWh7;W1OrPX+850h-k4S%JeM7>z<0qhZ6^)72tZC214ap`+TMJ(P4L`8_#S4W$uG
zK()xUg*>Z<aF$TMg*=spQXl5v3E&O4QhUpOlFAd8QoGS~x!Tr&++8TOj(h@5v7IY`
zuDo~)P}@>GQ&P+dG#e>amuDRU8o5rFsIi(W_na5222m$s4X`WaDPt4?gjY~T*p>2~
z07Y6`rYeT&fD~nne1M24Kwe#>RzyidxK@PKRE6{R1*LFhc~2qXn_^tLVv#U2P>y;{
zA?EL4i2@4{-8JETxxywO)ad79O{iNK9H>~ZrWmD^S{P{WLB*v?YBxm~I$BSn*k}V>
zV(&Xn)xWvw5212WRa^9CIA#ca2y>eG(ty?NS(ZG8ana}`XEvLs$0Q>4ZH}?1L8?+n
zp;<3di?OdPnS@;NFm$Ty(@`j=QxE>U&bN6@^^t@pL${H96(4Qr<}9gd-(iNyT@l>Y
zPq|p8O3_b-kfg~l2e%kedqa2XA3Ob*RjlnM5fP9(12)gXX`fm&n^lqUkUL+=(BPey
z%nnK@D|4M*_!_a2R8|?$n6ot#S3_V_jmHE5E>kWsGj)pmK)8evvjLlsks?!S>^w_q
zPqbQmTBw^+9RUea@#LrU1YF6kDHA$TJSO!pka~Ds7bG@kTtLdL9e<xMVm3uk^C_aG
zt3O@zn8l8QP9gW?!#z^2Gj8kTE}iI#?&WBqcKTy!!cJ+^NWYNiV%{}t;pkDZy#S&G
zcF`y+>}ZM>-~0}(Yh(4M+B`7FUNrvTTn5Cw1irFx-iicKj!^>-&Mc}Q7@WZ)@_|Cd
zkL>&QcjrhctRD}Sbmb5U6=nmcYL&Dkr)!m#a22WprwXT*xBzDaO<h**{6MF13a%c=
z4UiPisx+3&ePk{2w%N?AE(U7jX%#9z_2e*8gRLww9G^mRG^o_`Ok#2pGT)+8HBRGW
zCJQBTI;03;0ciMn=R~J1m6k+7rRYl%AWQTmqe%Edb(S&c?Rk-<(y1l39FeG6qY_p$
z0^JPm5zFyK1$#;4&8aNFW$H@S9pcxqtUH9SLs^`MEJ5kpaz#f)XNnsIz0wh>xc1{N
z2~Fvdg%!zgLzER#TF3H9?%^vkcK}gb<skQxw(}pTG+^>3nvwE_$6^|AhJfY1e5xB|
z#qe%eMBChM*mORjW09EFzI>9~6eKL{8%!z^;8kvuqT6Fk?J*ONQlH38yeuT+9UZ(+
zO|f8$i><X{_EUp>cK6;&)4Wp&qPdDiGTxL)Z|iex^<qZBEn<yQACo)4F;_LvagaNd
zue7!=h){BmH;YnN+3;CWFvpm-imdR9jZ!$5k2(6boqH`2)H*@jxim9t((a(DU(f2K
zp<hqwZ0|&nrUi>ND{y8^`Haw$SsBG8+^R9vTm(kA%B;K=MRl24z$<NrI3nvQyGv6H
za_u&&6eP`}UQBNTUZ7GYpMAkWPG0)07JiC8dFu-fl3e4*t(OV#O7y>i0C-W{EE}ID
z=zYvWjVvpH$RoKZ=b%vuOc6lFlV}^ji_pevHzLwmd7*RGV$+;$Kc}l{w}PHa(^Uo5
za?DE$p=}_DRAyh}HX1T?(oMHcK3U0msJ*z?aEXm*dBR+>Qmx0EISRbHp?iG5Ot(@k
zz}r@%=1;QN(O}!>>S`LbDLZEvG8<VXV|LktT>QASxpi}r;cin>KB3Vfk{<ic`*^t1
zvw;YCRe;Ao=;%sSdUznKa(|2i$b}u`>cJrr1sR=DA8z5@-v;uvWy{`Bs~NIqet0*e
z%pH=D-aROzXGl?56{k8cUUEpP?DUofVpGYVy<BSfNW?HM7GouGm@mvucD)bwjGr5V
zx;*>MljkE5*|maR`SMD^&CTAOXZ-HW1?=S#pJ%=7%F(3#gXj$Rr#Oz1`oxGCCJVZ*
znX0qzW9{rw9!83n^vka8g$W|1v}RjSs2WsykS$K#5LEoQ*`Vbxn4^f9J}4VHl%qfx
z(l0T~x?B8M*7eB<pNf1*Z{q0L@0fr0*>8D|O%&7`cC6)aB5*_KaFUbk*bL5kKyLa2
z98P$->yXJiW|K654FpkE<!Z8rH4~*4Jog;=Ml*bjh~g=4t?g80)jRg#2qrxN2Xx-1
zJ&;fkA>-1!Z+P7felFL+#!=0VAfr}QE0k2i%01LDLfc)`APBO(k)PamSA-rAYfiE~
zk&oO>R?yO|<B8R3Mm`CN;xbJ{#{`D67~~O?AmS7~t|)PiT_8slu9#mEFP&^Ot>7qE
zE>J5g0%yYmhfRXbTD^1C8Fo~+@rTm%A%}un2d&CsKeQLQ#@|F;EV!RVR#CWnz>V=O
zUlACF5tfTk6j}g;uJ6IpTlz<V#PY}JTQUcGRT=aUB+^xR^z$?iS4%n}r|e)}EWYmw
z5^kFGsP8`?#BUz19D=|$Oo}LWFM-o3ML%iRIn<-z&M`$NiPJIS(LMWY-aO|FL;|Ys
zA^|}L>{3Y1!u)Xj!Cv7%7@_$)+)gY%GSmh1<!Y@ho3LMhX1ES;2g*bsm2)AUbUmEC
zNQ-2)As_9W=YZW==Shn~UKhIkz~>8ZL(CT%X2S@n5^bpXB4t<OZqfN7##XCu@%f^L
zY&hG#Fsw^9@NwnrPoLUN=bQ>oo11j&(RNH!RG8r`e?(hGfCm!6^A~#Iw~JKo3{}3I
zQEw$8UgX}dIPEX&vNdqHEzGrHS&q0_#U@>Y%^h4`30Yc$W!+iVZ{Xxnu!pzmv1}k&
zl((n&=6W&<T4M!vbuLhHwOm`w+S^#UWMA`W`iJp?5xPs1ht0~7Z)Tp6F2+ypeq$r)
zk#lKrg6%G5^B3DM?re2z+&yjb`+&J&^8u+Nn*-sb6Sd+Smw9pZzrc;zw-#AZaV+zg
z+UM=yx#U=Fj;oDL=ap;9cW<t%dx;DpUflcj%r%ae8@ALkU68_BGjQk(+5=UmGwBTD
zk)Z51<F}rOD@gVR$M`AS#-#Sv6KdYUskV@J5!I<!bw@S-7;oVv!Nw2ZB`GO<hBjJH
zy2Uu|XifgtI4$aKdE?g7MPh0vTpdd}d?8qRS7`mJw9Jpv-J8NGsKCsuEA*=^2R2J#
zw!p|64pifH+O!CJo3b&T!+XYA*+zByk(&>wvl}pr_}l$yoJ_`%!zmX!DHoHcsb7nd
zF*AzY%W|YyXljIS*1UMWz@DLaMS1smuTl+*pe=W6m;@@CZN}qr=8MV{#VDH9Kn65|
zuromg)BeBfn+bPd1(e}oci9Ko^yC7WVMU7VBD9NQ$?W`vkUA~_ewYdzs=CiKFqMcu
z82txtu1Wk|uYXL|CIuueFl<OjeFu<$`I?HZac8a9xcM%$G>NvSmk;j<8qgHam=_W6
zrzQ%V*a&;{UGUp`PCQOz%Pusr8rmY?&*Y$K?K*>BSct-z*Ux@6D{Y-wIBImgUYvB4
zH>o<=E((|iaR9tEmHgDFvd^784;Wz>?KoZ+e>T7xI1{(?h{ew&?Q3V~D^J*%9XvDN
zx~;WqIrrwmr5mFdya+k>$l=MP9HS8B59<|m*2R5>cHY=Yj>Nfz{C&!M)xKP<>7sh7
z3KL<1nnfIngJm#4Men%)!Udu&IfXK)(^NTJB1#3p`|;G&%1<=gU%mpSN^*=aSb<(a
z6sM%mh)fj{Fv<hpsc}@vpn%U`_<i>Q-n~4-eLANs86DN5tHvVw%uS!Rd1fU~=RZ(g
zG}>rvGkK74vDkYyFxU$v$J|jUJ?D4KcI{NF1f@2788a@oZKYx{)VSQJ&+V$B$wjLI
z-qzO@@-_1v4p^<;x#dn);c2mp5cQLnJ%Na)*+n*r|JVjCZ&Cl)7ZAA6N-5Eh7h|9S
zHF7Jbf6frrWD^ijerBD?3a-t{m&$xUSy0FvC)!F=(|;Q@ofMMmB%C{)C~h`HT5G5m
zp;;Wmz<Qp)&C3B(u%UU9zT-yhAa`Y;H<C}df=^yV5H}SmZq`RyyYXPwcQYMn4w1PR
zW<*&d{G^9=i&;1DTkKiEI!g=kNuQXQ(+{QQL*1XUkT^O5%`H$xE7sZ-J0W@PTs4+?
zPYrClKDP8d@$r8d`NW8RTxSl^w*^*3^DUJl`hJGy9o=T*;w9#MdbEgAcWaX(ZbFJx
z;WYm^Te#jXo`d1)(VsYm;vg_yl}Zb!K8trxQCT7y-@VhLeM6VakEXs)gjhe#AKCjM
z*XzyK+{!D+UW(2IPfwlU+toiJeOHiuCL8vk@<r=hurwuPh|l6QoU=R5Se}g<R{5%2
zpDJ+;k!4M~CBTR_NQV0xv~@1V?;kT1bV)BRdL?H1ZYWX&g@``#y@JE8fKK33H&t11
z)%+ESu`dQloN(GmMt)#Drkz#$*G3KQF6qPWCh;EQQXbG-T5<Wg2m9-O=yNx`t=gxC
zFaGd<3#I-6>P-U-J3AJ}JkV7G<N!asv$0z~uP@*L@xsS|tbsMQX@@2=E-lvdvad2K
z(gnagG^L3*)O)WI9DF6X1jr%)6RLlQF}mGGXx{p)9n8x`-wcg$dw4f1fj`atZKb8O
z<<#BQkpBgRQ_M>HIMi3+CUHAtO3yz&`g$RJW>&E1P)5*89kWKBRJt-PzGne=el6yc
z7Rk)ZkyQXu6z#?-U5Zn?X^V^jcU>`f%X4-Bmo1?gDxi!1OY>rL?0gfE#}!I;`FkAu
z>3@Yn(;D)g0Omw}5v6jxO$R?!_I^Y9*QpNvn%ih)nTY%#jIzm}S|6S!9`L}M4Qh4_
z(s1}CCNTb6f^`pqb(miaJOm@%80gq-YhiCyg>^>EW9R~{Y=f<AYph~+G3PCstGC^Z
zrx3Zs%jp&F!t6q39{}Lg9M$?@$FP4uBgh|5y5XOZcfS^`%<rqC&-RRAe~QNw+SmDt
zz{D4crDHz-cL}hEI_9eW6OvUVU26UR7Zf{Zg{Ncp(jWE`9tJE<tdZ~8#5pt!aA|4>
zrFO_;aqPboOShSVCa~@-WXaQX^a0ZEdc--l4de#4LQc5sdPVSIy8@ook+>8m!Yy0?
z;Y!Rnyz%7ajn--#{Gzi!LAW_JnCt0Plx#N@A2(rv`;pYx*st;gcY~)~XY~nQiy;(g
zYaE_y{}lo2_5{49n~x-e%^oy;>-T&thlK&IBZG9ODjDv^ZLv16{$eE6?VID*^?Pj)
zO**dZH66dwVlO|~Hh(55E?0Zac}zQ(1;1nNmgAPrQI59bxZWa@=FDed^QXpBE=Ge9
zA*#*1z8h;O&Tp~nq@nl;EQb@*UkgpQ2wEPZM>jkf!3SNW8JtC}(DmzVkFWUy7pJ%M
zy|~s2;2#}2WhovVaxVI~yoXgNJRB8hRLr-iz0+-=7^Bip=idB+^M?@b;6^|E@^qWm
zaUA~1D>Ao7{{M!3atG(|D!!2o60_NsPU#~s!MpanT>04+jkzHNXR({bN)H!{F(fRx
zLquxhJ-IC^BUa4L`*Tg<jIe%tR9E`<V<MZ4!94$LI@XI`Io7X5j<4b`eg|}GiVOp~
zN4pRmz0a338Ido}G(R;&@YKibu$?;sTk7U_6fDkM%$3G`Hq%q^M0E(JXTe++#hDSD
zE-adT37RTk?kKFlyk`trLH&jR$;N!IqCU6R^|2euc8d~`8Uwa8oK|FgrJD^2`2Qcw
z?nQ~=(*J(|=}EFiNMiyA7xg{hc5~&i=bH%Nq=P;84PYg-tfYypsdc|;cLM;%_AK82
z0ZK?26IC%TBf5LA%pBIn;LFfL@ygV~rXRcJASt=I4~#Zq4|K22ub};b)ykdfKV#ud
zDb|N)=x`Y{PDqDzB-#uzVaGi(%3ZRk8N)ep$n~5vDZo3D%JrNufyFy|m+RSWf`xY!
zG#^;;?tuyO_++dNH)9rZ@8$A<p84KWn(AaDn6CNd3J@(H<Xmc|uoAV$URvDTro;17
zgSwu@wDIcFHKJ;oE}d%E6*G8q2TJvnjf?Hu7FjQ8B8|04<h#qG`I)B&&-;45Cr;iY
z&XtB~b|Wzg;r7tc@<EYW0PNbdP0+DhxYd2-FjiWvQsD57<6I+1Jf+vh)X21fXA&np
za~`!Vy>;%ch&a@7gt=s$K~!TqEn%dNOQ;lXZ2xO+c*RPw@?Kg!(Qev2lyPavwB_)%
zn%er+b4BBRO(7R;uxK_+ZDE(mls<yqrVUDOV4w*;{cB(@{8{y>n*-LjH60svugJY*
zADz$SULt+%fwdst3T1qiu#Np<NHq)@a^VL$ui4=Hkl3O}_Sm{GMD{_7V~RC{G~cu2
zx1j+34oHp3-=p-1@MnG3z+M9U>(3*ODb=0uDHk?x+TLmpNFnp4;AD$!KR@-aOfP;o
zuV>v+bokijq1JXdl6aF;#oa|w)s;=(Yz`hhJbp5-au<|#I(e3!_gsrT^ePXsF}Nyx
z%HRKb8nVA2r=nHwZG5%+WL|tABz=|qlv=!DBknkQ0DHG6tt)VaY|CubQQCmW-x+1g
z{cV+^0m>T*2;9--d-g3jL&)f{cVR>af<vKQ-XOZ*z@Ncs_q=Zj6r~k4cWHGaJ68>0
ztI7SNpkQm!CP^~el#K8wf)r;bw!Dzij7Kv#taJaXq!tle&)2>)?y;T5ud)$$Q?zG~
zjxB4pXv(gO+h+CC4q0EUO5hL7*j%h(e+~?F`2|(A+?6P22qT;~csUqLfV^)gHqgWS
zj@GUq)fuqXuGR@@dp%0m^5|mistMtl6a9cZVA_$rk#F@r>p)*uYe{kWV!nw#Ytmfn
zLwS=UHbM_5DbO*uJ=DB&AG87oJjjIOy}CGK$>_OI{jz;3_+(e|5q?>eM)`ddz(k0f
zOYXZ_i2$lOD1_cYpTMnx5N|vzV$T2VeY8JT?;@UC?_cIhDk)o-wpm&97!y|=X?vJj
ze8^iu>c_*kRDCd8B9u#n34!B*Naz)~=5pQY4mmU}Z)I`s*umxamxgoh^0iIeIvCPb
zz^T^j3ihUnJKMU84U3(=`O&EAbRuJJ9ahf2sHn_z`XGBXjrl)xcph9mL^4Wk%?WJT
zDmho)9;lF<9s$-JEZ;4K9LkT9hjm&|T<A|<(<fZ>Eqk+_@TcBnjyxcrK0~#De_L7V
zc4j|Yl5V-Ocy?v;=1xsYA8{YuW~TA(vHp@-@_5xIcmyl<EHnQbGUs<Rwli~S9`&uA
zuL+sPY-hYs9%H|iGt1p5P@Xa+wAZnJxIf7LUe41AQD#d|W(x*;pw^ilt-#y5-mcfW
z=JY}OHizKbrwC^+Ykku>)^m4U9Kcc3eb=Rlg_FQ#%%LQR-#{m1bf^uN!1QU%SZ6XF
zFZXPI3xs8QCbCm2&n0^}%toIYHTq4m0Lh^xV;)T_uRdzVxvlUdd@M0Xw%K~aC-chl
z`=_w*8fqRErfs&9rBm-@?u%2(!5W>}89;g-HwVHyzrnX`wqm>_z9{MPnkY%OLh_h5
z&`Bw_Yr|)8jlDPoi=(?YjqZ!&1Q_TTxxEbt3u3`9nk>*i6$s^rDS;A36$FFogo36T
zfoT3XXWU}t7k$ptSJlnHVqk__=EF_P$&YSoHwrMH4;~IijVq%7x-|;*K+7?aN^&n~
z^xJ60K;^@%)HgWqp#>fJ0Pdnr?oekhiyJo%JsM+Ev~TF%k~pJnXrb+;QsiHSI3MIa
zCIZlcAF(XpZ4j|gZ}6>KJ-BBdi*AaTT3x&^IWJ2y-45nbzjiltY$-BlVlp<Vitt04
z13t*h1v7n7%FBL7Es$S`5Fm%00H1I!(kZvyal!=am6R)G{0y|u8^Je)x|o;Pu1**>
zrb!u7X38uz;L{lJsEfU`Ap4I73ZTI;U|<m#+o()tUn;S!oG_eAogxHavVNbaSK_G6
zZfv$qT{i&!vJBAnWo{dKU6^j(uEpW2iEL<I?_I0u-uOZFQ30ExHz3zEg(g(LZfMTD
z?1M^%N(*>R(>3OXllhimlbcu3OYk=Tk+hfunFtPTmv}`^2A!PddFh8?8*7Gj_zq8B
z%*c-b#<Zfzf+Cl1zj;Y~P~QKXHl;ZHL=G0WE;(9{)4=z1j4l;W`hs{kDT%RbD4Eor
z$v?4%z*to(v?{v)(!u4&UEL5P_rU4colGQMCh}qC4dg09jx$~ZF&mm!Ff*2$hfnU8
zm^Y_Xit{9Wgso5E56+rf4XLeyjKvJ|`euxyh~Wi~r8@4ZtER7WTV5LP@{8K6?*7;u
zd2auNzVR3<Yg?Xvf&o+3lt8Bu0GGDfX+jl=<D-xC9hT_Ld$41eGxwN~Yvv(1B5rtD
z;5z;`es%vzwzRt`g3dG&)SJxQHRA-<M!L<5D&@s*EeG%3_O6*&qMSrkKS9p@B3wZ_
zTw9T3?VnLP8+{VqF74t)d#G0kdMZWQNeC4)zo^6DJtP`ymvzZ-S~;ryP`775y8*_#
zwHn(>&m6*c$B<(vZTm5q@FmH3F-~Q$#p-%I?7?a^eZ{ExR%tc7*%UB#peXSw#PeaU
zDWp=K2z6)fo^F01u8%Ns&f5Tthj%B+Aa<f3KP^d0AQ8=cnK{7UDH=I0Dbt?scu}K*
zyh80lxZ)7HqW~Ra-RJ>~vUc_8qRO!Uu)|^qo=0%)edevXr9U~)i*Idc7&E8w;$BU`
z7g&ES9vQ7D(NZ23ljNF;Ghd4lm1pPAv%|dEww~cSs!O@1=f1P1uX4uq)?&W*<|!FX
zu#riaQa<qQtW6uUAjd~t&0KuiR|!Hc{IQm~bIKicwjP9Ib#E+EUpt2~g)`%K&wyGY
zDX@qQUuOooX$|^3S8{X-qz&-Te42^Ud%^~Dln{-%MUoWuv<AWF_iWs{E1fR$&wO5w
zoin59Qni1FOCSEet>e(teptSn0yVR{-olXOM_(4)Oq71+SxM^mhmhxLSWXG%%4?l9
zhG0j36l{)A@R8B_Nqc9d1zum>v$dq=2?`7Pb|C77O(eIkIcNXS`G~^km}8|U`VX<{
zR^OuyRrZV{v^l<*gAM8y1hIa5f2*yJEcg>%9m^#BI~|*6C}pms58-;5APXWt>N#WD
zhY!U{<P~GWi+ej%N*1$goha+48nm+bLczJ=9D+S{rK=YWdhpvJy001I@6=E?eGaed
z?Y%F(4hEo7=<4o1PQ86nD=SCD8V>sEM{LJtkA(GJR(~|cCkvQuhpr@}KMD%O+ZLMY
zkmF3{41!N6VBG2dI6EE93CC1GC3Nouf)ks73z~!zqwab*uj!1b@y#65Hw_7?=_WNK
zeTdL|GP%a<GKYSM*m6wU*|}6z*MDEi7{d6Q{ipi?2~pIoa6&H`!^<7uMiHT6Ar5d4
z7Uqrawm+A>dwOH*=%N>{{X@#|5s`rve_Z2})b=&=UPMM5!?#48PED`K8_hEfM-O16
z_4HY(I5^4LQ~NQ|d+czer`DaX^=gSi{1J!uKF0T*R6dwTiX&hPTQ||h=Yv{<YJ-1m
z65K2t#hY1p<Tu8QVLIfC)KhOVPfam~as~Y=#9gFJ3|s|FFf7(Yi0MK*S9&Tqlx~H2
zKJk1~C5c3jLf`MH?wJ?Nbt!Wx8z<E!*QO`!xm)+>K*4%zAJ*`xMZ^T-1ceBtE(AG5
z_D$<LGcDP=J#GH_1+C$_`8pFLY1v!HN=+_NE@gZw0*3T=kul#S6noAl5Q-Gi-aV;v
z0eF<YQjMS^$BjlCg#<}f=g+T$ChjJn*BK{zCh*TVOv_kQ9`jjrzA|LI)1uQNk%=jb
zD?=-gVE<GfJejv5?i^b1DJ=h?CuKrmPxnl3&s#z^*gn4?ub>B*N4;lxhPy|wXMc7x
zfomG)k~u|L8!G!La*Do<wsC@8ueKXo-2<>61Gf%05C?r`sTON^MxYiq)a|@gfsc8x
zDRBPoOvtr@NA>X&A$b%Ee_~%h#=7x2hil7i`&P&~sco%?zenC}fJco-O@nd<EfGyw
zTvU=bRqtleISV7bY?3Tyd#pEECbd<f@z74F^m)KJzHOLCibp~NK$~=h)~UZe?&NLr
zX7g5akJTOF9ieT(qyJ-Ga-2#(O?QhX$!sw1`NR3cI{h6KCpG3~a*J9HIPM3T8{T}J
zDCLWMP22(md8C9$g>N*I`8qW9G&hn3)X0<!;`Z?vgUu6`5~b%MHL7amyAy8>{q!Wg
z74UoFGG52S4(4O{K)r<hWDOJeDp1@Sy6%;FzVpi;FL8?K$8mP!pHXkgPa|rmD@dXf
z_z({f4r6nCmOqwXihNfTDH2EksHvC3OnpIDWOa<r1M({dNk;6ycJz-|KvotL|E8Wz
zNIk#5w(n3RRH{TnCd(_rtAjZuIem9NHgzx+w7IrVvcIy4v)>Mk8Y(E11<DQ;6ps~;
z4HOhH6iuJ+?K3&1@Mw4{dMfgXd8&A-@Trsn%(pJ4kf)=zE~Wwd)OUhc_Kvk4G4}yY
zGHt?75>FBtKr5xx&7o<!edRleX$87Fw`utwn|M<M`!aXrwOMb@OVv{_6HmsyvI*!J
zX2{JIw_t1IYH-ds7EBj#&J`DEEfXKpoFcFB?z~O0Op^u~%#+NMhRRJYYVXd03xbx}
zk6)c4oN`;FnnjucUXsmP&05+;OGQgG?YU1P8r0s!yoJ1^<uioSgmDM8eYF&uFh@8?
zC+A#rIU<|V3p5Kf=SD}YmMM#ct&nT!u$!Kk0=M!oC)*OaYm7$XtJRz9G>$<npFh5V
zuKiqeezBUf`hM&CDqY8q__dB7e$JGz&?j)q`S@=ig-($N`&VOEi4x>H`h26P^nJmo
z9-2k3`3O9eaj-myZ+)2<Z`Dr`x5ihSJ8lw4{D8i|czs{cXQdQ;O|%k~NW?Pa{lT*i
z7aKo2K^uLWTsyrA#<@Z%L^fDyL-h*gx%{-Zi-e11k6d#EhsrW^DGGKucIpE)v8IE2
zWXuvql*aLC0J}sxqk+TN`9U?Zoy0WYFm+?$rry?Jtfb^N^-laSgIZylj-BJc^k6`~
zY*JgHrjojrda0&-Q;9<gQ@Ml4Uh3fEM7`vSGG=0%qI#~T+P(Ik``~mwQG!>VreagE
zLxP><o^gIA&1^y$!&3I5(znC}ny5qqCFN`$MYgg-o2{*?!7Av%sw%ueHmZX`+@T4d
zBEwc<G8<(R6BCJ5-|@romhW2GD}jUvw1~V!>ZpZqtpsiir&fh*N?5laF6DRQzEfla
zvH?D_LYV<GFnsVmf;zA>0c-(m&~0$6fnQ(h1br1!{%mieVWRO4W6*!`3(f-S0_vwA
zyKIl|Z;p`QeXec98+cX&VS|ETodS{HL?K)TiUsw(y6@EQ+5iyqF!IPJbj5YHD<zzU
ztl{jho(`<(6m@kK1R58^28_MV%#K9J#Ng8)z~H0s@KHx?<M3#7GjY*&$#8RU5xAAO
zN<N)l!<*jd4C@S=Dq0)s$^=e!ns=H{$8}bos_av(jjZ{*xpClFDUZR``)f>9cNxto
z83$=}nO>#YXf!CcW<7?V!%uT=*$<Y>l~d`cdL_6`X6^aOC|jd;n?5V{K=1vwRdK?w
zueh&BMscDgad402{nSpMt&`y0X#7Tc9?Y~GBM^n4y~+S?@!Iu&qT5%5U1ryl0Nc$K
zxhIh*-wt(T9$9nl-|JIf)5fK5d^=VXO}t^)Fn;9>?Tl!CnIuGilcXDw>xZ#(H?+G$
z^Yzj2&~oFM>o}vbKBCo9sw+9rw!^jqG#2IMH7rhxs4s)toPB$oXM6Kl&q;xB!Rpof
zykI5!@T7?6d7|FOu-trmCd+b7{}e-1srMM(I+Pq2D6>1}2i~v0W5n1nMsPFOebrui
zT{Dz%06@ay(zX6^DYm)Ox8l9~$~)?u0r~mx`@<vMGj4nS6YrDdllkLTL(!nF9~Qn#
zrnf(;;-l=-!OeLE1FDylSH_Kj+o>;aALnV?(^fTq>cjR$;lV>S$NU-doHv<R3CFh_
zekA@_R7FvK{@s|Et(ui^qV~fPnSp^pU3c-*fm?5_`!@^Cx3e?e@kI3=;C_Af+Y$m7
zogP<6KzfgV5ARU*ZJj4m3_Q8J(`R+60lA~K?HfV6xG{^E)%N?7YZRWcewP^2xg|;F
z6Wqs>JB?eUhb!*_{zOj_j0_CItBFqi-4&2`Rv!qh5VzG=TckYOa2HCKg=7LG2z4@>
z<7mPgN=)DxvTg!(59b-dmLpmdkW%EME(e!lLSuGyj81Ei%TjF*TbqqwCPvT?ZYOJw
z4r>$m0YW-qB|d1ScgRhr3~CeMU0&*>SNhm$Qtw>vk>VV}Gy5RiwwOw$vnI0X>X9+F
z1MQ)`D}vr9Nn=Urw;&I@FRaxsvXXUV0y~&vRWtb`YjeDwGRkfI=Q@Hfs6G2Hj*$>9
zj;D-VO^<jSP@Awv1d`m!%`aTFzLe=^nu8pdVUFA!{G98ZC=O26pY$$QKt$u<kCLij
zu}caEh9;sIu?QYB$XMXbCBjLj7(*5oNOIRO@~-KFy1U<v^?6(5>~tZHr2veXz>gL_
zx(NKKK&Ha<IW9SheZfsZ5-i-tai=WW{cG(>r}uW*G4K&QCK=Aga;MtJp_}VeYuXGX
zw>KeA@J+}|QO}`?Ik4k?yTq4;^%&Ikf?LXki*N}V*>*HaYyyU8e?lJ)S8+Vqw-=q|
zTNWd91eJ-Dz<*d!5jZBpAN65yna6j*jsTcquB>9HKM*>$zpwk;3J)2TEJWP5r2Fn1
zp+l3pac|N13!Dq;MpyYXKC0}R*PvPorpl8@WRb@Uj|8i}`vC1j^;$~cGu%r>lw{xU
z=&!#0hcyGOtA#QHtwpsfA)o@+q%c1HN{e7T!M6;Z#nF`Ajk`8=d}LQ<X6eYV##>0z
z1uS+AMk~L`;je!3(jEv9rGG~QtwwbuKEvO2P~F1UcfaEbe(8qV>aPts$U+qibF#Ae
z<la)g@nkj?UiS{FHp|jNk_56HNu4q9GmXdjWFYPC-5$^D*EA}xra?BGdbF=xSw%FI
zt|_12Wa?}rT)-s7HD`+3x7IkYHi0x~m;5oaQ(IYBKV!14(zWozpR@z+Lz3v9VDHgI
zT6^*{b6Hz%4i<QBnODcY@IyT#{8!*tjGaRrxH|qt2nq?2gXM37dVCAA&ouBFYIB2~
z%9wRk=Z1oxGH5iZb?EzTSOqfrcJ4g1zwZQezDj2N-1`Lw$_U|a19Es~wd8@$@E6Q5
z!`L76zlXnIfN8-#jSWDBVndkw@VV;?A{0G>%ZJsDFVIjh2-qJ!fB*6V3Z_aa83nQs
zO$LU!WAASlct$+8j`sG`-063W#HZ-D^~E<HFjY>L4X7wWVZ-SBCOD_`Iu%Y=k=TOT
zU;3w6cj~hP=U6zcAq1`reAY)SP3desYN#i;soPj~TKpjc?=1z-KG7LbV?#o>_z9kU
zT^sg>t6{dI6)C)Xmt>~%Q+S(hsYiZNY<Z_C9uFS-kB0f)5jLwj+v<o^%SDR~qd%?E
z#ZNTs6N3>`&#WAk>Gy4c5G7i6hakx~*yQ-ZTWXqYaKZM?bBy+yBGKF1q)3Octy62b
zFWH-dL^TZ+!)E3F)c98_b>;y31zQ>J(tF0AS_rnsPup09+)}0m=B8$HBBG(Mmlx@{
z(l#o>-9o^(`ke)IKzm#erE75P-(Vdbwt$19r-KSf#?~g(PZ2+Def4*X*w{L*y59Cb
zy#JA=bSOjZM1j#97rG?gbDXE=9D6~x*%FXeAANyow=6iS0YmMSk+w77`Ujdf7s+<$
zIh|oMaGkK};cc$;VKN9I(M9HW4j35vK%X$(cW_Yh*ukA2(P45vpal3(A_)K6a^`B7
z>_|sCcCab%<0e?#Ta|(Riv`8*+Az>1P54(!jE-ZfBO3{SYpp+k1S?W=alaZpAfK|#
z(WcbToIvy7dt#WqXIsuGMo$M4lGEyNPY<6teTj%|wO=a1;^C?h?DcsCRzPdLZ4H#S
z>uuP&8LSF-!$QY2Qkj!Ytq|ZOuh>~(n!9K}UFk|@Zt-QR#^-8iHjV3|eb+e$-N^uH
zEP9PqCgddf28T5!ILJddoS2XrQT&y_pSa5v!@6m1SPAgA`qVEdi21fEIy%6gmJ~bs
zv!L&rH{_(r(Vt^2BM{7Mn#6&rHBBKJTI!r(8d{6{6NBWXpY68D%j|8_!wxhxckB$8
zG}YKu61N7cG*dbfa5PgwCLd|e&A(Djt&*WJq__-pOOk6doyCSENwpZP|Fkr>?8@vo
zRT|TPnxg>v9qOcw{4Ez#PHpwbq(n&gaLI+*g5DwdkBA|<R9KK?dY1WLG_i1v%ws-@
z@!0HsC<r|j=H#vclkxQ7MP|ap`6O({3r0v38?bjf)U8AQ%ygC%(k}IAxXys)o$?p!
z{Vk1e`#&RmKJIT7T><^J?qetBBUXnu>hGv;xqTeHYti{qb`cvs8HZ8@eIkNgK!NiY
zo#loQNk3wDL=Bzkzv34?)qBP8)dkcYhT4LyyO?3Hn9&`D+G4Wa^IAK6^(Q{AVYZkc
zU6!E+UxEYsf8}-jO#X%Wa;yO&{cF;H3H^th#mNP&JXWX{<ucPLK8Vg`0_;wT#{cye
zguaY<j6wd!Thv?NCi?-T15&vB%?*Xu->bnnSjYiCX9I;GXqQ7c^EHS<@ZXDl#9T-q
z+u+E*Wb_q5Nf!Q676(#~EoG#TEq>^R9DdL`2YO%jFY7w<v;{jfN$^a8QX8&EGTVjf
z)tKL^D+&*??~cGJk0>lNw!m`7>opUjn0h9O<c?40NTP6J%wa8n`FBzZZGt+v5hiF0
z;kfcIS+hyaL^V(t1#R$sH&F0{Rykhv5py7Q*uIVw`d_WzUoT3%?$v+vP4ZU<_ZQzn
zWD+S<4MyK}9mfya=3wc|=0qB?HHkELhL8K>pX?vyi*<yDkUjp_jX&~gcT~YV<$shh
zqt)S8<?s}OkoFzZle5Oi8=yS%f-l09??Ol=lw%IP@WV$t{Me0X{2&8x$aomBD<dgG
zz-B%QPZU?ntDhfHOBSgVTw5TAwGF2QeGYx|lwnfSp+b_@ewCz_Q_&E;<9z-v({_lh
zm+r@N+{y>stnwH4xbLVD<&lIrQMNwDL&+mK+7c+01{BxI)nXRU2u`c_l8FDQ=Shv`
z!Z_;qo_8f-xJ81h;kLme9Nph!nx@2)xb_q%wD$8P(;bT9=p85W|7`}V!lRlK>(L3b
zM0*C6ut#6PRJA5D3djDGzfQU4e!`FovACyQku1HwKk0@aDeC~4xp|QQ{f3XFfd$=F
z-;>V@9B#id)V$d{4MYQSX`=~)USeh>RwDw4aMXve-wphdcpYwkqEOw8g1u(%3-SF(
z$tBw&?lK#fvlLl&w}X`VQe&g~j2Wi;Ov>&95904qR=muOS75S?t4l7A>F+9te+R%s
zzC@FfcoOxV0-08a_ge{8`y`cd;4W(og6C>0a@YyD+jx0rm7U_&nNpk>%~GVaUyyB~
z!%MCFw|3}Ty6@I6yx>oPUFGoY^p8!a2c3{$<n#x^PiVHF#erFXG@;Hsv7xfH>irKi
zt&^)aEVrdTE4crNVuK9olmdzEqFC2|3boI`)WNoV!_6NubK$m&d|it_XHX{>z}0Q|
zy##!a#TecQ!uRT5gT>-!*$6Uv9G4;+-Uz|vkr$dCQoLFya&s-#CX8ZHygR?mgUOtd
zyE|8E<MA^6w!d{I#hg);eZE!X;YzIoId`g0h@P;xL+IpZYJZOyD<m(0L3V2hvivKI
zYPY+k3HlpEwV&StzqG^MO7`h+J=>kBFh861>O5C>*#ERO9|3;tU(Zw!pNl(mSUZPM
zQUm8$y1x;#Ay%3OOAA@x>P`M`EufeSl^|BKb^ljT#Fn=ZZ6;KV`2QZ5(d5+$njL(f
zTyB0>3$O4yvTC3uH2wu<xvxGG2=PYmYVuTdcP=Cx0|r@?zGX8ZCYTmV2^r#2Ps*hP
z{@bd_o(Pn{qqZ#kpTVU!hKbK0W}$`8pz>dvtKfg7S7A_VWLH5`Gs~s;3?e8k{Jz=+
zIa8s0#DwSa*U#Vq!=JDBq!VCSc<C*F3TB|kgJkc4nJj*$uqoZQGu3=F#C>lWY~j<-
zBD{cNDwKy9!}ebRI82yExK7Xjg5wMSd-~u*-)_uL!yolv-ZDqe!G&l=&%F#W{b}I7
zos3S#B>$-Q@-13)@|W&cq~z}yUxd8*B=yUh>Z0G*#kwLB_Y{vEc$Fd*{ZAN=eWT7K
z5JqNF`KmN7i|p;~Bp8}mz~Rk%Nfb5T{<oc|P-DT&c|g!e&$DqX`0!*xmM8a;XjicY
zrt~Tt{C3Q{IjC+Jl*qZjB&M-#GK6oLl1pb_V;EUC{N@?0iSUY6({jxWUPYr}p>rCu
ztj?x307&=K3In-CgWOP@H5z_&E@2+m+0+L#(=A%AS;7Css$F@`?>p$I<!z{goxNUN
zAXHC`sk3=mI`mqD!)I~3-!k%_fRv=(Fx8olNndMI6d*~bX||>S{~wmSjVUtyQAai=
zQmsv4fDj$N8R8}0&jll7tD4W0utJ=RCTpVb?CK4m&Jaw^tyStEG`cjCH9`1ZJC5;A
zA55ego2&pR_f`77V2)sTI?XvKZ%)mh?O5s!<DCJR^fhh3tD5<b(kDLC_$Aw)Sz&>k
zx-FY-1QYC(JJXUYIZMlNRjaMkG}=KWXSkQzh(tj$r(B(i;~_1Xkwz}Efi$3$UCo)y
zAbQcHEY4k~ay}j`t;n*^nLt%%#FKKmWncw~2T9)tSIZ6iz*(m$AFfs;-S_g2XaIKk
zS`+}hyd_C-g7DT#h&`D+<R(P*KJrU2IU3>)OTx3#4m2TFWFSkDCQIS^h~1`;vee)4
z_~2WIq6H7CMS+}(b8!N{Am~8%d-`ZQy9qqV5lxHzC+a`cxxfyT_Uu@fyl(;s-@E|P
zkyYgj*Twg5qs*tB%4<_VjN<&YI2Zo(S)659;cJ0gCBDpogEr?Ro=nFiS75LOMoj7Z
zD&$UhHD|J>z_HmJJkCJxdht|8%Vla^1ds)T=;WGVFr|QSh@QrgX@LR*Gs?iA-ovF>
zRTXxJRNcsV9a@Le`#C-o0pHheg`?+o4&RJsyw*|iQ12T&eXp%C-_9TEFDHN=h1$Wy
zltgMTZpyB26%eYiPp99FWsrwODk)wSk1&Sva!rC|QUjAOZdPqsU-%Rol}EHL)__L*
z53JG51r3hOC&i?b8taHU#X>UX#beV+=fwk`bh15i=-yYDgdr_-wxg9vx=*1-h@?(|
z$Q^4$2tcaB`adHvf)v|<a7ks&oQmMi_i$m9v^f<fNk|L%eolMunCVf~Y9wKgCIpl)
zj}*ip06`*oHDN>41TqAQVs!cZ;BK;5^q2<W^|v9Cq*U+4Q6Ue{^NMM_J%56(M@=EE
zXN#6<G<qH3cMuO>m2JDJ*ta6v)BPc|8?$w7=|y13gRY*o^e`~QzSico>qRDQManH#
zNO{~G*TB4y-M3igggLH|5eh?Q*ZW`|PvMM5?n>vk`V@>#e}Z#CDlL7}gxS_9Ha9A`
zHcpj01cHYX9`4B8D747UN7G%)ok!?VomFa!vd(YmUxV{Ma<hVDq)`@SG+0q(eO%yb
z0BEH3liJeJi!v6bdXi`wU+3VumA`B|t<#|B_}s$P_)AO9)%YXMA4M<83`47Te-p7-
zryp;V?$&yD%;Hc#DZzGz72N*u5qh2B_15}3Vp8ou$Xo@ebeHW?<C5Ef+wJ3P+w`Cb
zv8O<D-gv%!_RdNE^(5`MjG4Rw);&{cH}(G!;;bcy+erOQ!+)nMnn3Dn%qkF4Jcj6-
zB@>FlY-@SKs|rgj>MZRVysOG(G|`ZkZv*7{*Ra&%mS^*BSob`o-E{swR9tJ3AUgLK
z_tEVnb^9DgIF|>@w&x@5_F1u630nl&Vgf34f%VXyuIa^6|NYO|q0x1)XXDPSN}Tq5
zo(kJug7ndt1qH*y<4f}i=G29_67RrSW7i`v^h{n5+g`S`n~9=(iaolwkBIdxnEd<B
zv(9IT7e~18uV!;&_n&ivg?LB8HO->U<~7YTekRVP-_0QtUk%sqED6zFue@F9)}Gqh
z+wS85LTapki#@q-LMcdwT=D<c!Mp)wDuQ7gm>+W45yR<!#{af{FuY-0w$#sSsyI+i
zW=j!e{ffzj<~N@p{rc7AKRbu~7vugnLx`sT)paPyTZ82NhxdD9T($*MymVmI0Kae5
zz=NDJ@5kRihuTwwc*AU3ctbVHAwf0F!791LfGXOb*2BiL@9;rD)pDjoUmnr(RjqVI
zbcB-&Qgs-c5tijJ{X()<4P&zj-tFuv3v>9t<ZyOeW#7sNMyfvdC`Z1p8czynqrEiD
zW`Orp+Z__r!TguyJ+b7-!SL&;4xf`}>oS|0Z@qD5>c$|K!>BO_A(q^n?Az5R1vDIf
zC(xV#d%$AN#KoN)uPU_I!)La8?<BH7x>@49I!b3sIrO}mu5k^fvBtB1X4`(W9KQRJ
ze8D|@M_@#5IV`nseV4S%a`D7wL}fXwFfpDOP(zz%NK8kw_|g;*tqlD)xXN5i1-_WT
zeOLMi5I!-#qk}PJ{1hgjjxeDYjp<i|o!9eM3rg07U%O3{Quo;va>V&^R1(&yD{*G|
zWkz)QdB&GSYLg=0e+G6<cNQ589ivHzfFy#t-uPR;#J^Z#2wZyOsD6>y4!1Y`;R2!v
zxO(Gq(1?I>6u&?ilVAa%zZ%#q-C5aikPJv8Bz~6-_ZHz(uz&ytdUw`47-&XHNQ?ld
zXHXV842Wr@W>NtRYtp3v$?R(l$`XgCV;j|(R3x{}27WiW`xlXz>ivd~-r4^OlZfqc
znEnJ(ioKUa1SOxPMVSp(3ZC#b=B+FtiG4vFC-~$XGrF-o=BNH+egFL;N3v&kULNUp
zqmxg3Wsp8V@r^!)MVSw19<|>#T)XpW_cqO*rJbzZxPYOa|I){`dV{iz;pw<WHzpO?
z?fn5w-V`8({nZ~PLdsBd<DYo^xLp_5c*MVV;(o4e_0GKu#^dI}=MWL^bm?SZ+1}uU
zvr0wwdVfHhcOFRLeq~UeaX9_|&~_G3ZKd72pOyl}+fv*rNQ=A6)SwhA?he7NSn#2^
z7f;aQ?hXM;kRSm{@nVG(*WjKT=*)bbxijCrYyIzC>s>#d^YDg6NqWwH_c`z0vCZ!P
zF;P!_!m83+TYEf@>I5!)td!BSu`kCM_h#n4?xRxW(62*nZCj^3y<}6rIJ#^BP^{}6
z)smrVm&9gKpXWwD^Q(NJ)+}ZUJ20t8V;#dIi%ESl8S*oTdIo|_mS0rvJ)Aswd;II|
z+o+&w58tRv@goUws`de_;`gpaqhqzCR?UYlky<tV6-Z!7P0hiC)<#9ify$KoGeyWe
zW;U~`a)D9AXWY<inXERJk2mhRJbs@HB4A~VzHz@!MvS!lgD~ode*RZ&&s6uzGB+>K
z<m6=k(vfKE@`-mMxM#S#(`~3HOkU4vH#3$j6|(aE6%&W>f2?tjK6g9KZMOAh)8@M3
zql7beGZa{vjQ+y$TX6wiIB+(2IpY5g62={SlA?BK2-{_+bA54poGO4uiU9Nqjc!@V
z*B~;x<ri)}o4*uc`5)*hu&i5{ij@@S#UE6^;~ayS^Kwx3he_^b4*gw5cos$5@$HsK
zwv2YyQJ$zhP8Zm9`vV;O$z;h9o;}@(;r|VG{JY5!=YYqpligR+?<hZCa7zyJb!Rii
z@;LPaN{_IvW8Xb1!aLE;uS_5fj>%VJ*nEpONhD%PKI@<5>x7q;^f3(4tRW`S^fHe$
z@Abs|v&GGEH7kHji5e9U#`y&?<dEey@}!Yrs6WhB+DT?!E{)F02GXA+8O<Kz^fbjB
z<uw*tyj_R7F+~8p6U#NzLV*NCbAXj2GWG9W#H=K~Y^6VC7~%-I1Pslwo+iKYsamlk
z6z~|-JLlWt8>i&q8;jELP}nQsIxg7AkEf}r%u;h1>5bHyRAdpcG?gm(VH%fifLKJ9
zdLtVuf0x~nLY2mm8=%J`OWlzHmBtwx-Mx{;{{<~`sMwHqB~Qjf{~c;^RhcOyi^WgO
zUJ0@EYAOzdzWYaOIT-E7iny4)s#P<wdd1ID>G%>2O~w9D%aZ)DP)jwHsz*sA{aQot
zP=Fe5RVMgK>pV%)94aR1FE$6f;$cB+^fz5RP)rQ(YckbY+|lTBo;}vHvnRIgVj~Z8
zs3$=n@umayyQ*I9yu2%_cuV1a8}X|v$pu<z&^Nxf1+&}vg>vTsqcN^`*xdX>*$9O@
z2gENgZYfGU8&S9om_T`$a1s0bN=)01Fz;d&^<_e;c($+#NdUVJt3VM#ps?l7@7;hm
z@OB=N8r^;8kP0u1)pX`Ak_U|T6bpk@nX1-I)c!EpfumN!Z>wi4n(_M-p`pO=aH_|M
zuI_p+Zd<g>^5Ia8r5wq|;wyM2XPNK4*gU&-^XunG^&#I!!WCDqz=e<w7H&NkaNiMD
zdjw@h?_7i29q$<vp44K}UN^BywJwP*ajvY9uO0h~iKh@@)-xeYq0MBx4z+VT-#qr;
zktlBUb3}@rNqvLXKTEZIn@0%^+eA^Yx4j;W@GcX8V2w|<%&x;U=7N){J*temzS5d`
zv2?xA3)p3b%pB6x5AV6o+fE&TR-E54L&%OMC3+BNG#qvCU}2ujf$)5u$7|0|?u&;@
zan5j|3lanm3cR>71}YT>{NFKp;wnsWm^~LF?ghWSI*#L+-}@kt0l`^*u?5m~&X~qo
zlz-w1rQS8~G=hXPXoRZ2{gvwLL%Zj0#H82krK+kKurA@zUWbo0zV&>8B<K{lKX)bg
z!eF3IWB39W07+g2#NVunJJc-X7s&4?uylNJtS8E%e4uB?SUvEO(YAZT{36(^i+(R(
zNQcBzpq{Iq?e=?-_c(3ez6}^imK*P!eG4%F?#Oa7307{G;_BaC!Ysqm#~1cfZR_zm
zQa*OEd};a8-eQzORiB7mW=sE0xa^kB9UVny!_il5`GrQRT=lt@Zlk^5z7`4;&fe})
zD=BejAy1r+dO)sUlVNFWuRXd{*xyFeb8-7U&J{#r&+guG-7ZHFo?*An&WoJxHH(CQ
zj%QLGEL3||s9zB2hmEz#WghjBPfS2e0QmI6$lb79u$j48SmPccAvSgyJ-QWT!1u2Q
zAIZ~*y_qzkb((0M0+s{jh#F(9#{I^xAP|E_O;62woAwp-uMUr(BJCbZ&w%<sA7&cy
zJD2>bu{up@UxgZ6#Q1oxz<TZllG{wWGR4rx&ITH|s3c+fa2`M9JTsSGe7V%vNxmwN
zwQ0B>m?&?c&y&8&XYCvg<EB%%c;aXP0Iosdc|7UTx^Y6RjxX2Dz{%VKdF=h7F>buh
zZc91vg^_r04mhWvD8_0)S)FOzH&5~kr4+m8AJmlv=+#~G7`K39k;}Ph(xou@eudI9
z`Q{Hg`l-zH<LY_BvFk<3Ip0s$RMg*jITwmFv<TO5qj3O0AFe6%9E=v!T}|<kN59NQ
zzBE<-fN@+t?=ne8L|3(DcvU1-kz~thKz^=-60%nzLZ^R_@nBS2zBFlee#q=_X7*m>
zZ7F<~EiTjb%A?2&nO*oC$5}0bgiYVO&*`kmgkPO@TClgz0x)70K?syLjuf@PR*~{q
z;<D{zW3^}^E0e38ou=qwwL#yz!+_-r>%QG#&5OS7+Gv}sTzNtJ^_Y#5v&B+JDLERx
zgHlJPv>4Xd!zz4*gg}qlI{Ixv%Qe4cBGxiH-BW!DWZd`EEn(MT2JHm!5g*Y^r6^a6
z55?iHl^c#<#F=QC+$S(#rQ$9J1s?P=%jv=>r##c%i;KP$GdoZc>o|MMNxTWgS*%Gz
z!{yTHdOGB?N1Lwo0BJ?$VcUmzVJES37!<o08Fk2}oRI1aixbJ6o;4BLImBQxVKk|=
zo}0Z-qkZxcTFKCtU@ft5!8PZCj@RWh%bleckliaKGCuT|-o;FtM|D|~63o)J)uIBN
zhZue33*`&_2QccnbkiQ;p8VnWen(<U$Mnk3yV|=8kaPl;OQ$hn1kqPsi&lR#>Iy!o
zQ=hQ;JccrnrQ^%TLFq2j^=z%Wl>$8t-zUDCT{@{%`t;cWX9v?JU8A1r3x2D2fJIQL
z$<DG-JABS9llKD5eV;Jlw+3TO4ZQyz%h=GuFjcqYu`7-OEnWz<*d%bIeMz4((+7Qb
z_TgvRj)k0l^YRg12O(lvWh-mv)1=$c@55w*iJp%)L)LhD!G+Ly$Fa%x*b;i<SSf8O
zpM|GAO|pVJZR4>QL}_!P)hMsJ)TgegXLWmqXD6);XR*LTGq0GVi%D^0oLnL=Q7Z3w
z2(sra=y7etUabsj`s*%^q@3KW)fexJsJe5=cd;{{GwCxiF7cC|9ws`zQNfKw&n^?I
zKD)Zrn9Gx|676T>J=-A9m_QFkY7n*a#+nHs<Nn|$FZs3fWK<mkcxZ|p1$@apUZ;EN
zvo^L!ryo7yPgHANK)YRcjyeydvzE3Tc0kyI+}AUVeYlG!^qadbzkluQq0QIt$+9Aw
zb2nFNJx!NM7#fW9<}Yx)@Q4K`Slbl1)rqH#bg;$S%UtYjvy8K=&Ct#&9i3XHTY^T!
zro2chd{R|Dea~-sBlwnLv@81^V;RN7l>HzLUGrtn_bPe`D-DO|xhS4#&YJBDNDImt
zrF~0b=5fzfA<i>r2tT<$?{ky4er@FMX^;=m{g4*64AeIQXDYA{JMtDr+w7_R6%Ym~
z)UKF$-&9fphmm|KzGVnm^k#7fTOGodpu2)Zb1<KUM&Jv3G22g|7RUM7ZJ!ksa{IUM
z5IfouAWj&PJHg<o-m@Dv=2CaJeb^6c&FWpSwvWL+UGCPOBq3CFm_BWc){-2Tlyy0U
z3yTFbZzG<)e*6-Pk39V0@twdfu>!*h%qAm&jYzR_rbFoLak(*S^2~%NYB`4xn&-eN
z?uRZnNZ5|v@h!D*U3!D#Ti7w#IZGsTNDxaOS|LaXL-ZZvS|aTPZ|J|Gk?&|lTotji
zM^~v>Jx-ci#P_5zTcA2d*Y~K~u}O)b>snVzG^Q{86i*&d#7Q}RtXtOUTu&=tfN$F&
zS5HxAz}hvhhHg23)ZBmSGVO~~&!HEe<bQ_zOWe}QD~i6_(nJ|yQ6hf|Sq`fJ^Ejd*
zdDrC)e#9$?=Y^PioOB%DI)N6J4@n;ec|xjBD}go#i{v3J_6(Bq%sLT6^;qKz!r@U(
zg+9Jh_99!KZk^wAU0|P%a6iXAGI#@loYo!F&_Y#Y+uMP+hLKMIAMc{h#Cj7|B?7KD
z%2~tPbVP%ehu*t^qR1AUM}H5Gy0b_)D8f2{6n4jOJ0rH)=M+9KG1qsPAQ7l8kz*eC
z)Y{P<n2n!Hlsbc1AkkNrGy!uvPx3PZea~BB4o4qHHHcja+=ovUfK<)Mz-QZ?R9`Hu
zgu|PLEzPwE<cMm-@Yl?>XymrHKwg`u+k`vE2y)xGhqQEnv#ZUBNTIWqm4>X6sDtCa
zF(!?4U%L65=j3Dy%ML<bIP9IK_0)C1O^xvOThqiGG78~|dD{`oIaCYItJq>`_l~j`
zfm)Gyo!nyW-VU;1hVHqW5+8A*<{fxFY)R8T#R72^UQiD&fV>9|_sktOMAuIy+*^-K
zSE==Or;S(-bf`|ZQ7x=9SCJg6UJ|<yAYkwy$++>ejnDVJ(uxcI5yU>$dIXT{>Vvth
zhkPc=p_1I51k|m^bLq65py?rjc^GkQY)%jv(`|%BP1MmH!laN~)W6Lm3wIuPQeq=`
z4r$)Ma3Cjy-9>)cdF{#1?w{Vy6?qnOP;p4JT;+-BT&wV|_>y8Rab6%pf$-c5oVL@H
zc9sTvTz+8bUu&NY8_z&(!<+&Hj9B4_&!U9e?HJ~t{6OJP^~TLpYrMa@-*}_pJN`Lf
zQ-6K;NS)Lva6N-8(A_Zq2MBdkKgUXU+JK2V_qat2&G0)pH{R=3P`SX;ILEn{w7PWq
zKvoovY{sRghwYcg<`CvR^e-QUAU>ui?8tjSN>R}r{7RCQJH73p;QgR^^xKu*vCd7_
z*~d+$&2)6uO0SpJa6fU9*1`+36l$*HXXT&^;dK<V-AU5^=wq@U6@D2#B*ER<ky_tZ
z;p!*fbKZM)(bW><c^Fh;2J~{Aj^{GtUXqpE9E8`VE%Wrl@HD<nByRFBahCyG2+E9v
z-W)bBi8UDznz)zuUJ4+kwsk}Bz;&A*FvP*cowA}6GHMczvY~dX7E4{SvchOHzP!n?
zAglfPBp$I#tQK@BM;A!-lE|SC*|O2MZORePxms`P4Hah<NMj)>iWXJB_Wc-!;p*gO
z{VkF`il9Y6PwZHHItqJ%j>!9t^1^7rV~G!2q7vRuk8gMf%OH&GDf-=nBo}aXLKKmG
zZK}xgZ<gU*eD$QK)C3I)fjTlTN(pSk$FT+G0n_g*$b+=GXj?zoXh{1=Y6PHiw`+ZL
zFO-tX{Fc@~o(P+_5MIep^U~n|&*%y<PYM1X;7QGI18zg^*JmW^o|r{$lN0PQ76Rn?
z8a5XNM`tuG-6~S?fCYK__f=7F^yO?ut1JFjHgD;usQu&0tC`o+uQBwo26_H${p|84
zQpS(pC>GX?)VlDp(f67AGUW<O&=aSYCPG<@`h2u2+gzW5d8F)bMk8fbuTO=I^`I77
zft49!d*kzWr;O7Z$J*2qqzKL%M_tjhG^<0=E#x_|R&Q^1i-<k>;`ay*yGIv{xDsW9
zo;P-1mxb(u^0!-XB!c@+rFLDP2t$XEr#qD0sGZuDCh3xKI$`MQnC80Xn4M5<xJ2en
z+SfDNlS|^57bp$`@%*zzUk?%|lfs1qOP}mRssArn17=4`S-y*N>sa3N0MG_N21K(i
z2ddJd$jX2534dI}qa^V7fLn<wD+v{>j(LPBg58AqB6=FnQ}Fsi7>O%>pE@E|HTw5!
z8|A>Kafj=&RTAXX=f6nEUIx7kXuxyLqHTqWO>9j<+w|Iok6WjU4CNq<K#ad$0$k6w
zJ`elQ75kp)JKQss&xA|I359SoDK63Xro05lK5_inyp))=GL$>OvhHX)#^X2SaYyj^
zx!_?bFDyQzDi*-<8#ao)RNBede?6uC?M*l?mfbQfJ_l;>g3SAV84kyaNEuJVGBj!D
zO*mAwzH$3>AP2*Y#IAW9I_AMzjI;ghT~t78Yb!L|pseML88UZqKit7Q{Dm>~rNC_4
zr&NjjfOj7})rU*WT-L!e?&xPo&`*;5O|}gn>HIQ2XZU3~w6vUHoZm@w_XKZ1s2@9E
zmUiUVe+(i$_?$_rHS!|N-CU7KH!rAk_{I2Y#=7_?G0It-w5_J8L6J5OWYaV1)@0ld
zp>v}cW2-mT_kXh$`>0K{GKSH3@Gmlx_U#BpDBXSwo~4%}8%N<HW(_1ifoya)Q>#Uu
zO+PPzNxVdxZCjp7;sBjdoGnRXO0&NHN;bM@du^p&DnYd5I0{#1EZr5azP{pX&d)7V
z8&)q`CE;t%%q1Jyf1jkMGCW?ex<0b+Z0Y_k;;d=jXFjuKeX4GHZ+^yR>*Rw@>!t0S
z7~Sdi(T@CFGi`VYz8ll@MuXmY&9=8(j~C_aMe-T1XY1Ndz0!dYHHoV#jhU{Mmn5Wg
zje330;jV2&qIyJB;;@ablQ!AR*sC&Uf~5`Y!I#9e*f0T5AC)M~(Ge-C_mY;QGrsMo
zh!0k@^6TAHjljhxhM0OU$Qp<I#w+gKRWsxp`$hl>sc|sv=0GgI*t)eS=D$m;6s12;
zYv1r9Eoz)#{&^6*-4pT~Ch#s^#ciSQL%5|*x7CHeo3gekb=N=Swha!adV~l>%S!aa
z6jYC<0=sK}$X&|D1!s{<(b5ekcZh9X*+Yu$aX7+#uYOjvR3K`-|DPmNGA!0l7e07>
zjij9*p4t>fzI61?EL9$IW^R;!HD0hHOro2Yxvt`r8v47*ASe*|e%tWYK>HCg{UZ#H
zI#@!v@A)*Jv|gr*3!Eo9lo8gx#@5dEWBbxZx@r*SRQ{^%<=_Qnti6P{A2zxP6BmW@
zj`lerkzwJu+;!l_)qXkmI1GG@k+efjE5-98R9ui6$(DL=W-Spm3G!<I60(7U&}Rb<
zqlcsix(}m=H64Ym<jwk5i-l78@~W1c#!?27{xC7i+~s!30z+#>N)io)-e}xyC4mH@
z_YPo}8JkXbx;i0gbQ|Aks<W^6E<O+<<~}(S-&g;jQz7HC+H0!YP|U(ayXZ`7$`Dl<
zBc<7sRs3C1t*|)^7&j`~Ye{R$7gd=grCCDDp%|5z50e=|FcdI<^~6>&zVqdF^fLl1
z<J&9sBcFk$mgFvNr4s~A#zY$-&E*2-^&{R63YI>e_vzYi91Dv3DlGi!iL39pL2)cR
z&>^rRml9w%KlQOeN#grccGznjUluN0bwl1#q#il~)`_Cx#1dFwoDSE%s#aGtehxjG
z1$bQt#N6yTTOGRfR0mg8<6iQL0Dg}H{aj?luK#pMX0cMesG@Pi+CjbhKTFHP=W?p~
z1-N{w8M(|ODgjA_Z<R^@Vvc%h^C`UTCsrA*zLIll{dKB)Hb11?oEloTMtKxgfkJ){
zM-kGZ{}6(omx}5iglPo7>V6nC*242ZVxoqkth0GkcSVv&5BBDzM!=|spTGh&12~J`
zG0r412Cf(*^oCnXdg)2eUrf_Cm9o+aPkXo-G;`_u;!MCXvX`ZEmb4ChQT0gz8<g32
z1Yex<`+7eLoLzdmn0}tp7{os8T3-!1*ni<AEPE+gTk}=!g{(Z$0g!xTtNN>)a&g|%
zHH*;G{TsAC)a{!h9f)@8^)IXFqVnQqb7W$!)dz_SA*;rlXO)}8#iKj>QT8{y!|{-g
zdOP=YLeV7;ZNHP*LD^=_Si1~wZiRS!Ar_mvQ}#x}+~W;|n@#Eqk7xp&MMHF&#Tk(~
z6kW=$KP@=`T?j4>I{bmo;w1V<xXwxxzm)NXW1{t!un+ArY1-jAX;v?qyvi~$UO8os
z9EsV*Z9T7pi8(x_ISIEC^`^4aarZlrgoL#k5c7-FlKFIc1fM9^uochyxc>CXt3!x~
zdzEvD8_ju7(9w0m?0*rbO@yLrHVWQJhnj6j+zMLYq>e<K!^^(WPcgw7c1G$G5#0{d
zLXnTjy!#M#u(0Eu_<5g+OTw1*3C9xj{hqtW&!#)mT^;C6Bk7T=MXMbQP7C*h9i)L3
z#y){Ervp<14lJg&Iq;IWhIsBerP(E|Z0hmKV5=SnHleTYq=AleC({k~DF-FwQEcN(
zGqz`h)2k;<_H~=?_IA|rU|QXKYjg9>Ud!Ig=EDqL<6NtV6otsW9tUxu0j3kG#G)4$
zBA(<?4;pG$71t?{kEs>eM_Sv9jbqkR_E+Dg6Q)Cl(}wfVZ}Z5X@T7Hj&Q}lG%g}dJ
zZFt*Cc(9I!BYGM5(-}KRk7jMu@b2|QcRut3++W`5Xhq8O1z0NPlm3JvL>-jxN6>Ju
ziTg4bci)Pz3_c$(1mO-!^bFc{uctkA&etE_3tKsPmEkQn%#pF0_<3IjdUPHxxYc_L
z*(=MeH{&{^PJRU7&JRg6ajCwPhA=xSPRBM(oGy=9K9gkY)&Y2AACT1JW;qa)b`nH3
zW1i|uqWV^RC@whmWTr!!s2v5?E~fR}(&r||?<8^)Y1=u@Py}i9<l|8AJ<K8l0JK~2
z9Yyy-VKzXLKE=vyzU@&=N0DJa)x*}1I-6GGW?HHRRX)`FtcCogK8J#(qOm3Aev7gF
z=l$T?R$sdXR?j}Jxe8R%M>DGyvZImkU)Z!?2;3rjJ4{uu8Zo_tWeda*fcR4B4HDRW
z4-|OUPSr4vwk753gNV20{XGQdY0*-6J!inZph_>)YWQrLFE8=yT28HdL5ZGak-&lH
zx!RBAzrnNf<xMY<-uXlOdNFF-!8y;qRWGM(J(_~V*qM(k2k)xHQZ}&UT`-uYvJlqa
z-+Bmsp|y3w5NPzJn)wuA`%QA(F>AeHC}Mg=lD(Sg<Z#EQh2gw7{DNAX4kdJcv&F<?
zy)GbGHA`<aU!7!)FDsT}ilyDd6j+A89Y5b(=@x4}Tiu^(A5*+ZQ%@zojq+R{L$OVz
z$J&i@$D^NhwHv-nna;~ZdH8;N$zIUG5MQ5tFHvP7=8cY0hzzrXG{f&^OnuAKQoDC7
zrd!$Y)VPLNZdaux`QB-1u*g$KCbUUSKc}oqnwVdCPgO0m_l=5X2s4YKDMMlL%lP=;
z&6w73-CVui5gD-iQ)Ld*wH(>zxPnCP1EoJrEYr}BFA3uEePbpd1$&83moc{bUuI;4
zJ*1^LR==3)3Kxu-jy4wKCaTU?hH9y?^)VYyhI1r4nDUfbcf}W_E#o8up^RzeAxzc_
zKcqdQf?zCDN)PeCcO0|b_XH3F433FUc>Fv6B-MazxEvbum@E*30J7p+WF0eYQ4S9;
z@g&+_)sstf4(>SWyzg5e0gT}CSO!qkK*P1#@c8%M_d^VLI40oN(o>gMf4pOy59uuD
zsjIxBQZBW_`z~z|osTi(((Ag%+R5_dBf;jAg^T7<qbk>m$tF;p<zk7JTansqVf;Tx
z9xq>T%O_cVgIo^IVKUGv9<YcHaQ3{)D`T?dv$ei?Eywp9T!@NqBJ++Cre5JE84_T@
zO%By>f0{H96>N^tHW}v~rN2w`tgmhbE_#KjiI&TMlZPYrql-Th9)dqkpy(?F{4`E8
z{Z#a-`mO#>nINtdf;=Cqz}SI05{9k>JF+lmf3qc2I3?HzCM`(uM^dr1?=Jy>AQkFN
zNaB@VS@$}LTl1qb_3sCv5WVPemR<Kh%!N-v5&=Gf%Ryxe2h0$?fbpUocM`oa=(;Mf
z`OR7jP}359JMs6d$uXOEP!K1{@D3+!o0DiLg?Yzzbf@h34LKlw6v8i+m{(H@T%094
zrpUPdB-S~0wXw%(#-!1fTUP))Aj7{CLjW<s;F$dMZ&F1eys5}1!oz`%ao+nJi^$-O
z&Nn_h2*7uobtef^uj-Q(DX{-$ndX1YO$b1wY;wS=b}#8C`AV;<+lth!|52IdcfK$P
zAbOm2H|ZzyoN3@jQmLc-xKQ3+Q2)6hkIw|0j{m<%7N3b;y4u~Kl5@j9Wh3(W3^2nM
zV*hyy$vp!^er#T-!`h7ak;?kWWV=9<41{6LR#?2v*%r-UysWVJ+*FIY=eidmw;Jwz
z71+6Sygdtgmby%r4D4b|t9a`5aalZ|-J0&Y_e|xs#yYV*mbX9Nj<HT~`d&!lHzjl>
zV2Ake-}9J(K+O2^_X@1LAp!f%NNtSe+azwCk<}>*eQs$Loc57#ea%=~28Eturd536
zAq95b9Mt$mfhTGlZN|DAjy8XvvJ<{3YAiCS@tq=UD&?`t^^_ln*He{vhOr0kYITW_
z0%13|HNMlZK#Z}sHNMf{{pYK%E9*`q=4?f(tMxL?lpD-twn7X)|G~j|x}ZXSw*=`4
z>=8=Cb8gT7*z2+aDxr1^!$oP}1i|{CemfS_;hX6qys2-J<#Xh6zc2>D1h-_yU|(HR
z29HQaCbuM9^TFfROMJ<0{Q&W*koVf0_FHdx>?URV*>aai_Yz7VrYx#;AA+ox9%{RF
ztI<}*2U#zoB@8fI5#nmSM3d~+1!yS;b6787YoD~K(Uya^t(MM`PFeshW#BhD<O8=4
zzaf(fI=^e30%%LXd6r8BNp6LJw89fF$golGJ1)}(P^AuBq-IyX1ftBcJ<=;uqm+!7
z-;X)6bkoxD#&&g}tJVu=_H1D?<y5@<fdF)}(9YBaIzS%!XS&_+5&)kIKS}2D;aRfl
zI`7{Ix<C#AHJ6M9f1!gh?MPDxD?Fp-SpeOIg$n}ylZL-orXj%|5V2ey#`V<lRbbh*
zz!Wd}lt*%0eKTF{+c0k2o>Q;esf5F<qOU&7jup+hR>d|X3u|`cVR|cSI%^f8g;A#V
zZ4?({nU;im&$ILdeM6u6tkP@gtIL2G^N#JS*^=%i5;t`D$Yol&yd|bR`_9c250(53
zhU0o%I`#a5utb6sAM`QKaRXE$#b=)lmPVtnyoxKT>zl{2<FqNNE25zOdf?fc2m%*E
zOTUZ>hBO(1!JNQlrFO@H`G%1l9ZMiTpJ*~=njFDkZlD>q6s8BZ6vAZckF(XEw?Mqn
zrF?)_gF!UnUYaD1LY9A?B6Rr4yhYp&?;9ZHA2x!6BR8-t@29cMF*yIzz_G<Y#Ic3;
z*JB!U5!M-rdZQElW+_?Oj&V+rF$0QUgx&~CNpoaplPP_{d%7ABxBvXjDgD)G42ZGK
z$ku+cO8T$TDD63yLIx=BE!^h5BUR_LBv+l{Kgp;p5MAcaBcUw!=TRzLP$a)r7~8m(
z{XdbR7L1*|u|`SKT>aS~fRZfF(_HZVVc8!xhM0Sh<3d=&=PcJ_Jx?x7zU22wa?kp6
zKLV8BRz1z1ygy=%Ysvq2+v5HRFRmpeCSSz+B*|xTSs!y1-wp%M9e<1`@!+^#**B(u
z1C}=NQA~6-=j*kE5k*3lKMC-$ZHBehlVsA~+<;1p|6MMj99*{N9mbqzVNATK9-$9H
zKRyb@O(Vf<YtIZ`VJ<4(+NxPU=@yU5GaY9^aKF7x@Z<q~DBcZ2%;y=mgtF-w@bezU
z$==M6BQgXv^yxm&bAHl8Pr<3pSaE;PLyzrAY1m-RG3=~yIc{(J=mH|qu$1<cGx=uK
zQ?BHDe}{!Be+fL-dER^emP>4TvMDQoBuul@XbZqqL@FOx#tB{r!I>GWEa!`11M_vZ
zQ@(la>KgsbYK}BT4UwZdFw0V7zVVz*O+Z!XWU&!{5vZT}cR9|Ly#Ak~qAya%o>C1L
zD<e1X%~VgbN`0V6x*Zx%vbpxwZ{O{opWbKfDiG|4)hsx%KBF4AJ*SW!LKnyb9ssX8
zdWu^`jMB>*y>cICQEVl!gNf|OQ`4%wo+nWP2He+s7(o0K@*KD9LkkPN-LqZNAK1o-
zInpZ7{?Le7&?LLY9^1%JpdHg#qEz?5Sw^Xj{&x(m7GPvC2)19Cor+4l6UAGGQU}9t
zJk|LC#eAw017&!s6I^P479T0&KvLSpt-mZ;$D!b*MM;+JVC9s&&Z65wXAHcbtk@Q}
z?Lg@)dc#BeG$Gqg`UldOyar=i#^20Y<=7UD=rTH&#W$9K#gwq$z+W0M-s6b|g>=Z$
z10Hb^hk#%Ii}l4WU|&1Bp>28J5q;-k`arvVCWa+iC*=DZ`p>vH)z2I0V~k&|1*$ma
z=a4>%xJ|(dO#|YfZ)gIa9u6(*2WCNQM}l^I<VMg55a6K@Pi*dS_ET|-P=%z0*aGGD
zkJ92sF;SrJj~P#brNv`}AB)Ba6H9bN*{gx1QzIOAj8nq)K1ULs-;(G|H59ISchsaU
zeweo%Hs<65ve622)`%i#(o45E@`&9ym_Ccy81+=j=UcYtmTxmk2_60%I$UwfMi4`$
zJy@F8=w1XbS-b4sizgZ3<Wxw`d)Cm$<n398UFeo1xZ$kU{?D3xB4%2<O6fF@Wq~I1
zo<RD|qqM^&xwDzv3)|tdrp+4mRzf?+lee(P(ATH0VMO(p4`EsD{30IoUd4S(L3}Pq
z$|hihE@UYxO@YS(CZ9Wq>$h6v5D7y~z|zC^cIfKG;knzsbBd?qhWzeyvr!5QQFB?F
z`<%pVZKX%Xdji4d1TL-EQ&roo{KPZCi%lpDfp!i$L}JuM-O=l*$M6kryXsCue#f<~
z@zb=PV~{M7?Ym|&FAd+Ow_UNvav<G(Q%?qX?rbg0FrzkT4oVCArfg^(g=h!0u8Ch}
zo^809l27e17vt54jT>V~A|HeTZ!^T*HGWJh`Cblq>&FL))Vi}wvD0`W5XKdWGr~z>
z>0$b!#9~6+vMTE9Mi&2Be*Zs7^9rx(331`htMS#4ZnHefWkRaz5DxIjH5}yK00)W<
zmzz-@%8sTLeC1K~$h91F`pT1fD4QoXZ1KNI_{AaoqQKJf*&3I%3>z?ddFH|ng<ZD}
zX^N05gHi2BQis3TVT4fFwQ0MGVT;zd4o@KoA;jCz44}ZQU%S2FY#2IZpA9-fU>rZV
z#Fd&yceaS^lCsAa4>d+|c~bjCT%|||ef-cZ&;)6H!mheoh@9IEHfb-IS+r9KUVj2f
z2fBogxduAjCY<GGOvO=)^*7axo|ZyKH3F?ZM_3_cbb{6$Fl=8EB_J60Gl^L2c}^Yh
zcFDUiG$Q!Or8k?u^%W$36$)ZIZbS$u1%ZQXmJE~KCIGax|0W6c$_;7xFW)=P@be!T
zV%kbd*gm7JTOgbciLb|Nh0fGt7uj=Qz5Vncu$;Zdb<f@US1zZd!PF(kypw4Qao2y8
z+Zy#gmfHbkvTPd1mN1MRO6uV81!oXG!JbFeNpt)8tf996e7o>Om#=jSzRkba)PJsL
z?XBMbLzX7Z*(|xXpWE`Z7A?6ZpLm6y%y3>!q**#5-17*!`Uz=#t!Dk3{Y!@c$0kEt
z_5RJm23@|oqE#7am)W4S%w}p!@8S%~>fNOKq?h>Ds^v_Zb5x3JE!U>&Y0%z4n#8iT
z@u@fZF+)+G(#bBT@CYC|4*!W()WXRgoL~G1l{J@cR*M`=F{|ae!1oSv^DpOmlXE!h
zl?Fb!+l+<1P{T?0XzwBSHSiu)J*XUf>~Vgw*QRr+X8CO2CWThmR5dSUElxRgw?J9k
zxi{}@QQ3@lk!v^~f#W}N^JD}(DN^IQlrw?N(cV|Vq33&H5MiQ+X+>`wVNx6&&KFZ5
z$vyUZ=>de+?h};*x|K-s4gi8_7m)rGVb*&L=Jw7F2PbmvaRc<a;C&!B3JJ5NIcS$G
z>0r8D4HAt-q#633Qs8o-Z*1JP@u4QQvQ~M_1pp6|NKvRc(_tPDvZvdEZ4c(SA5IrU
zfN{@td9)Q>QL+=q8z+hd&FNwiy$(kWijhqN5vMT-9|<x`M5f(BdVkYkOTL*|OTC$?
zt&A7OTnEmv*?Ia5piwWgG%<gjVa*-T7y-65&Yc3S@&g*>pk4R)6Ur<6BN(hx8ab_H
zofjS*%jKRkD!b^cCDs#O^$!VN)=%E;Y)w3?-}bu6Cu@Xz^(PVynKQuhxfILFRaP)&
zN^9GOR`1iqwithLl|7A=p5s~-Vf2D!Z-cH)C6)xOijmM9HP#xV0uq@L4a?3yt!dsn
z%yO9cMz@a)$%)WiCk*ISE;G%R*a#|KhA_Ngeb`0c0rDr0y<>dONcMTSbTAhV7vn=C
zoVzl?8qYiKJxaJ!;UCQKlJzIcR&V)CD~jM)X0~c}8!~x4PU<Fn^D2l3KW#U=(LR)w
zi90|c!1l2ZFWal;0W%Uoc`qPmV0)j_jk-Ar#HK>}s*68t+udbKiUxIFHC3DA^P5l5
zL0auB1Kb^_N)K9`$hrPQzL>~;XdTOW^~*}L@)@n(kqOeE443xfvbZDTr-2(T?W=*?
zq4Xf(rh~h3KIpunKpapQ1zt1GJq4j<5-iuv`U=!Ew9G>u4!0sZhK_GXwj&K?_K&Xm
z>To1o4z}b?B&;OwI7)gCtaxa3^^~SB?Ebij@k|f2WYP(x1vol96gEs<y;NAa)ZV{j
zb4QUj`-IK5zS>Ur-r`fQTR9&-y(IPW32SM6H8+>JZ8vmOw{oQL^MHIh3y_mIx-=MO
z1X{n30#8@i>J9a?<i0D8Rd<mfHm~X<IlcgwSLo>t^|9ny7bmLA4ss1UvK~-0XXdNl
zKM2j#QygIlb$_K;_GFFZ)t_dCX4yosy6ig1Fvo&u+??y0*|9-15$ValL4QMtF{Pjz
z9C`)*y_`q-%<pm@DKNjwek7H&B-JUAvWz@)6it(;Gd^u_6iFKrNJpPOV07ty4sk6L
z85}Mf4=bFyBE`hFCTIs{vL2`Oc@r76U~is;?R2Ll&f{`UirL*>-fFmc(T(6Q?r8j+
zq3*I0PvdSHq&NBhL_)s5x8IUsf62rS?K~D@Z_An2X|6Jkk{gq%I~cO@a?+-o`B`G~
zbjVaFXc&31Mt3QH0luMBkVZVU5M_wS%SKl7rX_R@e*tPyDrn1Gj47eQgkNm08_F{e
zN-qi(h%&`5XYZ!yiCD?iYR7JlnKbcD+WuV@;GNTO;JaC*BzFA)bdT5;RL5dDqmpj@
zy&u7&j-Rbg)0vm_-aS!{wjU^1wB3G1r}ho7k0AZ-z*1Z_vRQ9@B(7<ZUMxGaxLal~
zu+_#q9d;AT0ezO@q(v9$Mjl9(ldhu+baRGcD|VoRDg3i1rgRknp1tC4CZ(QU9puoO
z-a<#DSAhg_VIT+?qbfSUOlw9GRTT=;>_iMUFK^?e5-G|BytR3gf#c!dl8b5H^*sCT
zL%&xO#2jt2K+XDs)x`<2vQOx{8f6_tJC@YHjRQBHWhA!kbA$A-hWiZMDP%ePR!upZ
z@pIAU+OpTFTe|mbUi#7M-=zL<UHe)twS3o8jc{cLN_kk!=XQU0&|4znHN)p(viU(c
z2b>wSj3a-T7M4d`5=b|nHK4e6AnFsQq1<r5O2<_W6vj}0zs?<QQ%~diO}@B87kx{v
zOH3nRzC1y*#8k}+JgNn#IXpsba;G=-FWc@lOnGkc|D(JN8xYkcJ>5SQZ*Ea2+a6v&
z`v+-k(_CDVSaVQWt2Z{*_tjlfo5O0|)JCkhB&g<~yq0!sto^IIhBlGay5Y~}u&2Jp
zjHg5(@)tE@f~z+Qs-;$!Fj^A-Y?C`*7ptc4qYK3dyWdySw@vt#iGP}hOZ}Dk@7X3o
z^|L}@<pfd2)Wi=5N%yR|{uQXqf#eCwT+qVE7SB7Y$ksM|$|ilXyyS=SJ-xP?lWZ)B
z<(*G!1v^ReCKlp0HWE^2iXB4v<a<8bE(vy0=YbIS9aCZoX1Hs#a}RmCpEi8$e~?H1
z{k~s{(FbMxccIVZxw?h0gkTSr$-h(krO2c&dI)(OS<UZfa}ao~<{0v6Z%A|C3FMUc
z?Y|o@xp6oVt2e*fzXD_HMyMUl1Wq|%Z*{!Uz>uwC@+#}Ycmmw`h`6(b*St}c=yg~=
zn6@u`R08wcV#(NOnb^Eu3*cG}8`D-zUXWNjOpTQ@UVye8rw=H2b<&(u+U+VZ6pZr*
zkFMj7&s1Q$q0DmOuRni0@3?E&67_8wHi!+aPrKaFixT)2f$mb^&o}fVT<C0?_I`5J
z^Nf?4cC7My4IF6W6kdknqF&z3n{oB*mP(%&_1Qia@}$+bzX*%e$BmNGcR49KPJ(%R
z9qnoCZU~{6mL*lPh>>>3EwJiu*n*P?z2oU%m&?(C(!CAg!7I?EZX$#j`Ua#txffy;
zVYUiZ%NCnMC+sNv-DKb8tT3Gx^1*Z}#fa~&`*=D_mwmdeP*{&cV4B&A+Z9fh2O@yn
zjkE$AhpmVCW_1{)CYvX(y(L_2UwY8zJr<&w35nl|9ga?k{O)vp+_P%_OQmqk=+K?-
zeCvZ!yTUQ!(U8b7gIiV=*Jp<|x5ooi4zs~~l2^0tE=QO+(-%F~EP3_4CKy5*J^pAn
z+Km`2@E;5zye}POKL$!eb{g&|SW=@$lofRpYRKcuwlG;HrI_EGVH$QG6fu~JJ(L!r
zGq@p+Zf`KzhtzMkB*<af^MYBg^q)W2H@&1`YS=V^Dchs}zu&8#4=+~>(@Z|eh&ti=
zt}l6MdJXnZ0W13xVfGI7(uma_rv@7fjo5}+B-UJ5E1i_xxc}Ieu$6={y9qoXTogXN
zS%2fuEqBEohl{oiG{t}BNis2|rK|u*p0dh6)8Q$#b8YaQEO#Hmc2HT-cCyx}T8WK3
z{G2%`yc_rmwX!QQ?|3ZQ@{LO$*NV(*)Jwm892xPs$oGK#)GSe`gI2D%;ZqXcPjLH<
zkEnd<#+c}*B<zXZ2imkIeSX$%AJ~X07oXLNb|+v@{%-mlj?!?L%%s-eCPOUO-{Ls8
z-g%+SQqi?|x42Wd7={(T@a#VF&YLF)!*lSFw6tpb+KBOvHXz{z{9UjnAy?l+fKUf(
z5NPpE6}8cyrZc<}&f50}n58rqpA=D>#%C43i&Mo?qtGxli1$@Z&@=`AGbW9|Y>d`i
zhG96`vJ*y7QsP=rd8hvm%d}Pl5cUu7!=aL$Fo0qa^MlIU{0SJXISv1`7&UAgS*>jv
zsnL&Fv39D~Q})>tG&-<(hpb;coE@>!_HNo=Z~xB)Q{bE7U&(El4eq?CCu(mA!bUfO
z;Jnw1*K+UDs!aguQ_=eDP@ww~YjW<v8I_5T--g|X3xdkOnx=>90H1#a&Y8@FKJ@b5
zVPbi!{{_PahoR5^!NNT&DsTM*yxXUA2(98hXY>-B@wtS|x|ziVYe{;}K~=SP!r0)K
zQ%$YEm=6>9JH7;Je7z$>Wn}S!)h0NHprTqafxq{QB-s{SEqmOlb;+kOTx**TB_tDC
zz9l3YTE1Wskme6WlaOorMvzQs{D3dXgu1WSPte;T!QsHcS!d=crMIEUDS14m3eYj_
zisvlFMHK!C^mn-t|G^t_b!dHWcoDp|*BXs`wejU8{x%HOMbKL2E2Gz%#ZVh(>dk~2
zwAMuom6zf@a#T54@t)0=$~DFJVxYVizX<*V_X6WNi~S85@L3EsOtIoQ^ZlPO;9HLG
zh15!3XW1YuDjG@w4645a%n+aT7;5fBFTUX*CF0#-1N&wyNC*q^t{oXnIGt2NIS%f!
z@nqwQteHt&4Ao7<tPaEkYJ9mPLuo4Q%Yd11AEYS3Lun-W0^P`yf`BXQq2vf^n#cQ$
zLQ&!|u62Goa-S#7JC~=!DG(%YAb5e##F^|37#_4f1<OfPQA8x<5t^dcp@6uG{i+Y%
zW1j~pPc>giSgrVE9C?Q3dJbMKnLw@9hQVz36#)-xIXg(lDgvCXGvK7XtcGz6w-WAX
zJP&@KEgQfsLvD)oa4)c&Z||pM#=KoDvaaWN%H-UJ`#;HyOFor}S5Ve_07U?)DIl6N
zjJxUy&)<PtmCqS=g%Ix8Cso1zVk+b>z+Cv;f!xMVssi2tK95sDy*TkeFThXZz|W!g
z@8y2r4De@A(RePj=b!G(NWbwBO4tkk2wABwkEe(OKLcaNY5w{<=vf~a-Y_M7t7&go
zD3k)y3g&%eQhwWGfnfsA1CcYq<SB5#y+IWSZs&9)2N1Ty4M9TqJVDr?b`1FZjisGm
z9Dxs<Rq7cJ9#Ydul6TzpBR9PB7~jbMSvY6#T`Vr>gFj3je51f;aL!-~EUxwkfJ@l=
zi*yqC*MG|cV$SOwMw`-U{)x$voUJnjok*6?0W1~w)#oi)+xb?yYK~1c;2NYn37z4l
zT*jIyT3d%dog^0crz1t|&FWce?zuLcvrI>Ll;a*{{`PD-=!`4;>Xh-Eg~ihJRY`Gv
zJV{MurkdJFZ>W~0;vXg-$r&gDII-B_Kup_4PD>y&`9-O=I*yIaROVW$7|AfyqLF27
z5yuu$nWI?C+nXRc`Q?c=rRksMP3_*Q9MRvA=S@{=B>SpM#pDlE$FP=|$g)rjzv+rI
zmKFMESh;Ho{&TDxpjpFNL<$&%7Hff2@v1Bh)!5*LXp^^@Eu6QRX8V%}lASvAs@o5K
z5Tf~Nn~4`tLi{(Pg);m5;{HSkbI)6_Z&`w*bnP(Y`0*|A5X6oEx)UscM{ZA=MWtEN
z2AI(!@MICBANda`U9~dIT%F1&dK!f8%1DY(LGQ7tpf{N`OrQb$GinQFVCNmnmj#HE
zV~R@*GXK5gpB7j3ta0R~A&LqA1Gw=05f)Ad=+E0u`>B%O#$3`gNV`Tr?pgchhU0Hu
zgyn-b4uw96V<(LTn#x_RbD))&`qDJ@->3>Ok`-{7`2V-;GL4~sb7cAW-9urhp47zp
zZ4Vm5vd0_FKbuyO%}W#i4m=MV!!ovwnt<lo@^R9`uTVYhBs)Cf{yIeD2h$2o(&YaF
zUDn#LPM3-acG9U%qb3b&van5~3Jg}4-#Q7=>292Uq6~j-BkPX#*X1}-2KZ4%j`ej7
ze~t7r;%VwC5o#{ey^-3J4lE+Jrm&KY`kzhY6A@ZdSk?wGjwY%Sq39yo8!0vE5KTjN
zg~SO5i}|AVZs;G`#R<wl%{@*lTEqVKVmA;U5o&1NC%yY)&@eX-8_zIztQ=9*sv*A^
zJU1xagJ6evxU9Xcl<vKmKF0aWKrwiE5XB*9JFPt3YVDQPu|G6V*(H`DKDMYJc!|;C
zx4qzTOlH!Kzn*3|!&B@L=sXDdwEml!CXoFij59`$vT*{)-^`lQ(Jd1WiE9yOHC}Ak
ze|My*3>WQ#H-X&9c(#p}bm5RN@G{6P@+X*q-T1wt1|7@R(aVMN>*WF)ese&E8HIa7
zhAY>8X?1hw7e`hx*cWXL_k<iX&1;<g>JCTH9*Ef<f^ci=y{rT!F0AOzK<S3lHazC_
zqU(Y|b4J){UGnKi6z7C{w=)>t1l&DL3nL9EHP?sSJTvrx+$)0?IsDpPdB)l_Sb1i>
zFI-3CKaL;(J|^sXIDft(2jrQ3U$<bBk&P3_>l?%P_RFnCUSD>(k21t7*Ybv(!LP(m
z%x?y)c+DTKTpX9f=r&KKrd`9g_l%ECG;&GsU#1^Az=FnBc;@vsKdOqDj}mHSanxUS
zmTSD|{&SfzgQVI*F}5u3c~i|9ewph$dakIgQNUI_LaHV?cQiqI{tJ`G`BT~|a&#Bh
z>V<v#=he5&>QS=#+ftEc^VW1ekx?S!i+j{lLpS6}9V%Bm6MX{lX68b!79A2tLL6;5
z;%SMmT0fa?wN4+fcv4FYi)!&jsr6^6?wOB@hTi1}D}@o%4<X#C6NCDyqsM|1E$BN}
z`0Mt{f_+}O8s(fFt9P_Mx+Fnf9iOvM{(>DQsKI-SHn+c8Qj~SU@Geo<e-<7;(h`KE
z4&^I`_T|BTuc&23EJxAhF|yP)^ZB?@kM=nJgo2e;As^dlQi7$NOigZ%ma?=JvxOW(
zNkKMWgr!`T)^Pq9Z{d~1EGhWNw^)<w+0mX!^Ud(<@S9DGoWpAFq$9rPPb}WL5fp+Z
zAE$f>fi{EjNdw}+&D2MPkHLvXbP#+FSPKvny(bAs0v`yU1apb-0L;2J;Gk5n-;O(^
zZQSkZy#^A`hSz;7DOcyMiUFv7fxk)8l;&Zv05J3yXM^Lf%&{D>DbJiMJdkvgH7|9s
zx~kYEVR+yjxYJN`NhM`zcU9v(f685~>gpS8B{DMWU%oU}SC``F_1GuDG3)Q7(t6xw
zCuFj)os><SN(kKJ89x;&bv?mqWm;z&_FEL6lWS4qI4!?f=bmzsKflQBN$;p$uRGjl
z;m#memc1I!edGbhssnq0GhuOW4=XAVkI5a+0QyZg_vA6)fZB%Uz{awZmrqR6_K)Wb
zy1b@lW<Oc4e8F$xZJ&O`-ncSh-x3HKz9SO`Ct%~M3s$xaZ9p%KPJdq*Rp{elgtbuH
z>hH&w%Z9-%qJ`MF^Ip}ON3&^}*bcG7rk!hleGz7D9!<bjnemFhx;v0`^7A7qEt4PS
zro(fOl+UzG)i9htWDQJu(?Q82WrUWgrpuwkLC1=EoD%jAQX%!eOYS@LGg}5+@^}h)
zS`NYq9|_0;HHgFc+WtUIqefBK?+|o0Tk9TqQ|#b|Ugr{`+W}_*@4OQAzt;;SSJg*x
zS-01xoBlO@jv`^E9P!8E%XlVd{+1Xm4|y}h<jfU_zYbqXw$YlL##)u}gtf0qy4r<S
zGR`&yrGJ{aH8~bG7Fya#V+ntkSF@^fl4@0k6D+?f$!Ql_$ne<|<X)TnO5>7iUtjA|
z6<9rXw#hDy7^#VFyf%|0RfqE}DOKgN3N2LlA_{XAM|lf>GEGM)+@YU|1JgM7{WF+0
zJc&i-ItBzP_T<o#N+K?TuD6TI8q)UffK46?Qqh?q5Z0b45m8l02Y&H^uAfYZn+34(
z1ib;&G-Ck14u||Jy5LrD$X^f+>FqB1Z>SgG+L8<RAm)h#JHW$@0n|JQ5Cse_2<YPa
zi>1JgkOqkMgfoGW^gL-MU9oUr421$G0tX=47V26#hjS>><_(+N?tu2}@M5GHd?Ln6
zCse4K!#YbfXeBtDGH4-&yS_h>=bXbCn=)u77!zr8XCk-rL&|f`;&h3$0h!Pb8;DA6
zd6RTtO{Ko}896Z4z4Y%x{kHwB>6rEsQvzRPSOO|U>nfekJtdq~!u{2PRNJiF8B5!=
z$hlU_>?f$!YMB-~=W3Z1I47XNm!M@_pqij%n(GYEGRx%ypq1(mG_I38SqrZocwHpx
zloT=sHWzDNcg_INEbnM<d>Wou-4jLUPiP;GXqcy(s%Zk^uR&sK6p*Z82*q_x^-1Dv
zlannUxV6q|PmB>hsSm$2Iwa$11)a!oHiK3>W$l=Tr+W4o!L#(k$p%hbS;;0&vEjBc
zLvq}W(u`z04WOP*S$2RumrR(Z7JPtla+3aWn5G6CYD7v}RSpV}d)cQf#a#-rkt;6(
zadqM|0R*|)Ln!3oS}v6dsl}#DR+BwijGBG)R$vph*kaR|8WjzhfEwBI1e{v#HhGuI
zSR5DbhX+OXS{ae+_gdMJXvL0Pk7;3F{T<%1*>m(g>oE}ao;(IORV}-i0mPRE_SAKy
z2KIn;rFwRU^?P;94n^09af!{AqqkPg9AmK1eLt3CrmJKd^T8QMGw}+sANX)I6&90c
zNtcpmBVE6x0?7zFn~=2Bf$d1WtDU~$5IVX~*hqCjTsmlw1F!gd;~honu&8;&v6bh|
z^bUt(Do@<>F66PcCsumr+<fI{^Z&~P2FCnT;)_2=0V7L?%A9SXoxo^a^4gT#!KR#5
zP9Hk86ZlqpXYsAx&cR!LWNk8VN)EEw=>9?>eSCQNVBby5OYd4bPq}&3W(@N0PbRTz
z4RctzthroNWN?h_x41PIXC(6NR|e{hl~2`9*-UNL=55sGIhAW*hdGxArXIzm*6AJ<
zPC8GW?1<8(Ew}G^0@H{F_vYQiMF)eH|C>o5KK-rz{}PRSrP@^sb=t@&p*4tVOKR+x
zphd(r{JPGo+9as1uzUjO$DOkckmzKv(y8pCSZ*-#dpw{$Kh<CW$FwRqD_${ph0P+Y
zG1L}HsOD6j=|@8I|I$igzg;CqmPt%DZ*)$5_2eh%Qt`16i}yfidey@6|3r?3rq?W(
zl^kobc#nn7nRgCqA*<BRi%BG`I=6*~n=CukQFLZUv~;ez%O2;6*>btVFCq3MTsrrk
zkUji{xtP1f%*+gYal^OS7pfRpRC>Ext_VrZYBj1$r`s6Tw~((<^D)?406cT^8BPqx
zV~arE&nCjv5`Y-lv0=bHl|$Dw;zG5f`lu`)2rUmdJ62kJ?&$158s|a?smj!{)?xQ<
zK|ly8$JDagA&`2E$t3Q$!1Gs-rJ!x}O!d^`gybao^XF!!tEli&;RDTaL(Qu7S3oZG
zZgD|w?GOH#(i&GVfAd`VUQ*2GQ;EX9n70W(oOM)b>6Ond-A(^6)?fC&3-b$srr&?s
z^^g2NqL5yNA>%2IoJ0j*&coQiTwax&3}ymVi~Kh)G$~254WFTb_SNPDaxxBl?9{Km
z3r_!-bg$yUU2yt`B&DI#*2X?1MLD%PACajcagf-EUWeCY$>s|nr%0I>eN*X09_`eI
z3x4?c0PuhD_8wqOEo<NRwu^|U2uN3vB2~I{0qGs26A&q(_ka)}Dowf+=|y@c(mM!9
zmrz3QO<L$J5Foq>=q~5%eV%iD&-cF9bzi^C{AcD~Ls(gBX4cHCwXVG3y0@9dkX5N7
zR%fQp6$*g0!!S?W`Y`^{oK&8uzLVtHtBQ@ADCmH>{0hhemk}~PShuyU_GFKpvXhwe
z!?E6zuGOmb4I_Mz%{Pj5NVlPL<%x%r9&+OT=00t?@HU!i?t)E71!k^<aF_L($K}-F
z)wz~h2rg~S2Ajb8R(@7Reb)}mIJer_1U^yybi;$AIu(3DvGR1svf_w%#I~D#zIZut
zan@y+?8wA<7c&Fa?ky7Oy84QIc1>*SH4?vD9Z5d3|82EX5ZbmPNH_CoJ;@(l1X<;!
zu=%D%DNMFFJ@Ez~*6A;}I9FTowe>i?mBs1wuI>ujIMLA13DB*yuN1N&(k(WUFIb2F
z(`cdr-PC%WmnnDnC|lL#T)`by%{%=9NlB}&$3{bQbk&K2icT85cpM5%f$*nmoO1kl
z#R_5rX3=(}IcJ{^qzmyr(wPQ*W?6iAItf0!nFhJ=F9T+#&+zavlV><N<9&SKN)Dvv
z3SwPm(GH}v*!a_x$ANqo)aYKd;6&S9%*oK_I?;kBaUE)fC$Sxps3x)Poxw~siF*$N
zt~C;PBHNl7Jdqm{Du~_pGUJh}HW($y0C23unkh!_$D4J>U~s15!L6g6x=JjtiM-fw
z(|OnjlMxdxk3G+=4xcn1Rl|658Yo$m1H*ntUkRN&xUVEPLl8I`o*`&9>X1=8fQ=gV
z!D%tz_#Ir~1u>3IX=Jn$PnTn*dE{JSX>{@!EMh~8Vc}yooif|P1L%ajUbLsB#Sy+;
zlG&}9hP>A+WO8nvem15M&an}paKVAlR)di@tpP=LF$pW^*o_6AV!Vt}5xq<~OHV&F
zxx7bE)rn@y+;+99jV_r9q``IkH*Uj8;M+9EoN=5D(gg9G4gTW_?Q0P@3bE5h$h5`b
z1(&4F1k=tIup2s&dJDChoybv~AZXK~vngZ)`Hid?4>N;BrikqaKlg}gmlJLM^bqK{
zDp-GL3&H0BXoVsUKos=_I};V(oeg`PXU(Vla(}$iyyfFgN0e}4F!e5AthG3KpE>#~
zW?^0Uu#dTu#u0&aIkh+iJi5KWGzm2JRo5wdTz3@Bfjq^J9ZB8ZF+E}($Ly~UTem({
zEZ5@h@AYwF>SS5d#5|1!^cME5>5XtvbhkKc>aNBmFaR?<MzSfc8EH5P2<yP@KDX+>
z#qPV(8O&8^$bZZE^g4M=epss-g=8h<CaPo`^Nw*=<UXTq*rH4Nn8wWf>VB~5c%nbt
zJyD}tkd?P&u5n%|Sg*AUQQ<<t1D#s{jn@R%588F}!L%0Bm^${p=;HI!1Sqtn5ELzW
zG4Var;D3mT8K0ZI5Yu9lLPts-ekbZn9zH)sfI@2uypVpe$zEvHQI~nHNuhOMVyxJr
zO0{39yI?gDHrRHuHgP($mNawv3Ros{EwArFIpXaA-zyL@CB(gBOc=RU|CQBUHxjU1
zLNNwU1i<0%j7LZ(zT{-K&UM>Q-E{r_TqCcKFxRn}0Z^!|kvB+~3u=x{^mJRr?M1j>
zo4XxCbz^7AMVUK|Uwt`v4Ah#fuv;jYE8ui5xP|Q*5o?3p2tcs4daViP%@aMJs5!!s
zbkss$qUyLXbG6RU_{5Gm^7Jyqe`scJgisJz;eKgy>BPn!Y~oZnugk<sjI0?L1G)qk
zZ*e21)^}<zZ8)9+p0&<xw1903TDv<b2ed*~@+3in6N1F3=zvY&fy40?bYH99>PghJ
zyAWnK7^m!3p=tDO3p9PToG9_$$QL29L0}WgQZoq;Q9K|xR|g@mrrHs7CD&nFUVBnb
z*sZ!(Wh`GVm@~#QU=_7eCJP!%Z`X5ORS<N_+@1W+qW?OIl^4Xrk1;DAL_9wTmcX~D
zkhx+4aL6pEEY92`tBzWFOG5E9^->4l=T$9<(wS&VdW&ytLC<JAb&OmBzFSB2GTT>Z
z-Qww-F>x7tXv06B#{@J!Wa!k;s_Q6v8I|0n?I1_n!LB@*Xc+78osoR+hNSW9mR#~r
zo<-yl#-Euk8I#b1OH*MUBO|Q*M;tH@E&gEMQx2Hx#32j+l<{Kqx?5DjMo}@qInw!A
zz42n{YE5LqP|=RIlU^sxVuXa5Kh+pmvKknf&`SXWjvVIkC&eXnQ@}=vfK~wxWfQz(
z>r7V8)@9FlbmBvqVQoY}qX3S=iR1EUB$1VX$)vFZOPs?<eCL8L_hJ!mR9A&%i!ldF
zoZU!Zr-?529P>g|vu=4bg2-Va%&qN(gq+d07qm_`G}K^AnmJnb0=3rCm5TNkI?^MK
zEmkzfn9m4?jF)Wb{>y=Ju!`ltSXkC_pn0tw0V#WO$GVl#H!q3(VF_9}(?&;HIp8-(
ziQn-vYGQ<3U^8Nv%V4)=5X)dUXGqOpPqS;`f>k(?@Fdv5e?b{e!j+(G#cnM+N6Tp~
zno7%Q&Nr9AVZ=umCyA+xJaBwLxy&U({z<F~XS%7(Tn4B0PpAm6G|#CBSikQ5)<WZ?
z`?^)$8k2Xj)+I1{^22h_ABdgIS`Lbvtia+tWE31XU4e5BI$x;;!7!H)oJmuaOSD|C
zRK#dO^-m^jWROQJQ%luusT<otVXh%*lhoPBgY`-JY^2nRVBPGIdphz+W&`=@)}f5f
z1owO{>82XqLC#e-HL<#s3;Mlpp$i_%b*;IiQk2DbfumO?tS+UNy;C0hnq~E>pZlpf
z+5J*H-GVCxeHZhCo`Durpl>E!WUVgpj9gyfepe;`*_t40>@3JUZJ_gff=H?SO25?w
z5H@HV#r)YCH;X@0e6hq7H*4(T%Bnu_ly7G!rXF?-T7dGGi!VSqP66NbfoPEhDkCf$
zBW)bc%n(f%Q~&MQ^Sf{x7Fm9SrYT%!5!kUd(1UpgpZ)Z6vGB~Q;<F=yGoAfQ(BZWh
zh!RoaYpkaTzp-e@$1O<`NW@Q6YoFrnMp~XlUs|hFO3T|%K3?P+Rm<S*-i|6h{=o#P
zJWksV?@(kA&OT0~6=21FjIJ?|$Z(CReHUt5^~6Gv9V}gt_<CQ&gvw}NghYqY(8752
z2}#_?LL3u_3M?_K*vh^vXyjVViL_OP59ZTdX}_#}QriR)HX?iGrKm!kXsBaWTPyx!
zGY%G3-_ehYg`b357~AK|DYVUd4eB<nf<|;1;}qK$tYRJTiicuqVXGh$C<i!UfXZZ#
zFLy|*7PbOXhZeg6A_IzajkftP`|#JmW}OS)Bs3##>H#<7?jO@$t@mp{u<J!^Jpv1V
zpTsYAPN>xp)*&*kqu&wV_lV9%SOS2Es_(=jhb&G7oo=BC8)2A^8Ee$x%LUaKMPs2)
zm;haL<zpm)eZBhnP{)aOWzxr^QhR-)g}C`TdZc(IYlk}<?=VinQ7Q3Jk$9$cZ?=wO
zW5-Pj6292g`0TQAHSPv+0$t7qUIM1L(ebb**YR}=8*E$kfld8w-wFu5_9UOKL#f-|
zhjO~7G0f|B6Tz2iBLRA1yQC?Y<;e=iE+aUT;P*pcIv0b5oOdgoPf+tlBL(T<eREFw
zR+X4dq&PASqA<x8A24NHQoG6ACo6V84Y~aYuiI{)I_%Ja7^)++5EJ>3X6s<ag{?Sf
z%^uur09bI?L5Eo#wc+-IE2*@sRYPc*5sK=dgCH1%pQ{RFKS}Jrr)d6`g7lSdw-95m
zA}X&qtXRz6>0q^3XfBU))fVOa?1VoaO`&jjE3>8)zof3bSYa<bqrPd^IU0Q{d@9uO
zkTkbWLSMBgD(U9_c5JSmDq`<tIRDsaae@^EW_ORJ7sU3O?*!CSu64smt-9YOHH{sU
zPcAHOmSL9MV}^5|{nm{vWPQPk8N9`ADD|_iLuS+Tb22(Fb~3tyojmuD6LUe+Ud4r^
zZ<$|6lUjh<r#T!#)sCe;37yu>_0!yLgjd|~^jmps`Rn}f4v6Z4HeOM$e@!@Gsq?Mg
z^t7}d!N0Q!z5n%r{{hc2Klcpfc)(FnC9J+RsyHD*-wtdsxU|d5?_L1gU^+qU^Yhn-
zRBvH6gSn7c4&QM?S0BaMvaUDX#w;71<f++Z9o<+ZZ#D^ZsScE63(lvE`xbGecu<pl
zB-~VUBwvoJ`AzkJ*W;c3tl2SLktHyyxHp}uDlz2J*2Vbs!XXoW2P$0@ahvmkP+-V(
z>LfaPjM0`*=$(ZvGj?UHtQIxWSqL^1x3jl!_09~UP0%NQk_QLMtI^OMiQd~tVAKmK
zZ`9J-($js5Yj+2I6B4>6cgynBmU{vnYU%m|Gqb-22RPgH26xiG*p_?Jr+kj$4c(--
z!=`o3wZ&P1_z>jmMcogWmO#EmT$?-tPxg44eR#*e1~{JZgxmie!aKSm#^u`o2Bj1+
zOg1{+skWTK4TW!TFjI4vny`(%=FUy~nv0kY&>KR`6vAhOnKO<xq|gS7ExH5Mnp@CT
zk~fzoKk&@RovlT%BZBRh)|{^ns=+<)BQ;~T)Eb&`9e=AhtEw5KILEQn3bdmZN@5<p
zOKjyAQ1(q+XEue|t~av6R94q=EW)vL!V|OP)@L&{t$MBX&2LR_ZVUGk;2T`FTOOUi
z<`|#kCM8RW=_hVKJPBP1c?n5FQ4dgMqowvFbA(m?B&nhdWgv3PAx}=&(uFg2TO-iX
zeSeqlkD@GK`ei-t_tB25Q^Hzx$G-_sU7Nk~j9#n2P=zAgslefs(b}eqmcO0_sh3nB
z4U*5XPyvLm#J(I#tD+s?%En5gTDmK7FQ?K_v;#cZbuoQBs@RYjP<JK%<zgBiPzD3K
z0p4twG=KTy30FGI>j5XFt<nM##v)NbmD4m7-GFd77TIX&J;fY|$_Yn0BxAQb0v*#Q
ztO}4W(!G|>M?WBveM<(UWZnrV`N1-3Pi$2gP&VFNP?uJXxEvqt2&%n@c}8WEv_7XF
zFoY=J2wT@xED}I6t$G9Jc;B!j`qmcW?|W{5U`W12aKcV4>`-sf4eEgTAqz#PqikeO
z(^0GgkZiQ<o__36#d_6UjmlG;XLGJky8w$j`XQ_pr{ZpA%TskSR!aeuP*)h<B$64j
zJ~r(;-jZG*2QtoKgpZ#HwJc<^!p9fV85z>}I0j;}VR9go*tk9NpfpCF#go&*{^aai
z@)~UwNf(JgW;wEOLiQX*RbfJ=f@eI-dUkaM?$C19uih2(aeeu!Rb28;C+~(1^3AGa
z%X0q>qw5yOgQWn#*ucNx<n)NN9`Ytmpm!g?55h4xmt>1OT(y>D$B4dCK9fs7ZSk?7
z%x2mNGqnH8-img}1Pdq3+)3xH+H{ELkr^JmzyQ|sbd7W&P<VE<8ic1h^z<({H6%4T
z6q41EsdAJb0*<B*E?cbESY?YO4!g?_?bcU%AUN>0a}nj}h0%P_n(`?Ke7q2wzjxY4
z9>QwHR9|Ick;7&V)`gbtgA0bVhwg)dl+U1FrH9xkYYq*o$1LA5tziOJA$~kFHjC4$
z8Z=*jCC!Unm|t_9wPohn#YE~wUi&k&PHWa&Zk>6v%M6H1AGon6SdbKho<smKd(lRh
zrV||ua6LWc0=q7gMsv5t<FWI2=>zb0Vi5Xhr`aUw0|MEh3IW6AD*A5Sx$T<O<*CXH
zV?YWb-$I)uq0v3ztNYlkh_w_;V&iK1G4T<W4kzWZfFi)}Qk)Su+|nj&O}?mBx{RlN
zpLS&O@z|M2Yz%&0cFpMT@b|97M{X5S81c6`eO!AmCQ{~UdF>A&Mc!aA<Ee#ebm^1t
zqxVd#ZWMESYsEF@t@0SxKRJ>gvFY$o-H$7pia5#m@1+qZjr|XK#KyJs2yrde4p-&D
zfFiw!y_7#B)Z0A#wts=^$Gry#kwMSAYg+h4ltzMWzYD&`VtTD72X{OIuRRUCwiUh_
z`s0Y{L|9OS_#Q~4=SrNTh$=BBNJJSMT^f%T>~lFg=LE-pxKFiCV0S3|4Js>q`9!H7
zU;G?TKT}=Z73;xI-g(%~_C5?5^tu=s<WhsZiM7@SW9~A3Pi!=bv;c+D8uvir${Ln^
zgyI0@{$F7G%y`wY`E9}d9>PmiDOrr~3$9l^TJnEY99^pQeU!<>il~@7K<lKppGqE!
zt^&g%$*SOHSzGep)+dz06Fap;#6}@Y;Tb|^EB_@Hgr+NnqOT;de^&M9OV3h$ukd6g
zBIS3yUcX9pO5%3QV)IIf`yKrb?&auL@aQi0i8+%r3xC&)EMTl_Mm82%z_aN4L>yPz
zrI?SohYrG>jsD?9lDqP~+`Xu-<`kION_-0J$tbM}NI`k=9u_y3;x8nq>e@-~OWDtE
z913O(+N`gcAF)w>eM<RFv1o07=cjd2b~rJUiF|h&u_+(ZDj$<BcedWzFS7(|=$GXp
zE*~!-0}~H}s(~J@rco5O;31L`mZK4;qmlh_(7HZm`AuYbJ+{4~T|ZJbvX+Mw+^Oat
zTT>m=h>u$vJsGnY3)d4in?FelMTSdEDw4XKMGE^ANf}Sletm=?kpmTrJ07{9?(zX>
z$+>YsOKLH5E-<!W1$7y-nB1@GYpLoRtiYNR#>)GgqRI>N<yeOFxYpF*{|g)m)>~<D
z6ytEjJ^clXXsxF2q$YzXim+BbmhY4t)i}j*Ppfg5;iFH@wbM<4@f<9p4V%d69@m&e
z<};2Bq!rMDxUzF&*1Sd(R=36?xQg?o^{kLKstVCIO>T5)P+E7c<y>ifd6apdMtEK9
z?!Z4ui)l0Qobll}i$;ySF}4b%FzF^<vuAX8i)pkXTsS$>N?kE#&o~IGAxDKX-#H(r
zEsV=O<KbFtIUW^ss0QjCE*{_>)1Yq<&)u!T-#}6vs~0hm$wa0S0NM<$Y-{>i?@ntC
zGvc-vZ;j`L3E+dVo4uacVpb$Ekb9?YF+kRhj@9h#?b%owB*WC&CAWAE?iYM*wKMLE
z)BUk;?sjo#T3a`2H3740*=D<u4Vid}@{9im_*N!cBr`TOZCG)Us`XRFjij$!LJQhw
zD=>xp6b-n9g1SFbB{iRJ1Fap8c*`wp3D87I$YE`_3;N%pHk}W^ZY0i!(HnEtm>nZu
ze64@|n<xG3)Fy#|*PU;9MXRYJJw^2mt+rQ$f*I{F%dF{aF*`GXDrmGyR~Zk0<FVpo
z(j}oU{(nWYgi2xPOUuWEWYWKapMHSp=vbi@6Yoe@+H-!K&g=uD6<wovY9SYdkq4~d
zwNa<QBInE+M<?S?3YAL{0T{TIl_y=ohGFh*<G3{&56D;6nlL-<2Jh|Lty6^v#lIy8
zS4&{sJ7BEQSLah~Hp{n22V>spQ4c#QpTSJ{!|X|%kI15<bJlwoGAE<EI0tRTJ9sSg
zY1gTsC3E65aB;mAxK(b;ZD~-rL)5)PSZ<QesB_w)ygEKTC}8=zmsY*dPtEc*VVq_&
zHYgsaS@Ku(mlKX@mIO7!z~el)WLhPm;=e=9(ui<ExA2p=j#kN^&<tyhMAxR8G6s|t
zVZc}Onj?U_*z|t_fU!s>iW0#NW!YKjGX%Ki$%cT|@DpA+1aOy|Is^c&xvY9GH8(uF
zykMRhz+Gkf3l;u&1+P7Gho>31EBx1(M<*ZozO0(`!o}1f(SMC`fyMb~$XXcN+rj)0
z-omCo_{%emeoHw=-fM!~;cpDwg)$1n^Nu3xJDRwFS3hf73E3THw(g2HWFS|aiN4YL
z($b>0jL5;Yp@qoGtT&R#L3nSUp4;#y!JF@MCI&yNS-D0TMIn^4soYFN?7%+(ON~*p
zbR;ALl=O;|0d%)A(jiE?(WO~`=ZaGWOc&!h#9p&GlGw_n_jlNd=c?+Q5(9-T_KMa2
z1H=dY^9Z#Vi`0$s+q6SVA6c9WxnH%t=jD)7f#qKr6=3f*5=>8D9MO#m_oDnTTbv8|
zAPg(&CVUXa6?#80VRf#aC1LP;3hqtf`z%j&UsZgyeK&Kl>59*}Fz)K3(`}0&u@-E~
z2UhIeEKi&n<Tw}K&D^-D@v7ot6Cvi3V|&Gi@u}`l>8~#S&F4?ypGu!O+;af^QI)Ya
zTQU-B>Lx3rilCe2p)=g<;}SpX_wUY)D%xyAXC5`}ap(&F6Hbdx*Sf!K7IhooSvO9-
z_l_#uWN+7@b?JO;6En{YFUcEj^>@eO9pNR$tLiuN?rXArdHt&S>+gc*tLBT0M4E+P
z{jaDqeR=(k5I66Ckp9ids$p}Rzg?w|aZ6jE`}g}XZ0p>HR2=(kSg;$ia_n;$8nt+s
ztO79z#HO=j;(C9?3!_Mm&c(LCP?DqQ!Xy%K3<kKEyoDiuPNU|KFj+Nh5yGNQ@cVFQ
zU@bTrlLeDK>KvFd(QHo*-;oSq5BfFm9mypQBCPW2XXL8M&GRf+;fe{<)8DgUQ#4<-
zT*TxrJTEA5mKPH_%l8gjp>tOkIjoH^e=H*A%<<kY8CweXUwr)Kcz;U%Q<cil1%}jE
zk3runLP>bo|Fy2a1l;e#sA|8996u|HJsS24`P1Kn{cHc_fSB*$9f=OarZ5zfCUO4#
zFIe)e-XCWBV)&}{Yw$aYOZ-=zZm!-R`6*m+V)|nEjskZTbF`qZ!J!n?{6y!O2dA7b
zV{%r6{wnf^51t}Jqo2-*h6}$28;IwI;J*&J3yv60{YFW%PhTkMCn&S3{9i~d!-j!^
ze}}&>j-oD@)_DEig*F=aSJ)i+rWLQ5<h2UV5V>7B4b<6Ut-#Y4zkpo@g*P5-^ZHVq
zx6K^?@CSZdy1IaknF7m<x#M}S;D9g!PFLyFsDB13T7n9`WJu~Rml|TW%N8V*(c6m7
z%H6^<<{)*KNbNS=B?%Hr?FDk80wt2P>J<Abk8U`nPiR0HK`1>(l%8o>m^vdfpw`-u
zJ9WUMWHeAcuGgGHJ3nne<_~~%dkfNfWk&PTx@1Nz<>G=)Q2tK%F2Q#qYHaSs)owUL
zEs+&Ng#$;ly;V5?nz*6YG|cLK{|@eq=9ZG-Xd*KBYeVh4UHt-cXH9Ns&_Zc%4R`F2
z#124`HUW@pi+!>-66h4$tH3d8Cc)q3m@vBq7o4)N6X6c$f42PnYzuxpFXA~{@(bND
zJMp|&R2tec>Ajz`6+msiOSd2_E#T(Kn2;IGFF7)IpjlJzGpEV_1rBX1iQF#JQj(vQ
z)UH|?XCA4!YH^Y~Nn@qf_cDFFR;b(kzUXe*M!gTiNmTClf#b?SHO!8OCY;LB1YH&>
zef}I_3i2=eUeI)LKtVFvnQ0gR<q&~p31NdV(&+59wzO(1!n0RZw9e9C*5{<+(@npq
zxrf<eVe3Y`m&UBx?|bB#*Ib1*CrvAE@zqcQr!mu>C%rhfusbX?YaRGLhLUW@KK%a<
ztGKY>GVs~(r$<Cd`3Yv{f&2Jn9;|H3eGf97beHy1=KGEDY1TR=ZihRWbzug+mi0V-
zI~(mJk8pG@@El^OJcKbzSI^H^hoy~~!T7seGI=*R7pqZW`vnBHulsuURN{+vk#!V+
zOqbQbG{K>8$HheN+D%J=Yu(K|UwHN#JU034^(0}4HWvzBDD@&}Uhjh*dHg)hBi1`E
zer>WZ^d4>B4UPIx^WyKNq-vN&6{Y@OJlXgpqVVXc*O4GMqEMo*uyMqeeTVV8V{@f6
zc>5dG8}SJ%xALHkvaJd3y0I4Lu>)(eDXY0^jA(@<1m(JE{HSJ_Qadc@a8|3!-3ENx
z$Z^v+xm2L3GgEzIO6{Pa(V4I=cN5^f!QiIxQz~+79_<Fg-FUj3{|d4ETuZ9?%M`nk
zx`bsNVrrB*+e)8&a|B-gNM^uSbIEEHBc#mPRPy#^5O_J0d;?$Y&7Y<I>Ex^UTyL@(
z#PBH1H<dhnNy%SoRr#-Ij8Dc|jm>pr6Rw-tDtdxR$Klh7Ef5E;fg8w|XetfWe0#-D
zV1{wknZ&C|&i#rU^Pe$H@_t3ExwmtM3vi55<K+ZqEGbL-M*_pfOMV@Vw63C+_1tXr
zH<^w6gp+0`Cq0}SayzhdbaTGRXyCw0G~1M$8`4m#ePCfL=1Havp?f(oCzJMR3QW^S
z=5`F+<jrfaDUhlP!X#~Qbm0X}Roz&&(Fc_@ULzFB+7v--*ps^Tpull0eV-)t!{u24
zE+wFW-a$giskODKx>?gtxH<WZ!S*7lYc=zgBTemRr$*f{zT~u2UZe6eQmD+ntU^o7
z$Vq$L7Eui$W=j3pII`_6ShK$IhBQkH%^L`Jgsy+*rtszkx7$&3kXbRzM8o@3?JSDN
zHAx39!dp8Yvx_I+x{un`Mn>8P4lWlolxoI(x*I94$!#z)zp;s=H)?7h+61{>DxdRh
z&w2dn*^$}y1CRH<Pv3v=Rc=(=x-L;j5|R?@F5q%;EYw6NoK9H`Gs~jkG<{XCX^sik
zD?}KlT>!poboo8gY=;){?c2L|HI;@sn^>SMj~P`umM4bZW`C_F<x5Le^0Ms@{`?$t
zzeyyEL+&AYEK#iebusNH$;|0bd%PkpiaqGNAft23ecA(J>?~YIwcm8=ddoqI&pq)7
zJ;CkMm9uPBo9bLjGk(98cs;nxJgyAk?!MH05b8wV+iI{_KcAmht>v<}LNt*x=2(r+
z<9Ey?T480#%Bp_Z_h=#?+@A>sC9Mx#($4#oT)z%=Rmt6bxis~oe=`AK;xn~w@3R&&
zQ;s*}Lx@*DXv3+mb)r7B?0TY5KZIAM%wr~U-~7N6ofU7bt_M-sfI&dl>A1&p#&#W-
zY&7$^T&eRc-l!6w;wJk{26oFPd#guNkR@tkjhanPwNU)sWTC!WG}|uRZYj56Hsj3k
zeHCEMk>R^lq&(iGK~M{UJX1Hg)1&xdO<b{{jbVt!m>|;KeR|v%MIRsS-!%G??`Aq}
zwsbg`c#>V6)_QUTn7$Oc4}V9=zXXSfXvXpBN-pK{^?@mhcl2+i2&%O5qa)`wMibK<
zb~!+%k?b=O{oX5m<RI{bcx-L}$Zx@WM>T3iV<xBHxT^7}QbMI5wBM&E$@NKIV0{`Z
zg39qr@b!}|jlGclkn)o{h3kk}f<428Jk`dWHxd>6LU6Q}IX+-(gpV$;Sy)x_nK0}b
zB>9A;OSzn-PhgRC57lYOI;2*mR}T-Ote56Js;v?)U*Vou7bF(f58f!70zzWeZUn8+
z1ev9x7mnV@#;JvanVq1`>!oi3CgFp&hBfl*rNgyE)!nnVtNN5H_yNQ)MF?A-+(xQ<
zY101C1wN%~?ZC+Wm~?j&vm`ClZHgS|(o>28YEIVOOxA%%d%lFrMGlIlQgLFZX&b(u
z!cDx;^hd%dcc0c5K@y`9sf$GCMm<YQJ!|qOTQF4^Hh-B%N|-CroTFTb4dydQ<ofsK
zyuPe$aXIJyI|hl*{&%uoU(R_!<)xh3WB(`Hu4>p+n3!Wg;NY1V-{*N9NXFI@bbn4F
z(2lxACkgHR682@{a7yJc30+sCBRXKJ#6`M#920Dp+ECH^YCNI(cWVad*hQ(6m3!x}
z!<ezwv65L&wq6fm9fzD!RwUG)u1STQAUDALEar}wS0A0Y+r)fnrYQYs6UFUkHZoDn
z3vwBbUFjuELNm2j@EeaOuv1czO!|fN+3`(oA-S5gO98-KY9{AB7UuyLXOOyX0-*-5
zc|gmKrT~OBbzQ$t!$3+1eNrW3(X4-7#iOX|uoi&yTtS+h2JB50(WKpvz#+(V$Fl7Y
z#|nEsU0#ZU_*)tZzKoeopWrjU<do%^nk5dD<$X42Nc528cLepq-klxP2N(C@8X-$P
zDsCu#+>mdoVPnUVX2Ppe$g(dg6s<<L^0+idp3cI@gLI9e6!XxV(&P5t(hWd%u48FI
zZz-zOBNfqjX<-H4HINyXtH`5~WL+RMq3iBi^3@R1)761cTp3`lQY&9}I?-}oQeZan
zuh06NvflS-aYH$2eZaj+AK$bPRr*49?=vMk4=eob$q!e}kR@foj8?V5kLsrB=p4FI
zh7yh!{9^wA@NUh}%iZ@U#8y0}FH&8fFa@-fD6?9G>-D~Avy%wsu#XR&3nT~5Kcj9X
z;f0+`>)Yx7X3gu{Y?zU#YPatIp#>JI03kc1?^A8!Y=yn#ft9@fXqG+$BR6x4Nz{QH
zc`y^rgsv}qaRwmnrj?%w>bb?-|IsiR{>cWbip6XuER7wLt2iYmFjtP+A)44s**!);
zM(02(qhoqO-#}H1g~ysZ#E}2&g6XZL?pU0+WTMsERg@BEEY8#EZyiZE!NgcKSw*9r
zb8YWqq}lV%y)Tr#siZfZNtHJ^Qzp$`)WScw0w?^xv}ING{K>vpKhsr0mZ)3ES4`Jq
zdZ=GcQ89&0fkhM&Bezm5eU;0a=*J8q)}D4a-8bg{lk7R?!)qP=ACRx4^IzClp3?uu
z!1+plV_o-g&y8%*n~GB)ch6O!J2!=RH-#H}0!bUryz>ci)r#Bo*Bh|NSpfwhf_h--
zYr3QV0lX|-c4on{4!W^(edJLK6`VjPGLGt?n28or=Yai%-aC{OGra~F^xU~cVK%;A
zh)k{RvZpxaeVu`L3J0YHZjJLcCQzTjr2ba1{xwMO=HdsfFP?&u!wz0pd<z^lkXV(X
zX!XI|S;|iSbZ4ns$KF^b?v1M8idw8h_QX{Upw|o}a&EIoRo+qwh<CtCJ3h%=FNK`n
zc|AgydsPIpd`sjC-bGkE*!zHV`M&j;5_yby$pY#2@D0IiHP=zY+#iWjf^%DYuCT*J
zwO(9TWip`?WZ7hYbSuw_@gnBQR<=gXI@c7k!ePTa?qscO198bcE2N}phrm5g@t&xT
zrDY(U_vAtGs9Lp|bEzr5y8_sCa>|U=T@TEUymC@om*rjp-N!ASJpsMF)i1*L?NDrw
zkRqcA^g>gL3U_%<0ad|)*4DfS0kn<?PafK!64BCAxWu>H8xQnr7QA{WPoD~W-Ckpw
zf^DyDDUv7MRd^VgzLmYN2wzSFW110^!m^8A<U@;6CQOOqbizX}d{Yi+vHF)SJ1o2L
z=eNo6P0xeZT{{Qqbui<ysN7Zrbh9dVRo@C6R6vOTP2hHSdD6fh<!OS4&FR&NB|)3M
zi%{VEgOCoFW0O`FsNp3GU#H&<MH&$EfCbae5r7(1w~<a;hj3g-2x^v%=RvkEpbs80
z??hJ$b7RB9<5Y1+h7J$``W=WRIwa}#CC!kM)|<CEo`3%h^U{!XgZx3#`~eQ_Okk;A
zcl$9_-02*#5jv#nwD52Wl`-+l1i5LOThfN3?~#SSHdL{c^Vi4koVBY>=HYs{Q(vkG
z8>IuTg%|I)-&s_d)s=~t^>cV)$3hEh{>DqRu}MOU(oFKYw&d`{JvbfFgx^;<S3>LE
zyL)fULCgkK(-SE)wNG4De=~ns0q{!L5S(1qcx9P)rA%0Z7;(1?7uU?m0HvV^#=LC8
z%)w%GJeIpW0}9_mB`l)#c)UoK$!a%};;U)C%Me=z)X_mgmcxi#pw;dP*yi5=l@Gin
zqJ)jcYF!@ROMKaP4H~-juohN{Inx}H$|-uYb`0xa5+uZZaW6q=d8>Uc^BLIgSmJ5$
z<lZnCW&_{v;a?`>qb*TDIYo0VgUi;-rG<-rL`qxjpUMjlwxj$OzhB3tOCTkZk0oJ=
zc8pz&FW_)AF^zMKL{A8H_6y4%Txn#z?eT6C*GvDw@x>Y9>-EonN!>KZ4mkA^2V9NN
zJ03xs7GC<)$99cWbiYs^wYfoa%rK*YQ!jI%)(E}p@o6*HOaG@tnqUBM$$<5p4%Q=1
zvp8f3AUs>ne-F{)+HX^`e*(@H-M6IM5Ygkm3n1@8Shs%R@3UY_pWc|&7x`NUzx$5*
zQ2*kXW|s91#P2}%oBkv8-K{?)tmmi?!Vl422L!W<A0QtOuKE3edeLLTS?Fzu_W|QK
z{fFoqTN)qEq^U{|eZ?()dXH<(8=ns-?j>a&2sAG~5mMZ8@$Xi3OPt;LC3#$EX8n9{
z<zD^USz@K*i~jo0w{YptMNA2LA;~RX|88Zs;8}-zNvQ|q=hDAA`Q<lew)38T#sPbC
z)RQ{7En|OHRkzUDfP4CB2alSGpVUchiTksv{2@hQD|D9Ytl;N^i_OIJb<el1__Hdx
zy_?1TS6_d)H>;IFsA)s{Tt5xwmP|?_+|Q8aaW9=peEEtDtCH)xKHLbs&$}1XiRo*f
z|4B;UWk}a}QY*8pCIeM*{nVEmq4y`LTh%qOZzm!#b5|gJ@rj_~vWv_g5_$R}y`bbW
zuS~bHYjB@KL}KdhqjcgYwNlICGOQ}Dp?v`ndTD==V){BG^fGqY)1#i$$}Jnqu&QE@
zh{t~l;YWz_q&us+{v$+}ank7`5|v#45{RO&eX&d<!>a7+*C!jHm$G{|{m&9(gkJLQ
zjdTtATG3@f8K{!0cZbDGz0_@nPeWNX5<j>|S$p0Dwcv8<eco~~tC5)FB8B$;5=euF
zOlzM1k}R-!E(T4>VuZ6o7$J4*EKej#d^i@B&IfvDVxbqI0LY0G4gJ1jq({5+D2DaH
zju3lyxJwLHc)Y_N6V+ZLw_wc98t#&akrL^41Y#E31r!&=*;&I}sLsR2*b<4~9gGsG
zF)oPDOKeb|XO%q98u~rJNRI~N@K@=Nn9`V|Vcof1I9FZ%<cB<Fu}wg7!3BHdnD3p~
z+Wk?PFqboTf3084cU&XA2Rj#Ih}&wOpI7;3L53KOCp9uNE;qVW-%xpD!g4b-Hx%h>
zUSK|0mEVZY)Lu@!{YG@!_@d(VnitbF7ooS`c-J}iAa9{2MW%4v>2?!(oc-z;cLB*8
zH{3Orszs+Jb|>VgXi)3v8+YBKmcZ9Ac>pOJUUdX0g{A7ay6R>AWK2x<msrr_jCJTN
zit%=q-5HJv)1X*-F@9y|6FxeNPU5&Yhhsh%+p1qo;((l0okb^bKy>|ply$Evf)#}<
z{^WlRRKGaOk)ZT5>;Dv>Sz%Fj_N$WZ|7%9ienF{;p8zDU-vDW3Rf|sWpE^(MMbsvK
zalXBOt8r3f7)Q%F93(o3qqXq>;g#2E1bB>K*II1jQyg?DVhIB!=It0wNDjIiCD0)R
zv=-Yjx>`{|7$^ptl@^mVs=Z2X(71>t{48tj+q?j*ei5t3<yB*md+y-O3xMX#OO@P!
zOAbsGl$g``5|FVXl*6J5ipkk|2}oOcq(+=wB{g7-l|E%1eW(h_3U~paU13*_@~e{T
zcS&Kn4NA=Fe33x6B5*Dlr?3!!-eu)-PDsLCVqtK{#0&?{gw$mL`KVMu#OZCJ>{HAh
z659X<v(WWH!4-IIl_C;xfmyvi(lnd0UramW0`pLl>x+<;!cFO2Z@~WXE)TQfYEgag
zb$+MAoZ$XK1EY=?2b=II;7L+_t7~fna_^l3KO_otok}4emq0ahw9Jb_71^^`Qa;CO
zN_BM90fwN!x%Eazd2@HHZeliZlECZLQ%+U!|1|iR%d9BFG$+H%)lqks#69w!^MLgz
zfO%Bx+OjOF2rY6A5pCLy=~LeJ$s_ttmXhQHm0aV~5yov&_BB~v<kMJOc018O@%2d7
z&*5-mu6htp)TJ&#oFnVtwm32KcIi>qKy%fLsG~YpNAH4uwJPnQCG8XK`rbW*Z#jm4
zu^X?y{mCA?(xXI6<Z|7F70omiElLMX^Amgd1hM@9)};Yk^WE4SQvB3;A({2RMQ`M0
z>Qb$(9%g8%1h9edG#y%MvUS`&8v>hIs?vQ^v2OBXAXmpR*BZWtDqinN(9SyR^r}b)
zIF_&f(e1t3R8xiN<r0wgb@a&BPV|qR0l-5ppAFW|Ev1cBfm9r=(^C-mAnMJID8?YS
z^mBzp=)}PT-8XYrAURqy{CmPfm3-Y>g34m<`X#a_p1neQ`0l7N$*3Xx<!nWXm2%9U
zlpBb-%_hKpK*k34|9`Sx;^C})$})AmoJ;ri+Q3sC5<u2@dsr8cC(Efg<nyqDGG+B2
zk?eEDpkf9em1<w5<#HljTSY_OV~hDy;r&(G79}jB#WPy@Lk_NbgtecEOGT(j2V`BF
zz_r;pC-OFC#pbR$8%qGIUhrs+l|jU7$tO;K0hum8UJ|`mDw#8`zRkFx!1(Z8h4isK
z$Ld6D-z6vaxfjnq_YNhG??qJC+39fB+Ep*sL-FHJm8iTgskBg_07){wGyP}hV_S4M
z`$AeE?~9tm4?_f7u8;JRP&GSX3;m;`<>%ePQoel7(Q{28ueuy+_k`4VXXf<aQbCr{
z@Q*{8bw7^FDIh~=X+B9|RbP`Q1a*m3N`Tl@YiPZc1E`Rtw`Q}nKOLp^j2RTe5|WXL
zIs1@K`03+f*`k~@dmnU%zKtfhwpVI6p~p?$JVT%T0<Py^eswo@W>a@VU=%=bjl<N=
z@y1x<ZJ#H$(HDI&_)T(_WJX|xETe9wLNJ~*Dc_-y{v@b{V#c(OjJ8&}kBsIVy>F~b
zfNq5gF2^bx4l!##s$^Pfhbtr<nmBpn>{9RX$XGYoO}Y#{Da0cfds>LsT7Jam%v(>7
zx|ojF>K+{ROwR=3EwLAd86tt~2-c-{<+N)`JWsvMDT4*64W6)ndAlYNS?6m*t>ffC
zW4r5_8L75<RV?HQ1tI%#5H^AMNy#H~;Wg+b$IrLIy7|_M6^`=YLWtdmd@uET4KRbC
zS&Xq^iK#A+9kTr=$C4NUeUDn5!K;*e%X)jh$&Mq4#Ga3dV~0CAi5j>&eKund;9_^4
zkFRtpxbM5EOgOl%9XLGiVY7m#Z-E&$8iPE}Gk1OI$>6)eiD#C6lDX?x0)(6A_i77L
z8;XP%es0(7F=8@hC*mZ*jSaja-}0XJPckW7qBc+7RUEp)rM6eqvgb3||Dt4ZzQGjQ
z9+I0!$C*Z`on5~oo!_TQItbU!=hDsvmMC<a*CxVuTt!&TJta7EqBt{xdi7L2?yT_|
z8}vW@!P?8BN;JlDXk^r(!d!kTRni?Ha-=w_|6?n2H*nDVhic-0tKi}mv0$ADD=#Hn
z0t%KN6B8EPQ#_;}=QftCurdd5x|@4i$u7}ldf2ZdRb|e(TOvQXyk3cNbUT>ow^>O7
znQQWcG8EvLWqnrNksD?!a06bz9$ZZru&3zGk(aO!?bU-T^ut^%6#8G8*u0b}?2ApK
zl^?t(Kfo!EFB~kC>e+Z-El7Fb44RH|75seabY7%t16er|YFs%v%4$J5<}cM!bIv59
z6HY!Z^P!QIz~Eq(SJfjOOQMyi)b*v0zpk&oG0GtYJ)f#%G!UeKTzv!&>hyGe{;JIA
zb7?Yqvr9BqA1H4)zvwJski%?&L?i!?cmb85lZ0mHF!%DLAl;^PO6AA)>VyJs1!KqM
zQP21)3WRPBuBBY%Vo29ClUE6+wa5`7pv<=z1eWGH!Pm`uDN*tJ{ZlUM#JfmT%6@O%
zsNxagH;ODz#}oyX+|gYdRH4G4qNBgb((0E|>oWH9A1&q{k?7#Ju&i<-6SZvr`_Sc9
zto|6f#i_0cm0y5s2pU2-qiU^tf~ur(`!{%HOJ3ryJY<HyjYJp-rbspoqMDkX>`5+1
zZ#tduSk)UIb@w*x(JiGt4IifcV3p#b?x=Lq4Jv>+xXItotLMJSt$SO+Dmp)q<z>`D
zmJYF50m~p}%+5kAsK$I=jT%boGSHSQp~tnI6RPotL~8AK%d7%BQmVhxT_xsho{Ua;
z?_VWL!`wGfCFx$Jfn4?w{M@`U<moEa$@%%$FsX=OK~Z9l((vdPQN}$D?AVP=lQyvl
z_rDEm*?8g1#yzO}NBCVuiZ{{S=xqq97SH4^dqJnFn{W4sFU_uc4!Ni7DAf`D3G>p^
zK-njADl0o>V1yFI@>Z&4$bj9<dVe`NWXyw>j|+qyq})kK#Xi`0>=;w9Srgaz%KV)*
zj*e>i=p-ej{Nbu<0Qu3ls?bh<?fwS*#PxZ=4-Q4lcoZf<=qRFF=!b*iAtrevqMLuO
zVi8q?3HE<fU&8!G;gmZ0z*Xq4TMO697TXwhn66QCg==cA;>5YM3+*(9X~zilOO7VL
zph6IMKfO-|nUyxMIM!OrnJB5&F7Xx06clWYzPpj$ZDF%m_ql$ExHM#cz{7xPQvcf0
z^BC$`v3TM0>)6yT<!KtE5F#4=xfRDX9*gnY-48n9f=(H8#r>2C<VpF#ORwzXKP>vh
zY&FLMPgT0>zwg@vXy!aD$1}g-$c!IO=_Y*G2?kr)^yXK|mxH0z@%s1HKR5YRbZ^~l
z?OcWSWa;%qbFbLcp>;-?iZyDuP!curE&Id6lw?D5w-e%nujjJxJp)jgWOU={z!$w6
zb`Q(yznozELzuIBB9?Iuhze6Y?Of4;YjjjZbF*Xw1(?mfM)3ilQ!cO#kk}he_tZ7)
zP)uMtZkf0~Jn0EQ<uvn@DxjeR@zg3%t{UBEF<&JEb*Rznws?^Wt4!=G$SgrTsg+h+
zoQgm^IZ0gOw!+t;a~Es%YLK3~Wf)!uL~Pjhg;;h`hmWqF#(Ct0?-6wKb{)b&KCpf*
zlyi(?+m6+?Tb#g@^-9n!YwRVQXON2o9vcXhZz-Zhz6?M5AVv4V@x2sXY)7w%yqLDx
zl<vf?<Fj<LKexmFG9Ejc6;&z?T~e#f$k7|BnCyv*y`Cvo$8uAlP7kd|djyVg^E|GV
z<MzQC<xLJcVeBvB*RuneKiYVqY|cf0wk@ZkzuI;*w@(b_TCWhZ4>edQAuui&GuG&^
zNUkCJCw$mWSt?E@|8;uZx^Zcj=Q-pTLeLAnQ@@?y_51_mGwYXkc@nlWlqWem;v`()
z^fshFxK#Bx{ss<?fUJ*t_{)2L;03P0{<Vp`8g!c8M2Ze5&Uz>b<h$N43Ox$A!LY)@
zY>&p?btf{9_TCcZ>YrWIl5KhA^(gU%^$UFWK2Q!Ay6PI^nR%<PV4uXg)n;<$WtL(Z
zaq8Ws3E2Bs=3;F|3h`>aY4uq<&OjP-Gdv#{-;1fw$Po(62wQ&1o*<K<+V02@W75Vc
zmO;Ya_0h~nj>9PSA^heqDM3D?xZROE21W}XG2)Ap1BNeKvY&~V5&)x7@xR62y6Wmr
zpp;LBGbNZTbIN9F@pbi?MJg0K#-_s+_}0??8JGe~e-v1RFT3$2C}!>~I|?PhGU11g
zd`ahC{>HK8glz?M-7J4F)|M)NT|O5KUt!mth*OVJHkZo|cmiUJVWEX9u&+Ia6R}%8
z{AXNXr+5JW4@i*6fVVl4{`%7X=6l3Q#4%2xe+3tlUj`@BfG3&>-z?^8i7r0kj$lqJ
zXVzKI;)a%J*In~SrDCsGntrBa6C5tttS+xnxqrg=Qz8aDvb`eiWy0E=p_c;)(jl^B
zUn8(o*?&N0Sl$me&QC^};j6nX^2y@|RV_`==i<r;dP`cIEvE*YLh7L*DQ1piVg6z<
zwmR3#y=_zbf#f`$(edoG1U9%^Woi4R^+~r%A<=6ye4_dTp_2&uMa-SWKyT&EV%?AN
zzc$C^Gv}8h1QNnBRkt`9*3)Kh5(2X;!u^4nH)e#`VIS=x138SwrCYSvVPTkXu~9tD
z+)WZ-+cU8i5^S<hAb)!W$6ud%+yFR^i?=2?j!U;{@xe02S-s*P&fk3Ke8-;dq4V8y
zM1JJJstTfsNv_QndOLz4{K$f`ktyq=I-wq4loWrBeoDxmpXgG`{7o9*6JFVNEg6`K
zePmd1M11-@6OFTqJ>5C}nkbMIwy3)8CX=YxzVp{o$@6l@wYF4GfYOz8XoIXCdwgbO
zkG<kCL2Kr4qB%HL0a?Rg+3mQ_6r<Db!pEx^)a{HG-jy{L;O5~}b>t97Dmmg~q3Gt_
z3N5M~-6sVw?l7tGwC=0{jSJEdi3iAin~#TF=u~^y55aD7*>S;d6JqC3HFU7hRZ@0#
z(Q9{7u898%e(k{Mt(d;KFicJwCpPC>^4)Nu=PYdKU}||Qs4IEv^Y_$37fuh+1r^r~
zzpnJcN>1*mmfYP4pFdwx=ypskDTDMsx^Qxbv@9s+zN7qQiNl(A$QWN6id*J=2qG*j
zeB>d><kyOAvwNWzb|BaZ3NGB}Zw_Ld6EX%lpF|z_ZhdmpR^2_N=RK{+DDXT@0$W#9
zzIxt~XMFE|X}>a%0we%ak;zUCW|vJcgz?c`5R($Mw`pS)Z3~IJ9X3tQx)NU;tldJM
z3S(a}j4_0<0b@#o`D95PBD5Ep$XQLE6vJBCj!wqO7RnZn+)fYnYbH0y71wKdE0GKF
zJJLIi$IARFo)p>16xj_y{nMi6why_6LrHa|@K`2KdKujaHb1Xl5t_axvPy6vy8I*M
zXy{)|R|=mc?HXO5C&h9y#qtc96#kkNzVk!DaqnGQ;#2nEiEAF0Q4P6NC-=-6y*Xz@
zV@)MvZ6C^4e5BQtB3Q%N@z}8S&5-(Q1g1&fwx+He96wYZ4y7N(*delTg8bk&D@a4V
z@MRt$bIBr8$s*f_T5gxx8@-KsgN<fHvC$IhKg^AKE0?PFz2l5%mF+`7#YdKLDPrq1
zT;e`){=Vi1=cdy9K*gIPyD|8sfn?4XYPI1|hE*xT)=-9EYBh4n*k{3<cI0M{aQ|;v
zV=$+IWb7Ae`QcF7RVf0eG#vguFA6i!AkJioSS4!ttWes1DFX8}9Iieu(*LdO$Mnlj
z{;@Y<hro69cZ%-@rXPN}>P9;6>D!>aNuu-{`cmGdq$`L9>d&_YZuoyS{Cr>Fmdsaz
zSC<aR>8~ih51QWjd{f{`M+5O!+D*=^-@4y=PV;{zAiv1^o@EozgI9O$mgj~i<>sXx
zT)m5uU-281H`$ji312*!CbYeIO!w>-8d?9Pksa88m?nSY`6U2i@T0f6{>ygO%8-{@
z&|4myI9r}%oaO1c2baci*+qzw$9H~n|Iwqde%GMV`MMgx+Z|}jp~l>Ct{r*+pFq8q
z=y-=UuLt9yF-KTYQz%AB=nB)7>}i&dSB0)dUf6wCf9*4s0IDJNcK|&V-;&!>X<k^r
zRylp)%U!p-pY;V$&8b+-)lJ*!Z&t9r87CH4$E8GGp?aS5`0Y+NRr4I{)|;y}SA80i
zdWlYP89DC^@!uKZ+|p{iE2BrvuzmYs+D8Ee^-wyc?RMg}sJ12}#={%hKTe~RUfg{A
zBJp)tOtoKddkclR0rw2r)FiQCV#ct}r+*q47#Mo_J_q$}zb&?EY20GpLvEK~-VfD_
zS275Yu!mQ@YuakOz$pQTS9WNZGY)qRwr?<hMzlftM75=^F3s)QZ5yI^wPh4~GM9+k
z9+WEcACiFJwA&7&BK6W9BKYv8c`nqYQAwZW-%i*_l7*9n9}+J~yZRsdBql>cl~H`|
z34y)(@H^W&uJ6!3$H8^tQ;+I14IKmJzO-AiyZFi*!`mKL$9Fy0C`1-AwsFRFE`;T-
z(v4hePa5_eDK(08k8qFBHKZ~OXg{*V(GeATB|D<R-fi7VaX{=uw_cAwLh3|(nA?%;
zA9kv~rtTgkt-hD7XH2Pdq6zYMk=nBui2DwCoc1{FDS|+SKqW@<ZY0fk*FD-aIwLl5
zoQ=oF??yg8O?cWQ@M&|=OPGTY#{tLTI|t4V4#a?)&Mn$DU?l9z$1h(kWe+~czDoSj
zKdvItInkWXA;IF=`HHkcZk-@7NT=Zk8_T-txM5%jI366oJe@dQ*Cx;^*r~=gp-WNj
z>*8mz$QR91X=6Y2n#I1`p_{|TVQPjCvz(z?7oP)0F%!%lJ|0p*#kOGwwTH5+j^nIf
z-nq7(Io=)3IDVVw+i@s3h|HwG9_p|dL$c1i&b&a1<aYLRNdo)Ey%w4;u+@mJx6`N;
zX2Ts9Kt6PcJBo`{%F#<v$f!Zhttj@=toROibLs%nSTbBz=mv~;Rac1nS$h<B+TGZ@
z7B^<$OHIdu$AY^Y$F**>%+n4B<W<4lKd3$@{h*qsN(<S<-?A`$XtU5&@`3mbqkEw9
zrh;}O&vuaGrHvWET?e<fQKnC*exy25*GEms3U_bJ)r)r?EFNz3*rUbK;wVl?1SCd%
z6S^&&5qBu!@zKMNYS!13=2R9PwcB|NJt%f$Jf%IQooLaYXYB(XmLIZJB~UH4F5mKa
z4+-%II^}=_t<MTi3x6*4Ll96UqrOQJP^J5PoBj6MT#iYRDKq0+CP7lho?rK4A+at$
zeT8uuX1{J)k5B%7YJLO#ky)~sTUy_aG@$=ee|W#xiFCa}Z00+f@vwWS6B;ComdH`$
zJj>xd3eD|<yUc>6^V4BbOFwAlWGB-dWQjN#Tvc~U7CM<y&3fDt<onz-;H^TRUBo%Q
zdPq2ka<mDh@MiNi6JfR?6kDB(g~##?-|hNf62UwaXx1{!YTm*XHOw4~(?z)78Ee+X
zS*_}z=I|*WGhR0dERDtIr2698<r^DknXs_Y?v<~oAg5r^JYO>JI2aQj8sFd=&JkX$
zrEjmW?VcCm2HC!3Nq-pLo@AsGt}p8m6!iF%;Si5IRv_${sG9DuyuIEKNqZ{f^8Q49
zySja&XiDLUZ1yYsG)w7hBYnA%$fATbg=~e9W)H}+p)8dlILcZV<+4xHIL@Es7aC+b
zJTVUtE#aQN>T&yOwMc7%WJ^Z#oJS8%l?dz7rPhWA_b)b03shWhX?R?5(c~+6g@~z?
z%7f7>S4jQe3VOX%{pxw|%T1%V<X`UQ1tW7^t!nTG5T{fj(VxV?TbiVjBbnruS9Kb0
zDG_Yglp1U)|8{Hog37UGKnSPfZ{&^Op-UVqz8fXY4L8aE4*-rpalh(cY#RV47u!!S
za(0msFbXb#%V2tO+gW9MQXPr+Lq1Q{^10Znob&j$^WY}h4gh)E!{7+$2Lp?*eS7h}
zo&=}C*~RxZ67NroYLO(gje<*fKQ`cA++RNSWiSn9!90*(6UVJl0qj?k3YLRRuwwBs
z@1NV(tN{g!k4cOB75vNdg`fm%1e?GXu<f6Z^7X6P33R{&tpCfu|NW7+$bE7FZ~VR0
zgg|WZdjEf*-1GlJP5UDIz(LRjdcaX|Y_VN_JONIDGvM66?0-Rlw#ese3{1rNzg}lb
zMs-(}NhE<o)x328PO+X;d>US6Jqu@8N8lXmD7?~o30`fz95^KJ6<k%l);b-`ud<3<
z;Bb{o)C7)HueZ)Bp1)Hsw%!aJk)I8&tMZCzf&S`J>+L{)yuRp=m>w9YE^ko5n;Vku
z)XSCn)`nDgN5gWsrXdqHG^_{=$a@8g;B3@mVs7AMwa}0UI~vx&o`!<JNx40^p{iY6
z6*yfjH59^;hLT`e)jlylaJG6+!$x>-!zRUB-~$cY;6n{N;lm9&_(+2Z?r*RL&dPfQ
zE2;+?T#~8kptvqDQhl<)8yKnT5{m+(vV)cIhQOuj(+wf`Y(p$?Np1;luO5-x<Ih(0
zh-HDxRY%2&z;yL!Lpyv)@#ThnfoZuts8y`5Iwn>IW~-+g4#KkyUGTh8zuC|O-)=Y>
zn5|JY9D|b@PTX;7!>ORTW_iPzpsnhJxIHjmli6@CFs~f#=3>i=h6`|>Y`G=qt~w=Z
z1Gj6|G>pLo4HJq{m)nE>sxzWqQq>eTOi3!a9t>BVX}F5|IngX7)s!?`gEux@hc_wp
zEe*HeZ8ie$v~jS`rh!eiG^L&{CCU2+cUN5yZBlC0nCO<4*H~@YuuHMmmL2S<3E6U`
z<y8}+U&^eS62s_2%(e<{x8*CA>-%i$(37j;ZfQl$L0i!sciA>bE2^%E9a3Jst9hN`
zBE=hEZ*v(OYOa7|&6RL_^LBV&vsTKJ_li!|A8gh~uT)(Z_e*Q4Zi$^zL48-V8SZJe
zDVFO;o83}@{A_eaOT_NLX#KHfKYT*$j?Trc<-}g8u>MqYSn+Q7j8Z?N)Xz0{z!#eL
z!(+{z@I-UBR4DHiy#e>3t`Uz*CG}Iyz3|oMKKNQQTIBZVf;LSYls491Z<c+lc_>D;
z>Ee*I$xNDuWt)qX`gxdZz6fiY$KkZ*NjSav3Y^_MBW;rRit*;$=DApkHe0KgwwPBn
z-;lOwbH!n4o9vcU?JDuSw9}m5ya2EBQfa5$5*?1WFFIemDCxB8#Bs@FF7onsyuq6y
zndJ7^GQ}C%B5_i(n#;V)6ldJ2S9o*aO7BW|yLUCL^{$2W-u1BATO7+V+q|X0eC-DD
zisUl8z2&i$%F(=wEq?E2I4oOki4JPZ#2G1M-tFD0c*j5La(isGwnChfV&)ESjTDpX
zv9;#?UPElXwo<$ywVOL}=3%dJr{3*#z`b4%+~<|x<K757=-mSkdG|`~^1iWR?RIfN
z+Naf8sdUgh>^<;5eBOIVI;hoKd8tclwx&ou=8N9LijUl>k9+&29<9x~Ogd_w^bXwd
z74J#usMc-GkdD>#*vjCewhH)|Qa@p<giqPF!)I(-_?%4-U$B{_WAa|X{WW7YTd-5>
zx8_JEv|;N?=~T^x%?(c}zN+||%`csjpAB|vcUxCWXSBO*VcBxM=DKaSG@<RVu9eQ!
z+_H5j-VaYH^(nc&i`Y70&ejcUY`t)rtxq~9?-lIT?zgU&E@(Tg#nRZWblY(_+cpU2
z+J@j&wqa>Z+ifkCCU)g3US~TW?9=vI%cZGZMYfBI$KegONoh*kYrBGanQaEHu+71h
zwi|N0wLExy*LK?iTC{c=9Mtw%H%nJ{>Fqphwx>u}wa2YnaTVa;&@P*OS#Vf8Xx)MB
z-S!OFZ_kl!-GSrym3GD2A#06vO*?Egpl@OON@=3znCxA<?W=KS&>lR$tHZuFcu}d3
zYtLH+>H4ny_VtR3rR&%p-qmR@g}d$LaIbwc+-KhkAGhy-2kkY%$z4NsL+}cY<B)D?
zyX^uzZ1unwtrGe(Y<IxtWy>wW8SS_=5+u7W+CA|2KdrRS?V7Yp!5h1-*dxIO?WA>2
zklQt5hvj;RYA5Y`QNLo{tGurRiVwkaO8tiYFuY(tB2DP1y&vZ718|D{B)rUi8t)zZ
z;{DE84+J&ZIqRWdnl8hB7S2(;Qt@j0NH9%%!+JQFu3fMm31;io+A84n_EET4ajE@M
zFuR&s`-8c<a{Fa?v*NAxX?TZyHpI(ol2D4S#y*er3DyRoWjcfXW?(=k*l)uQhblgU
zhce`OFqEV7IFbUhI?0h5n3ZRu&`Mpzv0R>&9GNiYn$T+99>)qvrQ7SslT`BOCA3y|
zz_A9O9o)B}^}0ij0_mLYu%i$@;wX`(bp6)yP_cY{L#4U_$42S8_Pk>gjPnpG*PV21
zk<W=^8ytV9ryV=tvkqM_Tb^-ZrREv$X(>-0`D5kgIqzAi(0s!?0xx(+7suz#@+cSE
zYN6gsl2u#ey$s9a%nl3hotDQO?<|awBvxZd@y<&<mSx_XQjc!Lwh%n78+DjMn{}5Q
z*3eenWrr)YLpSa4hH7-Pj!@u;Zr%|K^y_Xq+Cv6xvk%+cb{q@|wJJwf$Wfc*=m~jh
zQyoV`QtfibF|4mHI8I2ZwV94np-Alt$C=QcstLzADYG`uaUry~>ZoHZbfD^(V<IqH
zyT&mU?5r(tTn!znEp%K99geRzYD*l~Lq}>iI&Mkr@`@tVU%SakLIbs1oSb|WoSJ{k
z?6upRY4A>GI;=zAPS%>7*`d?5R%dSLY^}?=Dl}5-b>@dgYeUX;p-Z(fXHn>KZM(dt
zt=;F`5I9?VP+mLLcFC)h+8$>a)~?FBvG%C50zT%f#41j{H>PV(IJd*6oZ8TA?HQ*&
zG+%qpX%5}2o>#WK;Isu!*N!>eq1&|+^2)7t%IU|eTy=)wYw{Yk_PTR7e9PGpIIAbl
z{V?b349w~^&Tcr(*&CSGr#t)LZ0B()NuTQ+gjYF-LLPm-b2xBXzs`BSMWrutUJRX-
z&p=C(euHy7es8y=>dTyyI8KH0ilow4I%isz>$f}SS~BA+Oug25qh*C&?_6lflRp<N
zYxHIp#VQ?Z^_Bv~g?gKdkFUU6N)&HYyh-sE<yE#R-l=!HQUU{dziV0Gq(1D*2%MHz
z)Ga#wZdcA?-K5wmf4*8=`VQqxVm;jARUDFg)e_V1cdcxRDfM>6`}Ccz)q%_UZr56@
zhp{SdIjHY-t&gvPTe=kYC_Y+~XUoUA>T?yt$7Rc_)|O+6Pv{3-rSX+&%PIYkt2}U9
zKkV8Jqa7{hU0dU;)|NAh&ndnjf9hMt6i>vhzv$Y5wJ27kEmQh&R}EI4SeLe3)la$%
zQl|cjOMquw4y-v3x;$80%Gc$Z;_Lc3m(+5r=DI6_Pq#cWPv~#B_F(qB?!x$~UvM1=
z6K%KakUS%}4u`oq>N*k}uH#+(VNG3%YapCfx6E}ioL-mVIvvhl9NU%AyDrCdHk@0x
z(lvt7c)>LqURAeR9trE#x-NzD>(;w2hu75=+iAF{uGBRh-Vk2{)RnttrK!5j@+?!g
zRUWtNcF1#dU5#r#Tvlgr-3(V?cE)U5C%A57*2Ab3uH4nzs0vrsIcy!_?YlNKCP`Q8
zJdLS1zNE~{;l|}SPNXpt$KTVq0^Zx0huOTZaSe`qps@h2c&M=uKHOM>*FDmRF|e+`
zaT8hw8n?hF8!`ITot9^cy0eWt!`ix$Mjg%x))JxHb)$`@&`J5-h4pop8m;k>Hf*lD
z+~~q_rW?J%Y<Wfw+v;YmhOoPC-nu93ue;e83Ww`%H^#!d4XVcWaEE-}!uyrubm~SL
z_l3I+NsR}?z490y?lYt+s~xO)!p9X4{$o{RT^$}$JgoS<;)_Zj#^W|DZ|ssT7&04s
zq%p$^c{L)hOv00fyvC#PI_5jM<%+!C2+!=&+ZMtzhBb}H;_Hg=oZ=hGyI3$3G@fXs
za=n#TT4oG|ji;n*hLXlJSW#eI(VAk|*my3!iU?0C9#(u2*W!Y7%dn|&4BpZ>5ufqH
z3$k068MZY}#b^1}48zXGt3hJWHC}_!juunn^&lsoz1AGXD;2Mn=c(4Uvhl7J8?24D
zFn41HZ(VP2xd~=!%;T-a2Cth7rW-<T4IFc)VHPWQrw4Q8Il8q}ak+9Hh7IlR>>y{@
z=gtkL84kKv1+xuZ?tJN(p~t<hb+aYIdpl;Z<oHyPF3U<^61>`%D($qa^(~hQEbD!l
zfl*7bZ$(VNHhFlq)VC()u$21>@a$$^AzHTjN@5<%4&O$kp<Lf4X`7|Sw<RWN(|y~d
zO%{W1XDnh7e7e{ki^FG%?bR0ftdiB@@wr+rStOq~cEA$xg<^-|=|EfIi%Bud9$$Ox
zuw^gS|3@qbeEVYkmP5XS$Z=+0*FV<bmczcD*ns7T?<ng1zGIOj%Yg4h?4;$S?^Nux
z<+Sfi?5yRi?_6xeGUB@s8?}u3#$uP^3Dit{6Ubcgq@!dC%O&4b>~cKiSuUfc#4_!>
zip(X?_0#6<zH9KL?|N+3GV8k)o43sSN$hm}l)R-j&Cf|2EjRs|*v)v(s(1O*?&Mh|
zV_I&@xe`gRQ%-#T^gFMv^=HFMRuWYHTqLG=#yO6R*)AmcdRp@8ulrX?8--MVe(bie
z+`kSv3umBBC1m=G;%k+*Bw>YrgJc!*{AE&)u*P4}mMRqZE8CXG^Po`Z-`<ufl=!u6
zN*-^^6E^zw$ka&IZE+U}oBZa$sGOkN3Kf^g4pu7ljmoQRid)#?w@HP<He{|6VW;0M
zZIttG+ZI9R_b=ABDc&ism)dlTXA<eP%_KXtOzu_dGQs2zw^`+Sn@h1*u=;mPI>F`d
zKzc=nZ3_ur|NeMlZHp;xSG>>c_jlrqh5X%cOtzdcTdvD)J1DgKd*ivXtxMSF?~_8p
zLH}_W?P%%p55_ZQTaV(SijT>wxV96DPboel^!SI69FZT}&Iw2T!^nw9k!=@*WB&6}
zmvF*=5kBP~$2mXapNtJC*JVuc1n!C}EneZAe@2Q47yNV5L1D~)16xk`7o<GHQFl@6
zRwX+q^N})k<wz5TW9|*DI}9h>Wvw;Z-R_FeZNn*drJV2F+glBWGqO?FwhD%GZhfl*
zHsA3Dx2@G<7<0Q@CBp>v8jEK-!<5_K8ZlgThg<g;uDN%&?loL@ceEZboRY^+*}-wc
zE%*MgMowp~hZG;)wcXt*O&N*1yY+~XbN99$(GI%%f-^>q`*>@=G0i>LI-vNZGESae
z%vNygS!23;sC6Wsvy9p9;nq=OuKRrJCF3gh#n#KleD`?kv~it#63%yDX`NNZ%z4E(
zjYaO6*4yx0L}lFIz7a_>mbn)qN%1+wSkXiysf(^`;v>tA+nZ7%nMQ5XvX(rf9`jMI
z(cF|F6&P(zIgu4cchky9p3&d5I<iJP*R(d6W(+s24{D6Nn~J57JWhr?Wk(9CDP}{|
zn@Yo-@s*oi-&7tcG<Gy?j+AJ_O<N-yjr*H+L^c^an`&CO8ZI;$T0O?@CZRQA>}_&H
zwix@GJdth2<4sazr*W_;BJDH|xho^Oe>>W6)1HXQc)n?G#A>|QbRgm~jyD~Oc#V@y
zha(~5m8K(+m~p15KhkcTYZ{2`Gu~)A898WNXgVF~GSQ~9FyAy1(JeZqX;eC9TGn(a
z(qqbKy4*Ty%4wR895t<MnvEPYt!|o+oG`6zx*0iTTHka#a>i8bQAN(l*Ee#(RH|Kw
zjG4+kNs$TTpa)~VX|rc}WGa5`Oj|vfk*lU1o)saFsm7BRxn?qW*1&?NAadR0@DxUF
znLM77aK84u2Wt$I<U!6dMLb)g#I(n=Ey|hpdUnDG+&7{c(;<(p<(BEN#}pVf9r0MB
zX{LUUE1GT^@OY&{(@9S#nr%AmiA8fwXFcuFRi+VZq$STZ>e<)2*L2BqFq&_=?CHXm
z)1IE_y2V$S^&E{BndUvmLMKf(Jtv|Yw7ZSN(izij&#7pccF1!kT2Zg^oQqc0CwVSJ
zx7Vk7#-iH#<))0NRy*#Qi0bPzJyTJ0HT7H#=GL$9T#MT3^E}t1?)o*JTTy>~K{JVl
z>kFH?u%^DGnTzg@r~dkl&6;RO{if!$=ze+i677^%Dba5ETa;*T{1c~qgHb83D1tNp
z<I~}Ye^(IyW+2*Ezoj`ndR(60ql0n=j}FOqV{|zF?T|b^1jp;Qxhrve<-3~toz2<7
zUc<TO++gqGw>R?lDl_#u>&obPV@LC<=*4*IuQxU4N5|`}_$*UG$vw;*^8q2uhs+H^
znOn@?h>H1$GK8ZElp~3B3DuA#G?m^(lIh)aIax|G=)L4Fx`N(MK1TECgXC`d0)2tp
z!<Mm6k@SSk311``3El)B$xL`7;SG|VqD#?{Po(HmzDaUY_NR1{ij?oCyg|O2^4p~e
zB(yYT>00v2(t@Q$WDLF8LR3UU2uUGJNg}z6RFWlRE2$yR5FPnC*+ITR+DVvnkhe&L
zyiMLC=g1$JB=TEE!z7cBn5E3!48vqFc?{2NW-6I`nC(m*lgSvF2(yZbG5eS@<^b~o
z^JV5$=1u0S?91%Sj7#NEIhjV4qzW-js+j8Qj92xX>N!SIeOvWB6I8vZ`W_Qj^{M)q
zHr0UYC(Itz&s9HXI#jQze#Jbe{Mulj>Z0l`=G&@C)n(>+)wJqQOsDF7)%#4B>O<9E
zneVFpuKI{MoN!OVJ<Jah-r;zrms`rMVMe)!xrdqS+-JD;%!k|)Tq*N6ZX;LDe8fG?
zRZtbTnfnUmxMw*%P2uV}fo5`6&P#K+02iYVao^+)(9d!QxgPo$_Y&7n%jMq?&@J2v
z?rr)dZk!vZ4csMeirTnoZkjf8Gu#aIavyNlsgJwC-J(J6@7!$~Q4=+xF*Q{u(l+%H
zbvk`cou$s9FRE9l*U;~&A6A#pe)T4GBOOxv)i2Olb(gw})u_AGKVXy91L~i!A5;HS
z{d4vn^=b7l*-Z6o>ho;2dPMzucBT5V`VVY@`oGj4u<O;=dCES?oB5k;W#S`=b?kdf
zpIG{YDwQzAOk%KxWaGM%4HTq+3{Xr~3X`S&jay2Gg)60f!i+E{+<0nASP*IH%$5>y
zt+-w+esaB7Dwd0z#jWBFvF7RCr-wxT$;)EOlV_it7MF<`Vve{{T>bRWlc#ZSsc@&y
zDR=sZgke5nJ|YzNb*l2qoGj&6E`<J&{*W;AW%@Fn>!+^}mi~<Xj3g+(a^dKk^i9Ik
z-_YOSbMY1(B}sIgjuQ=im%fWn$9wcWl0vW0|H5bFefmB=BRA+@NgB(r3|YqFKXNyl
zz;a|ct6?=Hon6i@Cm(0i*>sY@-pgi^d)YiTk7Oyogvn-$*dmg{7PH0VKDLB?f~=6Q
zFv->YQS(Rg0Q#?C(v&kNn+PSuE0hQu1+2k@ZNg4LCzu4Q;1aNM5<)^uXczW@gF=_k
zgMXQXqrx%agm6kYBb*a12xG#8FeO|St_jzLTOtvzi=1#x)ClK9jhH5;i`inXxJt|y
z*NH{q2C?kl%CJ}=R*Kt2?VX|*&7w_o|4Z?UVR5(Ef!6*1QqGGPVYApNc8k4u{72~%
zkBft_T!zGP>{W)>m=v#wGvXZfx`87ui2JQnG+TLV3f@1HcnsI@i@1ky7h%+p&q+E8
zOEOVZWF`3|Ng%6H)a27BJSjv;Bt<Amq!?uhDJ4(hY<>YHg?t5NDS4J`C#hs7N*YEV
z9r+kBpe!SH;vjdECgLIYkO0cZNefB_My2P-z2w^{S>!t?+2s4AhkSzk5amA7hq8kF
z1m%A6Q<PltGn5C&FUcA7?;J`VM!+%hAQ>mWBdf?eD67dIP#z+GL|H@T$zRa-o8-UA
z!{j!~XBf(;Ndc3D5wMU+#t8T*M!-~3gb^@<6f@b(edKZGe&&AiIgE&Tq!eS~X7VJ)
z#O-7w^EF0GKF`!JHRKD7p3##{%5Tb^X3UJ4R4^hVl4lqv<06|G9}^;5FoH(NHjJTd
z<XPtH%pUSpri1AqUsHZ@wiDy&2~x!jGJ|9nGsOIY=$K*VS47Xe&b&?x%p1&kVpQ(m
zdW-@BG4r@^MC2X3gIM`S-c1_hUlI{JFYyv_@L@hoobvC9h>PFLf0H!wJ^T+y6aNzb
z5^2V@ohCPwdw(6S9<gMDT(An{gLR7(EwTZWk*`>CEvqc~mUWgQ%LYrCrNUBa*>2Io
zdW+d&6Xq>$i{BEq?6!1R_FFnF-IiWUpXIn^&@yBhww$+Iw2WIOEmtfvmO0A}%Yr}!
zUPwV%CS(XX!b)MauvS<v6bq$7xv*K-D(nzy1cPu>5Cn(d5hNiZ>=E_~2ZTeyVd02y
zTj&=Cgp<N)l(WK!Fe+RUE(_DbtS~F8#3V5l_cKi}{~z|g1}duaTKmk*nGt_7A~i$_
z5=w|MXpA9-8bj3@g9PEsV2OH-Rf2Nn%nvaCGgxbkwU%0I)f#GvF@Dxk%B99oLy)R5
z*1u9N*H}V~wSIoY8fq-@8n3Z_#@xN1a|T8r)vkNLwZ665zUz6;<~{G(=l$7xzxzFA
zO^rU<3V&+eK^Chg`~07>?>s6)Vdb%~@?o&@FTu)(!^-c5mB+)%N5IMxVCDD1$`fJb
zNwD(!VCBiM@)TJ4{jl;>Sos66^3kyJ2Vvz82`yC8VC!RH>*HYS<6-NMz}6?g)*pqf
zKL%TWoNQe$WWc_^0{ebKH%ga8cF&fb3CsQ}EPD$63(2Xl=4r6zufdw9!<wHWYyKAb
zzzez;$Opbh);tr|oDFNv(fvsGBk~8f>0GkuH^?8@nk87XRo6mxJX_bQYZbm8^K#6~
zLP5;7m~FzdF|WnEMp=q3c17$OTBjj2_k#tUuT2nKHH4jn-GnBs?f~Hkp@ndQ>%?KM
zT3=mh_TL8DNP!&JE?>Q?!Pi(?a4WdZwb!@5bUvXlU}d-t`VN)Ke;eG!b<Ef7YV{p2
zb@hP%cD4E1OTC0}V2<mQ?{w+%zYVlm6<FXp>+2|8<Lhvp_jLjneO;yN36=hHkhcVi
zO1B3T*Ja-o*EQeu(wZLN@122C*G<1ry8AY03iwM81eTVFeiJarKcpnqA6I%r1<O3P
z(v}|Z-zD+>5v3>mBlrp=`jbje-X7epB*mXvGRB`)dgfM?jQ3B7=#56nM1Mx<xgL~E
z_GjJ+ylv&NCDZ)VOS1gg{UX;dF}$bB;~6Eh{RMY~dH(q&3;l(Cu*5Gjyk~=AiNo)@
z6L`;;CziPVULfcX1Izr&8QzQKDSY*u3n!Pf`%jjv^sg$Z@UQ6&@8$9_CF}g_ZwK$S
z^6}8I$zKUn`L~p8^KZWe)&813sPpf<1@->jcZ^1VQ^|h+fj&6oKT^`{Z|Q^M{u8%=
z$9)GVy%1PYa@v2Uq{Dx%U(mhMOM%s;R|9L&uG4?vj?m@5RC2|CwGUX|4gZ-kePCnB
zb^nb!L0L>-bEy!}cf%Bji2(P_gyDg$kP`ws%8~=Mr9%Q{^tTtvMhAAG4{?Fvw?o;u
zKtox2U~lyEr6U3fw;(By+z0&Zq`<+_)WGPnDS>0S&Iq*j*Pky!X<A@h>4ZRfA7lh3
zm1YK}^uhGNjA)eQ1ll68{gzm)#mY#GE3*bpMPg9doWR-WIMQt=(d(+MN%tHr2%PVp
z+oHh5=sqEq+@zR7zV8#&7~mVE`7rsFFV?@F_YJmpUpyhPd}73&eJOOM_wfBPC2+Z{
zG;poVAGlezG$``^Qnn&Ei0gT5Wvhd+Wov`+9AC>e1`|0>mTeBElx+=;;XR;iM{qpH
zc8r<qy{tAkF%qB4b_FMwH3X;exXbnivv@Ab4hC~McCt?3Sa5b(Yj9p!TX137so;{b
zvq4AM`JlV(Vlaq3lJ_9q6L=0U(>|%~XJyxD|B1}=&0xG+3@&3Ge9t{7xY8XPtiawA
z*=wWLs9PsP+fyQY0r!dbMt6L09rw+h7~Iso&fK2Xj@KUhGVOUhHg`&}itF5CXb<0|
zg7<5l-&=4{-IuXv@qSG2iR{IE1;~CdwqAQIUm5Q4zAFsgV<Y=&1n!A`6C<)mV$am}
z#^}BBmOWD2CnIoArhSms7<(V>hwf?q2@KdR?{gDXbjK`$J1e*i*W6&Wdv>r6K1T7w
zJug`AUKnh2FA45<JA#K$Pd?212mF@&i2cd!4mP`k!Q&i@+{=RP@C(fkB5{#zi}i4v
zbFZZM6!8&WFN$0Id?W_;@vUBd6^Sq1zQsByZn`Uir?KYif*q0P(VqOxy(!q~t_pT>
zzunt{SKQUX>m0)olXwhuA;DcAGU2(~#UQO;?nW(+N8-|rs5V-kG1gx3xO+Slha>pH
zSoa0-)V*K39tw=+F-6cPPDaN{j*pQT85Iw)_N<57aBQMEa5o1I`o@$`_Kh!}#^BtB
z*PC-1-^B7P)KSdxWQSJyCYR?%@)zH<^4ad|p$x<^$~$~n<@1nJP)zfrh6>$RLK7l6
zfiJgwAz~Wu|C~2)teaiFg!gFQymE(cVY%Cr5%T($lm~r|@?}1E`AT1~yu!Dve4TG)
z`6lFKTD;_Ek()*GCeC@Z90j^G9q404c@@V?^ed9vMe;C5PYebkIgFNjurAKWeCx`$
zalYf*R9@ZvJh$iZ@ZX#Za?V9#^Hr7Cp^o#$2(&!$7WB>qwcPI(X!F`Tuj>ZqViEMt
z>moT?Ke?H2n~K}!W}JIP=U<$2Me?rb9E<zP&vKi{ob>iB@;~?S(2zcU)gFqA<XG<0
zp%LzmP!h+Y?s(N1N@crtcZJemPmy|V!#>CMM^}#!%Ji5*(;*KDWqaa65+mB*JR?E{
z93wnQq4{i|p0tqMCyya`CWKr7*&_pfNO8-P84BY%J+wUHgX|L?DYV8@5L(~uf8<x5
z`JqboH&0<`i$@M^_qakey!S+actmF`_#chg;|=ZfghRWbo8pIOd8i5F)Y^Mig${Vu
zgpPRDhgv+9p%Wa7JX=C1J=;TPJT;+no}Hl!y#Fx}Cn+cJ><(S>G=;8mJoX$2-C#TA
zz0h+ctoO8pV>~CqX3W>g@NmzWZ~~tbJQu>Fd7eC%!sEET=W00Jb0a*-s}E1%9FXIG
zBsP0v!ZW<)a1Mj@VV~ji(D1O8=iQqSp5sjpFJL?Kjt&<ghS55D$AuN#OAnVq$E2{I
zW4U)qc&T?rc!f77yxMCGul3FeZ}ct*Z}t|2w|bTE4xV3cX}A_~jK=Tvhj-z+G~B@U
z;9U{k>s=i_=v^B==G_=>jo1(8;GBPWH;3E2Tf?WkJHlsCuf<$%ZTP%*SNJ09XFu^a
zgfDydhOc=KhHrM;YUCUc*`rAI9xE5QjkmRY5Z4KML1%6;w+q5Q{~hHY?%z=^3YUBS
zHNYkdF54R0dRwJ!i*38D#<tV8+ty?|U^_zGVmo1zwXz;KX**+cY2}>lg6)#+s_llN
zS7H>iGJNhtB|%A6Ml0i#bY+q<MVVn+Wm~QmC5EBoC|0UNnR8Z|qb!&^Mk%s|6-6mk
z{B!G+rOFCrwX#;(sBBiYDmxU#=2Z)|s8x0;4a#0ySS{4zpmI!URoc)$?h&`-d;CUv
z1Apzm>k?V`GyfxBL-WW(EL4W!YiJz4hJFcOL+{4d(0D-+9Kt<<i%J5%iQbEEqNDIl
z^getOO~yCTFXNl&{rD!Dif^J1;G5`!_$E3A-$Wn6H_<eF6CI0hqT|T(T7>aJE0ss_
zO*9?fL?6R9(Z}&kG(-4M__Od8;Ug-O@n!T$d>Q>JzKl-Am(gkXGWs=q8GTBZq)QTJ
z;LGUK_%fP>FQYT@Wi%UKMxVi#(HwjkorN!>xw>!ZUJxYRi@Fzue0&+5jW45L$CuG(
z@lA9N`TLu~T-_es9$`Mdj6R1iqu;=n(M94K@%us{`TJ&}NNg1M2usMjj|j5ZDgIed
z$cwMiT<V0du)N1s<%vSNJW-x3Pm{CcTq?8WdGbPeiR_Twa!_7|a!78LkIU`yX(}CZ
zr`#o9k+0hXo5?nWi@Z{<kk`qZ<SLYH;A**!xL$6Q_j6&p(T^p&d04ZXIJ}=NMo(+>
zAXyLFib(UHPS(S=VuGy<AWM0gY>2;{4<zfDPd3E%F&OqS1YgVVqH#I-H{Ynlk}Yf?
zdty6?BP*yTdtwV1F1$|VZdgD(EZ`nm|3hTA{8fA;t@-<8VZ7@1V$~DzC43aE`~@Ki
zYn-f$r8WLCRyPIfdOub)Rkui2C_I1_eUMhvEsW6xX+_iUt$VC)Ev@1>tm4C1#qs#E
z{fO>OU868T(8XlLWcI8_afLXnxT1HFPs(SC*A;Jy6!~0nl~%U(F7k!q>f$=J$d`)i
zi|gg9RMV@-H*EUiMk@QM9O7b&v6<=GTzouIY{QG&`xaXQG_)6=)=Gz3Y{|u)#htbo
z;;z2MHoEvq@%2cN1#YVr*`$>ry^CvvD@l%%M?{J%RZh}MYVYDolhY#aa!ruA2y$BQ
z;>vKQ$Qe}leVJTbnX;Fz)8*_)QI_=8PWq=qLu&WTN@{Us%LQ_QOCp}%x3~&ue1(xh
zPxbuIr4>`}VjE{mr#^)v#WqQ+pVBiEkz$)6FPB$!7ivZCSaWN!<q)j$dX!4J(l$q{
zUtlYu>z2rfsGPPb^7g*PRw~y}*(vYlV)M&QYOyV~t+1_@574Twl@IhC3H5m+&C!wW
z(juSeE}3evZD#wnZH4Vt+jiJ$VPm^sGYzn)y`<+L#=FLLj3n;SLFiXCk)_xguu5sJ
z`L05&Rw2*6(#{iY%dxeR@2s=6k>^y|PT9`d&f6}^UfX4wt8CjfvgQ4@n`H0pil_|A
zi6>j`Qeu^OC6TTvG@~7|m;N53jF$_QiOOVU8ugg%ze~x&tnF8FmE7VEZc$vP%vR=+
zF7{fC2rX4#VcYB|u2&Yy+m$876^euEJE`3!^14pNP0~6gs4Oe4QdTMz$~t9}Ql)Hz
zFW0L@saERPUzK`WgRMbnRQ8j%Hme@198#L`HhPnCoO;vFKB=50%^gao(xqHcuG@v;
zD|VCWf9!#>$v(s$N4DmLy_x9l2wLY#dy+j>-f2&>PoOoPBp<M6$eButJ<~qjo=vm9
zhE~92m&i)l<|^$4ROZX;?U||tQo&lG-FDav)!7RPvb^0+7H{`b{Rw;6zTCdbzQ(>@
z4%;j3TjcdhynVauwb$5pQk&iOCi?;V5qpch5;ktKpMai|_A~Y~WW^2kbM_1NOZKbw
z8}b$|#dQw7eWxP^wz}JX!C{u09K+d8i4Qmul+%u6$7shmN4hLICdo$}Q^<N(uq8TX
zIC30Tvfv~1m&vx;CChOxmxF9XPI7rE+Ge`K@^;tq;x4janWBKn*+`Kh)wQZP*R`fN
zNTY4CSGv}_D%r2eW@xrtTU^^+HLjhm-L59GP>LKB4U*UfWRvTF>j1Sl;@V!^<(y_a
zM!GoO!Gh5eQ3e*AB2RF&6kky)C>oxiJ2JH!L4H%<I!RI-&w`w!1YKub=j_{E7hIP(
z3d(Byo4|90IcsuVRoY!QO7s-xrmL~8B&Nj7Z{s(W440*n1de9J1tke3$t9yp#wqb7
z>BXHTlhnwC*yU2%OQtBx<R<4B?ula#X=mGMax8EZ$tH)wg?gJp{Z4h1vVA!Gj-__V
zv4ZZdhD}KF8pm2H8)?P2I5s=B(z@+%)XLi(yX<L>27cDjAlEqdlHC*(w>u8nGaRK<
z_BxI!ZbvJ<F_p%BRuOGy<pM{W<CNp9<2-p!hvTB-vTa526*;qblRZ_Lr^HjwcH+)8
z$4#ebPjwD*#yaDjiN&XB7pRnXI(EntoMW8hofDTFv$fGq<F#FLPL?xBbEb0|wa=0z
zXRdR$bDnddbBWVIR+~oF;G$UXb-JBF=d$9UbETZ>tRO$8xa(YJ-%TSNAy+DiWFwoL
zRdTj-o3q+kP2MAs&N^qke2#2q4b5K7v*(@r<yFo@&Sv7{&UWW%=OMYq+2QQ8yPRFl
zE7UsPdEHS&sjtbN;S$JKGF(GkarO-RC1g_%|MQ&r4|mQ~1ULQ*hj?OPagv~0Tqq1*
zoIoX+%IL+T7f1`F#p4!_d#?St_QmOo)A_n!{(||>S3F;Vx=B=~ES|Dp)q+)vXHdzZ
z!p~(;sa#OG*t*zC@6nq#nO~xJ#Nu2d;9R4}iN=7;SHy|Nh_j3dnePCcWnyra8Hn@C
zV4PouAoDdN^Bs!JHx?(CVK}pVNzlbEi7myL@ZTU7Z4`7xwRGJ~*InYUS+PYs?gY8J
z=^9T+`~sw?$UUNB)|flQc*4YfFj+<J8M;opGvr>NYnFyw4YO6`W~<jcJt2nVd4z?1
zkvE*KOKy+6WWs2Y9U9z(U@wgC2g`b4<==q{!n%I2sUN+Js$ST3XUONduO`%e0qRxc
zPg60g@eZ+{aHt<NtH|edJAP-#=e2Fua9Tr$iu~E?)tW==o=I{ip{p<Q*#@rM9{CG3
z9oJRl3ItOx4Cx1Py)feMKoTLfAEXf`^n;9E$h<S;S?M}m^^bl*_wwct7HI9HJ469t
zem|J5=~U=icxT8frK=nTR}>;`mTK1(gw-T_d)^g|ytSGfzCH3b5;phJvAh>n^#gu(
zD_z&nb%%DX?Y}=?i1mcZez1kGy&u%vio9J#J@Gp_-bUhOB#t%o#FxCix5kfdJBeP`
z$ht)4=wQ^`9=o+q-7zIP21I-~;$OUHXf~fueYnM@3)TC1t%NqhDK$p${*rfIt>-c2
zT_jvCLVPV+tH#N^n?*Y$u?TyBG^j|8?@LsBmv~OJ_$<+$CMBxll~UAskjAL-l65j9
z)=Rb^QCyU0?j-7i#Cm6I^Bb8@?mzF7kv%LoYMxn-L)F3eB-$^epw_S6>(pzFy7!aF
zI`LS!FU!=vNh_nCU!tua|IOo?t&OchtBa39N<ZkmFHi0V(~5fb*Qh<V8}p*jdykFm
zm;ar8vZCnLy>L@e&mI`H-*v|<f>ftnY2T6>wR(yl675M6?LiXlKhklno_v`15BTja
z)t@BVXQb0=ERs4jzlivO78hY#&03suMfu2OHE!|q-7&DYZ}sx4?)Vb%t;<^fyR<dG
z67_so^*4$3CX1l<+d_Mih4-LrEhf<zEVKt%MrhC7F8=h6<NdXX^tqpS+zoFOzUW=I
zi>GUPp?92&j+I-AdSYaBOq{MgTdCd4RAY2L*-!o^6`b4fdLyr?((1@oEIUc&IHu(<
z`IH-33bi;!YnsnFQI{IeEIju-Us_I(U$4b7-v0$H&awT`9-UA6@=2eC`kT-B59c*x
zXZfs?^O#O8eroX&&rUAt$(v61#8K$dbfAx2YP>|hddJ~jF}OR2iNs+ZC+p(-WK;Rq
zqn^K_jt76&X?{Xun=NQ{)lsPL2fcH_=6;~fYwx_S8=X<;o!3QjwEs?SmQ-|W{*_kL
zlXpesSlm}Uo7yuceSC}j&yvyCuPm8G-8q(p>Mhx7EQ++VNUB|13N(9)#IgOVUs*K&
zvQS*HXntoQAG3s2MEjeC{fg^XY4*9ksBa!auvBW;q5{6h`nPM>njRlypRmwgXK9M^
zKWb+=p!%DI_Gn8B;e@*PM8M<aGZxPikJ)mPa7NQj<FK65#;LWp(3#G1iEx#0qX@Cc
zswdDH&T1wMSNA^#;w0q+)&xSb8jr1`H9Muf&^nHgPMD<5mvstZhI&r0TGe^7&QaT2
zY45NW5fn8C<oF+n%~sk2tbPsY>ORA^ZC$F)yOnZK>uS}`tZUVI<aM-e)b4H8bZk{)
zxs`H6E9Hk)ial1!$E=ixSt+lwQa)vERp-~*ro}NH|0(TyR<#E!<w91<fvmJgSg%Fd
z551G~0W0M~`IHOg57O$jn43@eKz_Woe&i?lG)MWA1LTj1ven2rAhJi1oIhS|lRr_d
z!+)6(V;=m^|1#qr?~9q3CLZE{UDY=WuL;6{WWs2|I6^vM5@AZzbp|1aU?t2UEFcsS
z6hbM%PgqJ=L0C;#OV~)*OxQ};L8#TRi_k#WOE^e4Mrb9p5l(4+IIF$${1;p=5-w}t
z_SXnE1tCTx3?js;eT#|Lu8D*c!WhDMRZsVIqI#eE8Z((NO&xPg79p1~n=p^Ckg!C3
zUyOs`CImJ8%Lpq86@+z!O@u1KHbOO_j!;i%B<v>~A~X|@YuEOu_NNIQ+O<)8t|RJx
zC!vdQg>YRUXC;_=t~@^j$&&}h5k?S_`uV%}HI<M?m_W!-=ko8uxLYwWQ^RyZHbEj3
z5atsKwR*nF1Q)?e2uD4?T*E5D8Wnxsu^xCWZ(Ck<UR_>&USr;V;80$($&`0IuRZT{
zUPoSMURU0gyz7!6nWQ07oHRm8l2WOpNfV?DDN~v*WlNG&AkCKw`Jb%;uN21L%c-oA
z))3Z9mC_bzyHu0cA?=iQOHI-N=?KswosdpSXQXq|1?iG>Rk~r(TVgC`%WzAACD}6C
zGR~52nPiz_nPJJXSS@ob3oJzz#ZqeVTb5c@SXNusS~glXTeezuSZZ;9m!-k7*K*Ku
z%+hLUvz)S=wVbzHv|P4av)r_bghAF=YrHkln!+;v9%CJEooJnGokk^#N-h<?^4~1a
zrow;Eqq5Mt#Ok2prV_L+v#zvOSl3xMS*xtutku>!YrVD6y5D-p+H5^;ZMUAbcF@i+
zvfp1~5VT)nh`}#048kul48boknDI*tvG^s1IQ$aBaQqTOJbsDc9{dKwNV9AX3HO@I
z&1-~*&A%}36sDT%&2I`%o14sU3A4<H%!h@1bF=w(!q?634b=(H4mAuFg%v~1Lmw4Z
z;#V1}|3B`TP8X+h<G)>L62=O`{l_(sm)}obeLs2g{p7{>lNaBAB}!(HN0T$6E|t7F
zb%<J@8mD1|2J+feYM4r1n@V1rnxVE$&D7d+9eG)5wx&zc>I*c?*WSzb3e~?;WnpYy
z6_sd@Vs2!git;G6bo*7_X=w=gg}~mGR}cS+_O1*`qO}@|U*Hh%+Z%fP_J+Y6Hire#
z{C)FU!D#-W`A5P4{0_$u^UusRv<|PCUl&H18_j!!Wb*;@Z-f-{G4pSQ(L?n^^}?8;
z#-T>xp`qzR(}lGE$J%u_pA(-VUTO3Z4~A@oJP`7uT75S0M57<|MX3KV<h8`<#@8Wd
zLsp-C6tWf1K0-X6>p#0DmO>9dI|%xd#m9&j7@y<+4$8O`_0x&7i~-_JX!9z+_p^GI
zKl=mvP>K3iAU_74i1$9GG3%LW^x*B&A@kcm7srx318t^&pVme<7H!JV!>7>yC(wT{
zo?>~R;VOES$YZCCnC8vMPmRK;=Nn6izp7~)3i)y9=lUV2$u>@f{1jxhWd`0$-gGkt
z@(jp>#L1}VaS5n@TB~O{6LJ=KFj{6|e*QyzlH`YtPV|2=o?>~h;WFBc=b6EJ<r`gi
zb}i<L<spVYqgNw|hhs!{^Ssg6iy(7L9oK*M7p%fxFsnM$&jb$;Yk1V)Vc?nI$Ix=H
zI0-zP_$xeieZEoVf6X=)5`Txsq7Ooz3O>m*uV2n>bb9bhXrIn(kkRHP<6`1!XdA{g
zy7ySteS*6i(Ee$({~_ez(DMoSEZScee@FFt@i6ghv5ob!tos->viKfxCbto;GV5}{
ze+BPjHW<+I8R&VI+v`4nh8oDf#NC-_|2f*HK|T*Y2z~?YKN89I^ts00kPIKun~ZOf
ze3R>SMaE|04v}n0pTKQ|kBl!8|0lEVyjDYONQa&Ta3Y>925$i0BYuv%&y)P`%=*)i
z_kxduUlJGa>X<$v{(;5~;9776xQltf2zuiU%=VjT`KF0~$7K`bsbG&L*Mcj+{OmJm
zc@=j%xW+IDHM>x=O<i}EbrUsi0M~*mz+GT|>KU}(iDw0Hy74E(Sy=bKqUNZ^JeF$6
zC&3prxdB`Yt^jwT<qSGaq#7$=V+!%}X#W)WQSd<U1K<td{{;U=;|6doxB|?Y{|{#G
zhup^SHn>@nd5oXn*|{3?vvH6UdAz!hj4dRO0#DZDSHN!YBJg4GMbdc>R{t7W#xd(I
zX#659>L6PhYHmV99BUx?Fyt5EJ1yYDV6~=++B}Y4ec5;j7RVX~GL!5EFG9^bB>xQ7
zbryE}8p~w8E$}0*FQGGuPG?~orv9ko;t?HX%hxBOCJ{A>=wTwpn27#J+!M0)IvVLx
zjP%>kyc4_uyhqc(9_NEM-DA3&Y9^sR0h$w_IRTmzpgDnOkGzug*P`WV@Fh*A_PVXm
ze;nMU$!^3ej1K%O%vdwV^2Pvuiw8UvRxPt^7=)T?<FDC%AU^=hc>wY#(^rWnFw?qF
zZ*`~<K8I!rcXM%fFYX@4-97N}dU)t)a56mNQAF48n8pylfcg&+53fMp$or=5Pl&5`
zsnM8Q3RjIbs{axq>MHOzF=NZnW*mI*UC8%=YqU6Qr+Vnuj|2~39stWRy~^`rL{t}-
z^H@wRESsibTt9~I%kYaqu(W?;7IWc8*H9DIyto41!8#j_^~5FOPL3xSZ!5;~5?bcN
z`@U`BXnz;vZ?H_!hU3X>)K_Z}iREEvGZ*p()pODQPZ-M~=-deX1MsdNAR={uA3?A3
zjh#H(%(VM3tCq0Hbdq>0T26(0743Ivk&wN9i5ktg-mn?-uo-ucf}aA<1rG#|8juaH
z!`rzg#8yO6h2<=8CNw_)`EhN>*-G*V_{BS@Nd})X-OHAP-Q-nx7XLpJ>vVImH-&ho
z(5+-PUWZ3q<EM<7@bS-4BY{W53$CyR!#(h?;n>S2444F~V;k6w^%BtXBY51C?1N<O
zO^75aABGq6-5I!Bj41T4nzwTOc+?-nE|$ysX<gnzBxH-4fE}|QeHexj8F)m7XVB(P
zs5vfD_NbeVnmL$<3#Lzrui~jf#Hcx_IghCIpy^%SdAaArYD9ezv4!8Y1H1uz(DWej
zZ%jWRo@%o2E{w=?8h7_<>_!h+E-;P7-HV7S9E&ViBgOO%_X@pzg|h|SzaeKxz`A^f
z`q!~)qnHJCfA8R2RBshof2(LF?&R!FKayGK!W(@UuNPz7%5lK(C}PM%%!Xu<YV^N_
z=9kg(C(!)AA<u;77Fb0K>(u3NZ-rgx^9Ar+;~=W}EAo)p(EKD;Dh+yC)y#ymS<0YT
zUJp-MgS_s7=s^G3R`18%D)jjsyz3okOW-kzzvp={Vm8E2nGHd#ay)A@yvwrqB;+iN
zv<v<J6cOxG_;mt$`w?{R<sKR)V$=h*-f~Y;AdeI2<f1!@QNJltzAaor-;Uwg-Dope
zbaBMMQw5w4>kABjA>JfDO`4}*1$T=}*tYdAliUVvA8O3nUWJ~=wOJBL{(zb6ZIr<I
zD$Rgl0OsN6c*+Z24@>A2dG>aq<`-D;G0^rLdMH5-U<O{nY){8X9eDOb@M-WY_<je*
zveLK&@<6r<-bn?lm#`H&OTb0wZ2@$ejFlWuG|S}i2Kc?g%V=}ml*(-U1pF>|AL>)U
zIi%sZnx%6~+6S2@8{b3BXE{sF+o9(j@KNYF3Oz@m=MQKvqrJ>EdN*n^Q6s5&KFhSz
zeFA<Lybtv$kh%R`>RAA9*{3qH&1azJ8Gcs(EaYcZne`CwLwyQ(6lxM-SBEi^tn&kC
zy8^BO{}Nm$@_s!NI%h)XOz4~moim|xCT3|SYc`~DOG6rF;2<;{g!~5NH+U2@t6R~3
z=3lAfWtsZ66?(SfsZXGRYbK$epK8qBu}|ba%r-s(FXq*GQRF@JfOekZw;UGR;mbHr
zaZ5ox`<%mRXe7=}+2G$o+eqlY3T_A2;n{iMEIiwY`VYY^BH67eg~w&8WfmRWMr<|i
zp$LF?nY>2c0T*Dd+?avCqP>}C)l>_Ae-yoa2X^uSc)fPAdk?E~1UC5|R_#5^4D6G=
zk7i&ruaxl~;w?Bu>d`U@E#HB>3UAL;?G0=33$8I3uu=xpKZEukfIkJ-fREt3Q)4=h
zw{Xqpye_o9ET7jHYYn+kwH&S?OUS_r=3vF?<SxjD-_sd<f^jf$(DZ#e%flZ(`@pz~
z+P{pvu9@dVe1dl(v6yAU>);=uzJ{|$@l`}iw5R-^^SAr(>@4JOPPBZRPw3)Nj@|~G
zxDC%5DF%wMxce(S^)u!H_o6-?8g78=(7q6MvYgk#@CMJV;SA)N;K!K7WL_gN1-4Ov
z_HV(W-e)%MK%2*46$#wZ@I9>TUm!bh_aWRJ0c)874eIH>4xEj5O-1(dD)z)Io-xA*
z*jXwNEe~NgIl@_uVH@)2b=aG>GaHtn<~zuax}ax2xDEU+_<iU(2W|z2uxGuGowt$M
z_%`I_U^TbDioNN($co1zKYU-48^E>T3NYui@AIkCcmebO3|bBWKVkY8V)Zn-47^9<
zT5tuJHN1|N$hyThxQ3W(tXyMU2&-6ttThCl1%3%<88<RdFS6V$<lEJpg^HtLMZd-y
z(cVzO5miJDF^{Da`XA7^0bC2N0FyT3Lws5{y#>oTYK*6+21DC6@M7?L&^a74P!734
z;|6doxB_>1bmcr_;y#uKj57TMJdgF`DN$pdrFWpej%UL#71`i2jb8z~!HdAKD9-3i
zgRuJFK+7zSkj4j$M@jzJ_%`uRP~Wbx8@vd782kuZ9qt}M%@Ndmk27JzYwV}GZy^Iu
z0)G`8Le80tv)dEMX~!XFUI)7h!EV=aeyGoa=3hZB=Ui968-4pD>i@`k#98S78LkoU
z)%X>#8@ve2UiKjOO1zKH>878nmd}2nKL>4t!P}56tbjKS#|hm7FW7>+?`!-D*bQC;
zK8!XrpW>JKEylO`3otRa!P%dfW%WD8Rm{>UV=X))iSMe6^Z0o_af_W?W8B9*5gQ<X
z3|WMoh-kme_z_k?Wj=TRJD<C0HrOg!#TDoqTdV+i4|=`_chy)r1w7a|oLJ!XGLAIm
zlf0eljbDZ({}EiSMO2PIdl6ALpv@Yz{{{T+FYu$mh^vzjhpQm}n&U9p6+LA<fOR<n
zosEdJ8=<)b+Qvd|;4`~eh`VmI+{+xZk1ad~XEfuFq4_3T%K$az{|={~3V7%Rc+ea0
z4xIGKe>sNy5*mIEZG!k6dTKB9yvcnNaR#SI)rPg;owOJyZXe5}p$pswzwQFJ!CSk)
zZRqW<NXB<du@SR$gEIlc%ZO1&!6N$hYd(pKKLz`l4frl(Xg00pT@PNo0rDGY|0<rv
zS5QL**O(NJ1|}!!-$whh;Ag?xOjnr)%;)_MZGOg<GvHpx@!-dx?FQQ8tEo7M_XshL
zzsQM?7!zPWEbF;%#*4iAVjO&Dnf9&BgT3+?+X>f;A84m_K4I131oQ;_dM57_1G2Gp
z?_#B%WZ5*xco*HhhMj8<pO?vcIVQ~Dy92VZzieY~qIlH=K8(231m>MI2j}jws6T`H
zGpPR<_2*FkKI#`h+aK{3^<1_L`(qn;55L!VmPcg5cWgsFPU73K({09i{5O2=rYN@v
zGyEy~%yH=nK7*U?g4cJ!yZ1AT_}WQv<`MLSxfOQ@BRd*wdJ^&QGx)+Qh!}i#Ik-ZL
z9{kjMh#PP5d7Ro*p}q?JN4zq<Kym~6{Iqy4@&95LlQI9hFw#F@b%JO!S8K^NNjMYz
zmd7X#;}f(2r*(sRraOr<-7&=EZ(<%2vF;D6r*Bxx2qVQJQw*N^6nVmHd`>qyL^@xH
z>kwm0@oXucT?@H}-=+Tw-dKcnc@<~F@8aa!244^{+<jGZ9kJGB632GTF*7qWbIgn}
zGc)^`?U<RFnVF86nVFfH8IC=^U(HP2hxrBbu&cLJyVYvds*=>bwN@+sb*eT_I38bc
z62}hKH2xmd@YwUX4TXONkkU5@_L`kTH?KVwWFPH{aP{kWEx5++Apyj?+$|mPirA-v
zHRHKxc<Z0c6u$PQ7+_LI&ofZRXa$?E$`cQ6MoeIFA%w$xtL-2CM4u1uZoqiwG2NGa
z<F;-GeLLhC#?AxnMwYz`_Ze0Tdys{(!@a9zPqJVo@~Mi!N9Nrlz(%06?W4;KLgC!G
z^9(DVvG=(=sBhPYb9!Yt<ZOrGNuIhI<lXk!aSYh`yj_;LN%6(W80EfJCd}S~a}nB%
zZd0Ak=Fbm)DEUNqKa*pciZF-W<O6U2wdd^1+^`<^G#Bey7C3eLx^<_%d96J@CGMHc
z^ED6%lRc-N2xlDOs*&eOYM)Z`Bzf6?IR>o0$^A9XkZ0>2W7{sM_m%tWlq^d$2pOw@
zFED27zs2AU85?8F?3y$>%>aXCBG@P0aNetKOS2SWsBnj8QP$7kQ`#-TiQ0~JbWpw5
z{_dR7o7MetN$#maB$e~%4o<r@guNH*#s_PSa96(zJ4{~|k%q30eZx0j{7+0@t~iyk
z(|?9jm<tsPC~$;4T^(fu{haRkSny$pGR=v`HDpkrjbV;HmB^9Inr?z2_pfV0<tJR*
zM|g*0bW^DY_9ydDie+U-vNcVz%rC+x$xEmW)I?$@&N!|El?LrUaU>F?5^<8G#RYK%
z>9PllG6^vSNO2_lvf_11-a~hpcki37Q%8<mU5+0-#ZxbnrhI#tQyBj-$BC9h9U`Rc
zs$uJpKJ^h`zoZ+~)0O4@$3}EsB_A>jfAI#eBB#;y8PnGKfvd3N)+6e6q$cQybw|7!
zzgK4zRM*wDIQyn2!eSbf-@eX2-<jzbl*v}nuXP^akq8K7s@1~G`f)Yi8tUGl2$7B6
zduWHXDJoXm+h?Pe{%Z^R?N}#SqXKc*T#V-{$K8c^i|k&3GjZSDB{PZ40&#~_4fy9W
z*TJIJeayT#TLMY_5>n1oOTmW4FiDe<K0fyDW*R9y`Tpf!hsqwliXNH{DSO%J!<fzD
z%t~^s6am7J2`^8e#)2MSy}HU7S<z_(c~P!yzyZwotrt~#rkSi9TcG>VCid7ZS2~~E
zr3r#^RritfKGr>FHpXU=yRBQuCZ0jyX*v`rOeaCW0^KXmmII}uVr#FD?^<%X?ihT^
zM#OnKdXXJ^+9i@!H$drzAwffECcz)UjStx)MI^j_+IH@VBFv=MwzT|QvtjiPX(1h6
z<n`wRiYq$~?37>mj-9byLLI)05QXF#@(bcK4-Mwnt4#mWJP30_=-ShQHzY&u1i}>q
zt}-Rc3_vXQp*j01_zYLr)%)UFzpV9(UhGqd#uC3M-wjj7a-YazL1Yt_|DSE|g&I(V
zFCasBve!W!6l7ostnyYV;9njSDyvm6qUwb%gTipWHhso?bsoOkhPKK(b{@{!<7E-;
zR5o@*qxmN{HwtZ}@XA-R4#)Q+d+M}!@#*><nXResiP8({Gd_=z2tSwyFP(<%ulWJ)
ze%QS=Tj5vw4k}3d=D3D(^u{|#)V}*RuemBZ4u?p^CC4_!dI$sbuz{jFO13{!lg#vt
zg!iw@;EvD%4X@|cS)&@Nyc@y}hBxBY@yBg+&7ViDsj(O-=Bxa?h`$}Ffu0U3SBqW3
zHc?p_jFiT4Jkpzauv<MsxuRq%Vh8<5O!_Q_>+<&n-kM<`kiy}%^$)LS@brQHV*e_w
zuHDgEu7tf>{@iJwTPSbCg5n-P%{SmEmYRrI@qMf^u+WJkYprbXDD>1a-&XuyrO)3k
zKWVi!0pK6qty%Jy*+z;s+yAOB+fd#5BW{6w87x++d~;LyM6nqkK?Xyi#Y`vU+Z}2}
zs7cK5JF5on@J4N_jIyezN9-V*mPkPU1_3^2u(<a>5adezLn->L>M`Wrg$ausrF8@I
zyCfez(JF$1B>c0LYBp(UTjq0h@u$RK-OrXEw<?icQ$mrS5Y4QMsy%Y3uh&0$=g+;s
zJHeXrqj!Dy+i`RtuR;!ni@lYu86N9ro_xn+&-G=jiEZS1j7180VK5D`CM<^&)e`T9
z!yb>5nNKSdl1$In!izj6RubTa`2$00i>$!*gIr5;?Ae^B#m+8~pV2)ZyM+)uJ0pvb
z92(k0IcpL=tOzI1tptaq8@uHiu<4^8tMWv#g!V~i_#zH4XyhWE^sNsZ?<;QXeo{Lz
z-qMRydhzF5t|&jY(z8nH!|cOMU-eGW51$W`q1RETS<FoSn=p7r1No4y^~ab0y=G*q
z&-VhWn@R~4K9ROk=`nL5T7z36!~g5kWw@g6hray{<3hY~$MD+Z-rs4{+LT4LdvpJ;
zGQs<oZUDAABC(-*KBD$mt9-cjm{Vkx{kT<J3k4*;-`{Q1n0Kh=&Y#tkg}>bBcp`#P
zZ*WSbt^7BJBlWp=fxlZ^QS|p=b`DnjSLH0U{ioKprD-$?tBF7P$v>0p>12JKr{#of
zf<T$iJJ1yBOaYcoHK8fVLneHj{^w6Zo#;YYp`FMM4Z-nXBbfVtp@tjjd&moojN3)p
zRzmOZCh|sJX)*A^>YkWIr}PjD@A5-x?_7+~-7$5L50JR0um%nEumI6db{m+RdR-G@
zb4a$3D{g3ttx0C@sFTqyu#Mz4e1~$=+2U2btY5;x-D}%>wK$1rzx5NxwtX<25%lkV
zekE^tWX0lbpBRYj14h_A8}4>(Gw)@xcG}_o4kO=kg}S9_OEUZ0mh<oOr5#!IMCW!Q
zKj66}dpa6vkcOX3b~h=E{bjo%zJgJ8+?sfDaj#Zznx04ZTFhK5*IbsWe%Psh4gJ+(
z)vWqf4I966r&Ay8LJm*u?@_X#l&UszmkM1Y%ptwRgoi~vk#LQCIr(@iQ?hu9z};Kt
zIu?Z5esK24HYEbczf2wWf3Pi;CNI1&TRP({(ir_=yj{{Lj#;I$O85A^I#qTf>{YqH
zU3P;mVNscERml=g>&H;Hj7k@wh9T>r_J#aK7hm%Art%!m3?_C5OiD49n}%^}qzTcj
zej@^cLDwJ5^QNnl<8zXYsoIP@*dv1If2cE71&egXdCa#MYS4f%)=t%;&QV~+qY7T3
zjcp-r8EnxEvgHqBgRYMvq&h}X)}9}d4-=1~zR`}4?3<_Nwu8rXxl`feJa;)!!|UZB
z_Nfzh)s=O_%b9T&_r}V+#~y0CjM>fL3D3SaLzDKSzDK^PrI?{L^y_>F37W0k0h@U*
zw3hGEm>{~gm_>y2+16G#PQB5YDWtTEpeJPMS<6XAOzn-Lq|K`muW5LI{OI?>MprZc
zrZE|}4eD{z=ZJm$`?Nd<2IMiI>#*X}&;5yOQ1_MsMEyx0P@wB?1^Tg)dY7*IM65s;
zK0WN?*@B>|N)7%?9)m7F=TGbg{?Tn5rN#ONH_d9xp6E>>a5d;fC3oAbTd-SKH7d2}
z19$DE;WNKncjKNT)4?tEpUD1=I-flDvKBtlBJWndkZM=)!td=*2wvs@6DIr@kNsV$
zyN>tyee+{o1+PEZEPU}9hbx#sKkftowWoUOu#k_i`Jd-+X{*axmD1jk#@fqCvlheJ
zvE2GCm~gLl5lnwEThI!xdO>Dp1KwflU~WIHqD@F}@?eiEIpb&LV%Vp%N!Sp2FcZ83
z-mz|FU7^~Mc!}!*=Of!`16_J_uBB+OiJ9r%uxU2~+G9RE!JBg3&}=tK7huOokIRXs
z{&<I_v`2cvyi->QRhlY(oW}F;rQs&_;nq;35ho(MnMDy~<4z!^LCr{)T2%*W>-)58
zBTt|=D$Z08BFFDvnl0A&VA>Qlq<!^sqV4`dnP#YWQ^C^=#N+;~gMz$}5;m;RAL7V?
z3M>%G!#yud5KnV+B{)Mu-XS{A4x--4Cdh}+m-Yzrh9ByLzzcEfoq@a^nkRX3sND*f
zkQz4C$2?eWnWl8qnQi4XJ}w?8V#V9^dpV9aoo@^sM>@yPO<+Z;%2RP(B?1Br8ZJY2
zmgY%;I~Zy({I+^Z_@DiA8A2N?$LhwR6sop4m1d+WQ4R?FV==WXPYRaYYzTc6LLphW
zzm1tLR7h3o6MA%5<YrY8f@SnzmVH~PW3YE}3D<x4i1;8_I}3H9@JCP!o`n{vMfFXQ
z7!lbn<M*1|F|^~PmkiMBB@jANb|5m*19@m4{e}4g$=*}Zg7cyuSr+v$Ds5D3i2RFC
zj7)2c0teDV0aO6gdPtAcAph-fJFZtVTVY^!u6jg!*5U~D*ec^&iO3>p-U3Rb86TVZ
zIeC8Qq1X4<sG1)IQ%StcoLJck)x%+Sv_>+4`=SC<@h<XbZ088X^+<jCcC7A)^GKh<
z==bLegl#I~d>DX-8uAQ(khg=$&lltiRb~PY1wUt_t3SvW8Eqxl6O?y0sih<>M%8{5
ztlW5U9i<1OICVrl57dG{@=!onEjcAzZPU5JqmyeWkS_0ua)((RG+EAU1@1y|q4HeE
z6dU{zG8=IHou#q1MI-ecYpk_~ws0Y)jmV|fff?(52gA6G$$?gKEAVY*It+x;0(tvu
z8E-<ILl|>f(~+z&o4_`QU&0E{kC_7W>xFec^BT#O)LqmFrWD&v6Z*=pV>?-mP1Ho|
zkzJ!5%8d~80&OF7N3+?gRF0V>HLWU=_4VV5(GB|r?O9bVxOGUW=~sIF7k%a`{tMPU
z<*-^@+fHdhRA9%B+q`=;fO@vC<S2qY16ortSpm|6(pcC8&p8#;FWmg=t$0WBnH=MR
zA??OYt4|+}hv6}x?~9PvA`Yx&*|ztPbickP;_y{Vyb?#!adcWPT*i{89sG{c>u2gX
ztg5~e?v(K0tj`-n;lquP(KzR^X+F6JvI6}2zb1;ld@b!DJZwk&w2K5j*i>90obzwb
zB%66|RzEbm;S;I^Y=kR=>|oweLA=lBL7tS}$8LTqNHVoJ!PyeS{i8K?{{=CY;{QMl
zNkTIV?M*N*`494kbhyxrSljm%Y|%5n3^}9e1iuQ(F&>TfRI|u>ya~MXQfzoX`reb{
zd~NU*?;sP#TXzj|WExDHM}=@631LqB|BEma!2dzm2HF20EamA7VW<J)-v5O#K<|Gc
ztl~08n&CV^UycJ3yN)XY5T`vnBh8qe^h`eT+XI#4=)zU}vM?$BbKKbv#3NWm7OEeH
zNcul;LU?p4TsHu?yXiJ--B&Zs@xWmmvAVhQ+f2=y!UIsIkm(AXB#8)Lb%Z+)@#GXD
zEXL)Ihi*2t<4g&1E&Rx*T@=VvsQTQORr`f}B%7$>!D2jm*_O|H`@A)-Q219$F5Sel
zGg8v0aiGsi@w4(gr<4+kX66uB(%q8k5J8HklY6NnzpVg0Ju`R6xQ&$CBYnnDptbBl
zNlm|E3hD;sFlBhj{4WVKi}+!3gTK>9{qx*svpYuCxD!szzZR8E$Wc!2N*+bV7O)-2
zJK|ZXmEkAFE~U+>_g{v~YjJ`y{MR#P5lS23WJ-sz(<0R`Mn;ws@>IN*6KAW56g9rT
zFce1b<#N3qO|y$sNtq+PxbJ)9^OfLuB0u=f5>lCRqv75omV_QU&lDqD#uS%WF;hv!
z&SpV9<#I-hdv(0XrmB^~g55(*7O;q6o{MdQpBd6GNBBGMP)I_~1&4l39mR9I0IMJ(
zA8GUN-m}LZv!jr98tXn6a<(kC`KgdY0)y1V_2o`zb&jkEGq5A4$X!&fm)K8&4{~QX
zsWOu4!BgsXJeBx8xAODsjkVZyuO=Jn$C{-+_3UqcOQwaDSAU^sx>O@q{IkcdKan?E
zOT6lkUf=!#$==dT)f*AeMK5;i|2<19bl9qPXiI)Z({r7((w<!Sn$25eAB(pcjx@P1
z+y0qT-6QZgcFQ^igREa6*6ETqhv<_X-3Dv^ZqsK1oXryR;fm#q)K}NgMVabc5<jY_
z8Z8ulHdjkWgbTUlPg^M=KW3+JypA_`c#-S!ju>&6&&+k$^)vHsoC=+cFaz+wD9ubA
z)Nfh7!g7udy3)L*WD@tA;#1f1V|hir@;Z3&NRt>8#<nSzqddaYrUoBk?ROpzA*bF9
z*I(-*zIa(d7<_VVe)tU<d_p8~YG6ebWk<{a3FFmgZb^8d5=ZnSS~EonGAdY5^B)G*
zy%IA=&d29L85-)lHH3%C9cejR)%PA9lN-_ZWn>xfXULI-_m!QG6H`_R3vbU!f>P`~
z1J~3v>3b^!n~$}AEOI6cv%e>-&X@95e0kuqP4ioRePDuOU5ko{%1t;brF#ysp4r$Y
z^xIrJ*zY?su_B2kd9_)`@;ZKiu$B>~*oECNMEsxIM^Dow=$!S@vW6UshqGEIZg_r9
zteL^<>#8sb8&YxRFis)u;Jkln8R3rav09vX@Tndtyq)u_mIp^IcSRjE#(K5mTZBiO
zkeegy@hUAhVOH}<o}HSyB@kBhcipVJCOa+3%}BO2miQ-E>&>s#oXAC0&TSAdqIt2t
z`Y2?mVs$J<cA78ZPW-yPQ@%&tNi(B2Zo=#>!F}yvfRr^Y$j3DNqyU~PGl#e_vsf>m
z1&Miu^B#Y^)LdqF2B+;Dgcu1~+2m~W-B@_}Uft(Ay98vm@N`60*~~nM7%uBP<=MgK
zmngDi%)+MbrS7LCrr}+1_IJ^G$V$0#=zw=tqMS_v!j3eaQtR`d``dg^RcmIci4ekF
zWNE#SyuQ0>qP-a0v+LEPwD7;KYE|Bjd^YXjx@Lc*$<K%a#-ci%z?nTPoDN1$Z41Wf
zsQOSV+a^0NAwKFQ#U8^(`}>(Sg?K}*-+Ylyx6lUU&=ccCvsF4mEb5|9(sx$CUmv}J
zthZ|Wcd>8%uf_Lnot>XotY0%*c;{M?kJ$D>bc_q(mAv}rA;p^9R_c_jz?RyU-aVeq
zZn9@m=!d~9&y>U~Z&AZi*Xxu{j*mwiZmCa4TxK%OwO0CVBeV-4esSH^k$=`!!J}Dq
zTzW&|yv=^&DSspC3%gO{NwJT1TnANY*UY`zDc7>L4|+&vW7uoPysjfw+HHMm2Xm<D
z7x|)1{t@=I$`7f7%+mS?+^&QVyqRGf&|<!b0ZMGD%+F3k6wC#^J2hETuV99j{=1px
zCT|f_TN&13+J&t&o`}!#YyO}uCPfg%z4bll{k&w}ah_M=EvYr^qnzi5o6)V|l#5a@
z&sx6EPZ0P>T9%NaD#22&ttwM%^#UKcNWwkt0468rc>bbST5Dze)661wR`GT*x_6bZ
z_s^Eb5BPsiZZO`;Sv}H?vPmL)%xrH0xBmtSi!3&UZ6enZT4W43_cp3Q<Xc?bi%_&3
z&_LNtVV%--q8A>vv|!U1U+4QbN&c=O#I?QSmfOL3>SNu9cFY&LeeV(Qd;Ra~ENCD#
z4NovWSn}yt$!E^AMEL{Xep7<-9K<UKasAk2x#=eGx`F$*S1bQNAmcJgd1z<n`Pr-2
zdN?Aq*T!sGC629nvNXvRZi-63Y$~&B|0#$-Z;*+Hus3ugf-`jXpK8lohn?VtheT8F
z9Xgh;)6xFDwmFx~a4=1-Nr#n$u};@!Hk!2?Hn{QxFG~o=_W2Ps%{KD7Zkq3z2Zgv(
zl|<gzG*oeQapV%E6y%bWrQ|XNEg8h<QsgazZ^y?jg`2aw5MvCOl=;S5TKUZd1#!yB
zvkqk}iD(X0TMyMJ{FV--_c7Q9WGx~#$!+_5ZZSUk%w-28LsurOB)X?#=A93B`*O4D
zRj9<t5^|I=-`_oQ@{J-Qo)#Z_A1~I#*P@c&OT+HlEA|Hd8bN!H-dMJfKc5N7P!hxK
z!<v&?7i4OYE`=txI<#ofdl}`dQ@IRpICSv{S2ifeYUHVIm^c(=&?gT|F!{#aD)uI;
zBtk1{M#YOdv}TZ^4+qZbw2G^4y~Q6uw+OzD5@1ph@8e-oBMgBkC<hACaOj=e*VQJI
z79C=pV#*8CN%m1*>hI&c9qQM~Tt+)?|4Ao^wX)(YPelF8-*M%D;)5%8X{*wU@j{*S
zh1qdv#<DpFY;@xRAlD%gdMcP;^;<QY_&|L~HB3C1Y{Ayss5Kr>emYCRpdCGq3Xd&s
zuijWY792?OUh?g^>z6FBsx!3703ZLW9#T70Ercfbp{2mLZNiklWW9c!>`xK}`cP_U
zDgg_6)@s!`x=nt<hRZlvFl*g_O(TI_re#bW7?0i`9N*wiiZ_G$6zpJe5by)zcjmpp
zTAyU3gX_1?KgzPfw*14l6`PT&g3cgcQzfnZ*0%Xvf0-nX?04&Ud63=dQL4eK1TE-q
z_<FTI$Snp>=u<Dl1N^ih;VZTX)W1RY=-Z*-z>vGMNy`S!ZA)`tPx`~~Vv{EK{<Xth
z|LM{V%8HB^OP~aE%<+Gz@iUEAMpZ-3g2nDNxgPgrcfn1u0H^o6*g>s<Ip?}Q`~Xv8
z@9wnwjRP&#?E&#(Ry^1XWrvjUqqqlCo<9`3>nY&{J!-M~GEDL0Q|dN*_=6JpqpM&`
z%JG?U=W|?rSe*n?@!)eBB&gBVcJPw<u@(QLOX<@v>7%b<Jmf$U>DN?MbMMJ#;=l)k
z6i8p?gP-OlSUvG02*-a*!Q;b2`!IX<m3q<s1Nxy_;vgoXi!Jk+9=H6>@~+Ea-bWi0
zjSp4|f>b*~xXvD;y;i;RnMCpliF{x13Hdx{mMD6glEojhSfL8`%gE7^=QcxYfZ_sY
z|0(1*(^H`5ehs*`ui;w8!eQbp$}l&pV%-}@VIHGl7@KgfA2X_~PqgOsD6%%KuJyXG
z<DQhQtv~<KwqC7kO;0{*z4nxH7dw<8$8+e}!+3NBx?HcuZo6?glISv?k5|5KySq=x
zpSpv`)#jgjH2Zw1#`DrS49f>4pLmVG)EJ%@<2Zi2G9F<^^U-U5rrhleW$^oqzue}(
z>E3M593)ENer2BCGaeawyId|=N7fD{R3EKBYqu-2^lC8Y8(w@Q1b8FRp1DM&#R4Zs
zZfeavdARw2AhAXAmS;6OK9%t3hp5W|3Fc_LgOSWAK3mtznMXKse6P)d)tMuiyC_bV
zp^PbxL(fCTqwpxs&*zjoT(RtIwp$nVqrk)bC{BJ8m2^4&!}sM|&aXi3uXmiOcOS%&
zJ0f17brp7ph;JEndia!JU`#2I!$dZ2m;DrxPZuY@MH*NjV(_gV>k`1arjIETp_Dk}
zO&J-(PL?o@OU0>{fZ+De+_aIa8Ctu5c?^Yu{|VXO>ao#*)cUsW^&we_X>|SqjC>qU
zU|Q9Il6dyYYoIlht9t;s^`bR>Xjn)sBOxt&re9gkH#!fjDqWOzJ_*WCMVC}`m17aa
z8^>D3^a*z2OGM#odT$yU+zuYd+<G!x*-zc@L6E+)=7nw9pS`s;C8fF>$UtpfDRCYe
zpS~Gl`fUC))G5lt@KIS|rdJwJA}(^%6)ZEh2z%I*F}1KCADe$1!tv1wHr%|TIU7tO
zA4nn}N-FM8^0~Sax_9{j@=E#m=rAH8jh4SXzLH`hJ=UjmPmx3T)KN@|b4XCm=@%b;
z{(Rr1HMy60MjBjVGxprK-dt{nB)RX93d<Ja52w5$XL!Z6y)PAbKDaweQPOAg-?p<`
zp0ZMq-_K8EfP%V7@3uwiqEzZpj=@oyP>$D9TANR5=$O`_7(fCK{V^hSFLR%`8~PFY
zv5WLUC&Cn}AF8iN#K^;_B}pbqA}UU~H207&dkNv<zu&f5)s$clUL`Qv+F4bNbM)Hw
zp*RU=2UgIIy$>M)&b|zHi2h)k7<S3#lCJE~)V5Yw*VeZ|NZ!o7k*PSaac~(|c4_0%
zq)bdMM?zlS2DuKV*vEU8m6&!Z@{~94K;M#F0Q6YtpmAP5yL2u+Gih7#PJjJUA;>sC
zZ02+bOFuf4;BD%rjZxb8(<Fb|CSnuIVkfnZWPY5~Vmv$Sb;uV#Xj7<3DYH)1G-}JB
z+g5$R@)Y?dn%2^2Q<-tu>AWTB_>}o3tI>S5@iaRN+V+lNUXQ*M<D9d$*W9Ohihq-s
z1gvcUIEOBrxDT|N)-ICn)^(axHCnParW`uCkKsqbFJrh#DmV09)K;5`FGIAB>*%P_
zjqeS62QbrXXOmt&knc7ok0dqdZd&5VFPJAyrGllQvbAxU3q1kaX(LZ7&gw-KQ)Oe!
z2c9b0v8CJfr&Fn6-jPnD%8!=&qtd8dqFknBre$M)-_yL3rQ@ZMTeuuG4p~~r9NiC{
zUZjddiomCMMPDBnXH6B!hKF$l19Rdc^mH*%o#0!CHv|Qz#YFF_F{7bupdm&;Jt=w-
zJjeW&Jal{h9X&d!zj0vUNBeqgdu*8$*ooZwNn{l9Sl!6v@R&(uBvOq=)9P-UIX7|W
z<x-F*LT?L74Nr%Sl(rg@i^mBZ>uDI8QZ)B@nde~>pC&F$nmzSIQx)o_*DWs-qsN7r
z70^<L#trM1rI~fdhP>q*9QxUSk))PWjg<xBj$90nlyAy<eS$m8f+@%G$H*+w_fq#T
zSfn<R>nJR;u+p%wX(Tps>v$|O>#@zm9JKbPyOTNUyKDOa+xPc-C+L0~C&mLBkSp!f
zx0mcqhrIDkBkhWwqBp7&Qv>`|owGOqYc1~dy(*WbwTQC=_Z6f|QI~w$lh<ZGV8Yqa
z>&omUnM?eH3)qH$=HSM;4bXUl_7cq_1N$^+)xjnO+hnY5$ELY*TeKPR(UpBRvH^92
zf_+rQ;i=if%9wpM5=h?6XcJMnJJ@0mEK5HuTCuPRO4pZjV&0I}+?a5vw}N{L^5|Q1
zvTbFzrhQ8C7+VB5ZfI!^O}N}yYd=+aEM@KUIpD9vZx}Q!XYKMiXRo^3v}oGMIa9Ag
zYi@b%bk@MFCtpgfO;-ZSt%;ikD{CV+xSA%}?9Vpb*XFJ5u+PnH^4HALTV!nFc{i*9
z>DG=-3)YRa>ugOEKqu~Xc#oj91HcON242%p*1=<o*P~U_)<x4%v+g?mqt;XT+d|fn
zw`13eO4T&#>Ya8hbshTiPgtun=@cmIbZM&iI&>2U=9b4i=~`(<5Bnn5qGs##o6mZm
z(S-4Yh6|=b=E4ioRHjrWpx0sZxIIv)$g`;ZB88LBvAu&uiBf4qCyA5L(XWF?iB)Mq
zC$==URR1%>Ji*+E+c?c6ZIzmNf@#9)Ncv9N(c^EC@geM5;9L8@DW%92OSxG~T{~yH
zM%AZZ?&7~YQ9DV=65~e^)0wGE6Lfh$HzGgVus=-!d!G}X&_>zb2JC{>`_Z2hwV#K}
zJ`_WK!nU8OUBdDcEI{;t%z`|YWXA)d6N*fbwwUebi&x1f4}&P#Ff!9$li@QaF}@hm
zI>p6d(G{|{cXAJ?I6<AuAGIx4`;#MH$$RVTPaKnDUfFx^>j)tGsAM#UjQBUip_Z2L
zuWIdad+$r~500fZ+8qw^C#5Jy$7F|$<hF>f=&5)6tR~GKd)dn)oTJ04eGd93n5a9)
zuKS^v%}eSiM~ALM4t5vTA-9$-yNv8NUku&X+N1ULgRDCTRkz7ccA~nZ*sl0Cx~TCc
zd!xmn*q1Lah=XZs2yq2NY(JQTh<^}q1xL(C3MaPGUf4T~xQ;h!IEsUadoSettH2#K
zyvafIwj1*P72|^w3uZ68_<Zx#U}%UHF_Fi|M94dm*uFeYtnOY2P89L2CQfWG2hj?L
zYFOTI0cn^tR|ru&n}X3S+m{<b6elZ;C{dgjQsDR>%MU4-QxKjV`0~TW5GC3uh)$$Y
zVx2<2u5tFl@JO-5X_O}gq9mD5S0W_ZTw&r|{9)p){|Q<73fcR*ZS3nd)exdMKE5dN
z0S=<X-H?pmVg-^ov1JNX1?2;=oQzS@4;)OayTkJl#7fjr;+Y&o&U+ylC}R8j97M%m
zok^bkY6UTN^y^8hpC-bxk;IDpQR4m_L~wf{EMdg6BvImXUy%cd=4fL3_Z&pDyCDq`
z#15i3vCLoXpo;Bha1b30B68A4iI;PzPDT?u3gV<L+8eF*$F?v;N%IoTri8GN6Pa2T
z9e352fetaX$xD$dSbQ3-FGzvK9h;9p_Eq0Uldp5n3!64#Yj5Wm9$mPW_}5Q#*cS+Z
zc+iXuQ1e{nEq=qKX$==pykYFJ#tW$4F!cexUHI<y-Rla#sQje%1XH@d%DxzQG++c~
zT9YpVns`YX*q3$U8o<uKjnw*|6O1(aU+8^G=!M`C4V*J@OW&T`c_gDW$*qzXHe?zm
zOL*U`g>8{}tAL7QoYXjZ2rH0O;K~EZgBJR*^e1YPqQ;+&zfHY@Q9iYqA{QSk(P`$O
zb(&Nz=j~q6oPw&xt4%bwD@n%@9$a=Uf*T9f)@{7i$Y`+f(34=sf>G~X5IY7wf#qA@
zjCvLIPZ$u%`jk_U4}(r>)KbvV5Hh<0DG-z9ulV1WFTZ57xX5^jd6aH@9eW*xv%6Um
z9Uk4dHzpgZmjfS(+lJ|Y_-k_KNN=Uu7RjLekTYb~w+ydI4^P2QhxJY)-P@ZiW78M=
z@ml=XN4C|A&#5=Z%~MicuA#}syK~RB?oP|C`l~gB^WaajsGE;=uT76^o8mL>KtR#c
zN0`@uhwkwasS(a;N7nwQQ1z!CPQR7m7k%jyWPP}M8eFGNUUe$1%Lqk_=4Gshal`u2
z(gTPo$p`mY5R)F^<?lyLr#3<Ks3DUC-jn5rL@JHk2+B)25AD=5?zVa=+0@A0t)Fx<
zI>`GvZag8`IH{eedeqX}#Z|~;Ed7?<O=>gA<z0tS^>D;fo#1NJ<F<2)lP@9gHkKxC
z;I`It_bFD+xRfUT;5M})W(rhw8(0xXe?a}Bp)$tq9j#7%wy&v9zcm8!vU$b9KTP(b
zz&3`qLdE|AGHpAL$*hwCjNz@Ex#VXXcj3hN--hGF=^oU)lZh3`*D3BJb1~pbi#e9I
zjBD9cG5D}$jwcq?f32b!RnslUb;lbIx#kwWW+NGdxj8Lc8-@;PTgQA#1}|ydxv6`0
z_SE7Di@Qj5!^Je`L(Te4PgAy(s|nFN{}m%|mh=g<`h|BRVCscQuuOWUNiwYoAf4Bw
zdd1Y6?QP<_<Mg`$e5&q*{#`n!0rZ!~^~;!^USuO%15|ngWxAoGHRRfijs<<a_W8o2
zhDYXwp>19M`NkujN43{7pAGq%>V@Sa9QRtM^;YfJg()Bqv|iPqyZrZ2>MaqpS_Rx%
zW(8Dgn|3vxUAO@JL3~z-z<D1RPAyb#Om9?g+$#7ksHFhQKIfgLo!9F&JE3Q<X2y5I
zb(9Yb8~COG&A#kj>zzkCv1aCV)JyoM0FTe$j;n9wr^~BZD@W(deJck91Ox_xRul){
z{7Url)#L>P<%MI4@(4oI@)a19FxDCk#OBou=x6#j4I+7g%N_$&wLX^g^LhrC6CIz)
z9-p5+m&^$DCdu_H^^4<goy=_~_^0?M_-EP2*{9hjJ~RAFUDI9jU9(+_T{B&%QX#+!
zOv}k$HI8sSS~V%OkvuhOv<U+>%f+C9Iv`C{qu~vWZ=-1_O(<zSO42A-O;iQ4lwqbi
zdeS75nyR>ZOda7t4PFKL*?@aJUj_YJ#DgJd<;dzA_Ao@P7F&u}PmloCU{F2%%CARM
z>=Du087o-qv5&#Q+8e7M>BD5TBQ()6`bsM-Y?%{!%quiWQzrF4*n%gF@0ORW_%yrG
z>O{`5fhn~5QY%c4w3=g!wO7keR=jK7Y;`hL%xk?s3tejy?q%6Wu(bg|J+Br0+R$S?
z{>pbi46Z@&3L+o@*O0$<@BAnCh-~fLxhWth)A(rF4dAP7l)P*V2-G%ST6PBbZx}T#
zTLXeOj04Z{+NSVog3l2>#<OaQ&oSQuc}?k;r5?jN4!Nq1h}i80Ih(dc>FiT!O{te9
zfnk*<mdn_WNyxG-dh15(R_g}q7V9SKHtYK9=I=etW6f*LL(NOgQ_Z@oRMzo8Dei*I
zS%g_S^QH!|RqBgm?*w>p$U>o6{gV(UWiB!h32ri-IC`Pftno?M*8xc~?PMEq_Cn2B
z>ys!aRjPzbiKjxyS>lu0dtrAf-gxiWEGhbe<T?s$BQnR8KWw9MG-F8)P%9e1SgBE9
zU8WU%avbjdY+b&VN)=Jt@PaY>iqK<%*M6D<Z3|FK>@gW^ztw@arE^`th5~Y=$01~0
z+=hldHhnbLfq6irv`AT13zdC9`$m2|ta!K3m6{a=e?Yag^qI0TVO0`$Ko?5>l<Fbj
zRT8W)7pdeYWshXYthjjvi$WSzt|W6|3sO-4HKHU;VIfkfFlA+e8L6mwWrKo2B2Y48
zRyI@>DdABvFRp-uno_cCR`8_6NpUt|QWBk1yQM@+k&aq5p?s9}pw&UBrF31<hT0{e
zO_FfCN@*s7W-<c)w+Yn09F8qc%_Wp)5V^MF_7ifenzp8cBzm<J0Y7nY)`Ia#-7u$K
zyWoDiO@<9lOU2mSK`iy~xoT`v6``%R*k-G5yR*_$r44OMAgsNZu9R*%QU*J!@L%Op
z^#(-i67tCicT5}X%Q@@{_;N8A`=tBW8?ikRL59sF;T~Bg31@Kn3~HHP_1S9Q3w$IP
zc}Ua{YA7&p7E}y9<Q(RA7;}6?X)+q#{y0G7VB9j2n7Z!)6H`q_X@-^Gx&+X@s~Q%%
zyI{l609=d~20BM$W`VdR1E>S=YY#YwZE4hkx{a%AdX#Fc1PHUra_6neaueZE|BimW
z#EQg%mx{ys-jWA=Hj|=WM~c)m;9EtC)<m+C@>nPO4HJ@vX>detrn_85JWuHNo9Le(
zO4=`(5S?G>y`g42#yldhgG+-;0TP{Y^f+?A(SHSh5=DVh^glljmwXWVEO1^;-R`RQ
zr8SdAT5B(@C>UY}GZ4E|8HY{myQP(4$m4y9SphV=gBAQEVSOLp@jtTQj(#9~jQ$%~
zIrwB^dr!P*hUa)ci&m?}EJ2X*K%qpCacMBF)zU5CZvL(;22BwaSi*@`OQ#i}f(=K@
zDrlK})uJ@~oWg!!#wlt;+Z1bf0CdP$myJqB-hXt+%OD{iqjV@+7rdl!iJRM>bU^3S
zo{VW5O?6l#Ujb|tzo@{e63?UgggJlp#AQLnq5<oU`|+>QUp7KWO|Q7Xv2O^;@tH=Z
zEwdhcDtq&Q;gL<B;ZfhNBV$$_8TqwOsq=S6cE}IxWzG!f1`=3fT(iFhLd0e$_Jh=g
zf6aMhNEgh-R%2b~Skgo-rs-JxpQoi)lb>h2ors|Flulrg<d&xWNhF5R9K?Nci>I?;
zQ6PT#58LV2FhqEgdQwIZ83r=;axfuQyU8MwLH&E=7|bq>cUCb%+w{F@oK#Vb9A9cV
z<r#*^ET#*w5**|Yiugp1+Kf7bxrZE~tu0WCTg49XomPbCA&`dzgH1O#_s{H!;=&rl
zCYxglq71@p@Y7Gq{inh>&N^Pa00#qCUK+fk*+-@^R5M@~0)ZKYAv>oM1QP_qvT3(s
zmq><Dg>5rS(q}DdMum(~oXto~5ummBFL2tqg3(fv{YE-Vr0Ldb)8FQ(!<D`@{Amw#
zY{T~tA;+Vk+{}p{e>8a3%aa3N_USIxlLQnSy<>R%oi8dnAM!<+FA;B-`5D$d<>=1S
zJz#1N=0u@0f<B*|Hcf-2us8xH0_MbgkA1N4KEl4`#>2g*xu@B869U*FeubecMdbCv
zN;A1L7E7ugoNOW%_$&1GZ($jO0B4!jZy@>x6qw;`q3cE=?!~puMAN{cydw6xT7dwS
ze_iSKwIjjV+rk{U!`y`=woc8}Us9%o=1+Ud#S6I?%}Oo=y!@w-Lsr7r-v<I_<@1W&
zSP-s;R%DO{!VE}j>(oRls9Hl7`cL!9kI7oY@$%H~Q96WeYlDu7U&B~M_-m8YG%JW-
z!@u8C@QV864V^%_$7SUepG@7u@=8t3+};1^5T~CRyNB+Ote!c$hv+EnppM%7^4vF+
zHkdc)TaQ}NTa#N=TbEkdTbn+~&+g?>JO16lxwjhvf9lND1s4!U#oW8{7ya6FB#m$t
z*xg=O%|QbZVoGR>BS8`M2$SW;C?kQ52(QMd$%o#=RER^9Sk6Ml!JWuDh)c`{-;)B2
zz7;6C`Xqp{Do80}xtD=a3XRRy70_(1$irWyP$6`%eP!-9Za^>VW}0)!kfYw{1WPtR
zUPw^QeKhdjpVOZt_Xm25h{ahr(cnsH<>Jec+Du0;{dQ>$v?0a2hinaZodr4Z-wdi3
zV=aGrDyXv$v=qB$cvwU;8^8~k^z&SImUI1}P*xPZM&S|Ue}(Q`RdW6F+sd4Z1st@j
zXa@DlC>laYRFb1?@C`H<$guZ)kFYmVEMh3ssNJw#iYD?Y0wFYUpCXYEsK{CRqc)jJ
zg03HN*$C492i=Mkl?9KW)<5#9_*1MhWCQ_cv0W&&OKHz<Q`CsM0#4|P$nqUrH~z6n
z*rnjZmx2~xtsZe)|E@QGmv1c&L^zuhIR&*QfJ*2Z12k$x%420i{>4V(S&|q;!sa|0
zK=rxXPdjXcfG>`PJSf)ad@&Pa?-}kX8Q8uLJclI=awQFMsl=?4ASkNeCV1xPXvl2T
z7G<d^=~k5D*X&sDB4|Cw%=c+P8dhR|mwJhp-!2irC`Qrtw}t>QgIn&GE+}~96PALi
zqOz_YOQAblXfp5hGX<ijMQV)h^!bm!XJ7kvee)KQJ7xqDz4rb4&^tzm`l$K#uoi_e
zLyaV=DY`{5s6MDJ9C-5rZ{WwcED`czz9+J4)()prYUW8CDsPDFnpdT)R3@b;DDf`N
zB*2VA?j=afL(-D-O(!n2`}trPHsXaV;>D$V@9*#v#>)f73mnEvB*u#j#>)i83vKrm
zpAog4r%WB3D_@Kiq>8O5{J+^y@*%+uCz2z98KYRs92t$6KhqeD``;P7JTM@?A@y>U
zViT@%#IejDVu{0CWMLywS|@f9L2k2;IE`j+B5YB;qT@aYc@Rio{H3@0A|7gltkzuv
z<12mi&it0&d~R^jBb9!|ro*&JB+MjERU32K^Vu-FxU1H6?3r;bJ?>NU=q2;{qB{@4
z^N#-f-CO;3W1|QwO;K10H?I_LMp>AJl^~5tSSiZP!q?0~m?iPIjIpp1>dbtAnMJ6X
zMWC5Qq?v`knFi9#Jp4=pO75;iq<tX62AaM9v%hP|{AaLg(oc&56}u`_GuBfP%ekNi
zN^7X26k+Z;npNa^H9A~bu{o&guDg>ZCq`|Fr5PC~$PFn3-{8rA>^9SXUQ;^15i$R&
z(<5DmF%As-!+KpyUkSli0*z-cgbgEIwE}2BTXogIw*FD+59ECiOBV;5CYxzBi#O+O
zplsk<RbKsO4T%-N78#Ty1L>TzB8?RVC{xp@f3+16Yp@((N@Hc+2Be{0G<TT5Nx4xr
zv^9gRZs7Ppg5ka6)^9&^o9r92!bn!&tP&Q9KKpPfp$o7go1uMA(jtroKgc^FKp5Vm
zY~U;*-o}~#t-(G&g?&o`o%ZYW5X=qwA&@6=F`ymHx@2SG4;bOqAAdqQ$O~eDN-Uu)
zk#vF0NVY(pbT)raDr@)`CoG5;mYJ+y@>_~A)u@eaX4rOtzvPurd+QU@3AP4k3AZMs
z%$`i`k5%RQEr%o5gMP_3#l;{H(vgJq`vSxvC#Iu41x4eajJQ&z(Bc=2z*Ynw;|=#=
zTmD>rlkI5x14TQ6r{O7LCS`Ie1<GY*Ez)O!ZlA%kNQ5t`_OGv$>=Imyq7%iIOU{wW
zk(vP(k9`f|fm!?sbVH~U=_*Pqv^AA>BoNGH=8FZ^(po7uX<_Dax5~`LvGPGCu(dV6
zaU0Jpa=k*mq?UY@(1~o&7EP26pO_t+SoL3Qx<6xjIAeOS!aEi*J3evKH{vGwa7g-S
zJeNPwsshp6`9susL)5uL)cHf@IYZ@nLzW;Yxvo6->v}lnpY(0BSlQS1Y!@>8#k$jo
zSVw=#DRN+r6<gE15khXj2nG<l8yx@XHXVDtCU_ucQYauliC~Xm=UESd%?#cVG(hoS
zSbO04vBk3gN$<zbmpPPSp;o&oYR(uHngML<o6WiYTy@%nwkEUn2T;i^(mYd%)NfZR
zH?+AzHnh2kP54c5<u-1cn?<(QoAfwpPs8tMR5RHh%heP-6suJ|6aciaIs5N4G*H~E
zX~Wv1&^Rxv2jU>jYWJNRDZUchP~5y|!?e!+ntz$LYxCl#D@^6*O_IjvUhJ1CeAx`f
z6~<T9;+I>C@%E+b!V%%c9pS|@$oJiF3(qh+q*ktXSt;)bxQc05+Vd7i`7_)5cdX#A
zU4C#MiEEFG8<<SWpO3%wvl%?;3aRXhKi}L`Ey6jBf}i!PGm8Pj8mB^~@hVc02fp@X
zgi(4`+6YBS-TDDZ0f;;zRY)<uEEjB<=V16A_O?3yZ+5ym@ozU8?QGS3Ah&PTV`n$7
z?Su&Xf;=g~*P`u=w!P`M@|zLtNBTS&V%KQxq|y5d?Woa*jP0zpLYgxet3kk`nTB|K
zvJ&8XUOCktgdIoyW(EcJzfJN@iZs+o$YbHM2H-O*^V2A1&<67;<A!dUctdM9u36n{
zcfwiy*w;o`y-IG7o3Spt=IzW^KP-0ZZo+QLZqjaAZ-Q=$ZqO)T$m~b{FiFOdNQD)o
z{g@xLKyEC>Dq~YhFW1lEI+cPe2vW>JApw^nR3ttLa8l$V%}nx6niMxJbewfNNxau^
zC+<k>39KVHGwRUNsUlEKpdR~sU{P0oPM2;>-x73A{Wdajz`&^$6{9&!dmzp!X+!D~
zUw?4v5VbCJN%<7#G3K@3d28yx-_rHo!Xto3fe`0-&~uA^``fLAM;edLhcY^*OHs2d
z)*@k5!#aO3?KJH)^|U<HA}$Tq-q9C;1a3cfsIso-gb3Z*S|20J6Np0?JpcO@1{8|0
zNqQO1OvY-D*N;#Qn4hhjt|Vv_@z@^b3c7;biiZfQ45}oFF-O?_X^vnJqgVCqF3^k_
zydaWINg%EuOwoB(B%PjMqYx}7<4q!3fEgin%+~~u_G|xb1WR>PTaxh^H0p*!b#zmb
zL7wA~6*B6EM0GS$l5r=`DJOWq^B4Zd1dmJ<L?#cq^R3DJ$l5$GC*I}HL>GCj582?S
zf%K=}uvbVbVu!?ZI@+-q^}V6_y`e}&3-;nVy5;5%OT0khfRsEpbOlr?0$CPP4+2~9
zQM4<OF6$+q^*`Yn$T+z_fw+FwV!?=PdOUw4ilO$*L%%+7+%)vMY8diZGh~r6W&tte
zxFd>r2kTJ==f3YQMkRQ=Jd(|nEw7X_ta>b6v6A#AN!1)ETDANDYHhS_X@o5fcv~V^
zyn-d6=m$_@+(@VUkSv#pSS`S=)jysu{hGb@!JY~uM$Pwu&%LH8_p>2g1}itHb{zUR
zRA8AC!JjU^Kj2Q({!@c02{Y*zUKN@`XcD&3e`(-j|BplbqNJ!)dmffm>7odr>QT}$
z-)X`B;OLx_R_>h(|2Mdtcz)(o%Q^OI|65k2xKv`f@Ng>XT;Hm+QFy6@P!c?!e=2t>
z@zCHd%3G`>PhYA!Z+Qy$kmN2#t9(_CurPGW{Lu2M=vCRtst~`~FO5bvQjj8DghXbk
zBoUukno!zM8c~`tGNL@PZ+*-9l4_Cu{^{ZJ=yNssq3eM+hNP?jIWsx`?S4Ln|KT2L
z8~nnmS>;^)d)0>2(~fL=mm~W|@Z0q^#-D$`b*;!0HIbn?UiA5*`N*d9&d-RSd+>Z~
z=(NlTg<-4%I0(Uiv%=K4wE-U9lqA}AwRw6J_+-7i<W?VUb|u=<K1NWU(^2xYEk7v&
zKl#j;Hp0nE#_&n>Dx;C+U-sq?mA=-8`9F1DIR*@0ojDKKONk36ePZhP68|ai%g%I3
zKy^uE^2uJE2AgU+1$<8Ge)PPPk{<m#013vL*?NWbvWtTrFBIbSDl`SqVhR~nL0MLW
z{N1ikzc`^jnD?{^KdmmG=nr;2B|k>gC9NTpAaJO1!u6sBtWm(FO~d!-AU)wX0xb+j
ze{ms>#vdC|9L-?LXGy3ExxsZ5clf095pcc!?h?2U;0wHEe#ODOBTdkqVVC!&Hrw(;
z`pMhCp}-)J3bo2zPAV8w=clVuhaxGkB3a|>Akl+13V2>1fy`w|zy&9#Q2m{etEKP;
zfy__=lTZ$|kfWtt0&lF^lW4Y;<ltY|mgDu^I*kEtbT05jK8tYt->r1!BdBMvdyGq4
zX$F3<BrOP005Z_>stH}Qo1&v|8GQ7_z=h%{BwMg0o8#AL%dQzkG~$qe8;y6WS9UYP
z=v#|4#WB7$+bG)LV8WWc9EFE^1;M;Q;ecdby;|YF>V&sZuRJBZk_h?4a-^A3CJM{4
zqJO*7sXqk1D`Jqd6Zw_amcry-ZOY{5y3MwcfB5_*Mp^hJ!ulti*I8B}QeOFg7yqBG
zqEpZh3#72LfIPC?5($d`f82c#b`)Rx)v%xk^_QkODg4Z#R&WwTxP=flf>)6|+5QpN
z&)zckAB9<QE4>6Ns?L7?;^UzZhR$FMbL(k87LLTyG*h(0EA440xTg{6KVIYQ;)Gk{
zrT@(-$AS5*4s5rY6dOR!tz}gHJx<;%obNrf7VRjx8Mq~$M88u#I7)J2K03XdXldPf
z;qry{W2~M3xN%*@9Ul#jFCfa0#pmJHrtav`Fhe~tx2DUbwX-yoHh7XX*XBMn0z5RZ
zl&?yfOlTAp85sd&ZfGn4^NSdjQfzWklauFJD}=?KdL{rB6M%s%)_d>Dd4ctkIycHz
zR-6VOQ>CFQhs8@sH^gBbAgs8!cxCR~`0?@fHZ)Mgw*Dws<SwVjXQYMFL}HCj{VY9L
ztiiLZ?GgdNel!a`;3X=OHx_vK>n!pQU134ZMbQT-l@6Xo^Yo7O9xDJlkh<Ks`fbJe
ztqp-2k<DY^T_D=Dl$n>_-3@}Cx3+N?U6y=($@As~CObbiioDZWf$d!&_{yd_F>r~_
zUJ4D?qqV8`G@I=XPfpY*Qi9LkR(K`d@CS8KKOXL)kCkZV0IyHP&4rJlzw!NU`<pJ%
zQSL=w-8lTYZiE#7rxg&F*|@o8qa9E_-<d(_@p;n-<5>|Tn@)>a9cjz`Dl&gx87)c5
zf@92DF5OXUS+0gacaW%gI8&-Wl%ev9?m5;gr>v#SaXM0_M4z<;o$YhCQ^!V&pKZ=C
zkuR)ryP|o7#ye~`t10SUt&7=tXRtpCQ5xC0=-Ik+$g&3EbGEy=*seV-7@QI>HTF+T
zGPSZN*_i6YxPGQPS0S8e?quA!A(3j>CViH6L5#Gla^v>k5y}5Yl#B&vBV)J<qnnBB
zB0t$(ui5v|VYRM)bJL1@+C(=L+atOHXf5+J@AL$01XZml8*(}}0EIZcnp;{pS-K>=
z^K*ML9UST`JX}dki`z`wqw_o*OoGHzl3A=P#Z&+$lF|Damw3O8%tEGNbHT|{K<n+i
z8|^tzt$nhG%TGtrrF`S-<LmdJI&}<<r;V=Th4Q814-t#UEndK+ZEL2iCFkAhYY{zE
zdXkAVr(*yEZROJAeZqNJpB(s4)8<tlKt);bLm^wHlx@641@6u3q6_jR!<1zv{?jym
zrVm#qP`~KlEO2!2g!TvX79fKGwA<tTL{0a!!r!dDb3&WiDFf`sGRy*Waoo)qZ&t`^
zM}x$?X<(~k9;9_;pShe?TN&;9{%%2?Y+7yflG5HHSaUPC`YjAz968DfPk93#KiY2@
zlaiRB(GeyjuGp;4K*4KuyGNfHGwmj4loN0B{L1;-R)vMQw#o1?j5PQsiZ)RPDQ=tf
z89uMZGUA^wfg^5)LT6zxJV|TS7R)Z{{=+j`4Nm32Vqk7+{@b4^v>D3q;!9l~&MD*m
z{n|d8iDxv1Q;+Tvzb6dRr2j?OSq8-sL~A=l@ZbT0OK^9G;O_3u;_kKyEN;Oag1atm
zi@UqK1=q#l<67PNe%+e>ae8`sW@>s)&s3jN&zlC)(s^veojYdgf}ygtoP2*h*N766
zVvn#><5Oa9=|oa(ydOMMZ9Ki^r_qLyF8;mbdQFxB;Y8F~G--9{S2&m%%2ci0AN~$*
zUUkJ9*V}wqxN*6@u9%t}JJF{b1jj8k7fVEEmn)lDyHC{Z&H_U%CGY0K=u^J27oBsB
z<+X}OAJ!M|-%nVrEo{KMkl}O)wB>dyutL3KDubY0uqE?+ij;Bkdsja5Q*@7+kI!GK
zK9YY0-#(t_J9&x3ZM2)NYfO~F`MNtuJC6Pd+XG}uRk8@snB5c>;3$lh-?|!?Ex=XX
zwd|YvF`f1A_wV!&e$=*spnnQp%->jcp{{eVU+|NZZ8+dGRM47iFgO*s9lo2musodv
zp2I`Ft~AaaxlUKq2VSpPC-FBt53YK7pemveahbhA(*h^xyk6XiUZC9xgYoST@nz!*
z^j4O(2X!h{;4H~`+?(<^KuJzd$MUrG(XsfLuS|!%kIQzJ1KG76hTegGxtYw;gQHg>
z(K-6qM}9KwPgR2B3jn%woo4r159#4k&*v#|L&#!G=WugBQ;|-v+4u8#;L`P8>Cs5z
zQ#osDUU(<s-(h5>L}GsSi|mhOxnnw5ETNOM=%qS1fwUiJU3N^A_TCQu9>q(JKVSu1
zE9PkC*$Kea-}0w>%>sveI{sxVHbgsqJC)I`L`rM7*xfk{#82j{P#BVO<=6JyfyO%p
z{r&<KUNLNIYTR9Ef{AAnS@_&h9=Dh-d8>QrtDWWKHXbd`wMyoG1Dp}Eg(mE%msaX~
zUp<Gj1kyzcUKCH1iKR!5HQoVho}V*r?fU8)bF+RVN>^REIUh!hfDOxqgv?Z|b#|{D
zTK5Xn&Z?ab0-N%`0(}UW1?otZQ69rM6HO=7Fh${9v$j31Z0~5kz)47`W$@fV<Gsnf
z&tuZ2D^)_8zapzAb1c=g?1A_WKwUHrX~aJGIv2y{n-f8|9hZ<}0pIg|#8cG1xhW>D
z%JGqlY(qZZBV%h_GApsbtiP4LUw;|6Y~&?-n8S%NO>E?9e(VmIGSS;(8W3`o&nd8V
zLqnQSv1pCa(D8*&EJ|<oRu-zfw-K^WO+_GqsgXVYla!GXuhStMlcA8hWX0o$RxoNI
z<e<p(fx?05Cry<{gu(JQP-XjtyjVMRjj}R<$J`~g<a8w2fx7@;=DjvOz;<`;<5)J5
zKGcweGrlnX{iJ%HeB*e0#bpIAnCC4)-XHodI@auA^*|YO?xC~F?>gHS<tNfAZ_}#)
zsdV+1h}nX}aYMy(G?|=;;S{{dY^7qnAFZW;!6|i5J7ESIxZfSZxnowgK~w)^0^0y0
zO9owmA@@r}N9!8T9i}77*BXUh8H^O|-;;NoONu0Cweelj4WlDvyxScVMM43+9_r;)
zvs}cZ?lt8)#+qZ*zkI8H)d-D4*^tAKBE~Cp<ZpEFy~+3=9?=`~;ksZJa9pm~&7h+_
zc9I&=ZBrh~Ga;mKHjhtZdTVs{S!<)pPco5V(2bTwGGUJ!f!W?bNs}?kieqgX5h?cL
zPOP3R#Um1gp!mYHLnUxx*Y+B9?vJ?$PouwqsK=jAsjE<Zf(a}5O}6{mpl;Zn7XGJ@
zt^D-n*^o@z&+U5iQe@JoxL%**V2OXHw{SQ5y&TfUS83GxtDokwIGd!?xs0KUZ_f9w
z4iaP#r)(HmwhN)!6LSJYXXcd<elwKfR&#KMqy&b;q;Cj)vegMepyxe0pG*EJovz~s
zr-q{K&If))tm4RYC?nFxVfS+9%Nba+a9dUQ%ow|V()w?oXTS>x32pnWaEcA*$^O(~
zBz$u-qJ6wj@mesEM!7U`v~JC8bS}QcXt&Y!Z*R>&3Y{+(=-Rq^GZ<WcjFj+kt?dx$
zSOV0~pRwrp7$|v%$b`zE*#p$SnSF{K7cCtdb0Yv+eWbg-P+4Rm2b{MX3!FO`x5^TK
zj~A%XX^gZ&fpD+K@UJ@ogBqR8{poR=Ylh!tFQ<gRF!=lWyC@tVf@eURBr%|YqGY0x
z+oMP8GqGd3#+gbcddIc8)|P@aUhm-vMMMKF^#-Zi^ozd^&4tIPhLIgk#dklRngj$J
z5C8+oR;<f*GjVvr(LqTRgi@_wLAy+p-P2lXg4}5238jjjkB`mlSy_Jf%8%<69<}?u
zkrDrdjMe=A^|ven;0|2b_eZbWkN1rmpLE>i%LY>Ep856#9h#jJ8ttsL-Fmf0Txeq0
zP(cKI)*j#ql$WDCCjE(Id={6Q%L2E=N7+h#NR#8wLGSqvW$UL$;}QIIgx1zlKz4jT
z9`^U>PXZ(QDtY4unJ-t?<RcU`UJm58YfpCAnU4l(i+^R7p_itVXW!kN(`HmC>>pnO
z3Pkz7Ch@gaoG%3>q}J``oB|Z>;547@@4Lp4@Vva`1YDYRI}xtDRPuV@g3q-9Zz5wv
z^==BCtU3M%jaD<1`n7sS%`Fz6g*pT}Gi;20ZQQNzG};y6g>FQ@Av|*~urDxwGI{b$
z=SV~#Q`NoUw264*d3cJM^qD`o`E~%b=daX(FrF1K+PArS9VB3nqsyXX)T5SJ((?1a
zIf5y8_OB@H!P&W#Nw%yxu02k&*W06sit&tGf-9Z}vKHQjN5<5xkX6C+@E!|(-_@z9
z+d05ONOH5AfbIB6#dxfbWIMc|r4zOPQqJDj+b<Ik1>%iMu{k!<*pU#T79Eb>_TlZE
ztqPrCP1i~$z8FHAGu{(r{Od@ZY~t*;qu`m{2_TQjOK4TpsAV&+=Sg{gzEvIyMQM|(
z7W2cfa?juQtXxQnVQ%cZz;rp&S;NswumS^SR|uM{%ivo5L5Ar3xno3HeYx#9Y*sr|
zk<SotalaJSoyIyGt~pUykq<`;l4$p1wBOJ$@QzvE_$9gjCUEnb&-@JE&JdBuRZhAu
z>?OX*XIbtwS*+M|ezMyf2K2fftv><xy1UOjd&#D`IlQE3w-&v=!?l1i!vR$cR56Q0
zMMzfyJ}$R$213M#Gr2taTUj#|cEPqUW54CIqqGnFM@x;&B&J(%jSaQDjzehxPxBBg
zu)p?kNi@#LWKP7wo&Wt@4xgLlR)M@}<o20z6w_J^y%*<mx|3#Q%+d2qXT<^~Kf5RL
z)Y`LdefYOp13^Exf;%jaz3;6F^<9Ft?~I22ldxlpg|zi4I{?zHhKioRN?X<NLTfKU
zTh{rV?eYxUU+;#xCk>6x6;g@g>y^l`yz^`=fCt}684RCa>A=L2ua79OWD77r2F^qr
z^I5o4h_aDAjpRIvo#FISe1;rPdMBn2+#ZMqpE;oWnM%xqZu;ue2z{0T*JMu}(u{YA
zh0U|fH_lSam`a>^dS`xC$;Xd@zso8GAv3_Sy=Ek5-}#`^lYLwD=AzvV=l9%|KR?sI
zmT53JtUKM62Rpz)o$$E9`OQ61!5Wt+tpE*2UMx@W<JfHs{<(*M`?QS_cz6y^Q!ex+
zyB*O7a<V?!TvUE_$61<OjnF}-x+>KA@2~e@LzH$yCejE-<1Pc1K?5-H2`=XuqA$Ud
z{<?<BKb7apYIm-;<eq~?sk?R?`@)w+Ex6XQrFNARjy6vh?G0m7Xse}D<9!`qRiMH}
zRgaWR`wzcjb5Iv;Ew2UG^^~L<zF;u&kezWme%<BKKl`k3wv3rdm9^KdBlwb$vk&aZ
zn_}VeEx=j7FA$nAU{a%h%D>o#1k2OUd`;7$WMg5)V{bq;^7(H57n^0Y_3tHoaU!gI
zL&j(@|DfsMPakxCdr`qpX4=Y1_-KW(eP~+PcHi{$CK^@O&&wO1u^V4(_^cB(b@B5_
zthQK?+2FPR&i(D$9QiZ!XH=>84=Pcxf+@AJk`cUdu^IJ;tLfj{VLvrsMfXJNVZUW~
z)#cZc2(?q!kmRYrR4^J_ecb2&EncIV+ei-$6J%slW?FrV(u>$m3`$*#Z6wn7<-J~Q
zb?t%*rP5@(S6Cfa`ekrVINg<f6@M|%S$MXfZ#Fe}S?w`=owx~x6KZxh=y<!lI+m@a
z?H~Gb2^MrbLpe(HX9d$4Jai3Iwnrc2Qd-%eUO1&3UYEJwo}}wSIl1TM=7(F?3npt8
zW)2J}jvF2lTXhY}+dXcMPuNxwS7p-NMyq6KE#CfNLLPU!U_|xT!tc`Xaj_NlwVJ)x
z>@yW+QX=3^lcf`eE`Y6SCtP+*J(ZD9t7Yx$N51M{UqY2kY|gznx7P@t8d)22P9o$c
zFt^M>!QP%c66-m2`Ng!JKjU)s=*ay2@4QIwoo-4>?LbP({6TXzTa)dNh&8`4O^<)6
zzf$iwolNF8k<9=6$V2E%PRWn^o3q<o>+6HCs5xw5@P4OYNh(V<dSDhZKu~FIFLSN>
zG)nR%nKkjxjc>htn58)z_3w*nK9IrFc$|kP5daR5e6^sh2dNjO8{rqF%(7@<-N^IW
z?tWWI){BCsI)fkFF;(9n$0Gy<inFgC?XJfqmm-`GOcOV6BTufYO`F#w>xLv}k=M(4
zV~}}XDqlx~lt<Fra+iVCrXYd0MBKpF@_UblAP?CsQyiB1sDq8NXa7}`TPDw`=Zd1`
zEd7_o+t=Wst?08e03y<^VBh(}NCDLBErh@;FB?+2azm-Em$*}LukG2u)wIr-zg>Sy
zc-Kx9O;j6I-L~=i!`iJ_f1I#y>Gz6;h3{%&e6iL8@E~fp$LDROi5<3;?p!)vJJ;mR
zFK{7N(>uKxNrfW4rvd-P8+h9bs;gaLk`<|9W&ZHNwQth=E26o*nTxBlxv|}Unhqw`
zUlCb(cu1H@{?pVYVddi1C;8ttHfHAkZR23&CgEV^B4K6ceBb#W8#goie_Q`mXJhC3
z|9i8%H~;6E`T3b7tZZG)otY$Tja|*f%uOB4%$elO?E$WqBrGf}%&gr1U1K3(W#Q)J
zW)~Fviugab>X~tp38$yKFxNTZqo`|HBm9df^!v~5UtLDF5mAjbv7fRAN$~rS)ujxg
z@QbXr6Ur^BIP>Je8I&KXXcT7prB^L@%a+C*p{~$U!XA$^K1EzUg^oH1R2FhR(@yYm
zF5r>vvYt2?GuR39^J53Kk#bMm(ip`5ArTj?a0B%Zo^82}rH{ShBhClF1_H^6eR;Yj
z<lrUI`WM>{%>8jXK3+P#)j!QZr3dB)VoQTM$D!G$W4{jvnee^?4f_;lEw{&2?w{V)
z7e2TU>o)ajKh~c`yTCL7oaV+W1!Fd#NuIPn{XdQ0i7W*FJ@ofA=7VO!{cW+T0P1hd
zozJg*R-*oBxijwt`|=0bUC;3M&e*XxSCs(G?U~019mq%K^21B-mJPl}#Di@OBOh^8
zT4Y1KL@mgN<0S#VF8QDs#MGvF_FsBy-VT2a*9zA^T*PD8GW{bwyz+HCeyV~gxBoQg
z*)ahg%7%(hb8!1(t@QaTW^-Nd@eCNhDd?SJy>%Knt|Aw~WL)yv+`+ZI`Y5ahJTWoB
zNy&V)(A_)SPG>stGp;Y$cafU<APe+7?+y7*?CrlW0>??nE1Ud|e)>H55jDXv1F`?t
zN?z+xXCXwWd}Q*2$9FlI?t=1|5*&?RDk>L7uvFFheLF2GIDLAr3bu39OzKHn3E#!G
zSegRizFtsrFi~Ui8q}cPJK?OdD;$3uH6#oF#Th_yD(v?qo9?4W0sBAug4j$f0G9~6
zyi6$z^;^yzn*7uakb$PuXdksb1Sr|<qV8MeKSRQ$vfsh4_v-OO{SD&a|9T0uw|`}-
zJ~C`iwhS-)uLAVgW(pYr9tu1=$aX7kof3PaPGQOaALVlZz10nunIqnObuZjc7%C$H
zqS0bwU_Ia$eG2N@W}qPaPe)(9BZpsd(yjI)BT+yU=2wbUluoNAHAc;>CHi)S=i5|f
z$)*(DUWOfwfN&o}6+ikr{tWKTJxImQRx755=R9y4V<QvqHFjLD^hTzLT;4MGRF3<|
z;p3ZO!COtSGe?C%y>s7{IpOJ914V=`4uc*uaD9~rtecjOhktZztq-;sFHSYk=cuSP
zDV=$j3d&B8x0|S?7|<Q13^XX3D^`~Y>U2?>wRAYb>S@k27O!kCC`g$*B~tUGq~Yx$
zD@}_&!Nle(u-}dq&|h>pRTj{no#B{@XN%xaQq}vxx!iZL4%^B-%wS_TaHahfio()n
zNIQ`{9IjVl(kWv>8I6V??}OLNyg<VloX&ZJ%;C<t>D%M2-`>7nM#mUnoJkbnO&@f9
z`fAJwq@?<G|J;9MOvDb`V5>D~b>kX>Q{TYFsl~>|_k(a&)+I>&*0`QM`OwrSn5}m!
zcTE%!on|Z#FqUg<UjgR|(0e*g{+Z-vuM@DPLB?6c@BX4|px96D(<2TI?sv=~q)Kn~
zG=X6(A7xqT%b9@Ta@cr#jm3*8SKdnzg3~aQ%wWcBkR1Ny(?huZz{<8{Fplfig;x%0
ztZz`&2XV}!JMtj$b^B7;ED>5sJA#w!Vw1wQGNE$&rTq#I08vF}&lS9yCin`bm)%X&
zh6rQQMi+Ta)Vu*cGY3nO*82Jo{jXY%Ub|pUlw|H2ND(ILmZ^oM9V*}Ht7BVxH1A&#
zGr<c6tK{Ipp6<(A<HM6U$)L=rueOFJJ4%30c7Mjq9qcx~nD0CVkBA?Svr>nkG{iWX
z2=G!gIu*D3*e%Xmo%Y}B(KYC@^;Dv;8-}#6t#q}SafKj3x13X_!>6hFSCreyGna<u
zc<^d68xaXdb&Ju`FZv8L1HW3hCaakfRg|Hx@X(31Y|%QSYVev6mBaJgGL%aji5}~g
zrxK<nbePI&cqtBNR9j5zS*XdKgv~$9S13C)<b14|T4A;dl$0w?;G&*zKk>U7#lCvi
z&gofQ!mz?{z8DfGjG2+5-S0DFL5}EkZ(Ue79>8^Gum%838<L*+Ji`3!k89nBR-6;+
z2$l1oR%%G1l$?^Zz5@M5syQ6n8YS!Wb5x}ak{lD!>=B}PPpcH7w$82mq@nkpw{p~*
z!2$re2!;VkFoFY@Py7I5T3;dQ#NmAdhiDJu!XHQtxF~JRID1XN%y8PkG!fd;<X7f~
zq)Usv@9eU26drMLR)XK)Qq+jj+BB0)Z?h5P(dy}~`vgC6d7J4**t4`a-y!?iQCcU<
zDm6}BOv9Lsp+8*W$YE{o<054}?T;X}bG*Hu(^h1>C@m6R)2ZaVL~e-F%|8fb5A%14
z*jWr3qfEG5Cc+2>L^BCbwgSXlDPA3o#|1IF+x+&K2g*#kd0QJ9%NrM1Ug!(6#l64H
zl(8^3iJ?UGoaN^z@U5%jDxDhbQDc4KEa2u9T%XTsUTA@kV~W~+8Lov^H=v#Sn~xKm
zER5!3&W&x^=@T`eIyQo9jxv_?32_@@5o$(Gs<8o+!))&=8dk_ik_59s9l~%jJB`K^
zZ58CJ%7fT;cWzQ!wkV<z?RaYnF0}7S<KxjeT0SK=w%d7sN0!F__O*A#xle1=gh#mj
ziJfI>x@P3#baM;0wEN=9(4|z=ss^Bl!l@DyuhhiIRJZ@^PERW7Fd0;jl7R-)(mpqe
z$!C>Zn-We>wqDsoX=>mpA0XUQU@hSPP!T8(UNX1<@YyH2wWrI^@FGT>re9bXzpv}7
zn7S<fVOt4I7K&QP>lb8T)#^EeZ|5H%nl4=$GMzjVQCK;=cY}_l#;Z8RX14QGcYZ!*
zM7BM|<<&tqFwoM==h3nGGb<{J*HZ)cr=2|*Ar~XKzMJ|j9o?qcE&<~E!;N;^R>bH>
z0mdbHKz6msk7mT0jOs`uV(GN#K{7K8v4E&Q!ctWE=qm6UBCMoVKWc_JhucLKB|TFw
zFt)_Ikw6giEGm9U&!h|FEvs%r1V!|$AN<0e85g))=-me0J)jVHR16}LRmG;53!HAE
z?skw5{CgMzSK7$a^+#9KqBt(abC%<ilnB>0XLkiC6NKKKO##10-e4m3Jtu)VNJ+#|
zrsErd8e60pH@Y{%b64yQMlVdaCWr~a5KWNESK>b50%7YRwvM&e1q48tK+7WIm%gVn
z#yO=3?moQ(QNhPx+EcB{;1(!7b8K06tAkeHHPNytpW_@U#E(-!V0fXT4}4M9MHsNu
zpa~LNs+;$#93xOoI&$R%PAYI`RVOfuX^B`;Jcn2Ra^y8eHzqX}G|u|mC05S^Y6gkX
zy!)PrkTDBs7Mf%zg%-R;K$y`FTzHnx0>YA(<d!s+9;&lz;>yXwH3<q*<XQ+cAhUpg
zZu!5CJ`vsf^4<8L1%x|g&~wlQpqnT>zy|?BzACo(ey|Km70I<6g{yQcHii`@0?1Q@
zfHcX7GzEdc4#%=}2P6urLa3T{HzYkFZ<F&3yCB>8(!BwHHyL(Dc|y4=evi2o1L8vf
zlB^0h{YLQ<*y8Q32W?<flD0{}Hve&i+0yIg0bSGFOpx1>+EUt*+5UJAsQ!&c_8B1%
z#Bt+VPFYS?{=*Y~Z#R)ugvJ;#2Q(?|h(Q1{5h2~;7J(s6{v$d_xr=#q2(wKCil7ET
zNd9{uOuHpPs0hSpP|S6zHc8Lq3zRLpZe0);g2Ve@wJCT;UC{OcSj6?wbN)CI<ox=h
zI7q&Wb^@Xoq3n{FRED=fzzazGn~V0ELUu*o9Rfmye?mCNT&HLg^-RB@7T+ZY-NDD8
zLotX7m3;qPeAx2$HgYN96v@G*Toq|bb^N}i(oOOH#&OA@C1CmDpevBtl4r<qhh1O>
zB#Ssvbx9uPcxuZYQX*sGAuxb=MHsroQ^fDTZxw+e5I8`opno81k#EMFIjNIkDH6p$
zEU7_rpzoi*2}>)XeGVYFCdm1%r1+sbh6Z*3!8Bh_vi?5?0S*BU9!TZ;{>0nKpJN@V
zwopM^vG;6f#t6?E&YfWxO~?y=`@Ad3{n#rw)Y<s^iw5FeU(5|hKdxjeL;tQuIHL})
zQMW3eO*7TMAna)*WKxq;_fQ)r=qlMuJP;1cQ}Zd=i#5aSc_$nzRf<0_40BLJgqw91
zOj{B6WD@9<{DZD!6GoI7MVqnqFcKn^8AY0vTBqC@hnbYdg?aGJldHwFcBdKYGlLS@
z>J4-&G_>gH1Bj{-D#Xqf$ejv256ciVqk35}^`yCzFCx$*kepDqY`e8VYzP3fV0a;_
z424Ant)D4E0sVw~`{?@^`)C%JI`Cs4N)hrL<KEfOVyap6X#}g!bfk%YM5Ks>4Wpf<
zL1H2w|I;A|g%x9*u@^1}CzJ%mA3pDyCd4QSiamS~cx4@yrDn=)`*p>YaG;zedM*%g
zC7HmdeD-rG=*s41`paRc@|g-Nl;Sh-_rj3s=<1|R3Rlb)cpG>k5h`QaoQzR532F*C
z(gd`O&u}>@C#qsfm};LXdKis!s*TKADxMjQVc7rH<-qT>Dr+mv*2&WLQgTK)L-4~Q
z286kydbQE{;JKoEm(aP;Dyj4&;UGyDy4@V04KzkdJ+Y>D2kF~+0A0hEA(S0H(;?8o
zk06Y|6N22kFF^&LxpJbaLDeafGFoC<Qq(^PBsJ(s-hBbS8AKq$*`@G4ZN}w@2SoiP
zf&ZM<iQegkDDjVb7<ZU7p-LGgm!PxynQvH=`aG{K<ce{akJ=%xE$E6e_yC`}Dz7d0
zih7uw+DDm4!V7*+H~~)SOtKkukBK^u8Zv;^LAb}6pnQgXH8=*MgNKkk$MHM!Y_WD*
zfm9{wQF<o^y^GNNWw=wTqZ~1|s6Z7UOavjy|8Z|y5)iy_Hwo#_d-N_vT#_5iNBDM-
zPC!HkX9RORbD)xFib64^8hRl*?NHFS&um>{%oxZZ+<+|mAB4iPlT8_eFNd)Jr7Q_A
z#69T*NG|{HEAC;_!-DI}S{}s~$NBh6MaSD69))ktwnCT$4XWHBr$r1at5oNU`+_Cr
zWlvOm4K262MGl#*>XQ!jWd3b#1M?6&^~}ZEzLy<B-PLf0OI^>k{iLWfc|OjTTm0sf
zuMDIfx`(%u08&!HS?nW}FQPc0EU}=+w8@Gb0a9aE-$pu4c02ExhDjz7U;c(`v~4*#
zhTxn2LL=EufhO`zjnB28>|k<^@;(f-e$)eW5^vVbjQ@1^$2_+E`lFCD3`WyP`RBdz
z$gdTMY3JI;^ucR&4BNudXRc7{m>hT`jO9&&oH34Z(JDytLe{UMTb}u5ANO*XDmT~G
zcD|N1{b&yRn7o<x<(lbs>j9ZN!~xd3E5eag!f5xq%SB*G-q`8-)V{&Cr5n@w)RDoV
z)~3O)$A{?VGcUgVmIH2`Rj@~06HdM3STv<ao|18ohst0lF|fZOGKLlFaoiQid#<>V
z{HoltsrW=4B{Vdgs-h?(K&8&Sg`~(t(~#hzQYqI=A#N3iC=w~;u1kO3XbZlez)s#{
z84-;5NUy2wIm1&(C*PO?3M!l{M3vv6>|>xj!`{*FmyGHb*|FaFrOf<YTc5c#GMYx7
zGSH@SY?B?HL!pPhM<mcO`nSt>f&zI)QFnux@{}N!GE)$pDYvGaz3@y(ixc7bv~i$p
zx^5(s^gJaRckIqDHuBG3ufHT4^~e&rQ##9_2w@^OGSJXx@Rbr7@^h7I*YS^L5{+wj
z8|YVzbeGQbY#KDQ`K9cPpW*J`KQ=h>Kb>Ewyv%~f16ppHw{9p-x5}pZ_JbRZyZR7!
zw0_-ei4`AH>v7=X(bLlt&=VkU+c?gVSO<_k$98Vfv0|AqbO{>~#$;--$*XbW>O|#H
ztdXR1sSR4oE#kdx{S&eaSw(IC{kA~k#qpGec>C>x>4D-S-xr|_WC)1R5q}lNqbKk}
z^FColm?{I&qs!)k(f1?VWvYe?f*zjcMb*=FXpL%upAnjSAY$Bye$+?^n|sea-v^nU
zA7c+%vMReo^N|D5=R!JM?yrl7i{!KdDFrnaucWj7y{E)Nof9Uvmxvk%jo@1LZSvc1
zrj3#MUcK%bJ7G`8A1W@%wLTqJWB-z`{^F0UyG7-QVH>DAN%qc4zvt=5LI89vIih4B
z9dtc7!sx-{boDtR=piO|?OBc)c6}>`z#nT$y=R~5eSrkqY<V}K+XrlPjX84613xWv
zI&AUIuK#)@)Pg7+)rg+Ce6g++U;BDhtV@F2<BXpuX+*UezTUc5{CIAR<=%D5dj3nO
zGxI|79@E>6>+yl;AyJ3&7~<F4<H&UKTd2oyQ?QAcs8h=e-pywV-SY<j(exjgAH*+d
zVAIL-Bl(52Ct_AGV2j6-=oOZ!Yvh8qfBX2NV>VF7@E1;vIkB~2P-6_<!)UM8(Jd>~
zM?7ms-V^Bw^66<SP};Qk4QcV%?*3y(ZwdhD6F>gFnfsogqr2s|Y;V%13~bp{JtECf
z9&RelarwPMmwG+IMqC>T$B*S9hDLgNzt)R9n~-;m$@`}!lm~Ky`286K-MHjDAFyxm
zub1~MU6Rh@=z$X~^z}H3-U88hNxskWhHK<8O~fn2y-n$>5nfm8<QAsb5anf<h;+W{
z0ei2TPnheThybrEc$*GH2O}gfz70^r+DoeTY9ubvZ~)3h!BlNvwgH%gC@PLt!`(e0
zM*DqyxdP2bc%AZK%^$#=xM4Oxe)yc(d7`%W`9c}z*SoJWr^jw!&r%+)IGRt5Z6Dyz
z%O)nl#N7j0k60u08&PSBN`gO6Lz=pasLLmOnyO+PCC~F>goLYrVGO{5E1V0C{Ru}&
zxJ{BIt&!`+s~|NY_#I~09Zx!Ef(e9Tfcc+(->3s2Q0w=eEYo}ALo_N!M1`QcB3N?C
zfq%`ok;I%T)06bL>ikd>J3MLf+mI^C$Mg%f#Gr`1?IzE*5KJcx@*|UGvu1I8tF1UC
zK*p>P%+Kk9YRK#k>qWdaC4T^y7p(8^%gkVOMrZBCVV8f02Swa`67GVUor#X-t7-(X
zV|$y{^wR)mFgKsIbCVt;s&?o>Pw0VlbwQHNCSHwO2HiI8g;&ZD2jTJf0aG8<PZ>|3
zP#L?kOxxS}7EUK+xlkaB=QsKQcdhp%&W(Lyiw%5kPU@2$UHuOna&TPqK|zh*sIaN5
zt*zaBIYwbQaA1kVh<*mT6S()$-e<@pPFizlJy+=21g1FzYBP1*Y!4?JtVXPk@EESX
z-S}VU6x|JIsPkm1%5c9Ecj7$Bt2D~gp!9Ht+S<y>8XCOu**a&Nr`i$;t0jAE55uV<
z+E%bkZtwYp*nDgi)#t}SA~QL*{(*~=GjXI?2S1ig=Jdj+vr0YY_XhB$Goh<T0cwd7
z6-xhR)7pkx%KP2EYMY|cuuD|bD9M2bO0aa|*OmUHrhO|S8d1kX_044`;y0Lbyin*;
z+0s`kT(+IOmZ{ipk+YE)x{18caE<6PW5%1aYGAMDozDkPSPHlXamvdre2>&|5s4IB
zOUhyEx0DMDVPz2;89*&gw4AWMKP422pF}<lI*D&+T~j}s<wF)n=yP&{Rjvv=>IKOq
zYpowq&r@OXu$6H%|CPo1<^(%Bzp7ETa-z|4jT8?sj-&sct`;N&<^~+CPuEf@E7{QG
z@fY+yzRQ>v<dY9jOQD2;T}C&Xy#n+@izmO2o=H2IXXvSwm5a!ETPYYwm!<&&gj{vy
zcFLD&&oExA+DQFm?CqsXB|KGAjYbq(3N0=C15C=|TG<4FGV)!7G)o9FLHdAsn#B8D
zDWQAsaEhVaYC>N(5f5jXjycQWO2&I{xy|cRXL<=61H>nrwbY$+>c<PP9QtU$^*Ndj
zXep$kbc8-DG3e`Z`LOaUY%)y_wd|mcNC7rGttrBjqLh_Osbq7*ieCRiH~$cP$@SgD
z^2B&d!)C_Qof^-GOrt&5*;3D_<ue?W5ohG*dNb}X!Q}xb5>w^xt064?-w-at=y&P9
zROLDcGcak7>B_r}JeHQNvR%cy4Vfc7j$2RIWEq%fkKx;?Iy+~S;Q8B@tqD~8t*Py_
zrmvvZsj&=ZVIxfny5KRnzR9?m4)&_>s>jI!dQZs7di#^zMUIzimfTpZ<%lQFTv^AQ
zpU`J;0j&r2CF)H279YZ~w!Rnt)>!mN_=Z_KR-)l=p#2b;HZT6qifx*t!a{<L&9c0M
zq@oRW8f$oXsbT)RdAKbOSbQjBaWUUZ%lRMp-~dV5N!qvc5Bo3zpZ;*rsDve%R=c%1
z>2k?14L%)0#px;-s8~`kO26b2Ly=Tg8X#ifF$1yx<{B2)Ovc5;#kGw*boK4qE?HJx
znDo_{^P;G;q_Ox(8)gVsQzK5gsb~E-7CxqFl>u*Ac|E11snp!SJku#{=6RVcRT0CI
zhKWS7#V%D&50PXD;Q)a}sPvF*yk0-kM#rkL{ABMy>2$60^bY+cwhOc_U>RCBy6mj`
z5RR#9&D65#x-r_{5`<7AQz6X-^)fg2_v7<sve7Z<p54>MyR;Z06#6xhL~OkUko1~3
zks7L;3mmUhoL@+yOK{55Yo(i4=NQP!4YUoR&HGDZniVIKycCiu?+)8y;-F2l{00SD
z9_~iu<&rsvm63D7QNan$&#B3UYL<K<cBqvf8gnnSez-+U<TQ|@Kh)x$nG8RgJ|QSl
z?{TqSrykDPD34@Gopo|MtGo(U=g^4al?9k^1xXK3QOL<ljn<?MC)<@0AIB6YLZxnE
z^b@pr`_SoHhS^;3HRMO^8%&?`Uhc{EK86N<<ld4(TGug(nE0jq+vT5ILu90<?r$=_
zKK5aK&(`Tg0X}j6L&G%4hKPlaGsO4b>nr46g!{Hx`rx^3{F#OYsi0(LhM~Uas#=){
zCJlnAAyLC1Ggv!XO^rWA)q)Mz)|_XlAa{y7iHJUiKz}ipttKzs^=E9Z%m9@ikDiZO
z{tpf;9KO;x3@|H>8G~UoDI0?<#4MU3+e=`K!)Kgb(jpE8BjQ$j1czPi`-sIjV|p^@
z7Lexy%4ruDX*i**?HrM;Hcjv!v*^sXQ9a24l{54lSNcR-KAyTb6v>n;nRU=synbBi
zH|Fk>z6V*Haihz=1o{&NB^q!9*>Gr>#}%xN@w;Owj}=j|yWJP6x6;jglO7`!NR%%t
zQ{_mL{++Crv0Kh~zNjTM&nL}8QBr&)RZy)Cn5JC<`*!%byG2(xD;T@Wx+xg!3?uru
zL_f0+{EZnlx>gnpA8FK@Hk~067{fA+aO#JLCACP<J!NeTKj<ygzM8pKlhy{u4@O^+
z4>1ZuxfOl!7Qe8(jiF(uT}pfbAA0C;DTgXsn#ehM+u53wQrP&bnvdqb#}&7t&{qm5
zCaklPO>4C=)o8aU-Q1<M(fv(Sl3Ri7F1DNL?mVs4=GL(5A7#Gjn9kilJ>!QPTY`{c
zY9+kIm5t4fGbMD(Dk^5Nv6Iv&)hUIg^<~ZNq6#e&Mj-OKDcVy3sGHlFmG98U^p8HK
z>xM0j;eL9{bbgz$g0x$$<5>dxr_=Z^ryD-up#>)aG8B-I9UsY$Pm#Qr_T7R%rz96^
zYllO>)Zk>vj754lr2iddkQ$c>o3p&Z3)C(f%VK4yuy~NeuTn!CxWhA<-Je~&eVCpZ
z-%g%@tYDDq6@$$IMFUY4?~H~kmsy?qAq-8GjJ&xt(^;Btb{vncEHj;_bw6}zi}u$;
z7P3{s7B>9CPE=?1c8IUJXnjavGMLxCW&c&IJFbBC`idI|3&OY}f@>WUTKDH8ANC8M
zL#L1cW4t$^6eThp2l-mOkHZ+zFI&&r>j@f`m`E5L&rDvj8sY~2+AR{E>ZYMwz49Jr
zd=<QjEbA#+etKCmrF)ezdUM^Wi^2un$$@}@Bsm)P-oAgBc9#|as~VOm6Df?#9}Y-s
z-Cn~{o-PN%UpuDyTpUDT7w=V!AQbIictdwa^mP2PSSebUR{0;;na;K{6wiUmkAAzw
zc|S^HN)fGm<!S}y(!Lk%9(kFzh?X;GL~7rs<lCzCm)?7iCm7Jrf1?WmUtX8W1Tn4Z
zj~*f*nAS_$TxeDwzp=44a;Lp5>`uHLu)fW5fzjfwTHmxZRv%)_%wIfqU#1Agrk>A-
zOZ(nx9`-Gx|F818ReN*LcY@CraiNYd)EOAA+po{rk&Pr>mF!fq<FIo~_V4{S+Advb
z6aeGLNB^_&hE@uUTYyJ*{fC+WF4iHo0v*d)8>U&LRIh*TbF!X>aKj{H@?5nrw=$#6
zCig!+er;`}+>0>1`Abdt@`8|paII#7PXjdGyS2X|Voq6loFY|^O<@kP4C;nIl6jQM
z&XY&@59@=RwSOVo)#_>d%$R3PPDIPA_%lKqIyXOL&LOwZFl7GqM=_8hx!!0#i#*wF
zH8-sOMya@6g>m3#093fyc5~m#Flj`hcoL`9VNKoAoKH3NM9#dHEpcdEjq?AjTz@4I
zp-Je(^8IEkc>fpaBlCwqY8%qf7H|45olNcCN;^F&Lfq8_*xoD=)wpiQf8kbO3(|1@
z^{wMy)Z_ci?=%^lfMMMPPqyM8y_6muEA2}hgyvzD7ntg&Jc-YKid`BB5sz1Yx52N$
z>aEwxMjOW!Ysay%oggI`>j-Kf_UN(r{s-{YBu3CneqOYf4MobPRvoqgJeoA#g3WOf
zNjmFOfDR))LwCwcot=lI8=jx~^h3UiJrB-K>~WCRk6W?Ij0Ms*;y-&MT{fL@lF=p2
zXGHf{0RGcXK3~`lPK2HONS2jN&nUCed_2&=X!R!eueS>U_-D-WoAR;`#J3V=sKF*b
zE5w8UL2T4IJ>SXo=vK=^>XLaW-D}#`ZyGtBf)8Xiq1eE6jhneacbc7<{fzM^_jjy@
zSqHWg%3H6MWz6xeV4&6t*#uFq>Yor!InN>TzEHS&KgkR_j4}Nt%$Pd=<hG6-TxG+T
zD3@@h5WDtiTQHS)w+c_NuXCMz-vjNXHm|emW$)pTDdeRYUWV@^X*=oE{RK2Ymc&0F
z-=g4;_>9@EouTS`V+yRovbwI8#MzZ4qV5!2oAw=>UWBoFC9x1%?hNzFOCX%a^xXAE
z@p7k1;*z~=QCO}g1}sMESZvhCscY#G^Vo<@WZCh)Jcd2+=Cdiu*(I46D=ix<g+B`a
zqbZomb%llYdQt$N@;Tb#V&<hx$>*&<b7i$^5aFlHiYV$fn#K1hPQC+m82=&g&9|rl
z{8}diNr!^hFwvJ7>cN041+*{`i0iaJ4~i9I)y;5LS>D9h^1p|%0p(Fudc1kLa@TVG
zTcGLwxkFwLSn^Csx#LUVbVqA+Q&fi+ba2h(rlU}?_5&Y6X3*L0V5^MLw*PsOeUtyc
z!fW4S>7nr~a$A|Zo?p*0MY+yW;cb7|Yjs-~7OmPaudB1#r&X`@i5@ita6+;Xit6y8
z$dgYX(W^va&NY&x_gU@R!Bfk}Pl2Co0!?0ib_$_geD?eFf>P7asHu0NyMRf6h2sO)
z{`>1Yx~{!wp^<VE(=RYr@&x}73j5e6toZgf^t7XXTSqaw$^+aqg>!-qCu$SWZotBf
zc61KCt-{BGtG1b32_b)K?W_F#6T-!Ohz5Y`t2a<&#=1ZWhp8&ky!ql3RoO-6R6P;M
zcX)MQGa7so<Q*s|q_9MMbPZd5@Ry5Po|*db)2Akf2D^;*Mh~OB#Xx)<KR<s(O{JUL
z2w``W)$b_iK7KDv^PM_QQ4X2xEDTsT_K4d?8{So-2{EZ$)KITSt_Xcne*ROw#lT}9
zu5cLCEQ-w@)19A+*|=9=bH{$S;_o+hU1wb|{FAWmKVq7uFc0(UQ&L;K`C(R5xHeOm
z{oKstYwZ6v;-mIOR%0=M02oEQw6c5qCi8L?lJ{h|7p^`}{J(EcjBMjWGFwpeHvvbL
zFm;lU3BJP=oTK48WbDv2gBl)YX0#Io*q1qlgZ?OdLcdril#?@Ldnjr-lIOEPdZvC?
z{il~M;buCzs@u)0V{J(EZ!{fiFfQKB_I4BLJiYfM%lgl3CfpnM2pdk>6>HatvcCCW
zYQl|fA%nvBKEC<_@%?0eFZ%5{_5|U<C(y5tK29(eBEZfN!j|gfMxjGAavRi}Jm9t8
zm)u5&ulTN>rLR&4re{(|<78Ov9Jt8$E!2^e8h|OxRGXH%-@e3^0kNY*i60{F&VEO|
zw13JPirCH)s8fxE<7Zq>`6eO^qz<*%*gU?f6%<%EcvFUZ6zurJzjXqwyxnBmx<G#9
zl7`Gky`2fOX1JHXxnKb$(JoxtP~`p+5f5k@yheR_hrn)p;lDgL@s+hkV~h^lszzP7
z_ItudR(U&yH~{0NkKUknrw*Lp*XO%+NFUkl+xk;XM9=HjX$VGc*G9G$5UN`i{encS
zNBhGuf+Rv0R>6J`SmVxkA^+{)M)nW8xI%`Y`q+qYXLPe~72*Zfw^fxNot;|CJz*N%
zyK0qG%#_hz$Vp7vNXa7bV)du`jy}dABGSpwh#-nY1bw8*>EfKcNeFJRGNq;&Y1?p_
zP6{|_J$v#J+Tl9jb=iLqfTZ#ior&ikXQ7k3Mf84Nb7om$RvFEo=Rfn?3wU(UQ-ToR
zsulyOZY5RUP-nA6UI4|naqe$kw{FSqr5l-#pNfHOx90_~=Osd^k8CAE**XqRRXYKX
z$Gmgr(l5fZig~Z_M?!Kh1V<COuOikAJL`}vLqnlb)t8atY>5~2SzyAWYKc(tqk|HV
zr+yy(79s%j_ggA?{Whyu^on~Vr10{678vw+uJnd!ZMVH{SE@MX#0xf`ewMz@&LKdz
zroprzfBW$xe<gfm1mI%CF5%(BZmn5cYq4Uxx3}liwEicNqPDgc5eX^E_gv>yb9a2g
z&Sn6&M~JP?rV!USe8^hu4m=8*$wMhyL5_&@6}FwneQ!9?B4V82?V!5|5r92TdozAF
zE+iMm_HSEG!c<boRYKKAXgg9*M%wCJDw1*hPu%nr`q~%5u(|K10GowT7G4)y4PC`q
zYaPYqRt!Ksol_VYBMSqAT|)&6mk`(6P=Zhamig&mZAws|Ei>-f`@(>lo-sHDG_=}~
zU2Vx3g3b0)GnU5R+|;y)K~B#yg<`cefTS8waj{fBl&~#QpAy-PWfM_~i9@$-qN<`(
zmkua)<B?H5o~}s2ZSPBnt#K|Wh^T&#h4Krmajt0C(@nVT^12tE$kE7zaYcC61N!+6
zrZd^>^druw>e&0!o5~vi=}+g6NtSdOnqK}JkqtbAer(fRyqb&L<bo2tjd$|L8Ok^g
zDynE3;yBp}?p`|HX%#Ma;nWCDysxQM*q<EYu00!<8QsI%x9J_6E-f;7&Y)iL4d<&q
z?n#$&vH_{-b8vFmceDA@;^N|$EG_rYb!!B<+0<6KY?i7$nt^<xcyBDLm`*$kUIO(Q
zj52WDt=6ftNF-y|;`*Lt_AP==HfGBaMoU5Jblfx(__krqq}BXtcSt-w!kuxs!_r5@
zB!h9v*|=)rHr>Bpd)B|vgMVuDg^*Cwr&5r+q5U8&A*`h--$mcyylwyLp9?_DAzbsD
zyflxCMA<AWAB#kCvHP3en`zXe7}&zcZXO&ObBl`5lYd~bEOwP`VWEiGxb%8|<Jyr(
zFLL)(bEik)UF|Gw=gtu>7Q5=6k4ZTtu2p|M#pZ1h_rr;%&k-om4?hJwaTw5}P$44V
zJEC<0tOy+OE~r0kG{m0hiZw>hI|bh-9xl0K(P8vb1bEp_M;2LxsxO~gpK=*Ktrfrc
zm%aFNMQQ5S$Ud!=y%0_M3oJVnK#v#vKOO0&SgHWsBu*Pcpgx&UpJeFMUnn1iht3)M
z8o{YY4zyM3Nx$%=a?)SZ3Sz^jQTBFI_7nuMNKkt-OvDvGDFY6vzL|J!rADmXzCC4R
z(f@c|SYgcN+F&uQuX_AqQgW|Vj<XT=(oL1->WyC1XJsG3K{5-mz$;EJe*q@f<R02b
z*k_M~*<Z)Fmj<3|>}3Pn+K(Rw`0V-KJP&?d$3P4{UY*2au47{Sy<VO6<PV6m2hp4!
z6$adfGAr?e&I~ap_~wtVmvkI&ILHD$Ta*AWDg}pZz5Fk<?Yiac&vO@=P9*#PQet|$
zw5ps+#*Mr-u1d~qWTl@S*D66F80(X7lv{bAoyP+VO{)Fl#vd&hcgG&C->3FqUS9M0
z;?5?Cv0H>3)FgAAd_}s%WqAr{wnm%dies=(hrdv;kUE)34*iwOU!*3sDY)qt`Kq{`
zn%~wCw^3rNCc7}gqyy`kIinojlGK=NPrfqz9Fb6fH9!HFNHlY)v(#jy9!jP(Tu@f2
zxKoj^HXrVjX)Ku6p4Vg&$VoaAV0`a9aY)Ux25?Q-vooilsCrsfFwb*8>sA@kf7ea)
zS)JZV%E~SgUo(Xi1H7sXZ}HYf*2}6F?CZrQvgz7snKbH(_HTL78It=l=&V<gwP!cZ
z5@|J8R{%dHrO(+K^4|5YCRCH&MQ_dp5~lnX?$-KVA3Khpz8(ub9$o5qJzAp{IQ=9t
zKkW?r1nBAg?NZh3p~O^=oWV_PH)%GUAq*9c@VCp+bF0YQZi4RE2-(oJ!ZEdw-Uchl
zB;#Mxq^l+u5XpS~nmVVkkLu+Yx>Jamkd!XDUTb3cTW6Ye8r!DeUSp>MX$4V|fT`{M
zBT#od|B?{Y*s$8M34Oll@L*`R8Cv^vrk$RI-kyG1dH7EM);w=*yy);a*LB-?G)_j<
ztxP2BiMFO-re|$CzA&);)FY|H8qyfa9PMfH9$^NYp96sccc-`yi-QBfF`HbHYk8x%
z56{#rrHvYoF=wp2sd2o#U$Iq_qEKS~@fI$m7~~~K{S(^1WvOz>qC++7DreD`EE1f&
z|GDcC6SelXi5Ua+u6xT{cyn6lJ*M*Kxm0>`k4vp}m03=RRn=6`7f>In+5K^FGv3Td
z#c{BnF~q~>oHgOaaj=##;XJ?Rn+mpHuD1F<gRQ8`!r-vnI1^q-Gt=Eb)UaY3v$VgQ
zv^2luz64#SwWV?%Yle&y#`3W&B=OPR&8-$R8}4K8YABrZy>$Kann7Z6w{JNZ+NFZy
ze;ABs%YKFqT}0M>N3!tssc~UDdTZO=7!~~@lx{PgE?ws(oc@K8fbD=!@Mt+=9PJb=
zR^<Fn;FhT6w4d{0uri&PU=-+DU35KWw5UC7E4EMl)H-fFPA7l!V~--iW7KpsZ%qQ4
znmaE~ZFyXykvqj=x?IP@;=M2^rsy+!r0wQEduFFnWpmdkX)r$Z-9i(UBdu<J_@6$}
z3T1`s=wjx9tzBV*TUz?W*f>%BhERGe*Q>1r(Ih7-PKk@7>;Bwwj(cv@i;7*PNrTAU
znyqFjSlYEebX;Im)moy^)hvuhN`N<+&Vr~us6M&R@<8$C`^x<O^0<qMYyWY|3?pxz
zI6(IF!E|N6`Ubib0sizDd0L<Dw+vwc?wZciOx+5v)MC3%7=1}G$(&>9X&hT!+iz?Z
zp;Lw{u?cp+!@5N|f>w{KRMqiG32fN;i+F{USvcC|yCvxut}Kja>1Oj*DOnrV%@z9z
z@HUc-g+tE*I4pmz49DkH@akkYXH7xnvUqJnZr9I7DpYgnghN`qN)@K^+$r+N#pdYK
zmIPJR^q=IEP0u>6;=rpV7P%@b4KejF?X+PscCEE*U#%mQ>zh3)yorx{1(b8?#5a8E
zmfBU7HNy{Sb1K;0V#IaRc@ra6YhItH8=Tz|vKJ;b%HK*YZI+psvR^hvf@DexOa-2~
z#C1u5PE#7EhFXkjlDfxyiP^_R?Vns}OJnj<U(bgpbYCahpUf#r!H+0^4!`R-ZnRqU
zA;=%C1ZuF(vWX(ia>3qGGwgJD%z1<za@4QRI;%!JLeT}vDzKmO#4B7DFiyXU`{69P
z9W$N^h`t-*QONTTyA5|R!-E8;3?$lqib^r{6_3Gx*TLL6vwX8Y)OG-G_2{FD4j1O}
z<d{+A4aHdx%!-rAaeB=S`MNwpa+g`J{8PLjt_<~_=+bi*o%T?ugs8HOlBD1HmccFI
z{;KX+HDTk~0vV%*Dd7wq-oMF!1_QS+sN+3+h25<*dVPguD^6s6wt2ZrRuvJk0EUEq
z&hs*}1S4l8roh*j&>uZ=+9uR!flYDLF~=>P=CvXoJXpgfl|-1{PzBt6X~^UyKDxKR
zEON|XJDGHOtZ|KKa7k-Oi%+qx=o+4W(qY+C-r%G>R-jvaFGmYiFGY*h(VJS!Xzspi
zp!`*ZL@Sjz@*Sm<gW;L{_WF;C7v3|(aIxjvsmd7lyO}e8{lde6mj#!%oz?8|my$Yx
zlm@t|<)WKLy<Tu*(tRcKXe^MUjid-;1FeUpdD>AAnNuyIBN%ULMTyP^nd)9cEn8!J
zrWBM~M7U=q>7~P=Shg?2s|h=^Qc$Ny?tHkWH1*A1v}R=s!Ar`l$IMfP2wQRFmnW=6
z7nm78D_OVit((9TX1`lDH(LvyDUi_Mx8@dyC*k@p@r!z?Z|OPWH&}oN=VY?fm<O{=
zl)`X0H}P(n{1|*9j7EIQ(9b<PMwl~SuX_`NakeO?==MdMIV>oAKR<~>Qdqe^z-^&5
z<q)6*!bSi5;wcVUH1nc{f>!bHEqoBkoXgO^Mv5-3lfr&KH{p{dViiOJZ}Fs1q2eF(
zM6ep^eP9}?C`=EUb4A(>HJf1{4C2Yn{`W;|Q1CJ>bm4~RiMSIHs@bCxYrQ;}bT40&
zlV}6jG$dOp$9WlbvVH4H@)@()#5az@XDUwv9A7qyyDT})>XLix%&zTva`I%!N56?h
zzk%|m9n~nKbprB;29y;yi;)R#NjN-qes6pyinBpR9hvjoB5k|CGw>W%B1y)N4#U5U
z@7o*@t~W{8ry%y2n+$XzH~l`L+kdTb(e{m>Df3`$;5uv13-zjvJ}Y_r`YadP+W@dD
zN;Kv_{*;v{`J`J91<sYsF<IUs>8y#BrCYj@R20q}&D8NmYMd9&k=F4hP+MDi2{M!k
zz7aCK!x9+d{~v2_0ToBIXL|<^?ry;e?k>Ta5JI4FcMC4T-L3K94#C~s-QC^Y-5<%7
zxpU{v_wF}u*4pdG?oD;AUQ}`FoT`7HV=zUxc_7GLsjB{M5voe#)1vg`&EyhuC~waA
zjm+|<4dd~u(4(!f2gb4B=SPSA92V)XoApTb39%fP$!d-xlA_wXDx4_owpA}R?Nptj
z>+IAQIFaglTqJ7M<AhrhLa9@I(Rfa>oT*U*autqWXryrm<Vwu&mtns5)9S`Izj*IP
z_gk<SCC0}XvM4n%YHm1?G$GhKLTUQVuGu+4V6|JMHp2vGK;Cp9%fLNq3;t{e<9ffn
z7Gu-}yhEkQfOEC_8XL4JgD5rj6<OpA-FF?Ms?TksYKfe54DRiSSz)Dp-uVK?LoaUU
ze?DR92zvfnqf$X>*ox5eXHNlbh}%{;d{&S&ZScWnq4`i(q4_@Vl6{?xJpu29(b+`a
z?@11+MA*n3WmgQbeW^)g(I()74F6KPZ(XAjF?`+6q+r3a-G}%43{p`~BJ;_?)+Ty{
zU!zd&t5%xJY=%9SvaD>ySlN8CsUa@YXuoeQe<dmM4PVn+&>FrUop-2cjeH(H!WM#Z
zT&I3|@9xwi4*@sT0h^Z<4#ow0jpCi=nH=926qFqQ4T77wdLn@JZ6T$KA-Z3)MbSw^
z&bVy7{dkvxa}(H?cuiT@A=W7kaClw1O?=;C*DqOSBD-xM#EGr1z)BcdpFTXm5gK)F
zXeRG>C;UsCl(c^@<|@X_t=_0oOr8mzRJ8`a>-Dw%it`(FZYgX}UUpC6Op)xSQAIuM
zn(CX~{~aizby#pIqjf6wC_*$@uqjP7D|RT<bXYJc<uofcDDXAqEyb=C|Ay&z1<*2V
zpiCVM#H>tg%+9<$F)>CO=W5hOt@tsUyc?powLUs|_-AAWUIeUzGC=pL(@KQsnxt1D
zIAMxbR|w+K<F_K`?@jY!*rx{YObigKEBsYeM2d?t6ldO=u|Kh#tcrN4K4Ejzx$1x;
zy+Knfi)J{hW+86rG-%eO$CQ1u8ZUd4MN<-|lmax1)?*60S?!xD(8ZH9fK#jknqdZ*
z;$+$R2W{|ll9vThDLcSap4{jyANQ)78WdMo%&4lE78g}3&ZyFw7ROZ24E#e3>O||&
zf!!?gwN@UeD>Q71VOjZtYe`WQr#K@?YnmNXJu!gy-5~jA**8@cs#5(oqo{iB{&9t|
z`!U<G72}k+_p$ffoqeU0Qqrh@LZwN|dsXt>h25P|hrhZaR#io^xF}l@HGD^M%$1h)
z0eNWe;NYBS!IHv-_spRHEDblF0uiR$m|jcZq-1<X5MJDgU^x54;=p42i1eVPpd|z7
zz+@K=w5(&Y*;QIf$Ssye9wb}JU#XV14U#k6rzm-iIc%(J2|skI+S)o$RBZqpb_-n#
z=9V@;=O4QH+~Dufr<)s~VrfKu9)FR8=IHaI(t&=$HSCx?Yxs;h^Ucyr=m6Tz4^(7r
zLpJ*CO9ffwP#D8^i@!os>lJ?3+r_lP5bcD&H?X)J1MT;$8aaZW(=9_)f*St)HN^{A
z8|n#Bz&GX$)fK@bK;aB_t3CG&_X$F=6HggFt&_(}SilwRPzS;l)~|`)G8$~zp^VVp
z6F#`EMo#g-zWufg|EBNDlDc=ar0y4egCWg3A;limZ3(hx<_Y2~aYel5i(mVAIFP?9
zr~oS8zxa`WZj;swN0!0&tzdc`Y|QJ5*t9656CXcm?ZG^+o8Y{I@UkC%yV0V-dYoA5
z({9DT^zNe-*-%#TeHm8Ex+Cw=JM82w^=5=F#5k%=qL>)#&HECj$X>mza~vo6zN}2Q
zeOEGuZPRorOVmv<&XsspgeKdwnPifNwFq*8C|{8%tIudi5*;KGT;#9;<m<mf(cz3K
z0`cF-ohJA^>^1eTa3nr#W^$8dSfj|Akk~)<HOG*JJvu+(>#)8FrQBblY(pM)x%`9|
ztyzL)MO(JhJoKt&dDIYL1!{ReVHX)=WH|Ggm1MHJ<}Z(=d_&irAWto8LohP!#2dn2
zVI}Cg%&CfJRo=One8p?up`>XYRof@w{{1NP@r%EsE@n$f+brf?1Gtvb+990laqp~!
z>v7Ltp;6A4P3zTs=ELVVI(X)!0+RIC4c4YQ@;=q!Jo3_|j<o3UO0r%vB%lUC_*tjp
z2uA0E?pgGoz-Kz4@6h15v^wk=&j@-#lFl=6+%7Qm06Ig|AY4D@toV{>l1c44A`4H9
zI$#5?xJ3^TYBSH<ddrC59#<UhkL5tjDqc5x{U8FO@;m><l#0<4-Qg&UBMrAHp~Ls_
zzYpWhtJu|2Sp;D&e<hV~bF}tx^U`^9uCpo+-jCKB5pt0bw?w-4q;=fM;dlh!f7mst
zza_t&8HBTi=ncJ)S5HJ>ro`;|mBhRsp43*~&qA)slk9+~XM*yCSK@c5&7_XZ`3Y|6
zeLfSUg?G|A77pBZE7~RKS`nVNvc-<qHVrGzC5TopmvsRg=uRETC1f%k43Izb*}Eq!
z%?SF2dM4zZ&XBTqn%;hAEOYCaj+n81fhXq5a2{R;XGl%(r|mY1ng6$cF>SZ0?N016
zB96AWw#4j3=+$=nIWUGf*v2)NIYgIq<r!Al1Kf|-pr6iw2RQR;LwlW)x|9U6g!_$~
zc#nbD_);BKSBTXPENahUnfHrpymLsr>7wM_M}EYjvPBBYx-MnMu+3{Mbp$0S5<LzE
zA?I#2wDXx>sE9b$*8r+szTQ4tobT5?r}HP!58wH^X8v5Sr*36Sqn>GSbs%Swd_S{X
z|D?~+w8B+Kde-lnA};X<V?rrG#hUzZ$F2_VIO4ne^$+%wJC!J1yN!!D*9mP&e}K&(
z+A8fqw|Yx{z%3dh44nTuWT?x5UYQU-++}uxsMMj*p?d=1mO*?KP^j|`0rJ5x$I|dO
zcK&i;@?Lc~>QHSALhirE(;wnaU+*|o@e{ACF9opZzW6>@pK;I5c%fhD@Y*^2Zjsz0
zY{m00$<njy;lA0l5aHF$yce2B>variR0C}I!%GtAQJm=95F79c&6t`>@{=_YQK?!@
z!EhbO9h(sv9V%Nd6>(W8MlUa@2pT<`-xi#xk?3-{cvn)@)dss1iWa&14(%Mi7S@z{
zTwBIbb=y5)?9Z-3iWq!)6*Lp?gLrt%mK22R>3d#S)$cJqJ+zB$m54K-`1!fjfbr>F
zb{X=G2rhxAkJbAn8Ki)A2=R3ACMyhg-!FOK!~{NX{VVr8FesCC-z%!81WVlJ7u1$z
z$7l@x>spDl7tS-hXZIA#7uXG&o&^PU`pPCox7h76Z~=dhF@Qi(0HY3>S?tRl#Tf^k
zUuzqSBg~55t)nL009*Qi(3DlRTe)+03?FZ}(e6G~8+rtMsRZY<RV}|@`0noc6JKgt
z@8vSz>hRxT{&8(VaSobSCwwSN+Tvj==RX6>A)1|6rE;>Crou4SBe!2Qq6li==p%oA
zHdXc2Ez-lF683#+n}Z1DVz1u==e*cK<9l4hsPPZYh1m|(S0%A4(-V!V&PtLw$NCH3
z{#OtNUQI0%@=riN+ThHK2!)&9%0$4d=oe3TTgcc+$`H+sa$I_?ad$JURUm8^-pRWT
z4AVK&`{9-yhNelPWS~z0x1NSf$sjK>2ruCu5sEjT7x}+~f7<h(m-HafB$299)Z>eq
z*6I<828U|v3NUkybjgnmKQp}!!0n)wMUL<T-5|;>KinX8X?{7%{tsMb{1o^(5g_{@
z^M&}!zQ{*6>TKj}P;~x<*iPJV%1c9DVEe;rzcZkyV|w|4pk7Q6(Tqt$aeVWgZAemm
zxA{Cnt+Kj}<P(Pq@hhQO0O6W9>EBu(&uY%pzlfc_1>>gOo!SSY&6U98{lGet<Jx<9
zPwcRc@QRi}OA?5^(i?j9tZV+RyApj@C6*T2adVUg#EBjUuOj^=MHUNM+}aq>;+F@a
z%u|y8RgfZw_rXoAgm<{`zJULle6esNL*=g5?7mLx19+N2zQG0A=9KPul_3;cgDpV6
zLP0|}`ZO}--8?KxM)dm>(LHiuDpa1JF$v#qq(9L9=aJmfR}7>JS%BuimE5@lL*)fm
zJ;rUL^(%Ac+*b^xs?clNg`NkcgI2^3mIhnJpr)9}T9yk%fIL#B4N8np9)alg2O1b4
zci@1~|3joRF;i`ALj*jcg5v}ZWzRZYIhO`ft<ZNh`YG3<C|T+r6z}|WtU(#Y+L#yS
zQwubLCyJ*~yB_Tjj{M~jeaw5XYRiQ`#VG$gYzcq4RaxQJ-0aMI+}fcLq96UDp)<{^
zEVUAsyQ%bF`iENWfH}xl-+#OsQA<zu8W~i-Kp6&b&ND<)U7xP6h+ngAJ3QoSa~wX{
zGKCY224L%e(P6k<*)KiE@?~mu6g>TI#5{c*VsEo)-F=@JUfgkDv$WYjUNCF55n!!8
z<!3IAC_U{WXH0zH;T?|g@50-OKcEu@(A{NSbxZq7oI$?bCb>iZ3id!Cowm7e`y^S0
zq6y901YX)<ddAZP7P2O#j9}SrvY`xNx^Als^Q|v{QJde)lX0DP?tRi)+8Mi<zvY_R
z95_@NCS0~;*P1Vle35AP=7R&fCEZV|zSob#_+UCaVQ?%Mlp<iy>eHN=#O$t9caeBf
zy3h$Wkssq;a8Dc+PssJaSg^(fr5Ut7<l4@s^)^nrI-+8=2`Aqq(ivjX?0nC?4sp^`
z?Kt?;YQMAOy{iV9IrrrRVCKjFljs`zDnkC}u<@jW>HB9us91a$MAWbMqT`I%hOSup
z6pP<y^DjbWg%Fj0C2KDjY)7mA0mQ#j_}J-}g(0L;t|s;AMhq!L)a&V&1P!rA)>E>~
zitac^y-Mjzleh%GAU2&-+O0;VX^{J{>z|PeaEoHOJ=|8`TKdt^=mSYY;8f)MGKH}Y
z`*aCaipWCj^vlEO-iG8n70TlOzd~7b6%$fPDgFE)I`+tH%8Dt`*u=hn8Ab`mVpRN!
zpzx#ns4qbx38y047Zpx-|388BueW)gRp3mstTXncu<-hYX;q9VAaq#LTUu)~EocvF
z{tka2C#XSZ3Ngz9$F4IEAF#}H@b5;sn0Bhb{|vuK-0VblN|je=BGq3v@${$Jx^U(9
zfy1-R4nv*Xm+NB6?+OkVS`4PRtP_!Q@2&nIj@aS;b@>+l{4sD<{7GQr7PU3}&aLZ|
z%$@k(jojM_fIg2VR$7QBh3#(ab*0d^(`zkwOG^JWOnkkf_kDb-8x8-zgSgZk%Hwa{
z-#j;S)~xRyqb+{wQ2h!rYK5yhTfB1~TF~QMfjvTONSW3sp+3e0qMIM^VE*0cGe}4m
z0ZlIg$EOR2yypWmbP)5u6NxG9v_x|;c|(vL9Q3}2XKsD=-Rv0B3DxHk_9y!%G&K%y
z@SA2d<ZR654JP1rW7aj**1>I)Qe%&|w!NsQ*2YIZ#@0b&N@r<8UX$iw3pKw#5R+l_
zc1E2FN&hz^QI|_zvDX`87ZZ?>jy7YLW}xwCAk2PNn!v+22?%M34J5z|YzD+?1#sfD
zS_Vn>zra2al0OdXw<bhl>u*8fItc+ZBO<Y@%x2WrsTc&U?}G-V)!jEP(BsnTp1QXG
z&4^Lw0*&%NA#>!b5a3%xB)a|<Brf;gY+i{;kHT<W0j?7JW`UvlG^jAqT7mW74B6eL
zYY(IM7QOAY&Q}_wu=ZQ^ikBIT4jcwr50jkY9wZnh({>&ygl2Hiwoyf*_;fz|w_Bm_
z_Vk5Udknrt>=`)5mzM8ooq+3`VVbid8JEXk(O&VMCBxfaq*jOAHt-K6xHyILw4Dpp
z1boV%s@A`zQruxWRmuI(A?M4d&*X*cJRs+fzill-gW#295WQ|+&qyK-jXu*?;mhdx
zmCCg{)`>$0ov8$^rhJ(}n)2<YhU;kka|J^N0#ch$3Gq%cOcMby6tQ`7L@pYh@hjE)
z!A;oQbU)i%?$`@?T~c+La4P!%A}grg<_zRVHyzKVI4)75FHM*yp63%OTwp{#X7LEz
z$)j-wLA=}jq7O03q=#sOc`lIdzN-6JWHM}?nP5|VzKNPsSD8ECr-}f>CR0lRi6p=A
zC{vDwX(|I$D8qs>1(so5;{i)i-!Kwx1NL(<z~)hg!Sf9zc-sZQH#bd<{i*)l0MzeP
z^XFw|GWK6`u)p}5j6~w;r@Wa!lThj%@qEBf6VZGChKXnf0OKM{h8}J@^Ec9E5dRK(
zxMPuwcW_WLeIdf3)Kh_PkSBXMR2n3BR<fb}wi3dkl|J+x1NJa{fZOrVz^(WRLrE|j
z`8>x_RUoXk3EJlh2Q(4Xnbx)5Yjwx(UsBOFh8Q*9Dm%oaPQSZ$=YlXRnY0dFkG3n_
z=8%NwFd&WKAZMBE8g!~FxZ17YirxA>o~G3Zqo})oG2U+4^|-5lct}cc{bF*Wcd~<z
zzHc(o=}YDMmoS*h<{;b6u47PcV}5gDizQj~Vvt_$lTe5l>VB2{H`+(zZV_6ADjQ$L
zu(8>}@7wQ-2{1JB>Z21wr-pK8P)v?@?=4Ik^7gZLfF_DEmEMUyc}{_eL@iB9=gG&Q
zX~LmQhB?2(o3)~5QCm-Dw}@jB8BtPp`np`WTlw{5nq>42ZW49$4t5=N^d5E{f=Q5G
zqV-qSFxd5<hRG8kxq?13%ml>fX~UU!VpqA-C!%G+wRSU#&w@^!uXy(TD5|f4JuSZA
z^P-P%$Fx<Y<WGI)*7KsgaOP%l9M!X=VGq4$q7X&{T$>Z8S<SB^a|xc}Km)f|#pQ#8
zv0rj|^k|>P$_jxhOP|zx?4Sv+Q<T)>Q3-G{#ZxQ+?G(_2IPFkNn3zBN5Ey)!BjeH`
zrG(KSz4w28M}znQ^O@&k6dSov0|caPtCqqB==65z(iM4h^q`<Y<95Y%gn!o~`p4l=
z#>%s~GW%!&R%>qV?f3eK>+LE{@o>h;&B3NaYQ@jmevqdt`KKtk+J5BHTw$0|$|U)-
zI;+mrk$Z55)(Q-65eE-7=!^CPURKZu-s@Yvs0E^7zQE*gKkJBoW6BJJoIuZ}sLR6T
z1cBZ?O<NBh_wX|1+)!nnpzP?PNkCD`*X0l2B%aY)cA7pnCpRR_8XUM4T?i;TrByEk
zZlfy;cx|KSvoEa<SM#H6Hxb>Ow?L<2Zq6})=L<%Fg$sMn_KLNY=A*TS7yY0~h92q{
zBp3nT*)Sq{8Lz_cw5HpgEwp)Mi#ctDweW}G^1!(`KU2IGIIKmLrg}nM5YHgG5y=`b
zdTmYsRmU`6BmEc<vgXHX?0Gid<_8)2d^W1tA7V*K_!W}j7P$}@u6swl1K4t$7Iilz
zZDoHJM8)YuVm?CAJ7L}-BI9I_OiJvNl-kOsypTnA$`5Lqn!=7`zW9pnloP}^`3rGe
zQ|^A@@C>>M*0O!^42g~m?Ii;XRiYG4Y%wTv_f6N9fgsYkB9kkdnOUs4FR2S8-zFUz
z*vmqxRr5}Fu8HR0Q3HjWRf|qHKhsa(lR!&pH(p;biY`Mp$IO~rT+xpsTk|0t^OZvI
zIJrT(%ScDvb_gm!R<vbpwemD4nNqEbS4*C*=jGkt?R{wfQ0v5%NR!s5N&47mvc_D|
z>rU#5RevF8vz>b(|K3VKhF`Qw@VAOJ8DR<$ZQkGdcUW1s@+Ij(gFaZk9pbIQ@#Ju?
z@+J?0<j%v(4|308$&EjgA3tgicNRK1vWLg8q&%rHFz!51Sbcm}@3Ch23WU0_36oog
zyLM2V6uF?$)Ec&Rew`S)zu)FioC)cgrrt2YxNq=veU5bcwCy6^_8A8%O9wO{t&)H7
zsDbE^_cX=FCe)He-}Sv~<9kuVZcy)JV3nBY0x79E@Idjz65>kA1XI5A8#5m}LSwrB
z%^epeaV~(nG{B8-_uVdYnAE|fJicnWLb0^D9DZI7R6b#{LkH@e(6DaINM;8XO1G1!
zHBo~;ze3H2Ysg*;E(zZ3nM&{1t=Z{ZcUb6M0e1N1ij}k+j=S?T;@9#9qrVF8LK)Gi
z$e&M8Ky<Q5e6q-BdQ|sKep}_j7s}5b7vZ9{pp6A%g-_6qfe2?*uUsW55W5{t5wN?R
zP*x<M09Yni2Jet{wCXXBkLn|bv{MYPF;<wRrCz4%JawA%=c{e!fIEs?k8W$c)B3mb
zSj*NOzE^FXL-Q5;3Hk-!B4A&=72?FVk?Xa7;*M~%F~F2n2WttwHQ>?sF&fUv^M!b8
zfuMwc=#aj|P;ILeqx1Q0A-wbr#NadR31p+K`1q&WIPCynUVvNj>8_*aE*tpaJdo){
zQL|Qv04d*37b9T{l|=$9f$V_hyEv4Y?V&Vnf{p<0ngq)yfx<_4MF;xpXKLC<TSfaJ
zjpiJ<3ROY9YG{?>(n{6ZiZ{t>8L<nr9Sj=8G<VR@8pOB_4>*U%DD)4^_XPJFbn|rw
zf7I!AZ4b77S!w;UBpIgG+jo&4OTpvf1h^xtw?KbW7T*`Z$|nE=6<HkX!sr+hq5QC`
zN$GGOvK;qie)9cRldK_7$imbJtFd2edT0&CMjoEKz)xi=Q{CJ!QnYy?PbrB&Uh3q1
zG;as!%=eMA$e}>DKu_X;DsNbQW)Hh8^%6V`UnW(nV>TH(UurK3Y36|EFQU<xFo8N<
z1S6TtAIL}BmJhP|@dakO!q-GaxSKjx_h;odP9XiIN^X*}lFrPh_;`nnMnX)}EM0Tm
zIzkFl^xEStGj?XxFQ8botn4lWUh7%mrD_xh`Ysh->zQw$Y7{;CE@gI;S<04z{P_E>
zSsofg*qFRz<&PAK3qdhh=Sl@%J}PAYoTF~vkkHj*kFC*gtB5`n+>iFz;3*KIm`;!4
zn%^*KBTr}<oX&hDzdY?8AYpN%P(;!(5LZz|XSM74ipU&IZW#6UbH3UCNK?eVl*FBZ
z#62vc+O%(hy$eX8(hxzX@i~@(Jl0!(hY8n-SEa6Jn!%~y=aI^R364@LHU8<GV>hK~
zY!tg>e`2=&uxy3lN20R+pV|5YvK4yyg>nni_7z%)^QHbrwJAqRpKoZ%FU_eg{rX*X
zD%9iYltdH@NeZVUrcL@x{Pe4ZD^y8T=)ZClk|a$>48!#s`stVBRm|B}C?lpKL`Kr|
ze~xiv^W_xL&u;#$)MovJFBM-YaI>R8vJ!y&u0owAyq-dxihfNNaSBbuO$91F`Hks_
zLa&-Nv7OH~)D&tzqv*f%V`b}y2(yThBxL%31&ZY4k;q|0eKhIAh;iiq>Yqn0A|FLU
z(~lB!w22&ic`gb)Bf!95<FI6K5MI=R`A5*Yx)ii@L92p2r%-pzo-vrcr_4_+SZSr*
zyQa&8Rh70Y>53cCF>Z}JF>buum_@<Ab*H~QYCk}$j7b~#Le8NUQapq9EOAtg<<ecI
z1X76TGGrzd3<`xS1A=kTv;mki1tqSi%H_c9-(HwL+PBdLUXj}}Xondbz-IFHAY5=g
z3LS4xCv{nb;tUP(a4!xI9VDpmvzi(zVs3#94HesmXmB*BvI@0-V1i1b#}$|gz5%BC
z0}pV4{A2}2Y$>3e=<zAmL}!3pJ2ek36lP*-*u*4*b3t~ls<TO(f6CR)*8DeT_{pSb
z*suw;_?3<;`=2Yx!81YhJp0$wHCE07Uq-91)Fnr&=Q5*L!Y3Yq&ZXJ6s?Nxhza6H)
z#g@wu-@y^le*NU}xjo<PquTa+ZY%nErvRq!+aOlqK`xj6!+A-=0p9NSvo^q!uDZ%o
zE&C%I_ZBifw^Ng~qLkeLNB6=p;AiZt2nImh?0E}UjX*m?_dKFH^5of?locyq+kIzA
zaQJzZbA^Mqs+~8%hknAG1C%T$0EI(vxjyYE%`Y+D8IayE7rklOugyxsqPefcekV^S
z@@d-RigXJgv7~ZiS}gOPsA5n?1hYJg|Cb(_AO*E@6N18?H-yyazHNrrn`zyn9H@|l
zYeceH)YVX|%z3hq=~eF>Unrj3&ee#MG(3lgqb9OCnx4!v^&m(1pj6^;@x(UWjnjZ5
zg8j@n<^k~rONeKVy8EU`7y5$sYGES9IbSG_$T+>NZJcM`#|!=vJH(l6X>;8hUiY14
zLJ(ujdG^M(##Rna{YQT&j&T>F=G`|qeFSI*N5<)HW#hbABAcelAOZ}%ouobrW<az!
zLr|oo?p72|J$a92ed@s(MB~R@DvTU-{u3j<0$d@xRVvOFOmrNNpRqBH%mZOvhD16=
z3ZQBZ-Qv(89rVMFa%Hd<htwZ9g_zpa;5*w-^j!?8HTb0fpl=uje3?F2YN+lo_)PGy
zs&#?U&wK7KqvcjVxd91!7>wdTdyat-K=-_|D;d^mU^iz)m{}81_aU&T74^_k|3rsR
zrfsQnh&OmP%TYHA$NO4DS+Fa)_V#0LDUKZhvM-KxGHNfb27zfnnSCIz2UmxHHlWPr
z{eJ*HVDDp?pNKN2uianJrR?qM>a7vI@9OVYnO(%Vy9<V$|GZ&#^F@4&-TH@AGEHK7
zFlAmQ>@EXl6>ueV`UKcGhfI(G&LMk`m+uNoqXoX~;d?L}I3wsy8I*M#E^~|~-v~L)
z;N>pp?Jg*sEh)2)W*o~EQ-ZpTmU}>+#{)|vCG3dX9tT>Jbd~oFpE;{y{QgWq-->~!
z_Z>a@)x!hk_~j_;)=2F<?Rx;%0!f&CU>4!V5J!+jU>5$yo<G<0Axb4E3w>jRN+_lE
z{8`##@bIa)@X;aPArD=-V;tPN>JtGyN-wE3U1S&98-Bg;#(vHO+c5Uz!ut?L5v5Ej
zaU3r9xH;w8i)L-&p4@<+d(xBNXl-J#lyZtZM?U?`J@39V(XHMPKj_}G)EBR3k%VQ<
zvrvy;N^!1=R!Wf|$xjrrQBJK_WMp>jNE=j}d_KLILcSugkwUI1u@OVQnb(Ui(G=N*
zFL68n*qxpxCdNBzxqE-?1{{B?Oe?RsJhHzvD*6VAAWD%6=Cfwj=c!rBdF#}i;=Zt-
zs}X-9oyLHvcmTVH6}#&B<971FVYAmIc@%(#s)de<FWT@}Df0HcMw#Qz+{d$hfhXMV
zG+-)LJBQ2pwty>oHz&{)wHq1ugz|<X;_jE<xOpsd!&nqA|BY_3tEdmbJbNF7q+y-E
zjLCVYqFwz=&xPctC=U)*Fe}oXG)3#)S8fekL6>hG%y-X95c5?LEmI^U`@)n7saV))
z!l77Mu1Yw-9Axt~lOUx}f@uLVOX>|XRpmLM?B+kS(D`8jX>Ao8vDFD;;Da;F(U7s#
z<we6Fv?1ztP;#{aYa!(IwxEhr{3CBDY5^i+Epr<6We`hR9xL|kEwV(>9Ms4u;X}{<
z%ZZSj`H7>82MnqK2-t&T*L!!mDk6%jhjCiF?zDRg2kgN%_zJwe6eipL$}HPNYgjnF
zfovtnm$QN<T}T%RHTsETC;)KMoemq8C*5s*UBCslY=!17UuvQ!*1&-@;$^$e*XMh=
z4qk`S(+L^>K6;I`4u`=@a-Ag}L2k_^9`5(7C79}nt)8Z9s&z;u0r+cg{lq7@oc6b7
z^9j$wi(5BdF>|15SO(5O21!l3kY=`~-9FEguwY3!zXC*X_kPX?S11pB$K=XWw$vHi
zq}u2M0^0st+khaVO`Qx|Ofwk0<&K>!qp~Af2e*?yy@P&6&IdJGP&>4{=5*3bH8IRz
zu=F;+r~_XwEE6!siK<<`&ifMoU7FK*f<u_|bR*nFdgvt=fp@2syxW1)yOs-@Y92AU
z(wsXn=P!85Oz*yV$*r@!Z`-$mX3E9b`Pq>y8!rcE`$gy5$4+f7zQO^yRG;Z4&B1fE
zumCP1MT6%vEkU!DQw9YFcdBm+3LC%Q%7ilF$;^b+)6Q+h@YUz7=H-rk3B0z${7mZ%
zKOV`U-K;vcPeXF6gu+G(E4)%N9{zF-))6h$pUx4wLZ@YbRZ~`>XRr)1wuAPJrU|;V
z6aS2|3CgmQw=C**yG@)1xwQ0}Kt>_euq*>gwSJ|&96f63)Ek{<^s0cy_FXdgTw52k
zAvDMneoYt$8C{$7xOB}Cv-gmT#pn{u5oM=Mgh{%X!e$1I+cYS-T6ARaO*>jnqu`F3
z+u0agHK?UoC##;E>-3KJD_-I2=yw<bKI}4JylcF9z8~a;*nPFBe08v=J`u82h=d5C
zU%5*PD--xZl4rn&6_Q?vqB>;;@&QFtsacQ;%G$$bjQu!1iQxsTF;%@S$OAsg=9tsY
zin!~>pDvGjSlq@d<=0%>am+;cHdfH490IqGDGCLj0Yo|w?T&WXmc7I3&}|dYJlb?4
zek)XpfFN$CS-F)Cb0UD}cK<!_<UjJ^NF@#svBG(IHiy(<v^5&WEZ>2XoujBY3GVar
z#~EVKD`RSh|2T&1Iz}wpj{KcTML+l>lbQkg=6shU2lER!b4xsq)>jZCWe+y`W=OZ(
z2F8XfgS9{$SDIw<D8<Nbupg<$6JlzBSQ(C{=UbtyBW`RP;Nhb$AjU`B_RJWGNW)(|
zZgYIw@dr1NMwob9h#sk@QstQmmgaCrp^78BWM}Y#jWU?BTxTNQ%v4!U4crUTtLOA5
zNE6X?z+X{chE>*Z!@VW+yWncgL!18*u^>=DQ~y97Ii(<dHLv1YtHAGptxigR&vvT!
zLBu5JMchh2%BI#?encC_7P&WpfY?Y&A@l|*$P*!J)#Pm&xQ(y#fh+sZMYmk@L*rOv
z`n0_qI=JB>?LF%8Fw$+&Zwsd*s+=L{ce*;xJX@sJZw3EW&$md6KgX8d71{2sysJ$!
z@DoNEMP#bjFQZ7K3jW+eCe$<$_k=@<K)F8p`K?$pn?dzxWtJf9Xh-INj)VwU^m@*q
zO^kRNmVPSR;X)^VX@h9qihjcRtuQm2Uihsr>^{Pfe!`GpzYUB_%QL>?^SGeauT&eo
z9b8;6BYuO+(>2Kov7I!7Ixz-LX&I^p5X{>YIZd?Mn6tB1>a;8>5-OT(<b{+03elYf
z{W{ZIWhSxZe^hA_>k`CxYW<-_nV-8Tb-O6F2qWdd28(w8?P7t-ga&9g#(@B_`dQ~N
zjbQX7*bwP={F(V{bDcG{yH3_719WLKm)Y@bA)~VzV3NTIGcbj=ij{}4-}2|2f0y=f
zmXG}3p_J(D@i^Bz#Ig6x#@>cy>mRB<6@ET#Rnfm<^n05`nf{F4%+I`xkVYHE6($D7
zmnP5uZC*~MBX7JsKc2TbA8kg_4{+CI()zz%RDR_yld?=$K+T|kDgSb(pVdf}hvwsi
zIVK+6PsfrVMp@aXANx4G{oHo%VRaQCe<p&LTtF)S`hHqa_&QwXne4yVnZXZ-2I=5t
z@}7V1;zP~ly~D@U&iZTE9|7O@M_oQg%5TlXnYbekk(c<o^qI%n=$dQom|oTEXs`}X
z!jFH@6lt`ozHG=>lSm1AmV7bF>b_rC3BSXsrT6Td!o#65wq*apM%Y2<FTbmv&AC~a
z(o9+~m2)vSDU~{|&ToFZ_4p4V%eCxZq+{!jlHBV1-H#)%lY|T5cnmDX%6I4m0`G;I
z{GIt1MJ*}7C}oyW^mt|e-n{;m8H;lSh=@E3rhiZ9|Hb}j(SeiF1W_^qqOr63L&mqd
zjW2ZBoR|}vaQ?(IE$9NpXx^XHWf8&UAwo=0#;6LZF-g+3I?n;u&<Z*nztuirM6H&F
zXgkGHAi^<Cl5`MJEZDJfZo%#acaDOo3y!%#a*usozx3;ie&pwvq-otCq)b(1`4BL9
z_#~6{=+#014S*1{GgCMD#Qj$NwATAB4-0F$<M%f3AtpLNdb$EXvFft_2;tdHvH<2&
zd7*gKz$^}vDM08#9uWT@!<zE1c6g^9E@uLC0hniCuJ385f6$Em)(u1Vkw)-*BiAa1
z5ipdlAX1FIA`gHy-Is}{B2N}#qW`yW%!EUA7*IHG%#L4dm^E!yl^Cj6IsT6!KCHHf
zd08t*SiAL~?n59wjXDP=LlRuACmi;#4tg=5xXctPMs;Xrn9O;O3sT`Xc{@l2!i)?0
z^b7hkg3SeMu8bTxFnSF8uCKrpL%}m4kIzsS$T8!>ZsIbls8bG**Mu3esyUbYR|uNn
zp5s-75DDsyo|o`Cd|y3-u9$-kqw59zHsvF|gu`WkxpF{yd1uHNBB5+?nSInhHe-Sz
z{cmDQ+j;(LQy6<V+TI%T_@lrgq5z*w5L2M?eW3M?ceng{`uqo1`Hc@TT%ReBWP^N;
zkVEE)u_^`W3_X;;8X#4O(;0><A2p}ma9WYaWyY9SRfH<mj1Qm|+?xEc`5TgNYDPYL
z5Q@*L7$2&+{e8jr&Lx2l)F^23ORX87M7^pCO|@@99Ll*+lXr*LFwZJ9XDmN(>wN|=
z;j?RJl$*2Fg!a^o&v6`lz_-)RKms>5$M=f}6)qcF<ZxaDST63F<2RdU)tdk8l>NIH
z&vz+an!3{B?k>?h@`4DaM3GE%+22G%ijP^2fw_L<RtZGKq9F|oexFI|ofr7w-?KS<
zA6-96w^tU#yIC<8bO<Xb=fQ<MTUieX*5CfVj$u&aSEGuWLjv*Jf8v!8W-jX(@7e{N
zWqk5JN(gxzMiE$bp*e6NR%{C};V96rvBWG5`FTw1KP;0|0sJ`MQrwi|pRNd=7xT`9
z!c!IYf6aCa7c1vs!dL5NDAG*@`>B@8&|;bV&%?J5_Ltqv4K`&O8oOgoOlSudO!;^4
zZ!nw3#^*27Vi~t$vsOKJX)KsA%e4ZRevMkU-kbYB_HPMS1F`ZS^&xQ6a0hW*ybWW>
zkPFhyQ1$d_aa*M*y63NKTKck6V`-CCu*Mfjoz;XbCHKrJo0mUX)=n-WUfD-qE=ON+
z6qR!BK8oj#FPdJMR%^IJh!v#K0eSN{Lo0r24orOkln0~!7^IwTr?$|+7{v7p2NoG&
z=tPqG9FVCD&&_2Frho*CYWg*r3Ka>{h5dj!^(L%(OJ4_7rpjqlcgG%}R4X5W^;N0g
zq-b{tFP(aYf6mhC2Jc`)RIyP53zwT`LgmMk=1qrzrHA3NI<r>AUzZCl6~gzgb%Rr7
z<}cvZBemoZL%N`bbl*-*-L&m!QDT0`{6sANAFPGX@*~&}G`XdgrQ3S;gcW`X)i%vi
z)ux-i83I^D|EbTWov+UPj<PU49vps}=A6@!2&-M!5lquJZp}a$yfhE392gTMtl&@V
zbH|*A=qa}*&xHv7DRct51DEOjgboe@%ta7DV7!kC?_QKF&3Fqv)HO3wy2{MH<Z@lb
z5$OdEUYq3aJ-k`R(SLXxA}91LeC;IwTjIMY@AX33xDglVNotq$7@Ev{tHym<Zk+6x
z@TG~|pdwe^e*IF9AL!I%6vsDS39!GN>W}94yAYq&y0Ox@uEI@CmF<)V>s&-<mvy$s
zeRiI~X-VbD@{rDmEO@|oFUcK0vA!;6#@=cFGoFza!Qz9MXCh98x=QnUVIA{;ei;4q
zin}KW@oa?ArbJ_A<|{l0sny9T1KBMDo|J(xSB`r$2TC!CL4_t=$@5aZBRbH2E9`DY
z@yb&*K$E0A*F|G|1Jbr5rG5u_Jh)tbrIM{{K#C<&y6rGu7^qjDkJ4%J39II^0X)#G
zGM21xxX5R@j2Ov^9~ySgKl+U9$}<y?Tj@jedmM(sskzZ3x#Spx&uG2r1}MHTgeX6t
zP;92vMl4b=SV1&V2u2Dovwdc*-m(tsk{DPd7~lVxW*uJhv0i4h+O4fl7U>fe?{Z;2
zt3%t@_-yZ%(YgDbP99}s{C8S+G}ADD>2v*cobiu+(E}agqX3ApccCagl*Z8bNW$<{
z1;`JrIUUb$wF_%+GoQw*c|1*cBs})tdB0@KKyQ~pwfGg6A=ZdM9eJLnqj}3fO`~|H
zp!jRZKvc`XH0mH9`Mno?d*YVwJtbI(JYfNZ`d$leDvhH*;aZVLZ`!4Np(eXD^1>YV
ztjF-!t9}z+e?)9MuN70-N@L`qF!EB6{H(w|UoH2jC^om-HUE!lEHXT;NNoNB<q`vT
zLxXve`)LeWe^JC))^1;;VDQ=e!0?)x_wr@y=6yoVyW_Nwn^CdH-OT4r<5#W)!LSns
zafi69#=-HK`n_HCD{}@_4(#KEkP%Q8)#jeWuFEUwO33o*$B-<NP2&!mD^+g1Vgf0J
zuvi-L+pckb>#A>j2GPOk1{=n4j;)Ofkj)i%Z*r6M63D;PN+Y#)cX1hd=2x6}razW$
zO=woLyEl59*Y@pB09V?BF;GL8s?hDL+b697VP>EO+HJosvutc2$<QmW$^cOj0y1Pb
zn;G-)a_KP!*<9uQ76UU;V-?T~Aj68^r7(3PG?nswDkXB_Uh)#l-lbXaFzJ(Y5)f=k
zw04x|WEeZ@g{2;Ar%2g&fq)rxRH=No5LIr;GKhTi;%J4ov#$fDo+p;BDTPjb*PYWQ
zDfqGraEnh)RVOHEz3^>qe&kk)GvvoDJ_W_>sL>YIE#1T3GuCB<tNK^A92>DsGpbiN
zWyr42I!s8&@oRn<doTif$oXplY;^XGTz)AhwMRCs+sg_5mtAl5`>CE(>mMEQD%NoO
z{O`|-;`_dtlJXV=9pzD0_$2lrnUM141RaG@R<I`aSs0U6I;$u5azS)V6m&DulLP8k
zUu<$8e45mfX^pfmUARWJ?#dn|5+afV6rIFD(Su!Fn=IC0%qpM`IM$_8S%UUU2CFol
ziMM6?LeEj`=!?EJyyV%n9ya5pD0VK`VgL!?ot0zksw65{qL=o6EN~zAP{C-7-ajlT
zmD?14N0${ZccwYzZcjOWH96%gPf`r63Z5*8RwPpGdQ`1*yD0cVc;NCa3QIF}QmPQ3
z`lDggs)gIpmv<z^B*n!c?tzFHMn+Tc!u=L^q;5Iaq3`rOV?V4iu`=Sp>(=g~MQ_P`
z=NrWN$&8cgobEf|5gEr|APB36JgCWnv^1&m+X$Yc32RxQq1lKEnV#+HAgk(_SFyS+
z>Cfx-M!bZyEIt=Cf<qTsze2Z^+ec&TvQodx;k=RP+xpeU(Y`WQvcrL9NsAvRM8C9_
z-Bd#ktY%{_`F7P>!}IO0#JkQ4?63SL55!}(V)SOoiyPL-Szm$dI7HLtcb?Du^mt1(
zc1;CY$FR=U3on7$nC1_#;foxYDG~m}Fm=+0x;4G=i`J=gkNUfW(@kXi0?S)_6mmIZ
zB9_u4=ml@9J<siJX!Oc^JMeBESodt*7)&e_qBRZTYK60M)Q-M$BZ|-f9pUtDUL8M4
zsav+LURqGN$fHYheOrY=h(>kc&SCO*r_Nk?Y2E!ka8^i}>PT=%WGlWz>9RC4vbTWH
zYI>{J)en1HqBo3`I)1FmHvIm5sWp!@VV4Uud>XSTJHCjM8)a#LwI$ar3m0+!J@rZG
z&Na@)C=>Jrh-8UBWRtoV8sJ$unQ)3bQn}Pfcv9K7%9lIIwdfSK*wE<|#<V=+v!sb`
z5rR+~=gSpi?NqmDh_E$)%k&w+$Q6rz(Q(JBr`J}8YuCv7)vRyr;q$`pC%c;A8R2ZH
z6GO@_M)BWHef*AGf-g@DdscZnQJ3)hn^zoMy59AyZ7v5aCm?Oq`+R5jRVEm?UU_lj
zTQ4*9LO2QETA)4&-)WfStd!x9-rIpC?7<yT58`q_xU->tPVKMOslpwpt~9o-(Sum1
z)5{n(UI6LD@VHl~HzJ{V2?*M;hP~VTtVa-Qx`;61@;o(+0}dh?J`Xl+PHS?x@(6ud
zP33<m1%?|4qL8Mt2H{EQhZzaVi0UI53d#T=HG16BlllnS+&_rA8leHB`Upnd(*yem
zhTPLZdkvuHPn?lKgf4jH9oj`qD6|O7(AV<1e(gPLsYn1eB+08@GzgGR75>O|rLhCY
zF^e&$_hn=izF6a1{Y4gZpu4<NNP!C>robnI(GMa#F8%BJk+54~h*Lg4GE7Ha1=;1^
zGpne796?pOJQZe^dIEs3C%XyNn<bYR8L*LqDK?aj%w_`xgM@)yDzLAb*qE7$O(X|*
zwX$r%l#yg+Qs^GDPkgnX@iP%o)v9$=bLMiEe=XA;RH;>|brBs~9M|fWazyjHHQ$uo
z<OP1Wt&VftMLX6w&$<zKbzOjaxt<l+(ki$~sPU(YHC9N>*2<F}^FNHflB_~-s}NAZ
zFV@P?$`2hc9WR~k*`Ga}HQhbneESyi<yF#kQZ@Yb;?=70=JozV$^yBYzko=iXj=a0
z6vMR9p~o1*B=H#WSk9j9m3Z~wb?e?`mDZm0K}a?J74~)Z0^vj91Mh<6wZrvo)%=6t
z6=T)o_3L=;+vIj?*Q(~_nz@`NgI7MzNjDD78mD6d<KcT63q}vt&1!>_F&GOx`I7m?
zahmg5iyxjRO3kBUtEx)3^DpF&@wsJ?W`eioSwv`~$+oG@LkP%vzpHIKvB(uhVE4gS
zoo+dD3l;v1-s)D3Nv6v+=G~Teim8!&5!Ni6?oZmLU(mc?z4%tFxk7(BiMQQ(fqESA
z6yhpu8aLW!ROOq@xN9nLAEusT*FU<wyI@_fSu*>rk8wLrwRVY`^E=fxXT?`J7V6g7
ze8CDSszu3cWDY(+qQJy^9KGwy(EJ|xXS_{oy>j>B^QiMg_uTR!N2RpyMQj2Sr|bfp
za98s^N`T0hGT?Xl{cv2~P)fH{>oKmPR(*2Nua}1Ntc)v8{_m-5&xE7z-Wrkwsx{oa
z*25rYyzA{$L+Qen0oy*?&#zsR>-%GZ*97NJ=^i^0j^Fm`Q=?O(AFzoGOdfdT5@i{g
z_;bWpwVkCTUnlsw34X=J`wX`~aM<Q?tFKxZ#_L^wxm33;Xc=spXp*fRE*xIG^4ZbY
z`TAUU?^!PjcZqq)&b{C|>8cjSy2`p5y_+yNjL9<j)c2&Usa?W6+ZQs#$11I9h7}KW
zfp$rIN$Zqf-~R;AG>na>xUjJexi3yOvEXctR!Y=ir7LAN9pb-GWi{dG(@J1wrL=r*
z{gndmDtEp7DxJtiB^6DoiDDV;o#g1!#QOv3`EeBo&RAaFOh`v>k(F`s{(Z2>)W<SX
zc?udN9GNco_bW3$eldM3gss6y3i^a>zK|@s$QCy#6TI#fyzBHDg;C%+s`XNO`4AyF
zxfOT1`+V=_L3Nd^%v;QSSv<o(Q#w?u=3>zA8mCUpI~=_=xdlHIy)C(II`m4RMH|j0
z`0-Vi$lP6(h%B60kZP4~)i9NQm1NaCl}h?2RiakJY0N2mE46fFZoF2M2koknCiN@O
zz3(aUDeo!Ishm&4eWpn?l|C*(X>fG#a`<$Bu^)c;bg;CqG*R#;_F!oe?KbBY=TOpC
z?N;qjaFeR0UP<I?^eU?dxl(`9F!5mMh5e;HH+8@;y^XMdG18zv{c6)J<>Jwf<|0H5
z%#i<acufF()G=_8EoA;C{+L;^<rsDm9joy8<KiUNe9c(Rn5?$T{7rDT#bc6rP`8en
zg_;Gfwwk$`5qJAe`SYYraB+{K9<JHr+)ep5+agsB&)|NIv^m&dLd~ezBAwBq{hYmW
zuz7)0H9|F%xy~R{(%brG$wr4Yc4`b|$JNKx>dH)+YbJwYP=d5~3ELaqkx*pxaTrVT
zR?*uN-qui?ba9wVvQ{D67v8*ZCspb|D+i(c?E-HX_#EXDhImz`X`A9_%Nxwtw8hn`
z*6;V(ZlP|W20x!Q9$jL!<^{_<wCl%TkX^F3DP3Zk2UuoW##_c&Ml|(G%a_bv`%Y??
zbYG`hdTm@Xs>}LVvd%yq8L_PxsdA292Ab=3e$n*s@UJp;ld>v#Sb)m_EcfHGEv+4{
zZf4R~qcH0*my1)or~Y%-mo$Pwg43N*2iLW{f!9X8<}999yIw$V&J!mgdsyPrbXYh6
z;=L(BXxQ<6Ojt@-$~`_oK^C`17TMk%i<b2dE}n}+0&8)aR!!GOCHJ;=0qvJoLKu}M
z*AqG`tZhzi=^scVmUgMzPr#SB5t5OOC!}4b-SA7^lwF?DVQH>WTg{lXADYJm2_9`u
z&6m)HTTgzrKc|lfjtR`Gc`R+hss~1rQfk$XM|e}vi>bIytylE;r@80vO%Jtq<#*j?
zSi5TZR0DXPzqQ)MU!oiNToV{&UD_TxjZp3~9CnYqt(oSWz`BK?QflR&qH`EC!k7#^
zR2Yeut9>al{xR-&crAt=OsUd~DfRIo^!f%&kl3pE`dj~xZPN`GA1R&788Xg8_8C*N
z$j&4;U3>If4+q+(ioM8|;<Ed_MNdg+bsOE(xfZwAemn8SqS<7gtt#{RV}k25`x8W6
zUfYfFnsu!-t?60~uFK4xmgAz@$|UoA^Zj)3E_*{&Gan*u7Xxc`GZ6rSo4i@)(JlhN
z(HYYtlgs(kMt-Lvk{Y)@<l+bkZ%8iEJogcpwRzu&Ewom0(~r=x@q-zqM$75lz}t^K
zNrcPwoCxzyHX1c88?sXuPX%Cc$?8-zW49KMD}GL<Hx89*H`Suk-J8-S=;74PTSGy)
zNT`CSw}B5q;=ySKr>Ki!p*zJ?J1IP(e4XDHyNZvV12j%fD{&&NN=IAKFCS8Or%1$Y
zKOO=-;`}{Qu6H^TI^vFaxo`b13oABJ$hgfHBTyk2xDSt`50Pfau$V3Rk7BJ(U+o4P
zTpiIjhXe+Z7sFf)aXbU$0x)_5_&*q<76qF3y|+g8#<e!>3)DdlgfsA<tf^E=ZMNCV
z!YzR`5b3TK81OgX8sbw#u@B@*wJW&eKS$S;<YTzxoiD#4&aV=64sx6D>kHKcl%^|<
zC+*Q+aj1sQd?;lDRc|qUho8kCQ@r|UA_{h8d4;>+FCe}+j`S;2&kcVJy9Z%kaw;qn
z&^#5SOC5$r9rR<$Pu7_80N?`3?!7Av`#u3S719EL3H`o<wkctozs@Pm_GLI46tm+}
z=f+q|W$O}LJ~8pVN_CF2whIVO5gFDX19uEqHby=Wav4_wG*g7$WV`|%$N%i6sbm{p
zA7}Cc2A6e<8Blm6?2yho4*Bz$cwf<p<$*r@p75a=$oNY2;KMAHI`SND{cOz!!SD3~
zO5J$L9oHJGG-l`!$0goYy1OqlW}c19*fxeL_(bb8Qa!=sL^!*;>C7IN1Vjn4lr|B`
z&~qh|^)CPYiBL5A97#6)nqaQen|oyMX@A^#Wajq!Gn3s4j!*uY{bdxIcSVpGx|3eN
zSDJ?~EHavPzehm^9)p?(`eXn}LnedEO%tPrfQZL#Je3ag0sJeIHHPEYL(K-rV1^6b
zu=LB6iSaCel&46i0aFMXa!@=r3cr4LAf}b&vxl!&s*mF$g~o#GG93MDa!BsiB;DfN
z<1>M|IPciEDPQ?2c=jwT3{emiIQ#pl4>CTV5dWn)^e?k`f9TJE*ub_okuEtn9^?7j
z8z01;vfd2bX2FdAI7#|0x=l4Mr#?FIODLLBuy=IVCJ38F^HVIeN@7#sBere5?_l;)
zE9h`=98TU#@dD4Z&g0MD5p%Y%z6BQwNNXZOGSxnsnTOsj!*}U`0Ne`_mIil53uy5P
zNgQl$+L_%;FUL+q8=Ep8WX-Grw<z6-nyn6cO(Kd{GO5~;61&B{-CYhR`h<*EJOq|K
z1m;2Yn63YMdLsoW)DWuP)7x}!BzEhtV=i5W@Su6hKg;b%gZn4LLW`uWNboLzhM>SI
zuOkEQpACu2nsN9!rkS5kA$(1P_Fq8jka`!n6BI>QQZkgn=>E%zr8f7oQU?f*m1Zc9
zDeGSw4W>ybR*irBZ3rAAP1BF|KsbCFv%Ip54u3do8os=<^bT)02pWVurt}U^I0%g)
zCJ60MeqIbuO6OYL9+<BRf6QU&*#j*f(xx>|c;i`>WJ4S-X&(ZrzW;j`5y%7*?;#W+
z!@v)$q7i@MpG^SO0)Q3{;#D~GgE+)ALevWNe(2wTxgzR!m~X|8S(4jvEnk;<WgoGE
zG_fe;%&RS$C0^AQ2(UC}eoY))ji@pQM6kg~*#0-jx8YYP$sM>JdPXD%K6L{jE?ppE
zim8GK$;*An?ISuqd_;(9KtjVNw-$<;5gOq6tP&AC6J3zrH1k<*+*uY=pTR==Z%R)T
zD!?V@21cQ07bN8!P!_04+wgq;2GhU)w#f&6AdQB!v-huDpDRcS>4>X9=}amKA8pf!
zD;|Nnv-SXF0oSv2A7o<JyR}Xj;@^?DtS&hP;9tYB26vPr`X`P=P~`sySnaX@vy?1)
zzHK<6jYd1Bc3tZKAKKmmDvoS@_nu6Gg#aOVfW{%XyCo3Zf;$9vZCn%F3GNcy-8E<v
z+}#`Z#)E!MGMULaC+Gj&yY9Vfz3W#`J+-T<>87goes|R_%kG1&6D^*@zrc|Sg7AcG
z+Q>P$Y-k*#iA|AiQ)KO(_B*dr7_|f*Q7|0QJmW!p%!hr{_5lUfjbYjQ5y7*|_g~=t
zwz8Oox%B=Az_K@6k0G)*|5^lAMC`>&lFy7BJHDA5cwH;6q}BAw*1X9G@<StLvA@H-
zOU&|Fi`&sUNgLw}Jnu>l%CI&yyh*n#PT@qo?<ku>bmg0#lg!XNnnLvClfx&OVEhM$
zXLP?riASZ&3%00R!!xbvkPbsUHn4SqPoGxZX`2BaoxAn6w?vv9WAvGTD*aC+sPJ}+
zc_yENh(6=KuoE37dgK2DA1VR_ykHStk{W+Xf8*shN3n7wrl6U*^HOn2)GV25H;YwT
z4XmJg$~rQ{B8Np`Z}T0Cs_chFNsc)ugLaFm(T<qwDJG;+O(ZFfSz<BzViXcws-s^c
zrDN?XvZBaRXtuvwhogOsr^j^7O%n9qWh5EB>hVu#8WBQ6_4pGR%KwCHbX9S&RVNiB
zU)d)@+iz1|`K`YC7%3{E`O4QJ)3VAR(oQ=OCcBUQ1Jd&Q(gh1*)!g|G6cY#i_LVwo
zdo)y@?j=b`Bt}Ln?PqHe6xv+hM!&{Mx7ZzLN71LaZU18Ntn~@D{C5=1bo@3x4I?0=
zd>R(J<5?RL{DG!Vs3e|%<4x#WqzzL5exIZ({*utSA3+|@<vjj1)1SxXJ9;wwX?FBw
zDS`nNTRIB>!vz3&IG`dgN(e>u^wR@g>rkkUZ<jp&ngK`5{WU`xlUIL4@E6GIGYVn;
zz`uRScSVBb$X$%D!rs`t3>tekkI=>le?S`befQD;`|Zcus@pW%oGiElZ-67(vN(zU
zsUjyM<x>z5K=@{i@axk6Fb|y-^2ryxjgOq~=AU#)MRJ52<B`34v7LvQJ#0B1dX8P0
z?!<>a<iGmu9S=d!rl2+DlQ@CDQ0UEAM3|=IYyH?YBD_)@yF>gKN9ieh8P>NtgCx7y
zbzl|#{%dYoG`SJF@es9l&#N=Qoa9H;nFwA<gmwQ0bT0{_y6AfILB=qg<fX&-HqL$^
zFufijF)6*C1-Q4Yr{Re=@LDFFKQm!e^*CzF7=*D}8?xjdM(^eeY7OeN@sp^(@6kh&
zSZAGYReBl0y-}u6vU*+~&Yj#b&+T9DhzvZ$6SeeOBmWz!pLh@>HwBN~;OPtisgJu(
zKG%)MQluEDhdOD_ahEw0oY*Eia}GA)8EJ(v(}NP?!2NwT8|xfD>;?n&-Pnbt6CC0D
z!$C{mJovXlgj9dZq6P#p&`$~~(ke^{{Ds{JhM!@*f%gQBc~fr7uSjW<009~sAdVBg
z<Zq0FH`qoVA<X>U2?XH&aGPIje;+l`JYS#Len*`p=qnD~H|=T7{23ksj!~v7A$PS1
zt-W8uW+R)!%$s4?ivcK$S8JN!x?1$u0jxlKB7K9MhU#|FSfFl`g&{)B@j}Nk-^el_
zl%VF~8NW!7bKwtMQp9h|R@+GAxaIG6LxY}KnU^}V5sxidXJ<0a-iMcb<ZXa0Kp*m;
zM~=G?e?0AN_8z6=bJ?UZ{SCZ(h+9uMTc*rA`~ng6caLX-_=G}VeYgwd6Pz2~H0GZD
z=s=9IFEEe?^P{4Y*}R3hCJ-X8hN!GncibL>Rnla=?n_Ot;k?rO-D2X-Nx&cL4>K_Y
zRgt#f2)jM*NfJh>)cYr%UA-T6OkVot@rNbKm;Fa|ynocfEua4}pR>Y-RBKYV?>pyh
z?fTpjrG5WR9WQ(>_i_!KrR!hV>~W`{BoLv?uEh#EdAib@eR?Kv>Hge<z(<?@#${y+
zu~qBxti2S=qxopp_ooFNPVVjk5P$gb8z5eW0CIbX76P!fE?aW^lKWLKk>}LSERE(G
z|455zWxx&YX6)wX=;DjxS_|Bwgmlww3tS7y1@Dn=>ws(Y;m1QFK`o}WK6flP6wYIh
zAxG$F1=?^uQ;&}AKe*u&YMUI#kpDpQT49_UKB+d`*D2)VYHznQH=|a1sTSnOQo!;0
z!2X5v*SI)0=j<5%_r8ff)1;l`L~ID<VgXVD<}Y-ko+o{`!h!VkkMa>jrCyu<DTnqc
z@q+@soW1A-QT1cFi`P2<(S^tPu7vg|(QJYy%zxvlxcs|BuTgZL)WN-%9|y-0G)X|^
zJ3Oh)4TgE<e!Yfy<KY!XaX!7g{^xrheR>}LckfvQ4W3fTzf0)dUpXs&)dkS1SOREK
z)%s7>7VOP+NUWb9$<-^aJ6;?mG8gvlEouTSg`A6;8=t%-CuDjQfe;}1Itw|1>+R0-
zd_jG<w+^q@00Hxl0|!3Edv&6d<`ByIck+IkPF7XK#Ll-Wrtv&}%y++S$hT+cfxz7A
z<GE$T;?L)}ecdnQHW_)FEaYa3)9=PNdS4lVxc%m!NlwpoQQ<Vby!jA!YcDBe-vMSK
zL*|`#c?#cJ4odyDpyk!4r2oq@)=;*OrCL({H;6I~RWQp^Bbj)aKPg%*T)-+<9Pz`_
zi%A`#;=Qlqvp;NOK2H?0V9(ztuU^Pv6Elta3kjSuL!{fbHYEU;o^_|B?m3pl90*%z
ztx1y<*y5$t*x#0Wa#{|Bm`P+bdHAtOgRns3wR>V}zq?ne-)Fl6G`sy_ime%$p)u<i
zzSHgc%QZL3+HmMoYY2`eO6}k3Wd@^;;`lZwHpfHt?W2lF#dgTW#8jj@OkXOEl_kb{
zB!g150In|1CVGO4E&Vt<T8t9ix|P0FJsPtiU4wliGNEO_Ck=_a{30Zw%E?ooaYtz9
z4+R`E8i$`K=$c!{W&|3)2q$tLT(Z4&Okh6nO}T*J>CoxThXE5_i;?oZ;fRyn*HgI0
zR{SIj1KeCYWhij>A52iz%`4g&?{_}-Fx}I$yJp(#>r17kcMX%W@fc9ATk<`4>-ZTV
zp%N7qNAuGN4D;sPjnqczj&}%M&(^uYU@+ETasmTXGB&t}SQ2E;Q6TlnhdxfI)XE7x
z3$f(QEY!0@#Gd(6xP}m@6zUqnzcJ`k|3Q|vCk0~rh@?<Y-@cw%YmyU$4VSDp!V%4T
zz3w7hlNwQMq;G#a=m8xL7^)DHwU4Iva2Tc}x*i^A2{=ItVrFJzfIiq$jGU&<&?|bC
zCc}`JKSE!J7sKiQo`Pgc|4B;7>tyz_kEkpRUa(rcy@kPtNyf_)xXG<UZks+FM(G?t
zJ&Mc#rXX08SDEo3_*neaZ9+54woeNxvEM9vU9&O-pM^%la+C^Yh8PUu*5m2*>peNa
zZfnY{U<m}ldw2|iVYpGODW|`Afjr~z-&A$OR|y&o^B8C4i;!fF<cX26nq*;yh6wAi
zyo4%1C`VK`j*avr%P%eEeRZSZ<W4=04tIB>;hV=(hhWZjjqbVuxAr_1;cP}Ksh9nE
zULjOHq7KZFgd{Tq57UJZ(jHN-5Pf#&d?B3k8DS}4ZNj_B<&!d+KCE-hLQ_yWQxEkM
zXJ5k7=h4YcOQwrftcMo{i+z1fadFP{^vnmQ-I@b+g*X>|A@zxj%FKhN+ca+KzE(*%
z+T36>BlG=-wuW?PB^r)8x1JfOaNx4)X`0f?7*+T5Aod)N9=D#kQOJHsIes`B^PmII
zY(K{w#27=*!l-CJq&lU%#%M5&>Mm|ae4AK{AGsMp%agyfHO+CPztK2Hny9-XjmtMr
z9^MOWoT}65oH_M&oa)I}gdGg8wI_PP%rzVjxDB!3XQ9Ae^60KjgY4(N7*NPa5N8o|
z__G2n#F-z%B!_q)#FhUHiSghzgd2GQp<ulK@`Cy9HpG)3yhKl%qn)!AM|ous<dKl^
zpVG@CAzhn%D-Pkx;5U-(Dm&C8e~jM#DqFgBd^?WoRxVe2=Tsu)SM%z^ZE?8Ww9a?J
z8nJK%-n}}dWma0-BDb_=OnGj`N@7HPZmZbhbdt@*47ZupHMLtVQ#rYCq~GItGpmr5
z)QGzL=_K@>D8H48xwSi|N-2v4W9s%Uh0<0N+r?bX|6)S7Ssl7K+x@i8_pV?}+y1Ih
z+H+#N6yeH@`&KcxHArSjUFA{ju+iLBC6_y!P@2?;k^Pmq7hmBRbXp|+FfV_qn(|}b
zJm_zKV!P7fbOzmhQaJ6WRLULN`MYS5N5~Mnn#z7n*{p?5^<29tJ2V7jEORMpEAL};
z@2Q2XEcLSI1UxNs`D;hgx~SNNJf%m{<VOjJivJv?BK!?nHs`5CzTHIgo|#s4!M{<1
z9~Jn7=~eYS%a@S$i3yP?;y>2cThzjmz5%rCwxT9WqOMhS3wm~$jdOI%`&pGvDp%Ah
zh1U`={~bQ*WKU>`j1k^Qz^e%izwnBEUiFK`B`}QY753cDhbc{Uv2R_U1%H5rD*f}H
zF9qs{hy;h9d-*+QQFtu~!{U=p^aP2>IPU}0_@PDf-e<Qyej)Jg-6I&HSMYD%z&{mu
z_uR|t`Jm#m2FwG5y6eT03p;;<n^fNQSA#+}bU{Gb<lxn0Kj17R83S%py1ia|W!{9t
zk$o`52iV%q35k2<2%Z;6Ru2Hia3}}<H#qYcz2WRtWzX;*tRosMVI0frtnZyqV98kG
zi-Nt7uN5>J?MZ&)J-5W`-Tm@Fy^l*JnKv_N7sLUC9aLP^AbUXeDMhlpwR9UN%qIH3
ziuzwZs>Z3O4V@PdH92@$<H;s52Uc4>{GgEaKUOD2`*yPH=9=xr^^b|`yt=Pzp|wmK
zFU$q{y!>wjy_YNMeDJc?lMCWHthQ$O10n05RwuDx1!Irz!E48iqMwBxHbNf>{HsW+
zm+RA?D?t6fHx-=>E&r<l-S+mi_A3nqYuPp-7%U7Eo`dmaX{29Z{v`#euJVy1+w!2F
zhi3v9gwKC)X#)!9_Lzr&!w4L2>VC0YtRfeavM$KUY&_N&g7nX&@atPKUUgB592`Co
z&#y}hy8d5;Rr;z2)j=*4`?;gIc~xoR*ZEaxPp|XK9#E3DbM+lSPiJs$fk(m4FUTd^
zHW71Ci%gBp$|cLLUu&15oBtgY7G>6N{|o4d*N6qyA1m;^{-4m2)axk!&5~+KYP~VP
z=~BJ1N*~)K%11I`FW_Dl5QZygqo;P@8SM}5d54!E?9kgIjWc5th0p$9Aq{KI^dag|
z^0Q_AKPVn^;C%V|$M3Dt@P|@87j4J4TW?rW=9rP#Ic>p~e>mRO;eJ{8aD&I6)<<?m
zE@7FBylnSctMfLvUZZ_o?m)Zy?0b&ftj>xyK^1gHRiX^6|C!g-u>*UsA2>cBxV2EC
z51O4$D5|%BNsxIlzcwJXI6o>lEc+)u+3$gZe>N=p58&|ahh_f)Zo1xMyH~@XU;F=w
z|McGkabV_H!hYBp0wZ1AvMs`Y2X$T1a)nplQ@Z~Y!Ik2aKbKCeJQNzF;!yXhB;zPt
zHphqR!sP<5Lb5tFufnG#R2&7%h6t8ab@|IVUP(_aW0yBzq5YDTPuMY_6ZtkNm<JJd
zZbE|`yR3z95VNcmI3DcURi_;C8_+ZxkFPE};o*gQgKeyNki$T2kWpff^OtH~u^FwI
z2F9FfAE}1LPr1~57hhYw)U$D?DGBd7E3e~IQtP`t%(xi7-g<mWbOl%N7NFpJ7dS~$
zYQrBrPj9h&B@Dd@0)a9Q*4>9s*rN)^-D~F^@2qYeVIPbtU61XXSi}mAPwQSZSo-yU
zSz_GZQpmGx-Lc}nH-QUfVQmbaEC0ml;d7uI#@~UCDX7Ev-%y@CkXP;V$*=vDSIcYd
z42SWL8F^#YZwe9BG>3P*l(4EA(kEbw>5T1vwbpEeX*(MTCt=FzzR_9AFm(5lX-L1l
zNO!IGWNH}7(@iaaM&y0ZElQ@yu$>3n*ekz1-5!TG=PFRt1alUOrw-_C*xr_E#C~>$
zFG+7!(fV>`d-{T3J78YJ6Nh&7;=TACu3G=CL|t<<r~@<5IszW+0ddb{j^~W+H#|QF
zuRGRhn9a)wXdE{t+=tS|>InPc%mf$I6Bz2pM?B2nJP0$?`5tSM>*sr)=;EGnGwt=1
zkyyP!GN%65F0m)<O!GZdUbr}x`gKIbbfY`O4~T>)cWdK#8r;M@2ssVmpgvI>97;Np
zE`uU>0ci9ODE^3J_Jn&J`kJpAv+q928UU^96R-0SOz2~eN#jnTgHK0h*>1yprE4ZF
zj=>vk9Ochm8HF{8vQyoFUoOlF&rTVY$<~x>WFZIc9r`q>pIAoSN#L1LOQDI(h>x8d
z^trxs;gK1T&rWcrb=DS@*|6WR7Y81%IwP2ra5yMY^+{~*N2Lz!4(!HY2Iv`O+uH0E
zon}Cns2TIkxz$wl@I(yWBsw$QI+YtFWlN}0g;B>et=7qz2;QaNycs38na|1!0F#rY
zaahU~V1cB>)z>JGOS562{%JncyVAg8r`&%IUBKOC6EzyQS|>(H-b&g^MYh&;ESImY
zMczucj{#i_*J%?aSNgDqnuoH7%#|=6yGbO}%lT;gj?efd4K7>b_RBfbIqn=;=nV#;
zIk*;SGknaUs3LTU-9ecMQsB-JpPVE_GepNkOEeIC;@y}{E*LQ8W}}d{jbRg=x~&L>
zNeqYhP?a!Vwvie|*eG)|JrwSQP$&jvo=Q%vzT%ZHhL$*ufMN|xWILfIh~!8z?E#^y
z@H}IiLbd1%rgFjJ!Q=^QupxNX&G}MH*(J|GiwSY1NiJ1V0NQYX3bXOzipA059=XTy
z!hU~fN9oSop!^K+rVw43#{2qSx*9WoPsb<`?Te$l<Gpho@XCN5+FX1?rUfg+CdGYj
zp;jtkxR$qyrcr8%!yO!Qj1`1zwVHZpi6}DgDowV<dOU-=v!=7x!D~8ph-;QS)kgSR
zP<g#Y-wN&Zb#Te^p(<;IiUuoJ_Y-xrtD1?qin%YGy4>IjW;)y%4(q|5?ubymR@Avk
zRCST2td^{n7M8{VjWfymX+y<<63n@Ih;9-u@Vq})nWs6!++=1{Rq>|i@H`zx2vG}N
zy`HvmV6LIaP3v0|Oz=z)CVI>v-O_@id)sOXunNwH5C3L+Ig>l}tm*#TV#o(>Cdjik
zN1|w{MD2V55tgS$BNRCICGjI`rI8jlk3>`*`dY|t(-+%)>o-0;4MX>oXt0w!Rpw_k
zC&Us(0=qeeBA*s2GVwiPE}PB#jR-hz3U&bpu2`#DZLv;8P6Ph2f!EiIU!xIrbC44q
zV{RM#OI@AbhdQx2pE^g#uJ7gqfu8PMs~pNSV&}ha2;b?@2;St3+@R^ZH7N-+!fCl?
zYqN?~gYc}@(wFg6?ai)uvAx+mR+W&Bm*sQMB&6w!$kU4Lp(!k^4eSjz^OCgLwLZhr
zBuZWP&A?Fayru4LVI{h5x<xCu9<QzE=h}3SM&z%wLu{#3pl={ny`A(SqbOP=Pt^u2
zEN$MYvkAJB#LLp9ngz1DHXfdJ0u7gLU+nH!tj2Wp7)8s&6=G-BO<o*CPRwW+MkP0+
zAIgU4e=EWY>dX{o3o1e|h;ryQn0W?RB9EN&<UU3v9=omGD+DZt-5^EW64aaxya3JK
zc`mM?%yr_~Ep!Y;#~~$hd%Tx&h=op+V(OrI*+BKmf?n7_XR2%F@&OH2U`+f}#YIq7
zpqV>ReMXM);%val{RHn`X{bOK)3w~nqp#macT&#->|(glr)6l!3y4X8*fJ9W)18Vg
zQ|6odjAG_ewTQZjwang2eLL90PNf{;Npp(nKfJX<4!ac|PPy>XXUve}t02aidH1Ly
zQ(*12w1ST`i&}Qn@YgML7WkB)K~@$M4lb0GaJtueA?Ylbp@Qt0>Yor7f-D7VGr30=
zwg4oQ3&G@>lv`6<>|2y1w7j9IZ#=)=xC`UD8d~fnRF@k~cBiU-pE20ir8mQJRc)N^
zo9)t?ECKVdu@3;G)m|)hWPgU%GQ)~@KDE5vf8}bfs4^SeB4AR5Vi2xn7K5Cwb;`<R
zT$OknlKwS><`sczM2LCbA2YH<wi#$4WhR7Ns3|_u!nx^hwiH;fQ~abi%lQS2GKuoA
zk%T&iIk!Mt6k8fB^Oy5>04@T}4|H#_KHtB_%9I$+-eR)jZ1__%utb1gh-7$T>*Xo4
z9qkq8%fJ%BsmyzC%h&f<w}0Ng2o-1*$Q%jXB4>dO6#@?rY+*h@Badfj^Fbh&1drgu
zvq?e|N$|pwt<0l2CdOPY&v?TO(<z1}Pf4p&eNzQwGL43zH#uzm)1}gS!ZXC3)(4Y^
z*Zct!H_-$^EhzS{n;u4XjWJvvHwP{XSY=KaBe}p83+)a!Zt<S-UH#!6aQBfa!hfnj
z;QsAy1eRhZk}=5@)~pY@f|)t<L-m4hO(YFlUCKTWVDSd2Td6Noc$^7IN+kR<Xyn=H
zlPl)Lz|^;u!}7+ds8#PC_qkR55tE5E9K1zV^}K$hZwup;N-a=Jq;ME_OX?KU1-Dq(
zY?#}aR?UA==<xH!2;7$7DT+cMk8$&eDI~+R>XF6Udx4}+UZ(G8ufC`Bt+Hs7Mkw--
zCo*aC9$5&b$ps6ezXky%x$CRlyq{&V-beS3yu0t1NdbX0u`UVHqV-#rs%&d*dqRl;
zJ=^7kgblq^yRr)C%5NHX>w{a@{Zw8(MgL?d3tvVk@aN0y(08*w0?%P^(;w^44*K*D
zXPMv<E{PdE#h-<J+Ov6)T!m*_*G^Chy5L?)$oks9c>=xv^5O*FWSVge*P(sT3Cp3a
zL}i_oM6~_Aw`XqKh1t>VOD%XkBznJc77Hm69p^+p=&$F3dp+kBma}c_5;V29dRa2v
z2W~De)w_0XYQ24IO^Do16y`n-^q&E&KxAvuYEps@!El#E9zIcmWbRL;yG%Innceq=
z>ae?AuBb{Ixt`^eB78eV0@S*=>8Zr9b&qvB%^D>fSkG_9w@d(m`%8Y#@!`^!&&F!?
z9vys1+437=+y_c7>D_DHbeUnzo-gywhlgx#+ciu9RcY*tP{PxfAb)PzUdhrRqU6Fg
z8`h_p^_)<bjY2@TO^erd7^fV(hS$$hyM%fCHz9xC1!1AKzmI<UEr3lVREK63c}|bX
z4IsOpyp3N*;_$RDGX+Ao=cS21ht#NtvKQF=<(~Ks3(^{JFGOHx&hG|)4gLcU8xV%v
z-bRFl?-lO4uu>z!;gAJ=1dC(#ZnJx6#$%rgAzT>buQ*c6bJ44YKr(W%%uJw7qBG_K
zAKtR!0&mrX+<rV@Mo4qdZAKU(gdmRHWg2~(gi+KM<+R=~r-(}LHZjrPm-$?HRY3(~
z%6A<SOGIGhTU?G*)8#M?h+>4{{-O~)P(A%OoY?omc-woOWcGZUA(l;W*RL@H-7(9D
zh|g6!`GPOKr%?#n@1Sp<T5WAtaf?iYzO9?WzwHt|IcN-zyW?DvMTcv!tv((V5H{p3
z`65Y%@jl?2NI$<Wkm?S`17Q|tY_P8D&?Ecs!VKiG3mret!oQT=N*74ZW~4hyuw>CV
zJT&foZQVLW=g^-V08Bj;<cDS0iXWml|JJ$jTGD%!0`KBmr<vO!g&<wd8wgi8`+J%Y
zR*z@?er>{l#Y>#I%#L1RaFHyV*;+@aTOFhi;0dGMWy8V8Gk+-sYV}34CT<BeSq9}7
zcON#&HE#AAb(EupA%HBkG?yKdl(8-s%ntOd_d1oZ?d{>drWn*$(m2Mh4_3^p#&Y-B
z8mS)8^!;VZ-=oInv;-fnj1R{hf6J2gXH4TlGg{d@dRIU>A900{1I9}Z#%a0Zxk2ae
z__ne=4paA>*#?!ao9vR4u8ZboKjFM^an0q*tAC3A<gCx_mPxx6DuHB7%EbSV0VZXV
zCjLKwoMUV9$%lPn{Ubua%hugNDiZyeCb?MU-eYl9Ey_M>1Ltg-(&+V=ihs<hrRN8E
zRzkQg>v1%gBv`2>Lz&QHjQ|E6@+wy64{sIZG*r*S&BI%ys17+m+IWfRG6W%9#>uT6
zj0Q+My3EqCuglaCbjs7|H%n^+0$QK<-Zb|w^))s3&-FDm^+U7NP5m8xJWa`b9P@3p
zeQu5YwSC*r^`rN3bWE-!lYJ{0Nlvqeyyp{hmbOni1h)~bKTi#vUIkk-(si)9Eg5xY
zqP4_lnQgjey`P7q`@oU$yjo#LXcfyqIY|ir!m-MV5H7}6+I2LFfq6S}dSqvZ9CF`t
z8D7#68a7nZJaO(YH>JH^7IaYRGU0*<)1aMxeVbHjomX5wOdta<Gj`{5PEp1G`4(Yc
z#@JKf8f`Xh`2XC(m)UX>h>E&2<WE~-PJImKY6-rhtJ-gKuOl!M5a32@NEq((VIvP+
z8U~h1S)?Q;&%##6Xk2t%A9=X_;m_rP9X4WkkC6t#Iude2khh^}2?1O4+>x*{o@u(3
zo_k`UZ`f*l#MB5Z90u6Fw2}r7m^5*Qvd1+rSF0D`qPW}<@q}pUmt#wmp>wW{_=~)I
zyJ|%HxyJC+G+MUpB~M^(8Kxr7^)V-$NK+MNFuCjqDOKWIp{P9L7Z_3*8Da`7fkFRb
zer+O5z#={I(%1Ubj~MCvhKXKu1Lj}MGhBgck7q;6s^*<QCjh;VX~)|5Td}552E%Jf
zQ{7pkC_X%+Y5s?!aQy9d0ih;FR-u=j;-?Z@ImI^xRBxA1Cbr->I_?r`j8@E9Rw&|E
zE}gaRndeSyP~D{El!zKePn1{GuBX7TRT)V5`3qUaURjEts-8wFy&0tvRf7>LeC`}h
za%i*08<yJ5)ns=k6K5lPtv*0FgtwO9%>(>ognZopCY7^?8BV^MHLbR&_&TJxV|JX4
zV_X@agsb?uM=+SDsz*@yc=#zw@zGDX$NL*P8T<Xj7A&CQqrc_yXIv-a1pip)-$35c
z&q#j3$>E0U>!v&rk9M4Zrc)|h2;>7JfT8Cxtn(K_6zsJ}-aPL=!96?v@a9(&2k>d-
z5l(}4&b7gRg_?HOI*!^M11<gNF){7X@G(-A+hbaStaa}yH-`P&%uU>_Z-l%AS<tET
ze#v_r7e3J;_TiJZ(-oHq3OsJpn?Y@%M6Imt@1Qoh5>M3nyp54~#~|eypJQZv1)JFN
zF~=%>8#jZ%cQf<8Qw%(%5o=<@+3^16s+WnEPDD9eTmBo5Cf(SY?Ko;`_Sfo(&yzSr
z)w_6U;aXp`K~u<-pwJrjITu<@>f9VD4nhSAJTHjr`pl&5+&IJevAAsHk&na?P<4Nz
zzSv<YKZz0RWH@kcgx7<=Kv^k#w#jt7bMakDe3vdwo7~zb5dy#){->{2WobJ8fGx)p
zRQVXA;;X~s2ZB5ieqBjES`^4)Mm&&s8eHZUS;H(gmtY5@M(8XvYD=LR>e?|)N^3VN
zaQaY@fGdN?;R*0RVyGGwQ`^q!Qt`_E)Jd^U6e{EL<i)ovVn7#@=w?*axL6;f4~EVj
zK862|lJ+w_b$5j73)dbVOV)7p0kG0Z-Nf(YrRmA#&bULgqpM^$dJ`J=GLk06y#C-)
zr+tA&Ztw4rkJfIy^VSV_sg31^doUJg)YGxKl6#3WcmdS>fXIl3wW6!xl?ImUZ>R6R
zH*ECrrd@e2!7=>;xdtl5H23T8yGpI`Pcz5Q>K+vvcZAj<w6<A+O5wEI&tk2c$uz7G
zrqm;MtZy*qgX-&$P8bMMw%YeqK5$zb)%lVyL^kx@5!kTb`S61Q*hG{hqy~0bAz{%Y
z5lmci!XS06h>k7Mi32oQ^@I+1F`VxOd~Q;x-Kbqegbwqp*PkkvSg(s0IE3l$(;<DY
z(L6Pi?HXGtXWxD$VHaJ^)vJbYP#jjFB%&%29ybckK6Rqx)ly@B!?yJ2nepqFsJbk=
z#L%-JgeHHEJY?J=c)yI7T<_^(;6vri>zQ(`x{6{g_xYF9X+&4>f)mPln=6E@G$lw6
zV&L{rX}EmZf}Buz;QCn(RJ(Jjguhe(R<}3GL>RLPJG7@WT>f!ouloZ_mz=J>tFCiO
zW9M3&&OTBiWlfHve*Ct5=w3o2jC$CM+6JQpR-~j6AJH1_;4S+>`;Tu$f-Bco2{6?Q
zR&&;%4mVr3Dds7O0aYK@{WJ?%6k~D<Mimqj3&iCWO$w-_6tnXSel;gtnv1n4@}>}W
z3}zpsRpHd!&RNY58E3V7R&%9(TB^>7RjUKo$VAhud+eBj>$nnLhwIs%W`lCjrCs)%
zw{Garg&*+c`{lg7qvzYg@m2@PmdGO^o*)D4FNCq)UX${}&@sw?9uuEJv^TFDls@H)
zMq-Fn5Q{01ehng3jUc6t)ZY&iGqdlk=2}%-C>#Ca`?4;~PSpY%zm?gf`i)!^*^6&0
zCJ*tM6@TJ@&s3t(AfRw;&Z&vk*fG(e4_&4Yy_iYJ%!NMuqPrz*e-m<dUT=5x8qY@%
z?>cW2xssP>KANw+Jaf-;Hr6kfY@#YF@$R8%&|!S_Q2(^%8k|C*|021xNvsjlXRW9b
z(=rReU5iw@X7`JzVvIaEn!Xgp#oewyx9Z^O7olk2apcBaMxGC}#3nESlemZ9x<ar@
zCq9pIDO~Y^4n<&5G9Fq5XBq?mo1*Vk6<A*WwR#MdZ3q?r5?GX{MAzH>Wn7NUwoy6i
z(28@Z`y<b;VE8Lai{O`nWZxSDIbSwk?tj29kDA&Kan!-u+nKhU#&>=HP`B<7J$<NM
zFE?MNgRfTvrwQPeMejE#AoY;lypxelvTw?zuTNRSTLG~l7uKpASL7}0)f6H3?ibmL
zfmBz{LL~Xdq}ALu#W84cy@3+zo!KMd&F8H)y_Yx>)e}Kfv*JSP`Nq^37TLrSHNBC=
zNy^k}$H%5ZSeI9bprNWk5v(~auQYGRzNBK=%G-OKR!i40abe|YtB>b7D++5P*{Jtn
zB{=-l-1JFwF;eQ8+Tq%Bx3h|2lfpOLSG<<p=A}vUjg#E-Of5Sjv|ux?k{Ba(5<Yy$
z_SPW8tn~ynE$q^+Gxxg_AR{uW(OF2Mg)as~Z3SpE25O7kaIH>7uwaP+A7C3n`tN}3
z1StPp3$im+{N-&hu^ReFMgXQz)vF94s|u>OWUEuCtznnde##?9R4=uJItq=QVvOCL
zXl6es-}zO%P1Sw@F-!2smuywY(SF&ywFD2IYM8pqsZi>+3MCm}5Y|(9+1hd5%Ht`g
zf^k26u0JQ=bgqzWc>ipUdBkU%18!4*J<!POzUzj5!;|qonDs&h7*2nYNd4u0mD)W`
zo7=(rc4=;L&*(^X2dns{DQgY_qf~&ij$7@%Zamm#5X^U~_lI{F(l;&Y_m-eS!oyBm
zX^rYb_rPtSWEw8NpP=BVlLEHMO-S*#@k<zW=g*M7^H#6YRSvfSvzG14TI)ZhpB27r
z4K+C*$Q(z>+TMgl)e5796OH0E^?ANdGh34^?qVL2)wmzKX$LOrN=)LBxRg^id6OKP
z7G+9t+~A~y(JomD1zCyxiz%)^vy{$i=~Xofi%>Cjz0t||Dpqofi95K9{D#)|L@w3@
z2PhK_a02<3s7y}JQG6r)8s$1P^H)lW4$nA(yYd$B`(7=J>Lu=BE31_bl#J_xSY{Zd
z9LPY<(t?`#5hdfopsEo@3p+_%{4wDvv&`M<k<i&KVOl!_7u8onaI1uPc&S0iZT^C+
zSMbQSo<3j^uoKcrqYf{tnv8FE|JH0s@vY3T3yE7ZYRe+LwiOG%$wQPfCr;sXRm-ZY
z7doZLa$^p`XJ7KzEz^-0hVDnL<adJw^C7ruJw9=Fbf2!UXemp{)~mCcVxy-bkJaR~
zBzn!noPU}_XN+mPdeGy7o6>}WY(Fb2CAumq(m`%iT6|Va?7NvyLm#uAUD2cv8`pa*
zr>X_*9x!nJ+f-`YG!}EA6r(5G&L(Y+&WejXm5bC8AC>sq#8DviYGU~m2Ybwy1mf^a
zJ=v^xPi@@fbWP3Nthe)(m>O?*TP&ea_tsYey}D*r$HKQ`cE_8HxkSG^roV2~$JM@_
zE~QL@Vs8|o(e8&#E<_ugK-k>z0ou3MH@t78n=V1D+4b80tyI)3D?n7TZ!4fvnSd$G
zCy0N<-x+?Cc1fS?Ljb;CX|-XJ#<{;9&BI|e6%I|5%`_a(qnpk~blCRNY<M5{L)vS)
zXvS$xWlz~}+iT`?%X4QpK+Y%6@Ft3d?F(fWOciQhLgm0>(M%GnYh{C?Qf=>!lIj9g
zp}K*6VUcCbL~+GWli58Yp`}MsTR(@MX$&i2JJ_ypwt=?U(6w}C(X8eoalg4iK{~E?
zTaHtcDpz9NE<c$rW-QzGZ?ixqZf7j}$}XQz^FJiCR4d&?sl?f?-0i<f#q0ark%o(v
z+si-r0&b6p_QJm>mfAR;5Oj+i$+|te_Yt(g<_qhvc@ox1VU5lgD6^6VF>!+x0c#(r
zx*>y>wIR-KkF-1EZs@+Zib|IYIgqtGrfhib4uKv|8?@d`QE$1xXqKk$V%Rl%l_(FN
z{WN_CHgDFn90$X-vUe5jn+r;mC(a5Qv=pZbcU&eK%-nNY+wJQB?CBU5b*Sts?3c8&
z5bhfQyB^y{`eV;8v~?Ij8{7>YJ}$`QAVOk?>;`lQT|5J1k%SH@Ltxa*ygnOy!hn?F
zZsdN0ek0vXiA2qRm1oMp)cY>hI!x#uFIh`Kp+vc68+HT9B?)7!zy?F<ss8OmPEF>2
z%xn7r56w#Lsl6%IUnF9K;hQO%twb2j%5*bKy8*8f)nV3O%p;WK$1F*}!Hwj~rHz;M
zs<#Y<1cqlFMIP}JD3w<_O8ot{U@gn}zED@(oaGdvxiUR$i)jRIu;w&OqpsrCD1M_I
z$YG(pa7C<Se`%bc@nvdtYXq9eXKMU8HfZf_1%J95V)1743`CbwE@8AMeh99=(Dl5A
zTYjh(;B&X1kH!C;B0TGqx2BTr*#2ZU8Y!(dDkj0T4FugA@=}q7>;%H_GRC!Z-{k;(
zo;K)e&&JE(o^a_|o^T3qrj#F%Z^EzJbtezTkKq8h^rVgYw?kl3%F~%Q?7HVSfIhYl
z-rf|>wSBkOpo-JP!%B>~%;&p5N@3b{d$BOPLbui2peOCvza0j%P+q`&z8%K7z?l2@
zbi)pmd=Ni|e{B!)SSZ(a+?&F`&Q!pjAOPNfaTb8NEl=miJO#BUrBY-a?uIMgmKX3V
zoq<fNthPcI{V%|eoxnhULkW}0>?%&V+2k#-mSf#MY8d|Z<~3<pP3!jj=c$sJd9pUz
zS+|4X9Q&kJ+=@{RrP}_TSk?Rz$CIl8ReYvGK|}kVBIJaHCQIPdQqkN^ugid{I|Fx%
z*2(Ua=|L!$9Jhs5ZvDk!(Fjigcj%6EX2V$C0SlF?Az5FMenJdQWrMtuWABc%>H=jU
zw?X!R(C7xS2{59nUevK*N4lD|%_V!VXuMu@XD_t&Stdkj`sLhvb#woHMjZLF$Nfvw
zH=zT6!?ELFy5nLN%~i*$3HPv#&xzhGtbB;^oU@w`^iQ5qcg$G?dQ{<`?V51%(&px3
zoK_{L#*U5Ix~NIZ^lh7Pes!){<GCi_IDC~`x_(;C=U&X<u{eShd2V%klQhViSX@}W
zYs#rfTl;N3Q=@5kXyRvnQNz_67;f93{>G7d%Mxax_^1FFZYXgAw5w~!O?HhoizYj*
zD*(iq@o=45^4-6hdWE(Hte;BpJY_BA<?El^w&l{4&h6W_yXDesm5wV+@m6q@HQgOw
z$+sxe>=Et2G2tLVGRj&BVM&hg!xHa6%wF*wJrXc+(%BgvU(D~YmfVU6a?M%=<kyK%
z9sGw(u}K`{kTOapM{pExPl>e7C7q}Ijr912Z{n20!Xy7Ol@e(v+RtbwPX4Sf|7u;~
z*0#WdlhxkCRD9=8jevwYcr5UX8@xDOOppANpUslR%cc(`WZTdvB29_Os*JQ#iX0Rl
zRTbl+7Bl)+vwuqbuXz08<U=P9AtQ=t|G!HO_0a8A_Im0G78B>hDjq4dRB~FGsFI*j
zMcD=_ab=<Hf>)Xt*@YQ)iqZd@rtVI3JQrDxbYQ;xcS)Lq9GEYtyYnfYi)A>o23lQ;
z#B>?Qr0|O(%>y75h<NQpq`UkNQr>GPI-QFwPa2`%Z;9_&5XP?vN~6lR6Q#nB6c=%)
zW6kCZ=i~A6K!4Ynsp9wOnJy;__E&Q18GW*(BK@cs^NL6*rHZfOY^uMSu%t<kz8b!+
z!1-kUi_8&Y8zW6JL5gA|L(fh!%Z?90kBZQB$%>ck*kMqN+>X{~ij>Uxp5Uwuv*-ls
z6evVRm~v$&O6TXu7i>qHa*b_3_ZeZ%6e%TK@l})!=PNnMjGZ`J%0Kf_eA5@)<B$${
zR|$@UQwpBDs(l4F0{$;35Rzonoa~`aRSsOKmII3TFrYP^q0eE~P=`#1q?nQ6mB7-F
zN|b3(<Xe#jhqP382wxKc!IzJpy%8O)SET9YzxoDi)I~vOmXHUN)|*rxFatReXIogH
z>9eoYxKJx`rJcfGZh*cGC&y-i=0QHzaQv`~Y`yT&*u_-b4%yJjW9%Eb>Os<a%S-_B
zTe}a4M)lUQh$z-8kLZ#^OMo{nbGXAnZ1Y=73HweWJEE4!>)m4+bG!#Np8P-3G8Jj%
zUaU?pHrOukms=jsJASx^zA&jF{#xs%pfOnr+%RR?(l=A(Bw+d!L}S}e{J)Be-DMAa
z$UsZ(5=p8za(JTv$|jX<2{9Du$jIYgHG`5fN$i0Id_1Y9Ka&d3%hC&Vo!v5?Y9wT&
z^>H2WX37SoN9yWk{^cJSGI>q{U1(IP?;xc14t4&K7w?V%;){Y`U0*rNm<p@JaG~&b
z4IQD}DN@-R<z+R14(Fnp9J1rM+;gRC^P_xs^;a6Ys+r3L>`$H^P0T($I?MG1?aF{~
zIG~Bm?`g~LKi)E|=|m7)(?qMa6tXkb@K_nqyx#fdz+IE-(%6xJ%EY_tR;)wUS=XfV
z#hh9|>!gmN3)Xd`uJ-ly3;@q%)PLGz9Nb}!LclLlLE#>K%Pg=+GnmxnT*+b8jT~S8
z*w9?Jn;e=c=lv^Fe)f<nf>os`rp|2^*`8h6;SUL4W_CIgXQ99C+V_IoUr(PZ*UpMF
zCn+V&oKDq-L8^@<=$B?TtdxT(LrXD%n1cXq){XVn;V#dkOU(JF&95fGV38yA$zJxQ
zFRkA~E>f&tJDIl=alA-Fk|4)Ji@j8EJPtfyfn1g8>r%UP=%H1rgpjEO;r&~7LJyw0
z>_s6%2<V6-^$YxqXojGPm2$^qJV2rA7ami#@Wg>k!;`$3-^neFlZRk>h*$9<Z9Gpm
zM&dc;S&SwVn0NaV>^J(kfQBiY@=QkJ8<Jm>DHE7!Hzb2O$8-m);{QXQeBeBJy;H7`
z%+w(-leOA_uoBon`z{<d3zbNigk1MUO(&a<&_d1hLmwfuCN%wsTbE*Quex#OAdI(+
z;=Fy)iG9)A{YYysDN*C%`_Tti4joVX*5(i7&Nm#`{>vSg@O(kxD{0oRkUKy&9ARG~
zE}w+8Q$Q$hnE677mW^)^`GSX5uy3gO!s(ZTFC&)>sKUD9AQ)~KpcS)At}qa%M;wsx
z@s9)`=x1+KcFTs^(!FvW@{g=H`zrYjY^xBrhyN1Tu)iD6ZW*NxrdF5E@_WVvnk4GE
zu}4|`JibQT^3hXbzqSjZh9c)Y(|_Q!ECIka)?w%}Es2t}t;5V~p7V=Y7X~QF^xxgF
zdL}cz<g>I~YYaL(a-9#EiT6gnc~t9zarXB<8vZ3m1_sOrKQvE=q2Eecm+qPXqPyki
zA==Y=U%uMmP0Xu#fi(3k;6J9nA7%bmq(jLrB<|S*pC8??<y=LXOF~!pTaM{VyIYQd
z9&uZa%(s>~O9Q9Z8dsVb&}n1B4^vB|HEA1Kf_?0;Z|j2VYC*E~@h$Qx_weECR?yZ3
z_5$7LKJkK<NUelj<J$*Bw@?*{YU8JhYDXm|TUL9Lgv3=rBF{Z?n}<veZ5sN{9caGb
z*P$&OrRFr}ZoBR+1^aHbxrZ%;KLd2ifv%1MZhu@_HkQ=Fh=xkPh=Twkx~)M-=OFX6
zw#w;%&7&qT{c@=jDp65@T>e*7+Mq3wD&|FB&DR9PSI<ZM1Nh!n5oW+dI0F*EBM~hd
zQ4DdJhdHZTuJHghCq=|G(-nEzn|xpX>Z4q^OL+-}^Tel<%VItX{b_2ewDM8l;xg8n
zwjckLArVe+*d*nQFL3|Hq2EF|+<B+gH11)yYZ=NSVypa~W6-U1`4VN0Gvh$8iI(Jv
zZX(t-FF2|_=u$uVMQVUdm&y51884dDk4ucxt#jS{9fmPvmii61lLca_#Y#0TV{<^L
z@3cz5VYfiID>U%{(gnF~KnVTZ+$|L4)6ANln(=5OQNKh%l3^L0?H-zTS;B37FF}oK
zVgQEJELGiNN`DE|y0?(bbkuf|FfwYXu4L-VM}t_n<vL)}LkCAopabXiaqKXKHS8e`
zZCE~a$EykNIJcSRL!P^EETOn`y#V5i^ZNLY1k+&ZA;c2<^IRRl2RTtsp_w-T*Krq6
zb)<GUdBU-drpo-Tk%3D(2i*Pc{`H3p7x)`39rKRy59Ug(8|!7Wj{U;-6e<eJ`yY9e
z39H@yCR_mmk!|oRcRbyA!Dqk#9c0FSB0tVf27m00=N(qNrdwM4%9z2jPX*61RYIAl
zRJ<u5=#v>ix#h^a5Kj$x*+chIPv|ec@~ThEk$iq<_~LlRS})ZTcF4B{!n~s8dOjy%
z)YN<~S?k^0;@~hxVZL;;S7ZAl33_#@sL;pJ&xBkV(m?}efXa%vp}N-Li$cwHjmC<4
z2bdEHWwIqKzxuYLK4n6F-TO0Tyi!1G`=#?x^M}?|As>dDhC(ltXN8&G)(psPD;$4{
zfa4j^-4UQE@w^3Xr!h?yzYHsI_O6r%_T*b5r<?An<YyKw_ebyS_~_c{Z8){+H}pjh
z2}ZB|Pw$ADJw*?-E1g-#iBeh}WRi&7Jw=xYMlbwNZ=rGvsg&1wJuI7k!9;IhgWIAA
zr`7a)je*A_doQF+ja{49BgV|%VqY?SN-L$I8$uzA)OU6~F%FD(LC)nXRn|WZ3ek!f
zp=NRs5-#o8!oX=J&iva9auI^8o2d<=kX*F|crauTglxh6tL!P{vfp=!3gL;5fMY&>
zFAV7K@y2mxAVD!)Yx`;Lzl=gnFnhc4GNN8szvQ<vC!{|*B7uoXURJBOM*>GR-(f*i
zShzPto7q;O=ja60L#uHK0?%K%KyT)g7H)o!L{h4DTkDWkfU3pbzAG%}zY{EVr90*$
z*rA(JZqlA>PLD7~al<1S=V4|Rd&mY!EOT0|u0v*D-C%HE)#w+buoPi;5scEB$x>$9
zj*)UP_`f1qwy|`svb0zK>hZO<k1ug#lTtBstHL3$=oU$WjQm#G<U?#I+3A2_re9EE
z4Svf01K1Lp-Evdv4FZQgN6(Z!{HXamV$xQ6hpg9)PG@JUWh+Czs&=o@=-I|Ha`we1
z8%Pc^ksIMeJ=jU5p<5f>3-fhJxQ;-urRDrB+k>;bfY+4d?Fc+NsI{?pTkAaf-Hv_H
zknLkh`B`0j>o@XRaZ1>(wXGVJB%i40i+E8x!{Y4Ob3M5(wS3)Tg>t0=6>7zz>_=Vf
z^?+5Y1F$kX5l!CQFMUWl66R=@`E!_aI)8P(y%*W@NojVdWsvboplIuldcPsYa6%gI
z{Gy)+!7%j+Gt|yaqaPl^+S)`sJ%PFU_UEnJM~{}*{MzZ??QwVdwO#3-RXXS`GYBVS
zpT9*8yNMaMkg{mMNTf#?i1XQy5cu2nSRiZJkXv$$wP3!3i(A23S!wv^$6{@0+W6~2
zQ-|o;xp0Yg7XsIwuFv{P6-ivlJ92_>Vm8*)LLzN$3yAA(nK@)}S|7?+JF>}kH81>+
zX|>xshTHLHv&ToR*4L%?_f-q7PRaHON02Pag#5XHjAVsq<~%$Y44AhCUbg76W$9jL
zK}GtG?pT3JnAWm9d$XGPif+m}2u><9!pLHR`*z7Ml7a-{r}<t3A`whRze*<N=oltO
zw{hGo%7`!du9r;(Po3RCnp2IC6O0TGuJ0C>t`m8f3kS}AAFAqb&@sC#@QaGQtL@8b
zkS8bGX1P?<Da>~DEmDe#qpIyIYNRJ8zs_>0{%Q^`J<s^o+VS|3_wEB6<hcvPx~IGW
zudr|XP2Xv{fy*!xuW<sPN)kma2aa~kJN6fQhML2QxC>L>obkWnENCzZ8(}VfwMNru
z&9a*Ib4Y^brrP4*^UcAOR?X5T&C(k>_4#hh+VU<7bDIN=tGTnmIaM&*B!?s4?S8)v
zE^xjZua*&H;j**;5T;n(^Esu9gM_t=Jr>VwalPlef5>A>*l+0GZb5JOx(L%uZ~QiG
zNi305LiwK-;#wi1s_&UMk<3rLLU}o-8T)vzyb=PqzQ}l-qT)+eyWl@@$vR00!}*1U
z8~3nwDRimf&}9x_4v)WA>Fw@NF*MlizYyCcT+8bvvTz>1dyNXVdFG>`H|U;fea*nu
zXi0j?w!u4;(Pz*<y<~EYUf}f7v%Ls(&1~ufOJqk{WEBWQB);c6wQ@F%3v7*Oq(ASt
z`y93IP%$qZJD0%m#onr0{o&5OHV)ELa^x-@4m^?NS5pL`de$^y9S|Z=B(R?&j$;6V
zwIX?KRKLIXY1TdLZ4hN{ysha4=L^aj4VOjE7b6EiQn@|OGcO=X>h=EUy@%!79fQG8
zmG0Kq@?G>s>F?OTvKTWO3KeZ$o)0kKv6wj-3>9TO8kb1Mm33OIN6lYo^=&Y}s7Iyr
zOV!<i!X*$$61&gGPTVysKg7+hJA(*ap}8GMB6m*!RSCp$IRVj>#Ap1_4Tz#Mh84$u
zkw`-<AM1pMER#+2rB%Ntcwtk3=YqRrXzvPtYV_cQFqZd_C!ifFh|$E2jt|Z6`Rqtb
zpB6@Gw@;K@SL`cWBb9VPbHLh&obr-%&fcxxFi%^v?&8MpBd@fN$!S0r3yv@z&kvX&
zcH~y}3l^W*ze&t-^I}23TYZuO_4SqKQIoz|_C)yv<eqwSaQ3P5YsVx`&%Ar;4-mrH
zpH*9!?ns8!dr;T77FG0d?+v{-3cyVEx$v7nltyVr94u25L>#PKM?$2ly0>xr6WXe~
zP{p%F<Xf+i0W;Up*u{V0!lWr5BHEa!+<0a-SoRC5i=1iAwE7aKDmJRkIR|3LevjLV
zrGv}fJKUR34d{0j_pqK{wHfl~UQAA`Gy3Un8OAR3S0t%AF!xy+&J55rCK#|+?)_!*
zb<&U+;xP6Fs0#Np>Bj7;uDdAJrz(~hL8U>c;-tzCbW)Kh;gt6VC<+%rOQ9Bqs2KdP
zx&mms%^3}Y8P!8(bo(*&YOpK2;(u7E>LJs*otPvw*yYet!sd*+!KmuVm2L4z-R2C2
z-i){*Gw=Ih_1LigvCu+xJn`5j?w`~yFWKPET5}(Kk%2JZ;I)47T#l<lyAO;p29;W4
z9dz^7Vc~CeQrR)K9awwbT9pHMr$4~8bJf&^(U#~1?@q5a_(^o=dnfC9nw-ZO{!hRv
zZw<H=+N0O?M7<84*6zF`KL5vJybhkx?!VJL$Es|NzwO$iH}w4fvGA_@%3J>p_Ip<N
z*XkEocNezo61#>b3pB+^+4hxHma&rqqYbLFF0nPK*~LqGhh-+=?$AFXR>usdCf4u)
zP!$`iV~At;7xZz2V|Da!*#5$MobwnR?SGIEcO%@MB-r1u5khSlEfRVhU_XGP+*zmF
z9iykg`8QC(LD*22xEq79B*3OCgxXL86`WXE9AF`2PHm{pI2Sad)L&z3P7SIduE8iT
zj<@Lg;U`|-r`d-JruLy(5_B6*VOaFNJA6j1tAg4Qgss$Brt62nTokX<^^Dq31qh45
zoEQJ5>zV1neIOgzVo>eMK1a|k-e0F69efG3I1ZxuG!E3<x~2S@L*Rl50Ejv`e@0D1
zf2Q4nD%i_=*y=V##urX4z%H?4D7LFA7fLpvB4=^odE>yGX=yk<5Ymt!dl7sGz7W2+
zJ-k1g8?f8(Xw9hE<@fZ|y<WY)(@Zli<<`IOyf3*YxVyd(YVD4m-r$tc<<5D3Yk;_5
z{yB-(uF}`C=IFV)QvmH-b0S@YT~&clvT+pwTGV!~*yrUwXZ`81JPhXI03UA~_#Y?I
z*XEJBQRqoo)1=|;BOI`xRSvxH){)SAw$6THLrm1lfOw&P8e&6K#^3<exBbMrP)h|w
zGszf?SK0FefdOJ~p(Ri_yUW5Dvv34Eu{X?##7i8T0OqgL`fwc+1Uk`mbDlH%##46E
z5P@DylI6DFN)j2uaXK(uNO_KUF?Wy~GF%{eq9Uq*{v^hHUj88frjv%y@DVCv4=YV+
z5&`Da{zqZbPn~}@J@xeUHEu5~H>xW;V4bGUiWdyx{D~d1ftBXZ#RvMy#oVdhKpVgy
zNW|vR|3}+-KsB+n|KE;u0qIRtK%|58b^#HQqNwy{C_y?%hX5+QMihZi6)7SJq4$<R
zA`n1&FQG~&)MzOG1k3fl_ulus=lst9oH?I;_B$oBvq^Sm_L*7v5K<Q^x|zB9<k{d!
z%7bWUt?_6qSADS4j0~20U$j2bsxrKvk5Uf`<{d)PuFR0^x}3#TW~`|?;wG`gj!hr2
zo?{{6V=*!t5BA9vkb+927B&Dr{-~_rqSC&ynnQuHXkTYR>CfRhUtoUv(PkE!SPv5t
zyVV>Fvn7;bZ>B;YOpaw`Yh1?=$ubxkX!G*gTB&@@fB%}ctT;ngx34YYm*@`un(W`a
z%U;3Sc<BiP3GYx3NqOmW{*U;c>rhVweTvK=Jl<#MKBdtTKwZv0H<W(|n#ES$_d_)7
ziWjlxf&YMe|HcEvMbYd;;g%>KpoXx;(jyJlsN6tdccE-LL?0~Ckl_KTg)KmXKPop^
zxa_C6WJV)U7{I>^Ti)<liS~mMuEbt}xOyo*fUbICKQ*u{$bkQ^<`S5Ud1><a2SK7b
z!@v@WcLAMvhIf;m2=_#fOA@a)`Qo1%H|2V<Yr%0Y(sbz4*h}(3qRw3M`0+o!lxX}o
zawq&N_Wj@!!nwkHzodYuBQc9Yx<_9>>rO@p&hY9-6izc4M=mRg%Gd)#J650&R`C)z
z&|?Tikvt6eDOMe(?{|30?TU;BG&M~7R`QJ9Yhal~lI)*QXzsvL`Lh&9iL_rU`9ENE
zX&r96&t&%kW|(<=f(5P88c0`HT={Xv?ec@gU1ck-4t`FRS%(12ZhA+X%2LPmkoKkB
zv;cQ~*#=rOgdX&wS&JB!2!AZja`hnrz(<oUBKxF=w3Bd6{g`!&v;I%nr-5TshC_Cw
zz7Bvw{*|)ex^n0s-R=m?)aaM!PV8#}GfjXFa<2SoZmpAAZ0XGmzJ;`imka^vMp5R;
z2KJ(n4#1)gzVg3_%#jWjMGk!B(JkdgL*jI!2=h_>6+^n3_?Cjy2A&jA1=tm@i{Q8H
z!fePB=VIX((#}J^!iUI!(g7EZULY9~m-a6slzC+wt&ksADqpi!6wl~-jJ3rW4ZHkB
zWb+t<$M_DpP|B<Uka8=Pp{#q*nM79PiX;#@Jif5&Fk}%>d(x>n+4;mRr3kSc{Vkt?
z6!Q+AffS#Ky#PVr=iFOzCE8u~eWJr|5t=ze1b74xVW$zNouTcaQ^V^g%uvt=WHK!T
z^m}D2ryWpiv_$8Gh$B*MWycRg?FAcYv38)7ded3;H1jQ!rzcP_Bc>yM`^U8%7UfkS
z)ykAuYew&KOahutccN!#O<bx4l??G_7Im_icR<xfLn?%~=ztS2lu@ELsi+fRo*z{U
zfk;RIWjhZ9JZCD_8Yaq#m|@f*^+9hXM7Mz<6Nt~FO#O7~PJl&zK0ji0C*WcSUmYY%
zqGY=)T56AZlO^3b9boTqaJ%xYOW)*tT}Z}qTVhc|?=H_n%#Fh!12E3IZ-Y!p|K)p9
z<{@8obH&H%KkkijkIYs=50ph~oPc{BEA>(?PnRd6DhLm<16^)ca=75fbqRwlA^B>T
z?5IB_ohjyeCjRP=WVJUPS3d)(ABz&_ixKA^6sk?7zLmoWq)Z=nX`QjtJj2iRJieI`
zP4}Q_q}kwbZRK;4q=cmg(Z}pS-CjkzY4e1gQ#49kF2wS|cWc(I?FC(Nb6#sHjcmP2
zU>go`ez!zAX$?}=@CMh(qu{&^tG%NL9AAr`3;E&6!4OyKLA0IYktz~by(;1SuHh)V
z0at#oK6FTP$e6;{)JlD1eq>fOwu=9i;_y$I<mNlDu?-7W;Q?^)_#sV#6UK8NHQQ~w
z`B==mG)dM_lg;IM0;hkt3?_Z8qNiLAG<u^aY08T0rKC&x@>jj*0h|Mu=EM(QPni+_
zLb#(d^bC>u_R~-Z(2z!!uL({q%ZItdrX*PW1<qbXm3#qBB};;zgZ?O-frYQBiJArF
z)@LhiE5=%u6k|v;&=9mE2slvJKcXg>U45mn-@-I!CuBufY$q|vM?+ICJDcr6uMZ(S
zK=j3_Z9toQrvTYG6ul2Z7jv&*qDIr?LPac|N4(mCNwo$YT%`+&nN=FihH`whT?rqY
zDjOm#gfACK>;{*K+N^3A%Dfur%se*h8J(J*#kgLeKyXN23`IM$oGddJX-`5GbCu+`
z^4a}|IidmVXl*Dtz(Jec2F#`Hgj2<mI}J6g`CGHl@w0j^(Fb-etOdwHnBjvF!v}`R
zJRdva27q_$)So0>%~6{On#0!P3K}V4b6gekvmXm;_{U!CR}Es+ah^Wuvqn!iN8~07
zS(XV`zRy-nW%5ZIhA%-^tHeu_w+%IX3|^TIWF}}Hc3SLIb&e#A&B}wPv;%O7tCyY>
z1i*?y0d=A$#krBj4YZ@Iu8t(2o&)u3H4dT6)=<$>2-&Dc2tR4%m*>53a;|1N8gq|l
z?(n#w;-?RiE*jApf7wK0h>e3H$30#2Yo=a)uAl00j^rtBxj1YdVK1yAa2(3{5?xVM
zC1<Z^e~REKHjl_pyv+MI(}ypSjWiqie6i@!4>M!2=&=u95?f?8G9%Xo)h7wGWf2vN
zfiNL8qAju!!VhK=f693^(x|?&>2@qh{B)9#$sT1T-5}bhcE2hvHdjETUnRTx(?k0H
zkGV3%0>OIUG+($*o~YuC)4XRz^Kkf#&J9Ic&3h^|54-<vwv0DO-mrbnB&Hah^yZf4
zy?5C;+P%H+7j62sZ`k@UiSfVIQ0MHu-&*=m<e$tNHik(z_%)N_xir;ZWoN1N_GH@F
z^pt*=@mbII-ft>>D8x_uH}l4Qk?1&$E1bQzTmNP<dB3_fkr^vtGpqT}CL?DEo9K4p
zTO^qr@QbhvyZM6h3Med<vS^D#-2W1@!i#9VA+O+n2e=3$EG~~gAcwFF%<L937WSa1
z=-<Sl{ZZKVKH(lrDIAiJ=>4yF2BA;%{tFnq(_$AG{|j6wh1WO`a@+L&yymft^bnW7
z0&`82%?j}@zY^t7x>C{Tj~sFWfWw74o|2MPLXqjP8@P|q$x{T7Z1D?Co;t?zN9Y8}
zGCy?U)XYaAJot}sBW=n>Yix%<jJDk9F{q(EXY}aB0jcxZLngDv*OeTo8~&`5ZVk!G
zX~Xdh4r$$5#Y5DA{K7-BM*Kzn)W4ylq+j*{zi>abI)70g9?-s1>K!G0vZDOLz0{)o
zLcOx09irdCam&y=lk--Rb;c`=(&n4$(XNxEWq)30wvMke*Px%N+fgMb*<<jsm<KE8
z3ju>&7t#?L&SAvyiI2k1QmlSMG%W;-PH`7WM#--ypKaGDL~TcC6n@&i<rxt8D7KrH
z(c~B|dlE#qj&?epxlS@*0~%;ILLD0z@!x;!w9^5zX6Ybn)iU$pTDiiWgTL$K=RKHH
z-{`!z2B8nLYQe8EaNm*u(1ai=syJS|T%=8_ZN)M!HEQXbH*3S2nFP1}moe%1e<Epr
zwH(34ZO+vC%-#gIZyc%qx48uuXE{?r_qn^42b8O~64#7-Qq`-UsL=~7!Z=wgGH2%9
z$7*Ae2VJ(LS6^r`FGIaq%Q9cZyM2DSX3)bE>h|d+g+UL8y0oQYDBqVCS=Bl_sv*PQ
zDyAL0WMY2xj6A2#q=b1+n|MiR;oq)lni7Tg7n=y}-SAI|Q6V@BQliOH!YOC2NRnC;
zX76n|%lorj-%)7d|Bqh820NB>tvSG)a|FXX7F^>(xu!xST}1MsJ;Jm&BO(6_C$CTL
zp(o&-j$hjcc`Kdt;tzKX`g4|i;a&&uPZ@$y62{cGnB^@veIzvuFxmND4}d!nQhoy|
z@^)J3VmVz&z1AIzCBRXGE&CQ(BjK)?WEEsb!pwE|wtanJ!I)$mu)~Vh)u6>#S2#iE
z;b@#~@_h%+eqE73hZ}^T^UzdnP7_i$U(e|jLD{v5HjtNX54HZf!N;C92QLA6#s3%4
z7!9YD{~u8x)9H@1+K-D$pMGCb42pOa<J#k*CEcmEP#^Ae<tTrni-Z7!dMN>Tj-^+)
zdW>tUOQ&QzEia3UZpdAirf6g5TF1bsg4Qod|9@e4pb4-(cmiVQ-8j8}L1IR=#($^q
z`b?fk{r>^}IZ=~5GoEeOR1yER{53^Jg)1}Gmitjr>9H75k@`zBq~CD}U_63;7yWM`
z^sGRdh(XK00I%sF=q*8tc;NFFipQ)-i&kG+whLE=bvD11BnzDh6WWUe>b$<ELwpR;
z>wsIFD-VfXtshc;2vQ{IGCHuRJJ;R^F}}X{fLQE*glqb+j*gNJ=fnRI7auAqa-#4b
zLNhv6=+gfX9%Xy&eaQ3gV0cKb(|=EgfCuDf`-R>y&38@+5Tf5h-gtZn`w;OS@?zd!
z*zT4N*@p<F@#w8Jk}U5AV#?0;H{4?)PN&&O%#spXxCZ5HaSU#?-qI7bsptvsyKm_n
z?cS44+9k3_kQ0wy-6f_W$C)dzgjY;sovq<Act`n{__<We%v!DooM>0_gb-${_5~&Z
zQV9Xe3{t%iLH=49*~$&JF}r}*%hmSyE?}m~TDf22Y6FtpxN~F|4IaAaXuyD`@|qxJ
z_r#qzHy#gvv7Fu*cA#CMz*t~bc}0US1rc?SitY@)i?+c9kWdPykW)%@AoE~1driGq
zP4OdTshapIt*q}>RIdHOGP~I%i8@51zhz&szk7bt&d2kbcxuqzkOJ*GX@yv72zUxK
z7;q6k_6nj-2=Yx9Xvx{I+54KZoU|IiW(Ez&LRNBva&45opsl{2x1B4qT5+Fe{T^@1
z-*5;T5>rWQzw{&xc_FP4+Mev7D%+_Gwl20485V=AB+YZx*jd8E>=|Ooi|oU!;EDEO
zgxxSp<*UqGmhd3^p=-?IZ6S)oFJ6<=6m#%07Z<<1%zT{yk53`2#c$2Tx7$PfhlMzp
zzga4)h+A4I>7KhO^62Kds83ICZ(r$Vr#TRgWvBT{70XVwL#2HTu!<brj(#8Vrti&C
z)tfSOtNMfu^{RaL1jmTX&6>NVIF%Z+Qrt~nrBZGJJi~S=e#GHrLL6QWeY}2Q)xUd<
zeii>BTJ90r?#_tapvQN^JakJ-GUTp}1QI}#A;<9(b=sv85xcj#*)FaUcTZd!VOGHx
zU6R2Xz8iKMd0Fmq&y`;|xI8Y{BXiRy^!ECNMgQ0djvkuJb=sNSH+_@{$XJ{8Rv-m`
zI6`}ShO%z?^Y_?&run8)XV#aa;#U?{NQdd)nuhvKSSC7p(NYkD#aWoxbV}f)NAQ{|
zk$k$3{Y&op&AO38rD2+RgXmyJsxRdY69>M~lL5{Lfro1x_RU<{8zeWOW@mExSE1Fc
zbWQ$LD`t`_!nfocC-Mp@!QxW>y|I#4G$c}4%Oz6rgI~ez0fD}-rEH?HHOYyh!|bZb
z*5rP((Van$gEEr<hrvJ1JxAlk@x&diQXg)^e#K0R3~$Q*I>R;9iD!bHzOrN}X2M_;
zOz2h-=e~>Sga?_5#v^7fc-dC@s1~{v`f!{tRj=IanUwCq#f6TMBT-v)k$2Znh|uSI
zVDCisc<~hg?t`-f+-!J_afHb<aL`<Eg+}1MHGOVLB-1Ws!(%UHtPY&n<cRCI6Dz6N
ztYs%Tc1R^D!gn7W$ut2xy2iq;o7=9l^h5_<W9%=XMUoq`H&jp09hw&Mz#i``60_w$
zs=gFskJT8D^>M427%PydSngQ$aV3}mWy^A_K3X*z5S_u;>KMz`6&P;Gw9Z+qXIJ#C
zJD}oV2YrX}Nfuev{Z!Q@*_S*ewsQBEV-3M{@=N~U8pjiX0?ECWs(DOcOVwpq(dTk#
z*vG{44f>V*`*+6o`1q=fZ=IEaUAAkyZ1)FP?9pqnNByu5IQiAhbfq@w7lv5tJyJA%
z@oH(d_uG%TC%2T_MxgI=TXza68f>WpxrCv*e8oRPezETNkeNi`JSj25?<jMDsOs=h
zm}>7^K;uZ!r;%=p)ymtq(g(J62kXe4klK<=$f=<XWcG|b7%B5(v<;BE1GMSo*`1_k
zD;ba-*!IV<HxgkuQm6_Xq<eSa*s#&AVmTR*_8cJ;Ey^Zz?J=;ooZVHJ_oAPk*;RNJ
zX&fLdAKp^XaI>QFVmd5GZo+zOLBu$w%bZw#p}xcMNVdRvzrkai-gr-9S3<vw?Y!QH
z&j!l|mU5B#*0DQ$#c3)7B|4g5Uoeq_>%=<_*=K+RiP0FZ6#ldd!;*5^j}Gd;!t!ou
zjJpA{I^SY%SzxtVy~cgff4S#i;2rLxl*vGffSp!?*n+>EW<ptZp3Rzqhk_G%V(B>z
z!_(hBo;;}WoqF&7W->z3R)s~U9d7Hb-{GkD4!-342P?&U_{kmJ`%awh;_o}p^$))J
z#`MrE(ALJ7oLpZ_wf|;A(w7RK7(*%5qr5>Y*zB7BU?Ih~{y!R+zUZCCmuuWGmTttz
zJ?G!h@AB~QZrhH_SGj8qM00zU`)qNOflqvm1rlc0-+)--3IjLY@6}VZ4Jv+>zNShv
z_vH->YuvlQC#6>vh~^e5_gP+~b5@D-4Tj7Odw7?d2sk82z&C;VF=Xwr04WhZ?()bZ
zs28PCv}#L@SqiSD>KDB4MG>`l{f^KUcYWjUSUyY$+m5(h7-ml!`<!4Y-Xys!a_O>b
zo^9ucBpQgeZjYe!>HN&}*V~ajVb`L=dcwZU-sI+%Ht24R&>HxVK=YRT@{P+%XQ`HG
z-<ncg54)!rR37nJw|n@ybX`U-?@yHIxcR8$=vn%xWM8_@e3O&=x|H_trRxUTtr2bK
zc(pnsUX@fImn+rX8m^_~R-EyQHZ{NhDz}mpRa^Ky-5|U`lS-Z;3X}b&V*Q8PxkOck
ztuORh+S*LC1YF3fy2ExM>!dc*y%s5*lm{(RRQPw5pQKHGP$U)0{D|!!L+?VJY4<Yi
zZ^-{*r6S1fBh}p=ZmPTeBtt?EB1Oe=q3I+6&#D6-0&iIXZ*EY;8uHxdRrzo?b0DmT
zN!xJ7q#j-a3ibR-@j6L6m+^HHW^Ll_ebMV;Gqi=6JA+<XcC|h7g{57*t6Lv*eRO#1
zKD;*7N!Kgw;Wb?B&(|Jj?6S2oi6OTf{v-ZB0UEgOoTW2$M@r)ALP%mG=&N}1nF8P`
z6|Q@hf8u1a{vWYtFB<$rY0=Zmq}SSd1-wUEPDSuND!|dZA7yl!^?i+$4$xi@Y#S9w
zZFs*`vAD02s_=0u$NjLhGd;e&qHWG-Zu6t`QCR0>-Vb%)Yp-rbUj9wJ#eJJp1^$JE
z_OEl&0fq~A+Yk7k1VoNaW*jGE`m{`l|47GmT$V0P#nQeFt3uw4wfla4OnN`2B)qEY
z4<}NCW39jAMKxp3;==Ow*2l+sOPgEnU%Qqz)BEQX^87>kx?X%^ysx0VWPLj{z3_Oy
zfAx;o4NI$<`_^}tS8P({K9+#Ltkf;p{@O>x=M~M_+TV|M(6%sg+of_B&+Xh?;wvo4
zao?rNL+eQU8d~4YtE(L`Dmc#ieZOVS)}_kOxPY$WeG9*>OQa!cdF6^UE-cBofGZ)d
zmEZPBq|Vm$)VlZL33(lAW!`zOkM~OG-FGuOP5Xu;tG{uX)V<H6ci+h<FzxG)toG67
z_spFWNUeSUiryWQAuy30N!U`D_B9m_{0Nb@wd&EHixbIi>zdV`+Iwlq{55@`grxPJ
zI*G*rmGSELM)dulgtf73nIGGUP`8Dy4_`UN6f);S`}SWXvESb^a+^1GZ%`Q*)Z1(C
zKX~%PG?CuwU#eFh_sqo!xKHYMz9IYg386MD$+HZ!9FNLRjs+OGeNn}So8^~37~OP^
zJl`2M6?I-0Z@t&K>2N>pdWP^7CQ&@7X=C4qHAbCBg*9e+`bT>D^^~MyG^}N7ASMl?
z!ZX)I-JQ0L({@?D$%e{zy}gULTeTxnVLC4*yE=q-9$gr^+fMLCp2Oa4kK;iGj9_pq
z4P6+VB|L6nqm&RnFGy`mIi}C-N;ysz=$US`h1P8XR8u|rY*bTs+ZJLB-TE@#b?$`o
z6oT5ib6EXGx=BsHj>X~uy+Y68JrbM4>OG=O8e{1EJqJEJKIxEX;x1XXT;O8$f!XIB
zaif#sGT*if1okqote#KS=>)2#do<hhLk)JF;t!Ioj(`UB2Jueu{mHBVA3bF2FguK9
zh(&ymvliiBSTt$r{IqrIL|4_M>(U<R+p@GNdZFHE*(|bdL%NpD*MfZ|@&Kxkb}&|9
zd_>0*cI=9H+z~pz-w?1?Q+MbCB0maa-f#z<mY7b)($z<=Pu0BLrUw-mrUgi>HPwCj
zgIo74X#>URLZKpwT`a=sMU(Ux*m0k3xtpe3Vj{{~L3M1xOLgd5Z5LI=5oP)nN2l#d
zL5!4n6~+@AILg-SntmmonccOD@D#;0ox{-yC9_7@`a!xbv_}WrBJa8sw7J%Gp@Mtj
zsl>GA(18J9(+R#iI~lsUB`-00Se%|Lx92@PFiSbUKBvGvn#K~ckiw!UWgpPJU~zO%
zQndNJU3hPJh<U+;HZ5f@Yh%{TkAc0(K$3Z3$~Yx-3!`oP6pU5^v7|TR*Skt@HaC8*
zj^P0@r8iks%E}r96j$@)CI1T=o)aQn+(io<5&a#N)r@))GfP0@@u*|bG{AB^ZO5r)
zbi;!s_?-(`41R$mw)IA0Nviecnhi(1x5!kTBxBCh!&=H5^noO6<i<(R1$G#tBn^H7
zr88Y8LQ0Z;0SyB6*;SojhX-RN<)7i#(ZSz%5WL9ku&QHE3ul-ssV18%HXJ}ilP#Kn
zc+Sq^W`lUic4}*bX+HH7tMHPYad*<?fXJOMP3L5%qz>2u8Uww~3x2ybRvpMJ@Udp>
zy0<gj%00nIp=|(Myz|cf;M%{Lh>z?u17MeBWaW;<*f(Lv1BMF!sDDfRdudzj1*5M1
zbbju>Yenq4Nal@OwZueyt2WU*Miy<+N5F;-564spj?Sp7%kaUW0&3hBH0GYVjxkdg
z6(uLHB&mi@T+`EDs|-E;yueqNf;6w#ca{ZEw^DFbF^-e^&Df~|`kTX%I^o$@?vb_q
zfuEnDofGM%G|K*2iKpR=4btpR5BsYZn<cBxi`A2UT$Y{&EhVaK3$knr;6V#6Q8j7J
zfb>1w4l#V4+wO_MtM(-0f!SiN1hK08Rx3>byG@Ab#J8<EO#!DT-mlt|H6|=Kxe_G4
zq8MG+-EorQUi-uq#391ZxevZ3j}2g4GXV?RjBeIj+zAR_?GI-+@!P8X*15X^0U}>t
zwWj9_`JHPOIxy3DH*R%LAn*xeT>Bg2b8~#2-0kD7PdtmqQu#csyNgWS^6A0&WiP=9
zj5A+*p0VkisP(%0So{c-*#o(}A>$=C@f1IuVd9L!^2>Dm>wc?etxYyd1il(15S%Vb
ziVJxyHw6;{s`lIG%mj`$17zN<x2&0wAS+o=>It}NUg*$))6|?Sit$@#Pc)lZh?(40
zVSu0kq`j^7#_ZQJ#{*_m3OP0xvSl?VBANiHLZQ^VzNO?oZfZ#5(GQsyxsmRKa5yPr
zWh0=z^%eLqZNB_@>XyRNA>&&fBiG@i_5tH^V6j-Tg5TM~)gFOY9+1-ZOcSnE5t{_H
z8jTUFUy|~OSf<H8fonB8b3Cpz`K8B$9>+T)nrbyXHWHl2;*Hi!H7-pNo0n>@G?FZP
zuD;@ee3zJdGC4H=6~$710Avd1wHZU>(B-0w5>vikkkMFq|EJ0KnmQ`awmb7W!cRCN
zSu1Hg(T-%n30F0=VJuew5!CYx#IMv6HDH$1T(5*6L9JIcxBw!*Ne`%jcVHT7i9E!j
zoPg}BsJI}=OCfUN-WUIl=y*BnPC(C#OOWlyx52lXCab2_`4mNnU#h(bIn#ReHrIDs
z<GCeuCWj(Z&y`nfknK;Is$6o}naDUoo{-s3S5>*BvahNtKe=%X66OPgWLZ6Am*4)4
z^2&6JP@HB3{v{Z-VF`_goQSyQ#Fq>Ys4eaoTJ~gc@G~8wB@h-fE#oYN_dy6vh-d)s
zRUVn9ANfDn--W)je84mO@D5?Hg)prf1b(@$y(xF6UUkt#@=WNo5DUfVtA~$o2lM2<
zPz%<$ej`(fi&n(ug<7BnlV#7PSEnEsKV>#<Gj1?($%!uZuIGBSmRe^Kff`=F2Ydt{
z>}!C4)687;06hG^p}fdx(jY7Lhv9(G#ZHagZ5=8zk#0zMr-mCaBS&L9F1*v;q-5cI
z`j#(HMtrnrIHtqHzTBdOHF<T&9{Ee^updNu{1fcULs7dghS@|$m4UvW>?t9u93^s=
z-^G6}%D&tVSOffbSY$(A^VnOF7(rmVznLYIH*lK&2XsjFE;!e7Gy~<tmx~O*9X|F0
z7A0)SJ45-%pVGG%2J9ls%0RzQ`IL|yjuLsxfl!oBNB-b{frDwsG6O77Ke%5%kbyGT
zr#(&d=<Z!jy5{0HT%@+eZ+J+v9WKY8E#iAm>qxl+JN^Z%LAI_VH#y=di$Gy>%6#nR
zU+=x56#IIiJyc)5nV>6g0&dIq%_@J~fUaXcp}xMhkfLf2=aABVMI-hd-ElNUDPeOr
zqXG7>X~hhv+9ULJ`z%%Xc+J1t&Bf-ob;(*II1GfZ@`ey1Y>P9v2te?ai$s1zne&zm
zwegj=fwT7?AA@d^cBw_#neYJL3yhpx#?`U2le&BN#Bpo>kLX=^m)jnfq`~--r${5*
z>W*f1vj}JWcbo6QbkBm{VS<a;Azh^0E;*=o5JWl{{4pz8c5U+ZK=Tu>cu`HM-Z(sH
z+9CR#%}=tqtZk2xWeqZ6v)uwiq$XWZT;**k`turQkv#EI!pTF|UCkjh?RbT(HH8C0
z)8$0D^X0wNUg*NY{zb}1oVE-k%=5C3ne+g7-(iF@;CcGpjV)q-dEs?5)P3TL{<7IY
zwosD+x8&kYv>H1&Bz&6cuq>uo8~t^<+skw4(xSvgu;<Yka6sci$`@|vHI0pu@SeFf
zvu9S7{m2TyiHaFjz-eUCHM!-g+zr|Eq^SoqTMi*F-A|h(g-rl^AD7vbj@&SGVEQN?
zt($x+S@T^-b~j!wu_;|VsJpt>>JuRCeiyjokY69&Ur{tKzB__29UZdc^>wf+{J2sU
zT~uC#5FZ#qP>c?lFxS{w**l1?pCfmjcovA!swEAby2lc7yZ{7#BxW74KGQJ8u&;;r
ze%fGT0n==l)=~yM-J7ArOm3)RPiQp<Al0xI_{T*X+yw6@d5^L)R>v+t@z1~B9@MA?
z_K3YIfVg#J+HskPE+(n{ixiW)`qyC1@*vmZy1PbJOm3g>Yw7GK$cJl*ZLANz3gm=h
zOyt=RtVX#Oyzcf{_l4}fj$bgu&l1GS)iOE}zujQ<8mAU^CDU5h?DdTu=g#cmab=lr
zxppQuRxMh?*7Cl^H^bIk3sHA_M^8eKpBVz(dSV&VwHnjahk?k*_ue-;pEVAZF%6w;
zTE?7Pc_xS9@`~mxESeRIuSL8Z)Zb)MKfXgOhf>m+6C79Y6A^<3uLX<n#Hqd2AhEiC
z?UfSbVq4}tu3(X^m&x?F$U%>@j@xw!Rb@s=kTKLOkV`_e>-P6cAusvYT5{1rTdj`I
z9-?u{95uJk-@lT)&LDg@*V_jnJEy%orh*=>q7SzAJRsfYJS0hnK_06TNyAIJd-FK~
z{KR%@`sy%4>VcQg_@J_@Kc#l*f#R65d<*_%{lA&N68%HIf08ztI+Np|@ecV`%yz>F
z!}6lv%y2cE;=-%L2|8EvF9T?a^KR>_z^+s4#zG^4{+nbvBNfhN&~h~|(USI6zWGZX
zjp7J3T}<J^k{YnH-&I*3d6k+g7L}G`{ZdUsBwUS4xb-R*<R*-u3WW!$UDdek-Qw-@
z=N^E%mAA83^v_iLBi=sZ-uW?$TU(g`=16_yWoo)uXqY?SWdId%<Zb<%u<t^U%GDo|
z|EjSZF2sS)oH=p`ak;!G%po7}QcR;bL~TH*m5GZ{8OA`35XxQTw(cT-_4wP(Uha~G
z5VaeA8H+TU>Bsv?{`Y(D+I~~hRLK3Vxr;6YR|(knZueTpsvoCZO?$j|vxd9y30q?8
z@K%F{Eq>3bcP$)v_l9rAaD~n8%@Xb;x$c!80{1(+qlTks%XCN6=OV|>@#-$8>qGs=
z!tjg#Rua>WMHxZKDyGHBraZ=;$++NMuJdFRNx2`R&+w<b38pD^elDkp!AUl4OI?~k
z5*tbq;%tURZ4aUwR+A6;(+3SV46BsY0ax@A4>gAs9VZF@0W4Hy&Jpnet`U3t$$F(5
z5%EWM4aB~_eTE}Mq(ubBNy!sLu;uICCY*(Nv+l1ag1`U2OP)&b)zq7sn+z(8+uy(A
z@6V~w0GR~IEf?ABK@K$s!X0x00(ZLKTV<2pH+ix2{2_g2^`-u^xdOM{6+irxqL!X(
zn+Sa%z2)BYUVx$h?7Qkm59yCZe2x%-$6x*t|5#LJ^&<`XsKw{PCPLYy2)Cw00fyeQ
z7Qc%<M}Y!~^%0{JF>mUAtHVE3>xP@6GW~zxzZQM`d7s=B3rL@syjXs2Og~$FY4B_n
zp$fSKy!(FWc&kd_M>3%U-{rp^$Z;Wmw$Ab4A0N$enS``&-u`xE$BoI5yoztZ<L1RT
z+wbN5egMC<%`Wrzn*FRSA=7bXEeNF_pDE%0JYBzz>bR-!=g7XCaGZbnyx-b;meA-L
zM{AO)tKVz%bK8HG+~o6Te2aWqNMWm!&j)|+B85qy8#nabE*xKxSeWaiq$#*V#kzU0
zG=$D}sLS=kivc0M`1Ojer%<Jad$@(@bQ@rAbRzKUjim%OAgaE=7MxAL#8fLg;pbg8
z2I~h!!qvJtD=#LzC2IH@A%S1O)svlNoM@M-#p^uf3{`%Mv}^<t$_BPLJ#@QN%9vU%
zT6o_>uZ>@I6vp4}vGNB^*G!AE$2PUcboxfSbGc@|Elu7?^9S*w5C12#@|?Z#Y4L)S
z%!5y(?HWVeM+B^c^6U+ARyV_)`)dnB#J1`~@-P)xnSHs#lV(VB&}sa*fit-e{Db!-
z!t-+|zGGB_chCxcHE#mW@{%MQnmuR#<n)$^$2T&j#Kx;>Ef>qDrJ!lv4UOXV$N>M>
zqa_RY#SA2CtiaA84n-rI2xm2Qrh$qm3w8b8O%!T}|E?{BB+oF-RYA3PK^{ymyL;J`
zgqt=3;P>{TF75m~+8XndrVE(KXN=bq-@=quB2UYDUZQY4a%OpU#U*atJs$}MPZ&!!
zA=kGs>{W8K_^BWG(;{%*`l3MdWxR8n-}v`)kPx~Cqs4;0@b8n?&*G$R+1KeLuRYbQ
zu!Vmdan2JT`#_F2S)pi(p~rdU!zYth{=is@?*l+*a?o=}$=LX5?y;k*on#3YM=|Sq
zWpXuM&yZ%TAIinw4<99aRX+B;K9U%LZ?1iuj(uq4;I#CRc!au3;CdCGbfs4w?)2KI
zeT1?XNw40L6-<T8IAuec3&WSav7}ePPw&~7PupSGokFWznRzkT=#DFFSbXh6bdBvy
z!AND^|7iBIL2W39iiz&*1&Ng}efU^yn^!QBO=RDtlf3oEwr6)O^op(GNtHMu_K!of
zq@P2^o$dR$Y(_J!m3_qVxIDl)9d|S3W!M91mphlWRCfJxB`?#eW=@AaWQmQq(sMml
zH@x)D)z3b}akt;xJjF?UE%pz!Z6$^TCEm=>Bs`@`Bp+WW@y?I2r=@N^kbV04J-P{M
zU~V7Jkj#kyh6^9mm$X8*w*5i7#&zQWWbKyA$?vDfg;=1)>PypHr9jl}Kq?!d%jDwf
zfgL@MN?J_-PxKPUXt^o?wloi<dx|aQzda!D9Ts|h<*Y*2^K^rzuKW#P?b*<&YhA3X
zyOJ#IWsu@n7<*;Fv%`i9k<L^Cl<vI`B;+1sTYuO%dx%j1wJs<yiYLc)a9O!x-f!4r
z9^>yUL7>a>w(PPrtCGC=&f5jfeFe^LTrr)^-4ID>8r5kZLNK4ctr6ir-$IYJUJKJ;
zi4DK<B>0L=$&X;|YI9w7`O~oM-dR<xgey7ivAuJj7N5+zNj<4%kur%%5%?+7t`<m`
z5e?)Is_uMyZ_3`k{LaVkVIla-4pp6e#-Qr<x7%*^`mC&>uf`S520W*nR>lfxwWLpX
zIWx&e+*R>awa#EQ``ly}v=Uw)#fzae4lbOwt7P&~*7ICk5-=Ih%Byj6PbgT6@R8ed
z;8SFrY{Ab`9<<<bY~1?{X2u*i$M`F#Hl)9s?CM@$xY;i2&wP$Bhbpy_)Ds?cYtQ_G
zLi3Yx5WD~EAs9pRu;|oLSo-wIKA|9@B9go!u5ITqHi~XIhmYh<%Fr+93vw(Op~}C+
z3~rF-bHJYJn0$CTn#Z1u_nqeZnT6ZJ5&VD`)?}MeifO{1M9+C6E_E@?G6u?8d>0?2
z?T7G~*|l+Nd=27B7n-BV22JY}g!TetmZ7QcL!Hw0)~w|v6r%>AtNCz`fnTzNb!vHu
z)+qizE5Fxcz(!`dG}V2iQ~FrOr><GeANLq=l(DNwEgS6|aj;%3FY)*(|0?8fWheHs
z#dk@u(@!b!!SDmT3DY70j+6pOTCD8hIkQH33@3<DZ<@EVZ4lJ4S2wacIlaEIhwbWg
z@dkHQ(FbBV;%DUd&nqDA-fJNlW7k#d)1h{Meba<fTd#wWL@c-3@IyiThrFyM+uUlO
zPGvxAN+{<1KnQ2ak*4|4@DW#0L)_}iVw3yj>TMos!vZ{`oK`iN_6dKAm`W-(3E0dn
zud(xBX0*!{S;rt`^v3UE(OZw9douR#S;hM(m~BJJ%itj+0OeKaU*sC{vhk1+M`eeK
zx8<YvMjhU-iuZXi+vbp$^@fbtD6f{j^%%J)<M2LJyie;t<%H3D{}Ak=`k5@s5Q+66
zqiS0NGcNXxG`EGKsAP}73C&yuhRCj1^NY!t8weo^|4-_^UN)41tLQAb+S1U3-HjeL
z(-HVzMT*THMN{cd>O|g)mjqd7vjS_~?$u~Mt{`3&?=Ds?m0)L`d-o3H76gvj{H)C;
zJ<_v1w$(jhSP&TyV_PktIjHjjQ|lV%8ME1`Jt6hspt{tI{)lBR{hc8+(l_Qwm-d=e
zo1ChcdBUxg>v(4f*Dmeop%yvSs)cKNEOTk^#$4lkW9S4n7EHrbD$frFbt*Z1xn@is
zPha49bZ+co{6!X`U@JCPvWw?rJ!){CQ(6RvL-4{{%O(G?xk}2IXU{F(+}rUx>_+a*
z<j5bLtl-rqT@B{Q-<7i4fG)5-gItqc`id-S+Pdo{&?IzgBeP-hfxOeJg=K6N(p27T
z_9d)$%?YC)!@4Fhj=vmkTsDPiO>U)csPBs^Jr-<3Oz%T$u|BmY@vGL>QaQoal_qHS
z5bNj;uSg_eNOyIJh!kVH5CKX+QZ{|}RD&k@<pbIChL9hoYm`4?agq}UG_r@Lg^LH+
zKlEX@b?J|W22)skB6gn$Ov2}UD?xWL0pG9z!LGolIk&wd7WS<wyc-sAR{%9D;Kd-N
z2qfIB3elM~U4>;4*zl(RmV$35{90y1Es-8B6O(XU7y3Z1w!wOrNyZKva2LbtSol1(
z_!ChC=*{CCz7d|)b8;SmX&ENPj}uC-kd08Cvo0(u$;Ps7dmql(t)x7hJ?9b1R-+6a
ze~VoE46o;kNO|K$bG>qSVSL&H!aAkf<$B6PT)TE~rn=!hF0$PveZeh2dyn4z7uG`$
z1(%Md?>L{p-M$-p`l8eycnsplOuWw66;Xhvh4Ya!LnjW*`i@!vUyd^Hi34z&;Dc<W
zf3HQuB2QaphQ{?j5fl2lh5yqA8Pn$@k95VFt~cY>pVve`Nzx!7wJ^y+k<PLx*J-_i
zq7vYMJog<}xLQ^QSl#O@{^0MV6Su3Ulc#36j(G&{_ADr=F3P(3uAHi%H`ms`Uwxjw
zCV)pknNol<Z+K-1Kccjn@YYDZx-64`ZAz>(9d68ND!G24V#5TinQn*Ss-P`wZLnCR
z<J+op+*ue4IXM>N3%jkB9cOt*Z7<&cqHR`sWdq&j+wDXo8}eK_E@%}0XAE}QT<GJV
zzr%x&JtRxpvDOII$@(aNBsH5hI*(y}95S~BZYp|fv6~XXy45kdPgy<3zjcH<IC=)2
zx={-fXzAa&OIh~SI*4=YXlwyQ#*XAx!tLLk793v?aUB%hmk*glZr~XF+2QLJSU<7`
zFnUk;r+8RJc4Qo4W{q|K4GrOFCv$8v!y#7)-kj{*a60-(b~J;o`a*-fdU&dLef)?w
zg}%dje>|!o8RIE>=!lr?z}7GZNX)DQ38L>VNuoOA(S1Zi97fP;A8+;ydYwgOMFsH8
zn6+UOL=LkG(Ikm`LWjPlGqggyQTU}){so&6ypMEE=SUKjqXNP(l){G`2!&>BC__Lh
zW{~k0-Yp&lc#;@lSf12g5HH52v@Gz+TVtdm1xv6Z|ArPmf8j_o)HHnw_CHO0HdDIE
z_Gw=OkYMDx6{e1_KA~l=_`BH7SC5+hCs@$2mtYfHkbLq$jBq5_V1K*jJk9{55V>xR
zIpC{LZ`mus`qNEzP5&w4Q(FDZ<^L@;_%xsY(-ul7_9UG`<1~@}{)tHTN5^G>P}Bce
zJP0*V0o~!Z_ail$gb_@|a`{gKM8n@MJ(vV%ts{GI`abOH>lTZCe0AWgy`pXT_=(@d
z!tS1SzB<&u!`Hw^P<`EMv5v1UA#1OA+cbWny$5IDqoBTSy?DS^m!7p(vh5!~(e+mm
z$tMR~6jlct_@H_$;@L{J6SMFW!;JL5(Zx@6^wb#mNT{y^7svVPlCwNZwjKWz5BUq8
z7yuS&<4yky+~ZBH7ypVmcU{x;vQ25;!jesC=5>o1cku}%0yl)Mvajt#EdKyFdanp0
z&0JW5kry|$#-};P_k^p2G`JzJ)ab$CUm!I>SK+&hY}GFE0^oW2f=02o>5v4-*KHX^
z9OSDxQ2rCD9R>Q9`o;=4(S@=AvWadbLXap~;Jg*k^miPfYSST<B3mM&f}&fCo<Z>t
zZwO>hWXqJ04+rr^;WHl>R*ORULcA43*RAJ|^Wdl62@~>&5R}s>&<lv*k8&dkMI`*f
z_rlr<xdjOse$+!)6#S#~gSBq|AD^c1Q~Xh1&{GJd(AG(yd?Sh|@whHOBS=LjVXzA5
zh6t%($;KkDi6a0lOj?LCT`Y#dc=>8Ye6!lK3M<>JWPM+^lbkLT+K@h7ShAktx3D5}
z^qSXLcgQo<Z*cf0JWJLccTE73>cgJFetJWm^1i|CZH30@;$%P1hG~)n+FcXx7FvPj
zm731_Ej_#rt9RWUm&2zb!4*K)@z`(c=dZCYbo8d&DnJ>JZ<>M+ki15^{_S`ivKtQ<
z!>W1nYw$Qq<~5=yTH_dyYpxE}-@C9}P_icd6D!etzE|L#j2@lPEl8ezC;50`rH_@o
z?@n8y!Jg<c9wN&kB?6+${y-DpfE7^gQ+`gNxdFjE-meQbZ~_bnm&8EaQTY}?Rzeme
zO8Q59B*a|-AGLFW5HC@(1{@ei`H+^dSq=oEd|nt(b|$$)3=$wa+cn_!{A$#P_Iznz
zzi=L#B_3)1^iLo<dnHT$y5n6Ra0c$E4;H$0!P=A}ONzI~yWU&eVijFV)J8^CquvuS
zxI?~M?NQReKH+yUj62&h@k9(ebmDTKvfJ&eQ3NDt?iDYJB*(m~oA;MlNx`K;T?dn0
zNaNAE$5$p9XYMuFcqP&Ij>T9gI~s{4{-FOXfK29H#agkR7a+k8F6c2#sTxG@DMhV{
zt`w?&LuIND?O&z10goh2Lz1%jb|X1zKZ|qkXMF5fWrjyO;O}>)`Q`n2cU=NFK<nkF
zVP2z(j)OR?_4`ozg*2*;NQx-Kdw)=IqEvZ3T27S$Bv#n!1btXd+3$}k*&5w;AkB5)
zDC5s85AG{}F+%rUd}r}4xZ6ciifoiF#DNrE9t;?TK^*`?<wEvG4CVYk<nA2UVmE#a
z+}i89G-*0w7)vG}>AEo}NpFH>=_F+juZH(`f33v7dxA<JVmCs70(moG>b`LZ8>ngd
z+vWNo!I?XtvwG+}EK>nu@Ia1khM6#H-fqKh|AfTb=gCE~(jwKAg{yKW^={p@ATxqV
zy0TlZ&7k~Js=%UqF7xu8V@L?@yVxxV%Xn;5$u$zg`gq#AcB-s_K`R`8lekag&!`3I
zr61@r_#a1Y56}oHg_hI$;Y@6nJ9$thy9+aKAMZ&K2B)Gu(tW*3o!7c0#mTz-3P%;(
zeD6!TueD0zUre~h2sjwKi|$32R$0%8V)MaHk#s25FvEpIp^<>KC;4Q&^8*(`{pQ8t
zZB<<}3Fumr-RRvBD+LxR-NaH_E{B$F#({ZvRiaLrKRa8;ZDkx&7y^iwLluV_><YEB
z0f*syzKK?pB`d#)X@ksZNqcxV7C-&xBK47WE+&$|i5>ljP=oC&`jN<t;J<f4?0hMk
zB_mm_i)Q#dQd(k4hFs`mI?a&_QXcb!k*O^F$Q1rjC%~_r8UA`j+^T}7h80+0qke^@
zSA;gryo#q?)5zndZ`lpM!!56-8Nul+XAQ+Q=w#_VlDj{~r!2J;=Pz1PT+w25X$yOB
zD}`=i1yk|pEe<z*B0b;|1!f2!FOOej=Qhh+m(<7%(&tdJ0;x*M_{7jF9eLD<446I4
z#k)s!!g5>`CF`6y=+KvqSC$2vvMR~sDrG^L&S&M>3k2}vRu@)vu$Sv+eUsllXS_ak
zan<xa%%wx$my}sfT>7BC16q%zV2SeVG+wSvIJ-*+CXt{6BYb5&YDZ~gcTc7VWQ>{x
zn5h`<KdzjoUC*m59*T((>O4e5S_eM>PU;DFZX+NQlD*8<J~J)q?}A&}H#Tv+Jx3dd
zBvpEGzJ*@tEs~MU>E7uo!!r$srjZXKBz!>zZnG;mel4Df<(bL-v`F5_S6*}vURaSm
zPB|GZ`o`tl4bw3;I$F;^;%Ti6wBu>bg7|ntoUM3B2IJ;~9^7$#7o1fQx|8Jxz3|h4
zU_W2oe}MDYTji$*LCh8CwUIhEDgkS4y*JaoIN#TfO(N`*OI4#nPe)zuG6={`E$e24
zkoT_Z?RY;xBYJfA(v$tWmQXr3d>7KGRwurt3XLsU4;doL(0v2TE`hjyXubQ{HRNe@
z=>QX(n*svf4I5B}(k*XXvsBFEd;I$B$Kp3Sbfs<2bqzjWCpEPCCA!lrVWsXznTw_&
z7!XBg8PgQ67*;MHbSu^zet$;$>*+ZfAp5*bKU5XN@V!gSfH<Gl+_iC0+?-~qTamOn
zBbc<FonL<=@V$G}xZ^rGj*p=kJYIMUCs;Xo(7#rQ0Y#}|^!1A#$>DG1yTD$DYWCY0
zu0Fr<-pAEPvcN9BVR7yeyLpY5PGr1^y(IIc=JOh{xJr}ra@`&mw9YS-)zNdKx1q(W
zWcyO`^E0C3<#0P&-=RS-))m{cHHO{08v0eEp&5Z5IH7Fc<&4LsSdG5try{Na<PD2>
z>E4jn0QQ`9x20=G+#O=b`@cx0usqRyUGgDCXD<J`wT@I?n}JT}hhs_h+e0^VH?9#E
zQ@4kGtaTjH-+$FD-7@dgoe3SB`U{=W^<jeO_DX8ACLQc`!uawI^cknaBQ<9Io^$b~
z-%W#_Tk)l_oDP<1%<tyVh%fT_7|(Fb1vUi!ckPZ}J^?^z2{H@U?X)j8QE2+^x834}
zzA}fw#akyMr)9TyR`^g9&<pDCRqXi7{)iH0Gp}O<3pa;}A(-qc2AFJ7n@%SM`Pz&5
z@`yYjkYHFfl6T;~MKqONZjpz1zHo@4IvJCNn?)2y^9A#K+8JTpk8cMI_iAMrl1I~g
z(-!2tCniBMGBso+@V&YQB+(`hSyMV%P^sMc^dX4^+DWNgEs9MP!a*^uc#8DXixc55
z&a?_$_8Hnfdpo#>gS`Iy6}0*big%B0AY+0HmCk|45lw>}G{u*g*PaD$utJ+W0aPGL
zI`|%dSoUPh7xxGJUT-Nt&{MifayOi#*iU^vPxAha;)SF)jQ;2OKeyTG7Lk`6Q0kK(
z5e?iV(sY2*`JY*yLVl)Dct$S;q^v#Ti?;gme6mp<%fAvjsZtmz)qUTEL<39_PFd1n
zflGYB?@wA!;|{P7WEg!@Y0Plt(CPitJ8TuVz~OJd6iMDKy<9+7dyhz7|0FMZ@+})v
zBjw5SDus_s^@Iv}69;Kg%OvyeXSb@Kdz&=X7W^jP87qPLxg@_mUA`d}aLx$5@R_*b
zslx_~eW)3X0!#a4Lv|&I{t^8?lLtH!N^cq>fF)lEoP_yfS>52g&L>QR*(4e2*gVgh
z2EsR_S)NHuT}uh8o}LJKwL!5BtNBc{-o)d@{tbOvlAW~~drr7sG0N$}4D&ymQ8Npd
z*XV8ruV8PWyRoq_GQPDt`)AShSPr%$M#uAeYA6Hht(VQUSA_-DEQb8gu7x^n>|ZRW
zgei9)^k}dtz=n8bulGNr)cxZRY)Iev2<M7SB^qRzDp*b7nf1HDtPcB%o0RItzBWYQ
zsx|6C<B?YE*`c!yA>)l=3A>Hzjb#ayyVQfG)79$6p5e><E_GR_S=x8vD<^ssCC?PX
zsU#7uR9=x7H7_C`w8@viy*KF#L__}PbI|X;ym5<nWw8XEmA8^@-tBT`Jv=2bRp?A}
zc&_3SlN=CmSakJfq0xP`<Ly8}*ljFzCj43qK&uGEh&UlPp#-h~(TYsj2~pIuv6fmY
z(OI6h3$nV5TMt#+5PWf(a*M6x5!;ND3rY#g#uvibP04rnyr)sxY*mhzeJC{`q~+wC
zlK8yj<6LkxANhqxW1leBjmZ7aqi}Tdeta$$)T0g*{Lb++d)J1qmOvS$ACaz?r5?yY
zhs`ipZ?<)`3;m4pXG-?Q6QJ`)t%D8c(;GP}xipGFB&b!oc@NU9YR>DZ7iZCq!&fca
z&HFg@ZWgw`?zSj?<sfDx(f5=H|E1%7%a*8MHGkItJp_DY8V8}bnpc5%Ynz^SfW}+k
zzvdaCbL=I4A$}mUP4V(BjM&$-Su<E9VqKr*RTZVx{A~#Cu0Ks>;Vg};JaOHI{B{W#
zr#A2ZvMPNRJVm*3#88<&t59@sF(hM<CcA0-OHq(&Mj)~4&?X}n-=lWvmm4OC$SGea
zLw%R9`tZ?JzQCMDir_|{=iU^6H08vFd(&JTGA^R_0F-gUr<C|lp!iS5@t?XLURF?L
zSiE#gIxLogtNwbFn(X;PVc<tCSvr2rsK#VxmWk&y8{#QJo^R+Ug5|v^wVH50S}6y8
zMe=k*XvqeVBvGI<8-CHA?w(AsZVNSs#)X&73olD4u*NSFl?lN#y!s_YW8UY}MCc2(
z=R(o$lBb*+wI$C{dC|ncjT%#un|}|W<mSJI8z<OrnG7sFwrQ()R}dH6XlPx}+}_@@
z`J|}Um`{-YpG>E#@e-Q>*m1^urnO*VXLb#60pd{CB7kZ|@cDrXwBh_NebeFPA+s~M
z$Vb0K?V-tQD^3^V6GG;)0NytGrc4BL4&d#rZ^{;*5c;3yseuiJect^yP&R)OW;Ej?
z@e9~oszmZLz|#QIeX?>`7rNm{538scx&Yv=JyA0?2xT@6lG~tO2~K#oT-3S)b7EKz
zoIK?TZDi$hgP+7t2|Ohl)0oP~5;BNBZ?;Y@NrJp|$_eJ;MXJ>}>P$WH%+z$N0Fc27
z^R>U*glpvE0$uP^VR%Z3z5zO8J+)`Ng+CWq(!p=%_GukqlR-C7H=-aR!o5O3CWHn&
z(S|{k+yehvfS=;Xb4dB4Z2m+WQsCcA0IHN+)B&zBD%30fck}OMegA-=?M!ESj}I0(
z(tiUWhsoo^zrrF1u<{V8<^CO|G%~BrS~5kwS}VVqf5!i(CBYiKn;4^bW+H0$QJ%Pc
zf5^vMP#xxSrl$KP&^`gaGE&i1n8v7ZuLtS|y=X^^hO2O|@xPhRA-9Bj&jXp7G_EAt
zoDq$Flud=Y@fVQ^m=prZ2K?5L|J=GEka9q_L!u2caO9_HG{%N5s7!d|^bmeej7;ah
zz@1D7dG9~4CDbQNCPt~;0l)W8W~4<h7$0QF6CaK-V&zhT6&j@&g0{LTG|ErET5YtH
z5gPtCQ=I&jCfu@DXjnUO<$c$Iqpl^^v&3ty6F<hcpZ+XeWkq}to60wDNhU!LXZ?D&
zAyO>l!0cI<Klidf;%FPEUpshlSK&ORiXP>W79EZajXB!dD-P1u-@L}>eKB5^gjWk5
zA(k&0MZ2tD6hd2Zdo)8X(S<>DKzK$7m=8cm1M@9@f&~!;C&W=$AOI-IC`P-)BCgd1
zziRJ&5|$~f-tcZ?(_?0ju@F|fp`sAh<)I=0%+_;`P~lmjkg*UBJBH#PSY~*_piE)$
zi78}^ClxJbEw!MyYx3+aBW2NnsBvgRBRQ6L-Shi($pQWnu3sF(x%@YTaN6k?ALFmF
zPq^d9!Z|(7TT}J%X1+zM^e+JTr0gLyt4(q48ddPkN<cg7&=aEaF~HY)0IDd!g}sz7
zm|Mz`aWrShnrJ{5<$ZBJ1?W;ddDd}b)7b9@Wn?EjL&ota&xeR^9AG1&Q4Q~bmD4JP
z=qv#Gz2lD_)iUYZ6)jVcl8-AXS3v6x)5Ps-PLFn$KoRC+tPGw+i1BAGo{z?C=mvD#
z#l0xXUB?86*TM>rjWT@I0JM$1S6Z-GAB@S?o3Yv}=KrzwjnSC|&A-8Jtc{J0ZF6JW
zwry);+qP|QY$wkX+qRRN_x;~<KizNlp3~J+JzX<BXSz>Ub<fnV{>vG_H`j$|steIp
z<)cf__H$Vp;5Fa({TbNgrl~4MUsi;*DnEeI4@)UT3Si&i==w>%ZS#%g269#w?6Noy
zSyhO>tT6E=igTO??>q~^We$#qeh35W6dc^%->+?8P*caCrampAR}a_k@r+5==jZrA
z-%oB2{k+n$z6&g4h$x8@RT@pC#q5GpEektsf{0$uTfkm5hd0m^N?XpG!|rbisXLE+
z9HrJL-SadD;iu>-!BTHEN94NrQ_6eX1eyJqw}9W@6v}XsAN-g%hwr>9ME;+u{W<(w
zb3~8ZT6a6VoY3rRLl(hIs0FhACg^OoUnMd@7AOX*L9&^%2W}iSsTXgvGoPTFUqahQ
zv7-5N6wcVebYJm%bOUIQAK~BVF7nEy8pkY=3{wS(roT%5hy5+xIBS8<H6{4ps_7sC
zVJ~wGgH@3<*Iy+%O>=as|0xB_c81N;{cehcs{SolX<n+*v_Q3Lfp*ap;i@UZU0o2V
zIww+jTp;5-N7iAE!nPU|&1O(21N{HS&dFw)m&!CPkgZyvTr`Edt_pM86lAl-i)4-#
z$QaL&HJGDlG=<Zw3ZvWnj{JW;{r&L&`^H#)2Be$L^wR!s`oGr^6SwsUA@TjkuHn<b
zzF<rGd;3|Q+0zgZ`{CT7jwwn)4aj)F8VM0i2iOe|cwn4%7}FrP0$;8<X#DL4Af73$
zgJiC0tV0lhVElipubqyA^!olYvIpo5Am3q}-SJ)fVe4Rh;XA)|Ei83-$^V$&L4#|4
z1_%HCo3$AU8fyR8L`B}~r5GG39iYI3*9&31MkCVo#O6>7cS@Fp4xfh<>=FT~=?y-!
z+j-S$`%Hlh5}q)Ae$!JA@BP3~MW&5~33qHjqA%^!VF2p^DYs`Y0zD%1gXTa?zl-Di
zKiNpX8WDI8#NPH<9JEFp{1eC#sgo|#f3v6HNgpC7z0q|HrvI{#9HpY$uM^zBp79n)
zgnpvuAfJKn*Txqx!yPcgvI9+|fD{Y};@I*1gH!^G2#XRV_DnDKoN}$R18Puz?eloJ
zKxPJI5=g~kD#_-fK*1J$fKbgcb@ch{w$R$njV&!VkNsZasML<cppup)SXllK6`4f|
zc#o1l)fCWqgtZ`gnJq*1iIT(0JHlJPavyObV-T4}%tzQoDEq4vrWd_5av_*^cVKs*
zU&=6tLkmdFN9HSajJ#nOeXTV|UW4RIUh~V3r0cgWS}P3XkX~4az4$tD4~g(#>QHL%
z-Y%a*?{x~07#~$OqBgP?wtJV6@pl(BKE@XECdwB27WyWJ*N|@hR+hCaIv+zULn#dS
zVf^7-zt~}I`Uv#VWcs1>PS*?mU3dS;A>?FYaO5H66e3LOBx1T#Fn@+wh8c|7WaCt0
zaOI)*WgmZfs>7F$B^?U}v|r5K;D`LPls1KJG$rRHxx<-^g~QCSOPc8Li35Fx=ukIm
z>(+g9n~{TE#$~izxE!NQ6u~e4erG>#&36o$#NCCxUc>S5FT&5KlJc9QUHUZqh%b^)
zl!dD2iJMdzj~lhUFXIfnFN=5hg{<ey8+Mtyy+UOE`~;DXi6-&az$9BwMQqw=wq$Xm
zqS_4Hc@B#%i+1PS`?zvVPjycqY7%~YkCA0UPFxOCvsAGn@II<ZQ`5*(<u(4^Xo2X&
z;>2R%Y+kN7x`bFUbkTx~$|lt{O;&tHY9@0tUN=dX<w4S`xVyxycuTyO^+94ovGv5~
zB+q$tk-nP_j}>0rPRcHGTKr19RJu2nFK#-GFJ)TNOvW#1T8bc(PD-s<PDZV`SM$e0
z9O+nsb%zC(N&5_HGmm~cU5Tcty5kUIik;?RgkCd`k%#DeM-~lvWcn?}zA~fKXTm$_
z4gSl-Ev7?P7Li#P%DyzGRF_<jT8~<nUXNZ5iEIM(J`AIn>p0yF=n63)LTR6?T{erV
zHc2hwiwbgI)FI<t=p}U5*`vBk)mvVd{7XHHh@bXLc``XSITwu}-fgrO*=&q{oIbqq
zfUaH2Tlq4jbEy5c^0so<=+^4iz#-?o<h_JLkB=x9i6C_=-fQTmW9~XRUDDe@?BLaC
z?r7@Z)r8tU^)3qZ0`jNKq?|j$&L0O0L0iF^XXE~^AdlUKpb->&j9kfQ*Zx)!ul^@w
z^vIvkawP8pG?MOA`2x-)sN|@T2jOz$w&<zku4JwemxD&(YC{<$l$0XgTqhF}dxNwR
z=@L)jYl-->4UwG*Y$UwoInt+6ukt*Z&I{P&x=nnxA34wE&8r=fT_zWGr-us57*$@A
zPwG#aos&;mPa02|PE{Mrws-7RkX3eRrRv1XiHF)&watKc8LQlfB#)TpEzjlmw1=#R
ztQAvUJ6^lbnuoxL*h7(J>SgLf@3Ye7vqJ*)uN0cJTuE7RSw;-fQnJ#_i9|8-ShmiD
z5t3L|HF7f&zo~PHPfy2`l}vBBTi!#oF~~&33^lUel=qOAtwiE6yG)$KEg9dL^{jVa
z$KH0<mw|o6sY=De5*mh3C2PvaNq$L<gakWVIZAO#CVn4)kQ=Y@raK_36Q7lzIIYLq
zMY>QQz3MRTI-d}@u?^1ugXo9VrL_#Jh4q>Nv2}n=-hl0Kpe@G_v7I0H|3I>WVePR(
zekiQj5d!V7!!!|be+7a4G8PBzQT=B=>TjI}m1uyy-+w-1bL4Y*)4z7rjF}=xloWu%
zQ-_S5kJVp?zC1t%gjq8<%C0WM3)Ss;nv46_w&nirHr?mZ_5-jzeC<n@i<#61Qyzz4
zM1(>nFnwMBuYCAM@E<-95^|eCczgfC$gGbBKR0l}9)Yf3rOo&4Y|6x23JGS9@Rw+x
zIHuFv%g;Kf+ZA?%;kyrG9Ph_&sNh6>80pY-2FSy|@F{&v6d?!O9Us8A_Pw(|!RYGn
zXSV#CAes3nu6=Ys*mdw=UcaqjzFtAT&i=jJwc+W?FQ+wT`_E}rxYZS1uo|D)e~%%A
zsP*sY5?{IMUjd72MFYSYywn%O!JJGGPKJlvO))stx@^YxcGMdz^czkz+UIrGU;86I
zJLSwOo_o!Kho^?bsW>OU2bOdlZCrTUdo)SeRa)b;D%IF^BfBLZP_1iqOKZGOy_YVB
zapZI=P8HjnD%s<_D%ca>qHY3CWktexE7|y5sw=eOVGz`=<coH0F1i$4#Ou+8BdYet
zPIdMvjl9P(b89xGaw<3FbgM3jYE=mos_NCsr(E+-%MvV8D`Y87egZ0E6I(01lJEQ5
zPJKyvTlC=9s=uMhfc=A~%==-dcc+?OmP`H#8XOI;$ebm0{3%O-QHLe=(Hq-<EM-hD
z*9fiOrJdFLlNF#YK0CN>6&+(ax-P2e@*KT&BI)`BS}uRaD4SGt<XcynE9t0}U{l)`
z#!N2jjUARuT)cK1jr<&FE>J2$lCU1LDl*5b1XH;a@3A$ma`Gl4F4Wwx+ei48NU5A)
zRdS+D5LOJM)H+KO&eoYn;V(7zO`q1eS59>EE~(ddbc^uoX6(nt1N(I@y-fmcY$I*2
zR?b@dQtEk64c=(fA`<l4a;;<?KkQ<S-j>3AYN%!EF&^9SB6!(U<<RjR)EIQPv8y>?
zVmmjCYuCgcarT&P`8_uANa)*z_F12>Z$mnD98jSzql@;jt8*IY9Ze|E9=+9CcIg^A
zTFXi!75P(7E^SUNIyYDqZdUMW#v*#ntF*|OH#(!EqRHDjQG2`lS!JNn5867%%0;K`
z2^0feTdCEcRidg1rdLF#iJ8wZ5>QSt5;-5F#>yXp_oH5!NKw61oD7GmJk2Trmrhfv
z%fOEs4@s|~bx*|hJm2E@`kR7R(PG|5YpZVFW6iRC<$VA<HRr(I8kQriDw`_sY(TW;
zBecHImsdlfH{2OuN9yyimK<HL)?D$(T2nlZ?$uc-zoNQRyCnf}_7s=@>NDN~{9HzV
z6IDwuP^&8E7ia+x*y`A9?K)C*QnM|KMe$hdQ#wk0SU75Za4OdJieJ|BO1duTskx5m
zE_KutbbhK%;J>lGnG{#<$_r)9n*en1i@8&(an3t+sFQ`z#Bh+uP~eG^gz9;#Gee)Y
zrs>oQ9Tzt*ELCNd?^&a|62ak(zWwh$s<TBe>j)f!lY1f>;rF6&{mi`c4Uj$B4PZDI
z8M3=p7?e&bQE?9A90%T)b&@IJTb8>Y3u~Ik1xz#tkWKpBTN_)SqHNV4HHIIX=<0Lr
ztJUa~O|Mtt;fHdgjlKcy*WR=<qpqwtk7n9joJ?H*M&9^aRXVmi8vX^0zH;x4!BcTo
z=Lb*PsLM>-s*6oq0R`x+fmPZu-7U={zRS%zSPgpi7s|G(bhgJ`iBi!t*1-Jr{ng7I
z7(LeurJ?bL5FOFWZe~}ub2X96An@@NNjagJZ0!~MATOg)7xm;w)Am?wkH9ReD2%qZ
zQIShfrY)b8rcU}egeMafHeHvRvVPto-KH&Pk;NpiITuA4YR68y1U}*qQ3xwx)+zT#
z%YbvP;uyL(t9|w1VUhd{R2RcP5ob*anoT8SQ=@ZV47Rmngm+dAW6`WAW3;S^$&0|s
z#ets|HBOeI|I7g*texhzQ!I{JGIZsDNisLUq*5a+leXGYxQLFZD}YA17Q?u+rZO=S
zVTpz;cA18?K|WhMPDg3@SvWfJyz(XvoR!+>jq~#xS0+RBQM=4yc^8JP!?t`Of({Tg
zmY>ml+7vjp<X~w#H+9NETd!WFQG19kT`8+fjxoWSIhvGFZLH~1z*gYS!pX#TnC(<4
zR@Mk>surtEj&8PS-J7_=%H7U%4j4w2t6C|HW***yJyeNRI6{-FSuxuW;O4A8WJuRS
zAu<DGksK{${l-|%BEtY=Es&wnSGSkR?D!0q!$!hd)l|S@#gb#F%I&U?Th`!sL^eiT
zw5!y$c}8@!0Z+o;dYN1FGIh^yNGzEn)jUPbonTT_<<wHq**!%oq>PMgeE%uVU=9Z_
zF&k~gn`OoCT}3tWCXSlUpfa7O%ho&$#%N!q5166eP9Aw3HD^@kRe8oF=xtZ!)S{!?
z-2z9eMQzy~OU=SH)wj!A%1wS!SEiP&40-WPMA7slzVS@7Lt<B^mQU}3;{&pJ&TkTa
z$#u6BJsT(2&{Fdq{8KTs%|pY;eQcsw-gU}Z+83GOB5i#Bo`_p`S`aL2cF%I)$JckY
za;C=Dfs#cYQoB6a^(teHLJmnJ9b{Gyq{KX(sD5MOGrG$dzPc>U#!+UyR3n#K)osRE
zrD77aSXZ2avbVSdJtIviz@y4)y7b)>l_RvtyZglYv$`7Njw9*w4EO0o@6y$fg!CLK
zOV=^n8CF*Amfa@&a%*dj=~I-<msmA6_IoNE>H+wV{nZfW)}y0MAPrzuuf1o7hk2(Y
zL`pK3aVD#Lebt_p?TBTaFkM1(M$PsKb`qcaBY`SqvesfzGzrMVo>WLGW%<*_X{<q0
z;*5r}rrDBPG6hg#*(s^rd=jC&Ta8zFagZh*Q(l{$cR{aU<+RvLO53co)ReH)%-ocd
z;L_Zfbe{m<?35glFx3p(L`<699NDx-%58a<oRy%{>{{JwY*#IGM!%w`l|M;)Qto19
zCK<E%+H^-cV)e0FY_LUfQVnkjkbJcgT8&Oq_z|4I+-w!7IQFvo2rQNFj89)sUy-6)
zvL&irvL&`#JpEHC^d0hE+C{us=bv+Ea|<`ea=fM&McRpYEiZP~Hl~)>@3g(qD9&ml
zL7Uu!lTpU?u{zX|#npiAMFTsU^IG1@B5u<~Lx*}VVvYgE%10*7R#ys+iTb=pQ~MgD
z_*A-sQTCW7FB6lLfgKrWI(udJ1<cOw!WSw&JBX7fQ)*SQS?+i^5Ar(~fO~2D#iq7N
zjZvW+Tl)~VoW?frP)Gc9b0}-Z_DZo~LJLz{IqjHMX_%{{ds@F|FAnh6%l>De>xjbD
z_>LF%v3=Gx+by5Zrs>cX=5@$lw3x=t=0B}_f|Cq*soiIP`9|X0lx7Lu+Myuu*t@mr
zowa!}nH*)xk2m<NxBs~kvtzdpjoJ*W&4o59KVB*;N-1@DCEd@nT=AJ$pBz{8Y+ug9
zT?MS|(GhnVh2ZiiXXtpXh5i+b=J|EEsjqh;e6^#W%ZSf#YkgvDC!DUpHRXj&FdXq0
zL(-|cGz5>sePxu0*e+%IF-H|WY5FdQ7-N{pv|6Sh-tolnYREvzMv_wJw7X(I72UHo
z(PT67+`-chUdu`;Bfc<tGVEiK-2{hoZgi|Tr-P%oz`2;Z&_dI~NT*<z&c@Y*{U9ae
zOq8N$zS)I%?7_td)$gRF!=a5dS8BnU_$b-78mHC;9b=i1I>oj&bH1t0*=*y!Wa!*L
zm1aYUJ(PJ%jlI{x;v|4eOUdA5r-Rhe)}qK(LrLRgtYepq{4JH;LsD+3Jwr7mr{<2S
z5~tDaq`l*{WOzQ(rJ|$h-cm<O>F!!u-Lu=)MXBvxb)%!C*~GyGCu2F4blJvsRhg~d
z-oMZ#yXxmaWfY?wV(pv>@tJEGhEb)>!g2#+{Zfmy_6D6QmuYp$#ZcqfBbyC9j$Ui8
zh1p6`M@|W^iPC8dOEv8#3U>oX;bj|Fy|t%~-6ZMht4h1I=|(y*L)R_GEl0^sB3qk{
zzhyOL<+NsKxwZr6w5#EJw}N-V8(HJL(YHl0iT0_O?Sk6rWgg4R$0!paY3YqA6JeyM
zvqU`oG?Rg6fi0WH>gM2@uhK_}bIqj(OQv+3?b(zyn~wJ=bIrNNy3y{>!cc?kRzXRn
z3Agu)48RCbeWH5qld(7M`f~1#;pG!^I0(eu<S_)g8m{onk20FPg;o!{RCs((xY1e0
z`$<5~9}ntma`b06DrHz%;hD^w$c^z0do`7-9Syp<cJAvu3!|L%&3PWa8h$dw9>Z<@
zK#|6&QBua*S<Uh3xA!WHsLWI>4Q<yk3}v%aox5NLn63g3j}`c>j5YLnx|At8;_e}=
z9#<El8CzwH6xbfx0cu~T?s&`g{WZ3(arV|EEuW5#HlC%{Ok=;h(_3dfz%|uY*Yqg7
zsBKKO($u%5!r&<TqOQko#ZK*hS92@9MWkxEd~?`+fZ{E-)NqTt1?^Z-8|$^_Zzte_
z4e;)b=N)$8P~;nMQ`OPrn{fL>OOt!niQCwj7MwzV4R7H@_4Hg_ol5oeqLk@HjrhEv
zRjY#k82ho4G9Jd?_#k>9@%4kW^frlqgu|3-B<pde&uiwzEI4R9^0QqAmb&&8BdBQn
z>{Eou>VVeI_l(snYYSh}h3pkC-}wm2FL?d}_rxu9m}}(OCtv!AqgU_5Ddq`M2qi1=
zov65<bEuariFq9%YvJQ!oajjUYj{@q=pI7NJj5x+Ps%*SsmD*tTIJy^zkLAzvgySQ
zXGMhW#w`?`<9p>3jLsSPAtv-Peej7w)VXkQ1<RSG`z27;uW`kX<G5v;hx37PtS!2L
zb%`pw<j1*>W9u=E{)N=O>X#_mr%7<D2KRF?u6G_KPUz23hkzu-{yLI4?19>IH1Rj=
zbSn!tH#k;4Ypd5XP@o0b@e)dU-)aRsF*$l#C&1!<JUT$zq}9nz|Itiuqn)22)`>wg
zp^>~UZkWZJPYf(_Y%icV|1p9!Kv2Z(5n@~rC;J1mGy%I4ET49o8FZ$uGN^@f22%Cb
zHWe(o;<yXl9N}adC&1qP$)2DJ8O%yZM@3QJr;PiMGhaw$xsPm_HN)k&ES|hV5nL<u
z&9Q7|6qI-d+vDFeRcbVDg*Fzj#=2Y*aW=Se7~+w_v+66vR@DUJ5k6KeTy&gKPczx^
zO>$mWtr&}w%T=|Kse<eWLe)6K@QSEx)i^Y+YK*E3ys&w#Gf*Y5()5Qc0{gPcLewOy
zqwB$OAEim2rRw&*8P-`^<snvkou%#ex_zy7bDQO#?E=SqONDK!G2h31$Qnd9=^js-
zRBTR0Q-?~JXd32u4HLxme!t_`N*<M%VGhsVw2n*T6%oV2#hv3D9D(<&F@rZe(MINh
z-gK4N(b|?<Kn`0Kr{rD-9soa(L!w;+%`&SXLd6QZlsf-bq$jgN+fzTdOqOOwk7%z9
zYcc|5;(}T+qyHcV&0=a~f?73d+4|rT4eRv5aSNtnEjtUiu63!$*xsI-WomrsSAWMU
z?|`e;vBW#Y(C^-dY4p=5kP(T-=r>C6C=3}Uu{2ajzL_wC0+cB<!v^mMGu+(*bAMVL
z!>A@NO=E*95sVaS0Y!u$ho*=rnuwf26U+`$b%BaHZ*>8MW&u);pgT-uDaG?f#bp5K
zjyh+j*EBcz4X>WdoQ{qT|JH}COF3_x>uW?u%}VQ=WT!3AYo`Y8A{!ycFd)P2t)jzr
z_031C({=^Y=RwCUqsH)Kkdo)XzqTD`1+lfs4d+6PF#6Lw9dUE}ypT`LE$gF5?n2j!
zf6wYlwk7thqhsOx$cLLN!hW?I;mr8SvmmZ2WtH5gQ}=1LmO^5q{qd}acf;e+Vyov;
z@U6<u&n?_%)2*&^-50<PchYrb-Wpx#Gty}#t~rwKUD|;|#0y)#!ais5_g=6R-pZo2
zZ|ECfj=NoWYsr>AbvN_Wc8|%Mc_Ujp#jeJSTXpVImu|$Z(~G@zuJ!trCbgDn<3l?h
z`@s`ltzy`9k^M>;r2~>PGGoz4AX1*=g74juTX<kcZEb1slGy!VnRk_=*3>n3zhd$H
zl6hU#Md-<0r>5iN0l7w(_Ly&mwQ@)Yz@b2Umb0%-wdND7v~+rTrroKz#yjOw4!_a3
zj*xtoqo=w?r*hc?Th1-+<h3X;J9weQ9cXIXiw!sI1i6&`PuN!d0=C3nY^nPn+_!Q<
zn%tEw7t-Sx%vM4C>C^`8LelnY-sqqAWuWJ8^+6p)IY_DY%2V|bIQHTkSj{%92gACE
zOeK2A*3%Q42hBQNBiPowO(?dzC{JdJTZPl=yvSIUs~;+S|6&6#yc4#b0V>`V{9M4H
zspq{w?q}(*)onVywOriw0lVwcpHDZL?`J)A0rc0kkaSDWPTZ0&hJN@(CZGM=zBv!6
zUAmAKoJC8%TGxbnXSL7>ckrJb+X^{%>=3bc4SG;HyBoe{-^l6LUVl-%LwheCEclME
z;B>d$UR&LiZ+t#CFYn%Uzb>~)efzeyEcQa*|IV^qP=>xk2CBXM`r6r6-q87q-=3@_
z`!W~%?KkPi#PMX=^Cf-#SSj*(vkg{s#7*-K{bh^@ev*uTxJ32!kVEm=<oEjUPi^g^
zk+=Rm&98?%fd8m>Epbo}ZkD(F{lLGRJh2y@VSwV#YGQTw!yP-=4KL1fX22l*`oGH5
z92xiId8NLsgi_B4)>z^<%(t=4p?;Vv@uepibQZolH!w<G6ONvzx@WwuQq8@h7Ve-Y
z^qxK#inuwY%8MnaVFC1_xqz&g#@9>u6}5W67=|Zyo!h<rs#Y%&1`tRLYi00(BEaIA
zlu_&(iS)p2i9ff9cls2TzgbLaTtsY6tSQ7VAXW%@to}-LPxt|q?QeK2{K|Nblr700
zj$gujQaVd~pL$H6F9uH<B3ID-D<w=a3G-JNFeKr(FX|0(lC>=Zdmds2&Xip~>YeQ!
zAr-sd(mU}z)}5TuZ+WpOPBKUzZc`y?{0^vUgI|9OehHeQ{$0)sjf3a)uaM`h5P(01
zZ$kTkUk&F{pnruv75obHjTxS$FQd3uqRQ|@>XsUkkCjJF7B^8O8y8$D6D!BA2$w84
zSH@_Lfl>5PhHeghMQ#p$g*+WuG=tk>@lJGPrYlLlWw?-rJTMBJ#8LM5Nc2dwG}|=&
zjPcBVVY)-BNaUP^Q{tUeIK;DryyHFeQl`HHKg=y-9|J)6OnMxWFRo3Z9a25GO`_gW
zSLD9H-{DyLzu?^wEN(IT>2DT4it%9IP&_n;`7vjdfe&LEvAO(vuDa1UO}QZ+j$XWq
zqQ{IZ+ro*AE?(>$PK`cbF>1o(m%)jy#l*2_jAxH<PEcTjI7Z#G8YcXRx}n{}e>EEJ
z9wvJA*aJilI8%Ox_?t$LM12WrMJEnRXfo<D=@w=WQ|_T&u*>3<p7`Ii4r|@B?RDKC
ze01C(4*%?+Mi%+ag()FclkfGLAWU1T7wg5{80O<(baB-Bl{$V#6n%Ce-XtFX)!0~T
zKlM0$G+-1|$a!CX9{`6aiXZJga&5oQFX}sUZN6VVdWDnl+YgD;Ry-yv>|HM;YP2%G
zm%%#h{b_Uyn@x0+X)a`n?4R?RzSiA(2HC)jk#3krK)47hvOLnfc@o@R42*?8Rvgr*
z7?y}y#Nk0+m(t~07V%Xw<UY|$9M5lpH5%K?1UqX!x~+9@%eyFVsh&c@p)z5+9O{?^
zIaB~TIT{8==fT2lnzw8Zg<eW68U{!!rv599!Rr;0NVimXr1`cB4O3t9$QTBF*eApX
zyztysQ7<$g<iw5`{6puplOoXj#<0jw`U^At*stUZ>wTB}{wJ!4+<YQM#wXSX^L0$_
z0>7B)E7!->HgRvhA2=VA+!tg7vpfXM5Y9ILeHc-{zA$u%xe$w{l{f=Q9wO#4_Hu#n
zfKdp^eHzh1TsS_t-Vh1SEu06%P@LVUm>eby9DSZL&j1DOYwBFD@X73_IaN#)u53I@
zG}w1A80sl0Hxo^^F;h-m*(9ZXI8LeQc=quZ$6tBMEu$*e0M&N<8kUKI^8}T4oy!Eb
z(awF|TRx9oZ+ZNX`!a8BKGNKu(xVvrQnxA|k~sm?PPaB5MC(Zi!3qUQ>ZAs93ES2c
z30S5p;}9l^iXdi@12kpl%9s>dC3TX`ik;^0Fr}jr-*C7mN{@nAqFC}FNkZdcj?$d@
zSs`3lCeoax+REd3UyB*P(gq~Ak?Nq7!DGiX8NemMjN~C+d~#^&#P1ClP*#7mKpX^!
z<a^ga%Kuu0D}143V18v$hx7col&7u?iw=3Z;EyjlrGHcQvwfC$G*tPX!V~@+{1{e0
zJWtZDU}SbpKemuQkhHM2faw0uJ$xPctU;afJpwTCnBd?1tlPi&xu-b`^DRtuGKy`H
zd(;f!uZZREu9*<*1@VITK&HW&%Krkl>5cxR_e7`l_X#Q}7jFuP0Q<Qv%nJqc>>%H#
zo&*V#7Is^1d<uOJeJXJ(asQjbkc<jUrYUbKFPyb3?UhC)RJY)?-1DBYBHmKiWdE%p
zl`;TXo|9Aoxgt-KlD$EGtqfr>FwiyMa&{K~9_9g}8Qdr2wAgdbYz$!5oL4$BdsL=i
ziTZ)&lJJ^a7QiL+fnr(YEB=ARs>EL~9G`ui3W<gkuMZaSdu*SnJ<j?ztxNo$9&$dq
zQfE0{yL5Jm>|#VOxuER=-GbJr5jK+#{EM_6yAR%rfo<t5&yFwMBtCK}2(v$DpG{vN
zMEKk<k!uSF$*f;TgKN8igW?K`RY`=T66J~|NwhX`YyoH>5yed5$rZ(#<$rcbG#sTs
z%Y|Shxr_NMYFP;3B|?jSouoMna?wUh9QDyjrWRYx!=IEmOLY(vuTY3d`8Z~Esmi7-
z><`>>d30w{AB_b&hHKNU?PIsg+WtT>E<I0P>*G4OaIEdpx=e*U0M{4WS9l@0PLDzQ
ztx1ULJJdyhDFx2|Rr&nEqz-4`L1XYD6m)=yk}`sl!Y`<vBcR@sQpXct_s-aVOVWR9
z+<%LRoKlLEQi`0yFQJ|zs-7dOp7Tfjlc@i;be03i)&Ecm4QPY{G(rRTrQ3RP>_0U6
zA7YVe{7~Cu3$^>NVt;*O6Y$ECf?qK<-a$3yl21;P>q+?r*0uZBz5MJy6zo652$)*y
zgVZh51t&NLW$P6NY6}9jCA&qse}4LN>Of?DLS92o9y<1$!m=Xpn3h9Zf@#R;vH1L2
zkp?dTZ5q0#U1-%$7946Bu?_Wz2&wl2QMh#7Hek&|p9R_8*2cg!@y9^|aqer!n-nsP
z?);PSwnu1U>vb97Vk>LyJTc$zxb0N1?K%NRI4)%rChH~;^Rd@wB3#=kWbFib5JbA&
zJ0$xg%LyHK${N15;p2En07;p6!5Z0p*?kM~r0dY?<)633OJWCx>b@t@1I(mI^-vo8
z^F(yx?<H)SD)3qJXc`u}F|xn<^ye>o<f6l%PoVyyk0#Fvej+D42Yrr1ZsNgz8gY0M
zS-I#5i~Vu5k$TYg2A+ySz5y7dzQl1HaSQ`&un$>0(Q>xo?pD3UbU8uqc0q0+YMz06
z4Rzud3VRi(1&^VG&aL8N_Qg%+G(QEq%QYk&OL);YMFbF04mDo-ZacmrN@C?a{LskJ
z4#bti7p<hWha%AV`zcjzsV}^GOqq1cOG>?Cc}I{O!E<mGy8PHzzg*J?UA|~UT<30C
zL?ySuWc|Rh`PVbH4sHtn$Vcejoiw%d0>3OrwtS=U1HbA!(wW@Vhrs3Cp*S~BXR%Js
zrwS-wzk4(K)}K8$X>AXyi~jr$S3Q}#t%s<O$S%HV%jwydFxFkF_-_tzB<5oj9he?J
z1jkNu+`ENcGSA@#72ZP@$%PK+OIB;neyrDY7r}nyrs+$Anzrf)<;*kF_jh1D=$8xt
z>DG0{e2|%9&xsBBh}LG!(&}AK+jjeJom=f*NHyMt`6RPP{7Lu20ivy&ODKysCfem@
zrXmNJ+e;XWIK%r(Xh6J3PSA{%x$ZrqVnO$tppEKo*W19FaFcN;qyb;c<-Ge!huD+B
zx!N1Z8+a+>mKGvd2)GduUn_nvF^`zW8E+YhS7<WJm4Zq3Q(MEP7t9C-DZmRom)z$s
zX8yhhxjl^nOgBan@)c?Ex|d45M`;rFRg~gU_P}b)TNR6^9d)1^=vm|LJ!1p_qqynC
zFr3avCbV9j%LiJWJNcrAM7wtWOiIP|jVakzuZ8J&Ef4qFMiJo+CW*Mmkf(<PVkgai
z#D399jq`+hz(JZ5{Dz!mdQTqUK@fRH2q5!W8b{Nkjp5Gcz~K{%bTK?;Bt?a_@3gm8
zu6e^wvLGm(eBB@N7(S?f99XBm<7;&UVA#+1Ae4?_3?5~fhV8gu+jk8+cwuE}YP$}1
za*OkX90eIN@*#uxiEpV6s(TOGlXV~(Y(Ha0R1$G0t&=mL8<E7Mds@TACQld^;gbv5
zn|?=LR2MfS7!)!~c_V|^p^b5B#LnXE$xciCb|B$1>#?IB!+3$nD()fb*O)~t9daAh
zIKUwSw7kZ|8+Bg=HLkc}zf~*UM;rM4{&0Mm=2Y1dG3&fyx`~V<IPM5*UR*io3~`xm
z2XB&i`gKIN1z)B0{22$axu-?_ZmFQ>yw&fbzu|m&ljC@Kw=rm=-9?ZJ>F0F$wBd+<
zzu|yTIqIRz$`xBV*R~;?nuj>8WSMnWRWTIuv_R0UGYzdXBJ|3Msw!&7d~ycEt9y>P
zyo0oPrg4>DIt}}JlVFBCGxS^a)VNL6&<D=KxQ%R=aqwZA=@~mJ;I2Z=h8LeB^r-DY
zdHeUJ+1X0p!E$(C^D=Azj`3x^=>g<=bt)M9&FjxQgjAbu>^6~QoVrW%Y?yT-E0`(^
z<~1Zb6it+-X&dI2%}w;^J-@U57LF<xTT`4lLAS*gW4QCeOQ4O#WsuF;y2RSD5uR(Q
z?SzY&?Zg0f#KU}ccXix)r-9bkZU%I%$2}`dxl}E<o|E0G>ShLV+3*ES^%*(<f>H`w
z8cB2D*a}e_qr6Z*v-%)}|L0btJ3k%btMun^SDz7xj}wMnCDBZPixE`5%P!OUj3!bm
zZBq%X7JwG4_DE2@y#}^=PE{kbeS)RyY89@wyC0zEK82>~7F=6zuXWSiCT%Y5yyYlc
zKDN(MSi*U<=rZVbok6~@*1GgC{gV}=Fj(PEvtY45MZLL*^bf6_grd!la!VPh5>1Th
zrxfevc>TXr`d^kSMO<1i%63xqtILWdt~G~t&mVcgDy^-`mEE+>r<W-Z&HVdzv{_tj
zX{k%#KWrZuARfC@{5^|`h44s6@;sUL|I%_VG1K~-x=-jnycc{0=rzNYB^L1touXA~
z(1tFaaXbe31CnToPn{<iT~h8}g1ELEHM=95Vb8=S(sG9xNtJsJvbGi-=j?3T&tvV{
z59J2Et=ms#%-auUEZg^H9EiR|yXfq(K3>}Jd3<Zk{o<*o^(2>D7`|$neIuz?^hDwg
zw<1PxW3#QYdpDamx6a2OB5QbhVXay#XKNE~Nk3iH+IuHV?ymZ*1k|Ga)WkD&Tt0d8
z+x9K*ubiMiKc0OC4;~Qr++fs7zuK%izmh5ee#^~k`~f3#OIN-ATVnR-u6Wma-$CyY
z-b$}|I%A&A>h#)0Kb&e3Ki6uQKYs$;{T;Fqh1<!%>p6N7t<=Dvfk)!_t#6)$W2|`M
zE>jRp5^G1`D>a<~@b1%ECw(QVN_ikpl}otazl$LzHIqT87eEtD{mizWf?C{FU&%l-
zH=lyGuf_pqn(HhO$ZKYq4QP)Xfj!cq4In&ZJ`}W4(KkC=79hYE6DA(#vF!<))%(Od
zn7Q0iFr8hW?}fO&5#MINeewRKH?H+e<x8zM!+!VsDp2`g?ZtiL7P{jZ&%403^O^UZ
z&zIjXj^Hr%cH~9rUBfr9SKcS5cTn%3^cl-HrgzHh#5GC(kNz|6R1gJ`syI?Y#YnI+
z(Ot49(OWW=!QVOw3Z#f&rU0~xV9ophxjAWbB#u82PIp)t(4hH3P%zxVeDi$kzqOI|
z24?<}Z*P1;ng#6SzSFP3`(W`Dft?dI;9!fn3K5WX=Eufu%>G!6;<%?k?n55SIW{tu
zyLV_HfBn-yo+0=soJ;6cAeX>9$MRj2eH7*weiUZ@mQpg7bH-ai@yYlGVhlKnF0^I=
zeWY1InIiHkAovfFdKI)Eryi>v8yy4mGe@V7N5-a)?~KjvQH;%+{LiC$1YAY+iW16=
zm4#hJ*%Pzp3>%nVkyo&2iMR`MNw^D(zeSb4MWa?lyF<py0p$P%(iJR|vFWnp^C;Wz
z7F4#cw*KUnZ02wNVf~h6{-(xna+-8KgjWvznz2@%!8O|a1HZjtCQt12_XW)of<7m-
zz9<f(nbu*+7xn;Xw{m44#_Tw!@35{(moBxp>~PkuO&6P%YPHAJezEUK-<o-L1knz@
zZg2_3E?E^vy)({<qb5`pQxu&AVnLLKf^!J}!E$|wmCf$3|B}YYGC3FO&znXK7v+ag
z2kA5<-i8b<y#j~Z&wXU&kH^|aG#LvC#a}RH`|@{|9zQK;1qoK$9pyR50|}A_6O7LQ
zVzAKeFRvhGoB-xE#pIX8Hti<b7s%vGFWA6!6~Cw{Z}@o-KLRs<bix>JseC=dh+N!?
z4C&n~N%|bisgp9EBsuddQJMmliK1=VoQrYon}sFhq#=6xkl84WX=3&TqS97=O#VX{
z(?P~<{~>Xz$7oLHe4FQ69`B5<IR?vK#)U^#*pzO=JV$Exy6r-g(go`yb`9Qi6+=y=
zR1<(Tb_M5O6PH_D;ld?6R_ny3YpsKqIDGcwMaP5VTi8YGli(*|QRfw_EpQXj2WlnY
zFh7oVdA)7^x;J1IaV-{D%8K&it<08OEyElA)lrn$qo2=~AeEjawwmRgzWnh{KT%(;
zZcJ(3g9Blgn<dfg9B@@H_(s@6pqU?QeHUhWo8`02cg6vG((R^`YPWWD;f7(;@S-^?
zNXqew&pnRUD#s4luGEpeG|fKo^q7&kEuG~tmxp>^86%}(iUE?^=583Sul8`Kv<_E<
zWe>=*ZEgQaXH~rN<`FWnQ`i=*&Bw-v{)CB>+edy=?!NpYo%Z78C3v@@{Y$OG9KFVJ
zuElcLZks&-4e2uFZpa(!5NyV9`g$piz?*h)LBKP!-^rWR7G+DoGSxvQjk2GlXOrhJ
zEkVb49mAd~YlL{J^95w<ALL86cP?-2mR0Kwxcn26AJk#}ubNmO&Wlms6WiwxzYK!C
znH!9kiFejd2tSm@#NMH;fNLYvf?y7V>NuLB0I?JyYB$(3C=Bf22f>;+a#WZ(*G&1}
zNkTe6D~VX~F}7XuS>k`DwZANbxbo+6V6AQczB&bH1wZQkgKp>fN8R*imCPAtEm+r}
zbym*1U6k2Co<qQMjSLqZ;clt_*R`s(u7NTKWfqa#UvlU@`7I9~dIq{~O^KZdd!4kF
zC)mb}F9XD;R_Hr#)~In7{vSMr!JP=J2D`|3rt&e-G47$zY1vTBu#E@e4#pe}xSV};
zTxp=I^>gu86kyY&T$2B2w7ZCfj0lqmoqmSA{N)5c!d3CFj`0*@#ueevJFx$^RZ)oN
z?lL}i0Neo{0QZ29HWv2hBi8#?c#wDlF@-UEL3>UNcWpUJF^w^e*Nf2RoFh&#urX47
z2G%Tk7i}<ZX?ch*F_a^4O}cl}oL;qiY`{RmzK;Rz_)+^}L)7az!B;l&;Rxv28O7&F
z^u%XA%uL;2P&)#ZJX8t*nr$w!6@MWKa6#ZFSu%-y#F=CTugusFy&PM7<k#YjzCNqG
zyu8pzJ#ExG@+2nx70kmz;+*3JlF1>oG6G3~=qg2c7lUqMxMfLX-5sM^AMNsHJq7IZ
zXc)6zga>xP${L^<8kS?I0jlLip*Q%8Vj;NS+#hB8bq6%+^m$0{^nIKl4U^giwKQc2
z=Z9dc{x&Az90)l_Z5w=tNqyD<BM1|W-n+V)zh=k>{i{EDL#(z98Xr5`NDZl?RLRs^
z+WxHnfI&lr9Sl4qv?mpzL7%82TY(i(rSa#?L8%<l4ArpSRwT3@Tlbx#g&0I&gi>>j
z@G-1tQ^Q3Hts995#U*nHn!t$t^FcniV2EsnJTmCCD-uef+XB1GN~h5EPY2B|qIHlv
z#?(PrFhL>0)p><`$jY$7rxlgF8Vw>K7-uZmm{JBzFL_z2T`@<QA{pdpZCkV5IMK3*
z3wl@=ndILlJtt}HBALr-t@v88ZrU76xgK^Bf_P|q_580MA?##XNwXq{lP(rYo%kB3
zx9=dvtt_y2EMrsKwSH|_SZ5Z$#d^RR?8vu3NyjM}%*3t%0^aFa;1LUvz0eH=zhuWn
zUe*3QXXcsGiJ`wR8Dx25?8EqA4dN~J!mkSTAaI?g{jMxG`@GG0F?-5ci88(o76L0O
zv*0htFqQXS00ANaiR$7@;yul}6Zd0T@!qt*j$Sii`eglgoJ#)<_ibz2xY)QXw3j#)
zO%9br*6MmaXf7O-OkCrxuA6;oxr@?x)c)D;4k5E+foQlj8O4$L;gQOikZecteTa8U
zXWjoe0KNT0mQn37ZMcmlqTW)!J-kKoF!R7vsE4oreS-1=QBR5Wsth&4!jZy&n4E1r
z-bs)I=)Zx}f9JK=6>6`_x4z|b_-XHhCT&H5*zfT8DZdFh;(_PJ+9hpeu33pUfe0!}
zXa|;dCGrBzG2F{PK61~6>{0~6q)KRowqMmZ%n$nFU!WonQ&$yOfd=&StIG*C;>~;E
zCA6%QHFsZe$(0AaxPm|X$>F*|puRml!R>rLUoZCeA;CB3rCvAqov-iH>mS&RF5mNK
zoh+y+A%E2##r88ymgY}0HT_*V5d27~N{}ZrOSJFhbNZXm3m(TbsBJIgw&qVT%m+u<
zr%*>zv`v;Xmu;@SJn6-cd@%1;o|L>eT$Fw!s>Bik0O+z1pT&vBPTA;E%t858Yy^+M
z&h6U-vl`)>u5uE{I8iUCGr0!0>SEPq&XeE^nZQ3P3W%g?Fjr2h)BbyIZ9A80xD#~|
zqlJPVWhj}62jaoRYY+G-Df6f-1EVvY%@PqA=p&QSP?xO+5n6}Ml)9`1W4<+zZ2t@Y
z%@Ur8Ky*E-*XFx6ISx@}ILrDXXm@!BO#2@UF#exv0_(qDW8PrvE5LS9myclDTEQ;M
z`?%r?t+?<Z!?@MysZE<bsR?sfKx=7`_-XPe(aR>lTr`j$Zs4PjL}_I;neH)N*{!qk
zqf81_A$v?gX<Jb(E;`I|R43;Qd7!5js?c$0^WM<Y$fcI%KZ?3U-qyg3>_G8a{kJrP
zyC>5bvh;pZ@7>;0rRhY}?l6A49Whiz)#tmv<c24{$V?a+SS%>Q!9}{I@M6=`=6$7n
zc;a)IVJ-W>J^!aETtIF1d~DuQ3iOm6Ee4BU|3`!Wr>1}(tx|?w&^uvKq`DL>bH?;9
zn|Yr>N38{V@2>)gn(OLhU$ptuI6Dnz+Tr(F<0iI{OY(z%TU0xrlJ2skJe|n*wM;5j
z>~o~YLZpjo>D60LzSvEQBWep}@|kLLdm<#XJG{-8KKH0ILL8TKWA@cF2n(YOyd);<
z$0p-VjD6TPQcH)xl=6oKh?&MeoNHtkJj*oH_9GBa@efixs>={FglF*TZa{mVHy2(b
z7u!=SFfCRP7SIttt-m!+S*o=%%l<x#hY&wN@G=nA1Qx8hGg&@<bT>VmJYCvoYBFC~
zYR)Tolp}agv4LD%&aX8qhN_ug?_!e`4K(PEAXUYWKX?f~?cFN9ZcV*nZuj8L&n$)h
z(f;|=h<<LVsk!idy*7Z>P!ChJ=1kD4>1%TJTyWv`0kBk3?4ssQV+FYCMr9-Guv1An
z5j%HVl8Lm+iPKX7Bd5Y~1|gs_n4~uNr20<W&LEIfZgfXpCb==)8Gb7LJZk+sD*exD
zF<qg(0c@)H;C-Dk2Nr$6gkF^#*a^Kw2MzGY?r|%BoY$Mf1Vq(MF#pZ^Z=*18rb@vI
z5vSS$9jA0C2kAN^A@~6|v+5x|*nO&Ip$Ya3vQsybGXIvQ3ZSkYT3?4?B*ntlzy?xP
zs;<6Q7rolyk9O~=|E{i{Sf?u!d-L8{7oyMYVhtF^jm3++T7&m*{=r>l!R{qMk7xyj
zzKnEU)&gNHM`ytt2|)4GHZ<V<mjl=o15&SY|Ab{s2*w=i?+ECwj4n)G-uzywwPZAN
zRo$%eXrZw7HuQ5Bq3!0Q?dGDLwg^@=9$MXGYg5mABOEz&Rx{M9hIuSgRbQySU#iwl
zwWFn?H2Z4QhXnL$thvZQS<soMq4o0bynf^6K4)9xmbj^|=NLqHx_8-cdMY0=+y8^v
zv*ay~CVpWWF!tT1*E4;8xkzI?OIvu>Q#)b2rw#h81cK#HBY>b!Ovrz({)6JDI>@(~
z;qNKHEbyZZgenhj_9qY&_!9^YgajgTlo?^#quS%z!`P!UfVP3O{b++p1Dgan?2l<3
z_|z2`9Rw)=srUaOfJ}%M2R#a54Pp(33K9Wo0)j3NUk1<32EySFXAchMk05|lhcXKZ
zgvA7b14RH81sMS$2Pp+L@^|u&^q=tm?oIzpe=UD*s4N)$AO5M;;owz2NzVLAX_NID
z5$f>cU`N4GPyJFs#zENx;PVh>p^!kPi;3}bS#<@pfb}SKyyrkzAfD?vBpet52m*M_
zdpM>}KqA*P$nd~;wjQXr4YK{WW=QrdX|C60hE0Q9*WnVK13`I3&zwQ8FRlu%Hf(Kp
z@HbU8)~OnAY1BDKaK-5S-pIW)Lu?p0S9s*`ir}4)_1Dp-uUA{4bPdTivTKA@9mY0^
zZYDz_(NL;RU$#DjI3u$PXa;IR3~N?aH!nj_Lz4Y%cY*bH@&EbHRr3wRs~UWn=!~fD
zSDleQd7tdxXpI>SdQEz*S`9mOJ54){D`4D|d1TAb%JOQ0jYW$~%R`H{R!;S-sv&jj
ziZyEsmsX(+q5W!C3tOP<nroo$nr)zO-JdnkHG_>9nnU}~FdOC8M13>sy_P$B-+9+y
zpvzj5%`%%^XJ_!H;i};#axbZaRK&$~3S1PehL$5Clehkoo}s`iJ!9G^J)>~Eo?#eS
z@1XuSAxZg$6UDqE3-P>=hWxmdf{RVq(tq}EpF95(o9=UXag22bm<pXEpCmrK%9}b=
zxO<u{oh+T=7f3#2yo-%ndSAeVu?c4!WGLeu#=WCCCF~t%xc_pPprDFL7;B|2Jhlj$
zpW@mD4d)VYSoq_x(0FeImDh8U*YUqo@vDdYrt|+T-Me;Mr|RP8f}_c96@PV$@dsj;
z{>3gOfb$}waO9$Je08{YK41Y_A9x?=q?pQ7VfoYM$QUaD;n*Ul4A=ulY_t!ZG`5{M
z4RlKbw`lKp(kd};VR6IWA0cFXy$19jGrGeVdkr=NeouZ4yrV~u^bY*8`K)*WnH*@H
z+!Bq=j7{JALwT5ZcvYx;r*Vg<APR>kR5+OymIigNEG;XIp!u|=&E0&Bb+{L|ENmb4
zI`B38!ao`JF5}1tdW3;b`0^e`B@SRXh~vYVLoo53Y9q`=xnUdIV;bAv)MJ(t;$z-b
zDw?Jl9Z9%L#iTB8grBES<O?1Pa<=*r+50y_o`_(kDE_ev;slEF&cu;^>}#j9h!=04
zNA8wB{#}aX>lYcp{BRh00)4>!9myA4`HS6eY@%x89P$@6@$@5!SH^YX`9m3Ls<Ay!
zwz$gLxOZyLu~LZ)*&5%Zq8Wj4rkQxu)L-cs5}MMd9x+AF?~NgDH|mV2V_&!cqi3ul
zKatgyzAgbv-}s_T32r0tSB4@qX*LN!V(DPqy+J~cxMH<8`U&Nw5$Bj4xd&|fnGF*k
z=YE$Mf9zeS#AapeB$?x|$g2MxUqWl#`;o+pU0eczQBJV4)(^y!&`}jJVd|4P{CCs=
zT}AL7wFpd-7tn-U!WTReenHVIk%S&$QNmmv(%hsM3JHE$QN+6o8&NA2atrclez9A*
z_<N58$skU}AVEn!v0M1I=3lPjdSUL63Qb7$DD&@OghhUMpw-12BwrK~@Fdw${*Mbf
zZ6ps!5>E-8j^YvamhRC>xKZxl^TfaOg6^TcLpoya7O%#Zd=)<%i{3%TzWA4?d9_O|
zFTRYXIS;*;MP)f@$B3#(N^upbl*LIUH1m<sTN==Rn@QMk7OO~>(OTO<E=f|BW^skj
zr#F+LQLRXx2o$T&c#b?V=kRZydDd<<uk~(StpXk#uDsUwa*WoEqP(IQbIo|0LsYI`
z;MpE7xMP~nGh=vd>T`Z`K110G@elf*19ejVpr4CXBY7lZvi30{`UIT+Wx-$mZCAjO
zI-db_E4lph+=;hyzhS6>-#U<;HOP$yfATlr#&x9DCSZXjDVp<_onyxBwY}&brcP9D
z2t#Pci#<^lMy|vOh=>H79N|@<-hkD4G<M<QNlc{DB?N|VT2@jPYM}*`o#RY~;Qg|p
z2jV+@8ylrVR;V_fE&{jvZZ-HO*LF4dW3S>XX~u^6a{f!Gskpp^qrFc^J_Y~3;@dqI
z_;{%_THBV;zh%u}h_rK<#wdQ!#TGvz=j>+WKXih<kuC-9h;8`9Gu>wURl>C<<{*Xh
z@SPqs&nN!DG~Efm=a~{_JlIQx5cwp{eEWp$dR3Qku^Df6w1_wv6X4w!_3}yT=<D%h
zg=Fo9lL~LUxk1~<KSd$-wW@2(RI;d6dxmRmD6lo|w$c3My@uk!ztS)HsL*^4XTq25
z$9v|1cH3UifGC|!Ku?&GU1B1?R{i6$@$QYEgIYZyXs~@$x1Yz861vAO%)(y!%C#KZ
z>#vC+GgL=(VIkftJ0F6}!fEbkZWfbsAWqpmS}&&UXZKi1%va*_4+TT<iAMvXwcm40
z-Fh={W+0IVAVTB))9V#&D5n9gXLt=T3LA%kRD7Y?PPb=KG9_zcD&lU5z@B6sqxg#T
zs={OS%MtBfC5=|4$bnd^FHGP8AkyX!6^A7Z2mx;z89TJu)gI*GA<&iWnTpAEd?!0O
zR1f<s!xU)U%`rsash;#VWlv!*uX%|{R>9z>9WwuY+u+W3;nrNh_S~D>fmi<p){f=9
zQVZK~ugUbtx2z!fsti9>VBBu_?E}~0n)W;WJTc3eydpCF0zTa?H@pS?tc*TGWk0Ae
zK}mH^{BY%?iY8f>xT0`r+Fqlg^M3)gKuW(xC)FIE*^Enb@>MoDr#ZPLo1D;`XGyMy
zd@b@K<oB`vg?`P&b1h<$PaZo6yU@b?#GPKkdy>|Uwbhc~gyi5g#=U*&EVTstddVk5
zUbWVtnNG`JXVtf)FSS(~-AR6U3Y#^)E~WL5uZ1D3n_BJII;)KGKbmZK6Lah)a?TEE
z++L|?b)|F&Pwax+Fm*k%$gQBTIc#UY*RyE<MQ9q@eXQl*96Peseoov;Abdl5x0<An
zVz-)tJmhWcJ7cu(#0ObZMz!Kz<dz@MWRtr-W%XT<a=ABPB?gvx@|nihWuYHf7eA0^
z9D_KM0VL;V$XZ5TXtl;KmA9}U{>ia|==|)U)(%#aveps$Ra5Pca@dy-`^>4m+x$qr
zDxjx(RT}I`x$|Urr;mnmS~x6qxwCv0%fqz4t@3;{n%-TU$+vpqRJhPHdC0Lik>|6M
zrJQY)<xWt#D?{=R^0mp|$WCp@0OEku8JsTmkpnd@D|NaEw%ENqQN3=VQE(>>m9EC}
zG|?O&do+({IQ_Tw3dbMqFveHCXrm{ZuO*vz&^$y0-iKlQi|bcb>~5*yPxxug$*KV{
z?8H-c!gsAZ9|rg1;T@luX-N<Gi^eEuL}tE;z2i;f-7qh9XV<Vd{&N}4y7=)eXO{`~
zz)9E_sn@|Db~JsQ<k;BmQeML531WCy?F<&<VX68aS67tcDq^%i^Va1z=Pmj{vK@y!
zPA!kFVZ^h^c)w*bp61)B@)p%m3*DZpURS1HpWDxze2#tF$uCG_UZExDLgE(OK}+_~
zyLQOE@X*=1(|g#->dY`tvfJGhvCpu~iK;sJd!BLvKI3OQ9@^UJjEi_>tejwJ;psea
zE%qzyHrB{KA|_5p{|g@4;cYzf0Q6hqy|h{D;x?T#-Fb4H<9zK4!A{%B`M*AC<@)#s
zwQjSwGIm-E1F74YSUnjl8pRqNHyg#rbXzg2sZ~F@9$o+&!!ocBoa^XM>^-q;4SOa{
zlrtp<A7$7WmVtd>6LOvG3-MNnraPMcv9fd)b+hzz$HuS>>;q-r7R!EEZt~>JnTMY|
zT3&!$kdYh1GO!QKB_s875$nJWB8|^9-qw1b_8HB2{N&;%7eBf9$;D4D(a4pzsIx4i
zt6?8neh@zgk+&glqy6=hokYXa_jD(%f^j)~?xgMoQ2I%+yB&w+Vb%CDGSa2wK$kbd
ztI<Cq2HTKti9500#UeDju&hc?YuOhZr$`P%G3tt(2MbgyswBESOLZ$#YZLyzLo-rq
zGt7<8V?HZ}4=7?uNA)z>BHG7P%l@X*dwf`OGL7?0TVgno*oN45r0#B3^ts&Ndc+-w
zRUT2wBT9KhDUXrLBTACrq&)+$kC5vV=K|41kJ%evtyvoPrWbCf2p+MoI!&$2y!A7)
z471VC$;QmCGP-p#rVY^N;WG`_W~iNUZE7s`vZ<+2bMv7Iz4P?*p$RsPDV>XEF0CEo
zR^PP9t;%%1-2mOWz2pPEM~eQgcM;L{xW9|!`O5Zou;geZd<gyWc$DK3Sq9j<(}JU|
zL)|OIWEhsO#V%rYo8A{i`|)s{-kI2nl)gl*C&big=&Rx3BrL+dKR4?s8u4hgGI_KY
z`7+o_v~_hKw`Xwgo{9Y{jOiz0{5UqPB-@&@jAoHfzDK^5(z7V7Ats&h;NJig!LB^3
zgEC>XL~lZ(F4}XWui{r6XL1MGqI*HKRX2Kf)^avMVSJb4GBKKr<{q6K;v@Lk42$7E
z;V1Yx0N;n>Y$<wonu^wm@oUIa;LF_if8}=n5@%-a<I#qU9Ev*WS?=bRySXcM`%BW6
z_!nTw4cDHZOmKV^58r#Lu46G8)m@3r-?2X_jXjBm^J@GsyX3>1R42hboI*e1w7G;E
zeOhNuH*>Tqd-0Uj%B68O9<pU0Peh*RWz}^oM&mrhf73lZ71I7FuI6|Ze!ituS87Gu
z=kQQIL-{F>pYp`vIa>al;t-!NIW;DE1di7nz|RCvqW2g47pbSwSWb5zd+Oxo_!fK~
zp2Wsws^n6}^lmJ>#O_uSFG%V*Zx`wI8m*DuR`-+#$LHZm*j>G&lpA`qRhnoSbq{Iv
z1)p(pz5~vOuXB=|$~|`m_uRWUBNcKI;0-`<M5n%RDV}Q}f2dn|)ILsYji7HOKlV$t
z-*OtagFVp?rnQ4<?O<A4s8-q0x{oLCQOhWAM78KUclqdAxQ_F{OY~?yxAM81zTU-u
zQ%|1Kl&3W1DNV6|S5dVy^sJ<HJQ*tTtEg4g6V25`<5wbfJl@BgZ^s<=)SPUl+qau<
zPLqs`nH$Kr(4z^goe9`~9Dl=zcq+oRbrZK%ns}hyNDC!TMXpNwtD>pQY+ML?$5ouS
z1G-1Y7bk^Ivs3zb5v85QXan+5+1N_lySHFdEc>_&H_$q;5BKQjxIzCY#@RZR#S>L4
zY0pzS;`43R+UIy)iMP99dEM6S8cLsFHC2J9s`M{aH0QJWau+LAHjeX@$5OA6tGh@J
zKjmKEmNj*f^|HjTVl)XJPRM6gU%S}VszkQ`T`hEx*XWe!uI=(tHsjJ9>JGk`JNUDb
zon>>F%}Q?$vl*}EP<5Y3ln3_H2HtYmUP&$OWn`yqZ~{4`fo|*e3*FG|i=x}_G`qGZ
zPcYB5#<w7!q!&x5yPr(BTAE~saz!!>{cCU#`C&hGuY=#G&Vkdl(@7JjG^0|dVP6eC
zflu;hv|M*^dztPUb^xrx&U<~lgxPfr+1V$((GTFxwSik+9&7EZB%3|X>EkJ)TZ6h2
zy~(NR2U*&?$OF@Kwog6EdOWUiOu8|e4@;9=8Y@1vbf0xITse)mh~W}3^{DomXopr`
zG*&lmNA+S2@)}n6Ov$dUr%IbrT8EY8<q2woZKbEUJ=ER8?1kLLK30y3ibc1Ao@d8A
z#$KuW(Kz)beqTFj(u?f+6FdGg?h!+|sr{~dy5+rSv{X0raE3B`a;w@LA0a1fCc6$G
z0{@g89)RytdTmkx>Yh7Jv&fCb0qwk$PJu_rGcQw%_p4EL-P2u0T1m@SD$6Bq&f8NM
zi>7cOqc+(p-@XY;>HF7=PHk+s(MNOPEO-t2T<&Yd>Z!dPO?~7x_5=LumPg!zPl-l3
zqH#L6?`gWZ+e!92*TTWnx>Dz;_z<&Yi@kwdr2cN8?gr{!$!w`b<PXD{v}ZkIcN(|F
z`xx<;*=3e9*6q<eubYD9?rAq;-vw_kiSbV4Rpj;rc?$Pv@1Y&MTlaeVIcxb;ol9*G
zwKI<6Mameo^HFBYdd`G*Mq8c!fFhavQ?u0VMB;SOeq}W-Pmt#)NshmXwb!p^x7vrz
zP%_~k<jH}QRu-d2v`fab)xzW|BJeq_-L0FxEvuV;G@ASJ_q3`zy{<#QI;&OjJ4E1m
z^e?Ix(d*XT3+!Y1{LwCoKA{axPCmx}F6;+0%7b<5ck^6N{0M!0<iBTZ<a3U0{fQCn
zQr-P+PwA6!v|%pxwRHCnf5d-3*c1I1c<3QHeh9gte+uvGnzAa{ACpgs)q2Q@H+lw6
zhJHO(<-EFyct-Y9CpXrv6m21T3wTFbnWuDv9f{a>GD8X3>^Sk61utWcHRCq49-f<#
zFMy3<8Q6zXce{!2<E;K2miNNd@p9+C9dc7xm|<gB2Fk-_Sk~q)d8ah?PBhif9N`W-
zn_J{k*av>dZJqXnPjRPvkhcfNbpLW|&D9E@#PS%=y+bEny9}SpRM*~vd@#ccU}IPY
zswF?^*6;4N{ahrQ(#N&>>^S-tJ{!aS@HO3SZ6mzR%J2f%7?z>54|EZ;AINj^s@`)t
zKIuHXL9GTEDoQWnxvQe#;(Rp`6Yr<*we`lp^}=c5&-FgRJw@_o$PIXU18M9E+IFEB
z9kuQT9o=SM(YlD|kl9pvoYG(5t!VDh-8otThe;E6!hSrltpksVE;GEK-5GfqJg8c6
ziD-A>Gf(<x2A=D}@5m3c>?+5;l(r$lOW|DEWaTIVS;Qf}pL^v|cF$dsQzO_zS5SH%
z5x$e?T?Fr8j?KqIj(ldls1s50Ah*s9x`RjKGjrSBm!s!1^Hc8}c(W1CknH^AG2(ed
zSaKV^f3V|t%3}F(=f-B53C!D?umSB^!m|d&l^k1&QFr1wg)!X=hhcvw_GciEWAv|+
zCTXA<5<iZ<6|6x!XGspf$HTqJjqqoU9X5Ap^pj4MZbEY*K8w&?L(9hz^Vg(LUQJG+
z&8HBJF>W2*QtEaA)2LMME1oTV&hcsZFq~id6mm1@{G>ObUjXN2ET5*<)5yz^mtpfD
z@`LDIo=?A2x&^)WxdM3w@}oSfNZ&#!{Tx{w0XLWKcDw=kVWaa>eyQGtwukq?v9LOf
z;BGiw3@V8xjix0uVst0+GPnxX^Kx46v=31C1e!(gCTcB3ZVjto^9^!+SPS+<{}J4V
zW(e$#CX4obk0wO33C|7C<iP^;zRd-+XDxCrtciVRY!1TT(RV{Wj+`JjNw?SA#kBHg
zL!L{I%v;g~hw*bU_BpU2`i0c>Ex|t61s9;nPq)?FM!r^ZSRLLD|AGH~$b)>eB?s@L
z83~ucRcU2_5B#WMGY`H^=^~!8%J&XA8~H^_Tll^pFQCouNjB6C7>l5U(l79T6>?5m
zpR?Rd=@2yM5uYrWho&JOTBf_w(_Gr-XiAXh!<o>)>XiNqISW=2UCdn`2+!x~mqXeg
zzDCSXqYX!4O`g~VnRyiz!n5dg8){)0c1*i7PvCoWtDm3g3OXgCNr|Z%Vlq#(@4@pG
zpX9&LXGxCMW#)NXX76Bq^6O`BTAzRYf;>0fz{$U+&!sPIiN-;#IMF><ydTSUC3_qj
z)A#micY_FfBacPyRI(jSS;n!fZWEMFPoE9T>N9=x7ozW>TEUl@2ut3r(r5shLbwdi
z)2P)3&9zv5NaR0<C(wM3P5*QkMosb**g-bY-B|8}-{7;k?-9JnueG$^t#u^YKWEm6
zi&FT8Un3<aoIH*hxKf(<51%olv1#;Qm+)N+qP-xkckJcS7fTKcN^~QrfVanp_NQ1*
zL_bAzPti?{>=B(x-Q&c6A@&Oxo%+=Jy+ofcR7~p=ijzd(XL@&t-X$6fr!UK_E=yl7
zXQh;7HEE0vV}Droh8P-R7`4sJZTU%I{}Yxs^OR}G6JcJ4()YpVH^jdZ@*e#7x_^Tc
zuq=UF(r$MP%M*>&MAEO6#`NynbVbJ>Gox_6lUW^(dSlQ04<3T=!;r|lt~f^*%id8M
zGHuieKRe;0TCD*)OYjMqWDoPde!9M65A+MszbTD5guVhS#~3~B=L2Kf8=rO2d=2-&
zZ__6kFL!baCSk+g6p#~wBIbslKV;yr8Ty|1KTLZTqi>-(X_;^KfNI4#r7kj&&(9yJ
zRnZTMq#cJmj{aVQx8J;HMZ;08J(bcr=qp3NBb<Z%3uM~QY4f>geu6&d(66u;n$MBh
zl|mm|vQWTI7d(UJQrH&aC%iK4PHQ3gCpsO=6_C9<+yMu`ndl!-u8zoT;RZBw;Ys+m
zk2&Kq-?vt>eGYjtwQlo!B{LymUNwOUwGJTfqO=Y2%FMV+hT%59&!YJVO?%j%SiOsW
z4}2K?1<>y=1?dl6``HnKNoaCm1=hkgc9UbQkv{Me^gEFK8K5fkr<Yss!wwtzJ-U|P
zQ;26*Y(8fnspQ93J4jd?n@xU4_IoAV&mM6F<OF4hLH6jF5l=XGMScYP(8q11`b?^$
zU#;oRijp5SUkabj<S6YRJ;`00;B9`4N)E9))YD^Rm@4$Q400LjRv~-51V18owZo=+
zx&zr&`YiO-(1+xcCHQ<eBP)-wJG&7PJLA7IwJM{jjO8QLdYaM(<gQ$7&f_U3**nh3
z*yNInWLceWAN`$o$bV0cYn}4#*%rxR*`q&`llfD8>!};xBKtkoH&wpo+j^hyZIcOn
z{uLpo`F5+9KT7m=Juhi$^l77Gc$jx|NBJC$Pu9Y0vGj$oos(zBdV5yR-l99KUF*0|
za`>Uu_gEH-QL)vXbh|9g4lx)?t*&T36XVTjeujsv-cQ!e_>{M?yrpUFy~!rI0?XE7
zxCd6YH634!^c|9^kv?ZBhujH$ju<tL_TtmYW-0u`*Ane+Y}&)F(S2$^9+r#2F?~nf
zwWKC35wpa&2Of%GcepVsq9uAGmlYMNC2?O`HBx@`?Q7>*e=RaTa`#p<M-0cRmWxkc
zwS>CMv0oQ$fNPYmqGkABi8p6&U*K82;cV%HU7~#w4<CwgZRC7751+3icY>AWGdPC4
zHAA&(6@F&&tRrG{Bl;)|M7>`!A#xb%TZmDxnNoe@{cnN3Uy&cqR@Mq<sLi21xn3+e
zI2!7EhPy(&-<}grahx8y{2VlweXt6?3(pp#$M8@b&Qh)p^@;yI(J(kmxfD${Hd}b&
zZPeO~+!Hnmvy^|ZsUNztO;{^DRS^jFDQ8#7!8TZ={~~ADJuCyOX}!Zy@Bvs}j2hq}
zPjXlg*48=--7F19NDeE9?k*XuMZXElTr6u+w{xJ=T8OuU!LwSS!C|fO;9DmbBUcLa
z4arDy&?IbujrQn%wu(+oDh*;dJJbm+J6z{HUzzbE=49kOjw#Xng13dR1^ycbUlBtW
zpYTL5S>uA{YdkN&CMB99s%3stOWa7f6_+lyF1wai)Vl>If8pesy7i}v<Fd$Y(LXOa
z{?yH-Pm;$SC&LTHxU3lc3l^cthULWY4EQAW{jnJ+CTVOs!&@l51o;l+yRdu<{)+y5
z^c%!fN93Wf5jH!KFN5cyc?Wqe^8K(knnkpyBJ|IVkx$a9u4uNwJ=7{e-U}O|838Au
zp})2bb!Q`6O5cM=(Oik#2RX&FW{SaY$Ub@><Kb>>u0p>X{W-{6k>4f`L?e0*ZimgN
z^+_sUpMCgoksOzWr~A=C&W7dSrG9iI+qeA~Nsb1>+u&HdP4Oc|t$KdEkVpBE!tyQn
zEBf=rR7X5FLcf!?wZfjh*!z5Buo-|H`Itx(j;1}eXt^)_1NJ3Kn~_IiQwbiT)-LS*
zIM#;MX)R+N6Q$VC0pIe6pl{WuwA|0(pRgQF+t%ZM2=w!95HparCAVV9v!V~+>)6}~
z2ctQRTwcuDE1y}+<m4>s7T^t=R1fs6X~|iBy%4>_)Or(}D(DYVw>~o7qVJHqAm4*r
z2HDT3$@nQ^6w>tT61V{lg%4tRGqu(rGeeT$^xdz=13Y&Iay#_jV@Whp6Ocn{<s#qi
z=QdA&+Q%8zq3+|zj8{nXlE>f@G(K0%_3H%>=P=4!VI|t!4Vyg3nu;4BGcNXO*cK1h
zA@_q<U{ehDQ#uTK{h5#)60(-<v+#2KzXqRz3$Y;|hD)jSEpzw?8pa}|FLotl&Dx8x
zTm}CLSKzHF@-Nu*f;XWd$0pb(<f7CK*ppXng3MDA@~S-sStHR8$n+>4hlc!Vv5bgt
z$PA3WL}r!6tFc)QeNLN&-e=mEA>$bNs7{Au#rP}a1@JGl>H;j8MG@;FqJ<H=gB?RH
zKNI$$Ck`nxK-?4kM)a(~=pxA4PoAgE`H-1o>4jxvEl~}9FZ}qjJ0xUU>&J__mdp_O
zXRU)fpr1uP!}v_-_oI7h8+(fN`x>(%It95ZWThlNGhfE+y`Onok$Jm^HI5(4s*H(q
z^d6;TczZVVd4Tbana|OD+A|*i4?t!@G!gpU`3vOVA)d3yu35A>eu-MFxRlRn&!A^?
z5=!kG)Fn4YBh)HmO54F2@Hy=`X??;t8D1#HWyR=Uun0{yEGLF%z$dZqkIg_aNn_I)
z-a_dm$af&$h2>lDSM=wj-yo(sA`gX)u-S=x89WcoJIHg9?}xq7ETTOXp?_|Se3Djm
zMY9d=p;ig<Uf2-L2sjB1{k3hVI~&<j`W`%r=1Sx~$SIyRQw)AX_R;$o4|ij875d%i
z&q3ab{5EkQ8qsrbJ8VYX)|8$OFU1e`(QR-nnkkglgQKX`3O)YqeQ*Gbc<yLe3lCoZ
z2kcAT&B!CMsRR$fUD*40)`r!2A~BC?ZS2Q_HrR)tZ^@^W`nmKIGHtNy@jL|jaUaA?
zpl!*mSn{ms1Nb^NH^RYa4kMQrvlz`RW>j((bqnx@O{xbP^jUABsY2a@=<6d>H~J2_
z3-Ue4Wsv<iJ_v6{vj&-QNrux4Kf@2;a|Uud^xtDizfu#BLu%zB-;U+e$aS!P9GPf`
z^gVeDE<xj09IL=~L(YTDz_<Z2(X&^>w$!=~xgWd&n_{@1(qYi+&xEYFkeP3vg_q<1
zHTV=<hz;2zTuQBP#o!1UVi?k9yAm?P?ZsHGg8zgo@YWRh7i@aLo6wMv66_OJZt4c?
z$wD?k<|zqT$R2~t<md-vdK8aCL$<M4Mnp1Xo<v_Fvlimj*er)W1I$A2^U}+ZSsnSP
zPKV@>_$%ZE@GrFL0xX#!5wka<g%P>bj-i$x@qOrtLy9#L_e8%DJu4-;2(m(x=V^03
zWQJIJVHsIVR72kjKfdJBguG<^cv07~ek1>^b#Mptv&iQGpKW~hzL&O<fvw*Km=)0}
z$W<Y$An}>O+xtk8>+IQ(^=KKpn7JCw=UL;a`v7E=qlwV(Q(qwe4)K{qX3L^I@k`WV
z)uen@c?La^Pbjr-P?zjv#zfVf{4?L5Nn*Wc*r<0z;U2xiiH1b_<h>{FkuIlnaU45M
zUA}#~kT+?eG~qYs3(;?vr8y`~FbaKpG2S8Cn&^*VIg-+1G3kZe6Sl_Z5pT)Ud&AlK
z^?<0H-kXI}(cA=&>-$dT3CV7|l4cL@(^m0LtP1bPCQ|yi)%*YDXzEfr9QzO9R(L>f
zw;c7Z><r$ORpTw$p=hlvr8lLDPjG7HO_#GbU&O=ptW5O8<M_$)rFM~`$6K;3)XJxH
zF>lh2iRqE0zdB8iQhkeQW2xR)_U6<74<!dpko!{F33(IpZY(ED4$^qYq4W)E?Lw~X
zy`lLstv75nGJ1Jv0S8igO#0vtG?S>+0Lv$k8>3IqbU>bgz8z2BfQS8*j+dP7DcWwn
z7e?R3JuW$_z*EjZ9w}OU2IbLg$9|8PSW0O_)EI_vFE&}o<&fuzZnUH+MzfqJF3yx@
zqfu!!xJ)!ZA`ii4Y^I&!i?rum<nFX#3zj{p^^Crs5DrXl(3{(|-r{!6v|sal4z;FY
z`G%tHa-CvMUxGB=F2P$}UrVK7KKhF3r!<0aD{Vd?*+rnO_Q#C9(*#$fA0sQenUnar
z(T>sw(t7VYR5npH*jkK@(fVzH&BLk{Zj|2q$g}3DN3IvH{id%xyBVUDcq6T<Dmk1j
z&v6&}wOMU8bFl1{R<5{I{>|O;WB#CRt@V`P43*kkp8GAO2Z`QnIF)aD97E1RPGhqJ
zxqNyFEi7WZsxX@5C{saiAnEmy%(zH@0B)s)OYzW=S;TC2YuLx%*+j3F-mY_C>35DL
znei$^d-SZjtfS+w7Mu-JViu#8Vz#(dZ8#aaIgp&IQg`wx(tG&QKN!1}u!yy$x~KV;
zNH(7_D}E{cM)R3DFp#HgOutG@c*pM7De>tJ$I`F;>7H8A=^<DSVa_aLzmv~%;Vvw9
zsnlgXqL+#J5bCP*b+|60_p@RdPmxVKO5de4M{Tn&(DJwNe}!g+eIYaJCd!*ilNGeN
zw|e1DxvwgRQ1?r}uC;1h=^EOmELtqt)=cxcfGl0_)-YSV4WC?y_E*2^GwobMOZL)h
zGHv=QjTdcRq4>DSjKq&Tbf90IXn7O3pP6<jGv7uM!(zro9;U-la4779w~a*OLo|;d
zpH8hg$h{fC<)tSS6XgA-C#TIdWLjya62oU0<ut9@nwhIHF;v~hk$17~j;L-tpP6%^
z?Cp1|>+VWg-Th_nc3jQIn)qLw8NoG-i@45@h-SFU8`4Z>{SK!`D_H4;-Ue^u{c1%Y
zlEK=W3+0XW<oI?{I+BbrUVdV7Y21>Gv`D{O<<_|V8tyC8o|BT(N7FP9qmw>|qbbr8
z-Ml)%45`2xuR=DiqPa(`Hm3{8u3EWQ@DziGLfW%2vtP8-nZ(SYwNAFXvH96$ahJ{H
z-|ZdxHvWx7c%9E_nH<uEeM+CY9w|Lf>l&M5^l=z<r(t;jeR+*n!fxfVpXSn|l-BZl
zjd~p(3H7bc&3>0*L=MoNX^eG0W=p=-Lev$_xnj&W@!WZ@m|0rPjFqOYXfI(e*v+`_
zh11vznjjaE$y<=sH)DA_r5!0<NFH9FX`!;*8X~raURcJWE-|k`YmcaHZl0`RelmM~
z#>niUZf`R4X<K_n<Qew9mXzM;KY1rldT#Xd6V4<jv-`VKpkc*rr!VY-nT(`a+K<)}
zhoCV1sL@-Fk(6q+o|3U&#yl^EBgtCKYBZ0c=|uZyW1k~UX`9k78PlHhMV~$w5r-O?
z{Yzu<nePixx}LgIjXq5qNUPrAQ>Oy?Dg9NyujM$<S>DEbtwX$t;_Y7+pShSavT+=!
z_fBY-!|4UFzU?_b`9;5!h1>}FbmXg%&qTf~-sm_n+2hz*pP{D<^!d9houTiMCPm27
z^wr-*rqAT_uR*Cccy=eWbT{<X+*rA@S@KWEE^gK8x7|K=T&Pd*&4sD!^m}57ey?nP
zYQBD>On+OK{xr2*zc?qk<af#G&50Y4^i!!H^cicaIy|m#u_j+TF7vW}U&6`1Bg^I=
z=yxV+^V^Aj`R&<6-?sf%>I&*M<Cn^|IgW(|^minDnBI+ux1ed|cyHoP?CEDx4X9NJ
z<$pLF0hc649hbrpNh7rZKlkddY|@3ug~=?(`;vBQTWTo1ZsE8!)z5K9;&Mo7g_PUV
z(|0F1j@!^LP27A)A57(<*Dub!mC~>0y^_3vz0Sb@Nc1~$2eT?DK1oaUI@O=LEvYMc
zbu!iQL`vTco}s_%OuwhU;YyD~-h@0NxrR}`2Dt%DDSD|6$QL0GL#~H>HBq`y&tm5M
z1CB^y#-caz`4P?c>NT@yL{bs9VnpO&HC&L=Sd4*#;RLuK72z#Ho`Wnt8-IlVos4fO
z?a}YijZW5!DeXi}`A(fFIU-Aa<Hb>tEI`u-_AOD{`lR!rTc_!}O5Bd0zM*8ZWAF4p
z^s``9)y+_Gy8-q|PlEEFSMnfrzrz1EH0#m4gk}%i$8%qHY?%)6Bc4<838g<%ddRU3
z`abD;tmQJn{J(TFQQm}6`KHQWM-3ik?#>@@`*5>PyVkWmFRANxP*YlJs+n>oF||y6
zQ`s~#ZA?3JvANRpHp+E9%^-8D8EM9v$>we|(-dZEoMKYubko3`YMPsK%?0KX)6MiT
zH@oLvYX+NP<~B3V++qG^W|{l>Z}|FJ<xQ5$R}EcGZ{c>f3(ckGD%02WH=*fehM0Ua
zivQy9G&9>g;H;y|d-UjPy7j#Js=8)Kubx-dHH-06gWuz><MMruscOzK7nx3`tLbiT
zFau2FcKPefUrm7-Z6=sI%{}H`GnZOrOkH!P^V-s!=XU?j=4x}cd61H9Q_+>yGc`>k
zQ{A*O=bH|0_r2WoFgKckuJuh!t{Lhw^6h4#nQErH{rsU!J1Uv7<_vS1Im^kdO-FN?
zxx!pyZZdgp=V@xLH@BD(W{jC+?lLpXeP*6{IIrdCyl5(%2_Jw9;ZnFfZ$SR-(F<@r
z+ydW+yWy9414a*yzJou*<1j5+3(Mr?6^yhMVQtt1wu4<^E*vx{|CYbnk#H=WJZSic
z0(&={2@Byo_$XWopByr3K%OmvYv8MJJ1mBK;UVXEfc+UBhiNgk`NPK)#ARSbSPj;K
zXTV0VS^kK;{J1r22QPtLVRvUTD((gQ!v1gw%!i}k_!06p1x|yr;RA3!Tm+Ym7&T~k
zyd188t42z{9=-~<!gt{gxEt;r?M5m-0KbJl!{ab5Cdueqh7U=~!OE}(tPLB$#-j`J
zMkXy_JJ<<!hrQvz(W6_OljOtO;bb@s&VlnBTPBO(<FE*>f*au$$5zR^uo!*@55Vu>
zF~`=)Nih||ELa{^fi)f5r0T*P*aWtO=fU=)#|#{u>IAQVJzy@p5e^(ZX5{G9P&gdk
z4kyB?aQf{o+NnA4LAVeuhL6K%pzejC%RN>9gMTBpx@);i_kSa~v(>+4?EaUyT$;s?
zq5uE+f0qB}<-pYaUo8J88M*9M&Sm=lHz_c6{trC$PcvdfB6gC%@V<>5E^}fvW&boQ
z|7q6#U##?}S&#Nw{tf;I)$;$TtMG3bxgD#z+oAq5sRmN$_NMy((Z3Dc-u$2Zo8xxW
zKmTvw_Sb*Uv;GACecS?5^G~qipJFSw`;T{LpM_?*J3GB)cAG=yc#sv;2pR?F1zm&Q
z!O&oQFf&*fEDzQNZw0%9L&5PdE36T=4Eu+L;o@*bxH)`3-0N=O>8N~EJ8BlSkGe<w
zqT$h$s4!X_t%x@NH+$a!rbV%=UDZAFb$>HGJ+SN&mYgKRl9rrvkeqYQ2ngy?K@>p|
z<1vc~bK+o5Btc1nB4PprBxewipv1qX_7itk{IB<f``qU~(hptTleYV<>Z-SU=9`gg
zY5YciPiNS+yeeCLTDJOw+3Jh4)t6+d)3}j4GSy?`GAe??Om%No*1GvQ>-k~Ztk+L|
zBWpdSTh{BRjLKG@obC9hven<pR^O4eo;xjD{iba77qivZW^I3gQ(5;HO3GR<IWt>*
zR;D_Q+md%>+rO3Tg1mTAMh{EP&5)(X^B#wMXm0WxS7dB0Q$8Wn6S84Kw!PfZ<!nOc
zO~_&iSutxX%FWH%%kn+4)~htmdVG~9vev5?%UVx2+3Gf1{nc#sx!LL~vej2*s~^f*
zuQ4r?)ls4L^lbHPTCM$ZwtDvc^Rv|#W~(pGs?~b)DYt~wV0;LM;S(HX22lch5Fd<I
zgWMF_7JYMAx}Iy?AUXmC(z*PNW8`lfM@J+<%-kCqb5H1nu~5^N7#_yMblg!qO2-|?
z;~?-Po&;%cx3`01@341Jq>d~|$Y!!-)FP22qQ92|T=EmSWQr^&)2QysKvFD~Ib;q%
znJkm(jIy#UNLfi%qShl;q#os_S=H6>1gwB<a0Zj9Cz|?}Y#sq&?lF&2ey@3q^7{yb
z926spkjG7<*<0PPB1n;g+FgmI3DZcXP`xrs6BYnLwL+Aeun6T5Vv*gaLb31)kknr<
zEXC4<rAcb4mtko#9a%PUWVytV<r7C%NF4cVd;iYuy`S6r0JrzoJrDAphj`D!nfHV_
zxP?jF!enmYuX}Ryp1iy#mG=lxf)Wj0Uqrts$sy=$kwVBzbC<ar9BN$*NQb0FMb|+Q
z-IvZ_1;F1{7|1#W)+XW^JVTnjh!+VhSGeHtbzQ!0jIXOisz?Pbiiu(n7o|mM@MJ65
z3Ve5rI|ht<m3tKg?s#`RSeIrg5W17y$&kan$-N13x;MKwLy{e4he0ko!j6DsJIaoN
z6g$R_f!y{gdllrd<L!9JYp=FfLq0pnPJ&c>t-Y4N*>OD-us7Npp`e{&r$8Y))lP-N
z_7-~!6tTD3TcN0(VP`-ww#njblO^ok_HHO?pR>=w74{YT3Y4<1+1H@7{fGSrl(BEw
zx1g+j$G$^u>OK1&l(+Nke5ha-+J#WjF1CxIl3iw(L7H7*S3qUE+OCEw_H+9=RJC8&
zFQA%TZ`VV0`?dX=9L#t2JE&nd+Ko`tes8~rT6T-w0=4ZA_6MkAx7+Pd*Y31Cp`P7s
zcSC)<*Y1S|cE8;Z4eddD5E|LT_AoTIKiVImi9KeIK~wva{Rx`cQ}z@zw?EsTp@ltT
z&p=Ci&Ypu-_JX|tt;2{Wv<YP>p)KqCO4fHfvK0^7ldTx&5L&X9j$sb6u1;YRSy$&U
znXIczn47GsYnYd;s#};!R@FT$Kx3pwSct|*&#(xMkzQemumtqx?`8A}tB2L0Z&)L&
z0sX>SVJ+w%)(PwIy2mscAJfQ^LJVOlreZ<3nf=Oi?1g<`29Ck8Fq6NRJ_{${B)Ai2
z;Vih9xW;2}A0ESFa6g{HQ}6(u#k25W<cQ!Q5fd?ZSQug85s_2mghxegksBTp`9*%1
zEsBfc@VF==%D@vMO>}@K#UybJEEd;^>tKnvLEHdK#T0Q9d@QDm>99=PE^deA;z98s
ztPqcgM_{FRUVI0u$R}AiC#%V7a6vYfP2pl>(<tPV@=27=B<C4)+_COhtm2My$6-}>
zf;$1Lxf9)qSlylCPQi3{syh{HxVN~sU`=;R?0&4}J?6cHKYE}0E%1WrX6_W%n`g`}
z@p|xT@P_y)SRSkwXKYK`PHH>c4ws=FX-CQ&cC;NWbK0?XtW2`w>^ParPOuYXvYlur
z$`pHzy+-D?*V*f29(#kmLFToS?PQtH-ehl*srF`jv&?U&*=e$Xoo=Vgg7!9hn=E8!
z+L^Mjon>dqBK978k1T4Rx6jLB_Er0;EN<u8xw3?vXXnY1_HFyNyu!X~-<758`}TcV
z+AgpQWEs22E|O*KNA@FG&MvphWqG^Ou9Ow*8oNeTv}^5JS;?-m>tve!%6=s)+i&bQ
zvWnecH^{1Xlieh%+0AydtZuj3tuoziv)g11yTk5~HSI3DOV+Y`>>gR$?z8)39ecnY
zkag`Ldq~!^N9++<-yXF`WdnQM9+wU6341~|vZw87+1UPKf00e>S$kGCwdd`5+00(F
z7iDuYK$I;)Cv;@XP=!ji3gcm1whsN!mu<oz3}oAo{>dxDoMBGcF3c6?lI_EkFhzC<
z^MrY1$1q=*Pj(9PhxujauwYnFb_olIg=N>UXjoKs3rmJ2W%saZSXK52)5CPxGprfb
zl)b{*VQtwvtQ*#oeR!US%%`fcuPqnFKJ1HqY4cDV3h2D=ybnTYr9tZHdOD4szr68Z
z-uU0+jeoPgRJOi|u?rj-+x?e~{bghSCL2R{6mk9>SWHxt&7B@l0BS>HXbqj97tK0G
z5r4md_`oc<A7;a|@G86o^WkGy4eMbO?0^GsoR~de3{8A7$oPlx`SFifE{HE-xiG$z
z<)Zi}B<E9U8O!<c<t!J(SFl_dU&(S&{8N$(=(yD^=f~HuToC_^<-+*qEEmPUAi0o^
zTgP&K{7aS#;_F#1jDN*)QT!W{i|Dv-S<a7t$8te@1IvZ+jVu?%KL$a2S5dwozLxTZ
z@vkXg^e-UtJ@@>>_~ryMTN21@O(63_0-0?IWVR;|*^xkGX9AJk2}JfJ5ZRkRWM2Z2
z{Ru=4CJ;H4K;&=&ks}F2eoP>8EP=@J1R_5r5IK=R<YWSoP1OGn<GUD<1B}Sge-V+>
z2}FKQAo5EBkuwQI&L$8!pFre7!d5P3Amc#>G9G3i<B1GpJeh%v=VTz_xfzIfDgzNu
zXCUImGZ68-3`9IX0}(ICK*X~dh<ITJB3_ORM7*2{L{2dx=ORn-Vi6*q`PUHfa%CXm
zC1)VwrDP!D<<3CF%aehKmoEbmFEs-ZFMk4&0trM4CJ-r{K%__lk)j#4;uT9EQ#^r8
zi3Bnw6UbbVK&DgzkunKH$|evgmq4U^0+9+Ch<Hg6B3@obq)=ojUg>`kkxB_f(h`VN
zP9Rbxfk@Q^BGnU!q$d!mkwBzo0+Ct?MCv3EshdEgUILN&2}Bws5NVV^q;Ud~CJ98E
zCTyiy0-5FsWLhMUX_-K#RRWocj7T*`q&6ecFtU{BOU_Zdd5x|Il)?4lY1vk`m&4?6
zIZBR}6XiAXI(faEB4^4w<Scooyi49qbC(@*r`#oX%RO?h+$Z<T1M;9eBoE6Y@<(}8
z9+SuAPx6F38BC78v54z%9sPl)qTlDsHnI%}*-o|tDTm0R;K&hjB*f&^@@mj>lAHu_
zd9A#bn84rU-@uoX<zz7OCV49a@^Se%<dXB{=a3xS7~BY?RbnBYQ^+ao6mg0=#hl_!
z38$oUg;Of(8MWvnuk|D3&9pXAAzI~<W1=JI%u<OX3S>H>Vy1mGn&lWe8k}S&db4n8
zr!@G9znko&IJuoXPF^RUlj`Jm3eXY1{oUveK<Fenxg6JtIm*#a-0>XWF;3uEnnL7o
zaz^(*sBcrL3DG&ispr%O<1}&_L9_ys4teE^@?|+!zAl%^<#L5wDObr)<!ZS`ekMP^
z9OBW6ntVaNKv#T8M$eDECSN1G=gE20kNNTw`g=R%!An<vfsT5O_Rg0J<U+YfE|wq3
zC330!SblOj9rM*+lrPfNUzXAPLFUT2boJNe>vZ*Hq!)+#5na6^BwzNbm+1#%wj+UA
zbl#t|E<P`^20G8ZO1uNN!gQDcx54c&6YijKeJ9+--ygph?t{P6D1RV&x&R)AN8nL-
zjK=)q@B};wPr=hL2c97h@Ekl3FTjiN61)trkUw}0=E6T<9=r~3z?<Y9-iCMJU3d@P
zhY#RG@)ZkUAuNK$@DVJ5rQ|t2fn~59R=`SF1)q{1Sp%QJ=dc#OfOYUCd6lo=YxoAf
zh3{YkY$PA^J#2<8uoZrQZLpm@&Q90`yI~LPg?+G}{Leu+1c%`W{0K+k7<r?g-~^n6
zQ*au7hF{<eoP~369xlK|GH4VXMJLf&bP-)eH_=`65IsdN(OdKpeMLXfUknff#UL?Q
z3=u=cFfm+=5F^DXF<OifW5rcsoER@Ah&f_|*eEuM@5N@ZMQjy6h;3rK*dca`U1GP`
zBle1YV!t>b4vIt46NkkS>5Cu5QE^Nh7e9#;;-okwPK%$#FXD_iE6$1Y;)1wHVGyN|
zQaaL=F{z}MaoJIJlAUE2*+=%31LQzCR!)%9<qUb7yj?yZACphWH{_f0ZTXJ;Kz=CK
z$}i+P`K4Shzmi|eZ{)Y~JGnt_l$+%Da<kkbx5^*nHo4uY<J675?CyN+eB*rUeCKR%
zHaeS}@14!g7H6yTgR{-q?(A@OI=h_R&K_s4v(MS@9B>Xghn&OC5$8wesB_FY?)>DO
za85d>oYT(F&M(dx=d5$iIqzI>F1k70+^Vg*Qngd<RR`5kbyA&G7u8jDQ{7b$)l>CS
zy;UF8SM^i<)c`e64N`;E5H(Z{Q^VB=HByaIqtzHSR$WDDJf*8CO;XpWYt?n?Z|Zt=
zgSt^oR#VhXYO1<f-J+(cTh(+mgVOD4rn*DTQg^Dm)ZOYHb+5Wl{axL!9#9Xeht$LB
z5%s8gOwCr0t0&Zx>M8ZKnxmdk&#LFt^XdilqIyZatX@&Cs@K$9^$#^qy{_I<@2d~g
zhiblBpcbk{YO(rAEm2FO@4~BPYPnjWR;pF%Q?**HQJ<;L)mrt1TBp8L>(y84YxRx#
zR(+>7sEulq`d)2TThvzdgW9IHs~u{m+NE}@J!-Gor}nD@>YzHL4yz;TM|D&kQ^(a$
z>V!I}PN~!CXZ4FZqt2>x>b#cP(XNhZrL~T0Py5=aH`JTzE%ml~N4={qsEZmjYT+&R
zKJu1$OTCZ1PrPN`a&LvV(p%+y>aF(Hc%S)8{g3@m{AK=fe}%u&U*&)5ul7IlKlj)A
zU-;|%Fa7oYSN_-jH~zQ&Hh;Un!{6!e@^|}t{Js7@f4_ggKj<Iw5Bo>_AN`~LG5;t3
zgn!aM<)8L{_J8ru_-Bo4Vn!Kl;>I(+F(!w}X>yrllVWn4JSMNnXHrdmQ@|85rA!%9
z&Qvg!Ol4Eu)G)P7ZBxh8HT6t=)4((|jZ9<H)HE~AO$*b~v@)$t8`Cx@6O;|g1?7VZ
zLB*g_kQP)9ssvSoYC-iNJ*W}X3~B|ngE~Ropk7cvXb?0E8U>AmCPCAnS<pOa5wr|i
z1+9ZNLEGTUpk2^D=n!-aIt87BE<x9zThKk|5%dgt1-*klLEoTX&_5Uu3=9SZgM%T#
z&|p|FJQxv-3`PZ`gE7JOU`Mbs*cI#!_5^!_eZl_VKyWZP6dVqYkl!tuu_DVWqf^Dx
zf;=d%cRnLqQ+)qMUP<x&JK0P2hK;hH><`~_4BaBf%ki+4BHk_VgS=nf4?E?f@=@5u
zk$pGEtvwvK_Hx|X$8l@Fd{4d)2RK3;a%wrX5qRBHxYo6p<|ezzSeaKwtHch*j^aL5
zM>W7Byh{3$_qn%S2=AcpiadVk*B4cIt#lBtlD<gM{y4;m9TbD|(2f|;Y>EJj$ve}Z
z@YjF{LoOZXQgn|d2jqqVCZKvjLs2d)Y(mP5nxtQkHN*hI=oynFx@sX}0A(}o9+|??
zc2kt{oTfPCxlBpQQ%u$9OxruUqU{r1(e{n5$k%GZS54fbvF)km+YXcmwquq(U3pJ8
z-qStHo_@TiKkpg9dj!NuYiXprnj-p5T^&&eglH~^L5fzQ6*!{3Xb-Np(c1_y@4R;&
zl%MXW)AfY=viR~p6l1eS*#Fz{^?xS9Mltly#?Aj^%*?IEsR?SLx{V@G6gfLk%<Rt5
ztPe$|$2d+7rWhGT$BfuG{!d25+y9Gr`1@%1JjKD^B4Fm|^1mz^{ub@Dq!|8UmZ;d4
z*hj=YGMGoiJ9?{L+R5M@I!3Hx2r-UVm~*_UMr)U>wi{V$|Hv+Xjh$j_*0^c9neL{C
z>1leI-lmV~Yx<e~W`G%J2ARQTh#6{znc-%H8EHnD(PoSpYpycm%=pVj+clSux3<0Q
zU_1V)sC)ePao2XW-E8;YMc=?!6LJhrx@;6KNO8EZDQb$FlE21d+sF3hm|XP_qjHnq
z$7S2k_O}E6spy<FHaGbnh|cX%U<yrTQ?WE8V+ZU4#raNYY3zqXp&Sm!;ZPMv;z+25
zqj4-$$8mTA)Wpg75H!Wv_$2hhckv4tB(4^dV2Zd_Oo5xlRB;Q;6t{}o;ZAXfxEt;h
z_lo=BA-?DNn0Q!_x92(jQ_{#Jc$%NUcv0q-W#J`RURHvIva)OnOE}_x%@O|_p1pnR
zJnMV`2iz1l1@p!r2AD4<VggfRG;PNGu{^OnSRnR5>=7&&do1=O7K=R{dlpN@o{znR
z<zlbI-oZ+-_hO5&PHahR9X5@vk8Q%Pv2C$!*e|v-wj2A$_Qv+(px8kLI8+Ix@kZql
zLzt!-spj~BYN=Y|Vm(fe$EEseeGPu1uhZAzN<CRm##MT%o{FDFchPXQzD?hTYxGP#
z6F<{;>AUcAeXqV3*XsNA{rH8Rt!Lvp{iJ>pztnT|99*wo(68WE`gQ#}Ziu&zx5ka$
z%ib%v$$QP4hnu}Oy!p7zTj(vsgA{GI<00?7@8U^{w)OFX-_n0ZDE~Qsi5O^h2c^Z-
z;HzMp_$1>=7@CvL<NGdsaadx@dzrQ%)Fv1+7|0dGY^u@z7br#fJmLl~u#9Sp617EC
z+d?UN9;Y0ZBipHn(N`C1Vokbc3v59lrVX|M2Oq^p`FWgGFwiaGmUORhOSz@pGHzM7
zoLk<l;8t`ixoK`?w~AZUt>#vD)7=_wO}Ca?+pXi)b?f0*_%(im-{N<;0XO0%{2n*s
z7Tk(I;5OWjJ8&oN!rizB_u@X>j|cD|9&)7P$W!vP{8|1Y&&ad#oIEct$cz8VHix?6
z2wrb+_=(w^d`~McB?$#6Is81POX!sc1(hgiLbW!r#k!O{s87j<rqB!ww4r37JEahM
zLN8*8{U{~D5K6gV1f^t{2$LWMu7?{S4@{+$kDrf9#Sn8qej2H%P!J1YAt=O8HWcP3
zri#$0?FB{o-fl4-uf=f;j)4;VtV2n>2Cs!Ha0*VLk$nf=0cG$`ybH?WeRv;~r*S+R
zD$qE77b@ZsTnd$N1+Ik3_!)i%Re9B^8jrtpX4b8F?WrHHJq_R$vD8c}VwL#0t2%-h
zDijozMP=fT>Cqb_MN`p~_OuqQi9dD{orphn7u~@n7Bm!M#D7ME^45CmKzr-GZ^8Et
zd50l~_oH_llKcXGLCEbF_KQJYzocIV3Q#mz21O~BtcDU%oPaVEC-y?Q$g4vo^6CYk
zGWqi2P@VjFNk}J;UIuEAS1$)OX{J>HYLREJ1hvV#SB5&|;j5CaviBv8`_f8`qP`T$
z(wADI7VU|8Bt-|B**M%ImwOZ=w$}?3_e&F(n*ed{m&g4IxL--!uVn9pcM9@)KYQmO
zKliZ+_pz8?!LI~Y_?7+Y)UT+g6}hLCxu@ye)0z|w4?<mvg~y=*_qrMPx&=k4y3mGV
zR1=z~WZZ*oOXG70_o#BzNAlp&xQ9zyGM*L|WDO5r+9q&4zDl*^OUKa&xC{n$1>wd>
zIILTj@rW@Vit*5lN1WJiU+@?epS5imo4|Y8dm1dw&zC_+bFdAh^G)7%DBv9=R7!Xk
ze3yD05)$?O8h(8kN=)K&7)zYtTeyKZ!f}{J4B#w0L=nF*Jjpu$fOY;M#qm-wpEbXL
zHNTKGzlb%zm^J?qYkmpE_v)~eVtftwnBsgB_=KW*TUbj>ryqPv>}EJ@B}OwI_7FGe
z2uFxxbcbUU=?Bm}fIK11lO_N}^GIkMtu;W$=$RYn>@PKU!dg0KFh2IDkK^~<{)eu5
z$sT}zr3zKp=7(jnhbq6>1OHO(*KLAkaaU)uhbqx}x3|MP0N}@b3vs^z{mrCkE6?>a
z+EbKUlJ*B%f9>gi|BTw?5C4hyKxd{To;HoVDY7?}>`fi^rY?Ka7<*I2-c++Ujk7oP
z*qi$7O$~cf%ic6(Z<>R>X%c(WT<lGg*_)=YH_gM|H2M<ZhA85Sc5;ck&|TrKgNFa*
zoh5-DCQ)09VOgw#wXrd_#!l46K{yJ><F&-brr}Jy2Op%rJqKUJx%d`-fQxY%uEuqQ
z&}KqoA0ELIc!mO5Oc;?Q@`^&DgeXfGr(;>dpfn*;fn_g><dN))wOIDU+ARBH9hL*I
zF3W*fkL4h&&vGy}U^xUEvK)$ySPsLcEJtE<mScz=L~<OqXF1!=A4%suw*brc-GY$}
z8|gfebo1!Ek&MmL`B<*hsVrA%K943me4dJHK2LeNP$Y?o6=pdjY{7qL6qX^c77}L>
zR4Y$;FJdkc52{3YKO~!@K9ZlK9+Gua|Ef|x2#FI>->OqS1k))WiZv)7hK-}AS+EJ^
zqp=y~V~G0*>Qzh1$73tXCtz#Jug12N&&De$e*)W4{<xbL1obx`<?p-EQ?!kA0D^jI
zNj>v)Ncl>ggYs26XY_oQrg266%SE}TlR;45QYfDRWuOc6A?`4SIKyO^4tK$W@B};$
zbKxCW2+QCz_!>6DE;vMfDshLBEGaKpd<n9pG)%|3WKAux9d;o!22iiYkk^;g+S2$M
z%f2|5Wk37}%l<fz<p6x0<sf{6<zRf1<v@Ik<q&+E<xqTw<uF|)lGMk@+GbNP%duRk
z%d=diBkP+@eXYnct}C(hbXp{-$CX*mz^7P$PqXIcu;!j&%{|MSdyaMXJnQTQ*5Zq-
zxtCaTFSF)eiS(h1FyciS@nVd4aYnoZBVLjbzk(4j#fX<?#B2Qtq|c#4I45HPLb*Iv
zy9~xx<KOTmoQ|`im`hgiEWV8M@Ex2_9%BW0iuL5vwvzukfJgC^t_sriG1TcSd+Ek3
z`|2hv`{|}E`|D;b2k7Q32kI6q2kDk92kTam6iK=@*N5shEQjfKEJx}NEXU}sEXV1d
zENAP%ktD2!M3T@N%5tS1#&VS&9!bJ%1k1P{$<ouKB1y=NW;sJgqbk%io~Ra$r(QZ5
zNqu!RbLgjQMOxIgBQ5GWk>+&WNSC@^q)S~t(xPq<X;C+fw5X#|HBv{TYP4=2jX&Kn
z8h^S|H2!qwX#D9e(fHHdSl`{F@uz!4<4^Zu-S=kQ_hH@lW!?8<-S=nR4`AI7WZe&9
z-6J?Uchq7oHTty_Hs@bIxEw)%{XY_3KAj)^{6dD!>4@kpD((1pDWxfP*8O$e6?3y6
z%ESI6Z`97{ikR<GX++e^D9TgBd6@kO=h6LO%t0{>FokCD$gxUr1d6!Z6R?IbuA-~z
zYPz~k)tz-%RA1ZgLFrDB4v`d@*^@{}qjV}bbSf<%0wO6bAt4=t2nI??h)5YomxMHu
z3L+&byxZq_-gDj`dtcZ2>s;qL^A9uk-1l1RyVk7rS@+t*>>-SomYK%T;4LpRGo7I!
zS}&z>V_dJ+E!4Pab&td?@$qZby)IiRZ?auqNiW8|N&5MsZt>-t%%3msEanWe*4gMR
z2amho+h!@Nl48GY^d2)Kgfx&5bO7(dO>pI}E+xE|_<qVWCL*>)$jTth3N@~=J$Tp4
zVq9l?=;Wrn>?K@Z=oW*lA$@<#7KN;Sd|yG7*7ByeZ(Y6Ygt=R8^`x|XhvM$n`2C#K
z{g3qioP!k-F5;tKtIAwfQmVMi;=%*YG?Y!gcl(ap$lRAWSUsRUR1Hizs&5#XoN?O<
z{MEg?@Q3<PMTvpK>hVoYMuU!I#MQLECoe?Z#4^wZ9}H1TPoC8FRiak3$oqS}fNU+c
z{x6z{tC>;uiM1b1onE2>QA3%W9kKT1>DI1*L1*XuDOBf}<C9GGd8}t$`i-B6ijM56
zq!s77VV<g@71lv|&U>^g^3ttzLiH*9(o2edF@smcdY1EP*S_mn(-@vgdM{Wk^dwSL
zH#?U}XMr_|<1L+j(yI4BqFWp8QB`KDwQcrrMA>eSNENz@C8KyT0<TrTYb}rB)}3|Y
zDPfWCzFtT~wtM!#199P+WKh)MHS4aVKe>^pZbVoVYSJb;Bi~&TwXmNib(EdH@uwq;
z*K+=V548}HCUvo+W0%psD<1F+xSzh^+@Fl!`1XWzZFV7DIPks9uFYts&$`F=UH`=`
z2d@L2@0%C%YBerwoYt~Lf4gtP^erv-=D8->SB<hd3puxEb8b(wD{kMv#WtjBq4(Is
zX(xI8qprw?NSo_Wpz|a4LFKEhpQ}zfODAHuZ0=qgbZFh{Xxi)eyr*e>ci#H0P=%a<
zac-?iuCH;fuSxE%aqiQ{)$bB6_U`p)wGH@bRMfw(iI-s{oG+adAiT6}Pl@vMtf>XE
zGgF5*&sro-pJ}#V?#|y*vwZG7@{D!Vb93~SNzcyYN;hyvEG)1~>87{_vl}T-aG~#j
z(d^n4QJX^Q_-Rp@Ov@1|@FI}~3!9y-`0W?cUD;FGUPUzq<Ah~*>Atusn-#otlXm6M
z@Q-C$@ACT36V62=OTV$w{axkT!wW0Vy<cWKOjfOa-Cj9S*BW4(I-24gYvwdG@@g69
z9Xf7{8!hq99JjhXBI}(iYe_$H=6A8ItIlx$Z?-#wIn``RG}*dgYd!R#2pZ4u+U8`0
zPMTx~?<pGU2$hyZt1k#y@ZtmAkHamm-xfL!N23ApDWS%_2%OGv<j%nTi(5aK*V*u5
zRl@ylq+Xln#tVhl4lnBToB7ejzvTZO6_9>Kpg_W<Rmc2VcMEfGwVm=Uy`;G7ilbj+
z;_@>WMfW24XZ1cMxg83=*}q%MGQQT8wJ2s{&^cMOc<3|FGOpF&?3gHliU0Z9;qppg
zZvOtybmpx&dM1^Ub5VO)n60;_`68)j8P!b;E^0S?iLljZ5slpoMIU-Z2{;Z8ND#i~
zO2oEiF#Y*9Xm2|GYODRCF?fRub-j1zk%@~XI%Yex`XiG(TZqnE;P;iScsjioT9}L#
zHpaI~gMVp!D^fhH^X&{2b35vuO*JdLe+5Ci`^aI<=tBNwbWHxG)XW95rw7uT!0Ap=
z=_w_{fYZE>)(cM8Q*Vp<N3^ZZ#2d;*f0CcMd8j>jSw>~9e}`JFqry-wg00wJPuW70
zxtTx4Q{{eJbi?mCYNa{(dj~N~S%%t7y#%Czva8qvV{c}#fl7cF8-vPIQ%#m44@y0%
z{MDG0M;<1J<;GHaacy%dzG7DySc^^dlvnlqO=Yy_gq1h1d>8(ZWEh}c6*-}D`KC$R
zpes*Cfhw0O1AX+n`iZ8MOBI{iKd+0$-xSvOO}uj^MYyh7*Z11yyzI95wz=5k!pkS?
z9JgsxF7}fp?C4Z-q-4&2EZ$gbGknPu$c#9=av+hgR(-Nr49~$u%Fb0m)#Lahv@$#m
z^OgTS-qtw&G+&=gEoo$_9i9WR=9<x(Nw0n|bA-c&bf_kbP}uK%kpegs?9a41lcdM;
zRWREA=Z*huw5`-d2rJABwq}u}C-HeQ*=mP$TuzXp1pfatuK(bSJ72#lg7Fi#0Nla`
zT)|(xl>RVd=jP-)x<r(chLU(q>Eg)8AijTNEsfBn{@}af*T%G~=fml=pY!*m_k;J{
zy|$}Kppqdh&Y$q#s6JmAp@3lg_&}PQDrqs$3sn<vtyh!HGcmQDOv|nA_i9)?54-;)
zXUQq-b;SJA(7dL`(*$g1dJ<NvE9(p?)iiC#_Q=VxWvd%ag{t`)owYdx;kpZDruj|_
zZMA(Ks;t@VKjhqJA|G6(JqrAi?kkgQcJ#^N<8V0ozHGUDdz#ZnbKA*gV^t-QkyM0c
zs9_?bdR25nb3!qNUh+zujNNCRX9NKgjdDTtfT6`J--kBFwl_Zgsk3Nkuzxq{`O?$O
z^Ih(ST<#B=u-SN(6I`2usOXWe<DK!dtKs8R6ul@4miXFg@pP}qSp~)~XC9oqWa|)(
z^9dv2Q+0EYr*w6`?a6l5=gwYeLG-onOGJcStW}vY5%m<23YYc>4-G5vay3I_<N+ba
zg}D)oP-^OwI9D=MhdRjoNyIAl?q*lseFicy5j8}7klrKR)=DLp(?zq-uRlrUdH%6_
z*U|FK+;R>3`b$Junw(4t+Je4fF(-<<*^1Wn_jsy|=wOli{_L9FoNI{gB=_@@Q!YHW
zi^PVl#LMGUNRhl5AKG&V%19*MlL@~0T^}=k;X$$RlKmt%^TXNd3dBxXiTbb)Ceb(z
z>*<#pGTIPbXuR!qYtHwT$*0V;0IESE!!ZYGzVh_3uLQlk4%Tc18>Ra>w=Wr2)p`YL
zH(ti&h-(;&KUL&l6%8t&>XwaNVyr8C;2ANJud}}Ab)Y!XKX>+4%t6%1O#R?S!w*|a
z{7F-CAq&&MRbetUCYI-}CTKcF*QFZH-RA+tIjvJ)r0(c85nm5N22l&7Qn8XbC=<yC
zdy2lL?V{sLGnUsw0RRd?)VwK3e!Z@?+Ss$>W}DH0_nTmpV#Pwp__%4v(KX^QT&QJu
zOB44`5<bQFvr`8|tCT-ab*;_6^e~scp7bn4KyuZrB8Gx7=+Y|RiE5$_;(q5O=Ys1e
zC8^F@l9PQ?|84Y(@G3t<{4+hXdrxN02a<%#t_m-cl}?wo<}oO+hfsN)80d*MM$;wd
zofxJpwFtBqVTmK}2pa!^B#N2X`Xr&Ks2FgI`u2JtSLS+uxlNw9aJRyTYKq+H&aG$`
z>h@oBH-6nZ)1Kw`?8cOEcVML&St!TEkBY(^t)~LscI&R|oc7Db-Tn-3rH@7qxi!;U
zQ=Bp#&zmegxFVY*N&A{N^T9bi*Vr-KpJiNP^k=u<6r=PJ;lP4<S=!22*o_rG85e$@
zQVO<UGfZc(rkBizM~TbNTTOjSTE*%L4!22ezRU<$aO8bZg-0X_JH{xR=bXR)WQWXt
zEH}M`emM7NtlRX<`EeP;I;9)Af2uNb3<$r%HP7BG7pQH0FZ1DClrXOwXLx;<x0VJl
z{=qm%bXs!sPN8u`LSu8Jayw?l5@6P^34bl{hSl6zLQ^X#R!b{7{jEQ_?SO28p45-~
z)+{xpANwROqQqw1rh|qvdK$yJkLt%ij&^fv<>B{9{e@Zbq76P0tK(l>$kxRt==|Vk
z(EA;zAacWUbjbaAL(c7>RB02#TuVMj`NmaUoUW15^QR(9`NS%>?k;2HXMRXB?afIF
z)Fg%0n~fhOUmur{rj#<-t5tJNV?Ie)#y@1#%^UIaS}k$=SyRHwIaarOg0ZB#Iveq7
z?s**h+5E2sMw+CjGpAyIEr)dbkqB{c1*EQ+a&)Myn8gbWf&ZXUuo_L{T%fO9v1gic
zzV@`xz=Z!U+Tc&iYgzFX8~%c};@ffGZhc&kAlXV=8L)0CsJSbgc|kK?_YdKXFI}m7
zuJ(ENp0B-+&vML1lrhsd#Th+!Exx+_U2T+7{cVa;`Eblfy^RU)CmdNZjxM^fTw}@J
zFUt12+PxHytR999F<Ez<@BJ+|aYCF}gQPI>gNt$SVj8MprMAXnTr=I_gOxzx5*feN
z;AJ_t>!bG7A4iy$@^0mqg`k>ih|M1{*;H!1zB60DV`o;JQ}3xH=J@+!qq^eKHv^{@
zqW6Rqou=Hjs#LT{stcL(yJjk7R-$~dQNC-d4I$u{2>n=xqA8wv&>DGj>XL>~Atr*v
zVjIGrS;T4XvNo9ns7My<O;M096FnuIx%)eEb<HrjQ0C0!DceH174I>bvic{=FUC5%
zO^O5k{2iyqD$VH{0$SGB>++@Jrk@5psos*iEX`|QCUxbFVOF?EkxY$TT$Mk=@3S;I
z8mlP}pVo|AG|o6Jn$v@2+Z#zAedYRW%l5OSYsyKR505)TVoG0a8eQ$5yIMK-tf`p#
z=fu54>EIi#`aGD}Rc^Cq-Ca)Rz?U#*$E!B856h3t;(F0z!e%9bQ@VcIgsei_`IM)m
zCBrQx*roj{U(;TzL{Y4-u50$eJn6Z<l^EadXE(YWMwq*cUb|j@Yb5i<R5&27<)-jk
z61|-Hq6ZBvGuFb%sr_fK2%q-4djAVw{mU2q8hYyPvF5|MOLLXsq$EG2p7t*|%#G)r
zcuQj`QF?-ClK%3bTVZp4@QTGy+3fZ$XDxx?1R|$}mFbo5nm5_LQ0DtQXq`yz!Kf1l
zWeA)iSG>$fu1~eC7FiH+^!UR*YG6!Y^%e`!*!O#qJPfQ~wCII)etzxKaCGs#==)1U
zOmcm0icbBpC8-eSw*8h${dw~lO7?ZrkyAI{>^>>}d~pBjquLw(=32!!EW;T$DpFiR
zQ$w|1TU>n1JHfW*|I+@-oO)70)9MG63`x7U`lK5htr3x{yNPO7l9N7<)Hi7plxPGB
z27ILHq!1Gum2us5bFsccjlbu(RJ`%0ZBUK0%YTMhSIhhQW^E&1zZH+==q3C5x%?9Q
zTEsJ-PUkH9KAQ{<gXA+gmr@?syf;ewZBi3=>yg<6=k++&a(TJaeSkFg%wvjgYA;uF
zFwR%M=(eAuzuEDv{l43@rl8}Pq%C;2Ds#2Y0C&~p;Lgp$h<r|d)ga=7;l><`J-#Z;
zH|5(}J=cR`qPF6zDR@M(Zn{{yOYb}k?Nu{bdOuTFXl)SQN4I>gG4Z9N;dTLWuv>PG
zmHY1!3JPK-l6Ss~3SI$0oND}AL0G*DTU*!xhgyCTe!JCH*2Z=5F-@W~jeG=2g7CE;
zuUb|JDE4G*wz`vL#Rw7Brjem%k_h|yh|GDDv|#(zz|qP(OWjuUEwgF;@DB!pEBa$D
zxuSIU1A{-$BpdV)DzX>l>IJGKC77=}zf}H#Y_DXt-lxJK?YBLsB2&#t4UHZK($u>s
znvY?gGEd07?^+m7ynUIazQcYuXy^1F$J<wLH5xZP;R=_TX>T(&7#(35*H~Sc&}xW2
zrPo(1Xr9G?N%^zcBdTm(ZTnL>+#dt)7hvKG*1KkSU6#}Zi&{zd>?i_QGWa+Bs-j<A
zpt{%<_58s**6->A-DQ4n(GQ%|xLSkQ7j3fUbH|q-%^X~`xU3MX=^Jm>{@~T!O773o
zISGgU{0`|F(O=9YcK<Lw7&ppRdcPLe!nVVmne3ZQ)<vBunCBFeyczc7flNrk-IHx}
z)-E^bO^OQeGv^NQx;~vY<sVa9vpwH+ZcmcTe$A<%)rjk!u<o#I7|!_-l{fqJt%}VK
zPb_#R&H2lP961ALe-PH9-~J>>S(7J7j?G_o36~xBXMRLKH8-9+ORi##qGrt1?fa^7
zMnh?+nf7@a{pniXo{y=E@0uDUsOeVJM9TIkvm2vnJcnuCKDq1Xa_^jn2I2Lr5&p_2
z5pP?(irUw@X@6^V1OLGA;ZCi%RC^Cs)jKNX`+3hp=oRltvUINV{AuJA_1!kC(+Org
z<+-+fH8|sL!ngCP*)ByHV!NqQt!vw!m>8?Ca?dB&*}@-?wt5(8Je(lY3Tk^#v%Wum
zp~1I4d2mN!Q|A}BgeDUu47WuSjoXC?CGm)z*!-1S(GaM*dM?9lY0C4Pr^hEcF$$V5
zG!2fL)rqC&966^xX}IS6>{vyM=M&{;8Fc74>-%UXRxjq%rO#7bk`3kJx_E749=$QI
zLWkcG8x`xz7h(7G^`0=ebhy!5X3(5uvt#=8E~TR9LAipo)2G9kI3_cnu0Es5jhwqc
z11FPuzO;G!X|YRes)Xe-dtR%AquHcnlATW-E2QToc~`Y0IN3C056h@ApY#=eRh-9N
zY6HTTvFlUG54S`vaWC0N4`)|+0lEE=nJF2!)>m>`Eb`dGBuw)8E;asg`9MwC@{Ig?
z=8Kt<h+C!nCG4TnXS(~dtg6FsDFNmkHKZ=gxYs6T*3QLjc7&pBT6fj;Bj)<R8#IA=
zIFB>nU93qWFYQxJMhfx?91iUi)|%fu9G$zY5`Jo}&)Z>vHJ!UW(?M0V=BVM(p+$N5
zl<64*8%{3vO(Qa)wiv~n>ac6+N*b&p!E^!3#hfm$)tJRu{c1dB4ot;dtR#H&lI`{y
z8CR@EpIO(%C@MAgEH*!Dsc^V3v3yUPen?2*H17va`fdgvvU9Fkoa`~%z8*7&*VoT6
z3q@PayvTa&(^y2Gt43EO?tIObhpu@3lZ7@ulCQ|HZ$Q#FpR)unWXAQ{r@t%GkrqWg
z^YB_(U1(Xx=x676p_AyV1q{Vae)l|^H7(9gvK(sq6s-ULQ+vzci<R>mwL28HWjFF_
zzn9h(oJ^)~>g?URFYTi6?PY`+I|r(Yg>~Ffg{y%pVVO|uI=I1K`SZdNBiqPrDfV)8
zP5zMcS{Z~t%Ec&W`nl&{x7y4l>nZF0d{-w{sb!ixEz)$Bwd08uH`{f$;!kE~SFTw9
z+!fKdy`@|{9Hq(AXk(h{)G$?`d9#eJK5B*8Xyaqay6m4CW_x{)kBQp9liuIHYVp{@
zbwc4;RKgR)O>Od+FLt`C8lz*PTfH(`)ZXW}iyplkG{a>~3zWQ{@prq+Ug^go+&io1
zX@U=Lr+pH2ej?LYO5pdN_vH$wT`SIyJlv%1&9jMbTX1dVk|dOJvTUJLOrNHxj1MZf
zXR5x~HAs(~8<c+iC4XtA@^iaNvGfv}FnnfJt>7?e_o<8Vh*6v>`KN#liONGe%_k3=
zc_u=&ipN;bvF1?ePA^#LiZC#4(C^Lh(m6KpZrH2I<keMPv~6z-vYYe?r<vHk^FDlz
z2wSz@BRjPh=6<eKAT}~_lbxijbi(POo6lQ-HoUczYz%AK9C!8vcEm&2mT#WHEmHg*
z4Sxx@(j9pb2E9mHK^7(=)f~$Sc5u%?S$H`+;h@?nnTbPwT~M0bCoKA~GPUuk?j_PY
zlU-REPq}tt{9dW@j{XckX<{4NQ&G_MowaBmx53myyYBkLt%AEa<<K~KTioSm-I<DM
z@k7P>l=Gb<25lkx&-8X<Y;Gr;nx&BRF^_fRS}cC@TFFX?Ll1TM>MK6v_pbZ#-3==)
zBsNf#mt@cDFkw1(p;@VtW$gUd*z8q)4us}<w?xg)l@)K3(!o;~&ntCBP1@i16&(Az
zIIZl<GVrbq>6EXO&S74F_uH;9^`yUZk7v8rL?`<W^~<7?>fEhaU$N|S`?C}FT8E!y
zWBP3;$lvToywjzpd-zE?yW-_TH`(#lhciH*(Wu){tG{XkpSYFWXS^}mfHY(E*HrN0
zO%7He8eJ>S==OVs%?y^&H?;2S9SzSPwfJ&v@alI=kpFTU;2+(-D3dqE-S8S=jq8tZ
zBeHuTwxj(lpCThI*KS9svrO=!VA6AYk!LzK(pd4z64WnYY(HtU1?Q6%v;2kw$+v>E
zepfOpi)sj;eb(=`)t^B=40a$p<xLp*T2=7Iu=P$~zwhlA09UoYvE;CaI=5)J)aR|N
zbIn{gZ?1hzEK7Bpl#5KZrMf!lWpXdw;%TFE!J2M=($s!Et;Aliz)`t{qjDF{>dcRv
zjDd+Sn*4KPcztAT2Ey^j*efmOKJ{S?iLq7`MFX3IyhlB=Q^3rrS;<xO{Ah{XcN_iG
zt9Bp4Udj92?OXRB#)!T6@R`$m)C4CUXeRwEdsBa8r$9mUfT}(7UIc*&!Aw`;LU!+G
zFL%y_p@LR2&-B|}<AR7!R4avPW4&X5Q(d|H+XI=Ywsi(6mNg;yQzv$L=`s?TX{qd7
zZ9Tm_?5te=_0-MUk(LUD0QeAm|9UDTBWdXCZYOE1Z)Y!QaKq1z4}4SdDuEBlhvoy!
z_$2k++`PaS2tIwu%dYlrd>HJ%pDPn&@KRs`u7XxkRsxi<2s9p#kV31V@X82Pw3I3u
zhm-q1dw><F-f;E;f0JI-*~-gK+0Mqz)=pB>&eg%|Iv*B|m6M~T`tR2JWMKvu2(-Ff
zjca$rKU2`gj+&RNU8ys?BJvb1SYVb2s4J^qQM}aFn!~Rw$p2hXT~%<FJMiAv{=SEK
zR<~!)Le|F2+g+Y8McKW*<nJT$k9rcwOF|x&S<Vn~hb&Pyojc_>9dBt)+CXAdZK)?{
zY)^fqE95n%k^;LG;u37hCNlhknl3z~fD%outrb#{K9xbq_DId0K)D-I$NiX+2N_bt
zI6!4?7jpa26!_CjgA`V4iaw>K!&;G%rvyC1iq-kwXhiOdzQ0OAIj3m-IN@=~q~iK5
zewDkgAMVZFWwm%j{!Rh685$_v@VvY5&4I;@P^L<Ga<ZWFo8+>mDMqbM(}XJ^NH(oR
z(t`L;2O&>4xtEfo5Tt}sV$aeOtj0lSjYGNblc>1|F;0<mA$U|<L{3xNSaN9wM<Iw!
zEtxdQc+<!Xny6*0F4TmI*94RMv}mRgznh{DU?AGC#CC+#BFIlXVmQ_4KTJljVkA*w
zxYwu{8HAt+`@lelWFUP|N|J9y`o3A;n690VamMnjpuEgu1wc?i>~SN<r3j-0;^$V(
zwhBVCigeCFuS@9$m9WnDBofFo`FW}GD7+iBcZlmOamx|1x+gxAvi)u%76}V=r=U|}
z=L++{pAeqL8_J*M3T1Yu)K*~KY-Y#PvQ2Ykg;9fFnr$(wIWaUXX4rzMA%3lU5;uKn
zEL>Wbe0xf6pylNCpom}09Mg<4p+Y`1I#Z&RjT%05l6mZ3r!bYx;yx!=rzPHodM^fP
z@0{Sxqn2wH-g%*|;2o7LxR5|*7rJ?6q_{v~ROf5)N-psSMfs;>*;TfWWX(cdd&K!4
zU!%Z~EY;;aqq{&#y_GvH8EZFu33fvHc-Yy~QX#;(g988j=YhfTVKEpKhVSoN|9K#B
zeE)jJ=lZ{FNB{$|0e>gx-^c&(!=NBG3>FJ14}(X8v-O{`SOgxNwa07#3J<ZNuu@Q)
z6x0ucf%;)lC`c?G2hoN@prJMZ57B``V<F|?a7e`QI&gSAL@yo*K>7*~9v2>u#baP>
zIOrJRrEriw0M|aK4UL5KvlJG4+=c{4;&?0)jYc2uQzROLINk@K4g6gFb1ac)tkm&-
zL85U0)CTP<Bw7k{d_0gCq!gsh7!(fDJ`4s8sRM(<LdwG;pgOPs`uKPtu^8;}@&F`A
zmScJWBp!9VEdYSP9q%jfd>DJY4gkPnAawvzkg)_%z+ck+W6l6z*F$14I1Hp-Q19_E
z0<Zu$n~#-;MM*)lVX=_84`6YSIS62-pmPv`z~G^44(JD2hroV@+K@0d0LF%bv7upX
z7#JHC#s;%aVqtWEYZIi+;CMi7FgkEBI>65hG!{k&xQ0RfV07SMbb#vyG!{k&9!3Ya
zu0dk)FgoxsI`A+$@Gv?+E<o#m(Se82frrrnu0xRWq+oPN!RU~J(E-j6Xn8O?!1W61
z2crX=M^Hbg4seBr_#qKc9Y}Dl9xo3Gu60lwR0k3P)qzAnbs)jD1X><c2ND6J1LP$n
z773#R38MoEqXP+}0|}!8<RG+O7#&C$9Y`1*Aj=@-0Wdm1o<sd$bO10qz<n4r7DfjE
zqXU4^0l?@$!RSE2=m7V6khXyPE2s@d2e{*e`oZWx!RP=v2#tl&0dgPW2ktweHW(df
z7#(OB9pF9@S{{rJG>i^3j1F*r1t|~Q3qWl!IxsLgK<-0hVRV4|E2tlg4w!ra3Bz+F
z49~$$60{C1j1F)=1ZfMn&xYDybb$Lhs2_|DFeicf!HfqC&yg@ZN8(^~!0;Ri!*e7K
zMh6VfkvJF~Fg!=X@Ei&5iy?Ypc#eeOITD8F;N}*lJQy7?JV(Ot90}%D(DuQM2Mo`V
zFg!=X@Ei%lb0iGUkuW?*O2K@tV0ey{g3$rPbEFh>JpS&zkM{up!}Gs+H`EV09srn=
zK>eUP02rQwi3&_CbUXkUo&zvE2Vi&(!0;S^;W+@qa{z|tU={{#Gngks`T&OK01VH;
zYz-O<!*c+J=U`R`6ALpQFgypdKbTk;9WXoxV0aFme?rTH;W?O1!uY}HK*8vM;W?Pt
z!juQ21BT}Sm^(wp4Tk3c4A1}O?9f;k9WXoxV0aFoVRXRo9Dw0D0K;<thUWkV$`1gB
z=Ku`P0SwG|!0`O<SplS9V0aF|@Em~QIRL|R0EXw_sRFcK7@h-I7#%P?2f(u`hz=N@
z12FkHcp?Ffh2c2>!*c+J=Ku`P0T`YGFgyofcn-ku9Dw0D0K;<thUWkb&jA>o128-X
z;PP__qfiJem?Qr4%m@V@<sLg*LLyN(u#SKDA(3b#*yexOKmcIDzCUim!`VQF9`gf_
zHjl-kz_UY8$3Of~NDKz#>OX8~Bnox>d>0M256r=i`JvHZ{~fpCK&Je|hCv~bU=9Yc
z9Y4ne{ea_VxmYxS`k!ZqULICAob5blsle-C|GD~w`oDh3>)#i(tUSE_ec1quMj`Qd
zTB@^WRdiHoss8&~0)m$6|4Hj4bv^97!E0}S8}+Ztf(BkL;LE@L25Gny8u8x^|1XYe
B5>5aB

diff --git a/documentation/esapi4java-2.0-readme.txt b/documentation/esapi4java-2.0-readme.txt
index f2b3e61b6..7f568fb06 100644
--- a/documentation/esapi4java-2.0-readme.txt
+++ b/documentation/esapi4java-2.0-readme.txt
@@ -11,7 +11,7 @@ File / Directory                                                        Descript
 |
 +---configuration/                                                      Directory of ESAPI configuration files
 |     |
-|     |---.esapi/
+|     |---esapi/
 |     |     |---waf-policies/                                           Directory containing Web Application Firewall policies
 |     |     |---ESAPI.properties                                        The main ESAPI configuration file
 |     |     `---validation.properties                                   Regular expressions used by the ESAPI validator
@@ -32,6 +32,7 @@ File / Directory                                                        Descript
 |     |---esapi4java-core-2.0-readme-crypto-changes.html                Describes why crypto was changed from what was in ESAPI 1.4
 |     |---esapi4java-core-2.0-symmetric-crypto-user-guide.html          User guide for using symmetric encryption in ESAPI 2.0
 |     |---esapi4java-core-2.1-release-notes.txt                         ESAPI 2.1 release notes
+|     |---esapi4java-core-2.2.0.0-release-notes.txt                     ESAPI 2.2.0.0 release notes
 |     `---esapi4java-waf-2.0-policy-file-spec.pdf                       Describes how to configure ESAPI 2.0's Web Application Firewall
 |
 |---libs/                                                               ESAPI dependencies
@@ -57,4 +58,4 @@ notes.
 Please address comments and questions concerning the API and this document to
 the ESAPI Users mailing list, <esapi-user@lists.owasp.org>.
 
-Copyright (C) 2009-2010 The OWASP Foundation.
+Copyright (C) 2009-2019 The OWASP Foundation.
diff --git a/documentation/esapi4java-core-2.2.0.0-release-notes.txt b/documentation/esapi4java-core-2.2.0.0-release-notes.txt
new file mode 100644
index 000000000..d51081b39
--- /dev/null
+++ b/documentation/esapi4java-core-2.2.0.0-release-notes.txt
@@ -0,0 +1,361 @@
+Release notes for ESAPI 2.2.0.0
+    Release date: 2019-MMM-DD
+    Project leaders:
+        -Kevin W. Wall <kevin.w.wall@gmail.com>
+        -Matt Seil <matt.seil@owasp.org>
+
+Previous release: ESAPI 2.1.0.1, February 5, 2016
+
+
+Executive Summary: Important Things to Note for this Release
+------------------------------------------------------------
+* Upgrade to require JDK 7 or later. JDK 6 is no longer supported by ESAPI.
+* Upgrade to require Java Servlet API 3.0.1 or later. See "Appendix: Dependency Updates (as reflected in pom.xml)" below for additional details.
+* 106 GitHub issues closed. (Note: Includes previously incorrectly closed issues that were reopened, fixed, and then closed again.)
+* Upgraded versions of several ESAPI dependencies (i.e., 3rd party jars), including several that had unpatched CVEs. See "Appendix: Dependency Updates (as reflected in pom.xml)" below for full details.
+* Known vulnerabilities still not addressed:
+    - ESAPI uses "vulnerable" version of AntiSamy (1.5.7), which is supposedly vulnerable to CVE-2018-100643. I have confirmed that AntiSamy--as currently used by ESAPI--is NOT vulnerable to this CVE as it only uses AntiSamy's CleanResults.getCleanHTML(). Furthermore, I believe that this CVE is a false positive. See my comments on this AntiSamy issue at https://github.com/nahsra/antisamy/issues/32#issuecomment-449595373.
+    - There is this critical CVE in log4j 2.x before 2.8.2: CVE-2017-5645. It is a Java deserialization vulnerability that can lead to arbitrary remote code execution. Some private vulnerability databases claim that this same vulnerability is present in log4j 1.x even though the CVE itself does not claim that. However, examination of this CVE shows that the vulnerability is associated with implementations of TcpSocketServer and UdpSocketServer, which implement fully functional socket servers that can be used to listen on network connections and record log events sent to server from various client applications. For ESAPI to be vulnerable to that, first someone would have to have an implementation of wone of those servers running and secondly, they would have to change ESAPI's log4j.xml configuration file so that it uses log4j's SocketAppender rather than the default ConsoleAppender that ESAPI's default deployment uses. Thus even if this vulnerability were present in log4j 1.x, ESAPI's use of ConsoleAppender makes it a non-issue.
+    - There is a known and unpatched vulnerability in the SLF4J Extensions that some vulnerability scanners may pick up and associate with ESAPI's use of slf4j-api-1.7.25.jar. (Note that OWASP Dependency Check does NOT flag this vulnerability [CVE-2018-8088], but others may.) According to NVD, this vulnerability is associated with "org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2". Fortunately, I have confirmed that this Java deserialization does not impact ESAPI. First off, the default configuration of ESAPI.properties does not use SLF4J, but even if an application should choose to use it, ESAPI does not include the slf4j-ext jar and it has been confirmed that the vulnerable class (org.slf4j.ext.EventData) is not included in the slf4j-api jar that ESAPI does. Unfortunately, this CVE is not patched in the latest SLF4J packages, so even if we were to update it to latest version (currently 1.80-beta2, as of 12/31/2018), any scanners that associate ESAPI with CVE-2018-8088 would still have this false positive. But the important thing to ESAPI users is to know that if this CVE is identified for ESAPI, that it is a false positive.
+    - Otherwise, ESAPI 2.2.0.0 addresses all know CVEs except for CVE-2013-5960 (which I have fixed in a private BitBucket repo, but getting it to be backward compatible is proving to be more difficult than anticipated.) Besides, if you want to use encryption in Java, I'd highly recommend using Google Tink, which is much more fully featured than ESAPI. (Tink allows key rotation, storing keys in various cloud HSMs, etc.)
+
+
+It was mainly because of these first two bullet items above that we bumped the release to 2.2.0.0 rather than to 2.1.0.2. (See GitHub Issue #471 for details.)
+=================================================================================================================
+
+                Basic ESAPI facts
+
+ESAPI 2.1.0.1 release:
+    177 source files
+    1547 Junit tests
+
+ESAPI 2.2.0.0 release:
+    194 source files
+    4140 JUnit tests!!!!!
+
+That's 2593 NEW tests!!!
+
+                GitHub Issues fixed in this release
+            [i.e., since 2.1.0.1 release on 2016-Feb-05]
+                          106 issues closed
+
+Issue #			GitHub Issue Title
+----------------------------------------------------------------------------------------------
+30		ESAPIFilter in RI should allow login page destination to be configured
+31		MySQL CODEC : "_" character not handled properly ?
+37		RandomAccessReferenceMap.update() can randomly corrupt the map
+71		java.lang.ExceptionInInitializerError in 2.0 version
+129		Add Logging support for SLF4J
+157		minimum-config deployment fails 
+188		SecurityWrapperRequest seems to mishandle/swallow allowNull argument
+209		Build an encoding function specific to HTTP/Response Splitting (tactical remediation)
+213		Provide a taglib descriptor (.tld file)
+223		DecodeFromURL fails when the input is &quot;&amp;#37;&quot; (without quotes)
+228		EncodeForHTML or other Encoding methods fail if there is a windows style path being encoded.
+234		Canonicalization might not be performed
+244		Unable to use the esapi taglib as esapi.tld file is missing in the ESAPI 2.0 GA release
+246		CryptoHelper::arrayCompare - leaks info about arrays
+247		XSS Cheat sheet on safe vs unsafe CSS property value syntax is inaccurate
+253		tag library will not function without ESAPI configuration
+255		Patch for /trunk/src/main/java/org/owasp/esapi/reference/crypto/JavaEncryptor.java
+258		isValidDate fails to identify injection attack      [[Note: closed as duplicate of 299]]
+259		JavascriptCodec is removing all backslashes
+265		Canonicalize function for the DefaultEncoder class does not handle URLs properly
+267		java.lang.ClassNotFoundException: org.owasp.validator.html.PolicyException
+273		Could not initialize class org.owasp.esapi.reference.crypto.JavaEncryptor
+274		Logger.log is is slow
+277		NPE in SafeFile.doDirCheck() on empty file path, needs null check.
+278		ValidatorTest fails with German default Locale
+280		HTMLEntityCodec.getNamedEntity not case sensitive
+281		missing assertions in SafeFileTest.java
+282		Difference between encodeForHTMLAttribute and encodeForHTML
+283		nekohtml fails ESAPI.validator().getValidSafeHTML();
+284		ESAPI.validator().getValidInput() returns misleading Exception
+285		Incorrect treatement of named html entities
+286		JavaLogFactory not thread safe
+289		ClickjackFilter after doFilter
+291		DefaultEncoder.canonicalize() Bug
+292		jsessionid validator regex in esapi.properties not applicable to ids generated by tomcat
+293		Canoniclizing out of EncodeforLdap or EncodeForDN if contains specific characters like &quot;(, ) #&quot; etc. messes up the input.
+294		Config Error
+295		ESAPI validator isValidRedirectLocation does not work
+296		CSS and images not working with ESAPIWebApplicationFirewallFilter
+297		ClassNotFoundException: org.owasp.esapi.reference.accesscontrol.DefaultAccessController AccessController class
+299		isValidDate fails with patterns ending with "yyyy"
+300		non-BMP characters incorrectly encoded
+301		encodeForHTMLAttribute escapes the forward slash
+302		HTMLEntityCodec#decode incorrectly decodes upper-case accented letters as their lower-case counterparts
+303		HTMLEntityCodec destroys 32-bit CJK (Chinese, Japanese and Korean) characters
+305		ClassCastException when using ESAPI logger
+307		Issue with decodeFromURL method in the DefaultEncoder
+308		AuthenticatedUser isCredentialsNonExpired() have todo comment, but default return false;
+309		Eliminate eclipse code warnings to improve quality
+316		Deprecate current HttpUtilities.setRememberToken() and replace with one not requiring user password
+317		Resource leak: This FileReader is not closed on method exit
+325		ClassCastException on SecurityWrapperResponse
+327		Construct &quot;&amp;amp;&quot; in Validator.URL is simple character class, not reference to ampersand
+329		AbstractAccessReferenceMap.addDirectReference not invariant
+333		logger is gettin class cast exception
+352		Possible threading issue in EnterpriseSecurityExceptionTest
+360		AuthenticatorTest.setCurrentUser() periodically fails.
+361		Update pom.xml to use latest Maven plugins
+364		Possible null deference found by Coverity (id # 1352406) in CipherTextSerializer class
+365		TLD not in Jar
+366		Need instructions for building and developing ESAPI in IntelliJ
+371		Synchronize instance with GitHub issues
+372		Use of vulnerable commons-httpclient:commons-httpclient:3.1 dependency
+373		Create File Validator that checks Magic Bytes as Opposed to Extensions
+374		Email Validator does not accept + and longed domain names while it is allowed in ICANN
+375		java.lang.NoClassDefFoundError - .StrTokenizer
+376		Infinite or very long loop in URL validation URL
+379		WAF: GeneralAttackSignatureRule fails to process request with single parameter.
+381		Update ESAPI&#39;s pom.xml to address vulnerable 3rd party components
+383		SecurityWrapperResponse is overwriting http status codes that conflicts with RESTful Web Service protocols
+385		Method logSpecial in DefaultSecurityConfiguration is private and cannot be overriden by subclasses
+386		Avoid using System.err in EsapiPropertyManager
+387		&#39;mvn site&#39; fails for FindBugs report, causing &#39;site&#39; goal to fail
+389		Provide an option for the encodeForLDAP method to not encode wildcard characters
+394		Refactor Validator.getCanonicalizedUri into Encoder.  
+395		Issues when I am passing htttp://localhost:8080/user=admin&amp;prodversion=no
+396		Trust Boundary Violation - while triggering veracode
+397		Update Resource path search to maintain legacy behavior in DefaultSecurityConfiguration.java
+398		addHeader in SecurityWrapperResponse has an arbitrary limit of 20 for the length of the Header name
+399		Fix Build Error when using mvn site
+400		Create a unit test for SecurityWrapperResponse
+403		Refactor all &quot;Magic Numbers&quot; in the baseline to use ESAPI.properties configurations
+414		canonicalize falsely recognizes HTML named entities
+417		Add additional protection against CVE-2016-1000031
+422		Inconsistent dependency structure and vulnerable xml (xerces, xalan, xml-apis ...) dependencies
+424		issue with Filename encoding for executeSystemCommand
+425		Project build error: Non-resolvable parent POM for org.owasp.esapi:esapi:2.1.0.2-SNAPSHOT: Could not transfer artifact 
+427		HTTP cookie validation rules too restrictive?
+429		Miscellaneous updates to pom.xml
+432		ESAPI.properties not found.
+433		Class Cast Exception when trying to run JUnit Tests
+435		DefaultEncoder exhibits &quot;double checked locking&quot; anti-pattern
+437		CVE-2016-2510
+438		EncryptorTest.testNewEncryptDecrypt() fails for 112-bit (2-key) DESede if Bouncy Castle provider is installed as preferred provider
+439		Tighten ESAPI defaults to disallow dubious file suffixes
+442		Remove deprecated fields in Encoder interface
+444		Delete deprecated method Base64.decodeToObject() and related methods
+445		A bunch of dependencies are out of date , I will list them below with the associated vulnerability
+447		can&#39;t generate MasterKey / MasterSalt 
+448		Clean up pom.xml
+454		about code eclipse formatter template question
+455		New release for mitigation of CVEs
+457		when run jetty ,can not find  esapi\ESAPI.properties
+461		Eclipse setup issues
+462		Allow configurable init parameter in ESAPIFilter for unauthorized requests
+463		Create release notes for next ESAPI release
+465		Update both ESAPI.properties files to show comment for ESAPI logger support for SLF4J
+
+
+-----------------------------------------------------------------------------
+
+        Changes requiring special attention
+
+* Various deprecated methods were _actually_ deleted! This could break existing application code.
+
+    442		Remove deprecated fields in Encoder interface
+
+        Specifically, if you are using any of these previously deprecated fields from the Encoder interface, you need to update your application code to refer insteat to the constances from org.owasp.esapi.EncoderConstants:
+
+                public final static char[] CHAR_LOWERS = EncoderConstants.CHAR_LOWERS;
+                public final static char[] CHAR_UPPERS = EncoderConstants.CHAR_UPPERS;
+                public final static char[] CHAR_DIGITS = EncoderConstants.CHAR_DIGITS;
+                public final static char[] CHAR_SPECIALS = EncoderConstants.CHAR_SPECIALS;
+                public final static char[] CHAR_LETTERS = EncoderConstants.CHAR_LETTERS;
+                public final static char[] CHAR_ALPHANUMERICS = EncoderConstants.CHAR_ALPHANUMERICS;
+                public final static char[] CHAR_PASSWORD_LOWERS = EncoderConstants.CHAR_PASSWORD_LOWERS;
+                public final static char[] CHAR_PASSWORD_UPPERS = EncoderConstants.CHAR_PASSWORD_UPPERS;
+                public final static char[] CHAR_PASSWORD_DIGITS = EncoderConstants.CHAR_PASSWORD_DIGITS;
+                public final static char[] CHAR_PASSWORD_SPECIALS = EncoderConstants.CHAR_PASSWORD_SPECIALS;
+                public final static char[] CHAR_PASSWORD_LETTERS = EncoderConstants.CHAR_PASSWORD_LETTERS;
+
+    444		Delete deprecated method Base64.decodeToObject() and related methods
+
+        Specifically, the following methods were removed from the org.owasp.esapi.codecs.Base64 class. If you will using any of these methods, you likely already had vulnerabilities in your application code. If any of these methods were being used, you will need to rewrite your application code:
+
+                public static String encodeObject( java.io.Serializable serializableObject )
+                public static String encodeObject( java.io.Serializable serializableObject, int options )
+                public static Object decodeToObject( String encodedObject )
+        
+* Various properties in ESAPI.properties were changed in a way that might affect your application:
+    439		Tighten ESAPI defaults to disallow dubious file suffixes
+
+        Specifically, the property HttpUtilities.ApprovedUploadExtensions changed from
+            HttpUtilities.ApprovedUploadExtensions=.zip,.pdf,.doc,.docx,.ppt,.pptx,.tar,.gz,.tgz,.rar,.war,.jar,.ear,.xls,.rtf,.properties,.java,.class,.txt,.xml,.jsp,.jsf,.exe,.dll
+        to:
+            HttpUtilities.ApprovedUploadExtensions=.pdf,.doc,.docx,.ppt,.pptx,.xls,.xlsx,.rtf,.txt,.jpg,.png
+        so if you were relying on your application to legimately accept an of the dangerous file types that were removed, you will need to update this property in your application's ESAPI.properties file accordingly.
+
+    - Several other properties related to the ESAPI Validator interface (typically through one of the isValid() methods) have had their default values which it uses modified. This mostly affects the use ESAPI.validator().isValid() calls, use of the class org.owasp.esapi.filters.SecurityWrapperRequest (which extends HttpServletRequestWrapper and is often used separately), as well as the ESAPI servlet filter, org.owasp.esapi.filters.SecurityWrapper, that uses it SecurityWrapperRequest. The following ESAPI properties are affected. If you are relying on any of these properties, you should review your application to see if / how it might be impacted.
+
+            Validator.HTTPContextPath:      Changed so that '/' is no longer a valid character.
+            Validator.HTTPHeaderName:       Changed so that the max size of a valid HTTP header name increased from 50 to 256.
+            Validator.HTTPJSESSIONID:       Changed so that valid HTTP JSESSIONID length increased from 30 to 32 characters.
+            Validator.HTTPParameterName:    Changed so that '-' is now considered a valid character for an HTTP parameter name.
+            Validator.HTTPParameterValue:   Changed so that some additional characters are allowed and length is limited to 1000 characters; i.e., changed from:
+                                                    Validator.HTTPParameterValue=^[a-zA-Z0-9.\\-\\/+=@_ ]*$
+                                                to:
+                                                    Validator.HTTPParameterValue=^[\\p{L}\\p{N}.\\-/+=_ !$*?@]{0,1000}$
+            Validator.HTTPQueryString:      Changed lots of things. Specifically, changed from:
+                                                    Validator.HTTPQueryString=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ %]*$
+                                                to:
+                                                    Validator.HTTPQueryString=^([a-zA-Z0-9_\\-]{1,32}=[\\p{L}\\p{N}.\\-/+=_ !$*?@%]*&?)*$
+                                                (Left as an exercise for the reader to figure out what exactly this means. ;-)
+            Validator.HTTPURI:              Changed to be much more restrictive; i.e., changed from:
+                                                    Validator.HTTPURI=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$ 
+                                                to:
+                                                    Validator.HTTPURI=^/([a-zA-Z0-9.\\-_]*/?)*$
+            
+
+-----------------------------------------------------------------------------
+
+        Other changes in this release, some of which not tracked via GitHub issues
+
+* Updated minimal version of Maven from 3.0 to 3.1 required to build ESAPI. 
+* Miscellaneous minor javadoc fixes and updates.
+* Added the Maven plug-in for OWASP Dependency Check so 3rd party dependencies can be kept up-to-date.
+* Updated .gitignore file with additional files to be ignored.
+* Changed many additional assertions in ESAPI crypto to explicit runtime checks that throw IllegalArgumentException instead. If you were using ESAPI crypto correctly, it shouldn't affect you, but if you were calling it incorrectly, you may now immediately get an IllegalArgumentException rather than something like a mysterious MullPointerException much later on.
+
+-----------------------------------------------------------------------------
+
+                Contributors for ESAPI 2.2.0.0 release
+
+Notice:
+    My appologies if I've missed anyone, but I have went solely by GitHub's record or *merged* PRs closed since 2.1.0.1 (i.e., > 2016-02-05).  If you submitted a patch file that was included with some other PR or worked with someone else that contributed a merged PR, drop me an email.  It is not my intention to slight anyone's contribution. If you can provide evidence of this, we will add your GitHub ID to this list.
+
+    Note that some of you may have submitted PRs that were rejected or closed for other reasons (such as being a duplicate, etc.) If you feel that you should still be mentioned here, shoot me an email and make your case and I will discuss it with my project co-lead, and you might be added to these release notes retroactively.
+                                                    - Kevin W. Wall
+
+Project co-leaders
+    Kevin W. Wall (kwwall)
+    Matt Seil (xeno6696)
+
+Special shout-outs to:
+    Jeremiah Stacey (jeremiahjstacey)
+
+List of all PRs closed since 2.1.0.1 (2016-Feb-05) -
+        List includes merged AND rejected PRs
+
+  52 Closed PRs since 2.1.0.1 release
+  ===================================
+#362 by artfullyContrived was merged on Feb 9, 2016 -- Update pom.xml to use latest Maven plugins
+#367 by drm2 was merged on Apr 9, 2016 -- Adding IntelliJ Tests setup documentation
+#368 by bkimminich was closed on May 7, 2016 -- Enable Travis CI build
+#369 by artfullyContrived was merged on Apr 22, 2016 -- Packages the esapi.tld into the jar file.
+#370 by kravietz was closed on Sep 23, 2018 • Changes requested  -- Integer overflow in for loop
+#378 by sunnypav was merged on Jul 21, 2017 • Changes requested  -- #302 HTMLEntityCodec Now decodes cased accented letters properly
+#380 by mickilous was merged on Jul 16, 2017 • Approved  -- Support of Cookie without maxAge set
+#384 by matthiaslarisch was closed on Oct 5, 2018 -- this commit fixes #385 changed visibility of method 'logSpecial(...)' from private to protected and #386 to avoid System.err output
+#388 by augustd was merged on May 13, 2017 -- Suppress CVE-2016-1000031 in dependency check Build-Maven
+#390 by JoelRabinovitch was merged on Jul 3, 2017 -- Issue 389
+#391 by xeno6696 was merged on Jun 18, 2017 • Approved  -- Issue #376 -- Addressed Kevin Wall's CR comments.
+#392 by xeno6696 was merged on Jun 18, 2017 -- Issue 376 -- Added missed null check on regex pattern.
+#393 by xeno6696 was merged on Jul 16, 2017 -- Issue 316 -- updated code to account for httpOnly and Secure cookie …
+#401 by xeno6696 was merged on Jul 16, 2017 -- Updated pom.xml so the base compile version is 1.7 instead of 1.6. T…
+#402 by xeno6696 was merged on Jul 16, 2017 -- Issue #398 -- Fixed hardcoded instance of HTTP header and made it con…
+#404 by xeno6696 was merged on Jul 21, 2017 -- Added simple unit test to validate changes that made HTML entities al…
+#405 by xeno6696 was merged on Jul 24, 2017 -- Multiple issues, #403, #400, #383, #405
+#406 by xeno6696 was merged on Jul 24, 2017 -- Issue #317 -- Fixed resource leak. Special thanks to eamonn.
+#407 by augustd was merged on Jul 27, 2017 -- Update antisamy xom
+#409 by xeno6696 was merged on Jul 27, 2017 -- Issue #327 got rid of misleading HTML entity in URL regex.
+#410 by xeno6696 was merged on Jul 28, 2017 -- Issue #292 && Issue #403 -- Updated default regex size for jsessionid…
+#411 by xeno6696 was merged on Jul 30, 2017 -- Merging commits related to #403.
+#413 by xeno6696 was merged on Aug 11, 2017 • Approved  -- Issue #300 -- Fixing ESAPI's inability to handle non-BMP codepoints.
+#415 by xeno6696 was merged on Aug 11, 2017 -- Issue #281 -- Updated unit tests with missing assertions.
+#416 by xeno6696 was merged on Aug 11, 2017 -- Issue #278 -- Added default local to date test to avoid non-us unit t…
+#418 by xeno6696 was merged on Aug 11, 2017 -- Issue #281 -- added windows escape char to blacklist in SafeFile to a…
+#419 by xeno6696 was merged on Aug 21, 2017 -- Catching up ESAPI.properties prod and test version.
+#420 by xeno6696 was merged on Aug 26, 2017 -- Issue #284 -- Restored original canonicalization behavior due to issu…
+#421 by xeno6696 was merged on Aug 26, 2017 -- Adding mocking frameworks for testing. Also added joda-time in preparation for date fixes.
+                                               [Note: A later PR removed joda-time, as it was not really needed.]
+#426 by NiklasMehner was merged on Nov 6, 2017 -- Fix configuration loading: Use value instead of constants also update vulnerable dependencies
+#428 by JoelRabinovitch was merged on Nov 26, 2017 -- Fixed the encoderForLDAP method to use a "switch" statement as was suggested by the maintainer.
+#430 by kwwall was merged on Feb 22, 2018 -- Close issue #429.
+#431 by jeremiahjstacey was merged on Feb 22, 2018 • Approved  -- Jstacey 135
+#434 by xeno6696 was merged on May 13, 2018 -- Moved esapi.tld into the correct resources location. Fixes issues #2…
+#436 by tom-leahy was closed on Aug 27, 2018 -- Add unicode letter/number support for fileName validation enhancement
+#440 by kwwall was merged on Sep 23, 2018 -- Close #439 by racheting down default allowed file suffixes used with file uploads
+#441 by kwwall was merged on Sep 23, 2018 -- Close #438 by loosening JUnit test case assertion
+#443 by kwwall was merged on Sep 23, 2018 -- Issue 442
+#446 by jeremiahjstacey was merged on Sep 26, 2018 -- Issue #129 SLF4J Logging Structures
+#449 by kwwall was merged on Oct 8, 2018 -- Close issue #448
+#450 by kwwall was merged on Oct 8, 2018 -- Issue 444
+#451 by kwwall was merged on Oct 8, 2018 -- Log special
+#453 by jackycct was merged on Nov 2, 2018 -- #304 encodeForCSS breaks color values
+#456 by JasperXgwang was closed on Nov 8, 2018 -- fix bug not found in classpath when run with jetty or tomcat
+#459 by simon0117 was merged on Dec 20, 2018 -- Eclipse setup updates
+#460 by simon0117 was closed on Dec 20, 2018 -- ESAPIFilter in RI should allow login page destination to be configured #30
+#464 by kwwall was merged on MMM DD, 2019 -- Misc release cleanup
+#467 by jeremiahjstacey was merged on Jan 06, 2019 -- AuthenticatorTest Stability #360
+#468 by jeremiahjstacey was merged on Jan 22, 2019 -- Date validation rule 299
+#469 by jeremiahjstacey was merged on Jan 15, 2019 -- AbstractAccessReferenceMap Issues #37 #329
+#470 by jeremiahjstacey was merged on Jan 15, 2019 -- JavaLogFactory Thread Safety #286
+#472 by jeremiahjstacey was merged on Jan 21, 2019 -- Issue #31 MySQLCodec Updates
+#475 by jeremiahjstacey was merged on Jan 27, 2019 -- Issue #188 resolution proof: Test updates
+
+List of contributors of *merged* PRs, listed (rather naively) by # or merged PRs:
+        # merged PRs    GitHub ID
+        -------------------------
+             19         xeno6696
+              8         jeremiahjstacey
+              8         kwwall
+              2         artfullyContrived
+              2         augustd
+              2         JoelRabinovitch
+              1         drm2
+              1         jackycct
+              1         mickilous
+              1         NiklasMehner
+              1         simon0117
+              1         sunnypav
+	========================
+	     47 merged PRs + 6 closed PRs = 53 PRs merged or closed
+
+
+Thanks you all for your time and effort to ESAPI and making it a better project.
+
+:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
+Appendix:   Dependency Updates (as reflected in pom.xml)
+
+
+Many 3rd party dependencies had known vulnerabilities (e.g., CVEs reported to NIST's NVD, those reported via VulnDB, BlackDuck, SourceClear, etc.). We have tried to address all those of which we were aware and have updated the dependent 3rd party libraries to (where possible) the latest patched version.
+
+Note that in many places, these 3rd party dependencies were not *direct* dependencies, but rather *transitive* and since we are not able to force a direct 3rd party dependency to update their dependencies, in several cases, we have used Maven's <exclusions> tag to exclude specific transitive dependencies andthen explictly included their latest patched versions that did not cause JUnit test failures.
+
+Because the landscape of known vulnerabilities in 3rd party components is constantly changing and the OWASP ESAPI contributors do not have access to all private vulnerability databases, we may have inevitably missed some. In other cases, we have examined reported vulnerabilities and confirmed that as ESAPI uses and deploys the code in its default configuration, the claimed vulnerabilities are not exploitable. (Such is the case for CVE-2018-100643 as it related to AntiSamy 1.5.7 and earlier.)
+
+The following lists all new and updated dependencies. If a dependency is not listed below, the version used since ESAPI release 2.1.0.1 has not changed.
+
+New compile-time / runtime direct dependencies:
+    org.slf4j:slf4j-api:1.7.25 - Not actually needed in your application's classpath unless ESAPI.Logger is configured to use org.owasp.esapi.logging.slf4j.Slf4JLogFactory.
+
+New JUnit dependencies
+    org.bouncycastle:bcprov-jdk15on:1.60
+    org.powermock:powermock-api-mockito2:2.0.0-beta.5
+    org.powermock:powermock-module-junit4:2.0.0-beta.5
+
+Updated direct dependencies, by Maven scope
+  provided:
+    javax.servlet:javax.servlet-api:            2.5   -> 3.0.1
+    javax.servlet.jsp:javax.servlet.jsp-api:    2.0   -> 2.3.3
+
+  compile:
+    commons-fileupload:commons-fileupload:      1.3.1 -> 1.3.3
+    org.apache.commons:commons-collections4:    3.2.2 -> 4.2
+    commons-beanutils:commons-beanutils-core:   1.8.3 -> 1.9.3
+    com.io7m.xom:xom:                           1.2.5 -> 1.2.10
+    org.apache-extras.beanshell:bsh:            2.0b4 -> 2.0b6
+    org.owasp.antisamy:antisamy:                1.5.3 -> 1.5.7
+    org.apache.xmlgraphics:batik-css:           1.8   -> 1.10
+
+    Transitive runtime dependencies that ESAPI has now directly taken control off because of known vulnerabilities or other incompatibilities:
+        xalan:xalan:                            2.7.0 -> 2.7.2
+        xml-apis:xml-apis:                     1.3.03 -> 1.4.01
+        xerces:xercesImpl:                      2.8.0 -> 2.12.0
+
+  test:
+    commons-io:commons-io:                      2.4   -> 2.6
diff --git a/pom.xml b/pom.xml
index 35da50899..f929ab1ce 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,7 +3,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.owasp.esapi</groupId>
     <artifactId>esapi</artifactId>
-    <version>2.1.0.2-SNAPSHOT</version>
+    <version>2.2.0.0-SNAPSHOT</version>
     <packaging>jar</packaging>
 
     <prerequisites>
@@ -369,7 +369,7 @@
             <plugin>
                 <groupId>org.owasp</groupId>
                 <artifactId>dependency-check-maven</artifactId>
-                <version>2.1.0</version>
+                <version>4.0.1</version>
                 <configuration>
                     <!-- <failBuildOnCVSS>5.9</failBuildOnCVSS> -->
                     <suppressionFile>./suppressions.xml</suppressionFile>
diff --git a/src/main/java/org/owasp/esapi/Authenticator.java b/src/main/java/org/owasp/esapi/Authenticator.java
index 907739db1..57c090a46 100644
--- a/src/main/java/org/owasp/esapi/Authenticator.java
+++ b/src/main/java/org/owasp/esapi/Authenticator.java
@@ -111,8 +111,10 @@ public interface Authenticator {
 
 	/**
 	 * Verify that the supplied password matches the password for this user. Password should
-	 * be stored as a hash. It is recommended you use the hashPassword(password, accountName) method
-	 * in this class.
+	 * be stored as a hash. By default, this method verifies password hashes created via the
+     * {@code hashPassword(password, accountName)} method in this class, however see WARNING
+     * the {@code hashPassword} method.
+     * <p>
 	 * This method is typically used for "reauthentication" for the most sensitive functions, such
 	 * as transactions, changing email address, and changing other account information.
 	 * 
@@ -123,6 +125,8 @@ public interface Authenticator {
 	 * 
 	 * @return 
 	 * 		true, if the password is correct for the specified user
+     *
+     * @see #hashPassword(String password, String accountName)
 	 */
 	boolean verifyPassword(User user, String password);
 	
@@ -141,6 +145,13 @@ public interface Authenticator {
 	 * Two copies of the new password are required to encourage user interface designers to
 	 * include a "re-type password" field in their forms. Implementations should verify that 
 	 * both are the same. 
+     * <p>
+     * <b>WARNING:</b> The implementation of this method as defined in the
+     * default reference implementation class, {@code FileBasedAuthenticator},
+     * uses a password hash algorthim that is known to be weak. You are advised
+     * to replace the default reference implementation class with your own custom
+     * implementation that uses a stronger password hashing algorithm.
+     * See class comments in * {@code FileBasedAuthenticator} for further details.
 	 * 
 	 * @param accountName 
 	 * 		the account name of the new user
@@ -257,6 +268,13 @@ public interface Authenticator {
 	 * This method specifies the use of the user's account name as the "salt"
 	 * value. The Encryptor.hash method can be used if a different salt is
 	 * required.
+     * <p>
+     * <b>WARNING:</b> The implementation of this method as defined in the
+     * default reference implementation class, {@code FileBasedAuthenticator},
+     * is know to be extremely weak. The reference implementation class was
+     * meant to be an example implementation and generally should be avoided
+     * and replaced with your own implementation. See class comments in
+     * {@code FileBasedAuthenticator} for further details.
 	 * 
 	 * @param password
 	 *            the password to hash
@@ -266,6 +284,9 @@ public interface Authenticator {
 	 * @return 
      * 		the hashed password
      * @throws EncryptionException
+     *
+     * @see org.owasp.esapi.reference.FileBasedAuthenticator FileBasedAuthenticator,
+     *                          the default reference implementation of this interface.
 	 */
 	String hashPassword(String password, String accountName) throws EncryptionException;
 
diff --git a/src/main/java/org/owasp/esapi/crypto/CipherSpec.java b/src/main/java/org/owasp/esapi/crypto/CipherSpec.java
index e8836a38b..841b4ef15 100644
--- a/src/main/java/org/owasp/esapi/crypto/CipherSpec.java
+++ b/src/main/java/org/owasp/esapi/crypto/CipherSpec.java
@@ -350,8 +350,8 @@ public boolean equals(Object other) {
                       NullSafe.equals(this.cipher_xform_, that.cipher_xform_) &&
                       this.keySize_ == that.keySize_ &&
                       this.blockSize_ == that.blockSize_ &&
-                        // Comparison safe from timing attacks.
-                      CryptoHelper.arrayCompare(this.iv_, that.iv_) );
+                        // In all versions of JDK 7 and later, comparison safe from timing attacks.
+                      java.security.MessageDigest.isEqual(this.iv_, that.iv_) );
         }
         return result;
     }
diff --git a/src/main/java/org/owasp/esapi/crypto/CipherText.java b/src/main/java/org/owasp/esapi/crypto/CipherText.java
index 15a0b4675..608bb7eb9 100644
--- a/src/main/java/org/owasp/esapi/crypto/CipherText.java
+++ b/src/main/java/org/owasp/esapi/crypto/CipherText.java
@@ -470,7 +470,7 @@ public boolean validateMAC(SecretKey authKey) {
                                 "computed MAC len: " + mac.length +
                                 ", received MAC len: " + separate_mac_.length);
             }
-	        return CryptoHelper.arrayCompare(mac, separate_mac_); // Safe compare!!!
+	        return java.security.MessageDigest.isEqual(mac, separate_mac_); // Safe compare in JDK 7 and later
 	    } else if ( ! requiresMAC ) {           // Doesn't require a MAC
 	        return true;
 	    } else {
@@ -712,8 +712,8 @@ public String toString() {
                 result = (that.canEqual(this) &&
                           this.cipherSpec_.equals(that.cipherSpec_) &&
                             // Safe comparison, resistant to timing attacks
-                          CryptoHelper.arrayCompare(this.raw_ciphertext_, that.raw_ciphertext_) &&
-                          CryptoHelper.arrayCompare(this.separate_mac_, that.separate_mac_) &&
+                          java.security.MessageDigest.isEqual(this.raw_ciphertext_, that.raw_ciphertext_) &&
+                          java.security.MessageDigest.isEqual(this.separate_mac_, that.separate_mac_) &&
                           this.encryption_timestamp_ == that.encryption_timestamp_ );
             } else {
                 logger.warning(Logger.EVENT_FAILURE, "CipherText.equals(): Cannot compare two " +
diff --git a/src/main/java/org/owasp/esapi/crypto/CipherTextSerializer.java b/src/main/java/org/owasp/esapi/crypto/CipherTextSerializer.java
index 06a822607..413be36d2 100644
--- a/src/main/java/org/owasp/esapi/crypto/CipherTextSerializer.java
+++ b/src/main/java/org/owasp/esapi/crypto/CipherTextSerializer.java
@@ -62,7 +62,6 @@ public CipherTextSerializer(CipherText cipherTextObj) {
     	if ( cipherTextObj == null ) {
     		throw new IllegalArgumentException("CipherText object must not be null.");
     	}
-        assert cipherTextObj != null : "CipherText object must not be null.";      
         cipherText_ = cipherTextObj;
     }
     
@@ -90,22 +89,30 @@ public byte[] asSerializedByteArray() {
         debug("asSerializedByteArray: kdfInfo = " + kdfInfo);
         long timestamp = cipherText_.getEncryptionTimestamp();
         String cipherXform = cipherText_.getCipherTransformation();
-        assert cipherText_.getKeySize() < Short.MAX_VALUE :
-                            "Key size too large. Max is " + Short.MAX_VALUE;
+        if ( cipherText_.getKeySize() >= Short.MAX_VALUE ) {
+        	throw new IllegalArgumentException("Key size is too large. Max is " + Short.MAX_VALUE);
+        }
         short keySize = (short) cipherText_.getKeySize();
-        assert cipherText_.getBlockSize() < Short.MAX_VALUE :
-                            "Block size too large. Max is " + Short.MAX_VALUE;
+        if ( cipherText_.getBlockSize() >= Short.MAX_VALUE ) {
+        	throw new IllegalArgumentException("Block size is too large. Max is " + Short.MAX_VALUE);
+        }
         short blockSize = (short) cipherText_.getBlockSize();
         byte[] iv = cipherText_.getIV();
-        assert iv.length < Short.MAX_VALUE :
-                            "IV size too large. Max is " + Short.MAX_VALUE;
+        if ( iv.length >= Short.MAX_VALUE ) {
+        	throw new IllegalArgumentException("IV size too large. Max is " + Short.MAX_VALUE + " bytes");
+        }
         short ivLen = (short) iv.length;
         byte[] rawCiphertext = cipherText_.getRawCipherText();
         int ciphertextLen = rawCiphertext.length;
-        assert ciphertextLen >= 1 : "Raw ciphertext length must be >= 1 byte.";
+        // Coverity issue 1352406, GitHub issue # 364 - possible NPE later if assertion disabled.
+        // Replaced assertion with explicit check.
+        if ( ciphertextLen < 1 ) {
+        	throw new IllegalArgumentException("Raw ciphertext length must be >= 1 byte.");
+        }
         byte[] mac = cipherText_.getSeparateMAC();
-        assert mac.length < Short.MAX_VALUE :
-                            "MAC length too large. Max is " + Short.MAX_VALUE;
+        if ( mac.length >= Short.MAX_VALUE ) {
+        	throw new IllegalArgumentException("MAC length too large. Max is " + Short.MAX_VALUE + " bytes");
+        }
         short macLen = (short) mac.length;
         
         byte[] serializedObj = computeSerialization(kdfInfo,
@@ -129,7 +136,9 @@ public byte[] asSerializedByteArray() {
      * @return The {@code CipherText} object that we are serializing.
      */
     public CipherText asCipherText() {
-    	assert cipherText_ != null;
+    	if ( cipherText_ == null ) {
+    		throw new IllegalArgumentException("Program error? CipherText object, cipherText_, must not be null.");
+    	}
         return cipherText_;
     }
       
@@ -179,7 +188,9 @@ private byte[] computeSerialization(int kdfInfo, long timestamp,
         writeInt(baos, kdfInfo);
         writeLong(baos, timestamp);
         String[] parts = cipherXform.split("/");
-        assert parts.length == 3 : "Malformed cipher transformation";
+        if ( parts.length != 3 ) {
+            throw new IllegalArgumentException("Program error? Malformed cipher tranformation: " + cipherXform);
+        }
         writeString(baos, cipherXform); // Size of string is prepended to string
         writeShort(baos, keySize);
         writeShort(baos, blockSize);
@@ -199,9 +210,14 @@ private byte[] computeSerialization(int kdfInfo, long timestamp,
     private void writeString(ByteArrayOutputStream baos, String str) {
         byte[] bytes;
         try {
-            assert str != null && str.length() > 0;
+            if ( str == null || str.length() == 0 ) {
+                throw new IllegalArgumentException("Program error? writeString: str is null or empty!");
+            }
             bytes = str.getBytes("UTF8");
-            assert bytes.length < Short.MAX_VALUE : "writeString: String exceeds max length";
+            if ( bytes.length >= Short.MAX_VALUE ) {
+                throw new IllegalArgumentException("Program error? writeString: String exceeds max length of " +
+                                                   Short.MAX_VALUE + " bytes");
+            }
             writeShort(baos, (short)bytes.length);
             baos.write(bytes, 0, bytes.length);
         } catch (UnsupportedEncodingException e) {
@@ -218,13 +234,18 @@ private String readString(ByteArrayInputStream bais, short sz)
     {
         byte[] bytes = new byte[sz];
         int ret = bais.read(bytes, 0, sz);
-        assert ret == sz : "readString: Failed to read " + sz + " bytes.";
+        if ( ret != sz ) {
+                throw new IllegalArgumentException("Program error? readString: Expected to read " +
+                                                   sz + " bytes, but only read " + ret + " bytes");
+        }
         return new String(bytes, "UTF8");
     }
     
     private void writeShort(ByteArrayOutputStream baos, short s) {
         byte[] shortAsByteArray = ByteConversionUtil.fromShort(s);
-        assert shortAsByteArray.length == 2;
+        if ( shortAsByteArray.length != 2 ) {
+                throw new IllegalArgumentException("Program error? writeShort: Excepted byte array != 2 bytes.");
+        }
         baos.write(shortAsByteArray, 0, 2);
     }
     
@@ -233,7 +254,9 @@ private short readShort(ByteArrayInputStream bais)
     {
         byte[] shortAsByteArray = new byte[2];
         int ret = bais.read(shortAsByteArray, 0, 2);
-        assert ret == 2 : "readShort: Failed to read 2 bytes.";
+        if ( ret != 2 ) {
+                throw new IllegalArgumentException("Program error? readShort: Failed to read 2 bytes.");
+        }
         return ByteConversionUtil.toShort(shortAsByteArray);
     }
     
@@ -247,13 +270,17 @@ private int readInt(ByteArrayInputStream bais)
     {
         byte[] intAsByteArray = new byte[4];
         int ret = bais.read(intAsByteArray, 0, 4);
-        assert ret == 4 : "readInt: Failed to read 4 bytes.";
+        if ( ret != 4 ) {
+                throw new IllegalArgumentException("Program error? readInt: Failed to read 4 bytes.");
+        }
         return ByteConversionUtil.toInt(intAsByteArray);
     }
     
     private void writeLong(ByteArrayOutputStream baos, long l) {
         byte[] longAsByteArray = ByteConversionUtil.fromLong(l);
-        assert longAsByteArray.length == 8;
+        if ( longAsByteArray.length != 8 ) {
+                throw new IllegalArgumentException("Program error? writeLong: Expected byte array != 8 bytes.");
+        }
         baos.write(longAsByteArray, 0, 8);
     }
     
@@ -262,7 +289,9 @@ private long readLong(ByteArrayInputStream bais)
     {
         byte[] longAsByteArray = new byte[8];
         int ret = bais.read(longAsByteArray, 0, 8);
-        assert ret == 8 : "readLong: Failed to read 8 bytes.";
+        if ( ret != 8 ) {
+                throw new IllegalArgumentException("Program error? readLong: Failed to read 8 bytes.");
+        }
         return ByteConversionUtil.toLong(longAsByteArray);
     }
     
@@ -277,14 +306,21 @@ private CipherText convertToCipherText(byte[] cipherTextSerializedBytes)
         throws EncryptionException
     {
         try {
-        	assert cipherTextSerializedBytes != null : "cipherTextSerializedBytes cannot be null.";
-        	assert cipherTextSerializedBytes.length > 0 : "cipherTextSerializedBytes must be > 0 in length.";
+            if ( cipherTextSerializedBytes == null ) {
+                throw new IllegalArgumentException("cipherTextSerializedBytes cannot be null.");
+            }
+        	if ( cipherTextSerializedBytes.length == 0 ) {
+                throw new IllegalArgumentException("cipherTextSerializedBytes must be > 0 in length.");
+            }
             ByteArrayInputStream bais = new ByteArrayInputStream(cipherTextSerializedBytes);
             int kdfInfo = readInt(bais);
             debug("kdfInfo: " + kdfInfo);
             int kdfPrf = (kdfInfo >>> 28);
             debug("kdfPrf: " + kdfPrf);
-            assert kdfPrf >= 0 && kdfPrf <= 15 : "kdfPrf == " + kdfPrf + " must be between 0 and 15.";
+            if ( kdfPrf < 0 || kdfPrf > 16 ) {
+                throw new IllegalArgumentException("Program error? convertToCipherText: kdPrf is " + kdfPrf +
+                                                   ". Must be between 0 and 15 inclusive");
+            }
             int kdfVers = ( kdfInfo & 0x07ffffff);
 
             // First do a quick sanity check on the argument. Previously this was an assertion.
@@ -313,7 +349,10 @@ private CipherText convertToCipherText(byte[] cipherTextSerializedBytes)
             String cipherXform = readString(bais, strSize);
             debug("convertToCipherText: cipherXform = " + cipherXform);
             String[] parts = cipherXform.split("/");
-            assert parts.length == 3 : "Malformed cipher transformation";
+            if ( parts.length != 3 ) {
+                throw new IllegalArgumentException("Program error? Malformed cipher transformation. Expecting 3 parts to cipher transformation, " +
+                                                   "alg/mode/padding, but found " + parts.length + " parts (" + cipherXform + ").");
+            }
             String cipherMode = parts[1];
             if ( ! CryptoHelper.isAllowedCipherMode(cipherMode) ) {
                 String msg = "Cipher mode " + cipherMode + " is not an allowed cipher mode";
@@ -332,7 +371,9 @@ private CipherText convertToCipherText(byte[] cipherTextSerializedBytes)
             }
             int ciphertextLen = readInt(bais);
             debug("convertToCipherText: ciphertextLen = " + ciphertextLen);
-            assert ciphertextLen > 0 : "convertToCipherText: Invalid cipher text length";
+            if ( ciphertextLen <= 0 ) {
+                throw new IllegalArgumentException("convertToCipherText: Invalid cipher text length; must be > 0.");
+            }
             byte[] rawCiphertext = new byte[ciphertextLen];
             bais.read(rawCiphertext, 0, rawCiphertext.length);
             short macLen = readShort(bais);
@@ -391,8 +432,9 @@ private CipherText convertToCipherText(byte[] cipherTextSerializedBytes)
      *  					ciphertext.
      */
     private static boolean versionIsCompatible(int readKdfVers) {
-    	// We've checked elsewhere for this, so assertion is OK here.
-    	assert readKdfVers > 0 : "Extracted KDF version is negative!";
+        if ( readKdfVers <= 0 ) {
+            throw new IllegalArgumentException("Extracted KDF version is <= 0. Must be integer >= 1.");
+        }
     	
 		switch ( readKdfVers ) {
 		case KeyDerivationFunction.originalVersion:		// First version
diff --git a/src/main/java/org/owasp/esapi/crypto/CryptoHelper.java b/src/main/java/org/owasp/esapi/crypto/CryptoHelper.java
index f76308e56..2df0e34d1 100644
--- a/src/main/java/org/owasp/esapi/crypto/CryptoHelper.java
+++ b/src/main/java/org/owasp/esapi/crypto/CryptoHelper.java
@@ -325,27 +325,12 @@ public static void copyByteArray(final byte[] src, byte[] dest)
 	 * @return     {@code true} if both byte arrays are null or if both byte
 	 *             arrays are identical or have the same value; otherwise
 	 *             {@code false} is returned.
+     * @deprecated  Use java.security.MessageDigest#isEqual(byte[], byte[]) instead.
 	 */
+    @Deprecated
 	public static boolean arrayCompare(byte[] b1, byte[] b2) {
-	    if ( b1 == b2 ) {
-	        return true;
-	    }
-	    if ( b1 == null || b2 == null ) {
-	        return (b1 == b2);
-	    }
-	    if ( b1.length != b2.length ) {
-	        return false;
-	    }
-	    
-	    int result = 0;
-	    // Make sure to go through ALL the bytes. We use the fact that if
-	    // you XOR any bit stream with itself the result will be all 0 bits,
-	    // which in turn yields 0 for the result.
-	    for(int i = 0; i < b1.length; i++) {
-	        // XOR the 2 current bytes and then OR with the outstanding result.
-	        result |= (b1[i] ^ b2[i]);
-	    }
-	    return (result == 0) ? true : false;
+        // Note: See GitHub issue #246
+        return java.security.MessageDigest.isEqual(b1, b2);
 	}
   
 	/**
diff --git a/src/main/java/org/owasp/esapi/filters/ESAPIFilter.java b/src/main/java/org/owasp/esapi/filters/ESAPIFilter.java
index 9ca41f3f1..347743938 100644
--- a/src/main/java/org/owasp/esapi/filters/ESAPIFilter.java
+++ b/src/main/java/org/owasp/esapi/filters/ESAPIFilter.java
@@ -41,13 +41,24 @@ public class ESAPIFilter implements Filter {
 
 	private static final String[] obfuscate = { "password" };
 
-	private String loginPage = "WEB-INF/login.jsp";
+	private String loginPage                     = "WEB-INF/login.jsp";
+    private String publicUnauthorizedLandingPage = "WEB-INF/index.jsp";
 
 	/**
 	 * Called by the web container to indicate to a filter that it is being
 	 * placed into service. The servlet container calls the init method exactly
 	 * once after instantiating the filter. The init method must complete
 	 * successfully before the filter is asked to do any filtering work.
+     * <p>
+     * Init parameters in web.xml for this filter:
+     * <ul>
+     * <li>resourceDirectory: sets ESAPI resource directory. No default.</li>
+     * <li>loginPage: login page for your application. Default is "WEB-INF/login.jsp".</li>
+     * <li>publicUnauthorizedLandingPage: page to forward unauthorized attempts
+     * to. Generally should be public, but must at least be available to all authenticated users.
+     * Default is "WEB-INF/index.jsp".</li>
+     * </ul>
+     * </p>
 	 * 
 	 * @param filterConfig
 	 *            configuration object
@@ -61,6 +72,10 @@ public void init(FilterConfig filterConfig) {
 		if ( paramLoginPage != null ) {
 			loginPage = paramLoginPage;
 		}
+        String paramUnauthorizedPage = filterConfig.getInitParameter("publicUnauthorizedLandingPage");
+        if ( paramUnauthorizedPage != null ) {
+            publicUnauthorizedLandingPage = paramUnauthorizedPage;
+        }
 	}
 
 	/**
@@ -102,7 +117,7 @@ public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain
 			// check access to this URL
 			if ( !ESAPI.accessController().isAuthorizedForURL(request.getRequestURI()) ) {
 				request.setAttribute("message", "Unauthorized" );
-				RequestDispatcher dispatcher = request.getRequestDispatcher("WEB-INF/index.jsp");
+				RequestDispatcher dispatcher = request.getRequestDispatcher(publicUnauthorizedLandingPage);
 				dispatcher.forward(request, response);
 				return;
 			}
@@ -144,4 +159,4 @@ public void destroy() {
 		// finalize
 	}
 
-}
\ No newline at end of file
+}
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java b/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java
index 2dc1e3666..1f5e9713c 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java
@@ -82,6 +82,10 @@
 public class DefaultHTTPUtilities implements org.owasp.esapi.HTTPUtilities {
     private static volatile HTTPUtilities instance = null;
 
+    // Apache Commons FileUpload property for enabling / disabling Java deserialization via file uploads.
+    // ESAPI will save current value, set it to "false", and then restore value before returning. GitHub issue #417.
+    private static String DISKFILEITEM_SERIALIZABLE = "org.apache.commons.fileupload.disk.DiskFileItem.serializable";
+
     public static HTTPUtilities getInstance() {
         if ( instance == null ) {
             synchronized ( DefaultHTTPUtilities.class ) {
@@ -539,7 +543,10 @@ public List<File> getFileUploads(HttpServletRequest request, File finalDir, List
 		}
 
 		List<File> newFiles = new ArrayList<File>();
+		String dfiPrevValue = "false";   // Fail safely in case of Java Security Manager & weird security policy
 		try {
+			dfiPrevValue = System.getProperty(DISKFILEITEM_SERIALIZABLE);
+			System.setProperty(DISKFILEITEM_SERIALIZABLE, "false");
 			final HttpSession session = request.getSession(false);
 			if (!ServletFileUpload.isMultipartContent(request)) {
 				throw new ValidationUploadException("Upload failed", "Not a multipart request");
@@ -615,6 +622,11 @@ public void update(long pBytesRead, long pContentLength, int pItems) {
 			}
 			throw new ValidationUploadException("Upload failure", "Problem during upload:" + e.getMessage(), e);
 		}
+		finally {
+			if ( dfiPrevValue != null ) {
+				System.setProperty(DISKFILEITEM_SERIALIZABLE, dfiPrevValue);
+			}
+		}
 		return Collections.synchronizedList(newFiles);
 	}
 
diff --git a/src/main/java/org/owasp/esapi/reference/FileBasedAuthenticator.java b/src/main/java/org/owasp/esapi/reference/FileBasedAuthenticator.java
index cee3685ad..77d2a88c1 100644
--- a/src/main/java/org/owasp/esapi/reference/FileBasedAuthenticator.java
+++ b/src/main/java/org/owasp/esapi/reference/FileBasedAuthenticator.java
@@ -22,26 +22,33 @@
 import java.util.*;
 
 /**
- * Reference implementation of the Authenticator interface. This reference implementation is backed by a simple text
- * file that contains serialized information about users. Many organizations will want to create their own
- * implementation of the methods provided in the Authenticator interface backed by their own user repository. This
- * reference implementation captures information about users in a simple text file format that contains user information
- * separated by the pipe "|" character. Here's an example of a single line from the users.txt file:
+ * Reference implementation of the Authenticator interface. This reference implementation is intended to be
+ * an <b>EXAMPLE</b> only and is not really suitable for enterprise-wide applications. It is backed by a simple unsorted
+ * text file that contains serialized information about users and it uses a relative weak password hashing algorithm.
+ * (For further details, see the "See Also" section, below.)
+ * <p>
+ * Many organizations will want to create their own implementation of the methods provided in the
+ * {@code Authenticator} interface backed by their own user repository as this reference implementation
+ * is not very scalable. This reference implementation captures information about users in a simple text file
+ * format that contains user information separated by the pipe "|" character.
  * <p/>
+ * <p>Here's an example of a single line from the users.txt file:<p/>
+ * <p>
  * <PRE>
- * <p/>
  * account id | account name | hashed password | roles | lockout | status | old password hashes | last
  * hostname | last change | last login | last failed | expiration | failed
  * ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
  * 1203123710837 | mitch | 44k/NAzQUlrCq9musTGGkcMNmdzEGJ8w8qZTLzpxLuQ= | admin,user | unlocked | enabled |
  * u10dW4vTo3ZkoM5xP+blayWCz7KdPKyKUojOn9GJobg= | 192.168.1.255 | 1187201000926 | 1187200991568 | 1187200605330 |
  * 2187200605330 | 1
- * <p/>
  * </PRE>
+ * <p/>
  *
  * @author <a href="mailto:jeff.williams@aspectsecurity.com?subject=ESAPI question">Jeff Williams</a> at <a href="http://www.aspectsecurity.com">Aspect Security</a>
  * @author Chris Schmidt (chrisisbeef .at. gmail.com) <a href="http://www.digital-ritual.com">Digital Ritual Software</a>
  * @see org.owasp.esapi.Authenticator
+ * @see #hashPassword(String password, String accountName)
+ * @see <a href="https://github.com/ESAPI/esapi-java-legacy/issues/233" target="_blank" rel="noopener">GitHub Issue #233: Weak password storage</a>
  * @since June 1, 2007
  */
 public class FileBasedAuthenticator extends AbstractAuthenticator {
@@ -399,10 +406,32 @@ public synchronized Set getUserNames() {
     /**
      * {@inheritDoc}
      *
+     * <b>WARNING:</b> There are several weaknesses in this method:
+     * <ol>
+     * <li>The salt should really be a randomly generated salt, typically at
+     * least 64-bits, but in this method, the {@code accountName} parameter is
+     * used as the salt.</li>
+     * <li>This salt is then combined with the <b>ESAPI.properties</b> file's
+     * {@code Encryptor.MasterSalt}, meaning that if that property is changed,
+     * all previously stored passwords become invalid and need to be reset.</li>
+     * <li>Only 1024 iterations of the hash algorithm (SHA-512) are made. While that
+     * may have been fine in 2007, it is no longer considered sufficient.</li>
+     * </ol>
+     *
      * @throws EncryptionException
      */
     public String hashPassword(String password, String accountName) throws EncryptionException {
+        // Here is but one weakness: This salt should ideally be a _random_ salt,
+        // at least 64 bits in length. Unfortunately, if anyone is actually using
+        // this method in a production application (let's hope not) fixing this
+        // now will those application's previously stored passwords. See this
+        // GitHub issue comment for further details:
+        //    https://github.com/ESAPI/esapi-java-legacy/issues/233#issuecomment-450401400
         String salt = accountName.toLowerCase();
+        //
+        // Other weaknesses are that only 1024 iterations of the hash algorithm
+        // (SHA-512) is used and the final hash is tied to the Encryptor.MasterSalt
+        // so if that is ever changed, all users passwords must be reset.
         return ESAPI.encryptor().hash(password, salt);
     }
 
diff --git a/src/test/resources/esapi/ESAPI.properties b/src/test/resources/esapi/ESAPI.properties
index 83246bd1d..0c2c623f0 100644
--- a/src/test/resources/esapi/ESAPI.properties
+++ b/src/test/resources/esapi/ESAPI.properties
@@ -78,6 +78,9 @@ ESAPI.IntrusionDetector=org.owasp.esapi.reference.DefaultIntrusionDetector
 ESAPI.Logger=org.owasp.esapi.reference.Log4JLogFactory
 #ESAPI.Logger=org.owasp.esapi.reference.JavaLogFactory
 #ESAPI.Logger=org.owasp.esapi.reference.ExampleExtendedLog4JLogFactory
+# To use the new SLF4J logger in ESAPI (see GitHub issue #129), set
+#    ESAPI.Logger=org.owasp.esapi.logging.slf4j.Slf4JLogFactory
+# and do whatever other normal SLF4J configuration that you normally would do for your application.
 ESAPI.Randomizer=org.owasp.esapi.reference.DefaultRandomizer
 ESAPI.Validator=org.owasp.esapi.reference.DefaultValidator
 

From 3475e86d2c2828fb944b2f3fb8cc0e2639a23510 Mon Sep 17 00:00:00 2001
From: jeremiahjstacey <jeremiah.j.stacey@gmail.com>
Date: Sat, 2 Feb 2019 10:40:47 -0600
Subject: [PATCH 527/812] #476 DefaultValidator.getValidInput uses canonicalize
 method argument (#477)

Close issue #476

* DefaultValidator.*ValidInput uses canonicalize arg

Exposing behavior in the StringValidationRule to allow an implementor to
opt-out of encoder canonicalization behavior.  Tests added to verify
intended behavior.

DefaultValidator getValidInput has been updated to use the existing
canonicalize argument to configure the StringValidationRule delegate for
canonicalization behavior before validating the input reference.  Tests
updated to validate configuration occurs in workflow.

Additional test updates in the DefaultValidatorInputStringAPITest to
remove unnecessary mock configuration expectations, and to verify that all
expected mock interactions have occurred.

* Logging in StringValidationRule

Adding recommended logging if canonicalization is set to false.
---
 .../esapi/reference/DefaultValidator.java     |  1 +
 .../validation/StringValidationRule.java      | 20 ++++++-
 .../DefaultValidatorInputStringAPITest.java   | 57 +++++++++++++++++--
 .../validation/StringValidationRuleTest.java  | 22 +++++++
 4 files changed, 92 insertions(+), 8 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/DefaultValidator.java b/src/main/java/org/owasp/esapi/reference/DefaultValidator.java
index 1a05534c0..abe6c93a5 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultValidator.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultValidator.java
@@ -216,6 +216,7 @@ public String getValidInput(String context, String input, String type, int maxLe
 		}
 		rvr.setMaximumLength(maxLength);
 		rvr.setAllowNull(allowNull);
+		rvr.setCanonicalize(canonicalize);
 		return rvr.getValid(context, input);
 	}
 
diff --git a/src/main/java/org/owasp/esapi/reference/validation/StringValidationRule.java b/src/main/java/org/owasp/esapi/reference/validation/StringValidationRule.java
index 3163c532d..8d0c88cf0 100644
--- a/src/main/java/org/owasp/esapi/reference/validation/StringValidationRule.java
+++ b/src/main/java/org/owasp/esapi/reference/validation/StringValidationRule.java
@@ -20,8 +20,10 @@
 import java.util.regex.Pattern;
 import java.util.regex.PatternSyntaxException;
 
+import org.owasp.esapi.ESAPI;
 import org.owasp.esapi.Encoder;
 import org.owasp.esapi.EncoderConstants;
+import org.owasp.esapi.Logger;
 import org.owasp.esapi.StringUtilities;
 import org.owasp.esapi.errors.ValidationException;
 import org.owasp.esapi.util.NullSafe;
@@ -39,11 +41,12 @@
  * http://en.wikipedia.org/wiki/Whitelist
  */
 public class StringValidationRule extends BaseValidationRule {
-
+    private static final Logger LOGGER = ESAPI.getLogger(StringValidationRule.class);
 	protected List<Pattern> whitelistPatterns = new ArrayList<Pattern>();
 	protected List<Pattern> blacklistPatterns = new ArrayList<Pattern>();
 	protected int minLength = 0;
 	protected int maxLength = Integer.MAX_VALUE;
+	private boolean canonicalizeInput = true;
 
 	public StringValidationRule( String typeName ) {
 		super( typeName );
@@ -115,6 +118,10 @@ public void setMaximumLength( int length ) {
 		maxLength = length;
 	}
 
+	public void setCanonicalize(boolean canonicalize) {
+	    this.canonicalizeInput = canonicalize;
+	}
+
 	/**
 	 * checks input against whitelists.
 	 * @param context The context to include in exception messages
@@ -262,9 +269,15 @@ public String getValid( String context, String input ) throws ValidationExceptio
 
 		// check length
 		checkLength(context, input);
-		
+
 		// canonicalize
-		data = encoder.canonicalize( input );
+		if (canonicalizeInput) {
+		    data = encoder.canonicalize(input);
+		} else {
+		    String message = String.format("Input validaiton excludes canonicalization.  Context: %s   Input: %s", context, input);
+		    LOGGER.warning(Logger.SECURITY_AUDIT, message);
+            data = input;
+		}
 
 		// check whitelist patterns
 		checkWhitelist(context, input);
@@ -284,5 +297,6 @@ public String sanitize( String context, String input ) {
 			return whitelist( input, EncoderConstants.CHAR_ALPHANUMERICS );
 		}
 
+
 }
 
diff --git a/src/test/java/org/owasp/esapi/reference/DefaultValidatorInputStringAPITest.java b/src/test/java/org/owasp/esapi/reference/DefaultValidatorInputStringAPITest.java
index 525584b6a..99e25c493 100644
--- a/src/test/java/org/owasp/esapi/reference/DefaultValidatorInputStringAPITest.java
+++ b/src/test/java/org/owasp/esapi/reference/DefaultValidatorInputStringAPITest.java
@@ -17,6 +17,7 @@
 import java.util.regex.Pattern;
 
 import org.hamcrest.core.Is;
+import org.junit.After;
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
@@ -66,10 +67,6 @@ public class DefaultValidatorInputStringAPITest {
     
     @Before
     public void setup() throws Exception {
-        //Is intrusion detection disabled?  A:  Yes, it is off.  
-        //This logic is confusing:  True, the value is False...
-        when(mockSecConfig.getDisableIntrusionDetection()).thenReturn(true);
-        
         contextStr = testName.getMethodName();
         testValidatorType = testName.getMethodName() + "_validator_type";
         validatorResultString = testName.getMethodName() + "_validator_result";
@@ -101,6 +98,13 @@ public void setup() throws Exception {
         
     }
     
+    @After
+    public void verifyDelegateCalls() {
+        verify(mockSecConfig, times(1)).getValidationPattern(testValidatorType);
+        
+        PowerMockito.verifyNoMoreInteractions(spyStringRule, mockSecConfig, mockEncoder);
+    }
+    
     @Test
     public void getValidInputNullAllowedPassthrough() throws Exception {
         String safeValue =  uit.getValidInput(contextStr, testName.getMethodName(), testValidatorType, testMaximumLength, true);
@@ -109,6 +113,7 @@ public void getValidInputNullAllowedPassthrough() throws Exception {
         verify(spyStringRule, times(1)).setAllowNull(true);
         verify(spyStringRule, times(0)).setAllowNull(false);
         verify(spyStringRule, times(1)).setMaximumLength(testMaximumLength);
+        verify(spyStringRule, times(1)).setCanonicalize(true);
         verify(spyStringRule, times(1)).getValid(contextStr, testName.getMethodName());
     }
     
@@ -120,6 +125,7 @@ public void getValidInputNullNotAllowedPassthrough() throws Exception {
         verify(spyStringRule, times(0)).setAllowNull(true);
         verify(spyStringRule, times(1)).setAllowNull(false);
         verify(spyStringRule, times(1)).setMaximumLength(testMaximumLength);
+        verify(spyStringRule, times(1)).setCanonicalize(true);
         verify(spyStringRule, times(1)).getValid(contextStr, testName.getMethodName());
     }
     
@@ -137,7 +143,16 @@ public void getValidInputValidationExceptionPropagates() throws Exception {
         exEx.expect(Is.is(validationEx));
 
         doThrow(validationEx).when(spyStringRule).getValid(ArgumentMatchers.anyString(), ArgumentMatchers.anyString());
-        uit.getValidInput(contextStr, testName.getMethodName(), testValidatorType, testMaximumLength, true);
+        try {
+            uit.getValidInput(contextStr, testName.getMethodName(), testValidatorType, testMaximumLength, true);
+        } finally {
+            verify(spyStringRule, times(1)).addWhitelistPattern(TEST_PATTERN);
+            verify(spyStringRule, times(1)).setAllowNull(true);
+            verify(spyStringRule, times(0)).setAllowNull(false);
+            verify(spyStringRule, times(1)).setMaximumLength(testMaximumLength);
+            verify(spyStringRule, times(1)).setCanonicalize(true);
+            verify(spyStringRule, times(1)).getValid(contextStr, testName.getMethodName());
+        }
     }
     
     @Test
@@ -149,6 +164,12 @@ public void getValidInputValidationExceptionErrorList() throws Exception {
         assertTrue(result.isEmpty());
         assertEquals(1, errorList.size());
         assertEquals(validationEx, errorList.getError(contextStr));
+        verify(spyStringRule, times(1)).addWhitelistPattern(TEST_PATTERN);
+        verify(spyStringRule, times(1)).setAllowNull(true);
+        verify(spyStringRule, times(0)).setAllowNull(false);
+        verify(spyStringRule, times(1)).setMaximumLength(testMaximumLength);
+        verify(spyStringRule, times(1)).setCanonicalize(true);
+        verify(spyStringRule, times(1)).getValid(contextStr, testName.getMethodName());
     }
     
     
@@ -161,6 +182,7 @@ public void isValidInputNullAllowedPassthrough() throws Exception {
         verify(spyStringRule, times(1)).setAllowNull(true);
         verify(spyStringRule, times(0)).setAllowNull(false);
         verify(spyStringRule, times(1)).setMaximumLength(testMaximumLength);
+        verify(spyStringRule, times(1)).setCanonicalize(true);
         verify(spyStringRule, times(1)).getValid(contextStr, testName.getMethodName());
     }
     
@@ -169,6 +191,12 @@ public void isValidInputValidationExceptionReturnsFalse() throws Exception {
         doThrow(validationEx).when(spyStringRule).getValid(ArgumentMatchers.anyString(), ArgumentMatchers.anyString());
         boolean result = uit.isValidInput(contextStr, testName.getMethodName(), testValidatorType, testMaximumLength, true);
         assertFalse(result);
+        verify(spyStringRule, times(1)).addWhitelistPattern(TEST_PATTERN);
+        verify(spyStringRule, times(1)).setAllowNull(true);
+        verify(spyStringRule, times(0)).setAllowNull(false);
+        verify(spyStringRule, times(1)).setMaximumLength(testMaximumLength);
+        verify(spyStringRule, times(1)).setCanonicalize(true);
+        verify(spyStringRule, times(1)).getValid(contextStr, testName.getMethodName());
     }
     
     @Test
@@ -180,5 +208,24 @@ public void isValidInputValidationExceptionErrorListReturnsFalse() throws Except
         assertFalse(result);
         assertEquals(1, errorList.size());
         assertEquals(validationEx, errorList.getError(contextStr));
+        verify(errors, times(1)).addError(contextStr, validationEx);
+        verify(spyStringRule, times(1)).addWhitelistPattern(TEST_PATTERN);
+        verify(spyStringRule, times(1)).setAllowNull(true);
+        verify(spyStringRule, times(0)).setAllowNull(false);
+        verify(spyStringRule, times(1)).setMaximumLength(testMaximumLength);
+        verify(spyStringRule, times(1)).setCanonicalize(true);
+        verify(spyStringRule, times(1)).getValid(contextStr, testName.getMethodName());
+    }
+    
+    @Test
+    public void canonicalizeSettingPassedThrough() throws Exception {
+        String safeValue =  uit.getValidInput(contextStr, testName.getMethodName(), testValidatorType, testMaximumLength, false,false);
+        assertEquals(validatorResultString, safeValue);
+        verify(spyStringRule, times(1)).addWhitelistPattern(TEST_PATTERN);
+        verify(spyStringRule, times(0)).setAllowNull(true);
+        verify(spyStringRule, times(1)).setAllowNull(false);
+        verify(spyStringRule, times(1)).setMaximumLength(testMaximumLength);
+        verify(spyStringRule, times(1)).setCanonicalize(false);
+        verify(spyStringRule, times(1)).getValid(contextStr, testName.getMethodName());
     }
 }
diff --git a/src/test/java/org/owasp/esapi/reference/validation/StringValidationRuleTest.java b/src/test/java/org/owasp/esapi/reference/validation/StringValidationRuleTest.java
index d580d4cc7..e172e2ebb 100644
--- a/src/test/java/org/owasp/esapi/reference/validation/StringValidationRuleTest.java
+++ b/src/test/java/org/owasp/esapi/reference/validation/StringValidationRuleTest.java
@@ -3,6 +3,9 @@
 import junit.framework.Assert;
 
 import org.junit.Test;
+import org.mockito.ArgumentMatchers;
+import org.mockito.Mockito;
+import org.owasp.esapi.Encoder;
 import org.owasp.esapi.ValidationErrorList;
 import org.owasp.esapi.errors.ValidationException;
 
@@ -155,4 +158,23 @@ public void testAllowNull() throws ValidationException {
 		Assert.assertTrue(validationRule.isValid("", null));
 	}
 	
+	@Test
+	public void testSetCanonicalize() throws ValidationException {
+	    String context = "test-scope";
+	    String inputString = "SomeInputValue";
+	    String encoderReturn = "MockReturnValue";
+	    Encoder mockEncoder = Mockito.mock(Encoder.class);
+	    Mockito.when(mockEncoder.canonicalize(inputString)).thenReturn(encoderReturn);
+	    StringValidationRule testRule = new StringValidationRule(context, mockEncoder);
+	    String valid = testRule.getValid(context, inputString);
+	    Assert.assertEquals(encoderReturn, valid);
+	    Mockito.verify(mockEncoder, Mockito.times(1)).canonicalize(inputString);
+	    Mockito.reset(mockEncoder);
+	    
+	    testRule.setCanonicalize(false);
+        valid = testRule.getValid(context, inputString);
+        Assert.assertEquals(inputString, valid);
+        Mockito.verify(mockEncoder, Mockito.times(0)).canonicalize(inputString);
+	}
+	
 }

From f114feaeba7366ffc0d3706d0f341bb9596770e7 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 3 Feb 2019 23:57:32 -0500
Subject: [PATCH 528/812] Replace Google Code references with GitHub repo
 references. Fixes issue #478.

---
 pom.xml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/pom.xml b/pom.xml
index f929ab1ce..62d7e923d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -433,10 +433,11 @@
                 <version>2.3</version>
                 <configuration>
                     <issueIDRegexPattern>[Ii]ssue[# ]*(\d)+</issueIDRegexPattern>
-                    <issueLinkUrl>http://code.google.com/p/owasp-esapi-java/issues/detail?id=%ISSUE%</issueLinkUrl>
+                    <issueLinkUrl>https://github.com/ESAPI/esapi-java-legacy/issues/%ISSUE%</issueLinkUrl>
                     <type>date</type>
                     <dates>
-                        <date>2013-09-02 00:00:00</date>
+                        <!-- Should be date of previous official release -->
+                        <date>2015-02-05 00:00:00</date>
                     </dates>
                 </configuration>
             </plugin>
@@ -678,7 +679,7 @@
                         <artifactId>maven-release-plugin</artifactId>
                         <version>2.5.3</version>
                         <configuration>
-                            <tagBase>https://owasp-esapi-java.googlecode.com/svn/tags/releases/</tagBase>
+                            <tagBase>https://github.com/ESAPI/esapi-java-legacy/tags</tagBase>
                         </configuration>
                     </plugin>
 

From 7aa6481ff07365bd685feb37e84cf1abf3633760 Mon Sep 17 00:00:00 2001
From: "Kevin W. Wall" <kevin.w.wall@gmail.com>
Date: Sat, 16 Feb 2019 23:44:35 -0500
Subject: [PATCH 529/812] Updated README.md

Changed the reference to CONTRIBUTING-TO-ESAPI.txt to a link to the raw file.
---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 09f0df50d..ff900edbb 100644
--- a/README.md
+++ b/README.md
@@ -29,7 +29,7 @@ Fork and submit a pull request! Simple as pi! We generally only accept bug fixes
 
 If you are new to ESAPI, a good place to start is to look for GitHub issues labled as 'good first issue'. (E.g., to find all open issues with that label, use https://github.com/ESAPI/esapi-java-legacy/issues?q=is%3Aissue+is%3Aopen+label%3A%22good+first+issue%22.)
 
-You can find additional details in the file 'CONTRIBUTING-TO-ESAPI.txt'.
+You can find additional details in the file '[CONTRIBUTING-TO-ESAPI.txt](https://raw.githubusercontent.com/ESAPI/esapi-java-legacy/develop/CONTRIBUTING-TO-ESAPI.txt)'.
 
 ### What happened to Google code?
 In mid-2014 ESAPI Migrated all code to GitHub. This migration was completed in November 2014.

From 35f042e0183ea79b8df773f4046dc5904e918f60 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 10 Mar 2019 22:52:33 -0400
Subject: [PATCH 530/812] [maven-release-plugin] prepare release
 esapi-2.2.0.0-RC1

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 62d7e923d..068ffb6ed 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,7 +3,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.owasp.esapi</groupId>
     <artifactId>esapi</artifactId>
-    <version>2.2.0.0-SNAPSHOT</version>
+    <version>2.2.0.0-RC1</version>
     <packaging>jar</packaging>
 
     <prerequisites>

From 21ae4509126b635dc3f293d6e1608b7fef91a96c Mon Sep 17 00:00:00 2001
From: "Kevin W. Wall" <kevin.w.wall@gmail.com>
Date: Sun, 17 Mar 2019 19:46:24 -0400
Subject: [PATCH 531/812] Update pom.xml to revert to previous state.

Change <version>2.2.0.0-RC1</version> back to <version>2.2.0.0-SNAPSHOT</version>.
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 068ffb6ed..62d7e923d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,7 +3,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.owasp.esapi</groupId>
     <artifactId>esapi</artifactId>
-    <version>2.2.0.0-RC1</version>
+    <version>2.2.0.0-SNAPSHOT</version>
     <packaging>jar</packaging>
 
     <prerequisites>

From cc264ce3d23337d778a1d566dedfb3d319a3d1c7 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 17 Mar 2019 21:57:33 -0400
Subject: [PATCH 532/812] [maven-release-plugin] prepare release
 esapi-2.2.0.0-RC1

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 62d7e923d..068ffb6ed 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,7 +3,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.owasp.esapi</groupId>
     <artifactId>esapi</artifactId>
-    <version>2.2.0.0-SNAPSHOT</version>
+    <version>2.2.0.0-RC1</version>
     <packaging>jar</packaging>
 
     <prerequisites>

From a93c6d88038114a773ad07b80b1173ac41bcb57c Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 17 Mar 2019 21:58:56 -0400
Subject: [PATCH 533/812] [maven-release-plugin] prepare for next development
 iteration

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 068ffb6ed..cc718a979 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,7 +3,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.owasp.esapi</groupId>
     <artifactId>esapi</artifactId>
-    <version>2.2.0.0-RC1</version>
+    <version>2.2.0.0-RC2-SNAPSHOT</version>
     <packaging>jar</packaging>
 
     <prerequisites>

From 5a4e4a1a679237d1efd88639bc1ae43b717641a5 Mon Sep 17 00:00:00 2001
From: "Kevin W. Wall" <kevin.w.wall@gmail.com>
Date: Fri, 5 Apr 2019 21:46:16 -0400
Subject: [PATCH 534/812] Misc prep issue483 (#484)

* Clarify instructions how to checkout a specific new branch.

* Update info with respect to ESAPI mailing lists (move from Mailman to Google Groups).

* Minor updates to release notes (mostly about deprecated and/or removed methods).

* Changes in support of GitHub Issue # 483:
1. Change ESAPI version from 2.2.0.0-RC2-SNAPSHOT to 2.2.0.0-RC2.
2. Change references to ESAPI mailing lists from Mailman to Google Groups.
3. Update dependencies:
        a) org.apache.commons:commons-collections4 -- from 4.2 to 4.3
        b) org.apache.xmlgraphics:batik-css -- from 1.10 to 1.11
        c) org.bouncycastle:bcprov-jdk15on -- from 1.60 to 1.61
4. Update org.sonatype.oss:oss-parent -- from version 5 to version 9

* Correctly marked several methods that were intended to be deprecated back in ESAPI 1.6, but were incorrectly so designated.
Decided to leave these around for a while since compiler would not issue proper warning the way they were.

* More clearly document via comments the intended fall-through in a switch statement.

* Remove unneeded cast to String that was giving compiler warning.

* Remove unneeded cast to String that was causing compiler warning.

* Mark method as @Deprecated to get rid of compiler warning.

* Delete the previously deprecated method getSerialVersionUID().
Noted in 2.2.0.0 release notes.

* Mark previously deprecated method as @Deprecated to suppress compiler warning.

* Changes to stop calling deprecated method SecurityConfiguration.getDisableIntrusionDetection().
Still needs a little work. (See comment in code regarding static import.)

* Mark previously deprecated method as @Deprecated to suppress compiler warning.

* Remove some redundant casts to suppress compiler warnings.

* Remove redundant case to suppress compiler warnings.

* Delete previously deprecated protected field, MAX_REDIRECT_LOCATION.
No replacement; noted in 2.2.0.0 release notes.

* Remove unnecessary cast to suppress compiler warning.

* Mark previously deprecated method as @Deprecated to suppress compiler warnings.

* Added serialVersionUID field to suppress compiler warning.

* Remove unnecessary cast to suppress compiler warnings.

* Delete unnecessary cast to suppress compiler warning.

* Add method testDeprecatedMethods() for simple sanity check.

* Upgrade AntiSamy dependency from 1.5.7 to 1.5.8.

* Updated with respect to moving to AntiSamy 1.5.8 were all the CVEs have been addressed.

* Fix failing tests that I accidentally broke. Thanks and a tip of the hat to @jeremiahjstacey for pointers of how to fix this.
---
 CONTRIBUTING-TO-ESAPI.txt                     |  3 +-
 README.md                                     | 13 ++++++--
 .../esapi4java-core-2.2.0.0-release-notes.txt | 32 +++++++++++--------
 pom.xml                                       | 32 +++++++++----------
 .../org/owasp/esapi/AccessController.java     | 10 ++++++
 .../java/org/owasp/esapi/codecs/CSSCodec.java |  4 +--
 .../owasp/esapi/codecs/HTMLEntityCodec.java   |  2 +-
 .../esapi/codecs/LegacyHTMLEntityCodec.java   |  2 +-
 .../org/owasp/esapi/codecs/MySQLCodec.java    |  3 +-
 .../org/owasp/esapi/crypto/CipherText.java    |  8 -----
 .../org/owasp/esapi/crypto/CryptoHelper.java  |  3 +-
 .../errors/EnterpriseSecurityException.java   | 11 +++++--
 .../reference/DefaultAccessController.java    |  1 +
 .../owasp/esapi/reference/DefaultEncoder.java |  4 +--
 .../esapi/reference/DefaultHTTPUtilities.java |  2 +-
 .../DefaultSecurityConfiguration.java         | 10 ------
 .../owasp/esapi/reference/JavaLogFactory.java |  2 +-
 .../ExperimentalAccessController.java         | 10 ++++++
 .../esapi/waf/ConfigurationException.java     |  2 ++
 .../configuration/ConfigurationParser.java    |  2 +-
 .../InterceptingServletOutputStream.java      |  2 +-
 .../filters/SecurityWrapperRequestTest.java   | 13 +++++---
 .../DefaultSecurityConfigurationTest.java     | 12 +++++++
 23 files changed, 113 insertions(+), 70 deletions(-)

diff --git a/CONTRIBUTING-TO-ESAPI.txt b/CONTRIBUTING-TO-ESAPI.txt
index a344923c7..5e5ec846e 100644
--- a/CONTRIBUTING-TO-ESAPI.txt
+++ b/CONTRIBUTING-TO-ESAPI.txt
@@ -69,7 +69,8 @@ Steps to work with ESAPI:
        forked repo created in previous step)
     3. Create a new branch to work on an issue. I usually name the branch
        'issue-#' where '#' is the GitHub issue # is will be working on, but
-       you can call it whatever.
+       you can call it whatever. E.g.,
+            git checkout -b issue-#
     4. Work on the GitHub issue on this newly created issue-# branch.
     5. Make sure everything builds correctly and all the JUnit tests pass
        ('mvn test'). [Note: On occasion, there may be a failure in
diff --git a/README.md b/README.md
index ff900edbb..172027862 100644
--- a/README.md
+++ b/README.md
@@ -42,7 +42,7 @@ When reporting an issue, please be clear and try to ensure that the ESAPI develo
 ### Find an Issue?
 If you have found a bug, then create an issue on the esapi-legacy-java repo: https://github.com/ESAPI/esapi-java-legacy/issues
 
-NOTE: Please do NOT use GitHub issues to ask questions about ESAPI. If you wish to do this, post to either of the 2 mailing lists found at the bottom of this page. If we find questions as GitHub issues, we simply will close them and direct you to do this anyhow.
+NOTE: Please do NOT use GitHub issues to ask questions about ESAPI. If you wish to do this, post to either of the 2 mailing lists (now on Google Groups) found at the bottom of this page. If we find questions as GitHub issues, we simply will close them and direct you to do this anyhow.
 
 ### Find a Vulnerability?
 If you have found a vulnerability in ESAPI legacy, first search the issues list (see above) to see if it has already been reported. If it has not, then please contact both Kevin W. Wall (kevin.w.wall at gmail.com) and Matt Seil (matt.seil at owasp.org) directly. Please do not report vulnerabilities via GitHub issues or via the ESAPI mailing lists as we wish to keep our users secure while a patch is implemented and deployed. If you wish to be acknowledged for finding the vulnerability, then please follow this process. (Eventually, we would like to have BugCrowd handle this, but that's still a ways off.) Also, when you post the email describing the vulnerability, please do so from an email address that you usually monitor.
@@ -64,5 +64,12 @@ Channel: #esapi<br/>
 Webchat http://webchat.freenode.net/
 
 *Mailing lists:*
-[ESAPI-Users mailing list](https://lists.owasp.org/mailman/listinfo/esapi-user/) and
-[ESAPI-Developers mailing list](https://lists.owasp.org/mailman/listinfo/esapi-dev/)
+As of 2019-03-25, ESAPI's 2 mailing lists were officially moved OFF of their Mailman mailing lists to a new home on Google Groups.
+
+The names of the 2 Google Groups are "[esapi-project-users](mailto:esapi-project-users@owasp.org)" and "[esapi-project-dev](mailto:esapi-project-dev@owasp.org)", which you may POST to after you subscribe to them via "[Subscribe to ESAPI Users list](https://groups.google.com/forum/#!forum/esapi-project-users/join)" and "[Subscribe to ESAPI Developers list](https://groups.google.com/forum/#!forum/esapi-project-dev/join)" respectively.
+
+Old archives for the old Mailman mailing lists for ESAPI-Users and ESAPI-Dev are still available at https://lists.owasp.org/pipermail/esapi-users/ and https://lists.owasp.org/pipermail/esapi-dev/ respectively.
+
+For a general overview of Google Groups and its web interface, see https://groups.google.com/forum/#!overview
+
+For assistance subscribing and unsubscribing to Google Groups, see https://webapps.stackexchange.com/questions/13508/how-can-i-subscribe-to-a-google-mailing-list-with-a-non-google-e-mail-address/15593#15593
diff --git a/documentation/esapi4java-core-2.2.0.0-release-notes.txt b/documentation/esapi4java-core-2.2.0.0-release-notes.txt
index d51081b39..2f6928ecd 100644
--- a/documentation/esapi4java-core-2.2.0.0-release-notes.txt
+++ b/documentation/esapi4java-core-2.2.0.0-release-notes.txt
@@ -11,10 +11,9 @@ Executive Summary: Important Things to Note for this Release
 ------------------------------------------------------------
 * Upgrade to require JDK 7 or later. JDK 6 is no longer supported by ESAPI.
 * Upgrade to require Java Servlet API 3.0.1 or later. See "Appendix: Dependency Updates (as reflected in pom.xml)" below for additional details.
-* 106 GitHub issues closed. (Note: Includes previously incorrectly closed issues that were reopened, fixed, and then closed again.)
+* 100+ GitHub issues closed. (Note: Includes previously incorrectly closed issues that were reopened, fixed, and then closed again.)
 * Upgraded versions of several ESAPI dependencies (i.e., 3rd party jars), including several that had unpatched CVEs. See "Appendix: Dependency Updates (as reflected in pom.xml)" below for full details.
 * Known vulnerabilities still not addressed:
-    - ESAPI uses "vulnerable" version of AntiSamy (1.5.7), which is supposedly vulnerable to CVE-2018-100643. I have confirmed that AntiSamy--as currently used by ESAPI--is NOT vulnerable to this CVE as it only uses AntiSamy's CleanResults.getCleanHTML(). Furthermore, I believe that this CVE is a false positive. See my comments on this AntiSamy issue at https://github.com/nahsra/antisamy/issues/32#issuecomment-449595373.
     - There is this critical CVE in log4j 2.x before 2.8.2: CVE-2017-5645. It is a Java deserialization vulnerability that can lead to arbitrary remote code execution. Some private vulnerability databases claim that this same vulnerability is present in log4j 1.x even though the CVE itself does not claim that. However, examination of this CVE shows that the vulnerability is associated with implementations of TcpSocketServer and UdpSocketServer, which implement fully functional socket servers that can be used to listen on network connections and record log events sent to server from various client applications. For ESAPI to be vulnerable to that, first someone would have to have an implementation of wone of those servers running and secondly, they would have to change ESAPI's log4j.xml configuration file so that it uses log4j's SocketAppender rather than the default ConsoleAppender that ESAPI's default deployment uses. Thus even if this vulnerability were present in log4j 1.x, ESAPI's use of ConsoleAppender makes it a non-issue.
     - There is a known and unpatched vulnerability in the SLF4J Extensions that some vulnerability scanners may pick up and associate with ESAPI's use of slf4j-api-1.7.25.jar. (Note that OWASP Dependency Check does NOT flag this vulnerability [CVE-2018-8088], but others may.) According to NVD, this vulnerability is associated with "org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2". Fortunately, I have confirmed that this Java deserialization does not impact ESAPI. First off, the default configuration of ESAPI.properties does not use SLF4J, but even if an application should choose to use it, ESAPI does not include the slf4j-ext jar and it has been confirmed that the vulnerable class (org.slf4j.ext.EventData) is not included in the slf4j-api jar that ESAPI does. Unfortunately, this CVE is not patched in the latest SLF4J packages, so even if we were to update it to latest version (currently 1.80-beta2, as of 12/31/2018), any scanners that associate ESAPI with CVE-2018-8088 would still have this false positive. But the important thing to ESAPI users is to know that if this CVE is identified for ESAPI, that it is a false positive.
     - Otherwise, ESAPI 2.2.0.0 addresses all know CVEs except for CVE-2013-5960 (which I have fixed in a private BitBucket repo, but getting it to be backward compatible is proving to be more difficult than anticipated.) Besides, if you want to use encryption in Java, I'd highly recommend using Google Tink, which is much more fully featured than ESAPI. (Tink allows key rotation, storing keys in various cloud HSMs, etc.)
@@ -37,7 +36,7 @@ That's 2593 NEW tests!!!
 
                 GitHub Issues fixed in this release
             [i.e., since 2.1.0.1 release on 2016-Feb-05]
-                          106 issues closed
+                          More than 100 issues closed
 
 Issue #			GitHub Issue Title
 ----------------------------------------------------------------------------------------------
@@ -148,6 +147,10 @@ Issue #			GitHub Issue Title
 462		Allow configurable init parameter in ESAPIFilter for unauthorized requests
 463		Create release notes for next ESAPI release
 465		Update both ESAPI.properties files to show comment for ESAPI logger support for SLF4J
+471     Bump ESAPI release # to 2.2.0.0
+476     DefaultValidator.getValidInput implementation ignores 'canonicalize' method parameter
+478     Remove obsolete references to Google Code in pom.xml and any other release prep
+483     More miscellaneous prep work for ESAPI 2.2.0.0 release
 
 
 -----------------------------------------------------------------------------
@@ -179,6 +182,9 @@ Issue #			GitHub Issue Title
                 public static String encodeObject( java.io.Serializable serializableObject )
                 public static String encodeObject( java.io.Serializable serializableObject, int options )
                 public static Object decodeToObject( String encodedObject )
+
+    483     More miscellaneous prep work for ESAPI 2.2.0.0 release
+        Specifically, CipherText.getSerialVersionUID() and DefaultSecurityConfiguration.MAX_FILE_NAME_LENGTH have actually been deleted from the ESAPI code base. For the former, use CipherText.cipherTextVersion() instead. For the latter, there is no replacement. (This wasn't being used, but it was set to 1000 in case you're wondering.)
         
 * Various properties in ESAPI.properties were changed in a way that might affect your application:
     439		Tighten ESAPI defaults to disallow dubious file suffixes
@@ -235,12 +241,13 @@ Project co-leaders
     Matt Seil (xeno6696)
 
 Special shout-outs to:
-    Jeremiah Stacey (jeremiahjstacey)
+    Jeremiah Stacey (jeremiahjstacey) -- All around ESAPI support and JUnit test case developer extraordinaire
+    Dave Wichers (davewichers) - for Maven Central / Sonatype help
 
 List of all PRs closed since 2.1.0.1 (2016-Feb-05) -
         List includes merged AND rejected PRs
 
-  52 Closed PRs since 2.1.0.1 release
+  53 Closed PRs since 2.1.0.1 release
   ===================================
 #362 by artfullyContrived was merged on Feb 9, 2016 -- Update pom.xml to use latest Maven plugins
 #367 by drm2 was merged on Apr 9, 2016 -- Adding IntelliJ Tests setup documentation
@@ -296,12 +303,13 @@ List of all PRs closed since 2.1.0.1 (2016-Feb-05) -
 #470 by jeremiahjstacey was merged on Jan 15, 2019 -- JavaLogFactory Thread Safety #286
 #472 by jeremiahjstacey was merged on Jan 21, 2019 -- Issue #31 MySQLCodec Updates
 #475 by jeremiahjstacey was merged on Jan 27, 2019 -- Issue #188 resolution proof: Test updates
+#477 by jeremiajjstacey was merged on Feb 02, 2019 -- $476 DefaultValidator.getValidInput uses canonicalize method argument
 
 List of contributors of *merged* PRs, listed (rather naively) by # or merged PRs:
         # merged PRs    GitHub ID
         -------------------------
              19         xeno6696
-              8         jeremiahjstacey
+             10         jeremiahjstacey
               8         kwwall
               2         artfullyContrived
               2         augustd
@@ -312,8 +320,6 @@ List of contributors of *merged* PRs, listed (rather naively) by # or merged PRs
               1         NiklasMehner
               1         simon0117
               1         sunnypav
-	========================
-	     47 merged PRs + 6 closed PRs = 53 PRs merged or closed
 
 
 Thanks you all for your time and effort to ESAPI and making it a better project.
@@ -326,7 +332,7 @@ Many 3rd party dependencies had known vulnerabilities (e.g., CVEs reported to NI
 
 Note that in many places, these 3rd party dependencies were not *direct* dependencies, but rather *transitive* and since we are not able to force a direct 3rd party dependency to update their dependencies, in several cases, we have used Maven's <exclusions> tag to exclude specific transitive dependencies andthen explictly included their latest patched versions that did not cause JUnit test failures.
 
-Because the landscape of known vulnerabilities in 3rd party components is constantly changing and the OWASP ESAPI contributors do not have access to all private vulnerability databases, we may have inevitably missed some. In other cases, we have examined reported vulnerabilities and confirmed that as ESAPI uses and deploys the code in its default configuration, the claimed vulnerabilities are not exploitable. (Such is the case for CVE-2018-100643 as it related to AntiSamy 1.5.7 and earlier.)
+Because the landscape of known vulnerabilities in 3rd party components is constantly changing and the OWASP ESAPI contributors do not have access to all private vulnerability databases, we may have inevitably missed some. In other cases, we have examined reported vulnerabilities and confirmed that as ESAPI uses and deploys the code in its default configuration, the claimed vulnerabilities are not exploitable.
 
 The following lists all new and updated dependencies. If a dependency is not listed below, the version used since ESAPI release 2.1.0.1 has not changed.
 
@@ -334,7 +340,7 @@ New compile-time / runtime direct dependencies:
     org.slf4j:slf4j-api:1.7.25 - Not actually needed in your application's classpath unless ESAPI.Logger is configured to use org.owasp.esapi.logging.slf4j.Slf4JLogFactory.
 
 New JUnit dependencies
-    org.bouncycastle:bcprov-jdk15on:1.60
+    org.bouncycastle:bcprov-jdk15on:1.61
     org.powermock:powermock-api-mockito2:2.0.0-beta.5
     org.powermock:powermock-module-junit4:2.0.0-beta.5
 
@@ -345,12 +351,12 @@ Updated direct dependencies, by Maven scope
 
   compile:
     commons-fileupload:commons-fileupload:      1.3.1 -> 1.3.3
-    org.apache.commons:commons-collections4:    3.2.2 -> 4.2
+    org.apache.commons:commons-collections4:    3.2.2 -> 4.3
     commons-beanutils:commons-beanutils-core:   1.8.3 -> 1.9.3
     com.io7m.xom:xom:                           1.2.5 -> 1.2.10
     org.apache-extras.beanshell:bsh:            2.0b4 -> 2.0b6
-    org.owasp.antisamy:antisamy:                1.5.3 -> 1.5.7
-    org.apache.xmlgraphics:batik-css:           1.8   -> 1.10
+    org.owasp.antisamy:antisamy:                1.5.3 -> 1.5.8
+    org.apache.xmlgraphics:batik-css:           1.8   -> 1.11
 
     Transitive runtime dependencies that ESAPI has now directly taken control off because of known vulnerabilities or other incompatibilities:
         xalan:xalan:                            2.7.0 -> 2.7.2
diff --git a/pom.xml b/pom.xml
index cc718a979..b6e877e1f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,7 +3,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.owasp.esapi</groupId>
     <artifactId>esapi</artifactId>
-    <version>2.2.0.0-RC2-SNAPSHOT</version>
+    <version>2.2.0.0-RC2</version>
     <packaging>jar</packaging>
 
     <prerequisites>
@@ -13,7 +13,7 @@
     <parent>
         <groupId>org.sonatype.oss</groupId>
         <artifactId>oss-parent</artifactId>
-        <version>5</version>
+        <version>9</version>
     </parent>
 
     <licenses>
@@ -47,19 +47,19 @@
 
     <mailingLists>
         <mailingList>
-            <name>ESAPI-Users</name>
-            <subscribe>https://lists.owasp.org/mailman/listinfo/esapi-user/</subscribe>
-            <unsubscribe>https://lists.owasp.org/mailman/listinfo/esapi-user/</unsubscribe>
-            <post>mailto:esapi-users@lists.owasp.org</post>
-            <archive>https://lists.owasp.org/pipermail/esapi-users/</archive>
+            <name>ESAPI-Project-Users</name>
+            <subscribe>https://groups.google.com/a/owasp.org/forum/#!forum/esapi-project-users/join</subscribe>
+            <unsubscribe>https://groups.google.com/a/owasp.org/forum/#!forum/esapi-project-users/unsubscribe</unsubscribe>
+            <post>mailto:esapi-project-users@owasp.org</post>
+            <archive>(Pre 3/25/2019) https://lists.owasp.org/pipermail/esapi-users/</archive>
             <!--This is the OWASP ESAPI mailing list for ESAPI users, regardless of programming language. For example, ESAPI users with questions about ESAPI for Java or ESAPI for PHP would both post here.-->
         </mailingList>
         <mailingList>
-            <name>ESAPI-Developers</name>
-            <subscribe>https://lists.owasp.org/mailman/listinfo/esapi-dev/</subscribe>
-            <unsubscribe>https://lists.owasp.org/mailman/listinfo/esapi-dev/</unsubscribe>
-            <post>mailto:esapi-dev@lists.owasp.org</post>
-            <archive>https://lists.owasp.org/pipermail/esapi-dev/</archive>
+            <name>ESAPI-Project-Dev</name>
+            <subscribe>https://groups.google.com/a/owasp.org/forum/#!forum/esapi-project-dev/join</subscribe>
+            <unsubscribe>https://groups.google.com/a/owasp.org/forum/#!forum/esapi-project-dev/unsubscribe</unsubscribe>
+            <post>mailto:esapi-project-dev@owasp.org</post>
+            <archive>(Pre 3/25/2019) https://lists.owasp.org/pipermail/esapi-dev/</archive>
             <!--This is the OWASP ESAPI mailing list for ESAPI for Java developers. While the list is not closed, the topics of discussion are likely to be less relevant to those only using ESAPI. Note that this is the list for ESAPI for Java. Most other language implementations, such ESAPI for PHP, have their own mailing lists.-->
         </mailingList>
         <mailingList>
@@ -166,7 +166,7 @@
         <dependency>
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-collections4</artifactId>
-            <version>4.2</version>
+            <version>4.3</version>
         </dependency>
         <dependency>
             <groupId>log4j</groupId>
@@ -203,7 +203,7 @@
         <dependency>
             <groupId>org.owasp.antisamy</groupId>
             <artifactId>antisamy</artifactId>
-            <version>1.5.7</version>
+            <version>1.5.8</version>
             <exclusions>
                 <exclusion>
                     <groupId>xml-apis</groupId>
@@ -233,7 +233,7 @@
         <dependency>
             <groupId>org.apache.xmlgraphics</groupId>
             <artifactId>batik-css</artifactId>
-            <version>1.10</version>
+            <version>1.11</version>
         </dependency>
         <dependency>
             <groupId>xerces</groupId>
@@ -251,7 +251,7 @@
         <dependency>
             <groupId>org.bouncycastle</groupId>
             <artifactId>bcprov-jdk15on</artifactId>
-            <version>1.60</version>
+            <version>1.61</version>
             <scope>test</scope>
         </dependency>
         <dependency>
diff --git a/src/main/java/org/owasp/esapi/AccessController.java b/src/main/java/org/owasp/esapi/AccessController.java
index 2d9e4dac8..14602fe42 100644
--- a/src/main/java/org/owasp/esapi/AccessController.java
+++ b/src/main/java/org/owasp/esapi/AccessController.java
@@ -147,6 +147,7 @@ public void assertAuthorized(Object key, Object runtimeParameter)
      * @return 
      * 		true, if is authorized for URL
      */
+    @Deprecated
     boolean isAuthorizedForURL(String url);
 
     /**
@@ -161,6 +162,7 @@ public void assertAuthorized(Object key, Object runtimeParameter)
      * @return 
      * 		true, if is authorized for function
      */
+    @Deprecated
     boolean isAuthorizedForFunction(String functionName);
 
 
@@ -180,6 +182,7 @@ public void assertAuthorized(Object key, Object runtimeParameter)
      * @return 
      * 		true, if is authorized for the data
      */
+    @Deprecated
     boolean isAuthorizedForData(String action, Object data);
     
     /**
@@ -194,6 +197,7 @@ public void assertAuthorized(Object key, Object runtimeParameter)
      * @return 
      * 		true, if is authorized for the file
      */
+    @Deprecated
     boolean isAuthorizedForFile(String filepath);
 
     /**
@@ -209,6 +213,7 @@ public void assertAuthorized(Object key, Object runtimeParameter)
      * @return 
      * 		true, if is authorized for the service
      */
+    @Deprecated
     boolean isAuthorizedForService(String serviceName);
 
     /**
@@ -237,6 +242,7 @@ public void assertAuthorized(Object key, Object runtimeParameter)
      * @throws AccessControlException 
      * 		if access is not permitted
      */
+    @Deprecated
     void assertAuthorizedForURL(String url) throws AccessControlException;
     
     /**
@@ -265,6 +271,7 @@ public void assertAuthorized(Object key, Object runtimeParameter)
      * @throws AccessControlException 
      * 		if access is not permitted
      */
+    @Deprecated
     void assertAuthorizedForFunction(String functionName) throws AccessControlException;
     
 
@@ -294,6 +301,7 @@ public void assertAuthorized(Object key, Object runtimeParameter)
      * @throws AccessControlException 
      * 		if access is not permitted
      */
+    @Deprecated
     void assertAuthorizedForData(String action, Object data) throws AccessControlException;
    
     /**
@@ -319,6 +327,7 @@ public void assertAuthorized(Object key, Object runtimeParameter)
      * 			Path to the file to be checked
      * @throws AccessControlException if access is denied
      */
+    @Deprecated
     void assertAuthorizedForFile(String filepath) throws AccessControlException;
     
     /**
@@ -346,6 +355,7 @@ public void assertAuthorized(Object key, Object runtimeParameter)
      * @throws AccessControlException
      * 		if access is not permitted
      */				
+    @Deprecated
     void assertAuthorizedForService(String serviceName) throws AccessControlException;
     
 }
diff --git a/src/main/java/org/owasp/esapi/codecs/CSSCodec.java b/src/main/java/org/owasp/esapi/codecs/CSSCodec.java
index 088463889..7eb43c23e 100644
--- a/src/main/java/org/owasp/esapi/codecs/CSSCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/CSSCodec.java
@@ -135,8 +135,8 @@ public Character decodeCharacter(PushbackSequence<Character> input)
 				if(input.peek('\n'))
 					input.next();
 				// fall through
-			case '\n':
-			case '\f':
+			case '\n':  // Intentional fall through
+			case '\f':  // Intentional fall through
 				// bs follwed by new line replaced by nothing
 			case '\u0000':	// skip NUL for now too
 				return decodeCharacter(input);
diff --git a/src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java b/src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java
index 984a02105..7fc805938 100644
--- a/src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java
@@ -104,7 +104,7 @@ public String encodeCharacter( char[] immune, int codePoint ) {
 		}
 		
 		// check if there's a defined entity
-		String entityName = (String) characterToEntityMap.get(codePoint);
+		String entityName = characterToEntityMap.get(codePoint);
 		if (entityName != null) {
 			return "&" + entityName + ";";
 		}
diff --git a/src/main/java/org/owasp/esapi/codecs/LegacyHTMLEntityCodec.java b/src/main/java/org/owasp/esapi/codecs/LegacyHTMLEntityCodec.java
index 57e5cb6b8..95d14ed95 100644
--- a/src/main/java/org/owasp/esapi/codecs/LegacyHTMLEntityCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/LegacyHTMLEntityCodec.java
@@ -69,7 +69,7 @@ public String encodeCharacter( char[] immune, Character c ) {
 		}
 		
 		// check if there's a defined entity
-		String entityName = (String) characterToEntityMap.get(c);
+		String entityName = characterToEntityMap.get(c);
 		if (entityName != null) {
 			return "&" + entityName + ";";
 		}
diff --git a/src/main/java/org/owasp/esapi/codecs/MySQLCodec.java b/src/main/java/org/owasp/esapi/codecs/MySQLCodec.java
index 02e615dd5..93b7fbb21 100644
--- a/src/main/java/org/owasp/esapi/codecs/MySQLCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/MySQLCodec.java
@@ -107,6 +107,7 @@ static Mode findByKey(int key) {
      * @deprecated
      * @see #MySQLCodec(org.owasp.esapi.codecs.MySQLCodec.Mode)
 	 */
+    @Deprecated
 	public MySQLCodec( int mode ) {
 		this.mode = Mode.findByKey(mode);
 	}
@@ -302,4 +303,4 @@ private Character decodeCharacterMySQL( PushbackSequence<Character> input ) {
 		}
 	}
 
-}
\ No newline at end of file
+}
diff --git a/src/main/java/org/owasp/esapi/crypto/CipherText.java b/src/main/java/org/owasp/esapi/crypto/CipherText.java
index 608bb7eb9..739c9e48f 100644
--- a/src/main/java/org/owasp/esapi/crypto/CipherText.java
+++ b/src/main/java/org/owasp/esapi/crypto/CipherText.java
@@ -658,14 +658,6 @@ void setEncryptionTimestamp(long timestamp) {
         encryption_timestamp_ = timestamp;
     }
     
-    /** Used in supporting {@code CipherText} serialization.
-     * @deprecated	Use {@code CipherText.cipherTextVersion} instead. Will
-     * 				disappear as of ESAPI 2.1.
-     */
-    public static long getSerialVersionUID() {
-        return CipherText.serialVersionUID;
-    }
-    
     /** Return the separately calculated Message Authentication Code (MAC) that
      * is computed via the {@code computeAndStoreMAC(SecretKey authKey)} method.
      * @return The copy of the computed MAC, or {@code null} if one is not used.
diff --git a/src/main/java/org/owasp/esapi/crypto/CryptoHelper.java b/src/main/java/org/owasp/esapi/crypto/CryptoHelper.java
index 2df0e34d1..030dd74d9 100644
--- a/src/main/java/org/owasp/esapi/crypto/CryptoHelper.java
+++ b/src/main/java/org/owasp/esapi/crypto/CryptoHelper.java
@@ -130,8 +130,9 @@ public static SecretKey generateSecretKey(String alg, int keySize)
 	 * @throws InvalidKeyException 	Likely indicates a coding error. Should not happen.
 	 * @throws EncryptionException  Throw for some precondition violations.
 	 * @deprecated Use{@code KeyDerivationFunction} instead. This method will be removed as of
-	 * 			   ESAPI release 2.1 so if you are using this, please change your code.
+	 * 			   ESAPI release 2.3 so if you are using this, please change your code.
 	 */
+    @Deprecated
 	public static SecretKey computeDerivedKey(SecretKey keyDerivationKey, int keySize, String purpose)
 			throws NoSuchAlgorithmException, InvalidKeyException, EncryptionException
 	{
diff --git a/src/main/java/org/owasp/esapi/errors/EnterpriseSecurityException.java b/src/main/java/org/owasp/esapi/errors/EnterpriseSecurityException.java
index 93ee30191..da03ef29f 100644
--- a/src/main/java/org/owasp/esapi/errors/EnterpriseSecurityException.java
+++ b/src/main/java/org/owasp/esapi/errors/EnterpriseSecurityException.java
@@ -18,6 +18,13 @@
 import org.owasp.esapi.ESAPI;
 import org.owasp.esapi.Logger;
 
+// At some point, all these property names will be moved to a new class named
+//      org.owasp.esapi.PropNames
+// but until then, while this is an ugly kludge, we are importing it via a
+// reference implementation class until we have a chance to clean it up.
+// (Note: kwwall's Bitbucket code already has that class.)
+import static org.owasp.esapi.reference.DefaultSecurityConfiguration.DISABLE_INTRUSION_DETECTION;
+
 
 /**
  * EnterpriseSecurityException is the base class for all security related exceptions. You should pass in the root cause
@@ -97,7 +104,7 @@ protected EnterpriseSecurityException(String userMessage, Throwable cause)
     public EnterpriseSecurityException(String userMessage, String logMessage) {
     	super(userMessage);
         this.logMessage = logMessage;
-        if (!ESAPI.securityConfiguration().getDisableIntrusionDetection()) {
+        if (!ESAPI.securityConfiguration().getBooleanProp( DISABLE_INTRUSION_DETECTION )) {
         	ESAPI.intrusionDetector().addException(this);
         }
     }
@@ -118,7 +125,7 @@ public EnterpriseSecurityException(String userMessage, String logMessage) {
     public EnterpriseSecurityException(String userMessage, String logMessage, Throwable cause) {
         super(userMessage, cause);
         this.logMessage = logMessage;
-        if (!ESAPI.securityConfiguration().getDisableIntrusionDetection()) {
+        if (!ESAPI.securityConfiguration().getBooleanProp( DISABLE_INTRUSION_DETECTION )) {
         	ESAPI.intrusionDetector().addException(this);
         }
     }
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultAccessController.java b/src/main/java/org/owasp/esapi/reference/DefaultAccessController.java
index d7e8ed346..5e8adf98a 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultAccessController.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultAccessController.java
@@ -96,6 +96,7 @@ public void assertAuthorizedForData(String action, Object data)
      * {@inheritDoc}
 	 * @deprecated
 	 */
+    @Deprecated
 	public void assertAuthorizedForFile(String filepath)
 			throws AccessControlException {
 		this.assertAuthorized("AC 1.0 File", new Object[] {filepath});
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultEncoder.java b/src/main/java/org/owasp/esapi/reference/DefaultEncoder.java
index 9a0eefa1a..2f4c436ef 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultEncoder.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultEncoder.java
@@ -533,9 +533,9 @@ public String getCanonicalizedURI(URI dirtyUri) throws IntrusionException{
 					Iterator<Entry<String, List<String>>> i = query.iterator();
 					while(i.hasNext()){
 						Entry<String, List<String>> e = i.next(); 
-						String key = (String) e.getKey();
+						String key = e.getKey();
 						String qVal = "";
-						List<String> list = (List<String>) e.getValue();
+						List<String> list = e.getValue();
 						if(!list.isEmpty()){
 							qVal = list.get(0);
 						}
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java b/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java
index 1f5e9713c..149937579 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java
@@ -766,7 +766,7 @@ public void logHTTPRequest(HttpServletRequest request, Logger logger, List param
 		    Iterator i = request.getParameterMap().keySet().iterator();
 		    while (i.hasNext()) {
 		        String key = (String) i.next();
-		        String[] value = (String[]) request.getParameterMap().get(key);
+		        String[] value = request.getParameterMap().get(key);
 		        for (int j = 0; j < value.length; j++) {
                  params.append(key).append("=");
 		            if (parameterNamesToObfuscate != null && parameterNamesToObfuscate.contains(key)) {
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
index 504372037..b9c0ebd76 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
@@ -176,16 +176,6 @@ public static SecurityConfiguration getInstance() {
 	
     protected final int MAX_REDIRECT_LOCATION = 1000;
     
-    /**
-     * @deprecated	It is not clear whether this is intended to be the max file name length for the basename(1) of
-     *				a file or the max full path name length of a canonical full path name. Since it is not used anywhere
-     *				in the ESAPI code it is being deprecated and scheduled to be removed in release 2.1.
-     */
-    protected final int MAX_FILE_NAME_LENGTH = 1000;	// DISCUSS: Is this for given directory or refer to canonicalized full path name?
-    													// Too long if the former! (Usually 255 is limit there.) Hard to tell since not used
-    													// here in this class and it's protected, so not sure what it's intent is. It's not
-    													// used anywhere in the ESAPI code base. I am going to deprecate it because of this. -kww
-
     /*
      * Implementation Keys
      */
diff --git a/src/main/java/org/owasp/esapi/reference/JavaLogFactory.java b/src/main/java/org/owasp/esapi/reference/JavaLogFactory.java
index 810aae8d5..07a86daf5 100644
--- a/src/main/java/org/owasp/esapi/reference/JavaLogFactory.java
+++ b/src/main/java/org/owasp/esapi/reference/JavaLogFactory.java
@@ -59,7 +59,7 @@ public Logger getLogger(String moduleName) {
     	
         synchronized (loggersMap) {
             // If a logger for this module already exists, we return the same one, otherwise we create a new one.
-            Logger moduleLogger = (Logger) loggersMap.get(moduleName);
+            Logger moduleLogger = loggersMap.get(moduleName);
 
             if (moduleLogger == null) {
                 moduleLogger = new JavaLogger(moduleName);
diff --git a/src/main/java/org/owasp/esapi/reference/accesscontrol/ExperimentalAccessController.java b/src/main/java/org/owasp/esapi/reference/accesscontrol/ExperimentalAccessController.java
index 36d231b8d..6b2357327 100644
--- a/src/main/java/org/owasp/esapi/reference/accesscontrol/ExperimentalAccessController.java
+++ b/src/main/java/org/owasp/esapi/reference/accesscontrol/ExperimentalAccessController.java
@@ -82,6 +82,7 @@ public void assertAuthorized(Object key, Object runtimeParameter)
 	 * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#assertAuthorizedForData(java.lang.String, java.lang.Object)
 	 * @deprecated
 	 */
+    @Deprecated
 	public void assertAuthorizedForData(String action, Object data)
 			throws AccessControlException {
 		this.assertAuthorized("AC 1.0 Data", new Object[] {action, data});
@@ -93,6 +94,7 @@ public void assertAuthorizedForData(String action, Object data)
 	 * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#assertAuthorizedForFile(java.lang.String)
 	 * @deprecated
 	 */
+    @Deprecated
 	public void assertAuthorizedForFile(String filepath)
 			throws AccessControlException {
 		this.assertAuthorized("AC 1.0 File", new Object[] {filepath});
@@ -104,6 +106,7 @@ public void assertAuthorizedForFile(String filepath)
 	 * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#assertAuthorizedForFunction(java.lang.String)
 	 * @deprecated
 	 */
+    @Deprecated
 	public void assertAuthorizedForFunction(String functionName)
 			throws AccessControlException {
 		this.assertAuthorized("AC 1.0 Function", new Object[] {functionName});
@@ -115,6 +118,7 @@ public void assertAuthorizedForFunction(String functionName)
 	 * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#assertAuthorizedForService(java.lang.String)
 	 * @deprecated
 	 */
+    @Deprecated
 	public void assertAuthorizedForService(String serviceName)
 			throws AccessControlException {
 		this.assertAuthorized("AC 1.0 Service", new Object[] {serviceName});
@@ -126,6 +130,7 @@ public void assertAuthorizedForService(String serviceName)
 	 * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#assertAuthorizedForURL(java.lang.String)
 	 * @deprecated
 	 */
+    @Deprecated
 	public void assertAuthorizedForURL(String url)
 			throws AccessControlException {
 		this.assertAuthorized("AC 1.0 URL", new Object[] {url});
@@ -138,6 +143,7 @@ public void assertAuthorizedForURL(String url)
 	 * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#isAuthorizedForData(java.lang.String, java.lang.Object)
 	 * @deprecated
 	 */
+    @Deprecated
 	public boolean isAuthorizedForData(String action, Object data) {
 		return this.isAuthorized("AC 1.0 Data", new Object[] {action, data});
 	}
@@ -148,6 +154,7 @@ public boolean isAuthorizedForData(String action, Object data) {
 	 * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#isAuthorizedForFile(java.lang.String)
 	 * @deprecated
 	 */
+    @Deprecated
 	public boolean isAuthorizedForFile(String filepath) {
 		return this.isAuthorized("AC 1.0 File", new Object[] {filepath});
 	}
@@ -158,6 +165,7 @@ public boolean isAuthorizedForFile(String filepath) {
 	 * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#isAuthorizedForFunction(java.lang.String)
 	 * @deprecated
 	 */
+    @Deprecated
 	public boolean isAuthorizedForFunction(String functionName) {
 		return this.isAuthorized("AC 1.0 Function", new Object[] {functionName});
 	}
@@ -168,6 +176,7 @@ public boolean isAuthorizedForFunction(String functionName) {
 	 * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#isAuthorizedForService(java.lang.String)
 	 * @deprecated
 	 */
+    @Deprecated
 	public boolean isAuthorizedForService(String serviceName) {
 		return this.isAuthorized("AC 1.0 Service", new Object[] {serviceName});
 	}
@@ -178,6 +187,7 @@ public boolean isAuthorizedForService(String serviceName) {
 	 * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#isAuthorizedForURL(java.lang.String)
 	 * @deprecated
 	 */
+    @Deprecated
 	public boolean isAuthorizedForURL(String url) {
 		return this.isAuthorized("AC 1.0 URL", new Object[] {url});
 	}
diff --git a/src/main/java/org/owasp/esapi/waf/ConfigurationException.java b/src/main/java/org/owasp/esapi/waf/ConfigurationException.java
index e674e811b..644678e5e 100644
--- a/src/main/java/org/owasp/esapi/waf/ConfigurationException.java
+++ b/src/main/java/org/owasp/esapi/waf/ConfigurationException.java
@@ -28,6 +28,8 @@
  */
 public class ConfigurationException extends EnterpriseSecurityException {
 
+	protected static final long serialVersionUID = 1L;
+
 	public ConfigurationException(String userMsg, String logMsg) {
 		super(userMsg,logMsg);
 	}
diff --git a/src/main/java/org/owasp/esapi/waf/configuration/ConfigurationParser.java b/src/main/java/org/owasp/esapi/waf/configuration/ConfigurationParser.java
index 4eba04e73..4531ed058 100644
--- a/src/main/java/org/owasp/esapi/waf/configuration/ConfigurationParser.java
+++ b/src/main/java/org/owasp/esapi/waf/configuration/ConfigurationParser.java
@@ -319,7 +319,7 @@ public static AppGuardianConfiguration readConfigurationFile(InputStream stream,
 
 				for (int i=0;i<enforceHttpsNodes.size();i++) {
 
-					Element e = (Element)enforceHttpsNodes.get(i);
+					Element e = enforceHttpsNodes.get(i);
 					String path = e.getAttributeValue("path");
 					String action = e.getAttributeValue("action");
 					String id = e.getAttributeValue("id");
diff --git a/src/main/java/org/owasp/esapi/waf/internal/InterceptingServletOutputStream.java b/src/main/java/org/owasp/esapi/waf/internal/InterceptingServletOutputStream.java
index cad2efe92..811b3b8bc 100644
--- a/src/main/java/org/owasp/esapi/waf/internal/InterceptingServletOutputStream.java
+++ b/src/main/java/org/owasp/esapi/waf/internal/InterceptingServletOutputStream.java
@@ -127,7 +127,7 @@ public void flush() throws IOException {
 						amountToWrite = (int) (totalSize - currentPos);
 					}
 			
-					out.read(buff, 0, (int)amountToWrite);
+					out.read(buff, 0, amountToWrite);
 					
 					os.write(buff,0,amountToWrite);
 					
diff --git a/src/test/java/org/owasp/esapi/filters/SecurityWrapperRequestTest.java b/src/test/java/org/owasp/esapi/filters/SecurityWrapperRequestTest.java
index 23c06d3bf..3a77e4c89 100644
--- a/src/test/java/org/owasp/esapi/filters/SecurityWrapperRequestTest.java
+++ b/src/test/java/org/owasp/esapi/filters/SecurityWrapperRequestTest.java
@@ -14,6 +14,13 @@
 
 package org.owasp.esapi.filters;
 
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.SecurityConfiguration;
+import org.owasp.esapi.Validator;
+import org.owasp.esapi.errors.ValidationException;
+// A hack for now; eventually, I plan to move this into a new org.owasp.esapi.PropNames class. -kww
+import static org.owasp.esapi.reference.DefaultSecurityConfiguration.DISABLE_INTRUSION_DETECTION;
+
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertTrue;
@@ -34,10 +41,6 @@
 import org.mockito.Mockito;
 import org.mockito.invocation.InvocationOnMock;
 import org.mockito.stubbing.Answer;
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.SecurityConfiguration;
-import org.owasp.esapi.Validator;
-import org.owasp.esapi.errors.ValidationException;
 import org.powermock.api.mockito.PowerMockito;
 import org.powermock.core.classloader.annotations.PrepareForTest;
 import org.powermock.modules.junit4.PowerMockRunner;
@@ -88,7 +91,7 @@ public void setup() throws Exception {
         PowerMockito.when(ESAPI.class, ESAPY_SECURITY_CONFIGURATION_GETTER_METHOD_NAME).thenReturn(mockSecConfig);
         //Is intrusion detection disabled?  A:  Yes, it is off.  
         //This logic is confusing:  True, the value is False...
-        Mockito.when(mockSecConfig.getDisableIntrusionDetection()).thenReturn(true);
+        Mockito.when( mockSecConfig.getBooleanProp( DISABLE_INTRUSION_DETECTION ) ).thenReturn(true);
         
         testQueryValue = testName.getMethodName() + "_query_value";
         
diff --git a/src/test/java/org/owasp/esapi/reference/DefaultSecurityConfigurationTest.java b/src/test/java/org/owasp/esapi/reference/DefaultSecurityConfigurationTest.java
index 14d7bab6e..3bc00bd05 100644
--- a/src/test/java/org/owasp/esapi/reference/DefaultSecurityConfigurationTest.java
+++ b/src/test/java/org/owasp/esapi/reference/DefaultSecurityConfigurationTest.java
@@ -479,4 +479,16 @@ public void defaultPropertiesTest(){
 //		HttpUtilities.maxRedirectLength=512
 		assertEquals(512, sc.getIntProp("HttpUtilities.maxRedirectLength"));
 	}
+
+    // Test some of the deprecated methods to make sure I didn't screw them up
+    // given the double negatives on some these properties.
+    @Test
+    public void testDeprecatedMethods()
+    {
+        assertTrue("1: Deprecated (1st) method returns different value than new (2nd) method",
+                    ESAPI.securityConfiguration().getDisableIntrusionDetection() ==
+                      ESAPI.securityConfiguration().getBooleanProp( DefaultSecurityConfiguration.DISABLE_INTRUSION_DETECTION )
+                  );
+        // TODO: add some more tests here for the deprecated replacements.
+    }
 }

From a2b739f3dbcc6bd68f3516d503860f7a55156438 Mon Sep 17 00:00:00 2001
From: "Kevin W. Wall" <kevin.w.wall@gmail.com>
Date: Sat, 6 Apr 2019 17:54:18 -0400
Subject: [PATCH 535/812] Update pom.xml to use latest version of OWASP
 Dependency Check

Close issue #485
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index b6e877e1f..b4dbd894e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -369,7 +369,7 @@
             <plugin>
                 <groupId>org.owasp</groupId>
                 <artifactId>dependency-check-maven</artifactId>
-                <version>4.0.1</version>
+                <version>5.0.0-M2</version>
                 <configuration>
                     <!-- <failBuildOnCVSS>5.9</failBuildOnCVSS> -->
                     <suppressionFile>./suppressions.xml</suppressionFile>

From 7b78214424c40d39ac343f1c07aa4a81e5c10e26 Mon Sep 17 00:00:00 2001
From: "Kevin W. Wall" <kevin.w.wall@gmail.com>
Date: Sat, 6 Apr 2019 17:57:55 -0400
Subject: [PATCH 536/812] Update 2.2.0.0 release notes to reference closed
 issue

Referenced just closed issue #485
---
 documentation/esapi4java-core-2.2.0.0-release-notes.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/documentation/esapi4java-core-2.2.0.0-release-notes.txt b/documentation/esapi4java-core-2.2.0.0-release-notes.txt
index 2f6928ecd..b13e3c192 100644
--- a/documentation/esapi4java-core-2.2.0.0-release-notes.txt
+++ b/documentation/esapi4java-core-2.2.0.0-release-notes.txt
@@ -151,6 +151,7 @@ Issue #			GitHub Issue Title
 476     DefaultValidator.getValidInput implementation ignores 'canonicalize' method parameter
 478     Remove obsolete references to Google Code in pom.xml and any other release prep
 483     More miscellaneous prep work for ESAPI 2.2.0.0 release
+485     Update Maven dependency check plugin to 5.0.0-M2
 
 
 -----------------------------------------------------------------------------

From f2ed1727f63fd9bad8cfd101153adc5f8f32c50c Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Tue, 9 Apr 2019 21:58:28 -0400
Subject: [PATCH 537/812] More simplifications to pom to make it more like
 AntiSamy pom.

---
 pom.xml | 66 ++++++++++++++++++++++++++++++++++-----------------------
 1 file changed, 40 insertions(+), 26 deletions(-)

diff --git a/pom.xml b/pom.xml
index b4dbd894e..39bb0c20c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -276,6 +276,14 @@
     </dependencies>
 
     <build>
+        <pluginManagement>
+            <plugins>
+                <plugin>
+                    <groupId>org.apache.maven.plugins</groupId>
+                    <artifactId>maven-dependency-plugin</artifactId>
+                </plugin>
+            </plugins>
+        </pluginManagement>
         <plugins>
             <plugin>
                 <artifactId>maven-compiler-plugin</artifactId>
@@ -318,8 +326,9 @@
             </plugin>
 
             <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-jar-plugin</artifactId>
-                <version>2.6</version>
+                <version>3.1.0</version>
                 <configuration>
                     <archive>
                         <manifest>
@@ -330,6 +339,32 @@
                 </configuration>
             </plugin>
 
+            <plugin>
+               <groupId>org.apache.maven.plugins</groupId>
+               <artifactId>maven-javadoc-plugin</artifactId>
+               <version>3.0.1</version>
+               <executions>
+                 <execution>
+                   <id>attach-javadocs</id>
+                   <phase>package</phase>
+                   <goals><goal>jar</goal></goals>
+                 </execution>
+               </executions>
+            </plugin>
+
+            <plugin>
+               <groupId>org.apache.maven.plugins</groupId>
+               <artifactId>maven-source-plugin</artifactId>
+               <version>3.0.1</version>
+               <executions>
+                 <execution>
+                   <id>attach-sources</id>
+                   <phase>package</phase>
+                   <goals><goal>jar-no-fork</goal></goals>
+                 </execution>
+               </executions>
+            </plugin>
+
             <!-- Check for updates to dependencies and report on them. -->
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
@@ -485,11 +520,6 @@
                 <artifactId>maven-site-plugin</artifactId>
                 <version>3.4</version>
             </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-deploy-plugin</artifactId>
-                <version>2.8.2</version>
-            </plugin>
         </plugins>
     </reporting>
 
@@ -557,26 +587,6 @@
             <build>
                 <plugins>
 
-                    <!-- Signs all artifacts prior to deploying to maven central -->
-                    <plugin>
-                        <groupId>org.apache.maven.plugins</groupId>
-                        <artifactId>maven-gpg-plugin</artifactId>
-                        <version>1.6</version>
-                        <executions>
-                            <execution>
-                                <id>sign-artifacts</id>
-                                <phase>deploy</phase>
-                                <goals>
-                                    <goal>sign</goal>
-                                </goals>
-                                <configuration>
-                                    <!-- Refers to Kevin Wall's GPG signing key. -->
-                                    <keyname>8A2A524F</keyname>
-                                </configuration>
-                            </execution>
-                        </executions>
-                    </plugin>
-
                     <plugin>
                         <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-jar-plugin</artifactId>
@@ -674,6 +684,9 @@
 
                     <!-- Performs a full release. See release documentation for information on how to
                          perform an ESAPI release using Maven -->
+            <!--
+                 mvn release:prepare was not working as expected, so I'm commenting this out and we
+                 are doing all this SCM magic manually for now.  - kevin wall, 2019-04-09
                     <plugin>
                         <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-release-plugin</artifactId>
@@ -682,6 +695,7 @@
                             <tagBase>https://github.com/ESAPI/esapi-java-legacy/tags</tagBase>
                         </configuration>
                     </plugin>
+            -->
 
                 </plugins>
             </build>

From 9d9f8b2fb9b397bd042c112651e4c054e822cdd9 Mon Sep 17 00:00:00 2001
From: davewichers <dwichers@gmail.com>
Date: Thu, 11 Apr 2019 23:19:56 +0000
Subject: [PATCH 538/812] Eliminate tons of Javadoc warnings and some other
 code warnings in both main and test code. Significant reorganization to pom
 and upgrades to many plugins and a few components. More to do.

---
 pom.xml                                       | 311 ++++++++++--------
 src/main/java/org/owasp/esapi/ESAPI.java      |   4 +-
 src/main/java/org/owasp/esapi/Encoder.java    |   7 +-
 .../org/owasp/esapi/EncryptedProperties.java  |   2 +-
 .../java/org/owasp/esapi/HTTPUtilities.java   |  84 ++---
 src/main/java/org/owasp/esapi/User.java       |   4 +-
 src/main/java/org/owasp/esapi/Validator.java  |  12 +-
 .../org/owasp/esapi/codecs/AbstractCodec.java |  49 +--
 .../esapi/codecs/AbstractIntegerCodec.java    |   2 +-
 .../codecs/AbstractPushbackSequence.java      |  20 +-
 .../java/org/owasp/esapi/codecs/Base64.java   |   4 +-
 .../java/org/owasp/esapi/codecs/CSSCodec.java |   5 +-
 .../java/org/owasp/esapi/codecs/Codec.java    |   8 +-
 .../java/org/owasp/esapi/codecs/HashTrie.java |  23 +-
 .../esapi/codecs/LegacyHTMLEntityCodec.java   |   2 -
 .../org/owasp/esapi/codecs/MySQLCodec.java    |  15 +-
 .../esapi/codecs/PushBackSequenceImpl.java    |  21 +-
 .../owasp/esapi/codecs/PushbackSequence.java  |  35 +-
 .../owasp/esapi/codecs/PushbackString.java    |  23 +-
 .../org/owasp/esapi/crypto/CipherText.java    |   3 +-
 .../owasp/esapi/filters/ClickjackFilter.java  |   4 +-
 .../filters/SecurityWrapperResponse.java      |  29 +-
 .../owasp/esapi/reference/DefaultEncoder.java |   6 +-
 .../DefaultSecurityConfiguration.java         |   2 -
 .../owasp/esapi/reference/DefaultUser.java    |   8 +-
 .../reference/IntegerAccessReferenceMap.java  |   6 +-
 .../accesscontrol/DelegatingACR.java          |   6 +-
 .../accesscontrol/DynaBeanACRParameter.java   |  36 +-
 .../ExperimentalAccessController.java         |  10 +-
 .../policyloader/PolicyParameters.java        |   4 +-
 .../validation/DateValidationRule.java        |   7 +-
 .../esapi/http/MockHttpServletRequest.java    | 133 +-------
 .../esapi/http/MockHttpServletResponse.java   | 118 +------
 .../org/owasp/esapi/http/MockHttpSession.java |  46 +--
 .../owasp/esapi/http/MockServletContext.java  |   4 +
 .../esapi/http/MockServletInputStream.java    |   2 +-
 .../esapi/reference/HTTPUtilitiesTest.java    |  44 ++-
 .../UnitTestSecurityConfiguration.java        |  35 --
 .../esapi/reference/crypto/EncryptorTest.java |   5 +-
 .../org/owasp/esapi/util/FileTestUtils.java   |  10 +-
 40 files changed, 445 insertions(+), 704 deletions(-)

diff --git a/pom.xml b/pom.xml
index 39bb0c20c..3a6a2f462 100644
--- a/pom.xml
+++ b/pom.xml
@@ -6,9 +6,16 @@
     <version>2.2.0.0-RC2</version>
     <packaging>jar</packaging>
 
-    <prerequisites>
-        <maven>3.1</maven>
-    </prerequisites>
+    <distributionManagement>
+        <snapshotRepository>
+            <id>sonatype-nexus-snapshots</id>
+            <url>https://oss.sonatype.org/content/repositories/snapshots</url>
+        </snapshotRepository>
+        <repository>
+            <id>sonatype-nexus-staging</id>
+            <url>https://oss.sonatype.org/service/local/staging/deploy/maven2</url>
+        </repository>
+    </distributionManagement>
 
     <parent>
         <groupId>org.sonatype.oss</groupId>
@@ -161,7 +168,12 @@
             <groupId>commons-fileupload</groupId>
             <artifactId>commons-fileupload</artifactId>
             <version>1.3.3</version>
-            <scope>compile</scope>
+            <!-- exclusions>
+                <exclusion>
+                    <groupId>commons-io</groupId>
+                    <artifactId>commons-io</artifactId>
+                </exclusion>
+            </exclusions -->
         </dependency>
         <dependency>
             <groupId>org.apache.commons</groupId>
@@ -172,13 +184,11 @@
             <groupId>log4j</groupId>
             <artifactId>log4j</artifactId>
             <version>1.2.17</version>
-            <scope>compile</scope>
-            <type>jar</type>
         </dependency>
         <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-api</artifactId>
-            <version>1.7.25</version>
+            <version>1.7.26</version>
         </dependency>
         <dependency>
             <groupId>com.io7m.xom</groupId>
@@ -234,12 +244,27 @@
             <groupId>org.apache.xmlgraphics</groupId>
             <artifactId>batik-css</artifactId>
             <version>1.11</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>commons-io</groupId>
+                    <artifactId>commons-io</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>commons-logging</groupId>
+                    <artifactId>commons-logging</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>xerces</groupId>
             <artifactId>xercesImpl</artifactId>
             <version>2.12.0</version>
         </dependency>
+        <dependency>
+            <groupId>commons-io</groupId>
+            <artifactId>commons-io</artifactId>
+            <version>2.6</version>
+        </dependency>
 
         <!-- Dependencies which are ONLY used for JUnit tests -->
         <dependency>
@@ -254,23 +279,17 @@
             <version>1.61</version>
             <scope>test</scope>
         </dependency>
-        <dependency>
-            <groupId>commons-io</groupId>
-            <artifactId>commons-io</artifactId>
-            <version>2.6</version>
-            <scope>test</scope>
-        </dependency>
         <!-- https://mvnrepository.com/artifact/org.powermock/powermock-api-mockito -->
         <dependency>
             <groupId>org.powermock</groupId>
             <artifactId>powermock-api-mockito2</artifactId>
-            <version>2.0.0-beta.5</version>
+            <version>2.0.0</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.powermock</groupId>
             <artifactId>powermock-module-junit4</artifactId>
-            <version>2.0.0-beta.5</version>
+            <version>2.0.0</version>
             <scope>test</scope>
         </dependency>
     </dependencies>
@@ -281,13 +300,35 @@
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
                     <artifactId>maven-dependency-plugin</artifactId>
+                    <version>3.1.1</version>
                 </plugin>
             </plugins>
         </pluginManagement>
-        <plugins>
+
+        <plugins>        
+            <plugin>
+                <groupId>com.github.spotbugs</groupId>
+                <artifactId>spotbugs-maven-plugin</artifactId>
+                <version>3.1.11</version>
+                <dependencies>
+                  <!-- overwrite dependency on spotbugs if you want to specify the version of spotbugs -->
+                  <dependency>
+                    <groupId>com.github.spotbugs</groupId>
+                    <artifactId>spotbugs</artifactId>
+                    <version>3.1.12</version>
+                  </dependency>
+                </dependencies>
+            </plugin>
+
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-clean-plugin</artifactId>
+                <version>3.1.0</version>
+            </plugin>
+
             <plugin>
                 <artifactId>maven-compiler-plugin</artifactId>
-                <version>3.3</version>
+                <version>3.8.0</version>
                 <configuration>
                     <source>1.7</source>
                     <target>1.7</target>
@@ -316,6 +357,12 @@
                 </configuration>
             </plugin>
 
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-deploy-plugin</artifactId>
+                <version>2.8.2</version>
+            </plugin>
+
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-eclipse-plugin</artifactId>
@@ -325,6 +372,12 @@
                 </configuration>
             </plugin>
 
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-enforcer-plugin</artifactId>
+                <version>1.4.1</version>
+            </plugin>
+
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-jar-plugin</artifactId>
@@ -339,10 +392,19 @@
                 </configuration>
             </plugin>
 
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-install-plugin</artifactId>
+                <version>2.5.2</version>
+            </plugin>
+
             <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-javadoc-plugin</artifactId>
                <version>3.0.1</version>
+               <configuration>
+                 <doclint>none</doclint>
+               </configuration>
                <executions>
                  <execution>
                    <id>attach-javadocs</id>
@@ -351,6 +413,18 @@
                  </execution>
                </executions>
             </plugin>
+            
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-resources-plugin</artifactId>
+                <version>3.1.0</version>
+            </plugin>
+
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-site-plugin</artifactId>
+                <version>3.7.1</version>
+            </plugin>
 
             <plugin>
                <groupId>org.apache.maven.plugins</groupId>
@@ -365,22 +439,16 @@
                </executions>
             </plugin>
 
-            <!-- Check for updates to dependencies and report on them. -->
             <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>versions-maven-plugin</artifactId>
-                <version>2.7</version>
-                <executions>
-                    <execution>
-                        <id>check-for-dependency-updates</id>
-                        <phase>compile</phase> <!-- Eclipse q4e plugin needs this -->
-                        <goals>
-                            <goal>display-dependency-updates</goal>
-                            <goal>display-plugin-updates</goal>
-                            <!--<goal>display-property-updates</goal>-->
-                        </goals>
-                    </execution>
-                </executions>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-surefire-report-plugin</artifactId>
+                <version>2.22.1</version>
+            </plugin>
+
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-surefire-plugin</artifactId>
+                <version>2.22.1</version>
             </plugin>
 
             <plugin>
@@ -398,7 +466,7 @@
             <plugin>
                 <groupId>org.eluder.coveralls</groupId>
                 <artifactId>coveralls-maven-plugin</artifactId>
-                <version>4.1.0</version>
+                <version>4.3.0</version>
             </plugin>
 
             <plugin>
@@ -423,24 +491,34 @@
     <reporting>
         <plugins>
             <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>findbugs-maven-plugin</artifactId>
-                <version>3.0.4</version>
+                <groupId>net.sourceforge.maven-taglib</groupId>
+                <artifactId>maven-taglib-plugin</artifactId>
+                <version>2.4</version>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-changelog-plugin</artifactId>
+                <version>2.3</version>
                 <configuration>
-                    <findbugsXmlOutput>true</findbugsXmlOutput>
-                    <findbugsXmlWithMessages>true</findbugsXmlWithMessages>
-                    <xmlOutput>true</xmlOutput>
-                    <threshold>Low</threshold>
-                    <effort>Max</effort>
-                    <relaxed>false</relaxed>
+                    <issueIDRegexPattern>[Ii]ssue[# ]*(\d)+</issueIDRegexPattern>
+                    <issueLinkUrl>https://github.com/ESAPI/esapi-java-legacy/issues/%ISSUE%</issueLinkUrl>
+                    <type>date</type>
+                    <dates>
+                        <!-- Should be date of previous official release -->
+                        <date>2015-02-05 00:00:00</date>
+                    </dates>
                 </configuration>
             </plugin>
             <plugin>
-                <groupId>org.codehaus.mojo</groupId>
-                <artifactId>jdepend-maven-plugin</artifactId>
-                <version>2.0</version>
+                <artifactId>maven-javadoc-plugin</artifactId>
+                <configuration>
+                    <detectJavaApiLink>false</detectJavaApiLink>
+                    <detectLinks>false</detectLinks>
+                    <doclint>none</doclint>
+                </configuration>
             </plugin>
             <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-pmd-plugin</artifactId>
                 <version>3.6</version>
                 <configuration>
@@ -449,37 +527,48 @@
                 </configuration>
             </plugin>
             <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-javadoc-plugin</artifactId>
-                <version>2.10.3</version>
+                <artifactId>maven-site-plugin</artifactId>
                 <configuration>
-                    <detectJavaApiLink>false</detectJavaApiLink>
-                    <detectLinks>false</detectLinks>
+                  <reportPlugins>
+                    <plugin>
+                      <artifactId>maven-javadoc-plugin</artifactId>
+                      <configuration>
+                         <doclint>none</doclint>
+                      </configuration>
+                    </plugin>
+                  </reportPlugins>
                 </configuration>
             </plugin>
             <plugin>
-                <groupId>net.sourceforge.maven-taglib</groupId>
-                <artifactId>maven-taglib-plugin</artifactId>
-                <version>2.4</version>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-surefire-report-plugin</artifactId>
             </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-changelog-plugin</artifactId>
-                <version>2.3</version>
+                <artifactId>maven-surefire-plugin</artifactId>
+            </plugin>
+            <plugin>
+                <groupId>com.github.spotbugs</groupId>
+                <artifactId>spotbugs-maven-plugin</artifactId>
                 <configuration>
-                    <issueIDRegexPattern>[Ii]ssue[# ]*(\d)+</issueIDRegexPattern>
-                    <issueLinkUrl>https://github.com/ESAPI/esapi-java-legacy/issues/%ISSUE%</issueLinkUrl>
-                    <type>date</type>
-                    <dates>
-                        <!-- Should be date of previous official release -->
-                        <date>2015-02-05 00:00:00</date>
-                    </dates>
+                    <findbugsXmlOutput>true</findbugsXmlOutput>
+                    <findbugsXmlWithMessages>true</findbugsXmlWithMessages>
+                    <xmlOutput>true</xmlOutput>
+                    <threshold>Low</threshold>
+                    <effort>Max</effort>
+                    <relaxed>false</relaxed>
                 </configuration>
             </plugin>
+            <plugin>
+                <groupId>org.codehaus.mojo</groupId>
+                <artifactId>jdepend-maven-plugin</artifactId>
+                <version>2.0</version>
+            </plugin>
+            <!-- Check for updates to dependencies and report on them. -->
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>versions-maven-plugin</artifactId>
-                <version>2.2</version>
+                <version>2.7</version>
                 <reportSets>
                     <reportSet>
                         <reports>
@@ -490,74 +579,26 @@
                     </reportSet>
                 </reportSets>
             </plugin>
+            
             <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-surefire-report-plugin</artifactId>
-                <version>2.19.1</version>
-            </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-surefire-plugin</artifactId>
-                <version>2.19.1</version>
-            </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-clean-plugin</artifactId>
-                <version>3.0.0</version>
-            </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-install-plugin</artifactId>
-                <version>2.5.2</version>
-            </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-resources-plugin</artifactId>
-                <version>2.7</version>
-            </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-site-plugin</artifactId>
-                <version>3.4</version>
+               <groupId>org.apache.maven.plugins</groupId>
+               <artifactId>maven-project-info-reports-plugin</artifactId>
+               <version>3.0.0</version>
+               <reportSets>
+                 <reportSet>
+                   <reports>
+                     <report>dependency-convergence</report>
+                   </reports>
+                 </reportSet>
+               </reportSets>
+               <configuration>
+                 <dependencyLocationsEnabled>false</dependencyLocationsEnabled>
+               </configuration>
             </plugin>
         </plugins>
     </reporting>
 
     <profiles>
-        <profile>
-          <id>doclint-java8-disable</id>
-          <activation>
-            <jdk>[1.8,)</jdk>
-          </activation>
-          <build>
-            <plugins>
-              <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-javadoc-plugin</artifactId>
-                <version>3.0.0-M1</version>
-                <configuration>
-                  <additionalparam>-Xdoclint:none</additionalparam>
-                </configuration>
-              </plugin>
-              <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-site-plugin</artifactId>
-                <version>3.4</version>
-                <configuration>
-                  <reportPlugins>
-                    <plugin>
-                      <groupId>org.apache.maven.plugins</groupId>
-                      <artifactId>maven-javadoc-plugin</artifactId>
-                      <configuration>
-                        <additionalparam>-Xdoclint:none</additionalparam>
-                      </configuration>
-                    </plugin>
-                  </reportPlugins>
-                </configuration>
-              </plugin>
-            </plugins>
-          </build>
-        </profile>
         <profile>
             <!-- Activate to sign jars and build distributable download. -->
             <id>dist</id>
@@ -573,24 +614,12 @@
                 </property>
             </activation>
 
-            <distributionManagement>
-                <snapshotRepository>
-                    <id>sonatype-nexus-snapshots</id>
-                    <url>https://oss.sonatype.org/content/repositories/snapshots</url>
-                </snapshotRepository>
-                <repository>
-                    <id>sonatype-nexus-staging</id>
-                    <url>https://oss.sonatype.org/service/local/staging/deploy/maven2</url>
-                </repository>
-            </distributionManagement>
-
             <build>
                 <plugins>
 
                     <plugin>
-                        <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-jar-plugin</artifactId>
-                        <version>2.6</version>
+
 <!--
                         <executions>
                             <execution>
@@ -624,7 +653,6 @@
                     <plugin>
                         <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-enforcer-plugin</artifactId>
-                        <version>1.4.1</version>
                         <executions>
                             <execution>
                                 <id>enforce-jdk-version</id>
@@ -648,9 +676,10 @@
 
                     <!-- Attached JavaDocs are required by Sonatype Nexus Repository -->
                     <plugin>
-                        <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-javadoc-plugin</artifactId>
-                        <version>2.10.3</version>
+                        <configuration>
+                          <doclint>none</doclint>
+                        </configuration>
                         <executions>
                             <execution>
                                 <id>attach-javadocs</id>
diff --git a/src/main/java/org/owasp/esapi/ESAPI.java b/src/main/java/org/owasp/esapi/ESAPI.java
index de93a73f7..33eca3fcc 100644
--- a/src/main/java/org/owasp/esapi/ESAPI.java
+++ b/src/main/java/org/owasp/esapi/ESAPI.java
@@ -141,7 +141,6 @@ private static LogFactory logFactory() {
 	 * @param clazz The class to associate the logger with.
 	 * @return The current Logger associated with the specified class.
 	 */
-	@SuppressWarnings("unchecked")		// Because Eclipse wants Class<T> instead.
 	public static Logger getLogger(Class clazz) {
 		return logFactory().getLogger(clazz);
 	}
@@ -215,8 +214,7 @@ public static String initialize( String impl ) {
      * To clear an overridden Configuration, simple call this method with null for the config
      * parameter.
      *
-     * @param config
-     * @return
+     * @param config The new security configuration.
      */
     public static void override( SecurityConfiguration config ) {
         overrideConfig = config;
diff --git a/src/main/java/org/owasp/esapi/Encoder.java b/src/main/java/org/owasp/esapi/Encoder.java
index 454525eaa..56ef3db7e 100644
--- a/src/main/java/org/owasp/esapi/Encoder.java
+++ b/src/main/java/org/owasp/esapi/Encoder.java
@@ -443,21 +443,18 @@ public interface Encoder {
 	 * @param input 
 	 * 		the Base64 text to decode
 	 * 
-	 * @return input 
-	 * 		decoded from Base64
+	 * @return input decoded from Base64
 	 * 
 	 * @throws IOException
 	 */
 	byte[] decodeFromBase64(String input) throws IOException;
 
 	/**
-	 * 
 	 * Get a version of the input URI that will be safe to run regex and other validations against.  
 	 * It is not recommended to persist this value as it will transform user input.  This method 
 	 * will not test to see if the URI is RFC-3986 compliant.
 	 * 
-	 * @param input
-	 * @return
+	 * @return The canonicalized URI
 	 */
 	public String getCanonicalizedURI(URI dirtyUri);
 
diff --git a/src/main/java/org/owasp/esapi/EncryptedProperties.java b/src/main/java/org/owasp/esapi/EncryptedProperties.java
index b3a7cd006..3251aab9e 100644
--- a/src/main/java/org/owasp/esapi/EncryptedProperties.java
+++ b/src/main/java/org/owasp/esapi/EncryptedProperties.java
@@ -75,7 +75,7 @@ public interface EncryptedProperties {
 	 * Returns a {@code Set} view of properties. The {@code Set} is backed by a
 	 * {@code java.util.Hashtable}, so changes to the {@code Hashtable} are
 	 * reflected in the {@code Set}, and vice-versa. The {@code Set} supports element 
-	 * removal (which removes the corresponding entry from the {@code Hashtable),
+	 * removal (which removes the corresponding entry from the {@code Hashtable},
 	 * but not element addition.
 	 * 
 	 * @return 
diff --git a/src/main/java/org/owasp/esapi/HTTPUtilities.java b/src/main/java/org/owasp/esapi/HTTPUtilities.java
index 3415fa2a1..6e44b0191 100644
--- a/src/main/java/org/owasp/esapi/HTTPUtilities.java
+++ b/src/main/java/org/owasp/esapi/HTTPUtilities.java
@@ -52,7 +52,9 @@ public interface HTTPUtilities
 	/**
      * Calls addCookie with the *current* request.
      *
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
+     * @param cookie The cookie to add
+     * 
+	 * @see HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)
      */
     void addCookie(Cookie cookie);
 
@@ -61,7 +63,8 @@ public interface HTTPUtilities
      * illegal characters in the name and name and value. This method also sets
      * the secure and HttpOnly flags on the cookie.
      *
-     * @param cookie
+     * @param response The HTTP response to add the cookie to
+     * @param cookie The cookie to add
      */
     void addCookie(HttpServletResponse response, Cookie cookie);
 
@@ -77,7 +80,7 @@ public interface HTTPUtilities
     /**
      * Calls addHeader with the *current* request.
      *
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
+	 * @see HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)
      */
     void addHeader(String name, String value);
 
@@ -96,15 +99,15 @@ public interface HTTPUtilities
 
 	/**
      * Calls assertSecureRequest with the *current* request.
-	 * @see {@link HTTPUtilities#assertSecureRequest(HttpServletRequest)}
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
+	 * @see HTTPUtilities#assertSecureRequest(HttpServletRequest)
+	 * @see HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)
 	 */
 	void assertSecureRequest() throws AccessControlException;
 
 	/**
      * Calls assertSecureChannel with the *current* request.
-	 * @see {@link HTTPUtilities#assertSecureChannel(HttpServletRequest)}
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
+	 * @see HTTPUtilities#assertSecureChannel(HttpServletRequest)
+	 * @see HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)
 	 */
 	void assertSecureChannel() throws AccessControlException;
 
@@ -132,7 +135,7 @@ public interface HTTPUtilities
 	/**
      * Calls changeSessionIdentifier with the *current* request.
      *
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
+	 * @see HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)
      */
 	HttpSession changeSessionIdentifier() throws AuthenticationException;
 
@@ -176,7 +179,7 @@ public interface HTTPUtilities
     /**
      * Calls decryptStateFromCookie with the *current* request.
      *
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
+	 * @see HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)
      */
     Map<String, String> decryptStateFromCookie() throws EncryptionException;
 
@@ -210,7 +213,7 @@ public interface HTTPUtilities
 	/**
 	 * Calls encryptStateInCookie with the *current* response.
      *
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
+	 * @see HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)
 	 */
     void encryptStateInCookie(Map<String, String> cleartext) throws EncryptionException;
 
@@ -229,8 +232,12 @@ public interface HTTPUtilities
 
     /**
 	 * Calls getCookie with the *current* response.
+	 * 
+	 * @param name The cookie to get
+     * @return the requested cookie value
+     * @throws ValidationException
      *
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
+	 * @see HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)
 	 */
 	String getCookie(String name) throws ValidationException;
 
@@ -241,15 +248,16 @@ public interface HTTPUtilities
      * more specific validation.
      *
      * @param request
-     * @param name
+	 * @param name The cookie to get
      * @return the requested cookie value
+     * @throws ValidationException
      */
 	String getCookie(HttpServletRequest request, String name) throws ValidationException;
 
     /**
      * Returns the current user's CSRF token. If there is no current user then return null.
      *
-     * @return the current users CSRF token
+     * @return the current user's CSRF token
      */
     String getCSRFToken();
 
@@ -270,17 +278,26 @@ public interface HTTPUtilities
 	/**
 	 * Calls getFileUploads with the *current* request, default upload directory, and default allowed file extensions
      *
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
+     * @return List of new File objects from upload
+     * @throws ValidationException if the file fails validation
+     * 
+	 * @see HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)
 	 */
 	List getFileUploads() throws ValidationException;
 
     /**
 	 * Call getFileUploads with the specified request, default upload directory, and default allowed file extensions
+     *
+     * @return List of new File objects from upload
+     * @throws ValidationException if the file fails validation
 	 */
 	List getFileUploads(HttpServletRequest request) throws ValidationException;
 
     /**
 	 * Call getFileUploads with the specified request, specified upload directory, and default allowed file extensions
+     *
+     * @return List of new File objects from upload
+     * @throws ValidationException if the file fails validation
 	 */
     List getFileUploads(HttpServletRequest request, File finalDir) throws ValidationException;
 
@@ -303,7 +320,7 @@ public interface HTTPUtilities
 	/**
 	 * Calls getHeader with the *current* request.
      *
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
+	 * @see HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)
 	 */
 	String getHeader(String name) throws ValidationException;
 
@@ -322,7 +339,7 @@ public interface HTTPUtilities
 	/**
 	 * Calls getParameter with the *current* request.
      *
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
+	 * @see HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)
 	 */
 	String getParameter(String name) throws ValidationException;
 
@@ -341,7 +358,7 @@ public interface HTTPUtilities
 	/**
 	 * Calls killAllCookies with the *current* request and response.
      *
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
+	 * @see HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)
 	 */
 	void killAllCookies();
 
@@ -357,7 +374,7 @@ public interface HTTPUtilities
 	/**
 	 * Calls killCookie with the *current* request and response.
      *
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
+	 * @see HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)
 	 */
 	void killCookie(String name);
 
@@ -374,7 +391,7 @@ public interface HTTPUtilities
 	/**
 	 * Calls logHTTPRequest with the *current* request and logger.
      *
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
+	 * @see HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)
 	 */
 	void logHTTPRequest();
 
@@ -399,7 +416,7 @@ public interface HTTPUtilities
      * include it here in case different parts of the application need to obfuscate
      * different parameters.
      *
-     * @param request
+     * @param request The HTTP request to log
      * @param logger the logger to write the request to
      * @param parameterNamesToObfuscate the sensitive parameters
      */
@@ -408,7 +425,7 @@ public interface HTTPUtilities
 	/**
 	 * Calls sendForward with the *current* request and response.
      *
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
+	 * @see HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)
 	 */
     void sendForward(String location) throws AccessControlException, ServletException, IOException;
 
@@ -431,7 +448,7 @@ public interface HTTPUtilities
 	/**
 	 * Calls sendRedirect with the *current* response.
      *
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
+	 * @see HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)
 	 */
     void sendRedirect(String location) throws AccessControlException, IOException;
 
@@ -452,7 +469,7 @@ public interface HTTPUtilities
 	/**
 	 * Calls setContentType with the *current* request and response.
      *
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
+	 * @see HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)
 	 */
     void setContentType();
 
@@ -486,7 +503,7 @@ public interface HTTPUtilities
 	/**
 	 * Calls setHeader with the *current* response.
      *
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
+	 * @see HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)
 	 */
     void setHeader(String name, String value);
 
@@ -506,7 +523,7 @@ public interface HTTPUtilities
 	/**
 	 * Calls setNoCacheHeaders with the *current* response.
      *
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
+	 * @see HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)
 	 */
     void setNoCacheHeaders();
 
@@ -547,7 +564,7 @@ public interface HTTPUtilities
 	 * ~DEPRECATED~  Per Kevin Wall, storing passwords with reversible encryption is contrary to *many*
 	 * company's stated security policies.  
      *
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
+	 * @see HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)
 	 */
     @Deprecated
     String setRememberToken(String password, int maxAge, String domain, String path);
@@ -591,7 +608,7 @@ public interface HTTPUtilities
 	/**
 	 * Calls verifyCSRFToken with the *current* request.
      *
-	 * @see {@link HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)}
+	 * @see HTTPUtilities#setCurrentHTTP(HttpServletRequest, HttpServletResponse)
 	 */
     void verifyCSRFToken();
 
@@ -611,17 +628,14 @@ public interface HTTPUtilities
     *
     * @param    key
     *           The key that references the session attribute
-    * @param    <T>
-    *           The implied type of object expected.
-    * @return
-    *           The requested object.
-    * @see      #getSessionAttribute(javax.servlet.http.HttpSession, String)
+    * @return   The requested object.
+    * @see      HTTPUtilities#getSessionAttribute(javax.servlet.http.HttpSession, String)
     */
     <T> T getSessionAttribute( String key );
 
     /**
      * Gets a typed attribute from the passed in session. This method has the same
-     * responsibility as {link #getSessionAttribute(String} however only it references
+     * responsibility as {link #getSessionAttribute(String} however it only references
      * the passed in session and thus performs slightly better since it does not need
      * to return to the Thread to get the {@link HttpSession} associated with the current
      * thread.
@@ -630,8 +644,6 @@ public interface HTTPUtilities
      *          The session to retrieve the attribute from
      * @param key
      *          The key that references the requested object
-     * @param <T>
-     *          The implied type of object expected
      * @return  The requested object
      */
     <T> T getSessionAttribute( HttpSession session, String key );
@@ -642,7 +654,6 @@ public interface HTTPUtilities
      * type, a ClassCastException will be thrown back to the caller.
      *
      * @param key The key that references the request attribute.
-     * @param <T> The implied type of the object expected
      * @return The requested object
      */
     <T> T getRequestAttribute( String key );
@@ -654,7 +665,6 @@ public interface HTTPUtilities
      *
      * @param request The request to retrieve the attribute from
      * @param key The key that references the request attribute.
-     * @param <T> The implied type of the object expected
      * @return The requested object
      */
     <T> T getRequestAttribute( HttpServletRequest request, String key );
diff --git a/src/main/java/org/owasp/esapi/User.java b/src/main/java/org/owasp/esapi/User.java
index d0bd9a8a3..f48c92e9a 100644
--- a/src/main/java/org/owasp/esapi/User.java
+++ b/src/main/java/org/owasp/esapi/User.java
@@ -203,8 +203,8 @@ public interface User extends Principal, Serializable {
     void removeSession( HttpSession s );
     
     /**
-     * Returns the list of sessions associated with this User.
-     * @return
+     * Returns a Set containing the sessions associated with this User.
+     * @return The Set of sessions for this User.
      */
     Set getSessions();
     
diff --git a/src/main/java/org/owasp/esapi/Validator.java b/src/main/java/org/owasp/esapi/Validator.java
index 12c87ea15..590a2e500 100644
--- a/src/main/java/org/owasp/esapi/Validator.java
+++ b/src/main/java/org/owasp/esapi/Validator.java
@@ -689,21 +689,21 @@ public interface Validator {
 	String safeReadLine(InputStream inputStream, int maxLength) throws ValidationException;
 
 	/**
-	 * 
 	 * Parses and ensures that the URI in question is a valid RFC-3986 URI.  This simplifies
-	 * the kind of regex required for subsequent validation to mitigate regex-based 
-	 * DoS attacks.  
+	 * the kind of regex required for subsequent validation to mitigate regex-based DoS attacks.  
 	 * 
 	 * @see <a href="https://www.ietf.org/rfc/rfc3986.txt">RFC-3986.</a>
 	 * 
  	 *	@param context
-	 *  		A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any logging or error handling that is done with respect to the value passed in.
+	 *  		A descriptive name of the parameter that you are validating (e.g., LoginPage_UsernameField). This value is used by any 
+	 *          logging or error handling that is done with respect to the value passed in.
 	 *  @param input
 	 *  		redirect location to be returned as valid, according to encoding rules set in "ESAPI.properties"
 	 *  @param allowNull
-	 *  		If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an empty String will throw a ValidationException.
+	 *  		If allowNull is true then an input that is NULL or an empty string will be legal. If allowNull is false then NULL or an 
+	 *          empty String will throw a ValidationException.
 	 *
-	 * @return
+	 * @return True if the URI is valid
 	 * @throws ValidationException 
 	 */
 	boolean isValidURI(String context, String input, boolean allowNull);
diff --git a/src/main/java/org/owasp/esapi/codecs/AbstractCodec.java b/src/main/java/org/owasp/esapi/codecs/AbstractCodec.java
index 8660fb7a7..7192bae20 100644
--- a/src/main/java/org/owasp/esapi/codecs/AbstractCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/AbstractCodec.java
@@ -65,12 +65,12 @@ public AbstractCodec() {
 	@Override
 	public String encode(char[] immune, String input) {
 		StringBuilder sb = new StringBuilder();
-		for(int offset  = 0; offset < input.length(); ){
+		for(int offset  = 0; offset < input.length(); ) {
 			final int point = input.codePointAt(offset);
-			if(Character.isBmpCodePoint(point)){
+			if (Character.isBmpCodePoint(point)) {
 				//We can then safely cast this to char and maintain legacy behavior.
 				sb.append(encodeCharacter(immune, new Character((char) point)));
-			}else{
+			} else {
 				sb.append(encodeCharacter(immune, point));	
 			}
 			offset += Character.charCount(point);
@@ -80,17 +80,17 @@ public String encode(char[] immune, String input) {
 
 	/**
 	 * WARNING!!!!  Passing a standard char to this method will resolve to the 
-	 * @{code public String encodeCharacter( char[] immune, int codePoint )} method
-	 * instead of this one!!!  YOU HAVE BEEN WARNED!!!!
+	 * @see #encodeCharacter( char[], int )
+	 * method instead of this one!!!  YOU HAVE BEEN WARNED!!!!
 	 * 
-	 * @{Inherit}
+	 * {@inheritDoc}
 	 */
 	@Override
 	public String encodeCharacter( char[] immune, Character c ) {
 		return ""+c;
 	}
 	
-	public String encodeCharacter(char[] immune, char c){
+	public String encodeCharacter(char[] immune, char c) {
 		throw new IllegalArgumentException("You tried to call encodeCharacter with a char.  Nope.  Use Character instead!");
 	}
 	
@@ -117,54 +117,39 @@ public T decodeCharacter( PushbackSequence<T> input ) {
 	}
 
 	/**
-	 * Lookup the hex value of any character that is not alphanumeric.
-	 * @param c The character to lookup.
-	 * @return, return null if alphanumeric or the character code
-	 * 	in hex.
+	 * {@inheritDoc}
 	 */
-	public String getHexForNonAlphanumeric(char c)
-	{
+	public String getHexForNonAlphanumeric(char c) {
 		if(c<0xFF)
 			return hex[c];
 		return toHex(c);
 	}
 	
 	/**
-	 * Lookup the hex value of any character that is not alphanumeric.
-	 * @param c The character to lookup.
-	 * @return, return null if alphanumeric or the character code
-	 * 	in hex.
+	 * {@inheritDoc}
 	 */
-	public String getHexForNonAlphanumeric(int c)
-	{
-		if(c<0xFF){
+	public String getHexForNonAlphanumeric(int c) {
+		if (c<0xFF) {
 			return hex[c];
-		}else{
+		} else {
 			return toHex(c);
 		}
 	}
 
-	public String toOctal(char c)
-	{
+	public String toOctal(char c) {
 		return Integer.toOctalString(c);
 	}
 
-	public String toHex(char c)
-	{
+	public String toHex(char c) {
 		return Integer.toHexString(c);
 	}
 	
-	public String toHex(int c)
-	{
+	public String toHex(int c) {
 		return Integer.toHexString(c);
 	}
 
 	/**
-	 * Utility to search a char[] for a specific char.
-	 * 
-	 * @param c
-	 * @param array
-	 * @return
+	 * {@inheritDoc}
 	 */
 	public boolean containsCharacter( char c, char[] array ) {
 		for (char ch : array) {
diff --git a/src/main/java/org/owasp/esapi/codecs/AbstractIntegerCodec.java b/src/main/java/org/owasp/esapi/codecs/AbstractIntegerCodec.java
index 635f2f1e0..7c590a7c8 100644
--- a/src/main/java/org/owasp/esapi/codecs/AbstractIntegerCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/AbstractIntegerCodec.java
@@ -26,7 +26,7 @@
  * data as codePoints as opposed to a stream of {@code char}s.
  * 
  * @author Matt Seil (mseil .at. owasp.org)
- * @Created 2017 -- Adapted from Jeff Williams' original {@code Codec} class.  
+ * @since 2017 -- Adapted from Jeff Williams' original {@code Codec} class.  
  */
 public class AbstractIntegerCodec extends AbstractCodec<Integer> {
 
diff --git a/src/main/java/org/owasp/esapi/codecs/AbstractPushbackSequence.java b/src/main/java/org/owasp/esapi/codecs/AbstractPushbackSequence.java
index bf9f78a8e..7ebe0f42a 100644
--- a/src/main/java/org/owasp/esapi/codecs/AbstractPushbackSequence.java
+++ b/src/main/java/org/owasp/esapi/codecs/AbstractPushbackSequence.java
@@ -18,12 +18,11 @@
 package org.owasp.esapi.codecs;
 
 /**
- * 
- * This Abstract class provides the generic logic for using a {@code PushbackSequence}
+ * This Abstract class provides the generic logic for using a {@link PushbackSequence}
  * in regards to iterating strings.  The final Impl is intended for the user to supply
- * a type {@code T} such that the pushback interface can be utilized for sequences
- * of type {@code T}.  Presently this generic class is limited by the fact that 
- * @{code input} is a {@code String}.  
+ * a type T such that the pushback interface can be utilized for sequences
+ * of type T.  Presently this generic class is limited by the fact that 
+ * input is a String.  
  *  
  * @author Matt Seil
  *
@@ -41,26 +40,21 @@ public AbstractPushbackSequence(String input) {
 	}
 
 	/**
-	 *
-	 * @param c
+	 * {@inheritDoc}
 	 */
 	public void pushback(T c) {
 		pushback = c;
 	}
 
 	/**
-	 * Get the current index of the PushbackString. Typically used in error
-	 * messages.
-	 * 
-	 * @return The current index of the PushbackString.
+	 * {@inheritDoc}
 	 */
 	public int index() {
 		return index;
 	}
 
 	/**
-	 *
-	 * @return
+	 * {@inheritDoc}
 	 */
 	public boolean hasNext() {
 		if (pushback != null)
diff --git a/src/main/java/org/owasp/esapi/codecs/Base64.java b/src/main/java/org/owasp/esapi/codecs/Base64.java
index 150bd29ef..1af941510 100644
--- a/src/main/java/org/owasp/esapi/codecs/Base64.java
+++ b/src/main/java/org/owasp/esapi/codecs/Base64.java
@@ -134,8 +134,8 @@ public class Base64
 
      /**
       * System property name that must be set to true in order to invoke {@code Base64.decodeToObject()}.
-      * @see https://github.com/ESAPI/esapi-java-legacy/issues/354
-      * @see http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
+      * @link https://github.com/ESAPI/esapi-java-legacy/issues/354
+      * @link http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
       */
      public final static String ENABLE_UNSAFE_SERIALIZATION = "org.owasp.esapi.enableUnsafeSerialization"; // Do NOT change!
 
diff --git a/src/main/java/org/owasp/esapi/codecs/CSSCodec.java b/src/main/java/org/owasp/esapi/codecs/CSSCodec.java
index 7eb43c23e..1e27ea8a0 100644
--- a/src/main/java/org/owasp/esapi/codecs/CSSCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/CSSCodec.java
@@ -58,7 +58,8 @@ public String encodeCharacter(char[] immune, Character c) {
 	 * Returns the decoded version of the character starting at index,
 	 * or null if no decoding is possible.
 	 */
-	public Character decodeCharacter(PushbackSequence<Character> input)
+    @SuppressWarnings("fallthrough")
+    public Character decodeCharacter(PushbackSequence<Character> input)
 	{
 		input.mark();
 		Character first = input.next();
@@ -137,7 +138,7 @@ public Character decodeCharacter(PushbackSequence<Character> input)
 				// fall through
 			case '\n':  // Intentional fall through
 			case '\f':  // Intentional fall through
-				// bs follwed by new line replaced by nothing
+				// bs followed by new line replaced by nothing
 			case '\u0000':	// skip NUL for now too
 				return decodeCharacter(input);
 		}
diff --git a/src/main/java/org/owasp/esapi/codecs/Codec.java b/src/main/java/org/owasp/esapi/codecs/Codec.java
index cd0b66f03..1d6f2d09a 100644
--- a/src/main/java/org/owasp/esapi/codecs/Codec.java
+++ b/src/main/java/org/owasp/esapi/codecs/Codec.java
@@ -89,16 +89,14 @@ public interface Codec<T> {
 	/**
 	 * Lookup the hex value of any character that is not alphanumeric.
 	 * @param c The character to lookup.
-	 * @return, return null if alphanumeric or the character code
-	 * 	in hex.
+	 * @return return null if alphanumeric or the character code in hex.
 	 */
 	public String getHexForNonAlphanumeric(char c);
 	
 	/**
 	 * Lookup the hex value of any character that is not alphanumeric.
 	 * @param c The character to lookup.
-	 * @return, return null if alphanumeric or the character code
-	 * 	in hex.
+	 * @return return null if alphanumeric or the character code in hex.
 	 */
 	public String getHexForNonAlphanumeric(int c);
 
@@ -113,7 +111,7 @@ public interface Codec<T> {
 	 * 
 	 * @param c
 	 * @param array
-	 * @return
+	 * @return True if the supplied array contains the specified character. False otherwise.
 	 */
 	public boolean containsCharacter( char c, char[] array );
 
diff --git a/src/main/java/org/owasp/esapi/codecs/HashTrie.java b/src/main/java/org/owasp/esapi/codecs/HashTrie.java
index ba515d347..4c8d41910 100644
--- a/src/main/java/org/owasp/esapi/codecs/HashTrie.java
+++ b/src/main/java/org/owasp/esapi/codecs/HashTrie.java
@@ -18,10 +18,9 @@
  *
  * <b>NOTE:</b><br>
  * <ul>
- *	<li>{@link Map.remove(Object)} is not supported.</li>
+ *	<li>@see java.util.Map.remove(Object) is not supported.</li>
  *	<li>
- *		If deletion support is added the max key length will
- *		need work or removal.
+ *		If deletion support is added, the max key length will need work or removal.
  *	</li>
  *	<li>Null values are not supported.</li>
  * </ul>
@@ -42,7 +41,7 @@ private static class Entry<T> implements Map.Entry<CharSequence,T>
 		}
 
 		/**
-		 * Convinence instantiator.
+		 * Convenience instantiator.
 		 * @param key The key for the new instance
 		 * @param keyLength The length of the key to use
 		 * @param value The value for the new instance
@@ -60,7 +59,7 @@ static <T> Entry<T> newInstanceIfNeeded(CharSequence key, int keyLength, T value
 		}
 
 		/**
-		 * Convinence instantiator.
+		 * Convenience instantiator.
 		 * @param key The key for the new instance
 		 * @param value The value for the new instance
 		 * @return null if key or value is null
@@ -132,7 +131,7 @@ private static class Node<T>
 
 		/**
 		 * Create a new Map for a node level. This is here so
-		 * that if the underlying * Map implmentation needs to
+		 * that if the underlying * Map implementation needs to
 		 * be switched it is easily done.
 		 * @return A new Map for use.
 		 */
@@ -143,9 +142,9 @@ private static <T> Map<Character,Node<T>> newNodeMap()
 
 		/**
 		 * Create a new Map for a node level. This is here so
-		 * that if the underlying * Map implmentation needs to
+		 * that if the underlying * Map implementation needs to
 		 * be switched it is easily done.
-		 * @param prev Pervious map to use to populate the
+		 * @param prev Previous map to use to populate the
 		 * new map.
 		 * @return A new Map for use.
 		 */
@@ -214,8 +213,7 @@ else if((nextNode = nextMap.get(ch))==null)
 		 * @param key The key being looked up.
 		 * @param pos The position in the key that is being
 		 *	looked up at this level.
-		 * @return The value assocatied with the key or null if
-		 *	none exists.
+		 * @return The value associated with the key or null if none exists.
 		 */
 		T get(CharSequence key, int pos)
 		{
@@ -233,8 +231,7 @@ T get(CharSequence key, int pos)
 		 * @param key The key being looked up.
 		 * @param pos The position in the key that is being
 		 *	looked up at this level.
-		 * @return The Entry assocatied with the longest key
-		 *	match or null if none exists.
+		 * @return The Entry associated with the longest key match or null if none exists.
 		 */
 		Entry<T> getLongestMatch(CharSequence key, int pos)
 		{
@@ -257,7 +254,7 @@ Entry<T> getLongestMatch(CharSequence key, int pos)
 		 * @param keyIn Where to read the key from
 		 * @param pos The position in the key that is being
 		 *	looked up at this level.
-		 * @return The Entry assocatied with the longest key
+		 * @return The Entry associated with the longest key
 		 *	match or null if none exists.
 		 */
 		Entry<T> getLongestMatch(PushbackReader keyIn, StringBuilder key) throws IOException
diff --git a/src/main/java/org/owasp/esapi/codecs/LegacyHTMLEntityCodec.java b/src/main/java/org/owasp/esapi/codecs/LegacyHTMLEntityCodec.java
index 95d14ed95..31d6960f4 100644
--- a/src/main/java/org/owasp/esapi/codecs/LegacyHTMLEntityCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/LegacyHTMLEntityCodec.java
@@ -79,8 +79,6 @@ public String encodeCharacter( char[] immune, Character c ) {
 	}
 	
 	/**
-	 * {@inheritDoc}
-	 * 
 	 * Returns the decoded version of the character starting at index, or
 	 * null if no decoding is possible.
 	 * 
diff --git a/src/main/java/org/owasp/esapi/codecs/MySQLCodec.java b/src/main/java/org/owasp/esapi/codecs/MySQLCodec.java
index 93b7fbb21..bdcf26a5c 100644
--- a/src/main/java/org/owasp/esapi/codecs/MySQLCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/MySQLCodec.java
@@ -53,17 +53,15 @@
  *         <a href="http://www.aspectsecurity.com">Aspect Security</a>
  * @since June 1, 2007
  * 
- * @see <a href=
- *      "https://dev.mysql.com/doc/refman/8.0/en/string-literals.html">MySQL 8.0
- *      String Literals</a>
- * @see <a href=
- *      "https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet#MySQL_Escaping">OWASP
+ * <a href= "https://dev.mysql.com/doc/refman/8.0/en/string-literals.html">MySQL 8.0 String Literals</a>
+ * <a href= "https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet#MySQL_Escaping">OWASP
  *      SQL_Injection_Prevention_Cheat_Sheet#MySQL_Escaping</a>
  */
 public class MySQLCodec extends AbstractCharacterCodec {
     /**
      * Specifies the SQL Mode the target MySQL Server is running with. For details about MySQL Server Modes
-     * please see the Manual at {@link http://dev.mysql.com/doc/refman/5.0/en/server-sql-mode.html#sqlmode_ansi}
+     * please see the Manual at
+     * @link http://dev.mysql.com/doc/refman/5.0/en/server-sql-mode.html#sqlmode_ansi
      *
      * Currently the only supported modes are:
      * ANSI
@@ -87,6 +85,7 @@ static Mode findByKey(int key) {
 
     /** Target MySQL Server is running in Standard MySQL (Default) mode. */
     public static final int MYSQL_MODE = 0;
+    
     /**
      * Target MySQL Server is running in ANSI_QUOTES Mode
      * 
@@ -123,10 +122,6 @@ public MySQLCodec( Mode mode ) {
 
 	/**
 	 * {@inheritDoc}
-	 * 
-	 * Returns quote-encoded character
-     *
-     * @param immune
      */
 	public String encodeCharacter( char[] immune, Character c ) {
 		char ch = c.charValue();
diff --git a/src/main/java/org/owasp/esapi/codecs/PushBackSequenceImpl.java b/src/main/java/org/owasp/esapi/codecs/PushBackSequenceImpl.java
index c10f4de22..adfa9e898 100644
--- a/src/main/java/org/owasp/esapi/codecs/PushBackSequenceImpl.java
+++ b/src/main/java/org/owasp/esapi/codecs/PushBackSequenceImpl.java
@@ -21,7 +21,7 @@ public PushBackSequenceImpl( String input ) {
 	
     /**
      *
-     * @return
+     * @return The next value in this Sequence, as an Integer.
      */
     public Integer next() {
 		if ( pushback != null ) {
@@ -39,7 +39,7 @@ public Integer next() {
 	
     /**
     *
-    * @return
+    * @return The next value in this Sequence, as an Integer if it is a hex digit. Null otherwise.
     */
    public Integer nextHex() {
 		Integer c = next();
@@ -50,7 +50,7 @@ public Integer nextHex() {
 
    /**
    *
-   * @return
+   * @return The next value in this Sequence, as an Integer if it is an octal digit. Null otherwise.
    */
   public Integer nextOctal() {
 		Integer c = next();
@@ -62,7 +62,7 @@ public Integer nextOctal() {
 	  /**
 	  * Returns true if the parameter character is a hexidecimal digit 0 through 9, a through f, or A through F.
 	  * @param c
-	  * @return
+	  * @return true if it is a hexidecimal digit, false otherwise.
 	  */
 	 public static boolean isHexDigit( Integer c ) {
 		if ( c == null ) return false;
@@ -73,7 +73,7 @@ public static boolean isHexDigit( Integer c ) {
 	 /**
 	 * Returns true if the parameter character is an octal digit 0 through 7.
 	 * @param c
-	 * @return
+	 * @return true if it is an octal digit, false otherwise.
 	 */
 	public static boolean isOctalDigit( Integer c ) {
 		if ( c == null ) return false;
@@ -83,7 +83,7 @@ public static boolean isOctalDigit( Integer c ) {
 
     /**
      * Return the next codePoint without affecting the current index.
-     * @return
+     * @return the next codePoint
      */
     public Integer peek() {
 		if ( pushback != null ) return pushback;
@@ -96,7 +96,7 @@ public Integer peek() {
     /**
      * Test to see if the next codePoint is a particular value without affecting the current index.
      * @param c
-     * @return
+     * @return if the next value is equal to the supplied value.
      */
     public boolean peek( Integer c ) {
 		if ( pushback != null && pushback.intValue() == c ) return true;
@@ -107,7 +107,7 @@ public boolean peek( Integer c ) {
 	}	
 	
     /**
-     *
+     * {@inheritDoc}
      */
     public void mark() {
 		temp = pushback;
@@ -115,7 +115,7 @@ public void mark() {
 	}
 
     /**
-     *
+     * {@inheritDoc}
      */
     public void reset() {
 		pushback = temp;
@@ -123,8 +123,7 @@ public void reset() {
 	}
 	
     /**
-     *
-     * @return
+     * {@inheritDoc}
      */
     public String remainder() {
 		String output = input.substring( index );
diff --git a/src/main/java/org/owasp/esapi/codecs/PushbackSequence.java b/src/main/java/org/owasp/esapi/codecs/PushbackSequence.java
index bcdbff635..e3aab4d07 100644
--- a/src/main/java/org/owasp/esapi/codecs/PushbackSequence.java
+++ b/src/main/java/org/owasp/esapi/codecs/PushbackSequence.java
@@ -31,49 +31,50 @@ public interface PushbackSequence<T> {
 	int index();
 
 	/**
+	 * Determine if this sequence has another element.
 	 *
-	 * @return
+	 * @return True if there is another element in this sequence. False otherwise.
 	 */
 	boolean hasNext();
 
 	/**
-	 *
-	 * @return
+	 * Return the next element in the Sequence and increment the current index.
+	 * @return The next element in the Sequence.
 	 */
 	T next();
 
 	/**
-	    *
-	    * @return
-	    */
+	 * Return the next element in the Sequence in Hex format and increment the current index.
+	 * @return The next element in the Sequence in Hex format (if that makes sense for this Sequence's type).
+     */
 	T nextHex();
 
 	/**
-	   *
-	   * @return
-	   */
+	 * Return the next element in the Sequence in Octal format and increment the current index.
+	 * @return The next element in the Sequence in Octal format (if that makes sense for this Sequence's type).
+	 */
 	T nextOctal();
 
 	/**
-	 * Return the next character without affecting the current index.
-	 * @return
+	 * Return the next element in the Sequence without affecting the current index.
+	 * @return the next element in the Sequence.
 	 */
 	T peek();
 
 	/**
-	 * Test to see if the next character is a particular value without affecting the current index.
-	 * @param c
-	 * @return
+	 * Test to see if the next element in the Sequence matches the supplied value without affecting the current index.
+	 * @param c The value to match against.
+	 * @return True if the next element matches the supplied value. False otherwise.
 	 */
 	boolean peek(T c);
 
 	/**
-	 *
+	 * Mark the location of the current index.
 	 */
 	void mark();
 
 	/**
-	 *
+	 * Set the index back to the last marked location.
 	 */
 	void reset();
 
@@ -81,7 +82,7 @@ public interface PushbackSequence<T> {
 	 * Not at all sure what this method is intended to do.  There 
 	 * is a line in HTMLEntityCodec that said calling this method 
 	 * is a "kludge around PushbackString..."
-	 * @return
+	 * @return Return the remaining portion of the sequence, with any pushback appended to the front (if any).
 	 */
 	String remainder();
 
diff --git a/src/main/java/org/owasp/esapi/codecs/PushbackString.java b/src/main/java/org/owasp/esapi/codecs/PushbackString.java
index 103993c05..fb133b54c 100644
--- a/src/main/java/org/owasp/esapi/codecs/PushbackString.java
+++ b/src/main/java/org/owasp/esapi/codecs/PushbackString.java
@@ -30,9 +30,9 @@
  * @see org.owasp.esapi.Encoder
  */
 public class PushbackString extends AbstractPushbackSequence<Character> {
+
 	/**
-	 *
-	 * @param input
+     * @param input Construct a PushbackString with the specified String.
 	 */
 	public PushbackString(String input) {
 		super(input);
@@ -128,7 +128,7 @@ public Character nextOctal() {
 	 * 9, a through f, or A through F.
 	 * 
 	 * @param c
-	 * @return
+	  * @return true if it is a hexidecimal digit, false otherwise.
 	 */
 	public static boolean isHexDigit(Character c) {
 		if (c == null){
@@ -142,7 +142,7 @@ public static boolean isHexDigit(Character c) {
 	 * Returns true if the parameter character is an octal digit 0 through 7.
 	 * 
 	 * @param c
-	 * @return
+	  * @return true if it is an octal digit, false otherwise.
 	 */
 	public static boolean isOctalDigit(Character c) {
 		if (c == null){
@@ -194,20 +194,16 @@ public boolean peek(Character c) {
 		return input.charAt(index) == c;
 	}
 
-	/*
-	 * (non-Javadoc)
-	 * 
-	 * @see org.owasp.esapi.codecs.PushbackSequence#mark()
+	/**
+	 * {@inheritDoc}
 	 */
 	public void mark() {
 		temp = pushback;
 		mark = index;
 	}
 
-	/*
-	 * (non-Javadoc)
-	 * 
-	 * @see org.owasp.esapi.codecs.PushbackSequence#reset()
+	/**
+	 * {@inheritDoc}
 	 */
 	public void reset() {
 		pushback = temp;
@@ -215,8 +211,7 @@ public void reset() {
 	}
 
 	/**
-	 *
-	 * @return
+	 * {@inheritDoc}
 	 */
 	public String remainder() {
 		String output = input.substring(index);
diff --git a/src/main/java/org/owasp/esapi/crypto/CipherText.java b/src/main/java/org/owasp/esapi/crypto/CipherText.java
index 739c9e48f..19e4a66a8 100644
--- a/src/main/java/org/owasp/esapi/crypto/CipherText.java
+++ b/src/main/java/org/owasp/esapi/crypto/CipherText.java
@@ -760,7 +760,8 @@ public String toString() {
      * though; this will just allow it to work in the future should we
      * decide to allow * sub-classing of this class.)
      * </p><p>
-     * See {@link http://www.artima.com/lejava/articles/equality.html}
+     * See
+     * @link http://www.artima.com/lejava/articles/equality.html
      * for full explanation.
      * </p>
      */
diff --git a/src/main/java/org/owasp/esapi/filters/ClickjackFilter.java b/src/main/java/org/owasp/esapi/filters/ClickjackFilter.java
index 8f1038691..c57b836b5 100644
--- a/src/main/java/org/owasp/esapi/filters/ClickjackFilter.java
+++ b/src/main/java/org/owasp/esapi/filters/ClickjackFilter.java
@@ -27,7 +27,7 @@
 
 /**
  * The {@code ClickjackFilter} is discussed at
- * {@link http://www.owasp.org/index.php/ClickjackFilter_for_Java_EE}.
+ * @link http://www.owasp.org/index.php/ClickjackFilter_for_Java_EE
  * <pre>
  *     <filter>
  *            <filter-name>ClickjackFilterDeny</filter-name>
@@ -83,7 +83,7 @@ public void init(FilterConfig filterConfig) {
 	 * Add X-FRAME-OPTIONS response header to tell IE8 (and any other browsers who
 	 * decide to implement) not to display this content in a frame. For details, please
 	 * refer to
-	 * {@link http://blogs.msdn.com/sdl/archive/2009/02/05/clickjacking-defense-in-ie8.aspx}.
+	 * @link http://blogs.msdn.com/sdl/archive/2009/02/05/clickjacking-defense-in-ie8.aspx
 	 * 
 	 * @param request The request object.
 	 * @param response The response object.
diff --git a/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java b/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java
index c1de913c4..19b25c666 100644
--- a/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java
+++ b/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java
@@ -44,7 +44,7 @@ public class SecurityWrapperResponse extends HttpServletResponseWrapper implemen
 
     /**
      * Construct a safe response that overrides the default response methods
-     * with safer versions. 
+     * with safer versions. Default is 'log' mode.
      * 
      * @param response
      */
@@ -53,9 +53,11 @@ public SecurityWrapperResponse(HttpServletResponse response) {
     }
 
     /**
-     *
+     * Construct a safe response that overrides the default response methods
+     * with safer versions. 
+     * 
      * @param response
-     * @param mode
+     * @param mode The mode for this wrapper. Legal modes are "log", "skip", "sanitize", "throw".
      */
     public SecurityWrapperResponse(HttpServletResponse response, String mode) {
     	super( response );
@@ -203,7 +205,7 @@ public void addIntHeader(String name, int value) {
     /**
      * Same as HttpServletResponse, no security changes required.
      * @param name
-     * @return
+     * @return True if the current response already contains a header of the supplied name.
      */
     public boolean containsHeader(String name) {
         return getHttpServletResponse().containsHeader(name);
@@ -281,7 +283,7 @@ public void flushBuffer() throws IOException {
 
     /**
      * Same as HttpServletResponse, no security changes required.
-     * @return
+     * @return The buffer size of the current HTTP response.
      */
     public int getBufferSize() {
         return getHttpServletResponse().getBufferSize();
@@ -289,7 +291,7 @@ public int getBufferSize() {
 
     /**
      * Same as HttpServletResponse, no security changes required.
-     * @return
+     * @return The character encoding of the current HTTP response.
      */
     public String getCharacterEncoding() {
         return getHttpServletResponse().getCharacterEncoding();
@@ -297,7 +299,7 @@ public String getCharacterEncoding() {
 
     /**
      * Same as HttpServletResponse, no security changes required.
-     * @return
+     * @return The content type of the current HTTP response.
      */
     public String getContentType() {
         return getHttpServletResponse().getContentType();
@@ -305,7 +307,7 @@ public String getContentType() {
 
     /**
      * Same as HttpServletResponse, no security changes required.
-     * @return
+     * @return The Locale of the current HTTP response.
      */
     public Locale getLocale() {
         return getHttpServletResponse().getLocale();
@@ -313,7 +315,7 @@ public Locale getLocale() {
 
     /**
      * Same as HttpServletResponse, no security changes required.
-     * @return 
+     * @return The ServletOutputStream of the current HTTP response.
      * @throws IOException
      */
     public ServletOutputStream getOutputStream() throws IOException {
@@ -322,7 +324,7 @@ public ServletOutputStream getOutputStream() throws IOException {
 
     /**
      * Same as HttpServletResponse, no security changes required.
-     * @return 
+     * @return The PrintWriter of the current HTTP response.
      * @throws IOException
      */
     public PrintWriter getWriter() throws IOException {
@@ -331,7 +333,7 @@ public PrintWriter getWriter() throws IOException {
 
     /**
      * Same as HttpServletResponse, no security changes required.
-     * @return
+     * @return The isCommitted() status of the current HTTP response.
      */
     public boolean isCommitted() {
         return getHttpServletResponse().isCommitted();
@@ -360,12 +362,11 @@ public void resetBuffer() {
      */
     public void sendError(int sc) throws IOException {
     	SecurityConfiguration config = ESAPI.securityConfiguration();
-    	if(config.getBooleanProp("HttpUtilities.OverwriteStatusCodes")){
+    	if (config.getBooleanProp("HttpUtilities.OverwriteStatusCodes")) {
     		getHttpServletResponse().sendError(HttpServletResponse.SC_OK, getHTTPMessage(sc));
-    	}else{
+    	} else {
     		getHttpServletResponse().sendError(sc, getHTTPMessage(sc));
     	}
-        
     }
 
     /**
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultEncoder.java b/src/main/java/org/owasp/esapi/reference/DefaultEncoder.java
index 2f4c436ef..5ecd5c0d1 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultEncoder.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultEncoder.java
@@ -567,8 +567,8 @@ public String getCanonicalizedURI(URI dirtyUri) throws IntrusionException{
 	/**
 	 * All the parts should be canonicalized by this point.  This is straightforward assembly.  
 	 * 
-	 * @param set
-	 * @return
+	 * @param parseMap The parts of the URL to put back together.
+	 * @return The canonicalized URL.
 	 */
 	protected String buildUrl(Map<UriSegment, String> parseMap){
 		StringBuilder sb = new StringBuilder();
@@ -595,7 +595,7 @@ public enum UriSegment {
 	 * The meat of this method was taken from StackOverflow:  http://stackoverflow.com/a/13592567/557153
 	 * It has been modified to return a canonicalized key and value pairing.  
 	 * 
-	 * @param java URI
+	 * @param uri The URI to analyze.
 	 * @return a map of canonicalized query parameters.  
 	 * @throws UnsupportedEncodingException
 	 */
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
index b9c0ebd76..691bce1a3 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
@@ -158,7 +158,6 @@ public static SecurityConfiguration getInstance() {
      * disable logging from {@code DefaultSecurityConfiguration.logToStdout()}
      * methods, which is called from various {@code logSpecial()} methods.
      * @see org.owasp.esapi.reference.DefaultSecurityConfiguration#logToStdout(String msg, Throwable t)
-     * @see org.owasp.esapi.reference.DefaultSecurityConfiguration#logToStdout(String msg)
      */
     public static final String DISCARD_LOGSPECIAL = "org.owasp.esapi.logSpecial.discard";
 
@@ -715,7 +714,6 @@ private Properties loadConfigurationFromClasspath(String fileName) throws Illega
      * @param msg   Message to be logged.
      * @param t     Associated exception that was caught. The class name and
      *              exception message is also logged.
-     * @see #logToStdout(String msg)
      */
     public final synchronized static void logToStdout(String msg, Throwable t) {
      // Note that this class was made final because it is called from this class'
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultUser.java b/src/main/java/org/owasp/esapi/reference/DefaultUser.java
index 0ff656a2b..a0553cec3 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultUser.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultUser.java
@@ -249,8 +249,6 @@ public Date getLastPasswordChangeTime() {
 
 	/**
 	 * {@inheritDoc}
-     *
-     * @return
      */
 	public String getName() {
 		return this.getAccountName();
@@ -286,8 +284,6 @@ public void removeSession( HttpSession s ) {
     
 	/**
 	 * {@inheritDoc}
-     *
-     * @return
      */
 	public Set getSessions() {
 	    return sessions;
@@ -562,8 +558,6 @@ public void setScreenName(String screenName) {
 
 	/**
 	 * {@inheritDoc}
-     *
-     * @return
      */
 	public String toString() {
 		return "USER:" + accountName;
@@ -587,7 +581,7 @@ public boolean verifyPassword(String password) {
     
     /**
      * Override clone and make final to prevent duplicate user objects.
-     * @return 
+     * @return Nothing, as clone() is not supported for this class. A CloneNotSupportedException is always thrown for this class.
      * @throws java.lang.CloneNotSupportedException
      */
     public final Object clone() throws java.lang.CloneNotSupportedException {
diff --git a/src/main/java/org/owasp/esapi/reference/IntegerAccessReferenceMap.java b/src/main/java/org/owasp/esapi/reference/IntegerAccessReferenceMap.java
index 1dea6edc0..6f01e1fc1 100644
--- a/src/main/java/org/owasp/esapi/reference/IntegerAccessReferenceMap.java
+++ b/src/main/java/org/owasp/esapi/reference/IntegerAccessReferenceMap.java
@@ -66,11 +66,11 @@ public IntegerAccessReferenceMap(Set<Object> directReferences, int initialSize)
 	}
 
 	/**
-	 * TODO Javadoc
+     * {@inheritDoc}
 	 * Note: this is final as redefinition by subclasses
 	 * can lead to use before initialization issues as
-	 * {@link #RandomAccessReferenceMap(Set)} and
-	 * {@link #RandomAccessReferenceMap(Set,int)} both call it
+	 * {@link #IntegerAccessReferenceMap(Set)} and
+	 * {@link #IntegerAccessReferenceMap(Set,int)} both call it
 	 * internally.
 	 */
 	protected final synchronized String getUniqueReference() {
diff --git a/src/main/java/org/owasp/esapi/reference/accesscontrol/DelegatingACR.java b/src/main/java/org/owasp/esapi/reference/accesscontrol/DelegatingACR.java
index 8c7698908..07af135d7 100644
--- a/src/main/java/org/owasp/esapi/reference/accesscontrol/DelegatingACR.java
+++ b/src/main/java/org/owasp/esapi/reference/accesscontrol/DelegatingACR.java
@@ -59,10 +59,10 @@ public void setPolicyParameters(DynaBeanACRParameter policyParameter) {
 	/**
 	 * Convert an array of fully qualified class names into an array of Class objects
 	 * @param parameterClassNames
-	 * @return
+	 * @return The Class objects found that match the specified class names provided.
 	 */
 	protected final Class[] getParameters(String[] parameterClassNames) {
-		if(parameterClassNames == null) {
+		if (parameterClassNames == null) {
 			return new Class[0];
 		}
 		Vector<Class> classes = new Vector<Class>();
@@ -76,7 +76,7 @@ protected final Class[] getParameters(String[] parameterClassNames) {
 	 * Convert a single fully qualified class name into a Class object
 	 * @param className
 	 * @param purpose
-	 * @return
+	 * @return The Class matching the specified name, if it exists.
 	 */
 	protected final Class getClass(String className, String purpose) {
 		try {
diff --git a/src/main/java/org/owasp/esapi/reference/accesscontrol/DynaBeanACRParameter.java b/src/main/java/org/owasp/esapi/reference/accesscontrol/DynaBeanACRParameter.java
index 84e6aec1e..c116f1e67 100644
--- a/src/main/java/org/owasp/esapi/reference/accesscontrol/DynaBeanACRParameter.java
+++ b/src/main/java/org/owasp/esapi/reference/accesscontrol/DynaBeanACRParameter.java
@@ -30,7 +30,7 @@ public Object get(String key) {
 	/**
 	 * Convenience method to avoid common casts.
 	 * @param key
-	 * @return
+	 * @return The true/false value of the specified key. False if not found.
 	 */
 	public boolean getBoolean(String key) {
 		return ((Boolean)get(key)).booleanValue();
@@ -38,7 +38,7 @@ public boolean getBoolean(String key) {
 	/**
 	 * Convenience method to avoid common casts.
 	 * @param key
-	 * @return
+	 * @return The byte value of the specified key.
 	 */
 	public byte getByte(String key) {
 		return ((Byte)get(key)).byteValue();
@@ -46,7 +46,7 @@ public byte getByte(String key) {
 	/**
 	 * Convenience method to avoid common casts.
 	 * @param key
-	 * @return
+	 * @return The char value of the specified key.
 	 */
 	public char getChar(String key) {
 		return ((Character)get(key)).charValue();
@@ -54,7 +54,7 @@ public char getChar(String key) {
 	/**
 	 * Convenience method to avoid common casts.
 	 * @param key
-	 * @return
+	 * @return The int value of the specified key.
 	 */
 	public int getInt(String key) {
 		return ((Integer)get(key)).intValue();
@@ -62,7 +62,7 @@ public int getInt(String key) {
 	/**
 	 * Convenience method to avoid common casts.
 	 * @param key
-	 * @return
+	 * @return The long value of the specified key.
 	 */
 	public long getLong(String key) {
 		return ((Long)get(key)).longValue();
@@ -70,7 +70,7 @@ public long getLong(String key) {
 	/**
 	 * Convenience method to avoid common casts.
 	 * @param key
-	 * @return
+	 * @return The float value of the specified key.
 	 */
 	public float getFloat(String key) {
 		return ((Float)get(key)).floatValue();
@@ -78,7 +78,7 @@ public float getFloat(String key) {
 	/**
 	 * Convenience method to avoid common casts.
 	 * @param key
-	 * @return
+	 * @return The double value of the specified key.
 	 */
 	public double getDouble(String key) {
 		return ((Double)get(key)).doubleValue();
@@ -86,7 +86,7 @@ public double getDouble(String key) {
 	/**
 	 * Convenience method to avoid common casts.
 	 * @param key
-	 * @return
+	 * @return The BigDecimal value of the specified key.
 	 */
 	public BigDecimal getBigDecimal(String key) {
 		return (BigDecimal)get(key);
@@ -94,7 +94,7 @@ public BigDecimal getBigDecimal(String key) {
 	/**
 	 * Convenience method to avoid common casts.
 	 * @param key
-	 * @return
+	 * @return The BigInteger value of the specified key.
 	 */
 	public BigInteger getBigInteger(String key) {
 		return (BigInteger)get(key);
@@ -102,7 +102,7 @@ public BigInteger getBigInteger(String key) {
 	/**
 	 * Convenience method to avoid common casts.
 	 * @param key
-	 * @return
+	 * @return The Date value of the specified key.
 	 */
 	public Date getDate(String key) {
 		return (Date)get(key);
@@ -112,7 +112,7 @@ public Date getDate(String key) {
 	 * Convenience method to avoid common casts. Note that the time object
 	 * is the same as a date object
 	 * @param key
-	 * @return
+	 * @return The Date value of the specified key.
 	 */
 	public Date getTime(String key) {
 		return (Date)get(key);
@@ -121,16 +121,26 @@ public Date getTime(String key) {
 	/**
 	 * Convenience method to avoid common casts.
 	 * @param key
-	 * @return
+	 * @return The String value of the specified key. null if the key is not defined.
 	 */
 	public String getString(String key) {
 		return (String)get(key);
 	}
 	
+	/**
+	 * Convenience method to avoid common casts.
+	 * @param key
+	 * @return The String value of the specified key. If the key is not defined, the default value is returned instead.
+	 */
 	public String getString(String key, String defaultValue) {
 		return (String)get(key) == null ? defaultValue : (String)get(key);
 	}
 	
+	/**
+	 * Convenience method to avoid common casts.
+	 * @param key
+	 * @return The String[] value of the specified key.
+	 */
 	public String[] getStringArray(String key) {
 		return (String[])get(key);
 	}
@@ -138,7 +148,7 @@ public String[] getStringArray(String key) {
 	/**
 	 * Convenience method to avoid common casts.
 	 * @param key
-	 * @return
+	 * @return The value of the specified key, returned generically as an Object. 
 	 */
 	public Object getObject(String key) {
 		return get(key);
diff --git a/src/main/java/org/owasp/esapi/reference/accesscontrol/ExperimentalAccessController.java b/src/main/java/org/owasp/esapi/reference/accesscontrol/ExperimentalAccessController.java
index 6b2357327..34936c72c 100644
--- a/src/main/java/org/owasp/esapi/reference/accesscontrol/ExperimentalAccessController.java
+++ b/src/main/java/org/owasp/esapi/reference/accesscontrol/ExperimentalAccessController.java
@@ -79,7 +79,7 @@ public void assertAuthorized(Object key, Object runtimeParameter)
 	 * @param action
 	 * @param data
 	 * @throws AccessControlException
-	 * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#assertAuthorizedForData(java.lang.String, java.lang.Object)
+	 * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#isAuthorizedForData(java.lang.String, java.lang.Object)
 	 * @deprecated
 	 */
     @Deprecated
@@ -91,7 +91,7 @@ public void assertAuthorizedForData(String action, Object data)
 	/**
 	 * @param filepath
 	 * @throws AccessControlException
-	 * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#assertAuthorizedForFile(java.lang.String)
+	 * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#isAuthorizedForFile(java.lang.String)
 	 * @deprecated
 	 */
     @Deprecated
@@ -103,7 +103,7 @@ public void assertAuthorizedForFile(String filepath)
 	/**
 	 * @param functionName
 	 * @throws AccessControlException
-	 * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#assertAuthorizedForFunction(java.lang.String)
+	 * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#isAuthorizedForFunction(java.lang.String)
 	 * @deprecated
 	 */
     @Deprecated
@@ -115,7 +115,7 @@ public void assertAuthorizedForFunction(String functionName)
 	/**
 	 * @param serviceName
 	 * @throws AccessControlException
-	 * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#assertAuthorizedForService(java.lang.String)
+	 * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#isAuthorizedForService(java.lang.String)
 	 * @deprecated
 	 */
     @Deprecated
@@ -127,7 +127,7 @@ public void assertAuthorizedForService(String serviceName)
 	/**
 	 * @param url
 	 * @throws AccessControlException
-	 * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#assertAuthorizedForURL(java.lang.String)
+	 * @see org.owasp.esapi.reference.accesscontrol.FileBasedACRs#isAuthorizedForURL(java.lang.String)
 	 * @deprecated
 	 */
     @Deprecated
diff --git a/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/PolicyParameters.java b/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/PolicyParameters.java
index 86077549d..9b0d5d48e 100644
--- a/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/PolicyParameters.java
+++ b/src/main/java/org/owasp/esapi/reference/accesscontrol/policyloader/PolicyParameters.java
@@ -5,7 +5,7 @@ public interface PolicyParameters {
 	/**
 	 * Follows the contract for java.util.Map;
 	 * @param key
-	 * @return
+	 * @return The Object referred to by this key, if it exists.
 	 * @see java.util.Map
 	 */
 	public abstract Object get(String key);
@@ -25,7 +25,7 @@ public abstract void set(String key, Object value)
 	 * This is a convenience method for developers that prefer to think of this
 	 * as a map instead of being bean-like. 
 	 * 
-	 * @see set(String, Object)
+	 * @see #set(String, Object)
 	 */
 	public abstract void put(String key, Object value)
 			throws IllegalArgumentException;
diff --git a/src/main/java/org/owasp/esapi/reference/validation/DateValidationRule.java b/src/main/java/org/owasp/esapi/reference/validation/DateValidationRule.java
index d7cfe15d6..dd600d84e 100644
--- a/src/main/java/org/owasp/esapi/reference/validation/DateValidationRule.java
+++ b/src/main/java/org/owasp/esapi/reference/validation/DateValidationRule.java
@@ -66,8 +66,6 @@ public Date getValid( String context, String input ) throws ValidationException
 
     /**
      * {@inheritDoc}
-     * 
-     * Calls sanitize(String, String, DateFormat) with DateFormat.getInstance()
      */
 	@Override
 	public Date sanitize( String context, String input )  {
@@ -75,7 +73,10 @@ public Date sanitize( String context, String input )  {
 	}
 	
 	/**
-     * {@inheritDoc}
+     * Same as sanitize(String, String) except it returns any ValidationException generated in the provided errorList.
+     * 
+     *   @param errorList The error list to add any ValidationException to.
+     *   @return The valid sanitized Date, or Date(0) if the supplied input was not a valid date.
      */
     public Date sanitize( String context, String input, ValidationErrorList errorList )  {
         Date date = new Date(0);
diff --git a/src/test/java/org/owasp/esapi/http/MockHttpServletRequest.java b/src/test/java/org/owasp/esapi/http/MockHttpServletRequest.java
index c89a498ba..92fd73fe7 100644
--- a/src/test/java/org/owasp/esapi/http/MockHttpServletRequest.java
+++ b/src/test/java/org/owasp/esapi/http/MockHttpServletRequest.java
@@ -65,7 +65,7 @@ public class MockHttpServletRequest implements HttpServletRequest
 	private MockHttpSession session = null;
 
 	/** The cookies. */
-	private ArrayList cookies = new ArrayList();
+	private ArrayList<Cookie> cookies = new ArrayList<Cookie>();
 
 	/** The parameters. */
 	private Map<String,String[]> parameters = new HashMap<String,String[]>();
@@ -83,25 +83,15 @@ public class MockHttpServletRequest implements HttpServletRequest
 
 	private String uri = "/test";
 
-	private String url = "https://www.example.com" + uri;
-
 	private String queryString = "pid=1&qid=test";
 
 	private String method = "POST";
 
 	private Map<String,Object> attrs = new HashMap<String,Object>();
 
-	/**
-	 *
-	 */
 	public MockHttpServletRequest() {
 	}
 
-	/**
-	 *
-	 * @param uri
-	 * @param body
-	 */
 	public MockHttpServletRequest(String uri, byte[] body) {
 		this.body = body;
 		this.uri = uri;
@@ -113,18 +103,10 @@ public MockHttpServletRequest( URL url ) {
 		uri = url.getPath();
 	}
 
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
 	public String getAuthType() {
 		return null;
 	}
 
-	/**
-	 * {@inheritDoc}
-	 * @return
-	 */
 	public String getContextPath() {
 		return null;
 	}
@@ -192,15 +174,10 @@ public void setHeader(String name, String value)
 	 * 
 	 * @param list the new cookies
 	 */
-	public void setCookies(ArrayList list) {
+	public void setCookies(ArrayList<Cookie> list) {
 		cookies = list;
 	}
 
-	/**
-	 *
-	 * @param name
-	 * @param value
-	 */
 	public void setCookie(String name, String value ) {
 		Cookie c = new Cookie( name, value );
 		cookies.add( c );
@@ -210,27 +187,20 @@ public boolean clearCookie(String name) {
 		return cookies.remove(name);
 	}
 
-	/**
-	 * @return 
-	 *
-	 */
 	public void clearCookies() {
 		cookies.clear();
 	}
 
 	/**
 	 * {@inheritDoc}
-	 * @return
 	 */
 	public Cookie[] getCookies() {
 		if ( cookies.isEmpty() ) return null;
-		return (Cookie[]) cookies.toArray(new Cookie[0]);
+		return cookies.toArray(new Cookie[0]);
 	}
 
 	/**
 	 * {@inheritDoc}
-	 * @param name 
-	 * @return
 	 */
 	public long getDateHeader(String name) {
 		try {
@@ -244,7 +214,7 @@ public long getDateHeader(String name) {
 	/**
 	 * {@inheritDoc}
 	 * @param name 
-	 * @return
+	 * @return The requested header value.
 	 */
 	public String getHeader(String name) {
 		List<String> values;
@@ -260,26 +230,22 @@ public String getHeader(String name) {
 	 * {@inheritDoc}
 	 * @return Enumeration of header names as strings
 	 */
-	public Enumeration getHeaderNames()
+	public Enumeration<String> getHeaderNames()
 	{
 		return Collections.enumeration(headers.keySet());
 	}
 
 	/**
 	 * {@inheritDoc}
-	 * @param name
-	 * @return
 	 */
-	public Enumeration getHeaders(String name) {
-		Vector v = new Vector();
+	public Enumeration<String> getHeaders(String name) {
+		Vector<String> v = new Vector<String>();
 		v.add( getHeader( name ) );
 		return v.elements();
 	}
 
 	/**
 	 * {@inheritDoc}
-	 * @param name 
-	 * @return
 	 */
 	public int getIntHeader(String name) {
 
@@ -288,23 +254,17 @@ public int getIntHeader(String name) {
 
 	/**
 	 * {@inheritDoc}
-	 * @return
 	 */
 	public String getMethod() {
 		return method;
 	}
 
-	/**
-	 *
-	 * @param value
-	 */
 	public void setMethod( String value ) {
 		method = value;
 	}
 
 	/**
 	 * {@inheritDoc}
-	 * @return
 	 */
 	public String getPathInfo() {
 
@@ -313,7 +273,6 @@ public String getPathInfo() {
 
 	/**
 	 * {@inheritDoc}
-	 * @return
 	 */
 	public String getPathTranslated() {
 
@@ -322,7 +281,6 @@ public String getPathTranslated() {
 
 	/**
 	 * {@inheritDoc}
-	 * @return
 	 */
 	public String getQueryString() {
 		return queryString;
@@ -339,7 +297,6 @@ public void setQueryString(String str)
 
 	/**
 	 * {@inheritDoc}
-	 * @return
 	 */
 	public String getRemoteUser() {
 
@@ -348,7 +305,6 @@ public String getRemoteUser() {
 
 	/**
 	 * {@inheritDoc}
-	 * @return
 	 */
 	public String getRequestURI() {
 		return uri;
@@ -356,7 +312,6 @@ public String getRequestURI() {
 
 	/**
 	 * {@inheritDoc}
-	 * @return
 	 */
 	public StringBuffer getRequestURL() {
 		return new StringBuffer( getScheme() + "://" + this.getServerName() + getRequestURI() + "?" + getQueryString() );
@@ -364,7 +319,6 @@ public StringBuffer getRequestURL() {
 
 	/**
 	 * {@inheritDoc}
-	 * @return
 	 */
 	public String getRequestedSessionId() {
 
@@ -373,7 +327,6 @@ public String getRequestedSessionId() {
 
 	/**
 	 * {@inheritDoc}
-	 * @return
 	 */
 	public String getServletPath() {
 
@@ -382,7 +335,6 @@ public String getServletPath() {
 
 	/**
 	 * {@inheritDoc}
-	 * @return
 	 */
 	public HttpSession getSession() {
 		if (session != null) {
@@ -393,8 +345,6 @@ public HttpSession getSession() {
 
 	/**
 	 * {@inheritDoc}
-	 * @param create 
-	 * @return
 	 */
 	public HttpSession getSession(boolean create) {
 		if (session == null && create) {
@@ -407,7 +357,6 @@ public HttpSession getSession(boolean create) {
 
 	/**
 	 * {@inheritDoc}
-	 * @return
 	 */
 	public Principal getUserPrincipal() {
 
@@ -416,7 +365,6 @@ public Principal getUserPrincipal() {
 
 	/**
 	 * {@inheritDoc}
-	 * @return
 	 */
 	public boolean isRequestedSessionIdFromCookie() {
 
@@ -425,7 +373,6 @@ public boolean isRequestedSessionIdFromCookie() {
 
 	/**
 	 * {@inheritDoc}
-	 * @return
 	 */
 	public boolean isRequestedSessionIdFromURL() {
 
@@ -434,7 +381,6 @@ public boolean isRequestedSessionIdFromURL() {
 
 	/**
 	 * {@inheritDoc}
-	 * @return
 	 * @deprecated
 	 */
 	@Deprecated
@@ -445,7 +391,6 @@ public boolean isRequestedSessionIdFromUrl() {
 
 	/**
 	 * {@inheritDoc}
-	 * @return
 	 */
 	public boolean isRequestedSessionIdValid() {
 
@@ -454,8 +399,6 @@ public boolean isRequestedSessionIdValid() {
 
 	/**
 	 * {@inheritDoc}
-	 * @param role 
-	 * @return
 	 */
 	public boolean isUserInRole(String role) {
 
@@ -464,8 +407,6 @@ public boolean isUserInRole(String role) {
 
 	/**
 	 * {@inheritDoc}
-	 * @param name
-	 * @return
 	 */
 	public Object getAttribute(String name) {
 		return attrs.get(name);
@@ -473,15 +414,13 @@ public Object getAttribute(String name) {
 
 	/**
 	 * {@inheritDoc}
-	 * @return
 	 */
-	public Enumeration getAttributeNames() {
+	public Enumeration<String> getAttributeNames() {
 		return Collections.enumeration(attrs.keySet());
 	}
 
 	/**
 	 * {@inheritDoc}
-	 * @return
 	 */
 	public String getCharacterEncoding() {
 
@@ -490,7 +429,6 @@ public String getCharacterEncoding() {
 
 	/**
 	 * {@inheritDoc}
-	 * @return
 	 */
 	public int getContentLength() {
 		return body.length;
@@ -498,24 +436,17 @@ public int getContentLength() {
 
 	/**
 	 * {@inheritDoc}
-	 * @return
 	 */
 	public String getContentType() {
 		return getHeader(HDR_CONTENT_TYPE);
 	}
 
-	/**
-	 *
-	 * @param value
-	 */
 	public void setContentType( String value ) {
 		setHeader(HDR_CONTENT_TYPE, value);
 	}
 
 	/**
 	 * {@inheritDoc}
-	 * @return
-	 * @throws IOException
 	 */
 	public ServletInputStream getInputStream() throws IOException {
 		return new MockServletInputStream(body);
@@ -523,7 +454,6 @@ public ServletInputStream getInputStream() throws IOException {
 
 	/**
 	 * {@inheritDoc}
-	 * @return
 	 */
 	public String getLocalAddr() {
 		return "10.1.43.6";
@@ -531,7 +461,6 @@ public String getLocalAddr() {
 
 	/**
 	 * {@inheritDoc}
-	 * @return
 	 */
 	public String getLocalName() {
 		return "www.domain.com";
@@ -539,7 +468,6 @@ public String getLocalName() {
 
 	/**
 	 * {@inheritDoc}
-	 * @return
 	 */
 	public int getLocalPort() {
 		return 80;
@@ -547,7 +475,6 @@ public int getLocalPort() {
 
 	/**
 	 * {@inheritDoc}
-	 * @return
 	 */
 	public Locale getLocale() {
 		return null;
@@ -555,16 +482,13 @@ public Locale getLocale() {
 
 	/**
 	 * {@inheritDoc}
-	 * @return
 	 */
-	public Enumeration getLocales() {
+	public Enumeration<Locale> getLocales() {
 		return null;
 	}
 
 	/**
 	 * {@inheritDoc}
-	 * @param name
-	 * @return
 	 */
 	public String getParameter(String name) {
 		String[] values = parameters.get(name);
@@ -582,24 +506,20 @@ public void clearParameters() {
 
 	/**
 	 * {@inheritDoc}
-	 * @return
 	 */
-	public Map getParameterMap() {
+	public Map<String, String[]> getParameterMap() {
 		return parameters;
 	}
 
 	/**
 	 * {@inheritDoc}
-	 * @return
 	 */
-	public Enumeration getParameterNames() {
+	public Enumeration<String> getParameterNames() {
 		return Collections.enumeration(parameters.keySet());
 	}
 
 	/**
 	 * {@inheritDoc}
-	 * @param name
-	 * @return
 	 */
 	public String[] getParameterValues(String name) {
 		return parameters.get(name);
@@ -607,7 +527,6 @@ public String[] getParameterValues(String name) {
 
 	/**
 	 * {@inheritDoc}
-	 * @return
 	 */
 	public String getProtocol() {
 		return "HTTP/1.1";
@@ -615,8 +534,6 @@ public String getProtocol() {
 
 	/**
 	 * {@inheritDoc}
-	 * @return 
-	 * @throws IOException
 	 */
 	public BufferedReader getReader() throws IOException {
 
@@ -625,8 +542,6 @@ public BufferedReader getReader() throws IOException {
 
 	/**
 	 * {@inheritDoc}
-	 * @param path
-	 * @return
 	 * @deprecated
 	 */
 	@Deprecated
@@ -637,7 +552,6 @@ public String getRealPath(String path) {
 
 	/**
 	 * {@inheritDoc}
-	 * @return
 	 */
 	public String getRemoteAddr() {
 		return remoteHost;
@@ -649,7 +563,6 @@ public void setRemoteAddr(String remoteHost) {
 
 	/**
 	 * {@inheritDoc}
-	 * @return
 	 */
 	public String getRemoteHost() {
 		return remoteHost;
@@ -657,7 +570,6 @@ public String getRemoteHost() {
 
 	/**
 	 * {@inheritDoc}
-	 * @return
 	 */
 	public int getRemotePort() {
 
@@ -666,8 +578,6 @@ public int getRemotePort() {
 
 	/**
 	 * {@inheritDoc}
-	 * @param path
-	 * @return
 	 */
 	public RequestDispatcher getRequestDispatcher(String path) {
 		return requestDispatcher;
@@ -675,7 +585,6 @@ public RequestDispatcher getRequestDispatcher(String path) {
 
 	/**
 	 * {@inheritDoc}
-	 * @return
 	 */
 	public String getScheme() {
 		return scheme;
@@ -683,7 +592,6 @@ public String getScheme() {
 
 	/**
 	 * {@inheritDoc}
-	 * @return
 	 */
 	public String getServerName() {
 		return serverHost;
@@ -691,16 +599,13 @@ public String getServerName() {
 
 	/**
 	 * {@inheritDoc}
-	 * @return
 	 */
 	public int getServerPort() {
-
 		return 80;
 	}
 
 	/**
 	 * {@inheritDoc}
-	 * @return
 	 */
 	public boolean isSecure() {
 		return scheme.equals( "https" );
@@ -708,7 +613,6 @@ public boolean isSecure() {
 
 	/**
 	 * {@inheritDoc}
-	 * @param name
 	 */
 	public void removeAttribute(String name) {
 		attrs.remove(name);
@@ -716,8 +620,6 @@ public void removeAttribute(String name) {
 
 	/**
 	 * {@inheritDoc}
-	 * @param name 
-	 * @param o
 	 */
 	public void setAttribute(String name, Object o) {
 		attrs.put(name,o);
@@ -725,27 +627,15 @@ public void setAttribute(String name, Object o) {
 
 	/**
 	 * {@inheritDoc}
-	 * @param env
-	 * @throws UnsupportedEncodingException
 	 */
 	public void setCharacterEncoding(String env) throws UnsupportedEncodingException {
 
 	}
 
-	/**
-	 *
-	 * @param uri
-	 * @throws java.io.UnsupportedEncodingException
-	 */
 	public void setRequestURI(String uri) throws UnsupportedEncodingException {
 		this.uri = uri;
 	}
 
-	/**
-	 *
-	 * @param url
-	 * @throws java.io.UnsupportedEncodingException
-	 */
 	public void setRequestURL(String url) throws UnsupportedEncodingException {
 		// get the scheme
 		int p = url.indexOf( ":" );
@@ -760,7 +650,6 @@ public void setRequestURL(String url) throws UnsupportedEncodingException {
 		}
 		else
 			queryString = null;
-		this.url = url;
 	}
 
 	public void setScheme( String scheme ) {
diff --git a/src/test/java/org/owasp/esapi/http/MockHttpServletResponse.java b/src/test/java/org/owasp/esapi/http/MockHttpServletResponse.java
index 0858f9be5..23de2ce6e 100644
--- a/src/test/java/org/owasp/esapi/http/MockHttpServletResponse.java
+++ b/src/test/java/org/owasp/esapi/http/MockHttpServletResponse.java
@@ -37,13 +37,13 @@
 public class MockHttpServletResponse implements HttpServletResponse {
 
 	/** The cookies. */
-	List cookies = new ArrayList();
+	List<Cookie> cookies = new ArrayList<Cookie>();
 
 	/** The header names. */
-	List headerNames = new ArrayList();
+	List<String> headerNames = new ArrayList<String>();
 
 	/** The header values. */
-	List headerValues = new ArrayList();
+	List<String> headerValues = new ArrayList<String>();
 
 	/** The status. */
 	int status = 200;
@@ -58,31 +58,19 @@ public String getBody() {
 	
 	/**
 	 * {@inheritDoc}
-	 * 
-	 * @param cookie
 	 */
 	public void addCookie(Cookie cookie) {
 		cookies.add(cookie);
 	}
 
-	/**
-	 * Gets the cookies.
-	 * 
-	 * @return the cookies
-	 */
-	public List getCookies() {
+	public List<Cookie> getCookies() {
 		return cookies;
 	}
 
-	/**
-	 * 
-	 * @param name
-	 * @return
-	 */
 	public Cookie getCookie(String name) {
-		Iterator i = cookies.iterator();
+		Iterator<Cookie> i = cookies.iterator();
 		while (i.hasNext()) {
-			Cookie c = (Cookie) i.next();
+			Cookie c = i.next();
 			if (c.getName().equals(name)) {
 				return c;
 			}
@@ -92,9 +80,6 @@ public Cookie getCookie(String name) {
 
 	/**
 	 * {@inheritDoc}
-	 * 
-	 * @param name
-	 * @param date
 	 */
 	public void addDateHeader(String name, long date) {
 		headerNames.add(name);
@@ -103,9 +88,6 @@ public void addDateHeader(String name, long date) {
 
 	/**
 	 * {@inheritDoc}
-	 * 
-	 * @param name
-	 * @param value
 	 */
 	public void addHeader(String name, String value) {
 		headerNames.add(name);
@@ -114,9 +96,6 @@ public void addHeader(String name, String value) {
 
 	/**
 	 * {@inheritDoc}
-	 * 
-	 * @param name
-	 * @param value
 	 */
 	public void addIntHeader(String name, int value) {
 		headerNames.add(name);
@@ -125,9 +104,6 @@ public void addIntHeader(String name, int value) {
 
 	/**
 	 * {@inheritDoc}
-	 * 
-	 * @param name
-	 * @return
 	 */
 	public boolean containsHeader(String name) {
 		return headerNames.contains(name);
@@ -136,18 +112,10 @@ public boolean containsHeader(String name) {
 	/**
 	 * {@inheritDoc}
 	 */
-	/**
-	 * Gets the header.
-	 * 
-	 * @param name
-	 *            the name
-	 * 
-	 * @return the header
-	 */
 	public String getHeader(String name) {
 		int index = headerNames.indexOf(name);
 		if (index != -1) {
-			return (String) headerValues.get(index);
+			return headerValues.get(index);
 		}
 		return null;
 	}
@@ -157,15 +125,12 @@ public String getHeader(String name) {
 	 * 
 	 * @return the header names
 	 */
-	public List getHeaderNames() {
+	public List<String> getHeaderNames() {
 		return headerNames;
 	}
 
 	/**
 	 * {@inheritDoc}
-	 * 
-	 * @param url
-	 * @return
 	 */
 	public String encodeRedirectURL(String url) {
 		return null;
@@ -173,9 +138,6 @@ public String encodeRedirectURL(String url) {
 
 	/**
 	 * {@inheritDoc}
-	 * 
-	 * @param url
-	 * @return
 	 * @deprecated
 	 */
 	@Deprecated
@@ -185,9 +147,6 @@ public String encodeRedirectUrl(String url) {
 
 	/**
 	 * {@inheritDoc}
-	 * 
-	 * @param url
-	 * @return
 	 */
 	public String encodeURL(String url) {
 		String enc = url;
@@ -198,9 +157,6 @@ public String encodeURL(String url) {
 
 	/**
 	 * {@inheritDoc}
-	 * 
-	 * @param url
-	 * @return
 	 * @deprecated
 	 */
 	@Deprecated
@@ -210,9 +166,6 @@ public String encodeUrl(String url) {
 
 	/**
 	 * {@inheritDoc}
-	 * 
-	 * @param sc
-	 * @throws IOException
 	 */
 	public void sendError(int sc) throws IOException {
 		status = sc;
@@ -220,10 +173,6 @@ public void sendError(int sc) throws IOException {
 
 	/**
 	 * {@inheritDoc}
-	 * 
-	 * @param sc
-	 * @param msg
-	 * @throws IOException
 	 */
 	public void sendError(int sc, String msg) throws IOException {
 		status = sc;
@@ -231,9 +180,6 @@ public void sendError(int sc, String msg) throws IOException {
 
 	/**
 	 * {@inheritDoc}
-	 * 
-	 * @param location
-	 * @throws IOException
 	 */
 	public void sendRedirect(String location) throws IOException {
 		status = HttpServletResponse.SC_MOVED_PERMANENTLY;
@@ -242,9 +188,6 @@ public void sendRedirect(String location) throws IOException {
 
 	/**
 	 * {@inheritDoc}
-	 * 
-	 * @param name
-	 * @param date
 	 */
 	public void setDateHeader(String name, long date) {
 		headerNames.add(name);
@@ -253,9 +196,6 @@ public void setDateHeader(String name, long date) {
 
 	/**
 	 * {@inheritDoc}
-	 * 
-	 * @param name
-	 * @param value
 	 */
 	public void setHeader(String name, String value) {
 		headerNames.add(name);
@@ -264,9 +204,6 @@ public void setHeader(String name, String value) {
 
 	/**
 	 * {@inheritDoc}
-	 * 
-	 * @param name
-	 * @param value
 	 */
 	public void setIntHeader(String name, int value) {
 		headerNames.add(name);
@@ -275,8 +212,6 @@ public void setIntHeader(String name, int value) {
 
 	/**
 	 * {@inheritDoc}
-	 * 
-	 * @param sc
 	 */
 	public void setStatus(int sc) {
 		status = sc;
@@ -293,9 +228,6 @@ public int getStatus() {
 
 	/**
 	 * {@inheritDoc}
-	 * 
-	 * @param sc
-	 * @param sm
 	 * @deprecated
 	 */
 	@Deprecated
@@ -305,8 +237,6 @@ public void setStatus(int sc, String sm) {
 
 	/**
 	 * {@inheritDoc}
-	 * 
-	 * @throws IOException
 	 */
 	public void flushBuffer() throws IOException {
 
@@ -314,8 +244,6 @@ public void flushBuffer() throws IOException {
 
 	/**
 	 * {@inheritDoc}
-	 * 
-	 * @return
 	 */
 	public int getBufferSize() {
 		return body.length();
@@ -323,8 +251,6 @@ public int getBufferSize() {
 
 	/**
 	 * {@inheritDoc}
-	 * 
-	 * @return
 	 */
 	public String getCharacterEncoding() {
 		return "UTF-8";
@@ -332,8 +258,6 @@ public String getCharacterEncoding() {
 
 	/**
 	 * {@inheritDoc}
-	 * 
-	 * @return
 	 */
 	public String getContentType() {
 		return contentType;
@@ -341,8 +265,6 @@ public String getContentType() {
 
 	/**
 	 * {@inheritDoc}
-	 * 
-	 * @return
 	 */
 	public Locale getLocale() {
 
@@ -351,9 +273,6 @@ public Locale getLocale() {
 
 	/**
 	 * {@inheritDoc}
-	 * 
-	 * @return
-	 * @throws IOException
 	 */
 	public ServletOutputStream getOutputStream() throws IOException {
 		return new ServletOutputStream() {
@@ -365,9 +284,6 @@ public void write(int b) throws IOException {
 
 	/**
 	 * {@inheritDoc}
-	 * 
-	 * @return
-	 * @throws IOException
 	 */
 	public PrintWriter getWriter() throws IOException {
 		return new PrintWriter( getOutputStream(), true );
@@ -375,8 +291,6 @@ public PrintWriter getWriter() throws IOException {
 
 	/**
 	 * {@inheritDoc}
-	 * 
-	 * @return
 	 */
 	public boolean isCommitted() {
 
@@ -388,9 +302,9 @@ public boolean isCommitted() {
 	 */
 	public void reset() {
 		body = new StringBuffer();
-		cookies = new ArrayList();
-		headerNames = new ArrayList();
-		headerValues = new ArrayList();
+		cookies = new ArrayList<Cookie>();
+		headerNames = new ArrayList<String>();
+		headerValues = new ArrayList<String>();
 		status = 200;
 	}
 
@@ -407,8 +321,6 @@ public void setBody( String value ) {
 	
 	/**
 	 * {@inheritDoc}
-	 * 
-	 * @param size
 	 */
 	public void setBufferSize(int size) {
 
@@ -416,8 +328,6 @@ public void setBufferSize(int size) {
 
 	/**
 	 * {@inheritDoc}
-	 * 
-	 * @param charset
 	 */
 	public void setCharacterEncoding(String charset) {
 
@@ -425,8 +335,6 @@ public void setCharacterEncoding(String charset) {
 
 	/**
 	 * {@inheritDoc}
-	 * 
-	 * @param len
 	 */
 	public void setContentLength(int len) {
 
@@ -434,8 +342,6 @@ public void setContentLength(int len) {
 
 	/**
 	 * {@inheritDoc}
-	 * 
-	 * @param type
 	 */
 	public void setContentType(String type) {
 		contentType = type;
@@ -443,8 +349,6 @@ public void setContentType(String type) {
 
 	/**
 	 * {@inheritDoc}
-	 * 
-	 * @param loc
 	 */
 	public void setLocale(Locale loc) {
 
diff --git a/src/test/java/org/owasp/esapi/http/MockHttpSession.java b/src/test/java/org/owasp/esapi/http/MockHttpSession.java
index 9ae25ced6..6e9426a2b 100644
--- a/src/test/java/org/owasp/esapi/http/MockHttpSession.java
+++ b/src/test/java/org/owasp/esapi/http/MockHttpSession.java
@@ -47,10 +47,10 @@ public class MockHttpSession implements HttpSession {
 	private int sessionid=count++;
 	
 	/** The attributes. */
-	private Map attributes = new HashMap();
+	private Map<String, Object> attributes = new HashMap<String, Object>();
 	
 	/**
-	 * Instantiates a new test http session.
+	 * Instantiates a new test HTTP session.
 	 */
 	public MockHttpSession() {
 		// to replace synthetic accessor method
@@ -71,9 +71,6 @@ public MockHttpSession( long creationTime, long accessedTime ) {
 
     /**
      * {@inheritDoc}
-     *
-     * @param string
-     * @return
      */
 	public Object getAttribute(String string) {
 		return attributes.get( string );
@@ -81,18 +78,14 @@ public Object getAttribute(String string) {
 
     /**
      * {@inheritDoc}
-     * 
-     * @return
      */
-	public Enumeration getAttributeNames() {
-		Vector v = new Vector( attributes.keySet() );
+	public Enumeration<String> getAttributeNames() {
+		Vector<String> v = new Vector<String>( attributes.keySet() );
 		return v.elements();
 	}
 
     /**
      * {@inheritDoc}
-     *
-     * @return
      */
 	public long getCreationTime() {
 		return creationTime;
@@ -100,8 +93,6 @@ public long getCreationTime() {
 
     /**
      * {@inheritDoc}
-     *
-     * @return
      */
 	public String getId() {
 		return ""+sessionid;
@@ -118,8 +109,6 @@ public boolean getInvalidated() {
 
     /**
      * {@inheritDoc}
-     *
-     * @return
      */
 	public long getLastAccessedTime() {
 		return accessedTime;
@@ -127,8 +116,6 @@ public long getLastAccessedTime() {
 
     /**
      * {@inheritDoc}
-     *
-     * @return
      */
 	public int getMaxInactiveInterval() {
 		return 0;
@@ -136,8 +123,6 @@ public int getMaxInactiveInterval() {
 
     /**
      * {@inheritDoc}
-     *
-     * @return
      */
 	public ServletContext getServletContext() {
 		return null;
@@ -145,8 +130,6 @@ public ServletContext getServletContext() {
 
     /**
      * {@inheritDoc}
-     *
-     * @return null
      * @deprecated
      */
         @Deprecated
@@ -158,9 +141,6 @@ public javax.servlet.http.HttpSessionContext getSessionContext() {
 
     /**
      * {@inheritDoc}
-     *
-     * @param string
-     * @return
      * @deprecated
      */
      	@Deprecated
@@ -170,8 +150,6 @@ public Object getValue(String string) {
 
     /**
      * {@inheritDoc}
-     *
-     * @return
      * @deprecated
      */
      	@Deprecated
@@ -188,8 +166,6 @@ public void invalidate() {
     
     /**
      * {@inheritDoc}
-     *
-     * @return
      */
 	public boolean isNew() {
 		return true;
@@ -197,9 +173,6 @@ public boolean isNew() {
 
 	/**
      * {@inheritDoc}
-     *
-     * @param string
-     * @param object
      * @deprecated
      */
      	@Deprecated
@@ -209,8 +182,6 @@ public void putValue(String string, Object object) {
 
     /**
      * {@inheritDoc}
-     *
-     * @param string
      */
 	public void removeAttribute(String string) {
 		attributes.remove( string );
@@ -218,8 +189,6 @@ public void removeAttribute(String string) {
 
     /**
      * {@inheritDoc}
-     *
-     * @param string
      * @deprecated
      */
      	@Deprecated
@@ -229,9 +198,6 @@ public void removeValue(String string) {
 
     /**
      * {@inheritDoc}
-     *
-     * @param string
-     * @param object
      */
 	public void setAttribute(String string, Object object) {
 		attributes.put(string, object);
@@ -239,9 +205,7 @@ public void setAttribute(String string, Object object) {
 
     /**
      * {@inheritDoc}
-     *
-     * @param i
-     */
+=     */
 	public void setMaxInactiveInterval(int i) {
 		// stub
 	}
diff --git a/src/test/java/org/owasp/esapi/http/MockServletContext.java b/src/test/java/org/owasp/esapi/http/MockServletContext.java
index b4b042fc7..67cb4df59 100644
--- a/src/test/java/org/owasp/esapi/http/MockServletContext.java
+++ b/src/test/java/org/owasp/esapi/http/MockServletContext.java
@@ -310,6 +310,7 @@ public RequestDispatcher getNamedDispatcher(String name) {
      * <code>ServletContext</code> class and can perform shared business logic
      * by invoking methods on common non-servlet classes.
      */
+    @Deprecated
     public Servlet getServlet(String name) throws ServletException {
     	return null;
     }
@@ -324,6 +325,7 @@ public Servlet getServlet(String name) throws ServletException {
      * will be permanently removed in a future version of the Java
      * Servlet API.
      */
+    @Deprecated
     public Enumeration getServlets() {
     	return null;
     }
@@ -338,6 +340,7 @@ public Enumeration getServlets() {
      * remains only to preserve binary compatibility. This method will
      * be permanently removed in a future version of the Java Servlet API.
      */
+    @Deprecated
     public Enumeration getServletNames() {
     	return null;
     }
@@ -363,6 +366,7 @@ public void log(String msg) {
      * exception's stack trace and an explanatory error message
      * to the servlet log file.
      */
+    @Deprecated
     public void log(Exception exception, String msg) {
     	ESAPI.getLogger( "MockServletContext" ).warning( Logger.EVENT_FAILURE, msg, exception );
     }
diff --git a/src/test/java/org/owasp/esapi/http/MockServletInputStream.java b/src/test/java/org/owasp/esapi/http/MockServletInputStream.java
index 3e4ed3d9a..15c9c569d 100644
--- a/src/test/java/org/owasp/esapi/http/MockServletInputStream.java
+++ b/src/test/java/org/owasp/esapi/http/MockServletInputStream.java
@@ -38,7 +38,7 @@ public MockServletInputStream(byte[] body) {
 
     /**
      * read
-     * @return 
+     * @return the next char from this InputStream 
      * @throws IOException
      */
     public int read() throws IOException {
diff --git a/src/test/java/org/owasp/esapi/reference/HTTPUtilitiesTest.java b/src/test/java/org/owasp/esapi/reference/HTTPUtilitiesTest.java
index 130534ee8..ba6715313 100644
--- a/src/test/java/org/owasp/esapi/reference/HTTPUtilitiesTest.java
+++ b/src/test/java/org/owasp/esapi/reference/HTTPUtilitiesTest.java
@@ -227,14 +227,16 @@ public void testGetFileUploads() throws IOException {
 			request2.setContentType( "multipart/form-data; boundary=ridiculous");
 			ESAPI.httpUtilities().setCurrentHTTP(request2, response);
 			try {
-				List list = ESAPI.httpUtilities().getFileUploads(request2, home);
-				Iterator i = list.iterator();
+				List<?> list = ESAPI.httpUtilities().getFileUploads(request2, home);
+				Iterator<?> i = list.iterator();
 				while ( i.hasNext() ) {
 					File f = (File)i.next();
 					System.out.println( "  " + f.getAbsolutePath() );
 				}
 				assertTrue( list.size() > 0 );
 			} catch (ValidationException e) {
+				System.out.println("ERROR in testGetFileUploads() request2: " + e.toString());
+				e.printStackTrace();
 				fail();
 			}
 
@@ -243,15 +245,17 @@ public void testGetFileUploads() throws IOException {
 			ESAPI.httpUtilities().setCurrentHTTP(request4, response);
 			System.err.println("UPLOAD DIRECTORY: " + ESAPI.securityConfiguration().getUploadDirectory());
 			try {
-				List list = ESAPI.httpUtilities().getFileUploads(request4, home);
-				Iterator i = list.iterator();
+				List<?> list = ESAPI.httpUtilities().getFileUploads(request4, home);
+				Iterator<?> i = list.iterator();
 				while ( i.hasNext() ) {
 					File f = (File)i.next();
 					System.out.println( "  " + f.getAbsolutePath() );
 				}
 				assertTrue( list.size() > 0 );
 			} catch (ValidationException e) {
-				System.err.println("ERROR: " + e.toString());
+				// TODO: This test cases if failing when we upgrade to commons-fileupload;commons-fileupload:1.4 because of a duplicate file error. Need to figure out why.
+				System.out.println("ERROR in testGetFileUploads() request4: " + e.toString());
+				e.printStackTrace();
 				fail();
 			}
 
@@ -282,7 +286,7 @@ public void testKillAllCookies() {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		assertTrue(response.getCookies().isEmpty());
-		ArrayList list = new ArrayList();
+		ArrayList<Cookie> list = new ArrayList<Cookie>();
 		list.add(new Cookie("test1", "1"));
 		list.add(new Cookie("test2", "2"));
 		list.add(new Cookie("test3", "3"));
@@ -300,7 +304,7 @@ public void testKillCookie() {
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		ESAPI.httpUtilities().setCurrentHTTP(request, response);
 		assertTrue(response.getCookies().isEmpty());
-		ArrayList list = new ArrayList();
+		ArrayList<Cookie> list = new ArrayList<Cookie>();
 		list.add(new Cookie("test1", "1"));
 		list.add(new Cookie("test2", "2"));
 		list.add(new Cookie("test3", "3"));
@@ -379,10 +383,10 @@ public void testGetStateFromEncryptedCookie() throws Exception {
 		MockHttpServletResponse response = new MockHttpServletResponse();
 
 		// test null cookie array
-		Map empty = ESAPI.httpUtilities().decryptStateFromCookie(request);
+		Map<String, String> empty = ESAPI.httpUtilities().decryptStateFromCookie(request);
 		assertTrue( empty.isEmpty() );
 
-		HashMap map = new HashMap();
+		HashMap<String, String> map = new HashMap<String, String>();
 		map.put( "one", "aspect" );
 		map.put( "two", "ridiculous" );
 		map.put( "test_hard", "&(@#*!^|;,." );
@@ -391,10 +395,10 @@ public void testGetStateFromEncryptedCookie() throws Exception {
 			String value = response.getHeader( "Set-Cookie" );
 			String encrypted = value.substring(value.indexOf("=")+1, value.indexOf(";"));
 			request.setCookie( DefaultHTTPUtilities.ESAPI_STATE, encrypted );
-			Map state = ESAPI.httpUtilities().decryptStateFromCookie(request);
-			Iterator i = map.entrySet().iterator();
+			Map<String, String> state = ESAPI.httpUtilities().decryptStateFromCookie(request);
+			Iterator<?> i = map.entrySet().iterator();
 			while ( i.hasNext() ) {
-				Map.Entry entry = (Map.Entry)i.next();
+				Map.Entry<?, ?> entry = (Map.Entry<?, ?>)i.next();
 				String origname = (String)entry.getKey();
 				String origvalue = (String)entry.getValue();
 				if( !state.get( origname ).equals( origvalue ) ) {
@@ -414,7 +418,7 @@ public void testSaveStateInEncryptedCookie() {
 		MockHttpServletRequest request = new MockHttpServletRequest();
 		MockHttpServletResponse response = new MockHttpServletResponse();
 		ESAPI.httpUtilities().setCurrentHTTP(request, response);
-		HashMap map = new HashMap();
+		HashMap<String, String> map = new HashMap<String, String>();
 		map.put( "one", "aspect" );
 		map.put( "two", "ridiculous" );
 		map.put( "test_hard", "&(@#*!^|;,." );
@@ -444,7 +448,7 @@ public void testSaveTooLongStateInEncryptedCookieException() {
 
 		String foo = ESAPI.randomizer().getRandomString(4096, EncoderConstants.CHAR_ALPHANUMERICS);
 
-		HashMap map = new HashMap();
+		HashMap<String, String> map = new HashMap<String, String>();
 		map.put("long", foo);
 		try {
 			ESAPI.httpUtilities().encryptStateInCookie(response, map);
@@ -477,9 +481,10 @@ public void testSetNoCacheHeaders() {
 	 *
 	 * @throws org.owasp.esapi.errors.AuthenticationException
 	 */
+	@SuppressWarnings("deprecation")
 	public void testDeprecatedSetRememberToken() throws AuthenticationException {
 		System.out.println("setRememberToken");
-		Authenticator instance = (Authenticator)ESAPI.authenticator();
+		Authenticator instance = ESAPI.authenticator();
 		String accountName=ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
 		String password = instance.generateStrongPassword();
 		User user = instance.createUser(accountName, password, password);
@@ -503,8 +508,8 @@ public void testDeprecatedSetRememberToken() throws AuthenticationException {
 	 * @throws org.owasp.esapi.errors.AuthenticationException
 	 */
 	public void testSetRememberToken() throws Exception {
-		System.out.println("setRememberToken");
-		Authenticator instance = (Authenticator)ESAPI.authenticator();
+		//System.out.println("setRememberToken");
+		Authenticator instance = ESAPI.authenticator();
 		String accountName=ESAPI.randomizer().getRandomString(8, EncoderConstants.CHAR_ALPHANUMERICS);
 		String password = instance.generateStrongPassword();
 		User user = instance.createUser(accountName, password, password);
@@ -522,6 +527,7 @@ public void testSetRememberToken() throws Exception {
 		
 		Field field = response.getClass().getDeclaredField("cookies");
 		field.setAccessible(true);
+		@SuppressWarnings("unchecked")
 		List<Cookie> cookies = (List<Cookie>) field.get(response);
 		Cookie cookie = null;
 		for(Cookie c: cookies){
@@ -539,6 +545,8 @@ public void testGetSessionAttribute() throws Exception {
 		session.setAttribute("testAttribute", 43f);
 
 		try {
+			// Deleting the unused assignment of the results to test1 causes the expected ClassCastException to not occur. So don't delete it!
+			@SuppressWarnings("unused")
 			Integer test1 = ESAPI.httpUtilities().getSessionAttribute( session, "testAttribute" );
 			fail();
 		} catch ( ClassCastException cce ) {}
@@ -551,6 +559,8 @@ public void testGetRequestAttribute() throws Exception {
 		HttpServletRequest request = new MockHttpServletRequest();
 		request.setAttribute( "testAttribute", 43f );
 		try {
+			// Deleting the unused assignment of the results to test1 causes the expected ClassCastException to not occur. So don't delete it!
+			@SuppressWarnings("unused")
 			Integer test1 = ESAPI.httpUtilities().getRequestAttribute( request, "testAttribute" );
 			fail();
 		} catch ( ClassCastException cce ) {}
diff --git a/src/test/java/org/owasp/esapi/reference/UnitTestSecurityConfiguration.java b/src/test/java/org/owasp/esapi/reference/UnitTestSecurityConfiguration.java
index 2bdaec755..cc0f2efbb 100644
--- a/src/test/java/org/owasp/esapi/reference/UnitTestSecurityConfiguration.java
+++ b/src/test/java/org/owasp/esapi/reference/UnitTestSecurityConfiguration.java
@@ -1,85 +1,50 @@
 package org.owasp.esapi.reference;
 
-import java.util.Properties;
-
 public class UnitTestSecurityConfiguration extends DefaultSecurityConfiguration {
     public UnitTestSecurityConfiguration(DefaultSecurityConfiguration cfg) {
         super(cfg.getESAPIProperties());
     }
 
-    /**
-	 * {@inheritDoc}
-	 */
     public void setApplicationName(String v) {
     	getESAPIProperties().setProperty(APPLICATION_NAME, v);
     }
 
-    /**
-	 * {@inheritDoc}
-	 */
     public void setLogImplementation(String v) {
     	getESAPIProperties().setProperty(LOG_IMPLEMENTATION, v);
     }
 
-    /**
-	 * {@inheritDoc}
-	 */
     public void setAuthenticationImplementation(String v) {
     	getESAPIProperties().setProperty(AUTHENTICATION_IMPLEMENTATION, v);
     }
 
-    /**
-	 * {@inheritDoc}
-	 */
     public void setEncoderImplementation(String v) {
     	getESAPIProperties().setProperty(ENCODER_IMPLEMENTATION, v);
     }
 
-    /**
-	 * {@inheritDoc}
-	 */
     public void setAccessControlImplementation(String v) {
     	getESAPIProperties().setProperty(ACCESS_CONTROL_IMPLEMENTATION, v);
     }
 
-    /**
-	 * {@inheritDoc}
-	 */
     public void setEncryptionImplementation(String v) {
     	getESAPIProperties().setProperty(ENCRYPTION_IMPLEMENTATION, v);
     }
 
-    /**
-	 * {@inheritDoc}
-	 */
     public void setIntrusionDetectionImplementation(String v) {
     	getESAPIProperties().setProperty(INTRUSION_DETECTION_IMPLEMENTATION, v);
     }
 
-    /**
-	 * {@inheritDoc}
-	 */
     public void setRandomizerImplementation(String v) {
     	getESAPIProperties().setProperty(RANDOMIZER_IMPLEMENTATION, v);
     }
 
-    /**
-	 * {@inheritDoc}
-	 */
     public void setExecutorImplementation(String v) {
     	getESAPIProperties().setProperty(EXECUTOR_IMPLEMENTATION, v);
     }
 
-    /**
-	 * {@inheritDoc}
-	 */
     public void setHTTPUtilitiesImplementation(String v) {
     	getESAPIProperties().setProperty(HTTP_UTILITIES_IMPLEMENTATION, v);
     }
 
-    /**
-	 * {@inheritDoc}
-	 */
     public void setValidationImplementation(String v) {
     	getESAPIProperties().setProperty(VALIDATOR_IMPLEMENTATION, v);
     }
diff --git a/src/test/java/org/owasp/esapi/reference/crypto/EncryptorTest.java b/src/test/java/org/owasp/esapi/reference/crypto/EncryptorTest.java
index f9bce0280..0d9c080b0 100644
--- a/src/test/java/org/owasp/esapi/reference/crypto/EncryptorTest.java
+++ b/src/test/java/org/owasp/esapi/reference/crypto/EncryptorTest.java
@@ -264,7 +264,8 @@ private String runNewEncryptDecryptTestCase(String cipherXform, int keySize, byt
 			} else if ( cipherAlg.equals( "DES" ) ) {
 				keySize = 64;
 			} // Else... use specified keySize.
-            assertTrue(cipherXform + ": encoded key size shorter than requested key size",  skey.getEncoded().length >= (keySize / 8) );
+            assertTrue(cipherXform + ": encoded key size of " + skey.getEncoded().length + " shorter than requested key size of: " + (keySize / 8),
+            		skey.getEncoded().length >= (keySize / 8) );
 
 			// Change to a possibly different cipher. This is kludgey at best. Am thinking about an
 			// alternate way to do this using a new 'CryptoControls' class. Maybe not until release 2.1.
@@ -291,6 +292,7 @@ private String runNewEncryptDecryptTestCase(String cipherXform, int keySize, byt
 
 	    	// If we are supposed to have overwritten the plaintext, check this to see
 	    	// if origPlainText was indeed overwritten.
+	    	@SuppressWarnings("deprecation")
 			boolean overwritePlaintext = ESAPI.securityConfiguration().overwritePlainText();
 			if ( overwritePlaintext ) {
 				assertTrue( isPlaintextOverwritten(plaintext) );
@@ -308,6 +310,7 @@ private String runNewEncryptDecryptTestCase(String cipherXform, int keySize, byt
 	    	@SuppressWarnings("deprecation")
 			String previousCipherXform = ESAPI.securityConfiguration().setCipherTransformation(null);
 	    	assertEquals( previousCipherXform,  cipherXform  );
+	    	@SuppressWarnings("deprecation")
 	    	String defaultCipherXform = ESAPI.securityConfiguration().getCipherTransformation();
 	    	assertEquals( defaultCipherXform, oldCipherXform );
 	    	
diff --git a/src/test/java/org/owasp/esapi/util/FileTestUtils.java b/src/test/java/org/owasp/esapi/util/FileTestUtils.java
index 51f40f80c..2c0eda18b 100644
--- a/src/test/java/org/owasp/esapi/util/FileTestUtils.java
+++ b/src/test/java/org/owasp/esapi/util/FileTestUtils.java
@@ -10,7 +10,7 @@
  */
 public class FileTestUtils
 {
-	private static final Class CLASS = FileTestUtils.class;
+	private static final Class<FileTestUtils> CLASS = FileTestUtils.class;
 	private static final String CLASS_NAME = CLASS.getName();
 	private static final String DEFAULT_PREFIX = CLASS_NAME + '.';
 	private static final String DEFAULT_SUFFIX = ".tmp";
@@ -20,15 +20,15 @@ public class FileTestUtils
 		Rational for switching from SecureRandom to Random:
 		
 		This is used for generating filenames for temporary
-		directories. Origionally this was using SecureRandom for
+		directories. Originally this was using SecureRandom for
 		this to make /tmp races harder. This is not necessary as
 		mkdir always returns false if if the directory already
 		exists.
 		
-		Additionally, SecureRandom for some reason on linux
+		Additionally, SecureRandom for some reason on Linux
 		is appears to be reading from /dev/random instead of
 		/dev/urandom. As such, the many calls for temporary
-		directories in the unit tests quickly depleates the
+		directories in the unit tests quickly depletes the
 		entropy pool causing unit test runs to block until more
 		entropy is collected (this is why moving the mouse speeds
 		up unit tests).
@@ -46,7 +46,7 @@ private FileTestUtils()
 
 	/**
 	 * Convert a long to it's hex representation. Unlike
-	 * {@ Long#toHexString(long)} this always returns 16 digits.
+	 * {@link Long#toHexString(long)} this always returns 16 digits.
 	 * @param l The long to convert.
 	 * @return l in hex.
 	 */

From 0bdbc934570f3f8bf18c425d6fef2a0173229312 Mon Sep 17 00:00:00 2001
From: davewichers <dwichers@gmail.com>
Date: Sat, 13 Apr 2019 15:51:31 -0400
Subject: [PATCH 539/812] Fix 1 test case that doesn't compile on Java 7.

---
 .../org/owasp/esapi/reference/ExtensiveEncoderURITest.java     | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/test/java/org/owasp/esapi/reference/ExtensiveEncoderURITest.java b/src/test/java/org/owasp/esapi/reference/ExtensiveEncoderURITest.java
index 5c791fde8..37e9ea213 100644
--- a/src/test/java/org/owasp/esapi/reference/ExtensiveEncoderURITest.java
+++ b/src/test/java/org/owasp/esapi/reference/ExtensiveEncoderURITest.java
@@ -4,6 +4,7 @@
 
 import java.io.File;
 import java.net.URL;
+import java.nio.charset.StandardCharsets;
 import java.nio.file.Files;
 import java.util.ArrayList;
 import java.util.Collection;
@@ -36,7 +37,7 @@ public static Collection<String> getMyUris() throws Exception{
 		String fileName = url.getFile();
 		File urisForText = new File(fileName);
 		
-		inputs = Files.readAllLines(urisForText.toPath());
+		inputs = Files.readAllLines(urisForText.toPath(), StandardCharsets.UTF_8);
 		
 		return inputs;
 	}

From 85bdfc4a4602cd9673fd3b5e7f821a5139a12695 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sat, 13 Apr 2019 23:05:06 -0400
Subject: [PATCH 540/812] Added some debug print statements to System.err for
 bug demo.

---
 .../esapi/reference/crypto/EncryptorTest.java | 21 ++++++++++++-------
 1 file changed, 13 insertions(+), 8 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/reference/crypto/EncryptorTest.java b/src/test/java/org/owasp/esapi/reference/crypto/EncryptorTest.java
index 0d9c080b0..f215dfb41 100644
--- a/src/test/java/org/owasp/esapi/reference/crypto/EncryptorTest.java
+++ b/src/test/java/org/owasp/esapi/reference/crypto/EncryptorTest.java
@@ -238,10 +238,10 @@ public void testNewEncryptDecrypt() {
      *         strength crypto is not available for this Java VM.
      */
     private String runNewEncryptDecryptTestCase(String cipherXform, int keySize, byte[] plaintextBytes) {
-    	System.out.println("New encrypt / decrypt: " + cipherXform);
+    	System.err.println("New encrypt / decrypt: " + cipherXform + "; requested key size: " + keySize + " bits.");
     	
     	if ( keySize > 128 && !unlimitedStrengthJurisdictionPolicyInstalled ) {
-    	    System.out.println("Skipping test for cipher transformation " +
+    	    System.err.println("Skipping test for cipher transformation " +
     	                       cipherXform + " with key size of " + keySize +
     	                       " bits because this requires JCE Unlimited Strength" +
     	                       " Jurisdiction Policy files to be installed and they" +
@@ -254,16 +254,21 @@ private String runNewEncryptDecryptTestCase(String cipherXform, int keySize, byt
 			SecretKey skey = CryptoHelper.generateSecretKey(cipherXform, keySize);	
 			assertTrue( skey.getAlgorithm().equals(cipherXform.split("/")[0]) );
 			String cipherAlg = cipherXform.split("/")[0];
+
+            System.err.println("Key size of generated encoded key: " + skey.getEncoded().length * 8 + " bits.");
 			
 			// Adjust key size for DES and DESede specific oddities.
 			// NOTE: Key size that encrypt() method is using is 192 bits!!!
     		//        which is 3 times 64 bits, but DES key size is only 56 bits.
     		// See 'IMPORTANT NOTE', in JavaEncryptor, near line 376. It's a "feature"!!!
 			if ( cipherAlg.equals( "DESede" ) ) {
+                System.err.println("Adjusting requested key size of " + keySize + " bits to 192 bits for DESede");
 				keySize = 192;
 			} else if ( cipherAlg.equals( "DES" ) ) {
+                System.err.println("Adjusting requested key size of " + keySize + " bits to 64 bits for DES");
 				keySize = 64;
 			} // Else... use specified keySize.
+
             assertTrue(cipherXform + ": encoded key size of " + skey.getEncoded().length + " shorter than requested key size of: " + (keySize / 8),
             		skey.getEncoded().length >= (keySize / 8) );
 
@@ -273,7 +278,7 @@ private String runNewEncryptDecryptTestCase(String cipherXform, int keySize, byt
 	    	@SuppressWarnings("deprecation")
 			String oldCipherXform = ESAPI.securityConfiguration().setCipherTransformation(cipherXform);
 	    	if ( ! cipherXform.equals(oldCipherXform) ) {
-	    		System.out.println("Cipher xform changed from \"" + oldCipherXform + "\" to \"" + cipherXform + "\"");
+	    		System.err.println("Cipher xform changed from \"" + oldCipherXform + "\" to \"" + cipherXform + "\"");
 	    	}
 	    	
 	    	// Get an Encryptor instance with the specified, possibly new, cipher transformation.
@@ -283,12 +288,12 @@ private String runNewEncryptDecryptTestCase(String cipherXform, int keySize, byt
 	    	
 	    	// Do the encryption with the new encrypt() method and get back the CipherText.
 	    	CipherText ciphertext = instance.encrypt(skey, plaintext);	// The new encrypt() method.
-	    	System.out.println("DEBUG: Encrypt(): CipherText object is -- " + ciphertext);
+	    	System.err.println("DEBUG: Encrypt(): CipherText object is -- " + ciphertext);
 	    	assertNotNull( ciphertext );
-//	    	System.out.println("DEBUG: After encryption: base64-encoded IV+ciphertext: " + ciphertext.getEncodedIVCipherText());
-//	    	System.out.println("\t\tOr... " + ESAPI.encoder().decodeFromBase64(ciphertext.getEncodedIVCipherText()) );
-//	    	System.out.println("DEBUG: After encryption: base64-encoded raw ciphertext: " + ciphertext.getBase64EncodedRawCipherText());
-//	    	System.out.println("\t\tOr... " + ESAPI.encoder().decodeFromBase64(ciphertext.getBase64EncodedRawCipherText()) );
+//	    	System.err.println("DEBUG: After encryption: base64-encoded IV+ciphertext: " + ciphertext.getEncodedIVCipherText());
+//	    	System.err.println("\t\tOr... " + ESAPI.encoder().decodeFromBase64(ciphertext.getEncodedIVCipherText()) );
+//	    	System.err.println("DEBUG: After encryption: base64-encoded raw ciphertext: " + ciphertext.getBase64EncodedRawCipherText());
+//	    	System.err.println("\t\tOr... " + ESAPI.encoder().decodeFromBase64(ciphertext.getBase64EncodedRawCipherText()) );
 
 	    	// If we are supposed to have overwritten the plaintext, check this to see
 	    	// if origPlainText was indeed overwritten.

From b15985e3a54769210a7d3b30ef7321a3de471138 Mon Sep 17 00:00:00 2001
From: davewichers <dwichers@gmail.com>
Date: Sun, 14 Apr 2019 00:04:33 -0400
Subject: [PATCH 541/812] Update pom to disable plugins that don't work with
 Java 7, when using Java 7. Downgrade one library so its Java 7 compatible.

---
 pom.xml | 45 ++++++++++++++++++++++++++++++++-------------
 1 file changed, 32 insertions(+), 13 deletions(-)

diff --git a/pom.xml b/pom.xml
index 3a6a2f462..2275678ef 100644
--- a/pom.xml
+++ b/pom.xml
@@ -178,7 +178,8 @@
         <dependency>
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-collections4</artifactId>
-            <version>4.3</version>
+            <!-- Using 4.2 because 4.3 requires Java 8. Trying to make sure ESAPI supports Java 7+ -->
+            <version>4.2</version>
         </dependency>
         <dependency>
             <groupId>log4j</groupId>
@@ -318,6 +319,21 @@
                     <version>3.1.12</version>
                   </dependency>
                 </dependencies>
+                <executions>
+                    <execution>
+                      <!-- requires Java 8. So only run it if using Java 8 or greater.
+                           This property set in a profile below. -->
+                      <phase>${PhaseIfJava8plus}</phase>
+                    </execution>
+                </executions>
+                <configuration>
+                    <findbugsXmlOutput>true</findbugsXmlOutput>
+                    <findbugsXmlWithMessages>true</findbugsXmlWithMessages>
+                    <xmlOutput>true</xmlOutput>
+                    <threshold>Low</threshold>
+                    <effort>Max</effort>
+                    <relaxed>false</relaxed>
+                </configuration>
             </plugin>
 
             <plugin>
@@ -332,6 +348,8 @@
                 <configuration>
                     <source>1.7</source>
                     <target>1.7</target>
+                    <testSource>1.7</testSource>
+                    <testTarget>1.7</testTarget>
                     <debug>true</debug>
                     <showWarnings>true</showWarnings>
                     <showDeprecation>false</showDeprecation>
@@ -479,12 +497,16 @@
                 </configuration>
                 <executions>
                     <execution>
+                        <!-- ODC requires Java 8. So only run it if using Java 8 or greater.
+                             This property set in a profile below. -->
+                        <phase>${PhaseIfJava8plus}</phase>
                         <goals>
                             <goal>check</goal>
                         </goals>
                     </execution>
                 </executions>
             </plugin>
+
         </plugins>
     </build>
 
@@ -547,18 +569,6 @@
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-surefire-plugin</artifactId>
             </plugin>
-            <plugin>
-                <groupId>com.github.spotbugs</groupId>
-                <artifactId>spotbugs-maven-plugin</artifactId>
-                <configuration>
-                    <findbugsXmlOutput>true</findbugsXmlOutput>
-                    <findbugsXmlWithMessages>true</findbugsXmlWithMessages>
-                    <xmlOutput>true</xmlOutput>
-                    <threshold>Low</threshold>
-                    <effort>Max</effort>
-                    <relaxed>false</relaxed>
-                </configuration>
-            </plugin>
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>jdepend-maven-plugin</artifactId>
@@ -599,6 +609,15 @@
     </reporting>
 
     <profiles>
+        <profile>
+          <activation>
+            <jdk>[1.8,)</jdk>
+          </activation>
+          <properties>
+            <PhaseIfJava8plus>install</PhaseIfJava8plus>
+          </properties>
+        </profile>
+
         <profile>
             <!-- Activate to sign jars and build distributable download. -->
             <id>dist</id>

From 707e619d2eba4033e5b06ae7907423e1a600a09f Mon Sep 17 00:00:00 2001
From: davewichers <dwichers@gmail.com>
Date: Sun, 14 Apr 2019 17:04:48 -0400
Subject: [PATCH 542/812] Upgrade to newer javadoc plugin version and set
 source to 7 for this plugin so it will actually build properly with Java 11.
 There are still a bunch of new javadoc warnings with Java 11 that I would
 like to clean up, but it at least builds now.

---
 pom.xml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 2275678ef..29f77c5c2 100644
--- a/pom.xml
+++ b/pom.xml
@@ -419,8 +419,9 @@
             <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-javadoc-plugin</artifactId>
-               <version>3.0.1</version>
+               <version>3.1.0</version>
                <configuration>
+                 <source>7</source>
                  <doclint>none</doclint>
                </configuration>
                <executions>

From 63c39070487c95b5d76d9fbe004d98b4805b94d2 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 14 Apr 2019 18:53:44 -0400
Subject: [PATCH 543/812] Remove references to old 1.4 crypto stuff and
 indicate that fixed IVs is deprecated and will disappear next release (2.3).

---
 configuration/esapi/ESAPI.properties | 62 +++++++++++-----------------
 1 file changed, 25 insertions(+), 37 deletions(-)

diff --git a/configuration/esapi/ESAPI.properties b/configuration/esapi/ESAPI.properties
index e17928c07..903105197 100644
--- a/configuration/esapi/ESAPI.properties
+++ b/configuration/esapi/ESAPI.properties
@@ -32,14 +32,6 @@
 # file-based implementations, that some files may need to be read-write as they
 # get updated dynamically.
 #
-# Before using, be sure to update the MasterKey and MasterSalt as described below.
-# N.B.: If you had stored data that you have previously encrypted with ESAPI 1.4,
-#		you *must* FIRST decrypt it using ESAPI 1.4 and then (if so desired)
-#		re-encrypt it with ESAPI 2.0. If you fail to do this, you will NOT be
-#		able to decrypt your data with ESAPI 2.0.
-#
-#		YOU HAVE BEEN WARNED!!! More details are in the ESAPI 2.0 Release Notes.
-#
 #===========================================================================
 # ESAPI Configuration
 #
@@ -133,21 +125,6 @@ Encoder.DefaultCodecList=HTMLEntityCodec,PercentCodec,JavaScriptCodec
 # unlimited strength policy files and install in the lib directory of your JRE/JDK.
 # See http://java.sun.com/javase/downloads/index.jsp for more information.
 #
-# Backward compatibility with ESAPI Java 1.4 is supported by the two deprecated API
-# methods, Encryptor.encrypt(String) and Encryptor.decrypt(String). However, whenever
-# possible, these methods should be avoided as they use ECB cipher mode, which in almost
-# all circumstances a poor choice because of it's weakness. CBC cipher mode is the default
-# for the new Encryptor encrypt / decrypt methods for ESAPI Java 2.0.  In general, you
-# should only use this compatibility setting if you have persistent data encrypted with
-# version 1.4 and even then, you should ONLY set this compatibility mode UNTIL
-# you have decrypted all of your old encrypted data and then re-encrypted it with
-# ESAPI 2.0 using CBC mode. If you have some reason to mix the deprecated 1.4 mode
-# with the new 2.0 methods, make sure that you use the same cipher algorithm for both
-# (256-bit AES was the default for 1.4; 128-bit is the default for 2.0; see below for
-# more details.) Otherwise, you will have to use the new 2.0 encrypt / decrypt methods
-# where you can specify a SecretKey. (Note that if you are using the 256-bit AES,
-# that requires downloading the special jurisdiction policy files mentioned above.)
-#
 #		***** IMPORTANT: Do NOT forget to replace these with your own values! *****
 # To calculate these values, you can run:
 #		java -classpath esapi.jar org.owasp.esapi.reference.crypto.JavaEncryptor
@@ -185,12 +162,6 @@ Encryptor.PreferredJCEProvider=
 
 # AES is the most widely used and strongest encryption algorithm. This
 # should agree with your Encryptor.CipherTransformation property.
-# By default, ESAPI Java 1.4 uses "PBEWithMD5AndDES" and which is
-# very weak. It is essentially a password-based encryption key, hashed
-# with MD5 around 1K times and then encrypted with the weak DES algorithm
-# (56-bits) using ECB mode and an unspecified padding (it is
-# JCE provider specific, but most likely "NoPadding"). However, 2.0 uses
-# "AES/CBC/PKCSPadding". If you want to change these, change them here.
 # Warning: This property does not control the default reference implementation for
 #		   ESAPI 2.0 using JavaEncryptor. Also, this property will be dropped
 #		   in the future.
@@ -228,17 +199,18 @@ Encryptor.cipher_modes.combined_modes=GCM,CCM,IAPM,EAX,OCB,CWC
 # DISCUSS: Better name?
 Encryptor.cipher_modes.additional_allowed=CBC
 
-# 128-bit is almost always sufficient and appears to be more resistant to
-# related key attacks than is 256-bit AES. Use '_' to use default key size
-# for cipher algorithms (where it makes sense because the algorithm supports
-# a variable key size). Key length must agree to what's provided as the
+# 128-bit is almost always sufficient, and for AES, it appears to be more
+# to be a bit more resistant to related key attacks than is 256-bit AES.
+#
+# Note: Key length must agree to what's provided as the
 # cipher transformation, otherwise this will be ignored after logging a
 # warning.
 #
-# NOTE: This is what applies BOTH ESAPI 1.4 and 2.0. See warning above about mixing!
+# Defaults to 128 bits if left blank.
+#
 Encryptor.EncryptionKeyLength=128
 
-# Because 2.0 uses CBC mode by default, it requires an initialization vector (IV).
+# Because 2.x uses CBC mode by default, it requires an initialization vector (IV).
 # (All cipher modes except ECB require an IV.) There are two choices: we can either
 # use a fixed IV known to both parties or allow ESAPI to choose a random IV. While
 # the IV does not need to be hidden from adversaries, it is important that the
@@ -249,8 +221,12 @@ Encryptor.EncryptionKeyLength=128
 # IVs. If you wish to use 'fixed' IVs, set 'Encryptor.ChooseIVMethod=fixed' and
 # uncomment the Encryptor.fixedIV.
 #
-# Valid values:		random|fixed|specified		'specified' not yet implemented; planned for 2.1
+# Valid values:		random|fixed|specified		'specified' not yet implemented; planned for 2.3
+#                                               'fixed' is deprecated as of 2.2
+#                                               and will be removed in 2.3.
 Encryptor.ChooseIVMethod=random
+
+
 # If you choose to use a fixed IV, then you must place a fixed IV here that
 # is known to all others who are sharing your secret key. The format should
 # be a hex string that is the same length as the cipher block size for the
@@ -260,6 +236,10 @@ Encryptor.ChooseIVMethod=random
 # "Recommendation for Block Cipher Modes of Operation".
 # (Note that the block size for AES is 16 bytes == 128 bits.)
 #
+#   @Deprecated -- fixed IVs are deprecated as of the 2.2 release and support
+#                  will be removed in the next release (tentatively, 2.3).
+#                  If you MUST use this, at least replace this IV with one
+#                  that your legacy application was using.
 Encryptor.fixedIV=0x000102030405060708090a0b0c0d0e0f
 
 # Whether or not CipherText should use a message authentication code (MAC) with it.
@@ -270,7 +250,15 @@ Encryptor.fixedIV=0x000102030405060708090a0b0c0d0e0f
 # "combined mode" cipher mode.
 #
 # If you are using ESAPI with a FIPS 140-2 cryptographic module, you *must* also
-# set this property to false.
+# set this property to false. That is because ESAPI takes the master key and
+# derives 2 keys from it--a key for the MAC and a key for encryption--and
+# because ESAPI is not itself FIPS 140-2 verified such intermediary aterations
+# to keys from FIPS approved sources would have the effect of making your FIPS
+# approved key generation and thus your FIPS approved JCE provider unapproved!
+# More details in
+#       documentation/esapi4java-core-2.0-readme-crypto-changes.html
+#       documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html
+# You have been warned.
 Encryptor.CipherText.useMAC=true
 
 # Whether or not the PlainText object may be overwritten and then marked

From 0ab470c3c1f4e23a5e9b4a2fad5a1310ed591bdd Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 14 Apr 2019 18:56:14 -0400
Subject: [PATCH 544/812] Remove references to old 1.4 crypto stuff and
 indicate that fixed IVs is deprecated and will disappear next release (2.3).
 Also added warning comments at the beginning to discourage use of test
 version of ESAPI.properties file.

---
 src/test/resources/esapi/ESAPI.properties | 66 +++++++++++++----------
 1 file changed, 39 insertions(+), 27 deletions(-)

diff --git a/src/test/resources/esapi/ESAPI.properties b/src/test/resources/esapi/ESAPI.properties
index 0c2c623f0..afb3f92a6 100644
--- a/src/test/resources/esapi/ESAPI.properties
+++ b/src/test/resources/esapi/ESAPI.properties
@@ -1,5 +1,33 @@
 #
 # OWASP Enterprise Security API (ESAPI) Properties file -- TEST Version
+#############################################################################
+#
+#   #######                                 #     #
+#      #     ######   ####    #####         #     #  ######  #####    ####
+#      #     #       #          #           #     #  #       #    #  #
+#      #     #####    ####      #           #     #  #####   #    #   ####
+#      #     #            #     #            #   #   #       #####        #
+#      #     #       #    #     #             # #    #       #   #   #    #
+#      #     ######   ####      #              #     ######  #    #   ####
+#   
+#   This is NOT the version of ESAPI.properties that you are looking for.
+#
+#   That is over in the 'configuration/esapi/ESAPI.properties' file. You
+#   should retrieve THAT version from the official GitHub report from
+#       https://github.com/ESAPI/esapi-java-legacy/blob/develop/configuration/esapi/ESAPI.properties
+#   but make sure that you select it from the 'master' branch (which will
+#   correspond to the latest official ESAPI relase). Sorry for the
+#   inconvenience. We are trying to figure out how to get it to the official
+#   "esapi-<releaseVersion>-sources.jar fiel available from Maven Central, but
+#   in the meantime, you will have to get it from GitHub.
+#
+#   PLEASE do not base your production use of ESAPI on this TEST version of
+#   ESAPI.properties as this test version has been dummed down in several places
+#   for JUnit testing.
+#
+#   You have been warned.
+#
+#############################################################################
 # 
 # This file is part of the Open Web Application Security Project (OWASP)
 # Enterprise Security API (ESAPI) project. For details, please see
@@ -32,14 +60,6 @@
 # file-based implementations, that some files may need to be read-write as they
 # get updated dynamically.
 #
-# Before using, be sure to update the MasterKey and MasterSalt as described below.
-# N.B.: If you had stored data that you have previously encrypted with ESAPI 1.4,
-#		you *must* FIRST decrypt it using ESAPI 1.4 and then (if so desired)
-#		re-encrypt it with ESAPI 2.0. If you fail to do this, you will NOT be
-#		able to decrypt your data with ESAPI 2.0.
-#
-#		YOU HAVE BEEN WARNED!!! More details are in the ESAPI 2.0 Release Notes.
-#
 #===========================================================================
 # ESAPI Configuration
 #
@@ -134,21 +154,6 @@ Encoder.DefaultCodecList=HTMLEntityCodec,PercentCodec,JavaScriptCodec
 # unlimited strength policy files and install in the lib directory of your JRE/JDK.
 # See http://java.sun.com/javase/downloads/index.jsp for more information.
 #
-# Backward compatibility with ESAPI Java 1.4 is supported by the two deprecated API
-# methods, Encryptor.encrypt(String) and Encryptor.decrypt(String). However, whenever
-# possible, these methods should be avoided as they use ECB cipher mode, which in almost
-# all circumstances a poor choice because of it's weakness. CBC cipher mode is the default
-# for the new Encryptor encrypt / decrypt methods for ESAPI Java 2.0.  In general, you
-# should only use this compatibility setting if you have persistent data encrypted with
-# version 1.4 and even then, you should ONLY set this compatibility mode UNTIL
-# you have decrypted all of your old encrypted data and then re-encrypted it with
-# ESAPI 2.0 using CBC mode. If you have some reason to mix the deprecated 1.4 mode
-# with the new 2.0 methods, make sure that you use the same cipher algorithm for both
-# (256-bit AES was the default for 1.4; 128-bit is the default for 2.0; see below for
-# more details.) Otherwise, you will have to use the new 2.0 encrypt / decrypt methods
-# where you can specify a SecretKey. (Note that if you are using the 256-bit AES,
-# that requires downloading the special jurisdiction policy files mentioned above.)
-#
 #		***** IMPORTANT: These are for JUnit testing. Test files may have been
 #						 encrypted using these values so do not change these or
 #						 those tests will fail. The version under
@@ -252,10 +257,9 @@ Encryptor.cipher_modes.additional_allowed=CBC,ECB
 # cipher transformation, otherwise this will be ignored after logging a
 # warning.
 #
-# NOTE: This is what applies BOTH ESAPI 1.4 and 2.0. See warning above about mixing!
 Encryptor.EncryptionKeyLength=128
 
-# Because 2.0 uses CBC mode by default, it requires an initialization vector (IV).
+# Because 2.x uses CBC mode by default, it requires an initialization vector (IV).
 # (All cipher modes except ECB require an IV.) There are two choices: we can either
 # use a fixed IV known to both parties or allow ESAPI to choose a random IV. While
 # the IV does not need to be hidden from adversaries, it is important that the
@@ -266,17 +270,25 @@ Encryptor.EncryptionKeyLength=128
 # IVs. If you wish to use 'fixed' IVs, set 'Encryptor.ChooseIVMethod=fixed' and
 # uncomment the Encryptor.fixedIV.
 #
-# Valid values:		random|fixed|specified		'specified' not yet implemented; planned for 2.1
+# Valid values:		random|fixed|specified		'specified' not yet implemented; planned for 2.3
+#                                               'fixed' is deprecated as of 2.2
+#                                               and will be removed in 2.3.
 Encryptor.ChooseIVMethod=random
+
+
 # If you choose to use a fixed IV, then you must place a fixed IV here that
 # is known to all others who are sharing your secret key. The format should
 # be a hex string that is the same length as the cipher block size for the
-# cipher algorithm that you are using. The following is an example for AES
+# cipher algorithm that you are using. The following is an *example* for AES
 # from an AES test vector for AES-128/CBC as described in:
 # NIST Special Publication 800-38A (2001 Edition)
 # "Recommendation for Block Cipher Modes of Operation".
 # (Note that the block size for AES is 16 bytes == 128 bits.)
 #
+#   @Deprecated -- fixed IVs are deprecated as of the 2.2 release and support
+#                  will be removed in the next release (tentatively, 2.3).
+#                  If you MUST use this, at least replace this IV with one
+#                  that your legacy application was using.
 Encryptor.fixedIV=0x000102030405060708090a0b0c0d0e0f
 
 # Whether or not CipherText should use a message authentication code (MAC) with it.

From 188c1aa1a565bbe954c1f4d17d727fe41d87b636 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 14 Apr 2019 18:57:49 -0400
Subject: [PATCH 545/812] Update javadoc to mention that fixed IV is
 deprecated.

---
 .../org/owasp/esapi/SecurityConfiguration.java    | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/SecurityConfiguration.java b/src/main/java/org/owasp/esapi/SecurityConfiguration.java
index 4d43d4834..92286acdd 100644
--- a/src/main/java/org/owasp/esapi/SecurityConfiguration.java
+++ b/src/main/java/org/owasp/esapi/SecurityConfiguration.java
@@ -378,11 +378,19 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
     /**
      * Get a string indicating how to compute an Initialization Vector (IV).
      * Currently supported modes are "random" to generate a random IV or
-     * "fixed" to use a fixed (static) IV. If a "fixed" IV is chosen, then the
+     * "fixed" to use a fixed (static) IV.
+     *
+     * <b>WARNING:</b> 'fixed' was only intended to support legacy applications with
+     * fixed IVs, but the use of non-random IVs is inherently insecure,
+     * especially for any supported cipher mode that is considered a streaming mode
+     * (which is basically anything except CBC for modes that support require an IV).
+     * For this reason, 'fixed' is considered <b>deprecated</b> and will be
+     * removed during the next ESAPI point release (tentatively, 2.3).
+     * However, note that if a "fixed" IV is chosen, then the
      * the value of this fixed IV must be specified as the property
      * {@code Encryptor.fixedIV} and be of the appropriate length.
      * 
-     * @return A string specifying the IV type. Should be "random" or "fixed".
+     * @return A string specifying the IV type. Should be "random" or "fixed" (dereprected).
      * 
      * @see #getFixedIV()
      * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
@@ -398,7 +406,8 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
      *             instead. Longer term: There will be a more general method in JavaEncryptor
      *             to explicitly set an IV. This whole concept of a single fixed IV has
      *             always been a kludge at best, as a concession to those who have used
-     *             a single fixed IV in the past. It's time to put it to death
+     *             a single fixed IV in the past to support legacy applications. This method will be
+     *             killed off in the next ESAPI point release (likely 2.3). It's time to put it to death
      *             as it was never intended for production in the first place.
      */
 	@Deprecated

From f8b1ed50625a88161eb1a2836da803c334b3cb6b Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 14 Apr 2019 19:01:01 -0400
Subject: [PATCH 546/812] Fix test that was failing if BC was JCE provided and
 was failing on MacOS and Windows.

---
 .../esapi/reference/crypto/EncryptorTest.java  | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/reference/crypto/EncryptorTest.java b/src/test/java/org/owasp/esapi/reference/crypto/EncryptorTest.java
index f215dfb41..11637f260 100644
--- a/src/test/java/org/owasp/esapi/reference/crypto/EncryptorTest.java
+++ b/src/test/java/org/owasp/esapi/reference/crypto/EncryptorTest.java
@@ -238,7 +238,7 @@ public void testNewEncryptDecrypt() {
      *         strength crypto is not available for this Java VM.
      */
     private String runNewEncryptDecryptTestCase(String cipherXform, int keySize, byte[] plaintextBytes) {
-    	System.err.println("New encrypt / decrypt: " + cipherXform + "; requested key size: " + keySize + " bits.");
+    	// System.err.println("New encrypt / decrypt: " + cipherXform + "; requested key size: " + keySize + " bits.");
     	
     	if ( keySize > 128 && !unlimitedStrengthJurisdictionPolicyInstalled ) {
     	    System.err.println("Skipping test for cipher transformation " +
@@ -255,12 +255,23 @@ private String runNewEncryptDecryptTestCase(String cipherXform, int keySize, byt
 			assertTrue( skey.getAlgorithm().equals(cipherXform.split("/")[0]) );
 			String cipherAlg = cipherXform.split("/")[0];
 
-            System.err.println("Key size of generated encoded key: " + skey.getEncoded().length * 8 + " bits.");
+            // System.err.println("Key size of generated encoded key: " + skey.getEncoded().length * 8 + " bits.");
 			
 			// Adjust key size for DES and DESede specific oddities.
 			// NOTE: Key size that encrypt() method is using is 192 bits!!!
     		//        which is 3 times 64 bits, but DES key size is only 56 bits.
     		// See 'IMPORTANT NOTE', in JavaEncryptor, near line 376. It's a "feature"!!!
+/////   This section is causing problems. BC for instance sometimes creates a
+/////   192 bit key and then subsequently creates a 128-bit key for 2-key
+/////   3DES so adjusing this is futile. THis is a holdover when we were
+/////   doing an *exact* size comparison in the following assertTrue() though.
+/////   Since we are no longer doing that, we don't need to "adjust" the size
+/////   so hopefully all will be well with the world.
+/////
+/////   Delete this comment and the following commented-out code after the
+/////   official 2.2.0.0 release.
+/////
+/*
 			if ( cipherAlg.equals( "DESede" ) ) {
                 System.err.println("Adjusting requested key size of " + keySize + " bits to 192 bits for DESede");
 				keySize = 192;
@@ -268,6 +279,7 @@ private String runNewEncryptDecryptTestCase(String cipherXform, int keySize, byt
                 System.err.println("Adjusting requested key size of " + keySize + " bits to 64 bits for DES");
 				keySize = 64;
 			} // Else... use specified keySize.
+ */
 
             assertTrue(cipherXform + ": encoded key size of " + skey.getEncoded().length + " shorter than requested key size of: " + (keySize / 8),
             		skey.getEncoded().length >= (keySize / 8) );
@@ -278,7 +290,7 @@ private String runNewEncryptDecryptTestCase(String cipherXform, int keySize, byt
 	    	@SuppressWarnings("deprecation")
 			String oldCipherXform = ESAPI.securityConfiguration().setCipherTransformation(cipherXform);
 	    	if ( ! cipherXform.equals(oldCipherXform) ) {
-	    		System.err.println("Cipher xform changed from \"" + oldCipherXform + "\" to \"" + cipherXform + "\"");
+	    		// System.err.println("Cipher xform changed from \"" + oldCipherXform + "\" to \"" + cipherXform + "\"");
 	    	}
 	    	
 	    	// Get an Encryptor instance with the specified, possibly new, cipher transformation.

From 95b13c9336671ab276e70ccdbc833dd4663a42d1 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 14 Apr 2019 19:22:14 -0400
Subject: [PATCH 547/812] Add warning about fixed IVs being deprecated if that
 option is chosen.

---
 .../reference/DefaultSecurityConfiguration.java   | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
index 691bce1a3..45827799c 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
@@ -121,7 +121,10 @@ public static SecurityConfiguration getInstance() {
     public static final String CIPHERTEXT_USE_MAC = "Encryptor.CipherText.useMAC";
     public static final String PLAINTEXT_OVERWRITE = "Encryptor.PlainText.overwrite";
     public static final String IV_TYPE = "Encryptor.ChooseIVMethod";
+
+    @Deprecated
     public static final String FIXED_IV = "Encryptor.fixedIV";
+
     public static final String COMBINED_CIPHER_MODES = "Encryptor.cipher_modes.combined_modes";
     public static final String ADDITIONAL_ALLOWED_CIPHER_MODES = "Encryptor.cipher_modes.additional_allowed";
     public static final String KDF_PRF_ALG = "Encryptor.KDF.PRF";
@@ -824,7 +827,10 @@ public boolean overwritePlainText() {
 	 */
     public String getIVType() {
     	String value = getESAPIProperty(IV_TYPE, "random");
-    	if ( value.equalsIgnoreCase("fixed") || value.equalsIgnoreCase("random") ) {
+    	if ( value.equalsIgnoreCase("random") ) {
+            return value;
+        } else if ( value.equalsIgnoreCase("fixed") ) {
+            logSpecial("WARNING: Property '" + IV_TYPE + "=fixed' is DEPRECATED. It was intended to support legacy applications, but is inherently insecure, especially with any streaming mode. Support for this will be completed dropped next ESAPI minor release (probably 2.3");
     		return value;
     	} else if ( value.equalsIgnoreCase("specified") ) {
     		// This is planned for future implementation where setting
@@ -835,18 +841,19 @@ public String getIVType() {
     		// that for a given key, any particular IV is *NEVER* reused. For
     		// now, we will assume that generating a random IV is usually going
     		// to be sufficient to prevent this.
-    		throw new ConfigurationException("'" + IV_TYPE + "=specified' is not yet implemented. Use 'fixed' or 'random'");
+    		throw new ConfigurationException("'" + IV_TYPE + "=specified' is not yet implemented. Use 'random' for now.");
     	} else {
     		// TODO: Once 'specified' is legal, adjust exception msg, below.
     		// DISCUSS: Could just log this and then silently return "random" instead.
     		throw new ConfigurationException(value + " is illegal value for " + IV_TYPE +
-    										 ". Use 'random' (preferred) or 'fixed'.");
+    										 ". Use 'random'.");
     	}
     }
 
     /**
 	 * {@inheritDoc}
 	 */
+    @Deprecated
     public String getFixedIV() {
     	if ( getIVType().equalsIgnoreCase("fixed") ) {
     		String ivAsHex = getESAPIProperty(FIXED_IV, ""); // No default
@@ -858,7 +865,7 @@ public String getFixedIV() {
     	} else {
     		// DISCUSS: Should we just log a warning here and return null instead?
     		//			If so, may cause NullPointException somewhere later.
-    		throw new ConfigurationException("IV type not 'fixed' (set to '" +
+    		throw new ConfigurationException("IV type not 'fixed' [which is DEPRECATED!] (set to '" +
     										 getIVType() + "'), so no fixed IV applicable.");
     	}
     }

From a252d00ef82154b9f4ef8f893565ec933bd35d11 Mon Sep 17 00:00:00 2001
From: davewichers <dwichers@gmail.com>
Date: Tue, 16 Apr 2019 16:44:24 +0000
Subject: [PATCH 548/812] Add gpg signing plugin so: mvn install generates
 signature files. Changed so Dependency Check and SpotBugs run when using
 'site'. Added exclusions so project gets 100% convergence for all
 dependencies. Reordered dependencies in various places so they are imported
 in alphabetical order by GroupId and ArtifactID.

---
 pom.xml | 181 ++++++++++++++++++++++++++++++++++++++------------------
 1 file changed, 123 insertions(+), 58 deletions(-)

diff --git a/pom.xml b/pom.xml
index 29f77c5c2..77acbb727 100644
--- a/pom.xml
+++ b/pom.xml
@@ -137,9 +137,36 @@
 
     <dependencies>
         <dependency>
-            <groupId>commons-configuration</groupId>
-            <artifactId>commons-configuration</artifactId>
-            <version>1.10</version>
+            <groupId>javax.servlet</groupId>
+            <artifactId>javax.servlet-api</artifactId>
+            <version>3.0.1</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>javax.servlet.jsp</groupId>
+            <artifactId>javax.servlet.jsp-api</artifactId>
+            <version>2.3.3</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>com.io7m.xom</groupId>
+            <artifactId>xom</artifactId>
+            <version>1.2.10</version>
+            <exclusions>
+                <!-- excluded because we directly import newer versions. -->
+                <exclusion>
+                    <groupId>xalan</groupId>
+                    <artifactId>xalan</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>xerces</groupId>
+                    <artifactId>xercesImpl</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>xml-apis</groupId>
+                    <artifactId>xml-apis</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>commons-beanutils</groupId>
@@ -153,33 +180,29 @@
                  -->
         </dependency>
         <dependency>
-            <groupId>javax.servlet</groupId>
-            <artifactId>javax.servlet-api</artifactId>
-            <version>3.0.1</version>
-            <scope>provided</scope>
-        </dependency>
-        <dependency>
-            <groupId>javax.servlet.jsp</groupId>
-            <artifactId>javax.servlet.jsp-api</artifactId>
-            <version>2.3.3</version>
-            <scope>provided</scope>
+            <groupId>commons-configuration</groupId>
+            <artifactId>commons-configuration</artifactId>
+            <version>1.10</version>
+            <exclusions>
+                <!-- excluded because multiple dependencies import newer version. -->
+                <exclusion>
+                    <groupId>commons-logging</groupId>
+                    <artifactId>commons-logging</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>commons-fileupload</groupId>
             <artifactId>commons-fileupload</artifactId>
+            <!-- Upgrading to 1.4 causes this test case failure: [ERROR] HTTPUtilitiesTest.testGetFileUploads:259. TODO: Figure out why, and fix. -->
             <version>1.3.3</version>
-            <!-- exclusions>
+            <exclusions>
+                <!-- excluded because we directly import newer version. -->
                 <exclusion>
                     <groupId>commons-io</groupId>
                     <artifactId>commons-io</artifactId>
                 </exclusion>
-            </exclusions -->
-        </dependency>
-        <dependency>
-            <groupId>org.apache.commons</groupId>
-            <artifactId>commons-collections4</artifactId>
-            <!-- Using 4.2 because 4.3 requires Java 8. Trying to make sure ESAPI supports Java 7+ -->
-            <version>4.2</version>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>log4j</groupId>
@@ -187,24 +210,10 @@
             <version>1.2.17</version>
         </dependency>
         <dependency>
-            <groupId>org.slf4j</groupId>
-            <artifactId>slf4j-api</artifactId>
-            <version>1.7.26</version>
-        </dependency>
-        <dependency>
-            <groupId>com.io7m.xom</groupId>
-            <artifactId>xom</artifactId>
-            <version>1.2.10</version>
-            <exclusions>
-                <exclusion>
-                    <groupId>xerces</groupId>
-                    <artifactId>xercesImpl</artifactId>
-                </exclusion>
-                <exclusion>
-                    <groupId>xml-apis</groupId>
-                    <artifactId>xml-apis</artifactId>
-                </exclusion>
-            </exclusions>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-collections4</artifactId>
+            <!-- Using 4.2 because 4.3 requires Java 8. Trying to make sure ESAPI supports Java 7+ -->
+            <version>4.2</version>
         </dependency>
         <dependency>
             <groupId>org.apache-extras.beanshell</groupId>
@@ -226,20 +235,20 @@
                 </exclusion>
             </exclusions>
         </dependency>
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-api</artifactId>
+            <version>1.7.26</version>
+        </dependency>
 
         <!--
              FORCE SPECIFIC VERSIONS OF TRANSITIVE DEPENDENCIES EXCLUDED ABOVE.
              This is to force patched versions of these libraries with known CVEs against them.
         -->
         <dependency>
-            <groupId>xalan</groupId>
-            <artifactId>xalan</artifactId>
-            <version>2.7.2</version>
-        </dependency>
-        <dependency>
-            <groupId>xml-apis</groupId>
-            <artifactId>xml-apis</artifactId>
-            <version>1.4.01</version>
+            <groupId>commons-io</groupId>
+            <artifactId>commons-io</artifactId>
+            <version>2.6</version>
         </dependency>
         <dependency>
             <groupId>org.apache.xmlgraphics</groupId>
@@ -256,15 +265,26 @@
                 </exclusion>
             </exclusions>
         </dependency>
+        <dependency>
+            <groupId>xalan</groupId>
+            <artifactId>xalan</artifactId>
+            <version>2.7.2</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>xml-apis</groupId>
+                    <artifactId>xml-apis</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
         <dependency>
             <groupId>xerces</groupId>
             <artifactId>xercesImpl</artifactId>
             <version>2.12.0</version>
         </dependency>
         <dependency>
-            <groupId>commons-io</groupId>
-            <artifactId>commons-io</artifactId>
-            <version>2.6</version>
+            <groupId>xml-apis</groupId>
+            <artifactId>xml-apis</artifactId>
+            <version>1.4.01</version>
         </dependency>
 
         <!-- Dependencies which are ONLY used for JUnit tests -->
@@ -286,6 +306,35 @@
             <artifactId>powermock-api-mockito2</artifactId>
             <version>2.0.0</version>
             <scope>test</scope>
+        	<!-- These exclusions required to avoid convergence issues with import of mockito-core -->
+        	<exclusions>
+                <exclusion>
+                    <groupId>org.mockito</groupId>
+                    <artifactId>mockito-core</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>net.bytebuddy</groupId>
+                    <artifactId>byte-buddy</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>net.bytebuddy</groupId>
+                    <artifactId>byte-buddy-agent</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <!-- The following imported solely so we can exclude its dependency on: org.objenesis:objenesis, which conflicts with 
+             another import by a dependency of powermock-api-mockito2. -->
+        <dependency>
+            <groupId>org.mockito</groupId>
+            <artifactId>mockito-core</artifactId>
+            <version>2.27.0</version>
+            <scope>test</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.objenesis</groupId>
+                    <artifactId>objenesis</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>org.powermock</groupId>
@@ -343,6 +392,7 @@
             </plugin>
 
             <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-compiler-plugin</artifactId>
                 <version>3.8.0</version>
                 <configuration>
@@ -395,6 +445,25 @@
                 <artifactId>maven-enforcer-plugin</artifactId>
                 <version>1.4.1</version>
             </plugin>
+            
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-gpg-plugin</artifactId>
+                <version>1.6</version>
+                <executions>
+                  <execution>
+                    <id>sign-artifacts</id>
+                    <phase>verify</phase>
+                    <goals> <goal>sign</goal> </goals>
+                  </execution>
+                </executions>
+            </plugin>
+
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-install-plugin</artifactId>
+                <version>2.5.2</version>
+            </plugin>
 
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
@@ -410,12 +479,6 @@
                 </configuration>
             </plugin>
 
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-install-plugin</artifactId>
-                <version>2.5.2</version>
-            </plugin>
-
             <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-javadoc-plugin</artifactId>
@@ -493,7 +556,7 @@
                 <artifactId>dependency-check-maven</artifactId>
                 <version>5.0.0-M2</version>
                 <configuration>
-                    <!-- <failBuildOnCVSS>5.9</failBuildOnCVSS> -->
+                    <failBuildOnCVSS>5.9</failBuildOnCVSS>
                     <suppressionFile>./suppressions.xml</suppressionFile>
                 </configuration>
                 <executions>
@@ -533,6 +596,7 @@
                 </configuration>
             </plugin>
             <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-javadoc-plugin</artifactId>
                 <configuration>
                     <detectJavaApiLink>false</detectJavaApiLink>
@@ -550,6 +614,7 @@
                 </configuration>
             </plugin>
             <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-site-plugin</artifactId>
                 <configuration>
                   <reportPlugins>
@@ -615,7 +680,7 @@
             <jdk>[1.8,)</jdk>
           </activation>
           <properties>
-            <PhaseIfJava8plus>install</PhaseIfJava8plus>
+            <PhaseIfJava8plus>site</PhaseIfJava8plus>
           </properties>
         </profile>
 

From 930fcf3bc8a0ab2aa9adff2b11dcd3a5dd6eb3bb Mon Sep 17 00:00:00 2001
From: davewichers <dwichers@gmail.com>
Date: Tue, 16 Apr 2019 23:05:37 +0000
Subject: [PATCH 549/812] More improvements/upgrades to pom.xml. Start at
 elimination of PMD findings. Many more still to go.

---
 pom.xml                                       |  99 +++++++++----
 .../org/owasp/esapi/AccessControlRule.java    |   6 +-
 .../org/owasp/esapi/AccessController.java     |   8 +-
 src/main/java/org/owasp/esapi/Encoder.java    |   4 +-
 .../org/owasp/esapi/EncryptedProperties.java  |   8 +-
 src/main/java/org/owasp/esapi/Encryptor.java  |   8 +-
 .../java/org/owasp/esapi/HTTPUtilities.java   |  24 ++-
 src/main/java/org/owasp/esapi/Logger.java     |  35 ++---
 .../java/org/owasp/esapi/PreparedString.java  |   5 +-
 src/main/java/org/owasp/esapi/Randomizer.java |  17 +--
 .../owasp/esapi/SecurityConfiguration.java    | 138 +++++++++---------
 .../java/org/owasp/esapi/StringUtilities.java |   2 +-
 src/main/java/org/owasp/esapi/User.java       |  10 +-
 src/main/java/org/owasp/esapi/Validator.java  |   2 +-
 .../esapi/codecs/AbstractIntegerCodec.java    |   5 +-
 15 files changed, 203 insertions(+), 168 deletions(-)

diff --git a/pom.xml b/pom.xml
index 77acbb727..393754262 100644
--- a/pom.xml
+++ b/pom.xml
@@ -306,8 +306,11 @@
             <artifactId>powermock-api-mockito2</artifactId>
             <version>2.0.0</version>
             <scope>test</scope>
+            <!-- The following exclusions and import of mockito-core 2.27.0 (or 2.23.0) result in 100% convergence in the test dependencies,
+                 but introduce a test dependency that requires Java 8. As such, we are commenting this out for now. -->
+            <!-- TODO: There are still 7 errors when running the test cases with Java 7, caused by something else that requires Java 8. Figure out what. -->
         	<!-- These exclusions required to avoid convergence issues with import of mockito-core -->
-        	<exclusions>
+        	<!-- exclusions>
                 <exclusion>
                     <groupId>org.mockito</groupId>
                     <artifactId>mockito-core</artifactId>
@@ -322,8 +325,8 @@
                 </exclusion>
             </exclusions>
         </dependency>
-        <!-- The following imported solely so we can exclude its dependency on: org.objenesis:objenesis, which conflicts with 
-             another import by a dependency of powermock-api-mockito2. -->
+        <- The following imported solely so we can exclude its dependency on: org.objenesis:objenesis, which conflicts with 
+             another import by a dependency of powermock-api-mockito2. ->
         <dependency>
             <groupId>org.mockito</groupId>
             <artifactId>mockito-core</artifactId>
@@ -334,7 +337,7 @@
                     <groupId>org.objenesis</groupId>
                     <artifactId>objenesis</artifactId>
                 </exclusion>
-            </exclusions>
+            </exclusions -->
         </dependency>
         <dependency>
             <groupId>org.powermock</groupId>
@@ -352,6 +355,11 @@
                     <artifactId>maven-dependency-plugin</artifactId>
                     <version>3.1.1</version>
                 </plugin>
+                <plugin>
+                    <groupId>org.apache.maven.plugins</groupId>
+                    <artifactId>maven-release-plugin</artifactId>
+                    <version>2.5.3</version>
+                </plugin>
             </plugins>
         </pluginManagement>
 
@@ -385,6 +393,24 @@
                 </configuration>
             </plugin>
 
+            <plugin>
+                <groupId>net.sourceforge.maven-taglib</groupId>
+                <artifactId>maven-taglib-plugin</artifactId>
+                <version>2.4</version>
+            </plugin>
+
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-assembly-plugin</artifactId>
+                <version>2.6</version>
+            </plugin>
+
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-changelog-plugin</artifactId>
+                <version>2.3</version>
+            </plugin>
+
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-clean-plugin</artifactId>
@@ -495,7 +521,19 @@
                  </execution>
                </executions>
             </plugin>
-            
+
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-pmd-plugin</artifactId>
+                <version>3.11.0</version>            
+            </plugin>
+
+            <plugin>
+               <groupId>org.apache.maven.plugins</groupId>
+               <artifactId>maven-project-info-reports-plugin</artifactId>
+               <version>3.0.0</version>
+            </plugin>
+
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-resources-plugin</artifactId>
@@ -545,6 +583,18 @@
                 </configuration>
             </plugin>
 
+            <plugin>
+                <groupId>org.codehaus.mojo</groupId>
+                <artifactId>jdepend-maven-plugin</artifactId>
+                <version>2.0</version>
+            </plugin>
+
+            <plugin>
+                <groupId>org.codehaus.mojo</groupId>
+                <artifactId>versions-maven-plugin</artifactId>
+                <version>2.7</version>
+            </plugin>
+
             <plugin>
                 <groupId>org.eluder.coveralls</groupId>
                 <artifactId>coveralls-maven-plugin</artifactId>
@@ -579,12 +629,10 @@
             <plugin>
                 <groupId>net.sourceforge.maven-taglib</groupId>
                 <artifactId>maven-taglib-plugin</artifactId>
-                <version>2.4</version>
             </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-changelog-plugin</artifactId>
-                <version>2.3</version>
                 <configuration>
                     <issueIDRegexPattern>[Ii]ssue[# ]*(\d)+</issueIDRegexPattern>
                     <issueLinkUrl>https://github.com/ESAPI/esapi-java-legacy/issues/%ISSUE%</issueLinkUrl>
@@ -607,12 +655,26 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-pmd-plugin</artifactId>
-                <version>3.6</version>
                 <configuration>
                     <targetJdk>1.7</targetJdk>
                     <sourceEncoding>utf-8</sourceEncoding>
+                    <!-- excludeFromFailureFile>exclude-pmd.properties</excludeFromFailureFile -->
                 </configuration>
             </plugin>
+            <plugin>
+               <groupId>org.apache.maven.plugins</groupId>
+               <artifactId>maven-project-info-reports-plugin</artifactId>
+               <reportSets>
+                 <reportSet>
+                   <reports>
+                     <report>dependency-convergence</report>
+                   </reports>
+                 </reportSet>
+               </reportSets>
+               <configuration>
+                 <dependencyLocationsEnabled>false</dependencyLocationsEnabled>
+               </configuration>
+            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-site-plugin</artifactId>
@@ -638,13 +700,11 @@
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>jdepend-maven-plugin</artifactId>
-                <version>2.0</version>
             </plugin>
             <!-- Check for updates to dependencies and report on them. -->
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>versions-maven-plugin</artifactId>
-                <version>2.7</version>
                 <reportSets>
                     <reportSet>
                         <reports>
@@ -655,22 +715,7 @@
                     </reportSet>
                 </reportSets>
             </plugin>
-            
-            <plugin>
-               <groupId>org.apache.maven.plugins</groupId>
-               <artifactId>maven-project-info-reports-plugin</artifactId>
-               <version>3.0.0</version>
-               <reportSets>
-                 <reportSet>
-                   <reports>
-                     <report>dependency-convergence</report>
-                   </reports>
-                 </reportSet>
-               </reportSets>
-               <configuration>
-                 <dependencyLocationsEnabled>false</dependencyLocationsEnabled>
-               </configuration>
-            </plugin>
+
         </plugins>
     </reporting>
 
@@ -761,6 +806,7 @@
 
                     <!-- Attached JavaDocs are required by Sonatype Nexus Repository -->
                     <plugin>
+                        <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-javadoc-plugin</artifactId>
                         <configuration>
                           <doclint>none</doclint>
@@ -779,7 +825,6 @@
                     <plugin>
                         <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-assembly-plugin</artifactId>
-                        <version>2.6</version>
                         <configuration>
                             <descriptors>
                                 <descriptor>src/main/assembly/dist.xml</descriptor>
diff --git a/src/main/java/org/owasp/esapi/AccessControlRule.java b/src/main/java/org/owasp/esapi/AccessControlRule.java
index b10940369..b89af4e48 100644
--- a/src/main/java/org/owasp/esapi/AccessControlRule.java
+++ b/src/main/java/org/owasp/esapi/AccessControlRule.java
@@ -2,7 +2,7 @@
 
 
 public interface AccessControlRule<P, R> {
-	public void setPolicyParameters(P policyParameter);
-	public P getPolicyParameters();
-	public boolean isAuthorized(R runtimeParameter) throws Exception;
+	void setPolicyParameters(P policyParameter);
+	P getPolicyParameters();
+	boolean isAuthorized(R runtimeParameter) throws Exception;
 }
diff --git a/src/main/java/org/owasp/esapi/AccessController.java b/src/main/java/org/owasp/esapi/AccessController.java
index 14602fe42..15dfb5d7f 100644
--- a/src/main/java/org/owasp/esapi/AccessController.java
+++ b/src/main/java/org/owasp/esapi/AccessController.java
@@ -5,7 +5,7 @@
  * Enterprise Security API (ESAPI) project. For details, please see
  * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
  *
- * Copyright (c) 2007 - The OWASP Foundation
+ * Copyright (c) 2007-2019 - The OWASP Foundation
  * 
  * The ESAPI is published by OWASP under the BSD license. You should read and accept the
  * LICENSE before you use, modify, and/or redistribute this software.
@@ -17,8 +17,6 @@
 
 import org.owasp.esapi.errors.AccessControlException;
 
-
-
 /**
  * The AccessController interface defines a set of methods that can be used in a wide variety of applications to
  * enforce access control. In most applications, access control must be performed in multiple different locations across
@@ -95,7 +93,7 @@ public interface AccessController {
 	 *        by <code>key</code> exists and returned <code>true</code>. 
 	 *        Otherwise returns <code>false</code> 
 	 */
-	public boolean isAuthorized(Object key, Object runtimeParameter);
+	boolean isAuthorized(Object key, Object runtimeParameter);
 	
 	/**
 	 * <code>assertAuthorized</code> executes the <code>AccessControlRule</code> 
@@ -121,7 +119,7 @@ public interface AccessController {
 	 * @param runtimeParameter runtimeParameter can contain anything that 
 	 *        the AccessControlRule needs from the runtime system.
 	 */
-	public void assertAuthorized(Object key, Object runtimeParameter)
+	void assertAuthorized(Object key, Object runtimeParameter)
 		throws AccessControlException;
 
 		
diff --git a/src/main/java/org/owasp/esapi/Encoder.java b/src/main/java/org/owasp/esapi/Encoder.java
index 56ef3db7e..ca82238be 100644
--- a/src/main/java/org/owasp/esapi/Encoder.java
+++ b/src/main/java/org/owasp/esapi/Encoder.java
@@ -5,7 +5,7 @@
  * Enterprise Security API (ESAPI) project. For details, please see
  * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
  *
- * Copyright (c) 2007 - The OWASP Foundation
+ * Copyright (c) 2007-2019 - The OWASP Foundation
  * 
  * The ESAPI is published by OWASP under the BSD license. You should read and accept the
  * LICENSE before you use, modify, and/or redistribute this software.
@@ -456,6 +456,6 @@ public interface Encoder {
 	 * 
 	 * @return The canonicalized URI
 	 */
-	public String getCanonicalizedURI(URI dirtyUri);
+	String getCanonicalizedURI(URI dirtyUri);
 
 }
diff --git a/src/main/java/org/owasp/esapi/EncryptedProperties.java b/src/main/java/org/owasp/esapi/EncryptedProperties.java
index 3251aab9e..9e1a857ac 100644
--- a/src/main/java/org/owasp/esapi/EncryptedProperties.java
+++ b/src/main/java/org/owasp/esapi/EncryptedProperties.java
@@ -5,7 +5,7 @@
  * Enterprise Security API (ESAPI) project. For details, please see
  * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
  *
- * Copyright (c) 2007 - The OWASP Foundation
+ * Copyright (c) 2007-2019 - The OWASP Foundation
  * 
  * The ESAPI is published by OWASP under the BSD license. You should read and accept the
  * LICENSE before you use, modify, and/or redistribute this software.
@@ -81,7 +81,7 @@ public interface EncryptedProperties {
 	 * @return 
 	 * 		a set view of the properties contained in this map.
 	 */
-	public Set<?> keySet();
+	Set<?> keySet();
 		
 	/**
 	 * Reads a property list (key and element pairs) from the input stream.
@@ -92,7 +92,7 @@ public interface EncryptedProperties {
 	 * @throws IOException
 	 *      Signals that an I/O exception has occurred.
 	 */
-	public void load(InputStream in) throws IOException;
+	void load(InputStream in) throws IOException;
 	
 	/**
 	 * Writes this property list (key and element pairs) in this Properties table to 
@@ -106,7 +106,7 @@ public interface EncryptedProperties {
 	 * @throws IOException
 	 *             Signals that an I/O exception has occurred.
 	 */
-	public void store(OutputStream out, String comments) throws IOException;	
+	void store(OutputStream out, String comments) throws IOException;	
 	
 	
 }
diff --git a/src/main/java/org/owasp/esapi/Encryptor.java b/src/main/java/org/owasp/esapi/Encryptor.java
index 979140c86..6c83fef60 100644
--- a/src/main/java/org/owasp/esapi/Encryptor.java
+++ b/src/main/java/org/owasp/esapi/Encryptor.java
@@ -5,7 +5,7 @@
  * Enterprise Security API (ESAPI) project. For details, please see
  * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
  *
- * Copyright &copy; 2007,2009 - The OWASP Foundation
+ * Copyright &copy; 2007-2019 - The OWASP Foundation
  * 
  * The ESAPI is published by OWASP under the BSD license. You should read and accept the
  * LICENSE before you use, modify, and/or redistribute this software.
@@ -245,7 +245,6 @@ CipherText encrypt(SecretKey key, PlainText plaintext)
 	 * 
 	 * @return 
 	 * 		true, if the signature is verified, false otherwise
-	 * 
 	 */
 	boolean verifySignature(String signature, String data);
 
@@ -259,8 +258,8 @@ CipherText encrypt(SecretKey key, PlainText plaintext)
 	 * 
 	 * @return 
      * 		the seal
-     * @throws IntegrityException
 	 * 
+     * @throws IntegrityException
 	 */
 	String seal(String data, long timestamp) throws IntegrityException;
 
@@ -303,8 +302,7 @@ CipherText encrypt(SecretKey key, PlainText plaintext)
 	 * @return 
 	 * 		the absolute timestamp
 	 */
-	public long getRelativeTimeStamp( long offset );
-	
+	long getRelativeTimeStamp( long offset );
 	
 	/**
 	 * Gets a timestamp representing the current date and time to be used by
diff --git a/src/main/java/org/owasp/esapi/HTTPUtilities.java b/src/main/java/org/owasp/esapi/HTTPUtilities.java
index 6e44b0191..c1b83f5c4 100644
--- a/src/main/java/org/owasp/esapi/HTTPUtilities.java
+++ b/src/main/java/org/owasp/esapi/HTTPUtilities.java
@@ -5,7 +5,7 @@
  * Enterprise Security API (ESAPI) project. For details, please see
  * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
  *
- * Copyright (c) 2007 - The OWASP Foundation
+ * Copyright (c) 2007-2019 - The OWASP Foundation
  *
  * The ESAPI is published by OWASP under the BSD license. You should read and accept the
  * LICENSE before you use, modify, and/or redistribute this software.
@@ -27,7 +27,6 @@
 import java.util.List;
 import java.util.Map;
 
-
 /**
  * The HTTPUtilities interface is a collection of methods that provide additional security related to HTTP requests,
  * responses, sessions, cookies, headers, and logging.
@@ -37,17 +36,16 @@
  */
 public interface HTTPUtilities
 {
-
-    final static String REMEMBER_TOKEN_COOKIE_NAME = "rtoken";
-    final static int MAX_COOKIE_LEN = 4096;            // From RFC 2109
-	final static int MAX_COOKIE_PAIRS = 20;			// From RFC 2109
-	final static String CSRF_TOKEN_NAME = "ctoken";
-	final static String ESAPI_STATE = "estate";
-
-	final static int PARAMETER = 0;
-	final static int HEADER = 1;
-	final static int COOKIE = 2;
-
+	// All implied static final as this is an interface
+    String REMEMBER_TOKEN_COOKIE_NAME = "rtoken";
+    int MAX_COOKIE_LEN = 4096;            // From RFC 2109
+	int MAX_COOKIE_PAIRS = 20;			// From RFC 2109
+	String CSRF_TOKEN_NAME = "ctoken";
+	String ESAPI_STATE = "estate";
+
+	int PARAMETER = 0;
+	int HEADER = 1;
+	int COOKIE = 2;
 
 	/**
      * Calls addCookie with the *current* request.
diff --git a/src/main/java/org/owasp/esapi/Logger.java b/src/main/java/org/owasp/esapi/Logger.java
index 2910d4392..fd20331ce 100644
--- a/src/main/java/org/owasp/esapi/Logger.java
+++ b/src/main/java/org/owasp/esapi/Logger.java
@@ -5,7 +5,7 @@
  * Enterprise Security API (ESAPI) project. For details, please see
  * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
  *
- * Copyright (c) 2007 - The OWASP Foundation
+ * Copyright (c) 2007-2019 - The OWASP Foundation
  * 
  * The ESAPI is published by OWASP under the BSD license. You should read and accept the
  * LICENSE before you use, modify, and/or redistribute this software.
@@ -15,7 +15,6 @@
  */
 package org.owasp.esapi;
 
-
 /**
  * The Logger interface defines a set of methods that can be used to log
  * security events. It supports a hierarchy of logging levels which can be configured at runtime to determine
@@ -93,17 +92,19 @@
  */
 public interface Logger {
 
+	// All implied static final as this is an interface
+	
 	/**
      * A security type of log event that has succeeded. This is one of 6 predefined
      * ESAPI logging events. New events can be added.
      */
-	public static final EventType SECURITY_SUCCESS = new EventType( "SECURITY SUCCESS", true);
+	EventType SECURITY_SUCCESS = new EventType( "SECURITY SUCCESS", true);
 
 	/**
      * A security type of log event that has failed. This is one of 6 predefined
      * ESAPI logging events. New events can be added.
      */
-	public static final EventType SECURITY_FAILURE = new EventType( "SECURITY FAILURE", false);
+	EventType SECURITY_FAILURE = new EventType( "SECURITY FAILURE", false);
 
 	/**
 	 * A security type of log event that is associated with an audit trail of some type,
@@ -111,32 +112,32 @@ public interface Logger {
 	 * or that is irrelevant in the case of this logged message.
 	 */
 	// CHECKME: Should the Boolean for this be 'null' or 'true'? See EVENT_UNSPECIFIED.
-	public static final EventType SECURITY_AUDIT = new EventType( "SECURITY AUDIT", null);
+	EventType SECURITY_AUDIT = new EventType( "SECURITY AUDIT", null);
 
 	/**
      * A non-security type of log event that has succeeded. This is one of 6 predefined
      * ESAPI logging events. New events can be added.
      */
-	public static final EventType EVENT_SUCCESS = new EventType( "EVENT SUCCESS", true);
+	EventType EVENT_SUCCESS = new EventType( "EVENT SUCCESS", true);
 	
 	/**
      * A non-security type of log event that has failed. This is one of 6 predefined
      * ESAPI logging events. New events can be added.
      */
-	public static final EventType EVENT_FAILURE = new EventType( "EVENT FAILURE", false);
+	EventType EVENT_FAILURE = new EventType( "EVENT FAILURE", false);
 
 	/**
      * A non-security type of log event that is unspecified. This is one of 6 predefined
      * ESAPI logging events. New events can be added.
      */
-	public static final EventType EVENT_UNSPECIFIED = new EventType( "EVENT UNSPECIFIED", null);
+	EventType EVENT_UNSPECIFIED = new EventType( "EVENT UNSPECIFIED", null);
 
 	/**
 	 * Defines the type of log event that is being generated. The Logger interface defines 6 types of Log events:
 	 * SECURITY_SUCCESS, SECURITY_FAILURE, EVENT_SUCCESS, EVENT_FAILURE, EVENT_UNSPECIFIED.
      * Your implementation can extend or change this list if desired. 
 	 */
-	public class EventType {
+	class EventType {
 		
 		private String type;
 		private Boolean success = null;
@@ -167,33 +168,33 @@ public String toString() {
      */
 	
 	/** OFF indicates that no messages should be logged. This level is initialized to Integer.MAX_VALUE. */
-	public static final int OFF = Integer.MAX_VALUE;
+	int OFF = Integer.MAX_VALUE;
 
 	/** FATAL indicates that only FATAL messages should be logged. This level is initialized to 1000. */
-	public static final int FATAL = 1000;
+	int FATAL = 1000;
 
 	/** ERROR indicates that ERROR messages and above should be logged. 
 	 * This level is initialized to 800. */
-    public static final int ERROR = 800;
+    int ERROR = 800;
 
     /** WARNING indicates that WARNING messages and above should be logged. 
      * This level is initialized to 600. */
-    public static final int WARNING = 600;
+    int WARNING = 600;
 
     /** INFO indicates that INFO messages and above should be logged. 
      * This level is initialized to 400. */
-    public static final int INFO = 400;
+    int INFO = 400;
 
     /** DEBUG indicates that DEBUG messages and above should be logged. 
      * This level is initialized to 200. */
-    public static final int DEBUG = 200;
+    int DEBUG = 200;
 
     /** TRACE indicates that TRACE messages and above should be logged. 
      * This level is initialized to 100. */
-    public static final int TRACE = 100;
+    int TRACE = 100;
 
     /** ALL indicates that all messages should be logged. This level is initialized to Integer.MIN_VALUE. */
-    public static final int ALL = Integer.MIN_VALUE;
+    int ALL = Integer.MIN_VALUE;
     
 
     /**
diff --git a/src/main/java/org/owasp/esapi/PreparedString.java b/src/main/java/org/owasp/esapi/PreparedString.java
index 176421347..ba26087f6 100644
--- a/src/main/java/org/owasp/esapi/PreparedString.java
+++ b/src/main/java/org/owasp/esapi/PreparedString.java
@@ -5,7 +5,7 @@
  * Enterprise Security API (ESAPI) project. For details, please see
  * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
  *
- * Copyright (c) 2007 - The OWASP Foundation
+ * Copyright (c) 2007-2019 - The OWASP Foundation
  * 
  * The ESAPI is published by OWASP under the BSD license. You should read and accept the
  * LICENSE before you use, modify, and/or redistribute this software.
@@ -16,10 +16,7 @@
 package org.owasp.esapi;
 
 import java.util.ArrayList;
-
 import org.owasp.esapi.codecs.Codec;
-import org.owasp.esapi.codecs.HTMLEntityCodec;
-
 
 /**
  * A parameterized string that uses escaping to make untrusted data safe before combining it with
diff --git a/src/main/java/org/owasp/esapi/Randomizer.java b/src/main/java/org/owasp/esapi/Randomizer.java
index 82d083667..ae144b04f 100644
--- a/src/main/java/org/owasp/esapi/Randomizer.java
+++ b/src/main/java/org/owasp/esapi/Randomizer.java
@@ -17,7 +17,6 @@
 
 import org.owasp.esapi.errors.EncryptionException;
 
-
 /**
  * The Randomizer interface defines a set of methods for creating
  * cryptographically random numbers and strings. Implementers should be sure to
@@ -34,7 +33,7 @@ public interface Randomizer {
 	/**
 	 * Gets a random string of a desired length and character set.  The use of java.security.SecureRandom
 	 * is recommended because it provides a cryptographically strong pseudo-random number generator. 
-	 * If SecureRandom is not used, the pseudo-random number gernerator used should comply with the 
+	 * If SecureRandom is not used, the pseudo-random number generator used should comply with the 
 	 * statistical random number generator tests specified in <a href="http://csrc.nist.gov/cryptval/140-2.htm">
 	 * FIPS 140-2, Security Requirements for Cryptographic Modules</a>, section 4.9.1.
 	 * 
@@ -51,7 +50,7 @@ public interface Randomizer {
 	/**
 	 * Returns a random boolean.  The use of java.security.SecureRandom
 	 * is recommended because it provides a cryptographically strong pseudo-random number generator. 
-	 * If SecureRandom is not used, the pseudo-random number gernerator used should comply with the 
+	 * If SecureRandom is not used, the pseudo-random number generator used should comply with the 
 	 * statistical random number generator tests specified in <a href="http://csrc.nist.gov/cryptval/140-2.htm">
 	 * FIPS 140-2, Security Requirements for Cryptographic Modules</a>, section 4.9.1.
 	 * 
@@ -63,7 +62,7 @@ public interface Randomizer {
 	/**
 	 * Gets the random integer. The use of java.security.SecureRandom
 	 * is recommended because it provides a cryptographically strong pseudo-random number generator. 
-	 * If SecureRandom is not used, the pseudo-random number gernerator used should comply with the 
+	 * If SecureRandom is not used, the pseudo-random number generator used should comply with the 
 	 * statistical random number generator tests specified in <a href="http://csrc.nist.gov/cryptval/140-2.htm">
 	 * FIPS 140-2, Security Requirements for Cryptographic Modules</a>, section 4.9.1.
 	 * 
@@ -81,14 +80,14 @@ public interface Randomizer {
 	/**
 	 * Gets the random long. The use of java.security.SecureRandom
 	 * is recommended because it provides a cryptographically strong pseudo-random number generator. 
-	 * If SecureRandom is not used, the pseudo-random number gernerator used should comply with the 
+	 * If SecureRandom is not used, the pseudo-random number generator used should comply with the 
 	 * statistical random number generator tests specified in <a href="http://csrc.nist.gov/cryptval/140-2.htm">
 	 * FIPS 140-2, Security Requirements for Cryptographic Modules</a>, section 4.9.1.
 	 * 
 	 * @return 
 	 * 		the random long
 	 */
-    public long getRandomLong();
+    long getRandomLong();
 	
 	
     /**
@@ -102,13 +101,13 @@ public interface Randomizer {
      * @return 
      * 		a random unguessable filename ending with the specified extension
      */
-    public String getRandomFilename( String extension );
+    String getRandomFilename( String extension );
     
     
 	/**
 	 * Gets the random real.  The use of java.security.SecureRandom
 	 * is recommended because it provides a cryptographically strong pseudo-random number generator. 
-	 * If SecureRandom is not used, the pseudo-random number gernerator used should comply with the 
+	 * If SecureRandom is not used, the pseudo-random number generator used should comply with the 
 	 * statistical random number generator tests specified in <a href="http://csrc.nist.gov/cryptval/140-2.htm">
 	 * FIPS 140-2, Security Requirements for Cryptographic Modules</a>, section 4.9.1.
 	 * 
@@ -143,6 +142,6 @@ public interface Randomizer {
      * @param n	The requested number of random bytes.
      * @return The {@code n} random bytes are returned.
      */
-    public byte[] getRandomBytes(int n);
+    byte[] getRandomBytes(int n);
            
 }
diff --git a/src/main/java/org/owasp/esapi/SecurityConfiguration.java b/src/main/java/org/owasp/esapi/SecurityConfiguration.java
index 92286acdd..42ab9f43a 100644
--- a/src/main/java/org/owasp/esapi/SecurityConfiguration.java
+++ b/src/main/java/org/owasp/esapi/SecurityConfiguration.java
@@ -59,70 +59,70 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
      * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
 	 */
 	@Deprecated
-	public String getApplicationName();
+	String getApplicationName();
 	
 	/**
 	 * Returns the fully qualified classname of the ESAPI Logging implementation.
      * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
 	 */
 	@Deprecated
-	public String getLogImplementation();
+	String getLogImplementation();
 	
 	/**
 	 * Returns the fully qualified classname of the ESAPI Authentication implementation.
      * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
 	 */
 	@Deprecated
-	public String getAuthenticationImplementation();
+	String getAuthenticationImplementation();
 	
 	/**
 	 * Returns the fully qualified classname of the ESAPI Encoder implementation.
      * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
 	 */
 	@Deprecated
-	public String getEncoderImplementation();
+	String getEncoderImplementation();
 	
 	/**
 	 * Returns the fully qualified classname of the ESAPI Access Control implementation.
      * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
 	 */
 	@Deprecated
-	public String getAccessControlImplementation();
+	String getAccessControlImplementation();
 	
 	/**
 	 * Returns the fully qualified classname of the ESAPI Intrusion Detection implementation.
      * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
 	 */
 	@Deprecated
-	public String getIntrusionDetectionImplementation();
+	String getIntrusionDetectionImplementation();
 	
 	/**
 	 * Returns the fully qualified classname of the ESAPI Randomizer implementation.
      * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
 	 */
 	@Deprecated
-	public String getRandomizerImplementation();
+	String getRandomizerImplementation();
 	
 	/**
 	 * Returns the fully qualified classname of the ESAPI Encryption implementation.
      * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
 	 */
 	@Deprecated
-	public String getEncryptionImplementation();
+	String getEncryptionImplementation();
 	
 	/**
 	 * Returns the fully qualified classname of the ESAPI Validation implementation.
      * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
 	 */
 	@Deprecated
-	public String getValidationImplementation();
+	String getValidationImplementation();
 	
 	/**
 	 * Returns the validation pattern for a particular type
 	 * @param typeName
 	 * @return the validation pattern
 	 */
-    public Pattern getValidationPattern( String typeName );
+    Pattern getValidationPattern( String typeName );
     
     /**
      * Determines whether ESAPI will accept "lenient" dates when attempt
@@ -135,21 +135,21 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
      * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
      */
 	@Deprecated
-    public boolean getLenientDatesAccepted();
+    boolean getLenientDatesAccepted();
 	
 	/**
 	 * Returns the fully qualified classname of the ESAPI OS Execution implementation.
      * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
 	 */
 	@Deprecated
-	public String getExecutorImplementation();
+	String getExecutorImplementation();
 	
 	/**
 	 * Returns the fully qualified classname of the ESAPI HTTPUtilities implementation.
      * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
 	 */
 	@Deprecated
-	public String getHTTPUtilitiesImplementation();
+	String getHTTPUtilitiesImplementation();
 	
 	/**
 	 * Gets the master key. This password is used to encrypt/decrypt other files or types
@@ -159,19 +159,19 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
      * @deprecated Use SecurityConfiguration.getByteArrayProp("appropriate_esapi_prop_name") instead.
 	 */
 	@Deprecated
-	public byte[] getMasterKey();
+	byte[] getMasterKey();
 
 	/**
      * Retrieves the upload directory as specified in the ESAPI.properties file.
      * @return the upload directory
      */
-    public File getUploadDirectory();
+    File getUploadDirectory();
 	
     /**
      * Retrieves the temp directory to use when uploading files, as specified in ESAPI.properties.
      * @return the temp directory
      */
-    public File getUploadTempDirectory();
+    File getUploadTempDirectory();
 
 	/**
 	 * Gets the key length to use in cryptographic operations declared in the ESAPI properties file.
@@ -180,7 +180,7 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
      * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
 	 */
 	@Deprecated
-    public int getEncryptionKeyLength();
+    int getEncryptionKeyLength();
     
 	/**
 	 * Gets the master salt that is used to salt stored password hashes and any other location 
@@ -190,21 +190,21 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
      * @deprecated Use SecurityConfiguration.getByteArrayProp("appropriate_esapi_prop_name") instead.
 	 */
 	@Deprecated
-	public byte[] getMasterSalt();
+	byte[] getMasterSalt();
 
 	/**
 	 * Gets the allowed executables to run with the Executor.
 	 * 
 	 * @return a list of the current allowed file extensions
 	 */
-	public List<String> getAllowedExecutables();
+	List<String> getAllowedExecutables();
 
 	/**
 	 * Gets the allowed file extensions for files that are uploaded to this application.
 	 * 
 	 * @return a list of the current allowed file extensions
 	 */
-	public List<String> getAllowedFileExtensions();
+	List<String> getAllowedFileExtensions();
 
 	/**
 	 * Gets the maximum allowed file upload size.
@@ -213,7 +213,7 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
      * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
 	 */
 	@Deprecated
-	public int getAllowedFileUploadSize();
+	int getAllowedFileUploadSize();
 
 	/**
 	 * Gets the name of the password parameter used during user authentication.
@@ -222,7 +222,7 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
      * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
 	 */
 	@Deprecated
-	public String getPasswordParameterName();
+	String getPasswordParameterName();
 
 	/**
 	 * Gets the name of the username parameter used during user authentication.
@@ -231,7 +231,7 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
      * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
 	 */
 	@Deprecated
-	public String getUsernameParameterName();
+	String getUsernameParameterName();
 
 	/**
 	 * Gets the encryption algorithm used by ESAPI to protect data. This is
@@ -243,7 +243,7 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
      * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
 	 */
 	@Deprecated
-	public String getEncryptionAlgorithm();
+	String getEncryptionAlgorithm();
 
 	/**
 	 * Retrieve the <i>cipher transformation</i>. In general, the cipher transformation
@@ -287,7 +287,7 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
      * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
 	 */
 	@Deprecated
-    public String getCipherTransformation();
+    String getCipherTransformation();
     
     /**
      * Set the cipher transformation. This allows a different cipher transformation
@@ -312,11 +312,11 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
      * 			transformation.
      * @deprecated To be replaced by new class in ESAPI 2.1, but here if you need it
      *          until then. Details of replacement forthcoming to ESAPI-Dev
-     *          list. Most likely to be replaced by a new public CTOR for
+     *          list. Most likely to be replaced by a new CTOR for
      *          JavaEncryptor that takes a list of properties to override.
      */
     @Deprecated
-    public String setCipherTransformation(String cipherXform);
+    String setCipherTransformation(String cipherXform);
 
     /**
      * Retrieve the <i>preferred</i> JCE provider for ESAPI and your application.
@@ -336,7 +336,7 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
      * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
      */
 	@Deprecated
-    public String getPreferredJCEProvider();
+    String getPreferredJCEProvider();
     
 // TODO - DISCUSS: Where should this web page (below) go? Maybe with the Javadoc? But where?
 //				   Think it makes more sense as part of the release notes, but OTOH, I
@@ -355,7 +355,7 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
      * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
      */
 	@Deprecated
-    public boolean useMACforCipherText();
+    boolean useMACforCipherText();
 
     /**
      * Indicates whether the {@code PlainText} objects may be overwritten after
@@ -373,7 +373,7 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
      * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
      */
 	@Deprecated
-    public boolean overwritePlainText();
+    boolean overwritePlainText();
     
     /**
      * Get a string indicating how to compute an Initialization Vector (IV).
@@ -396,7 +396,7 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
      * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
      */
 	@Deprecated
-    public String getIVType();
+    String getIVType();
     
     /**
      * If a "fixed" (i.e., static) Initialization Vector (IV) is to be used,
@@ -411,7 +411,7 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
      *             as it was never intended for production in the first place.
      */
 	@Deprecated
-    public String getFixedIV();
+    String getFixedIV();
     
     /**
      * Return a {@code List} of strings of combined cipher modes that support
@@ -429,7 +429,7 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
      * was specified in {@code ESAPI.properties}; otherwise the empty list is
      * returned.
      */
-    public List<String> getCombinedCipherModes();
+    List<String> getCombinedCipherModes();
 
     /**
      * Return {@code List} of strings of additional cipher modes that are
@@ -447,7 +447,7 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
      *
      * @see #getCombinedCipherModes()
      */
-    public List<String> getAdditionalAllowedCipherModes();
+    List<String> getAdditionalAllowedCipherModes();
 
 	/**
 	 * Gets the hashing algorithm used by ESAPI to hash data.
@@ -456,7 +456,7 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
      * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
 	 */
 	@Deprecated
-	public String getHashAlgorithm();
+	String getHashAlgorithm();
 
 	/**
 	 * Gets the hash iterations used by ESAPI to hash data.
@@ -465,7 +465,7 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
      * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
 	 */
 	@Deprecated
-	public int getHashIterations();
+	int getHashIterations();
 
 	/**
 	 * Retrieve the Pseudo Random Function (PRF) used by the ESAPI
@@ -475,7 +475,7 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
      * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
 	 */
 	@Deprecated
-	public String getKDFPseudoRandomFunction();
+	String getKDFPseudoRandomFunction();
 	
 	/**
 	 * Gets the character encoding scheme supported by this application. This is used to set the
@@ -490,7 +490,7 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
      * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
 	 */
 	@Deprecated
-	public String getCharacterEncoding();
+	String getCharacterEncoding();
 
 	/**
 	 * Return true if multiple encoding is allowed
@@ -499,7 +499,7 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
      * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
 	 */
 	@Deprecated
-	public boolean getAllowMultipleEncoding();
+	boolean getAllowMultipleEncoding();
 
 	/**
 	 * Return true if mixed encoding is allowed
@@ -508,14 +508,14 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
      * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
 	 */
 	@Deprecated
-	public boolean getAllowMixedEncoding();
+	boolean getAllowMixedEncoding();
 
 	/**
 	 * Returns the List of Codecs to use when canonicalizing data
 	 * 
 	 * @return the codec list
 	 */
-	public List<String> getDefaultCanonicalizationCodecs();
+	List<String> getDefaultCanonicalizationCodecs();
 
 	/**
 	 * Gets the digital signature algorithm used by ESAPI to generate and verify signatures.
@@ -524,7 +524,7 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
      * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
 	 */
 	@Deprecated
-	public String getDigitalSignatureAlgorithm();
+	String getDigitalSignatureAlgorithm();
 
 	/**
 	 * Gets the digital signature key length used by ESAPI to generate and verify signatures.
@@ -533,7 +533,7 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
      * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
 	 */
 	@Deprecated
-	public int getDigitalSignatureKeyLength();
+	int getDigitalSignatureKeyLength();
 		   
 	/**
 	 * Gets the random number generation algorithm used to generate random numbers where needed.
@@ -542,7 +542,7 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
      * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
 	 */
 	@Deprecated
-	public String getRandomAlgorithm();
+	String getRandomAlgorithm();
 
 	/**
 	 * Gets the number of login attempts allowed before the user's account is locked. If this 
@@ -552,7 +552,7 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
      * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
 	 */
 	@Deprecated
-	public int getAllowedLoginAttempts();
+	int getAllowedLoginAttempts();
 
 	/**
 	 * Gets the maximum number of old password hashes that should be retained. These hashes can 
@@ -563,7 +563,7 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
      * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
 	 */
 	@Deprecated
-	public int getMaxOldPasswordHashes();
+	int getMaxOldPasswordHashes();
 
 	/**
 	 * Allows for complete disabling of all intrusion detection mechanisms
@@ -572,7 +572,7 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
      * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
 	 */
 	@Deprecated
-	public boolean getDisableIntrusionDetection();
+	boolean getDisableIntrusionDetection();
 	
 	/**
 	 * Gets the intrusion detection quota for the specified event.
@@ -581,7 +581,7 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
 	 * 
 	 * @return the Quota that has been configured for the specified type of event
 	 */
-	public Threshold getQuota(String eventName);
+	Threshold getQuota(String eventName);
 
 	/**
 	 * Gets a file from the resource directory
@@ -589,42 +589,42 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
      * @param filename The file name resource.
      * @return A {@code File} object representing the specified file name or null if not found.
      */
-    public File getResourceFile( String filename );
+    File getResourceFile( String filename );
     
 	/**
 	 * Returns true if session cookies are required to have HttpOnly flag set.
      * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
      */
 	@Deprecated
-    public boolean getForceHttpOnlySession() ;
+    boolean getForceHttpOnlySession() ;
 
 	/**
 	 * Returns true if session cookies are required to have Secure flag set.
      * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
      */
 	@Deprecated
-    public boolean getForceSecureSession() ;
+    boolean getForceSecureSession() ;
 
 	/**
 	 * Returns true if new cookies are required to have HttpOnly flag set.
      * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
      */
 	@Deprecated
-    public boolean getForceHttpOnlyCookies() ;
+    boolean getForceHttpOnlyCookies() ;
 
 	/**
 	 * Returns true if new cookies are required to have Secure flag set.
      * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
      */
 	@Deprecated
-    public boolean getForceSecureCookies() ;
+    boolean getForceSecureCookies() ;
 
 	/**
 	 * Returns the maximum allowable HTTP header size.
      * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
 	 */
 	@Deprecated
-	public int getMaxHttpHeaderSize() ;
+	int getMaxHttpHeaderSize() ;
 
 	/**
 	 * Gets an InputStream to a file in the resource directory
@@ -633,7 +633,7 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
      * @return An {@code InputStream} to the specified file name in the resource directory.
      * @throws IOException If the specified file name cannot be found or opened for reading.
      */
-    public InputStream getResourceStream( String filename ) throws IOException;
+    InputStream getResourceStream( String filename ) throws IOException;
 
     	
 	/**
@@ -641,7 +641,7 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
 	 * 
 	 * @param dir The location of the resource directory.
 	 */
-	public void setResourceDirectory(String dir);
+	void setResourceDirectory(String dir);
 	
 	/**
 	 * Gets the content type for responses used when setSafeContentType() is called.
@@ -653,7 +653,7 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
      * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
 	 */
 	@Deprecated
-	public String getResponseContentType();
+	String getResponseContentType();
 
 	/**
 	 * This method returns the configured name of the session identifier, 
@@ -663,7 +663,7 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
      * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
 	 */
 	@Deprecated
-	public String getHttpSessionIdName();
+	String getHttpSessionIdName();
 	
 	/**
 	 * Gets the length of the time to live window for remember me tokens (in milliseconds).
@@ -671,7 +671,7 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
 	 * @return The time to live length for generated "remember me" tokens.
 	 */
     // OPEN ISSUE: Can we replace w/ SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead?
-	public long getRememberTokenDuration();
+	long getRememberTokenDuration();
 
 	
 	/**
@@ -683,7 +683,7 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
      * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
 	 */
 	@Deprecated
-	public int getSessionIdleTimeoutLength();
+	int getSessionIdleTimeoutLength();
 	
 	/**
 	 * Gets the absolute timeout length for sessions (in milliseconds). This is the amount of time that a session
@@ -694,7 +694,7 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
      * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
 	 */
 	@Deprecated
-	public int getSessionAbsoluteTimeoutLength();
+	int getSessionAbsoluteTimeoutLength();
 	
 	
 	/**
@@ -704,7 +704,7 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
      * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
 	 */
 	@Deprecated
-	public boolean getLogEncodingRequired();
+	boolean getLogEncodingRequired();
 	
 	/**
 	 * Returns whether ESAPI should log the application name. This might be clutter in some
@@ -714,7 +714,7 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
      * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
 	 */
 	@Deprecated
-	public boolean getLogApplicationName();
+	boolean getLogApplicationName();
 
 	/**
 	 * Returns whether ESAPI should log the server IP. This might be clutter in some
@@ -724,7 +724,7 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
      * @deprecated Use SecurityConfiguration.getBooleanProp("appropriate_esapi_prop_name") instead.
 	 */
 	@Deprecated
-	public boolean getLogServerIP();
+	boolean getLogServerIP();
 
 	/**
 	 * Returns the current log level.
@@ -732,7 +732,7 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
      * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
 	 */
 	@Deprecated
-    public int getLogLevel();
+    int getLogLevel();
 	
     /**
      * Get the name of the log file specified in the ESAPI configuration properties file. Return a default value 
@@ -742,7 +742,7 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
      * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
      */
 	@Deprecated
-    public String getLogFileName();
+    String getLogFileName();
 
     /**
      * Get the maximum size of a single log file from the ESAPI configuration properties file. Return a default value 
@@ -752,7 +752,7 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
      * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
      */
 	@Deprecated
-    public int getMaxLogFileSize();
+    int getMaxLogFileSize();
 
 	/**
 	 * Models a simple threshold as a count and an interval, along with a set of actions to take if 
@@ -760,7 +760,7 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
 	 * has met a set number within the specified time period. Once a threshold value has been met, various
 	 * actions can be taken at that point.
 	 */
-	public static class Threshold {
+	class Threshold {
 		
 		/** The name of this threshold. */
 		public String name = null;
@@ -801,5 +801,5 @@ public Threshold(String name, int count, long interval, List<String> actions) {
 	/**
 	 * Returns the default working directory for executing native processes with Runtime.exec().
 	 */
-	public File getWorkingDirectory();
+	File getWorkingDirectory();
 }
diff --git a/src/main/java/org/owasp/esapi/StringUtilities.java b/src/main/java/org/owasp/esapi/StringUtilities.java
index 35aba6a0a..cc54ce34b 100644
--- a/src/main/java/org/owasp/esapi/StringUtilities.java
+++ b/src/main/java/org/owasp/esapi/StringUtilities.java
@@ -97,7 +97,7 @@ public static boolean contains(StringBuilder input, char c) {
      * @return The correct value
      */
     public static String replaceNull( String test, String replace ) {
-        return ( test == null || "null".equalsIgnoreCase( test.trim() ) || "".equals( test.trim() ) ) ? replace : test;
+        return test == null || "null".equalsIgnoreCase( test.trim() ) || "".equals( test.trim() ) ? replace : test;
     }
 
     /**
diff --git a/src/main/java/org/owasp/esapi/User.java b/src/main/java/org/owasp/esapi/User.java
index f48c92e9a..480e97135 100644
--- a/src/main/java/org/owasp/esapi/User.java
+++ b/src/main/java/org/owasp/esapi/User.java
@@ -44,12 +44,12 @@ public interface User extends Principal, Serializable {
 	/**
 	 * @return the locale
 	 */
-	public Locale getLocale();
+	Locale getLocale();
 
 	/**
 	 * @param locale the locale to set
 	 */
-	public void setLocale(Locale locale);
+	void setLocale(Locale locale);
 
     /**
      * Adds a role to this user's account.
@@ -375,7 +375,7 @@ public interface User extends Principal, Serializable {
 	 * 
 	 * @throws EncryptionException 
 	 */
-	public boolean verifyPassword(String password) throws EncryptionException;
+	boolean verifyPassword(String password) throws EncryptionException;
 
 	/**
 	 * Set the time of the last failed login for this user.
@@ -417,12 +417,12 @@ public interface User extends Principal, Serializable {
 	 * always a real user, the ANONYMOUS user is better than using null to represent
 	 * this.
 	 */
-    public final User ANONYMOUS = new User() {
+    User ANONYMOUS = new User() {
 
 		private static final long serialVersionUID = -1850916950784965502L;
 
 		private String csrfToken = "";
-    	private Set sessions = new HashSet();
+    	private Set<Object> sessions = new HashSet<Object>();
 		private Locale locale = null;
     	
     	/**
diff --git a/src/main/java/org/owasp/esapi/Validator.java b/src/main/java/org/owasp/esapi/Validator.java
index 590a2e500..0118995bb 100644
--- a/src/main/java/org/owasp/esapi/Validator.java
+++ b/src/main/java/org/owasp/esapi/Validator.java
@@ -715,6 +715,6 @@ public interface Validator {
 	 * @param input String
 	 * @return URI object representing a parsed URI, or {@code null} if the URI was non-compliant in some way.  
 	 */
-	public URI getRfcCompliantURI(String input);
+	URI getRfcCompliantURI(String input);
 	
 }
diff --git a/src/main/java/org/owasp/esapi/codecs/AbstractIntegerCodec.java b/src/main/java/org/owasp/esapi/codecs/AbstractIntegerCodec.java
index 7c590a7c8..cf522e92f 100644
--- a/src/main/java/org/owasp/esapi/codecs/AbstractIntegerCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/AbstractIntegerCodec.java
@@ -39,10 +39,9 @@ public String decode(String input) {
 		PushbackSequence<Integer> pbs = new PushBackSequenceImpl(input);
 		while (pbs.hasNext()) {
 			Integer c = decodeCharacter(pbs);
-			boolean isValid = null == c ? false:Character.isValidCodePoint(c);
-			if (c != null && isValid) {
+			if (c != null && Character.isValidCodePoint(c)) {
 				sb.appendCodePoint(c);
-			}else{
+			} else {
 				sb.appendCodePoint(pbs.next());
 			}
 		}

From a2d71943264d8a3ba17fe7e134bc51da55b3c8c3 Mon Sep 17 00:00:00 2001
From: davewichers <dwichers@gmail.com>
Date: Wed, 17 Apr 2019 22:33:00 +0000
Subject: [PATCH 550/812] Eliminate Source XRef WARNINGS during site doc
 generation. Add 1 missing dependency. Eliminate some unnecessary javadoc
 plugin uses. Fix the enforcer plugin to actually be invoked, and add
 enforcement for Java 7 for all plugins too. Eliminated the one test plugin
 requiring Java 8, and configured all the imports and exclusions required to
 get 100% convergence.  Java 7 test results are now identical to Java 8
 results. Upgrade a few more plugins.

---
 pom.xml | 196 +++++++++++++++++++++++++++++++++-----------------------
 1 file changed, 115 insertions(+), 81 deletions(-)

diff --git a/pom.xml b/pom.xml
index 393754262..5e64aa4b8 100644
--- a/pom.xml
+++ b/pom.xml
@@ -191,6 +191,11 @@
                 </exclusion>
             </exclusions>
         </dependency>
+        <dependency>
+            <groupId>commons-lang</groupId>
+            <artifactId>commons-lang</artifactId>
+            <version>2.6</version>
+        </dependency>
         <dependency>
             <groupId>commons-fileupload</groupId>
             <artifactId>commons-fileupload</artifactId>
@@ -306,15 +311,23 @@
             <artifactId>powermock-api-mockito2</artifactId>
             <version>2.0.0</version>
             <scope>test</scope>
-            <!-- The following exclusions and import of mockito-core 2.27.0 (or 2.23.0) result in 100% convergence in the test dependencies,
-                 but introduce a test dependency that requires Java 8. As such, we are commenting this out for now. -->
-            <!-- TODO: There are still 7 errors when running the test cases with Java 7, caused by something else that requires Java 8. Figure out what. -->
-        	<!-- These exclusions required to avoid convergence issues with import of mockito-core -->
-        	<!-- exclusions>
+            <exclusions>
+                <exclusion>
+                  <!-- A subdependency: org.powermock:powermock-core:2.0.0, results in the import of: org.javassist:javassist:3.24.0-GA
+                       which was compiled for Java 8 by accident. org.javassist:javassist:3.25.0-GA was released for Java 7.
+                       So we exclude it here, and import the version we need below. -->
+                  <groupId>org.javassist</groupId>
+                  <artifactId>javassist</artifactId>
+                </exclusion>
+                <!-- The following exclusions and import of mockito-core 2.27.0 result in 100% convergence in the test dependencies, -->
                 <exclusion>
                     <groupId>org.mockito</groupId>
                     <artifactId>mockito-core</artifactId>
                 </exclusion>
+                <exclusion>
+                    <groupId>org.powermock</groupId>
+                    <artifactId>powermock-reflect</artifactId>
+                </exclusion>
                 <exclusion>
                     <groupId>net.bytebuddy</groupId>
                     <artifactId>byte-buddy</artifactId>
@@ -324,20 +337,23 @@
                     <artifactId>byte-buddy-agent</artifactId>
                 </exclusion>
             </exclusions>
+        	<!-- exclusions>
+            </exclusions -->
+        </dependency>
+        <!-- The following imported solely so we can exclude its dependency on: org.objenesis:objenesis, which conflicts with 
+             another import by a dependency of powermock-api-mockito2. -->
+        <dependency>
+          <!-- This version is compatible with Java 7, the previous version was not (by accident). -->
+          <groupId>org.javassist</groupId>
+          <artifactId>javassist</artifactId>
+          <version>3.25.0-GA</version>
+          <scope>test</scope>
         </dependency>
-        <- The following imported solely so we can exclude its dependency on: org.objenesis:objenesis, which conflicts with 
-             another import by a dependency of powermock-api-mockito2. ->
         <dependency>
             <groupId>org.mockito</groupId>
             <artifactId>mockito-core</artifactId>
             <version>2.27.0</version>
             <scope>test</scope>
-            <exclusions>
-                <exclusion>
-                    <groupId>org.objenesis</groupId>
-                    <artifactId>objenesis</artifactId>
-                </exclusion>
-            </exclusions -->
         </dependency>
         <dependency>
             <groupId>org.powermock</groupId>
@@ -345,11 +361,36 @@
             <version>2.0.0</version>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>org.powermock</groupId>
+            <artifactId>powermock-reflect</artifactId>
+            <version>2.0.0</version>
+            <scope>test</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.objenesis</groupId>
+                    <artifactId>objenesis</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>net.bytebuddy</groupId>
+                    <artifactId>byte-buddy</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>net.bytebuddy</groupId>
+                    <artifactId>byte-buddy-agent</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
     </dependencies>
 
     <build>
         <pluginManagement>
             <plugins>
+                <plugin>
+                    <groupId>org.apache.maven.plugins</groupId>
+                    <artifactId>maven-assembly-plugin</artifactId>
+                    <version>3.1.1</version>
+                </plugin>
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
                     <artifactId>maven-dependency-plugin</artifactId>
@@ -399,12 +440,6 @@
                 <version>2.4</version>
             </plugin>
 
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-assembly-plugin</artifactId>
-                <version>2.6</version>
-            </plugin>
-
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-changelog-plugin</artifactId>
@@ -469,9 +504,49 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-enforcer-plugin</artifactId>
-                <version>1.4.1</version>
+                <version>3.0.0-M2</version>
+                <dependencies>
+                  <dependency>
+                    <groupId>org.codehaus.mojo</groupId>
+                    <artifactId>extra-enforcer-rules</artifactId>
+                    <version>1.2</version>
+                  </dependency>
+                </dependencies>
+                <executions>
+                    <execution>
+                      <id>enforce-bytecode-version</id>
+                      <goals>
+                        <goal>enforce</goal>
+                      </goals>
+                      <configuration>
+                        <rules>
+                          <enforceBytecodeVersion>
+                            <maxJdkVersion>1.7</maxJdkVersion>
+                          </enforceBytecodeVersion>
+                        </rules>
+                        <fail>true</fail>
+                      </configuration>
+                    </execution>
+                    <execution>
+                        <id>enforce-jdk-version</id>
+                        <goals>
+                            <goal>enforce</goal>
+                        </goals>
+                        <configuration>
+                            <rules>
+                                <requireJavaVersion>
+                                    <version>1.7</version>
+                                    <message>
+                                        ESAPI 2.x now uses the JDK1.7 for it's baseline. Please make sure that your
+                                        JAVA_HOME environment variable is pointed to a JDK1.7 distribution.
+                                    </message>
+                                </requireJavaVersion>
+                            </rules>
+                        </configuration>
+                    </execution>
+                </executions>
             </plugin>
-            
+
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-gpg-plugin</artifactId>
@@ -513,6 +588,7 @@
                  <source>7</source>
                  <doclint>none</doclint>
                </configuration>
+               <!-- generate esapi-VERSION.javadoc.jar -->
                <executions>
                  <execution>
                    <id>attach-javadocs</id>
@@ -522,6 +598,12 @@
                </executions>
             </plugin>
 
+            <plugin>
+              <groupId>org.apache.maven.plugins</groupId>
+              <artifactId>maven-jxr-plugin</artifactId>
+              <version>3.0.0</version>
+            </plugin>
+
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-pmd-plugin</artifactId>
@@ -644,14 +726,20 @@
                 </configuration>
             </plugin>
             <plugin>
+            	<!-- Generate /site/apidocs and /site/testapidocs -->
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-javadoc-plugin</artifactId>
                 <configuration>
-                    <detectJavaApiLink>false</detectJavaApiLink>
-                    <detectLinks>false</detectLinks>
                     <doclint>none</doclint>
+                    <source>7</source>
                 </configuration>
             </plugin>
+            <plugin>
+              <!-- This plugin required in reporting section, as other maven reporting plugins use the Source XRef this plugin generates.
+                   Without it, you get these errors when running mvn site: [WARNING] Unable to locate Source XRef to link to - DISABLED -->
+              <groupId>org.apache.maven.plugins</groupId>
+              <artifactId>maven-jxr-plugin</artifactId>
+            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-pmd-plugin</artifactId>
@@ -672,23 +760,10 @@
                  </reportSet>
                </reportSets>
                <configuration>
-                 <dependencyLocationsEnabled>false</dependencyLocationsEnabled>
+                 <!-- setting this is supposed to make generating this report much faster, but didn't affect me without it, so I turned it off (DRW) -->
+                 <!-- dependencyLocationsEnabled>false</dependencyLocationsEnabled -->
                </configuration>
             </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-site-plugin</artifactId>
-                <configuration>
-                  <reportPlugins>
-                    <plugin>
-                      <artifactId>maven-javadoc-plugin</artifactId>
-                      <configuration>
-                         <doclint>none</doclint>
-                      </configuration>
-                    </plugin>
-                  </reportPlugins>
-                </configuration>
-            </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-surefire-report-plugin</artifactId>
@@ -698,6 +773,8 @@
                 <artifactId>maven-surefire-plugin</artifactId>
             </plugin>
             <plugin>
+                <!--  Using this introduces these errors: Skipped "JDepend" report (jdepend-maven-plugin:2.0:generate), file "jdepend-report.html" already exists.
+                      but don't know how to eliminate them, without disabling this plugin. -->
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>jdepend-maven-plugin</artifactId>
             </plugin>
@@ -778,49 +855,6 @@
                         </configuration>
                     </plugin>
 
-                    <!-- Baseline for ESAPI 2.x is now JDK1.7 - Enforces that a JDK1.7 compiler is being
-                         used to build this release -->
-                    <plugin>
-                        <groupId>org.apache.maven.plugins</groupId>
-                        <artifactId>maven-enforcer-plugin</artifactId>
-                        <executions>
-                            <execution>
-                                <id>enforce-jdk-version</id>
-                                <goals>
-                                    <goal>enforce</goal>
-                                </goals>
-                                <configuration>
-                                    <rules>
-                                        <requireJavaVersion>
-                                            <version>1.7</version>
-                                            <message>
-                                                ESAPI 2.x now uses the JDK1.7 for it's baseline. Please make sure that your
-                                                JAVA_HOME environment variable is pointed to a JDK1.7 distribution.
-                                            </message>
-                                        </requireJavaVersion>
-                                    </rules>
-                                </configuration>
-                            </execution>
-                        </executions>
-                    </plugin>
-
-                    <!-- Attached JavaDocs are required by Sonatype Nexus Repository -->
-                    <plugin>
-                        <groupId>org.apache.maven.plugins</groupId>
-                        <artifactId>maven-javadoc-plugin</artifactId>
-                        <configuration>
-                          <doclint>none</doclint>
-                        </configuration>
-                        <executions>
-                            <execution>
-                                <id>attach-javadocs</id>
-                                <goals>
-                                    <goal>jar</goal>
-                                </goals>
-                            </execution>
-                        </executions>
-                    </plugin>
-
                     <!-- For building the distribution zip file. -->
                     <plugin>
                         <groupId>org.apache.maven.plugins</groupId>

From d6fa7af616ac17170ed890fc1551a3c0dfd91cc1 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sat, 20 Apr 2019 17:46:15 -0400
Subject: [PATCH 551/812] Change 'ODC' to the slightly less obtuse 'Dep Ck'.

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 5e64aa4b8..ad120d628 100644
--- a/pom.xml
+++ b/pom.xml
@@ -693,7 +693,7 @@
                 </configuration>
                 <executions>
                     <execution>
-                        <!-- ODC requires Java 8. So only run it if using Java 8 or greater.
+                        <!-- This version of Dep Ck requires Java 8. So only run it if using Java 8 or greater.
                              This property set in a profile below. -->
                         <phase>${PhaseIfJava8plus}</phase>
                         <goals>

From e2abd0a231edf1e7a79cb5bc67f6a98e99e6174f Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sat, 20 Apr 2019 17:49:26 -0400
Subject: [PATCH 552/812] Changes to support min key length for encryption via
 the new Encrpytor.MinEncryptionKeyLength property.

---
 configuration/esapi/ESAPI.properties          |  25 ++-
 ...-core-2.0-symmetric-crypto-user-guide.html |  39 +++--
 .../esapi/reference/crypto/JavaEncryptor.java | 144 +++++++++---------
 ...ESAPI-CommaValidatorFileChecker.properties |   4 +
 .../ESAPI-DualValidatorFileChecker.properties |   5 +
 ...SAPI-QuotedValidatorFileChecker.properties |   4 +
 ...SAPI-SingleValidatorFileChecker.properties |   4 +
 src/test/resources/esapi/ESAPI.properties     |  30 +++-
 8 files changed, 155 insertions(+), 100 deletions(-)

diff --git a/configuration/esapi/ESAPI.properties b/configuration/esapi/ESAPI.properties
index 903105197..e11ac64fa 100644
--- a/configuration/esapi/ESAPI.properties
+++ b/configuration/esapi/ESAPI.properties
@@ -199,17 +199,28 @@ Encryptor.cipher_modes.combined_modes=GCM,CCM,IAPM,EAX,OCB,CWC
 # DISCUSS: Better name?
 Encryptor.cipher_modes.additional_allowed=CBC
 
-# 128-bit is almost always sufficient, and for AES, it appears to be more
-# to be a bit more resistant to related key attacks than is 256-bit AES.
+# Default key size to use for cipher specified by Encryptor.EncryptionAlgorithm.
+# Note that this MUST be a valid key size for the algorithm being used
+# (as specified by Encryptor.EncryptionAlgorithm). So for example, if AES is used,
+# it must be 128, 192, or 256. If DESede is chosen, then it must be either 112 or 168.
 #
-# Note: Key length must agree to what's provided as the
-# cipher transformation, otherwise this will be ignored after logging a
-# warning.
+# Note that 128-bits is almost always sufficient and for AES it appears to be more
+# somewhat more resistant to related key attacks than is 256-bit AES.)
 #
-# Defaults to 128 bits if left blank.
+# Defaults to 128-bits if left blank.
+#
+# NOTE: If you use a key size > 128-bits, then you MUST have the JCE Unlimited
+#       Strength Jurisdiction Policy files installed!!!
 #
 Encryptor.EncryptionKeyLength=128
 
+# This is the _minimum_ key size (in bits) that we allow with ANY symmetric
+# cipher for doing encryption. (There is no minimum for decryption.)
+#
+# Generally, if you only use one algorithm, this should be set the same as
+# the Encryptor.EncryptionKeyLength property.
+Encryptor.MinEncryptionKeyLength=128
+
 # Because 2.x uses CBC mode by default, it requires an initialization vector (IV).
 # (All cipher modes except ECB require an IV.) There are two choices: we can either
 # use a fixed IV known to both parties or allow ESAPI to choose a random IV. While
@@ -267,12 +278,14 @@ Encryptor.PlainText.overwrite=true
 
 # Do not use DES except in a legacy situations. 56-bit is way too small key size.
 #Encryptor.EncryptionKeyLength=56
+#Encryptor.MinEncryptionKeyLength=56
 #Encryptor.EncryptionAlgorithm=DES
 
 # TripleDES is considered strong enough for most purposes.
 #	Note:	There is also a 112-bit version of DESede. Using the 168-bit version
 #			requires downloading the special jurisdiction policy from Sun.
 #Encryptor.EncryptionKeyLength=168
+#Encryptor.MinEncryptionKeyLength=112
 #Encryptor.EncryptionAlgorithm=DESede
 
 Encryptor.HashAlgorithm=SHA-512
diff --git a/documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html b/documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html
index 2091cadc8..2d99ee870 100644
--- a/documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html
+++ b/documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html
@@ -2,7 +2,7 @@
 <HTML>
 <HEAD>
 	<META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=utf-8">
-	<TITLE>ESAPI 2.0 Symmetric Encryption User Guide</TITLE>
+	<TITLE>ESAPI 2.x Symmetric Encryption User Guide</TITLE>
 	<META NAME="GENERATOR" CONTENT="OpenOffice.org 3.0  (Linux)">
 	<META NAME="CREATED" CONTENT="20100214;0">
 	<META NAME="CHANGEDBY" CONTENT="Kevin W. Wall">
@@ -12,17 +12,9 @@
 <TABLE BORDER="0" BORDERCOLOR="#000000" CELLPADDING=4 CELLSPACING=0 STYLE="page-break-before: auto; page-break-after: auto; page-break-inside: auto">
 <TR>
 <TD>
-<OBJECT TYPE="audio/x-mpeg" data="http://www.catonmat.net/download/crypt-o.mp3"
-WIDTH="500" HEIGHT="64" AUTOPLAY="false">
-    <PARAM NAME="src" VALUE="http://www.catonmat.net/download/crypt-o.mp3" />
-    <PARAM NAME="controller" VALUE="true" />
-    <PARAM NAME="autoplay" VALUE="false" />
-    <PARAM NAME="autostart" VALUE="0" />
-</OBJECT>
-</TD>
-<TD>
 <FONT COLOR="#00a444" SIZE="+2">
-<I>Crypto song. Take a listen and enjoy! Harry Belafonte never sounded this good. ;-)</I>
+    <A HREF="http://www.catonmat.net/download/crypt-o.mp3" TARGET="_blank"i
+        REL="noopener noreferrer nofollow">Crypto song</A>: <I>Take a listen and enjoy! Harry Belafonte never sounded this good. ;-)</I>
 </FONT>
 </TD>
 </TABLE>
@@ -121,10 +113,29 @@ <H2>ESAPI.properties Properties Relevant to Symmetric Encryption</H2>
 			<PRE><FONT COLOR="#ff0000"><FONT SIZE=2>128</FONT></FONT></PRE>
 		</TD>
 		<TD WIDTH=226>
-			<P><FONT SIZE=2>Key size, in bits. Required for cipher algorithms
+			<P><FONT SIZE=2>Default key size, in bits. Required for cipher algorithms
 			that support multiple key sizes.</FONT></P>
 		</TD>
 	</TR>
+	<TR VALIGN=TOP>
+		<TD WIDTH=249>
+			<PRE><FONT COLOR="#ff0000"><FONT SIZE=2>Encryptor.MinEncryptionKeyLength</FONT></FONT></PRE>
+		</TD>
+		<TD WIDTH=202>
+			<PRE><FONT COLOR="#ff0000"><FONT SIZE=2>128</FONT></FONT></PRE>
+		</TD>
+		<TD WIDTH=226>
+			<P><FONT SIZE=2>Minimum key size, in bits, that ESAPI will support
+                for <I>encryption</I>. (Note that any legitimate size is
+                accepted for <I>decryption</I>.) So, for example, if you needed
+                to be able to do encryption for 2-key Triple DES (aka, 2TDEA),
+                then you would have to change this to '112'. Note that for a
+                minimum key size of <U>larger</U> than 128-bits, you will need
+                to have the JCE Unlimited Strength Jurisdiction Policy files
+                installed on your runtime system.
+			</FONT></P>
+		</TD>
+	</TR>
 	<TR VALIGN=TOP>
 		<TD WIDTH=249>
 			<PRE><FONT COLOR="#ff0000"><FONT SIZE=2>Encryptor.ChooseIVMethod</FONT></FONT></PRE>
@@ -138,6 +149,8 @@ <H2>ESAPI.properties Properties Relevant to Symmetric Encryption</H2>
 			compatibility with legacy or third party software. If set to
 			“fixed”, then the property Encryptor.fixedIV must also be
 			set to hex-encoded specific IV that you need to use.
+            <B>NOTE:</B> "fixed" is deprecated and will be removed by
+            release 2.3.
             </FONT></P><P><FONT SIZE=2>
             <B>CAUTION:</B> While it is not required that the IV be kept
             secret, encryption relying on fixed IVs can lead to a known
@@ -788,7 +801,7 @@ <H2>Acknowledgments</H2>
 KDF more in line with NIST's recommendations for KDFs as described in
 NIST Special Publication 800-108 (and specifically section 5.1). You can
 read about Jeff's review at
-<a href="http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/Analysis-of-ESAPI-2.0-KDF.pdf">
+<a href="https://github.com/ESAPI/esapi-java-legacy/blob/master/documentation/Analysis-of-ESAPI-2.0-KDF.pdf">
 Analysis of ESAPI 2.0's Key Derivation Function
 </a>
 </p>
diff --git a/src/main/java/org/owasp/esapi/reference/crypto/JavaEncryptor.java b/src/main/java/org/owasp/esapi/reference/crypto/JavaEncryptor.java
index 8190dab4a..bb3dd163a 100644
--- a/src/main/java/org/owasp/esapi/reference/crypto/JavaEncryptor.java
+++ b/src/main/java/org/owasp/esapi/reference/crypto/JavaEncryptor.java
@@ -133,8 +133,7 @@ public static Encryptor getInstance() throws EncryptionException {
     // decryption fails. This is to prevent information leakage that may be
     // valuable in various forms of ciphertext attacks, such as the
 	// Padded Oracle attack described by Rizzo and Duong.
-    private static final String DECRYPTION_FAILED =
-        "Decryption failed; see logs for details.";
+    private static final String DECRYPTION_FAILED = "Decryption failed; see logs for details.";
 
     // # of seconds that all failed decryption attempts will take. Used to
     // help prevent side-channel timing attacks.
@@ -236,21 +235,34 @@ private JavaEncryptor() throws EncryptionException {
         byte[] salt = ESAPI.securityConfiguration().getMasterSalt();
         byte[] skey = ESAPI.securityConfiguration().getMasterKey();
 
-        assert salt != null : "Can't obtain master salt, Encryptor.MasterSalt";
-        assert salt.length >= 16 : "Encryptor.MasterSalt must be at least 16 bytes. " +
-                                   "Length is: " + salt.length + " bytes.";
-        assert skey != null : "Can't obtain master key, Encryptor.MasterKey";
-        assert skey.length >= 7 : "Encryptor.MasterKey must be at least 7 bytes. " +
-                                  "Length is: " + skey.length + " bytes.";
+        if ( salt == null ) {
+            throw new ConfigurationException("Can't obtain master salt, Encryptor.MasterSalt");
+        }
+
+        if ( salt.length < 16 ) {
+            throw new ConfigurationException("Encryptor.MasterSalt must be at least 16 bytes. " +
+                                             "Length is: " + salt.length + " bytes.");
+        }
+
+        if ( skey == null ) {
+            throw new ConfigurationException("Can't obtain master key, Encryptor.MasterKey");
+        }
+
+        if ( skey.length < 7 ) {
+            throw new ConfigurationException("Encryptor.MasterKey must be at least 7 bytes. " +
+                                             "Length is: " + skey.length + " bytes.");
+        }
         
         // Set up secretKeySpec for use for symmetric encryption and decryption,
         // and set up the public/private keys for asymmetric encryption /
         // decryption.
-        // TODO: Note: If we dump ESAPI 1.4 crypto backward compatibility,
-        //       then we probably will ditch the Encryptor.EncryptionAlgorithm
+        // TODO: Note: Since we've dumped ESAPI 1.4 crypto backward compatibility,
+        //       then we probably can ditch the Encryptor.EncryptionAlgorithm
         //       property. If so, encryptAlgorithm should probably use
         //       Encryptor.CipherTransformation and just pull off the cipher
-        //       algorithm name so we can use it here.
+        //       algorithm name so we can use it here. That just requires
+        //       advance notice and proper deprecation, which I'm not prepared
+        //       to do at this time.    -kevin wall
         synchronized(JavaEncryptor.class) {
             if ( ! initialized ) {
                 //
@@ -360,7 +372,10 @@ public CipherText encrypt(SecretKey key, PlainText plain)
 		try {
 			 xform = ESAPI.securityConfiguration().getCipherTransformation();
              String[] parts = xform.split("/");
-             assert parts.length == 3 : "Malformed cipher transformation: " + xform;
+             if ( parts.length != 3 ) {
+                 throw new ConfigurationException("Malformed cipher transformation: " + xform +
+                                                  ". Should have format of cipher_alg/cipher_mode/padding_scheme.");
+             }
              String cipherMode = parts[1];
              
              // This way we can prevent modes like OFB and CFB where the IV should never
@@ -383,63 +398,33 @@ public CipherText encrypt(SecretKey key, PlainText plain)
 			 //        and this method will just call that one.
 			 Cipher encrypter = Cipher.getInstance(xform);
 			 String cipherAlg = encrypter.getAlgorithm();
-			 int keyLen = ESAPI.securityConfiguration().getEncryptionKeyLength();
 
-			 // DISCUSS: OK, what do we want to do here if keyLen != keySize? If use keyLen, encryption
-			 //		     could fail with an exception, but perhaps that's what we want. Or we may just be
-			 //			 OK with silently using keySize as long as keySize >= keyLen, which then interprets
-			 //			 ESAPI.EncryptionKeyLength as the *minimum* key size, but as long as we have something
-			 //			 stronger it's OK to use it. For now, I am just going to log warning if different, but use
-			 //			 keySize unless keySize is SMALLER than ESAPI.EncryptionKeyLength, in which case I'm going
-			 //			 to log an error.
-			 //
-			 //			 IMPORTANT NOTE:	When we generate key sizes for both DES and DESede the result of
-			 //								SecretKey.getEncoding().length includes the TRUE key size (i.e.,
-			 //								*with* the even parity bits) rather than the EFFECTIVE key size
-			 //								(which incidentally is what KeyGenerator.init() expects for DES
-			 //								and DESede; duh! Nothing like being consistent). This leads to
-			 //								the following dilemma:
-			 //
-			 //													EFFECTIVE Key Size		TRUE Key Size
-			 //													(KeyGenerator.init())	(SecretKey.getEncoding().length)
-			 //									========================================================================
-			 //									For DES:			56 bits					64 bits
-			 //									For DESede:			112 bits / 168 bits		192 bits (always)
-			 //
-			 //								We are trying to automatically determine the key size from SecretKey
-			 //								based on 8 * SecretKey.getEncoding().length, but as you can see, the
-			 //								2 key 3DES and the 3 key 3DES both use the same key size (192 bits)
-			 //								regardless of what is passed to KeyGenerator.init(). There are no advertised
-			 //								methods to get the key size specified by the init() method so I'm not sure how
-			 //								this is actually working internally. However, it does present a problem if we
-			 //								wish to communicate the 3DES key size to a recipient for later decryption as
-			 //								they would not be able to distinguish 2 key 3DES from 3 key 3DES.
-			 //
-			 //								The only workaround I know is to pass the explicit key size down. However, if
-			 //								we are going to do that, I'd propose passing in a CipherSpec object so we could
-			 //								tell what cipher transformation to use as well instead of just the key size. Then
-			 //								we would extract keySize from the CipherSpec object of from the SecretKey object.
-			 //
-			 if ( keySize != keyLen ) {
-				 // DISCUSS: Technically this is not a security "failure" per se, but not really a "success" either.
-				 logger.warning(Logger.SECURITY_FAILURE, "Encryption key length mismatch. ESAPI.EncryptionKeyLength is " +
-						 keyLen + " bits, but length of actual encryption key is " + keySize +
-				 		" bits.  Did you remember to regenerate your master key (if that is what you are using)???");
-			 }
-			 // DISCUSS: Reconsider these warnings. If thousands of encryptions are done in tight loop, no one needs
-			 //          more than 1 warning. Should we do something more intelligent here?
-			 if ( keySize < keyLen ) {
-				 // ESAPI.EncryptionKeyLength defaults to 128, but that means that we could not use DES (as weak as it
-				 // is), even for legacy code. Therefore, this has been changed to simple log a warning rather than
-				 //	throw the following exception.
-				 //				 throw new ConfigurationException("Actual key size of " + keySize + " bits smaller than specified " +
-				 //						  "encryption key length (ESAPI.EncryptionKeyLength) of " + keyLen + " bits.");
-				 logger.warning(Logger.SECURITY_FAILURE, "Actual key size of " + keySize + " bits SMALLER THAN specified " +
-						 "encryption key length (ESAPI.EncryptionKeyLength) of " + keyLen + " bits with cipher algorithm " + cipherAlg);
+             int minKeyLen = 112;   // Use for hard-coded default to support 2TDEA
+             try {
+			    minKeyLen = ESAPI.securityConfiguration().getIntProp("Encryptor.MinEncryptionKeyLength");
+             } catch( Exception ex ) {
+                 logger.warning(Logger.EVENT_FAILURE,
+                         "Property 'Encryptor.MinEncryptionKeyLength' not properly set in ESAPI.properties file; using hard coded default of 112 for min key size for encryption.",
+                         ex);
+                 ;  // Do NOT rethrow.
+             }
+
+			 if ( keySize < minKeyLen ) {
+                 // NOTE: This used to just log a warning. It now logs an error & throws an exception.
+                 //
+				 // ESAPI.EncryptionKeyLength defaults to 128. This means that someone wants to use ESAPI to
+                 // encrypt with something like 2-key TDES, they would have to set this to that property
+                 // to 112 bits.
+				 logger.error(Logger.SECURITY_FAILURE, "Actual key size of " + keySize + " bits SMALLER THAN MINIMUM allowed " +
+						 "encryption key length (ESAPI.EncryptionKeyLength) of " + minKeyLen + " bits with cipher algorithm " + cipherAlg);
+				 throw new ConfigurationException("Actual key size of " + keySize + " bits smaller than specified " +
+				                                  "encryption key length (ESAPI.EncryptionKeyLength) of " + minKeyLen + " bits.");
 			 }
 			 if ( keySize < 112 ) {		// NIST Special Pub 800-57 considers 112-bits to be the minimally safe key size from 2010-2030.
-				 						// Note that 112 bits 'just happens' to be size of 2-key Triple DES!
-				 logger.warning(Logger.SECURITY_FAILURE, "Potentially unsecure encryption. Key size of " + keySize + "bits " +
+				 						// Note that 112 bits 'just happens' to be size of 2-key Triple DES! So for example, if they
+                                        // have configured ESAPI's Encryptor.EncryptionKeyLength to (say) 56 bits, we are going to
+                                        // nag them like their mother! :)
+				 logger.warning(Logger.SECURITY_FAILURE, "Potentially insecure encryption. Key size of " + keySize + "bits " +
 				                "not sufficiently long for " + cipherAlg + ". Should use appropriate algorithm with key size " +
 				                "of *at least* 112 bits except when required by legacy apps. See NIST Special Pub 800-57.");
 			 }
@@ -548,9 +533,9 @@ public CipherText encrypt(SecretKey key, PlainText plain)
 			 // Don't overwrite anything in the case of exceptions because they may wish to retry.
 			 if ( success && overwritePlaintext ) {
 				 plain.overwrite();		// Note: Same as overwriting 'plaintext' byte array.
-		}
-	}
-	 }
+             }
+	     }
+    }
 
 	/**
 	* {@inheritDoc}
@@ -655,6 +640,8 @@ public PlainText decrypt(SecretKey key, CipherText ciphertext)
 	                // convert to from nanoseconds to milliseconds.
 	                long millis = extraSleep / 1000000L;
 	                long nanos  = (extraSleep - (millis * 1000000L));
+
+                    // N_SECS is hard-coded so assertion should be okay here.
 	                assert nanos >= 0 && nanos <= Integer.MAX_VALUE :
                             "Nanosecs out of bounds; nanos = " + nanos;
 	                try {
@@ -830,7 +817,8 @@ public String unseal(String seal) throws EncryptionException {
 		        cipherText = CipherText.fromPortableSerializedBytes(encryptedBytes);
 		    } catch( AssertionError e) {
 	            // Some of the tests in EncryptorTest.testVerifySeal() are examples of
-		        // this if assertions are enabled.
+		        // this if assertions are enabled, but otherwise it should not
+                // normally happen.
 		        throw new EncryptionException("Invalid seal",
 	                                          "Seal passed garbarge data resulting in AssertionError: " + e);
 	        }
@@ -993,11 +981,16 @@ private SecretKey computeDerivedKey(int kdfVersion, KeyDerivationFunction.PRF_AL
     	// We would choose a larger minimum key size, but we want to be
     	// able to accept DES for legacy encryption needs. NIST says 112-bits is min. If less than that,
     	// we print warning.
-    	assert keySize >= 56 : "Key has size of " + keySize + ", which is less than minimum of 56-bits.";
+    	assert keySize >= 56 : "Key has size of " + keySize + ", which is less than absolute minimum of 56-bits.";
     	assert (keySize % 8) == 0 : "Key size (" + keySize + ") must be a even multiple of 8-bits.";
-    	assert purpose != null : "Purpose cannot be null. Should be 'encryption' or 'authenticity'.";
-    	assert purpose.equals("encryption") || purpose.equals("authenticity") :
-    		"Purpose must be \"encryption\" or \"authenticity\".";
+
+        // However, this one we want as a runtime check because we don't have this check
+        // in KeyDerivationFunction.computeDerivedKey() as we want that method
+        // to be more general.
+    	if ( !( purpose.equals("encryption") || purpose.equals("authenticity") ) ) {
+            String exMsg = "Programming error in ESAPI?? 'purpose' for computeDerivedKey() must be \"encryption\" or \"authenticity\".";
+    		throw new EncryptionException(exMsg, exMsg);
+        }
 
     	KeyDerivationFunction kdf = new KeyDerivationFunction(prf);
     	if ( kdfVersion != 0 ) {
@@ -1034,7 +1027,8 @@ private static void initKeyPair(SecureRandom prng) throws NoSuchAlgorithmExcepti
             // in the case that SHA1withDSA or SHAwithDSA was specified. This is
             // all just to make these 2 work as expected. Sigh. (Note:
             // this was tested with JDK 1.6.0_21, but likely fails with earlier
-            // versions of the JDK as well.)
+            // versions of the JDK as well. Haven't experimented with later
+            // versions.)
             //
             sigAlg = "DSA";
         } else if ( sigAlg.endsWith("withrsa") ) {
diff --git a/src/test/resources/esapi/ESAPI-CommaValidatorFileChecker.properties b/src/test/resources/esapi/ESAPI-CommaValidatorFileChecker.properties
index 2ed48b437..87c1a3de3 100644
--- a/src/test/resources/esapi/ESAPI-CommaValidatorFileChecker.properties
+++ b/src/test/resources/esapi/ESAPI-CommaValidatorFileChecker.properties
@@ -251,6 +251,8 @@ Encryptor.cipher_modes.additional_allowed=CBC,ECB
 #
 # NOTE: This is what applies BOTH ESAPI 1.4 and 2.0. See warning above about mixing!
 Encryptor.EncryptionKeyLength=128
+# Min key length - to support testing with 2TDEA
+Encryptor.MinEncryptionKeyLength=112
 
 # Because 2.0 uses CBC mode by default, it requires an initialization vector (IV).
 # (All cipher modes except ECB require an IV.) There are two choices: we can either
@@ -293,12 +295,14 @@ Encryptor.PlainText.overwrite=true
 
 # Do not use DES except in a legacy situations. 56-bit is way too small key size.
 #Encryptor.EncryptionKeyLength=56
+#Encryptor.MinEncryptionKeyLength=56
 #Encryptor.EncryptionAlgorithm=DES
 
 # TripleDES is considered strong enough for most purposes.
 #	Note:	There is also a 112-bit version of DESede. Using the 168-bit version
 #			requires downloading the special jurisdiction policy from Sun.
 #Encryptor.EncryptionKeyLength=168
+#Encryptor.MinEncryptionKeyLength=112
 #Encryptor.EncryptionAlgorithm=DESede
 
 Encryptor.HashAlgorithm=SHA-512
diff --git a/src/test/resources/esapi/ESAPI-DualValidatorFileChecker.properties b/src/test/resources/esapi/ESAPI-DualValidatorFileChecker.properties
index 0d9b3df05..275d855f9 100644
--- a/src/test/resources/esapi/ESAPI-DualValidatorFileChecker.properties
+++ b/src/test/resources/esapi/ESAPI-DualValidatorFileChecker.properties
@@ -252,6 +252,9 @@ Encryptor.cipher_modes.additional_allowed=CBC,ECB
 # NOTE: This is what applies BOTH ESAPI 1.4 and 2.0. See warning above about mixing!
 Encryptor.EncryptionKeyLength=128
 
+# Min key length - to support testing with 2TDEA
+Encryptor.MinEncryptionKeyLength=112
+
 # Because 2.0 uses CBC mode by default, it requires an initialization vector (IV).
 # (All cipher modes except ECB require an IV.) There are two choices: we can either
 # use a fixed IV known to both parties or allow ESAPI to choose a random IV. While
@@ -293,12 +296,14 @@ Encryptor.PlainText.overwrite=true
 
 # Do not use DES except in a legacy situations. 56-bit is way too small key size.
 #Encryptor.EncryptionKeyLength=56
+#Encryptor.MinEncryptionKeyLength=56
 #Encryptor.EncryptionAlgorithm=DES
 
 # TripleDES is considered strong enough for most purposes.
 #	Note:	There is also a 112-bit version of DESede. Using the 168-bit version
 #			requires downloading the special jurisdiction policy from Sun.
 #Encryptor.EncryptionKeyLength=168
+#Encryptor.MinEncryptionKeyLength=112
 #Encryptor.EncryptionAlgorithm=DESede
 
 Encryptor.HashAlgorithm=SHA-512
diff --git a/src/test/resources/esapi/ESAPI-QuotedValidatorFileChecker.properties b/src/test/resources/esapi/ESAPI-QuotedValidatorFileChecker.properties
index af65a4ce6..e84e83086 100644
--- a/src/test/resources/esapi/ESAPI-QuotedValidatorFileChecker.properties
+++ b/src/test/resources/esapi/ESAPI-QuotedValidatorFileChecker.properties
@@ -251,6 +251,8 @@ Encryptor.cipher_modes.additional_allowed=CBC,ECB
 #
 # NOTE: This is what applies BOTH ESAPI 1.4 and 2.0. See warning above about mixing!
 Encryptor.EncryptionKeyLength=128
+# Min key length - to support testing with 2TDEA
+Encryptor.MinEncryptionKeyLength=112
 
 # Because 2.0 uses CBC mode by default, it requires an initialization vector (IV).
 # (All cipher modes except ECB require an IV.) There are two choices: we can either
@@ -293,12 +295,14 @@ Encryptor.PlainText.overwrite=true
 
 # Do not use DES except in a legacy situations. 56-bit is way too small key size.
 #Encryptor.EncryptionKeyLength=56
+#Encryptor.MinEncryptionKeyLength=56
 #Encryptor.EncryptionAlgorithm=DES
 
 # TripleDES is considered strong enough for most purposes.
 #	Note:	There is also a 112-bit version of DESede. Using the 168-bit version
 #			requires downloading the special jurisdiction policy from Sun.
 #Encryptor.EncryptionKeyLength=168
+#Encryptor.MinEncryptionKeyLength=112
 #Encryptor.EncryptionAlgorithm=DESede
 
 Encryptor.HashAlgorithm=SHA-512
diff --git a/src/test/resources/esapi/ESAPI-SingleValidatorFileChecker.properties b/src/test/resources/esapi/ESAPI-SingleValidatorFileChecker.properties
index 8b6edc6bd..a7d65d5ab 100644
--- a/src/test/resources/esapi/ESAPI-SingleValidatorFileChecker.properties
+++ b/src/test/resources/esapi/ESAPI-SingleValidatorFileChecker.properties
@@ -251,6 +251,8 @@ Encryptor.cipher_modes.additional_allowed=CBC,ECB
 #
 # NOTE: This is what applies BOTH ESAPI 1.4 and 2.0. See warning above about mixing!
 Encryptor.EncryptionKeyLength=128
+# Min key length - to support testing with 2TDEA
+Encryptor.MinEncryptionKeyLength=112
 
 # Because 2.0 uses CBC mode by default, it requires an initialization vector (IV).
 # (All cipher modes except ECB require an IV.) There are two choices: we can either
@@ -293,12 +295,14 @@ Encryptor.PlainText.overwrite=true
 
 # Do not use DES except in a legacy situations. 56-bit is way too small key size.
 #Encryptor.EncryptionKeyLength=56
+#Encryptor.MinEncryptionKeyLength=56
 #Encryptor.EncryptionAlgorithm=DES
 
 # TripleDES is considered strong enough for most purposes.
 #	Note:	There is also a 112-bit version of DESede. Using the 168-bit version
 #			requires downloading the special jurisdiction policy from Sun.
 #Encryptor.EncryptionKeyLength=168
+#Encryptor.MinEncryptionKeyLength=112
 #Encryptor.EncryptionAlgorithm=DESede
 
 Encryptor.HashAlgorithm=SHA-512
diff --git a/src/test/resources/esapi/ESAPI.properties b/src/test/resources/esapi/ESAPI.properties
index afb3f92a6..5a0da9f19 100644
--- a/src/test/resources/esapi/ESAPI.properties
+++ b/src/test/resources/esapi/ESAPI.properties
@@ -2,6 +2,8 @@
 # OWASP Enterprise Security API (ESAPI) Properties file -- TEST Version
 #############################################################################
 #
+#   WARNING     WARNING     WARNING     WARNING     WARNING     WARNING
+#
 #   #######                                 #     #
 #      #     ######   ####    #####         #     #  ######  #####    ####
 #      #     #       #          #           #     #  #       #    #  #
@@ -11,6 +13,7 @@
 #      #     ######   ####      #              #     ######  #    #   ####
 #   
 #   This is NOT the version of ESAPI.properties that you are looking for.
+#   Do NOT use this for your production applications!!!!!
 #
 #   That is over in the 'configuration/esapi/ESAPI.properties' file. You
 #   should retrieve THAT version from the official GitHub report from
@@ -250,15 +253,28 @@ Encryptor.cipher_modes.combined_modes=GCM,CCM,IAPM,EAX,OCB,CWC
 #	NOTE: ECB added only for testing purposes. Don't try this at home!
 Encryptor.cipher_modes.additional_allowed=CBC,ECB
 
-# 128-bit is almost always sufficient and appears to be more resistant to
-# related key attacks than is 256-bit AES. Use '_' to use default key size
-# for cipher algorithms (where it makes sense because the algorithm supports
-# a variable key size). Key length must agree to what's provided as the
-# cipher transformation, otherwise this will be ignored after logging a
-# warning.
+# Default key size to use for cipher specified by Encryptor.EncryptionAlgorithm.
+# Note that this MUST be a valid key size for the algorithm being used
+# (as specified by Encryptor.EncryptionAlgorithm). So for example, if AES is used,
+# it must be 128, 192, or 256. If DESede is chosen, then it must be either 112 or 168.
+#
+# Note that 128-bits is almost always sufficient and for AES it appears to be more
+# somewhat more resistant to related key attacks than is 256-bit AES.)
+#
+# Defaults to 128-bits if left blank.
+#
+# NOTE: If you use a key size > 128-bits, then you MUST have the JCE Unlimited
+#       Strength Jurisdiction Policy files installed!!!
 #
 Encryptor.EncryptionKeyLength=128
 
+# This is the _minimum_ key size (in bits) that we allow with ANY symmetric
+# cipher for doing encryption. (There is no minimum for decryption.)
+#
+# Generally, if you only use one algorithm, this should be set the same as
+# the Encryptor.EncryptionKeyLength property.
+Encryptor.MinEncryptionKeyLength=112
+
 # Because 2.x uses CBC mode by default, it requires an initialization vector (IV).
 # (All cipher modes except ECB require an IV.) There are two choices: we can either
 # use a fixed IV known to both parties or allow ESAPI to choose a random IV. While
@@ -308,12 +324,14 @@ Encryptor.PlainText.overwrite=true
 
 # Do not use DES except in a legacy situations. 56-bit is way too small key size.
 #Encryptor.EncryptionKeyLength=56
+#Encryptor.MinEncryptionKeyLength=56
 #Encryptor.EncryptionAlgorithm=DES
 
 # TripleDES is considered strong enough for most purposes.
 #	Note:	There is also a 112-bit version of DESede. Using the 168-bit version
 #			requires downloading the special jurisdiction policy from Sun.
 #Encryptor.EncryptionKeyLength=168
+#Encryptor.MinEncryptionKeyLength=112
 #Encryptor.EncryptionAlgorithm=DESede
 
 Encryptor.HashAlgorithm=SHA-512

From 39d79b6c63d3829a958979854791568c627b0c54 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sat, 20 Apr 2019 17:57:29 -0400
Subject: [PATCH 553/812] Changes to support min key length for encryption via
 the new Encrpytor.MinEncryptionKeyLength property.

---
 src/main/java/org/owasp/esapi/SecurityConfiguration.java | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/main/java/org/owasp/esapi/SecurityConfiguration.java b/src/main/java/org/owasp/esapi/SecurityConfiguration.java
index 42ab9f43a..ed326d6ae 100644
--- a/src/main/java/org/owasp/esapi/SecurityConfiguration.java
+++ b/src/main/java/org/owasp/esapi/SecurityConfiguration.java
@@ -175,8 +175,13 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
 
 	/**
 	 * Gets the key length to use in cryptographic operations declared in the ESAPI properties file.
+     * Note that this corresponds to the ESAPI property <b>Encryptor.EncryptionKeyLength</b> which is
+     * considered the <i>default</i> key size that ESAPI will use for symmetric
+     * ciphers supporting multiple key sizes. (Note that there is also an <b>Encryptor.MinEncryptionKeyLength</b>,
+     * which is the <i>minimum</i> key size (in bits) that ESAPI will support
+     * for encryption. (There is no miminimum for decryption.)
 	 * 
-	 * @return the key length.
+	 * @return the key length (in bits)
      * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
 	 */
 	@Deprecated

From 8a5a01c769c125fd3fb72d45f35d73e8a2c50422 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sat, 20 Apr 2019 18:03:45 -0400
Subject: [PATCH 554/812] Replace assertions w/ runtime checks & logging fix.

Numerous 'assert' statements were replaced with explicit runtime
checks where warranted. Also, in the case were the base64 decoding
of a CryptoToken fails, that value is no longer output to the ESAPI
log via an exception message.
---
 .../org/owasp/esapi/crypto/CryptoToken.java   | 133 ++++++++++++------
 1 file changed, 89 insertions(+), 44 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/crypto/CryptoToken.java b/src/main/java/org/owasp/esapi/crypto/CryptoToken.java
index 4276079f9..b8dc983d8 100644
--- a/src/main/java/org/owasp/esapi/crypto/CryptoToken.java
+++ b/src/main/java/org/owasp/esapi/crypto/CryptoToken.java
@@ -33,18 +33,14 @@
 import org.owasp.esapi.Logger;
 import org.owasp.esapi.errors.EncodingException;
 import org.owasp.esapi.errors.EncryptionException;
+import org.owasp.esapi.errors.EncryptionRuntimeException;
+import org.owasp.esapi.errors.ConfigurationException;
 import org.owasp.esapi.errors.ValidationException;
 
 ///// IMPORTANT NOTE: Never print / log attribute *values* as they
 /////                 may be sensitive. Also, do not log the CryptoToken
-/////				  itself as it generally is used as an authentication token.
-
-// OPEN ISSUE: Assertions vs. IllegalArgumentException must be resolved. I prefer
-//             assertions for preconditions, which is more in line with Design-by-Contract
-//             and Eiffel. There are a few places where assertions are not appropriate
-//             because if they are not disabled (they are not by default), they could cause
-//             incorrect behavior (e.g., setting the expiration time to something in the
-//             past, etc.)
+/////                 itself, because even it is encrypted, the token itself
+/////                 is often used as an authentication token.
 
 /**
  * Compute a cryptographically secure, encrypted token containing
@@ -73,16 +69,15 @@
  * The attribute value may contain any value. However, values containing
  * either '=' or ';' will be quoted using '\'. Likewise, values containing '\'
  * will also be quoted using '\'. Hence if original name/value pair were
- *             name=ab=xy\;
- *         this would be represented as
- *             name=ab\=xy\\\;
+ * <b>name=ab=xy\;</b> * this would be represented as <b>name=ab\=xy\\\;</b>.
  * To ensure things are "safe" (from a security perspective), attribute
  * <i>names</i> must conform the the Java regular expression
  * <pre>
  *          [A-Za-z0-9_\.-]+
  * </pre>
  * The attribute <i>value</i> on the other hand, may be any valid string. (That
- * is, the value is not checked, so beware!)
+ * is, the value is not checked, so beware! When rendering these values, output
+ * encoding may be required to prevent XSS. Use ESAPI's {@code Encoder} for that.
  * <p>
  * This entire semicolon-separated string is then encrypted via one of the 
  * {@code Encryptor.encrypt()} methods and then base64-encoded, serialized
@@ -94,6 +89,11 @@
  * must be unique. There are some restrictions on the attribute names.
  * (See the {@link #setAttribute(String, String)} method for details.)
  *
+ * <b>WARNING:</b> You should never print / log attribute <b>values</b> as
+ *              they may be sensitive. Also, do not log the {@code CryptoToken}
+ *              itself, because even though it is encrypted, the token itself is
+ *              often used as an authentication token.
+ *
  * @author kevin.w.wall@gmail.com
  * @since 2.0
  */
@@ -141,7 +141,9 @@ public CryptoToken() {
      * @param skey  The specified {@code SecretKey} to use to encrypt the token.
      */
     public CryptoToken(SecretKey skey) {
-        assert skey != null : "SecretKey may not be null.";
+        if ( skey == null ) {
+            throw new IllegalArgumentException("SecretKey may not be null.");
+        }
         secretKey = skey;
         long now = System.currentTimeMillis();
         expirationTime = now + DEFAULT_EXP_TIME;
@@ -170,8 +172,12 @@ public CryptoToken(String token) throws EncryptionException {
             throw new EncryptionException("Decryption of token failed. Token improperly encoded or encrypted with different key.",
                                           "Can't decrypt token because not correctly encoded or encrypted with different key.", e);
         }
-        assert username != null : "Programming error: Decrypted token found username null.";
-        assert expirationTime > 0 : "Programming error: Decrypted token found expirationTime <= 0.";
+        if ( username == null ) {
+            throw new IllegalArgumentException("Programming error or malformed token: Decrypted token found username null.");
+        }
+        if ( expirationTime <= 0 ) {
+            throw new IllegalArgumentException("Programming error or malformed token: Decrypted token found expirationTime <= 0.");
+        }
     }
 
     /** 
@@ -188,8 +194,12 @@ public CryptoToken(String token) throws EncryptionException {
     // token is a previously encrypted token (i.e., CryptoToken.getToken())
     // with different SecretKey other than the one in ESAPI.properties
     public CryptoToken(SecretKey skey, String token) throws EncryptionException {
-        assert skey != null : "SecretKey may not be null.";
-        assert token != null : "Token may not be null";
+        if ( skey == null ) {
+            throw new IllegalArgumentException("SecretKey may not be null.");
+        }
+        if ( token == null ) {
+                throw new IllegalArgumentException("Token may not be null");
+        }
         secretKey = skey;
         try {
             decryptToken(secretKey, token);
@@ -197,8 +207,14 @@ public CryptoToken(SecretKey skey, String token) throws EncryptionException {
             throw new EncryptionException("Decryption of token failed. Token improperly encoded.",
                                           "Can't decrypt token because not correctly encoded.", e);
         }
-        assert username != null : "Programming error: Decrypted token found username null.";
-        assert expirationTime > 0 : "Programming error: Decrypted token found expirationTime <= 0.";
+        if ( username == null ) {
+            String exm = "Programming error???: Decrypted token found username null.";
+            throw new EncryptionException(exm, exm);
+        }
+        if ( expirationTime <= 0 ) {
+            String exm = "Programming error???: Decrypted token found expirationTime <= 0.";
+            throw new EncryptionException(exm, exm);
+        }
     }
 
     /**
@@ -224,7 +240,9 @@ public String getUserAccountName() {
      *                              expression.)
      */
     public void setUserAccountName(String userAccountName) throws ValidationException {
-        assert userAccountName != null : "User account name may not be null.";
+        if ( userAccountName == null ) {
+            throw new IllegalArgumentException("User account name may not be null.");
+        }
         
         // Converting to lower case first allows a simpler regex.
         String userAcct = userAccountName.toLowerCase();
@@ -251,7 +269,7 @@ public boolean isExpired() {
     /**
      * Set expiration time to expire in 'interval' seconds (NOT milliseconds).
      * @param intervalSecs  Number of seconds in the future from current date/time
-     *                  	to set expiration. Must be positive.
+     *                      to set expiration. Must be positive.
      */
     public void setExpiration(int intervalSecs) throws IllegalArgumentException
     {
@@ -296,6 +314,9 @@ public void setExpiration(Date expirationDate) throws IllegalArgumentException
      * @return  The current expiration time.
      */
     public long getExpiration() {
+        // Assertion here is safe as it is just a sanity check and this check is
+        // make elsewhere. Plus this is a getter, not a setting, so if it's
+        // messed up, it happened somewhere else.
         assert expirationTime > 0L : "Programming error: Expiration time <= 0";
         return expirationTime;
     }
@@ -318,16 +339,10 @@ public Date getExpirationDate() {
      */
     public void setAttribute(String name, String value) throws ValidationException {
         if ( name == null || name.length() == 0 ) {
-            // CHECKME: Should this be an IllegalArgumentException instead? I
-            // would prefer an assertion here and state this as a precondition
-            // in the Javadoc.
             throw new ValidationException("Null or empty attribute NAME encountered",
                                           "Attribute NAMES may not be null or empty string.");
         }
         if ( value == null ) {
-            // CHECKME: Should this be an IllegalArgumentException instead? I
-            // would prefer an assertion here and state this as a precondition
-            // in the Javadoc.
             throw new ValidationException("Null attribute VALUE encountered for attr name " + name,
                                           "Attribute VALUE may not be null; attr name: " + name);            
         }
@@ -359,8 +374,9 @@ public void setAttribute(String name, String value) throws ValidationException {
      * @see #setAttribute(String, String)
      */
     public void addAttributes(final Map<String, String> attrs) throws ValidationException {
-        // CHECKME: Assertion vs. IllegalArgumentException
-        assert attrs != null : "Attribute map may not be null.";
+        if ( attrs == null ) {
+            throw new IllegalArgumentException("Attribute map may not be null.");
+        }
         Set< Entry<String,String> > keyValueSet = attrs.entrySet();
         Iterator<Entry<String, String>> it = keyValueSet.iterator();
         while( it.hasNext() ) {
@@ -560,7 +576,10 @@ private String getQuotedAttributes() {
     
     // Quote any special characters in value.
     private static String quoteAttributeValue(String value) {
-        assert value != null : "Program error: Value should not be null."; // Empty is OK.
+        if ( value == null ) {
+            String exm = "Programming error???: Value should not be null."; // Empty string is OK.
+            throw new EncryptionRuntimeException(exm, exm);
+        }
         StringBuilder sb = new StringBuilder();
         char[] charArray = value.toCharArray();
         for( int i = 0; i < charArray.length; i++ ) {
@@ -608,20 +627,34 @@ private void decryptToken(SecretKey skey, String b64token) throws EncryptionExce
         try {
             token = ESAPI.encoder().decodeFromBase64(b64token);
         } catch (IOException e) {
-            // CHECKME: Not clear if we should log the actual token itself. It's encrypted,
-            //          but could be arbitrarily long, especially since it is not valid
-            //          encoding. OTOH, it may help debugging as sometimes it may be a simple
-            //          case like someone failing to apply some other type of encoding
-            //          consistently (e.g., URL encoding), in which case logging this should
-            //          make this pretty obvious once a few of these are logged.
+            // Ideally, we'd like to be able to include the actual (munged) token itself.
+            // It's encrypted, but could be arbitrarily long, especially since it is not valid
+            // encoding. In theory, it may help debugging as sometimes it may be a simple
+            // case like someone failing to apply some other type of encoding
+            // consistently (e.g., URL encoding), in which case logging this should
+            // make this pretty obvious once a few of these are logged.
+            //
+            // OTOH, since tokens may be used as authentication tokens (see
+            // "WARNING" in the class Javadoc) some insider could intentionally botch
+            // a token (e.g., just remove the base64 padding characters) just to
+            // get an otherwise valid token logged somewhere they can access it.
+            // Therefore, I have decided NOT to include in in the logMessage
+            // part of the exception.
+            //
+            // Note that prior to ESAPI 2.2.0.0, the token _was_ logged, but has
+            // now been corrected.
+            //
             throw new EncodingException("Invalid base64 encoding.",
-                                          "Invalid base64 encoding. Encrypted token was: " + b64token);
+                                        "Invalid base64 encoding for token [REDACTED]");
         }
         CipherText ct = CipherText.fromPortableSerializedBytes(token);
         Encryptor encryptor = ESAPI.encryptor();
         PlainText pt = encryptor.decrypt(skey, ct);
         String str = pt.toString();
-        assert str.endsWith(DELIM) : "Programming error: Expecting decrypted token to end with delim char, " + DELIM_CHAR;
+        if ( ! str.endsWith(DELIM) ) {
+            String exm = "Programming error???: Expecting decrypted token to end with delim char, " + DELIM_CHAR;
+            throw new EncryptionException(exm, exm);
+        }
         char[] charArray = str.toCharArray();
         int prevPos = -1;                // Position of previous unquoted delimiter.
         int fieldNo = 0;
@@ -653,9 +686,15 @@ private void decryptToken(SecretKey skey, String b64token) throws EncryptionExce
         }
         
         Object[] objArray = fields.toArray();
-        assert fieldNo == objArray.length : "Program error: Mismatch of delimited field count.";
+        if ( fieldNo != objArray.length ) {
+            String exm = "Programming error???: Mismatch of delimited field count.";
+            throw new EncryptionException(exm, exm);
+        }
         logger.debug(Logger.EVENT_UNSPECIFIED, "Found " + objArray.length + " fields.");
-        assert objArray.length >= 2 : "Missing mandatory fields from decrypted token (username &/or expiration time).";
+        if ( objArray.length < 2 ) {
+            String exm = "Missing mandatory fields from decrypted token (username &/or expiration time).";
+            throw new EncryptionException(exm, exm);
+        }
         username = ((String)(objArray[0])).toLowerCase();
         String expTime = (String)objArray[1];
         expirationTime = Long.parseLong(expTime);
@@ -689,12 +728,18 @@ private void decryptToken(SecretKey skey, String b64token) throws EncryptionExce
     }
     
     private SecretKey getDefaultSecretKey(String encryptAlgorithm) {
-        assert encryptAlgorithm != null : "Encryption algorithm cannot be null";
+        if ( encryptAlgorithm == null ) {
+            throw new IllegalArgumentException("Encryption algorithm cannot be null");
+        }
         byte[] skey = ESAPI.securityConfiguration().getMasterKey();
-        assert skey != null : "Can't obtain master key, Encryptor.MasterKey";
-        assert skey.length >= 7 :
+        if ( skey == null ) {
+            throw new IllegalArgumentException("Can't obtain master key, Encryptor.MasterKey");
+        }
+        if ( skey.length < 7 ) {
+            throw new ConfigurationException(
                         "Encryptor.MasterKey must be at least 7 bytes. " +
-                        "Length is: " + skey.length + " bytes.";
+                        "Length is: " + skey.length + " bytes.");
+        }
         // Set up secretKeySpec for use for symmetric encryption and decryption,
         // and set up the public/private keys for asymmetric encryption /
         // decryption.

From 2218a6e579b95186b61d85d3ecf5e3e7a058f517 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sat, 20 Apr 2019 18:16:38 -0400
Subject: [PATCH 555/812] Replace assertions with explicit runtime checks.

Numerous 'assert' statements were replaced with explicit runtime
checks where warranted. Also extensive tab clean-up, replacing tabs
by 4 spaces.
---
 .../org/owasp/esapi/crypto/CipherText.java    | 716 +++++++++---------
 1 file changed, 368 insertions(+), 348 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/crypto/CipherText.java b/src/main/java/org/owasp/esapi/crypto/CipherText.java
index 19e4a66a8..aacf488a9 100644
--- a/src/main/java/org/owasp/esapi/crypto/CipherText.java
+++ b/src/main/java/org/owasp/esapi/crypto/CipherText.java
@@ -55,31 +55,31 @@
  * @see org.owasp.esapi.Encryptor
  * @since 2.0
  */
-public final class CipherText implements Serializable {	
+public final class CipherText implements Serializable {
     // NOTE: Do NOT change this in future versions, unless you are knowingly
     //       making changes to the class that will render this class incompatible
     //       with previously serialized objects from older versions of this class.
-	//		 If this is done, that you must provide for supporting earlier ESAPI versions.
+    //       If this is done, that you must provide for supporting earlier ESAPI versions.
     //       Be wary making incompatible changes as discussed at:
     //          http://java.sun.com/javase/6/docs/platform/serialization/spec/version.html#6678
     //       Any incompatible change in the serialization of CipherText *must* be
     //       reflected in the class CipherTextSerializer.
     // This should be *same* version as in CipherTextSerializer and KeyDerivationFunction.
-	// If one changes, the other should as well to accommodate any differences.
-	//		Previous versions:	20110203 - Original version (ESAPI releases 2.0 & 2.0.1)
-	//						    20130830 - Fix to issue #306 (release 2.1.0)
-	public  static final int cipherTextVersion = 20130830; // Format: YYYYMMDD, max is 99991231.
-		// Required by Serializable classes.
-	private static final long serialVersionUID = cipherTextVersion; // Format: YYYYMMDD
-	
-	private static final Logger logger = ESAPI.getLogger("CipherText");
+    // If one changes, the other should as well to accommodate any differences.
+    //      Previous versions:  20110203 - Original version (ESAPI releases 2.0 & 2.0.1)
+    //                          20130830 - Fix to issue #306 (release 2.1.0)
+    public  static final int cipherTextVersion = 20130830; // Format: YYYYMMDD, max is 99991231.
+        // Required by Serializable classes.
+    private static final long serialVersionUID = cipherTextVersion; // Format: YYYYMMDD
+    
+    private static final Logger logger = ESAPI.getLogger("CipherText");
     
     private CipherSpec cipherSpec_           = null;
     private byte[]     raw_ciphertext_       = null;
     private byte[]     separate_mac_         = null;
     private long       encryption_timestamp_ = 0;
-    private int		   kdfVersion_           = KeyDerivationFunction.kdfVersion;
-    private int		   kdfPrfSelection_      = KeyDerivationFunction.getDefaultPRFSelection();
+    private int        kdfVersion_           = KeyDerivationFunction.kdfVersion;
+    private int        kdfPrfSelection_      = KeyDerivationFunction.getDefaultPRFSelection();
 
     // All the various pieces that can be set, either directly or indirectly
     // via CipherSpec.
@@ -107,12 +107,14 @@ private enum CipherTextFlags {
     // Check if versions of KeyDerivationFunction, CipherText, and
     // CipherTextSerializer are all the same.
     {
-    	// Ignore error about comparing identical versions and dead code.
-    	// We expect them to be, but the point is to catch us if they aren't.
-    	assert CipherTextSerializer.cipherTextSerializerVersion == CipherText.cipherTextVersion :
-            "Versions of CipherTextSerializer and CipherText are not compatible.";
-    	assert CipherTextSerializer.cipherTextSerializerVersion == KeyDerivationFunction.kdfVersion :
-    		"Versions of CipherTextSerializer and KeyDerivationFunction are not compatible.";
+        // Ignore error about comparing identical versions and dead code.
+        // We expect them to be, but the point is to catch us if they aren't.
+        if ( CipherTextSerializer.cipherTextSerializerVersion != CipherText.cipherTextVersion ) {
+            throw new ExceptionInInitializerError("Versions of CipherTextSerializer and CipherText are not compatible.");
+        }
+        if ( CipherTextSerializer.cipherTextSerializerVersion != KeyDerivationFunction.kdfVersion ) {
+            throw new ExceptionInInitializerError("Versions of CipherTextSerializer and KeyDerivationFunction are not compatible.");
+        }
     }
 
     ///////////////////////////  C O N S T R U C T O R S  /////////////////////////
@@ -180,89 +182,89 @@ public static CipherText fromPortableSerializedBytes(byte[] bytes)
 
     /////////////////////////  P U B L I C   M E T H O D S  ////////////////////
 
-	/**
-	 * Obtain the String representing the cipher transformation used to encrypt
-	 * the plaintext. The cipher transformation represents the cipher algorithm,
-	 * the cipher mode, and the padding scheme used to do the encryption. An
-	 * example would be "AES/CBC/PKCS5Padding". See Appendix A in the
-	 * <a href="http://java.sun.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html#AppA">
-	 * Java Cryptography Architecture Reference Guide</a>
-	 * for information about standard supported cipher transformation names.
-	 * <p>
-	 * The cipher transformation name is usually sufficient to be passed to
-	 * {@link javax.crypto.Cipher#getInstance(String)} to create a
-	 * <code>Cipher</code> object to decrypt the ciphertext.
-	 * 
-	 * @return The cipher transformation name used to encrypt the plaintext
-	 * 		   resulting in this ciphertext.
-	 */
+    /**
+     * Obtain the String representing the cipher transformation used to encrypt
+     * the plaintext. The cipher transformation represents the cipher algorithm,
+     * the cipher mode, and the padding scheme used to do the encryption. An
+     * example would be "AES/CBC/PKCS5Padding". See Appendix A in the
+     * <a href="http://java.sun.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html#AppA">
+     * Java Cryptography Architecture Reference Guide</a>
+     * for information about standard supported cipher transformation names.
+     * <p>
+     * The cipher transformation name is usually sufficient to be passed to
+     * {@link javax.crypto.Cipher#getInstance(String)} to create a
+     * <code>Cipher</code> object to decrypt the ciphertext.
+     * 
+     * @return The cipher transformation name used to encrypt the plaintext
+     *         resulting in this ciphertext.
+     */
     public String getCipherTransformation() {
         return cipherSpec_.getCipherTransformation();
     }
-	
-	/**
-	 * Obtain the name of the cipher algorithm used for encrypting the
-	 * plaintext.
-	 * 
-	 * @return The name as the cryptographic algorithm used to perform the
-	 * 		   encryption resulting in this ciphertext.
-	 */
+    
+    /**
+     * Obtain the name of the cipher algorithm used for encrypting the
+     * plaintext.
+     * 
+     * @return The name as the cryptographic algorithm used to perform the
+     *         encryption resulting in this ciphertext.
+     */
     public String getCipherAlgorithm() {
         return cipherSpec_.getCipherAlgorithm();
     }
-	
-	/**
-	 * Retrieve the key size used with the cipher algorithm that was used to
-	 * encrypt data to produce this ciphertext.
-	 * 
-	 * @return The key size in bits. We work in bits because that's the crypto way!
-	 */
+    
+    /**
+     * Retrieve the key size used with the cipher algorithm that was used to
+     * encrypt data to produce this ciphertext.
+     * 
+     * @return The key size in bits. We work in bits because that's the crypto way!
+     */
     public int getKeySize() {
         return cipherSpec_.getKeySize();
     }
-	
-	/**
-	 * Retrieve the block size (in bytes!) of the cipher used for encryption.
-	 * (Note: If an IV is used, this will also be the IV length.)
-	 * 
-	 * @return The block size in bytes. (Bits, bytes! It's confusing I know. Blame
-	 * 									the cryptographers; we've just following
-	 * 									convention.)
-	 */
+    
+    /**
+     * Retrieve the block size (in bytes!) of the cipher used for encryption.
+     * (Note: If an IV is used, this will also be the IV length.)
+     * 
+     * @return The block size in bytes. (Bits, bytes! It's confusing I know. Blame
+     *                                  the cryptographers; we've just following
+     *                                  convention.)
+     */
     public int getBlockSize() {
         return cipherSpec_.getBlockSize();
     }
-	
-	/**
-	 * Get the name of the cipher mode used to encrypt some plaintext.
-	 * 
-	 * @return The name of the cipher mode used to encrypt the plaintext
-	 *         resulting in this ciphertext. E.g., "CBC" for "cipher block
-	 *         chaining", "ECB" for "electronic code book", etc.
-	 */
+    
+    /**
+     * Get the name of the cipher mode used to encrypt some plaintext.
+     * 
+     * @return The name of the cipher mode used to encrypt the plaintext
+     *         resulting in this ciphertext. E.g., "CBC" for "cipher block
+     *         chaining", "ECB" for "electronic code book", etc.
+     */
     public String getCipherMode() {
         return cipherSpec_.getCipherMode();
     }
-	
-	/**
-	 * Get the name of the padding scheme used to encrypt some plaintext.
-	 * 
-	 * @return The name of the padding scheme used to encrypt the plaintext
-	 * 		   resulting in this ciphertext. Example: "PKCS5Padding". If no
-	 * 		   padding was used "None" is returned.
-	 */
+    
+    /**
+     * Get the name of the padding scheme used to encrypt some plaintext.
+     * 
+     * @return The name of the padding scheme used to encrypt the plaintext
+     *         resulting in this ciphertext. Example: "PKCS5Padding". If no
+     *         padding was used "None" is returned.
+     */
     public String getPaddingScheme() {
         return cipherSpec_.getPaddingScheme();
     }
-	
-	/**
-	 * Return the initialization vector (IV) used to encrypt the plaintext
-	 * if applicable.
-	 *  
-	 * @return	The IV is returned if the cipher mode used to encrypt the
-	 * 			plaintext was not "ECB". ECB mode does not use an IV so in
-	 * 			that case, <code>null</code> is returned.
-	 */
+    
+    /**
+     * Return the initialization vector (IV) used to encrypt the plaintext
+     * if applicable.
+     *  
+     * @return  The IV is returned if the cipher mode used to encrypt the
+     *          plaintext was not "ECB". ECB mode does not use an IV so in
+     *          that case, <code>null</code> is returned.
+     */
     public byte[] getIV() {
         if ( isCollected(CipherTextFlags.INITVECTOR) ) {
             return cipherSpec_.getIV();
@@ -271,194 +273,207 @@ public byte[] getIV() {
             return null;
         }
     }
-	
-	/** 
-	 * Return true if the cipher mode used requires an IV. Usually this will
-	 * be true unless ECB mode (which should be avoided whenever possible) is
-	 * used.
-	 */
+    
+    /** 
+     * Return true if the cipher mode used requires an IV. Usually this will
+     * be true unless ECB mode (which should be avoided whenever possible) is
+     * used.
+     */
     public boolean requiresIV() {
         return cipherSpec_.requiresIV();
     }
-	
-	/**
-	 * Get the raw ciphertext byte array resulting from encrypting some
-	 * plaintext.
-	 * 
-	 * @return A copy of the raw ciphertext as a byte array.
-	 */
-	public byte[] getRawCipherText() {
-	    if ( isCollected(CipherTextFlags.CIPHERTEXT) ) {
-	        byte[] copy = new byte[ raw_ciphertext_.length ];
-	        System.arraycopy(raw_ciphertext_, 0, copy, 0, raw_ciphertext_.length);
-	        return copy;
-	    } else {
-	        logger.error(Logger.SECURITY_FAILURE, "Raw ciphertext not set yet; unable to retrieve; returning null");
-	        return null;
-	    }
-	}
-	
-	/**
-	 * Get number of bytes in raw ciphertext. Zero is returned if ciphertext has not
-	 * yet been stored.
-	 * 
-	 * @return The number of bytes of raw ciphertext; 0 if no raw ciphertext has been stored.
-	 */
-	public int getRawCipherTextByteLength() {
-	    if ( raw_ciphertext_ != null ) {
-	        return raw_ciphertext_.length;
-	    } else {
-	        return 0;
-	    }
-	}
+    
+    /**
+     * Get the raw ciphertext byte array resulting from encrypting some
+     * plaintext.
+     * 
+     * @return A copy of the raw ciphertext as a byte array.
+     */
+    public byte[] getRawCipherText() {
+        if ( isCollected(CipherTextFlags.CIPHERTEXT) ) {
+            byte[] copy = new byte[ raw_ciphertext_.length ];
+            System.arraycopy(raw_ciphertext_, 0, copy, 0, raw_ciphertext_.length);
+            return copy;
+        } else {
+            logger.error(Logger.SECURITY_FAILURE, "Raw ciphertext not set yet; unable to retrieve; returning null");
+            return null;
+        }
+    }
+    
+    /**
+     * Get number of bytes in raw ciphertext. Zero is returned if ciphertext has not
+     * yet been stored.
+     * 
+     * @return The number of bytes of raw ciphertext; 0 if no raw ciphertext has been stored.
+     */
+    public int getRawCipherTextByteLength() {
+        if ( raw_ciphertext_ != null ) {
+            return raw_ciphertext_.length;
+        } else {
+            return 0;
+        }
+    }
 
-	/**
-	 * Return a base64-encoded representation of the raw ciphertext alone. Even
-	 * in the case where an IV is used, the IV is not prepended before the
-	 * base64-encoding is performed.
-	 * <p>
-	 * If there is a need to store an encrypted value, say in a database, this
-	 * is <i>not</i> the method you should use unless you are using a <i>fixed</i>
-	 * IV or are planning on retrieving the IV and storing it somewhere separately
-	 * (e.g., a different database column). If you are <i>not</i> using a fixed IV
-	 * (which is <strong>highly</strong> discouraged), you should normally use
-	 * {@link #getEncodedIVCipherText()} instead.
-	 * </p>
-	 * @see #getEncodedIVCipherText()
-	 */
-	public String getBase64EncodedRawCipherText() {
-	    return ESAPI.encoder().encodeForBase64(getRawCipherText(),false);
-	}
-	
-	/**
-	 * Return the ciphertext as a base64-encoded <code>String</code>. If an
-	 * IV was used, the IV if first prepended to the raw ciphertext before
-	 * base64-encoding. If an IV is not used, then this method returns the same
-	 * value as {@link #getBase64EncodedRawCipherText()}.
-	 * <p>
-	 * Generally, this is the method that you should use unless you only
-	 * are using a fixed IV and a storing that IV separately, in which case
-	 * using {@link #getBase64EncodedRawCipherText()} can reduce the storage
-	 * overhead.
-	 * </p>
-	 * @return The base64-encoded ciphertext or base64-encoded IV + ciphertext.
-	 * @see #getBase64EncodedRawCipherText()
-	 */
-	public String getEncodedIVCipherText() {
-	    if ( isCollected(CipherTextFlags.INITVECTOR) && isCollected(CipherTextFlags.CIPHERTEXT) ) {
-	        // First concatenate IV + raw ciphertext
-	        byte[] iv = getIV();
-	        byte[] raw = getRawCipherText();
-	        byte[] ivPlusCipherText = new byte[ iv.length + raw.length ];
-	        System.arraycopy(iv, 0, ivPlusCipherText, 0, iv.length);
-	        System.arraycopy(raw, 0, ivPlusCipherText, iv.length, raw.length);
-	        // Then return the base64 encoded result
-	        return ESAPI.encoder().encodeForBase64(ivPlusCipherText, false);
-	    } else {
-	        logger.error(Logger.SECURITY_FAILURE, "Raw ciphertext and/or IV not set yet; unable to retrieve; returning null");
-	        return null;
-	    }
-	}
+    /**
+     * Return a base64-encoded representation of the raw ciphertext alone. Even
+     * in the case where an IV is used, the IV is not prepended before the
+     * base64-encoding is performed.
+     * <p>
+     * If there is a need to store an encrypted value, say in a database, this
+     * is <i>not</i> the method you should use unless you are using a <i>fixed</i>
+     * IV or are planning on retrieving the IV and storing it somewhere separately
+     * (e.g., a different database column). If you are <i>not</i> using a fixed IV
+     * (which is <strong>highly</strong> discouraged), you should normally use
+     * {@link #getEncodedIVCipherText()} instead.
+     * </p>
+     * @see #getEncodedIVCipherText()
+     */
+    public String getBase64EncodedRawCipherText() {
+        return ESAPI.encoder().encodeForBase64(getRawCipherText(),false);
+    }
+    
+    /**
+     * Return the ciphertext as a base64-encoded <code>String</code>. If an
+     * IV was used, the IV if first prepended to the raw ciphertext before
+     * base64-encoding. If an IV is not used, then this method returns the same
+     * value as {@link #getBase64EncodedRawCipherText()}.
+     * <p>
+     * Generally, this is the method that you should use unless you only
+     * are using a fixed IV and a storing that IV separately, in which case
+     * using {@link #getBase64EncodedRawCipherText()} can reduce the storage
+     * overhead.
+     * </p>
+     * @return The base64-encoded ciphertext or base64-encoded IV + ciphertext.
+     * @see #getBase64EncodedRawCipherText()
+     */
+    public String getEncodedIVCipherText() {
+        if ( isCollected(CipherTextFlags.INITVECTOR) && isCollected(CipherTextFlags.CIPHERTEXT) ) {
+            // First concatenate IV + raw ciphertext
+            byte[] iv = getIV();
+            byte[] raw = getRawCipherText();
+            byte[] ivPlusCipherText = new byte[ iv.length + raw.length ];
+            System.arraycopy(iv, 0, ivPlusCipherText, 0, iv.length);
+            System.arraycopy(raw, 0, ivPlusCipherText, iv.length, raw.length);
+            // Then return the base64 encoded result
+            return ESAPI.encoder().encodeForBase64(ivPlusCipherText, false);
+        } else {
+            logger.error(Logger.SECURITY_FAILURE, "Raw ciphertext and/or IV not set yet; unable to retrieve; returning null");
+            return null;
+        }
+    }
 
-	/**
-	 * Compute and store the Message Authentication Code (MAC) if the ESAPI property
-	 * {@code Encryptor.CipherText.useMAC} is set to {@code true}. If it
-	 * is, the MAC is conceptually calculated as:
-	 * <pre>
-	 * 		authKey = DerivedKey(secret_key, "authenticate")
-	 * 		HMAC-SHA1(authKey, IV + secret_key)
-	 * </pre>
-	 * where derived key is an HMacSHA1, possibly repeated multiple times.
-	 * (See {@link org.owasp.esapi.crypto.CryptoHelper#computeDerivedKey(SecretKey, int, String)}
-	 * for details.)
-	 * </p><p>
-	 * <b>Perceived Benefits</b>: There are certain cases where if an attacker
-	 * is able to change the IV. When one uses a authenticity key that is
-	 * derived from the "master" key, it also makes it possible to know when
-	 * the incorrect key was attempted to be used to decrypt the ciphertext.
-	 * </p><p>
-	 * <b>NOTE:</b> The purpose of this MAC (which is always computed by the
-	 * ESAPI reference model implementing {@code Encryptor}) is to ensure the
-	 * authenticity of the IV and ciphertext. Among other things, this prevents
-	 * an adversary from substituting the IV with one of their own choosing.
-	 * Because we don't know whether or not the recipient of this {@code CipherText}
-	 * object will want to validate the authenticity or not, the reference
-	 * implementation of {@code Encryptor} always computes it and includes it.
-	 * The recipient of the ciphertext can then choose whether or not to validate
-	 * it.
-	 * 
-	 * @param authKey The secret key that is used for proving authenticity of
-	 * 				the IV and ciphertext. This key should be derived from
-	 * 				the {@code SecretKey} passed to the
-	 * 				{@link Encryptor#encrypt(javax.crypto.SecretKey, PlainText)}
-	 *				and
-	 *				{@link Encryptor#decrypt(javax.crypto.SecretKey, CipherText)}
-	 *				methods or the "master" key when those corresponding
-	 *				encrypt / decrypt methods are used. This authenticity key
-	 *				should be the same length and for the same cipher algorithm
-	 *				as this {@code SecretKey}. The method
-	 *				{@link org.owasp.esapi.crypto.CryptoHelper#computeDerivedKey(SecretKey, int, String)}
-	 *				is a secure way to produce this derived key.
-	 */		// DISCUSS - Cryptographers David Wagner, Ian Grigg, and others suggest
-			// computing authenticity using derived key and HmacSHA1 of IV + ciphertext.
-			// However they also argue that what should be returned and treated as
-			// (i.e., stored as) ciphertext would be something like this:
-			//		len_of_raw_ciphertext + IV + raw_ciphertext + MAC
-			// TODO: Need to do something like this for custom serialization and then
-	        // document order / format so it can be used by other ESAPI implementations.
-	public void computeAndStoreMAC(SecretKey authKey) {
-	    assert !macComputed() : "Programming error: Can't store message integrity code " +
-	                            "while encrypting; computeAndStoreMAC() called multiple times.";
-	    assert collectedAll() : "Have not collected all required information to compute and store MAC.";
-	    byte[] result = computeMAC(authKey);
-	    if ( result != null ) {
-	        storeSeparateMAC(result);
-	    }
-	    // If 'result' is null, we already logged this in computeMAC().
-	}
-	
-	/**
-	 * Same as {@link #computeAndStoreMAC(SecretKey)} but this is only used by
-	 * {@code CipherTextSerializeer}. (Has package level access.)
-	 */ // CHECKME: For this to be "safe", it requires ESAPI jar to be sealed.
-	void storeSeparateMAC(byte[] macValue) {
-	    if ( !macComputed() ) {
-	        separate_mac_ = new byte[ macValue.length ];
-	        CryptoHelper.copyByteArray(macValue, separate_mac_);
-	        assert macComputed();
-	    }
-	}
-	
-	/**
-	 * Validate the message authentication code (MAC) associated with the ciphertext.
-	 * This is mostly meant to ensure that an attacker has not replaced the IV
-	 * or raw ciphertext with something arbitrary. Note however that it will
-	 * <i>not</i> detect the case where an attacker simply substitutes one
-	 * valid ciphertext with another ciphertext.
-	 * 
-	 * @param authKey The secret key that is used for proving authenticity of
-	 * 				the IV and ciphertext. This key should be derived from
-	 * 				the {@code SecretKey} passed to the
-	 * 				{@link Encryptor#encrypt(javax.crypto.SecretKey, PlainText)}
-	 *				and
-	 *				{@link Encryptor#decrypt(javax.crypto.SecretKey, CipherText)}
-	 *				methods or the "master" key when those corresponding
-	 *				encrypt / decrypt methods are used. This authenticity key
-	 *				should be the same length and for the same cipher algorithm
-	 *				as this {@code SecretKey}. The method
-	 *				{@link org.owasp.esapi.crypto.CryptoHelper#computeDerivedKey(SecretKey, int, String)}
-	 *				is a secure way to produce this derived key.
-	 * @return True if the ciphertext has not be tampered with, and false otherwise.
-	 */
-	public boolean validateMAC(SecretKey authKey) {
-	    boolean requiresMAC = ESAPI.securityConfiguration().useMACforCipherText();
+    /**
+     * Compute and store the Message Authentication Code (MAC) if the ESAPI property
+     * {@code Encryptor.CipherText.useMAC} is set to {@code true}. If it
+     * is, the MAC is conceptually calculated as:
+     * <pre>
+     *      authKey = DerivedKey(secret_key, "authenticate")
+     *      HMAC-SHA1(authKey, IV + secret_key)
+     * </pre>
+     * where derived key is an HMacSHA1, possibly repeated multiple times.
+     * (See {@link org.owasp.esapi.crypto.CryptoHelper#computeDerivedKey(SecretKey, int, String)}
+     * for details.)
+     * </p><p>
+     * <b>Perceived Benefits</b>: There are certain cases where if an attacker
+     * is able to change the IV. When one uses a authenticity key that is
+     * derived from the "master" key, it also makes it possible to know when
+     * the incorrect key was attempted to be used to decrypt the ciphertext.
+     * </p><p>
+     * <b>NOTE:</b> The purpose of this MAC (which is always computed by the
+     * ESAPI reference model implementing {@code Encryptor}) is to ensure the
+     * authenticity of the IV and ciphertext. Among other things, this prevents
+     * an adversary from substituting the IV with one of their own choosing.
+     * Because we don't know whether or not the recipient of this {@code CipherText}
+     * object will want to validate the authenticity or not, the reference
+     * implementation of {@code Encryptor} always computes it and includes it.
+     * The recipient of the ciphertext can then choose whether or not to validate
+     * it.
+     * 
+     * @param authKey The secret key that is used for proving authenticity of
+     *              the IV and ciphertext. This key should be derived from
+     *              the {@code SecretKey} passed to the
+     *              {@link Encryptor#encrypt(javax.crypto.SecretKey, PlainText)}
+     *              and
+     *              {@link Encryptor#decrypt(javax.crypto.SecretKey, CipherText)}
+     *              methods or the "master" key when those corresponding
+     *              encrypt / decrypt methods are used. This authenticity key
+     *              should be the same length and for the same cipher algorithm
+     *              as this {@code SecretKey}. The method
+     *              {@link org.owasp.esapi.crypto.CryptoHelper#computeDerivedKey(SecretKey, int, String)}
+     *              is a secure way to produce this derived key.
+     */     // DISCUSS - Cryptographers David Wagner, Ian Grigg, and others suggest
+            // computing authenticity using derived key and HmacSHA1 of IV + ciphertext.
+            // However they also argue that what should be returned and treated as
+            // (i.e., stored as) ciphertext would be something like this:
+            //      len_of_raw_ciphertext + IV + raw_ciphertext + MAC
+            // However, Schneier's & Ferguson's Horton Principle would argue
+            // that whatever data that one sends needs to be authenticated, so
+            // that would minimally mean that len_of_raw_ciphertext would need
+            // to be included in the MAC calculation. Failure to heed the Horton
+            // Principle has already resulted in CVE-2013-5960.
+            //
+            // TODO: Need to do something like this for custom serialization and then
+            // document order / format so it can be used by other ESAPI implementations.
+    public void computeAndStoreMAC(SecretKey authKey) {
+        if ( macComputed() ) {
+            String exm = "Programming error: Can't store message authentication code " +
+                         "while encrypting; computeAndStoreMAC() called multiple times.";
+            throw new EnterpriseSecurityRuntimeException(exm, exm);
+        }
+        if ( ! collectedAll() ) {
+            String exm = "Have not collected all required information to compute and store MAC.";
+            throw new EnterpriseSecurityRuntimeException(exm, exm);
+        }
+        byte[] result = computeMAC(authKey);
+        if ( result != null ) {
+            storeSeparateMAC(result);
+        }
+        // If 'result' is null, we already logged this in computeMAC().
+    }
+    
+    /**
+     * Same as {@link #computeAndStoreMAC(SecretKey)} but this is only used by
+     * {@code CipherTextSerializeer}. (Has package level access.)
+     */ // CHECKME: For this to be "safe", it requires ESAPI jar to be sealed.
+    void storeSeparateMAC(byte[] macValue) {
+        if ( !macComputed() ) {
+            separate_mac_ = new byte[ macValue.length ];
+            CryptoHelper.copyByteArray(macValue, separate_mac_);
+            // This assertion should be okay as it's just a sanity check.
+            assert macComputed() : "MAC failed to compute correctly!";
+        }
+    }
+    
+    /**
+     * Validate the message authentication code (MAC) associated with the ciphertext.
+     * This is mostly meant to ensure that an attacker has not replaced the IV
+     * or raw ciphertext with something arbitrary. Note however that it will
+     * <i>not</i> detect the case where an attacker simply substitutes one
+     * valid ciphertext with another ciphertext.
+     * 
+     * @param authKey The secret key that is used for proving authenticity of
+     *              the IV and ciphertext. This key should be derived from
+     *              the {@code SecretKey} passed to the
+     *              {@link Encryptor#encrypt(javax.crypto.SecretKey, PlainText)}
+     *              and
+     *              {@link Encryptor#decrypt(javax.crypto.SecretKey, CipherText)}
+     *              methods or the "master" key when those corresponding
+     *              encrypt / decrypt methods are used. This authenticity key
+     *              should be the same length and for the same cipher algorithm
+     *              as this {@code SecretKey}. The method
+     *              {@link org.owasp.esapi.crypto.CryptoHelper#computeDerivedKey(SecretKey, int, String)}
+     *              is a secure way to produce this derived key.
+     * @return True if the ciphertext has not be tampered with, and false otherwise.
+     */
+    public boolean validateMAC(SecretKey authKey) {
+        boolean requiresMAC = ESAPI.securityConfiguration().useMACforCipherText();
 
-	    if (  requiresMAC && macComputed() ) {  // Uses MAC and it was computed
-	        // Calculate MAC from HMAC-SHA1(nonce, IV + plaintext) and
-	        // compare to stored value (separate_mac_). If same, then return true,
-	        // else return false.
-	        byte[] mac = computeMAC(authKey);
-	        if ( mac.length != separate_mac_.length ) {
+        if (  requiresMAC && macComputed() ) {  // Uses MAC and it was computed
+            // Calculate MAC from HMAC-SHA1(nonce, IV + plaintext) and
+            // compare to stored value (separate_mac_). If same, then return true,
+            // else return false.
+            byte[] mac = computeMAC(authKey);
+            if ( mac.length != separate_mac_.length ) {
                     // Note: We want some type of unchecked exception
                     //       here so this will not require code changes.
                     //       Unfortunately, EncryptionException, which might
@@ -470,54 +485,54 @@ public boolean validateMAC(SecretKey authKey) {
                                 "computed MAC len: " + mac.length +
                                 ", received MAC len: " + separate_mac_.length);
             }
-	        return java.security.MessageDigest.isEqual(mac, separate_mac_); // Safe compare in JDK 7 and later
-	    } else if ( ! requiresMAC ) {           // Doesn't require a MAC
-	        return true;
-	    } else {
-	    		// This *used* to be the case (for versions 2.0 and 2.0.1) where we tried to
-	    		// accomodate the deprecated decrypt() method from ESAPI 1.4. Unfortunately,
-	    		// that was an EPIC FAIL. (See Google Issue # 306 for details.)
-	        logger.warning(Logger.SECURITY_FAILURE, "MAC may have been tampered with (e.g., length set to 0).");
-	        return false;    // Deprecated decrypt() method removed, so now return false.
-	    }
-	}
-	
-	/**
-	 * Return this {@code CipherText} object as a portable (i.e., network byte
-	 * ordered) serialized byte array. Note this is <b>not</b> the same as
-	 * returning a serialized object using Java serialization. Instead this
-	 * is a representation that all ESAPI implementations will use to pass
-	 * ciphertext between different programming language implementations.
-	 * 
-	 * @return A network byte-ordered serialized representation of this object.
-	 * @throws EncryptionException
-	 */    // DISCUSS: This method name sucks too. Suggestions???
-	public byte[] asPortableSerializedByteArray() throws EncryptionException {
+            return java.security.MessageDigest.isEqual(mac, separate_mac_); // Safe compare in JDK 7 and later
+        } else if ( ! requiresMAC ) {           // Doesn't require a MAC
+            return true;
+        } else {
+                // This *used* to be the case (for versions 2.0 and 2.0.1) where we tried to
+                // accomodate the deprecated decrypt() method from ESAPI 1.4. Unfortunately,
+                // that was an EPIC FAIL. (See Google Issue # 306 for details.)
+            logger.warning(Logger.SECURITY_FAILURE, "MAC may have been tampered with (e.g., length set to 0).");
+            return false;    // Deprecated decrypt() method removed, so now return false.
+        }
+    }
+    
+    /**
+     * Return this {@code CipherText} object as a portable (i.e., network byte
+     * ordered) serialized byte array. Note this is <b>not</b> the same as
+     * returning a serialized object using Java serialization. Instead this
+     * is a representation that all ESAPI implementations will use to pass
+     * ciphertext between different programming language implementations.
+     * 
+     * @return A network byte-ordered serialized representation of this object.
+     * @throws EncryptionException
+     */    // DISCUSS: This method name sucks too. Suggestions???
+    public byte[] asPortableSerializedByteArray() throws EncryptionException {
         // Check if this CipherText object is "complete", i.e., all
         // mandatory has been collected.
-	    if ( ! collectedAll() ) {
-	        String msg = "Can't serialize this CipherText object yet as not " +
-	                     "all mandatory information has been collected";
-	        throw new EncryptionException("Can't serialize incomplete ciphertext info", msg);
-	    }
-	    
-	    // If we are supposed to be using a (separate) MAC, also make sure
-	    // that it has been computed/stored.
-	    boolean requiresMAC = ESAPI.securityConfiguration().useMACforCipherText();
-	    if (  requiresMAC && ! macComputed() ) {
-	        String msg = "Programming error: MAC is required for this cipher mode (" +
-	                     getCipherMode() + "), but MAC has not yet been " +
-	                     "computed and stored. Call the method " +
-	                     "computeAndStoreMAC(SecretKey) first before " +
-	                     "attempting serialization.";
-	        throw new EncryptionException("Can't serialize ciphertext info: Data integrity issue.",
-	                                      msg);
-	    }
-	    
-	    // OK, everything ready, so give it a shot.
-	    return new CipherTextSerializer(this).asSerializedByteArray();
-	}
-	
+        if ( ! collectedAll() ) {
+            String msg = "Can't serialize this CipherText object yet as not " +
+                         "all mandatory information has been collected";
+            throw new EncryptionException("Can't serialize incomplete ciphertext info", msg);
+        }
+        
+        // If we are supposed to be using a (separate) MAC, also make sure
+        // that it has been computed/stored.
+        boolean requiresMAC = ESAPI.securityConfiguration().useMACforCipherText();
+        if (  requiresMAC && ! macComputed() ) {
+            String msg = "Programming error: MAC is required for this cipher mode (" +
+                         getCipherMode() + "), but MAC has not yet been " +
+                         "computed and stored. Call the method " +
+                         "computeAndStoreMAC(SecretKey) first before " +
+                         "attempting serialization.";
+            throw new EncryptionException("Can't serialize ciphertext info: Data integrity issue.",
+                                          msg);
+        }
+        
+        // OK, everything ready, so give it a shot.
+        return new CipherTextSerializer(this).asSerializedByteArray();
+    }
+    
     ///// Setters /////
     /**
      * Set the raw ciphertext.
@@ -574,10 +589,10 @@ public void setIVandCiphertext(byte[] iv, byte[] ciphertext)
                 }
             } else if ( iv.length != getBlockSize() ) {
 // TODO: FIXME: As per email from Jeff Walton to Kevin Wall dated 12/03/2013,
-//			  this is not always true. E.g., for CCM, the IV length is supposed
-//			  to be 7, 8,  7, 8, 9, 10, 11, 12, or 13 octets because of
-//			  it's formatting function, the restof the octets used by the
-//			  nonce/counter.
+//            this is not always true. E.g., for CCM, the IV length is supposed
+//            to be 7, 8,  7, 8, 9, 10, 11, 12, or 13 octets because of
+//            it's formatting function, the restof the octets used by the
+//            nonce/counter.
                     throw new EncryptionException("Encryption failed -- bad parameters passed to encrypt",  // DISCUSS - also log? See below.
                                                   "IV length does not match cipher block size of " + getBlockSize());
             }
@@ -592,27 +607,27 @@ public void setIVandCiphertext(byte[] iv, byte[] ciphertext)
     }
     
     public int getKDFVersion() {
-    	return kdfVersion_;
+        return kdfVersion_;
     }
 
     public void setKDFVersion(int vers) {
-    	CryptoHelper.isValidKDFVersion(vers, false, true);
-    	kdfVersion_ = vers;
+        CryptoHelper.isValidKDFVersion(vers, false, true);
+        kdfVersion_ = vers;
     }
     
     public KeyDerivationFunction.PRF_ALGORITHMS getKDF_PRF() {
-    	return KeyDerivationFunction.convertIntToPRF(kdfPrfSelection_);
+        return KeyDerivationFunction.convertIntToPRF(kdfPrfSelection_);
     }
 
     int kdfPRFAsInt() {
-    	return kdfPrfSelection_;
+        return kdfPrfSelection_;
     }
     
     public void setKDF_PRF(int prfSelection) {
         if ( prfSelection < 0 || prfSelection > 15 ) {
             throw new IllegalArgumentException("kdfPrf == " + prfSelection + " must be between 0 and 15, inclusive.");
         }
-    	kdfPrfSelection_ = prfSelection;
+        kdfPrfSelection_ = prfSelection;
     }
     
     /** Get stored time stamp representing when data was encrypted. */
@@ -785,16 +800,23 @@ private byte[] computeMAC(SecretKey authKey) {
         // changing the to conditional statements that throw should be all right
         // because this is private method and presumably we should have already
         // checked things in the public or protected methods where appropriate.
-        assert raw_ciphertext_ != null && raw_ciphertext_.length != 0 : "Raw ciphertext may not be null or empty.";
-        assert authKey != null && authKey.getEncoded().length != 0 : "Authenticity secret key may not be null or zero length.";
+        if ( raw_ciphertext_ == null || raw_ciphertext_.length == 0 ) {
+            String exm = "Raw ciphertext may not be null or empty.";
+            throw new EnterpriseSecurityRuntimeException(exm, exm);
+        }
+        if ( authKey == null || authKey.getEncoded().length == 0 ) {
+            String exm = "Authenticity secret key may not be null or zero length.";
+            throw new EnterpriseSecurityRuntimeException(exm, exm);
+        }
+
         try {
-        	// IMPORTANT NOTE: The NSA review was (apparently) OK with using HmacSHA1
-        	// to calculate the MAC that ensures authenticity of the IV+ciphertext.
-        	// (Not true of calculation of the use HmacSHA1 for the KDF though.) Therefore,
-        	// we did not make this configurable. Note also that choosing an improved
-        	// MAC algorithm here would cause the overall length of the serialized ciphertext
-        	// to be just that much longer, which is probably unacceptable when encrypting
-        	// short strings.
+            // IMPORTANT NOTE: The NSA review was (apparently) OK with using HmacSHA1
+            // to calculate the MAC that ensures authenticity of the IV+ciphertext.
+            // (Not true of calculation of the use HmacSHA1 for the KDF though.) Therefore,
+            // we did not make this configurable. Note also that choosing an improved
+            // MAC algorithm here would cause the overall length of the serialized ciphertext
+            // to be just that much longer, which is probably unacceptable when encrypting
+            // short strings.
             SecretKey sk = new SecretKeySpec(authKey.getEncoded(), "HmacSHA1");
             Mac mac = Mac.getInstance("HmacSHA1");
             mac.init(sk);
@@ -865,37 +887,35 @@ private void received(EnumSet<CipherTextFlags> ctSet) {
     /**
      * Based on the KDF version and the selected MAC algorithm for the KDF PRF,
      * calculate the 32-bit quantity representing these.
-     * @return	A 4-byte (octet) quantity representing the KDF version and the
-     * 			MAC algorithm used for the KDF's Pseudo-Random Function.
+     * @return  A 4-byte (octet) quantity representing the KDF version and the
+     *          MAC algorithm used for the KDF's Pseudo-Random Function.
      * @see <a href="http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/esapi4java-core-2.0-ciphertext-serialization.pdf">Format of portable serialization of org.owasp.esapi.crypto.CipherText object (pg 2)</a>
      */
-	public int getKDFInfo() {
-		final int unusedBit28 = 0x8000000;  // 1000000000000000000000000000
+    public int getKDFInfo() {
+        final int unusedBit28 = 0x8000000;  // 1000000000000000000000000000
 
-		// 		kdf version is bits 1-27, bit 28 (reserved) should be 0, and
-		//		bits 29-32 are the MAC algorithm indicating which PRF to use for the KDF.
-		int kdfVers = this.getKDFVersion();
-		// assert CryptoHelper.isValidKDFVersion(kdfVers, true, false);
+        //      kdf version is bits 1-27, bit 28 (reserved) should be 0, and
+        //      bits 29-32 are the MAC algorithm indicating which PRF to use for the KDF.
+        int kdfVers = this.getKDFVersion();
         if ( ! CryptoHelper.isValidKDFVersion(kdfVers, true, false) ) {
             String exm = "Invalid KDF version encountered. Value as" + kdfVers;
             throw new EnterpriseSecurityRuntimeException(exm,
                         "Possible tampering of KDF version #? " + exm);
         }
-		int kdfInfo = kdfVers;
-		int macAlg = kdfPRFAsInt();
-		// assert macAlg >= 0 && macAlg <= 15 : "MAC algorithm indicator must be between 0 to 15 inclusion; value is: " + macAlg;
-		if ( macAlg < 0 || macAlg > 15 ) {
+        int kdfInfo = kdfVers;
+        int macAlg = kdfPRFAsInt();
+        if ( macAlg < 0 || macAlg > 15 ) {
             String exm = "Invalid specifier for MAC algorithm: " + macAlg;
             throw new EnterpriseSecurityRuntimeException(exm,
                         "Possible tampering of macAlg specifier? " + exm +
                         "; value should be 0 <= macAlg <= 15.");
         }
-	    // Make sure bit28 is cleared. (Reserved for future use.)
-	    kdfInfo &= ~unusedBit28;
+        // Make sure bit28 is cleared. (Reserved for future use.)
+        kdfInfo &= ~unusedBit28;
 
-	    // Set MAC algorithm bits in high (MSB) nibble.
-	    kdfInfo |= (macAlg << 28);
+        // Set MAC algorithm bits in high (MSB) nibble.
+        kdfInfo |= (macAlg << 28);
 
-		return kdfInfo;
-	}
+        return kdfInfo;
+    }
 }

From d4d93c514ed6245801a04629163add609177d214 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sat, 20 Apr 2019 18:37:57 -0400
Subject: [PATCH 556/812] Update or add javadoc for new 2.2 classes.

---
 .../AbstractPrioritizedPropertyLoader.java    | 20 +++++++++++++++++++
 .../configuration/EsapiPropertyLoader.java    |  2 ++
 .../EsapiPropertyLoaderFactory.java           |  2 ++
 .../configuration/EsapiPropertyManager.java   |  4 ++++
 .../StandardEsapiPropertyLoader.java          |  2 ++
 .../configuration/XmlEsapiPropertyLoader.java |  2 ++
 .../consts/EsapiConfiguration.java            |  2 ++
 .../consts/EsapiConfigurationType.java        |  2 ++
 8 files changed, 36 insertions(+)

diff --git a/src/main/java/org/owasp/esapi/configuration/AbstractPrioritizedPropertyLoader.java b/src/main/java/org/owasp/esapi/configuration/AbstractPrioritizedPropertyLoader.java
index 61c5c7d26..6a532610c 100644
--- a/src/main/java/org/owasp/esapi/configuration/AbstractPrioritizedPropertyLoader.java
+++ b/src/main/java/org/owasp/esapi/configuration/AbstractPrioritizedPropertyLoader.java
@@ -4,6 +4,26 @@
 import java.io.File;
 import java.util.Properties;
 
+/**
+ * Abstrace class that supports two "levels" of priorities for ESAPI properties.
+ * The higher level is the property file supported by an "operations" team and
+ * the lower level is the property file intended to be supported by the
+ * "development" team. ESAPI properties defined in the lower level properties
+ * file cannot supersede properties defined in the higher level properties file.
+ *
+ * The intent os to place ESAPI properties related to enterprise-wide security
+ * policy (e.g., the minimum sized encryption key,
+ * <b>Encryptor.MinEncryptionKeyLength</b> in the higher level so the
+ * development team cannot dumb down the policy, either accidentally or
+ * intentionally. (This of course requires that the developers don't provide the
+ * operations team the properties file for them to use. :) This is also good for
+ * allowing the productions operations team to select property values for
+ * properties such as <b>Encryptor.MasterKey</b> and <b>Encryptor.MasterSalt</b>
+ * so that they are only on a "need-to-know" basis and don't accidentally get
+ * committed to the development team's SCM repository.
+ *
+ * @since 2.2
+ *
 public abstract class AbstractPrioritizedPropertyLoader implements EsapiPropertyLoader,
         Comparable<AbstractPrioritizedPropertyLoader> {
 
diff --git a/src/main/java/org/owasp/esapi/configuration/EsapiPropertyLoader.java b/src/main/java/org/owasp/esapi/configuration/EsapiPropertyLoader.java
index aafa89012..7709483bf 100644
--- a/src/main/java/org/owasp/esapi/configuration/EsapiPropertyLoader.java
+++ b/src/main/java/org/owasp/esapi/configuration/EsapiPropertyLoader.java
@@ -4,6 +4,8 @@
 
 /**
  * Generic interface for loading security configuration properties.
+ *
+ * @since 2.2
  */
 public interface EsapiPropertyLoader {
 
diff --git a/src/main/java/org/owasp/esapi/configuration/EsapiPropertyLoaderFactory.java b/src/main/java/org/owasp/esapi/configuration/EsapiPropertyLoaderFactory.java
index 19bc581bd..32acbf5cc 100644
--- a/src/main/java/org/owasp/esapi/configuration/EsapiPropertyLoaderFactory.java
+++ b/src/main/java/org/owasp/esapi/configuration/EsapiPropertyLoaderFactory.java
@@ -11,6 +11,8 @@
 /**
  * Factory class that takes care of initialization of proper instance of EsapiPropertyLoader
  * based on EsapiPropertiesStore
+ *
+ * @since 2.2
  */
 public class EsapiPropertyLoaderFactory {
 
diff --git a/src/main/java/org/owasp/esapi/configuration/EsapiPropertyManager.java b/src/main/java/org/owasp/esapi/configuration/EsapiPropertyManager.java
index d4020aeed..9609ec0be 100644
--- a/src/main/java/org/owasp/esapi/configuration/EsapiPropertyManager.java
+++ b/src/main/java/org/owasp/esapi/configuration/EsapiPropertyManager.java
@@ -10,8 +10,12 @@
 /**
  * Manager used for loading security configuration properties. Does all the logic to obtain the correct property from
  * correct source. Uses following system properties to find configuration files:
+ * <pre>
  * - org.owasp.esapi.devteam - lower priority dev file path
  * - org.owasp.esapi.opsteam - higher priority ops file path
+ * </pre>
+ *
+ * @since 2.2
  */
 public class EsapiPropertyManager implements EsapiPropertyLoader {
 
diff --git a/src/main/java/org/owasp/esapi/configuration/StandardEsapiPropertyLoader.java b/src/main/java/org/owasp/esapi/configuration/StandardEsapiPropertyLoader.java
index 850b16905..4be9ba759 100644
--- a/src/main/java/org/owasp/esapi/configuration/StandardEsapiPropertyLoader.java
+++ b/src/main/java/org/owasp/esapi/configuration/StandardEsapiPropertyLoader.java
@@ -7,6 +7,8 @@
 
 /**
  * Loader capable of loading single security configuration property from standard java properties configuration file.
+ *
+ * @since 2.2
  */
 public class StandardEsapiPropertyLoader extends AbstractPrioritizedPropertyLoader {
 
diff --git a/src/main/java/org/owasp/esapi/configuration/XmlEsapiPropertyLoader.java b/src/main/java/org/owasp/esapi/configuration/XmlEsapiPropertyLoader.java
index c48be38fc..beddf93ba 100644
--- a/src/main/java/org/owasp/esapi/configuration/XmlEsapiPropertyLoader.java
+++ b/src/main/java/org/owasp/esapi/configuration/XmlEsapiPropertyLoader.java
@@ -21,6 +21,8 @@
 
 /**
  * Loader capable of loading single security configuration property from xml configuration file.
+ *
+ * @since 2.2
  */
 public class XmlEsapiPropertyLoader extends AbstractPrioritizedPropertyLoader {
 
diff --git a/src/main/java/org/owasp/esapi/configuration/consts/EsapiConfiguration.java b/src/main/java/org/owasp/esapi/configuration/consts/EsapiConfiguration.java
index 025700e76..7428123e1 100644
--- a/src/main/java/org/owasp/esapi/configuration/consts/EsapiConfiguration.java
+++ b/src/main/java/org/owasp/esapi/configuration/consts/EsapiConfiguration.java
@@ -2,6 +2,8 @@
 
 /**
  * Enum used for initialization of esapi configuration files. 
+ *
+ * @since 2.2
  */
 public enum EsapiConfiguration {
 
diff --git a/src/main/java/org/owasp/esapi/configuration/consts/EsapiConfigurationType.java b/src/main/java/org/owasp/esapi/configuration/consts/EsapiConfigurationType.java
index df3899c8a..b0112e1cf 100644
--- a/src/main/java/org/owasp/esapi/configuration/consts/EsapiConfigurationType.java
+++ b/src/main/java/org/owasp/esapi/configuration/consts/EsapiConfigurationType.java
@@ -3,6 +3,8 @@
 
 /**
  * Supported esapi configuration file types.
+ *
+ * @since 2.2
  */
 public enum EsapiConfigurationType {
     PROPERTIES("properties"), XML("xml");

From 06cfbe7b8a84cc2924b8729213e80004f6830135 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sat, 20 Apr 2019 18:39:21 -0400
Subject: [PATCH 557/812] Replace assertions with explicit runtime checks.

Numerous 'assert' statements were replaced with explicit runtime
checks where warranted. Also, mass replace tabs with 4 spaces.
---
 .../esapi/crypto/CipherTextSerializer.java    | 170 +++++++++---------
 1 file changed, 86 insertions(+), 84 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/crypto/CipherTextSerializer.java b/src/main/java/org/owasp/esapi/crypto/CipherTextSerializer.java
index 413be36d2..547068c11 100644
--- a/src/main/java/org/owasp/esapi/crypto/CipherTextSerializer.java
+++ b/src/main/java/org/owasp/esapi/crypto/CipherTextSerializer.java
@@ -29,18 +29,18 @@
  * serialization technique so they could exchange encrypted data.)
  * 
  * @author kevin.w.wall@gmail.com
+ * @since 2.0
  *
  */
 public class CipherTextSerializer {
     // This should be *same* version as in CipherText & KeyDerivationFunction as
-	// these versions all need to work together.  Therefore, when one changes one
-	// one these versions, the other should be reviewed and changed as well to
-	// accommodate any differences.
-	//		Previous versions:	20110203 - Original version (ESAPI releases 2.0 & 2.0.1)
-	//						    20130830 - Fix to issue #306 (release 2.1.0)
-	// We check that in an static initialization block (when assertions are enabled)
-	// below.
-	public  static final  int cipherTextSerializerVersion = 20130830; // Current version. Format: YYYYMMDD, max is 99991231.
+    // these versions all need to work together.  Therefore, when one changes one
+    // one these versions, the other should be reviewed and changed as well to
+    // accommodate any differences.
+    //        Previous versions:    20110203 - Original version (ESAPI releases 2.0 & 2.0.1)
+    //                            20130830 - Fix to issue #306 (release 2.1.0)
+    // We check that in an static initialization block below.
+    public  static final  int cipherTextSerializerVersion = 20130830; // Current version. Format: YYYYMMDD, max is 99991231.
     private static final long serialVersionUID = cipherTextSerializerVersion;
 
     private static final Logger logger = ESAPI.getLogger("CipherTextSerializer");
@@ -50,18 +50,20 @@ public class CipherTextSerializer {
     // Check if versions of KeyDerivationFunction, CipherText, and
     // CipherTextSerializer are all the same.
     {
-    	// Ignore error about comparing identical versions and dead code.
-    	// We expect them to be, but the point is to catch us if they aren't.
-    	assert CipherTextSerializer.cipherTextSerializerVersion == CipherText.cipherTextVersion :
-            "Versions of CipherTextSerializer and CipherText are not compatible.";
-    	assert CipherTextSerializer.cipherTextSerializerVersion == KeyDerivationFunction.kdfVersion :
-    		"Versions of CipherTextSerializer and KeyDerivationFunction are not compatible.";
+        // Ignore error about comparing identical versions and dead code.
+        // We expect them to be, but the point is to catch us if they aren't.
+        if ( CipherTextSerializer.cipherTextSerializerVersion != CipherText.cipherTextVersion ) {
+            throw new ExceptionInInitializerError("Versions of CipherTextSerializer and CipherText are not compatible.");
+        }
+        if ( CipherTextSerializer.cipherTextSerializerVersion != KeyDerivationFunction.kdfVersion ) {
+            throw new ExceptionInInitializerError("Versions of CipherTextSerializer and KeyDerivationFunction are not compatible.");
+        }
     }
     
     public CipherTextSerializer(CipherText cipherTextObj) {
-    	if ( cipherTextObj == null ) {
-    		throw new IllegalArgumentException("CipherText object must not be null.");
-    	}
+        if ( cipherTextObj == null ) {
+            throw new IllegalArgumentException("CipherText object must not be null.");
+        }
         cipherText_ = cipherTextObj;
     }
     
@@ -90,16 +92,16 @@ public byte[] asSerializedByteArray() {
         long timestamp = cipherText_.getEncryptionTimestamp();
         String cipherXform = cipherText_.getCipherTransformation();
         if ( cipherText_.getKeySize() >= Short.MAX_VALUE ) {
-        	throw new IllegalArgumentException("Key size is too large. Max is " + Short.MAX_VALUE);
+            throw new IllegalArgumentException("Key size is too large. Max is " + Short.MAX_VALUE);
         }
         short keySize = (short) cipherText_.getKeySize();
         if ( cipherText_.getBlockSize() >= Short.MAX_VALUE ) {
-        	throw new IllegalArgumentException("Block size is too large. Max is " + Short.MAX_VALUE);
+            throw new IllegalArgumentException("Block size is too large. Max is " + Short.MAX_VALUE);
         }
         short blockSize = (short) cipherText_.getBlockSize();
         byte[] iv = cipherText_.getIV();
         if ( iv.length >= Short.MAX_VALUE ) {
-        	throw new IllegalArgumentException("IV size too large. Max is " + Short.MAX_VALUE + " bytes");
+            throw new IllegalArgumentException("IV size too large. Max is " + Short.MAX_VALUE + " bytes");
         }
         short ivLen = (short) iv.length;
         byte[] rawCiphertext = cipherText_.getRawCipherText();
@@ -107,11 +109,11 @@ public byte[] asSerializedByteArray() {
         // Coverity issue 1352406, GitHub issue # 364 - possible NPE later if assertion disabled.
         // Replaced assertion with explicit check.
         if ( ciphertextLen < 1 ) {
-        	throw new IllegalArgumentException("Raw ciphertext length must be >= 1 byte.");
+            throw new IllegalArgumentException("Raw ciphertext length must be >= 1 byte.");
         }
         byte[] mac = cipherText_.getSeparateMAC();
         if ( mac.length >= Short.MAX_VALUE ) {
-        	throw new IllegalArgumentException("MAC length too large. Max is " + Short.MAX_VALUE + " bytes");
+            throw new IllegalArgumentException("MAC length too large. Max is " + Short.MAX_VALUE + " bytes");
         }
         short macLen = (short) mac.length;
         
@@ -136,36 +138,36 @@ public byte[] asSerializedByteArray() {
      * @return The {@code CipherText} object that we are serializing.
      */
     public CipherText asCipherText() {
-    	if ( cipherText_ == null ) {
-    		throw new IllegalArgumentException("Program error? CipherText object, cipherText_, must not be null.");
-    	}
+        if ( cipherText_ == null ) {
+            throw new IllegalArgumentException("Program error? CipherText object, cipherText_, must not be null.");
+        }
         return cipherText_;
     }
       
     /**
      * Take all the individual elements that make of the serialized ciphertext
      * format and put them in order and return them as a byte array.
-     * @param kdfInfo	Info about the KDF... which PRF and the KDF version {@link #asCipherText()}.
-     * @param timestamp	Timestamp when the data was encrypted. Intended to help
-     * 					facilitate key change operations and nothing more. If it is meaningless,
-     * 					then the expectations are just that the recipient should ignore it. Mostly
-     * 					intended when encrypted data is kept long term over a period of many
-     * 					key change operations.
-     * @param cipherXform	Details of how the ciphertext was encrypted. The format used
-     * 						is the same as used by {@code javax.crypto.Cipher}, namely,
-     * 						"cipherAlg/cipherMode/paddingScheme".
-     * @param keySize	The key size used for encrypting. Intended for cipher algorithms
-     * 					supporting multiple key sizes such as triple DES (DESede) or
-     * 					Blowfish.
-     * @param blockSize	The cipher block size. Intended to support cipher algorithms
-     * 					that support variable block sizes, such as Rijndael.
-     * @param ivLen		The length of the IV.
-     * @param iv		The actual IV (initialization vector) bytes.
-     * @param ciphertextLen	The length of the raw ciphertext.
-     * @param rawCiphertext	The actual raw ciphertext itself
-     * @param macLen	The length of the MAC (message authentication code).
-     * @param mac		The MAC itself.
-     * @return	A byte array representing the serialized ciphertext.
+     * @param kdfInfo    Info about the KDF... which PRF and the KDF version {@link #asCipherText()}.
+     * @param timestamp    Timestamp when the data was encrypted. Intended to help
+     *                     facilitate key change operations and nothing more. If it is meaningless,
+     *                     then the expectations are just that the recipient should ignore it. Mostly
+     *                     intended when encrypted data is kept long term over a period of many
+     *                     key change operations.
+     * @param cipherXform    Details of how the ciphertext was encrypted. The format used
+     *                         is the same as used by {@code javax.crypto.Cipher}, namely,
+     *                         "cipherAlg/cipherMode/paddingScheme".
+     * @param keySize    The key size used for encrypting. Intended for cipher algorithms
+     *                     supporting multiple key sizes such as triple DES (DESede) or
+     *                     Blowfish.
+     * @param blockSize    The cipher block size. Intended to support cipher algorithms
+     *                     that support variable block sizes, such as Rijndael.
+     * @param ivLen        The length of the IV.
+     * @param iv        The actual IV (initialization vector) bytes.
+     * @param ciphertextLen    The length of the raw ciphertext.
+     * @param rawCiphertext    The actual raw ciphertext itself
+     * @param macLen    The length of the MAC (message authentication code).
+     * @param mac        The MAC itself.
+     * @return    A byte array representing the serialized ciphertext.
      */
     private byte[] computeSerialization(int kdfInfo, long timestamp,
                                         String cipherXform, short keySize,
@@ -297,10 +299,10 @@ private long readLong(ByteArrayInputStream bais)
     
     /** Convert the serialized ciphertext byte array to a {@code CipherText}
      * object.
-     * @param cipherTextSerializedBytes	The serialized ciphertext as a byte array.
+     * @param cipherTextSerializedBytes    The serialized ciphertext as a byte array.
      * @return The corresponding {@code CipherText} object.
-     * @throws EncryptionException	Thrown if the byte array data is corrupt or
-     * 				there are version mismatches, etc.
+     * @throws EncryptionException    Thrown if the byte array data is corrupt or
+     *                 there are version mismatches, etc.
      */
     private CipherText convertToCipherText(byte[] cipherTextSerializedBytes)
         throws EncryptionException
@@ -309,7 +311,7 @@ private CipherText convertToCipherText(byte[] cipherTextSerializedBytes)
             if ( cipherTextSerializedBytes == null ) {
                 throw new IllegalArgumentException("cipherTextSerializedBytes cannot be null.");
             }
-        	if ( cipherTextSerializedBytes.length == 0 ) {
+            if ( cipherTextSerializedBytes.length == 0 ) {
                 throw new IllegalArgumentException("cipherTextSerializedBytes must be > 0 in length.");
             }
             ByteArrayInputStream bais = new ByteArrayInputStream(cipherTextSerializedBytes);
@@ -325,22 +327,22 @@ private CipherText convertToCipherText(byte[] cipherTextSerializedBytes)
 
             // First do a quick sanity check on the argument. Previously this was an assertion.
             if ( ! CryptoHelper.isValidKDFVersion(kdfVers, false, false) ) {
-            	// TODO: Clean up. Use StringBuilder. Good enough for now.
-            	String logMsg = "KDF version read from serialized ciphertext (" + kdfVers + ") is out of range. " +
-            				    "Valid range for KDF version is [" + KeyDerivationFunction.originalVersion + ", " +
-            				    "99991231].";
-            	// This should never happen under actual circumstances (barring programming errors; but we've
-            	// tested the code, right?), so it is likely an attempted attack. Thus don't get the originator
-            	// of the suspect ciphertext too much info. They ought to know what they sent anyhow.
-            	throw new EncryptionException("Version info from serialized ciphertext not in valid range.",
-            				 "Likely tampering with KDF version on serialized ciphertext." + logMsg);
+                // TODO: Clean up. Use StringBuilder. Good enough for now.
+                String logMsg = "KDF version read from serialized ciphertext (" + kdfVers + ") is out of range. " +
+                                "Valid range for KDF version is [" + KeyDerivationFunction.originalVersion + ", " +
+                                "99991231].";
+                // This should never happen under actual circumstances (barring programming errors; but we've
+                // tested the code, right?), so it is likely an attempted attack. Thus don't get the originator
+                // of the suspect ciphertext too much info. They ought to know what they sent anyhow.
+                throw new EncryptionException("Version info from serialized ciphertext not in valid range.",
+                             "Likely tampering with KDF version on serialized ciphertext." + logMsg);
             }
             
             debug("convertToCipherText: kdfPrf = " + kdfPrf + ", kdfVers = " + kdfVers);
             if ( ! versionIsCompatible( kdfVers) ) {
-            	throw new EncryptionException("This version of ESAPI is not compatible with the version of ESAPI that encrypted your data.",
-            			"KDF version " + kdfVers + " from serialized ciphertext not compatibile with current KDF version of " + 
-            			KeyDerivationFunction.kdfVersion);
+                throw new EncryptionException("This version of ESAPI is not compatible with the version of ESAPI that encrypted your data.",
+                        "KDF version " + kdfVers + " from serialized ciphertext not compatibile with current KDF version of " + 
+                        KeyDerivationFunction.kdfVersion);
             }
             long timestamp = readLong(bais);
             debug("convertToCipherText: timestamp = " + new Date(timestamp));
@@ -391,7 +393,7 @@ private CipherText convertToCipherText(byte[] cipherTextSerializedBytes)
             CipherText ct = new CipherText(cipherSpec);
             if ( ! (ivLen > 0 && ct.requiresIV()) ) {
                     throw new EncryptionException("convertToCipherText: Mismatch between IV length and cipher mode.",
-                    						      "Possible tampering of serialized ciphertext?");
+                                                  "Possible tampering of serialized ciphertext?");
             }
             ct.setCiphertext(rawCiphertext);
               // Set this *AFTER* setting raw ciphertext because setCiphertext()
@@ -400,11 +402,11 @@ private CipherText convertToCipherText(byte[] cipherTextSerializedBytes)
             if ( macLen > 0 ) {
                 ct.storeSeparateMAC(mac);
             }
-            	// Fixed in ESAPI crypto version 20130839. Previously is didn't really matter
-            	// because there was only one version (20110203) and it defaulted to that
-            	// version, which was the current version. But we don't want that as now there
-            	// are two versions and we could be decrypting data encrypted using the previous
-            	// version.
+                // Fixed in ESAPI crypto version 20130839. Previously is didn't really matter
+                // because there was only one version (20110203) and it defaulted to that
+                // version, which was the current version. But we don't want that as now there
+                // are two versions and we could be decrypting data encrypted using the previous
+                // version.
             ct.setKDF_PRF(kdfPrf);
             ct.setKDFVersion(kdfVers);
             return ct;
@@ -428,28 +430,28 @@ private CipherText convertToCipherText(byte[] cipherTextSerializedBytes)
      *  both versions work the same. This checking may get more complicated in
      *  the future.
      *  
-     *  @param readKdfVers	The version information extracted from the serialized
-     *  					ciphertext.
+     *  @param readKdfVers    The version information extracted from the serialized
+     *                      ciphertext.
      */
     private static boolean versionIsCompatible(int readKdfVers) {
         if ( readKdfVers <= 0 ) {
             throw new IllegalArgumentException("Extracted KDF version is <= 0. Must be integer >= 1.");
         }
-    	
-		switch ( readKdfVers ) {
-		case KeyDerivationFunction.originalVersion:		// First version
-			return true;
-		// Add new versions here; hard coding is OK...
-		// case YYYYMMDD:
-		//	return true;
-		case KeyDerivationFunction.kdfVersion:			// Current version
-			return true;
-		default:
-			return false;
-		}
-	}
+        
+        switch ( readKdfVers ) {
+        case KeyDerivationFunction.originalVersion:        // First version
+            return true;
+        // Add new versions here; hard coding is OK...
+        // case YYYYMMDD:
+        //    return true;
+        case KeyDerivationFunction.kdfVersion:            // Current version
+            return true;
+        default:
+            return false;
+        }
+    }
 
-	private void debug(String msg) {
+    private void debug(String msg) {
         if ( logger.isDebugEnabled() ) {
             logger.debug(Logger.EVENT_SUCCESS, msg);
         }

From cb648b3c582074bfeb83c5cbdba93173fe7ddcf2 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sat, 20 Apr 2019 18:50:09 -0400
Subject: [PATCH 558/812] Replace assertions with explicit runtime checks.

Numerous 'assert' statements were replaced with explicit runtime
checks where warranted. Required some changes to the JUnit tests since
different exceptions now resulted.
---
 .../java/org/owasp/esapi/StringUtilities.java |  3 +-
 .../org/owasp/esapi/crypto/CipherSpec.java    | 11 +++-
 .../org/owasp/esapi/crypto/CryptoHelper.java  | 29 +++++++---
 .../esapi/crypto/KeyDerivationFunction.java   | 50 +++++++++++-----
 .../org/owasp/esapi/crypto/PlainText.java     | 10 ++--
 .../esapi/crypto/SecurityProviderLoader.java  |  7 ++-
 .../DefaultSecurityConfiguration.java         | 22 +++----
 .../owasp/esapi/util/ByteConversionUtil.java  | 31 +++++++---
 .../owasp/esapi/crypto/CryptoTokenTest.java   | 10 ++--
 .../org/owasp/esapi/crypto/PlainTextTest.java | 19 ++----
 .../esapi/reference/crypto/EncryptorTest.java | 58 ++++++++++++++++---
 11 files changed, 173 insertions(+), 77 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/StringUtilities.java b/src/main/java/org/owasp/esapi/StringUtilities.java
index cc54ce34b..634287ad1 100644
--- a/src/main/java/org/owasp/esapi/StringUtilities.java
+++ b/src/main/java/org/owasp/esapi/StringUtilities.java
@@ -174,6 +174,7 @@ public static int getLevenshteinDistance (String s, String t) {
      * 		assert StringUtils.notNullOrEmpty(cipherXform, true) :
      * 								"Cipher transformation may not be null or empty!";
      * </pre>
+     * or an equivalent runtime check that throws an {@code IllegalArgumentException}.
      *
      * @param str	The {@code String} to be checked.
      * @param trim	If {@code true}, the string is first trimmed before checking
@@ -196,4 +197,4 @@ public static boolean notNullOrEmpty(String str, boolean trim) {
     public static boolean isEmpty(String str) {
         return str == null || str.length() == 0;
     }
-}
\ No newline at end of file
+}
diff --git a/src/main/java/org/owasp/esapi/crypto/CipherSpec.java b/src/main/java/org/owasp/esapi/crypto/CipherSpec.java
index 841b4ef15..d0c291749 100644
--- a/src/main/java/org/owasp/esapi/crypto/CipherSpec.java
+++ b/src/main/java/org/owasp/esapi/crypto/CipherSpec.java
@@ -153,6 +153,9 @@ private CipherSpec setCipherTransformation(String cipherXform, boolean fromCiphe
 			throw new IllegalArgumentException("Cipher transformation may not be null or empty string (after trimming whitespace).");
 		}
 		int parts = cipherXform.split("/").length;
+
+            // Assertion should be okay here as these conditions are checked
+            // elsewhere and this method is private.
 		assert ( !fromCipher ? (parts == 3) : true ) :
 			"Malformed cipherXform (" + cipherXform + "); must have form: \"alg/mode/paddingscheme\"";
 		if ( fromCipher && (parts != 3)  ) {
@@ -165,8 +168,8 @@ private CipherSpec setCipherTransformation(String cipherXform, boolean fromCiphe
 				// Only algorithm and mode was given.
 				cipherXform += "/NoPadding";
 			} else if ( parts == 3 ) {
-				// All three parts provided. Do nothing. Could happen if not compiled with
-				// assertions enabled.
+                        // All three parts provided. Do nothing. Could happen if not compiled with
+                        // assertions enabled, but there are explicit checks elsewhere.
 				;	// Do nothing - shown only for completeness.
 			} else {
 				// Should never happen unless Cipher implementation is totally screwed up.
@@ -177,6 +180,8 @@ private CipherSpec setCipherTransformation(String cipherXform, boolean fromCiphe
 			throw new IllegalArgumentException("Malformed cipherXform (" + cipherXform +
 											   "); must have form: \"alg/mode/paddingscheme\"");
 		}
+            // Assertion should also be okay here as these conditions are checked
+            // elsewhere and this method is private.
 		assert cipherXform.split("/").length == 3 : "Implementation error setCipherTransformation()";
 		this.cipher_xform_ = cipherXform;
 		return this;
@@ -404,6 +409,8 @@ protected boolean canEqual(Object other) {
 	private String getFromCipherXform(CipherTransformationComponent component) {
         int part = component.ordinal();
 		String[] parts = getCipherTransformation().split("/");
+            // Assertion should also be okay here as these conditions are checked
+            // elsewhere and this method is private.
 		assert parts.length == 3 : "Invalid cipher transformation: " + getCipherTransformation();	
 		return parts[part];
 	}
diff --git a/src/main/java/org/owasp/esapi/crypto/CryptoHelper.java b/src/main/java/org/owasp/esapi/crypto/CryptoHelper.java
index 030dd74d9..4ba553911 100644
--- a/src/main/java/org/owasp/esapi/crypto/CryptoHelper.java
+++ b/src/main/java/org/owasp/esapi/crypto/CryptoHelper.java
@@ -138,14 +138,23 @@ public static SecretKey computeDerivedKey(SecretKey keyDerivationKey, int keySiz
 	{
         // These really should be turned into actual runtime checks and an
         // IllegalArgumentException should be thrown if they are violated.
-		assert keyDerivationKey != null : "Key derivation key cannot be null.";
+		if ( keyDerivationKey == null ) {
+            throw new IllegalArgumentException("Key derivation key cannot be null.");
+        }
 			// We would choose a larger minimum key size, but we want to be
 			// able to accept DES for legacy encryption needs.
-		assert keySize >= 56 : "Key has size of " + keySize + ", which is less than minimum of 56-bits.";
-		assert (keySize % 8) == 0 : "Key size (" + keySize + ") must be a even multiple of 8-bits.";
-		assert purpose != null;
-		assert purpose.equals("encryption") || purpose.equals("authenticity") :
-			"Purpose must be \"encryption\" or \"authenticity\".";
+		if ( keySize < 56 ) {
+            throw new IllegalArgumentException("Key has size of " + keySize + ", which is less than minimum of 56-bits.");
+        }
+		if ( (keySize % 8) != 0 ) {
+            throw new IllegalArgumentException("Key size (" + keySize + ") must be a even multiple of 8-bits.");
+        }
+		if ( purpose == null ) {
+            throw new IllegalArgumentException("'purpose' may not be null.");
+        }
+		if ( ! ( purpose.equals("encryption") || purpose.equals("authenticity") ) ) {
+			throw new IllegalArgumentException("Purpose must be \"encryption\" or \"authenticity\".");
+        }
 
 		// DISCUSS: Should we use HmacSHA1 (what we were using) or the HMAC defined by
 		//			Encryptor.KDF.PRF instead? Either way, this is not compatible with
@@ -169,8 +178,12 @@ public static SecretKey computeDerivedKey(SecretKey keyDerivationKey, int keySiz
 	 */
 	public static boolean isCombinedCipherMode(String cipherMode)
 	{
-	    assert cipherMode != null : "Cipher mode may not be null";
-	    assert ! cipherMode.equals("") : "Cipher mode may not be empty string";
+	    if ( cipherMode == null ) {
+            throw new IllegalArgumentException("Cipher mode may not be null");
+        }
+	    if ( cipherMode.equals("") ) {
+            throw new IllegalArgumentException("Cipher mode may not be empty string");
+        }
 	    List<String> combinedCipherModes =
 	        ESAPI.securityConfiguration().getCombinedCipherModes();
 	    return combinedCipherModes.contains( cipherMode );
diff --git a/src/main/java/org/owasp/esapi/crypto/KeyDerivationFunction.java b/src/main/java/org/owasp/esapi/crypto/KeyDerivationFunction.java
index 17635ce5a..ccf8a0ba0 100644
--- a/src/main/java/org/owasp/esapi/crypto/KeyDerivationFunction.java
+++ b/src/main/java/org/owasp/esapi/crypto/KeyDerivationFunction.java
@@ -106,12 +106,14 @@ public enum PRF_ALGORITHMS {
     // Check if versions of KeyDerivationFunction, CipherText, and
     // CipherTextSerializer are all the same.
     {
-    	// Ignore error about comparing identical versions and dead code.
-    	// We expect them to be, but the point is to catch us if they aren't.
-    	assert CipherTextSerializer.cipherTextSerializerVersion == CipherText.cipherTextVersion :
-            "Versions of CipherTextSerializer and CipherText are not compatible.";
-    	assert CipherTextSerializer.cipherTextSerializerVersion == KeyDerivationFunction.kdfVersion :
-    		"Versions of CipherTextSerializer and KeyDerivationFunction are not compatible.";
+        // Ignore error about comparing identical versions and dead code.
+        // We expect them to be, but the point is to catch us if they aren't.
+        if ( CipherTextSerializer.cipherTextSerializerVersion != CipherText.cipherTextVersion ) {
+            throw new ExceptionInInitializerError("Versions of CipherTextSerializer and CipherText are not compatible.");
+        }
+        if ( CipherTextSerializer.cipherTextSerializerVersion != KeyDerivationFunction.kdfVersion ) {
+            throw new ExceptionInInitializerError("Versions of CipherTextSerializer and KeyDerivationFunction are not compatible.");
+        }
     }
     
 	/**
@@ -295,14 +297,30 @@ public SecretKey computeDerivedKey(SecretKey keyDerivationKey, int keySize, Stri
 		//					to section 5.1 of NIST SP 800-108 based on feedback from
 		//					Jeffrey Walton.
 		//
-        // These probably should be turned into actual runtime checks and an
-        // IllegalArgumentException should be thrown if they are violated.
-		assert keyDerivationKey != null : "Key derivation key cannot be null.";
-			// We would choose a larger minimum key size, but we want to be
-			// able to accept DES for legacy encryption needs.
-		assert keySize >= 56 : "Key has size of " + keySize + ", which is less than minimum of 56-bits.";
-		assert (keySize % 8) == 0 : "Key size (" + keySize + ") must be a even multiple of 8-bits.";
-		assert purpose != null && !purpose.equals("") : "Purpose may not be null or empty.";
+
+		// These checks used to be assertions prior to ESAPI 2.1.0.1
+		if ( keyDerivationKey == null ) {
+			throw new IllegalArgumentException("Key derivation key cannot be null.");
+		}
+			// We would choose a larger minimum key size, but we want to allow
+            // this KDF to be able to accept DES for legacy encryption needs. (Note that
+            // elsewhere there are checks that disallow *encryption* for key size
+            // less than Encryptor.EncryptionKeyLength bits, so if they want
+            // ESAPI to encrypt stuff for DES, they would have to set that up to
+            // be 56 bits. But I can't think of any valid symmetric encryption
+            // algorithm whose key size is less than 56 bits that we would ever
+            // want to allow.
+		if ( keySize < 56 ) {
+			throw new IllegalArgumentException("Key has size of " + keySize +
+											   ", which is less than minimum of 56-bits.");
+		}
+		if ( (keySize % 8) != 0 ) {
+			throw new IllegalArgumentException("Key size (" + keySize +
+											   ") must be a even multiple of 8-bits.");
+		}
+		if ( purpose == null || "".equals(purpose) ) {
+			throw new IllegalArgumentException("Purpose may not be null or empty.");
+		}
 
 		keySize = calcKeySize( keySize );	// Safely convert to whole # of bytes.
 		byte[] derivedKey = new byte[ keySize ];
@@ -451,7 +469,9 @@ public static PRF_ALGORITHMS convertIntToPRF(int selection) {
      *              {@code ks} bits.
      */
     private static int calcKeySize(int ks) {
-        assert ks > 0 : "Key size must be > 0 bits.";
+        if ( ks <= 0 ) {
+            throw new IllegalArgumentException("Key size must be > 0 bits.");
+        }
         int numBytes = 0;
         int n = ks/8;
         int rem = ks % 8;
diff --git a/src/main/java/org/owasp/esapi/crypto/PlainText.java b/src/main/java/org/owasp/esapi/crypto/PlainText.java
index 4491404d5..d70dd98f5 100644
--- a/src/main/java/org/owasp/esapi/crypto/PlainText.java
+++ b/src/main/java/org/owasp/esapi/crypto/PlainText.java
@@ -42,7 +42,6 @@ public final class PlainText implements Serializable {
 	 */
 	public PlainText(String str) {
 		try {
-		    assert str != null : "String for plaintext cannot be null.";
 		    if ( str == null ) {
 		    	throw new IllegalArgumentException("String for plaintext may not be null!");
 		    }
@@ -61,8 +60,11 @@ public PlainText(String str) {
 	 */
 	public PlainText(byte[] b) {
 		// Must allow 0 length arrays though, to represent empty strings.
-		assert b != null : "Byte array representing plaintext cannot be null.";
-		    // Make copy so mutable byte array b can't change PlainText.
+		if ( b == null ) {
+            throw new IllegalArgumentException("Byte array representing plaintext cannot be null.");
+        }
+
+        // Make copy so mutable byte array b can't change PlainText.
 		rawBytes = new byte[ b.length ];
 		System.arraycopy(b, 0, rawBytes, 0, b.length);
 	}
@@ -156,4 +158,4 @@ public void overwrite() {
     protected boolean canEqual(Object other) {
         return (other instanceof PlainText);
     }
-}
\ No newline at end of file
+}
diff --git a/src/main/java/org/owasp/esapi/crypto/SecurityProviderLoader.java b/src/main/java/org/owasp/esapi/crypto/SecurityProviderLoader.java
index cacc9c9ef..6639f1357 100644
--- a/src/main/java/org/owasp/esapi/crypto/SecurityProviderLoader.java
+++ b/src/main/java/org/owasp/esapi/crypto/SecurityProviderLoader.java
@@ -155,7 +155,12 @@ public static int insertProviderAt(String algProvider, int pos)
         Class<?> providerClass = null;
         String clzName = null;
         Provider cryptoProvider = null;
-        assert (pos == -1 || pos >= 1) : "Position pos must be -1 or integer >= 1";
+
+        // Yes; I'm aware of DeMorgan's Law, but this is easier to grok.
+        if ( ! ( (pos == -1 || pos >= 1) ) ) {
+            throw new IllegalArgumentException("Position pos must be -1 or integer >= 1");
+        }
+
         try {
             // Does algProvider look like a class name?
             if (algProvider.indexOf('.') != -1) {
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
index 45827799c..851cbcc28 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
@@ -788,6 +788,7 @@ public String getEncryptionAlgorithm() {
 	 * {@inheritDoc}
 	 */
     public String getCipherTransformation() {
+        // Assertion should be okay here. An NPE is likely at runtime if disabled.
     	assert cipherXformCurrent != null : "Current cipher transformation is null";
     	return cipherXformCurrent;
     }
@@ -796,16 +797,17 @@ public String getCipherTransformation() {
      * {@inheritDoc}
      */
     public String setCipherTransformation(String cipherXform) {
-    	String previous = getCipherTransformation();
-    	if ( cipherXform == null ) {
-    		// Special case... means set it to original value from ESAPI.properties
-    		cipherXformCurrent = cipherXformFromESAPIProp;
-    	} else {
-    		assert ! cipherXform.trim().equals("") :
-    			"Cipher transformation cannot be just white space or empty string";
-    		cipherXformCurrent = cipherXform;	// Note: No other sanity checks!!!
-    	}
-    	return previous;
+        String previous = getCipherTransformation();
+        if ( cipherXform == null ) {
+            // Special case... means set it to original value from ESAPI.properties
+            cipherXformCurrent = cipherXformFromESAPIProp;
+        } else {
+            if ( cipherXform.trim().equals("") ) {
+                throw new ConfigurationException("Cipher transformation cannot be just white space or empty string");
+            }
+            cipherXformCurrent = cipherXform;   // Note: No other sanity checks!!!
+        }
+        return previous;
     }
 
     /**
diff --git a/src/main/java/org/owasp/esapi/util/ByteConversionUtil.java b/src/main/java/org/owasp/esapi/util/ByteConversionUtil.java
index 09d19c700..506af4f07 100644
--- a/src/main/java/org/owasp/esapi/util/ByteConversionUtil.java
+++ b/src/main/java/org/owasp/esapi/util/ByteConversionUtil.java
@@ -77,14 +77,19 @@ public static byte[] fromLong(long input) {
 
     /**
      * Converts a given byte array to an {@code short}. Bytes are expected in
-     * network byte
-     * order.
+     * network byte order.
      *
-     * @param input A network byte-ordered representation of an {@code short}.
+     * @param input A network byte-ordered representation of an {@code short},
+     *              so exactly 2 bytes are expected.
      * @return The {@code short} value represented by the input array.
      */
     public static short toShort(byte[] input) {
-        assert input.length == 2 : "toShort(): Byte array length must be 2.";
+        if ( input == null ) {
+            throw new IllegalArgumentException("input: parameter may not be null.");
+        }
+        if ( input.length != 2 ) {
+            throw new IllegalArgumentException("input: Byte array length must be 2.");
+        }
         short output = 0;
         output = (short)(((input[0] & 0xff) << 8) | (input[1] & 0xff));
         return output;
@@ -95,10 +100,16 @@ public static short toShort(byte[] input) {
      * network byte order.
      *
      * @param input A network byte-ordered representation of an {@code int}.
+     *              Must be exactly 4 bytes.
      * @return The {@code int} value represented by the input array.
      */
     public static int toInt(byte[] input) {
-        assert input.length == 4 : "toInt(): Byte array length must be 4.";
+        if ( input == null ) {
+            throw new IllegalArgumentException("input: parameter may not be null.");
+        }
+        if ( input.length != 4 ) {
+            throw new IllegalArgumentException("input: Byte array length must be 4.");
+        }
         int output = 0;
         output = ((input[0] & 0xff) << 24) | ((input[1] & 0xff) << 16) |
                  ((input[2] & 0xff) << 8) | (input[3] & 0xff);
@@ -110,10 +121,16 @@ public static int toInt(byte[] input) {
      * network byte
      *
      * @param input A network byte-ordered representation of a {@code long}.
+     *              Must be exactly 8 bytes.
      * @return The {@code long} value represented by the input array
      */
     public static long toLong(byte[] input) {
-        assert input.length == 8 : "toLong(): Byte array length must be 8.";
+        if ( input == null ) {
+            throw new IllegalArgumentException("input: parameter may not be null.");
+        }
+        if ( input.length != 8 ) {
+            throw new IllegalArgumentException("input: Byte array length must be 8.");
+        }
         long output = 0;
         output  = ((long)(input[0] & 0xff) << 56);
         output |= ((long)(input[1] & 0xff) << 48);
@@ -125,4 +142,4 @@ public static long toLong(byte[] input) {
         output |= (input[7] & 0xff);
         return output;
     }
-}
\ No newline at end of file
+}
diff --git a/src/test/java/org/owasp/esapi/crypto/CryptoTokenTest.java b/src/test/java/org/owasp/esapi/crypto/CryptoTokenTest.java
index f81986550..8f43d3b1b 100644
--- a/src/test/java/org/owasp/esapi/crypto/CryptoTokenTest.java
+++ b/src/test/java/org/owasp/esapi/crypto/CryptoTokenTest.java
@@ -183,13 +183,11 @@ public final void testSetUserAccountName() {
         try {
             ctok.setUserAccountName(null);    // Can't be null
                 // Should get one of these, depending on whether or not assertions are enabled.
-            fail("Failed to throw expected AssertionError or NullPointerException");
-        } catch (ValidationException e) {
-            fail("Wrong type of exception thrown (ValidationException): " + e);
-        } catch (NullPointerException e) {
-            ;   // Success
-        } catch (AssertionError e) {
+            fail("Failed to throw expected IllegalArgumentException");
+        } catch (IllegalArgumentException e) {
             ;   // Success
+        } catch (Exception e) {
+            fail("Wrong type of exception thrown: " + e);
         }
         try {
             ctok.setUserAccountName("1773g4l");    // Can't start w/ numeric
diff --git a/src/test/java/org/owasp/esapi/crypto/PlainTextTest.java b/src/test/java/org/owasp/esapi/crypto/PlainTextTest.java
index b7e1af076..135b6d8c5 100644
--- a/src/test/java/org/owasp/esapi/crypto/PlainTextTest.java
+++ b/src/test/java/org/owasp/esapi/crypto/PlainTextTest.java
@@ -65,20 +65,11 @@ public final void testNullCase() {
 	    try {
             byte[] bytes = null;
             PlainText pt = new PlainText(bytes);
-            assertTrue( pt != null );   // Should never get to here.
-            fail("testNullCase(): Expected NullPointerException or AssertionError");
-        } catch (NullPointerException e) {
-            // Will get this case if assertions are not enabled for PlainText.
-            // System.err.println("Caught NullPointerException; exception was: " + e);
-            // e.printStackTrace(System.err);
-            counter++;
-        } catch (AssertionError e) {
-            // Will get this case if assertions *are* enabled for PlainText.
-            // System.err.println("Caught AssertionError; exception was: " + e);
-            // e.printStackTrace(System.err);
-            counter++;
-        } finally {
-            assertTrue( counter > 0 );
+            fail("testNullCase(): Expected IllegalArgumentException");
+        } catch (IllegalArgumentException e) {
+            ;   // Success
+        } catch (Exception e) {
+            fail("testNullCase(): Caught unexpected exception: " + e);
         }
 	}
 
diff --git a/src/test/java/org/owasp/esapi/reference/crypto/EncryptorTest.java b/src/test/java/org/owasp/esapi/reference/crypto/EncryptorTest.java
index 11637f260..62eb47fdd 100644
--- a/src/test/java/org/owasp/esapi/reference/crypto/EncryptorTest.java
+++ b/src/test/java/org/owasp/esapi/reference/crypto/EncryptorTest.java
@@ -205,15 +205,12 @@ public void testDecryptNull() {
     public void testNewEncryptDecrypt() {
     	System.out.println("testNewEncryptDecrypt()");
     	try {
-
     	    // Let's try it with a 2-key version of 3DES. This should work for all
     	    // installations, whereas the 3-key Triple DES will only work for those
     	    // who have the Unlimited Strength Jurisdiction Policy files installed.
 			runNewEncryptDecryptTestCase("DESede/CBC/PKCS5Padding", 112, "1234567890".getBytes("UTF-8"));
 			runNewEncryptDecryptTestCase("DESede/CBC/NoPadding", 112, "12345678".getBytes("UTF-8"));
 			
-			runNewEncryptDecryptTestCase("DES/ECB/NoPadding", 56, "test1234".getBytes("UTF-8"));
-			
 	        runNewEncryptDecryptTestCase("AES/CBC/PKCS5Padding", 128, "Encrypt the world!".getBytes("UTF-8"));
 	        
 	        // These tests are only valid (and run) if one has the JCE Unlimited
@@ -228,6 +225,47 @@ public void testNewEncryptDecrypt() {
     	
     }
     
+    /** Special encryption case!!! Test encryption with DES, which has a key less than the
+     * min key size specified as Encryptor.EncryptionKeyLength in the file
+     * src/test/resources/esapi/ESAPI.properties.
+     */
+    public void testWithTooShortKey() {
+        boolean desTestFailed = false;
+        try {
+            // We expect this one to throw because we have:
+            //      Encryptor.EncryptionKeyLength=112
+            // set in src/test/resources/esapi/ESAPI.properties. It should throw
+            // an EncryptionException (with a cause of ConfigurationException).
+
+            // Generate an appropriate random secret key
+            SecretKey skey = CryptoHelper.generateSecretKey("DES/ECB/NoPadding", 56);
+
+            // Change to different cipher. (Default is AES.) This is kludgey at best. Am thinking about an
+            // alternate way to do this using a new 'CryptoControls' class. Maybe not until release 2.1.
+            // Change the cipher transform from whatever it currently is to the specified cipherXform.
+            @SuppressWarnings("deprecation")
+            String oldCipherXform = ESAPI.securityConfiguration().setCipherTransformation("DES/ECB/NoPadding");
+
+            // Get an Encryptor instance with the specified, new, cipher transformation.
+            Encryptor instance = ESAPI.encryptor();
+            PlainText plaintext = new PlainText( "test1234".getBytes("UTF-8") );
+
+            // Do the encryption with the new encrypt() method and get back the CipherText.
+            // This should throw because the key is too short.
+            CipherText ciphertext = instance.encrypt(skey, plaintext);  // The new encrypt() method. Should throw!
+
+        } catch ( EncryptionException eex ) {
+            desTestFailed = true;
+        } catch ( Exception ex ) {
+            fail("testWithTooShortKey(): Caught unexpected exception; msg was: " + ex);
+        }
+
+        assertTrue(
+                    "Expected 56-key DES to throw EncryptionException; " +
+                        "check Encryptor.EncryptionKeyLength in src/test/resources/esapi/ESAPI.properties file.",
+                    desTestFailed);
+    }
+
     /**
      * Helper method to test new encryption / decryption.
      * @param cipherXform	Cipher transformation
@@ -289,9 +327,11 @@ private String runNewEncryptDecryptTestCase(String cipherXform, int keySize, byt
 			// Change the cipher transform from whatever it currently is to the specified cipherXform.
 	    	@SuppressWarnings("deprecation")
 			String oldCipherXform = ESAPI.securityConfiguration().setCipherTransformation(cipherXform);
+/*
 	    	if ( ! cipherXform.equals(oldCipherXform) ) {
-	    		// System.err.println("Cipher xform changed from \"" + oldCipherXform + "\" to \"" + cipherXform + "\"");
+	    		System.err.println("Cipher xform changed from \"" + oldCipherXform + "\" to \"" + cipherXform + "\"");
 	    	}
+ */
 	    	
 	    	// Get an Encryptor instance with the specified, possibly new, cipher transformation.
 	    	Encryptor instance = ESAPI.encryptor();
@@ -548,12 +588,12 @@ public void testMain() throws Exception {
         System.out.println("testMain(): Encryptor Main with '-print' argument.");
         String[] args = {};
         JavaEncryptor.main( args );        
+            // TODO:
+            // It probably would be a better if System.out were changed to be
+            // a file or a byte stream so that the output could be slurped up
+            // and checked against (at least some of) the expected output.
+            // Left as an exercise to some future, ambitious ESAPI developer. ;-)
         String[] args1 = {"-print"};
-        // TODO:
-        // It probably would be a better if System.out were changed to be
-        // a file or a byte stream so that the output could be slurped up
-        // and checked against (at least some of) the expected output.
-        // Left as an exercise to some future, ambitious ESAPI developer. ;-)
         JavaEncryptor.main( args1 );        
     }    
 }

From 25a1b47fc23e592a40db75b5aac70d1ec384cabc Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sat, 20 Apr 2019 18:55:35 -0400
Subject: [PATCH 559/812] Fix javadoc comment.

It always helps when you CLOSE the leading Javadoc comment.

Compile FIRST, commit SECOND.   Self-flagellation will commence in 3,2,1...
---
 .../esapi/configuration/AbstractPrioritizedPropertyLoader.java  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/org/owasp/esapi/configuration/AbstractPrioritizedPropertyLoader.java b/src/main/java/org/owasp/esapi/configuration/AbstractPrioritizedPropertyLoader.java
index 6a532610c..ee358f12b 100644
--- a/src/main/java/org/owasp/esapi/configuration/AbstractPrioritizedPropertyLoader.java
+++ b/src/main/java/org/owasp/esapi/configuration/AbstractPrioritizedPropertyLoader.java
@@ -23,7 +23,7 @@
  * committed to the development team's SCM repository.
  *
  * @since 2.2
- *
+ */
 public abstract class AbstractPrioritizedPropertyLoader implements EsapiPropertyLoader,
         Comparable<AbstractPrioritizedPropertyLoader> {
 

From 709114574103fb28b332d2730bf86c0da47bd074 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 22 Apr 2019 21:59:54 -0400
Subject: [PATCH 560/812] Reference GitHub issue 312 instead of Google Code
 issue 306.

---
 .../org/owasp/esapi/crypto/ESAPICryptoMACByPassTest.java   | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/crypto/ESAPICryptoMACByPassTest.java b/src/test/java/org/owasp/esapi/crypto/ESAPICryptoMACByPassTest.java
index 36e796d10..eecc11caa 100644
--- a/src/test/java/org/owasp/esapi/crypto/ESAPICryptoMACByPassTest.java
+++ b/src/test/java/org/owasp/esapi/crypto/ESAPICryptoMACByPassTest.java
@@ -1,5 +1,6 @@
 /*
  * OWASP Enterprise Security API (ESAPI) - Google issue # 306.
+ * (i.e., GitHub issue 312).
  * 
  * This file is part of the Open Web Application Security Project (OWASP)
  * Enterprise Security API (ESAPI) project. For details, please see
@@ -92,8 +93,8 @@ public void testMacBypass() throws EncryptionException, NoSuchFieldException, Il
         		// subsequent lines in the try block.
             PlainText pt = ESAPI.encryptor().decrypt(sk,modifierCtObj);
             System.out.printf("Decrypting to '%s' (probably will look like garbage!)\n", new String(pt.asBytes()));
-            System.out.println("This ESAPI version vulnerable to MAC by-pass described in Google issue # 306! Upgrade to latest version.");
-            fail("This ESAPI version is vulnerable to MAC by-pass described in Google issue # 306! Upgrade to latest version.");
+            System.out.println("This ESAPI version vulnerable to MAC by-pass described in GitHub issue # 312! Upgrade to latest version.");
+            fail("This ESAPI version is vulnerable to MAC by-pass described in GitHub issue # 312! Upgrade to latest version.");
         } catch(EncryptionException eex) {
         	String errMsg = eex.getMessage();
         		// See private String DECRYPTION_FAILED in JavaEncryptor.
@@ -228,4 +229,4 @@ private void writeString(ByteArrayOutputStream baos, String str)
         }
     }
 
-}
\ No newline at end of file
+}

From 9a422904da25a708a0514665b7d3da8373f467dc Mon Sep 17 00:00:00 2001
From: "Kevin W. Wall" <kevin.w.wall@gmail.com>
Date: Wed, 1 May 2019 22:30:44 -0400
Subject: [PATCH 561/812] Update pom.xml for next release candidate

Prep 'develop' for next release candidate, 2.2.0.0-RC3-SNAPSHOT.
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index ad120d628..40a903d4a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,7 +3,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.owasp.esapi</groupId>
     <artifactId>esapi</artifactId>
-    <version>2.2.0.0-RC2</version>
+    <version>2.2.0.0-RC3-SNAPSHOT</version>
     <packaging>jar</packaging>
 
     <distributionManagement>

From ff9fd9608241fa10687780e3dee39ad0cc171a34 Mon Sep 17 00:00:00 2001
From: Helly Guo <buffoonguo@gmail.com>
Date: Mon, 27 May 2019 19:38:52 +0800
Subject: [PATCH 562/812] enhance: improve the performance of ObjFactory (#491)

* add jmh to benchmark

* enhance: cache class and method to avoid reading each time

* add comments for new methods in ObjFactory

* enhance: create the exception once and use many times
---
 pom.xml                                       |  12 ++
 .../java/org/owasp/esapi/util/ObjFactory.java | 120 +++++++++++++++---
 .../owasp/esapi/util/ObjFactoryBenchmark.java |  26 ++++
 3 files changed, 142 insertions(+), 16 deletions(-)
 create mode 100644 src/test/java/org/owasp/esapi/util/ObjFactoryBenchmark.java

diff --git a/pom.xml b/pom.xml
index 40a903d4a..2131e8b7c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -381,6 +381,18 @@
                 </exclusion>
             </exclusions>
         </dependency>
+        <dependency>
+            <groupId>org.openjdk.jmh</groupId>
+            <artifactId>jmh-core</artifactId>
+            <version>1.21</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.openjdk.jmh</groupId>
+            <artifactId>jmh-generator-annprocess</artifactId>
+            <version>1.21</version>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 
     <build>
diff --git a/src/main/java/org/owasp/esapi/util/ObjFactory.java b/src/main/java/org/owasp/esapi/util/ObjFactory.java
index fce6afe48..3ffadd88e 100644
--- a/src/main/java/org/owasp/esapi/util/ObjFactory.java
+++ b/src/main/java/org/owasp/esapi/util/ObjFactory.java
@@ -13,6 +13,7 @@
 
 import java.lang.reflect.Method;
 import java.lang.reflect.Modifier;
+import java.util.concurrent.ConcurrentHashMap;
 
 /**
  * A generic object factory to create an object of class T. T must be a concrete
@@ -44,6 +45,11 @@
  */
 public class ObjFactory {
 
+	private static final int CACHE_INITIAL_CAPACITY = 4096;
+	private static final float CACHE_LOAD_FACTOR = 0.75F;
+	private static final ConcurrentHashMap<String,Class<?>> CLASSES_CACHE = new ConcurrentHashMap<>(CACHE_INITIAL_CAPACITY, CACHE_LOAD_FACTOR);
+	private static final ConcurrentHashMap<String,MethodWrappedInfo> METHODS_CACHE = new ConcurrentHashMap<>(CACHE_INITIAL_CAPACITY, CACHE_LOAD_FACTOR);
+
 	/**
 	 * Create an object based on the <code>className</code> parameter.
 	 * 
@@ -70,20 +76,13 @@ public static <T> T make(String className, String typeName) throws Configuration
 				// No big deal...just use "[unknown?]" for this as it's only for an err msg.
 				typeName = "[unknown?]";	// CHECKME: Any better suggestions?
 			}
-			
-			Class<?> theClass = Class.forName(className);
-
-            try {
-                Method singleton = theClass.getMethod( "getInstance" );
-
-                // If the implementation class contains a getInstance method that is not static, this is an invalid
-                // object configuration and a ConfigurationException will be thrown.
-                if ( !Modifier.isStatic( singleton.getModifiers() ) )
-                {
-                    throw new ConfigurationException( "Class [" + className + "] contains a non-static getInstance method." );
-                }
-                
-                obj = singleton.invoke( null );
+
+			Class<?> theClass = loadClassByStringName(className);
+
+			try {
+				Method singleton = findSingletonCreateMethod(className, theClass);
+
+				obj = singleton.invoke( null );
             } catch (NoSuchMethodException e) {
                 // This is a no-error exception, if this is caught we will continue on assuming the implementation was
                 // not meant to be used as a singleton.
@@ -97,7 +96,7 @@ public static <T> T make(String className, String typeName) throws Configuration
             }
 
 			return (T)obj;		// Eclipse warning here if @SupressWarnings omitted.
-			
+
             // Issue 66 - Removed System.out calls as we are throwing an exception in each of these cases
             // anyhow.
 		} catch( IllegalArgumentException ex ) {
@@ -130,9 +129,98 @@ public static <T> T make(String className, String typeName) throws Configuration
 		}
 		// DISCUSS: Should we also catch ExceptionInInitializerError here? See Google Issue #61 comments.
 	}
-	
+
+	/**
+	 * Load the class in cache, or load by the classloader and cache it
+	 *
+	 * @param className The name of the class to construct. Should be a fully qualified name
+	 * @return The target class
+	 * @throws ClassNotFoundException Failed to load class by the className
+	 */
+	private static Class<?> loadClassByStringName(String className) throws ClassNotFoundException {
+		Class<?> clazz;
+		if (CLASSES_CACHE.containsKey(className)) {
+			clazz = CLASSES_CACHE.get(className);
+		} else {
+			clazz = Class.forName(className);
+			CLASSES_CACHE.putIfAbsent(className, clazz);
+		}
+		return clazz;
+	}
+
 	/**
+	 * Find the method to create a singleton object
+	 *
+	 * @param className The name of the class to construct. Should be a fully qualified name
+	 * @param theClass The class loaded in prior
+	 * @return The method to create a singleton object
+	 * @throws NoSuchMethodException Failed to find the target method
+	 */
+    private static Method findSingletonCreateMethod(String className, Class<?> theClass) throws NoSuchMethodException {
+        MethodWrappedInfo singleton = loadMethodByStringName(className,theClass);
+
+        // If the implementation class contains a getInstance method that is not static, this is an invalid
+        // object configuration and a ConfigurationException will be thrown.
+        if (!singleton.isStaticMethod()) {
+            throw singleton.getNonStaticEx();
+        }
+        return singleton.getMethod();
+    }
+
+	/**
+	 *
+	 * @param className The name of the class to construct. Should be a fully qualified name
+	 * @param theClass The class loaded in prior
+	 * @return Wrapped data, contains the method object and the method is static method or not
+	 * @throws NoSuchMethodException Failed to find the target method
+	 */
+    private static MethodWrappedInfo loadMethodByStringName(String className, Class<?> theClass) throws NoSuchMethodException {
+        String methodName = className + "getInstance";
+        MethodWrappedInfo methodInfo;
+        if (METHODS_CACHE.containsKey(methodName)) {
+            methodInfo = METHODS_CACHE.get(methodName);
+        } else {
+            Method method = theClass.getMethod("getInstance");
+            boolean staticMethod = Modifier.isStatic(method.getModifiers());
+            ConfigurationException nonStaticEx = staticMethod ? null :
+                    new ConfigurationException("Class [" + className + "] contains a non-static getInstance method.");
+            methodInfo = new MethodWrappedInfo(method, staticMethod, nonStaticEx);
+            METHODS_CACHE.putIfAbsent(methodName, methodInfo);
+        }
+        return methodInfo;
+    }
+
+    /**
 	 * Not instantiable
 	 */
 	private ObjFactory() { }
+
+	/**
+	 * Wrapped data, contains the method object and the method is static method or not.<br>
+	 * The goal to store the boolean value in field staticMethod is reduce the check times: check once, use many times.<br>
+     * The goal to store the exception in field nonStaticException is reduce the cost of new Exception(): create once, use many times.
+	 */
+	private static class MethodWrappedInfo {
+		private Method method;
+		private boolean staticMethod;
+		private ConfigurationException nonStaticEx;
+
+		MethodWrappedInfo(Method method, boolean staticMethod, ConfigurationException nonStaticEx) {
+			this.method = method;
+			this.staticMethod = staticMethod;
+			this.nonStaticEx = nonStaticEx;
+		}
+
+		Method getMethod() {
+			return method;
+		}
+
+		boolean isStaticMethod() {
+			return staticMethod;
+		}
+
+        ConfigurationException getNonStaticEx() {
+            return nonStaticEx;
+        }
+    }
 }
diff --git a/src/test/java/org/owasp/esapi/util/ObjFactoryBenchmark.java b/src/test/java/org/owasp/esapi/util/ObjFactoryBenchmark.java
new file mode 100644
index 000000000..cf87608af
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/util/ObjFactoryBenchmark.java
@@ -0,0 +1,26 @@
+package org.owasp.esapi.util;
+
+import org.openjdk.jmh.annotations.*;
+import org.openjdk.jmh.infra.Blackhole;
+
+import javax.crypto.NullCipher;
+
+@State(Scope.Benchmark)
+@Fork(value = 3)
+@Warmup(iterations = 5, time = 1)
+@Measurement(iterations = 10, time = 1)
+public class ObjFactoryBenchmark {
+
+    @Benchmark
+    public void benchmark1(Blackhole hole) {
+        NullCipher nullCipher = ObjFactory.make("javax.crypto.NullCipher", "NullCipher");
+        hole.consume(nullCipher);
+    }
+
+    @Benchmark
+    public void benchmark2(Blackhole hole) {
+        String key = ObjFactory.make("java.lang.String", "testMakeNotASubclass");
+        hole.consume(key);
+    }
+
+}

From 06aa99e0881139768b87f5d50f91823dc9de5e98 Mon Sep 17 00:00:00 2001
From: "Kevin W. Wall" <kevin.w.wall@gmail.com>
Date: Mon, 10 Jun 2019 19:26:46 -0400
Subject: [PATCH 563/812] Prepare 2.2.0.0-RC3 (#497)

* ESAPI release notes

* Prep for 2.2.0.0-RC3 releases. Update to 5.0.0 of Dependency Check.

* Updates to prepare for 2.2.0.0 release.

* Updates to prepare for 2.2.0.0 release.

* Change 'import org.apache.commons.beanutils.*' to 'import org.apache.commons.beanutils.LazyDynaMap'.

* Fix lead-in documentation and add static setCache(boolean) method to allow disabling class and method cache.
Also, reduced initial size of case. No way we would ever need it that big.

* Add testObjectFactoryCache() test. Fixed testMakeCipher() test so we could actually tell if it failed.

* Removed empty initial comment line.

* Added larger-than-life warning that this is a TEST VERSION and not to use it.
---
 CONTRIBUTING-TO-ESAPI.txt                     |  22 +++++---
 documentation/ESAPI-release-steps.odt         | Bin 0 -> 165550 bytes
 .../esapi4java-core-2.2.0.0-release-notes.txt |  51 +++++++++++++++---
 pom.xml                                       |   4 +-
 .../accesscontrol/DynaBeanACRParameter.java   |   2 +-
 .../java/org/owasp/esapi/util/ObjFactory.java |  27 +++++++---
 .../org/owasp/esapi/util/ObjFactoryTest.java  |  36 ++++++++++++-
 ...ESAPI-CommaValidatorFileChecker.properties |  32 ++++++++++-
 .../ESAPI-DualValidatorFileChecker.properties |  32 ++++++++++-
 ...SAPI-QuotedValidatorFileChecker.properties |  33 +++++++++++-
 ...SAPI-SingleValidatorFileChecker.properties |  33 +++++++++++-
 src/test/resources/esapi/ESAPI.properties     |   1 -
 12 files changed, 240 insertions(+), 33 deletions(-)
 create mode 100644 documentation/ESAPI-release-steps.odt

diff --git a/CONTRIBUTING-TO-ESAPI.txt b/CONTRIBUTING-TO-ESAPI.txt
index 5e5ec846e..4154a5916 100644
--- a/CONTRIBUTING-TO-ESAPI.txt
+++ b/CONTRIBUTING-TO-ESAPI.txt
@@ -41,7 +41,9 @@ Required Software:
     We use Maven for building. Maven 3.1 or later is required. You also need
     JDK 7 or later. (We generally use JDK 8, but compile ESAPI only to require
     JDK 7, which means our code can't yet use any features exclusive to Java 8
-    or later.)
+    or later.) [Note: If you use JDK 9 or later, there will be multiple
+    failures when you try to run 'mvn test' as well as some general warnings.
+    See ESAPI GitHub issue #496 for details.]
 
 Building ESAPI:
     https://www.owasp.org/index.php/ESAPI-Building briefly discusses how to
@@ -73,10 +75,13 @@ Steps to work with ESAPI:
             git checkout -b issue-#
     4. Work on the GitHub issue on this newly created issue-# branch.
     5. Make sure everything builds correctly and all the JUnit tests pass
-       ('mvn test'). [Note: On occasion, there may be a failure in
-       AuthenticatorTest.testGetCurrentUser(). If there is, run 'mvn test'
-       again. It seems to be sporadic and it is hypothesized that it is
-       related to some sort of race condition in the JUnit tests.]
+       ('mvn test'). [Note: There are some known issues with test failures if
+       your are running under Windows and your local ESAPI Git repo located
+       anywhere other than the C: drive, where the test
+       ValidatorTest.testIsValidDirectoryPath() fails. Also, if you are using
+       JDK 7 on Mac-OS, there is one know test failure in
+       SecurityProviderLoaderTest.testWithBouncyCastle(). That same test works
+       with JDK 8.]
     6. If you have added any dependencies, please also run
             mvn org.owasp:dependency-check-maven:check
        to run OWASP Dependency-Check and look at the generated report
@@ -98,6 +103,7 @@ Steps to work with ESAPI:
             $ git merge issue-444
 
 In theory, you can do all this 'git' magic from Eclipse and presumably other
-IDEs like NetBeans or IntelliJ). From Eclipse, it is right-click on the
-project and then select 'Team' to do the commits, etc. If you choose that
-route, you're pretty much on your own because none of us use that.
+IDEs like Oracle NetBeans or IntelliJ IDEA). From Eclipse, it is right-click
+on the project and then select 'Team' to do the commits, etc. If you choose that
+route, you're pretty much on your own because none of us use that for Git
+interactions.
diff --git a/documentation/ESAPI-release-steps.odt b/documentation/ESAPI-release-steps.odt
new file mode 100644
index 0000000000000000000000000000000000000000..e75c8599c67fc20cf6ba60c280f1af0084ef9eaf
GIT binary patch
literal 165550
zcmaHR19WE3vhNp6j7c)FZQGgHlT2*ewrz7_+qS;gwrv}4{`a2q?s@CI^?I+`t=(0<
zy1S~Yd;jF5z`%b108juxKlrGu_8=1+IRF6ohyE4;tjw&89Nlb<^lWV{%?$J$&1|gc
zovjV&Z1fz=9O!IpjjRoA44kZttR3kbja(h&{tspm1T)2!GyuRqgz=Y|qN$UWzO|m2
zr31a=zms&f)+S+cvSRQsSTKJ-ftL^${{1%|1OPw)P+)&kTLCZj000<3PFhifmYj^1
zih+rOh?9|qjg_5-LyVP6nCqtmzpR!BFT1P|uZkFth?umHjE1y=)^90Eb$Ll;Wi@G4
z6KO45B~2r314|VnCqq?f0}Uk$9RpK+O&232Gh-7YOBV|VH%AL2M{6f{dkYt5S2LFo
zSFa#r<9ch`RyWsn4__}Uzhn=;5Z90tm&jbtxFT=AK3`icUn|`Z7qcKwmv}GpSRV&}
z&wv2W_Ar0Xln}SPD7T_`@6eD?|KNnch=joC^oYp#h?umfxai2Zl!VBT_~`hQ_{h|h
z)KI_9u$27BtlH#|&eY8OtlW&4{Ho}jnm>6Z33;`#g>4BXotcHTnWgoA%G!!jBl0p*
zYqKMAv+^o)V@mS>H0DLu7yZf4&(A9?D=aA}EUhRl%quM_EiWxBFE7t8tSu<7&#!1L
zDQGCKtShT*tEj20sB5mPD6XlhX|AoPudlCbY-?(1Y;5glYpiQ&YH4q6Xm4*14jqV0
zn21TAi;WyeP900hnoY0nP0g9htR2kH7%eFnEh$?lYZ@qTTd1p;Z|>-CYFe#s+iUFH
z?(FHT>Y1wSnQiVJYUmy7=pE?jAMF|*ZyQ?Zp5E&0+wYp)?XAq{sm=v9mG(B(_P5vf
zb+(Ok)D3sG&vaBychvTF_x5+J4)t{`_E#?qweHV$_4oJp4UPhb2Y@5vBf!4l!Qt_d
zfw8f%9^iC;-^Re$Z2!c{aR27$<m~vw>cq@AaC#Ovvo=06KR&lQxx6&FvOYUDFgrQA
zGTt{kzOXnuw!XeTG<q<)bTGPcJv*_txVFEve!a1?Hnn{|v2(Y&d%Svlw>v+uvp9CJ
zGIp{&bh19ay)?VGHn+36da^ltu(Wr!J-N3%v%j-`aJq56J9oCXetEocd%X5^y}9={
z9G)B<A03>WogD6+?q8gr9Gsn<9i87^UY{LaKkeVXp5NS`-@RNsf83t$-&~%)UhZ69
z+&tZ#-QC^YKE6D>Jlwy$zdYW(JU+j_-hY06{#AspudjNJj~xJjl3YUgr=siXMFza%
z+M?HSb90x~#o`s&3D!`Rk<HD1gGNS+Y&a#A#N8t9Nq+_hqkcW8P<r#N0Vsy9Fv`kq
z$I`gu3GE59;z2*mi96+<9}=;n<io6Fj_KVX<^|8_DfGa;OvEXeY-G;(d_kgO>21~>
zosn8HfBd37(;6)y3<(__-6i7FmmBo1%eBqGEjMc<mMDCFuzY`s-aLaj#{ZSwvWzs9
z8d0q&ovKQxF~Zt&Vb4_YD5;)h?w+}#?|5je=@;X3AHzVr1Tx`Cj9=h*n)T|*Sfz&0
zAV?bFq+<Bfl49;9-h=4#e5n;*<yW#Cv;Tpc=CFGw_Cj;O)akxiTwr-VX$+YEm0t2?
z`+G0L4CksidVB5b?Ya@NR9j_8yU6nje)88l(1g#t30|Hswm6-;E6~RKHhIXD!C1dU
z26BzNB&8zRIg*{-wEGSGGn8VZy>Hd!J>O-c>os`+e+a0w#2@_huyXxLtXb4zZS)e)
z5PsHWJLRN>|Khoky=DAn`0?DH{c)<*%oAMwwLVnB|D1TW%CG*=s<iYm^{dkT#U;fH
z%tpHlbW4`D^Dy5@s#;Ci1-|Rk?49vUYw5}R@HJaJ`&9j9#-u9{vFiD~cdL8y<0g74
zEqmn}lK<^l%;#0@{XN{o`qi-YcI$MU*eTnl+wEY;=Bxi#<0m8L*sqwqxGgtOe4W=5
zCU4^h(&$0>GiA*o@4mJN=B38;Dhr<{#HP*bmtqM-8;EScQ1!<c{P@)uP$s$id62vp
z>78-R<mO_l^Rs>_fZST`Cg_jtQ1O!1+XU61)x$$}n-x&(<d5w^jJ5k23c<rlz#;$U
zYt%0_70=rNlbf^b=P?_fx=0^Hz|p7?HXo(dQ;^NxF8&@$_u909xA6#!T+3w<!V58W
zF})1Cqaq$Q?wDhR?A{K`;L6Dk&LHuDzA?>RgtQ1XBDOo9U-9=rw>=Ct7@#!thrZ>#
z32EezxZ6+q6I8`nDKjl{u4MY1T4|A?Ra3i$z|l}ol5ei5$CB0Itg|FpJjy*B0o0TW
z!*D4fAt8L3BiLoip8_;WcK7xxIeFU5EfK1hUUiCP(&#Fe?Zv+-^zw-f5^vJ?miXqP
z$yK)AqMW{gRp-Ifzc%e>u}UdqQ*3n^Zo>?;bbhXqK6y7kdt~?PsMcLxVq1SW_DgzN
ze2^z6bkV7GIgaF#vU_>IaNsf9o}>k1Te~?)yuglKwSh8PuX#^&W~b44UoMjKNjQ0(
zS7~%lxBqZ?|2*WUA-$$$rz!uUs_h>e3b{b=++N+WNH*$X=-Ig4p#HwcvG(+yy%(-%
ziFu#&BG}D>)i2^~Xu}u`x%L(V*W3_#ThV!vC#048^E;L$olY7fs!mBz@V^xB#!ok~
ziZAlxp(VB7Ac#_v;<QjxKKoEkUvx+m;Rsd*5yA+wB%n0OdMxmS&92l)0=to{%kF}&
zrVqLDNsASuTE}6Hy{*FPXZS1P=<ny%E(_V;i-a2eVQo=U@4_YYI<y#XLyY?w(1S=1
ztRYglpIl@=P}lrrS)D0rfnEz`t~HU>`-O+>|FQ^sOa^d%rl#&KkyK_GxD!!P&Zj}M
ziJM82$&ScM6URW%J`8AD)n18CMJ7pCGB($`h&1Wzuq+rF!!almshuUNlXz_y#Bsy$
z)>^^Rk~2e;lp^u+ecMY`<O1B$<6!kZ1<s%BkwuS^?nQ<e{<1{uo%hP7=`1YsY+55f
zU?Z^LpOazbBGcH6K-rExV{0$AHz<SM*NNuY_e^>F|73Y?)TINzZ{b)<H~v1@1A~Of
znOiyRej#ZBqn^XCD%sQK7M=ku>G~PMyuWA3M!uj4y#dizME-RXR9I-rD_e*oqjAbO
z#DoXKv4*$``cbY#9+2rg{h`ckU?lM4@&GIfETZqbm^+6{b;!*xF%2U5=H@7un;4JG
zSgB<k4qY3(`=}=mm59`2Yau%Nv-H@T&_78}ox)GzsOiQS)#s11U~iZz$g7Zjj<CdR
zcd{p~ImOj|04|83kd7uM8~mXpHtz@vqLc64K04$}yuxGJ-;uN5z8UNlHd|(l9k_KA
zcWx0U`b0Pxr1s=1r2VdH%jE5bkr12iy9mN|+ejtj@{QO-H-E3_zgEP=b^wNy+n}-v
zEjs8dU>2^7zKG}t78*um?xV_TkZx1|aNE9$ZrY~v6Jm%*B{)agmHFBRx2{afI{w|}
znF-SroEMLb`bs7EDts5A)q~ea{+Jf?;{}i6O@U7Wy201phl1c50Y@<qy{T6=*W`O2
z)YvFbVqUy$-yn4)eOnd_xX5%VoQNS308K2lGKLl*-=IHd1BpVnx>}G~%m+pp{12hZ
zqnzCCqDv*ZNCKE+BR>G_(mnKP3!a<Jy%vyZTzqG-LEiI-@?_IwWylf%E_jaJGv7%%
zA#&v#>tgV$A8gCgX{V;XG0dpDmFqEPW~jS~aod>i*Pj(4d5dlz>c%(-zT^D%Uo3L|
z0S63@>N-^PFvQho{PRw@XH=7;-4s;xWu_c{tfYLah1A0g_VzbHH#@?7<t1~F*?4C&
z$f`>T=FV;94EY2VPDhQ7LGzI+?0dn#&xJeP5q5g<v{aZ}88WeOCr&={6$~IoV-uoI
zOSSFUM7-X%9tQrDZpwSbrVT<J$h*Vc!BeDtPH$|5u*}&Otw^3UuSd8T7TAJqOT)mg
z+Qr>6{lGY0?jqB^f>p&fMIV%3BfL7b#YC2=LI<~WQf1pF`vVlIHuHkzSQR~gRFZ<|
zgE!jN8|C?qVOkiCqk`e^WBDAwj9LlY?J%>bPcgMU_(Xs_LZvuV@|@P-=Ym+`2T+lv
z%+1Dvp0faO4Dv6?(Sz(lt>D%!JyMK)qb6{RWoiq3pBb<XU^XSBXtD{9_$VsCzee7`
z2Y+-zf??zK_rT%&u{uF<Ryl^ZC-7?MSAJxWUXl2+Iph=nu$^unX)_RdMv!}im`nCe
zS(%=mr#eOjAXsVM*;qhokmtRdM|PfVM8oI;j8InvF>dv$WtKT>IC80y%KOylk|de)
zTZ9G4>K<S<(|ZdgF{j3%=_$)&c_En#9E&0&3V#=>i<Y7DdKJ(y(lgh8TUZz`eL{|Y
zEmL|=khRC4Q@L007`Cw2S0;Sj=q8wWkI%r`J2@>Ep1jql#J<UWEGa{c4nYpq+jnT`
z!wBkNL2*W%-bSj+oh)&M!4#*v4ohQ+#yS~^Ol1$=z!)P^Ms_8u?XG6f>{;<wmXjjI
z&Hb$(jD2i^{E`t0Z(uo3p)3eNWy)y)!`#}T%>a|Yh^m5|G?19ZF|7`>uEnz1rhv_I
z#H28oDmkg#Wx4@)da3l@W|xqno!I<d6$?me5v=YPqW5V$u2a?0-F+ESxn>(bXVw^v
z)kajKHwr+|d`Pvxd5#5cE<<af#^7EPl&x?3`BIz#u6A&YLvsP0d{wvPUrlBfXUMPE
zsm?;i<*gSR^pE^2GfOtLAOhU4etTWh&;)AOxHtxfw0*y=xAhsr+35NoZ1J|(CWi*q
z8e2q`$)2e+JwnE2wZg0(**s+N1lg7XzHO2Q+sc`qxCnL4or$X6D`kue&({Yf<*@WK
zfMh?3K<&32$4rywcNJ_v*bU8fWV@*FWb(sV?)|Y+4ZrqAWS6V$8P|0fXcs}+C30-G
z#!ZbB=p}u2{T#{~a6juIJsq5fq#3)dR-tuXR9^I%X_MEyUU{z3<?}>c(yvu)7P}M<
zFr+ot7tH8+aXmEecU>e5r3L-bVjR#(su$MEOX9#W<Gmn5d2g;&Tb1=G=VOwBBlm#*
zjkg%z^MYO9f2d?aVd1|#S88Yj23%|`R=5h%I#MCb(|(D|p}|D1493X$<z{0TPn+5)
z22mzgj*w_vHe_N>+WZGYr>|=Y1bgU7A13q26$jNZLfq03vm}<>A1KUWp2id@>Ca}_
z{*Y;%qM#u`aOh>r(d<&cjhd2nGMGj>lUa~~CsIQtau8$BLE(Q|D-%Gpe&L^XkXbs|
z(Lr%u*8$ls4+0^M>p2)8Q!Ce+t+x)13BU+_$y9(Ta0=^W%wwEQN}Af}mg=wq=i77S
zJum}=5fjwQZwRfwf8hkqSo8+Y*<7FdDQ$8KU2nWmhK%j4!L?DS@E<sM0Wdhi-QrBB
zYnS<kVMY;u3A9UDL_vOlkWmZ)k`w$Bxcgl6C-tn%T|2l1`rOqX+rCvnLb|&Bv1RJ3
z%}O49g*4DR4wOiF?PuS1N2Z3<mnWS52nNJ-b-}Nw+cLy%rvqmXL1?<)kgHWc-og4{
z*WPW5_1<cnh<z3d;?&bNq%~{I8y%TG&e*+*l5+hJL4~q8K1vz<U|U`<`qFGL(7cxz
z7<JfGUhje?#-*oPKP7kc4L=k)v?jiegdhzVF^1M$K6IBZdBvV^WUf~3GF6-}+)qv2
zmlU2M#e8fXrx3N>?rn739G~uW5Ix<NF8h7HMq{EskCX7<?`G2QFWe3;@;!=tu16KV
z>c~Il`SE$(9gU}`+Y5+Aexf2h4cLiQh%CgaUS3^Zom_>HfQEOUE0JibRK!q2vsPS6
zqhGAudaLOZmG%7E7D!neoX-6zp{O%&_!Cyk5&6yXwNwm$?PI=bL(Hea<S7PkrSpw@
zp}Vx(=k4n2vUbC#^C&J~?CVktk@xnX*!jxMbt<d4tKQ-%Kc?&UI=}tvQ7q>2b5f|?
z<!bY8`m!(oSLe%UKjN7cF`jx+;`9whW0u2o7xX3^{PQcWJcT<M$Fkk51nXVT+XTH+
zU?57R!aCTYFE$=%6ZH5c_ed+D$zgitA!M@v3Qo6aK>Jag7UITpal7?;qs7wJ$B7W)
z#p=U#O84h9v5wn5bvxdQ)1J%cd2V;tjm@VXI%cgF;@8B|*Wnra=gQL8QWpQ)?H1qt
zaSHz5A?|v=&gOI6Q*rh>s132{xXJypGyMI-!JL4%=nd#N6{;E?A!$>`o)<rps+@o<
z3KJguI@BM=(uYLZU5`!b5kmAE6cR31>_mi;lQDH1_;D(0w5#uwPZi$HLpss@o}xoL
zB24e?E&2#6R&G)EnsOoq9YI})*z>#eDCs?(V)Oo;=H}goDqf$Gk1t`2kNv}$^@BH)
z=n!Sq=xLXUe1?wFzh5>P7S&+NPXD}Bh^=Yv#6K_dxx#8rKH-?o0-+jT1K2AQRs)9c
z@(#I1U=skdcN*E#Kbc8R&pt?4;|F_PDN@t%R!w3lf90|{h4a+m&b|J<)=k!a?Kxq3
zZ~K?~QrkD_qdF?UqUZ~*bN4Dng##m6NdGCdGd@nsItFvFJOdX5gW%jsUnHantZ9RP
zk!In#;@9d)X)}teBrQ>f7$>p|P;#ViO^IAJwQrR>m@8=hUeUei2ZfGxq<W6_--GqL
zu|cA-O&a690$!(M6@TTAL+`_ghdZ)5svw6wKZh8)ozeTgzPYT=`3qQ}z0=Y<Wt3&F
zD$k(b#i^{kft#2h5LN0Bd@Ufso&Z-M%p?eaET`~xN3B)~RJdOLP=^{4QG;(Nm26PB
zK>zK6AVXpxFCi%@D{`u?;|wDyg>DvQp+H=R+^-$?jTYDP6<$IPoTTJa)}w)Wx>8v>
zZc-o(t?$q4<Ce@FZEi&#M5WjxEAbbRPmtU8B?YPr;E%_hR7;(u{`8>!COGP4(DX#!
z@-{^272fK1U2KA22Eh8k8yDN9fnSV4CwE2`MJGtVyy*rZi{N&^cMF^an`pK_n%ZA%
zlO(!DeFGO1819>cv#01GR*_)w=D2+0FFA;FOyM=kDBtTmw#*AK&ZIm&4?KpNu3{K@
z<P~p2@@oSf)Cc2k7;6z-!ibQWZ$hi`PeVrJ*hs0qRic|AKZ=`5ju*+R<b83<t8@o7
zTC@C+l9a4tCe@3#78fTMI>5={R@mUc#)xS!l0a$I9eVU3k0MPh2#@{(6WxyrG&Lvi
zyJh4_D7~jpH}@3BN~XJEuT5(9p+)sLs;I1elBS%BaFK#_@it91-|vJ}$iC_|jB!^^
zp$an(<i|gmycj{F3n&anY+Lbe2Wa<ey7Yv+$OR!`6zd$r3SWGO`5uS|iF0O&WcRFr
z2KiPcWB4osq|Ngx*1ERz*??&O!UsIwc(c*W@Nv6A6F6WpJl@ghuERZ{;5fPRis)87
zXGSrJL_y}URRzUg0j8a@$Cl=!X<3$s(S<bBf_Z0}UJy3N>z}f7gw8c4q%`+HM2?%&
zD7bAI*W<>Jc8VfSVA6kfa`1B{^_RF8_u2L`*dpZzTyzVI78S%`lG<R#U@8Q;*zO#y
z*du&(BxaKNe9IV<HMn;Oq&`6wePMSZ<_(A(+xax_75~>Q(L1^x9CUH#WdWc)>E#yu
zMI}-{J#i`ttvHDqZLiqn_{^}meYnQe*w(3*6mCO0{$vo9s;4<@?7%wfvRiDw#DDH#
z!6xEEntmcu#}8wQCoG$h*SHY7#LiP6j7@D2E1mD64NT=TJl#5nhQBkS3wPZJi|Lm?
zzul+KoO(z2Yq8DWX5`A@7Tl|qJKTDh-R&R>$u8q>$$WTyKvAi*JeoILr~9_{McOdl
zufpzvt~J}Wy~9CjWUv&u6ZArTH&-^|AyFjsqN4JrS4@Rv*J4xYNYs0OKRLB*CebKK
zEbOF{^un@#-G*&xM+%A6?8px^ad<Y#nD)NtvPZ*&V?<oXfA0gi(b>=sg>?+Gr0Bt|
z6re<gij-0z5;am>-a_8Hh(pIgzC>>}$R(1lU&ofN4^-fWu%W8!JM({TAb6jP8*SrL
z7ru|9M$AV>f;lZn4HZtz5@*K?A5pzC0Xj+w>m$mByYJg6XG)i~_RC)`gum+lrkPX8
zx84V?mm*T$%)gs=RTu64>%O2CDzZ0hlG32Ux1VnU^%Q-U_+*D^@$Zqrl%&!iqw1Kn
zDrZk0;Y4IZ{8)i2I=VZ7I*Fl#&x%k-ur1djf8pfWHwU)1H|2Fj+sK$j2d<Ej>d^Qe
zxpsN9-OCVG43s|_ij<vh@IF3EW!5l?afy|0w}elKu-!HCTH^Qzg&1%NpOw8o_X@X}
zx9cgk0iQ)6V#C;+pMo(X3Su6-+slIa!nO*!0^%SVzGq*bx?ycp-=a9E@%7X)a!tDk
z$Vjo$%f|*D6LOkqAw6B!wj$AM9J$jT<=f16vHuwCrDv|&JvvLb+RA2*tc?pQdTip<
zJ2+lY=rw~ObSbxfZ~?^m;p5+5agP>A-?<Y$#$dmNc8ra04^0QcgV84ed6l#F{2)|L
z=@}a|o2yJ?Kbc~i6Xf8J7oOBAdVXKdonh%qyPe$IaAXuizY7u_%6}q|`ZSoq_{cvH
z_vkz4S0Dt9XyYBLx6a_?_`P72`~pws1-|H^TY#Oa_Y@9iQQf%t^{9J?IxD?eN?W=|
zRbqQL?T>R~7@`1B>aP5oPD=7**PgCpZ?r>sR=1NMO5$X>X501*sX<)#W=f+r<-$u{
zh3G6Qet3zn6?ay{u%SkLoZYjXTOI|TtNy@=L9}Yyc{Sd0mVM~HpucMsb>I^x#&GDN
znal~$KJSY`Fl|JYg&Ye>B%YO$4QH-^=J;F&G?Mmf6;El!^fD)N0eC$F#vfg3NPj9F
z&A(Pm1tr4l1}{=d98s@G=bb-9>+03)+@zd*9o_S4hts6+`1XfJ5I|9s^SodGW$x}2
z93V2M-urS7;&dU}g`%RVvvFpLUt9598c~GDb6fGf>^WVvc;WWcZdH%JPN&lk9j60;
zF;tHbefyJr@Ll<`T_e+_;bV^t_;U@i51SjOV+||^_G(QxDE6Q&WISq}h_L}J$>Ln5
zGvhc%gIYpu7^JgegqNP=6^tSmoP^fS@wYfU+{^cIAgi9IT<C~kj6c|Kf#?ZSrt;eU
zE@&C+a+3HsZALEMG$?}SB7#!&<}xy%wv1nli|7Ybd4L#b*b(SS^ShhG_ZaicTs#@m
z^LY2#qK@gu_k`YoND_o_un47_R>+eflS2F3ZpS<~4!c*BHbeR>+U$*SPD!>mse8+*
zY9A)YQ|Iu}ofQwP@G`FaWcUmjMV~x%FPzcRx0GO$U(Ag;5{}RqZ>t38v!35DVspk{
z!0NCAbYT(L#qa~`t_2-5LF2v;Ms6P5$*zH%BipJ_P}o_A1^kW;@jMeJ+Qmkj{rEjf
zE|`4`=^GVaB#2rr6CTUsY88n-*Nm_CXw@^*L;=^9rvZ+M$2(mHU6I#?4Rc*dGK4t%
zy+#i+T+^Kq<IM}L#?N3dvqHtT&app$CODQ_DEPL?+6pT87(yJH)bgP}n%l%i)IN#O
zUpskE4PT6NE#snE3a&rRhsktp(FlQ0bx3g7L(PO*p*6~0j;3n)*2Y<lje{m0b_n;W
zX_oM4RncoH0oTRW+L)Vf#`){wm$Ihp=}$C!=lZe!W?Be?-@NPP*qI!~Mw^RfL%M@K
z6n_RY+*Dcb73qo}%qjG~Gp3!++=z4WFGdU@tBc|<+_`B<VQ`gExO=Ko?t6rXTVsTt
z<IF{MG`9NBx+f2N3u8r))npM{McyN5EU(unAL~4wE-!P}MyuEXt4U!{J<>Bix9%iI
zvy?^YS0d<LZAS_xKT|flI~+wX%EsvF7b0Q=BoYcRTOB(Z1C?Z^_MKQY1Vn*01O}pH
zKSlS(8*)*Ni$a*haj+L0`mJdW#lpHt7mCQ;oUvpKoX8l1rs4W}<%Q@mk_IcP3<6>J
zzc6E&#WBWqD0~{WI0?{;@B~~r*ewedI&w|g7vk778ycmJY@4nf3@}iQ3wHX57@p<X
zwsSbCMC;Er1~g{i?%SH!m<Lcn+i4ZN^aW=mC@mCzU2XMj$gE&OSuG2#rvc2W2=CD>
zo7jRy1$<Y3dxiE{yj?Z`C=^W}7s;vN=H^$08C|ZiY1z)P-tFenxv^cqan=L-Edt(f
z65*YH#v)yZiH4vi9?SBZkmoiHL87x_b#ZXg`{4I?us~={(})DrZnJ3w?RmC}R_vAp
zR$~3wnF~?RkG)D1o(u}}PKf0gZk@Yw_W-RLFEEK1T0livIVmA%z%?C067N<HlRz5g
z)H41ByA&26__Wsy9~wui{cB}(6bXGFl@3M^^fbX)N42j5d_?Uv6f=&Fw@)U^z3iv!
zBJIIkeGGBxNf$?>>yG7+!{?Ncv6OZyGh-_vby#M~MEED3M<nb5-xa$)GddH>)m<vY
zp30&tes26N5kJFnaJzo#rQt6UT-i#WD(>`9f?8YC_L9dui3SB+i;<|%GNMQ)No}P;
z|JAJsIT2wZm>Lmz*ivFia%VQOyfRowl&xRF^O^nn%Y@}18!;pmz`A&vM=}q&sm?Vg
z`KSmK;@Q-aW)is+wDiGJJmhUMfh%bO6p|aYBO)Tr<|B|p!|6!EDSunoVoMu+n~MOJ
zhPJop00Rq1ZJTAr4zfm2e7Pk<8sl1|*|kySY~U5NjQeqHV^pTTCtwvo<G_co>Z0h0
zH*CwzyJIb>#(2Db$>>4Wrn+2<bc^;_-qcu{ggDK{#=C#Z0}v%VI@E;_`yk=LySu=!
zWAlIjrPD)_u#{S?Hrf?TOV0DBiJ-h2JGm~=`H|4a0j-=sUhBo=JD}{Dqvl3V3;d=Q
zSCgLT(Q=cgBV8QWwJXb+8v2lMb1nrz(psmD1k5?#x)MMAte}87mCcAB_BAu_5Q{E<
z!6Ph%MG@Mq!LOB!;Mz?IB_R=E^qU{a)YsKKQ=<RLzS&jdJH_Aiw%!2u0fR*EO`((B
zjX0RdV`uGKwny#gX4B1B%YP9qo&hJMDgA@Ma^P(Km9Cc*(ue|T#zqSjL+`W^%;l^h
z%_M`ZW@e1l19Mz~?x;<<cw^SQ(7&><9K=8poAh_KB#9U*arRg-e0(fsTP~^nOaE|R
zS#VrC7K81MO3CR$E;i(u#4~ydQD?yCT)jDOoOA&?3O@U;3i(hqLS#oFwu&m^{m)DO
zn@AR7+^eSLHZRRCm%B$YI{iN_k~B$~kr0pqCIgP6j6Y5e1t5?R1BXo$EmgwgGSf{6
zOV8#{T9fxdyOXlJ(izOR*#5ay>Mq4d*nKzLOFBHIgV^iY!0aMF*TblNWyl%0R|>EF
z61Q_;SKTC<^&XQ{xirU(qU4k(xUn2LHi1<rvs=)|P}#Sy#o&@OL{f{+r8aLhjVx-*
za!l0o1VI-x6WllIBqA<C1W8*dZ6GYriCzL42%id;glR+jV&-~NmH@^i2Spubuv;MX
zl%|xJv8aS8)RzeC9*VJQR`WVTbVOIj=p$fS+yklJyep9?+u^ErM05+Bhd&cz1wLqH
zRTO`>Nh1(kdr>T?;-+c;XoR#B7gbxujS?{|q{gTxCWIjp21kMm&<?HRxn6Z`PB=~$
z2^a66GCc{%0e1UPUdgevlG2G96j1u)sGJ}t0*FZ_C_~7GiOdMG*@l4P<S(|5XS<9U
zj>JMMYxSD!@`$Sl%A6pfb!Nik)1O8cRCQnq56VzE%OC(}58^xpHtHJg?_8HTJ{8EV
z5!@Auqeu;e4P=HFrZp@z6cY4K5Y1OUed>^>m0?Z=$Ux2t1T4#@h02#Ku$4b}s(RH3
zE~7uwllTF-tKBfm{^f1*Lz@IYNM&6S>~g&>D2%Sq<ar1Of37>3q6q%<>G}1NX%%mb
zPRk~7OA^~g3RGltWg88~t@)Na6j#6)-i%&|(VKFL=Lm@p)utiGptx}m757LQgYG?r
z(#${95V}u8u^Uh1|Koy`cj|k&PEzrB9s>(y7)uyVYY$ath@WKc^SK9$d=g|Luk<ED
z_GVfq)Hhk35{CAgsEEPPDn~ZzDh`kp{IV*_5b^O#gxw!5CESSz_eJQCq}@cqYw`Q>
zPJ>{)Fi1wSD>L<Axm8B-1X2t69LglX9gNs-BFCg((22J$FYN-LK#jcL1B1=qJZO0R
zQacS2@&>S#>>V>UT&6s(HF+T7=4daRqs1S$$>`%;u`2O3TZ?*QUO^_d46a=J+Qyse
zO1*H!9|#SbxqPi)u~^jDSXrC$e-3?K{KyGqH9c)ui8D?BX`Ji=3M(j5@1BMgfuMpU
z5ve=Xph7u=f8TJ#|E9LYJ~ES@Po;cEX4ku>&j2_wYqlYVS=xddS(W|t4cd&z!>MUn
zMQqq~4oI{A1n-F^|Gs((=rJb?4t;%OuCgv@%d6~x4Lve@#UoG`wCtHs-mXi>vLX~#
z=+Vn{A8`WtUg7S|-2k!>eQbi|SGv$NHKPSw{$rnU>e=|VQf54!z6R9oSZdK0U)JGi
z-t?CYW5x%<;-tI%k{QXu3powh0iHtm@`^7YSQKEFriRBJuAbZ%_lIRZhT?*bG)>@x
zGpJq|3REg1&kG1HgxZ&<pOTA}ZC#0qleRZ#D@A?JMGxH+TZ>)RsLZ^N!-c-5_B^Ng
z$>jkJf$nF+rhZzo=tP3C;?oQaY2X?K`QAKP2R`qYH2?b*Vgc`?+<Yw=BMv7jTtRn*
zY+iAw>ebs|4qYX^xe58oxYVMcZ|rh;Rh05a_qyeWb28h?#Q@cESe{(i`I~C_Ii>&3
zixrUydQ2~bNOD0nj}%=qJTjaqBuzLdv&93mV89%RA_6qtEQ+lDIuxgo-x{)zJXs%w
zbDY^>|3qM{UIA|UhX#w((@Y&Ps9<RQ5Oyf1c>@^t@z+krPnju~PgQq1Zt*D;!@86b
z?3H?Y1?Sv%lM&$WEglURG|g!PLyfLjsnDm4Io<SzMBcfpbIK%4?eATge0O<Dp1FpT
zR)$;sjYd-|*}N(`TS8!U4jv&#bnkty{ifbed5m=?I-ibgZ`AHdncaECk^65>pOG8f
z)vK6hT+NPg`HU8{WkV_|u)o~gE9mDtU#tz$1MeNs50*=t-PF?W;7`u|yG+oX-{)tF
z>34P+jDbFSYYPv5hK$#yjHd)9O1J$lvroj>xQCdp;!OCJ-&kX8-Isr9)tsBTrH6Eb
z(|5@+&YxqVR;I_%K+i02mWo@1&2@6@Ih2dR(I@g=+%Fp*)rZ`tQ735U;M9K`nv5?$
z-wmQN4~aBQk#HSSz+KCXF9yyDhBd%BcM&LIn(D%~bewIR=LDdEn|Ki52&QNL5X~hv
zy)v$&*gjMPan~qGEe>MLHUghS<4ok$z?aqW<&+qsnI4Py^~V=Fbx~>n1x(>yHfLeQ
z5B!nya;;$DL20i3duNcaGduk^Y5mN6>lNgBFbT?<aai9GS-;NxMCUkJRcS@yzo;&-
zn(6e32k+cJlXSL7N5{j0XD%}skV~_<&#Ts~5%HN?b>VHuH^OydqMej$71IO{HH)QG
zlGW)-h{cJD)#35!z{)av1&gor6!9el>H={>sb48vXH<vuu8$SR=aHavIC1soVvh~b
zE%(z59?|&2Syw2t^<1_^C@XhDod(70yMhTRe6$MvuzAs(b6%FRd+3$BloYjEHR-S-
z>Up4;5I;h{3762ot|-a=c7EOcjE?%K3jIM)rq8&Bf;NyKg(uW8l-mdOLt~mvH2T41
zEIkH?`aG19$usRN*iJ|Bm`G$sP8de=4>nJMOGlrS+(xpcV(z-@;LXI)X+*Q4?CJmu
z$C~)mx$~&K5V3?eQPZC^<#?BK1L-y8CI@PXB1Z0Pxrx$amP~aCBI<Z1-hMevUMF~{
zV45bUF>6y@MHw&)3~B>A`N+z&B5X6}V<kUngr+%YChq{3(d|FR?i1SaYzqMn>nA72
z*UNb{3!h3oNL2~Lro&Sr0{{us=Tw5OWm@uP;l*`C7qUEtlZaJe3GZmdpOM4jno1yv
z!tcP;U(qn$m?L!*;3BtKHR<~pLum)B*z!3DEO$<)4spri;>iZ}dBaYlRFU<Wa(?=E
zl=4`7%xDgM%`GI!C5?-2J90#i-pt=tVBK7TQek#=%U)0!;n2;WX=wQu22Na!{UW-b
z)8bNJiNZ_w??1(BFk7sCwgCr0W+CIx%`#_VsmwRb9|%(@Ru!~{;trom!(a1?azZf_
zSmW`&iH|On$Nr#ldj<;oM4nenS}D<HlwCIkTr7}KyQva>*1O|WsD~O(eX=DgC6x6&
zh`KAuNNC1~dsLuJn<fnh={$*;FWAeOICp6_N18<u%<GZU9c2B~)%nF@0J~zX#ZNsw
zNjGQT=DktY#-=d@GnVcyX*h>v$JYR#YW;01uYUm5Yi2&dxsIg<R7xZKudD8MT2`Oi
zJ9sd8SWWl?-05L*(O|ef{xKk{h)uWp&r*^e6BT+CQjxT8egRt`kMrQ3hk)%g5#)Ki
z0J2<ry<M@8HQX||A32-JR;IsP6uV&hmf4-%nr7T3MZ+3KyYFx04Faf0lgc?mi?ilb
ztP5%nmtZXr(QDXxuR9L#i4{?ZS+lDqa&ZL88puC$YLk;M93vz4R(NJROEeJ-EjNy3
zFXuGOUh38fUg!u`=;L4+-iQOnjS>L`F$|jt_nj`=vdM-=-!`^9HQjEgvflX@sCn4s
zOTHTvXmafF+feO;nkk@l+8k|Js2lz~TM-Ekexm^7a$eH{Om|}!M-mMj*h%w#hNB4V
zZO-*hdpag&Mfjob6P}#Aq2KY=4eRu>;4jmI1~6MOI(Tqj>SDBIwFry=Rn>~Y;H~+g
z088%5<6dO0QYODbwr%kK#DFrdoO5bTWbI@+eNUU~<Vk?ZsA5<{XuH?U04JV6Z_&Ra
z?DJQ}riJ>5&ddg%lEEHdn4*(*n^|$laEN==WKLoFWrQ)f{H=Qym-W8<81`Tlm*;<D
z{aPsC0_8=1sW35f=Et{=XI8j(zEiLrUQK^CGWPv!=Y;m}p?2nWy}Y%T=DN;_@ur<R
zcSxj14!B|$VYAhusY%+&aoWC(h8S4?sR1H%e{O*u#yF=IenM&_Idb4~%A1lx)a{VB
zT$ys`tyQX4_WuVQVhtvBy!$W>A)FEw*eCu4PXZ)FWQD5)b^ZSvp$r8D^<Qx3e`@|6
z;Ql5o_1tWn9BB>o3`~s-40R1DmIr%!zW0sw^bkTBGW2oC%E<!A!N8>WB4@z#0fnT>
z0L(as86k#2A&fozNWw8Fqh$s`r$GQ_6~hS?!H^8rFxV)-4+|Tt-_98V0+SOW*dC-L
z*iC@-P4Dp%)ZWt<2OuW}31#&M?b770__n|Fe?q96b879l4nP3^5bHm+W(JN<_C^l$
zj12z~*jWBM!^|eg_ET7dk@crAD<_8tE9Xz)|2MuGLf|i?+5!snFUL6E{=B~tguaxR
zFyQN-C#SPG0RSKX{1?hJ<9x$SQ&H&+aD6msZ<6{Aqv<CasvHQ?yude20pc;zW<iG$
z>9GcyIi^Z&FKSu`H`bI{Pv!|yVxQLisseu)GF=#oh`M0{ZaBF5%`}gzs~8aB)SuGd
zFTA>Z?pvQGd5?IG#^a_;vL<=a*{oJck|aS01HTJG{nsm(JW`QrqrnX2`Q_zey%ohl
z^}oyisXT_>KRSX0Y+qh(&cqS??<RzXm@~FNP*CRl?Ea&0UU#-Y0)D7t5dZ#s<*pVo
z;NKDm1LdSRaB%_u68H~e+8x&J9~c<V&wB#@BMk~LJ3E`M*^Bz0JqR<_`<A>CicZcy
z$?-o7r@vZI#2(c;tXcg?6QR~<G5)7-_o>qjCyNvJv%7*$R#7viyY{X6Ve@L6BkVcs
zl;3%FfD;vDHTULT)aCyn`WHc`tcJ4lQc30UVV>LK+BU(VJ!jyeKw??Rd-!gJg?Uy~
zKt#kJRsA<`G@EgAP$>d5Kn)EnfCljMJ3!z&cyC?BOWO;xKZB2G>eVwOvg_3QX~K;E
z*jS3?m(+x_BTEUUUe9hNJ{*Bfb$0!&|0z;ePE#4=zh}Xn>A1mM#;P=m(#KcDssw*!
zE@4l9=*Si$DY;WYws=dPe5-7Pu2O#CdjULUW4%vaIJ+LJpNJVe?}z*S3HIxFs7YrK
zoY2PR>&~l!%K~7U*YnT>He|WfLBZP0{_@BBgUaf}xMi^38hZ%P!NX{7_2kmYr0q7N
zK;iA{O~agYBiafSFir5o!S{!~qkCsMX+c-M=u=53uXk%lC3e?R?|Y>U-ACuVCjZLb
z#KTqx1(@&ng9AT@%H6z?vMU0w*e^VGqWP)0Xh=~f3E9(9-uB1hveYJXUp6KHAW}Ym
zshO%@eAy9`#cD9s<gIPZUb>OAb;Rer>+Y*6nctE3--}>6A%ZQ9Y7|DMtm4T1gwI{=
zR9DI#I@vf<G+%;DFXMv48!rQ-YdzCsKE=l5?15~Gj@Omv6XkaY=NL3iJV~~Xp6Ni2
zZDrQN2|R@Vj%}NC7T@t}Qy?90TNDlo1(`%Rlj4%1hnovD)OAFAs_myB=vW>2jCD2Z
zKC~+i0AQe`hN?p5@`%Y~6-NG)02GsyzE~(wyG(Yoxgvp6S0_lc&B)IDeEjRMuG}m+
z2D4cgcLe~nh=ert_Y&a%*W8Hk32D{#fuOm<&yIfw<~9_l(}hL@3Q*RlWP!QR`T*VM
z@we>9T@3U@002Vh(O^y>5o2=3j!~(}o^3%)Wg69WuT~9AOUCHQg9N);@%*XHmHuOJ
zDj4{u3MesF=dOFfH6YUh$3S$|{I^jm;-nNbqvM7^#3&ifpknmlMqYvn5A?Gyy?=?{
z9Hx`iU<8Bs4i69a>gBRq8{%=N&7U=@TyQx^)OHTr^t5aOWx<Hd%~{y(?U(mAESijm
z+g+pa_&MEg%d4fcC<xQiHBx+D>BzcLuf4n;UT-Fgu=zV~s_Rjk^v1e;n!DxP-seQN
z4xg*v4+03tF6t?%t4({!jyHIz`z-6avzsWY!imq=jUF}f-P^-@6g52ec6Vg>2hcIG
ziC9xH0CGU@PFDr83%1vKd}9xfAV<{q_-bQ6YS;`8m)Ag$OZ`5%bZ6_KL!I3S${J|(
zHV+9^U@g3zb%OTk*=V%{|MSPF)>0yz?S+TPR3@9XfQd$QF3m?@*Vm^f*RLsi+HXCu
z>TM1Z7-^la3)OXRQ<_};uz=tXk1+-Y5}H5lyXl+uN^C!+T<A|y9w$7CJ&!t>`<kg9
z|Nb>dEI&CdbCaSkRTV^Qw7=`i5?)Mx;^UG3$$m*tzK9%unX5Ij2V9`JZokLe1`mdj
z+!khX574eO@w-Cfw0nHM?x|wJ?o*9((|an~sD%k=1x~MLvv0zs^R%VFn$bwST1~VO
zV`8CIpn?dld+qlj=J#{mP|d|$NuSqVPvCKCY<hhOlj?c#Tsf5)u0_U7sx-x(?r`w1
zJDAr%EpwBn&~H7Nq{V%Uj>?aeTRg@D)ZEglc3P9J-aS=j)bXHT*=B}xvTcUImPu{V
zs``|sg3gYt{ZiCa%{Q@%gaa@{3O!fYkOjLm<%U<|sJ4HK2M0GU-<WfkZ+Vzrc15Lm
z6?Gn84KJW;ao%4L_B+^!h&dxMj*f$2vtLS=8uyGwiu_w|SH)$N%<$bFsD;3roFCb#
z)}^Gv13nIbg+{s+r|07bwx)n|z@j!>fCq9TmyD=eX_vy%A@Jh7pn1%QD<RfMI<hvH
zaS;PvG`Ns^B!?Af^w{)mp{`FdS`|vmkoEU(txCe#I~g8?mSF+1TFs8uB50bsNo8Wu
z$mx@Zp<mf_3dqPB8jSRB&926lEmi}|gh2O`-24**F{cD65oB(Ov~amm&CCH!C9{Rn
z@zo=uY>hhq{CA4O#~Uq^><?Ylp8d3)m0B;I3wm&;-7K9uOus;u>J&m!K|)AyHcbG4
zPKN-A3w+|8qpexa=SWh&u%%w-X_BV~2?pCazgj0}pb-g*G*WH=3@|us`?po~T;LRc
z)?yNEmosDUHm7S3td#Qi(HMPeq`!*a5|z%+Mb1bW1rK}9y7LhfgzuF^g!lDAKGz0X
za(QTm)8Q^Mp>r_cS;JXaUkDfu{>Dd?R^MX^N|1XiIy-T?3WuvhamLd7TM6CqFT3ig
zv+{ro5`g8-#T>eaaOW!L^^3M_smelAXUH3J&nB0H&{zu8OBA;_sutZT+qjQy&R8P}
z{E~rq33cL-k-&iN(JQJdPL<VDR&=_?NV8*I7T9|*?Q;Ry*B&tpUN)G(vrO8R1N)0)
zc$tlDvv)O3S~};|5orDb(Z-f07wb5lfKtWD{X3-1Er>7icPJz6y^0u<d|7z{w5FQ)
z@R}=bqF6||*E1K$DzjElXmo&TKrkwF5TK`-$<e$uiSVHor?O=Rh9<iFAWg1YJ=*q|
zc|8U&{6%_L7XJfE0`Re6$qPl&*OsJ-v$do%w>d$r?BR4e-|Y<un&7g&VjX#Xl6{uR
z+G^aE{0)J9dbRkKME@qFBs!bj+6m$M*4d$}Kl-kv7MX;(wpjl9Zy(~rrmU)>2E8nx
zZJL++E|P`5IPhrspb%Nv$Z>ZKx<T_2o}pmr0$ij<OEc8E%F)`$s<LTtMP##pW8zk7
zfoSN`pv99=%A%)0&y*KnU|}&|a0TWiGX|7_>#kW9oi-|nQXDUo^(R!)J-V3pfXX&N
zHlsU{v~jYVVWqT|p94=GF$DGP>FHU|=<t7U_slI8psII@-Q=|+V7y+K(ejX}ub-_C
zFP4F~ON_68cGU`gND3(8(JDpzYP%cq453HoVb-nL>uNaf_Fhj%ew4qCb>Tavu7jj{
zc>B_(EHCsc8b33lXw<I$CMX65m=+CK?YS-#1eA2Ry@%+;kDAfpOAm@-lP*;D)J3H>
z)A-ujx*&rpW-O=t)-FGK3dNW~&3PUkyqZd$-K7~pzXOGUb6!s=Vo0gx?9vAw!X=Ci
zPq|FqT%yb<<w0RApys@u$8)YJI5`U?SLq<nnh5g0b(hh6)19m7DLxb(zeM?X>%6G!
zYI|#cV21|?Ji4y@R&qX)#lQq?ucpy`TyHMIx|yR;@2#hDap#z{AZkt?W1S9tQ#d^l
z4pN@l-1>=^WXET-eAWfV-5bPWmJL!R=ea*MIt}IfckSkI+`bfSsU;J%#CJ)#crI^s
znvfrUS(}a9nbUhdtSnKgxA$gWs?E=}hG3VDR2k8t%MU{auYk>Gd>KyqRG(yuR=*xz
z;DH-3FiiGqU`>f;=4p7&M<=#(feK7SQMZ~8I;<j|iE@Ded|%Je=ekD>-G$Y0+N4gB
ztI3VkqLr&#n?WPuG}53~oFe{+FUdv&ayl~ADi+vB&=xNIj5^w^XX@@)qlx*x%&LBE
z0A^*lCm+&gW}gsN@2I;~?@~&K&L7Ui#sq3@Zpg*LN%W|F+}VelBCvlNaqtt!{@b-Z
zmj8ja4sBm`aWaAwAGj)9A6Y8aeeA#PIA!g{wNkG*>72)tDFjFX1NV(J+`thaQ$*ii
zj}Jdj|FJX^*(>b&luc9TV6hHvRU%J?Y_Y%|SWp|ZtDe4yMPN8wPQ=a5^(Rlt6mkWy
z)H8*VU-Ue?TQ=G*_<OCOMI>287X*;9A4bAfph|=m5vU&)+v>I3pufIm9i3^(y>dP9
zyHt@XZdrnJ<3lS*Q1JY4Zp3+F37?DOJ3zlRK~=S2t_XNOdCI+}Lig=adAw`Py-ThS
za^{1&Mwkb12Sf8yW^yHP6>sN~m~V~mUUs)O`!TCcdBN19{O|07ny|Y708Z~d%ICwm
z-;l9AZ1BYZ$1KJN$&3#!5eKsRdP#0pvP#ypViY^rl0R6tt&V0JEf8%m0hQw2V@Oay
zMQd~DKu0@RM+2XR9|C){$pSs>)fn|iFr?rBy(_C)Di<@JF%SR+PtBJ-;l#n3ZLjT}
zYZ+tCubw+E9&mYY9tLgRluDZp|B>~dbiX{fUl62EnJfO}mz~v2%DF$gv-%LQocjUe
zz&kj+7DG+iR@p4s2hrDHg4`W4jM%AE{e%Hrg=hjq-@`0}uom@^u;1wLegj0~iU`03
zv9%tf?2mW)kf3n!7_y$Yl)BroPVR2G>)#|f0gekvS8Q1{44{BmB0flf>UKmBXjNNH
z3C?+DrZB+sH$^RyIvy8d>*B2wdMD5nySk^Y7RyauYe)hK9pFpwte;ymvT5t2<7j8!
z<(C*cc>A06c^;miTVlu!@pW^IiTWqO&Ph27fXT{F(17^IHH(ru09uE}%QoZR`}%Y~
z!*Sy!0-1{#g3upJk%4PJUSt$R2>7hs-9z|Q&Fyes0D&rj?-&RI$m8!m;AEmoA(~{M
zOn7}mw2%cLolcLCgC|VGRYoapQf^Vuj_x>v6oRf76fk5$H)MhK-4meeXC&>8z%ZfF
zJbX)bX=Y~D`yq&Xfje3bPX?iyyjadUoA-m1IhG_-2fEIvRWm2by)jFumP8^PYT+O-
zvVTZ6Oqhr-o1!~+w%m-s?RV`9Bqt$~gIS|CA^;8u0Q9EMyLY0sMEW8gqN=)ES-p?8
z2K8%aaTr<3rPQP(yFqXMdAhp@CZ&Av(9L`{-RaHxT4l?(ur)<z;ww!jy@x;pY){5H
zb?+}$moX-9$(>N%*<&QnVBecVz=4AR;H(&G00Io6o$A$)(Y-wYfJI(IxFIaa`jb6Z
zz)Xj}bn#L-JitkYy;`yw<W4dpTvF?U`T|Y`q0sa-5CQ>v;EDWaw*9?iP}R-a<tf+j
zF-$!D51Di{jPvZZN@_(s4j(bxUcnC-8olXpV1gjYYh<buWCGPj(Wi%~PCTRey?ZC8
ztfW%qT)EnGItCy|2BI+wsz!4l#{}TZigj<^iRa2i3lE6w)phN0WxG_wooy6zq5o^f
zgy>Yt+3BtG!ePq*I2Y|Lb|v!_LfPY-=NJ#b%O}qs@skDj8YaiZE?kQlHf=v6C$f^W
zN6h?iR7rpsHzN9C?Bc#sfRj!`m%16AfI&atbc77oXZuOE)ZEdXRjj%gq^Drvbiutd
zjHwpTgV7iaIT-fujh7cDQ<<7bMxSuXRNp+YEMm#}(aSD;d<EB6Zo&L=Uj=<5&%Fh#
zrl$@-L%m;56kiCJs9kCEd);uhz6eX#jDm0UI07@hs%k;W6v+Gf%K(}WR(K4^sVQW#
z#w4yYaIZdC`v6u255Tavqeek5ji_Q4b-LR{W0lcO!}sN}+Z~uT$;Rfk-p9XTm*Hwu
zx4MSAzCfEH=dbSjS#ZW}ofB&W50_%o?-Yofn~C^Kx5NEX+T55doBsRingd3coc<o$
z?Su-CFKw6nHqNwBp9Z~__NPWJv}Fq!mhahozk+>b=$3<=3f}yMA1RSli{ea>PPfD}
z@%dh(4d32sarIGd-|TBK)YXL_usn3j!|}d2A9B*2nC59s5njPb40^+m$z!2%UXd17
z;JWZPLVvZ+pFOsm6a&q=Tnit54M1C2LEU^6OdF@`!;?#ET2%r>P#c(lSylKE#U3kS
zPSIaaDtR9n(1WtF3ia2(F(kd9mG6e){^`bwq2ox&f$^eqeP#x%j@>j15G1mEQjO#8
z$AT_2c9#`Jg}d&df>0RHQ*)AJ`?jH~5*=A*k^%<*kjId0Epoesj=U<jJatC?GVLb?
z_>Q573k!~kfLmInVYNxL@y%_V7#H<6Y4{QYY{5yi=5JlqUAJ@w4_i^#ma?zU(AhB^
z=&5tsi>D&liR-$$HKqLohCvvrdyrKz+psc|&fLfTS!tv-Tqq<D<&}}GBf#m(ge!|`
z_~B){%5aEnNv>7_wc2zvb?lyC^dFmNu4i2?f&>gtDg=p8KXtQsaJoW0|I=_0s3P=&
z)<B>bFr5mYYpImVswfCcX|@PL#;xf>Dw8;|na@7eu3`m$1N9x#^V2<B6kw(LUtGOq
zSRBpP1=@IUg1ZI?p5U&*gS)#s1a}f3cnAT4ySuw2xI=JvcW2Ps?>TSI{qCJ-elX88
z)iu?-cCEeE-c|PR2vOllhN>g$$2Gl13z;g4rs6FHnr}0Dp%ab55+dRZYu9IzWyUU=
z$85evXQ?I!Vf~2Cmn#k4NMM&UJon%Sxc#3Wi&XqSh@-lmZke4jVj%Ge@jd4`r#ZbS
z2=Sm1ag@YhC3YE+z!-Q9ESA-jL}SFOCkVXw6e^qv)1C$h7Z7C(LnszGFQUTqVSjX&
zKJWPSS2L*y(2l%%*qmgeZswzdJBv&_WH9g{Ri-(Z>A}skM`uj25PE**U}b2_{Jy!*
z0*vGCBv@W2hx894{|J~NxWeJO^?TVJS3p2X;W)T!UFLEie(5;Ma=5{NJgrE@s-C9Q
zs7S9q{O8U&_UKIO0l@}#%J{ncB*2wFsWd}#?1RotC6_nK^M;Uq!!+9RlJvMi1doc;
zjh;0HkUs%Urluy6h1O~d-~Pg~i)k`2W>DVj^;=mDDXO>ryyX0#Idhc%LbAtYGYyzZ
zjLFxSS;<f@H3$?hvT@lcSBoLsp$s}`L~ba)O79K9(Od{`r6l=Ozt4C4xydsqV2u>D
zZ12>YfNakacNqC=tu=$VwSB5wDWbnT=TSsOi>XcOW1AFUhyp(i(|h?WU$-?Hd#WJR
zVBBakm$DinUsP(G8?6k0miA}0mjBbB_0VidZ9<M+E3~YdIrWA2qTV*iv%}+=nOJH_
z+ijPjnkVWU&-}&Ytit0PX$2k7+Hf>)dF`3*9y)HD<FyR+In1;7Kv+WG1GD+z?>hM`
zm;lxGddh1i+W3yYzQdhK=}||-6>m1(M33Lw)nyO*Nk0pf0|!pJmVWvJ5sE}+B!KdB
zR+xjiJO{sSw7Xg{XSX=w5=D(5zAiG_5C|~mVTYk1)P5^Zpj8+6&07G*$4bnDI9-z*
zefG!pc(XE=92iB!ZsTZTi>I}CRMlqlzcJ19&J+@HbXab5x^tF!PJ<>&JN&6XHhAqN
zcy?^&=8j}f!jE%0*X6&o)=2?XFDe@6NzpRXYj&nnaYG^Ey1r{-R=cy*&XyzORlfVf
zQ)%BouUN3*cvt_l4SS|YMdN$~hR9^gVVJak8~Kf>*mariW{od`8<gR+dqvOVl`K3(
zYlFmodjke$$nffo`E|<i!|xysX8*>HwXKEtRI7?e<Vzy%SDlKUY|Jg{njMZI1CZlF
z^Rs^P^dkD}{+LC3WoQal>tpL@o48)ovjcOB;%49T7q=tXsY^RXc*mFOoJ9oxrZqO#
z$`l>++26zoEEx1m>SlIT%Jb8QYMU9Zih2S%Q;cPEps+>xhQ2)CDijsBNag$BtFTJY
zDN@9_8y<Sb@Whh(c5#Eq`6-CYY<>@fwuox#;jbb+TRM35u0|t#^_rV=(-&@M$LW0S
zUJ24+)9Vl_$TC!xzTbYnKffr}$jLyxbaDFx+nY(x+~~?vm%#8E>DS=67J)KUpG@s7
zYF%CbX|QSkQjLe}c4T7c&27EAn{n+nkH3D|hSZnep<01(GeI3J_%;lcu%aWM|BnrE
z21ZqC4;3j^Mb|TqRO;r)XFwt-6JPUvayma!bH@s0`GjgBi}Y3{OnYqR0Filsjh2BB
zZ&syrrN5eS3tM$%M4iamGTA5(+{z_q!jS#_k1)He#+gpt0UWv1$|#%FJPQ8yG=%~@
zw1ZKWl2S;W=OONERLS@6-wSx(z=E-;Fo4hL!*9nrfr1KB+pr>zO}c1_ed~@uK$cZ<
zmR5)n6gMnb+jic_kCv!&i_}Z|MQ;4hvh45vqv;AizxI4J#Kar%IoM(CI`c@C?TNga
z`fYwFmQ<=&*?zNr(OqX1TpgztGWzc==5g#0`po7hahU!}0#ioL_N!OlcVZ4oVo)|N
zxP>t~Dabi8js<SKC1X0XOEpR94g?J)^dGBrq&rmA6ZD5nM)SX`NsOfjQpkm40fY<n
zw^u_FSVoG8?`qS{0wu#ivbAQ6X-F25S6rO80UtiXSVz*br%)u8IN0%=qu#yH7}9iQ
zV4lsMRDio8{h(J=YN`9!9qS8xOGtpfCZJ~<N@;`%=+++`XYU$E8Nvi$f2}+65Tnhe
ziW?Gy7~v<F0k6<PyVjj~h=a(}E8Pnb$-H_LTh`q@olX{CFSoRW1-AR1#b8E%u;eJZ
zn|lQ#sQJ{aV<n;#pBxK8yMP(jk6^Oh51Wj>`XnCl7aO^z%9Ez&xeu`+*NNy8R{?+~
zGeRyWIeB1hRfEg<_L&rrX{ES7SFBxMh-r<2iSFQVS#d<u<EiVrKRrU3D9mgn34|J1
zX{)Fu$LGuzt7_+OZ$Jxj%SP3CN){=H7B9smXUl4rg~Y=vdc{{CB`D|F=r2*0AeOHB
zFHhfW-u{#hRd~6938>zJ;X_Msw}l>}X&gg1T>3E0g;wh4esbVqrqI2(^94%ZB!tDQ
zeGEjrg(DFUe%lXZb{+Y~q?(mt{CX3Ve<N0s@F6H2w1Nh%f>5Gg&_h(hl(5?IJ$p~Y
zysikiQ#kY3W`)yL?t^o!n4A@vlnrY?;x~AY<K-|t$qg7Sw4%c}lPuriYn7!d&k$-e
zpB&0d1*>Y^+oL5GR1D-?Mb<MmaPE7T)z@dU8x;M~VO&X_mVEX4uSI<spB$1$5%Y2~
zAnC262n5!g0?9SQRNVPy1!)N1V&!n*e}8WM^sfBTi&>|{M$IV!E*a``?DSriXwQu0
z{G5$#3ZBC>)fX;@72D4u|7#ROlq5Gd*K~EvJNog4D%8+`xU&WiCI%`9C@#$`&R#Nv
ztqUwGG?IVRN>S=Wiz0kF@xEMMUMAB_HPebiM4=g1%>45U!d@>BKKW@<a<&mwa$;g)
zbaWIjT*)W-s|Ja_63Bal8K!EDOe|uQ#LG}2Q)E;JKTar|_dZ^A-#Oxw|MDNb_9B&u
z@+Sl|viAo)0RaIs*cykK*`QhkZw0X(v{N5xtdn%QlwGQ~o&V$5b3pokCAIzS(^D4A
zF!}Uv`c2L}HLbczdD!PD#6j=>d|41Kj&!35bjes5Ykg<@rJ`arPQ4Wo+1t>mN%!!U
z>hFVnl~oWTU+{2PQBq|g{{q>KZxQdo76<W<g++niuU}p1QG^(T))p4Gxj0-xqH`YT
zr5#C~*;d+FiiN85Am(N#B=ZmwB?%tem3;#ew~M1`e4Cq9e;3p7xC&3`!&81yO>OPu
zw6x>x?d|=2I@}29@3u9-Yik>9@uF$#GIj6s4RHelgC^aTiP!%dy1jM&PtYZejg8gS
z&Sz`Cj$fmS+C{&SM)=PQ9X+PDmOa5tPfw4J_wE0FjKG&r@9g5*+S=;sYK;p0V{BB>
zWBPaRDzme*OG`_0U_}1cF)@#?u()!Q^YimR+e8)W^xM45%*|O*CMN>_r-K&Okx~Y#
zDJrgQZ%_MWkzaXuczWVsV}JUD{kIhi>#|TO!|9os@DJHH$Y7eI*c(jnliUCQ3M+QP
zun&L!(}q-@a=gs+gcA7_ClWF;A1~~`eYbW;kL}EU8~$eCKMj3;BONy|^`FbIk;ElK
z1OD|Z$I-L((|W@O8F~ETY_9WA32nErkhw>L5Ga6Vd>cZs60yh$d|5z}H~%{(dx#Ug
zh^48?$e2ZJLo2t)t3HG87>7Wy3<ZX9sG2c1KD~GKaW5=5j^OXedx`RQQ++8jeGVRD
z<ENsM;B}O!<~0Z@diZtPO|;)lBz`DB5Rzw=VAg22avv8hqjh`#N7GC)G*G)BipJ%4
zvUCP<56e@=$PaI~+X+TH$<Xr#M*UWgf$!8LByj)Ezq;HgEX^IVM@HoJWdrSZI}vau
z?V8+PIk6jTDC6u8>v!7`G>nO|&{oNLRx_r?WwW_+LJm{iV5Ye1(VwD2<ps_qbEf2|
zl)IVlu2o3IB!m=glB3aRKS1tB1&eLkPPxeVrBx{>zg*UexRTdxzfmbCp|@TR`6X__
zo>eEmHT_#wz2jrUmTku63bXj-ChZWFdyQS)zVP{$K-WW~Kw5>BoPvUatnA_5+kc0?
zkovd|x+L)PR8`5bM~D$YNLfc9N0MevY~Fr?|78S)O<#TYU_kNDzqtT?5bs&D?m?5j
zXp+Smt9tj7dbQ9+Dg^RNWaRHKz>nUiR<5!U_3cIvDP?0Kv&tXmPQlK2PC9BYx!P66
zJ?*{^ga-2s4y)lf3=752^(n(6@u?9IYPI>tJBI=8j1OqU2lGdF0~h_vwmNqFipCmb
z==)SZRvVo**SkWA40wF*&U&MW$lf#lYY6uimYV{VA8FS92xHvp`B+RzUb>TRpQ-Ms
zgg{-Q`-PZmmkyhBV|zZ<rxpFW3_9_LP~?4GZnf^)7NuI{`*aiJ`8qw9)gIFNL^?Fv
zb|M#K{PLSR$%KpLU3p3Z{`KLXSC{~~6QsNA*Q!5BUbJ3^wS!C&{2lA+Ue8dUr;fEI
zB|7Qrb<7kU__g^~rhslWm6(>uxZEB(cETJ++nbH~U#tK<m)qq|TOx8i`3(`P$*<N|
zJc{AwBh=-|9^7XSJ=JYP{_;bgsa4Qpe<61m;A_s6GQKJI5_tb9{iwUSD``a~-x6(C
z+`ohSBS^EgY?kE>&hz2IuM*)p8CFUf`-Jlj`$$^pwz4u#@o_esn1~-WJKPq${UPxU
zPF}CoBe$UmuZnrIzmz*zIcNPrPOp`FaPlH8Q+~PQVDZUHrd`tT(~r9k+GqKBuXDF!
zoA54M1%`6ol%;X|s|X8s1|#DEh8J4{K&8WKJGip^`i#&Zy=}*vly!BLd@E0zSPZ%N
zwjY6etzrwI-|<58;XnRLZt1c5+r+i+X~$vT-EYSV60tEQi&Pil{3@f)QeB83kGsuC
z?xS-N;T`J>VuWDIT8`k$cIt9@hJD61I^g)^6ZGan)`dQQ{pTQ0o0;s#plqZ!&#@Kl
zTwH%}l4mC$WyHD@1gjNk-;^e~$v;yjc}gqgO?>l<!(}2oLCgdj9}3Kc&U<YtQo*Rr
zz91RrSTXecbi`Vi*uadG2mo70$(Ih>rDRO5!~x2wE7j&2LBIQN5&cb`m!!rXo^ds!
zE!34ec&aCf(9A!jv^><TI|`T|C&0|c`;28G#(tk9XyfuDlwKiv8?jtFzSm~$@X&to
z{ifCJqIdT59RP^a){~M;jGm7!B&`dY*($sqpN4R;UD!kt2hJ7Aj-@kmb`nlo*FkyY
zMn!$?t9h&~s;D@PXV3r)kLIcX$Gfxjsi~>wr-ugT=6`|8xR4GJZDk~O4oBr1#2sq-
zhLe?plNAy`0^ZM=vCTfhCN6BkI!Yo(sk1<*H1a#_Sb8j{!{SQpq5f_AZB6{(Qj>87
zjn{JeTdn=`ZP^*J8-2WEg7>G_cb+NelD;I#7spQLhliA=7&ckG-D!(Ilv4aiXc1hC
zM5$_K9IXb!xbsfA9fs_n0%(}T+w7Ok9lj4P)jL9Vx=$0~ckOlBHP|)}1ztPT-;NjO
z4c&T!S!On6JX&+Do>p`zW(Ky=H?Wz?TwDx9$B3D&t(W6pJr8eS2j2|Nm4uq8Oc}k#
z3|ML$Qa$4fyrsR~5~F-fm|e~K8lxdOd^yUmpV9f<Q*z|aD?I~+wV|!W)<I_K&pS+j
zJyB)qMXO;xCKvkw&+p7-<6DnWZZKcb54)0RS#t+oYzmEhd!6P|Rb1O`oqz}9cA-wU
z_kNEaY4V9bewYf%$;cofA`%Gs`J||>B*Y~(r>kD<4<1LD9vtcjJ{}}~=@)m|HGks}
z>r?Oaofa^~f3fD4=dNf<x7BQM%R!emvwb-mI>oGK&UUlYkg)%nw1#wm8N2`mNHzJN
zVjyVgZ6gj;pRwqj^5vI1ywFQL9VE6;=@q5I*t|TcMUM5J^T-`$VJ1&6VK`sLFi!If
zU<t>4`%l|K(sagxk7xh%U_E!3_F_8T<;m<@)l=J;pET*Sm4`<Tb0YE6R+r1b!I>1I
z@Ms>aNk>zgwA^L1KVkOVlUbzK?}g<q5}6pk>+_J$f;P0CoP=sa=c?34f}GZ)3(FZi
zQd0C*UCEOhT%5#_pVahMpHIhRNW50LELDFejx;A3HBH=Gd-F*R#^~w9eK$fu+JM2<
z8)J3#ZemkNF^djomVUXUIp%s>8^N@9&4}2!S3G3H&8ne86b;FX#}#;ayyQ(|=HQt2
zNls2C1T&}}FUK0}>;GrTx;m$UaHRv?*6fi3uz=&k$?;4295gV7&|z3u_OLFkMDsb2
zHEB<s-<3Mz=TkGI+vRyL`sH>njk3{%k~5~%SmE1_-#^%?f&Ogs4rakx>-plY$D+&Z
z(%gKhCU93iAAY4Q_^>6F6~-=Qw~bAu9Em7GAs3hZ{=A4BQ}qRCaskThR%w9zsaIlP
za-)WvO)!|4l|xh>TB@~A9D!le*oACLS3uSb3J@mdyuLPU`tnAE6n8s~AR{}Z`B6<(
zadM$MOUW;(Dls0&{2KMSkb*Qy@P`KiWIzh|!!nmxp=5m!(#1eI7y}FZnVd~A&@Qg^
zu`o9dH<kMIg%~guG0ADwxx+n)fSmtiHItE&l2TUw&g0EtHu$5yxQU6DZJ+IvXd?>n
zrcLY-l1Ht^v~tAbScr}Y<h~S2%}&V@<SwbHfAirL0e@vlK?x)WF=9tzX1jD0T<b$Q
zc}AtAb|hOd_hq1^d}tz1HC*>~<uAP$r<O3p|1mVHljY8==bf;vU6onBFa-yH0z~0^
z1jr?aTJl579`Czqo!&fCj-Qtr6tQj6vLvCYmx#S*h+TTp<N~3R_YCC*4v(<ebsoZ)
zf>vHa8i>-+rf+DaDQP}5LkE=J7WUu6nWMs(Wu>SSwP}<+bOw&js#He;iXH+(TeBq-
z9re!Qh_f|1csitj!rLtu0Hsb_{Y~{crZ9$_`qi?-QlnE~VBl<p0hdJuxX91`;rE1%
zz+)ku{t7YPWN0kl`!CAclb-BlsKkfYWHTHoI45XXA%2esNFa=Htaep1cD+OCs<mDu
z_nbP~+mx;E37KZ{gpvWpzsUrJD7Fkj5z<2VZ&3ZAk;p4mN6zDTVq5Aqmnl!z8)AHZ
z`kXE){MI)?1V(b-WtgedPk!R5dReaj##Uyw%3}KV^)MqEOSb!mwpN}Jz1a$?CtFg%
z$09|c!lrvtEs&4MUCPN~s2+dYK?2&w>lLTOqDnZCk&;+gNjR_+J3I11FqSe*n?7_n
zB<4p^sM}Et%M=ihuS#`e^On;7J~AVik1k5tg@r%qql73j)g<>$UmgYBxU<`uQQf|2
zJJ(cM|Iu=b7G<m=VcvrO%%C`eTaOQ?O^eT6>8(DhL#kEw_pt&m3Hiij|BqJ1#l-wX
z>Z&}AysGhqS)Kw+Q%grwm72RxP_rufLY0SxL87R@0cKQp!9X85a?I7LtDp$Mz6;$i
ze8G-}?Pv|UlHy|Jj#Rf%pNUuH&#o^3RO$6=(77#LuLvZ2-*R*J_ve3}X-%0Sv{Pkj
zyh3+-KB!<cVR<Og!Z>rzdBm}sI)p?AN%)$5qzQRnNKX(bOpcA@*_!a&040I}D^kh0
zSRV&5syY(u_yPP2&==HFXe%{Cj1K%SV2~MQRaqXa&haYByx!ZYin|8KwP6iav&+@k
z+T6C?5OcB6yY1HxP3&Z(=W5bi;-B~I%%<44r+RxhB;VGwC-L3vz;pU-ftinG6H|7M
z%*ccd?<`YUUHUGz4^7%SNUbOqDam-K?#}Mpio|x{v}_`j6X*~9q!@6_azE^l#|``l
zzMg%XCrTG5tvyTpEn$dLtA-LW0%^gMpIST?+6eiHQ5DA2QFX2U$;pY7uDZ~Yhy6|E
zR9K2e>No%M3|BwQfFEjDx7zf!Px8u)SgVKSy@gqs!4B(HY^UBhn3&MOjs@b#gONb<
z&ClU7Q8hKS>9O+fn97WCfbc2erMJS*^s2)l7OwQ0XX{U5G~#JK`^^@2x>|82$~$X{
zYT5><YHG^chUwo%4y^q0L?&YxXXj0`p@BlI_J@PoLkpYPds*Q7%*Svmzlb+JmZ!@F
zao=UWQ~0!Z#7FaeB_ZaQ^sRSl?y)k@i@EI)3n%HmwVqbo>41qsDD&jfv8_#)bu3(5
z=%~IRVIyCg?kyo{@}XEQd=Id1RdVZ+hSFBM)cUU(=v=mIfD;xl^h+3TB~wq)sk2tw
zRJo)q1%rb+Nu7Vg$tjwJyVs(Z**GCana`3!a+6xree~A!K<B^;;sIV6ew0MGwI_Nh
z{EEu1IQGe$LE^Xb2qd=N(?|{$W#vSAnP~tBe@clN%4gPXbPVD5TVB@%!Xk9le<nyn
z0eN4eIPjQ9MpTsn^2@WhIBc^j4uI9tx|ZK>*C;r?9>{$6teA}n{0I~3V}J?03vyS*
ze{&M0rU<B>oM)(*zJ9&J#7UbF7N68)4OHsZd#e7T3K~K?ZbZpa!fi-LAcx5blJ$S)
zoS>$xJ!ktN5fy^j(*FkdL3!g*T&J(oHp#*$r8leRx|6lJ6I;v68Z!+7WTJFpTaN@V
zxc_XY?D_C<2Ocx5@xU#*dHy}{b|aeREtGK5nQSVnWv0-NEz_U0-z~VB0<wXCLGDWP
zu6;~J+KiSHGOHDow)6LQA40@_vlQT91Mx2GGy_I!!eq$TniccEC2<dHy9;L&F_Szg
z(*%9n{05h2<ycKUqy{FI5iwTIbPX<}A0$ImoLb~(<!Ug+!<wDGl!f&P<u){ztGo8b
zP7;j37khFsaV|u<NI4c9&0!I=1^^8YLXIwZI1M<~@Bvw$;0cA_;#3hvjjD1*m2$ft
zsCLDD2F+GQMMWWv*X-EuZv>X{hZ%IoAx4LIWuWs7IvHxqDEEJO2=RU!&Po`Catp;`
zZzFs!mqe1<c;vi15a~ZMcXM2wloF3kck?Q(?NgSnr{xpH`IM^?Yrt1e6_Z`N6|!b#
zUN5(`;%kRCYTO7jk-%Toj6gBF{o*}VFyY#z-edNzxR&pn94QBt^~*(?lag#o12q)D
z`fiTRZGY-ISfa{cYNN*p6X+m#Nv^Vcs<v8WC%++O_1@QX$W+#`9CeZU<apFDNn?-f
zz5CEJGNeryoLOi%5;heZQMOe9^k){nbMmoL-Sb8NG$2|K8Kw7f(*0zdblXp-<VRZ?
zU9-(Mu;z}7u2uJ37Ip}!?sWR)mkH)J*52|Vq{u2LIJBO|L&yaL+T?DW90~?>$JmTT
zJ6v@1)2_tsmdYXsNzh@d-M=0-`711DzLR+j^>2KuE2<|{>AU$pnDEZ0>E%mPmmbtq
z9>FY|u4G9Zi`gA|szG8$vpb6LeaHQN$s(7}&4C+-ln>?VooOq&;w%eCQ2`|WJ~=Qu
z*%ub~pjHZ3(CQHqbxBL|t-l%7->mV)3Ry4u$5r%E0gspOU3Q2}vTJL34^zg-g0gt5
z@z@!cVA3gl)&V8#ta`WDO-jpKljB~VIL<RO5tf@v1UO4VbZj;2yc9V?yA|n{Z-UXG
z{#>nhf1V%=Yt6Sv6Dz~5&hJBMzwvs)U444JFvqu8!ogvUWo2U0wW;-7k`f<3?Xk*m
zDWa~9d$Jk*FY^F6I;6z^{P{Coz#AG!w1F_4IypJLe*KzBqk+?nT^t!dB#HPYW5OsW
z`VH|S&PzFjrxa&W{`zPG0U)#YytO`IjvMIS#8_>QopST_w8hkr<0rm*nx!gh>#1y0
zq&r+$ID`a4T>VKt5VUNSbys;0SG@P}68IIzV>FVR^Q_ZB_|#}IyD3R+_mgPzUhByl
zj!djCzCb7`j@|3FU|r$%$c_@!9vB&ql&m}dN8Bn9Cg($Sw)TW;=~Q%PAL5n~D?D#I
z??7bKUaOp5E<3oo9dy0>sBT0luEZ|K2HRn$^J0;M-FI8y5qT7#S1=Vm%o^6v5D5#q
z46&vas<s!Uj+e4u154#^dnP_hr+0DH-TJ6Au*y&i3bJBO5lBYw+@ZXz{%k|f1DQV(
z66k-KCIMkEBD75A6mnO~l6$L?Le^nS5Rzrp-0OI0ed4Mj5MtEG|2VQL6D}s3@L2jS
zcvPQo8VcDZGPo+Gp$CtiF8qgQXnRfPeNN)bTkfRAsEtlqvOa9?FCFItXKoo|5<L*6
zMIjYcCG7n*EJ62Y$616#h{2?(g8RR--V3_!oa)OioB!kH4w``Y1pCmt9lbA_$>yLC
zW0k*NXU{nFoqxUXTN0M&Zk>?@hBbBS@E+Ob1R2G@l4KUGT#Jw>{yrDm9|!ZrnJ~rB
z&Vk6kGJ^mGcUkM0;k$2dPDnmKQ#9%_i!1%VEE~la?Yuff#yV}LSWS<3eo+OgBGqE`
z5<Xs}FAD($76|PL*#BY*(zqF#%3AF*ReHNwMGP<7qobo*Z97THKt-anv$MTDjK3t<
zavf)2d`ik<o@}BUD#&=|yX=lOH8uTz@2Q4Z3bM2Q{{BJaq&^Iy3NUD)n}>%f>FF!~
zhhE+LMVi_vBP;6y8ncs=C&~o*)m;C!Gc7Icu+d*CQdB`Oy{82Jvq+h`P2IxMk}lZh
zuzr^R8x0K&v`{QEveWHtYRs@)Wx952tiS){1+67z*wfP!`-U!7Dpz^`8->`}fXEg4
z&c?>Z)|RTGqT}s}UY)j_61Kd@UzW7c1eK7zZ~zAxvGnWLuYH&(q6)BRp_AZdf6>v<
ze;XEcwM@2m&Z~3y`)L08qEO5b8u@=$yb_pr7a08a=}>%0w@g?S{hF>19Vl!`wGrpT
zoY=SR>?G^__r3}o31(Kw`BqqFnJ8XqzYO>GzA7Sg!p;bVYEs58EI2nUMWey~ZQYs;
zR^-fspEQOR<5gaLJ-b|qwRJ6_t7Km=DZ@v@C#<=zAL{Gf_ys#gtWC8#^Zw$BtFfC;
z&sUqyO{@qAMXK5=DrK|#yu8F$Ki5b#6$FT4rFPcl^5+>m2w%SZy^|L=ER?Ne-<kXQ
zoezQ}ZPs``$eqU^g4@E_b8=E5NEUFe>><Tz{0m&Jgf^_6p`<Xr<kZweNli@zX7)jm
zQTT+PLwu5QOh6<0J07n1NuR0gSe3A+Cj$B5A|*`J)zyuRvb4)imYQ6Ig#$DhPxdmk
zk+C#m7Nbe{8g);u_9w~O=#z4&+D$S3?c2Ceq<#egkfk`6oPros>F&tLK<8IT<JAj+
zK^6uo|B)L{%EWWD000dN1uvu!i%W9exyk?KoI|vv4szQ8!DFsGYU|@b40?w~TKe$l
za<iTo16qsthY$R=MPS(y=x7@oxi9CEotl=uefzdQS>O)t^=QQ4^SHnrsHUWJz8*@3
z6#TnPr=i|%1a&k+NI_{TQ{?jpyJnfn`udyBK$r&m<-wsLwxo~C&8~+lZ4Y<no5x2-
zfZ=Spp51rn`<q3F7&0L=KqAL!rc^6NIbM@;`*J`M9r5qzTj!M?ExMm<;n9bC!NFgh
z;w{OS=}OB`0PyIfbAt~MpLR{k=|UT_@}&DCoFQnt0Pn@Xb0}`cF3ir~!O+W+p-39h
z$I=(i@@Ns`mffcvW72YV)zkPx)vb3P=Z}zNhjybyf7Gcamt9WVIYV~B6x{-=`!S)H
zk1{gJJT5z6cNh60C8rV)8C`CQTU(cUdh$?9?0%cF?qA=7VP?G%+Tmb4!{Ka&Mv*G2
zM!8;#+wnpj7Oi~i%ku-Mvhh2vbyCq(Y9=gK8g(VHSqy)6S?h$#nc%h<P3_Pi3hk<@
ztFhZ2;Z1w)pV*vLQGv>IR~(PXkzAOorH?{YbTc1mo_fyk!I)U6$M8y~V>y~Pn6p{f
z5{!8c1^e-DXd9MUT(<mh$wEM&<+@93SpbVWRJ{vUqZnao0){pg1(VkJA)Y@IfLDf5
zhE!h?n*&3!flN)*UD-@w@k&^j&h_L^7S44GpS5(dpUBFIfG^ri$wC=%>Gp!u54W`7
z8v(6UzwsL#Gdv(~UA)(JTT8@Qi8;`vzT#D&kg-x}B-T}wmbPqD(S}P%nEdnS-RjG;
zM#U@}%4HY2&^wgNKe8-!(h=augolMCaXW2*7tYY&B-hQ;oS@D#SXk_G*v!<b)r|y)
zh9U=xx}eFHObdDi?~bNDfHaUA{qz?^EVq*-Pmt&YV+636&*ky%T)WJzCmaU>jo71`
zMl<1`VFyQd%Neo&x~WpF&4UB4t^U|3A}&sSu{keMA|kZV#laMRA?MQO{QG53m(?_`
z2Jo-5SQG!8o}F3^_flTx*@gX_NsEj-dkfvF_{oCcgYF=!Ra1excG|9|&$i9J&b!a-
zFu+#EyeE0rxbrW8bDWs*YS#VPw1<i!QXi`SK8!-DxAD^@8WltR{YZQJEOGNN!mh3(
z%h_&_u!Q({JtZYAC8eZz-;(P*ZsO?io%IzdDGcH9HHu)_O~YH4N>*(3kl&+k8+j0W
zJ*&RNu3<2CRT9UY7`NY3@IigBE4ypEZM>dmSaVDrO|2r}ir(DXN=}zYBeiWGmQ%p%
zxFuD3_-50m%_Jn`KbbFwS^ynr*cE~b+H))TfRI^Q-`OqHhQzoX%{e{X9CKP-?M>tW
zjz^k{Z^#I1<)BMIVUWVR&h1#6mbQSiXofOYirsQNvwqMB<U(9%F3K8Kk~wS=z=K~P
z%{4WbrCK%Vo;yjB=s%5qR&+eyKSD0;?d@M6WB$Y>Bx$LsGv#`RCntUfQ$?<aGfz>(
z3Bu!p)T#jB|Kxg{hq$S??X1!CxQ)130e&`0sp<CME9<nZcDvt0;UN&uCWT64%n)Qk
z8Q4``JUmrgv|;V9lgaCx*8(z&m63>3VP}w&kz8cSj)(A?ZuWLI!z1GV>s!4<kC*Bs
z)pU@73i*^)$6wySw+w%a>4TT8t*v@b9Va|yPcJVIFE21M+|NS#zSU({(?t=$@%zCy
ztAgz({#**G&2tbd$=n%v8ImR%=tYSQwbm-ppCTk{Z3%XJQ7_+DXs`?{I$*&<@sonY
zM1}%8QoPG%h~<2BXjw-*=m4fY)U<C;mWeJ%fwjZKMaSXlBM`4H<W5ZFNWyd$D&;KX
z*2CMKy~^V8R@2gg;8$yy?-0-QMBtG<Y5f)pMI(sn75NMwMZlInAeq8xCnGQK*R3c=
zGpS+Vd%c_C@8#uHuHUvWQ-7ib@;>$EBgxdV38@0!Gp4M*ck7|L_BI--U}pO*2A7R1
zuOvbeWbT(p{`9`K0WNS?T)Ntj-u9_wsXx*6_~lRJxnF&z%#+pAXot02<#QYN8bt1=
zxr_N&+hkG6PGg2a&9?m={=Pw9#Y)-qxo%Llelq@qI4qDk6!XAD!`W7gd#9ZAz-D3*
zd0P|w2iZH?yrtu8LGiYkps30BvYg$}@k!U($GV>nGLp>HLAy%?Yu_$r!K{aUObb^y
z^61(VPKH$-jsh*&&{-9c&>=KFaM9CSx@6cC)=HMM+8?3+Mxf!^)LMzDG5Eu3iDG=S
z{|J|NTupd5N>KTe{>yA}(vz*tm>;|S`G5=(&Gqx^{w(BG#swc+!{PPYwqd&xc}D!E
zpvR4))JH1^QwbJl-ll6)_1EHF!DCMw23Wp_G~pDdTL&y$sUMkGrF;?O^=dzvckH~h
zmP$N~E<;vt_?m352N(;iTKs)i@l=bv)qNnF^QGEWvw@Sis3Y1p-crLiVF~aAz(<@O
z`l1SyPE{>ko7FOVc!KbXo|o9~8s%_-QU^=EYyA}R!L<GYezFLap#2Aoimj3yTF^^B
zQ9Vm!RjbRon4Lh4wPPGu$@>$?RP?6HHLKXIEqKGCUoi>99SC|llf4e$6nZkJ;J=Jy
zKo|BjS~XIu2n^C0;MuN&$8fzMV|A9=Z4UiiHZ$J6Ja^ouy3R&>mqPpF;Gm*o=_)!M
zm(oV{C4*;M8)mHC#<BZM&>5M|D30||)W_JZ=sR?5oJL2MSh^Dq5U^r>dP39FOS@de
z>2xdr{h63_WA*KSotr}K<0GG^CuC>y4mr`I)jR16YD#;}>oDA5|2{S57w`BQMx7G%
z64knc1?~9adKoR(&EAoLijSt6JF^D<d{_^mWo2m~u8x<nwX@4pmPW2%-8_f*Qvs4t
z05B5p4LR}jw=`TKU85dcCqe?0A!34Apy!?|?b4SoAttPEy3K!oQD0dKx$^Q=R#x6*
z02#0-1qKENq6`{pYAg0+Nq?4g5G5^|5}nhKas*!A)o7U8#dkIPKv;p+yNw9Ba!`(Z
znkrI>!Oxwr)NS|il#vNfOq>P##?<tZrOwCK0=jPh$Me4P^K%f9fGT~|3sP<5klk?_
zLx(;LaN71_6c<6pqBYfw^bvxHw>2>-m`usB%+q#RAb{}rEYP*exmOoMGwtWs`?TyI
z<&FRZwD&&94*}K{=^xYIS*$0Xa279yHrOshO1dQ3pzYR9<^?2+gLZtb%J~#Dv>kPJ
zjgf)zs|LT3vSDM|j&-yV1sfJ7e+w(?{*HQL!aei;h0E;?t%w1G4kDe0%?(s>v5qjv
zXkzJzf~<-s50r3zUPP2u`!5-+6F?F25b~1JVRk!DUPR$?x>%E7_ll?8=Nq_J0m-sx
zzVCas{-KF)&DT$GL-k)$HHq16ue1E81s`%wPr6PYpgWfZES?_@Pm@l^Zef5zIqoDB
zm=4mn0X~KNb=$Z8cJsb73fi%?>rYJ%6;6D$KHsoAzt!HS;UtY!+`IZ_lAlgpz#$8M
z?|sBS_EXlR)c%_bU_hq*wVu-G`g^ILipKG|tMdVpqPJU55UQtG;;9xHWm#kG_7H~!
zgRdB4R1>}HYPu{nJ0Lt-&(sG6kb4g$sHEkrps@(VXI>Fp4i1g-f3B__H)Mg2Jw=W~
zUC1csmHYWV*FL~AcdBOW+dFsK*Lq&(w{Znnt>&olF!<HR3c9Lpeu7><5E?jlWgf|z
zeq27K6^R{IW7(q-@~tyz1QtCWJU>~Cwsdd~hTdXu)JD#j84QHuW07n#j$`Zd-#vs0
z<;F=u*tLw!`-R-^RIPR``p}N)v%@Dh<;esGQusOhala&Z7mS1pBo$tH33`==W^xLx
zACckI)@<+mH<Qb2Fn4u$&ACZMKk28>^}#uooIl-R?LuxYwvdoP((uZ_#JLeeMS1!B
z)$&aE1rk6mtxO+(cjpoMg}-b3DxP5gG0cBvs_-KX7QoHJ*Y<Ejd<heY>jYAZ(F9%4
zXNFy__$P?=#vTI*`WJ!LFt&1`Hrs}#fz$zT36`~O5393`r!>TDAs9%m;Ih5vs^ju>
ze@&ATgoA_gbhjBZS)j0c?hzau%;$Dwsr-h6gM*Q=^hwkUJ0`i4)uI9{18Z#!UT)$S
z5O`VfMjXo!TJ>;njR0q*vGGRDnBW7~0SgloT!8&@Ge?u4%}lAJk1RP*s@ud$O$`TJ
zTwJ_Ks5gz1$@BE|1ipa*hV%9y7(v%p@652w(lgW9ZHwF3LQBef^roQ$fn5mAv>6>`
zurKO%e@-#D`Ts1#1GX(uKJVY{hcYDfcDDQE48R(iP~ps<iR*b!zu37D^4ra<d5gyv
z5yYo?MOE7P6*t%J=B@`j2$B%J0f2(rj-M`8OEC{My=XaaVdi8=?Cjv`MZ^xB34i=E
zcUpgGW1YqUYj?j>lSGsOj5`6LUiYq*QcC<SIABfC(N+%<I03VKW3gRAUN|swd%_Zl
zcyE3>FbwhY1B$oe2DZl4D4^d$lP`yigx$nJ2dH%LxP(5fZafWyh={=zyLc=7{>gNS
z09H3BUM;=%&QFsm{2Fba8frtQUHseX;3UuFz+NM5!5>%u&U^yd4;pBwlHJwiZOBxr
zZkr%qgqQQ<lge<qD&P~T(ciNz7FvT6mVS+@n<e}P`|L}(zMEn2XAMQYiz=6I4Oix2
z%IMBn6fD<hcaek}hr=+HsNqNh9atq*%7OiSxfvw@;4$h4RX(60Yx7GI9$iIj=);O{
zh7&FjFh|8c#diqq3N%pg;Omcy>Z#!ncv?sSRn8CW;R=5Aw0N1m3eR+;9cr80%3E2V
z>7zmViZn3rlv4HI(CsR>sJz_m*70<fMKfpG+|+b_enCEsbzk}S_F<9L4$)|Lx&W5<
zO;WqBc`Ikxc5!mtz>(0;my-sa1{~ZK683ktOLO<v)ch+!kW0-3fyal5n%xb4{-xC<
zHl4?pqcm?_71x(eq0r^=s3FB9O7gW}&%jLSAUup7nd8^vXLNO#j30BLizPGsHsH#-
zC8457;|c;kviD$roUjhh{F;Xhrz#9*7JxS4lv0U0cNzoZa@5<1xUl=Qp~kn{di&%z
zdh6p}e|hfR9-8Oi_)ST}-qu=H?zN&eI<i9GA;wuP^l9w7R74w3M?DlFT)<4xA-5a=
z0*oyXfZFp-oRJYgxUPn6u_}j#y*4p?cJ%4tmP6wi3}|Q-(zhJBO?gG5ii?ZWXBQ>o
z8gJPH&DNOm^_qoFtVGcSj}}~zQ1ZcGb9$PCi>pCp5)3-QDaT^G_g*z3HsLtuomH&}
zFmf=qJasLB6)pW>Luio;w-rtX<#^PJ*YV>@Y&c)2w{heu>AhKGZ~{d-diipBjWZFK
z=8&=3Gf8Dej~ZG+mGdX|B1WcoUW9VwS2{Jrv~~+YW<v?gjy1+Wz)XCxCC(=`sA%95
zgLlczHHu+Ct-b`a>TcfAitmy0z8C>8rSZ9@o`&F{t@Bt2u^?QuDf-V)0rO;mcvIap
zYqwI;592wWMd?WyhF^>AtR1!OVEIp^iCs$WHET(@H82gEuwqGKA?LTDj_dl4z)hFo
zK8|Q`dVzS&&$F(lKT9>>;sy^qS9BTNcjbj?JJg1%ueIML&Css+8ikT>jF06lBi;~@
zsinQjS_%gU>*^uUL?2T_x$eDE36Ca#rpxd8krpbN1+cp-iyp^k_;YJaLjzaupBZ-N
ztXS0ZeCn%xihC5X-uh@Fm@uj0IMv~Q?0tI(eN&nBqZwht9G`x=+5LJWx~ghEAN!*r
z#j7B4@I8hg0juQJVCy|xJ{T?otT{3^=}Ho%#4-eV(F*)BeJ}Lv==%7AIcjRkDfLEn
z^^w-IXywlzueG%-F#h6q8{S*H4Z=qeV7qi9fsO>QM=<z^S|vrVaPDs5JS-?nH=&^3
zg`tik!A^K1mQsiT0r>1+iNE$BAqFNS^w!qu)9dpo7bS!`fq9y-RJOw-BR1C7Q}y6}
zir20B+iy-_7y_@i6Af<mnZB@Dj84_<pKtbUF@5Rn?Oi5a=LA#WKt2b2g<;WJ<B$sa
z;A3HJ?(ah`hFIL|&cLPRo$X3BOZ#26EOkR|ExuoeQOv%*IDHaxJmlmfE#tFg#Mp5M
z>sace+v0p;LMY2l@$w@bW8>wVSMo(PbDcN|N?QF+-{cT;#zNw^%0Y(=hvAsllOO9U
zj;{3X4J}9J)Zc`{Q=>f1`ui^(TOujqAKoV1AfTgN>%W5twZ!0r_^EmxK>KPBn{LYw
zq)V~x$H5USTTS1-M^+V7qtSzWas8^E?~o%y#kI<N-o--A3IzNnGaeOPjBwd0M_x_k
z@j1gk?Qv@jKh$t$A$i!ZIIn15w<{6!R@GanGVy<(KdN^y^d7#j*>R1QN%}>8U%P^h
zNXR0|4jBOAv#wv&*M8DHx=FnZIU(us2%tHB4f~JejFCG8X6r%=&o8q&SKaND?ahIw
zC<*ys-{@bap~W?-982na=yT6Og8y9QrRMnPj_CjF=^5Lxnkmu?fPyeM-7oIWqko;k
z6R<Mos~x*{_+gJ116VX3F<+EuDqY}@QlZMq%5G0rD=I2p`qpOrhv9$#f*dFbcaxZ_
zp7{lB4ogK}C#S<Al{TGfLR(H9SErk!dD%qf?ZRPonz(^zVjkzmJEtnmkL6XBduJ>U
z%bRtx`g|T|YXK?U%YXhjgHiq#)hnT=tH}aR)CB9BV%oSyg(TLz+S-3Y|7J|hhuhP!
zkr5JBQz<S?O<zeHS!Dh;*aUg7FyhwOMNK@OxF1SAYP+GhGpOv5c$`r};hgL#dvcwn
zT_EuV{RDejGL17)kHv~~+r*^Qbz*QJ)``ACk?>vG@RKSo&a{qP4J{r%741WL(&IrX
zlV8bqHo^2An_`zd`h%bq`dUh+X5H?e^~H8OuKQhsp(I>Fo>shezqXiG(+5-T&oGz0
zQ&hZ@s`-NRl*tjkPUCH>vGxb*tINANmR5d$-OT}|hfi7-pF@&L&lnF4;TN$oQ!;zV
zM~nJM!saio>9Su%R?gFYnM}3Be<K#V$ydQs{E4f0U&>-E7K@nGpF6?byZHD6ydt2T
zd0dhW@tcPk?1!_P%;uV%t`nl2`eKLFa1xf1mZS;<?A%Mnv|Jo#cff`eiHG{;E7Oht
zS^DD^u2NBwSKgdY(7$f-2LXqp(@pIZ?<mW*k-F5r0=XN#Sm&c;^}1hdptpwFY)_lm
zKQ;v`@+~lYGB>Qxk0+~nXEdz^5H_!PYrex&$Fb#~BJ1GZf{PT)+HKqq5^D&ktTb_E
z^*OeoC<LsZ`Y~V}4y>(?f5$im0dQ{#x4vi;Q+`F(r}`BQ_a_vmXSRF?B=t2k4m~T1
zii*I<W^dviQwKIG|62p<q2edv8C4}Er|rS`)YMc2bkaR~|DEBa<Tw)7c&E)?I`A;m
zULuFK>x5+Cg2`2n&8S2JKS)lDAf=0DvBN&6FMC*v(pUt!i>6oz3Wba2J-SQ9xXwHS
z@KeZNFiK)*V1UQ%=;zK%P*4zvA1C*(R!DAUT(+FA*Vz?Fii3MHn{_noXE<i2Ijq5*
zgV=HN$si@!<>lp%V;TN*#8(@t%&5QzxZRg#red2PTr+A*p5xs8-9bpe^e&pui?4(@
zoABjw_9C|T?oGk#Vy2*?+dmov1@*p8#g)zF&Fp+`PYv;-L(s%o>{Q#P`c|%OwdKuk
zPvzUf;&EVVE52lZ2_R@!O3cd?8&?aq#}_LLk+~dAttc%iVdjVQoY<NT4t86AmEPV~
zNi04rDLEXt!~0m$QOO5k?Rrpape0DWk925Aqbn{iVg9&S&6aXP@-7Jq$X^j@ry)q0
zJ>oOaR?^eb{+X8G)<npA60|;nmUh4=cVlx@eiVM+eDH^@ijR$Su$GGz_$uxinPp2K
zaJQcGODvSGfuH`Vq;Vtm!vbSji+hK}ApUSJ00di!CaNxB&qz~a(oIi&p~J#iF1PtE
zSl%4#dT#$96!h+xHqw@k*Zq8y$|~-I&*AU9#h5IcPg$^+uWbiEr-;WSLkWAG4vKTA
zXgi<VI@Nu+XgrXZfw121N!K4h414h#&Zic4S<9Cz;-tFWnNyoo`#dMiEG@hfeGey0
zr1e}Unj+jEp4h_wS@*zq8*He_{`+m}?d;o+W5<i_Zw#>5o7JYuMOe;Cv)x{^f6mAM
zBPJ~!mY28vOH9ZiX1<Q<=1`1IGQ@>39$okdyJ@(SzyUlL9QsudK=rnSiqo`fSQWp8
zOgouyG+kiPN;{{#oSBwZvV%&ea&6#H=tXsTYJB`#Y-|>Tx0xX%<el|YA;|vH8yx<L
zjEWi=9tJvp{St|pIlUTvn_j?!R)SXprotK-ouBuSfkD3SSh@f@DZgf=;V+PPe}g%2
zyx1_7#&`R0+5xU^J~#6gZLD9*@vLlZO{+h}3@ZJy?mipzKDg!9io##n#IQ6mNZWn1
zTR6Gq`JDO;@n_KGV~&Q+j85YH>_xF3(PrEf7GLwy@<OZ-T~plQbiYgGeV7tx&HBgb
zgs<IXK)Q0_5AbIZ&I~1V*0xX^4=P|C_gqi)C?Tz6r>w|AlSkgy|F$_G7RZ~PN7QkX
z;4e*_2<7(b=(sfDf(I=15M6=lo1&6hMBd`@&zBFeL*X+ON$#4w-A*$Phn!-TGK;tk
zY8h>W_dN$%12h#9`S#w^*!YvUpkdzQQyEq)#@$ZRBEY><p1FHEjGpSAcrbX;<67Pt
z7)`dFCpaH_;r}raIw$9MU1Qa5-D2obD`v3#DCgRZ_qv_!fWR#dCJ2`s2M6TKEO8^K
zkKW?~a?{hwHy`3Bq+^C&hWT0SZJ`F&vN-K4KGx(w1Jm~54|^u_lKzdOj%R)r?Tbfv
z*77gOtwiuul5O0JE!1rRKBsG8747$Ts_OR&kP&Pb8`@nbF|q@GBb&Z6O#JAT^xrD}
zkJ$c*_$c*Vrd*+f@r%54Gt8q?K`KIz+N=B?Uza0i^$GHLOrxyXz*Kl-tzCu3t3?xh
z{;8Ga*~xkAPSx8LNbCLAjO#@OA$FDFvb20T_q!+U*&DR~tm3dD@XVlCWBpymr9zh)
zFCI&pVT;wtd87Y$b!o9yeWE57S58hY{`N#;rNzP2l-)a_L3F~4^HSHwhCu|w6g<uq
zlaQ$8EM}`r!frMT7WFNAwm6hCh&z3K1?aeWc$hRRg?ZLvLPHT^`br85xxKF50-ut%
ztRJsbL@Be<dEo#iYU-HVQ?gdmFz1qLTuiW>0;~`6eYl~U-II234O1&o_r2dQ0I>j{
z`-y4Iyu7@;_3z~tcXyDe-yJ0hB3G}_UuKBEnRs)ekiH2n@4pbSXoS&ebSsLBDR;XF
z-y3(kulmmNL0O-HCeFplc_VWpBP}mK3JOx}WbXZ@tYV^~V7%_F%<Z|j3qru=DmC;j
z?k?0+kq)84`zN6Zu6(~|C0aI_C#E94dgGafXvF;&>y*7Vc8ax(d8qwW7C*w<mEv)O
zYx>s)yx*K{{#0|NH9ygv=p$~pJb>qhFnLerxsQ_m*IT^0xLv<Ws_7tBpsmqpF>cU+
zjL}$rI@EjdzFX!JTY1WS%(=yOPTHQBTxNJ&xF+)6=pbYBx=MNR@%_2|4!{U2Rz@SE
zYxlIdemHe%y0?#j0-AL7U0>4Ir^`MzrRhD67pfI228d>nzY@(-#I`*HeF7Z7##RHl
z+)YVN_Io&P06NWU5*f8F{*j`xJXlM-EepmlRNumjOZ@pW2?az(!o$IiFE44+)6=hd
zQ1S9=TPYPyfn(T^l_kOv2nVdMuWQSKe&*`pg4IXC|LJ-b)R<x`3O**Wf{X^ZURG%`
zW+{4rMGoL<7l*+9_O0baws;6$NhnC;gXLc|ah`kQS@w7!;)Vu_2^v;XC8a?(l}Ls<
z{+ci<U-7Nidv7>^l$11%Mvm8ctA8YgOIB8v4to$3yFB<;hLhN=*qIat4lyMpBtWz9
zGG}39Js6EjMRj$>RWNI=vZp$|;h!Jlm?kI)FKrc?y#M*TAnZ!sh}xuI@pJF_HR1@z
z?Lh!fBZBl?dSbx8UR+A!r-03lD*EkWgDhAkn53KYZHWH)+Q`ONPsPayUD7bDXQOl5
zp{cnwQ@3kfGsNf2?<BqiolM~1>iD{@POtdH#vnxj%iauoiOV{k4m%Tog964m{XhZU
z?dAEYM7@j>FD)&NMYl0CxsCNzkfm-%dZuDw$0KxESrh^~Cn^6c;H;OZI01wvWd4s?
zHpVCEmxBxy<NH@>eC~tW7edb<{Ur3Ph!q(b2@L~-$E-W2!+|y~y)<1}Tf5Za?r@q=
z6q3G+c>{}u6(^XyH#j}5Mvk$E*Q{h~vT2g^kuw0nh~hx%@ZgYvt^Rn_9YwqEI0m>t
zdn&Np3o05_r%_C*va^8qwVv7%9OkfbJ{^R3)0iBGq@de_dIiM;+T3u>$pT&BF7>}7
z_UaE7JSuBCyVdVpX)GYXdUxEXAh)g^4cy2}`Ixv_@8ZfzrLJ5<&T3zjInjOpSp>+O
z*yCGCsqq?{kKhuQC}Tnj7FF;YTv}TC{rmU)JY=QKyW{Cb2d|joYv0SQf8=W_%iS@t
z2j9fv@%>LkL@6M)zt)3B23p(NXg~gR1ZO&!R3hN_n41L-3E0Yt--8{<Q|p(O$Iv+S
z*>nifva(jk$dr3tIpSMzi(sUcNWG{eS07~Xouat<ae!fqTE_>&--Ysv^<FyLVg$?G
zgH8t>ZsjT0pB&C}6%Q&h`25=SXP`e#X4Oyn3iN$?A2@S~`Cpid0lUw{X#708N&x_G
zv60TZn1$q`$pa+b->)8Mg$#6q4(jFpuwr{CQAbmgpVjcg&x4da26ZWo((&eh;uKKh
z-WRn3^qTz@5ktEmdpR+n8`IO&)KpSZGB9wkvEc)2E3o38TUZJr451GRB$yM0yfg(&
z_bQ*!K41;;WZ0!mu8N?%J4&Q}Y5KT$pZP=RbGkfiyV8SChKw9<<)`G9kG{Q~1$xkc
zcW?C?DQ@7uPp!XG<nb&^cO`fi-3=y7Q7W3m%E}+j(_wvWZEbH)Doc@(i3zmR%Zm%I
z1|N<>)q`AVa2h6071Uk5{@LkOZ)I)kbGH`QGoIDPgC?8B+a&ZK5cH38yLh}{Gyv$a
z!zIy6QV5A2nzO-&(y-!nn3t&Ub+#rl8)D$v%eCqQ1LWuDBjYme9Ue{Bpn=IEo?u}^
zNy!J>2#P7vF|Jj3s7ys*CF$#5JG=0?WHh+v7}|~@RlnVzEBSwz`^&H@qqS`mo|JS-
zw@P<QmxOdF-QC^Yh=7!UbV*BhBS?2QNOwp#d${8Lo_9U#`@Q%5V;;nedyX-#KCklv
zYa7q3sioxy3VLlNg=J;(N0`B%sFppRNZ7_=`i*n$uYX08UM`sTm|bCq{`*}5@dv6s
z_GTw0l;7Y+9IqZk93})fiJ}tC<o0{>mga?R2_=DrzFn*QzUFHp?vha0RwhqpV`*!9
ze8w*LuaFl+D8~NTiZm&ysd*FmcfffqF1}B|i3`0GEVcpxLpoKotgP(P^0Jq5M16gI
zh9>xppP%1T`N;`!Mf9fSRf2S$vW1`Izc&M{+9+wRWHc!lk*YV#W;*nZ)u`vfg>jUC
z8yfjv=J_AzjbIF*hyK6$2gQ3n{{XnRuF3`S2IfCiJ^{ff({AkCIsbe9C8wt$`mD~o
z5zKA78yg$z>l3Tl0*m@xf(Q1xx?_}j7mJmGpN%0oivBqt|5U_Lad%mA2KHA|zT;+l
z^Cpn|j*snMxrPH{Q&Ue5k4rb~_X>L!(1T3o1h?z*oo(`X@Z6!s<?m6Q)JI_%85y<O
zAL2%LO3GT)lpJz$)_*a#-`w2%czkd|3YpMb6KK}&dOiAf*fB&*miEp`@u#?{3VRJp
zR?BCu@luCCmE3SC_Jq$;4FCL4*gg1D+)gf(Azhbu$Nn_zyvBR$-2s?;ooMB?@h@xL
zZJHWVKe}L==qOZA2!7AYqokk^W9-jC${a;UL<GcE9w|yLFO$i6SprulgC_VS>yik$
zs4f3!`o2>L8dtgTKOSmz5{_LdsQoy8I#&2W|KWf%Vrh~gi%z1ME6O8VO2q2%9n0=6
z?RgGgkR>HBb&n+GLStPDDlkHw%&%2K)5-o3FhdOjjL~0c%{$Or$aJA$Bhda~&j8WK
zS$w7d&lBbVw=?cn!Wy1W+saG*$<ct8N|L3dph}O$^@I;|*GwE!_zzE^aTnijYSKE-
z2=z6cmVJVPc6cfv5Twbtvqr0{Zk|afq>Wj6y^_}>gP1(-_8QB`ptZP}ZIarc8XXxT
z{0-~Om(ESn5dmZ+&(@*av&-jS4jpMGv%L}$q~a<0E-g`C<9dM_e!4Ni=cgugzLm%r
zGFz^Y#$f>%qX_<S1>vJW8kn&db?U5v+u+sqc%>=wGfAsX%z7@X8Q(y<?_MhJNM>k0
zHmuX*j!>)`U5GZo)OPq%{Y<0+Pk`Ri$6J+0y{&=Y@w^4CRVOVerQ!K|Rz=H;Z`;K1
zx*hOqf?UFG-|&b#OydKqybx4GXCeY$zDrwNp&yJ?AG%(cbv?ZQtZO;<1dVR4r-)C6
z|1M(g<!;slx2%(uBzk+tmf&V%`Nm544W^Zf&5SkbHl4x;FmiwfT~^Z5lYv(f>SMim
zBem>+-9%wNQmWJhq6(2s&j2LrM`WUxjbh_B--p2Ps3`9gm7pVx#^Za$`^~iZ>hc$I
zXX}YQPIW!Bsnr2wl?=T*iot5D87m)o|EW{^`~ydK2DcoiIeB<^AS{3ZlPU2#`>V0V
z_T4Af3yuKF+pXC;HFQ$vra8orhX@WU!e?VC;fi<YUHgc3)?vxnBr^>+P=myE_xS4m
zEG~}=99MA_yDr*XpJb}y3}?!cjy_#gLnXhbsJpVyf)NgzE&jxIO+6^I>zZlGcgFA%
zPMnR5lth>U<5O}>rV6w+JOl$5XMh-{d8w|m=GzTcfs3A`W3r=?RCqA^X|)<092~G}
zQ2t7;t^nj!Q(dhE`jY|T4I=zH7KN1m8~G>jpIIcNku;u-cJuM?Ql6nx$)k^StYVzQ
zg#{ut*9L=)dX%Bu?}AvUX@T!K{EA6`n9!i#RO*{&)f;L$eu-V|2ayY2CL)TQvral*
zcnD-p8~rS>JZw3);KH)&3eR1bPdJ&|_cZi5*F$!^>EqSGN%ULaaZOzVdk>qaH&z(i
z=ke<^WjMA`Xov0@Rv5oZ6-*hU(NvFX<%E|I^^zmCG0tbhklnu!!d)M#<BQ6$rzx=E
z39%9KO4vT<eC5j<|5il)cAl><RIC5oju20kO`1%p+ryN;l~mbfnQD=GXXxpKP9S*Z
z%Fkp+@}G)Z{XGTNa01vsW5S4FiCno%!N+bqy(yJ1$H5)!&k<#-K${(i^bUP}5^wE0
zyWu(Xu;Q;aoH)<&K@pXonsAm8QuWPOd>vaY5I75aKBuWR5d841&{!k^*4(<+pELEb
zDHGaBZ{_N>1rMZys8Zh=&B!#c7Wu0ltG*B{Ev?}-r`BU1y)l}buDbedSnBnT`^{!A
z1>)xVLqY&8b6cm^snw!Ybd12Oqj#vkcpShJk~$aiikx+CNYNoQJCY&ak&7ufWORS0
za0+rkfJigZ{V{Az+x|^TjJs|!xwhWd)1N$o_Z1S2jCu>5eXbpi6(Eeis}F-J?(q>#
z@QX9#mC#)(c7P%SeBI;(r`5Ja{`d#X2r=sd3^O!jh;>>*?(3S+SM+PW-IRI^m@x6p
z#^<U+gJ{qBnbjT+gm$Ad9wABrJjbsN<Hs#R&|dklc2FGcDxGx$q}&ULER{;5)U79Q
zsP=lJ<EvKqkx8<Q?sv^GNPKP(8HmvJm=Au$(LqX+W<qHHK!>4U1$)J+xj7S+Nj4|F
ztmPiI7$tPAvb;tZBXA6wF@=ZFtl6PSjh4r;ka&yEz@9gGlFXN&F5+70J}lsmFU?X2
zX=gSwcSfL9r4^cJiOFE)JaR)q90DrQhscy3YivIoN%Y)eyX3LM@W;c~jAqFa+j*Lk
z8CWi8>W;r=P+OEv=gxQ<AWrH1N{DVJuA`GAonLM3?rZh>7g?Fy(AlCv>>$s-u>gm;
zhZbxGcZm&HnV(8^Ez_grsiQx$(Cchs9%lP0@2*v{pg^ZUMKWR^`=WM94o>%|p|Ytq
z$XODz=G<0ve2{?bCL_qq^2GBCBt``EUuu)$u6INAg=-GfU*zJMAa!FQMm2xs@3%_J
zp`_D8)kZ%T?OzwL>f@r5(k6I?CV%l8-qKgi^~@xjsC2bOVXW@WLc1#AnR1Sy@@H@!
zsD;dUT1!v6E#$rGM!Fbq|5*egcWmURr<c)#mT?p9P#J5DcqA4`8cmsX)ATF0(3wZ`
z5XY_H49uwcYPSb}o4jR+s6L8(mHQ|DmeQ~?a^qzk(^zueBXy>xyX>XmEcfQMYFYk{
zlRo3{yy#PGgp<NtoZn{7^cLc#-VR*<*)6mc8G2b*be=zR4DGDU85}B<*2enPA)-@X
z#Fs$}z?qd8kIj5F?+Jp<cV4f91b%o`$!w+vg}qx_7i?%i_q8O8+FFO7dBLw+%3uC|
z<Wjj+FL=boEwIy@m6_X-Cwlur#Be=BVa5H7S8OXV`3Mth-N=Hh0%&8_G)efFE#%;g
z)R*Wa(&}A|;j5W%U^EOS5{<+4F50Giw0wU3VYS$QY0ks#K!k)W4yk%b!zydeEQl8)
z$AIel3`;q~&x8z_LlYdVr=lWT!23zBAgyX)Q)(~3Z~Sm`L!7-I^+U5OW~<vy9*_x8
ze9xy63-j3HL0ONGD#E~MJy8_PTp~?SQ-nYyus<g!Co}a93=Dh{RT|I{whHn;7F=p;
z6#16iS?;*Gchix$i9o?m=3@l%l9Fn%TRRcn^;D$1UolJ>KYbZIJS**QU9Mm=@cbZ~
zt@bPBmiZ5Z%$W>CI5AVDuPzbcj0jkGJ%o5u+3DKw!RkFjvzdWvFJZ5t->A=$-%_Mi
zzD&6f{m^TXJu2_%(gG?sxM=Tp)bniV`W~7tzp0Y0)P0p~+RJ*%VK$1_!fF{xRPUw2
zJlgi(s$O5H<IB?HU~|9)%@<!D3kO1sJn2Q?L!SKZ#(hVIB39EF{wz10C|ZgJH`Dk!
zA$c4pYGZTUNc40c&A;5EjQqRij0NV?WmuRjy;RZ6<bzE8Ei@aq+~c)AYOZ%C+3?`x
zdb)`XQY%q?ik3EGe7+mY-Yji16!CQvO#f#(1|~}0^nN-WWA~}Mt!&V2_<*leXxjM^
z15UB=_4zu)UyR&8Piy0f!Zw{=N|#J;i-@3}n$?!)+!#v_Hj6$!i?W5fyUL4IjoqHg
z!4Bi}oWy%+zQgs}q0jEw1`XnD#Y_gz3mI!{6HI&f@w$|Lj~GqMomD_`4#Mz7&Tgsv
zk0*ooBFZXP*V*?v&hpYAmn77=mr^kC!-x1#5&dzWYEdK)iJMv#{Nafp>La9IIAY(U
zP(BbROZuaSp*a(gk=Ztq>)9-DHN70o)>fP&9~`BvT;r*3<S$c<VGeZ^K^*K)hJkcA
z+HY6wL7bUJV`nUkops+|5MGCVtrZEd%AG`BWJ;|GQTj%i<;9r3(*dpTz-{dl7O+>z
z5z}ihe!rdbXyC#LQAZ&#G%?8=BoOp&=#F_Mt?~9F^|L^GRIN8FP__a-_{H*1UTvAH
z>j_%&olAY3g1l^msBtf-noGxj?P1E`F#}>32lvk_RwHyziQUqPKJn#lfYSF$ux*3^
zqR(@GS8>ja>#}Y&R)Q)6?6QrNQT#j#5j7L`HZqj7<L4hcFSx(%Yz}5+(<mHvoKLle
zFHVo3oNAMdk-j_smQz>~A6yRXy^`9s`vx9F*sptxsBqdqv&tmy#nxLb?<H}EAZ>}s
zyohRLxEWtT!k|LnwV_Cegs9TdTtt?=&PrI&fR?d}rW?W<6G-xO*o82_w?i_x<Mp5+
z!u8i@YZFlZwi~;`FT;P0X_Rlf-*97_A`)f^_-)C;+pH#}`)cei!r830WZ6m9{L=pR
zM&AS0-2vjib;zf7UZ?oavepiI*Gp)fhPhdX+aDf21(yXWWn?)d<$Vyy?u_m+nlmVw
zlg!QVkJkNR)|PQ-L=fH?{ZM<#i@n&~m;%KX?iEBXP(Y`LQFB8CiIIZ9qLS(wpMB}J
zR#<1%kktrkfcmDX>KIgCCMCDjE=ZHH@shZ1DffBX!jM%XjxPL1myWbC+05k^5DAcx
zGQs=fb)ng+w#$206>M^5$}-?aoWErrrcfIQ*qDM)78O%gq`A+82j+;XVy5DCyl9H&
zd&@*${yn?mr$Z4Zgs0qDTD1`tLh%}L(w}yDe#Cce+!vMd!7gXUE}*=A#K;Qy9TjFo
za_Dk`#E!ZXZ+#OgPh*wXYYQ72PPU1RJR5Koma7dkS)>{lz!0K#j?aeGCS-+MjvCzm
z2tSX(rV6Fz?7M93U3$YH&qLkLK<#PrMNq4juX5g6<6RP&#&{|!J^cb1ddHbX^W|7T
zFHQkoxJRcq6>~>A<NJ|*yDVgBYj^D?nBAqRsF4S7N_4Ys7f=PX`sd3LR3>c`naZ%(
zlaCs$n~e0Gx!Gwcn5g23vVD<XLHuJfHP?ypvn%s@dpq^9jjyELMn7U?Wr@<ujZ2B7
z?8t_z54kEH6E21_+7e}5ZmP`7o3*AK9e2rX>S25F80&uZ2(CS9yPI8qV`FA9<`$@W
zl&ab80R=H$a1)aOjcV$hs=jY3T>Ri)|3m%oOFF-Lr9aj!SaGQ>SfaNoFma_K*L(6d
zioOa|Edypq+0tj~n0bBki$e-jt;@G9JySaFY<|k0!SO6lZ*4^#MSzH_@yJPkFB3&3
z&86zshMreo|Gk89V1xaWcx4hg5yaRqw&Cb)y}G)%S)~T~WF1z=JoD1Lg7&ut4=0pW
zgM${*ZAr8+Xrbf&90i0HQmZkd(sU9F2c8hNmH1SBB<5`xx5g1KEn?{FGz1O~Cf@kr
zx(p%$yg7qN(OxWWZKjCPoyniHzh3-RPh3)XlOn$^oxj6yZ2q$0=?`DR95#VM$iby1
z(&Vfl_73#94G0vS=VvZ8_%tso)u_HhsT?GB_SN<kfvJT@c}|Yf>;93E3|6C1RnXp5
zP*jNt2}L8C8MgdD82n~@ISlpJ!h9_5@TlGIKk5)?+|&_6H(ueW5#y?a(epTqcEJxe
zS1+XQaek;X<X1QGYv;WsO0*@Y;OS)J;ip=8JisvHO&@gnG&+d+b&|i6n;{Y2%ugP-
zBzRb>^Tl#1p(B@DHM`Z;Ja<+r%COPr*vt1ilQr@2&Gox-j(ZZSeWS7bJlCu|iNtm1
z@M}C|61{)Y-%JsyBqk*?U4I^HNm3rg6SK?Ba*6AJhSn_lEH9x?t0Z7nHE&&cc0uzJ
zx!alxS$Hr;1V(<G0iA5;yK{gr4J7)sjtq@ZF9KI{bb>B~W!^Ab{l(Esqwo+^g}A7H
zoE-l$8_Aj;S+lBSh0n3?FSc#}nTpDIc|i#)ebK5k+ubHORer)y^Y~%%?jBV*$5(vD
z!sLZ17RP6kYu&Q^f_e-=^WGS7olk7Hq8ZWfVRD@g*A7f;JD>WZwls=(3?Udhhoe}0
z9=w)%v~;xCgAjk4;jJ+f0qJ-S&?(+RihMkn@en&t?-=j93tF08Rb@YTW)wmRQ!#By
zcAq9g$?&5Lv9ry~Iv9i>_lGwKlAisb5KLyX!9Wz(`~aVkt8TA!IK}k}WwAe<v2URM
z6?I3P3<X<0Whxx`%d^RIUK{#k76rxEmNBt>@su^&ykjoGKQDjxv&G+v68Ot9U~_`8
zOFV~X526H+zF=?P>=`5^mE4@$*ANVo9`QWv0SMt4R_^+um+)JAkF^lhko9c!mgDo$
z^D^CO?6dQ;r)nFb+Xavd_k)2rn^Tmc=G3DTy-2TjE{Y=el<_tVZzzT1eCeC+f{vv#
z%tXIcfcOhSj{E&jxBRhATV8=0QDS%9rh5pi*3PeAJK$bO(&xo3yu;Z?U-%#WGTJWK
z>T8ha$}&??<70>Xb^6f--%!Y{QbPInyEWGehQt7Of5z<@4zjoQMu$;@im6{pyPYSZ
z)wofu7fOOb*Z!NN$LmHRx=&6Mj&n{voa~RS_6#Wb2}q^bIhFnIvu!>lh(bk`N-(A`
zixxhn?fu?>;;|{{jk|b+u1iX~@|zwTFX3~>;k9Ebr{nzdy5XJ%dHhE6aC5Np=U{{n
zE3K5UugX?l&p9QjpmutmfJbH`$v7$dY**tedP+$Y2x>^t{?4=D!Sp}9p~vvHU|~D$
z!;+l8ChBd$2w9G$nsK`RX}4OhA@Fi0&oR{p_7>v>W}rI0t=HWy*hMv$H5NuNw0*+c
zy`cEnwSLRpOKFO@0|yyPcjtQel*hW|NHuFFx9F6_p*nD;yly0)DB~|tz4;>e=EC@9
zx|`w~0TM*Pv|V}G7{cWntF`y%&#E`R9urhP=j`%Zwuw{frbYJ`r#Gt%TEr)Rev&FM
zF77RD9VGVpRSVL{Gvu<DE(g8o<k^3lHAa$7VvMKJa%F{yHX5Ez;jjr<QRj|jyl+{_
znB)zrNVXaOtYsWBysjjt+%`5y5R*63bP@=fy;;~r3K~JyeR(Rkw9w6p#j?Y++B6-#
zMT~KXjZ^JN8Q*Wr$M<JW(^Mxe{OtTQw;|+91BFoek`%PIhKH0cX^B=fVAb=_Y=0hq
zQv@s0r=^+5pkrxmo%Z#sm>}lK+18+efx(A_#Z_EJ&F}RUDe=!&c2*SIhkftX<TVM!
zzU364Tam9zil;M_2YwqyJ9zz}>4ll@CYq_Tx3t*rIzpbYZ;3NsNHa*nk_%m<DVvOD
z#t+lx+h%}Ul{>H{Tc&VB$b9)_lD2gLr0hDbkdPa13}jn=AJ}KSR7?EYf8PNG=?L9{
zm7-pRKbhN|6Fadqd*M!nZcgSc@t)AAE#E^n8-%Hj=9x^ADUQKIPJ1FVf``dzU-u~>
zQ5Ji@HwjvdijuY)!GaKPzii{7T9(?%)C+$2DrzhIZM#vc@B~>DMyIz^I5H9k^-^pG
zZU$enX!52<q(|XQJ$mbx-s_%PO^MdPimZdy5XDg*cGJfycSIHv{-8HCoBI&q9a_!W
zk{^EzdG1dssL!`cm2h*mnyccOk;D8yRfIO&oSJNL>f0V|;t)4#-=f<Aow&$lF^}1l
zSNCnN<+uH4VMBs1D~DA9giOITOltY=huWKeoaGDVrkBvI4wdDf6M;|P&U5*M;o~U2
zo$c4&lqhA+e6@am_-^$|xlH0xK0F8>UH%&j-~`0}ymoSu0GnuABWTyGK-xJRm40Eo
z7IpNyt>wrem_m-zo)yve?n7e^OHD*{*}Dv;#d<rTKZDGxe$PICO0_`F_h6=!h{urv
z0;qS4KocH{=Hk{>=d9lIX&3rE=Y$!G_1w;jkwN4>yh#6$3;&Rmz??GqCwje<39bj}
zi$&HWxNzkzp%!kC_7H3=I@wd!kRQA?I!(WKPC-<U`r7{cX3jSl1!4W_%|hONj~kIi
zG$Ovu`1)`W8E3<MVf^0t9d<Igr%9EZu`?w3`@wQ~x8QA@_&+jHdy;JI?5!;=7krhK
zmFfHj7=H^_(&pyo%-tcoLHxv^u0FsCV~lkT)uWJEyj>h)7OMcjaq<>>lAs>Be7&lW
z$~FA!SFkoHP7NBeZLxvAo^)QEcm^FfqO03?DUM>vdHXMX=~alm-z;TD828%K&!_PW
zZ@s<?f!=1sl)ITT{`$Tw>t`u%N-#?mi%o{v<=l#xt+dtN>>*BH@E$Gnfk&u9^uOw{
z&OJ32lU3E#e8UEf4GsM1?ig~O9$42479^%NYFfm7*rB-2_`%c3O9em4TSb@Nu8K)Y
zw%_&;$x^Yi(pt<_7(h;M{ur_KpKZrc{-jsCa*G_Ln5+0icaKI{eRot@-WnN;X<%85
z|F*&6*Xedkb5Bx85K=LIDT+Rds=KCuE5VHUh<P^QUgmadIc7e93h4E@qR)JL@sE@{
zDE>i#Za#25lECFeXMoa9n!$TC<Z881-23?WQ8P2Y%V{-JQ&Whdnp*wkAhVvM+x7YR
z!O2*LO@%?G%h!4g!cQYw2$_=DNai1DNIAyXPEeE;5k{4wd4jeiV8_ch%KouuA~Cjx
zeT>0<!tc&;MgI@h_Mf^M24NUBG1ivge^!M=?#TZ0S%m*D{Q;byp`oDyGWh>f9{l?Q
zqysb|x!3{}roQjrOE5%q?T<TlYnDGW63zd55Y<C44lRy{o$>#S4~MNN4D}xmA?*qJ
ziqH|oc%;!`|LyhANIn!GPtFN(L;R0d{^Qq>9jP%{eT(E@>EsBd1WcgWwxxw%M@#8{
zea_!!XS=~+y?IPc0FV~IPMiH-@3(Uj^D90Fv=x|&36kNSaR&eUEB(FAv4}vr^yrS)
z5%2!<3;px93f>fs_apoOP!!!}S2+bXl>c_~aM+$oV`8fa3{~9!Wo6*7U$kN1&N8?Q
zMd!K@m2B0sS1niH3%!2_JDk8PsUJlq^mKQ5@c-`)QHWptiLk=+FPxym{H32Of^K)|
z7ZZw*a!?!HK`7+=0D6a=6GHymii=*uRwFWcUB5p`x5mo+n(^4uos7288{Ph@sm`Xk
z=E6Dt##zOp%6btS4l*~ApeJR8m1$==WG+aUg2yHSI^9Ya<5HPytyh{QH9ec8(q1oe
zz7tXXqa4G3l&cz=h@sgoW1S)E^<ZK6_l@>;N>QR%ywiICoheLD%|i-9t6NjiAMeRl
zY>fwNIE@7%!K4{)JJyp-FzTEuTtOQBuC9$k>&eP7{sufr?6zvnXC+P(OC9EPEa$)M
zC_j4VY2rJ+6dv!CLG6t-84C}iEg>IMzm1+tlgt5V;}5HiJzYKo&ku>Ob6_A-y1Cw0
zh#O=j+QZKxx2GwF=g+m=^?2--U)T2qQ|!neTb)iNg8y*DKH*cf5xpOd!&-!iny-#J
zYUhY^MR~_9RcW!n3Gu)Gb#-(>+lF$kfl{vXOD1z*wF&~M;L2tFaolPjb+#hi6A0UR
z&OZOM`*e`0X%_1)dh9IoT1#(tBXP<R8TcC68QI!jzI^$wXV3W^{?6ptgirCkfiw;j
zc|LKA`BmaQqhz4r5X304(*YZMm95EnWfuz~BAov1TU98J*(T278j=w&{@^Dil-GI^
z7!VJOn%#3)NZ-g@MvBh?88e}uUkW)GK7<g+lEFm3JZCrpfyCg>Etb+zs6%YDrn~HG
z(oW~ITZr0%H%N2T4aFi8{2qNvHta(PNQUG-;Yna<%k-WtlyIt<{|uuAZAB_)D{9y$
zIetzg5b|3NO#a@gBA>TpnO0NQ@Uw0@o^yY9%+uc4nSqXuO`C;?qi6V4V3y)@OKtYm
zpHkbe|79byPL~jJt#Nwl&Qyv(^GV)BN~%>VsnW3jTz&deXTh1xD%S~I&MvP>uj@iv
z)l7rH@Hy$svlZXQ5@Sw}xT{fa9bMTn24@FN1lmEK--PK4r6?$g`DmsA<|4SuUomVb
zbO|#{-Z;YJ7kzyw*iM46q-lm1-L7|%vrz-aj758n)k<H)sUv!d+cYFVXGs)`8J(v1
z0QTf>f}kl!^|F(uiwa7SQHtY~NTRo84GroFY_cD-RED&zMXA-{prdlK{7+6JJI}<z
z*OLxHl294`o8DOCc`0U?vxhtEg){BG)Bs3K>V{CD$a8!j2ri8vGK+}{PmIf#vExxe
zUDOW2z3s*i0Epo)f+4neLsuo+IX+(5(C|&ag9aI6nHnf+=ml&Z2Ni^ko+!SIk0|<L
zZ7=;<Olw+GQQpv)isrMufRJnEYU6a%UhK-iLNJ{52?>%CaO!7^9@?u&@!#4mr5E!<
zkg}^vWJiC-{pj7a`sdD3EKobl8UwZhz@!n1fCLv=ul>{{v;8af1Ueyy1v&&15@PR+
zkfMLxy0MFs6?=7HiSysi@n}v=ro`i<>eGhg8~lWBl*G>dJW6ko2m+c!UmCr&2}_x<
z1xYat7!C}s*)uUWB5dYiTLQCedq<0v>Z;^i<uAj=^b#(y$>IkS3dT-^g{zN68P-bC
zA`+jBOPL#MQpR!Wa6dnASO&Bj9&HlIGbkbk(X^r0v8R}!sLg$`xOGg$jGlpQ8m~?T
zUk~!TYCVLs?mJcxmO3C|X!SVHe-)U}e<2<};y!0*$`Tq=L=Ojtjjf0u(D`2Et!evi
zmBDez1E%WAavAi0QSECQIL9h)kE)o6bsYD1HzXyACIw^pV8&s|<7(UPPx7_Fx0cMK
zH&>-^YoSh1n(-4aNoE?Bvyr{85O+>jp45GjDvv^{;d$EIGY~YP5UL`07devTf*TZB
zWrW_%P*D`O>P}bTlGA_VZ=YlR`G*nyuQrm4jf?H6cTs9}N+h-%crq@>VaamTNB{a}
zbP8uq02H6bVgL<kXl^bc1dtU#JYARZ`u)!|*6qC5gCE0YwI)9bZHh`3^0A6pr`=<s
z_NC$Ajw9I0wLkwTZ#8kpfsBofk>f^~4So9y+k6*jZEg;M04_3joYAlft63(ylRAd%
z)>eVroSK@i61gP2&NQ!HiIhU!Q@+RcRO=fZ1%Mj7h;A+}uFxcaT@D1OK$s3KyH*#_
zt>L?h{GUdU_oc)OI~rF(e)nV6qxuHaNOCU<?G|@T2mtthwc;fR*!ulDt6dPV#2f6v
zT(1#5^gf#A4(Tch8^E5ahX1}wJjl6LVQ+zZ``V-wwb-bN!KP&!_B1`;7XM&(!UCrl
zI(7I70IHh_H&^8lkdR)Vs{$ay_|cd-2UR=)DXFfa;@>aj<a7?zhSy3dCLzJa!2ur8
zHp#tY^sDCq%^&z0_G_Y!<I~fZMR4K&VNFHRVb>s^vhCpHF67p2?d<e4HH*y%8Tt6U
zj4F48dPCXpag8UC7M^WCqirVIR#$P+Gt$EOuTKOw;}pH54vBWvexbl&7%8I|KU8mW
zI-95F3sE#z%_ay^XK;0KK?S_{;o+<l?;&H%&YGRo^xS-WB}hbE))4=Se_UBv<Xowb
zfPv=PD@H*C0Ue$Cx!IsA6pF~W90AZcf!>5_)8T=kA&&2`fMN+;XF6klpwM7E-u{R8
z^mGgjC5(}>-GNjEAGj@@{-&aD-Pr~XlF@Y#kFzRAgxQ~^RfAf}21I|Uy#3qNY+6LO
zRq2o64>B<WqySmkq_QXY@gv^H7nZcUvJrqIx&_*g#Pr1CJqkcg;Y4%;d*|xvn*L&*
zHa+q50TIxP8Ltei{=NM4U(7d)+S)SR>XnKDV4be6Zae(E)6bQam8GSYni^+NG&Zc9
zi^1wc6RsPbM8x_JQ4AqPmatki9iD9Pv-gLa9}K*LO$5NWr**)2rTbkh6`e5GQ%yhW
z$Hn3B$9CL@>MMuJGOT?oJCnyNiIKhE`8`$CDlIDhCOk7o!(=Go+4=cYtgNxarT~K9
zI!S(M&1wHOQ)caOz8Vn`aV(=9|C`8F&Tr6l1{NKlAQv@5`ug5`dENV>SJekkO??0?
zfoDve@-nB_*FXx)Ml*Z{ME;l0BANuti1-6g^zNmsX?;|b6Y9r~lj&sk?f2R`?s9%7
zo%L?K9NznkS!^JMPd3uzJ<8M56Ie3Q?9&7_-EpS`+uynmHgJwjws?3+0mR14NC4cc
z*4}%H4NI5cxjjSxQIuaRFMtK?T3%jWCRd+_Owoc{|F^r$Swm5AywX}yzzvYxTmd=c
z1y#!UKSyub%a)_<l-~0pc*>aD#3pD<amVi#rCsO{$P`e1OG$Y;@q32xmrLcc7!k8|
zNAWWYkky)7Ttwd_&rE@Yy4?rRfhi9VVIWiU)n)(@+}hfD#34amoFHuagN=>t#fa{I
zL=Y%qKLL+wp8Q>K0LJDylk*w2=<qtIllILjgvu#p72Rg%k69o>$gQyJ<#tyDp-U#Q
z3O`tCXlMY~9ymCu!z;B`Nl$bazkZ*bw7Z?GfJW21yF2jM>UABb0hz`EINXDSgTaA;
z59}tEAB{~+re|mE7HXtEHUOR&AD`AI{QZLi7oL;WYh7(^VgfA<jd{?i0nn~ZHK~xX
zqAYknzvr$nbTT1d?NW!D9%0^1X+AzaM^#!!_~-^BuBm@x0l*Uu=UBIlwVI?A+uQ*A
z&!+C|?5vrI35lThx84mfRHh?z!g~MCbqY+qGl@xAJ6dj@U0u~1tt8h9#RhkokZuEB
zb$NN|b$vX&fF=!Yq3<)Vz!C^y2WE}srAvo7Wxnw^<*PHu%gRzv54{%Bu<Qmvo%kh_
zDpb(Lo|%+XFw<%IvCt(HppoOqV!%4A0=O-}b$ebJ{#ozN^gau(YO1PYtKGk-fw^^P
z^L@MnbVE~~(DR2WnYP3A@!O#1vewnz1O?DrsT}9-8ys=G|DQ_xrWrYMuM!SDxZv$@
zWi2Cp2`X<~tCW{+q1H#1{1YY&+%!QSUac4(<H^)AfmP&L0;N@3M<W()_CzK}Q)j;S
zJr~PxmvGHKLl6kQtrmD6cwE*dWzpzho^o-LzL61J1lR(jokiCrURMk2{k@X;O7;)e
zU)JjG-UpoaDNFRyG3?k$^T+udIM1m&w$4Ay{T=!-AJ{2Ft+(-MYTu-xR4^{x=g!&n
zDpoFnY9TQpxl}Nwlpf`sGVxu8Xkln=ZLK2B2V2T8xmdqVY0m6Ptc<Udx?iKBqMooI
zS&fa!*nmY#*i_=-@e#=K<%jI1LTo_YM1YS^gBt<<0xlhG?Y<m9KvZclNwuXF7Z(SR
z&X13ee|g15_)g4KF$oE!1$%9PPgZ=CRlqteJ?7kYf7}dE_4G!7cqkQYV14~H*q}av
zqne`2Dfu(d!U`j7Yg?u&skZS$uU(LfOZ7lEW;!G^G&Cfna{dqir$Gt}oTd0!AkjP9
z+hAX3rlxi+!+;pZ5`+P?>=|Y}ATVkIeP8tDEpdRs3Rpd>p84re<*39Toxgr<F1xLM
zWU}N+uYw&ueRz22GabhvMNE*!K?(uPQ_8IyoV2vGG&G-D!pj>QHD<>t;uZgbpD*G+
z>gb?CKrbGw$oKsGxR3)L_3Z3yYp#3Hd<iQ8;GWQc9jaCnN9f@chCtZDVh=DiY3u1J
z)Y%&we{XLGBb}sNLxGNj^bHRK;Aft45$G5ISIP+`kMr(WNqL*JDxju^g;-95egvH(
z;VX4WUtb@$_e}+`VEaT;JNwfmO(QG=XwRT8<Y51_xVdOa(xi2ObD0nIe`?mwRdI5J
z!mVdbR=4RiSYK!n2t)*<$0+GnPgz9>l@ZMsG!#A|rsH~&GX-6=630b%ih-MwkbXgG
zuEb%zuZn};NS!<{Z|7x3ZhI-)-jYIwQbtO38veA@wAw>6`EdG;`_gV4WtO#U{aMW{
z!&lHvz`tzLc!~cueG#MPPm9Ui?S*)bjEO$`!kOb{4omj!MMZFF#86%b24&cb<F+9U
z>}sz|Zb)^u3-!un^ovk}_rp6sd~MRs({lGB&WsYp*tsa5yqYSpchSGVw!XCCf5YWf
zVpI8*y=-rPOJwPuY;@%ty6O2#d4{{&)=M?Jm?L3~i3O+b+)g#_%rBU&q{rUZ%8VGW
ztgmhg$ka4vxd>9FMs3{L55<lif(KK%Z@X(zzLau!Ovl0gky%rE)-lvtG`3dt;&<-v
zIhTu9qwHa-1+Zt+IysO*d`7nFi3GV#3*I)Z&Mm)G92uTmv3@(Id7pTG+$8xQ>Fv!w
zaPcRNs@}E=(g{dVs!V;Y-H0;mdwPp;1V3bb*Rw2A`*8k|-GA3T>YUuiXl!_4auv&_
z?80#<Zr<d=V5TbRI!$*i**=-sN4a9F%CEd|f!hX?%zM4+=~4PD_CQp}0RP+iSX_rP
z4R+I=9=x0h8bgR^HZAai;vE;Bc^O4GJAqK_?(PCUOCSR##>QZH#O{wApXjg99`ngD
zF`#Mg#a2j7M8qIaXhOG}@zrLd#qw5<<C0{<X*`pwtIyy7Co$<Lmv)Yfe37*TVwdql
zobknQ&(uU5Nji92Ag@5um_TC`L26^8hrT{Jk3+&MxzZBXJQjmaSV)7@&X@e$5(mI-
zh)Y0_oSN!&b*NFw8iN=Cm@O3)Mz^=O&(0jTyntTV+TTw}Ow3;bln#G&2{!iE)YN<6
zLB!X$0DyeCUi-?(i0#QrD{wb~oAeiRZ}6_@_z>iNK;z8d;9x)O4EVX0>uXh4VTfc~
z_wusOVx5g<m&ye2k-Tru{*EhOTKe`4pN;FUoVmET`0S*+aoH{vUPdu7F#$gis6CKR
zZbHjr>+6rFj^`^>qye@V@O6TbOM32WA@pix<^t-Q6dJ(I*$l&jXzS=qTlNnR1K$n!
zoBEaN1GyHqwrv)Z`B_<6fDIJ1f7OO6i@Jt_7^6(D{Rs?;GFG|2zXxWue|j2_CPi7&
z3Rzhl0I2f^Rn_7v-sye$4F0|2<FZ<~K2k3Lg9c1sA1_;hV;CD73o`PX>wU3rYJKg$
zlK6toM?i*8tyb*fUfNvbq2BC6DE2=>>5%q_EJYRz3F_G+@5hcFkFa+*kSs+Mtr{1X
z$)xJ-^d!v}Bs>+KR|(G{<=plci_3aj8ejOH{-o|$_T1L!9nnC94NThg1JsV*R<ArX
zB7yv8%2zx#n?;;AN6R!E;k&j`hC}<M5ub%JnqTShx=!w;%UEwemYFwsxeuGsMr|El
zR~aQmHd?hg_&(iNb8QAK&ai8#JwBP*j72u<jojsoZHo8^&|u3$vM?T>9{(5)dOwHs
zEB9Q?u^XYc^BmRB{8@TltallAvs-~PA9!|L>GY<ZE0Y((;5Zr_TfY_AD0_B)Y^ox`
zMuI3gIv?#<P>Sb>bFNa%inWc@5qdm^{Vw`btE?{@-HIW&df{FL{oP}=h0Hx?#?j?&
ze5=|IRp@&8Ud3%n`lt1H0K3R!TZ@qG!9;U*^-2o`N%P)?{5j^EyqE7jrrJ)N_(6aA
zQtrXNmjB^Wy=FPtY=fhW_T==DTFv)+2mZ>8I}&8^wo<8l%jed&N@Hq*AZx585(wpI
zF1!>mw=hjD<PaCZ_~Fmb43^5RImVGLgp_yZqxrFKN~=efzIfO$=qUZ*jFk8Kip2;9
zP!dKG^Hk;Jh}z`sBQTVT7Etoj7Ce?uVokjU?Qg(3)YjKWM@CL*h7^}$0|VS|ECvc6
zHa4ZozMzW;1d(tMa9D~%re<br=PIBeZ8z)4;bJ*W7C>~Yx%jB4sMy(6Y~I##<!i>I
zjDYj>`0xPv%N|%<8LNRZjD=!N!zuDQHl|C$(9m$IZr?Hu&>Y6WjMZ>)YJjGmIlyfP
zDleOkjm7qt`yaswGd8_<b)}k!KrD^(+S=NHZ}|}ic+4_wvx|#bmkrLf+2EzL&I?DJ
zT`EX`bt`P<^lPBzV9cBE@B6;?c7`BxmQcNNk_CoTX<0-^q^YT?_!utP>Ce^G%z^<B
zG2j{l2brCn{nGi{+}zyQm?Bktk)|jB-k6)yB$J<CUsF4CxPYh#&=T>Tv^W8#+q{^R
z6zT0!(4!8#j_IqwAM!S4{rkb9Yrn!@_U}(2AR{9qA<@y$eB*N~TktY6G6JG>vcE6A
z@?3HmlzVsz^hUG8MyO+}Wtf_krD$$fd{`}Yfyn>u;vuMZQJnQo6h9Kh@nrfv#j!##
zdcN4^a*vQvkZ{}U?^t#DQ<j#+;2f^luj~aSG5OUt3rp0XPXV|LB&AZ^#6tSQFIAOz
zctp_2c#`-W4aa}6{bpyvcd?z}`LV(|xia^hW+ZYn9*vkAV^4x3fCp4Z@X^Z(3(0M9
zBZegBBP%)EJ@)b=$&GK528T$F_T_&OleMi~2f<%cg|r*XKiyCxKrg(*-!w;ldr}|y
zqmX8(onf6j`VE44@jyE*C@o?fD=?*2T7Nk|5b0v_P1js_#RS>A{q|^@>iUJR^3s_k
z-jbp02aB7pz<x*U#T$6ROaoI{e87h&r=0wi{1fk+tbVH!M5moRK6GL!p}3oX_~bw2
zMv`Xd>*u#@phSY3uH;m%S-Ursr*A7OY?Gi!Gs%zJGeVDbeM5|{lgc>Bt*%f8AC>;R
z)<baVIW?ZEBv_~N<l<cE<6;)3B}lz5+;CCyF<dmzUe^a;O%Y(txQ1D%ASpwVF(3JP
zd@T)j_gG#~R!rfu8j1l#Un1&}lNuCU4RU(onC=%*jSqM-g+)cLRAj)>WNy8P3t)|j
z|5$_yc@+Z89AGMHXlepsfr^WjvhoDb_cqqnAE=u&+q`)^&dCYhQ8!yu2%EnC5a#bv
z3;Wm!691DE6Ng7fFJHba*KW+A^8V9}mo?5!G0;Qs);4Wh75JQIQJO}I0?Hr|v4rON
z%t%EQN-UVGDk>+3>M^(iis${Zza}kc^0II<QnCm#QuOWY?0`Qz{~hF`up_#!uC6T8
z<@&u&THzt#;o-}3$ZUL9D_$oSIDLdb+b<r4zRo?nzMiE6apY>FQ`nLT=iiXq*m{7r
z2_-zh+dOC{d8+TjA#epbPo!Y|=Ya2D#jg_*pScV2OIAHuo?K%n%10Gfwn_i9SQE0N
z+Mp)a)|Onc*0R`>mkSZrO!HH7-fIt#N%TIG>Pr((WtIw9tMQB{65_SH%V(i}A*@n5
zwKRkUk<h55l{17$Oox9w2Mn<!DJONj=0Buyf@nMzx7|n3WFeWS;zk4$U@~FV1`#yq
z)2%XoYRP)+W*G{mDs4rFn6jHjVr{Lq>8SFJ*bu|`uWg!YX?f#WTlwnl@|fHmmRss+
zU8ZPgRVqUuMn({GFc$ZZgd#oE(9#ljPRo}`uIZ;V?|z#{w?V6T*DWgxF#59=bf?NC
zqSw1GEy3y&Vb>Bq5pnp9=ZtNT3=psyHZ(|~LE^iN^zeLYjh}KTiEds)iVBM@rnt5I
zF>|RDU&sJ`-ybJ_p7={Uj!s5V05`HS!tjeV@wL<MoaH2`F6-ix64~(WpK%%LoIY28
z33Z40VKihwsE#p`hZ(MCu79#O#iH<yL}a10E5c%C!{%`)r2%y@fVR0Yr|^4#hM?-V
z8Rhg$%|Z*VbMLB5O3otk2o0PU45oG|0yqtSeF8zP#qxJvw~yD-=JdUVHZR;lVy{xa
zUnBvQ=6SX$W!{c)R1*wHa2FOAf#+4cZTkVv5!%}EG@`h|aZ9>Vofsegz3xN28yA#6
zn^&ISTU5M0f?7`Mm}3td;AeP0KVFyXw(jrm7rQLvgC?tmxw%5lFLclW5Dr2~DIf`;
z%f-1{I3EV0zffaQe2~PfCr^s$I73(J6$_MV{;Nc0y(er!>5q!Y3RZ~4YkOEz6ZGGO
zO;<lqD=CYTMt~@*lz>;qOQa4F0=P<5X|Ta3m=Ax6P0j*5BjOsO78bOSx%qh)O}PH&
zYPTH+rG$I3j&_u;oOf)W*pLPYKhgAMW#QA%Q02Rd{LpR^N^ty{*ZHGD)`7OD%y2uD
zGKI2H<}(svpePg*N<fNX;BQ`h78)aVn4#N82Yq6*P$+FBp_8O?uQ2w^bN*3}k%0S@
z6Q2=+E5QK}#&hE6(`)l;=_9Kjc4)dY%^lZ_a(cN=OirdY8HSq!3n|yy{lv-bv@L6C
zSv&&q>i$B=DZNAfvEXuC*Aao-9|HZahf`75&4R>o2JAU3%mlj#T{FRFz#%OJ23%#&
z#nx^6vX%rY3w`?hC6W$Fi)_Qpm(?QPeJT{p$lH}_mHX5O&{o?ufH3}DNel8@o94p(
zoQSRVOUKv6BcDlMe#E|#5rr*%r0Dm0r}_6<SlJzC(y?1!YiOyy)z?(jthsF}v@r>(
zj9^=yEdZLY)N$p!|0f|{vzsdTEsrF{E|nnj!}6T-+VO{{p_-bY)mDeCb4s&LEFg(!
zBb*v|tpyKHxnDD-1ee=3@`44LG9{VXzj@Z>Z$zagh>1~*Ea~jC3JJb?<?ArkYL?=5
zIC0q%m3nv(AtlB3{4F>*_%ilsTg=%~$69Hw>|rT$qrf9IzQtjGZi5ed@znU@i_UST
zWl4C+OxQfq!!|X@Cgqi)v!7VLeP|y{Y~7F*+azrhTq_}`k4{EJ92bc~cRX3BmFZq?
z3MJE~vYq3fT@3zY-DP<FBW3rH-{Iqg+sV{w;YDh@Z(Dtb$$D{+hK7aL>-!=B_%<uG
zE|+nkg&xqe2$n%XhtyBW2w!W(VchSh`Q#rI2Alxltb)eSdw8ODfm0|=eVC|^ED~mX
zj1~rW7khqBw*^5#UF+Qu^Nw*ZE^+79Blda37IZ2u17l(^KB^Q8TU#H-QOe*l>+%CO
z29V55Z1rGy^Cp)v$l8Pa&6_tI9L@t@Y4_ps;SbiYjusdC0oMcIAW>)~&b7=|$P{#b
z-ZY23I$0G06ycZsN=ccS<$f^*^67?TyJb)M)|c!#J1o~ni`3XiK0ZDl?*%)<CtjLg
z1uBt|Hq*%Rb<Bv=Xn{$2PQbwv7KUVws+HR#!UlpVGAfgU<u%Rvcz#70qm&p3$|@>=
zu>gyZuviHi836$UDTKF#D<dOgpK&*t=IU+_bfc>TFlyCtOhao~JKEcu-!|$u8>!tE
z5wRM=TF8}4AOn8LgNZyDm$t!-C6ILCs^#Nz0Y2g6Ez{!3oAyl%VF(oLzaD;jp!HS1
zeyo~{nudRqRyvmyVllpkxbCHAgvaAdfr)7%es_zBsU*4?%u%UHZdth93no0-=U&Vr
zT!)(dRy7lkKJ2X%Fxb5d1?2axXmNNpDQu3d#itabpV7`E+VE&T<2Ol`&Ihx&LJD%i
zuC$mjK6M-B^u@wYV_l<tf`twUzE^fB*4!$oe91M%jsEuaT^<%@DY{Yb%<k`p3Y9|x
zs^D8n3{3H8VoyC8jd6nvLsrlYm&qlqEl0sD`w2fe3s<q$UcuwxeTn;JI97z4M8jKe
zG`h%Wgot)#CJY4IC7M>u`SP_2q}+Q>21okEmjrbM4mqC+0V$>QtlQLE;_aw87NJW!
zndY}BACcuS5nvaHQndx9t(}I;IxPGBe;KlNz3PcENcF71{ZL;Z4(cT?ZxfO3e^Xp4
z>=EizWR`ur4lIJ7TZ|1BeRY3ieK;J%NNhX^6M@TUnB+;q=NhSldETM(i|cblL_}1S
ziQ0T{XlRuS?h!5rl_XylD-U5xv3HRsxBYL31>?Cv()8xe&Vi6@-2szMQ(+zd-!r6$
zs^Eug-LbNwYbM;PT}TR&MPuqs;@6qTN4!QVMvCoc^Zs|D)Gmi-^a3A=1j33)$Ii>1
za6jP9b!9Su5{NP%AFtM!hd?z*t`>$PXLLU)SgYW90}p$n;r}`ekN`6-eYRIiTvqXS
zNq+<um|7%yNcj^I5)-&)jhCg5Y!`<3`4jz*an!-7npxEbncKY;BnFcDr`qpuTv<;n
zH}F;gpTL}FEPVVv-(G@d=RAWLIRq3GY@`qn|K4A(`nkNA3)?o2HULNzFjv+{1_IW}
za+*9f2eSc0^?pz1nR<SYA8D|0v9XDHoy~y&@*)!qyZ)TH<aImtKA2&=k_3qcfcs))
zV^e<oBS6Sl5udyArAKVfBPZrbq^i~YN3MY%zt<H5Utc~jS&5&f;Aa-XbGGTIc+KKS
zNSm=FM?X|Uf$0kiOmlf!AhCBiz{bVmab}E+90BCrVpdhtw;v=|D)byMu&{Cj83DC-
z9+k9_oC_uf1_nO<?%tk-on3h=igbY~vzGugG_<bQQ7!0`-`)E{^8IdpoM3EH1}qFn
zze~-+jVkM0$?2S;KOaQ@A8Yg1?(na5bkBu$>qHktT)ufE^^K8(KU=51h?vDQf2Z=;
z2g8e`p3dt+$ILvtQnsS);lZ;ZZ#;KO;}&XA12bGVb_x?_kO`|0dc82d3f;xB5CCj{
z)wP7r=}&l&^Vo;FT&v7<cM)`XA2i}YLrdG}eOnb0A}%G>4_u9lS?y2npZU$vqru=2
zzySc%Au%cG(*kH)yjrjVB+6h%CVXXGtf-|auv)KIyZ~SS-}!~!-rl~xZJt?M@wtNA
zBT*ruM=%zaF$?{PdMx|*b>2A_(J?8_hc3E~j3<H1h1DUzO_h|80D~q3eeSfIU87Jd
z>g)0f3hJ-kMi}5<c7QT1piv_NT27Prt;GZdD9Bt~IJ@#>NP|xa3JL;&Vh{gcQR#XE
z812QxKu)H?>zWC3IGwM)Xk)rM{X&;zVYyVhG0sP(l`qO;%vN$o%tE^cV4%=lf0op&
zmlOZny#L$KqvMS^+-E-J$O4@`C%jQb8_G)YGXBd#fT<SwYoqEf3-lG5(}4qk8e^V0
zC?Yb_+1Yt&H4vB-8BZQ=?p<pGU>!uWV;;{MK$+)YFGmAx(ZqR~*lUd@XA3|bKaYM2
z7-#@F->mH#6crt?D1w3+pYmmsbJ(+3(Rp`vUiFUA-D#PxiE%Ctz9SW{*5Q~A6nkxe
zhXH1HR6q%4l3`#dDl6ywfiOH8>DxI?s;lKW;2HeA+by*P^eDpvjhUI5eH~D(1vI_W
zD=WT$77lPukO97bFe66rZZ}sv0(Z|Ffl%NVe_@l8v-1a+owc>fLM0hZ_X__Jz2|(U
z8(h!LAhG|S{{Q=v`%jo*Z{+M3GBSgHPZl>LGFRIobq^elVye*@>?o*m(=c~hzwPC$
zVOB05ALd%aemZe9kM)m@RTKe>%5X214U&@iu4e7|r6EC69lq!KV8|VaWx!xTu)~W}
zZ|VVa$7M}<0df@N-klj#mWqq%!1(nixrpI9VL37?tyxf~o<JyU>ni&QOtF7D(`Btt
zVq)T9w5MsDjfj`tWyd@DucX$|pt>~^Us+RQ471Q>)sH_n`BN}D?e7A2t_aPY;TDE3
zE}fm9&#!(0X@$BFFp3_0P~B8Xl#XUM5-O@rl`&#-Pn6EoRbM&0i?tizO8)zX)uHma
zaIT%x?dcUCjm8>&Ypn!kxM}gd__u}p_gZP5^|#`{{Q$X7)ej#EeT}&zi?58$CsuUu
zIr%AuFDO?NYsl@%#{E`a?ZhacE}nlt52A({W^y(p)0+GWN(5=2MBlxe@BLumC*10^
zgT^V?+e8^wWP7<kjf;y51_*(3W2V*%qN?vjxN~LGLYnp8k<$Yn9=z+;J61Gi;&3m(
zcnTVN`s&)+Y4;3XElz#vg4!U8(t>I$_&Kev57A4eFo)5+WTM|!0(;tco8A4x_vb2e
zGu*;=!SoF|RE1XL^e&Zgp-=z?N%;B|q*yAht1SFZ*1Cw{7Uk{j?Zw5#&CLtJs*F%e
zfC`zs5i;L5AjH*b-7wndrAQUaJ|NtXODIzZI(HO7C7mQ)r%*4E5b6^7DV7-SKZPxt
zzhgqF!_c|1qN1>{P;oUbk-bb)b4t-`9mAn8JvnN0jMF#Qt!-+&wg}f9I;m~a*CDg!
z3$;D@NNXy5-diTzUU75h?B&1=%&LIMNR%tpDo|1hHJC#$+z$X}{-u(zurM;ZiU|n9
zfD#9&#=%5JBYe}f&JapU%ELGH&UGEGM|*qoAMlEqGyWcyAS|SiJNP2Y?D_CJP*<tl
z5pn6&kZDpxuUIas&##7a#rdeKo8d{$%pCo9r!L)osuIlkTsn_WiR~p@J|_9d%YPYJ
zvxpS&a`(KOwhd@4Vkal>7#U$=VL1hfb)ck14J>OqRyI_D2tOW!%vyNg>}--n+A}z1
zmi6|JcP_81>g&~PjIGLnmX(VVc^uQ^p60za0i4=JO_Ne))raGic)BVt^E8(VNECHW
zdEtxXaLo5>>aOtM|Bu7=uj7~=fQwU6qoJ-2a?O_3*lNaP(nPM(7s)^Batv@1USWpu
z&flOU+pBXQ5^cDWOluX!vbKsE>4wYh?ehB*s@cW9qJ1i*lU8?k=+-i6>@Ot=8UeF+
zkj25!Q5sNYm_h>+NR$3?V$ELERv-&zjxyEV9afKiAOieO@5KPW(MQHVigp1$Lot@L
zF|OqN{0|0b=dWN6HD5)QyBkphG!3hC-WgPrB1!Csu)h9pprGdNXQyCN-`bg;+^gsz
z<c<gKj~f+xt!B)L?Ga~4ATM;Oz+KdouRv=_8MI5qPbKQr+Q)d}eo9D8{4Dkw9zG1@
z{J|9$hZU9javql>k*x?_cL#sUuaUI>LuzX30irjcW8<v{e0{)KmvhN(VyK1L_e0H?
z!wLDnj4!#rFfz=33bQ_#@070a*+8f1;{2pnLg(h-o>yZ0l!pGDA@|hsV^sEJRoaUo
zp!xV*u}-~OS$A_+n=i?F?Flo}Ox{Zu)5|P=<rDgCy8<OOsl&nd;s~Opsa%dx1busZ
z3j+Vzii)v@dj&r{;1Pma!w0{+OJMWXH#Qg<7<}*csE=^xHUX>72Tq2|4v^(JIy&Mc
zP5y3%a)_!5+NMiW;02(r=vO#Cvw^phl9DR6)Uj&Tj|k<3Ddtiu(=Nh{c~4P%&pKb6
zBLO_ajO8SO(!1VM$jff|5Q!osoH5c231N`EM^omrzdbX#s!IER==ut<s+#XzMG>XD
zLrN5+rAy&Rhje#$cdMj?v`7g^OLuq2p}UkmbRL>Je)|36ckkVgj|yj>*|YbaS+i!X
zcfBv4tBtZU-khN&^HnxNK3h0gW4l)7PAghu`++8mQ>x4a^He4=&0NY5^FzRqK_cYS
zFyzgw+ca>C?gRLYcprd3G_h+{zTyo>a7c)|QnNbPJ#*IMGX0AM_+QVMKiV(Q1X&G$
zrG|ZI(7LCU1m4NpH!hEtRp@>wj=PyWX#7ZOz-=^L)VMvI+sYn!LVPC`xh#h!Gsndb
zPZ2>4vPlv6TJO}c#FtRXMRg<BIKuPj#{cBx1h5_hXp~Dpl;|>WPH;jXV95nBZ4)VM
z7+67z<tG!_jQhZIm6Vj6o*Nry)T$}T&zF3T3v{k@4N-wVX($u}VkW$=UMWokfGqZ8
zp=Nt~JBNlM;`D6%r6!2mfw4`S0g%L17UU-nr?VJ{8A^DaHdze2P{VuWry4z7!-XU3
z0C^AKzXv%WRm0y7=>sJ6#{q5Nm%l+G7!JS+0Tht4ogHxN{nFCXJf6OKbpnL7fTagh
z-%5QWN-oxA3qt)(kpHZUR~fu0UQII>)N!@L3NUK82jZ)TmHY&zta>H9FXC?Trw;-A
zQr0kfMkHRGW~V_Q|4rEf&|R{0;?i&X2%^>M6Dd`;O&6jx*g$^91XOwu6X+Njt%5CJ
zwe?)KDUiT`>%4i>3h+CH$L~$=i22(b{r}h70y9DiVHQ=X807eWuCI$i0P(phhwIgu
z^{zK}SGHt;wCOiRF5Sp<slgw~%3OGCS_a%5b|k*9j4W)l8%p@<j;{AT>fQ;_ocbxz
zGro8se<xX!t+9N30U#?@{(;>q=FLg5u^o#n&Oik!hEA?*t~-oq1>oEk5!0YTz*$d&
z`U3txj=e?$a9_Ug1y>*w@_TXq;(e+!-Kl~d^6}>I7%HS&>#zn~SW;3_H~v)E^WQwY
zPFo6`P^M%o<N!c%E5AE>6f(+fw;N*MnZ|C4es%Ae@@wzuo%S!&*FcC0h?u=v*KMo^
zRTDlS;0s0$xXjkp)(#~G5!**=dO^WkAcZjISl4{D$5+)ug&i_&N|JY`U21?>-?ZgV
zC&@uMdkg}-X>oDJ`ueSBmd3`)N=n}s-dnhV;DhP!DAP}KxyrMUVRxqSc2GqCvaJ>q
z`-prbz#iNH5K#d;kQVc&6bTH5PzebMrT7DT2Es^yQyw^Uc?iU&V{L81fVC|^7>GCl
z_EbQv*FH2PdzBysRkAdybJ@)&*E3aXtOthVY-=oNH{!;5k|zeHx&vYYGu{s#JRl<_
z1-2yzjDk&mlze<3S2cu^dSm%cL!<9jf80H6mOZZ=<^S?*@VFgTA7j-503|1<dW*+a
zR>Cy%j%8@7U&=-Yx&LvPF3hbMfU?3Ud+!R*`HUyx1_~byRt_r>5F@_4VFXV4Z;Jf!
z4kT61gY_iay88NZXQry<GLSq1F8xG`O7rzm|8{Y6kq+@N`6`f<>k1>vWN+U%rlz8L
zCY#*jLWvy$p&ALrW0)30FQxtdTQLc26;*e!$;pR&&P;^lKS45p2^|1%pM|V7oGhPZ
zUOLG}SUTBbG&C|0b$<8UNK6Od5S8dTo{5>df(!w8wfTntWbr*Gr&z5t0~|ABWVpB;
zDrnPUk`gr0U~F}Dcb9h;vG%CQ;PSPB&Gshghj-6^TS+~=Zvg>_e9J&d&a8VHB^$gu
z-k=;_<Wr^!DLNVLik-DOaA#l`R-M5OfZPm)&v|-&L^hcov@*XU#}O4KqKx=^YXdsJ
zaXgcV6$05g>H<V_FZlT80RL@$Nr7*E(pUTmZsi5Aw51Aqf8C8B_EjIRALB+oLj~`C
z;vEKsVDjhBEiO4aNn<=Q#030TQ%?a{g_ia$6!DJ5mk#THL~wpP1ZMP~laizc@k_ua
z4J3ChEG$l5O<8^W5TMMJM&#0TXR2o~U?*Yz&XvdVI4gF-`A(&}1o2^NdJFKRLUO@i
zvUdM$&Hp(r4(y)raB)w%DSRtt-Uw#;*Sqe=$Htz3^@$M!`#*gU<z<k8bMn3a>FUd6
zy|%Isld*)kj&S5uMzE#Z&lZBwqh<<gg2xppeyOf=Lr>=%fRixa-){*>Cv$ZKj#_|`
z&OMYcwRZXZKVz}KH*1?1o6q&OY>Pn07%{|cZ&KhZ^%!FaVA~7_Hoh55`49*;9^Qlr
z(#6iBX#^F3pwuL%`A-k@^7k$pwSCh(!uuQr;jtM~MR77GcTW|*9>r@Lef?6sR)n)!
zDQmmWP@AVLET3<XNAMU_z-?3gyI=g<t#3lF3+eSL1F)!v;~x;K%FdA*B_RWAZ#`GV
z!^?XM3h3^xmhNWPpU%1YK{txE>*E>k%pVF~AGEt4uVamvrg?YiBwL?7|DR#E-!E-g
zu3KdO>U29Ng`I;VuGh$eSa|s@dPy;0wVgY9I;Z5vSpP8~0BZz8=$ZupEkM^zsSbd4
z<8RXiiA_uM-5RBJ!6Ug^hy_Iz0JaW56w`ohlSBylKPUJ&*r<kn^$xy@A;m;^-0<Z-
zm~ObpwAj6%>EDRuDjv{ui9sjw?>g=zTXf=AW<8%N!D0o8O-P`_4pI4`29RIbRV?EF
z*)sXlZ?fIUKY%^TrvunTkVsB_2JX`z>2bs9q$U`$K-={HF>)TJdM$%`tMMJ=m#1_@
ziC?~KG6zzE$BuzN4VqG<c<`U^@^MA0A7?}=93;(8Rr~+*N&cA)%Oj5}xPbivC=ZaX
z_xLLE@6PRio$gPEISeAn>F<D4>oyE_@+#;*R>HqOMp8e;4%xgl)!S0@pU4&s`+uF)
zf<iuAiqJncrYPqKfNKE7_@5*BPm<w)`?pUB?)C>A&(r^WgnxQBjPo>wp#(&+Guiuo
z+Qmv{rB?l~ZvWTZTc&&f)*8BnW&|m*`%*X7_x>J!ba^EupUKzph5!3EsE9BB{lRSP
zT?@j$r*ekRS-rnm7xps&qI&sv!3==0?4LtJIP?3r!V3g^j+@4h_vm*B9-3`V7S6>`
zJo$S9zsPS9JFD!sh(AEqDTo}kA(${wzHw+^z$=v6Kl}XZ%F?Pe(ITk=iu=zuT0UjI
zMSPj1a8c8JA4;oy9|(Uj09R-W{gKmbwJq?B(qLlAc~x7$RRK;f%oO>bZ!HImW+230
z@)G;S8x|*n8dd@D9dL@AC-*lIGqX)FMs(cQ@Te|t;7bDh{HbTbuaN*R0~J8f8vNIV
zA0fVU3sX`Z0vv?gq+V;rnob~ksKBQP%1O_?eKkM{XC)T^6_zmr+&wZfvYpGHOLu-m
zz~6MaJTbrV2bZa8;9yFy)YCh#qkiB0zJKDH+D|huEfm0=lnW)b0dff#vyh(Q;e!y2
zKVAP;*uq}&8VM}lUgvf<iLtS`Akra}N$>4YtM#MBB54{S-Xn?_ahq-**iHbj06I-T
zzzNV48*?qz*td_4j!sQ+frX;GJ7^)e{J}qcVt)3c1wjUkph1=5V6*dspI}~re1HdA
zK0}cHmuwY1GHtfEulV=cZ@VB)`ePNjnF1M{T-O!)8V!SG#iE)E%^yxSqkA$~NlZ^{
zMn+z<Pdk3U<y&-W)zEP|NV4T5Yj!IS<mH9?Zr?=SZ5vA*WqepFYUX}^_TfI`&S6(X
zp8nET?|5v!qpV5vv!T|W5#888tNE)pwp7s+7e?n9pNg&LuS$z7)6FKn^agnpUt3E^
zbvw&#$;EWp!pgYU3iO{9F2Y+`P&1Y28R+Rj)+%^2oNIBq(vkoR+*PIRQmVIVoR_fS
zp8;wnMgGGt>$$9UJtt*Ojh3WWP}5x^=Qf(_ry!yL;p9eR>xk{{s1F0=HQ`@(Ds^da
zbzZ2dIXT`zAJ3MZIV~X`mWMT`m9orvw?d-|YZlOggTYWeL8?&QGgEBr|7rJC!+#BC
zQwg_v(Or!+GU50Zzme<{gn*}M526aiBZ8yvWmG2l-zWNfAKyuUY6ntfhN!ZY9iU69
zaNc~g$fs=)aYx!L2(z49VErJ8VJ*o&*WbJrfR}nO=zbjLNhI+4#k!6_?8v1A9Q|_9
zs*c1Z4QUqc&x$$*^lE2kHK-)T#r3!VC{8`IEf@j+pEum_g?tmgtzfQ6BTi*bXlLP2
zWi(l!`MSm`d=Q?7=5{cPv%nu;A_Q%FbHM_quiB?Ld|O<x3C&-;F|n#1E5QEY);Z&Q
zW9+op)2DX$4z2myIEosGhiI1Q`FB}X`DOW<ObA(VRU#DBdtzKR<<7S#KNXA-`|#{y
zqp**W?O;=0(Mc3WzHX%V&iV4nwt77T&*<gBWiveIjDwBkDex;FJa~Kf)3$j*_s3I1
zl;T4Q88SV}p$nfIW_N?Pg{4o=7u*dOw$2GCXh`@z*W^n|>J(!{udi$2sS;s)x!9s{
zWyhw_h3_&4C_}my0*AbOts;YJ{L;J`HT+MZDa345&d0|nJH|wtCZ!CjtuZOL9=AhD
z5H2CqSl>i^Yfm$GC$06RIHSo<M+2vmxkjBj>RHU2wW903h}1hQl|9Mrvd!TmogCNe
zeZKMwk?T5wLLWoX?A>6UxY|VHP$oggCav4ADGevXp_?@oY-MDyC06)U67{d@LAxfd
zS5;ry(GM5py4NvoDh5m;-OcRK38#}}ZstqtpHh-lkF%8M*SHi`n&!RE=VbzB`bBaE
zu2?!|KGL(@!ME<v(+ZRbUG1-+4a`g1wi0-?BpG+r+gdUN6n9J<JE?L<`=THn2o3<Z
z0_nsVMt~GF<cgk^cyk}f*nmSv8bhfi|3_4`JQo2)nyQCd!>=}>&pBqys`PUVk`Xp)
z%>w1$`=&F3mVB2yyO;XT+p^8mR%cP|qgK~+3M-F1OmD9#7jo%cZ;npIKG9T)sxY;(
zuQwYypClF1LTHy{&nsSj^IF<Rr?3ICfQqYysbw@!+nKHr_o#Bkm)9Rh*=tpMTklff
zCg-l~Dp~?{`kj*l*e{@6mM5P30jJAYrD?l_0L5(7)018;bGUb7G*K_+&iDaArJ$4|
zDa7pJXf2;&LbqH)t!1<v;ZyQutt7hc4;1$;tD<p32dK{@6EUdP3U}Ow_AYBKT@J71
z&15}we8+{xyNN?%iXy1SjsN|q`$6rs4L80>115#Rj$Akt8Z}mOQHs?RzBL?9?pmK;
z%QslwmYpuBLVt~`NIXPQ@%{B&;FXY<@5RvsYf<P*zX?rR%5?YP0ZgDPMzy2%>x-i6
zI<t}NR1&I%aEjIj0mlkeJq~x-tB*3ry<s6qSY<N<lY`xKZf&cA_(mLq%<StO{pG4M
z$LG~%cRxRM`N(g-$E#21u)5_jJ!y-u%&1;-^%9`(D>i}m#X+<QvyOC(C3-OzuCInZ
z7Egr>l^U&g)uiNnpo{gc{biR0-7z-gOI5>B?A`lD964L0AryBrD6Lava}*MX@+(7?
z&pK@>%G~W(_`0F99@nQlGn*)Fy3C}LU$n&8Ct)QBf}B=cpu@#i=g?YoKF+c~)z9fw
zyQ|ebm6>r(@7isI)i}W4ih$qF!j|~spYk2~%EO#AALJ)b^a&qTWB#$D{KM92jbe9c
zpIz5;<g%rcxh;EBu~C@s7V*Dxm+N1^q|NtT*BiNp(yuo|JB76M#@1*@7x%qyPPvng
z<_nRAFtrB-JhCSl3}#f1gAPK`t)TSPM-*Hgfj!0pZA3u&2%62w4A=of+0|<m815(=
z!$X3<(_#m?#(UqSCY)@-CSI&5m3d!W^7~9*7vtZgiS)|#SEtIGp^Z-W_y3Y6FK$j4
z5s`+X`~Ya(qN0dGHSd!VG2-H+#@2U0WSez7FD0pZY=WKOP9RBjacpj8xGpm2)&7o9
z!rQ4jPtPj$hGa#xRQSp@*zFE{NqZ-~Mteu-fZF3{sHW}Ye~EVditE*@3i6xIy2l%z
zG7P5l{U?EwwwtU=_N?Y9J;y5H7akA3YW7z<M&|nSjggLgA|j6c5nZl#g?DhP#fzh4
z<zvw9;UYm$Crz!3CVVs1mbW0Z@0l~j?F6&uBvUx5XVw+j$ljM=xNp+{juQc46jre(
zbdNtXbtS<^FmEHgLU)X5k+L&|?`U+sJZ_xM%0iD~e<TK>9;clpEL#6dV2~gys)(p}
zAciY8_vx1T8`r)0sFcCRT+D|N7{_}!+|CWv^6l;E#6(1_1C27M?JOOH9IwU&SY8h2
zd8U<&c!$wLLnY&+MJk>%mWMUad1K?B_igs%`8V_pRFwDaWeTbDRzg$eburQ!-#Fz6
z7rn&G3nb<geD`|bMnK49XW;I1N*Cay!C}}HrmuSqe$0<KT5blVD!&hC6O!knc$wuk
zZYWB|JWg!}|A_xYZ9p7@q38Ftxa$48i<6%^UE@+w32<#48~YlJ_RsSBEw8VJx*P}u
z<HRiqv!@Pt<Wn5qy7%%BbU^Tx9WsX|Cq*IrBm^Xa%yu<5i)j(-!E<T7F|(*oob<mG
zK#az>C*&Kg!pxQKcEvDoQ=8k8YgHItEY*44$BM#=!~K+~vk+V})Gm_c6{v5eLxeLu
z7{nD+u(_+%zowx-AzYxWs%kr56BV2-lazh<741t>lH#W{e_+9r>H<FZ3^W$M{dHj&
zYS7(U1X&%2X3`%<wh`+rVX{*pMy<paH<3?91?Og$b=6RlQB!4Tye-T}e4AAxS+5O3
z6{pI|@Zu7-JwET<YyU3D_uM>S_s1Pcp^RX8tYRCDHq~2@zNP2vbUPXC8Bx?F5;)zj
zjLF{Z#a<x1b6Am;UK@etF!4<ppPY}hd*2GWzn#FmdP*;9zh60vVrWQB9jG6+xBXS0
zFmM%qW=8rxDvC&6W{r%eoe*cCR#8!^s|yWdOyT+Jj?Py`tSI>v!s&2Phmk(l4RQ_?
zQVP!bjr9;Ij)tos3nQx^g5z{u3k%w(X#nZS{PLxdZUGsFiXNab08Bh6us1f8FXir-
zm=?|_<g%N2N3JG9Xb<-X`Mzknjj5m75!1d%46Ju04D1Q+Ujw?oHto;U-)OC7yj)~R
z&qVmRmeD`zBAFGvw`(bIFrg!4Em#-wB5FDay-E?B9GI(;{+S_ezRNR^Fp#p$*Yh+~
zUgi5|$#8dmmoP2MebwMtNn<*wpDbj23y&&8mA}+0{gj(@D2#|5lp&P>kq$7ObDLEn
zx6)?teWv#|Vfn!l{7W~xTU`)HkvCaqQY7IO6E0?yrO;GCkODKB&sa#&&h>T7F(t`H
z8Q&9rE%UX*W($wAS2z?Q7d6X+#@=Krijg5m=s3@rva&<9mo{Z9Wn9eHVU*Keo53|p
z;`eVVdDui*H?DZdnSu7+%TspRgnnlexA;KcJNM;+$nD}swWAZ%V#S|3Ew$Yp@=e9<
zsW+;xneg2=^211T!blc#>^k9)-R)HbIoD6R5i~z!*|uD14>$2LY@8ixGa@JzCVST$
z-U^5)=`tkr=l!HTE*qZMgl8uCI{1XUT1fdYK7rxFR!Vo*EMikDkIE+~n^e}iU2Y^A
z-q;}2UWZ1DCzDn$?#kqhJ)yH;d{qBLDclvlH@BP6!PsBz_&!X|nvcGccxOXNrAAbG
z;f~$BqMDm2JwCTCTR->8m-pgmIX}f5O(aez&p;k9`h#GdoU1Fm$$Q^>>EYESNKJxd
zZH@)@-wmQ4!Po~}5b<WK^E#{MkV-tdXIdA3c*XGxqkK<qsy8O>@Cs_*3m{%g@KoCE
zs3w;_jck2iS`I;5b+7bI{F$)i1C3@)&9g~ti8V=DXisqNwY2Qd{^FA|BJLkk>&kRT
zz3xY^EwdDQef0S1xdaP8z!#{urowiD8s{rbnJp!yXQM70USCud<JdGFb=H|PMe4ig
z7y;7_c?DElKxPsk;q@nfsKbhtOT`pgsB(OYMmre17iKncNjy)=G1CanUFfJ_+*U(7
zzwlTUG3a~LSnOQJ_1JkwOU62Kzr`__$|w_(pj-|n&J}xh@BQp#z?Ytt=;}gP!q`B6
zWvNz>r3n9=`$AR4hu@hl${rp?A==n8!C*0y$aeOn$*IU-5ZcXI%md+P$oU4IoF`$7
z!LVL8bqLamOKnji+X#GoJuZgM$?+6Z?Q@Nq6~BYzIEktXjZgKFS95ETN<dC-EuRM>
z^~S)9;E*f#x24-9O|nkP`X*j?a}=W5+NBpgt>HPA;V((ObEMN2iz)Ti=xgeDo|X2s
z8TM_AT@j6Cb$NTpsuO0NGx^MgS_LF-FV~`MoUn85-I@%S?sLkeeBNB8EXgn^RnzCU
z17FEkvC+hIA8;-ypf;}d!KRP}2xNeoceYWz!}=Q{aARGlFR%oV9DsKocYE*&pfG%b
z(8>0eq~xP-Z{YQ^T20Ogv#wR}CyBhL%1DOM@z+&rR~<{ti)^qRd=~dfTnYyIS^nel
zFrBnpZYgovBvT)+j*HBX;y}3Ar~D9Z*-^beq3&>0b}Y6ecB#czv)OOGfjgwwtbUyz
zcLFcYDe7}gt#dgnz=t?l&s|Z_96fq8T#GZ+(`9;uRIXD>^|sg6a%z{?UERWHmx#?$
zB^PD?iS#5&MsDu!Eit&)%C-9arX+ULh%QV2*Po-Kfu_Sdo(8ao&&kR0-~$`Y9qT}<
zC^Im4?ryL4ad_{Ug#&Q{G9CxWb6o5waT)*-XmsA5q_(^%_U?C0*`Icuek#_tNLpS1
ztK?V;;@g^g<F!*?BZOP@AgER|7)SNTfJ>;P8h6bMbMUoc@3vI&N2_bWhAV0k_qpGD
zJrKPt{WqZDuAr@5D6gP*hv9RIJn_IAh0=cak=RQT(sV3yQv%%5m(PX0$NFO?cfNEq
zRakmSG-2sp<nK#KW-SE2wWkgars;IAy=YD;v|gg?nbOL;%x9%O_Q#@Vq_8j6FVY^q
z(naJD5O!08MZ$eRlHR!~8^5@vtt^W3lK@BL_Cp@`8U<KU4HU;R+--q>@yl`cA`B1f
z$@~>Ede^R2R9)?4PaB8X5blymfhsfpHT|D;;?q_u`LEmaSW*pmvti|AQ%o0zRk6pk
zV>{tN?XE-_$m{2i9vV4K)bD)4PmKqm6fyRfZsX+pd8{tT+BKXN9G*_3+&A0)W12IA
zEdf^;)eb<0;rHPdUr~vml14=0lW6aoGr6LA%|?!bkxD8i)*Txg`?Ea=xIyZ2FKKBz
z0ryA1l5jABN>XPk@wJBlgI)GNEi8AQ=v8C3ISwr@3ewVM%}AFM1j5=~w6#+%1ww{h
z#wRAQ`lz7j$uIs~kF~NAPi<HQ0F}2eDpvE~G3ybLG*2%bPpPE)oq~APKmM{Gf#N4*
zwR;$%^l{ixnVJ8<e=E8XWE`BFjG(v`-rS1+G<IMhd>@6J8Weiv2s|`H1pjJQ+X(E+
z``J|6ECBS0=WOOb=iPHV0aap)R*xcS|2yth_?Dq$)!|}=9Em?cLqP=b&zbjzi$OdM
zWPk+r>|4tBK(JlT^YP!04!qjHjT(+Od3ypHsNbw^yZ(PadYv?uE)oPJ(m?X3dWHt{
z{om%Y)BXN!`kpoM|NOu{_3YoX?%g|SMgIT92hsk2fkW_tSrV+n9SPl(;8Vd`N4dih
zIX?gJkhGYzN{P3zf=o+=E0T+aL;**_Xbkee2a(2eViH9ZNrvx6226H`6dY}tII6A+
zX;N1zJ2iWp=97<;@b|t^U91E-6XCKPFZg>=MJG>}F;y1jQCqAX<`>kLcy^{D7rSO-
z;N({AXqIjid$7S%Us--Z8>wu!^u<+<(TA2`h<I+^jUC8&%y(HGe~#>~t=yFR`v6-+
zTB|XIlW2ydrEjGyw(tl^cMPeS`=(R8WX}!?`$EggKQZjtin}oJuwH#l&-Ask`$kfn
z!D23#t>&sABo*26)R*fxh+;KHRa@f{1M5c7qwvxk<L}dbP4J`TJ*R{UHMNMNe`Zop
zN@7q8Te-N2f*2$kB?u=5rAVrFy^6e*vORem-+1Ci(e5d0W3E<LWyLWXI+2;Fr1Kpv
zsjQ@stF|P+Wwkz~e_6*W8&#hg0bLrWK#Ben#greSvf1&nOg1(t4WxsEZ>KJ3dgqGb
zPvWxoW&0Qk;z^EvXd!e5dK_%uzTp1s_C5FgOKq)zKIDRh#YDj$*-r&d>ypBQ1}nW8
z&SLp$lT>lzBzs1!JEli$yrO@%!7Hy~XtJ%(h;w5+8C@y$>!e1;y&=`5?3WatmK5j^
z_565(c5l&5l+*cYmIKk$=n%EpI13$ne!Yu<tAdGnK(h49lxq=TuZQz>zBBjSs{X|S
z9HH+>Fh|=V+Eh8$d9YSj{K$LGR6t~=p`xX4U~aBKslV|y+4bCRy>?rnsJ2pbIal8%
zrAEndOWeR=k%MSyXrw`wBMe7EA~As;CS9m?Ef#r(ttas(Say%!;kjNbj`QKKw>S4q
zO--q&_;h`{f35CV7nI8k6z*y@c-^E7h&xcRmijdaKdT+zprw2EY;J&fd%7l#+fh!T
z)V*aIi*sT|qBlg$$|Rg~P+FQk7LMxEpD7y~>p`=ywyVFWB9!{W730ZaldIvk#H3~x
z+v?}`E4oN-DlQQ=!oCFebvXz4idkR07;2!wJ8#0Hdd^qI$9KH?8e@O-d%Lg1?)$FG
zuXtoUPic4SQ5ia%Zw;3Y8K+Bkjk0^X2b<T$4bC`HS&U+(27A9NQE9u1z-S0mH6v11
znFkkB+@4D43Cv_3hJSUGm}8e@3}|n&%9qPF-Cwl69Wsi9y?<|!s@n6s8#b_zm*^XN
z`B7t?miCU;(TdQbF(Tce(At^?vD28N!GQJ2{EsX=Y^wZvCpXU{p0QMaN&(nVmMP8N
z@>e;GSTYG-_i#E=fxfI~e0g7bqH~K*diIn`We#fO*QZ8tVsO~4vyqTBoHG7d4(=^?
zjvur($GvNLPgiKHYC%_QU#?Yzm%>n|<dwH+G@3OU+G~pv+6j^%?jb@OSW%P{+6CXb
z5aPdARJ>n}9$3iQf&Q|LCLSAgC__GgJHQ~a<qg68w29-f;wI*dEQ<99GAW`BS55FN
zkgb(^+quDZhWn{KJ7`vYQK~MSydOl4nK0v2rf_<VoTvIbPS<sA1!XynxJte~mA~rZ
zOU+D3^3&ZgGj=GGewG<pwyjWxg6dSxPODfQ^OkO3&aoEa{N2$zHa$GDS(}dOqQ)3M
z^?8%dlv+zZ149iB7o3o@tv^uwouj#SSFJ%vB(%gnJ0Ua_`ACuhCa%L=Tu`s`@|h!s
zF9jV*+2IRJ+N~O~;qjp^1tmMmxz(@pqjN(Q?;sE*k0No4U)cP!IY<el+kH(k^t`G+
zTNx9g(L8ars$)9oLUJ>5r6ng4BCMK0T*rXuiL|Cy{J#(QsHL9_Jl`sD1-qwte%k^r
zALYI!$t_n>Tl(^=YiL+YoEkBCc}_ki$&cyn8IP4J3+>W|1^>8Sa(C6s>4ICxV#+r*
zq=F6XFOACd*WV0(Dr%cw?hPP!>l=DM;&n%j#k0EO%&XZXo>`Cz9^<m+c_S;hXu~u*
zx;-_1Nu9x)VodkTq4xX5+yv&tVk@`+O<{bwP;Zt46;9EMsMuiGwvjVr{uy7L@1*Q?
z!wY44Ob<`Do+901N|B69Ps3%-!~UU4r;4A(1gj|pT<{Xs4Sdd}$l3G>EUcLbw>xW$
zu`b2Gi{U{JSfi|?h$89xAQE%i^!!#ezZ^I6LrfV;Drha+e`O5d*fh=WbgWu(>X&zM
z;(tBobXj*&h*j5Hk&j9JLg}2u?fo$&h1QtB=$6th^F1|DR(z&O_?kn=_o+`zAp*${
zvmuZUj*Z?T<DC6Po!wo77mR}H8n(|d)vzT<Vq_<#=wTO&O}94l0}Z@XR7I7AEhU>;
z9(5_z7Xdp8+VC~=5~qrF<1{{Z?#QXkOQSa&QCXMu*$5<3^bF#&gLtz?9UDjVJz8dl
zUHB!rJF7qW9johNHuBLB7bmso4dFj$>t+&ZQurLEyQYeSoyz8id3!pglj-A+wY(lQ
z4nXmGgL9kob35sfJ8suEWVI}RExz^7EDYIXt_`WoM1%9z_jYwgsj9`=b4Mn_kl8<N
zGd2o5jAygdIje2hk(#tQ5(=Hp#N?hml1=4{@@X9{-Ld;6ag=ywqgT*Of%RvR|3-9<
zFKqUyMwYq@v0hX16I*nQB2+mEj!Mqe7SRtU=9pd3N^Y{&^a#ju6}Q6}^Yom47=gBD
zuHfP}w`Wx=(~|p|kLk&EyJ+okk@2%<CZU51Vv$EI?3K=rKYK$*6`>3DaS{9ME<cLN
zRDrZrvR6jzP6JpC&YhUmH-0fx<o90Lzn#Bd`XbF}0*}M1Sf1MBYls}FI1@`H_Pb+e
zy`qH@OkEOnc?SiPfZA{#qQ&M9EkahY_1}t4j4Uj=YAuda-%$E<hVQGZJD@~kk9G3H
zM<{hH;@H?D<qaR~z(UdYc|NOB9+2@(20@*VPOGyr$d-KSbAl~x)O0E1F_-9!D)@?b
z4&trF=m!w_7uwk?OK~uXkdt?mR@in~4Xi$Y(m#w62-z}7WmzqJecygJ5Wv)9Hg<3A
zUCCATChRf-10GIKq)A<~9+K8Rj64%N{gdUpNB-c!L;)!7sHv^RimI=#_W*F7yWeVp
zqbu)C0Yu#u=(bK&gHn!a+oeUIAPEBh`Qbop!s{$8f`-SH`xJ0qCk3GtUqTcVqKtd4
zR_3KockOp07iJ7nGlPP@6>W+eRE=+^sJA~Hbf%V#oQt(4Iy#&-X)XrrxWA9(#BcKW
zKtHA(a5jKSw*q;E=PzG=zhY3T3BdeTc|IA@fRpErgj~Lj=B^?j_ON!dPzNijWhfrG
zJaPwfg5>L$xr;|voSKdQ`lfieCHFMKmkc{r$*DC;A53+b?l`5XoKZbazBSilfd8>j
z_uR-UbNy)JBq`wBf4TwwcCwJa-#<HhX&?C@)ftpt`_78|{mgFzrzzlXfA8I!t-vpA
zY5PU|?-$)PG?ZFkGvyn<z2R+8u~ZBk>c1bl3I6==Jhs`GMg@YD2q0Rara<C%1T0sn
zXaBak954(+z}IYaaB=ZL{orrf^;^hQN=m-{?|u2vEx%FGo0*#fWiUcV=`HLXi;K6Q
zcvsHzPk#E|y#ryl&j|4fc}nzgkzUUaP+Jj)AFXX{2<=j~WYWa+YQ#~n=(QLU|4D$i
zD8ip2z6=B*I`>r(f78cIepPw()O)+$vRW^i2yt=8kFG(sIwdCN1MweUg})d?Rd}6Y
zvA3_AeQsV=EhCsE@gC`V%!>Gltsu(-s0T_rpyOq3zGmBl{o_^oZ4e@>G1mcsS^xsl
z@_h!jH-MN6rfGM-LMD)OXp9_z9}y&twTkwH)=}Gg){X!~r;Ll{>z6MTmQzFH<FOy4
z{&=UUFCzDd)P8l$D01R!K4hHXuTCpHlMR&;`&ET|#gwub$<!&68Uw2{QdMg1Gi1n|
zB*jsLhp<{MI$2b$^eOU9eg7&G=^<mc)HPTNT=*gtENGweaO}(&lIzrn_x1$o#r5EH
zzIoEr$H!kWgbE;3^5qi@RK$W_ZjzFrfN;pVmAz#4nG$U(T_HUV3CZ?(Jzbn6NdJSX
z6D=lFO?DO*7EaDRpnwE|4t!3V2R&VX=GMU%figU`P9zLG9C_ulbfLWyGOO&$v8-|H
zAZYz18>$HYhi5}DlaX-!RmAQH?X?S0pCi#F8^-e=DvrGNQV~wDSEpt&XJ3n5QuaBW
z9KIu^2*ui+7ZCclf90wZYLPcL2zHmpPnwvR*up6J#5ZpG3-L>wDK@eiG$!bp5fm+4
zZlw9<7Zd=RAdgP<e{dp+(khyomgeRc!|i`Ys2eu9^8M}Ws1?=l22s=+5AF>+m$h$C
zQK)#yt|l{tyYDwJ<Yd_hcT%iD)=)%n({_{I)mU3=M0TR*WHb%s(ejel51Soke`^aU
z4MOS967>ptGlmaA$Nv1Q@369<inRHi>^1qDF~QV#<@B79!A%%xg=%-&hT)R(FXFJF
z`NgVtZx({i_9l1jN&|$4Sh|!0Gz|<f2;yVjM!ty=O63s$RufHpbsC?H{p9e+e7Dc_
zAxV*w*H7Q(A_t0hp6SD8J4gHPJ4l*u1$Vt_-*2$!2^+0is-R*`;O}XC{px+0U%Kr}
zC6u&Nq@Cc&R8fc!Z!||3DWFdWm$lNmP$3o?72;@kN*Pv6o${)aQ&607o>)TBYUKm+
znQX(9O>2hFZ9$({SAp}h8TM9ce&@}qvcXL0B=dbErRL{vgf+hRKM2c0M7<RdlNK0T
z)RudM_+ujkRxRzUq3ry8my!6pf;p%~Fg7-}wq^`!HwUy_0Ja;l31(It5FM;-XlhE;
zCp0u%NziF?9Q(&&EE63(rErbYFrvdCW8QE_yn~<Ks#FF9MJ(uXu|w86k?&lWA_>{u
z6?_GW+#9df?oJixiKwWuyr;$VnIN34$4!J&7voW59Ox^}=O!cDDym~uWS5$GFQu+8
zw=2GqvlB3SREsIYx)^;=Z<|?=sFIf5_c6A9z-H!c=gorh2a2h?0s^7xo?%;S8-`Hj
z#UZuwohka_VCH7`r8J4~Z~-?Fmlu4M(`GGKOJ3|_pN_CyQtAeM4j5|t!hD2&X$u`w
z>v}idg|?qZ;t!rEtX|iwsRcw+W)!GeTsB{g)a!({=~f%7no*pWM+l^!!cj0VrlvEF
z8-${_iw9XN%Q%E;cfZvfnjW@V2Ru`ebA-?bD)XT-_*gwNY^mK(yFO1&2>&5^>m+69
z+1~t~qRoW1mnZO1v&=63iO7rY;bj+CkWW=go%_ILp$eQyrm}_g)$;u8-4KZ`!DeXO
zzK`k7R}@C`&o?>5&>L#p?YZsA!~Ko0osH4LB<pG$CLcqgC3UAI%Ik~p$i$g%6K?|_
zk+#Eb?sg}yGPO<@Z1>T(&tR}J{K$jSyLwkyG&CU6t>dvp3wS_8L_|_FUp<fO%g@h;
z!7QpgCIIXP0CbTbz6YR8r>)V>fq}60pCF{O0AgwY?CfsioAA$aw0v<Sp6X94kdn;s
z^K{P^>SV!O0aVV<53=O%HeRD*9e!*VyEx@~R;Ony-L+eoQaHyT6%61?mNwQ<_Kew~
zv$K@KUDJV$jr9~+89qfFDJ8|sA2nZ9h0*W48Qx8Yf3ysYVU4N?l%uJ%FXh@;+-~+R
zb~UI*h4v5Pt%W$S`>G|o`rOXCi@KYBuN<wg6_No-qLns=`JaaC&~oS?pU=5;X{<#S
zhXZXp3q<9n8x_9wCUpLWz@jiPjA(7_gO`CWrJ-RoxpA=7W#p5cwWoM|KcI0+i}Lh?
z6c%N3^rv`gSXfw)S3qC$bbHFOV_fc1@nTrB&c;YBzmQM4Kd)}~)pHB&?{|%zie>N5
zdoH$RLqntyeXvSdakQl+92~TboZ31qqLupxf`%e>@l3>ijlabjLF(^OTHbp(HWE_1
zM7aM$0I3tF9TB2bNB2gMZGhIF(M*DE>aA!ufeKFI?4!4xU14R^(aBl_M0mQ-xj0;1
zIOA~Yv46aJLC^NAGFjUA*$_^qA@$7#O$5bOqp8t)Yobe`fK~S7Yx~4wTYt(0TI2Ae
zbz)lEdxsu4V%?!E4<h_8Bcqo%v!|Q!>?mz4M^@#uDo4vkmm)%zei0JdAtach$n2t_
zZbHfUHg9%Fc-wdvEd9l!x#5<d;9~)gc=La0cfUm=$3C>SyF_BNtg+{Z&vNNS%BrqF
zAknMA>54;lrT~{hS>#0}aT^#sJY`aaV~wuQjHTWM7y26bP>R!rA0LZk*uLY$J}vOh
z$?BrTFHoYP!O(EeZ%dQ(tHoWO9${BY%QpbZvTZm70eP~Zc2MvKoLyHCf1|+1&sL(Z
z)!GBA7QorQQh@*obTDvhwPYb6N5M}X3Eh|)AOG^@i__jb;3JiN7Sp?S1aLng5P)Dy
z01;<_ERjE}h*_T4p?x7e7mu9e=={XkGg<Y|3bIbSW=BMbSE*Q$Q_*7i305~olfQPU
z95(ltM0Q1417d@NzpsH3oH*F5oV^M32(dqM(gW>@r|DwZH2kAzG<z*A*!LVKHCqF-
zIR{E{tE^L1mDi8dqY7gB3q3Fn6?Em=SC02ML@TXqX$gu{N>{k5ma(viqU8Itf6XW@
z07=JEDk>_axwK!?uVUkppwi;v)Ae+dd>m}N%F6!H#-cJ>Vo^wP08(lp=jOcgaZ{Qo
zjyz1@d9Wma-|;%Lb<tY8d)=2fgS<7lDDLNti>qW3*U2t_kM~O7Y$jD83j%rTiShMg
z0LMJ`^BH!>b@I6{<BB=5#+{M$Un$5nA!P%b2M^yk!Sa6m_!zQoP&K4nVPg_zwVtX7
ziV4)W8x>7OpGgEi#QDX((ypo9NcC%R(Nuv58ke?K;mEmsx+*D06z^s94m*>5fR*Ll
z72P6H!cShN^$(wu?3c(DOGq547raF1&Uw|~$tN=v7eo_8pB_-3sZv~xyIv2CqL7GC
zE6{ALWIyytv3z%CxoX)Y%$z<v_=bDEV1Dk=Bhm-%t&xg>k3Bt3cR)0;R`=y1QMyIz
zx2HDt<~?DQyQticel4v>5<WjU#XdVhzJb+D`x)xBZ1EUB6589wy=eRy;_FptxjAG3
zCPM4s<DfHt`!&$)2O%N6OCN84GN|`1$!8kl!^g#`=n?2`toFY2dwif<1h&<YGq=iS
z(1_oi_z=++T*D~e<}!ii4~q>C$)=PaiIJ(cy{`OfIBe4s)_dJivy@Mw@qG4hW$iPD
zFeB<-T1(DF<ZrYleVjs`6Br$&=wf+FfNk;6jlasH^QRpcn!vROjCftv3%_}veD{<A
zEt9+Z1t^FGZV>>{p`xM9IBTM|12Qb&bynTx|MiAO$-nz`&dVjoxMaugv)>$paSm+v
zD~s4qQ8es4#o0e`@DgN*SW#c}9Y>@Qu%otPiiD@t5C-bgLv^3$RbmG=t(j66M`L5P
zA9%XYj#Um6UO76P`PMJTASOA`6EP9VyXy~aF>r)?lQ`SxI#RlB-!;v9aPJ=Moz6kW
ziD$T7O?Cu4D-+gtXM8WO4^Jtilh4&P)&O*bMijk$$zviWFJHkkOx2KYD3wVxdS17R
z9LjUuek3P&q5D<s##;0$Hw^=g0AP@Q+JWHHD_JKcCETm{q2pUU0<Hd@HI1a{I5sAc
z_6C`do^fNN&*mx?`YZJTNaX`!q7R=02S3zj|FEi__tuDumD1-uKckPfmC|Zm%!GqG
zM~dWN88XR=z9htjy8VMwQ7-#wDk06HV@YtXo@TWBwD?@$ZjOT7Y+!)r@$bfk-I~kB
ze~h+`zl=%OzxATRekg-lMoWclO2)4qk59I~v9UpboBA}nEXEjOL|=mQ3XaRD4IAj5
zbgaiFD!C(!pd2eASUGn;_Do$WqwIFn3ifVUwa=bYrCqd|PxW<di9hCo+G^i=OZ&OM
zcIpZYRF+)jrM6dQSz@PWrS4-lR2~?#pF0Kz)KogYqk~2&*de2<a~P?2;~2VOi@`%d
z<}GOSAwS@_ch2|$g4T>rCeE&*g9FHXaG`RiB|}{XFdpwkmkO-t43<b8a6_+GNr~iT
z9ncS%=}g6ghv-b-iHo<h6*8@G=0+Zrb#Oe}xL!N%jiHqv3Bj(Uj$1WKhNGfyX84?3
z`w>w*oGUN3eP$zGmBv3b<~VP3wTh<6gcG&BN|Z{Z89k%oz-bi~o`iMqG-t!!puamV
zE)Ed9PuDuqX}15yLKUd;x$ZUCuZS8O(~>CaioHnapD0iTXMt@h7YE1gcwUSaQ!~gA
zN>AF6|Hd&t`p26z>nCqz{MfBHH0eT4beV73E{s<n)fPKFznUB>Z?zCK=;GZ8y){#i
zyw)*=aw*Tv^nF$^-y`Ea+WZ;|T^cIGn$?Ut$*&RK;$(9;o8S<-!*zVm%h$~7sp02d
zf28^`1)6-mMMuH~ttOiu;%y|pkhthd8^h>G$>sPp2W*DXSwTwdxcTfnisi4fF37}D
zif)PkUrX}cQIep$kS~{aXt>n=kQY5O7K5(&j&>dmo3FFW>I6qpjB3~T(XMVH8PBN3
zMLo<q%j1ZrgQ;7s)F9w?8mBH`SV>P7?0X>LP~&1IyreHl<(-I$`DL^*o3ph)1<sn0
z4T5B)9iCuNY>}@|LBHE&cS*7-;@~Xcp(yS@p<atZLYePWuhNe~m@TL$sD%j;zp9|4
zW;^{PYvG38AWapYDA+^2zW;OlYY<S5GpJctf)|%vHjKKn6K%R3jocXVkW|g1Mm*UP
z9ydNR@`NhSK_d-qmmSd_+gTT>7!sGzw+m9c_XqB793QhY^`Em5r9gY55Ia6PQBo;R
zVMHH?h{sP)&s|*iYa{H01osF&{Yb%P(*pR?!Lhm7Ri{AU={a+D%#~M~57B-vvSWzt
zXmrLyq%9ciu<$vV`j|iMIm+U)B$osd^fRWMB9+6b(;8qofaG_6Wy|QorW;v9YkiR6
zU<6@v2p{SVaWH0ZkKvle8L8<_9Vt**8&Ko;)?Y((pS7S$mz*n8>L{>-iJgr<DQSdG
z_Vm2g7i3<$!b$jCcHFiLtEXWTz(cT^uStLRTw^*mJzXD|Tr@N^z{w0YmuZ)~Eq`Ji
zg{O~^)hL&CkSQx8-|Rl}iDmg59Q^36M(XqteC^57HMhSEs#dinTa<#t10g9wafl@C
zY2x)7JZ69Y;}0b0rNhC?N*zA5TeF4bE(+r6BzWS1eA*K@Mr2O|bQL-&qhf0{Ew&xF
zFm=Cie!4z7I5!5qYPR2NVT*BVHKlj9>+)b<O3+o~e8O2S-)~K@ulS|MMOAt!j=(w1
zi)sA&>RDTNAu6iqxGbCgShuTV+Pp&~W1rH!@prKf6kDofL}|Q^%Afr@B%UDUE%7Fd
zDjqZQ2JMF=_t2@ou~Lc}NXcCiZ$6qnkHNwBJnocuVs3CW$@3^OME{k(PgtIm(W~ZC
z6d1v(c16U3s!A+on(-X-=+MGUBvo~mWW$H^=z)(FRLIn2$0%jtI@Ps$M&E<-XxMq5
zYms_896xW8*3z)P)%#R}3ZoBZ&BfW*hv9aZi-kJ;;(#j$MXxH)G52pikh{VF33R18
z3+1jbwEGaFK3gA5E}U+(;OLKDEId!$M1!{nS9c-#ZBMbVdTmmh&0+Z($KMw-w)}FF
z`&S%5IZ1T2FU#`XO#NL=b`iht^**LJQ^?0p;@|LS`~1XP!$aE!{9@<}w_dxdZB;0B
zsdreDSar8K&2`PpN@%)DZ@YY(w3xjJbs~H2f|Nj1*@>@B?^XS-(xjvC@x-G_<mb=s
z<Lt=@A6-yOVjY@}y!IBjE8*Hm_1xp5ymUK&@od19C&Fo846xih7f!*^&n?PhWwQ`L
z*EGz{D`ItkVbjVFmb_(EE#MOdfV6^b-dFBe5M&vdpuk|*5fySsgG6dn`KB_m02Wra
zb4Bd<CVjbDrD)-VO1073*oiDNN!+O$>AjlPV^a52xQQANg#T?IWs5ru4nH@K+f-ix
zUNn>P3s4;Xpq3Ep$wP$wu_u4Rfugk|6~?UR!Aqy}GY)O#pZbsUUbzNpF(p8Ii}gb3
zL)jZ+tiLQT7lqH{<w<N=p08zHR`|dEATbulyfI}&1M2jRZE-F8PtB#3L`MvoxCNZw
zbiKFo_S_-mwQp-P!ME+PVvv-Rl+o7elxczu<W9exX}yxAVU#7qO)Qz|%u2MLJpt8|
z<JV-Rm!om)!4hK$OdC_*>9Vp-Y%BU23(yQv`aW%pGpEG>SV7Yf#3oNLh8FgtN3NgQ
zx;aY@vdmWh-Mq-$cRRA!9!W@gXm49*RNgvQpM!%eTZ*1yC0{B(NLJHulOCl<!vaQF
zSp<oR$qHqeB;<*p4pq!zaW>{4gLG69I*bQ!#P5p+D|R_od<hQDl`oJUaehAGK8r1q
zUe<1Ow3yy*WPlsmAAj*;T-_>sQcps@^KI@p*2FCKC*F;t#CNKN2W*msg8knI>0esD
zvWFOLu}l*6g^~8N80EdlTXo1s5`3&EL$0W;U`}PA6yUC;lEKWL&!N6^YV-4fNa|Iu
z{ruKg&fWEfP#UNvT&c0-$5Wz;3Wj8~`Z@xdZV_Q&wRkkZB=wkS?}QoiF@y>W;ZNe9
z5Jz<N#YdK^fR7))46a)ypOVkl8jJljf1Bh=faV$~@iO<h1j+d4+6%}tEUZ%YBd)!n
zX0I<!H$yi|jV}*x=?Zf*^ruTh%(@uR2$+L4n(8etI`xlSQ+t|~R6B?3zA)@dNh?+P
zXr8Uj{qW`L8+7d7qno)|G?W{k2yK?mN|#qR6DM*TG%-hU&W~nO>|N%Kvrv}OPwrFT
za=K!d9NCO@cej6m^)l-B(AJcOyttGs6wM4BV?)h+M}o@p(y;E8u(k?*lIoQ33;S4w
zT-7!6So;o^4*FAq>glraai`qCJ@%}3rlqskSsD_Md|Z_|R+{EI(SQWQ31jDpM~zMI
zvaGjCFbm%0A5}Qh@`OgP$;f=nmcP-S%p0{(jHL|}4Hu+kVrCYWpH8<Vb)M738d+m6
zY2c3d&1H-vmrfk7_7WW(eVx0gxH$4RomF$QP=6T&L@PLk8J|A&GgdEE;~x$9Q^ym=
z-`X+)>djYHRzjY$vfA5WWR7rqU!M3UfZ~6JJY0;T%T{hsfeofw@q#H>E=ER1K4{Wl
zhYXs03ccLR^AL+5m8WM$p$HSrgirxiNl>~>WM*Y)`6(o%wo+k^%gCt8B8eHLWSLJi
z(|)nRU9i3}i&suNM%9#15S1-1mm@4)G_$5%Ib0pow1Ty$@$eSxyb6np<s@neHD;}<
z*iDC=TwVE6WcQ^D0Es5f2pCqoF7@3jhj2IsI(h^k;y^~OW3>IVbm?)67~D^k2Anh|
z)pG!|J~%k&<Sy*Yz+PhW^v=QSUo60#$ma4;A_#(ms7}$GX^-4IovvT*8edZJ5{lQy
z!BNWsjzD~6{dv3%UV7(nb=tU4KHUkmGw<7YiL6n;<PzC!SgApV4xDo{TU$D+g#NX`
zazF+P$gDo={9}k()ck2bzD5rCHA_}>ZNGwYPc^iMzM!cuF}bXdPqQDR6&@A><^UM>
z?JW480yf<D%>Y{m4R)_l8DPrpH!8!*|C0?^u4+epS%Y_uaBtpb>CQG0<OIZNehYcj
zFVqt?fj5ncYDBmmA(Z^b{w;gf#@z!o99<9nU$?NJwukju!~T3?LwHNa|K}myyBB7`
zCGeo%rg{bIW6N<vv6P=a;MSO$qHPK0an9a1;iaHLZu0K@bN2b943Zjl2+gx+**Q5I
zE=ms!1K>OfO+^Sy?5l}?fkpR(2-SrD#RuKXB>p>>K?8&nn13+7;QuYTfxr9q=Md$1
z_+RKCmi&bi#mB`)uZWxPp4tW3le#M2C@Lt}DAN9W_7o?=eS9pLuf*(BD=jJZM{b%P
z9+%<pJCLFwAt8y<|8tM`{N%!<{Wwz5h@<S6hqxu20O<i`ID&r*6e{-=6EmuN#lC(4
z=-&kcp9r2wanobOws67w_q+GZz9YO$r#KrWZf_WgOG{e<<<tWv<={VncoD>S``3=#
z_(7QC08Wv(|8MbO3nO8oUK_^!Nwt*}?Y9sFpi_(s_!{;=4hdA3ue+y$-K~VA<X0}+
zRIYYVQZC5&7cg>f&*E{(p2CCs@u1*vZ0mYk_wEuv-2punNUzjt6=i2<|3lCNs_($+
zCCBh5fpX8Uo($nf{rGFYw-7*5oRzf()?`5Sv;~4ehzPAh*X=@JT^XO60_c)Qi25Jc
z|31HiEUeiFQhxU=QMY$?oVZCr=x7flt#)_u9zVQ)|307_2W;hJWMpiK15=29^HeR`
z)<y^~{nPXyUH*I~2dFRoUk?MR7|=E@GN5z@EMtHi`U+s|uC7?C(f?k^%jRP|CNid8
zIP2m)si&BL5&<y70pXO{*;%kGwzRxXe`i)cLrg*fDt$q<;eri(x#Hg;v5ZcVcn_tE
zv|vIKBAot?D(V~nB(JVC3nx`|+>HUcmMLKy5Ej&n(_D7@0{Bh0VX4{yu5b-;WOw^<
z!-CBQcSLZ9fjyvzZ)f>Z|F?dW`tkiq?fm9uT@WCEWbEzj0X7VKQUW3(cTm{c)g|ix
z8WR+kf6~3CdiJc#r2G^Pzp7Is%(CK~1JtXG_$bih2acBzswnAafPIADMedK;^ox3b
zZ<`6^<hohHW~?{~Q5O~#dV71DFDHtvI5kyO6PlZS)zk>F0P>_(i%C}%IWu;~O3-yL
zdBVb(o7AS-^V`Bty90ixee&2Ah+v%R2mE<{2Os=FyR^8-Kt|+lQq$Ji#RUum!Lw;Y
z^q>#Hpp+SmU~W>`9LIxshWk}KBrE*n&?ss#KqTV37R#Idj@#$@9N5RDbGaFla%Wdp
z@cYFrr^|~A#7B<+bs7~=SXpsT-MF~D^@;4J#ts2COY}VD&$U|?kiesoe2Pgb;Bf-p
zjnK`OobS!HZoL*${emF(EMb}b)h2RD&1D-;;+z5J&Rjf+Pq@vlGNOlUJu4UNl3D{j
zZu>N=a**x^DeKP=6lABmd7_<QJbq*^An*yWyP!n0J=NOM@(NZ^ya#ZxBt(6?E=hwX
z1rsotVz8uu6da-GQ_PdoQ_yqx*;$=d(c<DFpgxhvQrHRlI{}t(d`cUnzywh*Hz@?W
z$eA)@*_>mrJT1OZeK7xF7|%W4R^39%RZb^%Rz+jPW6*~VMk1?btH*D%w9j77<uKF9
z2mf7NGLf);L{fg-KPQ$wE1ywc&&SI<>s<?0n+CuP0j2_2=)g<m;>Lv@s}#g-xKjbH
zCWX9MV|8HcLBIo4q65kgOw891*_^R@fk|sG)jyBX&h@pQbAkgmDe!Utu?lH77$4v(
zF7*PcZ!#HLVDl=om@$P6J)86k@1X8;XXY{ZxYg)_>##}&5XiP2(A8L!olhTq9|q<N
za3q0}oyy+PVg95QJ~K08Zz|RhCRS<bOecwxc`LtIh2hrf+qINMAHH~59VHt|02;|>
zq2_qO0sdruJHZr#fTpsD^72psgC{$3pJwe(joeCZ=c8Zw{kA^ccBI|9Lk6Xrr<XuL
zz@l<?Z_j4m@S*L;1sjTn{kXBM9T<!)QQD+@X3gOV5Po<k4q2?sb*aB`Y5Z%LYb>9(
z)Pc9bWa|Xfd^VhTi=%YHvo}M7gEbf=;dCaZkSs<Wn#C%6(+%Z1R`W{^qMsp%SxJuV
z+m*E>xn>);ze!!zG(Qn+!;p+Qv>bPR++pvh`<YUsG-HYSQTbS^<r11H)v67BMcQx4
zc-`Hbs!~@hK213pt8(nvm_3JL*qE7RF=z%GB&bXfn4${7tU)KpJ{<6a)b=GvSl2J?
z0UkoY)s!>l{z2rBUx>Sr*Z1}s%n_o%L?F=yJr)oUc%Tk+foc!6Q2)HaWeZHbg)A_$
zT6oJW{|{+z85P&oZHvZ9f(4f#p>QX-vl9vl?k>UI-9v&CAh<(-;O_1eF2UX1-R;i3
z$^Oo{uiew$eeKncw9pdPsx{Y?G5YAe52#`qebdreWRwG4=fF$yxX^g6YJ2|C@@N!P
z6qbF{m;DsN$mEdM0~$&FY$Hewe#E#hBWdJCb;u->xSdMWl77vy?HJ}GBIc9ZW9osm
zoS~1oyR#%&X2)p52nyP|x-_&j<}Wqs$UI)CPkw}&I?7dr9OVW&CehOYjp$l0NZ8}z
zfueD(H<s`Ia-ea&2sEGqn?5j?0gl)eN;KaHMc6N}|9tbY&u9+VvNYvyb0iMR7-_9Y
zQ9>gnOlPE$HNym<PgQBHW>_55aXE?nK8cBPOV9llVbb=W*y%HygxYSLXIIy;P1cn8
z4ma6hzLpptHy1PT^J5n!@9;uHD|fp8I(9XSSY8gRu8}e07cf7=pdFvGyp!12-`50#
z4R#@ge3ezRSaz!=G)Zo&(q%u`647-Dcmc=j1Mz)pz#AID$ua$W)9c~8KAMNq|J<xJ
zR9$N8VCgQedMw~8f@Q_UwpS))$v*6q1qLIrTpn?rmU_i8iQ+x+XiaHZMYvy<jSx&i
zM1-*JGlOxlIi+TTrj*M3-xI&IyrHfvMV1DM4AmFTfxvjxFU!q9{;3cYJw6Fntu`e!
zk~p;=|GCj-jhmXm=+G}1*SF!4V@=92{b!XG_8Q=JQT=BU^K@C^BI!>%fFRc8Y|=mg
zGT4Xox7Q<NZ~>ubex8qn#7l1yxcGU(DZGC6Bvjbz-+-o}F*Me*9AMNaIB<J0vIbY?
z8OKDa3)70dLAg}3$yIfZ{Y@sUrH0kKHv9tDd$5`v6*H9~T&s(O?;QSfrT&}nc|F6j
zwDO2GN2}C;6;%cmbIhqwOSYf<$gAH^&6T5%j<sDnzLHdA-5ic4JA6!Szt;aQ^~r3)
zO)AGHbiAavIL=8Cs90QqoMM^vVFDsa#zI@Fj5=<swLp&px*my{E;g!UKkXa?aRScN
z$B`NiE;mhS6M>45C@_^;GLxJGfcVen1s`7{P;EK`PozqQ;Qxz6Lgw`0L~K$QWw0y*
zS_NQ+1rZSw!<%U}WR?KA-+~@6t_MCGz>x}{8by%kpWqx51B2za^-3p7x(r8E$e>|_
zFbRJHEr9kxgEfZ&sVZHNX#j(<xn<y#0BTvl8_&bi7l;?KN4MVM_34);g6>VVwbPrn
z&IT&tN!+o1;7(?h(>w$r;NS(mfx5c7Qc}M=8~%{auxowVp3FHmn^z+Hqu154B1>cy
z!C^M3d+JSsc1>48d{-zaJm8S!?{^1n^yVn#*o3JfLFLSun*bb6Zh2ZRE?g*o?{Z1N
zi3S}L)92(5=SuL|6PhozAHm}R(*55>Vpp1<QWOXvEeQ(3KWoVaffexDL1<N?!Ax4O
zm&`>6E+?VFWZ|Hvum<>3>Ga<-<L%+2p7QfPzIC?ZLLfh;A>6C0<~XMuUXCa1k3e!b
zV_n|n6PdK%KhxG*S?z-}!5!OWH@X>X7JagemYS@>dj9yb)19%P-r~+FpWEg->=iL5
zO;ZpqfSy5X@E3d#O9l`eIC`AFC5aRvMg63t6!X8wOZ)_~f5P_zx9_%J^tcqP*qMo&
zkD3c?0y~72hGjJsi_+;`VEl!!7oqts`%za|8e8=0$*jj2g#9lVoSoJMgD#4mczyvq
zq{G36lYgHJd-2isND^^7<!~kaR=3-+<*-i93a~*whRd~YtlRCS#ATxo+9f*b7gp)x
zJ?Sd3gg~ap2Y8)6Uu}mN{mNtmnoKTJj_qGX{-Kgam^4Xi^Q8vY-&`h4rN`%F&j`YL
zRgV@-j6Ohb6j>1O8+KO|queJWHr74D<8U@5*TQ`&?<;o>p7VZIE4d;sq>V)vga+Hl
zTX<9ybhVTo?RdH0b;qgJUV2qihqc0>=n&;PNWMYhW`eh{1dmX>;@j`Z?%Qulk9zfT
zqQk!VWvv??Zw;;0&!3$BVBplc5*;8V7gbL#aB3986@^m`=`x6JEI{BgRV&YS+OI@<
zPd%WK;mphN!|y^?NTJ?v>M)3(^}RLB2EK&2*d6W9Hn?ylXdgRJjql>TPAlg{DyG>M
z$I3QYpU-nz3vd7GSmS>ETRc`TlLNjLYN*H2ZTLmT*ta<(%?j48Og+JxvnY2N!B?yC
z(Qc=U%Z1{b8nx-Cd6oRzMk*22xAmmc(ch;{F0>23UC_UMT`@77>~gZ;+eqcVt8u!v
zsG~cXH(xKFLvw#z(!R7(lrif)O$#j`Ywa-U8+^+~e{Fhtk~CI89T=PpDl8YrH+JIk
z;+Y|nY9xujlw;4nBy_r-cq<0+z!To=w0g`nKu$VqLdM+rp^4jb+?K4T%>%q@XQOLy
z>#@j%`NfVMMw~m2H|0Y2M>8je$Aeg7%)_n7ZfA=nyFFid)fE->$Wrf?eQ9NnOW(2?
z@X_z9s5>JJSUr^U9zCi;A;$fT&r{OJO6igjWBBpxV}+5>HYEh&zJH(KuNISlzbTpe
zYEl$6@-Y;;<h6<XyDJg6T{fJ1)TFKp355Y&<C&&{SRi_}bIp!+c1$Hl9c75)QklRj
zZAciYSlm`wa(Q*!-TE(fv%MiBRLEg3DRNYyUof|w?KE48<f>#KW~fquqr3EmqKjC^
zhL}8>-WtVnI!V<1#-+fyUm=Z)h_zF(v2>@mB=t6d@|Alx6JdUS<pI<nK6odxgSQYV
zI@Cj{WhPVq)U9TlS$ZR2bkc%{`@_z{K%CK6xe1#yZ3#B3v6J4;pTgBu>z_@+xeqTd
z(R86&U3_%vx64j4kW_!8(rAfrzx17_$EzcH99&_9Jbxxp6Y|*00&Sb!S*x9@^!v$l
zG6-aAzkHgHJ;&8uWnP)-x%V@T9a2IED+8LrdYrD4rTc`n)u^1blt6bhDAYCD$js<?
zP8KPa+qNcxyryhHlB({4n+XNw6zw#b<=hu0LYIW`941M`IpZ+qq(3Sfub@fgXYj3m
z^2q=v>F{JAEhDR8)p}~RFfXM`*RLH?DAKi}xMtnWnUD!Tfx2xJ`S79;0nd$kN34C)
z#?Io?TxxN_cm`{cjc1~K9!C5ZMMZ(9Co%ZwsMz+!%6J?CVk?{<KgOOc1&COEX^inv
z?)?w8pom-jsK-8Usi!GZ!=2qC_1w-QJjHkyX*j^>+{^oSwS|j+8x$JVFej?mn^5?s
z(CF4ydq32u*uwkG;HKRbeLvk5%m7*P4O(LU<lSaL?yML#CWL!hkNh<RVx3Shp)H-^
z-$D{vXm)q`bS|cI%%z(sAi`e$`9z4S8v3Rrl!w&?xi}ix&U}~2gGHZLr2q*6LH)Ee
zyvEzG{SCQc(<J~SP-mIXiD&Swz@dJR@*w+R_EUP?ns7}Q*JI}Qq1(eO`-K@Px<nAh
z^F-1B5=hB@KI2iBjc@GbpA6^GBeu_NPx4Anh2mBM*3n3!^$7-_!jtEZvh6ca6DVO<
zj~xgIY<-2HUE7-)@opeE&rIuxxcb;$Pnq3zUB1Ra;lSfTN>QT1L_1W^u;Z%nTT!G|
zb-E|H+oh*k<EwIfjX!gBS<^bW+M~_1!Zj8dm$6O_Nlc6%cfBcKJ`Ily=ot2Tu8KtC
z%)v2dWj#B_<l0mpjm)Ao*z!AoHaRbKGKAc#yVJdHv#B<J8Iu<Nb$B}!bx`j4%<<IC
zt0h?>O{LM_#}jGsne5KO>>sE|tP^=|07~vIg0GTbs&9If@zms;VlIZSV7-Ta%zV2q
zUQ&zS<?)QPVA|mLpR}ThB2|vcO}#}NJNr?OOnELBr#uEv)+cV0tEW31ggeE$2Dz;E
zqxCmi$%<T0*83VA^qZRSXjp9;bk$d@c68sPgbIVq@K*~hVgC$Cgtr&(4?G-o9gaP0
z-mB0)k=YBS)}F#Ur*d&@oVT}AB6`fyCnEBNDVw31yL&{^H)5;p7<^$UeZBXWqCPb(
z>G96LQYO2OiqiOf1AwpI(U*boy{rMZ$`Ir?0ut2*p=axHlu-2hF_DfOal-rFg`Z!n
zy0+lvrQlHd+>P$Yb2VJ=)ls`3<g_A)Zk0XO_QJn08Fzys-Et8|DSg~yZ<0C`={k{8
z>WPouKXpY8&uG7>`LpX`V@MEK9NWEO6Z(INt&o#a92CR5bU_3qEiL_&7ND{?VY9eF
zg8op(mFc0eF-){?*f6;7g3ElpajV-@58K9Pxr^&)%`4p(V?UId-qKI(o)N*A+1Q3x
zUyZ&rUqX767Wdl%n#}np*5RW8$l1D6?QFjl9*RF~34l31S~r5th2bxY9_?YKEo$OD
zToya=zo938qiq0#7A6Vn(gni*=q}v`+I@v5G|@dQOLk2YU-z4o{u4v{=&{BRByt)2
z1FcT)5*RwL<8cqz;DMA5Q1aZA7HRvNj?OzqXb&)YQmpG6$|^3sB8kbktv+~4M00&R
zwUg&1+qe$kz9smy#B%lSkGa?v>PgcI0Q`V71fa+uz6D?0ANmmr>~FXSj=2G(wSVXc
zsKQcGKMDh&NY8cPEBDW110BdW*>-3WQTl(RmmBN3+w+c^_XO44!T3IZJXYAMtR}g)
z%IAIZObH6js9d9Gzd9;Lq|(HCz|Iz2%qyn>5R|WA;Y=DTykgDK%J9VVXJKI>;N@3V
zj;~suo}DFeIY>}NUKyK%7!q5SGxzTdzmT>o__RS^r!<hw@~z|no;3dlvG>u&v-9sX
z<ce$krlo#Sn^mB`4<9avUG-8-Wr`2^DDKb&km9m~%2a1TVuG+jQl0{tdTk0t(5gL6
z(5U!a@qHu?uUjr#`!YJan7f;=moEAFbB7M+N@nk0uU0zLCKVURt4a>(nDsW{T-Y&_
zANU53P!72*%2k|_$RVIu94Vq4Rd2cY732f(@HW+IcpZn_`?j34n4(Z96nIlgZq-FT
z+K#tqz`5z<uYw2Y%H>MKKiPZ^oxSB-CgREs?U6RN<IU?hHsA1cV=EPTF{9lz4w`Y5
z8g{Nmc6*0G`F8F>jJjg`Wjr4f+J22ZQB#UflH=n8C?P?w)bDuicP;of4&hJWzaRQt
z-Q-_i*XGO&B|D|sDcYZ*AwXFZ27gl0811~%hRAvQgw?UP%Y}u>r+pT;Bh&k&6I&t}
zo@r6W@Et<hFVnZd**!9k*j6rwX?$XbkB5>=L-XEH7%NkYD#)4C4qNWEn_5uUPl%{q
zR0-#RQmpofNm(RWFgrX}sJx7FYVg8$pSq9y@Ir0H-5<XZ(HEpa(+i|2x>`bEEm?MY
zDx-S2AH_$#an;4)-s7P~XR;Z}n+gT7N-F9sc76<~L;a?J@gZX?P|pf8U>Li*j51F;
zx7S3PiXA=_h8ilX{hI=3_&Q|3VlWmVXZlq30h-3<+OfZ0a4SrZFaVkXfG(=hVSyP8
zUJMY4|APqH*ShsSQvypLRBal%=|7+N1sn;qwW1)3(U!>3Cd!t@lP|G5-Syu(L#(u&
zjoDEK@21?sOUHY){QdmZ6OzmHb@*Kd<tuyx)PL~!5<$pVi4&F8ro}dGTGD)C8=0x9
zzY?ObbKcA-KpuxSEt8)-n_G{q*_u+cvh!9Z)y*=I7LpRu3#JmyWr(8iQxQY4YY#^E
z`R<&aG(1|aD_|*DF9L(9+gD3Rr|nYYF|AQzi>jwk3886?WO0}!`bU_m2l<nV28GI5
z*^RbG;9;0BZ*0jR1dWRLa8i{<Ty=jeZ_gUHTfq*Bd&ww|xwWNow4?-)g;O0<ifXZ>
zb+(IAFk;SvbAL@s>clCbI-DB(t{@$nKh}n0M_Xg;J!dHOUM)>S)@(;ATSepqpChuJ
z`*~<KG<{^;FvrG^JzPLpSr)s)GRT|KsRljm&U~I8@t>{i^P8k~xJ<=4IF#VGZ00Rq
zueb-!PfjfH)_JxM9bW|R*Qv&OuEwuC`SL&EDd&Yhl(=1w+K?~lt!5m2=kb-zh59OE
zlbJ4(q4UN(cg-tXHma&K@8dtct2<+9-{NG=mBIf2MGuwD8Z$Ol5#~ov=@!xQ>y%S8
zlin<a`1wh%8Oexjz0fqv$=#OPJVHl6DW(#a@TzH7ib^ZlFyTCc<cJ%q2N#$0x7o?P
zm9<8oDV~ZeX^#`(R~HQ|9_&<>Vb_)^k;C_<l1~)L@9(DWl17d7TN>e@L_m3OrEE-=
z+b+Bn5$Ld!m21u%TV|Xd1t1`8T=9TB8dhp@*e`|LQR74jj1TD2GMQPqluU9J*g<w=
z!KZh%-4vxIOV|)_bs3te8q99oVr0U925|vSm;!yyW`G9(R{&O4$hAA*e+5T4uQf4(
z(;krpt4VjYa{plDR_hI1bjGfZhI}N7*)K}WKW*Bm<cgdt`}vvVQ<%jhM4$^aFN&?F
z=)<GfjVZ9$YV33;X3-W_z6njQuqBU<3l(m&t8fTTq!C@%A`596RbJi6A>(_`QDbiX
z<-_46>|%cn)h?J=TgF;0BMy8p^%Nu&M1;h}_4LvhMPaCliZNlS`Na&c?Sd<$V2n^G
z3P&U@?Pv{6db&h1Mzs8x)up;GnLi#%+R!*oJt$$A*ou$|OdA?Aqvt5e>S>9HXc3P~
zC!%GJja!)}sH6>3_y#g^;4*(hemE9EZQ}5U+axG?fXc$(=pZOgfy#)dz2{#GZk#ES
z@0z|Ad&eGk2j@VX>UmxIb*o*ix3tx1!!?U-I(@cH?X8UT<5_tCiq7I8l-FRpijX=1
zV59;TBY>1#$~W84(NgGs{Z`AWpP50HUbq+?y)}%zWL$291M}Uxaj9i_5<N*OZX<rJ
z>fsv1b)jW#uX&ED7u79embLi~vXw=bn}L3+7x-*>gsP%nYW4$EO;k@gtunGShLZ*_
z^kaHJ7E?qlJEUX;hl)#%iu66DG9|6Edg8~#7OK&||E8`M6-R2EoxLqgNkiG&BLlM=
zVYatylNQpGP*Y&Z?H=4ftf8q$Pygn}E-S8_=<P?t;$tiknU3cwRGwPU_W5K^IzDw|
zL<zUN8(rO3CNY!tJvtSa7+FDjMzHj@2s4Lr&P$!3!=W~Xex=R&AvvQgol>~~l<Sp;
zP15}lC?N=w;3jB+nvt)UR}szIH*elmmBp6)_3jNQyde~US`oI*1kPlkX}|kwz}ZQV
z+2&LFmf-*@pS@{<q=NZsO%G*RE|hR3Dd{lQte~zLSBMP>d_(<A$@M4u#`6g@yYl=k
z`qr$IQEzWtc{L&ww3H$F=qzkT#I2trkwz@Iksn3#KH{JNS4osn!-y%rxTrAn^a2^p
ztS*@?4v0c_HtR|e^jG(%V!5~xs;C(B@*x><4&x}l2;6*5p<KBwVr;UH+26MfHy0o!
zW!|IU9<N&8q;)byP<F|56qyS7t0)^T#zeG;d<!7TX|V06YBA>bC8IC+uH)z5lgq4I
zj6&%wpCpJQgutICW6`ONVa2JZp`j-7O!Su&6-GNI8VY|KBdtp0kZ#J$$cB>NwQ7Ix
zu{uyTv$SOBumUj=l;q7zP}ozBB26tQ*pIq+_Uu^^4K-$<oBVqIGbM1o5Np7F=a_hH
zMxzrMS0dP_CmzruIGny5wIw2|VJE8m?C%#IKuQ|yS3*UL<q)F1WQ}0Q!SACxqKA)#
z^|*v%G|F>0AfcrFgBv0g`fEf^!`%fQC5<Mp;il`$x4o=R%Iq#m99PDV`GwM&m_k%6
zk?lS6XrZCl3i-K%RP-*Hc4U7Fln@|rYy@r8f|o&sba;~ll;J@D>EC%B<_8|&+t;sT
zVlfQ5#fyoy!;hob>H`2H0TI>|GYH55^(iJx|8fC<`tE6GQEJq_>6sm3+7Ad_f0i`N
z3V|OzG?l)~|G-Y*Vfk9t3jaS!{|7#NbkRMv)(jLBK<G$ALDA_eFxQO$T4ZaLs|eMh
zWAg*o^e){aI}FQOhVHtO_Bt-7j%gNZk!&_xi;k*?%kohW5fK4mj23nvtmU|_V;TGa
zcmV#ojFX`3tj8E@K@DQ7o?ZLvgKB>U+=YLOr3d_w|3dQ4c`-$4FyUUjU_@AMjr{i1
zoU{qls^=(>_EZ3I;Nf%A^zzvgAFVp%BV033lHZ+gyr04k3k&lp`_DBWIUs=I@~r1m
zI7~V<$6a2~l0J^d<!k}d^>KSDuqVIzH!u03`u>T_XSa*qfgZY>r4T(y7z)Z@ai8Sf
zS|ikHe=YH9x5sw~F0Rp6CqCJA@@A!nXdmNtJX_T4F_Emn{ZZ_^J}l_EAx$%*w8n7L
zWjTP?b@y?{9rE~iu#3p`@xiu+?c%U}HEb<Ce%wI4ai78lG#=j0P=uCQF17#(1ZW*@
z^YgjO=O7M|^r3%q#z!-$C^4Rqj20rwlk3U&PSz@TDERj~$Fj_;{!XExiB6K_5|JMF
z*_>-pn8#(l8JC3Qsh!Uy@2!3OHa_+UVGuT+p9z(Y-CGZx<J~cawP|wSmKmyi$vi*a
zDiNGUlbjR295O=Yxhx}=VAMDGyF_o|aBzN}*<+v{G<p6fM|z|)@bZ~bsL|$d_uYxp
zZYX&MZ18XZS8}k7TxKOHd{u9snLeiEGw$@|C6~ob_F0xPiKOesW-9ll$LhVw^3FYl
zoAcIsA^qifyOFo5hB({(xW(%`)JqE=P1|}|8LNeepoz}OM%P7eO)-qn<=>vmq5i|a
zl9r+9jAjZdDla*DO?x^B3GFm29k~f?Y?Q4IJNneYziG_DOAf$WxUVZxBa5jsl;<9P
zQO2!Y*u+Xo!2hVrE2VIgIkhIsx)}kkU2}kCwTwq@5;#v`a?}2CsI$#C$(;zqFW&qf
zZtIdmEp5lOfsG`oe5-uR6BlRn{3>@>{ap8>7eV6au@}G51e{9wk<j_huGg|Dhr;1Z
zk2TzEwuJWUb^7C3EJT{RrX1!drmus<aXGHByuBO0qp3RuhF*0Az55RzgduLW+vd$I
zzgM4lV0yvRa-o?$v}@#q*TON$xND%03SBv@8rY$6Pa6wAyP4uc@7=oDe!IQBC!Pee
z$G^HU*_-f8W3?vWvGn4ySva<Mf*MA?M^9}Mk#&ENiC80)!LAaFw>)Eh9?DN^y5pv0
zUfIDvQl~YU3OZG-(p<ac6BE^b4sDs0t#m)t>??hJS9CVXENNzS*w18M>6^8E;T=0r
zaNAm#nQ$`=ZtFZ_VBgSiMc=Us+8WFrm3>*`yS)pNtgXJq*dO7Naj#sI^tiC2N#wT9
z>)5S-<)quy*q`)~S^BncpdWd=fcow>xdA~~`L5QWbhYEY<f?oN4a;It_!@|gM&5r!
zMhWfMy{mCO<%0W2a5<|o%O}Zkcehp2c#hx@IM{ambhlB>-Tm%Il$OUH@zL!=F$Tb;
z1t=3w11WYgkJ0AXT$NomV(RYVzZk_;H=A3y3#{y!T^?l(fAUbhu5Cm?2|eEEim5K0
znC<KHB@yaF%M{z;yjo3JlbwG?l4T%Kb#D05tng~K(Jl4|0~4){`S-?Yx71Y%aaHTW
z>Dzo?zYOj=>#nvd@pxR*Qfp?>z3{48O?Rh>wX$9JZHHQaKj9JAA)Z10wti<vt=@X{
zW6L8raYW4uTg?f#2@XAf{ZBawGOfXE7^BPtOVJdNr&}g>2eoO#sHien8STO|d+>83
zeQ2)x(5Oz<_X;RG1%>xRWQz2|Gkih9TIR0S!*fsZIiMto)eKB5%1~XCLyghFnVbCK
zq0>9UIDfw<8yAPiv5Irr=r8!b8GHs6oHv7@LRk!K{fK5?jPp{>!>I)h8lKqw;q)*B
ze9x~BvmkA%kr6(+F^V5!kv9)>NBdC(;aDjNM}ky4pStv9gtqDvXUjp6M89UaOQs)3
zxQ+!}3XSh(&&&x7zt$HKAnFMiCm-22GUmKlJ+pI(YoK&D0Mt2k*)>Ttb-cjDFa{HM
zYvJ)qdei9({n3b}9ZD#4Xe2WJ-Y#lm=)gDLF99k3n=lk9Gu)3(gRUm8;7jMu_<Zb;
z)bNPy#R36<L$-VN^Zn{lD&H>L%2HvdJDGPE&QrQ8Ng&0GlSHBpVpPVk^a}9mm#fsn
zspQ-LEdKfPuflPc5YS`CO$zgS*(X^YSM@)K!}r(ZA(fXkUhzy|TL-Ml?rXFsbG(id
zs0_!&)p>www->f@=txq`l=%!VukgxoueI#9&jFd-aNdRPvZ4BXkg)N>r~Y2i#=v=k
zma8G<I!UG^3CR20jB<&0IfBSo^oK?FD>SN_2zgvxmwM-gUzl$Ii4Orx=kj=4aX05`
zVD`L`Th=LAcOY8cgX>)=Tis>Hi%W|+by{+Ws_dx8-l-&mnMv6v)QH#iBF3hF8I88z
zBWSP}+g<O`b@gh_I%w^C)ETm~n80i<&*v2{w+P?TsadMk1%mH>A^XUVg^fU}ztO_{
z>o248jC;vqim|%f9F}*i9{MrsS-yTZ^|$nQi?2k5V}z&g&YI_9F4a}XZmOxp@2}jr
z3hD%!&aXUYkpP7SdeQ<<k6<)zTn=P-?M<RPo-AWQ2H*bsK)R_n_2Gt+dO^{-h3qt&
zKIk-wMKb<&InvHsPWmBz(woh9S8Y3*`&g?Or?D>{ZNom?de7~#=8a|^WBWb9fLj>8
z9ojn8w^{S6&9qqG`P+R(kJ2C#wEgQ$1MB6G`*ThsvG!+`)8f%*Bi6OED}>3lCz;|F
zH}|S{$4v?I+?Ug7+w-#-<D8Q*aLG=B7(2W>L}6_{v6c0=`ig&<wp%3M82yZA3<&7m
zj~cJbcM!o~iY{<o%WRhEpeMYxz8z!pDD9zq73g#jo6d)5>)@2eR>{S%mdVtL<Wa2G
z({{n;ae5NCK0jSI{Bs_I;jqEO`7rkTtG#beVQ&UuL8UW$S(=zUlht>vmF0+!(G1q^
zSlP(f7rIryx0E}8PKADRuE%{Q4y~vy#S$A1)Gl)m(R-76%ktp?w?*YNATmS#X)@i(
z@O_@*!cOLYhCXY>$V#Vo9rD`Z&ph^dQl{C2&NIpPkL^g)G(b5PaDuqFxC&=!xw&0I
zIT<ved`b&iKV)W-Q&AcJT<r`c=2sZ_2O>p9LmM6*X8Jwx4^HZB%KMoaH+-%C)DGhz
zbYh^|xnBw-YJ^RjRsa-H^`BzycESG+YZ6<}6BU0EBQr5E0bhzgz{uP@qX#V~bn+>D
zd)eTRUoH4w2$>(QhtOlnn#|?UZ(Poa7u+0JfQJM(aE#Z%k=PHYrGyIXGNLbq!Z+`a
z_QpJ#sVd)Mp`vQD#ur+RxiADoy|F&^wqdM<nNC#Fvbn|#1JXovx2Py%?9|toC602g
z<20J`shzI@Xw8AFtP#JM#v7ZPUJ`3u?Lz*4AfrD9&J+kz#Amcj1A>F+fZZh++t!wr
zg2BHPoq#BnW`O1(YPPx86(}<;LakyGs9nh3mzZU?(M<*s8671HNb}38&IyPbuRt7j
zQkoB9(0|#dnmxZ3cGFRQ_0nAOi=G;X3yv9Qkv<KN$Dcv>^XvS-W`}9^1p(4kW&D39
z^k!;)={HM9d_P(KJU_OFZ3HXg*L!H0Wc)9lP~kqrF~ar!tCHra(Ku;}g6^4E4erc}
z7zNBxm0H}_jKYmJ(wP-mRVjhw{UXJeu(ttgMQ!+0^eWX>$&tjbCC8&M4>@PkQBLI0
zbK~oD?x~qv&)o~V{*M4FTkpzy&*X*fc9b`TvuE?@i{w>2X@4jaW^KoHqsFU%B<l4s
zMUF~O`3#J!b}>5*P4B9;6<)`2-SB3a5)BYsgZ4qZ*~h+BUT@69KBiRJ`%-(%G~7HX
zQ;67;q?y2uj4BgOsJ2?~E;HR{Y+38)K)hz{U~Jnp%+KzeQx5AI*&~4j^cDWz52Q?z
zEoS1Y(#YNIr8Dacf*8;L2vw+aF%qzk2mQHixy}uIZ1Ue?t`{2R(~imSo&^7u(BK}-
zz7_ZUGR$MZ<9Zs|`R2*(6CLhUUXSg&y8^1p6N4nf*~mmV0Wp9VqzGyn5J6Z4{sA)k
z4Lhls%PgUIxirk!M@!hEI{t#HW7<UhEyc#_=|n=(;aDllB@h~XD5gXTC1sbtPH;m5
zMM(E|=iWciJ+{sN1@KApTq(x$dBgP+%WIJyF02j47XKC-8}dx^EaN^60#U&KiNkfN
z=gEy>zU}WiEniKaRzb!$W^aCO!(F~N-I2M)*!njJ+K}(*SA{>XjzYi^$JS!~9B?LV
zFRJsQPavKhk{hq;2AJ$d%L|uq%Q;B%QVK}DNk!8X5@oRsXo@%N@Hqt2$i9k2de_uM
z)v;HoXyT{j=E@bfjjq5jaKCdnLl~_nM_HUubhG<K2eD<gUhj8uJyiR?Ona_hHg86r
zfA9j7qxgRrX?Pt@1J2w@p37Xwl0;tbVKTKTThAn^hfx(#QIt2^+7VALNsXW+`i05N
zc6&;31*Q5l1LEQX1Ae<xfQ8(Kywzk^VIQF5JB{OBc4YJ7K72zpzk@GE&CT2-kV~KG
zmDhMfMtVU3tj$P{1!%LC*#$)5!XwkSDCDxY<c#eUG(H7~`5om@2eGjDpvndo7Yw#!
z(?X$QA`%MEP*8IFW!7-EXuM;b9v<T0DQMlZU%gI{BIUT$_9}OjQ-omCCo}B-$nHYe
zB+JP4YRNB0Tsn!oy4mS1J6N024_^1zmR<LIOJ&UE?`J~WH=t2H&1m?nptRm*;~*`t
zX;hrRGq<#RQeNC$+uBzB9v8lND@<^iG$_*PbwFpfsZsWr9wn{aRbEwI2@>O$tPFD`
znP5sU<%m9|;fByw>k9tE)+^|vL_<(QUpu|a3uu5qPe89$1z62|zd>K_I!W>q|M(<N
zy~=5jZtqe&Z-2ADXYQaOzj@cT3bT2kQ5q}Ia~k`WYU=bG=X?LnY%}V0T_p!h#Cms$
zyY9Bt=bzwPzWI}plS!DH^L$_yQdE(XiwOOtgMGO290r@D8Fn}F%IPv05<Df_gFb+9
zLaRS~pUp>wm0s6Gw`I$lN_<id6hZ5-m0M3oFVUl|3FekhuPNY^OzRF<j);pwLQ@<@
z&CDKLD{jL%^`=d5$iPrkRG17)_fL!JW=vzu^-3SaKlpQ^vH%z%R2Xo<*%)fOAE;}7
zrmXS9n<wTFfbjrIo6_qd64Xx*+^pTK7wxbA;bz&d@7KDX`>#e<_EH$LOGBY$9_N3l
z%9#t;6r2~)Ci?jev1xF}gf><ad2D3$exC`dwSlWdz|}hT??s`yW3~E^o(3a!))G6i
zL8g$hH-MVRM=8BRrchf+LRBeW8Wzcb@IHW>KUSvM=$Hy#Hp1tnk5;4=r7oi~#aD{2
zTg;R`NWtjJJ|aP1J00K7|9N>c3Se_&XOCH~YG~kvpuT(t;8U6&RB6R=2T@nRM^}o%
z2!u7{pt*d0JmZb6r=hGq_k&DaFKw-a%<hwVk3%5>6v_fcQ6{yE^ZPIx;Y`f<AUXO{
z+%+&j52$_1?0~6j%jpmLFva%iLyj6qARZp~KY#vwg+_*;Z0bl(^q+=BRWARN5=5N?
zxGn*b7$!RUN-G5A^W&x<*=V~gH}yZc+4mxVSpl$`;X6!w(P^%B9|$^tGJrAG6p-!!
z0lyLh@?UqE2Ha=RSPT;r$XV(o6R`qe;3z<7y|7$ec=Vrq`O#kw#49aV^-cy?!jy*z
z04BWJQ++TLv}b#>+uNuQ3*eDC%n+f-(T1K7)z*a-Zh0WiTZ>51V?21SwEri==BW?J
z5Fe%a$YlQ~A9_@2s2lyJM#9ZV?R01?nWu*GZm<MSb4J~2#C=#NfpP8r41O8W{w`y4
zaYkLSmueAtY)9itY_iwGnV#37huGxqe3&k}vaWucm&SCX_R2ER#N%3ek`j`d#4~Ns
zFyeaVV)t*_`UQm{jHyUs_wpiC{0uJY=GRHJRBY*Z)%LM`ZpC?BRDP^IlY`Zi3*LP0
z_oS<uue5HH)CA77tbV4mE|nvV2QnU;S7ot~El@x(QQz7qK6Np0??TmYByF6cDSEr}
zr?&a%5%K4hCp6RJCTw=p(L7gEuCGu~J`pG#{g^oWG|Gk<$Lg7NJ}ho$a&DVw9k66T
zb~pWcRV>?NKi<Qg?VWu~C3%P~hoeG+Htg$;f2Kmc^GZyjhSJsGv4^XazT<x*gAv^B
zW?Ypcs%M(slIRgCl`I5Z?i6_^81Js3trZ9(VWCO;=^h4@CD~=zU~(!n>YOg#CAG>U
zJMdJwDgT~JN%POqm{r%a^3$BPwudd#Pa<*G3LSQBK@X*usrYS%E0Hw1c@LDfOtyaF
zx7xwmDA`Ah73S`9uA;-psWnGQ+C^RXSavj2=iSCAzkd&MyQ@y_g~usIe*0%CEbP6v
zempjKMwWS#uG{sK?2x;!_1Mo(P1EdZ!@KpoLH_19_gPCY8y}StR+Sr|Nq7t|HVlmu
z#$&ax;p8x@2J;*om5pm8nY(81U-rSTg>K8HX0!%}jT6WRK$m!uxvd#G4?5~r-i&91
zA4;-~EVf#lS}{=h_&Bf92ad<>=tYu#iTw}~B{x!#fIzzYT{rLN=;LE=qkX^i?@iwA
zV5I3a)-_d?X=JG1+%RuVF5~ygXfYfi8?f~wZ*fdT+;6SRmzH265BHspMujL4%GZ_O
zrRaw09mnB&tA4B;Fx9YAYB;RVi+x<rHJ7JRt~W$ZP3AAOv;3lpLvT5WuJ_L&T-!V`
zMeWq~gl4Y&{F!h;Nukqtg-?T19N|FtHCl0O&r(m4(X2@z5^)@-$yMDO2r9LKk4*Y1
z&ESt!M>GTRf$s<qh=@j!TLuNAm!plQ<QJ0ONtZFFNSO?hXsr2K9mVa;NW0v|U9_J4
zF83XB>Y<6|Md^v6H2(rTQ3|wELW>JyxVMQ3KW?Ira_g`662*g^de+E%FVMu5uGI8P
znEWLCVQWm&XRhL1;f#uOU3Fu=aF*m^ak$I>F6+;7>`rxk<D@eQDDXvXL}3h>w|PN^
zmOgshJa6Bi3!cfccFeKOCp%@wW?C84QhfK)-h}-Y7K64vm(kLS&amaEalmf4Sg@q`
zekL9%J78%vOiC9f*{#7y>GCSH^-g{mi@x!8aO#JUrU>@Ps-O_O%FWET8_eZe3j#XZ
zfQYVA&0BHT8wR)Q{wb)|ktm^lr<Wrn?A~#?gnn-JPQZPW;B~D*vEb=V-p|}|1k33l
zgG0nWBo|0(cmv&ne$WhRi;{r#U$envE^9ZQ@?JL@{G+86gdS%lBx1NRw=>Iyq>dIH
z$y-~<;j+Wx-}kOYimsntSzWFfg+fwg#Y1i?wyAgq^4-=7+k1t2Mn6EIkWa2tGaU|Y
z2hD755pNui(+)dops@oybrEU?jT{yB;;oJQv2q0sC8|Hgw%DgvQz`GD(0M#{7j_DI
z<<5?Nw_Nrh(|Yk~d%o*4Pp5eKF1Ev{$AU4xEp-2j6hrYpkz$CkKKr9nM-_#bUO7hU
zm}^*P_39f<ox-*<0CO!c3WZh#6Vvn(BFn|b(KcANsUt3%rRBDDu>9<0ml2;`z&f$_
zH<fEA1HMl%MwHN2nez0}4FnbDo7UIlG%DCC#jD}+%-4rrQaF<#Z1|3qb~CAZAE0zr
zk4{}pKts*9?#$UzV!^WN^*pjK$a0i;mCg@~eVOK+9Y11Ihx&W*Ku`uFXFoE92|S-}
zFbuf;RI;H4i=yX^q*rpi2)yb3S*ZaI8&q~r44E%4OEsG+1zQ{c*efz{0y@pVSuhU)
z^561nP_YQ_Y7Zf#5AQ1AYB6K6evB#oi?dYi<Z^1)E+pdYG|bR==NCpHPnlyJ-vhBK
z-7YuD={_R7C4)jkB{q&GwZ1hNqNppzQF2u|%2Q|{<S|a={<&*Laz5``na*Fpv-@&z
zGruF)V>@-RV&;G5VXYL3$^V`v<TFgVpDarIoBD-&u|vp5<G3{#gf;%kr_j;-jH<PR
zZ+hu(n%1#=VILNn`edKS8tVSr8QZ8Q%i-(hy^Rj36dOTfv$@Gm_j$4u@$8$Ikv7Xh
z2c<8noB-MBpU-C{pg;#*>_J6*(XwiG&(q$wwfUI4!%8BPiJ5uC7vuGd;0p6uTtY%g
zDA2`zbHNU32eK37I#UaakbiWt)jFgt6ky<hHV!zvya1py2jj}+bHOxeNGQT(MH$dq
zw9Q;8EUgBTMQ4ofX%KMz9%>*Wt|#))6kv6ceTskOwq-r_`=I-~DxF>g%88pml6wfr
zp)vk<L7i?%cWZLd2YBy`bnc<Yy~9GKV|<@I(2)R@Pv-FE`Z_sgASvprzcp%y|FEF;
z_X&Zd2?qxU{lrZ%8qxoG-QicD1VW|!!wD1aZ+cQS%XoyfakA<gh5Ss?w?aOlQz_ia
zW)lMih8Y<xd+}0nUG%@vqrQ6LD1klVxn$ursP0dAC>{2<XGVPEYcWYq4_2o>_BbE6
z4~{Xqzv&pl^02?m^w=#e+dlj)P>UT^eG(^qvjcMwNtR)Rw#D9EjqQ)s-z$s437O6e
zBspIq)6>bRH4;3$iz>bU4}2>tWWcu)ojAEMRhNb}L^7>0K-)$YBZgClnA=MVZPN?N
zCPna`XJTS(m+Hj2O_A*SLygUg=q9R|DyxN6N4vr!S2m}#-Sp*5tO^`nV2-P#(^8pl
ztoVIJi{1`AUN0(t?hh+_S9R<)I;DrGsis!rio}2F?SFaWQxRm;aQD*Zfc-gAxaK?&
z(PWof^K9`PtvHd<lgsytXBZdiaaNNT#(OnQe0KvVcF*kO`0m1I6eEQKWM5pVUz-Z8
z4)@$AogOx4E@fG*-UcSix>qar%`GT{V3=YL#sgPwbstji5@LKLasK@7a{<Ylk3=7y
zBZ@p0Z$^|0;sk-LQY)@;f^m70bOMjYR552T=DKjDyh<@a;8Y-csent}_p&91w<?EE
zWIoFeQgJl>Z29u@F=^+UC$F5s|LP}{hPH9dH71XiUp4ISpRKg3@NPR4&u@*q%@nM=
zk3L9_M$Db$aTyZ4GQ9RzU%b7{FqurQ!)MFa^02b5x=K2Hcw0?6pRqI2)4jC-TclVC
z(3og2E6d9P9_$a*E>{sJ1D&Wa0|hdNPxt5N2L}%u+<0FJe{P2NCd6d(Efk?u<Dv?a
z%xJmgb8OQK`i-wy$IfGUf4J-JI)tx@hf_IQX~}^S$@-m&yR;`{zR2QAd+vydL!>yH
zgoXDsT19Vss3Q!~%A`E7^!0k@Ma@@7y%}qxW;)(jDiuKtf~lns<=Mk6VIDE{nxq8f
zXBSr1PCkWo4yL#BlkM87d>!t=4Xox|wX4xcX3m+GU;7Mp6C<xVW`sY-zGy2DKXf<w
z@)QLTfnYhGE8PIEMn>bDZuB<7p2~1;Z!!4Rubnn-ori3fnTh49S;T)QHwyoXV<rYc
zUt0xNtj)o8XZ>J!JvrgEWVSM1GdaW>??7S5bGCJ)@IBI+OZ%T7IRpr6?B~zBwTlhQ
zRq_?6BSnBRB@hON5~^D|2^7nNhR`SQ3!WE!!N)-}4r*B0zX)aEh1$)2NE=zFR4j?9
zt++!VjPGePMDP*Gj^Ghbm(fByDD*xL9d&MQhK7a?N97@gqeM<{<<ioazEtNCYA1(S
zDJ6*HaB7H%KpH!xkRg!Ch32{_Odr1sZDi&B$2_tM(KtwJCbyibet3R(rngG09c-rj
zXnV5(`}n*))9y~R#JsChc@dU(-=cu#e))XgLq|p)G%6JzFWB_E;*;7$ytmlJ1`>xZ
zT}ZKm<4N7qS}Z47aUT_|GDETRx(J68ZVL$Huzu+wxB1f1%pi8Y6M6gYBWSYf;Nak+
zb>dtP#PiX>F`!^ObAOdRvUh62)OGBA)9})J9`hCYY(C}@0+IX}bO)Vl>dl>zmiS=8
zdGq<9#4Y8?(0{oA4mO#jjaB>xuVtet;52y~>{TX~mTPKH`)qGfHDk~}@dfrwvo1eZ
zHQ-X7=2E4zMN$(%%7ZgDmf26jAdo!7`BbmxwI?&xGfxE`bnbxAL~_%XbGE$hmnCnb
z$4;Fgc!oQ-xg!^$KV^J3FPJtWHp3T~Hjqzl+t%#)qS`mQcV97h${#Osc{ttfs@^{z
zki2Io_1vs|Y;MpuU&p0CU<Wbo<-t8(jfCUIlunMvsmmxk{3P&P(vzLhd}#HytLs|K
zW~t=@ijK`uvMOcm{1ipnY->kq^ek)|SI(7**4AlrL3lLm*UD;2Mh^xpo2YI|3W0a_
zwXrz#7qzgs#Y@E6p7-u#>iqe8v7~YPu;wW!E1U^`jX?Z|TSwh7Ua8W!r^oHRQ@e>_
z4xi_WxX?a2&;vd}<K9&HTgoPr@dE$r^Y!`K6S*4(xPLzGJDz*l{D(1mwc$Q`^l_E7
zK7MuIzFy@XOW1h?(*NoWnAP^M-Zy-Bw+qsTj&%grB@XuXcc6)NgY~M2s;a7xkkGgd
zxY+fk*8p_BzscH_ZL#uREb!VuWrpv(q1K|{;wC9AzB|v26N+_qu(@agN$~f3A4AA3
zPWIZ-W}C)hFx>xD5|aBw7zb_k^`%Y5G%_(db@(}bhDAmY9*6ZWDz}5F5g4&~?mnAK
zevY2m3h1FLrN>CC$#p%Z-Gq`WJ1%lQ@Cx+i(OsGHnY<2{ci@=c>z(TC95qOq5OqdC
z8q?2Z=-s;K!#~=Qh{i5qo^9+a|L!#Ssf?A2p0aNGh<CO;&LrbHGN4tbb+pz&lK~}G
zB7LXeRWgf@$Ntd!Pgnq*>C<P@>)krsJ4=p?K)0oGpY$|=>O{fd^yuTGt+zlmQ;cQu
zFmNpA8t(bwKI$K4*~w#I_ONPQyIwS5T9KQZt3<PA$&SRvCTnkLxnNyAz~DJL?(*5n
ziM!yoMVa@IFBNGti@sd;3zPJAaiUYabvZ7)A_3k-WAuyX@cEbV=jOnyO`}FdNWmJv
z>;!qay%rTkHc9=$NJYHZlO$;l9?QG`Y#pVXK(uR8?)QkHmeb{BzS?{9y4=&7lsa)4
zy|s<fKx9Kz+M1Y<DOt7`{@nqn4hk#du}<2RS;{FUWHrZGyocw{uikjp{PbtDI%*&?
z;Ojl*jl-tcBqd2*qmF02Pq51tmkhRs#cyL?URz#Y;D2pcsH~H!t(&fQ90^nB5H-(b
zq}q&5P=)oJW7!u<E=j(I_xJPL&zw5?wp9@oI!#TyUxhR+qcSPfd|oUe{mdV-GtN4B
z<f2$1YvF%?rj2MZR`m4D#r<S2?z{51OlrppY+M())?hR5?zqBKdLR(L0tUU&3bZHm
z!$ceOc8Qw%c3wwoBHP~9VIZ_0oD>}@es~zz-ZsAB*Vfu%u-h;3dVQXB>iXo*%0~7A
zlH#hW7_p4AGkb`&rRC?+N$uhozp^P+QCD_6Agx?GbR3}SC$IFcm6w%^DqN-VVMkT&
zak#6>F<ls2$zFz;DaU)L)%Cr%DMyy}t;us+6qJw1E$8MjIb1t(^S74%AfcwxF?4Z$
zb}8$m-@jzXky<zxkaNM2B35%tU)-E9me+^#%H;*VI_E+=``vQIz)(9n^1#i6<}cdB
z(v)tu=8<HwfY_4K9#%XF^u|(Nug;;c!pKZA-$3?YIalJkxsONVzgF?Vk|lEvj4LD|
zTQQ|Rn!`Qo<$e2woP=WYEA3`*=8|JMU6S9%Tsm~FSoKJ|az=r3Cn<eafbh4#{G9D1
z<t*bhDWBn7)Q%I+^cex|Lj-W*4b<7yH8pW!WPndvtmM~eT+YhIh8B7o<p-v4X=!O~
ztxE{ZM^bj4tY~U@e7Cp8YWBm&%B-qv>ZcRXQ{UIq9rU<d8r@{5)L5Mk9#Wwe2cd6F
z949=W)u<?{1U#;eQ<pdTgoFOMVg8Lty92}!r`{^3>dj4ob_&Xnao1C+y++~p!qv_N
zz<n$_(myUW;E3ph5P40YAH`pXnMFA;@`8d_i>Ou@vOYcOrjVLy`KXG@A2+`6)j@h#
z!|+wh{4eq@jWv=RI3At|G^WH)k=j^W17dj<6%}v_Pns6w=aWLf^J#Ky?Cj8l3MV8c
zCTsn0i*H(@x_?tUk_<C6sYuT%gbUF?+wCWYluGL`tXtf%Ug-1qB;b~l5LrjhsBu%S
z__Mcjs&fsCC8enE`-QhfsvzoXbWZHTOYC=Y<44DdhCMFD@-9TMs<XKeq;0jq5H_E4
zc6uEHA?8<uL_r;|sq00Bb7EzAGgD_>g3Yf|TYCl!HVHpQYDk)g{p)<+RJy*k)xBzc
z>DnNXse=uSFi=nc6lz@!3Ee0k*Ff`6I<#MMi%--#RD)^AK#Uf~LX-oe2-Rus>~gvj
zJ61n=1?OPw7a$iQcNmu8qf%m^s9P|j0vpOW)oq$5-V>qgB6fE9&@*orv!K2eniWPB
z{AD(06KiZ7l|ZCb*NfH3!`hFvg1aiq<e^6~qV0kZ7bH=z;TC+IQ+xzup5=#OgR&fY
z^J?00+ry2$pC)9{%CGG5i2gtbU!vmy7yjilRR1<ZW-zHBONWlZ!NIP)_c#T3J4bDh
zAKl~hxKfc(rMsz-hE2B5w<nT@1^N^qI)nXrF)W#*`k*&ovWxRQsZVcB-pEkSqsGGm
zZh^Kh?K9!m^o&q3r?r9Fa+&mxKk2#fEBAEWOC!C4_p~vssw(?bmfsBL<pPsv%A1ww
z5&!COoD$Y3jN9ZV0k82bqfcb_iGbOADf?<_yBN2k0g5m5BT3<(IkON6OahzMk2PI(
z%K_;Q36K4EU!VB9H{8gR)Xrh?RpBHwu5MaazM4tjZy+@6d-*KcPOk`EbBllI`klv(
zro5(GMMK1I>6yQ&6jwQVjWl%ySMBB3LS{C;>K0eVHrRB8%V@aRkwT@I>c5z*xI*H7
zV3y`hdW2VIeQL-d?LPk3WB27@iT+C+;BLLBs(_6qQ`-K^_MpvN8a|^ydWQBXY>$?N
z73SS|y*j`&N3H9(je%FC*ZfZRPY(R(Q4+0hL2g+Y^WRp(0GXaO$r|1IyIa~UAXx%y
zn5|Q1XSK1LJ{Pu6k+C+jgtgR;Q$T8?r<X29w(V?vcXJ7Hl0CZ-<MO}WZ5)~be_i1I
z;pXhwB5quMrR@7>oCZP(?gKnHoqs*w*?gWhI6)jUG$d2Q!|#pX{aEAGzzXsoE$v^)
zj&x)1|0O&=n(0gHZ7Na8cVj%cz&LI{7Z5r)IURKPcfl^)5m>z<iVrIP_co6XnBO5k
zKM-jm+Z(_L?>dn>?f8y!>;-uUOB{*bc|JeL!DdEZ=i|i!DtkdeL0-q(za3ICB@#a(
zJ?#4$dLdy=z>i1foEUi#Lrz)wGLQd@?^)c$C3qSrRM8J4`vgTL;o-x;9!Nu0_LzkD
z;rlwy@z_2QB?})N8-sW}W{lkd{~y_R6ge}v!4dq<Ud8&)K7Ft<4VkB~NC3GL#6!Hv
z^T>ZF1$DLrdM_{;u^!PwR#=h<S>tz`scoufxCn6(K*!MQdCtUOEo>JHU<;;3r$~ZY
ze>P<T3C$YNe!xE+kv=2Sd{KOksx%PdEAn~vZ(pIS(`{N>THrARHskH;%Z%V)Bt^yX
z4y1>nUU2e!hFK?tdnS&oCL_#!jX&Q?&urex*3;UCJXUiSZ`2)dF+{6{%wyi=;Z2uf
z@tP0k@HcHTs_&U~iQU9A&-1Kr&&H0^s69tdQ*2jL_FRX)4I0+D-#W|6hEJOAjTaIo
z4>;J`l0d?{K%E4{^(y(S@j<PN>>M0ClMhzwj}FSf3!%ro`?V6rZv!-+837|zMxqLE
zNs|O!9wpzdXy+?KxRZ9UL%c^51o2<wF5J)L2DkP-8_Qm`r~`e=Cqup_2^v}|(qM{G
zpmVabPnfcPYyLerXtf?rAP&S^Ha0e*qJfj9Ac(TGwFMqzSTCP}0TfIt&d%=o%%GG%
z78Qlbn{2Va6<hZ}?D*1fO7SWWye;04ryA@7tqO*&jhn+y#xoR{rAQjzIbBYj^dQ8l
zh!G5j$%I3AI^{weSa~lm^dQ!+)Dsha)x5U~6vN22DwR$Dw5bYlGH6h4u=mh|2fslV
zu8?Ui-IbNH&=^&Cm-6+3uECQoJ(_sfLun|C+u)U(?1g_1+wdCt)m0pw362?j(D!@&
zz>@K+lCOH6R=sSI(}eCN<E=nj+skr0C90(RtG}Y(MAPnd#}9@tSEpfvHX9C1(I_Qn
z9gX1*e7{(ea6lv~$#=WP)>y2Pe|vQ*Dk;f^3!Jq6N|yniL?x3uWo2a*6%_=5h&Voj
zo3>}_(*P9=4-bbz-eV)+A$7F2rj?cso3b(?0F$P>+kFogN5_LpN%qQzWpW_LZTqAr
zss0G8_9x9v@M$F_B^4ECvFk;)q}Riu>1hfsQe9`izDjp>oQEvP@?Y)zUO9n<ipGq<
zOz1oGF#1CeP0st0OBa1VnfUt|QGQCqk0yvoIQ<k8V|-3}zkrflPAw*uu^cD_%Z$p3
zQf#Nc)EjANxh1|pR6Zv5U=WyN&B$IV5j{HOPrJzYs+Xpa8Aahz$Y;EJxV&=IHvhQd
zZr@a=I6qm3Pe}7^W#a6Ss4r{1EPL}>=~;jGZ4KG-O{3(T%E<i}PF`UL<DS%uSu9)K
zq1d)T6XajLNBv3Td|l`TT#+5gkycbjy=We<3dz8TChMHup3hG+DNsdjfi5G!pJpGp
zaE%wvpM&{0HD#<RFu~)i$BYXcE^e#8ed8Ar@>R&KcRtOLqXPLAAGkuX(is_uEex3<
zo)2r6-d6}{kal-xfl=6cN)vqB^mJ`T#@gg}Gb%M+?E_;7Bq?x&-qz0ehJttS=w#O*
zI5QJdK`!D>rn~IBwy?vR<7y{+<abGE2}kYg^*5vL{Ing>xkHr9ETat;QKtQOBVo%N
z+4E`z6twKaEzpYJ^d0bUxnY6_{+;|dY-W~2yRFAOPl$yM{r&hREG$J~vs=e70!iXp
z1H0J8&kbXRrQV&Moy}t*dN!`Dtjvp#<AKel-ic<s!#g#xj2)-esPrrYQk2+{j171e
zxGTQFPE9LykB`$+Qw`U9wGMMmnWd#ntgKOfU_&~eb(mMLcOC`u((RYez83h*I+(G=
z_W|c*2TRL0uf4(X|F@Zu^Ysc1q-4?*XcZ*)NgsA^?oVJ}-rCuzoBm(Sy=7EeTiZ6;
zU86uL#Y*uuXwl+Mc4=@c?$F{+(crWNibE;x#ob*3#hu{p4grE&fSk3Tw)=g*bG|di
zd&c;Focw|$D{IcV=A5_8>%Ol2)`K9I82vk5W|Nc}y0Q-rBV?o{SW_rS@`A|6mEvR}
z{np%$RYV~e;Q`k%nXJXSP0pu>LwgYhj8Z9F^nGlsHd;Rz9cfA&rLg0>$2?2*?k>$c
zL(x|XYX2k$=IUL@X8j8Hl39oaJfRWy5Py-m!~6Jt3=YaqD>=MLhDw_TP2k}j`lPo-
zz}(8~d1@?dZJXUrEwr>|`r|qG97=%aSZ`XgA3R`!`=7*sITvZN{NzndAb9LQmg``|
zB}%!+>P`)^@3>!;oXzTa9iMp*xpACr+aV{;<M?hvl{h3DY7|%(q-QLOtmw4Q0XiNM
zUtdkq`KM?$2^D;{@aEUsCad{yNp5WP;zmj1185~&C9FQFsTtTsak`Yl^?Byqw;INH
zw@EFW&dq0d$qVI-97=gIwJS-+!X-@hd}>tbLrE&O{>E7pG@B^D&_E{E@i7a!uhgTX
zo_{UdEY)C+5q9r*-9PVTDMVS)W&S-mIawfizc-r64YpuW<tz+5uPqU$Uwgrl-x&jE
zX-eDm1EDZ|ugmoXBJnWt>D8X&vj@-dYJ@m!tj)~IF~Zq!9-mm|4ka+yAD&fJ^=*d8
z(uwGk)-NaWk$4)Gus+dF6nbUfb9A!W(`TB~CGj=e?cjp-vscE}k#Vw%yuE$TO06QQ
zyMy{;DRwG+lVIMkr%+>D##5kz=P1u=MSktQbv0I-fN@2)_!Fl*BXhT<Z0?+Lw#V90
z6kr8eI;W9xY`P@ri^`KYGN32};88o@pV!vchXb9|!i)I(1rTQg^G#Q{blM82&;)Tj
zfBY=C<962ZKM}a(FABt;GWReG)#m}Oz8u+jd!ztRrR{n=z}o<JHPOEl&hO6(-(Ihi
ztrC`SLO2KCczflufOG5BwU6HB-H4J`uM?w;M{t|x7Ub2xX$gSx4hX;^@zS@JTCY|S
zZ`KZ_J}mDEKkeC_tp7r_U#RdwTbhaLyh9}JzhYm1^BoE@F!E<P`<qucmmYRQrR;#b
z2sJaM2kHLxgLv8O`uh6fEI(-5>LC!S%+Aj4x$E-t@c}&|CME`rSlG%nRe%8;Fm&%1
z8^e;{2(kNn)xE15s;0@g+T}-CZ6IQ=%8$F2uxjgW4G}b(d|$IRc;zBAm?5XQ)td^n
z1v5IvaF1N9pRV20XiZwHh#}K$ctRnF%m9nytcZvXosT-dTrEKMH(y>*q~=o`-+uI%
zsz<K64+^+p5)l(G^16#bl(S{|?bjp$t2`MQ>uO6;w)kGxUT5p!%5mUkfwX)RoF?DD
z2rcwFUe=>2F4y}crV+b_GUqAY@V@0RoS{%%vZVP3#-%18UxEZe8%{t-sbIY6eQ8EU
zMpadGK>Y-6xd!upl8Wbmb^En@=;?TJ-0KsE=tVB1-eeCMn2Vrp_PssoEc@fYVOvE-
zFAgS=&G6IBDZx@jHitT^c{=*3ZgHB&Nr$NJHycd!=)>^qHMZ+}%>kz_zPZQ@8bfuj
zQ|;zzAVyr>Y(%c_oMOpwAewCDO8_TiUc_`Q%L^(50`n7I_Cyw-cX1M<g{}5Dkfs!!
z1-n44q`bU50AvO1YtuGS+iO7A00au|5QP9{x2H#nF&f}G6v6(bYrLe12)-W^8qn=z
z_P1mJlV+tg*zUMT6`)|0ZuYW0?cwF!)uogqZVE#wdo9tM_rauZ4^Q>|`dT~hJ3EcL
zEmLV%?}BHU$$3o7$na|1kvwF0nEoO0T;|Ue<KA%|A6F3PTU9glaH0zwx1KLYSA0E0
zC~aUKH{ZH>dpU7VI!#@;_T4%(Vw@YT%%<{$#P7JhYOZ|q`~pGpIRVY@QvHU{>MUQu
zi!(%Kz!XZ4K6T0Kd_jJ+VY{GzhWL;bNOsHuL2IygHGZHlU7X~<O_jxoNFY0c+D@lB
zq_r@U3wWIY)KJ_}?&~Npv&a^gdB~-eS5*u5$Ax_EX38@fI$vQ`$@ee|R-FRZiI<H#
zl*hztK%Be$@t^w7#6*&>Wo$x5Wg37_%>1kw@QKgF{C-6TY@rgG??<L12gFsbCOaxj
z1`@cT+xl=j!U}^%08}h!4KYIGe`wyVuXjBx@$B&yHpbRG+Qg-wDb@ijj}0Orpx?R(
zP*PKeQ=zuM_+=Ud-jr3(ke@Z+5=-<AdPmpNHnS{2nZO=U$+kl{c)@95;WEoYyFZop
zhPCu^uH}Z9(0k@&`MJaPEz+CaN$=)^;Yy3eb|x;mktRg>Y7%{Qtuac5M%4U8j_>bz
z(VT;Fp0R1{_TEEX9HY$-JkHyqo3Yt9y^jyoO;3_}$Rg6}TaKZL)vTE8NwYUMY}tYf
zVZ;G9_x5Uab#!#X>0w^`;pp{yF2=&QfvLds^1;BR<gtn?DM2o^{PQ;;IaPu}q56zC
zjD7{LOY5V++Ml+9aM75Y-t`-@vSIC;b2UTcpbu_^I&YDz+NP%TP795dIYmH1J~$gY
zcBk96WiEg>lO|9ksbMq)$T!T0XZGE!)zkq1#KWXomwKq_W^<tAb0IO3{3WI7Y6q>f
zl~pli(b|)*m%EMDoAPQ-R|FAUG$5CypTQ}`Dgrbo>I?Uryp$MUSF+2QI`lHX-C#{1
zW6XLd<urV>t4v${C@@ZviE@kSgMK;goMyCle%O~-R@JXq=3FR);rjG1*vX^T5H2GF
z-;(xm+Mkg@kFAT6lZ(SoCcxl&_)o1y7k0dxP4C-HKq=8(1#z234FrJwz>auu$r}dy
zm3nZg6PCVPpuX}FU{MtXVWq85chqe%K4w<}m4Ay5=zh;WS5VgB0WT)Pj*&lHv-cZ$
zd8@QMkVBq!uwZ%4msD*3<UB0D2D~&^6uv-eSATk~WM*z&rr+Mx1r^q5bg@%X`hG(S
z=)(VcEs^Y02$xo7U0zzf)O17(+4ug95C42O@g0b!ts`BT*lK3i;o(j-Y4)t&6dWGO
z;V`NYs%9UyrUN3i@1oQo548PQiXKR_y$QFjm=0+4CSo3Bxo)1tO(cqGJ>fVC!91-t
zx5aUA$XB2Ay9j*;mbbV%LnAmkDnOhPOpm;fIAMGE{%@@lMwG|#^9ICu%BLG8Fx)A7
zuVyFE9~9OIsTf{Mih8eGR_K<VE*u8;d#Oz4s}{Hkg@=cuuaDskHf0zS!K{ERB@o>5
zniW@rW!LdRG!g&VWS62Rh-DrDD@z4x&_zrSl%3y&|KO);T%DbkT6So~Ztk5=a<p@7
zCtFalYN$IMw<a!MEWG;h5~w!}A9M{rJKh+Zs%LxIST|DI6;!paK;g4datX8UT2zjd
z|43sit9RQ%u4%f-ou1+j$eNS$0Toai6sYoM+44s)pG|s?1E$zP`9;MHVeI1(XK4@c
z%G}l*bTEH?qj^{O!1%k^7ODVO<jV7DgYqc1{dqCfvYbZ>;OKy68eNZJ1s^b%u~`@x
zw*Jjo90ZWp7X!W=!2N*-kgqzIq^TA7<5Dd+0cROZ_<;Zui!wG|N>Wfz&@1I^E-tRQ
zh6I2AE`UYx`ue&)1t`^o=>cep`jjNFcauaAq(}|>{#|{2eVE?jX=!=+$mC>Ac<XP9
z+fT$&;gz2xY4QsTxky8Wm9Vn1vK-yN=EKi^ej$$a#C-XC_WV4~V~cs(iaj_!UR76j
zNttzq&HQf$%`}~j$IhQPCOrHfLfLHDc%Te*UvUqpk`NIQnQH%yz`T=!NmHul^w$50
zFu>mDi8#4vKl~Mk+`029=b_A_&y6q`Qg?YUoJ{}sUGKP9yuOD``Jm~~{|94B7yo8W
zU5a1+4rG9j;Z^>6qGmuJ#8)F9J<xmcxJ?N0ud1f%;SeT3LA-=O6igygAzTOPKvg#&
z3jqJaPjknG_Wi$oy(2XF?Ozn-r%h7)f4Qa)bl%?moudcRSC+qBGvMw&9dI!J)t>*q
zwJRs;r$K`Dse&oZpI*4sm7>Zytp~D`O~a$Nxt@KO%vz1kP#1R(2$0MOlQGk(wH&$d
z-<C~H<bOGdGBfzGHvHvPU*flSiqPXQrjJ-pBGBfF?@ABekZK2yR>WkPlkvY@z|HU5
zFX>NW5~*IErSQu4VLZ(E&C?FtHXP8K*O*kESSKgraK7n$1Ejw~jn`AN$@Mx^vt%9V
zf)#DOw)P=^+1f-41XI$3!X`UQTDu$qa(#v;kQe12HG?j;uxuA@w0S7N>134WHYRb@
z8RH>qd|-LPKfOBOyJG!pY@=kEoL%ybsS(hq_^>*mIa5OtVq_z&0d4A)EZ9KT9tGE=
zS7rs~WnIS3oVFifK5sJd6Mad;p|5~G%CQy`fDOr!>}aU$Hm(=g=^6h%+v)BbNJ?T-
zv#Yu!%}BYwx+$+mwISP1n6v4T<W$wWn;XX$pgzUrWw>i)9v-Iw%3JEZ&#I30Q|=uJ
z=Q0aG)hrTky}iHlg>Ip}CmwsQw*nh1SMZAGTl=W{a{AEpZP6<#iiJfplQW}sZh5Wz
zfms?=lfgZn!~9F>-dHe_)zXkpK4{AhvH9ft(`~kV0ww9-o&Jz_<lLN&o|RqqGJF0E
z!P4!O4KDNki|E!y_v7$H4z#LcUi8bOcs_H>5DYumq_@zV#L~@Wag9nb&MZ%=_2cC0
zQ7CpVRE}~{r}~w)gb|ChaDCpiX<zY!9G-`VLEPg|*~t<0u~A3k4gC$1L8o2?{$yJ^
z&o>Jz)LgbV?&}Q;O54S22!VYHicy_Z)m#Fc!vhdVMy6@PU8dXu<(Sv>f}VANkL4D2
zgj|>viI^^9r7xKF9PZ4kpart-4!DDR@%Ypud(yr9G>>O$pe=buewhrWn%QBJHDIxU
z_V$!3n-&G2DAHX%8{l5H{<B_P#!r{=Mc<4CL4~jfsTi4Mgie&BKa&+cx*ARYIeVUD
zubq$!%HxFhbMZtre9N-s`d-Hk`xHfm@c=u}cY(>&&3JEnnj1dq?RF<T0P>g5SFL<f
z9NAmU&`HAR-e8G#<<1AUfEYt;0CN>pQ$=JzfI$DVm`$=aaQN|tqA;F1yK${fFP%ZT
zyiT<2^{JINC0>tV=RlvF0viWo2J)7Xn;2KuUi&!`*+%=_tt4rm=Ve7UW2Z#>UM?#$
z93RDSmk{GzcyRV#X1JQ|KDjv(P8rH)G`QFx5Nt!*%|dVPp_)nhT!D6SXL&^+hQ-*!
zn8~NSP+g2wF(Y&9%12*xY*m(|9)R{Kbg?ygdD=cmcdq`y0<7RGVkkCb$IoTS^GfR`
z3-cH1-Cc1hLW5*m0P(B9<OZj{?~nG_8ewJeLT?+YYwf?+DitiJpq#d6$XL_~p6$!-
zx{VubBG!c5JB&=i-MTi)ji1?kTN!Zj{?>=|_+91%sQn&XF@NqLyyl}*{Z>wWE#BH~
zIdr}4<7`{2B{z?+kx)UE#r0~UxuGvr!blj{7$BgPM>OPyPMm=HdB8Bq=?2OsVV?nS
z#L1d0A}%0zddh6u3G=1Q+WPLec1w|$PF`_wba#`Xs<t5~KXx6YUswB49scLZD_vW$
z>0{-uYN7E6G1=&t0v$Zg)WXo%d>(6tYcA+elbO}cA6EAvj4LZ#W<ALt-<7Kv^B4+t
z>&0iaRMk>yE52fWdw_@MFZL`$yzTYFiWH4~(Pt4=WxFT)D^EBG>|iQEVTSI~eK?Q-
z^=gWtEvomGhsqDl!U&Dc3yo}qt0i=eT-$Sr@a~a1DC{?PKV@H!2O}q>qp@0GT8|GC
z>BenjiiYC?ALBIeWWpuu(&^_Ht10xNU3C?#0ySQ&lqc22dH<QuL%dfum}wt}656F2
zoKxnj(+X#%mYJO~l|tl0-E|=lC8YV=LHb+vx6SM(1ML}@RGtk!wV;wWqi^S(&74BH
z-j%&SYPEK?J67Nn<u(39hQvoSNnA*^w$@Cn(R!ThG1{y6*7fl3wYx^;(te1nMjVOA
z%_N$=cf}#8JXn1fjeu#_vT0E)Bq(vM!pMc~)?41p#x}8nwCYy|e52Y3&f)@BGvl5&
zd4Zn%vATD*$e!q`o12^4*Chqqy?3u+@?F7rn?EkHzNn}Oz~zl2sNN@x`55H0?zp@a
zYOIAouIBnNB^twR9!Jepgz71m;7P9+TY*4DZk-sX*yjs66Br69|M3K(dW>`x0A6@1
zKmi&Srd9Op(S6}27QkLMH8m-)z5Bh}x!9aYVo!}?14(TO>9oqqC>!{@(`o$HuAwyf
zKCL9TtcZXF1k{Mf^}*v>=vh#}i5UGRO)?A5(|GM;T%E$B<0qnLf2a?ZjK^Ygo{BJj
zwixz3p2ebT9+fBW`cXQ>!a0we?PM}(O-M+M8DO)dDOUIdpCCFyZ8ZM7=Zc*O(Ub;c
zmXt_&cn-YfUal`t%T-Ze_zmy7bH~L-2v_FOuV5UwXn*I`z&{3=MBQ|Flw^0>kTg*f
ze{$2%dG<J`y!_~2C+rT}cM-XAGfSR5A@@SroU(5aMv4-07{|<82!zy0M|8ARH?k8f
zYx>Wq)-6a7ARWk;b)$)7CHeHBh?Mnh{-t@b<>0&b!zUJR#^`TF{51ujo}akAXQ6^$
z+xLU*yyDap=yEr4!(RM3i1Z)#$1Fs=LfD7lkTiI${zz*L>nuM~P<~RflCMN35ZRH-
z3wDI2f8wo?rm`J*)@9jO+@nYi0(JgilJ3*2O8dFVrkw5@KDs?$3u|CVA`yjTPR7Uk
z+y0s4cVIgW_hag$ikuRfM2i7C@!dC6+thr~<n{NuS0Cmt8L5jB(5t;{3qd0>blEW*
z`WBM}ee~}y5&-GwZ`~fkH+`wqMB6981kW{8EIW=V>2!@wzIpwRhw_4r*TKG6qhox-
zGQ<r(BvsJWGmaBaIVt7XZepCVBEw+ih2DqJi_o%)EMcD&%xNLigGphFY@HPC{0XJ8
zrz85za<Yn41)Rt2O6y+^xUo#rui6)hxfth4Vz-|MkMl1LoCfQigFqFmOx(8GZz4Ne
zPchH5D<soC(pof?n;*k9V`om*7}Oi<Y$BR*Yqo7)x%Q9L9kZIy#yD;DjTlx&auU}@
zn-Y5^s3}{$2+TQe6-%qQam{>{P*!Yy@omDegF=zXt7A6a+wh^<adZ@$_k!+3=f@<%
z;nfK^1<lJ5eHHr5sAuExBx!sWCR<l#xO%Cc@Bd6ewy#aI?a6|YS+9``*Q?q6-bA_<
z#sMC5@-w8XZ*-8SRJiAOF5XQDmT1ei>H$--xAf?f`7cMhkzKs8*1Z#Wn!!rpHWp{o
z<(4gZp>G-u<W4C@t4@ecxpd<%W9#A_l8=<-Hxs4wztvm-wXbNse;kN<rpx*;REH^Z
zZ$86j?E|U61h!(WoC$?^z@um$(AjbJnhj56okmm=j^j+l6$)I8YfJC-7`qn}0C(dc
zV3V5kKAk<%RVKDCct#s-5fC(b6edL!k9tPvO~li<vR0k0%~|ZB(#!o9^QDgJ#+T1m
zUy^FMRx2;gdz;;DQ4o`^`lLb=5Gec5qDp<Lg@Rqiho5(L+nIKq9RK0oY{QaDxu{Z9
z1+%h5=4@)ZiGhKFXU$TMOUaHf{b-fv!J9wpu~Fj+;8yy_lTb2!V$|D<Kj}$)J($9u
zC=-k$yi>~}r(zvyw;3PbX<|=YeiACqp)bewVtww%`<I8A|2PtLi^Knm9}yDzkPhwJ
zY1zvcO&nfpV63xL1bGL2HsFukee7jwdLSscZi}`a=g-M1Xv^>&({L2g->La$QCms<
z-12+5*A+HKfEQsn=2%CJ7g3?a|4vy&QC@vCSdt%_)EX@(3SCeC@k544lXL~ME|ds>
zbL<q<-kb2?wzbqKIZlteCQzp(==ulZbhyU8x*=7PO-vFPz&Elzis4o#AXCeWuwbRE
zU#osSxacn<ly}~{ZL?m-t=f)nCzy}jS23t-`W0Z_K^O;-{GMDtWlGq1?M(ZbT{XT5
zF$V;kBrt8~x!RFw#0Q>54dH|un-buT<>D}xytLV`f6^J;Ju+j4cfW2S_h%#)WKOXD
zS-FkX*ACkBC+W^|oOLqEHc|Bg?)Dn6`|Tv98^H&Mb77qvr#bGVUlpi$!Ji}`p`nk*
zqXt}ZcGU*nQ@;fYSaU8+o{JWD4=q@{-eLK&tZPo4RuMboqAPLqzr%$%`k!^096jEf
z>7AEakuG|O+T|$D?Gn+cKNIg8_w^GbXjqUfJ9e^9ff;aANWcsora7>AB@Z|1!QJc7
z{{qCYRf)*FXMX?&rex;sBlVAg0T4Z(4F#%7_qK71otU2^NjD5xQf0UEy0=0gL>bN^
z9X_7Ki{<A9iGi6ANXTF=@8bEjh(zGGV$0b8;ACQ;Q(UG*=8+~on<*QpByf4wPr}6N
zmVKDpS?-PkXyfpDO@eoUZ}FS?1h;*%OC~MHgn7|g2OS7jU8T6S!Acka;Ao1XGp#`B
z8)~7S3!Z9|Awp7mU!gYe0k`|sSiUtSA$J@~X|u&(msMY{20~pIRs%Ek*#a$^W=;CO
z9s&v@GG^ngwCLAiGsv&hSr3Z4G_r0~sWN}NoKxp>CI;?a{`&8B5-y@G+Kr8=VxO-@
zOJp3aJ87m}(A!G@op}9M`3ulWX}7_c+4Ii#69j#_-5>xllDwch_r?TN94kF+XQg0X
z_c`~nxB4FG&AkvFuiiTY5$VjK(fvhTXSu=5=jJaIeZ47X%Df#uG<~MQYJMSSZm{np
zjF(YYyA!^R`CtzM8B2+FuAcfkq}oI~VS>JO(f?sCVN}(oqhdugfN)W%ni&Q61`ks8
zY9`q$8q%c{R0O;QEnCYxawQ*`+$P0g{(oX$RtANL@$hi|KRRV4Nln_K4CIw`b|b~f
zrZv_K0C6v0u<jSa4CPflV0DhU&wM)$^zI+B4bkL0G;5Vu+<#FFIKU_GYACdHsc}@8
z;~GC|>&;z{h5$k3QfEVZJyO&Cd+9+DHvon4YzQJJ`e0)(FL+vyGr=O%@#XdSQ5)tf
zk$9#xZS_O~XUdds26SPOAh)B<;Xz0dWbQ@Y{wS`qT08|2L0e5hJ0w$s%gI>!Lo3Fj
z1+$K8seW(Q8xe?z-7?ba@;Kxii)6*^0fvp{>i~&UUJL^aKey3Xe|la8p(?i#XWfMy
zDR+W@R;|x7FY<hQ+MPPKxMWoN_;S%JG0ug)VFCbDS?Rfr0HtR!Eyzmp3w;QW2ZGSR
zWd!}oQ_<fu#buq(Q5Q(q^sL*1upU3&)q7i{hD#;VhyYI4CnhJ=OT0gsE8zy^)#t7P
zap4L+-nIiLJ^A6j)*_VGO%5i`5ZzE77*M%GLN&%V=k9PbPo1xD?fIm_asTR5*Y=v~
zOZ-4aCMIJJ&B;ihXb0oL1E-P<wSotC-{^a5|8Bw(?FR)mpgM)}mESL1&A30{$CW>E
z(wbNqV+w_g=`>SU^f0~u39C?tWU>kH({EdqeeRx1@Ln>APK7>IoBY=hgj^jFwo1^x
zV@devrQNayoe5lhPWY_eI2+|T>(U{sp?o}AerX)qeu{Z8T`%gjnDpzI0%%BMK#KqU
zXAvi-+<_$}uDNtN&~dEjd^VrwwHs^>sB-Y1g|&qZZ^IY;B&bO?c;k6KnaJyPHr-i-
z_B_~}sa`0Emww`LHtmh}xcST7x<J5g3AyPAdkj59CW2AB74tdnuNq(<#us_L&rX*G
zK;;uRjZj1<oX6(Iy>9!no}$#oLYpeDATxhy)#R}3I!4XH<rhkO=7#)c+gq#S#ezcK
zeGXpl>cb^5%Mw*5F#6myb&tjMpvl%;u;!f7_Ba3W-&8Krn9SLAr>ZkuiRM=O!g6<T
z^V42XqZ(USXg~sPmGsIH(ATJ!_`Fc#d_LFm`n=dMS)#0QfHjbqn0GEGZ5H6ZcwL8$
z#~mH3$Kx83%ua2^fd1>DEgv+!vIU|B0$J__5;#$2NCY4YJI}ExEr8m;wX=}<w_(5C
z!~>=6QCi=b1UW%CCDW)mGfjka7n4Lu$k|i82yu$op~{bwnTNQe@glqqqQ&O`ixjzp
zi@Nax0{p?r`Fc}Vw<j)8#f$ViExM#*^!@PF4!GVb+HBRSY{M31)Aeo2lYKCJdYEZo
z%mfq@-1YAAQT*s5+?p>~1aN6ceXu`gxy%lZRcs4&x?zS#l1){q9$Qa8pJEz!*}Rcq
zhGAFFg%M28o(}<Wg?;wDx2{-*mmRX(2Z=f#c(QShO<liNIicoN9ArmA$xz6^!mm!o
zquNO~lDu#;fQfiVqO88TMqP}sc%CO{*QmF@J^8)rSe5`USyqtl8diS$u`>{>D9vY+
zgAc+_E!s)1ycZa<>rf@9R-I^7$T4v|*J5yQ__A_<BA=)?jFX5Cp7-_=l3kz5SuQ`p
z!`|+2jH%oic4pMK=Ci$2XFne>%zLDr{rz4|rxu68oc;d6@|PpGd$YzrghWYbp|*Ty
zr#0)XX{;<&EIx+BO?%!*^4O~DrA-n!ug|Stj|3tknIR-(FA;i$OyC%&^v2?j-q<U@
zj&@&{(uRfeCovzF0=7t$Z<1x5z@|n?h1`e2H$smgjUtz0zn7HT<o`IHNEQnx!25p>
zC~mf$Og4JL4(=8d7B)g30J&tKiesuYZG4*k+*+{5frQ~0n}lp*6;eM+LPAT3kJ4@q
zbC@O}nNC5%pSxA)zJ24SRwZ*0l9$3lUs28(=GsKn#@5}<X#7<IPX2*qP{3=~chOxj
zBXcoj`%y?Jh12X9y{>D|`jeWnRnT1AQQ?t;sv?Is3OD2JEGQ%;|Ky_sW3yMqhgo(I
zXayz4=#T8n|A_6)HUrm4NHa!tTs!-oI*LzhM~)jBzqPD*l2YhEM#edsaRxDIS$05n
zieIRjs@D0zv0}>*VdES&hFKoz)kg%b<Ar4oG559lum{J+xiy4^rzttY!wkn`<uW?1
z1v|eV7d-J!)E%Uv#6#G!fFoifI-NBc=s|CNq(rz)3jKFmOw72sHQG#=9~Jb9#KqdV
z9H8)YAK*LySX9-T58@tqskW5u-iv3&UUbf5XtJUp=Qgb@6=H&27+q?3!#PP@$GL<A
zobN{)nG)c548eczZ+aBGx1o!~|9?oX!hg7kR(o1J3P(_KE3?8`R4rcx1sP0isqH6n
z06=cHUJT7~JESM&NRj6MD2SqrxHT|02)fcpj;D`dB=#*)<WtWw{ckbb<6V-cLR*uQ
z!bTG)FDIgPBGqwKBGdAGi^L7srsDiRh&xt8BtOU?qN+I1hOX4Hs!FbX3+u_m43cce
z(fV48MXIe$)MKt^^X92RMUT-ELHyi9H$Eryiar}_F@24qmnaW#*rlqgsPo|{c6Rjd
zk)LHR?V%v$x9V+)GN_Av8+j{GTB3hL90fbmnSrb7<+epppnxnL6SvA3JM;9^>pEO*
z*5kxp6N2%Z$N-j;1INu8U7HU9$TdJ3gO`_>QN(p=mT~%hyneu3q#VQ}?b~>owFULc
zB72PTUJuqiIGcb;B{=b`7MtxrK7;Ld0zB8SM`SONwC+x`7HSg%*u>3t_P9`c><A*G
zF?HVIfkK<NQep%+YK&bymup=GMUn-qc^NelUHNm2jEsY-IyTgxd!uTAfb7UYz*8#r
zx(BI(splW5Sby2T#_KERptp;(rL{gPL8F+7-d4#gydpoT%>pXm?NZu-0cJN{ZR3_R
z>iY>?DWv#df!XI7*X9|5@ORDT1Iu#Lw-~DOVtEq0+<i4jtnXwNJVkwZJh;f=nx^y=
zk+6ZsOWW9C?U_k~>atjjz1kkWYQ^3PwAS#eqb^l}g_{X_(%^E&UVfY7OvsG;<k)}G
z&J+!{CC#zLbauLf9Co`+&u9LL7FBZS1Q2Y`I*J72De(mp9qh&hxCfH2l`F}Vo!zFt
zQt{Fb>f|XEUvAbk_^4u(`5v%uNpn<4Pi2_MQc%34qELkHB5dJf6V<hf7<KoX&u>)}
z$`fSUH!FI^94i8&B}uE7psRDXF;&TQ=})o&b)KTUV!!p}<*``}r;c?wh~vhrwdpRd
zg+eT1?aY@h5&hygex?_9zdP3n8#qES_&B<rt^I%k0-31(Dj>eKJ-j+;()^(>n^og=
zWoBk${n=67?lF;EvnRM0NM38;)-i^65T9LhA76SHJPwHtkTWuV&U83^ofutsHc-3O
z)KFE{qZM7pS@eZhh{niQUuIA0tvYG{Ld=avlJV~(8C#jibxzI;iw?n*2b;J=F|?Fd
zdA&bz)b8JyE51LlMx4&Y(B(_+^mB3oFnLy^ZL&}!n}1^Et~V{BptSSecs)&bH|K%l
zlT^x|)F8#5Khk3I#qULWi>`8uWgV^H9Y)!G_GZf8q6GzSv_YL`M(>39(Jbi6sQWK^
z-~8BENt3a`UcK?G1(KoBqw{n|6Dl1S0PE4X-@2v&mDs11B@s}1=kD>PQnM^dME|c0
z;;$++lzIAfTVdw!4-S%ifsmRH@u|w(m%bsbvC+@hM|kex=-+BiVlC#E8fQHry8;U1
zC{7!j1)8&{x}o@$FZgggYkH2O$4C6wIlV?Uj^&w4rnvmk<b4HB%1vOO0XmK`brtTA
zgTvCC?82(eUTsMMX(IM0Imnnwl2hY~&gJP-e#M%_uA;9n$gGNXSE<ljkT@<Z$@NRO
zUx3iHkZYDIn2PCx>jV)wtBLsa*$ti*C_67beNb+H1C;r-ng?`y>VR=Z6bCrU!_=&%
z$N`(znt|O$uN_O<ZD6|x@{km-w|-efuKw_d@T$rm^=;N;k8l~ctMU{3ebjaAR{l0g
zoNIgMnVs*m{>q_2aYD&!#n-A(dk<bkA$s|ax4sSvOZ3R?i|2fx39h(zsrrB@<Q;45
zHY=6w%bJ6L*RFkKkreIOPw3<OL*-*q>b3|(H-pFmgeZ4bfBR}Ke4hN!FYFa-AKo05
zz5tC_7H8&cbXdPPrt5{(kDD_KCc69(w+6Dzb`FzHuk|1?6XL-yx=+O)q^P`DSs1SR
z=48mp%!=pqw8}D}N7v0kB($J{-rq@r3^e$OTi-W))0rzK4?I8m+T*JB@-JAwh54Rc
ziKT6&j+{m<XBomNFu5f1c$X+LUU-Khu`fom_DvA)<jouTe{%@4@2Q=ecL=Of^D5G}
z4|;+cca>J^9+OiFJLQKAoT+qj8Bqw9*;36KALLG%d5btDGi;HtQ`fUpEFCmqRVOm*
zki0Y`@XL#`CZWgTV3g#0{aT#AHLxTSg=xtoPY#Womwc~TFsS-m<1KaP)#B9Cg)S+t
z>=ju%yX3hnZK3NHT^wp;$OI>imDy=oVM$HBi(CDpysWey(iJLULo2n3y22CultgAB
zp4P}IHL!V4{7M_W@!M#xl*Xeztx-NG)OBiVr;Q%>cHIaAZhXLC>>JWO^KP>J=<)IH
zO;^u(ssQ!(C#ga)deW@-d<+e#g>ok&2?8&Uwx%8;4jtBAyJR$lh~bK5y?FAx8*+6n
zSY%in@->IX%VmlpR-*%~Qz>|y(G!JVBIAkFn#S1NCRC_+W?8IUI+hzLw1b6(baism
zq)bmA1&2-;r*uzgFE8^>`HYXb|A}ZkGvN3dvMu3;N)KKMwi4-pKoOHaE=Mu;7Cu%b
z)YF!7nS!Owl?uI~vEcA-H><XqKu9~DBwy!_3Fs9bUIypRz`3r+=Kp#Cv{ghZv$DP`
zw#Low(QwcmG61Hl?<~e#!t?JI4Vg}P!im7C;l;P7y<2kHun<(fIsCYYlyfpTj*&&Z
z4rC&tNyesXJ@f9ueE$cF0VQ0)%W*Z-0YBbEmwFO2r|cB3T0*kF@mmV+{5t#b8vA_8
zfkgk+aj29c<x5*MYo^309(yy{Fs$CCJp|V_@omSMw|hsbt>qft>1}F8K!Djos>J!s
zfyq61aRTMbiUlM|K_s(*S`BPCQ1aPn1JT))5zg7FY1CxG+N}qCnA3~5-ksZ0x5KzV
z!S}lQG_0l*wBjD-g*u~~m$Aidr8kICfY{Pnh1*q_z~-I$sLmU};SGu_A_hB+c*+gx
z&-xbi7`#!{XEm^ScH!RN!+xdK+_V!wjGw!vQY6jT%h*snT&)%zO}}6G;jYmeNc)F~
zj@;qbAuWaUF%93ujI5ajVGXrD{SY0t==9a8lo9)TipSB`7+hBv&#kYc{z{-0(<Ehz
z*ACxPB-Y#?{X6{;TBy<xz0vA%FQQ;7vQpEpC}dhA$(2VR>V9Myu*j9?tZfn6DQjdl
zRrS(Syq8FL`?h-TAip2sW+2mk7cX|be_fi;>rKK)`y9dzBo0_ls!;;0nZSUqm!8SR
z!ygw1{Fb6S&M>i$a|M+boJ}M0c61)tTDjQHmfid9C#3%$J`WqYIWLLv^|LMNk-6BK
zRb9({<PhmF6X<|^_TLjP9%`&39v&}*`TU544&~O#<U(u49rY^(8o9H~I^Fr*R(gGW
zs@XhsA(f6DiI}ha>37))x}@0IJ#HYB5grH&ht|P10;T?TJ0*z1t<X$-z!y>2c3)d$
zB7KV1jR2j|8)W-Sr00~w$TI*&eY1EwgbsW%5CgxcxDE{a{cMM7{&(1$W+&$N*4BWs
ze2E_V&S)kjp|X==7um{k2Q6r1(?p(cWxk3PX>*d`7W$46YD|D<KF%qUt6zJ*kq&k_
z`kxdn{VqKES#j`!<c_;riy7CM<g2Kdn2|k_d>|Wm@myfcTr*g?gbQEM;U=t~uH@5S
z=Yx895lvfbNtqQL4?zx=x1WPmy%yed{}Pc0y3_c7IHR(I+3|aN0C1bo%@6+tnE9zI
zoOS=%=-iBdL(`wH{4B^&AkYBv2xKGl@ab3HrklRF90cWLHZ(<CJGI~xHL%e?XJ<=j
z_`*#Wuj<0hs<;2h+6jHy-<V{TiVWC9C#8Q4RI7o;NFH!k$bz<>Aw&|?Y~@s6UvLWe
zG8j<LzHozo=YRj^vlzy6ljX3=MfbFTq}eaxJ0@BrzS4c$xV=(ZZcW~qENM|x1~Q{Z
zZntecPQ?z%Q2BefsH6H~A??dOV`7INRvYuP;2<mh{(*+ss^#`eR=%UT8?qQL*XeU=
z0mZt5{bpO?OJVWf)8o!3hm#dbjjlbmz3Z)n)Z6`NyGgpF+cV(oZ5FJ<JWv6bPM?VB
zEc<bM^9Kts1f^tkJpwr3<)rsvSATxz{fiyg9VV5oak_<5h{=QoC|!{s?4EZzmLJJN
znD4%y#dbR`8jM_Q+B%)JDK65{QmR8CltT$Qy^b<XQ@eYmUtm!zUZcX*_m;^B#QO)r
zW-GuwXa1?7!llSE-Cl3zWYFyCx&H3=O({z#m5q7k1sM|6fwcb~@CC(-^zcFqd;6`F
zn}kM2PtIQi*}U1wigt@jJfFjJwg^C7IhID#4J2O*?n!DI`D>xEP$>f#2|i_ZyM?JY
z`+u!#fCTJ}if&TF?p@aaPt)I!iepgkAR~>!*oxmR4&Syv!Z7|1+Uf5S1niEC04rO;
zN?r79qD{QZ>e}!wx74cXfR|4|fY<po&Hl7<@WfzKL>P;w#bQkj{N^G$qC8SUO$fD&
zbso;MPP_l=vMY!n-g2Tmp8keOZ{`v?lxbtgODP}<N8E~NPH0rGI=gr57f$a|DzrS&
zI%#k}R#LFOxjE}--0eiFuy~&YQ!Uip4o8#|+;%A37<NoGq$bZf?bqI9B{$H+7b@lX
zgU(Ad_FuW6CYr&o4WK<>@{`e1OK&c<nR54NL|HR=y{mb4p_OS%Se#hNH62^@V&hSp
zb<q(L_55={01$dzHQcYI;WX*rLjESpdw+oFp!GfE1>2qD_BBl@dA;9`2}e6A32+B{
zj_?^<h#IBhg|iN1jL~Q^T<l?z#y=gsu*UXF;E5fc+nmnBgkbiH9e3H>$egDcgRh5m
zBaI<ZLauXFMd+(DqmSoka!Pj@y#)=D2rHZ0sOEkC6N+F8%UaLOkbtjDIGSkfQp8q8
zq@jSkr>j|CU|H}{v|$z`uUG7fopVv768$-;@VZfMBvWyux^w24<`-rcjxos=w%g6E
zDea@9&L^~_@z6!!XVDuRRFsh1+}t=oky<ou3n{t;0xG%0#2)<SKfJSL348ut@ik#&
ze4EKeDP+v$B5{B=<$9gnTR(xHCmmjcaRzW})<v=#mXNT22UC#CjLn=_TM7v_X8163
zi)gwH4q>uWBz}+z+~OL}Yoj+avM}hHUX}ufgl>CDG4}*~NjspWc<}I5wqf3T(d+KP
zGo!k~Lomx5=^Yo(BNao@Yg|EiuTrG=p<Gwsm#SML+UN#c|L@8YveJ+69|X#Kx_|lp
zwadv-PLBLCIfeLyCP^=pJkXT?P6$BUaJ1Ib{ktCZN6D$yCnDzAV%ET#=DeQo_;|G8
z6i~G8DtTY{Z6fGyVH+x?eA4)4Kcxx~_^a})yoSpJGVpk*SoJk4Jk7$#dvF=k`A!Lb
z&PQ#da+jjSnhpr&lg%!xPaV%$+txF-x|h*Ubw@Rqy)SGHS0!klCesK^pQJ`|aeoe&
zxjjyeSsTmbbbn9VPMd0Vr4Yc81%b58WZSMEQg3%NT6WYx=PwWUsEr|u_2}E-C!ioQ
z?xZkuPN1YXq&?N5zR?uJR7OsYHvR1E?3VRDt3mg-mw9=4+}zxMIH!In;A|ItHUg(`
z@Sf=h7r9qc@_E%(Z|h@-=wDTX`S_D*)2E(WSo3@EJr^Re$c&4?WQSNUQs#c#1<Snz
zZBI28j#AxZ9UVtP=$kaxg*-5|)B0>0jr*4=fS<C-csDBHy?j=gGD_<-mt>i+sIxxp
zwsf(qb$hJ9MBMDD5yQ=%RHE3Y*rnfe$uoAg_t~@HtbNWyx%~_YCiOl(Xe*Gu_J2!Q
zcv|w2Qhty$l?03XtAP<F2Z>_oM6-n@OV!uD=d-m125pmXunx7+N_FTtj->{I4}WhX
z;lCl7kG)_uzOO&bRmhl@c)Bm<uVdWK+Y3mEgbXAoeh0sd4^WDBD84k<UM=oaxAAtK
z0H?U`z-_;Cx$f3BluI;f_Ib;IyWN(Eaf^=D7WMIDpR+@c9!*cOmj};VtAuUfG;h}B
z+&0Fol-r9Nb*7|G+32oe_t!j>xvjIfL@m3Omz%__g(IHxt9e<QEjGF%NY|;4LTXs9
z6xSS{!?rHtTU614$c5yVsrEum0BUyeIb>@Xqci^YXn(B6@VkF_Ex+Zi3ojb^G!#Bk
zn0G3K9;wett0gnNd2hkI@&5F#5$Lz^cq%pGR0&8B^!Lkx5;%;djc~(O>Er~Ct3Hj7
zj{_WBp`o#_<#v=FpigPp8ca?!Ug0UO7B|D^(yqIhl*M%q5<1%?p3rBSJfV_?sPqlE
zuXVpg*fd<u4OF-}0yf|x!hZp_w}I5WP-W)luglM86c&aRtOv6-z1QR^$L+E^JUpBi
zVNq381@1-sye>W60AL1#>AgNlZoXb;JKh*TAQ^u(^+ml7*Iz#dUDAM4D(%d7nwnCk
z^eV7w-vf8P0qZ%fcSi#?5XY77MDG$ZLDzo2Q6`YZ+%ep5!V{%{@0Z{#*nB++p>+@3
zCW63<tIQ=tSa}9g9gh3sdC^BTaDFB-cfA(p_RCp)^kJWj)~>S=!lA^2`DCam>*Gd$
zD@&Jq{f5lu3V5GD?641fdsQ<?ozCF3&79<LJkac6yx4)9bS+{CS~>K--mfbXo?E_{
zSQM@~?S8;2M1>Y?7AXh_Pi?6CXc-RQN`((-UWZdIoQbJCgM;Cm{Mz2$dcXPzZ1e-R
zFB^3ZT|49T3mH)z^EnJWVFNwY1I-t_L!mIwjf&fFxpS(En9NoBaPQT?{$LZm*Y6yS
zKu)vzo>h#9Q=Af0ng@u+0!rTI{HcSH&`p~Iwjdh4mHIa7RLWfC)WkX!?@E~Y&e+gm
z^`+B!7PNsz<7T_1o=cICb6>YENjzXBLO}*$ufFeMb<|-y?Zl!uYLm#c-UQA}a+mA1
zhB8rV-Y5>r)JX~Jx_G5O_nI}Bv=l%%8NrW}>wXLte0%rn#Nco5hNL?M0DLUAKr;DY
zcLWpel_Qf$eVo$W2au<P8uP;X^cu;M^pV~VL5>i*mTWrnAOpvAhM<wCLjM%kqaP}S
zVr7G<P7YK`#>?+vJscu8ac;hn27IRG0<|{NL3`sb)A5v#Q}v<*zb2fOXrFy85TJ<;
ztJ`DmQ$dm$fBtzZVfCun+sdMy$5M5+dQ#4FL(%PWy_ur+ybKZ0jXL^rI$#(^S(xI{
zRrwYLfVrs_;|vPjT{{BS!^dHz#f*QmfxjR1TWYHIsnzDcP1`WpcDiJ1a?utT-}7oS
zU@M?DH|U%Xrj)aT&D-tuCfy(@2i)wxFa)(Q#v1z}%oqs2o6Mp5M{BbB%vzKACG@BE
zQ$3*)E)$ig&|+*`92jbbtT=z;DXl#0Jf7ZG2CQ5oN$9m1Q6i>zz1epxolqi!#qFOU
zY7Pa%7@)G7Bx!Ca%aS5N4Pq>*k_J>fJ#tXeVy4+<I$<Ou?VW>z!9+$M@jTxbU@R&M
zKT>41vu}@>NWcB`JG-N}#9{g#hk_JGx#s=Hod8)vt<~g)*c%Hysg1EbO-_4z`|{52
z_EoB)Qr^YOnX4o`74`b|+Les&>yv)RBrOdV9iMlN5wW3Z*}{DxY-pC_Dt1f#g=C<_
zto(6)Ik?`!{R~MpFnzfnq8eU4(yg+wbe0@t*wY`iF%-#)d>gOH0m?6lA)SP!MnYOf
zN^WaJ&u2>LRHg$V?4xFywdn0DdUY0+C>HI=xMmA$HGI`+r1y-|(gZ5JSVL9Va$I0O
zZYX7v(sLG-u<lh|_@ArEp)f^gGP@k1*i3UV%|(Her9<RSuNv&q{ItlN1QOJbNZ3oI
zM61p`0$5S|FH6F(yF9OEV6)21XQz|2<I$QSY>kO^XA38s;eqw=f}J?Fah+5bgr$Nh
zE%%<LiB4IlE<ea)V`zq0nqjd?#1t~xq8iRxrl3)CuqAH0k#S}`+4BXZ-!R#9BRL2=
zJtJzM*O-9C;LV^D4twbSaL0c#`$UeFE^lh|y_;3%biXk}mAq?jx~}(P!<T+Sh=pbK
zuFgOPHUO1)`8}J0h_fwL#r1sB!|R~O4-psukkVN>oet+mO@GByQq07}omR&SM8O9<
zzPRfMW=%73h((wf(~E2{S|+gzN)cuen9O}+_^M9tY}4zM4J_%7_FY=G@LA;zEp=U|
zQqa?cr-TJ(9w|KTfuf8-BP0q@{V%ZgcWckgoIHEumeU#VL*avkm$1X;UX!){rqdQd
zdS49k<QV*10mh(L$qGMKDaRLl0xR^pWeLUDX;EP$1rz(=rc&y4P*AiqTx*&BVP3{d
zc89YNh$10@ZCpfkVWD)RDh=rHqQz%`ld@MHPmG=YIBYtQ%`KcUq)#uGadulv-RUFx
zc4K3gZnzo!gKN_d=xJ0rwEx}pEr%NA?_l;s;J(IFr`8B5-RVSIZp+xY1d$J4om(I8
z?d=9%ou6|pyy04YGfP$z_5x&)Z}~m!DdHTe7s+G0J&QfsX1bF}y+hHAly>>zB#}ta
zFfo!GXq0f~p`l0hjdi3B80LWi<em@*LOw#0lx()FN2Q(H0Fvpn)+UxM7YOZ7<X#OU
zQ?f|8ktX!P6HW|M^H(B_m~;+_<v^@MZE{x_8G9GqH$LN1U61xvNF)iy@AM;v;@!kR
zL7`iOi7%{+ZSf)Ojrpa;#qszA27(JVwfqcUB^kxT7P#XiqZlZ)Og*YSS^-8iBRH9Y
zK5X2sx~{^u#`p0roA9GqNB-04>7>5?iTl$J9}DvHcN$vSBBZ3Hw~m1~OJ2hbiAFXO
zj&${<h>kPkqco2{H&{%3!BnaEP_}*Siew&mtRK~BGSOURj;08&2>k0@#&3Ujyrew-
zG)#9K$}E{tLLRJ-C44Ji9R&!ZFgSY}8as4g5CvhNPjViZLm-3~KTi;HR4Vf=;$tsq
zvHZRyzmlI!Z7JymtIr({-nGVhFh|yemF3%xx$B#tyDm|sCB}I^u~IV<Gebx*$vC34
zV|h0{PIO?MjcC8OTDU~_wV|l6=}o>~QnV;xZl1dAI|xLKf>$mvV*1)2_sPPcq=|uN
zT?5FjvoSz-Ntwfx;kNX{=xx8N71p@A)x}alziYgbB8|m{bM&M!TpDxNe$vQ-Q_S8U
zWh%|<S(?M@ATE8pNwsS+=mEK^%P?teRNowsemrjF#`M%cO4e|C2th^8CG=fNe=k2b
zO;D21XW+AmQYH<)-_E@OB{Auh_}_VlPfW{#7#iE#+kh+NnV|pk)3=m`8*G%DjD$Gn
z_Og1=?ZH*=m#W32AHKu!(_a^bg<h!%<mKk}Uafc{{U!6eS>0~4@3TMETZ%n6PT$Pe
z*Sh@a0g^VN;#m|Ch@te#-^n6IqF&QPXPc*TDB!=9pjT}cLC0%sj%Wr#Ag6+hV7^z#
zJiFw)p{>Ltuck9xBoa>8poY^KmMY@4estNF>dl{(@#<P)7Y7hMPpMjJ!d1r4!s@t~
z0t%>?XVU!(3WGOF=*?GrUBeeeSgV^>wQ`m>+rV@BEb`Jaab5}w{u5s=EwhyJK&Usz
zE{cSCCg>L5)J>f5IGu4<<xOh%yn*iJ&+DgB1k;N`vAnGIB4f3Uo0K9~S4XG`N<k^i
z)hWRg&P5I(9c|J1LDPM0ZG~6M^eT9)uGh9HeHBf5uhHj9d5*0VaAB{uts&tWkBh5&
zxQ($OIa%cpO93}71{3r~o^~M<vVkosS5k(YB`BSN(xYPOv|WAC_2b<=P1nV268Tw*
zSGpLUC%-i!@9+g@BFq4hium|=2$ykhR5vAgms|qZw)EtKdjrJ!9xdgjo;B3}@ht!2
zzlQ3D0`4VoN|U;xVnlTGxVq|D;)Xq<A{AaC%$Mfxpbs;i`BrywxvQ4|SNQ-#_>c@{
zRb&z)X9O4AkucZe4c)wkUp~#xpC5<se+u{>83`;xfL*Iz3=06VJ35Q{375XudEBWR
zi|=)dwqZjfaS<sa&Z(6u&6dhHENJ8=ChV*jKEL%lxOo2wu*-_3A5GZWY_%F|bIzTc
z&iZ&f53{#@PGA1o@P4Xd{q+n&VZ`>wP2aY^Te!2cqgQh8VUoy9`wc+bLzfQdMx1vn
z4I%zvY+9uK_0^wC=gId9Ke{;$>(;*iXSc{NF5VA*Yzc52CGuE<j5O}G031&i78a#G
zg1@dfsp^aWoTb7@MoQ`iBYggMlyuf25}DDmIgnUmKKhSFtq3WV8{P=hudmnMWu^ZK
zutfkb<f+p8JKG4{I|hFq&Xzs@Uoi|pQzj@zf85_~zoWzcsPvP_<ys^*G>*qwtLB-<
zpHG&8-h6VZnys;2WT~06UltK`-o5Bi@WP+|^4~6g%etCyW|O~gTcn2S59>TAurN(i
zYcN9`?!#sPc7TG3YpukZ!t@;FAu3i{7${xarp|b=$#cFK7NYQ{a^$D+Ry2tQ2rqDK
zm?6d0_48k>tJOp507VY#+=s29G{>`W9B?Z`yPb}A?C-Y0z8X*8vc3#D5&uMsk5|Pr
zIXUSMs0TGwRlozKCF~CUqpP^CC3s1nfjw5YKDN>V{QTaH(4HnsQ+;j3JQVbX8@1el
zdu!xk+elGM{;2d}sNJN=3G}zP+YolsB~;Zr_Ngu~m^)2h3Uvts8PN?(P3V1#@4<U}
zp($WyPc&rEu+KyWhK8lrYQ&fAN*HXOf)w|f6OU6gBhHcF=EjY2u<SL`)JFEY$@U>Y
z+c28LmZiOhOCj?pLpew&uUY0-XFlm2$axb#wRWTai7y7K--w~#?~{H3@{09T<qrgu
zx)pGftc2^1Lvx_`coCIHiD!Y!`+Ixok~9FHZH>|OCk`9<6(Z$G!E<jKe0yt)!7AbM
zQ0>i|mb#pYLd{X9kULCQ9gpjhboYLbUHaVmeGTF7=&dgBt=(Nbid%uty@J{V<*|jH
zM_nUBJ&{r0USyS=OXv)f3Xp)lE9C-&2bnO{M;@j)I5-faDy;z%2cw2@3!GF^9xDyB
z%EQIsr+-u?UOzvbq0|_gW(YF4@cRy9^_t8{1WysCYBe359*v>h9JaaBT}*1uBi(tL
zE8Mq?(9e)P7d?ge4UDIW#bc}E>iW7sJ@cepjm^|OrmH_f8lT?eLC=1sAGH2FI~!D|
zsjk6AUHXK3U;6XbXbcn`h3E?%1(;}{CUu3y(k}ut<gG4mdS|8r9VopIHtjT`CTtB1
z4C=$wi*+vB2^0!->W=1Y)Xgx{N}b-!v|7_dI`O<7Ei#@RDJ1C_m8n^uOvs6su$|K6
zDl4%8m;Sdl@ZK#vc~E`+?44=u;l25wbH`=%Hk;Q%6*EumH0wW{x<3SRGCrV)6Aa!&
zO0Hyn*J<QmO*uAs5_WcW;q%3Flp6h&>&AlEqtuD_Wwr@51r)8R7M!03L_lsC?ol<D
ztwlpcZoy!-?r2V=hsAXHC1W;%`Mh^mU1j#xjs7iUZP7(xVO8*MkUtMnyLewDUl8qI
zVshi%K&f;l9opJe!aS9>P;NzcxfsWd>f1zDX*q1DEEk?{qLBzr_jPeo{!P7QwaHaK
zw!PeElJ7^5I@MQBMMooWthrQdZ2kE*f>$OY%~z-067Itl*QvIs4=t2+jRlIu^~aas
zXV8-sn61doh_+zu9ky>@U=D|fKCiZ3HZA!7McG$}McFp-f`Up&Ns551lG5F%EJ!1@
zba(gCpdzrew6w4y-5_1k9ZPq2cXJ-p_x-->oO7Mv4=xrS?&r>#-~49onbUdq!~7a5
zio>lJ57eC(5;KkjQK0yOJC{9vZDYwPw^Vkkw|m36o<Kj3Ao9OAA<Of-ZNg&v__G=R
za?I4idivx+U#XG}Cy|<zMF6fL2?k?}DDT1GC%P66_pzdQKfejT0gON?^bB^#+}w)x
z;!0}qw>~Uxp=HhS{8etpi8TkobZ?cdwu}5qeNo4UCna-2hdF|o7{<Q{7iEO|=AFuw
zez&?_YT3NpMbpIVz>!#`+^xDb342Jce$8DC>3H98*?L`{c!+ekuH$qNiltb#VPLa`
zwNZ*0{(gT4tL30Tn6use8K*$;cV{8$$2vDY7*|RllDBwh;b6c~lc?S%blphaA+u^|
zIy=dEdg~PXJgkBU7xm`KcK+7vc2zMl5Vu0by6QN<`NW2mmT8;8)jRgqTyy`{D>eKw
z>2xaoc4Wv~=tr8AfRu>%FVnzN@3Vx^eHXa_8E3&F`NPyVlrBNWvt{o}jGMfYBxMCw
zY0s9eFsN>)taX_*fhCx&wZpDHY1eVWq-fv0iK>e=s20A7z>J`bNKU?`sxmtl&R`S%
za-=TvXZ~4^TQPIHSk}vJtgjeXv_u1dbbKj1b_@4RnjWfHKZw~2prYw{DikBbYBLFO
z=?!cY$-&5bJFp^W|1Q$j)Ja=gUTj?5@3Y8bL|6Hkn4(ihV&Z}o2G`QCWnqjAGt;!K
zphz1Rb34<F<`)g|mqSCC8j4j`d?ly8W)35UmanGSl6aL8lgg_YX1S{T!&g_-yMA;H
zRukcR`Z-?5@46pS#da=e*lX}C5Fa8y{tgxXXc8|)JRp#5&WD<AWS8lSi~V`(y>6R9
z$$lSpN2)(z#U_`N^k7lQ-D7SqBh1h$*usntt(4)5?3;5WQERl|j@y1FcdvufxLT$_
zpNHLIuSoJE&4R1%j4^jH=KhQ|ylCeWcLkD;Edl{8mw)?dx9^;rz~xE+KBSSvH7&z8
z{A$;m`kYP*yyP4gOz8Z9_@g{YF0@2U)+=K`_YnOaT5zXsNy3nQ<0=cuwzf77%A4N!
zEvy%to2huWDZ6pYC1>05unYq3;ia$H$@t8afe9SSEj8Y`dN9N8^rU4WTMWKS89KZ)
ziygXt2G-q7rugqQr6piIG*M&cw<3(pEC&@X0pCyhq;9&u*8bG-JIs&DI;~$1c0dDG
z7-Lifd~cN{-cnopxq>O9Y=SJMEfn6d@)(B|J*2~$J(IXz27Z{S^hx+Rii?8AGiXR(
z=^Q~QQOp$7+m_Cvp8G25iYc;j0SgDNt9Gy_)|+0MDUBXGnhOFI(0O!^4e^yL?3|vd
zC5+}fLNAw4a>MvNg{p43e4Au{gsxK9COkHd)p;J_@12d_+x_&~oN5<)4_Q0Ej5ja7
z{rT}?hPS!01NjTYb;);?11z#lT_xl&IXye~U^0@_StB-eLFA7p$x33?O}WNA)s2Ry
zXy8wYoa5UM2wt2e8b=Oq(|{^l^~=}$l3)BuWgwry4J08zwg3tt0f?kxIYvV)<f+p~
zYv2R1u-8>Ia6>E3c)jj(VS>T(<jKg8>OnD3mF(pgOPj~bI5OQm<TBu><QQrT(?@t(
zI;E~XGlM-;%l=r(UJ4|ZU&&ua;Idmv_B#5(1_$3clVeHA5MZIYle_L5!x0Zh3d#jm
zk8?^l+R^yXL*B@N!SwJ1_I46bnXHw)8){zbR<TPolTTZg!4+1Ll-@oMr#;@(gXoUl
z^*k{6ZG#m@oNMG{x(Zv(q^WH&Q-Mee&MsHxF&BXeHQtrLrelIq@Em8>V?s`o=<3{Q
zu|u_O>Wm4CeO1n-RTQDud|`d5bJGt-EZNs`pC<j<Sb-UJn6Rs&luTwQf0-*WD-$DF
zRT^W^&I@ACfjK9Hkf(fuROUe&mlhn+@oJ3AdRJKa@CB6zn?xc?)UD3M=PV&%ox1W`
z2jj1we|!ImpCV78_wqitQ;MIIe8@nlLk9fm`4`RffjCXB+QjzlW4fV@l8yJ9kHKKa
zMmJcEacy)id5SFMnI&Is3w(gziL2P%Lmd@0(JiDmcga!`&%>*7dK1F_sV$RjoVVB9
zA)Y6sZ=uNIii;l?_k8<7q}=XGF#W-})6-Q{p(~;KUrne(n8!yQtdmEw_j#wNM{MAs
z;l~dOdVAtj{Z@1N@&H7mhUbAC-DIGGyE~M{fCX>+F0d+g;~*sEmJ{*$gO2s$y()HL
zokoL_2S>8K-(DU}a^wzMIkG{dUiaCFp`IsE2ep~JXNCHV+Z@?GpjvcZb0Ul#$=bEM
zp!_Wr!5Ap2D%BPRwa~UuGNNt7HqFc|1=2@Y$4|@YFElhDyfcG)?D3reu-+SG4O;e9
zLWt}u)h`JNvHZ2EH4e_qE8XP#v1|toO*pt{tGsk7v`r7q$t<9D-vd;OGB_#{6DO_8
z&pi{{x-is}VK5I!QmBeLPi+JxsCOCdtj4VjaFU{YB=Qi*g6TQ&5r}|;)iYLl$SLC7
zh#A?G43^AmW#549qt!bc1aRR4be7gBanbIY+V!)!Mm_ThIE%-TYB^LsknLgfQuU;s
z@5V4ktn$u9=-8D|$|%{K@;%(+_W?Usee`o&>(Ys>^KA6>P2-1xQ&PNA;AYb;q4GCx
zki*nW_6pr<)n&oWnp+cx!;6P*s3FQ3&p~2F_6|T|EBSl}a{@3Jy;j14tIE^xrC6gm
za3O(JGCJaPUvSFjw1TH>AWt7AZp32F5PCQY?_V3j9B>up6%5(Z2cTrhgZmavt|&3Y
z>FRLcQfiKpz4qFA=V3@+q58I3#}jywYZQ5T)6S7yVjFWi>c@dK4&+F&#R1bYJ|CGr
zyj|PNq1L?&H8Wd#zr*@Bzn2V#7h94e!;i_-8MMBit$oYjMYKL%X||j*>P3x%t7F{J
z!$iNmA3GzGzTEbMKox_ix2J;#Qgy1jm)7yN?*&F%cG$6tk7-Nc)9Aj%$6yZBM6tYa
zhmmUCA-?F*<q*q-T=TMlb(5&v8N(4e{uCm3S!G^ukLjV)ks@)TCQZSpUGEmbN7&cH
z5JGum4~~5Oe_{a;p7vpyIg!=VUU)F#kYR)qM#1E-2u+Jc5AuYM(GJl2IYsB~yZyy(
z)jIDB)#2m)2)067DzYms&KE$P96T|r!zZ}AW#*j5Gi&xKwU&%q_e=;RQFnJeYLJBs
z-qSOAj97h<x~m8W;;!g>DsJEuPg32uwh#bQdKz=;=7~#&QZ8ZPi0YQTn#=kkB@bus
zyxLRyg{;n?;oDUIdb(e6ktV&+Q0PF)F=~=)&1%k$$D;G?BUDYd=#dTFCHlMpeM1ru
z$aiM_u#$l<=2X>*KIw%m)UIZh=*)Wgw-wwF?F?9xkNRg7_oxYTnUl34Jf0J!W|dOr
zgfXhCClxoV7guRhPo<zITf8MiG5t{iZCJzFTSUXjVuX@CybgiFn?9!lCQ1)VMod`8
z1iU`NK7VL4W~p8_k4}W0eW+hNbrORsx@t|ubzNzf%Ndo%J?3MS(he&)G@~0f2lN_c
zPGcupv-xlhVgnNgkSKf*i$&lB^_s1sfDZV#$tz{y0)3{z&-YeuS=%}JDkry9%u6N1
z7zN08S##9j2}Dz3(XEu3PGTj~#_un9>*t(Y3EYClGe@&YdVA3Bp#h?jw_<RK0ANc+
z8!Z&j6O}WZEuN9T10PWBAq!KGFTOQVOA@mkpGF3u^K4uDLUL;M)bf0=Z(HWcCaiZ=
z%}NsptRu$(Sbb!C--a_@Yd%X}V3p--Vsmj|@<zZj#dLXga)18U;7@(|qw!OcNq)Pu
zpYAdF2MwtcXyH|gwb^6&3typ-%?~N&>)w0T_C&s6`v|2<2XWXJAD%)04cCMl)I$B4
zuRf4r<r{FRV)uGTGP8JLUwc|(!^_5k-IBx_D|z4G(9R9zI5Jg=*_2K&@>TW`z0c&N
zFKAk)0eTI9q|bkH=cEzW`QoHuvOA0POgX4Kj4CbT;ihW{kCW`gB%4e}m~3bDskOOU
zKv$C1@n&Edwi-rln*-;Q*?e{5wnx7hl`;C*+1Q<}usKD!D|_cDgF14HE?hnW2i?ZW
zU*+rh*2Et5j`V0?ZT@v!6kkcBnL-H^wW(b#I{wP5&SD^?bFGkPSS)D7pse~zEK<xU
zbq^o(M5-CLgCs?*>EgVXOKhOY^l2Hyh?Ulft9Qg<89grsbLYdrQt`v!2hk$BFnN+h
zXi_3&NsCc`))r>dm$wGx79^EZTP$m;v7ac#TCxceXXQE_UQymwp3Z9#Znh17Qh^uZ
z0HKj=t~@!q@|!O14XJf=YK&QVvXPCM@=sC4Qj2(`=|KxjE+_Yts1q7fS=AnE=cpST
z^5jwn$r?R+)J&_I)M3R<4?ub)Y<FYKvSBl>r=0ZcO)Qdm)A=g2rA(0>neuTkV&B$<
zVzaNw$s*WMV*VlQrpjCquT;}N=@I)WJ;>3v(N`uEOC8A?cVJpyj}(zCgXE9WyRKsW
zv@oom%{1A*7p|G^z!M_5P!%SMe-q`_?d7~WRY%@t;=WeErLOApCLPiq5XF$Q<l*Hz
zY-vxzNl)5@1LqhcW9U%E%IU~dR146<f0_VqTZaD@nK&}N9-QZ`A*Af=>;a~oQFP&g
zJfR63W(uQS8yn_8anHd)`xeR1wD=Sh6qpYXh(62Gn-(IS!Y#G>Vf$x96cj1p;R9o1
zW5cS-%F*HBcFX9s@wU&L7elyDX19BC-|WnFuYyTc?5OTX&ssU5yOqdFG`k0zmlQ8f
zKD_jq8=`y0S3mhdaO94)o1-srKi#peH^SzLjX-)yL!+XsTvl4@=w9-Nx;suX(FHy~
zul=OUG6ryHuPNlSqr7}%jVS%Z0f0@E@MgrsgDY=jV|1cayx{ln^4(^68v+wUP?7pS
zme~vDqgEfJWkeuLWtF=hU2CD>W=UJuXVnM&e)dDAEpI}_KXGionXuo#2fjVe{>ShK
za#m%YB%L<g`;b`%boPen58a6L?G$)|_~nBOqTIi3kVNbloWDOJy;l0yyN84%{}`F@
zpN7GlTOUzb#BHCA{=*5rE@+f(3&+t#1_}b@_xu}H^o_{la5ozuxvHK6?-5W~lDO9T
z+xpQbn~UlXranj*x_dB^PyaAG4;ba~eHwLveALe$fq{}?3kwUxekAq;S8TAmCo7)b
z^!#a{f-eaO@~Nv!UOm@kp$!D#O1#9&Qi@MZOpJ(#NKBlXMLl5z7#*L7_x_eXeY4&i
z@T4t_!p79}k?-5P6sFs$?`erK(LeQ1Oz`P9!@P0}3n&{t(K_Z@mZiIhxEjfb*s7|Z
zB!YsdY(OIZfhMbDB}(cJOb$bR+U-o=hnJbPnYS2wyO{I8kBd%Z_w46%>D1Jz<m|rt
zCyM1kN+gZk2*B+FNz8u!#3EsP$;8AYB$N!3P2wZKeBjeK2k>d4@&FwwA>jixF$6qN
zR%dyrl~SS0L<P*fGA3(dGsCDD2k3@I7OP&fA882lbmZUxYyBfVZ7Y`fMY2R^8`Y+c
z%tOx@^<UQF=$>=WM4q07eppBqzH;k})DgNZ7>?f+rpCoZqo^;|^>^zkj$86J7}=V6
z_UFdFZa+Y?3fnD!MMOk+Y6HW<<YZ)wh{ZtRiF{4~tD6r5<p2)$tgQ93{Y5l1G#@A9
z`}Y`NZ2lwa<wjpm377qR(gzS2qfwZzOg`aiWtYbX1$J5ZyyWO_zFHU-MJ!*<EWABj
zF?eJCZAjCh$jSPmlF>hqh;VQNNM%enWuNI6xbkJ$EN+=jUF&AySgCec(~vQbO6-df
zLn%Jda=R1;TcGcjpIoPrv(*@v=P_7nVni;@D?7#zw&Wg0sZ>)fQgpQ`_t<{nzA)iZ
zEvvC=Q|#^BJ>h6^zy3P{L&YZakBf`N6xFBE&(BYnMI6k^$_fm{zOtsWQjIz?<SA!%
zUY-ojXW(#7OmrUByiJ7#1#Rv|T%rIYW%5{_i4UGy4@abltul1K0GU6k$L}1$r|5b`
zr}I@-sn$(acE9(M+t5a%P90L}ysBBbrxsAT6uD6;?Rpw>6gqG)l6#X|{JzdjW8gTY
zR+kc#_P=EzK1DZ9)ka&qdlIh8n7|}eZ!b4*|2W)H^zHwbP3(I(LL~SYc{a}(m5i&A
zr^{r2k`p;>+|>RY7M`QZyE<AW_~V0wkwQg{F#)bCe<(?U`YNRJnq1i8a3We3K0d!F
zF^5_?vQS#`Ura)HHH`q<ZV^cjG?Yd^N<C=$ha#Sdafnx0#OcE`B<9hHL`X;t1qI!2
z;qdy_+{`Rs>NLBotPHr<{qrXmC#N!fbZhh77fv{BVCwtK^mJ5Y!iMMu99&f9u@`Ms
zjCr|^o*gkFDV`AR7nn~zakyPf(T$`{RdcPbtn|{AE`5K3+GlpY<?(|2)$GsmAFUCw
zR+J#nM?-fDT7N@D`x5?79LA1(2#wvn&b|0!NU@s-pYL4B`VnE6*zVAH`_8@@0lw`9
zCtpcK37y2=`7*RXqvsJhywh-%C#P#cxeAj!BXl3QiVSm($J8zhaww8+NLQ&w**>?~
zJbWdf`MT%JY^nnt19^s+?5D|ZfFYPNY;B)iOBkjs;+1b;=+l^G@0Mg<Iajh->Xy@K
zLH$1)cs2Lr{%phN^uRW3Kcc@9{R|XJeDN+6kO3hfA)lUq?h8yCa}qei?DY+2v1L^(
zX3y?CArCU;`#J77iecn2+6AzGeXp3XvAWuObRvYQo-xRD&lZ;h<+iNVWwMN9W#7=v
zigdZ6fu(;MS-7g2nXRu-jXuHcFuc!D#@DoZjQ-RIFua00msYl(rgXg+jVndJL&o0;
z1gt4=S<xXm#xNM5mIP)IiU(DKlC>X=VB)Fl8&O1VwCEwSJvg{@kC`&w*iKqOA_rEM
zQBzmLYb9&t8EF8ciY5EnIxGeDAA6{-?bRRklCKS%HG|e*V5~qM<41jm;XqAQSAq8D
zfRJUkdo!>_Z_&6>Yz}~C1EU-a27Z5;l(Dklt@mb?49)?Z!Zy~uYn_9Vl*BLjO5J3k
z@<!^`+Nos~v>KVbL$=mk=QeT4NePfTw{4Sqxcf#iQ(I{}cCog(7h?^b@*s9+%DF>l
zZxItLX2L-<laLm0@|pll{EWZP0a7-xcEm0Tv0>Yca+J8m{+5G?<Mg@D_4ZF{qct+N
zxZKIQEkHv6iK%8i4rLr14gon`Jwb&haW;wekm^oMFFA}_Y6+!Ju{lcu3C)2Zi1a6n
z38USDC3GW4S5%6f7(aTF+1;TxBYKL1p=8;q0T>Lfk7K6H#>dAUg0k9+pI=YKU`*NT
zH(o5P8~GwKWD;VkzZ>fXIPHvAGohugB=WYbYJDR1ReH*~XjgF`{PJweEw3YQ$jl{n
zn(R3Uz2X^@f`xJ{2R?ix>st094UT++mGdPk2vqqA&Gwlb7`YtrWX&slcJm}Fn5*PX
zhEd1nz7tpxuq1HhW7Km_c(=8aVJIn0JM!7Xox6wme^%^4%GsGqmeSKWy~kvHj%R!G
z_LTx$T#&&^f?_ZzTr%B<r{Nd5DvsyZqe^D$ub29#D*>YXuL5AS-d3(&r;&&tt|%g{
z3eg*VS6*CPE$?3B$lt&_WGkuq2Yq?Yw@M3(73~p?b#C(<ge8Z$lChs&lzO#R!Fy9J
z>PUGw8?Y5aT8t1ZOZ8EyOK#Ok>}$$ccQ`W<z?tG^g&W7z5F<T&^Q8D~uMh<jE*=^4
zk$hcZ-W-L<*}h1zJY_XZ$)u1Hr;x29QW<k)mnY5%h+lYiwHJT$6+GaHljgD<V|jxE
zC}2@AUVtIsnY+tKW^Q3oUDeXs3KRwcz@v@tNfEn_LH+*{v>5N0zWM3n%3W;Xc!@n`
z=;FfSB0C$~Q&Q6Er+^=njg2ke#YqJ<bkVwIzjcNp_H=9;IYgpBUwp3nX|3+@I7hAb
z--^^c20&JIt$L#r0oQ}I0k{)TGbk@_J`Mt8NCP`AwTA-*H{|jCvB>x=#|n!K+Ni0h
zjxB~wDx*-I|Bi9Y{_hCIuRvZ=qL(Ukt~tqNH~?%OoZODT$^V<VJUimc7Z&~INAmc9
z^A!m8p~VOEI&~T#nQfD!qoO#>hcYuI3*5*6lvKguJF+pN&OGziGkVd!H{X=5K-a_~
z(D%^ijXZvUIDNEa`ry*iQdCqF@ckyg$mTx?69xs;DiCZ57YhM&0Gc;xjWl&oP>=!f
zkI7MdEXjW`5fah^qyX?QmidB_stwE=*gyVLqz4>8KohY5ba!U@A5@8SBy<Piz~#Ho
z{zjP*a}@qH_5gL0_Vh2d1Ac~?|K|nIv-N-~FK<3AR{RTe-5x{vLO<UjNMdIzvH!SW
z=MubCj-Am4?ljU|I7n{epMZD(xgus!!K8QZf7gw(W&Ve^Wibs%BgTB7p{|bd<~b-%
znvjU7jivib&Rp!9yC>U*_iX;4<c8t(rH)8Ifc!gmK$_YAo;#+(ySXD405J1!&50>V
zBb&(Mb>#v;F<N{8mhGBj`@U_|eUI}Qs4#^4LhQ)E*Au|tU=puGttW?F63`#Mar$)A
zYCQW>`6<y1v=WR(Jw{Bo*26ig-GYYsrOTQ(I0GnuL3_iT0}wq9L~Q`2ih$-QMf{pu
zT3XuLo(yCuW_)VYWg!;uyeOp&RLJ6>Gwa_84o1RA!;Z9?t_E%+v{a#SrZ1Pd&hA3i
zF(iLJ@b|1|O%o6P&fai9sC8PXe_fZcmz48+5J>mc-Q6z(p3ppf`t;YjvWJI<xjB6k
z3tqs|P?jRF$$>=SR#sNPcL0aWiHj5GvXkQIHa6H=9)6lyHp}VC<1HOcOwdtWYJXK0
z#XUqGZxCVi(?}(np(sj;>&xq=;-J7h*C%mz_&Yl;X5_u%<oih$%ael$B8R14CRC_W
zlG!L}bA@!MEiD){<da`0l0UY@<}nom|Bb_HR=J|TIpw%vhQbH<ZK})H`u%ElS+{d`
z#r?$jLcJ`<Z@3kpf3sbG_((^L$;H8e;`0U+7!V*KF8-x!xu>UxEzWW%Qyv(@r{^d>
zjUywF<W&N6Q6RIpckC1mj_#Wy+|C{Zf+4BEkVJG6N+{E<QCq`N-d^J>Ve7hHx-eLi
z(!Q$7Wi$DuyoXDLmXUT$z({00J^*t+9kue@f~_+M_BneZz~bjPHD0}IqvNLERpM3W
z0x<c@%jfVcH=yL2m+5?SXot$x%CBENBvk1Z8C||2R2T;bK{PvCW}kl@1)SP2X|OQR
z1JTJ(LF>}FH@hv9!RRz5#;yfDrqDANJeN25Wjxz%>670I(Vxz2>K!o^D3jGapDTLW
zBU}Ia9y6^YSB6Xu&i~1cp*(Ow`)9o$_{YS=w0jn)YiL;f{!&y_Ojj_IzWc(&1<ne(
zFA&B8>~T#xL1xORJ}qs{c>eMatX8jjqTeNFO{r_Uo7#BoJOF|4K0SU*AV<>tU8XBp
z9Q?Acop=Pt^11QFlx2`>Z({M*)Kn!#%&L~05*hh?<Y29tYga~B04%QJx%b2Y=Q3by
z^pbsqEx{3&M?I%(^<5hZssgehi74f7jEWuHUWGTHsi(|l@gTw+R0YhdM_bqcM5vmB
z_|9qne__^RQ*KxOjCIfR|AO8CT=Nm0noa$ck3m(<HTZ|KRJa0BR8+l-AYg#Cg$|hV
zdWwNfilg@gQU_cugyTFjElpg_%=X_(1yp*7K>M80q2!JfdJXbVHD!CZe@<Qr^)4=>
zGRlFQ3)Mpwa=miLxA&@&pkaM&uDl;rFq$)+;y*~h_e}w+yzz%gfOCbXIb6E~Cwy>j
z3G;gIZ-%aX=)WKgu;$E6O<`9GzuFhy7~Ae_q56E;Q?v78jgyk<QPNbsihB)y`Qi-@
z?8lO<#h60PIWexhQ^%*R8qSnsp5~&SQ#p-7D^*$To1m5z-X=gfjkp@C?;MFFNSz#j
zUp||7uaL}THF3V8whvI!kH5W6D9Iic%Se$gc8gTY_#Qe)va<DBcJJ$uc}apvlzQ#>
z_i*+*9v-pkpytT1TeP9X_ik?MwCB?EBl6MT3t10d0{YlW2e>D40!S{Ky7M1EKJTM-
zgw{4*z{{)c&pvp7l_vDI(pA#@bMR&PfqN`bOz_WKwXex_g<}G_-)+yeKgLBQXq6dW
zBo3E31aaf{Z}1|10BEb6w?{$2)-!A|G+9xJ_Ej7^BT(&NRH3A>A~PpJprFFgI-1uR
z;DX1`HE7hOVvYpv4WyR2@`_GAkhWett@5OY_gMCusU5g^tm5}Ryh8rizIuW(M4iy_
z4Uu`z+UE81kN0G2C08RXj>K}N(;_cDkbTwR2YiWMptKK7-&m{esa%o$k^Guk0E_?*
zjiDc><61x9#O_)?7#mZSScS9$+&FzS)&dfS)FaBy_QRh;E64pp<u%2Nw4U>RoxVW!
zGpE-|6;P9Twd(@!qMED3#m&Rfoo?YxYv0LVO`*MX6NM#f3ooP@=nKw6cQb|QoQ!=C
z-;KA?{lZJ=InS>JL>b7B#>>pZ#&<_Zd(>;=jPlU^<O_4@=P(|jCyg($nJaPmQHq%r
z@~cMVJcC5aXB6W#(Q<J4%a7aa{;_H1Hl9az_&p}2e)J1aB`|TIqB|L%5>xDxJ1MDB
z4h#e++8o(&k=HNe2k2iGJd}@mOJMZ8o<)9yB@GDl?)Bupy3vXYJ8rn<?%qcAsX>Tr
z!G5kDN%YLlz~6Frnt;B-BoXqcc>V}z6hKPgp^*{jLNgi&z5Zods)#>;kATXy#gqC?
zjey2$c>aB`TA47ixW4Pp$^Ed)Oi8KN48u*M1!Vf?I~b&-r6mIf8k>*yk&uu8FpH$5
z<i@V#CC)tnIkXe)o&Fm~W#NZS!4xe?;y3RqM2s1jCJt7}QlgKhrlHCB{vDwEPMt$M
zG5+PoUYAOVi^IagC^*fP{wETv`PIW}fCl^1B_v{`mw0GRESOD4&Xm`>d+!|o{vL_t
zo8AKej1>KEcskXX?SJqI(gn)@D^WL)nU<DTFLh>Z-2HXnUucD?{s;&uR8mrsP8Lv0
zeGl{^mLBI3@cDVu-!87bP<{Jofa>lB8gFqu#yJ*Ht%%q4U<sMq;?L3}>3(a#WPtGj
zas@mzGcz;mtC<a~)b}4hMuvuT@&3|<uXSDnv54>RTmA)ONNJCNQ_J@+V0(Udi2wT|
z;2O_-A$D;PcIfSPxDZC#;&48DzFjc8uTvq4FDfrk{LhUUVv(!C%CoRbu>93QSp7}j
zA&fRqhYw?Q%Hxn(XM9v~H@V>P=5E`AKXc1s3ebC*PvUTut!I;>oV12#p{HMk2B=D5
zX}9og8O4l|Ypco1ff!mPZ?{4wApEPf_Eqd`Hcrcnl$ep_{HY?>fuW!k6|GUwKdZQ=
z2uzXusx&eF)b2#m*ODuhVYw*F(^)qgK3w_2P9s-WEhkz#u$uyzQ9v4PBElZ>RjJI%
zeR{}*JUv$DX7ZyuMRh2whM8G)R$yhVaihaon!mKZuI^$#gs!zJRwY>VMs*rvGyC4r
z!3(;+ni%CWOWzzmd~@p<?bzFepz?IZ=^bu{lVZLIYU8QewE_ImNwU%W8vaE|;TM0m
zeh!+k?wcWA_7<}+3%SlMwI^faY9F`r@6WF*?bcmccfzSQM<;Jzv8&1n{!CnM04`Oq
z^Rpk0JeycQK%aNXsZ)0|>A2jj-TSca#YMF`FzUtm<|RnJn?s#YR=j$+*nGZ1a5si}
zr9izJdhOm-oGqpKu(>r1lAE1;JW+MLxqTjxUtSw`JM6@0{1@pW9o<>bPJHl;*5Yk<
z{E`xav?D(?_V}iC#QwE={J5HB8m%Nvcf8=oO#hgYm~&Sx;3C3=w0t7VEB>NxWx^S0
zDL%c{#{o%2h&ZYbxZW>~nO$9zRaex@jYT_>UuV+MLblHZtWFqwmGGaK2*?+2jYPpL
zaQ}TfB?IN>Oa$(O;pkc&-0bt3*X7ATeE#u~m)asG7sw<qBwArFcPXnR{gt%&#G#(6
z=j$r*Rca7ACwG1MVS6sWD9Fq*mo^Y=f|uJX&xaN2QPEyXw;$?SVmxIhBH2@-6QIwM
zW`Y>lcpnH_=>2=F`<;Q>5NWb5ZxI7p6do-?H@z{1dEV;ZGS75J2k@a{pw$_~%fQAB
zt?D{ZnuA8Kbf9_m*|)d*b18hSV+R>+?DZ2zZ=#9qNF(rk-@Ylz$y@B3Q&~=Vwc}#=
zkt;zaH|vZZOlfzIKh;>}TwWeO;iSH7tm;+&f6qGI-K+zSz?O|93i2ecOPMDA#Z)_2
zS8k=+`Vu$I8HZDpQ6ZMwx`z<*U@|fxL@ltpdQY)sJFAT}S2qW^m#=HgRxd9_Osbmi
z;=^x&`0&%u%_Yq<wta#N?x?2(`1lO7kt{+#^Yg9G7)7zeE^P;{E_YtJl+YEdo!DuO
zKKQc+uPJaui)w4hZnMykUV|g@;UT2l#>U2Y15tE}Aa~nm+-8H{Uuh9xa_D&MqjnXC
zGd^nrEEN+&Lk=!3C?`Z&*~n0HjsFt3#thU_yvXjXI|9O}dlI+{>VF#{9~$9#c~<L#
z=|O~yfk8o}Y$%b~NV*>?P4B%1cXV_Bk=j7H&uNfvXQw0|f9f5b;j~x(_4hKtG6CAM
zqN1XxXn))!CAw?5y%1^698g<nSbr_ejVo+}@=3BMPY#a|a@eF?m?VTqnq>g+AA0lW
zB2@qKVwmvFc%K(w8J+@>nlGuSD4Xtm$a!+dChK@#bK=S*3seHq)cQXm)eUow+hwC}
z0?B~$0(iSWg%=MiEACy(zI)gd;MnuS)lne)ELUKy;p2Vak}QzG_^!JbzW`Q>Mkc=0
zVYQbV;HkFDXN6o34Bg$`y@^nfY|{ZX0!{*=%dI9#vwr;eaVNpQ{7$#<n!?P&A}AoB
za^8=0%KDVqYab&{`eak*mXDJ14JcgmN+0P%<2__TR4Rccz>9<=0e+(dezElC_Z;bE
z$fXE*UK{~c9ZkBw7CCK>R64A(VX}MQTmjsXp(>K?F(B`MKZ;Wegg^TMIMH$KJ*cy{
zcc#<~0o0H&WE*GpKJTii;JJG``ae(0rU;Q~ixT%1+B-M^r4GG!Yfn23izltCAK%Rd
zRbjxNaPrqj09}Jo0NOH-V>jv5u&F&>ij>=#s#L^5k;lI*5<vR!>i%DS{Q3yJuK|72
z{A#$stIT{j`!=PvI?N%v=J58m11YY_lNbkk;;m_;nDvI9hF=AlIf@n>67nfNunafv
zffA;=RRiRm3grmty)xo4XfWjJL5-PXbSt`b#k#ezB^A1<<J8lYQAu4gOqMx`54`ol
zZ0wj#dG_pjE`k)EQMT6khrBAG-QDi_o1MVOA^Dndzju_Qi!>z)9}FluT3RcGg!FBZ
zRKR6VFAUJ4yvWgsHJx2ulhvOiyOSXRB;k;`yqvw&9xHQLl`R-04FK1j*6tEe6W@FN
zuBG1Yb(>u;?`r8CRB<!}W^3kmD<rJ?pR==Rz9mP>166IavM8G_B+)T+0VmY$GPC!-
zi@@DxLC6Vv0u}jAH->W*Gh~fRDlJCyeSK#ps}+!VLeIFd)_8tePfyGMA^*0LufD4Q
zg;6bb-v+AGdtHkK6Tk60j@}wCSxvdUS_PbHCF5HJKn5wGIpL#zktBZSn|W;Sv08WM
z$c~{(2a}TVsTret4f~=WP#vEEboch13oxVV=K2ytCki|N`}gnOw>JPefTH?thvN3E
z?Yl%IFsj7c%lg~PZ5!{)E}a{D0Ejc!Umb`NX$`^Og+<_va6Yh=1i%y@7U3=m(zogT
zW#YD}Fz>5HfNypYNWOdaC$MoAL-_%$e*)}}y3-kVVArlslv%hFJwl=Zws*hX9vM3l
z(sn3w8_!Q^YJ}@*lJoWPD3FtO%91O^p_dm(Bbx%Wmnjd&3-~;3t%BcT$X4bYhh#ei
z2r{yVv#j@#`ghLkgALjZ*?PXRF8;z`ekR~zyE{|+xT#_@zdFDE<|6u)O1@V0$wCk_
zb=5uFjo)34nFLmSnk)m!V)+{DR?-2x<ZI80hqfDL?c9vN$4On=q5>_*xWsj1C@YE2
zNdZ5-a75YF_57DF#^U~&QLGkpr*aj#JrRwG(LnbJ31f}tESeb@#}1HRiwpBG(~Mcb
z$%wKzTjzX_vHs@zEOwW~P9WcRL0&;Y;ViK+CMvtM^av<YMZs<i6dc|d$<qJ|>rIru
zMdHx|Zc&6THq5fxxE+Tk+$<_~ojuI?;k}DQQ2;DQ@$IAA>6?DW*~oh4L;<UFXL8M}
zpk2=*``+N${Hd3-71k#<`2gX~eAP0meYIV@BYfFHl|gY0gzMVc^J^nR6es;);?|cZ
zel?Z;<1Cot6<bAW$`%`<-9Ai}CM(BHq%l)$aJTofSAG{4esw?whG;eAT0H|#ol&2X
zd=m94&+CY`RWS?FgF%C#<I`)8tC%(#<;OaEq$)b$7wOKkRVy2!r;oMRogtZS2HM^C
zTU|_MI-VDt4D(f)k1GH?1i;j5Qz5^02Z%Sm(EGBKSC@n7DS_f#MMw4JAs2dK*C)5T
z8q8Pg@ZBhGE-uO4BH?8FAIrh5V%N0<uWkpXy;cRE+$;yb_!>L5H>#2%!!hOYM3ER7
ziO1`H+M&gYmY{VqY^g=yJ*l_Fa)=1#VhL54fX#^?;p5%7$-<>o;S}zzbJE9IlR}0g
zpW^Ow33x9qrHc)Ja`oAOJG;QkRA$4mfud)*Y^A0yeHY5nGY?}h-B$uxk5i*lbmliS
zQdEE1bstZhl+%kmRuKTomgr>Za5Y_yX(*R4ueo~cJVg3X0C1dZJXrY8Jxe`?g{y<B
zOuL0=b3>^%UbP<MhC8pyxS3ARu}<Ia?}V0=P2E}&j$h4vz6vIq-n^Mb*rYhsA5UMB
z7tBx<n_C;jUJ`|BsPOLgI3+kc7GaXRBZAEgE~RcLa^4=^6mBf`=<`}k$p|~|e&s&Z
z!abkv+vyfOUi%uhD!8wCoT0YvwE_$JadqW~J1ytJjfB*n96F2tb~{wKyE<+6WP)h7
zdRI;)kwC<axb-LJFoofUv1^Vf_$Bj(pPLAnj7ypm6E3HwHvUEL{^KUvSDWE|R@_{<
zYO@Ac_nX{^{p2BbuIDu-BOXHQ2M3JxYB%Eqi{>{`boI*YqY!HLjw-Xrx4tLc_qm@g
zp57h<$w_I*ffFCTJnQK&ys~p^k9ZuLr%`etY>>kpR-Nmu*S8{fD7-IA>Txk=X|P@6
z{BZVYPfn~o-w6a_JIk&vxL6}9*s56DNs;5Zo^GdrVnT&IPUCiOyiQ()j~N-*tR1At
z3G74b^e3)ot`bsbZ*MBSU6*K79^bUQIuF`O=ISk8Ih8Bu4XXxV&-AD$$U^ACvF#Ba
z15!iQGLI}J2WAtC8)n?vX>QedBkFSBv|uMov!>VOE;+FVJ*aZ~*wtayZxpC$g9$MF
z=ZP^TR63^c%0?zX)@HSVy`gO9>RfBude5(Vxp*Y@QnouSo}%ENqc+^9MgcNNukG&S
zPUv-A)6~8-L-;mV+LU?Xh}DqU?YS|-$tlIPVIi>}<@C*R8ijH&YmkSdI??*zb#O`V
zma&I9u|8~|#r{W`J5fi9aal6d?-){_egPCH_Hv(I(E{;54Q9M`IaMsu_TD~+*HOZ~
z9KyefLOE2y&_vgm;lbLH<8G#$*~IIvu->PvX$!OTe$d5gZKMXel?t!*R~-3#HuYEO
zSr|I;JhxSP@l|_eW32~W%ICWCL;eTOg3ekA^y;-wRfTfrvqndBye<pLH6U%~Zc%a!
z?7?iS6<5qDZXKFlw>V8Ke$m)D?u-!rohnL&(_gi9*wjL&dpu$Q?hi!1llG-aZ_h+Q
zKaDfCvd??+M!BtA`A=?!%R^Z(aUII@lSoNP)6dIG00lKTc2Hbc1b{&Al-rizQRk40
zfpp=sMxsrjn=w;MOAfH%XlQF|tJrw>`B{qnikc@Te7&ZXJwH*f?;=)sbSPKj@Z{5Q
zj_}1Y!a10)p>rQl&#G-!=z33ppy87+Z|Kc|KOsZ?+B{nQ#kgNXlCauKeR7v`<{jY-
zDG{r~k9o3mSL4fxlU`2pa{&qYJwcWJCkP#xvmbiI2R(;<yEoFg3o5f*m?9UN9G-4g
zbB!rA@kAx+tk*Y()rZxz|138b^2o|Y`RHzO@Xh#;R3ArBduY69V|vc4$7z)wP$nq&
ztrt}iX1G?utXA~XJs+l?B4q;v4H@T%_mRBYs9CHg>%LBP&Atvl7!zJ}TIi5_@M~lB
z)&VB6aEmLeo^dl`62o-hy_tOr?afS*BG*2PgC^`|tUh+%51-S4ax6V1JvVuP^Z^dB
zyWJ$nyP1GbQMdxH?M%Em?;UZc?)A=Jk3Jj?{~<_#U9Uh18Z;Pd_V?y4l0j@VpL@?#
z%j8uEs@h$$=92?$w93W2es|ngUvu1;k6^O9p3E#kC(VsDw?UnC%~=VOQm25fV0-C?
z)bB%h++v`|URFmW+f^@xZu2Djyi>B&<RXuRxxFcyn2%+yx5}9r+_uPgt=4?YueYv*
zrnzr(pc5C)gtfLSh41n!`OYVaeCo=fPW*RIxOz39t0H|+#C#Ehgv3KG%~(LltStaI
z5phX)?F~0yM06|xwt{Ec=C6*GCT!s$j=bX-0O96olmon!_2kbyBLgd|Z2&FHxj1Ef
zz5{*lunDt(urVHUQ&VC9`B7qJW@V8Gx*ehAtS%iNbTP{%jzMXOk-quxMxcCCDbNON
z5`O0$%O`ZXTGfyfnM~r30FJuqBtrTCZHqNPLJ9>!oW3p2@f#x{O^jxwc+rDihy|Mh
zXl<g(X>+0)1*xIK|4u7Rc%f4QLnz9xJ(-Brc9Uo?!~*I=0>I0un*s&NLm5T&bz9>j
z2B4K`0MzNYtpmj&s!o``yMzN)L*0Yl7SNn3=o>Q9+}BrTyMI}t4<i4#0AI@+pi}nS
zE!kI|{E097U=Rkp_xVlSz$DNMB)+;vpUG<A-()53US-!IYH-&(B);Nw8wf>*9$?wD
zRYydsySlo%19v2O&i}Z^+N5P<dSJLOl$5Q2F)96pwD*2@xPgxGA~uh);FO~?e>!5;
zY6(hGIUO-+v;-xshDv#b0R@v#thYu(o$evoD$w4+*nQE%Z$N={Zonl9<b-Na0YGWu
zpwKzPEZoGo>5E`U>kjb$R!awd$=pZNe#tgNhY^!hmD8<$x4XB1Zbka=qQBnT8`sRz
z((<l10C#wMbG^B-aYtt9pdl05W&<_=i{UBxi}J}cHXDyP_PTBo{=*Qrnf6^aD7T~m
zyoi6aAHc%^CSt*a|26>b)8EZzX@+$YX|Crf=1%$QWCo|#rK3Tnc_L>+VUigpzoM82
z!tnBkS@Uy*^TU|0&>ttfj0u>RiSf#1s!BOcPb7^swxuqT>Rb?;j$>Aej1W1;dO7hS
zxOEN<^oaXg+x=u+1@IB9Ya^t5X5Q(6!bAS;O|4BN&J4Jazj4X9WjunSYs=k*eyeEG
z5}*?tP@jx@o)|46XWab}ODCb^ge$A^-o9mmCu^8!Q6{5h9#eb(>J(N&wmL)h3UKAp
zKX2Z`+)Iw)CT^I37s7avRwYio)PL1c;9@^{dfnU!u8lXB*P2(U5gj1)@2?|6P1MJH
z_VL6ESZEpwKt^Yj3Z)+t#bSrHErJFW!P21gg^G4cP&KJh8&kO0c;0TPC<J!({rtOQ
z`!@RIr-7)h?6q~+==y;=9<DP&zbw8hCXl)%HNf!6z-PfkH2&yC=>2gefjB#IU4MP&
z?2oDwHYMaG7IeM3zx2jeH*iy!w*xW+Ac6#reAh)oGww3}HOTvIicFjdd%ObCCrbS@
zrBY$%HFhct%Vj^Bm@=5-VHN7}Jz$TUVD4ml4F%+k>cQkkd?)LIEx6LH0={*<%>r0D
z4bkWm#}%XVU1z`cVOr6apgH^Ms{z9X`@N@i`7x(T#c{d%yjN)cv9d1*v2f)D!@u4r
z#|l6+Q!5s~M(sPjgv)b&k#%Em8#yl!?f++<#7*u54{+)e2Lb0eBPiK3KpalV4-Ft5
z{Ayv@zB{&>2xj>TMfG9I0f7RC$%0XmAh_X~lM9cGzz*t>MN#7POIg7t`a&7Z`57;?
z{k0Gr3Ca$rk$J5KMvFq#D*@j{j||5a`#EF~&ysBwh$JpJtGgEMt2D9vX%YuT!4svC
zp=X~0l$sZ@GDN|0zEjYIVe>L~keU25St$W+;*_X>^Q8D6W{iv9j||(bMz`XBj3>m;
z6#S}aTd{T5WQs-1ABhcu(%L*uVj7K5<GJx|HAKNh=8z6U^^ivSt-AN=QUtg`J=Q(O
zZ0@^!xH78KOgS*sX=@Eo{8+V=95^z5GCh!%D{K-kh+H2tG~dKg3t#l*6Etw%P2p&M
zAWU`Z#&&G={gKFU{~#lm3}S2Ny#i4O^;>KIA7)$$O{5Z>wW!twUF(ix+r6&^CNBiF
z*2~@D<3I9C$2ofD?It<B-wwX<uQl7!pf@dlr~s0vU$L#^9Nq{uEDrcq-9Nxp%^e>O
zZlLICewB3N!nXx|5CMt^c&G`LDH-Q5(fgo2W#Ql=Ae+&oXG8B~Lj$f2?F1uwILbDU
z+Db099e3xmV56zy95N0rFS2T}^TfHxZO5&+WJ-v{>Ig!II1=*CBdpwCJlQ`p7&mNK
z4l%@&sSOWxA>&H;!8>K`-}5B${*f5pT4D7RG-nuBx=i4RD`5pIW69Kg5h=`#da1Ai
zenH76xuD%M51mj-;Ql%LUIIy{Z6H)eQrNl4byaI@VUX18xbxiwEAipcu;<aFMPKdS
z48dglP1Uy3Y;@R756ehzC3NFe3Wd?+_B9~9Wr4Vh20E+L<Y`dEOf1Z@F9;?s`*Znc
zIWJYDv@wVOPiG%d2iL7^7>`c}?46Zl=%D_g-z&20SNPZyPg1|^giuFzDE&%!jIt<W
zV!VhP%e)xmHw}@1xHYNMhD%dFdBeGsB^?M$CN!ZX3~9Y*-cBkRKyHHw9VR;(x7x97
zHXsPMY+VTWF_;B=p++JJYnlI|D)1^I#O0bqhapb-hkkNtA5n*-0CB(PKA4T9Kxr}H
z=!P)}W{4nk=6M<->gm=%WX+ENJg52&d{%+5wXF9>Zx4AiLcYpxGx;ln!Ez{{=rT-p
zU(*Xlc5r!DRi$NLE@_WTi^&iFN+ne8F`m$dgt=Q028rI$rGc5z;gT{hqs6nZ+;iqR
zA^vS<idgbK_<mtjS_6h`B-pCIK8o}0oPN&x=)x8kczGl#$3g{iQ+NKXU*ytlgN6zp
zuiedR(ln(aIPzoo2&RvFG|ryovqIq}nOG#vw=e>4{7NYKGBQg^Jm?|FtXg<Zfh@Y{
zwS(PwX5SNs&rdp(=r?391?Gcc$udFwctLIOyp)uYh;ZFb0trAJ8aCjeiIwCrPaORG
z-Zayh%N!#~Z7^fWLX1eDP#4@eZQV*WynCfV^t=+=TK>>=ks(|3qio7@;ndwx(m?)a
zw(8G5s%D<wiz_T=+YHKx=zvKLK1`AS+Bwmb<v5km`c^MUI9Zxn5!aayN3vc1q!pRm
zY50l61C5Z60=n;v1_PPHC455{RVC)4>`RNn^@xpPyS+*}EabFm_SY-BLb;eP_(qtt
z#vQu%CWP}X>s$_}$$}CrSGm!UZ1MEbDQzVuYb{i|HeWw4yhZk-9M$4BN|EVo^lDdD
z%Ap6P@gxS)B=5V$V=F!T_?46V@k2z1AwynH6%)vfYsEoS$>x_8LAawpvZT@UNg)iD
z++&`V3)6SzRmPRyl4T^5Hul`PUs@8IzHZxNjex7+4zIUEs2$6j7uH=Svd%@pj#>kQ
z3w9HcLjLS4j+Il$VKU7>b-DsopD_XAjsYvShg2r;^7&~Vjfk}~7^7us!|Sp*;6qoW
zt*CylNYBi~B>a-<wH3dH-RB6_uy~mV(>t&gsD*#nGb{xWw&X(Bw-8aV-Df;3i3=Y>
zm1b*P+~H-ri~9k=iueglfb?oHFEc#O6;GH1vSX>eOK$>!xXRne`Npyh0(<7)i-L2L
z#d%1AKHtkS1ceXhU1kV$sQy|(o505{suGMBj_9vVGwpqA1W_(l^St#M@EFhq5n_o(
z1h}x}@E?s3S^c0{G^=h)4}@)mzML8yN)u;`d9URqgNxfk5heww=p^I}dJtjtsMUTm
z!v4d|SZp#Zeaja}8SMJ(ru_|{h*FQWBDi@0UDT>bmG-MN)q<H8|LdF6VYe4Ww{Rx)
zd8~v<q4)2~I3CT7@k}_j;^4y5qqirySDGyySutz5_%@5E${vFR{j?qWq(}P)n_oQ1
zIcSpNw$8O_$9Aslwul+E9{WncxgFr{HCFD`a~RgARYjQ+TW3(qzI&Al-mQQ`52Q|m
z@xqTC3KIC|0(@0CO05c=NGdr8q6J%f>)e{Am8B3wI>O@3Ea<)x4xgNq%FzH|*ZhcK
zE(-GXt?Jx(U-PDbirm4`);Ro_F1zOk^<tj!&vn)m1ck*lqNZh?A=uMABE*dY2*`o-
zY@d#4q&-Yv#w!-{X#CMH;^ZIMgQs^YBrHdimhDrDkTxUDQzHwN=12{qJ?V6D=nD8M
z_hgt%f~rZ#pNhnOQY*Z>QGFyKe}-O79F+rL4CA7Hbr(uct=hgLn^(2HMfDq$4{J&|
z0vp_T>Qjp<GxosqkEF%o-)RQGGPAQyiha9`*hz-X!!tEl<D{u0Tc*vCU4vFIE*bU0
zg!6-7#-nWe;G9PFtS^&Vk0MX<Qf2lTi{l)r%jLEiojoc(<T|aTm0BWBC&x>f2^@Jm
z269Cm+&q2bGTuq@Dhay%GI0hrf6&T_>*)`O6}I)Ym@(oZ$%}N8!MOWi3IB?V)a_Z)
z9yxQqtzvf&Nz2C3+0+EGoX}UF<5sUQw@H1hDS4gUUZiKu^4PL$FAq1Sfjl{+-1%wx
zQ+W>M!3BwScG!!H+3#W=$ElT>4y0wL<P5ya7UIGT_X|E>ct^;Pd61oxtix{HT7#<0
z?ytfu;Ze7p*G4X38m$~eSbJ9C&{Xs8=B!eE{+Vj+mew>&uv1rd7ZZ5~`L{;M(T1th
z_?ewZ>AnG*6ns;?Rc8D87GCoX38@Zr4_NJ=CVk|%c0jm6Y}aJ&9-6b@Wp+kVe)7n>
z;nS^4M9uW7B3wv^BQHpti(vl(9{58|{dTT^@7eg+OmvdMe#Jumk-Mg>248YJp#n;a
z{%~TlZaUtP@1TC!B-PVkWAIDT!-*tcIYMbL$PBjw+=P~Zu;zWw-&wamSjXYdNG4^D
z#Yloh<%A1>%JJGFORkN98nhh5A~vdKj3b{z1A586EyD}Yx;T%KGiQO9^&yQD;Qtq#
zFJJHY(3Nn~s$U0LR4I;=h7b)b3aO+kwSveK290B<jpW{e=(Jvv1$^IPss^Q*u*X^I
z6{@j4>jBi7?Mnk^^Mycsh){>viB_)mF^We_p>PylQH5u|V>-7|dm-EY2j(xu<|Ee@
zrdl;C{R-ix>fmC#dc>0=p6zi{o^XP2X@+Oz_zy_Q{5EXW7s6d2VBmddTKGk(QPQAj
zf&s-M)kz88I50!{`6r=rME=VsSwG~ZB{xssJB%sLiz9v+&VOE+63)gqBV|utM4O&3
zII2qG5)2oo(4|d)0fJcdNw_Km%qCxeAnM`ZHgGVFGv!DRTI=}MMbbW&B*}o^1rz7O
z4K&<_ZqD<I3_SY@o{#Hj{$-~H#u_JeV<S`%L{4d2F8sd07^LQzG-JwJwGF>H=0k57
z;C(P2>UM6>6~n0U^9(nG-e`HTvkRbIIW0DXT%A^yBqFJ0@->J13+<Y?npnC;N=w{{
z{VKyI40I7WJAwy~D<?Lvhl1K3bCCL_hF0sh(+qDO7YFX&&xy?+IChSO<PfPukySJr
zPeK^;AZ;p{e&>mH%a6O@Xw#;gPJ6^tM(#lVn-7uLijR<CP4lKD%U#pO)$)e19&wlU
zDvLXw&g!)Tu$^Px+~iy)!k*=@&(qnkW)JoL@Id$Bx8yjo;)-i<*K0_*R8V$cnt42D
zr0lL$*OMdPq`JaaPhn?*+WtK{#9B*;mjv<*ZryNH_B1~FCheTH%W}9mR?ut~T~Rag
z!$MOg3nKy2N4^o-VT2>1MSLQ9u`OwrHMj-SkSy9XJ|8`quASLp7!@hh>?T)LtFf@F
z_%`gqjR7Z9c2go@fxztI!|MWadp<;?qY)pD8#9%)g&uj_LZBh&=db)PO(c(6r<pX~
z;}4TCc%bP0vN=_Q0{|HfLOq3Lk*=DX{Jz<)z2X;<t^d>wjDG`)0!Oaz%Q;6>(L(%b
zh#!wdOS{}Y)nt6EK9#EbYq1zrw8*sX+bMrMIn><~ssX_tp2xnlv@b;am^bD@S<nU_
z2bWDSWb4Z}FC4g|Cs{a*Pxjg>B?&o?WsKh^EHZ`2^cgx1B%YMEtw10=@f+xV5#;5B
zgTSzTD8uOYuL}~;s>>>v5zjWpr-Z5}bH<f}^am_|O4B2*_O_cg9xGqeKofN28BSi0
z!6k>ZTuhT>hzMHrk3Tm-Wza5bff=XKAMgnOA`&i=n=w1+QOGuLH%3pOT#_9q8ZL6;
zx3G6ELheualQyvD2i>|Or1`|j4W8~UXhq@F@fmAW9x1dEE@Ps8KuMQV(WT?rR9gaH
z?XCr-L>Akf-p=pL0|ENm$LGm{!RELQu}pq?Fv^v;--iTh3$g-!rRZ~!`VA~T?4=Bf
zQ7K@hc^F!q-aTgj;eiHyfzGkHOx=zTUA`zN!e$IqkUs&@o-yBePKl2+_nEz{M!m*m
zzfi9UYzPF8=Y@$=M*^JGNkBdZO#-&?)qBK=1WrVUVY&4*;Et`bn*13P0<cOV{#b(Z
z!%29M+dltTO^%hE<l`X<{qo!I>+dFA1ZIi_%in>)(4ad046~CQZ>V$6|6uQ}gZc>e
zZ$UyJBzOp}!QI_SaCdiicZcBa?hxGFJwR~RFB06{eTUrN-B)k--n*}AU)8JKdh-WN
z&3AgHr>DE8`+UwhJ++1t#}TD5Re4`F*);F=qY^}PQvD&LxG1eyF(^LrgC1(-yl#xe
zjAc~QmjJF4|3UxsNCiU*m+Ynk|KVRhKHEN~m+aYQwNK4?NuR!imgM=wEl#nPQjT%Y
zu=WG+kJIDibD`30&*-g@Rn)TLT}R3KvG(d&{C&ml2`x-3-jdzp(<9|jLz$P!!T0O+
zU8_Z;ri1#6-@Th77v1u#RM_aST3RHIFxK$#+)sx!g;p+-FfVQ!eD)+xm9$Fqye_UO
zOmAs>qz$r-UwSv)enUwg&;N-oKw_YkY;WGV*!4Q5qEx6m+ezbXdTI_Dm0o@7c8qBq
zp+@6`7Eh!~0o-L|9g)GZ_i#kPCrXtof%rBM?raD_o~zKLd?Zl_?*gA7N*fIgW*VaT
zyhupUdf_f`BjR<NGu~S)QD1Bu#ht7uAe-Sk5h7VRg<nV*?I_%_bRjzsWhO6=8#G!N
ztXKW`9T$jD&Xg^1K=18EdO;{1syeNVcODPWuD0pO9^3Oi-{SFNB-<TZ3%J3yo+$G^
zH|WkZVw={v&OSfwcNW1d-^QT{ju@ge-qRlHqX#<Rc}^}$E9}xfd~@!l+d6v2vY=?Q
zy3b;Xyh&dxbnRs&m0;VQO-h`XG{F1{mW@LX4m0q9uxe>#9@p3Lgx&9Uu}<76SVZAl
zTgE@R09pc=m=^@DriiW{W7DKw5CGAuZ%0H(Cj#R#p%XjnhnB~=AOPv`1q}db;()~X
zi6)*~%|TTV+}_$P1oC?@KB%q<fZzFsTmFf^nJyiB+*jPKcSZqVa%_M_4~C8K_7|*+
z{!M<`b^Z^605(>Z*F$k|I68f9I}Ewm;as`-8yAi=EB1!wjcu^^^$pi-Y2g4*<yUF6
z($v(%p#)^H9TaZ?05GtDk^e_b6F@KDE(8V^iuq4E-~ZnG|7B^Y?E-bCi@x@1^x(gT
zswu{}Ti+mAVEfag^FLZ2!kXUW050jZf6;89-VPcA4&#;$=z%fA+fFCT#fL4yz~U%C
z#9mQ0J~q|~>*HT0MB}QL@f*$!Y-}l1E@oC~)PVcXLXDv~OWNqR9q?%g9yDM`8*O*H
z2G+GboGn#$j~4|f6kiP!GyhU3fIJf20IGJ6m-}7yMyt`?OCWYd4FXne10Xj?&-n^X
z&&M0?^ME(9f^gvt)<}rF*!amx<LScWs^Z_<_5=5m)z<Db98T11bpqr-4#!LNz@-Q-
zwv)7X?0}JUBQT@}Movcd<C&yxPXM<T2%~LU7^IuIEC5&VfiD1}WPluMp~cZ0zx|C$
z0HEP0g22Q@+w0!Y)ARY}7~~A_A%KjG^S-tLlvdKaAn><v#aH>RPrbcw#7qaeW(_N#
zIX7!a32-<b%mBQRu)e8@2^lptw<XiU<JETc`D-92071oqrL@EhcrIxJR|pj{hBQ=7
zX1fD3a+J@X^KVtxIvvCeb*7vX^rs(c$oY4}wQl;izCkTDuWysTTY0_u`R$ZfhF)=}
z((9~sU?+DVaDN!#*MhzSmTR#7jS=)>Uy|qM1B&Dd83Dl%dsNxWFb>P0()i>3NPxE&
zZC;q+glp0oK>sth7;P`DZ1VgCDc*6}db@U4thNyAdQ*eX+E|xY)PT2o@$2-2dz@hQ
zHX^z1x-pB(QLA+Lu$b6+<>r)<H6-{V0}J={xqVkP(xuX%ba&<IG62s|u=)i=_<Fu2
zSb}}8Ror3zI{>B@Rs1r7%*<6jgCJIw{<LEtOZ{Anqg1_&x9urY*hupcXS?d!!*Y@J
zwB^cp+;Y!zRO7Wk{ncfZSF7a)ox3eogH1Q5#pGpM%xTacU%W$W*zH<BNy_br`@Yeg
z_Sr=AcJ0|Q@!}9qBQfRrJZ=}~W!du|{5+hIu?$Z2O80u8!~t5J^=ex)K+pjwLI6<+
z;G-aY?xnl9e*(_=RAn<H-#_m9njnh$d6KnVp4srif3W5uK(r7qtbmdtDT0by$Bmf4
zu~cb3gP6c>?n*FhD_P?d{otxkZ?RV2xp4r&F}#>vo-QHSZZ+<3t)pIYDsSK<rD}r7
zd;e8SSCJ?!*?q-7<QDD)gxw0b?L1%h@Tym`pXR-~yyRhd>zbSH=H9=yUKIjMByrdO
zX*p+I$@7$Pj42lQWk9iSumo~4TOaLQb~wDa=B*cV>eJjLSt~EEw4)GiQ1-q&$)c`)
zezEqh6F2KtOnN$Me${#aSdVyamBI1J$k%hqFSnw?)91yI$`PH%F_%0pQ<<KQc72*D
z>bsp!SAt4{3?a>Nl`TgF72fXM3G4>k!t2jTiOB`e+qK#Y0^{K?tm2JxnhpwAEsaVR
z9dim(g9=XDPtN17Zh)$4DJ-qRCC@8TbG)DuWmX{;H7;4gJu98?hFR+EdnGdhG{3{E
zlCy9AKxl9epu^E5ff_8+Dh>nM19j`#cmS@B%t-vSuypxF<;%%5tp}IsgKEvX<Lgyd
z&1mjkK0m4ASPIWvjp^chc_Z4j)VOj6o2euA>48j|Ma9cPWu@}bkl(6tM&nsLH<j{%
zW0RB(010bfk#=OkV<mlZcs050+BdYgo)GFlU9iE5+q370J#O4>fOj)O(s7t{ZK2id
zVIU5gu<9yG`$jse)-8@^%6)65D}6AJdbl7wop96Lx&+kXcsVy+nI_NdSVvImK}fp0
zGta|)!*=CcJsdBc<Z<ssx=0=Y7m-qk*$T>k{7BBux1dL18p$N~i%5@xz8((aLcQ@I
zk=__#PfZVL-~QyPP#Zn^WZFT+Xs`#R!Tfc1ENU$4DGjBg5NF8i*a2t9$&?Y*qi)cl
zT2$ayo%EyU*t6hl-&i*>NeoZwN~))me8sPs>)$s@oekgHZ#u`0jgZ(uo0CR7k2`Z%
z+=+xBN&=F&;AAx`@52TQDdl)8lIZ~$T({Yqt{^XC{8Nri4eh(v>k!Ijr0JYPpvt-Q
zUkU4*ey(Q2P39f2jGNimm&c7TcK96Tv>PYwew=u;K`G2_Zc7H}PUGh4wH3JawQaX&
zSZh;ISR)um@AIxFy;VJq`<0j72-vnOAVoE+RgTR#tkPcBEyVvUi?fWrJYok0{{-LF
zsy7{jvbPx5Vn0yrOAINTfqJQ%iAm-${N|`M@3@k?!v2aeFWfk)QO$fgc~?A?WwdKW
zSw}TE5#PE)!axvu&~&-a&Rb8u|L0!0yvkEp+IosnwR-J!WSYkOQqqusb+wKyAraJ{
zX2kt-B%MUj+=#NE=g}lq;%SncF;ns|l%~Y|=4nyNoaKBkVj9iZVKDT-L+2&Eo%;B)
z>aD`=WdofzlTMcp&_@7{7nUn6_18g24PKslh&nk7szOn?Y@5$fjxi<0?>rxdz1#md
zO!8*(>h@galp4*9dFktHAN)}f^fn&5nxD7A1i2rF7t^NmcrP;QQ$KJbXdHMOJzd1a
zs;9O7$*3Psr>U_Jv#)hqnTt`RmF5<o1f&6UjyJc;yy(fE`&hoUC7CHqd(TkN18uzS
zcH2ATm6e%HB7+qduO=5)FQu8X0<SKId$W}g(n)ZNNs$?s{f@K}RpAvH4H9m6NublV
z<ERYh3VN}YL<bzR<j$kE>q@}vb$Q{LYZH|4h^L`vHij%gGN~-V+d3Y;qZvAiCw*t>
zSpf^Nc9qTxm<+B|uwzRV9uDlX5`QZ;Mk8X<b~$SbSGOJUEWhw*T#AKd4nSGlstt=P
zX}9AGF^wypz4^g7)_xJ*Q)=;)BOEt2B$G1eVBlWsxL?-Co-O0u_^yPw)wCAqKm^<c
z1;hl#{VS+o!uDEdLT67L0tgfGBtQhSrfHYU@5=2O-tDg4>3{yrZctwg$vP(Dz9|}|
zC>pd<5v0|=ko9yP9!{HirIKK=yxU|o<YVwlH&#Myc`$kUE$;Pn9V)?wS*G;<#$>tF
zh>$>!VOx15`Kb(3>?d|2kisUk{Acl+L;$CmtK}4<sW@GVttt`LHP!F?T+t*7w;pTf
zQFVG^Y-p;;z?Jg}MKST=j?x`5vP`>@*pMb1<uUYhST#vE3d>K#dQO5sgrx)WR1;+)
z_4IjQJaEl@T>sO+v)UA|{7*&Vv>y2ag;qWCC`BS1C-wrG;GhJkU5Xcl9>d8veC;Bm
z-h{Op+&$el<C_V5V0hJ_O7XM0+7`fq0NS`9KYwo~x4T+HnnXcQ;g?L2k$2xFr)voa
zYD}-OPG_hq(`963Wo^5+&{#xQI33?pdd)mW45Dc;Z~K<CoIV<B*tC>s-bkH(nvbXt
z4rX}h-X1RWRu&Kw){>cY63S+{m=YhC6A-}g+`nzC(0V?9L0heIyDkVFjQc=NpohWf
z`u(+&MxBztPD$R}?*ly5N((b7LFo3?w?zH=smTtf+svlIOR&%K>)t}5q<M!no9dk$
zPbovL-3kqYB<qcUpq@pVEk?8tT&s}z3j&*^lQ$P7fg1tx7+X7yqQIp~S+x$)>`Wx?
ztr|6ISf8FOv$H~ZxWW>GW2qa*hOLWyrpZFS*KB)v>1(Jv$}HCCTNIyROU^ND`mlyv
zasbCn<M7+TAc-D%>wu-Az^{W4BEl03u1s4OZXi}c1z)Ky`70KPCGR+>2ndv=D$dtJ
zH7PM*Dlg*(<?jnvz7ndf1nfAd2?$VC*o;_*1o^$|q(vMyKwx8I#fVVX=;-;wFner&
zaIPXIfUIc0gz{OojK!QKje7?2)=7W>b)3kLMsk{I6h%UmBSr3*hI+l8bEQLOY6qsN
zTzKYfMKYf_1puo6hMkA7r2xAfAnsPHP-(U}&@;cng8)c<)Cd?umP?w?&%xnv%S{T#
zhYrmvqfx0h9BpH)DGEtzcQ`Gk7o#M$Bmu9|_cfy@>Ymy>*80wcUrFF+-Bq-!h}6$(
zyIm;mGGYNX9@W`z@ka-q`PGbuOkU)zofgZfW?cHI$sC^T4K?RJoQU&%dT%-8W5c}^
zCqtem#)1)=a$7D`EmtaKj88n!p<A6vi<D_0hY&B^(5-X|t{-Eh&+7eLr_is*WBDq@
zai<kFYc^QG7|^+w5?)bqkaJt$=kyjDkO<{YwwjIAyY&A)7C(+75*nP#Zc*$)Fx?Uy
zJg@ru2wrx)!&a6hV`yt>SzJ8#C-z{kO&6l5^}YS+c6`Ckly2b;e7>Wiz1uS`2(VI9
z9M#^vpK+|d&mANIT=jsZAy^Z|ggj`>Id+^)G8bYDb%C-4lad151KQnhX{aq9&KC?A
z90Be;U3!jq5)E~b<Nj2iUUeO|QxDK<C-0}N7N_DC;qW^4e8o_(?e3br%yQL6i#aM8
zf}tp&9qzc~>$_V_6V{?Lb<-J(k4ZZ?xXMAvYwXatmQoV9a;6}aOs>88x@mn?PpjNs
z8TLCcsZ{CqMOIMP(3yLlq6l3<*7o6`L=X#Fxy;Q~zHh<L10p+frEZ<i&pHxr`oxW1
zqLsD1&D>r=OpLhm-kjA?Ho;+H7mk#nC3tV&g(<bcjD`3MTp!h{3dstUT{$kCP^X$s
zOvGb)M;$9FLW3Hm=y(C6>T{L*F^w<>l9++ul>%G(j0XI0&aIl~rxiebH}Qq%u)|RW
z+t-Kk%UQq_0ZY_cO34+(rm3dDl?2z``2dwu+IH79ll(EfIsvvQ5Mu7Z4PsS0uqis1
zVbg3%kRjT%!M3BC)k+<Xi3r$K{S5F9Vtxh_=*dzqDo{`pED8{%nmr!vg_wMIRDNi;
zD%2G1k9EV}k~7G1L}E@N#DeQ%ARtIFVWV&=JpOIAl%?mqD8H_w%cRBdXGUY)fnsl>
zO|*3S7$)!uo;zbGbZ=4O;g0*@?L98Z0_-C|i{S=XNgyc$^Q1>$CUyrf&EIC43sZnB
z1Ly*84(CsQdDF0)>*U<+4Hst3dbi|~5wt^jy-p1!QIe+95Ex6UG8s=_73ZPt=jWy~
z7n_YmQ58m2lqEB?Z#?FbO}QIvr;Agg8agSiIJ`oxjgyP*PaKx)ge$&0^t`K_QZFuV
ztIM@2P1llDW!`QjV7T~ku3o4m6XWUXHI2WPA*;Bb#Z#;o`8GP-Lfet3`d#zB{#t4q
za=`Ml^XKUkS|?{b5ZiC+z~mQI;?{$xJtoh9@shinmz9mspM*5pOavWbQ9F{xg0jp(
zoXFQ8xo^_nF9VLsBd;GRaJp@lY=hU8EPwXCOt_n#o1s<)2b10CFq}xbF?V8$L(cM_
z)KiY>u<f6l&6SZUDbsDp3KBW}ZV%G2g`_x6T|;vc<gT#Mpz!n({+ci=SiQ93tJ0M(
z#^I9fRyIn#;IZyAepmx3AgdrucT}%-Ez-5?X!=g`SFURwe&cr6`_d&jY~SF4&DpXR
z!TQBF)LKA6IiL5yap6a(;HAmq=%7Nnm-oWvRBj1DsAO&Fpo1Fn=)TCkMWh8+2}>jP
z^?e(BnzVo{PQqk1f6P_Pj02dGG+XS&!x4+7z#EVc*muD-aci}XR+8l|JbeScg|ep3
zhWshLEN^xce++=h@@<FbBWB>64#$HhYkZg0V&N-6tMe(%2=<#o!?ZACuGV<`i#BLg
z(FN_l5f`&$Nd^rrj%vqwCLPxeF4u$b%$9ig<^CN;e7yS%MNy!(Q<?d)aznF)p2}>l
z^cB(Mlwu+=6IPkT(klueiommD+iFv6aOA|vM7@t2G(Z<}SAH8A{y{%`d<K*{7VU<B
zC#`ye#UL=3)TlVi@CG0Q0M<}dRjt%&kF44z6a{m;K2TIwZw2~%mY5zut6{k2A4={I
zCS|vqMQgts8a$HWu230;&}RmO@><`%Avm=`KS({@-ULV4`iDRpVC^`M0GO9vhw5t_
zmm`ehT$dx=eozP)3<iI?e1$W$aO@#e*oZxEyJvCC?`Fx5J72_M`Nw#*VK<Ak@JLZx
zX;Ve=fns3z49AAR`22U(iKVPT13-mQR(2H5IL5Xa&iDYp8UVrbOXrEAd6_TdpRL`?
zka1^Nt<B$b-fvcvU7z~jc$9A&GV?z@O8)oW|L04ie(YEi%tycf^tSQ8<l)%v0F@Pr
z-hOA~pFrZ~51_vO-N?-T!q~w6|GK>lP%ChMA9+E*bHzPr;sp?wAyhZ=J5A<T0}g=L
zpWZ5`&zGEn0wX{jUsBTGjDJiHsJ3Qiu&E~Yqct7&)B%W2IQZ`)4QS%0?gK!CJKEIP
zKPa@p@8N3?iZmU9|DF~3`3<!v{SH8Yg1}I`x*f(;nwXgQ`SG^0w3PEt@K5+f!JrO9
zKn>*oSNbgl(Mz|~>aQn^_72R)?=Op(?X!q6d>9SD5r+C}J!wM_J%){{36O;00|l3X
z&g3l(Y_H0BDNJF<Me`)p^D>+=Ps<#e&o}|=+8HPczHT?Vq5Y)wVzTqN^M3qR%jE=a
zJRiX&f8P6g4|;`;$J_9r-kyg62oleqwqF2>t>;<j=c*)go_XN9cTeN5FQxOmYp2PU
zua|r6F`gA3do&!FAg$XB=hXmen)bQd<+TRSm3|)W^S#c_m&HjmLv#pxpd|k`bDuA|
z*71`pOKd7Twr83_qGC6oyZfR1`rd)$H5HHSvZGq(`Pp6AUNWrLKk{)wnEegTN#%H6
zYv!-_e^f4YE9X2abkRXd5P634+HwtR^xXX#fO(@wz9N!C6AcG6!4Cax`=Z6Vw1Mqe
z6jb<eB;Rw3BUU4xUn;aCP=t9s$lw3I&1k(k2nk6n!C#2IcNT-x&dLbrL~!>{PM67?
z##+3~h<S*6GnK9{=gs1*TbEPLWzIVpyx3o{lDJt8@0kJo_ydN+s3)Mf(xSjh<h~Fw
zk@Rb}*z@@y3mWSKHQAXSpOt2zzdWsoD=pJM1?3ae+gG|%F&61QKYUAKXQ>!6m|MoB
za<`G0UBN0C#YKF0eh3VVXoPBg+DQ#`wWO)@9KEdF5n|mM-FcU^tjbP7-?+cLwp>i3
zSz|jg9)uoPZM#T_z@?owzH1nLn3*yUdrE$AcfP}kT4}$+{v^_}x5v@!cx$!R!JWmL
z*82B+{o0bbnXqIiO}p`t!=T&cj+gtPfy7yH9&23Y`)+p{^sm<;&9&cWu`cy+>H0Y@
z$2x|0Y0A}UUxH>yPabvG^2%U<cS!w@)}U)`GHWIxCH_b6cj9rc5p|PMw1tY@;RuE0
z<ZJ*pXw~f~=2y``sSzB-O4HSeY1EVL!lqv$m1)z{xggqALc}B|39YKV<976(e$KIS
zkXBpvY5(3z+`LE{J}*|HAZz$VA_7K}Y<VcnqsI}kXCGqmup-y%L0JcZIm_#9?1k%e
zU0@Nu9&Fo#FV>eh-X^c^I$iS}Nzm<gMuSyC%Aip<uQ{1wILWlex((Lpej05#9_v)2
z7p|5XuO{bgUG&2w1xxhTJH~m~g^rzj($$r01S~BIZl=*TgYAL-svO}tLE-7ad&Pv!
z{tyu!T0{P!fi><+yV*O7bHeeo_8h@p_Z=3h`}=V~%JC8z(HWKKn&s^wvEQE`MXPqZ
zct>-H2g9s!ewSPAneVj-d#Z1(INGtfk$*X4G>Wa>{}EVCbqVh+g4PuxBl4}~h*3ZU
zIt`F5U3Q(L09vkS-&7+ny=UVuFaxtn-q~6nw|up_=m$-dfloWqhY^6H{pgCBd6Kxk
z{xHt*zUH_EutSK$2bdTbZzK&B^*W<9uu`Y}tcLhC+sH+-a&%ss?$Tl2*1H3MJNSOU
zB*38Hx`;S$Hp{5|IDlnlE-~U3mL4k*wwakp`j^VI$5}s|`p}0fdRYDr)e7d3Os9c|
zP{3ksjlnh<5GBU&7#gN9V>#-J?60@(6>+Hk(m3y$Qq?znOm)2-c`=Bu)yrO7XefB_
zlUSj$2Ec(W!4;V`eymcO<n8v>Hjksbkj8M?hyxjhxUw`Bas{?uTsC?1Hfy)gU|@Bm
z|JB_h`a7IX=IK5<0m3$mvbBW?{$nd3T9o8bLC!U_o0gZ}P#l{)+JBRfAdj{)Ac<Yb
z&i%e|rfikf?Vv_`uLck;9b#e{X&)ke9vn_o)_!)`C@0XfGF4KGfHuG0ZBRs5UEcW~
zYt8;uxwATFz{hj!c&d*Mc3;-(7B3Sd)81lqon=Jpc7E|^S{Z@D-@vHXBN_0Rmcl>E
zSy}IVDk!ei=GwiDQ{W%jZhSrQt<EQi1!-lm-ZG2PW?^BpcN7?19~hr#)GfcZLdW1Y
zLhNcSD+?I7KRelL=ULsaz5ri=<M4lU*TB4%vC3m1alU7m)q)jP-~G6hwj5Ow%LJX^
zV(?(Lp1l{SqxG1z1;vu2aO8MOXzuR(V|3vW)}1$le3mMjqfp!wT#Xt$6&mH@Ua{k0
z$w7*+k3=^&LcMec%AL>OI<C$3nh)lchJXDztV9-gLQ!A!vXrcF6xB=g;OQLyDfF2>
zT>7SUg3odxv2krRnlW6%@@~~#`|jtq20xBULq3f@x{%fA7vAPwOZ#T~4NYgw3L~CH
zJ@i0b0|s>kMegO$oqkzRVTSJ)YrOfho*v%WTl9kB!FfF_`@k6WPMd?70K6@h4!3bh
zX~Pdn8eYSinRdX)x_2mOwjH%}6hp|WH`m=7zHHSh*_~-+ncgNH7ib?+H~>@N<<;qA
zjd+X`{?FZXZjivIJ-wu+U&d^rP3jhb2J9R}VF9u4MJJ8O0JVmBHpLdyFH{Pg@7X!T
z$8zB0a4iNG2qvhSOj}4ng<n@=sj8y``H1asEG~OBu8NvlPxlX*2j_*KJUY3i({^3K
zvQb$mgbpXy!vHyQgvZ5kmTXDw<HE!||9-@;Nj0^*m!qQtwGvKVdXK8Qma6JhEF9^A
zF$5`L*^<qLGXZV)0lY#E(s6__$GUuu7S$l}K`<}~&Np8Gcn2P@yQ+9j9u5!hi_(`g
zSz%{o<4elEt^MWW=9`Yv{Z~{q`@%?VyjJd8*@59IyRUIt%~ReT_X7yp)->FnX|J-E
zg}s}DTie}>^$I12zwQKD>TYZ{0o`}Ot;yq2j~Mw%0=uJ|lig2mj)YK-n%*xda>dBy
ztJ-&*_B(%^@QrtKcCU42(%HG=?~e)(?ODe(vDH#AG1@Q$iz}iAXbn?A@R?)JJlFR+
z@u6~>q~qJbl5Rr6amB-ajq|xPPy<4=+iK$G`y<+DW06d+Hq2}Fz0F`g8E&V2(f|f^
zu)iOYy9XE{R%%r@H6=?GnscK?7@3-qr;T>B)BtV`)@vPXk#9DRdi0{PY^x8C<zQ7X
zqvPXvfaU3Nr#I7O-@-vNmT`+Y>s0H_)!0k`)P3o8!<mWEkr?QgGwF+`HA8A<=Gg9K
z8qLy4FsAw<_4}?9CDC^afXpbCXgre}6pwte(u&ruRm24tJ<7nS^Jpo!ZB8q~6<+Vj
ztYu^w<3)AuDZILIydL_ku7@3iPAhV55x^7@0P+NI_FT$X+`O0RozHY878Ye~$lNL|
z?Uhnp<A*g~Fd0E`R4_j3B1Vv%09Y63BQSnbY;0@87MuiTPzT&1&nVCVHHWQt!K)31
zVA*!3^X|a-Vx_XPvr~l%8YAF)jtW)cbNam%cP@1UESSRB7vKW*(c`<uMn<81dhJlf
zwbXKBR@?;F&|pqdfM-t8XMBD2$d6!T!<2u=$Pki$jdZ@60NDVxZ(shdZvQbA$T=7o
z-vq?pIn)o5zXT3Mrgy+M8q6pA)7vN$?Eg*D^5WI^Rl7u@a;I<8J0Bqe9a(u>?0I)!
zm<g8M?Go@dh5MgzpZ~$9lhqv0;;p=WGwkFGril6=shIITm(0w}F70jh{F+7j-<L`o
zNYIg*mUh5a<MhpQ+2;@NAnOU>sEWt~wy{JBYmvagu1utX^OaWT#`dyYAHaORZqs!k
zjG`G5xS$VrX^%sdXV;KXEhlbZ`|pf51ikGG&&Hb(=f5lSg!^FkVuh0Dzdovng0eX>
z3w3fNI_<81=f^X{!#?#LZ=2SDEO3?ow)r@l=;&kvaO0}{+rcg)z<TBV`}eP4O-p#U
zN-*y?-j0e2N(oea*ZCnM{vHAu3=AlTUWg&7w_pCbVFEk+)>cNQ#*TKn4yM*t_6)QR
z*47p_x>kl3wEsRG`oBnLX=vrBr)&2gQvIvD**oYuINJZ`bZ>?8f6b+howc!@A+UJ%
zf4n2!zes6nscUR#Py5}}!BW@8{y${*Up=Ieg|)7O;eUF_f0gR3NdI$2|5ef0Slc+-
zyp`&I<?-XkkN>w9Nct}xP*-2y(83USpVoG?`i^#XhE@(VE|wPW!DPgt-r52fFbn*<
z{p0=qtINKfW@+f4`<5;uPCP1&4msfV86|jZZUH^WM-aWZq(m&EBq6nAMKJOh->O@v
z-+!c&)*6s7CZ#`WX4zLtI(e6hol;olh4b9$`glm2S@}=(b-%hkK_I>IcqgR{2=@`A
z1U4qjz$;AAS6a`)Wr#s_)~9056$JwFwLlIjN$TsV?~P125hUA66wkMRw9`w;{Wa$y
zHIdQPyXYk4*_6-}&Js%1)g$Bo$Ryg?nCPJU+vo=Qzhar`G{%I}mrnXf=LmC#Bl=F?
zen(RZz9@g^#`44S`wn^&#bWzyyX(_vPjwb82uE*g5xpQ<O>HN96mMp6$eIvr6Abe4
zYm2)~OM8YF={Y&c>Ib&jxu=-rZ~hbxw>gUWV6q>y)000*JxVYPkV(7?eJ2)$K1r5i
zg6D6Wek2+^1xvFKF9N;&ApA}Mlr?2M-WeAq9L^heMM=VI6sJ6KsrB+pd~plEhxV?S
zZn9o+N%Y;A^gWuZ;?iT^ke$`S3=7>tI6qjwF!rR4ur21%cVuG!Xaf-MdM{>E!lqaQ
z50-0<3LZeI$-yjaVm*k=5dYL<TF-g6kR_m4t%uU9%Cx(#go-k1)=unPYND#E>ZwZc
zS!zelxJ*R>DJI`f`vLXjr)C}znbw9$-Zy7iDHi6<b`T}YlCV484u;3ghjsN=_ZNh>
z$`U!5)p84TZPY*q{_iUb>|15gwK6p_w0EGfGcX#B8@2MIL-ar83NRd7;G>0vv?Cj8
zHp}W_4pf1py+}n`?TCz1lKok7kTtVeA;h>AS(kRKi~T#Srl?ziNuQi}NW`RmpOT}M
zra2$Pv9!=YiI<9VZswPtMbYAHMZvC}7(mSmYcXD%OXiY#$tB%J&^^m$D+1eJ7y0oM
zZp3%f>n#sV_OXpmM#{1dhuP7tw_mx#Ryc~YYoK)-<l2K8zQ*|SMSPMN@^|pVZjlo2
zV@$l1W$(^8-WbqnpZ3e;(mA7y9A8)shAr6E`qN%@qT#pZkznF>qVMK7-FLo57_XDg
za3X!s%IW&L`$9ARim_2y=OkdkH<oAo5WQP>fu|^3`Br>&w<c3>Uj{$mOYonI&)(3%
z!PLsw{;j>us;kRyHX(WOcK#STBqxc~RY}KOu%m(ZT|V6kh_xi9k0Gukiu2d@R+H+f
ziRPONxtSS*(Gg#fD}6kyRL|7zq~*7}`O*9ly?t=Y3q6HVf_n$b!7Xn8HvRH&<h1ei
zzK<lXtJgKl)i$`83r$4~onTCd1LgkuFim2_G!y@GFqa@cs_Xu?s{g)|+RO8vN3O-Q
zfhagf=itcC@QcMGz3RK_rn~MtrnFir%Cxo>_-phGh-rSsa^X(pK6H2apCn~yab%2e
zn+&Zloc0Z>Tb$F$DWGzk22kg7y=>KsEv^VQ1t{GTw={pnfY0!SxGRjc)X-`4@i6^e
zcq6+IH>zQS^%lhsR{u%U9TsQLbIM26-|IijT?m}TSR&&%VLjME<abjH_DKVuI(xev
z8r&BPT(23or&<{s_H^*tV9|_&rK<0;yA8v21Q;7*2iP(qDX4845Szw4+N2*KKHFB^
zT_OtZzPmn0dd!Nb2ld6WBVv0vCJ&ar1m!~yzBjbk9yNN%TRwCzh+(Xl9$rDCLhDp5
z&JXP(zPsv<4W30@4p|;sC6lFhNk0OQiw$u9e)d3+uN;m6<Noy^uX7YVN%)%_T)7HW
zSokmeXY{$kSS=k3ubQS83p6O#*z*<haSU>0Z4^z3D$?px8<%X|eU@vTh=tSje2edx
z8HgWzc?DM~0%~v&*8CPb=CM4Mxxs4A*YDk*zwU^DW8HCvv_S@wtCRICuTudlr+J6p
z%cFBnZe$y7UaDHrak^(m)4-D4Wj4FV{iz<duq7d|X_u-jP!FKF$0>8ce@VubCeiMb
z2>XgKj(&bVu)v#v3E@-WdlawYH~6UXTc@VvT`5v8-`GKLe=xF7->73Y+@}KMo9P59
zGy2a(bllJVNTuWq6W`rbHsZkzINqVjEtW%{2^uD_Y)tftBAeSmj5vdTLApDrL6rHW
zoT9F~_RMNNvP7uQ4g?HJu;9Zd%^hW(%Z%qWI$VC4&15}_Cq2aVx4kTR)q6*x-n<@b
zbF!M;YUi1)RUbs<eK_Cwe4cTr*shSwm6~WndqUc-#jI=%;s;fLDvukB6+sxc>$}SV
z#w!!h94G@WM@z#5)MXQAh4i?J<rVVDR}^E1E)K7BxQ-;(#_seCShQAsY7wydvwQ5-
zS*<Lf$_Tl30g}FnAI*LXP^u;-edXWQ`|>hoH>1(}s?IkQKb~tv0H!SERK{NU))D-|
zF2F+TI2@(bq8qk-_q}+`u*!qv7-4FIsMi~M)tUO`{R!PYl@jF-_K)4I=E3JC5*p}G
zhnZ2m@aOy&Tql-}M4OUK7ST%MUVEGYcAz>PPrqS<&f}tIwky#!BIQjjg&^({PmoiN
zStDHOBrWH2%p}Iuu(<J_N<`+Q?NHeFMLZO~)3WtcoGFjU4_0LQw>?qQ&7^d!KL~t>
zb%~S(B}8Cs9Ui(s@!rv_L_guWBB7o_3fiIq-`ALG{~<YNT~{244&cTicPtko{l3tl
zt<{4|M!+2YL>vFJ(Hmi^C(x~|*)5jTBF9Ead1z0VCsw7p1{a<Xywe=aL6)C}Bwtcl
zte1v^;EXfe6B$kmYPP#?HX%V=H5LT}ax$5chGC1$Y^vZ9wpg)uof30OHw-HL)^0QJ
zXBd3oCY)CGAFV<KxZMdsT9+y-R2I`1x}3a%A3DzH2(Mi6BGSKsrYp{wXn{jm$cx;C
z47oKp=uEiP&0?{bkge!P1D;^~qgQ4Y`SUg1y)etqu(AX;HKM-43Q3E(HT^*=g{j%>
z!%;w3HEUdLM5U-#`K?<B_q~LN?UF)sCmc+x{d>F#A;>QmUwv`c;>+<lBJhb%Oo#PS
zQ4jR<c^x-(d|Z5Zat_unVO%g}wxNoN<BMOnpR6B*UpwTRkDcWks9%qbuPrN2L7UKf
z9vSmaOqPwFvxJy<I8;>%Y-ZwvkX>M3BYW$j;W<NpLr2FaMbF5fIBtjPOzIGGeWRbO
z_GQqa*ZEmFR|#E~_mBjyD<YOqi%BJb{iMLZO7Yd2XB#n9v_v7o((~R$p6i5l=vecx
z_=C~rtqM;{;Q1DP&z=0rQ%YV~Vd;k8WL0M5$avR74$<n(%$0%ZSInW<>#Yf<J9?W-
zXk8jN%3sJI_KNz$=y$(*9gZCsC-p6hpUx<rgXK3;gVm|iUmJvXm|5Zu-hWAzGtm82
zEt4=ZSh>}LPXGkiCwp{|De%p;H1~O-7UY8WGC@c0;dL9EaOOmZPU0JEk-2A89m-pW
zOK=;CwZDG+4)$GRdxL;LOQPed3@{Lcy~hdn5E4x-?ew#wX^IbLSCWBsAx^EkPKnC+
zRVjkFxIwMZ;GE76&)>|iG-z1TkjBWyXkAg{4-c2mS2VMjE)joxwc&}jA(}s7iACrO
z3CB#L`NPlMC7hj-cAIr&c=IADV;QC#B%ZAh<41mEK~mC{7|@X>a$Ou$03w@JTMn?E
zvsN0TD|h&QC^81^lT$(=O>^9F5LTe=t_h2At4MKZi|kXgk9o$F&YuA87y~I2bk7<Q
ze)T9CTvIWzb|$gicJM{4FDe#6{U&-0<8GOq4njx|^0Tlk&$VJO$%cmP`fXqSF#U$=
zRfXkjhOHp!T7{(}SV}3)x7aBoP{-8tt2h$+78sc>GnvdjV~-c*nL@){_Sa8wCt_VN
zn%%K8%hqS`#KRi1q9Qj7jTwD}6v+z-p>|+>i0V_iq~80@XINmlkhlavO}(;Ram$Sq
z?+<>|Z*ANSL%5a&60l(!bGU7V+_nA;DNBy6fLn-XNQr)ZhO3Te9^E-?B!8*3yto~$
zyWMO*DjYwreSFF5Iez^+_MeNT?^FVY_6KzTX*>epsbKaFt`>%WM<d7B=5e5gb9e6m
zp_D7EC<JaPInN|h?l>mKhUvMaag1PpqB-R5cg1mA+F5;ZUq8vkOWB^NEi#4#Xo5ZV
z)8KmC_Ufj=X3~%9$MV2Fb6T@?nTq7HY4XB)dp=C2z<Iko4RhA0_2Fv?5G`BUs<FA+
zO4#uDjG1;Ib_K0R7Qp<tVAK9-5_T#0nMNc~e%4f1kM>R>HvnO-kyDt(9qmr$>UhM4
z(sQ!rbp(6y2uHT=6qK_5Lt^xVa;otXUpgJd_Iu5!%;)(cHX_@HZQUmFP>c1J$LAL-
z-WEcK<A=-p<!u>BfOArVBgv+O+``svQL}t~>Y==DW$XJeHDDtdJGJ5zVro5^4bEJb
z%3JBK{_C<ukZJwH<Z45AOz8oR;PWhJ=tzgUf`ys`gFP>J^y}_s&=l%k!>I;rBSA@Y
zzp6D0WW!<>Vy>tmj=!Is-TQH@){REr_EUki>87q3J_OE5{&;`24FmHpn1AkRblC1v
zQi^*D!uRK5NNM^oaso&UW_kI19l(#Z()7~mTG9L{W|$)gC@G>D?Yd{XCNg%>Pdl-c
z2#g!ScbFm1=p0I5gc&v!jG@--F(RF?WJEC(_SJ%(Q5N&NAgEB}eD0!kF&PoXTp9%p
zA*P3r?7E}v%ISoPASTdBhxnPr=X5{XHZ*@J)JY~%M{lQ`Bp4SCko1&(wZ$0GErt3e
z%pO&3@}XC_{(Hs8vPeo~J<=ZCSl*5=F_NqZzpRC}de6|ZA1-ZMiFCdr_94%)NJTR1
zuz!S+XaB%~AVrgHbxU+Q7}=i;&$HfcnAn*czU9qmBfxJc=6hIX3rzrNy&C&*y6#78
zpWw%L)+l&34x!ly^i=Q~+kR0*#N`6BXD=>2FH-sj)Ba}GS;?`~HDizA*|he3Jo1ld
zqZy~0T;7Arf$6+?Os9DWf%E)$v?LMscp4;$`dWXEhqq!+;NOoqelB!5lMga5OZGIF
z4&!O0F8l2i6GX{F(DuDmz-ZUZKy*Jf*WybMe*mR7Cx(E45R1WOcxzks7EGWA1%7mw
zCo85jsR<W$)%H6Aqga#Qo^;v)rRzF^sP5=P_^RD`x?<Qj>P~~KWCZR|MFGj%*tmhK
z8K>h<Z1p`+k}mH=Q{J;vIbFa8M1SMN`o3A|-{<Ii9MxKtg<+ioiI(`hy2)Z=nI~pT
z+BL>Q!xC8}u0%EnCq9fQsBwYPY>(LMJW=u00*S7Ztw$g`mk9Kg`CXyDDE*Igym*u#
z!M?x^rXH$%UBOh*np}a;;Ge*gKMmR$864M{ItXd_ZD~gO&c~a|lu7omK)3Xw<Wj7o
zzy`AJoGY7LJ(vBl{3JHdSr<r>ei4Ys;P>N)=+lGhWh9JBcLpuu7F^;1BYX6E&df(#
z;^fidE<Gdms&tL+4l85<xg4-lUgkpmdf^`k$6w4K4&yOfLJs51CdRV@^D`;5RtK)@
z^@1{tJ~FIf*TPA;hC3r6cbfsC=q7d2bC$WS+qyZ6q`*EY*xx<iHlIBFE~L_GYh*}6
zyDQ~cLY!I2xg%yVM$i^>U+E-@<f+7YTNe+rEGrAxbw}Ms`^i>w*|yos8S1iq<Bu;S
z;kF^izEThp!jdd7Ay*I962&j_Fj5Df>yUgJvNNiu%~;4W&`!fvGt;_*+#DhQjfsZU
z5Z2RnH1li6zsHT&Z(JZ)sCP~$J3c9!3+kdvU#cJKq#O&ok`=Nxa`5(pCh6WisZh-N
zZTS|T->QzoQQ6OtW=VfilRN4&FZI|xmrv^I0{A4pzZpBSr3<-6;(dt8p&OXjS6pj9
z2Zg9HK_vOUp32B+8`WdFQbb=UfDyYpj7ay95rQ!z*`tKM+_kmgUiYg`Vm4a1+UZ+`
zxSMvAJv17QLTfQhpbD0!?{&?Fp+$Jov%2{!c`*rb3L7RHaa}tJq}6sIr4jF$G);Fw
zbpBGMz3Ej#OJ9TX)I5VcKX`9|lXSNBISh%#0O7Q9!Q3X&YK>4UKvUM5k66(7gA59h
zHZtG6Yy_Lgp8yH10GrVg`wx}eMROY}Uu#(>``!2spo#I2`!g_$z?x@>>dNi+({D~N
zX`uGXH?ndXI5lLu>G3M%yOrho6sfp~9n6oO>dq@;iE1d>Tt9gkr7Vl`qZ&#gRW7Ra
zI(?b(d0p8SY~$ddf`N!R!T-ke9uDxx|Jf|2eM>)szM*VfZKrhbD>u|SY5__AkG3AV
zVhl@cY0FAo$W5QCvJG#m(2`=redg`+M526{#!)O&Ii@Ul<;iNGDad!}n*9!m@?%T+
zSC?ren}p>@5T-9Lb5cTkdIM?+rmeLaBmAVaFUTzkX87v+A%>&+_@1P?G-6%qxWPs0
zi12Y<l<-ky`yY<^+=KejW>iNd99@-}CQxp_^<wVReG@l9yHs521utBj8BuPAs1;*K
z`!5EPl|*{i>BPx;>8k>&-qRXb%BmJYj}SwNR%(5>+Hhrk4CA?BIKOp@Jx$syLm6pX
zU5kk4#R4QNnf{XwP2(){qqR-~etPpvw;i=&*Rrmf9d=6d=QefJ*H+BL!2?QJ8*U_Y
zin`1otxG2b?js2*-GSJSOg8RvT<-MTOE+QIxC*d^exdndi|6HaB1&Z*?d0^$+Sk>X
zA6Y`%NiLSdG{l`opy_?2Hi~5Th@HI0l0(^bUKW|g!iP)KQ^B-Wr4j2tzdu9H9-+?{
zgI%v=d;NGu>pMDNrGUn+h7HYNT8Jb2Vy~0ysW0gOT_43o%Rz~fBqp7iptUb$%Iz@Q
z_%wp9*d7W(EgI{LEp=;{Ecp|=(a>Z_yuyZAt_`w8kV*Q~dbBna+;5_rAFgVAT+UPd
z@wdkTH>2Q7f7gyOwx!I#Jxig5F<#Hr=9BREJM)P7VX@7Az4mW0A{Qze-*5&c4MLno
ze3lSvhhK&GOb@x*&9AnH1M%hjV#iA3o)J=cvx%iR#+;d?F8vGTGM#=pcJQY7x14PR
zbE*UtH4#zBm8BEe&itr}BE0z-qAgUT|2t(U&2bmo?1!D)2*OyOA9ETq@?4hyyD~iP
zQ;O@F5<F6+t@&v-f}Q#Nja=-85G@Xf>X|A0mTQwn<VQ+G7V(I3-AzY|<IOc~e!Jxk
zUMtaOpqC@9FG~Qol<93A=^81NaRePaOO%YNsC_6}61$~>F7>3LJ~~;H$|=5Q%Dn$r
zwwnmO;2zw12<59^j%^jQj*77)ark9?aqGp)*k&R*<GkB4>wxs!t$4C>fRZ#*KbL74
z@gVqVY{V&RKFp5-w7xbV_K8-DPCz(2XSp{qgv!s5&F)Ia^>Pxzo2;)yv#M;#9PB#x
z_q*$Nk3{BRWS~e3qMhwh;z{|PW=WHBcm84xDznR4@-uA+0~P+Q)}Kh4M5lV78P=bh
z!R;S6Z%|r4lDE#G=>IT~I^oOcX8lmr!qdl~YbzeceO3>r&L5+H*^eTMR0AbR9kn4w
z^7Ar~t*q`{UBq!F_$MpyVrT=0FCvOxH`Dk^z*CkX<WPQJkwlm9omjv9<n;E_Wg4GZ
zNXo4@Q4GazWO*^@^jZZEluG9sk0~%=E5pi<<O|kmzdV{%sd?DX!eepVv#78X2bRfi
z6Bz6I6L^YCe6d+FA8_F}8+ilRB9=aeA48O^rwE8aTTIuTjE6-rClBNvZ^Y!q>*)m5
zBB2)IZ{y+Wi?>%?&v3(%(9$ImnpAR0Oh}GuLV;jl+Wm%F%S>VCD5R;0aJ?T^Jk-@w
zmdicO`Ckk;ySgZmlb|P*%Dg-{tmn17QOv$wvVnhduT^Bjm0Y5*^;<e<Tb#qoL|hI1
z7`!}}xl$Zv-d69yF<)ZD&XFv;&R0Lk(?kT9Iq@U6$t1nz@#g)yS}j}OZ8_9khidGt
zT<g*^0{6{)AU+)TM<aPkkB|#F+|>-$j3_Y*34s=MTyX);$n1ueVQs8;-~^8oYKC!L
z0vkxDKErTH@UUYsGw!a&lN$`=dX3=+YodtwV~e@`0icUC4kY}6gJ{X|ZP(jC=-FEw
zAHyojRbRr09Yz==wQ6Y!6<f6^8<}63)*&*4;L#?9RSF`xKL&5NQ^Z{5wo-(PozUc9
zt?BgEVE^!H$U~P@2a<iO5Bs9Cg#xNx7T$HEC@ztjB&rvV|G4TFZ_<V-=bLMX<PnC_
zsB$i(7vPvZ;7pLAr!7%`Jn4n`?HiTs(2>9QkN|~1R28vlwQQ3d?5EFoY%%3jl&%hI
z%{$|<KAYPaQRuS$+I}evvt~O=NL7N(i7|-<76!2;fG3t!Q8Guhfynn42Hr7+8;=<@
ztt~~2kgnfKH~k%lrh0aQCR7O?P?@~WZN;0TS>V>|<7nMmRy;65`rZzelu%9^x$)bQ
zn${-|_NoI_)mvLK=*^?vb}#-4#Mf-yIlqnY0@owuwBqi+uxI<evLW*G(I>I68-F??
zRE0C(4ZLzeTFVYulPemfT%sTpGqE(B=7nR<ntF1Nt+D@teV@^SFjTX-CDJ`BgsExy
z^L$n)Rm1Y<{;W_-=aNWmX#^ASZ(B&>QKo|Xp!ue<n)e0%4IWNhxT;r%0|Oh?{7=&{
zK)eqoDX8#`T2xAi_Wy+00i3v8VbH3F4zc|bC8knQFB{TVkgsmS9^vYJI3s)_Hs{5U
z-)r-ts&a}7A)&PA2L09;QEe(2&=@$~DmjXwLW78c*~w%6L-JS6?oq}j_1IL<B@j@D
zzYV_x*biy-BD>}V7bvOZn!HP76LR=OF+GBojeV~wjagtmgG47}Y*M`L(9O)=3}$<*
zD5P1$^QF5Og75%2LBO5{JsS0UZymM(D~yInFn@Eg6?jt;15GjK&yQ=fj^^M7Kl&>u
z@CECr@^vD<dMKz)U41oGm)3~(wZVgH^`pHBg*L5jwTP43c4i9xvEy^-L5nI%d8|1?
z#>ofe?4DCp{2=S`ai{HFm~ii0YKMn+R$=AzwGn4(8Ef3V1!qbnYn1bS0Sa0(Ys4qc
z{&@Om#P61Lm;E!W$UEEc`>#zLW8v2&iP0`GRV?3mFKlL>Eemi3Gz#6<QUC01ej9&9
ziaUqbgjSSpXQyIATcv-rIiFKRYU!als~oVuhkSc&%h<GW4gjj}48+p^J*xi}QrEY(
za`>;{+p(vr{iaarpT`&Ia4r!3Xy`4qbAoUMMN+-ye4@gQ!<B@~Hv-XINN{X0<S?&=
zy;r)=?gAqnN4-2p;|JO`YcU~y5buZ(Lbhpy8ztX`aCMA4oowE&d1kWr`<=Z9*=J=i
zms~UQHxZ84tPIxHN;~r^JQ%NWzan(r_UpS7RZv;iC4XWq3+H0>f5kkj$I>_l85_f_
zwO@>M!B=S5ll&;Pao8RWDD7wwYv{<Wz7s{PNT14*-`twdxx-F;Mh6viFb8c57xWKS
zQm<*e9RQb!%Zh5R!SjYsA6j@{G`?eGQaQR&tKWJ%K31U1)>$%}IBe*+SmO5ba}HS8
zk=YGP(gnFbjn*SbO*Jpo1_B;+26I+OvOXhZf{K&ZA}u|(H5o2I8<WY%#OlcGjE>xs
z0GC9ak1;jXYrpne#54$0Gh}T&Eat_@*t?&|y+6O&BmOWCVm((qGd3LPX&{%0@Nn01
zOIhZ)Z{KyDR5*X%k<GMX)V^AAz7{e!yu2g61|N`R!ZT#a!;m2hVQZZT$z(EL^ersZ
zrAr?Z#{)v3YTM5!LR&cEy}9}P>($NZu?dBd(eeU~l}7c-SEdzo1|F-PxdbP(j%0T)
z^mj%YxVk-7%z4d{y(zWNEt~4I4jbx9M)Jv0r5}{>XtcJwQHQO^<dV5w`C#YZA#(b1
zrHf>dtarR7isq{%9U|6)e~GMS2{@P>QER9`OwfGdJ9nk=z|u~E_jF1)z;`{su@0gk
zJ{G%*{=U~>gWMmS7{3^?t7!BN`)d=~>J!DeV=B*G?f7;}@9?_n<~8m-VjtN@HQhPa
zrbm@tXB46+KCms3PYv0wHyY<);k-Z8u5@7A_zW!~1^SQ(NnKvt`?n|c{a*WBc{$w?
zV45{Y197qCx<DnfBTh=@w3||h^ibd=FU?42AhnmTv~2;_Fl#QPi5PiLW9jbQjUg;g
zUzv#-%O(6_WIjAGUsA2N7L(X>V!sQ;17!s$GUc$cMDuef^sA3wH%OV4ubh)Q9fOSK
zq>6SyP&e%<DeNbHpVl@EX&D{#3#<L|aUdSUGkh+~_dgikyay#LM70+Rm0F*CNK`}&
zUG%cCMazOyb2Mq~amjd}QlDt3BX8zaZ)qaP!-|HF-9CY<Sd{f~ZK6}Yw7HiCYtqH;
zMIvNI`AXRkp6v@70r;Yesrv6u$5I?Dcy`8@0)1&Pj4=ss@c68PRP<&O%-O?{5U|Yy
zDx;GnkGu7qx~<ErBVgT!^r59gslwTNsApFr{xSxn$XXsrm-zIpg;vbeyvL9zCS>DH
zU)Zw<!PoS4P_t>ZfokQP`ZLKGZs)lNOg`ki{bq!ygTeSnNN`dNd&3+-TA?jTs`l>`
z6Wn77Y}Z;|3ki3thn-)nyYkoIxY;~@FGXj{ja@V91$g7|&AIi&>;;^vT>@DdpLlu+
zlRfr&KW14C^WXONfAfgH$M~G&4GD`&S9a~@ynMuTILJCFL1At=R9WFjQF<8uu=$PA
z+p$LSezv~z=j?S^e-+P^iso*ZS_WPD9G|}93azQ*^Nr0<$5S`y_Lfm*CgJCYs>15P
z7x~I>qiwUyqmy+1NDe1u=xC=6-wGJD4^oXEAYehxi#JTFtWMjY+_4S{i0euhtk>4&
z?5dFKhH5K}bg`@)SIWwt1drGF_Sa+us}5>8^$X(E1+{y13np0NBA7`3dY=HP*2;r^
z%X!Zy|BoYTz>z}B)ClmO#Y<ec6PdyKlyG$yTz7=v$06w5{NUx3fbvp$>C1VNp>F~H
zFb@H6N)EN>RR6KoI7L%t&FJR4<B+?p8oonjckWsrw-T194|O|VY}fLAjo{07n!rr{
zaf-`B`+`cuc1Cz^^(_72DEO-A+oKGcU=CAN@><+1S!Mvgl~m8xe8>>$KC#7mJGG*k
z8Qu9%aCnmibJ*R^P(N@i&pLt{CqVHM!Z8%ieu3H1VQG|9nZgL0)VwHUNLt8w0TZEh
zB^T6V$z&lUUBNlRW<oeQul{S$=1T;=NHnBH`^$w?U>aFHmsMVMTiiMcQ=L8LFeipp
z?(#*TWe$I_8fmX&yqZ?++Mc6hqVtbs{}+PH^fZ-CeE4DGI;rUK=m(Ps!F1THck<Q_
zFhqKbLcQ*rgZJSk2Y#~d2B=g~AQP%n1Geaj*_tKD1KdR+eb>TXUll*AQocV)mQ0Dx
z9M~em7O19dhQRZ2vqQyJ2UnZa)uGxlcnI;UWLUNS`Dpj{ONJp;ucia+>x`pD_7Z8Y
zu0wxs!z=|unN1o$^$XpTFxNN}#7DBJbM}vt;U=31FKr*cySJ4<G;sP_C1oO%Vx>t%
z2XnGP2%3h*sD8aFW(oSSH%Q0N@qYk}Ky$y=lLIZjb26+_+ZuOK0Ln$=vdy6ue=>|z
zW8CeuibNG|qp`e`VWc!{sT#{W9Y(7B(bZVqlQUA$&h$t1UJ+X2HX6%285T<e>uN0T
z1XVfui#QQyAlLI}7#_K~cl~;|-Y!rds5WvXoBjr>`^^TC$AN630lFtw6YT&ZjpdyT
z&(v?U2BQMXDcfj-kem!x)NgjW&7$4YUf#*@J*Ae%Z8Vm5GJH?J)f~49q#4;pV|gdT
z_sHO-!v;8YPlxZ}xVpo}-gTdd?@4?HGL!Hf+Z8+n2>PC5TU(mQ*kTOK-_k;gU!2VY
ze}Ccbg54))-J-iQXxAG>*pb_4EbnBrXXTa$QlXBCxO+N`*T8I!ijY6I(OBN;FkXZ4
za9AMp$~GF&t;b=!9w}<PcO1Sdf!g?sR0^b`t<#wParmbFrhiyx;@)w1r-Lm~%NJLB
z@yFq;4!`(gxRLjc!*?Bg@kenB>m7%sIpWRMc01}FhppLjiHZ@HjP`a#mWHoVa!$OK
z?RqSJzq=Z%cN}i&;J4-|em1@1@LC67{88Lg`p4nK4v#O7;l$EEMMmziyhHjY&ITUU
zX4?Nk7{sH<Fa0lsK|D%Av;G&tAa=+7Uauf$k!+)}_!DOkBV}M?D4InH!?=yc;!l!w
zJg6nN|3rKoGokjc@T$?6hb5MsWM1Jr#oO}N>n|h5mR@Us<B2%C1ULqzps^RHyA76u
zTu=_QAUSvnHt~_Tz`;{+fjh2E*TZ@66inWZYisv=bsZh~;E{MZmE>I8pJl5#tR+mV
zz+#}<BxZA5bJ*aKn8MP~%s55u(XdDil5I5B{Yd=a9_u~|H#9g7E4VrPqok)C9EX=X
zXb9opILz2dgeMG+!&x0v(reU@ZDq_rKf3O}jrwu8kKEg4b;o8)Ym&!dBQlT$Pwmjt
zKMtpmKS|w;wDrRf;CL$ABYsB0rRrY%#f~9ANtv&`qm-lJa=uk!Z0AdiZ7n&cQ9lkl
za8N0~Q9qjNQZD~`0!~|v`r{LRZLjG@{kXw<T&bkuh%szZor{IUkA2>}x_nA2wOtEF
zlMlIb^z^HwUKU*W4UTqiC0}o3bqX|`vW*Vx55t-K#$kVy426vYC5=BE>@_1?PkYZa
zQdaBi*<tw4-}rqwO8%0@fzt8+)?t4Pr;o;gvikqlVgLB5g~owO2mID|<`|v<jRRF6
z_>IH<D5jdmfeIO%7VHn_w%#~U&4MorK93a&+c;2hgD)St#|U<89H<Jy7Z2T|`205x
zR4(C*hwf2=3K|EhtMJ7`_bGVc0~LMv;$eT3)H{s>)topv=*H)*)k<W--Z#4Ckk$J#
zFG%Q{Zom+KOq;@iYIBr324ASia~y^7fy#y)3i7`Rb@3sT!Uw8%@^xPxO^tt`;w~qR
z!}f5YI}-YOOqux$1iIPm6)Emz8y%oOrYQZyK+ihJ{edVt$l5SHP{p3#0=|D_N_(I(
zLw{qCKQ1jjP;I1Ad(t=!ky{5k#}%4~zA*1ALoxPzfn84ytlm9FCc?&U^_YGXrUiHE
zmuCH!=FTabbY{7ev~`eKK2}^nW4GE$hhF1BR<aXEf2`dqlYFAx9=6(Aj@i3aSvvl1
z>8lcVE46g|mGp)!G1Q5NYV1~3DY25)W8kvgiX$ClmRVeR*EB~3uB@_+&Kh^(L+;F>
zBXET;K%Rh?!C}I>>*!{`SN6l?cqtG5dcFsLUC)Dmx57)04Ykrq6(0*~CzFm>rUE@|
zy3od+rJiIH#}3jB-ZTzcXXq$CU3->++Pd_E@)t*1`q7f$#wNCUJrQSkKp(Rb7Ek@i
zp#znbdJ2FH8dj^wbwsw&0mx2#+npUcLcO1vK`8tRimHzilow44$6L&X0>IvQ6wyDg
ziqru$QSxc%%{QJ6y)g7<@ngzNK9zRqM!o(Yx2dvnlquYL5qiPg9KkwmOL)8j)0t1B
z{3`Q>I|>(OXnSsD39p}>O#!U1Ju!xaxsdt-NA>MdM4y+w9YVv(%(I|>$FGFL_$rx0
zI9lF3i1#52ggLuAUCpP$HA9im0+rs;95(vvj(&MNdbhEk*nJti-Dq?==v7*XnG-!7
zy~05Gb#I7DMeE+~o@F>5G`|{6O}`RMNnorzn9c%*(eT~6+Ym!?XS6j{Z218<IQSwE
zWTmW43KT@}j+S)xZi6G=Wxg4VQ?u8ydXKu24F+3xtB1hZYPc-jZLqbP1L|rc?>5**
z-2ul9(bZ6>-EFXCxdU!6o6>-)fj2i;o1F$+m;W2t^1lSfR@wfLS@7;QBRr3}v{v0}
zuK64uacO#Jf8V7^=k>=~+P?Io)$I2AT30}ifMkrw)eJO7+>r$EE_G$nkqqC|Z9CMR
zYdMy#ZQz!#cl0~G+l==*(CW9_+P)09=ux+Q;L`352W|1Cz-3<|-0HW4PDtY2X4Fzy
zX+n9PXKzHY^LHK#uCXC|LVPo>=rHSlyantm4(_ml-*meuL7mLzX^VtUx>I`OzBGcX
zcl*}hG1sx16uJYVKJq$tV@-<IG3a!=2{)WaSjUb`2EKiEW{0L@=aiz^`aYVjY@spX
z9jSkM!WqQR8V-B?$6bmZ!QQfzVh*=p8AVJ><|+?)1hu({@?glo6r6YAO9IfQ_q8r#
z$4=oIBkJ)5TW^!bh<i%vN$a7;sCra2chrMGL617>&PO-4`)<=C^sw{MtnPNV>AiW_
z`7jruF&{l*q&pvN75}Ec<U!}7>neY@>GinBe4d{7*mQk7{BpJjF+Ao%_f!cNog>X`
zY<HWUjt2nz6G?KL{)hXm<uJ}0cbg7=N1WDne<qCy>(QpIvaiO7``Yoe>F=h0n)Zmp
zw$N~dyxVjD(;bn`s~RKf(TD?Z5u0vGx+7|q5W3rRqtPC5XlijL9X*VhRZK;%+|FHR
zUxSoxX_mXrz6Pmwx82pr({<O`8|Ub9n4P_G&Y)%Xb!cs8Z=7S+J6#>T+SwcD=+chP
z-Z)1yd*fYqU!2ovj`~`dyt^;X(dPEM`{JBV*BT6T48+}iaZab-?+G2wxVtaT(dK=-
z`{JC=u+<*vV7czTIHzL`o0isy`{JC=xKY=sYkk+<P4}u~h72dMwA8S@!5(g8yD3W7
z=e%{l9(Of8ZR2Ul)u>!9kGmReOKRD@;gkKytJ%*sx_vc0VOp&`d*e}7voDqCHoBdr
z4rkiawsIawitlNgC3g&E)tHjDg>lC`LK;)jwjpYV!wajUCCl`*>CrAZ8Mj`$Lo2y@
z+N4T5J%nbJx4XVJz0seNUQM^VzBbX&uM)3U6!EUFjrq%+L;Czll=gjX&zYT8v=#P`
zy4J(eoqcWX8Rg%KAn??-_WsccsBX!!yZ+G$sBWC_UH|9=R9mIfKQIAJe0KCOwtX(t
zap`#f=yY7Sdg9&S=ybeiS#7Q8r@_9ewr<;Mb+ks@SJl?-44N$+#$d3w5M{PULmgta
zS#e%>M9~pi3e3$~@46%EvRj)~)-^}$HO8i?bE7vaqw9{??De#aUz>H#bw_Lo)6!bw
zzUqD5Od@v~wZwH7*|9`V$7+&M8C-WrT}~vU&UX>+-7yS6XHMGu{Ugk2U)0s>4}mOd
z4Y@Dwl6ACohTI!@>GGW!<(-Q*doAyb&RBcnEvqrC>rlLm;>5Z`vVK)3_;+8#rCUnu
zE~BKZ?vR@GweB)1sp<~d9d<@qM|JN2-G0B*ZR%*aGAd*04yl<p?JlDrr1p@M{7+{{
zZFx8o;g3cKMEII9sTp7xHhXO?gui#VXMa3u>xFx2#(Qqf(WMi>znhit!Sq2MPMD%p
zHXw>39m7L><wg->ivT5e*YcK?ST4ty(?!&TKKB+O%J6Hcw&)ef_Tdzc*<>1LA#rmW
zg{yg1o4FU*m~#jK_8$$-a3mqHmY5(rn<NUnBE*binB52tbP5Ps`o4AG;SKSY8B^ZS
zkZ_B9tNGfOoGNJq?QM7AErK-MAIh{!L3dkA37mW3y9As#Q~j2dKjZPn1}Jq4Z9_Bl
zdRxW^1$g!D*C>CS+yV9C#k=ha(_P#SXugsDXWNX^X(-m`9KD^|>$8qt-DJ&s-DsPq
zn#wpGVm6<ee7HBxTre^np;CY)y7h%)i*d#W(HYuyIim*qB$~=7hxip^eZ^Rhg|W7k
z$oq=5zGAKISZnNWAT3Hq7~9q|lAONg7I7wQ`N?LO$OHZb3r9qOgLyMd^?0`a7GRK(
zUUlmE_OGy})aRH~GNVCu4>Q~M5i-#gA365?*_kg!;d$M5FOAf{F3t?gH<wq=VrILh
zi}@jOujm=xP2UW{#3Nr=iN7Yk5N_h{A&U~xYjZX;)$Yq4VWTRx3qS}6gUZWIFYOr~
zV-JyHxXSp95k{c0$!=^no{vOg=G2x`X6m?sBOZh!w|BU30Oc6`5}#xKSpGA)|KC$H
z%!z)xnhiZCkZt($3d&T^&i?wB{}Y{$#6XE7vOWhzOe(M{A_xkFI_3~wQ<BdaqPL80
z*P6(_>EYOO9B(PC$`BxlpM;o1JRV$S<xCQ@s3a?0G?hrSQm;1GYPBXyxW>DXxn6ji
z2X&1-Y3{ry|KtCD!F$rv-IU&=?n-OtUHR|-?~C1)hSrue9&<n1e~Xx_5ktP@mhkgO
z+m+7WBJOHv(v!yH(v$ArB<9kkCyhs@C%wN#{MFRjlICOXNB?gTb2WA8N%N8E$>47h
zcQrNXN%L{(30ju_22qzTL1`X_pd?<Gk^Y-srT?$e{};F?U#0)k+m)}<|B3C#SLy#G
zcjc?}e|mfJRr)`@UHK~gpV)qUmHtn1SH4RBC%7r6BK_Cc`}PV0QD<gokN5?2C0`6Z
zYZd*0pYzJluPpG!A=j&=;+BDQD~npAHyV1b`Ljg#V{fzw63$8Zaz1xf6-xvFT)87r
zy-GeC;$IiSh3&G$$O*C@@}w*~m^<c5IkQ#d8B<4$57&+3EP~LddY#!LXmm#P-uLeX
ze(v4LOW#~#(b1aP=1i!~H*XtNFII!kO?R^eR@jPm)pT7iB<M-cZ8`ogzg$Oee)*-*
z>o$IAHyVR}qd#b)6Nxpt8o@CMJ^%S1#Dnb`Kbwy8`&!~LHnGf5Ja5(;gG#+ysSoa&
z^{ZC*stpWPvoq+{8~rYQLd|~9UipDQS39^vaJk^vJpaSbKmWd#{VE3rokkH1n$Y5I
zDvUskaE*a6wI@>t-MoZlz<O2!@qhs+0sid@co=%{m*K-|1>grf?1niSEqrsdsv2)R
z?;iHcFhgVIEett!?fF|X4FAr!x=_0avr#)bPu$lC*3VN7i+1rg6!ReU#YTq}0GiI$
z)`~|p%FnTT_B_;Dk!O4qjxYnEH;Ab<2<9s`-Xl!l92q~c7na_Dp4Nb4<CRwLx7QzT
z^j6fYmT%uXd;Yn)s{WdNCbwUzdb{9KHDM;hRe3-*n`a7pR0)9?fBnn98Hg`*r`Cdz
zuY+JQo6}`3@kuW_=~-|4gdE@$+AdI+g+vjiFASXJ8{1ucHfqMFcQ^lJ4B@a^1~4Ip
zi4zb85L38thH3nRYkxL^DIgLfSd6Cd9ve>$KpgkMv})wS1~%y?H0&S+O~86y;b%Mz
zz*kd=jHc!T%-eWvhd(Zch_lcimS!AyFy9#<)EV3ZasstY-ws#C(hjG_#11dzSC`cM
zEp+5ojXy%4GjoO55D6wC#tATjc8I^0o_`M@KwS7@HCdv6<)@$V->~Z6nZPuC3*8bN
z_%8!pJB^>osXe$fhKrCVJ_Tq2mcl_o5dc!I8VnDD!NwZzT|m=Q_&-cx1p71w9%*GT
zGlz3Y?qhW;KHhpB2DztY&@H$aJvg2OHQ-eYZ}?z)i@;fxz9&7ncybr#$RGMP5KOh7
z@Zirt!*E|k5a9YlAZxD>g#fW4F4gl_#`)%GrtujVkozlk@DFTsZa$OGran3*Ps4B?
zT-9o@Wz)s5I`U>U>bNEXb8c7uY(AL4zD$q;LX!;M|Hci4?=ts~{mLc}Hp~im>}1oQ
z_!+iLe)R^wDh7|<Ofz=hEFR;6E&=aD1Z=t!#tVTy!cMh3?!zOIu_s$v_o4NBt-j$9
z_)9wwm&S6sBFu%?B=lE!8(`iRTp~9*CPZ?-JM66hVet76whIVzb(xQ}Fss3Hn{RjW
zV#6AeGlHWo<kc~V%Y=5fo@?UyHQwLeCXYLEXS}$j4fuCRXxX|n5O)AOw@kLB7Km#S
zY@Y1DT8j7-UjMbtbA@qd1Ln;K3ecb%W_9gfiCNPnif!0{7qkvo^9Up{17$MY|9i38
ze|w8KY`8I>fE2#|@S2b^Pb9g9^(hs=1Ny^VRUf2|Zi)#mpsaW<abh2DuZ?q$7zU$#
z!Tfx3I#uH>QpUv$sd=;B?i)ipL=u(HaOX1H?MD5VMt1;$Pq)+BMT}}!n!UTm;HuTR
zst>AzR=3}3HJZJI7?mRw)eD6pXmLFX7kp=d0?&o7d+N%KlBPguYBQ3^G>~_@>iLrz
zY9@jjau*n`jr>VvKABf=zszvqi=a9UXU;bh;R@6SKpV3Hn^>8fwttpI=$;>KxR|0G
z1$1~6D|i$UUj`u}FJAz`o1u7YRkH`pk~E7h39w@A`k-50uxMz>hA@JSJl--n{XK=*
z^!+N5Wnl(Y<DCa+iO7xPxf9{z)eo2^gyy|aPl?H;%@$ST2f!7`W%0B_V)>Dm4yTAa
z9Q$4iW;(JiOquy+Mt=!(CE4k7m>S&LsW}f6hq%$`(y+(G4%onGxkU1C1-POB#vxpc
z=y0}hLL2VN8mk#xXz)1=knz5Ue&NpGH~|O>rZERHKcD(2=Hoap6_~VdKOlv`!AUkj
zK8yAx(Heog1kQ%^Hqhl|Bv}FOG>s3?67DQYDlS}Lf6HaqF7^S<{d;3FpBR-2>~^Ib
zoowXN$u9Ky>a&SB=PJ<|N={cH%TM$>p@Kx$D|(iKB)>_0iXnfCnY*=h^_r%Z_`vs;
zYdr`$=-a+;s9bqhlp#X~1A{Du%E?^jqq!3(@iYAB{I$FI@cP1NRNK`?_gmwIH(&Xv
zoiol~T%d}eW&Gd^0sP-MTq1Y-0|vwr8n`rW+)*jU4F|iM+Js2Q*jpfbyQ15H-O^)Z
zU#2FY0XmqzuxtbXh^hjFUX79P+`>@r-Wxw(fBbm;?(UD5N?wCc5Rt&mo!KEWw!@X-
zn9H)A=Q3&%rdNh#WB4Poy#KW}g_~5nUoLCaiMyCjB=(SOuf|SY5jQ>Z+_61bupZtR
z+i<EkhNwa7DmL6>EP&g)n|H6T4CdSD+7}Ll`-trQ3USXUv;nVJ3!mg5+<brGmYsvd
zbZJXTji&|&oci3H4xlQ0Q=RMu=I#B@7sLJf|G*m80C?$92=XG}Twr^U(h@etyRbCf
z@JbU*{Cb2Aa<%8@jSJ$q@dgp+ZHci7^yOl&PMa6TOWElwXJXDwXRq#B+}$}+Ov7`X
z)qb;U^OASy?vF?jc|YKoe`hqxeu(1{10xl5LlG{8aE(U2*(NX{M@NDTF*c=<*Uxk)
zpkw=2fw}{ACcZPyksrM<N>32&Sg6m7dV?z%Nmsfjb}mNtctwgoTn?d9JhH*mTR0X1
z0LYeIPK?jmMihbT#xv^E@&v0S#pgL7(p|g6{Kmg?!f)N*O~P+uLlKX`T@zY!4a;1W
z21xEGOCzIqI2QMZ>3){g{mgU2>0$a`W%a)jreC`IKfu>;%;+p2#|fvl4qQZOj^q!C
z(cvDv1sd1v8rO3lPHwYd)O%O0{#Cnee0XcTdU;p2*PDO|(8%+VF2kf&wRaar*;y6R
zeAGCTO3Os{-ZySuBDZ0qa{^u(;<^E@-!kK`7%3o}tSS%ax%{&1nn;_E-+dIOW4wbm
zm%zKRltfs1X4;N%ZCO6*Phlqs0^~Tb>si4BYQOu}g%^JNqp)4y26+H~2;=-EO#LPN
z9SZ-#z~eNP4W|ES0TKfIYI**+Y6(1L+{K|_Ps_&#S4PUhRd$gKCzIiX#2@;oE~`uE
z;vXmY4prP`JChr5W!xr|Z76uLT&F>lBuyd(E$rK;+gBeeH!lycb!ju;dG<tk6SHA)
z_$_?FEdTkt3p&LhcQ6>?=c^0a9+=qq`-^*XRXhJL7YiG1u%`n{c{e}A;w@ZHkg-GL
z!dA=y04GOuH$lN_>*CwmBNFkFPx6J+T-kMiW>o`M4QvR`cIZ6-EK(A@%~TOZqEYCq
zKtB4{1z<{xjd`~8tN;Y+j$lo|HkTsD-F)pc&J5i*P*y}O4B{5j*_gpSTRJ=-K@WoA
zIP=IT>%$xX7Z^UY1~f%{5}<O02#22OTS-L^HupjBB($ki@vJA2UAT+c5IU3}cz)G*
z?-~KRjGzS+rc3BESOLQ`3oa$PM?DE@mQ2aB*m%4GGCRycfPz7*#*f}oJP1G1)C6Kp
z!z8G)vKocvR*gbaOQX=-Q=`z_N2AaJHdI7LnrM>{j3LS@a!-b<Py~^+*qC^pg+$M!
z+a-LYHKlGT3`h2H4^3$#IKo*uCu5W6Do&Hm%q1T+d_*Vh(pZGHIx1zyvh3hKxQHcF
zff_LwUa6Qp_gg+c6A)m7%|lproan3qY=)F%jFcNAw&R<Cg@ucm$<*O5$2+$Q@F@)Z
z4q0dJI=NGZ`2e^S4@WiTh9!Rwf<|Hs$h80`2>>X&S_ISkTeN>gYlIU{a_-FYqZ|Hr
z#(9C7whIfulh<$Zhcx%3da;~r*V?K?_)qxHS6C-u-DuW}fqhVN2vmjC%a?{Fg1H?^
z`eDK~na#r>i#S{o4GLl4fC-OsNn!Ht<{KlMuvXheeGL+fl(pNOk)O`Fs7|Vv1}hIk
zKxeRxi#fZ^z+r?LA(#k47f4}1*oS5_VY&g&B_<n+)-gRYNc3<6OnEkmPlkG{Xy4cj
z5Jx~)Zlo2B-F_r2&{K$10!r*Qtp__`L=8NHFWrqo6MkXtI>Q`er=&BanJu`*Il|fV
zP2VO1WN6^o3@;4yxSnG}R8ApbOi!LPs1jWn?_<{oHQ$LRy&i_>(Irj2M0}TKISp<x
zJ5pdPe}NiOe-=ArDGvsmJE~Ag63cf2IeYGS-aSnpxG{Fp!p~Wx3t3b5XY?^zb6+TH
z|L8Shr9JtT&lf|-9-;ESl&oC@1hkt8wuPt@9pK*27ev5eFGU$w5nA|cMbZHXwF%GN
z<a*0UC3`LyKhIOgmh7UE^H0exU{D3PNV-B92Q_OSYXu+$9<YDiyzVsHKcp~Fv)<@d
z>di{MRdN;!+uE2#BPLgXerszEpXZx4$|5Om|AW|WpFO`tS|<}QV%Bo<Q>hsrUVmUY
zLi(!&iy@u`^rAw=0==S3Sip>LMHKmdr|`PSUK~5&)}FshZdYW-W|6@+@IbSk74@OZ
z02f0iyWonUL-D!%*bJoCCVb03QchyZNrcc)<cno_qXo*0(j1p?h|gIR(G^KGl0%@c
zns7uY?b9WffE@<WL~tRI`JyZ`>~`1PREixX_wgm+RaVT3T;mblDUUJTb+4BK(3T;W
z6LcDwuwO9>@XWj<J+$&q0q~?Zv2%&^N>(NUKvm~>E!<S(2Prt%84MeOz;6aSQc;*U
zn?=zA?s!AfA!TY+E&%7i3M=#*f|>YXg@&sjVboA%rJzObsPe`d|E*S?HERI~c`#m3
z{X8q9e$3YhHJZuMA}>odBB?vDX#~LtDWJn;84QVmIgzilX`zNp#^~TNpd+xkE;cz6
z_A^oFM+yQ{0sKx@7S#bU4scfRwQbQW!2CRUF9>|;lTOM5X+k1ouZ7~91=ObwLPmOi
zrGhU8o9ff1w36^rcmeQdjsM=aSKLc%hkdaZbtudk4Ul}b?=W-ev$IcM?Lt>C_~=hB
zFkdtXqp_!@@nD;H9t22Wt2y3(Ar-s2u6xbxf_>IxQNIoNKt@iGS_j1+yfmqZ6F8k5
z)Sx+s)L`r?g{~_9vhQZqcG)fZQ0uf8Tp^C#1DLH{bD&6MXo?~%SOYkk+HjH8OG@QW
zs44zBNPb>M94xxy&4lMQ9dh4843(N?<oTxOmEFiUT_9|3+}M|I3$DDBs8vo(55q;f
znpoCp;xKaeAvSbh^b++ZzF)m$*A?s%W29-m8SnPKY=@bBglMD4@<YG^eXQWXMpPgV
z`w~fi|LLRg?)q&i5Rz88-qQgl7F(x^=T_&r{qo`C%}>{NuYUQ%t3Uqo;rjOW!;c@Y
zZ?k8+*8Sc%b*GI{pXyw|X1f4w^;k#4Y*4gi%4?W3d?*1cZ(-u}02toLCS4ZsSDRe=
z`OP@ido2PL-V^bOk)JV1c8s6_Z%uMHt_2&1`j$)NvJ-TjlzWy%xfy`OrUU<guLFXM
zszZ?B>=91-(in=7i7VnzE>Ecsd8rAfIHh+a+Cd;0+kOyApF8B|&sj?#eXr0eifvI>
zr~IWZc<D1U98E=#4QO3?qtVP)Dm0o!838c5P41B+aFe`67?H@$6CaT<h8Tt+EaotC
z*7w4hoXuGU9y@oZY}}S0c5B1$8%|1O_avSu4g!T?;ITcng;l*Ut{s$U;VaY<ugb?_
z_dujykO6k2sB@%CnX#T*F*wAJ%^h=ujFS>?U_Mh=BpEK*<2+4XE5vHq;VPC%up3g!
z;|XI?R&txXd^WeJQ3Etm^P@nxm|)}q2SS@AyVlxnt_Z}T36=<fizVB(42iWo0_Y{#
zkrT?eO~{qkb<8Ll*qobil1XteS=g2cY8X$<zbkU3FmciuJXwHfH&%J*&pP8amQr#w
zntjQpMgfKxScv8iPBAfF__Wi!U8D~$XKV$`_W||Pfkd{fv}Q%0hldPLxD0t@oUEkq
zGOTS2m7|f+PQDxg;d5a{;dWK%Q7Ril;~dX89opc6hNhdkVjfg!jV`ezn#2NWhfy{p
z8A`jhkg9P<crrF)MJ6@$>@Z{ZwS?sg-XN|8p(*kMW%fRr>VoEeR}e&xq$OoakZT>I
zQ#6hH*T4Kb>yZBXm;ar<;-PeuMg0=0t>%trTAQmYP+tNaK92&EfNYI1@*4@((2-^>
zsh*G*TiVkiBFoA-L}IH*Wm?q@?``HAn(?5Z3(lvHZ-PkOlLR^jQj|H*jX{CzTmmQE
z&*5&*J<q8I_W>=JCs73~aZE*O-nd%GA_hX))!xG}G+1>pT)5!^?ITBDYSy4S>nz|v
zF(XLANLWhUmfvHqxu1ovxxa<4xxa<4xu=D%br1_*>vSx9$g!$zjc%Q>?K<LZ#N0BN
zL5j^sYtYC&U<C>nncD;7J0b#w1H}|-D_tUiL?tLdG0>c_Pk<-sDR9JbJa$MHbF`BI
zQ6}bfES9n%kXLu)EG%W=@O*oMxfhJLH+P8<*(dWQl8B!{Qb8=eGy|S{GM5Y4K8EDf
zw)9k5mue{&r&e3$r6QUjfX^cL298&4Rw?t4;v){>Qy`UHajF+))@d9mn#Iu|a$E|p
zqcsw6)nmmtSB+QXbE9TEqrk%<8j_Uc*Q_?G^=eZN5Q)sqY7-vU<>P!N1Lh9jDZw%&
z^yPoqLHq1`fGrANYj)^(8Zf`g#}^Gb73oI0M4pitC};~zj9NHwZI+Gs0|H`bB902T
za0oy#Fb5B!yo;1=mblv(x{=b+3?k`K#tf5tHvB0q?j%LZ-^MpZE+25B&h4tG(iJfN
z>4OOzElj>9`>x53VCw1V0T!BjGZK!@fxllAS&eZZ;FwZ70pnC|-(7#W{qg-B!e(yz
z;YDGF3D{dYLb{TCf#s;rYM<|LMXGotTMA*f`3JdKBN~t|KHdFL>GRL;N~@Rpk$RU>
z3&C)1Ap1i(Doc#|@cwPBO=q8{LEl_`4(#-I%OxQE7JbpI*BiBedi&-Ux|o?2RMeo`
zp!z<ruL64W#v76BTXq7*wifiD^3eXJ{!6|3Ik31t9iVK}Ibxbi=co8+GayhwxBh0|
zk+AUZ{DyVq{-o*w_MTVCI>*|{`1QUc!8y0bfFHTHc!>1#eMd>)gJLHoiCqD$H8=FK
z4~K&>oS1tPsOJPb`?Kjw!&l<r-d7pjJ~45{0{vu7L^6~N2cyk@6^Le}hxuRs@;@z1
z59-bT`j`J@41KsD(_*s10;!al6?=jDhnc`Ev=b5wmG<GoM^w3nwnGE15opxy%}h(M
z%f5{nt|ARxhSsgX3X5}_B|k$d#F-&dx$1zG@qBaxB@q^;UxrHqh~iSBp5ojVQj6!x
zQ2X^I0xO{40<UNIMGEYtbTWnhEK1)Pjmmo|dBU;p{R+f9YrBDsW~L7V)?AE1NhP+!
zueS)#DNC~LmJp_HRaN0)b@73ei0*?eC|etFDPd4UZz9qMjTcU3Vuuxm0XiZPCarxV
z;U`~+AVcDP17hAAOy-QjYa>VAU29n2LJ;c^_n!35D#d)H(nHQ0U93kioLk^Yi(Dk<
zu9UdOLG~{+q6kjr982rgF$<bJyrsXvIY<Uo-Un$x0ko6yD^ke<bba^+MgElSEj|;{
zf6GC+ZJ+af+L;q^^@qruSOPs4n5ZbUi}mCvK;Zeyj}pP717{<!hfX@<tcoC5U996;
zz^?fxm{^RB)VPR>Ip+{`KyUGhO^4EU*+-US<pQYyV153*G&Snpt)BkfYDHIzeC&O7
zhZHp842d8nsob!r$cLsA4=typsW+XaxeAyr<EtHJ&X%<uCN5_xrvUegOtA@ErMMDf
zxIh=5KgB|#N)@Tjz`tl~zk7{b%rF(Bd$f{Ph7m)N-l4tNg*Yi0v1+8r$#-J_s0n0a
zK>RD8Shl^M&3m|*z-XU^<fBO8v6x5Me$fWO>M1fh@cyt)=^R5Wfi<~Md~4xV%Q(;p
zCRb_|e00cj6@SEhD%(0J0FpPiP#i~v$+Z)Bm#Fwau8Gq*ZJ13|OpdASU7<ONOdATD
z{0VKSlo$SA7-ON4YK`Bf-T+L#kcMWC#ELrAK8*#Gzh8jpTXd%U87mSa^Iou+02IOm
z*Q`7{*s{;}P%d0v%DJ<cRM7U#R<CrME4X)aU{+P;C1{g=Z;83%sa$mdstNh{ECKr?
zie0#AHKa%LK^r%R6H=xOM<>TPARvT$dGv!>3{BjmNo??3!;uLsDe5-yw3qI_l}Tg@
zr<AxFsK3LTjz4tKaZ4W^HxxdmAaxWfglSzGGP5p)n+@Zb4<(b(-txIxibx2J<(8T0
zl3KfJoWHThcoawX0c$hunb0>@vQ?Z;pUGK$J^#K8W0D`aho<0{9tokiDhi8r1v2}<
zVX(Ig9e9~aEX8nK8XUSQ&>2a^bW43?oKg;-#+p!!FSkb|;|(#D!pwV6pKfR(Js(B8
zi%U5NY^Npw!oE<3b`pOr&b7iCg=BaRo~tM?9LzN=l{&ALkB?f-BE}Q-9{^J&{zk__
zq69|tu`3p?2eUUvs%8rq^OT-e#kO*8=kzudPDS??we|0CJdCb;S1aHCgjf1bdia>(
zr9nPvhHy!*q5@#0h$r!<0!$e$s8fmyN<$-eHTg~jxEeUkaAff`FkglIb)5IU)bT6`
zk#9u`ne>HGq+Z`lh4cPFan$Pk0^*ak7hv|}<$?ncN5EP*a(<a}&JIUbka_Xr^}E-v
z-n@T(iQlhBFDtYe_p-JE+d&VPpScW0K4k=^;pO{VdSkGMS?We{u#BWI)$p@&bR@Sn
z=`)FQgljCzH_#mBro}`7^QFm9BrNCPTJRZ_#K5XYFseTTww9A>z@^29!G$sL0a;P;
zhAL(&njT=cTiZi3Zh<3=JOL4N(Av(^yc{~pW1L7_y#k)dSV-xtn$lJ9e^W?SLN3Cy
z=-njZ0oOT9-pUx+Aw4LU%@MtsQzNq!-zF&@ZojBBtNDkbn^7F5qV!iZF+2+U?@FgF
zU7W5A>3K@Y$1+bfvxxkNE{?Hbx4bkyzW9cG%+MK1B_B}xD4klzV?{`zae{=#I<L*k
zMEZzQmhVo!BMK6YJHo-Jm<|J`eYPA$ZZ^3x1Er2UIC;jB^|XUvAtI&<!R3(CEdXUC
zGR0o5O9LXLjY^TwbVH*?ivva`oEBu<Z}-*?Q=DxXFYF3t3FDCywSh)xkKI>Cju`~F
zY21i-n9LT5g(NCF#GNuXVw~TgmD>-=(L1p5zTq}U3$n*@+hbEWcZ`?UBadw~jXT7y
z(Zx50=IDNj$)3;;9F{h;9Za8qxya!IR4(}BWsDMI$b23qLNVA=AFwu-n}I7iAvb7Q
zbOl9~<<v8#!kH7ZB4NdEg2fOs`x1|Xo-kwJ@?i2GJ_d4`w}Q8jjzb0x$+*dE4coY!
z3QwaWysKQPw7HG~q*_$-qRk1q;LLDspcHArh+Ix{92U4@VmD;sD9xL7GI_J&QJ5#v
zRT6dc*dwGIMSDmy-3h_wkIf)9Dl-{mT)6&s3C20*hEi@jDWfZ!>Hm4hi8ksm)8oMg
zPC*d^_-SsLGN}MBQi*1JF@d>v2Jq=C%MO!*;N?1Z%SA_6PZO~q7&#&lX+q}`NrTBs
zTFUPxVGjoZF;bN0o`NLnZHLSN%AtT@rag&}S`(X>B+FSIMM!7M8-&OwirGhWVOFwl
za>4JS1)EOj0d_$vwk?UN9l4jgv36Lg33V@bZ|ennuxDxqlZMb-=mNX_jqyJA_+oi=
zY(98Cdh-z*j;aD8S%;gd#6xPf`}P&%71->;1%JPo%_FP=8<UjIIc;5PQ<x_!JJA9y
zdTe!HQ|6Yx(1Ui=hYDtp{h&Yq;3%78XgfTyvr1sFu}z_z2y5S_XP&~wrBg)o3INqA
zDm&AaDH&X;L6+QVdHRYS4AVrMqr?ioN~d%pAQXPHUSC9So_H(uzIgrNwZ;bkY#H*V
zH;VF~PJUG!O48lc6R}k<h$+la47DEfR5zL#Yz59Bky<w$cDQgIZ*<Q$IZCXXI3PQX
zhN&>FjLam)`i}4WFJ2XgGGrluOH7caoZT-Y1DBTHf1^O#+lYP6xZImL!QfEhT;|@q
zg4qf=5R{`IL$MJRD#N`JAELXONhO%&ca|6D=(SzU7)KsmGF_!qK*1KvU@~J0Kwv)M
z1-g|wQRyRB=JFbufrwcwH0qfuc9m-nMu~-4VZ|k)y!${iSwgF^J-n&J=UDQI3V^`e
zhK`uUY5y2n6~nRvbLbEUHj&k+%69z9RWYx;4_Bq?IFvaL-wVnnKaJyglR7mS49Va|
z<3u7r9N)!;*!lMC*vX1f=g@0K>U}Oq>W|q}&ijPgRsxTb%K@kreiD`SOk_6~tlX{)
zz0d3s`0v-M>OGOb2$=xKN%w3C!Y;9OQV}?V!$KxR8y(Zj6_P9g*J4YzRHwmxK}bqB
zNY6E9AV2u_uLuhQAKug$x~Ztbdm-j10j!tXLS4pUGUX^^%vwELt#!jil9R+H0EU*$
zPx+ibS|(Q;6}-}QYt`FZb1VvbTT4_|47liGq0<+|&c@UUwKA5}_QF}fMXMb3e@Nx1
zPwe%9y#9d){V5$#%e1qMKw9J%fb79d6y6@|)KrK_?3{~ZTQ<;kkf)-cUZtNzN{*&c
zSz#3ozOt7n6j*jaElo@qpgbm#ouoC9Qd|Z&Vbl>h{lu~Bm|9&(`A&H$=-TZ791(Z&
zP+lrU(=rln_zs^WJiv>;?MCMF$YX*@R=koOSAogv9(xV6M=Kd)Y>&sVUzl%+GPq{M
zX{&U#@>Fmim|T-`0F$@%5TL=K@5-~BAIZq`wX)VSggU`eu~R}ix=9{7GjUL(Ovre*
zg@c-L%fjPIX)4HMswU010Ee^vi~*As11JjAIDfD5O(j$|rUN9*lAz*D4@)=I50(mz
zI>VQ$!k5%PMY?>niObB&h|%$)(W+gK3m}<JGT{k3UQo?5Sdc_wsZe~GNrR(mxOWb3
zCo8<Z>qRR+WneK9YLf*!ku?A>Xgpn}-<r1s(;}){QvRT~V_z4l=}Eq*d}COj?oUW#
z`K>{&h6i;ir2Cwbm`c%(f)%L}hbfH`Q~7)f3IYbrh;y3j2&*t;AOi_7pKj{QcvlPi
z7$SpJHPY-%AjJA?O7XfX%kuZHUf;Z<EWfumuistYefs#SY!G(b$*XrSck7}xU^$*4
zKnpB@LyPm+N>5{8qCWoc!f5yV^%UmEB)pVbeVinVxkRLyeLYk_D`E7@L_!I~o3Vjy
z>6a`X*UERVLaJ2u>c^B@T~U+DRisMSs>`Z;vg1sy^5)9e-ZHm!ONdxP!||YfU)%X=
z6@mx(Hv>UJCWzc3a9?GX^w=qYwEY+WPZH`LDXIGdDPZ14V5g9;+l6b?d$P(|V_-Cz
zSIzEK2cA%sGr2cX&yZ9z=#2RqtFy%WO^bSTWlG_eWZ@w6wF=`LHA!Y;DbrR-e`&&D
zp-OiTR2$CDrF3IYZF8Jm95=9B?i9Gk!uLJ@ir9e|kXQ~^vx8B@VyxZA68Hr5Q90~o
zig@p_7dfhw+}UBZy|*9Uf4sYXcW1nNfA=aCNMt1Q(<#vhy(ZY$vDHm{%_bo23JE4q
zbvW_J<$$hgBAGdzgD87Y<SSmTB1O9ZR7EbB$m{%ofd$C6CM34(08Q!27Ws3{FdC6u
zOBmxU<^>Wq4hKA|gW2~ILZNOzS1%)xBCDNe4+R<qH0EHSRBGqHF^D_LXNBtMG@VWh
zzy-XP(}XV^Dop$Zpn{iTj<xLF(aLy%I;6iVvzz%&o`t)K?o@9R61x(l0V#}4(p~)L
zPcD)zboZ~4YYQv5)_qPwAe17kS<xCQtOvvN-F`?3(Ik&RX-)*nUh4~H>_a!`Vc}qj
z7;><&(KGQpRyUy87{$QIc@<rrJ?KhVeQ8>hW^XBm#?S}hgdB4ioo)`xbL2v;wrf#-
z$MqQ`yoeU)0l?&Ph$UwT1B2)(D`aA%%Zs001(YjfDL8P1Sc%wNZ$xmixiG16B9Mi`
zJ>}lLCU3ESC`!BX{>;fEs+!{J-lJDnq75sbv7TAv8j2oEEN4bR0o$CQi_EoKqTli_
z_1W`v^FHfJ3rE@vLMW*uEvSB#i09lg<w!%y$M8XNJGM;2JvRLax?@I<5rk71V7>?n
zLh(Djv*(=gk+eR_8{vF04?^g2b|H0(cx(fkf)=7M6J5O6uOHY?dr)K)&UX`F=xm&$
z-%8*tF8&aKvqfW+*YEYV#3YnDI=MG0->tRybpheR5~Jj3Sw5r-J}Dmui*D|47}M0d
znC8P6h(#rPm%?!7glQk89Fu~{MKzt2md^k6n>UKj3(DZOL6J5mPQ38-&K>X0{j=r;
zqJl|TOevm}v<t*~tC;H}2eNOHhv+KKO&sm+U;pxN6+BI42xYztBt{C{0=qMsvS=cy
zl(bzEbxucN%K}&&Sdws~Dl?Z({#@FfA|%nn@YN;oZYeD$#m^Of$jeK9Sm1MvAFcZw
zmsF{3vNb6nmO%pjxO$MH+Noam*z<N#HVixz|M*$BUbj2wrbXlr${LY!+RX=Kj|wnN
z%{2a0(lZ*&jT^(VtymYLnAYgz7xsV7nfMwPiEmQYXB?}HDy3bNM7`Mfo*7B_8e|WZ
zuRw*J$AJ&Tds0et3WhJOCn=aM?(|DC#D07QROpY9bT1{X?~GegBu4T)v_zg%xy+=d
zgUVEnut5HpBk@hiF3&yNh2F?}2QytySH_K0dr(?p3j0Ojg%rr1OVykxMweq#kjAQ<
zg~^nS<?l-gNHBi^GsHR2jMd>oO&y3U;`3Z!v1JNhMu~>xzz2{CmHjOsUk6zSRsu2^
z5{B4WP96J1nVX$XEb^qrFc9I;qnR{D-YEMVbjAiq=u+5Z8&3D^D2dxkzZna_-s+XB
zju7P(O~u}Uls=PQ(Uup5$Drs~e4gc01ELhNo@=~=imat~t1R6tv2%P%VFI!QeH2ix
zjI|rvKrug<`!s!}4CPi1{G2E4!QYje;~vgiboeYwxYlBJWn6RK3RWbTn8cNI7AE39
zAN^_$fTjkK(V{%t2RIVw3^21}$6FFl^{)#|_vyJot<$YH2CYU7oz^RMP=VuF8N$m7
zoa{<qj`8QxTvbA^Lh6T#naF@uK@YtOQ?DoE8rw0~_$Uj_W;zdY8=~A;mK}^1fegBU
zt+gE!ORj_q8BeS7*+~o_q9P^43z6UCCZosIqe(r6(c=N(4HZtot}5kB60O}Cn8e4)
ztGvtiGDQZgJ;7j?WGo2vePjHH6#9npkKAv<l8kJqZA)W8ZQ&uYV&L#~SBy~>ro(=D
zv60C{{cbYO5Kasg6!F|rG&SF&gD|sq8G&YIu4MM#rRkIQ_ND}B3CtxD#<XCbLnH~+
z)2U!9;l=^JB->R615>S5X|sUHPtAEUP}Fv_Bp&2gspJf4h+%XN+;+(Khvj_?NzS)6
z0K1qDdSvg=NZIIRvRZ-EglD}&E@CLAScGD@G8!rr=Nx@8fu>zhQ4aJHHiuL_-Lm46
z@;aAJPsr9dswlt{(<}37!+xSRn-l!t?tN$6PzJA|a6;qy-Ae<|5b4)36Z(4})*~y!
zqrED{zaj@W3S)bebW}Y6-bMYCy8_gIsXTih5-Ayc;V6$V>1yB+DTk-96W$ofJI{w6
zt3)yZ*R`#w$ZqI{4w`h{f*nq}U$Qn@CGWtuGI107s`)_BC<?i1oO9Z8b<Aa|9`qiN
z)qGP2Ii-|lO>{JyxkoUT-UgKQhIn`AIv_8zv3!)TGmv&DW#J?SjE$?thmVXvNuj_g
zEiCW5@4hP)X`gTUgxAmC686s*^P3cGxNawr*!(h$mppmQs|M#RU{}?`{zn^eQkcVo
z=7zO_9eWfODI%elbA{k9jj1>1^cZZUASXjr@&#H&!2vTCy(p&rf*cS~1j07SCb1#Q
zS?O}`{brid=C7i$t9H7?UVkXI#57r>Bk_58UpD-3^LVcx4Zb#I6ud=dT+}~)RpuU2
znY)!K-@_W;XcZ~a`WRnMm7msZqfzR;cjEH`bH&W&-^yfrFSr<c8K=6l=YJ}6b$E;B
zcXkLw--P5ml6j%c{EoU96K*8(1Y<4><iApPAX!l4Qfi8)i5QA&5Z-Ui889u?PPJdA
z3UNUKry_+h<#$hcp2~V@OiVe0J;^rjZ*M>TSm3$>yN&U_v`xuA%ZNky3+WT*g{~`{
z7;*0oyX~#|ijND|jfKK^OvPQI!xAf^{Dqrnl@NI%O3wLKi4y@KV-2c9F-8>&mM7uT
zHL?m?GQ&E9{T9>Ra3;#o<jnLi*HT<tnFDZ>+$?tS!ek`8m}?F!cqv?4SjwdZ*GB&M
z<_Ji)yOG4|frN+|2vf2i{al?Z$+x2$u02|yJT9weL>|oX(4Sm$fsCU4YhvWclTe1O
z#jGtN2aF|?0!vZK6qGz}Q|68++h-he1I!}(%;Z&*yeQ@2oA3M|WqFb@8gU9w7!GsG
z=1qXlBRkZ^LW4{YT3R2`R(EVINohGu%TW<jGHAEa4s^3&DqJm*O4l+f3n(F60?j8f
zs*+_TIz*Po9xkXorDVSBvc?+l^`xu$NnKNUSn2vxwp7wPj~vsUsmxn8svRtzO=2!G
zv0E8NzkmvKiOMDN;jyrke>;G5Fn@vWsw%bZB>c9547oj7_@qOt{uypC9zk7oPQEnR
z<UHqOjETUU8o0KeD~^+J2c(6ANntD{I$N@10=thgdSxw1oZB~vQQ1Hvvx^0hWg|5*
z=MIcC?9$m8=PIl?iKw&_XM!*S8qJE?0CL8|js#6qr6JAUf&g#<peX7`#t|Y_ij;P<
zwcWNu1_b?xAtCiE3KV6qSV4_9bd@DclsINM$#WE@P{V2BMYP9MKmjqQ^o~y_H<j_^
zrK%bh%_qwZq|iM5_cZCs=<Nd_40iP7jVSF+(~_0P6T4RaTP%dQdCStrU-Q1@!)Z`d
z_!^Dv9N=7f709yf3IQAr)w9Wro}6-tOVSZ794&l`s#J=Jb0Le-QM$J(RzJGX71j%n
zlghyuNQWmg9b?HcHg*uDL_mG49Yk@QG6baD$=>zsa{3`WEJmd=alE1F;159=5B#c}
zFwEr8z#+`S4&H?cXfO~0rf~BzB_K(x_c*AaSq7XDPE}PjVSzFoLZ#w(Bh$erzDDA`
zLB_%hrvZbR{tSRxsbJ2_(X>MNT-ODwpWzsXHjGL|#!aQMUC{>S-0w{URyBiBOrpvp
z#M?I8BTlkZ39ZDbDAznLQxUSbkDRE?)fOM9L>ZDf2PvzBu6PSjy>B74=LoB`uoZfo
zi^3O_HfBriimH*2Wf+JF{wd1mm&I-=!Bz>c<--HBHj#ZXoxrF#>css+YPf$W)A5#+
z+ZBIV@hkX0qhZ`Hm-PQuyWW*CdJXvBRlT1+>WPwhn}_1ilgUCv?OrP}y+(8U^tPxi
zGVfct{mEqwI&sM%O9Ug|9#XcNMA3E@sY)Fi&KYZzv#$2L`4y`RJ@5Nx&);|xsS4Ob
zMeGGZHBd}4R>*uZZE!!<25(GiSBHv%{L_UBB%o)sqTdFHF$7W*#6{g{1Sddi+g(d|
znTY8k*=^*YKa_`65dR&Hw{e4clN9H)m}BB)pL9SY57zBh%MVX`dB+sW=K^E4%G1tx
zC=})_k>P}B3#B2lgE+QaRy76@(BeXjfhw6}u~LK)gvionapoYBd`;iMu(v>r*n_t0
zD!K!Vw)*$-KnFbXBAQc_%1A}u#jsEWGEyC&{Z}h(D<-y(Ou$e8Vj{so<u_Lj!x|gb
z?IvQb*EoX2?yzET1YK~BX?6^ef#as*Xy?4nS2qEYdhbS%%GWYA*StRvta#uP0jRlZ
zq=J+xML}*b)fehI-AYB!M-^s<p^E39=s<o?di)OnHjiq_;6+RcE>TStrB1@Lfud@f
zA5)d0={!k+m2TFBy1>crWw2WSR{_HhywApY=wUu~w8+f)mLEp<Tpmi4{U69bhpwK(
z30urm9%M7P&^Ww!894KK+UO>at}7g_9(D=Pdax&?PGY6n3oZ=+EYgtGS%qe)vAwom
zh5AqYD)O>Ve5pzh;f*3c4Qbgx9phRyFc9_8A4R&dVCJU$QjIv|ALHb5W6q|i(r%|N
zDM>2Di%zR$iz3f6!a3&N3{xnPw(-(HOEX}p65YTx4tA-0j31khhnZ8*`=az&!np4Q
zzsq~fdRoNV!bGp@qJg#ZIpw3lK|<>ubILhfGHxn6!YkTC_Jd&VxnvV00U8%o=E`Gm
z&Y#$#B<mu_npU={e~dAVN+Q@qEEMJY#E(?9omih!o~OeC4>A9QZVQOiW;|B&hzuSM
z9I<EBGG_Efe)^qGOwt?ya@UkXG8ii%G9YYqX`nhtD!qXLQS>CA<-+Wu>;jQIeaKZH
z1maAJYZM5hz)SS}LzLBr1u$h;<>UC)v!ZH+3&*Kg-V$q<P;yUY{goe{2N!%LUtj;E
z7{DJ;Cfv~2Y5VoUL4ECei}@8dN@R$qpTKulf#?PEDiO-EU8;#EdtIxXP`0a|809B>
zQa)OlGfw<GA7j2%Or;woqaC5GUn#A>HBw4z(pi_C)(3NRPbVxnv2xmqPQh^>BnUq5
z_AMWZluHOBwS>z<l1?MVWygo)aXO;rE?qS4P^*tI_O)e2%U9l;i!g-2jcd%Wbr}n0
z<v@1%sNg~3Q65Cy{8)EPbcv{iJA6rMp?QLmaqempIT_3|62Fg<3Uk9$M)NEytHzA;
z{T~ZnH?a8GACW^>lD1^R_DLAF-;|F1`uXoI-&|geeH2CLXR^iEZ=CT{Nt$Osv>TEj
zqXV$#SC|995VwhM&ZlQa@G!ah{Ok-6*`PVFU4F27c2=oZ`^`>QJz3gTIDK~3skS=J
zzIr$nD9t=OYgPx%UK5|v=)VH;v;=mlCT!zOQvAjTdxW{Xf?A`V_@~?E|F*i{cduW*
zYILq&b_V@dox%0X>fD`;oq05r>jTHfxJ(#j$&yHtb%+^DhRVK-B{R$<lwxd?CCd=5
zvb7M|ml<n=A+qm#%D!B(7K#v(A}U2!elz!;?npZ4_kGWE-e=Ct_xsLy=6&9C=AZ8;
zb*=<Tc(*b}q}0xkkFbyLCy^JLf)4vLg6M^y<qjH8g61(T=>w8%EmdIlQ}5$E@{3hA
zo~X{Z8&12w$~-<B_v%XYP^?b_c(GHE!}kW!U}`n`W#rZz2k<)4eeE8Ru)KDgr?T%>
zep|c0q^SG&@w11z_ru3NhA#Zw#oc33#sF9f<_gfaRL^IM_D5aiWME?7(*MA4-X>5_
zV??jBI{t_o0vCN>U5#Hlrzq0tXs++Gqw7;)J%+9|4$1MY*UOXS-BFpN7BjPY56pxU
zGEXt2=V&wIC7W9$+R-^BYmr~*IS2w-C^Li+){S^UR`zJxu~;YbnPnKN4q~G+Ti|~Z
zcBc%?72A;Nnn`BNr#pbPgiK%%Av{(`eElUxZ={ku>kY-fe#)(SRwsY1j6v4Ks9X@w
znf6X0<?X4ppsDw>TbE-##H;9usiZ=?(Eu^l(h0pf(AZ$^(+tuia%LXtfKU43GmDH>
zwiw?=w5eJukxpMj!}o(tYeFyfe;i<B%OA*z2tga*{@`GC%!z7;rzF^L8f8yEM-So1
z0&Qd270XAvWACO4m&LxENPTv?M(a@zuwi^ARWYFy+aGepH&y@AB(ici+wvPZ#)F_?
z=H$s$dnv*{iskKnhg=o*Gk3%o=R-aCY{W0E-j|arEM+)9;n)UQ#Z|04Hp!p0)Y<n!
zB9_i%WN0{tmr<8^OqYO8xzb(^+GnDTFRYeM@`l4%ou-qJw$sN=GD!4|(2sY^rk*AZ
z<|Yf6xZkN<XX)#Qv(>mgK12fh>f54Oxi4EAue_Q}@3+$!f8(fic2Z7hk#``Xbh|79
zaO;?+AbP}`(d=t}=0lOQC7?*wg0=;sr=4Yg--oF7`%_C^Du1a%G!Jiz>Su=-LA=H7
zeIKyIX>OsCH|*1UKC_2siZZPe35*7!GK%`cfZ~H}UqmqG>-3}a?MsqI3N2h%Ihb=@
zyTZw!{SdBU6jErO*Ris9F2QP97s|M9pZr7{QPH-l5Py;G5{WBtS*rp#5~StEfeon3
zn>U2sD2aOfUR1I)E$WbEXf8BS%8Ey}JFh-Ql3f#ZAoxm9Pw*c_F&du)F}yM|zMMpd
zV>4c7lxB}t*EhOmP4*5hJ;J?BvyCu2dOSP&VaD?}t&F-syabM<XDv94fGGMSzGzt3
zW$sT5`T~)qD{%!l7={HKK0y$`#I^VIFyQU$_Vp|Uf)UQDerW3&;EaStR9<frwypzK
zaA#2BBrDr}|2*UDnTEA&2t;+!iql%kE}IZMljOrT<)P&l#Dds*=PMZ@pOz=J0Fkp}
z@D6gkCw@6#y9=A}&}mFq<K9T5OdEa78)G_-C1S7Ety~fSXS00N&~4h6^Kw(CcTg&k
zEpM<B_-E^Djx#v`P@h!osYO03rQW*JRZsVAM%hXtrtj2?B(i~EqUh!rL^?B=!7z9Y
zAlKHJlfRk>izhIj<8Wx$-q>6ZS!MJA-5fsL@Qt*<^*qCEGw>4J-D}OyZNOQj>spS-
zTp`0c??PyyQG)06P{&E03pS!B=0c7PRB^tkE0r&q=>tWMWu7RH4eJE6>f4+^ch}E&
zDyM~YUwrra#$E3AgG**bA6(U4|LpDad>X*)3XROIW%7uev*hFYY#eVU7Lzb#;vl_G
zxFbJ4G_JCq48&DOre}<6O4bJk$E4|6@2dbU%jdtKb5-&4=Kj_hyLGjY(!I*P&)6xf
z<8UK>u(8G}FZJr-I2PwtKK@GjlZ+P=W|En}0*F2)Uf9I!lG8ntp}BsRMB(N|J4^dV
z+xTltV%Sz9h7e&-)-P-LEboVUo7&r}H7AyMy0|$Gew?%R53P6})6uccUW4_Q*T{-4
z$jv6!(cG>LAxzm}^_h75RgJXv^K&7&2bBab`Ez2{G_wife#YPPgQRK^fiH2&u%yJd
z{EV%UBAHe)R|4GL@bgx?4y43qgbT5hEU-cQG9SYwF$o**|LTbrG{k&n^&=xsNVlvt
z`T_;d-7eEKcRhb3N<7~<(P!*Ew}Nce#7XzMIbV6E1CVFO#WnKIhfM0gnt&D{LG*12
zeHk;PYsCdQlg3WRz%jl{=H7<JvN|5n6sMaG-iSqxqLEMt9~v7tFDi$Aas5@Yr<$y}
zxwA)t)CN;pp0mq$=V@8%Mq%l%F-~dZ%H{&Kco$(c&u2q7Gr+`-iY;=-;sAp8iXNX*
zeBpHLRKJ_FH2-C}JLslQL*4oiE02SXWIcSo!v1m{sTfbY6}wiDi1^<YnQ%lyK0;LI
zSxZqz*r4D$;uCJNl+eWreH*@IlUOuNw2c3Ng*S(`4NU(mAtDi7iAI5o13z_a8!C*W
zIg&}uCE6Y}^iQ%<ol)?t7Z>deYeOUovSi2-p*4r#%~jv?T(T@4MVP$SGlDtDJ8V@|
zNpO+s>4r7#Kh-ihYhArkr269f*YB=Lh0SU?A4zL2Akh&4I19wX``)GwH#qKF{9OZa
z<OE&<A`d$4zQ2DBR5NAJ;o8z6`U%q%qQyS`;1rv2W~RPO->IG>#Sf$~8mpSQHp_$)
z^B^P-LG@{EVC&#&AS_so+*ZuDup&OObPblClxi^hda@uVsq5|+%e>kzqJzq3?kcf!
z+fNv_^5YD_*H7yJ&YFF8Cv>4KTKS92#oUD?U@Tq3d?kWHx28?CO{*r97g^*!*r@y1
zS%!;fKhGt88WdL&L?MP!3U28Ps9|O+9U@+>A1DQ?N!UK;)4P`kI7c$9CFnGkunhv_
zkOq*}Zxa)?PdlQl)G%9CGS1Dj4=l!K_eCm6V3jX$GmHVU9Jg?G!C6T2R?|+mV(80v
zn&$SN%yEP#H?3Ht>UceFZ(0)d=MUJ3WO>O3w4|$OqLjkwb;G`>@fRCqk|6eNTs_^k
zXYyWzj|^#7iz(^_jMlH1qW%^h1>2V64t8wBUf4fi`?$2COJ#jkS4!2ZVB+<|FytHq
zB)KEWt<qzm>DzZM5u$*W(7Bp`X4Ah;^Kb@X<y|T~dH%d=aihl4h4QymxVx0&_J@vn
zz2VI4j0BW?rRnod&7uXLlyI&=c>1c#$8+`^(P6==O5sfQt14^lg9k1wgLMlZ;29No
z956(M5&DfAXUjK%iaxnsT+aA=pAOG3Z%1zP`Hf0`H#ihB@R+BiA!9p$+KH%X!W=(=
z1OT!nfRs)|I^aP7jW=i24g*s$Wz_KxevERa$puH@jQP6R?RJG99msX2U<#>&id3V?
zh%!Yxdb!xRTH~BOW$-_yC)`{eex&?hnz^KKFFQ~^Uq=~KOchNl)NE_tt6q3%tTop0
zm+M#GFLhU*qXSTf0?kI5MN3n9A8}Z`7X?2j1C`w&MfrbU$SG<ls%vRO71Xs9;7ZyG
zaCNPnU+#AxKH60TIDx+a?{;GOeqLajZ}(DR_Q;`O`hK56rP0w8zDLSVY~Sy5{-GNF
z7u2#x&d(UX-zQN)el%_Ek@O4J@AqLp-%rX1e_d=E=I{SaaoZz>hW-0}%Fj!kvq#EK
z4B)>xKkjbog8X3lQFj+jlY8X+1`D`*%j{&n{k&ZjxPbpb0e8E0qRxKaXf`|)*A6<|
zZs$%Y$<Iy_FA%U3jJDgkvp<&#Eujf2L~-JOAWU}qb{4o&+jVJbJ^|djYj=0V&gUJq
g>6NByvOvI&-dCgn10(fKPRhYbDU1ydqW)n20|vc#hX4Qo

literal 0
HcmV?d00001

diff --git a/documentation/esapi4java-core-2.2.0.0-release-notes.txt b/documentation/esapi4java-core-2.2.0.0-release-notes.txt
index b13e3c192..44f937e57 100644
--- a/documentation/esapi4java-core-2.2.0.0-release-notes.txt
+++ b/documentation/esapi4java-core-2.2.0.0-release-notes.txt
@@ -16,6 +16,7 @@ Executive Summary: Important Things to Note for this Release
 * Known vulnerabilities still not addressed:
     - There is this critical CVE in log4j 2.x before 2.8.2: CVE-2017-5645. It is a Java deserialization vulnerability that can lead to arbitrary remote code execution. Some private vulnerability databases claim that this same vulnerability is present in log4j 1.x even though the CVE itself does not claim that. However, examination of this CVE shows that the vulnerability is associated with implementations of TcpSocketServer and UdpSocketServer, which implement fully functional socket servers that can be used to listen on network connections and record log events sent to server from various client applications. For ESAPI to be vulnerable to that, first someone would have to have an implementation of wone of those servers running and secondly, they would have to change ESAPI's log4j.xml configuration file so that it uses log4j's SocketAppender rather than the default ConsoleAppender that ESAPI's default deployment uses. Thus even if this vulnerability were present in log4j 1.x, ESAPI's use of ConsoleAppender makes it a non-issue.
     - There is a known and unpatched vulnerability in the SLF4J Extensions that some vulnerability scanners may pick up and associate with ESAPI's use of slf4j-api-1.7.25.jar. (Note that OWASP Dependency Check does NOT flag this vulnerability [CVE-2018-8088], but others may.) According to NVD, this vulnerability is associated with "org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2". Fortunately, I have confirmed that this Java deserialization does not impact ESAPI. First off, the default configuration of ESAPI.properties does not use SLF4J, but even if an application should choose to use it, ESAPI does not include the slf4j-ext jar and it has been confirmed that the vulnerable class (org.slf4j.ext.EventData) is not included in the slf4j-api jar that ESAPI does. Unfortunately, this CVE is not patched in the latest SLF4J packages, so even if we were to update it to latest version (currently 1.80-beta2, as of 12/31/2018), any scanners that associate ESAPI with CVE-2018-8088 would still have this false positive. But the important thing to ESAPI users is to know that if this CVE is identified for ESAPI, that it is a false positive.
+    - There is a recently discovered issue (see https://app.snyk.io/vuln/SNYK-JAVA-COMMONSBEANUTILS-30077) that is related to CVE-2014-0114 that is a Java deserialization issue in Apache Commons BeanUtils 1.9.3 that can lead to remote command execution attacks. This had been fixed in 1.9.2, but apparently they missed a place where the fix was needed. A GitHub commit (https://github.com/apache/commons-beanutils/pull/7/commits/2780a77600e6428b730e3a5197b7c5baf1c4cca0) has been made to mster branch of the BeanUtils repo, but thus far, no official patch has been released. ESAPI only uses BeanUtils in its AccessController (specifically, DynaBeanACRParameter class), where it has a dependency on org.apache.commons.beanutils.LazyDynaMap. Based on the BeanUtils commit, the fix was in org.apache.commons.beanutils2.PropertyUtilsBean. Based on a cursory examination, the ESAPI team does not believe that this vulnerability reported by Snyk is exploitable given that manner that it is used within ESAPI, or if it is, it is not externally exploitable based on the default access control rules that are provided with ESAPI. However, the ESAPI team will be watching for an official patch to Apache Commons BeanUtils and we will release a patched version of ESAPI as patch point release once a patch is officially available in Maven Central.
     - Otherwise, ESAPI 2.2.0.0 addresses all know CVEs except for CVE-2013-5960 (which I have fixed in a private BitBucket repo, but getting it to be backward compatible is proving to be more difficult than anticipated.) Besides, if you want to use encryption in Java, I'd highly recommend using Google Tink, which is much more fully featured than ESAPI. (Tink allows key rotation, storing keys in various cloud HSMs, etc.)
 
 
@@ -30,9 +31,9 @@ ESAPI 2.1.0.1 release:
 
 ESAPI 2.2.0.0 release:
     194 source files
-    4140 JUnit tests!!!!!
+    4145 JUnit tests!!!!!
 
-That's 2593 NEW tests!!!
+That's 2598 NEW tests since the 2.1.0.1 release!!!
 
                 GitHub Issues fixed in this release
             [i.e., since 2.1.0.1 release on 2016-Feb-05]
@@ -85,6 +86,7 @@ Issue #			GitHub Issue Title
 301		encodeForHTMLAttribute escapes the forward slash
 302		HTMLEntityCodec#decode incorrectly decodes upper-case accented letters as their lower-case counterparts
 303		HTMLEntityCodec destroys 32-bit CJK (Chinese, Japanese and Korean) characters
+304		encodeForCSS breaks color values
 305		ClassCastException when using ESAPI logger
 307		Issue with decodeFromURL method in the DefaultEncoder
 308		AuthenticatedUser isCredentialsNonExpired() have todo comment, but default return false;
@@ -150,9 +152,11 @@ Issue #			GitHub Issue Title
 471     Bump ESAPI release # to 2.2.0.0
 476     DefaultValidator.getValidInput implementation ignores 'canonicalize' method parameter
 478     Remove obsolete references to Google Code in pom.xml and any other release prep
+482		ESAPI 2.2.0.0 release date?
 483     More miscellaneous prep work for ESAPI 2.2.0.0 release
 485     Update Maven dependency check plugin to 5.0.0-M2
-
+492		Release candidates on maven central
+493		wrong regex validation
 
 -----------------------------------------------------------------------------
 
@@ -305,25 +309,58 @@ List of all PRs closed since 2.1.0.1 (2016-Feb-05) -
 #472 by jeremiahjstacey was merged on Jan 21, 2019 -- Issue #31 MySQLCodec Updates
 #475 by jeremiahjstacey was merged on Jan 27, 2019 -- Issue #188 resolution proof: Test updates
 #477 by jeremiajjstacey was merged on Feb 02, 2019 -- $476 DefaultValidator.getValidInput uses canonicalize method argument
+#487 by kwwall was merged on Apr 29, 2019 -- Master branch updates for ESAPI-2.2.0.0-RC2
+#490 by hellyguo was closed on May 12, 2019 -- enhance: cache class and method to avoid reading each time
+#491 by hellyguo was merged on May 27, 2019 -- enhance: improve the performance of ObjFactory
+
 
-List of contributors of *merged* PRs, listed (rather naively) by # or merged PRs:
+List of contributors of *merged* PRs, listed (rather naively) by # of merged PRs:
         # merged PRs    GitHub ID
         -------------------------
              19         xeno6696
              10         jeremiahjstacey
-              8         kwwall
+              9         kwwall
               2         artfullyContrived
               2         augustd
               2         JoelRabinovitch
               1         drm2
+			  1         hellyguo
               1         jackycct
               1         mickilous
               1         NiklasMehner
               1         simon0117
               1         sunnypav
 
-
-Thanks you all for your time and effort to ESAPI and making it a better project.
+Developer Activity Report (Changes between release 2.1.0.1 and 2.2.0.0, i.e., between 2015-02-05 and 2019-06-09 <UPDATE>)
+As created by 'mvn site', however this data was slighty edited to remove email ids replace them with GitHub ids when those were known, or with the developer name.
+Sorted first by # of commits and then by developer id / name..
+
+Developer       Total commits       Total Number
+                                  of Files Changed
+=====================================================
+kwwall                  362                 351
+xeno6696                 64                  82
+jeremiahjstacey          55                  68
+davewichers               7                  49
+Anthony Musyoki           4                   2
+Kad DEMBELE               4                   2
+augustd                   3                   7
+drmyersii                 2                   2
+JoelRabinovitch           2                   4
+Ben Sleek                 1                   1
+chrisisbeef               1                   5
+hellyguo                  1                   3
+Jackycct                  1                   2
+mickilous                 1                   2
+NiklasMehner              1                   2
+Pavan Kumar               1                   1
+simon0117                 1                   3
+taringamberini            1                   1
+=====================================================
+Totals:                 512                 399 (unique files changed)
+
+
+Thanks you all for your time and effort to ESAPI and making it a better project. And if I've missed any, my apologies; let me know and I will correct it.
 
 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
 Appendix:   Dependency Updates (as reflected in pom.xml)
diff --git a/pom.xml b/pom.xml
index 2131e8b7c..4246bb983 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,7 +3,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.owasp.esapi</groupId>
     <artifactId>esapi</artifactId>
-    <version>2.2.0.0-RC3-SNAPSHOT</version>
+    <version>2.2.0.0-RC3</version>
     <packaging>jar</packaging>
 
     <distributionManagement>
@@ -698,7 +698,7 @@
             <plugin>
                 <groupId>org.owasp</groupId>
                 <artifactId>dependency-check-maven</artifactId>
-                <version>5.0.0-M2</version>
+                <version>5.0.0</version>
                 <configuration>
                     <failBuildOnCVSS>5.9</failBuildOnCVSS>
                     <suppressionFile>./suppressions.xml</suppressionFile>
diff --git a/src/main/java/org/owasp/esapi/reference/accesscontrol/DynaBeanACRParameter.java b/src/main/java/org/owasp/esapi/reference/accesscontrol/DynaBeanACRParameter.java
index c116f1e67..9f124172a 100644
--- a/src/main/java/org/owasp/esapi/reference/accesscontrol/DynaBeanACRParameter.java
+++ b/src/main/java/org/owasp/esapi/reference/accesscontrol/DynaBeanACRParameter.java
@@ -5,7 +5,7 @@
 import java.util.Date;
 import java.util.Iterator;
 
-import org.apache.commons.beanutils.*;
+import org.apache.commons.beanutils.LazyDynaMap;
 import org.owasp.esapi.reference.accesscontrol.policyloader.PolicyParameters;
 
 /**
diff --git a/src/main/java/org/owasp/esapi/util/ObjFactory.java b/src/main/java/org/owasp/esapi/util/ObjFactory.java
index 3ffadd88e..2c23e5f00 100644
--- a/src/main/java/org/owasp/esapi/util/ObjFactory.java
+++ b/src/main/java/org/owasp/esapi/util/ObjFactory.java
@@ -30,11 +30,11 @@
  * 		...
  * 		// Typically these would be populated from some Java properties file
  * 		String barName = "com.example.foo.Bar";
- * 		String beerBrand = "com.example.brewery.Guiness";
+ * 		String beerBrand = "com.example.brewery.Guinness";
  * 		...
  * 		DrinkingEstablishment bar = ObjFactory.make(barName, "DrinkingEstablishment");
  * 		Beer beer = ObjFactory.make(beerBrand, "Beer");
- *		bar.drink(beer);	// Drink a Guiness beer at the foo Bar. :)
+ *		bar.drink(beer);	// Drink a Guinness beer at the foo Bar. :)
  *		...
  * </pre>
  * </p><p>
@@ -45,10 +45,11 @@
  */
 public class ObjFactory {
 
-	private static final int CACHE_INITIAL_CAPACITY = 4096;
+    private static final int CACHE_INITIAL_CAPACITY = 32;
 	private static final float CACHE_LOAD_FACTOR = 0.75F;
 	private static final ConcurrentHashMap<String,Class<?>> CLASSES_CACHE = new ConcurrentHashMap<>(CACHE_INITIAL_CAPACITY, CACHE_LOAD_FACTOR);
 	private static final ConcurrentHashMap<String,MethodWrappedInfo> METHODS_CACHE = new ConcurrentHashMap<>(CACHE_INITIAL_CAPACITY, CACHE_LOAD_FACTOR);
+    private static boolean cacheEnabled = true;
 
 	/**
 	 * Create an object based on the <code>className</code> parameter.
@@ -130,6 +131,18 @@ public static <T> T make(String className, String typeName) throws Configuration
 		// DISCUSS: Should we also catch ExceptionInInitializerError here? See Google Issue #61 comments.
 	}
 
+    /**
+     * Control whether cache for classes and method names should be enabled or disabled. Initial state is enabled.
+     * Ordinally, you are not expected to want to / have to call this method.  It's major purpose is a "just-in-case"
+     * something goes wrong is some weird context where multiple ESAPI jars are loaded into a give application and something
+     * goes wrong, etc. A secondary purpose is it allows us to easily disable the cache so we can measure its time savings.
+     *
+     * @param enable    true - enable cache; false - disable cache
+     */
+    public static void setCache(boolean enable) {
+        cacheEnabled = enable;
+    }
+
 	/**
 	 * Load the class in cache, or load by the classloader and cache it
 	 *
@@ -139,11 +152,11 @@ public static <T> T make(String className, String typeName) throws Configuration
 	 */
 	private static Class<?> loadClassByStringName(String className) throws ClassNotFoundException {
 		Class<?> clazz;
-		if (CLASSES_CACHE.containsKey(className)) {
+		if (cacheEnabled && CLASSES_CACHE.containsKey(className)) {
 			clazz = CLASSES_CACHE.get(className);
 		} else {
 			clazz = Class.forName(className);
-			CLASSES_CACHE.putIfAbsent(className, clazz);
+			if ( cacheEnabled ) CLASSES_CACHE.putIfAbsent(className, clazz);
 		}
 		return clazz;
 	}
@@ -177,7 +190,7 @@ private static Method findSingletonCreateMethod(String className, Class<?> theCl
     private static MethodWrappedInfo loadMethodByStringName(String className, Class<?> theClass) throws NoSuchMethodException {
         String methodName = className + "getInstance";
         MethodWrappedInfo methodInfo;
-        if (METHODS_CACHE.containsKey(methodName)) {
+        if (cacheEnabled && METHODS_CACHE.containsKey(methodName)) {
             methodInfo = METHODS_CACHE.get(methodName);
         } else {
             Method method = theClass.getMethod("getInstance");
@@ -185,7 +198,7 @@ private static MethodWrappedInfo loadMethodByStringName(String className, Class<
             ConfigurationException nonStaticEx = staticMethod ? null :
                     new ConfigurationException("Class [" + className + "] contains a non-static getInstance method.");
             methodInfo = new MethodWrappedInfo(method, staticMethod, nonStaticEx);
-            METHODS_CACHE.putIfAbsent(methodName, methodInfo);
+            if ( cacheEnabled ) METHODS_CACHE.putIfAbsent(methodName, methodInfo);
         }
         return methodInfo;
     }
diff --git a/src/test/java/org/owasp/esapi/util/ObjFactoryTest.java b/src/test/java/org/owasp/esapi/util/ObjFactoryTest.java
index 2b817591c..4657e4a0a 100644
--- a/src/test/java/org/owasp/esapi/util/ObjFactoryTest.java
+++ b/src/test/java/org/owasp/esapi/util/ObjFactoryTest.java
@@ -183,10 +183,44 @@ public void testMakeCipher() throws ConfigurationException {
     		String className = "javax.crypto.spec.SecretKeySpec";
     		javax.crypto.spec.SecretKeySpec skeySpec =
     			(SecretKeySpec) ObjFactory.make(className, "SecretKeySpec");
-    		assertTrue( skeySpec != null );
+            // Should not get to here. Exception is expected.
     	} catch(ConfigurationException ex) {
     		Throwable cause = ex.getCause();
     		assertTrue( cause instanceof InstantiationException);
     	}
     }
+
+    /** Test cache. Create 100k JavaEncryptor instances with cache enabled (the
+     * default), and then create 100k instances with cache disabled. Time each.
+     * The cached version should save some time.
+     */
+    public void testObjFactoryCache() throws Exception {
+        final int reps = 100000;
+        System.out.println("testObjFactoryCache: " + reps + " iterations.");
+        org.owasp.esapi.reference.crypto.JavaEncryptor je = null;
+        String clz = "org.owasp.esapi.reference.crypto.JavaEncryptor";
+
+        long startCacheEnabled = System.nanoTime();
+        for ( int i = 0; i < reps; i++ ) {
+            je = (org.owasp.esapi.reference.crypto.JavaEncryptor) ObjFactory.make(clz, "JavaEncryptor");
+            assertNotNull( je );
+        }
+        long stopCacheEnabled = System.nanoTime();
+
+        ObjFactory.setCache( false );   // Disable cache
+
+        long startCacheDisabled = System.nanoTime();
+        for ( int i = 0; i < reps; i++ ) {
+            je = (org.owasp.esapi.reference.crypto.JavaEncryptor) ObjFactory.make(clz, "JavaEncryptor");
+            assertNotNull( je );
+        }
+        long stopCacheDisabled = System.nanoTime();
+
+        long durationEnabled  = stopCacheEnabled - startCacheEnabled;
+        long durationDisabled = stopCacheDisabled - startCacheDisabled;
+        System.out.println("testObjFactoryCache: Time with cache ENABLED (nanosec):  " + durationEnabled );
+        System.out.println("testObjFactoryCache: Time with cache DISABLED (nanosec): " + durationDisabled );
+
+        assertTrue( durationEnabled < durationDisabled );
+    }
 }
diff --git a/src/test/resources/esapi/ESAPI-CommaValidatorFileChecker.properties b/src/test/resources/esapi/ESAPI-CommaValidatorFileChecker.properties
index 87c1a3de3..e9bafc134 100644
--- a/src/test/resources/esapi/ESAPI-CommaValidatorFileChecker.properties
+++ b/src/test/resources/esapi/ESAPI-CommaValidatorFileChecker.properties
@@ -1,5 +1,35 @@
-#
 # OWASP Enterprise Security API (ESAPI) Properties file -- TEST Version
+#############################################################################
+#
+#   WARNING     WARNING     WARNING     WARNING     WARNING     WARNING
+#
+#   #######                                 #     #
+#      #     ######   ####    #####         #     #  ######  #####    ####
+#      #     #       #          #           #     #  #       #    #  #
+#      #     #####    ####      #           #     #  #####   #    #   ####
+#      #     #            #     #            #   #   #       #####        #
+#      #     #       #    #     #             # #    #       #   #   #    #
+#      #     ######   ####      #              #     ######  #    #   ####
+#   
+#   This is NOT the version of ESAPI.properties that you are looking for.
+#   Do NOT use this for your production applications!!!!!
+#
+#   That is over in the 'configuration/esapi/ESAPI.properties' file. You
+#   should retrieve THAT version from the official GitHub report from
+#       https://github.com/ESAPI/esapi-java-legacy/blob/develop/configuration/esapi/ESAPI.properties
+#   but make sure that you select it from the 'master' branch (which will
+#   correspond to the latest official ESAPI relase). Sorry for the
+#   inconvenience. We are trying to figure out how to get it to the official
+#   "esapi-<releaseVersion>-sources.jar fiel available from Maven Central, but
+#   in the meantime, you will have to get it from GitHub.
+#
+#   PLEASE do not base your production use of ESAPI on this TEST version of
+#   ESAPI.properties as this test version has been dummed down in several places
+#   for JUnit testing.
+#
+#   You have been warned.
+#
+#############################################################################
 # 
 # This file is part of the Open Web Application Security Project (OWASP)
 # Enterprise Security API (ESAPI) project. For details, please see
diff --git a/src/test/resources/esapi/ESAPI-DualValidatorFileChecker.properties b/src/test/resources/esapi/ESAPI-DualValidatorFileChecker.properties
index 275d855f9..c53476642 100644
--- a/src/test/resources/esapi/ESAPI-DualValidatorFileChecker.properties
+++ b/src/test/resources/esapi/ESAPI-DualValidatorFileChecker.properties
@@ -1,5 +1,35 @@
-#
 # OWASP Enterprise Security API (ESAPI) Properties file -- TEST Version
+#############################################################################
+#
+#   WARNING     WARNING     WARNING     WARNING     WARNING     WARNING
+#
+#   #######                                 #     #
+#      #     ######   ####    #####         #     #  ######  #####    ####
+#      #     #       #          #           #     #  #       #    #  #
+#      #     #####    ####      #           #     #  #####   #    #   ####
+#      #     #            #     #            #   #   #       #####        #
+#      #     #       #    #     #             # #    #       #   #   #    #
+#      #     ######   ####      #              #     ######  #    #   ####
+#   
+#   This is NOT the version of ESAPI.properties that you are looking for.
+#   Do NOT use this for your production applications!!!!!
+#
+#   That is over in the 'configuration/esapi/ESAPI.properties' file. You
+#   should retrieve THAT version from the official GitHub report from
+#       https://github.com/ESAPI/esapi-java-legacy/blob/develop/configuration/esapi/ESAPI.properties
+#   but make sure that you select it from the 'master' branch (which will
+#   correspond to the latest official ESAPI relase). Sorry for the
+#   inconvenience. We are trying to figure out how to get it to the official
+#   "esapi-<releaseVersion>-sources.jar fiel available from Maven Central, but
+#   in the meantime, you will have to get it from GitHub.
+#
+#   PLEASE do not base your production use of ESAPI on this TEST version of
+#   ESAPI.properties as this test version has been dummed down in several places
+#   for JUnit testing.
+#
+#   You have been warned.
+#
+#############################################################################
 # 
 # This file is part of the Open Web Application Security Project (OWASP)
 # Enterprise Security API (ESAPI) project. For details, please see
diff --git a/src/test/resources/esapi/ESAPI-QuotedValidatorFileChecker.properties b/src/test/resources/esapi/ESAPI-QuotedValidatorFileChecker.properties
index e84e83086..b868c6f6d 100644
--- a/src/test/resources/esapi/ESAPI-QuotedValidatorFileChecker.properties
+++ b/src/test/resources/esapi/ESAPI-QuotedValidatorFileChecker.properties
@@ -1,6 +1,35 @@
-#
 # OWASP Enterprise Security API (ESAPI) Properties file -- TEST Version
-# 
+#############################################################################
+#
+#   WARNING     WARNING     WARNING     WARNING     WARNING     WARNING
+#
+#   #######                                 #     #
+#      #     ######   ####    #####         #     #  ######  #####    ####
+#      #     #       #          #           #     #  #       #    #  #
+#      #     #####    ####      #           #     #  #####   #    #   ####
+#      #     #            #     #            #   #   #       #####        #
+#      #     #       #    #     #             # #    #       #   #   #    #
+#      #     ######   ####      #              #     ######  #    #   ####
+#   
+#   This is NOT the version of ESAPI.properties that you are looking for.
+#   Do NOT use this for your production applications!!!!!
+#
+#   That is over in the 'configuration/esapi/ESAPI.properties' file. You
+#   should retrieve THAT version from the official GitHub report from
+#       https://github.com/ESAPI/esapi-java-legacy/blob/develop/configuration/esapi/ESAPI.properties
+#   but make sure that you select it from the 'master' branch (which will
+#   correspond to the latest official ESAPI relase). Sorry for the
+#   inconvenience. We are trying to figure out how to get it to the official
+#   "esapi-<releaseVersion>-sources.jar fiel available from Maven Central, but
+#   in the meantime, you will have to get it from GitHub.
+#
+#   PLEASE do not base your production use of ESAPI on this TEST version of
+#   ESAPI.properties as this test version has been dummed down in several places
+#   for JUnit testing.
+#
+#   You have been warned.
+#
+#############################################################################
 # This file is part of the Open Web Application Security Project (OWASP)
 # Enterprise Security API (ESAPI) project. For details, please see
 # http://www.owasp.org/index.php/ESAPI.
diff --git a/src/test/resources/esapi/ESAPI-SingleValidatorFileChecker.properties b/src/test/resources/esapi/ESAPI-SingleValidatorFileChecker.properties
index a7d65d5ab..3946d4395 100644
--- a/src/test/resources/esapi/ESAPI-SingleValidatorFileChecker.properties
+++ b/src/test/resources/esapi/ESAPI-SingleValidatorFileChecker.properties
@@ -1,6 +1,35 @@
-#
 # OWASP Enterprise Security API (ESAPI) Properties file -- TEST Version
-# 
+#############################################################################
+#
+#   WARNING     WARNING     WARNING     WARNING     WARNING     WARNING
+#
+#   #######                                 #     #
+#      #     ######   ####    #####         #     #  ######  #####    ####
+#      #     #       #          #           #     #  #       #    #  #
+#      #     #####    ####      #           #     #  #####   #    #   ####
+#      #     #            #     #            #   #   #       #####        #
+#      #     #       #    #     #             # #    #       #   #   #    #
+#      #     ######   ####      #              #     ######  #    #   ####
+#   
+#   This is NOT the version of ESAPI.properties that you are looking for.
+#   Do NOT use this for your production applications!!!!!
+#
+#   That is over in the 'configuration/esapi/ESAPI.properties' file. You
+#   should retrieve THAT version from the official GitHub report from
+#       https://github.com/ESAPI/esapi-java-legacy/blob/develop/configuration/esapi/ESAPI.properties
+#   but make sure that you select it from the 'master' branch (which will
+#   correspond to the latest official ESAPI relase). Sorry for the
+#   inconvenience. We are trying to figure out how to get it to the official
+#   "esapi-<releaseVersion>-sources.jar fiel available from Maven Central, but
+#   in the meantime, you will have to get it from GitHub.
+#
+#   PLEASE do not base your production use of ESAPI on this TEST version of
+#   ESAPI.properties as this test version has been dummed down in several places
+#   for JUnit testing.
+#
+#   You have been warned.
+#
+#############################################################################
 # This file is part of the Open Web Application Security Project (OWASP)
 # Enterprise Security API (ESAPI) project. For details, please see
 # http://www.owasp.org/index.php/ESAPI.
diff --git a/src/test/resources/esapi/ESAPI.properties b/src/test/resources/esapi/ESAPI.properties
index 5a0da9f19..512998756 100644
--- a/src/test/resources/esapi/ESAPI.properties
+++ b/src/test/resources/esapi/ESAPI.properties
@@ -1,4 +1,3 @@
-#
 # OWASP Enterprise Security API (ESAPI) Properties file -- TEST Version
 #############################################################################
 #

From 6fa7bcfc0b575912b3b7df033d6a92355f3fe94b Mon Sep 17 00:00:00 2001
From: "Kevin W. Wall" <kevin.w.wall@gmail.com>
Date: Mon, 24 Jun 2019 18:10:50 -0400
Subject: [PATCH 564/812] Final preparation for ESAPI 2.2.0.0 release (#501)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Change release version to 2.2.0.0 for official release.

* Update / correct ESAPI release steps.

* Fix ironic spelling typo.

* Fix ironic spelling typo.

* Changes to suppress most of the noise, but also fixes to all for .XML and .PROPERTIES suffixes and to fix and return null when property is null or empty string.

* Changes to suppress most of the noise and to actually handle the exceptions that we should have been all along (e.g., IOExceptions).

* Comment out the crude benchmark related assertion that sometimes was failing because of JIT-related issues. Needs to be eventually replaced by JMH.

* Close #499 by resetting 'parent' when Windows is detected to root of drive where Windows is installed.

* Close issue #488. These are slight enhancements to PR #489 by @JoergAdler that I rejected because Eclipse did something to cause every line to differ. But shout out to Jörg Adler for originally finding this issue and patching it.

* Close issue #488. These are slight enhancements to PR #489 by @JoergAdler that I rejected because Eclipse did something to cause every line to differ. But shout out to Jörg Adler for originally finding this issue and patching it.
I also added an additional test or 2, so don't blame @JoergAdler if I messed that up.

* Close issue #488. These are slight enhancements to PR #489 by @JoergAdler that I rejected because Eclipse did something to cause every line to differ. But shout out to Jörg Adler for originally finding this issue and patching it.
I tremendously stripped down the contents of this file because really all it needed was a single property referencing the validation.properties file.

* Add 3 additional issues that were closed and fixes to some minor formatting.

* Final updates for the ESAPI 2.2.0.0 official release.

* Figure I probably ought to add my name instead of assuming people knew it and my email address.

* Changed schema from allowing unbounded number of properties to allow only 10000. That really should NOT be a problem.
However, it should help silence some of the SAST engines.

* Additional changes to fix GitHub Issue #500
---
 CONTRIBUTING-TO-ESAPI.txt                     |   2 +-
 documentation/ESAPI-release-steps.odt         | Bin 165550 -> 273380 bytes
 .../esapi4java-core-2.2.0.0-release-notes.txt |  46 +++++--
 pom.xml                                       |   2 +-
 .../AbstractPrioritizedPropertyLoader.java    |  14 +-
 .../EsapiPropertyLoaderFactory.java           |  33 ++++-
 .../configuration/EsapiPropertyManager.java   |  46 +++++--
 .../StandardEsapiPropertyLoader.java          |   2 +-
 .../configuration/XmlEsapiPropertyLoader.java |   5 +-
 .../DefaultSecurityConfiguration.java         |  12 +-
 src/main/resources/ESAPI-properties.xsd       |   4 +-
 .../EsapiPropertyManagerTest.java             | 130 +++++++++++++++---
 .../StandardEsapiPropertyLoaderTest.java      | 121 ++++++++++++----
 .../XmlEsapiPropertyLoaderTest.java           | 126 +++++++++++++----
 .../DefaultSecurityConfigurationTest.java     |  52 ++++++-
 .../owasp/esapi/reference/ValidatorTest.java  |  20 +++
 .../org/owasp/esapi/util/ObjFactoryTest.java  |   9 ++
 ...ESAPI-CommaValidatorFileChecker.properties |   2 +-
 .../ESAPI-DualValidatorFileChecker.properties |   2 +-
 ...SAPI-QuotedValidatorFileChecker.properties |   2 +-
 ...SAPI-SingleValidatorFileChecker.properties |   2 +-
 .../resources/esapi/ESAPI-root-cp.properties  |   4 +
 src/test/resources/esapi/ESAPI.properties     |   2 +-
 23 files changed, 516 insertions(+), 122 deletions(-)
 create mode 100644 src/test/resources/esapi/ESAPI-root-cp.properties

diff --git a/CONTRIBUTING-TO-ESAPI.txt b/CONTRIBUTING-TO-ESAPI.txt
index 4154a5916..e4fab6e45 100644
--- a/CONTRIBUTING-TO-ESAPI.txt
+++ b/CONTRIBUTING-TO-ESAPI.txt
@@ -17,7 +17,7 @@ Finding Something Interesting to Work on:
     what it is. Then if you want to work on a particular issue, we can assign
     it to you so someone else won't take it.
 
-    If you have questions, email me or Matt Seil (xeno6696@gmail.com).
+    If you have questions, email Kevin Wall (Kevin.W.Wall@gmail.com) or Matt Seil (xeno6696@gmail.com).
 
 Overview:
     We are following the branching model described in
diff --git a/documentation/ESAPI-release-steps.odt b/documentation/ESAPI-release-steps.odt
index e75c8599c67fc20cf6ba60c280f1af0084ef9eaf..bf188f05f965c9d5051d1f4fc60a4ff4df2e1b23 100644
GIT binary patch
delta 148504
zcmaI7V~}RSwl-L{ZFkvrb=kJ<E}L)JW|wW-wr$(Cr_Y@e_nVm?laVWOXJoFuSELs5
z+11f7hbu_%3euopXh1+vKtLEcv+?j!$o~qtu!gd!0$L!T{}5K{r9TL6d>|<R<Xu5V
zMHC&I2#cJPj{Fx5H4`NhH#0RAHybAds}Ki|kbs~xmxz)mABVgUx0*PQq_~8*oVv84
zmWs5bvb=(hl9aldhOnHGgqo?UwuzpZjfR=4iK@7nj<U7Bv89o=y@9;Dsj`K+g_*UB
zm7}MdwW*V>i<g6yo2#3SLx?57EyT(<(cL@9*tp)-zRlgO!`rvl$IsU$;ICIem`7-e
zPkfP2;6RY0ewdqiu(w;FPhhZjTX>-N-!S*=ctC!<Z(u-RU~oimcvNI?V0dt3)IW-h
z3=ByMicAQKN{@_6h>S^#j*p3oPfdslONdGMn-H1!FD0iZrzIz)0W#B)6Vg-uW~3!$
zWMqT{bVZ~VL}u6j%`8aCsm;#IjxDH;$*s-EFHI|HDol$k$oiX?omZ6?TbiHIk{{hz
zl2K4lkY7|@R9aY6R#{e*UshaJQC3({QBhLaP+415S>Mu7Sz23D+frBA(9lrd)ZWzE
z)YR75-c;Y(+}hdJ1nB7K2n`<!|2q+zHWwc?l$tt`mNlPUJeplUT#zwVQaDjszEs{a
zRMEUrSGiQzG|<p8+SoDB*frkX-QV6l*3z<G-Ll`-wcFL(RoOe=(l^r7H`&=c*f}uX
zGdk8jveYxX(K&F~J$KMomDyjLHPlkp-&{A)-q7FGKHk|d3+Sxu>**cnTp#K0Tpp-d
z8g1X3Y&n_l9vB$tA08hX9UK~)92@E%9T}Y*8=RP!7@1s{nw^-KUzr^lo}U<;pB`VE
z>YtmLTbvtOoSR%(o!XckT3?vl+ML<k+#DW18e2Y^+`e6yK3v&6SlPVY*<YX8y`0*6
zT-rTe+`rn|0~~G~UTmJ-te-yYFAnZ6jUTO!pRJCZZBFiQEbeWspKZ?{tsGwMPM_>=
z+@G$!+-@KIOUGv?rzb~e7iY)&7iWhT7Z(SIcLx{u2iLC`S9h1!uUEGhm-jCZ7YBD&
z7q^#>|DGNm9`2vto<E)+-#_1;9^Rf`Ki(d{zrO)MKtMk~KS17<-atT9CXyn8D(>r7
zSpfHqW1n5O7IUxWr<Cecz4S)w3&O}0Pix&@@&{@Trd-Ed?MlDUsRq4ult-f!1BnMP
zAz&Cy!Z$N{B`etwryh)E7A5&)k&nO}5aG}R`Xt3p6YS9X+o$d`3z55&0;$85AA^)6
z(r^IV0E8q{O~=dXlm+f<s5!E`eehe~?U#=SaHt=Q_h=2@iU`G_QX>_naxB#-YBBVJ
z|8Mm!BbxYC>J7a@Ir1j3m&4B6fUukoQ*8czoYJk>9k3~rf_%;sIJ+UPXr&cPZ$mpz
z<GQiozYl~4(F$^p2{;Dgz-K7PY`L8??DWPJ1mstROQp%OU^wNyhLgs;TRskj-h5D7
zr+1sqixAcjo?A;W7Qf84y%W9P*}3>=F^)}V7nr<N$=A26`o6%r8H_)>sx_r`+z4*H
z;B{oM70K#Fa)p+hTLxGNhgD(z93Vfgv40N|GA?T8SbW^s0J1muy)d>~o}|N)uTJrN
z@=>p<xtw&dhOTn#J~o#(Y}X!^J_x>5u2|cjj(B2xpndLGT3&rmroC+2Zk~5q{=6;J
zEM0zFMem6EJOTWCJNH;}zD1@&HaKis@qKOx9@#!)x^}vroOJiQ#I3()oe`;hJqtcN
z+-zS>t`nci06hF&@5(tB?M0P8->Vb?s$x01>dF>cEf?FeKSv`yUvIiC*`kR#H$uh`
zJN+d$ctSVc#oj&zb=}v}IaM76MJLTOZ!$R-A}x*p=Nq><%usgEp9b0PBQLk6Pl^ef
zpraW1wUF7B>+i1q*q-(i0q?wD?l-#n?m$@|CJPk$fSv;{n-*Kk(ykXCfb&JW7gGBR
zyK}`9VC3(a+I37#+RrI000290x8<o0eqc*$@3mlVi!5;RrW^zpC7>hE0kGRj^$cm=
zerEqF%Ua>UkqA60^S0f;xelQ$!D(lTCls`B?0$_EMUN)Z_?zx0TJ*`!3L!U<{M4B}
zC!cZxxK|D_z)XH<XIGycKkHY4K6Y9Vn**aRFG5aQ!f=~T4vl7Rsw7TQPMTjFn{Rap
zfi|v+n#Z;g5ndZBi<W1QDNODcH!8!p=NN}LTPyF=9jGs{{svVMVJqu^pG#+`I|xQu
zrvq@e!RDo-x;eWY&$;G1Def#cU1_Gi_5aucwA_x3!yNRl-o4&B=Bip`08YX_SHnCu
z7XpDXOWXBFmck7e0!|b?*V#Nh9)(FW1xhb`7cqRDO%D(HUhfBCf;->KH(lYjPrSEH
z>$@j6<r`l+E6F3iBM%!tae{ys$drxd<<GM$?bt&`^|w`gRNNN+t|t6HmOofVpFt@A
zbAf22*iSA;?rMZWxkxA`aD^yrdLGPahi+d}#R!O6gP8RGTQuEo_hA)KD>l~3|L(+C
zuma}?!^frkea?BQU#!aMw9%MN9uQ{RGX<ZV<5N4lST3^W)<AU==2U;LA8b}Vy;=>W
zJM#>!-IbLW2J$i>4z@NjT;cx!;F)>of^AY>ezafkgFPosv*Zb#np_A?CpqB7c345+
z==ZmQ$I+?4<rm}ny6s;Tc~_WrNfEajsR<|xVjq;AaQ}NMI0Q0@Wd!efSLdFQQt~im
z(+oBWDbj>nH5XzlE(Nfw&MHVAaFLy*=?Laf=C#apN02$D$d}du>Q0WG9u(A{x)<8D
z=B2vKF~y3_itmdOim@wTPo$9q4~Qny5<=uY1KBA624MC?IWt};Me*}Oz5xrfCd3>7
zdX4E6!<vZ4`2ERrG0;q>CfkY;>;-Ir<7SD%uMe-X#KY$S*=;Qt=%y(IWx-PLMmh8r
zFr38gj(9@gtn~xHu-w+$_TR+D1hdexv^M}n^Try+@#F6<HVNMEO}%-!MdcC5tEsMH
z`Vh-BOe;m^aIfY@;*jA@9<66QZrhh0-xi_viJ&evhZqvN!X;q2kFVnf>;Byll*&lA
zux*b%%-!$hg+8OgO9xP~zN^ujTrdVBrt}rM8V<qKP)Brt2$?-}-3GcZ9j}?WM9Ick
zG*Ss^kQ0)D`3Dr{FCd_P1_*-08Q^u~q7v{D#Jc8}I094LE(;*UJDDiSD3p9J^{`kX
z6j-p4OM;SxXvA!Md#5A7NP9fX?q0BrWoLc%mpyt_r-reIW?Mqm*bJs3FnURi^Q~$}
z-Wv0}$B{CCP&|A{-gMCY=Pfu|`2_Q%n|vi~4i^t@-69C8V|qSVF?|mu01-SN4lEuI
z(l7Sfjv5IOB-j;AFCK(gQYa;NS5Z`Mnd|9D&T=+lNSozPLuapNmn6eYq@-^S`Vb)`
zN$5q?csB^pNR|igCG1@0Xh2*q0bWA`3bdZ34W<a7cg1wkS>&*)n9+!9e{`ME)3t~Z
zQ~Ni86h)XaANi&@aB*0ZAJPJ~mWOW_syPhaZHE=`xiw260a3&+85aj9qf6p)_3h)4
zF~tc(?KpmOZ2=H5ov6Iuw7;+0pZTr|r@_{t8J^g5e7GE2-wXvrL1R`Oo&9?W9zF0k
z?E7T^EZOa6by+V?oKt9){qs$=<WZ8ciNkF0mX=^c_k~H46<p|&QoK7gl8iZ_;bWBJ
zWr><+CVL_)rRhrX#qi@uLnSVfq7E)F<?R@ucl`l{5>86=iHU6RDaykixe@OVW8vXr
zl^X0(v?|ewvX)~j#qs1+9(0i6WTrxqJn(0Lz{E4<#8H29$R+)@j}P=I)})#}u%5k?
z@)McXmOS4UhGPr<2&E=l6piWn$K!8VG;=1Ns5^|ykcZn;|0Unfl;b#XyZVBzVzK_m
zCk}v`a5e_s^Hj=0*Kz%laLO8nz?#SvmZvny6xy*f2dR=dDc+qbO;5{Or1Lv?=AAuY
zV~hj&W7LiOo`A+;neLf<_SKUmxRO0&u=2S-ol#EVSZ~uKfTF6kVbjJ2S?iCvmyK(`
z3C}sy!X?x^RmvbCwNnWC+VQDSRcjTfX7eikOJKhSJk~jJI@R+dtoxX7!V#ZFTxH?~
zs-4$5tr*i>6fbbmb8E>n@%qBF)w?hNG0WY3;&3HVo-`yE>E7Fmuv+`Z+P2OCU+~eV
zeZ?3NY`R*uRI0Qv6;puxMA4GqtAaSUz0Q{ad#ET<l^R5cdj`wyUFb-=><=d_Ymc8}
ztPCzLW(B<(J@yAZZFQ!2z}(`ziE|34D*Z)iWnQqO>Bn1y026{AM5dTSna(^Qn(u_+
z^7%%G<6WEw96SZWJMHD+Z4A0Fk%dKhFL(=5dc4$g-$HT@Jt<UF^{@F-ene1b`ou#b
zDi<d8eRzI(K6r9)@Fv{&F?!*lv@%l4ZXxR3b^MqE!O?@V7IDqTJ!8$}VdN+uKUe(B
zOebGH5&n5vS*K@Z7Z~qR8(ucRbA*>aVJ5bG7<hc85|@skCb;?b0=yyE5i;JEBHNhK
z2lm8jXxlr@O|vv5Ahb`jQ-;w@8hf=8(bW&%)vtiW!TxgN`92)qEJFfV<d0o^x@2B3
zn3^?g2+*F%6g?PcZAlhQbw(jOxwRXh<uhzT_<9Zfd_e!gQ;=ZQ;YANXV;H;hAnRxW
z2dj<i5L@DKAy*yD<yD0x%EQt>8ntll5nK$eHHXh%8@oUk2WGOef%Kwq{W9oFU=N;h
z7)aTB$BVf7H*_(=+dj$_6HJ(4Kt_Q=n-2x3P(8`L26*gEBsNQsPx!KXq_bW8d=s7w
zMw~&6vnC_WHxj~JiD)0Nmc0KioXwtxJcUzY?}#?xnHA`~uy(N+9lJgd-lI~b>ES{>
zqTir^uI{bht#5K&tbC_J%l!)TW<;KaA{j3KFsuGM@ypznJxVV#@)c;vv6{-YV-wA#
zJ$llx@}W3GDNgyWv=reL!Z;N2E8@9aoyvMd{zpva_HfP)Ow0w)UiHtQeU<H#h<1*`
zVLAx_c_`{+rDhnd<Yl5LF*Ca#qoR)0;4%-&YI8`Ug`XySNZWMR3YJp3keI#zl3}v(
zWEBXG#vSoL3zxa?WTs9{QZl=oT$FI-<@%Y93nD4hnZ%k~g}TkM21MSAKFQdU_>gNR
zn58W!@hfNc_`(5vys}-r&fI`|^G&3^!;o=6>3RiG1!J$8p3odw++lZJce&4UsR8t{
zP8>%LNG8U&I_7rsjfpOvd~&%wH?Z@AKF7-<-Vzr5p}Muu6tBy9s3!MN(#(ij6G03!
z^D#CIEgolpVz=Ex4n%IP{TCicnUC9haUzxcX$VbEnFN6Qu4&;ks+dJqaj=hJ@0-5i
zMjYoWrSGLIyPC6yD+CTA#V3DcNu&#Qlgbw8d~6e47_IEPGfkdv4n<iZ%NkWHSNg?i
zG>i_>T{UKDz{?N8Gj;*6e<UE(>!wpfrZxc`C?3@x^R@W0$7)NWYVyWKRX<a>{a!?=
zsL>t%<r-j0KZLwM2p-Z*o5ljp8c3~<Nv~_D;ZS9GJfB)rLs-c>DP%bIggMcp0+(9@
zhm8S4BNY0n#klQxHkO*rZGS306Pv^R_=%VUaQ(q8Vg3l6l`hfqJez&^xu4YUa@g&i
zOr4PD_1Jxz#AV3hc0QlQEy37+-NP+eJeiZW`vg!rofhSBY;(F;?akuO1cgNCkQJ^@
zyDrR@^t!{rlR=<#ks{A!JfzgQgDjz0e-z0uJI+^NFy#gv7`lnv)q@{Gh8V01eL4OP
zFKSh|UVn(zdlHxby6uh4=De+8z~{c5|KYsl5a4~h+`-d$%>a0Q<IV{D96rcrjq`p?
zCISTB#~&aOt^^+E^UQPJF3fX0jDJ|<@!Tzca0R^gYY_1`Zx8d*%y&jR>i|8jjN*%7
zW_z@ld9<vydC1lfHv}Fpz=&n7FleB&+csz$`)ds}NQc7+)0$kVJ56@Ih5*DmG7`($
z7XK3HiWxAx#m6S2&aagj-ZxDB?*}{YBS3GWJl}`8Jn!9M;?C;N(U-i>K^aB&-6D%T
z@5hP!<<C9pjKJHWv^;;)Pk7J24n4086#oYNM1So^{iDb6G>xLC{%5B9KH2Vbi35T6
z;fUd;B;=b*M3!2|kd@|+kqJwfgh4WSZkJd;Od1;Om+Ea7KR%}iOuhsox|*^iz#|E<
zf)c1LUXY89nlX*{0P#rZuD|JAOcV{1{&Ym>cqheDn1R35<iuP~b^8bW%i8SQv)`!e
z7FmP(NGfr_>0zSm?f%){J`dpO==(V2ZEAeCI3)Q7*14yrW6}>cM@;YTo(_#sz`z_6
z^=a(ol;8$JK!c>mIK%#7N#@Q6z^lKtYchR?AjIAJKE6XJAq3@56~F+F$Y|fg8p&{*
zi!wdMuVAaA3u+#B*4-V|F6=yetq$9IAb?$c(Luoc-8}4rN79t}XU&p)Fm>mWXYF(+
zienkZ6;@S-kpoY71~;;!QkXL*OHdB%;S3x9_;mht^S6x$b&g=$KP{022!7+05|vI+
z%g*>+^u|?~bRPlHV1BH^cT*wO`ah=ifqH}@HGN2`)=*?B|7Aophz%9m_pC??zmulw
z*FA5w^I5`D`KimCehR%#F17Az_6$bxa*RWins0AO7hE+pWoVXcI5aEeyDFfE+|hS5
zToxQrtR#mN#&$9TCJ*47Ee(Nw#3rcli~cDUMk->{fD@bCy=^5%%co$Qlfe}U`WH%!
ziE~tZ6+fgpmI5bLoZ$dI$}-`@1Pn8DXkh7>Tc_;yf@E!X?tIN4o$!|P@g3VYd2@-Z
z#pOtq>&i9#V@%sF;wzFh2+BcRCGXDe`WOc1Er<<BSkWq^;2L0Q!3-1+{<I2mi@*>y
zx)*Irs*WdIEX6gC^O)BbLwnNiiLbqdSf_Ag{i9BB|MA7kVq^?H5gtvwZK@Ad2(Iaa
zs9vOm#3XR7&lC}6IW(<GSf&$0rUssrLqCaCG|DWD%EQ*48#h%k^JFQEL}DH4@RuD|
z)+o70SzJN`V-z5a5$_61*-!_=M9;WGfg56Bt`GB<AltAa5{0k=st}6TIx^}vF#N4)
zo^f1GsHlLnH9r+Zks$Up9TDg4I_LQjTaJbwc46!!HB3^m_?yn@yKi39W4ON5kXmTI
zde@HGy|7fXeVNaC&9oAg`VMPTWqt!RINeCsFtcm3V-7&7yi=(Nc^t#mujpJJ*b``=
z3W}-DFArES>revqfCen+2FQS-jmXZ7kCX5{ZRN)MFAYD6J+sY_xI3JaJHGH18s~<v
zXWbcad+H$Bq@eNlasvlYL99(nyDr@-7>Ye2rPft@s)ch#3$a@7%R4*c-my=%IR2Fv
z&y%c67b2ixXqVt!@n-dB(`NhHGYJ2DC^*m7H^cfp7)-id0yU&fBGwy}5yL=l$xu&u
z_Hb~MGXS+zVG^BMU{bWqe|mm&Q$jLhJayAFX@=oY+S8JpM<6EZC7~T?0@fppzjSk}
zEH=qmW3jPQk=uuKQ=bj1?7tqYKI$-~+Z|v!LKA_Eo{y-MIgs**#_6je4;J-%$m7g7
z@@^VbE9=xTCIMeU{wj0tD=HF?3{}F;U=870t}f8Idt-BKQ=jP8uK7d5F@UH<AOvem
zw{*jKP$}?+wcQ7knN9X;^8<S`DuO3t{0Uz6X0-|z5@&rn%{=30_3lNR;C0RI0s#1Y
z96>VvgZlH7ebS=kEqL%j-#BpJ-R1>K$SPJ)wrOB>Ua{t4o||W*dwFzY+lXgby0NkS
zx)4hWLEZN@|0aYz%}_l4Mw0%v%S%hzWl(t-`6gsL{OV@~jX~j?%@C8@saLL5{@=ja
z>r14A5!BHZUJcA{Fv4^wIVb>{%pQf%lrb8XL?FlMUT~Q3<SaLb>uDhu@9v{Sm{1(f
zCxCPiE>cvlPuRk*1gXU7*Njsas0vikZ>tlJaX<_#oWtf1_PgbkS2L6|oX;oYqlAGN
z_R)?2t%M_)zgU4`(*B;I>Ml%Y6vW$D+;5tO1V>i|gKaz>QVQV*kv9POVl-Y4+9*Zp
z_2J*73TnOo#`>&#CD04KeamxMwy8>LFwq>Xs-qg)(sZzo#Z(#@t7B;ygOOQP{n{Mp
zc=D224{1^wl`Jt<qz)|V3oSefI+^irPFU&F&$;Eq7yp^lMz=XpR_WEM1ne~EsMG<J
z`|`EKTfq^E#uI?TLbdD_KP<xYi$$q7nlH7l)S*)^ME6$D&nkLAd0HXlV$0=TAcc^I
z9q3ZfTF=thIGnK?uRCCExi0jbWTzFD_g!I4a6^Xv<`2zPZv3z2cs3_G*O>yW`a5N!
zOAEsnWL=7Yr=2pEG;7U>)*U=Cs3@O~qLEEeM!{V#j}5?DcVgqf8Bq`Y=201M(*7fp
zSMD95IbD|ZFqR8Ac&a!(|FN7KF$7#RaBQZNQUTFEF)$n5EXWueq<3km*<JLkoH(cQ
zn?p56>xnZHP%Hi6%T?_jRSCx+YYHD;A=Eo~HRJM=a<UA+P&`(wxHm8kNlG|(zOz3e
zENEun9x9+dl1)G^fu2`MuBqM}62a@VpR4|BB@g#|NV7%7-r;Coe$;VuU-Zl56$hcH
zg2rxLl^+J3fv$&cvW8ZN3z)giNce1CFE#xs(w2omSFg)?jh==*Wt*W2+E__uth01b
zSWCpG#8^iH3uimYP6CEPA1>Tp3OX{F1W?H*t^lz0ps*Gfd1W)-Je9Ea?i2`X=dp)4
zku5PRVw56Rf-bda2yb0S^camyR_8>YYA)ZqY?-jI!^}amaPVGUs1!@+W3r>9v+7L3
z%JdM-hA|&DazqyTR=ioKO`eEFZ5$zCA6f@^t~hK)kRDn#d0EW33fTEvZ2)&)1ZSSf
z4gwf&YFJp7>nlzSL!wCzKaU0TSyqC^Y-e24zp)X<cR&1oP4=}IMgQ@dkyP%D1n;~6
zz8=A@z%?HaGq%`Wd-yFr_kai7?PUK)*-HBd5N&7Qj?`hzU~uK1yKQ3Qouro$;e|d;
zMggvBk2fYsol)56A)2J03Q0<(dLKG}UIx&l_i#;;QZ^qHWI*YRz><^*gNM`$KQF*m
zGZkN5Xdt%JRD>A#x?@p308UHhgf15O3-g|o1eVZ8rVy_L2V*o^b1p<ajUR*Y!6gZ+
zQCb_NG}icXVspp19~_jVSrKu9L29R~lQgb>HuQ!_H+1SqDz$PkL?bUFsNR$8dIu<e
zy#%)gsj2r^0%6bq)78Ap&QI{r7geV8D8BDl8Xr)6{Jhsx6eQH#mhVD<Qv;Jxc+B_t
zW<=6lX9%bVA9Nlb=>ieCMlTmI*+YSf*CHB4!=odb&U0t%Wg(gbia`bbc+@y%jBD-x
zO(_Yyd-bAa(+Gq`bWwFYo~WMiln)4G_;W?V<QIeh43-%}fznrIe3h?$Ig=TunWqbx
z2PCcCkBod9)s7KmtfKrt4;u`}_JYz_u;+k-e3dJ~(+s};g7XuW<#mma8aH$T0_5-G
zTTua54>apnbY_>n#yI!ZFhHhwlPR~>cL(|GAj_Jof#_rR8RomwK8?>he+57t>&omZ
z(u1Ikxj|SD7+gtgx~tCC#n>&Gty|&#lhvNMdMq(ZFnR9WAifg7R52<=U^Y9Wy#8uZ
zLBqxGF9tahA1oyoWgUq6rb5ETnI(>cgP&H)%Wg{TU(9@lOd2y!&PFAWC#XB0?@`8^
zK{-6!RHkF5k@5NFZsnDVpbDU~cD5no#aW1Bx5XnZIZQwGMwo_Q?&2!4blk}})e#!U
zbpAsIzC*Z@AbBa{z2DyT+Mmojzn(JBK+iyTvD7pruk*wVk1qAF=VW#E^!%2ejzgHX
zn6wE-n~6nTWR4+H=qA8d^3N@_)Jt0wN<>|EpALQ<gH{<Y8MpUk{|%VI@~lZ(<bry@
z*}wPD81Gp~`Ti{|CTIu;8~xkX3IsaDG^UecdNLlBk|%zuqHN5P6I&T#I+x^lVv0y(
zR6hF9?9txVjE<Ur@9AKJE>_$|$15jt0H192WD|wcJzuTXXnH|nhu;~*T(3gjZJrE>
z=W;j$zs(=k0l^v|Y!8Sk{C@3IKGFK*xg@A9E828kG$Q8N9?F;1<vx4lJ!zYH1NyK}
z#E-W$gngaJ!rKrcNgxA0*i^*y&Z_Sx!eKGqu-_v0XyIS+yRe0+1SW-~G|YLyUppY~
zP@0Bf3=RH0La;x&ktrg}N+P=B1(PP$huEv20mbr1<`5gxNCSYw1QrI|bSlSrDl{jY
zF#Sq1%?NY*jWFU&57xTi`8cGv>yT(RKjNCJCui^1b3z)6BxWxkiM(qBt^^!~wHPtw
z7awm(MMoWn43u{fYY&O}rFi!d37VmdnWGrj(Hz>t@YBMo9<7flonloafV0&afTH(Q
z-Mc?TM`KH-gA70~m<W20kT;>!Yg)q;-rm<@bj+j5=F5o4b7#elj1p1l##KiN7(97P
zLwz>5hszB120@59aSy%-I75g<5&exHN4)s<t&oB>9_-W!r_7YqI3BPs<R4YnGHmWK
znX2MWl@43r?94bfGZEOO@XMkK<pYEIMAe89U&%<Ungmd$aN3lk356A3PcpoWv<JdL
z1nVzm^2&mmXh2p@Z<XvHZlZIq?e=mdbaVabYumLG9#f|M8#nAPB_wB$BD+WUY~_di
zK2K~<8c2Rsnr+de4;pB<@I}&yF$ubSP3LxONtkZqL0vzQYTHkW_5Gr)d1A(C*4E<L
z+{oq!!6;w>&J@&?%${|Rj{yF7)2#e6AW~a6=wjks$^4_sR9j+~Gg#p5%8y*`6X=!A
z){}i4*C=YrL9ymftC!@M3%tD%ZxC9M{`QC7+{GN(^<^o;Smb$b*q{tE5{gR&8W3>u
z#n6Dl^c|5&VdR(sZ(gR#J`)o&ck(W`d0Rha&I6!(o~f6n%pPsXScvsLqI~+EzB@A|
z`C>NuGZdu@c4AR!G=o8(07y@Ckl`EWLH&O9M&FN#B1Nr5zN4DQ*KU+o6#?yCMI8*w
zGCnr?zH(tF>{^)vd~l?{D<63PW>MCEZo|1fbiUS;<eX><(d&7h9_6ZHK#QOdy0UC*
z9tmLavuoD-SGgFzOrBclY{^?MLxsW-J89)!^6v~yZMdB5A%!hORK-aBTZSY@%u2Q(
zH-or|Ar<#5sG~t9$GyCqq-gTmSq7+aJ(d5oDAjHmSc>v}z^mFH9)g0^!&lpNsh>f;
zZb@2nvnU8bO;nkQgf2G)e-<iIoJq38eGkBgEQv~_bbXw70j4TfTfd#`^o|VHQibe4
z-*4ECdYHB+)3RiOgJHO?8JT_jwvc7Fb4R)_1HHhmv^Aqa%Ohu?Wm^Q(RxOH4ampHL
zdJ=vXRr!2zDnfA*K$~hkgylcZsH0VXYuuni6VmJ!2=~P){Wdm!&2^f`2bbnIas?of
zgvJI{>_D!u9!9bXK(el1*P29nCI_htO=n*Mj^Or%T<~Kn<(RS{0}hg*BWG^HL@?+B
zmmGsDNpK_*+Ts;zGTJdjr#~CJjp*0^u(m1a3)h>2-1CdIe>Yaz3~KQt3}&<pV6;)n
zo8502pbSEgIt{zMulUA-;0lPqB>_PB;}YJM$Jsb+;Nusf_LCE)?xNANOs@X2yMe$+
zCCe+=S=j;Jdq(J?9cnwx4pgaE?1S|A>W&!Xw&2HMLZ~rg=n9DjtV9WN;*4ok5NkkJ
z6k#`PG{;TR1;G(RsOF2wRcKU5q7yettqQAU1TzbdTs%i}+OTqmw;<pw831|~>Z89l
ze!~W7gG`MyYvOh)STLgkx8IDW$Z7~%7gu8!b3opzb--_&Hrt&I=7A2R*Gbj5xv_6t
z?!)l3LDh%Moo@UYk`!j}jCoWt^uG%xLUk@xa3BL=1bg$X++i~~mFT^Axw>U9i*MxH
zG&z^&RQ=lzF4Y%}kV}du%mNq=3z^4<iQ{EP%OsH?PoR%6qXLGAl4THzMScj<NO&3C
zbciYlLc$H4MfJWDWhWb5slq*r1A&Y-3?7q)l&s`8^BgmvVr+iJ9)n}38d$W_F8<c8
zKIwOT64s-xQ2TbAb+3XKe&rUt+jbviZ0Ylxo8;z2F+!IMwv^iUTmj(TS7D70z~Too
z%lz8UB$FI2Mx$^T=KO=w=3ZKFXWdwD$6#Hv$#9QDfrFd4-Kx$=Ci@6&*cbEfrk-jK
z^NP<Vfh_$%5DL7#L$+hk4VtE;x=+av4BN{1Qf#J~3+{|Kuc@SO{`WwkDem0IV;yM<
z&sCGGm9Epg{R;+4O9H@kwd3fnnJ+r4_N26+VytsZ!Hw32mDR=^k8Xo$USxZl5?8Gg
zods8F#p-gy=$A?)W}sS_OCq^E&)T8|9P{>8vZOjhEi+n$xHCLfRE8VyAFS^|@Y@J0
zV;@d`!XOZ*)TWy=<Hu+CW6uKM+!Lsv7gsIqDl-XIKDoM(iW|Tgs}`gd{7fL#ve^K_
zAK(o-GXth7H`5Rs^jyyYtTHu&D!0tS%jWUE4p}u8o0b5n78kect4>ao3FhQ3`W^?-
zP(JUqb`_70l0BM5J=MgY+wAlD*;2y!f}uVQCOqqTc$y3a^wL83E_4;)nFTqBNI|_P
z<ESlT`F%Ld+IfJ^(W~!}g4Jl&qgg^EO!k>HWkfkth^PW}s6vtolp}QsxhgvgUfhCM
z)i%P>A&ju6WK(FWhhv3@lQk}U6ywsLdaw()f{R!E4a>jPZwCX2!o|b&)n*xG+jV`-
z-(+I6A-`k;utU$@-M_Nf#P_ywJRh!~i)Aq$vR$FvR;>V&JV63X8A<OZJ~JWd5L{P`
zO$N-o-;D)^URS2Vi5&s56=93Fj%Q8AetHBaoXJc;cp+&Vm$79{q%^CQkL=4szM;KL
zE<1N}Epu*_h%CH7ZxJj0xYt=xaUmhIADsTot3cRB%5<&2LdMwR?KMpY5)m&|3||I<
z@CSkh>mLDFfC{3JrC(hdra>zN%J4NPua~CPzctnTXxbqhf&*yP!zk47F9Y8776bNv
z6<<;tcc4Y;s9U^Fc-2*``&D>$!lqZylj>M_KkpOimRFk9aP;dMvQY<mKan4+K@_CA
zT;1M}pd1Gy=q05~&5fe07gdkb=Ww-jHj_t<hlc_fGCh;Gw2|?9i<(vRQo}H<;cM_Z
zk8akAj?LAZoJI9@c{|$|DQK2{bu`auoM&AQArq<zEPkZEZ12AZCo(|4IvUeA`@Y3t
znx5qonW;-^W6)E5qiDKT6*$x_BuU3mdhHc5SH31n#bOtYgJZZTves8*t__6@s4~4+
zjno1pnpUTa{I!bs*De}VKp-Rx<U<TowvHu`3|nTVY$A9DF?v=Np}h#})<9dq%}>!{
zknu%AYdE05A$z%i<LJG9fj{G#tsIzoKPhq;TWVX~)br|ETnAGc7d_HV+!Q%Xm#r|d
z7_k{P6(<?uX2=dI(&`3sM5?7Y@0U%Xd#wR*$rvl2wmU8+ZJVlHbicR<KqIyg(|MOM
zP+e2Y9HpY%C^PEtd2Gg}T(Fv?085urHi0ysufaHNN4fUyO&Yo^Vt}jzqK*b;?c}7O
zQjh~FoimP4Kc%rS>Te-MxnVR91-1Ezgi3ESeca9YGD-(>i%az~5~_g&63H=<fA$xq
za{Q$z{!G8LYXvhA=6Y)-_c_c!obE3_>)Ggu{?7Phdg2lUhKmn|E7?VK_z6A38Pg@r
z@Q(F5J(gi2B#Ugh;ar@%w}J3h;tNA0$ob)1KDqEYUv9aV#yWg&PJ_WJHZ%yjI9U}V
z-R0=WZXom*!QWyiLP9dwdvK@_VrqcFFrWZmsoQ(8TN1Ef1-~63)#3*YWC@i791Ap`
zuVYn}waB`0@Kfs?B_bJ<DmI%&xCWcLrA-?$0k2YgxpmvauPQ7tXXXq~gznEqcrU2H
zIL3O&%O~07-%LlB<kn2mvQ<qS7In*isx9p&%EIEAH6;?Ax~>?HYSZv}s?GpWvVZCf
zvDE6E1p2(zpM5Xl>BO^Sk0Gljs!sz_5cOF#tTU8K|0(~bi1>hr{GI_j=Qe@CL1Snp
z$pki%C4dr8AeywOP(Ct8xMc#xfQ;x%kqqx~0l3_4ghCYWw39d5v$V_fUkN5N1yr@Q
zDYb}FS#pGj_*{!i9b`3jJXrv6d?YpskwQh%w-Hh;S>Q@FE|YNN5zV-}X_%UIjAydF
zRomy1RK~p3`f0NBV+7>)kP{N-K#Fw^Hd9m-iQq3tF5pN_f4*IN(Ca*rUxhxZ@iCC-
z{8<v?lEz*4r16FWVMSpG?uHC8%8N<y1lXEOxr({u(M(DQbLyx{Rt|u{gb*9!JE_0)
zWuW!(JjK6Wt;Vq+2QJ5a(0h`Ys7H}Cxu~l0+s)uwiuO6Eg;ZO<<(%NvjLBE0GP0ak
zNAtC&s${gsW183-IpH3>qS)zh3^@#K$gD2d?TRfUx9W=wQROSn%o>WoD;l)mkguAm
zM=Hs&xh*Q{H1erPF;)SFJIFP41J}o53Cu|uwKt_()`i*_4aqH|TjDkw)}_hC=jlwI
z7gcl`Hscme8^@kW8zcMdK$Nt9ob3m<tq6NXY0L{%zsIB4uB*rz&Q9JDyqK(VHY~|1
z{RW}EfW*))we_aETqst8LLt(ZjdS&$pSgi|2~Jc=(_}Y*Q+)wsFkYh5qZKMxJ45tV
zkp5oYGJkWivSnz^aR<(|%oatPcHENj@_z0wIMn4cL6WI>MCCw*-+A-7e*;DnD`}CE
zHdPlAn~G!u(;gGp8RUGz#QGRyLh8>M<l;kWl(N4>%MsK?$gG)Lx1Q)eaLTsXwId7W
zW)bTMcIXz#4XgmT6E@5hm=w<RX~hvUy3<)T#{)I2_3APNsSKi}(lG)ZVp|5Xhb`%<
z%Q6WfReK<!B^&$oV4=#34$?NFzcFT<n252e2R&)tuZ>9lc3=hRFJDGFw6z<>sNw5%
z|H-e0a&($VId6BoGi*xLvYA<u?#k%mY-mAqs*$Ql5$Xh>(;HA>cb(4E)7)R9Qz$f~
ze#Bfl(z;e*(bVkA9oBTa%1#W{d<8f@A!PqA`cMZILPUXZ1~WPM?sGHxJ6d??LRJoo
zaOHBy3-m7+_JAgDa_`n*bkW}-#R#WNoB^-NBkMr}NSXd>kkRKWYS6qph@B5;B$~#~
zP%|J@PM>HjSS6}**{|P`*me<~##H2Q{h6$)*^kG@s?w_ezu?DzSI3+TKZL>Q9R?bd
zP^JICoIsMIaw6421_A#!1{w+q>OUCh#7|lhkk+9@B06k<aU~d&-#Hlq2sSd~93<o1
z&Tlc2C{lP<3gF_w1my9s5GHDWI1bBPUIjX&(mEzaJacn{xOig&N=!c-Cd^VZ0Z<iu
z!c{{fJUF<DLu{-RpgU2;QcY{akZcfUAO&eis3838IiG)$Z2zPG7ZO{JShg^Wk1-n<
z=s(2vpJq#AXBS6PCk7_Qe~Fp#e+otxVUhn-8JW4nSQtf_xkQAS#F)4^8CgZd;sF={
z&?z7wkQ^w8fBY(;)LlTpSug*CTg|-8g8r?t^gYruz)U(pG#UmIwhIwqfCCe*5k{_r
zm@4vMsAa~`Fppu`&{HOFGsk>o+Rf~h&aYgVB*i2u)ekA9l}j$P4-pZ7HLwpi@j27R
z0y@Bm+p&D3Ov>WM^|INp_0ZL`1K=8g@Qd&v!iZ#Yz0}xrn&CTLYoH)Qfrbho`fuK^
z@e|7HEs{>PKO9BI<8?=pDpFdt9r%eKGjTsFN@X;g#Cm;y@890;7ABQO0u%gizLFIc
z1<%jVx4-FnF<L5DrKF|~fNx=R>iaxQloz5-7AjK8Yi<TK7aU0aKbWLS<g)Bnblvjo
zcDj+mMcluhRtyJp>)V1gY5qe0KSY9A8A3onz~b|4%uTj=#WK52kX<(Y-}V57fvPDT
zh7EU5PZ;CB)>c;B+;aab7?^|h?&&F|OoGjTPcxt`IZdbG|GYV$pgJ{pt)b0;d`{;7
zhy{-<!V+yx{=Z`qHoT~r{*UQ<aq-aL<=lod?=p7G0Wh*FhmW6!uq!7Qm@duvIHp!e
z1<Ld^205!fKZo2N-MV$3d|z(!aOgT=7eExY5d@1#57_;Ddw_z44NOi>u8qFf%<+AP
zCLka<-Rf{_7^p^_@`k7W*OdoFm5Z4lfVlIiXJb&p<{9G!5epfaYkSlP&_3!{(Blaw
zMEpY3Jb_hIBNa4H<MBjnhkS`S1uao)jVs?Lk;9|$ThQ%0-DoQUPL~K=H!AdfC+_ai
z8E}mR7?{%e2THp=;yV(OT;KUGmItTWQkCOS+NtK1OZlH`ednt$j$1Aij_#^`GkF7u
z;LYiO{Hg0ebvC^j84vY>-dqfSRd-n$tu0Sk<Ntve-c7a)G}xFw#Tu=6E^fZ$W%iXB
z3U5et(5((i&O&W>z6kDn*^Z6Vd%i*{NNMH(kgun(TTc8N+4b0;&l7?E9dSaR#-)B*
zTH3)_fp1E81#N9@QdU-#*;Xnls?muFRDN&hGTW_oHkwcFmp@fF6i@-J2MXc4yX*LT
z)PJE$>4g>J@s^fj?60UzL3(kR#c}atahB)M?mY0ceAmt^#A{t1fOSeu<~O&o=@Fy=
zpAKx8Y0secJA9Woblm|k_d5v2JBTYxjp|76oJ|TbXWNZZ4Dc!eYGyyHzt5NP=hp@7
zyG}vm@Lm~gHTc3ciK|a%OM;pZ^Yt{M9H^}|medN=R5#i!7r<1Kd-ghPyy7*914P!r
zm1>#Y_+h!e`jLvQqP^{`g3>jbaSvSph@6p288+?Qr4ypk2Md%n>l~t1cAo*SKV-Wy
zmUNNQ6cV~R1{FyMp4-2YqEi~D`O*hebQ^#YZ6@p~rWC7IQjoy}ox!Tkt}c&{$u$z3
zoScFYSDKfWmI5@6AI}!VIg8s?$X@;g5M6tVJY!+;A^OWKE$RIL<1YKe2G9!v{=Pqc
z-5zdOl`B-yst{WJ>Yu6v`}286R=tf<P+^Bf;BC*zOJ<b;-=bH1CE!=UrA}Ov(!2CQ
zzsd2<4`*Lz=`O2E<;!&oO23WLXF96F%fy8=Ez`0z`ry#kj~zq8VhBy2@-t+&jc8z1
z6Dc9Z7iit`hxh@1Y#$Y5MvfW{VD1~qfcPC#zOGg1^DJLj_koA<K|=nTi8{@<zyKi+
zH$Kwx!5nwPjR0!|S#ZBdjK`fG_<8Y*vZ6UydIo3{mkk4$8TU(tB_Sn?$$dXD?EF_h
z;n`1LdXUcHk1ujdfUcq49-rx$*uh?h-R?-CGG%2-KhG<$OlJ!R9_vX7py6SG?ZoX2
z-7nsF0Qqz{DWe?j1mQ+_ex|3OwiClhT-_Z3FMPD_`!s)iIMwb4vq$A=<S=+)*I`*=
z{jrJN2VNErw|L7Us`8a!OnvY+ryfZ8ljkmMe}!Rt<hp_S(bt~eY?H34;d}|>c+Wc+
zW|?nf@1LO>FewFo6fLv~XuKln)L_&Nu~KlJ7a_ooBAnUCtECZ$Z3G>A<vM|}r53GC
z^*G3eG-k|)q@~^nd3Yzpx+(I&&o38DCfSf_Qwc5VbcEX>{|wuyUg;e(=OppO+`qVS
znxlCKAA~r*I9zfDTTiFCkgfD8HZY~M29TgmQit)0@9(WT++I}zeDjoa^+KrY&>JJx
zOt|U{dd^rGk($)3wdw!P*r6VccF%i%?RuauupmMz&*Yb`6YxQZ?%KVq?!LM~-c1xK
zX}CNO*Fuu-b#EgGby*~Ll0pSo5Wj4DG5q=S$NqQ{JCo0=*|sAmhfpjEYcBs+iskda
zwfGHIs-Rp1WCvpnsA#m&q$@{<p{zVdP*l!}KD;S9-P?wr|D0%bbQE}Qb>ADiy{;{%
z6MLWj+5dngaehGz0F(%sWJwIA>WAH)X3pKtp8b@KJ31T-B^#*Xa+v{LR;)F(y0s3%
zUngjhFGk9Q4(aA<+9`XmBX0oQL|(G_X5a2bb@)8|hD!eZG7)nfAtg%p$EKB7H_Emf
z_>}4@NH5DHqw1fEe0k;lKqSxY1q<LCto+c@){Xjf<Z1nQ7NPJUkjv(Y;M13$^Kqp#
zfv25#PdR=kZ2Htg>#ZusN%=#f5ji9SSASqVSr~hqZS?>coW`ZUJtYs^8lo9}yOZ`l
zc}FXTs~nsI;BVCa<fH7<^UXCZ5VmH12wZk+L1a)+<k<<Lbbs!#+HyS!^&**XwtEu1
z$$UERuPkpi80Z@BPg|@n>WH_8Tf?225M6n?_Qe5r#ogNwOq-tUE&mn>qXDR&)U0B<
z!Q20_$a0SB_fM{<PvFgLM+)1!cC9r6*-1<0YOpi`kOmBz5MYmOtP6eKME>mW9#OAy
zd-X~e4?bO}BJpT0nP-*N!ykB5shn$^sUDA;B5J7W_vh(;#JL1QD`O&ZCVfY3LDDEz
zp+NtG(R!%nxRDS15!zx|LrFTReN_2vx&>;OIGo#}%SJPiZiw4liML{PU)Mb9%vDFj
z-lgvdSd+myU1DoE%7?azbVZ9O`()ROp{*pOt?A}G0dsRxcW&1RlOB25O_Z^gXm1^;
za^j*#KdFCDh~R%1&Mzr-xsM?V6X4Kpv9)1+dpw@XxagkA<Z2jNDJ?HY8Dw%>qNk!l
zZgx4F7hN5$nx^yL{HN<*mGeG86pCoznwEb7lIcFl`J>PLT`4D4qukt1c88NIN-M8I
z<iJN9F8Ap)JfemJUv|LDN@3_t2@f_JO71q6y!NgYcjT789Y8rWA$1npcs9w{N~=2L
zqP03RU@JO~Z?&{v<rGIsK3_2^zt3r<sxj(cokLG<KbT%+FzA!k3SLGncxNYI*w|D7
z20s-C3iP2@vsCV8n?#Sb%7Tijup=Etck}k-g;p9T?bNs$UGP0<^$1N$;Obj3TsV<t
zdnM<HCO!?&Cn`m)iYhTyxExV%XOK)A`o?E`eaLR|UO0dY<7ixQcB8B9e`r}3gyd;;
zhsy+ze0oyGi#5pEiDHzJ{hg8L$(=YriVI;UK6T&wbFERn$LXp4<Mkg<RTuPfYn)+K
zaO(m~WtX#{G3!?dY$+acl*5+UlMh~#A76+Q^sl)KZ}yJ~=kZ>k$E(HLcapU&ES^iU
zZi$)Umz?SWhaH0`0zQ!L>gMBztYl*8dkFzMn(3>N8E~mEodBkTwVu4#pe%hr6&meT
zxz&T|hTh6*<&-tKO00J~o_J97@-5B_s~LD2Lu$fAiG6WlO3@wP-?z)a+h(ev8SU+n
z6?1ExuBbUW^Wy$LQd=ydS5qWOwf9CxhtYb|O{L@V!#x7BeJ*)9X5b};EVq~Lc406w
zsfoVX#V;>c+l{P@+HUEy%^LH7l(h=D)PnJc9c>i>l_n#&OkPA~$hG}`x0{0n(qE+x
zU6`@ck-uNGDQaDwQaP19;a6y^_k0`vXWhjdJj@7iwEe`36IkA{O=4SU5BN<CaC*Pm
zXBixCwmN{0jg1A^+lFud`i}zs*3x+LYbjw%g8B7Fr**;sVce>`4G@hqjyv=k=u&M>
zPuNd!gI_KnZW0|KwS7@-_XnH_XsTFDw)B_b(#VK7Dxq}=eL$<?NT@b&#Rd0dInJ*n
zRnG(0s!k-lYs54gc+|<yTqzyidR)lZtfAx#7!~UcS6uRGE4n`?X&{OEG=4fzJLtr*
zy#953RYA~Mv^^9YkAS#3PAV(IlWo*2QB3=WN5oCq<C92(gEd%PYjg$5s@=H?o=U(M
zzUWGX0n4*3oa<QMOsemo`3-)kc`sBH0%3?=Of;e6@O<%k$eHz`MakK`e23f@)8Guk
zT3Qe3hY(jU-E^(6fq}krfF4H0<t)Xy<mAN{YPZ1Oh@I)rFhG_^8&n2CWL$>XyhKqg
zZ7j}UY?03xeA4~L`B@+VNzpF!EL4H%1{C}-t9F5x`38g`Hhn5BJz!HLEpB+*9(7&=
z4v|4!Bdg2oQtEi1vGsasUuvBmZ?qciUW5!k><%?F&srCGt`mRP*yqi1f7<?H8&vIx
z!~QCkI*b*c9N=_xn9^1DwW4UblEi8;)m&ugnLcIL<!I~ib&9~?MuXwXhNqjUS-u^V
zRYIZDY95e`+J0MyQFP9{k>o`RwO=!VD$lF<@^ug^fbso(K=@O-p{A+1mVeuZ{5l#>
z>SFx&>+37nrswNfd#gDG%G_~=9BN-)RM?@w+H%=h1R#nc@n><PEj6yxwxt;#t#A26
zZ!qezj0LtHy>P1vr!kSl(%jJX61Pay$~saQR5@GJu<U>|L<5&FS<gH70Htz6?qV}?
zwH<;jUC;69&BWV-5!La-7mM$U|JAiSWI!9mUP+OV0-vYT@Z}GAlKA%l*QW9<VdV!o
zV$WA*ARzww%aFpVpRdl=OSS1ZyPR#A$+cT`YicP!<m!-qhs{MOo^O!*N%*m|WR8Lj
zTA=VNWP+l5r1=wum-~eO(a(1iz9{;dopgmU!PSq>`}#hVl?AjX=bO;Vx8`4Xo2YkV
zxmQGuT17p4w(ZB~^~28~Q=k@ITZx|ZY7`p`0l=6grkZlB82EaYPG=qbG3VC8uHF0;
zgSl&*PQmMc*R@zzS+!riemqgc&QF4oszn@~cG)z)U6$u)CaBr+pXpYU<fqq(gEiD@
zYZdO(t#0z?;tG^6)T3n>T)NkC9}O{lUmz}h^?==eqgHq7(qcIhDWS)u63;g)6uf8z
z(ABomv8cq*))20D&Swwo+gg)m8tbZ?t8lx_)c<FKpGDL=asK(S`9mv=Xkyku6-Vz+
z7ySv!c>4PKV33foSBQiolOr4tK40%osN|s52rk!a|9nk=jR?}j=Iq+P<6p{7aI*oi
zldS<pU0p3-Y_s-&+VNH}$99<$a0GBGEXowl`S|$F7`CjE`-<4RrlWx|C29yxQ_cDY
zCaZePolUK>O)2J41?AdJ40UzWmn}BrQoSjgr=|(r(f49JI2U^-ybSz_v>Po!Soiig
zx2-&-sxz*>U;W)o+2)SySZq<r)6qXv1wpU2Mma4I3t|d*tnUhr#Dq~Ktp^CLTvz+$
zqo5mM!olUl2oh5u|MVf4VCeTBF{68OY9+AKB6hfPc)-)3;mQhJWCtRz9+?*&n~=1i
z*u&urPOG!kKU2ZZkchA0fAM80XdA<F++5dwoS}@{s`ibW;N+!w3|>zRfg`9<k1`zX
z3jO<b6KY=bJ%p4fy}fN84nVPKsm1<6P1%g##NiAC5;;=3PgJMuJT{wM3Qe!ga5LXV
z@-M~;pY>z7FFFl{b#qy{Lxqy2n@v1lMe6l3r`sFve1d#|e3C$>bwzHaB3oznm?McW
zh0{ky5=7NTv-8<zfU~XZ7ZOUx(2E$-;FY9x#7a!Q*UR;PVh2PqfHqOhG8LGOw|Qlq
z3r{aE*b!FsmxQ9Ue?|p5yt=2Qh2=7zL{Uj_(9?Mb;t=09_A5ODzP`6okS_s3X}o^l
zP(~Ni5ux$!+HY;=zF8)>gTZFw)|5K@AMUHD=`5AfxYYdiA7OXH{IpsFetz!+npApM
zq@xt#hm0vo*X96P04GMg4{pxH9=->UA_29duh4!hroz{UL*`MyBn~%5-tb8ofI~ub
zvD^fz4FDBm_k~T-E#H?rA~vv~^S%h*Y;yPYzSDY4E_Q}~eShXB=+9s4@X#B^FCHJ~
zg~lT=9h#Aar(To9<iZU_{4Lk&at`}Pq6?g%#@4>Hi=MUxK<XHmSHXuff-g2dY!?=8
zeVf)F5mf^0NyIn{FP>17-#?B`9Ox;eQej?X+EZTr85Lyb8!C0_H$9!D;L?C)O0Dhw
zcmrQTuuQ&C>c#RPamWu9s2fXs^v<x_L`=A)BSP7w2KuuKAj;1GH!a(vv-tk@pA3>6
zZBT{9#l4vWgmujXc+MLGL2wfe{X{I(JuJ|i5>pK&S8P_vUCD305@@wttI|-fLW<cB
zZ@ugU>bDf;->%fu@$*3cU%b6#TO7gG1sdFgyE_T)4#6RiV8PwpT^n}|!Gc3@_rV<!
z+}+*X^-j*odGGxNcb@8brap9cbyv;awf9=JYE+5v+aEj2)dTa*sS#&h^o7(_J8D}^
zf;!8kOKz~EARM+ca#<Pn;jSS42xY)MKi&)eKL->wS|=wbH)^IV=N@lt09}u0x(fSI
z2Ai86(?yEiuSs&Sl16`XJBRj?<2|umd<SHcU-fzqhAroLoP+OleAXw;;iC{Svgiba
zhG5{{zeLqOaNBPsF%oI}uvF=(&AM=5CP^^!l}}h1V}<A}gz8-)DP|vrWV-e<a&rmY
z8El4Oc;8(~JU@4&?YrCoYb+~!Xs>CD>2(UM=q}8Xcl^OCX0aPj9KbN*k->yucyBvA
zp-CXSR83CYZx%9V$o{9#^O)tBr#~O*?Dd6}<aI=S@iE)m#O(E^@$MHO8kbuqlpV1=
zXpt1Czh~DD=tsp8L6H)+Tc-qD<T<iApkQ0d2{EhePgV+R1FeIAI7s+;1tq^89%HNv
z?^G?EJvmZAv&;|VBo7T6-39W}hOufX=CE`n2^X+miz-$)5e(A1j8L%e!(nO*$#L7m
zQNR2)Lr32n!8RgKh#P#)*3F<Qh%Us4k+1jWcf4s8cZVcV#6S!O6o0xhn)=afhNx;Q
zIAD0Yr4#49Pv;A?s0V#F?3`_9_q;v|hVYpg3P@$7HNE5JMA59ZX<E46E=OvnzUjd$
zPjrJ8c~&w1QeB3G+ZPg4-MubO_9bsrFfE83Y;9r1D-7H%J)p}h6N`!zX2%4qW^fa9
z^}>sDEtfxb1Y2TfQPLtZm#4f_jE3AvR4F4a6G>E2L-qjlaYE#)0urUEqJXk;rOl)o
zg2xf6tObo@UdV*KsDS!<&-A>A`ob9%M7omUAQMIJc}}9|^Yw&4)(K6jD6z6;6$q0r
zTTV0RHDXx~wbkbkRt8ZfC|NohobdD%DhfZ;YR)7_F)=ETM6<MG?5$j*2NCJ+qh>f=
z@t%Lb8SnrtuH`k5*q?_crBvtxtnYi&Sr#S3LgPpV3Azkb7!CJ?c?f%GYj`5Q$sw!d
zeeN>zSM8c*M~)TX*R*fhwb0P&sVMxG9nmsNAkExkp=@+X5Yk;-hzL_y>mX(VGxrW~
zo+G_0XZ&0v5*9@q0aqq*$e|yRSy+Ed@})r0#_0+uBH)a9VZDtP!L#cd{AsVJqOht|
zW5hr&8-1mD)?Z?mbDT67P*p;H$VY@aMv6e#{@!!u3(?YJ9?SdLuCCcn1dYBc>@Zm>
z%ZoO2xu&p`n$q+mJf>e(zNsQzX{0gzUsuMb%FE~Nv>x1u@f|xbkXoRqs8A1LmjO{)
z9u$rnh|eP>lFFu9%xB<Cpsm_(!8EV|#%-OV<Gz-RcYz$*2F>VWVj^5>p`aQCeDWwI
z_>9C{SfZLenNnHwr-~s86;rbD<276x0gsxGhzJjtKy!pk*hmJgHhcskFTrX!;$TEg
z$OX5Hd^1VT=h-eMcIT*zD-TUoJm98<6U{Bq!iXjYb}AcZE*6M{N=;U<-$9*rJ&YaC
zu@xOyBYSR6q=BVKYxPCC{5}7oshM;L#TGYrlY&yZ>qh1KJ?N;y);@l*tK=ACbo-mg
zv<J(xR|K@;3QJT&u~)%*_XAi%A#PY_Z2Fa^&>v>b%GqPfCi3B$Low#3Iw1UQ5b<}S
z=fID~<5lpppK?G?Seu#6O<ep<zlXigE7&Ap(o^oN-a`wLj1kKgV=S?Vk?RR-&Mr)*
zWZK=$UB9yovnHOH;l|24?Lcj_vAij}1C;1cz-PZIji;D`bK<!!Rfo!Ziy9v){T2{9
z><Go}N!#AN5iw(Et0V%Awg)2(avXjL{Vg<OUG{|a^h`n2f}m26=vMPHuHU2|8T=-5
z@E0j5@Q;A|+Ri@54<GsY2u89c6+<SI#xO5&b8rR+FFQc=O!*KZXuWy}H5{1#mun9~
zhn~<@SD*itaL=cf%%l^d%_Q~V$s9M920r%%J+jXpaC8iqo)A$_8y$?8z5fR}gw5vu
zIbBdo?G*C5Wq^f)%~fM&=HYM2R;HEF>WwCYM*_LX`hQQO?v^e4k)^b;w?w+q>~gek
z4o-#s&Dr;61<-`=mIlwA50K`ErLyIhZ;GLbV{R~)dpe&nc|YDAh4y^-fEHf1zB>!l
z=jBQMOZ2-5;6$3*8tevme4GE>5QQp&#%TOa9nV)F9TNMgGA&I@N-FeU3s21%Fh;zQ
zuNIDL!@|jt*hQ8Rmia#-^Sk!vmC8vPrT+sIa$(e|ellyfhWYu4*bw6ekZHzu`n}6J
zeRTJ7bN&YIB6t9NY{v9aOlYgBzCY7#TjXPc7OA7i;CJiad47(Gf&B-kEKjJ@{M>Qm
z;pcC30H0|7MO!;P7{C61z=gRGPPl2X5&}PeOG6Bj2wFLOWo=yu-@lXVqG&3ombERd
z{E<3}?d_8hKWdQ~*1!wBNMr-N5r3QUpAxo|=!!l<9o#w5t4Z{RKv%Aiql&Ek@GZDS
zD#9N13Dg|1NJ;R2T?;)ywfK!gZP34rR7LvfYjC&K$9WeB(f)8~*{iXRX^Mj?#Ew@c
zQ9R61H#qgK92J4igmcUJ_scgo11U6C(dV|bwpU)tz%TuSZDRQ4XJ)x(;;p&E^zPFc
z+Vz)d<mH|52?q<k*$N%{XPqj25x9Y%f6W8~2IwOtn(KGS*uIO!-4C@NvoTr7dJ!o}
zpj)3x%LgHP{7IEkk9jJ)D}HGbjVT+*Rl!4fX><)nZ9KHWop$3uB|v%&FGro}nwPf#
z3S`0un5}nzY>5Pwp_{}*Rs(4_6Wy}9>@BXu82Nq%Jwu@5EeEg=IKjUCd}iUwRDSy|
z?PX*?P3gW9EVIvOF>;h5!uAeRF9ji0lBIE^?J&2qsqJi|9QAH<&YQZIjTG7UUZs`a
zjAikvVI<G**%RR#hS&VkQcr)uiljsxfX~azOH2&&uMf;|7k}O9Dk4((6o|gUV0+$&
z+mDH(!y+5~9IVhqxjQg|8O!`=Y+7p+TWY`inQ>c6;@lCl>(6SPrSC?IUT1yv=G+~N
z&xiB=TU-{<S8D3|LBVa{g}}5;EvQKCEx3}>n=F2Bt5I)fe}w`fCAN(a5ca=JY(V?Y
zCiiqtrc3<(_m%SbpUBFM`Z2hzNZvNBCsCR$79LS6L)#&*8T(VG*4thDDDOKf?@mNN
zfj1&wWzS{P0F6j&>yvyrmNe3c^T(sgJmBp$h1bb6@I<S@x@)1<tlInGvLS-%f5@O`
zU39)iz9=U*iyIEG(bYt8eQc*rC*4bdjD(hBrG~!x)<7_GT(wA}EtRVx1^Z3ubye-+
zJSHnn?W6x#3hwzSq2jsz682tuzm}|UZ<iAy&rMAC6usW3AECPMBJ$>IF4T~9FFAF?
z#_5D)?2u!}d3()yWZYebMUdTdF~2tu^`=s|zR>x;Z1B_q*BaiA*F@*BtoNcAA>8c*
z;cW?k=sbPJeA~6t^Wh!h`&TQB3gG2qlCLlFUd0gk1>Q)vZh*`e7JOO3ZWf0qxLZW4
z>sv0&xwd_F<)}a{b<GdyEbfc+>JM^wplg+MgT1z<_zX2fXJS7Y`Hrs1p1`xtIoTxr
zE%^sJlkhWu^%;S|!;RqiaCtyY^fu?Ut=)gaL$Z5oPcS>}eXLQ8H|^-iGl8Au)Z1_e
z%R{Q6z}pHT{1lDEgbS7naR_UVi70y9HAxi9iZw_4++I|HLk}pO<eK2NO&H?)^2@#R
z6v?yW4bHI_G}&YE9{Oo<`zUG0Nnf%VQchJ;uGSi`0ot==o+li}AL>7agN5A;CG|yX
zw+d#*9k#Hr0G+izF(3y1&pyoNj691!fJ_p_VZ!lCSwkcB&@spB%drV}6rX?GF$uk%
ze)+vEb+KDEcV77ezLobGSx6g%o*!%7-zCF_b>fa*tGndim1c$*&>Yj6$D_)JEDywT
z7*eP_Tk;V-2p#iWF>$f`s{t=(=evY<>vMT_-3Nip*<9~v4eTaFyg^0;x(nWDq`!Yz
zz6k4M=-#^{zz+SmziHEO-|fjlyRi-G!}%uRi|9(q5U^GUfzzAVNB#!o?H!k|qKJ`H
z18QIJVqT5DM>%WzJ(_mK${$PYVG1DWdhbeDUq3*`rawTRVas>pewb3nbKGV}U$%#@
zMMi(TE73pDrxGye(B;EA8SN}<`w%B3?!VWa8W@@l?*-H2f@#nx9rPh-bL0+oJ(`w+
zz!M^+>8zq)Qk|Bm$0L(2#^@ztgf6QA@=W6K)3<Lyhoe7_zGX?RM(fMHcwqs@iE0-^
zsKQ&voT$q?rZxt)oTi7<#YJUhSmHG}uYx>0>hn_n{FC_81XpgVR+P<j_X5QhfpBJ|
zH6c<gcPNNkQa(}viTA)hiU`?Tm&|O?iaDVeU7c6vr2B}K6*2Iwo=_Nj#G0pCwU{XX
zs}4DPfzn8DPlfR6_zi%v85BmFDUuRnnf!<{pudp@9T<ud5)@k;A`;mAUSj?twxvq!
z{?z}%?itDMaslM~(krL^g2ws9Mk9m)GFI*px>m{8U-TB!_q+JI&WOi(T6n5~*7@uz
zdrA+*(v3Do`&WVx4fM7RgYdD(N}2v1uL1`?ck!suHCh?zcqxGVvnMPZ>Ias~#0`|G
zPXr;{T$Q~^Zo<97xvOGlMZE4CsWRsYKgTGiEXtB;2T-?Y9e7k(x)_G<sHZ+KaIsyt
zlx8i~Fr3DmR&)jrTHcE3am;~rB(NHAVk|N_t&+~w=+m3@XKk(Q?tkg^_p=CJ4YQ;8
z-W|=w(!ha(K{5b*ynd_8$X}3TOlQO%L5oqVpPVt-FUhk4p()W}DPUpe>@Ul^(;Qo6
z7=i76vHfSkuSz_LyLr+OfuCo*c|t1f(5m4C2vV9N?VX20=f7X4Jw6V4|IYU{Jp=j5
zISDneIJo?HNz%kpqm|A$ymNL*6nQ|xjB|7)!F+E115jMW<#1$W@Z7_AKcBw$zTc<~
z^BjXp&~=BBmr5a#En~sX%yEv37MWg0t-jMo&xIxGC6|C+#k1XS2sPSGJ667?cWrIK
zk_RtN!zGmu9NzXx1Czx-bb}F!r{i#=uxG>Q@A=rxu1p5NGzes(fdLNwoDWWZ;o^sb
zJ)!*OK*#?kYZL8tBPpiDvbBSTvbCS9xEdq!7vM39k=Z(E&%1D)^c_7JvbyjX7NP^C
zcEaGTtR?Ds(oM<aJu#V2lMHqS^vI&<hkvM{H&lNhch_H>GMKNv#w3dN#O@jCuZN$D
zRJfa5_jEw-eI|O1-^=q&hJ1LCh-)eVup6w;Ia<4V52iX^k(h<92wb0R`Z-Voana&Z
zkjLV%btA%x4DQd5uzqd7L5nj?sE0(85k^@sf9+X?i`i7`;}A~;ofQ;R_bMWWUJ`=-
zw6~;0h|%W~_Y5-*6P5RA0FG6+opC$rRtB$g9j`O16XgFUJFfXBv+V`|`J6gbqiw42
z53gEPjna8uin^ro1+u_Av>fkfgz5=(wqouC6UXhW55Wmpa0JpuGI%7Z2mTtedVT%e
zx}Cin)*Urr;Q}ztkJVQUD23=sJTj5zOZYSx(I5``&pQf(Ax3`L43TlpbeNx)XMQdH
zK+XzGB|+Wl87nlnr!?IJN(4fE_?6Dj2@SeacIDeg2hMTlZ(#Y!AuFrbrl4`n(ii-R
zKd?nTB$KMY<DtCp&ys`GID@cv;|u9`b#C+8u`p#2z*85FS{wK+gZHrEbzk)kudSxK
zUdQ2-E@n`WCA$&Mc$0$Y#gKXQA*d@ht@X>cV#3rsfE7YNXP~A8K;wwJi(U_4|A_GF
ztp9TqaW!f4T0TCS!G8o@TOrG}He0MrOEC98F3gE^T9|2kB7E-GdOBuB^4BBHWkM#=
z&QIukG6aYrS}GsY=@iIW8)0{j8%r7WO=fUdC&}=m3e|+8?^Zo=6z#A@J|tP1&e}4#
zdW}8fzEXPtvBdmHS=&Q7>qi{1z67MLf1uSdyC;yax6DE|*1Z(rz3ixTUp(dVD2<JF
z*W-URvRGZt#eEiJVfzT_8^W27Ai#2QATxit89L8@p)=)xjXEG5+vaXMZ1r=YR?RS<
z#i)LlB>5G}Xq6r&9hU4c*o}1{cC6Y3&91!x${WKP2v30H-&2vZG&Y&-nB$HPF~j;}
zFCP8FXkbEyB|G&&bo}1?;QjN*?O3d~R0Us`9ZJigns9+jb4vnQQ5Lfa7w^Y2>Xepp
zoZAWrck_)ac)RcByGB2EaH1_nhlj1HQtH<pgfK?_&6+2C>%z@l?V<bSYebbC86B@w
zfcaMxdjVW{RES6SqF|@ddQERYHF!8zb9%mLeUGL)(5IZd-X;KOSVOu$q<@J<cW0;0
z?Mm9PBMNfmDf`8ZsY+TKyU>|0hurQza%=>@wUN@^E;UVfPf;Q?OxI@g&}%UEd_>QY
zqHFQ<qH5-TBen89SJc`%?s<l5!tk{qaF=;cqnk11-eMn{Mwms5|BTE9+{tZWUT+ox
zm2m{`$L@VT+^1XP37FQ2%sKu!H#@KHa^LS=8~5R+j3$11ML|-1`C?ZpOv7|-SJiiN
z3b#JXLlftEV#|^Fh^H0Wlt%;k*Uo}VSO=Spk%ejVoLe@$pih~DKrN1NI-syI=fwG&
z2{PchJg9o;AlZ^!t$2JzC5TmyVQtF*1#YP!48@@^m!}abtMFcb6SrK@G2Q%wcM=#-
z`_E<X>Bn7-e&XM{cK+6<M?P2Cu*b2dQVZTb)|?K5pru9czpL-w7gF7~?9v?V)eC2z
z=Q%>~b{vILtZa{zVY>p%&`yvT=_UT_V!`<(<%zPs8I2$W%5v5!c}5I2tKignT4>EY
zKn=Z2n%Rx4e>s<*KzMi|9TJLU>;HnGlg}+-rtfhF+D}!(oa}~D+yDE>f4_5YSm=LZ
zBf?N&$awVzlZB~<%;|t5wQ%+22}Sb%#DD)Gc-7`==&Hiv;_kVIA%f$#=-OKL!EKW`
zkn6#I(Lev+OB}8-p{=M0ks4)cND;=5uBN7z^S<S~`9ES>n5ls($J^@@uUvHMB#8q#
zd~V_eDbG7S-y3Yt+w0^1?{#D*(p@gGB$u54)Uq=3OE9d6S>4bed49gZ<8g=u`|#xE
z?ELQ$He-5<%t!e=FxtHCLXy?SZvO_x<#Ls}Z3;TdfeEy!_9WunssE;kKSeXlcWaHW
zWI8?$(w{#yIRyl#LbHoJ^X^ZzaDy2k=RL8Z6D^IXM8_u^bcvH?i@?8EXaFn1LHl-|
zSH%$>SzF8EfJWLQ$Fu-_v6q{ij4L20VE@>-rr>_US2MN?&-|Az_MgHM<zz-%Z|>{9
zI34ph>^*r$x<$ldt{^4#zd7qEJO(D_$XMo=fA0`{J3vMH|IJVUXhG=zpXz^WHUZL9
z0f-dmZ=7%NOaJaAN}BjN|Appx%<KEj5`3-^`Gi~@69s)mOfag9@qe4sjd2)FubGDg
z`abJz$^TIkn*394syQ)8dKPiFA%r{Axc<K#WiHH@{YE{BXZY=7JfO*wu#>t^25tkR
zl==9gEK4Bxef@2$xL41Uo~UpcCDTYoy@nnpReE@gzc~8@1@uu(q6)um)eF<VQM*6x
z|H4u~vp`U?NPscgh@hgPQdC?l;^I<&o@``egF;A1xKUYNZUZ+^bwf5G$3eJJP8zNA
z-?ji`iwN<FoC;b)&g{`nr*xoC6-7n*3kq7?8fl6BVf`>1Z}u6TjSEXlNRW?TL&dMM
ze)L7+A_2*aTC=XW2H5^o|7|Vw1Quw0(_UnT=pN0iZhZduS;7noB5(BP>N*DO@}!;6
zv(ykpw%0-p8(o&y`<XRh&Ai{9Nyr8`?I7K}TMPX?QQbE;`1|)K1qFrLu@0A`q;vEr
zGlmLH2W<_F566wQwWXL-&z0cx5ttwvG?pO;_CuLGPP@bC?Pv4Vd5la3Nj^`v2!K>9
z2}-#5B-7mXU7O7k7ZoinB|pE`{O-{aJ=SoO(;k?3ins*IwvlBW>XDb0E&`rbXy!I;
z7pVTROT%csr@DN;C&Uma)7ZP(@VDGp{yb|M{k4A6AOc#fVG&CE*J^)DTYbr+O?i04
z0bJj3YLTho?7FY(M9Irjj^{SIbc40ObRI1qWUwf?w=)cTBj4NYk{y`+iV*{5%<ivs
zbm;5MlJtyibZau;xB=?RTAxcJP0RInbK{ZvV}AYm1s(dH*b;YRSmLlmr8MYiF1Qft
z?fk{T!J&JJ__eKEyjGRPYD$+rQ|rpJI|ZY3w;u0##BlQ!>h~l^5(LC+ihzYEyOARb
zoN8O>@J8iEpI63DeAtON0qcm=km;1Rd*_m}JW8=TLTc#+f>>ZE&{Y3XXT<AB{_mhm
z`VM;Y>e8xi%1x!LQKDa%)f`H7v$HBCgEwFL`ia&myCg|Vm3&y3rijL>?$Fr0WKwC_
z&=9nHf6;8SxzRI|HLkGiy#X_=+eBf#m#fKX1k2|G)-U>cvUawkx}_y*SQISqb`BQO
z98K>6Gl~!E0Gzkc`hbp(4wl{29>7VKLwL0$dRKI@${_H3Bjod|g^i{P#}U$QG$D6`
z>G_ucBon5TB{3c+gA$j}n3xzzuuaJ@-?8W_A8Q_{!)^}HNV^pf*3{vN<fz>E*(Ee9
zy{p$AV3w(hyKD2d;?LZ%8XZdW#X19opS^i+c2D*O__jWCqb4jZMrfJc8BC#j$$4Ju
zUb9q3-(NZH?Rs%myd*`C0;4^N-#<^QFXdQO=7iy4hLMy{mZ?(SwS2kX)&9~mve}+;
zy{+zkMQNMfg({rhxlqcTQ&b(&HjOQKN)TSu(#+`|r}F0ej`VCqDoci)Wpt{)ms1^&
zsp6anzzPU!5m0cteb+!TECI7*W3z^N*C!D6$rBeG_DvjaZ@<P6a(_N-zdKqgeDFtL
z_iR+)uoAC|IB02E=<yJF$1;z-&j34E>c1@P7ntm?v*$;@b38vg>8;JeKB90n#C)@q
zlKq32$FIa_09tYJWm^X8OFF#C=ZLDbNGsnMfOrbW+-yTzS6BBgV<0+Gk0}?dxD6AX
zuVa=5>@D3338CZRE-m^9AX^Y>41yym@CcNsCGT2R4L3v(=vfrwxq8~g0lU6@ZH}Yv
zsQ^1>Iy$tnVVmG~{n-M+x7Ee&ChDPUV!@yO$vExr)aIDF&*nSid*DcYr$cg^Fq!}j
zT*Vz@TP>}e&a)2e&h|HG;&@|o!i&AVucK~+^XjteK6mQNOJ5KPO(0^31)|!dnl~=a
zZOdJ;ttu7Wd4}6wyNoIQ6~2@*Qyd)ifR+WJ6%$qr#wKg7J;^^GpInm|GDOSk8t2Xt
z?8)nj))&g>g{If5@t6j+^k^!EAK?NqTLYA98-z!p=$I@x@}JA9Ut18xhdt5SIkw=y
zMmR0b_Zm-N*=yRzF5cW0Mx3CF=oIGI=aY@WtVuQ!+6ju>!AQ(Pp6iq?itJUnS*8V9
ziVZA^XyMbTG7?xkG3?%0Q_eZ!TKne%@AL9kt%f=Q44iJ-+s#ciQW7;CH5(x2w&k~<
z`nth+6{xSNenYgW9GbmQ#n8J2!IbfYJiQ4!bxjy|=rKS83Ac`zJcak!3oPY|!-18U
z*mwxd9tzC0+gLL-<S$6i+rt+(%_*831^D)miXKx5&n__ajit@$Um={bb--Q$#xSdP
zY$Of*e&r|)eVZpuB=-h0QUG1+9XSv2N>BGkk;G|Y|M)31!b6Cgpoc`Bx2@#+%XNJ1
zxV3<29W{5<EI+AWD{OL;Ba-wJE}Yta&l$C{OYQX0<ZfZPftjW*E?zb_rUCx67_!n&
z@2g9>TTF>oeR;7C*%9scPj=MP;`||lv4nD}!=Co6k*DBaCx_h`001DYsX?0erLhe8
z(sg9VJbt`aF)L3AbcNz2f$+|#OvP@e_vRl!%u_fF%Xb=}a0cxrXr()JcZ;c|uxZI!
zGN?1*dWe>oj8M_d=<F1p=PO>D^y`he)WBB!${tP!Z2m&{I2gla*`f0vJS1;-qfEx>
zYM%}XV+voJkXd~(0CoqpmM~h$Q+<b<;+D?`nI2*8dLcLALo9NJA9Xk`QrnP)7=*Nx
z$HZ)JN$?^BsM<RaNvm1LYVSdCAx5{d4h-!|Qx+OO!^?-%^rvzJe&-9pXRwlPEL4(_
z?;nLQouXXo_|ta~NluP=fOHk1tg6{Pk@W-Yf1ncGSI^}C2ENMlzm4ML)=5S&wLv<Z
z`G`$Si4aehm!?Ydc_SvvZWn<KNo1(-DIq4LodJNL)Nm%!7Y4WCaf{|V*o5#$C*fir
z-gV^=!<ba2@68cWA@|*JhBphFC&P0+bKFO!%}_yFbpgBFMa{uYj)=ZLvSG@}ujECQ
zO<(aQpP*|hf#ht075zNA-itut&G}%%Z&g>GFj1mw-=TPRSleVySGh2}oDVi9@4LQf
z1|1=qL9b%M+kK&0ZYDg(FtAAfGwDu-d1<EcXiV?DUOBhCRCT-d=TEp!4?;#u3`_)<
z(ODDZGNOHVhM)uj7??TvvorKiG!44h-F;=kQ+O5f0e+r8bu77cPW3>MkeqhgwS3K3
zKd@-R)wkj?MH0)?_*99kh-7MlVxJ+wO-+h7i?W}W${eNjv+1cJQT(KQMX4kqf$$jz
z4yMcYa@#axY1TYBVX_;B6}MAcxv8mXW4X!6Wh*i9Gxd;|yaB1(*evdtKv@IEhz)fL
zFJsKb3GgwczOLT>>nxV$>319W7nvqaLgfGr*(0RA-QwNGH4n9W{<o&!=-am1L%~+8
zJ5hGg^8N?PH?hVPeD!O$4<DJmW8bV-BPyR)JM*B@?eEHx6&Up*ph(6xZ)6rF-QmAQ
zH|Rj&Rt<Cr1&wzIM<kmriujr`zt%cYHt@CuNdZvDe$Qg_k0U71qdpMw9`o5X=M<xA
z%{im`BWrSpGeyFVqw5jFsCRCxH7CO~&ufd2K^+}XM?QUVS!0r_#j%p}AMB5_oT~1J
zd0N}9Y@nqttKPE4wjPpA<}VaE+=nx?S5l>oHaW)ODk9{p-A_FjUg?OQbl*>Fm%~e~
zdH^sBJ%$&zs(QbTSG#=*YV7q!kvnD2ykp2xAz?f|yU!i)Q?qR~c0Fa;8Qm>a#F<%l
z4ly(KFJ`yh?@1fo6r>=G+JrrHpjJO+eY!2ITyIJ)AYY(O*D->7{lF-?d0BWd%8vlQ
zhDEuYRSXK1dR))zHQr{OC`%e~q+<7HCIs3t5lpWRD0<BvV8uILxrE+?)#%tqR-oh)
z3NL_E5%-t86?hjlGOr`V*5~^nv@`8k1d{%#%kj&->RUOU*CrQ~fO($+-#W-4%pLgY
zw3Hf=c0J*c7pc$Vw2uaI2bO^m-$k_*K_xKk^i#=77;(-kgo><26FL+F2Z2xLBY-c0
zA?;J3a0`EU{=UZ?-SQTBpwAa_-$y2N87Uv<vi8r~Uxk7Q<>X@1hGXLSkaiBdFWu&|
z&LZNCXnK~~Ve_eH?2G9;IYB=Y!z(t7(E0mGIMrgw4c;K0$E|Qk_Vd-MupfR4sQHrw
zHmQIh7vMVj<f(mFnL-d;aMrG*-UH+Z=@>foGe?K=^Ubt``O%X)5q^J^(Pw9*t0y<9
z0wbxQ7R(UQS#r}99lW+0l|h@6xacne3JL9Sg=4Cn!ku;Iw1I43N42D&?F~gJ{DS-d
zqeftTwp54;3H2O&CKY?zrKWdgQI(~YvnTMX4n-NsdJo!9LNq(s)@8f32Z~KC=R<rd
z4VKz}!>E$L!8SwYEnHb+W^K(CxIot`Mu8k%BVs~|lxe@6E-xghaU(XqKgz}K25So^
zWi6|;R8=X=@9yltkdkIKn-pG4u&=G^CU7*;FrG4-!?1_Gp&%i#d%eeXFXt@f%A!t-
zG?1M@+`HHsXdJw8G5f;>4d52q2p%MJkre2vp8G6<8ou!mIyP28zep-44?Vz)ASM_c
zxe3#ts%QmfK%Pn!Nx}O5HZd{u(@N;6G1`-YE9!A1enopts)t;P$rMrPM4MMt3FO9i
zbyb>QTIgQ&LeoAP{XuU1xMi;XC>!^n#p;Pn5IZW__@ODuKVcgCEASPA2WC*=&bOWe
zKMliwKNhFTYm*QX{puS>!)Vw*e6D$~{mub;3A%H-LT^wrrO=ZACapgKYo&O+6a!|=
z#0}2u<jefeqEFjTLul-BE9MW=gw8O(Hk>Xd&GpXPY9^e}F;hCbO*}Z1&OWU;iS8M8
znUmh|#>$JVH>kvo#sFf!^ow1j<c8s`@6B*7vvEcWHcv6}QPyHH;?lXbh#PZ_sYnu7
zyGDMPTjV}CPptO1-w1Xt3s%*s7XG1-ga1|-e%vIHlEH_Pwpq)%!CO617bOhsO41=8
zZl8tuYR9CMkY!e*gWKj^x$&lzm(ZK(V?AEnBHxCs79VNUQ4NG%Z^sjqmI#K#>_=i=
zn4NnS3x`}rooohnHe<G;&C5nisma<S5r}9g2RhOM0s^yol)aoAyL97w{?&LT=v_M3
zy(PcY;7^a3m4)#hk;SqZ2vZ*%vy&sgYVNGJ1bzE)8`Jyi9Zu?{^6ystk#3Y=J2gV`
z_SX%O`<G>r>1e?BPzX7}6xk;I6xk~D@hl=;+&eC>cFYQS_sc#UAtCcJHxruI-C0+G
z(<vSg51Kzz>v(<_W*K~{nQiV-cDr>8ChTqUW@LhyJ*7S!vTI8Tz5U5D>$CIwbL2Y;
zdT?+mPTwPORy!sTjQV;LKMqGk>d|pNVe(olj{w}AJ^{KZL{UhlzA^c-iuDos8ox4w
z_^)7D>Pj_vym%p7^8Bo@KVcm4SsRb-IJW10N6~blVDTwyYYXmZfP(#$k6yxMt+nU2
z);F@3X_XeK>8HwJMXNLA*0;+S7HRgrk;2KUwtcAKR=@{hRdZPp(;xi=3Af9ex3r+y
z_sXdb@(~yvfVEw<CAhPQVYEJ(&pIqI4W8)}<7VJ@zcpMr!KBtdp=<UCHL~0Xs%%D-
ze%%p=JoN`rf+`b6FFdt{`^01TLv9+m+egk=Td}SLUhVqvs6r$uZ!ZSW{sh&MEg{y}
z>+1SN6?Q9}m1g^CAH;YIl?p4{N~A7TC4~<~u>%s?UhFz*!<@g~8{UV&ayrWhWkp||
zcbN+t**)~y-zi7xabkompayGOP@LTJp5E+*<)cNK*xwZc@s#m3_CLC<AR!VQ?(hbB
zk2GnduUMWONU`#1D0+N|aL!-Mh6`mA&T={xe%_OHszt<JUaIf6v!o=2j3&7EjOj#u
zTLHGNuiBmz#E}<6+b+@^277SD&ffQalBabE)K&`mPQc3q+<f?IHK4+ZURD&J`z_~H
z!<QFRm{>4yh#I>)l8El3;*`#u%OHVHtEZ?`EaFB|H-0;t(MUUIdNco#09F}!D}2Q)
zN+a|@yR1ZCHbPjF?3N@Wv%$t^!Vr1~u(Wc5OPjgr!Pz(&o2217c0{NYXzryUUixTr
zYaKrzMZ+KDc#0hJ<_)hED~*2N83-Cv&bXan_);UQ;~+15b40-{tmpg?9R7MF=8!cy
z<PY1eeH<m!L+SAL?k8(HIQz%AzInHktlK;L=IiehzJ?@rdGF2DeD1Ss;&p#cHVoW9
z^_-AMbvX|6IgP#ak|3#e_V^s#HB}GvT(=*N<%Rl<&}xkdE}_j<SUN@h9<BJA%rA5m
zHI7=eTsv?dZWA?2tfj|r72XbN;mlf><yYof>u3Dq{pSNy+)ba8)@Ww=i<ee}Y59_!
zRFj#OA?vPHpv6k9j<z=R-SKR|S}owJ@xe*f+Ck0LmUwrdUeeUE{Kjp?MJ-{}>Y!}5
zIr!~1yKVJ_$6)=}gSz9{8PDq$`SDT}hA^@Z7W4B8YDn{P^4CnMU^BW$X*rt&^6Q<k
z>az<uD&I$Zu92AT0tBn`hqvJF@FRYQcbSjQD7iPVo1Y)fp50poyfAyms<!}PM6BNB
z)H~Wu^tL<l@1|wpb9{SY1{_$m4$0)+qGYQN91tF{0~GA6P^WoY>jQ47vdO#4fyH+a
zd>n{V>mG91N5r!{YbP6mhvd&&72fHuJJ2!I-u_!J6c^{}winw|+%1N`x22I2xfqr(
zm;_|m<Kyg+xhP3`djgxg{D}d_li#l14)q(H<%H3=lWD1o?`C%ozvrSQe-vObjynYz
ziESK?<QnF9apC^aX&#Ik=<X*Gd_?VodP#K`B8t5av^d8$rKs$GNbo2sQlzk$l9Ha}
z&3{hzjv_iz#4T{GVGZxiMDRdp;{_+&%;7+I6=g+OG_OB7z&q|F8MgyiA8>~u0-w{U
zQ-UvkGlr*pZi}$A;k3^}t=bc)5`Y2~^0Ulhx@Y5h-PTC`M49rCe_)?TU-88B*NFI%
z1(t+u!7ZV2pKah;<V>!|F?vnYN_e<b^7b*!jMYS9Yvj0k-Z|pD+n*4_J1Qf_9JzrK
zZe#?V&_YfTGY<t*zIg%s(N<hkDOyvpLIMJ<w&1~VI_jNdBLw^CDwDSB$p6PgR*_#d
zZAmrSYOgZqaFxjg6VMrLgLQVWSYNeR%0~^Lz3CeF(^0P`htWuQMzby?ot8)!Qj69#
z@|<n)Ay_OBp+M>lN}eNgymplHwj}(H8)O*J$lMz5#}0!rd<$4<n_?|U#eG2Ndt!$?
z>i>j``-hNt4&F@<M2Vhih84!jC)s3EO?6r`ZVug6i{KUWK*m1>hp9UWQc06ZHr*h8
zw<c-vJ+#c4cUjDZan=)b1)|!N%M6fEclwe0ZlO63MQ*z#Ispz+%0plOjI^4U9J3?#
zGN412n}-~iIv>E`aRw`QAC}@etSll;5OfU>*+^IfKY0BZR0ny0zI}`S6l%)#f*~yD
zyF8{3Qv2-OUEUr(=}63KljGH}GoNk6Oj990s5n^S5c^ZxI1|b<_)EWZ>|<y(#U5Jw
zC|~r|49R|J_|J(y{oq7$7+2ru>Q{51DSK1)i^Ki!f;T|8Hb?Z0(Pex$pb5ubKX$26
z?46$3`jNnT2XCj=fX4IuSq|F`o|%wLN|?_#PV>Z3mMnZN6_qpm;z_wA)3Cw&d&#{9
zFwfCRmJN4A`+Bw21Cv%h6RVf4k?6{%c`Lo?baUvdgQB4MIGOY5a?@9y#y%?j^d(;k
zmeG@s=}Ukni_<-{{-R4t(^73Ue%*ubiTY;4@c3;`hF*0&{OYHr9F9BO?H|nuTfrw8
z$TrHPIv%FX?StP9y_p-beBO4Wh(m-93UMZaX)l!9i61>$@*;JxFURzx@-re$wN2t#
zj4l>V<5RFlMO)*d*UEj)xnmzcs@muiUMf}7%0~d5pGZNG*m6Xfq1uNiZn|>R8!6~b
z5MwV_Cf3*k<mpJgxz@(UkU7d?<Oxk;1;0C4X|6?IsOb0_AV{f?TFeMP;l#{OSY2H5
zgQeQ9@dC8{4GS)NMRLw-&G9R&ts^o*1%2&|_TFIdaevUnsbjd|j3J1Wo=@;EDI60=
z&(#BB@fpLvA|+VITi|eZk5f?G)AMDDtc4_hZ~tDbg-k<)tR@TbirdD2FUbXoDXM1h
z@N~rTn9&3uhef_MRWHq?DthE*$g*a)O<pUFJa#H){}~I^Jx7uxy+I~NvlnRa!glU5
z2tkw(l-(g0Mc~28q}M1}`HtDy)o@@2YZC*&EMC>IQSc>4d27iQk8b)?NAzeYeP%SD
z_B~4Oi0s<XL&xETrcBUh-PD3c_XXi?!3kj%vtX<JbkW|2Wt<X4=0ov5yDgr8%}4u<
zJtKWZ(HCj+q2=0AZ0vv|-9YNX^kW03mnfD<3)EDk^y5Ci)_1fqRRRYj5vRxN!oK`K
z@DK*69Kke-ZL>UQA^G{R;aytZr!@$hE7LSE#!?maJoIpG?>5lzc8bO@n!di#6J!H3
zlCe|}{8OWfjeUh+MvXCrH^F<Fl!OC!TARg5*6ERx$@;I$a(#5Bb4iL;A`!Ga2Q3nE
z+gqKj{vE5DvbC-r#cRG#C}7P4AfQ6&pgdtDcB4B5yhYc!QD9);(Wni*tdrK1rP7-#
z=IF`aq}S`_<|cHb)ybriwzQQ_{ezuO*Kqm7>FH@fK<kO3+RuWl0a`Z}F8mbNw)Tc>
zJ!6g#-$!a8&1d0x7`dL@fl$2p{`^{$#~Ap)k=VB`#FOvJtWGR8ezzxp8MR|VdoTBc
z<83)+v-`cl^A_fKW!I3<E6$fT)v{lAf%_V2J;*j&Sd=$;ed>v7$W2O!cYf$8Ev^vL
zS57kMj{xDttyF2%##?~_Bc`GKjpTR`PtfIxf9%E$zK8njJ>GEuUWI=(SSrK(SueK<
zE8g&0n0wQO28~;g6D1PZVNlnj`7DeQoYkaUPnVeF$wAnk3zB7}V1pmh`x<<Av~h#^
z3+(hvR|28^nJWjLyzwgvbI)tEA>G!{)z2r6!dROwgOTIkp3x-U8X@1f$>nP6W~{~G
zjKxkYY#G+*?O*puFT@n{S;$k`%4kEPk%Ake`IuHWP{|^gQCxs?`sd!{Uo~!$vA*PJ
z1@rqt$moIZ$qq`t{5G^OTU$ZBi$08e=}2ucKzNMtKtul{OmWiUPF0=On0zB4en%5#
z8aUr0%!Yvthr0E|%$2veh@T1Jk4GmPd{O*{tn75b(qJ>SKz14_BOepo=z{VY;P)@X
z;Kf?@%3z+D;l~0JBrg_vW$llRS<_*cOOyMblYCg}+&*H|I9?3Ao9Zze93$z(g>wo%
zzq5PAiAaG%pJ%da0&`ZLA2x7gR^hfu`CGn*5fx^l9S`(`2JcAM52*7&s0%VGj|7x*
z9t{w;LNf?J4&!$|MrSNI^?$Y@*#sV_+XYculVC-7>-&LiBcco8H-tp(n3Bp49N)Qg
z{?LfGSKM3R&1;4A<E+|;RAJJR!NF#mh6Eafzm^vI3bhf(>0+oJdCto_oxPER5M$Jv
zbZs<t2GP`p$EJ&z6Fr4|V_CD-m^<+nZCDfJlDgL7%4H=cD`(MH&nkOO9Be8lraZuT
z6;7s!3vfq8dm$MSTGxu5FE^r<wG<Db4Tl+#CM;DTys5fe^oaq4A)&}R6-z7v1l+^Y
z+61GSC;S@@9LKq`$ks;p;#(Q+m?ol|F%x6u2BbZ6$Ue4$w+AQu963z(!!g1U3$Q&m
zUC=ZFw9k5Z@c2AZ5eTHj5;|4KOr`^c`$R_T08yc|_Yd?1mVJXE`yyLc1}BF(Xm(!|
zUp5XK|3A(aqk{I!!92m5L<L;m{Zp!4L%(WlTJecd{*2!C!Ue?T@3^sk5)k6v$9Ts1
zAfIe+<<PD>wE4)tANO?<nU4bS5Y%Abs!?+;5>YZJ{ojHB4uOUzX@SRI{`S-)c(<L-
z!1UaE8e?X>n1J}OoHMAm&Z~ac+H22FbI&II`D>ulex%O-ZeEI2@2Zr&MN%(t0OI}2
zz~;rPQS>o2*r95Qo}O8{Sqr&(T>e6E8IplPMa4);ALR4+j5fWjv!n!_Q(&1Bv{T4#
zpq=|}b>!Wv3nECie{(^i4SI(3^ZL9CKqkg-7v}PUp~4sv{^ieN{c==fiB3z<7wW6s
z4OK_B-ky*g8e!5#3{1rrtrsnar4Pzv9%q7ivdZ<;U;!FBMn>%3sz%eKvo($O%j%Kl
z(**%N5NLM^gdR^?N_=*#AHJl)-t>3EC8fsW#sM~F_2<<i;N@r7+Vx;2<q3eH&{}2R
zXk+VRYgOu{Obcy=K(T7LteW6ok72`(By^!B>Y$5fck;2Nc8|&YL*wum|6jWLvqVu5
zD3~{POjQ5Vr@#|!0b$lXR%25Wgd;v~3686F^T_h{#nj#u`vy~rR4>B(z1lJA>9ikB
z+|{$CRrOMIHSKj|0jYi!n}8JyyNG6!QRw-^fa~EmY1PWps#oqtx}}8$1g1G{XeZX;
z`q`bK<Y3m(=2|m;e*T`RDP_E&GVI~y$n0{{(cR@+On>}<$ex%Q7AuQ#my|Tfj<W`m
zAX|8*`6h+NpxGMd()$3{l76Hl%wE0d;f&HaM#4~Zf1$YCcYn^xB!C)s=+*a!DKfKv
zarRADN~-yk!b}1mRvQFSy*kcuXA>*SnYHrXfRKtnJDg?ElI3Soru0-ioSWnDpMh{Q
zP{l4Am^RV)P!|C(#I{wF1Qhk%3xEC~fOi88(BH)|d!NOahGb^zFpE9BX<9ZsiFFzl
z-We8SGV+s?*ii@F3Ml(lra`_T_na7?3-7h+L2`zLCH5f+(I`hx^NCM#%3b|0wr@^o
zsdYN)e6=C0NlsA?eIy$R2C>((xI(--8=#reA3(<C_Pgfg<3u{u!?9aSXVZT=oWTSE
z4#J!4H_e;pCpUqReksf#5ATBZ=yGL#KAc8EntqkP%sW6_c3h4{!kI`LnxBsk5yw=>
zH#O4u<hznLDelm7r42uG^h{EmIgKW)U7h<DwI!|E3BN@>{eK7tVZxZiE2vw#G37f+
zU+VCfBHrY>=dq}MhU4@QGRKbxXx6`|BN=pu2p>=xgKq^cjr7C|Zy2h!#WoMt3(ymC
z(i{M0d4T8Q8^LT!Nw8CzW`+#QfBArQ%*5kwC0eQxWkcd{VqhABPEeyC8i6V{HxklG
zX>)u&LeD>9gxGYfvg#W)0=sI0I*lzVn8;ug(7d56;szn;SoDu<$Kd}M-FpHZ{&zLX
zzrq6fpW5H`4}Z(Q>i?g$U9Qf9e1Pc-U;A|ip$!)1X5}YOPri2WLha`>;7x3z-m04`
zHI4AJX^%wUemxNW{rl5(Jd7k!51Bd`&cFao=k}XFQK}Jt^iUHcd@NN!o)Gs2v557m
zpYFx!o$tPN4St4>FUm8LMgwfw*x1mprfaz3$aolWMmB#>xU40HhyJWP83Ux1VQO!Q
zFh<3di;Ii9=$YGsz#qvcCLIu&x2x|3Om1G@#Vr3>=i*{Bl%b3|<PJ61^%Yep<<!CR
zTm&K>$b6!H(xHSH)v4$@e=0-6LgwKw)i)9w1T%6rT|*g0%B7v4YfqcXY0{A}s_!3E
zq?r`Dy-snwNitW?-O6IY{I`S)$9XPjpEh*Xn%VHLL*vn7Cpg?F5#JaxdpGM%1ap@@
zfH(gUd_M2_{k(%)JK#v}`noCM-6cMkrD|PoK~iVaWVO`#Z9vfZOj2A{i)e<%5pH^A
zcO2p-15{g7t|Btpdl{_!@s~Ga_l=cbFAN@sT#%*~+1{Nd)r)!{pa(RHii6<Wyo%S4
z=>if}qz0b97BVj4^J45ukg@W?9QCjloxZ{FxE|xRzdl+mH@lQ}-5T_OS9M<>5ToTa
zc=|R-fQTpd%sZ@B$#Z!Lt!RY;w)ctW1($xTw~V;EbD~|+jsI!#U1DzWFL&~*NgF}_
z7BhUWqTa}epSrgL_<=#sjaUO;ZDdH!U}~o&K4a+C=s^AevW*Tk!Ikw!Aqo6Hbmu6Q
z{2e=3<OZWuw{Z)RH;WkQjR;foJv92V7`mv_L`l^|ibK@yR&GR)(IF-Xh}+Z^-4QNN
z@fz8Fy)$qS)sa=EuGw8rHZD}{DHz;@HLl)a?REA!WHlkcst>oW?+*6yQX}e`&mHkG
zzYE6g9xj&tsj|F5Zy36In<aM4+jFh`Xp7aXIvQW4-PHMlN5+>)bMKTI<Q$y*`s&9;
z7Hu%xO5fsCO~-`s{e{_Rwd92d)h#OJjeK^1qhe12f2qn=OhAbpype|zsQHP)`Idqq
z^48)99Lf;D(Qzv9ThGiyen3n%o(I(cAzoUOG}?78fv?U+clA_3<H;#5TtzXGT(_1G
z$@}K=+cDx<wterYj$cZ1sN9zGN9mMM-X-tz*?v&7nc`}JMM@o$)|sY~IFJ%xk`uBy
z!L^ekQ{*>PsKWCMV;>W4x-|On8mXpx1^v^Sh-D<;`1QR#71aGp38L2BY_2>hI)zl&
zcq5$K9G97k?c1Kt(H(kJy#Ee*>3X{ZoO7-G=%A#yBZtzgc*7X`3Lf!!8SP>gSS*bj
zW0;7kfR_<>boc4vL~SpuVBB!R`lcuTk@Tmi=>b>dAGuF8y>Q=ybbe<N!>#Q~HVAG6
zJhblt1a=)(6zluQWh7H&`rsuxJyT1@DIL~uv(O;Oz6ELB7CiZ}1f#9JT8%|IFgFSM
z%wBJ#2Rzdjf|>6yfWnH@taThjW9cTgQfAKydyieA73Tmg!SEbqJPU#NZBJj<6bH-y
zN-HzVW9fV_!a7R*ic<(V?vrj@sCB*<zmPUyQr2bFQMeC=M1mbE(}jGVHY-|AMfGmo
zx&mOT8XIvNk`oiVy1GR6{Vt3^<C}ZELYMF%V1iJWiZ-jsmhNoMjI4z0<f5_9&PECU
z;AN|EnU4u8&e>((UbWrUNvpL0v!1DXFI7iWYUCKD`RmcW_m_7_5-|a-3|P|3oKnF4
zu87u;gN7WR%S+eLK}|1%6XAEab_@Y0f&~Np^mnA6`o3cqwWY5O)6W#PiDrgI1-YnS
zToYk=gJ6&#2^)tmqjpjnMIs)wHVJ;^jU5x;n>392!(60X{YH;sxlO7^859FsHrRHp
zq4J@6ds4dYcQhfP%W(6uM}6mh{;I%!A5-G16{9cj0M*NkCKho+_mQ%A6(?9_<!)~!
zL#2NS(qX0X)@K%zSj@yEf5Jzb$EvTEDNi!GyEhz@5pm61IP-A%<a4A%ZB8R=l5H(A
zjMqAi7}pMC)KUlD1-=8H-8tC6i9>puMOFh-=-VIi;nQp2?HJ)rzNCfwL;%)Q47yP$
zQi$qq(#Ut&P3jFa1ulI&V4Cqm?Cw*~S!wyG&l!}!86?x&WE~53@x8S&YkwQqRxZ9T
z@FL4iW)!=vE3E#&i!p&8S<R#po*NY&w&;vX6Rg`e=hD$rZGLxD1c>MbZTDSOk#7mG
z&_XUz<*47ffU5SMUz1sF076;rCOn}H2lZM8jMkx|-?E(%eOB?_x(LO0Ji`G0`}osn
z(m5d!h_Wq5=!IiTe}+W%??`CZ>O3`fg%o!F%--`2Wl@m#lBH`gd(^E_eQ9j=?I}B9
zUOYIh^~e)KIId6;NDA8oLBGjT(UN*;(VAm9l^s-#Ykh{e$#`4B06|nJR<{w!-ey{T
zU2(Qt<ykT%%;4?49yHQX#yxy@-jDbjk=oT(7hJ}V?J>V@lo;%!=B7@T8fJX5_*_cP
z=O!kqyI7k$9-x&j_+6(nteVEz;$BTB7oB}<!lr47s<)O|X<PhW*k&|Fdd*5>I{8nn
z7)r0g6FO;GwD%awfwT#&xbi9Hsp?%j72A(vGk1v@*%g>DWsC^=Hh<W1GA!^<l9P#4
zQPoDeHUmDSFzAIUE5A2H>Ck|YZDAeD(?8XvA#-OO>%A<>|LxWk@-;Sv&lKht>FFnD
zRir~(Vj!nxR>Z#RxXy`Q{Oeb6B;Mq_u<pQh%yR*%4ybDP0OWbT<>xatSBM`5j?Z(d
zD|4VbaUDxBlq#Ss?YRqd@DNUvokVje=hSR9=8!$R1Q8xfH%NGx^L@O{s%gNvWkc^5
zq6nCK*OTD0umo`jqt!Je8!Z36MEzLBk6J8kMDVO`jKj9e@kZi0z$6T5&n4+D90Q$4
zEueSod%R9>CU6peGv?Yerr)GXN{)8dWSna~YTH^q5_DXj!c&Ro;MEh4W>O|>>ao@(
zQ1Ix3!kURw@I-VO^~K%e!R+@(oE}a(oSe@xFZC{==_%6kxjS-cTqy1B?dtuHpb+1+
zuS7!L^K28=BEmv!P4$mEe_$U=A6LKjKXDZt#uoeBm;+Blu?AZN2(vYhoBX)*9sYA#
zYC)qqAp^gbstg%BXjNm4k_|=z$jE*Bj|y|Vz7w?XY6<-|Hz}VpoFIDLX>C6HgIbRJ
z`u_Eo(7aw&kt!f#Um^VAv0w*R!I*3#j5~J^)-b4-IE(t1C_0wrTHkkCO7b%?YdKHC
znp|Us%m)Bb_5Rd^Sa9oUwHvnVV`c#H2iCGq2l@b_ijgJ{WpkYxH$k{xHsx!t`@l5N
z)R#Jiwc#xUl{)yY7iM43d_IstKsu_gSi=4329>pg3>jfd-Ar%)g?_xY%TC7_-VB?Q
z&j?0ac)D4vn#0H<^Jg0@;a!b$f|>pUC9{!@B@eLrez3oJkNcC*lM_*ttAxYzmHYON
z4*at~!-ZHkHx@)+T3p{Fm4AhRfSzl)w6vQ|XMDiIxx<L@QY(6iM>Ne<w8(P53H*-_
z@lA*50&S=8{pARa$0tp8JYGeN{g*2K>Rib#wk}7p6jSc$3qBQ|zKq+k<pZn#4{dK9
z6G!;(|F%GZ;;^_DDDLjGcqvw-usF-&?haENiWPS#UdrO`?pEC0-Q9kC&&fHtH~0Q^
zlbdWNc`}>qPG%mN=ly=aK7{HKC@8;Ifp=o&+a56H;sxG!VWLXnzl!3zIp$)(HN?F>
z&ziTE)=+o?g4b1-=PSvycUnzjCVjz5K98qY$Gi9wmegFo74Y`pG0D7R*1qr@8_Yg}
z6Ke5C-ZZD%@rAMCmomG?L_)6NU0OGcWo~#rIiVTRrnO1!16zhj0B0{`xQ8$Vs6Fb?
zAks7tu}v`U?{m09RN?v%WsEu5gk}UmHjy-1qmJz@s|m>~m7nu#u>9F-p=n877nqD{
zBK4?253CvI^qxUUmp$dMMy}=XlZ9&-Zl!}doHZEbvOLCMM%H^jw-#1g%&1KsQeN+C
zWj%|S9|H+GCYMF*`9FCJcY;0ur3`939aqb<V!9Iggl9QYju1O4^ehh@ZLBAmyNDEt
zudH3Wb03Aq*5-Q++(5ObiLK@uVQZBlYKE6YF#R6X^_^AhgqriyFIkSM=}BnDy9dZI
zebEN6Pxu+8ue}CG{_25Q9yP}sLwzKnvQBox<pa$)nG{jc=_TnqodSUHXYkqOM=cD3
zJ}+|2dL33|<EIssJu<VP>RgJIl&5p)r|%-+SJoYs5i=C7Tu0%82I-<m1ULQS-m-nm
zA)|BE;JnT>0r^Gg78V`tlv;G9QJt`Wq|x@3!PH3v>4#PH(!G>NuOiFl1t0m!$1iZ4
zUOCvk85QHFX16w9+OPq4v!_&(P_}F+k1e6`nw!;6Aro3tacpxhic##Drl$}kjE+M)
ziaNgih-xa;Wewoc{nYu&)CN@Xg9q245KRUCh{INR^WFJ&PX#58Z9s2O(S!nV!0G2z
zE^-$aIHr^}Hzutklx=ddh&JcOUs|{evmK1@Kby6=e>553kQx947e%ST<cMX%?jfV}
z;;<8JqslT<%ZwzIl@G&pChy^75X2ufu{YVx08YD$EO5=1wUu@?zGJp}yXm4%*K5W{
z$}KxJ<l;{9V;FV$tCuGWp{}v$B?UBm_~*196>DCsG`7?-fogw$J19fMGesl=mBr_9
z%FnOCaac86*AY1GU_BcBZOmU6?d+nE$HV-m)OqbErSpy0zc?O2d=YB1f##wb_ScFw
z%T>;O>vx+^gf(8G3vk-X95@-6ozI91xSv1gMsHl1{Ywa-O6b-!lcPe%fK?@3_sem3
z_Q2XM7L34E_PhwzID~HwM<vPqz%N{&WsdS+HgeKIRK$RoCK0_MChS2o@Ud@*gBdr0
zo8?a<oZ9p}yp6!NI@FOWiK0`tvfd0oip2kX`sa_h>e8QZeVQtNP=iVPixN<ej*#>2
z##O2S5*2SK$I2JPDp_|kTE=Vej+|T}b2(|)q@Sj-xkj5>bKlo4Y<vD`vkX^*Jsu$^
zPy(G1^csLe9=)~?$~ZbSlgn&B7N0+s`74YQJ#O`pmWgBi>VtFd6c`v1nLBUsr%Bqs
zG3Q9eZ|OPV3#+ytw}VBgeOfgZD-Xd4k@?&1MyT{U{F|{1=+Ha*R!eLc=e;~cc4YfB
zy;T@L^r=sN{#)J>!93^o^qyy8gmB++QdiDeRvIwihnwa3sLFlQ#od8?W8Jqg^67Y+
z+c(RT(@x=Ldd8!+-YkKdM^uv#lLW6ud^UTvFo99VEj>^MWhqgCGnomOsQXZWnWu$~
z9fM@13%b-$fL%R6HfBG_{;5f%w~ZI%!lhDgQ;<Xcysf~<rT?K~MzM=~*ovMyA<s-l
z=?aK$*WGarHz-wS%%W$N9=lT$Cd+SRj^y)mYhKEyC_#HGb`19X2+|yvuZwg;TTEsS
znY!G1;QGZf8X#=PDwL`k5N>@?#=t?+-Q+kRq(1&8EGAcUKrF=j!LbY9n966$aL8TH
zmy86uYC$!E;?B`H5|ZEQ9#hxZ2>(=C1p>NHg<rD~f$_-<8h0Fdz~k7e&c$TZi)BD`
zl}qiPmK5X}!W0L67|TtCSyMAL={d~V&8T?sQ3zw$xij(TbDCng3N2fYWLP=^S}hGr
zp6<Cybl~W;c#=WUF*%(0+8_c%U77xzGZ#6X?ETE-=&v-&V1Axdk=9#O)}&AQJitC{
ze6>r?{iH2ESpnJLQ1M8yG`5^ZLQ6%1X(GZ~RMB3}JuP|d7Q)cCmhyF`rqG2ND}-Tv
zsL>ZmlK5bgj(250HH=aJ(i2Sk_0@dW^mz*%6}pyZ8u!ev_Za-}snk2m=5}s5*OVPp
zIOb~^{Yxj{%ZlVjrp|I0s{(p$tOEcVg$(x8?am0RK8f<6#F|4MeFA-a<!^*F>WGiD
zh~$*~*u^U!&J<1(QJn{^fGIm&Mowiweujnc*pa&-A*uE6M4>j$mwj4H_6c&L20Dou
zEBOB`4jx-)6`WV9Hxeo{tH<W@T}F?&uherkhE(E0bmv~j5l?JsGaOYPAVA~;PK+{c
zq4OD|_}i043sX)O#-P`5YK6GDA%)yb8zD0kGdX*x+U<ESF}iHSv8yT&YyEf*>1E1p
zA;}a?J9BuAEa3AQ%12WMtiM9$kyN05nK<MSt`m#xMgu+{&3~72j&Ae)UOVfZWQZ^p
z#Ez@?D1NU5%a3JEs2;lBKoGYXg4Z++l%xp3H|1=|;n{_L8PC>w(f3=1Mj;!umBht*
zUoTB>S2q>qJ~AgBM+i6Gj-dh)(RRjy6pTZa`_&JsbVDu@;Osf537;Al7f=rEO%WCq
z5Fo<avhY-{Jzmmgqw+96Vy(?>;f2pytW@LyS*~R@U038MTs7qZCF`_2J}QN<c31&Q
z>`Bt)#iE_|xXL^Y+Z_CMd4%O^%P}^y9$qBbB4Zcs8FJ><7X?Kr-vDQiB~4ue%vkjP
z&|fBl?1m-sr}!MM;lg)!(?yN>x2lQN*Z$h6#lj*(il=$$^spZBXlwF!oSMshB=V2+
zL5+<<6F@0c^PC%C){74L%@d7yp%~qO{(u(^h7KJ~Ww(ewWK~q_a2K%*GY+y0HxPO(
z_m3V3PvFw?>mwxp<Kj6Eovt!1!(Dqtw-5jbh3+yxPK^bN^a*X~jPo-(Js@(%Qv9PU
zT6;rb-+pO)1h4JazK&jn(MexWRd1Nqvh%;x>VF7MbFu@1%iPWk+y9c1le2=;uYi?k
z@MP4CK1Ulr?ZXy6BzuIo@KgSN!oUBFSlpD-!{Z3jB@C9v#je^)2<l~@-nwTwa*XJz
zC$3hU5+W2Y1#SA7T}3dBKwoOqx>!;1dTOj@zyJ8nzZ_snxT5hZ!m6ClOVjkrHVE0(
zJSY%9fEKVj$oJ6UBIvyzlrw*K!P0!R{VQO-e6A#^{ub}H1uuB_bHW>`<k{ArJReJ<
zAaZpcXpR%BwjMu!#Sf!22+RcjFbiPPYi|g!gY4lkP*Asx#NIcM=t+0;A-|Ohi)JPY
z=9$lkVa8o6IVhtXB)HJm$jmeF6Qd+)KlguO6h8-^nOz7HQsHskiTZvucFqJlw{<<D
ze}@}+2q;?OlJ6EUNMq-<k`U)!UYF~~-O2*5cMkXqEgH}D8AND(w4B6sm%lZwV9gLK
zYVtASEVq_|)7fc>{Bi^Lv1I<ox_uZH$sfs{{O@0`lB3?Sq<K5umO<+5o`t{KEO#~4
zJC;8IVQg4kHAL$>;b=`QX39$^s|FL5+xtssm->MzUl06r@h4}t+XkK%>qV1lZrx$t
zA{gb=UX-!)-_+U$BHCkS0yuSDe<ll?TFW}<YIpRi<5Qa14B~&?s8Z7Vn*762W;2`r
zFtdiRh{|>K>I0FVbYEG-7KQkV`X?)Y>CX)jz*ambvh914A&Q(n3(ckC9k$o0H!Fg@
zt2p9CtUw@2yy1*mjak?C?@JzuaAc$L1;?<snydHJ`T^t53VWjkM&^~1pY_^Q=(*Xr
zS@wfi&wYd7G^~)TvHN6=u8fU-yNEf66C6R<J<1WXYi$Vx7-ULvQzxRB8M=wrsD#b|
zXH=-3P?Jnow?L5z!*{L<MkgILYD7K7I}92I!t$}Bt3Ad#oK%R^(<L2(_(r!2g7t>5
zQM?b;Whbj)efFF~nvEF!gWFV#GD8jgjb*%I{UsoyXTb(8l-EaHswVW|3SH)x7alK7
z@4B@*=GLq2E=&X!Ez+Df<u{pX?~4^+WNJz+DA=I*;ozl(y8I8tO3;&o_v?bwEuCjN
z!7bI&6zxiYSt)zl91ecQ$how-S}#=|!Q{o?ajE9#gAMVLNn}?5T)@bTrvxRL@9ys{
zaAHz0VGC~HM`Y?I(5X`wQ;H_;N{9Bmn7s5g11G5bF<y5y1HrIGRO^t6+d~nkjjMW@
zWE03se;oYBq0mL=A|i@g89c=_QTF$@k9RHROfUBZODrZ81*$O~FAAhc+F;BEv~m2=
zH>uS`RK3`ZSa~q)_pdKJT(?ApY0OU&-gx{}=u*wlKp{Ur9nC!C&%bGhjn^EpQ|m~%
z=#Ks3mPSL&rr)wZd)dm{Gm2^hO{mGtB5{TcP4K;tG41mGOLjcdX}9j;<gl%<oex$5
zN`s%7XX~)by<pCZ$W2XdIJD<{7RSEG2Cv}!<tGNzU+rBHp4hXU707dih5RQ>1mp?t
ztUM6`zL}2Tt#BFg_L|}sJRNsSaOuIb{f2?5X|Qd}UA_(P7PU;I!88oe{O5X|F5s9S
zsIj*3;&;%SY%x88&Y3dpK5HcF%_A<>G3e$#<37E}+H=ujStf0}M{tvbSuRz9Q8Yaw
zF?q3wt|Y?B@j-a}hi9`-GOzub;Lv8hC%2)u^FoZVTTx)_5BqsKHl9AJ^1~}5T4c=v
z>t4<P#CM-tSc%q3Ed`qa(JW@XX^2LfpP>CZbem9C?x3Vi9|o(IAc2Go@K7M*8;OS1
zIPIuc_Fla2tov7k`#hiHW1ewuzyC;dK*Eh-uf0t*J}dFFy54>;o8#iHI|Orn_S@z*
zje)j07P;rbtc2ibMT;NyP<(KHN3g=|Y}hv)m9Ud*ZOA_Z1O6gl0OJ}x-cjJ7`6*7r
zKNI!)ZH{zcNo0Po$t0xz_4R9_2ev-Stsfqy4exl7p6r8oka$*$-G9y`s1~V9q<WfQ
zGb{Z7O}HWRGA(VdSl<E*(ZRv)#rDbij@Kl*_O!NMU%&PvIim58X^%CCBkO9p%9BJ;
zgV?sYjz^^Bb3K6x+S`NQg3qQBz|c9FK+xQq*Zo`TS+<#8vy~n-Z9|CA#P3mT8~gjJ
zFQ8qWi{S2(TPMu}i{=Fn`HMp`S;U&JSobb5CUdzL9jz^6wj0jWm{R@^a0IIt&BK?<
zHF0eCe_zh?3aYrwE!Xf(Sd*%Ix!<e*fhItp;pI;_k|nSFt1mgNBpc-QXhKdHA@b(n
zI{yTkHAibR(P%es>IX34%<h#;mhJB?)^!=@*i4Zh1hAC|L;)37V9l+ORkUH{AR2+C
zO&WA(&N!m7LfF)tV{h0H+!{GbqQf{MN$ON9WjL&7ZODn;(%6C~Q@XN1&yv#F<_mw;
z2a^fN3kK?n#$UZKodo(`Z<8ZG(d*~Gg3D2Gv=<tzquAHBc6LnL@w_yf0N-|8o|I`(
z{7DV&FPOTEnj%ZXqCL@Vbb=TMIUC`Jwn=Oe1695UU#Vs`{)}+YUU=1d$jCF5(obHy
z&#~*~uGvCMuU~CtU+$%9)d~At9eb<Fj-P1;Q(o&2EFepqzHfOB2@m>c!r65Q-LL!m
zg!FFAisRiJ3`*6>zgFxQDqP%ItNi?B)^X0D=6<Lr5?2*c?d)zwJPp&}aSuX9ijnMV
z`4+~sMYXAey_P}Ac<Ua9P<gS(^vVb+=$K2brVmDeZ_uW0U=x~wTe2FvIChj6ZR~L_
zdj{r?ZL-PvST`Q=Lercj;d=u4JTz_pd&7%t&HiAn_fk2ibmEjeB0sR-B@B~D|Hl>j
zI6r=QL<e7b2AOhisL(sdr`zfML=w;A{X@R7T8`xe@bbv+wSYKD7Y&xZr?b9a9rg7^
zbIM7=HPev(MT`2hM{TuP%f?!Eon{A+^g+JT>(1dZBQ>nGw})yi)%HIHZTR=(=QlPs
z;2A*LUjyfLfy>=7w<qU8J?B?iz!uF|h8@S^M=`6nopd&z4Pb?#P0w0x?(nMlA$G?x
z$SVbfcKe1bBTsKHZ_51!5}sQ0Q0r0b4yZaVpQlfq@!Io12F7QS5oBRhwgiBv+?8~A
zdEwCebqtf)GRUjW1&$r1e15Fzmo%u37TicwuzILez8^v7Z=TGX+rg1kUER=Maoa!-
z$G{|@mA$)eJo%@~C7>oHC6(TH-y5s6-W_;(zU>lp9#a=9`&E{+E?__(kBN!aPgjzV
z`FmDkBHp-9QFoN7h5ey8iv^%5=<M(&`(6_w$%d_Sq$xABKY}&r<(I7xHPjw-;dQu5
zTs8Jn7hx<*K2ucp7Arus_Da%Vn`6tvV1y;h+APwJwq2e(@ioia(YZv16dUueP_>}p
z=us#W!g;vtiA}OFAlfaN`q^D}vGA7xZ+HYcs5{;FtX=-|O>K`Woh1-(l}bTqgg!cA
zF?dd9s58A9HkVn@c4}64z3=EOzY_VX4KG$MyuoRg^z0~(dd!jA8A&f++lUgPmzH$Q
zYWg@2cMz+P(i37PRYzZA@^b0)ZhKiym(|bA*3WMqV(+rf_O^QUzt!*m93cq*3*-2&
z7Vv*>{{PVu<2E%ia&i*>ALaX1n5~h(8pg)PCL_cAAN~9FGV6+G%b`g1rvEL#|3|J5
z;P`)_3I6v={$H>K|6k4l|Dhk$;+-FI&BnTbbj5={47?UA`X5NnEBX;5)MULToB08k
z*UKFpUKjCyX%ooVov#*$|NPDW{z$)~1^zEBvkJ48G;M#jPbELX8u7?)8_9H*VDnUZ
z|NDJ}u{AJr3cxg|cI)8%ZafC}Pqn&OJWEID21<BjjfA8c-RwfxJZA==mEScarZqp>
zakG;N;IOr@*ZM;x|M!>7%D-@*Jiu`J^;g8ZS@10Gh<K^~z}kJ_-|K(>a0Q@9D%Es`
zd`qbd{coSa>+$x&K!w}%=}(u&%iqty*p=2Ft1SE>dFIBOa_K<vzylf{Kera297Gbn
z#I;l9ceJ8rNUc6KN4Va8W^gnF<<5<y?H7+@r8yf8GRgtzOp#*3mcq0iE>1fCeS@D#
z4;2LcL3F6U97~Yv-Mj6auyQh^&?Ml5|CQD<b@+J;3jPd0^v}MN7GrsC1e!<%lBd4S
z{Rzma<F9eVfegf6*O^u!;B7IIE&`}46n`Y8s=v+x+d6paC8ZsGSno~b?S6RE4eHh?
zr4L9KHp$-}?~TEWcs6Kz9a8{(_V=}w&aJ5)Eux96c&iT2c>J<tYbPfQhi+)3|0vRh
z<Wk9^u0N+9D>Q42kh!+b0IY_tKS{l1x%sdK6w{fd6VD?fUvtl|cd09VbgfDlwvhC*
zXl4`rRfc4Ghdul$twpp1TxGxw`d1MdLYpN4Kc>T=0eR_-zlHR&v{%5!L$<W8Lp{1M
z)<8n-%VI16clzx#o^c3`t;KChL@DJX(^QXc>-dpd^jHGp7??|dsVyhmNlWe9v$K`e
z^DRH=hn@)3-WWc7V!Sq;)8^XkmD$!$^<$z+O0EzuJNcm%w2Xr}$1h7a=|Z1;Uq0(I
zYc^;h7gbfYyb%(RJ%d9v9oYc*2r&pEgGRWVF=d_;eG64H&72O2UDzHw$0BVpFha#e
zL8ocGrY~f2i9JL>I8t!flc%)sx0{D%*TjkgNs^`+0zI!B<%TovR4%&d-DV4p_~V;J
z(8n%sgog#zG`Y@|Od;PeT1<yt%a`;Yf38ELe+WOI@g5CG4)mwiY3ae2`{U}h920^B
z5I87V&7OSG@?N2_!YWiIt4kpmgtW>r!QYw2e`T=sqPw&LU$rgy8@`N<*3!`mbE82$
zR^ChS{Va2CCqKN7=&Eri7boAcT8=a=4gA0nxqMl}Fo2>{2m1lFC8&FS;+|pjMQ=G+
zl3vLtikb{1YI8ZkgXwxNf0cE>Z|(W$7JIg%h5V{B9|LY}E0_fnv@<C@S;;F4Frk?)
z``REx^Kbq@;-^z2Mw=;%9_FIrUhm*p1L-tsokpSz8g1Ijjx-rE4u@O>?Hje#$7;s4
z#|lO~mnXGQN2#fh)ODlN#hncOaNWihj@OvZ!0iq?tzf2sp<-gX5C~z-6pghb6M%5I
z^w1e>(48b#{cym(?Lf69#68wQX49-dVT}K)O#147jt%4|#2IY3IsHT%vr!MW&ZbH1
zlqyyK(py=@Nt1HdY!UsHEYR_4?WVz~-y%&keaVcX74Rv2OyW6V;qgM}+8a5E2dey<
zhxf<=09%Xzl?&B=$;(P6Id<nGuq3}(7$3+k(wYK~XR1&37K6=(Rs5!mGO4kQ#KReS
zUIgewrd8>DH12;lwunz3&tr{KVobm$rbv!;J#Qp`g?oWsXJ3p^5Tj_|tRp<WK?_w5
z*&{F`!z8$eK{rfPUsQ6aCoUE9nUQRVgu+p=G1os;HYAHYig(n8EZIcSEKqb2+6#4^
zum!>)X;^g+#6Uvy$!7nu(KxsqbydDsVFq-B$f5K3n$#geX{1ep2Omo00m7GLheoxS
zFfb1nHXRl1Mr&obHrv&~P2liZh=N_u09!8<ccHZJ9y_YIDS#3cisgEferou5{hPs0
zGf`n7s(nl^ybuJZEuu&^lTf>KQOIKUA%%(2GRx2}Q9JxDMukhy`EzS~LWI)w0bm)n
z#pcqpwt-@$$Sm>hz;arv@S9#Sr<*W=euH1KwsNmj5b8?3*+$2~!wG=pa}cId44&G0
zemDV1n(t9KeB{jfTRn1aw=I13>c)&HciOX9D-D*xY*(3|lb!#7hCxtrpM8f;%U*52
zQPK}TcU6sV>;ueSyjvSC$%=r-1U`M-JZ|uew_F?-aatVk^!WRt7*R+tEKKTi5}o2S
z9;~m5`e}5s*+F^uBwl|97xZtQs7c^V-V2j-c4b!%jzzddhwy@(m7~2m^Ju2Q@?xVd
zei^KzjY;ywd1bjFgwkYzG(CNF-bTEh{BAV(Y~Mt{ZzKO8RFdfa?!Kz18fbjN&e5<X
z@-QP_BwsQ*#XR+Gl@QKYazg`290vlu(*Mv{lj@8FX<eMS1(BuJqz>nN;5?%U*4Gsh
zQb$y7F|T^VHQ_mO3-M!Ki{=%@(KD6W#MV_5;3<C0HB{}8N^8gu7*`KJ7G1&;7Dc$A
zHu_bDbXMqXKC8PGEH$<*1$e^8NzFD2fcS!f4112ov4@_qRo4}BdQ~e=+ucz0L>V+?
zyzj-*euhYQ2ouF^4Kxsh6^B+xGHg0tbnqqyAAOP8ao41D0WLu<CM#Xv6YvfB_yR<n
z*zhB5GoARa`dylChZW+?eJn+CvY+t-3SCKfJ)B5~ix#?NSEx*m02;SpZfd>Jr-0T^
ziSM>nXrVJ8#12#E19VzH)mH#~hSbyXw=hd|%hcgkEMD!__<i0M*w=>#UMnG6t~$9I
zb@nK<>z>Ko_Sr-y#0QK*bj_uPzd|K}GgH;}k7oMeQKy|F0s3dE_wKL<ZafLN#nkP;
z#mwz%0cc%xTa~Z%A7i%YEG<Qh2|2m3DoyWxBN6X7pN;mGGwAvizRt38e6Ws<+g{M#
zFG3G|UC~IHojeJPJ;$#k&Ac9>)$h<f#iuP$xoUCwq}UHQE&d?PZ1RLC6@QBg<gEyI
z%#O4yZCT)OJ=*e%K>f-p@0<u(KmOOy5fRp^dqzS6wyziB0X``)4b<Ch`;EtKsjhGi
zY;ZlC?T{e59zVklOqxxGIfX|e*JdUNl7vSZ5}e49j_!m@ghxo1XbNtxt`gJMdoKv!
z=H2WpD<~-k-W8YhW#$l2=%UrTUtH81>oKj?f7|KMw#=GQx?xa#4!W6pI#{_Nv4wRM
zq&_n}ZnL4x1A4DBuQ5jr%UtMGlcNd-e?vVLv&YBn%3#~hV0|7|QpN6uBX|C2{eFZ1
zCchj_Q=6ZOp?naU*-9FM5Vtp|EERvX93pT?buxd7XiD`#BFF&#GmHoTjD<gPCQ*v0
zUQe7`x)cy?S>3A3@e*5@G+&Hso~l~TQv3}R#M5vKAgm8pQ_6R#ubw`v80t3kL@dq`
zNpy&poxXRLn0K&RrC9Sn4uwH=kZ)(M#3t?Me>urwnMINx6MnM9%|IF3`yIczmUGn`
z-Epy>uVQz1yuKG%)(1%v()-j3*4SSpvYK^(lhtgxFhwf;(UQbLhX56JP7!$irvE}+
zlTWY#WN-UC<;Xy;a52Tqj&v)Cgpj(qch%zaJ{lT*^~P#P&1`GT;f9=#97|8nZLKjB
z&-wR}flSXa{B2|=!1tJvBOPpILLc*$=}O#I5<_J7XKZZsw&u*;?EBxRsei>L<^A@h
za(yuHi>z#S<(@!Nt07$ewT+*h%UNgY!qYrGP&3sx*M!98!yuC==8X;78yf!uCqTzW
zxx>j#<^R5-YvPN8W3RY+ZR(`AD!$<g9}Iqj$dAYx=fz}o487S(iJGo7;OU>ac3jhA
zx^K+XT;W?m*Z%WkI7=pvyQ<>;wwF*M{z<po=y%|l|LUyu)FAS&bl1%1GM{#c)4l@2
zLAOyYfwPW?>u~e)d9}pnsd)62&Jt*z`IjIrvF|E=AlZ6wEjQ*Ks^O_k*U`tcRMlF!
zUvYM_yGc8=ChL>9AT~SC8;LS){Pn1v4@gVI!$3BFM%bl;<+P&5QkLJG!_bs%{}MF%
z*YC=#oP#m4H?^FWYq8$w#&Ai%_9p-vrBI@CoS98y(po4wo-M>=<Y#s8X=b%5OQXS@
z6ihcR<W|_y4gE??K7cEi#zCi#P0~Y4l-5GB(nn8UVYDlQn=O2dU>L9`uIi~KPPDS2
zltxX^RX=kq=2;`c9&VW47!)*ABG9!j3=ETAa=dzl0-%bp?$$MytN%LZr~`T=D>*a_
zS>dV;<2#EB8?uwb9!_pf*af#e_G0P~r=6ZISOUW|tc7p&z0XF*oQJp7t)Md;oBJbc
z>orx}C5nU>+}kBv^G;(5uCM6!8xv&Kp6Ue4jOT4V^{P+uvj|*cJQGB^q!xBpn+#r6
z_LzE=-h>q4r6+_svo~ZJi-2ClnPU&MrId^*cc*+UM^adu^KGUGWK+yrfCPz64!gXq
zGaISic;*+iNFLVu9`vmJn<@W%1;+4}+-$=cdxoxMgtdKxZ9_4~W?^u-V0Mct3%2By
z!bckXHv4=3Th}t&NW*tFab<{V{Nmwy*qvogKbabY%C4_SqdMO<(F43kHB%o+>#j1j
z$*V~i?d-ZWz}~~C7aNA`U9U@za|HF`Clo%b0%-I#`c<{pM=~TTz0@D{O5{N*>H4tB
zCnLR&&mu|%6As7x8M;nz$f(`p)yKOfag~wZ8P$7_#OD46b65IkP+LFMf?ey`^t3tf
zpILdoCE%{B)lVAv2mpvtVqR&O`^!pZy@8Au<-Es2AM4S&9%*vcMg<!Q#+3|~21@NL
z+Krk7zG`QL=e2@J;d8;RO>eqYoqEsJHzxa2caIO2MN7U8gn?`Q-kWIKGP?u9J-dV&
z+lm5#GkQWp#|(JS2bwY$HFoK&J<D;a->xyck(l5Q^pEBD`T+iFj!4$s!AslwEkl<Z
za_24a==e~D(0cjJI;huYZ|&c8ULXxf@al3C%QvTQxe8|lLlUuW20c_!4f;?xi(f)a
zcyy5~2ypY}=M+c;;lwAHM`-k_$v<Aq#Dr_CN7_O|#t041Hy6?l<qwUrDf#P26!Ufr
zO|_5{f(R|I8Uf0m)e~ncIvwqf^0SxIOBxX%hIg+WP^Rl!MJ|ql|7c8c^@oETwxkH_
zjZ==1MMDwBu0<UtSZVe38_>`-;mdqFyX5h8!5Wi1NpYSgwO49byvI4aP5t)z9F`X+
zWAX2;^}}a-Ow{##a@t$@h^H-lZ5FLWE9j8BaLqBX4$ww~lS-;Y4L1?P(I+h2o}Q)~
z9QO72FAT4^m?xH-pi1YD1xvq9+rIXSbGJyVEi|ctF5}tDkoU;>*4sRE#`!6O*!q0=
zcGGm;NkhrQg(TFZoQtaGVY1oyc<e}z*|>v&_l%o098<YfnP~%GP5@+y3H7~Z0ct-p
zhcbyB0x{4pkag4Ww==fgTR1uaTqfET%&M^^l)j0j1o!5hN85gRku*u?^X9p6R}yiG
zI$ehEK?6a|ARO9`+gpq0CGrwyM0%1-ls~p^y06K7%Lz8aj%%*IWS)xeCPZwanm>w|
zmzozRTk$>>KqOrFnreKwrOnrua~8}JFon)$forRwX6@bv#+u$=jmFNlg6=-vtJLkW
z_QB;0etGF^turcz%SpZ@?a{X|#V<lxy-n|TRa(g8rZdH7zXJFs9OFui97c-B(&oka
ztoYzbO^>hWxqE>}!R1KsXD2kw>D-1DGMC^>$6Nezk_mga-Pwi*u7v024v%b4an|uc
z;L-WKoRAJYbpZ^_`Au32bj$Ysa#9U13(O%wHldu(c!mjYQf=p0Ss9ZJ^U0J4yUj5O
zKiqVFh9`hgS$Q*(rwaG3{-e^fI6v)?2<;1vG(SDh<3He^wib=J6c&gx6mml+4$2Ed
zoAqKfU7xE{(;*T>e2F|LxH<pqTj7uZu-Htq7p%qaAz@>Ce|zeLBG-6#?Ys38!N4&=
zaf4b#twQ-Dq!C1}e23rCZq2x)eR7|dX<`}$JU@@Dw|YQnRn8gTY6~S4_<*Z8bIF3p
z>asI2J(Dt+acD&*^JQ#2L~Tyl=tegJDk!AQaW)NkLAf=oyE|DRNgrChG)FXmpp@b5
zu`&*}UtlG10w4v!;PsC4_13bD$nr@V+?NZ%W}8KQjjxf0l`yxrN5E|Iao4j~`!~YN
zlB2=gUsqJj&B+}!7CUE8X<XMzd}nh=sPY30Z31A&?|dJ3GRqtuXf`(od16`59q>Zl
zT?83^(G}A0Tav>mXV4Z=rn~{zQ6gJ3%GCBn`!6rN7Jh@0${LV2G=zWFy*X0Gn|+!$
zfvF>+W_;ko!7%7-@nFO88EuDjvTLwe*J}(cM|^^)dT^957O&y0hSe)YbkR$gYwNug
zI1s)%J#14f0S76+b(u{7`=QeOksD-!J?YhMp%rz;GrwF;loJ;)D_{c0SCt%i+U}Zb
zdV->QNrFtcs_<1eu<MHX<n94s%&>S|HrnM+sXH*yrEg2TZq)L-$Ag{UktmqccEVWa
zRwx-bFwe0*<s_{8U@xEE)1opkNV$ETL08xOk;_ce_0}7EXyKsBo3Qzu)^Is<ByvJJ
zwK}Tua-lcqOrV+xn<NIXS?}OcC$GOrD!+FVKq8r~R5;DRkz1o6?K;j{?vyu+s@Yjr
z%a~Uk8k-}l)KF|wQyLt2h}bZ9<0!_WJCEOQ3P<aHWVmA6BA&AK4uDYC6Q1{MfSp{Q
zwu7#A-!|n7{|MYW2G_fL>5}A;iN}D<yU?GN`a)qr7qrO)%~!zbR)Oe4w%*I>R^d>_
zXhx3qMEowN2Tb!s#^2qWi)2*V()kAozKzeH(9W5!ulo`Nvzxq#58&3%4=Af$_b;n+
z+-zQDQai?r)ub@Jq)?Ff%8$e=%A`-d6i<Q%NqG#!S}Db99pQ7;(y-11!_d6sMsCNm
z0%xRckm{N2AAZ1#nVG_NkOj8Uvoy0RtV?OCIJum|=kMsq(%iFZ@BSRfho<<qyL8xe
z*oK8z9vS~d0e%c-X}rDOK*KsF?7c5pIpV#?%F<n0Duk#-!Ma{en4)v!k|Xn(&uMN%
z5D~`KPa*Aa?6Y+k0UXqK%O=@f$uKHz!9&q-MMPQQF#r|XvLXG-`k6oe&g_rf?j82Z
z3Yq#NA61kXK&kQa4Ozz7^)TFm*Lm=$NBlBXRP3T`({}&jx77#wsmt}dQ)5vFgLxXw
zaZh9u1fvQ?8A{NwJYJlRxJnH!w&Uf})<<ObKWq(M=28rnAtJ?^!F$}SXy}uU*0zjN
zUu0u*PJr7s!FE_T4>J}d74yTM5s&AeWc%X7qhR*h(qD0UzVyYxpCO`(@vfa}E7wWp
z-+e(aP-)ds=$SM#TM5LQ!wC9TsN~I0Wzk`m^!Qgy$tde^4?2add{TFD7+#-pMMcl`
z(m#>1k5QrXYMX8d8~*R^{gNlp+x@#{6ElKnQh}p#yN0N<rc0s_nu(>Ujv=w2<Hyos
zk$aBv1-5abNM?%ImZ6TIc%*;E8wiqnZd{%b<bm~+`#-vEI3W&|@k|r;9sZ%|fg)ph
ze{lp7j{<IMMR=J<Mm~FBJD_MHecgrPudkkcbt2kCJnIkp(r>tRWTR(-+Xo@Tth)*X
z`~g8)>DDseq+Jt#CORd^Xkw__lrJXwzYxC|E-+4FIBp%Z!>NUt0>ty4uFNi)v}lDQ
z3=36|O<)03{;?1dGM1GzEZK6dg&ntq<~+^ZFG0)73j~_B#&w2udmc+%*Twh{drtcV
zrk(fS@@tWukhs75A~0BT_YK*kuH5DJ9FRJcm+uWL`Z!xNu1_s~I~bjjM11JSx=y_L
zkxb^X$5xYg*v!Cwa@4Uf4D->NZEf-_+as(rCNy05_k$TGz6-iyZhCL1gKL*O#ZNtq
zsX9Ahk_Yg7Mx8KXCd+uj3e}-b1=7JeScoS*FG2$Q+IqCZQtk&(N;db;-#@VR3V4#&
zxg-p!D~qf`W3bB$5Sg%|v6~E^j4dE*t7LM_BIU-qAn5z%A`D6e3nmDd>DF1=wP#<h
zW*;-bMrvfh9}f<kRo5lQ8DQEf0ZdF#ZZ-*9szA(@v$O7Sfy22r{i-_tnc7c5`!$pU
ztPoehBD!`j8$?=SiNmreU8ce=0234up|^TeA%kC2zH=F<dBtXpH+QJ%FhSg&<E^!t
zGCaO}OXEyj?oyU$%~MjwZJ|biI=afEPNBqqDLIrzxogitpbd&Sv%+JVvEM&fF*uVI
zEL2PMzP3_LDDx>lb(pU>*K<j(24O!ZQLx~zW3_Gx>Ck8X07fm=f8mP&#M3!8gbu@G
zk-;d@BMosmRcx8y=HWsdXy3mD@BM;le^gx-S9FW{I-}!`;n6#(O0;+v0Y+6Ffs81f
zS%_DF=f(L%J6X9B`ec>TVg244Gb9S8fh~GgbGN#R-0VAOtnG3ap1%H&$x#R=8)joH
z#>U(r&+W~A+rofIlUOMr-`EvbR?Wjayy#$U>_)|IQ@B|&>_uAK@@Ap|@nW>ix1|F?
zOKZ@i1zW=gI%CFE#~z-1FA1+<UuaSc6(u674e2EWtN*RvRYdLy{Bs;&K*DEJ^r<9J
zUH7@8gY@w};pf_5BFktghW~qAnd={{8`Zi)LJ$Y~3%0d#Gl@!o<R`~+nJao1#^I*J
zyUi3k`LRXINeU|b#X;L7p%G@7f4UQzw&u>}r1A2qEVyo}F3YMXb>*)mSY!tZ1GUT`
zM-<FPIHP5xgwN$vHG}fl$A%+fS0I~|@DTPh^`4V{BP3lvJ<)4%;`4brW3me-7%E5m
zufR-aFV9tBhZ5k7{fNV)9lQw>4CpmUHzdpaJe0J~RA<gdCV)CY+$@Y1egzWB$<#*2
z&?|aV>y|3r(^Y{RMYEN~-=V+zZ9wV#)p7Ut=sc(zPD9QDEGRqH2~Ku)!q>T(n1hct
zRk#pT^=blmL2z$xZ~jI{EH)iTItqZ$m@q!{PZKaDq5;;I;^GmK=}}CW5RwD49@;P1
zq#Ov91$-lNde0r=_dMa1IRyD57k?j!)(RyLvvtIrq$B=*TA7+b%5hp5F|Ab8t0!z%
zm4^J?HttKxr<Fim-H0WN4pw!al6R~)$Q%^A=Mf5ELH2dChKo@_`CYdVwq%K2G<e7h
z-@t>5Lk{>P3CUfETQu=`;M#QV=f197J4C)FeO}54igVx_(jR2`zOUMYS=}2un%>sH
z7W|>>&<>q-+7>ROJ?Ycn%By<t&K(>Rf&QLv%=i-ic2!^)wfxNIRKJ`|u7;v>ZEWK}
zziCd8i-Y)2`7Z>+5H}(6hjTQh%4cH8W`J^~^faI^I*Xx^$=`=yONphTk59ZM;6XKn
z1a^I-DjA9?JYhJYQjE70dPwPyTl4~JXDcjxmOQ#gQL>Tk&S$28$X5s-5%Q*2OV4(^
z2Mc~B^FgqrHcT*q?${qQ!dP7MW*g77ts3_HX%P2iQ#<CZ+~0fpoKb$}yBk0v0w?Oh
z_W}m`)!*aei$qc#?c=A`M%68veo=XJl%Jx)6b;rn4b8lFrmZ}3A)T@b<X(hf+s12M
zU+|}!5L_axhQNFJHx)3sH<ksx2MHq1N=pVyygwdq8PrSa?N-IV3HA1vA1W}mOXh(5
z&Rph*7HT#rw;Yf?%!6*y6dOWF<hvqm(SaGO4C%3X?)@-wRFdglkbXX;?p{#f$)}Le
zj*X;v?=pw<U!ie0nfC-<=mRbIg9D8km*A$N;+c)7wN?uuJvsiMxL`ET3C*uL9-BS-
zqUkb%tv){*Z0%`^ur#cbf7>J`cGe=*?}TZy!J4Qldly&Pr0Qm!Elr3QzG8F!%>>%B
zhze@G0^e(+WlqCpK0F1l4NJ{u3HlPAR3epAko8VyA{mY?)hZF0)29?yA8^(>$yd&I
zYnSPe*pF`8712_}4lU(_c;vXwqNeYM*3@-aMO#;10#CJP6y``9@JFY&n{Rlzv4-xU
zfp;Qj{e4bL`Py(wOrm!QF5%otYyj&k%CyqPgD{n6K}DV=GcT|)^FaIT#LVi7n-zq-
z{+u;iBUmOI3y~GpUF{aECaC|+wUfOxWI35r+%WZz!gvgq_2XfCWh0EkN1cB8atoTD
z{98e(vuGg|JE@q-P$RNi($tbtY)~a8u*~z0S0_;m&C>138t!?4Dv{Ze8#sv14<pFX
z5`b5&tSG;dJ1+5nlh_viL9?-7cw{xWi?<!svY<p+_>V%hv3x{D3%g0Y!}cMMAVspD
zCU@tpx9L3z0o-?oL(MZ5MIFap%OdI28Y@AIa}FT_Ay;EV{dI_Na$M+pdl1%4m%TO)
zh3oX(s5H?HF30yo;ilCSFMybV1k->?oSm{O&zlZz|0vR@rk+2(TTqX3=~t}7dxG?4
zteu0mXWtmsCmigx_5vwsy8G(iUy>LNXl)_@`uGo$0=E-66gKO2>NKlDXxM_*iMcnQ
zC9h1g1&V%<(Qz>aJR#MKH*Fy-gKeYUO+2LdP#V)>;%U0`fA8)ZaRYQQacq(={h;?!
zxpqZUOF{m}d|wcI*)HsTYrBJ-qI2Yv<S3hUD8p}g;}sz}i)A)Y@^RE)l=ZEzH4T*%
z%ud(n!=J7EeWITUE1v9@k~Vc{@dsuFuqC>`(erQ(JT!1oMn|MsxyXlT)%9Ugn3!8f
zC4FBboT_oG<H;8$C<TTGrsfPHjwSrhw&8}scQJ6eJ6u^;zbKk!MgGVPEOdVQail;G
zyO^{HFTb?wb<>q=n1u)V=gr0@1%r&AS#Yec)IQLZzxle;LYQ;4e|{9kUON$D`fj%a
z7s|SHs3-0<<|-$ML5l}LBuE&5I~37--<#!=l89U^yK$dHI|=k=A-h1#i`}Q)(bt#3
z1c8Z$$_fk=`0=jq{bW4bIJUA4u*sphHaw^@6yccs;WW;%MGOJ%LaP(_=65rnpPDKV
zI;rHNUEY)*$Z^>BOC*ggtWwgR5tBvULD1!5&b3&lz2hu5(Jpp*DM}zMrz=S?Ryx<(
zi6#tugRXIA3t%nD<f`JkFe!L-fA}3GL7LWB|5C=?tXA>rW=FE^hPux4*w3z~2f&Pb
zp^CL(BQx;8ttQ*DCh~wYGeQe+VDV8(71f0w%_!#cMy#c>l;V0Bq}v$RHTfBJW)u1#
z0QB44J2jK=Qn;1`q8b;={GgMQQQh+?nCOlWX*!=u2j1jN^GUc}OO<KUULP}cp>g?@
z&CRg;vgek`9-t6V8m}n4uKM9oooF!++Pf+VhuznVBFJr6o#hlMJ(%?d=R@O*B0GWV
zX%tG68=HutJDNk32-CKja0{J!=HQ$HHE+>YT9g1y*WO*eXJRI&fYf7Yk~+j&=-Y=O
z1I$P|K!dEO<=6Wl-K(x?ukYyaU&fY-5$Vq5H2q6V71Wn;VgE!HnQ?8Gyf~b9Ijp`i
zcTDcVViQ@q|7afZXcvn#G?qz!N_C!|^(L-5Oz5BD8gBe@MfxVCEKN-|aP@elvs*2t
zFFLk&pfv2Re82)MdVjxGDCLvneTSybD%+D$4Sb?<`*$l{^3pIF0h$cI0SQYIn)K3C
zMy^=Ch6Etqh`hy*aH(la>^{@YN43H+s2~d%scj#Vp}Bd4zd7F+jS((l#jYHcN45}%
z#Iy1*M;W7jk~YMzbnl#Q`%aJUo*NqOxp2@7E0-b2NC?cMpTKN;)0{6H;(A6s?UNi1
z(1BFf@PrZU(R=U@pu(6>nn?QnB`cj-YeYB%$2g_BBSRtd1YtZ!S=+TPkIW!T4clqt
zLGAZaUBjn)4VTCV!IZCR24A`}dyci8UtZ(v%t{qqNDi(p7{TFdU9Bw7W|P0R^Lx4H
zWw*US)~zd0weA*lOa#f$P}StGEek2&VfZY5WfzP3KDg|@PK0&@4d!|_Gr1O~-$T7F
z_Y`{+cn+;vC;o~#jbFD<b}~C0nHTFfC6{!@Tk$JK_;9cUa+OQhG=Q5@kb)Y7Rw407
zsjfc~I2k219V{|RcRkv+U!}9jK6V%%A90!L5)yJaM|-vO&0Erk(J()EpUfPvZa8#I
z(Ojm9bUEbbaxT)e6FbJ}o!Ze%iRywIg}Y8G5?cxOc&^vONcCl-%S%Td!jUT%Z8%<<
z&nuK4lS%@KmH4>-S)ut};o(w=)BPP$vFeS6K3l-<FudO&&1}GS*ft{n{6Q5_Ehf5D
zC40W+Bub@eQGje)Ri!;i=WG|CqeJM}PDF|`WuU^?BI2Oq2G23fQcN8V7OCd}haD65
z75g5~T0lXe)x3|Q&MZeHpO&WEVyr{slY1Ay9%rXcujznkqow}l@Zr@bQ?Y>=eD!>Y
zlGZzMX`XHin$B=dk#gH9N*H?bkYw_ijO9fs1kIDbg0~915ea2@Gy}?KC26c7Y0@l&
z5pg>><%Wp_qWC=)b8Vlx$kx9Xl$})Qr<0h)()agd#2O;7O$xu$X~JGh4Jv+5z_B5q
zTNDRp{=U9$UubA|!D=RJc{kW82fvV&6*e`Z()wg;W*iHV55YZq;EV<dRQS#^EA~r%
zjTh1*F)}ZZ@GCQ;umZr&a7f<8_8r}*Tq&`v!{Tr+StVE$Y@f&N-$@e@&gi6Ngn_<K
z6LP9qzGic$6Rc|u(nkeJ4+9mo%TM2MtFT!uaR7OkD(a*?F;c;+w=G1LmB+en_mF3a
zf?t=)SqA7NdEP5Ce<Z#IC@^7Awfrq$Z;x-K8?1}bf$6$8v;)e*LR;S>^ifU^n8E$;
z^e}2ll)7uGSH$;(bJ7=kjZSwe4-53W3Sl_8n+udy8MI1XPY4H^<5_b2M>^r0!8U~B
z9}j#HA~E(k%sYMsHyq*ZQ+~iu#J3>yL`&u*e+gyn4$XCfEhR+~Xv~5)m2)zK+c9tw
zFs15LmQVSmWC0qRGLdJDgnV}%Mc4~Ilj_HiB)rHw(d)x!8^fFV&R3Y_063$wn*ani
zUiR^I_afW{k9qOg(M#U-dJx>ea2H0qjKA=C-+(0?Q>V@doa0V)tKzS9uMpK!!}y@C
zbzB;HTK??n`MxAc!b^H%(s2bcF^`5&imu$NsT%ws4M<b5ioXz12PHBLn&w<$6-m`C
zf6K4v_}acy7v^97!>R0dB|vk8rdYla$AH8^DFxWl#KfQ^oAF-zExd<pG(wi<bq<Hg
z{V0Q3*Mqe6CHF=o3@tmeOaJH>)J=Vxk*Py(M^d`w_8=JR?o^wrg*B0gD^n5B>Nr|W
z|DxgP0rsQ0KVm^fRw!vWC@MS8?Xnk%R3+vY(zBsN#H-4+<geoL$zp8itDk~JFp)xA
zPx%EgGuSwiyybW|k~z0vQv%yy?k{U`SVQS=-QarJ8MfH}>TDhfCc}hAsR>ER%C_d)
z2cjh9+(o9}eZ-UY?(TLnxrLs=O!D<^v8;gR_ni(A(-G8;B-16?_PXx4Qf!!z`*%xi
z>AR~cDiw{-2jgltcC3=a?KAp%1IH0LWE(@}PH^l#thKbI?zZOsM~j9}dj&7W55v8t
z2SL5>1c3ML6X~c2y_yX`!<mSGM{-o{@@PQyGtV(0n9lt9Qq|4jh`h<33qdvc&n{r2
z?N5@38cls|h^ep<4<_a$wv|3<50k5*<};)>>}bd$0O<`l&^C?eN)GT~4rOk^o1>OM
z2uaZ19|sjJL_tiyARm0z&S5TnqapmnG4SV&W6z(g>yQ<nH$v%i0?kKr@TFRWNE83+
z7^PfyP;x0+LJTQNrKjJ<@_Rs@RYd_et1U|W(n7y42^F`)S5GJh3GD40j>sKedHY+r
z6{uOKSGN4Bws$nNv=iU(=Lnv3V1ZjTE;fo1BfphzUDLnWciaky%{K17(bJ*uE1+5$
z3v_-`qREHoHsCsH+*t_L;dL<o{keR++dYm%<E8l*#NUq4gF`(^F_T4pIzI%^kvVoB
zioqfpG(%L4m#~~`LH8ouD4_8cs5|=Wt~v}fO6S(!)i5kY$Z1<4Ygr%~^Wy_;+(x+v
z%PNmZzAjzME{6wwhYJmrIh3*I;nfYZ5XCUmzCWD!+v%bkt(YkxM{V~*rdgF*!uy7L
zD6-s!wQRvJkjQu+*m!#F{0!)gp+RBRiHoFRYFw*~-|p#|cHBsrZ`Kkqk5)$*2s|5i
zhQ#4f-Vh($Dq(hqBM(PZ1XmUv?cH;Z7RND%lQhBG8p$_IR#IemM6jX8g{QeVQ5*<W
zrLt#@Ob>V0^$DKJ9SEMn<bwpLMb8LD9TFrCNhZ69n$xGaXz0@0MFB|C50i`fiCNEt
z#?1ykg}%^qcB4lyv*FPk6c(G7gI3j-Bh80N^LAghZu~|!U{T|NGrU?Nlt8%$!K|zs
z^g;atozjs<3%gb$b0Tg*nlc-e{B}J81h^1O%&VVm$U~+Bhh|zDApfvQ)f|fBab>|I
z*<^m)zM~aY3rOQM1>~C+)Mm=1k6h;9#>N>>T|5=_b4!Q1{vzmmkshgN1aHh;WQCR9
zeMgedmqBLheK(t^?yEeX*fZdDsJLUy_steg$UA)UNIH&+W{)^-WEou7)|z!trxLkD
z!GWDTB6$T`3ZKTCS@lJB;Sb5x4UYEId0%Sw64dJg9kt#>0ock{Ew$b-rk=+{PxVr^
zz(n&2vSwKjpeea5Ec7Rc3{ooMzTav)<P`^Wa;{g|)iM>PsHaPliD`|qIY6lcsP>(m
zn2@7uhudp|FF!nAtDn94T)wk^Q;gtcc`ZDOA323O$P8m0-UWz@Vlki+N#+ufqLE(p
zOv|>$Dn)k}K+$ZDC*Smpp?9F_*Xi2Ix)X2&YG{F-ALc00{^DX-?R#mK;Z)vu$ovW!
zyVI8mFPYZ<zmgrcc(kUY+lJ?X1d|7E9S>+JG6#!Ov~CUt<%Q3Qva0dFv#wT6E3=l&
zG}WRxX1Iyn4!>Kh>kAHijga(#5&%O#of*S{r37tHV2)aMkjXXv`urSgv8sAK6Seoo
zNwS#3iEep)Eku%v@_3PK{-4KyPLqXHC95MEsU>no!WpymU2uVbYxVYC-ly^zR1Y?y
zTW@<;yCcDo#Q|V61PQBiy)%%@)w?xUGf|Udy3O|qeYx`}3jJOo`3KOL3z6uEa<i{A
zF(<|ZG!T?b(^X>=blyLjD)iK36_oD{s)B1di*1PFj>(s>bZ&xLXlB^M4{q(4`-MKh
zKusm2`*}{=S3K^S&z0nDIAw^=EJ8c9o_`i9`0KumS^jE`B#eRdr1|ncjlFH!=Om&a
zNf+*BA8(Z4aNTu*ExRFN%RPeY{^RQ6Y_I~9py~f4tqjSGk42}`yIp%;5e{L+O!oqb
z20Qa2@`v>AiiUoLl;7T52Bq`Lo@Ct`#EbA+3H$P`V^ogBk=-L+c6WS-b*>d!Z{v2r
z+EZ(CQQSKc(e?)gw=ez=Yi}8rN7ICf65QQ2KyY`5;O+!>g1b9|1`8H6xVr{-hoHgT
z-CZ91@V)uov)9=_XZPCepEErzRWsH1+|^x`9E{&+;q}f@^Yf_Nz9QFfamc#!v#0K&
z^iDz`sLOw5>i9ki{Fr|KNYPgXyp6Z4<5@)4O_%BAK$6}@y`}J!eoG@9Izf3T$7+vc
z=BAw3<8&f@2OYRQQ|0vMWXOfOB9&8EHIX99Z`2d8bxf+4Tczk?NKOGwrLc!wM#l7=
zh^pqEChNoW`~*~kAXt>!@)}R{??#@LPYIiz%{wLF{0+PSmi?!uGQN|Rgx!rO&%-9P
z2@D8d-4tAt&9D1L2E+1{EkS4$nwqCtMbmho_uUAUFl3rkO1>3#2P1=b6odoXEZ%Du
z6fwgHkT~@%Nt&aBW!mJs6ET{bTQC62ad0lx9?VFM(UbfQyn{H-GQO@r=1{PI3emD3
zd0K%e2gVVQ{w0QCwqE-#@<M!_Y1*-61z$Ax*8B$-j5R`G=tp`6JOb>~?hq*wqq~#*
zV4EFQ$BrvfS$%l5?Y_#dgxIaU>ss`3M-4IIAJ6udEXvEoJr5$ACx3d}jX-!b3}+>>
zd1I0Yg@A7G5z~3f;Y{>TC;tp0OBtCOu`wa6xVEALMRvJst$muAl4TWaKUzZ#+a&oL
zC|H%bEHHa+(z<E~FOEu8uqD;qudk}vO2CF+yUU4`8U>!kH*K=2ssrlBxHJW!o}_|V
zo^fP!wb~DgEJtK&yiNJlv+5*Ip4h&(A~j-6#l9yX-Z$F4QzJz5j)mh=4=t+Y9X;BO
zM?hc!{1W)edgXQuOadLL4QOSG_$;Np5F-Y8?^ZlH(%@9bP8Ovp#>2u1EF@wH%9dY|
zDnKF4+`o^c?>mwD`&tQf;)#M3KZaNJj|#wiZ}&H{-JUVz<M*b<;j&q+W>%>p_IUhQ
z3P8`<z9Cm7RX<&PeehyX{KGZ`x2okSEiK&(D5$#?rutas_Cu3Shmvx?Fsl!ocEc4K
zKV9Oq?@}~vY=lB>%g;(847YwG(E7R1Tt#5rxy$VeLcFWFK~MV1uF}}lTGdpF%C}hC
zHZRvXP-dM{BKeZSP52`v0)#2p8FFsRLFeR+inST4_~tEFja%ho%kM_{9N|i!T4VVH
zuo#)0G-5~DJ3Q0T-NDtG9>*B$RW9<=UvnE7uTbX?Qjq&is;9&5nLIrN|G;XBRfjBq
z!+AaveE>b!*l53C3<qXpx9LWlZA%(|w^cn`fbK3AnxvpeTV<MN%4_M46S!A2CBVHN
zI2xOSw7xO19S(^%ucj(UnVobPMLyU7aKgOU!{n)`=+vmKp=7Ube`xz$)DXVB*j)CJ
zN5{Id2yj2B`C$oyY7jN(%5r{TS(^PZvyE=L^wjn5?|ZK3wwbUZHRrZr{NcK}1$y5>
zJ_pB*jN|w%$!{xA>+N~YKT^2Et!6HDtfIQ*Y$H7Y;xP>=G}2HH=h$QHN_pi7u#s}O
zs+-P0mE$6m-LUN59@?%D+S5TmS<g0{Z}XUtzxT-4t;Fx24gA@pld(pAxh}C?!48V<
zV-&^EbtQ<1=_D*|RPN!;x!=;ev*h&|wfVROKH9vh>4d~Yza-e(b!Vqped*Y4tANXK
zPI_0vj(8EEhI`uwdB;MedbmmsTy_t{4WKZmeA7N*F`L{*GRNPW&)~@Pl`}}LnkKyL
z^9a^tMr+^T9T9r~&y#HWNNZQBeSwesL0R@Sr*Zw;?xdy<q0tWJpj`?my}2GiJ|7^O
z{XIq-%>4;-o3G16-s|4t**lSs)7FS+sL$n-qr0dMA0i@NU?N)(b7|TckQZ1mR1Q<E
zG6Xr7Gp(7d0#Q?u;#$0d$~oh)qbEABy>9<bK4Z_lhnUlMfH*nZjwCgWst~WtlQ8ic
zcB5bPfo%;UnHnW73rNhU4zpWu=11|KQYf1bbWQ3Ja>Cpjzo|M7yG<3uM_?l9DSZDE
zn$xArA0?^93CXh&X#Fz=l#_SQOSx8y;*fA5I!+_2I`n`%^Bj&|*gx4y_Y1x{QH)}l
z1|>A54sK=U*1n#kOVP9cQqxG=I0#{$>sAyx9OjjOBm#AmLu5s}nrCPUviBB5xjH46
z*Qv+cn~7MW0GI48u<F;YsSN1FGSo6MTA@5Bm#N7r`X3-_zA7jI+v7Fw;iSmh{GYpa
zndd0ed!Y5lS9DokOW;zhRoD+qdV{+>==&5GhIvnDc8{)(4z`B-ezXsmPDo{n9;^I@
z+{Se8t6~sw__{u@hBZEZpzJ}MHZ^1Y{SN7UD;N*2Y(bc5N{umii;Z;eTpeOQ)f{XY
zrw7uHqdFpV7x!9o;Be!+eo_-vBacE@Di5ko)=1Acy%5}MF)nqc!L4;<yoG83jTC8}
zr(7;$)W+PSI<&p1p!$B*WVvtTB<|kS5HzW-sSgNpvPny9x{Z^Dgg1#dy6NB8jL8vO
z4eklnaeO;@0uu6lZl^+^jZCSQQ1n9;HYEIo@L~GTOq4$*06qeib9RLmOYvtf-mD)g
zd{t-UJr2`bS#Wez?cM`dZ9=B3KG!%UYI>lh|48{J(8D`Aei3uW!seMlv8xwBN^19e
zXt?)V%rC96FI5^Owal2#@}r-rOdq&~PQhgFRk<%?KTO(G61x(FEyQkf#|;eo_8Gjd
zsw06^5?l3&;eclI9jc%XL6C;VC-|PGP@V19Uo*nS4n0i7-}+syd(*577TRAR-AMlQ
z7rNNxZw#QBBf?#y?+q~rfAXJQd^10{-$>&{;h%it+Q9j_r0Lh(@U=)YynC|R4GmZ2
zXQ2cVK`At^2lz4;U!5|qY~}P0bf^OUYT7dfRn}K^Ei(X}f&l;2feTHw<)8shWAt0J
zD5q{nemy*7-$p^tfLLKSEKnVXR=<mr^5z`<HP%*|)6fR7(_Y9f*2QI<{IHF`^O}F3
zN9d?~52cUgHFlv69{zIMN-E=HrL>nR$7^J9!pmwj(`DrX^tYs!F>&$9R=!cOq1-By
z*9YfZ{c1pwFg|Z^jzi*M?W}Q$<GlAy;qB0t;&orL-NAQ(08d(HM{hkD!sBt4(dV8I
z&jYkR-b3GiQMpWn!?@Z0=Ph_W>u7K{A?Jzzjjki<(p*#Hm7|<-B&^l2q_qz7CjUcc
zzK(2vbc%o&eA|@E<=G%T6n9Ah`{YwW7j1oqf(wA)TyF68_?84=aq?0~p<-QGXH#<g
z&`DFJz>9JS=|3azp7Xk5s@9yUvY-zcmNHJ{%)`ElLr0D(QKw~g{&(DP0pr@$`Hvkw
zf@AMw!PXggrm=mu_Pw7L#y6XzTFPjT+9V1mFAVxGaz`?LFZaS7%3Ak`87@u!1}|ew
zmvcbY-o~JcVT4ZOPl17<q}IzRn3xzZb-j{7*)98odZDg;Ym=-n=Ume;*pF{_aWMVs
zxFpmSs2qPP2z*7zRU^$`)t@Om%Ur<snmaK7^2|3y`{?t>+B9=)tJk|rNGeOSZ5ZI5
z+mHF^!G-_R8r#)Z<)I~4@($-i=RX+7U2VW8s!WM-@;mo5sF!aX9ss|)HsQHF_3g?-
zB+Mm>H1ak@-W*YmG2ZK8ma&3F^!AQ=?z+$K{%hZ>_Nw_oK4}$Z6yVx@=$wfuaWf~Y
z92<a>1@m3?V*ivjC?5y@!UiyqsS{2~9{?@DLLFS=rsnp8U>|Sn^HW$SN_ZPrH_$*N
z`hsKJE~Wm`DvL5G6m`k->HeVKJ@zZFC1S*WpTQ5Uox|kK&V#DT7>s&>0lj+)lgjgl
zVo$U3_;$xVCcj#vb?;5qwl~FI#Yd|3Xs-!Zef*SDf+kTmw$fYoZEutnI``?<{WniS
z`?u4h;OWvWNXx_aDgH`n1r{qm6(IfQp17T{z+`jj3+Oy=u1Xvf3dl@+cA6)vk&p6W
zfT9>7=>nu@E<R=uVvRh6dK_OeSZG>gavcA;zyWv=WXrHX=bf(@9iSlC9u-l?;jGOp
z0`E=1rBIF$wu|;B){CMJpx++(zQ;2g<}H;rs)eW-Tl?|cVDwKHPz=HcI+9YKmn>-1
z7T3b+z-3oUTTNQjsPM~aC!YYEX)9V+EMmH9-`l}nlX0N@aEEb(Nr3zfiNU~1FAC{l
zTPqrqxxin5o$Ow7mxKo%RG*0(JIsJoM~U~iCYi+dQ*8aIel+MH+WijlweqYH<Xe|$
z`r<t6aUgNl!(n7*a;pe*g#S4LVmcpUPBohjjzN35&7igW2>a&R4lyp({Yz{@L6jR3
zp=kHF5}5Usrms%t8FK8WNV)yaB4@vdK_|>72DFzmihJ^Br;m0le`W<fzG<{5JaBpY
zUS;b$pN|vNj?`nOgs#b|lG_QTJh$O_lyV{f+${b8=vKU$LkqC-?BI65TYlZoy4c)g
zer5N-%aKj4LL{cFXa1v6v>~*X9PV9df*MJHq_YjT$Tc0sXaN6fJ7aJ?1{dpDB1vGi
z)4e5%;z$8#rGDlDJrT`w>P~-+t3rEwSY2qmH@FzesRd<)!i!sE9;u+o7Ye68?%acx
zzoBN2_Fla;!2<vrsXOn-mUzg^C!!}Y&7=XX2VTEtfI)POh!aecUj_8i@M_oAeCzyt
zl=TV~lZrlHP+*->z_>WS(j$k#XxZ{|-CW|a{WdDxd)@=O?GV~jOn&>)q29c$7>61)
zBQ@gG;Y9h`a%4RL_?Gfwukqw3tu9n9HeSE{2)BSY1@^KZnUcagOBi7%)ug(6vdRb7
zf>%Q+E?Ya+n?b%4QV*JMdnVGYRqG}BsPr!{dl)2ps{&r>(1#qZMswUSFS$d^m6S%?
zDo`Em)I^=HZ7`iYQ{JWtwjto4jx%d!y+7IH>~^A!`}opUrX4@$Z7|-?{i02d#ZhDa
zX{9oF1@d$To1T;b`Ac)=x8<tMoF`0=r}#+FdIH<Uw!P_=wI!E_qB;JwhU3{fJyH{g
ziyrHL8bCu^C7k!UbnHI)>G8l+YcHW?L71=Hz5kZxU1jNFb(r}_v~Y)0N$j68JyYR2
zZxJDT6zEI7TD|^u`z8=j(A+!&)KESEwq#-d6iPHvw!bYagCmapeNYUJnf;&fqM=cA
zP00Pdm;m;Fvm)@HMicxAQ<s;PCg$fuUtj$Yk&(Bi3S>d^z{`9IBf;N6P3D7Yg`U_(
z(|IsxXlSHlWktQbTAteoQwyjlrXW=;lEB&i9o8yM{sjGt^n=HNq7w!CpA;5R<gxeI
z+E)nwPRpez7QFT=HG%9~qAmb8mds?3WPl4l@;`3l!jFkEjQ5Jv-WXbde={Zfr?jZ{
ze>0bs$;BBEwaQ4U3`l}TjfX}d|L;vKDS?uL5AEL=B|G$;ERq7R>KmA41Df9h_!>Md
z&1b98?)ISmoyjVE{=jNxCh_y3A|Ue4e-CiL><2T9ZBx|Ko12*p2mJi2j{|kGRaTkD
z_+OQn*#$}a$8oH8pDv{lObsdj=`mMlv0SUx;c~10_>9PRHAl<J(k$8Lzk^AXZoZWm
z*l0QXS7$D*CKi96Ba`vZ`EL)@AHJE90e@SA#7zzV+b_D|e{1H_OuCQ9pa}ARLrLS?
zI6r}5WzAN{GPJBmj-h7|dsV|h{a0Y@htQjEHyF<(omRa+yHkq1y(jNX)1L2z?h?1{
zNem(i7FE@y@cva#6sH4rw0j4bIz#9~<_*9?iM*LtVaI-iSZwfvW3PM}XoPut0^Z;=
zQo?^gC4z*$7Zg8xK~H%x<{kn>LECS(BJVK~Kxv&Yug7opG_)#Id*pg3?=$(Q;P<}`
z?Sn$!X2W0O-w^q4+dp+{!H>Q{{2^+CeXd&XzOe5==q>-mb|x6z`Id;8G7Ts_B$r(z
zv5;u&rB{gUPQ7==WiYt@`XXeqzeqXr7Q^auaWUgM(=n8@2oc!;UquvituiFR{%AWP
z`-bebS*>YkebI#jE1EO&xs0pJrY2XtitttNk~rwj(gW$dd*1My)ebrXFRrcR#4445
zjHFvmO7b|EY6euj1QI68F7WH{)c`VsV{-qm_$|T)n!uS}mEn7dJf14Vx_Ky>%`rEI
ziV%k&YA5_IP(XD!Qmw7%Oast+nu`X5ieo_Z!2GL!!vLkvr7r|+QE|PeigxOB=R;?&
zdKn3^0+zPL4gfOZ!n<hF2{$d&)^sI<hVgM|ZNCVS9Mq~>1)>!TKA$x79<t>r@IBue
zcE#BBv)a_9<zT!YPhnbNq@rJU?z#O&faJ>i?d#ung~fEUm7s&^HI14(261#qJ1-P5
z_ras+xhkSm1(V_@>q{mp?$xV5QHHsrT3dnB*T}<9Khw_^@ySQ`AQ@Wxa0t)r=!>0u
zZD-&8UyQ(7-6r$`p<hDz>-_}#vrzT2KymG%q+-!b?tslV(#PsK6_{4x$id?Zi(=Q@
zZzX@<T?;~VsQuSt*wG(;E_eFqZ}LIB_TMQjYi!1BF0&LaGcyTZKhE18RaqiKqn^oz
zitxDoKx#R0$e0a7wFyE-(xf8h(!6Dkeo#jO5G5F<1pGkHTRCp!hkw5TYU8gCuc(rp
zYoUs1RUFK+Q?WmJF`PWk5?WBHybWMaaq{2B1HJB${DKLXd2)CN#h7sk=cdY)Xvt&h
zB@Sfu-?sy#Di_t{t>p)?p2>kb@Zh8BE1}ftLq#oy^>o_!=aIsi$UnRHVS@P?0ARjk
zR%HXJ34hfu5r#CLLB_nz3tsyP3d>Yx1907n465L6wDIflX1UL>3DG$k(kqtO#ayfQ
zR1tAruawLg_hjGuY4iL9Aoo~ezNz6FI=2V;mmu3$>cF;|;*GjuYg$E3^cC7P6Eyx_
zxaElZW}JsN(DNpVJk^aq4P0asA(P|6hNTcCRXN^qR}`<iVTY9Udlwdy@c%VfAH=@^
z(WP&fJost%+Xag77w#k5h|qJ>(TzmFX9BZaCoQP6jEF!9`SH(&Bd-{`x4kgns)v=Y
zIyq$_BN`A@BXDVB(1X+KLA|f%n-&f|`QdWg?mQc4j?EpEOF*M`ux)$|>T)`A6F6mx
zN$<s?ElBpZAq5<BD=nrCrgfFws?PSmAGhpDwt=VS-7T@tQo4=W>8D@&+i%apbg#XD
zP|$#ZZ<wT_`j+&A;8<<!8b;6Ln=9hm$JL_dYxLOreUD#WCr^Uwa`DpwIt3x!hPWm(
zR#+|^u7E?BkhLh$cMkj9hB??E9~~N!bY!MS_WB9Bg37fxcMBx1ulCmdy;%OuoRsf}
znFk1>c@HpS?F|Yht+KZ^4F0Z(^Q3Fki=q$#dIk=R+IIra8YkWB&-YamKGkT7;hk};
z=Pd~L`XC763hTk%7=YwW<3ST5bd^w52o=yIq|L*+<v@Nm6@_RsV*4(LlP;Mb*|*;3
zK4Tx9y0-1oW1xf69+H@i`eDVQiPekquTu14#2OQ2NVeV7Or*QpM~Hi#?jJ9OdzF0_
zR^R~hP7hv)qbi)g#`;UH=W*3Vf4AL<&prUAikWUdG=T_-1{+*pW=suW`fCJlk!$+D
z`Gz7DqP>*0b7ExLIrQvSiDsC|z{~zKKNkZ0W5H3A)j?02Lt3QQAgyN#4}tY(0h^W!
zQhoc(mJNQMoW*spP;%~4?}h=3Z^FTP6+;ku@<=z@Xg_*|JqQRLeBkL9EWQ!z&$LE=
zd`YwKGG^7am5-jv1E3r9kh%2)XJ#+;RsISSqkFv?hAGOEWG}9J5ov7Q59eF>aDB-G
z2t~01d@c1qz2%v|y>@OnUUKPj5<i%uMbt~o;J-L<E=(8-McQ5ZgsY=mzXv0qKgzk#
z-r&tde&OTD1Fsb`V$Lhv>Fhak>DDm+8LTM!pY8xLm#1m9^_aob&i56GB=6RPn!9zf
zSclg!!1FgI%zheS>TUJoE7n~8G_JBa4iK(Cr?vSs|J8Y-ckfMOAvdNj`s1ss$gucd
zLBXVbfxT8miE`eOa(F!(qm{LB5cI6YMqg*}lK&T8A@Xp~XOqPSL{u5{G60o!sQ<2v
z@+c)TXem_gasMu?|G)Tao+#CPJU#p!H02i*$ba?xYed2*zbEJvJbSfQ^0CVrH5V0y
z{=4McX>q0MRPnJF<>&uKNFGh)hy*tOiw5lQR1j(tv<iemL>yPIo6jcrO$HD>yH$i4
z_1nT^lNt5gN&jvA#|(vz)k>mMS%N{;JQ5NlC4(j{q|VR3#`D0fZ?g7(#uEP@)WO5<
z?(VMW%JWZiKv<X^kCO!>4b9IZr+*QW3O_MQtNFjkv*%wF^M4n4{zqX6V8Fk^|35;#
zt28~r!8ySqEVEEQ1>d36!5+dpG~oKItO^saev;Gc$Ih*H0SfXLK~T+r(>`kow?Gf}
zWn9qxfD2ez=V&OnT890A>)o&G!K)1DFYlG-lY_=Lto6>RsP8In(L%`4kywCet^XjS
z+Fl$lKf!<Q?`okPvX@=;0m+WZC!pFR-(RIHXwo8Bod@eZF^@@O?gt4?t6L?=m1@3~
z3mEZ5%v>88EOzZ6>MU$k75-c}tl(ukQPIx`wWh##e>(7As_?%l5v<rJ_xm_=VqbGn
zUXT=;USx2;Qx^AKms(fCLH6D4`%9Wg=&iKZqKtdNfIsp++-47c@D4(W8&icVkb$UJ
z0}E1cy{07<YpmN`{_P>wV}{GY<@AGY?RE1Ae4~zcV>(q?sGM>?bi^uD!{!|O@)^m#
zHsUwn=f5ntifP0|sE*S!z&oSQLx-`thKN0bmms}HXzsRoDaSF#5@$y<ia0%02R9~M
zh2d6&GjWj36&7K~9p*3eU1zVDY8V4CVhc}hqO1q@(f1-OqGinfvuy?1O2}j#_C*)D
zt^HQl`5m<Qh8pEh&GNS`Y9X79WS#g>+HPZD87a75bqg$~^Hnvyd!xw;eUdEv6a)W2
z-pfL45!~<6Gu;jJY&H{-`c(0YfV8DRdi9~ws8*Iae)1`l6duWiEXuq8avG&#!8i|m
z%Teh=g`IK3mykkeS62*X@?4$Y97GtFRxE6CveTc~pEm6-$mod<tZp60dxCe9=#u9F
zrp8ag6csMe#esrN>5Lu)@GU9`zVb+j_=m9spM$=rrMT9|u{jB&oHXRv!5e{ek=a4u
zSMW#$@Vq8SRxaCGAy`V5uBd~qpNm5Ej|0ax14i;<c$THuUqAx-ko}zbs*jtAuN7Qk
zjlJB<nbHALiiimOSE{bXY>+!_=fyQZS9xSQ4~jQYwMRds48#$=M3-%7FGj3^YVl1m
z3(_qa8tMFY;50)$CSCT-Y*=>LcmDH+?yYF`!0j^vV;b=S9T=X%<J+y;1w;4Njk)>N
z2EFjG%E-<SoJCZ><mouJ7AymmF`~+hNC<DS51|gM$t(I*n3$8fC1f>psOzDD6ssGj
z^SJ7Dq@oc9Ats`rC^HO~xSxpYLb{7!SQ7_zN*=ys+>!7Flvg&N`H`vXCRxLLqZjN5
z__uhJp`#W^QohGA6WxTrhy{7*+qF-2X<C09*ndw;fciugzo1zBtT4kD$UG<BYED&7
z_q`Iu0?F9Z>x}teKnh7%p;4#>sFXRbLF3TS#tSlTkB=_f@}R!`j()tEh)K~Pl&n`?
zHhFI;e$dh)IKV>*-EO?<){6rh;dx-lJ{x9Y;9^zd+oDSh>T64ofl6tnTGsqY`m4&>
zlkABpQBzWmgO_^OZi2WtSFbFHn9qh7$?7=2n&EcX@%O`kF>GEp>FInvV4cijyw0f-
zXgb71p}&7t=W5{<Y}Tpx{1M(F)UQjqFXj{@(XC*C^ngPp>YepeCk%zqcMRhUgRojS
z#-@vbh-j&)H2R^P)AvDzhW3<$w#LM{_tYhfNaIF()H-`Y2Fn?RKi9_SMZOI?<iHG_
zPcDWFHgS!<#}vXxfr<YEAj)nruzt5QT(wYxzf+VDtDqK@KM@9B&L5z%R@sYRQ$gF`
z*?+ZyWGs0y*P}vi+p4gj_o2qeBtNh+wna^nX>tOOjH+&DSDzqpf$|Hna!#_<O{ujn
z*QBi+{4jKlJWbC<3&93<w+0pMSD8bOkQtL+u#)&Xl_eO+6^Af?0I6a@@K)GEtbb%O
z8-2MFoS250?uPj%y9zRDBJJ-tqIRH3hV%|XI|QeLu7n4y3bq2C1t_Vc(zDuhkZsqq
z%EpldLC3)2r2f9tvZ}ZYO=OnJ(JKYfh(W0ZTS#?lm&L-g<8`o0|7z(`^8MU`Dc81#
zar@zL3f-2dvL=)Pm}KtuHz+Tot*MkDm9jE*=?Rb$RhVD^uV2ZN<#i;)TsHjpYf&nH
zf-Kq_KT&hN9m&GNK{$`7bUvD&GQxHFELda4JSta^0CoA-NKSC+_{Rp6L$NsSOi2TT
zCw>PQyX!vZNP?euJyRW(q}21i-(@-%8Y5a_L0=d+v}>4dfUuUxVhzhLSAw+ktUqq9
zOL{(B8pI{nO^q)`e*S#I*Z-<`(ji8TeH=NB6xHuhkE5u@y!nege4eL2qY+s?W`aKE
z0=t>=suYYLNx!BC_v7rWDJ{`W%K=2Ei<>x<Zw5EB>~XY0xsv*2IukVqYm|IJhyvXn
z#S4^;LnMTUCg5E$uR^oK#-uW>l^>zV{vyRElEvM0+#jGxLmPu1!VT;FY)n<s%&UCT
zfO8|6iM|}^X7R)0Nx3G<vP$mbm!#V;n^a>y1dmNvDJ&=oA7ibFxh`D{?=2eio&vU_
zxS(Fw*eXlJT3LcgDV0dE8}5<-6hV#8m9aFt=3*goc|g09ymQyFxKd7#R?Cerf0CES
zqOS_w#VkaHh|O^-nuamrvQVFj)S!L=x4O4@q5(wI0?u!$vE8|^Xdl~*m*;1)2dGa`
z#A0ukcak=8e$wPKuJP*S8!?{XrP8S7f(?7X7<IazwDe58%42-{Gyl;*A003g+b%-w
z=KNJD0|4p^?PRccNEai=wbFK;Ns6eECe?4lt@&%nlO~z8ErQT2b&kkFl#i<y(ETm8
zl>sZv#fV+|v5c;$Ia+I##`>yIySCAVDmG@YJyfU1l{3EivLoQto_&5b1JvhdZGN4)
z_2_SCRWKjT52_8GWg&u&j`(-yY-)PvXrC{5Ux2Ge*0vg+#b14b+>^XG9oKU?hiIw0
zAA<X2Fr&jWw_t8P`C;j9HAJ1iSI;ENs6|wz_hIu<m9(a~7YFj6ZD*u}*0Dkc&7=9`
zVL2he5at}x(!=aj%b--KEX7&(jcb#-rB1@1LNZDo1)g4sxg9u(3u8%qB|wj{AMn?^
zas|eX*L#MUCYg-@2wg_|ud(=tjz1U#sEG&)WYg(0%M>FvXzP!T<Ru`}k*akBCeQpH
z9renJW+VOS+$WJmNx_>ihpl%Kh!bK;HnTBqvG-^DX#ySpj0lt7;v#e{ZUoPkeRrwg
zMC@eb_0%)!>mXgClQ=7tcVXDUV!y1BC;-%kO>U*;pCaGF<f(<*Sq?;l$~I+^b#!@t
zVwuNXMd14{n*}@#*UB^_ROn_!>zyBBqo(0W%=;$L7Wiy2Q#XFH21_=8+^yz+4N^Ex
z_I`m9vq)l$kJQ&={ccPx+plMrYbtzZi))|JiZTBm(SC`mgcUs0mO0g&XON)Y0f?0H
z!5K*kdMDX-hs&&|K-wu}ILG8>JL{J}TAVzCrts{dCuFD9Cg=?IL#qkyyxd0-daHQ8
z@25f|!Z+<&qhUd_SrsH@Lc{0^A41X0$fVhWO-%^*Hjs<E6#44qAG^0*al}bD`jh37
z`ZXhD8IXe)va8gu!+DF|P>8d?$3Kx{AW==!P8l6YnL`lY;jWnKRVxaboCgbiKg(N%
zT|bGvpPyDKfs!$d5K|-!3Hq48>&xCCso+GTCNVSDck?Xc<fDFQrBuZB+k}Z5U)O2g
z%4GC-=op^-;<LgwX@+hbqit-<*iqgl*MVZ2KB)>xVzi@74P$5`T(svD2XHsF`$3p!
z)T|`39!5d(WT<p=uutk-u7qNOaQccGN3r}`h6fQUUqL4o?qS9yNWu*I&?#x*_9Jzu
zdeq90c+PBu`RYYe|Ep%pj6BQ&{)&Ta5Iufnk%mpKX~^#J@pgqX{DZvv951_oNUaE+
zf%T3vN0%MS?^Q9Z?%!RaaDWElVGH%)5?B!iyzdS#MV2O>RqlP!5ABhaHRy*xZ+UK3
zCexFr7vd%X;TpnAgU*!ICOc;|i7p&Cya0bt)l7j7x!!&O;dO>sV{W!)7KF<DNlLe9
ze%H!|gJcztTC`t0E2~4e%gc93UgpSCE`9shrd;#IDq>LLMEL0{1JK|bN=N@ka;Zf2
zkF+^g(ALN4jagxuq`c`Ej$d}41urRGy{}}KOPHvU8O<EzNLu1UAXK=&NRUWFpd;Px
z{qS;!LQ9J!|1b@s7$j*Go5)lW3q7yu+2=S_5v)(pTpNO!<T{+au;xPsCUqW8Tvjl~
zyY^}{<4fKzC~1>IoD9I|U)pacMzOaD#SZYJ-g36fke<`2O%2_65Oi`kc=LZ~p8fRL
zcVPKr4l6LPhzdVmqNA^C+p#+*wsI1uyO%DyV9L;g#bi4;$XLgzEL&M@UNwU~Hh$sV
z%eRK=JbE2dp8c%=?Lhp6op9Nzn9x^lMtV7iXzd#`b-@}zL^a@p0~dsR<;7$mL<b(X
z0G0y}O=<Ymr-gHfEr`=hAQsvvs+^o7&WBcSAlE7uCUQDetZ6nZjKC$rH+fHHT$-_k
z<gN(~HHUBUmyeV3cDb|r#(z}J_7O!ytt|FznjQ)LQ^s!WIHz^?m;S?`j~H|c6>tum
zVTZm~uEfwK>p(l}W9cNM=mZ7wtAeAF`tUXWT>nQxe+^<sRT_<Q`4$$kS{E~A8a<J%
zVBjFrda6shZ69CW<jR$i_Rw!2HRV<lDrgQObVYm_bzd*nSSc@5)TRiDv4$ZG{yZf|
zi#|_+1QiC1>csAMg|v+A&i5h_`#>$5GRDJC$r`1_1i-G&pM&obpuW3P$A|tqYt-d5
zO2>J{W}O1XwPx?Ud&{{rxi&?%)ysUDh7qnCDM*7vabhXD4X0kq7?)1f(%c}2;pGyc
zUkoyNlWAffC-9B1L$xh$PN1t+5}+%T)e7_BbJ$}GSBy!c^Rz|lSc?hUfiTsfc%5W|
z=ZldK{J@^4qi*{zAy^SXHv;xY5E9Xpsje|^=Sp8u1fn42>8Ix!42mi`R6P`Vd4^GA
zI?GsS$se5LHAu5k^SQ`;8(|Y$u0s`(GBrd$zb_rID3)&<9Xb{KW>M_;`uU8JPH&lM
zPQIp+le_IoQ%FTmwGuiKh!LcWux0$^IP9Js7X;M9ia7O7C*H0x9CZsmyue3M@-np?
z4#eRlupA2q@#ogV71EguQSWA#p?+bnP)CEC#D{t|A{t2iiDlerIni^7W+Xtp`pS0s
z3%$zOeT|phR;1R4rFCJUV0pIBdrV0~sO7N|ldnYk66c-)A9t*`)e<SMLRjzQv!r8E
zNfl7h$vYG7QbsgVjE*XA-8*+l*B7v?hGKmaM>*b5l+Y?Rhv+@7Th)5?I=NiN9ZWD*
z9N8*NyWL6Y{z9nN0?QzGJ4Y9j9~46|nJ?y^|C`e|;z>J-J9D<rQ@<rroI#@F(-+X#
z(j-Au&K&xEop#$x?}7NC@f}|8$j6ME=tiJw0+*pU##g^2lxIy)#6-mRr5c=~n2uWV
zq%8lu+;2urEH7M1)#MxJ5GH)h+Rvk{)p#z}7M~2#HJkVu>un;8FVcmIoJ=jv1BrM)
z%3)&N?CXo?4KmctD`VEC><>!No|NQ~=x;TOlJOy{#-DiSoB3>rQYHRnWB>~%7WNp{
ztI>bldXs&)vvh%BcAo#s4AB2+#ee*7??gyfaPVG3Lqm89(trJJ!S8Oi=1osIDT~ao
z!2c36Q7)T3AvAh||AU+P-}eemPYJzD3vDvJZZX*%vEl;%^*dQC#erW>0QP1MX8-!1
zEKRAI2L(H{x_|yFtiq_c0G_*tG_-WQ|M#(`_tSbYeg88>B=66Rf1e?eT8Wrg8!zX!
zN$5t1+ZC~EwIi>+7*>eEbyQbxfqUDA<_2UTeH&t$Ad1QPSvl6FrD?zyws&OJrjx-j
zTaaT}>boxZ?6FSY2Ab|K9!@!$LPeVtgC(-<ktGSK$<Yno%U8Y2c05;R-(?&uL%@nx
z<0Z>I9-NSyr^cdy(mEJP<(Y-bv7{HE!bk;&Vr_;YOJ&Y!V5%{7M_93KZ%X+QzzUr5
zYs$Ij(Q}OV;fxy(R&F~ywm6zOK+DL?EL59)P{*WPXhaFFHlH`L;hBgUPjI2vZUJMe
zq?enJ@qioa<olj{moBVRmC~pi&8qf^TX^ny=q+?<UAIg8VG?mC;zd;4lZMmB9eLPz
z-8lz=<b>y2hW!2{b_*hPpLx1BP9~tqMv_>vf6@IkxbtTk8`>%Is>beCgr7Azz~(Br
zTJ?EPOSUtFqj_rk1N%8&VDeq2aHJ;6jJOrQQADLl?Y`kOM1^K&5!4t0of7A)xFXp>
zO^@zzz~rt-#om$u$ygMx9z%~h$;m)CgS8kKaVr*Q5y2W*_SBKlFHPk#jR61~zoEs8
zTfi@vBW|7ndN%AKc(Z=K=VYd9voe%%4=Zar(91iBABgIJcD=o2wz3;ACv9=99+sJ>
z<iI&5E_>fqFu|UzQ3HDyQNjo{d72O7EoNvpJ{iXRBdRW1C<5$-$-~T@(`|MqI(6yo
zCu~ZN?z6=yKjtRCTf}`wn*e~ZE5v{iBiRz1*LuIb+grl?^GwwA+_J6RS}1dbwTrlD
zQ2DnzuA;94G8PI$Utyr&$%-o?K?eNu<0OxxsN4F(2i;Mc0lGr(YzY!xKHiNLXWV*Q
zh=q<Cc9l#7gUy1*j;_HV9?jcRs0F2TT5Qa~!TC_X!+ihZu^aQ9?KpsB9OpW$&e+bg
z3eNO4QW@(!|ATy6L;S*GToj3ISh;;pUg*WlnVniiWltGJ@<h`UbLP4iq~{+-kphrB
zyDYnA-9EQlW(vy4iq3_Y&jLd77<5`Mxp6Ue-qopQl_FLZ#N0P#L{~RWHQ}ZLFg@#l
z0ozbz8u^XTyh`loYB=ClfgID0;K<rKCqbl>lQr_4iScg7aziW4nL<qSUC@JZZYO~*
z(~M48Gbt0*tH2tE9;r5zcd7MgUvpF}n?9tpX`ZHHN4e>0e?n~_<c?trDxsbn@1{IF
zak@#xdkYAvJ`)Jts}$4~<4vmIFuX<&@!|Ach8e8xb^o9j6bG;^m?F?sdzyBnSmnza
z3rZTk93ZBS8%XHKX{%9V8_G-5ioggC-mhha<LH<4z(0WbV9!0iSQuFL>By2v?l8Hr
z8=4IApP<7$jABS$ZlAs$EMCZ|F)$1w&>@g&Ftv2_9FLoTs_SuHXb!0-8T@@S@U?Kp
zH*QY{FAfih(*ZaG3GF10^&bx&UIn}g6qIBxxp;G{e(VkRAGC5=YrN1nzl{DcIKCn3
zmu*$pR2t0ok?_+Rd+~4$_o&b)^&#vY-14-1xURdt$Sq-ak^n|oT{dqu{37>`c5{ER
zTay7sskBZAQ)o7}=*#L=b+)U{^<ONq2}pQR!si(`z5@$-#Rz*FiAA(ZakTZwr@d_6
zt^Ho$U-u9V?jIEhd)Zn$M4Tn<zqZo-?vB7hxajMl_iT-CELyF-Fnh^mX}Lg~1daBj
zW|eoP=7cW!WZxqC&AAb0{3gOu=b-Bh($gR=QC?dP*=^;WWCz2HLi`Cq)<=9Gyy%|1
zJrpv<sSkvWMmvL!eX06u47<bBdzb}Ry`f)r5iWYJT6awJJ&!!g*Onp#^qi~hT>O#?
zOh-i)S9C4%VVq}+M-RHK91&kYHZ;UEg#J1wd2T4B7sG}2#{G%brnAiSc#rOaa}{Hq
ztewN(uR)*+Mo_DNY0sq(;F6b$k|l1gOjEkE4w!>QMG-X>>%oppN%_i}wBTfQcp>un
zCM#)?)^nEC<mSWawD0%ZX9^9hP-Q6w%eN}RMC!pvRy?H|kW~5iLI#b1C6{5xjUI)}
z8U|LqBSC2z;w7VomW}HNG|WMrkQr88^N@b-U#8qL=4jUup2b(aCN3hwoe~-B-c;$t
z0Fu>viX$n687;I6Ttl4A&biWL8AuIZ0e*b6awH^XK4Wv@Z_A7R)sx89Q3`$%CKaMV
z9mL2nP@FHW0Fqc^n<aWG%tilG*0#Ake2Nve$<JIEl5?JKQRlint!cDMNnUW~KIV?p
z;!zsJ8RW=$Tg3(+!LL8#G}x}jR0LV^12ujfup!Blb&`<&4XBSSyzK78f??YGo(TdU
zMO+UNK?E_IQCVEzX{9xVbzl@hRFgBvHSstYS*Lx<XkmPcVdPinhhc;w&QD-7xw&K-
z3h?=rc2K|51Tb)xwGCHYajTLA!*J@8YxZAyK@OjTa58DJh3imW15Tt;h!Jy209P>6
zGMw#@T)YFD_lT^gYcYe~x1iajo=MU-8#+!qTVd@)YWp#I<yVtxyElQEv<`AwO7qJ*
zrso4ptYofvb20`OG#uw#=ik2vO0goVX*KveP`fzIF*2X1VLFqv$t&v-*~h{o#-2L+
zM=E$cmeeR{J6A!2_h}cSPg)DNfG7tq0ZR8$Y6Mb@AHf%`<jFPHdXb7uJ`_cqA~L3J
z^rbtF?j!!dtL877q&;qL4~&FI=*!2CP{lGt{+%UIIt}L--QGN$*N+^z(#-zj`X9O6
zu~`RMT=yRY^G$a}F{-|(L+<Q3@Fped3n**njEV1=uX1~RpeEqlQ040227K{S&-YA<
zk$Btl!Axn)9g0tXaC1ggiL=m=V_9x><_KQ`?dCPDmZ;aI^(+BA;cIp$i|*Jtxvfe=
zUHsBLxyUo2ZCfV?aCfq>xB3!h>PNF)y(cyarbt_n(ZrXZwfQiq>0~6$b+~xrfDt6v
z!U|^zXrn8>ji%^%DjDt#AY`yeBm?%)OB`1)8EdYEw-`U2*?NE_$WW=z5a}DM+r)m5
zK}nE4AA112S39(NBaYuee*$d^p<PP8X{!XXC{{G2d*aoRsti(HDsvmzjHpm1IGViT
zG&#Eg2!6TEccQ9dppYUC-re+)g1vJt(6-~jgJWrojiC{2q)ww3a9E#=Uzp1bM-tNc
z?kWm14zcC$E4U^ivQWzfc5v3amuTfl{6!m0%-{*}4YbHpu9X%uoG!Exi9wqE2_d6G
z&q8$+Ou;oGLynZaeSdNxF5*3&Mcm@pc&JhFlch8-vEar)rn+PH#JE@y?6RdeR5ATf
zA__t8_*7ATZoV1=AeaTZUlCC&46gCgKoHbd4*Nn*iy$dvE$keJ-D;Jqw<a?@Idh}q
z<I@InoOF}p>;N6H7qN>eyRLO|_(HG7NLV_)Lv{+%@Mvp)va;^uNC+t8sj)r1059XD
zAHZ++))mwT*}-(|^G1n6SnaqXf#E$A(~c!pMbguCJih0DLcdL%B%qtSGgN$WB;-XZ
zPa*JS<-quY72+i8RM3Fx+3tPuyryblpb3pkD(T`}Ps07ZqNuiJljb&sitlNhv-h#}
zgIYy9*K2(NsUtty2P&q!$E|V~$F_q3JVz<96Gx+L6ddsaUM4!T5<KIjgb@pjYcw=%
zWK}daF>Yc!AeSlU+6KnW#|2xD$K6OPz@zjSd<jNXNj+6yfC_FqC=2*LuU$Z_&*QO0
z1t*BI3Mt@J=BNKK5sn2#E5kamD-e$Ieh~1B5v_<Gj(9ud0g6G#RV9B(K;9wQQURbS
z-E5!fplJiU<*g*w=V^>4ck7k0@}gB#+qG=?ZJ7WQ$kE~%_|;aem7$bE$Sf}E{PE*a
z3mN;MLaACwJ`O5j>qp}Ud`LaFrf0Vqi+m-L*q}OH$QDxlRy?ybn4!*L=ozcfaS!V3
zD(5ccverY>yhHR<zVSRyW{jAG0h_Jn2hD_A7$2{r+~S%+p%}kCHLgeJK9_BtY5s{Q
zQ6e%-Ky9$$^M0<C0(^Q=!RM0hUsEn8{C>z8Bj%e2mv#wE4B|`Y<C~EP{w);{@-z>c
z8t9(p#T8gp=Xa5)ljK`XQUpQCaT>JXVPOb##7f<VD>1-)&Oi&y-sWb+NiZpyqK^MB
z6op*r1X~Y7q`c-ll$WB^i}ox|B=49OQ5!ovz>5D@J`_Pl)<#w8-UeDtIu^y`xnj#~
zZ>7n?B7P5^a=x6d1ki2z=|>YH`{~fKItl-|Pgq8;{_l7?t}kD%tA9T+fiA6AHNOa;
z2$j-)Z(uhFd~?9iU-wq;_>?Q;3jNrB;~5l=oj@B{TYSM8z8mfut@kV3E^|B&re+c=
z5ZDZz)nuEyJU>bHc+J4RVS1s|{~4_RF=w5__yHzkQj*8xuHTAh;jXc914hWUnN{zM
z5b5<=ad=l&ct9}#tI$f#CFG*te6V_VKkB#7(Q8d7L@HRaqw>kyw2GOoXW>a}<fY4?
zu;$yf{l%}FU=Id)In_+(`lLk4XrhDmVBmF#=|Ud!Q2!KGjJRY}p^2ddF1-^TA87*t
zl2k7%-9t-|d$itxmfm3w1!bryKwgi|73p5fkj2U<Zl9vZOY;c2vhDTf4>=9GTW#h%
zb;$jV6jeHL!v;2H#oTwg)&BQ)xFZ#QjNM%xDQ9Rgsmu^j+ghdDiTOCUEm;rkUSOgw
z6JjqZPnWj~CB6UnoMTgID698MlXQkgz`<@khAG#1SO+BkT)IOqxV9WvvAnvV{D{={
zw6F?SrK2Df98>2#Qse8|U0qaQ-J5@<UddrN|6_WAG|9yG7&9H^%O(*TNXYe-SZ5rk
z#~6Kg42{R^kDq3%-7`V%AuUEB5^%q{nZB@ZCZV0kdN!c*XE(1#xxCC<0My-K+;%l%
zj4LvDF?v^(?PvIb^Y~Znnm7KOdxu<00=pE0Ot|7W>SWY0zZY!%a;s9u>w5@RlbP@D
zDDkIz>V&=@$%*6OL)Z_U#MYg&HI3gDe@c{M__xziqvdKAq{^J?W^1^nt^sK)-*MWC
zE`W|0Hx*aBmb8(TZ2uVaCnhP^q8ed&?Fq++g%1WxRIl0GJeS%Ob*xA<cObJZOGe$U
z;aP*z9ecd(3NJlMPZPuZBYUa^+fFO#4a&gDHd}sxsK&<T8gb3p=x6l<?zv7^Y}0;?
z`H|NTEWQJB&2+D)qA<0qaDYi&vr^7fROZ*Os#_c!)3nB{_PM4Ho9t;uk_?2%s$a|f
zsS{U92?^DMvu7U5ry_AViKkcz43S~bVCk}NmX%DLM2m>lTWNS`xR(bJ$A>KtYB@JC
z*)IzvEf{|bYYkfxqHntB*|}&;x)O(q&`_tvgRCmr$Q--Y+y%!uGyunZvpn6ee~74B
zCK|sUEUntHXX1;QS-Ryf$GRbxI!Fbts<9XC7&{wbPwmlG&w3O7EMm%WvdFGd;#%@z
zt3C-}RU2aXbC^<;;z+?h@@EIzcy>vIU(*j(Xu%7eB&(eurjI9&*y=b~$P`;0`@4_$
z2YF%M$M>A92|B48Hf;c`AcgbAPF}xe&2rRj*283-Zct(L2z6Oz%$FsL5K68u`0I2z
zeWux#RUZlPYiu7xOC~;*8Wx%5lzO3+x;%L7)%QAZCg!o$6PRO$EYw{w{?;Hx43159
zv3G)#r)rtZ;-h-yh!=C&Zt3Wg9cNRjsvL;KGC`VIV0fp_*pmUqzE*35cmr1D*cjFj
zZa=AHTrA1G<&)!{{&W$w@4O9WdA~fM1#M47ioKHf*E<@brR-~d{Je6lAYUgB*{efz
zl%vCbBENjanKS5mbdTODfOznb#cyNH14Bs~@4Ai}oNRJ=zIRIwTsWN#^rTCJa%G&L
zxpnEiaAguO!Hxh_L>4xm;WNaqFC2zu=XVZkBkWr%7ilYy;l3TB2h1|{#G;EL)yf=_
zY&H9XXa{)zaIBenR@7HRTW>g|vaqVt)N5M=5_|ZNWe+hyZ(Kh1U$+=-ddb0G;`RA;
zTRQhtRYfAwN?;fl_b(E1alc!I#CNM;z8>P*vb}Jy6azG>o?*d^68p3*hngvW0JP~c
z!aFeUZMC$Kh({M<7;=qcUssKby<4lVXTZK$!H}+#mcR9T(tD5k%Ts7+-hTezW+U`{
zA7R)C9md`ABeS^%awfB+q^lejj9pFi>q+gjl7=sxQ$<20n5TV4-&q29TW(ZgKskLv
z{>|2Odj(MJ^-(f7T=1bI4h@3aYXg(l*-0tE5${yxKwesWPbn7n1nry;I*Jj+a})Vw
zVKso=*7WN|JVMdM=&|JF!|BuInUgY0NoJ6fJzXZigr%q!dFY5|E(T&SDE(%Zjo^*X
zL{|1mm47{yNkMkLurMM<5W$q}`3y7bv^UUOi4y2Q0OrHanY8c@?pRxK3$L)BM`vM=
zyZHGvvp)mH1f(^#71Yw=Mdz~Y$X|2l-JwN@_9qzisIpivw3@YySGmdOqN-wP>e*5B
zV_{D4+~Db4kjGaI$kccdUWycrN4h`IYv;wG4Cj<Q)QL6L=XvWmND(q|CF@FDAD$i5
zvH{tQ<LFO*XxeKlp|*I}mm`B`5_`%d4X$6e<7TxE5}1S|evgh}FE^zmA7j|uM1Vb=
z7~_graD-nxf+S%s-R9bh3HhTM37)Dgb_K2+9Y8f|0j4O$mv?iNZO=n;DG}b)*Dt><
zmgoi+H_`+f36n}|Jyu*X&%8U~dTpT8%Yn=oly$2fHbBTflmx_E>SUf<)d(ZsL7Y%k
z?oWC{v1XSMKAfv1MSz(1(B;Ve$9!Wm#6%B99z!$$-czY6WpW9o=c3V|?`Jf!Pt&=q
z58?1YZA|h2WNlnf=xSjgQgNe44hLSgvedm&LvP+pZ)Id#`2;~uD3p361oLq=BH+E*
z8Fw5M#JG?yeDLlNd=><e$p(l}M0d(uDrUe@wqrDS(Xl7}W+*x#W*Du!MD`^LUZ)c2
z_ydtV{Xye1N?EUuZ9v*UeiT7EUP{r_4eXed`0SGXX5tL_!sDyob6#;%a>97GnX35J
zaR%#5wG9aR!Vh81?@vr5Uad0c34kHH8pb%Znoi+~aNeua9%{7ejY|NK)1rt&c^LQR
zmIZ|wQI;lQlFfT7*ty1I;h1R6NuSV98ZJ&Oo~v<WK5q(mSSF+VY2yg<D_K^VqgTV0
z3VA2khhiFi<*zC{Se<{>7@vZd|DeTivOY)5cg^UZJ7wSwa!E)AAnbph0TJu)O8g}D
zc2WVZ_tKh;4I9QX@H67>+ldrb&3r345M;RLNAby3*jc+;@#<<0D#{IRq^TK$7mwaW
zj>@z_WJDCZhb*gkl{xRfc{GO1;kL3ZyEB=+3wS>y_{REv%^pcvoN-6ll4MAxxjeCm
zLt}qo=$l3;xb+a!*CI-41QI*f=o-jt&UUfCM%t2^%^B+)^G^mQ-{0jLw74#ce(^A(
zu~(IFalQ%5rf;Z67UJwUi}Cd1%=A0s%d@+kaXZRgcr)lra$i|Mzi#t;p>3;o*xAr!
zQ?9uZZ2K4;qmxd|t=iX-{V3Sxu}eJG8&jaQ6yjk$X4F=<|B?7S0|@Y3^1dvjc@;?A
z#@N(=+=NNH+l~_0@@VBGISeUSc%IgBIJ4^>Uk%+%xR>5q_>wE}kPUm*-cClH)uVvc
zvtwc;EXbKcM^>@SPBT1w9XIa*9fc!9zMWOqxbZXV32k^-Lj1w!xe?}!cx@!R5yE>(
z?8Q!8Ay;dSGC_&94XBQ+CU-SgKSZovs9;8{r=_zttbJ0}u$Qc$p>Eu;s`J9FDq7Uq
zy6?e3CeySJ<ZHmBq~gEjy=01lHFkqMK2o-K`bfXpBLn&1xX+vgQO~jEt4-trjgVf?
zF>zUl%N0VHjzz|;Bj9un*)Gn{`5y!PPFaw;qv_S$`CZ}w=i+E)Kofe_peIE;$gZvF
z^6Vf_)}iyBpe;Q&4D$1-@rjo!$Y(f-aiCQe1BYC%t!VSyBx|TY{!i6FJbB^BwE6~v
zE!39Q?SWIdOdXhVLuvhbcYMF2ewqMG+VMW3H?6fDp8hJXxsMXs3WLxWNoY%4ntMi@
z$8b<<CTke*r}gmRoXU$zUQ)WD;@8pB<?&IIy@>cN*X2l4mAL87c6ij~d2f3Cj-OA*
zr*Q-^mkcwbv4L5Q^J#t=>^WQAaMwvmPr782x8XkLvSO|1b`BOrsi$z)*)68=bPPgS
z;OCAeuZ@<q#&<zK^WsaZmm?#^g8kC}hqkwjYI9xNcA*q#ad#<D+})+PySo(E7S{)N
zDMgFB6!+rp?(XjH(w(Vm&h@T2*1PxqzQ0KZV<aI@?wrSUoY#3DVz*w?w=H0#SBpQD
zzXft)n6VBGardM%a<rks!kA57(MPWpqm|&j`A;2cgl&w?{`$JR5cmje+4TDdJ+%V`
zQ~NBse&W~%E)JXxxlD$Ib><$vY~T5Pp$^i6gZ1-iat+OD>Bztw<F5&{9TjCJT`>z>
zEO$MiXNp#$VezRnrcADmkpYk^+(%6+lX`RFx$B)p<Jz@)Q>$uqJ}fZ(@Ki{L1%ff-
z*6(o<`IWu#N3!qA4_?F(8-(dnI&j_H<!hV>Y+*%Npi1VU7L_r5Z7#=XbWR<9KoWXQ
z1(h;vm5vRnsu@hyEO+|;GHToNMWq5PUWq)K&*Yd1e_IN3tzF{BFn|pr8b6wa>_v&v
zmVOv2&+cof+F-AET8EC-ufTwgJyFYLA;BlYFj%UQ*~w2wf;?ZhF2J(5qi`J?G+DF{
z-`T;C9O>f1v1g033?1YDVG-H<A&HI0GPdnp%QzBIy#2$`$@;5o1pI@S^qXq(*GK+u
zADH-MY-whO4Y`WwcWZ!*oZM70fuAU|J}2iRvB|Gv-@?KyLjkauc@Dt+QJT!Jv)iCy
z;Qu4D!2b(XZqmAJc^1x8jgO5M7*0LN8gp>Ep|;|7!5&l{@iF;6C@Ab81(W@0l`?04
zK%SGk|0CvzL9Y*Zv3jZKN={sa8P}(5S*@@@g;89C+j;%Or&r78SV{W}a47-THGXEL
zr9F+)8ZkeX2=J`oiHfR`lBO8*cs=2O>r3VWH!IFGntK0Q2--PL4p_NhU@V1?G9b62
z`gAdf@H9C96KKFv!H%il0<TWz2pZ951s(Z<m<)9gQ!k7TeKaW2M>6j<Ye|T+EYY|Y
z{1f<KjD+gn3`^u6eb`*dHXG21RKuhqD|8SRp8bWWDNsqmRE{OE+JDAeT=CsqJ?x1}
z!xb~;CxJ-vl`e3_YcU3LcRz-%iu(-puRy@3bjFuJkK4MvNw)9R49YjtY5i7e%$>Dg
zbcmMrc#rI$N*~nhrrOajNS<_l0ZnUm^do$Tm^F=swhLqxA3h4aad*P+iHBI;la}bs
z%7s1K7!a&QQ4B|NI^pyy&Ry+Dnv3}gv3#e0xa&e<1kUGrRoVyigVsrw@B640uTJ{z
z1fWwSXQ4!ijTr^h&p>1k251h)nSyv!=gvjjCZb^GM5nr`PmO4@9iKr0HW#e^CvJV!
z2#;ylqVd-WD{tkRZG8E?F%gR3W$U0{GEi_l;b~N1;TVn2>S+q<Sle*r1x$<4%fc!n
zi-jO@<V|benK=QS28xlo(o3fydpGSMaQG+HdY|CVuDk4VtDNBbwXaD1wR^X6f+5_b
zfev{n>zE%sPSpB!lx#LB9E~K~ae$J`ee>p-<*w1?fdk8_B}!D3!1EEYawJ#g=eJ_c
zr@ezgN(M~JK?5t3F7C5lJPF1~nI0(ac;h7{!0~%0r;nRrxPd5_q}7DHk?dZRp>o`G
zBqbhqTS=riGz<24+;T%f#wWBcpP7yV22K2i*FS)1Vg)r92w+iR9UK)X1+3eaXRath
z$Em&^d|l6p^d|J@ZM%(q=SS9eY%x$NY#dJ;gh_4w09@-NjHv*0RgJ0#Ooc}gdJP8p
z5`e&*vxIju71m2&MoX-231K%S6~$^+j-3&^i{!61)M;VgPR-}*we{+&mz;226zF0p
zV*GEcDUbECOq+R=-wtV}d3S7SIw(xMx3UJxN|)G40t8k6giXv}l4C+D1JLK1nD}MY
zmVc#9z@NAYhhMW1%u-Sjnd^+R<@QCo=}Zz`wGTbCs(j{D>`{_rMH8jaz@s7?9G82?
zV75o`V;V;&q3vxpt%Jsq7PCT4H6DF2jlXvD-UCb-chq|4jP6x_PPT9z*o~vbM;#8o
z**e0`{CsyiG8zO1jSWw!oz49?3p9ZAPBSO|)u9bP&f=qYF<!A|^P6NUVp`bLmTVXE
zSxUSEEHvZ3w#uZ(^8=J~%~Lg({SuNpbsl<JAkB$DmnAMs`hbkv1iRtvfx1=1J_`fx
z-kFQoE8pG>HEftR(N8U1^Bt8zNUN5_YKW1G$*h{$$sT$u>X&aZe(2Pg8~Z?jh8mFH
ze(7?YtK%Z`;M~qT_hJP(vGIJ8n}4=B`w}c7N820I9bI>mZqwc~8<`=&Wrw-7xjqeh
zmc#Z5b_id@<^z{+iHzamL0oN#yFO!Frl2MvRKt1Z<rkOZS0lm80h&)~WjrcAFy~dQ
zKqcbn(J{uM#MW)7&TZh&G((_~8mV<R6w-zG!F^zH@<hX>%1gnQ&ZBcSp*qEi=c3bs
zN6~kWZTWreei#Uthlog>1Q>7YP<&O(B{;h8{$OPdzb-AV*{Za4{W!22t<#ea8W;6k
z%msGW<}r&Z4m_xJooY71Zp2-u!!S414ks#%w;ER55wup8AbwI-90QVzJ$0CC0o(V%
zgt)>QPQjIUQL&Jr4zVGpHzCt%W!HyNmFatyVQOTo6EV-aBz1Zf%k-LxKA4t<rMTf$
z_{#$&JS<+GCB6E~?C);;U=_$_qM0S~tog@6d!`JVC~uw>#Y?Fg!s&H+eXUnul<Bae
zlc2fQc*guHPeVNq1Oam`3SpC8&Zp~^7{f>Pw(Fpe!$G52RRw4&LbFV_X+5}&BkxKq
z7}Izik!-^~I;~h$V_6J}Zh08kfv-~BZ0XA|e-JVEt|FK{OIo#8IkIZdQIl|Ga(GBJ
z=Z*D{5X4ADEb>2&>}GKEXW*JQ0+vq#M6-SQ@%+(}fo)O!GWa|$=q7MRxm*k=dtR#=
zuKI3Gy)yr0_v;4L)@G<4C=wj)nru44i7BpedG0H5M6EIS)NbmHs_GO596Y+$5yV$X
zBp+5(PXkttys7nrtAoR~)$u-Hm9Uu|9<H_K{c>$%lo7lHYjOE$|5Pjit~6{&qja^l
z$=h2FoTo~;IL8#6g$OwHIAa7UPPuH4bIOP9E4*WS_Mx*{Y#`Kvo^~;O_CSWA&o+;G
z17=NhW#nLX!sCHdGjd7cF5rJKfqlkK(22`$`<hL~NX8so5=t(s5Z{oTo{VoXBs(i>
z(KQQJUGYt!mf|mzY~e|KyILRu-V){uyE_>`S6kE8aLAxb?}<cjL2oqr7<9hw4MoqR
zLgQ;j_yjQ@EqSZ|My3RULaP~z9&K2_^pUW_`qqnQrKq=T1|t&T-c+mNlVupkyO4{S
zA(U-Q^t|KNAh${9a=KfZm6rg*R1izud63Qt5N_)W86hIUEmEcF_^y3^CkVEfBI5#_
zWaB+Gklii}BHcPmc6U-^b`qP+Vxz=8PcgP=onK$4pLS%HYRr{;fe$Frhqb-ebtVv&
zh`yr<5V}kUO$Z=uk0Ae)mceYjB*hE8ZR};{P@-`MC+LrpEywGPzr~3r6}%?t-qeP)
z)q*hd_*v&t&k8M<{9Smv4)^Ds7it>d$`9M<RUm4*Nu;i&RIxs8n@x4dw9tK^i&i36
zv^&x{*<IK-_`|=}Q>L6ND#ODDUG*c}bDE($daJ3*0oaoa?Odg2dO;U`@6IRfRwrZ6
z`&xCqfyr@aFECfgFLnEMtMgH*l--8ObYcqX#jU0ET@T+vk3k*;wy08af%h`-2yYcH
zixj|BZZu0+>XDXt?L02D8knnXF^>d#F`HgCP0!5TbDBW)Q}lTzVdn0ln9^LCBz(89
ztEmAmljIfK>=7<xLjDK2=dx|VmDQn@v7wd9A+w{-hPz_D-E7>!&gm$ie2h1bd`WId
z7!Ye>BK_GsA!gN@SsUZB$qqoDE1vtgSoV+I@_pvcS`=w;V)S}$x+=4G@x=V<zXM*8
zrj3ScUpTianx2#z_1$-H&S^UlL+B5ts544kUElXqj4MVDX50_uk;N^nKIQZ9MJ>hi
z`aRHtXXWLEkQ0+}q9?EdAmj^ZC~$EtHjIZnX_XeW){bCf1OEM|-X#06AMUheUC`X7
z_E8B}ecRu~2D(i_(v)*HF^Dx9K<lvmkcTLmkK!^F7^1~VVuhO0gqNqv?a_ul5YewW
zST2~w&4A@zyLkoWieccw%SYjOy@_KhWOF{VM?8o$K7R-=q?X^fa8ZJK83d`TSN+bg
z1^xnaJ%DxO3F!IBi!5XNcU)-JT~>LAlB8$Z&bI2&gmb*}Endspc%jJP$LXGgmE~wx
zU^;CJP7^|K=*7JY>|2A;74JFDrJ!MIlDI>vk~djpo`JyA5#CJku$b`(;aPVGlKj_z
zkr}#bN)xbru641$ph6&eJ_IKCudGnvEoR)hEOPB+D2%+uSL&c`1JivaMFqw080m6P
z?lweJN*(IWMUaGL6kXqu(POgHYclG^!*p2fiJ_Cfer92P#vmj-ZEqm;+`~)p$*MQx
z?4EGOaQ9Kbpu$9`iP-*)73y%AZHw;M!y5zQSKJ!$T?8D0bBsOC)KaMd7omdn+ZB~)
zX5Uw%<g_|B>cU2-jmf4&=Et-tJ4x?<ioKld;pkLXe|10WnrO@##Asc$v^g^42@;!G
zaWkzWkGmUoa`92Y#W0Fk;-%Aj-GSgS>WC8rHPv^BgM?0~@QrRbPDoc{NFuNp#2$gF
zC3H*o^86PLgj6Wip$NWjNg>}eSCzDan^t&TyiO^r>1lAsncUxIt_+R?qXMd;qtn(E
zqP$1K5!EuMM<|O|Rbg4PL+DvNxzI(aw092MV-K7{%1bZ`tn3rSsuPX~{C7uiNy0qE
zc$%W6>QOLdPS9`?KNFBCPp5S^KM4Z%s(b_*uFfC%Cf-&?MxEc8dfg?A1i9&hJ&#Ko
zB+Ug*C}kT{)@#O7DF9DJKc8~vY?rBTw3uU#$g@_*`j~X?nD$RqNM)F<9*4WTXQ0%R
zM>1_Ct~5Io7Lk`-p~fg{>#LWp5|63zT@7m*v2X;^pD0Ad@#KW#xagh6T4(@9-iA-2
z3obwCqUZD;x+~bro)+Bfwk60LlIgN^9&U#z=VZ3)lJ%=yiE^d<rbChv5B)pW8FEk|
zVCrE|{bN<)aNsR0q|1|!?WX4yvai}HUscao1t=H?2uh<7B>5;pcgic(&b*2l^oEKe
zEMRTRsOi|oC{!iChP-XxR1yG8ClF{km=G)06p&X=g`1ZwtVBN^cx%%I#0~{fD9clJ
zo((Sd$C2y`ut(3@1kUf&Hz0IPdutw#v4X+u9pc$d9oV?dn>G0FL|&Q^40Vy@GA08y
zd>F>h;OS`%6c$I{KCL?aPCWxY=@Hmu;0AFCQxrs6`;4H+EujG%a#B8ue#W``bFNQ#
zTnVEc<D1JAdYYlttErusm|%`t&`F9H6{YVlM&z}qbytruiL%6$`$Udi&zLSGMZl0h
z8FWKXail(;pK?v9--2>u?da4D_k50EGg$eXb_te{N_fO#0~Y72%%94rEw__-2B!+n
z!Nasd5n}Px`q{uG>XXVO9uIMRRo455XNfwuIY&6|T)N^c@ozuEUwj9}-+#gu4Zh`$
zIBXmiTj+BQY0K?T_1U>pytd8~yBZKR9-lUr>xH=Xj|QsvTvqOpxPzL%1j!<U6@A|^
zhz1n^ZO%4Se0L-8QdYsTHg9?TbDgZI<+gZ<wT0g?5DyEu6s>s=CxPD1sihp*b<xFz
zxk$==)hJ5yGlTho0(z9sSuW+8RB$Cv#I7Wq6FOE!5o|aEQSZGve;7=T6bcj)&X0I{
z6CRT+4;!|LrsXrll+F<~0M?Y^Lh@w8Hq&4^eB72&Ig=?LQm^l^<mmll$m^cFW>Hjd
zF14XLBQQfC1dlf@FqwcAED3{db0fo{gJHyrK7{4dk-#bG)oPC7vK3AhJp2Qg2gu;V
zKs|`1n}hRGhbQC6N+2)#1(!;`&efe!<e2_uFo7e&JBFA&0&d#o?G_`x$VZCSp0PAR
z^Y&4@Tod2!@o9teJjtb1lD?agHe8g}3f|`Kuo@V<<2i$LWH>}0Z|~t5=iD>6<`8Cx
z;)DAkPu<}<cZ6iD>}$i@pjlY660V7y;%6jVg61<n(#8{V;w`ij{`NaXD9mS9gozYz
z<gcdd@{2UeyjPAnsdp%8GYl*xyWaKN(WN#JrsoeJlS27ox12}yjiV%D%Hr*2*j~y7
zh8KX^O2ru#bz7@{=)~?6>jiPj=j7aR7>|nLc=#t;on$iU-!9R%Y%3+ruMnc?eVC!-
zApG9JO?(C%Jn`11(EE44A4n$oJe2la-eaDcYN7b0g%f&09F~>C%}$w28uz5Lle1!U
zIJ}z5cqyVTZBWc8TV3te?aa>;=yusI>}K$fT>o~g_u;wimDP+fQS&WJ@u|l*2TJoV
znxbOqDg9JszW`F0&_ap<n0981@9MLvlwma7=MtH?<Md@x6QQvrEuFUO?Phi|qhH-p
z{J*xkhCd4%N_ds6xJ-tfTCVMQcqNtQ3{sh7@K0e*eqRcbtr#%D$c^L!Oa@8@boRn^
zTDN9)l?yl#u=-8<oQ3uXn?NU?)@s{<M9zn<dxuQ<57{v<NAeHX4BR+KNIvsc&K+0;
zNy5;DmQ{V7@)WtEV5HI}emw6Ix;K5Ydcggb*fP+5UJkC~z|a@hV7NG3moHq)Q@*m(
z98!ynz{y6|)Plfyswp@JLdS}k1<KHDnP)l+--_ld3TB7DDB;{MC`V;{`dE}R^&Rdm
zw*$V0Dkyix6f%~I)a*i{eV)(6PE}MZ5jAQ?7S-0xf5#UuHaDe*sIbV!285Llc@P2=
z<=M!+sH@(WiTn3@?)Ewlt5~oNh}<lF%7XQj3M^ed7TqlT@G;&55Yr^7v6l}JB0kE?
z;v~gPhOPR-rsh+!vf0Pu`8G}n!ZV;@d?p#hbYe3lZCqu0dAh?5;?}R01dBDbf}sZy
z*P*rKHa4rAH={X-=%!}g0s}O~G+6hcuabNnuIhA!De9C763tl@qUpZ*krUGPgf80@
z{~U_S+s1KaD6TvJ?$udYkm9FM;@-26({;XqoF5B+N`1e1XVV*uX(*HGQ{4`(9ZO}+
zzJPAG#)Gp66`eoaQl<5cbbNJ)P%?n5eT`InSWxAfSb6{Ae8@6r-HJ-g*n)k80;a-z
zTPM1-6M|@qbU9gDa5BW^YIg+NvnYFhz5weyIes@%TaS1OFm#tgUA)3H^rQ`|WeZy1
z0-aA;ZyqQCj0%EWZHzd8GG}$qtOVk&gPc#Po#*_UNfu~n<q@hL=14Xt3j~gND>@hV
zj+bHV`IBzH^p=zGq&n4rR5urBREh<DC?q_7*&QJQpSi1oXas%;_Cg^KsTXm7!e^uJ
zQ}+C9Ko}<wkX@_Opfv2OiPI~5upfBtJRYAvO4ULe+5MUQ$nHI5QMJ%4oE|!Y<fQP;
zB1|?mt12oU0X~hY&c|1|f&?*IBW1)NA0cqCEM>+9>nTvY%TnZLrrL7q+Se}xwyy<E
z3!-S`GJRy(D?fU19MGJF?5AQZ2e-Iu?sZjkZJ!eZR-uu5$Bv!Q_(MZRN+$n6X+e-y
zL`4*lZ{=91s=%ASB#x>jVWWjss;J!$`>|rXnMC}j4dYa^&YY_Sn2=|tP>YcI&#+7N
zn?&$r$;$ErpI1k7URa};v7O3HN(99N^KpLULqfAl7;7JZzd%~r%71{gzcbouoq7QS
zFfqgwK~q_TP$s%;9hhdy!ah706hGb#&)$sjZ6f+5AN)q{FL@<hFolMn*U{2kpDDOn
zJ^5F3(jo>9I4N#xH|}p0&xLD1>eVMv|BwqH*TM{{p*;VbxKfe{RI7NmQSD%D@%?VE
zN}jBvTlRdOkLCxo@kZmBbHv@t*Ej?J>{7Y%@#F~1G#$9kBTk06x;4{MQFZ8QmvRA%
z{vY8@pReaukJWQf$wOoA>_!tPijo3aE{X5xvE?K~_f8LlH{U{5c9~kDr4P?1`<W5~
zKRU}y<A>-X?}v9nR;7u&s%-qbYHPCIqo=mek8^w>eRTlm&oz>%(;&-dL{|B^sta^n
zD#q0#QnD~7XaY0$-ZRKA7u;Q2dL|Xj9sf{;fS^B)6Tu@daS`)=-sQ}P$I70dhZ+0U
zP{$Qx!p&WnBh`=Un1?6jQOnBn6sb}b7(rgV!nX2kh0tht+$c>y-_g<KfglXKww1GC
ztaN+)qRM6Zl>HOoDr0|7BPYbVZg|mmwz;kH+WsqC%V+FiXpgz*Tu}{4EW*?4^)ChQ
zT1Zaoz8;gKU~S&wC@mdRobNq3aKAO^O@1t=HRAK4ytdL*3>9&YYC9O}$@}iW0)#zh
zk!NGs9uOanmwUR4f=f%8te;0AY#bN6D{#8t*s|Xkj1RbTd}b4&lqW(waC|wqqc93(
zcA2YQ512ghlgvlgU=R21eVfb-*WArOMI-il8)GYT4308(W|sJfy^ZAxO5{C@)H;qP
zt+FIP&XMfiFjqzRyH}l&h*VgXa6q{xZFvAI!?Yy|=Co0QSRI>|@|!!4;42)pzFD=R
zE~W_3ZoQ%F0(+3HaNVhKDmZ6`>*UEM!)Lv;Hq^!w2O4t`rTRYO1zVOwfQ-KNd?%*x
zi5?k!c{nfhHEpp1wuL&I2ZT#2q;2bNZ+G~7)&>r@&s4<T*QH^NuXSg9O~AA})=YCy
z#W}kod(A7J3Im0qy<t$An1fWmV*j})x%daxV5O{~X^1GnI-8>Qe*?bOAO8ftvL}Nj
z&CFkB95J*&vtw`*3c4@wO~wt>FRY{8m*+cyXzI@C{*HhpEL~oXfQ|#ZE^?fHFoWHm
z_nV%^hpp|RZd2Ep9CY*)<=7IPV3S?Ork53S?bv|~aWM&3H|g5~ON!3m)qZ`H)))uw
zlx64&r51DraJIPMF`gY~?wR7#4pd7B7ZbIZf<Ewi5&N?&8y-+eo%N`Q>!O;=3x2By
zEU}{kQ5x{v@4F|U=*-nUy=paTa0I7=acDsnU!p1|Xy0pY^|;sc#(sPeQ$?Z<JZ5I|
z-o@Ba{e}0ZTiIM>*KLy47uwo@M2#@(l1pJ&-4)zs-boNJCOV;*%toiZCp&@=J8vlH
z<G=hSzPa&SG=rA$odHvh&x>%)3iP{)u$wF0=K=_ba}kSm_GlJHSFds7<5~1{aXlp5
zUaYouaq!6Gq$S4;``p@5drV*zvLb3Z{b0ev*kiV4{)3{n)6Xng^lN%{4>c}^@Tp(2
z6@T=Pr+%+8#_r|FDK$~yeD1y@PM7O(2Hh8dV&F9Rx<EVvlTAE(xi{H`j7oJS2(ydN
zBMg{?$e%mGP+1Mabd53zRZvZfYU*J&Ym!g$c#0uv#-E!cJ8-7{+>>^rN`g|Z_u9De
z&4^Dqnt&sNI$pVUbJUdG#G1ANX)I$9Y+NS7b;V>~CMQa1?qM|T4VU_XHAAxR7ok!~
z*yp&H8DhR^P^p@Uuac3djBmH3hi-aeJ|e)T1aHMSifhF;7hyQ!Mtwx=F}rAC07H?%
zs@Y{k5(L%=+1IW?<XbgOqBmQLd6?*@1C}?$@^<)3V{oaud+S};ZPuGAe(jLa&8Dxq
z9_+eHF3wluq(4?4;dNydgsJ8hy63JB&hBGrb;6w!$mjwcq@n^_qdY~GH`4VY$i)EZ
zg#3~=tp%8_s)O-u^*A%|EGreuR{QOjj?Q4ok(~$5&a{Cftw1&Qp2CZ;HJkgwyRf?O
zrN;7o@{Losfp>hTdAqH^wt~p;=cAGkknO!ndGDP3D=q#w$E<!kd1|CH#4G}fxtRbf
z*2K7Snx+-#tk?LE8mpqVzI<>843fTIt{wP(+FQ2i<y=@$@IvPG?Z|z&uNM_}b2Z5I
z>Xg^*#aIfnoxs-fn@%t}AvIpjun3$UzcKo1*UD@upENyP_l~Jlkem`q8BgbK9G^4a
z%ESKC$ACy9C>AM<-qw81uczcFUSj<>0VFe?65R{vowd<FK);SnE-DJWfG($Z$4cy_
zc(rnIk%Y<V5x@Y&NsFgW&0X?Z*2J-q4J83+_5eTK(P(<$C=t`7<E-;Eic7WbXDNEn
z=dkmwCERA^9WvC+seNWdK$cRlq!Yb05<RNpP2*^y2Ttx=g!KIbAsyPI(uMc7@*j#6
z1oV_*G90-DwGMsh=dE(g0gGb0nXbl6Wg2{%iQwgsuE(^!K=Wb6Fnj!?f`AAgS4o-l
zF%KO<yHjp*ix7>^Qj+dk)U|ge85X>a+bAGBEdxsFpX9-vIHEQ>zdw@j?xED%!Pp)h
zf0$lyJ=y>wI>6JHRJh0V18DVqp9jw792zH*tUKM_j!peSooxZcB!s%P&ZvhmQfKs$
zp2}&Jx!7ts_Fp7KoucAU$nq4fkSj*ZgnbIV1~A0PPp+^LJ5{qCTW|uoMLyj&J~rP$
zBLP8w0&L<B>?2z8DW!4FAF<6Aa2p@5Q{Ty|eIm|UOnMa<xA`O7*og=fcU(%@b5Be+
zt{0^PAb+gOK3i5TEU*IVHNM2b!)Z;s9doE~=hDg_+TkA5A2p~l*br7L?;%RYWB;j7
z^ZzZk2L5O9=3mRQeBQntwzjrLWyJjrW@j0E{`@)5;T{zwNlH?Z%#iIjbS>Pe{lm^c
zGGX*&{`VXHx6Q4<f9)9iZ-%Ko+|N@4L(4L#GP=?9gREavQ5j|fmJ{v(79DIVQ}S;|
z9h^rT4BqI2(|yU+mB=#WHdE%7;|vF`Bu9L>09=e-1~-AwC3?adzZX<`9-5rvhhQ7`
z<Hwuz-ba)5?sPg)l^*4Uz~Epq!96on-3N+r_-$eq^3+P`2=}NgN@q@8or1)i3DExw
zKWM@r$zh-K+ZY<fmwsNPasRh9o*}f2T5C3k-QBTpvF5w&h7GvJg%T?)V-bk8UXkof
z0LEI3*r}jf$3Dn-IAo~B+Y>dF<ieoU@y1lcAhRVs;tJUH@_L;*J!nvt=D3_5mKXLf
zoV=8nzghC{5~K*JEFD<g^sAyth*m*Zzj}fhP5jsiDKBn|aJD<q=3cPIQGz;jh9f2+
zQ*as^0D9<qbeWq0Ytq^T_j=*1jP$vmE=MsN$8y%w2U3;?9QCeU#x5G}BgZyHTQNU+
zxHy;Q(iQ^Nq-f@gc5}9DUGsoZjNO>~<?=;*v$MOkS@kuiDd859tVOt@Vqup33o49u
zUB>C$cMYjm`cZF&hB<MNMJuCc&c%>3enO5O0V6%7NlP4)dV-JRo1i?r<gR*?X<{H|
z_z@-YWF;yAF~8$u17cir{`pPmvkRTnYyX4d@fgIbwXhx|m*?zBv$qgoWP7L+w55N7
z<e9py!$gx1sIVKn-VxMGgKymS6JgvKWhEFjbfgxbMHIet>W9MxN^ETgD20HMk?(M>
z7y}QBBbE(gb0W&Z>r2?zzF%GyEbj#NTL@S^y0w}6b<)3NzLi$Lf0m_A0mmPj(NrL-
z(EbG=$GxdB>8t0Q^KQ_jeii7(aiDUxaA;6i5|o!o(2)7r^{8BvBon7+eDICifkEk|
zpfOYCh$?iP<Y1e0T?vRKcLN{h{w^;5e}T#8*p9BQre{l+zYQ;7iaPCNu6jnE9)Am9
zKg1Mi!0$KaA|7x+u=W$MX~%1Nn0lq07iuoY(%G;GMD^V8y`zRMQl;<63oSBT=ygjq
zo9Lqz7b~xku+nOtsC7i7$zxI$U(SR68&oac{1vKJM6&+|RYA51&F~O*3&L$GN1&;b
zXTVP6N}rS37ZB#fSPKczxNyScdRLpf%(#exyquw-ei?(V&U_^gBqLU*wT~{0WTVz+
zYx#?uc^b`P=cv&3ROKUVM0~6w*z>*=Kpbdk#FL|otvwg~=#<i_cgh{Ia{!sG`SwvW
zs=dKh051qLOZrG_M0yB1M@##1y=sq!N@RMhX2=Ni>6lhmnD8%Ixolg~vZldCOpztL
za<rN1m#N~KdgLttK5?uwPk#sv#3?x$m@<fhbkxN^z>&t94#q==3l=Dz5LmD5)Ufo{
zV7>~)bZW%JiGX>rLsGPg-(9b1SKjqze}_;xATCu`qKf%;k&pbKSk|SP?{x=E^twoS
z$t<E)THZ`Z;6kRD+nle>9*u6jqjnO|w(SktP&#SxRj6_WF!52d^=ba_gx#&!0bf4D
z4raJ=y`ni4^&mi}PUD4zPd7!zr6k~h`;9Eq6-=+`C#Tm;j(4F6V?3qX*?F4L+}#Li
zQ)A&P<H7{Hf9IEXf8&?2#@eEj1jt|uf_uGKnXXI5ztTRS^DC@FposvjqaXKTXoQwl
zmye+TWs=4o4-FO4B7k_EcdD<m&Y?@5#PT2c-G9b+jow*iYI4_0t}YE6=&slaW3^>(
zRd<nNM@u?jkZT`Do!8|P=5%N21yq24F+3jnUK8C`QI@w*WAm_EJ0pT7O$p39`j?mX
z?`ohL0HPP>#E+`P@7RMTD~hiULY85y>6rKrd&Xe}=7Yi0Cu+jZ4|j8c)Xu}kwlNQ}
zH`(>gh_2o96gX}cLypoum01oBwT{_JQ~frD;O!m+cfQ002c@Ebeu*x0?wh)mjJrA}
zCqsTv4IpU1Q91;r3JDG>lVvKKPTyyEJ%Dooo_nvdJpf02*lUUt0;wv>-y{OOMinA<
zK%D*H;ekv2+D6<K_Ho(lj0!ZFCrIC1Iu?E(y%ld0aUxl8>(;d4H>GQ?5-14WOa~Vv
z)@70HqH5q@LNoz19aRWCgan;)i|k>H2GBxrJQ+|pW;J0@TVQ4Ev$66DUIvtv4=+ML
zFIZTCCP3`eF!Tg3EotX=lB3kJmw6^X!<I|Cv%=lt^M+U-f15k2>Q?LA^ZC|xA3_^r
z+<%5-cU6VKf@xk+WFouuPF^uGFK=~YbCWj<ud2rb^hpPTuU&#L)oTnGXZn^mFU~uh
zxzBiK&GB&LNy;n*lszsKRFbImFf}lkWp!0U9tIq>{wFR10V~pa#lI3Gp%jEvVHTeS
zM7*Av$@#gn*as*%B-l(oWDB&uF#KwIY8|}RhEHVgUs3_9*pCfDS8c11TXA|?_+)Yx
zYi13>PW!9u`TDbBHs>mWx#6y|g(yCgK^aqMc#loJ2>E(ZnvFJhG#!cq$^t}c$lXuA
z8`l3!VH`-4sT>*LSP3j?8S3Fc-%;SHWDgBcZhj{gd+4V?IE|u@LVn)!uRVR5!{aBL
z;PsaEil~ntx^|V|97zbJkO+`V<A@!S55mVNI?fho%M%YX92WK0>dy~1YLX3VT}9K<
zu`<DH7BZPp{{hKp8T=K=d>YN(94Z9Gfx-JWfasxh6H|W&Xe>tPXCax#X}(OSu7b08
za(g(VuBlm`#QU;d&$FgWA}0iQBE(cb0hMVUnu`}$uP04*Rh7}ssP8b@w8NmY%aZ@>
zZCV_C$evuPj~An-ZpX}bW#p79k!^7rxh*@VezFEvt|)>oQMEULgsMjH?)2k1Kf=Qd
zfuHH|Oq)q7zw1~p$;#hD*tmxL*PYnjS(Rt*NK#i}s`|Z++}rM_szS91V?t5PH8D!X
zCM!Xf%_kI1g&6S$zg9%8k$WowD#KzKw7;p>ui;v|x$m~$U_JMW<NJ_u!L84v+5MFy
z+=;L>d>-8{Q`P^Xe4Z#xY30lr2}q^fTG?S`-C#D`GOeEB`r(N2gU7r5%hhnKcd6=Y
z{X_+7UwgZu!Z>1vMeIcKanOJ}`^TQ^bYsj_+0`}U^C(Na3_*Y2zoG&WUFip|@sET4
z=AE7{9OO6k-=bA>!yC_M?C;I2tlDRq37+)z7<FAO7~wLF02h--HF^GWuw+LK@l#&-
zLvB4X9m%97e4Un%biZKGOD1@HLl;}tN{Dg%n)S916xM%sKBfLOte>~`|M;8mq`S!1
z0tiT_Gb-T`+AzY9Dv!^sQ$K(61Ltg_GHTQh;<c;KJ@hexzL{wMCAc51gNZ{>{DR@C
zJ_M*HNxqGle}_0^eD0D_@JU$9q`PT73XU!hsl9RLRa7Z~Y9j%a2$*abcAD_^^i<oy
zl+Iht@0o#p0uTq%*KcsdYDK@lLnq}ZR?&EEK$(bW=_z{$*-yKtm~dGnSD2v~u%58X
zndU0bqi9zfg`E;Nj$v{WkS+}Z?wDH{G}{0RLQP-=9eab;0auhzCR*%p2xwtnKQ#)G
z!|MHyS#465DaCjys<+q)<4fZt1Rr}TmDpHF2Hz_QD1C{1nF)Kd9X|j;2G4FEJ{v-&
z;J|wmq?jq8+%EginfRBoNUS$R^!qDYC`q9GJK6ls2rSyWAvTev^ygnM;iig;&NqY+
zXf%HDkqBi<HeA&4zS&ll!D8COD72T(zfXp&VW}Nty-AGuC8w@wFp;WuGmCR_F{0DI
zaTPwB#>!Ock>0iTCNJ&{X8a*+HXVV3M1vRWCMy<M^>6w0R0$UlE{<>=dRFLDG4r}P
zB`o$!rB%lmO>^mFgv$t`SSlo6v&?Io<pR1zuI9v*bqpyc;RctW<}(-cv7{c<E|xJ1
zG*DVcYylF6$H)hY(b9D|BX5<MK-(L3ezbq{as4hGHOBKuS3HT|D?01dl=_+eI}_-8
z+lDYn1oFweWXcV2q&!)ytj6I<tRU1{;r6{c#SmIv3`os~VsQ9i+~@q}5coteNWiSG
z)Gz&!Qc)z4Hv&;^*GT0P8^Kgw=Y1oIOS3*f{PvK5sXO6A5CT-yZkzIoZ+bnB0sh!V
zyD#=0qK>F;Jx<)Tz5I!F_vLBsM#urrCx##4%sK-1iZye<u>KI}of|&dNW6AQQ;$M7
z<UJ7;x6-1PR2<)bM2UdVpcqW`k?-ZKMjR1P2%J;>T=fN$&kw(`RWNUAg2x3s^8*~A
z9mRi=erC_draUyW78k~wX*u3UCL~MIW#2nEU(I97W15C^>b~IyIX}Sf(hmW14xXc@
zZ^VjK(;3L{VS>@uWP*(X9FS~Hm%|3yCtVsV5W`egNTO1BFVrQSi6N=BJ~X3*&k(4k
zw0GKIyCn*{u*@Imt4)8Pk9dFlM!=R4zA-m;bW=#)vTH7t%l9+vg}hn3R`#JK@(pe&
z0zqD|zX_$bP!SLyxi99o{I*$x{K7%r2C{{WfcuEA0xygT$7VaAZ&pQWmafQRh+*zf
zp8i!$caHz4O@NjLME)laUS+sEoPr@X^&=d0I2aczCzon64#!z_*-$CmUq!QAkZ2Yi
z3epies0+o)ub+R*W+_wsK-ugTZOw1dEby;vmIC)CB-chbVe4e#>j3mgccoJA+0BZ*
z%UO_xa&Zgd=#6OnKHA{WkffNagzT067b+*LEa{07Hz&d_+51{<$gGYGQH^ttrg|dC
znPqa&UTWVkN=kXm<p{O-g4{ZAqh?tab2PQtP2QjiW(SSp-EZo(n)smoBl!6h$Jv)=
zuzI3N#1LWMF*f!CCM3BC%Zd>?8*Uk1e$6_$QnbEA7+2`9cGu3hW<k=Q9*eXlnoj?!
z$IyRx*TCr}ERV6M8AOPyciYRuk1NN2i(ee(T(t8kIV3dhc0FLFb8h3R?Hln8<n--&
zH}$O<ffr3Kw~_|n%6EY?nsF{jsTz?FEocjUQyucK9GX&*pZcnSi`&Wo*2<A=4h;uO
zIJhDbi-3FWcCapbBAm6VoJBlA@dSle*th`K3zwXe1v>lIYbK0A6I!Yn-b4xM^PGx#
zCZXEw{+o2Q*AL~0Y{)j&zvYa%A1dNR=W^N`4@wNN0fPbuQFZ)lMu@P84|<5vRR%TF
zSv_PrwzMte3Ok=#(|g`Sn+CiYQH}C2_g*0;NCsI}1AmJjH>8!H?MV5eE+yU0mt8(>
zE{}^Pta+WXyKssin_JD$^^~d^k<m5bCZ{()9&Ao&7vHZtm#*Ai;0(mF*1-W~Hh8YL
z1Lv)vH|J|{ukrNl=Ir#RRsYZf+l_=zdSL^<2Z5ZH{m*wE{nzLT!5iNKSaH?J`E*0F
zR~jOyD{Q7NnGNpNZ^iKWsV(A-Y-NT}C%g<n30@fUZglSiH7MqLdEBJnUdGso-&kMr
zoIBTGS1k!|E~b6qngL!KRq+OBdt&Tur&r!mVTp({YNE&)l#86W^N<A~JEb$;vq+-i
z@l8$#HE7Q1)O;dW!8*pWbXw5F^f+Jja^&M;wxYAY2zlMi`m#GUGu27-vbQsyl#8*;
zHKzcJ3vn5n#Fu&B;J>!wj6gB)RqV;y*0LL86;8PX6xR46BLkpKLZX%DXF`y3>pY=|
zMJK)AKQ`n3OE8)95Qt5gvBI6v^3Ll4`5o@=W4{|FboGx8Z1JF4BC^PqU)t|kGApSt
z+CCq=pXe>t$;<ZGf5r3T3;Pvm*8chp!Z3D#%jZoP9?t3QcMYB8kF3b!sp8<B1NVTD
z99tt&RB_XNE>RNSQo-bO*19INM@++uyEVg7IPo|`o%0{&M+5jDS(H)_ShBNr=fF6c
z!5?@2+g_XhZ4UR_{u|=IIVu0)PyS!a;ebD$(*N%qj(PcJ!E@NoY1?RWVyTc0W}GA7
zyt`%7j4mn4(OxOPfk9Y!6HRopMM-=zF7va~*M7Q`&PWIVLcKyeqDg`pcidq^G_@83
zK0A%Q<D{yc;U2PKlaXbz2Ac!+&=PuFTPMP~sEX`UJuk-sj-aYJ5sQ&=@MQ0q8b80^
z_ulx;{;yJI++)6}epP4wZ-)0{6xDI09$P%`&RaBG&hx_*;yzU+VDzNjF1dK>^LgFR
zrD&D;I%UEF5y#95r68e;_B(WXXsD_EbyG5067-nY1|AovV<?z2frYVE>d6&#{FvUM
z`YpXDT2J6-<fItcdB2`!vGLeOyfQjvX~q5E;8H>%W}R&1ShSCs^p-nYbhXWpqph<M
zguLvLV=2)f>zizf2Vu2x!k($yHb-D5=g7x|SWXiln22V>4r>&Bfe<?zYWHX=Drw6}
z4aDIHqSZpoTD?MI+tpo;C*N|GV6aUR*2zCx8jZ@Ra^pOju0oN;;2IB4;5YkV)NA|^
zqwqY(oJbX&{O2&2XOR5k3dm8m0J%14d%lxb7#$<LreA8VwA4vb85->{xSjBWCTAm<
z{g?rH#jKt{R@m|^`Qm?168~POMz#}Bj)@S4j!=gQUXZ~ID&w~GrTef<@_Uf@?>VA;
zyU6`7F(Sd8pQPCpYq>ft!>=)7Fw^4r8mthhZdp;8ScD0%74Bh|G+dyjxn6}`%7bgS
zC~xcBz6t-XcnX9Hpo_YL6$m5t*#3)}@{yJnJ&yG@YW(2C*ZyZ6vkv&b1%zK^+}F``
zy-qov7VhVoxbTM`le#uZ<oO%l!~y5B(z<&cLGDRsPMfX{M3-cqU`aCzAmS;;=2cBJ
z(cSfPo{>YS{%(B1m7>G-XldCuq0ThxDc^X5F+(G(J&U)u;<C#_eP_j&d`_6cY2K=w
zlZP11(g5$q5UCV&ar_YDvJ4aPrkO2F#9tPEN!4>{9`e-(aqy|%1Qmcy3;It(1%34t
zw1Q!*-KqpV7jv*iQ^8W9{g^?_*SZ|su}1YZ+_l|Q(Hh7GQq)3}5#n_a+P;`Gs1X&s
z4yG44=z_GCX->>XF-S+90mTu@HXNeq$nP3xrPIe~s31<3gUYwtTvM>6MM9hq*h;<u
z+rO2g0so^NEzkZRg_X}mQP<hbW?TTatB6HKm7X^%Y2h3EJG@nQfJ_&(I)Hi$rdy-J
zZ!YR4PPD1!y<+E`p%?_4(@<w=L~b9?Cp7+*6EUqlri?z}>50!x<&_K*UxBG>bkIn7
zXHZG=o}7eOhz<DB;Z$FP9aNbuf1sS)?V9u*(?n(0WBgF>B=z(KI2l1<Zd=3R-%?BQ
zLBae}3f%=qm>@1F5p1S%>DNJO3Bj{&tsPRf_<t=(Lo-%%9%39E3z*frr%ghw(eDFV
zCy~#&Q-zY%t$vS272ZlcEld8Z`>gCP)q5xfuUNevNsfM~;ei`It=E$NxWjUy751e4
z#+3RC#;G$sZvbKIjTlX+`P+T|W#5Q0{0~Y&chZpeE-u%vcnW2fUfGLbzcCmsC7D}z
zUt6MUzSsbbp@dD916&*YtBeiQ#nyd#KcIwOfW)tLN&a{?v|>|{ChS!<=V*I(N?F_Z
z>fF6l-J3kCHNT1XIPI5kw;R4HWM;WyCrr1Z`R4|fQ>{*TY>|K;dwObASgTnZvmfkP
zf3`CbsM?rrr`1dXQnxsyzV;;P2DiTz_9yvILSROUwtp0%CNHJ)@H)cGYwdt-YV{M!
zA>gL?;(TJri!&p!*lo;m`i$4JyipZ;s=FXt_C#m&Y_r#%ria%xGlMkZpL5JJ^4R^v
zzx+aUvPk#L4L#bT9)aE~_Cyy_yW9T$@yqK=U1s-iPXW*X>8~<OpKXzD6ILtAqlhk`
z$oO}ACE~C4iWfWOdo^^O9?UX=b~al`s)TUa;bC_~qr-g<o_aoL?i76XQ=zfyX^%S^
zt}saj^pXT~RWInq(x&gCuC|!*pmCQ;F!}c-hJOixp9(1*Q1}|rozf978WAD^&D%b;
z^&2p#WJsvgD|Lvlc}TxEb9{Ru;`p>!NIvShJ{`tERWo2!CVS}gM^5xCIOtF7?{em7
zdS!ptRzB$~SQs$Og4Ugd`CB6^9{!O4n@JPTfjVmrlQhY3EP@F3McSN&OwU6vM0N=6
zIM-AY*Q%4Yz7zwP>D@(jZ7c6y!VM|cp%g}~!Md6bn`;UP&s~*4`$*t<$IK0E>@rt&
z38{F;txc0aN`S}t%kG^<%&WYlZuPvq_Fnf$gH7&)vlB7}WOSdS@KYLu+=BCgZ2PWK
zjiYGTE-3!70BfyVqr(gwx#DzsDu;iyy)|3_i>`O?EK+wBZoCWd5=OjR&#_kSTuI6$
zl<y>A<(XViWR8)zT^Y~kW%1B`eq0J;mggWT*5&NnfEU!<M~6E5Ou-j|xmKBO7;3>5
zHzI6aPe7k%-7wuW0a%0xW@jBr-NeB+?fgj1@t+v{^Jc(fOLW6ALrpTOo}=b!-T4WC
z)9Fn$OIR^Ag3(&T%^8dwmH+0k&}|sXIv`-rtJfGJt8Rz(V!oQ&vFflV++Leyt)JBm
z{L!jJMW9=cg~8Z3@}=M@FY<gjw5;r>2PT5!a7W-ZtbCfAhH`25;fNmvB}zJwYiIUS
zb)F5MwZyrRUbw&E+~O~E?se+|Wg2Qs-$qhD@iu;Q?n0NOQn<itEAmvA!@K7e2uski
zKdUa3^lz|v+I*C8*?FcpddS2{jR?}Wmgx=@YmN9`JZN?rs_OLmKZf9;;h+(FtFn#T
zV&Gpja&dRtb38NGmJlJc%Z$5=ixF~Bx0y#o6)&L-GyI8E-<brIj-JGdH-8gH{_sX>
zPT6}N=z2(KcMlEm=>kL-NKC~`T$V2`HAr!IbVzRyn^Wg%4-wV860R7%>Ky#Xr^u+X
zZoMFqb5V^m5sm<?8<1m%=!qNuxiCO1)^jR@H>A!qhipFRed2B6qjx0pT{Z8;A|2}L
zqDTcC)Q)9LsZO{aKmGF|o-U?2=_fM+q{TLo3dV%cXX~rNc~H06k8o?XNb}CPX_~0l
z8CAXIn`E)6d5z@-5Z6Ry9Ng;?FC&+p;)4TG^<9#nP#*X-l}Ej=TXI2N;4=M)MAixs
zsZd6hIqko0b@t9`EKCk1aC8%Oeujq7e&a2apFGZi0%m#J&RGZEaUj0K{F)$qu?hb{
z3ixZ}h*TU1ixMb`xM-WH>ubmIgXJ$P7&ndMYbseIJN~+EI?-l@YW=j!ILmS3hu1FM
zLB-7zz<0O+1UDTlgmX@Pv{9<?a#rD_1YV3j+QE?5BKO*Sac^!Kx=@j2?Eh}4{EtGr
zREFOQ?Wk)!#pDdN+{xIUtj?#`90im&K!(5g8}}P1uw_q>`Kee~JQ4ctVZrpScXY&H
z7+CO7-gyGoOL+rMs<CHvESPKvW%nJ`3r%p+ogf0gus}N%|66K-H&$Q+XME1)I)u%U
z`7ttg!MCgpSM1;G>^d*XEnOA=Nl}Sg_)}3CZ;$x*Hap;7b#}o#8U@-M4%Z*)CL%$#
zfQz|)sx}|_X5|BgTVsqRtQcSnda+hZXdE#HsA0A-N(U5?9S&|cCuhp<j<YT$zrA%-
zU}I4mu#<TC8Qsd=Ac{#_vPHmCaaFok*?oGOgv*UHx*lCqw=#b$LF!e7ud6>D*sV?i
zI7bck!mb{--D>B5G82esDg{U05H@aL!8FdwQo^wRN>n85X?)caTEjc11mFe9LQwCB
zrb`bCPmi4z(hBRI67aO%qAg&?NBnTQMG<UH$o`o|q$^c>LY7{ptr0V$XYKGDF#^OI
z9J<ia)v~oMI3RdRoxJieI%0<c4e#RtNl_HG2SXLDVHG)fS>noUtet6S;5AotSX%_h
z0rEj38_@2f8E><ejGk;%3Zrj#(J`|uY_^_Bb#~AEMzc-{A4=`JnPAJD!r;2;_||V|
zu#E_rELJv`pg#(GY26^T&j0D4prY>gq4Mu{k9p6%YDdLzh;UoO>;+buF79}LJp5VY
z=d7MeF2^;#?0|ec(Mq11f+|8SXp7HNV}dm-x`*!d1A?`jyUeK(At*Pt&|A=p_zh(h
z6)VovRH8on;`;ZhY|(u`rPpR9^Dx;1Fae2sl58pm`dAh`Gn)FJvB%cV!=4NNLO;T3
zfWOlZRXgO7TqvsuCKF<G<<Lx<t<9~P4*k!4C7Ve&+*VKsWcDOYPRv7Wa+Q~;f)Exp
zLY~-YW3!xV1=Gt{mE#VeFll$3Cox1!(ul2R$%AI#0fLX$QDI7PQ%}$FcMBz3E-8xb
zxAHwu_a5+m`}gv_feffY$;pb#J5C3>^nmQ%MunDYH1k&OAbL8mgIWZZ+$|#=iLKPk
zTGghOMS7|c-Yk&bQvQ4UUV&AqivVQ4J^zbN5Y8b%Vo(ruB`N|~Y(A~PJT&?E`vEqd
z@<3369rU6kbGITFRFnN-nTV|pjujx#nDC7lkvmh9u|Eq|9|`@scT2u}U@*&g6x(1E
zN^HEr^Z-jo65VBtMYM9tQhLe;T!G0DW0`+8&A4w;_DtSOwPT|SE2VRH!!ICDd`iA<
zzZ?mg<2(xBLDm*2FH8y&SpnLk^bUKzAGqErs2Eh|-lIGPC7(U4RDGVkdjY1f_b?}S
z;d^vowhlvU=CeM(k0+n0pQD@qvw=@hZRLB{;R)8I%v48o%A2wJ4IxLkwJhbdoW}?$
zJ8s-FW?Kh$%ETZ&UUzysnbq!V%7JLQ5+om;g^2L;MxqhcLJ>&DQ^F|W#i}iwTcX(-
z#EfKHw<$0)O%MPA3|C{~nT)QaOk2AyPpdP4efIN#;51QlkeRX~wU?fwD4V0-7UZpn
zs1!k9P!}A*$Bt*iY}Er+426m}J{Y57LcWAy{60r=xQB~bS~I%<`oUm|a}5ql-c~W>
zmOAqd)ONgy#N4j$^nv%{F6L;+Y}cd8!|P82r{4W$0qhUJnAz?6K%x#friBOvVlw^)
z=XRIZ+XhVz9nm{a(8d=_gG#RT%005C8K?ZQX~|}sp#qSr!?803+EjQ9Hx#pn!0~Y;
zF@t%BSwT0=kHu8Le@la7iVao;(G%aCyv0AC6;9@mQ{Tolr)aTFqv=H#6(R14lO_sX
zFm(cA_vRV6Bj(C)3RvwblN{ODY^I%SSdPHYU2SWOTJ}6f_fpW1X{^IrRKtXG=b|-=
z*IpT@fjZLsjKkgax!5+<_cD{JiR9JK{E=0o!Fxe<>8vJBV%wv6M9Y+!`9d<4EZY$u
zmW7MH#Z^(`j_P$jo)px_CFv~*oiOG<y8eLwUD;nrWVWA*sw?D+*17ywDUtCb<*jZV
z=grktigAy!h=L#R+5|ToFJ3}cYSb+OKUMKl*^Du!@}mqqzn%&r_(}L4)cAK-8>BP$
zpR$$S>Xk9vNXK}-Atlz41Q;NmGg}f>xA`0byEIi|2UJZO5SX_VZXcn=j*J@q(k0mA
zzn5^+h|Qe8Dp6$zad6l?HosI5r|D-YUGOPULCMxn%wG*u=x4;TN~O#tK1&<M0~eqe
z8Y7uF1m&tv7uE|Q5&;nnrI~w|u7@xy?_vPjEtp*t1WcC(Ng{hs8U~UpxU#U8b2+N{
z##<B+F^ze1De?ODM3+QUiHp2Nuv9@1Xz<WvExvZ8k*uIeeact5+eX^O07Ub44#^-*
z9~0X(u&oUuov(S8Y5ss)EC>=hj`rDFhO@4CFu564vKtCKm!ZNgOU?wp>av>Rq(I?3
z1?IecZwTELEp~%b9d1NERJ2ACzInvd$Om+Ukn-fvomg!vx*@>@ZOB@;D3Z%7Qe_1A
zEA#_VEnBE~Uim<(`fX19OEl(Ef0O%f|EQ(379^JaCoKi=`OjX;?^?=0d`?I54>%IE
zk3!5B&R@ef8{xatH&rN^zp!z5hc$npvu<I80M*{I1@l<nq%IH8guIx%$WyT_ycVmU
zqES|%7mTAL9Bp#K8p->toaeL|o`saGx`Mth$&DnaJJH-v3b3T^i2^4n<8^S!sS%+H
zt>#UR?Cc}f5?_aIxgu&-`>2NSXFNF^-rYM#vudHyI3RmfoWys(t==zWCZTPcRqQ)|
zvgywWJ*M1d;&RVrN!OoR5ME?<`+6$0G3-u!1J2^3sGv&~nVOy|G})HYXEqP2$e3dk
zdMa(IXVZz&0OX}M3B-Aq8Ky)UaTh@VY-b|C#o5|miNNvVN~3%7RQ>3-olv<Qjd>?d
zG(Uief){b`|Do+IgW_5gZQUejaCZv?cX#&?Ah>%VxVuf<B?NbOZ8SK+1Hs*$#@+Sy
z+Gp*3_IdZ7Q}<Q9*FX3*Yu4<dX=e8~#y1*TlzNPU1C_`22Rl@au--0N2K3|y_LW6`
z&QTqllakxeMp$_9gYDOjPf30vFJMS#;gG97bf!Rj|2NP(nSiW*{0Gki{tf8i^%gCD
ziLB$bwKp@&qJzAM#ySuWod-Y@4WxF(%aLVKe_H~Te6{J-hBkHUXueu-y0e%FH-=@p
zKDb5Zo*Z|NszBi_I)!?N*1X_?K}W1mT!~+eW}sl^LC-8%%rv2;UyB63MAy;7DW-&0
zH8XYrfyTto3*U-!s~*$~-c{3!tm;sM_zT}uo98#&{L2#fR{=#e=W*P%P<rG|3<*#0
zXa*4$B+t`|<*A|^$E&(Q`j;h;%GK9n5Yf$W-~^?>f*vGR)@HyH{7qjtV$^Oe)-Cy4
zeyu0UP<y5OOS`Io5@XSTX$CqrFn94kG*IZO`TM>-)~u62bQIldoSTnw>LKVcEkeJf
z?6~yZU0IR-D{g#OO1Z^$F*IWWG?~OHWY8#V_6Qo}RaoLYj7ENX`~gyaQhV0RG#AJf
zNxHL+-mK&Gastkdpxo}R|NL0!W9?iJI8UeTwVRFpKHsRGP>?ruOGyA%`z47VDmTW-
zJh_T<G$p)ZnE_;*fqvMpF_@sO0mnQzcaOp!jLioJK4C_u`@56B{syOVVsP%53R&j;
z+zJTHkKVs%7nRoW*Q;1fJIWDau&Begn9R}71IYJdEoMgPha}8Ophgu(-}EKhOL?!A
z_qUX|MXlLbllS6`bqyHvFURXdRjdjXB#z?yDwA*AWI$|NA79$++(|{aX@ZFDPI?-n
z?(Yhx>nvnxagGJwm9rD3mrYJE+(c$Y8Ml>2RtWdp9B&bg$DDjcP#p~P%<N=q6kSsy
z1^&}?*c0}b>2Lsj-@pWw#C3S`AXj5yqlPc1l3fJ*rpMIjLk_2Sanx-{&T@bNR+{7v
z`tE~v&~r%nFCFyvBg#KR)DaUWV_{n{J?j*<_j8sJyyXR4J+AEPB!m6NLS^h6g1z+`
zoR4eE`jG<LQLf3q=zRX<Q4iQR)xwTCaALx3IPjp4@9nTKBY&n^`6OplBRZzO`#$%7
z5(|cXnumx518`<bkT@9#JKnaf1vIT)ZW;GmCm=ueD)(JaCRWA&SFfOp3VjzQAx>Y^
zssN^%96}s$C`jGZ@;f3D#Bli0HOYJ%-GHJ`ZR<DbYGAVK{n;O#z`f)aM$-{7Q-9TY
zmc_Iu_ocayYwDEj)DUSlQy1O-cE_?ZJCudqH;{`L;wTyM&dyqwPEqUT+*~AhYXq6L
z=0xcI;Vh2sXIcN2J=?Zg3FNSdgIuUQ<<@dV{SIxwJL#Lewi2y^<icXGxhqM};b~^S
zWGNEFz>-ir;2hf$!WMOxi9~hIFWdBM!3T|hXXzBnP$e9G#KgDBWaNQK0L10@&6P7e
zg6O*r2ORT3KPCiz4eKT}`2>U4&WD>;m2j~)7qS_;2)If_`26(mM{bDv70@Ht>exUK
z)d>L6RV$b*NrNZ2oUMxJ_PGovJq7+^ufv^SgH!CKxI29(#M-__G<GXcrAwCiuVF8*
z3FeiSBgmacjWbcx{imNNQav}<qi${e%XU#;*!tZ*tZ;ij!+?a%e_iTOGy%%s-EcI5
z6_1h3Sln`^?v`)DB)Fti1>SGV==vW7fZsq9h_=S^+S|SH@$6z&c&Mp->1;1-Jj2>c
zp#?Qu_;iSH1#Y}IO%SeHh@gL%G;C{{-}sqUc`FzhF)wfsU9YwF!h4%DOLQw(+2bj`
zQ3bc}WrMu2ZL2>iW&i3>W1})y88sc{$O7}a6`S`x*yC_AUq9%NXF0J8r}}*wU{cuu
z>*{5*yd*D6;T+uasafs{Eiu>j&L(4foap`B<P#(Lxb}Y(NqYV&l5jd_-gx*J>kG|)
z=B()xu&cQ@Oor`KCornh>1C@h#{W;AONl8pe(K+28>)z<`C+JtU2~%bkM#v(QgeH~
z0`1qrLEIc`yCm?xD+&MK841N(3Z;A2287}xssB+Z`MXbYHzHY1q8FnUjzc!2-f+XO
zal$MRRkCeemCb%sTG4Fk?y|L~P_AqbG(D+4_322R=*?eYp1TQ}qGh{HU9NRrl;oN5
z-puwgaZj8kJhhH!I|>UKupQx7Jnr9un08b1f+Np|gDF<=PTj^Bds?gYo)w15%Fk?F
zo^~*P*y{X)BRh1qs;a6&8rGk0+RgqJ845hy#<24LZsG6umVUWGrvPqH9g0ddTaD*E
z6P!C)hvwHL_50qnQNC=(H#S)w5u85{*nW!>^TqTsh}5&L^)Wt4IaT~u<%Dh1P4;Kh
z_T%@TmmRx4Z}d97t;<NyALSmWqv=DBRSLHTcE4>A38Q^m6DqKWP`AaW_jJ@N>i@=}
zfyzHp3qw2eoowgZ$DLMvxy!}^yxhMi$(s=VQXP6+T`m$#^IJ--bn-C$H#k~Sli1|{
z#G@SnaJeeWEPwA>id`XL0jC_}s7p;g4j1e$EvJvzrOW$Y?WY-ljE>etSm&`#<@{#4
zf7$gBii||KeW$1d<el>0sC4XAj@))PZ5yZwPR$D3hhH8LW^6IiXw(j4ZV4%BG((iJ
zp*m+9(ms1XT5-%w77pmFKP?ughn<)&+o7TBCI4?t5~gjK8VL@;WneXzHy=&WR+qKx
z@QRV%c5aft1|oW2si<m<pA2?uIp&58l;i)ye)#zEm;JEdkZU4y;ICODf-09T?$X1~
zIoO^N8VqD7uTZnUOB#g#oW<fWMXK@eF;SFK3HfK4gy!vk@gPF>&;NR082%ri^M5_^
z|L#Dlj~q=64f4I#|8aO&$nW33Qzv&6W&Sa-9=7oJk{7bm-%DP=zh>6|dCmX7dk~$M
ztZq4b77}CS<(!Iv78;4B=#Hu4ni+m5)ao`wNfkXj@)pUUiJzxflg_3k8JS;e5y3TE
zU2oJGG$`yQhom?%e<~GMO7@h1qiY_mSw8#vpSUB9INQLEc0VkNa%gC5tsGRy>e`~l
zG=_Xv(}tHnz?;ev3h8{f$5$0>BvMS$6<hMhIU>pkrj{@V6tWY#Cp8yuk9%ToN4g`0
z^`gq6(%b7<ZrZ^8hfseBk#}qU0@Z(W>S*g<xH`}FB#^3-1zwu?x3N6hjOa3qz8UIb
z%QY!y!uS8}IGAklNAebI7LF;-Pm;2tI1jaE3Ma-(fX>;I*UH_5(-!;)KK?k?SFw?;
zGe&wrYLzD`gs%!iB<55X1v?*zE#g5xbuwPN&;^`WNKY;4ZD}|Z4WRC>0-xRa!9pCp
zA-koEO)E(MH-P%?3F^bqf(xDwigP|YKuH{##MBi@kLZCBVH{NBG=~3`@fl~f*Y${C
zuOCiFcz_W99|%iQL4PbOP#(43_&E!QgSkRv0V~m6Ab^DaPXh^_9@DgCl>lOOI|)}Z
z90`DikVw+chgiY67<Bo*_0PE0o5-cNb(Y)Z`kK*HKd%(r4_q*x-nQ9m+Smgvf@g4v
z<9k+yAZ^1i+Q2bW(e}!>tA6kJOe)>=5?sC#(?LFo*1?F@5u(I9UKwxxWdTGDF>B!}
zZPvWiyjD#nZ(eRaKj?2QZox{B(C;Ikr>C;AC@raI2BOqaTejpweU>y~J<lY!APv?D
zi~1mc$=^lo_6W?KZbZJv-hj1!X3VaS{N_1&Nw!|lkP<Z&^TyuEv-`b0-RGjmFAH7-
zcBhN6;94Z|gtgRSeVUkmZgb&%`jb5Fd&RSQCr>YQ{4=WlVk6!v$-KsV%;89Yl{Bfj
zY5jLu4K7nUGFK?vTXP7I&U<H6Vpvj_uYeuW`76Xzj#yP29bmxR-W4IEd0B&N9YKzt
z@tgllV86J2_WHW?NSH%4CSmvVDs+K^N4{a|=l4k)tq!F^sem#|z3zeDw450K`l#P&
zk#XhQa;{aeGQVxA)+^(Z#kWb9m_h}wp;Lz}oYs@Iqbe6ebuXHiYf&4-YnUmhEh!q?
zn#86!?j8~MOW@w%Hq-B|Bb+zx<MYu^%HNrX9Vc_TYr1nj(oeZoty_^BHQI(Y>||p<
zn3Kf*tQm{?8VQtrx+L2%(~ysI*M;)Qg`a)kO2Cngbt$3Y5~WBUhf1gEQPzb`*9@xo
z&3@LJ6-Gi*N6iu0FESIS?d@JfSV<u&Gs)a_6CF8FoeDT)@FEVMmz(bqNRW!vSjN9^
zW$UBe*XF<RaeWJSG&j!42B#FaA)}WTqi1E}jWk1?=w-xUP@mWF$d`v%e>YP^IiG?B
z4Nhe~zYKiqzGXvEy8|o9&mdVmQOgDA#kRs2<pf7pQ)%*HsELx|sg>`^vlD7$^l)>T
z0A(wJqYVIYjjq&9T|>F*Ft6KBy$N|I{{5?Fz>g8_lIjNI+ZRM0heFayrt`P?IH$w9
zQ5tiW*rCFo1YwdWP*j_c-W|wP=yW12O|1wbX5R2U<vy`l@=Hk&i-A5thq|%#SwRV}
zqk47pDV?`*yaqo6yH90Asam8Q)w}F<pEPxf1u6rmA#Ir**h~9#X?@oD#<=U58cAVN
zDHkn?NWN}w`G)`z@d3Yi1rhhJA8Y5B`pV^IxErTrxL2RWc~=u(VtlY34HTtos*kh0
z@jHEQy%@YqA-!AYPM5t;6pihVj0c6NC-ZpLnw`+hhlyT>zN*_K1$Lk&eIgyGNzgS7
z!U#|*lYA4pp-<E}8!=avtCqo3Z|v3a{E2U}&&-O)6@x$KHsZOry}j+WJ$y-p$PHxd
zWybtVee5P7wwS`mz0*8(jHSH(R6&CYw)gy{7?Eds8C<1NfpXf}f#(C1b;Y17G7oI~
z=q7YBuoK(udg|%8seq#`W<NYA-51x*F9F*U<tlu;?{-X1`VYSd*iLGvovCYKjyC*E
z)@b$S75Ze^%{&Bk*2sgKDzH(sG06JVqE8<a-iP<_K&YwU(({27(>Oic#Adk2xk9cj
zE+~YLX`^|L={F$FI40J&%j00)v>6!aN`!q_g=uubTRvV+?NIZ~w)*%dX2{H86#+n&
zPV>YQ4?An4OFH+{?2kM#4WffCH72&!%jP@gU0hg(meZn8&?S+w{|a53tskJlPO*IG
zK?Ux$nDv<v1-&kMO)N9c&|~Nrutr>-xj1K5{xbQtB3a>SOYF*coat!WT6lTr!!hst
zHYvWxc!f!_Oq06Ox5$QfD(E0bq77gkg%~2asB{OK-8%Y&bokiVs0(*DP&CJ`D6TCW
z6!hpAO^CYrt2TkGwvV%OKj2!Dzn^4=TpsUzmI-k<(%$u_cdu^4{?)(Z{(Pa;#(j_M
z)G(+}HlVM={T;(8){0-yD;$Q>6$(KPiDsla?Wznx>ppnv?W7@%NHixZS1WM0KJiGh
zJ3B@7&Y=yZtQJG_QhsnMy4_e@HXNBxPk^Y3L<XdF0^Nw+qx%IxC!IzmKa{o_zV9Bk
zd4R86CJ<vO`cRvgvU#v{P*hS&$T@zue7Gr(95_<KiSQ~jq^S?TV;C6-j+kV-+725}
z2cul{NpgMNNzAJl**-zXy##0(jzwb%@gDNt@z`1lq6-R`$(ob&HwPMQx?R(yI3=4T
zmXS)+GaD{R=ij+|@hMA^Sv54}bA5?yGSGcfnL+~E949^L?r1Ltxk*G;jxplop79;f
zOG1?`&=Pp55O!vQ$H><fqo-%`95MvpVh#}9Ple0<kLf|Iyg0HH$-tMjcMd;rF`L}-
z6reXpPh0#xPpk)FA~W`kADAph|IwWIvVs@6*Zg+R$~LI*Nx+p_IGFo-PRZj;00s5%
zte-wSZ-X0tpa#6yjZS@#9un8$%eyL*5;&T43OXIMXyf=E+-Vz;zNl$u*WK72y$K~d
z&CUIJ+JGbF27o%g$p(y^RQZMO;-NAv<j!84HsD=va+xPp#LS^*O__UIXwL7n32(Fx
z&mWn|&zqJ@(yIf<j<JG}t&;P<V9o7gAwTC>%vNgph_C3C93%83fhE4cw=faRZ@L_6
zeWVOC4JV`rn0y-~r}>qi@Uh4nFKH}&Y}^c_-u1R6uLskVo&&z<q`u0?4e&F}A4lzR
zz0HyHAJ#S8%V{yH)1vdvmm(EWXH5n~Ift_6^6FY}l8VTzJ<etEX67cyU2mZky|mM7
z(W)cJaESRLcH^&WG&?1=BhVLeO(5?T)y7@~fgu|ucD<pGiV;#z1n3Gy_}s!3ZKn!4
zCnC%Wx<nEO?11sBJVN)l%=cx#l3ONVQs~6GBj{F0I8ykdP_SSsH?W#wOB@m=CF@gX
zj>Ys)3Lj2x&%<w@^F*p&O;5@#PF%?|v8lhRX54-QBS|Jo963G4lw0J1Mb+%q9~`pl
z8^j!jGt3upP*h%mnh`48frr`vzeTN}*Q>LsN$72}1KfT8y*_xqnIapa@BoeWR#STy
z^(L!tWAH0h$4_WW^fI^PNEeLO{yK%l^VQYM5~R%7<1tEd&jQ@U0mAlKf6aa>P}FZ@
z{AgqRR(^-Q$jHqnj(}JLtqSj$6U*+HSC_Y$w2@~wN$^OVdflP3%oF%~3t3ZHu|)>A
z4L1r%lt8#=>I^*2Js01nMbcd|0Y+rXF^LbFPn9tj6T>d$;JHT{iB2M5iT2q=&06^G
z{YVewnT7}QYGv37Dvm_^v)=ICL<2=0=x>{UVF#%F=I+3fnUntTq{@6y^|tiI_D(_=
zV^d(7Eo`qhjL^V5n5nBO6OqhCM)g_t>D$)}FF;jB9$xgD6Eh$BWf$`G9IoaHw~=E)
z-t=jLU`?`?QvQ&bXwn5(M^O=#qlg@<9y{;nbcnzh%TZRXal!}OBmp>t3Y$C*Mf2Iz
z?{=)B`Eh(sa!McHl~a}@NNQ2x=@ypMzNKo0$F=5kHAj+Ec~{5m7~3?uo)sE4%9V~7
z@($>U&aw-nAq}os5X45`Q6Hr5hK-E9Fzd()GizEvPpf|R^Jx_QYNH)~oO;s3N8x~l
ze9C2<?Zdiyj&z9>6VXTa94&QhxI%ek^?o2}jj<EGZ8WT3si``ZN0OpOK7)v)r>a4_
z87W_%BVkoASW!{0uV0>ZFzg9#)CUaxV;b1AJ`k(3M6qwiMCldf9*;hVA^Tc!d({>O
z8)jjBXQ2$wl~F2Ys?y2R3LOS}?gCBSOHM)i31t|wqYxEIOu1H_A^VP>5(VF%se;+A
zcjAbrB7K^rlz%2H1X^&&NsycS(<gDCXAK@t5NSF)+ypNh+<RJMq3}t*%Z@IY=qRAj
zMEpP^|9lhGy;SmHJi;;A3Df1vqC#-$Dk+fyQHt5hP(b(hBogXd0ke;hAvO~h8Rm}R
zHegzMmN$z*@O%A-EOf80+s83grD})@o>)2>e=h&%Sa-UW+vhyc>Ca!S`?UHfhTFJy
z!B#BQ5)tma!3pHfI_Vl4uF7%MjNAj5&~3#eP55{}L6d^2J$-)XC``rx!<ikWq=}Na
zN?tI73g-g&SSVZbH`4<jJaaJkV-2K+C#PlSCS$sJ?N=_F;91U^P9K;xY%63Rt5@q@
zJ%_T5yM;)CJBkoA52}q>oU+WtKRd1Bk%Tx^oa53Q@UH{J1cA%L*qL~6CJ{huGE?ax
zov%ZgS`fDqT;G-ypCcJ$LEXbH$}G00b{<$a_o>!(v*76B1+7j+bI+>StJcqttr$3(
zhCTc2tyG`wpEEgBcoe-y5DPG0J`k8fo#osdZ@|Nf@U!~iX|6(kR;x+PKkC+%+Wh9%
zb@G?}sNUJNPX>+6hu;sZdnSPR)duY06lW9s=)B6OQ{btXN19n#KzfeYTFj;d<<a1?
zOEz4e)q#~X==hG3CyB{*Zfxxyo?Z8L>-q<G&J*RQ8akv>2NS^^m6eBk7cM-hVxHZA
ze6h9;Xav!E9+t<9o=y1PUgppYV-LxAzQxBPA4^t2&k4HY0;G{3Uml?Mo1OFGNOWUZ
zQinkKsd(ho?Mmsq-VO~bMe#f=tzH^~`nIPY^^s#UnGb8u55+^l@3m!8#p1SA_>>-$
zH1ss0RsAUC@Z%2xh>n|#U&6z6O<>HCSfX7_4-t)+*mEH+y6tqsNu4k1l**N&1c<iM
z(Rwg}TEbi=ZurLiD&#<0PXu}M91rSA>C(1mX~9<^DePGHXhakbo@O)0_s+NrpDw;@
z=sKB@o|V44e*js%Q5~eCk+kU8sG5s5lY`VIrFvv|^kpD7zxl>BpPx}PelAmMM{WqM
z&3ZQDipLqZ@MJS9ek90hfQ<cBT%E{9U?6vjXjaSkD~GE6{=fq`pVRTp1?8R?Gf%32
zq_{gQ=W#<G=W@#tVu4MMUp`F;AvzJ-MEj6uz~L=9Y_rXm7Y~tM#*uls2vp2Y-OZse
za#ibxA@2{lfud(yy%G;3SEyjsaS8ZfS)H3ngaI2dVS;+%O?$+d&EP*$)^#L3opa1x
zh{i$-Cfx0Dz6U_=(>oN|9!bf>ZU<s<&|I!WGfMp3q5`{i6RV2d_{V@aCQB58mcrd7
zh>%?anhnGDj~AEkmo?T4E<%YB=}-srZo~<4tT$3yVhnZ9+`iAY%(IocVFvhH0)iv?
z_8HX!CtJrC_Di`rym&u6&x@`;M!m<_kcUq2WEBRDd7uKnU48YUIkR0nNhCL~xub_3
zPdIi~7xgkEX(BNYXIP_zN`-vK2=hy7)z{s)#?CQX(SVh`i&m74t$vsHph;5<a&Ng}
z=)x^2CFt6zZlg-OKyf1J78HjQ{BS>BUU;ESGWdwzvH}qzoXdSxc(=+;fkp5^&uHe(
zJa29u6EE-+wc*M{hB)#n{db7N`CyoJFK?eyy&Q=dX%^Pjb)V6jr0`>W>%+vR;?aRt
zs*Kom;PtxU<l8RSXm#E1BlEZ8752nFn<<DW8BQvv2sqiqczAu|dSx>!MZ@$`lIny<
zoRl<79Qh(DA;$4gIPv&}S;O&LmlY*+(>c-vri?(aia5!i2ciiSXR?7W2v+IuCC%a*
zj|oaVJ-4&W!iV)?BMY(ATtnRz+Nf4Zvnl&%1sxr)XsSvA@<mWH+hK1=pe|}vv(lqy
z+&>Kl6c(vMJB{@;vTaA&pA6AsyG;9$2!wc-HVL8Llk?nu=5LUK-o=33_1cp@i{k~O
zJpTc{yqTONhpaPWe&9uF7%^fIVkiBz_Ke9X&$O3T^^Vr!B-gg*c>Y;d&@$dPpnI)X
zlyDyP@MVezOiSyzzjbG&%pXHy*Sq?x#`FD2#rr8;+P32tGeP37$jKVO=P0N+P`qdR
z!OWU1SKtx>CG1}FMmOXdpF#-3|262E(0d*r4i&2_u`3uPOe{7!pWyfElofqA@&4`^
z(8tJKLdvzlV&{QGNZy`}Xn#u=EEFKv87u12Fs~6iw~kAVd45AbY~-ll74s}C((3u%
z6@MBY|L415>DMd%WJ4K2f0fP*rQ*UZfEvY%1m=U0En1$>NoxmYx^gqOG{<sCwW2$4
z^w{<xru+!_^{T(0%Ef}T_|^g`J=>*(?2hXo!*ZN_|0}(Mu2$4~k!^i{|Ju)(ap_Fc
z9+OM89Gs<_LP<>N4(QVD%OB#t_N|BWaLo$bbAwq2yK~P`%aivmjZYPs&RTs$NW5_E
zo{4Z1`&d@&AIuNf2HPRZO`<bTg%ckDB_QecEyV)S{Ty0|l<kQC>&HwtaVWD>X2O!q
zTy~k)PY?~}hwA!wHsmbeM9sJ@g7n@u7Uq9RH!TX7=QvovsoR8(*t63ji8=`JPnqdb
zPh%fKtxBwGwsG_Nzd*~$;%utf)ZpwIF`yheI_5A}i3C%SHgln;Aya*|=v@LFBMfJ*
z-HRqgiqD^DSMC>egR(MyxBpPCuH_k!OC&s0bCqo$qch*+%<)o07^R$o{T5vus&#LB
z><k`>87CqPpYEbBNenrV^5_^jJ&>woM=M42zGaik!<5+C{d)VSsu>|dB+Z<V_^t{u
zFx6!4<R<Uo0=_$*V!1u;0fq(0Qx94p<A9bj(#RnAMN4<opeJ#csPr{zWp8*Pa@YS$
zg?1)F{_-VJKyVrFR<4#W6&=bUSKmfyz4nvwDJ78&0L^>{?=ZTnz#{>fB0JjFP#y0J
zF)S%X9WD8K-~U-9Jj7)3UE7l}d2OufMzadaboIn<?w(J2&3K3Xwn3D@b?yE8ks+6q
zk6iCselN+g1-cw&6q#G#S)UEEJQPSR9izYyok+P{!slJ13!mtlg?~%u%@7@@U2cOG
zwZzk43Y<U-BtFdwZ4g4n7i~9J>oa;>^f)o<=~0k)6ikoGdui22l4MMIh&OVg_%39c
z{;=ql@4ak4sMy?O-f|fN@G&7^+CKT%z#fj17H;)tOAyaea%_yJss}Y)k;`^Yk0sl-
z^UOJJX&xdW*xx#O$>++$OaGh-SGV{W6-(k;$ukB^dMf79s!7d`-%Qaw8x0F4+QS-~
zpevvX$*C@dLY}m@yXOT79-kbimemMSXT{o@u0%S8&ucvD3Wa<Cyk?GPN2`_UwwaDa
zW#n*{cBa*)QJL-67`@i%%J_G~Ag4D_=<6p_qfAn4>7|)?Zk{ka6*Ksn5o?m{o6((<
zcrrj1-P`pi)O>iV9FsI+%-933aX2$!>)K=vX>I)=uE-&~Se4gfupvcB+e9R{Z#_#S
z|HtWXMz98YEwK&2x4oSnM+qi(dqaXaGQQKDp%yh+OVGPy&5{zae5tZ;$nv==6{-*>
zxF&MHGB`xm<o1ds%;}p}G%`~iIA*nxZr(_Q<Z|AJeReAY%nlh?Tw|_-BquUMM?xa!
z)m;flp_u|$>q(_!=O@Sr)T<8)^|46BF<=_>LyN@}w|W4@4#~l(@NpF9jqx3$sOVtV
zMXU4W>=w`gH<h)bvdPMUCeb`V!f!HVsDSX@PTll4qIb3pWMyk|o-i*BxE&zW_X7^x
z7f7J6Rj2pT?@Z1cSEp)~%j2+k{4fX74RwiWyL-vf2AIF#Nv)&~??pvPi0!%5%S6|9
zkp;za4gpdReUD5c-@>Ho%c0<6oXIq^{jE!l9FN&tkE+DM@rvtPoalp^&2KCksg9mL
z!s}>6>^l%wl0Owyj*D?G2M-+xmBe@VT?X>FNw#ot$}o81DNCAMe%Ea50mYK5RUk^w
z6<mX>QR1f)iF>$opjX{}ct1Pgc4f?lttG1UumKeVDj;RWeiw;ii(-SOskjavCB5#A
zA%J`aFXWdk`V)Jx+&MRri%Z@EKlZfoLRnv}799Ec!vX0%Bs9?+uD@iRJ8wn@8u66;
zqUm>3K<2#o8h&8Jshq#twcvowIO&p+`}T`;X<x?#-Ayzp8q+mLtZsbuWhPo|hK7;g
z1)#_i-^1d(gCQiqA7x7Da`9cK)8GfqN$XUy7xibi)fD427am68foSz}d80vn^ze4m
zHRDqmJg(|&&E{M)kbVbjl+s&sUJ7EXjrofVFCaDv$`P(&KwI(+fn@o7$Km7;5Yq+y
z5#uxLuLZvQw)LaEP`+dI`;)m355e=_$pHN|dVPaK-*&Z(Y1?H%9Y<p1Z$~^iv*euP
zkPPT?33l{G>{CYmRJLxIX`XNAs|sEtVGk?KO2Y9Gje06+J4o>PAAeDBVKq!Qnbpij
zr}t!defJBz8i*>By`{FtPY+~Hn_Z98AZBOQ7lvr-q0jxbTWj6M(P)Q4(8$IB@mvtq
zrca<(yF5=*Xn%JGen@f$PbBJe<abs_7*bVK<Ap_O53u#cmk)X!r5d-<kNKa62S$3#
zkO?a&U3&?y$PZh_)lDQpGr<*NQwcRkvlO>vvB73Cx%D)pOrh_0LEI(FxmpNw<A><g
z4mo+f5fuV~DblEmRJwZvu^GAmCPR`KR;x1$?tVhKwhH;$3STt~iH$4&a(=(s#r4d&
zaTf1AFU=^um}n`?y(e6Sq^bQ5mf}yL^b^7MF^B@xTNv_h0BNFT;fmRvUxot>HLJfk
zZzC(A?M>^SeFVWbB)QsHw)eF5HRz<?n<55#x)UjvSt0~d9DG97te*RT$vnF~NzxV=
zbnIl2qRr4~tF`NLyZZ)@eGARBmF~9XHwGr?lh6CmAI=vmHY+nTn>%3AKGLD%dC)fr
z4hArpE^$bdW@#-G#~lBef4lz6`&9dVYIQC~hc#X4ljF?5^(xn+m9;SSATq||;(3!S
za4T!lPrOsR_dz>@l$tjHS03}12ai<gGuI+>OH`yhbq*=iWYnR{xd>B_l?q(s46*`S
z?FiUIn4_0%gogsY60z?IIGdaT2UG_v7W}DyjQM4SUmdp@P<{(bVnrUyl5;4w+7{D$
zk~G>{_QYIxPJD;T!@yaW@A)iNH%*8YT)#_Nb4d~U<RrWp#MAZyEKzQ`VZ1n~tjwDw
zf*oXn8th$o)GOy&#GMAPj~?>~M@)oAz9#s>eqM~l-8#Nz^6+{Y+uG#8IOL?`5+g#?
zmy9&2ylj<fbMby7KB)*JXwpkaZ#E8<`}5SZ`=&C9Uu7zbo9eO?rMTF8nI_cCp@WT~
zw~T_52jiMXT^=&N>b*`wpx_fJexX<)+5NOxOXwD%s1?N>?Ng(g)h}mkN>#|{&+0?c
z_<F+%oovu0WEBktw;9(^{w7W<Tx0R|h(w>*aj7Ax5G|MED-L(+$s2qhy=8b6e(Z`9
zJ-O0}Ykq!{L@DHZIVY#f=KAc4g#)T`^X3R!AC#$Byz4Ch2=ngwNmmwI<|_3ADm5%Y
zb^vmPaVJ+*bOuJ6-SHD&<R3jhH+|=g%CTPXw6t+MrTKY(5@l9;u{@67RYU9svIENN
zmm|_y5eFvCd%V?cJC69|>3Tc~ji$T@?b_GJ>?r&_5z{*JHB)H?;p0H5kA|V}LzLt^
zP0a;wEd5G>8mwS$UujG7{asxqWDfn}Mt7CB5pBhB;&uGGa&r{8Nmw~GC3qgYB!eHg
z^<yi}&mkVson4Bid8BeC)MkXb#CaQ6r6S_KU0p0MK|8v}{EyNJ8K$D)@N1HN_bg4N
zIb*a~u}<!YHE@1J8ETLvO3UrT#kyW0^`Q@MZbuj({)6wKVP<xoVo#UX5R>RwbzicO
z{(D((Xggc4-b-^VwQTR0rgv&5u*tr>Lu;v;3I`E8ckaQCoCVoeC3mQ&-y}>N!Jcgb
z7A@vJd^dYj8^bNQbB39dND?bi>AqYqkKLGIQlnLQFqm1&#RZ$0HbQBZ<Uescs9x^V
zq!XqA5u8`sLKI_<rc-a%Cne7l0-~|&tm;YEi%#2_RK@k-Kkvs3FRjLm>*m<s%O!7(
z$x*jY%(=#X>Kiy+)ub+^kG^v+JcUHcNpwo-v%A*3t6Iqls=bMTn<jm6lNy)w(>0^4
zmiG2P*L9}~Dks}Er(F9_>n3Se@(Y+Z6rErI+2AQFn~H?}1Yam->vVMeS;==c-d)l1
zE15PsSbpCWRY5oG)*z#p=W70^1?5ojAGye6gJ}ic<mhz5z>%?6>uy%w38Fo=<j0q1
zS7ETZ%MYH=_FZb*2SL(}-MMy&BXQ;@DnjPZo}L%=P0qePWW9!76WcpD;AtBxYHMM@
z;@-9W#B1eIpvg|3_GM+GY_f-f5}z<nVY91Lze49w5P|Yd5jZ>3@u|ssC1|lkqAg={
zi+YXZBYA@Mu?J@MRM;0CZLUivKRP(d8=}`K^FK5V>2?Af+xZ0yYh#3)xpSr86VuDb
zTaSyzm;+Y~SSLA}aWtKLo^ukop%4lIepmYQhOE8D{mTLp@Vf*u(mtd=w=+lYN1A%W
z%i=X87nO(Io@^{^yF+hyS%e0Rnk5Rhe+k*~w0chP3Lp$Dcpf=fo-6DUADL2<x0s^O
zpM7RP(LA)DzY79`_px+aqi$nvdwyDM91-N6zp-yv*vVbA!N$RAN>yU>^|JN^H1{tf
zsG~4)9=A47MxdTcgxA7)43P5VNG|aF)efWQPuxCpqd%7jj)S9>IJ}jjlSfe~=tK|j
zv&`<;(I*586bu5ohm+CRY!2C=E$EZhOAG7HiWg7Vy<~;{%yRV-Ix0b?r+S{N&?aJg
zdx+D-x6Upat#>v;Pzkcd<$xf-B}Z%Q^z0C>X8AqI-lfzVHZJgb{U(~$j?uVVayQG~
z5>pbGB5y$wW@@o-N|B2jg}I{rvB3imKcdW#xn->(hrb#DCd6CyXHmA}JBz)}O1z?0
zCCapQ$g}xd1={5QclKnjgEe=47c6DvyvE9b`Ill9;(wt1SMo&pUkQ)`zkjAxWZwRB
z6Ep7JKXWVOF#mEEApFZ-iuF%LD*C^j&>kXjc5=GRq=DEw|9Y4Q3=R%H^1bq7q{aXE
zaU#JgAp!j3A~AJaU5`6PvwP~o|KrI2<LUlCzdpzb0k_`u#Nm0X^gv`Q@P`dwjS#cS
zq!vV;?N7bKspz+@bP^KIQ@SNW9{9gPRKNbYW?yJ1=dm}#Td=AR>-gqEktSdEC1*^!
zF9GcI#h5u{e^p~o8nS$O64pTlR{^G|iO5a0U7$G_<J$OQxXpk%!lde}9K6yKc@AD<
zFbw=22KaJhxLn`$;4)duV&*QKCOnr2>4!d)aJqjhJs_Eh3EP|f>vy%H^foL8DHP=c
ze8-wvE@^Sq@ZB@u8#$V2^`(~W&n?H?qC?ITdBu%>eas(G<sUdYTuh>_x_+_Y(i=Pm
zu`7v{CC7LYHJ(gSibeVM@<`KeE~4hH4x8WS0qJS_7Z}2Ps`lw?#iRMlwGxG)u4Lv>
zs9mP6n;Cics#<hpxv4l$g9H9dE>$fABhYLYWCk-q16r=*Ex~;Q$^55?FS_c11k$Lg
z=URibXj8if*m8%U#JrOEh%y2=-8`(!Uu3H$qM}K=RnzT7y#dBn*w!{8Z9<5<Vu%;*
z!0rylH7x_3Xz)t#U4<?d7WM}X?q(wX3J(vONlim$E)Qm8%ZNf36&SBr1irCHr=qs(
zy$y(tK*CuX<^#oTxP_-y*h#>KZ$^2C-->~*Xg;Fm?l<LuQp6g*{Iha-#5g}&BEHG6
zrkhZT<A&+d{9ssZ(CwgFNiswXvrXm<%r1c*FYRjhS>fyse1feXlq?|yRAThInIze8
zj~wEp*ET=CKdEQ+Oe&$KiMS4Xt$j3~J<e_@bR2{(hB*dtMdzkfVC9rZ5IC@DI0qs%
z)X4ApdsM#!1i0f8VfWF{F`#YKzk}&;taAs9vf#5qys;8fa#XInjLQAx3Y+DCMCRba
zZpyi8mJT>IWxrA8psF%x-bn^83BgN7b9QXVZLI#wyBwBI_?8HAJORo2nS?H5hfvGy
z&kU<dX|V$32rzx7G_zqBl72};b?R6#o!NV~tawPbrXBx%=;Gfp7r;M57it$x`;S7c
zeo!}7djzS0C4=?_O!5O&4XnmxzojI3*Saqx=?_|~DfmR`39#g9SZU!$*$p<qa8PIc
zOHyCqWTzrf{qv^GwbBCxQ!g-i+;ZM6@!{lo>#%iqmiJWO@{b?2F^yJkuvE$P5L#_5
zuMN39`>o6(0zAtcez{#}AMulNzSiL!SXIuqzrIt@-Ip#u<O`VD^hu38KhUn+{QeE>
zhFnABkkev{_C?xw<-v45>*PesoJR|J__sb!hH<9MFjLaENDo>rsu&+0dEM3ZLHM?_
zr%!F)KMvX01{7AHQ!}9sk9`wvhpsl0imI;rbu;XK$`0_;rT4J~MT8_lQUGTJ%KS$X
zruR+rI?Ro8e)a7nlDWLt`?-^m#yTVwefnO^X|2+|58=JD8tTSQ%g0A#&cjbO<-Z>b
z=&**_rq0c(=3LD62U47mDDfw2zFi8Ow_Kca6iw-e3MUvy*@V*Yb78a?IkbKBn5its
zCMBxhG6$SU`Ov9IrGqzle(Va;+)OkLrP)`RiU>6}3@2|@Z}Ox$>ORtnpKD@0?rkV`
z^x8i9c^{eM{*29Zab(sNrbEr>Ta8qx=PP{XhNKoUZS;g)k=JO-URC{xDdg;r`aFb2
z*(KZt45wfmMoDq90l7H3n0<BOse{=Uq@AtUdO(J7uRHBRVHy?cy=XiYN@l2=>uBq_
zCTY;aL$!TXsp6AhI&)zTf9ZxdKOg1~qYQh-IvxY<v8@bWUWCvw<Kp4N!e;HS)H5d4
zm4q_k%>xaY3dj}e{Iv*WUkrbU)xMRCA=pmRHsZz=VHR^rg3r~;Dn$-?H?4VT2r1C7
z4gmH}UdYx=P#26agVDEb)WaM`7|mb}=&Lk>P#%%G?>gq9xxWQLJ=%Wc<?;z@yC;RC
zLy!p42S=X~Ii@x=Q&WA^E#i{j=%$f*PDtcv$%%QNOhaajlf-S4;M*H3#1g{Bb$(C`
zIje<n*}@nyiN?u8KZkP$R}O`^E9v_tJpzOQZ2`KPPBxC!jURlA4pYosQz>&j@W3d(
z;cGMHhNF-SahWesWt*Q3Y4qmS@xBZ)<a2d9af82h+w<nT^K)jQYm+`v;pJc-FGZ8n
zFdUt1ov7*Y!;)$&qsj%^cdOIm%N{Qb7nLhAdW>Q&7eqW|%<Jv16|jxfz5UyoAAx9H
zF(1TUS;z$NYB(Qy7=P#CJGR1lu!Q(9OZ@|$n~8ur!2!<y7(gILLhWWH+CZ72P?+XM
zrf_+7Y>Q)o%Vb<LS&N%;w;)3VR<O7m&R150Y`h53t+B30kTI`uk&B+!L|UJLZ{&V4
zd3DW**Lk4J0r~SUsJC0a=ZNmN@ty@Ix&h9oJ3h*7!i>;?D?MQ`*v!tHMgy-cexnJJ
z?p|`xA!$q-;)lt5NV<V~lMT{6$L@Bg9;zXu12<p{biv8Up{;1lMvd!V)o1D|AN4s2
z<0ACEJ!?q#QOcBF+ORBjOB&n&W19Wqc~f-?&Fz@I-{Q@CB&lXP@{81&Bgtp0;BV)l
zy~Q=uQ$A5XXA>5h8@&AiA(G;PVnVP_B#M(CoOa&n-}n0G*7v!4`J~LB@)=ehU6rNL
zc%5ny#eA09h?L7Y`5CmbW4sEo+V((oso#`{<e?U5f-aZnIz@~~@r=3y7%4>VHL)lQ
z@o~2@se903gop%{;UZ`JO_zT3IWvJ2Bq*4*jyk23PEQnw9yarMaHP-9=_mPqN~gz|
z|3E|k{L-lMa9B1!w!zJzIJ>}z+#2I=OZ9l_hnU&ploP$9A;!^9xhN7CrVy2KMhOhh
zHO#Lxyz$D447^<5zAgC<q@j^7(zWkN{0Ve<g+q5d7W7PM!^jaDej^_aA0oJE7k%3c
z0rBA?Wq*Nqv9Rbl(NF}{#0A4qZo?r}8*;zh#IP%^pdSJ5^=jDpGC>!2Wy;&(boC2m
z68B~anoc<mykFFmqr~c<N@$2tH+-+Ja^$DU2G}br`>AlqU!{QRnjt@iK*T~$SGO|t
zot&TDEA6@}@D`VzN}|P)$%kJtDP>IS7p%>v_VH8pbGi7%E*nT|#<;>N<mo|zQ$A(C
zWr!quTBGN`;UX_N-+uk21kx<*L=S;GWHK_4<7s@dy^q%a!~Qle?$C-#0sX0<dhjnI
zf3ixKuMa)prU-0Isc3*4RFK%nU;Uldc>O<e@};+oSENDdo&-TTj3Ybew@|?29}2Fu
zj79tZR$=}aY}k`Zr^<C58L#?=PjVhbAxu(AIbm5O+n!O;5bej02IKqQHCl&3cxNLY
z4~iJG0i%@yex=z=O9}A+lAY$PbY#lH-)k?V?eok@+`T}ZLSCQaPbjzkWh)*Kn9g#^
z|B9!2XC!l;U&F27eM2ta5x_d5#|=`LnTs)AI+wF&&_l9$rc~vl09`i?*C?R0I>@**
zZtVRgTsrha)@(B6<r)&NGCu2{BEIujz@A32GD;vcbwbO;g3#{nYgcDGh<Uugg6b$<
zY0s+64=8-0gJlPYhxAbr9Uu(M&h@c!ZA8ZI#}+$LGv~8@I{G$7?G@v%iKN$t6j>Z3
z>P3N~7b%(xpGQ?X$4~i=Inv{lXYK8`-FLSVxf?7+1HXJqqK)lE2+r4Wi0E87I!$};
zcyXX|rp7Skkz^C#Un+UpUg-!z;sx97S0AhIs)3Tx&e!woP49a1CvOQ39i&F?u8V7y
zsC1l>^+jdevSFrmT~)SENNxU@(fgtKh+zts51%_-@lVxIBF2&>FOtK--fi^S2kRyO
zVAt(s2cLfyd@mJk>p$d`7uYnCR!qNYdZd*O$LH<iI@b{RjB^<D=Fm}ARs|-}Ic4tx
zQ2GkW&l!xWsAbqryZrtwDa4|+xFInqPwJqOY0v@Jh9;<;99K=v#+Xkr_gss-m#_fW
zXmIjZB88Z9DROi0q!ZK6Z^dZ@gOc@(I4&xwavMx#$b!b&(W71)y|v-ojSbg-%&+kf
z7zT&Or1fLuN9W0fDLRA1>+F&%C5~|W08Y%#{FJ=^8Es=r^cki;kn%V*D}L;<&$hE_
zUyjU`VO{wg@{Dqu*C@`Brr~)jA|2juPgbE(U?=LLnMf2Mj$57QB#(E%bVF_<$rjMr
z5#coV#>NTm0Lr9hfxTXpV72Wr3<_w_c#!l)%f_LYL(ddo&{v}Pf0AwV2yT_|*#YwF
zI=K>Dmvp=|J@Y-h-tisJr>BO8_ooxCGNI|QBz}X<<FJi+Gqj9p)jP!WZf`bZSux-B
zviU#<*tC;#goQFb<0%i2>y^4`uIdMt-0!iV$m<d~#{eQN+wmk=Q#R$a5`Hllgf%93
zn}dNWeErj`gDGvypS=Wvdp_K(*`sSF66{xQ&Yw748-Yh1kFI<_{DQH-&2s!xZ_r!)
zIuC!F63VNYc#G8dz)10D3^X5mKmqxp`ksj=L-`HdgH&EW)IHYUd|4Rsffi2rQ5bZY
zF9je~x)a$cdf{#vWzd)RpE64g8b~;(!mQZqWl;1rv)LcD>?mdM8%y`(QM&Uh-Fxn=
zld(Q`m0UDmzh&qBvv(1p6gLCwCI3DGafD_(A$NY;ukWjrMY>noodA8AM9mC1!oq3E
zkiIUWM#nD$BM?4~l7{8ydJVr{8u{1#NGc%d^gF`&jE@!CTkSyQ^A3_w<a=Hm^yn4G
zPe(r;#+dj&U0xWeVRvh9=Z8M3H}D$TP5nwpMike9v92OeRh{m#9wc}a^0)Q>U;u5n
z4fz4ivM8Pn>(cG+@<xSxGwiLi3(009Kz&cb2{*J#hyQI<VuKQRo_Y`ea*|zQ;RuM%
zIb+Mnil<G7;n@zHC>|)KUtwasP$@vq_-fu}le{Kz{x_KUr8rH(4_QAU<oVEqT7a0S
zY}||ffGfZC{?jk_No4+_7NL>D|D?wv&U>HfL~fI^Z8+DhJVACy2HAIaN%D07X(@yv
z%f)+k2B=<uHZufl5>V_qFd{`2Gp9j$xvmQU{udq`hYJQ*Z@~!UbP{PJF*I0a{jNre
zCQyn5YF^dw{JD~#_9TgT_}HVjJE4@`Lh`(kiqWIoaNLNTrFj4^JTBu<ZXC$zL5--2
zRHPhUMKS9->x3xlF4p%5U<A}iezSk{NeY4$aPQ>EnG7pgglgV$VW@+6NWXC?ht|zG
zpO51g0F>iAwcj<g{khOnE<aTaIz-DGpLvQ4AT`6#{N~JO5Z37Ma#7IA^5Tn!F%4dw
zD(m%19N>?IGt^^ZQ15Xcj3DhqPZjTgl#VWxv@LI<G92eb^MBwJ!vWm&xg(U(<a0FD
znAH}QIEbE(mE_;$*oT98i}9Lw$rH9!4ZF$5<>LdKe%Jrf+S)f#@6h32@qjS40V#6M
zGXzUXo)w}UUU_Gi{8{|4X_%pQzKQqb0$E2=E1YC5RhwUJMbTw27cRTp^zi-=wfg?V
zok^BP%R1_i!i3=8JV2eJCU6`LFIdmP61upgX3iCTLqjT#)is~_8*>_*7|7CvF3NGt
z2_C0x_cLA^76x{xOZw)Ssy3r9=oTZUQ8)nC+uQ2Y`Xq>g1<A^Ux-&0;i3?g>-p5{w
zlEP=mOS)J~pK~&gin+RVdAb+viqj=Wl)&|vwtRIpGPeZA5f}?luee;_(krpWJ)F^C
z_O*s~Hum}l;aw>RAVF$suH5$7*jCFp#CQyFqwrkZ`dyd3!2gB2;u`cCQH$A)e&U>`
zMv%!GKS3^PBqN`87d)|!G<4>|P{bvdY*b(}tURW8z*CqVOQ4!{+hEJV0~P^;y(O*;
z_xm~^>=6*ZQ1))4wO!1Pah#no9!P!DcD6Jiz}-u6fdgB4hqRX<-69L#z-xP2v}|J$
zxOs4y23{x`pgfPbnekBVFRl)H;jGLXC9+}Ki=erx5mSyixvusc4ae_%Ap(S@9fhHD
z&%m*l4Z_Vh$`y&>&F`W9hgawJY73J0&Fn;*M}SClJKVVzA8o(*)|PEImz)rTU^7j_
zu90Is+t=`Yxk9TS@+bGr)+M0Q9PY7?LA<@54x(GnkE$UId#aT7SAR+_IHEx$V1aCi
zZu;Igl{nYqM8KL$x3{r&>W<7FJu3H^hYtA>{lkgcJ($TGPU3IyDn7vi@4<(@2=NaP
zwFn3ZRZUq`_c;Lv{bg$@HG;CyF6AZ;hOZt+QSyPjv?3i2aSf1&`K5rH3sOX%iZSW)
zN-6y~!D}Be4f4N(*9(n*1FzwGU7{SZvHSS{1-#~Rv%qhd<Qnz*^e|<9AOI$+P>6UY
z{SAF!YYWGL{|USHg({cBGh5Kt>#xz!g?Fix=Yz&PN%+NZjhxa5enCCsMd-cRibn(;
z{egLUQ8b#jMH<L)zAUcG*EIE=)~oXU!1d8PxZSH$^h}#rx$nUm8<EHN7C34SXDQ~~
zbTgf)L1OMz0ns7xdP)8?@H_e#1NO>U-fcvfpf<^Tp!fcH%kW*$;0SSUg7%$z2z>e!
zvEqJtpRa3&{!yn>?@M_w*Ld(l)!}5}$Vu&##6q00Fg^C87Q}Jp<a#BZc{6yYcUfGS
zy~dUh+xKxFv1tqCNRTwZ1u)J;`jjm8ndY94V07L=q*Ai1<aT1qbvhzsP1<)<TH-bt
z6K+*F+$Z<1uj~W@&iMFmTqM?muPvR2l0W|pmX-|LdRs!zA7ax8-**1sm?BoVwswp*
z@Q8so5gJ0D6<)|cI#B8!>K<?v?A79}Qf&)jmJGj<d6SnvjoEEq3_P`4!#gXPKnB(A
zNNx-V1GJ!JoE+YM+C=<Lxgy_EkE|7Jrue4em$tEVn<#4ZP;esweFUVB((>C)GwCEs
zk4m2#KWD0B-BC5SpdPlYg1ouS-H8NA9TDM@lV)&OtWC8@kArnYi+d>ES851hdrz$<
z(n9VCb{m(_Tcfl1Gca8&JxvWq7fS4UFIx)MhAU;~72-xM`tc46o8XK2Y?r>VXd)Hv
zY(}cLM^z}T+;m+%yt*Dqt%RP<tg&jii~1mu+rXX=>^IomM+?^=Gw5GG_YKZm$D8K8
z&NzgKQv(aOVdhO0ZWqKknN%aY8HHg`xHbb7iS`gP=?Q+WVgfQfVN!xUafL=xu|{KE
z9-1-P1C3)J4D6a+hS{pK#Sr{h*-?}l%UK8nMEO|J%cqm=X=JI_e$DCWG3xuiC_Uva
z#}Io-Ntk${bk7(Kh9%M+iaE7Ik<K6PWdDAj>^o{Pg>j4A&{DuXCTg$2e{*6dQSJ=4
zR-bJg>ydS;?+5huxdU=!4AM-$YMan~{QbwN1Ol4a8`xWHc|Ke^Bp}ThHNo%mD@2FY
zkjA(Wnizdn?5|pj=_a3Diiw3qXAtWvi&o4Tcf#a?mfYB3l#)oE`{h{!TghZ`FQJDk
z=_y2}#**51^TW5l<U#<2w>omJ2V~ivlzZ>*l)gkq0}Ctxk9YyY%!b+55%a-)LMioV
ztrF%6nJ4ZM7>^5fyM}IB6b#wAj;{>b+qz$)u5lD;TKk{l9YCz}KR7POk2;ZdOjy6}
zuwgY$M_kGyOYp=0DnpYPP&h(<kF&91f3L;Cw<0Wi4PlUj>nHMc5_Qh)uQH@UPbCPX
zo`Tue%K+bz7GEi~$4}gA;<<@MN0PCHwyaohtVg$^vGrY}E0gbOIDvZy>Z%5ES&m!E
z*|2<H78n-Y7UHH9y-4v8K7Bc&lW_3I@1rCBOx~;6Z#y)z6(9}`S%%A4(xo$ZhD||`
zWEq{hXZl>|UnUQI*o{%&eA-R<&iTV9N%&+rtPP;99*c&qF@h~ZP?$cEdKZkHCW-mS
z7W))*E0WLsp?W&NJ9y!jQQ*o<U>12Dd>yy>AN6T0{9aOC8YWr^qc|83vt;;J-kJoQ
zk(y+kz>G}{ES!k-tmH^?(9?Mc!*=Al&COc70=F#6C>?qRBj-ioTP<T!C)DubN28=5
zvq7LIypCJ&!^^#=QqTf;Zc~o5I_RTN0C$t%rUyqvnWE5ujz66nq#YrB&yP7Qs|O+?
zt^QIKaurX4{kriS1^@kj@%GkHac%9IF9CwPy9Njj!QDN0&>+EryX(T;-Q6X)yA#|c
zxNC6NTRZ#gbH47|W1RkO_qgjX3RcZEs%kRlTkCnA-^;VGy(={%c05xparVUCa;&4}
z=P1pB;>cq4h^r%aeerAM{h~_Uw;tuA_%Cg>V`_2zgWRy5knU@qea9gr)j->b!j^&S
zoK)`0!ZT~Y-T<iIjzI7Cf`u2W%8wT759M}C4%QFLs){A|_p2dKLXU+fAx|ptSd5*;
z8FmPxJ1$C8uEbd#dzD`rT&(xd?>{L&RLmshsPbd^kyXi^tcMO#?+GR~6Hw54t_lb~
zc!)Y!{}BM~%kk10D+mPuV~I*_zZvrc8OaH4zwKs&s6D-f)~k3b%Gmr51|qXk1e|kW
zj^;(LUd{u1A^ZJ_m1zq23BgIqM6;W(7elC|6h)JRGO2VJiHY3{GW>^PO>{qRctVCr
zgzZe%?inRN(~CeJ<2&D9PAK@}xlh$y(cWsw|CUee-#aYHJpaA}gm??Qv>rPBE&o0I
zy4D9RBxbk%dtbLi=YEz6`f9$WBq#1sdYEKEY}+&6wd(&R7$L{NSh!GPL6<vnT6pwa
z#l^$rXXSCPA#WE35R?eAB6{jDhn_i89FQXai=;R5-t~UB^hVs`j;Ao~FPX_Ik=ql1
zg=5qe9;&MtLCLRB_XRbgNns(&h3@@NsV+-|hggz7um^3*FE9xk1@)oO*Yx++AypcF
z5cabcks$g50hugv3JnI%r6TjgU{_Jzuu#Z<C&CR}Kq7zoqo@7hkN<BAYX2V;uv1AB
zD=VuG^#1=ye#@fZ;=1bY10ZQmNohI*_%ChFeBsCH!h^jF``^moe+ho6Y&tHR@B0^S
ze=j=^?hk^rmp?~sAV#?7`~6nbWQu<TLDsU*NaN15OfvuIf+q90@Z-)b|MCmfmSrD}
zo`1&32mWoT@xX`8`E=!p8~FG2$p6LL2mGHYod1gv|Gfc0{C&{zFPiB;BO?E`)0e9_
zT{nH1OoRV6Uv}!8a2nRp!OzOhPR7Sa=;L$8aTyUFp8ewo5<E78sEf<JXT?Z`{vVD&
zZrZf6vafy+Y`}NEFHW?fW)2@mM|z@IGFRR+K$i~FC>U7#$rSjk8Hxi|s%^$EEgQu(
zx#hz?L@K;Bc4I?R=BL)4R46xPAB9ZikwW`kne9PY5otYpSAilSRWDLIM;5x=A}AwF
zkSdPZg~2$VIP4zP2C+MVru2;;c;yWY3fiq|aX6fQ(j+cHT3ubW%gApT9oQKC`(tk$
zWPAC*YX5_s$88Ic9U2LN{#E)7MB6T)^}e1oV)UyQ4@iFoKX5Bm&{Tzz^&+Zay=$FU
zYPYmoY^)C<-1>f5^BLJ*5!H_GDRx9LFcuCI;eta^R36`r)eXl1k63qO#plxa-B}mi
z4U<fJ>s{KHpkKc<o8@ZRI9dM4-c!F(-{luqAt)S1e+8l$!P94#)dN4J!2su{)Q;Uc
zs-bYLFdU$c;umg)xU43%OB)BaLU}Bt3l_d|6alGl>LX@-SGnr4SeI~iOr+~|bJ??+
z6go+8)4{o)hklO5uG1b?t7Vt>P<9HeMMK#C5c*8P$0%$ZKxnD&g|fTno^;&!S<%@X
zcKC#EixIfcRQ&-{&n?esE)oG#snWpy@C1<nW5wnA9VZ_*lte>SmBQB$q^&|#do)LL
z2fCX{D=MK2I5y|s9ot!5dxdfzv9V7)q8+Q0E32sbz_{l|-xDNn(HEmS4!e;k*&|0M
z1o0-p<VSv`7Ti4~uo6)TfM`kgz4(1N)^1tgDFVEY;D>K+F1$F@vc&wzP>urh_kP)U
z&E5Pyl2t(oy=OF%$cM7|rPS|B(h@;BZt7q9{K4&konky-;NleJpk1QvxAH7}phXs(
z7<m)lGC4C36#+y0;8ucOk5Rye@{Wc0y9#n?dBMjr=IpK=VU-j_8j!(A^wJ^3n}=e#
z3HT*?%^W;wigqChSD~M2M1zrxs8FvGa(?WsL!-9Mu%MYI(gBmm5Cp+@(fn};+h-vl
zWcQI)`B^?GF349affu2vPSoGf&pm~}sG!(v#J8D5zHP!MG#0MzCtoU3yaw$gxvyc4
z(0hr1;vkqy5F_W}V)D>o2HEt?wrg{m6p*13@XnKcL=)V0RSdXyNl-8117q!22arn~
zD0c*P_!|3-Dt%>tA$9zaIE`^z`yI@Iovl#r?jEoxu8IhEiE!ESrGKA9cg?F&{gv(}
z8)}camhYc=MmP)6I`&RhmGl~qIzIW^v`UWj>7}E5j*{sPk$`sMJG`$^0F2kPjV5Bv
z^+hpij%KO?Ia-B?zfeh$W}YG(2h9T;s<GZMTeprDMA`^g##kVcCz725o}}LN2ecxw
z*`E}9ROn|@l9=Zj<!7I2^MA78-F>*wVCqx**}fR;oIOzJOS%r}>NL616h9BDp$dYQ
z?D=ZeJ|s5wF+kgAFhGA_1z5|bDZpJ!6VwA9n8Fhdm1Nt#s2z1Wk0oAQfZjc6Me>`=
zGEo!yPfs}g^u9I`5Eq5uS>25l1MQYqd<(YtcC`uy7Z&6btgm@hZ<oe-(0oi$DP!F!
ze;Y_nNwD3trq3<lLussd%ch1PlBi^9!LyT{=q^`b{Ky2;#()EAT9IloxU}Y>vD88}
zRrDwq)Vcz_Q3f?+Eq2<_6P?PzW9!#x^U6=C>kwa4Fjb}}?WmhViyV|f_>`)m23__m
zv8hK}+)h5y*SPZ09&MVde4Yv{RiZs{t6dS{mzy=#7k3J|VgKs(+3~V|k@CSh;jF_p
z36U+*rTWE_F%GDc8|-Y04!igz&cZDFP&;M;J8JOV+~)h=>*%r*IdqG=E#jUqvB2F7
z%N6+UvF{C2{ahDKkAc`Tt20+(plTQsZGc({)z`R$FkxbAlQdUE%J{>Ygq(8Opf+ER
z15wG^1WgiSJ5wF~W;YK|kFe3wEl;f|zL)S#ly~ibcwCq-!5Jew>tu*8P5$PhoqQR*
zr6ogkDJzG{<I9KlI)JST9{)O4Wzh7HscA;b%DTSGnvDVenBlgZ+N;Gi@OJi=@b)C|
zI{4N!!Isio-4Z$XBJ>}dbfcU<iEI?%Ejt8)5@Yc-x>TSGh)C4+BPNipY-QoY;1e<+
zgWkMz?4XkB@{sji`s`@Y(6WlhP4ru=S73>_e-0fNf+>Pqu{5oM-b8>D9t-^qZ&|+G
z_fO{QMl?!?*$ed{yY)gzW!T3(q`DJy65JW@+>&6PRow0(Ci{dXd&dggU8Fd;X=@Lo
z$=i+XQY_g%)((<43JREJl!(T-HRbaFUyki}T8-7D+6$YNrIYJ_ogh5~+DMo2>flZ5
zYLQlE5o9<RG~-<dA0o1>G#AnW4Jnp<jkOiV9teLslUBJ=Y3#2HKGIfa3qvX^>+pY`
zCX9C<R#4TXyX%s6?quKJU+K#TEy$Ui9;<gFS?~W94X-Qka4ejb`~wox4)}<D#bn$J
z>aB@%X-E65;$wiAbQPX_`}fJ!GW9}IXf7w(@<bX%o)Qjia^F;UAB5)bbs;2Q&8Xu#
zMHM0fz8^%VCHd8Sq75xu8Oa^_DUs<QQq#cBNihBFp*6R>CpeL>w^~~6fw6m(Jssv4
zV}yC!s{Wes-EZkx@Ofo6gA_ol#X4TqooF8T&=3M|gxO!^a++z$j{hCU*I40|j`geW
zl?CD`+TXQK3pE~fmr;a(FMlIgK=Yciq;o2J9*OZVPfUWYKfd*t@N0zcO84Z|WW4S{
z^Q}sXw2^mn*Ur^1^$3sJVronjSIya*#NqfKe)LU>&WuWo4L{R?D1yU*Ur2|i<9wG)
zW_Qa7Lu1%)lne4Lc@334`P?{{3Wf^hqz;9=!8H6;l&7G?^?MN=RD_uX#s>4uC`;Pa
z{`RVk+mWmYqU#ObG>BUNzyI+M*d+xrj4BRs-y-(t4jYrtoC^*l_Jt6~Yx(}E1x;>K
z8q_X;wS<y5w@Ob3542VDI6r#>gFJ%tGpZ7#TCRUi3=SqjGw9ZUD?2<qyldsQBRo1f
zs<PSa(ZKz$!V?*lI(_YoXpdP5`N~fz>1+Rg7MTA{efeMgcm5kM+dp-g=>IKq+}{KK
z<$wFXJL11LAn<2L2W{&Azd7#y{_^n8YX<SJ{;h&}ig2T+ISzX&x(X*v+4t1h=)h+(
z(%y)QIsT%OX}mMxPUh(gIRUJj#SXtCaQ(u;|5j;ruu$2P*L~Oe2|3&R_oCVw)bC#u
zLy;{!wf7y5fHf!f^BV~V`Q_=TcX06czvl0$w^ur+D=s1}_9xaj37*ooTVsd8RWp;s
zTk4?2qS!MXlaBd-qeQU$L-Onn9{VP~yH>ANY{l1odzjaU4EQm6D*3Gis^0TG^ASCS
zb{3;G4v386@-tzlhNsO{^#<Zs02o*&n*msJT+ab%^tBrHEzuE@Y*4V~kFDsXY(k{I
z6K%>8)Z5Aprk>zQ;J$yqSN(1p52Fxr<?LvMb$>xuU-p4XXZ5wV1hH_ltg7t^lP0d#
z=Gm*EkkS<8nD_0<{2-2aOz4Xt=k!c$_3q(&Nh1T9sh1TsLgSA9$Xe!m^{gKR(m@%;
z0Nopw`-F4ek|SaFkwQKNl|d^PZi(~5Qx5Ljnb*VV*Yfpa!Q<ekoH`w)xH=|*TAU@@
z;bmq~0_+xb%pPLz`N16ncCA@@k;>l0`lyv@X7{ti3S!V5)6hGHCoeXaDJ6oZF>wEt
z-)1Y}=4uxj1%yFI{kA(8j`8z1@mB`e!0l<L_v2#!Vm&q5X0PD&4$-r_2QR<m6D{hh
zE-xYqpM_}gb6pE^H%<2C7utrxQTKDam6?MRB1rMas>(~~a(6HNm#-jCjZNcyFBc5+
z9K;M0!3mMLt|8ePy8v88v4*h(ba}#l%sOxQ%W`atO(*R=iQC5AoZ@VPn!$bw0LGip
z4!Mjj!gO#VW+?&F1Drt6Kxx@Tjs|cs63UOge{6BH-O4BAxx3assHduu(`&MGc>ENf
zzrI{blj1UpG%|RSGyFDCnFf7+VICIa7Pq_FY6LHITS%ABUC<e1yEVi`0H+nKEiWNL
zgpwWU@@+h<##~_Iu61Hl^cyQXP_E;fWZ*aHx(kOyC=jKqdou7;NhcJDkzVPT*Fg&@
z&zFQ?kXz|{`f_nk^1D*h0RY)S`3%!<DZfO5k^oos=WA3+3QKIr_=EUWFU7nzSniD6
zQ%3~vzK}}J34~T0E5|S|@bzyvJKo=TL8oRc^n*mfzdd*Zz2UXZ0Bq|>s!gsDn21jf
z(+@WN1-Qe6V-wC-3cE;zY?*XTtRw8)$@I|cY90S-BHu@=IwVL^sZr;iV;%0wX3<_o
z4APqj&K3SMaqBA^9)7;Hu!A8K2c%%}A1*ZA@)<!LuV}|3e&@H#QN25+UmU$W(T-_*
zFTAEc83scc_b#mK19ulrvtf7QR3_C%GfL$$2sV{v0wIobJ34A2KKzNMu^W?2`GulF
zRD6<Cp@H87=EK|wE#(K`ZD%U{^ky^419n}Y@x%-`c|W0j)$ssN+a1_0UO6^-$i=)_
zJ#~9En?bYqY{wYCz4+E`uN1X&e3%*ds&c|mD&Bj<_E7^j5D=;!TSHquNniY~O>Up9
z-9Z4XmWu^D$nF_q+jKG9Gz5_Rj1J^W+b7lhHNMW)W!L9pW}2MOjdncG*n4};bjMw{
zu!+2zBxa!UD@eGS<_@+k4wwBZ!@)xLvbD11j(RYq_TIUA3?EvwJ+5xC#WqAue(!e$
z_D_XD3f{Y46u`q-@vcU3GLxGg$_<%dKoMUc$Gi!j&<7;SGa973ydz0^eqQp1!{9nu
z>~Bv4{o8}ey+6&=<!*a62}HBh?-Zx`zw3lXgq#{BpSq-JbqY|ig?e%ep3Dqfc((kF
zOA33bJf374yFl!GdLDxlHd8{FE~x1TBHT~|L&t$_1y6zb3dmBVdHu?E?6FnyZ4t`_
z?N>Ab0W`|UP6`_@C7+Ci>yPV+bZ7QTtEGMR)_T;h$NjD*{2(|~UxT${a}@NMr_E&p
za%6ZH{KOl4Y@|HHOuz(a1!%91lKs_Sg&wuUiIWFa?RAD++(ssBpZnxtOl{s5GSYj=
zTLb(-DtQJe?Wa^5#f{S&JPkDJuQ!E$uZGM0L&HL|z0Rn#VVLpntcW<bh$XHv*mvzp
z_tTa!j(r73$-v?07}tyv;TMl^JKMbitgh-U**O`%NjxB%9N1)0^%xjbZT>X5Uh0rg
zu_t~6?|-EhKEpTHUwJZKKwh+L_Xc`pr;U9aUe$fkY;{uZ`;!(6vpmD{B>RYUHIQZ&
zy^0s~wKYFnIxmD-auNe0n9#379|Ogq&JR!RJZNOmaiZ?}o0mB|q`%woK5`8r1z)XZ
zF>FMuW4UI9&TYQ5fvLZ`;2tvWW;69G4<v9uAD<$XFLyxUYkseh6+1w_1c31mxl16!
z_(9HAPlz&M@VFLioEK86LD{#8)Bb_#ffSeajuL#yS86BR{vcOpDkM)^)aBdAjcqlo
zk=|uteX(sb1G?OOsO-vS)WplH#f)c+wb`%%RW)>{=Sp}JSt;?&nJI-ZsJ?IUvmXx<
zWYnk*&r6xXk9_1#Xy2fn2!Jnn&#oo5Ea69fx|<b+l5J+}p<pwAQGeXqPc1PrejEpD
z<_}i3h;2)-KC%Z7{9u*cPZ9qj9M+S-(B@dP&Qd<Dn_&?1xI{6_3PIT{^uhPAUk8$k
zFO;>U?aKH<+Ew85agu@gmg8*bz~tAgS#r~Tw0xQ4QjPL5F@0?*A7FCH2Le6O)a_`J
zq<MdkYb&#H-Eq=l@at~7<mx@n8b;2<5*tiCm7w&^XrmLkqa(Ky#e`4ZBlz0WgxR+z
zX^Zr3n46qP)pQfZ?&lS>a<quS4w9(@5E2TSI3rM{e4=7PYFUT119j6XxRE2oGZ(d6
zoVjy_iTMq_>f{Yd6EJP^_@4kwp#u&(71!pnjg@Xkkv3EJS}@w#$sL#APN$eYn~u)p
zH%<#-A2{v!*SwfD;u(qj1LfV=V16wMUbATrg#1u9l#oSA?B#SmmwEo7Q@*^it6p$4
zsHiyjw||tZ7&^qW8DzK2xjF~gEiZu!yRG~8ZM3)5UtEdP_FS$MI}c)XCiwYiZV$m+
z`Pf<S$UTJWV7wRzQupp}J15o)1wp-1+>nr>hK~#9*FthWC}P**b(3f2G;E86LPW<<
zHr#ZV730g@dc2#YATBFeV!pg6kktrQL-#}Z18E}D()bTZlg{$16j1$pMtDbO`(P35
zVCNH$RXo>9#4jWg&)w0}SxmCXB@`{}O~mc}*8i8|lf0+GEH!rEHiE=Ly_Fz9|2AWs
zYZ6LKU&W3D32?^DFc|zQLxtD3-YMN;zgjSpvFu@)mNW7<r3yPqFNJf>j8=^E87Rlr
zD8t?!J3--O)bZc7M{Q89spd1qNr0Z%KCeQuZi@|uL^UDo<^R!6Y|@YV1cUXRu?01G
zu<!8PHwSgu0%<m6lI{%f$yq#K*=8D)Mi%aSy!7h59?V;}KlukTHF6QCz92#_G}#|P
zMqY!u-?tC0w6dQmXS-$%VCFcdTn8A9^j&&dE8hzk^K+`9qE1<YQZa7H4%!1bdo~tK
ztpd*rAz-a{O(xNXVS&>w+XhIvaa-R$$MpQTKLg)bf4i4Isb%cpIm|`<!~s=UJ#YUH
zHb@{_E$`F?-Au%B@ohz)cp)leK;)7a)q7>vEaUfm|Ai_r8>WzG`x}~|D&)~ZBQnBH
zL;%W~chx5=Nn7Z5)qEM1&?kg_w!<(t)WlEd7l%|4oNn|;$9uP+be7dYCaa#x&ig4G
z{CM|Nqfp1lKfD}K&m<ERv7fy@@*dFnyV9g9u*Vl=3YA(RJ(#CA306*9eXU3Yn22}R
zA0}F)LHxrXu`NHgu#0#{cAQ0mt7aL5Z?S(Lgr*0nC_&h?IFiuIXTzE1j+ZDsd3m_x
zq9+V4gY_CL*3T2pN9Yqeceul4WwwMyr0Ex~(i@W5;LdCh_)UG&=0kD}FgQLQ5ktx3
zG+iwbXZ>)XnAzI3S}gxBG$b)Ti9LXXlmZJkM9HS9e;I1RMpt%h*5FFX*%}nKdL=y5
z=^}N<`!xM@HtGiA`v~j%w-(tRg^@YX`8~vGo_G|2KTYrHUB$tJvgpJ+m9Ty6tH$`E
z^MwhEnTJS<xFLBaE{%!=@?rfKI}8+@G@7UH<JaPt@9^YKnnQm%RYyrhm;wTWX=jhk
zcZYd5?U|k}*!w?%Yr?0UY<k`<R-<}nPOms5T13Hndk;>I#BMI&IXB?~xWr1`7xG)0
zxZ2ms<mSl`ozhM4F!vE{KeIY-tavX{U7tFZfFMeDWQEpf%dH1wX8kqai(ClNo8vmV
zG+9eV6U$6+LcEuBNeB~PCxC#&L?rbQFBBiCSuP<0=-te#)v%J&7`R8A;!48)hV7&c
z^%ix#tc&ws9B?dDP!^7w7`_$LHIyT|V0Em{IV?0#ht4NRE91Bp#sQY-7?k5e%$KfY
ze8uQNw+`JOoyc78(Do~SvFPS>Xq;q8DSc~;+<>$tk_?UQt(n+7(FQzCaA8Hwax38(
z!J`u~kkWrkT!HcK7lQdqguJX8Po}@RT)Rgm6vD>4W%WO}KR<Ja{)O$i)@~gdL?wF;
z`$iX8alRvVd5PdUu{Obe<31j4V9hes3;No9K)O}@N`xpCrJq!EftgX*TVsd%DRnyf
zhZ>F-F80}L;fr0C2~aQE6r@XR8$4jzX(AdDxHse|N+nYvoy2Rw$V=@c&Y>k0jDZ;N
z4%NG$(a9k!@R-DmpF3Oxy)YE(9fH!=p%Ictt?7sWUzFGyl)Yja)I@i&-a^!%%6|PP
zI5y!_KNN=HxDh1ZEN%%>cg2t8*vlIzz;WtVMLx8Uq#56x9AND)-FrnTU@+2sLf8Mz
zJg*~(dfq(6quehiQT%zUe&AwI5#Hf`+j?e&w8}NrG5YzVj%4wG`<pF7eM(eMo0|`e
z`a8Riv2MdkY6C6-ejiZ-!S&jw!{kPp2;`>!Vjvyi7=AV_mRWX15lK3}xLP=(YRmnN
zf=~G+4Eqy403rt<yy<j;F_!BDpX499troTvc(T!;l^h+Pda9hY(H<LxHfvg}C;DNh
zR&Jb2LGv%VBe>s~y1eyEWXIhd+q6ZW)IXCw(<#3}Q0;7++D+7>aAE)IQmvDQr5IoD
zDEk1uWV%^3?|yq2i8L#d!=$m9ea+v|&wT~jOioaM-*RnFL3VA&t{8NPQl6*G7AdCp
zk<(ix{_yv89bb|1BOj6K2F3?zT(fWjwmsT;+nRD@PNIbDch=TT4%IJQKf8=NCN<wZ
zt31fCG%qj>FL<3&64wS843@j!KOcWh?84dUF}{3Y7@$Rf`j)~E-rb<X8Z4WC)o9Ui
zi-=qgc=3M%@9bB6Vya03zq#f2XO!$bG%v;sxv{U^XV0453`VkWJ}bL?g!fV9gWlgk
z&t61U8|*dXivWI4>eq52TS#_7JG*Axx?I~w-bg{-6)?lR<s;55C{;5T6H27*cip$S
zucxA<Vm2PK?tccQ6!{Q9;v^BCHm5@evdAj%M$g~$=H5fQIagtGWNZ^hf%?H2P>TAM
zpOt;iVVi5a{)hI%@%lJ6_Yr5I-Td8E;$W3t4`UG|iQDi^cisVk6S5`L7xhMND0i{s
z8V_eoQkhlItw}r*Jk~rMyy(I^-Tm3m^mTK;Ij1^c<i0`&#$u0%#1AG?{7#{|5C?ws
zb>(D!I*~U`p$tin66i<{_m5#XdD`i;wX*s!O%=auO(?n<V7bJUY2DYcjeV|kL&5x8
z+9FE`EXMlPK5luyGV-h_sDS6ZQ19(=G2{vsG4436`ltWpC@rT=8)_n7lAh;4aMZl$
zYTsDUX;%j~#7sp}%3EmcqPP_Nc@J;}UzPLl_1R6HkDpfnxz(y5R!HY6W6wpoRJT+p
zEI+P-)7FUDH%;_octnux<)oT`l~a})J9a19JC?76-ZqXnXnSiX=UYrTN#YyracT-2
z1iqT?ot!%R&DN>TyWmbIZ|{E1$yAMGiw|{Ss`EeYhYzzFg?^%~+*q-};QkG?2g}JR
zBQ;GkKeZvj`UnL_!l4gtMI7(0K1KF0+wll*SFyi$8JR~aT11+ow~wyA7=O#3wY1*v
z`uX(DoA;Th_jH4>{o3}KP0IhXEzx3YCmeJv5E=zs4fUlFi3fx^^7sbQj^pQ14MgPT
zG|PXX!IHXU1LYr*JGZAMxKu&>ujrizrohaB5Vxeoq<$}Sj3DP&>r0n&cTi;>1d6{-
ziRhp6K+|NzEIv-h!gf+|nN;@5B&_GTeaqyrk#nlRM+6l<^f1urzfFi>`b+0Zn1=P}
zA>mc*c_Umf9YRPC%#Q>iwyb`r{YBX6qP5}l%bt-3=(Ckst$h7ffCwzdUwK0emEAcb
z_7|l~GwwK?60CcHs|#>E?k}?%lCyf+<?0-BNOkj3WCrc~;%q`@`C{*&HK9=3DUZhe
z>l920r9@20&j;)m&Q~NH?|V~lPGWw9WKMCz2p>)NgJPseBWnVIcXIUx=F*VUqC6*m
zoT%YfkTW`8bcp~Vmzt+k$s!EZbWfY$8}^y3;i=HygdUeP<Br{Y1Rm+?fr}^zY&YGw
z2`6k{ex<ceJzj=|4Dl-k?8|W}FwW<^ksfobTz33g3$$PLIrU^S8MmxVLNO(d6Gs}Y
zT0?UbrknnP#9DU^Aump*VlnfJ5}RGZwZT-4!z{x`QhNi)OLDC-z18l2lzMUyMn}pp
z6?2hcjJ=jgI2%9p^az`?HNJDLW~34&y`cnuGK39$P<PrPi%d`PYl(!hU}_QxRHjoa
zqd{6;7`I1WCUhcmEAI!PW8@ZZIYh&@2VHi+kro>Di@9J1=7zU3cMaI7hb4+tNganD
ztT1lK{E-1M`g1(XymN}weV42%>u_|(PXna)^6T6Fd<gZu%q}XX4*eBP@cZl(q>8rc
zjnqi;1#?^2?u?rzPvoa*M3Jy_`V}2Woji`HDk&pWItweOT{_DovEeOWJ2JhtE?ii$
zSaf{#t4Qe~8J8HgZ4Ok5vFQgt>F)FOTXM(QQ=$T6P9XCHa)9D&=Aoc&k8run#fsMV
zaFY%CvS(FR678Y!_{^rrKo%zg1#>aK^*>A&6{;=r=BYw)r42AS0&6tHG07=OLebh|
zaYbBt{?IxW?CR|}FblSU(1)f;T%3RtjC&3a)V(_K=O5*GiJJi~G^zols5t4lR!eb}
z02=|3cos}AsZS<RW;W-uSv!)S_JumfJPte}DqDM`T**GkJdjaf<VM2+?k+~&qQSc1
z1PbbjZj?~vRiD*bSBw1afj6B-w0#uo3hf#wK(`imq!m`0Rxq&`lreHF*1T>qp_8jc
z`t|i<$q4lnO&EpjB|P+syT_m)4XvaauyUkBIuVG<s5WJydOyU`R^t>hnX><iCX|sL
z%sOjOS^utkI$}}O#R1{z5H;zjNPd9(M(y6_OoPO|gZHFanU$R-ae%~N7d(F{wdyL4
z#6laFzTwKTF4QKYK^T732AihrDO(N>djffDB|)#6&(|tf&&&SF%-Ei%v{QKm;LzuB
z$cG(+{h66&xccfAA_t;NeOz!WSAm>TtV0U>G}GSb35r?H=kTkB8C6dw;$RHQkw>-&
zS6Rit<k<ICE!m(h56f-)b%`+r-fkbD^5FH^HHl2Jis;R~-f8bX29UaoeYj2Z3~MLP
zMLKR@=;+*jIz7E=G(6=km+9~Z8ixr5FVPI$g%dOh7N&lv5^!EZ^b}<7#h70v8J<>>
zfg0Umjp*@35$1$dX=q0Jc!By{dMk2E1aEuz!I<$3Gm>zA#A>zL)U=d({2$G?->xXy
zoSiVrMx$Cp8XSnwjw>H6cru40(_9cnwKp8wj{7h8B>;jmQ1GPCaotAo?PHBdXAg8%
z$iDIlM?<UqX}=TE|6m>VVP+Z{loxp4U1tlM`O6cD=dP(ruK;Oa5sb4^%jf1E)3*HJ
z{B?$<J=wiwo7r$Liv=B$WVJZJ=}yc82get&GviS#eDqI|n7%oUI^`FUlL8#*F|CmL
z4v;8i&C4N>#!jkFeFLL2{*lcx!}pyY$CFdb3&c^$5ctDUsTNPeVib7$_^Mzv7|BPD
z(?j68Xe3@<)Qy@Hde<0SGtBtM#F^_;J=sK1rc{XEQ|$ZmnbGCzBX#uf73YWd!hhH@
za+agvTG+BVTsplU03ZJXne)OsR-bov^7dI6seXkewbx#LvsVs8h^8&D9E39J7o5@x
zL92s|-v+7gCa4M+WF>B=d2B6pz&_0vZkIgHxKv)!gs160|L_yqS0Q-V`m}aT6a#b^
z>0Ju9)y}`r3tdkSRvB;b(hW`+Ebo(Xe(2LbPBh{;9mczX0oGhkQ`Mm(7MmAduGD`O
zn@km7%_ty*cHge^2Yy4PyVa;15<oAM)eP1qW0jy{z*^=)NhCK|)@VyShgln+9p?B}
zhAFgV^N`*4qdu3RGVO+i*p+G9Qzfi!NAinq`5@A=BSMLAbfK>Q-9l01-R0`7o7BJX
zZGeZk>BO#Ne&(Sv5ue96M^3s1nJkB~vTGLJi2}VckGvePYVCe@M6~7W4O0*9Pta07
z;j2c{`D@n-4{x;vZo=6A1*h{U`*nBw$?EK?kqo9xb%69)pXXD!j(}Qx9gcOS^Uvj5
zfT)up@<Firl)P$~MM$_%JrdBX+(j9jZi%QSV=deH6j6pPXx{2iy6yWFIp6l@;?1(6
zIug77poAX`);rs|0V=B%NNN9KdU>605MkaMovflVtxjuu@F}L2^TV5kDqRDWDIYmc
z?l&D=ACX<Ta!vjR<5a8l)%EfJ03@xwTz#3Iu(j0Odb(@gAMXWtmR0Ugg0&%cud3X}
zJ#l4{wzlixzw>g7e_FlZ+@47JiRQRiwSl&VpAv)^s#|lvRQNica^gzq_VG_GDZ2fX
z;XF^<R@~FF&VOt=*?eYFHloG<%2OZr#}it~t1g!j8|ti+h8NQSLd<NTA4YB8x9UXs
z&E_iJ_}>Hj##|qA;H&mm-@g{6q=m;i#~EuGm)N$B7^etHYF8sr(0a5}n>`v`dYLM-
zccecX7B4c0=`8n8aKlJR4G!`oB$5iw+H>*WYRESpTvIHPzdq!Sdw}bHe{><0_HV%M
z7tlS6X}Dr1R#ZPR52y?QhE*=C2cBr6+g&MYUa$Zs_hYftEZZ6Bc-qrAJ*FR?TF+O?
z?>nDBMDU5qj3!-wezMy$39H$OvyS5;Fa3^^7$1|dbdD0Lk++NAKvpO0boDv$E9JTE
zbJtx5POffbD7DdhQqSG(`zz^!%OVY=L!{ACn|#~^Ync73<P5F#59|A_)!c?VKSae&
z7kL3H`eoMrwu40`)Rz3#fc5do6B66e@+^$S)rs}lW<>smvHYuY2VRS{TRL`kq6&B0
zh^PmeWPHDfw5%?1U`DiHYuow7^TjC*bjRm%PJd}WigEeAHf|v#>k@M!Mf6(X58ot}
zB3--vfPg4q+k)?wtKNkwjsven4})F}cw~aaE{)O>)Rx9ulT3frzDtCUr1k3(#J(l6
z2(r4FI6a@VAR}wR|Kn)<9`FwXW<((3`ZCP<QFC$W2X@dc5Fp>WM<UgU(mLwA$8h5O
zWdT$Db~cZl2}2`g<YFAo>rhCP6(2NXUW)ID5+xk=UoaTonoqpcfGtvV@9;4$PCi$J
z!zLaNkBK+6=T4(HxBcPP<J|Mh<B7+%l?@+MHrJtAVBk$2H{7|JTU3;l<sZwX=>M5+
z{eQ<r`EN<Me;kj0TOM<XfyQnkEkZbn@KoXukTT4Q`4t94Tmd)<@Aqc8IMc~5d%Kzt
zo>$_1t9W?OweFwx4~Fh3KEuK(Kj*<wLCG%OHw_#wp<Z*QP7=4m!1B}X^xZkKvpOKW
zd-o0o1T)Ao%qJ0l{PMdw*g)mx0GF_vgq5jW!>=FjqGw1&i_-}laP-u7_1iZPyM-G?
zww)L`EEeBg$a6Va|D1eA{nlD)aNi*D%!L;^OEpizH-1d+UiE&RfG2>mD7oDQr@;g<
zldW&%_LndK&*0>*7bC~=JHPSA`=Zy*eUywRI;{1j2wBj}Q3HMOs8j76(~*?|Z+LRO
zwTn%X^Z-r-LgWe%fK0)L_2xmYWZkmy&cnJk=M7djXDK9Xuym4{5p(JtQeBu^kQuja
zOAT_A5k3k!UJ!+O>~5yHu{Q4Tc)k8b>H}H2S{}m=vxSEn|D%P`{gwld*MlKzhk#1t
z%=owP@U`Tr;B8j9yEn+@<}j3JPs~@%7vuxGnf_@PGm>Gz4DPFsE-%Y^`>D8<<ICsi
zCGQ#ReNqko@9ZcbSHQ}BilnIM-HN0+U#jqQ%rWd}Y!}L5rI*Ls4Rg8`VJ!DI)RueL
za;Yd0NqNH8*Z%hi@1a7yalDhSsj6rk!KjdC_0||OyK_;pUuJb}xF0pjVSfy)Pu!3&
zF@a6Ve4b<nJR*^LJ2!tqD&BIaaK7|<e}O=V91S{5q7_9U45&TC8TRsaVZaEJT|%k#
z$4JMQi_c+G_hXHNr8Wq;IeO0ui61@XiiG%6U~uO2RG$-qf6!C{Z$94yW!nob?<Efg
z2{Cbh;nfqFHLU*f(rnMv2fgAzh+q$Y!GPbZ3mZBW7+8?kl}8rNO=@yqt-s1XG!@<t
zh8fFDz(m0d%?XpW(TWfYP1eZXcineZ;k>n^5--3YjEiI|!xBMXjI`!2^A#E8Qs5;<
zx#O&n<yLfp?|67Jt&2p`w_!!XUDC%b5Z0X7w9(-6bsULVxdhI8x5m`-(2rMb5rFn&
ze_dXH-}^1KjUH<-c=~A*W%*R=xVY_iF3WruYsWOk=fxkn!+~t-wUXrQqC7{X9en}(
z)w+--7mF>J$rD)csHm${&oE?Ux$ag&OHqpTcsX&I#19>KMcj@qPI)lFO4bgpnB%5E
z2xgw#bx^_fk})>9Mb-PFVbQ9{)!-d}<)(Asg#@brA-kR&<!Yvv>Bxpmp>cp^#SH};
zzirqmBg$BG3C|<S06^1|J<UP%=3esGVt(0h*4?ONhxWRxi%%7aX`#W6lE=H@on8p?
zHequk=nfu(!3A_G6b-7B^Lb5n2L0BvdYC0xRd=L~ZVV(1e@1_s7_^ea5r%RX{S66F
zU&tL%BQ5wFRQ-UE>l<nxdG`)oH!0BI&7%&li1saXM(---q7PjiW8Po62s$RQ6_r}g
z@4n-R<;#l!zuipG<U(clc3M^-!#PdI!wBrG_FTxWbl3L8o-opN5x+>ix;3@ZTs^M(
zokQq~-~sadMtUA5dCSAW^DE8lRRjz`Q1`Hi)!Ap@Id|W}qG8e6uW+Z^wLW5DBISw(
zm$$VF)!tB6i(~{~pJ^BhcQw<nn)I=Ia0en{f;NS-dkxT<b*E*c&P3vSg+l3ta^rYQ
zLgEzSj$`+YU{3-$=ZC!wT~JHF2SIFdK4jj+RB!7ef&+OROlB9N@U<CPvLv8F8(bic
zL=^I2BZstEM;g3Wg!!=@-RuS>l^d$srM#$lFeLii=HaY6vC{Vb*ejp!s&2n!_Zwu`
z2G7SLhw47R7aT-b@!)A*2YG!l8O+kxHGl6ZF9(16o>17VMbhA}7Cp6L5|j3uIIlVy
zh%wAl=!qM+azx<2c@fjc_~HQRdBHp)|JfKuZROXS1;+ydOiX(uJysWtI5j!-OZn_-
zwj4*%h{Q;y561pdc{A;$%nkJ7lN^(Nq($gO{LaDH;>;M?1B+YZ!I}^^Ch(6EP|Ux$
z{0|VIK+W*nn9i?2i^yqnmupzg(<4SHA$R#yGbo>qi!0P5?l;w<>I@(sOY(G_Aq4JG
z#pUh}snlHu@6UjX{gCrJbzrk_e1{{e^R7gBk;~DkMgi3%sN?Q>Ei(KuQ}T2wK_^c5
z^dq-tK}WJf{;gVf&J(OKe(8DtdsK#PQ9;WPaq$L>;LgFMBJSwtYi>F`;tYb|rUwo;
z%O@|Cw+OaJ*mJ$f3KsyX1(k|GSC!OIhlUct0jt~Y1CuD84dU1{XR*Aq{znHQ))%C@
z>!K09u?m4}K|<QGoWXs9U&kFn<|{LcCX+)8I%>BvVT9h^IX?Kh-~A81CBM;I>@x&k
z#>Eh^o4$9q3_Fjufi!nu;;TJix8B1dyR-*8>g)`S@yG9Wt=b1@0(%U)($fFh9|od`
zK$GeYe1AK{_>*YUGtcW~#D1@2T;xengiFmX4vm2Mxz>zD51y%meQR({2K)1Z@mutn
z8)m8d^h+B|*P-dV`{N{$q5FV=Gdd9^qCtbP!Sm*i<f1J+x5ZFDhm{Rp<<S&$Z*ckH
zVMQ*{CwfpgZh=(1u=!*ZRcjGHjISc1--u^7s@cL;oF}X-yY3)fY*YyYA*OEze=_lB
zL?&n9#CV-R@;{xJPpsB%W9&x?L3jKp7b$`{n-XwED^sEzm?T1-kD9yrNh{a#gLB-Z
z=eZfrgvh+V`t1>6y@e5FAT>);v2}2tE;kOFwCM=mV-J84>e?U?o`L9#D^U+O`1m9P
zA-t9NEra?!?BP$&mlVYAGWMt-J>6w86xyn-Cz|IM#v2&a;}7b_eJo_ry3bF#7k-<r
z<tb;*SD&NLlVPuR94WMC2qNm(Ob;HmIw$X%o*vEqS|LNSctJa{E~FV&_w`9G^+cH(
zFTCyp4M6hCJ4<GvL(Yv~oxEqOP5py=i~d}omIVR81{s$5z|pjyi>l|G_hfyTy4>kZ
z#%eQt%}jefV$25=C08+vm0X&Qa_}D3W+rz+xw>|&q5JjATVv$RE|_!kzO<bVY@-mW
z@|In(6}U@b2}DHj!zqPv@5_~3d6c_)l^6Qx0LQ)F#(-(E7C6GhD?TMJJ|1F(c#z?0
z1QD>lER47sH=(azQJHHj31L}xXAkRgxz4M`9pqYJedY#5xp864zGZvX_;UGB0uM^%
zI3WKiG){Kff=f$*Z0ISb(Ve@DC&sNs;00nF?3)8CSanpTPgaKxnor|tm>DY~Bp_(6
zWpD0WNdzmp5<AEg)j0?nrxxcgZ!O>bR-5|=zS$1<Qp^DQp412q=9efPgy}3Vti!mh
z+j{zVNV9C^qY5fAvQ&zH0zdz*kMIkq8vL)M(f>YLkR)iY^Ldx?u9fI-KcOgc`kO$O
zZscj(g~)gkDmpk81Qy<;Uj}_+2K~Fx-M=0r(V&B~{rSNY1DrI8#t$409s&{r3<d@U
z?5{r`V}L6_gTa9Pc`%6%&hh75I1F&^|9X<V|9?E`pYuRNvHUYQY0|PkI6~3}1~}w@
zjsv<TX_Ac}I0Eo5my!efmjiS`FiRr`Jq8y`i-@=}t8^xefICk((OR|!W~Oh<qNSy!
zO3L+0MP|<AQNNk2y2S?&el91iqy99UqS*IZ*k3V^TNjv1aE@tE5kK=JAX$$~#m{kQ
zz5|H(eP%lu*LL?V6m6vffK6@sdWd?5QG88Dnf>Xtv+}~g`qF~bxtfAV<r&HLhDmx^
zsyq$X()icbyNPi&jGm4&zf8!1L=<BUsG_4#IIrE*aaD8*&iDiZLd{?Z1U0A6_nkT7
zPWV4@?Ah=xxULPc$uPPf+zVuAMQ`T8AY?Y8qq(3Mq;JnWt#N@`;CzyC{&ysEs0W;~
zG(Elj02cC*;cg?Wx0JW9w%{pI{Ap%n=gdyB=o%C!`}}jvijcpV!(EPY0@#P3O1aVZ
zMIw|M{xHU16kvlv(F*C4ACYWg13!rTWC)^Vr-~JB-c$seLM%d93Ol<Pgn0cNTZ!|c
z&TEyNRPmgmRzuH(1n6GK=oR9Z)y09QXNECe=GNVXsmx7Rl~{hON}&YT<CI08VS?8W
zm&6lOZ26saVGF-9Y)bw$D}wi{*1E@WV2)-{6USj>1`TY}VcqgmjzC!H_uU8+x$S~-
z8qL}7B3nB&nyQ-f=?ieAwCnh^s%)WBEkn<|bv9JL=h)z#m$;Q?#r<B((=G4^pd0bo
ze^K-Wi6QCo3f<42={!Ry$UwuqsJ(^UyaNNHg9HOpkolMC(rAqh&in4qEc<~2P7GM8
z9krmndI14pmCnu7H<n5DH|3W~qVHUxAGV~I!4g;xrIg+QFBup%?ilgPL(Rwc?+bo@
z{*>anmm>9YGf4J<iZMCNd+PY}X;2JT_pE`JAk{*O&H~p<%ER`aK<A<hfeYsu3nLP9
zLJ_zOtVkd1=OVIBH;;@Et}&Jm;4wha$38N~cHS_i)z2fH#2NDO6&)JU-s3-5l&SMP
z*m<%hfYAvrCjOs$bR)x*@*E<3;)C6Wx+-N;XDZACYZxW4W&Iz9KlgG@{CFKtFUNiu
zXZ^nS-5_Y}*4nEAvz%WJB1FU}E$(K)%ya=)Aq9Xve;zYSvAlZaE<)b6j8p`Y#8Sr4
zo5MF?^&DcGxi}cZ%W8F(ChTsLw0jMjRhn#*SA;f34sTWP)%FFD(Y?a_emXqW*sB$~
zrpUP&5ARu?_~mVGVNAhd5wkXhqlTO8iC^Lr%_tVUAKwFCNQrWmA|@xh#RBkh4_LGL
zb-umTRyVk7e1hKcW4vQ=oqGeSzL2_RhgT5%`V7SLcrqGmsY4H~;xZa1x;kcp!dzOu
zQN#=(>U^k~!B%Gon3%!TB1ZJBUHOKaPMiCMrrHH@{Q7h!zU5Im97bA1ke}J=46Err
zp#@zV*bvLO`BX1W<v!JF6YNM0G*<E%=WBVYI52f*_I31b!XwHwmOumMeO}m%I}kfF
z%z7xV=sWbvAD1t8-6fZATq0tZp#?S91Y#;Xg1KS^;a}y%t--B^DMOi@IpKNK2Z*;{
zaR%h-I8CPRJrd1##!sp9A^c!F3{J<txEy>+OAmq3s$8u&RLzm`!l(5O7NGo@_fw5|
z=EG30vbe`H^KDcS)Vo~3Je!wd{@W!3)+ZcB^R9|MlIR)kTxPQO8+I&&CL+GD0WS_8
z!csp&(tM8UtnM=lMPZF0`oWn4mLk^`@WrVN+(S{LAcE7u7Og*(;N4Y4mp^0&FC!$z
z1qD;*!*8H=ppK0dOL^jikw<SGr$cq$anQ|atUpYmT>PcE(WXQIuo^w8tWbN>=WKkl
z7O2qboO6#T<r^#&K*H}!6YF#KVmL17xu2@@cX#4Abt-Fi8zEYBTIGM@t2g7xBk~wu
zNwjnprZrI`*seBU46UmY^@BHHE!QM0Vmeh#Uzj>S^<uS%I-a=oFk#nO39To<8>pFb
z)Ca|XEZW(nZ_sc7Y!UdqTLWUl93M=MrvU7zhNLJ6eT?3LFg4OXcQ&je=f;}k$AnBa
zIKs`8c6a9uItj`U3Cw+YV3A3SqR4R6oZ{<j*wuqsWIch(qkZS6>Z6GY_p=64@m^G0
zJ%Vy~cDUs}<eyi?ty3}K98=jssoGB+`xwLYGrl)B6LBv<LoQDemR-jT*w=c7ue}|c
z<M0)OKJspq%><5l+$Ud`dK%zWT8-2rbe0YgBb++bbT}af%^V^clryo1U#q~(Q`og?
zWr;HLI`D@V`L4Dd7~m};vn4m|aDE!0qECww5DMTd1d#5a!InUt?+^jG3}@tqQ3%WE
z_dfT>(Paj}&}e2PYpYToI-A8hBjYz@j2JxeS8VC&<xcn#eOU?BXTG0=4GN28v=P^2
z#8TzSn%F_8KI?4WZN;S6anmhE1$x+)sP~ow{Gm{lexaKum(#-qboF83z9yrX0=PC9
ze3Q_3xYHGZy=t@hV|#ZvXFDU%QrMOVgZOQNq#e>gE#7#JpN<VMC*_eX*5e<^4ez_E
z$NTL0F(xybQ4Tf9iEfETJQDcmO$|2`7k4H)<Y&29LoQSXr43m+1sRkxO-**BcNt|N
ziS0vc%PJ42q@AW-**OxsTAW`dw2($ids#N2k6isFq#a6(z!ib%qTg0|_Y{i$WE{~$
z5FZoxJmd%I=F-{_c<>=Gz9~;H%v7^DD&ci@%%6Yj-J^f$(*)y&lwbmJexgF*YtmKc
zA@$3X+-~85)Y9;CW7b^bOQ&@dZFa4S&hqro>a`}aNnl-dm(pf2Jq0!xgf}PBj4=1f
zM=}{fB^_ZU5tZ2(8DBBKgmavJ(LtzT?|yF}rbDxnrV8oEl-r+_T4mg<3dQzZ8PT=O
zyKTu|#Dua$iLLc!ciZuzY55~Z<5&@1a>TmcgCX8P+#t-hyyF#_#J+q|e{HTFA7OHq
z&y9#w+hOhD&uKx{c#7knIi}|Z8+({NTGy(<)CiM`5!eRfLeB#kbH+jaD>7%ZDz?Z#
zK_fj_T^jR^VR(m`Gttlkda9D4USG9B!st}xAvY;melXco-!}{zQga=hBLV0|rQm}|
z_ftM3z1AlBd8y&k_y$`HzBvtt3hwbzqJ|P(5*T4HVXfUQGBTad9oOa8X66VFmf;@a
zQmMyX?RE@J@!?#m3J5L~L?%}(#5|#ZZVX9H|JP!RQ$A>dK)WEiICxddMpK*bYo8Ti
z3Gt+T6iTl2cvTygA<mGy3}C1dggCUrAu(CwlO5i@{@z60D{qTlXJtf|(RH#@sXJou
zQR+vetg0<32G_uPWT2WmCQfB2{$gxvt~S-g$?{`dx#LAq!cG$mK}E&YF6K@J&}Dtu
zI@a%Ms#MZQ$^(m+RrM~~Bq_xx4x<C1f;&wO^Vj8t;~fKDQ;liPRL<0ByyDwVYWy7J
zx)0@iNSV-RgE@mQOE|<>QTIbbI~f_Ykx(acoh{48<7v4coD#|)erh?w#>TU!-6mwd
z>c)1FKnuc_3HeB8q28wX6xGxNQ17LZ9TLHb4&V~=_q=+YKWcn0l@qQR>G(}Y6w9n#
z@)24Ap_-J?=`tx3zLTFsbAz-diiZG__orvsr)&mw8HUKt(dZzvkG^@fg?SR0!JV?H
zL!mT>zr1Cs<6s}wS5ag%X3E!t(>B&E<2tPiGZ?Rp1lr58R&R6>INl%>2tc*U4ur^p
z4XAR3X8xaQl_Y*ra2g<AhpMDwq%Kn`6?fV6cw`?zR2a=Xbi;c`>aucTODY<YTDpkS
zx#A?HuZO|g(*PT}<7u-h40<B@JE{~>;A;j4!Nvy?y?6_vz)t>`gV7)X-q&41jmkVQ
zMiDd&p7b5LL}G(<#BBRm`uFF0>XU|23Rp%XkiTsjM*S$HY;yr_df5|-Ea|%Q?nkHn
zq3>q|#FrfzxK;&>nm1V~<Z109p|_qqELzbeOP;ciPW*<|wUly#PSnGBc$h()(jB}A
zjjovt+RmLIl+U2Ezm*nHt=>dX3X8<5qdA#u5a1JLFiJV1^)~K|d5W}O%;<@*@PV4z
ziT1O57}RcY&Kz*!I<ric$w8kB+Yo%)fEcNza>jX5xn^r}yPD&%oEz8tgzEh)Kr9g7
zAn5G5uiu2J_?}hTy_ULa?A0Gdmgbm*AU=-gvMq$x3xDxR?wT*c?la<bHaef6Z8n9R
z6MN3P%ro#nzpRuL8jE32e^l2aB~Z5rbK&_H2n<Q%{8hj_?QF~GPG2FQB}dOh?7iIp
zLlYiO%N4=qi*v8^&WUPQZXp;^pq%5T<oEQWlMQ!<-YF{x8frh9)q|=|N-^-yT}q_y
zgORBVQ6X}YoxiGzGgZ)0Vk1y5z!~^UgGJbs^M0u{Bn(6`PU2Do50siNm}*6%udzs9
zp1r#!PU;2-8r%du;;(SR_Dt@JRfpJo=4>OtPy9K9YX_alY7X~&?#F^Xa9+W`0Q{$_
zke^|4lY4%NT~tHSLF?(!^a}2G|Ad_Vow>tDZQ_5pfxh<j`va}C)GY^u1nZYVjHYoY
zDiWphJwjM!S(=Zg@z5ye^HcAFieMg5y0^Mi`0phFv}x%th-Xn$Cugj}?6SqTw;|L^
zq{nR&Fpr<qPFU)Jsg))E;hLmT%b^Dr=^FmWZ!Ub-7y8qjcX=aycB6J}?kQTaTTB~T
z`-;BM0*;b}flCtX?FaVDJ)suZu1#Cyedb^KKJloL%Sdxz6fA$lq0xF+mLetlR709(
zykf)!Q0Ox4C^P#&p0-{XvWvxSdebALFmJ1ioJxd&dW9g(8#V{!5XA2B;!*bLbs8mE
zgbCL;dus-3jBn~4tUkQ1M4{0>FZ%CC$8$yZ>Ql)mg5lQHQm{Tst7~B|zUIR}rCeaC
z+vqKw@mWDEu$N*uBb=P%c^n6~7)ET3R@GquihUHiF+9-B9?+OvdU4(lVx*MdnEi)X
zC9s@?w4taw&)MZ4hiKU`C`i9kBhpTPj>V)1MUh15`Yf5sOm1Ezo5!++_W>IhN(a4A
zsG1#idC1g<R#c^j76-w4G`Di{;K_7+SwG$auFi)t{X7utlV7^8)bpdpRiwRocLpO0
zu!ER*#KIN5nbQYDM3FpJ(xv~Mt14ZqyTj`L;p&^BGi!oHW81cEbCQW|+qRQ0m{=3r
zwryJz+qRwD{O3H~^RQRfuIkmhYIpbQ)kSnsr97Z(LG}{kCh;i5OH?bc^F*BX=(7Z?
z*_oV>qHG$yt&ztjqtGlfD3)!4d3rgID0d^YeycMFtyb-kIfj1+&y7os5`mpap!Kyt
zIw0G*o%2VPbPLd=H|Kw3_cmpv<&9kd5cj{EPXytN&kid7&DcG?nXgw^%4sy{H84lG
zQ%QNqRlwOU2uVfSXp49Tu!fC~LIp8%!2h<ntAsLbo{@ny;!Bl``WK~nDNX4{wYp3Z
znw*a5*T?1RRNwcSe3{S0$je^Gomaaxv%^Z9zgx?WMRhntHQ~>9lbUcF;C+q(5YMok
zt~7q@5?+S(`U+RHc=4s>p3UXN!sn%hcD6&^g~sv2_3WvV@aX(gg`ba<Aap>jKWolP
zU?$ZYalpNvesk6NnmQm#kK;el`wfe>oT6DJmJLJ3hc0wWfZw3ZJPsukJ*X3$FDSrR
zBi<#M-ZD(DoxPE&y{DJXSn*}6pxF?Z0@wIkk(QFj;c@S`vHoN<L0%GJ^xU)}b}_bm
z7yjH4UF~2oGY`%c8&e;n<5J{j?IJklb3r%5OQ6RiaD9yQ%XQdqX59MFXY~tLmlOs{
z5Ilfdu)|cjGeix4>C)bcgqeMQ^rQa*x|9G_6fe61uv3|&h4%43?#oSf9fVo!Awdya
z_tyMCQUSe^z?#B{3Js56C(|phmizkTl7*w(p3Ht`X&aIv7^bp#wkui#Zm0|X-}Lo-
zT7>w?;DHj)e~HoqLKLXH;$@0z-l44EZYux{8r-z5Mv6l%;x^&TH;l|t<r27Ks+)Fe
zqVId1)-HlQVr#0=ui4L^v&qVlIv4S5RXB=bdYfJF^Ua`5=gv3eYD{O%fpZznffYaA
zt4mNHX>FAkhmB1Ni(%dk>5gH3FdIu9IvQq}S~IQdUc>flUSb7m_i1wa39qHT4`YDT
z&n8TrV=a}gX71(u>2gxI$aEL&g#&u+#Gcef@xo<GCDyMJL#1fZM%FP~in<hy;l_2A
zV*53g_NVZzMAH}DWJ7SZmN3S;D9skrNxS4*E4uwjuQo#_9q_L6!v?rB>hb8RI>B|7
zKzgaw&6e{EXW5T;brUMHDdia*T6RDzy2cWpxoK5Sr0Q2sg<)D{HwySNX+YkubI%iY
zd-27A=>-%wy3_OU`T4WC0cxHa_d%vh7=K$Em#p!n8GN~Vr^EZ;Q*MFx>%fB#Hkyt>
zYi&2`SN8R6Im~_6=?&{ntZjAOSeWm+fOh^x{YfvzwT&hcKTz=)s#3F&RyhE8={3Y7
z>O~KgnR<_6_WoZ}g^R+zY|*q-P}ECY>wM)>-viG%&9YV%ue-_zDR-&!yo&Ba^WoAn
z)s1E$*RLd<#fE4#@D#L`A$r==;W>-XH9K$rc9|8^Z#6MCF<4sDNgiwa$MD}mN6Ob}
z)OVZ^96fs$K|Iqf+@`$mNW}ocV?mUDed|s=H5^WibNC3+_}_alXBu`S(v8M23lOQg
zUz{LP+Q+N91&sO}aB(<^E_zuPfY}e=Du)fn?gGbjO1`AKM$)SL&r`P9U`%m31N{8G
z_)>{F78G$q*l_`v)dUJZ?6DYPa~k`lEay__aY-gYE=<HF8zlt|P*lL74!6gR`IWCW
zw?yY~RacO}XqE1|v_v3omy1oq!#va0eN+b#vl)k9GL!z?+Pm4(>T*xwQ*#;s&5@2z
zwNuVYlNNj}H^ezDAWc5+ta<T0O(mnQ5l*2g=}Hq#?OjJ}WwRmcm-4+O-#xO%3_W`7
zGm!f-BFKmq_Xf!TJqw^QZHY3wVeIpBdMB5ecRy%dU{QYWQK>*bR$Y#7L{zetd;$42
zEA3LiJ{eNAd7vjY2}Q5d04i2Uq%D*lRTDzm@#Lhh{-^-@OCdtF!$7lX8R+bH9OxP7
zljItZLNorV#N>p!bbiUCbH=RJbBI!##=?=g@=g!bXl=--yCi_TU1Dpfxy)W-1lb#T
z_>$HQS;?)6b{K3db0dH!$R5tX)i=Vle=ixsd&e5LIfP{7DB2oj!~`*23x6m{M&c(#
zLc<c&0(YGsoTVMQkmm2LERkw}j2%cBjENVjgep-(hEO?3ThD)_*Z)X#KO}Oqt?xL|
zaw26JXuz1`u+pt-BeltEA#lvbxE^YJ!!}3wt5buPkJAqJ5V&^^9j@xgB=vKWa${eT
zKzMlo9!K^Y0m6QZU@#Z-I#kpJSov<6s1%INeB;$jWGs8?NdDzsTtT9dL1+UC208E{
zA%U@USM}opKO6-kQ!=SV4WG=c?36C#IxK8g5cqh9jRjcBZ#oc4fMf#|n6US~D-*W-
zI*nt{+F9r6G+{Q<RytJJ#!~inS)_GmlMl~wxfwT4s^XPU)0jXj8GQC^W<HgDX8rpU
z=&n`+*U)nn<V&|^{IgQW+9x94({czgyf0h&Oyv#wxRj@d`<4weLm3mYWgSm)m>Zt3
zt!qjT2MCzxQ(n_JfFdA#kbDa`1(yLIE0eVB`EELY$P{JJ4tudDf#_FegGeY$%OR&L
z*{_gA;*9Kx`zv_#@@rn82?O;`P;nf_BMh=evmBM$y+(rF+`s(WD0yOFM00Y6Wq(DZ
zi?>tEX$~dh%n6FtbS0QOhr)bW{l6V#sY{1(^1&7v<ox5*0X8L$RYQISLvCrmgOB3_
zXxL?|y}%OZv=OPIA;oBlRS=@>4G%HYwj?y_5FTFSO!O}H%bPDZ<c&+S$feRoZ)&n7
zf=`g$$i`Y=)FX%~_Oz+$lgOE3uXvX~G*KKnJMWQ6$6u_Ol+8@1*knN5sODMz{Y#9N
zQCd{4TQkK_22duONR8?j|0|PfjD53<>Qp5~##$ZUTA>t@m8ph`F1mY&J7&bQKYE!j
zne#ZENlrN3T<OS>{T$o#dpViX0i3<TYVOo#JJFP;ZX5}6bN&j6SHs&EDr`d>$jwc}
zwEogSu-Fkq7(`MyB$pM?G<%m=0$q(I=FcAFwAfq5v?BOS<F2u&h@#4Ca+UdJOZ1YO
zxt8olP;oeMxAIb1BBd0^(X}nST@*{#u`N9PX@1_`E27zY)+8b;qE)VD8xarJj5Dpj
zW#0F%|5N^k&(T_F!vg^w>Hgmf)f58=6+qU$p9!w(T0K{%gu@m)Oe`^6k?Xql)BkTf
zxl+2yYwAgl{@Pq08?$1x4&KPL_m9Ab_jMQvh_fNIX?a{xvtVS(;3=vhTib4ZApA81
z$?Qp;V8&y$X)oUYd^)h5v`~J-bBg}Mfvbxug)qrWtq|6_W6gPx+1?8F2g}M01_bW=
zSJ1KmC5?{-YUTKn1R8^;yA#ud(MV7G>kvK2RD_PT{fUQ#@@co50g<8<omKE2Md~g;
z-vFcHg11>03bB}nn)VWY5y3Fr4!Ws-nDxSjik-W0b9mHKVt{KN;IJ`q{S8`U3EmnR
zYlPgWIt>w354xeSnJrzu?ub^C3D7L*+u^#S4fjHo<@B^qaN&$@mQ1(b)6HbaFY$5z
zrU6J{Eq$C$$Q?7@yLLyLpZg>;G&i_pZR_`ojm4|WJ^Qjj7e@sEUDHIT&9~#C2-d4h
ze2=*9ui#MfLg(!hcZgz%U)8MjM4oPeT=f??Sl2#$<(4!kU>?Hj-f6}b0Jz~a&U=)c
z-EW7RLF|Hc_w>J?&rtuHH&t8-io_qK{TulInYaJX#sm9f<1x0kb1}7Z`OnOA*`?{c
zFOg34BG3a;bwQorH3+&>RT*Yus#8|h%27CaQJ>z7^%qF8P{<$L--wEE32-OaxO&y7
zc{w3)G4NISL4J>a#U+8{fBzRN4OtbN7#KlN!2SDbe`eb^yKOBC|4+;{Klj}E6zbHI
zSofhv0wpD(z24Fr<u?B(Bj9Po*xW>4<I94%p{tbRt_$jGamSjmbEidK4kN&QHzN;K
z&*NwkfiZtBSg?ivb@6xm<4=~bA^HB3t*Q@hb~yn4YED5pq4D};%Tevy=mOVg6ME{z
z4?-Kr>g~Qx|8ajNPaF3g=y7!;Dl<vb#|{7bX>5!w;s`T(*r~0OQQK88mF=O=U^chq
z_K&z@$190LSrWU|N_BKlFnm`vr^$L6ewylWsO`M+9Y#YQz6wM%06WdP17}N?CMT?8
z3}QB_*i7NoMq&Trsk!oOeZBtQ_VlDhyP^DBH0MqHm)AWHH*8<!nZ^nSXu0CfBrRit
zc1h2(uV6OKkIPSDu{B%9CB%2ORTrI2H(cf@g3^?D@RWElZv^qx%$+~P<pV@x>8iVj
z%zjX;KNP2r0o#i!V1uiX!|l`FUQa)^_-RrGhxahrItEj$I7Nt}S9YcKpB!oJu^-Zq
zKeoDfYOS^yUyCK1GpD}04{e4V$i%oU%)BN0&e_0F#U}UDT}Hys=^}s>lmselQFnoA
zl{lOcOn5Q{(HvgGj28zs2APnG5d9ep840vT4rBqyUJnQY)X1a=bc{ay6?m-f`JEEz
zR^&BG<TBz$J{*>kxE_7IY(|Vn)JpaBLGtLDECALpv)Dc`v8%nmNT7~1L<Og<xaHaU
zI@{~cP8KT!G$=vc+{@)j;|VlOXh`bE1fiG9!6EK8RWEM$@-P!Mu|I<I9dqyJbccZ9
z<SU5#<{$wKu%A$49qH2dOmhhg<8CzE%dsZzu|-3?o74x3!MCu#G@YgbupIln*p|Z!
zj>3)ETBELmQh|P@zb4~*q)|9i;s8ew^5)o9*!-%&Ckk~bZRG4ew$EIU>KKr}U~!o2
z%=$aSiHP^Y%Idzsi`qRjp=WC0TTwSqgc{Njl@)joXgUp6eF9xqU5U*q5v$;A2A%N5
zT5Z_e*`pV*Zaf>kwYgLUHc``33y>{(W#`C4{|TZHb$B2#S1Ir_@(}@;t2qbhp51yF
zeaVC$s6S}iB5<K%8inTH{;T^7IA7vLz;iPDkX=p#V#!SF1EUg@WoLI<Wjjl0Lj@jQ
z)Sc`EB)#4YJX(eyudd!!^txHo*6?Pj9qTU~ry<s@jk;|vTJ{$_kd1r|&Ejp!ffVL(
z;S!qo+ta-{2ihMO55=1{Y}q`*XY%{)Lt;q5W?z%zCY+6?rJ?d_ie0TpMY6^0%V6n`
zrZFM7Q6O}#UN0B(bAmdfq~4eL03#~o2=^=iUMj2&&gfYs%tCeM#^ZJ7Gw2NR<>hPy
z21rwV(0ZW=Ybr#ZKi7nP{=Ql=rvQNA2$(9T%-n5UqRif8`4ZNoGR`Wj@h8rB3cfrH
z&}!rw%evd2QX1Q{ix4wNgBM-9OBYv*7jdX6tKZ41s<#PZ60dZx>(pDiA&eL75xijl
z)+d5bI0uv3Kdu$<k?NFdD*Br{8fuhJraj&zoUvw}YJk!d9mY8^L(kX&)tzfHRC-%;
zmgwwEIN#-QDCLiQvyhlmTfgXZr{ym?94fl^xYVQ%(_@_lVeggm6djehqh0?e2|fkY
z+@_2m#~x)kw$=Z^RH~}xx~>(M0aA!${}+R&ZJMik+((FH5jzNVg=(SOVJvtd=}q=k
zPcw^VvI+^dM#|inB)`_Wd9F#mtla3ymCKKkql0e2U$D$7U0PyuZy>}<5dK~b$L4H-
zy^oR`&VdNoD86^<Ze)y}?9LW3tTtkUL*AKSQBd1iFvq5*sRyul0Ib<29pXoq*DcmV
z;CGokw?_Bh#fUAh;6!yy)gL<I1|Rab*E5SB&$SFENA!<#{mRO>L+B`ukX!d~DKeUN
ztPhDO{jhKet-7sUr|+QO5bHC0IB6fq4C1JNw~FM#vHL|B2&UP;RKa*{(Hbr_vCjcB
z!TW<1<}LZ*VwVC?PH(@`tV*SN{y${aH?NwC`cBdViUrKulZ`<b#5#R}0@pu2A+zGN
zbbA&raH;KE^l@Roalx;n#gAF{$`Hja<238}?EVvKSEyZW!YZZITl9x-d_+hi`1UH4
z0R2WqjjdY;BKmo%d54If?|Zu-keMSJYui)P?*V>>+-&CAbQ?oH_>aUlp%K$@g7w9w
zs*}4WK49oFJkY#I!&>Q(;Y;r)_#w_RLk9*$)ql$!B@<<_kLaiOCyuqdCOC#Oz%IoP
zr~)^`E;WL81@brZMVuzd!x+bV;K>}52+dLgKYh0|Tcy%Ej=Lfdjp#xCR5u2IEh_Ox
zP3Wd&nh(?R!{Z#25=^to59jcti|4WFUG?4*wrI)ECs7L+7Lq^fZ`$b67+HMJ=-{;v
zZXa^_xqAD8W1al2$%a&|-tKS8W({YU>|K61$Vp5{I4Z--yX*WlUwgU*IgiN<GFj{(
zYmorxxIJX`{wg0>ZAJIF25x#7)X(|PxH<ca2^lXTMi8(o$GBNwc<~nGrpzcJyz#T>
z#Ru9|wFz!GXhLGH=4$Oe11zJYz*zp<4nLGf$o<_~(KDnUF5THGGq^mw1u{boHwma3
z8@#cy>4V!|BW1GV>#LMgzYJfBH;a4pV|%U)JxaRh6~_$aJa0pHD*;bEFCs5qPY45z
z7rwWUx0@&UAw}FfQ)*A}KTy@GV|e^biCx4WOYqRZhfELp3{y+Lo-V3QUO3LCXKiOB
zV~=a5&ZR9(0Ft)THB;uw*X<!O-Bg#c$pOLmpLJd*j+@+&=q=2CA_7srQ(t1ZJ>hzU
z#~vhzI^L^iFLI|Az|U@YAvH%b)-4fejIOT~_!0V6e2nL6F?|6*CJ>XRaE$3ubbepj
zUq3%d>qF_O{pIy&I=S-C8r*>o#XJRMBo~FvZO?_X&q)DlJOGD`Fi6&ih@tiyOJ^t9
zTG>_PLJ%UM<#287Q%`vaY!*O7AZJFhC1zzA8)6#OVNn36y@E8_cGGwkK6&0@%3OcD
zK#YI1all%#u8E@#8gP&h-+koag0pT^Uo~;S@+%4yEbPZav~8bgvsQDrX;wM%z>3HY
zqV_QJ&i*vCaJ$7rPrySUm=5(Z@m66B=~?*~&PSiy*kUq<?!(3z!Fg$PTU<4mh=?!%
zb)ibKm;nj6C!u+$<N^7n?s~l;)8{fOm$@_W`vqNQ$C0sWV&z>At#b3cz1K@H*>JK0
zgngn`F`3V>RtjVys53^PGc$y2Rm~q_y>ajcHn#6y<F3p{UdodVUJxF-!QF1U#KI_T
z(Z6N5eI8vY7v8Pbs2K3+*IKpB{Uaorto>DJ<OYE70zK&LCqf;q{-FF~)z9O2`_-3Q
zVjQf?QzLEX8RT80wf1D{GYq81eMPWyO>$egDQNqB8n1swcw3n|<iDYeJpMhaAnvsq
z{G<r-@s%$k?52C+Q@JSYF2O<8=W{{aGp@NVOC7{S+zjHnJ@+o>xg8RDR%~tBF8J^u
z0xXu-pDJuCCq)(n**R@#RjGKb=oUymY5t>m4ipVI4Tif7ZH&AqvlDMJz6oYI3{|we
zDtr0K#PZ#tU~wg4+g9>MqW^r@hc@L+ljgL*WdjM>3z}CGnwZujl$#+|Bhy6p^S3^U
zf1ip&cx?$^A^zCQDiP*G(Q;#Pw*}dX0KO8tZ|<P4p!5GA(b^yPk=j&q8<J)}f^4-M
z`~<M4<cF6|{Z-7`l4M#^GzAhNd%AUR^L%R@8EIFgwzwATR3&X@?GUwX(HX6LJ6J?R
zx9MG*R^8A;5qjdcYE2PUNm3pzBVdcv{&_*^H0ws^c1^Oxf?lQ{mHt>Y8x=M80ct+8
z(cCV!I=iepS-YmKIe&L4yoRn5xtRF%hIfB5D>!VcIJGXfRLDHcDpX{~-sI&rXRPV7
zIc71f?=*EU|AK?O6<V#6`8Qm2o%BUub~>W`>y!wa=W(PwPi2v(P|4S);B`SGT$!uZ
z^uz;(v&@8_@lW>nSuAA<JyEryBw(6+)y%#^FgvkDti(F;^0Qn0`(y|%QH^o!!uBy%
zubD+pa{{Yn+(T~eryC%b3_nR0Hc3(j)+D>WR(kFTIDEA35WEa#I$#waUb?p0=H7pY
zui1rEwNEp+%Gbkzpj1a~mqfg3OJZ!+E4N-PIAIWk#46!~)GL(`x}muQFs_+lAP8r3
z-^|fC;%8vIoWL(~fvl0qkG{VKIrvo?)#nC2V3#@CboiczE#{^m@**H1m*AnrwPnQ7
zxO;PoXyismBhxHS+v<Vydf#L&A{g<Zd6ybNCp$DYpE32_J{G0tAKS)Gbm(9gV~`bN
z`rZjLpC!Mq6LBBR8G&I2IC#;sg|5lTlmV`+<qsD_IQr#|AP%3YSjnghAqNI;&AJ`<
zwV8_nkLqQCuxs&p&$JrKhlFu)_24Ja#Lrr<{HO3P1|tkx-~C}?eJ+EY0=`3iRBw?m
zc8x~Zm(v<feb;|~kXa9MgLWl$zie8~chh<@h9p-N^>(xJ7RJ;cFkK-Km!By!gP<n3
zXBJ&+$GV+Kg;ua!?}gYN&t6{Az9{mS2fZ~ugT1hlE4Tc9WGdZF)U~(H&K;eOoYVR(
zs2?~ob-syh9@o5OuD)&N;~(dF-DjwdR)r-t?c8rjopc<>RaZ+AnMcFqVzJ?f<mMWj
zj$a}TnixDnpBovE04SH=GP5l0UES3z`8c{0*m37Y)KRVErhD^i=xHR*CR?(UO}y$b
zMcUk>xZPVydtI8bWLxuRoZdQq*ba)M?H#>Eo45#TPbnZNx}HI5J*KphXy<vks=r~d
ztuuO%+q61lS}V>)wlNFJuowENJ+Bt8WZZ!hyo6#yGamgX0iTuMyBN8{lo!nb+b$hg
z{{U<mC3J{_XL4n6@8eL_tC!kAp*kaO{f=d~P4kz<cmP5Jd|v1&Ig@rd;keQ0>;2OR
z3>eg{_>56Gu22h&0mGW_TItnz;8BL6OjbHgG3>e--9v%cT%0a-5D|pp9Xum_H2;N_
zgy`J@m~t_8K#0M<trC`_xTN4^el^os%r6hgK4Mp@QbqB_*HW{9cFowt)oUNLbB688
zk--ah0XhomN%3f`vT1Qm;~oO+`sLSBh{dhS5uFRBoRMSxrG2WWp3JG;X~fpq$I|f6
zY|^30e$I161aF`ZQc0onIq;4uQ^9Hs&U3qO$jqf9fR6nS_msA488dM*n$Hd+lF?*#
zXj$lD8;d+;lOdHI#k8?pHtR5PWt`_*>*b{Na~g(&x@kV9W>%Y!8m^*4I3=9t2wmf(
z2(si5wwt`_KPazU&U1mXanf?ty-v;NQx*KW^{a9+j&4nNLlu0*q&dB3P!)W~S(bMi
zx)DHoPWoAxS;M?)Uqx1yV+;-S<wcY;8fyKvi~A5azVU*3|G}oNV@&<*{3iObOZ$>R
zu95!LRfIFor{9bkGE#fT9-b+3ZU^o3DV+9Y98B{0f3&69+C;I9pZ>#M4Mi?$E%RN~
zZ}DLa1jELK6*g5>C*LGb=Z5O@%FSH>HJxY~zt`FdMUFwWO<aLh#Lo0hnTibc`3Bhv
zRg-GIQ7gA16y2_MW)-ga?D{wt`SGaidR6BM9|;&`rDkorG!IonsqrWA!%VB@Ma6hi
zuki;9+@`5v>lXV%8Tm97>SHXG%5&d&^<vI5WhL7EABX~{T=^^}Iwt<lx;kL^V{w|;
z_lv4Ivb%nNN{x06>K#(|-0yU{ngNoVy=Q{xW`zOrGYC~-k!Fzdf7{LfX-$*l05f20
zkE?wmyKZd?KS3~`LGzArL(;_Ar#mj4=9;!esnvabr>$X2>Z$*-Pd#Erij9W<X7o)P
zX{=khCO(;}o9eazSedkFF6Iq>;AI<QF}z@8chx1=%b2RdpThIymC9yPkR3QsUT-UG
zN!2se5Fl}DisY$|=CA=qF$!2t>Zrms#;g43%CTD;i(<Kx0;jU3zy=eukV)K^5ounZ
z#Iv$R#O}XkyS_?Sm3L7dkE&ZG)0h`C#xpHZkmha556}RCb%~nONp<D-zHo1$`|nOP
zYZZ3*^^i1w=t@*N&i+>Fs9`%D;}K-8NSlu8BIjDMA7x}}EtiWt@#>2FUQSj9(sCUI
zo|PwOtHH9)<Rm++SI1V;WSJ?VE0`mojx=(xMZgLXtEm#zbc@l(KT(q|0(+8`gP-pw
zR+dL(oV*4EIh8{eV~`<j&yTGMETM(t6Woe(NFAs|tMHdbl=0a+Sy7ZDl+l<StH7z?
zJ8hgjCNcFU_a(ZU0pVt`U`>b`qtOV2guaYN?muG^>q*Ysr8FJ%8ydX!PwU77karJt
z#`eT(PX380w^Aio#siPhTA*#t+^<c3&i1*O0o4M&%N_3;7bIniXvP@v0%0(D`%OYp
zx!|i!AfTkQUR8H?@t;$;mGwk?H}Y3nOb?}}`#A!iVp?u64Kc3VRkciWJIacHrmOHh
zz%mPg^dEWFTA@)=X4SCLmNS$#Bz7j;dj?ObhZsgNXSVD(Y;E?5MDL^H){C*t@2@JS
zx%~jVu4?A^J?-Ne&*k2~k+-I}iJxo)*kAo?vN{}0+M6etQqMSQbw>z}e@ZzP$YQeD
z)k<r%Wf~>w*Da}6KB8Ou4rz%;H#JLV-~12k-K#~V5>N6$JNy<=M`Kv&SX<1Q`!N~5
zEho41tiC})y+|dXseZPxYhUXiio%r&5FFT8rmV0BhTwiZD)HO-0I?qTiP3C!#yNOq
zat;I{M*Ru$J)g|U1bd?5vE|unOMX4S5N!Z)_S|JKi!t{~Wx{=q$lmROn`DyWhq0l3
zTqmowWqf@9tIBn2?aaY?coj)tSYQ<cDFg-W9T6$Zn1xMXOo(jcl5>wu8mUkWSXN)T
zVke&vXz_L(sW1EJv0E;_>_5+>F-coxDL+VKbGYPPM_*^vX%)g}^9!G;`vU$>-|D$8
z!(P(p>dt}p<wUc6xyLCd$jSV8I{(JKwztY%z^IuP{`ZMf8DY^<=vK}BXF0LZFXY2n
zu7y@sbo;^KqNBQ}v1$#8C_G0LaCAe)-a1K>bHuv`!uAK#l;lIJ!LCxJSQ4{R(v8@?
z>!um%4945Yri=3X`TH6CT2kIs`R8n=t*UZA{C@lHS<#(KY8C~Iep-AZGpA$=b?+tL
z+(WJ>O%o!!pGG{00yMn-eTo<{sCwlKGVz~&BHyOuHIfhiIBa~!hPA-~RK1M&nE0_j
zkR4O<B;=z)izrXlo*_kb%fW_L5QQbXs!2X^^^3l1{(WP%QvLw@>q$Rw+~tV+={J@8
zVZ{T$$NNt8O|V<{mFAOh)z2sCE7nQ9Tk2c9m3oBalap(3A7mia%<LfQ1>A*P56<^o
z;0s*vI4KX-;3T$S4S?s1Sjy#1#Rs&%bix%T7t%+!__;zz-=9c`-JLnJ`JQeX3Zzp<
z>e%HffcvzK*$laEx=PA9={=fIpXqRw{`~K{mSQ@U&&a2>TE`t(40thPhEO=K0oVD&
zF1198@n(NIiw|+KXkYdu$|hvZ=d-zMnK#R1US{T=6eK3>3xK={cyqz-d3}()c72q$
z)g^p*{K}0MAXz#w0xKc93n~HBUE|5WkGX6Law^5vg`0{!DHoI>T20wiaknz3V^&@L
z#(g0#U_Ie@^h*)QGXos0G|q~Zh_{kBxbLX&eNM;=ezwJZms^DEmW>5QURSl`aut<u
zDr>`DB3Cmn0E(wg&hqE8Y%OcEy>V;WAUFxWo@_j@UT-omdaZ0*zdVxJo!PX&j!wF(
zyPiI^R}iM68odE|;dQw3+o_5V@@qqB8)T``8?~NiJj1mNY3wp@JoU$h#T`v@RzOrq
zmo|y9<)&hEHt@Nz<t-uIzL!ClYi1S|@J2N7f$R*80Cy-<F5b1+3ymU<+#0qW4ez{#
z_s7F`+9q`D$FoasN_oNM>+_z2oPlUe%UQ-Yak2M<)0=J{JotT4k|>^CxXTv(ZxIo+
zJTBHvtW3TxxPc)Xx#yOC%C48(<E~3o0e_Jb4<SYj5Zcs$s$DvL-mSfcrCEXQt~X9w
zDD%aC0RO64nN0sGV9!7A#c69j9@FOZnIKoQ{X-To*LAllpgNAYa_3saHU_cPBva6=
zvtXjfDSpHAKxpjfFXmQTeVt9}at{MWVHPm>@s`7Ri1%5*2w8pXL@hESaG581+B|bA
z8C-L1FK3zQJpnPD?N90_&SqPrAfhN?tqvfSfGpHqd1=8`a3rEPZ#O~B{E>r^oEv+M
z#~c}hpzdHhXoQc9knW~6c{D|&Z0mvFgQz(mjX;vSL~-~a1l87Xh=F};IQIO#lgclM
z#Y};|IH1eUHO$^2&XU*0zN9c)J`b?+6S<mB%w7&6&{n;^7GF2hx0rd}`mfm!J9^=|
zfK1X6OfDhPL%;r@oB*5M?lr@(^H~4*E+IIOhwv9U!PaHDWpUP~nO>z0JqMTHC%Nvg
z;T|0Dv#dTizwdAI=ltn27(yQ71g#ZD;Cb1O<u1+dr@=x@0!0zi4;=2*PlC^x1!F%W
zDBKYyVOoz|<_TZ1n`HoxI6X9wv1>BU0Jm*A!u==);A;^$n|9PSR@^SXO)uAtP;nA-
zd5*>_k#lz`-vMH%WI2l*>xol-LxxTYMTgiH;3L~U^1D6bUue%ApIb0U*V)}Jd_t+u
z$3qgZ4TAixFK#7_9F@fUq+Dmstvoo)$+K5$&oX>HYaQq3502s?QJ5_*K;H<^0DA3X
zoIQk{o#fNz1rSHshz8Wp<qD)6wbMuaRlb=eJG|b`At7KKm!XZSd)Qm6a?v_)^C#>o
z&?P>QRVfi_*yr!1?rmT1iBv1BPtw2r>eu?nN=M;^%e6d3C>}z9){48J$+@YUUh+iO
z-upKP-?FT?K}L&9)}x*IhB9k=z+WZ?Gl|J)vyK}0EGTLf<__IatCq(j$}V0Y#gcVP
zTT-qjYq4uFLY+n)%qd~t*|R5Y`puIfu#&7nBCgVu0*gL%45*t81QkTxCdGO%Drp-r
zkd%-;tL0CFe?qDvD?&#g^NB>>N*VG;>>G@%T3~J(Iby8O8R3_!R9hmrfCh*Rjf@OA
zhj{VhYyz9sKe>2dE*@ys9%#tAA;^2xy%1iUA^|Jq$B5-L+Wq*zVwIbCE)~+~vgmzC
z5DtI)w2LWw3Wzegbjh9QWOA#!9)Zb`%N%{}jUYX)MT#NgJgp~626z6+t-D^56TuwR
zdMqK=y^o5ED~sY)J6C`)1HhRv%_iwsjl0pxQ8FK>C*kZa7BWNQxpk~vs=1B#!0>kJ
z`10Lafpiq029R*XRJgQT<3OKHf+yf+&@}MyB?g~o88<NTD8aD%7LJ5=kLQ8FeefWQ
zK@t!$dC3sCxWdUtjpmvQwMe5<dKdmCL$ve72GjIr6h9GY_51!N1`GvF;M%l8WsnQ>
zj(k_j9-&sL1x;0}lE!%vhhKnb-|sbqzZ{V)V#CN{B1g(SI7{V(`Kdh6flB%%yrK=z
zW3t*CpTCjI(mx9CFsggio@Uy=>7`ItFi_DZLiIy1!>~sO`-r>KD(soR%$?HO-+nEo
z6)&&5cD+|UP3CMv0!kz2<#Mv}+;WS$;B0U;dK?=?ho8tHNKjF@ma97z*|V!6QMyGW
zT%x*y^IKrs@mJ{i#imWIKrnKHuve0UfPknMAw1O$$@p5B7S`R@<WmR*bh^7<&)d)z
zcTfjO9h}YO{_tJi=s8cBE>6RGvH{P-PB}3pBe!jSucr3P0<1O|Qlj4mwI?Y-yrE*$
z4NDlp;s{>1R?_G+%BrLBxfZQO*m7O*aj%##dM_^**VQp`?rmHyr6K!$MW??A91$hH
z{naaf3y~n%`PJT(PYWBgSFRTHDF=bd`BuwADxi0l$-9BvAAKE1?%I9!nCn_Y**s8z
zC?Y#B)bdG~1E6vDbv4rUT=JkO{P=&_w+zoKe@3<1b_x%=YCo-jy*V{2mkg&p>A1Z0
zXQi^vZ<cjnxVuN7Dc|!y`?ah#d5&qjJgXOmbrL#E_RK$&6YhBo_CRfJ%*G@)Us@9B
zwm{2_PRAjM_{f?bJfh;moUFVKi8TfAp>A82j7DZ#0+J}h#Hdvchr0UEqsVC&QF&X$
zr(d#N{95sT6?vEpl=V2!g8}`eFUbeXX^5u!<Y=N?C^=lOjBXU10gkg<Cnq@<Y@2J@
z%AuHR3D*o8*{O!E@=Q0~QiqV(rIMyEap%Hlc|Y|_UjCeX&Oh~g>zO(K-r@)v-~0ye
z4lx!p2LN-+aW%>AkkB}j0VJalo_FA9xe6+Dr$M>eLaN!lF{{3QcT{x&3c5V}l$(|-
z{zA`=BK~C<D7?b8pJ^;_pecGSwV|+04!`it)#Vqr8xWQU?PMEt1=Z;>9oA=265`U7
zCiv%kYr4oDM?%>1Zje#^gt3(gdOiFL#qc!k6wta>WC~u&6P!f`^%t|Z*&IAU@$2*&
zR`Bf!a{U$r@&NdwZ%Hm^U?FGVIu1Y6(j&7tzwbexUg(#<KK)NL3q7tpwtF4p%KY7J
zUvM(BovJR`z?caa@olKU*~A-4`^z$Px5%a2;`AVdj>R%HKQ4?O-7+;2xp0C6C+z#v
zE#Pe^bZzmT-$r){#3Nl$acj^=;{pJi!#n|ady0}{9>s?fd$}FLwndb=c-UO6^4#Y7
z6r9FD*f7usPu{cZmLJq^%_cGy9}V7Qg#^mPo7+SKx2}w^r;U{uloq7Mkb^Z{#?Vq>
z*I}<E=337KK-P{*+#o3bMhh2<^G3Xz18igZQ`0x^bN9!BAeC|kvIDQ{gyXqu7qN<%
z!zZFELI<@5t8kckOo$;6O3Y?WIb^<?#KN;lK^1_{;>@DmO8SqJli<CX85BM8t?&W$
zCCnBt^fzRSy6n=MiJU0->_EC+W|ah=5Csm)r!wTt+z?=8YkDxu@}Eg6)S19!1BUwc
z(c^~<5kS!3w3hvDQl7H#2h-DM^%R*_7c^C)1M3tE45%#8qVU;ah8b{z32O7)Y;wXm
zq5H7%DoLJ9JP20}ZK#$gy6uVQSWn$nf&ZmTwV;KN&bP*@v7zAYR%XU$jXjf<NSYsI
z#^MO%C%9G9lZX=}l^biydEjP~1LDh~ahS36%2Rx=wFLxGkqibNMKoM9Un)UtLJ~Kk
z6LCp7b~F5gZ4p`f#|HGH-5H(=a|5<X&L?$C+@)Brfl~H%ODQ*McdmtJC2WB`(Ravz
zfmGEa4ZPf=i)%ch9r`7wvtEUL2EHYE>F10<ru`x*YwT}A*`6D{>e6kN0qdorFZM6T
zw3YL<OVK~R%+FE?6X6J!IWz1N2*+|{qmj@p796qtd~1$!WHf=E!7?d@4KT`pniZLF
zf$*5nGrU4dY~EIGQp9ZK4uP^9>q_k?p!Gfm#-j@bP;+#%KMG_(*~Gy0{5Bj7vWy39
zWGcVoe^IF8NK)v9ola4V0s7+X$u03Ri1U$7#v_x8!$to3gTEog4GT#f7P}t*i5dwg
zg8D<MWYRC6s;0m?vO-;kW@!d%=NRGe1j_0#%7Ja^;Znc~-&JwEg5;_$!P$^N30~1_
zw$?F7{cGBN4;Bzc{N@Es>u}mlbUS@9`meGWo<Y!*oZ{KM)E3?>9H5`#@~1aApC`Gn
z-AErLvj-q;4L%*?+jZlNfk?Xa_8C<zMXQITYD>MD2<(qHeH@v09yN=kAZf=43X;BK
z(_AsSPq-(X#u$d}AKg;nkvZFM{!C`+@1J@1DqGVM@uy)w@b;c$(Qb&r3LHS=1{@^S
zI~0#I4qaOGK1&5m4agn+Dso(9USniU8L&9p)S544*G4z5bEs_6JQ-UAQrXhD#pTy+
zaZi?v>d<~(qm-|Svxyjt(qIYd)WunQSHIRIL)K&5H3}04_N`M87p^%$NWOW*4P{8v
zEVD=8nIF{YU4O6}!f;F$0D+%jt*}vSYKL=VcBz%N!}21}`AH}`rSRg{-|`_cyeRXQ
zj)W1x-%bZ;6uMQ`cv8xK0FNZWA)}J<f_m_1(B(xbzKW3UMHuiPY5lu`qJ)jfq28rC
zzDe)yD7mY;G?}ik51hq<$h@g~oQ5*1mY0nBAedU~&T<BlIw#5Ng`NW<WUU^a5^-aj
zyads!QsP11`4e&mbt<(|0*9MkZ5*PFqL|95tudE+^(Hb;-esdp2Xx%q&gdc-m<Fa8
z9a2H8t1=tm`frw`M9tB->AOKO2Rj<+;5QayB_LaM&g3bwWmqB><K1c;S<*RB));D7
z0(g_7!azbq-cu(7gJxaS0g(Wd2ju+R=$ze95cLsK0w82S<G(#-K*~$h4Ll9g?MCMX
zo|;2>9coC#w=RiDT&eiyB1xfBu^*h>aG?IaqJHW{mB3d%xgXYFANS+Ex@%9*i1#AW
zw~ll@a}MZKy#s+2^GZ<rp@}B?*s?s5d2r|8bUWM7%M!^QRZ#A7n)x<$g=lbd2AO{4
zmuux27NGR`{_(h!2GWOUk5NM8Pd<uXy37VlrW``_iYe1m`>&c5z_x1x&iVz0Z>h_g
zbTv{wloPO4+mTS*s2Tc*Wi5*%o9hnAM2bpufP(U!YwA~L1e=E2NOa;i2mW2JI9yVi
z>4j*?(Rvl8^*1tyy51f}E3kSt>;er%amenTE<l$4oXZi*69E~wUE2QA#s2B}d1e(B
zqGNEyGTnZ<Ba3m}&y0|Cjcd<`uvW;Oo~xD_o$6PE=)Y~>kKC><pM>z@Le=W0#?Wx`
zkm|cOc2B#UEkNtr?cLE(Nl)j?dC7Ci^71v{#lbU6a6ReDeYi~9HtIv=5af(JfEa7(
z6~Kb<9N8knLzKXQL~d~EA(Ke}G(gB*I8O3ql_f3Mg+pmo^P4K@kC6bgn<m9r3^LnJ
zmE`R(@THjR1h>;FHHch<&_sSFypU1DZcy(saNlos(ou(LC`#XI_{+F(+C6_J{c;@7
zGU{)hvI4R-VIpi^VJzrp{)1zAO=+TyR={j;gsq|~rEbl%$0;i-j_f59;cWRGgq`+n
zbF*|K3>GQn(`b`p!pCp4gwaP-!UU!eEHPHPBPQo1_<^*{DNWt%mvHmR!(>^X#dKKi
z%*2&HQhbUiQZNI(#^x6*YM(M4E{gfVH3|hj`uw>ap)@r0hcRTXF|O3COX1QGp@5gV
zHtU$bj`4f&ljbmyWVlqkHRfa1(HiuW?eZol7a?db9{n1L=r-hxIrN-P3rLrnA5@L}
zGJH;<pn0zeT`u@F3SfIgkP|Wfy5y{FP?b$SASc{uh05)%uA{2Uu9H;7E14M%@sf^A
znq0~F985H6fa>t1{y|Ce8w<nYO@QcOp1^tLx`yOfKvH0uZ1eycGas@nd1i)DCzM5r
zXNLs7-jp3|%OihznMi<*rukHa03jlFwgWQP7?-BhuByg5293CJUe?C1U;W3;=#ZC-
zdE$9CQH{!c`z{s(tT^d*XZ-iMO4cqh^m9HKFd5N}oZ<c(Nx=(Excv#?V*px?p1g#x
zG>`tGN}U@BM|vpPI%(>L=UWv_w&#p^1s^hcZ0SIabF9w_%Z+WnPssDXe(#UpV|up|
zFB|!O(2Hu$%bZn@i%F%7Ke`I}eI!aEZR03H@j!N$U}%|A%E2Lw=9bjadMAXq72ish
zstO2b+#wEnJ}O)=N0+<T7r?G7mUX~C?|?j<q|~J5z^_L)1b6SNcRT)0c*{0EE&SR+
zV)U}#`!vL`kBeLVOl%sy%sL)(AXB7}`c_-HH0Nw<L+0b7D^Rp$>k-};Pj0L?k8Yg*
z`^5D3E(;QX>bw87vGzG{lwC%)Cp9bWTTr$U&<YUS1*TPO4FkXtW6_|XQsGhMDd3)>
zK$Edd0Y?NJ{m}*S5ta`imFsUOWl1f_f(v6|t}*te#sTqs6uat=$3PHtph)c#_I7qn
zz=_-B%^?kcfhI#29g$`|Xe(ju|9fdH@#QG3PZ3(CewWPhM$(2(48VP%yR+MwRWFb`
zjU*$iLrek5y8uX`3^O&z?L*DcLDM1cD-{w{#re|`N)NYHcM*N#aj#<!F(J(TB_kIs
zs9w%+6@f#FoD|#i|0(d%dZT1?1^prilZ>5L^CB(t;r51L5ZS*RfzOi$F<JApo5oN~
z!l#rn%8CLCZW|CD2MbyKbMt{0mVlF;RNTct0H(q*y8{R(x+m97p}1!VajNm88`AMd
z+!)_Igy;tkWfe-?Hay9ujX?e#RxYtyK83OPe%b<y!Jybi^5qm2XL`JN0D_(R#D*3x
z>D^`=uN>w=a*#>O@^`dawrAYd|Gv3`Fl6NnI;o5Th!CRl{3?(42|p~IvdX!3_+4L0
zrVV4*@(O^wTM=U;((~!`)I7hB-Bwj&Y%+diAg2o4?NoRObyCU3di>hV5X+brkPqr^
zd%@#by-t=EdZB;ox8Qgj?&<RMh1Z>&#G$d81y%GT<iRBF^1O_dc&g$7wpE7pQs}S-
zSov8k35H@kmw+V7@`%d-PQOy|Y$3pCPSmz9cmOC%cG>!M)qJT7zP(%bJetQEylI_V
zu4G)t(^xm8&&hCczTM|k)IJK+{ZJP$7E>DY6I+*v!wyDvvbou)7Z>KNNFg-~16eio
zbNrqW*i0BFPSzyxd5Jt&tzVJR7Ghi#-#>ckdM4Xa!SBoE?}ZRxoxhgcnuY-?qmw^c
zCcx*w<nTo!Dhh1T)9xpvN}E`WG-x%F#lq#3%!JuB0P@~s2&WydN;|v_{g^`<5TX*6
zAY;O^1x&jSdBP$^LMPJ$lM(`4OsLczNG2OHyXQ$_1#k`Tg^_6OJ;(No1NJ7*k{S9V
zT@mPHLl#9jpiQSS<hb(<!X|Ky2IM}~2_Om?^u#)hA4?b4%d?cO-&aK{t~PDjb#lGU
zP7K@1GFG1E+)>J}4cHPbM8sj-SQ`wt>eO%%C6QTs5d)IytR27$e`XK!tYIEwg{koh
z=<N7c>oF&mFS6nJPrCvwGENGS+umh_pwB@soRr=vE)!UJ2M2StM<OyvIL*1T5}++E
zNaiR-3kY&Xf-C2G=??_4pxjp{yGJN}yMZ5fYqC9<2j1;D%-?99con$%h_p2pe8r^A
zJ&u3Dj6gBw=Y~P@_=*6PyE*Ayh04myn9`;#fWMkii=)Y%+e57+jjT)7$8=;UVGKk#
zp%-vGQQ#qXAC0fnAwdTMb$;t&0<f2FRaL)jS`DfH1a^UXhLW+x^F<O-jKMXOj)oSa
z64I9xmT_(tc@nbd4y$WVX3|@0%jit1$N*oVrx_`?N;#3QIRr2W0Hptjra35O2LRNU
z{M<SJ2*6G<HHo)akXOMQhmdrL@Ycafda)WUN+c-DWC2-m)H4%(smjZ*1N3B}1$1N#
z8fTh!3M6*xQb)Lh<{<jcs9AV!zG~%8(F)iDAh{EKtWQ-ZxM!&;)Gg3K9y;&INC$mr
z)_JIs<2hSY@Wg}1ig4eKOJ9VZ!dOMB(qv5}VyG{5<G90Zu~0HT;B8A26~4Byjq~EH
zg13vefMf#b;imAK(A~8J0rOvKo+%GzgtMfSib^j~7`}P@&#Lv^@H+=x9g4Ujk?L5a
zS^@pwLVqREw+=?F28Fjz9+*jS1+wY;0&{Ap<BSAR+Yk?s?Bs5+HHRJGCIpXxx!r;s
zF8FRjtNCG}H4S<bCxM`*m^ctcP`O-fTT^AYx@3(k6ICpNiJyb80R(oAhqs+D=Q)}G
ztfY(cCEr&dodtP_3+Nhn$93%IeEn5M>kQTDxXBqMa|oVJ4dCcvI)z4@-I>d{^*Z-t
zGGKdKomZ^Vx?$H$wzZ!&9!>iPkkALCxRM=s{<bo7R)VaRyym)tjua}jqpOpP^AkCA
zIxa#Z9`&&~l2V430lb5GiXZk%7sdG0+q_9rx~Q_0V5swtFdX^5a;3uHU4LyPCZ@9B
z=W<zQEVWUvuqtQnGKD|I8BtzVwMM&D`bmh+r=7+L7gT3;yA6AwiMJ4+*JY(u*%g}s
zpm=;K%!46Jl!M9X-9iQy1)n89{VVcUtY*ZR5j~`zoby2$0e5qz8dJ{Epgy)PA_?KZ
ze<*myq{HM<@wq6d9mL3n5t#``CVLWcs!wx2fr8%}oS7kQC@FVdu~?=VFbZF4xeO7{
z<NpO{dQ|Tn1Trm`Dt!&9F$-8>o033UbpsVMrzej5$_1mi4M!!YhHL<gh(W-L)<=ct
zi3vH|-CS@a0_1)_Vl*vWJFrBR8|zoB+=V5yA$RMVxm3q-=9_sJDkdbVLp_54q<U4b
zI+rU4zs>R#Thoo)QFP!l&A944a8e7z#%Rhi6iz*o2Mt?{Mm{cr<0gaK15l1XmBy9s
zK0x+Rn|KYL4z~Y*B9#ojsXKY6JMUqtqv3l!4IKX1-x>9Kyj^3q_m6C6af(H@$vI?s
z^fgoW^C#xzbv6rA4W5AZyE=+FaXRqK7;wbpq5G9%1*B)x@0`(ovdy@*ZsyZKO&Qv0
z$<Q)k=7h-(&=6;X=O`AT)5U@pK(PLG<}!rcF!jO8woCwWz*+<=Gp49KB|s34<lC4=
zB~%#112l%s(_zLEqhP@#st5*9lEA37QkyrbeAq*b!5|HJV0^A!nDnZy20qgXyGbCH
z7l94sZcdI?_E;u-LD==c^I6<pxjR|GE*2ieQ-pYT^S&?x1h`vtC9bkqRt^dD&5&P_
zb@6PcjC`woJ)WWu4))Q|od|<@?>*?CsoCV>0JEa&ZGP4g5TytAv(()7wsPLVerL73
z#Pb5;Q6wB0nJWQGBi$W*#(iEqhOM>6#V~z`@g3|yrY6TUe67`S?ls({2$3?3|8N?)
z3{3JZC5J-X><^j9sXK1Xwg%`7`J8f=XFq$*M-JnxLx}BgI7tX7T7Fv*myHuimP|%l
z07}$Pwvj{+_6T`AwjDC|!MTm8dxzwZ!jVoAY6N(Gw+>b#UoC_jow$W#4={lMC3Cpw
zOlAa}UhIO#qmA|8xq>6#d#1{Y?_<IDu4z<5RUiDp+xb05fTo(Pte>%Vm6?hTOzVfr
z5Ryue?t%9ZfCHKWnE?1EMw{qt_Jlp<0vzo8&CHl|n{Aq)MrH{S^7t1nmv&CYJ!RU2
zum;L=<zUv@tP&DpK*w=B9wU|MP>1_R%5|$UYa%1*M=26VlIZ1y?ENRPzy{H>Setld
zuMT@q%a)>lLVEd|V~C4#Lt)sE*4WM*GWxsjP}DW*QxMNaD@zIDW`83dhE}f-?WanD
z5eV!x+|E2^GHMZc-@WQpa>Y_@HielmlbHn3zr<<sWQh5smBJC#aa0hn!4**@514<I
zEvU>Tlp!F2X^+GrR<a*D>2$}h@x)nGb}(f2Tt}#Lp1R}Rr{F!&m^STkh%4Zqn0Uf6
zSzNWf(ib2~!j)caoZ8^mnQ0q+jR5FQr1sB*l5LA?6n(*D^^v12!dybi+x1c!qWGqs
zG8jHG^A2l$XuW_b2Hl(I$W^{!np$Sd(@bYVGmc=-`f^nIx}1}`zb*O0HGX;TpRI`4
z!z6FQ0YJTq>}?BX9!BO(3KLXesFl81S)LHM>T(GG=*Lp6U8F2L)yej6{s15}9V!-2
zY2BD6Q5<6s={{*PCL;Y6-lnYLaGE^#s#M<h7T?uj2-)PbBMiiw6bp}i-YV{hNIsls
z2~`UI1mbW<<SmJ0TWyXS(mFtteN6sj`3*jPE70y9b96ge0A96XlL>UnJ2dN8L-btn
zy{&Igr6`xoG&bYIK5`()-~c3%2)GzKe<qgaNLwQxsRzyQ6K79-dcrH~IsIV@9TI!e
zYOM_emGKSpi=se(#MsvKi-%mhWlA7wdkar2{e=upDI|(*rR<N~fIKt1y%IfP?MX7W
zJ_>jF2UNtmhB_#{t<f~IGaX%BCwQ_49=*W=i+rVxx?&Vc+ARJ$t`DF%Pe;iX%HU{#
zsyJ5}e@}Z<{%q373i_6>#Qe9OdOrkUuPhm8i87Y8R2I&p5kiSWsZ<7hqiYnHV=q^i
z&A{sh)3x+x>o}_L>yPYVlzyo#`He&yp1;;UrK9GGN`y~F(t1<gcbc#8w_{tFPgIZD
zxlELd|9+u&Gniq@3J)L;Dznd$2sJ;57&>V~yrQ>h1C0=O06M-Oc<H$jdlWI?9=1QQ
zH&mTDz>XsOVX66;3b^wBb#;|Nc{Ix!cyV`kcMrkc-Q8UioS=)l+Y1DD*Wi}m?jGDF
z1eZVvmz=uye&?L2n%dbO>F%BRF+0`sJWGxeMnmSDR#^O{!g(8Y?)_3N^8>Wd;pvkq
zgV`dHmNVb&3ECVtEPmau5q~e~t|_KxhBNeQnAu1uEX6tv)hAG}_1$6KF0?8L0eUSF
zNs8}%RIW(L(_b=BO03uPq{vxrkVNmd8I>Iqj~6VRRd>_lEDTU*JQK@yoj+9MNy^8U
zs;L#=q4X4jdEpJ+#aNWwTM~O3N0jHXWEoh+zq4<~u6HL_za8Xk;a=z5s;f4CH$(Lp
z%~@wSPK6~#pvo3d?|D7gq72p81kl~Pbj{;*8V?xRopvPZg6@xvCBXuF96#`^*9sT9
z`7oY1RT_A4*5Nu1RZDHJo5-NJc~6338Mb98kG{(5xnl_CnOCeZP!KKCqUL1sm%H>h
zc71P&$#NO*+mlC-AF*Vln{0)Ma0||coVTK*|Dz+|PsbHkqRCT=L_L9-59|_?DX`6>
zEoH?C^n)7}vu8vGJN&*x#r*yrIeS$&TPc)RWt;hde-TB%SanBGH&N6)lNy;a0&!Tw
z<sy3}u=?_}7O!U4GU-6JTnYDwW)FN<{-}Fq0Mll&Cs#YoBASoDl}ABG{r)SBVTWuU
zsiLgKuNrCPQeO|+lIQHC41jSqJ{gCA@>y28Xh5?kBe-yDLGyZ91IG*}99aq;!CHOF
zFY|}J9hrn>y?T$oVdYSZj*Ujta@y>}R_`Z|yYy=T6O(QqU+<f%{+P<02RS;nP2sIt
zB*{JmXxktfXImFoiyaG8#f1p)^cT<GtqIcr#a=~($6>ohU0KxI-@qA#L?%K}UYU9n
z`KBVW<9NO~OrLgxFV5y%rH)9!`gL@c<_)#RtFE#3NnGCkCC+;tNe`XbkQVtnPp`3u
zW~1zzjBT;pbJ4^^1j<*qb)6(q5f?;qCy`QNat!wf%l(%YboRP8z~=g`yT17>AvH!7
zGTROpGj}%r%TW1)D4-j|C;Us6nAL=i?k?TxNBxBmCJp&kYBaclI;~VoI(aT4g`|4L
zPh(i9F_t-?{55CKDJh7Ml|z&@oXr>N4Z)ud%?sJ0Zs+8eAxOKJn2+WaR)eV097heV
zN=*3#MH(X>*0xWm2AYJ;aQpkGlh0mcA6U0GZ9i^pbd7{2+5smMq3X9{bqGA3j>zb`
z4G8d^;?W4HB+7oSeEC&b@)jyb<WodAG6<SXQgf_9a+yf9*Zgc8#n7uusRQX`Sxknj
z=EF4vu-VBD2o~9cU6Or6JApPH92e&D^qMFKX9tpwO>5qsI)!HViFA+AYcE7`ZAIqV
z@SyZbM{)RCD4;dFG<#Fk43ilGN3iv%#l{Ri{vO#w_EppBeN2v^f>#sB**hh9rGy-%
z6>v=cx!VieCOQ^$0y%~Ty5E{l-7p~wz7&Py)D;Z*uq&>UN~R*JT*9Yr4@s{&czlbs
zK8D?3F=VEeMCC#4AkU>eh2<tH!p9e=D;#e^Gm@)f1C(MgnOV;Zc#uVTDTaxq%g*|*
ziQCue_ViL$-8^6!*a~5MAlTc9&CMvqo5_8mIjivZZhs8pQCLOktr2rdR!f@KE}Qf6
z8E$CvV?^5D^tfLbC$+AKV3!!V0Ehb+TGP%R7c*5%i{Z`Vy4Y-<C{hVD>0EpHflA6V
zR)=dSfJ?$4_-X&7(mT(iq=c#ljzUv2xh2M*d98-?3!a1QFZ@k}55pJ;E5p|45?&L>
z9O2Hepb0!PIm~d>5v1(1lrO?_L_6*rXjI3pp0w^UpByD3f^m1*v8=k<DDbYA0@hwQ
zi=69pxG5!U&WT@)#Y<hTp5ZfDiHbS`>cAHdfcE(@_GbC+gwH{p0{k+>8<pp5qmL}!
zW$7YS{%jrzsztgFc;0V<$%&1|7yQlnFw~BW<}+6CsGiX0_>8I7gR|x2X{4&{mViuu
zx`gLnK1cWdM}H!AVdm~ohCT^0=;1{!Y9lPmpjvJfqs>Ysr}1xYyd9$@5ayOLhBiLx
z14XYx@9G7L7-DFH<q^Kqs2w@}?xy!2!k}h&U&-ipl1d)MsXt%PQLeDP!KtqpoyYW&
z2nPSDA2@28H+bNyEmt?Nao`lK4u<xT+n|?g=IZ`ge{^n~nH{SvR5;Ld5;QW+T=l6h
zPT0RAcFXUn*vsQ3Wz+7SzgxK~D$k$@2}rhh*|t+xIGT=Iuy72{El^Rb(RA>1@PU)=
zu|30^4A?k63km35zL=+5_%U6p!X+gwP#$H!xijDU`*uE$=vN)$Px~@tSW7FLwDxkm
z!C#fLgcfX0$_Q*wC$g;}9kXxFs_c?=8(_pF4n!7Whu%qBttr`s7OFxrYS75@0Vyt-
z*hiMogiTo(F-^ua3{Bp+ieFXb#qeS@cQ`o?P;ifj)|L(}ofvruU!PX*e}C|rne=O3
zvWp`|t<1~B9M&V|tE%;8W3eEByWUmUDB^V1;8GYbp@qwN?@UL+G&?Q_$vD(k@{;E&
ztop)yr!<5GHC$QP>j2&#ogF6;16+&rO@fG-n@UIa@#N4^N5wQVg4A6#wWrc1a2uxF
zToE5Hp?C{>hq7oX?tn6*6m@|m7BPj?gknJ3n!kMIh$y^~@Cd{acFglYg62b|!!gk+
z(!E?8iWr|<qyf*r$--%Eiiz09hRrtRqCRplI#F>l(6H#@1tZH|hr~4i@Xf>?>`2sb
zL{8lwwZ|>)F{F}~ILyhdXNox@p^jciYu4fhDn`&zmL*OKbyn&O6{xZd1gPQiJzEqf
zpU+Wcw(iMiC7L0(B=yU-Nc==vg*2+bzHa(B#KVq%okpjEOCvZn5ERZ+wq7*ylQ$Tt
zndo5HQ1KnLwKR6AGLN<^V7#hSJ+`K`qAJ|Q4!Op;72`%K3j{ZB6x4GoPGoo6WyShI
zB=zI5B5j?Y%;@26?+^YE@7%BEtDfNG2;)APR2=YyeDXYp6hbk#vhtV(Ia6KoldHxV
z0djsXTX-3cD-V6rWk`PF3Lj0kB_|Oaod4KMe9{XkGC-Q-_|wJ>TsS0|P~qrKDjsZA
z6%g6R@s-P@7_LR_Uy~zE;`!aXrtVJorDMh87Qp`ws_`(yLK2oj!sudYvWsT=Fievi
zNk(_H?qL>kww@A=%Y`2rif<{4)~TS?1faCo6l#!_U7Yf4#c;FK-=`+(Bo&aa-^bm9
z)DM}y8PtADM(!>Lt|klltR5m4qQ%BEjX0#AGFYF(X~UJVoRCj+b$B^6r|93})A(7W
zy8n11XJvY`xhAkp1~S9z;MmI8vL;<yrAfeOCOY%wyxknEBiVN2Og&_0z4OW8L5h4{
z$Sw;>BVkiHl~zteG)_u`l0MppWc`)bFokdsWgdffS-kocFt}HZ$Jq>Ejln^5P}~%-
z#0tO1R@g?qcxMzIlJgcaieAITh!C24dWgPgdJI0)y3#c2cDIiv4J(S4r#APL;sI7v
zzLYyBGpu)Cd|?_R<NdNB+v)dg2;!FHA+7GeWDUH7V4`&@CFsH7YgJ2Kkqm3PCB0-l
zmF@NweL0!~I*BvZcwc2qJLlex!#f`($95Qggo;RCPu&y@b7rcI$Sn|Zc0#yIz$x*f
z_o0><1+G$3VvTGYBncwF(16Hou@Ov`mD_ED1rI5Wu%nwepADYKZIG!PQKD?P9uS85
z_QE*XFs4zBBKA*saTB8NwEJ)wYkmxvH3XUXz6N0c^bF0sK=c9du;G=~D1`laYv*qM
zedtS!mJ%#XSMAy<G>^#iE{zHCO~;To*NRccm)BYS>Rj0`GVY!~_>0OF2~fMU<)MLE
zr5C;<b2AA7zK*eAjTuH%)y#$wsW*;_5d>H%GRKq;$@m%@z6bCd#_4mob><;KZfw3U
zJ?n&kZN0YI_RZ;^)W@BtD`O!-Kc`B3f-!7U1l3+b?0XB<m66noZH&U!vFzNZjJ?3q
zshX9ez1xJ3=hH|NI^3TDCQM;r5H)FrR&ZTV^P@pU=OmG4K%)lZ({S-o(v<v1T(5=U
zE@*v51-?TKu|G_1aB~N-Q(?{KS<!p#&?movwYPn#`o+StmVG{$8iT1uv^VMk+CJAM
z8dr)qbI4T>1=D-e$OL#S7^p&w#|tl<|5@@}O-X}OSGO#JVXT$i<aUHAFtZa8c0?m?
zHrKw-I%^mIPU%~pLbH67AP3En<McpOU}6JQPl1p$2_mk{Zl7KutVKr;sQ-abgVhD#
zSs2;xz^{)<Yim)bVg7Ne<)gDQiH@~<Y0k>mcF=y#*Fv*V>Fk7!WgZ{s?(0A>|5G+H
zBZysUjW*9hllMC8(bFBqOByM4Sn51?B}SOwsmO*kQO!L-E{@o@DSBo!v{`CD@G4f^
zltJNpNb<19&_1qBw$g4-pq^!KO`$%}Vw2W25d%`)RkWZ~rkA5a>Nm4KD@3^Twk(^H
zv_+S*uR5i=E$vcdigK+o(~qAh2)6nj*HXq5driG)U(&Z4+ax|FoFRTwQQc#y7KN5{
z&;-V*lwnBY?Nn+!^nG{r(Zzg6k=3;0Pig}gdz@<7-J0|HbBH}$j7>^b%m^i*8#c>U
z0Ht`KK8mNO%h*E_*!*^LaLYE+*c;Q|Kq7oSlNoC64R<k|C{{*QD@TJ_iO|q0D3+Zg
zgA4Rt`v%7qAu#caGdn}<kyM0<XS^AnwRBxIjoh_D83!YgwPbiFdyB25^r2*01ELY{
z`ktW^lbj`!AC9XSJ}6Ej7K;cFMJ-rKQo>5BaK33Jhc<+ukAA{vsFqDLFWGRkYR!p+
z6ceFNM1R6Th-TESF7Bi5aKNIKC*jK8XF${_-{HQZ<hNkl3eM1ww6(<g5nT+EW?z{;
zNjHsCu^_dZXE)b8`&mE~|A*rQk=iPD9Ap?%r}m3MhS(I#I4Lmrtc?tmiDk;zo5<93
zkkC`NpS89`K%hpPuDU<zDnAdxa75w8<3dW^%MT7zu*jRKkA34`G8WLlSyD(ynE(+Y
zmI-hX9gVvfE8`z+i27G!4K)l<B3G=9Zr=ZJMPwFa*014lc_}#AMdPvBfIl_wV^8r1
zMX)2m5v0<J^_3H4^eqB6v4Pa}oBjDvMToo>*^Ca4eNa;J@%oc@GNmypP+{Z`0aJYn
zWso76-;e|KtIReRXTL~48ZM&Lzt@EWt+Cs`!{`JLdRh_bI`=MP=x!j(AVgKBrn>Yy
zqVbN(!~9k+E7ZR!mQ^0u6?QG8G%<C}SC>jWB&KIeLEK{zz3TzO7IKSzH}+}oy9uX$
zEnSx+x-MI2PG#;FRlHJhQ63faR6uM||D*-4Mv{6$&iQzr_wN0IeXU^RYjWmbujVYt
zhY?s4r1a+e@YiMcbI<nTSN(HqozR5S%hwod5nqtHhv4$`SPxxFMBZArw!KeB0lQGw
z$Hn_H_>cE+a^JXsaa5TguHslZYCTT8QA({6ixkba3aBpgG|yJ<ClLF&13;+>DNr8y
z!d@MbEI0Jjl~9WElWuLhS<dN9Rjm+%NrSwAT!rb$KX8RTRm^ZHM?4Vui)U9_aaBc|
z`2Cs3EZNwwdDUy+UX792Pu5XBmcxwS0^}q!BM}~O9%+q$KINA@UP8affyfJXs_YRS
zn+j$DNdtPEbS&CmD3W~4=#VV64}@clO1Ml?_+l&GYs^!|Qpt4$ZTLP6LfK4pg#uqA
zdjU;2e&#1V!7|>Q^jHWbQwjvjYJSn@I`vc22~L)bzyg%WQ7q#HYED@hvoMr?OBR>)
zS45e_H4<$AIX)k0%55s1BI>Bqb@R^L1B<-E%NV)BoJGTT@EP<i8crAo+NfNbQSM9w
z*EXu%?ZBf0H##4Ua{;5@N=0NY=y&ez;{~Ln@FG`VOa_MGZildXPN)q?YLQul_H1F^
z8xx9YqngV*Xnrdua2&lBD*WqXUi19Oa2ABEPv#B4vX$_&oj<i43MLUi%@Yp8YRMQi
zT(|yI>ip@7)A|0TdRB?pXxg*gbB9m#Y$`L6KPt_Bx=j$~Qd~mYCT%TmXlg7V?NsEd
zYNb>7u7o+{?N;e;?oca`M=TS;iRgk1fW0#oyxJd)G`O1xC}9%E^I4TCzT~zSQ&*(2
z@mB%qEaL%*SnAvlHW@=PU*e7k^|K%qw2onGUD}j3JbteX$YS63l>4Q#cS=WZ9SB(q
zv6wr3mux+43`%p0PTQAUXoc70yvHeDXrD2-)9(EKJ}bxb><W}7NuF4ISo~8OU|@dS
z@6g1715mEY-ZtaYiEMbI6CB-xs?=&G;VA$)JRRE*V(-gSZ}}3kc1-`*p!z9qE=AL*
z2~qyzQcN>N_GuYMti;X7pF$27lbY9}QK_>U$Xr)rfzX7s8#FVzh)v>tDPu+Sm@uv^
zcw1C#+*%=WG`czpo`z1}YyDZeJPs$aNBsAS(f6c8&w`82;B6n_(@RL)@CTI4;tqjh
z!4?(h`{Z$W=Y+@s86NPd*wNxChFQZqrX*3MVin2sF0<q^s!l_A0kIZObw!HC@{c%l
z*3|=1T9=EAC~<wC8haar9_a+q$no*UNIA$b|A>|ryi1IT)DYj3X*4FXv+zossy9@n
zL?{4ZHqvpCE`MTHi^~ty(7+o%*0=+pT4{d8x+?}z>6$E)$}}^CIdVJ%w??#OxuGl$
z_3^?6NAC+LNOBo<$d}N?&B67(AARcVt1ur*MilCe<(g?Il;$_Ryz|*JaIxA5J6mD~
zqC8sYF`92NG01YmZDK#082zD#83ccNSmu5ndqgvRX1v6^LHdwdX)P`i>}L$X9r9)`
zM-|krm1KYFSWaUU(dv9k((89unFDjZMeC5M3}+C%ZGMKM=4FntsN)Q_><RX8S6eET
z&${_KO0d#%b>H2U7$=XyZqXG&UOc=bi-`r}7oDWKX=WAC>C3qb`sbsT?@g!kZfrea
zF}mC7aX=K8Jy1s1*FVr4h6n;Gsl1DUo`3Qo#DmMBigzav_)C>Vq5F-5>1eJ6rSjUd
zgQHy0tcT<`hwU!g%}QZqa#h0nvN?V|nW#~Mv))m-pC=cqv&lI*BVULa!%rLx@`}Ph
zzhr#iM7_ldU>tcwhVNpHeBbf%EEd-ev!6y6#Fv+AyR)&sdy|4CssI8kwm<#e{xd39
zqjy1+Q|s60UTyodU##)bBeutnw^=RXYJZ>{EjBku#qQPw0!N?6lacPnwjyWOsIN`v
z31xryrsB&<%dai%hv%OMH+Vir*WNZWz$}5GaNTtGs2t>Yh@Ev__DWNM)2K{nD3$Gr
zZ`}@St}QdgWOgRYw&)FDZ#q5li>AJ2NLlcY_haK0xGm2@=nUBt_K$2mH$wo7H+@hJ
zlau~vK8OI}3OQ8mD@D|}qkNf;lq@|doK+i>@gidggU;vr{0s%>oWuQNfk8_Z3(sqr
zVPl>-76^Tt>Sr*b!kluh19ic$OR!|RIy9NWDtd060|O48RfQ3t&LeD#j@cBAgDtC1
zT#7}d(19OwCfB_84$TQyX4!XC9hm{Ac7H43&d0TwF``i8$D}Uf&y%mE4R*rHx_UzQ
z*6gA=nN=rBnFa!o;870;2~H+*6x=lJX$>4|i+D~sR9_nPUoo~~--;^^pXVDwODbWj
z7uUeBj)4_E9UC72VCL-hdqO2-=QV9M3na>cHzPJ{&G-jWjDzFU6N{ftmE>tDq7f~s
zo>b8sIywbEhI@lr+A7)laL3Yq*p-(Wo+P1YEsX>*HGEL#Q(67E0B*%{#1`b@fzYwt
z@%mn%NhdH_Dx4sZ-SYhDy>2ma!NZ)~;A-(SzL5y8oou@_Al`Zc556)Dx26#D8aCvX
z-ac-YkXw@8*_6UvU+s&_Zf9Z&FvDKc!_?D^bw~GzUpi2?lq;sCvof{(DI;Lj8Z-b+
z=1{sc$sWC9$(|Fd_l`5d5_FLG-TgI+<SS#;R>8)ABuR6_*+f%$T_0FSGg*kF)xFkA
z(3~TEs4L+GIFk;Vw)!>WL8ejS^4r@sp5BFX$R3Qw&(%cB2hkGpfe=SH&P&)3(bqvC
zMigC)Ql&*VYYlrZn}OsGp2>?jX9kxwK$e5ubF4vd?eLbnT1r(66qPdK7mlI6Ho>Og
zAZ-$zPY};b-k&fQaHo=+3-yf2B4}0+CCS1@8LWE%#7TJ1m~!ChUF;QM5ZPKgFK}4F
z(0XAsN7FAu-*UKI4t=BPDX++a)R@RSgV=lYJ~ZZCO2PUqwfy}&e$xppi%<S~xxtr%
zr-m;{h)LY|nD@8N&M?P~5Nn?yF0M-b^x!*NCWGq5Zy;q}>P`J)@*DxWj<PdG$E$wd
zA)EbnVAl@34$WV^sM;Wj+lIZD)Y&yQ{$iRC<eg)ks7CnF1%jqz`kRjJVTk}nov0@{
zd-m5=vbs|k4Mox)yJ{5Iz2E}^GI#VhN<QaCR`d`~FDi|Q_`bCt@RMhSr%7d2?EVPv
zE2%W+n@hZrA@e=f^I}?btO}dmK7MhZ$X~HP00<(CiR_O8RL9I)R|cPgEyoo{-WBji
z^@S|B$deTD=Atz{a}o1ObdBFS=PEr1<b$Z%-~{4rD8TG!ss@;q)|iL=9jKc8@T#Qn
z{#?Tbk~|f$75KQ)-4r~<cNufOwu&p_k`d}w@Dd;jLG()N)YyIh<SFyw3>7H}?WE9g
z;PjIPVJX>LY?u~`tiKuC9`#MvH3Q9MP)OV;$%>uoyIT`BxyfR$tdg>5e+oT0d{;qR
zbrti@%$VrtYE$%g1;PQJx>H=z-?s_(yNoELk@-D5&~dkd^lg}?$azN7cW5!hCHX(?
z&>}qGtZXN~Q>J7phi=iNyea^jNM>|$07a*fDgJgl@F40-q*_MWg#0hevYGif31Z%C
zR;O~dd^dJbMVi~0jrzs&%v$|KXZD|pf(eC}8oc7-8!9b6E<Se$I2aAr>MS-8DQP#i
z<_eVoao@(ZZ^Ae}{ZRxe(4HpmZ@_R14M6Qi+#4zc*P8sQG4WA8_@F7SYB}`^_@xA4
zOPeImBlGc_j`a}Q9H=%xlA-E8&`Y2sQ<oj43?EAk+aziX^;3q*jRm~8+5wxhsOP38
z!Ct$68Bd>LaiY{UF=H&uWgoR?j|e0}_HWca$DE@|TS7YYUwGA?=zn^#Ir0B6buvNp
z`7xut{XFdqEC@N&D>SoAihvBDfThNZc!=sDMqRG?HK=lYsbEqE`r)l02)|O#<RqIU
zt-RFQ1b8!TLdV63wo6cTcVD7f=hAzH2+X+zr%b7S#Rd!cBev=BPIssg<@Iln1EJ&|
z+gI!jWel@ri36K2?%prPzD}Prz-qp6oa+0}h@{uNoeKNkhO2^uq6`5>fPw7S0)&P{
zY)QqWQgvnnE`D7K2;<M9IR>N%A56tAvdQi%doNd`m{0ep-G}aCYyzu6e2ni?OfiRR
z)3o7Vk>1a&U>T3Cl2*%p@jvt>9n9Qi4P({9GA$Zrt-g2zB^+L^6#K2{FP!r}7gB-)
za`tC1?CUKL={01A*#V!HHITqCI@K{M)9JpkASSyKuIf7CtQ{CpxR6wgxNz7a;#DFW
z%Q{u$Ui?kF6>bVb2dwaAGII>B>O_A^PR3$PGm9L$L5Wj~rfa3NIdj>rV4kRKw}AD=
zbs&1+^Bki7sYsX%UlDuMK~J9wN1m?qta*6aIzo&_jc3|qrI3Y)HL$o8w%KEgcDj*1
zdvW{SfA0!}bj@6p3P*2%Swd=Kb~uMjKk_YXn{sx|S9m~}|Mz&clC5(=sOYBCqslKE
z_Tk#6N#obl5#)?F+5;{Rth2Gva!d0;P-IHgx_Z^9$Q5gGWqUMYD&*KbCqAb|%UEYe
zTJn|?aW^kXo#^L4B4Bh&-BtPcbLV2YIbQqu@u(bSRT3NPlXY}Gr)I%;AL-?nB%iJ&
z1-kDsM>>oH^*rq}Vn3!cJt0WUKbfgJfD5SLVIU=rO^uD@lbe=rf-5nyjqQyp$a-Ht
zxsk$U!RJ^R`?!sp)Hq?3bxuvv8vC37x<T|0(p3K?V&RllJq=_VC~S9LFgmT}U;7hP
zE2lWLk3cW-MBF;dQW91UH^$SK)cm>pL1brUefamPEk#SF`9#uJne0gFTJB07lB8E-
zPgIcka4_PqUdv#HZv<*yzyI!0bcp>lFPT0hQy;^Jc5!6V^x`=c;~Pdr$@#BITQQOk
zSvZe3*t=CIQa}XK^dNNJF7W_Et0c<hd2P(5<IakUP>;7D0-3_+GF6~Nl6*+NBo^~6
z{7}LvV`q5)u`*7(T;3sF54ApZ3~5{r9!{E+)!GdPp-BPOZKZlFZ#y3mgn!2D<o!@!
zGo|KLYfsL$)P*|s!`I)maA&4V6^aaIN>BbwW5(^a0BApA3RWp@a>rgsEVtio(<&(-
z4s$1X$*#YcgIv1l#B=bD?P^THkx?^<{#q)($Br~$t$a&x7=18tQB40!9s^#i_|(o?
z>Rn~cco_FvOoJqD+WN|f5x&BnmYoxI;{t45O(nDKVtbmEv2+FgnM~3RivH&l>qu<E
zulOUxNPzn_$2|T?T_Ex3qY-!LIKEC2?A)Ne+ZDJkRc0a<-&EsOeanN?rWv<K%+N1U
zC_UB55B~ODemYbbZ8B-4=ga-|%N^Rqhn6+OjQ$hV(jo}bMWS{jrg(w4XK7UA8y6jU
z8g+H+LW!_-$rm-oPK_7Chxw?xjLpw8I(MiY8$dJa0JS~Wxe8$NINQp#<vR2*vMakQ
zct2Q?(MitpUE8nj7bwkFE|wIHJ~?0nG2P?*mSwOFpi{q8%eGN>P9Uk1^l#YEw*T1`
z^(7w7Gr2Q&j+ELi7@Ib{fq)94jP7}5dcQnb4w9`#-N8~dowBz(fSD}+c*J70mc6j~
z31D7S(p%{b_J%jjJ6LD3*ftkjv^J4f#}FXZV>w-8G9mhQKxR&u*jVlj@_B@O8B;u8
z?1LPDq)fdO^*(uCd$1OTL8xEBc0sxb7wP5Zn?0QVQxk_X5xm_~d+J!(s=tprD*w#r
zF$q^<hY6Q)CefDB-PxmDmj3t+ZFC!?06_NzRaTRrzC`-xH!|EMzENMy8?)CaIj25x
zXSENj!f2Rv{94ZM+f0=T-|;hE%_XVt%#Nagq_<l)`Qe*{39ZrfvyCHllgeYYf+qs$
zEPFs=c_Pb(%^~Giv8Th9h%wZ}!k_YKpED=MCh6PHb5%T3xA)nUm<-u5jprpFSAYnz
zz}Ke)iH#Cb<xu-3{VTzq&=@V=2dCBqzp7}IOr=ain1>6!>|%tQ^FaZxmYY(XvROOk
z-LN7&)TOcJkOsa+A{V`U{bZ3-d>+@lGrsjhb6AV1%-f+h+;-_Oou9s59N+lK;5K!i
zAi)ZxjqfrqzwGQ(+jB_>qhB0xR|&J3hP3MIj7lq{F#gH?&2wAxy#M}0H_)Xt1OEEt
z74|O@Z)>gdR-rZoM2#lY8+{%m6gC7l#Q(80W(7fUp}cWCDn~X|OcpUiKoo)3f}r?-
zzoJl*+*$uOeBRBsjQp1WNwh2w5RPWvA3fYzEX*uyt^R9NWeTO@9QIsDh`;&WKi%F+
z8*e>T?JV3qT&>*LIN0A3C;Pu1>|7F(e_z=-`J}nnDWo|0BqcbcIrw<lxh17poj=(8
zmkzLMFccBUbOI9mAs9;hUlf31A#alN1`v2Q7>e#+67tYD2~8siOb`M^LG!<KmjA*Z
zhWcNt=>EexgSV#7*iiIn|E(<Q@6e5JwcA)wWK93@3I7AmnCw4>`|;M{Dg=u8A6poj
zKw#leD4KsHCU25AdvU;-p-|}mxRLfI9t(w{`hU92e>pe#CN&9xq7wQ)SN@$D@h@HG
zKMCdw=>N$x|IeHM?F9zH-n?ON0fBSEpa=~9PW8XD7X9Z`e{2OoxLLWo+kLQc`-{;0
zUt=l%J3KeyKkDB~1Ybd5jBqGCioXi}9Ss`iKblofg1~a&P?QpXoBjJz{R<8KPYRg^
c{X0;!ssaq`-^#yh+4&7&+L-o@8xrDw0N{qgd;kCd

delta 39875
zcmZs>1xzJ8*YArnxDW2`Zo>dGxXa+~?(S?{H}3B4?#{;D-C=Ndz0dpJ=R5bFoYSOf
zSJF0Zv)cT-`a4)gt&W06Qjms(!UO~R1_m|&H5P{?h4xP&7fCW(V$A>s_MeQC(nAG>
z9~VdtfCN*JQ5I#SredUHVWT1AWo6*v<YwRz=lmh^<F}-soQ^0zx12D)n)pvqaT#G*
zEg2=9Khjc~ic+eo8Zzo;GCKAu+9tY2)@mj$#_BRgS}In0M&^dvZYC-gre-GAZdOhn
z&Q>PQwl1EIR&K8D7H*;LKEbA@4Yu}e9_}4p06!la|70)!Q1{RjH(;K3T(Pfzzn{I1
zpN)Q~n?<m<TfC2DEWjziJ223@BRs%6CDbE7%A+{mH!L(PAS59uG9f5BJrWon8Iu+j
z7Y&R{NdSh%N5`kc15;B{!~DC#Qwo6Db;+S!saXZtd6_W<)zP`N8Tq9N`E{{H?FprT
zuB@WEtg?oT^7i7?$o$OIx}3<o?EI>{n9_obru^uJ;*5fVg8ZWLqSC^mvdXfe{IcS*
zin5}Lii(1wy26Tvg37ki!p4fK`tqvw%G#>R`j-02lG^Ipmb%J@hKBm4_U6{6rnb)Z
zrux?A){eHuj*gCyut8wLWK8;eEN~EzoI0M8J(ph7mzq1DRX0?SIaXRYR$9JT-aJ^*
zzF1$m(9${3+`LxPzTecf)79Hm-8)^?JJ-@T+}JnX**DlZFxEXX(LTJ`Gqc^*f6zU*
z*H@L<TayQBF6(Qq8|Y~0?`j|ItRLy>nC+~Z>8$JP=^N-=8}9F18mL(uZaV<Xbq@>-
z^bd`JMg~En6QiL1k)e@^(ZTWY@m|o(K>z08_}swc>d3&>*woy_<l5xy1ZZXsG`l`A
zyD%}oHnp-mwYo7kJ~%fuwmQ*2H?g=hH@>m4F+6rSwtP6Yc|A9|zqEd^ym7s`yFR^h
zKDm3hws*XCe7CnSxVtodxC$6QSs6arnAlmK+h3pG-C8@@nmb(HKiiqw-<dtw-8ekm
zJl~r?+uyi6-n>0tf4bh<|0f-t{5}4Acye}fw10YVaei`mc6Rpn{Pyzt?CARG;P&<W
z=KlQd<>L9{_Wa=H^7Qp`_xj@I>F(_A?(X*S<>BSw{^kAU@$TjE8Swsk|M~d|1_t)^
z_0_=hu?q%9OD!q#TiJc>A`{7ZeaYvzrKQ{EV(E(N1aG+7#O~&xQ7f}mE`pX$@@|Rn
zWFV7=)vy6VIKAc82m(i61Y>otb9qAQgz<!3`EUUK#FKX4AC25u>S0bQ*Zgh>_u}W+
zDcs<JY~(4V958oc0Z^EzTy~p%$7G_BEEvD!$hOW%3Qxhr#B_=B^yLA!=XPy3c+1BL
z#1lg*2vHm;HCSM=#Q8tWZEK*p^r(7m*>rV6tqI<~8+VqPS82^0d(Z3@bLT@-?SQy|
z=Qs|^C5Vkka^ix(+oI1v)+RNS0U01=LXe6Rz(|R^pLh>$`14Dn<f@>G<Cr@GafZj?
zo!sZU6Ruv*&C(*r^GQ?Sf_!@Em;ImpObddmlIWfFuea+a*fL$UVclZyE2Js;caWKY
zWiyf@X>3V4Uw4q5?``t1Ig6=bsVwX|UujBZvMZ3A+q~xu>NAXHv!j2_?Hy3yw%Prf
zyhuC@Qdt%Zd3spA{v_8fZnZUeiD!v8>$abE(II~E-ptuHeKY=e?#TH#)oJ+|QuDPj
zTq^jSc(o>|`Ov1a{4p(G<@w^4;sa@?+YPZT$JljL;38e4q3VXz{b}*edZx4d<a_j*
zBaw5e`7&$P9fVT-{NA_SGX?m#iJnf&S-pl8e0vrLylT9^N0`~Z8n@kUpH7gw<k<Ci
z91h!k4ahfrvf_@*$Lz;#dq5EDy`Hf7nm$lQ4<VhYY7hJNw?D8iH>Fow0iIBrx2|7G
zBvI^Oa=?abKE{zIuD(FB$vw|Q)O~30tm9@k7u#K*4a<Slwi-9V836m?l4YH@NxC7M
zhliYY8<6-(hW%lTt>+mA$-`>kk>J*Al)Q$T_wAtB%~{U#xE-J#2tWb*J7$6}K&$f<
zY`4EhypPedK4au-Its7QdRdJ8LXKa;EX(bzOoUH3?p!IizsoVSda_F}M1E*!%5WDc
zBTA2g?<wG4f;!}}55VDq2g$&F7+T+(Q38i0Jbp8uU@6Z@Tj)^#NM_!xlMx+WGk0hV
z8VmELfObzkma2*1oTJG8soKjENKd;sf|wE-8Y+-AieIk!`HMlt;ofmIH(!^%HB$Z3
zr(U^S23zg2qvQ{bK>@i@;!XPgvcP;awc7SulnXRuO+I|XE1>xxn^RgThi1Fmcn5y4
zwd-?@^2xX5*(+y2Prd%~65sa2c|gkB>VrBtp_@sg+j%sPlH14kg@=gU{v<5~-`2xL
z@&#f1svUyWcHMWfD<_S~_i~9^K+?tMyjrVgrUTRM{qsnWf%2M>o1x;1u5Ms_IP?P9
zduMIeD%qr)1<<>ByGf6_&$IsYp0gjJY>j)L^di*5fj1!PYHY_E0=xbegV@p-c3atX
zk}s^2_Zt<@nn^E>6-%!)ION}Rc;m01SS<kjcxX)>FbbyCra3LrR?In4FccdWL;j1P
zh5}=PTN+rFWIG;o!sSqAB8lHb)$MR0P}`4Q1$ffo#HrD9TIX)BwD}$JiZb@+d9B+@
z?#~jb)<AfB)bzVZDYG6U&f75SK_=V~+5=~(bl&F=Dom{P069)qnmUlrV!3-Qu;!rX
zi2L80VV}(i(cj$MvlU2Zkx4ii73F#wJeRnYG?na(t}=NHg6PMAV^r^x>{4cv0=QFg
zxz|Ug$y|qL!!sC<e>0QbU8XyU*M&!!Fpg-e6Dlh`GsZ|MmZ&(ezvM(OBpf>q(d<{^
z{ml(5ew6YoHpU5%BjfJ6S2a)P;8@_&8O211#6x;cMo<8zahX7H9ec;tUF>YqhInp}
zEpYFf^ABWXdvDgKgHX2#tYw=101o#dVPSITSC4vLD4HSZ=W%RG_jUP1W+6(ue}}Rk
z>|1kDFKWYW!t@tYf87KZ6`AwP6%oj4ow5$I5yA7UqpU%ERH#q~X1UIMsInWG{KC9E
zgp7iW>_-*%<Z-JBy^$B!B2#Q>iE_J%@yd#oULoMow<Efbdh$|>Oii{G1~4(7rN`cc
zWh6ayi9AVQrJLf^oIlP%zTv8&ufg^^Ban05$(^+2mellv{eT$`?QCYVBOXrT@{P12
zJ3;LM=ut28i;U}{qUXFp8|@dhSZ9tOdUTd_ZIdSgB3+D9dkd7({#3VT@%O+>iqG_4
z1mk;brc(Xzi`>Vye6Jk11}Nj=JApzg?65e6mz?w#af?>RUPKLpii{((4zT33D0k>F
zJ$A05n|GM}g<0aUNY2srWWRQxY^&0;kN>oLXTdjz<j139z0wK2irhu&^b$2uKc>ZC
zz7Wy8DG5lzHTpRMXh^P+36z7doBQPQ%uxHkjgS3I%#XM4AEE~`1KP7WphRcN5JipA
zz`l#8R>d$P7Z?rXZlclX*VG8Hiv!?Qp)yF-9u*Y!mfWhaMH3*Mn*_liFFnJawvqU_
zJnO)+OiS*pHmQ3bF`n$2ZHzf0p@h!ydl$MWCq=LPV%?172OzhtU3P05n!-(b+I~F7
z%ntW7v+kIZ%4e*S0Tiuz0Q609FapN~9r7Fs0fC1s&YF63%<$wjXMzhZglBY9V?8u<
z%;n}h{+yHoYen=UERK#h!8f}i0u`n6usK9$v*_x}36`$y6)XiLl`emqoP!sDYTWxF
zf6hg^Jdt<%h;-E0+*z{l2q#ZI3Y3gs#$pqqPRn#1xkP>50NW3P8D(3FKCx*--wqW$
z5$}*_(mrQ4w?jGR?Tc5XPFgl1-HZ$EA$Mfpk=7jIZrLz#j#s*=bgvN9@y)S^6xT_w
zPVI5gWvj8FtX<T(cBnEyqBRyi2s~?I=Z`AVF#Sj-I|gGvQE|+Rq6yS+oG@3;!Pv2?
zKzp4QRt+iU0Q<vFWZ1u0G)F4lGg^W_V3q~J=%`ZW=VBqwIlu^v3NEOzgB`+b5Z5og
zQcV4#CJ9Sq>x%rIS@4bEw<M(*a!CIQ&{RTwjlMw*VRpen;u8+^A`)cSoM5=B9V0oC
z_%sfvKC;NHN`BcL2}pd{&vcBo8wo!nD?Gx?C;O$W0%m3w=#H_#kZrW@?5tq5sPo?~
zfn8^t(eV0UCRl4iIJX8hvMao`Jb83U75y4aNmA?uts+8H^$!Tz>3u~~xYHAG%(NA;
z{IKkW&c(pUqCZ8NV&&NUK7~xI%<K)&i;ELwPw3IF<tpz9a*jAmYWGTBBUX-vs-&-*
zJtULwfcQ+j{gcxQk*Qm)D*T(g$I^1F=uq?!g9E45ew^S=4h&bUnH{wHys1)mcw7ml
z>+m#=XuOkAU@CXWCeApSD!MyWT~7^*cJFF{s)95nVcs9Z5d32^^q0&qBqQqu8dV_}
zI&)qlc=onVT^9HRRxCC2q`|~&o*7N}4IPdxK)Vt?$6q$3p;W0U)o$}mu&0+Q-yLpA
zX~xMd)aqEUq*kGt0byo9({a7Jj{e@uu-Y}(#5udxSgbCJ2D3>Zvi3u&6~S{XXln&d
z2P=l~nxuSV$KQ|U4D4!`z%(omtV^K!minvN!s-nD6+hKg*tDYUVw3q%aCLUst`7Vc
zfbZ3Rzk3FbL<66Y!03pv|BvmCA!`H|)4+p0(KgrA@Q_ARtLO^VGo7|q==hvYxXmM%
zmmHB0*K#2A7G;RNg87M?aQFO~nEJg+=7h*XLvT_q#{dg>&Xef3gVy7i8R~-W!c7>5
z;rY%SH?^Nxf{51p88+$>*S;v+3U$2`0DY&y4pFo{GUpas!c^d|KFVkJ&*AJr&$C|2
z)1d`ehVk1PHAdGZ)g{1eyQ22>>T|8WfH&5%VV!b|_@zjoF{7oSP-gFo`;p~<`x0pw
zBLrrvX<!$nL3kTKg%i)L@1iX2y`@fFb@rzMz$}G8;Q<?(zl7NPg4-})xO7qpu=rm+
zOAlwnLWqyYiC9TlPbrLhIv{yDJe2q&lNGqI(qanlZC5wVBF5&<6B<p(g-*`PSny!%
z@^wvv><BjnV6z0SI;oG75|)ixByr?nVz7sMo6@ADKU?Gkz@~MHL4*b)VwbN(b4&j*
zX-?YBWE<^D=0FFXNDr4PzyQXdgCjE9suI9;<cUu^sjQtGn7;8|*Mqn&4})Ni8+ce?
zQ>)fnY`2e0Ngzr6sMJ6yh)Nq&?Bl%6D%!f()|v>v&Ufaid*KI3BPZ!s-jLh=$P)z3
zTJ;6Z+g+dgt8DQJUvIwAhK}#ABev712_8E6fZ^~&c*L2}*R2SQzyrom<bQQYTSdWs
zfK$;7gC!>fB=GgS8BQ74Sh{!e{p$DBcx;ERhJ|(a$gpSYuggvzdxbSJI1Z9bc^%;1
z@kFPGHB=;>`3M1v>F!2a)wE}c-AM<{9f33SyrI{qf4oEXBdovMml(X&x{w2w3ga}>
zHf6MHEt{O#KF+v(iUCP^{wNT_IXoX_EdB_suNVDkb~xXCmswc#xYS<nf+r_rrrSQH
zb`6a`lzDU}zy1ot8nNOGue*KdFJJPDKM}}Yt=?s+xn6jlntLuQJ;RCv?474kbUp6v
z^gNuO?)6Z-J(e#A0AFJ<(Vxdj#P4^rX~Y*EhZhB2#enNECBRob^~ZuBF~6s?=`?*u
zA-U*pEVQRV2k}bL#aQ*rtIMmCt8fa4h@Nv53T?H@7<xF)%1asSi}hPy4MVc>UiqD0
zDeFTsdA}u<^%jhOBj`AzzgfSQi4(7XEL3lb0~*bqVu)6|-uM=K%6b5AS6`QPn}Dvr
zaRuUEm*Ob=w}8VE*DDYA>Fkp32CJunnC{!_f{w38@tDicDd7&ctF614%l-oSu9vX^
zlrtN0BF*B&nH!v@Y^RxSxGhAa=T|~S8c!;o6^A)V&b!{XNoJRzAdD)d4ag%ud?JWu
zxQR=?(Kb@Eqx7sJ*p^=y1U=?~9e?9=P&S`SI&3$ZtN_c~A1A^n7i$mKDLtPv<a!<l
z^c_U2F8gku=XpKdH+G)}*tm5%C|{GyUq@%$pR3DX%h`f&x7z~u$0@}B>~i<}b&i1Z
zzM8AgVO^+Q=S|+1gYh3sCrc9k;x~}<beMW{q?BDfcYgeAs%iqd7<@#?>+nE0M?V^E
zPXj)s7a)}E4+Jb?p7@C<EiY^81nA>b&ScNfrGPG?=O^W4&wGj<<ERL;udmo6f_Q~h
z{cFmJG+ZQo5lZi$vcF01@ibfa?+iEZc69NEv;qPN;{x0tuACqIS!72TYbH;7Y}B(%
zv;hNh$p~0R(+-B`ZNgm5^CtoMS<jU=^NI<_OaLq78e%O_pKN$7B=XBU>^g~EApHI*
zuy<f8i<+5xh_u!p;krt+w)3rq!dmglZEKp~sne5h1GUaW&T;)YVP=0v-gCJfTIO#(
z9oUlC3!!Vz8cwAX>-W%sQ+iiog4PWj_7FvuA22LJ^Q-+pSTh9k#(-k&q7CJ*wUe?I
z41l{7BUz?6FS;8@YP5e{g<3tee~mBXNASYEvS%?Sjh-z~GgtSYclW!gQKG3`8tc6h
zQI~VIU=`+(?@{E#9aTMDu+zT3Qw-DY*nNNheD>$U1p>&?WqE@(%DPYe=aB!!shpyb
zhqw?3OZo_EJutzMgz#6mSuhy7g3{X^JwT%hq;$RVq4{lCR0FB8OsY}o0{f2}vMhy>
zqNJ3Roam{ho-4eRG`2;Ql@fV9`had6G$Wz)E0UxF6h-N$oL3|JOqHrk+|;kM@BJCC
zkK3|$jCqy$FjeA@oaA3*fMAcEOByUUuney|>DGE{!<iw&EhwzZ;F-z%l^vL}D*(|N
zsy;qR2n*Q8;oA?cOC$dnqb|P8Y??0c0Y&poQVyY=KvXM&MZ0LO3~k*nt|<!r;{L%4
z8XV89p}AA+P#Yj*yd|N)#7i#9JX=JqDh6u3*S2LL&Y85g_o3Ht^HmJ%PetY1(1N-k
zC(WU_8`e4$w{S9a_M5Qkg457Z1ppT%9ds481^T0exzt3lqFVkJucBH{aFZ<urnHn)
zJv*gAysd-;weTT9E}zmS4?a#zqlqL&oBr@4fI5mYu`nX~3sUSLD#+ZD#Q&D{XF}OM
zji#ly1YR=J4R>8q3xE;J>u+UM-IEOMbflX!f}5{-vgJV+tWwTZpK*+*Dj<a}+%iaz
z_+;v0^gB~vQ3Oi+s&5CF?tr#iZ|I9cFd9yY-Z6s61u8sh5D_fFnKhcjv(|Umw`y7A
zXIT(qzE6qHwKZT9rsInk?D58zi(yuP&jXIc376&ZjzNC|@d<;##hqVNzxp{VicK^M
zHlM3HIQ|N3#wBNbc_EsS1F$lJEv%&x!av*mg1j}+@RXA)e6BSqt-TK}dfbvm!)MRB
z5jT#uTO4@;pZ>dxNAO3|K&fX*zkMHzJz7EFMURMBabXNDr5$bzu2Qg@{qEmYN93>0
z#4IWRbmq96(Y;d;{Rz6*3%3h7e;{yt_tUaZ;@?QpJGKEL9H6A@vJk8z>E#ycMGa_}
zo;aQKy(EeL`+kYr@tJW;$4ITasl7`bCE}(`{K*g&U2jYH_@Qm~WsmqlX~6u$qFv;N
z4D%#V&mU*{XLt@PziAPEse`v6B$vhzUb?_VJEYoYM7nJ*gJ4%=H{pf}9-DlCpu?x$
zyk=*_Yl)qnKLCeXHNuK-t!kIg0Jo<DTq)UY;w@Q#s2?OIotDq=M(A?i-m%0O&i_@^
zQ`o(3zrKGoM2`-cqHuy;Wa#0}MLsNshFx4-@$`zTwBlZ3E(6565Aave$YB$UlETAJ
zI!P}o|2Jl~tqT+uuiaG~Z07N9mNoBt(dUka2SngRUdN;MgWu?F8ipY_hg;M15?1}9
zMgInrRwENLQC`_b-@k~%CP2T$ZZXOulWEw%muU!6;)AiHtM5Mxcy1(lpN|`B7tj>B
zkE2H^Ku3c=Eldp)Nz9huCW;tUzcT|lONkhw$VGS_IH+dHl(!8iUM@zw8vbFJS1YhR
z0Dv~iP-t%!-YvUpiue8vDAaue_JvQ;8ddrY2uxy~V$YGE?6NKW^Oi8Ds4~i|KBlbB
z-8V!&5#5wHR{9Yg-IG9{#8N6?L#ij#o@Z6Cc=GI*i%{2>^17;PV#=Y1Sj0+qWO|QY
zw=&k@V~ijUAsGFQlACGhK0aG*4qzO`y38rCS1KS(+TjkomORF!5eF?3b8-*lT@kkM
zcR$585_9~D+%&Zmq+!jBf?0s-@v&mRu&;)zggJ~x>OC-|Z(JWUv?>X1dOfuUuIm<q
zSZP-K1h}ALLQk`-WM=ByS0(#Qfx8`1ek}qQ2ah2>2A29gV{=SvZCsY<09`@|v12or
zzM+Z2BA;0t;Y)>$!wV1rCLmy-^8R}ebJuRfIE&-<_hWowM>r<%pE&)JuvfY3&kw>C
zwBE77b9t%^j#DZ2xxr2WL=j1CV(0f2e3{mMj62DFjekvInD@Y=!vs%$r9KU1vOWq9
z#y$GY`xgqsq1gGx8f>t*0Gv?^*QhUu^j?sPA9{Xq)AgMq5-e$&w!HrB*`?1;uaVZ3
z=~b89*-OiCZ3;*E1(Lq2fYwV%p6cG$ckYXJs>tqf@yAG<s?cuVnWZ#}>)A?a(xqK|
zsjn29!y=9-6|v#VZX7YzijQ-6cJRojA#yhyJTZz^Z$GagTFG_{0~`nixL4B$J@Mj<
zgdJJPo`4+lzgUFQM%6i}@z6x$Icd2F<_j5)&t)Nij9+U+Dy!y~xmk;#>sd&_=rUvG
zQ<-SN^%A;oqU;_>qGjZf4a!Wu1;dQ)J}s`zs>#>Uy{`@g%}S4N84N;TG{w2k2Mu4A
zo-QGQqVt-4FZbXsfD5s13^i@N%`<D_y2|IW$YP?Ox0R^n&*|zVi?^o^YX*Y#dR_k5
z1f5_w!wtyMx4*fE-c>I<w6fe9KlZsmzt>^=@%ack*CBHeuGaN~V-MRyC!#jUSR215
zS)I#vWgh2h(MxKKfOl1n@-tJsLek_xQ7}3<|B*mKd_kQ60XPl36~ab^Vgexl{ED75
zXRD|i=!TQEt)PgH(`Eg^pZ1O9xtOF(v!$F0q$}$m<0kg;ts+nyBK$AJNz1#3Bx;Oh
zRvwY8`FXr&U2*5k<9kBiAdmt%0y0wNrVaLF*sRF$w#PZ&gU8_&qurP}n=xl|f>(;`
zP5Rz?x(2}J3^;X-7~5U-!iy;XQIL$3DXR>~*YqJ6D|<@`F_UL+%9V76!+BdH!JhMm
z#)-|Hc!8|P57b9M<`yRos=pR;(uRmb9RhA0-pQ?lpQGEW(a<>9h6nzM4fQ^gAlt+L
zKKJowj9Mt?7}hT;zE}vWLN+4yr@IXhd%lI(;L)ac7SK$C*q*Nig-gUgQw~>|-;ED{
zT}3gBGJ;xbfE%Ih$%^yl^S##JXeg^v&A#4wAdn#>mR>mIw%OL^TgWkt1RSOH!$35j
znVpzp5@~>L^1cSKIPZGqMU6D#KpKF}e0|9TSwMYQXv9myj9#fN%29!#dga#6RfCI%
zAs%6v5b)GINBVb7*=IR{(9Pb~luuyR_3J`jRa@@#_jgCvhVg+GMi`?%{2LYcSv(~s
zTT2$h`a``m8AF*K>YVq=OeGJNGzO@wX{WO{5<di&B8Sm6#fTU0JanXSew5RAdTY`i
zctu3m;)I<O%tv)LwFS(1CXe`v;6+l^W|P|h?*YhKD;u?{$9hkvD=U0;(P|E$8cKL9
zuk_5%?K`QlY*jJl)ktP{`_ZDQ&y=m6PG_-;@^NP7#mJank_m;lZO)xdK`OG-2QHji
zzr;XxBt~LXzs2?^8uPGBi$mEY2=Eu325cFQ#KU_i7mKMqT=8U$T&P%sXAt}Q6or{_
zk^n=M)kZ<^f?v3?>=HQRyEK5tZC(=WVxnK}JlxiWi=BC99gA^X+Ko*zCiczOPDVIb
zriHuxWGv5$TsyhEbYczXT7z1%i1+QyT<n8b5FLz4K88ZGlC)Mz@>kovo3g98-)vTd
zH`2f?s!8v^TQ_rsi2d?g`{NVVZ}oQB2nL{0Hh)~ArbnD#SQBA&yT)haI>&o=m`~@!
zcY`9>2pX^od?QFia{V2Pb{#Gjij{aQCul~U*E|f1&575|!^;dH9_ZwN(V1Zo4XoSY
z(hA=9ZWF8AD-Ei`!`z(@)hvj;N)(w24);xn<r!(4zw-2gsGcY^iyU6W!dN{iB>^-N
znh&E%^r(hQqK)wCn93t8hX)Eh?YAI>#WCv2ua1qOVIN>I!5cuFCb;UU_jf{#YP^Qw
z#xe2t%Vv9)|8`$uJe+TcAx}N&=4o=@wH|i*oEA2f)=gz+Z9}0C&q|q$_$2ZIA}k7A
zaT~H@vteA_rNZp1Ex8lt#ov+%vH(^>It<G$jpZo_<*ESHeCc5%b@t{RrH}cNjY@=8
zqfueyWIz`wU6rALwe3g+Q4uouT2V!WGIA+uS1zjjas*h6ZF!M}tO3In(hBg+7>Y_z
zeLTY>m6yVF*Sd>hR3rxZTxw|xg+j{r^r12$^c|{SS283R6gL`w$;h-@{sO>{jAwwP
z(*gDfCDwL^b{ByhjqPvIfksxax^^q9om5Q_#0tyC45oExbL(TOIiM>zS<mCxrl>4K
zZ?H8m1}6dJH8*8%q7i#O{#{!s4c6n0OI9zccJ-AywA=5G70pd$NhmX1T>J;OKf%OE
z{~qbXh<{N0B)Yr6ap3ZTfdDWWph;RwFV&dr38f|H2QWm^-i@DJm+E0A^z*=}CQ#S;
zu=x$Ddgp3*P&0y{HR5X16TMn*^7Uj&g1YzQcvHh35^m0=VJO<_b<se%=i65jr=OKH
z@TYQ_@gsf~mYw3!6)!}jWe6C;d$q)MQjtIQQo<-GL|Oe8Mzaj{wE<@;%)hy}x@-NW
z1-sui8WBI>(U^T{^m2Moh7x}|*!q?4(>r_E^|00nUPMb|A_{BEV3Jr5o-MpG^-;o_
z(0rS<)4{?qIBkM-J8Mic%jBw^9q07Iols)>+pb!&IcHfEP*qd`ZX|_I`6ow;LL7@c
zXS@U{J{Gq<kJ9mFU<A-#9un7q$6~*$R(iUahYx!u`HY=H))n|U-(blfCsT-xLCn3U
zMm=1E4D2kzS5rs1|9vTV1LPnlylP%)_tEZlyL+T!GR$a|Vo1sY!odDA8+0CH#XLFs
z1%rkXG-94;tro73m2O5_cD8WRmV5xwla$k)&SJUE^`FR751<SuVej2|Kk4X{31+`{
z6StfC+yJNUl_huZUL~ULOTxj4TYZac&Uai&?b4Dkik4TA<i>jR*bG6b++ooWNA19|
z4(ErIF`7nn9=&CoIk31r+d0v|8ys86Lg>Jxi;TP&1w3uFtdX=(FM1hdByuWL8m<fH
zhnwe1TM9NV1sD=@n#FI0F;JOSVaKBrq0w9>ad;@ft6j_Q3e^)^8)uG$Z}kkKd-JVA
zqwPSf*%j3<bRGFjjQ#b&D5s|Ur(Fh_<l2X3QJpYN7qbc0T0%@?jW9~oxQHI7ft(bc
zOauxIF;F+G{^#|YdrQJ`vS@@vC!P68U@oW!KzpUY0cfLS5;H2K1>~xopeKTnQ%ur^
zQjL&Vkm7R<gCwY5>>tneSTmi;g;&=bw7C^g){s?s!Nck;M5t#zO)lu_A(b9fzvZrg
zgSmQ<=PPm1*YctMxXcAqqPIozRVt66HIg<`8DE&!a@5jDGP}UETmkwuVNa{VT?)}b
zyp_m!0PE((s+VlY)eItagBoPFvES)Qf?#=TJ@6|5743?{TO^p2a_-0uc|I33CRg7T
zf07RU-f%I;5c&=1m4C^yi8sY&<dVFlh;63?DYLqBjfD`_Lgx*~6|zROU>D)^rJNEu
z!xDdM*HU0n-aL$od!&rP_MOIP5gcv|J7A#M1H_XBU|vx2Poq}oC6!F%vvAOcbA%JL
z_0n~P`b*_KpL=mACc!51%WNU%Y^8O5gO<}PW$CDmiW~~7cIKk5<^f+NF0ZBym6*6h
z-otb&<x4!gFUE$Y>>(3bk3Wca8G_`8M>COIoo#^3t2T)zkzOp|QKbOw;>1FW9#ek7
z0TOTBUOIk3fVA@e3=XwGdol3)r*;`7<PYMjI67x;x=njsYyX6an`gXmjh1-ap<<46
z$EzaNZY%DKc?F-`Ho9`}Z=YzcFY_Ukcpx=y`Qc}SfXAW1#mU)R@O$|40y8&^)BLn?
zHO@2vylJW%B%-8Dzjqp542}h!M5gId3&8s33Wd7qObo5D%so1rUO=aMN9EABZpZ@m
z*P_La9DaEladb`Y(=T`{GM}Kfc@3p;%QY~~@e`^yni_TO6s*^hDkSXnk-gfsusy%3
z7a{Dg#VZksrjT{-r0Pz6I-U)wh*GaXp693wIBKP*FJB}0V)U^Yo`2b5^Yp9^2(Xgj
zn0e~m^tM`VI+4B(((hbu)s<M$``NM;AQjF|3_>7C_mGzz%_a&x4c!Hu!uat^EFxPK
z;+LgH#2&4k+?Nc5XFY}yLX0*~5<{`5Ul{+YQbk|*CA1jkSdo58EndETB_=`H(Wt8u
zg_?&Qwk5tEyP{Q<bst9vcTewq4q*8G!wU`u+ux2$^R#ryg#u?4&;kl={4oZO+A>uS
zwcww$@aGj~k?5nsay=O*jvy*RNq?1UL3z0P)z@eqTP?k%8U4z%%&M?|{BmVYj25$J
z!}`NDnQQf8kZvVBUm^VbO}*lrHemO~hD;4RrVmCmxv=J^G*b%_I-)r&10Vu|-Rgl|
zC~zKJ85xdf4nxjx;~TGu|2n#`B2_<)Yn;W=z+_OYK_OxKhZcwQ(`-FCgiu(+Fn$=X
zWg{ft@z-wWZ`o<LPjycwK8a}z<NB0R{M80#CD*)nvr*8W?Vnok-?e9qjJ3LBrNf>w
z=k?PY6Zz+_&S{fyby2&s1ORvWD&Bd<Q#Qui15GB=t2z8?dfUQ~^-f-)f0^F<UkA*6
zpYmDj&GbH<x!&kKld^j9OMnM&E}y_nzM3^$iytk{aRsbajOD{>Y6$Wko|ViCT`#uA
z*g^MB*oP}+Egl-_cStAa0o`WUuI~%8CCs~fET$lU!TRDu#<1!7G{AKF*JRmFz-7*f
zI2YeA`&FEopz0fEjJ@ZIyiV=8g-3d54-|8^0_(y#E>=}~90T0!B5#?5Rrq`t&%RTI
zI3jZ*|Hb`^@!y8f`!xCl-CTkO=;5jOiu1i-I?GU?d5Wa_uoB^VR(uI)UMRc~(Y2dI
z1=n03p|$gD^E@~3I{?bei-bTZJquGTkKFvqw4P??NCVtct2DJFm^H@)YU(?0BEJ@~
zoSq-A<T%63c%*!WA6)8^^dJVL(!E^n;;KK?Bk$#U;o^hJd;@A%u!t)+Gqj9hR)Os*
zdIO{+ZS4et->95_*FmCdoSeFhGWkD*7-a2C`s9OeUd9xYJpk?R@rclw+bj<3@?75Y
znk{E!e3njqL_7M8NWHjN7wvlG49P?7QW>38O}Yw7NuqL1M0`4^s@ze@>MK1(Vi}pf
zP=ZuiKIO+5-4V0<W99KV5Q2#yuHjt#u@SEIeul*>ns_Ap3S+L}hkY@|>YZ?xQOU-h
zP(q3TqtXCEJ|LQR-p5*QAG>OgmZnapHXT7!GamvM1~Uv=q?7?+RYmTP>+9ZUbks+6
z7$!-%A?rHE_rU~dBH_;Ay#8;PS~FZ?(GPCp=`jTK=V7#L-f3qc4tmPRWTLYQBJfff
z_&*EXI{T#+Hj}ND^ETXvZYGCMBU_Z^)&@Cv)+MITT>)c`!sL>^WX&0As_|~;Ml$QF
z%}(@^#jJce3X^5W99f!@Wc2ZD`~wQw{4Pk}LKvD|#%;~@m1QBVaOjO36oFM~#rPKN
z$146Z$j$R`Y`%eRV>=n9o|C%qT#JED8z(2n*DLu9i=QgJXw?ZL<|EUhgJ6<a&#5Hc
zD~!}FB7mh06gR4TmXpXe5lP=@<=?;&32hbdM3Hw;s(duOFYahP4V36@c5V6r&T!fx
zC%$4XGRK|EsZ(6CghaAYL;i@%7#*-7OTpjpj#d#*fc?8ue@iPxa%t0&$F2g|qc1!3
zDuRbwa4P(se)$U)D<Zb#GXtaG;^2w9sefe8GaxN4^_485?BM=Wq87K+=65@22z(AU
z{@fyKHkQtE)AE5dg=S4jXE^TYsVw3(zc@DxM~O3@2wGxnu_6|e&f^&*0sx*@PT8n1
zW|m(!2VN{v(0izpel~a#RBDD9Pk(YHsw9;6KZtp%$VzI*M|f3!pD|Aw3D$cOwOn-k
z=TFYHTe}5l5k<0KK+SZR{aas8p2G-X)mBH4erAek-m%?xv%H;4YZ!h!-BZeV9?wCb
z5h>LcdOLq$5X)zFA;GntqZUG1E8-so?{Qk*kk>bKICWG*iV5ZNFtubf(h&a`m|e`J
zUz4$%WWYv;9fejb<5y6~74*|}Xy5CXJz$0m_B{R<x<W^TLy530;tG^MHJ90TR)9hj
zw@~`F#ht^tcHAXR<2p`<-yif%l5aq>s(E9pvzAo63wkfN5FK!_YlH@$J07UXRWX=3
zi>qd831r$@*o=9Nsi_y9(NRYmB8%N+hDesy8|U(ua|U)FP1^(?Y-Ahk3CK)e6u_Wq
zlVo6F49ix+eV5ygT(a?B=*?|!ZI2te?03OM`k&m2rKm=Q+C2M$c60|27E0f{?EY?B
zX&V1NTNMond7}Z#<Gp4CGvA9{8cj5E;-<|19f9#{e`~&P#@jhDJJKKffb`_t1N)A@
zenhX2gLs7*B9PsN)ya$RQXi*1yA|+j6r`?E0*PcR_zi5?Q+2|J%3az_K6J;9C?f`f
zef6AIXEJ*?%LO%UzUyZKd}cMvI&%BHb|w`0BzCLe9ch1nIzHpKkLau%sA*aJiN$Fq
z8IRdjr%b1~S8etbHhB}Ap%v(!IYQ3+ierSsHNv0&iydsGK@3t91<0$hvGW$hw@qYK
zdUn0ja2;LEd^WN6|L)+03+SbH<#WHhb(HyWog3rJIDPJv$c!F%#VyKZuftHAw43X)
za~lmaxba&HT=@Rn3Ok&2UL)d!(nM<X(Cw5zC55cVDSxFZ<<3{9Or!k&PB1e6FQRcM
zsq-DcHjI2qR_K`c5042ZDJmyYEu<gt|H91QzJ2=-%$&f^NCsFL>g`4CAMfoY{btP4
z&m*TG2SyDEDJ=k;g){^!qErRLjboV=W*HL3*(U~)j(;;*VG(i}0>iClIiVvNmc<)^
z90T*m!-pJjaD{=v<%J1x1TPKo_{I5V@OTN~=<P=UrXUUb%_igfrP)98X#XewZ$NdZ
z%>;Oh%>+cmA>=<ZN_nk=<os{Nx&e|jMV|%=9^wB-U#F}!K(fOAi(;qr)I)Orx9v+k
z<d6TalUf5L`u|w$|E>HpC}|229Teh!$NG2iDdzQ%3V?qNx&Q3Z|D=CNZ!jAZX9Fg8
z8|$b9>6i=_%;2XFtgxx26`W8%QJk{!a;dEHr1bJl(dY|O+di?Opot!4JJuM{l*~7s
z9H$ytS3rf-6`f51P~h3X&s*NoHfRpi_vP^ph5jV~NJ$$O2T@{$v?MJc1C-}jYwQ-0
zvZP>pn$q!>N<%DFM?-$d$ud673AJz#Mo}HA(tSMb=w(*W2I(wA>tNz&^|Ht+@u*@e
zUnf;)X+<aQC?q@Do9p8Q*&Bogec@Z`x5NQiD`x%V^ThdpsQ&X$LfEQdw^iVtTme2p
zM>wr?t6fiB9`BR=bvexI07AoqRh;5jP0b_VB=N%Pm>oITJ{a^HNxPRqdsmh(^$ji6
z77Wkg(tF&-?;twor#zJ+Fhv->%v3nJHyO5J8X52iaH$xaS(-d^;vk32bIGtdM5dKQ
z3HZZTad46KoH?`Uo`e{2pkTs1J(Zwog4)cT?&qNN>H%p#^K%;uV75tRO%i-c{sr4Z
zW$g_#=4iXJz{Rox6b2g-Cz!PtcfdOr!lVp}HC`9o9l&c%+Lvk;!1t(EC-&KY&BH5c
z<vxwhl7?%wXySWb$q`YhGsGIu;P|_%`W<W1vWwEK!d$~Z!$*S-P44KAS*5x%dR$SU
z-s|_vLY)E%8r?l}o`T<QigH|>`(5kwTx;T9#7DT^k1)GhUtXUm|8d*s*_`$#a4;}N
zsQ+=>e;uZUzZvo;_<z02y9JUMpry3mita1e6EJp0OBHRPo{6{O$b{^_adi+JZ$rr%
zM_EIW5Tpmtl<TjL{k0VSxG;sFFTMGv;_a+PD_gIJS=jM0pzRw@*XV&SP8z!m{}HUS
zXTr%-=H1!ERm;~4h$^9Xz$3@QA*}2twz?D!*_8edte1zg44DawY*Mr^z)w-q?;a<I
z8bK$nnx7xX-uc!a#*z>}dPXM-fw!yYhIP+%t<QbW92pG^^ckI-$PYMKQ1iknRpLEr
zARI5HLaIva1R8dveYTEIKBs1l1HSpxwDl^&=JlSBCdJxM2O<dqy7f#OqKcwT<6kD9
zl)aJM6(+8eZ)cg{z!qLH0RMNBX1fEr0Pdh!iz6;KpBwr&jgj2|D|a$CDX!=QK16Tc
zb=v1SHm8(fxSoMN=Vq_fVvh&*!?_Oj=3{;0PDE_8FuA(t+&&Yaz6g6u{4h^eG##UT
zGivLUcc=U-6q-Zr^Bt<_U+{+;^tYU-rgcy}FDikzOX_IFXJ`>TU=-5C`f$?pwP54S
zt2mCmdVYKpn*qB=qpT>Rm-6|(FFtG$bt8OZYKumZ)jjhZA|XE5OX&KQtVj)ri{M3a
zTF^6zlOq264^ovnLnLsJ^aE$9BwknF+PA*-(;6GrBmQR7Y8sbTO%F>)rk1+y%HBQK
z;DqZzKWgP_x5!!ufR}{|<1Z+>MHgI8h_W5H+P#eLy}=Jwf3y4I^+9qZ0fGO_7v2dS
zMyo~Bzp=}3Ziov2z9`}F&F<xz?B8kFvhaE3#xfyNJ!iLhCG6CVTRTvZ*>}m+6l(=D
zy%1KqlYXWW$y4cpWFkpWrg3g=hF1i$@Syyv{m&EC14rKg>LdE~<=_?Q1HYzD!-m2z
z{Xmm0xkzxun2+;G43?~Dr7Zj(L+BN>Y%@Zh>U)V0#y`NZ|EyNQUyGU~aqZ23Br&ZV
zp(flQFwmb*>roX3)zY*Kwm-P7Cf3M}c<(0q%JGqbvsNyOZk1-s+THGhmJ2y=(kZVA
zL!F;%zD)o?^!LZF3q3w=^C!Im%k8?;m;#uaBea{WGnFpo)Sv0e_RN>mUAmlVcI(3H
z)$27EEoCa}xKF!(H-gPJXW)Ne4ZEMOjgv7}&RmzU5~);GE2ZAkO`W+rf3Xm`P(7G=
zv9jSa+k!Ns5RDd(dFygIxYlc;{&a~@fo1~Q0#{%G8s_Gps^7byf~>{;SR7F8&7R7)
z8{Md)*Uc&hGv6Y+C}DAT)2}|l9~E_ydk&zN0b))>wNYB!NX^mj4||4n*+x}ENqzk_
zGF7imZ+#tBVK?S7+BmRh*)apiH^R3+FKt{X_GLM&V^ybpkNJWf*BkYH0>_PeE=oUm
z?j^SY6l(jr%Ax$_KI^V|mMusXv&?)SakIGh<I-lw>QULV4r7r*tHfBpt}1ua3Fo|{
zVQguPp88|v+o)N%1IYZx4Jgz^Wh4+BoL_s_69KW@6op8=(Xj8~#ho!Bko6XNJ5)E^
zyDG!6!Tf}@E>&XGLMz>Ry8T2nWSqcv=EOok3jk%VKg6@L%`=|bI?rBJZR}WFAYQ$$
zo(P#7qQ?r%Sy7mYsz_E%YJlkn*)<=~2NOvbcCin%n3N=~5s!rnJ)26;#CAYqIamCK
zSf(<tOOH2a5D5!>a@;Q{j6@FEN7BvR(JfI%`a2`a>|Sg8oy#JQC9j}3K;I1q<?AOP
zQ9^#?pCc^ImuyW)ULuIuiwS)&I_gG#(8p!Hnv|;&$OMsO7BHZ&h>7;V@*>Vv7+IOb
zqe%fOsg|`~+BO=sRi0bSJ)2Cznq4%jGi6XQtohw1Mg%G2?XafY)`Nu5;RH!MBL<Ce
zOX5$oomfTsBZ`#r(qh~&{rjm=k)R7;U*FH&PayAf_YT1wPvH=@j54w8>+s#~Rs5@4
zsqMl|shRQX!tBAO=4yQ({@6Qf*_Fel#b=QmkC>35R+-0AdK9`Bj3j!XF&3FGVgx=m
zF(r0E0n6nuLVs4D^5<{X**bqVeOCR#nxz`}%7WJvWCIDQqy{_&5rTJR;Vn7<iJib9
zYPw{(a+HnFi@Va#OYX4?owG6+)BPuPfwYjD1J?d$rOo%Wg2<AJJ<-|P?C6Q<-q$>e
zt;dCXV+#_zvG|9B8IEUG`#X38CQtf7Oqk=+p-9%hB)(@;r)DXj4e6@|l^d|47Dli}
zE!GEPV7H|W(dY|C`X6J1!8!#%(!^-ZK|3i~VHnwLzdj}%sg<tIi6HFCpRnWX^>avM
zgO*mpCCRbN#AXLf{zVPvs*dq;qUJI^l5av_LfVIWWMsNB-S?IEmR5)_gg|dG$@Gez
zKu4z5L?ExK0-`%*dgDV{Ox9qH1nTM@qjIxbrZBQ_o3QGrNqKVyI}ba+uDUb`8L8-3
z>B4HJOyb4;o)7k(WYLTbKDj?M5+{{TK%kd9ke8nMkb84{|28FS1EFeNI#)R^koMe~
zs=PNjxI07Qp)9m`on}#UBiL@qPIZc<%30`4VhY|bubfVv>7x5IvRKbc2NCy4h3?D&
z)35#n@0uf1I0?cf4q5>a`obLrynmAntFNBfzLq)cJjIX##l)j%J;qMqK5y`{K#3Vb
zqlqgDJg9_G?P)9SK7oqHS@$&Vt8Esu97L(Nt8HAs(khsK$IqFrchAj#Nu%Q&fYBIm
z(kPs;_xsXcD>pCYlE5WgO7$Y>^u;f1*j*!2j%zPUN<6N#WPt$Wbg3&z5sqLWRIND!
zYQRa`H9lBAG!a>7>wsc!!bS@n<Y_?D!QS&Ylt*O<84sS>56^?}=Z?bg%GCI3q?JUr
zwAil?q`E}T$)mFt+Rp}?+o#FKr~R(;lIfd<x6gw9i?9Fc=%skp9@T#Y>M6_rCP*Ou
zk<L`TkaPePez`wBDHi+*9PG{WODWU1VL=p2n0?@72?u&Ppac@QKZ$Y<mzt~W;lVm!
zZ$nH(-cJJt8Hm}elSc6Zh#!1*JiQhY`8+y;hyb70*)$}8`};Uwy(WlMSA=52#zB+E
z!$HPgz;DW;8?`rdH@X-h;Fd?P&^+=^6pcwD<R1dn!oZOESvfx#WvPWvoXZRQS>gU-
z!k*q|w*G5^VD+3(vGHm>Z8tz>@{)e8<&IQ76U#xUeo_H#xs->(;q}m<l{Uh9xBczo
z(^jyZ-1*}5?q%apLDs(Xrk+riM-{W3r_Z{6<KfC%ZP(Vp|8;KIUN(Mi(>2_}ZZ;Q!
zvk{OkSmUKNc-Jn<u?sW1)!Y|XaY`uqvB(!O(XFLyt?A6>BnT1v^>;sX?)!1`l{R7v
zS$XV`h8-7l^J)%izN86ZP@tnD<TQTAUW<R%mB{vdYwyA@6uw#E#30Q*V=D~2ofjs3
zp69f*vi@S=$x<9O69_jin96uj@Rz?c#05Y%!!V<<13QpzfisGXo-UT%v2U?=ChITG
zRS&)@nOO_O5hwIDi*q@GINQFm8SJ(bZnP`Df+Vi;iDu{r)@o5N6a&^Dzvoy3Ja$wm
z_ZCqTsQEE;$G%v{Di*O)s2LpUF=0;WC4+Ac&21PZ`l%FJI9>F!WYglovOe-(4!D2`
zg9_L|ao(6ZbC?0~CZXzYmC^K=hSdEA@q*nLakAVfgLYyE1J~HOuXhd|6#7D_Aj~B$
zxoA#(-fsv>yf8md<d|}8pD3<IqlZ$F1$Mhkl6&%j2LN_^5n&T4|FcR5crs|at@v;A
zjREl>(Qn{(Sj6_u5xFR=49MDtfiVCI$|{k?>reOoPdOvw`5;TXoYZ*6`l&ZyF0&Iz
zK<N#8GV5ypCt!3VBvY_}<Ej89WLcP)nJUVOSeq)@NO$LA{2=}k8FI=6t;GFWDb(09
z)yH@~QlN#ga>O+*lwN?WQ>a74^sl9{<VkwIHAbj#Fg<_|S42dN%lHo1(Fw>sKnU@s
zBaQ9#;l`7vHvdUbdk9Wu8gD-0!=e{lv8ylo-3w=oRHLuJK#Jf|%XO5ShRh4LG&uE;
zfGA`u>uUO)r>Q?i)*W0j4U(6^^%gNW_BS8C(0)x2$i@F6rlU3o*DenlJNaX4pUd8+
zK+1u-cS?YXE4ox#m1Y!4dK`c%s(p*q=7c)nHd9Svjn2};(=U>nPq9wI30`6($r_MJ
zoQM@F3JTfd=w~Q05KWh?&lf?1fP+Yd8+9}_zG$>?7Sj$q(24e6PP9;{l<nt&Zy&(Q
zr`yFs4B<YyQ8T~)sNAuElUn9$457-r4MAlK3<!{Xf7Q5)Mo{m|Vg{fdASIu&^TzJx
zEqo)QOr0$2H8ka|&D8Gew#5|rlLvMs$XR04Bp!frfnf=CmWbCLewJW4Go2Gsluf6*
zHT=+I7@B4JjcuEt0ZGmS=!TBjXL)L`*{Vf-!?kqq)VO4w5(1J#9O;L!hw~1+mCI<T
zSD=pQt5M<#cjKnzj{+>>PGGP81Kr4!Dlte4cC4P|*whsB8ccdl4$*Ao^BnS4u{GxU
zCtlpjA{|0ck<gKoBT}t!VAhQ`P$aGjurr3;=u^RsIhr;xXRYKJ>tzsVTIxPS?@!Q<
z;9=u8NA`D~FAN?9^?M2iPK$(z4J_&BCZ^>6guU%Gk{g1(tODQ@)Nn&LM2|kf=ujWO
zP>aRwK2;t33f$6nKCdjCXp;@1Hh*Tk_SK3%c8Al_5+SAXA7Ss#l`r`@k?2QB3*XGS
zyXnz@78<U}0hQwab*1n}&$J28gD&<~8I01)c|smULk`A??t~Tb`P|t_^f06`i`Qc9
z;b>$V?q$(k`3h(;nS|G6oB1wUm3iE|7>OO_!^-U$r0UBd#wTu)YWnlRRV1UK7d?aW
z*t~VV7piAagZXhl6+3eq)<@?W`sNhUm@wsf8!Zx@%NXUVX2r@r+IE{<H&{o}?iZz~
z8H@rJg&yXw7sV(ZiJf2>-C+C4awnJ?{?esAb&>||*&%@EuTywRV$7i|yi%~X1&YQh
zr<2UbOFSmn<Ep)!yk<Ua#XeTz8l^t9KOhx`pOns4=kJX-HSrYn^gJGLzNTp#lEU9j
zWYKF@H3wWV7W}?84@EnF{9r(Uin}EJ%>jv&r*L1`CZ+epx`4B%W>)8@dODaNVHdN4
zZnUFkh@*lM#}!}EzS$W52=Y*~7wkxx9fHIFK-64rg;=cnuRZWSqtkzDuOe}uSG7;t
zcw5Kw7vxMy>dI{XUXJHrr^${yEAPMVnSwBWFLZ|MqBVUit0j-xm_BWMn?50aQ4k}3
zUemSnV>$n{X|nCRiz=ak`a<h^{*c{j{`*TSKUtStLi(*BQi3H#ewL&ydwAC%8`Wkq
zfYoC@dA3RZzL;U)sveQPwq4Xa+(f2>(a5s_sAhy~wlt0uxJ!4e!<=KHAn#yc9rdwV
zjBcwiblI(AmSc6k-9skKYL)GIq*>-s*;{|aOK<hjsrCJ<121{>lwQ%EA03CTF*{WE
z&Q+QJT!z75IKDfZhrf!5KQsT%Qyeh?Pz|;+B(_{;{jsr2L9ZsDmzufX@U;~ekRx`O
z;%+m}MA>7yK7WGVNtfysbyV<Hex|r9$feLy@_J`+C7RKpI$^gnf(E^Kj<Z|__OO}j
z8}NY*IzQ#6gD0p%jL70xNua@S($DuXl68h}iuuX>gB~kIN<KSD_e9Qu-+8eG@IHZ~
z(iO4(y>zN4zQVJ4wtOdkuesHPa+3$IN^ji;MIi;Q<9vH8Y{=Z82&iFpQ6*6KZN&TZ
z|KaKzg9B@Vc4KRUjcwbuZQHhUHn#0-tlikg#<p#3Y}|dn@BX>>$JBK7GpA~%`^>4D
zp6=)Hvx<KX^&V;B*((jdaFp3u687Kkze|cd+r}=B%j^%CbO|R)-D>Fx<B!UlMS4v9
zSVL(T|B?{0KIiMQy+0feBUTAcnyN|$K9I8n3&<6Craajc?n25`@;r*&y9F~t+OPK_
zc(uaITghlts&mMk7lP{JNgs<N4JGPLM>5B<-H-8Xf?QN4kf;6xvuC5DFZGIXYa$W6
zXL@gIAfeVc+x{&;cClT4R7u*CV8mai`(TTC;@fAC3d)SlC!f%4eC*D2e|%sBO1kWi
z2s_BW{rkjGHdUvB*((jSP4rHbDY>toeaKZ#YUx0gugN^o!BzP)&|h4wD*UW?Vat1g
zsXk7FTk(zPIEM~2{e|a{xceP@P3|0RdiCHlz|v_ZBlo7yKL3pJ#;0PoW|)>T&$N(j
z1LZ8@eQLrZe>pmsW_@>iSO%66FkljsEcm%GkQPZ7Y|iC!Z{&S93jt95snoBnUb6*x
zC>#NO0DU8~1)*Axvm-k?tRkOPJ!+G;`sFKHp+{$P*Fb%32w|ordeBjfs!#UUWPO3N
zct4^GX8#eR1BSX|3BxqVOyNo>w~rI5wq4*4i?Oq8H2-xIqONG7>D>?pAdOlNEl(f6
zCqq$u7sgfH2-+BXnFj{z09FBK=7uJvPPCsbR0)>30il91a!-*^DRkxdALQ{LbeAn;
z6Pfu0kR{TLpsUKj<us`IVbplm`^|w!I+)kMP_H;<5Bjxf(+hB4$0XtV=F{P-4{uOE
zrLr~-r3zG32I6rb<-HOh?Y9Vqa>cH}#9XGIje+BXl@X`Ij)N0{S6d^b(~W~u@(SN^
zfeHIIsB;m>uhBRMubp+SE)nLTY(>FDY%Jw%Rz%x&Hu>=^S6XoMWGL?nHH`|ik|E~J
z1QoVgrN@nfV*>n-%VETb{4f@(w0@DdDg;}(oVoEbG;(6?x&*Rfym1B1?c;{HpkO3#
zGdkwUy<&T)e}9Z4rXwLtB`)}STh8vWP@A;GoNY^^5KpZZiiWP=X7ivD51%E-Pak?e
zg~2U8;r}qNrQHf7jXh$8N7boQq|tKLiFZ;O%yW!XA_c$_tjcQDqzZ#ZpAIu+yj2b|
zB`Z8IRS+DROtukr1oc$mD(k|igqxz#j1Dl?>oz2heP}8w6=unrBvW9vd{V4BaZ~~e
zT~Pg^F<P{4Buqlx3x+*Oa!m~7nl5JpaD;{Fl*cYYfH5%|vG`hY>pJCD6$IFCgj|Wg
z=xDv&wt=>z>7*a~hq>`s%0q_1nJkMoM;fTL;%#Y(X{B~%NtFcdiw@-(JauMLBA+aR
zQ)-WX3z!B6>e!LJBN~rG-RIUOF5*^nseaITf}Wif`;+-#j=R&CeFqK#@DiqgTMaF=
z$6jH|p}fB1)vK%aaBbbeff82RB;fKHqDKC}1@!$Ku^<fFjZ-m5enI0d2>jwg5fx%i
z=is)4y&%;_G!qQF_d?w+h}>2wpQK%*A(gSRH=h?oWY3>__f4vIMZ<f^ZATuf-#?J*
zTa>`jw=cd~l*rPvFFswAXzy8*YN(23`_~;x$h|53=09tDtf>?HMEWmCo3?V_q=|?I
z0y3%p{~U_`or&5e!Kr{zhkhoMt~-px8g-Kb$Ut$S#u-=Sd+-=mq%=I<+n|x{Woc~{
zb+yPS#v8Mtf4TpiTDfr8_<dSG)uSXvQN#-}rb5P4@7sLiEv=gH=-?_LpwCCl(L!Cv
z3<l7>iy}%jv<j_2)3_wuU}@$jFbnWrv=wnmZ5L3PBrL5ecHMwJcJ4M1=Sy`7{c-`c
zz6uD^GxSt3R|c$v?;-<@cw(IJdQuUhZ50k+t?4Wb6}-hT+l%hDU}ix>ziEiY8|g}n
zVu}3JwCC=LtaTOj5(1qF5j%nzAEV%`>pJX`RSrGbB7%;7ocl3;m!`ecpP=Fug7)<N
zSzhs~><4qy2^tMZ4lHGL`vLi7HS-S^yjj(p$uD-inKhj8o-d^sm~EV~u)ISl%n2wW
z_Dpv}3!Lajhe)SitvpjP50z;NUWv6FB7(P03m^8S1Y&w+zPsOdPWFYTzfhBJko4iy
z6}!0UxG=Yv-<)oi)KS~}8Ln%FU0)#o^UDSvW3n442r7st<p1xNglTYmz+c;SUm|Pg
z?GrABZ=HBD>WSVnRq{7YdXxTgn%bk=y_}aYiF6?(7#;|Ebim5V7t=Riv5D@B0fCF@
zGsF7r#K>R>P%`AmLk7tfdC*9{?uqxS{ikjJJno_3Yw&f~{9N|R2UgKm(&_rm(S`;^
zPeHX;%WeKI<esM?Q(v;*0G(rF1}tZF3?FC67tVDPuHMbMr6v4!*X=|v(r-Oiil8bd
zx5LTMs_u4~=I+9}XK9q*Idl1{`v=QEpYhT@u+~ev*~1SdONT~l=(qL$Q-CQY=f`)|
z69Py%V=Lh0(?=FoHIsV{rX5eyQ>DgSJ(Y`T<L2(Gl|G-vOIQE`6uS?uycc>?Hlts-
zj&@O&69m%t1)N0*`KH{+89H7;yX>5#jts<5LmV~>D~Ai4YbI)c5&{ZcA=a#{fYS!y
z*!lJK`Y}hxahU*K)`8PB{?p~He%aUMb<P{@YfJOt{$^^WSU+C_pUe%Om#$;)S+yJR
z?gF+=i>|HTH`_qu()h-a>^4$pzLmh3y#PzDGK8~Z8YG+5a=CDHlvl4Q4!$3RSnXl3
zMXaG@EV!-h^4I<2<fRpjg~i4SgM(h(CK1~v7K?yG|5B=lO?QTG02Zi)9)WSc1A9@M
z{6J>INBh3+qT8OXhJ|W|LKT!IA%nqT-}iCHDU}SqFChS72?^ropF+iQWmLzbfSK~;
zT6wqF-H1V{t$Z;zs|$KPEr=NgSfLwl20vWGOeBAg)H7o5GknKz2J%ap`vj4bW+(Ka
zh_sZ|*kg4IP&}ems;zgL8}}@M=Z5LS_JQ$T?fnOWWt2ZuFgnId-mPz11D+UU@j@U6
zQn1Yh-j9IZ4M>b&kj}jkLZ^_qU7Xk-R8mT>Pv4=#S<~RJA#XumUu5_;{mC!_JeA({
z%Ebu}4O_;21r%mzFpAGM)a!MfPa?+7P)GP}FUmCRqW7sB-@cYej&~w<vX)<RA@E92
z@9cMUyB!r2uDp1lQH1OHq3UcuIXMzUdDMn<ryqc31)E=+H<TWi>lRB2<;UyLk6oFW
z+*iS{+k57WtZt@db-^Y05N|QLKkj~=LYY5;ucxlWca=$0IbK1fsiQ=#1~@rm<|FF3
zTXpn%<$`B6rI{P4+5|M&TZs#BViMzZ%@C-U=fiBz^r%*~4KU!&dbxbcMJ{OGYnmf*
zp<x0fV5?r%x+6XARrt6_+^nCarivigQ*r=UN`7e;R+|;h;`u}*$o?6f#nqbM^X^gO
z!QK7Eb1Gxb*xI>5+2RZIhqr}jH4AE7gMhqOO3uMb2ToSeTVy;Ny5)W#!gZ|pSI+Kw
zn{}O;cFmIR2gMXY&y62^3FNZteyp^c*)%W_8IhjI-MmDSUFJ-YWjK;)MQ|yH=iMM^
zC+F+%dNjy+toi^(P#_TeS$?hA(z~ErN;r+wR@g+&UCOK7E0&)ND=<Ks;de3slkYGt
z`ZO>k?3eO_{Vg4UL?B?Qe(>?!xL`XU<(!qHv9%wo`Rz_qbsqD&FU$(K*UP^wHUT~V
z5{;^dY6a%B^pB%;a+!WD37NWYGFrQTJUSJ-|MgMqYM*3hll*wCEvpOrRIL%7>|A7@
zoMrmo=Mfdm-CYckIy_@vN9m@|kZ~cGWt(TUw&tBMo;gRwWQ`R|cN-dh9&1q>M;WS3
z^m1%o)+no9MNHQR4%O#JXpaI09z){zjp1DZed4M11jts3gW#!<IvoO7PrNTes{gCe
z`KKwf&x!>ru2|zEn8}MUrA2JK<$ERtyNtx@69xN4%d_XKxQ2F<ZXQ@lJT5@;Z^%!2
z|GA+{gK3)9y!y#~(96i@gL<KJc3=L6A3l{F@lcINXwKUufq(_lucKBFtN$J2_1d+f
z6?>Q)Q&_jid_D=bCH>!GMy+th>1qV+9@p%1|6!GNi}g^s5`9<Bxc?3PUB`~)c`iP_
z&w(@U>tb#iHdW*pOOGF_eh1+mh3LA%?(ViWNvTO=fk$au9yz8c;kkl?+_71>-fz!l
zCjlt_=AGcOBAs2<9UOH+izSvyfVAuSyj2LxrfTAID5~pB-lbq`bj2Cx#dav%xDB)a
zDO#aJIUt{+W6-dD;_ja28MG1dNs^b7t+h{#G;Z0bkT9L_Y85M<gOCrZ>gWbfX0j?V
z;JZKi5@U51tn6#{oi2Xeiteu&SHkbb`ZWOZj9^v5)VpjTP%GG>N@yqDo-NIj2Ty9;
z?z=UY`M(wNb3-T9Mbud}Hhy<z@skkM%5~`2fpPf{$u*}N(04=lT5#7ZSfd;;b{iUK
zUZi2EcFGo||73cX<eO%LfT5bZ;f9fqvD!!e?1T~V?W}}o<_&a6&qJ=l%~nVNB6ztV
z#I2(ewTbR4IKqQYMwvu;mXg8gyIonTRn~Dll|jbD59%j>eg{}$)J!)n8>7T9{>LoF
z#cXyJ|IC6fQTaZ*sI`^MsxmuuFZp2bO=s_)D|oTL%YvWV(EWu_=YEam`esSAd}oP8
z(AMVp;nT9kphQ^C;X<DM2|!i8O+qCO2ig^awo_`NU4oGOb1K60f@3385!e{@x>ZO*
z4ua-_qeuH>;pV)-*61~VN!sv#Mq=?(>{-NXfh)%T&w!KzPa``e15jM<is65ETiXYQ
zw%qe0{!05nu_RyPuVe5*z`W*}>gr~Vte7B7Y|n{A8Rkra0|2ml6|_ldxmno3YPF0j
zzLNMq&S|tfOoLYW85h~=%M-KQYZn)lAlUNnRXk-f2)=RBBDx>rz?uCuY}`peZPV$A
z*G&_+_8hGSS6ujOKI7B*x%8tH(6Zdya`q|<rdJ-v)bza>-mOOJc{XiLe2N?J#P_?A
zbcR324=(|@_a>J-c+c>|f33PkMtw_*dGruZ3#(CaQRqy&^q~vr>A<P-#B(^?X*r?_
z;ON@F)`2#BSKd&29o`*8if4@99h?&sm$<6y6n&+ff+AS7So;#e8Y~)N{9p_b=93X=
z_{8id@)-Uws3EdUv@5E6MzcgAH8(P)$`XeiXpIGi_7s!c`O3*#zQp|SSbsj&TvyI!
zgp;S`ni=f!{#n0WK4&ByN;9ziu^-9R0l@`TQc#Ck)`6H7tfz$3NW|?0$8nR`+S{k<
z6v+EqetE$A8eMKH&erzH*Bu}KWhc>#EA>EcJ>R^FyP90Cs@J4ojm*MT&vj)dF{6KO
zW`YY4znra=LP)Y_Tl$cC-yt{`fa7H2LZWTuek&?2!@~<t=e2^_-Qk*8kq)6mh#Szx
zSDUk4h_^SN5E5*^>WO`IZjIkqw{Rb}khM)3HYR0BfK<GknHNMVOAwUajA?urK-ux4
zStkvU=r1`lc>fbeEGV5>(^ZsGwCmEXZej-<%f{H#bC)R#BJnyYQTHedW}T}reEEPW
z=*GV8qXpR4oJxGO_W9~n6z@ea+o|M6hYrU3Z*{i&$<Q|G!%HM1x4GWmR}~w4*Ly*X
z^Kc|LbTo5^W6P<JMY=#9$b26%22v10W5LN|1@SJ}N%a(cr`c3A&M#JtpQpE<{kZ{|
z&!nNixtp&gV*sHnekid1^`H3lTp2nPC<Fbz<avaZ2O0~mPV^i*@JUsgH53Sko%8(y
z`M7zDOKCEQ5ndo318$v5$vK#juzeWD!w#<;t{)S5v*`Jq6G@F>H#+=EIS391y0Yr}
zkLVM%*Dg4Q|MT9zNiFckf-mN90o*4;$G;Y3%=))D+Yb{K-&h!>PO=?(Q2@E@{y-bo
z6kaI9@)1|O(3`-qFg&>19$5Dq;*@^qO3zz&Ljw6&pkR-IGIrq6=_fDhtB+jf3p_;o
z>IDY%l{qecfnX`s$Dq(O&&Wq070<{T6Ti}*ylt><z)Z%sfJGEAO%P-N==qiGi&cE*
zxDXR{p?QWevckKW{?dvvKl%mgD<V~I@k>zj4>>$!1fZ8fdY+|Qe54;uQD?hZv?VvX
zCuj?3=n0v&tjUBM><equqe%kQn>5LOg_{J;YdUeO9qQUVpAM&0sGhV<Ztto0Vf4%k
zk>NHM8tT+_NlT_X^_x)uDZW{nwx0Jgn<V7#>iXCz9M3(`tBIeaPN9rKc|X$ojQiWq
zPb_*g9|sP+sF6Q?x}gF6>0qFxUp5}GX-*o05Z;C|IZm?_jNh((W+<;D&kSuCX%2CV
z4N1rHgi1i)H!X0j{XX~>Q&Q)3Hfd*wqS=T4o28c!VFT)S#g7r-CwOYA58Mv~9F3|G
zcd_PK&=Cc{^;~=&k$=Qz!c^~YQI+wiDVXx`!@3h;V7*&j=(B<~Q465#%D2`hlbm^o
zT}<~DH>P890;wLS5?!B!Efw`HDbyQ2-+cNu@cMY{WxYDV<}($G-f8YadEqcEtb85J
zVQcbp<w2`!`I*CjkhX+ZFv*8YWwHG9ZhVn}v5AHPV7Mk^;F%^<luKueFXD+9K7_l2
zSAVjspItO@1}t@J7LVigJTAbS*Qcc}f5jiWbJNO==R{p6A`^`tzpG#9#oaMNM*Mv1
zD$ksYfUO5dUcLuaPTHuNFJlTUZ1#GyeH}&A#j=rI-R=bd<>Y!MK`|?-mWM+ZyN*k9
zdvpjU-8S#Wj!|t`uJ?&=PeO#!^{fi-UA1YY+qAE3$^t*LA^pp-BC!cNj5xcfRQ^wC
z-UjZ#ls)&OGLVx~D?1lTFZ~O5^|l9MSY!1wLHqiOgOo46tx;ps=JyL8fwQ%b6|h|*
zef%)2y#{pO7cE{qzUpWS#s4si8CgVNlh{avxMpxSpG!p8Ua;p~$hGB8`)$9IR^xfk
z+qE9^#4~f&vcA@h(0ZcW;=eO@g$QkbQ_^d0NV0L(5~3irw`sAUqHQhWooDGNR(Iz~
z0ROv=*jL1l_4f(WInW7tL5Flz8@TP(K_#3!aRgXLhbXqI`W$q#1yy;zE$uKb*JY!(
zgBJ?i@_3laM=dd*xOKpC=16J{$H_r;`+Hb~mzo}@6t2DsWc{}L$-IkS0r>P|4^HDC
z`F;%RM-lXG)u)&swHRTG%gG+mAbUeJwME<-jr5}Dc<#!A&6GYhF_;c3?BbA~-9YL(
zCIdqezA|Uh=Rb$aebm@J7lMU^<9W`eBsrVk9Og;yYwu>OuRK~#yS!Ikm@t1b6Y`rB
z^Ag%)e3kYb2p<=n(*P}}53R#~d3jGOZvK4lF3r%)d`BWrYOt8Oq?2}bp4oYE&>-(<
z(k|Jb;cveVnWk_(vylQMbCx^+idfk5S)lY+ea%qB+uBXz>EBWy>oH=WdB!QEbKMPO
z9zSui>fbzPBfy=$Wjn~UliH-Aw6D7r%@R0U**H_+^T%YW%Zb-)OzB%12B$b!r*%wq
zLsfXRY%Y$@yDzWe9-p{m<aRkv6_`J|TiIJW=9n(=>f?8={fErOO>J>Wvibu1`ksb4
z^VV^%IvJfEj8n5mj~#D&ISR`-2yO_2oBqxUW!ryY@uyn<2lM|Ao2p$TI5ld!>gFml
zMa)iHiuh00s=Qob>%Y7y|5RxfhCo@@xKP{GN8n)AK`pa<-09v!;K|N!zi&OdSgywq
z-+^N<YqQ$5oBVJ8SFKKSwEMI38|(by^W9h0Xkbh|;b_k-MY3F*Z+0P&iu!AvP40<c
zzL=5J9O^vGCxW9o*Gy~^J^)`;L_U7scsk3#joo6<AxhikvsNs_%O7Hq+S1X@(KVZ&
zWFY^aG&@s+TBC`6^SdVYWjt5(^<6sU(cgYLGgqS#;}M8&UmBRp^|!yoKHQEXx?X60
z{G5d?cNnej_@6%KTL0?=LQS`1UXTe?-p}Knso9@l!THqd>%>j3#b<AG=fthkQrrI5
zNm*ZaWwXP&jeDcShUVhZB|;WG{*X~^3yOKOq$s{gv$nH=r`YT_9k_`}oxkm*XZ5<-
z>Pzf^<OTasX@zSMCvDMr+{(p6V~k<8`;@z+9qjy^&VKiq|E3&?Cw9}IJLYPgnBuTa
zk}|fQr<A?|S<#f|x2sKN1R+a>wf7Iw32VcJ#dG99Ivd0`#;YXvM)$A{T<_D{T<pW#
zXbxZczcEu<zWel5%+=>goiTfZ?V|Mo>Xgrbr{Q3UuFM5PQE~NELe@jm6$?$p8PY1g
zhlGx#`(KdFfS!5#Gpkk>8q+hRicHQ+h9aWk$Apx3MN27rZ!WamcnN5+=Pc$5Y$GfV
zUwitH9?w=wfY0VU)YoRn*I{zD1g*CxJN3HnUYI~3qfm{5D2fDsK-BM0;+ttS2)QS)
ze4Cc4#W0*PFTM~W@bsN{?Ao@X`2=J1aTh&q)eOgy*x3~)w8~o}yA5+C!xaYPkq~jp
ziHx{5ErW<Rn+&d#WH81wV-p6+4Gu=<wcCAX7x5+yTXkzD!719W>SZlGhsGM>(%y5I
zK8S6DaI8^A*i%;)Hph3j10sh@^&<^P5!}BSf}(PVw-;r7@X;NDhV**4TBZVWHb5Wt
z{&ZZz&FgO<S#>9VTCT^;TT?9^<8|e(oj1f8Y?@8_ZdzrRWsPy+n{ec3`L%LR=`peV
zqig#?-u@738tps;J&V2O!CeIPMwT^375<E2>i<V8KD4emb>uCosoUh&rIsyl;YdU;
zBZ;-X#FCWLee~U#!tQ0%B4Y&n6B1rhEHK!cRqny7`SZI`LZX5D*~?>1ZRx^sh8jze
zum>{h`qMX-Sqwt%$M@AtMu}bTO%KM{g&u|}gmKPv%_$R$j?(BCV&|F@>@E3ig#JNN
zL#@ajif$B#y}!iKsI#`N9IT7L)i{B15lu6^5DZN4*tk67B{qR6a-vD=*mKM`iGuo3
z2RqKZcrlZsg)~)*v(`XTf)LUc&sHapL#%hyeA7>@Pu8}tZB^EZ$bgP4M1INy`{z5j
zF}3Nb&)4)XwA}bXp-9qt0cdeKnpzqX7`RZLBNPMGq-pHJmKcZStdVZuba%xS&yl)%
z4238%KO{qpk3i4-P!6@BoQzhVEmf*frG{hKrintfb*Lku&A=-g+C7%v`l^%iYyT^t
z&v$NqGi9sjO2+nB|K;!3-{{TMu%$FM0$0H`AUdP!n`rkz+V!2}dg|0R$(4=OT=LNV
zT=La6+0k4HWvpZ=WmgX%{=T@dmULu#CHdv}&6VB#RQfLQbacn@n<qQ_KiT;dRwwNX
zN;#cD*qR`$fXpC0@iW`7<f~@x3$vB-pD@3k`cIC$9M(MjBJ(_~x(9rGZ`EG~yYydZ
zKJr%r{8B#^T{OF8z9?I%%Sb+!SKc1sz?Cg6tm2;`-N+3A1b$nLkHGx9v6&jW>mlOh
zs*=65KsVZGogz*gpWiPHVo#=yjWDQF($6jeo*Edk5FmPOq{>|~0=RpInEj!b^@Ag@
z^#r%Ybi5h7M>5<E>Ic}Wk}=53vHNsEGi5%xtE5(L5)WHXe<1^|Hb-T*^-N}Gv(}E}
z$|pG;an%_Cjo@i{&jv`1l_-xzH+@F36X|Jt?oY-ZJxRxamy+3YjsR;;oZx^WL8~IP
zNcMJ|K4w_{uNT6>;7c6A?6|u(ojqobx(Ovd$0gignJ(Q5<g2WQDvhT~L<IE)){`aN
z4+ejc$$)8tmp~y+-d0hkww)EeuYqa7ukN%D8fYjWSK=E&*36y*O^i^CQ*0n}6QwHj
zW@m_bua5@U%@0s2(9cUaFD#$y^xXj)$Q@|Di!g2+dOz33N*qVNzXXrtOroZT^a$J@
zmoK`k2wzjJ?MfXm4a&SciW|!?OVg@|(H=J(=yya9fBsPofMiWAEk#MPk4@M4KJqQ-
zBwG3b=y6QoKRF{R*kO)nIkrgUcJQzT>oC){e&j9vFx^kp_}j8f=y0#GP@U$u&FlNw
z)?WFU<xkOKSn1QTqrz@XF`(`(#F1?Y=c@)Ahy{F%_h3gbx|J;jCDsHRF=x-4Gu%is
z@|<crzJ=iJpsz6~rH6`rD`iB;ImBJp_v5euhRQrSzswMJYjvQQh{Gb$P@qs$Tb;tJ
z--B%djv#6xR8p;&(rW@-MMNRIr@ls;gMKKEQwp{VB1rjOAA?;>KEz&4)ySCABk+lJ
zFZ*yohOmf+8NxIRJTIngY@!A14R9B*Ci!h7&7nD@vY|mF#zW2Yg?D<l1C3Zgk$hIb
zHFO09mV#smmMO?1q9-j6KqeB>dp2R$F8oI%mw&Ted$yg~%jOTiiHi5k2(Hf?n?G8?
z-^vyioj@r7`R~T1Us&WDh{|sq1mvK;A)LSZLi4K6f^x<XZ){Km*5*vC;jYqGrtY)?
zTRsF(ZDr;&^sQL@TzL@eJL(9I&qlsLbgy=5Hzj|omkZ|c2;nOSid<9v_0F`=fRmv(
z%Fe4Ok!=l1C`cU%!{VLh(94lk=?ykk!W*r}HL{(XgFy0hsQ?d!;(!x@-l9#d`TU<+
zo?8p{vsMZ)R|m~cJAsVeZn*?7kz|CeuOY<HzbsGjA7d2A920O}7iRPM&)Cg?T)+cV
z4-HiOmK>|cHXXr!5CiC6Q3$(sv?2IFfqsQ1zN-P!#5zh{ou{7<zQ4M6QJ!UaQPPK8
z+DRrtm&xumy>N}TzUz^2@=%Dm^zdH%0x`aRL2ibJadpp(Z)B?KbIo@2yfqoXNn#Bu
zVmMf2ju;Q|XvwqPdtu+&-lB*HcwH<zTT2k1J*BKx+u2Y&L3mr_noGV%*rM9yUG(Tg
zJ);|ZHBGvPI$MGtO+v%X6yRF8Um8Yg&yz>lul&GlMAEv0A!7zNXW97jty=?pqq*!_
zne%_3cYj`IC9o)xwS_%UWAuW*4(O{B7RNb6!7>z7doehh5IWYxy2fJxP(}WI?|v>k
z>ihI6Lw^t|yc@Qza7B5=P*bO!j#<_(B|g$6JVAmKTjtlqV{A0Dx;ln-Di_--kt>5W
zTDEQ2v${gCQc2Ml;X_HRocZA}{VW5)rbBCd&&K}I!w6a1uqKVLC3tq6y(Ht<Pz2$)
zU}F7_eU~;D$kcS|nQ+<#q6>HsEvGoqcHtJFgm4?cvb8d^n}Ia(lRQHE){H_tNH;HZ
zS}*i(hET*LjD{e6*+0GP)El5Dlh~peU~5e-Ukh{%YOSnB!<d3%`L<ZNKlnpe?>}gg
z%#ESc_j94GB1dBP+t7CR7m+h4LXNtW6eCAVCcmriL-%5gnBO!4q9!ki=}2V}ym)U0
z@D@Dv4FAsX77_rg8~N&~YX;87S_L;UdU)&X$z1L5Aks>&Rh!tY6J%>4$Plq!%!yO8
zlL+qB7)}+op4BxsV!};#c);$|4i_j4Tq!d&i(vjM)zLl|6Gld(qaaaeZ=W=Wut4-9
z`7BOgC&X0PJ;w}iXilaLdc_utJcD{gCqu)aX9SF!uP{7<PJZ~BvgBi>!d-Zj;N{vK
z%#AYKznnEhavjsmV#_FK5|1n1^ZpDHTc-6%3nJ^0_KzY4qBA?1+#j+^)1G^u(ro!*
zcuv;49n1B+HB*R1p}>RbLdQn+j*8mQsBT!_Pu`n4p09z|ek-;0MTsZf{ZLNBm-1ZJ
zDMP)2r~>o%9eB|9Z7w|$&o^+WK~$VpHir#m>LEnvj_kD%so@n}BHxa}^}x+JQ!~R-
ziULrcjP6=H2#|<Mun>dT#OsZIrN3Laf`-7m*T>aWe7cN5up&xg?_};OF-!A6>Tbq(
zeeN;KKent=%`kJ*XVUu4uO^PrY_$$U2HVBRjtoVz#{|2YAqD+!ocy;Nb^O}31Y20^
zPL-Tt<-+GQ92=%|Kh`_4J!@(Zj@D1sFp)yuA}&7QoTsT8L2I<&^ACtN{D9rG+~7es
zYgy^oGAQVr*Nq&c0vbQn+zZH~%a3Wyfsfa(UL0T<#OqWU=9Xkf&&W4n4wYl5qn2&+
zS_Vz--6sUerRn%M7Jjew2I||fePkW%{h>*XLN?}*?CL44rOA|>WzCh&#wNFl+<<HD
zVnBoKU6SX?RlL+UZ^4}mz>;k&AY%U;I4Opk=r@K?r&x)uRSG6zNy#7tW{#4?<!Lvn
z0#o2kGq4@pouZp{Dv_{@Nk$RnQmcGA+9#M6OIov?(t|<b(Mvo^P!H*+3SWKSf-cv0
zFp!ZneTA6mH3{^<^C8x=`CEu8vOmY%M05HbgYQE<uKkXi+w%R6rlQ~C`}EOtToK3h
zQlX@-sANftJh{F<g`WnbEq+Y64xAdl8kz$SJ*cII?Qep;%T5y~bVS3jWz9%>V%Bj7
z$dR+V1f7sL%NIDyu7nB>4aN(;n!i5PJM8_uY&(6tHJg|J6^_r0+$Ay$6l*kjVoI!P
zW6b$2a3#x(i#={}Iv9|&7#F#M8Q|=-gZ|!T*{{K(Cd#R%K|X1FufNEW%8uXmM=u3T
zJA*mXdpqh<#I$@Y*5aJ)wFS-;jVWQl4!CO1wfi7!dft{pF$3O;YW26Fyg>k%{daP?
z5At_>xUc@+eYRA@(l0AeRIqm&@6T2nSU&TOKR=BW$A_UcCC2*IJrWTplXpV~317<@
zs$@_02q~YD)Hlp|lX0EQHz-o<sl0$Xy)xkxGI<h6`iu3lbxlHAPDbQfcWc%i??*9j
zv<746XL`Rry04cGc%DB*o=jM~$5rra1Q{zYZ_&Q4>bzf!nDDp`wPoP4-kgGid-QsW
z33Z|e{TdUXAe54BoWgxJ=X>jGq^LJZinpQjdaLd~EY!g@5$#~6JWlvQ=u`mI&Plaz
z;)Tj5)j|TV%aBGg(Xrmm_thW}XK_aIy&UNz!<&AWtWyY^oJtyE^ay+3=T<ZN_;q>s
zh=h@YcDe3GsLluQKrpcc8ll+4{ZI>BLSe%5PIaZlkvX1(ugMxK)NZON6ZKo8S5bIU
z2)zOpz5e2Ww#O7eqL<2^uxbII1FY~2<n5CDur_IOqYW$n!euPH6T&}&gsX<)w^aCG
z1m_kYOymd1${Xr&LXR|JMO0;rW;Rs+HOZnGFb*{_i7cyRlo;YM8W+W|DkX@-rj-n@
zyil>};&pPrV)haTY6QtgXJmP6GOm7YZc5YSV;Y6zsR?pIc0V!7OJGhbq?w1te7OE%
zN1!!=Ts07f8Oxv|ga1iaKoAYZD0os-%OmHc8q6*%#VjTTm$Z35`$uSKbmr*7F5@t7
z3*0p|!aI_-<rPnxYS;@%D>||y`%xG<fE*-Y0zc9OLJ12()u971|EAjrh}(vsDY#rs
z+!f(|dJcI9W;MgZ1HH-1j<?}#PsKiUId;oym156|&(oS(l*XG@OVNS;N-i*Jp$p^b
zVdOz=_%g4?{p^{O14PkWdZ>tS#ydY?<6WeUZ?BGUNwaG;*2Vo1QDah?)^if`r`pOD
zD$}88kwt|p|8c8ucTDyghhP(Dz=&W<84In1Td*3pgHDrE0J#4`T>LCj_fFt)-W-vN
zVLnw>+baktl0upe#Tc=h0c3PDsu5~nG8Y`bpm~kN5cz@`H)BQ60*tSC2JlSFidl;@
z>0AGB_pjc`Z&QGqS?#PMFe2Qy=9!ABDG(dWDdw@2qv~V-HC={g-;Sj0A_zN~C716K
z^GmnjMs#521yqb^fj}G;;5)AwH8NBVZ>5qn>bNHux9^qL7QZ}UE3?O3|Fm{7yte9-
z<vp{Gt09%`*9p5x3I9v#G^Xe<!Oz?7lxlqlh{kN#=FoC9{GF|7OtD^LMsaM-Z#vI*
z;&Y%dO|a9O2R`Fc<h~48g43$QX%~e_cZ#D7MoN&afK<B(HZ;2}p)Dj4Btb2(*?Gmb
zE?CT@)Ub7;aW*N_rS9?_etj)NoRmWIM}Vy@QvPu^#~2B<<5%#CLq30xxDF*6lgX0H
zt!f1}p#fmTE%I6g5lx&2d0!~<2dt}5R;xG0Q5^jxpzOMR!~l<XcPXz&)<M&3*dnoy
z^IE6@$isN}ISzs;O4+d!^;7hw?R^EIc$va)Tu?>9WK23_M(H5h+`9;JEM^Wb-6>*P
z8+{f-nmtLhpeD;njOucpJpBhg)U22japFrM9m|Es@}^o8KKauP`L4RgM3mnCw@vDJ
z=1upSbg-E;;&e1OoQzsSX1ME#PBQ++TSd@opqR7HHS%6Yg91!Q{n(3sL+t>Xnrj6c
z0XL}E5sFtuIfFA>d=~7=OLU&t+(w-N<hU1(_8vDV^Vv8wtcu8ZLCL(NK>Vuwb_nO|
zmqsqTEhvmPlY!C)A8k><#4-$f*61t=qbxf~1#hi2L>~-w!GJk7LS!I!Vojs<&oH?m
z;ADrnfV8%afrA_EkyZIb5)Moi^j$&Y`ywbal9R@Dll?4h?>nD2BaGi^vced+wFrq>
zP3T@W<U$#eh=fl-Nf0Ac_St-CW74&X7wENR?AKO{=7y|YxPKj{JJkd>VuD}OUnbYn
zf2lu)mm->s&nJqEOonVQMRjE*H%8fB00D%QQ5E+VK#bAR{@Zu*GRS|)Ot}Z~Sx7=5
zK?nK|VJBNf1R7T^-a-L)_=3>|P3Ui$ulm0hiyo`=uS(~Qn0mx<o8TG0^j!<2%&ekF
z=(NDOveuju7iDD*70anVd87giB=G3k_a{S++3{VrMG;c7%nx2lk5e~CIQ5C_0Edm0
zbVvB#ohjw&3UbH;;vHF9OV)c#E>FZ9Zie@$4;0;oU1rM|7pSJi*4@~DAG__sGyOxX
zibifld%^sxcX}n%h>+h<rGc;0qMNH%dm5A^jkc|MP>S!mWl_f($88_CyZe)h%bqm>
zF9TJApSQcOkB<ZKgf)&0mK{qUz!sN#S*&vYnO?6&2Z;THmgIn)Qlt5pZ3dek6)3Hv
z@!mZM*47Ax{`VWrY`xc)Nv<VddN7PFw42Dpd}e8nm;z8oc^A&#khtNmX|f0PXl}VF
zzG>oZ*gpnK!M}dgfCoiaiYDw{d{cOx!-`6bq}@|uP^>`qu7EA$D)A&+1B8jN*8@;w
z@_7%Ar?q8?{A*@tqU@D5%ic>EyiQqJ@#Mu55UupRi)JS@Y1p#Fu|b*I<*yP+osv7n
zu@Xln(FhZn!mz@K>5iCOm!A4Fb0)PR33xrr>^9PfJZuO4;ws3PJ(1;6A%TS&@6_=(
zhpKlm{l-tR+NE7Utr;6O0iJ}44HG~;ipyP#Wi#vYbeXvZ<0tW5Lt>Iq9gPH3waBm;
zR`>bj4QK~#R(EOAq-$|i#`a-Nl{H+lJN-CX%9X*{RPKs|S~H9eK%qsl$vc+T9Dc(L
z{)A0~35+IRZ$^l0;sZM&Urj_CYn2~KU3Q<K!dc15c1n_VX3}0s17K{h6eoIUT}qgo
z=dk&-e^_y9c%Mx3>~o~4xUgmUkCsY+hGA(%93d+(GaEcN&Ufk;BQsjsK~6k@J}d-^
zHCH!Ui06lgBPg~ac$?)^7hkhf+ry_8CC(^x<ALtF8jJ6GsGlg);EL|!O>^O|?F5CD
zX1ALVs9DD{)RAWm0$|qR${b|aG9AqcmCll0EF7ld6zumGOr}pwA%}2VM86?_Qs07`
zKMG`>1sw%wqKL&8|D&Twu*EM@Ws7}V?s?}uPxvp^mfOAe(=A2(1GVzkQJketb``CX
zAsD_uJXrD%yIAI1T-c?VL<{<gyaY_$wRsYf@iA^OlPW25KxYy0ul*5j)=fbH{8U-I
zW02HlG6WBlN(%RMtZ?9k9vJ23^sd7+|8xb^6DWN;r7|R)vz)liR;$hk36#j{;?@8Y
zo0dDXUh6K{C8?yL%~Ao+Io*yBGpSU+l$Ok9+O}y;TYhLwThIS(WuZ0hDDZ~oZghSl
zb(Qu&tV3?yCC{Gy;08;EaMYxv?aT<j5hNUD<~sO3F9}#E_#bo|T78m0F>)#)=9!#Y
z#UGTX)J}uWd>&HYT^o}@l_`$g>C)<n6Er;!=;+LMul;<3+Aw2UI6Wi3ty12RCq?87
zs|eF|v4Q9LvZTYW3WOajG~cV~q}xzqmTBk$M<pa#L_elUo}l71?KP<H681=uc2$W|
z^_?p*EtahDsI&ge61nKX)fBO#IxU+1;nIxNJa8?t;4SJMAjU~bIasddsC=+dMM8<3
zn6yD7SU%kMqX0ib+NSPfA-_KaR)ya#e1Fix8QOZBc;PVhj16NVa$}rIw2S2>Vo_NE
z@NzLaTu%0Bu`l3YCRQYIa4k+SLd;Ci$c3HJDfVft>salHbF&B}r^-VJ$-W%#)bv+m
z;$z!GoZ<|GPK8sKmF067OrNL0uz2)x-4t)XN8^mnPESF<XZf<C#!UtG7@}*(Iuq?=
zsPKaBt2u1z1Fau7ANc(i4zIi7#$m9)iY|{xdy-$^VfnO8{$D5YN-r{9IOCQV=r(Oq
zoCHRJ%@3v1yXn6&Rq3yZKItm(eNGNUZ=&2ZvN5mMpZ34xE%VESxApvyF77?Y$%)>-
z`_EP{<2C_4Z%5zTGcqyM77Er2UIl7vz<ln8a1$?dJ-~*Vzuy<!&U}`9%67d1+_kNO
z_yu<J+$LGF$7Rn}tVBw}EuR+KiM7{%-^1JwKa0;mAM-Rvd4|_UpC7tO`?y<%e-O5{
zctzab`AbUg1e;KjN9u$AV&}ZCM-C5W&dKmaD?f(deQP+C9njp{-O|L~6kvA#1NLDi
zFUFFB09`Z*U_@9Hhrbwp-3rnJa>!?sU;p-xIf8#H(Y#50KUhUdCWdd|Yj|caT_YMQ
zeCp%wfTUVmShFbj?{8KMmy>d`wd38f*uO~-^~08a^}<EFW|Iqw(hO!2tF)c{NWJlM
z11JCXz0@#F7Cd54r7&-A<GV`q@tD%v134IN!46oB<+C{4MTr|r=qH^Fu#FWv=1c9}
zU-$O|ZjjHmBQVyY6d8O;FGg6Jym_Fe1!kIBw*E2=rPM)Peb>bOCNL%9Dwv*17uSi}
zSV`28WDYtOQ^DLM93u>rhvXZ@FMrZqO2Y^u(LH}~lPz4iqnLhMQpqiSTdf@tlyj7)
zy!$DdKYqn?qEoo~)sjp(fbNcTv>w^<@08Xd;YUWcLKuZ3JlXRlX80_=&XS%!ZYe1B
zEof_D(8lCjT9r{SH~(iS@z0b?dI7XKU|hJ(KL5^tEfdZ8A$%l93ydE#qnxTS`r&{|
zXy;`-9<{Fs+>*35T!Cl5I*Le3zj|M%_xB5BhE`1MLTf}6_c4kaAmn%xDIY%Pu_~En
zb_iAhV&wnX#m0WN^(*gl(?(n~+V8^OJsh2F4<V9>qGF@Ad?dUS4Vk{IxPmjcqzx{E
zVZRFBVk)f(pMt@XrVQjMO0Eu8ucQ^#v{eW*U+|Aep$taFRBw-!ZI5rP-UJgyk#A#?
zM%Xve#I2uQE1_J}0Ct^C@xK~*Q;>34GgF~=+I+3%uDnU#){I`O{Lq6UsolB^$<=^a
zsJ=657M|<RT7^?QQMy3(HYGpXUG;IU8CVKU8w@|U5myXg(2r)FhYBQ#vqcF{GIX>F
z%`3h9S?G7<Jhy#@yqa8G#fAP)?npUYxa@aW`|=dbPeUwI;Af&u>~`rEh+KC<m_^)R
z6wjhSEM!WL;g1ttx6*fPT2#_IgW3!b^nQrtYChhT`spVn20eqZwuTI~na4?u8n<lP
zR!>(W4fP{(tK<O3$hQ3oJ$KMb*q3KI&^OX3{Z?!CV#zyUT+VPbl~M#r%3&@dq7Yy2
z`(SMZ`Hf;}!0uXaAQ6_H`i$eIG5xALRoV=$ETt8vyk{UgPS9=ES(Xr=6J4N`$Q_*~
z#9AMRrGX(d8*x7anLK%B>$XiNN(v_SFfH>mNvFdmr>Ab%3tjRF^dFmg<_xDsy?Ty9
z{;0M;|5rDHX%b;uc<D|$0qoCK8n|e8NS3!=<JuN@0N*Q9hVGA(9u8hR^$fQ3A2(Tl
zvm6zq{GlwR7{(S!vVBD6)cy%yrF;h~5`IGQj%ZnKXuC2Bkp6C^Fb`CKeyXV-C)CUf
zDX)r(5pRN>E|sSyH9lTvl4J<&fe=KM{8M6Bq!2>lzK-_$Z|DY2$w~`&th<yvjX%vU
z4#)Q#0J?(s)Ay!_zfOEHzkM}nw?9KPUln|wGj>aa1+2rIq-zSnj7lOXZ_2>ruo=o#
zqu^ykNj=$L6d+r1xF(&<ZrJ{nw7$FNJasSJ(7_}+io<2zhbk8vY|Dk-eF{4-oV|nX
zB{yLjJsuneful(F>TtOPWV%ivNopi`-|Rnh0LwL7oq&Jjc8w$>Z6o$meKXj)Fmif+
z8-loiIYjC1;hV0HX>GXnnS^s~Ofl2qb%To=SqsN0You$4E!{Zh4Bk=cA2HCol2Iix
zy5k+4YwXm)-bzWPN<r}Ev}Bv!l0V^nq0Bd++R8U!G#0d31V$~o>!Pd<fuu2fpx<0)
zfVHXlPCTA5(;O+iF0i~2EveJ$tU2{-KvhaZgrUFTWRq+UbeUUjYYc0Zn4c<r@>^G?
zDrp1yHU%|-Lr*zd)k}C`wlZF6;k_msGauaBUzsv`{hZ$jr`|H7!z_yI4H54V3~_bF
zEuCxv-Opiu6EoN{<b+CZRJl6Crs7gR0q3BQA)cDaak1A3m9)PK-K21+vAq3#<rzre
zrT)!$;tm{bEZ`+^d|ci`Ne_*|M#LngaD9gf^YkF*WGsISe#?TB6vxUW&bWydNkoH7
zP~?0!+i-kZLQ>7K$7Z~Mvw+=CL~9C^u!`T*l#IiMXtmym@XDC@9vMnT!#kME0&tq-
zY!{@iBahDV*4}jQa!A7054)_Js&aY8q%V`k+q1>;4*s6~!x?sT5)e6>H-n6q#?go`
zm;a+}WEWhG;rYNk2Gw-LkAOmic}115mLn}Ykd~X6(@NV7Qatr=fwi<h6Rm;7_>W`I
z9~9O%)cD{$Cexi;qgz4&D3{EZAfP27P814hv~|=DalJJMPO*rzvr4a`u`Ld)SV!%y
za1yqCXTr(80NuJTLQlaJ?|Z9>38&c})nv9ii+97Gat7s`I;#8K3TZK(xUUrJCT!nP
z{3H<v4J)>pUhAhP>=5@+n2G~0brEg$>6iC#B*z)k{C*#lg77!+XKRN{7N7!zQ6<vC
zmpQP_6YBbub{r`=Xy=f}b6i|fOA)P(2#cHKo3+R>s&w$EjLz6!3S(qwP-c~s<GdiU
zbNlcKkg=aXj7s?<6LiqB)5*rQ3B;u=$8keOD5F*--HbKr9bNkV7D8q#oPc@=(>Bvb
zR^Yd#chq@kRlvG4dODs%`U16<HqgmoGkPar9Urkb0*}uo-tKk+UIIRM-*Dq9!AP{j
zvnvNhZJOU6G4?T5F8U#Xo{UM-YB1d7lqqg|eH+ybN?P7oFnS+5cSF^qw4Rw@kA-kJ
zi-eB?A&?!aY*Q;<zPbh(quM(8pE)qL+ohIy{X-?HV)t+$i!?O6^FS&!wqAvB+J=qy
zYZN}hyjV`rAY6}3nHvcadO(ALp_pTy7wtp0*T-(t5HyG#_H8L=)NQ^(fI6Pc+~y)$
zojPL#^@I{a6TzJtXBM{IziR449Zr0YRwsN%w`oppnd)pVBHq}r3Z~yN6J$fLaev<!
z4KTu4%!q%;$|aQMYyym=;OS}GK#|b;dW8Q}>qa(r-;UCr-qBWP&?+1^N=gx-Xx%pq
znt?7<!orR$Y4VIi&os>AlP3KMEJ*@=7X1=6p?}pJMl7aqLPi3+knO2F%BQ57N4Gec
zff3qtY-gD?9;vp-5|N?W#(&5QJKuy@wMDAx_&X~GkF{<i;ea2#8)0!7f2_Z-bT9_$
z!Cg;Kpg9s3%f~$4$JCi?I*~O?&bU&zk+<Q;C<J5oy_0#^u@OdhB=*Hfgz&cigsr?h
zUaX8pDId?+il6y2NS(#6s!hFxtZ9J7Cyj%aV+5e4KFFDIVpebbM(CQp`1bsFx$=xZ
zu@@#2WLWyi4i@NVsB>5O#uYpuLLr8WKR=F<L<hQTBHN-?*5@xQCBrE-&2B*?`21J{
z0}n>HwSd)LQQq%Md_)CWoxU!jKV-skNM$;q!>{|xeLy@Zd5{7mENxQpB}Y()LK7FG
zbI#p%ab4Gy4$fCsR!#F?%9_c~dCWgkLkqA?ENKgm{n|jUcop6QAaz)-c<~U}`56fP
zL5;68-q;W$q;r7z<DyR<eT(3HK`lb+A}88Zmt)2wp{%gLpd?>RCazRj+ZY3}yFQ%?
zUCTq5US1BXfR7?Ex0pRqMGuP0c;OrO$6(!ghK|0}i-I@x$=W3d-Z#%%B?B7qc@|WM
zXQX^GzFr`@=ThS6Zp1W5TB9=wUo&v@oWK{cQIZzh)GmIw)-b~{lBLyR(7MX4=~m5&
zFheid1thuU0i~et=ijl09Kz9&yQcajmJpskl{!@so_1*h9#&_iBDoQ-meAlV=kfl1
z8Ecvmvr3A|7Lf3Uj~LKo3~(yA1umfGR-RmqqZ9xqn@B3ylS7u}TtrTTi{%+euk24>
z5EO6sYm6M97>k&_DV(j;kB2A9RAAYK<uy>6WYtO#GpSJW%ajf-vT5~1a-^i~>^>K#
z6*M<uMzu+X<V|D;VYK4YFWt^+ftV+$)K&Q`XfZX!tUQ(OF84Fl%D+;SGJW|a{5uTV
zof;^9%Sp<RnT-p=s6Y*;jzv{{@q>c{gPM$R%{qsvVlpEFhh@rlI2-rUgnz>#307yH
zyO1Lqe6^FgX{Q;#eX23o?ku9~Y2mEd*5CGjeXg`a@z@xx@?`WpFZ{=+kw+{9PxnJK
z`ff!=(bT9=;PblQ>gnwP{b-o1GeyTghYW~r6D!X2=T{S=HNGDg6M-Gft_!q3O{XJR
z9`mdbsZ@JB8&1*HS56*NFP2%Z9Iy1N-<SJ+do;GP#nR#~8=)mKa8uxKxc*{;5d{6h
z2`(%`5wStyWN4mtze4?^@dFD)5%r9Ky5bF-+GtC{s4SsoJ=Au=w|-39)QBxha}u~x
zht5+<Wo_eBnNCn+J&Ae2scIN}laKasGnd&-GutJ)Z-U#$W0$rtrJmQ22CVyyf690w
ztKm*fmAIKI+PmiH<8jvNU7@!Q_doG}MXdy4C1@dOHUujVnpAHNqdr4CD05$!M|u6N
z!{n|^*;qAh>S`g}0y;YaJS{tY0pN)SL&}WoZk~D;x{G3ErEXE)Z<2!O5)PI^$(`$F
z<nYID8<I@!++ZqSr2|@n-z4H4AZp?a86)TKKLQ~~nkmSdFF@o^$G*R~PBP&n>d9j5
z(;Y#gav(wTRRym;p^E%;5Yl8MO(dzxwM2%*fnqx{Dp0dI?qQDL9kUEQI|0~o72taz
zJJaSv81ZQ2-XRNu(oN!;E;eV!yaIWOduSW7Ulj5}J0h>t9MMoaP>VsSW8~-b-;Wg;
zlIY!@YLaZ>X<L{46-0<qNUHzwK+se}58Q7CNWsqjD>AcIfEY74hqt&8<vcOoHHyS?
zsjZu3z2Vc~ELg?*(>vmgp%3KopU7zYTkHJ$6&iKe&<yl$2%alet^?Az>w(CxW?SWe
z;RkH8&WP_PpuGn!5#*LI;K3)<v}Pv7<I(vBkSVlg)Lc#>T9GSyj$%&rZA=v|BnhGY
z{D)gz6pnQOl}yL&=fo&!W!B!=R*|M=AtG&lU7q#<P85MGouz~@=sJ*75IxbPTeyA8
z_^^8CekX7)124ITAVO6^MqeI~8gabAawsJ_HheAY!rLr2z|Zjk({3se|1Crn%cvU$
zPUMEStKm53Cb3aq40qR$8Cm4S#e>*A+RF|+JLr2M6PkYKN)6$PqOXz}`jjV{(TQD7
z(YDME9m6L|V1u}6$};fxp?Q!jg@>n&lV<x@)3ZD1Za-?#ft9vEF}wgZA#}9El@r$d
zLPy5Y09J%Jxo>*E(@}^uVF_Mx(5N_jZc5tJ*F!dE)HM9qPP1?#2c<&i^}`hY->Hv=
zBgn!aX>B>`yp%@xL7%FO^Z(P<S%*c@wrw1iX6f#wSy(_=LQ)#(T)GrkkdR!FbV=!6
z1eB1aLAq1AB?Tk|X;1+P5h*`>-uHRG$M^eYjyYzI`?}BTzGmkBXO5XUe;jzV?kSPG
zeB;_o`v<oV-|o~h+HfR3yc5W&O1KPY6M0$th`kh5Z$<G$=l;V{fGLw{ibp=5NV?9A
z<zhBF=Tz^vS*~wxyaL?)6V%U!Mm3+Ae)5h3Ra`Qq!%835it)0(Pyk#v`zN6nORax=
zIPuXJCz7H1b#B&d-6XwRq_Rmm!jSB>_zurLkx)qco#+j0T7&^P7SGsQTVYCz&Y0WX
zq&-89XPz_AM!Or#IWm>U@fBL3lsi70=g_O4GuV@+Rmn$W4~CHT1sG@`2%q1n;Ni^>
zI5^dW_B{*4f$b(HBkpij9L8A~aH<~5)GOz}TE+^B!bV^T)$%tP97o#2f)lb!5i3Ih
zcp_H1CIj)X06nC+E#algS_IWlj^=C@ST)_wFlnGHD`FTGzjdfdpeBUG6zP+kjGJ9k
z(q@i=te;pusDTsOs762E?7~YTNV^tbwZSvPGX_BEDV~2Y(_y|;&U}@v!+%^bAVjt{
znV%`Dx&pprLJZ)l?HYWrXVm%e6&$^!`Ia8owemTwJON3zMWx-p5`wyyYCZLWHe&Gg
zu4!P-77PnbRh#3|9v1Va@M$^!NB$b`K#hlhTI?Vyy~?--#wB@Sxr|HEphBW8W0I>Z
zp8f9Cv{xG};}(c>e$D1NTOYWk_X?pgXGTU}8iIy<T@G~ZOcGp#n>>Y<S;CW`*d-FG
zvm3Oa&_#Z)0&4x(Yf-3}skn<<p-P-R2l3Gh*)XH;870j6s_`J<XlL5eNU=)sb7V~B
zP_U5#X$PTU70(94lJNXF82HXXiqwk{y=?k|IgTcTs5Q8vftgaXG8{;+TYkKtPQ;34
z=jsC{uWoYZ56<SR%RZmlz+5Ay*6FU~yZy?r;v<qiqi=AyynXZsR0a2qZ1;n7dw%@y
zL3USBR2R>W6PMk4QsP`o9&6euJYHj~vHkSziAkJ3O;PVNznbJ><!d+SIGGL+HPz9w
zfvDJOewa|*Q~D4Ghf4di)xy2hv$G;>CxS69ih=qEIZB)avooa+AZr7dot#TXxLAf2
z#!hv};33_2eo(#lK6RWdo2I3kL{3o;5hTk#Lq8(7f{4_|o5V5NGD!UG4=2?YcHy<=
zA@9Q-JCp=%!9}Lww#`rmKB^t2AmNZAD?NRZQws4&nC!>e^^{|&bRFHHIf*iG7v&7(
z#HsfgTKpB|)u)3X$7Ma-syq+Hjf;<(Sd(PPy?J5EivZ9Z2c$Q@gRlQBJKkMFy8sjd
zCX2D6a*b*OyhoPG1b`@b=>ylmi9&nMpU8P5i>oPD=!T^yB3a6np_uax6{SONyU$5p
zB343~by{s|#m%`6yPBY$low?`<tM>}EzViqi(XI0;AJeQEJ?G0hIo>NC<kqX=qqH)
zeW4dCxTx>XeV^`1vEHex2}D(iB>8~hYn-@o@#O=NiE;Akd0o5${D*Caoe*lLT=$Fc
z`H5AEvkBUhS5&UeZam2!uAuShGJa#_xI6q0OlEs-?lXECWb}q@KW_+O4xpmpWzS3Z
zj`(yZzVz<SDV=KpE02=VF^;)PH>L=ZrUP7b9m+(ehutGS%w5AaYPRQfc<u0Vdb<i;
zQ|{B+XN?3m_KBM1a~%2k*@$0xocLCOh&#pMRP8Dbmha`B8Evx|WVWU8uJ$slKBDHG
zzM!+wNz0vc&Da0j@pSzJ;N3sAy*gqaaHp9rfWEl3ZU@PSc;Xwo{nQ6vc{LolDU;%t
z_wFj8m5$Pl^BCJs5V-l);3=z_-ll<bOmQ?_j0@R{`#X9efmxjfn<7F_1wb)-gz(l=
zUB8?We<v+1$uQYr@k4iaxf|0@t$?=pqt1Hm;d`S|N<V>nlsgfXkSsdSLz1@rii?;;
z;Cy^UkFQq06}p!Kg1(A)^(YNV=Etrv{?j;`5|ho2xJ*e{l^XbhXKh-nme3s9D;0K4
zGxO1ddt`ER>{Mvpz|tZU%OiD}-{+{up0ho}g@oUi*V4jt<o17J)tmEee6^;w<i5`#
z;ZgMXhP5o$mf4WurhLXqS@YL2g5{3NEMrHLxt87`ap-Fo+s&a=z2_Ck{x<^bcyU~*
z08RZ7DwK?y;dTOe$&tw$YmEJJY||*U9lW*n>hKB#_e&9G@FdiwBk>;H)()QFkbd8<
z7^X#LZVs9<e(EZq?j)%-s!tAsK5CjGLDW6uvlK|yn1}KK!EBa*cRbLt6gZcZ@{2(h
z!4la*`_8Ym0}S837nCD^s#_WQneJT}Ho~T*6PadmO2;h3%b59dv~2~UH5T-$Z-WUD
z(IZ^PYc<s<q;xPs2pMuv#@DdVdDR$7)FNwkUZ7NdL+>WUqG0tzr&DxcQ)b6LF1jm=
zp}8>!l91|wR}c}V{*a$b%A(c|(3S}GhYP4@E!~aQUy$dhi$&rj!#TvDJ0x+UU#A!7
zclh2&M3>Z4I)(}X7~aJ!V0aDmCSYsB3fbPRgkpGLz6O83KS0iI6oc}qYxvlxgo}M0
z#m4p>LP!O#HdTnfi%8?rLP<DC40}@*>Ge9TtJDv|<S~VdPZM-`?xr1W7M3y4yyF=q
zE|`?L{vo<IvWwiuVkPo9-HZqCYtN*l4N|rl-&pX6H~WoF589k`ZuL6p!Oj`t_nAIf
z`cn_p?h|4%k<8W&$K_;sMQcuz3or=;#+1QgqP^K-r}SH!_>ARRC#mOviK!#qbZU`2
zBFuKf!s0$;h05|lZ<v)mv!K`o%fl<*zj|G;$?&TdLXn>Bd3&Eo73fK?%CdyUHYdB-
z#(GFrA_yJ{kpYT4PM}<@>TiBXl)N^>%_7$^G7^0l0%cY#T=(Ue>E`KFUGGpB=m8dE
zhGpIm1)G;X7$2RgS3I|z$0^TUql*-e(@+`EF08Sd!rfjz)W$Xz3)9y^k8t)ai7#>J
z)WQfV`jDmIc^N@N^4jLatdg-=8c>NceTpO=Z+Up7FHo<;ovmR9zr4Ph+CM9{hZZI7
zpm`8emYf8qiz2w;9ob3mcjN6gCaBu##i|oe4ie7pDv|iycdg{yj0Dddy+AEdBh8K=
z=W_WEm+z#X{xWV`NfY)bK3_HJ$i4SDI>ql*ByxQ+by!h(-x?y^q3V5k+E^k0J+x@K
z9)=T3c@DE_Vsosr7&N|Ap7Nn7)nH~Er*}csRi3r|q%H@_9$q?5tol-x5`Iup`HG_;
zrl$op9twm$_K=&yb=Pt>iHr%onu#FfeC=3|Ud4?P#x|hrQ~BtG%_Hx!WTokw8MVj0
zfPB39S`HOyMD~k0p~*AMFO_PiKErMuo{Ny@Af4Mc870*X@EfEW*#X!!j?9evf~mIo
zlh?u@0Snn`!z3Cljm2=uC)X9@LijT6Y7D~3!-u9FJhxd>0<~AWtDEHGK7=)X<!i-?
zYrObzERQF1%>L34HKL}n+Fz}Q4K-kXjl4F2Jce*LCTVr)Vc4>FD{S30A?amcoZIKN
zt(=z#?K`Np^}x3BNO1BYN)Fj5+IY0nK5lXsGsXW<HECoXDmLFPNA|||6D4Lzi*rFJ
zicdwsO=y<(v(!fomC5_m4$t#qc5-*+pXvHvkz$A^IuCzR(IODk*QPGi>8T4rJ0o9$
z4AaniGU_2|ZgUZ>UBid)Y6}b#%wE#=i2=XehxdHyhsJ)s0IB}4WYIufgNEcHD|31Y
zEXH6g_9D%b679b95+{C(yWEMD5T;5NAA(8$YMufe+rmYlATb92bkeL@ghOdfN25)|
zh3*yKajkA(sRr3vJi8pR(}Fzn2GU$yi0u0mNTs#*!FJJ=LA=B!Xk*jMZoH^u+O1fS
zSDmjvR;L^u%RV8}Be}goWC%`fJero*6nRie@v%#c#HTbc4)iJ^GShJK5`Ajc(|m~i
zb~Iqj-@I?JN4e??I;7!5ax1@ELGcTV_lTq=)QwNN2ePPi7WUwv#h#KA6Ujhpv^`?y
zF`oMY&H06W@TGBMDKbttPJ{h}GC$SUWnUt!A=@<9FsHZ|Kq~wz+zlA@-a*FrB#MZI
zgsH}H7V2=S`s^ZGM{Al1(`z232&IFtL0Mg&IK7rq<Ld~))Ia6S-Rk*@{t8Hz2^unD
z#a`EnaiPM`@6tTIQbNr}B5{P^rdu25b9HFv2;g9;=?aBQx}KLV{5lPkgGU?4Wn=TJ
zfUXOq$GtrH!RhjQk3!IXK<rQIyBhXU#kpNiO+t2YPWZ@2YOTtmc>=7;v-BFvbLqBt
z0u1h%XNu@t$$;!SjkF3Gx$>FwDr|Tw-ijG$xJ;X+XV2kzBXoKAk&-oDi!nOgo*+*A
zdxvKNpcs@UK1W0Ns8Wg!M?ZWpa??`^y)9@ZdZ1UHD16ocR~a=~c@--Z-W~5UR`rA)
z=&&X4^RwiW!n!_-^2aOFr&@^Uk_hQQb>}?4&=k)DXG%%>F%gQli7ABMy)e}ien|O1
z+{rZvXnnW(d;ye<R5D3vwC_1nr)ykAC0t+pJiK+Wv5pU-QrUH^?f>AOb!4di(ow#i
zF@-fBt9r*I1FMUyDcXI!*irSHP|L;DS0b{7*OJv%&#L`>j7v=}-|3jhnk^bj1o_OB
zHcGwg^p~Ipzmt)6F~)mmO_@8r`xbCqkL^>&?Yg05a5aDzaQpvjd#HJS&Ux|D_OHg)
z)u&Z9oz93#8z0<jlkD#Aqo0?vv$m>*Grk@!WZs(K6ta*nlH?WcbcQen;^JYk3D-F)
z_JnL3_2x|Rk@Yqbk<09-dX-g4|Ll?59?)9z{DkJ*Nd4rTG?U`nPP8`!qVRi`skwTT
z^fBRjivkdo>4`j!&&)VDeoosk9#Pgm5Xi^vxyY$QKSCn8a1yn1HB2*VUW<eAC6pSe
zVWCh)kQAuzPKiT6ey#Bh$J91hO>tIjs0qd5q3)FQT0x#kpr|szg|*mkp7m@sdQ{7;
z+3_W+FQ_hE)KeclXTH9nR${`DhL*v}DN-Rs@OAa_4j^Gg)yD}xuqZN^^Yu;Cwe37I
zEro<wv)NNz%+?Q}`mGRK>5VsmccGEBMARwmS#Ib;+%im3I}6B?k$M=dHH%*$@7%Mj
zJnuFw@cC(R<9w^AaV?IJfp#4TL7Dwk?A2$P<B-+;jq3-=-%!$OJknXhBQOje;+iG3
zR=kDjV&r6Q-iqG(wy+~2{fF;{UW%0Y;xF}nISYwA*{3i`5+cLqD65H+DO|F$siL?r
zn5Gjp1>vKj!~w}yX||Nw1#2H*Gfsuf{R;*42dpD0F<Bh7DIb@z=4G3e-;M&>7uU1I
z(`xJ{!kqoGG;CJ%8r~OJToxvKWhk1scvH97#32I{fuCPH7E6=gi{!!Gj`Cu#1=}3G
z77?ka!7*KW)DJmwsz2;DDBG}5#b4%4!8Dkid0#|_dq0!?eg^E7^FSRQzJUs&qDdg#
zM^cj5Wi4ILevQ*0HxH{r_#~!wbuxXr_$9M}XJo?}aC}0Ntl6WRK99&x!yZOV^WdTG
z;V0xu&IDX>arcq3&Web{9^F)2&9B-xj0kom5Ny^5*W|nmUCyObjh8_Drhg~X8*VW%
z{w;Cf_3D==((e=?N{koW8U<n65FfCEUkNZ(>01BgPlue*@8q#)Zi2JS3|vj_JK`Ge
zF{-G@esCF?ong&k4SeC#7VD+96M?$64u~P|hLAw0-|OqKZPPt!7~4v-KDaN8d*<-6
zM@7B9|40mFg=v#V9eki%510*6_Mossww7*d2|ue&?B3_*tI1BJw}>hhe!*`|D>PEt
zmdr=4q)!^^95Nb;U74(S3NoU*bH|S|(~*7s$vue;&Zf2wxBQi{=`U}cK4;s<nXqyq
z3zEunKkWA5-VdS6ph%zZbuwb+hMgcP-*Y_P3NV6MW&(#_90I1J?TEB`)H8@OkN2^l
zfagIDZNN96I9EA;*u!SPI<I+R=~$;->mc+^<TUSHVzSqPrMd;{?Z*WWh}@nv<wJgW
zK}P6$x-Z$Pm$H8dQ2qL=A77kkb}2t{2O<K;@d<ep4}O6BHEfqw?y|t47(bhErynbM
zR~M7wOXiqzL~$O5lkEYkmdBbO<%7;4pOCCfveM}xKtSIn#l0d7ym9^(nLP$;iLqAM
z#!38(M0-B<wa7NE7i4%)Zdg~cdJZ8Gj#lU~hDiTVQQ6T8C@O={n8LCB*Ut;&S=bS-
zFJAb2#`ep+9qJFc9v8tjlAceF{XM2!rH7vud2LnToYCz>RcNPqugwhJrM0x>7TgMB
znQElmZLJZlULVIxSU?Nbr9=-A5o_2A!baNGy`{3FN36bXK8v9lp!#A``OQtiEnsZ?
z_H8Gjn{YyL3xQX{mIVX#cU_bTk|#NB)xc2zpJT8L6_wi1RtRuvO32AwRN`w34o%L!
z{}8_(??AL{8PiSL--qUMDCOF{;?{hX24B}DdXTXLG2PK@U7F?2m<n|5V_<5)x{GU-
zw*HcUh*^D{fDXE}@x>+HU}kFq_=2Nr4{qV`_7~zQ0gqi@rcp+mL!m}3vi-ZLzy9Z}
zu`%T>o)@xJU8$0slr7lGC|bk0g`qLcvyV>;#UJZkbP~@M5C3E{s%2DIM<Lu5vj<GK
z!iuRRKsJGtM#oA88DM|io3ar87WLqdPEyeH7oVAM`x3a&)_0td9=l9*O>R@KP`R;e
z!0H_`;c;}gB%e{*&;56!$Rv=K(RX71LOnr&-s28G0Lb`xt&*9WDN7=_O!tNF!aj|d
zQ2x?g&(<wJQ36uPJSSMO)HG~G71{|f#{<Eh^J?5N(Q~V}6fx)+dKA3CU}NT^r7NWB
zCH%@I+|fsUkD_um3c>)h3*P1yfh`Apdg(1MWM<~-mB#;*AiLBR`S`|lP3U0<hroHV
zOLk#H*Bg1%V-9)m`I+!sqRhei>%zgkDRnw$H3kV(#ahbhgol6t(*u!6Sm)`?hz7*k
zi>jkg4N)dWQm4wF><vGJ_u+AYuguYs>g{Ff+^X}vm4ngKps$%dG==<ZR`nXT3<m}&
zFerB|6REimg^Dc_s-cq+_X5@c(<iD5J{|m}CAJ8oc$wE#t>V>;)svs)sxO(pYz5b9
z3FCc}f2WW)s+nH0tMR7valZN6ID<_!ZK$KD<8@;rFLhoU=6l80lgb7<51S4v<(6;G
zZ`{%=y5x&a@{S+lanCYK0wG>L@fWHzM5&jk7)`L=5`q^A5yg}BB$+tIYhKkHbn6}D
zJ~iqLQzl<5ks;GXqc!e~%Z##AmGB!W9w`;u9%Kk^<LS|6$W68c_e~!KLqp{Y`>Pms
z4#7)bo<eidvotq0SKbt*56AqlC~f({JuP)FMuMEiVM(ix$w`YSNLCd?$K<<b#<0G5
zA5*0nk0%?F7YZDH&rl6wi&!&MF>G9t+5?JwvsLhgTf}myd??O5od!#Q^wnoxy@^nr
zk~i9DaE$wOMp^@q=e7U9pcY?>VVtMclA+pBO*V}oqNfSzyIfkbpBzlImN&Y#zT?`p
zQDVNhfuA73YbRw%gR_8<|LEEY9-6Ob)@L~6Q6-H0_*Kcw!J9BOqbJ-N$lprm_58vj
zQ)8RdmMi~>5VAK%T1j6by6t}S4|%34ZFC;Qp`Utm#Qt9Ca_sDkN)wN`8gj1f&`|%1
zV~)ta&WUR9XNo1slzn$i{jl`e(S3foCvTQE%cJ$Sa3C)S(>)rzb~-O_sJSwkmD!A&
zkzIz!ce1pUA$FpV>%D0M+|8dgTRgsfsO1=`p?Lmna9iy?x*#`AU$nvS!;n(tj_<2j
z>S@WGqsJ%44irhzp>h(j1P({i#{<)(mIp-lD@qW!VziD%nPRh8KcDH;T>!*=i=R-t
zBH~XO*9m_m{9^E*<GazM51Z<y?QPHfg}n7=WWrZ6AVe+cVPF*S0&d{~m;fpaDvZD3
zT93K0MTl>STspC=Q^l_Q7#ObU72Md8=D(Z%3G*WQo0|34{_uClhkou)5CV1&?H<AZ
zE2~b^>l#m~EliBxo7f-9B!Tq6G0eN^i#*swe_@pld9fL>m?;72gtb`A#D5ki48DyS
z-Ntmm*lhpdf&Hb3y>0zm_kR>)zZJc=v58tN5af?+f3Uwme-w3nD<G)DV*me!m!bls
zhwx%^{Z;H=1$o@I1lD0O{#Wn6$||~z5%XblaQzcF2Ke`2Jbw(ja@*Cn77Lu-0mjDv
z51{OyB&y$lvj1Jgr~&`MmHmCa{~o3O$D?VSTYgm-76!(jcgmLbR`t-$$pP+-5cINl
z_;2OEK@&88ktY6>=F#1r3j~|q?Dt&wm-*_yyjKbTx2W4AVKxAUH^R>q?)@92_TTyc
zZ4UaEHz@TVx-LOLIue4-uJk+oKc^`0k8V$e02p@eZV0#=;$Qi3aDT@sZ&%`5ztPx`
I-&gm40GFq-CIA2c

diff --git a/documentation/esapi4java-core-2.2.0.0-release-notes.txt b/documentation/esapi4java-core-2.2.0.0-release-notes.txt
index 44f937e57..64bd3598e 100644
--- a/documentation/esapi4java-core-2.2.0.0-release-notes.txt
+++ b/documentation/esapi4java-core-2.2.0.0-release-notes.txt
@@ -1,5 +1,5 @@
 Release notes for ESAPI 2.2.0.0
-    Release date: 2019-MMM-DD
+    Release date: 2019-June-23
     Project leaders:
         -Kevin W. Wall <kevin.w.wall@gmail.com>
         -Matt Seil <matt.seil@owasp.org>
@@ -26,14 +26,14 @@ It was mainly because of these first two bullet items above that we bumped the r
                 Basic ESAPI facts
 
 ESAPI 2.1.0.1 release:
-    177 source files
-    1547 Junit tests
+    177 Java source files
+    1547 Junit tests in 88 Java source files
 
 ESAPI 2.2.0.0 release:
-    194 source files
-    4145 JUnit tests!!!!!
+    194 Java source files
+    4150 JUnit tests in 118 Java source files
 
-That's 2598 NEW tests since the 2.1.0.1 release!!!
+That's 2603 NEW tests since the 2.1.0.1 release!!!
 
                 GitHub Issues fixed in this release
             [i.e., since 2.1.0.1 release on 2016-Feb-05]
@@ -149,14 +149,18 @@ Issue #			GitHub Issue Title
 462		Allow configurable init parameter in ESAPIFilter for unauthorized requests
 463		Create release notes for next ESAPI release
 465		Update both ESAPI.properties files to show comment for ESAPI logger support for SLF4J
-471     Bump ESAPI release # to 2.2.0.0
-476     DefaultValidator.getValidInput implementation ignores 'canonicalize' method parameter
-478     Remove obsolete references to Google Code in pom.xml and any other release prep
+471		Bump ESAPI release # to 2.2.0.0
+476		DefaultValidator.getValidInput implementation ignores 'canonicalize' method parameter
+478		Remove obsolete references to Google Code in pom.xml and any other release prep
 482		ESAPI 2.2.0.0 release date?
-483     More miscellaneous prep work for ESAPI 2.2.0.0 release
-485     Update Maven dependency check plugin to 5.0.0-M2
+483		More miscellaneous prep work for ESAPI 2.2.0.0 release
+485		Update Maven dependency check plugin to 5.0.0-M2
+488		Missed a legal input case in DefaultSecurityConfiguration.java
 492		Release candidates on maven central
 493		wrong regex validation
+499		ValidatorTest.isValidDirectoryPath() has tests that fail under Windows if ESAPI tests run from different drive where Windows installed
+500		Suppress noise from ESAPI searching for properties and stop ignoring important IOExceptions
+
 
 -----------------------------------------------------------------------------
 
@@ -164,7 +168,7 @@ Issue #			GitHub Issue Title
 
 * Various deprecated methods were _actually_ deleted! This could break existing application code.
 
-    442		Remove deprecated fields in Encoder interface
+    Issue 442		Remove deprecated fields in Encoder interface
 
         Specifically, if you are using any of these previously deprecated fields from the Encoder interface, you need to update your application code to refer insteat to the constances from org.owasp.esapi.EncoderConstants:
 
@@ -180,7 +184,7 @@ Issue #			GitHub Issue Title
                 public final static char[] CHAR_PASSWORD_SPECIALS = EncoderConstants.CHAR_PASSWORD_SPECIALS;
                 public final static char[] CHAR_PASSWORD_LETTERS = EncoderConstants.CHAR_PASSWORD_LETTERS;
 
-    444		Delete deprecated method Base64.decodeToObject() and related methods
+    Issue 444		Delete deprecated method Base64.decodeToObject() and related methods
 
         Specifically, the following methods were removed from the org.owasp.esapi.codecs.Base64 class. If you will using any of these methods, you likely already had vulnerabilities in your application code. If any of these methods were being used, you will need to rewrite your application code:
 
@@ -188,11 +192,11 @@ Issue #			GitHub Issue Title
                 public static String encodeObject( java.io.Serializable serializableObject, int options )
                 public static Object decodeToObject( String encodedObject )
 
-    483     More miscellaneous prep work for ESAPI 2.2.0.0 release
+    Issue 483     More miscellaneous prep work for ESAPI 2.2.0.0 release
         Specifically, CipherText.getSerialVersionUID() and DefaultSecurityConfiguration.MAX_FILE_NAME_LENGTH have actually been deleted from the ESAPI code base. For the former, use CipherText.cipherTextVersion() instead. For the latter, there is no replacement. (This wasn't being used, but it was set to 1000 in case you're wondering.)
         
 * Various properties in ESAPI.properties were changed in a way that might affect your application:
-    439		Tighten ESAPI defaults to disallow dubious file suffixes
+    Issue 439		Tighten ESAPI defaults to disallow dubious file suffixes
 
         Specifically, the property HttpUtilities.ApprovedUploadExtensions changed from
             HttpUtilities.ApprovedUploadExtensions=.zip,.pdf,.doc,.docx,.ppt,.pptx,.tar,.gz,.tgz,.rar,.war,.jar,.ear,.xls,.rtf,.properties,.java,.class,.txt,.xml,.jsp,.jsf,.exe,.dll
@@ -220,6 +224,18 @@ Issue #			GitHub Issue Title
                                                 to:
                                                     Validator.HTTPURI=^/([a-zA-Z0-9.\\-_]*/?)*$
             
+* Other changes:
+    Issue 500		Suppress noise from ESAPI searching for properties and stop ignoring important IOExceptions
+
+        Fixing this required changes to the CTORs of the following classes:
+
+                org.owasp.esapi.configuration.EsapiPropertyManager
+                org.owasp.esapi.configuration.AbstractPrioritizedPropertyLoader
+                org.owasp.esapi.configuration.EsapiPropertyLoaderFactory
+                org.owasp.esapi.configuration.StandardEsapiPropertyLoader
+                org.owasp.esapi.configuration.XmlEsapiPropertyLoader
+
+        These CTORs now explicitly throw IOException if the specified ESAPI property file is not found or not readable. Note that this should not affect most people as most use DefaultSecurityCOnfigurator and it still only throws ConfigurationException. (IOExceptions from these other classes are caught and rethrow as ConfigurationException.) Use of these classes directly should be very rare.
 
 -----------------------------------------------------------------------------
 
diff --git a/pom.xml b/pom.xml
index 4246bb983..b92829dd2 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,7 +3,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.owasp.esapi</groupId>
     <artifactId>esapi</artifactId>
-    <version>2.2.0.0-RC3</version>
+    <version>2.2.0.0</version>
     <packaging>jar</packaging>
 
     <distributionManagement>
diff --git a/src/main/java/org/owasp/esapi/configuration/AbstractPrioritizedPropertyLoader.java b/src/main/java/org/owasp/esapi/configuration/AbstractPrioritizedPropertyLoader.java
index ee358f12b..8869694ce 100644
--- a/src/main/java/org/owasp/esapi/configuration/AbstractPrioritizedPropertyLoader.java
+++ b/src/main/java/org/owasp/esapi/configuration/AbstractPrioritizedPropertyLoader.java
@@ -2,6 +2,8 @@
 
 
 import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.IOException;
 import java.util.Properties;
 
 /**
@@ -32,7 +34,7 @@ public abstract class AbstractPrioritizedPropertyLoader implements EsapiProperty
 
     private final int priority;
 
-    public AbstractPrioritizedPropertyLoader(String filename, int priority) {
+    public AbstractPrioritizedPropertyLoader(String filename, int priority) throws IOException {
         this.priority = priority;
         this.filename = filename;
         initProperties();
@@ -64,13 +66,17 @@ public String name() {
     /**
      * Initializes properties object and fills it with data from configuration file.
      */
-    private void initProperties() {
+    private void initProperties() throws IOException {
         properties = new Properties();
         File file = new File(filename);
         if (file.exists() && file.isFile()) {
-            loadPropertiesFromFile(file);
+            if ( file.canRead() ) {
+                loadPropertiesFromFile(file);
+            } else {
+                throw new IOException("Can't read specificied configuration file: " + filename);
+            }
         } else {
-            logSpecial("Configuration file " + filename + " does not exist");
+            throw new FileNotFoundException("Specified configuration file " + filename + " does not exist or not regular file");
         }
     }
 
diff --git a/src/main/java/org/owasp/esapi/configuration/EsapiPropertyLoaderFactory.java b/src/main/java/org/owasp/esapi/configuration/EsapiPropertyLoaderFactory.java
index 32acbf5cc..4f814e06a 100644
--- a/src/main/java/org/owasp/esapi/configuration/EsapiPropertyLoaderFactory.java
+++ b/src/main/java/org/owasp/esapi/configuration/EsapiPropertyLoaderFactory.java
@@ -3,7 +3,7 @@
 import org.owasp.esapi.configuration.consts.EsapiConfiguration;
 import org.owasp.esapi.errors.ConfigurationException;
 
-import java.io.FileNotFoundException;
+import java.io.IOException;
 
 import static org.owasp.esapi.configuration.consts.EsapiConfigurationType.PROPERTIES;
 import static org.owasp.esapi.configuration.consts.EsapiConfigurationType.XML;
@@ -17,17 +17,38 @@
 public class EsapiPropertyLoaderFactory {
 
     public static AbstractPrioritizedPropertyLoader createPropertyLoader(EsapiConfiguration cfg)
-            throws ConfigurationException, FileNotFoundException {
+            throws ConfigurationException, IOException {
         String cfgPath = System.getProperty(cfg.getConfigName());
-        if (cfgPath == null) {
-            throw new ConfigurationException("System property [" + cfg.getConfigName() + "] is not set");
+        if ( cfgPath == null || cfgPath.equals("") ) {
+            // TODO / FIXME:
+            // This case was previously a warning, but it should NOT have been
+            // since these system properties are optional. Most people just use
+            // the traditional ESAPI.properties file and not these prioritized ones.
+            // A warning gets logged in EsapiPropertyManager if logSpecial output
+            // has not been discarded.
+            //
+            // Note also there were a LOT of cases in our JUnit tests where the
+            // file extension was empty, causing the ConfigurationException to
+            // be thrown with the error message:
+            //      "Configuration storage type [] is not supported"
+            // I don't think that was intentional, but because prior to the
+            // changes for this commit, these were all ConfigurationExceptions
+            // and they all were just being caught and not re-thrown by
+            // DefaultSecurityConfigurator. I think that is an error, probably
+            // in the tests, but I don't have timed to chase it down right now
+            // because of the pending 2.2.0.0 release.
+            //
+            // Also, I made several fixes in DefaultSecurityConfiguration
+            // related to this clean-up where IOExceptions were being silently
+            // caught when they should not have been.  -kwwall
+            return null;
         }
         String fileExtension = cfgPath.substring(cfgPath.lastIndexOf('.') + 1);
 
-        if (XML.getTypeName().equals(fileExtension)) {
+        if (XML.getTypeName().equalsIgnoreCase(fileExtension)) {
             return new XmlEsapiPropertyLoader(cfgPath, cfg.getPriority());
         }
-        if (PROPERTIES.getTypeName().equals(fileExtension)) {
+        if (PROPERTIES.getTypeName().equalsIgnoreCase(fileExtension)) {
             return new StandardEsapiPropertyLoader(cfgPath, cfg.getPriority());
         } else {
             throw new ConfigurationException("Configuration storage type [" + fileExtension + "] is not " +
diff --git a/src/main/java/org/owasp/esapi/configuration/EsapiPropertyManager.java b/src/main/java/org/owasp/esapi/configuration/EsapiPropertyManager.java
index 9609ec0be..94b5e4d5a 100644
--- a/src/main/java/org/owasp/esapi/configuration/EsapiPropertyManager.java
+++ b/src/main/java/org/owasp/esapi/configuration/EsapiPropertyManager.java
@@ -4,9 +4,15 @@
 import org.owasp.esapi.errors.ConfigurationException;
 
 import java.util.TreeSet;
+import java.io.IOException;
 
 import static org.owasp.esapi.configuration.EsapiPropertyLoaderFactory.createPropertyLoader;
 
+// Have dependency like this on a reference implmentation is majorly ugly, I know, but I
+// don't want to refactor code and delay the 2.2.0.0 release further and this class
+// is WAY too noisy. - kwwall
+import static org.owasp.esapi.reference.DefaultSecurityConfiguration.logToStdout;
+
 /**
  * Manager used for loading security configuration properties. Does all the logic to obtain the correct property from
  * correct source. Uses following system properties to find configuration files:
@@ -21,7 +27,7 @@ public class EsapiPropertyManager implements EsapiPropertyLoader {
 
     protected TreeSet<AbstractPrioritizedPropertyLoader> loaders;
 
-    public EsapiPropertyManager() {
+    public EsapiPropertyManager() throws IOException {
         initLoaders();
     }
 
@@ -34,7 +40,7 @@ public int getIntProp(String propertyName) throws ConfigurationException {
             try {
                 return loader.getIntProp(propertyName);
             } catch (ConfigurationException e) {
-                System.err.println("Property not found in " + loader.name());
+                logToStdout("Integer property '" + propertyName + "' not found in " + loader.name(), e);
             }
         }
         throw new ConfigurationException("Could not find property " + propertyName + " in configuration");
@@ -49,7 +55,7 @@ public byte[] getByteArrayProp(String propertyName) throws ConfigurationExceptio
             try {
                 return loader.getByteArrayProp(propertyName);
             } catch (ConfigurationException e) {
-                System.err.println("Property not found in " + loader.name());
+                logToStdout("Byte array property '" + propertyName + "' not found in " + loader.name(), e);
             }
         }
         throw new ConfigurationException("Could not find property " + propertyName + " in configuration");
@@ -64,7 +70,7 @@ public Boolean getBooleanProp(String propertyName) throws ConfigurationException
             try {
                 return loader.getBooleanProp(propertyName);
             } catch (ConfigurationException e) {
-                System.err.println("Property not found in " + loader.name());
+                logToStdout("Boolean property '" + propertyName + "' not found in " + loader.name(), e);
             }
         }
         throw new ConfigurationException("Could not find property " + propertyName + " in configuration");
@@ -79,25 +85,37 @@ public String getStringProp(String propertyName) throws ConfigurationException {
             try {
                 return loader.getStringProp(propertyName);
             } catch (ConfigurationException e) {
-                System.err.println("Property : " + propertyName + " not found in " + loader.name());
+                logToStdout("Property '" + propertyName + "' not found in " + loader.name(), e);
             }
         }
         throw new ConfigurationException("Could not find property " + propertyName + " in configuration");
     }
 
-    private void initLoaders() {
+    private void initLoaders() throws IOException {
         loaders = new TreeSet<AbstractPrioritizedPropertyLoader>();
         try {
-            loaders.add(createPropertyLoader(EsapiConfiguration.OPSTEAM_ESAPI_CFG));
-        } catch (Exception e) {
-            System.err.println(e.getMessage());
+            AbstractPrioritizedPropertyLoader appl = createPropertyLoader(EsapiConfiguration.OPSTEAM_ESAPI_CFG);
+            if ( appl == null ) {
+                String msg = "WARNING: System property [" + EsapiConfiguration.OPSTEAM_ESAPI_CFG.getConfigName() + "] is not set";
+                logToStdout(msg, null);
+            } else {
+                loaders.add( appl );
+            }
+        } catch (IOException e) {
+            logToStdout("WARNING: Exception encountered while setting up ESAPI configuration manager for OPS team", e);
+            throw e;
         }
         try {
-            loaders.add(createPropertyLoader(EsapiConfiguration.DEVTEAM_ESAPI_CFG));
-        } catch (Exception e) {
-            System.err.println(e.getMessage());
+            AbstractPrioritizedPropertyLoader appl = createPropertyLoader(EsapiConfiguration.DEVTEAM_ESAPI_CFG);
+            if ( appl == null ) {
+                String msg = "WARNING: System property [" + EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName() + "] is not set";
+                logToStdout(msg, null);
+            } else {
+                loaders.add( appl );
+            }
+        } catch (IOException e) {
+            logToStdout("WARNING: Exception encountered while setting up ESAPI configuration manager for DEV team", e);
+            throw e;
         }
     }
-
-
 }
diff --git a/src/main/java/org/owasp/esapi/configuration/StandardEsapiPropertyLoader.java b/src/main/java/org/owasp/esapi/configuration/StandardEsapiPropertyLoader.java
index 4be9ba759..565235a84 100644
--- a/src/main/java/org/owasp/esapi/configuration/StandardEsapiPropertyLoader.java
+++ b/src/main/java/org/owasp/esapi/configuration/StandardEsapiPropertyLoader.java
@@ -12,7 +12,7 @@
  */
 public class StandardEsapiPropertyLoader extends AbstractPrioritizedPropertyLoader {
 
-    public StandardEsapiPropertyLoader(String filename, int priority) {
+    public StandardEsapiPropertyLoader(String filename, int priority) throws IOException {
         super(filename, priority);
     }
 
diff --git a/src/main/java/org/owasp/esapi/configuration/XmlEsapiPropertyLoader.java b/src/main/java/org/owasp/esapi/configuration/XmlEsapiPropertyLoader.java
index beddf93ba..daf547272 100644
--- a/src/main/java/org/owasp/esapi/configuration/XmlEsapiPropertyLoader.java
+++ b/src/main/java/org/owasp/esapi/configuration/XmlEsapiPropertyLoader.java
@@ -26,7 +26,7 @@
  */
 public class XmlEsapiPropertyLoader extends AbstractPrioritizedPropertyLoader {
 
-    public XmlEsapiPropertyLoader(String filename, int priority) {
+    public XmlEsapiPropertyLoader(String filename, int priority) throws IOException {
         super(filename, priority);
     }
 
@@ -80,7 +80,7 @@ public Boolean getBooleanProp(String propertyName) throws ConfigurationException
             return false;
         } else {
             throw new ConfigurationException("Incorrect type of : " + propertyName + ". Value " + property +
-                    "cannot be converted to boolean");
+                    "cannot be converted to boolean; legal values are: true, false, yes, no");
         }
     }
 
@@ -120,6 +120,7 @@ protected void loadPropertiesFromFile(File file) throws ConfigurationException {
                 }
             }
         } catch (Exception e) {
+            logSpecial("XML config file " + filename + " has invalid schema", e);
             throw new ConfigurationException("Configuration file : " + filename + " has invalid schema." + e.getMessage(), e);
         }
     }
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
index 851cbcc28..c244c20fa 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
@@ -235,9 +235,9 @@ public static SecurityConfiguration getInstance() {
      */
     DefaultSecurityConfiguration(String resourceFile) {
     	this.resourceFile = resourceFile;
-        this.esapiPropertyManager = new EsapiPropertyManager();
     	// load security configuration
     	try {
+            this.esapiPropertyManager = new EsapiPropertyManager();
         	loadConfiguration();
         	this.setCipherXProperties();
         } catch( IOException e ) {
@@ -646,7 +646,13 @@ private Properties loadConfigurationFromClasspath(String fileName) throws Illega
 				try {
 					// try root
 					String currentClasspathSearchLocation = "/ (root)";
-					in = loaders[i].getResourceAsStream(DefaultSearchPath.ROOT.toString());
+                        // Note: do NOT add '/' anywhere here even though root value is empty string!
+                        // Note that since DefaultSearchPath.ROOT.value() is now "" (the empty string),
+                        // then this is logically equivalent to what we used to have, which was:
+                        //
+						//      in = loaders[i].getResourceAsStream(fileName);
+                        //
+					in = loaders[i].getResourceAsStream(DefaultSearchPath.ROOT.value() + fileName);
 					
 					// try resourceDirectory folder
 					if (in == null) {
@@ -1391,7 +1397,7 @@ public enum DefaultSearchPath {
     	
     	RESOURCE_DIRECTORY("resourceDirectory/"),
     	SRC_MAIN_RESOURCES("src/main/resources/"),
-    	ROOT("/"),
+    	ROOT(""),
     	DOT_ESAPI(".esapi/"),
     	ESAPI("esapi/"),
     	RESOURCES("resources/");
diff --git a/src/main/resources/ESAPI-properties.xsd b/src/main/resources/ESAPI-properties.xsd
index 523d3a124..152411b7c 100644
--- a/src/main/resources/ESAPI-properties.xsd
+++ b/src/main/resources/ESAPI-properties.xsd
@@ -2,7 +2,7 @@
     <xs:element name="properties">
         <xs:complexType>
             <xs:sequence>
-                <xs:element name="property" maxOccurs="unbounded" minOccurs="0">
+                <xs:element name="property" maxOccurs="10000" minOccurs="0">
                     <xs:complexType>
                         <xs:simpleContent>
                             <xs:extension base="xs:string">
@@ -14,4 +14,4 @@
             </xs:sequence>
         </xs:complexType>
     </xs:element>
-</xs:schema>
\ No newline at end of file
+</xs:schema>
diff --git a/src/test/java/org/owasp/esapi/configuration/EsapiPropertyManagerTest.java b/src/test/java/org/owasp/esapi/configuration/EsapiPropertyManagerTest.java
index 09096a424..6fb1c0abf 100644
--- a/src/test/java/org/owasp/esapi/configuration/EsapiPropertyManagerTest.java
+++ b/src/test/java/org/owasp/esapi/configuration/EsapiPropertyManagerTest.java
@@ -8,6 +8,7 @@
 
 import java.io.File;
 import java.io.IOException;
+import java.io.FileNotFoundException;
 
 import static junit.framework.Assert.*;
 
@@ -17,6 +18,7 @@ public class EsapiPropertyManagerTest {
     private static String propFilename2;
     private static String xmlFilename1;
     private static String xmlFilename2;
+    private static final String noSuchFile = "/invalidDir/noSubDir/nosuchFile.xml";
 
     private EsapiPropertyManager testPropertyManager;
 
@@ -32,6 +34,7 @@ public void init() {
                 "esapi" + File.separator + "ESAPI-test.xml";
         xmlFilename2 = "src" + File.separator + "test" + File.separator + "resources" + File.separator +
                 "esapi" + File.separator + "ESAPI-test-2.xml";
+
     }
 
     @Test
@@ -41,7 +44,11 @@ public void testPropertyManagerInitialized() {
         System.setProperty(EsapiConfiguration.OPSTEAM_ESAPI_CFG.getConfigName(), propFilename2);
 
         // when
-         testPropertyManager = new EsapiPropertyManager();
+        try {
+            testPropertyManager = new EsapiPropertyManager();
+        } catch (IOException e) {
+            fail(e.getMessage());
+        }
 
         // then
         assertNotNull(testPropertyManager.loaders);
@@ -56,7 +63,11 @@ public void testStringPropFoundInLoader() {
         String expectedPropertyValue = "test_string_property";
 
         // when
-        testPropertyManager = new EsapiPropertyManager();
+        try {
+            testPropertyManager = new EsapiPropertyManager();
+        } catch (IOException e) {
+            fail(e.getMessage());
+        }
         String propertyValue = testPropertyManager.getStringProp(propertyKey);
 
         // then
@@ -73,7 +84,11 @@ public void testStringPropertyLoadedFromFileWithHigherPriority() {
         String expectedValue = "test_string_property_2";
 
         // when
-        testPropertyManager = new EsapiPropertyManager();
+        try {
+            testPropertyManager = new EsapiPropertyManager();
+        } catch (IOException e) {
+            fail(e.getMessage());
+        }
         String propertyValue = testPropertyManager.getStringProp(propertyKey);
 
         // then
@@ -89,7 +104,11 @@ public void testStringPropertyLoadedFromPropFileWithHigherPriority() {
         String expectedValue = "test_string_property_2";
 
         // when
-        testPropertyManager = new EsapiPropertyManager();
+        try {
+            testPropertyManager = new EsapiPropertyManager();
+        } catch (IOException e) {
+            fail(e.getMessage());
+        }
         String propertyValue = testPropertyManager.getStringProp(propertyKey);
 
         // then
@@ -105,7 +124,11 @@ public void testStringPropertyLoadedFromXmlFileWithHigherPriority() {
         String expectedValue = "test_string_property_2";
 
         // when
-        testPropertyManager = new EsapiPropertyManager();
+        try {
+            testPropertyManager = new EsapiPropertyManager();
+        } catch (IOException e) {
+            fail(e.getMessage());
+        }
         String propertyValue = testPropertyManager.getStringProp(propertyKey);
 
         // then
@@ -120,7 +143,11 @@ public void testStringPropertyNotFoundByLoaderAndThrowException() {
         String propertyKey = "non.existing.property";
 
         // when
-        testPropertyManager = new EsapiPropertyManager();
+        try {
+            testPropertyManager = new EsapiPropertyManager();
+        } catch (IOException e) {
+            fail(e.getMessage());
+        }
         testPropertyManager.getStringProp(propertyKey);
 
         // then expect exception
@@ -134,7 +161,11 @@ public void testIntPropFoundInLoader() {
         int expectedPropertyValue = 5;
 
         // when
-        testPropertyManager = new EsapiPropertyManager();
+        try {
+            testPropertyManager = new EsapiPropertyManager();
+        } catch (IOException e) {
+            fail(e.getMessage());
+        }
         int propertyValue = testPropertyManager.getIntProp(propertyKey);
 
         // then
@@ -150,7 +181,11 @@ public void testIntPropertyLoadedFromFileWithHigherPriority() {
         int expectedValue = 52;
 
         // when
-        testPropertyManager = new EsapiPropertyManager();
+        try {
+            testPropertyManager = new EsapiPropertyManager();
+        } catch (IOException e) {
+            fail(e.getMessage());
+        }
         int propertyValue = testPropertyManager.getIntProp(propertyKey);
 
         // then
@@ -166,7 +201,11 @@ public void testIntPropertyLoadedFromPropFileWithHigherPriority() {
         int expectedValue = 52;    // value from ESAPI-test-2.properties file
 
         // when
-        testPropertyManager = new EsapiPropertyManager();
+        try {
+            testPropertyManager = new EsapiPropertyManager();
+        } catch (IOException e) {
+            fail(e.getMessage());
+        }
         int propertyValue = testPropertyManager.getIntProp(propertyKey);
 
         // then
@@ -182,7 +221,11 @@ public void testIntPropertyLoadedFromXmlFileWithHigherPriority() {
         int expectedValue = 52;
 
         // when
-        testPropertyManager = new EsapiPropertyManager();
+        try {
+            testPropertyManager = new EsapiPropertyManager();
+        } catch (IOException e) {
+            fail(e.getMessage());
+        }
         int propertyValue = testPropertyManager.getIntProp(propertyKey);
 
         // then
@@ -196,7 +239,11 @@ public void testIntPropertyNotFoundByLoaderAndThrowException() {
         String propertyKey = "non.existing.property";
 
         // when
-        testPropertyManager = new EsapiPropertyManager();
+        try {
+            testPropertyManager = new EsapiPropertyManager();
+        } catch (IOException e) {
+            fail(e.getMessage());
+        }
         testPropertyManager.getIntProp(propertyKey);
 
         // then expect exception
@@ -210,7 +257,11 @@ public void testBooleanPropFoundInLoader() {
         boolean expectedPropertyValue = true;
 
         // when
-        testPropertyManager = new EsapiPropertyManager();
+        try {
+            testPropertyManager = new EsapiPropertyManager();
+        } catch (IOException e) {
+            fail(e.getMessage());
+        }
         boolean propertyValue = testPropertyManager.getBooleanProp(propertyKey);
 
         // then
@@ -223,7 +274,11 @@ public void testBooleanPropertyNotFoundByLoaderAndThrowException() {
         String propertyKey = "non.existing.property";
 
         // when
-        testPropertyManager = new EsapiPropertyManager();
+        try {
+            testPropertyManager = new EsapiPropertyManager();
+        } catch (IOException e) {
+            fail(e.getMessage());
+        }
         testPropertyManager.getBooleanProp(propertyKey);
 
         // then expect exception
@@ -242,7 +297,11 @@ public void testByteArrayPropFoundInLoader() {
         }
 
         // when
-        testPropertyManager = new EsapiPropertyManager();
+        try {
+            testPropertyManager = new EsapiPropertyManager();
+        } catch (IOException e) {
+            fail(e.getMessage());
+        }
         byte[] propertyValue = testPropertyManager.getByteArrayProp(propertyKey);
 
         // then
@@ -263,7 +322,11 @@ public void testByteArrayPropertyLoadedFromFileWithHigherPriority() {
         }
 
         // when
-        testPropertyManager = new EsapiPropertyManager();
+        try {
+            testPropertyManager = new EsapiPropertyManager();
+        } catch (IOException e) {
+            fail(e.getMessage());
+        }
         byte[] propertyValue = testPropertyManager.getByteArrayProp(propertyKey);
 
         // then
@@ -284,7 +347,11 @@ public void testByteArrayPropertyLoadedFromPropFileWithHigherPriority() {
         }
 
         // when
-        testPropertyManager = new EsapiPropertyManager();
+        try {
+            testPropertyManager = new EsapiPropertyManager();
+        } catch (IOException e) {
+            fail(e.getMessage());
+        }
         byte[] propertyValue = testPropertyManager.getByteArrayProp(propertyKey);
 
         // then
@@ -305,7 +372,11 @@ public void testByteArrayPropertyLoadedFromXmlFileWithHigherPriority() {
         }
 
         // when
-        testPropertyManager = new EsapiPropertyManager();
+        try {
+            testPropertyManager = new EsapiPropertyManager();
+        } catch (IOException e) {
+            fail(e.getMessage());
+        }
         byte[] propertyValue = testPropertyManager.getByteArrayProp(propertyKey);
 
         // then
@@ -318,10 +389,33 @@ public void testByteArrayPropertyNotFoundByLoaderAndThrowException() {
         String propertyKey = "non.existing.property";
 
         // when
-        testPropertyManager = new EsapiPropertyManager();
+        try {
+            testPropertyManager = new EsapiPropertyManager();
+        } catch (IOException e) {
+            fail(e.getMessage());
+        }
         testPropertyManager.getByteArrayProp(propertyKey);
 
         // then expect exception
     }
 
+
+    @Test
+    public void testExpectFileNotFoundException() {
+        // given
+        System.setProperty(EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName(), noSuchFile);
+
+        // when
+        try {
+            testPropertyManager = new EsapiPropertyManager();
+        } catch (IOException e) {
+            if ( e instanceof FileNotFoundException ) {
+                return;
+            } else {
+                fail("testExpectFileNotFoundException(): Was expecting FileNotFoundException for IOException. Exception:" + e);
+            }
+        }
+        
+        fail("Did not throw expected IOException for property file " + noSuchFile);
+    }
 }
diff --git a/src/test/java/org/owasp/esapi/configuration/StandardEsapiPropertyLoaderTest.java b/src/test/java/org/owasp/esapi/configuration/StandardEsapiPropertyLoaderTest.java
index cf0cffca9..c07f4e305 100644
--- a/src/test/java/org/owasp/esapi/configuration/StandardEsapiPropertyLoaderTest.java
+++ b/src/test/java/org/owasp/esapi/configuration/StandardEsapiPropertyLoaderTest.java
@@ -31,8 +31,12 @@ public void init() {
     @Test
     public void testPropertiesLoaded() {
         // when
-        testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
-        
+        try {
+            testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
+
         // then
         assertFalse(testPropertyLoader.properties.isEmpty());
     }
@@ -43,7 +47,11 @@ public void testPriority() {
         int expectedValue = 1;
 
         // when
-        testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        try {
+            testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
         int value = testPropertyLoader.priority();
 
         // then
@@ -54,10 +62,15 @@ public void testPriority() {
     public void testLoadersAreEqual() {
         // given
         int expectedValue = 0;
+        StandardEsapiPropertyLoader otherPropertyLoader = null;
 
         // when
-        testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
-        StandardEsapiPropertyLoader otherPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        try {
+            testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+            otherPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
         int value = testPropertyLoader.compareTo(otherPropertyLoader);
 
         // then
@@ -69,10 +82,15 @@ public void testCompareWithOtherLoaderWithHigherPriority() {
         // given
         int expectedValue = -1;
         int higherPriority = 2;
+        StandardEsapiPropertyLoader otherPropertyLoader = null;
 
         // when
-        testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
-        StandardEsapiPropertyLoader otherPropertyLoader = new StandardEsapiPropertyLoader(filename, higherPriority);
+        try {
+            testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+            otherPropertyLoader = new StandardEsapiPropertyLoader(filename, higherPriority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
         int value = testPropertyLoader.compareTo(otherPropertyLoader);
 
         // then
@@ -84,10 +102,15 @@ public void testCompareWithOtherLoaderWithLowerPriority() {
         // given
         int expectedValue = 1;
         int lowerPriority = 0;
+        StandardEsapiPropertyLoader otherPropertyLoader = null;
 
         // when
-        testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
-        StandardEsapiPropertyLoader otherPropertyLoader = new StandardEsapiPropertyLoader(filename, lowerPriority);
+        try {
+            testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+            otherPropertyLoader = new StandardEsapiPropertyLoader(filename, lowerPriority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
         int value = testPropertyLoader.compareTo(otherPropertyLoader);
 
         // then
@@ -100,7 +123,11 @@ public void testGetIntProp() {
         String propertyKey = "int_property";
         
         // when
-        testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        try {
+            testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
         int propertyValue = testPropertyLoader.getIntProp(propertyKey);
 
         // then
@@ -113,7 +140,11 @@ public void testIntPropertyNotFound() throws ConfigurationException {
         String propertyKey = "non-existing-key";
         
         // when
-        testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        try {
+            testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
         testPropertyLoader.getIntProp(propertyKey);
 
         // then expect exception
@@ -125,7 +156,11 @@ public void testIncorrectIntPropertyType() {
         String key = "invalid_int_property";
 
         // when
-        testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        try {
+            testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
         testPropertyLoader.getIntProp(key);
 
         // then expect exception
@@ -138,7 +173,11 @@ public void testGetStringProp() {
         String expectedValue = "test_string_property";
         
         // when
-        testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        try {
+            testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
         String propertyValue = testPropertyLoader.getStringProp(propertyKey);
         
         // then
@@ -151,7 +190,11 @@ public void testStringPropertyNotFound() throws ConfigurationException {
         String propertyKey = "non-existing-key";
         
         // when
-        testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        try {
+            testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
         testPropertyLoader.getStringProp(propertyKey);
 
         // then expect exception
@@ -167,7 +210,11 @@ public void testGetBooleanProp() {
         boolean expectedValue = true;
         
         // when
-        testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        try {
+            testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
         boolean value = testPropertyLoader.getBooleanProp(propertyKey);
         
         // then
@@ -181,7 +228,11 @@ public void testGetBooleanYesProperty() {
         boolean expectedValue = true;
 
         // when
-        testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        try {
+            testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
         boolean value = testPropertyLoader.getBooleanProp(key);
 
         // then
@@ -195,7 +246,11 @@ public void testGetBooleanNoProperty() {
         boolean expectedValue = false;
 
         // when
-        testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        try {
+            testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
         boolean value = testPropertyLoader.getBooleanProp(key);
 
         // then
@@ -205,12 +260,17 @@ public void testGetBooleanNoProperty() {
     @Test(expected = ConfigurationException.class)
     public void testBooleanPropertyNotFound() throws ConfigurationException {
         // given
-        String filename = "src" + File.separator + "test" + File.separator + "src/main/resources" + File.separator +
-                "esapi" + File.separator + "ESAPI-test.properties";        int priority = 1;
+        String filename = "src" + File.separator + "test" + File.separator + "resources" + File.separator +
+                "esapi" + File.separator + "ESAPI-test.properties";
+        int priority = 1;
         String propertyKey = "non-existing-key";
         
         // when
-        testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        try {
+            testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
         testPropertyLoader.getBooleanProp(propertyKey);
 
         // then expect exception
@@ -222,7 +282,11 @@ public void testIncorrectBooleanPropertyType() throws ConfigurationException {
         String key = "invalid_boolean_property";
 
         // when
-        testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        try {
+            testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
         testPropertyLoader.getBooleanProp(key);
 
         // then expect exception
@@ -244,7 +308,11 @@ public void testGetByteArrayProp() {
         }
         
         // when
-        testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        try {
+            testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
         byte[] value = testPropertyLoader.getByteArrayProp(propertyKey);
         
         // then
@@ -254,12 +322,17 @@ public void testGetByteArrayProp() {
     @Test(expected = ConfigurationException.class)
     public void testByteArrayPropertyNotFound() throws ConfigurationException {
         // given
-        String filename = "src" + File.separator + "test" + File.separator + "src/main/resources" + File.separator +
+        String filename = "src" + File.separator + "test" + File.separator + "resources" + File.separator +
                 "esapi" + File.separator + "ESAPI-test.properties";        int priority = 1;
         String propertyKey = "non-existing-key";
         
         // when
-        testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        try {
+            testPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
+
         testPropertyLoader.getByteArrayProp(propertyKey);
 
         // then expect exception
diff --git a/src/test/java/org/owasp/esapi/configuration/XmlEsapiPropertyLoaderTest.java b/src/test/java/org/owasp/esapi/configuration/XmlEsapiPropertyLoaderTest.java
index 9a60f182b..2f1a618ec 100644
--- a/src/test/java/org/owasp/esapi/configuration/XmlEsapiPropertyLoaderTest.java
+++ b/src/test/java/org/owasp/esapi/configuration/XmlEsapiPropertyLoaderTest.java
@@ -30,22 +30,33 @@ public void init() {
     @Test
     public void testPropertiesLoaded() {
         // when
-        testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+        try {
+            testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
 
         // then
         assertFalse(testPropertyLoader.properties.isEmpty());
     }
 
-    @Test(expected = ConfigurationException.class)
+    @Test
     public void testInvalidPropertyFile() {
-        // given
+        // given - the file exists, but does not conform to the schema.
         String invalidFilename = "src" + File.separator + "test" + File.separator + "resources" + File.separator +
                 "esapi" + File.separator + "ESAPI-test-invalid-content.xml";
 
         // when
-        testPropertyLoader = new XmlEsapiPropertyLoader(invalidFilename, priority);
+        try {
+            testPropertyLoader = new XmlEsapiPropertyLoader(invalidFilename, priority);
+        } catch ( IOException iex ) {
+            // iex.printStackTrace(System.err);
+            fail("Caught unexpected IOException; exception was: " + iex);
+        } catch ( ConfigurationException cex) {
+            return;
+        }
 
-        // then expect exception
+        fail("Failed to catch expected ConfigurationException for invalid property file name: " + invalidFilename);
     }
 
     @Test
@@ -54,7 +65,11 @@ public void testPriority() {
         int expectedValue = 1;
 
         // when
-        testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+        try {
+            testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
         int value = testPropertyLoader.priority();
 
         // then
@@ -65,10 +80,15 @@ public void testPriority() {
     public void testLoadersAreEqual() {
         // given
         int expectedValue = 0;
+        StandardEsapiPropertyLoader otherPropertyLoader = null;
 
         // when
-        testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
-        StandardEsapiPropertyLoader otherPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        try {
+            testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+            otherPropertyLoader = new StandardEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
         int value = testPropertyLoader.compareTo(otherPropertyLoader);
 
         // then
@@ -80,10 +100,15 @@ public void testCompareWithOtherLoaderWithHigherPriority() {
         // given
         int expectedValue = -1;
         int higherPriority = 2;
+        StandardEsapiPropertyLoader otherPropertyLoader = null;
 
         // when
-        testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
-        StandardEsapiPropertyLoader otherPropertyLoader = new StandardEsapiPropertyLoader(filename, higherPriority);
+        try {
+            testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+            otherPropertyLoader = new StandardEsapiPropertyLoader(filename, higherPriority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
         int value = testPropertyLoader.compareTo(otherPropertyLoader);
 
         // then
@@ -95,10 +120,15 @@ public void testCompareWithOtherLoaderWithLowerPriority() {
         // given
         int expectedValue = 1;
         int lowerPriority = 0;
+        StandardEsapiPropertyLoader otherPropertyLoader = null;
 
         // when
-        testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
-        StandardEsapiPropertyLoader otherPropertyLoader = new StandardEsapiPropertyLoader(filename, lowerPriority);
+        try {
+            testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+            otherPropertyLoader = new StandardEsapiPropertyLoader(filename, lowerPriority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
         int value = testPropertyLoader.compareTo(otherPropertyLoader);
 
         // then
@@ -112,7 +142,11 @@ public void testGetIntProp() {
         int expectedValue = 5;
 
         // when
-        testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+        try {
+            testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
         int value = testPropertyLoader.getIntProp(key);
 
         // then
@@ -125,7 +159,11 @@ public void testIntPropertyNotFound() throws ConfigurationException {
         String key = "non-existing-key";
 
         // when
-        testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+        try {
+            testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
         testPropertyLoader.getIntProp(key);
 
         // then expect exception
@@ -137,7 +175,11 @@ public void testIncorrectIntPropertyType() {
         String key = "invalid_int_property";
 
         // when
-        testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+        try {
+            testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
         testPropertyLoader.getIntProp(key);
 
         // then expect exception
@@ -150,7 +192,11 @@ public void testGetStringProp() {
         String expectedValue = "test_string_property";
 
         // when
-        testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+        try {
+            testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
         String value = testPropertyLoader.getStringProp(key);
 
         // then
@@ -163,7 +209,11 @@ public void testStringPropertyNotFound() throws ConfigurationException {
         String key = "non-existing-key";
 
         // when
-        testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+        try {
+            testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
         testPropertyLoader.getStringProp(key);
 
         // then expect exception
@@ -176,7 +226,11 @@ public void testGetBooleanProp() {
         boolean expectedValue = true;
 
         // when
-        testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+        try {
+            testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
         boolean value = testPropertyLoader.getBooleanProp(key);
 
         // then
@@ -190,7 +244,11 @@ public void testGetBooleanYesProperty() {
         boolean expectedValue = true;
 
         // when
-        testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+        try {
+            testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
         boolean value = testPropertyLoader.getBooleanProp(key);
 
         // then
@@ -204,7 +262,11 @@ public void testGetBooleanNoProperty() {
         boolean expectedValue = false;
 
         // when
-        testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+        try {
+            testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
         boolean value = testPropertyLoader.getBooleanProp(key);
 
         // then
@@ -217,7 +279,11 @@ public void testBooleanPropertyNotFound() throws ConfigurationException {
         String key = "non-existing-key";
 
         // when
-        testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+        try {
+            testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
         testPropertyLoader.getBooleanProp(key);
 
         // then expect exception
@@ -229,7 +295,11 @@ public void testIncorrectBooleanPropertyType() throws ConfigurationException {
         String key = "invalid_boolean_property";
 
         // when
-        testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+        try {
+            testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
         testPropertyLoader.getBooleanProp(key);
 
         // then expect exception
@@ -247,7 +317,11 @@ public void testGetByteArrayProp() {
         }
 
         // when
-        testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+        try {
+            testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
         byte[] value = testPropertyLoader.getByteArrayProp(key);
 
         // then
@@ -260,7 +334,11 @@ public void testByteArrayPropertyNotFound() throws ConfigurationException {
         String key = "non-existing-key";
 
         // when
-        testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+        try {
+            testPropertyLoader = new XmlEsapiPropertyLoader(filename, priority);
+        } catch ( IOException e ) {
+            fail( e.getMessage() );
+        }
         testPropertyLoader.getByteArrayProp(key);
 
         // then expect exception
diff --git a/src/test/java/org/owasp/esapi/reference/DefaultSecurityConfigurationTest.java b/src/test/java/org/owasp/esapi/reference/DefaultSecurityConfigurationTest.java
index 3bc00bd05..b24ffa5bc 100644
--- a/src/test/java/org/owasp/esapi/reference/DefaultSecurityConfigurationTest.java
+++ b/src/test/java/org/owasp/esapi/reference/DefaultSecurityConfigurationTest.java
@@ -394,12 +394,60 @@ public void testGetMaxLogFileSize() {
 		secConf = this.createWithProperty(DefaultSecurityConfiguration.MAX_LOG_FILE_SIZE, String.valueOf(maxLogSize));
 		assertEquals(maxLogSize, secConf.getMaxLogFileSize());
 	}
-	
+
+    @Test
+    public void testNoSuchPropFile(){
+        try {
+                                        // Do NOT create a file by this name!!! -----vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
+            DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration("NoSuchEsapiPropFileXyzzy.properties");
+        }
+        catch( ConfigurationException cex ) {
+            assertNotNull("Caught exception with null exception msg", cex.getMessage() );
+            assertFalse("Exception msg is empty string", cex.getMessage().equals("") );
+        }
+        catch( Throwable t ) {
+            fail("testNoSuchPropFile(): Unexpected exception type: " + t.getClass().getName() + "; ex msg: " + t);
+        }
+
+    }
+    
 	private String patternOrNull(Pattern p){
 		return null==p?null:p.pattern();
 	}
 
 	@Test
+    public void testRootCPLoading(){
+        DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration("ESAPI-root-cp.properties");
+        assertEquals(patternOrNull(secConf.getValidationPattern("Test1")), "ValueFromFile1");
+        assertNull(secConf.getValidationPattern("Test2"));
+        assertNull(secConf.getValidationPattern("TestC"));
+    }
+
+    @Test
+    public void testRootCPLoadingAlt(){
+        // This should work also via the class loader.
+        DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration("esapi/ESAPI-SingleValidatorFileChecker.properties");
+        assertEquals(patternOrNull(secConf.getValidationPattern("Test1")), "ValueFromFile1");
+        assertNull(secConf.getValidationPattern("Test2"));
+        assertNull(secConf.getValidationPattern("TestC"));
+    }
+
+    @Test
+    public void testRootCPLoadingAlt2(){
+        try {
+            // This should fail, because of the '/' on the resourse.
+            DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration("/ESAPI-root-cp.properties");
+        }
+        catch( ConfigurationException cex ) {
+            assertNotNull("Caught exception with null exception msg", cex.getMessage() );
+            assertFalse("Exception msg is empty string", cex.getMessage().equals("") );
+        }
+        catch( Throwable t ) {
+            fail("testNoSuchPropFile(): Unexpected exception type: " + t.getClass().getName() + "; ex msg: " + t);
+        }
+    }
+
+    @Test
 	public void testValidationsPropertiesFileOptions(){
 		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration("ESAPI-SingleValidatorFileChecker.properties");
 		assertEquals(patternOrNull(secConf.getValidationPattern("Test1")), "ValueFromFile1");
@@ -424,7 +472,7 @@ public void testValidationsPropertiesFileOptions(){
 	
 	@Test 
 	public void DefaultSearchPathTest(){
-		assertEquals("/", DefaultSearchPath.ROOT.value());
+		assertEquals("", DefaultSearchPath.ROOT.value());
 		assertEquals("resourceDirectory/", DefaultSearchPath.RESOURCE_DIRECTORY.value());
 		assertEquals(".esapi/", DefaultSearchPath.DOT_ESAPI.value());
 		assertEquals("esapi/", DefaultSearchPath.ESAPI.value());
diff --git a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
index d78f2f38a..d342a470e 100644
--- a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
+++ b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
@@ -285,6 +285,22 @@ public void testIsInvalidFilename() {
         assertFalse("Filennames cannot be the empty string", instance.isValidFileName("test", "", false));
     }
 
+    // Reset 'parent' depending on where Windows is installed so running off
+    // different drive doesn't break tests in testIsValidDirectoryPath().
+    private File resetParentForWindows(String sysRoot) throws IOException {
+        if ( sysRoot == null ) {
+            return new File("C:\\");
+        }
+        int bslash = sysRoot.indexOf('\\');
+        String winRoot = null;
+        if ( bslash == -1 || sysRoot.length() < 4 ) {
+            winRoot = "C:\\";   // Well, that's a first. Just pretend it's under C:\.
+        } else {
+            winRoot = sysRoot.substring(0, bslash + 1);
+        }
+        return new File( winRoot );
+    }
+
     public void testIsValidDirectoryPath() throws IOException {
         System.out.println("isValidDirectoryPath");
 
@@ -301,6 +317,10 @@ public void testIsValidDirectoryPath() throws IOException {
 
         if (isWindows) {
             String sysRoot = new File(System.getenv("SystemRoot")).getCanonicalPath();
+
+            // Reset 'parent' in case running from drive other than where Windows installed.
+            parent = resetParentForWindows( sysRoot );
+
             // Windows paths that don't exist and thus should fail
             assertFalse(instance.isValidDirectoryPath("test", "c:\\ridiculous", parent, false));
             assertFalse(instance.isValidDirectoryPath("test", "c:\\jeff", parent, false));
diff --git a/src/test/java/org/owasp/esapi/util/ObjFactoryTest.java b/src/test/java/org/owasp/esapi/util/ObjFactoryTest.java
index 4657e4a0a..9a44b25e8 100644
--- a/src/test/java/org/owasp/esapi/util/ObjFactoryTest.java
+++ b/src/test/java/org/owasp/esapi/util/ObjFactoryTest.java
@@ -214,6 +214,14 @@ public void testObjFactoryCache() throws Exception {
             je = (org.owasp.esapi.reference.crypto.JavaEncryptor) ObjFactory.make(clz, "JavaEncryptor");
             assertNotNull( je );
         }
+/*
+ * TODO - Replace all this with the JMH benchmark harness stuff as similar to
+ * what is in ObjFactoryBenchmark. See GitHub issue #498 for further details.
+ * Unfortunately, we need to do this until then because JIT manipulations are
+ * sometimes making the cache disabled time take less than with caching enabled.
+ * In fact, when we start using JMH for this, we probably ought to move this
+ * entire test to ObjFactoryBenchmark.
+ *
         long stopCacheDisabled = System.nanoTime();
 
         long durationEnabled  = stopCacheEnabled - startCacheEnabled;
@@ -222,5 +230,6 @@ public void testObjFactoryCache() throws Exception {
         System.out.println("testObjFactoryCache: Time with cache DISABLED (nanosec): " + durationDisabled );
 
         assertTrue( durationEnabled < durationDisabled );
+ */
     }
 }
diff --git a/src/test/resources/esapi/ESAPI-CommaValidatorFileChecker.properties b/src/test/resources/esapi/ESAPI-CommaValidatorFileChecker.properties
index e9bafc134..8f171b048 100644
--- a/src/test/resources/esapi/ESAPI-CommaValidatorFileChecker.properties
+++ b/src/test/resources/esapi/ESAPI-CommaValidatorFileChecker.properties
@@ -24,7 +24,7 @@
 #   in the meantime, you will have to get it from GitHub.
 #
 #   PLEASE do not base your production use of ESAPI on this TEST version of
-#   ESAPI.properties as this test version has been dummed down in several places
+#   ESAPI.properties as this test version has been dumbed down in several places
 #   for JUnit testing.
 #
 #   You have been warned.
diff --git a/src/test/resources/esapi/ESAPI-DualValidatorFileChecker.properties b/src/test/resources/esapi/ESAPI-DualValidatorFileChecker.properties
index c53476642..16954de43 100644
--- a/src/test/resources/esapi/ESAPI-DualValidatorFileChecker.properties
+++ b/src/test/resources/esapi/ESAPI-DualValidatorFileChecker.properties
@@ -24,7 +24,7 @@
 #   in the meantime, you will have to get it from GitHub.
 #
 #   PLEASE do not base your production use of ESAPI on this TEST version of
-#   ESAPI.properties as this test version has been dummed down in several places
+#   ESAPI.properties as this test version has been dumbed down in several places
 #   for JUnit testing.
 #
 #   You have been warned.
diff --git a/src/test/resources/esapi/ESAPI-QuotedValidatorFileChecker.properties b/src/test/resources/esapi/ESAPI-QuotedValidatorFileChecker.properties
index b868c6f6d..fd83e746d 100644
--- a/src/test/resources/esapi/ESAPI-QuotedValidatorFileChecker.properties
+++ b/src/test/resources/esapi/ESAPI-QuotedValidatorFileChecker.properties
@@ -24,7 +24,7 @@
 #   in the meantime, you will have to get it from GitHub.
 #
 #   PLEASE do not base your production use of ESAPI on this TEST version of
-#   ESAPI.properties as this test version has been dummed down in several places
+#   ESAPI.properties as this test version has been dumbed down in several places
 #   for JUnit testing.
 #
 #   You have been warned.
diff --git a/src/test/resources/esapi/ESAPI-SingleValidatorFileChecker.properties b/src/test/resources/esapi/ESAPI-SingleValidatorFileChecker.properties
index 3946d4395..63a8c83cd 100644
--- a/src/test/resources/esapi/ESAPI-SingleValidatorFileChecker.properties
+++ b/src/test/resources/esapi/ESAPI-SingleValidatorFileChecker.properties
@@ -24,7 +24,7 @@
 #   in the meantime, you will have to get it from GitHub.
 #
 #   PLEASE do not base your production use of ESAPI on this TEST version of
-#   ESAPI.properties as this test version has been dummed down in several places
+#   ESAPI.properties as this test version has been dumbed down in several places
 #   for JUnit testing.
 #
 #   You have been warned.
diff --git a/src/test/resources/esapi/ESAPI-root-cp.properties b/src/test/resources/esapi/ESAPI-root-cp.properties
new file mode 100644
index 000000000..aef298618
--- /dev/null
+++ b/src/test/resources/esapi/ESAPI-root-cp.properties
@@ -0,0 +1,4 @@
+# Test ESAPI properties file for JUnit test DefaultSecurityConfigurationTest.testRootCPLoading().
+# Only need this one property for that JUnit test, which tests if this property
+# file is found in the root path of the CLASSPATH.
+Validator.ConfigurationFile=validation-test1.properties
diff --git a/src/test/resources/esapi/ESAPI.properties b/src/test/resources/esapi/ESAPI.properties
index 512998756..8f5d8e218 100644
--- a/src/test/resources/esapi/ESAPI.properties
+++ b/src/test/resources/esapi/ESAPI.properties
@@ -24,7 +24,7 @@
 #   in the meantime, you will have to get it from GitHub.
 #
 #   PLEASE do not base your production use of ESAPI on this TEST version of
-#   ESAPI.properties as this test version has been dummed down in several places
+#   ESAPI.properties as this test version has been dumbed down in several places
 #   for JUnit testing.
 #
 #   You have been warned.

From b9f1f87ad767a1985b4d528ebf04b899cdead255 Mon Sep 17 00:00:00 2001
From: "Kevin W. Wall" <kevin.w.wall@gmail.com>
Date: Mon, 24 Jun 2019 19:24:41 -0400
Subject: [PATCH 565/812] Update esapi4java-core-2.2.0.0-release-notes.txt with
 current date.

Changed release date from 6/23/2019 to 6/24/2019.
---
 documentation/esapi4java-core-2.2.0.0-release-notes.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/documentation/esapi4java-core-2.2.0.0-release-notes.txt b/documentation/esapi4java-core-2.2.0.0-release-notes.txt
index 64bd3598e..8deafbb9d 100644
--- a/documentation/esapi4java-core-2.2.0.0-release-notes.txt
+++ b/documentation/esapi4java-core-2.2.0.0-release-notes.txt
@@ -1,5 +1,5 @@
 Release notes for ESAPI 2.2.0.0
-    Release date: 2019-June-23
+    Release date: 2019-June-24
     Project leaders:
         -Kevin W. Wall <kevin.w.wall@gmail.com>
         -Matt Seil <matt.seil@owasp.org>

From c19f74b91de5d5bd6ad6c0f7440b96e71c7da074 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Tue, 25 Jun 2019 00:31:33 -0400
Subject: [PATCH 566/812] Prep for next snapshot release.

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index b92829dd2..ab3973fde 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,7 +3,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.owasp.esapi</groupId>
     <artifactId>esapi</artifactId>
-    <version>2.2.0.0</version>
+    <version>2.3.0.0-SNAPSHOT</version>
     <packaging>jar</packaging>
 
     <distributionManagement>

From 4149ec23a9f04d4a9f76d25f6612a60a5a6dd5ad Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Fri, 28 Jun 2019 23:00:22 -0400
Subject: [PATCH 567/812] Rename 'src/util' directory to 'scripts' directory.

---
 {src/util => scripts}/README.txt       | 0
 {src/util => scripts}/esapi-release.sh | 0
 2 files changed, 0 insertions(+), 0 deletions(-)
 rename {src/util => scripts}/README.txt (100%)
 rename {src/util => scripts}/esapi-release.sh (100%)

diff --git a/src/util/README.txt b/scripts/README.txt
similarity index 100%
rename from src/util/README.txt
rename to scripts/README.txt
diff --git a/src/util/esapi-release.sh b/scripts/esapi-release.sh
similarity index 100%
rename from src/util/esapi-release.sh
rename to scripts/esapi-release.sh

From e0934baeade527699a07fc39c5a31def57aa6e2c Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Fri, 28 Jun 2019 23:32:48 -0400
Subject: [PATCH 568/812] Changes to make Mr. Wichers a happy camper! :)

---
 scripts/README.txt       | 24 +++++-------------------
 scripts/esapi-release.sh |  5 +++++
 scripts/mvnQuietTest.bat |  8 ++++++++
 scripts/mvnQuietTest.sh  |  8 ++++++++
 4 files changed, 26 insertions(+), 19 deletions(-)
 create mode 100644 scripts/mvnQuietTest.bat
 create mode 100644 scripts/mvnQuietTest.sh

diff --git a/scripts/README.txt b/scripts/README.txt
index 8fe3ea31b..94aeeeffe 100644
--- a/scripts/README.txt
+++ b/scripts/README.txt
@@ -1,22 +1,8 @@
-This directory is for utilities used for building / packaging / releasing
-ESAPI.
+This directory is for utilities used for building / packaging / releasing ESAPI.
 
 ========================
 
-Jim Manico's instructions for creating changelog.txt:
-
-This is an ECLIPSE plug-in feature, not a SVN feature.
-
-I use the SUBCLIPSE plugin.
-
-Right click project root
-
-TEAM -> SHOW HISTORY
-
-Then from the history table, I see a list of history entries that represent
-our checking.
-
-I select a few rows, right click, then pick CHANGELOG.
-
-
-(Note: The SVN Subversive plug-in does NOT support this.)
\ No newline at end of file
+README.txt          -- This readme file.
+esapi-release.sh    -- Obsolete script to create new ESAPI release. Will be replaced soon. Do not use for now.
+mvnQuietTest.bat    -- Run 'mvn test' from DOS cmd prompt with logSpecial output suppressed.
+mvnQuietTest.sh     -- Run 'mvn test' from bash with logSpecial output suppressed.
diff --git a/scripts/esapi-release.sh b/scripts/esapi-release.sh
index d89d3b3cc..88c78e2fa 100755
--- a/scripts/esapi-release.sh
+++ b/scripts/esapi-release.sh
@@ -39,6 +39,11 @@
 # Author: kevin.w.wall@gmail.com
 ############################################################################
 
+echo $0: This script is obsolete and will be replaced soon.
+echo In the meantime, read through the release instructions in:
+echo "        documentation/ESAPI-release-steps.odt"
+exit 2
+
 #
 # Tunable parameters
 #
diff --git a/scripts/mvnQuietTest.bat b/scripts/mvnQuietTest.bat
new file mode 100644
index 000000000..ccf76dcb1
--- /dev/null
+++ b/scripts/mvnQuietTest.bat
@@ -0,0 +1,8 @@
+@ECHO off
+rem Purpose: Run      'mvn test'      with system property
+rem                       'org.owasp.esapi.logSpecial.discard'
+rem          set to true, so that all of the logSpecial output is suppressed.
+rem          This reduces the total output of 'mvn test' by about 2000 or so
+rem          lines.
+
+mvn -Dorg.owasp.esapi.logSpecial.discard=true test %*
diff --git a/scripts/mvnQuietTest.sh b/scripts/mvnQuietTest.sh
new file mode 100644
index 000000000..b66ca2913
--- /dev/null
+++ b/scripts/mvnQuietTest.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+# Purpose: Run      'mvn test'      with system property
+#                       'org.owasp.esapi.logSpecial.discard'
+#          set to true, so that all of the logSpecial output is suppressed.
+#          This reduces the total output of 'mvn test' by about 2000 or so
+#          lines.
+
+exec mvn -Dorg.owasp.esapi.logSpecial.discard=true test $@

From 33a0b3287cf0259ae0e7c7d490e747dcf83b5ce7 Mon Sep 17 00:00:00 2001
From: "Kevin W. Wall" <kevin.w.wall@gmail.com>
Date: Fri, 5 Jul 2019 18:12:52 -0400
Subject: [PATCH 569/812] Create a SECURITY.md file.

---
 SECURITY.md | 42 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..f4d5ecb55
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,42 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 2.2.0.0  | :white_check_mark: |
+| 2.1.0.1  | :x:, upgrade to 2.2.0.0|
+| <= 1.4.x  | :x:, no longer supported AT ALL |
+
+## Reporting a Vulnerability
+
+If you believe that you have found a vulnerability in ESAPI, first please search the
+GitHut issues list (for both open and closed issues) to see if it has already been reported.
+
+If it has not, then please contact **both** of the project leaders, Kevin W. Wall
+(kevin.w.wall at gmail.com) and Matt Seil (matt.seil at owasp.org) _directly_.
+Please do **not** report any suspected vulnerabilities via GitHub issues
+or via the ESAPI mailing lists as we wish to keep our users secure while a patch
+is implemented and deployed. This is because if this is reported as a GitHub
+issue or posted to either ESAPI mailing list, it more or less is equivalent to
+dropping a 0-day on all applications using ESAPI. Instead, we encourage
+responsible disclosure.
+
+If you wish to be acknowledged for finding the vulnerability, then please follow
+this process. One of the 2 ESAPI project leaders will try to contact you within
+at least 5 business days, so when you post the email describing the
+vulnerability, please do so from an email address that you usually monitor.
+If you eventually wish to have it published as a CVE, we will also work with you
+to ensure that you are given proper credit with MITRE and NIST. Even if you do
+not wish to report the vulnerability as a CVE, we will acknowledge you when we
+create a GitHub issue (once the issue is patched) as well as acknowledging you
+in any security bulletin that we may write up and use to notify our users. (If you wish
+to have your identity remain unknown, or perhaps you email address, we can work
+with you on that as well.)
+
+If possible, provide a working proof-of-concept or at least minimally describe
+how it can be exploited in sufficient details that the ESAPI development team
+can understand what needs to be done to fix it. Unfortunately at this time, we
+are not in a position to pay out bug bounties for vulnerabilities.
+
+Eventually, we would like to have BugCrowd handle this, but that's still a ways off.

From cf314fb3a40279df8ef6e67c68f42b8196bc2521 Mon Sep 17 00:00:00 2001
From: "Kevin W. Wall" <kevin.w.wall@gmail.com>
Date: Fri, 5 Jul 2019 18:15:26 -0400
Subject: [PATCH 570/812] Add reference to SECURITY.md in section about
 reporting vulnerbilities.

---
 README.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/README.md b/README.md
index 172027862..5371fccca 100644
--- a/README.md
+++ b/README.md
@@ -47,6 +47,8 @@ NOTE: Please do NOT use GitHub issues to ask questions about ESAPI. If you wish
 ### Find a Vulnerability?
 If you have found a vulnerability in ESAPI legacy, first search the issues list (see above) to see if it has already been reported. If it has not, then please contact both Kevin W. Wall (kevin.w.wall at gmail.com) and Matt Seil (matt.seil at owasp.org) directly. Please do not report vulnerabilities via GitHub issues or via the ESAPI mailing lists as we wish to keep our users secure while a patch is implemented and deployed. If you wish to be acknowledged for finding the vulnerability, then please follow this process. (Eventually, we would like to have BugCrowd handle this, but that's still a ways off.) Also, when you post the email describing the vulnerability, please do so from an email address that you usually monitor.
 
+More detail is available in the file '[SECURITY.md](https://raw.githubusercontent.com/ESAPI/esapi-java-legacy/develop/SECURITY.md)'.
+
 ## Where to Find More Information on ESAPI
 
 *Wiki:* https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API

From a887b7becef9519c6b80eb4f51cfca380b9882f8 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 7 Jul 2019 15:30:24 -0400
Subject: [PATCH 571/812] Close issue #256. White-space clean up.

---
 .../esapi/reference/crypto/JavaEncryptor.java | 1240 ++++++++---------
 1 file changed, 620 insertions(+), 620 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/crypto/JavaEncryptor.java b/src/main/java/org/owasp/esapi/reference/crypto/JavaEncryptor.java
index bb3dd163a..64d3e7561 100644
--- a/src/main/java/org/owasp/esapi/reference/crypto/JavaEncryptor.java
+++ b/src/main/java/org/owasp/esapi/reference/crypto/JavaEncryptor.java
@@ -6,10 +6,10 @@
  * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
  *
  * Copyright (c) 2007 - The OWASP Foundation
- * 
+ *
  * The ESAPI is published by OWASP under the BSD license. You should read and accept the
  * LICENSE before you use, modify, and/or redistribute this software.
- * 
+ *
  * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
  * @author kevin.w.wall@gmail.com
  * @created 2007
@@ -41,7 +41,7 @@
 import javax.crypto.BadPaddingException;
 import javax.crypto.Cipher;
 import javax.crypto.IllegalBlockSizeException;
-// import javax.crypto.Mac;			// Uncomment if computeHMAC() is included.
+// import javax.crypto.Mac;         // Uncomment if computeHMAC() is included.
 import javax.crypto.NoSuchPaddingException;
 import javax.crypto.SecretKey;
 import javax.crypto.spec.SecretKeySpec;
@@ -70,7 +70,7 @@
  * controlling the selection of this class is {@code ESAPI.Encryptor}. Most of
  * the other encryption related properties have property names that start with
  * the string "Encryptor.".
- * 
+ *
  * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
  *         href="http://www.aspectsecurity.com">Aspect Security</a>
  * @author kevin.w.wall@gmail.com
@@ -96,126 +96,126 @@ public static Encryptor getInstance() throws EncryptionException {
     }
 
     private static boolean initialized = false;
-    
+
     // encryption
     private static SecretKeySpec secretKeySpec = null; // DISCUSS: Why static? Implies one key?!?
     private static String encryptAlgorithm = "AES";
-    private static String encoding = "UTF-8"; 
+    private static String encoding = "UTF-8";
     private static int encryptionKeyLength = 128;
-    
+
     // digital signatures
     private static PrivateKey privateKey = null;
-	private static PublicKey publicKey = null;
-	private static String signatureAlgorithm = "SHA1withDSA";
+    private static PublicKey publicKey = null;
+    private static String signatureAlgorithm = "SHA1withDSA";
     private static String randomAlgorithm = "SHA1PRNG";
-	private static int signatureKeyLength = 1024;
-	
-	// hashing
-	private static String hashAlgorithm = "SHA-512";
-	private static int hashIterations = 1024;
-	
-	// Logging - DISCUSS: This "sticks" us with a specific logger to whatever it was when
-	//					  this class is first loaded. Is this a big limitation? Since there
-	//                    is no method to reset it, we may has well make it 'final' also.
-	private static Logger logger = ESAPI.getLogger("JavaEncryptor");
-	    // Used to print out warnings about deprecated methods.
-	private static int encryptCounter = 0;
-	private static int decryptCounter = 0;
+    private static int signatureKeyLength = 1024;
+
+    // hashing
+    private static String hashAlgorithm = "SHA-512";
+    private static int hashIterations = 1024;
+
+    // Logging - DISCUSS: This "sticks" us with a specific logger to whatever it was when
+    //                    this class is first loaded. Is this a big limitation? Since there
+    //                    is no method to reset it, we may has well make it 'final' also.
+    private static Logger logger = ESAPI.getLogger("JavaEncryptor");
+        // Used to print out warnings about deprecated methods.
+    private static int encryptCounter = 0;
+    private static int decryptCounter = 0;
         // DISCUSS: OK to not have a property for this to set the frequency?
         //          The desire is to persuade people to move away from these
-	    //          two deprecated encrypt(String) / decrypt(String) methods,
+        //          two deprecated encrypt(String) / decrypt(String) methods,
         //          so perhaps the annoyance factor of not being able to
         //          change it will help. For now, it is just hard-coded here.
         //          We could be mean and just print a warning *every* time.
-	private static final int logEveryNthUse = 25;
-	
+    private static final int logEveryNthUse = 25;
+
     // *Only* use this string for user messages for EncryptionException when
     // decryption fails. This is to prevent information leakage that may be
     // valuable in various forms of ciphertext attacks, such as the
-	// Padded Oracle attack described by Rizzo and Duong.
+    // Padded Oracle attack described by Rizzo and Duong.
     private static final String DECRYPTION_FAILED = "Decryption failed; see logs for details.";
 
     // # of seconds that all failed decryption attempts will take. Used to
     // help prevent side-channel timing attacks.
     private static int N_SECS = 2;
 
-	// Load the preferred JCE provider if one has been specified.
-	static {
-	    try {
+    // Load the preferred JCE provider if one has been specified.
+    static {
+        try {
             SecurityProviderLoader.loadESAPIPreferredJCEProvider();
         } catch (NoSuchProviderException ex) {
-        	// Note that audit logging is done elsewhere in called method.
+            // Note that audit logging is done elsewhere in called method.
             logger.fatal(Logger.SECURITY_FAILURE,
                          "JavaEncryptor failed to load preferred JCE provider.", ex);
             throw new ExceptionInInitializerError(ex);
         }
         setupAlgorithms();
-	}
-	
+    }
+
     /**
      * Generates a new strongly random secret key and salt that can be
      * copy and pasted in the <b>ESAPI.properties</b> file.
-     * 
+     *
      * @param args Set first argument to "-print" to display available algorithms on standard output.
-     * @throws java.lang.Exception	To cover a multitude of sins, mostly in configuring ESAPI.properties.
+     * @throws java.lang.Exception  To cover a multitude of sins, mostly in configuring ESAPI.properties.
      */
     public static void main( String[] args ) throws Exception {
-		System.out.println( "Generating a new secret master key" );
-		
-		// print out available ciphers
-		if ( args.length == 1 && args[0].equalsIgnoreCase("-print" ) ) {
-			System.out.println( "AVAILABLE ALGORITHMS" );
-
-			Provider[] providers = Security.getProviders();
-			TreeMap<String, String> tm = new TreeMap<String, String>();
-			// DISCUSS: Note: We go through multiple providers, yet nowhere do I
-			//			see where we print out the PROVIDER NAME. Not all providers
-			//			will implement the same algorithms and some "partner" with
-			//			whom we are exchanging different cryptographic messages may
-			//			have _different_ providers in their java.security file. So
-			//			it would be useful to know the provider name where each
-			//			algorithm is implemented. Might be good to prepend the provider
-			//			name to the 'key' with something like "providerName: ". Thoughts?
-			for (int i = 0; i != providers.length; i++) {
-				// DISCUSS: Print security provider name here???
-					// Note: For some odd reason, Provider.keySet() returns
-					//		 Set<Object> of the property keys (which are Strings)
-					//		 contained in this provider, but Set<String> seems
-					//		 more appropriate. But that's why we need the cast below.
-	            System.out.println("===== Provider " + i + ":" + providers[i].getName() + " ======");
-				Iterator<Object> it = providers[i].keySet().iterator();
-				while (it.hasNext()) {
-					String key = (String)it.next();
-		            String value = providers[i].getProperty( key );
-		            tm.put(key, value);
-	                System.out.println("\t\t   " + key + " -> "+ value );
-				}
-			}
-
-			Set< Entry<String,String> > keyValueSet = tm.entrySet();
-			Iterator<Entry<String, String>> it = keyValueSet.iterator();
-			while( it.hasNext() ) {
-				Map.Entry<String,String> entry = it.next();
-				String key = entry.getKey();
-				String value = entry.getValue();
-	        	System.out.println( "   " + key + " -> "+ value );
-			}
-		} else {
-				// Used to print a similar line to use '-print' even when it was specified.
-			System.out.println( "\tuse '-print' to also show available crypto algorithms from all the security providers" );
-		}
-		
+        System.out.println( "Generating a new secret master key" );
+
+        // print out available ciphers
+        if ( args.length == 1 && args[0].equalsIgnoreCase("-print" ) ) {
+            System.out.println( "AVAILABLE ALGORITHMS" );
+
+            Provider[] providers = Security.getProviders();
+            TreeMap<String, String> tm = new TreeMap<String, String>();
+            // DISCUSS: Note: We go through multiple providers, yet nowhere do I
+            //          see where we print out the PROVIDER NAME. Not all providers
+            //          will implement the same algorithms and some "partner" with
+            //          whom we are exchanging different cryptographic messages may
+            //          have _different_ providers in their java.security file. So
+            //          it would be useful to know the provider name where each
+            //          algorithm is implemented. Might be good to prepend the provider
+            //          name to the 'key' with something like "providerName: ". Thoughts?
+            for (int i = 0; i != providers.length; i++) {
+                // DISCUSS: Print security provider name here???
+                // Note: For some odd reason, Provider.keySet() returns
+                //       Set<Object> of the property keys (which are Strings)
+                //       contained in this provider, but Set<String> seems
+                //       more appropriate. But that's why we need the cast below.
+                System.out.println("===== Provider " + i + ":" + providers[i].getName() + " ======");
+                Iterator<Object> it = providers[i].keySet().iterator();
+                while (it.hasNext()) {
+                    String key = (String)it.next();
+                    String value = providers[i].getProperty( key );
+                    tm.put(key, value);
+                    System.out.println("\t\t   " + key + " -> "+ value );
+                }
+            }
+
+            Set< Entry<String,String> > keyValueSet = tm.entrySet();
+            Iterator<Entry<String, String>> it = keyValueSet.iterator();
+            while( it.hasNext() ) {
+                Map.Entry<String,String> entry = it.next();
+                String key = entry.getKey();
+                String value = entry.getValue();
+                System.out.println( "   " + key + " -> "+ value );
+            }
+        } else {
+            // Used to print a similar line to use '-print' even when it was specified.
+            System.out.println( "\tuse '-print' to also show available crypto algorithms from all the security providers" );
+        }
+
         // setup algorithms -- Each of these have defaults if not set, although
-		//					   someone could set them to something invalid. If
-		//					   so a suitable exception will be thrown and displayed.
+        //                     someone could set them to something invalid. If
+        //                     so a suitable exception will be thrown and displayed.
         encryptAlgorithm = ESAPI.securityConfiguration().getEncryptionAlgorithm();
-		encryptionKeyLength = ESAPI.securityConfiguration().getEncryptionKeyLength();
-		randomAlgorithm = ESAPI.securityConfiguration().getRandomAlgorithm();
+        encryptionKeyLength = ESAPI.securityConfiguration().getEncryptionKeyLength();
+        randomAlgorithm = ESAPI.securityConfiguration().getRandomAlgorithm();
 
-		SecureRandom random = SecureRandom.getInstance(randomAlgorithm);
-		SecretKey secretKey = CryptoHelper.generateSecretKey(encryptAlgorithm, encryptionKeyLength);
+        SecureRandom random = SecureRandom.getInstance(randomAlgorithm);
+        SecretKey secretKey = CryptoHelper.generateSecretKey(encryptAlgorithm, encryptionKeyLength);
         byte[] raw = secretKey.getEncoded();
-        byte[] salt = new byte[20];	// Or 160-bits; big enough for SHA1, but not SHA-256 or SHA-512.
+        byte[] salt = new byte[20]; // Or 160-bits; big enough for SHA1, but not SHA-256 or SHA-512.
         random.nextBytes( salt );
         String eol = System.getProperty("line.separator", "\n"); // So it works on Windows too.
         System.out.println( eol + "Copy and paste these lines into your ESAPI.properties" + eol);
@@ -224,12 +224,12 @@ public static void main( String[] args ) throws Exception {
         System.out.println( "Encryptor.MasterSalt=" + ESAPI.encoder().encodeForBase64(salt, false) );
         System.out.println( "#==============================================================" + eol);
     }
-	
-    
+
+
     /**
      * Private CTOR for {@code JavaEncryptor}, called by {@code getInstance()}.
      * @throws EncryptionException if can't construct this object for some reason.
-     * 					Original exception will be attached as the 'cause'.
+     *                  Original exception will be attached as the 'cause'.
      */
     private JavaEncryptor() throws EncryptionException {
         byte[] salt = ESAPI.securityConfiguration().getMasterSalt();
@@ -252,7 +252,7 @@ private JavaEncryptor() throws EncryptionException {
             throw new ConfigurationException("Encryptor.MasterKey must be at least 7 bytes. " +
                                              "Length is: " + skey.length + " bytes.");
         }
-        
+
         // Set up secretKeySpec for use for symmetric encryption and decryption,
         // and set up the public/private keys for asymmetric encryption /
         // decryption.
@@ -275,7 +275,7 @@ private JavaEncryptor() throws EncryptionException {
                 //            handle in a static initializer, it just seems to
                 //            fit better here.
                 secretKeySpec = new SecretKeySpec(skey, encryptAlgorithm );
-                
+
                 //
                 // For asymmetric encryption (i.e., public/private key)
                 //
@@ -291,93 +291,93 @@ private JavaEncryptor() throws EncryptionException {
                     initKeyPair(prng);
                 } catch (Exception e) {
                     throw new EncryptionException("Encryption failure", "Error creating Encryptor", e);
-                }             
-                
+                }
+
                 // Mark everything as initialized.
                 initialized = true;
             }
         }
     }
-     
 
 
-	/**
+
+    /**
      * {@inheritDoc}
-     * 
-	 * Hashes the data with the supplied salt and the number of iterations specified in
-	 * the ESAPI SecurityConfiguration.
-	 */
-	public String hash(String plaintext, String salt) throws EncryptionException {
-		return hash( plaintext, salt, hashIterations );
-	}
-	
-	/**
+     *
+     * Hashes the data with the supplied salt and the number of iterations specified in
+     * the ESAPI SecurityConfiguration.
+     */
+    public String hash(String plaintext, String salt) throws EncryptionException {
+        return hash( plaintext, salt, hashIterations );
+    }
+
+    /**
      * {@inheritDoc}
-     * 
-	 * Hashes the data using the specified algorithm and the Java MessageDigest class. This method
-	 * first adds the salt, a separator (":"), and the data, and then rehashes the specified number of iterations
-	 * in order to help strengthen weak passwords.
-	 */
-	public String hash(String plaintext, String salt, int iterations) throws EncryptionException {
-		byte[] bytes = null;
-		try {
-			MessageDigest digest = MessageDigest.getInstance(hashAlgorithm);
-			digest.reset();
-			digest.update(ESAPI.securityConfiguration().getMasterSalt());
-			digest.update(salt.getBytes(encoding));
-			digest.update(plaintext.getBytes(encoding));
-
-			// rehash a number of times to help strengthen weak passwords
-			bytes = digest.digest();
-			for (int i = 0; i < iterations; i++) {
-				digest.reset();
-				bytes = digest.digest(bytes);
-			}
-			String encoded = ESAPI.encoder().encodeForBase64(bytes,false);
-			return encoded;
-		} catch (NoSuchAlgorithmException e) {
-			throw new EncryptionException("Internal error", "Can't find hash algorithm " + hashAlgorithm, e);
-		} catch (UnsupportedEncodingException ex) {
-			throw new EncryptionException("Internal error", "Can't find encoding for " + encoding, ex);
-		}
-	}
-
-	/**
-	* {@inheritDoc}
-	*/
-	 public CipherText encrypt(PlainText plaintext) throws EncryptionException {
-		 // Now more of a convenience function for using the master key.
-		 return encrypt(secretKeySpec, plaintext);
-	 }
-	 
-	 /**
-	  * {@inheritDoc}
-	  */
-	 public CipherText encrypt(SecretKey key, PlainText plain)
-	 			throws EncryptionException
-	 {
-		 if ( key == null ) {
-			 throw new IllegalArgumentException("(Master) encryption key arg may not be null. Is Encryptor.MasterKey set?");
-		 }
-		 if ( plain == null ) {
-			 throw new IllegalArgumentException("PlainText may arg not be null");
-		 }
-		 byte[] plaintext = plain.asBytes();
-		 boolean overwritePlaintext = ESAPI.securityConfiguration().overwritePlainText();
-
-		 boolean success = false;	// Used in 'finally' clause.
-		 String xform = null;
-		 int keySize = key.getEncoded().length * 8;	// Convert to # bits
-
-		try {
-			 xform = ESAPI.securityConfiguration().getCipherTransformation();
+     *
+     * Hashes the data using the specified algorithm and the Java MessageDigest class. This method
+     * first adds the salt, a separator (":"), and the data, and then rehashes the specified number of iterations
+     * in order to help strengthen weak passwords.
+     */
+    public String hash(String plaintext, String salt, int iterations) throws EncryptionException {
+        byte[] bytes = null;
+        try {
+            MessageDigest digest = MessageDigest.getInstance(hashAlgorithm);
+            digest.reset();
+            digest.update(ESAPI.securityConfiguration().getMasterSalt());
+            digest.update(salt.getBytes(encoding));
+            digest.update(plaintext.getBytes(encoding));
+
+            // rehash a number of times to help strengthen weak passwords
+            bytes = digest.digest();
+            for (int i = 0; i < iterations; i++) {
+                digest.reset();
+                bytes = digest.digest(bytes);
+            }
+            String encoded = ESAPI.encoder().encodeForBase64(bytes,false);
+            return encoded;
+        } catch (NoSuchAlgorithmException e) {
+            throw new EncryptionException("Internal error", "Can't find hash algorithm " + hashAlgorithm, e);
+        } catch (UnsupportedEncodingException ex) {
+            throw new EncryptionException("Internal error", "Can't find encoding for " + encoding, ex);
+        }
+    }
+
+    /**
+    * {@inheritDoc}
+    */
+     public CipherText encrypt(PlainText plaintext) throws EncryptionException {
+         // Now more of a convenience function for using the master key.
+         return encrypt(secretKeySpec, plaintext);
+     }
+
+     /**
+      * {@inheritDoc}
+      */
+     public CipherText encrypt(SecretKey key, PlainText plain)
+                throws EncryptionException
+     {
+         if ( key == null ) {
+             throw new IllegalArgumentException("(Master) encryption key arg may not be null. Is Encryptor.MasterKey set?");
+         }
+         if ( plain == null ) {
+             throw new IllegalArgumentException("PlainText may arg not be null");
+         }
+         byte[] plaintext = plain.asBytes();
+         boolean overwritePlaintext = ESAPI.securityConfiguration().overwritePlainText();
+
+         boolean success = false;   // Used in 'finally' clause.
+         String xform = null;
+         int keySize = key.getEncoded().length * 8; // Convert to # bits
+
+        try {
+             xform = ESAPI.securityConfiguration().getCipherTransformation();
              String[] parts = xform.split("/");
              if ( parts.length != 3 ) {
                  throw new ConfigurationException("Malformed cipher transformation: " + xform +
                                                   ". Should have format of cipher_alg/cipher_mode/padding_scheme.");
              }
              String cipherMode = parts[1];
-             
+
              // This way we can prevent modes like OFB and CFB where the IV should never
              // be repeated with the same encryption key (at least until we support
              // Encryptor.ChooseIVMethod=specified and allow us to specify some mechanism
@@ -389,19 +389,19 @@ public CipherText encrypt(SecretKey key, PlainText plain)
                              "Encryption failure: Cipher transformation " + xform + " specifies invalid " +
                              "cipher mode " + cipherMode);
              }
-             
-			 // Note - Cipher is not thread-safe so we create one locally
-			 //        Also, we need to change this eventually so other algorithms can
-			 //        be supported. Eventually, there will be an encrypt() method that
-			 //        takes a (new class) CryptoControls, as something like this:
-			 //          public CipherText encrypt(CryptoControls ctrl, SecretKey skey, PlainText plaintext)
-			 //        and this method will just call that one.
-			 Cipher encrypter = Cipher.getInstance(xform);
-			 String cipherAlg = encrypter.getAlgorithm();
+
+             // Note - Cipher is not thread-safe so we create one locally
+             //        Also, we need to change this eventually so other algorithms can
+             //        be supported. Eventually, there will be an encrypt() method that
+             //        takes a (new class) CryptoControls, as something like this:
+             //          public CipherText encrypt(CryptoControls ctrl, SecretKey skey, PlainText plaintext)
+             //        and this method will just call that one.
+             Cipher encrypter = Cipher.getInstance(xform);
+             String cipherAlg = encrypter.getAlgorithm();
 
              int minKeyLen = 112;   // Use for hard-coded default to support 2TDEA
              try {
-			    minKeyLen = ESAPI.securityConfiguration().getIntProp("Encryptor.MinEncryptionKeyLength");
+                minKeyLen = ESAPI.securityConfiguration().getIntProp("Encryptor.MinEncryptionKeyLength");
              } catch( Exception ex ) {
                  logger.warning(Logger.EVENT_FAILURE,
                          "Property 'Encryptor.MinEncryptionKeyLength' not properly set in ESAPI.properties file; using hard coded default of 112 for min key size for encryption.",
@@ -409,251 +409,251 @@ public CipherText encrypt(SecretKey key, PlainText plain)
                  ;  // Do NOT rethrow.
              }
 
-			 if ( keySize < minKeyLen ) {
+             if ( keySize < minKeyLen ) {
                  // NOTE: This used to just log a warning. It now logs an error & throws an exception.
                  //
-				 // ESAPI.EncryptionKeyLength defaults to 128. This means that someone wants to use ESAPI to
+                 // ESAPI.EncryptionKeyLength defaults to 128. This means that someone wants to use ESAPI to
                  // encrypt with something like 2-key TDES, they would have to set this to that property
                  // to 112 bits.
-				 logger.error(Logger.SECURITY_FAILURE, "Actual key size of " + keySize + " bits SMALLER THAN MINIMUM allowed " +
-						 "encryption key length (ESAPI.EncryptionKeyLength) of " + minKeyLen + " bits with cipher algorithm " + cipherAlg);
-				 throw new ConfigurationException("Actual key size of " + keySize + " bits smaller than specified " +
-				                                  "encryption key length (ESAPI.EncryptionKeyLength) of " + minKeyLen + " bits.");
-			 }
-			 if ( keySize < 112 ) {		// NIST Special Pub 800-57 considers 112-bits to be the minimally safe key size from 2010-2030.
-				 						// Note that 112 bits 'just happens' to be size of 2-key Triple DES! So for example, if they
+                 logger.error(Logger.SECURITY_FAILURE, "Actual key size of " + keySize + " bits SMALLER THAN MINIMUM allowed " +
+                         "encryption key length (ESAPI.EncryptionKeyLength) of " + minKeyLen + " bits with cipher algorithm " + cipherAlg);
+                 throw new ConfigurationException("Actual key size of " + keySize + " bits smaller than specified " +
+                                                  "encryption key length (ESAPI.EncryptionKeyLength) of " + minKeyLen + " bits.");
+             }
+             if ( keySize < 112 ) {     // NIST Special Pub 800-57 considers 112-bits to be the minimally safe key size from 2010-2030.
+                                        // Note that 112 bits 'just happens' to be size of 2-key Triple DES! So for example, if they
                                         // have configured ESAPI's Encryptor.EncryptionKeyLength to (say) 56 bits, we are going to
                                         // nag them like their mother! :)
-				 logger.warning(Logger.SECURITY_FAILURE, "Potentially insecure encryption. Key size of " + keySize + "bits " +
-				                "not sufficiently long for " + cipherAlg + ". Should use appropriate algorithm with key size " +
-				                "of *at least* 112 bits except when required by legacy apps. See NIST Special Pub 800-57.");
-			 }
-			 // Check if algorithm mentioned in SecretKey is same as that being used for Cipher object.
-			 // They should be the same. If they are different, things could fail. (E.g., DES and DESede
-			 // require keys with even parity. Even if key was sufficient size, if it didn't have the correct
-			 // parity it could fail.)
-			 //
-			 String skeyAlg = key.getAlgorithm();
-			 if ( !( cipherAlg.startsWith( skeyAlg + "/" ) || cipherAlg.equals( skeyAlg ) ) ) {
-				 // DISCUSS: Should we thrown a ConfigurationException here or just log a warning??? I'm game for
-				 //			 either, but personally I'd prefer the squeaky wheel to the annoying throwing of
-				 //			 a ConfigurationException (which is a RuntimeException). Less likely to upset
-				 //			 the development community.
-				 logger.warning(Logger.SECURITY_FAILURE, "Encryption mismatch between cipher algorithm (" +
-						 cipherAlg + ") and SecretKey algorithm (" + skeyAlg + "). Cipher will use algorithm " + cipherAlg);
-			 }
-
-			 byte[] ivBytes = null;
-			 CipherSpec cipherSpec = new CipherSpec(encrypter, keySize);	// Could pass the ACTUAL (intended) key size
-			 
+                 logger.warning(Logger.SECURITY_FAILURE, "Potentially insecure encryption. Key size of " + keySize + "bits " +
+                                "not sufficiently long for " + cipherAlg + ". Should use appropriate algorithm with key size " +
+                                "of *at least* 112 bits except when required by legacy apps. See NIST Special Pub 800-57.");
+             }
+             // Check if algorithm mentioned in SecretKey is same as that being used for Cipher object.
+             // They should be the same. If they are different, things could fail. (E.g., DES and DESede
+             // require keys with even parity. Even if key was sufficient size, if it didn't have the correct
+             // parity it could fail.)
+             //
+             String skeyAlg = key.getAlgorithm();
+             if ( !( cipherAlg.startsWith( skeyAlg + "/" ) || cipherAlg.equals( skeyAlg ) ) ) {
+                 // DISCUSS: Should we thrown a ConfigurationException here or just log a warning??? I'm game for
+                 //          either, but personally I'd prefer the squeaky wheel to the annoying throwing of
+                 //          a ConfigurationException (which is a RuntimeException). Less likely to upset
+                 //          the development community.
+                 logger.warning(Logger.SECURITY_FAILURE, "Encryption mismatch between cipher algorithm (" +
+                         cipherAlg + ") and SecretKey algorithm (" + skeyAlg + "). Cipher will use algorithm " + cipherAlg);
+             }
+
+             byte[] ivBytes = null;
+             CipherSpec cipherSpec = new CipherSpec(encrypter, keySize);    // Could pass the ACTUAL (intended) key size
+
              // Using cipher mode that supports *both* confidentiality *and* authenticity? If so, then
              // use the specified SecretKey as-is rather than computing a derived key from it. We also
              // don't expect a separate MAC in the specified CipherText object so therefore don't try
              // to validate it.
              boolean preferredCipherMode = CryptoHelper.isCombinedCipherMode( cipherMode );
              SecretKey encKey = null;
-			 if ( preferredCipherMode ) {
-			     encKey = key;
-			 } else {
-			     encKey = computeDerivedKey(KeyDerivationFunction.kdfVersion, getDefaultPRF(),
-			    		 				    key, keySize, "encryption");
-			 }
-			 
-			 if ( cipherSpec.requiresIV() ) {
-				 String ivType = ESAPI.securityConfiguration().getIVType();
-				 IvParameterSpec ivSpec = null;
-				 if ( ivType.equalsIgnoreCase("random") ) {
-					 ivBytes = ESAPI.randomizer().getRandomBytes(encrypter.getBlockSize());
-				 } else if ( ivType.equalsIgnoreCase("fixed") ) {
-					 String fixedIVAsHex = ESAPI.securityConfiguration().getFixedIV();
-					 ivBytes = Hex.decode(fixedIVAsHex);
-					 /* FUTURE		 } else if ( ivType.equalsIgnoreCase("specified")) {
-					 		// FUTURE - TODO  - Create instance of specified class to use for IV generation and
-					 		//					 use it to create the ivBytes. (The intent is to make sure that
-					 		//				     1) IVs are never repeated for cipher modes like OFB and CFB, and
-					 		//					 2) to screen for weak IVs for the particular cipher algorithm.
-					 		//		In meantime, use 'random' for block cipher in feedback mode. Unlikely they will
-					 		//		be repeated unless you are salting SecureRandom with same value each time. Anything
-					 		//		monotonically increasing should be suitable, like a counter, but need to remember
-					 		//		it across JVM restarts. Was thinking of using System.currentTimeMillis(). While
-					 		//		it's not perfect it probably is good enough. Could even all (advanced) developers
-					 		//      to define their own class to create a unique IV to allow them some choice, but
-					 		//      definitely need to provide a safe, default implementation.
-					  */
-				 } else {
-					 // TODO: Update to add 'specified' once that is supported and added above.
-					 throw new ConfigurationException("Property Encryptor.ChooseIVMethod must be set to 'random' or 'fixed'");
-				 }
-				 ivSpec = new IvParameterSpec(ivBytes);
-				 cipherSpec.setIV(ivBytes);
-				 encrypter.init(Cipher.ENCRYPT_MODE, encKey, ivSpec);
-			 } else {
-				 encrypter.init(Cipher.ENCRYPT_MODE, encKey);
-			 }
-			 logger.debug(Logger.EVENT_SUCCESS, "Encrypting with " + cipherSpec);
-			 byte[] raw = encrypter.doFinal(plaintext);
+             if ( preferredCipherMode ) {
+                 encKey = key;
+             } else {
+                 encKey = computeDerivedKey(KeyDerivationFunction.kdfVersion, getDefaultPRF(),
+                                            key, keySize, "encryption");
+             }
+
+             if ( cipherSpec.requiresIV() ) {
+                 String ivType = ESAPI.securityConfiguration().getIVType();
+                 IvParameterSpec ivSpec = null;
+                 if ( ivType.equalsIgnoreCase("random") ) {
+                     ivBytes = ESAPI.randomizer().getRandomBytes(encrypter.getBlockSize());
+                 } else if ( ivType.equalsIgnoreCase("fixed") ) {
+                     String fixedIVAsHex = ESAPI.securityConfiguration().getFixedIV();
+                     ivBytes = Hex.decode(fixedIVAsHex);
+                     /* FUTURE       } else if ( ivType.equalsIgnoreCase("specified")) {
+                            // FUTURE - TODO  - Create instance of specified class to use for IV generation and
+                            //                   use it to create the ivBytes. (The intent is to make sure that
+                            //                   1) IVs are never repeated for cipher modes like OFB and CFB, and
+                            //                   2) to screen for weak IVs for the particular cipher algorithm.
+                            //      In meantime, use 'random' for block cipher in feedback mode. Unlikely they will
+                            //      be repeated unless you are salting SecureRandom with same value each time. Anything
+                            //      monotonically increasing should be suitable, like a counter, but need to remember
+                            //      it across JVM restarts. Was thinking of using System.currentTimeMillis(). While
+                            //      it's not perfect it probably is good enough. Could even all (advanced) developers
+                            //      to define their own class to create a unique IV to allow them some choice, but
+                            //      definitely need to provide a safe, default implementation.
+                      */
+                 } else {
+                     // TODO: Update to add 'specified' once that is supported and added above.
+                     throw new ConfigurationException("Property Encryptor.ChooseIVMethod must be set to 'random' or 'fixed'");
+                 }
+                 ivSpec = new IvParameterSpec(ivBytes);
+                 cipherSpec.setIV(ivBytes);
+                 encrypter.init(Cipher.ENCRYPT_MODE, encKey, ivSpec);
+             } else {
+                 encrypter.init(Cipher.ENCRYPT_MODE, encKey);
+             }
+             logger.debug(Logger.EVENT_SUCCESS, "Encrypting with " + cipherSpec);
+             byte[] raw = encrypter.doFinal(plaintext);
                  // Convert to CipherText.
              CipherText ciphertext = new CipherText(cipherSpec, raw);
-			 
-			 // If we are using a "preferred" cipher mode--i.e., one that supports *both* confidentiality and
-			 // authenticity, there is no point to store a separate MAC in the CipherText object. Thus we only
+
+             // If we are using a "preferred" cipher mode--i.e., one that supports *both* confidentiality and
+             // authenticity, there is no point to store a separate MAC in the CipherText object. Thus we only
              // do this when we are not using such a cipher mode.
-			 if ( !preferredCipherMode ) {
-			     // Compute derived key, and then use it to compute and store separate MAC in CipherText object.
-			     SecretKey authKey = computeDerivedKey(KeyDerivationFunction.kdfVersion, getDefaultPRF(),
-			    		 							   key, keySize, "authenticity");
-			     ciphertext.computeAndStoreMAC(  authKey );
-			 }
-			 logger.debug(Logger.EVENT_SUCCESS, "JavaEncryptor.encrypt(SecretKey,byte[],boolean,boolean) -- success!");
-			 success = true;	// W00t!!!
-			 return ciphertext;
-		} catch (InvalidKeyException ike) {
-			 throw new EncryptionException("Encryption failure: Invalid key exception.",
-					 "Requested key size: " + keySize + "bits greater than 128 bits. Must install unlimited strength crypto extension from Sun: " +
-					 ike.getMessage(), ike);
-		 } catch (ConfigurationException cex) {
-			 throw new EncryptionException("Encryption failure: Configuration error. Details in log.", "Key size mismatch or unsupported IV method. " +
-					 "Check encryption key size vs. ESAPI.EncryptionKeyLength or Encryptor.ChooseIVMethod property.", cex);
-		 } catch (InvalidAlgorithmParameterException e) {
-			 throw new EncryptionException("Encryption failure (invalid IV)",
-					 "Encryption problem: Invalid IV spec: " + e.getMessage(), e);
-		 } catch (IllegalBlockSizeException e) {
-			 throw new EncryptionException("Encryption failure (no padding used; invalid input size)",
-					 "Encryption problem: Invalid input size without padding (" + xform + "). " + e.getMessage(), e);
-		 } catch (BadPaddingException e) {
-			 throw new EncryptionException("Encryption failure",
-					 "[Note: Should NEVER happen in encryption mode.] Encryption problem: " + e.getMessage(), e);
-		 } catch (NoSuchAlgorithmException e) {
-			 throw new EncryptionException("Encryption failure (unavailable cipher requested)",
-					 "Encryption problem: specified algorithm in cipher xform " + xform + " not available: " + e.getMessage(), e);
-		 } catch (NoSuchPaddingException e) {
-			 throw new EncryptionException("Encryption failure (unavailable padding scheme requested)",
-					 "Encryption problem: specified padding scheme in cipher xform " + xform + " not available: " + e.getMessage(), e);
-		 } finally {
-			 // Don't overwrite anything in the case of exceptions because they may wish to retry.
-			 if ( success && overwritePlaintext ) {
-				 plain.overwrite();		// Note: Same as overwriting 'plaintext' byte array.
+             if ( !preferredCipherMode ) {
+                 // Compute derived key, and then use it to compute and store separate MAC in CipherText object.
+                 SecretKey authKey = computeDerivedKey(KeyDerivationFunction.kdfVersion, getDefaultPRF(),
+                                                       key, keySize, "authenticity");
+                 ciphertext.computeAndStoreMAC(  authKey );
+             }
+             logger.debug(Logger.EVENT_SUCCESS, "JavaEncryptor.encrypt(SecretKey,byte[],boolean,boolean) -- success!");
+             success = true;    // W00t!!!
+             return ciphertext;
+        } catch (InvalidKeyException ike) {
+             throw new EncryptionException("Encryption failure: Invalid key exception.",
+                     "Requested key size: " + keySize + "bits greater than 128 bits. Must install unlimited strength crypto extension from Sun: " +
+                     ike.getMessage(), ike);
+         } catch (ConfigurationException cex) {
+             throw new EncryptionException("Encryption failure: Configuration error. Details in log.", "Key size mismatch or unsupported IV method. " +
+                     "Check encryption key size vs. ESAPI.EncryptionKeyLength or Encryptor.ChooseIVMethod property.", cex);
+         } catch (InvalidAlgorithmParameterException e) {
+             throw new EncryptionException("Encryption failure (invalid IV)",
+                     "Encryption problem: Invalid IV spec: " + e.getMessage(), e);
+         } catch (IllegalBlockSizeException e) {
+             throw new EncryptionException("Encryption failure (no padding used; invalid input size)",
+                     "Encryption problem: Invalid input size without padding (" + xform + "). " + e.getMessage(), e);
+         } catch (BadPaddingException e) {
+             throw new EncryptionException("Encryption failure",
+                     "[Note: Should NEVER happen in encryption mode.] Encryption problem: " + e.getMessage(), e);
+         } catch (NoSuchAlgorithmException e) {
+             throw new EncryptionException("Encryption failure (unavailable cipher requested)",
+                     "Encryption problem: specified algorithm in cipher xform " + xform + " not available: " + e.getMessage(), e);
+         } catch (NoSuchPaddingException e) {
+             throw new EncryptionException("Encryption failure (unavailable padding scheme requested)",
+                     "Encryption problem: specified padding scheme in cipher xform " + xform + " not available: " + e.getMessage(), e);
+         } finally {
+             // Don't overwrite anything in the case of exceptions because they may wish to retry.
+             if ( success && overwritePlaintext ) {
+                 plain.overwrite();     // Note: Same as overwriting 'plaintext' byte array.
              }
-	     }
+         }
     }
 
-	/**
-	* {@inheritDoc}
-	*/
-	public PlainText decrypt(CipherText ciphertext) throws EncryptionException {
-		 // Now more of a convenience function for using the master key.
-		 return decrypt(secretKeySpec, ciphertext);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public PlainText decrypt(SecretKey key, CipherText ciphertext)
-	    throws EncryptionException, IllegalArgumentException
-	{
-	    long start = System.nanoTime();  // Current time in nanosecs; used to prevent timing attacks
-	    if ( key == null ) {
-	        throw new IllegalArgumentException("SecretKey arg may not be null");
-	    }
-	    if ( ciphertext == null ) {
-	        throw new IllegalArgumentException("Ciphertext may arg not be null");
-	    }
-
-	    if ( ! CryptoHelper.isAllowedCipherMode(ciphertext.getCipherMode()) ) {
-	        // This really should be an illegal argument exception, but it could
-	        // mean that a partner encrypted something using a cipher mode that
-	        // you do not accept, so it's a bit more complex than that. Also
-	        // throwing an IllegalArgumentException doesn't allow us to provide
-	        // the two separate error messages or automatically log it.
-	        throw new EncryptionException(DECRYPTION_FAILED,
-	                "Invalid cipher mode " + ciphertext.getCipherMode() +
-	        " not permitted for decryption or encryption operations.");
-	    }
-	    logger.debug(Logger.EVENT_SUCCESS,
-	            "Args valid for JavaEncryptor.decrypt(SecretKey,CipherText): " +
-	            ciphertext);
-
-	    PlainText plaintext = null;
-	    boolean caughtException = false;
-	    int progressMark = 0;
-	    try {
-	        // First we validate the MAC.
-	        boolean valid = CryptoHelper.isCipherTextMACvalid(key, ciphertext);
-	        if ( !valid ) {
-	            try {
-	                // This is going to fail, but we want the same processing
-	                // to occur as much as possible so as to prevent timing
-	                // attacks. We _could_ just be satisfied by the additional
-	                // sleep in the 'finally' clause, but an attacker on the
-	                // same server who can run something like 'ps' can tell
-	                // CPU time versus when the process is sleeping. Hence we
-	                // try to make this as close as possible. Since we know
-	                // it is going to fail, we ignore the result and ignore
-	                // the (expected) exception.
-	                handleDecryption(key, ciphertext); // Ignore return (should fail).
-	            } catch(Exception ex) {
-	                ;   // Ignore
-	            }
-	            throw new EncryptionException(DECRYPTION_FAILED,
-	                    "Decryption failed because MAC invalid for " +
-	                    ciphertext);
-	        }
-	        progressMark++;
-	        // The decryption only counts if the MAC was valid.
-	        plaintext = handleDecryption(key, ciphertext);
-	        progressMark++;
-	    } catch(EncryptionException ex) {
-	        caughtException = true;
-	        String logMsg = null;
-	        switch( progressMark ) {
-	        case 1:
-	            logMsg = "Decryption failed because MAC invalid. See logged exception for details.";
-	            break;
-	        case 2:
-	            logMsg = "Decryption failed because handleDecryption() failed. See logged exception for details.";
-	            break;
-	        default:
-	            logMsg = "Programming error: unexpected progress mark == " + progressMark;
-	        break;
-	        }
-	        logger.error(Logger.SECURITY_FAILURE, logMsg);
-	        throw ex;           // Re-throw
-	    }
-	    finally {
-	        if ( caughtException ) {
-	            // The rest of this code is to try to account for any minute differences
-	            // in the time it might take for the various reasons that decryption fails
-	            // in order to prevent any other possible timing attacks. Perhaps it is
-	            // going overboard. If nothing else, if N_SECS is large enough, it might
-	            // deter attempted repeated attacks by making them take much longer.
-	            long now = System.nanoTime();
-	            long elapsed = now - start;
-	            final long NANOSECS_IN_SEC = 1000000000L; // nanosec is 10**-9 sec
-	            long nSecs = N_SECS * NANOSECS_IN_SEC;  // N seconds in nano seconds
-	            if ( elapsed < nSecs ) {
-	                // Want to sleep so total time taken is N seconds.
-	                long extraSleep = nSecs - elapsed;
-
-	                // 'extraSleep' is in nanoseconds. Need to convert to a millisec
-	                // part and nanosec part. Nanosec is 10**-9, millsec is
-	                // 10**-3, so divide by (10**-9 / 10**-3), or 10**6 to
-	                // convert to from nanoseconds to milliseconds.
-	                long millis = extraSleep / 1000000L;
-	                long nanos  = (extraSleep - (millis * 1000000L));
+    /**
+    * {@inheritDoc}
+    */
+    public PlainText decrypt(CipherText ciphertext) throws EncryptionException {
+         // Now more of a convenience function for using the master key.
+         return decrypt(secretKeySpec, ciphertext);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public PlainText decrypt(SecretKey key, CipherText ciphertext)
+        throws EncryptionException, IllegalArgumentException
+    {
+        long start = System.nanoTime();  // Current time in nanosecs; used to prevent timing attacks
+        if ( key == null ) {
+            throw new IllegalArgumentException("SecretKey arg may not be null");
+        }
+        if ( ciphertext == null ) {
+            throw new IllegalArgumentException("Ciphertext may arg not be null");
+        }
+
+        if ( ! CryptoHelper.isAllowedCipherMode(ciphertext.getCipherMode()) ) {
+            // This really should be an illegal argument exception, but it could
+            // mean that a partner encrypted something using a cipher mode that
+            // you do not accept, so it's a bit more complex than that. Also
+            // throwing an IllegalArgumentException doesn't allow us to provide
+            // the two separate error messages or automatically log it.
+            throw new EncryptionException(DECRYPTION_FAILED,
+                    "Invalid cipher mode " + ciphertext.getCipherMode() +
+                    " not permitted for decryption or encryption operations.");
+        }
+        logger.debug(Logger.EVENT_SUCCESS,
+                "Args valid for JavaEncryptor.decrypt(SecretKey,CipherText): " +
+                ciphertext);
+
+        PlainText plaintext = null;
+        boolean caughtException = false;
+        int progressMark = 0;
+        try {
+            // First we validate the MAC.
+            boolean valid = CryptoHelper.isCipherTextMACvalid(key, ciphertext);
+            if ( !valid ) {
+                try {
+                    // This is going to fail, but we want the same processing
+                    // to occur as much as possible so as to prevent timing
+                    // attacks. We _could_ just be satisfied by the additional
+                    // sleep in the 'finally' clause, but an attacker on the
+                    // same server who can run something like 'ps' can tell
+                    // CPU time versus when the process is sleeping. Hence we
+                    // try to make this as close as possible. Since we know
+                    // it is going to fail, we ignore the result and ignore
+                    // the (expected) exception.
+                    handleDecryption(key, ciphertext); // Ignore return (should fail).
+                } catch(Exception ex) {
+                    ;   // Ignore
+                }
+                throw new EncryptionException(DECRYPTION_FAILED,
+                        "Decryption failed because MAC invalid for " +
+                        ciphertext);
+            }
+            progressMark++;
+            // The decryption only counts if the MAC was valid.
+            plaintext = handleDecryption(key, ciphertext);
+            progressMark++;
+        } catch(EncryptionException ex) {
+            caughtException = true;
+            String logMsg = null;
+            switch( progressMark ) {
+            case 1:
+                logMsg = "Decryption failed because MAC invalid. See logged exception for details.";
+                break;
+            case 2:
+                logMsg = "Decryption failed because handleDecryption() failed. See logged exception for details.";
+                break;
+            default:
+                logMsg = "Programming error: unexpected progress mark == " + progressMark;
+            break;
+            }
+            logger.error(Logger.SECURITY_FAILURE, logMsg);
+            throw ex;           // Re-throw
+        }
+        finally {
+            if ( caughtException ) {
+                // The rest of this code is to try to account for any minute differences
+                // in the time it might take for the various reasons that decryption fails
+                // in order to prevent any other possible timing attacks. Perhaps it is
+                // going overboard. If nothing else, if N_SECS is large enough, it might
+                // deter attempted repeated attacks by making them take much longer.
+                long now = System.nanoTime();
+                long elapsed = now - start;
+                final long NANOSECS_IN_SEC = 1000000000L; // nanosec is 10**-9 sec
+                long nSecs = N_SECS * NANOSECS_IN_SEC;  // N seconds in nano seconds
+                if ( elapsed < nSecs ) {
+                    // Want to sleep so total time taken is N seconds.
+                    long extraSleep = nSecs - elapsed;
+
+                    // 'extraSleep' is in nanoseconds. Need to convert to a millisec
+                    // part and nanosec part. Nanosec is 10**-9, millsec is
+                    // 10**-3, so divide by (10**-9 / 10**-3), or 10**6 to
+                    // convert to from nanoseconds to milliseconds.
+                    long millis = extraSleep / 1000000L;
+                    long nanos  = (extraSleep - (millis * 1000000L));
 
                     // N_SECS is hard-coded so assertion should be okay here.
-	                assert nanos >= 0 && nanos <= Integer.MAX_VALUE :
+                    assert nanos >= 0 && nanos <= Integer.MAX_VALUE :
                             "Nanosecs out of bounds; nanos = " + nanos;
-	                try {
-	                    Thread.sleep(millis, (int)nanos);
-	                } catch(InterruptedException ex) {
-	                    ;   // Ignore
-	                }
-	            } // Else ... time already exceeds N_SECS sec, so do not sleep.
-	        }
-	    }
-	    return plaintext;
-	}
+                    try {
+                        Thread.sleep(millis, (int)nanos);
+                    } catch(InterruptedException ex) {
+                        ;   // Ignore
+                    }
+                } // Else ... time already exceeds N_SECS sec, so do not sleep.
+            }
+        }
+        return plaintext;
+    }
 
     // Handle the actual decryption portion. At this point it is assumed that
     // any MAC has already been validated. (But see "DISCUSS" issue, below.)
@@ -677,19 +677,19 @@ private PlainText handleDecryption(SecretKey key, CipherText ciphertext)
                 // TODO: PERFORMANCE: Calculate avg time this takes and consider caching for very short interval
                 //       (e.g., 2 to 5 sec tops). Otherwise doing lots of encryptions in a loop could take a LOT longer.
                 //       But remember Jon Bentley's "Rule #1 on performance: First make it right, then make it fast."
-            	//		 This would be a security trade-off as it would leave keys in memory a bit longer, so it
-            	//		 should probably be off by default and controlled via a property.
-            	//
-            	// TODO: Feed in some additional parms here to use as the 'context' for the
-            	//		 KeyDerivationFunction...especially the KDF version. We would have to
-            	//		 store that in the CipherText object. We *possibly* could make it
-            	//		 transient so it would not be serialized with the CipherText object,
-            	//		 otherwise we would have to implement readObject() and writeObject()
-            	//		 methods there to support backward compatibility. Anyhow the intent
-            	//		 is to prevent down grade attacks when we finally re-design and
-            	//		 re-implement the MAC. Think about this in version 2.1.1.
+                //       This would be a security trade-off as it would leave keys in memory a bit longer, so it
+                //       should probably be off by default and controlled via a property.
+                //
+                // TODO: Feed in some additional parms here to use as the 'context' for the
+                //       KeyDerivationFunction...especially the KDF version. We would have to
+                //       store that in the CipherText object. We *possibly* could make it
+                //       transient so it would not be serialized with the CipherText object,
+                //       otherwise we would have to implement readObject() and writeObject()
+                //       methods there to support backward compatibility. Anyhow the intent
+                //       is to prevent down grade attacks when we finally re-design and
+                //       re-implement the MAC. Think about this in version 2.1.1.
                 encKey = computeDerivedKey( ciphertext.getKDFVersion(), ciphertext.getKDF_PRF(),
-                		                    key, keySize, "encryption");
+                                            key, keySize, "encryption");
             }
             if ( ciphertext.requiresIV() ) {
                 decrypter.init(Cipher.DECRYPT_MODE, encKey, new IvParameterSpec(ciphertext.getIV()));
@@ -713,16 +713,16 @@ private PlainText handleDecryption(SecretKey key, CipherText ciphertext)
         } catch (IllegalBlockSizeException e) {
             throw new EncryptionException(DECRYPTION_FAILED, "Decryption problem: " + e.getMessage(), e);
         } catch (BadPaddingException e) {
-            //DISCUSS: This needs fixed. Already validated MAC in CryptoHelper.isCipherTextMACvalid() above.
-            //So only way we could get a padding exception is if invalid padding were used originally by
-            //the party doing the encryption. (This might happen with a buggy padding scheme for instance.)
-            //It *seems* harmless though, so will leave it for now, and technically, we need to either catch it
-            //or declare it in a throws class. Clearly we don't want to do the later. This should be discussed
-            //during a code inspection.
+            // DISCUSS: This needs fixed. Already validated MAC in CryptoHelper.isCipherTextMACvalid() above.
+            // So only way we could get a padding exception is if invalid padding were used originally by
+            // the party doing the encryption. (This might happen with a buggy padding scheme for instance.)
+            // It *seems* harmless though, so will leave it for now, and technically, we need to either catch it
+            // or declare it in a throws class. Clearly we don't want to do the later. This should be discussed
+            // during a code inspection.
             SecretKey authKey;
             try {
                 authKey = computeDerivedKey( ciphertext.getKDFVersion(), ciphertext.getKDF_PRF(),
-                		                     key, keySize, "authenticity");
+                                             key, keySize, "authenticity");
             } catch (Exception e1) {
                 throw new EncryptionException(DECRYPTION_FAILED,
                         "Decryption problem -- failed to compute derived key for authenticity: " + e1.getMessage(), e1);
@@ -737,187 +737,187 @@ private PlainText handleDecryption(SecretKey key, CipherText ciphertext)
             }
         }
     }
-	
-	/**
-	* {@inheritDoc}
-	*/
-	public String sign(String data) throws EncryptionException {
-		try {
-			Signature signer = Signature.getInstance(signatureAlgorithm);
-			signer.initSign(privateKey);
-			signer.update(data.getBytes(encoding));
-			byte[] bytes = signer.sign();
-			return ESAPI.encoder().encodeForBase64(bytes, false);
-		} catch (InvalidKeyException ike) {
-			throw new EncryptionException("Encryption failure", "Must install unlimited strength crypto extension from Sun", ike);
-		} catch (Exception e) {
-			throw new EncryptionException("Signature failure", "Can't find signature algorithm " + signatureAlgorithm, e);
-		}
-	}
-		
-	/**
-	* {@inheritDoc}
-	*/
-	public boolean verifySignature(String signature, String data) {
-		try {
-			byte[] bytes = ESAPI.encoder().decodeFromBase64(signature);
-			Signature signer = Signature.getInstance(signatureAlgorithm);
-			signer.initVerify(publicKey);
-			signer.update(data.getBytes(encoding));
-			return signer.verify(bytes);
-		} catch (Exception e) {
-		    // NOTE: EncryptionException constructed *only* for side-effect of causing logging.
-		    // FindBugs complains about this and since it examines byte-code, there's no way to
-		    // shut it up.
-			new EncryptionException("Invalid signature", "Problem verifying signature: " + e.getMessage(), e);
-			return false;
-		}
-	}
-
-	/**
-	* {@inheritDoc}
+
+    /**
+    * {@inheritDoc}
+    */
+    public String sign(String data) throws EncryptionException {
+        try {
+            Signature signer = Signature.getInstance(signatureAlgorithm);
+            signer.initSign(privateKey);
+            signer.update(data.getBytes(encoding));
+            byte[] bytes = signer.sign();
+            return ESAPI.encoder().encodeForBase64(bytes, false);
+        } catch (InvalidKeyException ike) {
+            throw new EncryptionException("Encryption failure", "Must install unlimited strength crypto extension from Sun", ike);
+        } catch (Exception e) {
+            throw new EncryptionException("Signature failure", "Can't find signature algorithm " + signatureAlgorithm, e);
+        }
+    }
+
+    /**
+    * {@inheritDoc}
+    */
+    public boolean verifySignature(String signature, String data) {
+        try {
+            byte[] bytes = ESAPI.encoder().decodeFromBase64(signature);
+            Signature signer = Signature.getInstance(signatureAlgorithm);
+            signer.initVerify(publicKey);
+            signer.update(data.getBytes(encoding));
+            return signer.verify(bytes);
+        } catch (Exception e) {
+            // NOTE: EncryptionException constructed *only* for side-effect of causing logging.
+            // FindBugs complains about this and since it examines byte-code, there's no way to
+            // shut it up.
+            new EncryptionException("Invalid signature", "Problem verifying signature: " + e.getMessage(), e);
+            return false;
+        }
+    }
+
+    /**
+    * {@inheritDoc}
      *
      * @param expiration
      * @throws IntegrityException
      */
-	public String seal(String data, long expiration) throws IntegrityException {
-	    if ( data == null ) {
-	        throw new IllegalArgumentException("Data to be sealed may not be null.");
-	    }
-	    
-		try {
-		    String b64data = null;
+    public String seal(String data, long expiration) throws IntegrityException {
+        if ( data == null ) {
+            throw new IllegalArgumentException("Data to be sealed may not be null.");
+        }
+
+        try {
+            String b64data = null;
             try {
                 b64data = ESAPI.encoder().encodeForBase64(data.getBytes("UTF-8"), false);
             } catch (UnsupportedEncodingException e) {
                 ; // Ignore; should never happen since UTF-8 built into rt.jar
             }
-			// mix in some random data so even identical data and timestamp produces different seals
-			String nonce = ESAPI.randomizer().getRandomString(10, EncoderConstants.CHAR_ALPHANUMERICS);
-			String plaintext = expiration + ":" + nonce + ":" + b64data;
-			// add integrity check; signature is already base64 encoded.
-			String sig = this.sign( plaintext );
-			CipherText ciphertext = this.encrypt( new PlainText(plaintext + ":" + sig) );
-			String sealedData = ESAPI.encoder().encodeForBase64(ciphertext.asPortableSerializedByteArray(), false);
-			return sealedData;
-		} catch( EncryptionException e ) {
-			throw new IntegrityException( e.getUserMessage(), e.getLogMessage(), e );
-		}
-	}
-
-	/**
-	* {@inheritDoc}
-	*/
-	public String unseal(String seal) throws EncryptionException {
-		PlainText plaintext = null;
-		try {
-		    byte[] encryptedBytes = ESAPI.encoder().decodeFromBase64(seal);
-		    CipherText cipherText = null;
-		    try {
-		        cipherText = CipherText.fromPortableSerializedBytes(encryptedBytes);
-		    } catch( AssertionError e) {
-	            // Some of the tests in EncryptorTest.testVerifySeal() are examples of
-		        // this if assertions are enabled, but otherwise it should not
+            // mix in some random data so even identical data and timestamp produces different seals
+            String nonce = ESAPI.randomizer().getRandomString(10, EncoderConstants.CHAR_ALPHANUMERICS);
+            String plaintext = expiration + ":" + nonce + ":" + b64data;
+            // add integrity check; signature is already base64 encoded.
+            String sig = this.sign( plaintext );
+            CipherText ciphertext = this.encrypt( new PlainText(plaintext + ":" + sig) );
+            String sealedData = ESAPI.encoder().encodeForBase64(ciphertext.asPortableSerializedByteArray(), false);
+            return sealedData;
+        } catch( EncryptionException e ) {
+            throw new IntegrityException( e.getUserMessage(), e.getLogMessage(), e );
+        }
+    }
+
+    /**
+    * {@inheritDoc}
+    */
+    public String unseal(String seal) throws EncryptionException {
+        PlainText plaintext = null;
+        try {
+            byte[] encryptedBytes = ESAPI.encoder().decodeFromBase64(seal);
+            CipherText cipherText = null;
+            try {
+                cipherText = CipherText.fromPortableSerializedBytes(encryptedBytes);
+            } catch( AssertionError e) {
+                // Some of the tests in EncryptorTest.testVerifySeal() are examples of
+                // this if assertions are enabled, but otherwise it should not
                 // normally happen.
-		        throw new EncryptionException("Invalid seal",
-	                                          "Seal passed garbarge data resulting in AssertionError: " + e);
-	        }
-			plaintext = this.decrypt(cipherText);
-
-			String[] parts = plaintext.toString().split(":");
-			if (parts.length != 4) {
-				throw new EncryptionException("Invalid seal", "Seal was not formatted properly.");
-			}
-	
-			String timestring = parts[0];
-			long now = new Date().getTime();
-			long expiration = Long.parseLong(timestring);
-			if (now > expiration) {
-				throw new EncryptionException("Invalid seal", "Seal expiration date of " + new Date(expiration) + " has past.");
-			}
-			String nonce = parts[1];
-			String b64data = parts[2];
-			String sig = parts[3];
-			if (!this.verifySignature(sig, timestring + ":" + nonce + ":" + b64data ) ) {
-				throw new EncryptionException("Invalid seal", "Seal integrity check failed");
-			}	
-			return new String(ESAPI.encoder().decodeFromBase64(b64data), "UTF-8");
-		} catch (EncryptionException e) {
-			throw e;
-		} catch (Exception e) {
-			throw new EncryptionException("Invalid seal", "Invalid seal:" + e.getMessage(), e);
-		}
-	}
-
-	
-	/**
-	* {@inheritDoc}
-	*/
-	public boolean verifySeal( String seal ) {
-		try {
-			unseal( seal );
-			return true;
-		} catch( EncryptionException e ) {
-			return false;
-		}
-	}
-	
-	/**
-	* {@inheritDoc}
-	*/
-	public long getTimeStamp() {
-		return new Date().getTime();
-	}
-
-	/**
-	* {@inheritDoc}
-	*/
-	public long getRelativeTimeStamp( long offset ) {
-		return new Date().getTime() + offset;
-	}
-
-	// DISCUSS: Why experimental? Would have to be added to Encryptor interface
-	//			but only 3 things I saw wrong with this was 1) it used HMacMD5 instead
-	//			of HMacSHA1 (see discussion below), 2) that the HMac key is the
-	//			same one used for encryption (also see comments), and 3) it caught
-	//			overly broad exceptions. Here it is with these specific areas
-	//			addressed, but no unit testing has been done at this point. -kww
+                throw new EncryptionException("Invalid seal",
+                                              "Seal passed garbarge data resulting in AssertionError: " + e);
+            }
+            plaintext = this.decrypt(cipherText);
+
+            String[] parts = plaintext.toString().split(":");
+            if (parts.length != 4) {
+                throw new EncryptionException("Invalid seal", "Seal was not formatted properly.");
+            }
+
+            String timestring = parts[0];
+            long now = new Date().getTime();
+            long expiration = Long.parseLong(timestring);
+            if (now > expiration) {
+                throw new EncryptionException("Invalid seal", "Seal expiration date of " + new Date(expiration) + " has past.");
+            }
+            String nonce = parts[1];
+            String b64data = parts[2];
+            String sig = parts[3];
+            if (!this.verifySignature(sig, timestring + ":" + nonce + ":" + b64data ) ) {
+                throw new EncryptionException("Invalid seal", "Seal integrity check failed");
+            }
+            return new String(ESAPI.encoder().decodeFromBase64(b64data), "UTF-8");
+        } catch (EncryptionException e) {
+            throw e;
+        } catch (Exception e) {
+            throw new EncryptionException("Invalid seal", "Invalid seal:" + e.getMessage(), e);
+        }
+    }
+
+
+    /**
+    * {@inheritDoc}
+    */
+    public boolean verifySeal( String seal ) {
+        try {
+            unseal( seal );
+            return true;
+        } catch( EncryptionException e ) {
+            return false;
+        }
+    }
+
+    /**
+    * {@inheritDoc}
+    */
+    public long getTimeStamp() {
+        return new Date().getTime();
+    }
+
+    /**
+    * {@inheritDoc}
+    */
+    public long getRelativeTimeStamp( long offset ) {
+        return new Date().getTime() + offset;
+    }
+
+    // DISCUSS: Why experimental? Would have to be added to Encryptor interface
+    //          but only 3 things I saw wrong with this was 1) it used HMacMD5 instead
+    //          of HMacSHA1 (see discussion below), 2) that the HMac key is the
+    //          same one used for encryption (also see comments), and 3) it caught
+    //          overly broad exceptions. Here it is with these specific areas
+    //          addressed, but no unit testing has been done at this point. -kww
    /**
     * Compute an HMAC for a String.  Experimental.
-    * @param input	The input for which to compute the HMac.
+    * @param input  The input for which to compute the HMac.
     */
 /********************
-	public String computeHMAC( String input ) throws EncryptionException {
-		try {
-			Mac hmac = Mac.getInstance("HMacSHA1"); // DISCUSS: Changed to HMacSHA1. MD5 *badly* broken
-												   //          SHA1 should really be avoided, but using
-												   //		   for HMAC-SHA1 is acceptable for now. Plan
-												   //		   to migrate to SHA-256 or NIST replacement for
-												   //		   SHA1 in not too distant future.
-			// DISCUSS: Also not recommended that the HMac key is the same as the one
-			//			used for encryption (namely, Encryptor.MasterKey). If anything it
-			//			would be better to use Encryptor.MasterSalt for the HMac key, or
-			//			perhaps a derived key based on the master salt. (One could use
-			//			KeyDerivationFunction.computeDerivedKey().)
-			//
-			byte[] salt = ESAPI.securityConfiguration().getMasterSalt();
-			hmac.init( new SecretKeySpec(salt, "HMacSHA1") );	// Was:	hmac.init(secretKeySpec)	
-			byte[] inBytes;
-			try {
-				inBytes = input.getBytes("UTF-8");
-			} catch (UnsupportedEncodingException e) {
-				logger.warning(Logger.SECURITY_FAILURE, "computeHMAC(): Can't find UTF-8 encoding; using default encoding", e);
-				inBytes = input.getBytes();
-			}
-			byte[] bytes = hmac.doFinal( inBytes );
-			return ESAPI.encoder().encodeForBase64(bytes, false);
-		} catch (InvalidKeyException ike) {
-			throw new EncryptionException("Encryption failure", "Must install unlimited strength crypto extension from Sun", ike);
-	    } catch (NoSuchAlgorithmException e) {
-	    	throw new EncryptionException("Could not compute HMAC", "Can't find HMacSHA1 algorithm. " +
-	    															"Problem computing HMAC for " + input, e );
-	    }
-	}
+    public String computeHMAC( String input ) throws EncryptionException {
+        try {
+            Mac hmac = Mac.getInstance("HMacSHA1"); // DISCUSS: Changed to HMacSHA1. MD5 *badly* broken
+                                                   //          SHA1 should really be avoided, but using
+                                                   //          for HMAC-SHA1 is acceptable for now. Plan
+                                                   //          to migrate to SHA-256 or NIST replacement for
+                                                   //          SHA1 in not too distant future.
+            // DISCUSS: Also not recommended that the HMac key is the same as the one
+            //          used for encryption (namely, Encryptor.MasterKey). If anything it
+            //          would be better to use Encryptor.MasterSalt for the HMac key, or
+            //          perhaps a derived key based on the master salt. (One could use
+            //          KeyDerivationFunction.computeDerivedKey().)
+            //
+            byte[] salt = ESAPI.securityConfiguration().getMasterSalt();
+            hmac.init( new SecretKeySpec(salt, "HMacSHA1") );   // Was: hmac.init(secretKeySpec)
+            byte[] inBytes;
+            try {
+                inBytes = input.getBytes("UTF-8");
+            } catch (UnsupportedEncodingException e) {
+                logger.warning(Logger.SECURITY_FAILURE, "computeHMAC(): Can't find UTF-8 encoding; using default encoding", e);
+                inBytes = input.getBytes();
+            }
+            byte[] bytes = hmac.doFinal( inBytes );
+            return ESAPI.encoder().encodeForBase64(bytes, false);
+        } catch (InvalidKeyException ike) {
+            throw new EncryptionException("Encryption failure", "Must install unlimited strength crypto extension from Sun", ike);
+        } catch (NoSuchAlgorithmException e) {
+            throw new EncryptionException("Could not compute HMAC", "Can't find HMacSHA1 algorithm. " +
+                                                                    "Problem computing HMAC for " + input, e );
+        }
+    }
 ********************/
 
     /**
@@ -926,7 +926,7 @@ public String computeHMAC( String input ) throws EncryptionException {
      * may be changed via the system property
      * {@code ESAPI.Encryptor.warnEveryNthUse}.) In other words, we nag
      * them until the give in and change it. ;-)
-     * 
+     *
      * @param where The string "encrypt" or "decrypt", corresponding to the
      *              method that is being logged.
      * @param msg   The message to log.
@@ -949,54 +949,54 @@ private void logWarning(String where, String msg) {
             logger.warning(Logger.SECURITY_FAILURE, where + msg);
         }
     }
-    
-    private KeyDerivationFunction.PRF_ALGORITHMS getPRF(String name) {    	
-		String prfName = null;
-		if ( name == null ) {
-			prfName = ESAPI.securityConfiguration().getKDFPseudoRandomFunction();
-		} else {
-			prfName = name;
-		}
-		KeyDerivationFunction.PRF_ALGORITHMS prf = KeyDerivationFunction.convertNameToPRF(prfName);
-		return prf;
+
+    private KeyDerivationFunction.PRF_ALGORITHMS getPRF(String name) {
+        String prfName = null;
+        if ( name == null ) {
+            prfName = ESAPI.securityConfiguration().getKDFPseudoRandomFunction();
+        } else {
+            prfName = name;
+        }
+        KeyDerivationFunction.PRF_ALGORITHMS prf = KeyDerivationFunction.convertNameToPRF(prfName);
+        return prf;
     }
-    
+
     private KeyDerivationFunction.PRF_ALGORITHMS getDefaultPRF() {
-		String prfName = ESAPI.securityConfiguration().getKDFPseudoRandomFunction();
-		return getPRF(prfName);
+        String prfName = ESAPI.securityConfiguration().getKDFPseudoRandomFunction();
+        return getPRF(prfName);
     }
-    
+
     // Private interface to call ESAPI's KDF to get key for encryption or authenticity.
     private SecretKey computeDerivedKey(int kdfVersion, KeyDerivationFunction.PRF_ALGORITHMS prf,
-    									SecretKey kdk, int keySize, String purpose)
-    	throws NoSuchAlgorithmException, InvalidKeyException, EncryptionException
+                                        SecretKey kdk, int keySize, String purpose)
+        throws NoSuchAlgorithmException, InvalidKeyException, EncryptionException
     {
-    	// These really should be turned into actual runtime checks and an
-    	// IllegalArgumentException should be thrown if they are violated.
-    	// But this should be OK since this is a private method. Also, this method will
-    	// be called quite often so assertions are a big win as they can be disabled or
-    	// enabled at will.
-    	assert prf != null : "Pseudo Random Function for KDF cannot be null";
-    	assert kdk != null : "Key derivation key cannot be null.";
-    	// We would choose a larger minimum key size, but we want to be
-    	// able to accept DES for legacy encryption needs. NIST says 112-bits is min. If less than that,
-    	// we print warning.
-    	assert keySize >= 56 : "Key has size of " + keySize + ", which is less than absolute minimum of 56-bits.";
-    	assert (keySize % 8) == 0 : "Key size (" + keySize + ") must be a even multiple of 8-bits.";
+        // These really should be turned into actual runtime checks and an
+        // IllegalArgumentException should be thrown if they are violated.
+        // But this should be OK since this is a private method. Also, this method will
+        // be called quite often so assertions are a big win as they can be disabled or
+        // enabled at will.
+        assert prf != null : "Pseudo Random Function for KDF cannot be null";
+        assert kdk != null : "Key derivation key cannot be null.";
+        // We would choose a larger minimum key size, but we want to be
+        // able to accept DES for legacy encryption needs. NIST says 112-bits is min. If less than that,
+        // we print warning.
+        assert keySize >= 56 : "Key has size of " + keySize + ", which is less than absolute minimum of 56-bits.";
+        assert (keySize % 8) == 0 : "Key size (" + keySize + ") must be a even multiple of 8-bits.";
 
         // However, this one we want as a runtime check because we don't have this check
         // in KeyDerivationFunction.computeDerivedKey() as we want that method
         // to be more general.
-    	if ( !( purpose.equals("encryption") || purpose.equals("authenticity") ) ) {
+        if ( !( purpose.equals("encryption") || purpose.equals("authenticity") ) ) {
             String exMsg = "Programming error in ESAPI?? 'purpose' for computeDerivedKey() must be \"encryption\" or \"authenticity\".";
-    		throw new EncryptionException(exMsg, exMsg);
+            throw new EncryptionException(exMsg, exMsg);
         }
 
-    	KeyDerivationFunction kdf = new KeyDerivationFunction(prf);
-    	if ( kdfVersion != 0 ) {
-    		kdf.setVersion(kdfVersion);
-    	}
-    	return kdf.computeDerivedKey(kdk, keySize, purpose);
+        KeyDerivationFunction kdf = new KeyDerivationFunction(prf);
+        if ( kdfVersion != 0 ) {
+            kdf.setVersion(kdfVersion);
+        }
+        return kdf.computeDerivedKey(kdk, keySize, purpose);
     }
 
     // Get all the algorithms we will be using from ESAPI.properties.
@@ -1011,7 +1011,7 @@ private static void setupAlgorithms() {
         encryptionKeyLength = ESAPI.securityConfiguration().getEncryptionKeyLength();
         signatureKeyLength = ESAPI.securityConfiguration().getDigitalSignatureKeyLength();
     }
-    
+
     // Set up signing key pair using the master password and salt. Called (once)
     // from the JavaEncryptor CTOR.
     private static void initKeyPair(SecureRandom prng) throws NoSuchAlgorithmException {

From 197e2dbc1093d625ff3dd9930fb9073f59fd153d Mon Sep 17 00:00:00 2001
From: "Kevin W. Wall" <kevin.w.wall@gmail.com>
Date: Mon, 8 Jul 2019 06:15:16 -0400
Subject: [PATCH 572/812] Close issue #256. White-space clean up. (#505)

---
 .../esapi/reference/crypto/JavaEncryptor.java | 1240 ++++++++---------
 1 file changed, 620 insertions(+), 620 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/crypto/JavaEncryptor.java b/src/main/java/org/owasp/esapi/reference/crypto/JavaEncryptor.java
index bb3dd163a..64d3e7561 100644
--- a/src/main/java/org/owasp/esapi/reference/crypto/JavaEncryptor.java
+++ b/src/main/java/org/owasp/esapi/reference/crypto/JavaEncryptor.java
@@ -6,10 +6,10 @@
  * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
  *
  * Copyright (c) 2007 - The OWASP Foundation
- * 
+ *
  * The ESAPI is published by OWASP under the BSD license. You should read and accept the
  * LICENSE before you use, modify, and/or redistribute this software.
- * 
+ *
  * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
  * @author kevin.w.wall@gmail.com
  * @created 2007
@@ -41,7 +41,7 @@
 import javax.crypto.BadPaddingException;
 import javax.crypto.Cipher;
 import javax.crypto.IllegalBlockSizeException;
-// import javax.crypto.Mac;			// Uncomment if computeHMAC() is included.
+// import javax.crypto.Mac;         // Uncomment if computeHMAC() is included.
 import javax.crypto.NoSuchPaddingException;
 import javax.crypto.SecretKey;
 import javax.crypto.spec.SecretKeySpec;
@@ -70,7 +70,7 @@
  * controlling the selection of this class is {@code ESAPI.Encryptor}. Most of
  * the other encryption related properties have property names that start with
  * the string "Encryptor.".
- * 
+ *
  * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
  *         href="http://www.aspectsecurity.com">Aspect Security</a>
  * @author kevin.w.wall@gmail.com
@@ -96,126 +96,126 @@ public static Encryptor getInstance() throws EncryptionException {
     }
 
     private static boolean initialized = false;
-    
+
     // encryption
     private static SecretKeySpec secretKeySpec = null; // DISCUSS: Why static? Implies one key?!?
     private static String encryptAlgorithm = "AES";
-    private static String encoding = "UTF-8"; 
+    private static String encoding = "UTF-8";
     private static int encryptionKeyLength = 128;
-    
+
     // digital signatures
     private static PrivateKey privateKey = null;
-	private static PublicKey publicKey = null;
-	private static String signatureAlgorithm = "SHA1withDSA";
+    private static PublicKey publicKey = null;
+    private static String signatureAlgorithm = "SHA1withDSA";
     private static String randomAlgorithm = "SHA1PRNG";
-	private static int signatureKeyLength = 1024;
-	
-	// hashing
-	private static String hashAlgorithm = "SHA-512";
-	private static int hashIterations = 1024;
-	
-	// Logging - DISCUSS: This "sticks" us with a specific logger to whatever it was when
-	//					  this class is first loaded. Is this a big limitation? Since there
-	//                    is no method to reset it, we may has well make it 'final' also.
-	private static Logger logger = ESAPI.getLogger("JavaEncryptor");
-	    // Used to print out warnings about deprecated methods.
-	private static int encryptCounter = 0;
-	private static int decryptCounter = 0;
+    private static int signatureKeyLength = 1024;
+
+    // hashing
+    private static String hashAlgorithm = "SHA-512";
+    private static int hashIterations = 1024;
+
+    // Logging - DISCUSS: This "sticks" us with a specific logger to whatever it was when
+    //                    this class is first loaded. Is this a big limitation? Since there
+    //                    is no method to reset it, we may has well make it 'final' also.
+    private static Logger logger = ESAPI.getLogger("JavaEncryptor");
+        // Used to print out warnings about deprecated methods.
+    private static int encryptCounter = 0;
+    private static int decryptCounter = 0;
         // DISCUSS: OK to not have a property for this to set the frequency?
         //          The desire is to persuade people to move away from these
-	    //          two deprecated encrypt(String) / decrypt(String) methods,
+        //          two deprecated encrypt(String) / decrypt(String) methods,
         //          so perhaps the annoyance factor of not being able to
         //          change it will help. For now, it is just hard-coded here.
         //          We could be mean and just print a warning *every* time.
-	private static final int logEveryNthUse = 25;
-	
+    private static final int logEveryNthUse = 25;
+
     // *Only* use this string for user messages for EncryptionException when
     // decryption fails. This is to prevent information leakage that may be
     // valuable in various forms of ciphertext attacks, such as the
-	// Padded Oracle attack described by Rizzo and Duong.
+    // Padded Oracle attack described by Rizzo and Duong.
     private static final String DECRYPTION_FAILED = "Decryption failed; see logs for details.";
 
     // # of seconds that all failed decryption attempts will take. Used to
     // help prevent side-channel timing attacks.
     private static int N_SECS = 2;
 
-	// Load the preferred JCE provider if one has been specified.
-	static {
-	    try {
+    // Load the preferred JCE provider if one has been specified.
+    static {
+        try {
             SecurityProviderLoader.loadESAPIPreferredJCEProvider();
         } catch (NoSuchProviderException ex) {
-        	// Note that audit logging is done elsewhere in called method.
+            // Note that audit logging is done elsewhere in called method.
             logger.fatal(Logger.SECURITY_FAILURE,
                          "JavaEncryptor failed to load preferred JCE provider.", ex);
             throw new ExceptionInInitializerError(ex);
         }
         setupAlgorithms();
-	}
-	
+    }
+
     /**
      * Generates a new strongly random secret key and salt that can be
      * copy and pasted in the <b>ESAPI.properties</b> file.
-     * 
+     *
      * @param args Set first argument to "-print" to display available algorithms on standard output.
-     * @throws java.lang.Exception	To cover a multitude of sins, mostly in configuring ESAPI.properties.
+     * @throws java.lang.Exception  To cover a multitude of sins, mostly in configuring ESAPI.properties.
      */
     public static void main( String[] args ) throws Exception {
-		System.out.println( "Generating a new secret master key" );
-		
-		// print out available ciphers
-		if ( args.length == 1 && args[0].equalsIgnoreCase("-print" ) ) {
-			System.out.println( "AVAILABLE ALGORITHMS" );
-
-			Provider[] providers = Security.getProviders();
-			TreeMap<String, String> tm = new TreeMap<String, String>();
-			// DISCUSS: Note: We go through multiple providers, yet nowhere do I
-			//			see where we print out the PROVIDER NAME. Not all providers
-			//			will implement the same algorithms and some "partner" with
-			//			whom we are exchanging different cryptographic messages may
-			//			have _different_ providers in their java.security file. So
-			//			it would be useful to know the provider name where each
-			//			algorithm is implemented. Might be good to prepend the provider
-			//			name to the 'key' with something like "providerName: ". Thoughts?
-			for (int i = 0; i != providers.length; i++) {
-				// DISCUSS: Print security provider name here???
-					// Note: For some odd reason, Provider.keySet() returns
-					//		 Set<Object> of the property keys (which are Strings)
-					//		 contained in this provider, but Set<String> seems
-					//		 more appropriate. But that's why we need the cast below.
-	            System.out.println("===== Provider " + i + ":" + providers[i].getName() + " ======");
-				Iterator<Object> it = providers[i].keySet().iterator();
-				while (it.hasNext()) {
-					String key = (String)it.next();
-		            String value = providers[i].getProperty( key );
-		            tm.put(key, value);
-	                System.out.println("\t\t   " + key + " -> "+ value );
-				}
-			}
-
-			Set< Entry<String,String> > keyValueSet = tm.entrySet();
-			Iterator<Entry<String, String>> it = keyValueSet.iterator();
-			while( it.hasNext() ) {
-				Map.Entry<String,String> entry = it.next();
-				String key = entry.getKey();
-				String value = entry.getValue();
-	        	System.out.println( "   " + key + " -> "+ value );
-			}
-		} else {
-				// Used to print a similar line to use '-print' even when it was specified.
-			System.out.println( "\tuse '-print' to also show available crypto algorithms from all the security providers" );
-		}
-		
+        System.out.println( "Generating a new secret master key" );
+
+        // print out available ciphers
+        if ( args.length == 1 && args[0].equalsIgnoreCase("-print" ) ) {
+            System.out.println( "AVAILABLE ALGORITHMS" );
+
+            Provider[] providers = Security.getProviders();
+            TreeMap<String, String> tm = new TreeMap<String, String>();
+            // DISCUSS: Note: We go through multiple providers, yet nowhere do I
+            //          see where we print out the PROVIDER NAME. Not all providers
+            //          will implement the same algorithms and some "partner" with
+            //          whom we are exchanging different cryptographic messages may
+            //          have _different_ providers in their java.security file. So
+            //          it would be useful to know the provider name where each
+            //          algorithm is implemented. Might be good to prepend the provider
+            //          name to the 'key' with something like "providerName: ". Thoughts?
+            for (int i = 0; i != providers.length; i++) {
+                // DISCUSS: Print security provider name here???
+                // Note: For some odd reason, Provider.keySet() returns
+                //       Set<Object> of the property keys (which are Strings)
+                //       contained in this provider, but Set<String> seems
+                //       more appropriate. But that's why we need the cast below.
+                System.out.println("===== Provider " + i + ":" + providers[i].getName() + " ======");
+                Iterator<Object> it = providers[i].keySet().iterator();
+                while (it.hasNext()) {
+                    String key = (String)it.next();
+                    String value = providers[i].getProperty( key );
+                    tm.put(key, value);
+                    System.out.println("\t\t   " + key + " -> "+ value );
+                }
+            }
+
+            Set< Entry<String,String> > keyValueSet = tm.entrySet();
+            Iterator<Entry<String, String>> it = keyValueSet.iterator();
+            while( it.hasNext() ) {
+                Map.Entry<String,String> entry = it.next();
+                String key = entry.getKey();
+                String value = entry.getValue();
+                System.out.println( "   " + key + " -> "+ value );
+            }
+        } else {
+            // Used to print a similar line to use '-print' even when it was specified.
+            System.out.println( "\tuse '-print' to also show available crypto algorithms from all the security providers" );
+        }
+
         // setup algorithms -- Each of these have defaults if not set, although
-		//					   someone could set them to something invalid. If
-		//					   so a suitable exception will be thrown and displayed.
+        //                     someone could set them to something invalid. If
+        //                     so a suitable exception will be thrown and displayed.
         encryptAlgorithm = ESAPI.securityConfiguration().getEncryptionAlgorithm();
-		encryptionKeyLength = ESAPI.securityConfiguration().getEncryptionKeyLength();
-		randomAlgorithm = ESAPI.securityConfiguration().getRandomAlgorithm();
+        encryptionKeyLength = ESAPI.securityConfiguration().getEncryptionKeyLength();
+        randomAlgorithm = ESAPI.securityConfiguration().getRandomAlgorithm();
 
-		SecureRandom random = SecureRandom.getInstance(randomAlgorithm);
-		SecretKey secretKey = CryptoHelper.generateSecretKey(encryptAlgorithm, encryptionKeyLength);
+        SecureRandom random = SecureRandom.getInstance(randomAlgorithm);
+        SecretKey secretKey = CryptoHelper.generateSecretKey(encryptAlgorithm, encryptionKeyLength);
         byte[] raw = secretKey.getEncoded();
-        byte[] salt = new byte[20];	// Or 160-bits; big enough for SHA1, but not SHA-256 or SHA-512.
+        byte[] salt = new byte[20]; // Or 160-bits; big enough for SHA1, but not SHA-256 or SHA-512.
         random.nextBytes( salt );
         String eol = System.getProperty("line.separator", "\n"); // So it works on Windows too.
         System.out.println( eol + "Copy and paste these lines into your ESAPI.properties" + eol);
@@ -224,12 +224,12 @@ public static void main( String[] args ) throws Exception {
         System.out.println( "Encryptor.MasterSalt=" + ESAPI.encoder().encodeForBase64(salt, false) );
         System.out.println( "#==============================================================" + eol);
     }
-	
-    
+
+
     /**
      * Private CTOR for {@code JavaEncryptor}, called by {@code getInstance()}.
      * @throws EncryptionException if can't construct this object for some reason.
-     * 					Original exception will be attached as the 'cause'.
+     *                  Original exception will be attached as the 'cause'.
      */
     private JavaEncryptor() throws EncryptionException {
         byte[] salt = ESAPI.securityConfiguration().getMasterSalt();
@@ -252,7 +252,7 @@ private JavaEncryptor() throws EncryptionException {
             throw new ConfigurationException("Encryptor.MasterKey must be at least 7 bytes. " +
                                              "Length is: " + skey.length + " bytes.");
         }
-        
+
         // Set up secretKeySpec for use for symmetric encryption and decryption,
         // and set up the public/private keys for asymmetric encryption /
         // decryption.
@@ -275,7 +275,7 @@ private JavaEncryptor() throws EncryptionException {
                 //            handle in a static initializer, it just seems to
                 //            fit better here.
                 secretKeySpec = new SecretKeySpec(skey, encryptAlgorithm );
-                
+
                 //
                 // For asymmetric encryption (i.e., public/private key)
                 //
@@ -291,93 +291,93 @@ private JavaEncryptor() throws EncryptionException {
                     initKeyPair(prng);
                 } catch (Exception e) {
                     throw new EncryptionException("Encryption failure", "Error creating Encryptor", e);
-                }             
-                
+                }
+
                 // Mark everything as initialized.
                 initialized = true;
             }
         }
     }
-     
 
 
-	/**
+
+    /**
      * {@inheritDoc}
-     * 
-	 * Hashes the data with the supplied salt and the number of iterations specified in
-	 * the ESAPI SecurityConfiguration.
-	 */
-	public String hash(String plaintext, String salt) throws EncryptionException {
-		return hash( plaintext, salt, hashIterations );
-	}
-	
-	/**
+     *
+     * Hashes the data with the supplied salt and the number of iterations specified in
+     * the ESAPI SecurityConfiguration.
+     */
+    public String hash(String plaintext, String salt) throws EncryptionException {
+        return hash( plaintext, salt, hashIterations );
+    }
+
+    /**
      * {@inheritDoc}
-     * 
-	 * Hashes the data using the specified algorithm and the Java MessageDigest class. This method
-	 * first adds the salt, a separator (":"), and the data, and then rehashes the specified number of iterations
-	 * in order to help strengthen weak passwords.
-	 */
-	public String hash(String plaintext, String salt, int iterations) throws EncryptionException {
-		byte[] bytes = null;
-		try {
-			MessageDigest digest = MessageDigest.getInstance(hashAlgorithm);
-			digest.reset();
-			digest.update(ESAPI.securityConfiguration().getMasterSalt());
-			digest.update(salt.getBytes(encoding));
-			digest.update(plaintext.getBytes(encoding));
-
-			// rehash a number of times to help strengthen weak passwords
-			bytes = digest.digest();
-			for (int i = 0; i < iterations; i++) {
-				digest.reset();
-				bytes = digest.digest(bytes);
-			}
-			String encoded = ESAPI.encoder().encodeForBase64(bytes,false);
-			return encoded;
-		} catch (NoSuchAlgorithmException e) {
-			throw new EncryptionException("Internal error", "Can't find hash algorithm " + hashAlgorithm, e);
-		} catch (UnsupportedEncodingException ex) {
-			throw new EncryptionException("Internal error", "Can't find encoding for " + encoding, ex);
-		}
-	}
-
-	/**
-	* {@inheritDoc}
-	*/
-	 public CipherText encrypt(PlainText plaintext) throws EncryptionException {
-		 // Now more of a convenience function for using the master key.
-		 return encrypt(secretKeySpec, plaintext);
-	 }
-	 
-	 /**
-	  * {@inheritDoc}
-	  */
-	 public CipherText encrypt(SecretKey key, PlainText plain)
-	 			throws EncryptionException
-	 {
-		 if ( key == null ) {
-			 throw new IllegalArgumentException("(Master) encryption key arg may not be null. Is Encryptor.MasterKey set?");
-		 }
-		 if ( plain == null ) {
-			 throw new IllegalArgumentException("PlainText may arg not be null");
-		 }
-		 byte[] plaintext = plain.asBytes();
-		 boolean overwritePlaintext = ESAPI.securityConfiguration().overwritePlainText();
-
-		 boolean success = false;	// Used in 'finally' clause.
-		 String xform = null;
-		 int keySize = key.getEncoded().length * 8;	// Convert to # bits
-
-		try {
-			 xform = ESAPI.securityConfiguration().getCipherTransformation();
+     *
+     * Hashes the data using the specified algorithm and the Java MessageDigest class. This method
+     * first adds the salt, a separator (":"), and the data, and then rehashes the specified number of iterations
+     * in order to help strengthen weak passwords.
+     */
+    public String hash(String plaintext, String salt, int iterations) throws EncryptionException {
+        byte[] bytes = null;
+        try {
+            MessageDigest digest = MessageDigest.getInstance(hashAlgorithm);
+            digest.reset();
+            digest.update(ESAPI.securityConfiguration().getMasterSalt());
+            digest.update(salt.getBytes(encoding));
+            digest.update(plaintext.getBytes(encoding));
+
+            // rehash a number of times to help strengthen weak passwords
+            bytes = digest.digest();
+            for (int i = 0; i < iterations; i++) {
+                digest.reset();
+                bytes = digest.digest(bytes);
+            }
+            String encoded = ESAPI.encoder().encodeForBase64(bytes,false);
+            return encoded;
+        } catch (NoSuchAlgorithmException e) {
+            throw new EncryptionException("Internal error", "Can't find hash algorithm " + hashAlgorithm, e);
+        } catch (UnsupportedEncodingException ex) {
+            throw new EncryptionException("Internal error", "Can't find encoding for " + encoding, ex);
+        }
+    }
+
+    /**
+    * {@inheritDoc}
+    */
+     public CipherText encrypt(PlainText plaintext) throws EncryptionException {
+         // Now more of a convenience function for using the master key.
+         return encrypt(secretKeySpec, plaintext);
+     }
+
+     /**
+      * {@inheritDoc}
+      */
+     public CipherText encrypt(SecretKey key, PlainText plain)
+                throws EncryptionException
+     {
+         if ( key == null ) {
+             throw new IllegalArgumentException("(Master) encryption key arg may not be null. Is Encryptor.MasterKey set?");
+         }
+         if ( plain == null ) {
+             throw new IllegalArgumentException("PlainText may arg not be null");
+         }
+         byte[] plaintext = plain.asBytes();
+         boolean overwritePlaintext = ESAPI.securityConfiguration().overwritePlainText();
+
+         boolean success = false;   // Used in 'finally' clause.
+         String xform = null;
+         int keySize = key.getEncoded().length * 8; // Convert to # bits
+
+        try {
+             xform = ESAPI.securityConfiguration().getCipherTransformation();
              String[] parts = xform.split("/");
              if ( parts.length != 3 ) {
                  throw new ConfigurationException("Malformed cipher transformation: " + xform +
                                                   ". Should have format of cipher_alg/cipher_mode/padding_scheme.");
              }
              String cipherMode = parts[1];
-             
+
              // This way we can prevent modes like OFB and CFB where the IV should never
              // be repeated with the same encryption key (at least until we support
              // Encryptor.ChooseIVMethod=specified and allow us to specify some mechanism
@@ -389,19 +389,19 @@ public CipherText encrypt(SecretKey key, PlainText plain)
                              "Encryption failure: Cipher transformation " + xform + " specifies invalid " +
                              "cipher mode " + cipherMode);
              }
-             
-			 // Note - Cipher is not thread-safe so we create one locally
-			 //        Also, we need to change this eventually so other algorithms can
-			 //        be supported. Eventually, there will be an encrypt() method that
-			 //        takes a (new class) CryptoControls, as something like this:
-			 //          public CipherText encrypt(CryptoControls ctrl, SecretKey skey, PlainText plaintext)
-			 //        and this method will just call that one.
-			 Cipher encrypter = Cipher.getInstance(xform);
-			 String cipherAlg = encrypter.getAlgorithm();
+
+             // Note - Cipher is not thread-safe so we create one locally
+             //        Also, we need to change this eventually so other algorithms can
+             //        be supported. Eventually, there will be an encrypt() method that
+             //        takes a (new class) CryptoControls, as something like this:
+             //          public CipherText encrypt(CryptoControls ctrl, SecretKey skey, PlainText plaintext)
+             //        and this method will just call that one.
+             Cipher encrypter = Cipher.getInstance(xform);
+             String cipherAlg = encrypter.getAlgorithm();
 
              int minKeyLen = 112;   // Use for hard-coded default to support 2TDEA
              try {
-			    minKeyLen = ESAPI.securityConfiguration().getIntProp("Encryptor.MinEncryptionKeyLength");
+                minKeyLen = ESAPI.securityConfiguration().getIntProp("Encryptor.MinEncryptionKeyLength");
              } catch( Exception ex ) {
                  logger.warning(Logger.EVENT_FAILURE,
                          "Property 'Encryptor.MinEncryptionKeyLength' not properly set in ESAPI.properties file; using hard coded default of 112 for min key size for encryption.",
@@ -409,251 +409,251 @@ public CipherText encrypt(SecretKey key, PlainText plain)
                  ;  // Do NOT rethrow.
              }
 
-			 if ( keySize < minKeyLen ) {
+             if ( keySize < minKeyLen ) {
                  // NOTE: This used to just log a warning. It now logs an error & throws an exception.
                  //
-				 // ESAPI.EncryptionKeyLength defaults to 128. This means that someone wants to use ESAPI to
+                 // ESAPI.EncryptionKeyLength defaults to 128. This means that someone wants to use ESAPI to
                  // encrypt with something like 2-key TDES, they would have to set this to that property
                  // to 112 bits.
-				 logger.error(Logger.SECURITY_FAILURE, "Actual key size of " + keySize + " bits SMALLER THAN MINIMUM allowed " +
-						 "encryption key length (ESAPI.EncryptionKeyLength) of " + minKeyLen + " bits with cipher algorithm " + cipherAlg);
-				 throw new ConfigurationException("Actual key size of " + keySize + " bits smaller than specified " +
-				                                  "encryption key length (ESAPI.EncryptionKeyLength) of " + minKeyLen + " bits.");
-			 }
-			 if ( keySize < 112 ) {		// NIST Special Pub 800-57 considers 112-bits to be the minimally safe key size from 2010-2030.
-				 						// Note that 112 bits 'just happens' to be size of 2-key Triple DES! So for example, if they
+                 logger.error(Logger.SECURITY_FAILURE, "Actual key size of " + keySize + " bits SMALLER THAN MINIMUM allowed " +
+                         "encryption key length (ESAPI.EncryptionKeyLength) of " + minKeyLen + " bits with cipher algorithm " + cipherAlg);
+                 throw new ConfigurationException("Actual key size of " + keySize + " bits smaller than specified " +
+                                                  "encryption key length (ESAPI.EncryptionKeyLength) of " + minKeyLen + " bits.");
+             }
+             if ( keySize < 112 ) {     // NIST Special Pub 800-57 considers 112-bits to be the minimally safe key size from 2010-2030.
+                                        // Note that 112 bits 'just happens' to be size of 2-key Triple DES! So for example, if they
                                         // have configured ESAPI's Encryptor.EncryptionKeyLength to (say) 56 bits, we are going to
                                         // nag them like their mother! :)
-				 logger.warning(Logger.SECURITY_FAILURE, "Potentially insecure encryption. Key size of " + keySize + "bits " +
-				                "not sufficiently long for " + cipherAlg + ". Should use appropriate algorithm with key size " +
-				                "of *at least* 112 bits except when required by legacy apps. See NIST Special Pub 800-57.");
-			 }
-			 // Check if algorithm mentioned in SecretKey is same as that being used for Cipher object.
-			 // They should be the same. If they are different, things could fail. (E.g., DES and DESede
-			 // require keys with even parity. Even if key was sufficient size, if it didn't have the correct
-			 // parity it could fail.)
-			 //
-			 String skeyAlg = key.getAlgorithm();
-			 if ( !( cipherAlg.startsWith( skeyAlg + "/" ) || cipherAlg.equals( skeyAlg ) ) ) {
-				 // DISCUSS: Should we thrown a ConfigurationException here or just log a warning??? I'm game for
-				 //			 either, but personally I'd prefer the squeaky wheel to the annoying throwing of
-				 //			 a ConfigurationException (which is a RuntimeException). Less likely to upset
-				 //			 the development community.
-				 logger.warning(Logger.SECURITY_FAILURE, "Encryption mismatch between cipher algorithm (" +
-						 cipherAlg + ") and SecretKey algorithm (" + skeyAlg + "). Cipher will use algorithm " + cipherAlg);
-			 }
-
-			 byte[] ivBytes = null;
-			 CipherSpec cipherSpec = new CipherSpec(encrypter, keySize);	// Could pass the ACTUAL (intended) key size
-			 
+                 logger.warning(Logger.SECURITY_FAILURE, "Potentially insecure encryption. Key size of " + keySize + "bits " +
+                                "not sufficiently long for " + cipherAlg + ". Should use appropriate algorithm with key size " +
+                                "of *at least* 112 bits except when required by legacy apps. See NIST Special Pub 800-57.");
+             }
+             // Check if algorithm mentioned in SecretKey is same as that being used for Cipher object.
+             // They should be the same. If they are different, things could fail. (E.g., DES and DESede
+             // require keys with even parity. Even if key was sufficient size, if it didn't have the correct
+             // parity it could fail.)
+             //
+             String skeyAlg = key.getAlgorithm();
+             if ( !( cipherAlg.startsWith( skeyAlg + "/" ) || cipherAlg.equals( skeyAlg ) ) ) {
+                 // DISCUSS: Should we thrown a ConfigurationException here or just log a warning??? I'm game for
+                 //          either, but personally I'd prefer the squeaky wheel to the annoying throwing of
+                 //          a ConfigurationException (which is a RuntimeException). Less likely to upset
+                 //          the development community.
+                 logger.warning(Logger.SECURITY_FAILURE, "Encryption mismatch between cipher algorithm (" +
+                         cipherAlg + ") and SecretKey algorithm (" + skeyAlg + "). Cipher will use algorithm " + cipherAlg);
+             }
+
+             byte[] ivBytes = null;
+             CipherSpec cipherSpec = new CipherSpec(encrypter, keySize);    // Could pass the ACTUAL (intended) key size
+
              // Using cipher mode that supports *both* confidentiality *and* authenticity? If so, then
              // use the specified SecretKey as-is rather than computing a derived key from it. We also
              // don't expect a separate MAC in the specified CipherText object so therefore don't try
              // to validate it.
              boolean preferredCipherMode = CryptoHelper.isCombinedCipherMode( cipherMode );
              SecretKey encKey = null;
-			 if ( preferredCipherMode ) {
-			     encKey = key;
-			 } else {
-			     encKey = computeDerivedKey(KeyDerivationFunction.kdfVersion, getDefaultPRF(),
-			    		 				    key, keySize, "encryption");
-			 }
-			 
-			 if ( cipherSpec.requiresIV() ) {
-				 String ivType = ESAPI.securityConfiguration().getIVType();
-				 IvParameterSpec ivSpec = null;
-				 if ( ivType.equalsIgnoreCase("random") ) {
-					 ivBytes = ESAPI.randomizer().getRandomBytes(encrypter.getBlockSize());
-				 } else if ( ivType.equalsIgnoreCase("fixed") ) {
-					 String fixedIVAsHex = ESAPI.securityConfiguration().getFixedIV();
-					 ivBytes = Hex.decode(fixedIVAsHex);
-					 /* FUTURE		 } else if ( ivType.equalsIgnoreCase("specified")) {
-					 		// FUTURE - TODO  - Create instance of specified class to use for IV generation and
-					 		//					 use it to create the ivBytes. (The intent is to make sure that
-					 		//				     1) IVs are never repeated for cipher modes like OFB and CFB, and
-					 		//					 2) to screen for weak IVs for the particular cipher algorithm.
-					 		//		In meantime, use 'random' for block cipher in feedback mode. Unlikely they will
-					 		//		be repeated unless you are salting SecureRandom with same value each time. Anything
-					 		//		monotonically increasing should be suitable, like a counter, but need to remember
-					 		//		it across JVM restarts. Was thinking of using System.currentTimeMillis(). While
-					 		//		it's not perfect it probably is good enough. Could even all (advanced) developers
-					 		//      to define their own class to create a unique IV to allow them some choice, but
-					 		//      definitely need to provide a safe, default implementation.
-					  */
-				 } else {
-					 // TODO: Update to add 'specified' once that is supported and added above.
-					 throw new ConfigurationException("Property Encryptor.ChooseIVMethod must be set to 'random' or 'fixed'");
-				 }
-				 ivSpec = new IvParameterSpec(ivBytes);
-				 cipherSpec.setIV(ivBytes);
-				 encrypter.init(Cipher.ENCRYPT_MODE, encKey, ivSpec);
-			 } else {
-				 encrypter.init(Cipher.ENCRYPT_MODE, encKey);
-			 }
-			 logger.debug(Logger.EVENT_SUCCESS, "Encrypting with " + cipherSpec);
-			 byte[] raw = encrypter.doFinal(plaintext);
+             if ( preferredCipherMode ) {
+                 encKey = key;
+             } else {
+                 encKey = computeDerivedKey(KeyDerivationFunction.kdfVersion, getDefaultPRF(),
+                                            key, keySize, "encryption");
+             }
+
+             if ( cipherSpec.requiresIV() ) {
+                 String ivType = ESAPI.securityConfiguration().getIVType();
+                 IvParameterSpec ivSpec = null;
+                 if ( ivType.equalsIgnoreCase("random") ) {
+                     ivBytes = ESAPI.randomizer().getRandomBytes(encrypter.getBlockSize());
+                 } else if ( ivType.equalsIgnoreCase("fixed") ) {
+                     String fixedIVAsHex = ESAPI.securityConfiguration().getFixedIV();
+                     ivBytes = Hex.decode(fixedIVAsHex);
+                     /* FUTURE       } else if ( ivType.equalsIgnoreCase("specified")) {
+                            // FUTURE - TODO  - Create instance of specified class to use for IV generation and
+                            //                   use it to create the ivBytes. (The intent is to make sure that
+                            //                   1) IVs are never repeated for cipher modes like OFB and CFB, and
+                            //                   2) to screen for weak IVs for the particular cipher algorithm.
+                            //      In meantime, use 'random' for block cipher in feedback mode. Unlikely they will
+                            //      be repeated unless you are salting SecureRandom with same value each time. Anything
+                            //      monotonically increasing should be suitable, like a counter, but need to remember
+                            //      it across JVM restarts. Was thinking of using System.currentTimeMillis(). While
+                            //      it's not perfect it probably is good enough. Could even all (advanced) developers
+                            //      to define their own class to create a unique IV to allow them some choice, but
+                            //      definitely need to provide a safe, default implementation.
+                      */
+                 } else {
+                     // TODO: Update to add 'specified' once that is supported and added above.
+                     throw new ConfigurationException("Property Encryptor.ChooseIVMethod must be set to 'random' or 'fixed'");
+                 }
+                 ivSpec = new IvParameterSpec(ivBytes);
+                 cipherSpec.setIV(ivBytes);
+                 encrypter.init(Cipher.ENCRYPT_MODE, encKey, ivSpec);
+             } else {
+                 encrypter.init(Cipher.ENCRYPT_MODE, encKey);
+             }
+             logger.debug(Logger.EVENT_SUCCESS, "Encrypting with " + cipherSpec);
+             byte[] raw = encrypter.doFinal(plaintext);
                  // Convert to CipherText.
              CipherText ciphertext = new CipherText(cipherSpec, raw);
-			 
-			 // If we are using a "preferred" cipher mode--i.e., one that supports *both* confidentiality and
-			 // authenticity, there is no point to store a separate MAC in the CipherText object. Thus we only
+
+             // If we are using a "preferred" cipher mode--i.e., one that supports *both* confidentiality and
+             // authenticity, there is no point to store a separate MAC in the CipherText object. Thus we only
              // do this when we are not using such a cipher mode.
-			 if ( !preferredCipherMode ) {
-			     // Compute derived key, and then use it to compute and store separate MAC in CipherText object.
-			     SecretKey authKey = computeDerivedKey(KeyDerivationFunction.kdfVersion, getDefaultPRF(),
-			    		 							   key, keySize, "authenticity");
-			     ciphertext.computeAndStoreMAC(  authKey );
-			 }
-			 logger.debug(Logger.EVENT_SUCCESS, "JavaEncryptor.encrypt(SecretKey,byte[],boolean,boolean) -- success!");
-			 success = true;	// W00t!!!
-			 return ciphertext;
-		} catch (InvalidKeyException ike) {
-			 throw new EncryptionException("Encryption failure: Invalid key exception.",
-					 "Requested key size: " + keySize + "bits greater than 128 bits. Must install unlimited strength crypto extension from Sun: " +
-					 ike.getMessage(), ike);
-		 } catch (ConfigurationException cex) {
-			 throw new EncryptionException("Encryption failure: Configuration error. Details in log.", "Key size mismatch or unsupported IV method. " +
-					 "Check encryption key size vs. ESAPI.EncryptionKeyLength or Encryptor.ChooseIVMethod property.", cex);
-		 } catch (InvalidAlgorithmParameterException e) {
-			 throw new EncryptionException("Encryption failure (invalid IV)",
-					 "Encryption problem: Invalid IV spec: " + e.getMessage(), e);
-		 } catch (IllegalBlockSizeException e) {
-			 throw new EncryptionException("Encryption failure (no padding used; invalid input size)",
-					 "Encryption problem: Invalid input size without padding (" + xform + "). " + e.getMessage(), e);
-		 } catch (BadPaddingException e) {
-			 throw new EncryptionException("Encryption failure",
-					 "[Note: Should NEVER happen in encryption mode.] Encryption problem: " + e.getMessage(), e);
-		 } catch (NoSuchAlgorithmException e) {
-			 throw new EncryptionException("Encryption failure (unavailable cipher requested)",
-					 "Encryption problem: specified algorithm in cipher xform " + xform + " not available: " + e.getMessage(), e);
-		 } catch (NoSuchPaddingException e) {
-			 throw new EncryptionException("Encryption failure (unavailable padding scheme requested)",
-					 "Encryption problem: specified padding scheme in cipher xform " + xform + " not available: " + e.getMessage(), e);
-		 } finally {
-			 // Don't overwrite anything in the case of exceptions because they may wish to retry.
-			 if ( success && overwritePlaintext ) {
-				 plain.overwrite();		// Note: Same as overwriting 'plaintext' byte array.
+             if ( !preferredCipherMode ) {
+                 // Compute derived key, and then use it to compute and store separate MAC in CipherText object.
+                 SecretKey authKey = computeDerivedKey(KeyDerivationFunction.kdfVersion, getDefaultPRF(),
+                                                       key, keySize, "authenticity");
+                 ciphertext.computeAndStoreMAC(  authKey );
+             }
+             logger.debug(Logger.EVENT_SUCCESS, "JavaEncryptor.encrypt(SecretKey,byte[],boolean,boolean) -- success!");
+             success = true;    // W00t!!!
+             return ciphertext;
+        } catch (InvalidKeyException ike) {
+             throw new EncryptionException("Encryption failure: Invalid key exception.",
+                     "Requested key size: " + keySize + "bits greater than 128 bits. Must install unlimited strength crypto extension from Sun: " +
+                     ike.getMessage(), ike);
+         } catch (ConfigurationException cex) {
+             throw new EncryptionException("Encryption failure: Configuration error. Details in log.", "Key size mismatch or unsupported IV method. " +
+                     "Check encryption key size vs. ESAPI.EncryptionKeyLength or Encryptor.ChooseIVMethod property.", cex);
+         } catch (InvalidAlgorithmParameterException e) {
+             throw new EncryptionException("Encryption failure (invalid IV)",
+                     "Encryption problem: Invalid IV spec: " + e.getMessage(), e);
+         } catch (IllegalBlockSizeException e) {
+             throw new EncryptionException("Encryption failure (no padding used; invalid input size)",
+                     "Encryption problem: Invalid input size without padding (" + xform + "). " + e.getMessage(), e);
+         } catch (BadPaddingException e) {
+             throw new EncryptionException("Encryption failure",
+                     "[Note: Should NEVER happen in encryption mode.] Encryption problem: " + e.getMessage(), e);
+         } catch (NoSuchAlgorithmException e) {
+             throw new EncryptionException("Encryption failure (unavailable cipher requested)",
+                     "Encryption problem: specified algorithm in cipher xform " + xform + " not available: " + e.getMessage(), e);
+         } catch (NoSuchPaddingException e) {
+             throw new EncryptionException("Encryption failure (unavailable padding scheme requested)",
+                     "Encryption problem: specified padding scheme in cipher xform " + xform + " not available: " + e.getMessage(), e);
+         } finally {
+             // Don't overwrite anything in the case of exceptions because they may wish to retry.
+             if ( success && overwritePlaintext ) {
+                 plain.overwrite();     // Note: Same as overwriting 'plaintext' byte array.
              }
-	     }
+         }
     }
 
-	/**
-	* {@inheritDoc}
-	*/
-	public PlainText decrypt(CipherText ciphertext) throws EncryptionException {
-		 // Now more of a convenience function for using the master key.
-		 return decrypt(secretKeySpec, ciphertext);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public PlainText decrypt(SecretKey key, CipherText ciphertext)
-	    throws EncryptionException, IllegalArgumentException
-	{
-	    long start = System.nanoTime();  // Current time in nanosecs; used to prevent timing attacks
-	    if ( key == null ) {
-	        throw new IllegalArgumentException("SecretKey arg may not be null");
-	    }
-	    if ( ciphertext == null ) {
-	        throw new IllegalArgumentException("Ciphertext may arg not be null");
-	    }
-
-	    if ( ! CryptoHelper.isAllowedCipherMode(ciphertext.getCipherMode()) ) {
-	        // This really should be an illegal argument exception, but it could
-	        // mean that a partner encrypted something using a cipher mode that
-	        // you do not accept, so it's a bit more complex than that. Also
-	        // throwing an IllegalArgumentException doesn't allow us to provide
-	        // the two separate error messages or automatically log it.
-	        throw new EncryptionException(DECRYPTION_FAILED,
-	                "Invalid cipher mode " + ciphertext.getCipherMode() +
-	        " not permitted for decryption or encryption operations.");
-	    }
-	    logger.debug(Logger.EVENT_SUCCESS,
-	            "Args valid for JavaEncryptor.decrypt(SecretKey,CipherText): " +
-	            ciphertext);
-
-	    PlainText plaintext = null;
-	    boolean caughtException = false;
-	    int progressMark = 0;
-	    try {
-	        // First we validate the MAC.
-	        boolean valid = CryptoHelper.isCipherTextMACvalid(key, ciphertext);
-	        if ( !valid ) {
-	            try {
-	                // This is going to fail, but we want the same processing
-	                // to occur as much as possible so as to prevent timing
-	                // attacks. We _could_ just be satisfied by the additional
-	                // sleep in the 'finally' clause, but an attacker on the
-	                // same server who can run something like 'ps' can tell
-	                // CPU time versus when the process is sleeping. Hence we
-	                // try to make this as close as possible. Since we know
-	                // it is going to fail, we ignore the result and ignore
-	                // the (expected) exception.
-	                handleDecryption(key, ciphertext); // Ignore return (should fail).
-	            } catch(Exception ex) {
-	                ;   // Ignore
-	            }
-	            throw new EncryptionException(DECRYPTION_FAILED,
-	                    "Decryption failed because MAC invalid for " +
-	                    ciphertext);
-	        }
-	        progressMark++;
-	        // The decryption only counts if the MAC was valid.
-	        plaintext = handleDecryption(key, ciphertext);
-	        progressMark++;
-	    } catch(EncryptionException ex) {
-	        caughtException = true;
-	        String logMsg = null;
-	        switch( progressMark ) {
-	        case 1:
-	            logMsg = "Decryption failed because MAC invalid. See logged exception for details.";
-	            break;
-	        case 2:
-	            logMsg = "Decryption failed because handleDecryption() failed. See logged exception for details.";
-	            break;
-	        default:
-	            logMsg = "Programming error: unexpected progress mark == " + progressMark;
-	        break;
-	        }
-	        logger.error(Logger.SECURITY_FAILURE, logMsg);
-	        throw ex;           // Re-throw
-	    }
-	    finally {
-	        if ( caughtException ) {
-	            // The rest of this code is to try to account for any minute differences
-	            // in the time it might take for the various reasons that decryption fails
-	            // in order to prevent any other possible timing attacks. Perhaps it is
-	            // going overboard. If nothing else, if N_SECS is large enough, it might
-	            // deter attempted repeated attacks by making them take much longer.
-	            long now = System.nanoTime();
-	            long elapsed = now - start;
-	            final long NANOSECS_IN_SEC = 1000000000L; // nanosec is 10**-9 sec
-	            long nSecs = N_SECS * NANOSECS_IN_SEC;  // N seconds in nano seconds
-	            if ( elapsed < nSecs ) {
-	                // Want to sleep so total time taken is N seconds.
-	                long extraSleep = nSecs - elapsed;
-
-	                // 'extraSleep' is in nanoseconds. Need to convert to a millisec
-	                // part and nanosec part. Nanosec is 10**-9, millsec is
-	                // 10**-3, so divide by (10**-9 / 10**-3), or 10**6 to
-	                // convert to from nanoseconds to milliseconds.
-	                long millis = extraSleep / 1000000L;
-	                long nanos  = (extraSleep - (millis * 1000000L));
+    /**
+    * {@inheritDoc}
+    */
+    public PlainText decrypt(CipherText ciphertext) throws EncryptionException {
+         // Now more of a convenience function for using the master key.
+         return decrypt(secretKeySpec, ciphertext);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public PlainText decrypt(SecretKey key, CipherText ciphertext)
+        throws EncryptionException, IllegalArgumentException
+    {
+        long start = System.nanoTime();  // Current time in nanosecs; used to prevent timing attacks
+        if ( key == null ) {
+            throw new IllegalArgumentException("SecretKey arg may not be null");
+        }
+        if ( ciphertext == null ) {
+            throw new IllegalArgumentException("Ciphertext may arg not be null");
+        }
+
+        if ( ! CryptoHelper.isAllowedCipherMode(ciphertext.getCipherMode()) ) {
+            // This really should be an illegal argument exception, but it could
+            // mean that a partner encrypted something using a cipher mode that
+            // you do not accept, so it's a bit more complex than that. Also
+            // throwing an IllegalArgumentException doesn't allow us to provide
+            // the two separate error messages or automatically log it.
+            throw new EncryptionException(DECRYPTION_FAILED,
+                    "Invalid cipher mode " + ciphertext.getCipherMode() +
+                    " not permitted for decryption or encryption operations.");
+        }
+        logger.debug(Logger.EVENT_SUCCESS,
+                "Args valid for JavaEncryptor.decrypt(SecretKey,CipherText): " +
+                ciphertext);
+
+        PlainText plaintext = null;
+        boolean caughtException = false;
+        int progressMark = 0;
+        try {
+            // First we validate the MAC.
+            boolean valid = CryptoHelper.isCipherTextMACvalid(key, ciphertext);
+            if ( !valid ) {
+                try {
+                    // This is going to fail, but we want the same processing
+                    // to occur as much as possible so as to prevent timing
+                    // attacks. We _could_ just be satisfied by the additional
+                    // sleep in the 'finally' clause, but an attacker on the
+                    // same server who can run something like 'ps' can tell
+                    // CPU time versus when the process is sleeping. Hence we
+                    // try to make this as close as possible. Since we know
+                    // it is going to fail, we ignore the result and ignore
+                    // the (expected) exception.
+                    handleDecryption(key, ciphertext); // Ignore return (should fail).
+                } catch(Exception ex) {
+                    ;   // Ignore
+                }
+                throw new EncryptionException(DECRYPTION_FAILED,
+                        "Decryption failed because MAC invalid for " +
+                        ciphertext);
+            }
+            progressMark++;
+            // The decryption only counts if the MAC was valid.
+            plaintext = handleDecryption(key, ciphertext);
+            progressMark++;
+        } catch(EncryptionException ex) {
+            caughtException = true;
+            String logMsg = null;
+            switch( progressMark ) {
+            case 1:
+                logMsg = "Decryption failed because MAC invalid. See logged exception for details.";
+                break;
+            case 2:
+                logMsg = "Decryption failed because handleDecryption() failed. See logged exception for details.";
+                break;
+            default:
+                logMsg = "Programming error: unexpected progress mark == " + progressMark;
+            break;
+            }
+            logger.error(Logger.SECURITY_FAILURE, logMsg);
+            throw ex;           // Re-throw
+        }
+        finally {
+            if ( caughtException ) {
+                // The rest of this code is to try to account for any minute differences
+                // in the time it might take for the various reasons that decryption fails
+                // in order to prevent any other possible timing attacks. Perhaps it is
+                // going overboard. If nothing else, if N_SECS is large enough, it might
+                // deter attempted repeated attacks by making them take much longer.
+                long now = System.nanoTime();
+                long elapsed = now - start;
+                final long NANOSECS_IN_SEC = 1000000000L; // nanosec is 10**-9 sec
+                long nSecs = N_SECS * NANOSECS_IN_SEC;  // N seconds in nano seconds
+                if ( elapsed < nSecs ) {
+                    // Want to sleep so total time taken is N seconds.
+                    long extraSleep = nSecs - elapsed;
+
+                    // 'extraSleep' is in nanoseconds. Need to convert to a millisec
+                    // part and nanosec part. Nanosec is 10**-9, millsec is
+                    // 10**-3, so divide by (10**-9 / 10**-3), or 10**6 to
+                    // convert to from nanoseconds to milliseconds.
+                    long millis = extraSleep / 1000000L;
+                    long nanos  = (extraSleep - (millis * 1000000L));
 
                     // N_SECS is hard-coded so assertion should be okay here.
-	                assert nanos >= 0 && nanos <= Integer.MAX_VALUE :
+                    assert nanos >= 0 && nanos <= Integer.MAX_VALUE :
                             "Nanosecs out of bounds; nanos = " + nanos;
-	                try {
-	                    Thread.sleep(millis, (int)nanos);
-	                } catch(InterruptedException ex) {
-	                    ;   // Ignore
-	                }
-	            } // Else ... time already exceeds N_SECS sec, so do not sleep.
-	        }
-	    }
-	    return plaintext;
-	}
+                    try {
+                        Thread.sleep(millis, (int)nanos);
+                    } catch(InterruptedException ex) {
+                        ;   // Ignore
+                    }
+                } // Else ... time already exceeds N_SECS sec, so do not sleep.
+            }
+        }
+        return plaintext;
+    }
 
     // Handle the actual decryption portion. At this point it is assumed that
     // any MAC has already been validated. (But see "DISCUSS" issue, below.)
@@ -677,19 +677,19 @@ private PlainText handleDecryption(SecretKey key, CipherText ciphertext)
                 // TODO: PERFORMANCE: Calculate avg time this takes and consider caching for very short interval
                 //       (e.g., 2 to 5 sec tops). Otherwise doing lots of encryptions in a loop could take a LOT longer.
                 //       But remember Jon Bentley's "Rule #1 on performance: First make it right, then make it fast."
-            	//		 This would be a security trade-off as it would leave keys in memory a bit longer, so it
-            	//		 should probably be off by default and controlled via a property.
-            	//
-            	// TODO: Feed in some additional parms here to use as the 'context' for the
-            	//		 KeyDerivationFunction...especially the KDF version. We would have to
-            	//		 store that in the CipherText object. We *possibly* could make it
-            	//		 transient so it would not be serialized with the CipherText object,
-            	//		 otherwise we would have to implement readObject() and writeObject()
-            	//		 methods there to support backward compatibility. Anyhow the intent
-            	//		 is to prevent down grade attacks when we finally re-design and
-            	//		 re-implement the MAC. Think about this in version 2.1.1.
+                //       This would be a security trade-off as it would leave keys in memory a bit longer, so it
+                //       should probably be off by default and controlled via a property.
+                //
+                // TODO: Feed in some additional parms here to use as the 'context' for the
+                //       KeyDerivationFunction...especially the KDF version. We would have to
+                //       store that in the CipherText object. We *possibly* could make it
+                //       transient so it would not be serialized with the CipherText object,
+                //       otherwise we would have to implement readObject() and writeObject()
+                //       methods there to support backward compatibility. Anyhow the intent
+                //       is to prevent down grade attacks when we finally re-design and
+                //       re-implement the MAC. Think about this in version 2.1.1.
                 encKey = computeDerivedKey( ciphertext.getKDFVersion(), ciphertext.getKDF_PRF(),
-                		                    key, keySize, "encryption");
+                                            key, keySize, "encryption");
             }
             if ( ciphertext.requiresIV() ) {
                 decrypter.init(Cipher.DECRYPT_MODE, encKey, new IvParameterSpec(ciphertext.getIV()));
@@ -713,16 +713,16 @@ private PlainText handleDecryption(SecretKey key, CipherText ciphertext)
         } catch (IllegalBlockSizeException e) {
             throw new EncryptionException(DECRYPTION_FAILED, "Decryption problem: " + e.getMessage(), e);
         } catch (BadPaddingException e) {
-            //DISCUSS: This needs fixed. Already validated MAC in CryptoHelper.isCipherTextMACvalid() above.
-            //So only way we could get a padding exception is if invalid padding were used originally by
-            //the party doing the encryption. (This might happen with a buggy padding scheme for instance.)
-            //It *seems* harmless though, so will leave it for now, and technically, we need to either catch it
-            //or declare it in a throws class. Clearly we don't want to do the later. This should be discussed
-            //during a code inspection.
+            // DISCUSS: This needs fixed. Already validated MAC in CryptoHelper.isCipherTextMACvalid() above.
+            // So only way we could get a padding exception is if invalid padding were used originally by
+            // the party doing the encryption. (This might happen with a buggy padding scheme for instance.)
+            // It *seems* harmless though, so will leave it for now, and technically, we need to either catch it
+            // or declare it in a throws class. Clearly we don't want to do the later. This should be discussed
+            // during a code inspection.
             SecretKey authKey;
             try {
                 authKey = computeDerivedKey( ciphertext.getKDFVersion(), ciphertext.getKDF_PRF(),
-                		                     key, keySize, "authenticity");
+                                             key, keySize, "authenticity");
             } catch (Exception e1) {
                 throw new EncryptionException(DECRYPTION_FAILED,
                         "Decryption problem -- failed to compute derived key for authenticity: " + e1.getMessage(), e1);
@@ -737,187 +737,187 @@ private PlainText handleDecryption(SecretKey key, CipherText ciphertext)
             }
         }
     }
-	
-	/**
-	* {@inheritDoc}
-	*/
-	public String sign(String data) throws EncryptionException {
-		try {
-			Signature signer = Signature.getInstance(signatureAlgorithm);
-			signer.initSign(privateKey);
-			signer.update(data.getBytes(encoding));
-			byte[] bytes = signer.sign();
-			return ESAPI.encoder().encodeForBase64(bytes, false);
-		} catch (InvalidKeyException ike) {
-			throw new EncryptionException("Encryption failure", "Must install unlimited strength crypto extension from Sun", ike);
-		} catch (Exception e) {
-			throw new EncryptionException("Signature failure", "Can't find signature algorithm " + signatureAlgorithm, e);
-		}
-	}
-		
-	/**
-	* {@inheritDoc}
-	*/
-	public boolean verifySignature(String signature, String data) {
-		try {
-			byte[] bytes = ESAPI.encoder().decodeFromBase64(signature);
-			Signature signer = Signature.getInstance(signatureAlgorithm);
-			signer.initVerify(publicKey);
-			signer.update(data.getBytes(encoding));
-			return signer.verify(bytes);
-		} catch (Exception e) {
-		    // NOTE: EncryptionException constructed *only* for side-effect of causing logging.
-		    // FindBugs complains about this and since it examines byte-code, there's no way to
-		    // shut it up.
-			new EncryptionException("Invalid signature", "Problem verifying signature: " + e.getMessage(), e);
-			return false;
-		}
-	}
-
-	/**
-	* {@inheritDoc}
+
+    /**
+    * {@inheritDoc}
+    */
+    public String sign(String data) throws EncryptionException {
+        try {
+            Signature signer = Signature.getInstance(signatureAlgorithm);
+            signer.initSign(privateKey);
+            signer.update(data.getBytes(encoding));
+            byte[] bytes = signer.sign();
+            return ESAPI.encoder().encodeForBase64(bytes, false);
+        } catch (InvalidKeyException ike) {
+            throw new EncryptionException("Encryption failure", "Must install unlimited strength crypto extension from Sun", ike);
+        } catch (Exception e) {
+            throw new EncryptionException("Signature failure", "Can't find signature algorithm " + signatureAlgorithm, e);
+        }
+    }
+
+    /**
+    * {@inheritDoc}
+    */
+    public boolean verifySignature(String signature, String data) {
+        try {
+            byte[] bytes = ESAPI.encoder().decodeFromBase64(signature);
+            Signature signer = Signature.getInstance(signatureAlgorithm);
+            signer.initVerify(publicKey);
+            signer.update(data.getBytes(encoding));
+            return signer.verify(bytes);
+        } catch (Exception e) {
+            // NOTE: EncryptionException constructed *only* for side-effect of causing logging.
+            // FindBugs complains about this and since it examines byte-code, there's no way to
+            // shut it up.
+            new EncryptionException("Invalid signature", "Problem verifying signature: " + e.getMessage(), e);
+            return false;
+        }
+    }
+
+    /**
+    * {@inheritDoc}
      *
      * @param expiration
      * @throws IntegrityException
      */
-	public String seal(String data, long expiration) throws IntegrityException {
-	    if ( data == null ) {
-	        throw new IllegalArgumentException("Data to be sealed may not be null.");
-	    }
-	    
-		try {
-		    String b64data = null;
+    public String seal(String data, long expiration) throws IntegrityException {
+        if ( data == null ) {
+            throw new IllegalArgumentException("Data to be sealed may not be null.");
+        }
+
+        try {
+            String b64data = null;
             try {
                 b64data = ESAPI.encoder().encodeForBase64(data.getBytes("UTF-8"), false);
             } catch (UnsupportedEncodingException e) {
                 ; // Ignore; should never happen since UTF-8 built into rt.jar
             }
-			// mix in some random data so even identical data and timestamp produces different seals
-			String nonce = ESAPI.randomizer().getRandomString(10, EncoderConstants.CHAR_ALPHANUMERICS);
-			String plaintext = expiration + ":" + nonce + ":" + b64data;
-			// add integrity check; signature is already base64 encoded.
-			String sig = this.sign( plaintext );
-			CipherText ciphertext = this.encrypt( new PlainText(plaintext + ":" + sig) );
-			String sealedData = ESAPI.encoder().encodeForBase64(ciphertext.asPortableSerializedByteArray(), false);
-			return sealedData;
-		} catch( EncryptionException e ) {
-			throw new IntegrityException( e.getUserMessage(), e.getLogMessage(), e );
-		}
-	}
-
-	/**
-	* {@inheritDoc}
-	*/
-	public String unseal(String seal) throws EncryptionException {
-		PlainText plaintext = null;
-		try {
-		    byte[] encryptedBytes = ESAPI.encoder().decodeFromBase64(seal);
-		    CipherText cipherText = null;
-		    try {
-		        cipherText = CipherText.fromPortableSerializedBytes(encryptedBytes);
-		    } catch( AssertionError e) {
-	            // Some of the tests in EncryptorTest.testVerifySeal() are examples of
-		        // this if assertions are enabled, but otherwise it should not
+            // mix in some random data so even identical data and timestamp produces different seals
+            String nonce = ESAPI.randomizer().getRandomString(10, EncoderConstants.CHAR_ALPHANUMERICS);
+            String plaintext = expiration + ":" + nonce + ":" + b64data;
+            // add integrity check; signature is already base64 encoded.
+            String sig = this.sign( plaintext );
+            CipherText ciphertext = this.encrypt( new PlainText(plaintext + ":" + sig) );
+            String sealedData = ESAPI.encoder().encodeForBase64(ciphertext.asPortableSerializedByteArray(), false);
+            return sealedData;
+        } catch( EncryptionException e ) {
+            throw new IntegrityException( e.getUserMessage(), e.getLogMessage(), e );
+        }
+    }
+
+    /**
+    * {@inheritDoc}
+    */
+    public String unseal(String seal) throws EncryptionException {
+        PlainText plaintext = null;
+        try {
+            byte[] encryptedBytes = ESAPI.encoder().decodeFromBase64(seal);
+            CipherText cipherText = null;
+            try {
+                cipherText = CipherText.fromPortableSerializedBytes(encryptedBytes);
+            } catch( AssertionError e) {
+                // Some of the tests in EncryptorTest.testVerifySeal() are examples of
+                // this if assertions are enabled, but otherwise it should not
                 // normally happen.
-		        throw new EncryptionException("Invalid seal",
-	                                          "Seal passed garbarge data resulting in AssertionError: " + e);
-	        }
-			plaintext = this.decrypt(cipherText);
-
-			String[] parts = plaintext.toString().split(":");
-			if (parts.length != 4) {
-				throw new EncryptionException("Invalid seal", "Seal was not formatted properly.");
-			}
-	
-			String timestring = parts[0];
-			long now = new Date().getTime();
-			long expiration = Long.parseLong(timestring);
-			if (now > expiration) {
-				throw new EncryptionException("Invalid seal", "Seal expiration date of " + new Date(expiration) + " has past.");
-			}
-			String nonce = parts[1];
-			String b64data = parts[2];
-			String sig = parts[3];
-			if (!this.verifySignature(sig, timestring + ":" + nonce + ":" + b64data ) ) {
-				throw new EncryptionException("Invalid seal", "Seal integrity check failed");
-			}	
-			return new String(ESAPI.encoder().decodeFromBase64(b64data), "UTF-8");
-		} catch (EncryptionException e) {
-			throw e;
-		} catch (Exception e) {
-			throw new EncryptionException("Invalid seal", "Invalid seal:" + e.getMessage(), e);
-		}
-	}
-
-	
-	/**
-	* {@inheritDoc}
-	*/
-	public boolean verifySeal( String seal ) {
-		try {
-			unseal( seal );
-			return true;
-		} catch( EncryptionException e ) {
-			return false;
-		}
-	}
-	
-	/**
-	* {@inheritDoc}
-	*/
-	public long getTimeStamp() {
-		return new Date().getTime();
-	}
-
-	/**
-	* {@inheritDoc}
-	*/
-	public long getRelativeTimeStamp( long offset ) {
-		return new Date().getTime() + offset;
-	}
-
-	// DISCUSS: Why experimental? Would have to be added to Encryptor interface
-	//			but only 3 things I saw wrong with this was 1) it used HMacMD5 instead
-	//			of HMacSHA1 (see discussion below), 2) that the HMac key is the
-	//			same one used for encryption (also see comments), and 3) it caught
-	//			overly broad exceptions. Here it is with these specific areas
-	//			addressed, but no unit testing has been done at this point. -kww
+                throw new EncryptionException("Invalid seal",
+                                              "Seal passed garbarge data resulting in AssertionError: " + e);
+            }
+            plaintext = this.decrypt(cipherText);
+
+            String[] parts = plaintext.toString().split(":");
+            if (parts.length != 4) {
+                throw new EncryptionException("Invalid seal", "Seal was not formatted properly.");
+            }
+
+            String timestring = parts[0];
+            long now = new Date().getTime();
+            long expiration = Long.parseLong(timestring);
+            if (now > expiration) {
+                throw new EncryptionException("Invalid seal", "Seal expiration date of " + new Date(expiration) + " has past.");
+            }
+            String nonce = parts[1];
+            String b64data = parts[2];
+            String sig = parts[3];
+            if (!this.verifySignature(sig, timestring + ":" + nonce + ":" + b64data ) ) {
+                throw new EncryptionException("Invalid seal", "Seal integrity check failed");
+            }
+            return new String(ESAPI.encoder().decodeFromBase64(b64data), "UTF-8");
+        } catch (EncryptionException e) {
+            throw e;
+        } catch (Exception e) {
+            throw new EncryptionException("Invalid seal", "Invalid seal:" + e.getMessage(), e);
+        }
+    }
+
+
+    /**
+    * {@inheritDoc}
+    */
+    public boolean verifySeal( String seal ) {
+        try {
+            unseal( seal );
+            return true;
+        } catch( EncryptionException e ) {
+            return false;
+        }
+    }
+
+    /**
+    * {@inheritDoc}
+    */
+    public long getTimeStamp() {
+        return new Date().getTime();
+    }
+
+    /**
+    * {@inheritDoc}
+    */
+    public long getRelativeTimeStamp( long offset ) {
+        return new Date().getTime() + offset;
+    }
+
+    // DISCUSS: Why experimental? Would have to be added to Encryptor interface
+    //          but only 3 things I saw wrong with this was 1) it used HMacMD5 instead
+    //          of HMacSHA1 (see discussion below), 2) that the HMac key is the
+    //          same one used for encryption (also see comments), and 3) it caught
+    //          overly broad exceptions. Here it is with these specific areas
+    //          addressed, but no unit testing has been done at this point. -kww
    /**
     * Compute an HMAC for a String.  Experimental.
-    * @param input	The input for which to compute the HMac.
+    * @param input  The input for which to compute the HMac.
     */
 /********************
-	public String computeHMAC( String input ) throws EncryptionException {
-		try {
-			Mac hmac = Mac.getInstance("HMacSHA1"); // DISCUSS: Changed to HMacSHA1. MD5 *badly* broken
-												   //          SHA1 should really be avoided, but using
-												   //		   for HMAC-SHA1 is acceptable for now. Plan
-												   //		   to migrate to SHA-256 or NIST replacement for
-												   //		   SHA1 in not too distant future.
-			// DISCUSS: Also not recommended that the HMac key is the same as the one
-			//			used for encryption (namely, Encryptor.MasterKey). If anything it
-			//			would be better to use Encryptor.MasterSalt for the HMac key, or
-			//			perhaps a derived key based on the master salt. (One could use
-			//			KeyDerivationFunction.computeDerivedKey().)
-			//
-			byte[] salt = ESAPI.securityConfiguration().getMasterSalt();
-			hmac.init( new SecretKeySpec(salt, "HMacSHA1") );	// Was:	hmac.init(secretKeySpec)	
-			byte[] inBytes;
-			try {
-				inBytes = input.getBytes("UTF-8");
-			} catch (UnsupportedEncodingException e) {
-				logger.warning(Logger.SECURITY_FAILURE, "computeHMAC(): Can't find UTF-8 encoding; using default encoding", e);
-				inBytes = input.getBytes();
-			}
-			byte[] bytes = hmac.doFinal( inBytes );
-			return ESAPI.encoder().encodeForBase64(bytes, false);
-		} catch (InvalidKeyException ike) {
-			throw new EncryptionException("Encryption failure", "Must install unlimited strength crypto extension from Sun", ike);
-	    } catch (NoSuchAlgorithmException e) {
-	    	throw new EncryptionException("Could not compute HMAC", "Can't find HMacSHA1 algorithm. " +
-	    															"Problem computing HMAC for " + input, e );
-	    }
-	}
+    public String computeHMAC( String input ) throws EncryptionException {
+        try {
+            Mac hmac = Mac.getInstance("HMacSHA1"); // DISCUSS: Changed to HMacSHA1. MD5 *badly* broken
+                                                   //          SHA1 should really be avoided, but using
+                                                   //          for HMAC-SHA1 is acceptable for now. Plan
+                                                   //          to migrate to SHA-256 or NIST replacement for
+                                                   //          SHA1 in not too distant future.
+            // DISCUSS: Also not recommended that the HMac key is the same as the one
+            //          used for encryption (namely, Encryptor.MasterKey). If anything it
+            //          would be better to use Encryptor.MasterSalt for the HMac key, or
+            //          perhaps a derived key based on the master salt. (One could use
+            //          KeyDerivationFunction.computeDerivedKey().)
+            //
+            byte[] salt = ESAPI.securityConfiguration().getMasterSalt();
+            hmac.init( new SecretKeySpec(salt, "HMacSHA1") );   // Was: hmac.init(secretKeySpec)
+            byte[] inBytes;
+            try {
+                inBytes = input.getBytes("UTF-8");
+            } catch (UnsupportedEncodingException e) {
+                logger.warning(Logger.SECURITY_FAILURE, "computeHMAC(): Can't find UTF-8 encoding; using default encoding", e);
+                inBytes = input.getBytes();
+            }
+            byte[] bytes = hmac.doFinal( inBytes );
+            return ESAPI.encoder().encodeForBase64(bytes, false);
+        } catch (InvalidKeyException ike) {
+            throw new EncryptionException("Encryption failure", "Must install unlimited strength crypto extension from Sun", ike);
+        } catch (NoSuchAlgorithmException e) {
+            throw new EncryptionException("Could not compute HMAC", "Can't find HMacSHA1 algorithm. " +
+                                                                    "Problem computing HMAC for " + input, e );
+        }
+    }
 ********************/
 
     /**
@@ -926,7 +926,7 @@ public String computeHMAC( String input ) throws EncryptionException {
      * may be changed via the system property
      * {@code ESAPI.Encryptor.warnEveryNthUse}.) In other words, we nag
      * them until the give in and change it. ;-)
-     * 
+     *
      * @param where The string "encrypt" or "decrypt", corresponding to the
      *              method that is being logged.
      * @param msg   The message to log.
@@ -949,54 +949,54 @@ private void logWarning(String where, String msg) {
             logger.warning(Logger.SECURITY_FAILURE, where + msg);
         }
     }
-    
-    private KeyDerivationFunction.PRF_ALGORITHMS getPRF(String name) {    	
-		String prfName = null;
-		if ( name == null ) {
-			prfName = ESAPI.securityConfiguration().getKDFPseudoRandomFunction();
-		} else {
-			prfName = name;
-		}
-		KeyDerivationFunction.PRF_ALGORITHMS prf = KeyDerivationFunction.convertNameToPRF(prfName);
-		return prf;
+
+    private KeyDerivationFunction.PRF_ALGORITHMS getPRF(String name) {
+        String prfName = null;
+        if ( name == null ) {
+            prfName = ESAPI.securityConfiguration().getKDFPseudoRandomFunction();
+        } else {
+            prfName = name;
+        }
+        KeyDerivationFunction.PRF_ALGORITHMS prf = KeyDerivationFunction.convertNameToPRF(prfName);
+        return prf;
     }
-    
+
     private KeyDerivationFunction.PRF_ALGORITHMS getDefaultPRF() {
-		String prfName = ESAPI.securityConfiguration().getKDFPseudoRandomFunction();
-		return getPRF(prfName);
+        String prfName = ESAPI.securityConfiguration().getKDFPseudoRandomFunction();
+        return getPRF(prfName);
     }
-    
+
     // Private interface to call ESAPI's KDF to get key for encryption or authenticity.
     private SecretKey computeDerivedKey(int kdfVersion, KeyDerivationFunction.PRF_ALGORITHMS prf,
-    									SecretKey kdk, int keySize, String purpose)
-    	throws NoSuchAlgorithmException, InvalidKeyException, EncryptionException
+                                        SecretKey kdk, int keySize, String purpose)
+        throws NoSuchAlgorithmException, InvalidKeyException, EncryptionException
     {
-    	// These really should be turned into actual runtime checks and an
-    	// IllegalArgumentException should be thrown if they are violated.
-    	// But this should be OK since this is a private method. Also, this method will
-    	// be called quite often so assertions are a big win as they can be disabled or
-    	// enabled at will.
-    	assert prf != null : "Pseudo Random Function for KDF cannot be null";
-    	assert kdk != null : "Key derivation key cannot be null.";
-    	// We would choose a larger minimum key size, but we want to be
-    	// able to accept DES for legacy encryption needs. NIST says 112-bits is min. If less than that,
-    	// we print warning.
-    	assert keySize >= 56 : "Key has size of " + keySize + ", which is less than absolute minimum of 56-bits.";
-    	assert (keySize % 8) == 0 : "Key size (" + keySize + ") must be a even multiple of 8-bits.";
+        // These really should be turned into actual runtime checks and an
+        // IllegalArgumentException should be thrown if they are violated.
+        // But this should be OK since this is a private method. Also, this method will
+        // be called quite often so assertions are a big win as they can be disabled or
+        // enabled at will.
+        assert prf != null : "Pseudo Random Function for KDF cannot be null";
+        assert kdk != null : "Key derivation key cannot be null.";
+        // We would choose a larger minimum key size, but we want to be
+        // able to accept DES for legacy encryption needs. NIST says 112-bits is min. If less than that,
+        // we print warning.
+        assert keySize >= 56 : "Key has size of " + keySize + ", which is less than absolute minimum of 56-bits.";
+        assert (keySize % 8) == 0 : "Key size (" + keySize + ") must be a even multiple of 8-bits.";
 
         // However, this one we want as a runtime check because we don't have this check
         // in KeyDerivationFunction.computeDerivedKey() as we want that method
         // to be more general.
-    	if ( !( purpose.equals("encryption") || purpose.equals("authenticity") ) ) {
+        if ( !( purpose.equals("encryption") || purpose.equals("authenticity") ) ) {
             String exMsg = "Programming error in ESAPI?? 'purpose' for computeDerivedKey() must be \"encryption\" or \"authenticity\".";
-    		throw new EncryptionException(exMsg, exMsg);
+            throw new EncryptionException(exMsg, exMsg);
         }
 
-    	KeyDerivationFunction kdf = new KeyDerivationFunction(prf);
-    	if ( kdfVersion != 0 ) {
-    		kdf.setVersion(kdfVersion);
-    	}
-    	return kdf.computeDerivedKey(kdk, keySize, purpose);
+        KeyDerivationFunction kdf = new KeyDerivationFunction(prf);
+        if ( kdfVersion != 0 ) {
+            kdf.setVersion(kdfVersion);
+        }
+        return kdf.computeDerivedKey(kdk, keySize, purpose);
     }
 
     // Get all the algorithms we will be using from ESAPI.properties.
@@ -1011,7 +1011,7 @@ private static void setupAlgorithms() {
         encryptionKeyLength = ESAPI.securityConfiguration().getEncryptionKeyLength();
         signatureKeyLength = ESAPI.securityConfiguration().getDigitalSignatureKeyLength();
     }
-    
+
     // Set up signing key pair using the master password and salt. Called (once)
     // from the JavaEncryptor CTOR.
     private static void initKeyPair(SecureRandom prng) throws NoSuchAlgorithmException {

From a27c36aaeeb9f6d95a873d28021fc99b471b5bda Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 14 Jul 2019 18:42:32 -0400
Subject: [PATCH 573/812] Added KDF PRF & version to toString() method to make
 it complete.

---
 src/main/java/org/owasp/esapi/crypto/CipherText.java | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/crypto/CipherText.java b/src/main/java/org/owasp/esapi/crypto/CipherText.java
index aacf488a9..fe13a3df6 100644
--- a/src/main/java/org/owasp/esapi/crypto/CipherText.java
+++ b/src/main/java/org/owasp/esapi/crypto/CipherText.java
@@ -697,9 +697,12 @@ public String toString() {
         int n = getRawCipherTextByteLength();
         String rawCipherText = (( n > 0 ) ? "present (" + n + " bytes)" : "absent");
         String mac = (( separate_mac_ != null ) ? "present" : "absent");
-        sb.append("Creation time: ").append(creationTime);
-        sb.append(", raw ciphertext is ").append(rawCipherText);
-        sb.append(", MAC is ").append(mac).append("; ");
+
+        sb.append("KDF Version: ").append( kdfVersion_ );
+        sb.append(", KDF PRF: ").append( kdfPRFAsInt() );
+        sb.append("; Creation time: ").append(creationTime);
+        sb.append("; raw ciphertext is ").append(rawCipherText);
+        sb.append("; MAC is ").append(mac).append("; ");
         sb.append( cipherSpec_.toString() );
         return sb.toString();
     }

From 591e03441bcc5c33a5eabc20e2f656044be1fa58 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 14 Jul 2019 22:34:46 -0400
Subject: [PATCH 574/812] Change required by tweak to CipherText.toString()
 method.

---
 .../java/org/owasp/esapi/crypto/SecurityProviderLoaderTest.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/test/java/org/owasp/esapi/crypto/SecurityProviderLoaderTest.java b/src/test/java/org/owasp/esapi/crypto/SecurityProviderLoaderTest.java
index cba2da0ae..5db8aeb82 100644
--- a/src/test/java/org/owasp/esapi/crypto/SecurityProviderLoaderTest.java
+++ b/src/test/java/org/owasp/esapi/crypto/SecurityProviderLoaderTest.java
@@ -128,7 +128,7 @@ public final void testWithBouncyCastle() {
             // validate this, so we look at the String representation of this CipherText
             // object and pick it out of there.
             String str = ct.toString();
-            assertTrue( str.matches(".*, MAC is absent;.*") );
+            assertTrue( str.matches(".*; MAC is absent;.*") );
         } catch (EncryptionException e) {
             fail("Encryption w/ Bouncy Castle failed with EncryptionException for preferred " +
                  "cipher transformation; exception was: " + e);

From 051d742c444b7e28bf4adab9d2091599c486036e Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 14 Jul 2019 22:42:45 -0400
Subject: [PATCH 575/812] Add more javadoc on a private method.

---
 src/main/java/org/owasp/esapi/crypto/CipherText.java | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/main/java/org/owasp/esapi/crypto/CipherText.java b/src/main/java/org/owasp/esapi/crypto/CipherText.java
index fe13a3df6..8e57f03e7 100644
--- a/src/main/java/org/owasp/esapi/crypto/CipherText.java
+++ b/src/main/java/org/owasp/esapi/crypto/CipherText.java
@@ -795,6 +795,15 @@ protected boolean canEqual(Object other) {
      * <pre>
      *      HMAC-SHA1(nonce, IV + plaintext)
      * </pre>
+     * Note that <i>only</i> HMAC-SHA1 is used for the MAC calcuation. Unlike
+     * the PRF used for derived key generation in the {@code KeyDerivationFunction}
+     * class, the user cannot change the algorithm used to compute the MAC itself.
+     * One reason for that is that we don't want the MAC value to be excessively
+     * long; 128 bits is already quite long when only encrypting short strings.
+     * Also while the NSA reviewed this and were okay with it, Bellare, Canetti & Krawczyk
+     * proved in 1996 [see http://pssic.free.fr/Extra%20Reading/SEC+/SEC+/hmac-cb.pdf] that
+     * HMAC security doesn’t require that the underlying hash function be collision resistant,
+     * but only that it acts as a pseudo-random function, which SHA1 satisfies.
      * @param ciphertext    The ciphertext value for which the MAC is computed.
      * @return The value for the MAC.
      */ 

From 363156a82f208e848e2716ac58e4ca72685fbbd6 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 14 Jul 2019 22:47:22 -0400
Subject: [PATCH 576/812] Removed call to deprecated
 CryptoHelper.computeDerivedKey() method.

---
 src/test/java/org/owasp/esapi/crypto/CipherTextTest.java | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/crypto/CipherTextTest.java b/src/test/java/org/owasp/esapi/crypto/CipherTextTest.java
index cb2f22b97..b3a6b5587 100644
--- a/src/test/java/org/owasp/esapi/crypto/CipherTextTest.java
+++ b/src/test/java/org/owasp/esapi/crypto/CipherTextTest.java
@@ -191,9 +191,8 @@ public final void testMIC() {
 	        encryptor.init(Cipher.ENCRYPT_MODE, key, ivSpec);
 	        byte[] raw = encryptor.doFinal("This is my secret message!!!".getBytes("UTF8"));
 	        CipherText ciphertext = new CipherText(cipherSpec, raw);
-	        	// TODO: Replace this w/ call to KeyDerivationFunction as this is
-	        	//		 deprecated! Shame on me!
-	        SecretKey authKey = CryptoHelper.computeDerivedKey(key, key.getEncoded().length * 8, "authenticity");
+		    KeyDerivationFunction kdf = new KeyDerivationFunction( KeyDerivationFunction.PRF_ALGORITHMS.HmacSHA1 );
+	        SecretKey authKey = kdf.computeDerivedKey(key, key.getEncoded().length * 8, "authenticity");
 	        ciphertext.computeAndStoreMAC( authKey );
 //          System.err.println("Original ciphertext being serialized: " + ciphertext);
 	        byte[] serializedBytes = ciphertext.asPortableSerializedByteArray();

From 1ca26f5c60f7e7a4afd007665615f2a4248c27ed Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 14 Jul 2019 22:49:11 -0400
Subject: [PATCH 577/812] Replaced call to deprecated
 CryptoHelper.computeDerivedKey(). Comment clean-up.

---
 .../org/owasp/esapi/crypto/CryptoHelper.java  | 21 +++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/crypto/CryptoHelper.java b/src/main/java/org/owasp/esapi/crypto/CryptoHelper.java
index 4ba553911..11a6bcb9f 100644
--- a/src/main/java/org/owasp/esapi/crypto/CryptoHelper.java
+++ b/src/main/java/org/owasp/esapi/crypto/CryptoHelper.java
@@ -126,18 +126,23 @@ public static SecretKey generateSecretKey(String alg, int keySize)
 	 * 						this is thrown with the original {@code UnsupportedEncodingException}
 	 * 						as the cause. (NOTE: This should never happen as "UTF-8" is supposed to
 	 * 						be a common encoding supported by all Java implementations. Support
-	 * 					    for it is usually in rt.jar.)
+	 * 					    for it is usually in rt.jar.) This exception is also thrown if the
+     * 					    requested {@code keySize} parameter exceeds the length of the number of
+     * 					    bytes provded in the {@code keyDerivationKey} parameter.
 	 * @throws InvalidKeyException 	Likely indicates a coding error. Should not happen.
 	 * @throws EncryptionException  Throw for some precondition violations.
-	 * @deprecated Use{@code KeyDerivationFunction} instead. This method will be removed as of
-	 * 			   ESAPI release 2.3 so if you are using this, please change your code.
+	 * @deprecated Use same method in {@code KeyDerivationFunction} instead. This method will be <b>removed</b> as of
+	 * 			   ESAPI release 2.3 so if you are using this, please CHANGE YOUR CODE. Note that the replacement
+     * 			   is not a static method, so create your own wrapper if you wish, but this will soon disappear.
 	 */
     @Deprecated
 	public static SecretKey computeDerivedKey(SecretKey keyDerivationKey, int keySize, String purpose)
 			throws NoSuchAlgorithmException, InvalidKeyException, EncryptionException
 	{
-        // These really should be turned into actual runtime checks and an
-        // IllegalArgumentException should be thrown if they are violated.
+        // Fingers cross; maybe this will help.
+        logger.warning(Logger.SECURITY_AUDIT,
+                "Your code is using the deprecated CryptoHelper.computeDerivedKey() method which will be removed next release");
+
 		if ( keyDerivationKey == null ) {
             throw new IllegalArgumentException("Key derivation key cannot be null.");
         }
@@ -159,6 +164,9 @@ public static SecretKey computeDerivedKey(SecretKey keyDerivationKey, int keySiz
 		// DISCUSS: Should we use HmacSHA1 (what we were using) or the HMAC defined by
 		//			Encryptor.KDF.PRF instead? Either way, this is not compatible with
 		//			previous ESAPI versions. JavaEncryptor doesn't use this any longer.
+        // ANSWER:  This is deprecated and will be removed in 2.3.0.0, so it really matter
+        //          that much. However, Since the property Encryptor.KDF.PRF is (and has
+        //          been) "HMacSHA256". changing this could unintentionally break code.
 		KeyDerivationFunction kdf = new KeyDerivationFunction(
 											KeyDerivationFunction.PRF_ALGORITHMS.HmacSHA1);
 		return kdf.computeDerivedKey(keyDerivationKey, keySize, purpose);
@@ -260,7 +268,8 @@ public static boolean isCipherTextMACvalid(SecretKey sk, CipherText ct)
     {
         if ( CryptoHelper.isMACRequired( ct ) ) {
             try {
-                SecretKey authKey = CryptoHelper.computeDerivedKey( sk, ct.getKeySize(), "authenticity");
+		        KeyDerivationFunction kdf = new KeyDerivationFunction( ct.getKDF_PRF() );
+                SecretKey authKey = kdf.computeDerivedKey(sk, ct.getKeySize(), "authenticity");
                 boolean validMAC = ct.validateMAC( authKey );
                 return validMAC;
             } catch (Exception ex) {

From f7ac215b2b61399a5e9c2e918bc03d8dda7076fa Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 14 Jul 2019 22:56:58 -0400
Subject: [PATCH 578/812] Close GitHub issue #245. Add and clean-up some
 comments. Allow 'purpose' for argument in
 KeyDerivationFunction.computeDerivedKey() to be generalized. (I.e., removed
 checks to restrict it to "encryption" and "authenticity".) That allows this
 method to be used in a more general KDF context.

---
 .../esapi/crypto/KeyDerivationFunction.java   | 55 +++++++++++++++----
 1 file changed, 44 insertions(+), 11 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/crypto/KeyDerivationFunction.java b/src/main/java/org/owasp/esapi/crypto/KeyDerivationFunction.java
index ccf8a0ba0..7535eece2 100644
--- a/src/main/java/org/owasp/esapi/crypto/KeyDerivationFunction.java
+++ b/src/main/java/org/owasp/esapi/crypto/KeyDerivationFunction.java
@@ -187,7 +187,7 @@ public int getVersion() {
 	}
 	
 	
-	// TODO: IMPORTANT NOTE: In a future release (hopefully starting in 2.1.1),
+	// TODO: IMPORTANT NOTE: In a future release (hopefully starting in 2.3),
 	// we will be using the 'context' to mix in some additional things. At a
 	// minimum, we will be using the KDF version (version_) so that downgrade version
 	// attacks are not possible. Other candidates are the cipher xform and
@@ -267,24 +267,26 @@ public String getContext() {
 	 * @param keySize		The cipher's key size (in bits) for the {@code keyDerivationKey}.
 	 * 						Must have a minimum size of 56 bits and be an integral multiple of 8-bits.
 	 * 						<b>Note:</b> The derived key will have the same size as this.
-	 * @param purpose		The purpose for the derived key. For the ESAPI reference implementation,
+	 * @param purpose		The purpose for the derived key. <b>IMPORTANT:</b> For the ESAPI reference implementation,
 	 * 						{@code JavaEncryptor}, this <i>must</i> be either the string "encryption" or
 	 * 						"authenticity", where "encryption" is used for creating a derived key to use
 	 * 						for confidentiality, and "authenticity" is used for creating a derived key to
 	 * 						use with a MAC to ensure message authenticity. However, since parameter serves
 	 * 						the same purpose as the "Label" in section 5.1 of NIST SP 800-108, it really can
 	 * 						be set to anything other than {@code null} or an empty string when called outside
-	 * 						of {@code JavaEncryptor}.
+	 * 						of ESAPI's {@code JavaEncryptor} reference implementation (but you must consistent).
 	 * @return				The derived {@code SecretKey} to be used according
 	 * 						to the specified purpose. 
 	 * @throws NoSuchAlgorithmException		The {@code keyDerivationKey} has an unsupported
-	 * 						encryption algorithm or no current JCE provider supports
-	 * 						"HmacSHA1".
+	 * 						encryption algorithm or no current JCE provider supports requested
+     * 						Hmac algorithrm used for the PRF for key generation.
 	 * @throws EncryptionException		If "UTF-8" is not supported as an encoding, then
 	 * 						this is thrown with the original {@code UnsupportedEncodingException}
 	 * 						as the cause. (NOTE: This should never happen as "UTF-8" is supposed to
 	 * 						be a common encoding supported by all Java implementations. Support
-	 * 					    for it is usually in rt.jar.)
+	 * 					    for it is usually in rt.jar.) This exception is also thrown if the
+     * 					    requested {@code keySize} parameter exceeds the length of the number of
+     * 					    bytes provded in the {@code keyDerivationKey} parameter.
 	 * @throws InvalidKeyException 	Likely indicates a coding error. Should not happen.
 	 * @throws EncryptionException  Throw for some precondition violations.
 	 */
@@ -322,7 +324,29 @@ public SecretKey computeDerivedKey(SecretKey keyDerivationKey, int keySize, Stri
 			throw new IllegalArgumentException("Purpose may not be null or empty.");
 		}
 
-		keySize = calcKeySize( keySize );	// Safely convert to whole # of bytes.
+        //
+        // No longer, since we no longer wish to restrict this to use only by JavaEncryptor, so
+        // we no longer test for this.  For details, see the javadoc for '@param purpose', above.
+        //
+        /*
+         *
+         *      if ( ! ( purpose.equals("encryption") || purpose.equals("authenticity") ) ) {
+         *          throw new IllegalArgumentException("Purpose must be \"encryption\" or \"authenticity\".");
+         *      }
+         *
+         */
+
+        int providedKeyLen = 8 * keyDerivationKey.getEncoded().length;
+        // assert providedKeyLen >= 56 : "Coding error? Length of keyDerivationKey < 56 bits!";    // Ugh. DES compatible.
+
+        if ( providedKeyLen < keySize ) {
+            throw new EncryptionException("KeyDerivationFunction.computeDerivedKey() not intended for key stretching: " +
+                                          "provided key too short (" + providedKeyLen + " bits) to provide " + keySize + " bits.",
+                        "Key stretching not supported: Provided key, keyDerivationKey, has insufficient entropy (" +
+                            providedKeyLen + " bits) to generate key of requested size of " + keySize + " bits.");
+        }
+
+		keySize = calcKeySize( keySize );	// Safely convert from bits to a whole # of bytes.
 		byte[] derivedKey = new byte[ keySize ];
 		byte[] label;				    	// Same purpose as NIST SP 800-108's "label" in section 5.1.
 		byte[] context;						// See setContext() for details.
@@ -344,20 +368,20 @@ public SecretKey computeDerivedKey(SecretKey keyDerivationKey, int keySize, Stri
             // under the hood to create 'sk' so that it is 20 bytes. I cannot vouch
             // for how secure this key-stretching is. Worse, it might not be specified
             // as to *how* it is done and left to each JCE provider.
-		SecretKey sk = new SecretKeySpec(keyDerivationKey.getEncoded(), "HmacSHA1");
+      	SecretKey sk = new SecretKeySpec(keyDerivationKey.getEncoded(), prfAlg_ );
 		Mac mac = null;
 
 		try {
-			mac = Mac.getInstance("HmacSHA1");
+    		mac = Mac.getInstance( prfAlg_ );
 			mac.init(sk);
 		} catch( InvalidKeyException ex ) {
 			logger.error(Logger.SECURITY_FAILURE,
-					"Created HmacSHA1 Mac but SecretKey sk has alg " +
+					"Created " + prfAlg_ + " Mac but SecretKey sk has alg " +
 					sk.getAlgorithm(), ex);
 			throw ex;
 		}
 		
-		// Repeatedly call of HmacSHA1 hash until we've collected enough bits
+		// Repeatedly call of PRF Hmac until we've collected enough bits
 		// for the derived key. The first time through, we calculate the HmacSHA1
 		// on the "purpose" string, but subsequent calculations are performed
 		// on the previous result.
@@ -415,6 +439,15 @@ public SecretKey computeDerivedKey(SecretKey keyDerivationKey, int keySize, Stri
 		
 		// Don't leave remnants of the partial key in memory. (Note: we could
 		// not do this if tmpKey were declared in the do-while loop.
+        // Of course, in reality, trying to stomp these bits out is probably not
+        // realistic because the JIT is likely toing to be smart enough to
+        // optimze this loop away. We probably could try to outsmart it, by
+        // (say) writing out the overwritten bits to /dev/null, but then even
+        // then we'd still probably have to overwrite with random bits rather
+        // than all null chars. How much is enough? Who knows? But it does point
+        // to a serious limitation in Java and many other languages that one
+        // cannot arbitrarily disable the optimizer either at compile time or
+        // run time because of security reasons. Sigh. At least we've tried.
 		for ( int i = 0; i < tmpKey.length; i++ ) {
 			tmpKey[i] = '\0';
 		}

From efe07c30155cb6b393019998d1c6b6ebaaa7bb3b Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 14 Jul 2019 23:23:55 -0400
Subject: [PATCH 579/812] Minor documentation corrections.

---
 ...java-core-2.0-ciphertext-serialization.pdf | Bin 136825 -> 63163 bytes
 ...java-core-2.0-ciphertext-serialization.xls | Bin 16384 -> 16384 bytes
 2 files changed, 0 insertions(+), 0 deletions(-)

diff --git a/documentation/esapi4java-core-2.0-ciphertext-serialization.pdf b/documentation/esapi4java-core-2.0-ciphertext-serialization.pdf
index 9d1dc3399c7d7aea90b7c3213fdc6c853f691615..37d68a46736fa7ead64c8919c59b53e201fcd062 100644
GIT binary patch
literal 63163
zcma&NV{k5P(5)FKJGQlB=ZS6GwrwXnwr$(CZQHhO&HJ4?H8oXdrfU9mt^0Sc?rT-w
zr1HX|v<!62(4>P!gI$9ygSpU*gaAT2LrZ9GZhC1GTQg^KLZ<%|MS4*SYiAQjdQocw
zXA@x)BRgXgUS4P?XGaqQ8))~eZEdO8qc*sn*V-~CzZ!LfUcV53D!1jot>D;W260;W
z{P4i8^zWbX!V@3Hl8!2Jv)0Hod)EoH5eJ9FA`*+)%jdiFy*Zq(yX=>Xc~9r9z1?5$
z2&KN=UydKoO9-d?OPlxBvV-i|pNmc1C9>P+t-f8_e7aM4+icz0GmqzowWWMJ%NFc%
zrLn!fUYARTyPVx!6|FOErJn|!KJ#|lbzL0<hm1Y#yR{R|(%ZN_ozAPrD!uz=!uro}
zw>PtYTekj5nU~Zod8%zcq{i}fZ}IB-_@~33-kTF8o_6NWxbh(sgGl*M6cZ1oGE2&i
zx>ksv%A_A3=7!T>F=@TJ)P6RW@O~5}-O366V=-_Xk(%eJ@_qVYU`HxRMfuHm#e?|x
zK-R3;Z~uV!`0@_#9UN_)!{nSRU9yiQ-a&RDKVOZOo)N;<0sl!3u_c2;g2>&Ebg{Z_
zRbwXe&a*yJ?uP_bDmjfi5hxlJ=6uRZsW08NOmT#DR7|Z#fa6$tlIgfSDYH9;omp{Q
zUf%=iUfsS#wcZ)(T}SJn{PKmLm2zM3y5Q-5oH#JjZFT+dft!sV^}@LIsskyKxgMI1
z_UI7B+7Lg-FEd0a;B-L1b_uZ)ifm1yY|&e1{n`X1u*HkVP7^xL9jRiOsMJEN*fsYq
zzOr^GxgQk8X1HD(z&3~U?gsV-b}iYgtMBlSmsnJaxJ39?c%6l6c98zLfG24yq2GS9
z`CLH4$!V&kUz9cgE6B^c1?!$;rRP6|W<19Vm~eH6%&ArE)TG6sZp6eC;WOSqPAvA(
zyq(s}1ZcoO!!g_ICjrl3h9uc3m_lZ>-f-Nq%%aD#k~Igegn_8PE>fC{fnrNYrTnn3
z@E|vb1+1_}=aV7_zsKdxWAgt9CP1pfHq3iJoN{sV@in35D39HO*T_6(h^FFS`-`+u
z$YeUR04bS!Q9xx?fRhiDk(5%$1KYR<yHiwA7CIrVz_`bDh<We(LF1Yjqhh`QQroB9
zVBfKFKLmChf<!1Q!D$+#ovH#X+;hX@F{7Cp8YfSnW5W8h3Swqh8mCIS*G8r97^VG@
zF%#zE%z*I{$+3xQ;n$0M&a4*wY^Tk|HT;p%vSuR!Rng;&zy5kD02Wxr|3XXybGAap
ziU(IUDqJK(ih3;Q-x7Ae1_i->qzZ~N6Y+0FD0Ew7m{ROvl8L9W8zN)E#<0+%m^dQo
z^t%HGFk%@h;W2I5b`1M_W{z8r!@;vhdfLQj%Jeh*6@n!5m26Yv53Y|mNctDe5?rav
zrK81@JFR=@IYZNGaco}xL3gEFBC*hOsl<OCMH8LG!Z`&6y0Ae!h=Ap}FSU4$HLEN_
zQz#&`WMUM4g*T>3!y1t=Olq03N*F15a)`FxaL_9{AbNdl`c&U!)$NmUl>7|h%l|S^
z8P8$lgOT3I0~tw*t{y@rkwY@2$TEukjys)OQfr$;si2_u>OC=xgrookeviU4OqOXj
zsdjg@cioZ7I@yb{ajwYaE#!^RbxZE}a7ar+LS~vV>s@s*V<y7!m~6Enkh~c%|50E%
zmq5=_o7cq~tS2IoOz&8swaGrM4v=M{>7KeUHl$+QrI~eSwZS`0qgGw?ZjlF_6!i2e
zw|_V{{`I9cqobjz@Nn`5UX49HH@;FWS+M|i)AOW?vZ6YxmF~7!A(hk|-VSKfZ|&mA
zW5Ku|PVpx?#eTaqNVMB*kQ#LA@C}rRbMM4vsBXH{%8ArrrSbtiUKX8L71kSct`kZF
zot?UJB_6_;)G{czxfC+k5~HFLeF2m#5JNZ0YqJ*KQ|rK+9FYd5yUCm+RF^$83m3;(
zSFmC)=PM2`eyHf^n|a_30`<^b{&}{G>CeeDr=O?6&*<d%FqM<Z38t*$m)-iLECagK
zdffQ&aXAVP22ecr-v5}~wq|j=rMwrO>m6M1DLO0=`)-E~lG72z?hfMBBZjOwnbG-o
z=0GQS`Pa8$g8k#T2L|S(1jW*NpRm~Ywpj_g=ketmCcRB!0a!`zV;}aBmGT~J3*(H(
zcUKMm5VLfpzY=1<KM@s#s#&^I<Q?F-8`%bo_lAyNPXW{ZE%!IJyWwZSz(X<;dC9~a
z)Z&qM1RP6ib3`!v4~E%*=5jRq70wMFOUdlT>9ia$C{xr|02hy`_gKpcMLsmieP}LH
zJeA32mHzGgcUa(LFgWf?*|ZvY32TClTnA;6ZK4DRVZRH2<q7qc2$ZNjG8WQyl!NkC
z^<X-@?f2s@GyX}<%8s%z<u~zd&?>G(_+ws4G6j9{qLSv>W&j?JA1n2Ff2_deO>y5h
zRMFX``sW8eY4^`ETk;qc$YGzl!Q_TFP?b}lR9Lx-wy^C9u)QR!JpQ8+>jegb^&K-~
zT(Qqk@y@{CLDNLbKD!cUiQBeIM3|z@O&Dqp3=pC3h$D-NL?{E4&S9%8$X__eCezGX
zzH3HCZ^Mb|jV+A)zhC3ksO%%v>77poU=#E)rv_epcm9)9`*q%n2E(sn?j5&xw42OR
ztPJ*$PMmk8cUvAwF!36)W9?y5hJ^ZjX64?iFMo2k<<f^Yh{N5!d&*8D(P`5$JaHv-
zT;Egdnn8>kcym_$afBh7#N@AeOwy04D)A$zgw~m4?RDu3i{z(irBeUua4yB?4DXcC
zBe6IuUpV9y3Z~j=NSvo14WKM~>AdL}hSGr=e|^FR21n>`GQWmMBVkbL@DuIXNh6{Q
zfr}DoAmUmoyd!TKNzhm+JegM<MKU5{u1tJSfOfk%dP^S|O8_%_|3cGK@j_e@abI{3
zS`+77olU?p!PK;N+khm<k6^DgBkxdZ4=xRZJdC-L5u@{uu-cR^73x?~I&;i$Hwu#B
z(*J{|-RcYEzcI2d6P-)SOVGt118M|I743E-^7v3xCV&|QaTjy3L1&NT=@nPd3;rvD
zZZzGk7c*O(vSy<dkFx+p{h_GTm$BmWe2;hxGL4PdOhb)27c*r=kuA_hpZGFc;xV2R
zIxgf;=M0FQI-``v6vlmr7lxu{(0zIXpGq}G!&xwLK>%GabByIFwRS{Lj2RUiA)J*M
zI>ffQp7eo?_@bH$Bi533C96or$Bayvq}TKwwVq~#%9DDToU5;DMk^tK>FIA=6+=$a
z(v;F}04Dwi6&Muo9hD5|yrr{-lA^slEQbRKksxJK`Pc3%$Q_Lv)ck^{qosG!UHc>a
zn~!{1a;9)kYwNzodBf8?op<={JhTzXF3{Lw?ESEDVZ#zj8zZ=mvoe9v(qlVCtSH@E
zA1q<E6-e~CmnWdDqHWp>*J|&N!5J5S3>m&(-7a6+FyP$EoPEtX_6OH5kWW4LU}9Rn
z${h7PPUmNm^faKaA6o!rlY7gm4t5pp)vRUN9EdWLT=pxy@W@GR>+YO3(4G2uJAe6u
zpYu*)wXRyxV={VdI>vAc`gk2Oa2z-BN5KSswmA_@)C1VEvqV)1FK5V4hJZO<E5XQh
zZy&f4Vd#Pt%rqM(SJ!EMp&Wkt^C5H5bo8FuOfNl`!HZa6uLm+BD_`!TztMC=OxmZ;
z_!0|Lqcr1m;Goh4V*p#Xi!c%hu>RLnnQ)Hy$2u37IKvUVW$jEs*k~Ug=KdbOKC&lV
zEJ5GOX=8F-P0pEEU9|pu;3Ns8#)P>-yc%pcc!z~!@_k<iA8Q^_SiB^+i|xJWyF(q0
zuv<smfY}HqG;e0)^W(^6arYjXLTiK_UGl49s%FaY0Jw?#7EXc(ChUt3qWzj~0znFx
zX*FRt?5aOTs%!B^dRt@LG;f8p+cIjSCnUzo)3z0UkHi)|JU$q50h3c{QVbLH_#+!m
zQ>dfqG~Rhrc9OM}MnRJxq|;&MmJrNg-T!>{d>l2mJfj&;XIHwpp{$yIpMq<=&76K9
zS_~^E?vVycU}l!8<IiMbOC*&}a41o8%V`0Uimf3AJi^KWre<MGD1}nbTn{7HRd#vG
z!71bk^*hgSXer>F|M`NjrEr3QoyV=6D)ps*{v5Vt<c%&8*cl$b5o&1$Xckiv{K%rM
z*RnP;9*y2as58>#wOa+xd9M=$IQEUT?=bru8CZ`1@HulIbcqxXVBJ~f?2zKZb~s|s
zI(H*UdWd9S9#AU&`co1Ob+q~xYw)J@B6-{jPd|`5e=hyDV;YgeVEwU*`5-vy>aI`F
zWoVw+3ii8K)*Y)ieE9M>SbA+k5Qa<hc`{IefLTrI|0E&(V6h;1TiR)q8?@8~+!@Xy
z)h*=)w_rZJPN2I_XXBR2Z!oqI0;oCa(p|}@Op7@fn*tsj4i0uPGTS^SV6tj(*o%%w
zR4&{5jN?NaC|vS#Ms7a*owyIQCJ3b=v>6*afNI{G`}F<z;|#j&u>u-dE=owEYI2;w
zjW#6s2YQ_-SstEDZPGAyh1wMJ$WtVuH(LuR=N)A^6Gje@9EsQ?1D{iHe1j~Xp=Wey
z<cJ*Xu{LE977eFdJ0DFv(B+h(QfO<fAu6&-S!!cYKoSoNnOCVUW6aV^;c&W}-g2%?
z^ae-I!R)T<oC1f_fciIo0=}_H641wN+;OLiX@)R@;O>Joy@I+3<cA=+WnPk&n?5A$
zY5*q~3mi(E!@#LO(R%ZJ!3Q!6nF?)UYy7`K?Z4`O*be%CknVp9CT4cl|9SpjBFq0l
zeysmL$nRKPDw2c^_J5I|K4;1iIWyezg^(=_97oVr!=EF>weF)^v4qS0iVKI?pufiJ
z&j$}l&n-0G%O|kYyQTEe`$)*F_;v3e?@x~i(|V<H)2SoxPUczQWRHJybU;&5nM6*Q
zrdRo7x4(sFa^k~-4}P>B58<#=Tz|h)Vb&@;{W^R0z`vfs=}N%cK45~5XWd0SNCuUE
z47r<D^=|pHM?TM$48o*muc6Mfuv61q%|gzYyD5N-MGD-P8_*1+G0a{B>E?89eQQjU
zY5XWW=d&pv<v~T!7Tt>@!&fmn2*(_givM&8Gh$;nB?6I<=6A)amUC{;^b6_KZoNMX
zn>U6?=$Z<7D|O`x$C)erX;J1ciqKleB-46ur8JaxjX5#I@100_(lA!d?6#+_)^bjz
zFLBWxrj)}X;j8blRKiMZL2QK>f00ZjzA8Pf>&P*wbO^ITRh}|7=#)2p`P!&JOd>ux
zawpB!J`!$V$TE_JOI12F+yjNcK1ky_lmX0>=(c`M*>U;2nC`U_&t?%xhY}RHU{AWZ
zAKBY;x!LKjO}W&?16dzIL4jqlAJer_b^DTgyOVqW6V`KCJ^c5K5&GTATLHi6%$o!7
zU*$N%b&=(4<#gkG<wW3&<@O@X?w%1iEpu9EUv6J)U-g*Na1VTdIEI_RNn)e0li$hf
z67cvRA$kHQnGM=*+2FxR=uK7@Gu&(ACg@%Dt9KO6R{IQ{>zz-(UdshjKZL#(y?PY1
z*e(;ey8f)_$1&BSIO)!^ViNNh?iSuUL?wg7*I<%5H2l;S+pt`$mzF;^G>P;|gPv<D
z#*tbTPW#gVb=)PCa#(2o141@!Fk@+7EWerycYEEJ+>KpG(GU}cOWg8%`5jKO0c$-9
zd{5&(V-E&AOn_B<j<e)XPcfT>1SDZHIF+qq2ZyeMP<0w63{AR9Spdk6sknDv3b^Ja
zxyQE9+Z5|32;+-}xPRgySnYO%Og(B0c#4WdQpB5e6K~(896xb9&!$bs0UXEUxc$C8
zm^M4+-F<Uz#Gl(dT^~{Ujl-@d79v`4Vy$JzdQ31(#$gJ%252mWJ>uO$;5O3JPGMnq
z9uFUE=%dpH6A%#yYX}Xx#R@!V0M`zI2-8G1?$nqbYI7%)MQm83Q>VaMWm}9B4^EtG
zjrh0Ha8lbzGbZH&bkV!hp;=>bhos0-MwC_|aFXDju5oMX95=&GP~kZXg!F^|SD#k-
z2E|L0=E_RQ@=ay?#+v2$<WAW4mVvP-_0Jvf!{4~ISQ38pB^;@4MP;4=s94A9iGxFY
zBpKd#_1RO_n@#&01!Sud^VRR*m{};=n9A*|aR50B-r0GHS<2!~$bv-U7R8gwVfJQW
zCgnHp9q4)Q+uT7NuKXk_Ue9Dx_{xjVTWgCp@UHwUepG0!|1y*wgJDn6Y_z*zd$qla
zQ9oYXm!)+XCXRvM6PZzRgJn=ZXoqfe7#gwWx2R_%lB5PxKz8}j%!m@S=VaT7xwnMK
zq(WoS@?FO=HeNI9^eDO|19f}-vgQsgi)IFj+GhpKUtGY|h2W<E-4c_WWFu;G5#Mka
z{B<AJ$|;b#lFPv6#Pd1tP&j#eW_FWlNm6n!N4ToK!Y$F>-W}8Gh4}B^818Z3j^mYt
z_%Ve7H1Yl1Hi25bX@kO=T(0{ayax)ehtJJ6dVg!Marf;%liBjOAkcA))jMF{-*mmn
zn}54&F2Fu`jwrS;f0J?cy=|xNQ}ZMWbNDC0AeWE?23W}bUh0fF%)ixeziw_@V@m(6
zTRWKk8BTm+IJryb5Zke{TF4~smEnph`}%R|f_%7y6qUgS*ZOCJcA^>F#&NU4&~%Z;
z3CL~+sSF*?_62IKF+u%*G5P;-@BcA&24)7f|J&r*{|}Sr`2R5Z{~iA^5Hd2dvjYB~
zVc&9>$3N8N26mr{)OD^#IkNMhbAyCBX>q|2AYhWg1WaMVD=fqWevoiMWG3Jt@PQIU
zVR<C_fB_Y4{v==pds3<!$MDZbhvc%e$BzEzedzPA3b|QW6ye>^f4;lEJ&De<=SnUY
zOXW%`r59PU8JXzIh$t3+Y5vUUs4t)KygqjZ#kKwc-rO3VM&^16q@i&`9H`1(W%u3Z
z39aFjf>M(Td)fN}mpV;uBk;~eRKor{xYf*}vMd+nPMaFH04#2#PpfL3s%Clb0nBT*
zL}%SolUph#_irbN8IsOCO)J@LxLhG9$^&ozmA0y*ranG<6wwiUfn3phc_8C6Sc32H
zQByFg5eH{rT1$MFPO!wMx(_GQ659^%amYZh<Q&Q%9v=8hftQTNGRZ9D*gaaclnqlx
zFk#)Wc^ywyt$~YFMOx~1Kfa5{8!KI-+w=AOa`q-QF>{rV50Iz7m)9RG6awFA?XF-y
zG^S7(DMd$*=QO-VJsSTD$@jJSwRuG51MZMe{IqjD2=^DhAt<iqHmMZG&Ew-&htBz8
zRp5bpUCh-Lw3>ACuBTON8|i`3BPpdN9?n<b#iD^+b3?i%LF)(g*0KTm{A%Eb{vTDn
zE9E=R%fB@4sE7p=khMz|g|j~oBgGQ^W_J+nf!qOUZgE2HyCEqKppV4uf$72*>9K2Q
z#-tjdMq9ux#>59|2|9qpsS(X*rp%?dkjSu>1eqfNM;=Xsuff{04?ChPUl0zxQ0JC7
zPDk3AqW6EXH3Z{8H`GL9w~546kRHBS+!C2pVa>}a4Qfns4AQ6BZ}wd2v1(}lqW;<H
zi+u$%|N8neQ_s<}x3!|;U3kjr#&qTOVR=FnJ8-+dPhsUhlq-?RWvH_ne6>-J>N1o(
zJtQ2=7mCI}p~LlBug(1p4upiGIm=DWT%_-GtF4-X)sw3oy{^-ok_ed3TeV=}9%bZj
zD27r-7h97a*Hk>Feo;w&nM{e;ZZ7;Z!T6M<B34XB?Wd=kRMV8K{HKCct{7pwucjjC
zVnPy@_DDAXTanh!PNrUDV4SuPEEj=`bDao37!`i3z6036NFdr>d|=l+X*dh?L(rvf
z$<wCXk{pgt7;df}P97t^V#5}F7hT5uFiHG|AV!Z?k9c}vxe47F^hZzI85VkB5+<kE
zJ`j(rtROZ)nT!;R)U_+qdr1>duww>~S4c7zW}+%6CMo6&c4^Sv$lYG?yflDGS2|}?
z`K+j{p^B|jS!+qAwYBLcHGCHPcoP--(Dt2(Caw)P{uIR!`+{DsPdxaJ>YgJNev^)r
zv-}R<v;Vj2yV_ksrCB)M^d+2R7=(r9FLA7UOq`NerKKhHPf^0k#A<oJCWV7{{J?74
zj<J~)y|7I}gCl``>v_tPLDA8Q!mzw5_;3E%oD^Af^cwjLO)MatRM7@)WzQ~tmP`Ff
z^N`)d7lMoe9Ti@3?NVi^?#DiEsy|eGa>(&ngUD$JlqBsEK_pEQd;vX>y_7001(Rf_
zYa!H$%hl1tDrgc{>6%(JytX!?X-eR_Lo*#Smo(w2@$9*Iqe{`hHtaxhY&q?MlXAc;
zKdw&25OfKrSfVnRm*l(3$D7^|QbRRU`AmorI@?gs!Q{!!p&I9pIK`P_Zv~Xn1abeo
zI+Uu2S(Ur5E?rAm#n7Kh92s(^giEU^_J72Ojg@sO+HCDvtl_MY?4ly#$6Mx=;<gOU
z)a7l>j!hE*f|G3ZUlzz`7i)a{$hlB)z$DC?0<O`5w3Ae}w6!@H_sS8==5CKgj`KKw
zLhM6?dLA<33S24jdGUx;Vi1>;DUXfFKSyM<6nNPu!l32H9MXp|;_s6qsj!s$!swL9
zlbMKc1chN##YxrgqH#lB!&sF<Q^CPyt<Z+?IHai{<A>_vqs0lz+f1EN<veaglhl?h
zlr5q%L_LH#3nfMD#wvY2Oqifj3h<0zvWb=!Frl_lL7dBS3neX*iKJQ!o)p__M=&0i
zCFAuq+8J3zxRoaq4CK?rPAw%{OTi5C)50+N>mfzb;*opPD7MCqpE!QhJ(1j{VQHE#
z{uz<CQVn@41b}f6p!|)1hJ@4-xqv|pe96B}rZHbw%F}v<42)n{g;xlB8&PikAWKCk
zTsxDqMXpu*Xo#-|xK51ute<U&-n{m2gntIsxjsZal+t2OR%a{v_yL<LACJxbzy>Ar
z(IO!iHAg8{DpMgOJmkq|1R-!n(DUMv6a@=%XbR+>;zI~tI@fa&Iw3GwW{X@?M7pAq
zzzVXXAx9ZFsh28UYMSGHUy(<Q1winY!CVBAiRur1=PBd$Wtah8mOwoQz(B%2>z7G1
zy)iXkE&~f9<^wPVk_VfW=$(07MBh=!0;bRKxUkFr$?I%2v#+;Rp-L@B6l`Hu*i^$(
zj)-crv%J9|-NB7oJiv*GGM9w)t1&SeK1C~EL?(R@HR~2GSt*G0gRgagpZ3szL_kc@
zycS4EmfM9@r`#r|L+2}5H2+&iNaqTP7v~*`rkO{Ulh<eFt~7Y&%sH;BI8(o2sDy)t
zsRp*n^Uc||dfuqky=164*=nI)H~Na$O??DEO=$O}><5m+jbcL}qNP0o=Yz<ird1@u
zomB~PN4I7>GpNE3x%exDaQbwYf}gWI$jVc-I_Ss)K=Vw?3+3iXdj|X#;m2J5EeMVF
zlm}M#5=F55=H<DX6Cwr&f8LuPw16I%fY8(srgk8M_?xGLkohzxXkg+wR_y00X@YXC
zSuG}*fKTIjwjdOWA9H3vE>c#MM+7ZG*3@V=%(ptiD>FZP#TO{gKMamZN%f#50Ti66
zT^5F3#ar3hcWJz#7q{4!*-k$jzLmP!TItvg=afqTV0BKM*pn|^wp_HZ*+^36Qr&El
zRi%KbPkB)`mkJiA%F2JOQ9ct7c0Zm`HkS@&w;MyGd_Zwi=u=fk&DEb6wTC+D%o>~a
z!@YZ6qA2!T&YvGJ5yEeye7H;WrY@!1^}NeNUqe%y-F}Uo(LT8^2?37p<WzgGo1CQ6
zvf$6w43*Xk`J&=fA)qm7)*Nu)<gq)+;wKCBD?=XnV^!$X6*wbnWIZ!O;<rSZ#xKxF
zhwN&N=nS^vS5W{COdg3_%jJGYNPoTk=>^Glv{gwlI8bxDR@zoyL|+aMzi8>nxhU+9
zIA6a1wJs>Pa{ZDNys(A7B9Fe%KqtjIl5bCj!`YBei$m3zPl^)(P@M`n1Eb1@EQ9)1
z#Ss9mV8Ti*6gs?2U$&A*Kt1gX0M=-a8$^Z03~P{CsR(d+@;kz(`CRgC?)4bxB=%66
z>^MGlQnl7{8TPW{z1Q9NK2dpIWjmej@j7f^=<e@*&S$~lUL==IN2ZawUiZ@WUO%y!
zT;Y-&)nQ;YQ{SD6nye`s*vqX-DRnyEVo#7}9IM(RWV=^);pCY&GtuNAKSZ4rl#Lv(
zLP^gt`8$F(9#BBDmINNHu{R!2LvuD3&{A~<bT~j85i7Th?Bb4YH>=C5BIgP237GLK
zU}JUVPpLISX2+w$Wl5!D`{s>4g}20qd;<1(t#<!jKCRVrnqDYq*0SsIKVN@8aq9Ry
zMy&O4CtUT->Gn+dr}}gBm}-i<{?VUVE8neGc_m?g7@qwWfF6zaynSS!!2$teHo}de
z0Rx8IrNnPAT<n-|HB~U-m1!Cq^T;+cIW~p4(w2s|v*gL{^vyjO7=nS|+9QLSE_3@4
z<77m@njn}0CUvD6%?kd>U{PI_Rxyvr8k`gyglcb3N$J_Ru7b{}^<=Ffert)5FB6na
zWR09J5+sU5B|?GnS1zdSxstI6+4)p;DhG}BTR;QV15VPkiwCQ67(K3PMps#)X|K)f
zu>g+pRb@Oji^J_k?{1vwM5eWBqrzV=$HU3hqL&VYhY(GAuJBRB?XvLoW)qu033K#_
z*yE^WkGWiqpn4_Uc*a1ZktuodHuok6Q_@XhsN$N5p=eoCLIF7~5jz2sI5Ww(8GBMt
z6=s|Q21!ke_i8Fs=6x;!A^KfD9l_*1PK?@2hg%dmPpE6fl6p#Iv>cY(Aa6qcJx9YF
zLPS2#JVJDH@<gR8n(;?K){>!z<SdyFmk!hhInWdAm8b49G55FgzN7eg<kV6BdGq&-
zi+P#r<KZG5Tjo9=%jxz{cf&swiD0AK6ft<qw*1OWvgta(k;c#CtcLInQ7N6n=tsMB
zhub5>(IXW(npzTN-o-hLEYaU1BA)Rk{a@#VBxBi?G!`u0Or~%|;>tw{lfT))G9t4V
z8%e;?SbO7sHLz!6el1aD!6Z{Q21|cLLL&~RqzB#y$A|VwAw4PSnAcN5!7rpM1I=I_
z2)cgOBJDTfIv=o3@=WO~ufJw5ZPzz8JYP48V^?Q@AluUYnNDbeF=p4@5So}@gGcCN
zdVC)WS9ke0@0_y@J|5PG1R?^l0tOA3GoNu!9m(!FduWV@f+vP90y&wCl&rgl!5fu*
zlw$XB!3(TnFIXOv!^efsG1R@m{RM!{`p%U~gU)d>o(b5h>Dq3dS3yOv3SDk;)7;d)
z-wrEg$`2zGmYV;#M0=yS&<0PzpriB~teQ8w`pclvj+^|AHEK61JS+-yVy8iuSS+)c
zZ?fWK=AKt)PJXI~qi*t4Eo8u)D}$wr6~~IER#G5zQ!PN(0i=}q*<ff>t*zEnY8&`W
ztk=IrE}C)TbH=|oD=KY|pqHHbHm%YDY<wZO^&zR<Uv{#Y4=*s3b=0F<5@I^yqE-TU
z8zFO(NZP{r85upO50$-3_+e#7q`XbZP)!C(q|K+m<j9;&1jWdjOn&5e6Dxuam=t;)
zXrJL|<e3FC_n28Q{++-ffB}lUwVmP)%L2H4w`qN~dR;F!iX$drr=MxqV7I2d=|e@6
zR%haR6Zw7*%s)>Fx}HNSR?mJ%Q9vzSEdZMp49IX2u9pdAj9jQDJLe%Xw&o5(g*a5(
z@+TqOY+25u)f_cT4z1AWWEJBW4j-QgyT4F+KOfVNRyW;tgCCtYdb3Y)a^t&x7**0a
z|1^K94yzA;zwQcMRpd19S+hpKA_Gx0U^zLWinGn!&-V675Nx=G-PihsU=X6Y-Q59?
z_GG|KiJ>yw(tG)ltQMuu4o5c%YKDG@aPUdTfAwv6#(KX$fhJ~+VRLTwL-gAi$lY@U
z<Y1~qN3s5kE`>ynrt(NNpZsQCqwSZVAfxLhp)#ZEHlU_O%UB0ciNT@)eNYKVxT1uj
z>{dbW#DqSZxqGoCZ&;#xQT9}#uH+(C?Wh@nhVYzH^(wrs3K7ew;e|RQ0^vFpP?mCI
zD2uY`5pz4NSo!l%CP@xQoPV>b+Yp<{pc($|T%)h+(p;MJm!#PmT1%Pe0ZH1!=$;yz
zs-99;6+ilrb;V3;_TGH?){xgX=X?XZuq7*lhps<)f=aLyMOd(6IOOv=X@E8Qvu`fu
z(ZUf~*oW+NF60rz9VBxt<}q9s5VG-EMs5da+X>oB4W=IPGhdm&eCncUwjbx2A^>Ox
z;eGYb{UOswYc;s{`n<Do*2ZTGM`^R>*sXpyv)jj<I631CzA`Z*tzlQ7UFU!X**VBl
zuNc$j)Az%e%cNYRv9fZGwvPUcqm54{vXR}2uVf@f*0s^Ui$9DXEsk&Gqp2GzV_JzW
zc{k<A!OK?C$-uu%&?P54CQv7?>oaOr?DAb|W}%UWLJbW?4^EB-t397ua{BjViDp^S
zB*6odFX4S{?yBx^yYlnt-QT^g37wACg{tcGdK6n^*Bn(;s5s-}_v6Zr;LeDbfIWJ2
z=U}Qw?Z|-CRzlev?PKAmJY2d%R4a`>a0B-p!K)Y4LLp_645_BWAR){I@hPBG>6Ws2
z@(et4`9fy;{t#Ske??qB)Oi`7x=swzJQ?*qXo>Sh>2i}L<eWHJxbGy3wr$}i4&PAW
z89}FCNLQ_c^$hBm1q7?B9Autko*ID@q_HQ)%1Fdh3BsKtN`}^-kLhuqy+5JGi11Rg
z03<*QS@I07F$al5nWMyXlfR^&x1bMyG#bBrp_bTdheiTEa7)zSwE%>JUJCNFPQ4SO
z$97y?<UF*^eD_Z{A~LTkykF`r!0i4U#E?0U+&;56pu^O9*!70@U)0}qC&vf|x+f2$
zlXet2tn8D?9>Y_Y<lG)lGv7NS86zP`N}(Uq_`h+KGH1IS&Y6ixUm5CSQ+xctVc`ZW
zT`_fOx)vIl%R|aR(qtK3n?$S>jr~|SP3!uJa8x#NW`Wu`LsLTa(Lm8lXNU|?ea3Z&
zzVp25^p}A^Cmq<d=#8EZIKMmXS3hd$1+nS=*-X!r-w2E+<ckaXo!Zq`!1lkgnO%xE
z2)C$mrB)RMLc4^y5Qe0K0SW1+=aR;anF<<Hrn;3f6@4_3trD(%yBe0P(kvspJUA})
zytN5fr%swu1a+RIH#qOwq1>lXO!r=U8%Ki=*y`W{FNdqWm)!leZ%;OLu03)tXC7VK
z;;$^WaH{*BgZE|NErbXj+~VBo?u6W^IpNi`ZBfb(@*_fVATuO1T$aV8s=cvv!r^a<
z|Gv{*>eZCJPem%{9>q}e|HdMZ$Tp7^1}A}iHbn7Kj*r!;W{!t7jv>p4P>g|0B6kXx
zBA79mgGyuzn0z>z4X<3Jx!gM(E3={iY(m+NyhM4dv{V(mvcK%uU&=u<xTmSvS{jBo
zXFp@SBe~7zrM^Qh^MGrhf1rg6+3H{m8R|q6a~Q1p+NZ%PW#laaD9JEwK*qt~QS8ai
z0R5k2?3Mx9WNTY^Vj^j^0V?W5dtlXS=QBmmhOZybO+GZ$Y#I89AUhZE6d$_`$fNJX
zAWEhI+9>MM=0fu<bqBGRT8ji2{e0W^5`Ot=l+Yw?@FwE|UJacIk$w33mb`JPP2YsD
zFV7$EP;5m^YoEy?k?E=SbSH%w8FRPKgoA;K*b<DFS?97$``ih1wBx2sAwsOQam)!T
zxJ0&!sB#TZnzpT&9P)sySQGV&i4*aGAm}FD)33hl*IV=SI#-J~y8XJt)KuO#$Ey>!
z0V^*6c`Ci<!3&O^Hdl4~afwxRr=IWOxy0*kui48ssa81;Ph_jf5!i;3;~f8Wcwb9;
zP#JoqE4DrF=R-J(rM6B8?^dW0gQ4*@*IAu~^cnD0nqa7qC+#I{D4_mlQGKxlEVG_5
zWGw5p_4nttaToOc`cnw!#`o-n%k5@us*B<_&MufN4Q91(`2p`i^$daaUF@Cq-8)Kf
zG453JMTJ>*7_tZ~x@-lP-hj67%4#OU0gjgyC<Jb1FzmBxq2!Xwhw>p?&=e9zL#jcl
zbhQ(Jf;v4;ST{cI%2f`v&QZ{K7SO@CO|~to(^(@_%4D!$&X_-)ai#c*dm>owg}<1n
zpMn>6HI6;A$`nXhhv@7yAvn;{8$TQP-kbNTvspS>+vH2wdk;k87oRIIb1e7roA#;W
zBln|olceWAbuZUlM=<ga0>wb%sNR6BO4+E~xar((u7n{A_J%|>d#5j-`V=eWxY?7K
zK1~&-PTg;Q05xAz-vMtNv5yppyl)mH3wcinI0pJI38)jbD>IlDM2pr>)c%i#U^qZ#
z@6_t76~sg3P5w=C&IXMa9aA`?BraGu0s76%pQi$G3>m^u$aao<|L;Df<}6HT=SBc1
zJ&uMZ1-~4y9~8Pj2Q`1@9Gx@Nl>o42kj#LrzYThxq8}v)7&s;&&<J*ug<NK*b16{N
zLXEUJDynrfI^>jvhG;1R%811De2F-I63b4m{w|t~jF08Oea1S5R^u`{+oAef8Dy@m
z2L65O^F;0#xo!a3!*#6ya@tOuU1;V$hX-@wG|4#Ae*a8k_H6-=^S4kA{x(W;oL+zz
zT$^!X5lQ8=^~!(Cwx+^1CXa0(G3%N+s9|8pBCB~Rf(YwbLq9LhRbDJyeKTP!9VEGp
zpVhZ)$AnzoSbNjA$=V4sI6)~Ulx@90Asja=Kq-Ri42raxbz}m5!%7R}A(vDwb>}Ll
zy2gE}>As_GGS7BKGdX%*7kqpI8%^EquH$m#7=a$Y>SlRnZKFc3ma_U7Kk5_=o8Sb@
zTVJDYayt~Uc87Z1*;C^7HZw&7U9z#Qdg%OU$y=s2hrRL}u!11sbNAVQ2-!%`^E@cQ
z$9)+p_FcDw!1k8kk03<3bQW5P^o0(7Tex@ZlXf2Z#|QD-eg>h`;*fp7l&=i$jS}QE
zw9$thi8$J(_I?ludLRa7RspkROG1lPX~D>-3d;i0^0kvfk4m{nc=NljX+9<MOTOGb
zXxuc1!10^^D=$*2=O7kFv6bcASMtp8QpJZxj;d=f4$Y<%3tT3xfi9kYc#%vGb|%3h
zdOtHatVB+zg{IBG2%F1&w7K(!6Hx7NPjzzdRU3KL6(<pFHq~xwaO~fjq!i>;yZQP$
z19$P0#huMF9ZiZn{+BCYdB?bWXRyAzT6Jac<hUd~5iW)Va;A4M;fNlFv^`0Bd)z++
zlvr#?A79+Vo*RM4qb@u}0zWBxDzJq+Ee?|FF^?3%@v$!p((EBG8{L_K01*QrdBU27
zO?>P0G6hMVt>)%IY6V2^AVpcfuTKCtDJ(epBx9mx++LsYrFZjCViRte5a16grR(()
zZM4755f$U5{3v{0F<w21ZkN^3p`6pxL+WxRjQQbigLlRchM;~~;c2}Bzvc9U<^lM;
zxFBY!b^G_B_}sW8>z=gg@$^c^j&{{>Ii;E@P-`~LI+I=1n0Y;}+MTYCEHlKlRkr{)
zZCmC#NWvE7JP5>Q+}3{rF#>0{Z9f5b+p$l|hU+{?$3}7>C)MYs@bzvPh=77^{XPj1
z{)Xr<D9dK;I(V^Wx`fIWRr0BjfP-thw`D&9hiB`)3n#YyOZ_E)ce58o;e*Q&gC!QZ
zC_Q8_Vb~OgvthVtte$=e0aG1imrN0%=n(!L8|f<9k*POK;3oCcAoAo#XBiq^UxfEf
zPNjsTFCN~)K8Ei{ax#YYuE7yIRX>rqDSI!W)<C-3OQ;rOxkD(&wo~vvJd5UhBXRLu
zeh1z7yHy!`og@8h3U@-VTd-4<5V0qpDQgylY9yIqet4b|DP?~V{{Cw}84T7z?x-rp
zOt0WJkgmI=-T++%IEv+>!$g%U@S>A``!d3K(N1%Na(1Dz<EFA>893~xBUG&(F_tyF
z_C&EV!Q-q3#ih%JkK!cHG&XZF1!!ngJJrLSwChK}NNNM-z_IA;+x?vSH8B1i2Ncq=
z?*-`4tsMkp8l@FdmJEVpV=R4N1<dN)^}y)5^eds-HN#|3S`vxKL>(w4ZJA2e%z!T%
z9wF{0!SEL85X}hDsh<XrVepe)GX*lTywO}=P!!J#eqvn)a6^mw%qYys26KCM;AqRs
zlq1;tp9L^A1-5G2$GP@q2u5o6scZY)2sk*QrD`|-x=Uu4b@>)IVLY*L`1Ptn>F433
z6$i;UD+zq7FcP+?A=g>r2XR`d*>0t{<;>2R@odxeI_<@=4t~5x&Yrr*h@{PIf4jP!
z<m0<<$LjUZTuFNv@ML0dik+xO6-F5g+4smIK)~9D&zB9mO9DKCi2N07(F9Zb(!rbC
zwD(|w_l_)zlQHpbP?N?I_$c*@%6Xk6&(g@j3j5&qqw-c6{TPa7rch?e@mbJGF$|x=
z3hoZOC3G+y+*{Ny4!~)7s7eJ4a{i581VZi)c|BmhL4MWA>(2Cg_e3BaZOwE#co(*#
zUer1A?ogYXHEYJ$d*Y4S<&Fcd^P)^Gy*Z&M5qs9jFjb}Mnbvane0}MR#!^4DAv`AY
zrX8-0r|Gxo&pV>SC-UTwhD0FNOUar$2@d_?%APw25+zsW%%A$BPLSK1R@gp=vCBjp
zsaZj7+JGIyai2!B>w0vyNZ<83aQ#3ZV`7GHsFt<+c5peWXH+@6`*T)XDgN*G&h<!4
z4gzA)|CEJObPzkrITO*nIz`ycCrUCVsqGSFa}cP5>uiu~%FO1}mwn(T^0VRb$~(LE
zj=JDhXe!9n6l5{%;SsDl=-6FaPKaxd9nkKFC0x^STy|x=4%0Q0ZjZj<b|ZX+cv4i(
z+&W3vZfpq{t-XgTe~}ivqU+9^KYDgM_j<Wm_fi<!Lb=Mw;n9dBwNV%=F!`jFoKizU
zaH99V)AOtJ6@V`z|B($9y}Sax0<ych8>$JBLbv<jr+Z$l<-6^;4Y|wk?Op!4&CIl0
ze<=U@d|<h>)$AE*^&af-%A3v3)Zd=`ecz|9p5<V_-&^SI^?BMahD_vGU5v8-=pdC!
zrN7|rwVWQwJd$IjXwaZbWqQr`CW+4xh)ls`nCAyIm_`o_)9_MIXvJN!tv84(2%;J9
zp&9A;8b8JNb=@_Z<@@;(7y;IG|EzZ9(E1VmQJwL)wPA<AFY;CY!BdSxVejP$RE;6$
z)HMSj|HP+rHo(<t`xY#iaxO2@=>b=b{daJB^?(wq?Y$Y+JSkiDXfCMxjp1&>QRr_E
z5v(>4f$<294k58#g<hi8XVS>%WBk%S`pQ!Yu!@(P0NwG#*zq_1@_5Z|J@)%b-+-)u
zH7oIo|H%tnWQdv{a>A{gKl9_aCJ<Q{LI86#5-XU{4OyMQFsABU-Zbd>LXPr+DzQ5b
z@vc9ebh@dA-sbF3E4)g4h2xxa_9$3IN#uWm@OB!@+utH_z*61{ZlJZ(&*F`g;eg$j
z{&gUH+Dg^GU~WLLFFh_jQuTP8Y>Sf%X3>iOabH?SUHWf|+1ANdA}wa|$OJu2H5FMf
zdw-Z}(yB^1ja{_V;)b$enzaN3j{<2txo_>qiA`P%nwwG1yD2Zx5~)~x*FVNdb=Mp`
zEG$~^p$^5CA99H+hqou`^?uY%eoI57t=ew>-gR+g5~w#?j%SyU<Mnnu{j|E-b<h`F
znf1PPJ-=qEg{oQW%{yOLT;e3)dz~kb(RO;-uYfZ5)JDh1aQM>0d@NRDCo-fX7KS{V
zs4L->M+(A2R<4o<3z;s8q8RPTc+yhqtT94syC)WG3M693aV>chn^=it7Nb)BZVWX}
zCK2$x?Q@&^1Qm>X!Q`}=x&4Cfr}lC;9iNzN{`6QMo3gtqrWn9W2Y9Me`<|>*`;z6R
zYdE|NRwHb;ANap`JHxiK{|1)nuFowNYkJ@ep7}v`2HLCA;Vx)Y>o1w}&x0m;+Y<gI
zi+~iF;L`ImAt&)ipV~92-Cop~tn&C#@jzkXkGsV;2R2spL5i?7$>sDtwz)!{w)Q%8
zQ)8z<NTv|OnNaZ9HIoFChRRer6egHkTbrhgTfG!~P2n>o4rNSNEmDRE$yQ*DYs#w_
ztqlLr&`q{YBdO4Wyt8usH<QI0NuiwB?OESbbMgO8_qy%v+jzC@(6jW~U#!aYeBYnF
zs8F|BTVVM<vY(*5)4hK@Zw^6;>u1#?w#D+EC%Ij3I{o|Ie&u#}m$WQRJmdI+P7wW%
z8mwL28U_Wf*zvjG$4pl3&v_K5_vJ0AF6~L!LUFN82p^mG76jEhB`1X;nW-Jbw`J{6
zVTLjb2<{n%nYYYFNkdh%|I6fmAFiqSB<0Y2+&*g{?eH3_C=w<;xzxfV@$G)WcR1HY
zUU>KZneDEybUH#X@YyAcO|eHl$_HEBiLoO{U`m{VD`j&s%_A{Pn^!_%am?r-9bC~`
z5K{U-kiKx^Ne}$w%2bAB-N2rp{1k3K%*XPk=y^b8>_x=tuMN^q_GZ5;{Gdhc=7Q&V
zT%)}2`9np0qN+TXh#i~pijYpE{0jX@{D}B~ehjY|^@M$t0}Cju!z?wNnK76jNCybO
zz>b~+)c36KWg2c`{xVeUleyq?{X2qsyfe#=1-v;~ol^RUoZ6oh&s?AOhUI+Tu{dA1
zCSK_`q_ZLBuxDiyMZ|?1Pow?Se$Bo!W4zPsMmC@o<~SWEFh8_<8LRExez$YSIO)$|
z9fmme9gMTtr8A28E&X~r{DStV{30>$^RfNa49n)apYVwA%Q5i;U`Ug7?!*krET9O?
zIaxPs4y~m}#BIyE@04^UO(11{(1DeBJ8x3;o-M?XRtQA!7eFdT2!S0(L)8w@xmErP
z<vxLOdPV5N|KPIzc;5Fq&bPn1flOz}4t+x-=(4{JwaE50>+LiUIjwDzZ7f1{F(vGc
zd7Dc_O%Ul%0Pg4!4B=6Eig<BmOFW&JVT0l{7?W4?q2F1sGNjnl#~L~+?rdLD_DKZa
zpwVwZ)xhMj+J}^Zy{9`+&|QnL>zZ#|wVJ=DP|{R)A6E~)U6-03ph*v}kD&J0%QOBe
zxHT47T1pIMvR1841KsZSJzs0-i0uhH-{}&H-THpYpT)`Pa2>lAaZ_Q{&0$i{(c`IZ
z@EoeZiKuaRId|K%?fGI|d_W={MF_mS+4quc;eKmfjzpMccm2w5{Mr5C7<G({)Y9a1
z`k5+820t{*>ix}3T(+ax28gH2@qDat`cNW;hjL?84X?2WJ3VgT<71>&%@>z)aD?up
z8MipN3N>gAa$R`__TQYeD<@KJCr)^f7Rp9i?hy0*0h7x}SFfU^BNs&kX@UXtcg%MT
zPM~X$t7G+3se3qcxUS@_-jT2&@*Cxy=C@-?&vdA+f5NH993PU`ix*o+DaW5VJqZq*
zqRj^UfYa*<0MXa-^iin+U3R;+m~h)aq#i#n9(9&1$$1<$-k<iPSI~!AO<YdyUc#pI
zFCVUpJdA)l(tgRbqxUt#EG1}n^6x;cQaKhdq(9KXSo+8UL<oh=_$y@@ao{%1u%|7Z
zTXdpl=r|d=5c4${+QURG=m~aZ2b&J3T%{TP^2qZ!Lg0z|>EM6{?KSac&)JjE4P2@+
zX-zaxU^rvIHw{6j82V5_lQ8x3fEi);7=g_E2;hM5Ak5kN6hMVx>lT4B;pWW!EJ4BG
z0Dc9Wu>7#{ZYw~ghGmd&b(27uuyclfrl88$c~d}zaD)ohBvE7Huiu#4I!U%n#azJ&
zGlfNehPfprs!O1hD6*q4vjvkU=%8(*n$_MFI|Xt!0)QtHB!z=3r{(5XW)(r!GRlka
zPO<x}{a`Gf^>S!+zZ|FaY|&LnjCUl1@{PAK64-||=9l5K(ReEKpXr@_e(1O%VtXc&
zT=7jM*9T^(OvS9D=K$=z<p4_e4H-pRK}Ac&j4|vj2&R)Vc-HY2N;uWU?wku|%xnnI
zGshG0z(!}LGjr^#0;p*V`E&>+iU3l$Hs&<nhya9=ep6_=!fPf9Se#xtfl8FK3SpIq
zOAC}_+yewbO*_&##Xnd^K{?S#*f_+_ba1l6=KIi7%nLt(7V^UH<QDfl-8YSod^sOK
z<Mnn82dq_p401Z$c%jsw367{b+uBkD5ybJ~0|7UOrRSfo32eJGcDPq2?L4RY;lxUX
zgX@-G;oF_wizqCof!3QjA0el+a{Fpovv{6Tu{#Lt>uzVAphcHlC2=|A>j(_o3Ogl@
z)RZXljjn<~`kUU4*@3rjIuXam?d+r6CsPs=@Bg(IlB$PI=n#VCK`n)Qb}X)e?x|W9
zN^7O>YX4_4CWv#tnzQFINj#<o{`77cl5_z;ReuF$7J3(&hMYYJc);AhQ<Fneo7Nf~
z9$G9|X+T4OEh*;@HaI(V-yhGuw=$qi@HPQIOW+5JBzbeL;G3d3QD~LeFPbOr`Z^)M
zSMad8#c_0C+%=uXK2s>Ay57Jwj9TYztj?o=CvAY7ev0`%Cs31OHS%@cMBHN}$arw0
zDKL-V`y)qmu7ytK*;!{Uu;a0#IGtCl!{o}VKJC_1&Q>4;V{^8z(a$*d+B?!>sgtZ(
z2O}iQ5q?e5rVz8SdR=Nre~?<G(PNuvO|TIM1<~ZVXqFtDooPfGgejy`);?B30v9zR
zJ1aGTZ~5*`E?XHt0{C8)fmxPs*!MwB^&HUi>sVv#Jf=B~S6X@4h`t(F<CJTs|EkrW
zc`Z24z{UJ#?5a&OWJ3Us>+I3g6)*Xf{X(0vck+K{9o3ue0qS`<W_t~2^!?jd-nF?p
zJMTs%z7`^3JpaUobqZJLyxwCfxWuYE&rNV8u6PJZ@h=4|1BIeovvpA0N$^a)+SJ`i
z3VD`uB7ikQva!rsK)JTyaecJhJF_E$&51^4TOwa|sZ3S0y~3qgvG*(ciyq9Vd4LT6
zW_bHyYdG$X@nv0ePav{8Sxpkljq_RW(h&F~Y2D^f?9$tX-t}bH?YFxDy0)AabDT#P
z@4OaqJ&fBLFWJ(yB<M(uBK!3h&p5JWbBz}_QL#4VM`)<mg0`7lT7J8ujHDd=VpG#1
za=ue$=zJx76m`<unHp~}0|k4!ZH*9nmw4c#65kvqKBPk+8=E)@xhDZ#@PSz4@}~L^
zu*o4ZA*_Q~ps|zjDFz<$gWlruRw|X=XKV@cEcFt#u03xMTihnlRX(8Ju}_<J)?(bb
zac5a6;7;NFgytME817C9NX%6+`ayOftW3gFb&IgHrsm8-#aI(le$RijVwn3b$UsS(
zVmQS+-pAn1r4QbDav6IwUmW8rLT6J8xu|$FXKclON8>ChPU*~g3%$xj`gb%{zfp*9
z>f_R1?@->Lf7oYn?8^iQV}mF1@Gu)YIKn6mD>fexToC-RlNzL;+*KO&vgFKq^(Wcv
zQpQiFox4Jh?g3KwjR2yz<_C1Fzm*>5CAGdX`v%MipzdRNw<Nu@g9`ZY4|S1{Xr&oF
zxF>tSo69-J`>5b-iu_&m9|c$~>$p~|Nszu*(M%`O1D`XK9_C@)E-7#Ln|p`byGD;g
zx~iAr?twBk_8C1&(QjggwGHL;3dDl8SKU@Nt>T5B3#)L-^V>2%;V7i-&JF?`hfVmN
z;`p^XFP9T#JC=5$I+Fg6{d8^-vgrg(_;VV4mix|{w3z?xymOb}Gw}nF<(DFeo3`4z
zniPV1NQ%OMu)9pC-LSiQD7y%I^&po6RfpCwU2?%}D4`+hAuOUzu^?q6X`&_9h`Vg4
z+_1YAsM*N7GN?@v{tC7T`)DY&aDZx%0nwX?I7&aofCo|!+I}uk7wLc#!@mZBpkpE$
z)O^7p2cn}05u!x801dDr-;4!5+4EbJeO)A0sy4RpDd`9v<sct+SR}CjKEtEzdm+h&
z*-OK+_B9f5lMS#U)dk|1L;hcky#tUY&DOR%J#E{z?P=S#ZQI?`J#E`PZQHhO+qV7p
zyx)E|&e{L@&J$6QwJIxDt|uxpqpGf0cNz4j5GaVEi)TZ<3!}gIGvvW+Y5(|{cJ$47
z8bFi8Z>H;uN#N6<x&({##px#%;S(IKp-4~u00M9f1?4SOn88YxGGWkT_$*wy?Rjx6
zHkjhsq6GVBDwO;90D2#%BG%5xcgG&1+7%H1v~qUmXTrkk`dlooy-1%6uTZd`x5#*}
zSrg*HeKD)bL-p{xV0M0vk4kIItQ3B%+lc|Z@2b9?+<cza>bN>T1DF|CK^Ie?Q(JzV
zg4f>*C*d1a^dG64$_75)u9);=f1sDBKdlQ_gDi4%Z=uE`uf!vl8<55@Vw!1;8aeV1
z0k;nC;Fs7$?pW}tX03HUo(NI7Hd4w+B@{{CjH1K*(fbxU(LRRcs2@Mbv3D$qdq=At
zi|lwM_=`RTMj$kk|H$+ylRx<th4{cS6y7aEbkPlT?Y+`xc(y)F`K>`OKzx)yCMd|D
z4viXgWOMUIG)&}(*bEt{EIC%4`tt>Kjao)08@%#~`GvcqW+H}sRp6Fltk+wg^W@XT
zjq7QZtNIgo<{p-5FU@Vg^2qVp2hQ)ju6O_1P*Gp1agq%hf3S&G6b6-~vD?BBTSOFJ
zAvlIVxy<+>y8ela%U!D19kwUo#(W?BTI1S{A#ss_DkD=Er`rNWJ6(RD<q)1`J6|aM
z`RR?yJE@yGFVQDrPTz~6ZQ&j^Vr7zPKfwG=ySH;;K4f1R829=@-~)$G+n9jLe{;0@
zgU&nc%8f(Y$u(lI6s1zLjp8~rkDN#;K65c=kx4%E-aVf>@l`J~N^r2a%f6{S55z1o
z-?MbnJs*2Pg%QSHw3W|mfW-w4GC>Q)4fTbe(GysQem4c>0Q159Av4{7dspS{+lTPD
z>A07A#skE8P)kP(a0}|4;Acs<-Vn<i<^o0sJq}X@Y6Tp(Ozil6qWvgiB8-L2Db%U{
z=^{&`Ra5zN!}>#mSFl&>yTYL9;Cm$F1l1wup+m)W#blh7^}xH#<1&)QhyuAz;X&R;
z+)MKjN+kkoKD11wjE%%+Nf7yu+1(KPl44;olvs(1o*tS&Lacy?pD#_^l2NB1aE#o1
zbqR@MVTo$7;wZwSSUYP7)VD+-mLZAEsvF4E7Q^>@yme)SFhh}v_e9`+(=`Amx}J5G
zL}p{zPd;%YdK+Ph!17%KAESy0Vn(0@q+Q$ULO3R)IYxL~s_g2<q6kSS)U}4+7FpE~
zL}9I+>&D`kE(T21e(iS(jjG!xa-dP4irRd{n5xOlJUy5$ceRcBpi*NF>#jpi*Mw;1
zzp|^N49&lYP1_@&XZct=uD`V$w47R$<e!urP?%W@?9LRlJlBuQUp9N?y|sO~&Fn)%
z-=fZm=3=B`V5XL&o?@Ih5cL*?UEk!3iRRXouxnr_@UR|^w6HT%)G#%daB~(Lf8+ow
zNfGuqSe%qvq~>|g2!Ww;Ntc>IQ0~8_x3#6eL3V}7p7zKm%&jRZY1LMh9AgygX}gf*
z6{J2pZ6BnPl$Dhx6&y%T#Eg`rTAZZim%NypiMMV0yWO4~EKH3wGfRyt1+PtMhIwkY
z7ZuZJYO$&uQ>P=E@bIC;rCFdXitd)Ardjkr-xHShETP)7<P=-$2{hE@HCS7h*X2=A
zDJ}Y+9xM{tPRJK~V1j2Wu_eB|1on&C+exw9a8(wQXlkhN=s@fS=i5ptthbSY7dJPQ
zsG&diq#hKsG%G=(Q1z>6ECov)ZZT08TU02ySE^T$itK;yXMpV|pQpC8G*^{eK1Kb#
zs;Hn4^{%L-GG449yBN-7UYc5RkW(eA@8r;{h(-ojTwT(kbDdKVIDlbj|FW;5%`4cT
z$QOu-LRA5-aQ2d#dQ!yzKhM?&yadLfJvC(;!4U5TEj6U=<Y3ha<bB9I$7(POQe4u4
zF&OS=p4@7h%^*a!eSqem<dB8|x6qVTf?iAobvVbu$_g_)u2o|wCavVCe6W+Zhqu4h
z>BmfKRTd&G6vuD0?MG>MaGIc|Ay}yV^%P34B94e5$4xwxjwCdcs4u?EQ|MC%iDaN<
z;J`+z*@#z|ZRUO9A4@rGDlc-dJ0HGypFFIB2wq9yS<y42Im3%FEI%VyZC<S`FKsP`
z`!+%9mdB%w(2P}$0oU<uRia6l1<#wXT}7@1I`8)$ULUWXj}$GgL|l$%{LI6$D#kCQ
z1A++3>UAuC68Xd-L(dXYy%lS2HGfY<`~k4ClrZLdQ3*5r7;o2i=77#X>D*}BHf~(@
zk={%!Dy@=z9ffj%V8Q$~NqmSTNb<u)T`j;0R3Bn+@N4s<u>g2^fy@$erGN*;zGTVj
z5mN~vi1E5c_fY121TN_=oI}0WW=9l*WCwC9Axy;)Xw`~{kz4b4C&c}%)P}GK>Ts@4
zxtFAcu;KXD{<=xKI&C)?g(Xo>7?HvJ5lf(R8+>l^8dbk^viF4<d*lQYW~*{j6|cH|
ztU1<W+SiyItJ0iX`6wRf;8OeIy5YzX51jTOv(EdaAb%sLNaB&=p7pk{rs$%+lA^bH
zcAelU<4_LNQ`D`=nWA!P!RMm(i4gT!1oO1|>uSP|M$(LB$Qs#tBW*<vV)fPFeUK3k
zN%!}oaI&{W*@}31<obK|C4GQ%k^S7n6G7yR>C_`ARt0MV`I5*;@$IUZg*(E2MNFjE
ziV$)8AMSyav|@4z$~nRmjMYDHFr~A!WSYwhoS^N7DO4eIxQYq2dAX*TuhmjS>LnAj
zne!JeW%f9tMhe(hECBb5Fns3Rl$lEaR%vo-3)EvuddGdDHIWl+1nRU1?*+!?v{B?s
zi}KwUgQpE?KB%&J*cD$9tc<MZ<n41f4?l1l6`suV5G3nD3)pBOV+JX6S#)q4>xICT
zG1EeZkK8Kqv~%c7c!=eO#ZcvBE%)_hmT_NCeWuA2t;%{2jYnjXM;L-4^|*UTbzxOz
zT-C-$-Sr$jLngs!rv=~v$cPm5T<<)Hga=@DeBqzYyDzhez6n%$(|Hr71M!u<Rf4;3
z0%+R8);aZbNaJPbCfmZ~Ib12I*-S<ew{v~c9G|i)>^v%_YkQ~CXa2Tr*|{5-eU-i)
zpq075^1OBn8GK_0;-R&3<31(3#=2x%wrlwX?F<Bx=osI`#pAiT|BTb|`$g-xQK55~
zRN?dfeo^7GG+y#O)X|N*`D|}4u1os;j=}kaXPGAI8E_I5svUUKF^qUn$M0}8&`q0a
z^oH}1-$rI}R@S-c+ICb=`FS_1qPO7<VKO^M01<{6OWoUaFxxAr?xHa3x@!V32C(e;
zo25GffsEg?*i=d;nfuNiqNRkPf`5qM3c)!%i;K=QxACDt%wTfE;0msR{Uge`kuxWR
zmB-2>9ip?%+W6ju^^%vN%c8aQYXg+bGK=Zbcaes!#8}5kt+Y6<gYn<vU-#f^YxOCU
ztz51gv-TWJ)|SgdmMdUZn5(P|h}Pvz_1nr12eCAhk<3-@N<K0UO+$zSzD#qlw{uBI
zuJYYn%*0#2OQ5S1nAz^c{gt+yl*D`{$I$bCqd!?qHcIWwacXjNH~~PCIHP$GxBhI8
z*_V+ygHV<+^h1OMNdh7@exPC31~CvPk|CGxz^e2jwyoK71fP}vUg3GDNSR!yelxCs
z-t|nnb)6hGhJ3JZJYhM(EJMed%$h2b+B&vEP{v_pj0q-*H*z}6i4`dIS}6JOI*7C2
zEQNtNoj4xewIX_8xQ~<0Mwp|9iLYQXMzslRt6@4G2yJNivLyPkcOz=#Zfco_0m+v?
z<p(VB;*E-q4#66fhWeZUTLe6F_88PF4jxb136V>D6$Bq{x&(%siW*bJvj(+Ir!K*`
z5TwVF*n4DA#SOItR9VF%&La)ZksRTFwNT~^4`a|uHv=xx>M%+2iJOJ7cm7|p4F9AL
z{!f-6BO}8<(+uh9{*`B_=w@p~D{N!!C}`whU~gvYX!9i__GL=zSsBp^^8NWyN}A~#
z+3Pu)*;p&+Svx@dkr^{_z+?K_`8tuG-^Nvgnwg0akD8H=5s#jcjt-BVm0gQg%u&zM
z%z)3@#L@_l4uY1?!NADc5s#gY8G`mtUw;g026}o3S^+&<Q6n=G)2~Wab_iMpM<Xj`
zJhrbUf82j5n;9|S{Yi|Jhxkf!{5u_<p8j8d;U7w9%*+h`iw>Gr{Agqv9a7*UC-CU8
zKF~w8o^U9EQEW)O5UqIuEN_=s3<j@1)y>1bk9T82i|8G|;mz|;Elb$e-YMGtMmNhS
zz2V9Csqt-=jYF2bLfhk@v8A@tRbs7U9}la7vf$>yK`ZdZURxZM(y}L<%=N_Q7#^#Z
zYb0)?{>5fU2OiCvLfln@HtvnWW0j^rz2Q;I_K8;8NGERA*`xyuh;esr$7{Pz&ff+j
zoj;=nk?czs11Zjz0#@hh^sECVhLnw(CsbbFe?SU6Zq~LKj~uUkSRSC6>zk^%H%3|}
zl%iHe>vT&uqg1Ih5I603?WbCH(~jM5snh`246U3-T#smMEWU8mEVz+gc6;2g)R3pN
z0?c;0gOYwiNcw<+3iw351b)D92Y%pue3hrncP{FgAN31)on7Noo8~$%VGG%v<=uBK
zD@h;B#umpq*&R|J9JV(i75P5UxM>Gb^{Ow67y_Rs(2_pWsdtYUGCrU_5<aEvN3<sb
zKBehz^d?^x%pK~O)Df*M+zaFa*&XT~!VBa^<&=)B$k#E%7mhX^vD-m)qH!IE<4bx6
zu@7~gah=zKXA7G5_6PCXLHB?Uly<Cl?1iJ5$Ef<&y(pKHEgOkk`a2g}+ux6Jv-y{x
z+%$jA7BZN5%yl}tq-PcJDfBwN+`f$clxDSA$zK{^Gx@-Rb@RwPbY(iy%QN{d{mUE7
zXR_2RJvzU0^FtF4{J%^i`hU~i`{#tARdCXG{4;wL?VXJNI?Au-VDx9q{$J;fnZ1Lf
zfT^DSpZOrE_m6#6RtQ=ZGebvH2MtzcIy{!I*~!ez@|D=jfXDnbml#-C|FRhw8UHH(
z)csZe=lECsKWzpEh`;SWZCF@X{$u;g&!6-E(dKWz^z3watpC#&#GgLd{_f`==l!GZ
zuQ>kf|B3JKSpJlM{QSd)_&b*WXUY1Hc>c8i%g0x2fB%O+asKJ^%g<l!|JclIjDPw3
zv;W8UpYpFbzK%06v*WRUtu}w`KYjn%wEkzU_}3DK_tz394?(MFqhxLNM-LJ2uNC7z
z*O0%3HvXliNYC_Vq4_V%$UpO~*_qjx{yp7#U(L-`VKIT{k&BCZgXl8RXo|7NQrnQq
zkDmBxTPS&H0Fwj(=*&cHK-^M7lmUnYAkIIK9-qoiw15b(P6~6V#{my9t`b~2iE1`4
zo9LKn-FB8KAG?S#C7M>skNHrW3$u4>>~Wm+bDZ(A!(oDJ^*zI(^0y$-+~F^vBTyV7
znJBEfG)BR1u82SLTv>$r+<wPN#NYsLIXi){-g%w|ta1ZSIRYF>TODo8us6}ULgC?q
z@^+Stl6qV|EiQ(AoAEm`&_jjLM)wg6dW##HJUa<ldu}-pB)>VrO>_k1ylL1YMFg0+
z9}45T$>?VKfW&!bkH1Xt@T{lA{Uo_z{&xKc1h_rKr;j~IZcYm#(2;e>S_vkq-IsnL
zgx<~LPK;Na&pBuTR4#2393~?w>G$cAbX9Q0(WJ2ia9kA-v8b8a9}SWQkb_F@;)K<C
z|H%UBb!G>l?T2U!<P9Kj#l{H^y6wFLyefNhH}4q&X0j!6g~Y(~Q=keoa?@6eLlh!i
z*aqJfCbApv4e{Y>bG8-xp|=*zi+YX^sBO=y2GFP%?OqQJkNYY7Xc%her^J;>_#4o{
zorNpr25$@04Sg#)>NA%cAdK#X%huEP$e^P5S0Iokz^T!9zfE8I4|uDE+^5atVV7a`
zy^HRlJ9SuYFwLYr8qIygs{0d&flsot;15zFZzqHcqgv2zSj+&{?x*>?Bho6~TX>?#
zPDm41$_nf)H{&{k9(9%8&53u&K`l41l=mtCo0PUFwTtbfZ3uNyW;dXZZyHQIhdvc)
zT-+d(^aJHv0VY-4g-@$^;1_*lQT(f)vJ0m)=P;b8GfX`BTu5Ffo*V}s8f6<{!2_!^
zH}w{46$?t#<5CgOl&7cWHfnOUYie3bYSoeyI_|fzHdHhkiY-?K&;1WMJ$~%9Ci~-c
z<3shv`NV1AVj<UdAnnqWrmm5^zD3aw<^hw4aTzt`D<q3ZD8chzUIKvUSxj09MsoaM
z$Eh@=pb?i1g)C7M)SjXXgIAHknK>$F<MmT#@<`}IBy_={^$-&pODuQj)Moei-DMKS
zsVS1sv?fi*sRoD$;?lxUs3=p*Rm<5}ouCyP4I&N6xGQFqkHaXber7kh679ywA1wI^
z7*5FdfLTl5@8HASg)mW7)TuvEL`YSfP)Jx;v{vZ`#2S|BE65IOQmlvz4QhsZr~WuY
z34#y?!9io;6Y=o&TRcdxaUgFCZvgbX@9KINx9?zBRL&n;f6+s!SSv(YDk(|uJgIMR
zV~{?dj~0Z#kz}#kV%V~`Orp`Ij8O_<nRG-aE4EF5Fmv9Y8Ql>q0|iNEnP#8j#)B1k
z<*>{dW}%CZrh_XJZpxkxpb5;Sy=Wkt09^|$ZV#h!E|qX$S)?eIve1G^Iz(zUjNj_C
z*SH{%u)fKY-rY<C@dxha^LKC{hiVNXKH?QVwz2Pbh5tb{>1#OYLaE7-fu52qW|PnO
zj>s5yaL!U@Wff+@JH1zawNe6qy<Ri3>AUX4K^;DxN91KZTo0W`6lUbiI*UwSimcsP
z1Xc@2RF`W0(@Q`KL^53Lh3cWnu=`tWtU@0HW=pnriPil1NvD*S+7Yi{mc@-hMAb;X
zsFJ8?je7M-wmygY(77s|4>Dzeej{)KlSaRxlbQPb2MQ{q+<1JQIPeNrNrHZ*@vC?l
zj%j6RKCjnus%Bv~JT|sEp1Sl8U4W+2B70$C=jE~!fTTu+>IRLrrpq5fNyI8KYpQyU
z<NFS?4FdiLk?N`rO=^{8_VW!(=4lH}D8(UtBt;xj+V@V@mNXJ$&@5Rwle1wo6FseR
z)BfM5L;TD2!6QRyWTL)=B~0X3nvf*~QLDTBSqiepkW0OkN^tfo?I@<4OUhEN3i7F5
zip#3^S{w{i^Z<fpb1=}T?~vwFL&!M`Z26<!)zo?gkw&Rj?s7&CYMZUJatN4Pj#kJx
zp^T8B0-M!Kl@@Iky7-gvPzy=XAPRQI8YO{M)Fz(98V*{Hkr8Kier_nQGVo@sDhB;b
zsg(WMP*q3v1vbC8WLvpDgp#bySPH;Gi6N|yX@wOdu0mY?Ebp)PH`{fyZ#1HeNcdi#
z=d2{82Y_RREWlDzY9>n1s=m-9opuFmy-2a>fVEArO1UP$XgA@c4iudnpDRz17cPo^
zQjCtyHQSh;`0Zu6ED#*+5}l;W@C6(lV3H0sE=AwhxSAKimMu4AToiEyBmUT+#+$@o
z5l(g}kBx6e0)*UGVvkC|KlHc2aM;s@8J;bJFA>5hoH{e(HQg~TgJ@#1Fps%tHIz%e
zHuQSSfD;42RCokhk)QSwjhdFK<(q0TN_(B$g}n=OUF)&&FDNSL4?>7)>VAghM16u4
zAmWLGQrR6VWJPW1{eAl8#1W^Z9HL)YZafPea`<(C3oZ6`5~0gBsvwd{rul2GMNr8f
zs=>j`+Zw%4o;G{gieC&|&L7?vF)){q)MUIgTV^=fsFWNvSPTzq+fCH>Ce|KQt&xVu
zN6TJ(`Ar|xE}A6P-uSJuCz7^dmh}$bld?6O`<_lj93Ss0y$jvZ-77tE7uZvS(j}fF
zHiU3FMqW8F9Cq++M-$U7&o~hQ^s%pW_t5*P#EMkKNqOly;i<9nI(N>5y~7Jj<V&QB
zWISMO3@U?#nJeL{MKLzoTwG?7uAi6$BQCb)DICgSN>Vwc-FQNBv3kD(<0YPgFwNp2
zMJ%;>q-_L?e$xb{OY#jjZCLX5JEKxmvXAA*RG9}Vs5CvIGy`ku>iFxJ$XE||tv<KK
zK}u#~>Pjk$L)VzE8k2-^2b5MiU7Y?Lbn5GPD&YbAZBYs>>m{=T2_rgV96aN)HMiwK
zs9eUVs0{0kogE2bX36|<ECT>S92pUehgePT1+OU<5+X-{>v~HBCTk#n_I>a}ON3Rt
zFha~`6Maf|l4L@$xA^jllhvs{QvjorUa_)><y+aZn1A7tF<w)%pu_Rpn3)Bt_Vc(_
zVLeN4Til@7O@Gpzn%0`;_g#axnAz>51#hLn%+!bd*drByzD@2|kIQSDshaPo{j7T9
zz-7KL2z;@9Pe5-3g|p~!t`Q_5w%3|z9QfSYmB_BzxdsujAsIVlwH!Bb_{vv?sSGen
zEX|%YQe(WaV8i>&ZuKh8o}P&|o|$7<IvJ{*A5<o1L{SkQW-?|UgdX?E0cjGix(0VS
zw$f~1?6QQ&L`FxvtX}G#;%Teqb(rkA^xA;z1z7Zj^d>qJF<4gLGvj)14_H_;A@-TV
zs619*oc3W}Ti*7N_**Ltz3HdTEg6mNS*b-+j>)DCPeOyO0s|#vMs4HAsF0PdF>&1<
zpRY$-Cu2IIHb|fQ3ynM8hpwIies#JVMe~B1y>wT<6Y)KVb3T3CZc;;UurhfcteyI}
zo8lh)0K6WVn)?NuDB<R*T*FOHLry;pmxRnpEh1C18yDaxii)v*T#zT2OFZ#YXJbS{
z9F9?v8JJ;o4#}V?q1dV2%-1SVd2qF=Cz7drqB@>UoMC3xk@In(AwF(ZxKFCEBPr3H
zQ){r%lZW%k_Qlz{(Bk+}q{Cx>)l*`%;wi(S_W}?w_E9|9tK4_wNJt9&AlW}SQ51#n
zy`UnK8@eE^z(JWCzj-=C7oi4Yogd^onA-j`5P+mID~*2A05QI1t+je`4czTi3SBdr
zqXfH@*luqp*3)%RDk!(l_S&WP+uO%w+3{w}_Qn0?*6$XRHyNH-+K)S_n!VLd?+D3F
zu8(Q2UqL0fFVS8AznrGSG&^O#smapplb}J7tM*t9u^2g+waHmbu{0w>+1Y^*<}tVM
zjgRWd7+Vz-49ceIQ0W>&iYr*<N6H6HWY=D=+%buW6-!IVYZ&b|wAMDhUe<N~et%g9
zw>Y4dzRz>2peWye*mxZ#ebjyqB4$yUnV<@lqakrZ?@YU1dTtcG&YC`g=IagiWt_Uj
zTkI$*SmO-`Db=gouG;q38_SB=t@o2F6eFG58JG-L4cw<{j(EmY^A5&75R}K}te#+F
zHt^hUR=5P)nU(ROFHw8jFD+vcQcdF@7f*)FpQ52Ai<}%wHJJ;p?Jsj3&#B3KBWV=Q
zj5nNSHAXNX2{~kBq(<@Y(@)JfoZ^7P<nrs4wKLQ@_lAh#$`7~xDH$5)ZYWzMZdI*M
zlbjNyGmkQslfmLq(@j#f>m=q`)|VI0(^jE0)xg<!?u*#RYpf~S?)839o_Gi``MFiR
zC~p&DQ?o~+l<sbITe0HVtnFPki=?7MYIV!yHhG-H>^WFh-`KG6<2*Y<<RWPy!l%}C
z0zzx5Z+z;?&8U&4Tx;`Y-2E(|bcr_Fc*`vpeg$}jHXXSM#8(x#)mD`aKOH{DFEI;d
zop&EdW;{BS{@r$jc&GUKw&&|I@%k)XzGcGCQgQMe7@n~IW<|djc5vo5&s{YqAW`rG
zzxwKQH_kN@5lB|!Q`jUZR8w2bj3h}y&%guE`R5i5UCiT#`u$Sk^>$3=Ij+aUlFUwE
z-MU31SA+Yh$nBuc%e;&>X~iWLF4O48>!44)%NxT1iLQ0$)Lf6HD*5=VS%0125K9`q
zRA~w$t6blWw1vHZGhJHPVQnp=l&5B#M&Yhm#CbLK&*$m5+%m~>s~Q9SB=hRBT8Tmf
zax*Ox)NQlIDg2V+f<h_Mlv#G~$3q{thw^6F{fmoLj-_WoAD{UE7g3RJ7lsDwCX2(i
z!1h&_x#+Y`uN<3I0+rl0YqKx|?Op8AM;;tzRyIuY18N$o^jR#!*Q5s;&ZlR$j`5~F
z29t<)mb;e`>`9roNH{K}_TbC|o1EVtC$O|ndNq!o#ER15ZHw=zMtM9>c1BY~Wr6tT
zc4Vl^BCz0<-NI66##>q;4yQvF(P5789^VyrsIxeo$A2k3Iqwln+IOw@U~hR3u->@b
zRGJ@{9aOhPR0SVQDC>UbSOfWaJ9w=XGa*gdeo`6rt#m$NW;z&4uDotb!3?Kn8zy04
zi@shVADGhuwzv*O#Z@xjsR~(J*^DbMMu@`dCy{*Nj9s71LXjiqo-I%68*^PSN99b2
zEn;TTj9B!ziY|$u0q=#`2TKA8omQ@j84Lnbts;g?N`YWLvuxI}q8Wfa6R4s(<So-=
zNgWLL{F{9KwN=!)f;c9g$dh9JZj*z0ocLfb!8<5L#<xcF8l@lb)~uHD$3&{SXyrFH
zS0Zm3UfR=?B8Jn5VAkNztd2r`?7y4!#jfA<?cDIHvR6r!LHN6QMI)a8+lA~B7E2R?
z$B%M^BawnB-MNIEK45etRV-sXdMOF)8#imI&aUs>z3{7L+pIr+D2E?cJ_PhAD#|Nr
zYAV_*1(hHTC>Ef-^yW|r^Vcjc5(Zts0cI>369sx=zHJB7`t$o#E~(GS6S0iI>(~g!
zd$jMAi1h|eNOukn`s3)35#-wA%><}zZlK--wR^)xpwOghjv;BP6Ld&%S8GQKdT#UD
z1YixQCNI}ScaqBDSzp|EwDgVJtKPlzd_cFeEmsS*EeQ9ip)by?VlMg9us%c3T~0*P
zuI*p0;{}ql=;;h?7Pr6=YT5f&v<;$yKXci;Jff88%D_o+R2ind$IxJCU2tn7jegfV
z7E~1Sk)cCc>YJg2^5Eyzp&f{6w-4%E#pT1*vKM{8Qw>huL^RgL1JRegpf0<B1oq>W
zyjj?HQbDFKM~mL(eI(IIHhX;W+@PcOM@?Fa5Jqd_fNT0ilg|j(bJrGA(L?_14B}2`
ziUDU-iMklh3(V=oRVNs1Ye>Mpj0mx%S)~z~mGs+IPK5|T)3VWKqpev~xpb#H2Pxa+
zb#Yv%0m#dooPSP2#syosBT2bDDj|_3$4Dq+2~N;6JvqII0x1}=oxRhv1LM2i9Vp>;
zPE}_s8QhAljqL&-@{=Cm27FuNj@v#kybZb=Iyo#59+(DRUtNnVMGsc|M863*Qm<#5
zkZPnlK>DSy2mIvOw-eB1GR97TqX2?n14f<8a-d>k<}eInt)Fucb&pv=Kk81qmW#cG
zO!+EMdy0e{E`*yw6Y($k#<lMR?}f<vUQf?Ey_MSrKFteIf6q~LpM_pmf)!&vr(DUq
zMkHa1+|`;Qy@RD?Qyz7jfbsAN&K<w0hYQZ#R)+@K4Ggl;-imuQ<_JU1nj0n}WrKw+
zjMgcy<LLtmpBX;C6qvdv+q5JmAAXzBqF87Yz%8{yV=i9rTe*sR0!e7L>#VCfW2sKQ
zmy~{{ODpB&E~}snTxLM21Z5BHHy-mJIM=TmySihrSaE4DF#>hYd8)S)oL5#poeA>+
zn2RtHvw~1;<5)&Bw)3D5489ZG^k4q*US_RO3x}@H(95HIi<2Hfrv-Z&W1Wb<{);PE
zhRQssWt63sYn8d#d2TYJo5BM*OtsOmq@9An4DR^bsMq&)er5R7&L|@x@{|k!Y}4uS
zoxYnReJ=dk(3d#~5!D7nGPil9X{cY4@?i62m`4+j#iARbq{8daTmw_7D=~El>r|Up
zNSp0c8nki1Br*Bw>*je&p{>iqj)R6uKh%=?r*0W+0(?L>r30k|BQSK)-L7es4^>5g
zry8P^s2jrcxv-vXhK8Xwf10EAp<_@cO2DonYn5I4RiSM%o+o3!Q|hm?I#s&PWyt3p
zSbplPPPh3%br-i1Fr`Sq9;g;xJZ}uQFR&UdN-O37%l!V~EDkjPVOKH~vgnrOvH#-W
zz&()WvreJEek8)(a|6yu6}E)IvgHXVTx4)L2ltM2xomqS{K?a736Cbq4kr&%Zdm+M
zhKG>nn?TiDh@83k4OA`sM(C-}?TA#^6Za!I0-Ei2SK2T7fx&~3WiZS5U>FffOjyK-
zIZ5G)Xhan-O?*3O9fWHM`)0eyd&EPm)4>T(i`AtE`U$oLx&@X7m$SZPxX(e@LXFQW
z-&ymwpQ5;IjAfm;PU@549bE3-@kzqikQuoXRHvgvpw=WPlJuCF#>4Y3ixP6D#25Uh
z{i!}S?-Jm3AJ07j3y?tSpNfFxxO{Ujt7(&szezn$FRc$We0oL72Ofj3+mAdn@3`!r
zv~DJvi5D1oh$@*TY8pDRJexm_v@xu4VPJ0W79k&P#Y1MF_@5!uuMMAvtK-_TwZJLX
zxc7r|$UHw8Uw>~$a^`aOTKR-xu~%Rno(+B<WZSI{Gzf~y;3){<v1i+)z-A%h*e*II
zYgGNQ;u^0I8HvT^5$}c?70Q_L>1kSUZ`X#~+j<S><|q|$AM=Z`+ypifXHWKcuDj2$
z&@Q=8tTg0$`yAH6>X&bKBj_ZodHAn|?(<(Bpt-+#1V9s2^8r(4(`Nt#{AQan>&|)F
zKKnixUk4vV9xd|U+1(}xJrdg2hBj(FL>_NoFYMIA9z{KxKDdak7{t2tBWCD-@FV2e
z5EFCs`|bc(A9_ijM*c3U$Hn((z4Y8v#pPKLA=tLJK&ysex2du2(}0+uunq0r!9(S(
zK)tk#oi}$jtUtl>EJd;E+!Q!?h_=q#V`;5#FYj3id^lZ<SG94NXsqbJujn>07ZWf2
zDKry*RSxhQ?b*J=7xrq^Z96NCY@Bf1B#qpdGz}7!jodjX6~48)z!Z^`dA)9koOyrT
zu47%aFTvql`d$1KsxW&)b8>#J^~6WbC;Q{peS6wHR*AKCDn*G^%8^_B(GXkZl&ZeM
zHgo|)(w%*SG<~nlVQl!GLrhrA-GYI>AyquQ9IF8VK>tf@D8g#sTsUIdl$8YyaG-tQ
zcA!X3C9;N|5ck{6w>+L-V1~(OnCkPfnK~S0VP7w`S_bMNmh<=Or{v7lb4^{yr&^55
zErO##*Et@~d_&FZ#l^xT%rXxul-fi^<Bvpon5@VEDb}_{*=CYtXb}kUc+xW`heWvv
z!Ey2({i?*=1A3q7xe*Zk3F9Gm5u?N3b7yRm#czF!gI*U1(_l|~;Sq$B&|J8F<Xqeq
z<4Eq&yH$UCKJ7*G$Ecp`G5tj{2cR7T9#?jMrK79A4*TE8&7T+ge+VcG9V6Yp=;6Pq
zY5$Yw{EHs^3xEp!HvmfgKV<W74$8vz?;w<gh3Rh)`UNWJ>FAmMlZ1Xj(*J)f^iR|O
z4nyhx`sUMr(9pltWdB7nzGPwl3&!|&a-kJ7YW<52PU!Iif_7G@kI<h9fnOY7l<GxR
zjHhb}uwF6TXw0v(l1o~n7*fLo$Hj0nq@=+*p>8@Y#SJtOMjjk+v<(BME=Z0dHcwI1
z`VxM_Q$JNudetf{pjfF_6N$*(rM^Ek;(|v1V%t}+Qut?#d0uN&iGy9E`8zNonS_CS
zqGH$90Vm^o4@t0Wy-fh6MC*CRUgdU!Sr++#m@7mkFjcA@on!=WC>xF0G!roZ@yC2D
zmFSDF55ulH;v&Z2a<gMP0j|SjP;@1ii7(>hU>E2lyS?|lC&Zeow;;FC?@9cqTUuYc
z35Bf@2V^vp1->v(A!&oRq4)j|iH%#_QZk(gJC<$zDcs9&#j92hE{n>ZTj)K{aE$*p
zl34#moc}py{y!Mt|1xy`D+>H`#s3Wj{y|%R<FS7tuz$mUe<8wuLxq3P-v0%M{TcB8
ziNpSqkN=NB^#4{LrvG2%hv}IZ=^6fgRPDRFc_JRxAGsI{rx9y})vK#w;D-ayGH8EG
z>;KiJ+XdijWe(qkkQkn^lt?fd9kIm}oks#x!{mX<8YLe)YO%*FpPHtT9$(ieg*roG
zHS0fc$^3qQ&o$FTK7KBx|NQ&ecrPIO&gIhMvz?yNp`+Gw^Lc{(Yhxu#K?_H~Mkk<x
z|MA*${n2phjL7fJ50?Dnk>q(kjhYf3ht&UBNX1iT(_nMiE(Pua3crNW!`<e@{lqsR
z!T+cQ+%C~cq&EhBwJIvQN2DssXgzo-qeCp<9CAr}YCWl~S_*nm5Azl8dPCLZX|#OT
z%AYD!x3z%Q)1WPNbwt+#Xw}oFiT0$zD6NW1IM~^SlO;Ml8d$+!u>$V+T99euZRtX#
zdR-dK1Iq5F&rZI8EO`TZq5_$cxm2QZQbz8V3~{q@*u1gJ9{cboYSIo^bu>x8c@C-F
zOS(gKVel_b@u4~5YUW!>RvE9iPkG4tJ9qzdJd+{#8<b^oL=3T?chP)(V;$Ngm4wP|
z-wiq30-=1Q8w-cj@+3U*?G@99l`6lvC8v|{q%(^Dyo=G0O*$ObsEU6B6Cf7m24Zf`
zXbWxk4sNojSU`^Z6-5K#Jl@kGg<}E}2R-Jo<f@oQ$34J15l5<v`jFn|hLiI9x@6MP
z9d$Ws5@kl}fk2YB|3t<|f=R)rU+tU}b0}$8eTG9~huAfCod2^vmUOy+Rw12MK#{q6
zk)D=rY!7g$DeA171B%V%0Ic=Ff$A=^V~HgeI&ArSPBTVAG11H2pyczMku$(Bft3Ox
z`r6z;ac9l8BhO;@xI)>1_G=D({G**0nN-0?bO$lEoTYp^uT2J#psLIHgRX~$#pnXH
z?|52;*+!F|*KEr`;LDFs^=#+y6D3NE5)~>P<@&lY6?OTxB3r%g@0XrYtJW+SckIh6
zR1xa=indgMdC4+-Mfm+FR|5l8jop~m6yyh(XY2RG{m>f&vZ1iI<eqkr?NU-m`_P3?
zaGC1Cl~+`bWW;zTi^%DIedLl3e!e<F${_--&vP=T?Qd#J9r@VXg!dbGneLfAi?YcY
zqL|A|SFW;t=EUZsta%uZ&akZhvLa~n#`A8cIcmiHhD;J+St!|a1U8;XDCGbUbYU3g
z!ss~@C_()xEdGSWU5O8Y?uCPhROH&3Bi9QG2*tTt1@TVg$mg+_@JggX&(k~A+a41b
zLl?3!G&>RgE_H=VbYCB-fbQ*e$qyGQ?%#Ns+ezE3-5tv<*0=EzC=oq#+FdxdW0`;g
zCl~VV9)<mk*m7*U)JY8kA4N0r-L??~QjpYwXlU^08(j`=z`?P;yNT${-o9Ec&R*Bv
z*uut{KMvf5Hnm1D9i*9%Zg*WuF>fPHX7F#xCLxn)w>uqByhyZIRgmN(+{6}!`Y643
zS7zfHF#Fwg7z3UP9Pta~!BvnEi<>ffeMuDB$}DMxbNSpe609RfHxxW1z8b23hD1J)
zA>Qmd8r7?{I^T<}AGs{b6?1AQsP`)ZG_A#u$ZHIFc3gI@4ZXOS$_HR_+9>t%sJkoj
zetsqd@o|){CU~Jh=(?EOm^=5)5I`!X)F*RVXTpcsEi16$&j;t#YCs(5bwwgzehUxr
zA`xD&Q5*|2>f3BVHh-AY;=&2Z=eFzk<<rcEiXvqJ83_*Ln11<#79?<|5qWYQKrI!|
zUfUvVdA_sJ*8KO@JbiP|x>%Rr6?h3ms<aFmr*tDIEKrRiE%F!9jDDvTVKy%A^89dI
zSa%H~zx0=~15lzk%xr<o%IX?yEU&HCYTCU5%7O*qT6ZBZDvkzLFXCIezeyHD&Utd|
z8vYtG<ptUd{<+u*kx8!Pi(vzZk*?q0bzix&+AYSgRwQgrzX?~K^xXH5E{&|uHqUJ2
zt`I79R#-874DOy+nwQMSKnoj=U_M<Wg^o}_PE<tCeVR%pUYD;0<=(N5c@NUQ?kNsd
z7v_LCE>KQ|`D;b<LFqJofyy8|B^Y!#CD3$C(ICd5!A{}S)T3qD5!lTua16Gz9aAH)
zf8y(%0}!)LCV@T}BxSgCDr6t<dH>odrmfg4Fc&8U*pB{11w6-fMHG~W#)^uZ^%&`E
z25Xo>%8>BV(g`j3z}x}ueb2gvFmO|=k;khGv?}Vx`pO3uprqCiE|%8Mx`)e~CNo(o
zLVcmUrLF$JrCDXmBJ$4L*6;WN@gs6TRxZDR`Rz`iU_=kqgnQ8Qd{Jh6fqL));>h>|
z(*)Ahd!Xg8+J!?*8So|Wi-04t3~JC1$%2ax;cf{Qsxj~iouZ*9<l<Mvr%m)s6$#mh
zBk}j(h@da6)6iS2JYLPPFD9g4`h4GZ0=D%pg-v!FX1YZBc$=A*xUe8X!y;6tnV(?g
zx3qp)-&F7k#kVLXvYyD8wR^+sQ0`a|x5@XF(g}7$ka7EWz~=FW|Fl@;Y9e}W!(|VG
zz6|>fp)Zfl@|F!mz3{{7OJX@Eg>4w4+rW?+W`UkoCuJ6%NG(gRwkAHkmoFH7wV9v$
zjHq5nSYGdOUis;V^EnkmYF5jNs$Q9@dcju6G%x3VgQkrhxvSfNDV<V0ZD|06@-W3L
zZ2_*o*3`#~|IDTNn>87i)A1$^v3FaIZut#1qod!q)$Ce=_lL$X&tsju&P;F8_qhH1
z&s6Vv6bU4Ge^|tmqW+R+3x3q;<9OlR@ey-%KYw7rQFWj&a=5x9C*gK_xH*k6mMu$J
zuVs)y%dS2vxEj7L5I^Vv%jlYJFsmCDx}~2>x_<i6PArGg$1Qv<2(C^<2(8Y>RI(a^
zH)nyFM&Y_;S;F6HXE=QHl=f>v?I|s4T}u)%Axk-J!(`>D!1{^#7g%Q^V+3UT+9~S;
zWX!RMiD435;<q@tj*VIRJH##f1Yp25G~Fi*YnE#*)o$Ba;?PY@osDmObsLyBi|wt!
z?I{2yzVj*5y6O!<_Cd}YX`?;%pjidA;f?uOw9|3n+TnnwgH<mo8yXuF-ljT}NrN56
zg{`bEe47~1H*ULyEPv)T0ZxEyzf}^p5PBwD{FSO^Z}^^~;`6=&tu?Z1riY8T?4xU|
zaMdESOd~RU1Kf}Mc?mm%tC5CMc+Q=fvCi}``CBYkjuSbxTK^sJcfieXSdUbnrL*DT
zo+%ba5(f`0+!(2`<r0=})`an}5n4b`6LS$=c$3~5w1G8UlW$Wt2Ik-zoQuE^Gyp4@
zHJJn8B?v1qp&6Ng&<rp|ihb`8)tjXVX+fnH5-IztD*kFQf887vq8N>e7zl&-M+Fiz
z<L-;F(yWWQO$T#KhxccQmJ61s$iq6|{+Y;newfO-$Kswq&SQ#J;SH&SkZAW(KO2~&
zmOdsu43!}cJAtLkx1-xRly>6HeO{kaY-`Y518kU#VMAyjDUb|(30V_t2fh(tLK?OM
zKYY|aEjW9=F5o_3i!0)$tTEs=NGO`*EYG3%l<SI&l(3-~U4r?CWlBy)wXo%YIIV`Y
zSU|KRVJOE9Q{QLtutIx$+fvvwwFh0bW!A>__m#;BKAD&83$(RPzzqgy9t=7&l_m*V
z-<@38SuKt2khnn^9*Ti3ea+RVEzNPmFj;-YV&1}9)db-&Vqp>yJwx=`?r3Z<j5`Xg
zL>joU8b{S`E8uR3qL(psK~N>dtPWv}?t&A0F%6q-&wVPJ;OsF@c}0bfgd3Z@_tyts
zvD%Zu(j}GIcj?nSo>~OZQI}v)Y&>9pTiV^{HK<bmFcRU>BDF9jk-22Fd2?tI2^OTe
zDw06DWE`n_<tYulHHgD9+c^l(vY#acv4u~kq-9qQl;N`KYY=J2OwoAT3d*jrvHFTo
zg(|}6!N?o=bNHdOxycC%j$a9=WW<&Qb>N{gMg!46t`v-X92mL1P;wL{2czNi=bw@t
zX=)Iy6<t1o1TzKL_~j_{_JSfyB|@yh1CJAnzZQ?^Lp=oGvqW_F(~#phGMv^B@1+-`
zY&2ht6XHCU-hPxxcD}TTzYgC|Pz-~TjKTXD%4~n!1;TyZnlAqk(ymzUX3v0uOe>`;
zxjJK`<<S8XNp13U;I75%Wa#APiS?oTbp3dKW4+lNT?~E#4n~qQfqT~e*ncZChp{7A
z{S~Z4leI>`7vtk>e&*OwDCP+%ao0ey_J9_vlQ?Or8nhf=K4_|VbYssRp;YNY!Co$m
z3C4f{nIZ;{OrlW_1c;GiU?LZjY-c07rC%du0%OL99GqR85L*I5CrC|EcsKLyb?~m?
z-6r2g#-|mwWCoGm)%f!k)jFuW{kT&=NlYvRx<V{UU0fXM3T!Q?`&7~g48&7oW-?F0
z%sZo{FW$Bhky4Em$#{RS$X;#1_|Q>ZQxqdXIqG?_iCDBuW(D6UNS)*9OrJ=Swlp+!
zEb%8~XayOtwY9Jfvh_(KMA)L~05q>8a25HS-ROtud8JQ#O<6&|$5i@KFQ=^h(?ME!
z9O%Lew8gpg$!Mjnc5C>nD>yhr0*h027#d_mhkVjXn_)-}A(({y_(WvZ`k2&{?iwhn
zC*8p>@E59EfXg_RD*vVn%Dr~TTg7|HPz0AU2+VO=rG$L(7T8s~1KV18{evEjwcn7i
zmG>x|o8FU)$}StuM-3D6h&J5!?e!ZKK^LB`PKUk%pg&YT-P#@-t)_0<Dvyt>q*@me
z<13b&bq|Lig^qc!H>Xh5Tdka`ZT9P3{I%U2vPIs?_)~4QS*vIb!cn5RvlohJ$hKTF
zCc3KwAR!M-#y1h_G{Ohml3OCI2@9;(-sjYmkx{`)sQM7V5PD_t9g+NG!NAVq5inzB
zQ;XFndh^sDgh>MXphzz{0@!E`_A!bADC|rI>XqxE6xow2`VFBgd7L+Oe`KVgy^p@c
zh(wmH!kMLX?vUfTtS#Hsb=0PNJvY$G;Mm8XiU0Ikq_$AI@V$cB+>&WGLoHmI&$M4<
zbX)o9Q6I=j+=u*iJC9%x3<q4=1<`jCh%#ZZ9gY%dvCT(~HODUx2~SNm<);Rjj$%PS
zVka54pNzt<4ra<X)su`Oua1^2^$R5!g~Sx`*|>ImSjwK9#bP#9DL$n7XQ{dIXG93{
zA{Y~k^kpS)V%X*pUEyAA9Dn-s$+tOmL=$?86e<v}*nCjzZeo3c#9S0OsxFP6s#|`*
z@+hv0-v_DS8hP=4={UuA43Iyg1(2FLgtG)Otfi5Qapg8Jr5wMdX8CH-(6+O8XsavB
z1-zEa-<1x2$0;t;p0Gt#aZFq1J_s0=!EbzNXoJYi^}pZ8xOj0rF0}bEURj`%bKMNS
zd&|CNP)mo{Mz&_HXd2?Tbas-?D{G}YmfTU+h8>JOa1K``kb({6oSZcd>5P`Utk(xK
zct&R!)P&9N40nbXQsx<(^BqY^xEe$}nVN^6n3&%4;%zO%Fj1?3GUgZ&1dTIgMO}%U
z+H8zxbm?$L%I58W_44hc(Zss-HnQ8R5f{s^adzNN=i}|T^ZlN+vW@NI)rXz-oS6IW
z^^=!ljL@LRJ2uT?@x+m$m12__wsg$xMblFCT-898dZ(fnqX9&%*ABJq(C?O}t0%~T
zkC_F>k#7bV9<{C|YXdleMs@2uDX{_Yz*t3R)k({i-|>tk1`kIT$A^T{;aaN0_F7Ku
zN2<-DDDz=r!?~)Xwo5N`mVrS3{4BAFheVL3!-z>#g6gSj)q)%%hq_6yDw3L-dl>g*
zww!)U?l4PA)e=4W4?hwXiOlj#FypkygKl5W;C)|OSV%=zR@jOC?l`1cc35+A@6a6|
z=@{&ItAIY2NC=78N%?9(#Q`b$6D<`j0!BW@_N{$+rv|U79|@4vLtRU<V`u@a`Zp$x
zJP$n=7loZM8+QkL7Bav6qPAx`KSQLvZa0PnqO_!6Gn7;VJh>_<xSnct;1lZ#F_#<J
zNXdy31b<dSD)e(_j+c#T#C7^njZBb0wnLbB|5mGAm{bP#Yskr=3UJ6yGN@gm+8C;Y
z0&@FR%?Zae!Lb_z&%=2XgwI3t4tFh3ihJ@ddmIGpP50`1+uMY@an+lQ8~w~?#LbqZ
zwnOCIbQbhTcKh5s7BhLL#+7#O8ff;gv}S@<5QIbqdkH$g8<cScc`HOsD@(25C_Z=;
zzvB(|oE^?EsWpVHLXOGPx@Cfzq(V3GBPuJ&Oa2E{YCZT&gzd|bR#DIRCgE@8<7c3_
z{u}usbs7`sRr|D&ksbZ(V2<2m4qhsxJ;fg9_M4uC0rdtmbX8n8-76n&gEJAS>=P-S
z&zDCXD$y2Nci2U0Yt1BYTe10aflYUAua?Udt#z(efiY~EjHyjMM{LOl&gq86N^=>3
zi^!5gmbUvPF)!t^qon~EkJ13(>KZFd8zYcMTsB96ovm)neoaRZ#xZ;$#Dl#E{*X{I
zBz0^#bj3CZ8Dt843G$0FK)wZ<qn}5*nxKR~z>dGAIZ$4-Wrh~w976(GdqO}xe$UM*
z$?`-0Hk$`)KkMV$N&(1JgW0Rpi8we=U*QU~*z)U5%XKC6bZvkPO}SiUkKGDo0I$M6
zLTTK78AkIAOY6MEa@LL%%b|ylR4{$&#6LlLE1hoJ|1sTm06dBVUrg*?y2!Bym^9tx
zdnjk}cG6WF;+SF;2Dl$$Fe2KS!5X-Mv?#mY5V)N<S#H~IT_HRvP&yr{Yz5V~ir@@M
zdhS+~Ok}2=X*fvBF=#qUD|JO-s&?d4Tp3ye<;^5+j_1Y0K@uOg6Qo_Xe$VG<eJ3St
z_2l%+GJWZ_B<&P2WF@ya7e>|trI6RNkzyI-U#2S1)iK81g>-S24h`#iwT?hmnq;O1
z&<BxOe8><Ol6?U6et@o^;T*bs0Cu2LE6z!(BU90tt+((|DsL<L-;XIZe3MGPE>`F7
zkKGi^&gbb&l1~`Gse}*Zm*cxPg`!(A+paemYq?%e&JFHN?l|du8Qa(q!AJmW`V(`)
zqyR+axM52mS&DJ>1wGbS*{WVNMh0SG-D5t@Tsn*dj0gai@5lonkmAzI@OzRbShi~b
zus?K%0K`BAvAWoGdjKxkx1d8s42J;9VTxS3fI-t;y6T3y!@=aI5sc>0j8_EijaCBs
zg3jqd>BvD1oku3ca2U}ICMI}gbU6+Spz4moSNm@PE>M2&BZGAhyO8R5-ypr3@ZkFF
zTCtsJx37#_X1<xao3K49Pwbr%9uFzZ{4O@-!&DCryMwf#0{O+b8e;tQap?#WgN9g#
zTM$kpe?RHMz*#ni1xE1$Mh6l=SX9^GTfD2AZc4-k#@ChfSe>^vIj?{Z{RV}SKHUY$
zOAp(d`eD{g&i*;CA9kPTw(nlY4#%x{r=_27GP#Ag#;LQK#y=+891kB+r9WuHkByf;
zkIv&ZdHl`9%1{%G`;}|H$(U2>7GK4!^$0zuuNscX*&1mUcf`iGI8h+m)kacz#Ryy$
z6)zMsQE<YUN;U_uLm1L1Og2vFpny#rmI3=_&702{a9O1k`Cem)&UcAI_gUb{0`f!0
z&wtYa48*_-7Q6|-U}H%N1d7MXjrCRgzFU`TCS44v_W;Ie6zeYN<^^3&Rq=Lq4?KS~
z#wY0r)}l8+I<u3`K20cyyQ3TrNTJ%0et;yr55k!>{5p*>WGO7$fpx^vmuh8^Tq3^a
zzZB-giW`8ax8Hu1+dKZc@oN0C$K&+*QPKJ7F<b7!&H2#NI9c%6d2jlo)nsutb+E@u
zi1zMmOW9i7(@e<y2y_#PEA^vs4p?M<m!q-cE#rzS1No81=dSe8+kQ3oDmQlU<<i5C
z@RPbZ3%^E>im1Ye!6^jM$1E0*UQfK=)IJ%j9bY6@pN;do8GE}p^s@Q)g**TP5L0H}
zb^r?Ks;+OwfVLn_mOme%t^xrjFt@@1A~Co40I`_5P_LpsO`b|WX+hDNF?>=0TmjL@
zKHXLhqXA&^hHx0RzMnlwk~1`-HH+Uodje>VB7Z$2Q#>ty%I%DMZpG~68Vb1kfN4Kb
zB=bHiEmg0NZBTiSrK}BNq3|4tev0&dWqeYH^<9$SB(T$_B@gcqFXJp2I{^Dhr}@tB
zG$+)<Q2Rb1fKmH)A#5de)k<U;fLm&RM`!NbY7M#LK@CtsW?3^Xq41I&5zUmLN|_{8
zP75>gW`Ehl%%q`IYq=g!!GRWbiRbaMoZRgoRtllETC{Z6^(aT3d&C-LeZP);L1a}q
z@HpYXwBb7WFw3Ns)oCZMY^$@zT=!@&h-EJ^9dJ+;RlQ)MyH!LPh`p3gNhcbN?loOX
z$BHAjz%!L+khZ;m_S4GRtR6hZ7yqF=UhbFo8K09dwPr>=a3Z6r1(`ovYo`{Vh*c8*
zf4F<6Aj#TwUAxORx@_CF%`O{Vwr$(CZQHh8UAFDNzAx6?Yt4Vo6>IO<XZs){W5mGG
z^XAALdEM7d0q1@{zpTyWY4@?kS-vZ*{RIWK)%sk>_|p&JuoW!pbB&Uh^Zuay?qb-N
z{B^2%m)FCw;YGcyy=6MS7;N<p`&G%?U}Mg@<g@X!Z`#NUKi+EKocyy+j5|_*J&|;i
zuZszj@hGjhVrbJ4)AV<lID%*hm^Gt&0C0-&i2mhM!H;#4f>c|VKA4zlyh@1m@S9F7
z)AZ{{d@tgz^&6i2XM8pCEdtm#t<aBfu7F9>%I74n+{VQBAF^@0M!<*KEIps88bRK&
z<P%}(D7X|)Wo(O`r^ySr<}xNcldo+ol5eG#KUbMoqes@J3C(S*b9ku;K)E!o`2M_|
z!@-j(XwC3)4_nUPf$VRPeE%Sfr9n5cO+Sy<gLS=3(gPXAj~=OsJ068VSB^~|y<?~#
zF}fbD0libpgf`~qwTRWDP94rj|3uLzziWavj;By2>}My6)*>{U4(-n37;GA+gU{MC
zOu=X007N$$WvJ2&V&6aczHaL9CUw8W?rzk0O_=7PcB~$=T7e6H5VK*{t}{c%U`PJ5
zYEYwL;HwHl1tBLBJ41$a)x0KYKYM|~orvdjR+i!P<SaNY1ZlsAF_o8Mp0TWRoX$dP
z3N5XM`cQTF;N!i>OPeYIj$}YQckSm~MH}Vnw<2prSdmR_qWbEJ%JOm*JJIDO$t17X
z+}vSW*P5-?DTi?lH<aWV@lzs-a(z876rfiA``fd!I*(vyT&uAU+})@U8{!2NY1NT|
zmOaW2(kwSO(5MMuEcb_phN&buE;woahd9p$?v6$=2&=Q>gM$cp9b=kUP%L}WxrkCV
zrqn&OkQ>L~ET}}WG2J*8_2}^ynYT1sY6R@S>&FfN78JAj#Yr>_^4(jTJ4gGA=MDf5
zBKGm>eDuI3>y7<ymx3T$nvaj#&Xt2L6Z+H5#1L4Ar~9iNumSS%IgdKd3}n*HpVB05
z9Q~c0thv*#yJU@+nGMyXtC2uY!eGzRv!3rusyZ!SsS4sK4bnd`60c6eN%h@Jqlker
zLrofR!JtI@+TGpU<5o1B*$^&;!gE*MIKWDTXW%`!Hgx9bQbGpvOHPuPn5XIT{Nk9w
z^gG>c4P)DRF(N|<^VZz+JIMloo`&?7!|zVQh~;L*>e>yH4z+4OiNc1SZHWAkM9l{|
zz}|#-b5rBd5Bf4g(dKqLcZeS6Smo9-rH0Hsx;)<=6N7#)JLDNl)EaO9oQ-20%&+4`
z)Tj0AoIL*YnsxMF=-wq#Ut+yW-!sV;`4yFn9`+(-LPM=Z0q1LU9!d%(0p{i=X%NcY
zH5oZskaZu!?LvCfl`142aP1OYi!D+TKOmN|A%vJvj#<lfIg@Ef-!(3dt`^2ByM(U-
zebPxb9nTSfL`KZh->{8#LRv@^uF%!eY!}cprp_dPq93r7??L)F6JggL%h9fr)gUJY
zcc><B2Zt`i-4~)J2`Wbs#)UA}Yfw1-)z9;Z;E5RsT10+OqJsXJNZ`P{>b+nO_c*Ai
zK}s&X&=`H{&AqEn_9TqD6H6=c!RnJhW+`k^t-ozKGAqyu_)DQdI4){QwpG2FVb=(&
z7V3brl$J3gv%#94q#(-x+<9EN6P7wF2Scbt)5r>l?bg`S=Hb{RckQCkKwI!e-`!{K
zeFZ1xh<LRk(F{Sb!X(_YB$UmHHL!mn3xR@KM6H{u6>~4@tIyU&jfLv1FgvPNWl14{
zJn3RnI2*`e!wbv5_*Gmxi<3q60=Y;znQJq6f#~2u$b<HClc>6$ry-1K$;y@ZBLA#T
zBg+=|BAGP(x-(itIO4T(n=$*<Wr#vy!(lXbOmUU1kDenu0$Z}gdLUJ(w1@z?$lRM%
z;(o4{c(cvaA)wSczpgso0TkU`ct15veVDu`fN7=$Ud7{A(@8R&B9l&|=%`=4f#SV5
z?V_`;^7hBC^^tolV)Jm#&Rem$2zOJFHm@~aEv7A^a1j%0;%tLE8ng5QF0%+T<X+y<
zJq3$FIj5LcL3LRLCQ@F5R=P%Osig4vj)Vlqll-&%bP?T*1zpP%!Ha=z1&rW&73ty*
zBZ=Rco?pM&<*V5m|C~R>rYsf0Ia(yCcz@lOVP-UXF=m<cVl7DB32R1Wi>%tcqi~0m
zAC6VDA`ff04N?`DocB7#oig%Ss!1HxfSsh<1{kS}&YO=366{kfmypyru?j)(v7Y0%
z4#42oL2!s+RuGr-_cZ%3@phfnP<Kh{F{2A~Er#g$Unqs>gpSTfPOEpY?s+0x!&-;t
zL$iB4KaO4?TKvo(n7)CyN3CrPLD|Nv*$lXHylqFgfqAxySwE|dv_=F(LEUY<cZFr!
zVTzFLn<n+m4gkvL`-6n`dc6`np+kb&o}J0Y+H3Kdv*&Njt2@r~;{z;*<O*{Ot^?PN
z_w#e)ZH(%JcqaA>XlOgS+NQhxRe$|TxqDuOW_N-nNefyNt1YFiqy^k!owH)m5^ZmI
zY-ra&(BS9L&@jo+g5WmiBln?>_HF9}ZL5y{MlowPk4+j(Ch&*&lQ_w>%dzd@3Q~@D
z-$%d|#AB_f<Ysi0eJie4$qe`B%z$9TbAMcLU1TI}uaOB!`D{?SOugcz@v{0KjEp3l
zY^x4W7waL;peOl`n+^Z-@68#i3SG`F$hEi3r=OeN;~&9SDg#$oZFeh~=QFtm!70X1
zS?lA_z^Ls8AHtWPj*=TuknZVaewK>6bi31POII|i3uveC8`vWb7mo~2kB;G+ttdq-
zATlX}BHU+2=Btwy5!_>021=)u0Lku9TYJ8tKL~-D+C)B#o{YAQ9?utA;5UzZw^#;P
zp)GZnS!tYDD>ZhOs_m=qD&Jn(oR>XoWL9fovj)5)r&+Sh4FiV;yF_wl4@@(b_buv`
zRo5bNtQmhDucPsas>HBldr3?mKVZKCxhcz<K`<JEfMf(3<X2J)3u8`~6*XB&l>#jn
z{ki<bAO4KoWFbp_B@^3pvD_35xPi&#un&H7WG$80+)ym=(i>R{4(JCCjjua`+lc6G
zql>2|L`y~?-~yjrU{V7f+YU-Zm0A>^2Y}Xt#mpC&BW4)0<}*zY8w4&7E9bWS0|A$y
zRtyob5N!Xlq~<>7`$?Jij|$d0=YPkw{KFCP-6PHRzX&OY|6N6dz`qbuzwJzo{=r6l
z^DO_)5%CwK!p=tj&t%kpa#3vT-&TnK;)r1RCr1R^_s)Okh@k%$Nd&{cN+KAUnExj%
zDsJ){i-PvK;u4P9%=H5%D-VcKUz5Ok%&+DCAuScm1PFQGvrgNzN^<ezb$8{EP)1d`
zc+AQE`4m*EpK5Ii18m;L8Djv&Difvvv1tCTEwA}9ogUoNvQvujKG8Cm3$Bl~n|0C(
zA>ALn>KZ<PcFO1MT-t(XY_0n2jm?W6&Iwgs4!Mu-?2U_g&wgG|Olf`W`NB%OscWBh
z#}l2OOkGlW*5B9Ef~jR_3vVR91pehf0a$mkn>*2Vv~e*z@~(8QSVSK2XBNthRWufo
zF@jy+jp%*?yYQB6l)zNTJn&2GUP8BV(X+3r{50XwytCvbd93UN@olO(+{n+Ux9qXs
z10EtqU&!ubi@btHUuf<UkFrrC=h->YhF^xk9j|-cVvj1wIv=5{yn@D~pS5{{+OkN|
zm{<MNXn|dvN1|fMK}NxfXH@T7-(YiXSe7-rW!c}8W$$43ThH=8XYBvbs_@^A+P`I~
z82*b^;XgR4zsBxw{lPaU#q_NZ_**UTmu}%dxG9Ej{lZ^bg1`3tb?jg7-~0ZTR^cD#
z{zGH%*Rg+dS^sfeMmF}pul27wg1?v3Kk-+8&*ner2pIlVN5Jqu>Imq+l@b43|L*SU
zp{VqE%<eqCb}pWra2PZL(#DDm?5mv<8d!%ckqb}@V<{0nvq19OKKBn`f|i^Je=jyX
zF$h)|0Uk#bS;-y)<JA#h6(b>d)SH0y_ESayCe78IYxdK$q}vtu+mn0O+tUWq#s(sv
z`a+m0(IV9?Yh^mGJ&eFHw7|-*dN!&hW;-jgY|#+cwkp%lytio0FKU4eqX6XKBU(*m
z)~5rwE+H|E2stxL&mNt(vC`UA@PjK~=AcEv{-`NWzy&=Xj9=Yk9ZZ~h!HBtlu&3!i
zLCxPejg%vUURe}$_I1`8{Ge*VTfz9XEbeI`pNpH2`LLIksmvjR`WWTXB4$$J3%X0$
zXB<q|ofqYTA6^b-f_5Z%)X5+VrfRTg$r30UMKFu!F(XLo2hIKx64a5xiP?rs`Bw3l
znx3Hh2OApwKH5J#_}LPS3XADA84|l3g~44UhQVp&Q9B&|`So#a{LFZ)yyag}lD75c
z*%CYAmxQ<A7`xC$^BwLTzol|r`jVtdm>t%;=UNMP%2&y8Fs?9%X@lVol6l1R0?ZVV
z&3iaTTk~bf$?a}GmsdSPRbLA#^TOrW^7k_#cSHWO1$)LFY}I3#BD_czp_~WnqczlM
zPdgSr1L6VS8KQJ-lrg#i#kLW?wf8mJ`Bo0{op_juwBZGO!Y=TA!PuOP;E$Xzr~s=B
z#8zgE&v_B{;RfLjJIcZ2>&N&31zh;*WnNf|G;8L-n4tdpcwJuAKq$T3>~o{u06}NU
z$C}G-;#Tp72c+)DQUkj(Ie(14)>P$QRg-L~A4NYl^)`e0EE8l+T{cKLOVc1)mF%2{
zz2eVpQvd#akD0OC>X#B(tCD=ruJZ85m?dI@bDiz>&Q7C$pThe{OsJ|()rpC!$8UUR
zv7vs{JHit@;)^LN)Y2JUv}2E$wP*RH|HS(uP!B2#NYv!6v#FL3b=S}aaQA@Q-&M=O
zjH^m#Tvt(}&-Zw3sQar{o+6Vicb}uW*yX*YR$(?}Hopp+eK&2VAM)<b&c3exJ3XlY
z)(Xmj4S|}^UmZSQq9hU6V^8HTpM=)Cm<66rfzj!eJbXYqI)%s$@i4fmhLhaPLGU^V
z&eg)CA`W3`_d=-Oh$ikI+%0SGDC8IGs1liwM_8B@yMh-bkPi-?jK;2Uj>vg^Zki~!
zC3k)s8cS>H%0O*z+JN}2l0`C-s{n7xBi+@~+&(M?#j<S|;of5A$(foGxG;l3W|j*x
zY)M<Q9YT|Wk_s|5<n&Ll1*SS**sG3AkS@PRUeA=#aasxpnNpH!pK)n36hgz5pCKLu
z_2W<{Z8FZZ(Ad`FyDMXCY^+lMdPqcAg0o*&mDN~34WVabSW&`4?|7dFUU9{XJD_+J
zVi+weoOl0|@aQ*yz_a)ValK2h275XA=Uel$0kuHc4yRBUf{_QXY_&sN^d?k;mHAzp
zkhO+mdUt-gW0oXS%i3DwS`!Ie3}&KIA0oEabXC1*$C)RBpd&ZVNx0=EXD5?>7E3Wh
zUxC}88*f98PVBgA<fiF4y5ghzCin>8001OsW&rdV$M-x?#4ed8&bEaduEG(Jv(Eq2
zD-)j{y~HsGIWfJsJW18Q0NhGSQfU%yS%7Gyfs^yd<elSyD=-Jpix`KW^|W?wTayy8
z6{?DkLIEg;XoS%ZkOd;>t>{AHvl>ZY0jfOiistER0P<nV7suN1`#r*elU&U4*xbSc
zfC}$BL!2tlpCXSQ8<varVt{qmaCFcI?afSAk(<Ks-6L-nrmDH;)*?A`%aoupM_y}+
zF#Zf)RuwuKw(nM=9h%j2x=RLWNWI)JmOrxT*yUMb!n+SDcu7g(Z@I@mHpgX|*yxBL
z+SrMDUnNt~z)2Vf$98V71nMDl?jztoy<TebTv9PnLPhPID3h+`Dh(ZL0;U!v`JmYt
zQ9g&G1qw`;C#4jY7?JtV%Ll|1qD|H^6zS(K6k8TB{sXwUQpjdF5|OeN+c6rHiNIf2
zHiwNRYT=D~49ONlXRb4iudHV38L@r-D8j3*9_<*_z(+4A4!*IV9qQXVOUBPLoIFD!
zFb+&`uU|;{=eG59FyxoA_@l^(U?~<MXrXI_3gheID?HRlK*r3b7XCnl3*&`nC}wNa
zl6x7kilglDCF*)Y)!er>s)e!%4{(B12p&Q21S3Cl4KQzprlvCw;8z-jgGM_M!tW|v
zaa3FB5=;9;m8iV@-mDEX9U0wJIdYmzdKykBsr448pW2L-T7BkY#ws|>d=t$^A_x4S
zjC<w7FKb}@ItTIy8K9QG#VAdQP-1_LNX+Nv73^Jz5(lW8(u!i5bQS>-t`(hI^_LX+
zhc=<-`OJ~wLD0|i3%eIw&SEu?=UY}bM0%|u;HMTG5*HT4HArC@SPvJR;5BeT(U(Ey
z3#wxUUtG|cb68&XR9;Yw;$Y805*CmJnNzs&t4vgJ6$sNsZUM}&-2&K(mw*}hYuto1
z3dvdBEH*2>h1B6=)_{K60JjhQNY^y@fxwR`-wwD(fU(Rrr!BM=o_7Igs^Sx(j~R4Q
z+4EKhPJ&2RJO@ERPLkQwjNV0*aqBB@%IJ{<GgA4Zx;w5FSS<jsP)r?wTy=m#i3_67
ze)=$rIqf<GL8N&$Gy8~zBeG)tShJUb@^{LZ<|z|>xFHloz8sp0UHwY9LuTq+BbM@y
z`b3H-@3G<|zYP+rpUyse@v1Tms}gJxS+@r}44RSYbSj|D$}5xUDa!^C@|PQ}tiSUD
zHYUn24~-sut!W(8={5Bp<0*kwWLL&4*9{viF<~@k`r(n91v0R}V(lO);u)BnG8IPg
z>o;NLVS};qhB6Fg%5GC9v8L0@Jh;YJ%RMq6Pyi|jeEdazh}|9oK<FSLOA+4Q)dbr2
zE(zxg%N6KyF;OF7Zsw)(WP<d!D8I}#+ktL{cCUGiBZ=-yt~Y1Dfg4M6qP6-hg5mTx
zV|fKWjff`mrkQYr@V45*0;^D_CyxOo%dc4iZUDh2m;U&!G!x8U^veK9;^-97x}3)=
z%$q1)AdET~^Qb_9XCZJFU|mC_bC~ab@Ay@`s0MC=$}tbMseH)$oJ1*jy>|=soUWq1
z+G0zXUUyR&Pb!aGq&Zq>Q#cZ8H_JpGZ?Foz*W;2nrsuGKu>O#=z@XDHm@`gsSL&z?
z3?8D1Gi-xZm!Idi(F)wsezYW5YbA8u({R5-zM`c|<#1ACj%UD>vH{ZM@-(B@zv+ik
z0$yMbgIs~iU;=G)c*P#Sq1SQpiktdgoZRKHU&zSH9Xm<UN*d^#@wC<D)astwtzW28
zWucL($^oO}ZuSW{;g_;rThyCfC(dcHotVt~65+WQ2q%-V?v+z<3NDRvjr>mHjyVrJ
z7fWV}upf`ceKsB$ruwVqha$l*#T2gh!^=$~C}KM%xP38yBk_KhM95mRM!?!NHf^;7
z`|DP&{9p|Pox$oqaMwpJf&K@sK7&dxc#QH&FLK_YfaqPJJz>$}$V!Cej85DWR#y|c
zPEJd8DNpAK#@n>*&I%i|_&tQN>3)cERmj%AD3r+fK}M@*^#Sl}&>GxOz}@8e5m177
z5Yw}dm_)?Q9ngb|+7(k=p6Kv87e|&@0<2aYRad}DnfqDZpGrL^Vws(}>htY^G(O+q
zdCUhE>ZdbLCqPzB&R#Plfn6JNeN76O@U+o<95_02oM9L=9L30!UYI0+(tjNaR=_+U
z_<Py?m_ys^h^OPhPNTl5!qN<(W^wMV5eOr47yRrW*XE8|rgA6B)`Nw5W6!<ICwAWK
z^m^bfPv+T_1L2a<4Vuho#^${ZcfF$XWJ98Tziw>i{Ti062Fj|``q|3Nm+y<$-#9m7
z;i(@do|;7yCho>UyPZHkY0O|6{}9?cU>}-{)Q;#1lb({2VL^FEjM-4dfE!)(;-Xzj
zoNjYuB+?36CY%DAmc2gSjAp6`6{G?3bA$!uv_U}d^!k_w`GkZtw{|cIa*hjw(jj6|
ze~*NeJ-oU+lMvisU4^>^v)jX#-^I4`RTWnIaqI*?^GmVQ^7Ur0*~NojI6gPmbk*<U
zX}6Wj`QjoMJyC?~xYdch*dop5<73_vD_(`s(~UYdd{0ZKmiLCy=cS*BbA;5O_So`9
z#4>f-L{WhE9I~EjsXxgs@-n3`<c8Qtc=NCX9Fa%pNzsI>%X(h{D|VdX-I=@Y=_VN0
z=*fCO{PqZwvtN-EMl-$M3A3KkjP=y#(DB`3299zph6<EF9M~{i<)qAmB8pk%MV0ZC
zS(<)45@v)M9vx;x%SRPRRbC%PN;C7lKbm)x*P!YStb&WWo1**nk7u-n!Q&X%zGVyS
zbl<#9<9kX+bgh$iOm`CPZa|5Z2TYqDNSDT}?r0toaA2QV_;TvxghTdf&MZ_8n#u`C
z&P+a%>4{a$FnvTjURFKJBG3J;p8IY*x<psbYgE}Q$D{V$^7JUy-Fv~Z`C3{U24v){
z=QhOKBcK$Ngn(ipRS%Jj98ub27~4`-#t%bTF*!`=C5G(Y9HViMqkwV1c?w;AIiwT7
z<fZNL`xT%t%*BwMo6e*;!v_5r3R3@J?gp>Vr~<Hh8ZJBe&y&8u>Vt)Lr&}p;hR>bp
z>NgVOZ96cTev*n_*cXErO+c@+9?zD5jI7iHwF&tdJ=9eq6v+*UXXKhqVfknPJ^&U2
zFU_n%lNVd9gepA;Ue@sSZ||!zBKvo#lpGoTE?W>SqF*1RFA7n7qmb^ypY`4#zo`k3
zD>jbhi_4>;TBX3!WUq|ONlkZDUXN~%=8gj%NP`Tna1BY>Y7sG~?;!s10%*QSC5yTx
zM`9Rj$wLTOzkW0%LPgekds8SR{SD1YV1T|bT6-<E7u$v-8eE!cOcJA`R+c!99U|os
z8R(wg@PWAp>AqUpV&87!i>B3)<&h$W+B_|-4x7wJ|Hm!WqiasApBO{F+%-74Qp(#D
zSix@h8GqjLC}No~3~N`m?Wl%LOpNuWEL>$i{RlN4p<=1kK>r51f{a4ml3^Z392Z~q
zcXvb-FbNI+94QAPI^_z1a^YOC2L*^Z%*)C^`G?4y+BJ4((WcO5qHpL}NPW+MQ!>A{
zLhrV{qW9}zx;1TXRdyFw-OkQ%v&CkodAg>nud9%k`j)TxH8j`H=_K4(++iU4^}zk7
zecAo&n#<m7FF^HUAJmu4hCh6}D3Bq5zNmc2@0<-GK^P)<UUFN2_bH7sCF-JqrPWlC
zF<6^*MAy*$r|c6u1jqq1@xnq`crz0jQ1pRsX5tvyC4kNVaZH#*C-HAr{rnp)-5&jF
zbvyx{8-UmI91f98crui_%u999`K)9CF|xV3i-5rLZ2Lf97~#nwp~Wl1&Yb!^T7NVH
zLHvV|{GWgD#8K$9m}4qKdt$vc*JLX8tt&6SGnhhcP8<2KLb{|wBdqxl&3I|m_2tz=
zi-m?WVl3ik%lpR5Dd@P!tIV0Z8PE;?*)gzbUPki|H4jQr2u6`PJA7w_y;R>`TI;~C
z>bE;tXixrZ_;}EgIlM>`#<kG2wNSP>sboce`gkxTx?i0Wb(U&L-xc=ICI7<=Or11T
z1P5q4ju8`=2fqsjLtvMjnrOw47J;9QBL!>DP&)+xlp)hIU#hEwpIxw0p*wOx2?8Y~
zSx|IZq%A7eq00n$1rffv`3WzuXJQDAV<`7(lOE6ZfRzynB`)+-j;*dpr{Z?7*X^A9
zYz(INk%n#W^m=wUxxw@?wVrIT$Yb!bv%vWiN3;C{+{){5qSRn0+gd}J!~1y(;bECt
zwT`RA{dB=zmMWCUe#l=p{Ak`~)qeq=*1gby8kdx>td|cu&=H=*yfsF4^sEuqvWlhT
z055F`9Pl}cz)a?_ZL_lqzl&5CWcm-)fE?)hf#DO*rG=5z=NY|geZ}DRE&+IM_)`6N
zb;asP)D_i5VLKQMU!sDOzTc`vqiRAJ8>V<ZR?<Msw0`Y63_flFuClqnh%pLV4C06w
zS>zi#kihYTm)&ku8aq@ZgHHqZO<dn^(6|0LpD0SL_tB_s59&|Xfk7B|939r3raUp4
zv-1vnzVUfuuioLMPL#E;kOyn`rj1+ODVxJ=jeWIxT6o?j>}whT*IN9aX@n?fiVDD$
zB1mv~3}lOdcJjY_NAzpx%$D>4?h1fLXY~oo7yT0L9@WX6qgCY;nOW<r9fUm7_#%<~
zsKfzE7?mj?AnRbTn-rpl6Fu&xgwZLx`-BhPpx`!}X}@%j_q(GvoZkjGC2-p;2c10L
zvC-e~GTLyq3B31LXuWU7Gs<XnwmaP4<K}oXR|OBg_+tVs{`f=w7FQ1Xje;Sj7pv}%
zECDj3p$oqKHUwBy@+2sd+-nGWH~4$}WVq|CZNArPH|wI}yaPD39M^xTUOpSHp)Q~4
zmk+8KA!5bq>3xggSx-xgMQ<9ckUd;r&CtlP8rV46GjJn^qu6Oo3@vjaGY0kmMU87W
z!-c%19a7!H-m4NvqB8iX0zUABAjE-!ja2B0>aJn_iE#yZ!~N%db#yyUN2{sy_2T++
zmfFfvgV}I!xynXI(*^28tCN*#y}{e22J7Adwzv1$YT~pi``f(qos-Hd4)n%-Lu7r^
z-jyFKGb?EFc%`IDmAQ6jZsf=q=!&<zlyX^tIkF#JPeEjKFto8;nKtxGgIlLyx1=|p
zx7v2$&xH!@Y4u7xL1i<IG~`OiqT!NzXUoe89&$<R5VS<cc^eGy-p5V-E34ij8{ylh
zZJx*FiI0AcOYg8zHWaVVdYw-&@9Visl=92YX2-cx@(G9+Ti1s+>__mZFRw>}1;@us
zT*J%UdD-f9haP*z#N^1D;#oXekpv2KB|jV&69!CVs`3jMt+&BQ(7rIC8tB=E!Q(>_
zZ?}W>Cz*zgubHyFXQ-EUYZ~1Nnzq}8RITW)em97SM7;O`7NQ))Q6oVz{!%*3-CYL`
zd%*OB5mP2Nd(mZa@p8tblthX2ti{-Z+ME%XUKyibux`8kTLo3%P>@T5MTP0T%B_=4
z&jirET<yufiHGyeaapBzoV;BZ($W(g?+Kfn9$MCxDfdI4r`fkht#wvM-S?mS{OgzZ
zXuZ5>FsA#0If2+HdV-Q91(~3sJ{A6q#zI_2?A>#K7%@pD!d3KJ5Ys5>UvE+U6kOnT
zrWtHp??=a<cSf2dpvQpul~EDzsMid6MxVgusByH~NUQhay>rFkY{tEQgDJbSzOU4A
zbad2WJhvU|`Mhod?S^!1OrO~5^UIJ44X;I(Pu<c3a1PxeLi<3D-nL^(;eZjt5exAa
zSX?(&j^rGbpwD%Ol7FVoFGry^CMreVn!_21xowl;XFv0p4pL+%dNFv~Ij}*ZU;tdS
z2Lqyu!$6h$zW=T4t+5m!jZQ7;gYSzh59rD0@0Z&(YJ-CZ7XTXLwS&i6)=ipmpLPrr
zx3JejK=N1+JIDx$$r5JuYiSffnjnWCdPsTuX9x^o;sEdy!v3pz@RJP1I!P$Swfkff
zBYg%kcUhF<#$7hk6pu7MH^4K-@G6j~reRD%_-qsK26;k;s4e%<!AnDHpnUfk3kd@z
zD+NU9zDmilCL>E14sI8ZAv(nPO!dUYECg)n_xuC5@S;ev<bV{%J><}=$Gp|upKwPs
zca`h4R@!`@wtEH6GNM}&ZmRVTqs|A*w62Ep4w^1szKLg8jKw_U($ZL*^r~GCH=HV}
z5+qi*O8WMOQl_C}+Y~Fqz$3+C70?LAOcF9;zfQ(ID1e|`k$Yd3T@9@V#vhrzki1@Q
zw|N~t-_|9kt2?cS4=2-|Ee#cXq>rxgz-9Jq^WFpBUwF4(j@GR^pPYR@Y^c2C{7`<Z
zaL5Gm)l7O|aic6eaH5>2_rnGq>jVHN;e7IcV#G`fEHxs)4I^DY$6x7aKVEZIGa|g8
zyMi6BBfQWle?BE!*QAX-l>b1Qw=YCcsPmyO{*gkF$P%SUk)XsA7`lijoe0+<lYL!F
zx)SwUxz?W$(YbpJHd&`Hzba!We?Qq}dP=8jwKYCG{1iU-f|+lf=of9_0DjH75menu
zeEI}hD$JpoeSGVp#~f9Os#&m*yF}<}MvSfx(UJ)8P_An33NSz}Fg6|+C<T|jd%l1j
zox7q=FkDIO1`i1ZeGwlI)P_Jg-Q7htElD<01C5u>*%BD46%$Uh#_e3)RU3Rf-~_sh
zZn~9BzvPvti&HOw<pU58mB`bKh~+VQO|BLBXi#kroo%SNnL%o_3Ho&6i$w=cywq1S
zEPLKg1|vz2vR@)BT#pQ;qKE1yIuxzPuiJr`1j5z_sM{M5r>{ix^Uugo<ELTr=IgbL
z*VfZW<X{Y+Ur-KGqBy2G)ZEzkiT$y8DiliOWf8qJQ_!kJtM^9!%2y#c!ze#EJom;w
zgGWAO4|glAFc1etacAox)+ST#h9wlAAfLb|dS1yB>nEf{YV>V4v)*g>NEl_ez3)av
zIdKV$ohWZl50#f`QaZn^Gg}M3QKKms;46NgCmf1x10vFC@&pM01)3oFa$seF-z6Be
z!uv-os=c)XIKq3ot(R7=jFDt?k1??;HmrAZ^z1KG+7bQ6sc}=VMFA)09zLbM!cl$|
z?0DI-=RCy&5D;ZV?XzYeyQ-G9%EWVDkL<*kHzoJFF(*8~7<Yy5tTbG&7;F8<=%cAP
zpV3(B>|dvT$8Jg;k15X9j}^6E7^id#|308uxq7&N=aQ@wj-Fb?a5IVWax~c@^}gVy
zHl7-m8Jpg5X0_TF5zc$(m6+1i(}Eg{-(?@NXewbwja)R6*Fe!NW(x!eLK%eRdjn<4
zfvX`8!~{$c+UQqao;Chu(f{)~$oQC_%3DO+%W_@q#YtED91m5O1&G`8euG494iKP6
z)0Qhe1mV=aBQ5(U+*DpFHJ8f)43zh$F};~$s8)F%%TPp+gt)pPJTQoYDs=|{6(%iN
z;wwdV9EubZ(ItD>X+L6|EnDa%vQ1d73^-#?lQQ*-ZuomO((?rIL{<W4SMrr>oMrbz
z;gC$~Q-{06<@>D_;9Cq=IOcGoFSB!O1Xo~)0HBSbT-l=bA)`9KXoAxa#4m%k>4?(P
z$9xPHHn5_03vSV6d6*OH)8SFc?&?3S#sNTR6MVf<8ag}==eO(4+m6fMpX|n<PF-uc
z9&(_JUDjwvRpKTkfV9`6!{5E%JMFaH5~dE|$DFXo=E5?5#thZ-{Bx+mplwv4KE;FZ
z!3)Yu@}QFM2wA$Tb6W5*?RmG7YMZ!|%UNGeEcv=wsIc}M8P?aQ#@1aQS<KEBI-L>d
zWZo3sTd^wD*iFfA3XhSUpNUh9N3z{dJKNfkV~n4W@SbqSe$WGwW^PWw*HP^IDFtuW
zQxJSNDnD(C-f2c6z=A43v40^|4fnw&$up`)hRr?!<1Cc}MynnpgmYn~WE9a?cT&oF
zqL@btYMrduVJyf{oSUdkWC(0tiD>8FDiIWtD^V~T#exbL%k-P>)s)aDeg9LbUC{!y
z>s4_ci7FbABH8mmOfV2K+k#3d#w1w@?anXbu|EJ|v>;j+cSF~Fk;v#OYm9OycO<Fe
zg?9}Ah0$I<Lqz@)$=3*2xf1_M``(43s;>ga31OfjX)w;w24bi~z_+Kh&O;{_>}ql2
zTX^7EbVN|>Mwu$gS<TzKHF1$B4d>(q=+&rEeHq@VQ4t3zubBa9-dG{?+pn{{#U(w7
zp1*)=G2o$yKyk*Q&tY}ITrD2rrXzL;Szh4Yop@myBh77l%cm3XRdiYkZxvH&o3?Ix
z+*yaim-lnJd79gY^^2^V+&d77WpfzWv8%^jo6Tc7wP1>Lwf<-yzcN5Zk$>n6KWIt-
zsSw&1*90@BLYQoI$bOX_s4>(cPxS(m4lmX~Nr?wS-&h1*>=bEyZlkpu3D=G$wvhH=
zgdHwEtN$?+PPm*nFjRJ@#qA|Mdw&Nhnnbke(#_)Bk24%sozruKHM_%}=S;QlP~%`4
z@`&oLLPJ|ABPyL!d)Tp*Qp3vhQCWMB0Tx|lmhGnWs7W|O+Sge$@i3f3<+9`?a?_4A
zU~IE7PHZ3Mye(+nWDl9|fdOQzG9*SyaZz;FF5h}n<bL&ssvCuwkn;*AXE&I*Vz#bd
zrUu`L_V1wC0r2>3H9PEu?8ziMI))R+iXL-34g(a3Pzm9@zN~>$2Ml3-0z*f)_#$EZ
z;-J~<9LHbXeEkvM=4nx5&tKGDLfP@y#o^MVtr_bUb+DLLB%>QM^w7vF+0zynv0X=v
zgkVP;^ONN|s>DN-{BwW^@6jsDj$Qz-&oS?NDVzP*IIhb5eF>{dj7X^zVNZiAoQ5zM
z)G$3}D8%s+D1}J!k~3o5aP-Fam3mL9cH4sKCR<A?_*Y3+U3=Gh?_2A)!0#NNMp;<<
z)0#JowsuxWPCl(Dx<&w%ze?mJ6l%~G5TMK=d+exIT)CBFo`y!;9ECXZ(xEQ}&WWmZ
zGM6eRwx&?d3#L*hFwIvR9L=lWr#Wi;84uLXCu>M+rsA|KXKkpUMoVR?MKrI{BesBm
z6+0*+iNN|d;i)j5GP%5NLq&DCyzFod;<^*UX|)HY^)Oj>33ap*h7~zAK+l>Ts;lM8
z@h_C{gqDoG%{@UYI!8@(=Qdf8)^Arv<7qEe@8(8-;u=xib|0M4eE#H(-m5|7{o1bH
z7cZ&a7|PWrm+tjNUp8szP%d7s7<OSFf<fC=e{>?YlHcVJt3kk(gzXjUpY&|}VQ`AR
z$rkyH)zoq)+TR6-?r+N5towCOx$ZJei^*E8Uml8QFfsN-H!X)tAOVW12TH$>GBd@F
zWlNm;!GKwhG;}pc@xmn4)@%>pnj8zkvXAe@AR+v6tlq$f!7G)Dl5B)yC@aHKToVd%
z!!EdJD{)aWn*~@w(Swm-B8H6g9qY-D!ZnkXBG*;w=%sT>o9^Kdy(TPrftUR-bw&=_
z74^Z6INZDOjK{)>lf!?tYvcrK6j05>E4Af%xdHJs4K?Uu@q+H}drq03Os~oP)1~O`
z2?vMB7|rAL<XifL)n*|1`!uOyF!eJcw$$}D>Qubz&vEb}Os0#=WNuU8T&4O|qqz=y
zNaMQb=8@Xn^<lcC24LZr+x7GjBdr(Lgr%zG9*IlwWct?1x2n<YpmCYz<qJcdG2_-r
z;rxjNGJzx&IcAzZLO~c2N&l+0bUN4ID`8;l{h;N1C&<p-J9Y44Q~YBbrbd}(<qQBm
z-i4@m?&MctLC!NUp&>7j7DXaA@!(BQM#8g8`=-J{z5V79Mk{^r+;*-rm>ncGIF)K5
zz0{N1dkz03AZ$FV@Qd2PGOIQ#8m?|#vGOJxkHK=<qPruuxa!>ydjtn-=ZF`5?kaDU
z#qPw;)}M{DBB=_ru9Abx^#*U(r$C*<Y#!<TGj}J3J7<jIAxVlPfStTziTz6ZCn%8`
z>xoYo|LOh_6sAWr08h#wcF>TLVDV9ra1i{;oW?b&A-imd6UW~?omoo!9a|qwr8=-O
zg@kSr@@SJ-`n(Q$;nUsp53}d))>fABm??8A+Tvc9l|*~5zRpy7Ux*)rP(@7Iz)cc@
zUV4K1KS2)Jz;%GLj8&7K5t)P8iK~tCQRlF?uL8kVu1a9bY9xgf3FxAu$4K{&WOuae
zj;q<A;Ml2yuk)W%G$#z{Ib31AD(=>&n&CgXL31WzZ$Ko=@AJD1ux7Uxx*5D)kUG1^
zf{s()x4MtOo_-C*)HL69@$haAseB}0+8fV8A_vX&n;@+P6!+Z08%|Xovy}<z<a44k
z-beL6<!jWyO03Tq9jC)BJKf{8AzAWaj;ay2K@bd+&QPR$P;9K@U10;aPHWjP&!fQc
z3!VDTk+&4}{RXkFN0}b@eXJMqgOUHIRnK-ls(?X?8q~JpF{IUi`89fofVJ-DC`nEI
zs^z(`%%7?qt38|}cAoI=tnH!fpGHuefw(A(VUZG<cBOXNw_#;M4=tzJr}C!<r~Rk2
zOz}*Z%sM8*7hD%27nEz$d!U2Vk?zcw2AR^Viq6fKP#+E-7$3z!$o<IumO;fZKO@!m
zWcJ7v>r7L~EjYx;ov<+iRgouSpvit}!5v<ZnFp}UrTbyJA9K_P523{^rPeY4ao~g`
zswD)V4vk?&v{EV`#=>qQQ9{Xi5h*L@9F%Y?D-%Gi?3t(qI<$}}EAPQ)VNsgPG1%7~
z@#@*7JQ*CY{TeAV_>C>$caL3j^h<7i`c?mTgaRK#{%_C|HkFEryj)GMiizG7zKV%_
z!^=liHJ{rmRW;wPgRJnxL^6L~c*=4)hOcN<wMmaDZzM|d8RoGs6iV~i2MU7<tYFj<
z)WI<hre6=yyFo87J3$A&>a|O_kKxR{MZYIu?#}x4MJ9D?@o0HvJ7~}{y6Nzu;8<8e
z(m!^BbPb~1-WU5J2Tp2)LU}WYWlSnYQy1uH;jt-YU|B$m!48|L?pdQ@7J)I$fhP5v
zTo!%G%NT(s@fB!BM#sm=k1smROa#U5!*`6lEp=nNUqt9tmvJF#+3C9Rkzttx4FvO5
zV->RqlV19LhiZ<kD^QH@r83l2mgSIgBAI;;Yj8oq`X79b{E`lX<SYeYd{M_v_`BiA
z$NGH-0c`7dv0wxIBKO|$eLzwo;hF+4Fo4u{<6eW(+-yU6iIzYGVD2z;-M1KOzo-!0
zK5Ej3hW_ZQI?zj*!!9s`2|U0=-VMfd(-Q>&PQp0W5)asP@=85+k-=M8mE6#3wm`2m
zl|U3t0r60qf-fUIPr~?|B=p32vTv^Z@ICdZ(eKYII{c#_X5v&*#13x)?DDDp)e#g3
zqo-QFwS8U<PzP{<VJ473#RpS6x}9=iY6{B&@?%wPS^5+k{8(5V1CmA)3w(Aq(wEON
zq^1D1sSTb4;7?%hpGZSV$6h18dKS&>O|YvrT?4ctP+@ON>T_&x)CyBIp%jn?SZBhc
zYExJNop}LoG-Wm9u~N9;bdkeD8nrs2Vcb1gm>N<r<*ASSuIsuYz6jz;!$e^yQeS8$
z#Lq@Kl6dI^*%TrfOTbqb0Csv7Jjrv^>GzCxG;llvK}EI%Bs0|%B#W$U&P7fLlzdRS
zGZ@`n%$`5MJwL*2UUDyk6<{FqNE)Cc*wK~XDhbAXmU^$L_*~)t9PpoTprHhO2GZ#W
z?d5Jj*N<$<F2m%BBmhO}zkk^_0+LBb>&Xik8}pk2PE`A%ko0!A&a69YAxIZZ<7Kkq
zYK{sVTZ$OSgC7Ft6emr=%d=>Dcl6;tO%-tGW<3J-kim7a%e_{ndUu!sRS<pS;-+xD
zb_j#-A|_CNNS}lfA#^l+FQ|T5KPngJlt$N3=<+h6DDoL0Q2LP739*^?Sn*^)LLBM3
zgKlfw4Pms>M+6)W@Dk1p?lpfjSQViy%(-s5LjmmTD1J2;=4I$Nr}Sk=t&4LDy$$hm
zBd@C@7#T*Qj`@n1klw2TuE4K6G@KVRRTfghLzqWQW`Qw~e&SQnvn=E8NfRDy?4lKg
z8_a+wo*i=w?XUnsBaC^qnaAo&k|{W&pb`|OW#8hBJqgcX78#i5c;b5`4>njL%#cAk
zYD;A&$z4=jt@5U#6rLcv(AdHjWL(OomjEvg5+(5wpRvqyKPWJz+l8K!^3@U%^Dch6
z(iz|fVh)yPjfH00vBU4VrRZ-<H?FPFK%A4T#liUMKn1P}Efd2V`BtXfr&EfQE~`jD
z7^5n92zoAA6|5}HHR-|?j+O+{i_K!w7O<QQ;m|C~kA^GMCsieVaNbwtH$V*MfRc+4
z(M8^JQ|R%htP8ZFEmo9h273#$^A=juu~dhy71=;13;$9)EyZHVjfK}f1a#U@7c8u;
z{#+PnASDg5zx;aO@>4-7)YYLjz3lys@Q01u2n@shzPd1)#MwR%t74YOj6F^Nb}v$1
zro#**k5ffs+QTQ=dyyt@Zso@V-5{xuX{z889qwx}V1W3nDo5H&OHabbkg){@O)!@|
zLs`$f!E~w%s9_YWCV(s$S1|$WJ{O7$BA57=2@^)N-w_!aFJjiRKqeQ|&5VB~EE5YD
zoG@q$n%e<iG-l!-K)S|Cn_(MajXOPUoQBh#sGYE;Ljg*zSnwya7QABrb}>nc414(e
zFxU)F8zxsnYyqvPqFND6Xs8%-Xev4!R5Y+@+gdk-g<-KfN;%TcDysgQM%Mltoh$fZ
zl`VncBFT0d?3MvgTI;rnjFt#zouR04rDXqPH3#{&krG;$cC4>grpcR^;(Y9E&$Qhc
z?=Ucr+uG&aFEmM9cgv{gDR*qrsczfP4OeB3E1W~_D`^|7epDvV^dD7fb5TZ=Q<0xJ
zyZy6QDmk?z7C;drzXLC@eK><G)#TANp$TZ!=vgEVERy$t-n{~!y;k2UuSB<w?yvS(
zE3HHq!+U?Kbc|%N1?rGV+B0Df@7{Fmkw(``4{Jm-z8XXsNL|+E8T1-}MP+gh;d)X`
z;ydj-CO9%VHaK1HU)b9PyVfk*0Edf?MK$1rV(qABhjR5F!=Yfed4yc_*eV=$A&QzC
z+JE;^%7|=5)U<+y!P2#7hj9&Nc$`iar)+!(zolx)?#91uZ45_5_PhQ1F=_=uCki&P
z)GOnFXXa)RQ_*5!{4iCNdG7gC#QwQ2ZNG1s+{Eb9pX+Wps_hqks+~FeHq#^@wP~QV
z0_2(xr1R6=tyXlb#Bsym%I>%sd&Nl~lhP71<|?si_1tFuwDYyHRU^EqYQ@c!vf3Nf
zTpr$>IJVVYFwH>HHF<BtD5DvjljX?D$S+;R!f1x1pTrhPQm5NmLhLaN^Nxi<k@c4)
zxRvhRlEH`D@ax7yMZ=cvBZiDF%(;O7?H~Pi8U4v#ms$4&<N^l&!FDU9G=qx)`6%Xc
zQBLLUZ%M`S0L^d}XYCH`O;iWxO2_(5n3Ae`;hdXbPc|O73ZbSrTQ0$Drd+N~Jqn;r
z6UJ-VAC5Ig97<S@xsC=r_KDFgOrvDBs;5KF!ybDUu1Sz0NSt~UO#rC4Dvu$av0URD
z`HT=GSX7PzSeF4~7tR`Wi9nFz<W=nCVn=C%0@J`{mqOE0^exu0>sE1>IA@>y1&v*@
zvmPf?oGkG7lpi69J&xF#U>(mHPj$(r54$cFl{F};lo6^rdSo*ybUCJI_mr#JXEw*-
z_e!rQZZg%=i?WMg59#+u_gZek2n||G_58phfLBd=IL?12FBr!d86`Q9wdN%W%j(z>
zI!NNwWiIC$RuS~1ft4n*6j!5eM7A?AS#oTFBnUwc5@SyRy5_{Fk%<&c0{!&(+Q0A5
zfql6)l1BIb27~Zp6VSms;*<?wGzqI8y#;=Zf;%>3OMr|ys8bfXPZM$_?gZ#iAi%o1
zFYv00DacdMde?&2K5D>Z6GM7J#esj8U=Wqt@DoC<z-Lck=s=Xgg>6rIFM{Nd=jB+1
zUd8#2y@9GY+V=lVz~XO+`|lD?dKM=3|D@mlcOA4M|Nn%Aw6&G>KLQrtWt#sPuwY`N
z|I0o5-RH+d|DCU(`)~6V-(8^pnXmXh;h*yr-<$s~U-37e{?EkvziMZh8R`C~e8s}#
zUnQI%f4F6P?b^_MubAlwg<}~;g~sxD|EY!ZU}LXI;b$o9;o4_Q=x9^$X71JD`8pHR
zFkSIcm36TV=A|OioMMZE=Pr?DyHS+N<EG{r{b<r(Eu65+g5EgF<wS2?8|{<xgq~{+
z{p21Jb=8WPMOEDevb;^h2d^%;!#X<{uk4fY4;+^Lu4+g2++L;C`1NYj!A`B4lhH@N
z$GZKZhtU*j%|#^`8+KThq*G2m5#yAys^=HIx@82mKb@<`*bf}6yq4w_PLt-imN(r-
z^}lUkjprb%8Z<hwP=}DMhMkj@sycYxHHX+QiK~RxDcHB^2V+Cc8SSE5wi}P0#+{X|
zN6${9G{vh7A1D@4pSv)rUW4^)uTX5*ACT$!Iy<)al#h=0<plH9HXN@gIHKK2BlnbU
zyT{8v4PO^6?ti9G-n+X5c)|J4T-AOzY3h3BcGumkc;8DLKh=nz^FGF{c$Y_iG&|~l
zS?at(l^1t2V15w0QPzIBpyuk-RL|+;G-JG3r+y-G|9S=STsjWsKY4nNWO}vC`0P8J
z)9I<ccSlS3g!EK?mDC`8WgWQ>U!13P5h>j6-#huqm0zr*dwuie@Adlp)qCgm3i9^4
z;(dN_QmuWSGl&#O80_4aou9$-WU3xj+sStRzPs<_`TS;u9*j_beupXC1E=@zR?PpQ
zYWKfeA^$cP!umbl|KZqW`Ccmj7q4%p^#8l(|C<cUzc_>${>358@UISGhX2_i%=}&5
z`(GWxo9^x&zZM&>wU6kl4RMU)*yBfk*pmq2q>#FfP{sfe;e)5e08jX&K)c46#Gx|)
zl`JBvYv70EE;cn$*toYYz3ThH?Uw7F<yR`ynpGBR%bPYTL0QhOL$bG;U$G+r>c4$-
zZ9gru_OlybG%lN0cRsF}XG7HbMrINvLL+9CTzKY=lt*_y+6#<~2l&)`DoVLNr|F{f
z4MXfSISMa5ef;^OR1AU820_o$*7fvS6;#R0OF-lZiQjd9IVCsj_nb-~a4RV{RQN3r
zuJD`;u`D2+Z-3KYt`sMAHh5FExVnI84rXwM-~=Zp>v1yBIc^(?e-Gwr0;{dO4}Rs)
z(V(lwS$BsJ4;AX0T}j`MvlTGnH1RgfVH6m`$?&&aAUzkr`jhOXfWS1vG7Od1Yr>$R
zpis%uE@)R&*ly??L^{v;`;;krcN$V^dTNyTYujrec`$iYdRKXuV7dOy6<3c&oHQK*
z{VSzuYO|4Y`0MDa5QW4E49+lKc2qQ;Ba65?mQ*~WgCP~eP7gGb+a?ZapUHJ+ydaMY
zm&*7L=f2V{m+QIYG25*H8eumG+|Ubu09jQSmVcwk^he0Lm{Xrx3(mVCEt~3<RDvbY
z4nf^vKO1}0(k6dYJZDZC*3bM7Fix*=ZrRJjW;@XlNs~L24Vi(+c-GNzIY4G22^``l
z1_1emX8SrJ=qKDb&e7#*y}{td;=xJ-Vj+yL2rii{Bb*h1AhC7edGcqd^FHPi03@QL
zd(u%E18i@YC${0p&8SH0*aw%uKhy<VqqH5mY)|HTm6$?yoa)y&6?pw*2YMF}mbk5H
z=SN$3l%v}toqpp!<ze2*Y%SBFTJG4NT%XPiV;0t=<OYv7vPgZ<8iA7o#2vy0ChxA6
zP_GZ*FPLs$FxMrLOBJw96&6-znzM4=g9qcuT1^dB;+E16yTVY5WgvHyN0XV1?n{Lz
zjFMsDkWjbZsgz={y7#UKhf%#|HAO0;_*pziF0cZ=P(cmpjA`Y9HMtxT_%cc=IWvZ~
zawsS>z(z}3;(~!2{C(ilQ#1<rFiJ}aE->6&@#ChJumr82a%B(_j(&((62zqi6o3-%
zVvc<1fs2&t@LOuw;1oBqXddkTfmlo5j~lK;VU184l}kgHtxj>uOa(FZhz9G}YFg$M
zRQW`x$ia*7kf))9MDVNu=zPY@Q#tz(;uFgTW0wLrc3~*h&B{8xylZN7O*c?WjI<2t
zk<eMGqA*j%3WL*RoX7}4f`hHF9b+6VUrMokqh^$-ZFvGZ1U)8aW~gn+d3gxsu(NIZ
zL!q%;jXUt<w2-EY6_S}{j@6uGhzABOMETHP6aLr$W_x(>kQ5j|uSUs2fb4DTvN1J1
zpA2h+ci~`^!H_iyS_<aQ-t;;G3?iUmh)ZLKE#$O|3qpmVVSC#JvueAW(_NaJ1-0^f
z9ydmg@0wCBH4L<#s~2(xpuMZ0Tu(o~7DA*2(VmeUqdLI4ty~pbt<aanIj)4jRhfu4
zpwvyd`;-j6^s+6BxWkgVYf_p{>(&|jbyEA-w^x+@CZjQ=y#Qax8FmiX^*^I)tI9<}
zvKg?<cKz_hFD{rMhh<O)sZ?K^%^w)VazM0`HtK1~r4oc)s_{&6@z@mxVUJTxMdG9X
zB_o|vB>mM~$_WHQc6{9SE`-O_Jg{g6yb!}<z)VOyID%l-4{=s%6pu~|E3|v!D~wbx
zIazjMYNkiUp~2;8o6*pCrg^iA(NvX?mfLh10P#y%S9lz$z~cQ`taaD3AR-}Nmzg-}
zr$NHO0(7H;!=R_-7ObYTmPGh6u8Kcfe=nb;aZC`lo5_$ZEmRa<c;aEwZ)xA(l*-K$
zOEBUNa<&3alOXzl)LQ{)&^;~W>je!q+B_ivutH>w;J~O#yWCb2EIS8$!HiTe8^Vba
zP%h$e7?UB>a%LRmjvQ+||6g<O85Q-?yo-wDoJBGS2naX{W*Etm1<6T3@<?XLIY<UU
z5Xm_w0m(>4Buhp_k|fDFgTynq-~FDg`+x4e=i8mNdgeFP)m7b9UEQ;0RX?p*Ak$`U
z_gp2(7pgq4@TgQ|RnZd<pMO)sv7_5COQA&0*)Zu75qamz!lR(9=DrNE(khHc=&hn3
z$TVrSSH}xH65^dqf$19#Up@6K-&PJiZIArkgXQ$15jra{QMbodEHqr)kl|rop+gPE
zjN>Czo=1DmB-R_>iMn*wsb&#T_wwQDt!2FqU%4cn)l5?L+^{;2hm>SmlOPH+i$asp
z1Vx+u8Br&A4_Irgu>h4OKa~}A%Ss27^{FQBE05w_T#=Qf4g4e8hgxf8Ta!n})q<HM
zSzvDIatc{mJZmM{*W*Bt`wsa7X8&SM1Dr7%M$AvPd8|Y-=N$1L;bgDu6Yj;@j<c}3
zkFr+3<X627>$cs5JTB-}3oA%ct4#X*48DV-G>X<P7}}6S-OW;HfVqQX&j&u_Ac#m%
zNBS9&aE=B9PHCj6HrYG%vJ_%WjMG!{WHA!NhufrBO>0=h5YceJuo{9V{T$0lsq?X}
z#prJ1+a}${A0iRAm?m4*rBKA>&N_YYs`SYmAqBFX1e5xW7s*O9GZF9Yv8q!$*$0U&
zyF_r|ObBIr4tViYoSDW2qbN$HnAXjRRrssLoJ87>{`*l>B<fB%ry+|0aEBalq16l7
zB>nw-S?{%wA-CoCOBbYe8!I~PuOK$_ip93~rpjj;$q|XNsqVNTS*`8Vu5x%dC1L`i
zc*O6VUeLcZ<9$1p5k-~C#+i}xak4t+-2;95w{Yr?pCy{5k|fjhPu^TS9DU_N*HdKN
zF{$JCyjEJr+h{Yq_6TEg7I;-|+hB_++xq!~M1KrHVY}#b#e^OsufXZy852NydT2R_
zkXA-rxF_S)eXM}$43RJyS52Il6$}c_=MPl_rmANxClj3MDCSxTY_?qVn`~01t8iUy
zl8zO(2sv({hrB6m%Dz0B2(Cs79m^YCd@#Vw!#$F?k3VV^%}s7JXseS-C>H&dc{0>e
z5zDIQWj1x02)Z^TgC9M(*_ns0_}x3JisuLwH-+~;G_{}a*dlUmG!>Y7=iUZMGN`zP
z0mZGKITp6mH=45OQ%~zI3i4YUSZ7|coL`F2oU@t-8^R`|#BDT7omb|1`WKUzfk}CZ
z`}UQmj?K)gwx;`Q5o!&C61wdBb4P-;aN?u`13d=1UjO|4x%VcO{KWkF3~vPa)3Buv
z%DjDr+<*z#*2PHcg-S#54Xk783`P}oZEf|XPUa}Eml{8Jk8C<b?&7UKVV951o0tA3
zE{R#@ACwnVPf8j!&P5p=em-xyE&%qOwJv`@vGAGvHqK&S0z8_}EYJU0&((%$e!bKH
z+TYVWpS|c9$D1r)87sfMOB;Ka*8eUoJSY6HQ2mR8!)vMde!Y(e&Q$u!Hr<v4Gz6?>
z8|8L^(77#W`fCV2G#`SH99r9@h+a6Ga}<dpRu}ccEdDOqCD|q69};7jQ}h1$Mvj;O
zX<6t_9~p=%KkH)TK><g;s%hU?SJ1Hfqh7=h^k?uoH1VY2&N>bYG_{Y%9t&L&S8El^
zTyaU&#xs$6kM?IFPh!l|8XG^Ee{<9(NcL+O<68zKekeeSouRvYr&<Yk_N`cd#BAy^
zy~R^ysw%J3How(~q+Vclt}lh8ps3OF+4nd$-aCRneCC_k20Fij6jPJpk}S%Tiv5@x
zO0vX?iM0vtN4F~EoH1eX=rABUM%o+8&6Dp&QWS6`t1mxrz&y0OYcTtIcKWI*?lg)e
zR{iSd_W_+62h?%-yi1c!&7)o`V$*Uhg1IEuyNU%5E3{H=p0)+H**$D!t3`x)Ne=l@
zi&L!on`hDM22TT5U)a2VAXiUa!toR%LQUiI2pS){SF-LM)yzIjq&egEjMqup*)cU_
zeYvT1*7f+sRcE?Y?IpC!cp2`*wKv`#rBlTfXlRIOM=nyR7E7>@Vgb#66C)bORVlpc
z2)A+$i`QKD$CAH`Cd%@;Kwv;8!F^zE{IFb!M-c<4{R899*HOr)T^#_yMeUHmkTB4f
zl_qcuGD!C|qKSN>vF`f$L%H*!V~z7ka~BKd`N3JFgP!VD)^Uw9jeC07j)=qo&g3gQ
zfpFny@)`xc@huHl`CCzqN0Se71*}**j*wOeIUaM%`qtH!s@q$9_vI1Fg;QtCgV`sP
z_AitL%x_1&tYHw&qTl!qEOYzuQ6NQMprmQS&S?(Ie2X{$R^_ypZMI>WjZGwUHa9OZ
zK-)RxWyYmw@%6Fb+N;~!QSY%x)kqad$}|Ib?p1}(k<aJgNK5kf?fTza4fSUuOxc(C
zI6S=)AJodyeBlNkKJZ|EZ^*v)rmTM4+D^v)3ErUGotb3Ld|oU>i}<_BUITK_JPm<)
zZ61Al&Ar+VG@`S}ZjVNi<Hto*>rG0VPggr~bsL>ani+>)2X70klp50<IU+@aWgm**
zyG5bv_Fvtbdni!iMHKhN=gexe;&sz(52l0K)RZ?5@wxov+8j1jj$c+&&ShuSxk$~z
zRcj={_tT?NRiCf(uAT|W2i-5Vjd@SMG$m?027e*^6fSq60ozHdxp%4xsB!}_x_Rjh
z+;eTR!A3qKm4_+7?4?)$Fx}gGav6(cAD`Bol4U4JV8>CGJ}sV=&@*aFa%g?Y^gLq^
zXi1ZoEeC=v-LbRc?6EN>Wqtff=rxt+<mvg2=i76U_ecK8?xmYoy-k{Fg2$WEs@I9`
zPMXrFGaogAEpE7KGY8!RJ0|+?HQp^9Jn!JD(ewHyKHJ3OF#M_F^TM-%zGuC#AJeH}
zge=c;^*;Y-2H@PUG^5fLP4W|^DN_TBPZN0bmvs<Wzt~Nj&!LV;ng_NKCjoHC@2rs5
z;mW<mD<&W#&Gve^Cvg0k%hc6yJCUlOloofMk!smUNTp=i9*gA`5{S!r2OTiSz%kw`
z6HX|$prSfwhDWF1%cB(zG)?Q>kG6=az}r=I^44StH^*$0gxLNB*q<~VhLsmZte(Fg
z@^wfSTmNeGb{<IcG%s8}k|ouq&at86yEF3s=H~#_M3TV(47#3x=tNtakX&{3Xy`z|
zde}~4g5T-Vp!0X$a=8IF+XMe>NA&3yul<43vtDDaRc(v0_aqwGUfypNAFoe`bBA@X
z@75`>@BF~WZ*<ml_8Qu<A2%JvR^57Nq)V#H=7^h&AuPv1$xm7dWhX)Aym^r_QXRUa
z3bhjejG2`g<{&C%l8GyC2Z`Qcho?AZ16my87`xs++~p;fCCZsg(m&mx*d3pug&x~a
zPwtsUTrDp}ehYa)%8j+<Ah7(jFKv=?w&82bZpHHt{dLEZ3AgWa_s67TzL(o*+S+Vj
z^z6GniA)>W9z7O}?UobRJ!a}_A9pCalV$_K*wz-unJQ){>nGAJf>dkbg!@GBeepc2
zp-5Bf@|A%W8SrXx`?V*JjC?^<_AJuG&AU^-k2NeII0E;zfpxG-2{fp$INPMbjXZ5!
z;0rD9$IIJq4f6?f-Y)i<Bq*96AczVZx)82%SJ8b<tZfjmAXA$V*eZUW3w)?N$p;P|
z{Rwt8k%^iQCrIzMl@DS83$}K*0NRM2ctrP=L>Y4Crm{PzB5uhCDE4$MMw)nwd~Fh6
zUSHBk<jVJJ1jA@cJf*Ql&kG1#l+l9`@BJq<J39U96}l}bbNN}@==X&a#fv_vwSg1c
zW}?Bi!Asd-823(mT?j#iMfn&hwY<4Tt4Tcf9hU7QEe=_PIs$=sX->(KtFHg42QSL&
z{g`Ff7-6&s`ihrhQZ>0#-j!@;;uj(1+_{*6Tf*$$y3bqFH89PucqfFo`T=LvFh+U8
z7?I+pLNA;=bm-uvl51(dz>*C~tpJ{MMC1{^!=SLwgw%Ftd2+AIbRT`rp7=@Xv)Ub#
zH<Igzj`1B<D{hrxgNJvEwV=;zBW00tE5)Afj}kf3%|<fTsG@flOBSc4?lnjznLg_t
zB(tXbc1pc{QR72*raOG~W^!zQY>Kc+qq_=u>Ga6NxG)CqXRwczrNy`AY(ghztv2Eh
z6(}5Vo-eP<*R#r#jAS8GtodJpHuRn4?sz2i%S*^x&g|6BC)<S7XMTVE!>;WfET-PD
zo_6HBfo<FDwCyyZ^!Hs=nBaPlmyKvpX&rNCgxu@!=4nE>jcvV{ZQI!w8`nX?7UwpH
z@cCey+BQO1gJCpn{q)dgkVPI7SK%B4*0>!+HBDmLKAR>{tQStU#XpBNz7h01yo!gj
zs+|yzMUv}9CM5uL2^!N_VP3#!6Iu$wPIx*Fi6o4v^%dv{N-W^nV;%q44%bTG({-%Y
zBY7FU@cyXrV}ne%H}jL|MR|^?%2&O%eDVPjMu36OB?i^k+!?-4eo$K7ni*K4#Ed;s
zuhWL~)rugSP3QHxhm$mgGM}4Y)^X<NN^^|0H@oPF`0YUiBDWEHLxNZ3{M_DD#?{I^
zvHe5>X>%Z5h)|(<iC8d;I#Y`O51f2^|7pW*4)(lVx?uM7u?*%Cj1OtDnGN&!<;f*E
zp;*irWybb}Z$b=;DN-7#RO-=^s>Hjhv8z*uF#E4xPN+{lyROu~{>g=GBr42|*AFNu
zqZt$3>@bbjb@(EpaOI_2N*ze#eBVqdEY-Q8&BXEU_X-I*srWF|={vth7E;W7tzA}w
zl*Z_7*>e-4$cIIbkl6tT3Q>n^@guLxBDcaPgRLqtB184NoI9kpEowA{S(=NVPkno8
z?T~FP-Coj;^L0J=BW_9*EP0hVmoFr_7@}MrlWbT|jR8r4w&7|N30eesy%;wP3ZZ_~
zH)Iv$CY!Vk314N?SlR@)^%plJ$;yWCce*noE<liCS#W*=nwyBx(U8N7+AupeYVR@g
z&I5|JdsCWyB+xc+XX4;u))2PVH<}>nG&_jxPQpATga9HSXM4?y4ocU-F0pJOnbk~Z
z9HHu;i^h@py7-RM&LCTo9AJSocL?YT^cbkZKS|+lT^Q?J&#hw(ELeAZYXsK80MbZA
ztVm|VC9CpA;_v4d+fL(o6e}TftLK8+m6@s25k0p#F)v>1daR`a1d7a&A4?{AlrCBs
z?R;7=gA9|M={5Uu%^D29kBfAAOAbE!(N)bg-&HK^^oHuIwbYCSTVdf_$k&GnWx|K|
zUyZgYga{b6kYl9|&0$a~x-0On2Rv6WGfs$BkQv%E;*F9uX~(VXO5Keh*R%Vi*J<00
z>yc8{fvc`iCNR$*T^-NoMG&3xI_!S7?A14YQ?>`Cq2yq$5Kwik+=MUSdl^304;KN8
z-t`9`4|ud0uN|s?VrIU3KJJ+3e2U$3;*2HI*+_dfYDZ-!Pz?RhAI+>4ZoXYL%{yb#
zQ?~fbwUVtLv0{CHVS3)zQmCvC{XlT;=p!|8%Hc-`2G@`19)d5MK*Ys+qD|PJh2AXq
z9{ph8pZARy+>OCL_Lw6g_Uu46Bv$iannf3ua-2l(65Peh{+Z<$pKwSYZb#Tg<srKJ
zu{cs|Hk+X~tWYv-O`dMQF>TZZLjG+XP2otCQq}b{dRJmi6T|o?dCA5FU+ECj{pK>m
zh5oT10M@1CiGPpfV|}vRTy=!QvOzHKn$z8)^>T_%400K?xQYvN;d)w`EUG@aiYk4}
zZ+Q!x4qeaca`0To2TGG3ot#Y0mcq}eW^j{5be)gA?KUPN<3$b_M0O5%dQM8uZ5brV
zl-RTn7NUaLJuTnx(}r{RZ?uAyug{)OF~<w=*a&^`zNZXBw$`sa(2WKQwT<s$h?_*G
z%-75_XELwGs6Ll6noUM)0MDsmwL_TDq``A0oh|UTTU;JmO7)j;N;KMS7C0r@v|H`Q
zefgfrH8s0q@r2yKI^*lirWPLoO)qE10*`NROC|I?5~mag0fX7TJ|x_Sg1BL$#Jhr=
zB&}Ar?N4X~D8z*V>@vd&1q<vo=y4XlTLu_9zq2yHmJ^WkCGV2kwBQpL>h({+XaE5i
zz-``f+1Stgil6M$nRa~v8q1hGjoBy4R$M$Z%Da`@C)`n>{Fx!ou$T1`H?1w4IkWCn
zk3Dc8;7myNd+6&<VNSR{H@g1#2^$E7V{X6w{j7b%GX*axJsmr+d1F~YEbq7rge@e?
zJ|jL{zu;BOrBYr|po%{dt|8d%0p^Jq%a9~l9LsnUBt0(X9AMpx!AJgNd|0C=AV-qQ
zZ6$4htqAvQB(=?f`3^ZES7GlG_1~>ek<hEPvqvet?zMUzTOUL`=06}A-RGZfcg$L1
zOU>Oe3%XycOgk#2aI5t7^`7{a>M@M2Ph<YUW$MIjb-M!v(@8alBskX`YhmJ%n8&-e
zxgz3yti)QfoxTB)dIfjOWq{u+hZXgS=W)G88a|d%{t5aIb8sv>(|>-|0Z93%b=&cJ
z&d&0eWnORX5*}|Hr1|R#CTlY{lpNjK<j;1r`f>X_9e!F>vterWx?jA7W~emYph+X;
zNuEN_+t*nBf`K@gKMS8Vc4b##<trTFG-CF`vW>Vw`)pFNO&7Ap0Cy<s%%SIm07DBn
zHMKGJ)&9M19<m3Y^Uq@?mhx&x@_jvM05nxBt_){I$M$IQsqV8b8Ad&0{td{@f__X!
z{=HShzTuf@<j;4`?h1>(@y9OD@n*f2#^=*1r5~lgZ_E-DXt2F{H(ntQ*z&mV(yxBf
z|1LE#wT0IapI#^4nN523r<QEoI+KR~@F$(ug2)flID4o=+@^6#mdwFtu5q)Xj5c?h
zSH^U9&<3~Xr;g1uo3TX#32fUcchZI)RJWM1SHBa<^dwr+WM48Cq;bVZ9m!(SkKC0@
zee2(Q)O%>Sc)UF=*|9TTuG6qTXp7U8h&9-9(p)2Yu615nGl%h-r7v><>zFn!I;Kc<
zD+}|BxqDJ;PzM+=S&rvOlqW9xh-2;JyQr{E*b9y0Fco1L-U^stM$>6;IhCkC(P`fC
za#xq$<pq0JUA%X`&{0OM`gt>S|Ei}_Zk18OE{EXACu}UeeSrF_9oHMRfdJe{DuOIo
zAhlbtiTskbzeaRIl0}Bd7kCS&n7khmZW5~&w^$v<1X(wkE!o9$KXS6hhph)>f)87L
zp4c{Ez~su5{T|{bu@x8|eqpnfWs(`XEX44U0Sn$ko8W5wK#gso#V+QL5yr}apu;81
zXLXGP39`4M;U3GD$@!JCt<ka-#LcNl?HC;9CrY-+j$AAG39x=7wK8In8OoM~ljX=6
zD7BIGUFp1C$|n<i(Aw0Oh9MM@5l1S(cI#74_H-?VN8)sV4$a%gUlKD`5@G}rVsKar
z6z&FJ<Q0*3HR11X1^JF$M<2{c5{Hyr2l?B?Ask+%I+)#mFxCbuPfES3idrTgFI*m`
zVr^qWMS+^D4d$Ev$yFbKd%7J_<x>8L&o-w65uU4K+c_;gcqctyN=H7=3ryYjj;CBP
zmVdV97N*6mk<ApMF>HgbiigE#S2K~>O7xB%Ym213%}`*oT0E4VqTvc3u^=s^-68)Z
zws?Dti>f=5R^a+-oH#|RqIm98f_T8shN%JJu<DNJ*@h@UHrp$kFf?mfX3!CM*h=b_
ziY*##=o<^lrzK(ywUW~;`_6*H5kLH?5Z_c9aMrRo@*h%4-acG0;kN9nDpoF0GQtc@
zCAc5A(7w}sD45LOcQ57w5qp`|_kQc~!Nj*(RbwLW*xI9jn)84fh~2}?jW-fuijBh-
zr57;=Y*#gVD{>7EZ++B)*@L+V8bJ8ISHY3EBIG}AZ{bzAf|nZ=8Q$-*d^$G~&?CH1
zvkxN$Fh6-vcODv?>~FEdj<(qls5j2g*^Je=epg;5d*)mC7JU%>NBYJk(VpZ;_^Dyz
z^mvV(LuVxIwyFDSHRh5qGNH{ZsYBg_p{8MX;SEwi53yPIYJjkZ*?LiL-*h!tRTtOW
zcpBgqh@6uSyqBq8t9dHFNr{9`Tb!ou34PK10zJ5WpvjZ66v>$vqh44u8ZpXV;x=|?
z1G+J2?Nd2eL%gQf&9XF_-&aYbBLDtgKuZep{_TxatV{A{ZN7OJle3lY0NWb{`eoVs
zYr}@VInkvXWg#m)J8NaWIZ@XmhAefy;p=6gIpT#x$)SW6PUE+QhKk!bP4G_o+V!ca
z?2v0^v1$e}_YG)!7P*GW1kH>$#JppP&=c?5KI$Wl&R7L1ehw6*zax`o8%q>s^2)Z7
zh*l<|Of&fPV%4r6QL;?hX%10x55=AkeT{9)9X@&m=E|qiPW-XD2q;RluJQJeAuT8D
z`dz)Lmtyfs&;U^`3k5#s)_nI7y3j_0@e{psg4`;T7oiobbb7N>h1^8M5}(jBwG?Yx
zx+_i}SE%HYN{$8^VSXODI?h@W+IU1>^+dHmq@H7XsvI~uGch|1&!Bifb*ML_#&Ps+
zz?VZZ=1y!3MQmDj21a0v0hy|z8ZKwKuadN>zS*2M+q6?N&u7t<voy0}hg&Gv@6VsJ
z^6up_Q*3NTa%Nr;<+}NmHy0J<H$^i~31AyBvl4aH4=-3ki4G+M+$Rfb%!b=V@4Mx2
zj@1>a)(KLCIZ3r$hCNmu4UFTVTV2Da;z(}rm~4pc&ny@jrrvrs8=1QCUUOhYxeOLy
zytYG(d>obh2!Ck%z3+gTi{iCA+mlPOEmXr1NsjVurSOQxQV4YD3&Z+W6T`}TfM4;3
zZ3XnCy}s~RY3EWBmuraU`KoGeJ^)NI)85AwUPJ8Ye4L%8ByILw5vfRka16$JytT@G
zsHNx;14sADka&C<$VZF)DN2EN|1(?fAZgY!TxqGcrsPN2;q@(*l`K!#v(SUb!{iHU
zVRX%LM7dmoDD0N@dVKbYDa!3gW=kzxC&#&jVdeSb*ItgVhT6(=>@tsifya{W;-Huj
zDxUR-j(ZMaVKC&3F2#sxE<JlL4ja{VQS<mwl!Dg-tb&;4nI-;%OUE&2MPaVLnRdNy
zVPuAn#W24lJBQNSD0rn=-uv6%$H_w_!?J{$B<FpPI*zJ)W%*v@9JzMv)}ukxv6Xl6
z3<Uy|1aPBq>e2{+?`+y1B#=(^5O~JDB?FTK0=dQB0gq4awfHs2++AbYWH7RC%Sopo
z#oze(ZR825#b`-^@iZn5kK~neOc~wJF~c2`Iz01F8X}=@CC9fV2Lf?Eu&9fCiqT*W
zbiK5k@%dgP->uhSmPJmHYo?Ct9Y#{05S|n82^W{@+h|*rQe>AFadjhcI{Kn^d!X#M
zmcuYV$5g93+2db&wCUv^#5R#}Cf!v>|B;gx3bMWofA{kq&4#iu)&7S{>Zd9-kO^Ke
z+1oZ8mkr_OAS;st8p$W0<LPuL_<Zc79x|{z?W=z(zp_N2IHf%H0cT3tOBXkt$K>p+
zOwy~InkUn}ftt?fYSUnvckIk*!0E2n=a$jz)kbD7y|X=9smXxYn0(O_7pey7#2N3=
zOs16Zcn(@q;^YrK8XSGb%*)s9DJO==@ZlPkW~!EN8yoM5FQbR*74)AaPdwU6yDKnq
zUOC>Eb|86AyZ(@0{VvqcHen*|P>(s8)WV0o^3`MJn(c4Q(tt0~W!cFc5+VI&`ND0W
z7uF+k^k)SHfuup4tbE)ws}?(>LT+p?LYJsw6L!ZIL&7VnD?)#6rEGe?u*Pl+WEYex
zba#3hN_tXZ<+#;e>{!kr=UVD7%XL9^?F^c2cPue{p^WWKevlGU0Nl4Rsf^Q-480rS
z)#|{!JX<zE)ynXW%TSI{hw?l3_C1q_8nGQ_^p|(aSCbnxCXZrOa;9`IeEOxgUIB>}
z^eEBEYYsDC_a5=hij<E*6|}2+63ssKRi+?9Ll{J=>sMm%S%<3a4F^&}&tB*OUrF#D
z8whl6hJy9)l!J=9uG~k<Qm$NBor8MVkZ;30@4OFqAZXIh%w_0%rHk=kY(iKoM3GT=
zB?_Dnb~<s|?p;B=lfSo6R+B~yDL1`uf9FRf#?;}nTaa#k`vK7lw($XR&xgVeN6thw
zm3xULAJE@)tX3X63m^Z8=Dk(&F>Jz11jhoMj^1C~c<!$MF16C&$GQ9l;qT|1*WXkr
zn-^3)6zodaGfz!6dUkt+*k|FKS9<{q=WU@sn@=KE&Sr#!XHNz$K4@N@czUzBH7r_h
zThD3U0m%EBA5u9ta=8||?)?ZhOiEfwR5|zXo|cYi-3fRyyU~)i;IZ`$-dv;U(&T=s
zo+iA2L+7JTM=x^GU6fW>ed>9r9#%ajj0a9DCcb3t$`|G{HY_<))3Dj%IQ^Q^wQ}Cg
z5g=`Nn9(6kbQ@kkr$$^uA5KTHX8f%+8(Wc{LRw6@#7X8%Ysz?frYl0YGt=bjvDT}S
zG4G6{Td+@>X9W`sDuJ3pdV<uQ0vUS@d;n9a5~R=G)w@fNWBlXGjO`CS)r*<k;{L>Y
zU5t;8NKQUpQZ}E{+IuR#qyiJGsf2+UvCku0y%_}wZDd$t`H3GM6%ocZe|K3r+iu;k
zX~f#`6R<q+^l1KY?J@0Q$>n)0;OS!fVdwLn*SQW{_`D3sFW881b=7Lz8l%&{R4ALp
zTQA`});@Qhb>2>%Ej!n4L5ue;Ikud>KiWiEdRI@m@rA@kS~TI?`7FE1-Ha@{E*O5K
zcj-lPXDGy6g3dQQFROE#<-4`kID56sxqoQV*y=s*o*L6$x9nK?TD0M*`E~hhthjmL
zL%nkzpk%a8rG0|($<J6rhD}dO{lVa$JdNX%7#6B}VkMKjJord+>gsP$?_4`+mX<8<
zSEXnG#mjK_hg!3$gRlKmd5Zgwc}k8>*DWra+4xs|MzhEbo}{|u>aJ^Z`g-MNk2b$W
z57z>3(_*f@{1#3etR145-t>9KV%CUi^VrCvNyv(^rp1`?18otB%g8`5?kM@)7_k85
zalVo1nDiE_QT~})ZW}8t@?h(|&HL_}n#B>cH61;lzglWb-Lk>=HeOMvFk7#1HCL5u
zw6?H))`*T4d)ps}KQE%&L>WjE)(KtSU<~P8^&gU^@HLBZMw5K{2I$C36V@T)$Ckv%
z_VX};{-p~UB0xqww2=FfaY!I@J%Pp`X810fQ6KGEYBfh3o)P0HNvhHyD?0=AHGWt;
z-Ru7;Pw;Q(ayX0+^xwo<$p2U9a`8VCYgG+x9C#ihtxW#TuKf+Z{IBd<7?cSF0YaES
zKnUdjlwS)6qSA8zfnSaSEEhMll|h)BnmPVz_<u;S{TF~a<bMD#hyPy!m<NdJ;4(W^
z$p~#q8++Ws%M+(T!*rk9qMAYhm=CRo87Bim+ZOEW6TETtx5m}VLf*ql0^J&?uuur*
zO}IH^*0bE+lGpu8iejr4MNWDKwFx$T6-=HE9tTF6<?xyxlnj2m9W@3X4&=#^S@s+2
z!cX;qFP}+JEY_K2I(Vh6uhlUy<-FU<b(*@YuzB92|LOdZuToW9@klsNpX&FQCH;hc
z+^_7TVi624&9ApQupibr_nTTjf9F`JobzS6{GNi`VuEY_8@?{ZZrn-<1-LZJPKbIy
z;|krn+Z^31M!13yV<P^dA6!h>&O6+5`4p{g@pQO6oZlOTVD1>)clByvCVgRs5rtts
zYpB?Bm9(&#z8y6o(&`|)qiDCINVHkHr@(q{DHwKm<$9;*3ba(&(%GOs!+6ehtT-g*
z=5rBe<P(_o>XPrK;#_lvaj<AypZ#$4%4zSXov=^m6J8g~?=r(AU%2Nfj<CE}JZadA
zvu0r<lb!MZ!;FReUqYV$KTgsAF})Q6|8IIL3L2aVih?)4DL2sM{5SCAD9G{~*z+5B
z^S|NGZ|Z+Rqoe9>>i+|ij`w%loA0n2i1Yu{-@u>$UH3OXKT77`v>Ul7{=eEo|I+u1
zhHCdWbovc!`oB|5e}(REFzLS{;J2i6lyD%^O**}xAV3PlgpvtlQUOSTnSR+8^@NJe
z|Im1uKsTAhC>kGXP&ZF_s5DcAjmb@OJje~W`rm?(HjXHJ{9*wp*&~fr5so?lB?&2j
z8p74_`9GWeBP7+_Y!Lt@L(`i#djv|tU)od<4oD|^V}t|KFBK|)rw9{s!^cQhotu>j
z1_wQa!$43z2p=y50)(N=_B-J@K-wPZWQ!V}DnQL1wItcz2sd^Eh^wL&6=!o}go^ZI
zfGm@vJ?c=fFhCsDb(C%greA~p$N2s+y#If7^j9A7KRWtnw)c%i9q<5uni21R+Yx2P
zUxvJ~-OV(TGdFS2VY=~*3e(N7Rc?slNGFs_ZW4?C>+wI2T!<Sw8d@PufBDeiFYn>~
z`XX=WhIDcSsG8fDS|M)wg9lKwMc9ZLJDMYHbpBEV(0ZoLWaDII_17B^rBcHj;exPN
zvPZl?+_((kfO4XYxd}oIiL^2@wEyKYykC^32pgy0DVpY}dFi75mtSut+&?@1kAoIs
zPL5_sdqF8lDJdY3_c0I%Mcn`ZL#3ia;iw`B1cHG;ARi3%3_=z0zY16a#f#!ck$>^u
z@S%=s0B>#&xcTJe6Gj;fbvuLO{}zoR|5pSARgDS@6DMQDe^uXzzEO$N2Sb&cZrrGV
z-gM>f?%c>g(Qmp0LD9e{wGiOns!*nsFmyz4NIU`qL2w`p#C!9}%g+PkWd{P;Isah*
zSCmQdP^%aW4<+e8FD57-Du$R|F#Sb?f*?2HcJpGg`40{C3_|@z_?-sfL+#<e)1V+e
z)Rz7`4G7_bqh{vsZTW!ws5$f-4GMz7P@(r54af%q{;2~5=es#U^BW(E#`~u{5FEyf
zn%=+hfl=1`QwJExf3xEK&Id)A@82}ozvRI{uz&Hv`2J--)XLBIr~M#MUcNu=jH3O^
zrVuC;_UCvZFd+Y*dLb~Bq5tSJFB}N}(=NPl(9I1mzm1m{4gvkCgBK3}7Y*fIzCYzb
zQB&j3woo7#^lv`if9XZtl*9k8wjl7od=3SHVSkPd3cA@#e;)@F1plXh9qkRxtq}G%
zJDjSyI|4QB0V+r&YJ)=c4Yh{>WNls`nIL~1z5vKdFzGM}N{aJ=#Q6A7F@W+S49X`Z
z0T$zz0Evmg;Zkr^PzmGxzq8ydni5E3aWjOmrGt|-3LFp)=7YfbC7>W)5D?Cbicc{p
m9~dn8SX@%#F&qrKS)v>q4ecF&g(nmY2Ep;z*d!ID@ctJVNTBrq

literal 136825
zcma&N1CZ$4wyxc_ZQHh2cdxc>+qP}n?p|%%wr$(yUEe;qr|Rrm|DRNnG3U&zR3&dl
zC2u{0R8ClwmXVGHigci8pmU&kAQy^>fPui)zygYghhECq#?;A-fcbBa0==lYm6Ndp
zy{MJGld-U|p{<cIA0L#XlY_CoHI!S{5{`N#bK9M_PjD{qvy1pSv{c|$GogPl4a}kb
zs3zR#FTEF1Uw#E;ajNWR_MJ=geu0B{=cM!Q^#Mq@ANP+Z2Ar6{FOHgVK61O6oo}Dl
z34FL8pO3SdlLuM;8{bac5bKWZ=N4VK9=zc*7JO0W+(rG2)CDKCL8zAOkB_Td+m#n~
z-txpc$CZJP9XNj8%jeRg+wa)e2Y^gYcnj`|hdglRDD24-{q>jw_q3J+hvRr-VD9?;
z&I!A%nD?y7V%+B`J{xQbe!HDd3fkhi&<&W7tC|~MkB*+6uX~rDwJi!Aq|=1&i0iw@
zkjRet)~w;r2mpwxK%gYhcZla6Ngkf95g56x6BrNApHvWb?G}p;1Dr+i1uka{+Qq1S
z;=R><aodqIp0ul0uFp36_eqSC8}v`xp&1s3H5GoZA!C-#gHhPrLX1@K*-`1r?7<3d
zKJvSCmAOgnD4sznoH~>!J*ZWH!F5cWDbt=Y1svYtvCjMv5qE7ZQ%J;>J&`^uDlH8y
zMqZ75!A&mC#=-Dj>?qn2!Tn6<#?5p@{1R9oHcb>F4iiZONEn(oZz>R?>V!0;SE*yS
zN~ANIxm_4^FP*!#gT&rqUJ`xK<2|$)BMpd>ybH!-WH@m#1%ekyM`))$?**T6s+=8H
zukghHnNHjXXP{?d{!{AUjtQrU%SFW!d#Jsq7qS9%vn8ec3}F!m^>#2`bCZky;&p^c
zX&72{6{yC|W1ZS3B06FW0VJuc5$pwj<}>hadC8pagV7p<<{f#foHJU>ODHrVGxwdg
zavyPeiASO!3xud3_G+;TrIjY+q7W^NTt%4#PC^Ou?ILH&A@4DGg<Uq0k75+QCMNCU
z^$r!3p`fWm5V|hZ%=W>kWVT3AoBblo!9ezAn)RBj>!-A!Y)+Nv$ykM;vrO^48^kA)
zIjOS<+@&^5dB-Kp)BCcV4x8lGRHAkWT4*Fwq>e$f+1a0B4;n9u<3-N7GwrccMb#?A
z=R-VcN;jbNQj6SDtQMJ14$7V&_IxDCAqI9-o`8Z7v^IT^ixcdo6s~X*rd#XO5z^cW
z$$Th@m2(X{*AFNpZsr>bZRtNOw_?sirId2CmxfG^GlH_Wk^+(`XlUtcL%^>f9pj<w
zvbB~$Lo%N^AU!LpcN2p@Of)-Cn_IfQZk9{2{d`fzacV<8gd32{_&?N@$j4!}_&|=a
zVV=Wxy!f{BhmM}#6cMmBX9cV;J*!j_72+(PVijkCc3;Z74`dAC2Ut*6#IqWxX*)x$
zh?X6V-}!N$*Ej*!;X2^>?-v8-d<lU<?TK)pn>Z~(LIe9uRuXPh`f117Y3Q>Z7x$$(
zsZ0-fPb&5|66j60{>Z5Z$Z#~=(b^}u>dKL?@!ehQd2fvuKfcF;srI59kv1dF2VS!W
zb_zM9fiqqkw-C`C5fsf6n@ibv7=3U#X?>Du_QH4U87v7arl*L++wRXxdqz(2cDa3)
z1OT|KgOMEWY}s-`fLT(84NHW<{tlfS?-R5@@-J?<b$&Oy#hM?<=mt_DvkXF9B+TiW
zyD$YaoGTED)4nXn%vcYgDv}t#e_!R9B#I)1Ktk~v4|s^$r`W4t>9f?&dz@)&5;L5M
zRBuJDsH6=;xdv!B_^zlYZ$mbr(x%;l-10nSVc77cSv5Cl^SVX6Nt>mO9RL|p#?pM-
z4LYnj{6<MN!<ZG;GD`z@%>wFkt&K46bB~D@9}hpLt81Prn<neQc<Bh=!ka`bve-)Z
zE@qV?)xXgmTvXu^oMISSWg;l`96MyYVDn(1MJr|1k|^T99p#XNzM+&?+Kp;436kFC
z_KM(XsxA$Xe8#)4pne~9lpF?fU$#!4_Biq&TzkKxp`TF8^DM*py%PlD9S+TElqSWI
z>biN5g``lzp^zTK2pL~(HRS20T722kh)8KrH<$!jH7y^>S=F|W(N0obX+}jxcBg>w
z3hKbN1fGu;9qimVoSFnxgEAPJ{{6wS@+i(R(}wo8Yqsd1X1f&!9j9BGfof79*>+!k
zx<;xif$6=q7(w^$u>8U16D<bz))rA`xw+>UpxHZa<s>QmyiM=Q5h2Zmz8sqtc)^u#
zP>!H+<@kI%8LQ%P>p~6|E>ML+-H`#cB{tB94`*lOM%trb?{vyMW3M-oHu`n5FB6Hu
z`?{4I6bmIfBAssNwuJ__!(u}_K&g&GyKqHv!H&2zMx@*$M)Z<o4l|xlPMW21t{zfj
zZln_O1Qb<7l_8*L1f~&O%M>hg?c7GrwW-{yb9zS*o7I;P9`#*Ocl+c`7}DvjUI~Wj
zF}@ic2|*=|lN_}`?oUGm&r1H*AQG34sm!1YFK0e_s_gI-jf|NvLn06T4GbAu_IB#Y
z+%<2I9GbWkG;<<>h^IQMMTR$ZXPzLUAXI{!zP7$DpT5=(rB`@BB*F3w({(&_1>^>d
z{aOlAH!s(K9+%8zOz&2@NL+wkJftq(Up(i#80Jdd#ih`Jk$+0^+u2hnO@|&rGvmfu
z0_$jACzWLku<l6aEu~}9MmkhJ*dv%PkGy{^H9iq5N$wt&bDdPqXxQ{5XpB^IcY$V_
z5=I^EYJoaUG2cH;VGkAhV9p(ug`}RwFvnSFLoCM_$WQTgxP_|Ke4Gd=i65j?YY+t-
zI%c2rjG8N%Os&sUFEpG?k8UgsQ#Bn2i}%kRX*R4t>BLu!RJd3u1*@nUM{-KDylBKZ
zn@DIA%d2`Ok-+#1nM<krm@bHB2CX8z!c&q&@1RRwI=m-|ZtD5Gd<jaS4l|lSJ(2Zr
z|MpTN;lz|Jn^7A*v}3T0<!iw6C6)UeRO4Zn0OMQAqip@wLpC59>@rwMG@ue~{v*>8
zui6KZvY8t^(|DSs6Q|HM-9da5tfu;JLW<!k`2uEhNaSJzarHSC^|?tds?^=s!qh#7
zC5c4nS(eAZ3B54sAjO?)K_D^r`ngBcMqeV3Xq)aRcZC-uix@v=ws{4Rq~b8U`j_|y
z34NW=Fd?Rk4i>LQM)7!8t>wWNO4|*K5Jvwm0myiZH}39XeMTeJhJziQRD`ldjfedq
zW*wV`{Z$i@3l=nO#O)fSs%wR>S}L#kUs6t#*9&$OKow>UVhVdTc3VoJNDfT_JRX^x
zBCD4!olOKaG;5f+>a(_(eW^V1F1X~h-a-TKZjee%&8Y+}N7*sMTn_=FL|`vL<arv{
zQdC<42<j+ciLJ^N5sQ&3@d~K;O0$2a!WE;D+vJ$1NRvqQ+tDP>`HKg$8aFc%g)toF
zj+0fC4vIGp1Jt*L5U7nnq-gAc2am(!+^tjZ8teTfP=8C?(-J|om!YYdrH&p=K+^gO
zkO>5_#B1NYV5F?)`SG`Znb)S@Whz!H-juB<3soEw@yM0Pg8VY#L^QjAy5U-KW5V;@
zSw#31IZ8HP{~GD<>a$M7z9Jm+M@V$U$bY8VB2aa=eyt>FMl^=;BI3=W;yUi9vGq2U
zIfrX80w*Uh)Ap)XktNT2e%V-Azkn|u)0_4uxnniRhCd1hJ}1VrERCkcrU*EhIluFb
zSG=%&e55ftD+*o#Z2iPVd9?~Wzf~R%AJ9Ma@b+wty`wO(FUDkWCw_;i(1?OTrYeLW
zDM9<J!0hgtS`Oh%M~xXzhjUFZkUY4NRZ1U}?gllO$e!H)V6KCH`a*{J)Lzgyq0SzU
zkJjPP)Vs-a!Eg|oc+OvdG(b0vUC@)@%mSXIu}_NAF=8GvRTv0Sc@pCeVGe^q&rEWA
zFGhWm*9#Wj6a5BUR4q=;T3m~3xTf;jm&Akpj;m_|QOoL`&9{Rgr_)7-?$0;==efk4
z#D)hO(`;8$OkjSY<E48=*(t^`+Mu`2w!R7M5RPoK2QRHeKwm1S`w(5XKz>UAKmfmY
za;A9~#M8-|OP?sK{J41{R^FL|>N=UuZ#O52+$Z^FfIr8bJk*N>ngKJjPzA6qqbRd2
z1ZBr&JdOe|79ZA7LVJjw5MUZX>rDRNf^Mj^o;D3}w81%1<Iz+x7DzNni*UHED$}q{
z-L}WZ1m?PwOX!oTjf3^?;pFM5&mztfo?C@f#8+mj{?DhK&{Oy~61{Oc&8FeNJQ=0^
z=TbD>BV+XBv^+zc?_@Tx)O_^v)`qN$yA0k*5!*rf8U>K#9jd9a*9AA4^eG`0I-#Hx
zH);;BVuZ{>bTtsJ-pfVK3anNqiQ{N_u`G}jkHCGmu;8u*jS?S|;5QMJ?dY(=OOzr{
zYG*WOxN*Osqbmh8@l~ShZ$9Kvty%1y;JIFn`z51727S-E+Cu8fKOFj=q7-yks6d|f
zz!we3Zb*wFCTVbj{Mfa_pEf}4Bwm>-Jw}O$7RlVS=ZOADfod1VrA|R&K6A&27e}6u
zS|)WOqA|DEFqTw!&<&<F`J~eao_M~gDdWNo8^Jn&*+9O<uxL*6n<CaIbcjNyRK)IK
zdmPsz&TXioAnh<b1>8x{@Q+PN2{}b?S`Rd~u?%0Xnu3ch=T7L*beKx^dzH?LmX64U
zcLXy~SwRO>aEau2C5KSQfT#4*(BHduP|05*L5;L}jVaiR^<>)q5sh&-o-h6;4IKh6
z3vm}cK_v8qYY}b``M&dxVQe*-2MujMLs1}C*<&o`ga#+^7mzkd&|S!a^l)PDQ!->A
ztK)?sQ)w`o$<B!dhsH*F<O!x=d}H#!m9|l}>tkw}I1u6}`KBrWht<F>LTb2POz*F3
z{i2)IxwG%e7wn*XAnliOZ%KfaA^Vwui8*g$8&D`OtIEG6mWWfDm-4j(lw>F{pxFV;
zj9fP=D}LppP`1V_Y-4&(J(IY@^HF#a5)gTAoEH<NWvwTsPN6$3AlgWGc3SH-RpRJT
zv4&ooJ1nKQFn^4zdaB|VPgh6rGS(MDLw2lfe>p>kv&h!8%+hI2{3PHZPC3b+npKv~
zz`&~1q4y;(ex8srr|P~0p$3pVU9){e5|1php7`mONKs4O7$xf@--cAmt`sOOBv_m;
zLQb6&VPt+2N6>XA%`oXIkRh3;`I&%4YT^S`&l>YU+4pp>C-`h516>*u@9*S$)2DY2
zwYacyBc6=}Z@~h^C^n%Ujkgod=X#%~CmOaW)uL!~^<dlkBccoRB-KSV#?h8#0y`?W
z79vzVumt@#Lir=4*7&W*n)1h!1fyX11l!Byu06|*daaF^>Qf@f%ap5pTSTrtq}zf%
z0WI0f#?1D(SDAI$Dd*VDZ!9UJetQ16J{TL_y5oSoVs6l9-?U5g5p$P3sAQfK#LB`>
zu8tZ+4wfHVBR-t@Lb4&cI;XePWbHn9JVl}GJ554L#$MH-DNci}GzIjaa<xm8-(Xq^
z>h+!8C|bHPAh=~&o4iPf4ISgs!l{`gNKfWdj^dR25c_znT#F*G<y^wbWiRyu8lHZO
zbkO98j-AjX)(id3<l>JVqwqesmczllF0tnq9h9++(SLdaf1`iw1gL*pgnt4SMn>j;
zhX13J?SH!s?EgRPh9h;!ND_9K?w6V}M?DX#u@voD6e(3zK_F;#vr+vqTKG}ITF<ea
zSdx{2Cx;muGW~%VQ`RjD@f1GI*lJc&%`fM7we<6`+X*>f#d;zBFO9E9?WdEow~>jX
zH|>wFDkf>iuBOtLrIGOkPNnTStFX`Uc4ir<tqwNDdU5gQxTmw1g(n{&-3PdB&gHHj
z1>P4qb;T{;4?DpXo;K)rFgk!?c3HQ&s(K1TeFPN`*t)u712NA0zDWD2nHPMSt*=L)
zBWM!cpttUfHIDYQ0wktjP;mXWt=a-Vv5-DB(PSY8`Ldx9QP;1_v-t$(K~c68Iy>uY
z-^<|RhuM^7n$?CHo>$gIRX|DHx>=s!NON+SDn&U|Jw@jGz?<+Yhv$-cRa9|s<4p3%
zwsikok}Z@*GZJ1onPGhEyvuYM<{cmpM9?Jo_sK$%gtb1t^wBIMmHNHJwMN&7V#`aC
ztj~!?<b#y9if6E5m`44;dQ(mwZ4<}gi6*L4gqsE3Jj@^?UEalsq+KzUgw!pPxJKlS
zEfz25r`zMV-qayb*Xjl5yMZZa+Ge|n6nlj8-O&$fteKk!**fa+jhUp-nWPckH%iB6
zAhKO0U64+O?;fooKW%T9Ok_5*<NyVw^CXYrA{L5h3Cj|+XoWv0Nd*d}i`1mWg62w8
z?Ro!ZEo(1pr)VGYiyt<5h|a2QGJN5f-1{=-iHApsvp6q5m~=2AZFp6d#^pRNba?N@
zP2Z`5iSHy{Ho-N(cGkEaj`U4=YwaPC421Xk?o2FB30P06j4^2Q>Q@_S&;_5|@L8g6
zJRCFc<(}n(;COfZ6s>l`GBC2)jADFh4{u+5TdyQE;oX7-?su8pOecw@8Io?07Bw!a
zS8dviFrm|q{o=|6SoC3ohD}^G0ZZp@j}Gj*@W>F8n9jgNKvT)~swmLMdRRjMZgU?U
zuDiPIT6Hz;_GHi?un~nmb;q>jSo-Ka3WSCy|4~zTtx56o(<{1lOy4!oorGRxbKEW{
zGhn-7a4$A4Gv*ICr0nV8yjVqEPb!UT%@(5!l`Kn=%Ga8QxgdVH5a=(acC`FXinMY=
zgglji6Y8?og*OP$d(qQFvDMw70^4T~_NK|@@uwLtKM36YB@j!;l_RF38DebH*MG7J
z*hcA~|GWqmYP`ACOfz#$r=`(0aR4{}XH$8s06FYa`EeAIg2NwUu4^1JnT89{gg3xQ
zMz0T&9{iq)T&eyv2-1|x$pEo@MQLd*RG~eVl%kEaICKg$-OcR{V8LDhvOy~oIyecK
z5~+L_QS)F!8LDsCS}^lh9y{b-Umd(_LpF(VeF5T6r6~HJv|{V@Y+y)Rq|v}X2VC7I
z?6j>NXuPo%pPFz3wvl%@qFPofv0Zw&am3vabY`h)E1=B_6I5E1%~%QuOoAF+qPUDf
z;nb>;s&&;4-aPFpvu8}9H@Y2or=)g=Bqj_@mnSEhjW3<F-ZSBupFWWxBs0hu^8oB8
zp?#a@u7q8u9<>DS)W8Bj-@4|Z6Qy2z7@(_OnLhyw@3N|9yu{oeoG~f~rQjHYzhDTi
zW9&9t-PI1JuU5E=Z_>OzLNaQf<8DfhlA<5dhBrBq+dXJ!nndQckr6yX6Z{NP3yt0a
z-OdNxth#WML$l%Lxz@c|-Te}|-{G;e?S<kg)c}*7Ah}-7H*@eHVXW^@^{O~U`*EG3
ziQp_r-L;xHs#lhemAT!OGJn$)BhNODxLu*Z4?jT!Z~ZWcQ>+efwuTL;NaKxrBO=)c
z3nz`Zg+8Ej9fB#^dA7$Y7|3(2#U<t8wWey!O0>>F7rGp|@&q^niGG7a!~B5VR<?}%
zyX^i?*8V4@GqNyn{C9e1W&B_1o%J7o`QN$8|LHa}5-@Twu(SP7Z~4j#QVnM$-AwsK
zs~3kCeP9w`VSph_A0)691PO}P9s?3rOo)jXyHAW6hYP@7ECpGFgDoZCQ0zW9yK^;y
zRI_<sIJ#<ewL|AX`*PJ?rP8X=#bswb<;EGwK*y_dtHorsr@|8qp}t|Pd+Oy`({*7<
z`A7a~Mfc}tMHf~<SJoHAd=9`MzSi5dO!GDwjUY%z6e6?v=IS6?S>2^fS5z!<b$zSZ
z^M+m48#+H|ho~sWW}~U+N$xiJhR`Ue`GNZ?UhdU*vshY`;sty5w>URIz}%OGS#GF{
z$;Wj!c1%SRb>0`XS<Ti`6R#3UD`?PteSUTWx6`ke9ZMOiye$ChZstbr`v<v^AAc8o
zq2pXv*Qe)T`C}F#>I#VN4)S?x`uA5Ivrt5ZBmkHJX*yaZ<)W!tsA7pKaWSd+^GC30
zGp52HmDGDSkc(0+Ud8F|)lkyWM{vi9Q>yU};I%?-lCn)U24C*4o*xcKmixlj1#&{|
zmprVZOq*OEk9WgINR8;qh4r(Cg&zIRN%dZbg~X%^6+uxA)-Mnb<S!uJP^>v-Gh`1e
z-Uyk(k2&vCEWh}7-c!g%z|$Wn*1Rh-(#7XOlU_U#*F0hhDZ;K>9`F}wyOZ%3@Y|q$
zrY`^O-mz9N)WWKVLv2~xJb{)%<5#k{Zml<KCmddYFOx#xSyTG)C`DB%e(>XW#S-AA
z0+>f<KZx7c65U@l1KI)ObFQ-=W;m#M=yw<z!P7v#<XHaknS$Hg--Y8}=kNcu{(Nfq
z`w*<)iNe~SGObQQ&4M;!V%Gv%C*Bm>?TFpzABMsj4}~N*>1wKUJBh2G?I-LP^aqH%
z`FCyxf8*#r2hiA-kPl3C%r7Wp!+A!~u30c<Mr8@sERd0snJrQk2N*MGgeeXtjSrvW
z7If8%EP7P%;LuyF$W%jyjUGCAMtSKIq){t|OZ0?IIu{go+k-$B3(6n$Bp6kVdbI6y
z_`63Z)}W#4yxvtp1rJ@qM%%!@R4~WD1I3<}SvhrN6CDKSCi?~CDiiY2I6MKka+8iq
zATF^dm^!^*DF75GxFU?hMjLokV#4T1kCqaAV0H*iHo1ji&#hDc5jMgUTyGIEA~i}Z
z785=)XvPQG%M<nd1&FBWLvPR!R%I!0*!Bydd7@Z#PSDvcw3KTT5DT_t^3+LTzAO`e
zKa`CH3p!sSxEfhkYlkBtN$spWiewnjjD!)AKwJid03_QfR_|(sp^9PsoRk=5{#3x9
zjL44F-6gC)9<9u+Lcr0FaYpa&&rQs<D4|~D(xiekma>v^goQXv_b(J7BCh^e8XRmc
zuJL?pS|96GWH{{|ih4o<48h8l_AWuGsy{nG1Q<{`DK0rQfB#WO@9&nbJ`oxrt)Y{0
zsOm2rclVyfpczp%_sfB_gp3aeU(ys=`Z_dN-iIvxE;F!qoPk&{qyWc4DtKoxXH{<0
z1fB50YM@zLlJzUR_r$``!JDt*qNtr%Om?pcWfpyo!JY<y0LYD#SW#`(1WDEri5kkb
z``~fIXVY<t69NVAm$)lNe_`}>&XMhI&#P@+m*-$29D|}Rdy>{{(5`<4*_)MRgkeAh
zJ|>L%rN!rBbS=aR=19n!<<Tz+D8mp#<yYjvBtSMJumzZxLxFA0*8`Q8J>w}HyT207
z7p_xld}ev#*crA#U$C*LsB)fNij>sbuL(yu0-ZZQ*)zxhX5{w<DbCApiOOzyn8$Az
zibw_?=1Y0$`zw`{cIk-O>-c#@mzEftl?@N9z%;=Gi<W{nySq&@vlJ}BIjgqZE;cdt
z=JM^MSjK>fR2SpY`-_krD>dZHu+;R#(8$8>;3X6Y29Ic;J7EVhX1vo2O~inJ!J5!=
z&Lg~N#>qenj*P9uK`=qZ+@Q26?1vLfl!!7sUM*6X1H#oJw!0#!>IH6}$3)jhWL>9?
z#mzSBgb0z_u-hjP7Xqz=!P@J27cL&pv7H!-LA>feX+W6Jgw)v(rTJr!O>gh}FG-Yd
zyn<JHG>gDv@{)Da2&nprF4l4^12}%3D99^P(YLnM$2&7QMBCRFrJROBDATQfCdHqE
z0PP{1?9qD&Pt#LTV~=DV3Fa^hfehF?#(54F>=Fn*6r7Ms36a*@5z(RBGYJwxWU~Y`
zG%E-UyT6_1qpdBQ$jZmO>^=XPK{n%nms+Bn!<NQl+DJA3OaN|Z32{qVpp~zLits@4
z5&5z;2Yhf;VY^4L=yhFLfYP06Neo7ROQFI-37B5nojaSLRVEqs9}OC$#O6%u<L9Z+
z#$r3#xd8*-1!KpBZKiKim~w`_TMroqp2iMrgJ9%9mANyf;&>%yt>-B>KndgVhfbxN
zHIVP#IA!z5?=6pLoM~w=&+RD``ay@KKzwVi_jso*)@cJS&Ig~q0L>;sWP>7<HKh_~
z*~(Waawv!AylNqKq&y^8UjW24aW1F308|m6VJn+o(~jEhm-gB0Y#NL2uS(zDc57-g
zKYt@rVzf6eXf!a`j8&k*Api+K68f&ain<cV_Ed9>4Uu1^X{OQ)q_yf;a9MZRE)kbY
z!=9AdUx`j*r64@(6PK8`RdifXX_Z%0lp7-^4&4N8KI{(|3Ko@BNg)Tuq%AoV@~Ml~
z*NN4M!5i2aZqqJ2($F=iw(YYd_eK3m)#Pi3wagLsoeP%TCCZAuc|1e^O$`4{@h<#`
zF8iCG`#tq+ZifI&*^h~HHVDz_F07XP$QoIKC(#MbyiQ{RGo2YDdmf%D@s_gqiMDUo
zi4zn3LaC%9DRAu#4PB+xZjGGIYcn|A2HnPf&jTH7E2^#bw4dBO(N%vsI38M70U~a?
z#44ehcYX<2)ln8+YA05)RZ_SoZ%cN#t=v^!&!W=6a-kF%6}h(cdOsk+z)(JAMDdcA
zMI!-v4QTX1DJQCOzW^yD60BM?LtQC^^Cm(X**zdGwZ+R_PaHb2b@2vXnzEmCyci`V
zmD~?bX-@f);)6#*1e$@|Xk&(By2JrG1aaQ&#(<;i4(7xO)^ZZFg#t8izS!umfma_m
zhn%TyP?vlvuQ8vu%VEr8Jk~6X(H9Eth4E&m-VLw&yvMk1bEmJb($yb&ut2tOMfjlo
z@ZAwp9uR>3$(#a;rpzcW$EZ&QEv4keMX0Hi+;45q412A)ncJ#fMZPqE^W=4{ACLnF
zU#LL(CvB=iQ<=U@N7=hXVY|vr>@FxknSusNG}%D5sw>hv?hA6FzHs4(1OvysNyG|u
zf<g^?qD-CX8qYToA8~DTCWnBIl7>N@b~LfB7s{h~dWk2E<ZwqX&Z5)l^%g!ST=aL1
zrS2jst?i?`;LmZ?g$qvS75C0&eIhM4R<_si(y60)&qg{rL{iA=$++WZ{){Z`$44o?
zcL$)?Jlr%-c_-|0FBJ%mX_o1N+`OGfJL4W*j%F{0lqm?qykffAteNC3@OYn8U+UU4
zhbo4wI%ho!EtWLoi$J@}ER~Ta@#I+AJ*PQip8aNMNBQ%`nL+RUE#GCq>4B4eyWxdX
zyh8+^mjjwtbNTaNO%=-Vh*4X~@OJUV>sW__rbWP23}?yk@Nl)(2+43Xv$}LUanm3#
z*B5;3AI`JvbE+}F7sJ_MpB^K)KFrJ+IqZ`f5E{k$WRHHM#=7p>I(N-hJ?}=u<@~tU
zzN--%u2V}Gl;*vT?zJxc^W<hBwIJ(DdVNHV5+9z&-SE={>*8JLrUlzN&0h2<3Q%t%
zwWa||$|z^GS-Sv4;sax1L&NC2tG_}dJ)~u+Xd)FI;Elpew~;|g2wH4J`mF#CoFAoF
zVrHuh<zh_DeB4_Aoa?lE0LQc2y9Kwo-}?j?h4X58i-g0m<L?fBjN_It4=67+rkQDw
zTDfo{i0M<#cL!9F2IMM8q9-({{p*REdgVqAzC2x6G6s~*lixGQSe0BSca(&T3&{~l
zy$W{al<h*pxl$+;cAmf}I8bLeu@413J&bD$4aq^hz#%zf%i-fUzt_)KJh%^|^9t~Y
z@9M|tv-AosLnm^y!3VwW$aL&T&iB;IZAjlow=eaYeini%J}_^)TuWSDzj~VZJS_35
zQt%L#Hm#5eSb1HJGWphkUAgJ}bcv(r1g2v^zcp9zV;~#h)yT0T+cuhh#@6c5Z~%57
zm(hWPou1idajKbEkRJyt+yi_6;uph9mGq#YIgOT`vtpkm_lGT&^vv}B!gx*jbp)N+
zqkFIDqt5crRyF95j?ctmN4$Xno<e8PnqP0kO+wA}q>Mh6J)4!Je1=R>ZFqZV<132<
zpEa@^k_=ZlQ*U>lg)CMy8*00L`FWna9Y-|yz#ABOj12c(rp#w0GQQ(}pv>mw;6)Y&
zLZZxP1oDpT-WJMf!EG!BZ=P@jZXOL_gow=NL#&zZNmlDb_(gVWz`h@BNSl~E`5D6n
zMMUYXD#fP{lx=>Q*ZBQcEX53G#AyMpebQbb2K=M5mI-nWAuiC$QCniXDB!D%xe)n@
zw3)-QRm_~fpLCv(n4?FcL2>x8;^@3NSInRbO-ZBI`pOYTE%$J*VvhLwoSKyR7UPzf
z;ouf!^T{+wLzQapiN47}^&pEk;mnd;{g1>RVr8ml%UGYZ9r9vP>2T{x<}likA$*-0
zgWg&|Ur--n6<(p{-By9vp>M`=vlQ<}{q$?YvRJ+W@W*!kK(6DSGp4`5a61FH`zwMC
zagLe4_tCFs{iF#J=mkDq7ms#oT5{>C<+LfX$npJ$qp~F`>1Hxs-YKi*G%dOXFf&}X
zHX5=-N#k{Z!BD?x1Nn58YAeYMs^0^gOiW!+8|f&4bm+`b*HL?WmvdGn8_c`<Jn324
zEiJ3E>mnWVIY<ZMb)HO3V8AYW05-$guQ)zvf0i&H!5|Q&fUpI)(@c0pJ+gYwVTE$?
zqu(L{zV!io>HT6sYDxW20Y7a3bfI?d0QhiwTR`kM{Qdy7Qur|gzamF~F1}$jNA!~p
zGXZQt%IVV{jTiNDL<;ZxmWO2=epOQlb)7Ci1WFr&*F)(gk<PZ2_3WMnFoMzkf}UcT
zN@U80*36V@uI~*ddo>sGXGLzVhjNQ*uK(r!{mbL$mC#!!;wP@3zj`^za=gvG80Rrs
z+@g}Ts9gcGFaiCsBtfZO+}^`dyb!*o(Mc`sH;ODJ#y;qLGofu|+yISSxdG&~fg|1l
zrHdwWW!yF@`do!X6<Z)-J-(<as~cSQINg&dzSauElbN(Pp^w{Eeuv5)tO%}T_s?*G
z-gkk)@7uQAD#vw2bXtp%qlG==;NZwjdR~?Gvf5ggqldYN=s#iFGCcz{%2^^~r;i6z
zHfq47vVApk=P)M;_Vq_}!&VF!un>RZnZhOKvA{tC*NaUSC5jG{^cW<V82_*qqY2&R
z@%?<G(3I>(px}rRCIX{==(|vELdOZpYIn+wM-QOMqY-=<D-H#pNR|#8MHgq%mY<PE
zTq@C{SV%&$FiWmpE`rJlBp%{J<m9E2t%%Cni$mfFK~)XX>pL2y_#6lvG=Z~kCa8Ul
zQ~Ug!qiX+txiXYV%9ODQ7qu+0sjk)la^z+BN)ZAsjS_Jym(xl3kfU>yzHVx>ZnF}X
zk)GbhVH+`H+)m0g9GjY=tly=9X47bN(Y~(N5>3nu>;z+HtF!S}Es7VnT}qdn?<Bv3
zDk@)TG*hGfgScoCoOd9BvW`4z#Yl$j;LreE9krl+9cVLb&4EFoM4Gj1gfBeyHYViY
zT`!cV#h@NWkG>xn>{f{&JI~aE@DQw^11CD()!t;juN)>~E2U+Tffe}G6vac~(+T{g
zQklL)pjK{W0pzF+?Bc1HWi(%BMIWq6zMLbAC2N2dFWd`I73%d$c_Jxu%wkmzGF+Z$
zF~fWS^Dy9*HS=o#K14zRS!_H|!u<CO26W<4r>7uZ5moKh3?CK}b#pOu93aEW%T7m(
zZW$a1%+F(C_eRI}Ugpd7=aVj7Pw}!s90Ej9PM7UW-E(9p{x<vGy?RfGub0YYWF=>_
zsrzA0Gq{dZCRAaEuiX!OGu_pWeAmY}Zt0GH5ZIDb&j6f|%7GyC96!{G>2{UU`J%J>
ziZP?Q&y9q&+=SWEwtlu~>4Rg4kt$Q-AerNU44nBaX6y&wvTyEs<%AL()M)aFg((Iz
z8|5S=<yv64kc|N~b6jZVLv37W{(R%_7-UPbaUlBmEcoXLdxqmWMzw%Q<eG)R=B(Ew
zq5a=fjfCWWviXf?6S04unq2nPH9R${`1Q?!9_Y(ClFimZFmekg`^@g0wW>m74=nqZ
z1=q~rn_L)P4BmLol92?Us1hEmW?NP$M52IP7(8$Gr?K%Mw_dqitT&a~>BKu2ET7u&
zx13$whx<?I>9^Z0-li`i|6F%_+MW16Jjp)NsVn956hHU2bfY@sII-^<Pk^yiK?bBM
z^|?H8X8A>lp*$xlwxSKm?gDWJWKJHgdXGhoOucqu=CU1dPrafsUo#)nVwz^u4Mm}v
zaKtM{9GGw<W!gt#u4LBf4I7%!WZa3bA5LPV-;r1YZCTZG5^D0r&BPo@E1+>*hvAO%
zcb)s=`0_cvQmEncTYg%)YZ9&{chyqc`fIO6Z6kL7nZ0-nRSOO_My1lOr;{8Zt94l(
zsfXkmvLiqww}7q0n?AtVN6Z`~60Om5hJ+_OM^b+X6ss+O8}4sr8mUyPHQ0`bN7ZdK
zn2XqH+&@s+v>tk5bbDibZ<m@IG51dR`$jnuh<3#kusAMcs#79u4I6!c#KKE~h*?1(
z1ZGkE!3YHsgQwJg;9`JFhq<5|*84@px+YnR?T|iniFS2T!zf8EWLb~wn7&ft6A`&l
z^F(go`3OwkF{$S2z4-CALt<+a`L?yN>nc7P(f}Gt49UH?S}~{+m2OmdQ0vc1dhtkV
z*ZZ0smnTEP2n!vy5F_)W!2qmg3>4?0CYKHyE~*&r?DWn|2uKwo+@)gyD==ioOuf1W
zH|*gU5SK7Je(S=KbTHwfWjpfbGP(BmF6%TNFmj_^y%yo(w;TX+UpF71aid+T8K`^k
zgDxq`@dZ1eFlPRc93`#hebzrRR)4uIQ*@0k3(I;l--x_D(uhT4B;KIin@>yill}@U
z4A;;3c|FkOdpa95+SuO9fA)T<pZUGhaVzKqRNDQC*6fS-ec?#2xAG9ni|&m*wnMrN
zyhYzD`qlyR^4mKVV&;p^em!*OY0n<N`L(t`bRy5b6#nJSZZ#C!t93jy(u-puG#iEX
zo#A1`C)4cP_rZCeoOy?oKrqZZH|;@tAKojmcG@e^jULPVk(G_T<)|tu1lxPQrH$LR
z<4jM7HVEuqx<LONy-I{Rbh_~O7<u?Ik---N1Io~&Z8y&<c^ZzZ8OU^XTi`?s|6w<9
z9hcn0VWNyG?Ms}VT%4XS!X)pPpWvPX16DBl83%5S;hqZ#4oJ(ZKj}h!BIofCcvtI0
zB(RRv?LK?gt2%vmuF$f(J!r73;wv@Es??YSX}c+9!=QUiJ#G;X9n_pvm&IrrqwSfY
zuD@Z$E~vw^JFo$mnjHWeJAWn6V!8K(`L7t=Hl;D6dXdZQOLLbj<&t}~iPHN&Z-t#g
znHd@5r-VcfFawlgOwyCS@NZUDE|R&zCwO@g1R}k6u`a<;H~6I`<hCc=@1-_SRjldD
zA-B>kJ8mz)p(#GnZSPH?-|wn(su^tVMaasiSyd$(zARq*^0aT)Iyl->-?*>A@TmDm
zlWB1VXh^L{$dm~Yb<+@(8}pw=s$)R)8#YRomLm&v#f;`8<??VD5uip7^=F&|7xi}y
zYptZ%g_qY>qS@KkZJFqCeqS{70^egb5HO{Vk|Cf~3wrkI7_6FB8Yc2(X+bdiTI!JD
zq?nKp7rZ?6lsM4fT>*U;_h6ls!B0?rk8~ZZf?|1X^?fP<NUb2F*~nDrI~H~fEgB%u
zeO?yg^mQmOR5%=Sb^BhVeCpvhm4m>^tu;uY)b_tft1AXYk~tcXG^y$ekaVjDQ>pIM
zNWu0Ol3r8V29ZcB26L76T`BKgwf1j2`6f&fb7Byu@H81?3HXWx%wHuY?VMJ{sSZS_
z3dP8svSi9SkXn@Xy(GBUJK1!P7Ww&MX1>|%KnbN&M~-GEwKH~g%wq5#Mojt41}JSU
z7odG`BufG5hOQ&ZUrzm{j&~&Z_>j*9^a<U7#(d4mZxa$a9Bv<kM>pRk?3D@WNJLE-
zH7v5*TItYF?&YS4N{&e&h?Q(q44*&9DkY^QjT6dBS@KOzr)2ruemO*&)BW}qB`o%i
zEDlH_8FJC&ov*<_Lzg=te5_0Ykk}52U971dddCJU=y`t{y|9G0qP^K%=y_9mvDU2J
z|178rg`LKCwcTzkb{y*-;N9^gb-O0*tYjOBpTp$5JN~xYZhk@)dVe2|`dDY%X)zWt
zv_9FDwb<_10}uW1h!yDwSgBceDKHlYT#FU$drP6*h)1nLzE8xPbFiR(fRHi3Q&Gof
zgDVFKgmSd1mu4-RLASy{3YlQ@nh(*m!pNA%8csDl_r7jGm(wfA+gG3oj|{#6a+oBJ
z57cIJwzTD7Ej{Mu<+mDhwlRlYo%pkMlWa^6rSxrC*1jp@TPT|QsG8GRxF+{a>0oh+
z|G@LSdoIoFdyA|s;%gWhr}4dEGG6HN`_EjHJyF!Lj)^j+jIxdBA50E+N(6;ILsQ#d
zO_S<}N}a#HCD7CXO!fWL<|5$$s=?NkZ=ZpxLuP?H5w?efUG3Ut&9j2}jqr>w*2t4p
zl*OJh&RL&y&0Ngr$S);nWIk!mIJW?|WR1;f%s_>?9T?;MN(!SHWI{~ndm)xXaP8A`
z!zN<m;WX5a6$*ReFK8rw@h4tD<-G}1Q^%uu6RjwVMH+sU$x|;U#G^n0tOt7@a*4tn
z!?sNm@IK5qWQ$0uC2Oe?fWHNkR#D4Cb%<2|$-}$&9j#*$de{zzO2Ibq1fo>IL9>Ef
zC(1~+k|-B`FVa>mvNc|&wPJ3ml<lA$8+YcV{9E(4?nrbz13uhS@avWK)`ut8`ufM~
z@7I9OPcI*LP0KLdg{8HnmLBeYRhK6x*QcO&u6C}6*P{-XyQJpSoA5_bk7v<-cduWb
zs<NgWjnob)H>XFxymVzLaMp0o*T!6%eC$oV%9tl_;I2+uMDl8yW461+;KLT@#%yCB
zAA@(h3VTWm**EL5<z9}5e($B$n6Dz3U+kcsr*F8^@rRno7&;b}royyS(DU=hq)9*K
zQgLVDam!)zc;9Y@5mCT|7BfHza)UHol|effewBqPGyy05j_p<SyFZ&MJOZ#SZnX4k
zM$X~Oy9vp0Q-Z9*D@$Y&{!M`5o@9x>`B~}XX-*Av1JU`SAP!*+tOw~!o@{|0(aH?4
zE_gOp=G}P1Fnbf?3cn6nOBZ)48z1$!D$XkKz7Bt5os==UBsy|gI4`boo`<tR8Du7D
zaU<~Mq|zm@0Jy5Q)5VbK?wGGo4fqPiCB)x5iqkE1zxn5kWP1kPkWG=(^MF|!<US5H
zYvvA=_X~ab1D}2_)m}+{+}mlB&8!A^T!qWz5Z*$%{u-{LR4vvh>#EUIVFPwmTM1nM
z9CnbO>nQz2aEEd0GNeBCxhXq_<PO1i3${ywd5ui7m+yS%YSDp<f;`@ow)3UW6ZnXb
z`qr>9?s-S{E6dFXzc@D>rpn312yf%eL%8gEz$s*F(c|SWY8iVCJc@+k=ZW9-0I)$e
zV_z-vVAS@*QVnpl0b2-OJ*zH@GcTnYxo8_#O#H}|1fih@uAv@ov0EPGO#b8yKzgA8
zd}IMt12!s35$>!DjP)nP6E>I)AnNfKUj6&L#*FR;MrU?&yI?b&#N03QAL8yrTF*+`
z6ny7V#HL&g9CbyeVV~X8*a@M=7S|NrrwOd{bkfp8*AB`q62f@vRI96Oha00{63bQT
zd~X&9@T0kPz@F53XMY^V*l6`fbj!-rm{o8#go3VzTc^>4r%{#PyMrsF7q-P3Tez|A
zomN$Yw(Dg*gKnlg2HzC=ocoV*@aLsm5F^g3BF3@i#3iMe(N?7%X>+M0;@iqqM&GN<
z@dory=ROpMIygXD^w~q7-Rym%9jC2b4a@GL5Azk1(fJB2@dXO(ONOC1Bj3E#lZs+t
z%ZBj`Y;<er{SGpMkEj_fEA&x{FO&82nAtvUJ}zVO<?vH6k<49A^D3@5zf4Ha2(jzk
z@wI>G+D)GnJhSeK)x0v}tDw!e%SWCUk_nI+M@(s=IXBh~xzi3im@$<m(P~Vzb=gkV
zQW_G@O~20*lnID00o{V0@isn+?zoS(>K`JK&jnRY^y<1j&-g^|;~5g3_qqhguh1W?
zzay<lmU9nF5#4e79eEg*cRrU=SjeXGVuypf)w^*u|IDIlbhqpJs24??y-XC`xKtdi
zUURFGnTrm_q)eV$BVS@n<ZDMn%o>btp#7RwhPv@GlWb#_<!yl*Cu(f~JO<7fDnr1-
z%R#DLW_q7|l*qwyKUST#acPXX0vQzg#qvJ&(rbgoEX4GpW8shM;B}UIU<6_^IdLoI
zl_DI$Z|obh2c$a6=PFA!W5IcG8svbzRBP1n)fhF(M>l0p`&5W+tW{%WeN{hLb=Q@9
zYgObTbv!3aTdbRs_j?<&x|sPo`6XjC*SPx0-rIE{ZAbE85QwV9=%~X~r2I_>H=)Zq
zweun9j1OZ1P)znKNi#yH;XvC6ZU=n?o^pe{S%$)83<tV=Nf=<6aKI+Y@p1lij(mVb
z`)SnY`()87OagC$m&ie9R5xF<{^c)SB1}?cQ>vxU8R0a>IUbtS9VoHN4b9*1;VRet
z)zI2s?`&Pl=p6DVSF|(Ok%wN$8C5eFuif)$*i}KNc@JVswkFv-vG<#&J!(|mlnf}O
zJXK<O-afeLQQi`A&gac-8*yTTi=vy@CilS^G2v-W(3INTt6HYrM1<lDrcvP8*&O7a
z{-^zW!8!2o?~_=ECDuJc8f2#@-%z0c!bQ>j5v^Bz<uaxGcxS(yVt3kMumk>x>;Zk<
z_LjT64lz(gN8#p9%zomgzcF%g!Mn77eA28ex8}|>yYeHNx3Ry+U7fwQfN!i1c{bfB
z-B4Hc^brno`VB@jLTnfxi5NXwElcOwj2nsQ)rsq9AH+1z*E*tqBi&s$f4vP4KL9~w
zN`*W_`57`&d#jqh&2)bO`vMMt@}0_AY_-MVa~Rd<i<JYu=MI6lCnZRl@9|mHZ*Z2q
zU!VnPd***(ogE`IbFV(n9ZrpH%<pwcw=5e*gUqJ7W_x4&`GRNs<(j4U)smYRMlR#l
zFiy7}2pPTCz4=-1{Id5E6903pFVN8AdCA}|4e{3dbaxZ~^AZ^KV@mB*ovI`Jjh;`(
z16=?;BVhkY{7DF~jo;X@ja{V8&$ll|TEN3;(3}#THJ}s|d}38@d;(VYb3%Q;1wY`p
zXME`E9(K3G7WDahkCSQey@$8x7Je(hj2sw`3xBW5*4QL@%L(DF$6aoZA0XC_K~BrX
z?r#V;fQKji{Y$RLS?-|c$Rzp4qzpQcwAi?R7sxl=v5vKP(1Nx(Bcd`y=udNRM(t?D
zcuPGX^>~8`?O$Ag;qdhd`YQw`mT$pO%=OGYwXYYm>5%_UuAEgvC4Z4<(oETEm6V{X
zTS|b;5z_$q6J6bkK@ZrHK?x%RHUcEDZ-~i)TxOxT43~@AbRiuDZL9x2>;Ce-@_zC@
z%AuR5Yg0W(!G@MS8G9UgT=~d~ld6V(u%H}niM0}83S%2vH7xkMT|Q-p0PXcc*!jyj
zni#{E96~OhlP5wxu#AIeymvyW?WlcN-irKG@I(>9kYu?DW*ZGhe-;W6AB`6qdrVSo
zhvGi;H|OFkNB=HrpPrnSmg<gJS->|7qtti&f`En`4MFmOxu6m`ojN@iFZHKtNAt7I
z)zw7@5Jy54!OtxtiHT>0$-td*N1F4~u;u8@P3BV8FTk0w^e6-yMBnrB{^aOs0{2fJ
zMv+OtWI#y7ikg}pUzHXG&IEx+wH|$u?6Nfg*)QjU0pMu#e0d<)DpOFQAF%rz1fhQe
z0R4;W`3C^vWc;51(0@^%f2&EA-0h6%MQv@IgpC~y9n9^VZ2wl1{%y+WTN~303I4NC
zE1B6k*cj<s84F4)LH$!}YU)V9@;CT<nvjsKn<gzI8yf*FGXom|BLf5bKRXs}dT}Rx
zD|16Z8&fM|0tP60K}SPl8z%w|PDUvDe=hY;gO-Vr4T}DkzMYt{xv81cza~P_D>@ll
zs}OMfo%7EH{ua0zGZFj?SyK3mAN?1i%F6P;7$#;$rvHy}SnYUe+du}GkefGDPM6S#
zpcEf5i1Na!L4ACz4fwq9vpCT(Al};>^o=dDD*z9xo|*#=adlkk73ncc3@O+|D{fQZ
zr~z7xIP_K*nNy|pX{nd6?-JWiv4WPI5y<!Pre8UchqTMXl#>qjwF97d!uLotLDSkt
z`-PQ;T05OT0eG7v$rMoL`O)4vSU;POadDRFYiide?wGW`0WWKTQk2U)5tuYl-HZrW
zuAuSM%A=oNbRZlbH6<@rZH>nbkn$CUO65-#VOdDF&!g1)RYE$BKA~BRrlZ))MWdSg
zR?(dYJZCSHN&E<<ix2TnPBvq_toQM4!hCfveqP63ol4cH50L36Gqt7NGd&{5Z>kw7
zc0IJ!z&jVFQ}dfbVbmqRi?{YwxWRjFuEAsJ-n#*RnWq;0J6W;*-@E_c0-{%RHgNh!
zO-c^V#{cRS(swle=NbM#bY$+}==94>-{Bv5Na_D)%*Y8vuWD}OWag;J&dyH2_E%X<
ze~+vT4FB3#SeOZznVAXL82_XF&lnTy-<Xw+;GeO7+W#E?o)7h}Ie+{AYp(WxDC++T
zoq+XUMbuFAO18>2=KmB=6Z}h83Q+%3Y5yCBX8nJ`(Em-#F|#vqu>4P2?y}3<OKE6{
zgU|H1`*M4$%kzacb1K1z-5)`XfY4t6WU2}TE002<NEj9pODKQ{5GW!k0EmbHG~N$F
z*@9B}u}>Kxke;;}qFbp?!n{hk>_(-0G4vg5&1+_IOS?bw>VYSB2mde2dwIN_&Fy$R
zna<2?I-SMoxWHsNjj~S?2|;}9yg<(WTh`~(Q)u)C0`SJ!QIm+7u5BT7uP~@gmz_m6
zo9~6Zr!^YkBlot=@f`L6D`eI-hkP(_1~w48RH~YPTdyo=(~2ObUNmYot2LTmb<go-
z_>7jl2a9ri-~=1NbPbldI@9XY`b0Hoa^vqumvpX|;{%_2ozy68@+(f8{rw}Q?3RK?
z?2OynwOI~hhcWNjmiTDJjGM<pCFK<U({|#oQQ7RET9qi^&wF^j!2VpyL?e-=HP+CD
z;ttr@l@oX)5awU%dp2vFZSiJ0J}-EnywILcF;8b3HD#^7;%9#T#(`j|x-3SgL#aw>
zI~`7HN4JPOHCUV$kMP5BKf(BK0FZm$j6Jy@@trDOC%;Q?J`>Fj^(Q5fI=)L$RufVm
z`9&JDqKHLLq_erXViT*1Vph3o&Nk=YST9SD(y)Xgnx^T+^I0@Aq|dop;&u$Iu-)T6
z!P{bQH7<KEPQr}gzwb|U<BfrCfQ^{9*%LkQrVX19oNt1|{H#rRd}4M$zQ6Z)@-l~B
zU_Y-39`fV0L`<B-yFzIQ*lR5rk~ZE{J7rHd>Gsj%${|)Fk}3x^rZ2Um@$w2sfl^{Q
zRlZzTpM7(GK0bF&e)xV~-hM{N?+DbTQxamwDC*Os2o?1RV3ZEVM=-d>yhiS8+|OF$
zl~c8NoJK{C0>P7EapW}Sds@qMclheIyP!PL9#3;}(W4KKja;EkgP8&`0efaH7&qG|
z&So#!l;cT7{U7}&-HvO+2TF&24V>>!e~x<*Bf09hcuC1;xed&D$rd%1wc8?5(T(g6
zvU6SIbKfx<z*Wak*EI;zMK<6Kqsve7kl|qBrF!h@ewU3s-Syie7rqVe*>QDYJq$L4
zNJohd*slZsh#DY$M`z%a$6^~Y@?kX_hz^gfhJRXIc)2o&CiKl&bjD_4%!u=<sOH9s
zEdp_E%n&^=sp<0^!@&NDLjExve6z^{;aI)vBasOihBg!n^C$F=Mj7h+5yA1YhlmnP
zn4t+U<>q?j;la@1r}cI7Ms{fIzGjh))x?PwRS{N+$~>hU$|LY_`W&Jr<2#-WIfBnD
zC?*~?%m6mT(GQRZiD%&lo0b#+DRX=kiIq2SBn0lt+THuiKx0>3)+gve;tZwiUZAwj
zzH)VuCQ744y;mpvv)IZ+Q>|enoUwm=$f1tuUMc$#!My?FV68o=o~z6MmJx2xh6#vA
zTsd+(e0OJ4IHD6QuZE)I9F4fWo4h}qNzc^DSPzuTX@$G}K<(a;i>SN9Q5@rnQZ`XD
z$nsGeK2dPB*NW~NI>KA``hs}*(b9=Oyn22v^?v|FK)b)BY{l?=M24`#r(Mc<UX*SZ
z(cMPY3+|gMCr9FouAOFeuE}?%I(T%25qEwWMfPI@U`~-S$*KCfX`G^IlX)$MPm8Qr
zIYrduPC+?#$jI<%mHgrvv3rv%G51vyhd1UAKV2Z!3j?gj*?FVUcqqm*u2?aglQ_8^
zskcbRgwyo%P9Kf|(lab>ju$^<ykIewXil!IPDUjGuHxBvN?m1jb<}EB1dXdbmdX9{
zBP%#YwMX0^GopJjt-Wub(c>l#uMCUY$LX+%7az+EAH(qIvFT{YM3@yt$HEqmM*lE>
z^c7YkH>PfN<E;@&(+!KDNqB+v)y(j#7#@*7qHe{C5&4l3E9zEEZtGlhZGObaU-6jJ
zxuSV^T|^9R!1$+DhT|jdtd1LXjc^e*GVe|!#*L2quDF^v&xlClWJ?-U<VOdGqn_#%
z%-9PhCkGOCXzbS3Kw4pZhSWJx=!7F9xCCj#fgg?=gZW5ATCSXk9sN4dDa8#3zz-39
zm=6V3-D7yu50fkkM^jyfi?%D0v4|uZ<%48pn@O(4hxno^CR)!Ca&7o=Viv`)_3C&^
zdnzSxB~MwDN=aw0%g5Hr9R0(8(W|@m=oOxPZ=}3Pw1AMP_3`%cSjVpi$8Cd?4elE@
zk%eh8M8k}Sv=~aLq48i$WaK<SLAb)mj~vX88?m@NY+`$OXm!N!pag?-cSvG{xS7R;
z=E3}zfQw4vH{vif4jDX&py(75oCODCVmfbR_=>t@U+Y@Mq`a?hJbyhA#>mI2hAnuH
zH=oz`cS3$81#^!Pd}M{A7R0FPxX#6IT>nhmuzulT6C)^UaO_?o0+Hd7M&9u8NL{56
z3f1AR(QTba>ngd7Ly|d2IN8bZUj4624Ozuz{`<pV5e|b}@2qaT=xjER9-j`4o46o+
zOLbpDC^v-2_$7>}B-7MXkeOFzc8L_dV7&7Jsd%C2h5p4+Pt?-`Z-DFbQxVpF%9P1T
z5|P@uEhUDl_TBPgqS85LCz02h3S&&B<mMrCAv4_!9L#2C3+s#L*`dh}BkfRbhnO8g
zcCg#wt8eV^i5*_D!yY><x5Ipqj0qV3rig!9#AD`ak$Ffe=a(XNqa9YJ@LKWvKM^@!
zvBPeWyj&z>=3aIP+d&bj4~e9CsrZm64>P_clGckXNJn2gfWr<OPTJv9LCM3SI3)6V
zJB$~^U`-I>q)6Rrz9bSyi<Isn`W2C~N#t8-2U=@~%k5BX2e%!j9<jp#JH+j<+74C%
z#vZqW75}Im?zcm;NHXn^YlqK85=PDtkrg76*kKSR9JIq4J1i1uW9?8R5)KM1Yedmj
zJR*wN!LUQ89gf=JIXi3-0Cgg%LZl)Q>ZF?VXJ+a%EBTppp%jr&dq&!<)1OJHr1K}9
zjq}{{Vo*D&CM(kzb1X(Oiz>3lbhP&`hNvgs6CD_pb|(UR5+P}&^wG(X^wDPCH&<fE
z{!BhVJmf#jOVw7V(=NB_hDMMxONr?tjnrXVYB#<1DfFNZ+I<lB!Etf#^ubXdq$9WZ
zpxFm$3X!H5a6&rTt>0s$sJ)`%n76#>SpQ<KdF&xZ=h2<sj4A_lC$qcis48=haMSLt
z@veGTi%W_sS16N}nTnLlz|C?QH5k@yCNClut44irKtX<<iZv_sl$Dlb1lVVf&Z+;|
zPj~Ftx_iqWde2Quws!>O10C^4o_?56G9N2@8P<~#H<@c*u1Pqw4N6r;-Jp`CrV9)Y
zEUho@^uSRM9PvQA2jU*M-vf(0(CmR+4-gL=?~=5|18Y2Rxkx&<wPKKI>_ztPB}ElT
zcEzhGBal>vg!+~Iyn=xP%3#Qj9TWRhRP^b6$;FZvp5=i{diT8qTcy791NNX4Bi*6I
zoRz6+>awg%e^yrJx-7UU3pQ!+BW<d-Ok<f@{-~xR(^?5_jT)X-ufNsp%goBi(Nw2Q
zx@RnPnr<g(tiahsy&idKj!AOxu}4k=H41<f!0`e&S^(_@P*(tp3ZS9@Fh1GGcr8-h
z>2T<U(+`J2FL=D=<@_R<6&;6<@hcU>+kctfFSblyu-9s7b3$7HKGRR>bZ{=XbAh@*
zeIxQ-gzk=jJpy}lQ1k+wu4mgAE$`OUjgAb1l<Uv!o?DqKIb2~^%r)92*}m^s=Gfq1
zFKOV{Dz)(%BUqB?_{nZ(4T5UGexU^X8NpzN#q6GgGD;%@2Nd+|$B^yVSAy))`#0RY
z=*pTE`|o=1`S+e3@YrJ@-LP}bwDCRv^zxN2k7ebxqb@DFINWpa>KpHQq-pu2O+&}^
zFN}SE;-EWzHK;%Krg5DgNV(WP-0u69d6{cN$jmT88$!hytu}*fh<J;=lzEL->T}DW
z%3k7I>@>sJ1|ipC+02p~=)o|whha+?)`VeE7@EUS7lyH6C=Nq<a3=@Q3&{b5O@Iv`
z7+za*tO7^4h)(jjPgCYYnR_x{%9H~76rH;K*?!7M&<I9?%;^pQaf7~+OT4jms<w50
zYPy3X9qQF8brWVV8kBhJPO6CsHexYc5LNd;?va55NNEWP1fm%kr6q${0cWo&<-Yw!
zXX0J3zxxW%Q>Scuw*B^*dtLY4aMPB|N%Nqf^91xweDX=r)B9$^hK1|zT9TAC^cm!u
zL2ArGrFDQ4P~5mlE3j6#p`l16m{d%djS;VqIv$idNha(y4kLY`7r0bQ_O_y$RNb|Z
z4ln6%>YwNghhjCToJ1wSWkaA08=O8<+OJ?x{p1~6N6)={v_xCGO?wSG;*$3tn`U5Z
zj>XpWBV9S9H~Ge_%Wah;C9>gB{W+cLdZ9O?)g8zU6a|>Z0^Zh;K?++HA1p>%vvnzV
zX|~xXyO9PW8K$>eRYngaJ7#a7?R{WNA6U}|7WIMVK2X;O#`b|?5m|F)`yN|xD3%p^
zHPzVd#^J%oNX4-t-prF~k`?uqFDS}PRoAm852Ua^+&#=xf5Zq?X{bV(e%(`LGc;FK
zOoiR~`||15EXd*s0adG7?%C*h$iwW8CdWL~HdZnK-p<(C1f^*VgD6o83I--cQ`w+F
z0|$t9?pY>;tH<ASpw4hmm6nuA{%4Hfo_Fqka{5~jeb%ye#DVXZj{nao2lwwdx^hWn
z!`Ozyp=)w>Y`o)!*6|K^bnUE*3zwEuJo9{F)GrS2cezU@n3rBLnfHcOcpD-l@_h43
ziV;h}lw>Z0kIQgWh9fex%Mh30ei;_Y&@4l)3^<&QcS+hJ!x|Ybm!VT+IVj@Oz!#cH
z(-TsKC6u`!=9@G?DsVP@Q}W{E_oCUK*;Lyy%KVhFvFaLiiyBuYH!Y$Sw3gmaAEnPx
zRh3k>R(4a{S`)m4&tqTubIK42wt?!9Wt)S>DAnj82kdpgE(dINz&ZykaX^a$>K!oN
z0j2{6I3VHxzXON^PB`GG0}#Ib0`QdrzPke?2fUv`yG4L4Iv<!{Kn^+~pe;JK3XJsv
zND@V+le!jZ0azs=P4u83DlSS}<A7!dj1`0<)m?O<+OF!!%yX5Ob5xkKv>f~tO{ys^
zEizuKDJdyJH3qeqW91dc%5gN*;Cef@EIqG;TWm0&LAKggovyO(>HxJxWnP*`uSL-}
zQ|Jn~TptLi`vf4$-aOSn7j~>+6FY9DkKe@T#v4z4$y+_U^8;Eg7ZE?1ZuZpdZl#rr
zr44>B%5Rs;?LUq%PWMvPP836lD5fH*3U6!8pIN0S8G%I^P{W5Q4x{#0JK7JSnDUlq
z77;Nsws*7}ucqV_i>OAG#BVW(3F%re(33x~6m^)=K)%P1@|BiPzG&I}g$sAQ_~NvF
zgOun!577G6kezsMb;s66{K>f|AElLp1j!zA<?sx+GGj`{6B+C(|1|$oex~|@KB{_x
z9(t8A&3MXS!*#e4r-UbT#)zZYvB=TxIOvew>Oyt3dO$s*%5Hg~yjngWACYAO&9DgC
z;ULI3ZM71^iL%bUn3*BgL<5WMW+uwEEg@JFf<+-{4nbWA#)hCc1V=(?!Im6fsbN-u
zb5;N1+N9=-%`y|)A8<zT6Ki(ym6Tc12IUJK@>ft3-~9F6#5bV6`_pYdzkA)!w@I<Y
zp|8G59D>-_-$3tE<KO?~<9|H7bK83<{S~=!mj3Gg-=x0=E~vjs-n+T_YPCB12!)hR
zx{=S#u|})2yK{h(5~ty$-CARG2&HbCOQ}<$PP}O@;%n86P^;tvuhWgZ$XKkJImnJ|
zwSlh5f#w{@&4JDwIGO|PIZ2H#maMAL(cVrfc)L|_jjpJOH{P+D8Y49W^?S<(j|aa9
z(q{u50Xmw(=rB}zxwvStFR@dKt2n#Y{;r+<M)|!$aj<-Bb`NG%&6iio)Fp#U&X$kK
z4A;{JuI^dP55#Zy<9^2JAjl*>G0jZLifTEZ&r8%Zz*|}pL><~wknAit8I`e*cFb&l
z@$V;g|Ni<NJMvp6+_`bf%0Y9lrnlY;#bEms^6#NTPu9V+->-Y+sb}68I0bpR5=T%}
z@DlY*bBxidX_-!Um79A$7=$`yjcCM1T_n^>4PUFx=gdH@En9A)y5T^Lx|?$fjb}qe
zHmu2p=4{B#hR$p_nhovQNk*RTJg0llnd~%<#nRjyV$Td^((25nOltRs{IuHN<fng@
zAxnj)RCr&-u^3S2s7qBTi^2O0WENm^*iwd*4{+A@2xL|*3_cg6&4GA;q8{bO#Yz|s
zsIW*`qtJE+1Q+S2B{0NzdvgBrk;oM$?10{YK~Yr>@b#33YkJ8s3FV7^z5B#JpMGxM
zjva*?#xCD{@5&K(v%Bv}y!~n7Wa8Cz^KgxooftN9>hGU@>XjPK-9)1l#Sw|zC4V<B
zNA3>Mz^&zKG|ga1FgVoey42#YBa93tg14N@{}zAK3^tC5uKND5)2!{%Q^$_B!)VWZ
z53R%=3LphwSKvf|J{>$6qz)BUs^C(y)dlJ?RobQORSqd^2?NUiylfVG7kTW+3}?nN
znZqCU$NYlfk0ZY!mh7o1E{c`MX+C=Xt9<PETz)pO|1={}w%KstFO}aW0T^z+pt)LA
zVi*Qh4V;@$W%h&9W^)LgnL3E-SnAdx$aK?iW(1u}L&f(8VRaA|24O}JYJ+fj5GsOD
z6olL$xP#CcgwKO;BnStB@LUkmz!szhW&vR8qavw7WE}FG06G^}8bw_Yih~eI<;TpX
z07l3&C;u}wgY)YHF)-S*GGD`H#kM{)DK)hgiMbW$TW;Ur4ZX9w7rb2C_1fH3zDOts
zZy1tz2vEZ%vDCUC5a3g7KA(2QYLG7Nb!FMb#qYnrW5<p=?z%$Wy)1Oy4O3U2TEG^s
zUiicYYmQO)j2mGO?6hqNhub=jo1HFCmA5q*#;-plw`Lo-FbKH8>F1)>x72Ss{SGo^
zNSOEOXr2?b+L}Bl&x2SVgz~_i2j8B|gE#Zwl{`Rg{^2~>m<P-ApgIpm=D`pFhd>DP
zi2!>k51tk<EAwDp9yH~_)m<RJ$%9W**q%*+Suj{+uRI6~Y%iY_a4(4>t@13OF<s!&
zxVjd(AP?Yr0XkX~n44#If+QfZ$mjClQ319v?<^>A<iWk20`7=Fhj5$D1if5TqPqY+
z3v9Ijs~6}hQW)J`z#bN;=I6l-fy63rnnl#pU5K)Z2@8IHE;6S9)};!F2>`6qi9C2K
zh1#NWfJnlE%TJ0l%(*4cyo~2<Ij6cOQ(W09D6>+-0`0*(pzS;_tjU8qK~r%a6y*WQ
z16x`=*PcB<&eEU%m3sXhiuD;vxCKyqKFBkb^$Q}Llr%Yt39ck1kPWUWaaHNyF>AK#
zGSxkKDChm06FDr0k5s$rta>Bsy(}tLsabYs)nWICZo0<}e~@601RHg@N_|SDxv51g
z$uhF2%D6IB!7gW#A){ER6*dbYSz`E2DOQS_!Poz1=vYCaXDRtRuDkY<RpoR?P0h;N
zcI;Tb^No?KpWFN(y=TEsE*tLY-7$oRlFHYP9c??f_LUgVK0*nQNeW=JsR!K!sA+PY
zA*(ebgNuV%7<OhjGxY3MzmeaHqFDFI8;WtQFjiqqv9+>pE>E_Hs**D+xHQu&%xt8J
z99ir!dwLqESqPCrI8X@jLRcfhq!7j)DTMYyxV#Xy6vCoHC@KVZAsjD+gCZb0OtM8L
zCEF?46o*1Dq-RHNF-jVYxXnm3NKCXyMRJCmyekS%=Yr;jzqvv7!3RDV>4K3xU_>_<
z5rD&9kn`ZmyeWBe^8T48$vJRk&Xk-vIseR&=KEISO2Zv=)A{a|ZfZAlPgOInlBq;-
z(Y((%Y)}V;fr{pdC6$dDViC(9tL2n=4rj?OI^Mu@biB|0^3H2TzuUR=?wRece0pN{
zYcsm)dbz)OW#+1;+iu=`FZ2VAt9%POa=U1J(0L*;fgQ(ny&+v^&UCwVr_<#y9CdDR
zyFrtk4m#Lj7|RIt<BaRp-G;u*<@CE;&aKW}&i9>cffKHGLX8tfJ0Z*2+j)_bF^3Zz
zZVFDGdywujh?_d>Zl_nZx0+Hn>ToLxMiN7Jxx{?ocDc#ai=A$F#N%~eT3>v-7wWw*
z!3!h2fOA)d7Zfji^}d%ge4iJ#d11X55U3#qROW?(6x^3y_%H>zy9@B#bKuj!X~;BK
zSD5`4(B2f#lJf!mJBZRS+s>rk>`W8C;e;2Cdg1q8_>C8Kd0~qe)_UPKFSK}}&I{wb
zaH$stcp-u_x)-Py5dQrx@LRjU*LQ*M{_nw0=mMW1;HO#{4tL40{yQ^tg@?GP!8*aS
zW>JIjUcMMA7B%pDLGr?JWWWln^C7|Fe<#PFG;|s?4VMNwFAN=<!bH5#?u9j8SmXta
zEb@XOBGs-cSM9%)|7T4Bwdc+&|02h~%JALu%lQ$W7g-DjdrHM^Ft?~=7I{ib3Eu?U
zS5b<RucDnV$Ap<Xxy`n$U*?#YZGo|OncOckrei>)*YqzoRNGM7P$3}m9(RL_fhw^~
zmr=IS{g9ikcY@v7%emaiR%rKXxLgqUNR05z)c{IbtPO%v0Cqfa)tFtsyrQ;8P00@z
z7bmXW2^Yh~lK13ap8sR7l{t6bDe0$PU_-dhzqRu?+)dsl4w7g3i0SrLk+|YxkJ?SA
z%l>G6@oA$<tbcKjuDeO$k`W_HN-Hbht}HF7ti%vvdmd5FlNS?4?l+r}OtKJ60ufvp
zn;?0ZB*Vh`VpE1<86q+mG7uTckEcwl%`()<FjfXrBpmNzb+samRQ#jD4%-zzk~Y7d
zqs^q$hSYA-X*=w^wl*Xd>CPpD9YJ~Rkf>Q>v)LUEji`iDCd-ln3Z>w15RGXzn<~qS
zWS2lC>M{lViUM|~v1O9oFG+Tr?4T0S?5g6Hu<~BJhAjh%1a<;8rWrUNJk@!eC|o|v
zHtLWRdoK+%4GQ?NhXQh#d`Kh*ajA;Ju#A^5qZE>QNh76dNp?xMyI`&h8eA~J1tVNg
z=7ItjWVk?a!B-!;V4n-Nx!`sIQR#vKF6iz8zY8Q6oN&SWE;!_Zy)M}0f~_uC=Yk~y
zUA;h8DbRHn=n(!(7a+plyP(|#kN+F+`@a+g92N!a78%wHQZ7XAhq$2O;1<mmtOccr
z$n~k>8oCr$Aj;Zc5w}kiv@Hc>C4bn3%JJu`)rE+xPZgi0aO#IC0?(rEO&4tZPPU~B
z*mfot(kwtEgT6Fp3SbKiQ_EeD=K?TXKty{Tb-_Wwe{8QUE?DD&MJ{M@L7k|XDcU!3
zf%ZjsYGr74!B|%kX-W*&o>#!(aH&1Na6Lx`o-KU;&Go_mK!%?NE#j7>($b<*W8b8j
znI$DfGfO?e^1=AA48DX5U4D6k<w@f`3SG;FZ^_tm?_BCW;h-SdfXtkU8a)91mGVD!
z<e9`<iMOADTN4|f2MKJCC$_=^iAgjY{+YNFS`u!Q9^6*?5^C!KveER)8;Al9rf?nH
z@N6(lVXn>6v@*lcTYWx{>{v|9pxi_=NCV9cLQUEVx(}r+-+>TMJjnOsl3H_SxqrEz
zmeJc$(RCko({0Y(PCDBO&bH1!nHdhf>LG29Mt_Xbq!1rMs5wYN3Fd$JsrDHJ6<sy0
z<PHk*t=4f+_?M?1EWK;<x?lfhZR^&u9nXK1I6^g`kbCW&)qmRc<ewUr&xXEyo*+be
z6NRONRGE49wThz2Ybn##nxLv0V;XV!WDTV~YOWN!Wld^9F#3v#@kLqH#%rGPBK#vo
zS;taF?P$~!4J0q=&6BT4(Nh~(;MAvVfxLKgV#MZz1IwM?`GNGdd>^iZ7I8i<ye&6U
z9=17bw`Pa^+1X+0$aB!3Wb){TvSDKO9obaLF32v+-k1GlwycJ;1Nmzmzy>(RJ6ar!
zI84VD2eU~Io52bqZf{w^x(H!w&3wtbF5(NUH4R@lJ2T?2xfBx7y=BB*kXukxzyhow
zbD_(0aT*L?sLWO9^C}BT#E4Kef_?JX;TMe8Qp+K1He3*O@mN5O;BZ#x7zV^|jPQ8g
zUu*e3PC4(mVk%#zbNzrjGQ^V2UK@(SGa101rm)iw^fv!m{{w!O<?HRc$j1WE0|o+n
zDGVn=FxU2>?MoZ`g9?E4s*<Aq=#uEV=+>xwb?)`K59hL$AWR501gS$0>wI14cT%U5
zFLgBpcgwjlbumsvY*Ny(LG&E31V$~l+NPFBat;mnrTj?GL6T)|Ea=&f4jj<Ev_uL@
z*Ix0TH*DRz2*~y~)+gFNN&K#35Rfk({`0h--SMke*Fg8LZvyX3Y4*iq=S`}dHoV^t
zfA-@8A1}Rc>6(_2lP@ahJ8t7G4<8&eobNzrgvgh1FE$K)WnN~ZU<Zxi+^gD^!FIs8
z^;V+d0!p>x#4Ft@D}J1sF>Mfb%3=nK*cwI&Ga0Vn8Iy5NW&}_H!6lL;%Y2E{%P!l=
z^ov!+ZjU&ec3dOHoiNr3$DPpbgf&j6b3(BbikxXPqEPkH3LnWV60!zWJw8%r&dM5d
zEXEbPE-D@m#JJ><hoZ0<YAJYGEA0@l12a@mRPZ<y$RrGKaTk(>HYgf^J4B!;Vo{b4
zr9P~|WiR}uV_*Ak>8SY1_uhlQCUWJ)r@p1Jjz1u;_~`sA@=7B<vc&A`SZmk-)fnGe
z!tCCOQlmuO3yD-GQ6G~64*NpQ^lLay1Au=uGt-uoceuc*A=b82TJ#iLZ_GDnz22hJ
zR}9#zgDgV>1BHEwysh>$d1$q($wh$^o?LEM`=TWh?;}x9J_dzJI=YpPdmHq`Hy<V%
z+uC61riUK6Cox}M{K*qfc61z|uim}5WewNGmhqh@)WtmH8T0$@R?1xrD3v@m)Qb7`
zlCjid`aF%)zSL%VZU5bEwqvPE3)hEs6iu;Ieaj5K1?_iG!=Z$gn8K8Zs#Ur4i}f*j
zjV>{_um;sKi4U40nRz9d16aEpwWyVIK48;X&JDOQ5c1Yj%0Alhizm0V?GU?ecRlj-
zBXnQK)Va5Br=Mc2`DxGXSZk*=#2nww4zi<+g&8WBpn}ukTt>jpkHu;Z?G8r$j8W|L
z_B)t_K}l9^sEo>}jLKI#Kykp;HekdC0of6;JIieR#`s9@rWs{1R7|-84pSA)?j&xT
z!y(BOyo#_I5CdqZgKN8p_P7le+1A*$*qF`6ff*yJ5>eU}dQds8&{_q?5_pb)8};WS
zgsF^}8KEkj%%Lu&g-+0+KnF>OZ@<*xeH{+#uuq3=I;_)Si4Jph7@@-e0hFNw!h9$I
zw(786hj}_Q=rCTul<5%C;e-Id-nU!lmb%+@Xb~{wI&{~;&waY!<!@40b_*;`UGm#S
z(jJi$vrP~=W2u}LeS6JLk@W#VBm&OTp<cjN3R3e@;2V+L-|O%j9d?N-S@o$G6kpn<
zR#^Klba+>XL#ev0O#yeUUiTDmx{{Bl7;$?FvQj`=#W#J~1*uilB`JP%#i*n(?iT2*
zIyI##RMxfT0%n_T-U!P@wV_Uw+Fg(}_=G5IufVcMlr&n0;uPmkili-~fcb(A7Q4ba
z92W(=BKTyrJEm6XKn)#;E{uw2d!U}9_tl=A{+(v#?{@XLpz8XstpI1ELA8yKc(JYN
z!8ssQR8q>Pf|{DrQsG2ZS~_?zPX0JYlo~=M#Q+N1n3(EoXV%QL=8DrA>X|>lCxM!z
zOv*0PxcBo*(wovJ65B@)(+?>dBEtZHLhf5NYnBkZsJJpQU-<A(-kx}6eIn7CcxBh?
zpFeo~bzJ}dosBs4l;l127uKC$Nq>f~<pab4zclM`*yB<c*R#0(MICS%aiGv~*zEQ@
zH0IYdRw=fFapB4qvehU;7_lq3+;vO1)_s$LOk3$MQ7Nn=&4e-sW%hQy6T4cY9tjt@
zL^v$nj!G9HCQe!;La3d%Y;37);<8?2PI(Hga6zsMaB+CV1qWR4oC_XxL9Gj{_=R1<
zZd@~2E2J%AsZ%HNq{F!2IWAUFX#iX^6`#EpN;PqpmOtIzX_Em?jeNC%I$ddLrf^Qc
z<wr@an5HYZ3Q!>$JXk8)bWBW2P5;Ym3-(%TjFb<Dt+RdSm@BGmoE7=8epM2xrPQ#S
z7-u)}8J8iME*JweB!LmgEQ6#0iTlhE;l}}%4>DhzeEn)-`TQL_;OQ3=O;nnbm?<AP
zH3wcxOy>HNu<S@Zgx}7<Jw(9*yP>A1#EIeLb{=Qk>tpUmO?x0S6cCmkzVm6#h%sUA
zfiC7A-}y{GrO98Z$MBMp;lnX_s;!GP=)TSm<X)(ic*qK~#G^9jUCd`J<g@pU)V5GH
zy(;P;T_);9Vy>?9!B`(ee5dU>=lb^~H(||QZda{qp=-6P(<KwfSmA9XIowjNR3t5w
zB<^w@q0LlsN=d~Ehlrm<BP2B~mtjEem3S@jS>jmYwYEcho_+ffYWq6z2PpiCEj+cV
z?e#-@*o@@*XAaiIPAbf7T>4NI)|xh)^O$0H_&~wxXuLX(^Dli!QAJjA*#p*+Cm$C*
zb54E4=&3{-dtLe{;o01=)v`ui3T?EJUdw&QpMZ@N$3~Iy8nN;YjMB!AKhpwe+m7iI
zaCH>M)lrb-lOj;e?<r1D2<XJwdlPqdDb8f>%uFR`lUM4#N%0Y<JG`7bmr_rl=W-TZ
zPTb&S?!L?IW`Fi$T5O+BV_g<8$Bbi#CUIZTa^X{j<l~cAt|Zw%zop;aeuw(8>OM_<
zXmw#zA#EwxTX3j=O(<w6pcC>M^5*6p&XeXvU|u(vn*}Q}?#<Yq!It`4{lD}x*%$Cp
z*%R>4rADjqOM|U&-Rs)!Vw#$zQccd1sXD<AA+482L$+QvnjsZPG=m~y+CU|%dysRC
z2-w2h4O`03>yBM@P(gv^f{mTGM;EuRt}bBAcH3QvFAn`7@x_`&wR7Ly+x~G&;<bi5
zmR>(?@tWG7JRF~Q%VS%aE%xh$&n7y5J^$H$-L_8M{Ko6|H9pYyriQvXEt4DPboBkj
zPg=Han|0g$T%sm+(MFW0E>da+A)*o$Y{czYJXeCA(lUu2lt98s0=av*y|e_CZHt+Y
zPt;J3bDsg~F}%1u$2FFhHjaGb`RCsl*}7^);=Q5|U@OQV!PXCoUQX11c_MKg5u?n2
z`^ei^-XPQNbnH~(Ch<ABeDSE>GAAR%{uncLH+!rkWz8)wGWI1M9Z$U4zgRxaB(-N5
zga%d)>pythn?2`;l~F~dBd#|0-dHshORB`0MMceqnGq#INQm`f<&4>IP9Tb_P6buh
z7SChLacXcIhj|Tau!=%TCTsabFBy6Pa7RgBhSy_IEYLe}0PVRdS<h9i@_`Q$*Cb9Q
zPA0Cwdcx1X{Sr36jHMemQ}I1Dg(l1aREEK_B1=kAF_tA+k(ODSF{TY73hL=HPzA*w
z7z(cW7!wMv%w#h4VxThW>^2$Kd`oOxU9Pl2*v1V&U%h36y*Ain11n*)NO0Hy<6jZ+
zE6<GYw80^fWs42giClFy7%wnJY~UA2_a8k6$bztvt)#B;7A<Fyl8)bSAzIS$=cR%Z
zVZL+$S}l;N=aS<8PEykGXHhcfToNnJBIRE(?OXsl)&@m3z_l$dZq)OfY`Typ_gx0e
zb2DBr+XZyPv-cTJ+XzsGT4sV$u@!WF+kmCtT`vPGQf4SL!k6i8Is<1I0^pJWvK31O
zKn-LjsTE3Ia+9ZSOQJ5dwexpW>ympqF<e1kgHwr<Of!p|Oj;Mgq2OV%Z7uaV7CKGc
zc_WogUsjnMkz5g-tNLSgFm=GNsF-n>9}q~-x8h)cuwNyq)#ut#@8o79$OWo$kBDk8
zqI?Sq=Tr|ab+1WW^LG3P!*^WvSsT2R==Q|jV`^at+s~=P8+}h+O>8J1yGa{m8@-v{
zL7A5yjzZ}vnJTyKtkh9hEihil%6v`i*pwm(hmVPU8zp~WWKb!6Z`V)$2H8JeEUjPg
z;A`9pi}K+V&V?ByZjJ~@R9fW=_<g=WlW(JsYCh0?Qo!!q<gjnjB^uZWUeq||`hfZJ
zQCYsuC;6D<qeNNm$uynL01Z-{3@wE(%XnwZvAs!?9m=v}<*D;Wlafb|<dlo}9^yhN
z)7_U@c9l9!y+wUll^SGF47lA`Z+vMm*$AM_tJF?tR2+zyNoLl>s(Zn}GGa|gC=Z1o
zM*SknPMw<YEsWZ<W#Oa0Eq(pHS2`Zpo!CnE-~Bfz`1F>RI~rEceE;#KiBk_G1YaAm
z{t0Y#g*2K2xeMkh>nwqtR1^9E0Y=zHQ)WQD1_eTkDYfw@R4;7g$5fTY-0$JuZlxuB
zU4xpf@Pw}wO6_Sc_$NMLFp&bxw0a_HBrMT!*RN?qM}M|n`ue0zI<l41GYEU(*VrC;
z<hU6j-c4hDb-qPD=JP4p;Y}n9_5G}@%uU&nZIj)!^XaOu-Ckz5J5W!l4uC}bgz6;X
z^M&=m@`%2ibvH>EGFaGVGYxN<t%#p^+s8X5Z=FNp+={1E%r)m4(XB%*<;e<2IsP2l
zt*!HGGwRE%x+Mc9_#6DR+TG-)6I=~0>X1R*8r>D$8)Z>$Hp$UFRTFX>a_8o<+d{Bd
zgAvjMsX<~RgeJl)O(d4mMPf+}grq%9uwAjsp3%H2{ba$~#9!b1_CV<~zq|A4r+4;+
zS@$m4{>XqA4jlgKD6{o!zxBz)sax0F^ot)aTXoNyO*dm>zxE&PKSI5}5p}*EqM!F5
ze>8_l1l}hnFy5ZMi5qstvNcSyGiG;tHW9Dkr5f{k{hQoUaFgBV;flW}Yq^q7mOIU!
z%8zM*Gp+M=ykH#L8xyMDX|4(VuV!X);9t3|JKU1-=L~Ass<kGKePa8@Ms0@EsB+lC
zHY!PeX}nY~y)T`R6g9uc-90D^_yYNXy93fXHx%f%>+5y4TY~{=r8-_^1LR71yv$OX
zKADs>I#)xP@ND(d{5;}0y>kIct&N`y@<Oz@tzl2c7jJ&iNg%J|sm<l9)@*Ns{<q(?
zaY^@4l|zQ!$DE_96W<<qC-E`d09V6IxOMXC2_2_?9N*l!Go!F<yzxllIA1B1qi$a+
zuOb?1HaDB!S6xomPZia#D5}i~UgC`Cp0c15i0bU=#Bpg;P_MANHi9Y#WmF`X6ITIV
z)k*BI(m7GOL!v~ITuM=CX;E#>(2k+6dQpF_5T*fq!tunH|4D;?$^w9@eZDv}3#FdY
zs0XCdH+FTbqU-K{BQY;=F$_w)1cSD*_^GjUWyc&&^F)4zOlbZE<PG!Uzmacw7s%Yi
zoz-fw^%-+VH`yicCbthq8j3*-knToz8dP$y?Y-TXD`uhd$F!$%TIb(ubchpwsrFB)
z{MZ3f2TCr=h23Eo7=$2q1lMt3@J&%|g4Uoh8&|LfU|*1Ie!jUKmadkrmn5}U1Xe`u
zjZjBMI3t#^DMQ+%!w_|}dbP@i$fM<}(;Xn${xQ)5xJv^a$lbGe55R?|HJEyoT*6Ra
zOlt1e^lzK8r{h2WbQ~b@&Z#S39(&P!8@BIB91`vS^Pk?<x{2O2=4!AX{0n3y?n*p}
z*Mh<QS5HcO8tgUbO5+!h-FDCV-JG9wo$pIt<R@P(|HRDnBJZ4=n9seOm?0F80c2Mu
zXVv+Rnh4em9TD6X+#O_P86z?dXRwR>qx{?bfA&l4a)VE;L>sHsX^hy$+Ujh~E!9dh
zP(!7)IMFjzuI;ili!&+hna39aI0T@CE6MrdQSu)9?C+m`cI>lbiJq(1F28s6>NWJ0
z#F9iSz;u`gO)xF7{?uqt;1cKqfy9x-(ZoB6cTf_Kz`mm3%#cNvn}sBU27H@P_-Abl
zGHnxafSoxUu1z*y$XG6$-Q*urvNFTWK#9CdbC+dkMf=XI^xiZ3N5?)-c~Y>N(Z`)I
zUa41F6vo9si^NpJ>8=tBI(~?Ns|u(f)g)clrL%-2N=LplhEdmE`vLe8pT76afzoGR
zUiEa_n#tAou<VY7Y(n-wUw%c%#YdJe-4e~FJGP3p`#^p(*>+EuIo`X7<h)Dqxfk$b
zL^Eh$0Y64`16>q?NC?snq~~eFn%#a_9|S4GpFz3*J>BR7hY>dDMjVm4U#IrDE+}&}
zIBs{a?HWkh0Bx7Xe#tf7AvSu43U|ohkcLQfI|Ydjpt~q@FapIe7MPxN9zFd@h54#4
z!aI3X+#%WF`JLrL1<X$@O6*JQO)P+$pz1SlCjRlsXNlurm+wnVPwY<oCUGs?hi(3S
zSpV&NFc2J|!bO<jo5a_N7cI+$JWA}`zF|hsvhdxSw(#9%S@^^vsnQ=Tt7ov=GWFH6
z8N$@3Xm-X8eSX@V(ybKkr@&2onuf#!A$0`xH*U>aD4S0CdYax;;&U|LsOKiL8lhHj
zV`$1=mQ;!_XfZPbc6-QPZfE|BU=*wXlxqM1p%HWY+ZpySdDMp;kL+q|qx+Ab?A*V#
z<866yM;+bLAx1doLml$LMm%JWndRYoV{2`$1(NBLW>EV=zMCZMQD=9MqSGCuXqya9
zcQ<z*_akn}>FDO@<9Ng&+1S;}!wQv@0Sdhu)kgf3@FRf^%j#4knw{`XF{_!QgQ8X&
zN4LTk@B{cs;?~5|30oTs{RUi#e|(kLD=$v`H1T-iw~1ReLpIpJ4%x{XJb*QDkpOw!
z9EUpCt;B`x=W;1@t*%RfwS13L7E5JN$x7EI7oF#N$@Qj-4RDQjQEZ;0T)Uwz$-6)c
z1|)2%3~Z`JL1-2SC~9ib#w+9SF-zg)B5B{Gn!zQc=wQ3Gb?*_L71&})t_+;&g89Bz
zeDoC$)cB|SX^k=6p!0oTcfz+0SnhbpLFe1y3p*^aud{EpGsT`^r=%v`|HYh-Eh(&G
zTr4PR558+?M5FQpA11<yrERqQ6olLE>1czS9@>*wlh{BjI-Zvo|8alofu6T6Ux@l5
zBjY;XldDh;bR#`UF?E^adi5&I$Or~{2ePw!Ivh?dN6XI6LES7E%<R@Jj8Lc^7Zw)x
z>eU;EgA<%Ny#u|MX*oC$a!Ajf%behMI^p&r*zJUMPS~XZ@Zqs6*sYKo<wDM$If3j9
zM=!0nW<)|`Lt8=zLsBRt=eHWDl@+zhzD-WZaKcDf4z#!CvlRxrQILtVrz1Nj&@02{
ziY#sR9rsbUuflf#RpSC|+byoRtKB83E?a2ny#&WrF)_I%Fbiy1C4Cm#OkDeFtiP>+
zp7v-n-kDUhk6V<ux$Y1Kyuor$F!go>lyLh>tSwy;87v>n8NSSj$$ZpFnMPOlnA2`C
z=W~-W=d3S=IenM*rJ>%R^!}zdySEoK^@8m^;GyWAC|#TbJ#t`QHZ0BtIU9OpKau@G
z_CK?wT|t;1fbsw=LFHN7r_uY1A1!{anB7qP<6_#{3q}?`R7jub4)$#LB>S6ex~>~+
z%!Fryur2`W{nkO7psH1U;`zoyb-vp=&%WGFL+VDAg5`*BEy*oCqU%G_DA+^ose@&{
z9(39ys6yGGAl@&5lr_)}ItT|DxoY8C*S&f7fy84ww>`i4o_)72g{(_@Zt6cNVbs<&
zj2d+fv?U%`H-F=-gA-=|ZQk_1?^^ZSvGLWn$9LR*(=SIP4m3a8^H0B`p?)`y9P^`z
zqb79>gqudJoYb^|OCtV$o+=#2VUi18^XD0%ET94E>y|4qKa+E^y&lEmb~<dTq53i5
zIp+5><~J0N@|<e;Rn^GK&2ju1B$@DCe$^f7mhJp?hR>VJ{ma#W-@~_e71eul;7@^%
z178QEn>~N>eC+w!BlYr>d#K`p;1=wkqylLPP=A2AQOJMJn94k^%k5xS43C}31dA_L
zO;u94q%NvyFG5`q1K7XX1((yFR@kxdrvoofm+-mXS3`$dP7r6_#W{^9L$D$H$!y-3
z)wuA@_wg%#V5tw6m%dWQuhKw1i(*<-s!F_Gv*DV=alGv~P?h)u298@l4!n5V{?Z6=
zCw`vzdlmR#TjDC~x*IC*hS`Z#{JJ~w3{)nbu}-@Q{}P3?nnh`Q;;mimiMO6<Ph`TL
zm^LN$;-<vuT}_E&h4t#V4ccw6Mp&$hg~2LiE;`qJ<h$%bNi&apS;ww;$L<&4ZTPFa
z_}c~Y;*%4l2eIXZ-B;}Igve-Xf5%Af?_>sddgG?km&upae$`u+>2^8;kGZ*9Z&tXA
zTkoMWO~L2x`t*aYmf_UCPye)q`1H=t$@Z?sVoUE(xYp@pL9^3=J@Piqfs)l>mt^Ty
z&5l94gUZ~&L1WgA4a2_X0J@N1_6h=*6V!1QsivD7(ADEAbuvxW$n_U9Nz)>34IIp+
zYshy=2b)8OPHUI?X|c_Gz1X52klLJHDK@Q#q_(0F`oO~?IU;tjiP$JVC_v+4m)qJ;
zw>H5|0cnV>@D0|E_FjR;+VXA@=CjJwhPbtje^k(dFl#t2^N-NnWn<hbG+p9Z#ih%d
znl7koDd{3C{7bsvwUAmEtr}bC5PneCZTOZHB1a0*(<wxwQ;1Hc>S=BH)8>?sutLzE
zE0~tvMy>sBJL`A(hyHu+_!d;^4ASYhTTQYYyRCsG%%s-oFqHnrF&tz?2Pf5t{rA$+
zb0m_O&_)C(^q>Rjm6Q#XuaxP>8tl<t(&!JgYc#rA1I@(QCSadpr#<XY#wM@^b~}^a
zbl}3kVN^MaF?Bb}Ok57{bhxYR+#S=vxT~d=5`9Sm$xt2Q@NO)||F{C2nydKHF&yJu
zdj*IpN?T&=`b6b}321{yfJpb9yjI$B5;fM7Go-t4Jn>b|GSqGY<TJDKV;g*=gS;-{
zR&o`p*w&hidDca&1G~)7*P1?`5^;IU6xn0&U&9l`rJhr9EFfkExq)(RFDV505$1PZ
z;O4Z$FT|4GiYbF{R>xr;NbmSv{Xqbpa>6lyjR2$l^Zj(Cca!&NFB@*avu=3E4J+N7
z+|=jFca^$!x+K57yL|wve7o#>?KpeEN_CS;hbypB+9W+Kv0W6_Qy59-(NAdF43zpL
zJ<0gGD5w@hElW@Y=WA4>>tF+nhGBmn|5hULW#W&}<6F=^8FvzwL)#NA^ch?XZTjt9
zZHZ?S9r%6mnbj}BPx;K7%if@?<SnQ{hsm|(MF!2V#i>r{PGW{#l5V1?B;qEc)PKxj
z7$JuqdMx5A_L;sdKFR0H?)GRl+|Q4NTPDSQui=kjNm0(b_N-UOyl=D{s6g`<p(%lk
zv@jhcpYcRj%^z5KX$eZv#2yR{D;a#noASh=S12QkQHp-=w<twVhdJ$G_BvgT?ayhy
z+H_?(Lyny~iJN{!%0fB6lW+EMdEbrGPwY<nV=T*~>mKHLEEqhK?qh=Lea5kU{4F9D
z-Kg`QXn&g%ea3EJk29XAl%%xh{KVSRlfbs~5-s)&8`ylv#aTcmLDK<?BqlEm;wn-q
zs;$ALch;*|9?NF~OCdLZM$bLcgNZkw?_1W140Sr6J)|F*Be@6MZPvuBQATfdXns`K
zxd+^Br#;|qwLIV+c0kxM#6chCTT!?w|0RQ8vKQDN*au8vd~{~pTvdcY(*KRw95DyD
za5$gk1!uXyb#Z(%$s$6zs~Zk5o&27<m0IO~<$!WTk=;bRriFQ!OL?9CNH}2)(jkZf
zQipH8(qX?2PwKEthnrBU>+mCy+*3gO5$6;UKOyD2WyLExV8)M9d4HA4J4pDJS*Tz7
zNaRO|HXR<+;T|1s77kt$br`Hep>TXdxQ}&sQ->D?%tjqn=+G!&MhbM9IDLweUKGXL
zp_`phC30IS8~3M>-_a#wValrxk^f1|El=sNU59(c)N_jt({#8>hf%`MuD1ZzkQqAs
zO%U_4p!p#|&+-)67W_pz^wJ?q2PYQSp~Gi7ysg9Uba++=oU}KK0)8x}_-n+3HB>nA
zbraLsDIGr5;V*)qXHxKFl@1Gan65*u4r9a=R-{9=4sIQ=fX_t%2Sfpn>hLq&Tnnpp
zSRis-Epnjd&{sILxsbCsH6GL9EgfDJ6X$>Eut|qi!uQR}FgoR27!ovnBWQYC&}7x&
zXQB=ZL>+1b{KY!(3^=XQP92Wu@SG0!3#x0=o^sYq+vN=Pc^urn>sZD4j^2HDj(@qM
zdJektPV8qVr+k`(d8DiFoaH&!#c{5t=CtcvOdR61JghF{G?zLpu}$M|4Sh(4UJ`7O
z;2sLw0QNE<H89g6Ol)3RDmMP9(-Sww6Ppvu;)z@LLM}8u2@TMf>)X=3CmV1MUMJna
zFO*ErBo@F#{vI)=nw|VTV$X{Ah&@|hTqZ+-3|^VLnV&i#!}~HEl3||=yJgrW!#Wvm
zmtn394Kj?Ap;CqcGIW>0FM}e(moj`P!{HSC0|I`D3@tL$%P>KP5i(c>d?CZT0`p!O
zcFC|+hV@-ATWIrSNS>Da-SHG57P$4cGDJCEoSQ37k$^OxNWIZ4F0fkVr-3WGoY_lN
z4kg9jGhx#Q@&<H4y!m+Qb!lmm*9nB_bAZxmocv^;Rqwh~xfZUYXI47Rn@FmdMhnHR
zGl?E>PL(j*5E){r%FyFoUgow?h8d|UbUmdw_`sQ`6mzYkh-SISyXDL*pNm(<VUFig
zM-?ruBS2B=wQ}nDd<o7sAZyPZX&2C*ziUiiXhbJrYyWNFB<im3v;(fePTagXu|OS%
zno8$giSgpyr!EqL17@dRC*rkHs?#lAOyD6wnJjgfZpU+u0}ke8Sz*W0`r`DvDJ#NI
z6o${ka3l<oFdRs|w$h5v4TC!jzdss=gJD=L-eGBmp)(9K!cdz^J|2dnsce^r`OAs6
zAe!gG@TfrZxyalehPcRcxrnridQKq43^P7Yl~5tjW6t}<<BU|9#UjrUfhAp(MI`3G
zxHDM?)8u&LUEaKD(by^SrpdChcM8HS;?lt9?IY)v#_8B|BF^=5O}^M@R@b+#?%iwb
zB^4d}Dy%oiT6=!9(C#f0FZ-&Ao$&^RvtKW}VCATZ(M$VQ^i98J_L~3rMgFotb)D4Q
z<#n^kJ&AnbP5Gv|?lKkTs<*4S2v|<(_bA+~+@ata;SUNO1%C#56D$Mzq6!;SQ23UG
zs`yn^*{Q--6`rB+Fa_Ja6!@;h0Llmjs<2iSs#FN8F?EQ_Tq>wc1qswe#B`7wsX`Y?
zrX~qz&GZWf7l{`P)}`JtnC9%6ZyPyQLW<f;ETet}PEM93EV-^Ee3c|}ij_+=xwP|?
z%K5LKN<8v9leSCCPR_&0<R)o3=K??B^aH*l!CYoJYOsnespP7PYEy2NCBH07ZSW${
zUQiCSO?pwHy`*x9f~2ZUR%|#2dF7<Ws=`83LWPwma;}g%bp%Wjw^Y^x<Ounk$STvw
zP1G*WrR5rTvN`#Q2Gtti!%H|{YOqm*3E~mczR_U0NDXPAXz(&Ve<<Mgh$w{EC-Te_
zKxG<yB9bt3FAW@s3o{%RK#yy%RfF{!+@?W`1`VQ+OEnmvL3a(jd>;)?2<(S6*sH;A
z4RHEit8ruTTn(<(U_7@P^D+=VL%@Hb0UXufpvVx{%uiv92J19v)}USkGlkr*A(x>E
zvA>@J-X*A6qroCUO`Qf~HK^1eBA_i&j;2V73*dDEvR=@EsEY+^A|Uq)R7(WFc!8&T
z3QxI(WvfVTPUW}gvWh{P+66%t3M<vh{JzNhw8)NmX`Lvxh`ZB^9(Ja^<pM5h-zmn=
zoFHn?*7?p4-X*20v%K{fv-G){{5S+x>N1PC`w*&f6-g^`X=!S-oMG!sdgV0AFqHrZ
z%?t;QuzmiZ<EgfeXI_Ojxb5@QJsls=Fl+3H(LeAV$Ig#vIj)Bp8D)C8zth{6zY`-k
zKztO3#cpCSKED^08to;V4pb%2e4(dPg{iO~K7y}6R$)?2wH-A=TArAA7d$B6_w7je
z$)vQB28uOo)HEoQ)`FL)(n2s5NbPeTGhX8x$^DCa;du8%rGckrw9z+lsE06re;nsA
zz5`2-o0tDPZx`T_E_Jw(Y3$as-!8z!+Xc>epFoCqp8!$p{LObo8Z%h>#6_p!EtALq
zT(=UJ$~WhiC`?h9L%Lp?FRhd$O|lM=cUY&$ts~^td4KB|z4aym>zMgl0^nhBAbm;d
zG<vZBu+FU?6aZTUhGv1mI;(C748J=nj;Y7R>3i!y`&e;|-a5+uz9@T%K-yiP+ba;&
z3lx}t^I1_2K@pNO-vy&x5O%?*E_m7nD^ssPK&0jam~q;LDmO%w<T$f(>jc93|4Plu
z&#hVI1?sdeRW|0Q#RB~qBl^45yz`9VbB1NjS&;u)VVoq6)|ZwR)rgbzr;oaniVefT
zV)%4DSwH6AI$GcLEWI52Lt<iL;vZ-r(f0t{05e`r6w|9Zw$Z=S){X?F9n*2F%p`5n
z5a}MGklV}<p^QEU#1FvtU!>=(GrqDRwqbixz5}L!EEx>gZU&q9$wsg-rVtrLfQ=lb
zDjeb7O$JhJw3k}$n<2iPm046;gsaSDXH`Q8qTQ6g4GiaSlm-Lw52PWd%9!`m-`UG_
zLgL!(Pz9CS6Ak=7ba2V=8IEk7WZ*2j#q3LR*GAmMZpz$lHDj%f1=p&=WaN^G>Rae^
zh8M7CMsT5OM$|4Y67L)<FFNMsyY0f+fS)H$dn=k3U!Ofcds8;MJ~Tf>n>_P8^swtg
z7yYd+4ykr`EOD%JY;`D#lp)<Nt(PRVfR<6(+Ye=q2@dfttW@i#PDVtNo9tqbeE>g(
zpFE+<cCFi*IQ+Yg9kka+AT96c3)ifAGSQZJ5T-t`@8yRQTWKQv<n6zCUtYZDS5r6j
zoO|8AlTWN(aPysnl9{kr8p2)||Fz^IGf(+7caHm!ykC}N8GdcrD4@hc$t>HYqtqr_
z%`(&&N<=5aiK0{-IOgu8;$KH_mcPs|HgI#t<D0waj1E#`4q|I<C=L|{vIYx@=|Z(m
zm6Dz(5pm`#o;vo`ETq&}A!5!_>r(I9?P%vO+ig$2mLT5~6&@u~uDR_w^+j77)A!KL
z9rg0!j$QNz;?44jMjFBuj!L?lK4k-h<qeeZ({M{wz>WvPJ<2#dH0fL<j{G1>8cNK9
zpB_D$XjG@J`DPEt6iqb34*4m>RABn4z@!ki6mi%H;sYCE5wD^@mc})()RR9j3Of?B
zj~szjiN-Zb>1y%+bMf-r)8kLI?xFuAVVn4`a}T_i{hQQ(pyTT@b-MgE2G!*M+ZB1#
zOA?onVd;NV2jtAp7zLxG_ee~dO;*BwGG8L3p8xMwd>%))la=^87UNf8d<Dj5^LP&1
z<##2<+m!9eIMR6npSR-mJm$&8Yn(iRY{hFnUK$T0+%kDT31J$~yA{LtAq`uxyh|}{
z0xuVoy=8dayn?RXHVh3jGc&JX!_3fzyMhffGcz+YGcz+YGbar*CntSpzcYKE+4If$
zen_$;OR}#^_F9%7-_Oo@&xS<M`4AHS#+zPJnB!N8xA+~_sCNt1RuPK5T$$K9J|}5}
z3&xi^D_1e%hzh~hCPzOYrjgut;G%50*K3*s>GiLnr)x`(BSa>}$x)B{5a%)y`K}g<
zQP2BBVU7TklY|reY2xXGE52B&Jx@-l*IxUGSDmk^vybI2kuK5CloKiIQ|tQeq;E9u
zMDIhJnWJY(icH#2{1n8tEY!><QuAqR*=xxyX5(k^ni;ygCquV;ytqfGOBl4FywL~4
z&#G^H&F8<j&gC~|mTW|`YAlVnw$~w^rOvoY&iO*-QQMSm#NYj1;S)48tqq6HCEKY^
z<4uo7<hX#|DiW{?LhgY%C#Xl9p*uzVgA(@vX-Dl{-|4twfWdA@OL~b>G}Y{wBEo*H
zF|Z@O;=D5cs2bO4V*bk3xJR3$;`Tzzp44d6p-35LlKzxaM;S3d5%9@~7+}zYYJ=Vn
zvZPWDOqIX{Wzrt1rGat@f3sYnV3HntrXN@duqL}EM#4-d1o~HILzOWsBOmbyK!8%p
z-%g;FU4>2B%-E<|U&1Zd-Fjqq(2hCzV9Ypqc@fEpLP0@81Ltvl)_*99k=Z<TimAd$
zLT@otb&T0S+T1AFO1ES1-n@~J=%=Bmfpij&{`@NCE%(*(5c~KFo>4Mx5{^+4Ym@u%
z%}`Bw#OSX^hWx=@>|^2?@`(@)E-*xCv*a}<eYEKrTixAe${IDYo%32iO|roPyXHWa
z;eAbTpsU5`gOy_bcoXodl$r59EESvsH<>|y-c(EF-Mz0*#gy~$T~SAz)QCv&(zxpw
zjmd8|22v~L(uv8xoS0dRIZ4z2s!${}EHdDNim-1Rn{cD&0sJ!;IMAZE1Z*n>Q4y4M
z4R&;i<}5}S3MV^b&<@0%So2~WO;+*30s3tmH8z)^qHmQw+G&d0)f_3ZwH3{)4v(;4
z=bXlxr+@65+8Y;(un<)18O{RtOPk6!o8bIlCUsCvG>>GV@M9s^gP2?Huu;U@q%a2Q
z#N=)s?Bl6CH1BpsJ#I{L%ZV-&nOBFY)q5%4T*g#-bMH)J`(~}zD%*7hP2j}PYe#a;
zyK-<lwP>Dat9UFIY6iXNAh`T~?D^(`DI%A;Z$6|1HYhr6X=~{*s6AeCco91!?`+8W
z`15<%&~gI-E#;fkfJ;cH9qxWJVNyWEz)|2_@mL+k2+#s)r$N3Jexhs3A(HpY0uH0W
zBgH---vM*)t2ce>{xRr#0i@PKh%;-57C_cAF=8Aov<dQ{l!zw8;~DsSR?lsG7uZ1(
z_THu;OtfK3({@PnHYzbN8$7?Yl@c>+<%m8`p8#|TBPSk$Z1pFkcYLr8-8<#@a?Xcv
z*~7RW;CQh5#2end^?*yPGoYI)nJPWSu$pMPWwXMFx<Qei9956`MJL|#H6t{xdw20<
zPJfk!G;arIs>LzoifJDh4lq*VxZk(O6t#)QNuK*~kWZCHzd-X#t;ddTd+sN(Ul&lZ
zNTkzI_eCj}iJuQVvH@F#%_U|PP;9&J#z~=-Fzw=HQ2iOPITxF2s#3jh>Bw7OmcCBV
z$jL*yKs2;IJTR!l$fn>Vd;ex5StKiwsH#&tipX6kdu{2T$<r5xk|ATW%h?q$^HNQ5
z<gl(~ZN5~n*Q3Embg;?8sza{3Y$_jOW2OE0?%edYkzY*l)^4ibV+IdlVM?tlE3vps
z$AHNop|wr(Q^&a06hloMBaYY6E{E2IRvSED&@7dZ0ilHPg~8)KpnaQu4?=_WZ4+K(
z_Rs<=(ieYHDCh07<5|;vUB%ju(4bnteVfBM&%wIQ86d-Enbt3k+)8uAZd`e!MzN?*
z${z<dMB&!}$3U5fO*ht^(B(Qmuc2l#gib4O=3Ow|@Cr!Wk|G^_*|M$Evy`=x1dKUs
zsf75ZVlk6IosRt>y8X}8RFR3qP8<7yXdjEYHd3JZ7h*Oaa(;)ODl7&j&24K#KWOYr
z<|21OB%KzlIa_!Rz-lM9XY8sU#Shu#nq!U^pP<rlk?qJ?NoT(+hMN}aA{~b&c3z!P
zCK`5@$6q~)J_iy<^c8hY5UL=1g}3$<jM4P7h!NA}YF3@5D%Xw=OAhQ=i|s8s0B(4K
zRqUC}PSX=bW+Uuda@)RO?f@LuNlnrHv+%I}n~l*mAhwd`y0Apd5tdIc&H~yCfa8@6
zpt+w<K`m~HmGcyw(@nH0(y+_Yq$0Z{b~q|BjENci5)t=S3noE!aI~3l$iGhh*m)HZ
zmTV4rkIqP|DzkH`7#oV!+Eo_)vb-?aJ?g-`h{fHX6iyGsk-laOaY-3+a4r4wqk{3o
zI7jT09=*ktxSg~`U~GD+q05b?DTwM)fN)LQ8^pWHetm^Z7psOdCy!?q!+qV$0ME(#
zDK3`Z++WMQmD%_KFATr5xu9LfP|7;|^9>fr({`&xb2pICIoAolW)3CddcbIj;%v2u
z2UZK+*seaW>D=ON$Vc^-!n%(mn8YdU>eIo1RY1H+Yx3*Ppu>D0>dv|y3S-@H9Dgr%
zVGuWn*<NZliUEB|v^eWo5BUC!4>z09#!gjUmwZ96Cu69>KJ6u^g?LVbkbJpH5m#z6
zZTQY*um@eeaO?_k_%c(-!ZOK`0L7hCLBs&3IuL7p=zWci>HV!<_Tk%)ZB_-Gj+9pF
zwWgIS`!#qz0h=?|fcw=)y3^4C!`$=sfN;fvEI^dE0Ta}iP<GF=wGMZblpgX|X5>2|
zCxLV^y@KYMB-Y=}I~9U9G;m?S^2<9cRh#itc8e4TsfkR0dHyI^jVT))PR-6<qiJGO
z%$lakz)gC2!T1;PX?E?A-Ro+pVL(!-Yg6_RpMy5ds&*s2=A(er8ue<7yH@1TSb+Xx
z1vd5fC&?=d_A4gJp^oi6;G<$o&4BE?@shkJb_+q2KzYsm$MT~!&xY7~heUw$a{a@4
z%d%LxmI=wi72Xw4i)hG|jV~bq#wlv}EoSJ=P46NBoat)jH{5$SZICOtQX^@6$Oc*-
zkr?f+kTu|dFu`-Z?T`?COQL~65YiktB2}@UF(k1&27}ZTc^k>@S<PUCc8HtV;I;k*
zdaw6`i1E-hNG>hyeqOoUq^Rsrc)FsjFJ`us&&HSI46f`{LS-t?ep`2YPnjaV@=2cU
zVVUhI_O{JTts=YBxjN5j?_&Yj5MtNAAB{iu@SQvc0Mv>+j0h*&b9$^_eJEur*Nbz~
z=Woh+$>LT@PDT|ry$a?jOQUX9pHntbU%{TQg*!~Sb$5$tm*2=Vd2(JWarj-lUQX>?
zb2g=~IVmWZy@rS44e{m97_nUUvr8bTWHp<y1u?&i@S$8IMQ{S~q={q=sXWI|_R)Bf
z#@chITe(IO`>Cze`+S06Z(Q!^78FVeflf3-vyC5#S|WD=W@h!Z5*!G05;_D(L5n?I
za*5-?k$7BazDCSEh%VS|P1DGT-gjrO^$X|(l5KG60kk95_bAWor#0;7A<H1o;U{HD
z)M`h<FGl^;v+zNny*eA|mFxmR2rV;rUi_XxHkW=?b-`n^-?FB@O`2nYLE~1pxLsVJ
za-aAHplN^FzQPxa7oYie0K&hGZJ8LDIN1J+3d!+rxP<@3`};4jrQm;nE%{A#faXsB
z6V;N5iRo{uB|FmxoRXRSf1+9f7+C*>YWcyq{Aa2qGyDHQwfut?{1>Vv;J=PvO5fbj
z_SYY<;r~Xpj2#P4`G(+o&J8v&1_Wc~Nz@#w-o1_36?8|j!28s*7*Y%Fd)Z}yUtAI+
z23Vx>KTEGjP8w$mIL$ICI2l-67~se|s5j|%JU-XOol$J9)!cSnuD#WhebUx0AspIY
z-PvL5JI>;|AJLC~P2E__zl`E7OL;@-AX&Pv3esKCoG#E#*?Dnoh3_$J?KhXW)~l09
zaZEpUE%UdSV>L*=b^W!!aC+mIuJ{Jl%IBZx>}D@i^h~zyUmUJGr>Rptdac~Ndj4Jf
zB>8<kj#N?R;3)^|K#o0N-w9Er=B^l>ep28S8doXdi)P^+;KrK~%ytL^{<Yf<;#H!}
zON-gy>#IoFvpGghz`DYDro${&O@WA80y8>n_)7>_?WILlScfm0yQ5Wq#8dbS|3Vo4
zdfH`A1+j;xsOX!(!Vv!ER8)r?-c<sY?3)5+=)2i``inQO<1ybh&m%~y<CTl!<t}=q
z)6REk_lR}pzq0go;g`o+yXXuqS1?aUL-d<ByXcM|p-j-ds{vtWKuf^g%Ym??GbEC4
zGX?si7nnz%c|woR;Ee7czHs+H5w6gi&0o|8o+92LAAS0LHV)u;qHyc_BR6_<2|Tir
zUr4uo((rGnF!;vB2|PY`bUndqca2BvM|X5OK<%QB)xGuTGPqxW?kqTR@m-)UzU!1E
zESOW4GwzROTt?2{TcwKnz!9fGC4!rwzmJz>;Ya3mY%oz1K>eEwiH+gEX59Y^$@AY_
zIR6&o$^J3r|HgQJ;5q-ob$*~Y|6EdkaGZZ3JwNh)P@aF#o&R_FpR#`h=)dYeu$~<M
z*!S=D|BMCwg9-iT@TU#?e~bnFXTLw&e~#hr@&2TL%Kys$11<VbWBxt%pY*Ts|E~KR
zN&2V1zxw<b_fOs5n9@JT_^13&zkdQFfB_ot2TRHd`0E`1Zu9r~|7pj{@qsh_NBXD!
zPu-vJZ*Zl5Zf^?zf-C)V!}u3mDcgTH_h$Rw&AnMzSegDASGwl{<ET6rccJy1YO@hx
zlhHIpy6X!=xJv-lgn$&fD<%dhL;~Im`gJ#2LkwYXhm6~la%xuO3zjQEjtq?UyHUYi
zUr?}sn{c0sI%Tc$GnV>^64z;LRK-j|gx>u6!74XGn$f$(liU0KMoQbnvPnhV$M+f^
z5iit@?LApg$PJ>`FWMF4G`}REAHo$h;ikpXQVw^sV_xuulPTZIYLosmSA^dJB2g%U
zj+@;`Jx|JpR|+<y)w*b4M>}oOuh-wvLWz+l9)g&pW`TuS>_4EA#`VTcSJrEu&5s_4
zaOiui9_z#7duwVkQoVL~ai~|2Te$F};DR`K`}?_&R$@xVaU8ZV7GP4(PQ-3k;Q=|m
zC?3gU4))|+AoLw}<l*l@2uCy@h@BH3?w>$is=(+z;~K71x`u$4_j~>dJ)I4{DcQF`
zcM#^glA_mN*vFXXhq@#&ms8piuOF*QphkU*7VlJGTFCB#fnkwl7Z4Au;Wb0Jk>Z@<
z(I=iVK(w`QPn$#lco@0~nYgJ2MotT#9Q?XZt|9SZYc@$i=!3d1k1S5UsYKfQ7sR{Q
zkTF&-2SaYVgud`PE|5mx57#j7y2tB%=Wxcvta^MwI~>9WF%-NX;?YOZH#gjlhN!hk
zk@*<7m-Vp)Vm*3+GCg)ckLdj+uQ;YVOjE)O8tc+n9ib(7p2e341PILsqFi5@YS2CO
z7(0rnU*8uh3RM-{_qMC2g-K!1dqWP;QO8?!%GDUiJ?z&@ld3SAB*t$}jHXIQ#Y8wz
zU?1G77k2Ccxb`V?L_uG`n9zxwbE~tAOVU-BN?UYBbgHvk%G(-?<;dTDnU5Cq!eCc0
z6xoW;iD#<7&$GfJm(|KQ6edJ#l)%*NZtM|V7Z)nzh16V-*E3BOA1tu%_U|s_>|BQp
z<`^oo?e2@%al&}0Y@)oCN>P+GYXm&37J8{>#WaJ@%Y?sXqeSJhG$1}dfx9_7FD^O)
zNUdrHMCjzN)i7cMG?U^+Y>{xt%C!$kdI#y^k<wz1AE~H_h<o#*1aQ4OW(YF{f1wt0
z+d=i)x8E@F78<W%l^C0eM%1&(KHOw)O=;-MVU}84^das_Ec~X|Twpk{RqCgT3AX~p
zwC6zF2}Ke@M41M_mXmgV{#~rbEfq8t26w~kSMp<}*aRXOF_2bpVoU0$&i?M=VAqf$
z=+d-Yr)Q|Lon)Rl>#W?e9c@+&$neE#RF@CAesz(mU0uH#GCS*`z!xb0Acm4+vohYY
zdUKv^OG?u*Gw78I{Z`$T0;M`i9}a`svBiP-Dzgl43o}W!nr~kFi%h9C-`QYy!-eel
zcuQ<Eis?nG_ZnW9f*1SyA&uF7pb7%T)a&dhubs9Y+Al2Cr-s`qaK$K`H}cCwEJ@+=
zLAV{{<~2P=h3|L33CImuc;=Q{<BV!qyGjd}i(&D^tR>;B#~2CXipxfR=!Rmf?>g^l
zZOF}`l_dW_I2HJoXh&&bUY=gW)Zf)bm9LYHTF0)`9|ZNPIw`9B&5g>=jMgKvZndv5
zJO0P~uWTvr+t9Ev7J3uYQPz4?al7Nv&qi8On0iQMH8+`52kHGyQPlhM^Xy8rA=bxs
zYD<=LequLYy6fzAegzVY{oL{^+{#&Ity(?~l{S}j7&8fj&D+5a$tB}Sa3(|I@v*ck
zZFaJ(<jhxsXM-n`3BNT9rnEM-T-?JtDK%DcGzQu3up%h_j&C}<x6k$?G-b5AsJUGQ
zUc-TSCEYlW7O3PC{KMRcWnm#Pzv#Kph&hTOld&{R2rJejWckC=SSZd|g<nQzThy*8
zR-fp%wHpYyGYq`MI`B&=|D}99w7^bj@f~Y^NOsdvBrxxk6FEe{+D0`RhodM;nq%_0
z+=QVYdI`nN_m>~lnHF;jruc+!xgoRLQIgf&KE|0!uKkz?@>~qD^CbE;wZ5M#grl(8
zoalUZm<QdQS>C=s1QoU~1uG#ID#or{l|bAvCY7NcZ<hcE#XzhLqo#^oQ8kc6ZM|@i
zxAZ3i9$dcAWF3tP%S4|RxC)iH+<cZs07DAV4^AgAbS4Qa>(uW>Sf*^cX4OFkZ5C!N
zt!ZM!1Cz6b{O8vLiFFkhPx@&4s&h0o*-hYm!y;=v!xd+bwC9uUzw~{)^T2KHIpHXj
zC9qc<HI20TLj-hfnVxnRANTc3`?H2aNsPe(cOJr)_dv@H=gKOx%e?UtO)j`O_LH#n
zX-BZE6C`TH)=ubN38Lg4=;+M^&=xW1i9tRtL8@_-^d#-r<B{93Zn!|P^>gGwh`~#`
zqnO1!ui33NBgFMp(5u>b(NE@i0+9+{kl%!<Xl|x)Bu1?ALQq)LL?h(AwlTBjN-fH=
zguYR!ej(}-h8mZ&l=0R@!imn5^_GE3CM}Hl7LzIVMcCVF7!k@Aii#sY$gMfwwYfzc
z*h&QFXRP@B-k%KB)k@oyfT%*@ez@QOy~?@*z`_CQ_|-cSjLrO)u`y`iXHAx;WyMU1
z*Yh*skWUu&y*h$}0(dj~KcIhK&hwF|dPfV>6pC`0$Mj~Bs0E&o%JF~ee<mi)_T(?y
zOGEy2&RsoADNlqdK0v}xlr4<lt2v!Pl1x7*rqq24vvZlB9~|n4h{9&qw_}(r5%Tdo
zp4SKR+tb;Zp!?}jV{55}B$1X5-2$N@aGMTM0_-8$QX!MI)@zz!mmdle$rE)lk?!tv
zo2(DyXH{Frd(~7!hEvSjbmd9g*tX9v+;w7F`fNM8E!kzG1d2dGneUTFw&HLFx`RYu
zv}oc;Y4-qN6f#p9fn(awI*y__QmHiqcJpgvXjI$4^gLaqo9PTiXJxq4%;&=zNJ-QW
z{cQLqMqF!cq{?ItM{Ft<kB|}KX-@2<Oz{jN6&+nRmYGOZVA~)bG}7$W3BcG2GIkjU
zt>l(1h38kz60Lp7m{|>dsu4)asjqtF4+bwhyC-8Bn)dz|0BbLidSMz;NDt|<A9iYG
z=hE+7IC2hEO9_>NK9xf+9C!|%i!K+u2M73<S&)s(&KNw7Gp`)H#wm~z9?LukSk4NF
zb;%jmJ`i}PO-~5kEiV=L(%ViZ_|aVf8JA5)_|*e1S(l$)5JI`{!?}zy@5liz+;Ss~
z{O~WlZIy(QdlEbslJKp=m~eTRp?1OCnU-u(HdruN0$g7amlZXxMp@<>a|d`yV4(sb
zmg%jtXI#7Gx;NQ5?BFMLQ|p#M?C>TV!I=z&$8A!-7;<q}GV+8d>Z3PNKR0TPX<T08
zVO)M1#=80jhJFb*klAu?C6jBE96Pu6Qj<mbDsK4Lf7vutqiDi^pF81Sbe+JjIox$1
z4irg6g^bU8P*TPxD|xZsBGm^AcDocKM5+vCo}we{_UeEQV$0^%PTiXGYAYBEh&os}
z2%OyiQb7GXTie=m<8wBM@d?99^N7T|o|h>UC?mo2QYFlxwKYgq2N44S9^w&t-+(Zu
zqy`09pO*aUxpU`jrQ|Qmx+eP;U#p1f@n60Rt)F^9yC{(9!`ts}p7BfhUb>&P!EW#A
zXIfP25cuxb$u1XN#(uCq^|kqi^8{L4Tj<PHB0;FUSO*X+o6W-IO@68cU-ncJelSGL
z%v_f!ZCE1w1yLH0HpHZd?qiP_C^bmvT~VFg3%$o(x*a_ya6+)+wHR_@XWvD)dTJ@w
za_Uh(vvenXw-;EYR(TlsL(qzy>c`kk0;<-ga1C||+58AIc5*(7^iNXD^UkB02VIW&
zqgo-_S!drD=5!Hh>|`t(T>-k1NJq#Zi+0-`hz;!5O9wwZx8?XL(XFv5oTB$v2csLG
zhDwDGTk>j-+=(biKu%Kz*eAbG1basW72{PckFQqLy^04}D)2o*tyx&I@pcxQK~mQA
zferz}6K&=LYu27ht`|>W^WWZfz#i@F1Qk{GlLn6+W%SdHm}JQ^M2CjU0b5@}s86yz
zY`sDr#jhVsXrkyv@FF0!zw(oSe$A?%Jd2dWZRQigcAMNZxqclacb$fEx=XW9Hl(lm
zzT)RXQW*P0+C0KR-m=)$d5`zqQ~|pyIRRZUkRBr(eL^FaaGy#qOUgP#I3&kqtWP$q
zosILNf60CDUCH$(Ax9h6&F}`L73>+$|I1|^$U;MCImT<kclYR4;GsSRt{>j-wSI1-
zzK20X<>=2~%b9cL_?C^{Z~-H~tGNncO1&5AmW6#3dbiYmIdtL-jD+KJxt}87hSNZN
zwd3eK_CyuM9l*7%(;c*$B|Nc7wR>45oCS<?QCOwg$ORCi5MXwN{<I`Of%6yGf<0OA
z^YWE<CPC4{;6x?-oS+;F4`VH|cns+e+LH0}NhMTCW00bMSNSoD55UYQ;Yn)won2NV
z{!ud(+Jnx<rLh<^a~TFqt1!Nku*)LXf%GXB-(DYQD3cX92+!XRg0udG{x$4glitni
z&2ySnCnOQ+995V>5-vYe-We+^mqZH(4y;UoMoyvHlHb(d&&z62`+05N%f;H<EqCLz
zqu}g$f$w4vI|8!kY0SZ``D7fvT?Ct&?FsJW*8>6F(<PQjIhKoLXwG>WiO*_;{31Pf
z9Omx^KFmvevg+eX($yrWv82g4VJbQ$49156n0)anB+O=EF(>!UEK#A0Jr`HjJ@dr<
z_Muntd;W$WNB*HPx_r~n2p%q<f<ZRnXCazF1k64eNR&;xMOPwhGIaW=$fdD!;afvX
z?@Q;3_sQ(dvwcaXj9Coj{_tI@^4RijU4+Gg_BVQWSjXadT$g-@8)<MmHOx4|dmAzo
zx((RCcs)Jr&)|Vey6Aj10p2#WK!|iWmEUWj86FR;XE#Xtk;J?Rm)LQnWhd-L3J^7l
z=cj>ok%NLH^TY&41yaC0FnPC!iuq%FY`C_2(rzRnjx{n0LZTRa^AAM};vFR59gKCQ
zS)%%~l}w}EFOb14T@>`Bgn#?=Gs9xgVfH@UVwC)`+7(7FdBQNqi#Q2baXrYmYPJG&
za3q0tM!8QQb-wote(=-LPNH|uZxqw7E0$E|?+fhK^=0LT*=++s^2dv)v?VB3MSO$}
z;rZa$zCbf;vq&x?qu@1o7Yv?N$S<YMVfC2EQee<)#R7xIel%w4$rIF5;040m+@&TY
z8>p+GX&h}-zl7S2_qzd}<6S@AAj5~1KluOF#$U~NUcH$<*y<x3#C!dY#<jE<G_4wn
zOaB-?Z-%}PL!7*JX4SL?f@d+gbJ^T#9&vI>cjIi$UBV*}z6l^zA9NkDIa%1$T9Pc&
z%56OKx#s0K@Ik~s<mK4+5#&9*<}ZLx2H<VY@nT$e)$nqh`Q-3Y-0+86Y>#Gecr3BH
z3o5p5d#iyadRkbt-Y`Xo8s{<`dmA?n<TSxIQCba^>(T*Vv?i{GyT6$8i+{3#egl^0
zk14a3ZHI}jM~<tErnLxB%hgQ{-@k#x1R`PD40-`jh=n7aXXh%KRE6p9Wh<;!LJVYL
zXxUagQ*mSWOeO23)9DTAV-3Ntz7MVJaqUeEZ)0M1Tc>LfRm3<9M+>`a<}<+*@yK{c
zM`@7bM}rZukGMgm#?TL=sm|}}R(pD*4Q?e)2N>=!x+WyAy_-ImJ{$nMu*ad${WHFX
zi1rLz68hFfld=NM3=r)xQh_Nn5Y@Cz%n^}BKhxO4&?1QeRoxh2dwBWPEt{4Ep-ozW
zQ;W8rd&(?9c(<+4VjLZdsa*J*FQ~YDU9DKVWfbihY^w%aXQwa{q87f5HUE5Ae)DUZ
z<UQU}MM<<H^(svcmEwqo8p1>fD~wtW+zj=kCB~1S6}`ajvVibFLaDF?1zK6^Te`_1
z1VXX}ZTL1@Dqa@*?q!Aa*>;xtqU>-I$2V9;^)0rN+9E#pF~`GD2XX|6&LaV*I>KF_
zA2T?UcL5WIGsEZRy!O?1=?i@K1`qM&0qMC{zYa>qZfz{ov^NMK>1)@x8h@T0R<mBK
z><+|FG}S-i-?QH?OjIpKgU#IzO%=4IaFv%&$Vo12wct#ELF{{fdtz~|^6@G<uRZD8
z=V*UVLyG$Hi`m1Xk9~d)DOCKT6m)=;gNi>36fm7z$)+W-*U&=uEbyB&Hz}1^An_aS
zq!eBo_UMAbz+p&4XWaCX!$A!n@8^nZ{?MrpvoRabc-A)X-=iagUpyN9IpT8YCN=EJ
z4Zh>=d!JP|62-f3#9;0QdN-hNS<2bt7TI`*RtVhnq%)MLNNb`y#-d<;kIARoG4Mu5
zW^TbDRk4()L%Q`{ivMn?BQls(ibaV4Ew_Z|iR1DKYaev@3m+Wh-8X|wo(s!OrOgGe
z4$x9~$F0v0ruC<_ZvAA1+i^r@=$Exk(z*R{v0$H{k(BoUCakhxHI;jp>f%3OweE{1
zcrVxAc;I<(oh}~_JU+AgEWT7<Ty^zNoxlG2`M%Gk_<jXTVObgbD2C%A`9S#e3*51e
zrnOS|scz2v(6T2Hn{&-_u&iaG2`qh8U&bPg3r+6nWwYU?A|395ndSBHW@pCl=&nb8
zV4OlpxFTY@kcMLr(N??sgbxW4H@;`*9uUvy*j`laMA>%1d7tr8yxeP!qKfYBFW3_?
zw8GpT$$!5yHVQY#_A8=$A-_v-=I3Q?+05ZW&E|fotRC(l(n-4%{%Z)lz__Z+Q}d1)
zM44@;*GYxmOhN2-l;omO`9fldGst(r2T35%071fymG`OfK1GYlsk6ST^{~d}jbo6{
z-$4~zUrH1|qzbbJJu64md~94-nMsT0#d2-(;C@w=wbras|HkM1{j9`JG=T4NuTI<1
zXyshCowAjo@p74znR?r4<Zkt53HkJyouwkQf?E5sNEzZC{yhxALKSzy)jX%+1)jv1
z`HkSN?cEjdI#5~#amo9d?U%->a(!NyI?$|lqo$CQkK`_>m2$<-PyrV73$rL@J_?;i
zo6O2+ZP91CK}<p_ilV;6(wxUNM30!}nw;=E5E*fTw@EKB6gsK9Z5!wEy8?21^hpC=
z<=bri8t(va!0{I8^-^6r!<b&HR4M;{U~RHKV4I1+L}Nu%T2l4A6ERT(?Wz_Erg0sH
zj0Oq+F%L@8@yA=2FKwaW6aA3N^cUXx=wG5)DOm%)UZ6*^QWz6#Pxxdsk$E?o$Y?{b
zS*yOJNQi8Sm3|c6GRXDO7SQ)8m0>6$>`9ervB3^Wl|C=3FZobh;z2i|P%UBwH!jHb
zEyc8DWG95Z?|b^E>dP+67UK0(WkKn_)6-K;1ubrp>Je9!3K~jExf*TyHUg@1RXI6^
zvW5ypCx>SzhcY*{4kw8P8f|7N-A0NM4oq<;>q(~igVI5`F72hY1+l)<Gikr1&1G#j
zN^MQweu+!yh?Z3IREaLd3h}EiEAkAP&lb1^Oh=!biErANSU9*8*R}b{7wlt7Qhcva
zYsn_BDr?g(-lUEVa_S>#M5&@%O4EUv$oQ_LC$+tb8WZ&X{VTzU7}t__8N>=LiMU#j
zH?7wWr~qxQk8LzhZi-?Zp$Z|qE;X6(OG#u2Vn@<Uxxg~+qH|>WYn?_H?8&!rnRW69
z=ujQJgJpkh{peK`eA3IL-UFF(@nmac>vIAZYs1aPG{x#$=f+u;+|}?2b8F^pPPv2*
zVRFBUPE*6`yG<M90s}0wEt5OTHrV%Cn{c#npgU8)x;T9UxgX0ZM@oE}02i5R*R8tn
zd^BpR19rhHM_5JTZ$B&dJtU}i+&<273**)8$3pa#o}pCm4OD#6$M+-L2NTvOj&S`{
zYjkY~nDFn!dj{<WSGq58+lwdx(Hb*jt0Dd$NOhQm@yt_>maylnI76_J7~K3@o<hlG
zzLl!;t!lN0a7=C*i-sJfo@D7j{n{4C^oGk<AWrDpu^wH*+=xwzKG)77@5f@uzB`b!
z!SbEFsY1O;GmXOQ6z!T}WE-!SrvJJeVL@lZiKC^j*031<Ac^zMOv5kLf~#E1G03BN
zfD!xgjKQ&?2sg)JXUUfK41J`-*fj1C2E0OqW@W(mq+;uVs<*T&-N^({Bw7ef>;+Uc
zU<8zw2@mzdc{t+FJh1Wp7Fy%v5N0oU?HG!4WmY_p8cwmV3BJ2J)NvV}U-ZFg+i7Mv
zKTVAlZOad6CO<OTU9y+4_%&#|Vjyx4r^vZNNQ_l)V+vm}AGU97#?cWoW0#3{1S>6i
zF6u(l_x+>`L(K9By53%~#+>;#M*3bo;!#S|_XgQwC)|8i+(Mu=(z(!$hhv;dO}Fi}
z>CqnVFWh?|!~)N0SZxLw_jLCw!xp_@j8j5bG<*e*Jih%^=t&=MS`}2Pq!l$U&9k$H
z6Sg)xt5F6yx5dfuY_gFOTn?I@HD7&--LXe?5A*;DM{2q2k=+tt(s-RXu>%R8bK@Xf
z(LpwN8Y;uR)uTR1xhO!Y+zVO3{zCrX0k&rNLXcN=@LCT&A~fZZS9Uzl)-7eS48+Lc
zBJ^~RtBd6qcEjQi8|&HvSsG#oa&zgUAFUd;ZmDB2#D-w^69EqFZqp8gyhC{f6P&uQ
zxcf(qJJD&s$r9F^r>m2~V3+$}M{X8_Y{h4PTQj~-F-FH5?ix+62Fz1pCdS`yt+8<%
z{Fv-H7MRFgl{r`5Mxxi|rROVG$a{UZnrrZL0k}=e%nelr_DyYzPnQoM?-=7GM1$!e
zuIHd_(UzcO2y?KVjX+PVs-2*3vg2FXL>eFl=_*#n{j80@WFw5LGoHDUEKAWSn<3|?
z?=UiDJeO5uu8dg-^&M)95&hYss_i_+nIsf~ikyMd5N&kXkUDYH)GcY7;Y?OzALewt
z==Dl=1|+t3amrw^S*^TOOBZcOw4r2PUX}`DkH~lpHT)W(YamJ=5v!%>V}7mI=%t>@
zG?Bc!(Kp|0<>7FZoUv`E!?v&zcy$_6JR4BM2{c$?yWTb0JNWqo*GY0~ZJy&SUG6YM
z>58w(7rMd|Vkc5HwwpMTLl)F%kL)nQAsYNW0uR~np?GEVx}(4lS>yU<jo4@%CQj0I
zWW4>IWrG{GqTaGxr6$-m(IHmb=E=SsXgvMWd$ckBcqg@O%$if;w=fG;uBCOkFEi9i
za<A-+-u!qJhs7t3%IqKW!rj(2D((OL{J><Sk`@HLI9xLu7=I_3ofjY)a=Bj^y1_Ml
zUvJO5!HbuHe<$31Bg)k<fAOG{VJlTE*Z(|j%DfPUYTjir@ZM|zD$ws9VaC?<Zv8%}
zg$=6k_4p_AiSI-w;RDeNlquYx_ZI}ylMMAv+d^<12(O2V^5wJ=+Lg5D>+7vhql$L_
zHF93eaQE$)q>X3ZZY~F4LmP678Sdg*D=|)+(?HppDo<P2WG$_F)yitPW;HE_bp2Ob
zef|9I1|@_2vn~;Fp54|@<O3q<j)W%8OE99}^gD9K)d7YwN%c&kl-K2>s^WDAXfzZv
z>C_aRbj;{n6&)u{J+V=|Pi5VXm>x1I<LPQ65g|MJc6|Od8+pGS<Tb`~7_u{Fit<GZ
z;>=vZ(*ZPv@Vo@Y@HqB`_v_MgEtf@W9htdOE%<vI5ejw0jmwB6#~iKa3_R`_zst?q
z<L6%y;9e10$2K)bX6N=bks}g}Cg^`C-Mx5b8q?EJ(9UR$4$+PPzTy^aJs3^OsPpKn
znRTJ+*MVp#(;gJm9K^n&K=1)^h)44g4Q3#hS#+iyJ!&6@nXZT*x&Zt<3-p%A>Q@Ju
zMhA74lItf-d8Co@`E4IiwvhJE%lUgFR=>A%QY0#NwHABDMOpL}Nor2^5<qWBV=u>)
zvz_-*`AI7}sX;Q0BesS^e?93s*$jWU$A?5L;1&=MOyCv_JoCHV8S%R<YdFVkX^z!E
zua%U26LAveM^wKGLLDxxMs;ASzD{=iuBW!7>7X|I>Yz5qWnot+Rgm@DxO_zpbLR9V
zN6_ifw6rNer)JpS994O*9^en`T8VtES1<cra2Nc0U7hxK83>W~+a&9PWeuFNlI47r
z;PsAvz!`$l9-LmAZfCZ8v$oRnr8xLE>_Y6!0Ps)g7d(vbP+1p313_-&{xUc`jIP^F
z$QxY1ne=Mskvks1)ov5HpId>y3@*>@cu|#N^u1Ca<*5=bTn3NbU92+ioKx|6EP^IV
zaICKYjNls>p#}FY72MK60F5wV7K6~f-<5&Om7&YEZ{~6mJXo<|`R_Eu>(NlBf&<4`
zoQm&vO^feg)j!PW_+vFd3nkNw#!gZxN5A30)Dv3A%2mh_+Cqx@)p#pytsSl%@cee0
zf3`X2T4$^nJG=F!g<d)fWF5hcW?pq?9DH|=!LL&r*^ft$JxDl+o1n>%FOQX_kBAo?
z7TkNYwrFZwRiKNFxoYM(d{a|su`j~=<XWy;JTSK$<E>DEUQ*Xwch>I@^lZUGEScew
z`J!49;*gsAaPhsoqiTypuli^urvUQPlu3$3M~zitbROqw*1$YVWq`e=Px-2q0+|W6
zKP8Qssp%~G+&n8ou?VZWh5q|XBYlfJy+LQziHJf8eY;FVe|&MmtErfoSe`<0a<Z?a
zbe88j9?7@t^!1UD#NNf8C#&jpO8A&=3`VO5`(<XvnUZ`<W1KF#Lur0}!CHCc+rad&
z_Ey_AAeW7?=IgZDno303nFtTHzfXdtoHxjKQ_5yd;pBN|&EU(n&LMvw3=M95bY2gf
zE9cNO1uQaBd_al#0Yi~iwu$o7oN}|`hqca5C@m=}Dxxx7K$>4(RCzvGh-Aa2FKc~m
z)C)Q$^l0<H6Kni=k^jfdmxF-~@Smb5w*OZ*U*Z2t^hEm~7QKHv`m%BSv!yQ+$A5~S
z04xLm0Mox}pFZ4v|I^d=|5N?+(emGmpZ*dm{ImFp?Y~?4erUV?H}O-{h`A2~g7Ezt
zH2sWlFR?ERl7IxE7|oNMIA7-?NS#us{-}3H1&@q+5sbPao`c>-P;tF^T<ug!k`qKc
zoB|ZcNGldxZGb#gbgq(^`8ndct4^|z%!*lvUy*W;1`3I@LtS5T*cqM9*_M}3g@|XA
zac)aQv5i%O@hccIg`}=Ryi(`pJ~#7gH(8)uorNE@WXoyVZpBu;Q6^=-xFd817)`Pj
zgH+hJU=BK?DHhVtq;GT4G-6L)9!xuG$O~8lOHH<^MEEun0g)9vhF-`M1Dy~P0BiSK
zSLjtocOhQ=^a;X<YkDuMamCGH8&nL#dHxVrVHw?*!PmYw$@Ode5(@1wE4D42N&NFr
zrHd9W9+Qgh>#w`6p;-TJ2L1mu?){&q%)eFrFn+i~|C8$HkBa4wvgMB|=1=-Z-SW4R
z<}a1YKk|R8fBshX{CDNcUvvCllrMkHmVZ^g{CA^Xw*S?rmx-B$jpLt{FQ=|Bj!JWN
z7g`65%!VI6x=Aro(L<jAJCUE@A|t<vv9O7XA%sOhA|kVrc#)8_UV#cpB6n%fh!Gn5
z8dGbSn1!f-yQ0)d<USY+7b;9TEB|gmC)Nn@_LF+6y9Y2QU0mE<u06lLzuWoSjPttu
zhwi0qe%Xc1$U;*=RBu|`F?&K&Y3Ajbe8cra`hrE6Ij*@}ewuhG%oGogtiz+a!EG@$
zeg3LPN;s|lz{_B<b@eo0K)tx%bzkc9)sD5!;$<*RXfT#xdeE#hSU)OG#q}L_LzIoi
zxT9%C(p_j!33H=?#xz;o<~0EwZ{S|^(yc!`IVEMKcZQo#_(7t!k2U1?I>*%!iR%KS
zxMOWoQQ0d(lci_mv3AbsSee}zz3Dl(|9J*-H(!9Ar}h*7)6cAP9Qr`C66tC#y@G9P
zmswvS3kB<7`Z+$+hd>ruOMXi|=YEQ-_fyeTQCCN8;d4U|(78hV2ipr7z9?`t5e+1#
z?To!n1Fdd8$-)#3=~WPE5H9fWD7)O`KoIt?rkEUkdp3`Y$s88|A1rcL3Rf|Mucm&C
z94|%$80hhBKgm5vGb*j2TeJu*2>Q`$!TC_$g|8S~+}(J|Hn#{ZYA(3YGll^KfII0f
zcl(&QN*|Ue)(5xPlb>Vs(b6B#dPP_qfWbt-5O+1+xdX8SNUrIo{1u~<CwEsG8L&FS
zRiOQg7q{#>86R1|AhI4z)8~#hJ?eXq`IK*O0_*SOwl5VE9lY;PFUQvv6Yp&qf`@zX
zK&8jz7o43T93}{qP(GW%wq2x`b%_p*HeUVyy_pUh@vc7fy#wj-G!{m37Xg+12P<7c
z^l(fbD&h~tvbSeEo6ZA+M=?DqU??Rq(|MJykCN*oddwIREFFXiO`)4oaU|p*z)i8F
z$GVc@aK8I$ZlHV^7I_XI(z!NuG}wwv=?AQzxPUlERjn)6)HPLi{A3cr_kc&+`-IOz
z?ZXwQ0e-eG=&jlLY~0QwP6UU%hY@w(31m3zjGYKJ;cbo{&aF+mJ-*NWsslPu&O^M2
zjO_sx)MP5sK=5~gq(d-Dn{FabjzTwe+1naYykU<r=a{BiUrkn5^fzX+8N^p*cHz5w
zCA-4+fG4z&5paaW<}{4PB+Rfu+Wv%uu<Ip}ds&)twLMM;ll)evFF&o!h>dIOo#hG!
zV8g&`S(lSB_tJ4_nDQmND>T&G*MJ#VscME1%8{q`5c3=_pe2w<M(c1_4xXqSO%K_p
zI8^|7FDm`UM6K(dr)6Ur&=5JB#b}1bYMada@dq;RUsDR+@=VTO)${$!z_HbIe^fxl
z)GgmtwV9l)9+BA;3tF31*6-(EF=+dIT7k;YT9re?Q&DgRQ2~B;RA&EW+ZnPL2A83-
znpxK60IeQ&{}U1Sj_|hbtKHnJTqfraU$g1it2r+%j~{)8R*T5c+WtQi)~=%PO{l39
zB5PRt_(}XL`>qS*(hU3i{gPJp>ZG2Zma%A80fy~B4ORz{uiTaWxbYounNL=q5Ml_E
zlZ(sJWdX_Bf_W6_6=kaG10+o`R^i}9s1x+r=)ywRWDA6MU-$aHc5QdT$<xtX92std
ze*tO-5|yheN~x9>37>t9uL4GT7~i}h5b!DXIAgj*GUe->$X8GnGn7bqVpCw5710$J
zLSpm;X97*0jICVd)CDQkW_p4M9e%>s--ctWGv%~44o>94+bE9EA4y)`1DkSLRK8L|
z){xaqSR5AW8C347=|*B_H~ePO^|!9_5|%?wmtRZS-U!(<>N1)$nU{hwo|#vwDEfGM
z2ap#w`Iyv?TqW;s8;41obv_x+KlRL<l|r_ZU~dxP=o!n*7{vM_m$ya1O|X<@^<RMd
zb$v_c+bjy~j!myvN)`Jx`D?ykNNwj0rzvLY=%LPN*5{-*=p4S~`cO(ptDIU?Fk>V%
zdd>37sL+)=C+b7+&31oMe(;M|;gH;deVJ;A(3j7g;`3*-LpZKb4qEEwttNWm9uQN^
zf*j6swR!Bz+il_Xwj$~}hjaWmWwFso?_tUV>Ni-ja&uSAOOOl^YS?GAf|#=Ver8Vl
zp5#)rANE12+b`U-OM-`4(A`6X{$h6C;g(@sg{ScTYgv^Xb*&59a#>A0hg}2)aAd-e
z$3?S7XYlRNv&zvz4j9ngkwPhu%`*F4kGtHap<Bj%CdJa~A?Q;#_jO+n;*o)?{3vr4
zoi4Kkad)iy9a00SykX-s9-W?z*+ivs_t+}DhU~Eue03Uv-+gTE)l?>f>%ciLfMv~r
z06%CC*V}Qgo;l&!0m2cKUJES1I`!MLmYYZerN=YNVXu+pN*d}{^t7V==;|LvB9GAT
zw5U6fTZbZnVl=)Ny%GwxEvQ0Ts7~SpNiJ*Wr=)%^%=a>b(2ifyZCgK=Pslo4<>E8G
zNpK1a+$+o@>R{596EVF9@_IQe;%->F5)BZ3mFF-@KsvP_>Iy=FxA#IXEe2_XV~XnR
z+ePdaClWz(3nh_7=PKh=sIl^GtXda_9+DqM$!$DoIZ4e}Bph6!yzv}kTr;nW0ZX{>
zUMmNnKF2PX=0VR=Ge~;Df<>cLQdnLggTYZ*R(yHS{}%P730e#q=liAuG<U(LQsqoR
zFEHp>3d^c5Nzf0d9C@Ac;Fp14Qc$67O1`jDSxTeyXLXK<qBv%J<|*lXg)TMxCYC4X
zh2X<b*xK`{o>8EoCcPMAQD{DfdU%8m3@`X@HusxqEjhneSXFv@;Ia67MRa3$sMdVH
zI1;k1Y%0d7JR=!XuM-HgD@xpF)mHLlH$>vJe$Q~`-_PSSURk+`{yI{!yhsC9Ts<Ej
z_uqZ1?MUS1NIUw<#hu>?oL@m>V_2wkmj0aWX=ks0Gc!G{FsI|HHZ~F2pCv7r0`a-M
z?N$oul0iPRm>;1A0P2*Unu_3CZ18=W{;fyBIQY4^UCv%IuVo@e5Zc9s2hipR0JLGK
z3YL67QRU(F<0aFZ(i5gP-}%Yw05dR#Zh;7B*YvCs@UkS$U;5fj1}x}|sM0n+;B*u_
z*m~wBxvX(4U;1o6Knpki+cwn3QW{B&3u1kmv_$tw@5ni5C##rA$cd3pIW7*gLL&4U
z57Ik8#u)O4zvvsvQZ4nB)Go^^m~JKp8)Um;#<Zk{oio-utTVLrZRdbMJ_3;~`vvAJ
z*0#+v2l@Hx;Y`eGdsusEer`Akol(x1G@C(DX0uBps5oeega#DBB~*#t8a=x;?*Wy(
zEb4L7nES6Q!8rW#OTm16DO?4&+m2t{&vG6RZuH~jB$R%y5Y*4m&s2gW%Rh@p$El&9
z4>EBTHX?UzWhWx7N$D1#y(1|?Q5*r3h?&uHUwzdKzN_S_dt)WBMD6M!N3ci6#>Vg@
zO$<V6{j7pclEn*34Q%~FnSt}k&?D+NYo0vaQPe!m>D6KHiVfp=>^lS7)z&9Ut;Q@o
z32gJWy3cLe?9LtLv%{8Ge(QQ`iQB)$rMfD}#ZScT?ns)H(Z%pko5j3aMsg(au!~wa
z`sPWGh^KSQmrEn2H@{)6ri1GnSz2MW#(+=ccfC$6jIwM_PkZKeZLut7fPX}(;Auv3
zW6L^Zs;GuF`DfMAns?35g-fVtcc<sqg^!O(NoTwc8AUwrr@RD1XL__w9@TRDWw-S%
zP6;p?DwSV*8uPfO=FBfFE^T^Ysy`Ll<9zOkFZ?VmRHw@0GvUe3PR@l{K~j;&b@iC1
zh}Iw!ewe`0ARO-L@OZXRuHNJ^Bipnb$Nt*dk^Z5_voZ1T$uwVYvN^Efl6r1NXFVbq
z+TFN?CGwF3%Md;#G;bP+-c;*5=53F<E|0!JDM~lF<FA8PQ<HKUgP;^*&T>sg;w%kP
zF)8<1XP9+;<KX?A@#OczaTboRs!JBsF&2aovlq0|rSl9l<>b>6bSoscXE$@z7^P5R
z+;+j2N!L{p$Ior#dOOQW$&u`gK_-CDJH!^L9EgBVy0SFt9p;b0a}JPMgDz2@U)mwi
zKYfDmnt^}chB)?ki*aFl8LcFAhm|-Z3v<rT6OCtlx&5@UW4)po4J~9R=W{7$w`zdO
zskB(p&GtcO8C2?G@Lc@4<Jz^P5P0nuZf{_li7PC_Sxg7B2udac_Jgtqt%A{%!{8+`
z6=p!Tv^-BYuA%mX%8QG~^|x%?8#~zTEnMx5*G`nGKwBnK1A|(}=$?Y!(vc;X9{O&R
zz7uPtP-NOSjo^{8Qv2Z`nSxNW7}SE4#!kW}y*aAe!)}I1O*9x4q=s!<o%}-h##B0{
zbEKucY3^be-A7|ogCYiLzac8U!cFC_?Czin<%b`B?8=Kd-N;lgN`5ZN5A3M%g>nN3
z!Agm_0?p9kRDo2kdEMkxI7(Z>sOd^uK=6&cZUxle%8gonI;hq;xCGqO?@E4xRNQ@m
z_YB*R-1OlzSC>~%;P=(g9h@*{%@hlahZPtzgT0cl>zhBJc0K{xLqC7mB7*Y*VOvKV
z!^mBEbnRlHheCgg_(1sVPhhN8b9jTVE(o@~sVZrkQH=_xP$>h0p_iyal?bEcUlsg%
zM(gdF!T5R+REj6d1?r%gF<yl78I-|3KXR6LLr}FM;zmIzH;VeL<Y3Y15_{unAe?>z
zaCR<2F>khHcRt}lmS@1A0hY49n92h|K+40Tg*_@5<#u(Mt}eOy`MF#M79xI()lhMF
zJ9a;XBxN=}Y=$#3IuuP73DiL6g(jxd_3dFQ8|r<r0(_fOZR(D6-6;(PBD_dtANaqi
zOxJXP-MqL~uKKQBWRR1SA~T~ZBswd<OZovYkQsPy{27SFo2c~Ex7KTx{Z)ek{U&{B
z8s=1fs#gU7qQ1pTI#{{ZBfB5wJJkt-QxABJfo=9a3@n8~GOpOhDIe-}>Og5R7&Cz{
ztqviGeahmUcGTY}2^&K$r){jFB(BD&mi1DWlYJc+>40xPPFbQUe8oE}tSUx0>rwU-
zo4y4NM{njQRmlReg`wG$DEqk&?RK_MG%`R6t(gPr`z-ScHr+_yt6UI2nVN^98;s3!
z%)k_UGFuS6wYeW)vFl{jOIE<#lh(-C)yB9aJsTQ!`1(By<c{lcOViygw8Kks5=k6^
zIpJr5G`?BMfqj^lN&h$fk)PJp+uw>UELaTrH&O<=Wk>IeAE}uXx2@yk*}*%3m+Fm3
zBa|==-#p3MeGWkJe+XwR3@lk*?pZ<-_(XjhH<-%z6Il)wFYFH$N4BvcmrZAh+Na8~
zR!zJm$(L1dgyjM(d2?N@U(|J|zE5Tg-oI_LgVAfU=H+{gzcmnL@UdO{SNSzz(~q^8
z9H-r4TSTWpagl|eq-DO}u}5K_@jet5>uIu?yAo;+mEk@pCGzudKbG?bDemHZRwC@u
z@2QhOpHiOg6fcB{C<|vc*kxpk3uBVW%fSefV#Yy=eRg34p`@|B?}#-sCbFU*(21I1
zTD{U8p{Jct6$-+HkHg$!?d|(4-TMJ(wG-JL9B$(~0z2QwXYpy!ojKFC?l^m&YQb(Q
z8?5u#)ID>uLc5Gszlkz;DM+i4qzlc)5Mp;mW`MEd)Lf^@j$t?=eV)qvm3@d6&z3e=
zPFFH(w4}2|^W#2NIo-U9gnX(BM)~gS^qdEw_@=FJzd#R(GvBWbL;GF?La{rlddW}8
z%SVE^Bo_yQe2-uOu$~zJH>7v=c=eQFrrv>vr0vE^&&(%^SNCd&000$^(#8+=&DTy5
zGP9+=lJzARb7>@U>qP2zB`+nrpc|?iD=BzrT`{f!ceR{_IDgJufB@o~Uh>DlL%U@@
zcAol}@h+bD$iySWJrRsS(Bb3Ub-9CU@A;UxM*1bC!)v|U3j|CE9v`aKu7<9@dJs3=
z3J!hkmDk{l?E-h3;l)4E3B<<09}CU&@&o1ifvyaz6>`@eVi$IiR0@+D<6!#h9@h$|
zmt!5_l&han2W!nD{4R`w^Vpq%BeiEEeaZf<?g*gq_?R+o%y6Jw(UL&gEU#|sG|ioa
zw@y6`@GUZmW}mXffU?r3NYPT~a(hYz%#0Nvq`F|bq|Ico7(VIS7zL^6ef$yG=Gq3K
zL4Hq9&$CD7KkJ8e1sm&3;W&p*_M+dd7qU|tv-JhB4n1NVz6UT}A2#cjf8B?^fa=V^
z?Iizne&q=hGoU9W8)n-wELKnbEeFcp^Z!ux7O;^tU7}^1*={p4Gcz+oo7paNo0+-I
z%*@Qp%*@Poo0%Ec-#_#3zS)_leJf>U=w?<_l}dS~2*o`oHW>v|SYlyxd)$y!_~0C$
zt@k}*lZiZtsP!>rz8-R$v%Eel*#{wrV2HcJ&Z8#$Aa=NIF*iKSkw);}p%O-J5Vpf{
z!mEtN2fRdj6D|K_5w@#LftgE1$K*V&Y|8CA{_;5z_c_urUR0`VS-BP-$K-<(_mxsk
z$&Bn>NRXCwk+*knW<*uHqN9}EMPVaS`J)?|zOQN*8BlH=-KsAzt%Jr{x0||2E`PZ-
z556@LTL$OA-OX;}^iY|D3kD<8k|@o+2-Hls>F)CM=lF_lXx47;7<81*D{Pud!{+V{
z>BBpFIvXRVf{xBLTCByIm%#OMc45F;&3`(ZN2qR$2#Tya=E1QwREc*N+Dc>z(hHQI
zsJ`w>-?7(gN3>0(0R6$Ww5uzjPx&!IwOaK!C=hAA7K7UmLq;-?vJ00_PI$R}drCfb
zE2ag;QlYe`^7qaFDos@hM{uh*j<)D*FRMxn4{)$Dq}fS)AWl;P7Hd{Ii=B}Ga^RKE
z`@s`_#aF*lHb2(O(@5z^d@O&G;LvP)w&knsFa$y_R0|=<UGU6l*!YlqJ45IFDE<X+
z=Sja)xb;{zBb%$rbFh5J69~=~JghbMpv!EQj!`1trm>`OboF}T2^zX2aYiC}PD=(A
zy~|15{Ds|aTgL)O8$=)8%B~+gg0cs}B#1a~%{EA9Mb|vYAEgAj36v*1nUcpG6_mUT
z4`JG(FciuAP(u-2VEl;h)iCMt87L_i{rA9n>IZ3?jvLmtXQb`Qj)v<Z><3Er57v-g
z3~`)4%wKG1q_@6&e$5(IE*RVus^0m>yO!9DtVA7)gken<EmT#Zdz_m<Z@4pOzVHx{
zqm`+NoSdnb%k}k)2@eN*{0?8E`;0dEs6*;^l^Yn;1r9L-#<s0EUkpzuPe@Nt<RNU;
zk@f34%}w2FEy=FeH-@fqyIwp)U1(`}KlcQ!aDd~1bs?{9va62f-oE1LuY7{3eG)Br
z7uL5$jZ33>dK-5(9O7o(q0Lkcz|zI)Y!kGj=$dn&G=S-IWZMu_9}kW4*~pDTmtd!u
ze`RJ^<}znn{N`?Xd*N@Q)myadcxQHnZ1Hxz4!?yUO73=HVwzW%g*mWf^=i*Dw1ec8
zV=n@3GK1c$dDr2T@v&L(F*bmo?_SP0l}9$-sT{7fuL{2;D^b<5P6fepys*7+zL{E~
z;szybl1FOhjoU{ZBhI#Y5oE?aO|0f$8DH#bF7-*uakg~-%ec?iHhxHYmQ4n)jVEv0
zV&7@qvC7VcGlkdId1(AQGMVH2QYBAL#J25xXE**LQaet4I#6gxhWU1{6XIz%#nkk%
zR*S+2-mPs%!qIl%vdO`-sBorkt50du1==$gT|0_JJogVfvU}f#o#h@)Or~YzOVy~5
z$@Bb(kEm`yc<<+-1Lxn$ac3UyyZY#a=HBB^r5MJe&07fekLz6b1WPojq8uaQk#+Yt
zQbta@#>qIde(F``36t1XL|z)^^h1Rr<SNq?trI&p_x*r@ebDSl1N4!Q0J`=le=avT
zFegf(WO;UW!g<dJ?NV?6Tph~{>&SxoPjllieRGau54-CFUz?ff!kUGuFMYF_;mGJG
zTfa6VTasiF2Yy+91Nx9A$8{2|TG^6DUt&~Hh!y=ug=jI{w3vM-h=@Q0CsRzvqWtxv
zX1*_18x8ao7m<SKFT*~EYR}b%)9ZRKn=AgFH#%xuUP7y}q@|JWWZbq=Yvrt@JApTZ
zY??d=GW;VM#B}Dg%O<mcpW*XmEA4Zx5g8o6Z0kghq=e#5?HpQoa&qk#@*!NV_*R<o
z3>WR~woPNxi9li{_KT*+u7dQkJQ2Jfd|%EYYv7kPkSG`92d(AEam-gt4%#g0bJmBn
zRCM$D<IJ37l5sK$`^(lVVOnS)%#JmwAlS2n79Jh~C6q^z>wMEXYH75Vvxh#ad=&TP
zff1L)R39F?qjj(xQ1Qe@UF{3ACJ`NtbaG&b6cA|q>4ek+Xo(y{6ljIgAjL&j=!NLZ
zuTZA1drZ;*bl`shhcZvOrh=G*;O8^n+WlO-Ye!_=)27lXRR1gj7CXgYSv4z|mMPE?
zsUNg{Yf~={$t=ad8L%Dc^BhwbbJ}KMSJWBOmoeMPZs}(G^Z~M|pu~1ipmTPv$7lds
zTz2?6ja~bkFIfrh#~&ejyv{P(s2XT)to95{S1`WpTikv;F5<^oK9Iz!RH^x<1#u|N
z{U>T31px_oTa_&x<utDhFjFAG?c=3ynNHew3?UaFkMQPu6F7s3C*aAnlR*~n&Aw1!
zt+*1)@ny@ACyNwZ23Z9-4odUT2&Vk@{g*afz2^bu4P_qIM`LS?5ARFwC$ar{B3+^9
z?W_jK&5uWP9{W`u_{TlJ3SaijClopgwD7Hl9S7`I{C+L{Jzuf{ZWX^Hb98`$Z%-y^
zR||2EYl#_`!qcAV9_Crne-(rqLth_()ta5Z*kv45bb-h5){e7BZBxqh4_pvwBTgt0
zD1*gRRX6v8#mh_ICp1Z22v0T43tb2Yh!AqF8QDFs$C4BM9WhveB(()<8RL69E$sGn
zf`An7{`$EACz>L;<+B}pMvULtNPjyjX5P*wLmF+U`j>Rvar1J+Ow>@{&yv{aHjrod
ziNwD`bv4Zrmu<_$;YTeON^`#SQs{XSCq#Avjmt}&GpVpC)4FQNRL0iwX6JW8n3BTl
z`yBLkNwqz*C|?)o$f|HcnTS8xcIvim!Ok?2-!X06WQ2te%kwx=*zea4XSo+heNPJg
z(oOd9xITz{ZgN}Kvx+boZt3`<nfs*9-)$a%upy9E+ys#-)SsDa$&d^hcg~<@<0!(=
zJesHO@{AhwivsE$Sfp%fZ=JDCYo$i#j6#!H09lZ#b_uSX90<doYP-dGDoDwr4Dvx|
z#wiiRM8a{fs+e+JB>mM!&#AC0+S6(DhClO-o;8EyjX6mA$C)hS{%&JTJXBDo68c~b
zZgQZ^lJ!%Y8b(FsW%if^y)g85qyn%SeyZcQ{P82Mc7yHr|JK%vGvUPi6~+8^=#VpQ
z(Dq+2(ZuG;1u<b3jWPTRie+-e?6brCc1H12_6sxJGq9~0mm~sAQ1~)SfpACkrsTV`
zX6d8y=|^U+RkR_Z#|4^3Y|;CB@D4{5sQOVb>o9|6`x!C$^dUWrR(d(s2>Qn;-eEDr
zj7E&FU*$Jo_c-=W^ilQ%F)sm3G{#IA7|5#%WK5}dT@gg*Nq?b=HrMlKD0*4I%f@~L
z%!-u(Fq;_4f;6S_Nsuvfc_YSnBczx?dQ``-cGpd?xvNdBJ)2ZNXtk=3Hi#=<+Zm@i
zOZa`pIklKg)tdGTUbiY`rna<FWfhq`JUn1L92VXu7P^>y(4DnlppOSL^v39Eu4_=^
zD)TF}|2P#tFjLdp@kM=%jL$_2_zu(Wlk8Y}@!baFKYptZ_Yt%omS5|;gH&QscgyDS
z`|*hgPl4JPvDX7;V~3IlXP@(ic40z?&~KlHk{4nS_0lZUt@?yja{xt}D+KzNrtdLq
zBulPem+DHim)wmTu&j=>_>{<F405j{658tr1ucpmMn3X&5qie1@_F1V`6MCOv`u*4
zDH-R(35@;AJsKibiQ@84JAHh_O*Q;G9*ovj^7TURL*9(EEQ5DblKzhY>&PuyIu<$`
zMC2TsEk6po(hq!5Pg-JFT{_6&=$_-_$TMqq`EgzjM_|+f@Xt=W9#XeG9Znxo5e{b>
zeIDA@*1OoR-uC!j%MPAY#<jw1{`4%jnBj1<+DLw3sC(D9Ld-B-Gj_nfwB$|Bp&~Vr
zT(6VpI7|IA=TJ&oxr|96GYLCd!v*fHMOFrR8Ty<)U}dR;8wQ;ZK9kkxQ0N9V3hqez
zAqLu02)uk$L(YZc45jwliw)||MY3V7qMX(sZ;<F#HC!hybo|g3k_e(K@S{t7qvyij
zw_ngzaKZ9t6Hw6y<j5U{aUJB03df=EeQYR<hAyErM{!}MR+T_2a56Q6rXLEJC3MES
zj9)W~tEitW^hWLvAr^+56X<<L0w_NeS1rG7s_O<|ezl!oXiq&qt(DMtY?K!NOqEsz
zplo1gXQ~4Uluu0O0#dwBv84}D*sbZ1?prmm&v@Jjw?wC!#7qZ`arM+`E{ag1f;vO`
z?PHK%5z8w#$>OLj(Ev~OwZX(+N$;?GEQTli7}C>X9xcq!KEn4HQ|jQ+M3ziO&&1p=
zcNRguOcelf2Q(^MCFLLm6rjKSYQ7!QMm>1mqjFG{rcC+>iL-Zddl<ln?b|i*TgJl<
z3Ws_OQA?r-3Mx!dbfM0^*KicK*{P~00O}9iqGf#MP9pj6lo>`8y?aLme5E<vr9ejb
zk^<CU&*PZVko?*}?(U}&8&KtqvwI@TBGGDugB|tq@`T-uv-z4sltt0IQ~HDOf|y6;
z5yHwF-eB$;<RRNQ7X>ky&P33WQnm7noXtVg9EK=Q*gHPR+EbX3WuMj&-S~fTYKD@8
zqzfVP6X=<_gTbj`4LI+c<Hj;FI(W3j4N=DJp5`FX7@~Ag(MN*#WQJKxB0z>#2ztTe
zEoUZNZn0gxiS)*s?>b2O=b1bWgA*UW*ATppdQ4v@yAbD#CF={^L-oi%)OUrDBq&RX
zi=-*pj_ya<B<f7mv+HiN!(zzg&|8rZg@`r?=JJ(2!+uZ)wu4ql_?`uD0YZD~H_K-|
z@un;HyeI5PHzIL{qjXUPF>Q%~4ttq)$PAaJA6pctW#k=`%Lf%8`Ggwin(l*tMAx#%
z#KgqM=--HLMc;osy2N&k0Bo;To*ui3K_3>-H<UiqAkDu}F5TQkpUN1Z+eh7bm*@8M
z+f|%}EX^(3$6gVv)n>CdUJb|vvdF6Z5bhDp4XScTsEAR$lVIUtR$L8wwYRJ|P5!Pb
z)&ve7=dP<}-Pve`zP&zSys7Rf#AP~)_CDkcqqjT3OqbJH{_OQzg%r2$N;%tcN*{1p
zFp*8@p#_TFxwnJji_?z=m6x!M2F*ljkXE1u5;B98i1`74m$oH<evARdCTYnOOp;U>
z@D&#$g!9!RRqxTHk7Da|j(7-A&NBY_#DK(@BLeOy;_pIooJcUC534$c5vufy3=h!4
zUKceB{sDW_rBrbNC3Y|NAs;~waaOJj>_ridUrProwk$P+b3r;}(N76}&kfZiVjKx&
z9^)F^$k%(lj>!&Q_lGge;M{brEgSHn@v*-Ld!(V-o>W>Q>5mkIY2dgG=&Ll|m%^Cx
z1>JZ<I*-@q-D3`qgpSfWAFe4IyK8TEa7%E=DCB8BSm&A5xIC3fS($=cZ<C=c7{+mr
zoTQM~R}@&mOvQUq+Lr=U+Fq5u^mTff<&B!P-@DjAya;rIGh<EI*cwN;HBvyM)!5=p
z>YTT1HEP%~MvNQOAj!D>P{NCG<?hyuK>`!33x$^>aMmVk2gM69cR_Bxp6FpT=%q1h
zG26rO7p+_O<ETV~p~rFP1CU!f_p!>gNzTTl#>c1bc~f$8GY`jSWC!EB+eULLvvPi&
z2l`d^sM<bmKI4|n0)?`fq4Z7*cK$)@*(fNm0L{vJk&%G(WgxD*3eS&a2RQ9pr`#VB
zLW*7fp(c{I8?~jn6(0#{fn=|tQ#AQ>-vuf6-fs2gm9#4j<*fpA$lpG<Dc&plNU2$=
zR^#`1uN(%;@h7|rKK)roc>Ad7MOdsjEWw9OfrBmLgpYV8wCO>(dIMzRH!%e0c(0rX
z!}FuO_8tWHM=YT|rVW|rv2mKAnx-WDCMojkXc+E<n14^6dTu3CvCUIsQ8Ga<5G1=E
z&12Gxa|i_}nSKnUVQ}v;QGPaOWPd&%mO+8#_Sp%0&)sysI$tXYi8eCyZFr&HtzKHF
zcVp40j$7f7%rUcO1UAq0%g|Y*CC0m2kk8^8F`5!)r1!g2Da~B;0avX76~fQp&Ybv~
zJpP$RgAjQ#Sw(Y|(KX`ct_o>N)WP5m#@RgYiuw37td*&s5CS*TpP_lj7=f5l1|uC$
z;xZE-IswQFOhms|`RMGk?AuooTo22&+vS#C>*aZ#*_n7n+;WZ>znW<^i;C}VHfk8K
z53jciHbM>ju66OH>j#!|5lTX4VZ$_7AG^9(?Pt@Q{L?+ORJGg@5G`+oTE+1JaT)k2
z<XzWtYP26nPxOTN*p0OEFy5%~q}B@EMdXeBCLhb~Jl#V3iceCiqt!->GG+eB3mIhi
zA-8YN#QOL};RpK>(KItzU1^j#BUaS}Prlg~yl<Yxw+<dP-_7WI)li9&ZP8je5WTD_
z%~x7vyGvuw*yjitfMVdqyX2(A<vQ8-<QW!zvAH`gu_ydkG31WTX9bJ)Ti*j_4%@mb
zT6n{V&PN}2Q1G?H4r!-j1Fb7%o7R<9ZMS*Uymm=lFXnuXc5eMq^$k0UM?8NI)h+Hl
zD4qi*vvO)V0VWZjx_G0QcQMOF*<+XPYNQ}>G;3dnGL;fWhBjh|e%P@G(8c6GK@y-x
zpey0Jlm=VMsKbjlkNuOo%P*8P=4gT`I%^NCp5`Yyr)82TQGCA1st}6(7>(Abc8r<4
ze}KptAXfuCZln{C#A&d{$2iXO0{;}Kfi?o^U7>*{3GEZ8(G&xC$Emj@rN7x`9%qZA
zMM*Ud-G`E%tjo+m!DAkWkE7<ZOfsIM`3%-@9-F68OEV7q`B0TN<Q91m*}Sl5-pG2v
zy0%etcu*O6hqczIXSS-Lp|MtYcWTj4o`%NWNN-a$U&PkP#@@Kpz|KaCSFO`#n>(bx
z-muix)V5UU)YxDzH@SPD)i}gfDQ00)Sz4*3Jl`f@QO3_tT4`ce*;HcE%2o^yHECgK
zQEegWjfHOEaHhF#an0!?X<?{kwWkfe$+mSY)P7%9M=1+q5gdnG4A*2{;dXph(YD04
zb`Wr*p&^Fc6oC!;j&GcS5-Y}pQ0?4dP3TmRWahfK;{lg+7)LfIlN7HCzUbSC^#Z25
zN)qnHYEQYe%)C<m)0t8C0&+Vdf#n`jHe_|;lC=T?nlTGNJ5Y@#-W=Jv__rQDTN;!6
z*9d1wX9^91w(nIWY~17WRLK(2K9Ofr9GLoYK*u{V&+iHdD(=EYoNNaSmIE`qv-->%
z<KyC3z=ScYvi#7SXI;SPd=NwA3RdA}ko|yU?{j-tLM-J<+fP7u<hq?O>(Bnh-J0%7
zC$zm<TCxMs{lF+Ko+Ll!OKp^|?4{@J@!4ho3gd`z#kSkCH=NK?J>OZEsGe0tQ)J>P
zM)8A8IJnB%vbI=e5*px4s3=&I4d%E*-BM~hszc<V9`foUVo7^I(`<LftqrmiYi^=f
z6S_TO@(i4f59LoEzt|9yru2$-QGL1rO<4NJgA9GbQLD_Clgx6XOqEH2fOxoh%G8>3
zMQe!Bt_$W{)bNs95s$DF$JYK0e*c(}Yk1Am1oQnoR(YvGzVJAE`o=F;@}Zn^yN<Du
z10yV5rC;a`o^VTZb{RoW)EZulOA`a!i%Z5v;7MV#NM^K|zY^d($71Rj`%I$^8@l{D
zS&40AVe=AuKbakj8#twh2PV_S<}K&|OQORGkF_|ANdvCAYg$<B(Mc&-=8=2zDW>5V
z9leAHR=K}7!(~q$17I!G2h7(~U8)#7EP5UbVXL5CLZ)U)9<uZdtty6{8~m`ubo$F@
z_bV0~xHRRDngAycGUegBo;vZAvdH%8=)v4(AEr-=7VaskY+6YSxC=v$D+8|4=EP;i
zf{_!(?idTny`#?#nxm^;2(Q6~mSS|h9*#px`dZlWyOwLqfN2<wZY#Szo)R}h<)BxY
zeg}-MlGKyh*?TRYaY&1bqM*e5Ec!M2NRUR8ErACW2UQ+?>_66#^>c!m-tFFKX}YDE
z18+ToRN<>y4i$k?#>W7b)PciMCKF7U6^`NQ!V(|s{YoeRdOc=)KqTlv4k20XtZ7H1
zIB^oA3q*ZE32oMRTbJyi>v(I%$<g_2q}VfBMYZ8Ve(lt;Pc0@cdN!kC<^BW>wN(0;
zgfvX5HzmF_VikNVSMp@`wpiYMgqx;ml<-9iCPtylqZu|9Gl`k0cP_8BwfJz^AuMgS
zhpu;eaoFk8ddHP^(Scb3?pQn_Vq<>zZi!AX;+~@CG%@n1(L^qpVNhc5G>s?wtzqQk
z22zLoz?E4A_8*3LNqAi>-Bz>8mvgKFsp{WF`=(OpSC#p(`cUI6hp8{~GngwAo??-q
zoe3KH`6qfwDc*JPq)QX8Z7B%};XWjM;_FP)J6>ioMazjMOSKqR4k<x!>pFdxPKP+`
zMjdIB`C1cAZ1ZbaGErxSwb{E9M$R$^>U}iEp`(K3n3z?jNX@CWMVCIJOLHk*>8aB;
zhTaA!d+Rl~qISBc=NdYOQ%!*;`=!Qq3~3+=QqmYre>-<SbT)r>+`S<Xw--0b5u&AG
z7^W^R0Ce&-T%=+1Bi*8%>!)T^$~mXM*jcsuIie5ooJ@2}GIO=C-aZYgcwj51jMW>9
z(0?;IB=9poiwyy^wBPjaZH!#U_iD^#&(g*{PYITg4sV9wQ{9|o)MkH~8PAq~OJi8)
zgU-}>I=3>?8!mmslbwo|G4FjFEt9a8=3Ijs8<;Ih0gjF8TZohESQ;LN6MWN4qLHQ1
zVq}%MH@RHD!|oJ@+)WcWmm~4Mxt;m17He0BF9#G($0~lD;_5Q44aXFZFI&ai8W5kJ
z^~!D8+wE7KZ0EbA^w#ZeKUC@DzgEAPx6s)BTJ`Rde7z2)qdUN$xil0t(M#ULr?cbR
zJVd&dTS(kj+pKKVlmqno-{6K%Y1*;$)x28l^t^2L-X7ktqnGfl8x~m|8w+07;;d6o
zVQ7ZK_l`sNdd^PrZ}og45jtnagWcPoW4eaT$G2;+)A&~&fu1hu_!{E*^E^Cga<AFw
z8Y-ztFM^-6gr1&4ay{B8KN*ZYudA#X7rdG=+OTu)Wed|=WU*UkhVba_?*-_$n}y@<
zTz2!r<6h-?tA!yi+@oN4qtV@_J~AG)mmJo!kUg5Owx_JbZ`a!h?*Gt9o8jti>sdfm
z4i<k#79AMcMEm4ZoV(eJq}|9!jhXsX9u_E#F3TIp?+3gEI1`-(*zQh){Z<+NYjJ)^
z-H~;+Bjj#c#;<oJBQf&TAPwncFqv%=FHFt7KVyZPGy~niRa4J>tr@v|;ab@@zL>a_
zxH|Yo?xAGgxh1LVl((F?mssC92U<-!K5pth>S{AYVSG=q97t$vIpQR!fQjiCDWTNB
zl01G9dxFo?q;ADTAHoDAN7g~xkY!1h5l+9K{yh24r%U6g(#oZsuG6l4)gILbuFW=j
z0Gy5=#I00ODp$?DS_&OHRSSlW7C|>cfuUh5=%>n%*P|DsxI?P|qurJ-Kvjcs4OWoD
z0?}s<MM;^CB=^H}Dg$W>D)D^35%cf4g5-*(yWxwoFTS$ARZ6=dc}!i6?XVm?{^<g?
zHO)2@-`d83Puh<dTS=$owy+DFRHPv8zTVV>`&>OOyrs*P6Efq2b<PyUU%wEuw7;ul
zbE$;-`y1~OM4jNPAx-D|g8rfwka*5E0(@+xj<vH_t?Jj;)^;tLqNga}_0+YI@wBvc
zP_}<q<udbG<r1n~3}HhJstAu1@HKAe305mmWFW!k>Hgdj32AS(N-jy0GL@l(S~uBI
zaW~{(4WX~zk*4b!>80fG`9ip7!Jhb^YX1N2%4KBa{9mz=|5I14$p0G~5wfu~`ZqN4
zUGOhvW9=v;WaFwu%lKX6{|$z)eY<kmIlfOUZ2uJ+`9DNP{^|I?VMhKb@&7N($bT2+
zGIO&0e=#F*|H+Ja1}2{n0jH}G5f&tXhKk}-T|oTAP%JQrA%ywt%ED|;Y?E+&Z`m{C
z@&1)b&0FzVp1OvmI*ZW8TqEN$@88mAHIt>BhrPBKdEAYgzItcXw3UQ9B=w|}<o21a
zqorCOx>=fDb-nXKUj)K@oWA0P(ulkK<o4;0cuxgPKP?K;S$VfGF+B;%SNN!6njGx3
zzCN-Y^kfB|Yeu6{n8~GnSOhkIjP0uNbDxNMd;?_jLklJvr}go|)bL#OcQd%4;}k9R
zE{Pa?>Tf;+x>&<qWkT`^@%;pKun~wV4FY^l>R9=X>{EUw@ewdPS0O%!q^UOBq{oB-
zJ2MS%p6DZ~M|no-RXyC8%rCIj7p0{a<ofPBu5*0Sk@M`FZlf<q+=9DdZmGxU68Jar
z1gB3|y_5HE*}|i|;&|8xY8&N|{N3eSez(CF#<a?L_8iX}xvSpbC*q>rCnIm0hmNQB
z`E+&@(#0mmy5hpXg7k{$pP+5N>|#u%`#11|rJ>~i;aO$>|EZ(>-#wfEBb~y``CsUi
zf2fpyXcP_(&i`=3ez*U`|DsmDU9tc2y8fp#_8*t)zud3i@i)oxFQ@E3w8}r%|MANH
zn`-%Y{Lg3n%k}zw@1OQx{lD9P-uwOf4=3$Ebj*Lm|M&O)tIu~9{SO4pe{;XG{Wte3
z`+s-8ev7NWGv<Ft2>So<OEVI1GH?+5XYkMOV`gRkcliDHFfsnGY)nRrQca0$JZp<p
zmeqRG|8wkFt`Bv5IQeWce~8P-$nZ>y9*k8aQkUNn<x4>BCz^pqT)@hTTv%rQ#xOhK
zya_zl#-WwLxj8xcVmwLBk&p<$k%i5mJ+};m%aG-`Nz{?KPLw&n!Cbk<ROkG9NnN?Y
z<lw;ggi=nlvtwd-BM%CU%uL11j!cY9{J?+4m-0XmhhcUw^@P$gMHXNG9tNuK!L)H`
zd=n#_f5$N}Qon}7G)JapvmUn{pOO5TzG#R0ptgVLt<LtW3=H+mLT^u@Y_D$YcN5`U
zT;O~SO2Q2G_}W+k_9JY}3`_tpqEGn7k}GLzf0<{#$gR%}zHG9~L-XhPJ+4Q;$`zsC
zeNI`L>Kh+>*x48Z^WqyFni!aR$-nR)_Qg=Xxc7X_3X4AxdK<p@_dl-^zM7T4^y)ut
zpnsuTSZIKx`<#3xCwvk2^bGZ_?R~L|Oz!g|Q>Uf0s$;+7TSJ+GSileiX)#+Md%k`J
z&}4|vZpcO)&}KwV++^Z@{f_nNrD_@?i(2~HsOZRyAM6g8XPBA)qR*~t4UApvUh_TR
z*CA^f`qH}NUw)<^bo}Dm_UR>R5_29xYchG3ngVYc0*@N{f_opQwb2KhRh$F9wyD1U
z9O|+4f2}ZqPeq|!K5O28HT>x3_xtkv(mi>nN2O{)gQp`y>U)l;kg+`fF2Eq9Fgv;w
z?VpH}?;n|pnjV{qn4X&0x%*nN+}}MmGdO#%#(OXB@>wrJ`^v}-4Q&raRNkvnLnGBt
z5arAwA1UpkyLYsWH09EbLgj1PGJ80jTl6#`0p|!zT&@QO1w@bf-Z2ejAN6MmZvFDd
zy`^lW5Ps-6vG13>EZIVxUuXt#k;nxFgR2)&hHpN*n4C`{oOO`1U7VL)GT7;!nXt0G
zh*3*xV;kqu<JxT)7(n$L55FVd4Qjc#l5vB~WWj|^82*3{j>$9n#Whw<7z^wIRvB5(
z{OtNRZ=E6Mc^0}U6t=x^NEJ6;dg`U7M%u0be7RHh6K_}3?7JeU_D6Q#O5q!Ry>sCr
zGFKxh?LF!kup5~B6(6~=ipW?`-x~&xR9UhXCjE8&)F6moY=vxlU4JN*>!8bgmj%?>
z?`678t{!{B>IhXVh@@7|XA8rf1SVM5?zwTX(=e5e7{3az<ebi0u8z6oTGaa;=g6#L
z+GsGE3!fwCy6;NANeN#q1+c274SQ<pY6Y-g9_cQAqS`Xt95Z*6^fSlnm#c6uX1bB8
z#TIlJX3wkxo2cd-e2z2-nW{1obgO;A?B@KXOAprgLwdKt{<;ayWQNbU;d2u0gRquy
zmZ_EszM75I_uS!n!J*)L>|;-pX{qKYyg6ykk%2Vyl2U63M96Xq+(AE=JfspTwX!S?
zGc4A&FOvIV?tdF5bLh9-+KNW#<wAiL0mB^`dGmSrxG7{Y@l&ul&<S2X334#qWPfbr
z{CQ`k((%?}V_vv9CevSD%W89T#Tdta;%TkB!@Ooual8=V=8hKII1S}l*<sNzE=ps7
z#q@Mpj*oMZi2iy#ZPhTze*5TvIXn<+v0G!Qgq~tFDp_>!XW;Mr+lKtJ!e>(8e2fa;
z1Q5ppxf-y~VnGi_<pa!$6g2%tY|Ps;g8IE64es?d$$$kM{#ZecQE5@^VFy6h-n1;_
z|EuK#_g7Z&stG*#PulC~FP+mJtM-YAVV(0fImg>{9zQuw(Plb`lEU8#e<-WErz)Q{
zinaGz4{ee2$!>@M4r_&Ux0zXq<;>mP3tRB_8YfW);Fqr)SGiZ#X+r=;FhgpD4v#U@
zGoUXT46jRm>L-M5ccnG!4YZb69aoiu>K)mD=h-c1rp!J2FmItdH+ORFV1Xau;rYNQ
zR7q7jz2cw!mr)_=JppIGU+gv^Q@mU#QFfMoe?n1DAlmH;Ungwp3I$PIC2>?NLI~gX
z@f<~pG=y0mU7)>%(_ieMm8Xk28ieTUaBuo=%)*Rnj%FJ;_iq1MMiTnqVDu{CeDDH^
zc@*mcl4f9UwoJ!&tnI@;EHA?w7}==G9vwDm?alTM48`gjaSHma9Y$6)<L(STj@<c5
zU`rvmcm*eQXT|k+a|B%Uy>$j9VXJrf@Km>=fu>zIwB!JQAw%9_T8cK?sojKdD!HHf
zyuVv5)V{)gB!c$g07zGoK!?Sc`w!_bTkO0r#(0ZPu%7q{t;@9G<cyA99KLPa+s%)n
zjA@|kA^5N;M`<7pLHZ`rxX0IVE(H2`8w^OtkhYLXfNURB$IBpUr@Z4ynTdDd15hv#
z&GSdhWksLHv39P&4okfI14d6kHFeUeuiE!u4zJjuk~g@p@xs^|=i3>m!*}Z81WG1F
z2K3@(xTO+PdupXk#U;l0%<8*IJ3s<*b(Ei%2%)!(xf)|IGjJG9TW*IT!zD1h5qXyR
zrV5f`6zbj72#wxIiPC)=yLnYMvTEFN)91%FPgnuw=xHG-jtR6p^(%z%YzWtqLssU#
z8fDc~HiU;)RNO9AE>!wS_%QZ5^G`yUkCXRN5QQhbQ_WMFSB^7E#a?pje(Yo8Pop)a
zIt|w?0dp*cTJ3b3iCRs_D9d<;ctp0`B7cBDBi)AN*WnREz}U~R<}Rr!#c^W!%T0E8
zNa1R8__^^V=tZYXn+hA4+hQ|0Ts^#g^*1D@Jg~yOb##blJOgl4(^Mx+mmH7?Q2o0}
z%{hC|BFHSfeQNm+LRjKD#=o~?*u^wfy9?lf!Pl<I#Ac)iTdotw&UcubFwck@u8_PT
zvFV3mLxd2fU*S(w<3VHd1twW(l#SIEm?tL;p`5Ea{7;Fk&}kd=iEmyQ8wBNrVmEGF
zPkaRe_-oFZ(!e7fX~$PAS!&xn&!!);@sT_2L!h=hzp$`j4jlA9Q&{E9fQXN<x3|iW
zu*unz>pwZfB{DW0TkxV+gn0ONY*IRBEa4UV*ZVNRi92E)(yEx1Q#~j!(tGrtK4I)(
zBr7f+Ew!;WkE3iRmqd^2DJi6mu!|Fm39071nK{%#h=!LwQvG}#qb0Y37%=*<{U42)
zz9J>}Lw3v71hap)eJmi-4wi5Y65mbrVrK-+f_$)i_KXA;N1ygY$ugAd4}*7(QGt(i
zR{d0x&(><#*Go9YYoB~_M6Z9Cn`J*!s-DQpRta8alr(wZN514|JzlhS-ugpH_YM{n
z1FX5)uS0#-IE@JpImzL)zyr)`Gm$uu>zFf;*BxtSK+nb6+zXu;btP<qka7Z{bR6k>
z4N_%UC`Z|9e&dm<<0m<iX+UVDLrXrJpWYy_(m&x|=e#!bcN}PRYHWlNxB3raJxNs@
z+!<s+EE}A87=tPNlgE`*sf*>O&cQQ_&`kAf-bbCQt$dJ^SH*3_Wfg5b#+mn3p<2TR
z3R0EzY>~$FuG&Bf3YV+{Fpi`uxX}-{lO1`x80N8~X9If>b~48N)wt}NYGX@}Q|0%i
zlg}3GhXeu8gqqMg>RMJQ4ZdUfQ3ZJ2Jk}e=Fm=8ik*q*XBs3AX{!+U&Y`?5X|0o`m
zZZ(Vo-w^P3_t@06R`vB%s4%B8&(2Avwz#*koXw=r$PRd=i=qlKME)A6%|&Y5*oN_S
z+}}-C$xB-<Y^%p@^r_MCV&lM8WiFqu_;T7EUh=T7ck|Po{QT%|Lx(lT)xv;XnEHN8
zh{tBd%Ck0fX-Lfk8YWW(u~HDicvKGa(xs0dUI>3}^%=ntGEJ_%Qyp0qh+z<NKp^lH
zI5t9TzsoXxW2^50vA<(w?+AfRBLnXFe%PSJ2(S7i<*E&TZ=Xvrp$q0Ix8poB?+&{;
zfmKfr%c>444t7O|1h$-r*K{wkhIK>LBUE!d63CO{4odksCva;$1{n-p(~nkARF(K*
z)s~lTiIV&kc4eMaCNTdJo%zW#ei9+5%HsXu2Tr!XQL+e>4>|cv+LGgN45+e@9_P5x
zm7~2uz3zuP^FH>U9p{F)^JL(54kFa?qER;XXYDq{7e~-Md$P*n^!}|;d^xX?7f6UL
zm1cfdReJ&)X@SA|cR`mT9K;DGePy<90ftJSM5P~~$K*lrX)$Z*e{z_mfp)807M9uK
zBPPBh8rP(|<KtFvu0enRhfg4!T^Q)nRVgBuNdODapM<<pr-<EntS-M&V8JB}4Px*|
zz{4+;5^mf?DOI$&dsA7ANT7T7GA0HQxeG^Z>V1Tv2!|;<sn&97S;{g`3#FN^{Rw_s
z2OHk+EAvZXAzvp^j8xc_pX$cCyPD``Bwdk9&lJ$-7KJC4yA}KcOpz@N)rD#xO;wQ8
zUyFvu{EIz_(qC<_tTkcBoOLOYujwle_F+8r+(qS*-iR{1U%j1EeA1qZIge#wGK~Cy
zywFSs`FeV{paA`ehRZBW<mnt&n@EZ4cuCN!`>^6sYVg<{=`rhXMF!K#x@9q{sD=5*
zr=yLsF5ThNc}Vxo_9W7;<>CUajY|phxf98LqkC?F%$+?F9$|v(!J8lwkxTXQBhO-v
zw-^!*a?!eO-Rhq7Pv0h_1rL7i9bE`e*;~m6SmAFp>ZBTIA_mr=;y&mORwSb!ifv4z
zWZr4G=^=utJ$dfnhG{VSrX+hUuhJH9KlSI$P;iKsH|K4@d9u#hBYW8!S7_)(E#^@g
zWf2yhg+?{K5g#*`3LM90U@UL%^6p+ZeYsfFIHwi#-Tk4$b<)Mk6bcN=m`gSufX)h5
zlImH=7<BAp{EIm%;q_KYt<oIu#PMS3UpzEG1cc}Pa3O@;qD?%TZE@O`KO>)@UbBsc
zT6K7p^kW1L$}P43qBd7~@Kvf+SrZ;MRXIf$NOmsO8_hG?+7H+_G=M*g$=om%`e9Dh
z|Mqc{f&G;Y9%3x=k-k&DRQy+#H{%$+&v5`XZDa)=qbEeqYFZh?0MvoF9Yd{d_ddpf
zO82qKKGM2jW&RMo0c(QGXBw(H<T|<KgrQrEIlJ#zCvXp6llhJ~c8VNc!A-5%%4lI&
z&F&OSOoNBUU~v<I$jGUIi!~9!D1{!blQ8F`2ib+aJ!yT>r0vJS>Uc8)t75`^9cdFJ
zTYwJB7i(@0C$d_rl!PbDUwk`qFHX0aGi$uhbkhSh^@g`fG&n}xI|COEINgDr!8Fy(
za*vo)>5}&T{E-pFmMP*7KZEru>nP^mXR7(#@s_xuPE?qSQ!XEMs|3Z8rGIqrTXV%z
zS@b6v(NCWXXNRW|LgmXYV4UF=)X{V$NlHlTR2B+KK{5MvM&LFT?ew2A8A<70A=c$o
z8r!`jgLbb-U6qx#Ea}x=+0#`6dmzVL?@7+iLg4eilLaaF`i(=HOPGtye>J2UMP~Fb
zn*HETE=u217JW_hy_^bdC0fYL&-SZDLJ3?A+T{zmQH`9{DcGw6@RCou+h<|l<jSrw
zMtYxk)wwc)yV=qK#}v88W)22g|Dpa}u#EQJJ?2r4EkO$EuNGj}$2j0ukBGTN9c8o0
zp<t*SjWzN)5YL-8h={Ul!0~K&4!H&ihZNkMD++M4j)zYalt7EqoZ(QIY<Eq;TzJWV
zVHJUmYQxf6Do9a{l(-84=Rr(<-hvS|6G^WJc3*iDCD@LFRST0H?{@ZX=uwC{jCFSM
zpKDOMy}BSZR}ApXE%7Mlo)?JQSSPFy?~-$x3<1<g6MEk}btg|r5u|Jz?JN0Av6)w^
z-(n(cfXFxrJR%79yDsueieiMoRlYdwaB|uvamaA;(&3O5h-@A@#(<%p2!$(H1fObU
z$O-9Mp&1xl6w^#n?c1{w619`j_oi$6Qv0$fSG|lA77fFKN*hiZGd~mE&=}u<5)mc!
z9m{_hf3}+GHMxjv8`a05=J=Mw_}h|-8^c&ozT~b|7LI#T8fTrdPy`oPM_YTa#{pGI
zm`*2l4xHPmW(wKlFvM2drRmT?i$7okT{>a1D38ZasvLw|q}=Z^etf39=qR95eoDX-
zQnIk~4G{&>)S))`+FcV3+PdN@W#5z<asrEat~9aG9D8k<w5=J`|CX=VT+Y$Jg|Ho-
zqzR^tt(D`n?pvFv;N_X?&G-S@1pGEL!lCrnT|)B;@zKVLWbs(2U+!7>ubMl19bAxv
zJ<p@+HPA3J(BT;yHgZzg7W|##XJ5l9rxgl{D^*y1YkJHJEHpj_wwt)R!&&AIOQ7=E
zb$24-$p<k=6&aeq?^~z(USI<iL&!@7`JC{<5*{Pa+(o8cXW<32$34pzGS#FUv0>TR
zpV#1VN8=h!xC^DhUNG+mvq*@P4IT@ER6Qzp6lB5i_(F14H<m+!<5dZmtSTNa7RKmT
z=_pdyK}|9Yv-!{xa8}&Y4?ZMZGBwdbxId-ESbJ2wdjp+d!cWIgon;FxCVO6UBL99=
zlgt{R=IN%@@^UD~kud2OwXR<Y7oJ~ZD*)`nFSq3urt?6$)}TQ?_*cuidy<?Q;`be}
zT>De&ixutB@LH@`77OBtz4^%Zw!uk(J??jl{>mY^if1Uapp4yTZy-wR*VxY69RYbN
znJGBmz2-(J(Z;i`7e(1uZUMoX?w%*Dg5}4+T?;$URI4(Dg#L~u_a*k2E?_4qmLj+O
zNEF~U{YC@?LRSnd<sdp+-Op6tJ9c2>h(5qVtHipR9A5~ongLOy;5{WqA0@0hB5LM`
z3E;;0{!*cT2{Q>rnx%mrco7$isdff!ouPn(XNc-N%6)obKnX$}twLU=^ngawY$3u{
zehvMEP>2nvx$S0Hz3!_8>I&2(QT#AT`2mF)H;@&qk3EEuKVzRWA){>5j!ejaxaWCr
zOPb<!$d|<BSbVJ}bsL_dcPhqslRjmLLORGv@$--@bLxs%PsUYIJ&km{)4tq58}Z<7
zKC5Y_9vke4;zebZmpCsEI`V9uUgQ?a{%65ZdNj5O+f`iSMr+@5LF;6P*y!_W#?Yb>
zJBYw}Zwjnf>7FEbKwNbbhn8o<<%TU{aDeeT0%XF{t87G|{X-xMHhvcfJb&5DWKP5K
z6hBxK1P7J`g}hCW{bO_~{)}9sI_L;3CbiTGuD2`G@(a_eT+@+slwGKB$7XIIQ(PgU
z<JN>`au#i<g;yWzHI+ZTNJ1;i*sbDtAr<5qF3L~FM1q--I^achWXrWu8t>uGdEJ@c
z>9^GT!R#MXzcoR#Rf+W$p;=`F%`9nCa*dD@A|R+6B40xc>?lSTyMXHPe7!+QWJ%TI
z`;&4&i2{BJ&UTlei<onrvA*+YmxC0zbij3NpDyfP4%%AJY4a903Suryi`BD}om&;W
z)w68qk<ppWTQF%Qe8EKG|E7X=Xe#)XJ>UpwH-2;AqE*4d42BYzYr(%O2L0RB6%9eu
z`g_o(=rcQwA!}voDW1alb#VEN;$rn@krqe`ktxPhV)1GakJ7>?ZE@VEEFQz$hgsYY
zvWgkR9Ku&2qeTUHG1EMvC1W@@M^rU5+<h&KAdqWKh!kTr<9E7uqp_k+-(gg3dVDQu
zlq3i<s-FJX2VkAb;Eyk~Mhuc$Kd!jiMDBDKty|$8t=KUN0{Qj_M{#)&WErYnts&jq
zH@=x}r8CYQ4ZlZONfZhuh3Nm;&_w+st5-aT2vyHlu}i`6Nc)|_n5}egARho)2-f_g
zn<|bxdHj#_gpkLy8=U(^sOp3b9^GHIG9wJ+#k!xj=Tjj5^8gwUi`gf#0cjA18%4Z*
zN&+)}a}W}{03Mj)HsG*!)hDBcYQs+NUNAR>d%{Re^EU~U=1|fC8*#>`8{A|Ciy_v@
zOZsGAG`Mm=c#LtKqNVx|ZS9o!Tm$DockwZ(4bBJ=hms+!MCPFk<G^MwSnd#sTXyiu
z<AbG!P~St>ZrL=`QPG`hfh+v7E!uVKH2Cz$05#A7sbI^79brK9rYbM4LKOho1$Q(p
zLWiE#YG+RakXu>HXSemH`*p1TqVDBunh^<i?Veo}iLRpMmUm0lVv+Zg{&jA9at3!I
zFKQ*I>GD=1Y$dnUFh=Bi2Y@TdX$c(<?K-ckB3X5K+&GDhDu#V0zRS|Av5pVOAB>xG
z)X6-8m7B^wM!<}>FDba>PDUYx-)^BF85PSt7w2@MBXOhz(~{MK%}JTU$FLhe(e6VY
z4(=1{u^>(lV8!|WNWmBCuBrkTT_U<TSLB^$W>qEXh-vsGq{i+~?bZnBS7bDgIj!Rf
z`%?^n<_VL4Twvbq|E#iU7G?f)`+KDB#Z-jtZrWQmAkufX^pgqo=l;3p=4v5n12<cO
zbM!=@)|!r{?sL)@6Ks$YMv)pS#BHhvfzaMlXcBH3&4I*n`9S#-wdc3GgY7It$cB^L
zX9NxP55>HKRogw6E!jIpe2{=SIi{SflzNiP5Uz^SO=bGs0zD+HN1O@$Ge;`7T&E29
z9h(qZz_ow)W~nQp^o-mQT!^uc_hDWXbVBQL-jH$q(_C5?{~t_Ex(^<!$d1SX=J3im
zTU3AcxgDokbTYt!^ks@gVHl&I`u5{~px)SJWu8J|DSNIUMmsUYW@Dk-4_%Hu27||x
zbcZPAvC~(I+L)dbX$7}$Q%c0tU?@MLt5u{|mDMj+#|KS$ZF;zO$_HE4t3IgYTMKt)
z>{}A<2q+`*sU>Bhjd47lX8v0Wx-^*?KUc}CB)FN|TKEbcEh>jO=bO-HGYW@-Gpx%w
zq{@nXoOqi$0;bN55iho(qd!<qt^;av$kNvz_`<HOP74R}oHc95<X|j&i&}0xwc~ED
zQK!gACMT=HDWJE{sCr~TYa+Ic#&i^62b2%`a|tWmp2t`9xIf1fLc#P6$Ct30m;-~k
zWKu5NrGz9RN0#sT(0j&1I?C}Io*=X`v@XH%ck9btAyp9Zll|iB)4k!2;s<Qc!Bdp{
z)geMk1&5|2K0d@i^6Vt4UNBt*p}n^8dG&ly$@{@2UZFyMi1T8I02%k8jgC+O87l{C
z$319s2)X(A*$cqVsW#GPX8N24=)HC3NdM3-fxf#}a3b-zs)`YltkQ+*wvVP+fI%i}
zyk2RfZL~_}2U0(h;_nu@f}>=;WSDbfI4O~Vo6mvqkxqrw;tEzHVt=!u942~nVMnAH
z9e<eaIFjM40_&o5H-zd-NfM51(RR~^tenM<kjB*EU62U{;&?77_O41OPhMzFa>MOn
zC4k$XZf2pBKC68cB5493o!<$<AOP#AE*DJvy1Ztk-4&)JbbSg)7d-K&TlxdBjC@N=
zRO)i;5TN>DJ?MEh`xTO;CsA?dk&F{YW(fgjvB)}JX2y(b+KBf23vTpFFuqtd34v#2
z5S8k+W2c3cIjQ~CBEz*aoTgKG^%QMWZv$pKXVEg*-sFhX0mH|DH_fyxuv!AKiNgnu
zHC-B*eU1OTS5gZMKN+gV#E{~nekiux)_jetg_FV33UgB2?+MKFq(&BU8R}G|<cy~_
z`QF70O8&Hx7P%@Z@u|*7V|7^HTU66__&%Te^sz|Hdc6#hg{6BXI#MUE%jqaIPQPIp
zjoUPQ$_qALl1`-egj7E=fSFHyB|LG{PDXcPq+kuWZC2x}<jl_*UM`3uCmN=$N<@s|
zpvjifT^Tr~#m|HY2=>uEn=J`=@G_Vl2z3Hs;G>h2Q58d*eFeSGb(;XdGxZq7@2gHk
z4JW4MkoG<Wf1qexl<>E{nQ)J4<q9hS7GQL;qf0y$PXh#~USy|1DvGO+dMwYL7dm06
zGf?3tPIL{+qXH&Ll{$hOu2`870J4)cLyFu!u&Z*6?Z;GFGC$(8U7oZ*V*DXssi65R
zQM&MJXQS){tEk80Pshg~X+aFmB-y^|Sar6nFU4lCIl))C;rD!Bc9$dtmT%n3Nbc5B
z(np|;<l*rrl$m76H1AG@0<$L*F>`dT!a{YVFpv_1AGO!u0zii4IM-{r4Uvng`gblE
zHM3Glr}d*q;c;S*{I}2Iq_Kib{ZIWV#Kt)(jmPyEdwn6PMW&qR7MBBd*U!$kkDWkv
zyd9G(ECnPaQ=yxy&rF-Q6Zk0vnJ-D54nwHz0HGmn#Nw0wjt0pi9=M(v3G%GNc_h=@
z)xt|H;!FQnbT)dJzZ;#t>kGmZFLj)DWMP&(%2R_FJomrX*Des%@@6JwyWDsY2>!}D
zNie<1pBe)_&lwww`Er**B`VfUI86W6vZNh(H1Hb^X5)<sdAk2KQHeDStKeqS93@Hl
zJNf-rNHKV1$!=O8km#SY8>6v-7|^!YxE^b46r4y+?%l!4H%6yefb~=)J%l81Phgj;
z(ISf(ZDS@(mVnEi84r~;$6Rs6Hr8GLu}l2Z<fw%UyQranbw@?7)~@M=U6Vx5-_HKG
z{4PixAQOz-Rr{>JS;&)-cN{G-Ug+yc@`_bPNa<}Y=$tHaGbpooHCCLRBv5}!ifZ+G
zpr)%Z?re*M;3)YO8C>Jy@%yEj=5CmwX?eY{c0?_y!d;pd6+4jP%2I@oe7$0F{}y>@
z=$?Ow`PIMjMe=t8k|xzx+45k`?9g|(adJ3hT5-YBR;~qzfA0mdO8rWR?0oBIMk}=h
zkpz_!)+-In1Mfx(q82eJnsw=Q)m_%EGC4<{!`4b>LfbmUmRwJQWy8~(out;j!_%hv
zg@o~=p6f8yyAFb&c+a2nTCH}hotRbSdk(BB`Q-H`1f`gDNV&zF&jD@sP`Pn=LVFvh
z(7U;vt)G3a?exT_jruCE(oH^o4ngkxoT=8MZ6A6^1=)rzNW?3iO$*LqsOk-^#92g9
zLy-aLza`LRdVY?N3R&#UOf;yz{tEQq7o<<S^iu?-_aH3{`rx2q;iG?2ew`fp+qYuf
zwIqtPseer=(hnLr1S9*CGCj_#U!`^4{%sO0UJz1VsvQ)pxZ@WsAh}soo=P)KW&l&k
z(G|%GCScj#U?)Vr;;xKR&(%m%vYwUv&OQ>7(5(D%G*waSppscD2o8BZbXn{Gv8H9e
z>j!l4-loB%F+Z}Qur~dnip$o5_}k}R|Iw{B_-GB>in|#xQ_RH$aXk*<WI&5_>JQ;o
zK*^HsOLHFwO#qgF@++l8Alw9m=dS)*mXac*&oTErqhmga>Uru1S3;nK!`<QSVJk1U
zjyw#O>#SFbG3f3`(IbPd0=u*=9yXTy<g;Rs4dW=op76j?7vTOJ)vg+YflQ?@ef^O%
z;VI^9@h)bNK5QVv2>EMZlp+S%;b3S7!{@yfdwMC^s}orDX$%2s@A<=&Vtr!A*O~4a
zZX9)hVhN)&O*x7o3FFkw6sjZKcgs&VGyE3=#KD-+_dW++xv*9B%S`&ExoyZ0pVX^^
z5mlVcFgrjTYLrGiu@ckLx<QRfIVecNLVL|EP}t02pE_8>!fVr1KT`JUA)&pPA28}M
zrtQK7@4v-SYmZNO699nqpLo^cE1>;H3k2VTA{M`%;|eq412h~s_@x)xi5fGLEgz?`
zcIj+~=(kT;o_J;3sAH&+O2B9Th6DE7bxa#W5UerjYhp#-`bNYHw0gEZ%hf#@c3uv}
zD-SGtme-mBmRd}-2BjL7Y2x+&1wlZ*zoc*p4(t$8m%epGWUrHv*Ij^fRPzh#T%9$?
z_yHO8J?^;WI5zi8r#fVtAxPpJ*La-cd_sC3V~E<iU3VV!;RGyGicOXcMH!&CO=swH
zubd(sEWKlmB*Ugd<;b2&vSS!51B)I-76od7{GoebwQ_`=bH+0JK>Rjw+&&4<9yipF
zMA|#BlKE{#i~L#iyzLEy?YL0=fkx$5KfzL-0GJ|G;v)<Bc)Me<_ktgnlJigRAcNj|
z9MMN)&I>3asOL(RN-2<ev`!X*l1dNpT=8~yhQ`9j<c<X=BlNnHBTIzcJ6-J)k}iHM
zwBpbCuO9-Ygxa9MRFLf>rjWTlkGXGm%5|{ZtT%c(cX;e8eO|tT1_x3Nj;k*+<?2ZW
zlgoV7tUJ|4>8!t8pD1&wHW-uez`AH^aDQfwz^WMQ4!2LWP>X1&jYA-lm8DZLlU8VI
zF$3!Raybk7FYarv{z{>cC>q=J9sne7x2vHiF7Z+|rT%nmQ<l#TH@=R4-*&_{s6*8R
z&n-rJA9l6?d2eV7H7l{`Lp5p2dgOwk71=5xbPN*w7<!`VNEhgR(iv$*Y$%(w+D+!O
zCT;ihn}jD=jGew~4z(p=Ux&Hg0WDFMl(+po5BDYPN^T1~WH|Tl{K^&Ceyf$Iz=_}$
zPI~tK?BZkS4LfeZEsRNuYSq~0;IjG~>YXh7^vyv0ib20QpNv{MxQgs^j)N<a^GnZx
z=t1m8vMeZHhI#Dpx^(+B^>3VKQAI0pH}qE{!;oIm-aR{Qiuo3C#va5DUR;#KWlh)M
z9*58Z9w&MR70H+?r5|1$oUI9`S%l!Nc_P3?O_ADR94W&4BD`L)ZU8b3sVpw0auHdL
z>;{T+ZXVfABx@bC!LTrlO&aj=lFO6Ck|J{S2kD^ct>-5Umqx6y`Z}5ab_^+9vswY`
z5rUgU{q1aWX|;8Z#2U#`tw$kRQ4~?El&kILjq&`(4z3y=YNsf@J3B+>o+T`<bIP=`
zmLG0$0ye?;SG&K9u%$?6VPx(jFEk%lOry5iP`NI16%2esL#)?6)-)-__h_zhpk}b%
zj#n-AB&q54dfA((BA#p|Wy>X&LY+O(_GEoU8GAMj0|lB+^qKeY8n=z;S2qG+Y=Kf-
zt;j+>?YBn<#B6>eEV|9-d=+Rd7=*MIQw*LyBA(97#9=^~(@$XAekp-jL|6weTe4N7
z6gs9{^Hhl~?<?tmdi|Mum9fP|T>oxLftw&QHs)ZPNpA>~&>VM?)^URr8$Mh3Beg(e
zDZZ`$^+;sqeTTBAR@bccgqCV|afTG*sZ~Qt(&{Ev^Okyl{X!3XGIC~(R7epZ!?OiL
zfk>$y_H-4}j+7i95sz(^Or7u(Rm7&!;-0~dFJ8Wy9+|upmh+oXu(R@4{xPZCs9<4;
z!0P?N<n`-TDBQA6hRGi+B~`?t@9}^cB-6{i=6DG0ImCAf(CZUnqJ-`ZE*#<R<+8?m
zZ!f5(K9G60FcDm#rUxC}P`S~n?i<Cl!lZr*wkGFwwJ3)UL>0SiIEUSRd%-SIdpi}P
zSDH-%)xXBu=f+~H>7F{(8QL(R!+YWb)1?%DETPR>a^#2qin8=e@1W|af)^>N#@291
z1jWc|mzAGZyoK<~NB*ImVZ(Hr*;0=+O8i3i#w36p<rS1bOBuw=lNZFAYI$ghJJ`}X
zJn!;ge}(7!Q`yrxL#mR4{*CKvrZyr5Ke+7|H*I44lQM`ZR}CV?C^SaLw>}xnhlq1u
zg6b&jD*+B~do)xteyFB=_Avs=(nEzR5w;B^LYZ^I;e^k-%YV6T19Ovv3IkfnIq9^G
z+?5pt*dZI!IjfuG>jw`RBu8rFu!c3fZyT<p3e0_z>Bnpx3i;9Z(+j|<Y%j^rQnjK*
z`eTmauQ|iiDyYe2uoK7A*w&$fguV_EMf_Xb3}Ij(X5wI@YgW<VktyDqZhQ{n`jRxY
zeuZF-e=Y)aL3^Y)2(Z^DQbWdlodRq>gnCu2{<ve-LPUy5|2g{_qp(c2jBJn_K<il7
z^P?fUfBb7t;U8<)+b;3BhB_&vH9J?k_uF1L9K-blR={{#^hKGcI2dMhs;1RVNB9Jk
zwE=^%F^-C_B~AtW7FT4%xJIi7`$oX*3QPLi&8=>xVu1f(gV2XjsMkVOXBn4%SIS65
z#&SM3r;9=Z?FG2ut$U=*UKsXE;Mid7frX{tm>d4se5p5ipYpuIfiQjtidIf-0!C2I
zTai3%^yD7>&%EtgOOSWVD{Q3tS=^jSJhWdvCcqsz&?^H4#$$5><eN7<shrGx+wBU5
z(prTIiHHoqg%Smri=Y=R9@7cg23ud{c9EPHo{gOT@fOZwG-O?Qzf_QZIA%$mmR}&N
z%`?{qEV;(w#dS9Iu9Jj>;})hqm>%{#CnZ5Id>Bg+&&g)=?b@`Oc`14Fu7wJ}p^$lB
zJ^^(};btckhlKP~1#Ufq%*aXPRnq7BaY-?MbxTy!K6N`|^J*qwETaH!{bHBcLK8wA
zk=!w6v;zT|p4Nc5eFvBG_48>RW+ex1=Rx$v;Zm1)u5auz7L~rjr~jhb@=Nq3rO&tv
z`UdWV@zSK5Hq7&Z*1XI8P&Dn47d6XSKC#fwDcLPpp4syUM|2>cNVCkKPJ)(}fRzw)
zh@S(=ngTb><IhsE0s2Z^+mobMe^q0>slK(3bjue^08_ab!TPlC<maaqN^6bg<_MHG
zCs)+PD}b^-BL7r$f0U8qZ(LnV5A2<gu@UdKzz4PnAwLmPlZyN|3rfdNYk{|<7KX2d
zB)FJ&kECcu?jAgpJlxS3;IkgUiVL>Me54_E(-SsDw5`nEz8Y}r7095@-~H1XImGRR
zSU_yOE+Sj4TX!kCpZ2w^L%D2h4jHX>4rFS?q%J=~$r+Ly%=pDcwwk@!e%%ikcAs?V
zQ(iOFoFUuGIV8V{z+9=Gt*Mn4Y&r&&HrhBrPn7zMK~?OtjxfASZ|tu@NuykN8c^K1
zst6AsENtj5FE*L`r9GDei}W3Vbe33hiq{_gXDH#U)NrKa1eC4#vSHxDAY$cSR%(YZ
zomVkySA|CbX;?W4&xKYm3dLnqfiZrd05dahaW*Lig$f|NrH(=D^77lB&<320aHKnI
zzUd4Y{m=Y3v!yCYdMd*!c#sY-UcmBEv^aLKBt4_(G}6$YC#*{BN5?jnPmFH%%=fjO
zZXbr~wsVx_X7sg^Ds=1<BL+eDx$uB$VfxFZ8zf9m%9?{+H-^nrdY)eb+PHFs*`K=N
z)Evb6;WAkw6LEr0V)az)!3I{Wnt<}Jt_(3P0B(v`_FMj=_lEWCn%T#ME$;=iULhF>
zRaVZYocCo*n9pC$m*b;_#Nq{d`R7?)dNEw_95p5grA0@7@ZW>BSphbk?m({K07|pu
zmRR;(p~gcRSkRnSL3SO+*S!73c5ym`{DVOhoz)zg9#YnBc<|efmwRqmgBsLsMJ<*j
z*z+CTr{i-((dw~?u)=e-U>8Ly?y$w@k*n%hm0jSB%McO;WPdThy!^Py^DcJ=5!wBf
zAzL=#wIbPTnEL71zyK&SZiMu7D<AHPU=2UEmz2H80`oFhsB=3-JIE`SZ)#Y&d{AwL
zWR04k(@}KP74M=R*4Id|t<!Bnc}?l^IxKRTaIZgY_Xa;?t@qbpe9f;#UYd6cM7X)@
zKw;^rS08IY`U7B^XR#XGF0J#k%EtV|fzR^HX5-2(aogA_GgCgQM)?QT>GLJ%5t2ot
zPe(Nu<<$Y}DKzTZRQ4-1p;$;S&7r7F)UG;sJCSK;4La<Qo*&^eUaf88H2n;laJmUu
zoYAupn}6DsBfUj_Fo)4^+8Y_7Q&2UE;8dUPO-sKX#JCBVC7!H5<82;)BgcS&;G(-7
z`Up(Wi^dF1PJ~~mjv5EN55|9vCBBgtrjlDluNoGlzgwmSX<}+MLsekK4XY;&|NUTO
z20bzBU;n##`x4mmck6B#xIHkO@>Pveu=y#^YD+WnHUT9?bOVU}iVeE#uzoITOkO9F
zg7qw%bw2GWMy>9>UIya)CytM0UQ}$gR-g*9&TD{4$%5ZAMP111%)Qq(%1`<&`YzKf
zu`U7c%fN(HX<>AH(_YCf8QVu1)B3|sY%pDz_13~(@hzs`J3&A&NI~n$>N%ial-?Ym
zO=Sr1c;rw%I}B~DSRU1ME!xv)OweP8Ae>*(M%#E(dP#Lr_LQAc3|9fO>@#_L5aNC<
zS1T;40bym&eXUThdQq{{F%hX-OCOROQO{tFD&evyMp+*s>7GttB#YFAhWBTH$tDtO
z8!nTnV`8o$*+x=7$O>m?XR>V|5~oq>_wOE5-7E~Uo;F!~-)($c-+c@nM^u8OI`ATs
zS4y`JD1P@UEE_#~=ACpf+Ufx{zM+YKIM&qD*h^{26R%t1uKH_D!MeMgrI)N->a5e4
zVI~%zdpm()mOt5<ZVNF^7}32Efe0xVh+4YVX`~n=KkgLpyRq<w9Fs*8v_LH;YMB`h
zrDf|?PYs*WR~OutXt?)e5}yX7g^=(oIrUiI?fuX}uB-VLkg$E=+kzt^P6+9Mr?5Js
z)$~i{Ab)t#%l5Y5%80rz=+5}`H#qz0JGx>31|`a(_-onN9g@61@zDdj%~Kq>6{+)a
z8UFb3%2t$bi8XU(D(|{53g94@6Z4=5ScZGU0%t9TI_CIlkJdL?69lWGSv1N;YBf|m
z3dG_LtV~3i;~0N6e^f^+Hu=gopQtE%c+s!KjgTWIEO5LZ4gULt(&)fe)G}jTky`>6
zo3K!iD!lmuDq=m_xa-;sCe^iCME-FXnW}zigj#E&#N7uv;osf%@o^7wzjh?yN<&RI
z{G`!N6f{I4GL-riHj*lNW^OGEw8KR;CH{Hft;jv#rXXdPyL6Icfiq7=Ba3Q{<&H8e
z8s(5X>~DSs9%KpHz(}#5`*5|&jf4~8Djc2|3rm$HSx(l7y;f;$rk^Fb`f&=LeC(i+
z2qF0t@GwY^#t}T{TYKmc639(*p#HmoCk1oxq3!P}#^IK0%P=Bb_2&rd5Od#cUUx@)
zD{hS5jB=x5_<J?izo`k42RpTyGnw2b0!)=?6q31Wor+;w+z#8=uzxmIOWXByu$#kL
zaHEkZ@WoM5sVvwEiCk8;#D;qgZ8vxeq635SR0`t^OCVCB#=d{|s%q5Kj*HI{Zuiaw
zQA2&cWm$`glE07@{zibe#Grm6!bYK=XNXKJ6r#LLfNg72Mx}R343Z49fyJ)<f#KD_
zbCK$8_y14`jqMd<X<P9|1UDfeX=)cn=aYU^=ww+{>CrV+^xkH`l!I*%pis@JTKAL{
zfxwb}z$jB@933TZNv&J=;%JT22SaSC;t4WnuUGwBNyX1+BHxCO(F;`Q<vmX{tmk-H
zHwldL^i#1MPa*@gw{A~mdzkrf<aNdZn0jQtO4zsb(?`hTq+Xg24?^dI8Uns{lDRn<
zy+e>aso7t!7&{s)>XV6zLY-ZN>@F&$$uiXt2PXNxt0^yBn+Tnrwt8LGQzKG18<4tz
zUOEw5w*?XNe1OY4i4_We<91Y58cT5f6s$x`Ol-%j)sJKWxxL%C%GQW-58=s$Tqb>j
zybrt4LYDGK)6etJ@`Fu<v1Y|P(xu=9M)Xm_+V4W`VMX9E=~@f}=<ty-77Nygs4&4U
z2{-4<E;aB+d_%brJLj;^=7})p0ph2?Tzov~{z1zh2(C0?gGOwf1mvcxig5U&E3+`S
zo3aYSClo8wL*hI10k8t@uvn?D@G0xaHY`c|(WDVC*($u~%-FAy36gx^_<O$`e2{NS
zrTGvbMwfFZ=CMpxk)y5h3L&-vpJ`eh^Ky;|(efaVq<smuGkzAIJ?@mtV>*d%2c7dA
z^6wv_;MW|wWA1+Miv)!(-hS6z6j?JWb*R6BuFQ%P--@_ihnE`<#R%sSztUQl?98@o
ztKA6*5gbpvTZP`EtC{*&MN<MhSBOex7=I_XKD)lcd^mtGE1%uH(k%hE)F=&`6NiFL
z5#jK}<*FY2mFK@LXQx^HW{R}m$?ZLPQSzsj?n+lw4h&TSx9`H+Kg>1ik<^MlMB#k3
z2a1@0(VIRtLmNl*;$_^-bf5i@d}G)Z59Z|MDR!7pSo!zmu1H+MqiccG8|mn?lg>eC
zRK1Gxe@DDK&L>NduR23b(2e6#gW}cgu<NVSZFaUds}d+7htd`(Gn{rts`{w{$C?Hv
ztKo4f43y2h9RBp}U^C}@w+we5uOV9pyZoJVsETK<s;&(P478dKXD#iYy7e+{^$U|k
zRMJqT&de|qPl<J8ck?4sz=Een4-U!bZBEN2?1*hy@i4#+-9THHmT%-yIZo50o?tE@
z)dpvnP=Ep8pq~lM<u7h=jUR4hNx65@iKZ<u+yahM??Zn?(Sfzr2wdic?rsR9{Y}iY
z6$>}OCLu#p*8j?kj2digs_wm99bxk*KrvK<SGqau4awTEr;$zPB6qugthE(Snrwm9
z_ZFPa=|TE1et=YE3L#hF^@CsC!aEOC8>_xLML*58<}Ff>tG0bE^nYi2%T)tUC4?XB
z;0U7YvSY58dsZe*Ah@+G9cp5bqa}PkPAmQ;;hWTR@jFmF`qb6Oa5Z8*A&+Lk7yP0+
z^&dM{x#P;f8kTfcb)}ov&Zf=qHZ<~B7TX53F=e9rqWoth9^5MlZXgrPKpuu3D$l>r
z^|4+mHy56Y!(DDOszW=2g7%M@*0yhoMslB+dUXX1%K^YBZ>*saiALK@BIQ`kzI6g4
zs$L-G0;8VUGDI|0383LH4c!?SPm0~@{QQBLVIoAZFNFvn=kP8{lvNoCgqLm1d(;{M
zWcGBnWdr%fS15szmd1u0lg_oinOvq}+vyen33-QtzW`UnF@eC3kqNEEI25)ah$j|k
z7UKxc?Czr6{-A48Ithvd5&l97$}YLC@ls`9Ghrif2)oo7&%_g;X1S4x8a3!X)bY=H
z{#zdiiV)ujZ52eQ63`+hh{#@bPD#zJBC0T`FX!vg9ErDoLSH<2&o`hqsY27A+-t{@
z##$QJ?19smg?in(Z^N^<tk8g%Z#Apb2JQPC5&>$;N^$BxUzXQyO_aB^DML4wN#%-B
zWI!B$FIFtqQc+SKXzgofzfm18@RyqdAv!9R&w@G(1Km;dd`XUZWfhe7RbvzVCQzYy
z54yXI=(WZJo97cAr^yR&W~Xr0B8uz9V{sb$%v^ha+;Q+N+tNJkZ4mg{pmOPLS{K;C
z0bW}=l$moV+zm$cbzwjXWfFv$ATG4`ix|mvjC+!@&HN)j?AE?%<<k!z${d33F;<bb
z3Tk9b2-4rTS;HrGHzh1ST(cnBgVsXHdB;sdGx=4nJyqRXyN=vWh>)vqr{XN@)P3)x
zXJ4HtKBxU!O9`Ro;0(6l7S&%*FR}ulm+~B2xzb=63Z^eXW_B!puT_4PkzJ+a5^7Hz
zlOW=?(a8X8#FoAUhD<H0tr4dY`dPwOeot0@oY_!rfJ|pl$z=-w>e~4V6Vq5k4g{yw
zx--(-S*5u}_ZB%B`39n|CaVfH=|1gtsfX|@$b2cw-g+#Z`V=j@T`RZV>0>vlx-0V)
z-U09uQPPd;`IAeKp({^UDC>7XR8IaTxjCb0T_!BA8sLu*_cB;tn;@`qSZ*O9+(R_@
z9`Sa)$2aU?DPQ))805|$DwDXBV*+dg4^0mg;qyVf?<%M{;~sru0Z|k_pg=kl^!b;u
zzmu8#slU>KBB(*yex~4?KScd)FmVy_x3BHBj*{SQNEALf-a+f0Rv4G*!_l_Mgqxcg
zh}<FkPtn-<^y+tt4%C>U_nt(}3M|7y1Ajt{zAa6Ea=F1f$rP}p?|#kKJm~Bi)bkc8
zsh>e{*V5DM+IhH$TGR1RvxJNOPK(tgW)(YFE8M1K^1U9Bnr9TNmAmwJQP}pjvx|gQ
zvcu=z<|y7;r_csR5LNN1%DUOisy|@aTzlw0l0Kc2R8jYQgz{#4i10GS_!u;W4J4Ht
ze&kw<Sh*^eB~)NR-(h;>Ox5hO%eSLm01$+{I>W?jc{A1n|9VEdCt&TPJY*QFsM~c4
zXP&(`dhk!DE$X<fLPM2{J%?_aI_~$sEKV6&DOB=fRrmyNk~vQWC(w#bZ0;KDia{G>
zNCmYig4bpC>LMJU&6R(*BVl!$m$HYRe&4KcuA8+kk;}=ZI1!Rba(SVPuImqr){k^e
za~lej*w7rNpmFmUBXFoRbcLb*_HRqjEs4)8n}Hkob|!p?=qPnOlP?mh24;9Qb9Z;^
z#ul9)7WQD^)0wReSPG5;-JX$1bJ3l%3_SO&`VcJIvjm74y+AeEji;JRu+Z@Jw33Tk
zze+0-Kd+~1YcRgS!A2c*IM}L*U9L+#DKg*-{)Er_suffEOZ>hfpTyU~>-i{u|7G}t
z5tuwQ`Yc+X?RwQTj9hX}Ntbjk9igd@aMHbe7PL6Fc1AiNoqIqhCLwMrz@EyP`o>ij
zZ^n9-gcx;dx+m)DEo^Mabvk6>b@usfO8c&{&t)Ftv{<<CDw`4b@rXkZ1j`h)-o4H_
zK|uDt9JOc)!g%i08txmKnTzi5L5<sF(8q!L?65KROBE`rUX4P`(7|wJEr%n1XQ~+w
zDtFmV+)O@Lk=6_nz#EE2^l6<-E%h}o8!1CYO1*u6e<<;1iEeaeZH-8C<Z&$+uI@f+
z9lZ^uuAjFP%`=*t-t=5Moc|#~5j&V77&nSzZFd}ox5Y}L5EH069?p}>?8J?cB2Jc3
zoaA+!sLcSchBC^xwOe>-8yvKGQT>bbqh(_d%H1IRIcXlDT&SY;TkN?E``a;EoGh~k
z4vKVlD-6EU7vuLc4SMR!(x5o3AX~LtHink>E@=;1MKdvyD=v<7=xjz7ucrfPiAbmF
z@Po^AoUuEFX@KsyWHle;c31sfqHnxMd{{1K<XI<q)}zwLp$575Rl##@;NH6m^t4Qb
z5QZ^<k2?-*4ybc3oF<xrJ22iEu3nq)cZgcL5s;e4r^lH0O?rd;HnR4JENvcP|Eu^K
zsNlL67suV;63Q9--E|VY8)%S%-p#tc$V#-KxH=zxam~+MC#q=RP+E~z=sx{t5%M|!
z8p;v*<83AAB0;p#Hn&Idhd$7duukuYu_thyf4-0^s<6yR=V<Jwq;e)M+2%bPeyUwo
zA-T5WvopDfd!|WBxCk;u=7;8LVCWgtYBO2&O4Am49gx63sG2_8$q(VYnAW1D&v~9K
zuG7*2D@n#V`r1`^@4wzb_P8_&b$PVP?Cp+@p?z|c_R_;)egP{nHCPpRnqrP5cCfIf
ztnV{iXkHId(bYaeCp#8eMN&33(YoR3_2P+oNOhS})L%IXdn5sW7D637(rq`=312RC
zYw4z(dovzIK|aN%N{90AX4qpFc;=nh(Dc6Ynz(L<Go5MdOg$fp#cXV2p<6Kls3<zY
zG9}$_uzCQ#E2`0pxOZI%e8ua9WxeCwWA%Tz1L41}^T`tyh?rL0qy5R{{mMH=a%^nG
zteLZMSw)TEk3k~1h}6B|Z@tOl)(*a4{_H|vOO5EB_L)rdN*kD0jgTW#JT7I;cfC5S
zI7cz!WbnKyw){+s(!J5!y>eeiC)*i7c%JK<W(=Mw8jOIWK<K5q2%g6!u4gUMV5JUp
zJ?SE*L?1ok7IkOHmY>hJ%}G_<nzpwB=vYzcpTx}f*U4<8c#`naNQ*67Le37T!vM`|
zEjhy0`Nl0RB1^?;F(dy(G<N7kFDNyU9+5OV@oZ7a;sF7`PWu}wGGOB}aN>3~R}71=
zfI&`0t&yDg*|q7rY5`V@iTQt&fycl?K|0M@iphty;qOK(0-P(|oP``KKnE4*BbOGc
z^aMH?z^|saIprTFpvE_>>?`;c9L8sW3gjqd`6S%g&Gkxyf?$G8MY43YV5#y7>cE*?
zdO=uDwuou{geRpnGFtEI$a&FkhG46V()(+IieF4#Md5cNbY_q&aK!)4v{<-Pa{yC~
zj0VZxj$k-@-x3`NaFvYab8_T*ZX?E2!D(W~>|LsdmxgGrO=d-Fr#7*$PqOhyFqeC<
z`>D*DaKJL~Bpprrj_tpAi*s{#sy!R3X3XxMZ-x@ysqkPB;Tal(FeaKm@pD8DFkry6
z$x2_X^hR%C0(PfEXK=4KUASFU7}Jy=gcKQ_?hy+#wr?a9$ZG0c&?8r}DWrXOLnAvj
z5v<g&mk7<IME0}d$5=6i#K>ui$ZdiMm84lBKx_s(rzrlcs_h9<z*X$`AxkvAKn}HL
zMUkSH@v3utSj<!_mPRoCE_Yl^R9N0F%dLrNW^dOeOug9#xCE1eMb_9%_u7UDimzKe
zYfb`y3CI$JxhtRRdAT-a2ov{c`0@1}2ODhb*7x(gC3e;YwH>z!)&C4ZV#ESwxAKcE
zkRAEX<VPB%7n>5?DB^(rUjP_D=fBRBzCk#MqyN89IaWIr)0SDKdXPls%B*%hC9e8v
z<1t_2qV6AWq(xM{-EmO3*iunhh;=@so~;;&TIJHnb~9V##NZ;UZ`aKC4!w%|630RK
zrnOnDsJF<+A1r(;1aDa)O%<}JU$c+0!B!)^W}8i=j2L33o;?BGP?(5xa=qI$k2eK8
zijX4GJkGWdWQXC|vl5EI+;z|K%f7dG?B3X&N95^km$=_R;<2(Hz+$6Q%-UXaO`h4Y
zfC?w`@c?#AUsjK&W{kazoa}1SV#92#a1uGT^kS?@HoA3_&Qs)@|00AD)bTT*8Neyb
zx4Co3?IJnhj39ga@kjxk2#qc7#flsxKQ@g*rxHJxY~4$=dUZ|_Dkqbhy5)QmHS=Zj
zAkpZMdFLHFk9;ahOxkH-NSbemO?B5vGM3`qqwZVUPQV(1HB05nc{v37ax3$Fh3Edl
z8%~(QCH-dT8UGRAHiB0Of9pe4lO`wg_PN4{uh<OaQ#oh!D~Z}u(%)zGcc41aZB)wq
zyCjumGFx^D<Qcr;@iuj8+eY%cHvtc%As<-hO$jl^&SpnIiQiJWKpvptY#DJ)zwA#F
zjcN+a^vbq;8mw3<c8D4F>wguIyGIs4=%QlS*1kWJQYonY;KyS4nKj6ZgnfQ~YZbDU
zYQ(&dmF@RH#udo{g?amd21*@h_LwXTy9zVUnv48y2~0nSz2dBJ{!(nbV`n8G=Ce?6
zRRl>{nH2NBHR_?`Cc7maoSyV5l0?dm=bx(@+UbM%I`XFy`M;Vj_e&^>Bg%f2jOfBk
zpv0{PgD`EWQ3oDA>1-v<fg|XC%ahM`17OOSa(aBCKN55AN+#<RjsU_jzgDJibpEg4
zb0Y4N99`y@m?1<G0mN;7Z2Y`2KH972t*Y-|e=U6}ec_8xOv^kA4R`Q6$^LmcL_sEg
zR2Wh^=lL7`bBWRqcM)1jktxG9G0)kWETi|+^OiNu4#HOVyJfk6sWm>9lDv~`im{98
zHwiQU0qE+$JIRlBhv!sTK0XG%;e@`yixO{p^Zf`vht2#f5OnPTbTX#bmlz=ws~nDY
zKaV%Z1z1g?YfJ7Yrn$05M&F*BadMm5V+y-ze=|s}tW$fJt~C#2$jGo<f~22|-%2P$
z!#m{hIv^Z;rL-6$l02PJ3et2N7aoNMu(zE*7|6q8^YBB289?E_X)6Y?H+0lMTEhQg
zhi}{Q4H}0<Vw1=8%fE_!iVRxV+Gd#V*_ic-DZ-JRFN;i4sRXtdrX5N-HqP$M{g=+o
z6>KV5dABkg#PPVxgs=<!ZnG{D{=9)N0Ts1=whK(O9c&PtolHiA%q~Xvr~xYKpx5vG
z&rny*PXGHBdGoR8ysH;_XF`59Ll9lvift(-fy|K<zzF`m##!!@aH<ICy8VU+q*o!|
zk7m$vx@Wj!d3=@yJ^3}^l?r^z>GCe)PA)bF@y|=T80$1h4&<1a_ut_lqf$0T$7wrm
zfS&6%5Ah;{=Ei@7QGCRCOjrmI--WnU<CNF&qg;sv))G>|ZrNTNi)02Z5-z48cXoKu
zJ$WR}ab|286`7J9@r%Eft=#2Jx$Z5|)CfMa6_d9HR4$DDR5)gbN8OS%ukMr!44$UX
z6mX{is{ec*^=DDKn-Kh0a^I#OM;MUCksX_8yr+9F#sVFN){6r#8>V+iF!3Ye8%9<*
z4*mw`3TIW-wVB-s<gw&j9oJ8FBlJhb`$md~9k=}lLk0ci>`9|Ype?D8vHV=Qk*5{<
zdGwo2GWG%S0%3<S*@_Ue1!7&Wz~Jt%Do?hWIpnt%nLMv@BI7C8Jh$c!r;P0tgikPe
z_ktQk!h9ombGdSy4QUK9<u5yvG?gO8q1t$yb<7PAS)$Q1nnpUyeWN*)6t*LE6ou)`
zuu?i*4MN@W=$-toUTS-EKYk>A7ai`^d(kuQ<UP+^mG1xJYcxRmB6jQ!PnmI0XLE1%
zh{%CCXCxs&na1MyA#xtQ{AlrSlWKgS%r`~un-YJ@9hx(YwgRv=Rp{O!5$Y3hfP;bE
zF_5LJ7W!5`N^#Ojo(W#;CrRdhQze7fyC}t#yhX-k@l7CPfUG@MEPc51F--7q>uGPv
zQr(tE1ov=USTz?mBV@9%0eo>{Femyo=?Wy*^%pA^{+futm*7=)<$~?7h?BMAMqFXa
zF;_z>AO7c2E|lglV6>&gJ%R<=L&o=923@_s@5<j37kn#s0Ui<@A6*%?zaOFADij<`
zVi4>f1>BD?yPxZAoFdk)_=@jL;={>SKMM}Ck<Z`_^<FM$9-(l1F9UJc314xF<GiNC
zgIS3;B^<;u32+`&p#H$hDuk=#E?BW^8K}${bw)Nxus6L3;PbB?*8@mJ2ZZEqBd*vm
zUV}P;bOjUSl<Y4Mg9C&Fv!|P9o>L8u9LO{HPtuc-uA^-$H`4#^pbn7L4O03ooW4>d
zy&0sx>-}vu1j0~MOvNbzZPatO=?2Qczu2(`l|D!Tc8${V8WOg2J;>?mZe}j{jQG6Z
z<4<~s(m)!3&L-4L2$wURtWrFMIaAAOH<Xq>T;C~cmzp5^X`%>(iA)9Kjil2FeW8RG
zfra-hspC!ygeGFy^&DBi))jd{PDJvQzA=Lye}HR9sm2V=Zs1YW(w;zUV3PP}>NR8i
z&As80U+lwF&JMsHC><L^VDszS&9BlI2o+a`oQ4?Al0EG=R3*923Li={>h3p+)}a@D
z`9mr%6b(@^zgJ>$pxccebnDxA&E&z8r}F(?7lQ#kwm=%oQLza0ryCZ@&sXn|IhYnc
zQURbU6M2$SgEys>*}-@y2Sy3EI1iquG3~WoPcg+pwIa60>MkY7#bVQvF>@Fd4M=Ig
zL3`-+?nqz_?mMl3cGzJFiYhx|y-_Pm%}9}Cm)o<+2{kew{5iB&A`HVLNTSlH0#tn;
zOHE6!qyo67r?0QSy)p-|Mx}P+@Hu2VGF^mp9UT>K0&iwdEUi@hCXYe;o$X<{tDViJ
zMzk!DaP$T>q;38nn{w*iKm?d)=&@U{sVA|;95L#2%9+HlV<Owf9j24r<K~9PNlkl6
za2}5<jMr4d1a{Ax)!@~yTy2@8y@&C)JSByW-aQ?HaSl7qR8PZ~sT|ry1m)X$($+=_
zF}pR%x^3_?rw+iz_5p`IOlmz8>Yv6IcxfQ?Xu{17?44ui(1p;xSv`Y9*@?Wa&2M)P
zcVpoA_>+nnCa>B!r<xiEfXXErve~g7Gvk!xt9!BZS?Ot7*oxN^F(+`8T|H~RXFWlO
zVXSz5^%b9=?U4hrj}2Xh#H#e}Mj|MxB)wSzZMt|d1}*!;LUzTy<?hk<2^t}76<(?I
z+2Q2;g%0p9G0%nTT%Nep^~GQG6mmk$;5a9s#tOeGa(RKdn33aQHcP&ODoR?2^&=>&
z7%D}cSXS?z-)w_X5#qTT1lT^Q6Cn;j0bM)h0l>6AE@ypQoZ4DFEI?al312_l`E$Ly
zGd&Y&IV3imHubI%7rc<!Vn7zMDm`x_s0DYoRbunhhE>~&Q+xA3o08JKI|8w;r9@+D
zYbaLGp{U-xL%i|=I#i?0h+o<6KiYpZHK`HF5I+zaIkls;7H+C$YBYvO%-oR{{Q+m+
zphV{L_cb~CG(`I9dNi|sNyALbI8pF1NXLxiRB<mt1WOf>XK)|g)wX0AW@f+3%X<qZ
zAKir$O$tW-F`V;(rA4)O)gy^ZbdvTm$wY*XrjQ!no$vDgtl3M$4{fjtSsd@;1vw5f
zmrHo~DsTD>9&~QdLk}}QvO>&5jt&ristlo|2Qno4+dA?eX(qPAC-F<OXaa)WH|Pnn
z7z+_99cXUVzOBnzBMXTNFuEu*!O)7Onr@RJ!(#2w1S}MTy}DobWTbTFB}^8OPj+M=
z3BwklLF33Il$v&IUT|mm>lTVH6)Wu`tick$+c9FMmuZiUe(T>-yt@?tAZ_3PzO*-Z
zJrp04+Vp6#rlu^WLM{zI#UJ1@2@@`HoH~8Rp{h2j-bBgyxM#1UPdp|PoVFRY0lGpY
z$N!M;i)m#5Ma6ws(|WlkioT1sBw3MqttZ(zY3aa;%uhjjXPe!b-h`w8{M6%!^zl~y
z`($PVpT2UtJq1*o%aEt+3@kNefEzk`Lv|H2e2vO>9fPN2O9a%~=6(R}zbi30#0|sL
zaQM`Aa)BA?t1;ATKl9e(OTT3@V(ij7p39T0JtUa+F_Z6d(USR#1*&(OP!+by(T~!b
zLK+v~9J7?wh~s*<`G(>SAW9Ek;9?~8I?TZ#@e<XFdGcIfrBI=>CBHNEXx5ymq|dTR
z32To2J44NIJ-82|3;q2*0Yg78X^}k>!O=i5R9&=(ddL1xRwE+Y(pN0`l(*|J4<^I4
zK6S7wSc%I7AoF;oT$-C}x@692jPCGZG@p*{TRKQ+aK@n?o<H;Y0OLpo5Tr@T>PWuj
z5#6TEo}=VtJ-+*bB)nCiFL%Ed=edWQ*{n!-jxVy}H`}KN`jE}J7~m|n!{nJIwhk%<
zrxixjog1-X>Rjg21N<0v+!x|cM>J30U@7)JkKxRCns-y=lJ!Cyi+;zqckDEmMRm45
zbo?b=$zM7ilf>6jv@g6H8-2wqJJjPb0t9ct;cI^8{R9zmd1c34=x$VY2!MW3&B5gx
zcDVVj1cXS6eId^eJAUUsX&<0SFr1kUu^=|=Tq&APu5=M~o%~ly!y&{&uW>>fe#aG1
zG>)bP5|>*S)~#wHMmnqAl)n8qh|Kb2=}K}ttyARg3Nj>G>K220R|}(Vw+aLlX<qF@
z;3-JM2;wiyZ7v)46v}2VVOpop3vrYm;E&W6+auwkFm-kIZ?Y7DOW!y+HHXU-^$B7@
zr9|!3BJnHxNM!K6n2>0`Zh*6F2GpZqpGBkcNi{Mh*RVDWLyz$2Vxsb&cZ4sMOemCh
z@nuS(GEiX`Gv>#|F|29)?Y}9(=H4w_?d!LHQKsr8qyD0Xm|`-bK>|RzxAPmL8d<~&
zSc3PIgCLjOoUrHy+i_=eLGRThOpGI?Ajl?i6Ch9Z@jgr0&OSuRID8it9?V^wpFp_W
zPHGm}KZ8F9Cw`Z2`w6~@(f)M7#^KLiA#zWPgXa&>)UI;tE6p(K%YktU!=niI;W)`5
zS9%7>>~fQ=L_e)>*QTL|JP83CDd0w)K@(W#_0n{pa;u+&^To$Zeb^EZgaMt2N1a5!
zCA54bjYwJP#BFa1%w?(JKsx4bgzqsy)`<M~5|GcvUahM?Lq|+3$gY`N;PIV&4~jl5
zK0xB^+okW_j|Z3?v;D(MJpn*DJuI-lw=RMm0lOmfVa<;WrzK3dlYgHgj~g{?4zu+l
zijz00o(m+?yx%vn;w4&*@hclNKaKM_2<E=kjbHXSSWFB{{siPYLO0I(Y~QZsP;@9%
zKk^`{hvtlSodiIs)T1{!=?5##*oDRc-7t3@a~gbCaXZww%)rCJi0#;{5k=0f=nEUt
z%7xW}@K>3<&6l`Te9YG!5Q!@k3G&u*+P!ZJ=Y~z_pT=)>j}i>1r<gW~;ILAIwKpE{
zA1Y|FXxaOPU43#mxp6ldinaOJ4iy{|DmQ&da6>{AZ<j>u*Q-QR(pac*n}k*C=RGy4
z_YJEr-CaS_`smMA6k-*+Ke|f4kC=8`Zr2NJsH<)$#ugED9?r8qY$;gVKp-zAjd+DR
zc%Sp^di)vXG>wEJ_M(kt@>XpGZF_W=Hibt%T)^w=p~*yJ07B;}ZGo(es+J>*yb1FL
zdVM>*MY41;8oQ26SPki0=bhKhqmVF^sE^)ijQ)3HJ_LcX=6t3eEzfvzF^*%T6HE`7
zq;i2hPtTa&{V;QG%e4B-oNw6`Bw_grb7B$Tt7z5BW-H*e5uxS*GWV99+M6PfktlD6
z>{n)CsZW86ncXM<Wu(HR#Q^`D+e>}%3EKf~%UUCvOuq5dL&S#z_9+GGS(}3QYvBB_
z5@YW1??D`Lhh5O8r4@2z$~>(-C;9op1$U)V<(Uu|dYuIH04@jVEst3#|M`SM|JKv^
z?$%!{E9PdZVj%2J82{kX^V+6>)bemd3_iz~9jAl8c_{aM*WD4Tg(#ztF^|AkFB7Gr
zvJPIm9jcx9A;8Z%G$oD2Z-*gu@zvP9@kDr`n^WR=%TMS$QhW7kLh8-&lg92PGkn4!
zP!^{FPZcuXXA#-9H>1@6I7y(09CwU#=;fqx1iIxnO8n8gj*uJjrvt^!rr&85$*DfM
zO;tTm)A4xfviR0BgcehuB3Wd%h`VH;PZWnYK@anfCFO3<SU+O$nT7dIz(}~XVBP@b
zk540oaJGr3t1x?U6M;=%KlaZk0%EM+dq%4J!ZhqMsWCa5tDh>kw!m8>`XN%m2#D%!
zPDHd$WpW&*M(nOqr<zkGWj7xb89>+>Bdvt3#m1@f(b4bD9#gfDaU$*W-y3P-*{FKU
zFg9n-zm?j;8wEeTIZ++?II}P^+X;`RPshAu2hkhpgaUCpYrT*sx?;McWa<|xx<S*;
zxW@ml#YT@&WJ?uxgu7AnpRh`bR;JDWhZ}gb6WF)BSzE~H9z{Gh2z|G}lFaUz(9`(p
z)`x!FUML|7HQe*fNyU^G9wjl_6*lxy4h>Q77hvprAK{g}wRl`VCey>p#F(6B_V-$6
zUfFq&Rw4Mf6uwX_Op25Xw%8@&e5PYQ?A#9<_a#J$P@{YAYP;aP)nX3trfPF*e%<>2
z-(q=XccJux>`U6Pa3rte80jQg{b8ghdtQiKP^cy8PQ&P`^eHOjyp)-s5AjTGPjn^~
z@b)@l@^c}Lpi%Q$8bY2MdA?aD!3<g|!;Yw^YXwvX`tr>W)~2y<gngdJ=@H~M(bbpW
z63)e-jhF>(WB*MSHd>G~B_55s9^+4QS^E(c?r0x)pxJ~E*o@wO<arQ8yfzrNMz4`x
zF>PeOzN{Z?P|d#5NG2E)be<dx`ItC6#zjqQI7-%^nus%o4fNJ;bq~~DHu<U@sdnXC
z3kFAjJFn&b%7TyHIyXJ8d@KT=D=bNp*Ba#f7z8jIHOgLd-3m2JQ_;soF{H>~%85qF
zz+96^JP$Eks*QOXub@B5;6CT}H;kI$OxpI304zT+W`cKr{DZ5^`I5(nLSJA)Q#G8-
zEig75?IAbP_$BJGC8_j56jLcG`U+Ag<+il8&ED6B!(u;;0=naKI&!=n99@oT)tWaN
z7im#0!fv~<6)6@{7%RkTwsX)H><=YKb_e_ft^5Zp(1hk{El&7zL&Pdgl*^m%M4I;t
ztb%L?h~jUumy5?8%_aKi!{XU)h!XgM`|048E*r{_&N!gjhr}g$vCJXC7p`?P5Ei(C
zdPZgm@)iASYeE;k%3gF480YtP0O9OeKeNs+&0)s~I!s)fP06~vepfdTG#zJ*QgCQf
zJJ!>UotziOQLBx#WEiVzc}+76eGDvLO^$9Ei$|?Q5dI!LzntJW4T8RMo;<!LEi1S1
zUnY<u{PxJ3AVP@Vm9DZzz3j79G#;|%A|YOudcJFD6y*1BZN8T#h}Xi-?Y@PJmUJN^
zjPY@YN6ZUa&X60J^r@YHypCLFU3l>5BL1N+fdIITUyX*v;7HWdIYPhTCDMN?O!8{p
zOBU3aY~<)hPk-48AfaNJ5k~AtQY|w<AkjeM8^znez&P{lwm<oz?GF4sqSwi58P@Gd
z%mk%RGt*^ra+kU?jy+^-&^ZppS4X?0B#lJnl=_2-$10~dshz~#<5AOr&=8>Y{z$6c
z7xpPwcRd}20D+ygO<#H;r3d$C^2%eytb7Rl_a0@gqE)$Z^}^O&)jgkL*jwqGj^JC?
zn9O>+epzqu(Hv3GQ%$=`D<PL-{F%B{eWgqgzVb;m<WpqW%N(Ld8?3C+)_QlW>WEjC
zuPm*J%pi61xW3XKn^w^sAyyt&QYe#BB7T%gcJ=*4Q9F5{KQ=kL_|nJpxc>7sq6C7l
zqqG5%G+3nhWAWuLl<Lq86Q%I`>Z^Dr%!CMITPQb(nV?=yIRudS*(#IkiV#{s7N}+s
ztcmh{lx|YaIqLFN{N)qUvIH(>VT{7Ok?6n@j)N6qO3P;Q)QtXPd%q{n<<R@8OP`sb
z>$&;Z2|NhBP6m3u*)WRYhU~?#&fRHSxMSKw?(|5lYO~2FiB;*rzA6QqqEbUrry#_h
zUAgOx2B4bri<N(P#)iM|pNJihZd|G|<d&0@Svhu-uF@=qiz*0m|Ji8yQ@6zkt_1f6
zhik#%Wx{H|deF_gY5{iN6=c`<&+;{!%oQ31j7Zce+iTHbxIqAd)2vf797|WFC((#U
z?{rGIub4kQBI8?!B-};~1cdhIM*|kzl~j;tY5Mu$;Be|Jfohy+9zFoRDjK=V-NvLk
zmaL@o=QW%aHR0%vPc{W<6V-?B;hq50fj59n&lNWr=(o5J^n45eeSo3Hp)!3Jz4h3@
z$0jDMeqUCe67Pqi;X>{rVPj5$5ce&T_D(dS!C!w^j(CP!J!)dG!}X)S6~J{)Kn-H&
z;$e=(sWcb48V8-^nFb_3-Zey#U^6wezip}qn6(_E2jm|?y70ewNe_uE^nWkK6<`8A
z(NIZJZWB#s^nro%brS`{PT~ODcPzl&XOd*JTAB6J41S3}uCtJBBsv3ro383%HJ0)s
z7a%jR9^DwpP4;9T1d#&H(NM)T#|<1zW`JB)CbcW@nwRCZId_T)Yk3xGSuPD*xRnom
zDE|~cnMqv7z;}cN{D0jvob@(_S1*YnpRL_p==0tEf{!yk+!ga-PcmtB$^LYjY9}yf
z2^q8}Zm*k2EU9V?rb_dXX=-?*cl{6$bg2(>*@;|<)BuKq@O79IrWX_@pJ%ZQ2q;6T
zFR6P~()pwdjzL!QuDpNCpm#n1=YhBj2LMi6Ao$7t6zAV(5~fR{EV5#GoP>04Mf3C=
zM|LqxKS~Roez-sH`|j~(4MmWoI+Jt2i9+;ks;(${LI+9r1ZP6$w&7Z{piL{6D(5v2
z^?m5lPE}k(jR{lX#2vZT_Q5SG=Y+3S_LlFUB(<vbv*HZauB)?F^E+#kx{Ti?H}qEn
zGQiyr&K&sS|2)7r|0gRQ^Et}?Hd(AiLGmC@lS)-u+41SRgA{=iiit<ONx23tal!&)
z9N5TK=zQ>kc=`PVb0yqM=T6>&LiB_F))uPb)}`9f;pjgSP3$*KSGXOdIthc?qe}Pe
z-Rxl7?S9I}gb9^u4zA1*0Y%QZ*_+xLc5Eu%Lo#bA&1?EZ7TMtP6+cg!mYV}Ghv8DK
zo48s)N1wXI2^nmer0|3kN$jTFtQ()5dnWzX_xsB{-7>dOk;VCIJMk3xVFN?$C{I>c
zbt<fJ0&tXE3PHR*-#f6f6i6{1lQGRF1~yJGkfA187qPS?&^sQL41z{Q;TpGQP&*9g
z1QpZ}uc})!>!-As*aHIom@Suh<b+=~StU-Rf|gD>T}=Z)ss8P#`D1gQ5X{AkuK3+a
zp*9)}`A~yZo1-d@R3^!RLhLS*UQ0MFT2mPkVt%rq*@`9n)j-W(#@`ifN?x(#6y1cu
zZ@I>lUU?uFkuU>mUj_E!gY9us2F|DK>J#FD{b}i`J1g455D1K;6*D6fjZ(WUxzcjB
z|7Yu2^V??djUR01d_@_TcOj~eQy>Pug=+w_Gim##xq!qV<4V=HfdL}ykgCu)+RZ(<
zjNoD5T@wG~KxV;b7dWbsI5zFcI=AJP0#CC^iYev0R61wvJ`}m@6WgLkGG1`Y4j<fJ
zvv^IQL0tbU8VHwp`m`<U)j1%pNL6l6kZ+Q!+_PNx)jpGp8q_q9N~+AsMm=DQ)ZN^>
zcppT#WZ`f)6Z+{Kz_Ca~TZrUzoVoQbiffNqjde@qj3TNt&;^&$B?6}%!Uxyu#P6#X
z@TtSR_V|cti$phhBWyD@ip2a`!u9N{KGPz1{g}FFzIJ-7#;dK|cU7@mVzgMMV20nc
zWcJ6+t*sCjxAgH%nC}Vj#|f)!Qk@yEyR0%?&4AT?+!?HCSM>rC_D~K=-P?c*|B#(w
z7nUAs8`xM6t`0L0HW<{<?RxdlPP{XSf*cYXq6U5tfp5{=dUfB)fd<Cu5MKecndn8}
zBVt%$i;zwAL>j#kcO{f$RX4|5AVv&Gwela(FLOo!XzV3){%9%KZE0Ak8d#6^3G>Ok
z!oSnfA`V4RJq}tAz^FI(Gf}>mQl?q{;3w<Ll5bw#H;)U^48>>Kih`RXTS)77HIbEL
z6K|oXpP5-5LmYOCSZAox=AH$uPhaulPHA!LL=!TMMe`<n|MZ?ojE4-{P-qIYE6c-A
z$Tq?6%n;=YL$*lBihRe{12~<oD}!9URS@B_ZB0XNUtjq5QhXH|yxe=${ve}}^n}}<
z*|{3$#PB`)XtDAHQ5f~;6t7C?GDJ^cf_ke+soe$a)1Ca3H+4ohiC{`}Si>aECwMK3
z^s@nYA$6T_qeSaqTe?LxC#rqqi|B1}!$*CY^b=slN6`ajW=N&V0E+YB)z71}3c(H0
z=bJDq@A+&PzmlMa5IUNwf#qEq`TRDM8B(V<z4zQ#HA?)}sbrHo+h#&OrH<S7h8WFS
z<6gyL^FzgvUGP;NREUl#T!zmvP;Asri!vnJN~ChVBfpg4I6!!DJFh4JlST?s{YlQn
z!or=AznBJ2QxkP{CJb0-=RMIE=oF!{ulU55Kx$pZ-q)PIQ2j83Y&6$|8ifnf{u3+f
z*@Z2eFCBL#Rh}H(DJ$B=j_qpUT|XDJtqk4hdss^u26fVVU**u$aq|QNkoMMDH^$gK
z!%Etn%Zn>O9I@p&Wd+c$j5F~QQHc_;xmokV=+X$`|0tCoKr{fYc&rXi6juJ4_A>+8
zt-1Ti>7LM_EtU>c!<#%O<$;*c9yN<2Hl)4|xt_&lbJSgV=5TCt1jd*xWWWS6GhL+u
zGyT$yP0%<|%Zlz#Qai*uVe)GK+R3}uFkLvGP>VGOEHJ)96n7`u*%_FD#{^3XzRX-?
z*VFMjt!Ec~G$VSs_|12TH(22|8SlFbXE9PY_A?UdxZ&;|T3JrnV=`;f#??$vxb6^B
zi%;w&7ST8moh?X&o&i}j*W)S~Eaa=@6=VX#?ut5HP%P*v)C-(|8+gDZ`r%t&xQu$k
zFeoEaFxq59g219G)kIFw4{5R|-bvb7>c_79wC;Vtwb9Y8wmC}S;Mw6Y!LiEx5O{vI
zuIt3-BVKP?8krvHq|XclIRaj<wV7GNCIqHH=>UI5`4eC!&{(yUx0dE~dc(_W6zgH3
z&^^zG@Lx{f;l{w*_P}9}E2+_@kj#M`C<8bZ#+gJK#06e_-JL6uwlM%TK+3=O!|yU=
zjV!4r7-(|OFQ!Ig4Nl4l7AoocunipJ##mlV+Np8Wx74l;UyZfebgfwY$>TSUdo4_$
z18=nk5y_9u0stq=<@)mxta=5nU^#?3`TRSB4hk&llwRsnmZjWuq-CJCRtsihtZC?H
zl3%f=oV8P~^V`Keieny!unkCIo_F3ks_lKtXs4tQjN&3t5SCBChG5lAa|TU($;ZZ`
z(Jg;im?#4zsR1bD&~p#-UVD?f(@<uTm!=_2^=fxoTYhuCYL_UM;9WvLo|l+nD`PDo
zSQ6<GsXN;W(L7&bj7r6DOx^d5GIIM8CB04(aWz+@1KN{*r7amZCftE|c5hB|oi3H}
zNjWDAWe4+JgW>wt$RX+-%U-gh&AvEr?BYYW^ajmqT(QdCvAK*g?Aoj7XDzF+Le1>L
zhMtLDw*C{}D!nD<YR&L{Kq;8qRDn~5qm^v)WLP6XN688~=MWxC@)%)L#ysh7KQu|2
z;o-tGqcwb@&K5BS*OUl8vudi7=w23f&6Fjc7eBVFWzjRSYtb=FC6g7zVpj5$<9v2J
zUly+;mpJdv+&XLDjn|trcUK9zR4Hhg`{|<=NK$m|gJaqQDXkAd#w_1R*P>q3TFF~p
zYEB!v#ciVm?avgz2;=b62FLhCxO=D#vRJx!foW0+H7`NejWJ*sHySeh*h}|_wGpr7
zarYh}d=1V%1gmtNMV8RhK!;QfM=-z>d14jHpmU+Qmov+8A*4<s<oqif1t*xSt`7)p
zx{j`S7Gji|ChIj}Ji3&uSmb|8dzC)<kv-DIH8<Lv9L^MUV<L!<Je9wDt4Huwwk;7r
z8oY(F3ue&Ha#U4j`M*T<&!CyMY@jM~iu;&%0v+E4!6aBo+-qnS>a)z_<^=Wx%zUjt
zvdJ0WT#~a^;J6=WIH=upX`umHO>A6k?6AY?<C}Xw&(wm|JmtZ0$37#fM6E%<V(7<(
zedx7iVa>|bP{u_(bzVLQ5_5JxPG}=C6Ql*7V`KGKL6<XDa$c=X#yO20WC_ZRNz9NR
zZkbq@N`B?QFPuVe5%QZ<!xq}3@z!n(p7%B+s&LXg4;4g=(v?`7!jW2PZDDP96GMV%
zd+3XN8=Pan=9S)5hoz+!BoVkFixG72H6dpfwtoR;83HJJ<+Fsj7Sh3JE-D6OU<~Et
zl<_|3AWJ5D_~>H?E5RGJ<WON}?dPkbA6VpQ)AkJYy;>@VApwu_6XnQHXD@FqWgJHc
zr1DGy0^H6<6eBvu^+4*;cX|<3Q%<0^toPsRz{cE3{FaiHA6R_2!Ot?2GL83TTG%QS
zO&L7+xuSH^d?MZAHI3T$lmMrfdKnk`5cEarrX~)hXCUJutM0dua}Y73MZ+Vx;^H9b
z>HQ576m`a@@<u{Z?L_bm0vI0}SQOTR@{DOOmYuQKG$MS|wK-Ft`bNGotsJAtw6izH
zO+I1zT5Wy8lSQOW1aReKtzpj2i#J(aezU-nG*`Zlb9If4Z#c8)L&(rc5I<3qu;^9Q
z!ru^*2wZ>_Oi=oQQdHa<iiute^Y($lS6jO)N#;sCK6iOQBn1~~%2@-;u^-bjHde&z
z2hr1J)>cM+^OC)}xi>yI-m=&_p54nPnGtRkxzO5Yny!LnUbz>TZgz)=#wVRsS-V>h
zOM;PP%;I>K0(lb<TJ6G8%?rkWGXAh8#21p^W}Dj`OW8{5VhsNIaOibwC6A~op15lA
zTW#d!<ckZdT~#9{*udt+cY~8%e+<@a2ZthPE8c*wHbvB_r|+7pM@cEcbdiR`2{e7M
zr2+_LGj&2$1DCP_4aR1(Gn=H9^H{5m3fla|qt9>@tdzDj;<^`ky$nRE#tifNPwcPU
zhiki1jIXaxS8`_U08pL%#VYTP&Lxp71h^<aZK%ul64l>J?SpVCcB^yHt;dOyN?;5d
z0CpRgYu0GC+dbp}gBAro#xpPu;^Xg~49z|+Ue>57%7ILc5`D(@7}ge6ImOPc$p01}
z2pR#M?+=KM#?0|6X;3Ok!sr52Zc<<jk<}h>y@?!KsaNeeQP@hSZ*3|XahR4=3Gwb}
zoCs-6m{RnqcsZ4AfMDHV1hC(NeQmE9GGF@7hjaCzO}Q@X12Tf9fwV)lPb44~+QKZS
zIFGo{4eHXbe>weFw($wPzm~<0MwlT;$ZVs%zl&k$7E1{El5|XG#x@pD)-7nlP!{RN
za_zlDP6drT*%eCTnUnF=^BL8Nk@>u^J2a6B61%mR!}xI|MPW%_U6i>mJZoMape0Oy
zn4SYZu-*&m>1S^H4Ry*6!2Jhxd#;SH@|*JEzzL3R2t%U3qYyE(gX{FsEC=!9%I*V~
z_fm}I>jcG>HHdZ6hc6k;MSDT4U9ZaQ@gTCX91lK{b7tqKJFqi^Ufrw7#x6H87v5@q
zeQ1@o=9evOHe*dj)m{K_=r5M+H(&m|=%nD77!fjp2I~(?X5gp@eE~(m(F{p(3_s3F
zQaRs{(5xY#u>{gkUwcwR+?LdlES>H<>D<5B_rj^jh;8mnLB)=m)NzAtE=cw2dk?Tr
z_R_k0j(Dzc$7Qh@IjXri?3<bbT=ID%$GrqqyM>Cz_e-kfbFgNVHJHQhugCGfp|Ius
zt;}{j3$5OL(-hH$v=bq3!&=UBF&)o@(E98R`;>$3$cbOJc-=PDW*Eb<CHMb3AoshC
zy@vHJy9m0{r#{xnKtynF_x~n44X%-1c*{04S&7W}Kx58eN9j5$%c__$g4;Wx6xa{!
zs=X){>+j0&+-|flw0k`x82wdz`EIo!8?drvySII&k}toJgs<q9xQ95aKc2^qaUMZ}
zb+G~X+P-;R2~9gJUmRWm+BdZ2mu%m)Z?sv+VH&c`kb#CiNb5xv16K+675SgmD!eX9
zT*%b;p}xyC(h_g`2w6|`ue*ZxlZ8!|r4RFbB+;1lGs8&sSL{b7|F%d{D3i=K-_llP
z-$efnWM!*HX&>1{T+=BG@<mn{%sNuo1#cId<z$*07r!MCkDFUsKJKzDmkpMVCE^TS
zPEbD1d+WRAmPS#L+QS5Eea(zGB!g?ltl|jWV3;IPa~^`K4u!JDu&<k&6oi3Bu$*M8
zy_O~SqrH1x;1$UA?Xz`TV^+g+0T{iXNxudOge98g*Zglgrt``oBj9)>M7+O|7=@tR
zcV*WF6l;;|z6`4aET}VV=@T(F>*qkwp(gP!L$`0eHB1ThrfxgY!j+~2L5JYFf01Tz
zxIpnn)My<;>CPB9eQ@+j?t16H>(5w+Ss^lGsHeok`+PCzkn)A~0>$WwW0pl$%Id-M
z8;NzPQ+`0e5I6urHIe|dsZpu#`>$`yC?D<3lnxNi?vFGm@!$@)v0`o9oMlv~r|&L@
zF`qnBF0Z;Uvm(qjj4s|3rLXb-AA?zAlA1p`V_~-x^HLK!fk0&y07Xfu8W|xcKx?`8
zrWH2vYi=u1-`&p-G3qmdS)jU6CecNms|LvGeTac;Ds>A^Ol(CEoXGH$Pf9{JA2>Q#
zTj_6dtyqNUGj)P8nQ=gR!RGpu*ZTQ@RR9FOov3Q^Cg)3Qht2}LnMvdA-Ou3auHR5D
zWRW6*noC*=mb&q-?6oMclDa6IzGNOJb-i>$Ow*B2g2bb0iH#})M`~l7vu0a{A<4>1
zV?KLcf3}&!oiC|aI;sE*8#N$iA32Ug|BA;_A-j^Lp_`;V?+l5#taJG`y1xvQ4D<3X
zt~WYNhUPVCb4d;t&T(U|Ggvi<*SFW{)6Rs}j`_f~B##unX#gF+g}8_50<(A%>g|R7
z8-@_#>10J)(^6j^naIAudgO+8UCa_oN<S*g@Lg(i6mRssk}3xREeXrsgIrC*SdF!E
z4{dXTn{VkZStfb!)Q9YZE8?hnP(6s#mo~ol4Xbv9@|9S)TgB{k+ZkzR20c!rlr0#x
zyGTMHE-t}~|7tR*T7vOoLh;DLtv(E~Ely#_tR)Xf7bPWZjK{K`HOi~yp)mdok$YBz
zQ-ECLjCdmWGCO-~-c(QqUZkO>!oeEclnouxU%J}18Mb%&7ZB@)&rN-M3{*SOf?W5b
z0}#QChfIJ#;R@Z=edog_B|IvhRSV7tR$bsFCgAWCr36x)?2v}4XG@g9;CN|*gqa2X
zsaB%+U*v}tJjRMPJS{|{Fbo4^)@UU29nkR}_xg2H%tHN%VY=?hpzXbI)AK`P6muxG
zSokD+s?l7TO*8swYWFI_pvW|Fd9XobUBqHyrcF76#A-W60+qI}*t;$1F}<>SE|l^$
zQ}OtGEl0SARaagK^#qyG&0~kbY!Nw{YfG$l9)P)Xa1Bk4Jz0?%L~Nbp5aT+g)skL}
zNk>yVvT&Q59Zd_C=Rgv<%O|MeIUe^Ya0Q4^B6moyyTw`qr<0Jmim$?koBPSF4Hp`>
z0lxk*995e*W&8{fRkP^mfu^6PFz?5tF?FviRmtAzzw*AWmKb5=S99s(cQu8XgSlWZ
z2;PlWpQ)jc7RlN10rpHZT29e%6Wkbegu$#Fw^w;5gm;t3_Y71`GMaTduScruUS&{s
zaDXCASNcSxOysd|dbXqfbT*G{Ef0<K^UiB_E<<Emu$gF-vsi{4Nhic#!O#D<r&7<G
zqn2+|@CrL7qm;jr2~Ag(Qum(nQyw>1cI7IF-GU-9a~L&${z%k1SR$H}=hhKD)Nn)Z
zw2XyuO2M6^ga`l(hHG|pfj5RCnil1FpL4;%Ylmui2@~Bc{P{1OTrs0Qs@U^r)>9k?
z&KRBt>G92Bs;WPNk){(7NFH9lo1|avzxTZ)FXHeRs{3N37=$&%Z{~`6u$rjBYcI-}
zk_(zGaY$f1vo`zIu#T$Tw(jclCDL3__a--;o#A1OHqxO3N-6r78<ZjqaUN@>+_lbr
zp>2MkJihO`UB!jv_`Cxz@qg>Ghn``;dHJ~w3JY$vH%I^gH7aB6f`f2Idc`LAVa3nJ
z<vyB&2XzToGC9H3qe=Z!V}^+nFM}JRota~&Nqj55lRvgo5eloVHYwv8e6!Zmhg(Ir
zyN_bmKw56i<P+0n?FHxF9W0g9XM?D|of~2DL6M;mka#FK0N%7p4Ae)|b%B>40ZD(=
z*_S0jwz@2*8K@V3?(?CLmmu(h#426rpmE`D8^M9&O4R{@F%o~f&7!H!i=SS&JjI-r
zzXf9Ek!$JMmwDLLDM|#Y8Q9!|oT@_fk9QAX=@`Y6BqTPy9nR~`HBWcsV*DhKH?aTm
z?g=`1kPv_lq>Z5rBd{&P4?H%4vn$SxaC5;wAgm)QYC@!-wds|ymml8++v9qy!0%!<
zOh#xICq$OZ$Y^Fz)PMy_5XcZ-<VWH(d|b+9eaS@r&FmHy&#`NyL@fx{_PESxvyY%s
z5i%3#x+##m=i`HH7JV#_u_pU``@6D@GX;!UT*jeoZ|F;_;9Sc~&I@80J~Muer7{mG
z_fqgWlFfuVnY?-)j<iXz$z94Bx$PKXfh>N}@~m={(kC^FU8k7W-7!jF8auwzH<!lM
zap}(VqMyVe(zn}ir|B-gk?v6N?DGF($2g}G(YDdWLe<9EU!>{%7WC2?%9Jw~x~mBt
zAR+7jatd03&CB)kzoVuz(Qidy%{=+M9rx;G1f%1*H-4CD<KaoGZ|V<#D11+{Y{klH
zC-otkgL%b-P`6TB@E6xFOtoPVX~)n3`+;Ezvor<^4=EG9>gs9#HYjY5?o0B_e1lM5
z#JAkCn#p@Mg2aU-;5g;cCrSpGSmjV%$uh-bPW=&H0?;%&b&!AP4SkJ59OMk5k`xXM
z4?TGn9ASxp%gn&}#8g>A-=TuN)Lp!Bxau8w@$XUkh}J?!)Y8-Y0`%Dk|Iw#o(KtVU
zRA6Fh#Gt0g$SMK&qzO^o6dp)3*>OUusj#Qv!i~jv`mdQL&i${i2u)B|GnHdL<_UW&
zisuRz^BEKct+&mot29jra!4<2xt5&T6u0LHA+c)%lb}NrGPxz;A4G^EhVHFYTnJRn
zLB4f49x79R62XFN?)x4SspJWj;=&9*GYpwO#0~T=OpTuj+vN51M{CBd-2-?3Jl3W0
z{U)`-H$+ueAkBFK^F#;yZ&&++%L!VC1IgD6mc<XXBCq|STEp#Tig3O@5I7QFSM9hw
zN{&(oM>h*$G4@1m?T=^|drdk9Gc`n(odmot_gje@lsbvv5#V^x89>UZ;nV>JaNoEK
z7)QMMSBh(E`qp)}TQT^sbqKC8=F_5PfVs~ii}n>1NpHf(qR$FrTj^tiMq(!V_o%~H
z3p`bz391Pnsh@H9r06I!LW<?j3|d%SsoKbDKKk*-!ym`{<T+Ycv6C?$XS?N?_=?zs
zr8pmgNs6PQ`9zOUrUcpBEFXxpdZ&Y^Eo}`&vNKCh^o)(j5Op8sjk54VBvve{HNl#I
z|5lL`nf0sdmm8QTMen_P5be%mwd9bJSAl0e?~(H|kq47tDCl1wV>gi)5*Ok*qSW8Y
zmlqfk(qTa{(UBGEtYuIbPnSJIopL`cYk;L^j{TqI`z0n&TIiOC0JBnAn;Y3=?}L%E
zI1Z5L{<_d^MMc067ZkfEgsa!Re%Sx;DguXRr-7w@ANEu}nQf;qVGqy%CO)EL^TchK
zMD*%s!<Pa4Ips^Aa~7{)n<5t+bUuDB(yGS~`uIkYvC>yH>0U)?nqC#CYJBIvx5X4_
zz?~zSQAL0ySpq%dXcJpf^zxacqbDpmY2Ju}0=yoX(U}b@qn4oJBMfaMl;A4RPKKA}
z9t)Hp%#gefwuh=G_*p6Y%=So41blc>gvWQh2l2=CSpC6p`vjHI{AHyIGoWe)9dUz^
z;Z5r^{Ws^*en+_T$=&3?<Tz$U4u%j{M$ru4u^tx`ptpfoQF^T&s#r&}atPn^zcHPM
z7)yeoj?xVWu<RwF(s;Z$Kw(K!!6BO6d?A^NYvfTT>tWb?{aqUGD1Y>_azG{9WUEyy
zDDchQiJ(jCW_gIu)vd_)vF-^FhQhNNFsZ**wsFWG;SIDQPw78BfV^uCkU<U-I~V#5
zLFLQUHC#cvm3iUplNWtIYUh~WpK$ry#<fA!^s~mjX@ksZEJR588gmP-A194)3`M1^
zGRD=tscPzT$y=lsrCQf-yDTb4$%$_LRLf5nkJ=c0|F1{LomD}`>~y<OTsXr_{+0T#
zvTnK2y!_gaz+ru*DLL&;#kXN*k*64ig^lL6%WrRVD@tL5ZEVkAcUqvu?>oPH0Dn#(
zQ?$yr@*~M)7(!!b{91!Q(y^n6^EE7sISl2Nxyq-Top;J0AVF0F1IK11wI{Nl1V-WE
zi<7I>C)GFEC%Nk%Ks+#OoWlS-<8I0WJ9bs-!3!KJ#r_9$S4}&#aez7GnBTB&k}f=@
zaVR5*y52rj%hwUY3X}dMzp?A%j|}(WVtn}hJkY)f*vm@QE8J69d%d+YV$&Xr4D6Q2
z@VeSmpuXvB96+(yP-zqA?Z^p(Xf%Q7qvx<m{gp}dB9vUsLAE(lz-Iy>UD%=IX8%4e
zo0s>gZTOuqc-5^*uatoNgu49#&}(7ch?YK@$6G?&n<ZKtAX!Y|CR)_rOh{WlbIe(!
z%65BS0&2@ApvN1s=`I&xbV!2Si7if3DS08HbrAA6bCJ8lcM$6(iQR0WctAt+<=ig_
zqv5&V^>lw}v!=W*6e3si-c;|C#c%;roz{1sxo|1rd!E^6EX~)jC~7k~^f0%J(cV`u
z_QY?hTYF1l6T`fQaf6$s4XCXSM~M!@x_HsN5{&)7(H&XSDJv&_W&a!dG(UvC&yg??
zb0*{jK2b^m;9KRCBg9P9HezUH0dvn;Ll(Ul@CY9e_bO&zZU7*+bEyQAwcV_!t-rL0
z)rCzJkrx9;%NFZOLT$Tztc7;)bOC)mG}(+@g6K_B2ON<JDdZPHEyhg`T;OFj{FKHk
zVKaPNC-lltwDlHuUf9g7q{ARN7q5U6(BL1RTvm^#W{f84o(NyOb89YqV12c~>4Ok*
zgZ$S4&?VICE*}2$Tb(TMh$q!GXjy>-a!=OqCB+Pv(Sjk4lbe$J$wK~QV5?)!2lO$C
z-8ghwlc^V-x<&zWyEhfFMYl$PsjBe=s|2>V$n}6bz%*F<!>j{q^z?|7B!Ecvs2#mP
zKN7<pq;qWzyrX>&MWSS{78=Z|WadTE577u#uw(c;jR%-x^q5FMxi{~uup!iY$x9sj
zoxy`7eI+@3<R7?U;0%@gcR+oZlPw6uFC&x4vwrq9fA7@Mmc+epyg^PF#Hz0zRQ|Kr
zA8l4d>sMLtR6rnf5Jpb=zf@#VGUu4w5U^+^iaX|S-oG3jLX9(luBSFLZ|rV{wQpKs
zL-$UL+hXAP+<SmBJ3gzvz+D@?W_I2#B}2_O)&*XO2TV)rzEjRHBpXKfFJoF5GxQjU
zuQzc)OSwZeKlo+ZcH&#->?_Wu8Wr(?RWF#Y2QxpwH%VEF==0Ng7Q;R35Na$H@)?OW
z4;{mD$T9uWT@X%!@LPHiB39Y>0FEP+E<c*9_?>b)wj|K@4E0&g_BWnYDG|B>PeLdG
zwF?!ipWjO}5u(?f@Tef-V(vjezVv?CWU<_T)mwq!18D#I#yAw?!A8$_gFMa$)|`JG
z#~6`uNKEAg7#FU4$GL#&>7uYuB4DwRc2-U;9P4?`;bv~=Unw&cRM8MO$fufpQ<RD@
z4!1N)f<rjZ=QMzrngbaBW1vEefi$AWRN?hGPQw7aVwjyQpVcmQ5>C6SHFl>p>P4u1
zghF^KVSaXA!_%~YcBy(XC-40b<Z8^>ly@kjV*7*maf_HUADe{Vj3*C%{ql8;hG4<K
z_r-A7Z{b_s!Py-6!K4?-IBp5WNV`BD#M_zgK+0mz*P!5^;St2gCUhlBTIT0?-lZDH
z;+XAla(xSh!2T6QIH?SN%YGZ{%HuCBxdCbbrsKa_5I+60{)++<1fQLG`CisVtvyp^
zj~)uxLO0X?^o4oNhNo+;Chpu_{lo2)#59mPYN2p#!HbdSg0S-)y<|0wYUk~@=sDb%
zJfU;NWXUh_K33cyWEB~W>J!}g%Zg{OR4)3-BQ}s>r(;ptmD+wTmHrMSTF_@5y`et*
zqY7nAH!=%NE_}&poMTNAmLlIY2_v`cpq_hKVY@Tzwk(BN6J@6hlg_Tv$IJscd6$F1
z1by~MG@YD)3$7GHSf4^ZqlI~kJbTP?&b<9A@pBqTgJtCcfbEt8w8a@Q`57SJ8kWCe
z#Daq41Z%F&(}Q472ICOf&Y%dbS7p<5_*DB}#JUk}b0j&leU3RDv-Hojm=D%;eLjY&
zLRwo+-UDY(KtLv^OJS4*a8zx8_pbVwNGz;Ph=8i2DH58l7%{?ck(ikQ_Hwio>TSo^
zMvW0AA@zKtAl!`AY>*?wme22%h<A-<vw6X;A%2@j2EHtN$Xw^?jC@!apP58Ztd7#s
zu~V+Z?C)NTXohVk;^%vJV91ddQ_Idtl<R!xE^Bk+<5qqwq)+Es5Sl`Ersu1$+t3S0
zF^jw0rl;55r%9PuXse~6{!qFkOwdRAu|(E$c;K=cUpXTle8j7q@DM{P!VcyYnKb%=
zLZTL8X3)`+r2=^h;I9$v^T|vX?9yR^)}o|a_l4uD#&<}2!VOaDqj;<^h;VJ28P}yQ
z`$=9j<^{k7m-?jx+Q0RL5_~F0kahT!m(6-DRL~<SxE%q>0MU<tx<=IZ=%i%J;X$ne
zrb$tvl6;To@m0-lr2jfZK`L3>a<@d8(6uCn^;UB5b;=n;2R#3F-wvX`Wc4(?KBa-_
zR^bA?p#q+wMzQdRG3=8c90xbclM;EoQR5$j2~9_=RoQ9v4eyMaE89La2N1%+GkJ!-
zvEVZMo9p(HrKBzFA|$^2cPoZL;NB?Y{bF(6&ACxlkc&!F=`V9Ah|J2CP^C#`LAnNW
z`JoIhj8sl`(>{dJ(#^`EKh;~zekp0}0l*3H_xLn<Ys}bVxA9Vp6aO4Zo^9B>OQvz&
z#TERXz=6H}m#JeBi8}e=0->&BscXV2E{ZD6&j>5arbr@%;Jb88nW875fqCX(_B-Nk
zBr84(57Pgsf}zCc@KL5>1i?C4=4dm{Sp+%B@?%!VM`gSW@(ID%o+y*>7rNu0_wXHg
z?V6dSIzM7rtI2{Zup6m9uXoTqy~PJuVC_rJq&I?vac$@%#~i-{FcnfNv*$ss$RTul
z)-}4?ox(%qjP%$61A})@pE`|oy<3}#+dHDJiFYSM`?PU9M#BMUy{^me^mgFF=DHV8
zlL6nGDO<7=)2B1!wb(5r{#TvXJ%`pus(iq^YSeB|@Esf0xTxx-m{sRGZfXjefCxhO
z{f2aeiQ%;>S$`uU4r?8w3X<PW?(K9>R<-Sc5|Y`-F&Jaa%-3fu&lU(#V+#TJ1;==k
z-PZ#E4nXn02h+;mP9>cs+&5egiOVRkg8A(mjbY_40k`&UKpioSx2ZWp$BsvcYVuZL
z9Ff5uVvm}qA9YhV3YXG$YpU1z=Smb;`=VQFF3@!bl-f}DeoH<3^NRJDG?@fvGQ8o-
zKSNd~-fDY}MzsW}4Ic38)a?g=u<QMdc`WJ&(($+AraBNnh`4>B<{&A;bR1pgJpG*#
zw8bGV*8(eE%(vfvuZ7{&#JDcSSC!t6q2y&tSxbWko(7WqNmS<0)BcppS5K^E&Q8>q
zIBOO#Lz3z(@7IiKmb+8CtWfWIz?ZB=sRFZ{!@ddGk6|d6t$h<EuPWrsfN^V}VkA1m
zjnLT*hTc4gv1>ws&<O~>a#CMux3Y%*C?z~g=SG)o>>c5Cv#R7DK31=hS_FO2&A?=0
zK1Dsa5<O)s?&KR_?tQZjmhEI5%iVBS3{--lY4N%0!Q>FOlQ0|&*JZEHD)T3TT&yP=
z>v^gFMv;RB7vgP3g4{5+3bIvOIY%7JZ#b@F9)2G9pUoIYqCy5)FZB!jN5nJ~DVL<S
zg4%a53(=iruYD_n+uB=|kUt^~8ZD5am>FPvNFVIAk{#&@nqU<Q9P1i)BhHH$D3=t$
z!GSbB!XUXRGi$Q*P*!kl#DNx1SR4C`l#;ZmI(GCTed9(GH=97%Xf0UvWEr=#{Oh+~
zSk%#b!M)58OP-pb&NmZlEs`-RKx8#psK}z;Q?Cin8~OQouBOU>RDRr-po)ffy|Q{)
zoyG!t%OGGUPf#?kH^E(Va|gcFV402b8{jao<$O&8;>#{Q<SnWux^@nyCzuuH7g}zZ
z<d$KKw7kZ^aojA~M|8E@!1)rVs(_A<PLfz%3LES4C6<CEe!+TqB7@(m{w|ZfOWk$B
zydjW9OD&@_qczRY-0WpxxIFO8$*c+Eu(9Id2=Pl$16cU`q@=_A1>W!d)cC(G46W6Y
z^LaC_@3K?J7wzebJck5iI4>QS1UdtrVggL-o+YISG~p9VOjR^OwbbWhviLL9l>cu}
zU+vH$25QDELDMU&3Cs_wp8(FGts(!{wk3ep<d;79Dhi0HOQT2}{8d4*tZ3#l<v1g&
z<BjyZ5!#+Xw!frj5Q5DQq7BuqqG3^~NB1;bX}zsb!$j-X)hrY6tF$I*a!c3Ttmpxw
za(@D{smDbui3BD0PRFEkvi8l}iTnZvGf4?%7Vwu_KNDd8r4}n!eN}8B!A4t|ca<?c
zwXFf5S<rOV7;ahvk%6wcC>Iym{BiQGd_pq=F@I*#!9}Dp)DEYc47KY*YE8T)NJEw|
zy-C2FI>l<J$X8{HzC1Ks+vW#`+#9Oyq39D#1v~!&Im5CopO_Kw`G(U=5bLc51F)Iq
z8YlJIort)MLtfZ?Ne12^Xi4?7LVn;woZ`uwK2qyrO0_6@yA>5p2$L*qHVuUX3X;E#
z&dSvz!6V1nlJ`P_I`oyOJWsQP2k3c5zTd|g%sH6TNOg(VbF6Kn2a5*HUe9;`xJs7I
zEXpJsgrL(~3p5S?A{&vA!Ky84+ID&j{uF*RD9X{vJ*M-ZAA%feK@9ev&^j(g@p>`e
zGp|45RFcN-jsAK6vXx=^FHpvtZ?f(vLH}+yBjJyR`en|uybWRE@t&DtG76wxg1Vl^
z`fb{t+b*r{M~p3|l^P;$zW1{I{py8IR2oE`w^so0R~MEe!yqTh7#kdo*4RF~i`r5h
zV|y~!y9odjUt!lP{FkcL%{nUoA%#cFmN;M|)BBnWhS{r=tlH%C>xEY}HG6lWPQ~pp
zfgkFsFO$~f&QUC%<bwx8y)c6HE1`ZWOwP5x(!&s$*iyV59UV;RES0f_ijUP<;*|<j
zsNFEFvGA&UK*<1PE>_7{c1wXXO43t?!nsE>hFAr;l(p%Un|oRMPM#;t;dKyhluZO?
z{ji0nKg821@4_|nXi;1CrRhcto|$~j=etIcs*pJm>7*3=kLoEwh4|Rm3Mvy>`EYR|
zW)cCXE>{>3`OVLHECs6puAB)Lz94YIWU#vPPh;1O_s;zazWk?lIlm>tFT4~w01hm%
z`=ch_%8N2*8u^Le08Sq@TTicZBid}<-Dw<i^i0!%WK4}|hZY+;Ue%*)wwU=zaHMjh
zEurhk2TkIdEtzNc^X69DU=FZtst0&SinTjsJsHcumgAX4Gad~xT_$HDZiV;N<3uiS
zt5L#~xa*bewlU1lmQT3-xblP6+#yi7!NVVVYblV=^4ikO=#7bj#PA)a^cyE1O+!x3
zr=4niGzi&-+RzOlbJK?>el-bI6Q+ItBYb_5w?**m_XxKo70a7xUURb{Bzg#gO$bH+
zv+H*Ux%4dm5(R-w9e9pAqzy^Ae-+=C7e5z~jXq7IG=&Hkk(mRD;_h=$>=ftHF&%!Y
z195;gy1$k%Q|uDtC!pm6_|U5FDX*&{r@BNC%|K#oA<~}i8%$ecEog<EF-CBSABXUl
z;*)@&qDb954U`WNo2xoPq}A3bkf1#+?qV(!-j30emRL=*3`yvgcr5hfQ6`)Gzz<a=
zv8{7F28WpR6?w{PY|T3B=iYm~2RXD{){`Q6GuZQQ{p+<@iAR9_*uwRV><ZV8)EBT`
z2%GW4$^1B%hoSWlx5)7Wvj30IplYf?%OYr#niffyWOcE#$qg!L(+>C1xB$rhB@ea*
z@K3r|cXkZl_z-5-r*JiNut0vdiBsH)A?gTZGEQa3P+<Isp9-kbYGXn+Npj^d%YrJo
z6O-bY2U26E^79-l&eJ?0dZZf_;H;|;h;VB_vAjtQlLYmM!rwD7w0iPE&=X=7q5X(y
z?kuKypt<wlk`IAi)%hFyTQ>nfEY10l&=C?;%|HO{$xj(z)e%@fg7S}X!w$4g6K427
zn7Gb3yb59q2eg_8cGFn)<J0eN6kY!TSp9>QgFqKk|M48hbu6KQJmQU#W~y<#C#KD^
z!|I##hUCs-p%TVlL}Z<N){ToD7%LlnCClzGyKGj!kK&N~M3ih?d{trA!cLbHevwp3
z%7LxsH2-)Uxmv`;KIn{Wi?F5r|7{Dq{MCRMg|WL&LUtQ(ED?LT09ZzA>%(iOicKPu
zQZ#oJmRjCN{lRs;tn(e>(|(~4ZVvK!+AUUYLivy8<^Aa6qLSL1GIc?>&(+oiIEO$&
z+5@p%=0NT(lnvki67LgO4*f3ttS)z(o~$`!x_)e?ZUxUabHth$<6ZW~pPWqLZmmWe
z#ju{A!(9z#-A}gDFlNZHU1tQTi3BxtB5~?7`)bJLCLAq2u-Jsu?TB4nMm415iHqRw
z|Lgn<sHqFtEAEm&cz`eXFZr+Th4Z9mYvM2o2DwlGQD9aUSwhU(WayDHU98!+H&9SH
z(ozVQ%tP7K1j3oA?l^>SL<m8BWKk`eYAXG!to3W7G{qWn{3LzDpn2mHH5Ub2V0zpW
za6j%1$`3z{-C2fKGkJi&So5xCdx1rbeN&shpbp{i`{!1oEcF-{=dg-?DAKIhJCP%0
zs%h*491~hmVEn~eU!L^PBgrf;MVN@0v8%isj+J~WL2Dc4>l^LDbF<8mv7#WnK)GaN
z-uYO&<+kR9v~uVg5>jJ<Z{p+@Szxz?9;o(Q_8O}3Fu???Y=-Xylh_70ZitpJ`}VDt
z6a*cT(_3G7i(~FZj^f7Sz-(a6ABalRu|-frb$&A7qg{~<FQYoctMBTwVQerX7oXB(
z$kP>F#>Y7Up$V(QQ`Ths8K9e|7CC_!$xB?l#=<jX%l_<S5UnQ??W&nFcArc(n0Kf$
zHJt~AS<${ZAWGP_GDrrllwKJAAoizMphpTOXS;HQsr&J>L+2*nXq)!dm2}4DHFD`w
zFR|l`&_<JOGz?YijuiebfU}@&OOYIFK7%vEYiDZcm}F@wT;5fZnjIZ>bau^0Resbs
zzQrZpElWRDu2QD|7|;z`9vZx%XQ$Y<-7IVJKeWmqa2%Lv%U+WKR@yVuvi!FM1i;^N
zU1m+|c!5qAP&EQ$nu#^v=nIGm2w|0{%uF>){N49?j@q|HBELj`Ek{yQFXfG>wW=IM
zgtZLgc6jgsrmA=CynhZVvbJ8DMm3V%+xar36ds(Z@d&HeZRf`KGHLw)>w*#U&N8_x
zc#MUUGl4LVktBAjH6&ur9vztbZt72I4h{ovJ?yE^6g3_sq!S>rDc=SF$7HwQnS|+O
z0l|*zor{}hHorS=aA;T?&C%ZWG%2sOuGsC=Mn<OJ#cNN3^qp84&F`9T2*7Mrp9j<M
zoGV#YtiTmSfC?ng!YcsFvA}B)l_9xj%VH^kF+65!`n1Vt7s4=rcu-;w;0yVS;$82u
zmT=3)6hM%^L5+fA#CX_wyI%J$?dKqT$Fkm{8CU7Vc3_IUz3$ZxeOML=QtQ;{K-L7(
zjc6$>Rc+UkK)UB#F^ZoHFJ$v!Y-j>Cy?sP*x8y*)i#PL8cnYjNF&m{FR?AXn`Ya4Z
zHBEE<2u3wkEBA<);=Yje*V?a>Q}u};p#BZzZteZ*lr)_ne@b8fNWn~N{sZfq1sy27
zl?8PD;SMfde8;reC@uh6A#}i;Vy)UP75H;t*uWq#-U}A52|w=C#0j|wLT3ftt`Q2O
z?TZkTa4m{Zz>FhUxiaawiwkaiy%T$DDy1BzjrSRV?|FaJgZSQ~<U?0Q9xH=Q(BC);
z+3Vq{bn)8#<6;m0?PG<p6D{>}%QeRZVMSKG2NIkDken;bj9R2n=}zxAUj2`Ez^HW$
zMf6j7uS20PD30Dr2{nvo?8_%JL~km5(5<|fn<3S&u^-H}d$UlZoD;K`4v-h@PaX^^
zxBg=gq%>U_H2kGYIAaCy73_!16_E@wG*IEoV6~{=+O~ue+Wb)%5!d@HppBC_s9XF6
z4i_ETFpW-F$!T23&1&VbP99uG{4nD4jS<H5mQT@XG^qdTS0;`~nlnuYKdg2cZMU<?
z#?<Q@Ar~8|*AYWK{_i_`z^SDNQ58*h?|*D-;NxG=*@LCPJG(Wvuiup_nus+3s0-R(
zWzBl3apkM;a$ul|yK@R%z1|9j!QrT^uXg#E>lam^?fw!6#c3>=Cqd>@NC$|l%RP_k
zkNW#_WeUis!%1dNlA@^Igc4kJ))iZ}7FzBgps1_~?c<^QfDdoq3rj*2`XVY^#>5|g
zcVmekT~~{3n4aePR@mV8f3TX*BpQhIqD@Q)^=ZVT1r{PlA!Jp=ziv{IC<q%6^~(wO
zNVwu;?MmD_l?-3{!)SS&OamOKh|?VDIBA9=EyHM!93q0<A|G^P>^%M6gk=(UOv&yW
z8fqYsHCqXzJxr)mf;Wy^tHtXev4}gnai*Ahp?IoI!Z(UEOI&O|Awv|&|2x{$RzJQI
zKhpZG#|vII>}}xk*H_e=QN|<GFBFe4*D#>ZSyO}#IE##Lbq+nQ26vzjc+G+A8g|_9
zgFUMV^Y9n82X|q1N%&Do!VlT8J+40fK93xGfE-@Hq~h%7%m9>A$Od#}eN$WT+tv;-
zqUkmkaqGQ>kpoY~*LhLOn!PkF8$R=a%+f>fgR{z9*N{`BvG3@nXtzF+mCJak$_s9g
z@-N?lZqimCTT9U9(X6uk&D-8xu#SS+5k9Q8CJg)MuV+AhxSmfbwPv3Ia>nGb&$u7g
z(vS5PaS^d@<fBQ|tCR@7n57z|(R32<(m!^1Ba7~lMFy^Nv~c@a8i|Q%>uazRf15am
zJhkkwP##I$Hw1B)L#4V-$-i8EIdfHbh(e7p()}WVC+#w{gb8lj42s{+Z~lzXF!R+x
z4q`9mO<_`Ur@v4-$ej-JtmrpXmxgos+dcqT2jp<-TU9nm_7O<bE}n1Eo<T*J41Uk@
zyV&o9v^C~dDv}O}X^(vo1+Nj3Y}ObJVR`Phh$GpPlH8T4NaT+-Gyfb*ASSiyP+hVr
zCS6uU8njgcPeNnKtv18rT;OM+lXC<4@)j6s#6!@Kno8$s6<ABY@%V(pA^U<ma!got
zeqo>b@&Om+*e0*GEibpB;T1xWk;n?|?D$N_8p-GE?$fHHI5>tKR+&TzV)Ko(W>SmI
zh&tFfUR#Tr;rxjaQvdDc!m&BAL|zT0GNj4TmSV@buR0Zu*l6{!9Vks1$WX0$zuf#w
zM7n5GdmvOG6b^to7VCHsAKUTRoYC*nW<EYJVnu|d=M6zWbIc!;l3@)DN}38jPBM^c
z1&xck1}v2P^x@<J0#5rIfA}|*0MT#Vg|$`yE#@zH$S2+q{3TGo01f_uvX@7QD~zj5
z&`QhMF94e3_nB6iY~5`20B#@*uQK2i`b$n{?1%QZXF&jOq&^q%9tyfwSuaQ%`-WA#
zG?^}o!_|7wD@R1(&A*_hY*ah)6w7R5ey>WEi!*j*y797xv=6V=*fZ2yPwn3pJL)GE
z*$vxBKZ$s?*)5NF(LS6cu>?g!vWf5EfbiUZ|G5mgpOS=F({22!7!+F*4SQ=>zCVE^
zPhe!WA7cvj=yu42dct_zC90Gwn~<_u7NX8bqViN=R`=7%;PyAQF04XKJbQzSC!U<s
z5Tzi#L92{=-ej+6Q$X}h4PHz4liF>6qiE^O?3|M_QRQpC&3CY)q*iUfbmF~L>>A#!
z5#;QVlYEIJxB6K-B=0iYX8wyO*OkF7xl{zQ#%V>V!xBuavO^L4qE>ql&g>!LCTEEy
zs8DA_E%x9pA>j>b#zEROOfibI@<hSH-sZ1Kb1gqP59Ydjgya>oUO5ip18^q59xtYy
z6G(>}hI%)wE6d-6>+KLE?vL#VbdkuHfKkMM!K)Ia-mLl;d426D*(u@@7cD)G{5u5o
z&~(aICmvu<_0YMAI&H1>7X5Y0gz+PO#Sm6<WU}%K$9y5+rX$KO1@#Nug>7?Ey93|e
zY7Mb&8vboNZ0=5JU6@;cx;EBBWx_H4%ecNkl!y@M6n$A6&k1Y4T`N>vnMGkQV1}B!
zuemSYW)`*hW93z7$KJ-Y6Ya-GJF{GA2Vi=&`^g&8Urab~e^=5e0`gIxnszga3^p*)
z0py<)2%7J(=+?(INi|@Q1wue6IJ9TzLwXR2*+u{-%2-jSh<0&jSeJz5R~XraD2O&!
zwEA$LR8auX%PyoLIz*#4uhmkqoDk#o+t_AAM>SUsw1Dt8?@bu(&i#*T6wSI=<NNnp
zMw4XF=A4qax;T{}eS#OqFS24d<H9jT7ZSR>_TY>N#y8U$hILf5LSsSW6(N7QJY~AV
zMN;`*Xpp(v;lFh-*C6DM9rR%C*BG$+-5Fr+#PatiLZP_&h(^H=5&^O-4SBf7b5J5=
zcGS+;etTzRoStS7W`~-&-lv}JYq0(k0H;5*SBwTIB~o*)Ow)NI9-OZ5__r(fc)t{L
z9BA%P!lLsYgoH;K3_e1&h@TcC;g-Mr9gWd4FlXR({&2L%V$NUKukhpnKS#pi-Telw
zc=2P}UqEG|a@ij#ZYE{28P@2G2}L6jYRN<n!uhgV-h5b6Wu4n;pU^O6XEVmqGNhh$
z*LI>c!KH5E_>dO|qz_v*tUQ?h0vpltjrtHWeBSzB2DEYLmVT^Ja@+6r@1DQs(JAQp
zm@wp_ED#NBTkm-hM_0}!*zneSmDz?|dR@sJeN-wckc%QG?+bXxqP<osjdS_J2Plzn
zf}+UWvmxFbkBL}`2+!fAgFEy@_>@41=yWDEcSn}k)Sv_l&75T2t4*{xKqwQnp5LdP
z{wA;7YKI9suB)yL5HMeG&Zbxca3`4GlwWT}?IIt^!c%ck(1zmQatn-ToK5pF?ZYa+
zoiZ$~2;;)QX(98X$@if;Pf@Xi%Xg&buJcwCbPFs0lmXF5kH&F=kMB<CtWVt}eQS4)
zUGQOfwY#)p@}lCGY`A$qL5X^0yjq?dRvpYV$&IjiN2C_R0=V)Dh7?yOIYpixq2&;$
z_(Lmryj>nCO^;XK$yV<ob%fG3(C~1guAmK+<be?0&0?Lia(+-1y9}A9ln`wZMg5<s
z^asBupL-W#LK`1C6gL5m{Fek05q9DjP-T!E@&Q@y&Rc+sbe?!ewyvI{X!T*a506Ky
z+hr)C8gWZ>lXs&v2Vn^5P;KnS800PbPT;HOeIIum-Q@v8kv{|n0zMh~497-JQz4C~
zng8daG9({8>-=wMyxc{nJ|;_NUOM%M1TG#mvqs)bc86SLYOmvF$q9bl65o}BHO}9D
zC8sA<sEBy`A-(6QV|jcp3g2_n+}S9X9u-5yl*<}ATsBBR@U?ggc1BhF_%SF}aj<sx
z?%?spBwk06aU`fRtN@Po2qg?sAg^A7J8G^FIO+G?Jb65P8qUgQv&OJDdP>ipTB(oM
zDXxy=b?7nm2hQo2TN4BVw~d6U)`enP(+SXcyeni}NbH3JuqA1{&zFXYrmZe62Emt)
z5WTVuFM@(M-;vGEI9ZXSD9KI>Rc}nVn0@1-X^eR5FE8&-1agx8m@?nSB`)_eR*r|P
zrnC<cK1GEqAv^Zt(dZ(!8Z<OZWx2+JM)rbOj;amLd>tNYJv5QSPkr^UrCq6`KTTP+
z?n%C`l4qn;EKARQWey8dJ+^Rk_o#_hjmXtqrZLavT^ul6EJ;^RBUrnuW#X8$ZtSc~
zubg?w7_Jy%Y_{q?rK_*i9Eke(FrF;M>O1!@r;`+Qh%Kmkl1a;PJJMa<4`#`ZSlkZm
z=D)$!H~5E$emnK`Dyl*yOzVY67c%tnD$v6wG7&lBT_9$-S^D`Gok@M6yv&GUO%#I5
z^GQcd*hqZ(ir`8|%tQ~I2)B`EC;OU6GF^n;7#hul+aH8b$0w5X(nlyJh%l6(y)zDZ
z*yoz3@cTABZ)7shYZ(}KF<%p~y_{YRtOX{8@Jn+P@mG!%1TJ@e_Q&L#OB_WI*rDls
zr!04<8+CfsRYP$j^Kny1QTviFxUO!vVbsk}6rg<BGueD`9$0Wr(##VR^r)G%0oOH0
z3H-RlAWBh0;Q;+fQ9HmswidWQ%Sed@y!>?@{%0)VksQ@rNZd5#k}MuD4lCzem#X`1
zEPabAC*RApno%xfn6H9=+_R^nwQ?{0HAa0eP9vebD)%n@PT0`sZkRq^f-hZkc_2P;
zGQAq-qo<PyP%>IVxC2!xI{<Y)xdR+m7+hZExT3^JRa%kDMIyLpjVeOHUb5knAK7EF
z;SCAP?*ruP`49FPcD`~B2VqNvF_qrp?d|jP40R3a?(5q4Y}_@^Ysm0jexEh&@!}G>
z#_efqv}ZinH>mz|Y=}PuD-GH4OYEkh5{n>AD_6}}=??^LjOOZTP8)H$i?4k4!!&I0
z-Bv<pYft#JT&&wkb<|$ot>Kz|8E~yuegn-9p>iVjIJk563=9ZcaZDJ->`K8QIYxp+
zQv9LP=wIu$z;V2Q%{M5^*t3d-H)#|nJQGWcgD3r299dwX%=jZwE|X+Z-*W=dl6CzV
z?rCnUlhF%1&+IckAKQ0Bp6-8prgOdy-=b_%vRF@QVZDd^iSy5UW-q9A4lt+ys(pp&
zPFHlD#_cAOdgV?Zgze>%U=U+*8Z=t`n$p_uxg@P-$<KcD*I_*Wx1H#3#<k;kpzfl^
zo%p?g)3Z-r5^b-%P%ythkI<Gr2}z|l054hF!WaOB^lQ(5%9B>zV*@C+?(%zecg{Q(
zf`L3u@qdP<jG}&n3GBw^)qvlfU~_Ol2ysJ!6pf*p%aP7+(yyn1ppv+OvFBVxCFW?X
zgiw^8wY21)^N0plMpx8OVxp9nEJPoSHAE8-AOd*|ohSUv)A@x1*2=*7q#Q|RqluO_
zqz%F&@O5bHLV_v<uh<R{d0U3CRVn()oCWz-c4SxIuSl67govGX8C><}E<b3Rh5Fv!
zQq?csgM|(4APWUIfAvu5qHg2qcG7jiTT^TFDet@J2uz6x&eCv^Lq-PX`1fmc2fn)7
zEB>%My2%-bTriHI!z<NnFroGvy>MEG);~uH(~$rrd<CHXX3hQ3BTW3Zf7zM%kB7lM
ztNtE-k=tjuI!b>~GrY=8o;uW*n-Gz@be>sPDXy(~%)SDx?;(5yoGIW{2%wzA?)<<6
zVG7MZMTDGV7MExxGC~Pj-K{|EfO260w$fToQs+jg`Bso@GV;qYXLrBfI!6uphqWSx
zATue0_J$?r<0_n}3HBa5C73_yS%;#qGRvVw(y5~oHqvfO*lls@7NGrwvy=DZ;s0B1
zL5d}{M`o_z*e5Hp)5uf-=ZMR7y^UvT%MuZoufrFeyxf9;$rLGH#NOr|6${v6FcGws
zt0Pe01bxfjnw_)?hr#}oWdClJRwZ)A6GpM14>!Z`GdzKHJoLqp9$q&LaP7OaVrx_R
zacVn*(gBrlSyXP)C^7ZAUEf~XLK`t><;9LlTDU`XKr>1^GKImZN?t67{NSAc?_IX;
zct8&yoKH;J_q&DVW_Q3X(zIfM#zi8ovAZA0IR~`<-DY^~5$;CX&!Zazi4e?elw-Tj
zzksfoFi-OCom>S$jAnf0LsZsn3}LNYh$WO2BhF|5!u>qJTAQnOPkA<#nb1`TUI2|Y
zkZq-!ALh|FU|rX6deKBEThB431bKKAYhk3{-2v@5;fRQq_^>Yv*qT>BDv}U>Vq=3c
zI$yHsLosD_yZ*Na0DSDQ?ewq3BpLdO#P$bn9qOFUm&5Vq3nCK2Io`DA7ZJ{B8rYmd
z2TIh*xsiK75uL0bpS@hO;z8xAqRYA@fGDJ^gNgpn4$HgQ(5r+{Q(rH9g}^Pi!iVxs
z$nN%gs!9&E3X8k12to9sMOXw%4nep3ISXYHuJ+e?QX*e_zz%9_K2sF>$9bvi5wndp
z`pZD<6yVr(WDJnm=vJkuiYGXRD327>O%0ljK}3RmSbpNp{?LimmzR?T7GT37i48a*
z7xRua=0kvw)^13(A*Slgl52E~aB#Ns%dPUG-{j(OZM>;NpZe?ZQZ5(^!iQ}4_cm#d
zsa5_T18o#uG8RaGxda4VRWsqT!@eQmrcRc-6D5Ja0f4yUaQ~wrk}zEmbu}+QPfm_A
zj`EUjaS?-qsk12f<yu;kjB|T?cO7o@^wuqw)x8{K84t#jD#ocClJaN80@J}$n@Gms
z#S!Q`XncUE(vWa0ChY>FRqR3rXQ=V3E+89$OHtZ)0LA>f@N6CAwEpTPV$sX5N5lbJ
za;hS!wn+|mU10aM{!VjZ$7Q3Ku)~`KeEeG49g4j^{V0?o9Ts-*P9*&h_G)?<R0GPc
z3L`j{qONir40L&pr6$`d6QmjT2!qs8O$LK`zozf{ab1ZA<Z_ystnh7qBS`F$cfyt2
zzc7cKDt>zHJNbmYiaT@7QICpGVJa7z(Q90eZ?MSn7Lvzgqo2NXA<|e(bwc^`;^%7`
z08c=$zm0+Qeex%6361voqP(j2gK&*qmS}_0y8VbjVRxZf!vqNu0`gIhG365CPey!a
zykVQq)wqeU*fJ@%Y|NdoGjv>}sw;n{UJ^nal{QPh!3ZrVD6AQ7)-(;Akh@<HCU|5G
zG=VvM2Y#qL+&<uveaC1KJugk_{F-W*E)twj0PZhPQG%Iiai6}HyL0NpGOSF2#Ve>l
z!M>cnoO4z=y`0`{rSQy1OCYNl&4M-kEsm=U)v5kWCu-TRSX!kS-jcqGuENK<VTIRl
zJOaonf|~-;&!J(6_2a96s-#kF$4l{ZtFPA(Ol*Tu_48tcquZP)tk(zpsHu5*V1G?*
zu3IDF5o3~Z`05oZZC2aeYHTyfVgdt`;W{G_7@6bJ)3LsH@;&|=$h$07{tt>wpkp?g
z4*Xd==1KnRQEOZLX_Tutr(5c<3i?byY%cky@>4rsc5Cq!pjzPFi`1Y)Z1StHLsZpF
zg5&1~SbWJc`C27FL9jNlO(dO3*Et1~BOk1?!q^B%=}UJ2uw^GpgFY%EaxeJ@F{%$o
z7H`!3C~Z>};2gf*@=3|JKqrkVP8dBANJBir4AV!Qe(8a*z2x`wWN_K;D{Sq=iwzZl
zgpzUVxKnRcws9(Z?SS%C0+_M*A3CQEIVKtyeSU8smu3y<b<U!WRfF_(`c5X52vfgr
z)#<s;<(w07cmPzgBafbJJfAyC6cPKlpP~EBFjCQpGcpD`-H|MzNRW4%n1M;VolT)b
zY8Z(h$MPw{`2hQCCoNUFRpo*B&|?jYw!k9OX4~krBY;?kH5B0AG1oaDry%y+p+)=e
zO%=&OA6^3@%wd@dNcoCm@;8$)j3Uu^b5Fjkz)6UZ6oKLYV%4a}uE;T~NyN2sA87WI
z<U-4~EfWEK?NAZwryoIg2e*-1lH!2Sr}_Y6*$nNJe1iY5pc|GgD;n(Iv4fq^=rd6y
z{xv0&$&-suPQn^Z1iPc8XeQqYa>dv{A82u0dr1bPb_m<k_AuD<yJRGNjv0*Kin#cZ
z;0o>A)PiFdB61~xALS~Y;E8t5{kPTUZM11YxmRw7-D^M$WTIA~G<8rB<J8i8xengd
zNckQb&5YoSdfbwn8UnH{W$_EX)|J@%6F2u2$C9v35H>O*FhK6lCj;e|{qqWpLexlt
z=Q}DK3UiU2_odC>C9^8~QS#DF#M;8AN6V%`{BP&%PS4-zi^`L3!hxUm0csb$`y7$j
zlmCVqXZstWXvObY_jK4<bR1>|)_}H)XI49wUiZtG;bQX#P*1mesk6gQx{gKRVfdGS
z%x}W<!lrlF%I_wgNy+m0|7tLsEFtB{5Z_a6vy#mla2VXCaPZWG%X@C+4xzmjiuF`|
z*<ohd5YY<C-l_!aofJw96W6Ht3qDX$ceBr!lR0dw0wYkoa9gHW5u(Nq$?)dzL?CU?
zQbQxP%k@XmJyh-vhwuv3r1b}NeD6C&j(IHKyuwpC*uOZ8sZ0Dc9d@fi%F%2;H_K7T
zU+Eq=e~cZ3pgpLUrkVSIwcawoS1=UnRgH0=>v22;nL~jfv~VGIvzlqU`7kh=RZ(-;
zRgQi3LZl7V2J%UPHl@oMyWYo5dqZmTt}pKw5=8#_aT=QGgXB^m^A$_sC4q00i?G={
zm{YE3$9lIKjqugq5aiak&Hp09z6T!;UBtK|lLA^N#Q!|CAe`-DmHLwdwj^_Y4?c{z
z?|wOUEP}|EC(kZJ3ZTO|?&XVUOsD#RjoAwAqWE42M3z01J)|-JR5Xo!o6{AQNo5bI
zR^d5Xy%B2e)kPR&l8~^m^+`}tpM$X2*<t~9*QpzTKHOt=LdZIH9Q=YCA$Wg-k`3(p
zkZMw3-ta)?E;tieMBg*=#I1g-V;>@F{O~pZXtcKpF&&+8I>yS`=lt%+I^e78U%s!-
zAdyHK4pV#9W^tQA0)m6f7FhJEe?=1fVaH=1#O<ioc<24;+YjLQocTfiWy3GXk4XY1
zth~IF<+>x^$U4NLiH8ne(;q8b^$L?xUpO1pZ2`X#DUw*+IChl$4E=|Gt};iBX)`nf
zL#~Z4(R2&z4(<fRMilwM)LZVSPt?NG^qpcuh$I}AyE!V|IF{#2llE}kid;cfF|vb8
zJApN{oT|zIf9mX|`*qpGLO(AA?^kZBhqj;b13GX(oYm~fF;&7C(Nwz?B$4=fib<z@
z8*6LOnS!NUGhh`*+iZhGz`A4re3XX}T>TKIyfh;T(XP4)eIePw+HM-rvG7|XWM_=!
z<d(wX1#Qa5waE*`-3tg);|&3T50P1N2HYweweb4bb6u_uVe5huf`t4*bg&87+_ij`
zvWb1pX?R*!6-m}-^*Lk<un8@F6Aa~aD6tBdT1Z!Ie{QD4AbL}~V#I|~b<A@#w*0u8
zw3hRTlXt<ewQ-VE!@04Y1Rt$RIi6=5q_9g$VzGyv*RW4Jlm0QI#YF1&2vydV>oF3b
zTLm{vA(nU!Qu~l?>b0%eirJubq1;5J=C!(Pp!m|JG)W!m%8GU~5$RM#R<=-r`7m_l
z<VAT_csvo^Ya8WspXpN4_Cn~tCVo^VpzJbA_tNQ*B~9dvP+K3jLS-t*Z#cZnSx}cZ
zKo%g81c}q6s^;iVdvF1~))%nwn@|F+01_{;+)RDAg@wZ&V{nzz(A<BlBRA`L@Gqt<
z6R!<RcGNy;7n{l}HigzT#`59fYw@Y3357is5c&i6j|+dZgjjDroF3zirwRQ6>JRkQ
z&QULeQmPfQGRu)c9UhgIUr1egwL%?m3ieaE2sw8@t8F(^isRNDoZj=jPx(&46Y1KT
zW%pXV->fNz7ei|K!J%e;f9L}_;W#_f)LWGIZP_02x^SqxP_-RvQFdn{fFcFJ{9cZr
zQBU8c)v<(vX-;Kt_0k>3g|c|@8#r!Q64WmXMFsel*YYb%q%TbW5!>Ylr7$r@D?TYE
zI8orq9O|G~J4vFZ%gj7H8k||hR@^HR(W&;l$59m=<}5!jpzl!X=cQ`7>oxf~b^SWh
z;uKj@*9q`a8G2-|zUle{>MOY*6$ZezL>!*?B@J^#P660{<J||!jNMg9_AM7C$kv!M
z;K|beTJakn?gf^GKet;Ghri*BOmu&PVVYo;Hy_6IM2CO+uk@(&5`=UKzGiK2mh+;f
zz5O8Yy$G+}H3s_4HRQG|ShS>MUUMp&8qI3Vaqt+);9@El1<GSzmd7z)orh}sMV3J^
zTlC5dPkAsL4lt<hv_T<^k<lhc)xG{D67n(|#TjVASN$`ZB(bz0JE;bdR!W?Ms^tG@
zW=#XJsa>ZBzqtT2L{85=>qF*2FW#W8cOnL(nBEb^D`hIcM46V3EZsvz{^@!^xMgQ9
z)Nv9t(tOJ0@lnx&TK8^-B*5$BrM|;UX_y2IJA#sSAP>h1YyWx`&bxu=wIU&;QI`Fr
z2z#?FS|$w#c6YXJ2Msf=7-*#*asiS^C9p#^ycsM0`*h@%+OyS4#8o``S?mqJ-swV#
zq@uxQkenvLFswS!f(3R&$im#HN-#uDhUk(08wYZgF=Q@tbjhM}&c<uNN;caq3v{L;
z0*c($a3^!n$+mS2D4>Y~{M?_4DGY$XHVdc$mzmQ)q$6R*Wp%6&iAKqPI-n>2mC~kl
zKb_B6N#6u)y6R&y@s}2y1(VwsMU^z(+L&XfOG#>jd>v+e`LEjbLm*~N0~xzJ)E@bz
zOGT9CzFou?!gZ%QCa)LdllOe5|Gu*KtFspaTqK)IS~GQf`CuDO?^dQDe!tFc2S3R|
zf0g9SH<{&L?rj7jqGU<;6Q@rM5lud#>9XO2-GzMe8?&V}fUu^VeUIL4rx;`MvL3Vt
zG+s?|#b$9g_%;yDEIASwM~oC7A2hxp-EZAQO0mSSrIa~ge9+KN+5A?E3~;N0BJqCV
z3<)&(wP)M1Zsrn_p7UTfa(+vAa23aHc)s+m;2=pzmWe<5Bd>6@#x_5DAlnsRNp97s
zV4LCP7d+``&Hr03#iP6<iB87yYjL8iRa#uEGpe6)!GyT^R-Gtmc*TYcO$+6oCVJRz
z+QEBxe7lp{`m?J<2G~0A{l}u43JZ%zjVBlTyoa*|v-1KBX~S3}D_aFELw4IKe(xlH
z(%mIwH^CE-7gcYElqa`_p<CJpS{!i3+?Ah>4EHC!P?AcxDvVabCHpn>oM|^nUn^{S
zfY$8NivWnVC0NTvvN)&RW&B?j>S_MHwgG3<-baP8?P<yM1eMPk$_0wzd0*~G61A?H
zi0p4S`1~rCP62QNU&UCb)!>t)n6MZ*0A$)l_S4C$%sTQfvw23$5UxVKWga0tekNB7
z9_>jyH$q@;IAQVnHdrLk61BQ(Yu-H>jt}5?$H999Q3>|?R{->e=lYAB8d|BLNmYk`
zoP6k+eD?{?mmwXlGvo%Bo`dFY(l~4ev;f0o1gtk6!@noqrW+O0+gdKKXtm`wVG`D%
zitC6A^4~v96&$iY&<gz@LG7?}0xqXUGi=N*@A*p%iDpCj)J<o~CIITXjk2d&814PO
z?><$k<870{6@yx&9Ne@W0CFDsgU<;{Vmvi$&>x>ZVYMSR;5qZ`%)Gn9+lC<*C>l_`
z?7#(eAh$@QzN@lJieD{}UaokvS-=uQvr$(Ku3-LxA{o*Or#%fW>-}V*Kd|ss67j-b
zxX;@kg|7ab+s4up+as1(3hpB3^PK4X-84L!W%y!aVLtW9vD4DdF_sZ<+kZNf3arQ{
zWIx^hyZ3!sKr7|Z01dRr3<a}{xpBKD53?VNLUjch|9qrScBfr5khL7V__ThUL-R@7
zB;MT|LEsbKne?D7di&=!7bG3mjT^UrxE0_d>__ArPallKOK+hp`<OT9LW&NmmucsQ
zfrVC;R0q0Hd0=uSmwTNPDd~fMrmg4SS*NAL#;M*1k!4#toQR~k)<gH2%fb$}02$Y>
z#y>E{Lk|u8uyqQFlSk_voc08J+gW0DVKSAjr<2!jY#ae2g`$@s%%RkzoMvp<9#@M@
zv3JMvOSL;H32u77)OFbXy$h`dtQWpAfPKF7YX0_gJN}$y+4L5X_Lu^Ft>cvY1E^xt
z$g16ye=a>DuW2s&k&4c5&XT5(wMZR^V~0oU@2XHpb9fz5yW^6`-T}3)PW?fQ-TQ=U
z=9S6}PfM|lrnO4O-mg<URV|IdSE4gxf)$@Ap&`lg^oIGZ0Mv*5&g4auaHaU;)9wXp
zeDxfL4(8=ZhOVqLe<soY!k4y?KJ|5PmO~iRuCJS`CP5MJD$rg=X3ChOAmGCb-pgGJ
zumnfKZgQtgwFZ1gG=)z1TAu!?YCv#WV!8fo=|9{@-&y_SER}!4cF1Oyrwu<f1EkK3
zNDMEEyK9Ejz_y9oCe{Yqzp=U^mIg7?RlRNZd!rVHU^WyPV7{j{SPpA2YcL}uh4x~w
zQiOM1shX@<3RB!^ZOj6CO8|_2RmdVvd|B&;B74)T4@L9{4<{%$A<it4u@~=7$W#mX
zYPqV!(L%_4NH=6@7FPGUT}(-7>x2XAZc^|3jNx3lf^VdE+P)KPDHYZE;5&fmJ8@V6
zJC5>!dk`Sn%?po=fZzmB&A8#$l*{rpmeNrcrt5KGhKCMzA3Fk0_;EJUNUs2QLL-6Q
zz}c6<26yGf9EZh+J5yA`^eJW=n%hg9e5Y*8hmEQvh*#=2M%z=frOSSsBbP)tK1Nd0
zD|NS8O=pTq+pFm2K=k0K5367<3CJ5vRz0*p{BcdqBh#nks`_PJR-1orN<IQ3FeleQ
zwv`VwoeZy;tw-my4?mlT;pVd~&LRSEDernm26)W4Wfcj%l6VDKSjNbJD$WcRRsLR5
zse}a+w~|p%(2}9|&ehDBI3!C8*Jj?tl}g6V(c2RQu6PrJ(o^<Z(oWD=b?Z>AnbExA
zTjYvrHazI}(b$_e%6r9K*iW~qCEcvH6G{^k>>)uc@f#6>!RU+Vl7>IDhsAjqp%K)D
zeL6=#U@(`2R>G}*{WRH05gp{F7B(*-g(yc&timApXcY2PKTtSdfXkgZ`^O65_Gney
z!S8v3vq+C|mV>HNmg!a3Dn8X>S^Phn#2XGmQAa@6P^ZF}dciX8@%L0}e(11s+_%dx
zcS$}>!qB)eIcReW(y*&NlqHIU4ke{4mI7A<Ml7F`!_7P|JZAiUl})_W|IhkjEO~WA
z5+9M<47YhP65L2>md6qyy@ME`Ly!k^SSC|D-0}Lwf#tKf-7{9?rFh7Fa{_MgcKqxy
zB$0f|{tNYQlTFyQel5MH5&{bxN_%-3+1I?c)%Z{lPG*l;eH>{;tEVq2!~M_?&(!m(
zhaTGcaBfq<`VBX28HHtB^FGtu7m-nZloW;z4x&(9C=IZNOM3#i4|4GfUXrJ`oN>lh
zp-km}32x~(`^e0$nVA5;F{$p)CW%-{cFbL!Aoxr-mZZtT0C!vi+K<&1MDubE^rkgW
z+B{Y&02-AcdjOhiZyMho+6$?gTH=qdB3Vz^4GHQ?z$?|(KTZJ_ttrmB3zi=(1u)&J
z{yjTA`2VYbOnZ1$5q%5{)se7*g*nMo=eEFG?rwkr`9(ag#myzFLzl=0vadtJvZ#aD
zf8DQOQTVdGZH$}iL+XMaNZt*D&Tf;eX<69E<OqurBo5Ekpe_oEMImAMc<?0LiU)=@
z?1<*0J;pN>dzva9^>yfANV!KB6X3|qAT3tMx>!q|+`rj?plPX;2tj};8fj5P%1#Q?
z%9L?{_WS6k38Upe9+tOHAPF>0LvlM371E(a(BbJBg*RUPjx-Me_$8&F)K}|VTYaNd
z8`tfx?ZHetYn%RltIIgN?4KW$Ly<+JFZ>V#A}F=d6-_Q8((mm@8U|6rx%&jckpNQA
zhDpXfTbO?H7O4v?8{5pI%dsyXLTldb$Pj#=B{;iKY;`1<J~2lDE!o?^+WeNrRCv7j
z?$dbw=%NkD+_3T~2#OkKGi$rHerWHeAI7D140|cKXzN@B3`sket$q6Mk9ER|fRe?&
zJRj#hQJfYfXAF45b9P%O1GzHVvTRglMwzbBP9U!BR<Nf97EyX)M>A>WR2_AdB3X(H
z=Qq#5^tVeF);e<fXPCHWq019IzFwq+0sTfscRgG;b||7&4cKrfKFg^>_FrZSkeCsr
zGbNU|O2g*0gQ84)T;mSec<a{S>RXRfO;~G}v)J?5Q5^G|3dC9=%Yz(&=(me_B(T{b
z8<A^dpzqTAaSLa6sW^1qVp9>jw@L)ZG`u{5n6_Y?^Ktl~OKuapOkDE_phDy{X<5u(
zatZa<;;bc+A5SZ>PPui0_z9S|cNFMyCJd*ADLxNptDvGX)^|}{K2{Ms_RNeM4HF@q
zwCp`#1Cr0Wd^~mn(w^X0JE~K`U=%ZU)A&XK<zlx!IG)LR7-PKvW5u%VyIsFEAc~q9
zDIX;{6U+s~>R;zfSs0VGJJ`Ov?OE|VzOAO5w_Q7rqZ<A(a=2W`hCfoZlwu!%>i}L2
z1B%;d0^zNINhoLP`04~}IU2_kqx>Ym;5G(qj1fag9*9(==+ma^!N6m`9L5YYGjlIz
zv^(`%Lt`GYlNyy7uUkYCdqXI3xtlg2BVlsT>`vUkzC>^+lfdUm*Z<fW;6lEML@v<K
z^k3i7qfGzOZfPy7KY`5qdUke1OGu^eefP6{r)wO1P-RT{-+xEiVF)W^bc_Rzi*L5v
z!q_B622Fx*!a!^@n6=VR#2)eLOM^e0m>8#sWZJL)oBpg<d1UGqcQo{*<o$(FYG~ZN
z3S_a=24x(c#}1dg74*>jL+NYN5p>;64I+q_pc}0fF!YA#Yu-D5=paAmpE(4~aP$6K
zaHTBVI>ZPPmrmq9<2B$~TCF7<BDg!SC;0tpX<CKu)({|EIbVLeqo&U%-oXTeRbyg8
z@;-F820+2D`cg2Mc{gm48wUqV^Iu)pPAZl%3GapRkSBzRjic1`I`Ah%ujXf%khiRs
z^A~U7&c2OPMi)RHQ$p;(ei2`#%^i1{jWEKEp<8x89+VQ(6vZ{AbkJBzC3J@cEKdl4
zX6>2eG`x(!`E^5NbNR#<SdPpLH@^u1AsXvtjnvVz3V~JZeCU)91(`L^ZQB6keNCrA
zjm{F14BduK&=2j37{i@1Rcb05@9f}2JL?Z=56M+8g&MjzVhBBg4XFSL#YVvR*>q$~
zKOi%x8^ey2GJ}2uX)>1;t$b~f3WWxw6JNCbX;I$XMk5{O3HDvcZDy|!?*Dp;pOWv1
zbP&~Qv>7lt#aJ?2azOv-7br(U2WugMAlo1j$=qo;^c@IeOr8g*9+7oFSz0f<a&;~a
zF1bMv95AA6xpvLbfuz{`0fz}EbLDGCthd&@e20nvziI0Jj4#n<TtDHqHI6%P$6>n}
z*!{6<cPB3>z}?T=OnUuD@hz_$&gMDj%;h6beqfMae(`v-oY8t;SQ)RqWh1Z%;p6<b
z>+q;vGK-i+c#D@qx*%WkfSlj=Opk-ClX|(ZLGv!0;2@h~*a93~1%RLB9VdD*^)dM7
zEiMfdF(tK`&}?x_Vj!3wUW*{+OZ-dVGC4aijM<$W+Eg>H<ye9YmD_(_)h=MV_k7ZN
zVA~yU_sIt+3j$6&9cLy#KDsFbTea5!kinVkR)X(e*UklF#8d30l&b?t`ZB3-eewt4
zlwrr5GqdLZEyZvQx*I8dogrPkHb?i83xcyAeIhZFQs^^wvvV1K1H{B3H+4y2>?cYj
z97!#z`v;AW3oH>Q<$n|2meRbN>9rCL1~*s!YX#Khy>(`?EqTj$z#Z<a(0zvKVbIH+
zvv$@U8|vCtv8E}hKZ8JAd=SCxrh0Lzhu6T;jwxCJ{oezNt(y(!AaRba3D@nv5{iA=
zjd*V0v29HuvsOVfM{o2h=h&q*cS-CjDn>%+etTr*7GN@}%K#*Q9@zC#$xk%~`ID3w
z>SF&C)Bl(ij_w2`y<R`3d?jMdTgJ!m|Dl71Q*l0rvDz*gO&~7><_*$j*3^bm%IZST
z#61OxO%Zd>;Qx0&&zJ+k<-t%mUkr`5buzR8FW8(_Sg=LI0$>;VOtF0I;TICC4PkaM
zv84%ScLpozp(vL&`x?L5V*+&K1Cz{|h|*Y}B4I1brn5Q8VdbRZ`}7f~=NXlnGA+Ae
zEQ*}<9dAHhzPiDlU{T6jbq#d}?1}@;%#LEl*RP*yGO)FU_G>1}Vd9YEo-`i|EjNVG
z1o$X&x(*)MXP{*F2&&KEQUED(0B_+;)RsOQH19aMo9L&gKHf;kU0iY2o(@XqEqiMk
zM!hD?V{NX1SBB}}?&y@0zw5Y=H}ks4GI$(|7BJ%#LhpRmq=U%-O0i)BipH+9i%7UB
zI?)^SLE9hiDi(`()|^Ut`61V<pB%a+b_LiODEvmmI!}|+n*p$Y{Qw5jgJwBA#!DF3
zv5%sOn~`|L4*-Bf`VAUE=y_K$aYu|4eD@bI2UH<t54(kK$~!ivLE;B;MTA}lO}*0m
z`@BVgqIPc>F#Pi}RcT#RFn+9omdm!2)i!xkh$A>D%V!R!i+Maun(K4-=iW$QaVlTD
z7tUJHe5s9a>pYaFlY=vXnWbq_q*``w?hROYjv{mqC1~Xps!3klfZA$=qIrB7jKTBP
z`?BkaKY97}O2`{Iw%WjOr(?{4m7A+zb!kF9LO;m<Uzp)b&vu@td<_xh+v59EoZ(&x
zwu4EjC6t={zBmz*zEMWfgM$9ljsxy8A-=+@jB;@FJd}eVqs<G09#Wd6g{R17^6k7^
zR-H|i<Lpw%r_)n`%KF8_0Z@i=H7%PDSSoXsWVXzsdr@#1$73~N^D&s+RH%kPfPiNn
z9(Taf<pMuQlLg8#PVj;NjW^n0iEnH`ltmoOQunM4awu=>*T_;{*z;+0xJK4X+SWtc
zH`wZfbBEyoLm@G-9b7`?>=Am=dn?TAMm=b*daYZBdk1ecV39_MPa$U(7;jA9aWug9
zEjI6#meRF8!=n_MTNm_Otv4LKa`I`M)h0F-6-MLIEC^Fc^edpk9gtE=l(TVY|45$x
zZR5_DXOft)j><Q_;BmSilh@Mwff<LFIAq_g5xZPuT;QZN@!Nay263~>s)^qOcp+c6
zZlZ4hXfH-q<~%izI}6B6WWjtiao*#}bO6v%VSFH6SQWZs|2V%!@M@2`!Gfg9Cj*NN
zj^P7pnnaw%sjPQR%LKfiNKiUIN(fOD;_;B>cv*5vj~+J9m(R=<(U$Lms%<G`+t`M~
zoKAA#U51_U+s;907au2R%EUYA$zC)|&wmQ?dqvZRt71rCgciPELoHY%IMe#adw}VO
zO<QGUhM3|T($u;YKbO)HBjkwG#lpy^QVx~&|BD*!m&0}?0HOe6+qToOZQHhO+crD4
zZQH)FZQJR*`G>cgGxY(rt3_ci&m_Yi8zY;STwZFp5@$8vEpI1-jFRZdn}H{dxUmFS
z7OgvS=ydFUJTqn0O(?e;N(thjpj$rJWFOy9{+do8HIw%gWvdH|#FHnnJsAn*#psZ}
zRyA-BG|{kzdN$Lie2a#Gbl^fzNajnkMSz?^_~7<lh{j64<dT*D3E2mu8ATeaB+$;<
zFUzGpH&ayRJW2;Lqja-iy&#j1<Oi?*2S3J;{euulj!6lIj6s=X;sqwl`wtedb~p%L
z`yD~}xMj$Of>du|D%$LOh*PM5<y8l9ch<rZ-)aC;Zdrq}XS3cBa5?atutV{>xGTLL
z9~Ju7Ft*+CO?8FMDVTOk?=T3m+4H%v$6^4<n(PALslwh92-r+#FMVCq8&<0bBz?n5
zV>vDovQP`g0WGkyB$NSHtq!)M!hS57fus<k$EN`TE}oKd%pD?dWWJtidWj3Hz~G%g
zNe^wI^y6MnH$*go#R{3p5QxsuXO4YtuxgQ)Q-++2%$||5lxcdn?RCP7-di^G?zuti
zN@`1snbmY{AP8|Br;y3{XAYnaaivP&6X41K`YFNj!DdAUMDQ^agxWx5(JO&bc+z<N
zg|Cz|3Z6vym!VwAXScuPe{0A94cRfvAijNr?4@G!QQR(z*ngfO<We-oIL;2cftX|E
zgRf{Q5sBsraj)yR8I61gp?j(5w=W`O5N4pIeFcD704`{YT`9Ws)C9xH7ra*uYv9z`
zg8~W=My+-qhZW~{rEJd+wlBZ>kQpI*11g1~?We{I_tU|`jo@^N>2}{>13eo9Eq`Z|
za2~}F73gK*r1e4#g$z5X^HMl*x)K;ubi5pLxkm)h4uvZH#_aDL+Kuttv{}!XIeuYS
zYw~$HTu5=GbbVN(_UxafG2Gf(099fk>J%-^H>LB#O&HoqcJ}#9=49VB7VQ>mbVaNs
zjxu;B7Hvt`>~#uACc&If>n8yK;@@B{HmC)dw<H*k;WrxTdPJDDm&{zAOFwn<;WA3!
zS-&%6iS!gUP;yEMgb>_xuw&%4*+}usMA(4eiz4ewQ&Ov&1r<M}jP6yt+PJX10FeIX
zau4IgfXti@jVv}ANbK~i-el`PRad!fVYFzelmYX1kzU&G29SzjHd*cpsb$(IuwX~r
z)$r_zK2d#Vnuf$AxRg_*YFVezL<v(Ej@%5359@Qk%C4ufqPTYhcV56J*SLqD)lE*#
zfq0S{sNIp`le*TU>0q{<LjSb&->EJa0u$i-0^`$LM}k#mC$9@W#ET=mv*3*eYS9rD
z8^hm)P_&uw4Q+QFmmGXS>*7EHBF8!z3LY2R^3e;``E=cjw@{z?@1Egui!smlCj~AS
z;}Gv!i&QEvGVAbuE$n_GUl+g|B~xQuA*acxR6y96xDT%av$cYF(Rap(%W@j{L1>(|
zQBaJXgvx!%ghsfC{shQCa|DM=s>*;<g>b0oE-f#1z`!yKVdO++9+z&hcaS2)s~;`Q
zHlgihwIKsBnt=M$oH~g~J5B&s7uB<YMgMCf+E%#y>(*TwsWFGKD3Z>SnVSNUB+~%W
z>^=|F2WfK&z~+E7X=F0SldGA}I|-&JKwHoij&(eY`Nq5WI)G0Nj!Q!tqH$8|rCP1t
zYqXa%AtAM~i1O@_x*`a3t{(9_VVRiDT!)ob&h`WUePm=PYWRECXZm6k{vfCBLHH5K
zKsv}s$(({i)jjhLY+V*Cv?<=e%SOV{4;-BMR9~kg2d+lVOv<TY<qcEuj~YLAzGGci
zBN5&E`!Kd(1<LIh$#)yrtNxH0m}u-S{g$<_f97Xs+3$RY5f3dbO99QvKYK+~^(mN3
z4ldV>MPn>vRa2u+Y|QvvJf<Zf$u_1QYJuvA>r@hS0}0y>n?>8~otd%nbf_=8u7NPa
zy#wFe0Cs1iuwaU*;0whD=O*EMD8ticF=q<POQ9W%6vMP+`lh*sU}yuv-nJ6ZmRhma
z7v*v>)Bg7@Z}IDtA6c$GHpQPEU&bGCWU7WX;(k)llITJ-zVbJ7L1ivi+piNj0<wRn
z;tjaprVfdCinWsrOS>AJqCxypp-gvKh(Tn2w!k<6Q6n+Kb_Lj&P^Ub_-xh4g0_daJ
zfLqzv6ydnfuUWIxX{bu?VaE>|IPFW}!Zr$OQH+`-J|LjK&xrFLSft#B7y2+iev?nv
z1m=bbPhfa*)JL)x5*DjPx=;}s(+=+JS~50OSE<QLafPHmki=N&=U5#u!Ic}(?xBSW
ze{x_9Bk_8E**#P%iIUHJ;pJ-P8(lU{@4ugx|GWm<(G0oR_SroVF(7T9RvA8r^_TKH
zV|~i6<6qzD-z7kbstz^>6sgMvV?AHnwZDAF#KG!`kxmMxPZsSQygP;|T_yf$w%=AV
zje^8Yxnwy(i#eUEdyNh{mh_Cz20gj(yUH2^iWUf>d3*3X2PKK9qoCs7A3)HKFw%#8
zJXMoMhp57^qDuKDHajkG_i+FIyCH%m1reaWhZ9ttE$8*(Azhqp|BQ95JBvWp&ry`3
zW3j*y40(v+fD`MDYkq(<84G%~al$084*MRh6nnKDnPvEZOlc9P*tQPi9)!w9`xbV@
zPH&Rt$Rjt+8Rd)8E_@cw_L^d-hwf+QPkv2aua2w>85<Qu!A6ucL11od4lRz1x+mOr
zd#U8t@MonOR6;4FxK<3Rg6Z>meAwR^$<mc~2k`gImmx>26?k$xcWl!^nyLnyyUFNK
zMmLELD6aP}Tz@l_wG)ytp)L8|gzADv>3hww-N=WXXHQc+C00@;Mv(sL;(&Kj_Ofc(
zqYa8F2pGZ8r@jVAp1GJLN*o>vv>uqkMAU05>7VQJ+gchk%9<s~1u#w1tf6DKbJkoe
zhtDzv2JnQ6NqJ|G3N%8~DOSJlXy3Cr-c%4sdaPIvYH*Wwa}t5ws|mB8fFCi)GwBT4
zZJh!G^t2H}cFKKECyJ0{Wg4@TB~Tp$@bjtR4Fn$R*f5i>iU&Tq=!j6UMaDNga^I4~
zHCp!!r)={!BDJruAW$#x5|XYG?Ru`eg%QM_aisih`j%cq>Cx;P00YWyr^F*rU?el{
zJ~YUR+97FDWitLvg%$qhbw?lMoZGY3VClu2uLh@mICalg&y1HH54h4H<m>(?1b?!F
ztvR2DO`M_C07)rfehx93ulHBg*=vS7U0aUJ`~=LWR3KRd0+08HG3eAzt1|2md`tT#
zB0HH3Q3W!B8=n#N<W^Vsms-$H_E`b(7f65s{FY!hGR}Pgb|S*=RM*qW?7LLZKN_=~
zj}Pqtd?oQx^Z9rFVP*cLTxshQ=@HR`v-?sD@i5@<b#Y8$GaJ=zPbtGza!e4G4f@z9
zOGG%Q>+LQXbaaM4DO^yZiOM4_b4CG|AmuXc=)rMPxg=2Q`fta&P+>96qG*yJ6JY=l
zc6nlFm2xfyQ(;V4>i08P8M6LLUlBo0c4;_eC|M$D=u17x2tK&2Z6{Kc(cq7YX(emz
z+IYs+Bz2RhK8<D3+y7)-;NTv{*q!t1+vOADdY|-(`3r}swwmMv$xV;p9efnz#g;sO
z^`2&Q|I@}O`etHE){7u$XUvf1>x$q2&l&1STMPK})!<E}7L+oGp!?(u4CAF%`?7Xm
zZ$8f4rF@jhNO2ED%hg6}9M`=pC+-Dy?riV1_BSGk0rCz_T(@ttFx6c>`IBn}bo1fq
zzPK(D@9S->;P_f~Z9#)B2r<%VyGH2v?!bMNID<F|FM6>#Q-x|dPj-Y8D!J?dYK+ba
zCoXG5Ry@Tf@fdLWozuR6V~GO5(P_Bsm-2(>A!x|?(}y0+5Aeb#{ws+GHTW3X@4QT9
z28!Jg^!@gib@VnoQb%ycSa6y!F0f(Zk$8PdbBJnnGi4V@2YJxodP58(<!DwBd>$JM
zw9sg~&|nA<@kl>+&Z4LJNN5Ex=sp^(;?vSbV~FLO4ya@e0VBP4Zdh9};zf(53N#Gs
z_Qk3g<+T?H#wneDm+~ZOiEYSgx-R&=SEbINkV+zZYtnL=&IwGhzCMF&vkF`5QGd(?
z6P@S5J1sFTZI2(&2DK@qm&l&4)l%`ay%C^Zc|B?7-&nQ+-er=H=wKRlFCu)N;MBv^
zE>Mpl=rM?bA!ZGkB@RkG(AhRxA-o(AL}L!i)|(|~N!ye3Cj2aiDwEw8yLuhlYMHE=
z#Bbx~8MK74a^rjwu8Xk;p~aE&pcc?FF;nEzE|x%H)idHxE^b1bnHwsBN8k=T*R3o2
z1Qsik%rh%eo)ZjcC_Z?dLs|Zn;HXv-G%GJpdSBvuU!juv)ywFg*eX*`XvMIY6#(|S
zjv9nFvo3{YcwtnstjBuurm6{ZS)X3?c<+Id{4?;#(?2}+M-a{cLP+G>r9t8F(ogc8
zbSIrDJy0?jKIkHV&QSa>U6coqOM99n!{MiOiuzsD?AC_7`FI)b*i!Mgak>bdhIQf+
z9N=r7Pl*7OL$+MANbF1GP7knElIUDUd8CW<&ZM5rgRk)(=3P2|<qMNx(K{mNA}0Wu
z>SROuD#--%oD*_V*GPBsN?A`V>nr(0{(wX-mWf2Zlu*#EkrFwhn~J8OF0$Q`X@Les
zEwrS$r1vK-hTp&iC&x?h90&AB(8m>owdfEL$M@`sR%7K+2Q#vVjKPIm@Saslv8>x>
zrT+}DN{gO8UZas->+CHNE?v%e{7(j!9bKk&N~3~ZX(>QNv`iV!q6L@#2~CviFUuY3
zy^66PJH8LU4q&-c;g%Rwwm7O=+IEeX0tA=TQ|1%4jkwSomDrDWlh%?-L8!y39pO-#
zdp<GC!qUD|6MW+AE{P7lSC_wj$>TL3wcQ4gz-FnCqi|RE7M#YK2+N3r(5&X|@;Tt0
z5fId>Jqm*wKE7H4oE6J+on3>EuX-A<a-cIBB1sfb8nY2qguuX(&L%-x#T(3>=8ei6
z4u#l*B8^<aAY=?#XTb~UGAao9A&i(j)^kYpGRZ7?-0w3T*6sCeo_d4Ze#}pt{nrZo
zRS{cqK|@8;++SH#|H536Em0C|S@(lt1B)sFHM7k!6<e_ew(Xxv&v*VNwHTT9&Gdrr
zeLz@wCa&zoxe!;0-R4M4DDl6)b#3yM0ckRBL2e@ansSEopHtsSI$`z{J3{+FgBT3%
zfUsw)B}%LaMNQ-bdUQ>|^@uv%Nxyf=kZm=XBXE5kuO9#8+{F&8{%&8*xLLAH0R-8#
z6bWy6U-Hz5CL4796R^#Us6ATij$alRkdGb-gJVOb$38Z_VIT$=N-I&t8H3Lx2gi}<
z!(`SpJ7Zmq^C~>6oNfWqh4HS$Y&pK8Sj3|F!b#|X7v{WjIH`qS0XudO&-Ch&;f5GQ
zyzBezmi5(Zjy)Z*W`p9kAf4LJo*2%;U<o9;3|MKRj8%j=&7(8ZycBXcXvxX09ISQ=
zobQZNsDI%TV^gW@#XL?gfElVxN{)T_b7lJG*-n_J!QVM3@}ob+AHHK<-To&Y+<JES
z#WE)zyU6Fjyx^w6r^}STtd&=sxsGMu$e5&5B&lPjn9eim!vKg2oi=Xf{I`B!W|;|b
zY`ZWUwlnqC_#DcBE6T+kdtwyht*po(FEirDuo!Nx0P_T)SNjk1sLBFX>?ehnbt_{{
zH-AIodnho<YbgU<S?G#x(K1@GG1YoBQPb@J9TsWweX>-<ymL)*lm}EjOYdxBtSbiq
z^q+M4_U)TzaA-t~q&o}WNxi!`=J$>io^D_oAZLSUhkL!X9f!j}N*T7>MD238Fmm~8
zdqo}ln#TnE1wJUj{-m`odGDnB`4Rf!X{K*`w>^4)L2cMMmHOg_BchdDY&o!%6CotU
zHIv7fY;V+Nq7NW3SaG&DO{HD9<$-}A+s3omfb8XqlRa+lQXQU_z^v`#kA4wx0YMV1
zK!Z|56eS?x5^&NgWuAWKL9bXbwaF73Y(a*sO==588pVa!OW8Kujbtf1PPD!5rlrGG
z;*<^^1K}1QD9Yr<mct5id@kLgcua<_WR3j_fGs7pij+C}OuEYAT&jX>s7g+4XC$mC
z&z3eMNEQyH7>DsS0b06tR(Fpf5BS%u#ov-Kd#sl=Eh9R=ZK_;Dm~TY$I6BY=t(<{G
zev*`b6k?60b8%=|F+OZ-mhfj5XC}MTI^wB9da4!%{DV2sRp~Ac9QKaEii3j7NEsBD
z(8~z)mSP-S=}kL@b^W_GO)6tSKjlw8A$R(jtmwW1AOfv`PtpPJy$d2zD}UltSza#t
z$`YgG5EMSXz*=AwIHbB3+uZU&=QEIsaC^#>y+O8wi9X==d=6@+Ke5pyCco9M!OKkv
z{o`x&uV{87aJggtUY8Xr76hVlml14GbZD;PVk2QUe2hU@-sBDc9J>%cpXN#eTCfk=
ztS$}0$o3hH%ZM@pel<%K%arWW-WC$Cnpf|=qNPgtLL~8=)v}Qsj;}>tUUI6kjp7WI
z^d5i1)X3|e6sGzEu@U&mkX}@*<4w)pe(ljlT$L^4Yty|PZ(}Y}oJk9Fmt6~iB?^k-
z$<-xaSPN?X#JW$499o%48LbRfD6Z#Ax_(QD39c~n?0dj4dN!MkgX2(Z+OvbmcTr)w
zMZ*W7{&+FAb0e5>**Tx~Z>fN9ybPm=gI_VOtxyM3Gh%Kgs07r*=<t!O818UZ{fGDA
zh=*%zKzjXlg_&+{Z|D>3V5{ZuN85ASgFja6A(eUh%ptpX&zA5p5Pa8p-{LADqW$8>
z$QpCcr_pYw7PKi>Nis(<d7ruMnt@%zH3-t_uz~kNK__Ewv?3kK3i^IW5-*UdoG2q;
z;_Ic#_;r2*$151==P`!w{rM@y-vt6JZqwJQ%0LR`Yz&*;x$(jgM&Ky0d9qEQ8J$nk
z(+9uA{fFctJVG9YpYenl!>9Sdg%nz0LP%t$V{M}KP8G#wW98^_08Fdd#1gb@hnC&t
zHe82rC^-5k#`Px_L11%4!B+`+wTr@NYs4EK^-QS|{@{SsoaL^_(AyiZg#$qXGV(bK
zeolSlZUiju_PEF4ww`b-@3+-lSA0#m*3vJ;r@GUJtug<~P2n>g|B*vU1?BZpx74aj
z70*P+b3euuCBwKsJb{@{={v^FrI*>}@VCN6Nex_VuQIj{#Q!voVjy!RT*aGK0On{H
znWmPYkfpYz`{m!@g9J^dP!(MxQ|!ZLf5j~fmPqEuR{QB<GIa>zeo{-sy<EZ@VDna4
zWjgfhIJpFHfZ4r)6p%Mcyg~MWE=tJVXD(`uFMAU@^}Coyf=3`c&XNBHRDHm-i^$GQ
zQ3=!EAV`n_zg*<(U)${Za=~(ogM4wWoguj2S)urJQ+5I7foRpkzqP{fIfJ3ZCx2O$
z8n40~XT^slZnzWmE0C%?OJ`vCXGo;lC0kB1p4{UkTyiY};}f9q)q%D@{uk4<c)vf_
zt~goWM4GU9byu;~WCMPpj^~Ki#Hz5;rtB*g<FQ~1UBspKS3VgImigNHRxQ#`+_7kg
z6$VAkUMJTwVdyUvKel)lS_MS>XSQS-$>FmsHM1vxbDS9^t9-*d{uqyO@fji7pA7F9
zpk;53w_tVwY*9*cvuL94YKA8FZhnzl<M<XzK6x4<c&Ue7%ZFI-A-Y&A`4{<0yRX+r
zvOCQ_dLT8r)KrZ$ZC9v@#@W=N*{UuVDlNe+>l+D6r&@-UH3x-Sy2lcvo1l+H<Edd_
zip0_4$vs|UYszv6kY=EVRo(}i3I0tx(oE(5Pzf+mJoy`7O21m!{cLSn1zQk^!~lYz
z%|f^rjQNdwze#)<Ky=ZUHrSfqEfz1W+v3-p&|Ew)SHtBQk$UVuyG$E2`o3*rpY_I?
zT|M#X_3g38qr=Eux}!}kHCMy12qMg#ln|muE<iLJzMLC9sop@HGUWJAXl#7st6T@E
z+yk4C#VB4#a|g^;r=U@+pg|t1^m$6#-MHT-iOX&EGh2?p#_9gL5F~Fy6fWteaZ%h|
zW8?ZKD(G@n#Y3Z_tCT66X)F@3Znj~nBd<Kuxy5HDRi0e<2)Sn%W9+#*lx9r}RK*cu
zf@rH`CmL5X?>x$;A!5CsZN7g;h^(Hf{fVMqmve(269W8@_eEC~UXJs9(2V^a0Il|g
z%;i#h6@aOh2m*UqXxGBiZ1it%`)OnmM{{F=P_V;6QEP<b`klq%GI~0x>mg!aU=*)k
z7P8EB^p)Q?AQWiO>4STGX_o>ZloI>3ioq<Xu9fyIZLB&WIM~u_ey{rns#QZm6`sQH
zw#`C-U`2W|yMhmWl}!f!UOliorIXY%gaU_KLI*X(Wz^;FP7wKC7>OjR6n>bXMwRaa
z$w~*?X@QsAfjqV(((`oi2@?qO=r*IX9lVxAs3zGvyro0|{K=03Q49~U5x#DLY1Px&
zU7^UOQWuLq`&`Obz>?H~86+SU_{Y)jPwx^}gWu;J+s9quGB=ramzG*AFDxcK<8YZg
zAU3ZZ4F~8woIGSEtI;MYbpJ2XFXQFCNmS&#>gq894dVMr$e%mEA+FoRAA$z21y;S;
zIT*XVG2(6e^19*M{k$shX*2L}okU87io|YHK(1>UR;AKW+nMyym~QB_p5*WGb%$+O
z&KyK6hS_*kZYFISZrTBy{ovl4#8qcdb0D}~-YAOhfv|ah5U8~#PQ@diyT~8^P@C~J
zjypu2Bno=p?jnzLGqF@Si+P1BG)vkSjbnWW(MF<4DC4JxP1lQtW;LgoqM>kL%V3nK
z#dr27H>(9_583Oxrn$x!Rl`f|D{>l|d^6q{Q@iSRz>W$5e&ImojK0256qo4L*k;h2
z=sL6|>N7KcM%UKsP$5<-y=a8I36O$MvYvwuH+sn*ODG8X8>qmFDBd8un^)KL=N$4W
z1KP%i=WNW-#KCLpYnx^*An<2ImK^`j8uf|<REEDIH`Pr)ggh~LmA;8f?k}%@^v9a3
zY$Gpyn&LYw{o}}_VvomXeCbBUU@teD?G*1F)geYae9oVe+QSUhCp-ji6uo(+uX&LT
zLi~=)h?+VIs4nJ|i3Rw5h4tZz-0XjT$oSRvQ$Y~NWrD#O!SRHonNe~sJy}6W<3Gha
zLnLc;`zaeyeM;AA2#QwE_relG$lr9nQDOUGk<{-Wf^;?`d_G9t-q0dvO&*CMt4ZWa
z>+@k3+$i>ZJTI|G_%97(+t7MBNg{$PUU!67v?@|N(C!nGh`N{*CiDVft)M3(*c$pO
zxPYmUuQzeE$E;i_Xh`WB?CR5K9rt}&Fx>-|iPBMwzb(f<MxYdi$pGz>YVZxiRpz=g
zdzSL|9`h{Qj^1eT%z8`Tca1!JDp*oP3?b!-sStyY*bt;<v50w+Jn<tO`6BFyOoKyO
z&lNlDso?dW49mZSWBtAweMIoD4|c)-j6XID;F0><^Y_{C{1ipI?d@Ns(98%1#4pM&
zROJI&D?@<1wYEL)YSz03>_(C#7xq$p$hLyi@a*Hj%k{bzNFT<4Ud8kqJ-Kh=sf60t
zwMKo0p$!cV(aBm{GtI93>+K$<20&?%I$i7vGmK%wQS>@01MK|c84Z$Kk|>1QlKTOj
zK`H5eR1!B&;|F(h7d9wdvr7ig6C&!8lpim(6PjJLNf;bN+W8es6mAQ|O<FG|!WYeH
zOIPn47h>c0p{d{0hMf!nHeK06FJd}s!9NxVW<Wc0oMwD_*Qy!Lw&+hg?_rEIB8b^u
z;@w$I8+Xma?>Gyjsa2|I1e{W>H$m1;j-p*H@-;x*foVOUr)`aRyW{>D`PYwUf%S#N
z`^=u-e;0LO7lp<&)S}mesP4N0$|dPfUqyOuPaXGrH<+m*$e`>Vv15ySwmRK8^0uA9
z3<KgCUd4QPrpB+zl=!pb=B*_L+|Gnz;A#(eMX;b9m%Hr0UtC8%Hba`C%F7l@(%OER
znQRgbBEr0G)Xd%#Q#n3Ciee+61U8|O)TR1vj}-tFut3T8rf-JuJeRVnc}ddiD{1RR
zo^|ap8cJ6TS3H4#>%h{kZ@1PY*zq6KwJOIXuox9Q0xN<fNHGnyIV*?Xit|9foUFKD
zl!I$Fha=V_KeI;cIKxhLPSLRknSkxg-gOoMtIfnW*;@wANFz_i<g!<yb8ct3(N~@3
zszveXeeSl{B6$?QcL7*BuT<&{KZourykp^5jn2fv4&j2<I&gpUT`kv4caqDPd$cm=
zSe@nlcDq$B2FZ*1bSP04sOz^1elsaF1s07aw7r!4;iACfA`X%Cc4Ep8JuZ40=SuBN
zA9tFIFDRAPunwZnuj14I#rm7SDX|82Y1dFW&R#0RzjlWT0kh4qZ`>^eeGp~d8^B#E
z_6I9XP#yMGWSPW@Zq>u}T7La0RS~VB5!M)fTD%4WBN3!Jwo6h=H&rbZdSwp2^2g~O
zmOoMBL(!&_{zSvYQZAinq-cdoI1XdGjeN^WcUDf|s1I>~Ny9UgH6HxN^AlERTXJ2K
zOz)N@dYqVlXc`_rc%_o=3_c335)0f$XO4q3bDV}_SlN6CLicKTZzR)v1Bov8>VB{n
zPkAw4h%9mcIb0O4>16?1X$Vg2no^Zf=^|G9&SjQSVVmjfpt;CajiQz8@o<)m%D-}}
z{j1~SpEaDYDB;2t#zNiiCBGMu9-1H0=zKPRP(y`B>nspkL9hTn8tX#!3CuApnEW!)
zlWkj!5UvExq@^HW8X&j3NPgeFf<Yb#e3088^E2%y_5yHz#qQq2E`<zCrti2?0w^m|
zHHwC+jGN!R()m(1Q^BpNzrlG+T_@=k<YidPS?Pr~M(^hhC(WOr<VLPO>7UqaYjVJh
zb-*>#d}Wpu5w8mwLLqhse$}0d>k^#X25%%GF^Ybl0n(AXa#__VzgevKP2SyPU*X{x
zXd<jQ8M+flwK)E4L>!ynES5BC>Zkw2dlrH{#PM9G9<T9=w#fN{x1E3Ib(ftIVSN!v
z6RS$DjM70681=XJ#YKufs}w5tl9mpUi8rBh4z=8tCl&Wz^7UnlpDF5nSUNRt2%ioB
z83>oK8Jo^1=Ox5s92A`MKW(F%gYMMB3kr{{axc?duMg^N9VPvo<9@<86gPrb^z!(W
zvS+O+vQ~<=nBcXLwwg1ehrXH!LpvF907yA1Ba^l4`lO>@#!|?6JdC7Q1gi1Cj>o21
zZ}WptRA{+nP8{?ZZra$wC}#M3zojCz!0o-HqGlexgo&Ipyn%>Vcs&IGxmfS`Kk0|g
z=|VHQi2?ULy9Mgn80a;1rj}ik=3CBY0L#Ks`|4!UbRBd>O}Y2-J{!)89E~*2pU^g%
zxJgs{l6gRz^}VBi>-TSYFlkgQB8T^izPg4v?%?hb)AYu_5euiFB@HjnYpAVFSxeak
z3foh_am0L$>0PLC1RtpM+9Ekt`I$vm;JK0rrW1@)5!IWu?R|MXRo(Z0smLV~r83>5
zlyK)s<|&yHGK9o+aWi&ZGm%+|G!lt2Btw}}grbrX88c@HDKi-w_?>g9xSsFxdFu21
zzFxmSp4&@j@3r?{Ywfk)d!Mz>Uguu-485GD7mZRf54>9~>Owy3bkVeazpDHm_owW7
zDFgl%>qMk!V_3>fRpVY#A9Jvl{Kl%QT$>xU3>=tPb&?~r64r$u$b-n=c<!-3Q$e#O
zCP2P@tI*6w5f1Id={uyJ7Kn_JTKpE?&4n>9uMZZ?2da_I%)C8=)ri^O+StSYa=cB%
zYQNg9EaSrm`X-T#PVwxY`VU20Omwmc_}PcBwP`~~&^Dopg?Uw6+l&=@^sF;Grz%_-
zihMb{a!S}4!s~RWbJIr?wk5n5ur*XR4!m(TKO|y%IO66}PIs9$qnO~K_t*Li7=j(v
zZI=JOCxg>O>QmV32xZX(qiwm7;;(bQ4yBtOUc24<7UNhDNoMv)$QDPXh`G~wtFQF+
z+=V)vm%g2N$i;v-+EhJ<?5wmpWB<-vG=iuq&UM5`UGuP!NLX~%)a31ri4RAEJy{#v
z&rj9qhn_v71!v8p6dLPzdc;>M@2YKo^zh!}nhDE&W90>8StK7q7Sa3y<CW#b$?6#}
zhD&U_1lfqZ&7@f`C#lG;v-+faPQld+ZTBx`UzTM!D71ZV=h|$Iy6X1xE%^DWiP<{;
zkn~`E@|M(_Y}blb_aEb*P~$l-4>z!H%M7vP8fRVi$s+e;fCO_HlhNZ`lgPV?F4N^}
z93!u>80v;O->RFfG|lDS&Gcq7kBS<ne;|)utNiPH<>{L`l$nCJ#2G>?`QR{OJxkpB
zLxr2>0@1P>hUd#W-VW$Vu=<QWQp!>ZTJP7?jf@?iPFo*(r0;3DHi77If6nEV(2eg;
zbYk~P^_K5QGcFJmKOVQ)3~|n$?9}K}h`GFt*D>h$P2n<vzz#~t&gZ(BV|K34d<mgG
zrM^BL=-6><o)$Gs%Tp3;eXwWS;kZwJpJsH;+c)-do#lC`gF^;e7Qo(za}jS3pILkL
zaj&t{{2VqLW1(_q9c4ICuDw3Mqbz=0w)x1txElEB-pw4_rjBUOBjts3CTgz(->%*&
z;9!%x&yKP=xIL}(@D-8WRjH*TVjE+KJoZ;m;r>}nJ?4dntc(JWt92A!j*$J%u<vT{
zP(*Xqd^59Yk*!)Y%4mO?hUuOAN6*6D`R--O%p{+iO}<1V92`}WatYCeUnjW*JjWTD
z8d%h?GD?23U60(L?IT-zTd0LmgfBv7+fHAyl?z*bUrpYY{P!lOP#(E6;nku=N?K{g
zH^f8Rk0{^BRj^feoLH4VuC(qgOT7D`y)UdazUwiHd@C}wxWKByw{z;)Q{V9OS{Wlv
z&gohz#ob?wUTybjaemv)#y1M*%bE37QQq*?5L(VvAZv<FNUv<0QRRO9?p8^$fzpRH
zmpHT4-M1zN@sHaCM_McGc<6FxB&NBKCpa*Fq}w<Ab9|J-Sr4YlpjfR|{=2j5zMXy`
zK6jD(o{=_UXXwk)+Y0A*Gd&%fc$O=aGppvylry@PqgIA52ptAjV&xJ#{9%i;GN-~2
z8tqb?p5DOi!JDcT7dhEj*3RBJXni<`{8s<opeBc_4`<tf{_KX<V?r#4wVL@^t^2lB
zEA(%?vfcRJb8p4>32bLuOTR|0y4X_vv{792;xotxnag3JEf*kV8R1)}5fsiES=rho
z$+VL-T&oPVp3Ne<@6?TKVBW%g#Pvzu=s2rVGf(`RHz}f(Taz05lOH3mr>kyCVtRwP
zVCVi?Ffwi5`^mK6i_8q4=TlWX6k1<?NRrd8QUB7*whj{15p`52KXh$@bNB;7zQL=Q
z7V2veskB|>#}&fQ$zeFhy8PoKmQ5G%$|<Q4lXE2hF_)t3O{+t13!LMW;icXYkKX%O
z-M%UEbQb&yi+%YseoG1Mw18sXA<Yd!W&|m7`O2pE4V;gtMP2QtfKOgl=lAVE(Zi31
zgvuz0U)Q$WTtjh~qk5*4fw=G7>Jn0jz+h=u`t#X0H#P;7H40KiRaGBO9n4?-E%!vv
zNZt*B@tW!Jad!5ZchLv6#MDmUvs*;#t9$Z-`p2lL(}V5gEbZE@A0=NVy4kU29Onr+
zS4HW!H5X65D(pYW$(P6GEic5@*o}U$^Flz9bw^iVm$xHwSjp}l%LT)UQ9eEAu><eK
z@DG}<xvSwuZ!mgKRqSDf8eGWdb5pQ>dKp^4>(jI<@zFlRP3^YCvbQ1Kx*vOt9+Hnr
z`Zratx$Qj)`2VV@QXz2;dIt>Bw1u`jC&m+<Y`jeJx9&H&_L*`;<yx0JgH1hpv*9oo
zl+7#Cf`h2axmkC!7h+fk-4eNKPq3{29q%Lj-J4Gk_4vp2qe-o2^jD7;pJcHlXl~G9
zcC=x7HUoRrljz}OJeHpsuVL<=6DI%Fv*XZZF@vOAqNXW(Mry>9H=L&qc<|@Cjc6po
zT;KFoC~IuKlz}EnW!-eV@IZP~Wy3JCU9@DNV=9w;z4cIsb);*B)zx#S!auTHles*@
z72cr`2IF@KRIY)ZZC!`pLy8ItM15)hcKCH;x4u1}<a5t68&pmz8#si<v=<J0h-egJ
z8oj0O_*J$P20svfuy>0-!IK%su}*G_dq;}1sa?u7!p`>}Wx5#EbMH*RDid->#7cL*
zuAI_8Y20w`>sf9I^(l@aWeG=KZmn0w0eGIXnqN}CpA_zJdv3l*fx(2Ldhm=!BjmRC
zBmpOK^0e#e;XV75TTe1b1hHP|;=35peZL@ej2I)#cS?56qtADH6y&R~Tat)_HDQmx
z1?PQPdqy@jtmdsk?A@bQg9Fz}HA3@JrX^HgDy=TEx*Wn&ypQ|_HqF>@yZeC+ub_|T
zpz0AD;3uU`zn9is-*n>GU@p@W(Uj*3ZX)v!rijfEg7%n@^NtTKTR0O~8M@;*@|-UD
zJU~vdj<Y`S|IXE#smD3-sEd7Ke^CfzCOU9Fy(?z=lSqzx`7<2zIgLr?{Ml1%8$8{1
zUKu@n(th1O{`)R%VjGOsVv`-S;0B_emDy`BFZ^6*+*rg0i>H`;>^+X3zI-KZdIL*L
zo_GHa&mGSb<VBnPZWT?1wWj0-O%=xkG@jROL8bPY813$ZRd_`hR6eNn-d-NBpRaF7
z>|%cl6<6dWB{J%<<142buZx*xD^cvoY-K0E=4V<~aqTaPmUT+#b+$n7ZAzMzujmj+
zK9BSsC>0Sjynov)LDxkOW~wth8+S27Vm>a;Vq+x}A*6uumb{s8?P1?!q2hhHH^nnk
zct+-|&zmMVDZC7_$BN&*c9;KBeT}>_yTn?}%ZP)V*Swl%^O05QIc=L%Lp@KQ(F}|!
z$BrD`ux6q_T_WSN4Kg|P{nY7L;HO$PPxp`Xg<XlW@s6cx;5qMcXRZ>ywL^5%6>s*0
zw&QO5j;+TYD9bHJ+}TsGI>V4b+{w$*E6Nu#Il8}jW4K#U($=SnM<**x%tUh9Sn`Y3
z?mwC;kF<cQL8seTtpv8qm1CZklmwPC_*WtWNM>h-x~_JAy4;)Bqy<mn@Hhc{6_B|v
zQ<jqypSI;NV{b^#K!Jxd*MXvP#=5z^m%TMRai`*ZQ5$h@U&ZM>8NM(5<<>hRlN&RS
zw;wo>{AF6Q$54#*eC8MN?!G6u?AA+qrry041vO3ADtiL&rJJStnOiZL#(Ld^jm5OY
zge2`L(ed%`lL{E}e;xI0=kQ43<qZtco(j5mPY`M^PaS*0(z@O=Sw|{Pe|m7-XSmOq
zU3Y#5$A`QQm}Z;I#Y%maW0@Q3@0&_SuVxx>dJ}6S*>cWgOCuxq`tKWJ#-G2=dQsK5
zkws-YM@zhFo}m5_OTL=A^oeXX=rB6A$xM|+$E_kqzBTS<yt`C0L^jxEL@`D5QAu!`
zpI$Tjspdj1fmId7k@LF-ax60k8|6uMxo!2TH$Ci?&7}eqW@_{kUKcU%M|4T!cC3H+
z9GCmW`L225_pkgB&<}2H6%o^i2q9>~mwNxCcU@e9R{{vDZ)wKoMxHEV)enq+54{y0
z!Mzj1I=SPLczcPv?qPmR-5C;NQ1ltWP#a7^90o3b@S~PzV?np9+|?PTbuDq)+wVpO
z986==TgPI1uiHC~llca_oFZZNSeQhXa!b8d9cyT;&n}n2)`9zj<0DPMYgFzxmz^JE
zqGa7HEEv2#pyxAM_-^h+Pk&t~CaBRotv%UsY@bY0p@CKP%l87Kp^QUPxchw~hI+cM
z$Hpvf%#`r1;SgpjJxB5W!Wce~?z~NE7QGqG`pC;4i*NV6C5+8*Wm)^}WRxVof$;n$
zjiikm^bPV~CRdSFzQzyd=8cl9W-bc}3eNa+-J9}@=t+z*N-*hfJKf8fd0nm1Kv1n=
zrYuZ9+U0%P*TK|~!&@9*&8&`qyEo+z29~Aw9D8GY##_luP_Nq6V!ze7Idi#-3NT?C
z?e9IL%YxqoTDwJ_x97g6+IJ2%`!$TO62b2qEgAM;xNqzMF+S1i-qDI-8Iedo@MuP2
zwAcO4?a3EspjFIL7YhaQe1gjdOp7HO72>`JdTp^2h7c-ldw&U&?OVfo+T9>hb8JT(
z?&Bexc*({6CV3FW2e)pYdhuc--wZ*)c=&{)L-OYn4Mv||bW0!6xZN)qCu2cS2&-<+
zY9Q<wR8ME7L?o6a2u7<S)lx&)6=r!!jH861HG2dbK1M!@$@4SH5lY-U7DBx@66^Ka
zs^6#Q2-}We#*$*c+au40nKrZN8c2Sh-10VxJX<b(@8PXcx08Wfd*(OCSod@tVCyn_
zt!aK*hT~Om*1poC_2=6}SoMmw)bf|ivvdfHTWK)+t}f}`U+&5#ILDe2scIIqGu@%Q
zxJ+BMYJ0(_iCrPLx~yz!Kiz8KZI5Q*z>(EuMhR*UI0tunozc~7uDWj{Qhhwo&q6mR
z5MzR&1cyP$@VKD&L`Hd8!VLnO8&`<qq^;PF)1q3uxB4kv(cbL$PD;Fd<7IYDKh5!b
zf9Cf60y1jdSJ#XbNBe5EM9Fm~USa)$ud1(}OsL9u2$3z&og}+P_M~p=T`S-e<Ymr0
z!~M_{_~O@&s@PME>P>IUHXr?7x=H<o;hqXk_rfT)n#6FE35v>bvjY8{$<D_#1TGG+
zNQ=pS(QA%^i=3riI44tH?eyu}bdTVD%<!CA_Dh@evWD*uQm&75ittf~S2uR;VAhGN
z-#oH^&1~ZZX5o%qu9q0!-pSzZ7q&k1gt6ZOR*}%rn9w%izfR@TzU<GXDL2a|@#z%}
zJmu4&agu56&(4i026qWMT0$u^y>Jy7zNzf-0=;!%Mb`0Ur>}lxlaR3Y&))L6=W1RV
z@EcR(h8djB{Dyv;ET3mS8whY{Iyimxk+NGu-4z+!SnW=~V2-=nRT*D5laISN%VfV}
z-kQPq;kYx$cST)3Uft(wFekg-dXL$~Y-TEj*7!<>2QUSV%~#B?o#$iVG(zpP(r4Pg
z(~2i*eodJ;{|tm=Z{b9xkj(7Bl!N&R2n2_O!l7Uai-aQ)zsRUXvZN$T*WHl>Q+BYY
zDw3Rt6tW}LfkMk_n%R+H3J%T`GKm6#DchP^IYBW%0;nl3@8D)6hQ>q1ka#>4i$_86
zXoLyuAl1y4Oq8>?vL!*`5SW}3kz`K=iy$zNH<$q%Kwt`Hjw&RwmGxqw4wYo52gL(T
zK<3J1pg9f!D5xzh{Yzu?FOAhn_EuDDC?1D_0hOsFKwn!kDoK$<bg&=+Z5D0d7HiV@
z+P)RfwXU=1hWsm+!v>p14zX@!R54`8jv9z33p~z>u9w}(b0+6StA6l->s8dqnUD*a
z(%R?&XV;Pvf$IFvGIhN(=N%gA+$A+;KaXSioIXe0sP4H#POF=BGYWq>-}9=g;Ar)<
z^rMoF@mJqxsLl5JpI{RY-?mO3^A1UQMVxzZ)F)2UT_U2oA=sh4%<J2zOVQj5nERt6
zpHJkcY0i=}C*F2_neN(k_m#<w;X@Mx6GPwYyk3p46c?L1HC*Wly42Hq$@Fe8F^;Xr
z>6qOo4}H5}v;3Dm0})OdCKGYxDLvC=xh?k}+|MKy#W?AVe?#<Nd8ouzx!N#loniFm
z=BN$L{cVk}8E3<XTwn0?)$&L0q?l{I;ByLolwudrmQ!?qKdPVKe$DsQbFx0ZGH(Pr
z*(aH1mS(F4U(ivOXSu(uJC$JC`P&!$FPl##nRfm5CI6b!=FjI&`M>*soB4}NzV?m(
zsf;ieKIZy`?^MdWu77@speo~cUgxM%u?j$yHs9Z18(B5GW?xG-rJ`@1#ZZ*b8k@9n
z|HhirFW3~RcySgja)j5Iud)mD=9;X1L%nMJ)0H1A6q$l_xhEfoStSKI`)b-%h#gag
zR6dXvyDs<o>1oZaAD#wgi)IgmJCCO4nms?B^ej|Pow^&(d7bn`<7|%P)r-J;*3?%4
z%AVyw<={+KYHL?Vrh14=#K{krh8$g<yF8kyidOrIj7yTr=IgW1x;!P-YBua)8C7`t
zGh*&*?^&iphpfgXUkS;+E|yH&%VJ*bsxRs7Zm+ZD>M3{eOaX(G1J@HKllI0uxmW+>
z^O{erw^5?bqr;4i&Fu5nEt+Jr%H~_5(t29auVW~)+q7JWgJu1Q`LAkS9uK=S$EP_R
z-!`%S)yjkUHDP})F)$rxb1JyrfD{Bw-pq*vPWfNUjIP5GdonnUp*V2DYXeIHnc_rM
zur{LrS(v)nVj777mLh$!1=ZTg2o99|%|FQBl!5IaSU4Q|U;O>s{=cvv{6CJ)e;U32
zZtPaJUP+<H2CW95H$9y`|EtEY6i|nTm%r`RBJYJ(KWeVzPAmCY7tDcmeq5K<U!cMv
zCJT4iUpIOv4s-;T-Dj}?0dyDu&p;Ug#elO|8>Wl|crT<-P~2h)4aF{&VxTx$3bOQu
zja$M9nB!0!$QhW>S`-JO4vA_6(^6E1>5|;2CQF-v_x(ljv{ggP%!&llGNXXb17<<6
zHpvO_N{A#UC=QgN4bvc5kj+4s1T4o909_GC6PON_;!LD2G<5>~5d}aCfQ=Ir^of@C
z8AZQT{ci~c9G{;;QMB$aH4y$+R{=K*=pS-nu>-n5>lV1!0bUW9UTPs)>7t1i+QDJE
zWU4JmQdvn^84gFI;BYJf4#&ZPD<1g60BIx~jzKS`0U8cS10*;Gth-naw!tERKLy|q
zY%jNv2kX+x0Nz+7X__xbHKO@vFayJ*fO>$rp>UHQql5$dr47>rMs`vAC7q^q=kJu4
z2RZ-<L<8`pDF`YFB!1+Pi*y`t{h>Gx^+PGzKx+S;R$3I2%c6akYPAG)notz%hl5E2
z%75@NGp;acaar+{ziTh5;_Ds8uimTXz);J+aX>?B<A7Z61EbDPd?%!dMNnkpVMRsR
z!$Km*A6u^#(i1gUzaG-GW|MCH)-XYlD-MS&Z$^8e-dO-YYi~K7Kkw}_?H=dd5xvg$
z*siLL#CsyE2F#;{Bp>sf3q7Y$vBo#tLEV?(agQ46iT;IdxlWizJ3I8*SV4myR6t;~
zI`Mh+r5CGwOC67iJWlkA-G6e+!BNFkz7O#^7gO+xPeOHK<2!i`cb|fZ>fB@PN$GsV
zVO0P%fj)l7)ql>9il_>~Rz-)B&$uP3aNH0p=bGb>&9`L9;$5|#4bKz$en38!$b}f#
zdgx4!N|%~o=~&BpqgC;5E|zpZy=xF8cKAJmpf<c-SV6SxDRS?%$bgsH0ov$;drGz9
z)+*GwGw^1+%X7du@)O6O>W0A-NZZ_agI>Z9e(8^4=u^76BTDzo!8fba!w$L$qSfQ}
zY#OiGxI=(b4T0vls1mr%y#Cl&RceR#7M-zkZ=f;)!baS}!u$5ywED~(p1aD0LMm;`
zTjgll<1ISZz3a;AH`%LKohvkzytRFmZsY1VZQq}HZX0vAhic~QMty6ZV2+S2xl^_s
zw)%SxV?DQ8cZCvC_b{)F!lfNo<7?IV1r##gl(6^CXWSj{+%v8cS%EaMv!zfd>496{
z9YxsA-zlE#E$Qpz4c}$9Nj>apT9jS_e%r`t1L&o_jK1alRw`>D>;gAS&_kx0o8HzR
zee&$i_w`L@Gftnt@jy$Q85qv8ou4`J4KisZwxfP)yg_q~2YX6mt(BaQkBD)4(^&6?
z!Bi(d^8;(q@eEC}oF5nzjx(nF@;NfvKjxe{O@MMK`WoC@KPm@NVcK+ljh=5FRDjD*
z?D+oMs~Y0B)Sp&%T$}65*(v&9eWssHJbT+}|Kn>V*AY80Q322pRs?iQBJ+UU^Ygnb
zm`)}%pBLa_2vo?@Vz|T_x`U9*aFl7Y{4T9^x!iaBPx*!`0AH}A#ZG0}?x&m}6YmOV
zs58T+uZek#g>z5&`FE{%+Y!rZ_2gBjq#MeZ?d{{>PRkilug$~$OkF9Xc!rI;0{lPh
z)LYLzCMO?>7h;Ztrk!U<WKEUZ9*Ip{^DvxMu=;%d+D)gGWSRBW;^d(_E<6^t;LzhZ
zvwm}ce}HAFd#Q8jMzgTd$QRHPoMNGwPod_li0CMVO5rOU)0`0;u#I0sc0PS8v?){p
zxr=a-;b2yxZY@QdgUp>8N)4)4*uMMR#R?0J>|MZ@x~TR=lHPlbYmV<2CsSbV0pEgd
zD%RX;I{a<#N#M(1u4*f%ro`Ty)aF0DJN1q(@y<TXC6RdXq%Ar&sdn}DAJ;oyNLEHA
zJ**S7PR-5Br5xQk#4sd2lyu?3h0_<#)_UzqsNJ4KNh(vldMW5qM{P8frGQ;3PCUgS
zSs?yK!n>O#7VxdRSq~}mDm-thyiJTHwpl$oY`NEHAJblzOZxltMR5D3MP&37?rcqS
zOBK~NOx8}O=q4HUMvEM2P;5AGIi)}~Py6$OkG>xtY*%}&C#EZAlA)4uY$&^hxI3C$
zI!S~?xmS8uI#rr&DMeb$-kV8xPCweXu5o?LQ!I%oOQ$(-aHQE}5aFC$;O}wi%cjq&
zpD%v&=M5m1GIxjIpT+KsJylgmmZ*D_Y*vTWu!(KlZzoSI2ufj0J{(_@Sd%iQ$=NVj
zr(V}~r}?J)p|kO%1dQpv12*}M>oTnBn(Nw=CsMf8Wsu+RW7F*t_%e%(J#V<AOg#wC
z)b!O%uF|~jBvDNz6vP#z79<s<P!D`I@W}Zb;F08!@;NU4<85vc`Bya)AEJuypNcOw
z_PKlN>RjUKRJlaCOu36sq!h00cnhz%SAVbFu~MblI<p3Hi}6<Lb6sNQ$unbYJ#0P9
zoH`e+FK*Z^wmU)tqwcSMH5wb$fgwh@N0Fi%qT1oY(N3@HDqW*Zb9}{k#k565#0tdB
z)P&U%dc|MGZF{;+9Q71+!jjdXCgV|hcE<Mfpmajxj>d<LVvW^yVYc12_gkn<Ua<ps
z9dwRMAD>b35O1q-E4Ec;P;_v{<+2NIaNE?}RN9cykSX3k;y7C&pS?sjZ@+}Sqpj<=
z&i8{tCr?nfJ7X!Dj+qqx&g_R~ZGywQxNn}#e|6$2r?`X3bz@TI0b?K69EzG#nyaVe
zE9w?(noHxo!qfY!z3+bQw57U~4oc-PNli+*@niVeB{xW|i~A}i;2!On<iR)YF)USQ
z)a_mASz6v;l~ldW^eOIf{^R^t5d+)<`dzN?-aVFSE_vc3`WSKC{c*Ic`Eke2#>c0j
z*P*AhOx`r{_7nE?$Fe6g!PaN4Kef@ELy(yq!%}@6<=Wa-I1$zt+MgHT_a^?0UBYy!
zdRcbqscVO>31CYob7hXLqno?<SPWRUz;2t4N|f%uiSO1-G)$DtmQvj%B7H~vgkTG<
zK*$6Be77a3vcVw3z|7W$mmn@;@6$GeJN3?X-cqOoAuUtvlQ2-aiv<R&Jt}mRO38X@
z-qC%F`Dwt1fG+{lkF<_$aF9go$r3pkHd6NPiI2!A*CmKD!Zm%Z=cV^?x)&z#%~I}0
z<JM;ms2aXRB}CklpAp2s^CX-F#n3~tEy9O$Z|}W+A@2Ms<4UfS&}yp>mZB9ODsn3;
zt9dIauUq0UyP2;HUX`y6tkv7bGe7(BQcT6$SHam<R{EAD6`?N)1&Vf|ZU_6d&nCrO
zkv`g2GFaFf(EF`-Xy2rMx(On;)~2`P$eTM)j|`=4(C^RSH{`t6*Lk$1B{xr|zp7HK
z!aGmg!^9{~v*X&MuFtDK@r+-d*fqO`rwyy?AY{vBKiFbXLhetFSm)=rFA&A@3i6J7
z>};l&%~!kG{2N$dyI~O*k&dFkT%|`zK56BR{<}`>dZika|GK@=_{^0pmx^18-M;oB
zgR?*K<?@a5`S<SV&Dej=#lCsASTO14-P*$JRMo;0It@?7pJaBl#})FVIp1MPdpE=}
z{O}>}xP#NVgBs1!wZ((p>^8Sf>@V&)rJrwV<I^?A&h(Utkv&L2(zM@LU;nO&Y1=B?
z3m#?mX95LNMI+N0=k(5b#^5yqgP)kqb_vS}eS700G^6tM@Nms@fpb3T63->{-mqd|
zcKkL6$=htt*$ok-``tWaj9Rm9r29xX%FiqI9{haqS&DVaxTd#6(ct7vbS0{~YWEF3
zd(*a4{l=9KdHVZrj1+A2>Z(<mKie<yNJ7(;QbO&{{?yx}|3Lp}ri6*zFm+IJDyOIV
zwTY(5>-MVljJL*_d7mpk5*j|$cup0Jd_Ifwvo{`!dHc3bpxMU>dg}OSa%W$U(M=<m
zz16$8M>&1sWA<HA4W6Xwypgxx%;(hV;_EsqcDzfdVq)QM+t$Y}^Zm$|PhTS+1&0Nb
zA}0A8r0#oqnb-SFwp@H5yz>z1hNkqZd5xj`JN=f`KHu6WrmM1|vLd-JaNn5Q<B>W$
z{&-)o{!ouu&$MYuNnGq6w_CG)okqj0;jT3!{2G0agiB!a$LA7;h@<6&H)>_Pzp#IL
z{)z7|9;o0!ZxnQ$kyteT=W|iu+3WHR(;;W7qcim&ZL0&*fgRA*F$FeSatPQ$0k9vj
zAXCW>_6IG1y%5<Fc(}XAN&A32^q`Ug7D2#b#gO8Nz2Ng&>OuoxyJiVKk;T(Lk;N~0
zB1_w<X^^O97G_klpAUHqG}M2%(kNgH0yx}@Pi7@$+#Jn_HY6(4oMc6|ml7N)ED?l~
zEu;kXF&c0UM+K5KS;d1w((%yLC3@Hp2^NAf(hx~E2{$`OJ3tE5&Cb@|Ny1G^&<uFY
zO_Bi8AQ>ho4S`BhEP(h5MdighKu$`~no4z)fWcf{UBz8d;tmum7=l0`z~D$25-A4M
z5OZ?3r<%Em**on7SuF7Qu}cPQ1qFGUnL9XBr33|ma`3aDf}@3{8L0OX31(!n9Zd#U
z2D5j9ku7M70c;m)OE>}#^rR7zu%%g$>yL7xgT18##m>y0NRpQOS#2p5)DZ?MwM5C^
zQ{001Q)x$MiY-lH3nGkUOR@v^$S{OB;)m82L<u5rr~sS`fFc&HqeD8mkXta8Em>NP
z<U+QG>YLfxiXCz!+3Ps#C@ts+lr6NQY5b$1By2g~Kkd)YaroIEdna)kEX0WpcA$-c
zzMy{e1;|POh_-Mhk|@%knujbc$wU&^eJDyCPBZqe3V&|qMS$8l{<T(aW{!YX@E=+M
zu$E9*FtM(KgRQiJnJrNgMo$HeDEX5}QUs1Xq>*q0LJW=&Lt=E12njS+0*)7hV<g}}
zPv~m?4}DoMJ1}2>`33tq!4`)W9PR(Z4-FOnhx}=*{}u9E7XH^<|C;N!Ebv>E|3%lo
z=K3uQ{8r_E(e?kKxqkWjKun61peyLf|HbZxelxLfdZPrmqYz*hqXirrLGcS`OfW4g
zC~YqSfvEu}KFdyz=nr!KAs57QE=!KUXd9b<$OXBa%aZf2-{FE<&Sl9V(eH3UFXsXt
zC@noz`-eTkEa!p%&!YZ-4VI40lGB#o=@X8Q&5!-?j~J$Z*eN_68~P3OKV(CoWAldq
z25h<v!H7SFFdc>we+XjWC~vtwe+Xj)9gY!y2xJ5uk`aFhWx%e>`i1;MECY63&gT!o
zjG#j^@(<Ar*mb!+e+Xy5uFLuSA)W!dF6Z-yct+CU8Tp5J2JE_ApFhMik`B+vKg2VV
z4$sIx#50l(&!|7dGho+c_Cft2o{@BTM*Sh40lO~O=MV7=*mXIdKg2U&*X4YEZ`>Cm
z68^$dLH*vi|KdY8FVMd??!WlZ%?tGJjr%V?bn^oJd*l9#58b>#|K7O&;zKtt(7!kC
zzxdG23-s@;W54*&%?tGJtz*CV(9H|<@2z9M_|VM@Ac*^Se7awJ=p7gI9|M{W(KI)I
zrI)EoA(6Bl9H_uffEEn~=An4dnm|mMnh`k6+E8$iw4pR26f}@F6zrZh6x2-{O7mZV
z3kY@K0wNW-fItH-3k+!P7m!<E0o<f%WeZGbu7@^+<~e9Xfg2Q9M!RnVmjy1s>P{mr
z=s~+@0c8tZXm<=Cx1bAcz1D`(mRsPmpbKh&3u=K2iY699TPd`mw22N}7R1t~8IW6O
zKm$3DTM$cw7?4{KOB-Myw;*=eT1K<pqNO#R?VOB&U_vA4e`!g`Kei<FZ!8J<U$G=)
z(UK+*1kkYsdqV#^dqU{#X|g1aj257{6uMv_p%Vl~AF&Ae6|xB6<!8(yaHoN(ku98z
z7WTK$g~<j|7vlq$h{A)TyHu0{aPnsBU<J$$K;&YmBm@Q?amW$D^S*_MJt!?W&feM9
z7E1dM4lvgvlUzv@ATrL91cX@vag|``Cz+~G2HqiYg#uBOBryCCJU_H0+k;V;3%Fbi
zu>3JEe{Rn;%qTVofdedn3z#HX&{!;T_<1zxWJEi;)HVT3v2bh%yeI-ro~3;R1ugbb
z&Y5cMK=~2k2t*0eqW{1sKrn1kX)#(5h<W@O!U%*hA{BwiK_G0A777W3IfC`TkVhPl
z2Crxg(67aVmmjRbh{zvNkYHfpkJF+b<#g;o_E=DjAF3=yR3ZUUSg<Y-yod$lgTag_
zpbVs=;6KCy;{qPz>`{~e4|3oLBnF89LLI>~9AP+Ic<&NpxB=q>%uhT40&rUV00Fod
z03?=B8V!L&;o$%*zz@`Zfd;0*bqoCbqM?y+VBuIwL!ba-0Lup*4FkBDD`<q3G%Oei
zOxG3%!k3PQhyMi)j2)({M*!Eb<ut%LbbUjh5OCo2Bl>y>3|)VLdPs1crQ?TMX#)gm
zr7j3GxRBDd#n9Unkbxnrl!3*ruruN>?1ES^ZU8?#80bqUmw;Iz19-1%g$yKo<rpCm
z*cJUiBEiLQxeUNmD`lX-$x2u6FYp4ucclyrfnEk6m0o9HE+WAtf2j;$j^bA01&IaU
z4O?0dfkNWI8zCJH58lh^Y2dO+M<cAn3jmE3G61lxkby$1#0v_!5-%v!O1z*@EAfIt
zW9e*wK%tRf<oHsZLA%h~8IC{`Kv!g0J%9#!2Fqy}1pS!95g1_ESy2y%p|ceng$0%g
zx_ST&LuVJD9tw0tmdQn73H0LzM*+h|-!}kNKmh;pwrC6%bSjqdLu2qOX;=jKZo=|<
zSQLSthQXuh*B3ZI!_wgtpkcA}`T?_ig$*!(nd#RdBmx5l>@3v<0ZhRact#>{E9Mpw
zi36R*<!w>e73%>KSguycK*K>7ad}%boIp302qYQ_x_@-_R*VM%i9=vl@WUZi>Wo9J
z=o<=!LD9=aq3|o#0~8wgN2d#bprv@BQp|uLBntReiVoQWaQq1{a5DhB0}A>K5E$ri
zK*5^<Eu#o{dy<NBN=PL+MWhlEg~6lbaEeHjf+Ac_0fUiOQbZ^NxBmZJ1@yfX9f%6n
zB%+OzvmF#BuZYGeVX;8}m6Zuf2oy#UFb`G{O8_{+0fC^W<U|GHduX?7VD{qCaLBG*
JN{5so{|{EC=H>tZ

diff --git a/documentation/esapi4java-core-2.0-ciphertext-serialization.xls b/documentation/esapi4java-core-2.0-ciphertext-serialization.xls
index 7f3106ea0b58caf2a32cd2342918e6e14cea83f4..86b7de7a00da69dd9970a277e9bfee3a4167aa14 100644
GIT binary patch
delta 575
zcmYjO&ubG=5T4nMY22jE(pD5}lD7>xg>Guo#zsVqCT*mb(x3%zOWok=nuN`!5F}*r
zBKQm8A$aj39t01TJ`fK=3*J1owFFwkKcIqw7omca7{NDu%zX0=Gw;pwJoG$V+x1I7
zQFQz}=r=2-W7uLna7)H*9tp+qJ<o;SAn<RY(m?sxH2^4y`N1tjiJuIAlmQ0#ez=7)
zzph^OkqY9i`UQzU8NU0MA063MaG8INoNDVVZ<dXQ?XtS*vQ^7qh02Q4thrT3U&znt
zi%WCNs<1*Sw|GUbIn|o!xRzOGWy?18d4N=k_0Oe-WxEqpd!yg5QK!1%9b=_b%uUT?
zm{n%(O~YmVE=^|DS)fwwP1gBgWDk?P6HUsQ$qRfeHZl6IanJW}DT=Wz2}@#ZynrbM
zS`Y#xyFDBRiC)^}64~K@+y_3`FOV)a;_sB80w4`_w*uqhseT+W!C$8yVnR$$wxn>L
z^1nfW5%L;b=9^O+M*@-x8n2}z!LFk9lqLQk?F^|D1C3Y7XwAy>JzURxm+%AsF&o!B
z%F#4<L<ka|6GDVngh9d@pUEZ@U1h;srM)d1wha&^PJamLGXNLK!)aeT${%NAfrGtg
gpI)B*j9l}L^3B;3qLXDZz7W68wGj_Q^Zb4M1DZ0CjQ{`u

delta 458
zcmZo@U~Fh$+;EMJ={dvZ8*En?*<AfxgB*P}Z{o;eW^|k^%cIN~HrbJ9H6!EXw>-h@
zS42V?7#M;!yYpUR1PV#<AD;Y>zlM=%a-2Zu=IsLa7=g@bLe-l^g|BfjN=<$vD>J!Y
z?lz;t<ZO9u2_pjqWZ;sTmROooVy``Uro8UvTk@Bf7=t#iRdQvF=Vqv7-~rmhz%YfI
zA54Szj6j$pgy1tVFfsf?;xjWaqo`+LU}3oHicrtWz`zJLZ?mGxHZEznB@jW7HB5Y9
z%M>?1(i3N7WSIO*znhU^bDKde6TcHs<}U*mgD{X*WN?`*WW1jn#8&|G11JA8F5*)K
zIsj+~gDMa*GjFalX=0qb!K7r9*#{=ZBa=T`C@XdV<+*@(3J`Mx@d6+Qd2|gB^8)dX
z$)=XtlU*!j1VJVln=vpr0BHu*=ksJIw_3_`FmxSNXWo07aq|{S7iLDy%|C7G85zH9
JuC!}s1OQnkWOM)k


From 4ccc558ec941c4d7770207f6f9f62187628db59c Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 14 Jul 2019 23:24:43 -0400
Subject: [PATCH 580/812] New JUnit tests for
 org.owasp.esapi.crypto.KeyDerivationFunction class.

---
 .../crypto/KeyDerivationFunctionTest.java     | 209 ++++++++++++++++++
 1 file changed, 209 insertions(+)
 create mode 100644 src/test/java/org/owasp/esapi/crypto/KeyDerivationFunctionTest.java

diff --git a/src/test/java/org/owasp/esapi/crypto/KeyDerivationFunctionTest.java b/src/test/java/org/owasp/esapi/crypto/KeyDerivationFunctionTest.java
new file mode 100644
index 000000000..3fdf7c8f4
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/crypto/KeyDerivationFunctionTest.java
@@ -0,0 +1,209 @@
+package org.owasp.esapi.crypto;
+
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
+import java.security.NoSuchAlgorithmException;
+import java.security.InvalidKeyException;
+
+import static org.junit.Assert.*;
+import org.junit.BeforeClass;
+import org.junit.Before;
+import org.junit.Test;
+
+import junit.framework.JUnit4TestAdapter;
+
+import org.owasp.esapi.crypto.KeyDerivationFunction;
+import org.owasp.esapi.crypto.CryptoHelper;
+import org.owasp.esapi.errors.EncryptionException;
+
+public class KeyDerivationFunctionTest {
+
+    private static SecretKey desKey;
+    private static SecretKey tdes2key;
+    private static SecretKey tdes3key;
+    private static SecretKey aes128key;
+    private static SecretKey aes192key;
+    private static SecretKey aes256key;
+    private static SecretKey shortKey;
+
+    private KeyDerivationFunction kdfSha1;
+    private KeyDerivationFunction kdfSha256;
+
+    @BeforeClass
+    public static void setupStatic() {
+        try {
+            desKey    = CryptoHelper.generateSecretKey("DES", 56);
+            tdes2key  = CryptoHelper.generateSecretKey("DESede", 112);
+            tdes3key  = CryptoHelper.generateSecretKey("DESede", 168);
+            aes128key = CryptoHelper.generateSecretKey("AES", 128);
+            aes128key = CryptoHelper.generateSecretKey("AES", 128);
+            aes192key = CryptoHelper.generateSecretKey("AES", 192);
+            aes256key = CryptoHelper.generateSecretKey("AES", 256);
+
+            shortKey  = new SecretKeySpec(desKey.getEncoded(), 0, 5, "Blowfish");   // 40-bits. Blowfish has var key size
+        } catch (EncryptionException e) {
+            fail("Caught unexpected EncryptionException while generating keys; msg was "
+                    + e.getMessage());
+        }
+    }
+
+    @Before
+    public void setup() {
+        kdfSha1     = new KeyDerivationFunction( KeyDerivationFunction.PRF_ALGORITHMS.HmacSHA1 );
+        kdfSha256   = new KeyDerivationFunction( KeyDerivationFunction.PRF_ALGORITHMS.HmacSHA256 );
+    }
+
+    @Test(expected = EncryptionException.class)
+    public void testKeyTooShort() throws EncryptionException {
+        // System.out.println("testKeyTooShort");
+        try {
+            SecretKey key = kdfSha1.computeDerivedKey( shortKey, 128, "encryption" );
+            fail("testKeyTooShort: Expected IllegalArgumentException to be thrown.");
+        } catch ( NoSuchAlgorithmException | InvalidKeyException e ) {
+            fail("Caught unexpected exception " + e.getClass().getName() + ": exception msg: " + e);
+        }
+    }
+
+    @Test(expected = IllegalArgumentException.class)
+    public void testKeySizeTooShort() {
+        // System.out.println("testKeySizeTooShort");
+        try {
+            SecretKey key = kdfSha1.computeDerivedKey( aes128key, 40, "encryption" );   // Min size is 56 bits
+            fail("testKeySizeTooShort: Expected IllegalArgumentException to be thrown.");
+        } catch ( NoSuchAlgorithmException | InvalidKeyException | EncryptionException e ) {
+            fail("Caught unexpected exception " + e.getClass().getName() + ": exception msg: " + e);
+        }
+    }
+
+    @Test(expected = IllegalArgumentException.class)
+    public void testNullKey() {
+        // System.out.println("testNullKey");
+        try {
+            SecretKey key = kdfSha1.computeDerivedKey( null, 56, "encryption" );        // Null key disallowed
+            assertTrue(key == null); // Not reached!
+        } catch ( NoSuchAlgorithmException | InvalidKeyException | EncryptionException e ) {
+            fail("Caught unexpected exception " + e.getClass().getName() + ": exception msg: " + e);
+        }
+    }
+
+    @Test(expected = IllegalArgumentException.class)
+    public void testKeySizeNotEvenNumberOfBytes() {
+        // System.out.println("testKeySizeNotEvenNumberOfBytes");
+        try {
+            SecretKey key = kdfSha1.computeDerivedKey( aes128key, 60, "encryption" );   // 60 % 8 == 4
+            assertTrue(key == null); // Not reached!
+        } catch ( NoSuchAlgorithmException | InvalidKeyException | EncryptionException e ) {
+            fail("Caught unexpected exception " + e.getClass().getName() + ": exception msg: " + e);
+        }
+    }
+
+    @Test(expected = IllegalArgumentException.class)
+    public void testPurposeNull() {
+        // System.out.println("testPurposeNull");
+        try {
+            SecretKey key = kdfSha1.computeDerivedKey( aes128key, 128, null );   // purpose is null
+            assertTrue(key == null); // Not reached!
+        } catch ( NoSuchAlgorithmException | InvalidKeyException | EncryptionException e ) {
+            fail("Caught unexpected exception " + e.getClass().getName() + ": exception msg: " + e);
+        }
+    }
+
+    @Test(expected = IllegalArgumentException.class)
+    public void testPurposeEmpty() {
+        // System.out.println("testPurposeEmpty");
+        try {
+            SecretKey key = kdfSha1.computeDerivedKey( aes128key, 128, "" );   // purpose is empty string
+            assertTrue(key == null); // Not reached!
+        } catch ( NoSuchAlgorithmException | InvalidKeyException | EncryptionException e ) {
+            fail("Caught unexpected exception " + e.getClass().getName() + ": exception msg: " + e);
+        }
+    }
+
+    @Test
+    public void testSunnyDay() {
+        // System.out.println("testSunnyDay");
+        try {
+            SecretKey key1 = kdfSha1.computeDerivedKey( aes128key, 128, "encryption" );
+            assertTrue(key1 != null);
+            assertTrue( key1.getEncoded().length == 128 / 8 );
+
+            SecretKey key2 = kdfSha1.computeDerivedKey( aes128key, 128, "authenticity" );
+            assertTrue(key2 != null);
+            assertTrue( key2.getEncoded().length == 128 / 8 );
+
+            SecretKey key1b = kdfSha1.computeDerivedKey( aes128key, 128, "encryption" );
+
+            assertTrue( java.security.MessageDigest.isEqual( key1.getEncoded(), key1b.getEncoded() ) );
+            assertFalse( java.security.MessageDigest.isEqual( key1.getEncoded(), key2.getEncoded() ) );
+        } catch ( NoSuchAlgorithmException | InvalidKeyException | EncryptionException e ) {
+            fail("Caught unexpected exception " + e.getClass().getName() + ": exception msg: " + e);
+        }
+    }
+
+    @Test
+    public void testSunnyDay2() {       // Two sunny day tests in a row!? This inevitably will fail if run in Columbus, OH.
+        // System.out.println("testSunnyDay2");
+        try {
+            SecretKey key1 = kdfSha256.computeDerivedKey( aes256key, 192, "Why am I here?" );
+            assertTrue(key1 != null);
+            assertTrue( key1.getEncoded().length == 192 / 8 );
+
+            // Be honest. You thought I was goint to say "42", didn't you?
+            SecretKey key2 = kdfSha256.computeDerivedKey( aes256key, 192, "No doubt, to annoy people." );
+            assertTrue(key2 != null);
+            assertTrue( key2.getEncoded().length == 192 / 8 );
+
+                // Should be different because different purpose given for each.
+            assertFalse( java.security.MessageDigest.isEqual( key1.getEncoded(), key2.getEncoded() ) );
+        } catch ( NoSuchAlgorithmException | InvalidKeyException | EncryptionException e ) {
+            fail("Caught unexpected exception " + e.getClass().getName() + ": exception msg: " + e);
+        }
+    }
+
+    @Test
+    public void testSetContext() {
+        // System.out.println("testSetContext");
+        try {
+            SecretKey key1 = kdfSha256.computeDerivedKey( aes128key, 128, "encryption" );
+            assertTrue(key1 != null);
+            assertTrue( key1.getEncoded().length == 128 / 8 );
+
+            SecretKey key2 = kdfSha1.computeDerivedKey( aes128key, 128, "encryption" );
+
+                // Should be false because one uses HmacSHA256 and the other uses HmacSHA1
+            assertFalse( java.security.MessageDigest.isEqual( key1.getEncoded(), key2.getEncoded() ) );
+
+            kdfSha256.setContext( "plugh xyzzy" );  // Change context. Originally it is empty string.
+            SecretKey key1b = kdfSha256.computeDerivedKey( aes128key, 128, "encryption" );
+            assertTrue(key1b != null);
+            assertTrue( key1b.getEncoded().length == 128 / 8 );
+
+                // Should be false because different contexts used.
+            assertFalse( java.security.MessageDigest.isEqual( key1.getEncoded(), key1b.getEncoded() ) );
+        } catch ( NoSuchAlgorithmException | InvalidKeyException | EncryptionException e ) {
+            fail("Caught unexpected exception " + e.getClass().getName() + ": exception msg: " + e);
+        }
+    }
+
+    @Test(expected = IllegalArgumentException.class)
+    public void testSetContextToNull() {
+        // System.out.println("testSetContextToNull");
+        try {
+            SecretKey key1 = kdfSha256.computeDerivedKey( aes128key, 128, "encryption" );
+            kdfSha256.setContext( null );   // Throws IllegalArgumentExeption
+
+            fail("testSetContextToNull: Expected IllegalArgumentException to be thrown.");
+        } catch ( NoSuchAlgorithmException | InvalidKeyException | EncryptionException e ) {
+            fail("Caught unexpected exception " + e.getClass().getName() + ": exception msg: " + e);
+        }
+    }
+
+    /**
+     * Run all the test cases in this suite. This is to allow running from
+     * {@code org.owasp.esapi.AllTests} which uses a JUnit 3 test runner.
+     */
+    public static junit.framework.Test suite() {
+        // System.out.println("In suite()");
+        return new JUnit4TestAdapter(KeyDerivationFunctionTest.class);
+    }
+}

From d86930362d703c790a18453882db1541c23f5c16 Mon Sep 17 00:00:00 2001
From: mzilu <michael.ziluck@kingland.com>
Date: Thu, 1 Aug 2019 20:06:53 -0500
Subject: [PATCH 581/812] Resolve #509 - Properly throw exception when HTML
 fails

---
 .../validation/HTMLValidationRule.java        | 37 +++++++++++--------
 1 file changed, 22 insertions(+), 15 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/validation/HTMLValidationRule.java b/src/main/java/org/owasp/esapi/reference/validation/HTMLValidationRule.java
index ef450f263..9d9f08065 100644
--- a/src/main/java/org/owasp/esapi/reference/validation/HTMLValidationRule.java
+++ b/src/main/java/org/owasp/esapi/reference/validation/HTMLValidationRule.java
@@ -1,15 +1,15 @@
 /**
  * OWASP Enterprise Security API (ESAPI)
- * 
+ *
  * This file is part of the Open Web Application Security Project (OWASP)
  * Enterprise Security API (ESAPI) project. For details, please see
  * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
  *
  * Copyright (c) 2007 - The OWASP Foundation
- * 
+ *
  * The ESAPI is published by OWASP under the BSD license. You should read and accept the
  * LICENSE before you use, modify, and/or redistribute this software.
- * 
+ *
  * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
  * @created 2007
  */
@@ -35,18 +35,18 @@
 /**
  * A validator performs syntax and possibly semantic validation of a single
  * piece of data from an untrusted source.
- * 
+ *
  * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
  *         href="http://www.aspectsecurity.com">Aspect Security</a>
  * @since June 1, 2007
  * @see org.owasp.esapi.Validator
  */
 public class HTMLValidationRule extends StringValidationRule {
-	
+
 	/** OWASP AntiSamy markup verification policy */
 	private static Policy antiSamyPolicy = null;
-	private static final Logger LOGGER = ESAPI.getLogger( "HTMLValidationRule" ); 
-	
+	private static final Logger LOGGER = ESAPI.getLogger( "HTMLValidationRule" );
+
 	static {
         InputStream resourceStream = null;
 		try {
@@ -66,7 +66,7 @@ public class HTMLValidationRule extends StringValidationRule {
 	public HTMLValidationRule( String typeName ) {
 		super( typeName );
 	}
-	
+
 	public HTMLValidationRule( String typeName, Encoder encoder ) {
 		super( typeName, encoder );
 	}
@@ -74,7 +74,7 @@ public HTMLValidationRule( String typeName, Encoder encoder ) {
 	public HTMLValidationRule( String typeName, Encoder encoder, String whitelistPattern ) {
 		super( typeName, encoder, whitelistPattern );
 	}
-	
+
     /**
      * {@inheritDoc}
      */
@@ -82,7 +82,7 @@ public HTMLValidationRule( String typeName, Encoder encoder, String whitelistPat
 	public String getValid( String context, String input ) throws ValidationException {
 		return invokeAntiSamy( context, input );
 	}
-		
+
     /**
      * {@inheritDoc}
      */
@@ -105,20 +105,27 @@ private String invokeAntiSamy( String context, String input ) throws ValidationE
 			}
 			throw new ValidationException( context + " is required", "AntiSamy validation error: context=" + context + ", input=" + input, context );
 	    }
-	    
+
 		String canonical = super.getValid( context, input );
 
 		try {
 			AntiSamy as = new AntiSamy();
 			CleanResults test = as.scan(canonical, antiSamyPolicy);
-			
+
 			List<String> errors = test.getErrorMessages();
 			if ( !errors.isEmpty() ) {
-				LOGGER.info( Logger.SECURITY_FAILURE, "Cleaned up invalid HTML input: " + errors );
+				StringBuilder sb = new StringBuilder();
+				for ( int i = 0; i < errors.size(); i++ ) {
+					sb.append(errors.get(i));
+					if ( i != errors.size() - 1 ) {
+						sb.append(",");
+					}
+				}
+				throw new ValidationException( context + ": Invalid HTML input", "Invalid HTML input does not follow rules in antisamy-esapi.xml: context=" + context + " errors=" + sb.toString());
 			}
-			
+
 			return test.getCleanHTML().trim();
-			
+
 		} catch (ScanException e) {
 			throw new ValidationException( context + ": Invalid HTML input", "Invalid HTML input: context=" + context + " error=" + e.getMessage(), e, context );
 		} catch (PolicyException e) {

From f9564e9ab40c40b880dd1ad6abffefb3210cbe9d Mon Sep 17 00:00:00 2001
From: Michael Ziluck <ziluckm@iastate.edu>
Date: Fri, 2 Aug 2019 11:24:06 +0000
Subject: [PATCH 582/812] Resolves #226 - Corrected docs for the  bounded,
 numeric, random methods (#508)

Added the documentation for the method referenced in #226
Also added documentation for getRandomReal(float,float) so it is not left ambiguous
---
 src/main/java/org/owasp/esapi/Randomizer.java | 108 +++++++++---------
 1 file changed, 54 insertions(+), 54 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/Randomizer.java b/src/main/java/org/owasp/esapi/Randomizer.java
index ae144b04f..e1a0b811f 100644
--- a/src/main/java/org/owasp/esapi/Randomizer.java
+++ b/src/main/java/org/owasp/esapi/Randomizer.java
@@ -1,15 +1,15 @@
 /**
  * OWASP Enterprise Security API (ESAPI)
- * 
+ *
  * This file is part of the Open Web Application Security Project (OWASP)
  * Enterprise Security API (ESAPI) project. For details, please see
  * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
  *
  * Copyright (c) 2007 - The OWASP Foundation
- * 
+ *
  * The ESAPI is published by OWASP under the BSD license. You should read and accept the
  * LICENSE before you use, modify, and/or redistribute this software.
- * 
+ *
  * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
  * @created 2007
  */
@@ -32,91 +32,91 @@ public interface Randomizer {
 
 	/**
 	 * Gets a random string of a desired length and character set.  The use of java.security.SecureRandom
-	 * is recommended because it provides a cryptographically strong pseudo-random number generator. 
-	 * If SecureRandom is not used, the pseudo-random number generator used should comply with the 
+	 * is recommended because it provides a cryptographically strong pseudo-random number generator.
+	 * If SecureRandom is not used, the pseudo-random number generator used should comply with the
 	 * statistical random number generator tests specified in <a href="http://csrc.nist.gov/cryptval/140-2.htm">
 	 * FIPS 140-2, Security Requirements for Cryptographic Modules</a>, section 4.9.1.
-	 * 
-	 * @param length 
+	 *
+	 * @param length
 	 * 		the length of the string
-	 * @param characterSet 
+	 * @param characterSet
 	 * 		the set of characters to include in the created random string
-	 * 
-	 * @return 
+	 *
+	 * @return
 	 * 		the random string of the desired length and character set
 	 */
 	String getRandomString(int length, char[] characterSet);
 
 	/**
 	 * Returns a random boolean.  The use of java.security.SecureRandom
-	 * is recommended because it provides a cryptographically strong pseudo-random number generator. 
-	 * If SecureRandom is not used, the pseudo-random number generator used should comply with the 
+	 * is recommended because it provides a cryptographically strong pseudo-random number generator.
+	 * If SecureRandom is not used, the pseudo-random number generator used should comply with the
 	 * statistical random number generator tests specified in <a href="http://csrc.nist.gov/cryptval/140-2.htm">
 	 * FIPS 140-2, Security Requirements for Cryptographic Modules</a>, section 4.9.1.
-	 * 
-	 * @return 
+	 *
+	 * @return
 	 * 		true or false, randomly
 	 */
 	boolean getRandomBoolean();
-	
+
 	/**
-	 * Gets the random integer. The use of java.security.SecureRandom
-	 * is recommended because it provides a cryptographically strong pseudo-random number generator. 
-	 * If SecureRandom is not used, the pseudo-random number generator used should comply with the 
+	 * Gets the random integer in the range of [min, max). The use of java.security.SecureRandom
+	 * is recommended because it provides a cryptographically strong pseudo-random number generator.
+	 * If SecureRandom is not used, the pseudo-random number generator used should comply with the
 	 * statistical random number generator tests specified in <a href="http://csrc.nist.gov/cryptval/140-2.htm">
 	 * FIPS 140-2, Security Requirements for Cryptographic Modules</a>, section 4.9.1.
-	 * 
-	 * @param min 
-	 * 		the minimum integer that will be returned
-	 * @param max 
-	 * 		the maximum integer that will be returned
-	 * 
-	 * @return 
+	 *
+	 * @param min
+	 * 		the minimum integer that will be returned, inclusive
+	 * @param max
+	 * 		the maximum integer that will be returned, exclusive
+	 *
+	 * @return
 	 * 		the random integer
 	 */
 	int getRandomInteger(int min, int max);
 
-	
+
 	/**
 	 * Gets the random long. The use of java.security.SecureRandom
-	 * is recommended because it provides a cryptographically strong pseudo-random number generator. 
-	 * If SecureRandom is not used, the pseudo-random number generator used should comply with the 
+	 * is recommended because it provides a cryptographically strong pseudo-random number generator.
+	 * If SecureRandom is not used, the pseudo-random number generator used should comply with the
 	 * statistical random number generator tests specified in <a href="http://csrc.nist.gov/cryptval/140-2.htm">
 	 * FIPS 140-2, Security Requirements for Cryptographic Modules</a>, section 4.9.1.
-	 * 
-	 * @return 
+	 *
+	 * @return
 	 * 		the random long
 	 */
     long getRandomLong();
-	
-	
+
+
     /**
      * Returns an unguessable random filename with the specified extension.  This method could call
      * getRandomString(length, charset) from this Class with the desired length and alphanumerics as the charset 
      * then merely append "." + extension.
-     * 
-     * @param extension 
+     *
+     * @param extension
      * 		extension to add to the random filename
-     * 
-     * @return 
+     *
+     * @return
      * 		a random unguessable filename ending with the specified extension
      */
     String getRandomFilename( String extension );
-    
-    
+
+
 	/**
-	 * Gets the random real.  The use of java.security.SecureRandom
-	 * is recommended because it provides a cryptographically strong pseudo-random number generator. 
-	 * If SecureRandom is not used, the pseudo-random number generator used should comply with the 
+	 * Gets the random real in the range of [min, max].  The use of java.security.SecureRandom
+	 * is recommended because it provides a cryptographically strong pseudo-random number generator.
+	 * If SecureRandom is not used, the pseudo-random number generator used should comply with the
 	 * statistical random number generator tests specified in <a href="http://csrc.nist.gov/cryptval/140-2.htm">
 	 * FIPS 140-2, Security Requirements for Cryptographic Modules</a>, section 4.9.1.
-	 * 
-	 * @param min 
-	 * 		the minimum real number that will be returned
-	 * @param max 
-	 * 		the maximum real number that will be returned
-	 * 
-	 * @return 
+	 *
+	 * @param min
+	 * 		the minimum real number that will be returned, inclusive
+	 * @param max
+	 * 		the maximum real number that will be returned, inclusive
+	 *
+	 * @return
 	 * 		the random real
 	 */
 	float getRandomReal(float min, float max);
@@ -129,19 +129,19 @@ public interface Randomizer {
      * For more information including algorithms used to create <tt>UUID</tt>s,
      * see the Internet-Draft <a href="http://www.ietf.org/internet-drafts/draft-mealling-uuid-urn-03.txt">UUIDs and GUIDs</a>
      * or the standards body definition at <a href="http://www.iso.ch/cate/d2229.html">ISO/IEC 11578:1996</a>.
-     * @return 
+     * @return
      * 		the GUID
-     * 
-     * @throws 
-     * 		EncryptionException if hashing or encryption fails 
+     *
+     * @throws
+     * 		EncryptionException if hashing or encryption fails
      */
     String getRandomGUID() throws EncryptionException;
-           
+
     /**
      * Generates a specified number of random bytes.
      * @param n	The requested number of random bytes.
      * @return The {@code n} random bytes are returned.
      */
     byte[] getRandomBytes(int n);
-           
+
 }

From 135950c75470faf0143cef6017f049cc1432e1b6 Mon Sep 17 00:00:00 2001
From: mzilu <michael.ziluck@kingland.com>
Date: Fri, 2 Aug 2019 08:33:38 -0500
Subject: [PATCH 583/812] Use existing toString method rather than a
 StringBuilder

Lists will compile its contents when toString() is called against it, making the StringBuilder and iteration unnecessary. This change was made as a result of the review from GitHub PR #510
---
 .../esapi/reference/validation/HTMLValidationRule.java   | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/validation/HTMLValidationRule.java b/src/main/java/org/owasp/esapi/reference/validation/HTMLValidationRule.java
index 9d9f08065..f0196fc04 100644
--- a/src/main/java/org/owasp/esapi/reference/validation/HTMLValidationRule.java
+++ b/src/main/java/org/owasp/esapi/reference/validation/HTMLValidationRule.java
@@ -114,14 +114,7 @@ private String invokeAntiSamy( String context, String input ) throws ValidationE
 
 			List<String> errors = test.getErrorMessages();
 			if ( !errors.isEmpty() ) {
-				StringBuilder sb = new StringBuilder();
-				for ( int i = 0; i < errors.size(); i++ ) {
-					sb.append(errors.get(i));
-					if ( i != errors.size() - 1 ) {
-						sb.append(",");
-					}
-				}
-				throw new ValidationException( context + ": Invalid HTML input", "Invalid HTML input does not follow rules in antisamy-esapi.xml: context=" + context + " errors=" + sb.toString());
+				throw new ValidationException( context + ": Invalid HTML input", "Invalid HTML input does not follow rules in antisamy-esapi.xml: context=" + context + " errors=" + errors.toString());
 			}
 
 			return test.getCleanHTML().trim();

From b76f726ecfb001793e7bff3724a7cd8c93f633ed Mon Sep 17 00:00:00 2001
From: "Kevin W. Wall" <kevin.w.wall@gmail.com>
Date: Wed, 14 Aug 2019 22:49:08 -0400
Subject: [PATCH 584/812] Update README.md to fix mailing list subscription
 links.

Thanks and hat tip to Marc Anderson for noticing this. They were correct in the pom.xml, but broken here.
---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 5371fccca..e8780a7a9 100644
--- a/README.md
+++ b/README.md
@@ -68,7 +68,7 @@ Webchat http://webchat.freenode.net/
 *Mailing lists:*
 As of 2019-03-25, ESAPI's 2 mailing lists were officially moved OFF of their Mailman mailing lists to a new home on Google Groups.
 
-The names of the 2 Google Groups are "[esapi-project-users](mailto:esapi-project-users@owasp.org)" and "[esapi-project-dev](mailto:esapi-project-dev@owasp.org)", which you may POST to after you subscribe to them via "[Subscribe to ESAPI Users list](https://groups.google.com/forum/#!forum/esapi-project-users/join)" and "[Subscribe to ESAPI Developers list](https://groups.google.com/forum/#!forum/esapi-project-dev/join)" respectively.
+The names of the 2 Google Groups are "[esapi-project-users](mailto:esapi-project-users@owasp.org)" and "[esapi-project-dev](mailto:esapi-project-dev@owasp.org)", which you may POST to _after_ you subscribe to them via "[Subscribe to ESAPI Users list](https://groups.google.com/a/owasp.org/forum/#!forum/esapi-project-dev/join)" and "[Subscribe to ESAPI Developers list](https://groups.google.com/a/owasp.org/forum/#!forum/esapi-project-users/join)" respectively.
 
 Old archives for the old Mailman mailing lists for ESAPI-Users and ESAPI-Dev are still available at https://lists.owasp.org/pipermail/esapi-users/ and https://lists.owasp.org/pipermail/esapi-dev/ respectively.
 

From 694c97bcc1152b3aa2eaef5c130c05085ab0c7e9 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 26 Aug 2019 22:30:59 -0400
Subject: [PATCH 585/812] Close issue #512 by updating to 1.9.4 of Commons
 Beans Util.

---
 pom.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index ab3973fde..eeabf7401 100644
--- a/pom.xml
+++ b/pom.xml
@@ -171,8 +171,8 @@
         <dependency>
             <groupId>commons-beanutils</groupId>
             <artifactId>commons-beanutils</artifactId>
-            <!-- We need to use 1.9.2 (or later) here to address CVE-2014-0114. -->
-            <version>1.9.3</version>
+            <!-- We need to use 1.9.4 (or later) here to address CVE-2014-0114 and CVE-2019-10086. -->
+            <version>1.9.4</version>
             <!-- NOTE: commons-beanutils uses commons-collections 3.2.2. We use
                  commons-collections 4.2. Package names are different so this shouldn't
                  cause any problems as long as 3.x doesn't have any CVEs. May have to

From 766ecc7e8d711314390be74c8d0894af5c4e6dde Mon Sep 17 00:00:00 2001
From: jeremiahjstacey <jeremiah.j.stacey@gmail.com>
Date: Wed, 18 Sep 2019 21:54:46 -0500
Subject: [PATCH 586/812] Issue #511 Copying Docs from DefValidator (#518)

DefaultValidator has method documentation, so I'm just copying the
contents verbatim to the interface.

Quick win.
---
 src/main/java/org/owasp/esapi/Validator.java | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/main/java/org/owasp/esapi/Validator.java b/src/main/java/org/owasp/esapi/Validator.java
index 0118995bb..e4ae1a670 100644
--- a/src/main/java/org/owasp/esapi/Validator.java
+++ b/src/main/java/org/owasp/esapi/Validator.java
@@ -48,8 +48,14 @@
  */
 public interface Validator {
 
+	/**
+	 * Add a validation rule to the registry using the "type name" of the rule as the key.
+	 */
 	void addRule( ValidationRule rule );
 
+	/**
+	 * Get a validation rule from the registry with the "type name" of the rule as the key.
+	 */
 	ValidationRule getRule( String name );
 
 	/**

From e50ff9884a54eaf665724812e03438b51d222ab2 Mon Sep 17 00:00:00 2001
From: jeremiahjstacey <jeremiah.j.stacey@gmail.com>
Date: Wed, 18 Sep 2019 21:57:56 -0500
Subject: [PATCH 587/812] Issue 515 (#516)

* Issue 515 Adding tests for getCookies

No class changes at this time. Implementing initial tests.

* Preventing Null Cookie Name Issue #515

Per kkwall's recommendation, the getValidInput allowNull flag has been
updated to false to invalidate cookies with null names.

Tests have been updated to account for functional change.
---
 .../esapi/filters/SecurityWrapperRequest.java |   2 +-
 .../filters/SecurityWrapperRequestTest.java   | 256 +++++++++++++++++-
 2 files changed, 245 insertions(+), 13 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/filters/SecurityWrapperRequest.java b/src/main/java/org/owasp/esapi/filters/SecurityWrapperRequest.java
index 095069918..910733d99 100644
--- a/src/main/java/org/owasp/esapi/filters/SecurityWrapperRequest.java
+++ b/src/main/java/org/owasp/esapi/filters/SecurityWrapperRequest.java
@@ -154,7 +154,7 @@ public Cookie[] getCookies() {
             // build a new clean cookie
             try {
                 // get data from original cookie
-                String name = ESAPI.validator().getValidInput("Cookie name: " + c.getName(), c.getName(), "HTTPCookieName", sc.getIntProp("HttpUtilities.MaxHeaderNameSize"), true);
+                String name = ESAPI.validator().getValidInput("Cookie name: " + c.getName(), c.getName(), "HTTPCookieName", sc.getIntProp("HttpUtilities.MaxHeaderNameSize"), false);
                 String value = ESAPI.validator().getValidInput("Cookie value: " + c.getValue(), c.getValue(), "HTTPCookieValue", sc.getIntProp("HttpUtilities.MaxHeaderValueSize"), true);
                 int maxAge = c.getMaxAge();
                 String domain = c.getDomain();
diff --git a/src/test/java/org/owasp/esapi/filters/SecurityWrapperRequestTest.java b/src/test/java/org/owasp/esapi/filters/SecurityWrapperRequestTest.java
index 3a77e4c89..dddad6d3b 100644
--- a/src/test/java/org/owasp/esapi/filters/SecurityWrapperRequestTest.java
+++ b/src/test/java/org/owasp/esapi/filters/SecurityWrapperRequestTest.java
@@ -14,20 +14,18 @@
 
 package org.owasp.esapi.filters;
 
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.SecurityConfiguration;
-import org.owasp.esapi.Validator;
-import org.owasp.esapi.errors.ValidationException;
-// A hack for now; eventually, I plan to move this into a new org.owasp.esapi.PropNames class. -kww
-import static org.owasp.esapi.reference.DefaultSecurityConfiguration.DISABLE_INTRUSION_DETECTION;
-
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotEquals;
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertTrue;
-import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.ArgumentMatchers.anyInt;
+import static org.mockito.ArgumentMatchers.*;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
+// A hack for now; eventually, I plan to move this into a new org.owasp.esapi.PropNames class. -kww
+import static org.owasp.esapi.reference.DefaultSecurityConfiguration.DISABLE_INTRUSION_DETECTION;
 
+import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 
 import org.junit.Before;
@@ -41,6 +39,12 @@
 import org.mockito.Mockito;
 import org.mockito.invocation.InvocationOnMock;
 import org.mockito.stubbing.Answer;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.Logger.EventType;
+import org.owasp.esapi.SecurityConfiguration;
+import org.owasp.esapi.Validator;
+import org.owasp.esapi.errors.ValidationException;
 import org.powermock.api.mockito.PowerMockito;
 import org.powermock.core.classloader.annotations.PrepareForTest;
 import org.powermock.modules.junit4.PowerMockRunner;
@@ -57,15 +61,22 @@
 @RunWith(PowerMockRunner.class)
 @PrepareForTest(ESAPI.class)
 public class SecurityWrapperRequestTest {
-    private static final String ESAPI_VALIDATOR_GETTER_METHOD_NAME = "validator";
+	private static final String ESAPI_VALIDATOR_GETTER_METHOD_NAME = "validator";
+	private static final String ESAPI_GET_LOGGER_METHOD_NAME = "getLogger";
     private static final String ESAPY_SECURITY_CONFIGURATION_GETTER_METHOD_NAME = "securityConfiguration";
     private static final String SECURITY_CONFIGURATION_QUERY_STRING_LENGTH_KEY_NAME = "HttpUtilities.URILENGTH";
     private static final String SECURITY_CONFIGURATION_PARAMETER_STRING_LENGTH_KEY_NAME = "HttpUtilities.httpQueryParamValueLength";
+    private static final String SECURITY_CONFIGURATION_HEADER_NAME_LENGTH_KEY_NAME = "HttpUtilities.MaxHeaderNameSize";
+    private static final String SECURITY_CONFIGURATION_HEADER_VALUE_LENGTH_KEY_NAME = "HttpUtilities.MaxHeaderValueSize";
     
     private static final int SECURITY_CONFIGURATION_TEST_LENGTH = 255;
 
     private static final String QUERY_STRING_CANONCALIZE_TYPE_KEY = "HTTPQueryString";
     private static final String PARAMETER_STRING_CANONCALIZE_TYPE_KEY = "HTTPParameterValue";
+    private static final String COOKIE_NAME_TYPE_KEY = "HTTPCookieName";
+    private static final String COOKIE_VALUE_TYPE_KEY = "HTTPCookieValue";
+    private static final String COOKIE_DOMAIN_TYPE_KEY = "HTTPHeaderValue";
+    private static final String COOKIE_PATH_TYPE_KEY = "HTTPHeaderValue";
   
     @Rule
     public TestName testName = new TestName();
@@ -76,6 +87,8 @@ public class SecurityWrapperRequestTest {
     private Validator mockValidator;
     @Mock
     private SecurityConfiguration mockSecConfig;
+    @Mock
+    private Logger mockLogger;
     
     private String testQueryValue;
     private String testParameterName;
@@ -88,6 +101,7 @@ public class SecurityWrapperRequestTest {
     public void setup() throws Exception {
         PowerMockito.mockStatic(ESAPI.class);
         PowerMockito.when(ESAPI.class, ESAPI_VALIDATOR_GETTER_METHOD_NAME).thenReturn(mockValidator);
+        PowerMockito.when(ESAPI.class, ESAPI_GET_LOGGER_METHOD_NAME, "SecurityWrapperRequest").thenReturn(mockLogger);
         PowerMockito.when(ESAPI.class, ESAPY_SECURITY_CONFIGURATION_GETTER_METHOD_NAME).thenReturn(mockSecConfig);
         //Is intrusion detection disabled?  A:  Yes, it is off.  
         //This logic is confusing:  True, the value is False...
@@ -368,6 +382,224 @@ public void testGetParameterStringBooleanIntStringNullOnException() throws Excep
        
         verify(mockRequest, times(1)).getParameter(testParameterName);
     }
+    
+    @Test
+    public void testGetCookie() throws Exception {
+    	PowerMockito.when(mockSecConfig.getIntProp(SECURITY_CONFIGURATION_HEADER_NAME_LENGTH_KEY_NAME)).thenReturn(
+    			SECURITY_CONFIGURATION_TEST_LENGTH);
+    	PowerMockito.when(mockSecConfig.getIntProp(SECURITY_CONFIGURATION_HEADER_VALUE_LENGTH_KEY_NAME)).thenReturn(
+    			SECURITY_CONFIGURATION_TEST_LENGTH);
+
+    	Cookie ck1 = new Cookie(testName.getMethodName(), testName.getMethodName()+ "-VALUE");
+    	ck1.setMaxAge(999);
+    	ck1.setDomain(testName.getMethodName() + "-DOMAIN");
+    	ck1.setPath(testName.getMethodName() + "-URI");
+
+    	Cookie[] stubCookies = new Cookie[] {ck1};
+    	PowerMockito.when(mockRequest.getCookies()).thenReturn(stubCookies);
+
+    	PowerMockito.when(mockValidator.getValidInput(anyString(), eq(ck1.getName()), eq(COOKIE_NAME_TYPE_KEY), eq(SECURITY_CONFIGURATION_TEST_LENGTH), eq(false))).thenReturn(ck1.getName());
+    	PowerMockito.when(mockValidator.getValidInput(anyString(), eq(ck1.getValue()),eq(COOKIE_VALUE_TYPE_KEY), eq(SECURITY_CONFIGURATION_TEST_LENGTH), eq(true))).thenReturn(ck1.getValue());
+    	PowerMockito.when(mockValidator.getValidInput(anyString(), eq(ck1.getDomain()),eq(COOKIE_DOMAIN_TYPE_KEY), eq(SECURITY_CONFIGURATION_TEST_LENGTH), eq(false))).thenReturn(ck1.getDomain());
+    	PowerMockito.when(mockValidator.getValidInput(anyString(), eq(ck1.getPath()), eq(COOKIE_PATH_TYPE_KEY), eq(SECURITY_CONFIGURATION_TEST_LENGTH), eq(false))).thenReturn(ck1.getPath());
+
+    	SecurityWrapperRequest request = new SecurityWrapperRequest(mockRequest);
+    	Cookie[] cookies = request.getCookies();
+    	assertNotEquals(stubCookies, cookies);
+    	assertEquals(1, cookies.length);
+    	Cookie resultCookie = cookies[0];
+    	assertNotEquals(ck1, resultCookie);
+    	assertEquals(ck1.getName(), resultCookie.getName());
+    	assertEquals(ck1.getValue(), resultCookie.getValue());
+    	assertEquals(ck1.getDomain(), resultCookie.getDomain());
+    	assertEquals(ck1.getPath(), resultCookie.getPath());
+    	assertEquals(ck1.getMaxAge(), resultCookie.getMaxAge());
+
+    	Mockito.verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(ck1.getName()), ArgumentMatchers.eq(COOKIE_NAME_TYPE_KEY), ArgumentMatchers.eq(SECURITY_CONFIGURATION_TEST_LENGTH), ArgumentMatchers.eq(false));
+    	Mockito.verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(ck1.getValue()), ArgumentMatchers.eq(COOKIE_VALUE_TYPE_KEY), ArgumentMatchers.eq(SECURITY_CONFIGURATION_TEST_LENGTH), ArgumentMatchers.eq(true));
+    	Mockito.verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(ck1.getDomain()), ArgumentMatchers.eq(COOKIE_DOMAIN_TYPE_KEY), ArgumentMatchers.eq(SECURITY_CONFIGURATION_TEST_LENGTH), ArgumentMatchers.eq(false));
+    	Mockito.verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(ck1.getPath()), ArgumentMatchers.eq(COOKIE_PATH_TYPE_KEY), ArgumentMatchers.eq(SECURITY_CONFIGURATION_TEST_LENGTH), ArgumentMatchers.eq(false));
+    }
+    
+    @Test
+    public void testGetCookieNullDomainPath() throws Exception {
+    	PowerMockito.when(mockSecConfig.getIntProp(SECURITY_CONFIGURATION_HEADER_NAME_LENGTH_KEY_NAME)).thenReturn(
+    			SECURITY_CONFIGURATION_TEST_LENGTH);
+    	PowerMockito.when(mockSecConfig.getIntProp(SECURITY_CONFIGURATION_HEADER_VALUE_LENGTH_KEY_NAME)).thenReturn(
+    			SECURITY_CONFIGURATION_TEST_LENGTH);
+
+    	Cookie ck1 = new Cookie(testName.getMethodName(), testName.getMethodName()+ "-VALUE");
+    	ck1.setMaxAge(999);
+    	//Domain and Path are left null
+
+    	Cookie[] stubCookies = new Cookie[] {ck1};
+    	PowerMockito.when(mockRequest.getCookies()).thenReturn(stubCookies);
+
+    	PowerMockito.when(mockValidator.getValidInput(anyString(), eq(ck1.getName()), eq(COOKIE_NAME_TYPE_KEY), eq(SECURITY_CONFIGURATION_TEST_LENGTH), eq(false))).thenReturn(ck1.getName());
+    	PowerMockito.when(mockValidator.getValidInput(anyString(), eq(ck1.getValue()),eq(COOKIE_VALUE_TYPE_KEY), eq(SECURITY_CONFIGURATION_TEST_LENGTH), eq(true))).thenReturn(ck1.getValue());
+
+    	SecurityWrapperRequest request = new SecurityWrapperRequest(mockRequest);
+    	Cookie[] cookies = request.getCookies();
+    	assertNotEquals(stubCookies, cookies);
+    	assertEquals(1, cookies.length);
+    	Cookie resultCookie1 = cookies[0];
+    	
+    	assertNotEquals(ck1, resultCookie1);
+    	assertEquals(ck1.getName(), resultCookie1.getName());
+    	assertEquals(ck1.getValue(), resultCookie1.getValue());
+    	assertEquals(ck1.getDomain(), resultCookie1.getDomain());
+    	assertEquals(ck1.getPath(), resultCookie1.getPath());
+    	assertEquals(ck1.getMaxAge(), resultCookie1.getMaxAge());
+
+    	Mockito.verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(ck1.getName()), ArgumentMatchers.eq(COOKIE_NAME_TYPE_KEY), ArgumentMatchers.eq(SECURITY_CONFIGURATION_TEST_LENGTH), ArgumentMatchers.eq(false));
+    	Mockito.verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(ck1.getValue()), ArgumentMatchers.eq(COOKIE_VALUE_TYPE_KEY), ArgumentMatchers.eq(SECURITY_CONFIGURATION_TEST_LENGTH), ArgumentMatchers.eq(true));
+    	Mockito.verify(mockValidator, times(0)).getValidInput(anyString(), ArgumentMatchers.eq(ck1.getDomain()), ArgumentMatchers.eq(COOKIE_DOMAIN_TYPE_KEY), ArgumentMatchers.eq(SECURITY_CONFIGURATION_TEST_LENGTH), ArgumentMatchers.eq(false));
+    	Mockito.verify(mockValidator, times(0)).getValidInput(anyString(), ArgumentMatchers.eq(ck1.getPath()), ArgumentMatchers.eq(COOKIE_PATH_TYPE_KEY), ArgumentMatchers.eq(SECURITY_CONFIGURATION_TEST_LENGTH), ArgumentMatchers.eq(false));
+    }
+    
+    @Test
+    public void testGetCookieNullRequestCookies() {
+    	          PowerMockito.when(mockRequest.getParameter(testParameterName)).thenReturn(testParameterValue);
+          PowerMockito.when(mockRequest.getCookies()).thenReturn(null);
+          SecurityWrapperRequest request = new SecurityWrapperRequest(mockRequest);
+          Cookie[] cookies = request.getCookies();
+          assertEquals(0, cookies.length);
+    }
+    
+    @Test
+    public void testGetCookieSkipOnBadName() throws Exception {
+    	PowerMockito.when(mockSecConfig.getIntProp(SECURITY_CONFIGURATION_HEADER_NAME_LENGTH_KEY_NAME)).thenReturn(
+    			SECURITY_CONFIGURATION_TEST_LENGTH);
+    	PowerMockito.when(mockSecConfig.getIntProp(SECURITY_CONFIGURATION_HEADER_VALUE_LENGTH_KEY_NAME)).thenReturn(
+    			SECURITY_CONFIGURATION_TEST_LENGTH);
+
+    	Answer<String> exceptionAnswer = new ValidatorTestContainer(mockValidator).throwException();
+    
+    	Cookie ck1 = new Cookie(testName.getMethodName(), testName.getMethodName()+ "-VALUE");
+    	ck1.setMaxAge(999);
+    	ck1.setDomain(testName.getMethodName() + "-DOMAIN");
+    	ck1.setPath(testName.getMethodName() + "-URI");
+
+    	Cookie[] stubCookies = new Cookie[] {ck1};
+    	PowerMockito.when(mockRequest.getCookies()).thenReturn(stubCookies);
+    	
+    	PowerMockito.when(mockValidator.getValidInput(anyString(), eq(ck1.getName()), eq(COOKIE_NAME_TYPE_KEY), eq(SECURITY_CONFIGURATION_TEST_LENGTH), eq(false))).thenAnswer(exceptionAnswer);
+
+    	SecurityWrapperRequest request = new SecurityWrapperRequest(mockRequest);
+    	Cookie[] cookies = request.getCookies();
+    	assertNotEquals(stubCookies, cookies);
+    	assertEquals(0, cookies.length);
+
+    	Mockito.verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(ck1.getName()), ArgumentMatchers.eq(COOKIE_NAME_TYPE_KEY), ArgumentMatchers.eq(SECURITY_CONFIGURATION_TEST_LENGTH), ArgumentMatchers.eq(false));
+    	Mockito.verify(mockValidator, times(0)).getValidInput(anyString(), ArgumentMatchers.eq(ck1.getValue()), ArgumentMatchers.eq(COOKIE_VALUE_TYPE_KEY), ArgumentMatchers.eq(SECURITY_CONFIGURATION_TEST_LENGTH), ArgumentMatchers.eq(true));
+    	Mockito.verify(mockValidator, times(0)).getValidInput(anyString(), ArgumentMatchers.eq(ck1.getDomain()), ArgumentMatchers.eq(COOKIE_DOMAIN_TYPE_KEY), ArgumentMatchers.eq(SECURITY_CONFIGURATION_TEST_LENGTH), ArgumentMatchers.eq(false));
+    	Mockito.verify(mockValidator, times(0)).getValidInput(anyString(), ArgumentMatchers.eq(ck1.getPath()), ArgumentMatchers.eq(COOKIE_PATH_TYPE_KEY), ArgumentMatchers.eq(SECURITY_CONFIGURATION_TEST_LENGTH), ArgumentMatchers.eq(false));
+    	
+    	//I would have liked to verify the logging occurred, but it's giving me trouble at this time.
+    }
+    
+    @Test
+    public void testGetCookieSkipOnBadValue() throws Exception {
+    	PowerMockito.when(mockSecConfig.getIntProp(SECURITY_CONFIGURATION_HEADER_NAME_LENGTH_KEY_NAME)).thenReturn(
+    			SECURITY_CONFIGURATION_TEST_LENGTH);
+    	PowerMockito.when(mockSecConfig.getIntProp(SECURITY_CONFIGURATION_HEADER_VALUE_LENGTH_KEY_NAME)).thenReturn(
+    			SECURITY_CONFIGURATION_TEST_LENGTH);
+
+    	Answer<String> exceptionAnswer = new ValidatorTestContainer(mockValidator).throwException();
+
+    	Cookie ck1 = new Cookie(testName.getMethodName(), testName.getMethodName()+ "-VALUE");
+    	ck1.setMaxAge(999);
+    	ck1.setDomain(testName.getMethodName() + "-DOMAIN");
+    	ck1.setPath(testName.getMethodName() + "-URI");
+
+    	Cookie[] stubCookies = new Cookie[] {ck1};
+    	PowerMockito.when(mockRequest.getCookies()).thenReturn(stubCookies);
+    	
+    	PowerMockito.when(mockValidator.getValidInput(anyString(), eq(ck1.getName()), eq(COOKIE_NAME_TYPE_KEY), eq(SECURITY_CONFIGURATION_TEST_LENGTH), eq(true))).thenReturn(ck1.getName());
+    	PowerMockito.when(mockValidator.getValidInput(anyString(), eq(ck1.getValue()),eq(COOKIE_VALUE_TYPE_KEY), eq(SECURITY_CONFIGURATION_TEST_LENGTH), eq(true))).thenAnswer(exceptionAnswer);
+
+    	SecurityWrapperRequest request = new SecurityWrapperRequest(mockRequest);
+    	Cookie[] cookies = request.getCookies();
+    	assertNotEquals(stubCookies, cookies);
+    	assertEquals(0, cookies.length);
+
+    	Mockito.verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(ck1.getName()), ArgumentMatchers.eq(COOKIE_NAME_TYPE_KEY), ArgumentMatchers.eq(SECURITY_CONFIGURATION_TEST_LENGTH), ArgumentMatchers.eq(false));
+    	Mockito.verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(ck1.getValue()), ArgumentMatchers.eq(COOKIE_VALUE_TYPE_KEY), ArgumentMatchers.eq(SECURITY_CONFIGURATION_TEST_LENGTH), ArgumentMatchers.eq(true));
+    	Mockito.verify(mockValidator, times(0)).getValidInput(anyString(), ArgumentMatchers.eq(ck1.getDomain()), ArgumentMatchers.eq(COOKIE_DOMAIN_TYPE_KEY), ArgumentMatchers.eq(SECURITY_CONFIGURATION_TEST_LENGTH), ArgumentMatchers.eq(false));
+    	Mockito.verify(mockValidator, times(0)).getValidInput(anyString(), ArgumentMatchers.eq(ck1.getPath()), ArgumentMatchers.eq(COOKIE_PATH_TYPE_KEY), ArgumentMatchers.eq(SECURITY_CONFIGURATION_TEST_LENGTH), ArgumentMatchers.eq(false));
+    	
+    	//I would have liked to verify the logging occurred, but it's giving me trouble at this time.
+    }
+
+    @Test
+    public void testGetCookieSkipOnBadDomain() throws Exception {
+    	PowerMockito.when(mockSecConfig.getIntProp(SECURITY_CONFIGURATION_HEADER_NAME_LENGTH_KEY_NAME)).thenReturn(
+    			SECURITY_CONFIGURATION_TEST_LENGTH);
+    	PowerMockito.when(mockSecConfig.getIntProp(SECURITY_CONFIGURATION_HEADER_VALUE_LENGTH_KEY_NAME)).thenReturn(
+    			SECURITY_CONFIGURATION_TEST_LENGTH);
+
+    	Answer<String> exceptionAnswer = new ValidatorTestContainer(mockValidator).throwException();
+    
+    	Cookie ck1 = new Cookie(testName.getMethodName(), testName.getMethodName()+ "-VALUE");
+    	ck1.setMaxAge(999);
+    	ck1.setDomain(testName.getMethodName() + "-DOMAIN");
+    	ck1.setPath(testName.getMethodName() + "-URI");
+
+    	Cookie[] stubCookies = new Cookie[] {ck1};
+    	PowerMockito.when(mockRequest.getCookies()).thenReturn(stubCookies);
+    	
+    	PowerMockito.when(mockValidator.getValidInput(anyString(), eq(ck1.getName()), eq(COOKIE_NAME_TYPE_KEY), eq(SECURITY_CONFIGURATION_TEST_LENGTH), eq(false))).thenReturn(ck1.getName());
+       PowerMockito.when(mockValidator.getValidInput(anyString(), eq(ck1.getValue()),eq(COOKIE_VALUE_TYPE_KEY), eq(SECURITY_CONFIGURATION_TEST_LENGTH), eq(true))).thenReturn(ck1.getValue());
+   	PowerMockito.when(mockValidator.getValidInput(anyString(), eq(ck1.getDomain()),eq(COOKIE_DOMAIN_TYPE_KEY), eq(SECURITY_CONFIGURATION_TEST_LENGTH), eq(false))).thenAnswer(exceptionAnswer);
+
+    	SecurityWrapperRequest request = new SecurityWrapperRequest(mockRequest);
+    	Cookie[] cookies = request.getCookies();
+    	assertNotEquals(stubCookies, cookies);
+    	assertEquals(0, cookies.length);
+
+    	Mockito.verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(ck1.getName()), ArgumentMatchers.eq(COOKIE_NAME_TYPE_KEY), ArgumentMatchers.eq(SECURITY_CONFIGURATION_TEST_LENGTH), ArgumentMatchers.eq(false));
+    	Mockito.verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(ck1.getValue()), ArgumentMatchers.eq(COOKIE_VALUE_TYPE_KEY), ArgumentMatchers.eq(SECURITY_CONFIGURATION_TEST_LENGTH), ArgumentMatchers.eq(true));
+    	Mockito.verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(ck1.getDomain()), ArgumentMatchers.eq(COOKIE_DOMAIN_TYPE_KEY), ArgumentMatchers.eq(SECURITY_CONFIGURATION_TEST_LENGTH), ArgumentMatchers.eq(false));
+    	Mockito.verify(mockValidator, times(0)).getValidInput(anyString(), ArgumentMatchers.eq(ck1.getPath()), ArgumentMatchers.eq(COOKIE_PATH_TYPE_KEY), ArgumentMatchers.eq(SECURITY_CONFIGURATION_TEST_LENGTH), ArgumentMatchers.eq(false));
+    	
+    	//I would have liked to verify the logging occurred, but it's giving me trouble at this time.
+    }
+    
+
+    @Test
+    public void testGetCookieSkipOnBadPath() throws Exception {
+    	PowerMockito.when(mockSecConfig.getIntProp(SECURITY_CONFIGURATION_HEADER_NAME_LENGTH_KEY_NAME)).thenReturn(
+    			SECURITY_CONFIGURATION_TEST_LENGTH);
+    	PowerMockito.when(mockSecConfig.getIntProp(SECURITY_CONFIGURATION_HEADER_VALUE_LENGTH_KEY_NAME)).thenReturn(
+    			SECURITY_CONFIGURATION_TEST_LENGTH);
+
+    	Answer<String> exceptionAnswer = new ValidatorTestContainer(mockValidator).throwException();
+    
+    	Cookie ck1 = new Cookie(testName.getMethodName(), testName.getMethodName()+ "-VALUE");
+    	ck1.setMaxAge(999);
+    	ck1.setDomain(testName.getMethodName() + "-DOMAIN");
+    	ck1.setPath(testName.getMethodName() + "-URI");
+
+    	Cookie[] stubCookies = new Cookie[] {ck1};
+    	PowerMockito.when(mockRequest.getCookies()).thenReturn(stubCookies);
+    	
+    	PowerMockito.when(mockValidator.getValidInput(anyString(), eq(ck1.getName()), eq(COOKIE_NAME_TYPE_KEY), eq(SECURITY_CONFIGURATION_TEST_LENGTH), eq(false))).thenReturn(ck1.getName());
+    	PowerMockito.when(mockValidator.getValidInput(anyString(), eq(ck1.getValue()),eq(COOKIE_VALUE_TYPE_KEY), eq(SECURITY_CONFIGURATION_TEST_LENGTH), eq(true))).thenReturn(ck1.getValue());
+    	PowerMockito.when(mockValidator.getValidInput(anyString(), eq(ck1.getDomain()),eq(COOKIE_DOMAIN_TYPE_KEY), eq(SECURITY_CONFIGURATION_TEST_LENGTH), eq(false))).thenReturn(ck1.getDomain());
+    	PowerMockito.when(mockValidator.getValidInput(anyString(), eq(ck1.getPath()), eq(COOKIE_PATH_TYPE_KEY), eq(SECURITY_CONFIGURATION_TEST_LENGTH), eq(false))).thenAnswer(exceptionAnswer);
+
+    	SecurityWrapperRequest request = new SecurityWrapperRequest(mockRequest);
+    	Cookie[] cookies = request.getCookies();
+    	assertNotEquals(stubCookies, cookies);
+    	assertEquals(0, cookies.length);
+
+    	Mockito.verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(ck1.getName()), ArgumentMatchers.eq(COOKIE_NAME_TYPE_KEY), ArgumentMatchers.eq(SECURITY_CONFIGURATION_TEST_LENGTH), ArgumentMatchers.eq(false));
+    	Mockito.verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(ck1.getValue()), ArgumentMatchers.eq(COOKIE_VALUE_TYPE_KEY), ArgumentMatchers.eq(SECURITY_CONFIGURATION_TEST_LENGTH), ArgumentMatchers.eq(true));
+    	Mockito.verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(ck1.getDomain()), ArgumentMatchers.eq(COOKIE_DOMAIN_TYPE_KEY), ArgumentMatchers.eq(SECURITY_CONFIGURATION_TEST_LENGTH), ArgumentMatchers.eq(false));
+    	Mockito.verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(ck1.getPath()), ArgumentMatchers.eq(COOKIE_PATH_TYPE_KEY), ArgumentMatchers.eq(SECURITY_CONFIGURATION_TEST_LENGTH), ArgumentMatchers.eq(false));
+    	
+    	//I would have liked to verify the logging occurred, but it's giving me trouble at this time.
+    }
 
     /**
      * Utility test class meant to encapsulate common interactions for preparing and
@@ -405,11 +637,11 @@ public String answer(InvocationOnMock invocation) throws Throwable {
         public void getValidInputReturns(String response) throws Exception {
             setupFor(returnResult(response));
         }
-        
+       
         public void getValidInputThrows() throws Exception {
             setupFor(throwException());
         }
-        
+       
         public void setupFor(Answer<String> answer) throws Exception {
             String context = anyString();
             String input = inputCapture.capture();
@@ -419,7 +651,7 @@ public void setupFor(Answer<String> answer) throws Exception {
 
             PowerMockito.when(validator.getValidInput(context, input, type, length, allowNull)).thenAnswer(answer);
         }
-        
+              
         public void verify(String input, String type, int maxLen, boolean allowNull) throws Exception {
             String actualInput = inputCapture.getValue();
             String actualType = typeCapture.getValue();

From ea47c3e9692d8059cbd7d68d1866c0e2437510b4 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sat, 28 Sep 2019 17:05:05 -0500
Subject: [PATCH 588/812] Pattern Replacement Utility #494

Support class that can handle the regex replace/restore operations for a
codec's encoding process.
---
 .../ref/EncodingPatternPreservation.java      | 112 ++++++++++++++++++
 .../ref/EncodingPatternPreservationTest.java  |  66 +++++++++++
 2 files changed, 178 insertions(+)
 create mode 100644 src/main/java/org/owasp/esapi/codecs/ref/EncodingPatternPreservation.java
 create mode 100644 src/test/java/org/owasp/esapi/codecs/ref/EncodingPatternPreservationTest.java

diff --git a/src/main/java/org/owasp/esapi/codecs/ref/EncodingPatternPreservation.java b/src/main/java/org/owasp/esapi/codecs/ref/EncodingPatternPreservation.java
new file mode 100644
index 000000000..aa3104a4d
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/codecs/ref/EncodingPatternPreservation.java
@@ -0,0 +1,112 @@
+package org.owasp.esapi.codecs.ref;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+/**
+ * String mutation utility which can be used to replace all occurrences of a
+ * defined regular expression with a marker string, and also restore the
+ * original string content.
+ *
+ */
+public class EncodingPatternPreservation {
+	/** Default replacement marker. */
+	private static final String REPLACEMENT_MARKER = EncodingPatternPreservation.class.getSimpleName();
+	/** Pattern that is used to identify which content should be replaced. */
+	private final Pattern noEncodeContent;
+	/** The Marker used to replace found Pattern references. */
+	private String replacementMarker = REPLACEMENT_MARKER;
+
+	/**
+	 * The ordered-list of elements that were replaced in the last call to
+	 * {@link #captureAndReplaceMatches(String)}, and that will be used to replace
+	 * the {@link #replacementMarker} on the next call to
+	 * {@link #restoreOriginalContent(String)}
+	 */
+	private final List<String> replacedContentList = new ArrayList<>();
+
+	/**
+	 * Constructor.
+	 * 
+	 * @param pattern Pattern identifying content being replaced.
+	 */
+	public EncodingPatternPreservation(Pattern pattern) {
+		noEncodeContent = pattern;
+	}
+
+	/**
+	 * Replaces each matching instance of this instance's Pattern with an
+	 * identifiable replacement marker. <br>
+	 * 
+	 * <br>
+	 * After the encoding process is complete, use
+	 * {@link #restoreOriginalContent(String)} to re-insert the original data.
+	 * 
+	 * @param input String to adjust
+	 * @return The adjusted String
+	 */
+	public String captureAndReplaceMatches(String input) {
+		if (!replacedContentList.isEmpty()) {
+			// This may seem odd, but this will prevent programmer error that would result
+			// in being unable to restore a previously tokenized String.
+			String message = "Previously captured state is still present in instance. Call PatternContentPreservation.reset() to clear out preserved state and to reuse the reference.";
+			throw new IllegalStateException(message);
+		}
+		String inputCpy = input;
+		Matcher matcher = noEncodeContent.matcher(input);
+
+		while (matcher.find()) {
+			int groups = matcher.groupCount();
+			for (int x = 0; x < groups; x++) {
+				String replaceContent = matcher.group(x);
+				replacedContentList.add(replaceContent);
+				inputCpy = inputCpy.replaceFirst(noEncodeContent.pattern(), replacementMarker);
+			}
+		}
+
+		return inputCpy;
+	}
+
+	/**
+	 * Replaces each instance of the {@link #replacementMarker} with the original
+	 * content, as captured by {@link #captureAndReplaceMatches(String)}
+	 * 
+	 * @param input String to restore.
+	 * @return String reference with all values replaced.
+	 */
+	public String restoreOriginalContent(String input) {
+		String result = input;
+		while (replacedContentList.size() > 0) {
+			String origValue = replacedContentList.remove(0);
+			result = result.replaceFirst(replacementMarker, origValue);
+		}
+
+		return result;
+
+	}
+
+	/**
+	 * Allows the marker used as a replacement to be altered.
+	 * 
+	 * @param marker String replacment to use for regex matches.
+	 */
+	public void setReplacementMarker(String marker) {
+		if (!replacedContentList.isEmpty()) {
+			// This may seem odd, but this will prevent programmer error that would result
+			// in being unable to restore a previously tokenized String.
+			String message = "Previously captured state is still present in instance. Call PatternContentPreservation.reset() to clear out preserved state and to alter the marker.";
+			throw new IllegalStateException(message);
+		}
+		this.replacementMarker = marker;
+	}
+
+	/**
+	 * Clears any stored replacement values out of the instance.
+	 */
+	public void reset() {
+		replacedContentList.clear();
+	}
+
+}
diff --git a/src/test/java/org/owasp/esapi/codecs/ref/EncodingPatternPreservationTest.java b/src/test/java/org/owasp/esapi/codecs/ref/EncodingPatternPreservationTest.java
new file mode 100644
index 000000000..11869dc06
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/codecs/ref/EncodingPatternPreservationTest.java
@@ -0,0 +1,66 @@
+package org.owasp.esapi.codecs.ref;
+
+import java.util.regex.Pattern;
+
+import org.junit.Test;
+
+import static org.junit.Assert.*;
+
+public class EncodingPatternPreservationTest {
+	
+	@Test
+	public void testReplaceAndRestore() {
+		Pattern numberRegex = Pattern.compile("(ABC)");
+		EncodingPatternPreservation epp = new EncodingPatternPreservation(numberRegex);
+		String origStr = "12 ABC 34 DEF 56 G 7";
+		String replacedStr = epp.captureAndReplaceMatches(origStr);
+		
+		assertEquals("12 EncodingPatternPreservation 34 DEF 56 G 7", replacedStr);
+		
+		String restored = epp.restoreOriginalContent(replacedStr);
+		assertEquals(origStr, restored);
+	}
+	
+	@Test
+	public void testSetMarker() {
+		Pattern numberRegex = Pattern.compile("(ABC)");
+		EncodingPatternPreservation epp = new EncodingPatternPreservation(numberRegex);
+		epp.setReplacementMarker(EncodingPatternPreservationTest.class.getSimpleName());
+		
+		String origStr = "12 ABC 34 DEF 56 G 7";
+		String replacedStr = epp.captureAndReplaceMatches(origStr);
+		
+		assertEquals("12 EncodingPatternPreservationTest 34 DEF 56 G 7", replacedStr);
+		
+		String restored = epp.restoreOriginalContent(replacedStr);
+		assertEquals(origStr, restored);
+	}
+	
+	@Test (expected = IllegalStateException.class)
+	public void testSetMarkerExceptionNoReset() {
+		Pattern numberRegex = Pattern.compile("(ABC)");
+		EncodingPatternPreservation epp = new EncodingPatternPreservation(numberRegex);
+		String origStr = "12 ABC 34 DEF 56 G 7";
+		epp.captureAndReplaceMatches(origStr);
+		//This allows the + case to be illustrated
+		epp.reset();
+		
+		//And the exception case.
+		epp.captureAndReplaceMatches(origStr);
+		epp.setReplacementMarker(EncodingPatternPreservationTest.class.getSimpleName());
+	}
+	
+	@Test (expected = IllegalStateException.class)
+	public void testReplaceExceptionNoReset() {
+		Pattern numberRegex = Pattern.compile("(ABC)");
+		EncodingPatternPreservation epp = new EncodingPatternPreservation(numberRegex);
+		String origStr = "12 ABC 34 DEF 56 G 7";
+		epp.captureAndReplaceMatches(origStr);
+		//This allows the + case to be illustrated
+		epp.reset();
+		
+		//And the exception case.
+		epp.captureAndReplaceMatches(origStr);
+		epp.captureAndReplaceMatches(origStr);
+	}
+}

From fb9965ddccc108ca459a93443f6fe773ad58ad62 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sat, 28 Sep 2019 17:26:08 -0500
Subject: [PATCH 589/812] Pattern Replacement Utility #494

Updating regex use to only inspect group 0 of matcher.

Extending tests to include single line with multiple entries.
---
 .../codecs/ref/EncodingPatternPreservation.java     |  7 +++----
 .../codecs/ref/EncodingPatternPreservationTest.java | 13 +++++++++++++
 2 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/codecs/ref/EncodingPatternPreservation.java b/src/main/java/org/owasp/esapi/codecs/ref/EncodingPatternPreservation.java
index aa3104a4d..4829985b6 100644
--- a/src/main/java/org/owasp/esapi/codecs/ref/EncodingPatternPreservation.java
+++ b/src/main/java/org/owasp/esapi/codecs/ref/EncodingPatternPreservation.java
@@ -58,12 +58,11 @@ public String captureAndReplaceMatches(String input) {
 		Matcher matcher = noEncodeContent.matcher(input);
 
 		while (matcher.find()) {
-			int groups = matcher.groupCount();
-			for (int x = 0; x < groups; x++) {
-				String replaceContent = matcher.group(x);
+			String replaceContent = matcher.group(0);
+			if (replaceContent != null) {
 				replacedContentList.add(replaceContent);
 				inputCpy = inputCpy.replaceFirst(noEncodeContent.pattern(), replacementMarker);
-			}
+			}			
 		}
 
 		return inputCpy;
diff --git a/src/test/java/org/owasp/esapi/codecs/ref/EncodingPatternPreservationTest.java b/src/test/java/org/owasp/esapi/codecs/ref/EncodingPatternPreservationTest.java
index 11869dc06..390f5382e 100644
--- a/src/test/java/org/owasp/esapi/codecs/ref/EncodingPatternPreservationTest.java
+++ b/src/test/java/org/owasp/esapi/codecs/ref/EncodingPatternPreservationTest.java
@@ -21,6 +21,19 @@ public void testReplaceAndRestore() {
 		assertEquals(origStr, restored);
 	}
 	
+	@Test
+	public void testReplaceMultipleAndRestore() {
+		Pattern numberRegex = Pattern.compile("(ABC)");
+		EncodingPatternPreservation epp = new EncodingPatternPreservation(numberRegex);
+		String origStr = "12 ABC 34 ABC 56 G 7 ABC8";
+		String replacedStr = epp.captureAndReplaceMatches(origStr);
+		
+		assertEquals("12 EncodingPatternPreservation 34 EncodingPatternPreservation 56 G 7 EncodingPatternPreservation8", replacedStr);
+		
+		String restored = epp.restoreOriginalContent(replacedStr);
+		assertEquals(origStr, restored);
+	}
+	
 	@Test
 	public void testSetMarker() {
 		Pattern numberRegex = Pattern.compile("(ABC)");

From 13827d2ac715c81ae2bab9f159aabba143ffd476 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sat, 28 Sep 2019 19:05:15 -0500
Subject: [PATCH 590/812] Updating CSSCodec #494

Overriding the CSSCodec encode function to use the
EncodingPatternPreservation utility class.  Adding in a regex for RGB
tuple configurations.  Providing test class to verify expected capability.
---
 .../java/org/owasp/esapi/codecs/CSSCodec.java | 23 +++++++++++--
 .../org/owasp/esapi/codecs/CSSCodecTest.java  | 33 +++++++++++++++++++
 2 files changed, 54 insertions(+), 2 deletions(-)
 create mode 100644 src/test/java/org/owasp/esapi/codecs/CSSCodecTest.java

diff --git a/src/main/java/org/owasp/esapi/codecs/CSSCodec.java b/src/main/java/org/owasp/esapi/codecs/CSSCodec.java
index 1e27ea8a0..2663edb6e 100644
--- a/src/main/java/org/owasp/esapi/codecs/CSSCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/CSSCodec.java
@@ -15,6 +15,10 @@
  */
 package org.owasp.esapi.codecs;
 
+import java.util.regex.Pattern;
+
+import org.owasp.esapi.codecs.ref.EncodingPatternPreservation;
+
 /**
  * Implementation of the Codec interface for backslash encoding used in CSS.
  * 
@@ -26,8 +30,21 @@
 public class CSSCodec extends AbstractCharacterCodec
 {
 	private static final Character REPLACEMENT = '\ufffd';
-
-
+	//rgb (###,###,###) OR rgb(###%,###%,###%)
+	//([rR][gG][bB])\s*\(\s*\d{1,3}\s*(\%)?\s*,\s*\d{1,3}\s*(\%)?\s*,\s*\d{1,3}\s*(\%)?\s*\)
+	private static final String RGB_TRPLT = "([rR][gG][bB])\\s*\\(\\s*\\d{1,3}\\s*(\\%)?\\s*,\\s*\\d{1,3}\\s*(\\%)?\\s*,\\s*\\d{1,3}\\s*(\\%)?\\s*\\)";
+	private static final Pattern RGB_TRPLT_PATTERN = Pattern.compile(RGB_TRPLT); 
+	
+	@Override
+	public String encode(char[] immune, String input) {
+		 EncodingPatternPreservation tripletCheck = new EncodingPatternPreservation(RGB_TRPLT_PATTERN);
+		 
+		 String inputChk = tripletCheck.captureAndReplaceMatches(input);
+		 
+		 String result = super.encode(immune, inputChk);
+		 
+		 return tripletCheck.restoreOriginalContent(result);
+	}
     /**
 	 * {@inheritDoc}
 	 *
@@ -63,6 +80,7 @@ public Character decodeCharacter(PushbackSequence<Character> input)
 	{
 		input.mark();
 		Character first = input.next();
+		System.out.println("First: " + first);
 		if (first == null || first != '\\')
 		{
 			input.reset();
@@ -70,6 +88,7 @@ public Character decodeCharacter(PushbackSequence<Character> input)
 		}
 
 		Character second = input.next();
+		System.out.println("Second: " );
 		if (second == null) {
 			input.reset();
 			return null;
diff --git a/src/test/java/org/owasp/esapi/codecs/CSSCodecTest.java b/src/test/java/org/owasp/esapi/codecs/CSSCodecTest.java
new file mode 100644
index 000000000..8d5fb543c
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/codecs/CSSCodecTest.java
@@ -0,0 +1,33 @@
+package org.owasp.esapi.codecs;
+
+import static org.junit.Assert.assertEquals;
+
+import org.junit.Test;
+
+public class CSSCodecTest {
+	private static final char[] IMMUNE_STUB = new char[0];
+	/** Unit In Test*/
+	private CSSCodec uit = new CSSCodec();
+	
+	@Test
+    public void testCSSTripletLeadString() {
+    	assertEquals("rgb(255,255,255)\\21 ", uit.encode(IMMUNE_STUB, "rgb(255,255,255)!"));
+    	assertEquals("rgb(25%,25%,25%)\\21 ", uit.encode(IMMUNE_STUB, "rgb(25%,25%,25%)!"));
+    }
+	@Test
+    public void testCSSTripletTailString() {
+    	assertEquals("\\24 field\\3d rgb(255,255,255)\\21 ", uit.encode(IMMUNE_STUB, "$field=rgb(255,255,255)!"));
+    	assertEquals("\\24 field\\3d rgb(25%,25%,25%)\\21 ", uit.encode(IMMUNE_STUB, "$field=rgb(25%,25%,25%)!"));
+    }
+	@Test
+    public void testCSSTripletStringPart() {
+    	assertEquals("\\24 field\\3d rgb(255,255,255)\\21 ", uit.encode(IMMUNE_STUB, "$field=rgb(255,255,255)!"));
+    	assertEquals("\\24 field\\3d rgb(25%,25%,25%)\\21 ", uit.encode(IMMUNE_STUB, "$field=rgb(25%,25%,25%)!"));
+    }
+	@Test
+    public void testCSSTripletStringMultiPart() {
+    	assertEquals("\\24 field\\3d rgb(255,255,255)\\21 \\20 \\24 field\\3d rgb(255,255,255)\\21 ", uit.encode(IMMUNE_STUB, "$field=rgb(255,255,255)! $field=rgb(255,255,255)!"));
+    	assertEquals("\\24 field\\3d rgb(25%,25%,25%)\\21 \\20 \\24 field\\3d rgb(25%,25%,25%)\\21 ", uit.encode(IMMUNE_STUB, "$field=rgb(25%,25%,25%)! $field=rgb(25%,25%,25%)!"));
+    	assertEquals("\\24 field\\3d rgb(255,255,255)\\21 \\20 \\24 field\\3d rgb(25%,25%,25%)\\21 ", uit.encode(IMMUNE_STUB, "$field=rgb(255,255,255)! $field=rgb(25%,25%,25%)!"));
+    }
+}

From 8bffd26ca023e1d5cefc75c3e94e572ead19b1d6 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sat, 28 Sep 2019 19:05:52 -0500
Subject: [PATCH 591/812] DefaultEncoder CSS Tests #494

Duplicating the CSSCodecTest context in the DefaultEncoder test context.
---
 .../owasp/esapi/reference/EncoderTest.java    | 43 +++++++++++++++----
 1 file changed, 34 insertions(+), 9 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/reference/EncoderTest.java b/src/test/java/org/owasp/esapi/reference/EncoderTest.java
index 78a6dc537..c62a09b20 100644
--- a/src/test/java/org/owasp/esapi/reference/EncoderTest.java
+++ b/src/test/java/org/owasp/esapi/reference/EncoderTest.java
@@ -15,19 +15,23 @@
  */
 package org.owasp.esapi.reference;
 
-import java.io.ByteArrayOutputStream;
+import static org.junit.Assert.assertEquals;
+
 import java.io.IOException;
-import java.io.ObjectOutputStream;
 import java.io.UnsupportedEncodingException;
 import java.net.URI;
 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Map.Entry;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
 
-import org.junit.Ignore;
 import org.owasp.esapi.ESAPI;
 import org.owasp.esapi.Encoder;
 import org.owasp.esapi.EncoderConstants;
-import org.owasp.esapi.codecs.Base64;
+import org.owasp.esapi.codecs.CSSCodec;
 import org.owasp.esapi.codecs.Codec;
 import org.owasp.esapi.codecs.HTMLEntityCodec;
 import org.owasp.esapi.codecs.MySQLCodec;
@@ -376,7 +380,7 @@ public void testEncodeForHTMLAttribute() {
     /**
      *
      */
-    public void testEncodeForCSS() {
+    public void testencodeForCSS() {
         System.out.println("encodeForCSS");
         Encoder instance = ESAPI.encoder();
         assertEquals(null, instance.encodeForCSS(null));
@@ -385,11 +389,32 @@ public void testEncodeForCSS() {
         assertEquals("#f00", instance.encodeForCSS("#f00"));
         assertEquals("#123456", instance.encodeForCSS("#123456"));
         assertEquals("#abcdef", instance.encodeForCSS("#abcdef"));
-        assertEquals("red", instance.encodeForCSS("red"));
+        assertEquals("red", instance.encodeForCSS("red"));       
     }
-
-
-
+    
+    public void testCSSTripletLeadString() {
+    	Encoder instance = ESAPI.encoder();
+    	assertEquals("rgb(255,255,255)\\21 ", instance.encodeForCSS("rgb(255,255,255)!"));
+    	assertEquals("rgb(25%,25%,25%)\\21 ", instance.encodeForCSS("rgb(25%,25%,25%)!"));
+    }
+    public void testCSSTripletTailString() {
+		Encoder instance = ESAPI.encoder();
+    	assertEquals("\\24 field\\3d rgb(255,255,255)\\21 ", instance.encodeForCSS("$field=rgb(255,255,255)!"));
+    	assertEquals("\\24 field\\3d rgb(25%,25%,25%)\\21 ", instance.encodeForCSS("$field=rgb(25%,25%,25%)!"));
+    }
+    public void testCSSTripletStringPart() {
+		Encoder instance = ESAPI.encoder();
+    	assertEquals("\\24 field\\3d rgb(255,255,255)\\21 ", instance.encodeForCSS("$field=rgb(255,255,255)!"));
+    	assertEquals("\\24 field\\3d rgb(25%,25%,25%)\\21 ", instance.encodeForCSS("$field=rgb(25%,25%,25%)!"));
+    }
+    public void testCSSTripletStringMultiPart() {
+		Encoder instance = ESAPI.encoder();
+    	assertEquals("\\24 field\\3d rgb(255,255,255)\\21 \\20 \\24 field\\3d rgb(255,255,255)\\21 ", instance.encodeForCSS("$field=rgb(255,255,255)! $field=rgb(255,255,255)!"));
+    	assertEquals("\\24 field\\3d rgb(25%,25%,25%)\\21 \\20 \\24 field\\3d rgb(25%,25%,25%)\\21 ", instance.encodeForCSS("$field=rgb(25%,25%,25%)! $field=rgb(25%,25%,25%)!"));
+    	assertEquals("\\24 field\\3d rgb(255,255,255)\\21 \\20 \\24 field\\3d rgb(25%,25%,25%)\\21 ", instance.encodeForCSS("$field=rgb(255,255,255)! $field=rgb(25%,25%,25%)!"));
+    }
+       
+    
     /**
 	 * Test of encodeForJavaScript method, of class org.owasp.esapi.Encoder.
 	 */

From 377d377dcd68ccefa0841ac12e980729945363d9 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sat, 28 Sep 2019 19:54:56 -0500
Subject: [PATCH 592/812] Cleanup #494

Removing debug content.
---
 src/main/java/org/owasp/esapi/codecs/CSSCodec.java | 2 --
 1 file changed, 2 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/codecs/CSSCodec.java b/src/main/java/org/owasp/esapi/codecs/CSSCodec.java
index 2663edb6e..152aa206c 100644
--- a/src/main/java/org/owasp/esapi/codecs/CSSCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/CSSCodec.java
@@ -80,7 +80,6 @@ public Character decodeCharacter(PushbackSequence<Character> input)
 	{
 		input.mark();
 		Character first = input.next();
-		System.out.println("First: " + first);
 		if (first == null || first != '\\')
 		{
 			input.reset();
@@ -88,7 +87,6 @@ public Character decodeCharacter(PushbackSequence<Character> input)
 		}
 
 		Character second = input.next();
-		System.out.println("Second: " );
 		if (second == null) {
 			input.reset();
 			return null;

From 4bd6690b5fbc7cc0e79521c5cd652ac03d0e6e45 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Fri, 4 Oct 2019 07:15:28 -0500
Subject: [PATCH 593/812] OS Name DefaultExecutorTests #143

Creating two tests to assert that the constructor of the DefaultExector
interprets the os.name system property.  If the name contains 'Windows'
the underlying Codec is a WindowsCodec.  If the literal 'Windows' is not
present, then the UnixCodec is applied to the instance.
---
 .../owasp/esapi/reference/ExecutorTest.java   | 65 +++++++++++++++++--
 1 file changed, 61 insertions(+), 4 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/reference/ExecutorTest.java b/src/test/java/org/owasp/esapi/reference/ExecutorTest.java
index b904f4420..d301fce40 100644
--- a/src/test/java/org/owasp/esapi/reference/ExecutorTest.java
+++ b/src/test/java/org/owasp/esapi/reference/ExecutorTest.java
@@ -17,14 +17,11 @@
 
 import java.io.File;
 import java.io.FileWriter;
+import java.lang.reflect.Field;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
 
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-
 import org.owasp.esapi.ESAPI;
 import org.owasp.esapi.ExecuteResult;
 import org.owasp.esapi.Executor;
@@ -34,6 +31,10 @@
 import org.owasp.esapi.codecs.UnixCodec;
 import org.owasp.esapi.codecs.WindowsCodec;
 
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
 /**
  * The Class ExecutorTest.
  * 
@@ -92,6 +93,62 @@ public static Test suite() {
 		TestSuite suite = new TestSuite(ExecutorTest.class);
 		return suite;
 	}
+	
+	private void resetSingletonField() throws Exception {
+		//Wipe the singleton field here so we can force recreation.
+		Field singletonField = DefaultExecutor.class.getDeclaredField("singletonInstance");
+		singletonField.setAccessible(true);
+		//Object ref is ignored since field is static.
+		singletonField.set(new Object(), null);
+	}
+
+	public void testPlatformResoveWindows() throws Exception {
+		String origName = System.getProperty("os.name");
+
+		try {
+			//Wipe the singleton field here so we can force recreation.
+			resetSingletonField();
+
+			System.setProperty("os.name", "a name that includes the literal 'Windows'");
+			Executor ex = DefaultExecutor.getInstance();
+
+
+			Field codecField = DefaultExecutor.class.getDeclaredField("codec");
+			codecField.setAccessible(true);
+
+			Object instCodec = codecField.get(ex);
+
+			assertTrue(instCodec instanceof WindowsCodec);
+		} finally {
+			System.setProperty("os.name", origName);
+			resetSingletonField();
+		}
+	}
+
+	public void testPlatformResolveNx() throws Exception{
+		String origName = System.getProperty("os.name");
+
+		try {
+			//Wipe the singleton field here so we can force recreation.
+			resetSingletonField();
+
+			//Unmatched Platform is anything but the literal string "Windows" - In part or in whole.
+			System.setProperty("os.name", "unmatchedPlatform");
+			Executor ex = DefaultExecutor.getInstance();
+
+
+			Field codecField = DefaultExecutor.class.getDeclaredField("codec");
+			codecField.setAccessible(true);
+
+			Object instCodec = codecField.get(ex);
+
+			assertTrue(instCodec instanceof UnixCodec);
+		} finally {
+			System.setProperty("os.name", origName);
+			resetSingletonField();
+		}
+	}
+
 
 	/**
 	 * Test of executeOSCommand method, of class org.owasp.esapi.Executor

From a9b14398715e9c80f867754714c9fa0e71a6e7e4 Mon Sep 17 00:00:00 2001
From: Matt Seil <xeno6696@users.noreply.github.com>
Date: Sun, 6 Oct 2019 16:12:56 -0700
Subject: [PATCH 594/812] =?UTF-8?q?Fixed=20issues=20#503=20by=20writing=20?=
 =?UTF-8?q?a=20new=20addReferer=20method,=20also=20temporaril=E2=80=A6=20(?=
 =?UTF-8?q?#514)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Fixed issues #503 by writing a new addReferer method, also temporarily silenced issues related to mocking in #496.

* Additional fix to #503.
---
 pom.xml                                       |   4 +-
 .../filters/SecurityWrapperResponse.java      |  91 ++--
 .../filters/SecurityWrapperResponseTest.java  | 418 +++++++++---------
 .../owasp/esapi/reference/EncoderTest.java    |  15 +
 .../owasp/esapi/reference/ValidatorTest.java  |   4 +-
 5 files changed, 288 insertions(+), 244 deletions(-)

diff --git a/pom.xml b/pom.xml
index eeabf7401..6a34d2cc0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -309,7 +309,7 @@
         <dependency>
             <groupId>org.powermock</groupId>
             <artifactId>powermock-api-mockito2</artifactId>
-            <version>2.0.0</version>
+            <version>2.0.2</version>
             <scope>test</scope>
             <exclusions>
                 <exclusion>
@@ -358,7 +358,7 @@
         <dependency>
             <groupId>org.powermock</groupId>
             <artifactId>powermock-module-junit4</artifactId>
-            <version>2.0.0</version>
+            <version>2.0.2</version>
             <scope>test</scope>
         </dependency>
         <dependency>
diff --git a/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java b/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java
index 19b25c666..91852b1ab 100644
--- a/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java
+++ b/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java
@@ -49,7 +49,7 @@ public class SecurityWrapperResponse extends HttpServletResponseWrapper implemen
      * @param response
      */
     public SecurityWrapperResponse(HttpServletResponse response) {
-    	super( response );
+        super( response );
     }
 
     /**
@@ -60,13 +60,13 @@ public SecurityWrapperResponse(HttpServletResponse response) {
      * @param mode The mode for this wrapper. Legal modes are "log", "skip", "sanitize", "throw".
      */
     public SecurityWrapperResponse(HttpServletResponse response, String mode) {
-    	super( response );
+        super( response );
         this.mode = mode;
     }
 
 
     private HttpServletResponse getHttpServletResponse() {
-    	return (HttpServletResponse)super.getResponse();
+        return (HttpServletResponse)super.getResponse();
     }
 
     /**
@@ -138,10 +138,10 @@ private String createCookieHeader(String name, String value, int maxAge, String
             header += "; Path=" + path;
         }
         if ( secure || ESAPI.securityConfiguration().getBooleanProp("HttpUtilities.ForceSecureCookies") ) {
-			header += "; Secure";
+            header += "; Secure";
         }
         if ( ESAPI.securityConfiguration().getBooleanProp("HttpUtilities.ForceHttpOnlyCookies") ) {
-			header += "; HttpOnly";
+            header += "; HttpOnly";
         }
         return header;
     }
@@ -154,7 +154,7 @@ private String createCookieHeader(String name, String value, int maxAge, String
      */
     public void addDateHeader(String name, long date) {
         try {
-        	SecurityConfiguration sc = ESAPI.securityConfiguration();
+            SecurityConfiguration sc = ESAPI.securityConfiguration();
             String safeName = ESAPI.validator().getValidInput("safeSetDateHeader", name, "HTTPHeaderName", sc.getIntProp("HttpUtilities.MaxHeaderNameSize"), false);
             getHttpServletResponse().addDateHeader(safeName, date);
         } catch (ValidationException e) {
@@ -175,7 +175,7 @@ public void addDateHeader(String name, long date) {
     public void addHeader(String name, String value) {
         try {
             // TODO: make stripping a global config
-        	SecurityConfiguration sc = ESAPI.securityConfiguration();
+            SecurityConfiguration sc = ESAPI.securityConfiguration();
             String strippedName = StringUtilities.stripControls(name);
             String strippedValue = StringUtilities.stripControls(value);
             String safeName = ESAPI.validator().getValidInput("addHeader", strippedName, "HTTPHeaderName", sc.getIntProp("HttpUtilities.MaxHeaderNameSize"), false);
@@ -185,16 +185,35 @@ public void addHeader(String name, String value) {
             logger.warning(Logger.SECURITY_FAILURE, "Attempt to add invalid header denied", e);
         }
     }
+    
+    /**
+     * Add a referer header to the response, after validating there are no illegal characters according to the 
+     * Validator.isValidURI() method, as well as ensuring there are no instances of mixed or double encoding 
+     * depending on how you have configured ESAPI defaults.  
+     * @param uri
+     */
+    public void addReferer( String uri) {
+
+        // TODO: make stripping a global config
+        String strippedValue = StringUtilities.stripControls(uri);
+        boolean isValidURI = ESAPI.validator().isValidURI("refererHeader", strippedValue, false);
+        String safeValue = "";
+        if(isValidURI) {
+            safeValue = strippedValue;
+        }
+        
+        getHttpServletResponse().addHeader("referer", safeValue);
+    }
 
     /**
      * Add an int header to the response after ensuring that there are no
-     * encoded or illegal characters in the name and value.
+     * encoded or illegal characters in the name and value. git
      * @param name 
      * @param value
      */
     public void addIntHeader(String name, int value) {
         try {
-        	SecurityConfiguration sc = ESAPI.securityConfiguration();
+            SecurityConfiguration sc = ESAPI.securityConfiguration();
             String safeName = ESAPI.validator().getValidInput("safeSetDateHeader", name, "HTTPHeaderName", sc.getIntProp("HttpUtilities.MaxHeaderNameSize"), false);
             getHttpServletResponse().addIntHeader(safeName, value);
         } catch (ValidationException e) {
@@ -361,12 +380,12 @@ public void resetBuffer() {
      * @throws IOException
      */
     public void sendError(int sc) throws IOException {
-    	SecurityConfiguration config = ESAPI.securityConfiguration();
-    	if (config.getBooleanProp("HttpUtilities.OverwriteStatusCodes")) {
-    		getHttpServletResponse().sendError(HttpServletResponse.SC_OK, getHTTPMessage(sc));
-    	} else {
-    		getHttpServletResponse().sendError(sc, getHTTPMessage(sc));
-    	}
+        SecurityConfiguration config = ESAPI.securityConfiguration();
+        if(config.getBooleanProp("HttpUtilities.OverwriteStatusCodes")){
+            getHttpServletResponse().sendError(HttpServletResponse.SC_OK, getHTTPMessage(sc));
+        }else{
+            getHttpServletResponse().sendError(sc, getHTTPMessage(sc));
+        }
     }
 
     /**
@@ -379,12 +398,12 @@ public void sendError(int sc) throws IOException {
      * @throws IOException
      */
     public void sendError(int sc, String msg) throws IOException {
-    	SecurityConfiguration config = ESAPI.securityConfiguration();
-    	if(config.getBooleanProp("HttpUtilities.OverwriteStatusCodes")){
-    		getHttpServletResponse().sendError(HttpServletResponse.SC_OK, ESAPI.encoder().encodeForHTML(msg));
-    	}else{
-    		getHttpServletResponse().sendError(sc, ESAPI.encoder().encodeForHTML(msg));
-    	}
+        SecurityConfiguration config = ESAPI.securityConfiguration();
+        if(config.getBooleanProp("HttpUtilities.OverwriteStatusCodes")){
+            getHttpServletResponse().sendError(HttpServletResponse.SC_OK, ESAPI.encoder().encodeForHTML(msg));
+        }else{
+            getHttpServletResponse().sendError(sc, ESAPI.encoder().encodeForHTML(msg));
+        }
     }
 
     /**
@@ -418,7 +437,7 @@ public void setBufferSize(int size) {
      * @param charset
      */
     public void setCharacterEncoding(String charset) {
-    	SecurityConfiguration sc = ESAPI.securityConfiguration();
+        SecurityConfiguration sc = ESAPI.securityConfiguration();
         getHttpServletResponse().setCharacterEncoding(sc.getStringProp("HttpUtilities.CharacterEncoding"));
     }
 
@@ -446,7 +465,7 @@ public void setContentType(String type) {
      */
     public void setDateHeader(String name, long date) {
         try {
-        	SecurityConfiguration sc = ESAPI.securityConfiguration();
+            SecurityConfiguration sc = ESAPI.securityConfiguration();
             String safeName = ESAPI.validator().getValidInput("safeSetDateHeader", name, "HTTPHeaderName", sc.getIntProp("HttpUtilities.MaxHeaderNameSize"), false);
             getHttpServletResponse().setDateHeader(safeName, date);
         } catch (ValidationException e) {
@@ -484,7 +503,7 @@ public void setHeader(String name, String value) {
      */
     public void setIntHeader(String name, int value) {
         try {
-        	SecurityConfiguration sc = ESAPI.securityConfiguration();
+            SecurityConfiguration sc = ESAPI.securityConfiguration();
             String safeName = ESAPI.validator().getValidInput("safeSetDateHeader", name, "HTTPHeaderName", sc.getIntProp("HttpUtilities.MaxHeaderNameSize"), false);
             getHttpServletResponse().setIntHeader(safeName, value);
         } catch (ValidationException e) {
@@ -507,12 +526,12 @@ public void setLocale(Locale loc) {
      * @param sc
      */
     public void setStatus(int sc) {
-    	SecurityConfiguration config = ESAPI.securityConfiguration();
-    	if(config.getBooleanProp("HttpUtilities.OverwriteStatusCodes")){
-    		getHttpServletResponse().setStatus(HttpServletResponse.SC_OK);
-    	}else{
-    		getHttpServletResponse().setStatus(sc);
-    	}
+        SecurityConfiguration config = ESAPI.securityConfiguration();
+        if(config.getBooleanProp("HttpUtilities.OverwriteStatusCodes")){
+            getHttpServletResponse().setStatus(HttpServletResponse.SC_OK);
+        }else{
+            getHttpServletResponse().setStatus(sc);
+        }
         
     }
 
@@ -527,12 +546,12 @@ public void setStatus(int sc) {
     @Deprecated
     public void setStatus(int sc, String sm) {
         try {
-        	SecurityConfiguration config = ESAPI.securityConfiguration();
-        	if(config.getBooleanProp("HttpUtilities.OverwriteStatusCodes")){
-        		sendError(HttpServletResponse.SC_OK, sm);
-        	}else{
-        		sendError(sc, sm);
-        	}
+            SecurityConfiguration config = ESAPI.securityConfiguration();
+            if(config.getBooleanProp("HttpUtilities.OverwriteStatusCodes")){
+                sendError(HttpServletResponse.SC_OK, sm);
+            }else{
+                sendError(sc, sm);
+            }
         } catch (IOException e) {
             logger.warning(Logger.SECURITY_FAILURE, "Attempt to set response status failed", e);
         }
diff --git a/src/test/java/org/owasp/esapi/filters/SecurityWrapperResponseTest.java b/src/test/java/org/owasp/esapi/filters/SecurityWrapperResponseTest.java
index 478f0b050..362fa5be1 100644
--- a/src/test/java/org/owasp/esapi/filters/SecurityWrapperResponseTest.java
+++ b/src/test/java/org/owasp/esapi/filters/SecurityWrapperResponseTest.java
@@ -16,213 +16,223 @@
 import org.mockito.Mockito;
 import org.owasp.esapi.http.MockHttpServletResponse;
 import org.owasp.esapi.util.TestUtils;
+import org.powermock.core.classloader.annotations.PowerMockIgnore;
 import org.powermock.modules.junit4.PowerMockRunner;
 
 //@PrepareForTest({SecurityWrapperResponse.class})
 @RunWith(PowerMockRunner.class)
+@PowerMockIgnore({"com.sun.org.apache.xerces.*", "javax.xml.*", "org.xml.*", "org.w3c.dom.*"})
 public class SecurityWrapperResponseTest {
-	
-	@Test
-	public void testAddHeader(){
-		HttpServletResponse servResp = mock(HttpServletResponse.class);
-		SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
-		resp.addHeader("Foo", "bar");
-		verify(servResp, times(1)).addHeader("Foo", "bar");
-	}
-	
-	@Test
-	public void testAddDateHeader(){
-		HttpServletResponse servResp = mock(HttpServletResponse.class);
-		SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
-		long currentTime = System.currentTimeMillis();
-		resp.addDateHeader("Foo", currentTime);
-		verify(servResp, times(1)).addDateHeader("Foo", currentTime);
-	}
-	
-	@Test
-	public void testSetDateHeader(){
-		HttpServletResponse servResp = mock(HttpServletResponse.class);
-		SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
-		long currentTime = System.currentTimeMillis();
-		resp.setDateHeader("Foo", currentTime);
-		verify(servResp, times(1)).setDateHeader("Foo", currentTime);
-	}
-	
-	@Test
-	public void testSetInvalidDateHeader(){
-		HttpServletResponse servResp = mock(HttpServletResponse.class);
-		SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
-		long currentTime = System.currentTimeMillis();
-		resp.setDateHeader("<scr", currentTime);
-		verify(servResp, times(0)).setDateHeader("<scr", currentTime);
-	}
-	
-	@Test
-	public void testSetHeader(){
-		HttpServletResponse servResp = mock(HttpServletResponse.class);
-		SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
-		resp.setHeader("foo", "bar");
-		verify(servResp, times(1)).setHeader("foo", "bar");
-	}
-	
-	@Test
-	public void testSetInvalidHeader(){
-		HttpServletResponse servResp = mock(HttpServletResponse.class);
-		SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
-		resp.setHeader("foo", "<script>alert</script>");
-		verify(servResp, times(0)).setHeader("foo", "<script>alert</script>");
-	}
-	
-	@Test
-	public void testInvalidDateHeader(){
-		HttpServletResponse servResp = mock(HttpServletResponse.class);
-		SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
-		long currentTime = System.currentTimeMillis();
-		resp.addDateHeader("Foo\\r\\n", currentTime);
-		verify(servResp, times(0)).addDateHeader("Foo", currentTime);
-	}
-	
-	@Test
-	public void testAddHeaderInvalidValueLength(){
-		//refactor this to use a spy. 
-		HttpServletResponse servResp = mock(HttpServletResponse.class);
-		SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
-		SecurityWrapperResponse spyResp = spy(resp);
-		Mockito.doCallRealMethod().when(spyResp).addHeader("Foo", TestUtils.generateStringOfLength(4097));
-		resp.addHeader("Foo", TestUtils.generateStringOfLength(4097));
-		verify(servResp, times(0)).addHeader("Foo", "bar");
-	}
-	
-	@Test
-	public void testAddHeaderInvalidKeyLength(){
-		HttpServletResponse servResp = mock(HttpServletResponse.class);
-		SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
-		resp.addHeader(TestUtils.generateStringOfLength(257), "bar");
-		verify(servResp, times(0)).addHeader("Foo", "bar");
-	}
-	
-	@Test
-	public void testAddIntHeader(){
-		HttpServletResponse servResp = mock(HttpServletResponse.class);
-		SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
-		resp.addIntHeader("aaaa", 4);
-		verify(servResp, times(1)).addIntHeader("aaaa", 4);
-	}
-	
-	@Test
-	public void testAddInvalidIntHeader(){
-		HttpServletResponse servResp = mock(HttpServletResponse.class);
-		SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
-		resp.addIntHeader(TestUtils.generateStringOfLength(257), Integer.MIN_VALUE);
-		verify(servResp, times(0)).addIntHeader(TestUtils.generateStringOfLength(257), Integer.MIN_VALUE);
-	}
-	
-	@Test
-	public void testContainsHeader(){
-		HttpServletResponse servResp = new MockHttpServletResponse();
-		servResp = spy(servResp);
-		SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
-		resp = spy(resp);
-		resp.addIntHeader("aaaa", Integer.MIN_VALUE);
-		verify(servResp, times(1)).addIntHeader("aaaa", Integer.MIN_VALUE);
-		assertEquals(true, servResp.containsHeader("aaaa"));
-	}
-	
-	@Test
-	public void testAddValidCookie(){
-		HttpServletResponse servResp = new MockHttpServletResponse();
-		servResp = spy(servResp);
-		SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
-		SecurityWrapperResponse spyResp = spy(resp);
-		Cookie cookie = new Cookie("Foo", TestUtils.generateStringOfLength(10));
-		cookie.setMaxAge(5000);
-		Mockito.doCallRealMethod().when(spyResp).addCookie(cookie);
-		spyResp.addCookie(cookie);
-		
-		/*
-		 * We're indirectly testing our class.  Since it ultimately
-		 * delegates to HttpServletResponse.addHeader, we're actually 
-		 * validating that our test method constructs a header with the
-		 * expected properties.  This implicitly tests the 
-		 * createCookieHeader method as well.
-		 */
-		verify(servResp, times(1)).addHeader("Set-Cookie", "Foo=aaaaaaaaaa; Max-Age=5000; Secure; HttpOnly");
-	}
-	
-	@Test
-	public void testAddValidCookieWithDomain(){
-		HttpServletResponse servResp = new MockHttpServletResponse();
-		servResp = spy(servResp);
-		SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
-		SecurityWrapperResponse spyResp = spy(resp);
-		Cookie cookie = new Cookie("Foo", TestUtils.generateStringOfLength(10));
-		cookie.setDomain("evil.com");
-		cookie.setMaxAge(-1);
-		Mockito.doCallRealMethod().when(spyResp).addCookie(cookie);
-		spyResp.addCookie(cookie);
-		verify(servResp, times(1)).addHeader("Set-Cookie", "Foo=aaaaaaaaaa; Domain=evil.com; Secure; HttpOnly");
-	}
-	
-	@Test
-	public void testAddValidCookieWithPath(){
-		HttpServletResponse servResp = new MockHttpServletResponse();
-		servResp = spy(servResp);
-		SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
-		SecurityWrapperResponse spyResp = spy(resp);
-		Cookie cookie = new Cookie("Foo", TestUtils.generateStringOfLength(10));
-		cookie.setDomain("evil.com");
-		cookie.setPath("/foo/bar");
-		Mockito.doCallRealMethod().when(spyResp).addCookie(cookie);
-		spyResp.addCookie(cookie);
-		verify(servResp, times(1)).addHeader("Set-Cookie", "Foo=aaaaaaaaaa; Domain=evil.com; Path=/foo/bar; Secure; HttpOnly");
-	}
-	
-	@Test
-	public void testAddInValidCookie(){
-		HttpServletResponse servResp = new MockHttpServletResponse();
-		servResp = spy(servResp);
-		SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
-		SecurityWrapperResponse spyResp = spy(resp);
-		Cookie cookie = new Cookie("Foo", TestUtils.generateStringOfLength(5000));
-		Mockito.doCallRealMethod().when(spyResp).addCookie(cookie);
-		
-		spyResp.addCookie(cookie);
-		verify(servResp, times(0)).addHeader("Set-Cookie", "Foo=" + TestUtils.generateStringOfLength(5000) + "; Secure; HttpOnly");
-	}
-	
-	@Test
-	public void testSendError() throws Exception{
-		HttpServletResponse servResp = new MockHttpServletResponse();
-		servResp = spy(servResp);
-		SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
-		SecurityWrapperResponse spyResp = spy(resp);
-		Mockito.doCallRealMethod().when(spyResp).sendError(200);
-		spyResp.sendError(200);
-		
-		verify(servResp, times(1)).sendError(200, "HTTP error code: 200");;
-	}
-	
-	@Test
-	public void testSendStatus() throws Exception{
-		HttpServletResponse servResp = new MockHttpServletResponse();
-		servResp = spy(servResp);
-		SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
-		SecurityWrapperResponse spyResp = spy(resp);
-		Mockito.doCallRealMethod().when(spyResp).setStatus(200);;
-		spyResp.setStatus(200);
-		
-		verify(servResp, times(1)).setStatus(200);;
-	}
-	
-	@Test
-	public void testSendStatusWithString() throws Exception{
-		HttpServletResponse servResp = new MockHttpServletResponse();
-		servResp = spy(servResp);
-		SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
-		SecurityWrapperResponse spyResp = spy(resp);
-		Mockito.doCallRealMethod().when(spyResp).setStatus(200, "foo");;
-		spyResp.setStatus(200, "foo");
-		
-		verify(servResp, times(1)).sendError(200, "foo");;
-	}
+    
+    @Test
+    public void testAddHeader(){
+        HttpServletResponse servResp = mock(HttpServletResponse.class);
+        SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
+        resp.addHeader("Foo", "bar");
+        verify(servResp, times(1)).addHeader("Foo", "bar");
+    }
+    
+    @Test
+    public void testAddRefererHeader(){
+        HttpServletResponse servResp = mock(HttpServletResponse.class);
+        SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
+        resp.addReferer("http://127.0.0.1:3000/campaigns?goal=all&section=active&sort-by=-id&status=Draft%2CLaunched");
+        verify(servResp, times(1)).addHeader("referer", "");
+    }
+    
+    @Test
+    public void testAddDateHeader(){
+        HttpServletResponse servResp = mock(HttpServletResponse.class);
+        SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
+        long currentTime = System.currentTimeMillis();
+        resp.addDateHeader("Foo", currentTime);
+        verify(servResp, times(1)).addDateHeader("Foo", currentTime);
+    }
+    
+    @Test
+    public void testSetDateHeader(){
+        HttpServletResponse servResp = mock(HttpServletResponse.class);
+        SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
+        long currentTime = System.currentTimeMillis();
+        resp.setDateHeader("Foo", currentTime);
+        verify(servResp, times(1)).setDateHeader("Foo", currentTime);
+    }
+    
+    @Test
+    public void testSetInvalidDateHeader(){
+        HttpServletResponse servResp = mock(HttpServletResponse.class);
+        SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
+        long currentTime = System.currentTimeMillis();
+        resp.setDateHeader("<scr", currentTime);
+        verify(servResp, times(0)).setDateHeader("<scr", currentTime);
+    }
+    
+    @Test
+    public void testSetHeader(){
+        HttpServletResponse servResp = mock(HttpServletResponse.class);
+        SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
+        resp.setHeader("foo", "bar");
+        verify(servResp, times(1)).setHeader("foo", "bar");
+    }
+    
+    @Test
+    public void testSetInvalidHeader(){
+        HttpServletResponse servResp = mock(HttpServletResponse.class);
+        SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
+        resp.setHeader("foo", "<script>alert</script>");
+        verify(servResp, times(0)).setHeader("foo", "<script>alert</script>");
+    }
+    
+    @Test
+    public void testInvalidDateHeader(){
+        HttpServletResponse servResp = mock(HttpServletResponse.class);
+        SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
+        long currentTime = System.currentTimeMillis();
+        resp.addDateHeader("Foo\\r\\n", currentTime);
+        verify(servResp, times(0)).addDateHeader("Foo", currentTime);
+    }
+    
+    @Test
+    public void testAddHeaderInvalidValueLength(){
+        //refactor this to use a spy. 
+        HttpServletResponse servResp = mock(HttpServletResponse.class);
+        SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
+        SecurityWrapperResponse spyResp = spy(resp);
+        Mockito.doCallRealMethod().when(spyResp).addHeader("Foo", TestUtils.generateStringOfLength(4097));
+        resp.addHeader("Foo", TestUtils.generateStringOfLength(4097));
+        verify(servResp, times(0)).addHeader("Foo", "bar");
+    }
+    
+    @Test
+    public void testAddHeaderInvalidKeyLength(){
+        HttpServletResponse servResp = mock(HttpServletResponse.class);
+        SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
+        resp.addHeader(TestUtils.generateStringOfLength(257), "bar");
+        verify(servResp, times(0)).addHeader("Foo", "bar");
+    }
+    
+    @Test
+    public void testAddIntHeader(){
+        HttpServletResponse servResp = mock(HttpServletResponse.class);
+        SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
+        resp.addIntHeader("aaaa", 4);
+        verify(servResp, times(1)).addIntHeader("aaaa", 4);
+    }
+    
+    @Test
+    public void testAddInvalidIntHeader(){
+        HttpServletResponse servResp = mock(HttpServletResponse.class);
+        SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
+        resp.addIntHeader(TestUtils.generateStringOfLength(257), Integer.MIN_VALUE);
+        verify(servResp, times(0)).addIntHeader(TestUtils.generateStringOfLength(257), Integer.MIN_VALUE);
+    }
+    
+    @Test
+    public void testContainsHeader(){
+        HttpServletResponse servResp = new MockHttpServletResponse();
+        servResp = spy(servResp);
+        SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
+        resp = spy(resp);
+        resp.addIntHeader("aaaa", Integer.MIN_VALUE);
+        verify(servResp, times(1)).addIntHeader("aaaa", Integer.MIN_VALUE);
+        assertEquals(true, servResp.containsHeader("aaaa"));
+    }
+    
+    @Test
+    public void testAddValidCookie(){
+        HttpServletResponse servResp = new MockHttpServletResponse();
+        servResp = spy(servResp);
+        SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
+        SecurityWrapperResponse spyResp = spy(resp);
+        Cookie cookie = new Cookie("Foo", TestUtils.generateStringOfLength(10));
+        cookie.setMaxAge(5000);
+        Mockito.doCallRealMethod().when(spyResp).addCookie(cookie);
+        spyResp.addCookie(cookie);
+        
+        /*
+         * We're indirectly testing our class.  Since it ultimately
+         * delegates to HttpServletResponse.addHeader, we're actually 
+         * validating that our test method constructs a header with the
+         * expected properties.  This implicitly tests the 
+         * createCookieHeader method as well.
+         */
+        verify(servResp, times(1)).addHeader("Set-Cookie", "Foo=aaaaaaaaaa; Max-Age=5000; Secure; HttpOnly");
+    }
+    
+    @Test
+    public void testAddValidCookieWithDomain(){
+        HttpServletResponse servResp = new MockHttpServletResponse();
+        servResp = spy(servResp);
+        SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
+        SecurityWrapperResponse spyResp = spy(resp);
+        Cookie cookie = new Cookie("Foo", TestUtils.generateStringOfLength(10));
+        cookie.setDomain("evil.com");
+        cookie.setMaxAge(-1);
+        Mockito.doCallRealMethod().when(spyResp).addCookie(cookie);
+        spyResp.addCookie(cookie);
+        verify(servResp, times(1)).addHeader("Set-Cookie", "Foo=aaaaaaaaaa; Domain=evil.com; Secure; HttpOnly");
+    }
+    
+    @Test
+    public void testAddValidCookieWithPath(){
+        HttpServletResponse servResp = new MockHttpServletResponse();
+        servResp = spy(servResp);
+        SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
+        SecurityWrapperResponse spyResp = spy(resp);
+        Cookie cookie = new Cookie("Foo", TestUtils.generateStringOfLength(10));
+        cookie.setDomain("evil.com");
+        cookie.setPath("/foo/bar");
+        Mockito.doCallRealMethod().when(spyResp).addCookie(cookie);
+        spyResp.addCookie(cookie);
+        verify(servResp, times(1)).addHeader("Set-Cookie", "Foo=aaaaaaaaaa; Domain=evil.com; Path=/foo/bar; Secure; HttpOnly");
+    }
+    
+    @Test
+    public void testAddInValidCookie(){
+        HttpServletResponse servResp = new MockHttpServletResponse();
+        servResp = spy(servResp);
+        SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
+        SecurityWrapperResponse spyResp = spy(resp);
+        Cookie cookie = new Cookie("Foo", TestUtils.generateStringOfLength(5000));
+        Mockito.doCallRealMethod().when(spyResp).addCookie(cookie);
+        
+        spyResp.addCookie(cookie);
+        verify(servResp, times(0)).addHeader("Set-Cookie", "Foo=" + TestUtils.generateStringOfLength(5000) + "; Secure; HttpOnly");
+    }
+    
+    @Test
+    public void testSendError() throws Exception{
+        HttpServletResponse servResp = new MockHttpServletResponse();
+        servResp = spy(servResp);
+        SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
+        SecurityWrapperResponse spyResp = spy(resp);
+        Mockito.doCallRealMethod().when(spyResp).sendError(200);
+        spyResp.sendError(200);
+        
+        verify(servResp, times(1)).sendError(200, "HTTP error code: 200");;
+    }
+    
+    @Test
+    public void testSendStatus() throws Exception{
+        HttpServletResponse servResp = new MockHttpServletResponse();
+        servResp = spy(servResp);
+        SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
+        SecurityWrapperResponse spyResp = spy(resp);
+        Mockito.doCallRealMethod().when(spyResp).setStatus(200);;
+        spyResp.setStatus(200);
+        
+        verify(servResp, times(1)).setStatus(200);;
+    }
+    
+    @Test
+    public void testSendStatusWithString() throws Exception{
+        HttpServletResponse servResp = new MockHttpServletResponse();
+        servResp = spy(servResp);
+        SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
+        SecurityWrapperResponse spyResp = spy(resp);
+        Mockito.doCallRealMethod().when(spyResp).setStatus(200, "foo");;
+        spyResp.setStatus(200, "foo");
+        
+        verify(servResp, times(1)).sendError(200, "foo");;
+    }
 }
diff --git a/src/test/java/org/owasp/esapi/reference/EncoderTest.java b/src/test/java/org/owasp/esapi/reference/EncoderTest.java
index c62a09b20..502094001 100644
--- a/src/test/java/org/owasp/esapi/reference/EncoderTest.java
+++ b/src/test/java/org/owasp/esapi/reference/EncoderTest.java
@@ -870,6 +870,20 @@ public void testGetCanonicalizedUri() throws Exception {
     	
     }
     
+    public void testGetCanonicalizedUriPiazza() throws Exception {
+    	Encoder e = ESAPI.encoder();
+    	
+    	String expectedUri = "http://127.0.0.1:3000/campaigns?goal=all&section=active&sort-by=-id&status=Draft,Launched";
+    	//Please note that section 3.2.1 of RFC-3986 explicitly states not to encode
+    	//password information as in http://palpatine:password@foo.com, and this will
+    	//not appear in the userinfo field.  
+    	String input = "http://127.0.0.1:3000/campaigns?goal=all&section=active&sort-by=-id&status=Draft%2CLaunched";
+    	URI uri = new URI(input);
+    	System.out.println(uri.toString());
+    	assertEquals(expectedUri, e.getCanonicalizedURI(uri));
+    	
+    }
+    	
     public void testGetCanonicalizedUriWithMailto() throws Exception {
     	Encoder e = ESAPI.encoder();
     	
@@ -903,5 +917,6 @@ public void testHtmlDecodeHexEntititesSurrogatePair()
         assertEquals( expected, htmlCodec.decode("&#194564;") );
         assertEquals( expected, htmlCodec.decode("&#x2f804;") );
     }
+    
 }
 
diff --git a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
index d342a470e..ad48ef53b 100644
--- a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
+++ b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
@@ -333,7 +333,7 @@ public void testIsValidDirectoryPath() throws IOException {
 
             // Unix specific paths should not pass
             assertFalse(instance.isValidDirectoryPath("test", "/tmp", parent, false));      // Unix Temporary directory
-            assertFalse(instance.isValidDirectoryPath("test", "/bin/sh", parent, false));   // Unix Standard shell
+            assertFalse(instance.isValidDirectoryPath("test", "/etc", parent, false));   // Unix Standard shell
             assertFalse(instance.isValidDirectoryPath("test", "/etc/config", parent, false));
 
             // Unix specific paths that should not exist or work
@@ -381,7 +381,7 @@ public void testIsValidDirectoryPath() throws IOException {
 
             // Unix specific paths should pass
             assertTrue(instance.isValidDirectoryPath("test", "/", parent, false));         // Root directory
-            assertTrue(instance.isValidDirectoryPath("test", "/bin", parent, false));      // Always exist directory
+            assertTrue(instance.isValidDirectoryPath("test", "/etc", parent, false));      // Always exist directory
 
             // Unix specific paths that should not exist or work
             assertFalse(instance.isValidDirectoryPath("test", "/bin/sh", parent, false));   // Standard shell, not dir

From ddfa6ce8de58920cde63eca10f51e57a1fd61e32 Mon Sep 17 00:00:00 2001
From: "Kevin W. Wall" <kevin.w.wall@gmail.com>
Date: Sun, 13 Oct 2019 19:19:43 -0400
Subject: [PATCH 595/812] Fix README.md to correct email subscription links

Had ESAPI subscription links to ESAPI-Users and ESAPI-Dev lists backwards.
Close #523
---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index e8780a7a9..e6701c280 100644
--- a/README.md
+++ b/README.md
@@ -68,7 +68,7 @@ Webchat http://webchat.freenode.net/
 *Mailing lists:*
 As of 2019-03-25, ESAPI's 2 mailing lists were officially moved OFF of their Mailman mailing lists to a new home on Google Groups.
 
-The names of the 2 Google Groups are "[esapi-project-users](mailto:esapi-project-users@owasp.org)" and "[esapi-project-dev](mailto:esapi-project-dev@owasp.org)", which you may POST to _after_ you subscribe to them via "[Subscribe to ESAPI Users list](https://groups.google.com/a/owasp.org/forum/#!forum/esapi-project-dev/join)" and "[Subscribe to ESAPI Developers list](https://groups.google.com/a/owasp.org/forum/#!forum/esapi-project-users/join)" respectively.
+The names of the 2 Google Groups are "[esapi-project-users](mailto:esapi-project-users@owasp.org)" and "[esapi-project-dev](mailto:esapi-project-dev@owasp.org)", which you may POST to _after_ you subscribe to them via "[Subscribe to ESAPI Users list](https://groups.google.com/a/owasp.org/forum/#!forum/esapi-project-users/join)" and "[Subscribe to ESAPI Developers list](https://groups.google.com/a/owasp.org/forum/#!forum/esapi-project-dev/join)" respectively.
 
 Old archives for the old Mailman mailing lists for ESAPI-Users and ESAPI-Dev are still available at https://lists.owasp.org/pipermail/esapi-users/ and https://lists.owasp.org/pipermail/esapi-dev/ respectively.
 

From 4a87d5692ebf9dfd23015f82e801c35c0725f554 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Fri, 6 Dec 2019 19:43:00 -0600
Subject: [PATCH 596/812] Initial Log Prefix Impl

Using the Supplier interface to construct the three different components
for the EventType, user/client info, and server/app info.  Introducing the
'LogAppender' interface which will allow the slf4j implementation to
leverage the prefix behavior through configuration during factory
initialization.

Unit tests have not been created or updated as of yet.
---
 .../logging/appender/ClientInfoSupplier.java  | 50 +++++++++++++++++++
 .../appender/EventTypeLogSupplier.java        | 20 ++++++++
 .../esapi/logging/appender/LogAppender.java   | 28 +++++++++++
 .../logging/appender/LogPrefixAppender.java   | 32 ++++++++++++
 .../logging/appender/ServerInfoSupplier.java  | 47 +++++++++++++++++
 .../logging/slf4j/Slf4JLogBridgeImpl.java     | 10 +++-
 .../esapi/logging/slf4j/Slf4JLogFactory.java  | 16 +++++-
 7 files changed, 200 insertions(+), 3 deletions(-)
 create mode 100644 src/main/java/org/owasp/esapi/logging/appender/ClientInfoSupplier.java
 create mode 100644 src/main/java/org/owasp/esapi/logging/appender/EventTypeLogSupplier.java
 create mode 100644 src/main/java/org/owasp/esapi/logging/appender/LogAppender.java
 create mode 100644 src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java
 create mode 100644 src/main/java/org/owasp/esapi/logging/appender/ServerInfoSupplier.java

diff --git a/src/main/java/org/owasp/esapi/logging/appender/ClientInfoSupplier.java b/src/main/java/org/owasp/esapi/logging/appender/ClientInfoSupplier.java
new file mode 100644
index 000000000..df1ae28a7
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/logging/appender/ClientInfoSupplier.java
@@ -0,0 +1,50 @@
+package org.owasp.esapi.logging.appender;
+
+import java.util.function.Supplier;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.User;
+
+public class ClientInfoSupplier implements Supplier <String> {
+	private static final String ESAPI_SESSION_ATTR = "ESAPI_SESSION";
+	private static final int ESAPI_SESSION_RAND_MIN = 0;
+	private static final int ESAPI_SESSION_RAND_MAX = 1000000;
+
+	private static final String USER_INFO_FORMAT = "%s:%s@%s";
+
+	private boolean logUserInfo = true;
+
+	@Override
+	public String get() {
+		String userInfo = "";
+		// log user information - username:session@ipaddr
+		User user = ESAPI.authenticator().getCurrentUser();
+		if (logUserInfo && user != null) {
+			HttpServletRequest request = ESAPI.currentRequest();
+			// create a random session number for the user to represent the user's 'session', if it doesn't exist already
+			String sid = "";
+			if (request != null) {
+				HttpSession session = request.getSession(false);
+				if (session != null) {
+					sid = (String) session.getAttribute(ESAPI_SESSION_ATTR);
+					// if there is no session ID for the user yet, we create one and store it in the user's session
+					if (sid == null) {
+						sid = "" + ESAPI.randomizer().getRandomInteger(ESAPI_SESSION_RAND_MIN, ESAPI_SESSION_RAND_MAX);
+						session.setAttribute(ESAPI_SESSION_ATTR, sid);
+					}
+				}
+			}
+
+			userInfo = String.format(USER_INFO_FORMAT, user.getAccountName(), sid, user.getLastHostAddress());
+		}
+		return userInfo;
+	}
+
+	public void setLogUserInfo(boolean log) {
+		this.logUserInfo = log;
+	}
+
+}
diff --git a/src/main/java/org/owasp/esapi/logging/appender/EventTypeLogSupplier.java b/src/main/java/org/owasp/esapi/logging/appender/EventTypeLogSupplier.java
new file mode 100644
index 000000000..db6dec3dd
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/logging/appender/EventTypeLogSupplier.java
@@ -0,0 +1,20 @@
+package org.owasp.esapi.logging.appender;
+
+import java.util.function.Supplier;
+
+import org.owasp.esapi.Logger.EventType;
+
+public class EventTypeLogSupplier implements Supplier<String> {
+
+	private final EventType eventType;
+	
+	public EventTypeLogSupplier(EventType evtyp) {
+		this.eventType = evtyp;
+	}
+
+	@Override
+	public String get() {
+		return eventType.toString();
+	}
+
+}
diff --git a/src/main/java/org/owasp/esapi/logging/appender/LogAppender.java b/src/main/java/org/owasp/esapi/logging/appender/LogAppender.java
new file mode 100644
index 000000000..b5887b38b
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/logging/appender/LogAppender.java
@@ -0,0 +1,28 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @created 2018
+ */
+
+package org.owasp.esapi.logging.appender;
+
+import org.owasp.esapi.Logger.EventType;
+
+/**
+ * Contract interface for cleaning log message output.
+ *
+ */
+public interface LogAppender {
+
+	public String appendTo(String logName, EventType eventType, String message);
+
+}
diff --git a/src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java b/src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java
new file mode 100644
index 000000000..26599dbd8
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java
@@ -0,0 +1,32 @@
+package org.owasp.esapi.logging.appender;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Logger.EventType;
+import org.owasp.esapi.reference.DefaultSecurityConfiguration;
+
+public class LogPrefixAppender implements LogAppender {
+	private final String RESULT_FORMAT="[%s %s -> %s] %s";
+	
+	@Override
+	public String appendTo(String logName, EventType eventType, String message) {
+		boolean logClientInfo = true;
+		boolean logApplicationName = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_APPLICATION_NAME);
+		String appName = ESAPI.securityConfiguration().getStringProp(DefaultSecurityConfiguration.APPLICATION_NAME);
+		boolean logServerIp = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_SERVER_IP);
+		
+		EventTypeLogSupplier eventTypeSupplier = new EventTypeLogSupplier(eventType);
+		
+		ClientInfoSupplier clientInfoSupplier = new ClientInfoSupplier();
+		clientInfoSupplier.setLogUserInfo(logClientInfo);
+		
+		ServerInfoSupplier serverInfoSupplier = new ServerInfoSupplier(logName);
+		serverInfoSupplier.setLogServerIp(logServerIp);
+		serverInfoSupplier.setLogApplicationName(logApplicationName, appName);
+
+		String eventTypeMsg = eventTypeSupplier.get();
+		String clientInfoMsg = clientInfoSupplier.get();
+		String serverInfoMsg = serverInfoSupplier.get();
+		
+		return String.format(RESULT_FORMAT, eventTypeMsg, clientInfoMsg,serverInfoMsg, message);
+	}
+}
diff --git a/src/main/java/org/owasp/esapi/logging/appender/ServerInfoSupplier.java b/src/main/java/org/owasp/esapi/logging/appender/ServerInfoSupplier.java
new file mode 100644
index 000000000..477e70699
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/logging/appender/ServerInfoSupplier.java
@@ -0,0 +1,47 @@
+package org.owasp.esapi.logging.appender;
+
+import java.util.function.Supplier;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.owasp.esapi.ESAPI;
+
+public class ServerInfoSupplier implements Supplier <String> {
+	private boolean logServerIP = true;
+	private boolean logAppName = true;
+	private String applicationName = "";
+
+	private final String logName;
+
+	public ServerInfoSupplier(String logName) {
+		this.logName = logName;
+	}
+
+	@Override
+	public String get() {
+		// log server, port, app name, module name -- server:80/app/module
+		StringBuilder appInfo = new StringBuilder();
+		HttpServletRequest request = ESAPI.currentRequest();
+		if (request != null && logServerIP) {
+			appInfo.append(request.getLocalAddr()).append(":").append(request.getLocalPort());
+		}
+		if (logAppName) {
+			appInfo.append("/").append(applicationName);
+		}
+		appInfo.append("/").append(logName);
+
+		return appInfo.toString();
+	}
+	
+	public void setLogServerIp(boolean log) {
+		this.logServerIP = log;
+	}
+	
+	public void setLogApplicationName (boolean log, String appName) {
+		this.logAppName = log;
+		this.applicationName = appName;
+	}
+	
+	
+
+}
diff --git a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridgeImpl.java b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridgeImpl.java
index 92aa347f7..76c1c6845 100644
--- a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridgeImpl.java
+++ b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridgeImpl.java
@@ -19,6 +19,7 @@
 import java.util.Map;
 
 import org.owasp.esapi.Logger.EventType;
+import org.owasp.esapi.logging.appender.LogAppender;
 import org.owasp.esapi.logging.cleaning.LogScrubber;
 import org.slf4j.IMarkerFactory;
 import org.slf4j.Logger;
@@ -36,16 +37,19 @@ public class Slf4JLogBridgeImpl implements Slf4JLogBridge {
     private final Map<Integer,Slf4JLogLevelHandler> esapiSlfLevelMap;
     /** Cleaner used for log content.*/
     private final LogScrubber scrubber;
+    /** Appender used for assembling default message content for all logs.*/
+    private final LogAppender appender;
     
     /**
      * Constructor.
      * @param logScrubber  Log message cleaner.
      * @param esapiSlfHandlerMap Map identifying ESAPI -> SLF4J log level associations.
      */
-    public Slf4JLogBridgeImpl(LogScrubber logScrubber, Map<Integer, Slf4JLogLevelHandler> esapiSlfHandlerMap) {
+    public Slf4JLogBridgeImpl(LogAppender messageAppender, LogScrubber logScrubber, Map<Integer, Slf4JLogLevelHandler> esapiSlfHandlerMap) {
         //Defensive copy to prevent external mutations.
         this.esapiSlfLevelMap = new HashMap<>(esapiSlfHandlerMap);
         this.scrubber = logScrubber;
+        this.appender = messageAppender;
     }
     @Override
     public void log(Logger logger, int esapiLevel, EventType type, String message) {
@@ -66,8 +70,10 @@ public void log(Logger logger, int esapiLevel, EventType type, String message, T
             throw new IllegalArgumentException("Unable to lookup SLF4J level mapping for esapi value of " + esapiLevel);
         }
         if (handler.isEnabled(logger)) {
+        	String fullMessage = appender.appendTo(logger.getName(), type, message);
+            String cleanString = scrubber.cleanMessage(fullMessage);
+
             Marker typeMarker = MARKER_FACTORY.getMarker(type.toString());
-            String cleanString = scrubber.cleanMessage(message);
             handler.log(logger, typeMarker, cleanString, throwable);
         }
     }
diff --git a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java
index bda561f18..d29a771d7 100644
--- a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java
+++ b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java
@@ -23,6 +23,8 @@
 import org.owasp.esapi.LogFactory;
 import org.owasp.esapi.Logger;
 import org.owasp.esapi.codecs.HTMLEntityCodec;
+import org.owasp.esapi.logging.appender.LogAppender;
+import org.owasp.esapi.logging.appender.LogPrefixAppender;
 import org.owasp.esapi.logging.cleaning.CodecLogScrubber;
 import org.owasp.esapi.logging.cleaning.CompositeLogScrubber;
 import org.owasp.esapi.logging.cleaning.LogScrubber;
@@ -44,6 +46,8 @@ public class Slf4JLogFactory implements LogFactory {
     private static final char[] IMMUNE_SLF4J_HTML = {',', '.', '-', '_', ' ',BACKSLASH, OPEN_SLF_FORMAT, CLOSE_SLF_FORMAT };
     /** Codec being used to clean messages for logging.*/
     private static final HTMLEntityCodec HTML_CODEC = new HTMLEntityCodec();
+    /** Log appender instance.*/
+    private static LogAppender SLF4J_LOG_APPENDER;
     /** Log cleaner instance.*/
     private static LogScrubber SLF4J_LOG_SCRUBBER;
     /** Bridge class for mapping esapi -> slf4j log levels.*/
@@ -52,6 +56,7 @@ public class Slf4JLogFactory implements LogFactory {
     static {
         boolean encodeLog = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_ENCODING_REQUIRED);
         SLF4J_LOG_SCRUBBER = createLogScrubber(encodeLog);
+        SLF4J_LOG_APPENDER = createLogAppender();
         
         Map<Integer, Slf4JLogLevelHandler> levelLookup = new HashMap<>();
         levelLookup.put(Logger.ALL, Slf4JLogLevelHandlers.TRACE);
@@ -63,7 +68,7 @@ public class Slf4JLogFactory implements LogFactory {
         levelLookup.put(Logger.FATAL, Slf4JLogLevelHandlers.ERROR);
         //LEVEL.OFF not used.  If it's off why would we try to log it?
         
-        LOG_BRIDGE = new Slf4JLogBridgeImpl(SLF4J_LOG_SCRUBBER, levelLookup);
+        LOG_BRIDGE = new Slf4JLogBridgeImpl(SLF4J_LOG_APPENDER, SLF4J_LOG_SCRUBBER, levelLookup);
     }
     
     /**
@@ -83,6 +88,15 @@ public class Slf4JLogFactory implements LogFactory {
         
     }
     
+    /**
+     * Populates the default log appender for use in factory-created loggers.
+     * 
+     * @return LogAppender instance.
+     */
+    /*package*/ static LogAppender createLogAppender() {
+       return new LogPrefixAppender();        
+    }
+    
     
     @Override
     public Logger getLogger(String moduleName) {

From 9a00056c2ff6e7a4033bda65ff119ea191566656 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sat, 7 Dec 2019 05:00:51 -0600
Subject: [PATCH 597/812] Issue_530 SLF4J Log Bridge Tests

Updating tests for SLF4J Log Bridge to account for appender API addition.
Updating implementation to ensure appender is used consistently across
invocations.
---
 .../logging/slf4j/Slf4JLogBridgeImpl.java     |  4 +-
 .../logging/slf4j/Slf4JLogBridgeImplTest.java | 67 +++++++++++++------
 2 files changed, 50 insertions(+), 21 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridgeImpl.java b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridgeImpl.java
index 76c1c6845..79e13dc7b 100644
--- a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridgeImpl.java
+++ b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridgeImpl.java
@@ -58,8 +58,10 @@ public void log(Logger logger, int esapiLevel, EventType type, String message) {
             throw new IllegalArgumentException("Unable to lookup SLF4J level mapping for esapi value of " + esapiLevel);
         }
         if (handler.isEnabled(logger)) {
+        	String fullMessage = appender.appendTo(logger.getName(), type, message);
+            String cleanString = scrubber.cleanMessage(fullMessage);
+            
             Marker typeMarker = MARKER_FACTORY.getMarker(type.toString());
-            String cleanString = scrubber.cleanMessage(message);
             handler.log(logger, typeMarker, cleanString);
         }
     }
diff --git a/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridgeImplTest.java b/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridgeImplTest.java
index 4b8380c4b..f9586a85a 100644
--- a/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridgeImplTest.java
+++ b/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogBridgeImplTest.java
@@ -28,6 +28,8 @@
 import org.mockito.ArgumentMatchers;
 import org.mockito.Mockito;
 import org.owasp.esapi.Logger;
+import org.owasp.esapi.Logger.EventType;
+import org.owasp.esapi.logging.appender.LogAppender;
 import org.owasp.esapi.logging.cleaning.LogScrubber;
 import org.slf4j.Marker;
 
@@ -39,6 +41,7 @@ public class Slf4JLogBridgeImplTest {
     public ExpectedException exEx = ExpectedException.none();
 
     private LogScrubber mockScrubber = Mockito.mock(LogScrubber.class);
+    private LogAppender mockAppender = Mockito.mock(LogAppender.class);
     private Slf4JLogLevelHandler mockHandler = Mockito.mock(Slf4JLogLevelHandler.class);
     private org.slf4j.Logger mockSlf4JLogger = Mockito.mock(org.slf4j.Logger.class);
     private Throwable testEx = new Throwable(testName.getMethodName());
@@ -49,7 +52,7 @@ public void setup() {
         Map<Integer, Slf4JLogLevelHandler> levelLookup = new HashMap<>();
         levelLookup.put(Logger.ALL, mockHandler);
 
-        bridge = new Slf4JLogBridgeImpl(mockScrubber, levelLookup);
+        bridge = new Slf4JLogBridgeImpl(mockAppender, mockScrubber, levelLookup);
     }
 
     @Test
@@ -57,7 +60,7 @@ public void testLogMessageWithUnmappedEsapiLevelThrowsException() {
         exEx.expect(IllegalArgumentException.class);
         exEx.expectMessage("Unable to lookup SLF4J level mapping");
         Map<Integer, Slf4JLogLevelHandler> emptyMap = Collections.emptyMap();
-        new Slf4JLogBridgeImpl(mockScrubber, emptyMap).log(mockSlf4JLogger, 0, Logger.EVENT_UNSPECIFIED, "This Should fail");
+        new Slf4JLogBridgeImpl(mockAppender, mockScrubber, emptyMap).log(mockSlf4JLogger, 0, Logger.EVENT_UNSPECIFIED, "This Should fail");
     }
     
     @Test
@@ -65,44 +68,68 @@ public void testLogMessageAndExceptionWithUnmappedEsapiLevelThrowsException() {
         exEx.expect(IllegalArgumentException.class);
         exEx.expectMessage("Unable to lookup SLF4J level mapping");
         Map<Integer, Slf4JLogLevelHandler> emptyMap = Collections.emptyMap();
-        new Slf4JLogBridgeImpl(mockScrubber, emptyMap).log(mockSlf4JLogger, 0, Logger.EVENT_UNSPECIFIED, "This Should fail", testEx);
+        new Slf4JLogBridgeImpl(mockAppender, mockScrubber, emptyMap).log(mockSlf4JLogger, 0, Logger.EVENT_UNSPECIFIED, "This Should fail", testEx);
     }
     
     @Test
     public void testLogMessage() {
-        String message = testName.getMethodName() + " Cleaned";
-
+    	EventType eventType = Logger.EVENT_UNSPECIFIED;
+    	String loggerName = testName.getMethodName() + "-LOGGER";
+    	String orignMsg = testName.getMethodName();
+    	String appendMsg = "[APPEND] " + orignMsg;
+        String cleanMsg = appendMsg + " [CLEANED]";
+
+        //Setup for Appender
+        Mockito.when(mockSlf4JLogger.getName()).thenReturn(loggerName);
+        Mockito.when(mockAppender.appendTo(loggerName, eventType, orignMsg)).thenReturn(appendMsg);
+        //Setup for Scrubber
+        Mockito.when(mockScrubber.cleanMessage(appendMsg)).thenReturn(cleanMsg);
+        //Setup for Delegate Handler
+        ArgumentCaptor<Marker> markerCapture = ArgumentCaptor.forClass(Marker.class);
         Mockito.when(mockHandler.isEnabled(mockSlf4JLogger)).thenReturn(true);
-        Mockito.when(mockScrubber.cleanMessage(testName.getMethodName())).thenReturn(message);
 
-        bridge.log(mockSlf4JLogger, Logger.ALL, Logger.EVENT_UNSPECIFIED, testName.getMethodName());
+        bridge.log(mockSlf4JLogger, Logger.ALL, eventType, testName.getMethodName());
 
-        ArgumentCaptor<Marker> markerCapture = ArgumentCaptor.forClass(Marker.class);
-        Mockito.verify(mockScrubber, Mockito.times(1)).cleanMessage(testName.getMethodName());
+        Mockito.verify(mockSlf4JLogger, Mockito.atLeastOnce()).getName();
+        Mockito.verify(mockAppender, Mockito.times(1)).appendTo(loggerName, eventType, testName.getMethodName());
+        Mockito.verify(mockScrubber, Mockito.times(1)).cleanMessage(appendMsg);
         Mockito.verify(mockHandler, Mockito.times(1)).isEnabled(mockSlf4JLogger);
         Mockito.verify(mockHandler, Mockito.times(0)).log(ArgumentMatchers.any(org.slf4j.Logger.class), ArgumentMatchers.any(Marker.class), ArgumentMatchers.any(String.class), ArgumentMatchers.any(Throwable.class));
-        Mockito.verify(mockHandler, Mockito.times(1)).log(ArgumentMatchers.same(mockSlf4JLogger), markerCapture.capture(), ArgumentMatchers.matches(message));
-
+        Mockito.verify(mockHandler, Mockito.times(1)).log(ArgumentMatchers.same(mockSlf4JLogger), markerCapture.capture(), ArgumentMatchers.eq(cleanMsg));
+     
         Assert.assertEquals(Logger.EVENT_UNSPECIFIED.toString(), markerCapture.getValue().getName());
+        Mockito.verifyNoMoreInteractions(mockSlf4JLogger, mockAppender, mockScrubber,mockHandler);
     }
 
     @Test
     public void testLogErrorMessageWithException() {
-        String message = testName.getMethodName() + " Cleaned";
-
+    	EventType eventType = Logger.EVENT_UNSPECIFIED;
+    	String loggerName = testName.getMethodName() + "-LOGGER";
+    	String orignMsg = testName.getMethodName();
+    	String appendMsg = "[APPEND] " + orignMsg;
+        String cleanMsg = appendMsg + " [CLEANED]";
+
+        //Setup for Appender
+        Mockito.when(mockSlf4JLogger.getName()).thenReturn(loggerName);
+        Mockito.when(mockAppender.appendTo(loggerName, eventType, orignMsg)).thenReturn(appendMsg);
+        //Setup for Scrubber
+        Mockito.when(mockScrubber.cleanMessage(appendMsg)).thenReturn(cleanMsg);
+        //Setup for Delegate Handler
+        ArgumentCaptor<Marker> markerCapture = ArgumentCaptor.forClass(Marker.class);
         Mockito.when(mockHandler.isEnabled(mockSlf4JLogger)).thenReturn(true);
-        Mockito.when(mockScrubber.cleanMessage(testName.getMethodName())).thenReturn(message);
 
-        bridge.log(mockSlf4JLogger, Logger.ALL, Logger.EVENT_UNSPECIFIED, testName.getMethodName(), testEx);
+        bridge.log(mockSlf4JLogger, Logger.ALL, eventType, testName.getMethodName(), testEx);
 
-        ArgumentCaptor<Marker> markerCapture = ArgumentCaptor.forClass(Marker.class);
-        Mockito.verify(mockScrubber, Mockito.times(1)).cleanMessage(testName.getMethodName());
+        Mockito.verify(mockSlf4JLogger, Mockito.atLeastOnce()).getName();
+        Mockito.verify(mockAppender, Mockito.times(1)).appendTo(loggerName, eventType, testName.getMethodName());
+        Mockito.verify(mockScrubber, Mockito.times(1)).cleanMessage(appendMsg);
         Mockito.verify(mockHandler, Mockito.times(1)).isEnabled(mockSlf4JLogger);
         Mockito.verify(mockHandler, Mockito.times(0)).log(ArgumentMatchers.any(org.slf4j.Logger.class), ArgumentMatchers.any(Marker.class), ArgumentMatchers.any(String.class));
 
-        Mockito.verify(mockHandler, Mockito.times(1)).log(ArgumentMatchers.same(mockSlf4JLogger), markerCapture.capture(), ArgumentMatchers.matches(message), ArgumentMatchers.same(testEx));
-
-        Assert.assertEquals(Logger.EVENT_UNSPECIFIED.toString(), markerCapture.getValue().getName());   
+        Mockito.verify(mockHandler, Mockito.times(1)).log(ArgumentMatchers.same(mockSlf4JLogger), markerCapture.capture(), ArgumentMatchers.eq(cleanMsg), ArgumentMatchers.same(testEx));
+     
+        Assert.assertEquals(Logger.EVENT_UNSPECIFIED.toString(), markerCapture.getValue().getName());
+        Mockito.verifyNoMoreInteractions(mockSlf4JLogger, mockAppender, mockScrubber,mockHandler);
     }
 
 

From b1c2a0ab07d785f6e1e17f0472a4f17623f135c3 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sat, 7 Dec 2019 05:21:48 -0600
Subject: [PATCH 598/812] Slf4JLogFactory Test Updates & Fnctl changes

The constructor of the LogPrefixAppender was updated to keep
the interaction with the ESAPI properties consistent between the
Log Appender and the Log Scrubber.  Now all property lookups are held
exclusively in static block of the SLF4JLogFactory and passed into the
implementation.

Slf4JLogFactoryTests updated to account for API updates.
---
 .../logging/appender/LogPrefixAppender.java   | 19 +++++++----
 .../esapi/logging/slf4j/Slf4JLogFactory.java  | 15 ++++++--
 .../logging/slf4j/Slf4JLogFactoryTest.java    | 34 +++++++++++++++++++
 3 files changed, 58 insertions(+), 10 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java b/src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java
index 26599dbd8..fc2e0b644 100644
--- a/src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java
+++ b/src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java
@@ -1,19 +1,24 @@
 package org.owasp.esapi.logging.appender;
 
-import org.owasp.esapi.ESAPI;
 import org.owasp.esapi.Logger.EventType;
-import org.owasp.esapi.reference.DefaultSecurityConfiguration;
 
 public class LogPrefixAppender implements LogAppender {
 	private final String RESULT_FORMAT="[%s %s -> %s] %s";
 	
+	private final boolean logClientInfo;
+	private final boolean logServerIp;
+	private final boolean logApplicationName;
+	private final String appName;
+	
+	public LogPrefixAppender(boolean logClientInfo, boolean logServerIp, boolean logApplicationName, String appName) {
+		this.logClientInfo = logClientInfo;
+		this.logServerIp = logServerIp;
+		this.logApplicationName = logApplicationName;
+		this.appName = appName;
+	}
+	
 	@Override
 	public String appendTo(String logName, EventType eventType, String message) {
-		boolean logClientInfo = true;
-		boolean logApplicationName = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_APPLICATION_NAME);
-		String appName = ESAPI.securityConfiguration().getStringProp(DefaultSecurityConfiguration.APPLICATION_NAME);
-		boolean logServerIp = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_SERVER_IP);
-		
 		EventTypeLogSupplier eventTypeSupplier = new EventTypeLogSupplier(eventType);
 		
 		ClientInfoSupplier clientInfoSupplier = new ClientInfoSupplier();
diff --git a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java
index d29a771d7..ce91a61ea 100644
--- a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java
+++ b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java
@@ -56,7 +56,12 @@ public class Slf4JLogFactory implements LogFactory {
     static {
         boolean encodeLog = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_ENCODING_REQUIRED);
         SLF4J_LOG_SCRUBBER = createLogScrubber(encodeLog);
-        SLF4J_LOG_APPENDER = createLogAppender();
+        
+    	boolean logClientInfo = true;
+		boolean logApplicationName = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_APPLICATION_NAME);
+		String appName = ESAPI.securityConfiguration().getStringProp(DefaultSecurityConfiguration.APPLICATION_NAME);
+		boolean logServerIp = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_SERVER_IP);
+        SLF4J_LOG_APPENDER = createLogAppender(logClientInfo, logServerIp, logApplicationName, appName);
         
         Map<Integer, Slf4JLogLevelHandler> levelLookup = new HashMap<>();
         levelLookup.put(Logger.ALL, Slf4JLogLevelHandlers.TRACE);
@@ -90,11 +95,15 @@ public class Slf4JLogFactory implements LogFactory {
     
     /**
      * Populates the default log appender for use in factory-created loggers.
+     * @param appName 
+     * @param logApplicationName 
+     * @param logServerIp 
+     * @param logClientInfo 
      * 
      * @return LogAppender instance.
      */
-    /*package*/ static LogAppender createLogAppender() {
-       return new LogPrefixAppender();        
+    /*package*/ static LogAppender createLogAppender(boolean logClientInfo, boolean logServerIp, boolean logApplicationName, String appName) {
+       return new LogPrefixAppender(logClientInfo, logServerIp, logApplicationName, appName);       
     }
     
     
diff --git a/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactoryTest.java b/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactoryTest.java
index a74cf17a5..6b4c8f972 100644
--- a/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactoryTest.java
+++ b/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactoryTest.java
@@ -17,10 +17,14 @@
 import java.util.List;
 
 import org.junit.Assert;
+import org.junit.Rule;
 import org.junit.Test;
+import org.junit.rules.TestName;
 import org.junit.runner.RunWith;
 import org.mockito.ArgumentCaptor;
 import org.owasp.esapi.Logger;
+import org.owasp.esapi.logging.appender.LogAppender;
+import org.owasp.esapi.logging.appender.LogPrefixAppender;
 import org.owasp.esapi.logging.cleaning.CodecLogScrubber;
 import org.owasp.esapi.logging.cleaning.CompositeLogScrubber;
 import org.owasp.esapi.logging.cleaning.LogScrubber;
@@ -32,6 +36,9 @@
 @RunWith(PowerMockRunner.class)
 @PrepareForTest (Slf4JLogFactory.class)
 public class Slf4JLogFactoryTest {
+	@Rule
+    public TestName testName = new TestName();
+	
     @Test
     public void testCreateLoggerByString() {
         Logger logger = new Slf4JLogFactory().getLogger("test");
@@ -69,4 +76,31 @@ public void checkScrubberWithoutEncoding() throws Exception {
         Assert.assertEquals(1, scrubbers.size());
         Assert.assertTrue(scrubbers.get(0) instanceof NewlineLogScrubber);
     }
+    
+    /**
+	 * At this time there are no special considerations or handling for the appender
+	 * creation in this scope. It is expected that the arguments to the internal
+	 * creation method are passed directly to the constructor of the
+	 * LogPrefixAppender with no mutation or additional validation.
+	 */
+    @Test
+    public void checkPassthroughAppenderConstruct() throws Exception {
+    	LogPrefixAppender stubAppender = new LogPrefixAppender(true, true, true, "");
+    	ArgumentCaptor<Boolean> clientInfoCapture = ArgumentCaptor.forClass(Boolean.class);
+    	ArgumentCaptor<Boolean> serverInfoCapture = ArgumentCaptor.forClass(Boolean.class);
+    	ArgumentCaptor<Boolean> logAppNameCapture = ArgumentCaptor.forClass(Boolean.class);
+    	ArgumentCaptor<String> appNameCapture = ArgumentCaptor.forClass(String.class);
+    	
+    	PowerMockito.whenNew(LogPrefixAppender.class).withArguments(clientInfoCapture.capture(), serverInfoCapture.capture(), logAppNameCapture.capture(), appNameCapture.capture()).thenReturn(stubAppender);
+    	
+    	LogAppender appender = Slf4JLogFactory.createLogAppender(true, false, true, testName.getMethodName());
+    	
+    	Assert.assertEquals(stubAppender, appender);
+    	Assert.assertTrue(clientInfoCapture.getValue());
+    	Assert.assertFalse(serverInfoCapture.getValue());
+    	Assert.assertTrue(logAppNameCapture.getValue());
+    	Assert.assertEquals(testName.getMethodName(), appNameCapture.getValue());    	
+    }
+    
+   
 }

From 037126cddcc1264525c7ce968d1eb50805452cd8 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sat, 7 Dec 2019 05:28:44 -0600
Subject: [PATCH 599/812] EventTypeLogSupplier Tests

Simple test to verify return String is the expected value
---
 .../appender/EventTypeLogSupplierTest.java       | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 src/test/java/org/owasp/esapi/logging/appender/EventTypeLogSupplierTest.java

diff --git a/src/test/java/org/owasp/esapi/logging/appender/EventTypeLogSupplierTest.java b/src/test/java/org/owasp/esapi/logging/appender/EventTypeLogSupplierTest.java
new file mode 100644
index 000000000..fa2250405
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/logging/appender/EventTypeLogSupplierTest.java
@@ -0,0 +1,16 @@
+package org.owasp.esapi.logging.appender;
+
+import org.junit.Test;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.Logger.EventType;
+
+public class EventTypeLogSupplierTest {
+
+	@Test
+	public void testEventTypeLog() {
+		EventType eventType = Logger.EVENT_UNSPECIFIED;
+		EventTypeLogSupplier supplier = new EventTypeLogSupplier(eventType);
+		
+		org.junit.Assert.assertEquals(eventType.toString(), supplier.get());
+	}
+}

From 3a696dcb3797a1cafa62d991373c4c69e198e062 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sat, 7 Dec 2019 05:30:43 -0600
Subject: [PATCH 600/812] EventTypeLogSupplier Documentation

Updating javadoc
---
 .../logging/appender/EventTypeLogSupplier.java    | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/logging/appender/EventTypeLogSupplier.java b/src/main/java/org/owasp/esapi/logging/appender/EventTypeLogSupplier.java
index db6dec3dd..9ff99ce35 100644
--- a/src/main/java/org/owasp/esapi/logging/appender/EventTypeLogSupplier.java
+++ b/src/main/java/org/owasp/esapi/logging/appender/EventTypeLogSupplier.java
@@ -4,10 +4,20 @@
 
 import org.owasp.esapi.Logger.EventType;
 
+/**
+ * Supplier implementation which returns a consistent String representation of
+ * an EventType for logging
+ *
+ */
 public class EventTypeLogSupplier implements Supplier<String> {
-
+	/** EventType reference to supply log representation of. */
 	private final EventType eventType;
-	
+
+	/**
+	 * Ctr
+	 * 
+	 * @param evtyp EventType reference to supply log representation for
+	 */
 	public EventTypeLogSupplier(EventType evtyp) {
 		this.eventType = evtyp;
 	}
@@ -16,5 +26,4 @@ public EventTypeLogSupplier(EventType evtyp) {
 	public String get() {
 		return eventType.toString();
 	}
-
 }

From db9780daa604f18d642937a3f4791a2548e66762 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sat, 7 Dec 2019 06:01:20 -0600
Subject: [PATCH 601/812] LogPrefixAppenderTest Implementation

Implementing 2 base tests to assert that the delegate suppliers for
EventType, Client Info, and Server Info are each constructed in the
expected fashion.

The default format of the LogPrefixAppender is also verified in the
process.
---
 .../appender/LogPrefixAppenderTest.java       | 100 ++++++++++++++++++
 1 file changed, 100 insertions(+)
 create mode 100644 src/test/java/org/owasp/esapi/logging/appender/LogPrefixAppenderTest.java

diff --git a/src/test/java/org/owasp/esapi/logging/appender/LogPrefixAppenderTest.java b/src/test/java/org/owasp/esapi/logging/appender/LogPrefixAppenderTest.java
new file mode 100644
index 000000000..1dd3673fd
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/logging/appender/LogPrefixAppenderTest.java
@@ -0,0 +1,100 @@
+package org.owasp.esapi.logging.appender;
+
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.TestName;
+import org.junit.runner.RunWith;
+import org.mockito.ArgumentCaptor;
+import org.mockito.Mockito;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.Logger.EventType;
+import org.powermock.api.mockito.PowerMockito;
+import org.powermock.core.classloader.annotations.PrepareForTest;
+import org.powermock.modules.junit4.PowerMockRunner;
+
+import org.junit.Assert;
+
+@RunWith(PowerMockRunner.class)
+@PrepareForTest (LogPrefixAppender.class)
+public class LogPrefixAppenderTest {
+	@Rule
+    public TestName testName = new TestName();
+
+	private EventTypeLogSupplier etlsSpy;
+	private String etlsSpyGet = "EVENT_TYPE";
+	
+	private ClientInfoSupplier cisSpy;
+	private String cisSpyGet = "CLIENT_INFO";
+	
+	private ServerInfoSupplier sisSpy;
+	private String sisSpyGet = "SERVER_INFO";
+	
+	@Before
+	public void buildSupplierSpies() {
+		etlsSpy = Mockito.spy(new EventTypeLogSupplier(Logger.EVENT_UNSPECIFIED));
+		cisSpy = Mockito.spy(new ClientInfoSupplier());
+		sisSpy = Mockito.spy(new ServerInfoSupplier(testName.getMethodName()));
+		
+		Mockito.when(etlsSpy.get()).thenReturn(etlsSpyGet);
+		Mockito.when(cisSpy.get()).thenReturn(cisSpyGet);
+		Mockito.when(sisSpy.get()).thenReturn(sisSpyGet);
+	}
+	
+	@Test
+	public void verifyDelegatePassthroughCreation() throws Exception {
+		ArgumentCaptor<EventType> eventTypeCapture = ArgumentCaptor.forClass(EventType.class);
+		ArgumentCaptor<String> logNameCapture = ArgumentCaptor.forClass(String.class);
+		 PowerMockito.whenNew(EventTypeLogSupplier.class).withArguments(eventTypeCapture.capture()).thenReturn(etlsSpy);
+		 PowerMockito.whenNew(ClientInfoSupplier.class).withNoArguments().thenReturn(cisSpy);
+		 PowerMockito.whenNew(ServerInfoSupplier.class).withArguments(logNameCapture.capture()).thenReturn(sisSpy);
+
+		 LogPrefixAppender lpa = new LogPrefixAppender(true, true, true, testName.getMethodName()+"-APPLICATION");
+		 String result = lpa.appendTo( testName.getMethodName()+"-LOGGER", Logger.EVENT_UNSPECIFIED,  testName.getMethodName()+"-MESSAGE");
+		 
+		 //Based on the forced returns in the before block
+		 Assert.assertEquals("[EVENT_TYPE CLIENT_INFO -> SERVER_INFO] "+ testName.getMethodName()+"-MESSAGE", result);
+	     
+		 Assert.assertEquals(Logger.EVENT_UNSPECIFIED, eventTypeCapture.getValue());
+		 Assert.assertEquals(testName.getMethodName()+"-LOGGER",logNameCapture.getValue());
+		 
+		 Mockito.verify(etlsSpy, Mockito.times(1)).get();
+		 Mockito.verify(cisSpy, Mockito.times(1)).get();
+		 Mockito.verify(sisSpy, Mockito.times(1)).get();
+		 
+		 Mockito.verify(cisSpy, Mockito.times(1)).setLogUserInfo(true);
+		 Mockito.verify(sisSpy, Mockito.times(1)).setLogServerIp(true);
+		 Mockito.verify(sisSpy, Mockito.times(1)).setLogApplicationName(true, testName.getMethodName()+"-APPLICATION");
+		 
+		 Mockito.verifyNoMoreInteractions(etlsSpy, cisSpy,sisSpy);
+	}
+
+	@Test
+	public void verifyDelegatePassthroughCreation2() throws Exception {
+		ArgumentCaptor<EventType> eventTypeCapture = ArgumentCaptor.forClass(EventType.class);
+		ArgumentCaptor<String> logNameCapture = ArgumentCaptor.forClass(String.class);
+		 PowerMockito.whenNew(EventTypeLogSupplier.class).withArguments(eventTypeCapture.capture()).thenReturn(etlsSpy);
+		 PowerMockito.whenNew(ClientInfoSupplier.class).withNoArguments().thenReturn(cisSpy);
+		 PowerMockito.whenNew(ServerInfoSupplier.class).withArguments(logNameCapture.capture()).thenReturn(sisSpy);
+
+		 LogPrefixAppender lpa = new LogPrefixAppender(false,false,false ,null);
+		 String result = lpa.appendTo( testName.getMethodName()+"-LOGGER", Logger.EVENT_UNSPECIFIED,  testName.getMethodName()+"-MESSAGE");
+		 
+		 //Based on the forced returns in the before block
+		 Assert.assertEquals("[EVENT_TYPE CLIENT_INFO -> SERVER_INFO] "+ testName.getMethodName()+"-MESSAGE", result);
+	     
+		 Assert.assertEquals(Logger.EVENT_UNSPECIFIED, eventTypeCapture.getValue());
+		 Assert.assertEquals(testName.getMethodName()+"-LOGGER",logNameCapture.getValue());
+		 
+		 Mockito.verify(etlsSpy, Mockito.times(1)).get();
+		 Mockito.verify(cisSpy, Mockito.times(1)).get();
+		 Mockito.verify(sisSpy, Mockito.times(1)).get();
+		 
+		 Mockito.verify(cisSpy, Mockito.times(1)).setLogUserInfo(false);
+		 Mockito.verify(sisSpy, Mockito.times(1)).setLogServerIp(false);
+		 Mockito.verify(sisSpy, Mockito.times(1)).setLogApplicationName(false, null);
+		 
+		 Mockito.verifyNoMoreInteractions(etlsSpy, cisSpy,sisSpy);
+	}
+
+}

From 3def7fb99efa33f36a098a67d85542cb78ee52b3 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sat, 7 Dec 2019 06:06:02 -0600
Subject: [PATCH 602/812] LogPrefixAppender Documentation

Updating Javadoc
---
 .../logging/appender/LogPrefixAppender.java   | 33 ++++++++++++++-----
 1 file changed, 25 insertions(+), 8 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java b/src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java
index fc2e0b644..3e4344fd3 100644
--- a/src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java
+++ b/src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java
@@ -2,28 +2,45 @@
 
 import org.owasp.esapi.Logger.EventType;
 
+/**
+ * LogAppender Implementation which can prefix the common logger information for
+ * EventType, Client data, and server data.
+ */
 public class LogPrefixAppender implements LogAppender {
-	private final String RESULT_FORMAT="[%s %s -> %s] %s";
-	
+	/** Output format used to assemble return values. */
+	private static final String RESULT_FORMAT = "[%s %s -> %s] %s";// EVENT_TYPE, CLIENT_INFO, SERVER_INFO, messageBody
+
+	/** Whether or not to record client information. */
 	private final boolean logClientInfo;
+	/** Whether or not to record server ip information. */
 	private final boolean logServerIp;
+	/** Whether or not to record application name. */
 	private final boolean logApplicationName;
+	/** Application Name to record. */
 	private final String appName;
-	
+
+	/**
+	 * Ctr.
+	 * 
+	 * @param logClientInfo      Whether or not to record client information
+	 * @param logServerIp        Whether or not to record server ip information
+	 * @param logApplicationName Whether or not to record application name
+	 * @param appName            Application Name to record.
+	 */
 	public LogPrefixAppender(boolean logClientInfo, boolean logServerIp, boolean logApplicationName, String appName) {
 		this.logClientInfo = logClientInfo;
 		this.logServerIp = logServerIp;
 		this.logApplicationName = logApplicationName;
 		this.appName = appName;
 	}
-	
+
 	@Override
 	public String appendTo(String logName, EventType eventType, String message) {
 		EventTypeLogSupplier eventTypeSupplier = new EventTypeLogSupplier(eventType);
-		
+
 		ClientInfoSupplier clientInfoSupplier = new ClientInfoSupplier();
 		clientInfoSupplier.setLogUserInfo(logClientInfo);
-		
+
 		ServerInfoSupplier serverInfoSupplier = new ServerInfoSupplier(logName);
 		serverInfoSupplier.setLogServerIp(logServerIp);
 		serverInfoSupplier.setLogApplicationName(logApplicationName, appName);
@@ -31,7 +48,7 @@ public String appendTo(String logName, EventType eventType, String message) {
 		String eventTypeMsg = eventTypeSupplier.get();
 		String clientInfoMsg = clientInfoSupplier.get();
 		String serverInfoMsg = serverInfoSupplier.get();
-		
-		return String.format(RESULT_FORMAT, eventTypeMsg, clientInfoMsg,serverInfoMsg, message);
+
+		return String.format(RESULT_FORMAT, eventTypeMsg, clientInfoMsg, serverInfoMsg, message);
 	}
 }

From 59873323dc772cc4f3204b7a9de18978d4b4ee4b Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sat, 7 Dec 2019 06:30:45 -0600
Subject: [PATCH 603/812] ServerInfoSupplier Tests

Validations that the ServerInfoSupplier will provide the expected output
given controlled input.
---
 .../appender/ServerInfoSupplierTest.java      | 89 +++++++++++++++++++
 1 file changed, 89 insertions(+)
 create mode 100644 src/test/java/org/owasp/esapi/logging/appender/ServerInfoSupplierTest.java

diff --git a/src/test/java/org/owasp/esapi/logging/appender/ServerInfoSupplierTest.java b/src/test/java/org/owasp/esapi/logging/appender/ServerInfoSupplierTest.java
new file mode 100644
index 000000000..f1c6b3be4
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/logging/appender/ServerInfoSupplierTest.java
@@ -0,0 +1,89 @@
+package org.owasp.esapi.logging.appender;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.TestName;
+import org.junit.runner.RunWith;
+import org.mockito.Mockito;
+import org.owasp.esapi.ESAPI;
+import org.powermock.api.mockito.PowerMockito;
+import org.powermock.core.classloader.annotations.PrepareForTest;
+import org.powermock.modules.junit4.PowerMockRunner;
+
+@RunWith(PowerMockRunner.class)
+@PrepareForTest({ESAPI.class})
+public class ServerInfoSupplierTest {
+	@Rule
+    public TestName testName = new TestName();
+	
+	private HttpServletRequest request;
+	@Before
+	public void buildStaticMocks() throws Exception {
+		request = Mockito.mock(HttpServletRequest.class);
+		 PowerMockito.mockStatic(ESAPI.class);
+	     PowerMockito.when(ESAPI.class, "currentRequest").thenReturn(request);
+	}
+	
+	@Test
+	public void verifyFullOutput() {
+		Mockito.when(request.getLocalAddr()).thenReturn("LOCAL_ADDR");
+		Mockito.when(request.getLocalPort()).thenReturn(99999);
+		
+		ServerInfoSupplier sis = new ServerInfoSupplier(testName.getMethodName());
+		sis.setLogApplicationName(true, testName.getMethodName()+"-APPLICATION");
+		sis.setLogServerIp(true);
+		
+		String result = sis.get();
+		org.junit.Assert.assertEquals("LOCAL_ADDR:99999/"+testName.getMethodName()+"-APPLICATION/"+testName.getMethodName(), result);
+	}
+	
+	@Test
+	public void verifyOutputNullRequest() throws Exception {
+		  PowerMockito.when(ESAPI.class, "currentRequest").thenReturn(null);
+		ServerInfoSupplier sis = new ServerInfoSupplier(testName.getMethodName());
+		sis.setLogApplicationName(true, testName.getMethodName()+"-APPLICATION");
+		sis.setLogServerIp(true);
+		
+		String result = sis.get();
+		org.junit.Assert.assertEquals("/"+testName.getMethodName()+"-APPLICATION/"+testName.getMethodName(), result);
+	}
+	
+	@Test
+	public void verifyOutputNoAppName() {
+		Mockito.when(request.getLocalAddr()).thenReturn("LOCAL_ADDR");
+		Mockito.when(request.getLocalPort()).thenReturn(99999);
+		
+		ServerInfoSupplier sis = new ServerInfoSupplier(testName.getMethodName());
+		sis.setLogApplicationName(false, null);
+		sis.setLogServerIp(true);
+		
+		String result = sis.get();
+		org.junit.Assert.assertEquals("LOCAL_ADDR:99999/"+testName.getMethodName(), result);
+	}
+	
+	@Test
+	public void verifyOutputNullAppName() {
+		Mockito.when(request.getLocalAddr()).thenReturn("LOCAL_ADDR");
+		Mockito.when(request.getLocalPort()).thenReturn(99999);
+		
+		ServerInfoSupplier sis = new ServerInfoSupplier(testName.getMethodName());
+		sis.setLogApplicationName(true, null);
+		sis.setLogServerIp(true);
+		
+		String result = sis.get();
+		org.junit.Assert.assertEquals("LOCAL_ADDR:99999/null/"+testName.getMethodName(), result);
+	}
+	@Test
+	public void verifyOutputNoServerIp() {
+		ServerInfoSupplier sis = new ServerInfoSupplier(testName.getMethodName());
+		sis.setLogApplicationName(true, testName.getMethodName()+"-APPLICATION");
+		sis.setLogServerIp(false);
+		
+		String result = sis.get();
+		org.junit.Assert.assertEquals("/"+testName.getMethodName()+"-APPLICATION/"+testName.getMethodName(), result);
+	}
+	
+}

From 40896911b6c3920c24abc92e801ddb3ef89b56f9 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sat, 7 Dec 2019 06:35:35 -0600
Subject: [PATCH 604/812] ServerInfoSupplier Documentation

Updating javadoc
---
 .../logging/appender/ServerInfoSupplier.java  | 35 +++++++++++++++----
 1 file changed, 28 insertions(+), 7 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/logging/appender/ServerInfoSupplier.java b/src/main/java/org/owasp/esapi/logging/appender/ServerInfoSupplier.java
index 477e70699..cea4196df 100644
--- a/src/main/java/org/owasp/esapi/logging/appender/ServerInfoSupplier.java
+++ b/src/main/java/org/owasp/esapi/logging/appender/ServerInfoSupplier.java
@@ -6,13 +6,26 @@
 
 import org.owasp.esapi.ESAPI;
 
-public class ServerInfoSupplier implements Supplier <String> {
+/**
+ * Supplier which can provide a String representing the server-side connection
+ * information.
+ */
+public class ServerInfoSupplier implements Supplier<String> {
+	/** Whether to log the server connection info. */
 	private boolean logServerIP = true;
+	/** Whether to log the application name. */
 	private boolean logAppName = true;
+	/** The application name to log. */
 	private String applicationName = "";
 
+	/** Reference to the associated logname/module name. */
 	private final String logName;
 
+	/**
+	 * Ctr.
+	 * 
+	 * @param logName Reference to the logName to record as the module information
+	 */
 	public ServerInfoSupplier(String logName) {
 		this.logName = logName;
 	}
@@ -32,16 +45,24 @@ public String get() {
 
 		return appInfo.toString();
 	}
-	
+
+	/**
+	 * Specify whether the instance should record the server connection info.
+	 * 
+	 * @param log {@code true} to record
+	 */
 	public void setLogServerIp(boolean log) {
 		this.logServerIP = log;
 	}
-	
-	public void setLogApplicationName (boolean log, String appName) {
+
+	/**
+	 * Specify whether the instance should record the application name
+	 * 
+	 * @param log     {@code true} to record
+	 * @param appName String to record as the application name
+	 */
+	public void setLogApplicationName(boolean log, String appName) {
 		this.logAppName = log;
 		this.applicationName = appName;
 	}
-	
-	
-
 }

From 56545bfd926883c740b130ecd4fc31208f3b045e Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sat, 7 Dec 2019 07:36:12 -0600
Subject: [PATCH 605/812] IGNORED ClientInfoSupplierTest

Creating initial stub of ClientInfoSupplier Test.  I simply cannot get the
User interface to mock for the test. Likewise, I cannot create a
DefaultUser.  There's something off with the Thread context. I think it is
because the User interface extends java.security.Principal, but I'm really
not sure.

Tests are incomplete and will need to be updated once this issue is
overcome.

Presently content is ignored with a FIXME in the impl.
---
 .../appender/ClientInfoSupplierTest.java      | 130 ++++++++++++++++++
 1 file changed, 130 insertions(+)
 create mode 100644 src/test/java/org/owasp/esapi/logging/appender/ClientInfoSupplierTest.java

diff --git a/src/test/java/org/owasp/esapi/logging/appender/ClientInfoSupplierTest.java b/src/test/java/org/owasp/esapi/logging/appender/ClientInfoSupplierTest.java
new file mode 100644
index 000000000..57e742b78
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/logging/appender/ClientInfoSupplierTest.java
@@ -0,0 +1,130 @@
+package org.owasp.esapi.logging.appender;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+
+import org.junit.Before;
+import org.junit.Ignore;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.TestName;
+import org.junit.runner.RunWith;
+import org.mockito.ArgumentMatchers;
+import org.mockito.Mockito;
+import org.owasp.esapi.Authenticator;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Randomizer;
+import org.owasp.esapi.User;
+import org.powermock.api.mockito.PowerMockito;
+import org.powermock.core.classloader.annotations.PrepareForTest;
+import org.powermock.modules.junit4.PowerMockRunner;
+
+@RunWith(PowerMockRunner.class)
+@PrepareForTest({ESAPI.class})
+//https://www.gyanblog.com/gyan/20-linkage-error-loader-constraint-violation-junit-test-case-development-issue/
+//Does not correct issue with mocking User class
+//@PowerMockIgnore("org.owasp.esapi.User")
+@Ignore("Need Help figuring out why I cannot mock org.owasp.esapi.User")
+public class ClientInfoSupplierTest {
+	private static final String ESAPI_SESSION_ATTR = "ESAPI_SESSION";
+	
+	@Rule
+    public TestName testName = new TestName();
+	
+	private HttpServletRequest request;
+	private HttpSession mockSession;
+	private Authenticator mockAuth;
+	private Randomizer mockRand;
+	private User mockUser;
+	
+	@Before
+	public void before() throws Exception {
+		mockAuth = PowerMockito.mock(Authenticator.class); 
+		mockRand = PowerMockito.mock(Randomizer.class); 
+		PowerMockito.mockStatic(ESAPI.class);
+		PowerMockito.when(ESAPI.class, "currentRequest").thenReturn(request);
+		PowerMockito.when(ESAPI.class, "authenticator").thenReturn(mockAuth);
+		PowerMockito.when(ESAPI.class, "randomizer").thenReturn(mockRand);
+		
+		request = PowerMockito.mock(HttpServletRequest.class);
+		mockSession = PowerMockito.mock(HttpSession.class);
+		PowerMockito.when(request.getSession(ArgumentMatchers.anyBoolean())).thenReturn(mockSession);
+		PowerMockito.when(mockSession.getAttribute(ESAPI_SESSION_ATTR)).thenReturn(testName.getMethodName()+ "-SESSION");
+		
+		//FIXME:  I cannot mock this interface.
+		mockUser = PowerMockito.mock(User.class);
+		
+		//Session value generation
+		PowerMockito.when(mockRand.getRandomInteger(ArgumentMatchers.anyInt(), ArgumentMatchers.anyInt())).thenReturn(55555);
+		 
+		Mockito.when(mockUser.getAccountName()).thenReturn(testName.getMethodName() + "-USER");
+		Mockito.when(mockUser.getLastHostAddress()).thenReturn(testName.getMethodName() + "-HOST_ADDR");
+		
+	     
+	    Mockito.when(mockAuth.getCurrentUser()).thenReturn(mockUser);
+	}
+	
+	@Test
+	public void testHappyPath() throws Exception {
+		ClientInfoSupplier cis = new ClientInfoSupplier();
+		cis.setLogUserInfo(true);
+		String result = cis.get();
+		
+		org.junit.Assert.assertEquals(testName.getMethodName() + "-USER:"+ testName.getMethodName() + "-SESSION@"+testName.getMethodName() + "-HOST_ADDR", result);
+	}
+	
+	@Test
+	public void testLogUserOff() {
+		ClientInfoSupplier cis = new ClientInfoSupplier();
+		cis.setLogUserInfo(false);
+		String result = cis.get();
+		
+		org.junit.Assert.assertTrue(result.isEmpty());
+	}
+	
+	@Test
+	public void testLogUserNull() {
+		Mockito.when(mockAuth.getCurrentUser()).thenReturn(null);
+		ClientInfoSupplier cis = new ClientInfoSupplier();
+		cis.setLogUserInfo(true);
+		String result = cis.get();
+		
+		org.junit.Assert.assertTrue(result.isEmpty());
+	}
+	
+	@Test
+	public void testNullRequest() throws Exception {
+		PowerMockito.when(ESAPI.class, "currentRequest").thenReturn(null);
+		ClientInfoSupplier cis = new ClientInfoSupplier();
+		cis.setLogUserInfo(true);
+		String result = cis.get();
+		
+		//sid is empty when request is null		
+		org.junit.Assert.assertEquals(testName.getMethodName() + "-USER:@"+testName.getMethodName() + "-HOST_ADDR", result);
+	}
+	
+	@Test
+	public void testNullSession() throws Exception {
+		PowerMockito.when(request.getSession()).thenReturn(null);
+		ClientInfoSupplier cis = new ClientInfoSupplier();
+		cis.setLogUserInfo(true);
+		String result = cis.get();
+		
+		//sid is empty when session is null		
+		org.junit.Assert.assertEquals(testName.getMethodName() + "-USER:@"+testName.getMethodName() + "-HOST_ADDR", result);
+	}
+	
+	
+	
+	@Test
+	public void testNullEsapiSession() throws Exception {
+		PowerMockito.when(mockSession.getAttribute(ESAPI_SESSION_ATTR)).thenReturn(null);
+		ClientInfoSupplier cis = new ClientInfoSupplier();
+		cis.setLogUserInfo(true);
+		String result = cis.get();
+		
+		//sid is empty when session is null		
+		org.junit.Assert.assertEquals(testName.getMethodName() + "-USER:55555@"+testName.getMethodName() + "-HOST_ADDR", result);
+		Mockito.verify(mockSession, Mockito.times(1)).setAttribute(ESAPI_SESSION_ATTR, (""+55555));
+	}
+}
\ No newline at end of file

From fc7c9818e37fe1ede356ee7c2f2d849b9375bc11 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sat, 7 Dec 2019 07:42:03 -0600
Subject: [PATCH 606/812] ClientInfoSupplier Documentation

Updating Javadoc
---
 .../logging/appender/ClientInfoSupplier.java  | 28 ++++++++++++++++---
 1 file changed, 24 insertions(+), 4 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/logging/appender/ClientInfoSupplier.java b/src/main/java/org/owasp/esapi/logging/appender/ClientInfoSupplier.java
index df1ae28a7..af0e3b827 100644
--- a/src/main/java/org/owasp/esapi/logging/appender/ClientInfoSupplier.java
+++ b/src/main/java/org/owasp/esapi/logging/appender/ClientInfoSupplier.java
@@ -8,13 +8,26 @@
 import org.owasp.esapi.ESAPI;
 import org.owasp.esapi.User;
 
-public class ClientInfoSupplier implements Supplier <String> {
+/**
+ * Supplier which can provide a String representing the client-side connection
+ * information.
+ */
+public class ClientInfoSupplier implements Supplier<String> {
+	/** Session Attribute containing the ESAPI Session id. */
 	private static final String ESAPI_SESSION_ATTR = "ESAPI_SESSION";
+	/**
+	 * Minimum value for generating a random session value if one is not defined.
+	 */
 	private static final int ESAPI_SESSION_RAND_MIN = 0;
+	/**
+	 * Maximum value for generating a random session value if one is not defined.
+	 */
 	private static final int ESAPI_SESSION_RAND_MAX = 1000000;
 
-	private static final String USER_INFO_FORMAT = "%s:%s@%s";
+	/** Format for supplier output. */
+	private static final String USER_INFO_FORMAT = "%s:%s@%s"; // USER_NAME, SID, USER_HOST_ADDRESS
 
+	/** Whether to log the user info from this instance. */
 	private boolean logUserInfo = true;
 
 	@Override
@@ -24,13 +37,15 @@ public String get() {
 		User user = ESAPI.authenticator().getCurrentUser();
 		if (logUserInfo && user != null) {
 			HttpServletRequest request = ESAPI.currentRequest();
-			// create a random session number for the user to represent the user's 'session', if it doesn't exist already
+			// create a random session number for the user to represent the user's
+			// 'session', if it doesn't exist already
 			String sid = "";
 			if (request != null) {
 				HttpSession session = request.getSession(false);
 				if (session != null) {
 					sid = (String) session.getAttribute(ESAPI_SESSION_ATTR);
-					// if there is no session ID for the user yet, we create one and store it in the user's session
+					// if there is no session ID for the user yet, we create one and store it in the
+					// user's session
 					if (sid == null) {
 						sid = "" + ESAPI.randomizer().getRandomInteger(ESAPI_SESSION_RAND_MIN, ESAPI_SESSION_RAND_MAX);
 						session.setAttribute(ESAPI_SESSION_ATTR, sid);
@@ -43,6 +58,11 @@ public String get() {
 		return userInfo;
 	}
 
+	/**
+	 * Specify whether the instance should record the client info.
+	 * 
+	 * @param log {@code true} to record
+	 */
 	public void setLogUserInfo(boolean log) {
 		this.logUserInfo = log;
 	}

From 520fa18c2accf59c565adcc01571823e08ce9fc2 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sat, 7 Dec 2019 08:02:01 -0600
Subject: [PATCH 607/812] Enabling/Correcting ClientInfoSupplierTest

Had to use PowerMockIgnore on javax.security.* package to allow the
org.owasp.esapi.User interface to Mock correctly.  Once that was
functional, the test implementations were completed with appropriate
expectations and Mock validations.
---
 .../appender/ClientInfoSupplierTest.java      | 64 +++++++++++++++----
 1 file changed, 50 insertions(+), 14 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/logging/appender/ClientInfoSupplierTest.java b/src/test/java/org/owasp/esapi/logging/appender/ClientInfoSupplierTest.java
index 57e742b78..b63471442 100644
--- a/src/test/java/org/owasp/esapi/logging/appender/ClientInfoSupplierTest.java
+++ b/src/test/java/org/owasp/esapi/logging/appender/ClientInfoSupplierTest.java
@@ -4,7 +4,6 @@
 import javax.servlet.http.HttpSession;
 
 import org.junit.Before;
-import org.junit.Ignore;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.rules.TestName;
@@ -16,22 +15,20 @@
 import org.owasp.esapi.Randomizer;
 import org.owasp.esapi.User;
 import org.powermock.api.mockito.PowerMockito;
+import org.powermock.core.classloader.annotations.PowerMockIgnore;
 import org.powermock.core.classloader.annotations.PrepareForTest;
 import org.powermock.modules.junit4.PowerMockRunner;
 
 @RunWith(PowerMockRunner.class)
 @PrepareForTest({ESAPI.class})
-//https://www.gyanblog.com/gyan/20-linkage-error-loader-constraint-violation-junit-test-case-development-issue/
-//Does not correct issue with mocking User class
-//@PowerMockIgnore("org.owasp.esapi.User")
-@Ignore("Need Help figuring out why I cannot mock org.owasp.esapi.User")
+@PowerMockIgnore("javax.security.*") //Required since User extends javax.security.Principal
 public class ClientInfoSupplierTest {
 	private static final String ESAPI_SESSION_ATTR = "ESAPI_SESSION";
 	
 	@Rule
     public TestName testName = new TestName();
 	
-	private HttpServletRequest request;
+	private HttpServletRequest mockRequest;
 	private HttpSession mockSession;
 	private Authenticator mockAuth;
 	private Randomizer mockRand;
@@ -41,19 +38,18 @@ public class ClientInfoSupplierTest {
 	public void before() throws Exception {
 		mockAuth = PowerMockito.mock(Authenticator.class); 
 		mockRand = PowerMockito.mock(Randomizer.class); 
+		mockRequest = PowerMockito.mock(HttpServletRequest.class);
+		mockSession = PowerMockito.mock(HttpSession.class);
+		mockUser = PowerMockito.mock(User.class);
+		
 		PowerMockito.mockStatic(ESAPI.class);
-		PowerMockito.when(ESAPI.class, "currentRequest").thenReturn(request);
+		PowerMockito.when(ESAPI.class, "currentRequest").thenReturn(mockRequest);
 		PowerMockito.when(ESAPI.class, "authenticator").thenReturn(mockAuth);
 		PowerMockito.when(ESAPI.class, "randomizer").thenReturn(mockRand);
 		
-		request = PowerMockito.mock(HttpServletRequest.class);
-		mockSession = PowerMockito.mock(HttpSession.class);
-		PowerMockito.when(request.getSession(ArgumentMatchers.anyBoolean())).thenReturn(mockSession);
+		PowerMockito.when(mockRequest.getSession(false)).thenReturn(mockSession);
 		PowerMockito.when(mockSession.getAttribute(ESAPI_SESSION_ATTR)).thenReturn(testName.getMethodName()+ "-SESSION");
 		
-		//FIXME:  I cannot mock this interface.
-		mockUser = PowerMockito.mock(User.class);
-		
 		//Session value generation
 		PowerMockito.when(mockRand.getRandomInteger(ArgumentMatchers.anyInt(), ArgumentMatchers.anyInt())).thenReturn(55555);
 		 
@@ -71,6 +67,14 @@ public void testHappyPath() throws Exception {
 		String result = cis.get();
 		
 		org.junit.Assert.assertEquals(testName.getMethodName() + "-USER:"+ testName.getMethodName() + "-SESSION@"+testName.getMethodName() + "-HOST_ADDR", result);
+		
+		Mockito.verify(mockAuth,Mockito.times(1)).getCurrentUser();
+		Mockito.verify(mockRequest,Mockito.times(1)).getSession(false);
+		Mockito.verify(mockSession,Mockito.times(1)).getAttribute(ESAPI_SESSION_ATTR);
+		Mockito.verify(mockUser,Mockito.times(1)).getAccountName();
+		Mockito.verify(mockUser,Mockito.times(1)).getLastHostAddress();
+		
+		Mockito.verifyNoMoreInteractions(mockAuth, mockRand, mockRequest, mockSession, mockUser);
 	}
 	
 	@Test
@@ -80,6 +84,10 @@ public void testLogUserOff() {
 		String result = cis.get();
 		
 		org.junit.Assert.assertTrue(result.isEmpty());
+		
+		Mockito.verify(mockAuth,Mockito.times(1)).getCurrentUser();
+		
+		Mockito.verifyNoMoreInteractions(mockAuth, mockRand, mockRequest, mockSession, mockUser);
 	}
 	
 	@Test
@@ -90,6 +98,10 @@ public void testLogUserNull() {
 		String result = cis.get();
 		
 		org.junit.Assert.assertTrue(result.isEmpty());
+		
+		Mockito.verify(mockAuth,Mockito.times(1)).getCurrentUser();
+		
+		Mockito.verifyNoMoreInteractions(mockAuth, mockRand, mockRequest, mockSession, mockUser);
 	}
 	
 	@Test
@@ -101,17 +113,32 @@ public void testNullRequest() throws Exception {
 		
 		//sid is empty when request is null		
 		org.junit.Assert.assertEquals(testName.getMethodName() + "-USER:@"+testName.getMethodName() + "-HOST_ADDR", result);
+		
+		Mockito.verify(mockAuth,Mockito.times(1)).getCurrentUser();
+		Mockito.verify(mockUser,Mockito.times(1)).getAccountName();
+		Mockito.verify(mockUser,Mockito.times(1)).getLastHostAddress();
+		
+		Mockito.verifyNoMoreInteractions(mockAuth, mockRand, mockRequest, mockSession, mockUser);
 	}
 	
 	@Test
 	public void testNullSession() throws Exception {
-		PowerMockito.when(request.getSession()).thenReturn(null);
+		PowerMockito.when(mockRequest.getSession(false)).thenReturn(null);
 		ClientInfoSupplier cis = new ClientInfoSupplier();
 		cis.setLogUserInfo(true);
 		String result = cis.get();
 		
 		//sid is empty when session is null		
 		org.junit.Assert.assertEquals(testName.getMethodName() + "-USER:@"+testName.getMethodName() + "-HOST_ADDR", result);
+		
+		
+		Mockito.verify(mockAuth,Mockito.times(1)).getCurrentUser();
+		Mockito.verify(mockRequest,Mockito.times(1)).getSession(false);
+		Mockito.verify(mockUser,Mockito.times(1)).getAccountName();
+		Mockito.verify(mockUser,Mockito.times(1)).getLastHostAddress();
+		
+		
+		Mockito.verifyNoMoreInteractions(mockAuth, mockRand, mockRequest, mockSession, mockUser);
 	}
 	
 	
@@ -125,6 +152,15 @@ public void testNullEsapiSession() throws Exception {
 		
 		//sid is empty when session is null		
 		org.junit.Assert.assertEquals(testName.getMethodName() + "-USER:55555@"+testName.getMethodName() + "-HOST_ADDR", result);
+		
+		Mockito.verify(mockAuth,Mockito.times(1)).getCurrentUser();
+		Mockito.verify(mockRequest,Mockito.times(1)).getSession(false);
+		Mockito.verify(mockSession,Mockito.times(1)).getAttribute(ESAPI_SESSION_ATTR);
 		Mockito.verify(mockSession, Mockito.times(1)).setAttribute(ESAPI_SESSION_ATTR, (""+55555));
+		Mockito.verify(mockRand, Mockito.times(1)).getRandomInteger(ArgumentMatchers.anyInt(), ArgumentMatchers.anyInt());
+		Mockito.verify(mockUser,Mockito.times(1)).getAccountName();
+		Mockito.verify(mockUser,Mockito.times(1)).getLastHostAddress();
+		
+		Mockito.verifyNoMoreInteractions(mockAuth, mockRand, mockRequest, mockSession, mockUser);
 	}
 }
\ No newline at end of file

From 53b9b3374f7e798b849bde010970b58967dd645b Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sat, 7 Dec 2019 08:12:12 -0600
Subject: [PATCH 608/812] Test Cleanup

Organizing imports and formatting implementations.
---
 .../appender/ClientInfoSupplierTest.java      | 115 ++++++++--------
 .../appender/EventTypeLogSupplierTest.java    |   4 +-
 .../appender/LogPrefixAppenderTest.java       | 128 +++++++++---------
 .../appender/ServerInfoSupplierTest.java      |  78 ++++++-----
 4 files changed, 173 insertions(+), 152 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/logging/appender/ClientInfoSupplierTest.java b/src/test/java/org/owasp/esapi/logging/appender/ClientInfoSupplierTest.java
index b63471442..0c8fd375e 100644
--- a/src/test/java/org/owasp/esapi/logging/appender/ClientInfoSupplierTest.java
+++ b/src/test/java/org/owasp/esapi/logging/appender/ClientInfoSupplierTest.java
@@ -1,5 +1,14 @@
 package org.owasp.esapi.logging.appender;
 
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyNoMoreInteractions;
+import static org.powermock.api.mockito.PowerMockito.mockStatic;
+import static org.powermock.api.mockito.PowerMockito.when;
+
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpSession;
 
@@ -9,12 +18,10 @@
 import org.junit.rules.TestName;
 import org.junit.runner.RunWith;
 import org.mockito.ArgumentMatchers;
-import org.mockito.Mockito;
 import org.owasp.esapi.Authenticator;
 import org.owasp.esapi.ESAPI;
 import org.owasp.esapi.Randomizer;
 import org.owasp.esapi.User;
-import org.powermock.api.mockito.PowerMockito;
 import org.powermock.core.classloader.annotations.PowerMockIgnore;
 import org.powermock.core.classloader.annotations.PrepareForTest;
 import org.powermock.modules.junit4.PowerMockRunner;
@@ -36,28 +43,28 @@ public class ClientInfoSupplierTest {
 	
 	@Before
 	public void before() throws Exception {
-		mockAuth = PowerMockito.mock(Authenticator.class); 
-		mockRand = PowerMockito.mock(Randomizer.class); 
-		mockRequest = PowerMockito.mock(HttpServletRequest.class);
-		mockSession = PowerMockito.mock(HttpSession.class);
-		mockUser = PowerMockito.mock(User.class);
+		mockAuth =mock(Authenticator.class); 
+		mockRand =mock(Randomizer.class); 
+		mockRequest =mock(HttpServletRequest.class);
+		mockSession =mock(HttpSession.class);
+		mockUser =mock(User.class);
 		
-		PowerMockito.mockStatic(ESAPI.class);
-		PowerMockito.when(ESAPI.class, "currentRequest").thenReturn(mockRequest);
-		PowerMockito.when(ESAPI.class, "authenticator").thenReturn(mockAuth);
-		PowerMockito.when(ESAPI.class, "randomizer").thenReturn(mockRand);
+		mockStatic(ESAPI.class);
+		when(ESAPI.class, "currentRequest").thenReturn(mockRequest);
+		when(ESAPI.class, "authenticator").thenReturn(mockAuth);
+		when(ESAPI.class, "randomizer").thenReturn(mockRand);
 		
-		PowerMockito.when(mockRequest.getSession(false)).thenReturn(mockSession);
-		PowerMockito.when(mockSession.getAttribute(ESAPI_SESSION_ATTR)).thenReturn(testName.getMethodName()+ "-SESSION");
+		when(mockRequest.getSession(false)).thenReturn(mockSession);
+		when(mockSession.getAttribute(ESAPI_SESSION_ATTR)).thenReturn(testName.getMethodName()+ "-SESSION");
 		
 		//Session value generation
-		PowerMockito.when(mockRand.getRandomInteger(ArgumentMatchers.anyInt(), ArgumentMatchers.anyInt())).thenReturn(55555);
+		when(mockRand.getRandomInteger(ArgumentMatchers.anyInt(), ArgumentMatchers.anyInt())).thenReturn(55555);
 		 
-		Mockito.when(mockUser.getAccountName()).thenReturn(testName.getMethodName() + "-USER");
-		Mockito.when(mockUser.getLastHostAddress()).thenReturn(testName.getMethodName() + "-HOST_ADDR");
+		when(mockUser.getAccountName()).thenReturn(testName.getMethodName() + "-USER");
+		when(mockUser.getLastHostAddress()).thenReturn(testName.getMethodName() + "-HOST_ADDR");
 		
 	     
-	    Mockito.when(mockAuth.getCurrentUser()).thenReturn(mockUser);
+	    when(mockAuth.getCurrentUser()).thenReturn(mockUser);
 	}
 	
 	@Test
@@ -66,15 +73,15 @@ public void testHappyPath() throws Exception {
 		cis.setLogUserInfo(true);
 		String result = cis.get();
 		
-		org.junit.Assert.assertEquals(testName.getMethodName() + "-USER:"+ testName.getMethodName() + "-SESSION@"+testName.getMethodName() + "-HOST_ADDR", result);
+		assertEquals(testName.getMethodName() + "-USER:"+ testName.getMethodName() + "-SESSION@"+testName.getMethodName() + "-HOST_ADDR", result);
 		
-		Mockito.verify(mockAuth,Mockito.times(1)).getCurrentUser();
-		Mockito.verify(mockRequest,Mockito.times(1)).getSession(false);
-		Mockito.verify(mockSession,Mockito.times(1)).getAttribute(ESAPI_SESSION_ATTR);
-		Mockito.verify(mockUser,Mockito.times(1)).getAccountName();
-		Mockito.verify(mockUser,Mockito.times(1)).getLastHostAddress();
+		verify(mockAuth,times(1)).getCurrentUser();
+		verify(mockRequest,times(1)).getSession(false);
+		verify(mockSession,times(1)).getAttribute(ESAPI_SESSION_ATTR);
+		verify(mockUser,times(1)).getAccountName();
+		verify(mockUser,times(1)).getLastHostAddress();
 		
-		Mockito.verifyNoMoreInteractions(mockAuth, mockRand, mockRequest, mockSession, mockUser);
+		verifyNoMoreInteractions(mockAuth, mockRand, mockRequest, mockSession, mockUser);
 	}
 	
 	@Test
@@ -83,84 +90,84 @@ public void testLogUserOff() {
 		cis.setLogUserInfo(false);
 		String result = cis.get();
 		
-		org.junit.Assert.assertTrue(result.isEmpty());
+		assertTrue(result.isEmpty());
 		
-		Mockito.verify(mockAuth,Mockito.times(1)).getCurrentUser();
+		verify(mockAuth,times(1)).getCurrentUser();
 		
-		Mockito.verifyNoMoreInteractions(mockAuth, mockRand, mockRequest, mockSession, mockUser);
+		verifyNoMoreInteractions(mockAuth, mockRand, mockRequest, mockSession, mockUser);
 	}
 	
 	@Test
 	public void testLogUserNull() {
-		Mockito.when(mockAuth.getCurrentUser()).thenReturn(null);
+		when(mockAuth.getCurrentUser()).thenReturn(null);
 		ClientInfoSupplier cis = new ClientInfoSupplier();
 		cis.setLogUserInfo(true);
 		String result = cis.get();
 		
-		org.junit.Assert.assertTrue(result.isEmpty());
+		assertTrue(result.isEmpty());
 		
-		Mockito.verify(mockAuth,Mockito.times(1)).getCurrentUser();
+		verify(mockAuth,times(1)).getCurrentUser();
 		
-		Mockito.verifyNoMoreInteractions(mockAuth, mockRand, mockRequest, mockSession, mockUser);
+		verifyNoMoreInteractions(mockAuth, mockRand, mockRequest, mockSession, mockUser);
 	}
 	
 	@Test
 	public void testNullRequest() throws Exception {
-		PowerMockito.when(ESAPI.class, "currentRequest").thenReturn(null);
+		when(ESAPI.class, "currentRequest").thenReturn(null);
 		ClientInfoSupplier cis = new ClientInfoSupplier();
 		cis.setLogUserInfo(true);
 		String result = cis.get();
 		
 		//sid is empty when request is null		
-		org.junit.Assert.assertEquals(testName.getMethodName() + "-USER:@"+testName.getMethodName() + "-HOST_ADDR", result);
+		assertEquals(testName.getMethodName() + "-USER:@"+testName.getMethodName() + "-HOST_ADDR", result);
 		
-		Mockito.verify(mockAuth,Mockito.times(1)).getCurrentUser();
-		Mockito.verify(mockUser,Mockito.times(1)).getAccountName();
-		Mockito.verify(mockUser,Mockito.times(1)).getLastHostAddress();
+		verify(mockAuth,times(1)).getCurrentUser();
+		verify(mockUser,times(1)).getAccountName();
+		verify(mockUser,times(1)).getLastHostAddress();
 		
-		Mockito.verifyNoMoreInteractions(mockAuth, mockRand, mockRequest, mockSession, mockUser);
+		verifyNoMoreInteractions(mockAuth, mockRand, mockRequest, mockSession, mockUser);
 	}
 	
 	@Test
 	public void testNullSession() throws Exception {
-		PowerMockito.when(mockRequest.getSession(false)).thenReturn(null);
+		when(mockRequest.getSession(false)).thenReturn(null);
 		ClientInfoSupplier cis = new ClientInfoSupplier();
 		cis.setLogUserInfo(true);
 		String result = cis.get();
 		
 		//sid is empty when session is null		
-		org.junit.Assert.assertEquals(testName.getMethodName() + "-USER:@"+testName.getMethodName() + "-HOST_ADDR", result);
+		assertEquals(testName.getMethodName() + "-USER:@"+testName.getMethodName() + "-HOST_ADDR", result);
 		
 		
-		Mockito.verify(mockAuth,Mockito.times(1)).getCurrentUser();
-		Mockito.verify(mockRequest,Mockito.times(1)).getSession(false);
-		Mockito.verify(mockUser,Mockito.times(1)).getAccountName();
-		Mockito.verify(mockUser,Mockito.times(1)).getLastHostAddress();
+		verify(mockAuth,times(1)).getCurrentUser();
+		verify(mockRequest,times(1)).getSession(false);
+		verify(mockUser,times(1)).getAccountName();
+		verify(mockUser,times(1)).getLastHostAddress();
 		
 		
-		Mockito.verifyNoMoreInteractions(mockAuth, mockRand, mockRequest, mockSession, mockUser);
+		verifyNoMoreInteractions(mockAuth, mockRand, mockRequest, mockSession, mockUser);
 	}
 	
 	
 	
 	@Test
 	public void testNullEsapiSession() throws Exception {
-		PowerMockito.when(mockSession.getAttribute(ESAPI_SESSION_ATTR)).thenReturn(null);
+		when(mockSession.getAttribute(ESAPI_SESSION_ATTR)).thenReturn(null);
 		ClientInfoSupplier cis = new ClientInfoSupplier();
 		cis.setLogUserInfo(true);
 		String result = cis.get();
 		
 		//sid is empty when session is null		
-		org.junit.Assert.assertEquals(testName.getMethodName() + "-USER:55555@"+testName.getMethodName() + "-HOST_ADDR", result);
+		assertEquals(testName.getMethodName() + "-USER:55555@"+testName.getMethodName() + "-HOST_ADDR", result);
 		
-		Mockito.verify(mockAuth,Mockito.times(1)).getCurrentUser();
-		Mockito.verify(mockRequest,Mockito.times(1)).getSession(false);
-		Mockito.verify(mockSession,Mockito.times(1)).getAttribute(ESAPI_SESSION_ATTR);
-		Mockito.verify(mockSession, Mockito.times(1)).setAttribute(ESAPI_SESSION_ATTR, (""+55555));
-		Mockito.verify(mockRand, Mockito.times(1)).getRandomInteger(ArgumentMatchers.anyInt(), ArgumentMatchers.anyInt());
-		Mockito.verify(mockUser,Mockito.times(1)).getAccountName();
-		Mockito.verify(mockUser,Mockito.times(1)).getLastHostAddress();
+		verify(mockAuth,times(1)).getCurrentUser();
+		verify(mockRequest,times(1)).getSession(false);
+		verify(mockSession,times(1)).getAttribute(ESAPI_SESSION_ATTR);
+		verify(mockSession, times(1)).setAttribute(ESAPI_SESSION_ATTR, (""+55555));
+		verify(mockRand, times(1)).getRandomInteger(ArgumentMatchers.anyInt(), ArgumentMatchers.anyInt());
+		verify(mockUser,times(1)).getAccountName();
+		verify(mockUser,times(1)).getLastHostAddress();
 		
-		Mockito.verifyNoMoreInteractions(mockAuth, mockRand, mockRequest, mockSession, mockUser);
+		verifyNoMoreInteractions(mockAuth, mockRand, mockRequest, mockSession, mockUser);
 	}
 }
\ No newline at end of file
diff --git a/src/test/java/org/owasp/esapi/logging/appender/EventTypeLogSupplierTest.java b/src/test/java/org/owasp/esapi/logging/appender/EventTypeLogSupplierTest.java
index fa2250405..0aa6c02b8 100644
--- a/src/test/java/org/owasp/esapi/logging/appender/EventTypeLogSupplierTest.java
+++ b/src/test/java/org/owasp/esapi/logging/appender/EventTypeLogSupplierTest.java
@@ -1,5 +1,7 @@
 package org.owasp.esapi.logging.appender;
 
+import static org.junit.Assert.assertEquals;
+
 import org.junit.Test;
 import org.owasp.esapi.Logger;
 import org.owasp.esapi.Logger.EventType;
@@ -11,6 +13,6 @@ public void testEventTypeLog() {
 		EventType eventType = Logger.EVENT_UNSPECIFIED;
 		EventTypeLogSupplier supplier = new EventTypeLogSupplier(eventType);
 		
-		org.junit.Assert.assertEquals(eventType.toString(), supplier.get());
+		assertEquals(eventType.toString(), supplier.get());
 	}
 }
diff --git a/src/test/java/org/owasp/esapi/logging/appender/LogPrefixAppenderTest.java b/src/test/java/org/owasp/esapi/logging/appender/LogPrefixAppenderTest.java
index 1dd3673fd..c8bfd0c70 100644
--- a/src/test/java/org/owasp/esapi/logging/appender/LogPrefixAppenderTest.java
+++ b/src/test/java/org/owasp/esapi/logging/appender/LogPrefixAppenderTest.java
@@ -1,100 +1,106 @@
 package org.owasp.esapi.logging.appender;
 
+import static org.junit.Assert.assertEquals;
+import static org.mockito.Mockito.spy;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyNoMoreInteractions;
+import static org.mockito.Mockito.when;
+import static org.powermock.api.mockito.PowerMockito.whenNew;
+
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.rules.TestName;
 import org.junit.runner.RunWith;
 import org.mockito.ArgumentCaptor;
-import org.mockito.Mockito;
 import org.owasp.esapi.Logger;
 import org.owasp.esapi.Logger.EventType;
-import org.powermock.api.mockito.PowerMockito;
 import org.powermock.core.classloader.annotations.PrepareForTest;
 import org.powermock.modules.junit4.PowerMockRunner;
 
-import org.junit.Assert;
-
 @RunWith(PowerMockRunner.class)
-@PrepareForTest (LogPrefixAppender.class)
+@PrepareForTest(LogPrefixAppender.class)
 public class LogPrefixAppenderTest {
 	@Rule
-    public TestName testName = new TestName();
+	public TestName testName = new TestName();
 
 	private EventTypeLogSupplier etlsSpy;
 	private String etlsSpyGet = "EVENT_TYPE";
-	
+
 	private ClientInfoSupplier cisSpy;
 	private String cisSpyGet = "CLIENT_INFO";
-	
+
 	private ServerInfoSupplier sisSpy;
 	private String sisSpyGet = "SERVER_INFO";
-	
+
 	@Before
 	public void buildSupplierSpies() {
-		etlsSpy = Mockito.spy(new EventTypeLogSupplier(Logger.EVENT_UNSPECIFIED));
-		cisSpy = Mockito.spy(new ClientInfoSupplier());
-		sisSpy = Mockito.spy(new ServerInfoSupplier(testName.getMethodName()));
-		
-		Mockito.when(etlsSpy.get()).thenReturn(etlsSpyGet);
-		Mockito.when(cisSpy.get()).thenReturn(cisSpyGet);
-		Mockito.when(sisSpy.get()).thenReturn(sisSpyGet);
+		etlsSpy = spy(new EventTypeLogSupplier(Logger.EVENT_UNSPECIFIED));
+		cisSpy = spy(new ClientInfoSupplier());
+		sisSpy = spy(new ServerInfoSupplier(testName.getMethodName()));
+
+		when(etlsSpy.get()).thenReturn(etlsSpyGet);
+		when(cisSpy.get()).thenReturn(cisSpyGet);
+		when(sisSpy.get()).thenReturn(sisSpyGet);
 	}
-	
+
 	@Test
 	public void verifyDelegatePassthroughCreation() throws Exception {
 		ArgumentCaptor<EventType> eventTypeCapture = ArgumentCaptor.forClass(EventType.class);
 		ArgumentCaptor<String> logNameCapture = ArgumentCaptor.forClass(String.class);
-		 PowerMockito.whenNew(EventTypeLogSupplier.class).withArguments(eventTypeCapture.capture()).thenReturn(etlsSpy);
-		 PowerMockito.whenNew(ClientInfoSupplier.class).withNoArguments().thenReturn(cisSpy);
-		 PowerMockito.whenNew(ServerInfoSupplier.class).withArguments(logNameCapture.capture()).thenReturn(sisSpy);
-
-		 LogPrefixAppender lpa = new LogPrefixAppender(true, true, true, testName.getMethodName()+"-APPLICATION");
-		 String result = lpa.appendTo( testName.getMethodName()+"-LOGGER", Logger.EVENT_UNSPECIFIED,  testName.getMethodName()+"-MESSAGE");
-		 
-		 //Based on the forced returns in the before block
-		 Assert.assertEquals("[EVENT_TYPE CLIENT_INFO -> SERVER_INFO] "+ testName.getMethodName()+"-MESSAGE", result);
-	     
-		 Assert.assertEquals(Logger.EVENT_UNSPECIFIED, eventTypeCapture.getValue());
-		 Assert.assertEquals(testName.getMethodName()+"-LOGGER",logNameCapture.getValue());
-		 
-		 Mockito.verify(etlsSpy, Mockito.times(1)).get();
-		 Mockito.verify(cisSpy, Mockito.times(1)).get();
-		 Mockito.verify(sisSpy, Mockito.times(1)).get();
-		 
-		 Mockito.verify(cisSpy, Mockito.times(1)).setLogUserInfo(true);
-		 Mockito.verify(sisSpy, Mockito.times(1)).setLogServerIp(true);
-		 Mockito.verify(sisSpy, Mockito.times(1)).setLogApplicationName(true, testName.getMethodName()+"-APPLICATION");
-		 
-		 Mockito.verifyNoMoreInteractions(etlsSpy, cisSpy,sisSpy);
+		whenNew(EventTypeLogSupplier.class).withArguments(eventTypeCapture.capture()).thenReturn(etlsSpy);
+		whenNew(ClientInfoSupplier.class).withNoArguments().thenReturn(cisSpy);
+		whenNew(ServerInfoSupplier.class).withArguments(logNameCapture.capture()).thenReturn(sisSpy);
+
+		LogPrefixAppender lpa = new LogPrefixAppender(true, true, true, testName.getMethodName() + "-APPLICATION");
+		String result = lpa.appendTo(testName.getMethodName() + "-LOGGER", Logger.EVENT_UNSPECIFIED,
+				testName.getMethodName() + "-MESSAGE");
+
+		// Based on the forced returns in the before block
+		assertEquals("[EVENT_TYPE CLIENT_INFO -> SERVER_INFO] " + testName.getMethodName() + "-MESSAGE", result);
+
+		assertEquals(Logger.EVENT_UNSPECIFIED, eventTypeCapture.getValue());
+		assertEquals(testName.getMethodName() + "-LOGGER", logNameCapture.getValue());
+
+		verify(etlsSpy, times(1)).get();
+		verify(cisSpy, times(1)).get();
+		verify(sisSpy, times(1)).get();
+
+		verify(cisSpy, times(1)).setLogUserInfo(true);
+		verify(sisSpy, times(1)).setLogServerIp(true);
+		verify(sisSpy, times(1)).setLogApplicationName(true, testName.getMethodName() + "-APPLICATION");
+
+		verifyNoMoreInteractions(etlsSpy, cisSpy, sisSpy);
 	}
 
 	@Test
 	public void verifyDelegatePassthroughCreation2() throws Exception {
 		ArgumentCaptor<EventType> eventTypeCapture = ArgumentCaptor.forClass(EventType.class);
 		ArgumentCaptor<String> logNameCapture = ArgumentCaptor.forClass(String.class);
-		 PowerMockito.whenNew(EventTypeLogSupplier.class).withArguments(eventTypeCapture.capture()).thenReturn(etlsSpy);
-		 PowerMockito.whenNew(ClientInfoSupplier.class).withNoArguments().thenReturn(cisSpy);
-		 PowerMockito.whenNew(ServerInfoSupplier.class).withArguments(logNameCapture.capture()).thenReturn(sisSpy);
-
-		 LogPrefixAppender lpa = new LogPrefixAppender(false,false,false ,null);
-		 String result = lpa.appendTo( testName.getMethodName()+"-LOGGER", Logger.EVENT_UNSPECIFIED,  testName.getMethodName()+"-MESSAGE");
-		 
-		 //Based on the forced returns in the before block
-		 Assert.assertEquals("[EVENT_TYPE CLIENT_INFO -> SERVER_INFO] "+ testName.getMethodName()+"-MESSAGE", result);
-	     
-		 Assert.assertEquals(Logger.EVENT_UNSPECIFIED, eventTypeCapture.getValue());
-		 Assert.assertEquals(testName.getMethodName()+"-LOGGER",logNameCapture.getValue());
-		 
-		 Mockito.verify(etlsSpy, Mockito.times(1)).get();
-		 Mockito.verify(cisSpy, Mockito.times(1)).get();
-		 Mockito.verify(sisSpy, Mockito.times(1)).get();
-		 
-		 Mockito.verify(cisSpy, Mockito.times(1)).setLogUserInfo(false);
-		 Mockito.verify(sisSpy, Mockito.times(1)).setLogServerIp(false);
-		 Mockito.verify(sisSpy, Mockito.times(1)).setLogApplicationName(false, null);
-		 
-		 Mockito.verifyNoMoreInteractions(etlsSpy, cisSpy,sisSpy);
+		whenNew(EventTypeLogSupplier.class).withArguments(eventTypeCapture.capture()).thenReturn(etlsSpy);
+		whenNew(ClientInfoSupplier.class).withNoArguments().thenReturn(cisSpy);
+		whenNew(ServerInfoSupplier.class).withArguments(logNameCapture.capture()).thenReturn(sisSpy);
+
+		LogPrefixAppender lpa = new LogPrefixAppender(false, false, false, null);
+		String result = lpa.appendTo(testName.getMethodName() + "-LOGGER", Logger.EVENT_UNSPECIFIED,
+				testName.getMethodName() + "-MESSAGE");
+
+		// Based on the forced returns in the before block
+		assertEquals("[EVENT_TYPE CLIENT_INFO -> SERVER_INFO] " + testName.getMethodName() + "-MESSAGE", result);
+
+		assertEquals(Logger.EVENT_UNSPECIFIED, eventTypeCapture.getValue());
+		assertEquals(testName.getMethodName() + "-LOGGER", logNameCapture.getValue());
+
+		verify(etlsSpy, times(1)).get();
+		verify(cisSpy, times(1)).get();
+		verify(sisSpy, times(1)).get();
+
+		verify(cisSpy, times(1)).setLogUserInfo(false);
+		verify(sisSpy, times(1)).setLogServerIp(false);
+		verify(sisSpy, times(1)).setLogApplicationName(false, null);
+
+		verifyNoMoreInteractions(etlsSpy, cisSpy, sisSpy);
 	}
 
 }
diff --git a/src/test/java/org/owasp/esapi/logging/appender/ServerInfoSupplierTest.java b/src/test/java/org/owasp/esapi/logging/appender/ServerInfoSupplierTest.java
index f1c6b3be4..5280ecb3b 100644
--- a/src/test/java/org/owasp/esapi/logging/appender/ServerInfoSupplierTest.java
+++ b/src/test/java/org/owasp/esapi/logging/appender/ServerInfoSupplierTest.java
@@ -1,5 +1,10 @@
 package org.owasp.esapi.logging.appender;
 
+import static org.junit.Assert.assertEquals;
+import static org.mockito.Mockito.mock;
+import static org.powermock.api.mockito.PowerMockito.mockStatic;
+import static org.powermock.api.mockito.PowerMockito.when;
+
 import javax.servlet.http.HttpServletRequest;
 
 import org.junit.Before;
@@ -7,83 +12,84 @@
 import org.junit.Test;
 import org.junit.rules.TestName;
 import org.junit.runner.RunWith;
-import org.mockito.Mockito;
 import org.owasp.esapi.ESAPI;
-import org.powermock.api.mockito.PowerMockito;
 import org.powermock.core.classloader.annotations.PrepareForTest;
 import org.powermock.modules.junit4.PowerMockRunner;
 
 @RunWith(PowerMockRunner.class)
-@PrepareForTest({ESAPI.class})
+@PrepareForTest({ ESAPI.class })
 public class ServerInfoSupplierTest {
 	@Rule
-    public TestName testName = new TestName();
-	
+	public TestName testName = new TestName();
+
 	private HttpServletRequest request;
+
 	@Before
 	public void buildStaticMocks() throws Exception {
-		request = Mockito.mock(HttpServletRequest.class);
-		 PowerMockito.mockStatic(ESAPI.class);
-	     PowerMockito.when(ESAPI.class, "currentRequest").thenReturn(request);
+		request = mock(HttpServletRequest.class);
+		mockStatic(ESAPI.class);
+		when(ESAPI.class, "currentRequest").thenReturn(request);
 	}
-	
+
 	@Test
 	public void verifyFullOutput() {
-		Mockito.when(request.getLocalAddr()).thenReturn("LOCAL_ADDR");
-		Mockito.when(request.getLocalPort()).thenReturn(99999);
-		
+		when(request.getLocalAddr()).thenReturn("LOCAL_ADDR");
+		when(request.getLocalPort()).thenReturn(99999);
+
 		ServerInfoSupplier sis = new ServerInfoSupplier(testName.getMethodName());
-		sis.setLogApplicationName(true, testName.getMethodName()+"-APPLICATION");
+		sis.setLogApplicationName(true, testName.getMethodName() + "-APPLICATION");
 		sis.setLogServerIp(true);
-		
+
 		String result = sis.get();
-		org.junit.Assert.assertEquals("LOCAL_ADDR:99999/"+testName.getMethodName()+"-APPLICATION/"+testName.getMethodName(), result);
+		assertEquals("LOCAL_ADDR:99999/" + testName.getMethodName() + "-APPLICATION/" + testName.getMethodName(),
+				result);
 	}
-	
+
 	@Test
 	public void verifyOutputNullRequest() throws Exception {
-		  PowerMockito.when(ESAPI.class, "currentRequest").thenReturn(null);
+		when(ESAPI.class, "currentRequest").thenReturn(null);
 		ServerInfoSupplier sis = new ServerInfoSupplier(testName.getMethodName());
-		sis.setLogApplicationName(true, testName.getMethodName()+"-APPLICATION");
+		sis.setLogApplicationName(true, testName.getMethodName() + "-APPLICATION");
 		sis.setLogServerIp(true);
-		
+
 		String result = sis.get();
-		org.junit.Assert.assertEquals("/"+testName.getMethodName()+"-APPLICATION/"+testName.getMethodName(), result);
+		assertEquals("/" + testName.getMethodName() + "-APPLICATION/" + testName.getMethodName(), result);
 	}
-	
+
 	@Test
 	public void verifyOutputNoAppName() {
-		Mockito.when(request.getLocalAddr()).thenReturn("LOCAL_ADDR");
-		Mockito.when(request.getLocalPort()).thenReturn(99999);
-		
+		when(request.getLocalAddr()).thenReturn("LOCAL_ADDR");
+		when(request.getLocalPort()).thenReturn(99999);
+
 		ServerInfoSupplier sis = new ServerInfoSupplier(testName.getMethodName());
 		sis.setLogApplicationName(false, null);
 		sis.setLogServerIp(true);
-		
+
 		String result = sis.get();
-		org.junit.Assert.assertEquals("LOCAL_ADDR:99999/"+testName.getMethodName(), result);
+		assertEquals("LOCAL_ADDR:99999/" + testName.getMethodName(), result);
 	}
-	
+
 	@Test
 	public void verifyOutputNullAppName() {
-		Mockito.when(request.getLocalAddr()).thenReturn("LOCAL_ADDR");
-		Mockito.when(request.getLocalPort()).thenReturn(99999);
-		
+		when(request.getLocalAddr()).thenReturn("LOCAL_ADDR");
+		when(request.getLocalPort()).thenReturn(99999);
+
 		ServerInfoSupplier sis = new ServerInfoSupplier(testName.getMethodName());
 		sis.setLogApplicationName(true, null);
 		sis.setLogServerIp(true);
-		
+
 		String result = sis.get();
-		org.junit.Assert.assertEquals("LOCAL_ADDR:99999/null/"+testName.getMethodName(), result);
+		assertEquals("LOCAL_ADDR:99999/null/" + testName.getMethodName(), result);
 	}
+
 	@Test
 	public void verifyOutputNoServerIp() {
 		ServerInfoSupplier sis = new ServerInfoSupplier(testName.getMethodName());
-		sis.setLogApplicationName(true, testName.getMethodName()+"-APPLICATION");
+		sis.setLogApplicationName(true, testName.getMethodName() + "-APPLICATION");
 		sis.setLogServerIp(false);
-		
+
 		String result = sis.get();
-		org.junit.Assert.assertEquals("/"+testName.getMethodName()+"-APPLICATION/"+testName.getMethodName(), result);
+		assertEquals("/" + testName.getMethodName() + "-APPLICATION/" + testName.getMethodName(), result);
 	}
-	
+
 }

From 50ac0a583bf0d6f3540c016c75bc5191496f9ecf Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sat, 7 Dec 2019 11:34:59 -0600
Subject: [PATCH 609/812] Adding Anonymous Default Username

Feedback captured in github issue #530.  If the logged-in user is null,
the username value will default to #ANONYMOUS#.
---
 .../logging/appender/ClientInfoSupplier.java   | 18 +++++++++++++-----
 .../appender/ClientInfoSupplierTest.java       |  6 +++---
 2 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/logging/appender/ClientInfoSupplier.java b/src/main/java/org/owasp/esapi/logging/appender/ClientInfoSupplier.java
index af0e3b827..4b34a4611 100644
--- a/src/main/java/org/owasp/esapi/logging/appender/ClientInfoSupplier.java
+++ b/src/main/java/org/owasp/esapi/logging/appender/ClientInfoSupplier.java
@@ -13,6 +13,10 @@
  * information.
  */
 public class ClientInfoSupplier implements Supplier<String> {
+	/** Default UserName string if the Authenticated user is null.*/
+	private static final String DEFAULT_USERNAME = "#ANONYMOUS#";
+	/** Default Last Host string if the Authenticated user is null.*/
+	private static final String DEFAULT_LAST_HOST = "";
 	/** Session Attribute containing the ESAPI Session id. */
 	private static final String ESAPI_SESSION_ATTR = "ESAPI_SESSION";
 	/**
@@ -33,9 +37,8 @@ public class ClientInfoSupplier implements Supplier<String> {
 	@Override
 	public String get() {
 		String userInfo = "";
-		// log user information - username:session@ipaddr
-		User user = ESAPI.authenticator().getCurrentUser();
-		if (logUserInfo && user != null) {
+	
+		if (logUserInfo) {
 			HttpServletRequest request = ESAPI.currentRequest();
 			// create a random session number for the user to represent the user's
 			// 'session', if it doesn't exist already
@@ -52,8 +55,13 @@ public String get() {
 					}
 				}
 			}
-
-			userInfo = String.format(USER_INFO_FORMAT, user.getAccountName(), sid, user.getLastHostAddress());
+			// log user information - username:session@ipaddr
+			User user = ESAPI.authenticator().getCurrentUser();
+			if (user == null) {
+				userInfo = String.format(USER_INFO_FORMAT, DEFAULT_USERNAME, sid, DEFAULT_LAST_HOST);
+			} else {
+				userInfo = String.format(USER_INFO_FORMAT, user.getAccountName(), sid, user.getLastHostAddress());
+			}
 		}
 		return userInfo;
 	}
diff --git a/src/test/java/org/owasp/esapi/logging/appender/ClientInfoSupplierTest.java b/src/test/java/org/owasp/esapi/logging/appender/ClientInfoSupplierTest.java
index 0c8fd375e..aaf550c45 100644
--- a/src/test/java/org/owasp/esapi/logging/appender/ClientInfoSupplierTest.java
+++ b/src/test/java/org/owasp/esapi/logging/appender/ClientInfoSupplierTest.java
@@ -92,8 +92,6 @@ public void testLogUserOff() {
 		
 		assertTrue(result.isEmpty());
 		
-		verify(mockAuth,times(1)).getCurrentUser();
-		
 		verifyNoMoreInteractions(mockAuth, mockRand, mockRequest, mockSession, mockUser);
 	}
 	
@@ -104,9 +102,11 @@ public void testLogUserNull() {
 		cis.setLogUserInfo(true);
 		String result = cis.get();
 		
-		assertTrue(result.isEmpty());
+		assertEquals("#ANONYMOUS#:"+testName.getMethodName()+ "-SESSION@", result);
 		
 		verify(mockAuth,times(1)).getCurrentUser();
+		verify(mockRequest,times(1)).getSession(false);
+		verify(mockSession,times(1)).getAttribute(ESAPI_SESSION_ATTR);
 		
 		verifyNoMoreInteractions(mockAuth, mockRand, mockRequest, mockSession, mockUser);
 	}

From df9f30d3c737affb7a93e3a2d79c2392b1603f20 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sat, 7 Dec 2019 12:13:03 -0600
Subject: [PATCH 610/812] Default Last Host with null User

Feedback captured in github issue #530.  If the logged-in user is null,
the last host name value will default to #UNKNOWN_HOST#.
---
 .../org/owasp/esapi/logging/appender/ClientInfoSupplier.java    | 2 +-
 .../owasp/esapi/logging/appender/ClientInfoSupplierTest.java    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/logging/appender/ClientInfoSupplier.java b/src/main/java/org/owasp/esapi/logging/appender/ClientInfoSupplier.java
index 4b34a4611..a5a3cc003 100644
--- a/src/main/java/org/owasp/esapi/logging/appender/ClientInfoSupplier.java
+++ b/src/main/java/org/owasp/esapi/logging/appender/ClientInfoSupplier.java
@@ -16,7 +16,7 @@ public class ClientInfoSupplier implements Supplier<String> {
 	/** Default UserName string if the Authenticated user is null.*/
 	private static final String DEFAULT_USERNAME = "#ANONYMOUS#";
 	/** Default Last Host string if the Authenticated user is null.*/
-	private static final String DEFAULT_LAST_HOST = "";
+	private static final String DEFAULT_LAST_HOST = "#UNKNOWN_HOST#";
 	/** Session Attribute containing the ESAPI Session id. */
 	private static final String ESAPI_SESSION_ATTR = "ESAPI_SESSION";
 	/**
diff --git a/src/test/java/org/owasp/esapi/logging/appender/ClientInfoSupplierTest.java b/src/test/java/org/owasp/esapi/logging/appender/ClientInfoSupplierTest.java
index aaf550c45..b021ab06e 100644
--- a/src/test/java/org/owasp/esapi/logging/appender/ClientInfoSupplierTest.java
+++ b/src/test/java/org/owasp/esapi/logging/appender/ClientInfoSupplierTest.java
@@ -102,7 +102,7 @@ public void testLogUserNull() {
 		cis.setLogUserInfo(true);
 		String result = cis.get();
 		
-		assertEquals("#ANONYMOUS#:"+testName.getMethodName()+ "-SESSION@", result);
+		assertEquals("#ANONYMOUS#:"+testName.getMethodName()+ "-SESSION@#UNKNOWN_HOST#", result);
 		
 		verify(mockAuth,times(1)).getCurrentUser();
 		verify(mockRequest,times(1)).getSession(false);

From 4de9c5a63253edbfbc1892fddee58dbf6c092030 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sat, 7 Dec 2019 14:15:34 -0600
Subject: [PATCH 611/812] Documentation File Header Updates

Correcting javadoc for copied file.  Duplicating ESAPI header to created
files.
---
 .../logging/appender/ClientInfoSupplier.java      | 15 +++++++++++++++
 .../logging/appender/EventTypeLogSupplier.java    | 15 +++++++++++++++
 .../owasp/esapi/logging/appender/LogAppender.java | 11 +++++++++--
 .../esapi/logging/appender/LogPrefixAppender.java | 15 +++++++++++++++
 .../logging/appender/ServerInfoSupplier.java      | 15 +++++++++++++++
 5 files changed, 69 insertions(+), 2 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/logging/appender/ClientInfoSupplier.java b/src/main/java/org/owasp/esapi/logging/appender/ClientInfoSupplier.java
index a5a3cc003..b21aa0629 100644
--- a/src/main/java/org/owasp/esapi/logging/appender/ClientInfoSupplier.java
+++ b/src/main/java/org/owasp/esapi/logging/appender/ClientInfoSupplier.java
@@ -1,3 +1,18 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @created 2019
+ */
+
 package org.owasp.esapi.logging.appender;
 
 import java.util.function.Supplier;
diff --git a/src/main/java/org/owasp/esapi/logging/appender/EventTypeLogSupplier.java b/src/main/java/org/owasp/esapi/logging/appender/EventTypeLogSupplier.java
index 9ff99ce35..020b15f8b 100644
--- a/src/main/java/org/owasp/esapi/logging/appender/EventTypeLogSupplier.java
+++ b/src/main/java/org/owasp/esapi/logging/appender/EventTypeLogSupplier.java
@@ -1,3 +1,18 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @created 2019
+ */
+
 package org.owasp.esapi.logging.appender;
 
 import java.util.function.Supplier;
diff --git a/src/main/java/org/owasp/esapi/logging/appender/LogAppender.java b/src/main/java/org/owasp/esapi/logging/appender/LogAppender.java
index b5887b38b..cc4917049 100644
--- a/src/main/java/org/owasp/esapi/logging/appender/LogAppender.java
+++ b/src/main/java/org/owasp/esapi/logging/appender/LogAppender.java
@@ -10,7 +10,7 @@
  * The ESAPI is published by OWASP under the BSD license. You should read and accept the
  * LICENSE before you use, modify, and/or redistribute this software.
  * 
- * @created 2018
+ * @created 2019
  */
 
 package org.owasp.esapi.logging.appender;
@@ -18,11 +18,18 @@
 import org.owasp.esapi.Logger.EventType;
 
 /**
- * Contract interface for cleaning log message output.
+ * Contract interface for appending content to a log message.
  *
  */
 public interface LogAppender {
 
+	/**
+	 * Creates a replacement Log Message and returns it to the caller.
+	 * @param logName name of the logger.
+	 * @param eventType EventType of the log event being processed.
+	 * @param message The original message.
+	 * @return Updated replacement message.
+	 */
 	public String appendTo(String logName, EventType eventType, String message);
 
 }
diff --git a/src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java b/src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java
index 3e4344fd3..a31492eb6 100644
--- a/src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java
+++ b/src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java
@@ -1,3 +1,18 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @created 2019
+ */
+
 package org.owasp.esapi.logging.appender;
 
 import org.owasp.esapi.Logger.EventType;
diff --git a/src/main/java/org/owasp/esapi/logging/appender/ServerInfoSupplier.java b/src/main/java/org/owasp/esapi/logging/appender/ServerInfoSupplier.java
index cea4196df..8d0d49dd4 100644
--- a/src/main/java/org/owasp/esapi/logging/appender/ServerInfoSupplier.java
+++ b/src/main/java/org/owasp/esapi/logging/appender/ServerInfoSupplier.java
@@ -1,3 +1,18 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @created 2019
+ */
+
 package org.owasp.esapi.logging.appender;
 
 import java.util.function.Supplier;

From b5638c25ba54d808b5d40de239fc80659493e985 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sun, 8 Dec 2019 16:30:19 -0600
Subject: [PATCH 612/812] Moving JavaLogger

Moving the JavaLogger from the reference package to logging.java package.
---
 .../owasp/esapi/{reference => logging/java}/JavaLogFactory.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename src/main/java/org/owasp/esapi/{reference => logging/java}/JavaLogFactory.java (99%)

diff --git a/src/main/java/org/owasp/esapi/reference/JavaLogFactory.java b/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java
similarity index 99%
rename from src/main/java/org/owasp/esapi/reference/JavaLogFactory.java
rename to src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java
index 07a86daf5..76b8ec93a 100644
--- a/src/main/java/org/owasp/esapi/reference/JavaLogFactory.java
+++ b/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java
@@ -1,4 +1,4 @@
-package org.owasp.esapi.reference;
+package org.owasp.esapi.logging.java;
 
 import java.io.Serializable;
 import java.util.HashMap;

From a7201c1b53b3ad8f7025bc27f010ed38495406c9 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sun, 8 Dec 2019 16:35:34 -0600
Subject: [PATCH 613/812] Updating References after Move

JavaLogFactory naming and reference updates.
---
 .../owasp/esapi/logging/java/JavaLogFactory.java |  2 +-
 .../reference/DefaultSecurityConfiguration.java  |  2 +-
 .../java}/JavaLogFactoryTest.java                |  5 +++--
 .../java}/JavaLoggerTest.java                    | 16 ++++++++++------
 .../owasp/esapi/reference/Log4JLoggerTest.java   |  2 +-
 5 files changed, 16 insertions(+), 11 deletions(-)
 rename src/test/java/org/owasp/esapi/{reference => logging/java}/JavaLogFactoryTest.java (97%)
 rename src/test/java/org/owasp/esapi/{reference => logging/java}/JavaLoggerTest.java (97%)

diff --git a/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java b/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java
index 76b8ec93a..4437cf5ff 100644
--- a/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java
+++ b/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java
@@ -21,7 +21,7 @@
  * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a href="http://www.aspectsecurity.com">Aspect Security</a>
  * @since June 1, 2007
  * @see org.owasp.esapi.LogFactory
- * @see org.owasp.esapi.reference.JavaLogFactory.JavaLogger
+ * @see org.owasp.esapi.logging.java.JavaLogFactory.JavaLogger
  */
 public class JavaLogFactory implements LogFactory {
 	private static volatile LogFactory singletonInstance;
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
index c244c20fa..094a92a84 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
@@ -195,7 +195,7 @@ public static SecurityConfiguration getInstance() {
     /*
      * Default Implementations
      */
-    public static final String DEFAULT_LOG_IMPLEMENTATION = "org.owasp.esapi.reference.JavaLogFactory";
+    public static final String DEFAULT_LOG_IMPLEMENTATION = "org.owasp.esapi.logging.java.JavaLogFactory";
     public static final String DEFAULT_AUTHENTICATION_IMPLEMENTATION = "org.owasp.esapi.reference.FileBasedAuthenticator";
     public static final String DEFAULT_ENCODER_IMPLEMENTATION = "org.owasp.esapi.reference.DefaultEncoder";
     public static final String DEFAULT_ACCESS_CONTROL_IMPLEMENTATION = "org.owasp.esapi.reference.DefaultAccessController";
diff --git a/src/test/java/org/owasp/esapi/reference/JavaLogFactoryTest.java b/src/test/java/org/owasp/esapi/logging/java/JavaLogFactoryTest.java
similarity index 97%
rename from src/test/java/org/owasp/esapi/reference/JavaLogFactoryTest.java
rename to src/test/java/org/owasp/esapi/logging/java/JavaLogFactoryTest.java
index 41a7c52b0..bc0521863 100644
--- a/src/test/java/org/owasp/esapi/reference/JavaLogFactoryTest.java
+++ b/src/test/java/org/owasp/esapi/logging/java/JavaLogFactoryTest.java
@@ -1,4 +1,4 @@
-package org.owasp.esapi.reference;
+package org.owasp.esapi.logging.java;
 
 import java.util.ArrayList;
 import java.util.HashSet;
@@ -8,10 +8,11 @@
 import java.util.concurrent.CountDownLatch;
 
 import org.junit.Assert;
+import org.junit.Ignore;
 import org.junit.Test;
 import org.owasp.esapi.Logger;
 
-
+@Ignore
 public class JavaLogFactoryTest {
 
     @Test
diff --git a/src/test/java/org/owasp/esapi/reference/JavaLoggerTest.java b/src/test/java/org/owasp/esapi/logging/java/JavaLoggerTest.java
similarity index 97%
rename from src/test/java/org/owasp/esapi/reference/JavaLoggerTest.java
rename to src/test/java/org/owasp/esapi/logging/java/JavaLoggerTest.java
index 410316301..78d3d530f 100644
--- a/src/test/java/org/owasp/esapi/reference/JavaLoggerTest.java
+++ b/src/test/java/org/owasp/esapi/logging/java/JavaLoggerTest.java
@@ -13,27 +13,31 @@
  * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
  * @created 2007
  */
-package org.owasp.esapi.reference;
+package org.owasp.esapi.logging.java;
 
 import java.io.IOException;
 import java.util.Arrays;
 
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-
+import org.junit.Ignore;
 import org.owasp.esapi.ESAPI;
 import org.owasp.esapi.Logger;
 import org.owasp.esapi.errors.AuthenticationException;
 import org.owasp.esapi.errors.ValidationException;
 import org.owasp.esapi.http.MockHttpServletRequest;
 import org.owasp.esapi.http.MockHttpServletResponse;
+import org.owasp.esapi.reference.DefaultSecurityConfiguration;
+import org.owasp.esapi.reference.UnitTestSecurityConfiguration;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
 
 /**
  * The Class LoggerTest.
  * 
  * @author Jeff Williams (jeff.williams@aspectsecurity.com)
  */
+@Ignore
 public class JavaLoggerTest extends TestCase {
 
 	private static int testCount = 0;
@@ -111,7 +115,7 @@ public void testLogHTTPRequest() throws ValidationException, IOException, Authen
     
     /**
      * Test of setLevel method of the inner class org.owasp.esapi.reference.JavaLogger that is defined in 
-     * org.owasp.esapi.reference.JavaLogFactory.
+     * org.owasp.esapi.logging.java.JavaLogFactory.
      */
     public void testSetLevel() {
         System.out.println("setLevel");
diff --git a/src/test/java/org/owasp/esapi/reference/Log4JLoggerTest.java b/src/test/java/org/owasp/esapi/reference/Log4JLoggerTest.java
index 1c7abdc53..3765170a4 100644
--- a/src/test/java/org/owasp/esapi/reference/Log4JLoggerTest.java
+++ b/src/test/java/org/owasp/esapi/reference/Log4JLoggerTest.java
@@ -126,7 +126,7 @@ public void testLogHTTPRequest() throws ValidationException, IOException, Authen
     
     /**
      * Test of setLevel method of the inner class org.owasp.esapi.reference.JavaLogger that is defined in 
-     * org.owasp.esapi.reference.JavaLogFactory.
+     * org.owasp.esapi.logging.java.JavaLogFactory.
      */
     public void testSetLevel() {
         System.out.println("setLevel");

From 4461aa79d0ee7235607895c4beda189844b419f6 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sun, 8 Dec 2019 16:39:50 -0600
Subject: [PATCH 614/812] Breaking up JavaLogFactory

Separating implementation into the three classes.
---
 .../esapi/logging/java/JavaLogFactory.java    | 336 +-----------------
 1 file changed, 1 insertion(+), 335 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java b/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java
index 4437cf5ff..cea1f16bd 100644
--- a/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java
+++ b/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java
@@ -2,15 +2,9 @@
 
 import java.io.Serializable;
 import java.util.HashMap;
-import java.util.logging.Level;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
-
-import org.owasp.esapi.ESAPI;
 import org.owasp.esapi.LogFactory;
 import org.owasp.esapi.Logger;
-import org.owasp.esapi.User;
 
 /**
  * Reference implementation of the LogFactory and Logger interfaces. This implementation uses the Java logging package, and marks each
@@ -70,334 +64,6 @@ public Logger getLogger(String moduleName) {
     }
 
 
-    /**
-     *  A custom logging level defined between Level.SEVERE and Level.WARNING in logger.
-     */
-    public static class JavaLoggerLevel extends Level {
-
-        protected static final long serialVersionUID = 1L;
-
-        /**
-    	 * Defines a custom error level below SEVERE but above WARNING since this level isn't defined directly
-    	 * by java.util.Logger already.
-    	 */
-    	public static final Level ERROR_LEVEL = new JavaLoggerLevel( "ERROR", Level.SEVERE.intValue() - 1);
-    	
-    	/**
-    	 * Constructs an instance of a JavaLoggerLevel which essentially provides a mapping between the name of
-    	 * the defined level and its numeric value.
-    	 * 
-    	 * @param name The name of the JavaLoggerLevel
-    	 * @param value The associated numeric value
-    	 */
-		protected JavaLoggerLevel(String name, int value) {
-			super(name, value);
-		}
-    }
-        
-    /**
-     * Reference implementation of the Logger interface.
-     * 
-     * It implements most of the recommendations defined in the Logger interface description. It does not
-     * filter out any sensitive data specific to the current application or organization, such as credit 
-     * cards, social security numbers, etc.  
-     * 
-     * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a href="http://www.aspectsecurity.com">Aspect Security</a>
-     * @since June 1, 2007
-     * @see org.owasp.esapi.LogFactory
-     */
-    private static class JavaLogger implements org.owasp.esapi.Logger {
-
-    	/** The jlogger object used by this class to log everything. */
-        private java.util.logging.Logger jlogger = null;
-
-        /** The module name using this log. */
-        private String moduleName = null;
-
-        /** The application name defined in ESAPI.properties */
-    	private String applicationName=ESAPI.securityConfiguration().getApplicationName();
-
-        /** Log the application name? */
-    	private static boolean logAppName = ESAPI.securityConfiguration().getLogApplicationName();
-
-    	/** Log the server ip? */
-    	private static boolean logServerIP = ESAPI.securityConfiguration().getLogServerIP();
-    	
-        /**
-         * Public constructor should only ever be called via the appropriate LogFactory
-         * 
-         * @param moduleName the module name
-         */
-        private JavaLogger(String moduleName) {
-            this.moduleName = moduleName;
-            this.jlogger = java.util.logging.Logger.getLogger(applicationName + ":" + moduleName);
-        }
-
-        /**
-         * {@inheritDoc}
-         * Note: In this implementation, this change is not persistent,
-         * meaning that if the application is restarted, the log level will revert to the level defined in the 
-         * ESAPI SecurityConfiguration properties file.
-         */
-        public void setLevel(int level)
-        {
-        	try {
-        		jlogger.setLevel(convertESAPILeveltoLoggerLevel( level ));
-        	}
-        	catch (IllegalArgumentException e) {
-       			this.error(Logger.SECURITY_FAILURE, "", e);    		
-        	}
-         }
-        
-        /**
-         * {@inheritDoc}
-         * @see org.owasp.esapi.reference.Log4JLogger#getESAPILevel()
-         */
-        public int getESAPILevel() {
-        	return jlogger.getLevel().intValue();
-        }
-        
-        /**
-         * Converts the ESAPI logging level (a number) into the levels used by Java's logger.
-         * @param level The ESAPI to convert.
-         * @return The Java logging Level that is equivalent.
-         * @throws IllegalArgumentException if the supplied ESAPI level doesn't make a level that is currently defined.
-         */
-        private static Level convertESAPILeveltoLoggerLevel(int level)
-        {
-        	switch (level) {
-        		case Logger.OFF:     return Level.OFF;
-        		case Logger.FATAL:   return Level.SEVERE;
-        		case Logger.ERROR:   return JavaLoggerLevel.ERROR_LEVEL; // This is a custom level.
-        		case Logger.WARNING: return Level.WARNING;
-        		case Logger.INFO:    return Level.INFO;
-        		case Logger.DEBUG:   return Level.FINE;
-        		case Logger.TRACE:   return Level.FINEST;
-        		case Logger.ALL:     return Level.ALL;       		
-        		default: {
-        			throw new IllegalArgumentException("Invalid logging level. Value was: " + level);
-        		}
-        	}
-        }
-
-        /**
-    	* {@inheritDoc}
-    	*/
-        public void trace(EventType type, String message, Throwable throwable) {
-            log(Level.FINEST, type, message, throwable);
-        }
-
-        /**
-    	* {@inheritDoc}
-    	*/
-        public void trace(EventType type, String message) {
-            log(Level.FINEST, type, message, null);
-        }
-
-        /**
-    	* {@inheritDoc}
-    	*/
-        public void debug(EventType type, String message, Throwable throwable) {
-            log(Level.FINE, type, message, throwable);
-        }
-
-        /**
-    	* {@inheritDoc}
-    	*/
-        public void debug(EventType type, String message) {
-            log(Level.FINE, type, message, null);
-        }
-
-        /**
-    	* {@inheritDoc}
-    	*/
-        public void info(EventType type, String message) {
-            log(Level.INFO, type, message, null);
-        }
-
-        /**
-    	* {@inheritDoc}
-    	*/
-        public void info(EventType type, String message, Throwable throwable) {
-            log(Level.INFO, type, message, throwable);
-        }
-
-        /**
-    	* {@inheritDoc}
-    	*/
-        public void warning(EventType type, String message, Throwable throwable) {
-            log(Level.WARNING, type, message, throwable);
-        }
-
-        /**
-    	* {@inheritDoc}
-    	*/
-        public void warning(EventType type, String message) {
-            log(Level.WARNING, type, message, null);
-        }
+  
 
-        /**
-    	* {@inheritDoc}
-    	*/
-        public void error(EventType type, String message, Throwable throwable) {
-            log(Level.SEVERE, type, message, throwable);
-        }
-
-        /**
-    	* {@inheritDoc}
-    	*/
-        public void error(EventType type, String message) {
-            log(Level.SEVERE, type, message, null);
-        }
-
-        /**
-    	* {@inheritDoc}
-    	*/
-        public void fatal(EventType type, String message, Throwable throwable) {
-            log(Level.SEVERE, type, message, throwable);
-        }
-
-        /**
-    	* {@inheritDoc}
-    	*/
-        public void fatal(EventType type, String message) {
-            log(Level.SEVERE, type, message, null);
-        }
-
-        /**
-         * Log the message after optionally encoding any special characters that might be dangerous when viewed
-         * by an HTML based log viewer. Also encode any carriage returns and line feeds to prevent log 
-         * injection attacks. This logs all the supplied parameters plus the user ID, user's source IP, a logging
-         * specific session ID, and the current date/time.
-         * 
-         * It will only log the message if the current logging level is enabled, otherwise it will 
-         * discard the message. 
-         * 
-         * @param level defines the set of recognized logging levels (TRACE, INFO, DEBUG, WARNING, ERROR, FATAL)
-         * @param type the type of the event (SECURITY SUCCESS, SECURITY FAILURE, EVENT SUCCESS, EVENT FAILURE)
-         * @param message the message
-         * @param throwable the throwable
-         */
-        private void log(Level level, EventType type, String message, Throwable throwable) {
-        	
-        	// Check to see if we need to log
-        	if (!jlogger.isLoggable( level )) return;
-
-            // ensure there's something to log
-            if ( message == null ) {
-            	message = "";
-            }
-            
-            // ensure no CRLF injection into logs for forging records
-            String clean = message.replace( '\n', '_' ).replace( '\r', '_' );
-            if ( ESAPI.securityConfiguration().getLogEncodingRequired() ) {
-            	clean = ESAPI.encoder().encodeForHTML(message);
-                if (!message.equals(clean)) {
-                    clean += " (Encoded)";
-                }
-            }
-
-			// log server, port, app name, module name -- server:80/app/module
-			StringBuilder appInfo = new StringBuilder();
-			if ( ESAPI.currentRequest() != null && logServerIP ) {
-				appInfo.append( ESAPI.currentRequest().getLocalAddr() + ":" + ESAPI.currentRequest().getLocalPort() );
-			}
-			if ( logAppName ) {
-				appInfo.append( "/" + applicationName );
-			}
-			appInfo.append( "/"  + moduleName );
-			
-			//get the type text if it exists
-			String typeInfo = "";
-			if (type != null) {
-				typeInfo += type + " ";
-			}
-			
-			// log the message
-			jlogger.log(level, "[" + typeInfo + getUserInfo() + " -> " + appInfo + "] " + clean, throwable);
-        }
-
-        /**
-    	* {@inheritDoc}
-    	*/
-        public boolean isDebugEnabled() {
-    	    return jlogger.isLoggable(Level.FINE);
-        }
-
-        /**
-    	* {@inheritDoc}
-    	*/
-        public boolean isErrorEnabled() {
-    	    return jlogger.isLoggable(JavaLoggerLevel.ERROR_LEVEL);
-        }
-
-        /**
-    	* {@inheritDoc}
-    	*/
-        public boolean isFatalEnabled() {
-    	    return jlogger.isLoggable(Level.SEVERE);
-        }
-
-        /**
-    	* {@inheritDoc}
-    	*/
-        public boolean isInfoEnabled() {
-    	    return jlogger.isLoggable(Level.INFO);
-        }
-
-        /**
-    	* {@inheritDoc}
-    	*/
-        public boolean isTraceEnabled() {
-    	    return jlogger.isLoggable(Level.FINEST);
-        }
-
-        /**
-    	* {@inheritDoc}
-    	*/
-        public boolean isWarningEnabled() {
-    	    return jlogger.isLoggable(Level.WARNING);
-        }
-        
-        public String getUserInfo() {
-            // create a random session number for the user to represent the user's 'session', if it doesn't exist already
-            String sid = null;
-            HttpServletRequest request = ESAPI.httpUtilities().getCurrentRequest();
-            if ( request != null ) {
-                HttpSession session = request.getSession( false );
-                if ( session != null ) {
-	                sid = (String)session.getAttribute("ESAPI_SESSION");
-	                // if there is no session ID for the user yet, we create one and store it in the user's session
-		            if ( sid == null ) {
-		            	sid = ""+ ESAPI.randomizer().getRandomInteger(0, 1000000);
-		            	session.setAttribute("ESAPI_SESSION", sid);
-		            }
-                }
-            }
-            
-			// log user information - username:session@ipaddr
-			User user = ESAPI.authenticator().getCurrentUser();            
-			String userInfo = "";
-			//TODO - Make Type Logging configurable
-			if ( user != null) {
-				userInfo += user.getAccountName()+ ":" + sid + "@"+ user.getLastHostAddress();
-			}
-			
-			return userInfo;
-        }
-
-    	/**
-    	 * {@inheritDoc}
-    	 */
-		public void always(EventType type, String message) {
-            always(type, message, null);	
-		}
-
-		/**
-		 * {@inheritDoc}
-		 */
-		public void always(EventType type, String message, Throwable throwable) {
-            log(Level.OFF, type, message, throwable);  // Seems backward, but this is what works, not Level.ALL	
-		}
-    }
 }

From 7cd2eb09e0c0ecfb51339d72a38b27d635293564 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sun, 8 Dec 2019 17:19:03 -0600
Subject: [PATCH 615/812] Logging Architecture Updates (JAVA)

Updating the Logging implementation for Java to match the SLF4J class
structures.
---
 .../esapi/logging/java/JavaLogBridge.java     |  44 +++++
 .../esapi/logging/java/JavaLogBridgeImpl.java |  75 ++++++++
 .../esapi/logging/java/JavaLogFactory.java    | 150 ++++++++++------
 .../logging/java/JavaLogLevelHandler.java     |  42 +++++
 .../logging/java/JavaLogLevelHandlers.java    |  38 ++++
 .../owasp/esapi/logging/java/JavaLogger.java  | 168 ++++++++++++++++++
 .../esapi/logging/java/JavaLoggerLevel.java   |  29 +++
 7 files changed, 494 insertions(+), 52 deletions(-)
 create mode 100644 src/main/java/org/owasp/esapi/logging/java/JavaLogBridge.java
 create mode 100644 src/main/java/org/owasp/esapi/logging/java/JavaLogBridgeImpl.java
 create mode 100644 src/main/java/org/owasp/esapi/logging/java/JavaLogLevelHandler.java
 create mode 100644 src/main/java/org/owasp/esapi/logging/java/JavaLogLevelHandlers.java
 create mode 100644 src/main/java/org/owasp/esapi/logging/java/JavaLogger.java
 create mode 100644 src/main/java/org/owasp/esapi/logging/java/JavaLoggerLevel.java

diff --git a/src/main/java/org/owasp/esapi/logging/java/JavaLogBridge.java b/src/main/java/org/owasp/esapi/logging/java/JavaLogBridge.java
new file mode 100644
index 000000000..7e25ee94c
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/logging/java/JavaLogBridge.java
@@ -0,0 +1,44 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @created 2018
+ */
+package org.owasp.esapi.logging.java;
+
+import java.util.logging.Logger;
+
+import org.owasp.esapi.Logger.EventType;
+
+/**
+ * Contract for translating an ESAPI log event into an Java log event.
+ * 
+ */
+public interface JavaLogBridge {
+    /**
+     * Translation for the provided ESAPI level, type, and message to the specified Java Logger.
+     * @param logger Logger to receive the translated message.
+     * @param esapiLevel ESAPI level of event.
+     * @param type ESAPI event type
+     * @param message ESAPI event message content.
+     */
+    void log(Logger logger, int esapiLevel, EventType type, String message) ;
+    /**
+     * Translation for the provided ESAPI level, type, message, and Throwable to the specified Java Logger.
+     * @param logger Logger to receive the translated message.
+     * @param esapiLevel ESAPI level of event.
+     * @param type ESAPI event type
+     * @param message ESAPI event message content.
+     * @param throwable ESAPI event Throwable content
+     */
+    void log(Logger logger, int esapiLevel, EventType type, String message, Throwable throwable) ;
+      
+}
diff --git a/src/main/java/org/owasp/esapi/logging/java/JavaLogBridgeImpl.java b/src/main/java/org/owasp/esapi/logging/java/JavaLogBridgeImpl.java
new file mode 100644
index 000000000..9b3e32f6a
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/logging/java/JavaLogBridgeImpl.java
@@ -0,0 +1,75 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @created 2018
+ */
+
+package org.owasp.esapi.logging.java;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.logging.Logger;
+
+import org.owasp.esapi.Logger.EventType;
+import org.owasp.esapi.logging.appender.LogAppender;
+import org.owasp.esapi.logging.cleaning.LogScrubber;
+
+/**
+ * Implementation which is intended to bridge the ESAPI Logging API into Java supported Object structures.
+ *
+ */
+public class JavaLogBridgeImpl implements JavaLogBridge {
+    /** Configuration providing associations between esapi log levels and Java levels.*/
+    private final Map<Integer,JavaLogLevelHandler> esapiJavaLevelMap;
+    /** Cleaner used for log content.*/
+    private final LogScrubber scrubber;
+    /** Appender used for assembling default message content for all logs.*/
+    private final LogAppender appender;
+    
+    /**
+     * Constructor.
+     * @param logScrubber  Log message cleaner.
+     * @param esapiJavaHandlerMap Map identifying ESAPI -> Java log level associations.
+     */
+    public JavaLogBridgeImpl(LogAppender messageAppender, LogScrubber logScrubber, Map<Integer, JavaLogLevelHandler> esapiJavaHandlerMap) {
+        //Defensive copy to prevent external mutations.
+        this.esapiJavaLevelMap = new HashMap<>(esapiJavaHandlerMap);
+        this.scrubber = logScrubber;
+        this.appender = messageAppender;
+    }
+    @Override
+    public void log(Logger logger, int esapiLevel, EventType type, String message) {
+        JavaLogLevelHandler handler = esapiJavaLevelMap.get(esapiLevel);
+        if (handler == null) {
+            throw new IllegalArgumentException("Unable to lookup Java level mapping for esapi value of " + esapiLevel);
+        }
+        if (handler.isEnabled(logger)) {
+        	String fullMessage = appender.appendTo(logger.getName(), type, message);
+            String cleanString = scrubber.cleanMessage(fullMessage);
+            
+            handler.log(logger, cleanString);
+        }
+    }
+    @Override
+    public void log(Logger logger, int esapiLevel, EventType type, String message, Throwable throwable) {
+        JavaLogLevelHandler handler = esapiJavaLevelMap.get(esapiLevel);
+        if (handler == null) {
+            throw new IllegalArgumentException("Unable to lookup Java level mapping for esapi value of " + esapiLevel);
+        }
+        if (handler.isEnabled(logger)) {
+        	String fullMessage = appender.appendTo(logger.getName(), type, message);
+            String cleanString = scrubber.cleanMessage(fullMessage);
+
+            handler.log(logger, cleanString, throwable);
+        }
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java b/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java
index cea1f16bd..b0d21e9c4 100644
--- a/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java
+++ b/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java
@@ -1,69 +1,115 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @created 2018
+ */
 package org.owasp.esapi.logging.java;
 
-import java.io.Serializable;
+import java.util.ArrayList;
 import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
 
+import org.owasp.esapi.ESAPI;
 import org.owasp.esapi.LogFactory;
 import org.owasp.esapi.Logger;
-
+import org.owasp.esapi.codecs.HTMLEntityCodec;
+import org.owasp.esapi.logging.appender.LogAppender;
+import org.owasp.esapi.logging.appender.LogPrefixAppender;
+import org.owasp.esapi.logging.cleaning.CodecLogScrubber;
+import org.owasp.esapi.logging.cleaning.CompositeLogScrubber;
+import org.owasp.esapi.logging.cleaning.LogScrubber;
+import org.owasp.esapi.logging.cleaning.NewlineLogScrubber;
+import org.owasp.esapi.reference.DefaultSecurityConfiguration;
 /**
- * Reference implementation of the LogFactory and Logger interfaces. This implementation uses the Java logging package, and marks each
- * log message with the currently logged in user and the word "SECURITY" for security related events. See the 
- * <a href="JavaLogFactory.JavaLogger.html">JavaLogFactory.JavaLogger</a> Javadocs for the details on the JavaLogger reference implementation.
- * 
- * @author Mike Fauzy (mike.fauzy@aspectsecurity.com) <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @since June 1, 2007
- * @see org.owasp.esapi.LogFactory
- * @see org.owasp.esapi.logging.java.JavaLogFactory.JavaLogger
+ * LogFactory implementation which creates JAVA supporting Loggers.
+ *
  */
 public class JavaLogFactory implements LogFactory {
-	private static volatile LogFactory singletonInstance;
-
-    public static LogFactory getInstance() {
-        if ( singletonInstance == null ) {
-            synchronized ( JavaLogFactory.class ) {
-                if ( singletonInstance == null ) {
-                    singletonInstance = new JavaLogFactory();
-                }
-            }
-        }
-        return singletonInstance;
+    /** Immune characters for the codec log scrubber for JAVA context.*/
+    private static final char[] IMMUNE_JAVA_HTML = {',', '.', '-', '_', ' ' };
+    /** Codec being used to clean messages for logging.*/
+    private static final HTMLEntityCodec HTML_CODEC = new HTMLEntityCodec();
+    /** Log appender instance.*/
+    private static LogAppender JAVA_LOG_APPENDER;
+    /** Log cleaner instance.*/
+    private static LogScrubber JAVA_LOG_SCRUBBER;
+    /** Bridge class for mapping esapi -> java log levels.*/
+    private static JavaLogBridge LOG_BRIDGE;
+    
+    static {
+        boolean encodeLog = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_ENCODING_REQUIRED);
+        JAVA_LOG_SCRUBBER = createLogScrubber(encodeLog);
+        
+    	boolean logClientInfo = true;
+		boolean logApplicationName = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_APPLICATION_NAME);
+		String appName = ESAPI.securityConfiguration().getStringProp(DefaultSecurityConfiguration.APPLICATION_NAME);
+		boolean logServerIp = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_SERVER_IP);
+        JAVA_LOG_APPENDER = createLogAppender(logClientInfo, logServerIp, logApplicationName, appName);
+        
+        Map<Integer, JavaLogLevelHandler> levelLookup = new HashMap<>();
+        levelLookup.put(Logger.ALL, JavaLogLevelHandlers.ALL);
+        levelLookup.put(Logger.TRACE, JavaLogLevelHandlers.FINEST);
+        levelLookup.put(Logger.DEBUG, JavaLogLevelHandlers.FINE);
+        levelLookup.put(Logger.INFO, JavaLogLevelHandlers.INFO);
+        levelLookup.put(Logger.ERROR, JavaLogLevelHandlers.ERROR);
+        levelLookup.put(Logger.WARNING, JavaLogLevelHandlers.WARNING);
+        levelLookup.put(Logger.FATAL, JavaLogLevelHandlers.SEVERE);
+        //LEVEL.OFF not used.  If it's off why would we try to log it?
+        
+        LOG_BRIDGE = new JavaLogBridgeImpl(JAVA_LOG_APPENDER, JAVA_LOG_SCRUBBER, levelLookup);
     }
-
-	private HashMap<Serializable, Logger> loggersMap = new HashMap<Serializable, Logger>();
-	
-	/**
-	* Null argument constructor for this implementation of the LogFactory interface
-	* needed for dynamic configuration.
-	*/
-	public JavaLogFactory() {}
-	
-	/**
-	* {@inheritDoc}
-	*/
-	public Logger getLogger(Class clazz) {
-	    return getLogger(clazz.getName());
+    
+    /**
+     * Populates the default log scrubber for use in factory-created loggers.
+     * @param requiresEncoding {@code true} if encoding is required for log content.
+     * @return LogScrubber instance.
+     */
+    /*package*/ static LogScrubber createLogScrubber(boolean requiresEncoding) {
+        List<LogScrubber> messageScrubber = new ArrayList<>();
+        messageScrubber.add(new NewlineLogScrubber());
+        
+        if (requiresEncoding) {
+            messageScrubber.add(new CodecLogScrubber(HTML_CODEC, IMMUNE_JAVA_HTML));
+        }
+        
+        return new CompositeLogScrubber(messageScrubber);
+        
     }
-
+    
     /**
-	* {@inheritDoc}
-	*/
+     * Populates the default log appender for use in factory-created loggers.
+     * @param appName 
+     * @param logApplicationName 
+     * @param logServerIp 
+     * @param logClientInfo 
+     * 
+     * @return LogAppender instance.
+     */
+    /*package*/ static LogAppender createLogAppender(boolean logClientInfo, boolean logServerIp, boolean logApplicationName, String appName) {
+       return new LogPrefixAppender(logClientInfo, logServerIp, logApplicationName, appName);       
+    }
+    
+    
+    @Override
     public Logger getLogger(String moduleName) {
-    	
-        synchronized (loggersMap) {
-            // If a logger for this module already exists, we return the same one, otherwise we create a new one.
-            Logger moduleLogger = loggersMap.get(moduleName);
-
-            if (moduleLogger == null) {
-                moduleLogger = new JavaLogger(moduleName);
-                loggersMap.put(moduleName, moduleLogger);    		
-            }
-            return moduleLogger;
-        }
+    	java.util.logging.Logger javaLogger = java.util.logging.Logger.getLogger(moduleName); 
+        return new JavaLogger(javaLogger, LOG_BRIDGE, Logger.ALL);
     }
 
-
-  
+    @Override
+    public Logger getLogger(@SuppressWarnings("rawtypes") Class clazz) {
+    	java.util.logging.Logger javaLogger = java.util.logging.Logger.getLogger(clazz.getName());
+        return new JavaLogger(javaLogger, LOG_BRIDGE, Logger.ALL);
+    }
 
 }
diff --git a/src/main/java/org/owasp/esapi/logging/java/JavaLogLevelHandler.java b/src/main/java/org/owasp/esapi/logging/java/JavaLogLevelHandler.java
new file mode 100644
index 000000000..367e9e5e7
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/logging/java/JavaLogLevelHandler.java
@@ -0,0 +1,42 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @created 2018
+ */
+package org.owasp.esapi.logging.java;
+
+import java.util.logging.Logger;
+
+/**
+ * Contract used to isolate translations for each Java Logging Level.
+ * 
+ * @see JavaLogLevelHandlers
+ * @see JavaLogBridgeImpl
+ *
+ */
+ interface JavaLogLevelHandler {
+     /** Check if the logging level is enabled for the specified logger.*/
+    boolean isEnabled(Logger logger);
+    /**
+     * Calls the appropriate log level event on the specified logger.
+     * @param logger Logger to invoke.
+     * @param msg Message to log.
+     */
+    void log(Logger logger, String msg);
+    /**
+     * Calls the appropriate log level event on the specified logger.
+     * @param logger Logger to invoke
+     * @param msg Message to log
+     * @param th Throwable to log.
+     */
+    void log(Logger logger, String msg, Throwable th);
+}
diff --git a/src/main/java/org/owasp/esapi/logging/java/JavaLogLevelHandlers.java b/src/main/java/org/owasp/esapi/logging/java/JavaLogLevelHandlers.java
new file mode 100644
index 000000000..04ed82043
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/logging/java/JavaLogLevelHandlers.java
@@ -0,0 +1,38 @@
+package org.owasp.esapi.logging.java;
+
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+public enum JavaLogLevelHandlers implements JavaLogLevelHandler {
+
+	SEVERE(Level.SEVERE),
+	WARNING(Level.WARNING),
+	INFO(Level.INFO),
+	CONFIG(Level.CONFIG),
+	FINE(Level.FINE),
+	FINER(Level.FINER),
+	FINEST(Level.FINEST),
+	ALL(Level.ALL),
+	ERROR(JavaLoggerLevel.ERROR_LEVEL);
+
+	private final Level level;
+	
+	private JavaLogLevelHandlers(Level lvl) {
+		this.level = lvl;
+	}
+	
+	@Override
+	public boolean isEnabled(Logger logger) {
+		return logger.isLoggable(level);
+	}
+
+	@Override
+	public void log(Logger logger, String msg) {
+		logger.log(level, msg);
+	}
+
+	@Override
+	public void log(Logger logger, String msg, Throwable th) {
+		logger.log(level, msg, th);
+	}
+}
diff --git a/src/main/java/org/owasp/esapi/logging/java/JavaLogger.java b/src/main/java/org/owasp/esapi/logging/java/JavaLogger.java
new file mode 100644
index 000000000..a028924ba
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/logging/java/JavaLogger.java
@@ -0,0 +1,168 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @created 2018
+ */
+package org.owasp.esapi.logging.java;
+
+import org.owasp.esapi.Logger;
+/**
+ * ESAPI Logger implementation which relays events to an Java delegate.
+ */
+public class JavaLogger implements org.owasp.esapi.Logger {
+    /** Delegate Logger.*/
+    private final java.util.logging.Logger delegate;
+    /** Handler for translating events from ESAPI context for Java processing.*/
+    private final JavaLogBridge logBridge;
+    /** Maximum log level that will be forwarded to Java from the ESAPI context.*/
+    private int maxLogLevel;
+    
+    /**
+     * Constructs a new instance. 
+     * @param JavaLogger Delegate Java logger.
+     * @param bridge Translator for ESAPI -> Java logging events.
+     * @param defaultEsapiLevel Maximum ESAPI log level events to propagate.
+     */
+    public JavaLogger(java.util.logging.Logger JavaLogger, JavaLogBridge bridge, int defaultEsapiLevel) {
+        delegate = JavaLogger;
+        this.logBridge = bridge;
+        maxLogLevel = defaultEsapiLevel;
+    }
+    
+    private void log(int esapiLevel, EventType type, String message) {
+        if (isEnabled(esapiLevel)) {
+            logBridge.log(delegate, esapiLevel, type, message);
+        }
+    }
+    
+    private void log(int esapiLevel, EventType type, String message, Throwable throwable) {
+        if (isEnabled(esapiLevel)) {
+            logBridge.log(delegate, esapiLevel, type, message, throwable);
+        }
+    }
+    
+
+    private boolean isEnabled(int esapiLevel) {
+        //Are Logger.OFF and Logger.ALL reversed?  This should be simply the less than or equal to check...
+        return (esapiLevel <= maxLogLevel && maxLogLevel != Logger.OFF) || maxLogLevel == Logger.ALL;
+    }
+    
+    @Override
+    public void always(EventType type, String message) {
+        log (Logger.ALL, type, message);
+    }
+
+    @Override
+    public void always(EventType type, String message, Throwable throwable) {
+        log (Logger.ALL, type, message, throwable);
+    }
+
+    @Override
+    public void trace(EventType type, String message) {
+        log (Logger.TRACE, type, message);
+    }
+    
+    @Override
+    public void trace(EventType type, String message, Throwable throwable) {
+        log (Logger.TRACE, type, message, throwable);
+    }
+
+    @Override
+    public void debug(EventType type, String message) {
+        log (Logger.DEBUG, type, message);
+    }
+
+    @Override
+    public void debug(EventType type, String message, Throwable throwable) {
+        log (Logger.DEBUG, type, message, throwable);
+    }
+    
+    @Override
+    public void info(EventType type, String message) {
+        log (Logger.INFO, type, message);
+    }
+    
+    @Override
+    public void info(EventType type, String message, Throwable throwable) {
+        log (Logger.INFO, type, message, throwable);
+    }
+    
+    @Override
+    public void warning(EventType type, String message) {
+        log (Logger.WARNING, type, message);
+    }
+    
+    @Override
+    public void warning(EventType type, String message, Throwable throwable) {
+        log (Logger.WARNING, type, message, throwable);
+    }
+
+    @Override
+    public void error(EventType type, String message) {
+        log (Logger.ERROR, type, message);
+    }
+
+    @Override
+    public void error(EventType type, String message, Throwable throwable) {
+        log (Logger.ERROR, type, message, throwable);   
+    }
+
+    @Override
+    public void fatal(EventType type, String message) {
+        log (Logger.FATAL, type, message);
+    }
+
+    @Override
+    public void fatal(EventType type, String message, Throwable throwable) {
+        log (Logger.FATAL, type, message, throwable);
+    }
+    
+    @Override
+    public int getESAPILevel() {
+        return maxLogLevel;
+    }
+    
+    @Override
+    public boolean isTraceEnabled() {
+        return isEnabled(Logger.TRACE);
+    }
+    
+    @Override
+    public boolean isDebugEnabled() {
+        return isEnabled(Logger.DEBUG);
+    }
+    @Override
+    public boolean isInfoEnabled() {
+        return isEnabled(Logger.INFO); 
+    }
+    @Override
+    public boolean isWarningEnabled() {
+        return isEnabled(Logger.WARNING);
+    }
+    
+    @Override
+    public boolean isErrorEnabled() {
+        return isEnabled(Logger.ERROR);
+    }
+    
+    @Override
+    public boolean isFatalEnabled() {
+       return isEnabled(Logger.FATAL);
+    }
+    
+
+    @Override
+    public void setLevel(int level) {
+       maxLogLevel = level;
+    }
+    
+}
diff --git a/src/main/java/org/owasp/esapi/logging/java/JavaLoggerLevel.java b/src/main/java/org/owasp/esapi/logging/java/JavaLoggerLevel.java
new file mode 100644
index 000000000..7d967f347
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/logging/java/JavaLoggerLevel.java
@@ -0,0 +1,29 @@
+package org.owasp.esapi.logging.java;
+
+import java.util.logging.Level;
+
+/**
+ *  A custom logging level defined between Level.SEVERE and Level.WARNING in logger.
+ */
+public class JavaLoggerLevel extends Level {
+
+    protected static final long serialVersionUID = 1L;
+
+    /**
+	 * Defines a custom error level below SEVERE but above WARNING since this level isn't defined directly
+	 * by java.util.Logger already.
+	 */
+	public static final Level ERROR_LEVEL = new JavaLoggerLevel( "ERROR", Level.SEVERE.intValue() - 1);
+	
+	/**
+	 * Constructs an instance of a JavaLoggerLevel which essentially provides a mapping between the name of
+	 * the defined level and its numeric value.
+	 * 
+	 * @param name The name of the JavaLoggerLevel
+	 * @param value The associated numeric value
+	 */
+	private JavaLoggerLevel(String name, int value) {
+		super(name, value);
+	}
+}
+    
\ No newline at end of file

From e553829ce01c326bb8670cce5f9d33735f509279 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sun, 8 Dec 2019 17:56:34 -0600
Subject: [PATCH 616/812] Deleting outdated tests

Removing tests moved in place with original file content. If refactor
continues, these files are cruft.  The threading concern of the
JavaLogFactory is resolved, and the JavaLogger has been entirely
rewritten.
---
 .../logging/java/JavaLogFactoryTest.java      |  74 -----
 .../esapi/logging/java/JavaLoggerTest.java    | 286 ------------------
 2 files changed, 360 deletions(-)
 delete mode 100644 src/test/java/org/owasp/esapi/logging/java/JavaLogFactoryTest.java
 delete mode 100644 src/test/java/org/owasp/esapi/logging/java/JavaLoggerTest.java

diff --git a/src/test/java/org/owasp/esapi/logging/java/JavaLogFactoryTest.java b/src/test/java/org/owasp/esapi/logging/java/JavaLogFactoryTest.java
deleted file mode 100644
index bc0521863..000000000
--- a/src/test/java/org/owasp/esapi/logging/java/JavaLogFactoryTest.java
+++ /dev/null
@@ -1,74 +0,0 @@
-package org.owasp.esapi.logging.java;
-
-import java.util.ArrayList;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
-import java.util.concurrent.ConcurrentHashMap;
-import java.util.concurrent.CountDownLatch;
-
-import org.junit.Assert;
-import org.junit.Ignore;
-import org.junit.Test;
-import org.owasp.esapi.Logger;
-
-@Ignore
-public class JavaLogFactoryTest {
-
-    @Test
-    public void testConcurrentLogRequest() throws InterruptedException {
-        final ConcurrentHashMap<Integer, Logger> logCapture = new ConcurrentHashMap<>();
-        List<Thread> threads = new ArrayList<>();
-        final CountDownLatch forceConcurrency = new CountDownLatch(1);
-        for (int x = 0 ; x < 10; x ++) {
-            final int requestIndex = x;
-            Runnable requestLogByClass = new Runnable() {
-                @Override
-                public void run() {
-                   try {
-                    forceConcurrency.await();
-                } catch (InterruptedException e) {
-                    // TODO Auto-generated catch block
-                    e.printStackTrace();
-                }
-                   logCapture.put(requestIndex, JavaLogFactory.getInstance().getLogger(JavaLogFactoryTest.class));
-                }
-            };
-            
-            Runnable requestLogByModule = new Runnable() {
-                @Override
-                public void run() {
-                   try {
-                    forceConcurrency.await();
-                } catch (InterruptedException e) {
-                    // TODO Auto-generated catch block
-                    e.printStackTrace();
-                }
-                   logCapture.put(requestIndex, JavaLogFactory.getInstance().getLogger(JavaLogFactoryTest.class.getName()));
-                }
-            };
-            
-            threads.add(new Thread(requestLogByClass, "Request Log By Class " + x));
-            
-            threads.add(new Thread(requestLogByModule, "Request Log By Name " + x));
-            
-            
-        }
-        
-        for (Thread thread : threads) {
-            thread.start();
-        }
-        
-        forceConcurrency.countDown();
-        
-        for (Thread thread: threads) {
-            thread.join();
-        }
-        
-        
-        Set<Logger> uniqueLoggers = new HashSet<>(logCapture.values());
-        
-        Assert.assertEquals(1, uniqueLoggers.size());
-        
-    }
-}
diff --git a/src/test/java/org/owasp/esapi/logging/java/JavaLoggerTest.java b/src/test/java/org/owasp/esapi/logging/java/JavaLoggerTest.java
deleted file mode 100644
index 78d3d530f..000000000
--- a/src/test/java/org/owasp/esapi/logging/java/JavaLoggerTest.java
+++ /dev/null
@@ -1,286 +0,0 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.logging.java;
-
-import java.io.IOException;
-import java.util.Arrays;
-
-import org.junit.Ignore;
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.Logger;
-import org.owasp.esapi.errors.AuthenticationException;
-import org.owasp.esapi.errors.ValidationException;
-import org.owasp.esapi.http.MockHttpServletRequest;
-import org.owasp.esapi.http.MockHttpServletResponse;
-import org.owasp.esapi.reference.DefaultSecurityConfiguration;
-import org.owasp.esapi.reference.UnitTestSecurityConfiguration;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-
-/**
- * The Class LoggerTest.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- */
-@Ignore
-public class JavaLoggerTest extends TestCase {
-
-	private static int testCount = 0;
-	
-	private static Logger testLogger = null;
-
-	
-    /**
-	 * Instantiates a new logger test.
-	 * 
-	 * @param testName the test name
-	 */
-    public JavaLoggerTest(String testName) {
-        super(testName);
-    }
-
-    /**
-     * {@inheritDoc}
-     * @throws Exception
-     */
-    protected void setUp() throws Exception {
-        UnitTestSecurityConfiguration tmpConfig = new UnitTestSecurityConfiguration((DefaultSecurityConfiguration) ESAPI.securityConfiguration());
-        tmpConfig.setLogImplementation( JavaLogFactory.class.getName() );
-        ESAPI.override(tmpConfig);
-    	//This ensures a clean logger between tests
-    	testLogger = ESAPI.getLogger( "test" + testCount++ );
-    	System.out.println("Test logger: " + testLogger);
-    }
-
-    /**
-     * {@inheritDoc}
-     * @throws Exception
-     */
-    protected void tearDown() throws Exception {
-    	//this helps, with garbage collection
-    	testLogger = null;
-        ESAPI.override(null);
-    }
-
-    /**
-	 * Suite.
-	 * 
-	 * @return the test
-	 */
-    public static Test suite() {
-        TestSuite suite = new TestSuite(JavaLoggerTest.class);    
-        return suite;
-    }
-    
-    /**
-     * Test of logHTTPRequest method, of class org.owasp.esapi.Logger.
-     * 
-     * @throws ValidationException
-     *             the validation exception
-     * @throws IOException
-     *             Signals that an I/O exception has occurred.
-     * @throws AuthenticationException
-     *             the authentication exception
-     */
-    public void testLogHTTPRequest() throws ValidationException, IOException, AuthenticationException {
-        System.out.println("logHTTPRequest");
-        String[] ignore = {"password","ssn","ccn"};
-        MockHttpServletRequest request = new MockHttpServletRequest();
-        MockHttpServletResponse response = new MockHttpServletResponse();
-        ESAPI.httpUtilities().setCurrentHTTP(request, response);
-        Logger logger = ESAPI.getLogger("logger");
-        ESAPI.httpUtilities().logHTTPRequest( request, logger, Arrays.asList(ignore) );
-        request.addParameter("one","one");
-        request.addParameter("two","two1");
-        request.addParameter("two","two2");
-        request.addParameter("password","jwilliams");
-        ESAPI.httpUtilities().logHTTPRequest( request, logger, Arrays.asList(ignore) );
-    }    
-    
-    
-    /**
-     * Test of setLevel method of the inner class org.owasp.esapi.reference.JavaLogger that is defined in 
-     * org.owasp.esapi.logging.java.JavaLogFactory.
-     */
-    public void testSetLevel() {
-        System.out.println("setLevel");
-        
-        // The following tests that the default logging level is set to WARNING. Since the default might be changed
-        // in the ESAPI security configuration file, these are commented out.
-//       	assertTrue(testLogger.isWarningEnabled());
-//       	assertFalse(testLogger.isInfoEnabled());
-
-        // First, test all the different logging levels
-        testLogger.setLevel( Logger.ALL );
-    	assertTrue(testLogger.isFatalEnabled());
-       	assertTrue(testLogger.isErrorEnabled());
-       	assertTrue(testLogger.isWarningEnabled());
-       	assertTrue(testLogger.isInfoEnabled());
-       	assertTrue(testLogger.isDebugEnabled());
-       	assertTrue(testLogger.isTraceEnabled());
-
-       	testLogger.setLevel( Logger.TRACE );
-    	assertTrue(testLogger.isFatalEnabled());
-       	assertTrue(testLogger.isErrorEnabled());
-       	assertTrue(testLogger.isWarningEnabled());
-       	assertTrue(testLogger.isInfoEnabled());
-       	assertTrue(testLogger.isDebugEnabled());
-       	assertTrue(testLogger.isTraceEnabled());
-
-       	testLogger.setLevel( Logger.DEBUG );
-    	assertTrue(testLogger.isFatalEnabled());
-       	assertTrue(testLogger.isErrorEnabled());
-       	assertTrue(testLogger.isWarningEnabled());
-       	assertTrue(testLogger.isInfoEnabled());
-       	assertTrue(testLogger.isDebugEnabled());
-       	assertFalse(testLogger.isTraceEnabled());
-       	
-       	testLogger.setLevel( Logger.INFO );
-    	assertTrue(testLogger.isFatalEnabled());
-       	assertTrue(testLogger.isErrorEnabled());
-       	assertTrue(testLogger.isWarningEnabled());
-       	assertTrue(testLogger.isInfoEnabled());
-       	assertFalse(testLogger.isDebugEnabled());
-       	assertFalse(testLogger.isTraceEnabled());
-       	
-       	testLogger.setLevel( Logger.WARNING );
-    	assertTrue(testLogger.isFatalEnabled());
-       	assertTrue(testLogger.isErrorEnabled());
-       	assertTrue(testLogger.isWarningEnabled());
-       	assertFalse(testLogger.isInfoEnabled());
-       	assertFalse(testLogger.isDebugEnabled());
-       	assertFalse(testLogger.isTraceEnabled());
-       	
-       	testLogger.setLevel( Logger.ERROR );
-    	assertTrue(testLogger.isFatalEnabled());
-       	assertTrue(testLogger.isErrorEnabled());
-       	assertFalse(testLogger.isWarningEnabled());
-       	assertFalse(testLogger.isInfoEnabled());
-       	assertFalse(testLogger.isDebugEnabled());
-       	assertFalse(testLogger.isTraceEnabled());
-       	
-       	testLogger.setLevel( Logger.FATAL );
-    	assertTrue(testLogger.isFatalEnabled());
-       	assertFalse(testLogger.isErrorEnabled());
-       	assertFalse(testLogger.isWarningEnabled());
-       	assertFalse(testLogger.isInfoEnabled());
-       	assertFalse(testLogger.isDebugEnabled());
-       	assertFalse(testLogger.isTraceEnabled());
-       	
-       	testLogger.setLevel( Logger.OFF );
-    	assertFalse(testLogger.isFatalEnabled());
-       	assertFalse(testLogger.isErrorEnabled());
-       	assertFalse(testLogger.isWarningEnabled());
-       	assertFalse(testLogger.isInfoEnabled());
-       	assertFalse(testLogger.isDebugEnabled());
-       	assertFalse(testLogger.isTraceEnabled());
-       	
-       	//Now test to see if a change to the logging level in one log affects other logs
-       	Logger newLogger = ESAPI.getLogger( "test_num2" );
-       	testLogger.setLevel( Logger.OFF );
-       	newLogger.setLevel( Logger.INFO );
-    	assertFalse(testLogger.isFatalEnabled());
-       	assertFalse(testLogger.isErrorEnabled());
-       	assertFalse(testLogger.isWarningEnabled());
-       	assertFalse(testLogger.isInfoEnabled());
-       	assertFalse(testLogger.isDebugEnabled());
-       	assertFalse(testLogger.isTraceEnabled());
-       	
-       	assertTrue(newLogger.isFatalEnabled());
-       	assertTrue(newLogger.isErrorEnabled());
-       	assertTrue(newLogger.isWarningEnabled());
-       	assertTrue(newLogger.isInfoEnabled());
-       	assertFalse(newLogger.isDebugEnabled());
-       	assertFalse(newLogger.isTraceEnabled());
-    }
-
-    
-    /**
-	 * Test of info method, of class org.owasp.esapi.Logger.
-	 */
-    public void testInfo() {
-        System.out.println("info");
-        testLogger.info(Logger.SECURITY_SUCCESS, "test message" );
-        testLogger.info(Logger.SECURITY_SUCCESS, "test message", null );
-        testLogger.info(Logger.SECURITY_SUCCESS, "%3escript%3f test message", null );
-        testLogger.info(Logger.SECURITY_SUCCESS, "<script> test message", null );
-    }
-
-    /**
-	 * Test of trace method, of class org.owasp.esapi.Logger.
-	 */
-    public void testTrace() {
-        System.out.println("trace");
-        testLogger.trace(Logger.SECURITY_SUCCESS, "test message trace" );
-        testLogger.trace(Logger.SECURITY_SUCCESS, "test message trace", null );
-    }
-
-    /**
-	 * Test of debug method, of class org.owasp.esapi.Logger.
-	 */
-    public void testDebug() {
-        System.out.println("debug");
-        testLogger.debug(Logger.SECURITY_SUCCESS, "test message debug" );
-        testLogger.debug(Logger.SECURITY_SUCCESS, "test message debug", null );
-    }
-
-    /**
-	 * Test of error method, of class org.owasp.esapi.Logger.
-	 */
-    public void testError() {
-        System.out.println("error");
-        testLogger.error(Logger.SECURITY_SUCCESS, "test message error" );
-        testLogger.error(Logger.SECURITY_SUCCESS, "test message error", null );
-    }
-
-    /**
-	 * Test of warning method, of class org.owasp.esapi.Logger.
-	 */
-    public void testWarning() {
-        System.out.println("warning");
-        testLogger.warning(Logger.SECURITY_SUCCESS, "test message warning" );
-        testLogger.warning(Logger.SECURITY_SUCCESS, "test message warning", null );
-    }
-
-    /**
-	 * Test of fatal method, of class org.owasp.esapi.Logger.
-	 */
-    public void testFatal() {
-        System.out.println("fatal");
-        testLogger.fatal(Logger.SECURITY_SUCCESS, "test message fatal" );
-        testLogger.fatal(Logger.SECURITY_SUCCESS, "test message fatal", null );
-    }
-    
-    /**
-     * Test of always method, of class org.owasp.esapi.Logger.
-     */
-    public void testAlways() {
-
-        System.out.println("always");
-        testLogger.always(Logger.SECURITY_SUCCESS, "test message always 1 (SECURITY_SUCCESS)" );
-        testLogger.always(Logger.SECURITY_AUDIT,   "test message always 2 (SECURITY_AUDIT)" );
-        testLogger.always(Logger.SECURITY_SUCCESS, "test message always 3 (SECURITY_SUCCESS)", null );
-        testLogger.always(Logger.SECURITY_AUDIT,   "test message always 4 (SECURITY_AUDIT)", null );
-        try {
-        	throw new RuntimeException("What? You call that a 'throw'? My grandmother throws " +
-        							   "better than that and she's been dead for more than 10 years!");
-        } catch(RuntimeException rtex) {
-            testLogger.always(Logger.SECURITY_AUDIT,   "test message always 5", rtex );
-        }
-	}
-}

From 16f7ee1f0a5aa22a9c68c1fed63917847f24a6f6 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sun, 8 Dec 2019 17:57:42 -0600
Subject: [PATCH 617/812] Defaulting ESAPI to Java Logger

Updating ESAPI.properties to use the Java Logger.

Providing a test-scope property file to improve the log content and format
for the java implementation.

Updating the JavaLogFactory to read and apply the properties file.
---
 .../esapi/logging/java/JavaLogFactory.java    | 28 +++++++++++++++++++
 .../resources/esapi-java-logging.properties   |  6 ++++
 src/test/resources/esapi/ESAPI.properties     |  2 +-
 3 files changed, 35 insertions(+), 1 deletion(-)
 create mode 100644 src/test/resources/esapi-java-logging.properties

diff --git a/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java b/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java
index b0d21e9c4..b8fccbf36 100644
--- a/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java
+++ b/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java
@@ -14,10 +14,15 @@
  */
 package org.owasp.esapi.logging.java;
 
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.io.PrintStream;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.logging.LogManager;
 
 import org.owasp.esapi.ESAPI;
 import org.owasp.esapi.LogFactory;
@@ -67,6 +72,29 @@ public class JavaLogFactory implements LogFactory {
         //LEVEL.OFF not used.  If it's off why would we try to log it?
         
         LOG_BRIDGE = new JavaLogBridgeImpl(JAVA_LOG_APPENDER, JAVA_LOG_SCRUBBER, levelLookup);
+        
+        /*
+         * This will load the logging properties file to control the format of the output for Java logs.
+         */
+        try (InputStream stream = JavaLogFactory.class.getClassLoader().
+        		getResourceAsStream("esapi-java-logging.properties")) {
+        	LogManager.getLogManager().readConfiguration(stream);
+        } catch (IOException ioe) {
+        	ioe.printStackTrace();
+        }
+        
+        /*
+         * This is a convenience for me -- turns off all System.out.println cruft in the terminal so I can view the logs.
+         * FIXME:  Probably need to remove this before the end of the effort.
+         */
+        /*
+        System.setOut(new PrintStream(new OutputStream() {
+            public void write(int b) {
+                //DO NOTHING
+            }
+        }));
+        
+        */
     }
     
     /**
diff --git a/src/test/resources/esapi-java-logging.properties b/src/test/resources/esapi-java-logging.properties
new file mode 100644
index 000000000..71011acc5
--- /dev/null
+++ b/src/test/resources/esapi-java-logging.properties
@@ -0,0 +1,6 @@
+handlers= java.util.logging.ConsoleHandler
+.level= INFO
+java.util.logging.ConsoleHandler.level = INFO
+java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
+java.util.logging.SimpleFormatter.format=[%1$tF %1$tT] [%3$-7s] %5$s %n
+#https://www.logicbig.com/tutorials/core-java-tutorial/logging/customizing-default-format.html
\ No newline at end of file
diff --git a/src/test/resources/esapi/ESAPI.properties b/src/test/resources/esapi/ESAPI.properties
index 8f5d8e218..42d22780b 100644
--- a/src/test/resources/esapi/ESAPI.properties
+++ b/src/test/resources/esapi/ESAPI.properties
@@ -97,7 +97,7 @@ ESAPI.Executor=org.owasp.esapi.reference.DefaultExecutor
 ESAPI.HTTPUtilities=org.owasp.esapi.reference.DefaultHTTPUtilities
 ESAPI.IntrusionDetector=org.owasp.esapi.reference.DefaultIntrusionDetector
 # Log4JFactory Requires log4j.xml or log4j.properties in classpath - http://www.laliluna.de/log4j-tutorial.html
-ESAPI.Logger=org.owasp.esapi.reference.Log4JLogFactory
+ESAPI.Logger=org.owasp.esapi.logging.java.JavaLogFactory
 #ESAPI.Logger=org.owasp.esapi.reference.JavaLogFactory
 #ESAPI.Logger=org.owasp.esapi.reference.ExampleExtendedLog4JLogFactory
 # To use the new SLF4J logger in ESAPI (see GitHub issue #129), set

From ced56779c807fce57320974d6c5ae1978c916a0e Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Tue, 10 Dec 2019 02:19:07 -0600
Subject: [PATCH 618/812] Java Logging Handler Test Updates

Copying slf4j implementation and updating references as necessary.
---
 .../java/JavaLogLevelHandlersTest.java        | 102 ++++++++++++++++++
 1 file changed, 102 insertions(+)
 create mode 100644 src/test/java/org/owasp/esapi/logging/java/JavaLogLevelHandlersTest.java

diff --git a/src/test/java/org/owasp/esapi/logging/java/JavaLogLevelHandlersTest.java b/src/test/java/org/owasp/esapi/logging/java/JavaLogLevelHandlersTest.java
new file mode 100644
index 000000000..b42f790bd
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/logging/java/JavaLogLevelHandlersTest.java
@@ -0,0 +1,102 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @created 2018
+ */
+package org.owasp.esapi.logging.java;
+
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.TestName;
+import org.mockito.Mockito;
+
+public class JavaLogLevelHandlersTest {
+
+    private Logger mockLogger = Mockito.mock(Logger.class);
+    @Rule
+    public TestName testName = new TestName();
+
+    private Throwable testException = new Throwable("Expected for testing");
+
+    @Test
+    public void testErrorDelegation() {
+        JavaLogLevelHandlers.ERROR.isEnabled(mockLogger);
+        JavaLogLevelHandlers.ERROR.log(mockLogger, testName.getMethodName());
+        JavaLogLevelHandlers.ERROR.log(mockLogger, testName.getMethodName(), testException);
+
+        Level expectedJavaLevel = JavaLoggerLevel.ERROR_LEVEL;
+        
+        Mockito.verify(mockLogger, Mockito.times(1)).isLoggable(expectedJavaLevel);
+        Mockito.verify(mockLogger, Mockito.times(1)).log(expectedJavaLevel, testName.getMethodName());
+        Mockito.verify(mockLogger, Mockito.times(1)).log(expectedJavaLevel, testName.getMethodName(), testException);
+        Mockito.verifyNoMoreInteractions(mockLogger);
+    }
+
+    @Test
+    public void testWarnDelegation() {
+        JavaLogLevelHandlers.WARNING.isEnabled(mockLogger);
+        JavaLogLevelHandlers.WARNING.log(mockLogger, testName.getMethodName());
+        JavaLogLevelHandlers.WARNING.log(mockLogger, testName.getMethodName(), testException);
+
+        Level expectedJavaLevel = Level.WARNING;
+        
+        Mockito.verify(mockLogger, Mockito.times(1)).isLoggable(expectedJavaLevel);
+        Mockito.verify(mockLogger, Mockito.times(1)).log(expectedJavaLevel, testName.getMethodName());
+        Mockito.verify(mockLogger, Mockito.times(1)).log(expectedJavaLevel, testName.getMethodName(), testException);
+        Mockito.verifyNoMoreInteractions(mockLogger);
+    }
+    @Test
+    public void testInfoDelegation() {
+        JavaLogLevelHandlers.INFO.isEnabled(mockLogger);
+        JavaLogLevelHandlers.INFO.log(mockLogger, testName.getMethodName());
+        JavaLogLevelHandlers.INFO.log(mockLogger, testName.getMethodName(), testException);
+
+        Level expectedJavaLevel = Level.INFO;
+        
+        Mockito.verify(mockLogger, Mockito.times(1)).isLoggable(expectedJavaLevel);
+        Mockito.verify(mockLogger, Mockito.times(1)).log(expectedJavaLevel, testName.getMethodName());
+        Mockito.verify(mockLogger, Mockito.times(1)).log(expectedJavaLevel, testName.getMethodName(), testException);
+
+        Mockito.verifyNoMoreInteractions(mockLogger);
+    }
+    @Test
+    public void testDebugDelegation() {
+        JavaLogLevelHandlers.FINE.isEnabled(mockLogger);
+        JavaLogLevelHandlers.FINE.log(mockLogger, testName.getMethodName());
+        JavaLogLevelHandlers.FINE.log(mockLogger, testName.getMethodName(), testException);
+
+        Level expectedJavaLevel = Level.FINE;
+        
+        Mockito.verify(mockLogger, Mockito.times(1)).isLoggable(expectedJavaLevel);
+        Mockito.verify(mockLogger, Mockito.times(1)).log(expectedJavaLevel, testName.getMethodName());
+        Mockito.verify(mockLogger, Mockito.times(1)).log(expectedJavaLevel, testName.getMethodName(), testException);
+
+        Mockito.verifyNoMoreInteractions(mockLogger);
+    }
+    @Test
+    public void testTraceDelegation() {
+        JavaLogLevelHandlers.FINEST.isEnabled(mockLogger);
+        JavaLogLevelHandlers.FINEST.log(mockLogger, testName.getMethodName());
+        JavaLogLevelHandlers.FINEST.log(mockLogger, testName.getMethodName(), testException);
+
+        Level expectedJavaLevel = Level.FINEST;
+        
+        Mockito.verify(mockLogger, Mockito.times(1)).isLoggable(expectedJavaLevel);
+        Mockito.verify(mockLogger, Mockito.times(1)).log(expectedJavaLevel, testName.getMethodName());
+        Mockito.verify(mockLogger, Mockito.times(1)).log(expectedJavaLevel, testName.getMethodName(), testException);
+
+        Mockito.verifyNoMoreInteractions(mockLogger);
+    }
+}

From 27e62f913213a9b28dc14086fde3b40c00e7a474 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Tue, 10 Dec 2019 02:29:26 -0600
Subject: [PATCH 619/812] Java Log Bridge Impl Tests

Copying slf4J and updating references as needed
---
 .../logging/java/JavaLogBridgeImplTest.java   | 156 ++++++++++++++++++
 1 file changed, 156 insertions(+)
 create mode 100644 src/test/java/org/owasp/esapi/logging/java/JavaLogBridgeImplTest.java

diff --git a/src/test/java/org/owasp/esapi/logging/java/JavaLogBridgeImplTest.java b/src/test/java/org/owasp/esapi/logging/java/JavaLogBridgeImplTest.java
new file mode 100644
index 000000000..2989a71d6
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/logging/java/JavaLogBridgeImplTest.java
@@ -0,0 +1,156 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @created 2018
+ */
+package org.owasp.esapi.logging.java;
+
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.ExpectedException;
+import org.junit.rules.TestName;
+import org.mockito.ArgumentMatchers;
+import org.mockito.Mockito;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.Logger.EventType;
+import org.owasp.esapi.logging.appender.LogAppender;
+import org.owasp.esapi.logging.cleaning.LogScrubber;
+
+public class JavaLogBridgeImplTest {
+
+    @Rule
+    public TestName testName = new TestName();
+    @Rule
+    public ExpectedException exEx = ExpectedException.none();
+
+    private LogScrubber mockScrubber = Mockito.mock(LogScrubber.class);
+    private LogAppender mockAppender = Mockito.mock(LogAppender.class);
+    private JavaLogLevelHandler mockHandler = Mockito.mock(JavaLogLevelHandler.class);
+    private java.util.logging.Logger javaLogSpy;
+    private Throwable testEx = new Throwable(testName.getMethodName());
+    private JavaLogBridge bridge;
+
+    @Before
+    public void setup() {
+        Map<Integer, JavaLogLevelHandler> levelLookup = new HashMap<>();
+        levelLookup.put(Logger.ALL, mockHandler);
+        
+        java.util.logging.Logger wrappedLogger = java.util.logging.Logger.getLogger(testName.getMethodName());
+        javaLogSpy = Mockito.spy(wrappedLogger);
+        bridge = new JavaLogBridgeImpl(mockAppender, mockScrubber, levelLookup);
+    }
+
+    @Test
+    public void testLogMessageWithUnmappedEsapiLevelThrowsException() {
+        exEx.expect(IllegalArgumentException.class);
+        exEx.expectMessage("Unable to lookup Java level mapping");
+        Map<Integer, JavaLogLevelHandler> emptyMap = Collections.emptyMap();
+        new JavaLogBridgeImpl(mockAppender, mockScrubber, emptyMap).log(javaLogSpy, 0, Logger.EVENT_UNSPECIFIED, "This Should fail");
+    }
+    
+    @Test
+    public void testLogMessageAndExceptionWithUnmappedEsapiLevelThrowsException() {
+        exEx.expect(IllegalArgumentException.class);
+        exEx.expectMessage("Unable to lookup Java level mapping");
+        Map<Integer, JavaLogLevelHandler> emptyMap = Collections.emptyMap();
+        new JavaLogBridgeImpl(mockAppender, mockScrubber, emptyMap).log(javaLogSpy, 0, Logger.EVENT_UNSPECIFIED, "This Should fail", testEx);
+    }
+    
+    @Test
+    public void testLogMessage() {
+    	EventType eventType = Logger.EVENT_UNSPECIFIED;
+    	String loggerName = testName.getMethodName() + "-LOGGER";
+    	String orignMsg = testName.getMethodName();
+    	String appendMsg = "[APPEND] " + orignMsg;
+        String cleanMsg = appendMsg + " [CLEANED]";
+
+        //Setup for Appender
+        Mockito.when(javaLogSpy.getName()).thenReturn(loggerName);
+        Mockito.when(mockAppender.appendTo(loggerName, eventType, orignMsg)).thenReturn(appendMsg);
+        //Setup for Scrubber
+        Mockito.when(mockScrubber.cleanMessage(appendMsg)).thenReturn(cleanMsg);
+        //Setup for Delegate Handler
+        Mockito.when(mockHandler.isEnabled(javaLogSpy)).thenReturn(true);
+
+        bridge.log(javaLogSpy, Logger.ALL, eventType, testName.getMethodName());
+
+        Mockito.verify(javaLogSpy, Mockito.atLeastOnce()).getName();
+        Mockito.verify(mockAppender, Mockito.times(1)).appendTo(loggerName, eventType, testName.getMethodName());
+        Mockito.verify(mockScrubber, Mockito.times(1)).cleanMessage(appendMsg);
+        Mockito.verify(mockHandler, Mockito.times(1)).isEnabled(javaLogSpy);
+        Mockito.verify(mockHandler, Mockito.times(0)).log(ArgumentMatchers.any(java.util.logging.Logger.class), ArgumentMatchers.any(String.class), ArgumentMatchers.any(Throwable.class));
+        Mockito.verify(mockHandler, Mockito.times(1)).log(ArgumentMatchers.same(javaLogSpy), ArgumentMatchers.eq(cleanMsg));
+     
+        Mockito.verifyNoMoreInteractions(javaLogSpy, mockAppender, mockScrubber,mockHandler);
+    }
+
+    @Test
+    public void testLogErrorMessageWithException() {
+    	EventType eventType = Logger.EVENT_UNSPECIFIED;
+    	String loggerName = testName.getMethodName() + "-LOGGER";
+    	String orignMsg = testName.getMethodName();
+    	String appendMsg = "[APPEND] " + orignMsg;
+        String cleanMsg = appendMsg + " [CLEANED]";
+
+        //Setup for Appender
+        Mockito.when(javaLogSpy.getName()).thenReturn(loggerName);
+        Mockito.when(mockAppender.appendTo(loggerName, eventType, orignMsg)).thenReturn(appendMsg);
+        //Setup for Scrubber
+        Mockito.when(mockScrubber.cleanMessage(appendMsg)).thenReturn(cleanMsg);
+        //Setup for Delegate Handler
+        Mockito.when(mockHandler.isEnabled(javaLogSpy)).thenReturn(true);
+
+        bridge.log(javaLogSpy, Logger.ALL, eventType, testName.getMethodName(), testEx);
+
+        Mockito.verify(javaLogSpy, Mockito.atLeastOnce()).getName();
+        Mockito.verify(mockAppender, Mockito.times(1)).appendTo(loggerName, eventType, testName.getMethodName());
+        Mockito.verify(mockScrubber, Mockito.times(1)).cleanMessage(appendMsg);
+        Mockito.verify(mockHandler, Mockito.times(1)).isEnabled(javaLogSpy);
+        Mockito.verify(mockHandler, Mockito.times(0)).log(ArgumentMatchers.any(java.util.logging.Logger.class), ArgumentMatchers.any(String.class));
+
+        Mockito.verify(mockHandler, Mockito.times(1)).log(ArgumentMatchers.same(javaLogSpy), ArgumentMatchers.eq(cleanMsg), ArgumentMatchers.same(testEx));
+     
+        Mockito.verifyNoMoreInteractions(javaLogSpy, mockAppender, mockScrubber,mockHandler);
+    }
+
+
+    @Test
+    public void testDisabledLogMessage() {
+        Mockito.when(mockHandler.isEnabled(javaLogSpy)).thenReturn(false);
+
+        bridge.log(javaLogSpy, Logger.ALL, Logger.EVENT_UNSPECIFIED, testName.getMethodName());
+
+        Mockito.verify(mockHandler, Mockito.times(1)).isEnabled(javaLogSpy);
+        Mockito.verify(mockScrubber, Mockito.times(0)).cleanMessage(ArgumentMatchers.anyString());
+        Mockito.verify(mockHandler, Mockito.times(0)).log(ArgumentMatchers.any(java.util.logging.Logger.class), ArgumentMatchers.any(String.class));
+        Mockito.verify(mockHandler, Mockito.times(0)).log(ArgumentMatchers.any(java.util.logging.Logger.class), ArgumentMatchers.any(String.class), ArgumentMatchers.any(Throwable.class));
+    }
+
+    @Test
+    public void testDisabledErrorLogWithException() {
+        Mockito.when(mockHandler.isEnabled(javaLogSpy)).thenReturn(false);
+
+        bridge.log(javaLogSpy, Logger.ALL, Logger.EVENT_UNSPECIFIED, testName.getMethodName(), testEx);
+
+        Mockito.verify(mockHandler, Mockito.times(1)).isEnabled(javaLogSpy);
+        Mockito.verify(mockScrubber, Mockito.times(0)).cleanMessage(ArgumentMatchers.anyString());
+        Mockito.verify(mockHandler, Mockito.times(0)).log(ArgumentMatchers.any(java.util.logging.Logger.class), ArgumentMatchers.any(String.class));
+        Mockito.verify(mockHandler, Mockito.times(0)).log(ArgumentMatchers.any(java.util.logging.Logger.class), ArgumentMatchers.any(String.class), ArgumentMatchers.any(Throwable.class));
+
+    }
+
+}

From 7e1a4b156cbecc24fb8c98270cf2014727a2202d Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Tue, 10 Dec 2019 02:31:13 -0600
Subject: [PATCH 620/812] Java Log Factory Tests

Copying slf4j tests and updating references as needed.
---
 .../logging/java/JavaLogFactoryTest.java      | 106 ++++++++++++++++++
 1 file changed, 106 insertions(+)
 create mode 100644 src/test/java/org/owasp/esapi/logging/java/JavaLogFactoryTest.java

diff --git a/src/test/java/org/owasp/esapi/logging/java/JavaLogFactoryTest.java b/src/test/java/org/owasp/esapi/logging/java/JavaLogFactoryTest.java
new file mode 100644
index 000000000..e8b7de024
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/logging/java/JavaLogFactoryTest.java
@@ -0,0 +1,106 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @created 2018
+ */
+package org.owasp.esapi.logging.java;
+
+import java.util.List;
+
+import org.junit.Assert;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.TestName;
+import org.junit.runner.RunWith;
+import org.mockito.ArgumentCaptor;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.logging.appender.LogAppender;
+import org.owasp.esapi.logging.appender.LogPrefixAppender;
+import org.owasp.esapi.logging.cleaning.CodecLogScrubber;
+import org.owasp.esapi.logging.cleaning.CompositeLogScrubber;
+import org.owasp.esapi.logging.cleaning.LogScrubber;
+import org.owasp.esapi.logging.cleaning.NewlineLogScrubber;
+import org.powermock.api.mockito.PowerMockito;
+import org.powermock.core.classloader.annotations.PrepareForTest;
+import org.powermock.modules.junit4.PowerMockRunner;
+
+@RunWith(PowerMockRunner.class)
+@PrepareForTest (JavaLogFactory.class)
+public class JavaLogFactoryTest {
+	@Rule
+    public TestName testName = new TestName();
+	
+    @Test
+    public void testCreateLoggerByString() {
+        Logger logger = new JavaLogFactory().getLogger("test");
+        Assert.assertTrue(logger instanceof JavaLogger);
+    }
+    
+    @Test public void testCreateLoggerByClass() {
+        Logger logger = new JavaLogFactory().getLogger(JavaLogBridgeImplTest.class);
+        Assert.assertTrue(logger instanceof JavaLogger);
+    }
+    
+    @Test
+    public void checkScrubberWithEncoding() throws Exception {
+        ArgumentCaptor<List> delegates = ArgumentCaptor.forClass(List.class);
+        PowerMockito.whenNew(CompositeLogScrubber.class).withArguments(delegates.capture()).thenReturn(null);
+        
+        //Call to invoke the constructor capture
+        JavaLogFactory.createLogScrubber(true);
+        
+        List<LogScrubber> scrubbers = delegates.getValue();
+        Assert.assertEquals(2, scrubbers.size());
+        Assert.assertTrue(scrubbers.get(0) instanceof NewlineLogScrubber);
+        Assert.assertTrue(scrubbers.get(1) instanceof CodecLogScrubber);
+    }
+    
+    @Test
+    public void checkScrubberWithoutEncoding() throws Exception {
+        ArgumentCaptor<List> delegates = ArgumentCaptor.forClass(List.class);
+        PowerMockito.whenNew(CompositeLogScrubber.class).withArguments(delegates.capture()).thenReturn(null);
+        
+        //Call to invoke the constructor capture
+        JavaLogFactory.createLogScrubber(false);
+        
+        List<LogScrubber> scrubbers = delegates.getValue();
+        Assert.assertEquals(1, scrubbers.size());
+        Assert.assertTrue(scrubbers.get(0) instanceof NewlineLogScrubber);
+    }
+    
+    /**
+	 * At this time there are no special considerations or handling for the appender
+	 * creation in this scope. It is expected that the arguments to the internal
+	 * creation method are passed directly to the constructor of the
+	 * LogPrefixAppender with no mutation or additional validation.
+	 */
+    @Test
+    public void checkPassthroughAppenderConstruct() throws Exception {
+    	LogPrefixAppender stubAppender = new LogPrefixAppender(true, true, true, "");
+    	ArgumentCaptor<Boolean> clientInfoCapture = ArgumentCaptor.forClass(Boolean.class);
+    	ArgumentCaptor<Boolean> serverInfoCapture = ArgumentCaptor.forClass(Boolean.class);
+    	ArgumentCaptor<Boolean> logAppNameCapture = ArgumentCaptor.forClass(Boolean.class);
+    	ArgumentCaptor<String> appNameCapture = ArgumentCaptor.forClass(String.class);
+    	
+    	PowerMockito.whenNew(LogPrefixAppender.class).withArguments(clientInfoCapture.capture(), serverInfoCapture.capture(), logAppNameCapture.capture(), appNameCapture.capture()).thenReturn(stubAppender);
+    	
+    	LogAppender appender = JavaLogFactory.createLogAppender(true, false, true, testName.getMethodName());
+    	
+    	Assert.assertEquals(stubAppender, appender);
+    	Assert.assertTrue(clientInfoCapture.getValue());
+    	Assert.assertFalse(serverInfoCapture.getValue());
+    	Assert.assertTrue(logAppNameCapture.getValue());
+    	Assert.assertEquals(testName.getMethodName(), appNameCapture.getValue());    	
+    }
+    
+   
+}

From 6afaab38c9e8b7a28df843979a4c64f4d3e2802b Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Tue, 10 Dec 2019 02:35:22 -0600
Subject: [PATCH 621/812] Java Logger Tests

Copying slf4j and updating references as needed.
---
 .../esapi/logging/java/JavaLoggerTest.java    | 297 ++++++++++++++++++
 1 file changed, 297 insertions(+)
 create mode 100644 src/test/java/org/owasp/esapi/logging/java/JavaLoggerTest.java

diff --git a/src/test/java/org/owasp/esapi/logging/java/JavaLoggerTest.java b/src/test/java/org/owasp/esapi/logging/java/JavaLoggerTest.java
new file mode 100644
index 000000000..4c5c57834
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/logging/java/JavaLoggerTest.java
@@ -0,0 +1,297 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @created 2018
+ */
+
+package org.owasp.esapi.logging.java;
+
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.TestName;
+import org.mockito.Mockito;
+import org.owasp.esapi.Logger;
+
+public class JavaLoggerTest {
+	@Rule
+    public TestName testName = new TestName();
+	
+    private static final String MSG = JavaLoggerTest.class.getSimpleName();
+    
+    private JavaLogBridge mockBridge = Mockito.mock(JavaLogBridge.class);
+    private java.util.logging.Logger javaLogSpy;
+    
+    private Throwable testEx = new Throwable(MSG + "_Exception");
+    private Logger testLogger;
+
+    @Before
+    public void setup() {
+    	 java.util.logging.Logger wrappedLogger = java.util.logging.Logger.getLogger(testName.getMethodName());
+         javaLogSpy = Mockito.spy(wrappedLogger);
+    	 testLogger = new JavaLogger(javaLogSpy, mockBridge, Logger.ALL);
+    }
+    
+    @Test
+    public void testLevelEnablement() {
+        testLogger.setLevel(Logger.INFO);
+        
+        Assert.assertFalse(testLogger.isFatalEnabled());
+        Assert.assertFalse(testLogger.isErrorEnabled());
+        Assert.assertFalse(testLogger.isWarningEnabled());
+        Assert.assertTrue(testLogger.isInfoEnabled());
+        Assert.assertTrue(testLogger.isDebugEnabled());
+        Assert.assertTrue(testLogger.isTraceEnabled());
+        
+        Assert.assertEquals(Logger.INFO, testLogger.getESAPILevel());
+    }
+    
+    @Test
+    public void testAllLevelEnablement() {
+        testLogger.setLevel(Logger.ALL);
+        
+        Assert.assertTrue(testLogger.isFatalEnabled());
+        Assert.assertTrue(testLogger.isErrorEnabled());
+        Assert.assertTrue(testLogger.isWarningEnabled());
+        Assert.assertTrue(testLogger.isInfoEnabled());
+        Assert.assertTrue(testLogger.isDebugEnabled());
+        Assert.assertTrue(testLogger.isTraceEnabled());
+    }
+
+    @Test
+    public void testOffLevelEnablement() {
+        testLogger.setLevel(Logger.OFF);
+        
+        Assert.assertFalse(testLogger.isFatalEnabled());
+        Assert.assertFalse(testLogger.isErrorEnabled());
+        Assert.assertFalse(testLogger.isWarningEnabled());
+        Assert.assertFalse(testLogger.isInfoEnabled());
+        Assert.assertFalse(testLogger.isDebugEnabled());
+        Assert.assertFalse(testLogger.isTraceEnabled());
+    }
+    @Test
+    public void testFatalWithMessage() {
+        testLogger.fatal(Logger.EVENT_UNSPECIFIED, MSG);
+        
+        Mockito.verify(mockBridge, Mockito.times(1)).log(javaLogSpy, Logger.FATAL, Logger.EVENT_UNSPECIFIED, MSG);
+        Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
+    }
+    @Test
+    public void testFatalWithMessageAndThrowable() {
+        testLogger.fatal(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        
+        Mockito.verify(mockBridge, Mockito.times(1)).log(javaLogSpy, Logger.FATAL, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
+    }
+    
+    @Test
+    public void testFatalWithMessageDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.fatal(Logger.EVENT_UNSPECIFIED, MSG);
+        
+        Mockito.verify(mockBridge, Mockito.times(0)).log(javaLogSpy, Logger.FATAL, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
+    }
+    @Test
+    public void testFatalWithMessageAndThrowableDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.fatal(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verify(mockBridge, Mockito.times(0)).log(javaLogSpy, Logger.FATAL, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
+    }
+    
+    @Test
+    public void testErrorWithMessage() {
+        testLogger.error(Logger.EVENT_UNSPECIFIED, MSG);
+        
+        Mockito.verify(mockBridge, Mockito.times(1)).log(javaLogSpy, Logger.ERROR, Logger.EVENT_UNSPECIFIED, MSG);
+        Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
+    }
+    @Test
+    public void testErrorWithMessageAndThrowable() {
+        testLogger.error(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        
+        Mockito.verify(mockBridge, Mockito.times(1)).log(javaLogSpy, Logger.ERROR, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
+    }
+    
+    @Test
+    public void testErrorWithMessageDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.error(Logger.EVENT_UNSPECIFIED, MSG);
+        
+        Mockito.verify(mockBridge, Mockito.times(0)).log(javaLogSpy, Logger.ERROR, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
+    }
+    @Test
+    public void testErrorWithMessageAndThrowableDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.error(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verify(mockBridge, Mockito.times(0)).log(javaLogSpy, Logger.ERROR, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
+    }
+    
+    @Test
+    public void testWarnWithMessage() {
+        testLogger.warning(Logger.EVENT_UNSPECIFIED, MSG);
+        
+        Mockito.verify(mockBridge, Mockito.times(1)).log(javaLogSpy, Logger.WARNING, Logger.EVENT_UNSPECIFIED, MSG);
+        Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
+    }
+    @Test
+    public void testWarnWithMessageAndThrowable() {
+        testLogger.warning(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        
+        Mockito.verify(mockBridge, Mockito.times(1)).log(javaLogSpy, Logger.WARNING, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
+    }
+    
+    @Test
+    public void testWarnWithMessageDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.warning(Logger.EVENT_UNSPECIFIED, MSG);
+        
+        Mockito.verify(mockBridge, Mockito.times(0)).log(javaLogSpy, Logger.WARNING, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
+    }
+    @Test
+    public void testWarnWithMessageAndThrowableDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.warning(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verify(mockBridge, Mockito.times(0)).log(javaLogSpy, Logger.WARNING, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
+    }
+    
+    @Test
+    public void testInfoWithMessage() {
+        testLogger.info(Logger.EVENT_UNSPECIFIED, MSG);
+        
+        Mockito.verify(mockBridge, Mockito.times(1)).log(javaLogSpy, Logger.INFO, Logger.EVENT_UNSPECIFIED, MSG);
+        Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
+    }
+    @Test
+    public void testInfoWithMessageAndThrowable() {
+        testLogger.info(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        
+        Mockito.verify(mockBridge, Mockito.times(1)).log(javaLogSpy, Logger.INFO, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
+    }
+    
+    @Test
+    public void testInfoWithMessageDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.info(Logger.EVENT_UNSPECIFIED, MSG);
+        
+        Mockito.verify(mockBridge, Mockito.times(0)).log(javaLogSpy, Logger.INFO, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
+    }
+    @Test
+    public void testInfoWithMessageAndThrowableDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.info(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verify(mockBridge, Mockito.times(0)).log(javaLogSpy, Logger.INFO, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
+    }
+    @Test
+    public void testDebugWithMessage() {
+        testLogger.debug(Logger.EVENT_UNSPECIFIED, MSG);
+        
+        Mockito.verify(mockBridge, Mockito.times(1)).log(javaLogSpy, Logger.DEBUG, Logger.EVENT_UNSPECIFIED, MSG);
+        Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
+    }
+    @Test
+    public void testDebugWithMessageAndThrowable() {
+        testLogger.debug(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        
+        Mockito.verify(mockBridge, Mockito.times(1)).log(javaLogSpy, Logger.DEBUG, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
+    }
+    
+    @Test
+    public void testDebugWithMessageDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.debug(Logger.EVENT_UNSPECIFIED, MSG);
+        
+        Mockito.verify(mockBridge, Mockito.times(0)).log(javaLogSpy, Logger.DEBUG, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
+    }
+    @Test
+    public void testDebugWithMessageAndThrowableDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.debug(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verify(mockBridge, Mockito.times(0)).log(javaLogSpy, Logger.DEBUG, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
+    }
+    
+    @Test
+    public void testTraceWithMessage() {
+        testLogger.trace(Logger.EVENT_UNSPECIFIED, MSG);
+        
+        Mockito.verify(mockBridge, Mockito.times(1)).log(javaLogSpy, Logger.TRACE, Logger.EVENT_UNSPECIFIED, MSG);
+        Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
+    }
+    @Test
+    public void testTraceWithMessageAndThrowable() {
+        testLogger.trace(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        
+        Mockito.verify(mockBridge, Mockito.times(1)).log(javaLogSpy, Logger.TRACE, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
+    }
+    
+    @Test
+    public void testTraceWithMessageDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.trace(Logger.EVENT_UNSPECIFIED, MSG);
+        
+        Mockito.verify(mockBridge, Mockito.times(0)).log(javaLogSpy, Logger.TRACE, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
+    }
+    @Test
+    public void testTraceWithMessageAndThrowableDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.trace(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verify(mockBridge, Mockito.times(0)).log(javaLogSpy, Logger.TRACE, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
+    }
+    
+    @Test
+    public void testAlwaysWithMessage() {
+        testLogger.always(Logger.EVENT_UNSPECIFIED, MSG);
+        
+        Mockito.verify(mockBridge, Mockito.times(1)).log(javaLogSpy, Logger.ALL, Logger.EVENT_UNSPECIFIED, MSG);
+        Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
+    }
+    @Test
+    public void testAlwaysWithMessageAndThrowable() {
+        testLogger.always(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        
+        Mockito.verify(mockBridge, Mockito.times(1)).log(javaLogSpy, Logger.ALL, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
+    }
+    
+    @Test
+    public void testAlwaysWithMessageDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.always(Logger.EVENT_UNSPECIFIED, MSG);
+        
+        Mockito.verify(mockBridge, Mockito.times(0)).log(javaLogSpy, Logger.ALL, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
+    }
+    @Test
+    public void testAlwaysWithMessageAndThrowableDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.always(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verify(mockBridge, Mockito.times(0)).log(javaLogSpy, Logger.ALL, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
+    }
+}

From 5f89a160306782ed106108ee6d65c596a5094c43 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Tue, 10 Dec 2019 02:39:50 -0600
Subject: [PATCH 622/812] JavaLogFactory cleanup

Removing code block to redirect system out & cleaning up imports.

If java logging configuration cannot be read, then the originating
exception is rewrapped with a more useful message and printed to standard
error.
---
 .../esapi/logging/java/JavaLogFactory.java      | 17 +----------------
 1 file changed, 1 insertion(+), 16 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java b/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java
index b8fccbf36..eaf605611 100644
--- a/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java
+++ b/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java
@@ -16,8 +16,6 @@
 
 import java.io.IOException;
 import java.io.InputStream;
-import java.io.OutputStream;
-import java.io.PrintStream;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
@@ -80,21 +78,8 @@ public class JavaLogFactory implements LogFactory {
         		getResourceAsStream("esapi-java-logging.properties")) {
         	LogManager.getLogManager().readConfiguration(stream);
         } catch (IOException ioe) {
-        	ioe.printStackTrace();
+        	System.err.print(new IOException("Failed to load esapi-java-logging.properties.", ioe));        	
         }
-        
-        /*
-         * This is a convenience for me -- turns off all System.out.println cruft in the terminal so I can view the logs.
-         * FIXME:  Probably need to remove this before the end of the effort.
-         */
-        /*
-        System.setOut(new PrintStream(new OutputStream() {
-            public void write(int b) {
-                //DO NOTHING
-            }
-        }));
-        
-        */
     }
     
     /**

From 0925b84fd7d553c540c8914ba8efe0da755400db Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Tue, 10 Dec 2019 02:51:36 -0600
Subject: [PATCH 623/812] [FAILING] Test stub for Java logging config

Explicitly failing test for verifying the intended behavior when the
JavaLogFactory is attempting to load a file from configuration.  Still
need to work out some of the static mocks for forcing the underlying
exception, as well as trying to capture the resulting output.
---
 .../logging/java/JavaLogFactoryTest.java      | 29 +++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/src/test/java/org/owasp/esapi/logging/java/JavaLogFactoryTest.java b/src/test/java/org/owasp/esapi/logging/java/JavaLogFactoryTest.java
index e8b7de024..26af3126a 100644
--- a/src/test/java/org/owasp/esapi/logging/java/JavaLogFactoryTest.java
+++ b/src/test/java/org/owasp/esapi/logging/java/JavaLogFactoryTest.java
@@ -14,7 +14,14 @@
  */
 package org.owasp.esapi.logging.java;
 
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+import java.io.IOException;
+import java.io.OutputStream;
+import java.io.PrintStream;
 import java.util.List;
+import java.util.concurrent.atomic.AtomicReference;
 
 import org.junit.Assert;
 import org.junit.Rule;
@@ -39,6 +46,28 @@ public class JavaLogFactoryTest {
 	@Rule
     public TestName testName = new TestName();
 	
+	@Test
+	public void testIOExceptionOnMissingConfiguration() throws Exception {
+		org.junit.Assert.fail("Unimplemented!");
+		
+		IOException originException = new IOException(testName.getMethodName());
+		final AtomicReference<IOException> stdErrOut = new AtomicReference<IOException>();
+
+		//FIXME Mock static so that java.util.logging.LogManager.readConfiguration(any(java.io.InputStream.class) throws IOException
+		
+		
+		System.setErr(new PrintStream(new OutputStream() {
+            public void write(int b) {
+                //FIXME:  How do I capture the object here?
+            }
+        }));
+		
+		IOException actual = stdErrOut.get();
+		assertTrue(actual != null);
+		assertTrue(originException.equals(actual.getCause()));
+		assertEquals("Failed to load esapi-java-logging.properties.", actual.getMessage());
+	}
+	
     @Test
     public void testCreateLoggerByString() {
         Logger logger = new JavaLogFactory().getLogger("test");

From f92ccf754d8d968b27edf8c04201bc38626a7a70 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Tue, 10 Dec 2019 03:08:44 -0600
Subject: [PATCH 624/812] Ignoring failed test

Adding ignore statement to allow current work to be pushed.
---
 .../java/org/owasp/esapi/logging/java/JavaLogFactoryTest.java   | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/test/java/org/owasp/esapi/logging/java/JavaLogFactoryTest.java b/src/test/java/org/owasp/esapi/logging/java/JavaLogFactoryTest.java
index 26af3126a..19a5e816f 100644
--- a/src/test/java/org/owasp/esapi/logging/java/JavaLogFactoryTest.java
+++ b/src/test/java/org/owasp/esapi/logging/java/JavaLogFactoryTest.java
@@ -24,6 +24,7 @@
 import java.util.concurrent.atomic.AtomicReference;
 
 import org.junit.Assert;
+import org.junit.Ignore;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.rules.TestName;
@@ -47,6 +48,7 @@ public class JavaLogFactoryTest {
     public TestName testName = new TestName();
 	
 	@Test
+	@Ignore("Work In Progress")
 	public void testIOExceptionOnMissingConfiguration() throws Exception {
 		org.junit.Assert.fail("Unimplemented!");
 		

From ec7229972745bb93cf8ffed3b2de4b81e05b712c Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Tue, 10 Dec 2019 03:58:35 -0600
Subject: [PATCH 625/812] JavaLogFactory Failed Configuration Load Test

Updating the JavaLogFactory to have a delegate static method for loading
the configuration.  Allowing the LogManager to be provided as an argument
to avoid the need for verbose mocking and setup in the test scope.

Adding a test that asserts that Standard Error stream is provided the
expected error content if the configuration cannot be resolved.
---
 .../esapi/logging/java/JavaLogFactory.java    | 12 ++++-
 .../logging/java/JavaLogFactoryTest.java      | 53 ++++++++++++-------
 2 files changed, 43 insertions(+), 22 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java b/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java
index eaf605611..d640d6725 100644
--- a/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java
+++ b/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java
@@ -71,12 +71,20 @@ public class JavaLogFactory implements LogFactory {
         
         LOG_BRIDGE = new JavaLogBridgeImpl(JAVA_LOG_APPENDER, JAVA_LOG_SCRUBBER, levelLookup);
         
-        /*
+        readLoggerConfiguration(LogManager.getLogManager());
+    }
+    
+    /**
+     * Attempts to load the expected property file path into the provided LogManager reference.
+     * @param logManager LogManager which is being configured.
+     */
+    /*package*/ static void readLoggerConfiguration(LogManager logManager) {
+    	/*
          * This will load the logging properties file to control the format of the output for Java logs.
          */
         try (InputStream stream = JavaLogFactory.class.getClassLoader().
         		getResourceAsStream("esapi-java-logging.properties")) {
-        	LogManager.getLogManager().readConfiguration(stream);
+        	logManager.readConfiguration(stream);
         } catch (IOException ioe) {
         	System.err.print(new IOException("Failed to load esapi-java-logging.properties.", ioe));        	
         }
diff --git a/src/test/java/org/owasp/esapi/logging/java/JavaLogFactoryTest.java b/src/test/java/org/owasp/esapi/logging/java/JavaLogFactoryTest.java
index 19a5e816f..a8988cd91 100644
--- a/src/test/java/org/owasp/esapi/logging/java/JavaLogFactoryTest.java
+++ b/src/test/java/org/owasp/esapi/logging/java/JavaLogFactoryTest.java
@@ -18,18 +18,19 @@
 import static org.junit.Assert.assertTrue;
 
 import java.io.IOException;
+import java.io.InputStream;
 import java.io.OutputStream;
 import java.io.PrintStream;
 import java.util.List;
-import java.util.concurrent.atomic.AtomicReference;
+import java.util.logging.LogManager;
 
 import org.junit.Assert;
-import org.junit.Ignore;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.rules.TestName;
 import org.junit.runner.RunWith;
 import org.mockito.ArgumentCaptor;
+import org.mockito.Mockito;
 import org.owasp.esapi.Logger;
 import org.owasp.esapi.logging.appender.LogAppender;
 import org.owasp.esapi.logging.appender.LogPrefixAppender;
@@ -46,30 +47,42 @@
 public class JavaLogFactoryTest {
 	@Rule
     public TestName testName = new TestName();
-	
+
 	@Test
-	@Ignore("Work In Progress")
 	public void testIOExceptionOnMissingConfiguration() throws Exception {
-		org.junit.Assert.fail("Unimplemented!");
-		
-		IOException originException = new IOException(testName.getMethodName());
-		final AtomicReference<IOException> stdErrOut = new AtomicReference<IOException>();
+		final IOException originException = new IOException(testName.getMethodName());
 
-		//FIXME Mock static so that java.util.logging.LogManager.readConfiguration(any(java.io.InputStream.class) throws IOException
-		
+		LogManager testLogManager = new LogManager() {
+			@Override
+			public void readConfiguration(InputStream ins) throws IOException, SecurityException {
+				throw originException;
+			}
+		};
+
+		OutputStream nullOutputStream = new OutputStream() {
+			@Override
+			public void write(int b) throws IOException {
+				//No Op
+			}
+		};
 		
-		System.setErr(new PrintStream(new OutputStream() {
-            public void write(int b) {
-                //FIXME:  How do I capture the object here?
-            }
-        }));
+		ArgumentCaptor<Object> stdErrOut = ArgumentCaptor.forClass(Object.class);
 		
-		IOException actual = stdErrOut.get();
-		assertTrue(actual != null);
-		assertTrue(originException.equals(actual.getCause()));
-		assertEquals("Failed to load esapi-java-logging.properties.", actual.getMessage());
+		try (PrintStream errPrinter = new PrintStream(nullOutputStream)) {
+			PrintStream spyPrinter = PowerMockito.spy(errPrinter);
+			Mockito.doCallRealMethod().when(spyPrinter).print(stdErrOut.capture());
+			System.setErr(spyPrinter);
+
+			JavaLogFactory.readLoggerConfiguration(testLogManager);
+
+			Object writeData = stdErrOut.getValue();
+			assertTrue(writeData instanceof IOException);
+			IOException actual = (IOException) writeData;
+			assertEquals(originException, actual.getCause());
+			assertEquals("Failed to load esapi-java-logging.properties.", actual.getMessage());
+		}
 	}
-	
+
     @Test
     public void testCreateLoggerByString() {
         Logger logger = new JavaLogFactory().getLogger("test");

From 962b9d6a73b68436af8d57fa21419b6f7117d4a7 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Tue, 10 Dec 2019 18:44:32 -0600
Subject: [PATCH 626/812] Updating Log4J Implementation

Translating the existing Log4J implementation into the updated logging
class structures. Tests for the common aspects are also being provided.

Additional class 'Log4JLoggerFactory.java' is being provided which is a
Service Provider Interface (SPI) contribution at runtime through the
log4j.xml file content.  This will need more tests.
---
 .../esapi/logging/log4j/Log4JLogBridge.java   |  42 +++
 .../logging/log4j/Log4JLogBridgeImpl.java     |  75 +++++
 .../esapi/logging/log4j/Log4JLogFactory.java  | 138 +++++++++
 .../logging/log4j/Log4JLogLevelHandler.java   |  42 +++
 .../logging/log4j/Log4JLogLevelHandlers.java  |  55 ++++
 .../esapi/logging/log4j/Log4JLogger.java      | 168 ++++++++++
 .../logging/log4j/Log4JLoggerFactory.java     |  86 ++++++
 .../logging/log4j/Log4JLogBridgeImplTest.java | 152 ++++++++++
 .../logging/log4j/Log4JLogFactoryTest.java    | 108 +++++++
 .../log4j/Log4JLogLevelHandlersTest.java      | 102 +++++++
 .../esapi/logging/log4j/Log4JLoggerTest.java  | 287 ++++++++++++++++++
 11 files changed, 1255 insertions(+)
 create mode 100644 src/main/java/org/owasp/esapi/logging/log4j/Log4JLogBridge.java
 create mode 100644 src/main/java/org/owasp/esapi/logging/log4j/Log4JLogBridgeImpl.java
 create mode 100644 src/main/java/org/owasp/esapi/logging/log4j/Log4JLogFactory.java
 create mode 100644 src/main/java/org/owasp/esapi/logging/log4j/Log4JLogLevelHandler.java
 create mode 100644 src/main/java/org/owasp/esapi/logging/log4j/Log4JLogLevelHandlers.java
 create mode 100644 src/main/java/org/owasp/esapi/logging/log4j/Log4JLogger.java
 create mode 100644 src/main/java/org/owasp/esapi/logging/log4j/Log4JLoggerFactory.java
 create mode 100644 src/test/java/org/owasp/esapi/logging/log4j/Log4JLogBridgeImplTest.java
 create mode 100644 src/test/java/org/owasp/esapi/logging/log4j/Log4JLogFactoryTest.java
 create mode 100644 src/test/java/org/owasp/esapi/logging/log4j/Log4JLogLevelHandlersTest.java
 create mode 100644 src/test/java/org/owasp/esapi/logging/log4j/Log4JLoggerTest.java

diff --git a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogBridge.java b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogBridge.java
new file mode 100644
index 000000000..d69662eba
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogBridge.java
@@ -0,0 +1,42 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @created 2018
+ */
+package org.owasp.esapi.logging.log4j;
+
+import org.apache.log4j.Logger;
+import org.owasp.esapi.Logger.EventType;
+/**
+ * Contract for translating an ESAPI log event into an Log4J log event.
+ * 
+ */
+public interface Log4JLogBridge {
+    /**
+     * Translation for the provided ESAPI level, type, and message to the specified Log4J Logger.
+     * @param logger Logger to receive the translated message.
+     * @param esapiLevel ESAPI level of event.
+     * @param type ESAPI event type
+     * @param message ESAPI event message content.
+     */
+    void log(Logger logger, int esapiLevel, EventType type, String message) ;
+    /**
+     * Translation for the provided ESAPI level, type, message, and Throwable to the specified Log4J Logger.
+     * @param logger Logger to receive the translated message.
+     * @param esapiLevel ESAPI level of event.
+     * @param type ESAPI event type
+     * @param message ESAPI event message content.
+     * @param throwable ESAPI event Throwable content
+     */
+    void log(Logger logger, int esapiLevel, EventType type, String message, Throwable throwable) ;
+      
+}
diff --git a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogBridgeImpl.java b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogBridgeImpl.java
new file mode 100644
index 000000000..d982ead49
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogBridgeImpl.java
@@ -0,0 +1,75 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @created 2018
+ */
+
+package org.owasp.esapi.logging.log4j;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.log4j.Logger;
+import org.owasp.esapi.Logger.EventType;
+import org.owasp.esapi.logging.appender.LogAppender;
+import org.owasp.esapi.logging.cleaning.LogScrubber;
+
+/**
+ * Implementation which is intended to bridge the ESAPI Logging API into LOG4J supported Object structures.
+ *
+ */
+public class Log4JLogBridgeImpl implements Log4JLogBridge {
+    /** Configuration providing associations between esapi log levels and LOG4J levels.*/
+    private final Map<Integer,Log4JLogLevelHandler> esapiSlfLevelMap;
+    /** Cleaner used for log content.*/
+    private final LogScrubber scrubber;
+    /** Appender used for assembling default message content for all logs.*/
+    private final LogAppender appender;
+    
+    /**
+     * Constructor.
+     * @param logScrubber  Log message cleaner.
+     * @param esapiSlfHandlerMap Map identifying ESAPI -> LOG4J log level associations.
+     */
+    public Log4JLogBridgeImpl(LogAppender messageAppender, LogScrubber logScrubber, Map<Integer, Log4JLogLevelHandler> esapiSlfHandlerMap) {
+        //Defensive copy to prevent external mutations.
+        this.esapiSlfLevelMap = new HashMap<>(esapiSlfHandlerMap);
+        this.scrubber = logScrubber;
+        this.appender = messageAppender;
+    }
+    @Override
+    public void log(Logger logger, int esapiLevel, EventType type, String message) {
+        Log4JLogLevelHandler handler = esapiSlfLevelMap.get(esapiLevel);
+        if (handler == null) {
+            throw new IllegalArgumentException("Unable to lookup LOG4J level mapping for esapi value of " + esapiLevel);
+        }
+        if (handler.isEnabled(logger)) {
+        	String fullMessage = appender.appendTo(logger.getName(), type, message);
+            String cleanString = scrubber.cleanMessage(fullMessage);
+            
+            handler.log(logger, cleanString);
+        }
+    }
+    @Override
+    public void log(Logger logger, int esapiLevel, EventType type, String message, Throwable throwable) {
+        Log4JLogLevelHandler handler = esapiSlfLevelMap.get(esapiLevel);
+        if (handler == null) {
+            throw new IllegalArgumentException("Unable to lookup LOG4J level mapping for esapi value of " + esapiLevel);
+        }
+        if (handler.isEnabled(logger)) {
+        	String fullMessage = appender.appendTo(logger.getName(), type, message);
+            String cleanString = scrubber.cleanMessage(fullMessage);
+
+            handler.log(logger, cleanString, throwable);
+        }
+    }
+}
diff --git a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogFactory.java b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogFactory.java
new file mode 100644
index 000000000..8d67c6ff9
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogFactory.java
@@ -0,0 +1,138 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @created 2018
+ */
+package org.owasp.esapi.logging.log4j;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.io.PrintStream;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.apache.log4j.LogManager;
+import org.apache.log4j.PropertyConfigurator;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.LogFactory;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.codecs.HTMLEntityCodec;
+import org.owasp.esapi.logging.appender.LogAppender;
+import org.owasp.esapi.logging.appender.LogPrefixAppender;
+import org.owasp.esapi.logging.cleaning.CodecLogScrubber;
+import org.owasp.esapi.logging.cleaning.CompositeLogScrubber;
+import org.owasp.esapi.logging.cleaning.LogScrubber;
+import org.owasp.esapi.logging.cleaning.NewlineLogScrubber;
+import org.owasp.esapi.logging.java.JavaLogFactory;
+import org.owasp.esapi.reference.DefaultSecurityConfiguration;
+/**
+ * LogFactory implementation which creates Log4J supporting Loggers.
+ *
+ */
+public class Log4JLogFactory implements LogFactory {
+	 /** Immune characters for the codec log scrubber for JAVA context.*/
+    private static final char[] IMMUNE_LOG4J_HTML = {',', '.', '-', '_', ' ' };
+    /** Codec being used to clean messages for logging.*/
+    private static final HTMLEntityCodec HTML_CODEC = new HTMLEntityCodec();
+    /** Log appender instance.*/
+    private static LogAppender Log4J_LOG_APPENDER;
+    /** Log cleaner instance.*/
+    private static LogScrubber Log4J_LOG_SCRUBBER;
+    /** Bridge class for mapping esapi -> log4j log levels.*/
+    private static Log4JLogBridge LOG_BRIDGE;
+    
+    static {
+        boolean encodeLog = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_ENCODING_REQUIRED);
+        Log4J_LOG_SCRUBBER = createLogScrubber(encodeLog);
+        
+    	boolean logClientInfo = true;
+		boolean logApplicationName = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_APPLICATION_NAME);
+		String appName = ESAPI.securityConfiguration().getStringProp(DefaultSecurityConfiguration.APPLICATION_NAME);
+		boolean logServerIp = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_SERVER_IP);
+        Log4J_LOG_APPENDER = createLogAppender(logClientInfo, logServerIp, logApplicationName, appName);
+        
+        Map<Integer, Log4JLogLevelHandler> levelLookup = new HashMap<>();
+        levelLookup.put(Logger.ALL, Log4JLogLevelHandlers.TRACE);
+        levelLookup.put(Logger.TRACE, Log4JLogLevelHandlers.TRACE);
+        levelLookup.put(Logger.DEBUG, Log4JLogLevelHandlers.DEBUG);
+        levelLookup.put(Logger.INFO, Log4JLogLevelHandlers.INFO);
+        levelLookup.put(Logger.ERROR, Log4JLogLevelHandlers.ERROR);
+        levelLookup.put(Logger.WARNING, Log4JLogLevelHandlers.WARN);
+        levelLookup.put(Logger.FATAL, Log4JLogLevelHandlers.FATAL);
+        //LEVEL.OFF not used.  If it's off why would we try to log it?
+        
+        LOG_BRIDGE = new Log4JLogBridgeImpl(Log4J_LOG_APPENDER, Log4J_LOG_SCRUBBER, levelLookup);
+        
+        try (InputStream stream = Log4JLogFactory.class.getClassLoader().
+        		getResourceAsStream("log4j.xml")) {
+        	PropertyConfigurator.configure(stream);
+        } catch (IOException ioe) {
+        	System.err.print(new IOException("Failed to load log4j.xml.", ioe));        	
+        }
+        
+        OutputStream nullOutputStream = new OutputStream() {
+			@Override
+			public void write(int b) throws IOException {
+				//No Op
+			}
+		};
+        
+       System.setOut(new PrintStream(nullOutputStream));
+    }
+    
+    /**
+     * Populates the default log scrubber for use in factory-created loggers.
+     * @param requiresEncoding {@code true} if encoding is required for log content.
+     * @return LogScrubber instance.
+     */
+    /*package*/ static LogScrubber createLogScrubber(boolean requiresEncoding) {
+        List<LogScrubber> messageScrubber = new ArrayList<>();
+        messageScrubber.add(new NewlineLogScrubber());
+        
+        if (requiresEncoding) {
+            messageScrubber.add(new CodecLogScrubber(HTML_CODEC, IMMUNE_LOG4J_HTML));
+        }
+        
+        return new CompositeLogScrubber(messageScrubber);
+        
+    }
+    
+    /**
+     * Populates the default log appender for use in factory-created loggers.
+     * @param appName 
+     * @param logApplicationName 
+     * @param logServerIp 
+     * @param logClientInfo 
+     * 
+     * @return LogAppender instance.
+     */
+    /*package*/ static LogAppender createLogAppender(boolean logClientInfo, boolean logServerIp, boolean logApplicationName, String appName) {
+       return new LogPrefixAppender(logClientInfo, logServerIp, logApplicationName, appName);       
+    }
+    
+    
+    @Override
+    public Logger getLogger(String moduleName) {
+    	org.apache.log4j.Logger log4JLogger = org.apache.log4j.Logger.getLogger(moduleName);
+        return new Log4JLogger(log4JLogger, LOG_BRIDGE, Logger.ALL);
+    }
+
+    @Override
+    public Logger getLogger(@SuppressWarnings("rawtypes") Class clazz) {
+    	org.apache.log4j.Logger log4JLogger = org.apache.log4j.Logger.getLogger(clazz);
+        return new Log4JLogger(log4JLogger, LOG_BRIDGE, Logger.ALL);
+    }
+
+}
diff --git a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogLevelHandler.java b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogLevelHandler.java
new file mode 100644
index 000000000..e73e717e1
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogLevelHandler.java
@@ -0,0 +1,42 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @created 2018
+ */
+package org.owasp.esapi.logging.log4j;
+
+import org.apache.log4j.Logger;
+
+/**
+ * Contract used to isolate translations for each SLF4J Logging Level.
+ * 
+ * @see Log4JLogLevelHandlers
+ * @see Log4JLogBridgeImpl
+ *
+ */
+ interface Log4JLogLevelHandler {
+     /** Check if the logging level is enabled for the specified logger.*/
+    boolean isEnabled(Logger logger);
+    /**
+     * Calls the appropriate log level event on the specified logger.
+     * @param logger Logger to invoke.
+     * @param msg Message to log.
+     */
+    void log(Logger logger, String msg);
+    /**
+     * Calls the appropriate log level event on the specified logger.
+     * @param logger Logger to invoke
+     * @param msg Message to log
+     * @param th Throwable to log.
+     */
+    void log(Logger logger, String msg, Throwable th);
+}
diff --git a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogLevelHandlers.java b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogLevelHandlers.java
new file mode 100644
index 000000000..19e54c696
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogLevelHandlers.java
@@ -0,0 +1,55 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @created 2018
+ */
+
+package org.owasp.esapi.logging.log4j;
+
+
+import org.apache.log4j.Level;
+import org.apache.log4j.Logger;
+
+/**
+ * Enumeration capturing the propagation of Log4J level events.
+ *
+ */
+public enum Log4JLogLevelHandlers implements Log4JLogLevelHandler {
+	FATAL(Level.FATAL),
+	ERROR(Level.ERROR),
+	WARN(Level.WARN),
+	INFO(Level.INFO),
+	DEBUG(Level.DEBUG),
+	TRACE(Level.TRACE),
+	ALL(Level.ALL);
+
+	private final Level level;
+	
+	private Log4JLogLevelHandlers(Level lvl) {
+		this.level = lvl;
+	}
+	
+	@Override
+	public boolean isEnabled(Logger logger) {
+		return logger.isEnabledFor(level);
+	}
+
+	@Override
+	public void log(Logger logger, String msg) {
+		logger.log(level, msg);
+	}
+
+	@Override
+	public void log(Logger logger, String msg, Throwable th) {
+		logger.log(level, msg, th);
+	}    
+}
diff --git a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogger.java b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogger.java
new file mode 100644
index 000000000..9196abbd3
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogger.java
@@ -0,0 +1,168 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @created 2018
+ */
+package org.owasp.esapi.logging.log4j;
+
+import org.owasp.esapi.Logger;
+/**
+ * ESAPI Logger implementation which relays events to an SLF4J delegate.
+ */
+public class Log4JLogger implements org.owasp.esapi.Logger {
+    /** Delegate Logger.*/
+    private final org.apache.log4j.Logger delegate;
+    /** Handler for translating events from ESAPI context for SLF4J processing.*/
+    private final Log4JLogBridge logBridge;
+    /** Maximum log level that will be forwarded to SLF4J from the ESAPI context.*/
+    private int maxLogLevel;
+    
+    /**
+     * Constructs a new instance. 
+     * @param slf4JLogger Delegate SLF4J logger.
+     * @param bridge Translator for ESAPI -> SLF4J logging events.
+     * @param defaultEsapiLevel Maximum ESAPI log level events to propagate.
+     */
+    public Log4JLogger(org.apache.log4j.Logger slf4JLogger, Log4JLogBridge bridge, int defaultEsapiLevel) {
+        delegate = slf4JLogger;
+        this.logBridge = bridge;
+        maxLogLevel = defaultEsapiLevel;
+    }
+    
+    private void log(int esapiLevel, EventType type, String message) {
+        if (isEnabled(esapiLevel)) {
+            logBridge.log(delegate, esapiLevel, type, message);
+        }
+    }
+    
+    private void log(int esapiLevel, EventType type, String message, Throwable throwable) {
+        if (isEnabled(esapiLevel)) {
+            logBridge.log(delegate, esapiLevel, type, message, throwable);
+        }
+    }
+    
+
+    private boolean isEnabled(int esapiLevel) {
+        //Are Logger.OFF and Logger.ALL reversed?  This should be simply the less than or equal to check...
+        return (esapiLevel <= maxLogLevel && maxLogLevel != Logger.OFF) || maxLogLevel == Logger.ALL;
+    }
+    
+    @Override
+    public void always(EventType type, String message) {
+        log (Logger.ALL, type, message);
+    }
+
+    @Override
+    public void always(EventType type, String message, Throwable throwable) {
+        log (Logger.ALL, type, message, throwable);
+    }
+
+    @Override
+    public void trace(EventType type, String message) {
+        log (Logger.TRACE, type, message);
+    }
+    
+    @Override
+    public void trace(EventType type, String message, Throwable throwable) {
+        log (Logger.TRACE, type, message, throwable);
+    }
+
+    @Override
+    public void debug(EventType type, String message) {
+        log (Logger.DEBUG, type, message);
+    }
+
+    @Override
+    public void debug(EventType type, String message, Throwable throwable) {
+        log (Logger.DEBUG, type, message, throwable);
+    }
+    
+    @Override
+    public void info(EventType type, String message) {
+        log (Logger.INFO, type, message);
+    }
+    
+    @Override
+    public void info(EventType type, String message, Throwable throwable) {
+        log (Logger.INFO, type, message, throwable);
+    }
+    
+    @Override
+    public void warning(EventType type, String message) {
+        log (Logger.WARNING, type, message);
+    }
+    
+    @Override
+    public void warning(EventType type, String message, Throwable throwable) {
+        log (Logger.WARNING, type, message, throwable);
+    }
+
+    @Override
+    public void error(EventType type, String message) {
+        log (Logger.ERROR, type, message);
+    }
+
+    @Override
+    public void error(EventType type, String message, Throwable throwable) {
+        log (Logger.ERROR, type, message, throwable);   
+    }
+
+    @Override
+    public void fatal(EventType type, String message) {
+        log (Logger.FATAL, type, message);
+    }
+
+    @Override
+    public void fatal(EventType type, String message, Throwable throwable) {
+        log (Logger.FATAL, type, message, throwable);
+    }
+    
+    @Override
+    public int getESAPILevel() {
+        return maxLogLevel;
+    }
+    
+    @Override
+    public boolean isTraceEnabled() {
+        return isEnabled(Logger.TRACE);
+    }
+    
+    @Override
+    public boolean isDebugEnabled() {
+        return isEnabled(Logger.DEBUG);
+    }
+    @Override
+    public boolean isInfoEnabled() {
+        return isEnabled(Logger.INFO); 
+    }
+    @Override
+    public boolean isWarningEnabled() {
+        return isEnabled(Logger.WARNING);
+    }
+    
+    @Override
+    public boolean isErrorEnabled() {
+        return isEnabled(Logger.ERROR);
+    }
+    
+    @Override
+    public boolean isFatalEnabled() {
+       return isEnabled(Logger.FATAL);
+    }
+    
+
+    @Override
+    public void setLevel(int level) {
+       maxLogLevel = level;
+    }
+    
+}
diff --git a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLoggerFactory.java b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLoggerFactory.java
new file mode 100644
index 000000000..a2b743edf
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLoggerFactory.java
@@ -0,0 +1,86 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2007
+ */
+package org.owasp.esapi.logging.log4j;
+
+import org.apache.log4j.Priority;
+import org.apache.log4j.spi.LoggerFactory;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.logging.appender.LogAppender;
+import org.owasp.esapi.logging.cleaning.LogScrubber;
+import org.owasp.esapi.reference.DefaultSecurityConfiguration;
+
+/**
+ * Implementation of the LoggerFactory interface. This implementation has been 
+ * overridden to return instances of org.owasp.esapi.reference.Log4JLogger.
+ *
+ * @author August Detlefsen (augustd at codemagi dot com)
+ *         <a href="http://www.codemagi.com">CodeMagi, Inc.</a>
+ * @since October 15, 2010
+ * @see org.owasp.esapi.logging.log4j.Log4JLogFactory
+ * @see org.owasp.esapi.reference.Log4JLogger
+ */
+public class Log4JLoggerFactory implements LoggerFactory {
+	 /** Log appender instance.*/
+    private static LogAppender LOG4J_LOG_APPENDER;
+    /** Log cleaner instance.*/
+    private static LogScrubber LOG4J_LOG_SCRUBBER;
+    
+    static {
+        boolean encodeLog = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_ENCODING_REQUIRED);
+        LOG4J_LOG_SCRUBBER = Log4JLogFactory.createLogScrubber(encodeLog);
+        
+    	boolean logClientInfo = true;
+		boolean logApplicationName = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_APPLICATION_NAME);
+		String appName = ESAPI.securityConfiguration().getStringProp(DefaultSecurityConfiguration.APPLICATION_NAME);
+		boolean logServerIp = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_SERVER_IP);
+		LOG4J_LOG_APPENDER = Log4JLogFactory.createLogAppender(logClientInfo, logServerIp, logApplicationName, appName);
+    }
+    
+	/**
+	 * This constructor must be public so it can be accessed from within log4j
+	 */
+	public Log4JLoggerFactory() {}
+
+	/**
+	 * Overridden to return instances of org.owasp.esapi.reference.Log4JLogger.
+	 * 
+	 * @param name The class name to return a logger for.
+	 * @return org.owasp.esapi.reference.Log4JLogger
+	 */
+	public org.apache.log4j.Logger makeNewLoggerInstance(String name) {		
+		//return new org.owasp.esapi.reference.Log4JLogger(name);
+		return new EsapiLog4JWrapper(name);
+	}
+	
+	
+	public static class EsapiLog4JWrapper extends org.apache.log4j.Logger {
+
+		protected EsapiLog4JWrapper(String name) {
+			super(name);			
+		}
+		
+		@Override
+		protected void forcedLog(String fqcn, Priority level, Object message, Throwable t) {
+			String toClean = message.toString();
+			
+			String fullMessage = LOG4J_LOG_APPENDER.appendTo(getName(), null, toClean);
+			String cleanMsg = LOG4J_LOG_SCRUBBER.cleanMessage(fullMessage);
+			
+			super.forcedLog(fqcn, level, cleanMsg, t);
+		}
+		
+	}
+}
diff --git a/src/test/java/org/owasp/esapi/logging/log4j/Log4JLogBridgeImplTest.java b/src/test/java/org/owasp/esapi/logging/log4j/Log4JLogBridgeImplTest.java
new file mode 100644
index 000000000..23138f56a
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/logging/log4j/Log4JLogBridgeImplTest.java
@@ -0,0 +1,152 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @created 2018
+ */
+package org.owasp.esapi.logging.log4j;
+
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.ExpectedException;
+import org.junit.rules.TestName;
+import org.mockito.ArgumentMatchers;
+import org.mockito.Mockito;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.Logger.EventType;
+import org.owasp.esapi.logging.appender.LogAppender;
+import org.owasp.esapi.logging.cleaning.LogScrubber;
+
+public class Log4JLogBridgeImplTest {
+
+    @Rule
+    public TestName testName = new TestName();
+    @Rule
+    public ExpectedException exEx = ExpectedException.none();
+
+    private LogScrubber mockScrubber = Mockito.mock(LogScrubber.class);
+    private LogAppender mockAppender = Mockito.mock(LogAppender.class);
+    private Log4JLogLevelHandler mockHandler = Mockito.mock(Log4JLogLevelHandler.class);
+    private org.apache.log4j.Logger log4JSpy;
+    private Throwable testEx = new Throwable(testName.getMethodName());
+    private Log4JLogBridge bridge;
+
+    @Before
+    public void setup() {
+        Map<Integer, Log4JLogLevelHandler> levelLookup = new HashMap<>();
+        levelLookup.put(Logger.ALL, mockHandler);
+        
+        org.apache.log4j.Logger wrappedLogger =org.apache.log4j.Logger.getLogger(testName.getMethodName());
+        log4JSpy = Mockito.spy(wrappedLogger);
+        bridge = new Log4JLogBridgeImpl(mockAppender, mockScrubber, levelLookup);
+    }
+
+    @Test
+    public void testLogMessageWithUnmappedEsapiLevelThrowsException() {
+        exEx.expect(IllegalArgumentException.class);
+        exEx.expectMessage("Unable to lookup LOG4J level mapping");
+        Map<Integer, Log4JLogLevelHandler> emptyMap = Collections.emptyMap();
+        new Log4JLogBridgeImpl(mockAppender, mockScrubber, emptyMap).log(log4JSpy, 0, Logger.EVENT_UNSPECIFIED, "This Should fail");
+    }
+    
+    @Test
+    public void testLogMessageAndExceptionWithUnmappedEsapiLevelThrowsException() {
+        exEx.expect(IllegalArgumentException.class);
+        exEx.expectMessage("Unable to lookup LOG4J level mapping");
+        Map<Integer, Log4JLogLevelHandler> emptyMap = Collections.emptyMap();
+        new Log4JLogBridgeImpl(mockAppender, mockScrubber, emptyMap).log(log4JSpy, 0, Logger.EVENT_UNSPECIFIED, "This Should fail", testEx);
+    }
+    
+    @Test
+    public void testLogMessage() {
+    	EventType eventType = Logger.EVENT_UNSPECIFIED;
+    	String loggerName = testName.getMethodName();
+    	String orignMsg = testName.getMethodName();
+    	String appendMsg = "[APPEND] " + orignMsg;
+        String cleanMsg = appendMsg + " [CLEANED]";
+
+        //Setup for Appender
+        Mockito.when(mockAppender.appendTo(loggerName, eventType, orignMsg)).thenReturn(appendMsg);
+        //Setup for Scrubber
+        Mockito.when(mockScrubber.cleanMessage(appendMsg)).thenReturn(cleanMsg);
+        //Setup for Delegate Handler
+        Mockito.when(mockHandler.isEnabled(log4JSpy)).thenReturn(true);
+
+        bridge.log(log4JSpy, Logger.ALL, eventType, testName.getMethodName());
+
+        Mockito.verify(mockAppender, Mockito.times(1)).appendTo(loggerName, eventType, testName.getMethodName());
+        Mockito.verify(mockScrubber, Mockito.times(1)).cleanMessage(appendMsg);
+        Mockito.verify(mockHandler, Mockito.times(1)).isEnabled(log4JSpy);
+        Mockito.verify(mockHandler, Mockito.times(0)).log(ArgumentMatchers.any(org.apache.log4j.Logger.class), ArgumentMatchers.any(String.class), ArgumentMatchers.any(Throwable.class));
+        Mockito.verify(mockHandler, Mockito.times(1)).log(ArgumentMatchers.same(log4JSpy), ArgumentMatchers.eq(cleanMsg));
+     
+        Mockito.verifyNoMoreInteractions(log4JSpy, mockAppender, mockScrubber,mockHandler);
+    }
+
+    @Test
+    public void testLogErrorMessageWithException() {
+    	EventType eventType = Logger.EVENT_UNSPECIFIED;
+    	String loggerName = testName.getMethodName();
+    	String orignMsg = testName.getMethodName();
+    	String appendMsg = "[APPEND] " + orignMsg;
+        String cleanMsg = appendMsg + " [CLEANED]";
+
+        //Setup for Appender
+        Mockito.when(mockAppender.appendTo(loggerName, eventType, orignMsg)).thenReturn(appendMsg);
+        //Setup for Scrubber
+        Mockito.when(mockScrubber.cleanMessage(appendMsg)).thenReturn(cleanMsg);
+        //Setup for Delegate Handler
+        Mockito.when(mockHandler.isEnabled(log4JSpy)).thenReturn(true);
+
+        bridge.log(log4JSpy, Logger.ALL, eventType, testName.getMethodName(), testEx);
+
+        Mockito.verify(mockAppender, Mockito.times(1)).appendTo(loggerName, eventType, testName.getMethodName());
+        Mockito.verify(mockScrubber, Mockito.times(1)).cleanMessage(appendMsg);
+        Mockito.verify(mockHandler, Mockito.times(1)).isEnabled(log4JSpy);
+        Mockito.verify(mockHandler, Mockito.times(0)).log(ArgumentMatchers.any(org.apache.log4j.Logger.class), ArgumentMatchers.any(String.class));
+
+        Mockito.verify(mockHandler, Mockito.times(1)).log(ArgumentMatchers.same(log4JSpy), ArgumentMatchers.eq(cleanMsg), ArgumentMatchers.same(testEx));
+     
+        Mockito.verifyNoMoreInteractions(log4JSpy, mockAppender, mockScrubber,mockHandler);
+    }
+
+
+    @Test
+    public void testDisabledLogMessage() {
+        Mockito.when(mockHandler.isEnabled(log4JSpy)).thenReturn(false);
+
+        bridge.log(log4JSpy, Logger.ALL, Logger.EVENT_UNSPECIFIED, testName.getMethodName());
+
+        Mockito.verify(mockHandler, Mockito.times(1)).isEnabled(log4JSpy);
+        Mockito.verify(mockScrubber, Mockito.times(0)).cleanMessage(ArgumentMatchers.anyString());
+        Mockito.verify(mockHandler, Mockito.times(0)).log(ArgumentMatchers.any(org.apache.log4j.Logger.class), ArgumentMatchers.any(String.class));
+        Mockito.verify(mockHandler, Mockito.times(0)).log(ArgumentMatchers.any(org.apache.log4j.Logger.class), ArgumentMatchers.any(String.class), ArgumentMatchers.any(Throwable.class));
+    }
+
+    @Test
+    public void testDisabledErrorLogWithException() {
+        Mockito.when(mockHandler.isEnabled(log4JSpy)).thenReturn(false);
+
+        bridge.log(log4JSpy, Logger.ALL, Logger.EVENT_UNSPECIFIED, testName.getMethodName(), testEx);
+
+        Mockito.verify(mockHandler, Mockito.times(1)).isEnabled(log4JSpy);
+        Mockito.verify(mockScrubber, Mockito.times(0)).cleanMessage(ArgumentMatchers.anyString());
+        Mockito.verify(mockHandler, Mockito.times(0)).log(ArgumentMatchers.any(org.apache.log4j.Logger.class), ArgumentMatchers.any(String.class));
+        Mockito.verify(mockHandler, Mockito.times(0)).log(ArgumentMatchers.any(org.apache.log4j.Logger.class), ArgumentMatchers.any(String.class), ArgumentMatchers.any(Throwable.class));
+
+    }
+
+}
diff --git a/src/test/java/org/owasp/esapi/logging/log4j/Log4JLogFactoryTest.java b/src/test/java/org/owasp/esapi/logging/log4j/Log4JLogFactoryTest.java
new file mode 100644
index 000000000..a983e1bc5
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/logging/log4j/Log4JLogFactoryTest.java
@@ -0,0 +1,108 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @created 2018
+ */
+package org.owasp.esapi.logging.log4j;
+
+import java.util.List;
+
+import org.junit.Assert;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.TestName;
+import org.junit.runner.RunWith;
+import org.mockito.ArgumentCaptor;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.logging.appender.LogAppender;
+import org.owasp.esapi.logging.appender.LogPrefixAppender;
+import org.owasp.esapi.logging.cleaning.CodecLogScrubber;
+import org.owasp.esapi.logging.cleaning.CompositeLogScrubber;
+import org.owasp.esapi.logging.cleaning.LogScrubber;
+import org.owasp.esapi.logging.cleaning.NewlineLogScrubber;
+import org.owasp.esapi.logging.log4j.Log4JLogFactory;
+import org.owasp.esapi.logging.log4j.Log4JLogger;
+import org.powermock.api.mockito.PowerMockito;
+import org.powermock.core.classloader.annotations.PrepareForTest;
+import org.powermock.modules.junit4.PowerMockRunner;
+
+@RunWith(PowerMockRunner.class)
+@PrepareForTest (Log4JLogFactory.class)
+public class Log4JLogFactoryTest {
+	@Rule
+    public TestName testName = new TestName();
+	
+    @Test
+    public void testCreateLoggerByString() {
+        Logger logger = new Log4JLogFactory().getLogger("test");
+        Assert.assertTrue(logger instanceof Log4JLogger);
+    }
+    
+    @Test public void testCreateLoggerByClass() {
+        Logger logger = new Log4JLogFactory().getLogger(Log4JLogBridgeImplTest.class);
+        Assert.assertTrue(logger instanceof Log4JLogger);
+    }
+    
+    @Test
+    public void checkScrubberWithEncoding() throws Exception {
+        ArgumentCaptor<List> delegates = ArgumentCaptor.forClass(List.class);
+        PowerMockito.whenNew(CompositeLogScrubber.class).withArguments(delegates.capture()).thenReturn(null);
+        
+        //Call to invoke the constructor capture
+        Log4JLogFactory.createLogScrubber(true);
+        
+        List<LogScrubber> scrubbers = delegates.getValue();
+        Assert.assertEquals(2, scrubbers.size());
+        Assert.assertTrue(scrubbers.get(0) instanceof NewlineLogScrubber);
+        Assert.assertTrue(scrubbers.get(1) instanceof CodecLogScrubber);
+    }
+    
+    @Test
+    public void checkScrubberWithoutEncoding() throws Exception {
+        ArgumentCaptor<List> delegates = ArgumentCaptor.forClass(List.class);
+        PowerMockito.whenNew(CompositeLogScrubber.class).withArguments(delegates.capture()).thenReturn(null);
+        
+        //Call to invoke the constructor capture
+        Log4JLogFactory.createLogScrubber(false);
+        
+        List<LogScrubber> scrubbers = delegates.getValue();
+        Assert.assertEquals(1, scrubbers.size());
+        Assert.assertTrue(scrubbers.get(0) instanceof NewlineLogScrubber);
+    }
+    
+    /**
+	 * At this time there are no special considerations or handling for the appender
+	 * creation in this scope. It is expected that the arguments to the internal
+	 * creation method are passed directly to the constructor of the
+	 * LogPrefixAppender with no mutation or additional validation.
+	 */
+    @Test
+    public void checkPassthroughAppenderConstruct() throws Exception {
+    	LogPrefixAppender stubAppender = new LogPrefixAppender(true, true, true, "");
+    	ArgumentCaptor<Boolean> clientInfoCapture = ArgumentCaptor.forClass(Boolean.class);
+    	ArgumentCaptor<Boolean> serverInfoCapture = ArgumentCaptor.forClass(Boolean.class);
+    	ArgumentCaptor<Boolean> logAppNameCapture = ArgumentCaptor.forClass(Boolean.class);
+    	ArgumentCaptor<String> appNameCapture = ArgumentCaptor.forClass(String.class);
+    	
+    	PowerMockito.whenNew(LogPrefixAppender.class).withArguments(clientInfoCapture.capture(), serverInfoCapture.capture(), logAppNameCapture.capture(), appNameCapture.capture()).thenReturn(stubAppender);
+    	
+    	LogAppender appender = Log4JLogFactory.createLogAppender(true, false, true, testName.getMethodName());
+    	
+    	Assert.assertEquals(stubAppender, appender);
+    	Assert.assertTrue(clientInfoCapture.getValue());
+    	Assert.assertFalse(serverInfoCapture.getValue());
+    	Assert.assertTrue(logAppNameCapture.getValue());
+    	Assert.assertEquals(testName.getMethodName(), appNameCapture.getValue());    	
+    }
+    
+   
+}
diff --git a/src/test/java/org/owasp/esapi/logging/log4j/Log4JLogLevelHandlersTest.java b/src/test/java/org/owasp/esapi/logging/log4j/Log4JLogLevelHandlersTest.java
new file mode 100644
index 000000000..9f2cefbc7
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/logging/log4j/Log4JLogLevelHandlersTest.java
@@ -0,0 +1,102 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @created 2018
+ */
+package org.owasp.esapi.logging.log4j;
+
+import org.apache.log4j.Level;
+import org.apache.log4j.Logger;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.TestName;
+import org.mockito.Mockito;
+import org.owasp.esapi.logging.log4j.Log4JLogLevelHandlers;
+
+public class Log4JLogLevelHandlersTest {
+
+    private Logger mockLogger = Mockito.mock(Logger.class);
+    @Rule
+    public TestName testName = new TestName();
+
+    private Throwable testException = new Throwable("Expected for testing");
+
+    @Test
+    public void testFatalDelegation() {
+        Log4JLogLevelHandlers.FATAL.isEnabled(mockLogger);
+        Log4JLogLevelHandlers.FATAL.log(mockLogger, testName.getMethodName());
+        Log4JLogLevelHandlers.FATAL.log(mockLogger, testName.getMethodName(), testException);
+
+        Mockito.verify(mockLogger, Mockito.times(1)).isEnabledFor(Level.FATAL);
+        Mockito.verify(mockLogger, Mockito.times(1)).log(Level.FATAL, testName.getMethodName());
+        Mockito.verify(mockLogger, Mockito.times(1)).log(Level.FATAL, testName.getMethodName(), testException);
+        Mockito.verifyNoMoreInteractions(mockLogger);
+    }
+
+    
+    @Test
+    public void testErrorDelegation() {
+        Log4JLogLevelHandlers.ERROR.isEnabled(mockLogger);
+        Log4JLogLevelHandlers.ERROR.log(mockLogger, testName.getMethodName());
+        Log4JLogLevelHandlers.ERROR.log(mockLogger, testName.getMethodName(), testException);
+
+        Mockito.verify(mockLogger, Mockito.times(1)).isEnabledFor(Level.ERROR);
+        Mockito.verify(mockLogger, Mockito.times(1)).log(Level.ERROR, testName.getMethodName());
+        Mockito.verify(mockLogger, Mockito.times(1)).log(Level.ERROR, testName.getMethodName(), testException);
+        Mockito.verifyNoMoreInteractions(mockLogger);
+    }
+
+    @Test
+    public void testWarnDelegation() {
+        Log4JLogLevelHandlers.WARN.isEnabled(mockLogger);
+        Log4JLogLevelHandlers.WARN.log(mockLogger, testName.getMethodName());
+        Log4JLogLevelHandlers.WARN.log(mockLogger, testName.getMethodName(), testException);
+
+        Mockito.verify(mockLogger, Mockito.times(1)).isEnabledFor(Level.WARN);
+        Mockito.verify(mockLogger, Mockito.times(1)).log(Level.WARN, testName.getMethodName());
+        Mockito.verify(mockLogger, Mockito.times(1)).log(Level.WARN, testName.getMethodName(), testException);
+        Mockito.verifyNoMoreInteractions(mockLogger);
+    }
+    @Test
+    public void testInfoDelegation() {
+        Log4JLogLevelHandlers.INFO.isEnabled(mockLogger);
+        Log4JLogLevelHandlers.INFO.log(mockLogger, testName.getMethodName());
+        Log4JLogLevelHandlers.INFO.log(mockLogger, testName.getMethodName(), testException);
+
+        Mockito.verify(mockLogger, Mockito.times(1)).isEnabledFor(Level.INFO);
+        Mockito.verify(mockLogger, Mockito.times(1)).log(Level.INFO, testName.getMethodName());
+        Mockito.verify(mockLogger, Mockito.times(1)).log(Level.INFO, testName.getMethodName(), testException);
+        Mockito.verifyNoMoreInteractions(mockLogger);
+    }
+    @Test
+    public void testDebugDelegation() {
+        Log4JLogLevelHandlers.DEBUG.isEnabled(mockLogger);
+        Log4JLogLevelHandlers.DEBUG.log(mockLogger, testName.getMethodName());
+        Log4JLogLevelHandlers.DEBUG.log(mockLogger, testName.getMethodName(), testException);
+
+        Mockito.verify(mockLogger, Mockito.times(1)).isEnabledFor(Level.DEBUG);
+        Mockito.verify(mockLogger, Mockito.times(1)).log(Level.DEBUG, testName.getMethodName());
+        Mockito.verify(mockLogger, Mockito.times(1)).log(Level.DEBUG, testName.getMethodName(), testException);
+        Mockito.verifyNoMoreInteractions(mockLogger);
+    }
+    @Test
+    public void testTraceDelegation() {
+        Log4JLogLevelHandlers.TRACE.isEnabled(mockLogger);
+        Log4JLogLevelHandlers.TRACE.log(mockLogger, testName.getMethodName());
+        Log4JLogLevelHandlers.TRACE.log(mockLogger, testName.getMethodName(), testException);
+
+        Mockito.verify(mockLogger, Mockito.times(1)).isEnabledFor(Level.TRACE);
+        Mockito.verify(mockLogger, Mockito.times(1)).log(Level.TRACE, testName.getMethodName());
+        Mockito.verify(mockLogger, Mockito.times(1)).log(Level.TRACE, testName.getMethodName(), testException);
+        Mockito.verifyNoMoreInteractions(mockLogger);
+    }
+}
diff --git a/src/test/java/org/owasp/esapi/logging/log4j/Log4JLoggerTest.java b/src/test/java/org/owasp/esapi/logging/log4j/Log4JLoggerTest.java
new file mode 100644
index 000000000..36982fb0f
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/logging/log4j/Log4JLoggerTest.java
@@ -0,0 +1,287 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @created 2018
+ */
+
+package org.owasp.esapi.logging.log4j;
+
+import org.junit.Assert;
+import org.junit.Test;
+import org.mockito.Mockito;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.logging.log4j.Log4JLogBridge;
+import org.owasp.esapi.logging.log4j.Log4JLogger;
+
+public class Log4JLoggerTest {
+    
+    private static final String MSG = Log4JLoggerTest.class.getSimpleName();
+    
+    private Log4JLogBridge mockBridge = Mockito.mock(Log4JLogBridge.class);
+    private org.apache.log4j.Logger mockLogDelegate = Mockito.mock(org.apache.log4j.Logger.class);
+    
+    private Throwable testEx = new Throwable(MSG + "_Exception");
+    private Logger testLogger = new Log4JLogger(mockLogDelegate, mockBridge, Logger.ALL);
+
+    @Test
+    public void testLevelEnablement() {
+        testLogger.setLevel(Logger.INFO);
+        
+        Assert.assertFalse(testLogger.isFatalEnabled());
+        Assert.assertFalse(testLogger.isErrorEnabled());
+        Assert.assertFalse(testLogger.isWarningEnabled());
+        Assert.assertTrue(testLogger.isInfoEnabled());
+        Assert.assertTrue(testLogger.isDebugEnabled());
+        Assert.assertTrue(testLogger.isTraceEnabled());
+        
+        Assert.assertEquals(Logger.INFO, testLogger.getESAPILevel());
+    }
+    
+    @Test
+    public void testAllLevelEnablement() {
+        testLogger.setLevel(Logger.ALL);
+        
+        Assert.assertTrue(testLogger.isFatalEnabled());
+        Assert.assertTrue(testLogger.isErrorEnabled());
+        Assert.assertTrue(testLogger.isWarningEnabled());
+        Assert.assertTrue(testLogger.isInfoEnabled());
+        Assert.assertTrue(testLogger.isDebugEnabled());
+        Assert.assertTrue(testLogger.isTraceEnabled());
+    }
+
+    @Test
+    public void testOffLevelEnablement() {
+        testLogger.setLevel(Logger.OFF);
+        
+        Assert.assertFalse(testLogger.isFatalEnabled());
+        Assert.assertFalse(testLogger.isErrorEnabled());
+        Assert.assertFalse(testLogger.isWarningEnabled());
+        Assert.assertFalse(testLogger.isInfoEnabled());
+        Assert.assertFalse(testLogger.isDebugEnabled());
+        Assert.assertFalse(testLogger.isTraceEnabled());
+    }
+    @Test
+    public void testFatalWithMessage() {
+        testLogger.fatal(Logger.EVENT_UNSPECIFIED, MSG);
+        
+        Mockito.verify(mockBridge, Mockito.times(1)).log(mockLogDelegate, Logger.FATAL, Logger.EVENT_UNSPECIFIED, MSG);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    @Test
+    public void testFatalWithMessageAndThrowable() {
+        testLogger.fatal(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        
+        Mockito.verify(mockBridge, Mockito.times(1)).log(mockLogDelegate, Logger.FATAL, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    
+    @Test
+    public void testFatalWithMessageDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.fatal(Logger.EVENT_UNSPECIFIED, MSG);
+        
+        Mockito.verify(mockBridge, Mockito.times(0)).log(mockLogDelegate, Logger.FATAL, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    @Test
+    public void testFatalWithMessageAndThrowableDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.fatal(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verify(mockBridge, Mockito.times(0)).log(mockLogDelegate, Logger.FATAL, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    
+    @Test
+    public void testErrorWithMessage() {
+        testLogger.error(Logger.EVENT_UNSPECIFIED, MSG);
+        
+        Mockito.verify(mockBridge, Mockito.times(1)).log(mockLogDelegate, Logger.ERROR, Logger.EVENT_UNSPECIFIED, MSG);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    @Test
+    public void testErrorWithMessageAndThrowable() {
+        testLogger.error(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        
+        Mockito.verify(mockBridge, Mockito.times(1)).log(mockLogDelegate, Logger.ERROR, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    
+    @Test
+    public void testErrorWithMessageDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.error(Logger.EVENT_UNSPECIFIED, MSG);
+        
+        Mockito.verify(mockBridge, Mockito.times(0)).log(mockLogDelegate, Logger.ERROR, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    @Test
+    public void testErrorWithMessageAndThrowableDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.error(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verify(mockBridge, Mockito.times(0)).log(mockLogDelegate, Logger.ERROR, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    
+    @Test
+    public void testWarnWithMessage() {
+        testLogger.warning(Logger.EVENT_UNSPECIFIED, MSG);
+        
+        Mockito.verify(mockBridge, Mockito.times(1)).log(mockLogDelegate, Logger.WARNING, Logger.EVENT_UNSPECIFIED, MSG);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    @Test
+    public void testWarnWithMessageAndThrowable() {
+        testLogger.warning(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        
+        Mockito.verify(mockBridge, Mockito.times(1)).log(mockLogDelegate, Logger.WARNING, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    
+    @Test
+    public void testWarnWithMessageDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.warning(Logger.EVENT_UNSPECIFIED, MSG);
+        
+        Mockito.verify(mockBridge, Mockito.times(0)).log(mockLogDelegate, Logger.WARNING, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    @Test
+    public void testWarnWithMessageAndThrowableDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.warning(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verify(mockBridge, Mockito.times(0)).log(mockLogDelegate, Logger.WARNING, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    
+    @Test
+    public void testInfoWithMessage() {
+        testLogger.info(Logger.EVENT_UNSPECIFIED, MSG);
+        
+        Mockito.verify(mockBridge, Mockito.times(1)).log(mockLogDelegate, Logger.INFO, Logger.EVENT_UNSPECIFIED, MSG);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    @Test
+    public void testInfoWithMessageAndThrowable() {
+        testLogger.info(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        
+        Mockito.verify(mockBridge, Mockito.times(1)).log(mockLogDelegate, Logger.INFO, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    
+    @Test
+    public void testInfoWithMessageDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.info(Logger.EVENT_UNSPECIFIED, MSG);
+        
+        Mockito.verify(mockBridge, Mockito.times(0)).log(mockLogDelegate, Logger.INFO, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    @Test
+    public void testInfoWithMessageAndThrowableDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.info(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verify(mockBridge, Mockito.times(0)).log(mockLogDelegate, Logger.INFO, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    @Test
+    public void testDebugWithMessage() {
+        testLogger.debug(Logger.EVENT_UNSPECIFIED, MSG);
+        
+        Mockito.verify(mockBridge, Mockito.times(1)).log(mockLogDelegate, Logger.DEBUG, Logger.EVENT_UNSPECIFIED, MSG);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    @Test
+    public void testDebugWithMessageAndThrowable() {
+        testLogger.debug(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        
+        Mockito.verify(mockBridge, Mockito.times(1)).log(mockLogDelegate, Logger.DEBUG, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    
+    @Test
+    public void testDebugWithMessageDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.debug(Logger.EVENT_UNSPECIFIED, MSG);
+        
+        Mockito.verify(mockBridge, Mockito.times(0)).log(mockLogDelegate, Logger.DEBUG, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    @Test
+    public void testDebugWithMessageAndThrowableDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.debug(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verify(mockBridge, Mockito.times(0)).log(mockLogDelegate, Logger.DEBUG, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    
+    @Test
+    public void testTraceWithMessage() {
+        testLogger.trace(Logger.EVENT_UNSPECIFIED, MSG);
+        
+        Mockito.verify(mockBridge, Mockito.times(1)).log(mockLogDelegate, Logger.TRACE, Logger.EVENT_UNSPECIFIED, MSG);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    @Test
+    public void testTraceWithMessageAndThrowable() {
+        testLogger.trace(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        
+        Mockito.verify(mockBridge, Mockito.times(1)).log(mockLogDelegate, Logger.TRACE, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    
+    @Test
+    public void testTraceWithMessageDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.trace(Logger.EVENT_UNSPECIFIED, MSG);
+        
+        Mockito.verify(mockBridge, Mockito.times(0)).log(mockLogDelegate, Logger.TRACE, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    @Test
+    public void testTraceWithMessageAndThrowableDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.trace(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verify(mockBridge, Mockito.times(0)).log(mockLogDelegate, Logger.TRACE, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    
+    @Test
+    public void testAlwaysWithMessage() {
+        testLogger.always(Logger.EVENT_UNSPECIFIED, MSG);
+        
+        Mockito.verify(mockBridge, Mockito.times(1)).log(mockLogDelegate, Logger.ALL, Logger.EVENT_UNSPECIFIED, MSG);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    @Test
+    public void testAlwaysWithMessageAndThrowable() {
+        testLogger.always(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        
+        Mockito.verify(mockBridge, Mockito.times(1)).log(mockLogDelegate, Logger.ALL, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    
+    @Test
+    public void testAlwaysWithMessageDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.always(Logger.EVENT_UNSPECIFIED, MSG);
+        
+        Mockito.verify(mockBridge, Mockito.times(0)).log(mockLogDelegate, Logger.ALL, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+    @Test
+    public void testAlwaysWithMessageAndThrowableDisabled() {
+        testLogger.setLevel(Logger.OFF);
+        testLogger.always(Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verify(mockBridge, Mockito.times(0)).log(mockLogDelegate, Logger.ALL, Logger.EVENT_UNSPECIFIED, MSG, testEx);
+        Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
+    }
+}

From 020410c7135a1a1437a7ff2888e07f227d5ff31d Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Tue, 10 Dec 2019 18:47:07 -0600
Subject: [PATCH 627/812] Log4J reference package cleanup

Removing previous implementations and tests.
---
 .../esapi/reference/Log4JLogFactory.java      |  91 ---
 .../owasp/esapi/reference/Log4JLogger.java    | 527 ------------------
 .../esapi/reference/Log4JLoggerFactory.java   |  47 --
 .../esapi/reference/Log4JLoggerTest.java      | 500 -----------------
 4 files changed, 1165 deletions(-)
 delete mode 100644 src/main/java/org/owasp/esapi/reference/Log4JLogFactory.java
 delete mode 100644 src/main/java/org/owasp/esapi/reference/Log4JLogger.java
 delete mode 100644 src/main/java/org/owasp/esapi/reference/Log4JLoggerFactory.java
 delete mode 100644 src/test/java/org/owasp/esapi/reference/Log4JLoggerTest.java

diff --git a/src/main/java/org/owasp/esapi/reference/Log4JLogFactory.java b/src/main/java/org/owasp/esapi/reference/Log4JLogFactory.java
deleted file mode 100644
index cab4d5dad..000000000
--- a/src/main/java/org/owasp/esapi/reference/Log4JLogFactory.java
+++ /dev/null
@@ -1,91 +0,0 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- *
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- *
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- *
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference;
-
-import java.util.HashMap;
-
-import org.apache.log4j.LogManager;
-import org.apache.log4j.spi.LoggerFactory;
-
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.LogFactory;
-import org.owasp.esapi.Logger;
-
-/**
- * Reference implementation of the LogFactory interface. This implementation uses the Apache Log4J package, and marks each
- * log message with the currently logged in user and the word "SECURITY" for security related events. See the 
- * <a href="JavaLogFactory.JavaLogger.html">JavaLogFactory.JavaLogger</a> Javadocs for the details on the JavaLogger reference implementation.
- * 
- * At class initialization time, the file log4j.properties or log4j.xml file will be loaded from the classpath. This configuration file is 
- * fundamental to make log4j work for you. Please see http://logging.apache.org/log4j/1.2/manual.html for more information.
- *
- * Note that <b>you must specify the LogFactory</b> in either log4j.properties:
- *
- * <code>
- *     log4j.loggerFactory=org.owasp.esapi.reference.Log4JLoggerFactory
- * </code>
- *
- * or log4j.xml:
- * 
- * <code>
- *     &lt;loggerFactory class="org.owasp.esapi.reference.Log4JLoggerFactory"/&gt;
-
- * </code>
- * 
- * @author Mike H. Fauzy (mike.fauzy@aspectsecurity.com) <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @author Jim Manico (jim@manico.net) <a href="http://www.manico.net">Manico.net</a>
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @author August Detlefsen (augustd at codemagi dot com) <a href="http://www.codemagi.com">CodeMagi, Inc.</a>
- * @since June 1, 2007
- * @see org.owasp.esapi.LogFactory
- * @see org.owasp.esapi.reference.Log4JLogger
- * @see org.owasp.esapi.reference.Log4JLoggerFactory
- */
-public class Log4JLogFactory implements LogFactory {
-
-	private static volatile LogFactory singletonInstance;
-
-	//The Log4j logger factory to use
-	LoggerFactory factory = new Log4JLoggerFactory();
-
-    public static LogFactory getInstance() {
-        if ( singletonInstance == null ) {
-            synchronized ( Log4JLogFactory.class ) {
-                if ( singletonInstance == null ) {
-                    singletonInstance = new Log4JLogFactory();
-                }
-            }
-        }
-        return singletonInstance;
-    }
-	
-	protected Log4JLogFactory() {}
-	
-	/**
-	* {@inheritDoc}
-	*/
-	public org.owasp.esapi.Logger getLogger(Class clazz) {
-		return (org.owasp.esapi.Logger)LogManager.getLogger(clazz.getName(), factory);
-    }
-
-    /**
-	* {@inheritDoc}
-	*/
-	public org.owasp.esapi.Logger getLogger(String moduleName) {
-		return (org.owasp.esapi.Logger)LogManager.getLogger(moduleName, factory);
-    }
-
-}
\ No newline at end of file
diff --git a/src/main/java/org/owasp/esapi/reference/Log4JLogger.java b/src/main/java/org/owasp/esapi/reference/Log4JLogger.java
deleted file mode 100644
index af7045663..000000000
--- a/src/main/java/org/owasp/esapi/reference/Log4JLogger.java
+++ /dev/null
@@ -1,527 +0,0 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- *
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- *
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- *
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
-import org.apache.log4j.Category;
-import org.apache.log4j.Level;
-import org.apache.log4j.LogManager;
-import org.apache.log4j.Logger;
-import org.apache.log4j.spi.LoggerFactory;
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.User;
-
-/**
- * Reference implementation of the Logger interface. This implementation extends org.apache.log4j.Logger
- * in order to take advantage of per-class and per-package configuration options provided by Log4J. 
- *
- * @author August Detlefsen (augustd at codemagi dot com)
- *         <a href="http://www.codemagi.com">CodeMagi, Inc.</a>
- * @since October 15, 2010
- * @see org.owasp.esapi.reference.Log4JLogFactory
- * @see org.owasp.esapi.reference.Log4JLoggerFactory
- */
-public class Log4JLogger extends org.apache.log4j.Logger implements org.owasp.esapi.Logger {
-
-	/** The log factory to use in creating new instances. */
-	private static LoggerFactory factory = new Log4JLoggerFactory();
-
-	/** The application name using this log */
-	private static String applicationName = ESAPI.securityConfiguration().getApplicationName();
-
-	/** Log the application name? */
-	private static boolean logAppName = ESAPI.securityConfiguration().getLogApplicationName();
-	
-	/** Log the server ip? */
-	private static boolean logServerIP = ESAPI.securityConfiguration().getLogServerIP();
-
-	public Log4JLogger(String name) {
-		super(name);
-	}
-
-	/**
-	 * This method overrides {@link Logger#getInstance} by supplying
-	 * its own factory type as a parameter.
-	 */
-	public static Category getInstance(String name) {
-		return LogManager.getLogger(name, factory);
-	}
-
-	/**
-	 * This method overrides {@link Logger#getInstance} by supplying
-	 * its own factory type as a parameter.
-	 */
-	public static Category getInstance(Class clazz) {
-		return LogManager.getLogger(clazz.getName(), factory);
-	}
-
-	/**
-	 * This method overrides {@link Logger#getLogger} by supplying
-	 * its own factory type as a parameter.
-	 */
-	public static Logger getLogger(String name) {
-		return LogManager.getLogger(name, factory);
-	}
-
-	/**
-	 * This method overrides {@link Logger#getLogger} by supplying
-	 * its own factory type as a parameter.
-	 */
-	public static org.apache.log4j.Logger getLogger(Class clazz) {
-		return LogManager.getLogger(clazz.getName(), factory);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 * Note: In this implementation, this change is not persistent,
-	 * meaning that if the application is restarted, the log level will revert to the level defined in the
-	 * ESAPI SecurityConfiguration properties file.
-	 */
-	public void setLevel(int level) {
-		try {
-			super.setLevel(convertESAPILeveltoLoggerLevel(level));
-		} catch (IllegalArgumentException e) {
-			this.error(org.owasp.esapi.Logger.SECURITY_FAILURE, "", e);
-		}
-	}
-	
-	/**
-	 * {@inheritDoc}
-	 * Explanation: Since this class extends Log4j's Logger class which has a
-	 * {@code getLevel()} method that returns {@code extended by org.apache.log4j.Level},
-	 * we can't simply have a {@code getLevel()} that simply returns an {@code int}.
-	 * Hence we renamed it to {@code getESAPILevel()}.
-	 */
-	public int getESAPILevel() {
-		Level level = super.getLevel();
-    return (level == null ) ? Level.OFF_INT : level.toInt();
-	}
-
-	/**
-	 * Converts the ESAPI logging level (a number) into the levels used by Java's logger.
-	 * @param level The ESAPI to convert.
-	 * @return The Log4J logging Level that is equivalent.
-	 * @throws IllegalArgumentException if the supplied ESAPI level doesn't make a level that is currently defined.
-	 */
-	private static Level convertESAPILeveltoLoggerLevel(int level) {
-		switch (level) {
-		case org.owasp.esapi.Logger.OFF:
-			return Level.OFF;
-		case org.owasp.esapi.Logger.FATAL:
-			return Level.FATAL;
-		case org.owasp.esapi.Logger.ERROR:
-			return Level.ERROR;
-		case org.owasp.esapi.Logger.WARNING:
-			return Level.WARN;
-		case org.owasp.esapi.Logger.INFO:
-			return Level.INFO;
-		case org.owasp.esapi.Logger.DEBUG:
-			return Level.DEBUG; //fine
-		case org.owasp.esapi.Logger.TRACE:
-			return Level.TRACE; //finest
-		case org.owasp.esapi.Logger.ALL:
-			return Level.ALL;
-		default: {
-			throw new IllegalArgumentException("Invalid logging level. Value was: " + level);
-		}
-		}
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void always(EventType type, String message, Throwable throwable) {
-		log(Level.OFF, type, message, throwable);	// Seems like Level.ALL is what we
-													// would want here, but this is what
-													// works. Level.ALL does not.
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void always(EventType type, String message) {
-		always(type, message, null);
-	}
-	
-	/**
-	 * {@inheritDoc}
-	 */
-	public void trace(EventType type, String message, Throwable throwable) {
-		log(Level.TRACE, type, message, throwable);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void trace(EventType type, String message) {
-		log(Level.TRACE, type, message, null);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void debug(EventType type, String message, Throwable throwable) {
-		log(Level.DEBUG, type, message, throwable);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void debug(EventType type, String message) {
-		log(Level.DEBUG, type, message, null);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void info(EventType type, String message) {
-		log(Level.INFO, type, message, null);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void info(EventType type, String message, Throwable throwable) {
-		log(Level.INFO, type, message, throwable);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void warning(EventType type, String message, Throwable throwable) {
-		log(Level.WARN, type, message, throwable);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void warning(EventType type, String message) {
-		log(Level.WARN, type, message, null);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void error(EventType type, String message, Throwable throwable) {
-		log(Level.ERROR, type, message, throwable);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void error(EventType type, String message) {
-		log(Level.ERROR, type, message, null);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void fatal(EventType type, String message, Throwable throwable) {
-		log(Level.FATAL, type, message, throwable);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public void fatal(EventType type, String message) {
-		log(Level.FATAL, type, message, null);
-	}
-
-	/**
-	 * Always log the specified message as a {@code SECURITY_AUDIT} event type.
-	 * 
-	 * @param message	The {@code String} representation of the specified message as
-	 * 					logged by calling the object's {@code toString()} method.
-	 */
-	public void always(Object message) {
-		this.always(message, null);
-	}
-
-	/**
-	 * Always log the specified message as a {@code SECURITY_AUDIT} event type, along
-	 * with its associated exception stack trace (if any).
-	 * 
-	 * @param message	The {@code String} representation of the specified message as
-	 * 					logged by calling the object's {@code toString()} method.
-	 */
-	public void always(Object message, Throwable throwable) {
-		String toLog = (message instanceof String) ? (String) message : message.toString();
-		this.always(org.owasp.esapi.Logger.SECURITY_AUDIT, toLog, throwable);
-	}
-	
-	/**
-	 * {@inheritDoc}
-	 */
-	@Override
-	public void trace(Object message) {
-
-		String toLog = (message instanceof String) ? (String) message : message.toString();
-
-		this.trace(org.owasp.esapi.Logger.EVENT_UNSPECIFIED, toLog);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	@Override
-	public void trace(Object message, Throwable throwable) {
-
-		String toLog = (message instanceof String) ? (String) message : message.toString();
-
-		this.trace(org.owasp.esapi.Logger.EVENT_UNSPECIFIED, toLog, throwable);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	@Override
-	public void debug(Object message) {
-
-		String toLog = (message instanceof String) ? (String) message : message.toString();
-
-		this.debug(org.owasp.esapi.Logger.EVENT_UNSPECIFIED, toLog);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	@Override
-	public void debug(Object message, Throwable throwable) {
-
-		String toLog = (message instanceof String) ? (String) message : message.toString();
-
-		this.debug(org.owasp.esapi.Logger.EVENT_UNSPECIFIED, toLog, throwable);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	@Override
-	public void info(Object message) {
-
-		String toLog = (message instanceof String) ? (String) message : message.toString();
-
-		this.info(org.owasp.esapi.Logger.EVENT_UNSPECIFIED, toLog);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	@Override
-	public void info(Object message, Throwable throwable) {
-
-		String toLog = (message instanceof String) ? (String) message : message.toString();
-
-		this.info(org.owasp.esapi.Logger.EVENT_UNSPECIFIED, toLog, throwable);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	@Override
-	public void warn(Object message) {
-
-		String toLog = (message instanceof String) ? (String) message : message.toString();
-
-		this.warning(org.owasp.esapi.Logger.EVENT_UNSPECIFIED, toLog);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	@Override
-	public void warn(Object message, Throwable throwable) {
-
-		String toLog = (message instanceof String) ? (String) message : message.toString();
-
-		this.warning(org.owasp.esapi.Logger.EVENT_UNSPECIFIED, toLog, throwable);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	@Override
-	public void error(Object message) {
-
-		String toLog = (message instanceof String) ? (String) message : message.toString();
-
-		this.error(org.owasp.esapi.Logger.EVENT_UNSPECIFIED, toLog);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	@Override
-	public void error(Object message, Throwable throwable) {
-
-		String toLog = (message instanceof String) ? (String) message : message.toString();
-
-		this.error(org.owasp.esapi.Logger.EVENT_UNSPECIFIED, toLog, throwable);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	@Override
-	public void fatal(Object message) {
-
-		String toLog = (message instanceof String) ? (String) message : message.toString();
-
-		this.fatal(org.owasp.esapi.Logger.EVENT_UNSPECIFIED, toLog);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	@Override
-	public void fatal(Object message, Throwable throwable) {
-
-		String toLog = (message instanceof String) ? (String) message : message.toString();
-
-		this.fatal(org.owasp.esapi.Logger.EVENT_UNSPECIFIED, toLog, throwable);
-	}
-
-	/**
-	 * Log the message after optionally encoding any special characters that might be dangerous when viewed
-	 * by an HTML based log viewer. Also encode any carriage returns and line feeds to prevent log
-	 * injection attacks. This logs all the supplied parameters plus the user ID, user's source IP, a logging
-	 * specific session ID, and the current date/time.
-	 *
-	 * It will only log the message if the current logging level is enabled, otherwise it will
-	 * discard the message.
-	 *
-	 * @param level defines the set of recognized logging levels (TRACE, INFO, DEBUG, WARNING, ERROR, FATAL)
-	 * @param type the type of the event (SECURITY SUCCESS, SECURITY FAILURE, EVENT SUCCESS, EVENT FAILURE)
-	 * @param message the message to be logged
-	 * @param throwable the {@code Throwable} from which to generate an exception stack trace.
-	 */
-	private void log(Level level, EventType type, String message, Throwable throwable) {
-
-		// Check to see if we need to log.
-		if (!isEnabledFor(level)) {
-			return;
-		}
-
-		// ensure there's something to log
-		if (message == null) {
-			message = "";
-		}
-
-		// ensure no CRLF injection into logs for forging records
-		String clean = message.replace('\n', '_').replace('\r', '_');
-		if (ESAPI.securityConfiguration().getLogEncodingRequired()) {
-			clean = ESAPI.encoder().encodeForHTML(message);
-			if (!message.equals(clean)) {
-				clean += " (Encoded)";
-			}
-		}
-
-		// log server, port, app name, module name -- server:80/app/module
-		StringBuilder appInfo = new StringBuilder();
-		if (ESAPI.currentRequest() != null && logServerIP) {
-			appInfo.append(ESAPI.currentRequest().getLocalAddr()).append(":").append(ESAPI.currentRequest().getLocalPort());
-		}
-		if (logAppName) {
-			appInfo.append("/").append(applicationName);
-		}
-		appInfo.append("/").append(getName());
-
-		//get the type text if it exists
-		String typeInfo = "";
-		if (type != null) {
-			typeInfo += type + " ";
-		}
-
-		// log the message
-		// Fix for https://code.google.com/p/owasp-esapi-java/issues/detail?id=268
-		// need to pass callerFQCN so the log is not generated as if it were always generated from this wrapper class
-		log(Log4JLogger.class.getName(), level, "[" + typeInfo + getUserInfo() + " -> " + appInfo + "] " + clean, throwable);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	@Override
-	public boolean isDebugEnabled() {
-		return isEnabledFor(Level.DEBUG);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public boolean isErrorEnabled() {
-		return isEnabledFor(Level.ERROR);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public boolean isFatalEnabled() {
-		return isEnabledFor(Level.FATAL);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	@Override
-	public boolean isInfoEnabled() {
-		return isEnabledFor(Level.INFO);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	@Override
-	public boolean isTraceEnabled() {
-		return isEnabledFor(Level.TRACE);
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	public boolean isWarningEnabled() {
-		return isEnabledFor(Level.WARN);
-	}
-
-	public String getUserInfo() {
-		// create a random session number for the user to represent the user's 'session', if it doesn't exist already
-		String sid = null;
-		HttpServletRequest request = ESAPI.httpUtilities().getCurrentRequest();
-		if (request != null) {
-			HttpSession session = request.getSession(false);
-			if (session != null) {
-				sid = (String) session.getAttribute("ESAPI_SESSION");
-				// if there is no session ID for the user yet, we create one and store it in the user's session
-				if (sid == null) {
-					sid = "" + ESAPI.randomizer().getRandomInteger(0, 1000000);
-					session.setAttribute("ESAPI_SESSION", sid);
-				}
-			}
-		}
-
-		// log user information - username:session@ipaddr
-		User user = ESAPI.authenticator().getCurrentUser();
-		String userInfo = "";
-		//TODO - make type logging configurable
-		if (user != null) {
-			userInfo += user.getAccountName() + ":" + sid + "@" + user.getLastHostAddress();
-		}
-
-		return userInfo;
-	}
-	
-}
\ No newline at end of file
diff --git a/src/main/java/org/owasp/esapi/reference/Log4JLoggerFactory.java b/src/main/java/org/owasp/esapi/reference/Log4JLoggerFactory.java
deleted file mode 100644
index f5a671380..000000000
--- a/src/main/java/org/owasp/esapi/reference/Log4JLoggerFactory.java
+++ /dev/null
@@ -1,47 +0,0 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- *
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- *
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- *
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference;
-
-import org.apache.log4j.spi.LoggerFactory;
-
-/**
- * Implementation of the LoggerFactory interface. This implementation has been 
- * overridden to return instances of org.owasp.esapi.reference.Log4JLogger.
- *
- * @author August Detlefsen (augustd at codemagi dot com)
- *         <a href="http://www.codemagi.com">CodeMagi, Inc.</a>
- * @since October 15, 2010
- * @see org.owasp.esapi.reference.Log4JLogFactory
- * @see org.owasp.esapi.reference.Log4JLogger
- */
-public class Log4JLoggerFactory implements LoggerFactory {
-
-	/**
-	 * This constructor must be public so it can be accessed from within log4j
-	 */
-	public Log4JLoggerFactory() {}
-
-	/**
-	 * Overridden to return instances of org.owasp.esapi.reference.Log4JLogger.
-	 * 
-	 * @param name The class name to return a logger for.
-	 * @return org.owasp.esapi.reference.Log4JLogger
-	 */
-	public org.apache.log4j.Logger makeNewLoggerInstance(String name) {
-		return new Log4JLogger(name);
-	}
-	
-}
diff --git a/src/test/java/org/owasp/esapi/reference/Log4JLoggerTest.java b/src/test/java/org/owasp/esapi/reference/Log4JLoggerTest.java
deleted file mode 100644
index 3765170a4..000000000
--- a/src/test/java/org/owasp/esapi/reference/Log4JLoggerTest.java
+++ /dev/null
@@ -1,500 +0,0 @@
-/**
- * OWASP Enterprise Security API (ESAPI)
- * 
- * This file is part of the Open Web Application Security Project (OWASP)
- * Enterprise Security API (ESAPI) project. For details, please see
- * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
- *
- * Copyright (c) 2007 - The OWASP Foundation
- * 
- * The ESAPI is published by OWASP under the BSD license. You should read and accept the
- * LICENSE before you use, modify, and/or redistribute this software.
- * 
- * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
- * @created 2007
- */
-package org.owasp.esapi.reference;
-
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
-import org.apache.log4j.Appender;
-import org.apache.log4j.Layout;
-import org.apache.log4j.WriterAppender;
-import org.apache.log4j.spi.LoggingEvent;
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.Logger;
-import org.owasp.esapi.errors.AuthenticationException;
-import org.owasp.esapi.errors.ValidationException;
-import org.owasp.esapi.http.MockHttpServletRequest;
-import org.owasp.esapi.http.MockHttpServletResponse;
-
-import java.io.IOException;
-import java.io.StringWriter;
-import java.util.Arrays;
-
-/**
- * The Class LoggerTest.
- * 
- * @author Jeff Williams (jeff.williams@aspectsecurity.com)
- * @author August Detlefsen (augustd at codemagi dot com) <a href="http://www.codemagi.com">CodeMagi, Inc.</a>
- */
-public class Log4JLoggerTest extends TestCase {
-	private static int testCount = 0;
-	
-	private static Logger testLogger = null;
-
-	//a logger for explicit tests of log4j logging methods
-	private static Log4JLogger log4JLogger = null;
-
-    /**
-	 * Instantiates a new logger test.
-	 * 
-	 * @param testName the test name
-	 */
-    public Log4JLoggerTest(String testName) {
-        super(testName);
-    }
-
-    /**
-     * {@inheritDoc}
-     * @throws Exception
-     */
-    protected void setUp() throws Exception {
-		//override default log configuration in ESAPI.properties to use Log4JLogFactory
-        UnitTestSecurityConfiguration tmpConfig = new UnitTestSecurityConfiguration((DefaultSecurityConfiguration) ESAPI.securityConfiguration());
-        tmpConfig.setLogImplementation( Log4JLogFactory.class.getName() );
-        ESAPI.override(tmpConfig);
-
-    	//This ensures a clean logger between tests
-    	testLogger = ESAPI.getLogger( "test ExampleExtendedLog4JLogFactory: " + testCount++ );
-    	System.out.println("Test ExampleExtendedLog4JLogFactory logger: " + testLogger);
-
-		//declare this one as Log4JLogger to be able to use Log4J logging methods
-		log4JLogger = (Log4JLogger)ESAPI.getLogger( "test Log4JLogFactory: " + testCount);
-		System.out.println("Test Log4JLogFactory logger: " + log4JLogger);
-
-    }
-
-    /**
-     * {@inheritDoc}
-     * @throws Exception
-     */
-    protected void tearDown() throws Exception {
-    	//this helps, with garbage collection
-    	testLogger = null;
-		log4JLogger = null;
-
-		ESAPI.override(null);
-	}
-
-    /**
-	 * Suite.
-	 * 
-	 * @return the test
-	 */
-    public static Test suite() {
-        TestSuite suite = new TestSuite(Log4JLoggerTest.class);    
-        return suite;
-    }
-    
-    /**
-     * Test of logHTTPRequest method, of class org.owasp.esapi.Logger.
-     * 
-     * @throws ValidationException
-     *             the validation exception
-     * @throws IOException
-     *             Signals that an I/O exception has occurred.
-     * @throws AuthenticationException
-     *             the authentication exception
-     */
-    public void testLogHTTPRequest() throws ValidationException, IOException, AuthenticationException {
-        System.out.println("logHTTPRequest");
-        String[] ignore = {"password","ssn","ccn"};
-        MockHttpServletRequest request = new MockHttpServletRequest();
-        MockHttpServletResponse response = new MockHttpServletResponse();
-        ESAPI.httpUtilities().setCurrentHTTP(request, response);
-        Logger logger = ESAPI.getLogger("logger");
-        ESAPI.httpUtilities().logHTTPRequest( request, logger, Arrays.asList(ignore) );
-        request.addParameter("one","one");
-        request.addParameter("two","two1");
-        request.addParameter("two","two2");
-        request.addParameter("password","jwilliams");
-        ESAPI.httpUtilities().logHTTPRequest( request, logger, Arrays.asList(ignore) );
-    } 
-    
-    
-    /**
-     * Test of setLevel method of the inner class org.owasp.esapi.reference.JavaLogger that is defined in 
-     * org.owasp.esapi.logging.java.JavaLogFactory.
-     */
-    public void testSetLevel() {
-        System.out.println("setLevel");
-        
-        // The following tests that the default logging level is set to WARNING. Since the default might be changed
-        // in the ESAPI security configuration file, these are commented out.
-//       	assertTrue(testLogger.isWarningEnabled());
-//       	assertFalse(testLogger.isInfoEnabled());
-
-        // First, test all the different logging levels
-        testLogger.setLevel( Logger.ALL );
-    	assertTrue(testLogger.isFatalEnabled());
-       	assertTrue(testLogger.isErrorEnabled());
-       	assertTrue(testLogger.isWarningEnabled());
-       	assertTrue(testLogger.isInfoEnabled());
-       	assertTrue(testLogger.isDebugEnabled());
-       	assertTrue(testLogger.isTraceEnabled());
-
-       	testLogger.setLevel( Logger.TRACE );
-    	assertTrue(testLogger.isFatalEnabled());
-       	assertTrue(testLogger.isErrorEnabled());
-       	assertTrue(testLogger.isWarningEnabled());
-       	assertTrue(testLogger.isInfoEnabled());
-       	assertTrue(testLogger.isDebugEnabled());
-       	assertTrue(testLogger.isTraceEnabled());
-
-       	testLogger.setLevel( Logger.DEBUG );
-    	assertTrue(testLogger.isFatalEnabled());
-       	assertTrue(testLogger.isErrorEnabled());
-       	assertTrue(testLogger.isWarningEnabled());
-       	assertTrue(testLogger.isInfoEnabled());
-       	assertTrue(testLogger.isDebugEnabled());
-       	assertFalse(testLogger.isTraceEnabled());
-       	
-       	testLogger.setLevel( Logger.INFO );
-    	assertTrue(testLogger.isFatalEnabled());
-       	assertTrue(testLogger.isErrorEnabled());
-       	assertTrue(testLogger.isWarningEnabled());
-       	assertTrue(testLogger.isInfoEnabled());
-       	assertFalse(testLogger.isDebugEnabled());
-       	assertFalse(testLogger.isTraceEnabled());
-       	
-       	testLogger.setLevel( Logger.WARNING );
-    	assertTrue(testLogger.isFatalEnabled());
-       	assertTrue(testLogger.isErrorEnabled());
-       	assertTrue(testLogger.isWarningEnabled());
-       	assertFalse(testLogger.isInfoEnabled());
-       	assertFalse(testLogger.isDebugEnabled());
-       	assertFalse(testLogger.isTraceEnabled());
-       	
-       	testLogger.setLevel( Logger.ERROR );
-    	assertTrue(testLogger.isFatalEnabled());
-       	assertTrue(testLogger.isErrorEnabled());
-       	assertFalse(testLogger.isWarningEnabled());
-       	assertFalse(testLogger.isInfoEnabled());
-       	assertFalse(testLogger.isDebugEnabled());
-       	assertFalse(testLogger.isTraceEnabled());
-       	
-       	testLogger.setLevel( Logger.FATAL );
-    	assertTrue(testLogger.isFatalEnabled());
-       	assertFalse(testLogger.isErrorEnabled());
-       	assertFalse(testLogger.isWarningEnabled());
-       	assertFalse(testLogger.isInfoEnabled());
-       	assertFalse(testLogger.isDebugEnabled());
-       	assertFalse(testLogger.isTraceEnabled());
-       	
-       	testLogger.setLevel( Logger.OFF );
-    	assertFalse(testLogger.isFatalEnabled());
-       	assertFalse(testLogger.isErrorEnabled());
-       	assertFalse(testLogger.isWarningEnabled());
-       	assertFalse(testLogger.isInfoEnabled());
-       	assertFalse(testLogger.isDebugEnabled());
-       	assertFalse(testLogger.isTraceEnabled());
-       	
-       	//Now test to see if a change to the logging level in one log affects other logs
-       	Logger newLogger = ESAPI.getLogger( "test_num2" );
-       	testLogger.setLevel( Logger.OFF );
-       	newLogger.setLevel( Logger.INFO );
-    	assertFalse(testLogger.isFatalEnabled());
-       	assertFalse(testLogger.isErrorEnabled());
-       	assertFalse(testLogger.isWarningEnabled());
-       	assertFalse(testLogger.isInfoEnabled());
-       	assertFalse(testLogger.isDebugEnabled());
-       	assertFalse(testLogger.isTraceEnabled());
-       	
-       	assertTrue(newLogger.isFatalEnabled());
-       	assertTrue(newLogger.isErrorEnabled());
-       	assertTrue(newLogger.isWarningEnabled());
-       	assertTrue(newLogger.isInfoEnabled());
-       	assertFalse(newLogger.isDebugEnabled());
-       	assertFalse(newLogger.isTraceEnabled());
-    }
-
-	/**
-	 * test of loggers without setting explicit log levels
-	 * (log levels set from log4j.xml configuration)
-	 */
-	public void testLogLevels() {
-
-		Logger traceLogger			= ESAPI.getLogger("org.owasp.esapi.reference.TestTrace");
-		Logger debugLogger			= ESAPI.getLogger("org.owasp.esapi.reference.TestDebug");
-		Logger infoLogger			= ESAPI.getLogger("org.owasp.esapi.reference.TestInfo");
-		Logger errorLogger			= ESAPI.getLogger("org.owasp.esapi.reference.TestError");
-		Logger warningLogger		= ESAPI.getLogger("org.owasp.esapi.reference.TestWarning");
-		Logger fatalLogger			= ESAPI.getLogger("org.owasp.esapi.reference.TestFatal");
-		Logger unspecifiedLogger	= ESAPI.getLogger("org.owasp.esapi.reference");  //should use package-wide log level configuration (info)
-
-
-		//traceLogger - all log levels should be enabled
-		assertTrue(traceLogger.isTraceEnabled());
-		assertTrue(traceLogger.isDebugEnabled());
-		assertTrue(traceLogger.isInfoEnabled());
-		assertTrue(traceLogger.isWarningEnabled());
-		assertTrue(traceLogger.isErrorEnabled());
-		assertTrue(traceLogger.isFatalEnabled());
-
-		//debugLogger - all log levels should be enabled EXCEPT trace
-		assertFalse(debugLogger.isTraceEnabled());
-		assertTrue(debugLogger.isDebugEnabled());
-		assertTrue(debugLogger.isInfoEnabled());
-		assertTrue(debugLogger.isWarningEnabled());
-		assertTrue(debugLogger.isErrorEnabled());
-		assertTrue(debugLogger.isFatalEnabled());
-
-		//infoLogger - all log levels should be enabled EXCEPT trace and debug
-		assertFalse(infoLogger.isTraceEnabled());
-		assertFalse(infoLogger.isDebugEnabled());
-		assertTrue(infoLogger.isInfoEnabled());
-		assertTrue(infoLogger.isWarningEnabled());
-		assertTrue(infoLogger.isErrorEnabled());
-		assertTrue(infoLogger.isFatalEnabled());
-
-		//warningLogger - all log levels should be enabled EXCEPT etc.
-		assertFalse(warningLogger.isTraceEnabled());
-		assertFalse(warningLogger.isDebugEnabled());
-		assertFalse(warningLogger.isInfoEnabled());
-		assertTrue(warningLogger.isWarningEnabled());
-		assertTrue(warningLogger.isErrorEnabled());
-		assertTrue(warningLogger.isFatalEnabled());
-
-		//errorLogger - all log levels should be enabled EXCEPT etc.
-		assertFalse(errorLogger.isTraceEnabled());
-		assertFalse(errorLogger.isDebugEnabled());
-		assertFalse(errorLogger.isInfoEnabled());
-		assertFalse(errorLogger.isWarningEnabled());
-		assertTrue(errorLogger.isErrorEnabled());
-		assertTrue(errorLogger.isFatalEnabled());
-
-		//fatalLogger - all log levels should be enabled EXCEPT etc.
-		assertFalse(fatalLogger.isTraceEnabled());
-		assertFalse(fatalLogger.isDebugEnabled());
-		assertFalse(fatalLogger.isInfoEnabled());
-		assertFalse(fatalLogger.isWarningEnabled());
-		assertFalse(fatalLogger.isErrorEnabled());
-		assertTrue(fatalLogger.isFatalEnabled());
-
-		//unspecifiedLogger - all log levels should be enabled EXCEPT trace and debug
-		assertFalse(unspecifiedLogger.isTraceEnabled());
-		assertFalse(unspecifiedLogger.isDebugEnabled());
-		assertTrue(unspecifiedLogger.isInfoEnabled());
-		assertTrue(unspecifiedLogger.isWarningEnabled());
-		assertTrue(unspecifiedLogger.isErrorEnabled());
-		assertTrue(unspecifiedLogger.isFatalEnabled());
-	}
-
-	/**
-	 * test of loggers without setting explicit log levels
-	 * (log levels set from log4j.xml configuration)
-	 */
-	public void testLogLevelsWithClass() {
-
-		Logger traceLogger			= ESAPI.getLogger(TestTrace.class);
-		Logger debugLogger			= ESAPI.getLogger(TestDebug.class);
-		Logger infoLogger			= ESAPI.getLogger(TestInfo.class);
-		Logger errorLogger			= ESAPI.getLogger(TestError.class);
-		Logger warningLogger		= ESAPI.getLogger(TestWarning.class);
-		Logger fatalLogger			= ESAPI.getLogger(TestFatal.class);
-		Logger unspecifiedLogger	= ESAPI.getLogger(TestUnspecified.class);  //should use package-wide log level configuration (info)
-
-		//traceLogger - all log levels should be enabled
-		assertTrue(traceLogger.isTraceEnabled());
-		assertTrue(traceLogger.isDebugEnabled());
-		assertTrue(traceLogger.isInfoEnabled());
-		assertTrue(traceLogger.isWarningEnabled());
-		assertTrue(traceLogger.isErrorEnabled());
-		assertTrue(traceLogger.isFatalEnabled());
-
-		//debugLogger - all log levels should be enabled EXCEPT trace
-		assertFalse(debugLogger.isTraceEnabled());
-		assertTrue(debugLogger.isDebugEnabled());
-		assertTrue(debugLogger.isInfoEnabled());
-		assertTrue(debugLogger.isWarningEnabled());
-		assertTrue(debugLogger.isErrorEnabled());
-		assertTrue(debugLogger.isFatalEnabled());
-
-		//infoLogger - all log levels should be enabled EXCEPT trace and debug
-		assertFalse(infoLogger.isTraceEnabled());
-		assertFalse(infoLogger.isDebugEnabled());
-		assertTrue(infoLogger.isInfoEnabled());
-		assertTrue(infoLogger.isWarningEnabled());
-		assertTrue(infoLogger.isErrorEnabled());
-		assertTrue(infoLogger.isFatalEnabled());
-
-		//warningLogger - all log levels should be enabled EXCEPT etc.
-		assertFalse(warningLogger.isTraceEnabled());
-		assertFalse(warningLogger.isDebugEnabled());
-		assertFalse(warningLogger.isInfoEnabled());
-		assertTrue(warningLogger.isWarningEnabled());
-		assertTrue(warningLogger.isErrorEnabled());
-		assertTrue(warningLogger.isFatalEnabled());
-
-		//errorLogger - all log levels should be enabled EXCEPT etc.
-		assertFalse(errorLogger.isTraceEnabled());
-		assertFalse(errorLogger.isDebugEnabled());
-		assertFalse(errorLogger.isInfoEnabled());
-		assertFalse(errorLogger.isWarningEnabled());
-		assertTrue(errorLogger.isErrorEnabled());
-		assertTrue(errorLogger.isFatalEnabled());
-
-		//fatalLogger - all log levels should be enabled EXCEPT etc.
-		assertFalse(fatalLogger.isTraceEnabled());
-		assertFalse(fatalLogger.isDebugEnabled());
-		assertFalse(fatalLogger.isInfoEnabled());
-		assertFalse(fatalLogger.isWarningEnabled());
-		assertFalse(fatalLogger.isErrorEnabled());
-		assertTrue(fatalLogger.isFatalEnabled());
-
-		//unspecifiedLogger - all log levels should be enabled EXCEPT trace and debug
-		assertFalse(unspecifiedLogger.isTraceEnabled());
-		assertFalse(unspecifiedLogger.isDebugEnabled());
-		assertTrue(unspecifiedLogger.isInfoEnabled());
-		assertTrue(unspecifiedLogger.isWarningEnabled());
-		assertTrue(unspecifiedLogger.isErrorEnabled());
-		assertTrue(unspecifiedLogger.isFatalEnabled());
-	}
-
-    /**
-	 * Test of info method, of class org.owasp.esapi.Logger.
-	 */
-    public void testInfo() {
-        System.out.println("info");
-        testLogger.info(Logger.SECURITY_SUCCESS, "test message" );
-        testLogger.info(Logger.SECURITY_SUCCESS, "test message", null );
-        testLogger.info(Logger.SECURITY_SUCCESS, "%3escript%3f test message", null );
-        testLogger.info(Logger.SECURITY_SUCCESS, "<script> test message", null );
-
-        log4JLogger.info("test message" );
-        log4JLogger.info("test message", null );
-        log4JLogger.info("%3escript%3f test message", null );
-        log4JLogger.info("<script> test message", null );
-
-        log4JLogger.info(Logger.SECURITY_SUCCESS, "test message" );
-        log4JLogger.info(Logger.SECURITY_SUCCESS, "test message", null );
-        log4JLogger.info(Logger.SECURITY_SUCCESS, "%3escript%3f test message", null );
-        log4JLogger.info(Logger.SECURITY_SUCCESS, "<script> test message", null );
-	}
-
-    /**
-	 * Test of trace method, of class org.owasp.esapi.Logger.
-	 */
-    public void testTrace() {
-        System.out.println("trace");
-        testLogger.trace(Logger.SECURITY_SUCCESS, "test message trace" );
-        testLogger.trace(Logger.SECURITY_SUCCESS, "test message trace", null );
-
-        log4JLogger.trace("test message trace" );
-        log4JLogger.trace("test message trace", null );
-	}
-
-    /**
-	 * Test of debug method, of class org.owasp.esapi.Logger.
-	 */
-    public void testDebug() {
-        System.out.println("debug");
-        testLogger.debug(Logger.SECURITY_SUCCESS, "test message debug" );
-        testLogger.debug(Logger.SECURITY_SUCCESS, "test message debug", null );
-
-	    log4JLogger.debug("test message debug" );
-		log4JLogger.debug("test message debug", null );
-	}
-
-    /**
-	 * Test of error method, of class org.owasp.esapi.Logger.
-	 */
-    public void testError() {
-        System.out.println("error");
-        testLogger.error(Logger.SECURITY_SUCCESS, "test message error" );
-        testLogger.error(Logger.SECURITY_SUCCESS, "test message error", null );
-
-	    log4JLogger.error("test message error" );
-		log4JLogger.error("test message error", null );
-	}
-
-    /**
-	 * Test of warning method, of class org.owasp.esapi.Logger.
-	 */
-    public void testWarning() {
-        System.out.println("warning");
-        testLogger.warning(Logger.SECURITY_SUCCESS, "test message warning" );
-        testLogger.warning(Logger.SECURITY_SUCCESS, "test message warning", null );
-
-	    log4JLogger.warn("test message warning" );
-		log4JLogger.warn("test message warning", null );
-    }
-
-    /**
-	 * Test of fatal method, of class org.owasp.esapi.Logger.
-	 */
-    public void testFatal() {
-        System.out.println("fatal");
-        testLogger.fatal(Logger.SECURITY_SUCCESS, "test message fatal" );
-        testLogger.fatal(Logger.SECURITY_SUCCESS, "test message fatal", null );
-
-	    log4JLogger.fatal("test message fatal" );
-		log4JLogger.fatal("test message fatal", null );    
-	}
-    
-    /**
-     * Test of always method, of class org.owasp.esapi.Logger.
-     */
-    public void testAlways() {
-        System.out.println("always");
-        testLogger.always(Logger.SECURITY_SUCCESS, "test message always 1 (SECURITY_SUCCESS)" );
-        testLogger.always(Logger.SECURITY_AUDIT, "test message always 2 (SECURITY_AUDIT)", null );
-
-	    log4JLogger.always("test message always 3" );
-		log4JLogger.always("test message always 4", null );
-
-        try {
-        	throw new RuntimeException("What? You call that a 'throw'??? You couldn't hit the " +
-        							   "broad side of a barn (assuming that barns wore bras).");
-        } catch(RuntimeException rtex) {
-            testLogger.always(Logger.SECURITY_AUDIT, "test message always 5", rtex );
-            log4JLogger.always("test message always 6", rtex);
-        }
-	}
-
-	/**
-	 * Validation for issue: https://code.google.com/p/owasp-esapi-java/issues/detail?id=268
-	 * Line number must be the line of the caller and not of the wrapper.
-	 */
-	public void testLine() {
-		final String message = "testing only";
-		StringWriter sw = new StringWriter();
-		Layout layout = new Layout() {
-			@Override
-			public String format(LoggingEvent event) {
-				assertEquals("the calling class is this test class", Log4JLoggerTest.class.getName(),event.getLocationInformation().getClassName());
-				return message;
-			}
-
-			@Override
-			public boolean ignoresThrowable() {
-				return false;
-			}
-
-			@Override
-			public void activateOptions() {
-
-			}
-		};
-		Appender appender = new WriterAppender(layout, sw);
-		log4JLogger.addAppender(appender);
-		try {
-			log4JLogger.fatal("testLine");
-			assertEquals("message not generated as expected", message, sw.toString());
-		} finally {
-			log4JLogger.removeAppender(appender);
-		}
-	}
-}

From 87c5310f7f1b92d333a2773985d73a661077449e Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Tue, 10 Dec 2019 18:52:09 -0600
Subject: [PATCH 628/812] JavaLogFactory Side Effect Management

System err is changed to a null impl in the test. Updating to restore the
original value.
---
 .../org/owasp/esapi/logging/java/JavaLogFactoryTest.java     | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/test/java/org/owasp/esapi/logging/java/JavaLogFactoryTest.java b/src/test/java/org/owasp/esapi/logging/java/JavaLogFactoryTest.java
index a8988cd91..efd5278dd 100644
--- a/src/test/java/org/owasp/esapi/logging/java/JavaLogFactoryTest.java
+++ b/src/test/java/org/owasp/esapi/logging/java/JavaLogFactoryTest.java
@@ -67,7 +67,7 @@ public void write(int b) throws IOException {
 		};
 		
 		ArgumentCaptor<Object> stdErrOut = ArgumentCaptor.forClass(Object.class);
-		
+		PrintStream orig = System.err;
 		try (PrintStream errPrinter = new PrintStream(nullOutputStream)) {
 			PrintStream spyPrinter = PowerMockito.spy(errPrinter);
 			Mockito.doCallRealMethod().when(spyPrinter).print(stdErrOut.capture());
@@ -80,7 +80,10 @@ public void write(int b) throws IOException {
 			IOException actual = (IOException) writeData;
 			assertEquals(originException, actual.getCause());
 			assertEquals("Failed to load esapi-java-logging.properties.", actual.getMessage());
+		} finally {
+			System.setErr(orig);
 		}
+		
 	}
 
     @Test

From dee6b5282f4705223b9c858eef7d6537b024b103 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Tue, 10 Dec 2019 18:54:05 -0600
Subject: [PATCH 629/812] Intermittent Test Failure Cleanup

The property manager and property loader tests were altering system
properties used to initialize common resources. The original values were
not restored, and I was having test failures from the system being unable
to resolve the values configured for the tests.

I have added static BeforeAll and AfterAll blocks to the three tests to
capture the original property state before the test runs, and to put it
back after all tests are finished.
---
 .../EsapiPropertyManagerTest.java             | 62 ++++++++++++-------
 .../StandardEsapiPropertyLoaderTest.java      | 18 ++++++
 .../XmlEsapiPropertyLoaderTest.java           | 17 +++++
 3 files changed, 76 insertions(+), 21 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/configuration/EsapiPropertyManagerTest.java b/src/test/java/org/owasp/esapi/configuration/EsapiPropertyManagerTest.java
index 6fb1c0abf..b8aa15609 100644
--- a/src/test/java/org/owasp/esapi/configuration/EsapiPropertyManagerTest.java
+++ b/src/test/java/org/owasp/esapi/configuration/EsapiPropertyManagerTest.java
@@ -1,17 +1,22 @@
 package org.owasp.esapi.configuration;
 
+import static junit.framework.Assert.assertEquals;
+import static junit.framework.Assert.assertNotNull;
+import static junit.framework.Assert.assertNotSame;
+import static junit.framework.Assert.fail;
+
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+
+import org.junit.AfterClass;
 import org.junit.Before;
+import org.junit.BeforeClass;
 import org.junit.Test;
 import org.owasp.esapi.ESAPI;
 import org.owasp.esapi.configuration.consts.EsapiConfiguration;
 import org.owasp.esapi.errors.ConfigurationException;
 
-import java.io.File;
-import java.io.IOException;
-import java.io.FileNotFoundException;
-
-import static junit.framework.Assert.*;
-
 public class EsapiPropertyManagerTest {
 
     private static String propFilename1;
@@ -21,7 +26,22 @@ public class EsapiPropertyManagerTest {
     private static final String noSuchFile = "/invalidDir/noSubDir/nosuchFile.xml";
 
     private EsapiPropertyManager testPropertyManager;
+    private static String DEVTEAM_CFG = "";
+    private static String OPSTEAM_CFG = "";
 
+    @BeforeClass
+    public static void captureEsapiConfigurations() {
+    	DEVTEAM_CFG = System.getProperty(EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName(),"");
+    	OPSTEAM_CFG = System.getProperty(EsapiConfiguration.OPSTEAM_ESAPI_CFG.getConfigName(),"");
+    }
+    
+    @AfterClass
+    public static void restoreEsapiConfigurations() {
+    	 System.setProperty(EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName(), DEVTEAM_CFG);
+         System.setProperty(EsapiConfiguration.OPSTEAM_ESAPI_CFG.getConfigName(), OPSTEAM_CFG);
+    }
+
+    
     @Before
     public void init() {
         System.setProperty(EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName(), "");
@@ -402,20 +422,20 @@ public void testByteArrayPropertyNotFoundByLoaderAndThrowException() {
 
     @Test
     public void testExpectFileNotFoundException() {
-        // given
-        System.setProperty(EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName(), noSuchFile);
-
-        // when
-        try {
-            testPropertyManager = new EsapiPropertyManager();
-        } catch (IOException e) {
-            if ( e instanceof FileNotFoundException ) {
-                return;
-            } else {
-                fail("testExpectFileNotFoundException(): Was expecting FileNotFoundException for IOException. Exception:" + e);
-            }
-        }
-        
-        fail("Did not throw expected IOException for property file " + noSuchFile);
+    	// given
+    	System.setProperty(EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName(), noSuchFile);
+
+    	// when
+    	try {
+    		testPropertyManager = new EsapiPropertyManager();
+    	} catch (IOException e) {
+    		if ( e instanceof FileNotFoundException ) {
+    			return;
+    		} else {
+    			fail("testExpectFileNotFoundException(): Was expecting FileNotFoundException for IOException. Exception:" + e);
+    		}
+    	}
+
+    	fail("Did not throw expected IOException for property file " + noSuchFile);
     }
 }
diff --git a/src/test/java/org/owasp/esapi/configuration/StandardEsapiPropertyLoaderTest.java b/src/test/java/org/owasp/esapi/configuration/StandardEsapiPropertyLoaderTest.java
index c07f4e305..da2083520 100644
--- a/src/test/java/org/owasp/esapi/configuration/StandardEsapiPropertyLoaderTest.java
+++ b/src/test/java/org/owasp/esapi/configuration/StandardEsapiPropertyLoaderTest.java
@@ -1,7 +1,9 @@
 package org.owasp.esapi.configuration;
 
 
+import org.junit.AfterClass;
 import org.junit.Before;
+import org.junit.BeforeClass;
 import org.junit.Test;
 import org.owasp.esapi.ESAPI;
 import org.owasp.esapi.configuration.consts.EsapiConfiguration;
@@ -19,6 +21,22 @@ public class StandardEsapiPropertyLoaderTest {
 
     private StandardEsapiPropertyLoader testPropertyLoader;
 
+    private static String DEVTEAM_CFG = "";
+    private static String OPSTEAM_CFG = "";
+
+    @BeforeClass
+    public static void captureEsapiConfigurations() {
+    	DEVTEAM_CFG = System.getProperty(EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName(),"");
+    	OPSTEAM_CFG = System.getProperty(EsapiConfiguration.OPSTEAM_ESAPI_CFG.getConfigName(),"");
+    }
+    
+    @AfterClass
+    public static void restoreEsapiConfigurations() {
+    	 System.setProperty(EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName(), DEVTEAM_CFG);
+         System.setProperty(EsapiConfiguration.OPSTEAM_ESAPI_CFG.getConfigName(), OPSTEAM_CFG);
+    }
+
+    
     @Before
     public void init() {
         System.setProperty(EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName(), "");
diff --git a/src/test/java/org/owasp/esapi/configuration/XmlEsapiPropertyLoaderTest.java b/src/test/java/org/owasp/esapi/configuration/XmlEsapiPropertyLoaderTest.java
index 2f1a618ec..472f872db 100644
--- a/src/test/java/org/owasp/esapi/configuration/XmlEsapiPropertyLoaderTest.java
+++ b/src/test/java/org/owasp/esapi/configuration/XmlEsapiPropertyLoaderTest.java
@@ -1,6 +1,8 @@
 package org.owasp.esapi.configuration;
 
+import org.junit.AfterClass;
 import org.junit.Before;
+import org.junit.BeforeClass;
 import org.junit.Test;
 import org.owasp.esapi.ESAPI;
 import org.owasp.esapi.configuration.consts.EsapiConfiguration;
@@ -18,6 +20,21 @@ public class XmlEsapiPropertyLoaderTest {
 
     private XmlEsapiPropertyLoader testPropertyLoader;
 
+    private static String DEVTEAM_CFG = "";
+    private static String OPSTEAM_CFG = "";
+
+    @BeforeClass
+    public static void captureEsapiConfigurations() {
+    	DEVTEAM_CFG = System.getProperty(EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName(),"");
+    	OPSTEAM_CFG = System.getProperty(EsapiConfiguration.OPSTEAM_ESAPI_CFG.getConfigName(),"");
+    }
+    
+    @AfterClass
+    public static void restoreEsapiConfigurations() {
+    	 System.setProperty(EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName(), DEVTEAM_CFG);
+         System.setProperty(EsapiConfiguration.OPSTEAM_ESAPI_CFG.getConfigName(), OPSTEAM_CFG);
+    }
+
     @Before
     public void init() {
         System.setProperty(EsapiConfiguration.DEVTEAM_ESAPI_CFG.getConfigName(), "");

From 46246e99b54f64e83612c8bdbdb23bda077d4ab4 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Tue, 10 Dec 2019 19:01:27 -0600
Subject: [PATCH 630/812] Null Handling for EventType Supplier

Applicable to the Log4JLoggerFactory (SPI), in order for the API to remain
consistent the implementation needs to allow for null EventType
references.
---
 .../esapi/logging/appender/EventTypeLogSupplier.java      | 2 +-
 .../esapi/logging/appender/EventTypeLogSupplierTest.java  | 8 ++++++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/main/java/org/owasp/esapi/logging/appender/EventTypeLogSupplier.java b/src/main/java/org/owasp/esapi/logging/appender/EventTypeLogSupplier.java
index 020b15f8b..2780550ec 100644
--- a/src/main/java/org/owasp/esapi/logging/appender/EventTypeLogSupplier.java
+++ b/src/main/java/org/owasp/esapi/logging/appender/EventTypeLogSupplier.java
@@ -39,6 +39,6 @@ public EventTypeLogSupplier(EventType evtyp) {
 
 	@Override
 	public String get() {
-		return eventType.toString();
+		return eventType == null ? "" : eventType.toString();
 	}
 }
diff --git a/src/test/java/org/owasp/esapi/logging/appender/EventTypeLogSupplierTest.java b/src/test/java/org/owasp/esapi/logging/appender/EventTypeLogSupplierTest.java
index 0aa6c02b8..c81204d1e 100644
--- a/src/test/java/org/owasp/esapi/logging/appender/EventTypeLogSupplierTest.java
+++ b/src/test/java/org/owasp/esapi/logging/appender/EventTypeLogSupplierTest.java
@@ -15,4 +15,12 @@ public void testEventTypeLog() {
 		
 		assertEquals(eventType.toString(), supplier.get());
 	}
+	
+	@Test
+	public void testNullEventTypeLog() {
+		
+		EventTypeLogSupplier supplier = new EventTypeLogSupplier(null);
+		
+		assertEquals("", supplier.get());
+	}
 }

From 1602bb2c880c0603e3bb26ad561c44858d07bf1b Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Tue, 10 Dec 2019 19:03:21 -0600
Subject: [PATCH 631/812] Log4J reference updates

Updating references from org.owasp.esapi.reference.Log4J* to
org.owasp.esapi.logging.log4j.*
---
 configuration/esapi/ESAPI.properties                          | 2 +-
 configuration/log4j.xml                                       | 2 +-
 .../esapi/ESAPI-CommaValidatorFileChecker.properties          | 2 +-
 .../resources/esapi/ESAPI-DualValidatorFileChecker.properties | 2 +-
 .../esapi/ESAPI-QuotedValidatorFileChecker.properties         | 2 +-
 .../esapi/ESAPI-SingleValidatorFileChecker.properties         | 2 +-
 src/test/resources/esapi/ESAPI.properties                     | 2 +-
 src/test/resources/log4j.xml                                  | 4 +++-
 8 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/configuration/esapi/ESAPI.properties b/configuration/esapi/ESAPI.properties
index e11ac64fa..1e3019534 100644
--- a/configuration/esapi/ESAPI.properties
+++ b/configuration/esapi/ESAPI.properties
@@ -67,7 +67,7 @@ ESAPI.Executor=org.owasp.esapi.reference.DefaultExecutor
 ESAPI.HTTPUtilities=org.owasp.esapi.reference.DefaultHTTPUtilities
 ESAPI.IntrusionDetector=org.owasp.esapi.reference.DefaultIntrusionDetector
 # Log4JFactory Requires log4j.xml or log4j.properties in classpath - http://www.laliluna.de/log4j-tutorial.html
-ESAPI.Logger=org.owasp.esapi.reference.Log4JLogFactory
+ESAPI.Logger=org.owasp.esapi.logging.log4j.Log4JLogFactory
 #ESAPI.Logger=org.owasp.esapi.reference.JavaLogFactory
 # To use the new SLF4J logger in ESAPI (see GitHub issue #129), set
 #    ESAPI.Logger=org.owasp.esapi.logging.slf4j.Slf4JLogFactory
diff --git a/configuration/log4j.xml b/configuration/log4j.xml
index 758514e80..15aca9b40 100644
--- a/configuration/log4j.xml
+++ b/configuration/log4j.xml
@@ -42,6 +42,6 @@
     <appender-ref ref="console" /> 
   </root>
 
-  <loggerFactory class="org.owasp.esapi.reference.Log4JLoggerFactory"/>
+  <loggerFactory class="org.owasp.esapi.logging.log4j.Log4JLogFactory"/>
   
 </log4j:configuration>
diff --git a/src/test/resources/esapi/ESAPI-CommaValidatorFileChecker.properties b/src/test/resources/esapi/ESAPI-CommaValidatorFileChecker.properties
index 8f171b048..74d2da68f 100644
--- a/src/test/resources/esapi/ESAPI-CommaValidatorFileChecker.properties
+++ b/src/test/resources/esapi/ESAPI-CommaValidatorFileChecker.properties
@@ -105,7 +105,7 @@ ESAPI.Executor=org.owasp.esapi.reference.DefaultExecutor
 ESAPI.HTTPUtilities=org.owasp.esapi.reference.DefaultHTTPUtilities
 ESAPI.IntrusionDetector=org.owasp.esapi.reference.DefaultIntrusionDetector
 # Log4JFactory Requires log4j.xml or log4j.properties in classpath - http://www.laliluna.de/log4j-tutorial.html
-ESAPI.Logger=org.owasp.esapi.reference.Log4JLogFactory
+ESAPI.Logger=org.owasp.esapi.logging.log4j.Log4JLogFactory
 #ESAPI.Logger=org.owasp.esapi.reference.JavaLogFactory
 #ESAPI.Logger=org.owasp.esapi.reference.ExampleExtendedLog4JLogFactory
 ESAPI.Randomizer=org.owasp.esapi.reference.DefaultRandomizer
diff --git a/src/test/resources/esapi/ESAPI-DualValidatorFileChecker.properties b/src/test/resources/esapi/ESAPI-DualValidatorFileChecker.properties
index 16954de43..c757865d0 100644
--- a/src/test/resources/esapi/ESAPI-DualValidatorFileChecker.properties
+++ b/src/test/resources/esapi/ESAPI-DualValidatorFileChecker.properties
@@ -105,7 +105,7 @@ ESAPI.Executor=org.owasp.esapi.reference.DefaultExecutor
 ESAPI.HTTPUtilities=org.owasp.esapi.reference.DefaultHTTPUtilities
 ESAPI.IntrusionDetector=org.owasp.esapi.reference.DefaultIntrusionDetector
 # Log4JFactory Requires log4j.xml or log4j.properties in classpath - http://www.laliluna.de/log4j-tutorial.html
-ESAPI.Logger=org.owasp.esapi.reference.Log4JLogFactory
+ESAPI.Logger=org.owasp.esapi.logging.log4j.Log4JLogFactory
 #ESAPI.Logger=org.owasp.esapi.reference.JavaLogFactory
 #ESAPI.Logger=org.owasp.esapi.reference.ExampleExtendedLog4JLogFactory
 ESAPI.Randomizer=org.owasp.esapi.reference.DefaultRandomizer
diff --git a/src/test/resources/esapi/ESAPI-QuotedValidatorFileChecker.properties b/src/test/resources/esapi/ESAPI-QuotedValidatorFileChecker.properties
index fd83e746d..fdd127902 100644
--- a/src/test/resources/esapi/ESAPI-QuotedValidatorFileChecker.properties
+++ b/src/test/resources/esapi/ESAPI-QuotedValidatorFileChecker.properties
@@ -104,7 +104,7 @@ ESAPI.Executor=org.owasp.esapi.reference.DefaultExecutor
 ESAPI.HTTPUtilities=org.owasp.esapi.reference.DefaultHTTPUtilities
 ESAPI.IntrusionDetector=org.owasp.esapi.reference.DefaultIntrusionDetector
 # Log4JFactory Requires log4j.xml or log4j.properties in classpath - http://www.laliluna.de/log4j-tutorial.html
-ESAPI.Logger=org.owasp.esapi.reference.Log4JLogFactory
+ESAPI.Logger=org.owasp.esapi.logging.log4j.Log4JLogFactory
 #ESAPI.Logger=org.owasp.esapi.reference.JavaLogFactory
 #ESAPI.Logger=org.owasp.esapi.reference.ExampleExtendedLog4JLogFactory
 ESAPI.Randomizer=org.owasp.esapi.reference.DefaultRandomizer
diff --git a/src/test/resources/esapi/ESAPI-SingleValidatorFileChecker.properties b/src/test/resources/esapi/ESAPI-SingleValidatorFileChecker.properties
index 63a8c83cd..00eb8d516 100644
--- a/src/test/resources/esapi/ESAPI-SingleValidatorFileChecker.properties
+++ b/src/test/resources/esapi/ESAPI-SingleValidatorFileChecker.properties
@@ -104,7 +104,7 @@ ESAPI.Executor=org.owasp.esapi.reference.DefaultExecutor
 ESAPI.HTTPUtilities=org.owasp.esapi.reference.DefaultHTTPUtilities
 ESAPI.IntrusionDetector=org.owasp.esapi.reference.DefaultIntrusionDetector
 # Log4JFactory Requires log4j.xml or log4j.properties in classpath - http://www.laliluna.de/log4j-tutorial.html
-ESAPI.Logger=org.owasp.esapi.reference.Log4JLogFactory
+ESAPI.Logger=org.owasp.esapi.logging.log4j.Log4JLogFactory
 #ESAPI.Logger=org.owasp.esapi.reference.JavaLogFactory
 #ESAPI.Logger=org.owasp.esapi.reference.ExampleExtendedLog4JLogFactory
 ESAPI.Randomizer=org.owasp.esapi.reference.DefaultRandomizer
diff --git a/src/test/resources/esapi/ESAPI.properties b/src/test/resources/esapi/ESAPI.properties
index 42d22780b..57dac9ecc 100644
--- a/src/test/resources/esapi/ESAPI.properties
+++ b/src/test/resources/esapi/ESAPI.properties
@@ -97,8 +97,8 @@ ESAPI.Executor=org.owasp.esapi.reference.DefaultExecutor
 ESAPI.HTTPUtilities=org.owasp.esapi.reference.DefaultHTTPUtilities
 ESAPI.IntrusionDetector=org.owasp.esapi.reference.DefaultIntrusionDetector
 # Log4JFactory Requires log4j.xml or log4j.properties in classpath - http://www.laliluna.de/log4j-tutorial.html
+#ESAPI.Logger=org.owasp.esapi.logging.log4j.Log4JLogFactory
 ESAPI.Logger=org.owasp.esapi.logging.java.JavaLogFactory
-#ESAPI.Logger=org.owasp.esapi.reference.JavaLogFactory
 #ESAPI.Logger=org.owasp.esapi.reference.ExampleExtendedLog4JLogFactory
 # To use the new SLF4J logger in ESAPI (see GitHub issue #129), set
 #    ESAPI.Logger=org.owasp.esapi.logging.slf4j.Slf4JLogFactory
diff --git a/src/test/resources/log4j.xml b/src/test/resources/log4j.xml
index 9cb7354fe..0abc8dd4c 100644
--- a/src/test/resources/log4j.xml
+++ b/src/test/resources/log4j.xml
@@ -50,6 +50,8 @@
     <appender-ref ref="file" />
   </root>
 
-  <loggerFactory class="org.owasp.esapi.reference.Log4JLoggerFactory"/>
+  <!-- 
+  <loggerFactory class="org.owasp.esapi.logging.log4j.Log4JLoggerFactory"/>
+ -->
 
 </log4j:configuration>

From b25d166639e643ea60932e95c1645148f5c3ea10 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Tue, 10 Dec 2019 19:12:20 -0600
Subject: [PATCH 632/812] Cleanup Log4JLogFactory

Removing cruft from the static block that was not required.
---
 .../esapi/logging/log4j/Log4JLogFactory.java  | 23 -------------------
 1 file changed, 23 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogFactory.java b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogFactory.java
index 8d67c6ff9..7e9881941 100644
--- a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogFactory.java
+++ b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogFactory.java
@@ -14,17 +14,11 @@
  */
 package org.owasp.esapi.logging.log4j;
 
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.io.PrintStream;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
-import org.apache.log4j.LogManager;
-import org.apache.log4j.PropertyConfigurator;
 import org.owasp.esapi.ESAPI;
 import org.owasp.esapi.LogFactory;
 import org.owasp.esapi.Logger;
@@ -35,7 +29,6 @@
 import org.owasp.esapi.logging.cleaning.CompositeLogScrubber;
 import org.owasp.esapi.logging.cleaning.LogScrubber;
 import org.owasp.esapi.logging.cleaning.NewlineLogScrubber;
-import org.owasp.esapi.logging.java.JavaLogFactory;
 import org.owasp.esapi.reference.DefaultSecurityConfiguration;
 /**
  * LogFactory implementation which creates Log4J supporting Loggers.
@@ -74,22 +67,6 @@ public class Log4JLogFactory implements LogFactory {
         //LEVEL.OFF not used.  If it's off why would we try to log it?
         
         LOG_BRIDGE = new Log4JLogBridgeImpl(Log4J_LOG_APPENDER, Log4J_LOG_SCRUBBER, levelLookup);
-        
-        try (InputStream stream = Log4JLogFactory.class.getClassLoader().
-        		getResourceAsStream("log4j.xml")) {
-        	PropertyConfigurator.configure(stream);
-        } catch (IOException ioe) {
-        	System.err.print(new IOException("Failed to load log4j.xml.", ioe));        	
-        }
-        
-        OutputStream nullOutputStream = new OutputStream() {
-			@Override
-			public void write(int b) throws IOException {
-				//No Op
-			}
-		};
-        
-       System.setOut(new PrintStream(nullOutputStream));
     }
     
     /**

From 2d895849c35ededc119b9a425f8a671a832f8489 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Tue, 10 Dec 2019 19:13:16 -0600
Subject: [PATCH 633/812] Deprecating Log4J Implementation

Staging implementation to be phased out in future releases.
---
 .../java/org/owasp/esapi/logging/log4j/Log4JLogBridge.java    | 1 +
 .../org/owasp/esapi/logging/log4j/Log4JLogBridgeImpl.java     | 1 +
 .../java/org/owasp/esapi/logging/log4j/Log4JLogFactory.java   | 1 +
 .../org/owasp/esapi/logging/log4j/Log4JLogLevelHandler.java   | 1 +
 .../org/owasp/esapi/logging/log4j/Log4JLogLevelHandlers.java  | 1 +
 src/main/java/org/owasp/esapi/logging/log4j/Log4JLogger.java  | 3 ++-
 .../org/owasp/esapi/logging/log4j/Log4JLoggerFactory.java     | 1 +
 src/test/resources/esapi/ESAPI.properties                     | 4 ++--
 8 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogBridge.java b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogBridge.java
index d69662eba..c56585068 100644
--- a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogBridge.java
+++ b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogBridge.java
@@ -20,6 +20,7 @@
  * Contract for translating an ESAPI log event into an Log4J log event.
  * 
  */
+@Deprecated
 public interface Log4JLogBridge {
     /**
      * Translation for the provided ESAPI level, type, and message to the specified Log4J Logger.
diff --git a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogBridgeImpl.java b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogBridgeImpl.java
index d982ead49..cb5e6f5ee 100644
--- a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogBridgeImpl.java
+++ b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogBridgeImpl.java
@@ -27,6 +27,7 @@
  * Implementation which is intended to bridge the ESAPI Logging API into LOG4J supported Object structures.
  *
  */
+@Deprecated
 public class Log4JLogBridgeImpl implements Log4JLogBridge {
     /** Configuration providing associations between esapi log levels and LOG4J levels.*/
     private final Map<Integer,Log4JLogLevelHandler> esapiSlfLevelMap;
diff --git a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogFactory.java b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogFactory.java
index 7e9881941..6db3b3ea5 100644
--- a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogFactory.java
+++ b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogFactory.java
@@ -34,6 +34,7 @@
  * LogFactory implementation which creates Log4J supporting Loggers.
  *
  */
+@Deprecated
 public class Log4JLogFactory implements LogFactory {
 	 /** Immune characters for the codec log scrubber for JAVA context.*/
     private static final char[] IMMUNE_LOG4J_HTML = {',', '.', '-', '_', ' ' };
diff --git a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogLevelHandler.java b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogLevelHandler.java
index e73e717e1..4ac3ae8e0 100644
--- a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogLevelHandler.java
+++ b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogLevelHandler.java
@@ -23,6 +23,7 @@
  * @see Log4JLogBridgeImpl
  *
  */
+@Deprecated
  interface Log4JLogLevelHandler {
      /** Check if the logging level is enabled for the specified logger.*/
     boolean isEnabled(Logger logger);
diff --git a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogLevelHandlers.java b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogLevelHandlers.java
index 19e54c696..7cb3f93b2 100644
--- a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogLevelHandlers.java
+++ b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogLevelHandlers.java
@@ -23,6 +23,7 @@
  * Enumeration capturing the propagation of Log4J level events.
  *
  */
+@Deprecated
 public enum Log4JLogLevelHandlers implements Log4JLogLevelHandler {
 	FATAL(Level.FATAL),
 	ERROR(Level.ERROR),
diff --git a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogger.java b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogger.java
index 9196abbd3..b83bfc6b9 100644
--- a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogger.java
+++ b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogger.java
@@ -16,8 +16,9 @@
 
 import org.owasp.esapi.Logger;
 /**
- * ESAPI Logger implementation which relays events to an SLF4J delegate.
+ * ESAPI Logger implementation which relays events to an Log4j delegate.
  */
+@Deprecated
 public class Log4JLogger implements org.owasp.esapi.Logger {
     /** Delegate Logger.*/
     private final org.apache.log4j.Logger delegate;
diff --git a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLoggerFactory.java b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLoggerFactory.java
index a2b743edf..880fb8ea4 100644
--- a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLoggerFactory.java
+++ b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLoggerFactory.java
@@ -32,6 +32,7 @@
  * @see org.owasp.esapi.logging.log4j.Log4JLogFactory
  * @see org.owasp.esapi.reference.Log4JLogger
  */
+@Deprecated
 public class Log4JLoggerFactory implements LoggerFactory {
 	 /** Log appender instance.*/
     private static LogAppender LOG4J_LOG_APPENDER;
diff --git a/src/test/resources/esapi/ESAPI.properties b/src/test/resources/esapi/ESAPI.properties
index 57dac9ecc..1437fae9a 100644
--- a/src/test/resources/esapi/ESAPI.properties
+++ b/src/test/resources/esapi/ESAPI.properties
@@ -97,8 +97,8 @@ ESAPI.Executor=org.owasp.esapi.reference.DefaultExecutor
 ESAPI.HTTPUtilities=org.owasp.esapi.reference.DefaultHTTPUtilities
 ESAPI.IntrusionDetector=org.owasp.esapi.reference.DefaultIntrusionDetector
 # Log4JFactory Requires log4j.xml or log4j.properties in classpath - http://www.laliluna.de/log4j-tutorial.html
-#ESAPI.Logger=org.owasp.esapi.logging.log4j.Log4JLogFactory
-ESAPI.Logger=org.owasp.esapi.logging.java.JavaLogFactory
+ESAPI.Logger=org.owasp.esapi.logging.log4j.Log4JLogFactory
+#ESAPI.Logger=org.owasp.esapi.logging.java.JavaLogFactory
 #ESAPI.Logger=org.owasp.esapi.reference.ExampleExtendedLog4JLogFactory
 # To use the new SLF4J logger in ESAPI (see GitHub issue #129), set
 #    ESAPI.Logger=org.owasp.esapi.logging.slf4j.Slf4JLogFactory

From 978e4092d9330c4461d949d567f4fd79ad4aa69e Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sat, 21 Dec 2019 07:43:29 -0600
Subject: [PATCH 634/812] License Updates: Fixed Created Date

Updating copy/pasta mistake of created date.
---
 src/main/java/org/owasp/esapi/logging/java/JavaLogBridge.java   | 2 +-
 .../java/org/owasp/esapi/logging/java/JavaLogBridgeImpl.java    | 2 +-
 src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java  | 2 +-
 .../java/org/owasp/esapi/logging/java/JavaLogLevelHandler.java  | 2 +-
 src/main/java/org/owasp/esapi/logging/java/JavaLogger.java      | 2 +-
 src/main/java/org/owasp/esapi/logging/log4j/Log4JLogBridge.java | 2 +-
 .../java/org/owasp/esapi/logging/log4j/Log4JLogBridgeImpl.java  | 2 +-
 .../java/org/owasp/esapi/logging/log4j/Log4JLogFactory.java     | 2 +-
 .../org/owasp/esapi/logging/log4j/Log4JLogLevelHandler.java     | 2 +-
 .../org/owasp/esapi/logging/log4j/Log4JLogLevelHandlers.java    | 2 +-
 src/main/java/org/owasp/esapi/logging/log4j/Log4JLogger.java    | 2 +-
 .../org/owasp/esapi/logging/java/JavaLogBridgeImplTest.java     | 2 +-
 .../java/org/owasp/esapi/logging/java/JavaLogFactoryTest.java   | 2 +-
 .../org/owasp/esapi/logging/java/JavaLogLevelHandlersTest.java  | 2 +-
 src/test/java/org/owasp/esapi/logging/java/JavaLoggerTest.java  | 2 +-
 .../org/owasp/esapi/logging/log4j/Log4JLogBridgeImplTest.java   | 2 +-
 .../java/org/owasp/esapi/logging/log4j/Log4JLogFactoryTest.java | 2 +-
 .../owasp/esapi/logging/log4j/Log4JLogLevelHandlersTest.java    | 2 +-
 .../java/org/owasp/esapi/logging/log4j/Log4JLoggerTest.java     | 2 +-
 19 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/logging/java/JavaLogBridge.java b/src/main/java/org/owasp/esapi/logging/java/JavaLogBridge.java
index 7e25ee94c..3537f6b3c 100644
--- a/src/main/java/org/owasp/esapi/logging/java/JavaLogBridge.java
+++ b/src/main/java/org/owasp/esapi/logging/java/JavaLogBridge.java
@@ -10,7 +10,7 @@
  * The ESAPI is published by OWASP under the BSD license. You should read and accept the
  * LICENSE before you use, modify, and/or redistribute this software.
  * 
- * @created 2018
+ * @created 2019
  */
 package org.owasp.esapi.logging.java;
 
diff --git a/src/main/java/org/owasp/esapi/logging/java/JavaLogBridgeImpl.java b/src/main/java/org/owasp/esapi/logging/java/JavaLogBridgeImpl.java
index 9b3e32f6a..6f06c4a1e 100644
--- a/src/main/java/org/owasp/esapi/logging/java/JavaLogBridgeImpl.java
+++ b/src/main/java/org/owasp/esapi/logging/java/JavaLogBridgeImpl.java
@@ -10,7 +10,7 @@
  * The ESAPI is published by OWASP under the BSD license. You should read and accept the
  * LICENSE before you use, modify, and/or redistribute this software.
  * 
- * @created 2018
+ * @created 2019
  */
 
 package org.owasp.esapi.logging.java;
diff --git a/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java b/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java
index d640d6725..d5445133b 100644
--- a/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java
+++ b/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java
@@ -10,7 +10,7 @@
  * The ESAPI is published by OWASP under the BSD license. You should read and accept the
  * LICENSE before you use, modify, and/or redistribute this software.
  * 
- * @created 2018
+ * @created 2019
  */
 package org.owasp.esapi.logging.java;
 
diff --git a/src/main/java/org/owasp/esapi/logging/java/JavaLogLevelHandler.java b/src/main/java/org/owasp/esapi/logging/java/JavaLogLevelHandler.java
index 367e9e5e7..5dd181e35 100644
--- a/src/main/java/org/owasp/esapi/logging/java/JavaLogLevelHandler.java
+++ b/src/main/java/org/owasp/esapi/logging/java/JavaLogLevelHandler.java
@@ -10,7 +10,7 @@
  * The ESAPI is published by OWASP under the BSD license. You should read and accept the
  * LICENSE before you use, modify, and/or redistribute this software.
  * 
- * @created 2018
+ * @created 2019
  */
 package org.owasp.esapi.logging.java;
 
diff --git a/src/main/java/org/owasp/esapi/logging/java/JavaLogger.java b/src/main/java/org/owasp/esapi/logging/java/JavaLogger.java
index a028924ba..db41a5970 100644
--- a/src/main/java/org/owasp/esapi/logging/java/JavaLogger.java
+++ b/src/main/java/org/owasp/esapi/logging/java/JavaLogger.java
@@ -10,7 +10,7 @@
  * The ESAPI is published by OWASP under the BSD license. You should read and accept the
  * LICENSE before you use, modify, and/or redistribute this software.
  * 
- * @created 2018
+ * @created 2019
  */
 package org.owasp.esapi.logging.java;
 
diff --git a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogBridge.java b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogBridge.java
index c56585068..70234cec2 100644
--- a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogBridge.java
+++ b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogBridge.java
@@ -10,7 +10,7 @@
  * The ESAPI is published by OWASP under the BSD license. You should read and accept the
  * LICENSE before you use, modify, and/or redistribute this software.
  * 
- * @created 2018
+ * @created 2019
  */
 package org.owasp.esapi.logging.log4j;
 
diff --git a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogBridgeImpl.java b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogBridgeImpl.java
index cb5e6f5ee..f52610396 100644
--- a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogBridgeImpl.java
+++ b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogBridgeImpl.java
@@ -10,7 +10,7 @@
  * The ESAPI is published by OWASP under the BSD license. You should read and accept the
  * LICENSE before you use, modify, and/or redistribute this software.
  * 
- * @created 2018
+ * @created 2019
  */
 
 package org.owasp.esapi.logging.log4j;
diff --git a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogFactory.java b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogFactory.java
index 6db3b3ea5..7d7fccc07 100644
--- a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogFactory.java
+++ b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogFactory.java
@@ -10,7 +10,7 @@
  * The ESAPI is published by OWASP under the BSD license. You should read and accept the
  * LICENSE before you use, modify, and/or redistribute this software.
  * 
- * @created 2018
+ * @created 2019
  */
 package org.owasp.esapi.logging.log4j;
 
diff --git a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogLevelHandler.java b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogLevelHandler.java
index 4ac3ae8e0..fe2a7a28c 100644
--- a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogLevelHandler.java
+++ b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogLevelHandler.java
@@ -10,7 +10,7 @@
  * The ESAPI is published by OWASP under the BSD license. You should read and accept the
  * LICENSE before you use, modify, and/or redistribute this software.
  * 
- * @created 2018
+ * @created 2019
  */
 package org.owasp.esapi.logging.log4j;
 
diff --git a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogLevelHandlers.java b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogLevelHandlers.java
index 7cb3f93b2..7cbea76e9 100644
--- a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogLevelHandlers.java
+++ b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogLevelHandlers.java
@@ -10,7 +10,7 @@
  * The ESAPI is published by OWASP under the BSD license. You should read and accept the
  * LICENSE before you use, modify, and/or redistribute this software.
  * 
- * @created 2018
+ * @created 2019
  */
 
 package org.owasp.esapi.logging.log4j;
diff --git a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogger.java b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogger.java
index b83bfc6b9..cca51d73e 100644
--- a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogger.java
+++ b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogger.java
@@ -10,7 +10,7 @@
  * The ESAPI is published by OWASP under the BSD license. You should read and accept the
  * LICENSE before you use, modify, and/or redistribute this software.
  * 
- * @created 2018
+ * @created 2019
  */
 package org.owasp.esapi.logging.log4j;
 
diff --git a/src/test/java/org/owasp/esapi/logging/java/JavaLogBridgeImplTest.java b/src/test/java/org/owasp/esapi/logging/java/JavaLogBridgeImplTest.java
index 2989a71d6..05fdeb858 100644
--- a/src/test/java/org/owasp/esapi/logging/java/JavaLogBridgeImplTest.java
+++ b/src/test/java/org/owasp/esapi/logging/java/JavaLogBridgeImplTest.java
@@ -10,7 +10,7 @@
  * The ESAPI is published by OWASP under the BSD license. You should read and accept the
  * LICENSE before you use, modify, and/or redistribute this software.
  * 
- * @created 2018
+ * @created 2019
  */
 package org.owasp.esapi.logging.java;
 
diff --git a/src/test/java/org/owasp/esapi/logging/java/JavaLogFactoryTest.java b/src/test/java/org/owasp/esapi/logging/java/JavaLogFactoryTest.java
index efd5278dd..6ed916be1 100644
--- a/src/test/java/org/owasp/esapi/logging/java/JavaLogFactoryTest.java
+++ b/src/test/java/org/owasp/esapi/logging/java/JavaLogFactoryTest.java
@@ -10,7 +10,7 @@
  * The ESAPI is published by OWASP under the BSD license. You should read and accept the
  * LICENSE before you use, modify, and/or redistribute this software.
  * 
- * @created 2018
+ * @created 2019
  */
 package org.owasp.esapi.logging.java;
 
diff --git a/src/test/java/org/owasp/esapi/logging/java/JavaLogLevelHandlersTest.java b/src/test/java/org/owasp/esapi/logging/java/JavaLogLevelHandlersTest.java
index b42f790bd..e14edd874 100644
--- a/src/test/java/org/owasp/esapi/logging/java/JavaLogLevelHandlersTest.java
+++ b/src/test/java/org/owasp/esapi/logging/java/JavaLogLevelHandlersTest.java
@@ -10,7 +10,7 @@
  * The ESAPI is published by OWASP under the BSD license. You should read and accept the
  * LICENSE before you use, modify, and/or redistribute this software.
  * 
- * @created 2018
+ * @created 2019
  */
 package org.owasp.esapi.logging.java;
 
diff --git a/src/test/java/org/owasp/esapi/logging/java/JavaLoggerTest.java b/src/test/java/org/owasp/esapi/logging/java/JavaLoggerTest.java
index 4c5c57834..770bdd42d 100644
--- a/src/test/java/org/owasp/esapi/logging/java/JavaLoggerTest.java
+++ b/src/test/java/org/owasp/esapi/logging/java/JavaLoggerTest.java
@@ -10,7 +10,7 @@
  * The ESAPI is published by OWASP under the BSD license. You should read and accept the
  * LICENSE before you use, modify, and/or redistribute this software.
  * 
- * @created 2018
+ * @created 2019
  */
 
 package org.owasp.esapi.logging.java;
diff --git a/src/test/java/org/owasp/esapi/logging/log4j/Log4JLogBridgeImplTest.java b/src/test/java/org/owasp/esapi/logging/log4j/Log4JLogBridgeImplTest.java
index 23138f56a..ab52bc6dc 100644
--- a/src/test/java/org/owasp/esapi/logging/log4j/Log4JLogBridgeImplTest.java
+++ b/src/test/java/org/owasp/esapi/logging/log4j/Log4JLogBridgeImplTest.java
@@ -10,7 +10,7 @@
  * The ESAPI is published by OWASP under the BSD license. You should read and accept the
  * LICENSE before you use, modify, and/or redistribute this software.
  * 
- * @created 2018
+ * @created 2019
  */
 package org.owasp.esapi.logging.log4j;
 
diff --git a/src/test/java/org/owasp/esapi/logging/log4j/Log4JLogFactoryTest.java b/src/test/java/org/owasp/esapi/logging/log4j/Log4JLogFactoryTest.java
index a983e1bc5..555a9750b 100644
--- a/src/test/java/org/owasp/esapi/logging/log4j/Log4JLogFactoryTest.java
+++ b/src/test/java/org/owasp/esapi/logging/log4j/Log4JLogFactoryTest.java
@@ -10,7 +10,7 @@
  * The ESAPI is published by OWASP under the BSD license. You should read and accept the
  * LICENSE before you use, modify, and/or redistribute this software.
  * 
- * @created 2018
+ * @created 2019
  */
 package org.owasp.esapi.logging.log4j;
 
diff --git a/src/test/java/org/owasp/esapi/logging/log4j/Log4JLogLevelHandlersTest.java b/src/test/java/org/owasp/esapi/logging/log4j/Log4JLogLevelHandlersTest.java
index 9f2cefbc7..972c2868d 100644
--- a/src/test/java/org/owasp/esapi/logging/log4j/Log4JLogLevelHandlersTest.java
+++ b/src/test/java/org/owasp/esapi/logging/log4j/Log4JLogLevelHandlersTest.java
@@ -10,7 +10,7 @@
  * The ESAPI is published by OWASP under the BSD license. You should read and accept the
  * LICENSE before you use, modify, and/or redistribute this software.
  * 
- * @created 2018
+ * @created 2019
  */
 package org.owasp.esapi.logging.log4j;
 
diff --git a/src/test/java/org/owasp/esapi/logging/log4j/Log4JLoggerTest.java b/src/test/java/org/owasp/esapi/logging/log4j/Log4JLoggerTest.java
index 36982fb0f..2e77efd58 100644
--- a/src/test/java/org/owasp/esapi/logging/log4j/Log4JLoggerTest.java
+++ b/src/test/java/org/owasp/esapi/logging/log4j/Log4JLoggerTest.java
@@ -10,7 +10,7 @@
  * The ESAPI is published by OWASP under the BSD license. You should read and accept the
  * LICENSE before you use, modify, and/or redistribute this software.
  * 
- * @created 2018
+ * @created 2019
  */
 
 package org.owasp.esapi.logging.log4j;

From 0d79d985bd74ffc43ee944c540506e1267c3f8d5 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sat, 21 Dec 2019 07:50:45 -0600
Subject: [PATCH 635/812] File Rename JavaLoggerLevel -> ESAPIErrorJavaLevel

Trying to update the name to be more representative to what it is.
---
 .../logging/java/ESAPIErrorJavaLevel.java     | 44 +++++++++++++++++++
 .../logging/java/JavaLogLevelHandlers.java    |  2 +-
 .../esapi/logging/java/JavaLoggerLevel.java   | 29 ------------
 .../java/JavaLogLevelHandlersTest.java        |  2 +-
 4 files changed, 46 insertions(+), 31 deletions(-)
 create mode 100644 src/main/java/org/owasp/esapi/logging/java/ESAPIErrorJavaLevel.java
 delete mode 100644 src/main/java/org/owasp/esapi/logging/java/JavaLoggerLevel.java

diff --git a/src/main/java/org/owasp/esapi/logging/java/ESAPIErrorJavaLevel.java b/src/main/java/org/owasp/esapi/logging/java/ESAPIErrorJavaLevel.java
new file mode 100644
index 000000000..7e24b5d58
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/logging/java/ESAPIErrorJavaLevel.java
@@ -0,0 +1,44 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @created 2019
+ */
+
+package org.owasp.esapi.logging.java;
+
+import java.util.logging.Level;
+
+/**
+ *  A custom logging level defined between Level.SEVERE and Level.WARNING in logger.
+ */
+public class ESAPIErrorJavaLevel extends Level {
+
+    protected static final long serialVersionUID = 1L;
+
+    /**
+	 * Defines a custom error level below SEVERE but above WARNING since this level isn't defined directly
+	 * by java.util.Logger already.
+	 */
+	public static final Level ERROR_LEVEL = new ESAPIErrorJavaLevel( "ERROR", Level.SEVERE.intValue() - 1);
+	
+	/**
+	 * Constructs an instance of a JavaLoggerLevel which essentially provides a mapping between the name of
+	 * the defined level and its numeric value.
+	 * 
+	 * @param name The name of the JavaLoggerLevel
+	 * @param value The associated numeric value
+	 */
+	private ESAPIErrorJavaLevel(String name, int value) {
+		super(name, value);
+	}
+}
+    
\ No newline at end of file
diff --git a/src/main/java/org/owasp/esapi/logging/java/JavaLogLevelHandlers.java b/src/main/java/org/owasp/esapi/logging/java/JavaLogLevelHandlers.java
index 04ed82043..1ac832c1f 100644
--- a/src/main/java/org/owasp/esapi/logging/java/JavaLogLevelHandlers.java
+++ b/src/main/java/org/owasp/esapi/logging/java/JavaLogLevelHandlers.java
@@ -13,7 +13,7 @@ public enum JavaLogLevelHandlers implements JavaLogLevelHandler {
 	FINER(Level.FINER),
 	FINEST(Level.FINEST),
 	ALL(Level.ALL),
-	ERROR(JavaLoggerLevel.ERROR_LEVEL);
+	ERROR(ESAPIErrorJavaLevel.ERROR_LEVEL);
 
 	private final Level level;
 	
diff --git a/src/main/java/org/owasp/esapi/logging/java/JavaLoggerLevel.java b/src/main/java/org/owasp/esapi/logging/java/JavaLoggerLevel.java
deleted file mode 100644
index 7d967f347..000000000
--- a/src/main/java/org/owasp/esapi/logging/java/JavaLoggerLevel.java
+++ /dev/null
@@ -1,29 +0,0 @@
-package org.owasp.esapi.logging.java;
-
-import java.util.logging.Level;
-
-/**
- *  A custom logging level defined between Level.SEVERE and Level.WARNING in logger.
- */
-public class JavaLoggerLevel extends Level {
-
-    protected static final long serialVersionUID = 1L;
-
-    /**
-	 * Defines a custom error level below SEVERE but above WARNING since this level isn't defined directly
-	 * by java.util.Logger already.
-	 */
-	public static final Level ERROR_LEVEL = new JavaLoggerLevel( "ERROR", Level.SEVERE.intValue() - 1);
-	
-	/**
-	 * Constructs an instance of a JavaLoggerLevel which essentially provides a mapping between the name of
-	 * the defined level and its numeric value.
-	 * 
-	 * @param name The name of the JavaLoggerLevel
-	 * @param value The associated numeric value
-	 */
-	private JavaLoggerLevel(String name, int value) {
-		super(name, value);
-	}
-}
-    
\ No newline at end of file
diff --git a/src/test/java/org/owasp/esapi/logging/java/JavaLogLevelHandlersTest.java b/src/test/java/org/owasp/esapi/logging/java/JavaLogLevelHandlersTest.java
index e14edd874..279e51faa 100644
--- a/src/test/java/org/owasp/esapi/logging/java/JavaLogLevelHandlersTest.java
+++ b/src/test/java/org/owasp/esapi/logging/java/JavaLogLevelHandlersTest.java
@@ -36,7 +36,7 @@ public void testErrorDelegation() {
         JavaLogLevelHandlers.ERROR.log(mockLogger, testName.getMethodName());
         JavaLogLevelHandlers.ERROR.log(mockLogger, testName.getMethodName(), testException);
 
-        Level expectedJavaLevel = JavaLoggerLevel.ERROR_LEVEL;
+        Level expectedJavaLevel = ESAPIErrorJavaLevel.ERROR_LEVEL;
         
         Mockito.verify(mockLogger, Mockito.times(1)).isLoggable(expectedJavaLevel);
         Mockito.verify(mockLogger, Mockito.times(1)).log(expectedJavaLevel, testName.getMethodName());

From aa453c696ccf74c0fd2b34282608f88c17a5ed38 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sat, 21 Dec 2019 07:55:11 -0600
Subject: [PATCH 636/812] Documentation Update

Updating class docs for implementation.
---
 .../esapi/logging/log4j/Log4JLoggerFactory.java     | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLoggerFactory.java b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLoggerFactory.java
index 880fb8ea4..644180a63 100644
--- a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLoggerFactory.java
+++ b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLoggerFactory.java
@@ -23,14 +23,11 @@
 import org.owasp.esapi.reference.DefaultSecurityConfiguration;
 
 /**
- * Implementation of the LoggerFactory interface. This implementation has been 
- * overridden to return instances of org.owasp.esapi.reference.Log4JLogger.
- *
- * @author August Detlefsen (augustd at codemagi dot com)
- *         <a href="http://www.codemagi.com">CodeMagi, Inc.</a>
- * @since October 15, 2010
- * @see org.owasp.esapi.logging.log4j.Log4JLogFactory
- * @see org.owasp.esapi.reference.Log4JLogger
+ * Service Provider Interface implementation that can be provided as the org.apache.log4j.spi.LoggerFactory reference in a Log4J configuration.
+ * <br>
+ * <code>
+ *   &ltloggerFactory class="org.owasp.esapi.logging.log4j.Log4JLoggerFactory"/&gt
+ * </code>
  */
 @Deprecated
 public class Log4JLoggerFactory implements LoggerFactory {

From 99b46409aa6d9d29d3ac30d936c6babd91d1778b Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sat, 21 Dec 2019 07:56:34 -0600
Subject: [PATCH 637/812] Code Cleanup

Removing commented content
---
 .../java/org/owasp/esapi/logging/log4j/Log4JLoggerFactory.java   | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLoggerFactory.java b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLoggerFactory.java
index 644180a63..0d0595ef9 100644
--- a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLoggerFactory.java
+++ b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLoggerFactory.java
@@ -59,7 +59,6 @@ public Log4JLoggerFactory() {}
 	 * @return org.owasp.esapi.reference.Log4JLogger
 	 */
 	public org.apache.log4j.Logger makeNewLoggerInstance(String name) {		
-		//return new org.owasp.esapi.reference.Log4JLogger(name);
 		return new EsapiLog4JWrapper(name);
 	}
 	

From 36b2b780528a51ee2226cba7c9691e9f1e2a33c9 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sat, 21 Dec 2019 08:00:49 -0600
Subject: [PATCH 638/812] Whitespace cleanup.  Removing tabs.

---
 .../logging/appender/ClientInfoSupplier.java  | 114 +++++++++---------
 .../appender/EventTypeLogSupplier.java        |  28 ++---
 .../esapi/logging/appender/LogAppender.java   |  16 +--
 .../logging/appender/LogPrefixAppender.java   |  74 ++++++------
 .../logging/appender/ServerInfoSupplier.java  |  96 +++++++--------
 5 files changed, 164 insertions(+), 164 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/logging/appender/ClientInfoSupplier.java b/src/main/java/org/owasp/esapi/logging/appender/ClientInfoSupplier.java
index b21aa0629..f8cbaf719 100644
--- a/src/main/java/org/owasp/esapi/logging/appender/ClientInfoSupplier.java
+++ b/src/main/java/org/owasp/esapi/logging/appender/ClientInfoSupplier.java
@@ -28,66 +28,66 @@
  * information.
  */
 public class ClientInfoSupplier implements Supplier<String> {
-	/** Default UserName string if the Authenticated user is null.*/
-	private static final String DEFAULT_USERNAME = "#ANONYMOUS#";
-	/** Default Last Host string if the Authenticated user is null.*/
-	private static final String DEFAULT_LAST_HOST = "#UNKNOWN_HOST#";
-	/** Session Attribute containing the ESAPI Session id. */
-	private static final String ESAPI_SESSION_ATTR = "ESAPI_SESSION";
-	/**
-	 * Minimum value for generating a random session value if one is not defined.
-	 */
-	private static final int ESAPI_SESSION_RAND_MIN = 0;
-	/**
-	 * Maximum value for generating a random session value if one is not defined.
-	 */
-	private static final int ESAPI_SESSION_RAND_MAX = 1000000;
+    /** Default UserName string if the Authenticated user is null.*/
+    private static final String DEFAULT_USERNAME = "#ANONYMOUS#";
+    /** Default Last Host string if the Authenticated user is null.*/
+    private static final String DEFAULT_LAST_HOST = "#UNKNOWN_HOST#";
+    /** Session Attribute containing the ESAPI Session id. */
+    private static final String ESAPI_SESSION_ATTR = "ESAPI_SESSION";
+    /**
+     * Minimum value for generating a random session value if one is not defined.
+     */
+    private static final int ESAPI_SESSION_RAND_MIN = 0;
+    /**
+     * Maximum value for generating a random session value if one is not defined.
+     */
+    private static final int ESAPI_SESSION_RAND_MAX = 1000000;
 
-	/** Format for supplier output. */
-	private static final String USER_INFO_FORMAT = "%s:%s@%s"; // USER_NAME, SID, USER_HOST_ADDRESS
+    /** Format for supplier output. */
+    private static final String USER_INFO_FORMAT = "%s:%s@%s"; // USER_NAME, SID, USER_HOST_ADDRESS
 
-	/** Whether to log the user info from this instance. */
-	private boolean logUserInfo = true;
+    /** Whether to log the user info from this instance. */
+    private boolean logUserInfo = true;
 
-	@Override
-	public String get() {
-		String userInfo = "";
-	
-		if (logUserInfo) {
-			HttpServletRequest request = ESAPI.currentRequest();
-			// create a random session number for the user to represent the user's
-			// 'session', if it doesn't exist already
-			String sid = "";
-			if (request != null) {
-				HttpSession session = request.getSession(false);
-				if (session != null) {
-					sid = (String) session.getAttribute(ESAPI_SESSION_ATTR);
-					// if there is no session ID for the user yet, we create one and store it in the
-					// user's session
-					if (sid == null) {
-						sid = "" + ESAPI.randomizer().getRandomInteger(ESAPI_SESSION_RAND_MIN, ESAPI_SESSION_RAND_MAX);
-						session.setAttribute(ESAPI_SESSION_ATTR, sid);
-					}
-				}
-			}
-			// log user information - username:session@ipaddr
-			User user = ESAPI.authenticator().getCurrentUser();
-			if (user == null) {
-				userInfo = String.format(USER_INFO_FORMAT, DEFAULT_USERNAME, sid, DEFAULT_LAST_HOST);
-			} else {
-				userInfo = String.format(USER_INFO_FORMAT, user.getAccountName(), sid, user.getLastHostAddress());
-			}
-		}
-		return userInfo;
-	}
+    @Override
+    public String get() {
+        String userInfo = "";
 
-	/**
-	 * Specify whether the instance should record the client info.
-	 * 
-	 * @param log {@code true} to record
-	 */
-	public void setLogUserInfo(boolean log) {
-		this.logUserInfo = log;
-	}
+        if (logUserInfo) {
+            HttpServletRequest request = ESAPI.currentRequest();
+            // create a random session number for the user to represent the user's
+            // 'session', if it doesn't exist already
+            String sid = "";
+            if (request != null) {
+                HttpSession session = request.getSession(false);
+                if (session != null) {
+                    sid = (String) session.getAttribute(ESAPI_SESSION_ATTR);
+                    // if there is no session ID for the user yet, we create one and store it in the
+                    // user's session
+                    if (sid == null) {
+                        sid = "" + ESAPI.randomizer().getRandomInteger(ESAPI_SESSION_RAND_MIN, ESAPI_SESSION_RAND_MAX);
+                        session.setAttribute(ESAPI_SESSION_ATTR, sid);
+                    }
+                }
+            }
+            // log user information - username:session@ipaddr
+            User user = ESAPI.authenticator().getCurrentUser();
+            if (user == null) {
+                userInfo = String.format(USER_INFO_FORMAT, DEFAULT_USERNAME, sid, DEFAULT_LAST_HOST);
+            } else {
+                userInfo = String.format(USER_INFO_FORMAT, user.getAccountName(), sid, user.getLastHostAddress());
+            }
+        }
+        return userInfo;
+    }
+
+    /**
+     * Specify whether the instance should record the client info.
+     * 
+     * @param log {@code true} to record
+     */
+    public void setLogUserInfo(boolean log) {
+        this.logUserInfo = log;
+    }
 
 }
diff --git a/src/main/java/org/owasp/esapi/logging/appender/EventTypeLogSupplier.java b/src/main/java/org/owasp/esapi/logging/appender/EventTypeLogSupplier.java
index 2780550ec..447c7a6e5 100644
--- a/src/main/java/org/owasp/esapi/logging/appender/EventTypeLogSupplier.java
+++ b/src/main/java/org/owasp/esapi/logging/appender/EventTypeLogSupplier.java
@@ -25,20 +25,20 @@
  *
  */
 public class EventTypeLogSupplier implements Supplier<String> {
-	/** EventType reference to supply log representation of. */
-	private final EventType eventType;
+    /** EventType reference to supply log representation of. */
+    private final EventType eventType;
 
-	/**
-	 * Ctr
-	 * 
-	 * @param evtyp EventType reference to supply log representation for
-	 */
-	public EventTypeLogSupplier(EventType evtyp) {
-		this.eventType = evtyp;
-	}
+    /**
+     * Ctr
+     * 
+     * @param evtyp EventType reference to supply log representation for
+     */
+    public EventTypeLogSupplier(EventType evtyp) {
+        this.eventType = evtyp;
+    }
 
-	@Override
-	public String get() {
-		return eventType == null ? "" : eventType.toString();
-	}
+    @Override
+    public String get() {
+        return eventType == null ? "" : eventType.toString();
+    }
 }
diff --git a/src/main/java/org/owasp/esapi/logging/appender/LogAppender.java b/src/main/java/org/owasp/esapi/logging/appender/LogAppender.java
index cc4917049..b3aba0534 100644
--- a/src/main/java/org/owasp/esapi/logging/appender/LogAppender.java
+++ b/src/main/java/org/owasp/esapi/logging/appender/LogAppender.java
@@ -23,13 +23,13 @@
  */
 public interface LogAppender {
 
-	/**
-	 * Creates a replacement Log Message and returns it to the caller.
-	 * @param logName name of the logger.
-	 * @param eventType EventType of the log event being processed.
-	 * @param message The original message.
-	 * @return Updated replacement message.
-	 */
-	public String appendTo(String logName, EventType eventType, String message);
+    /**
+     * Creates a replacement Log Message and returns it to the caller.
+     * @param logName name of the logger.
+     * @param eventType EventType of the log event being processed.
+     * @param message The original message.
+     * @return Updated replacement message.
+     */
+    public String appendTo(String logName, EventType eventType, String message);
 
 }
diff --git a/src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java b/src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java
index a31492eb6..7c24b0bcf 100644
--- a/src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java
+++ b/src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java
@@ -22,48 +22,48 @@
  * EventType, Client data, and server data.
  */
 public class LogPrefixAppender implements LogAppender {
-	/** Output format used to assemble return values. */
-	private static final String RESULT_FORMAT = "[%s %s -> %s] %s";// EVENT_TYPE, CLIENT_INFO, SERVER_INFO, messageBody
+    /** Output format used to assemble return values. */
+    private static final String RESULT_FORMAT = "[%s %s -> %s] %s";// EVENT_TYPE, CLIENT_INFO, SERVER_INFO, messageBody
 
-	/** Whether or not to record client information. */
-	private final boolean logClientInfo;
-	/** Whether or not to record server ip information. */
-	private final boolean logServerIp;
-	/** Whether or not to record application name. */
-	private final boolean logApplicationName;
-	/** Application Name to record. */
-	private final String appName;
+    /** Whether or not to record client information. */
+    private final boolean logClientInfo;
+    /** Whether or not to record server ip information. */
+    private final boolean logServerIp;
+    /** Whether or not to record application name. */
+    private final boolean logApplicationName;
+    /** Application Name to record. */
+    private final String appName;
 
-	/**
-	 * Ctr.
-	 * 
-	 * @param logClientInfo      Whether or not to record client information
-	 * @param logServerIp        Whether or not to record server ip information
-	 * @param logApplicationName Whether or not to record application name
-	 * @param appName            Application Name to record.
-	 */
-	public LogPrefixAppender(boolean logClientInfo, boolean logServerIp, boolean logApplicationName, String appName) {
-		this.logClientInfo = logClientInfo;
-		this.logServerIp = logServerIp;
-		this.logApplicationName = logApplicationName;
-		this.appName = appName;
-	}
+    /**
+     * Ctr.
+     * 
+     * @param logClientInfo      Whether or not to record client information
+     * @param logServerIp        Whether or not to record server ip information
+     * @param logApplicationName Whether or not to record application name
+     * @param appName            Application Name to record.
+     */
+    public LogPrefixAppender(boolean logClientInfo, boolean logServerIp, boolean logApplicationName, String appName) {
+        this.logClientInfo = logClientInfo;
+        this.logServerIp = logServerIp;
+        this.logApplicationName = logApplicationName;
+        this.appName = appName;
+    }
 
-	@Override
-	public String appendTo(String logName, EventType eventType, String message) {
-		EventTypeLogSupplier eventTypeSupplier = new EventTypeLogSupplier(eventType);
+    @Override
+    public String appendTo(String logName, EventType eventType, String message) {
+        EventTypeLogSupplier eventTypeSupplier = new EventTypeLogSupplier(eventType);
 
-		ClientInfoSupplier clientInfoSupplier = new ClientInfoSupplier();
-		clientInfoSupplier.setLogUserInfo(logClientInfo);
+        ClientInfoSupplier clientInfoSupplier = new ClientInfoSupplier();
+        clientInfoSupplier.setLogUserInfo(logClientInfo);
 
-		ServerInfoSupplier serverInfoSupplier = new ServerInfoSupplier(logName);
-		serverInfoSupplier.setLogServerIp(logServerIp);
-		serverInfoSupplier.setLogApplicationName(logApplicationName, appName);
+        ServerInfoSupplier serverInfoSupplier = new ServerInfoSupplier(logName);
+        serverInfoSupplier.setLogServerIp(logServerIp);
+        serverInfoSupplier.setLogApplicationName(logApplicationName, appName);
 
-		String eventTypeMsg = eventTypeSupplier.get();
-		String clientInfoMsg = clientInfoSupplier.get();
-		String serverInfoMsg = serverInfoSupplier.get();
+        String eventTypeMsg = eventTypeSupplier.get();
+        String clientInfoMsg = clientInfoSupplier.get();
+        String serverInfoMsg = serverInfoSupplier.get();
 
-		return String.format(RESULT_FORMAT, eventTypeMsg, clientInfoMsg, serverInfoMsg, message);
-	}
+        return String.format(RESULT_FORMAT, eventTypeMsg, clientInfoMsg, serverInfoMsg, message);
+    }
 }
diff --git a/src/main/java/org/owasp/esapi/logging/appender/ServerInfoSupplier.java b/src/main/java/org/owasp/esapi/logging/appender/ServerInfoSupplier.java
index 8d0d49dd4..ca9b4bbd8 100644
--- a/src/main/java/org/owasp/esapi/logging/appender/ServerInfoSupplier.java
+++ b/src/main/java/org/owasp/esapi/logging/appender/ServerInfoSupplier.java
@@ -26,58 +26,58 @@
  * information.
  */
 public class ServerInfoSupplier implements Supplier<String> {
-	/** Whether to log the server connection info. */
-	private boolean logServerIP = true;
-	/** Whether to log the application name. */
-	private boolean logAppName = true;
-	/** The application name to log. */
-	private String applicationName = "";
+    /** Whether to log the server connection info. */
+    private boolean logServerIP = true;
+    /** Whether to log the application name. */
+    private boolean logAppName = true;
+    /** The application name to log. */
+    private String applicationName = "";
 
-	/** Reference to the associated logname/module name. */
-	private final String logName;
+    /** Reference to the associated logname/module name. */
+    private final String logName;
 
-	/**
-	 * Ctr.
-	 * 
-	 * @param logName Reference to the logName to record as the module information
-	 */
-	public ServerInfoSupplier(String logName) {
-		this.logName = logName;
-	}
+    /**
+     * Ctr.
+     * 
+     * @param logName Reference to the logName to record as the module information
+     */
+    public ServerInfoSupplier(String logName) {
+        this.logName = logName;
+    }
 
-	@Override
-	public String get() {
-		// log server, port, app name, module name -- server:80/app/module
-		StringBuilder appInfo = new StringBuilder();
-		HttpServletRequest request = ESAPI.currentRequest();
-		if (request != null && logServerIP) {
-			appInfo.append(request.getLocalAddr()).append(":").append(request.getLocalPort());
-		}
-		if (logAppName) {
-			appInfo.append("/").append(applicationName);
-		}
-		appInfo.append("/").append(logName);
+    @Override
+    public String get() {
+        // log server, port, app name, module name -- server:80/app/module
+        StringBuilder appInfo = new StringBuilder();
+        HttpServletRequest request = ESAPI.currentRequest();
+        if (request != null && logServerIP) {
+            appInfo.append(request.getLocalAddr()).append(":").append(request.getLocalPort());
+        }
+        if (logAppName) {
+            appInfo.append("/").append(applicationName);
+        }
+        appInfo.append("/").append(logName);
 
-		return appInfo.toString();
-	}
+        return appInfo.toString();
+    }
 
-	/**
-	 * Specify whether the instance should record the server connection info.
-	 * 
-	 * @param log {@code true} to record
-	 */
-	public void setLogServerIp(boolean log) {
-		this.logServerIP = log;
-	}
+    /**
+     * Specify whether the instance should record the server connection info.
+     * 
+     * @param log {@code true} to record
+     */
+    public void setLogServerIp(boolean log) {
+        this.logServerIP = log;
+    }
 
-	/**
-	 * Specify whether the instance should record the application name
-	 * 
-	 * @param log     {@code true} to record
-	 * @param appName String to record as the application name
-	 */
-	public void setLogApplicationName(boolean log, String appName) {
-		this.logAppName = log;
-		this.applicationName = appName;
-	}
+    /**
+     * Specify whether the instance should record the application name
+     * 
+     * @param log     {@code true} to record
+     * @param appName String to record as the application name
+     */
+    public void setLogApplicationName(boolean log, String appName) {
+        this.logAppName = log;
+        this.applicationName = appName;
+    }
 }

From b10a9196373621c83de2d183064718cc29931326 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sat, 21 Dec 2019 08:02:46 -0600
Subject: [PATCH 639/812] Adding License Info

---
 .../esapi/logging/java/JavaLogLevelHandlers.java   | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/src/main/java/org/owasp/esapi/logging/java/JavaLogLevelHandlers.java b/src/main/java/org/owasp/esapi/logging/java/JavaLogLevelHandlers.java
index 1ac832c1f..4b223d176 100644
--- a/src/main/java/org/owasp/esapi/logging/java/JavaLogLevelHandlers.java
+++ b/src/main/java/org/owasp/esapi/logging/java/JavaLogLevelHandlers.java
@@ -1,3 +1,17 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @created 2019
+ */
 package org.owasp.esapi.logging.java;
 
 import java.util.logging.Level;

From 19d8251c9a6dbd92d3e7583bc28616714284acb7 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sat, 21 Dec 2019 08:03:29 -0600
Subject: [PATCH 640/812] Whitespace cleanup

---
 .../logging/java/ESAPIErrorJavaLevel.java     | 31 ++++++------
 .../esapi/logging/java/JavaLogBridge.java     |  2 +-
 .../esapi/logging/java/JavaLogBridgeImpl.java |  8 ++--
 .../esapi/logging/java/JavaLogFactory.java    | 48 +++++++++----------
 .../logging/java/JavaLogLevelHandler.java     |  4 +-
 .../owasp/esapi/logging/java/JavaLogger.java  | 38 +++++++--------
 6 files changed, 65 insertions(+), 66 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/logging/java/ESAPIErrorJavaLevel.java b/src/main/java/org/owasp/esapi/logging/java/ESAPIErrorJavaLevel.java
index 7e24b5d58..7f4c595aa 100644
--- a/src/main/java/org/owasp/esapi/logging/java/ESAPIErrorJavaLevel.java
+++ b/src/main/java/org/owasp/esapi/logging/java/ESAPIErrorJavaLevel.java
@@ -25,20 +25,19 @@ public class ESAPIErrorJavaLevel extends Level {
     protected static final long serialVersionUID = 1L;
 
     /**
-	 * Defines a custom error level below SEVERE but above WARNING since this level isn't defined directly
-	 * by java.util.Logger already.
-	 */
-	public static final Level ERROR_LEVEL = new ESAPIErrorJavaLevel( "ERROR", Level.SEVERE.intValue() - 1);
-	
-	/**
-	 * Constructs an instance of a JavaLoggerLevel which essentially provides a mapping between the name of
-	 * the defined level and its numeric value.
-	 * 
-	 * @param name The name of the JavaLoggerLevel
-	 * @param value The associated numeric value
-	 */
-	private ESAPIErrorJavaLevel(String name, int value) {
-		super(name, value);
-	}
+     * Defines a custom error level below SEVERE but above WARNING since this level isn't defined directly
+     * by java.util.Logger already.
+     */
+    public static final Level ERROR_LEVEL = new ESAPIErrorJavaLevel( "ERROR", Level.SEVERE.intValue() - 1);
+
+    /**
+     * Constructs an instance of a JavaLoggerLevel which essentially provides a mapping between the name of
+     * the defined level and its numeric value.
+     * 
+     * @param name The name of the JavaLoggerLevel
+     * @param value The associated numeric value
+     */
+    private ESAPIErrorJavaLevel(String name, int value) {
+        super(name, value);
+    }
 }
-    
\ No newline at end of file
diff --git a/src/main/java/org/owasp/esapi/logging/java/JavaLogBridge.java b/src/main/java/org/owasp/esapi/logging/java/JavaLogBridge.java
index 3537f6b3c..c085766dc 100644
--- a/src/main/java/org/owasp/esapi/logging/java/JavaLogBridge.java
+++ b/src/main/java/org/owasp/esapi/logging/java/JavaLogBridge.java
@@ -40,5 +40,5 @@ public interface JavaLogBridge {
      * @param throwable ESAPI event Throwable content
      */
     void log(Logger logger, int esapiLevel, EventType type, String message, Throwable throwable) ;
-      
+
 }
diff --git a/src/main/java/org/owasp/esapi/logging/java/JavaLogBridgeImpl.java b/src/main/java/org/owasp/esapi/logging/java/JavaLogBridgeImpl.java
index 6f06c4a1e..df599eaf1 100644
--- a/src/main/java/org/owasp/esapi/logging/java/JavaLogBridgeImpl.java
+++ b/src/main/java/org/owasp/esapi/logging/java/JavaLogBridgeImpl.java
@@ -34,7 +34,7 @@ public class JavaLogBridgeImpl implements JavaLogBridge {
     private final LogScrubber scrubber;
     /** Appender used for assembling default message content for all logs.*/
     private final LogAppender appender;
-    
+
     /**
      * Constructor.
      * @param logScrubber  Log message cleaner.
@@ -53,9 +53,9 @@ public void log(Logger logger, int esapiLevel, EventType type, String message) {
             throw new IllegalArgumentException("Unable to lookup Java level mapping for esapi value of " + esapiLevel);
         }
         if (handler.isEnabled(logger)) {
-        	String fullMessage = appender.appendTo(logger.getName(), type, message);
+            String fullMessage = appender.appendTo(logger.getName(), type, message);
             String cleanString = scrubber.cleanMessage(fullMessage);
-            
+
             handler.log(logger, cleanString);
         }
     }
@@ -66,7 +66,7 @@ public void log(Logger logger, int esapiLevel, EventType type, String message, T
             throw new IllegalArgumentException("Unable to lookup Java level mapping for esapi value of " + esapiLevel);
         }
         if (handler.isEnabled(logger)) {
-        	String fullMessage = appender.appendTo(logger.getName(), type, message);
+            String fullMessage = appender.appendTo(logger.getName(), type, message);
             String cleanString = scrubber.cleanMessage(fullMessage);
 
             handler.log(logger, cleanString, throwable);
diff --git a/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java b/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java
index d5445133b..a83e8c1de 100644
--- a/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java
+++ b/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java
@@ -48,17 +48,17 @@ public class JavaLogFactory implements LogFactory {
     private static LogScrubber JAVA_LOG_SCRUBBER;
     /** Bridge class for mapping esapi -> java log levels.*/
     private static JavaLogBridge LOG_BRIDGE;
-    
+
     static {
         boolean encodeLog = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_ENCODING_REQUIRED);
         JAVA_LOG_SCRUBBER = createLogScrubber(encodeLog);
-        
-    	boolean logClientInfo = true;
-		boolean logApplicationName = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_APPLICATION_NAME);
-		String appName = ESAPI.securityConfiguration().getStringProp(DefaultSecurityConfiguration.APPLICATION_NAME);
-		boolean logServerIp = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_SERVER_IP);
+
+        boolean logClientInfo = true;
+        boolean logApplicationName = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_APPLICATION_NAME);
+        String appName = ESAPI.securityConfiguration().getStringProp(DefaultSecurityConfiguration.APPLICATION_NAME);
+        boolean logServerIp = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_SERVER_IP);
         JAVA_LOG_APPENDER = createLogAppender(logClientInfo, logServerIp, logApplicationName, appName);
-        
+
         Map<Integer, JavaLogLevelHandler> levelLookup = new HashMap<>();
         levelLookup.put(Logger.ALL, JavaLogLevelHandlers.ALL);
         levelLookup.put(Logger.TRACE, JavaLogLevelHandlers.FINEST);
@@ -68,28 +68,28 @@ public class JavaLogFactory implements LogFactory {
         levelLookup.put(Logger.WARNING, JavaLogLevelHandlers.WARNING);
         levelLookup.put(Logger.FATAL, JavaLogLevelHandlers.SEVERE);
         //LEVEL.OFF not used.  If it's off why would we try to log it?
-        
+
         LOG_BRIDGE = new JavaLogBridgeImpl(JAVA_LOG_APPENDER, JAVA_LOG_SCRUBBER, levelLookup);
-        
+
         readLoggerConfiguration(LogManager.getLogManager());
     }
-    
+
     /**
      * Attempts to load the expected property file path into the provided LogManager reference.
      * @param logManager LogManager which is being configured.
      */
     /*package*/ static void readLoggerConfiguration(LogManager logManager) {
-    	/*
+        /*
          * This will load the logging properties file to control the format of the output for Java logs.
          */
         try (InputStream stream = JavaLogFactory.class.getClassLoader().
-        		getResourceAsStream("esapi-java-logging.properties")) {
-        	logManager.readConfiguration(stream);
+                getResourceAsStream("esapi-java-logging.properties")) {
+            logManager.readConfiguration(stream);
         } catch (IOException ioe) {
-        	System.err.print(new IOException("Failed to load esapi-java-logging.properties.", ioe));        	
+            System.err.print(new IOException("Failed to load esapi-java-logging.properties.", ioe));        	
         }
     }
-    
+
     /**
      * Populates the default log scrubber for use in factory-created loggers.
      * @param requiresEncoding {@code true} if encoding is required for log content.
@@ -98,15 +98,15 @@ public class JavaLogFactory implements LogFactory {
     /*package*/ static LogScrubber createLogScrubber(boolean requiresEncoding) {
         List<LogScrubber> messageScrubber = new ArrayList<>();
         messageScrubber.add(new NewlineLogScrubber());
-        
+
         if (requiresEncoding) {
             messageScrubber.add(new CodecLogScrubber(HTML_CODEC, IMMUNE_JAVA_HTML));
         }
-        
+
         return new CompositeLogScrubber(messageScrubber);
-        
+
     }
-    
+
     /**
      * Populates the default log appender for use in factory-created loggers.
      * @param appName 
@@ -117,19 +117,19 @@ public class JavaLogFactory implements LogFactory {
      * @return LogAppender instance.
      */
     /*package*/ static LogAppender createLogAppender(boolean logClientInfo, boolean logServerIp, boolean logApplicationName, String appName) {
-       return new LogPrefixAppender(logClientInfo, logServerIp, logApplicationName, appName);       
+        return new LogPrefixAppender(logClientInfo, logServerIp, logApplicationName, appName);       
     }
-    
-    
+
+
     @Override
     public Logger getLogger(String moduleName) {
-    	java.util.logging.Logger javaLogger = java.util.logging.Logger.getLogger(moduleName); 
+        java.util.logging.Logger javaLogger = java.util.logging.Logger.getLogger(moduleName); 
         return new JavaLogger(javaLogger, LOG_BRIDGE, Logger.ALL);
     }
 
     @Override
     public Logger getLogger(@SuppressWarnings("rawtypes") Class clazz) {
-    	java.util.logging.Logger javaLogger = java.util.logging.Logger.getLogger(clazz.getName());
+        java.util.logging.Logger javaLogger = java.util.logging.Logger.getLogger(clazz.getName());
         return new JavaLogger(javaLogger, LOG_BRIDGE, Logger.ALL);
     }
 
diff --git a/src/main/java/org/owasp/esapi/logging/java/JavaLogLevelHandler.java b/src/main/java/org/owasp/esapi/logging/java/JavaLogLevelHandler.java
index 5dd181e35..ee28a1a4f 100644
--- a/src/main/java/org/owasp/esapi/logging/java/JavaLogLevelHandler.java
+++ b/src/main/java/org/owasp/esapi/logging/java/JavaLogLevelHandler.java
@@ -23,8 +23,8 @@
  * @see JavaLogBridgeImpl
  *
  */
- interface JavaLogLevelHandler {
-     /** Check if the logging level is enabled for the specified logger.*/
+interface JavaLogLevelHandler {
+    /** Check if the logging level is enabled for the specified logger.*/
     boolean isEnabled(Logger logger);
     /**
      * Calls the appropriate log level event on the specified logger.
diff --git a/src/main/java/org/owasp/esapi/logging/java/JavaLogger.java b/src/main/java/org/owasp/esapi/logging/java/JavaLogger.java
index db41a5970..889d5f0bb 100644
--- a/src/main/java/org/owasp/esapi/logging/java/JavaLogger.java
+++ b/src/main/java/org/owasp/esapi/logging/java/JavaLogger.java
@@ -25,7 +25,7 @@ public class JavaLogger implements org.owasp.esapi.Logger {
     private final JavaLogBridge logBridge;
     /** Maximum log level that will be forwarded to Java from the ESAPI context.*/
     private int maxLogLevel;
-    
+
     /**
      * Constructs a new instance. 
      * @param JavaLogger Delegate Java logger.
@@ -37,25 +37,25 @@ public JavaLogger(java.util.logging.Logger JavaLogger, JavaLogBridge bridge, int
         this.logBridge = bridge;
         maxLogLevel = defaultEsapiLevel;
     }
-    
+
     private void log(int esapiLevel, EventType type, String message) {
         if (isEnabled(esapiLevel)) {
             logBridge.log(delegate, esapiLevel, type, message);
         }
     }
-    
+
     private void log(int esapiLevel, EventType type, String message, Throwable throwable) {
         if (isEnabled(esapiLevel)) {
             logBridge.log(delegate, esapiLevel, type, message, throwable);
         }
     }
-    
+
 
     private boolean isEnabled(int esapiLevel) {
         //Are Logger.OFF and Logger.ALL reversed?  This should be simply the less than or equal to check...
         return (esapiLevel <= maxLogLevel && maxLogLevel != Logger.OFF) || maxLogLevel == Logger.ALL;
     }
-    
+
     @Override
     public void always(EventType type, String message) {
         log (Logger.ALL, type, message);
@@ -70,7 +70,7 @@ public void always(EventType type, String message, Throwable throwable) {
     public void trace(EventType type, String message) {
         log (Logger.TRACE, type, message);
     }
-    
+
     @Override
     public void trace(EventType type, String message, Throwable throwable) {
         log (Logger.TRACE, type, message, throwable);
@@ -85,22 +85,22 @@ public void debug(EventType type, String message) {
     public void debug(EventType type, String message, Throwable throwable) {
         log (Logger.DEBUG, type, message, throwable);
     }
-    
+
     @Override
     public void info(EventType type, String message) {
         log (Logger.INFO, type, message);
     }
-    
+
     @Override
     public void info(EventType type, String message, Throwable throwable) {
         log (Logger.INFO, type, message, throwable);
     }
-    
+
     @Override
     public void warning(EventType type, String message) {
         log (Logger.WARNING, type, message);
     }
-    
+
     @Override
     public void warning(EventType type, String message, Throwable throwable) {
         log (Logger.WARNING, type, message, throwable);
@@ -125,17 +125,17 @@ public void fatal(EventType type, String message) {
     public void fatal(EventType type, String message, Throwable throwable) {
         log (Logger.FATAL, type, message, throwable);
     }
-    
+
     @Override
     public int getESAPILevel() {
         return maxLogLevel;
     }
-    
+
     @Override
     public boolean isTraceEnabled() {
         return isEnabled(Logger.TRACE);
     }
-    
+
     @Override
     public boolean isDebugEnabled() {
         return isEnabled(Logger.DEBUG);
@@ -148,21 +148,21 @@ public boolean isInfoEnabled() {
     public boolean isWarningEnabled() {
         return isEnabled(Logger.WARNING);
     }
-    
+
     @Override
     public boolean isErrorEnabled() {
         return isEnabled(Logger.ERROR);
     }
-    
+
     @Override
     public boolean isFatalEnabled() {
-       return isEnabled(Logger.FATAL);
+        return isEnabled(Logger.FATAL);
     }
-    
+
 
     @Override
     public void setLevel(int level) {
-       maxLogLevel = level;
+        maxLogLevel = level;
     }
-    
+
 }

From 55f5002624a82178073bdd2fe30974dbe3b68203 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sat, 21 Dec 2019 08:04:32 -0600
Subject: [PATCH 641/812] Whitespace cleanup

---
 .../esapi/logging/log4j/Log4JLogBridge.java   |  2 +-
 .../logging/log4j/Log4JLogBridgeImpl.java     |  8 +-
 .../esapi/logging/log4j/Log4JLogFactory.java  | 38 ++++-----
 .../logging/log4j/Log4JLogLevelHandler.java   |  4 +-
 .../logging/log4j/Log4JLogLevelHandlers.java  | 56 ++++++-------
 .../esapi/logging/log4j/Log4JLogger.java      | 38 ++++-----
 .../logging/log4j/Log4JLoggerFactory.java     | 80 +++++++++----------
 7 files changed, 113 insertions(+), 113 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogBridge.java b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogBridge.java
index 70234cec2..b89acb81e 100644
--- a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogBridge.java
+++ b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogBridge.java
@@ -39,5 +39,5 @@ public interface Log4JLogBridge {
      * @param throwable ESAPI event Throwable content
      */
     void log(Logger logger, int esapiLevel, EventType type, String message, Throwable throwable) ;
-      
+
 }
diff --git a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogBridgeImpl.java b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogBridgeImpl.java
index f52610396..58be15beb 100644
--- a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogBridgeImpl.java
+++ b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogBridgeImpl.java
@@ -35,7 +35,7 @@ public class Log4JLogBridgeImpl implements Log4JLogBridge {
     private final LogScrubber scrubber;
     /** Appender used for assembling default message content for all logs.*/
     private final LogAppender appender;
-    
+
     /**
      * Constructor.
      * @param logScrubber  Log message cleaner.
@@ -54,9 +54,9 @@ public void log(Logger logger, int esapiLevel, EventType type, String message) {
             throw new IllegalArgumentException("Unable to lookup LOG4J level mapping for esapi value of " + esapiLevel);
         }
         if (handler.isEnabled(logger)) {
-        	String fullMessage = appender.appendTo(logger.getName(), type, message);
+            String fullMessage = appender.appendTo(logger.getName(), type, message);
             String cleanString = scrubber.cleanMessage(fullMessage);
-            
+
             handler.log(logger, cleanString);
         }
     }
@@ -67,7 +67,7 @@ public void log(Logger logger, int esapiLevel, EventType type, String message, T
             throw new IllegalArgumentException("Unable to lookup LOG4J level mapping for esapi value of " + esapiLevel);
         }
         if (handler.isEnabled(logger)) {
-        	String fullMessage = appender.appendTo(logger.getName(), type, message);
+            String fullMessage = appender.appendTo(logger.getName(), type, message);
             String cleanString = scrubber.cleanMessage(fullMessage);
 
             handler.log(logger, cleanString, throwable);
diff --git a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogFactory.java b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogFactory.java
index 7d7fccc07..fcf42f350 100644
--- a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogFactory.java
+++ b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogFactory.java
@@ -36,7 +36,7 @@
  */
 @Deprecated
 public class Log4JLogFactory implements LogFactory {
-	 /** Immune characters for the codec log scrubber for JAVA context.*/
+    /** Immune characters for the codec log scrubber for JAVA context.*/
     private static final char[] IMMUNE_LOG4J_HTML = {',', '.', '-', '_', ' ' };
     /** Codec being used to clean messages for logging.*/
     private static final HTMLEntityCodec HTML_CODEC = new HTMLEntityCodec();
@@ -46,17 +46,17 @@ public class Log4JLogFactory implements LogFactory {
     private static LogScrubber Log4J_LOG_SCRUBBER;
     /** Bridge class for mapping esapi -> log4j log levels.*/
     private static Log4JLogBridge LOG_BRIDGE;
-    
+
     static {
         boolean encodeLog = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_ENCODING_REQUIRED);
         Log4J_LOG_SCRUBBER = createLogScrubber(encodeLog);
-        
-    	boolean logClientInfo = true;
-		boolean logApplicationName = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_APPLICATION_NAME);
-		String appName = ESAPI.securityConfiguration().getStringProp(DefaultSecurityConfiguration.APPLICATION_NAME);
-		boolean logServerIp = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_SERVER_IP);
+
+        boolean logClientInfo = true;
+        boolean logApplicationName = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_APPLICATION_NAME);
+        String appName = ESAPI.securityConfiguration().getStringProp(DefaultSecurityConfiguration.APPLICATION_NAME);
+        boolean logServerIp = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_SERVER_IP);
         Log4J_LOG_APPENDER = createLogAppender(logClientInfo, logServerIp, logApplicationName, appName);
-        
+
         Map<Integer, Log4JLogLevelHandler> levelLookup = new HashMap<>();
         levelLookup.put(Logger.ALL, Log4JLogLevelHandlers.TRACE);
         levelLookup.put(Logger.TRACE, Log4JLogLevelHandlers.TRACE);
@@ -66,10 +66,10 @@ public class Log4JLogFactory implements LogFactory {
         levelLookup.put(Logger.WARNING, Log4JLogLevelHandlers.WARN);
         levelLookup.put(Logger.FATAL, Log4JLogLevelHandlers.FATAL);
         //LEVEL.OFF not used.  If it's off why would we try to log it?
-        
+
         LOG_BRIDGE = new Log4JLogBridgeImpl(Log4J_LOG_APPENDER, Log4J_LOG_SCRUBBER, levelLookup);
     }
-    
+
     /**
      * Populates the default log scrubber for use in factory-created loggers.
      * @param requiresEncoding {@code true} if encoding is required for log content.
@@ -78,15 +78,15 @@ public class Log4JLogFactory implements LogFactory {
     /*package*/ static LogScrubber createLogScrubber(boolean requiresEncoding) {
         List<LogScrubber> messageScrubber = new ArrayList<>();
         messageScrubber.add(new NewlineLogScrubber());
-        
+
         if (requiresEncoding) {
             messageScrubber.add(new CodecLogScrubber(HTML_CODEC, IMMUNE_LOG4J_HTML));
         }
-        
+
         return new CompositeLogScrubber(messageScrubber);
-        
+
     }
-    
+
     /**
      * Populates the default log appender for use in factory-created loggers.
      * @param appName 
@@ -97,19 +97,19 @@ public class Log4JLogFactory implements LogFactory {
      * @return LogAppender instance.
      */
     /*package*/ static LogAppender createLogAppender(boolean logClientInfo, boolean logServerIp, boolean logApplicationName, String appName) {
-       return new LogPrefixAppender(logClientInfo, logServerIp, logApplicationName, appName);       
+        return new LogPrefixAppender(logClientInfo, logServerIp, logApplicationName, appName);       
     }
-    
-    
+
+
     @Override
     public Logger getLogger(String moduleName) {
-    	org.apache.log4j.Logger log4JLogger = org.apache.log4j.Logger.getLogger(moduleName);
+        org.apache.log4j.Logger log4JLogger = org.apache.log4j.Logger.getLogger(moduleName);
         return new Log4JLogger(log4JLogger, LOG_BRIDGE, Logger.ALL);
     }
 
     @Override
     public Logger getLogger(@SuppressWarnings("rawtypes") Class clazz) {
-    	org.apache.log4j.Logger log4JLogger = org.apache.log4j.Logger.getLogger(clazz);
+        org.apache.log4j.Logger log4JLogger = org.apache.log4j.Logger.getLogger(clazz);
         return new Log4JLogger(log4JLogger, LOG_BRIDGE, Logger.ALL);
     }
 
diff --git a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogLevelHandler.java b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogLevelHandler.java
index fe2a7a28c..7b6b57ee9 100644
--- a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogLevelHandler.java
+++ b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogLevelHandler.java
@@ -24,8 +24,8 @@
  *
  */
 @Deprecated
- interface Log4JLogLevelHandler {
-     /** Check if the logging level is enabled for the specified logger.*/
+interface Log4JLogLevelHandler {
+    /** Check if the logging level is enabled for the specified logger.*/
     boolean isEnabled(Logger logger);
     /**
      * Calls the appropriate log level event on the specified logger.
diff --git a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogLevelHandlers.java b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogLevelHandlers.java
index 7cbea76e9..e6ee6a48c 100644
--- a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogLevelHandlers.java
+++ b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogLevelHandlers.java
@@ -25,32 +25,32 @@
  */
 @Deprecated
 public enum Log4JLogLevelHandlers implements Log4JLogLevelHandler {
-	FATAL(Level.FATAL),
-	ERROR(Level.ERROR),
-	WARN(Level.WARN),
-	INFO(Level.INFO),
-	DEBUG(Level.DEBUG),
-	TRACE(Level.TRACE),
-	ALL(Level.ALL);
-
-	private final Level level;
-	
-	private Log4JLogLevelHandlers(Level lvl) {
-		this.level = lvl;
-	}
-	
-	@Override
-	public boolean isEnabled(Logger logger) {
-		return logger.isEnabledFor(level);
-	}
-
-	@Override
-	public void log(Logger logger, String msg) {
-		logger.log(level, msg);
-	}
-
-	@Override
-	public void log(Logger logger, String msg, Throwable th) {
-		logger.log(level, msg, th);
-	}    
+    FATAL(Level.FATAL),
+    ERROR(Level.ERROR),
+    WARN(Level.WARN),
+    INFO(Level.INFO),
+    DEBUG(Level.DEBUG),
+    TRACE(Level.TRACE),
+    ALL(Level.ALL);
+
+    private final Level level;
+
+    private Log4JLogLevelHandlers(Level lvl) {
+        this.level = lvl;
+    }
+
+    @Override
+    public boolean isEnabled(Logger logger) {
+        return logger.isEnabledFor(level);
+    }
+
+    @Override
+    public void log(Logger logger, String msg) {
+        logger.log(level, msg);
+    }
+
+    @Override
+    public void log(Logger logger, String msg, Throwable th) {
+        logger.log(level, msg, th);
+    }    
 }
diff --git a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogger.java b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogger.java
index cca51d73e..b24a7448c 100644
--- a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogger.java
+++ b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogger.java
@@ -26,7 +26,7 @@ public class Log4JLogger implements org.owasp.esapi.Logger {
     private final Log4JLogBridge logBridge;
     /** Maximum log level that will be forwarded to SLF4J from the ESAPI context.*/
     private int maxLogLevel;
-    
+
     /**
      * Constructs a new instance. 
      * @param slf4JLogger Delegate SLF4J logger.
@@ -38,25 +38,25 @@ public Log4JLogger(org.apache.log4j.Logger slf4JLogger, Log4JLogBridge bridge, i
         this.logBridge = bridge;
         maxLogLevel = defaultEsapiLevel;
     }
-    
+
     private void log(int esapiLevel, EventType type, String message) {
         if (isEnabled(esapiLevel)) {
             logBridge.log(delegate, esapiLevel, type, message);
         }
     }
-    
+
     private void log(int esapiLevel, EventType type, String message, Throwable throwable) {
         if (isEnabled(esapiLevel)) {
             logBridge.log(delegate, esapiLevel, type, message, throwable);
         }
     }
-    
+
 
     private boolean isEnabled(int esapiLevel) {
         //Are Logger.OFF and Logger.ALL reversed?  This should be simply the less than or equal to check...
         return (esapiLevel <= maxLogLevel && maxLogLevel != Logger.OFF) || maxLogLevel == Logger.ALL;
     }
-    
+
     @Override
     public void always(EventType type, String message) {
         log (Logger.ALL, type, message);
@@ -71,7 +71,7 @@ public void always(EventType type, String message, Throwable throwable) {
     public void trace(EventType type, String message) {
         log (Logger.TRACE, type, message);
     }
-    
+
     @Override
     public void trace(EventType type, String message, Throwable throwable) {
         log (Logger.TRACE, type, message, throwable);
@@ -86,22 +86,22 @@ public void debug(EventType type, String message) {
     public void debug(EventType type, String message, Throwable throwable) {
         log (Logger.DEBUG, type, message, throwable);
     }
-    
+
     @Override
     public void info(EventType type, String message) {
         log (Logger.INFO, type, message);
     }
-    
+
     @Override
     public void info(EventType type, String message, Throwable throwable) {
         log (Logger.INFO, type, message, throwable);
     }
-    
+
     @Override
     public void warning(EventType type, String message) {
         log (Logger.WARNING, type, message);
     }
-    
+
     @Override
     public void warning(EventType type, String message, Throwable throwable) {
         log (Logger.WARNING, type, message, throwable);
@@ -126,17 +126,17 @@ public void fatal(EventType type, String message) {
     public void fatal(EventType type, String message, Throwable throwable) {
         log (Logger.FATAL, type, message, throwable);
     }
-    
+
     @Override
     public int getESAPILevel() {
         return maxLogLevel;
     }
-    
+
     @Override
     public boolean isTraceEnabled() {
         return isEnabled(Logger.TRACE);
     }
-    
+
     @Override
     public boolean isDebugEnabled() {
         return isEnabled(Logger.DEBUG);
@@ -149,21 +149,21 @@ public boolean isInfoEnabled() {
     public boolean isWarningEnabled() {
         return isEnabled(Logger.WARNING);
     }
-    
+
     @Override
     public boolean isErrorEnabled() {
         return isEnabled(Logger.ERROR);
     }
-    
+
     @Override
     public boolean isFatalEnabled() {
-       return isEnabled(Logger.FATAL);
+        return isEnabled(Logger.FATAL);
     }
-    
+
 
     @Override
     public void setLevel(int level) {
-       maxLogLevel = level;
+        maxLogLevel = level;
     }
-    
+
 }
diff --git a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLoggerFactory.java b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLoggerFactory.java
index 0d0595ef9..5123e20b5 100644
--- a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLoggerFactory.java
+++ b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLoggerFactory.java
@@ -31,53 +31,53 @@
  */
 @Deprecated
 public class Log4JLoggerFactory implements LoggerFactory {
-	 /** Log appender instance.*/
+    /** Log appender instance.*/
     private static LogAppender LOG4J_LOG_APPENDER;
     /** Log cleaner instance.*/
     private static LogScrubber LOG4J_LOG_SCRUBBER;
-    
+
     static {
         boolean encodeLog = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_ENCODING_REQUIRED);
         LOG4J_LOG_SCRUBBER = Log4JLogFactory.createLogScrubber(encodeLog);
-        
-    	boolean logClientInfo = true;
-		boolean logApplicationName = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_APPLICATION_NAME);
-		String appName = ESAPI.securityConfiguration().getStringProp(DefaultSecurityConfiguration.APPLICATION_NAME);
-		boolean logServerIp = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_SERVER_IP);
-		LOG4J_LOG_APPENDER = Log4JLogFactory.createLogAppender(logClientInfo, logServerIp, logApplicationName, appName);
+
+        boolean logClientInfo = true;
+        boolean logApplicationName = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_APPLICATION_NAME);
+        String appName = ESAPI.securityConfiguration().getStringProp(DefaultSecurityConfiguration.APPLICATION_NAME);
+        boolean logServerIp = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_SERVER_IP);
+        LOG4J_LOG_APPENDER = Log4JLogFactory.createLogAppender(logClientInfo, logServerIp, logApplicationName, appName);
+    }
+
+    /**
+     * This constructor must be public so it can be accessed from within log4j
+     */
+    public Log4JLoggerFactory() {}
+
+    /**
+     * Overridden to return instances of org.owasp.esapi.reference.Log4JLogger.
+     * 
+     * @param name The class name to return a logger for.
+     * @return org.owasp.esapi.reference.Log4JLogger
+     */
+    public org.apache.log4j.Logger makeNewLoggerInstance(String name) {		
+        return new EsapiLog4JWrapper(name);
     }
-    
-	/**
-	 * This constructor must be public so it can be accessed from within log4j
-	 */
-	public Log4JLoggerFactory() {}
 
-	/**
-	 * Overridden to return instances of org.owasp.esapi.reference.Log4JLogger.
-	 * 
-	 * @param name The class name to return a logger for.
-	 * @return org.owasp.esapi.reference.Log4JLogger
-	 */
-	public org.apache.log4j.Logger makeNewLoggerInstance(String name) {		
-		return new EsapiLog4JWrapper(name);
-	}
-	
-	
-	public static class EsapiLog4JWrapper extends org.apache.log4j.Logger {
 
-		protected EsapiLog4JWrapper(String name) {
-			super(name);			
-		}
-		
-		@Override
-		protected void forcedLog(String fqcn, Priority level, Object message, Throwable t) {
-			String toClean = message.toString();
-			
-			String fullMessage = LOG4J_LOG_APPENDER.appendTo(getName(), null, toClean);
-			String cleanMsg = LOG4J_LOG_SCRUBBER.cleanMessage(fullMessage);
-			
-			super.forcedLog(fqcn, level, cleanMsg, t);
-		}
-		
-	}
+    public static class EsapiLog4JWrapper extends org.apache.log4j.Logger {
+
+        protected EsapiLog4JWrapper(String name) {
+            super(name);			
+        }
+
+        @Override
+        protected void forcedLog(String fqcn, Priority level, Object message, Throwable t) {
+            String toClean = message.toString();
+
+            String fullMessage = LOG4J_LOG_APPENDER.appendTo(getName(), null, toClean);
+            String cleanMsg = LOG4J_LOG_SCRUBBER.cleanMessage(fullMessage);
+
+            super.forcedLog(fqcn, level, cleanMsg, t);
+        }
+
+    }
 }

From 38af35bb2d99bd40ff9d128077fa8e2faddeb1a1 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sat, 21 Dec 2019 08:05:41 -0600
Subject: [PATCH 642/812] Whitespace cleanup

---
 .../logging/java/JavaLogBridgeImplTest.java   |  26 ++--
 .../logging/java/JavaLogFactoryTest.java      | 136 +++++++++---------
 .../java/JavaLogLevelHandlersTest.java        |  10 +-
 .../esapi/logging/java/JavaLoggerTest.java    |  92 ++++++------
 4 files changed, 132 insertions(+), 132 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/logging/java/JavaLogBridgeImplTest.java b/src/test/java/org/owasp/esapi/logging/java/JavaLogBridgeImplTest.java
index 05fdeb858..3b7e4ebc5 100644
--- a/src/test/java/org/owasp/esapi/logging/java/JavaLogBridgeImplTest.java
+++ b/src/test/java/org/owasp/esapi/logging/java/JavaLogBridgeImplTest.java
@@ -48,7 +48,7 @@ public class JavaLogBridgeImplTest {
     public void setup() {
         Map<Integer, JavaLogLevelHandler> levelLookup = new HashMap<>();
         levelLookup.put(Logger.ALL, mockHandler);
-        
+
         java.util.logging.Logger wrappedLogger = java.util.logging.Logger.getLogger(testName.getMethodName());
         javaLogSpy = Mockito.spy(wrappedLogger);
         bridge = new JavaLogBridgeImpl(mockAppender, mockScrubber, levelLookup);
@@ -61,7 +61,7 @@ public void testLogMessageWithUnmappedEsapiLevelThrowsException() {
         Map<Integer, JavaLogLevelHandler> emptyMap = Collections.emptyMap();
         new JavaLogBridgeImpl(mockAppender, mockScrubber, emptyMap).log(javaLogSpy, 0, Logger.EVENT_UNSPECIFIED, "This Should fail");
     }
-    
+
     @Test
     public void testLogMessageAndExceptionWithUnmappedEsapiLevelThrowsException() {
         exEx.expect(IllegalArgumentException.class);
@@ -69,13 +69,13 @@ public void testLogMessageAndExceptionWithUnmappedEsapiLevelThrowsException() {
         Map<Integer, JavaLogLevelHandler> emptyMap = Collections.emptyMap();
         new JavaLogBridgeImpl(mockAppender, mockScrubber, emptyMap).log(javaLogSpy, 0, Logger.EVENT_UNSPECIFIED, "This Should fail", testEx);
     }
-    
+
     @Test
     public void testLogMessage() {
-    	EventType eventType = Logger.EVENT_UNSPECIFIED;
-    	String loggerName = testName.getMethodName() + "-LOGGER";
-    	String orignMsg = testName.getMethodName();
-    	String appendMsg = "[APPEND] " + orignMsg;
+        EventType eventType = Logger.EVENT_UNSPECIFIED;
+        String loggerName = testName.getMethodName() + "-LOGGER";
+        String orignMsg = testName.getMethodName();
+        String appendMsg = "[APPEND] " + orignMsg;
         String cleanMsg = appendMsg + " [CLEANED]";
 
         //Setup for Appender
@@ -94,16 +94,16 @@ public void testLogMessage() {
         Mockito.verify(mockHandler, Mockito.times(1)).isEnabled(javaLogSpy);
         Mockito.verify(mockHandler, Mockito.times(0)).log(ArgumentMatchers.any(java.util.logging.Logger.class), ArgumentMatchers.any(String.class), ArgumentMatchers.any(Throwable.class));
         Mockito.verify(mockHandler, Mockito.times(1)).log(ArgumentMatchers.same(javaLogSpy), ArgumentMatchers.eq(cleanMsg));
-     
+
         Mockito.verifyNoMoreInteractions(javaLogSpy, mockAppender, mockScrubber,mockHandler);
     }
 
     @Test
     public void testLogErrorMessageWithException() {
-    	EventType eventType = Logger.EVENT_UNSPECIFIED;
-    	String loggerName = testName.getMethodName() + "-LOGGER";
-    	String orignMsg = testName.getMethodName();
-    	String appendMsg = "[APPEND] " + orignMsg;
+        EventType eventType = Logger.EVENT_UNSPECIFIED;
+        String loggerName = testName.getMethodName() + "-LOGGER";
+        String orignMsg = testName.getMethodName();
+        String appendMsg = "[APPEND] " + orignMsg;
         String cleanMsg = appendMsg + " [CLEANED]";
 
         //Setup for Appender
@@ -123,7 +123,7 @@ public void testLogErrorMessageWithException() {
         Mockito.verify(mockHandler, Mockito.times(0)).log(ArgumentMatchers.any(java.util.logging.Logger.class), ArgumentMatchers.any(String.class));
 
         Mockito.verify(mockHandler, Mockito.times(1)).log(ArgumentMatchers.same(javaLogSpy), ArgumentMatchers.eq(cleanMsg), ArgumentMatchers.same(testEx));
-     
+
         Mockito.verifyNoMoreInteractions(javaLogSpy, mockAppender, mockScrubber,mockHandler);
     }
 
diff --git a/src/test/java/org/owasp/esapi/logging/java/JavaLogFactoryTest.java b/src/test/java/org/owasp/esapi/logging/java/JavaLogFactoryTest.java
index 6ed916be1..52e38b566 100644
--- a/src/test/java/org/owasp/esapi/logging/java/JavaLogFactoryTest.java
+++ b/src/test/java/org/owasp/esapi/logging/java/JavaLogFactoryTest.java
@@ -45,109 +45,109 @@
 @RunWith(PowerMockRunner.class)
 @PrepareForTest (JavaLogFactory.class)
 public class JavaLogFactoryTest {
-	@Rule
+    @Rule
     public TestName testName = new TestName();
 
-	@Test
-	public void testIOExceptionOnMissingConfiguration() throws Exception {
-		final IOException originException = new IOException(testName.getMethodName());
-
-		LogManager testLogManager = new LogManager() {
-			@Override
-			public void readConfiguration(InputStream ins) throws IOException, SecurityException {
-				throw originException;
-			}
-		};
-
-		OutputStream nullOutputStream = new OutputStream() {
-			@Override
-			public void write(int b) throws IOException {
-				//No Op
-			}
-		};
-		
-		ArgumentCaptor<Object> stdErrOut = ArgumentCaptor.forClass(Object.class);
-		PrintStream orig = System.err;
-		try (PrintStream errPrinter = new PrintStream(nullOutputStream)) {
-			PrintStream spyPrinter = PowerMockito.spy(errPrinter);
-			Mockito.doCallRealMethod().when(spyPrinter).print(stdErrOut.capture());
-			System.setErr(spyPrinter);
-
-			JavaLogFactory.readLoggerConfiguration(testLogManager);
-
-			Object writeData = stdErrOut.getValue();
-			assertTrue(writeData instanceof IOException);
-			IOException actual = (IOException) writeData;
-			assertEquals(originException, actual.getCause());
-			assertEquals("Failed to load esapi-java-logging.properties.", actual.getMessage());
-		} finally {
-			System.setErr(orig);
-		}
-		
-	}
+    @Test
+    public void testIOExceptionOnMissingConfiguration() throws Exception {
+        final IOException originException = new IOException(testName.getMethodName());
+
+        LogManager testLogManager = new LogManager() {
+            @Override
+            public void readConfiguration(InputStream ins) throws IOException, SecurityException {
+                throw originException;
+            }
+        };
+
+        OutputStream nullOutputStream = new OutputStream() {
+            @Override
+            public void write(int b) throws IOException {
+                //No Op
+            }
+        };
+
+        ArgumentCaptor<Object> stdErrOut = ArgumentCaptor.forClass(Object.class);
+        PrintStream orig = System.err;
+        try (PrintStream errPrinter = new PrintStream(nullOutputStream)) {
+            PrintStream spyPrinter = PowerMockito.spy(errPrinter);
+            Mockito.doCallRealMethod().when(spyPrinter).print(stdErrOut.capture());
+            System.setErr(spyPrinter);
+
+            JavaLogFactory.readLoggerConfiguration(testLogManager);
+
+            Object writeData = stdErrOut.getValue();
+            assertTrue(writeData instanceof IOException);
+            IOException actual = (IOException) writeData;
+            assertEquals(originException, actual.getCause());
+            assertEquals("Failed to load esapi-java-logging.properties.", actual.getMessage());
+        } finally {
+            System.setErr(orig);
+        }
+
+    }
 
     @Test
     public void testCreateLoggerByString() {
         Logger logger = new JavaLogFactory().getLogger("test");
         Assert.assertTrue(logger instanceof JavaLogger);
     }
-    
+
     @Test public void testCreateLoggerByClass() {
         Logger logger = new JavaLogFactory().getLogger(JavaLogBridgeImplTest.class);
         Assert.assertTrue(logger instanceof JavaLogger);
     }
-    
+
     @Test
     public void checkScrubberWithEncoding() throws Exception {
         ArgumentCaptor<List> delegates = ArgumentCaptor.forClass(List.class);
         PowerMockito.whenNew(CompositeLogScrubber.class).withArguments(delegates.capture()).thenReturn(null);
-        
+
         //Call to invoke the constructor capture
         JavaLogFactory.createLogScrubber(true);
-        
+
         List<LogScrubber> scrubbers = delegates.getValue();
         Assert.assertEquals(2, scrubbers.size());
         Assert.assertTrue(scrubbers.get(0) instanceof NewlineLogScrubber);
         Assert.assertTrue(scrubbers.get(1) instanceof CodecLogScrubber);
     }
-    
+
     @Test
     public void checkScrubberWithoutEncoding() throws Exception {
         ArgumentCaptor<List> delegates = ArgumentCaptor.forClass(List.class);
         PowerMockito.whenNew(CompositeLogScrubber.class).withArguments(delegates.capture()).thenReturn(null);
-        
+
         //Call to invoke the constructor capture
         JavaLogFactory.createLogScrubber(false);
-        
+
         List<LogScrubber> scrubbers = delegates.getValue();
         Assert.assertEquals(1, scrubbers.size());
         Assert.assertTrue(scrubbers.get(0) instanceof NewlineLogScrubber);
     }
-    
+
     /**
-	 * At this time there are no special considerations or handling for the appender
-	 * creation in this scope. It is expected that the arguments to the internal
-	 * creation method are passed directly to the constructor of the
-	 * LogPrefixAppender with no mutation or additional validation.
-	 */
+     * At this time there are no special considerations or handling for the appender
+     * creation in this scope. It is expected that the arguments to the internal
+     * creation method are passed directly to the constructor of the
+     * LogPrefixAppender with no mutation or additional validation.
+     */
     @Test
     public void checkPassthroughAppenderConstruct() throws Exception {
-    	LogPrefixAppender stubAppender = new LogPrefixAppender(true, true, true, "");
-    	ArgumentCaptor<Boolean> clientInfoCapture = ArgumentCaptor.forClass(Boolean.class);
-    	ArgumentCaptor<Boolean> serverInfoCapture = ArgumentCaptor.forClass(Boolean.class);
-    	ArgumentCaptor<Boolean> logAppNameCapture = ArgumentCaptor.forClass(Boolean.class);
-    	ArgumentCaptor<String> appNameCapture = ArgumentCaptor.forClass(String.class);
-    	
-    	PowerMockito.whenNew(LogPrefixAppender.class).withArguments(clientInfoCapture.capture(), serverInfoCapture.capture(), logAppNameCapture.capture(), appNameCapture.capture()).thenReturn(stubAppender);
-    	
-    	LogAppender appender = JavaLogFactory.createLogAppender(true, false, true, testName.getMethodName());
-    	
-    	Assert.assertEquals(stubAppender, appender);
-    	Assert.assertTrue(clientInfoCapture.getValue());
-    	Assert.assertFalse(serverInfoCapture.getValue());
-    	Assert.assertTrue(logAppNameCapture.getValue());
-    	Assert.assertEquals(testName.getMethodName(), appNameCapture.getValue());    	
+        LogPrefixAppender stubAppender = new LogPrefixAppender(true, true, true, "");
+        ArgumentCaptor<Boolean> clientInfoCapture = ArgumentCaptor.forClass(Boolean.class);
+        ArgumentCaptor<Boolean> serverInfoCapture = ArgumentCaptor.forClass(Boolean.class);
+        ArgumentCaptor<Boolean> logAppNameCapture = ArgumentCaptor.forClass(Boolean.class);
+        ArgumentCaptor<String> appNameCapture = ArgumentCaptor.forClass(String.class);
+
+        PowerMockito.whenNew(LogPrefixAppender.class).withArguments(clientInfoCapture.capture(), serverInfoCapture.capture(), logAppNameCapture.capture(), appNameCapture.capture()).thenReturn(stubAppender);
+
+        LogAppender appender = JavaLogFactory.createLogAppender(true, false, true, testName.getMethodName());
+
+        Assert.assertEquals(stubAppender, appender);
+        Assert.assertTrue(clientInfoCapture.getValue());
+        Assert.assertFalse(serverInfoCapture.getValue());
+        Assert.assertTrue(logAppNameCapture.getValue());
+        Assert.assertEquals(testName.getMethodName(), appNameCapture.getValue());    	
     }
-    
-   
+
+
 }
diff --git a/src/test/java/org/owasp/esapi/logging/java/JavaLogLevelHandlersTest.java b/src/test/java/org/owasp/esapi/logging/java/JavaLogLevelHandlersTest.java
index 279e51faa..a5a7c201f 100644
--- a/src/test/java/org/owasp/esapi/logging/java/JavaLogLevelHandlersTest.java
+++ b/src/test/java/org/owasp/esapi/logging/java/JavaLogLevelHandlersTest.java
@@ -37,7 +37,7 @@ public void testErrorDelegation() {
         JavaLogLevelHandlers.ERROR.log(mockLogger, testName.getMethodName(), testException);
 
         Level expectedJavaLevel = ESAPIErrorJavaLevel.ERROR_LEVEL;
-        
+
         Mockito.verify(mockLogger, Mockito.times(1)).isLoggable(expectedJavaLevel);
         Mockito.verify(mockLogger, Mockito.times(1)).log(expectedJavaLevel, testName.getMethodName());
         Mockito.verify(mockLogger, Mockito.times(1)).log(expectedJavaLevel, testName.getMethodName(), testException);
@@ -51,7 +51,7 @@ public void testWarnDelegation() {
         JavaLogLevelHandlers.WARNING.log(mockLogger, testName.getMethodName(), testException);
 
         Level expectedJavaLevel = Level.WARNING;
-        
+
         Mockito.verify(mockLogger, Mockito.times(1)).isLoggable(expectedJavaLevel);
         Mockito.verify(mockLogger, Mockito.times(1)).log(expectedJavaLevel, testName.getMethodName());
         Mockito.verify(mockLogger, Mockito.times(1)).log(expectedJavaLevel, testName.getMethodName(), testException);
@@ -64,7 +64,7 @@ public void testInfoDelegation() {
         JavaLogLevelHandlers.INFO.log(mockLogger, testName.getMethodName(), testException);
 
         Level expectedJavaLevel = Level.INFO;
-        
+
         Mockito.verify(mockLogger, Mockito.times(1)).isLoggable(expectedJavaLevel);
         Mockito.verify(mockLogger, Mockito.times(1)).log(expectedJavaLevel, testName.getMethodName());
         Mockito.verify(mockLogger, Mockito.times(1)).log(expectedJavaLevel, testName.getMethodName(), testException);
@@ -78,7 +78,7 @@ public void testDebugDelegation() {
         JavaLogLevelHandlers.FINE.log(mockLogger, testName.getMethodName(), testException);
 
         Level expectedJavaLevel = Level.FINE;
-        
+
         Mockito.verify(mockLogger, Mockito.times(1)).isLoggable(expectedJavaLevel);
         Mockito.verify(mockLogger, Mockito.times(1)).log(expectedJavaLevel, testName.getMethodName());
         Mockito.verify(mockLogger, Mockito.times(1)).log(expectedJavaLevel, testName.getMethodName(), testException);
@@ -92,7 +92,7 @@ public void testTraceDelegation() {
         JavaLogLevelHandlers.FINEST.log(mockLogger, testName.getMethodName(), testException);
 
         Level expectedJavaLevel = Level.FINEST;
-        
+
         Mockito.verify(mockLogger, Mockito.times(1)).isLoggable(expectedJavaLevel);
         Mockito.verify(mockLogger, Mockito.times(1)).log(expectedJavaLevel, testName.getMethodName());
         Mockito.verify(mockLogger, Mockito.times(1)).log(expectedJavaLevel, testName.getMethodName(), testException);
diff --git a/src/test/java/org/owasp/esapi/logging/java/JavaLoggerTest.java b/src/test/java/org/owasp/esapi/logging/java/JavaLoggerTest.java
index 770bdd42d..2d9c24347 100644
--- a/src/test/java/org/owasp/esapi/logging/java/JavaLoggerTest.java
+++ b/src/test/java/org/owasp/esapi/logging/java/JavaLoggerTest.java
@@ -24,42 +24,42 @@
 import org.owasp.esapi.Logger;
 
 public class JavaLoggerTest {
-	@Rule
+    @Rule
     public TestName testName = new TestName();
-	
+
     private static final String MSG = JavaLoggerTest.class.getSimpleName();
-    
+
     private JavaLogBridge mockBridge = Mockito.mock(JavaLogBridge.class);
     private java.util.logging.Logger javaLogSpy;
-    
+
     private Throwable testEx = new Throwable(MSG + "_Exception");
     private Logger testLogger;
 
     @Before
     public void setup() {
-    	 java.util.logging.Logger wrappedLogger = java.util.logging.Logger.getLogger(testName.getMethodName());
-         javaLogSpy = Mockito.spy(wrappedLogger);
-    	 testLogger = new JavaLogger(javaLogSpy, mockBridge, Logger.ALL);
+        java.util.logging.Logger wrappedLogger = java.util.logging.Logger.getLogger(testName.getMethodName());
+        javaLogSpy = Mockito.spy(wrappedLogger);
+        testLogger = new JavaLogger(javaLogSpy, mockBridge, Logger.ALL);
     }
-    
+
     @Test
     public void testLevelEnablement() {
         testLogger.setLevel(Logger.INFO);
-        
+
         Assert.assertFalse(testLogger.isFatalEnabled());
         Assert.assertFalse(testLogger.isErrorEnabled());
         Assert.assertFalse(testLogger.isWarningEnabled());
         Assert.assertTrue(testLogger.isInfoEnabled());
         Assert.assertTrue(testLogger.isDebugEnabled());
         Assert.assertTrue(testLogger.isTraceEnabled());
-        
+
         Assert.assertEquals(Logger.INFO, testLogger.getESAPILevel());
     }
-    
+
     @Test
     public void testAllLevelEnablement() {
         testLogger.setLevel(Logger.ALL);
-        
+
         Assert.assertTrue(testLogger.isFatalEnabled());
         Assert.assertTrue(testLogger.isErrorEnabled());
         Assert.assertTrue(testLogger.isWarningEnabled());
@@ -71,7 +71,7 @@ public void testAllLevelEnablement() {
     @Test
     public void testOffLevelEnablement() {
         testLogger.setLevel(Logger.OFF);
-        
+
         Assert.assertFalse(testLogger.isFatalEnabled());
         Assert.assertFalse(testLogger.isErrorEnabled());
         Assert.assertFalse(testLogger.isWarningEnabled());
@@ -82,23 +82,23 @@ public void testOffLevelEnablement() {
     @Test
     public void testFatalWithMessage() {
         testLogger.fatal(Logger.EVENT_UNSPECIFIED, MSG);
-        
+
         Mockito.verify(mockBridge, Mockito.times(1)).log(javaLogSpy, Logger.FATAL, Logger.EVENT_UNSPECIFIED, MSG);
         Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
     }
     @Test
     public void testFatalWithMessageAndThrowable() {
         testLogger.fatal(Logger.EVENT_UNSPECIFIED, MSG, testEx);
-        
+
         Mockito.verify(mockBridge, Mockito.times(1)).log(javaLogSpy, Logger.FATAL, Logger.EVENT_UNSPECIFIED, MSG, testEx);
         Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
     }
-    
+
     @Test
     public void testFatalWithMessageDisabled() {
         testLogger.setLevel(Logger.OFF);
         testLogger.fatal(Logger.EVENT_UNSPECIFIED, MSG);
-        
+
         Mockito.verify(mockBridge, Mockito.times(0)).log(javaLogSpy, Logger.FATAL, Logger.EVENT_UNSPECIFIED, MSG, testEx);
         Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
     }
@@ -109,27 +109,27 @@ public void testFatalWithMessageAndThrowableDisabled() {
         Mockito.verify(mockBridge, Mockito.times(0)).log(javaLogSpy, Logger.FATAL, Logger.EVENT_UNSPECIFIED, MSG, testEx);
         Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
     }
-    
+
     @Test
     public void testErrorWithMessage() {
         testLogger.error(Logger.EVENT_UNSPECIFIED, MSG);
-        
+
         Mockito.verify(mockBridge, Mockito.times(1)).log(javaLogSpy, Logger.ERROR, Logger.EVENT_UNSPECIFIED, MSG);
         Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
     }
     @Test
     public void testErrorWithMessageAndThrowable() {
         testLogger.error(Logger.EVENT_UNSPECIFIED, MSG, testEx);
-        
+
         Mockito.verify(mockBridge, Mockito.times(1)).log(javaLogSpy, Logger.ERROR, Logger.EVENT_UNSPECIFIED, MSG, testEx);
         Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
     }
-    
+
     @Test
     public void testErrorWithMessageDisabled() {
         testLogger.setLevel(Logger.OFF);
         testLogger.error(Logger.EVENT_UNSPECIFIED, MSG);
-        
+
         Mockito.verify(mockBridge, Mockito.times(0)).log(javaLogSpy, Logger.ERROR, Logger.EVENT_UNSPECIFIED, MSG, testEx);
         Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
     }
@@ -140,27 +140,27 @@ public void testErrorWithMessageAndThrowableDisabled() {
         Mockito.verify(mockBridge, Mockito.times(0)).log(javaLogSpy, Logger.ERROR, Logger.EVENT_UNSPECIFIED, MSG, testEx);
         Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
     }
-    
+
     @Test
     public void testWarnWithMessage() {
         testLogger.warning(Logger.EVENT_UNSPECIFIED, MSG);
-        
+
         Mockito.verify(mockBridge, Mockito.times(1)).log(javaLogSpy, Logger.WARNING, Logger.EVENT_UNSPECIFIED, MSG);
         Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
     }
     @Test
     public void testWarnWithMessageAndThrowable() {
         testLogger.warning(Logger.EVENT_UNSPECIFIED, MSG, testEx);
-        
+
         Mockito.verify(mockBridge, Mockito.times(1)).log(javaLogSpy, Logger.WARNING, Logger.EVENT_UNSPECIFIED, MSG, testEx);
         Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
     }
-    
+
     @Test
     public void testWarnWithMessageDisabled() {
         testLogger.setLevel(Logger.OFF);
         testLogger.warning(Logger.EVENT_UNSPECIFIED, MSG);
-        
+
         Mockito.verify(mockBridge, Mockito.times(0)).log(javaLogSpy, Logger.WARNING, Logger.EVENT_UNSPECIFIED, MSG, testEx);
         Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
     }
@@ -171,27 +171,27 @@ public void testWarnWithMessageAndThrowableDisabled() {
         Mockito.verify(mockBridge, Mockito.times(0)).log(javaLogSpy, Logger.WARNING, Logger.EVENT_UNSPECIFIED, MSG, testEx);
         Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
     }
-    
+
     @Test
     public void testInfoWithMessage() {
         testLogger.info(Logger.EVENT_UNSPECIFIED, MSG);
-        
+
         Mockito.verify(mockBridge, Mockito.times(1)).log(javaLogSpy, Logger.INFO, Logger.EVENT_UNSPECIFIED, MSG);
         Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
     }
     @Test
     public void testInfoWithMessageAndThrowable() {
         testLogger.info(Logger.EVENT_UNSPECIFIED, MSG, testEx);
-        
+
         Mockito.verify(mockBridge, Mockito.times(1)).log(javaLogSpy, Logger.INFO, Logger.EVENT_UNSPECIFIED, MSG, testEx);
         Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
     }
-    
+
     @Test
     public void testInfoWithMessageDisabled() {
         testLogger.setLevel(Logger.OFF);
         testLogger.info(Logger.EVENT_UNSPECIFIED, MSG);
-        
+
         Mockito.verify(mockBridge, Mockito.times(0)).log(javaLogSpy, Logger.INFO, Logger.EVENT_UNSPECIFIED, MSG, testEx);
         Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
     }
@@ -205,23 +205,23 @@ public void testInfoWithMessageAndThrowableDisabled() {
     @Test
     public void testDebugWithMessage() {
         testLogger.debug(Logger.EVENT_UNSPECIFIED, MSG);
-        
+
         Mockito.verify(mockBridge, Mockito.times(1)).log(javaLogSpy, Logger.DEBUG, Logger.EVENT_UNSPECIFIED, MSG);
         Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
     }
     @Test
     public void testDebugWithMessageAndThrowable() {
         testLogger.debug(Logger.EVENT_UNSPECIFIED, MSG, testEx);
-        
+
         Mockito.verify(mockBridge, Mockito.times(1)).log(javaLogSpy, Logger.DEBUG, Logger.EVENT_UNSPECIFIED, MSG, testEx);
         Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
     }
-    
+
     @Test
     public void testDebugWithMessageDisabled() {
         testLogger.setLevel(Logger.OFF);
         testLogger.debug(Logger.EVENT_UNSPECIFIED, MSG);
-        
+
         Mockito.verify(mockBridge, Mockito.times(0)).log(javaLogSpy, Logger.DEBUG, Logger.EVENT_UNSPECIFIED, MSG, testEx);
         Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
     }
@@ -232,27 +232,27 @@ public void testDebugWithMessageAndThrowableDisabled() {
         Mockito.verify(mockBridge, Mockito.times(0)).log(javaLogSpy, Logger.DEBUG, Logger.EVENT_UNSPECIFIED, MSG, testEx);
         Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
     }
-    
+
     @Test
     public void testTraceWithMessage() {
         testLogger.trace(Logger.EVENT_UNSPECIFIED, MSG);
-        
+
         Mockito.verify(mockBridge, Mockito.times(1)).log(javaLogSpy, Logger.TRACE, Logger.EVENT_UNSPECIFIED, MSG);
         Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
     }
     @Test
     public void testTraceWithMessageAndThrowable() {
         testLogger.trace(Logger.EVENT_UNSPECIFIED, MSG, testEx);
-        
+
         Mockito.verify(mockBridge, Mockito.times(1)).log(javaLogSpy, Logger.TRACE, Logger.EVENT_UNSPECIFIED, MSG, testEx);
         Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
     }
-    
+
     @Test
     public void testTraceWithMessageDisabled() {
         testLogger.setLevel(Logger.OFF);
         testLogger.trace(Logger.EVENT_UNSPECIFIED, MSG);
-        
+
         Mockito.verify(mockBridge, Mockito.times(0)).log(javaLogSpy, Logger.TRACE, Logger.EVENT_UNSPECIFIED, MSG, testEx);
         Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
     }
@@ -263,27 +263,27 @@ public void testTraceWithMessageAndThrowableDisabled() {
         Mockito.verify(mockBridge, Mockito.times(0)).log(javaLogSpy, Logger.TRACE, Logger.EVENT_UNSPECIFIED, MSG, testEx);
         Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
     }
-    
+
     @Test
     public void testAlwaysWithMessage() {
         testLogger.always(Logger.EVENT_UNSPECIFIED, MSG);
-        
+
         Mockito.verify(mockBridge, Mockito.times(1)).log(javaLogSpy, Logger.ALL, Logger.EVENT_UNSPECIFIED, MSG);
         Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
     }
     @Test
     public void testAlwaysWithMessageAndThrowable() {
         testLogger.always(Logger.EVENT_UNSPECIFIED, MSG, testEx);
-        
+
         Mockito.verify(mockBridge, Mockito.times(1)).log(javaLogSpy, Logger.ALL, Logger.EVENT_UNSPECIFIED, MSG, testEx);
         Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
     }
-    
+
     @Test
     public void testAlwaysWithMessageDisabled() {
         testLogger.setLevel(Logger.OFF);
         testLogger.always(Logger.EVENT_UNSPECIFIED, MSG);
-        
+
         Mockito.verify(mockBridge, Mockito.times(0)).log(javaLogSpy, Logger.ALL, Logger.EVENT_UNSPECIFIED, MSG, testEx);
         Mockito.verifyNoMoreInteractions(mockBridge, javaLogSpy);
     }

From 5454c14bfb2b526fc9025aad419a896859dcfd84 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sat, 21 Dec 2019 08:06:17 -0600
Subject: [PATCH 643/812] Whitespace cleanup

---
 .../logging/log4j/Log4JLogBridgeImplTest.java | 26 +++---
 .../logging/log4j/Log4JLogFactoryTest.java    | 64 +++++++--------
 .../log4j/Log4JLogLevelHandlersTest.java      |  2 +-
 .../esapi/logging/log4j/Log4JLoggerTest.java  | 82 +++++++++----------
 4 files changed, 87 insertions(+), 87 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/logging/log4j/Log4JLogBridgeImplTest.java b/src/test/java/org/owasp/esapi/logging/log4j/Log4JLogBridgeImplTest.java
index ab52bc6dc..f3bf41582 100644
--- a/src/test/java/org/owasp/esapi/logging/log4j/Log4JLogBridgeImplTest.java
+++ b/src/test/java/org/owasp/esapi/logging/log4j/Log4JLogBridgeImplTest.java
@@ -48,7 +48,7 @@ public class Log4JLogBridgeImplTest {
     public void setup() {
         Map<Integer, Log4JLogLevelHandler> levelLookup = new HashMap<>();
         levelLookup.put(Logger.ALL, mockHandler);
-        
+
         org.apache.log4j.Logger wrappedLogger =org.apache.log4j.Logger.getLogger(testName.getMethodName());
         log4JSpy = Mockito.spy(wrappedLogger);
         bridge = new Log4JLogBridgeImpl(mockAppender, mockScrubber, levelLookup);
@@ -61,7 +61,7 @@ public void testLogMessageWithUnmappedEsapiLevelThrowsException() {
         Map<Integer, Log4JLogLevelHandler> emptyMap = Collections.emptyMap();
         new Log4JLogBridgeImpl(mockAppender, mockScrubber, emptyMap).log(log4JSpy, 0, Logger.EVENT_UNSPECIFIED, "This Should fail");
     }
-    
+
     @Test
     public void testLogMessageAndExceptionWithUnmappedEsapiLevelThrowsException() {
         exEx.expect(IllegalArgumentException.class);
@@ -69,13 +69,13 @@ public void testLogMessageAndExceptionWithUnmappedEsapiLevelThrowsException() {
         Map<Integer, Log4JLogLevelHandler> emptyMap = Collections.emptyMap();
         new Log4JLogBridgeImpl(mockAppender, mockScrubber, emptyMap).log(log4JSpy, 0, Logger.EVENT_UNSPECIFIED, "This Should fail", testEx);
     }
-    
+
     @Test
     public void testLogMessage() {
-    	EventType eventType = Logger.EVENT_UNSPECIFIED;
-    	String loggerName = testName.getMethodName();
-    	String orignMsg = testName.getMethodName();
-    	String appendMsg = "[APPEND] " + orignMsg;
+        EventType eventType = Logger.EVENT_UNSPECIFIED;
+        String loggerName = testName.getMethodName();
+        String orignMsg = testName.getMethodName();
+        String appendMsg = "[APPEND] " + orignMsg;
         String cleanMsg = appendMsg + " [CLEANED]";
 
         //Setup for Appender
@@ -92,16 +92,16 @@ public void testLogMessage() {
         Mockito.verify(mockHandler, Mockito.times(1)).isEnabled(log4JSpy);
         Mockito.verify(mockHandler, Mockito.times(0)).log(ArgumentMatchers.any(org.apache.log4j.Logger.class), ArgumentMatchers.any(String.class), ArgumentMatchers.any(Throwable.class));
         Mockito.verify(mockHandler, Mockito.times(1)).log(ArgumentMatchers.same(log4JSpy), ArgumentMatchers.eq(cleanMsg));
-     
+
         Mockito.verifyNoMoreInteractions(log4JSpy, mockAppender, mockScrubber,mockHandler);
     }
 
     @Test
     public void testLogErrorMessageWithException() {
-    	EventType eventType = Logger.EVENT_UNSPECIFIED;
-    	String loggerName = testName.getMethodName();
-    	String orignMsg = testName.getMethodName();
-    	String appendMsg = "[APPEND] " + orignMsg;
+        EventType eventType = Logger.EVENT_UNSPECIFIED;
+        String loggerName = testName.getMethodName();
+        String orignMsg = testName.getMethodName();
+        String appendMsg = "[APPEND] " + orignMsg;
         String cleanMsg = appendMsg + " [CLEANED]";
 
         //Setup for Appender
@@ -119,7 +119,7 @@ public void testLogErrorMessageWithException() {
         Mockito.verify(mockHandler, Mockito.times(0)).log(ArgumentMatchers.any(org.apache.log4j.Logger.class), ArgumentMatchers.any(String.class));
 
         Mockito.verify(mockHandler, Mockito.times(1)).log(ArgumentMatchers.same(log4JSpy), ArgumentMatchers.eq(cleanMsg), ArgumentMatchers.same(testEx));
-     
+
         Mockito.verifyNoMoreInteractions(log4JSpy, mockAppender, mockScrubber,mockHandler);
     }
 
diff --git a/src/test/java/org/owasp/esapi/logging/log4j/Log4JLogFactoryTest.java b/src/test/java/org/owasp/esapi/logging/log4j/Log4JLogFactoryTest.java
index 555a9750b..6b9f55379 100644
--- a/src/test/java/org/owasp/esapi/logging/log4j/Log4JLogFactoryTest.java
+++ b/src/test/java/org/owasp/esapi/logging/log4j/Log4JLogFactoryTest.java
@@ -38,71 +38,71 @@
 @RunWith(PowerMockRunner.class)
 @PrepareForTest (Log4JLogFactory.class)
 public class Log4JLogFactoryTest {
-	@Rule
+    @Rule
     public TestName testName = new TestName();
-	
+
     @Test
     public void testCreateLoggerByString() {
         Logger logger = new Log4JLogFactory().getLogger("test");
         Assert.assertTrue(logger instanceof Log4JLogger);
     }
-    
+
     @Test public void testCreateLoggerByClass() {
         Logger logger = new Log4JLogFactory().getLogger(Log4JLogBridgeImplTest.class);
         Assert.assertTrue(logger instanceof Log4JLogger);
     }
-    
+
     @Test
     public void checkScrubberWithEncoding() throws Exception {
         ArgumentCaptor<List> delegates = ArgumentCaptor.forClass(List.class);
         PowerMockito.whenNew(CompositeLogScrubber.class).withArguments(delegates.capture()).thenReturn(null);
-        
+
         //Call to invoke the constructor capture
         Log4JLogFactory.createLogScrubber(true);
-        
+
         List<LogScrubber> scrubbers = delegates.getValue();
         Assert.assertEquals(2, scrubbers.size());
         Assert.assertTrue(scrubbers.get(0) instanceof NewlineLogScrubber);
         Assert.assertTrue(scrubbers.get(1) instanceof CodecLogScrubber);
     }
-    
+
     @Test
     public void checkScrubberWithoutEncoding() throws Exception {
         ArgumentCaptor<List> delegates = ArgumentCaptor.forClass(List.class);
         PowerMockito.whenNew(CompositeLogScrubber.class).withArguments(delegates.capture()).thenReturn(null);
-        
+
         //Call to invoke the constructor capture
         Log4JLogFactory.createLogScrubber(false);
-        
+
         List<LogScrubber> scrubbers = delegates.getValue();
         Assert.assertEquals(1, scrubbers.size());
         Assert.assertTrue(scrubbers.get(0) instanceof NewlineLogScrubber);
     }
-    
+
     /**
-	 * At this time there are no special considerations or handling for the appender
-	 * creation in this scope. It is expected that the arguments to the internal
-	 * creation method are passed directly to the constructor of the
-	 * LogPrefixAppender with no mutation or additional validation.
-	 */
+     * At this time there are no special considerations or handling for the appender
+     * creation in this scope. It is expected that the arguments to the internal
+     * creation method are passed directly to the constructor of the
+     * LogPrefixAppender with no mutation or additional validation.
+     */
     @Test
     public void checkPassthroughAppenderConstruct() throws Exception {
-    	LogPrefixAppender stubAppender = new LogPrefixAppender(true, true, true, "");
-    	ArgumentCaptor<Boolean> clientInfoCapture = ArgumentCaptor.forClass(Boolean.class);
-    	ArgumentCaptor<Boolean> serverInfoCapture = ArgumentCaptor.forClass(Boolean.class);
-    	ArgumentCaptor<Boolean> logAppNameCapture = ArgumentCaptor.forClass(Boolean.class);
-    	ArgumentCaptor<String> appNameCapture = ArgumentCaptor.forClass(String.class);
-    	
-    	PowerMockito.whenNew(LogPrefixAppender.class).withArguments(clientInfoCapture.capture(), serverInfoCapture.capture(), logAppNameCapture.capture(), appNameCapture.capture()).thenReturn(stubAppender);
-    	
-    	LogAppender appender = Log4JLogFactory.createLogAppender(true, false, true, testName.getMethodName());
-    	
-    	Assert.assertEquals(stubAppender, appender);
-    	Assert.assertTrue(clientInfoCapture.getValue());
-    	Assert.assertFalse(serverInfoCapture.getValue());
-    	Assert.assertTrue(logAppNameCapture.getValue());
-    	Assert.assertEquals(testName.getMethodName(), appNameCapture.getValue());    	
+        LogPrefixAppender stubAppender = new LogPrefixAppender(true, true, true, "");
+        ArgumentCaptor<Boolean> clientInfoCapture = ArgumentCaptor.forClass(Boolean.class);
+        ArgumentCaptor<Boolean> serverInfoCapture = ArgumentCaptor.forClass(Boolean.class);
+        ArgumentCaptor<Boolean> logAppNameCapture = ArgumentCaptor.forClass(Boolean.class);
+        ArgumentCaptor<String> appNameCapture = ArgumentCaptor.forClass(String.class);
+
+        PowerMockito.whenNew(LogPrefixAppender.class).withArguments(clientInfoCapture.capture(), serverInfoCapture.capture(), logAppNameCapture.capture(), appNameCapture.capture()).thenReturn(stubAppender);
+
+        LogAppender appender = Log4JLogFactory.createLogAppender(true, false, true, testName.getMethodName());
+
+        Assert.assertEquals(stubAppender, appender);
+        Assert.assertTrue(clientInfoCapture.getValue());
+        Assert.assertFalse(serverInfoCapture.getValue());
+        Assert.assertTrue(logAppNameCapture.getValue());
+        Assert.assertEquals(testName.getMethodName(), appNameCapture.getValue());    	
     }
-    
-   
+
+
 }
diff --git a/src/test/java/org/owasp/esapi/logging/log4j/Log4JLogLevelHandlersTest.java b/src/test/java/org/owasp/esapi/logging/log4j/Log4JLogLevelHandlersTest.java
index 972c2868d..149617f91 100644
--- a/src/test/java/org/owasp/esapi/logging/log4j/Log4JLogLevelHandlersTest.java
+++ b/src/test/java/org/owasp/esapi/logging/log4j/Log4JLogLevelHandlersTest.java
@@ -42,7 +42,7 @@ public void testFatalDelegation() {
         Mockito.verifyNoMoreInteractions(mockLogger);
     }
 
-    
+
     @Test
     public void testErrorDelegation() {
         Log4JLogLevelHandlers.ERROR.isEnabled(mockLogger);
diff --git a/src/test/java/org/owasp/esapi/logging/log4j/Log4JLoggerTest.java b/src/test/java/org/owasp/esapi/logging/log4j/Log4JLoggerTest.java
index 2e77efd58..ebea57ac2 100644
--- a/src/test/java/org/owasp/esapi/logging/log4j/Log4JLoggerTest.java
+++ b/src/test/java/org/owasp/esapi/logging/log4j/Log4JLoggerTest.java
@@ -23,33 +23,33 @@
 import org.owasp.esapi.logging.log4j.Log4JLogger;
 
 public class Log4JLoggerTest {
-    
+
     private static final String MSG = Log4JLoggerTest.class.getSimpleName();
-    
+
     private Log4JLogBridge mockBridge = Mockito.mock(Log4JLogBridge.class);
     private org.apache.log4j.Logger mockLogDelegate = Mockito.mock(org.apache.log4j.Logger.class);
-    
+
     private Throwable testEx = new Throwable(MSG + "_Exception");
     private Logger testLogger = new Log4JLogger(mockLogDelegate, mockBridge, Logger.ALL);
 
     @Test
     public void testLevelEnablement() {
         testLogger.setLevel(Logger.INFO);
-        
+
         Assert.assertFalse(testLogger.isFatalEnabled());
         Assert.assertFalse(testLogger.isErrorEnabled());
         Assert.assertFalse(testLogger.isWarningEnabled());
         Assert.assertTrue(testLogger.isInfoEnabled());
         Assert.assertTrue(testLogger.isDebugEnabled());
         Assert.assertTrue(testLogger.isTraceEnabled());
-        
+
         Assert.assertEquals(Logger.INFO, testLogger.getESAPILevel());
     }
-    
+
     @Test
     public void testAllLevelEnablement() {
         testLogger.setLevel(Logger.ALL);
-        
+
         Assert.assertTrue(testLogger.isFatalEnabled());
         Assert.assertTrue(testLogger.isErrorEnabled());
         Assert.assertTrue(testLogger.isWarningEnabled());
@@ -61,7 +61,7 @@ public void testAllLevelEnablement() {
     @Test
     public void testOffLevelEnablement() {
         testLogger.setLevel(Logger.OFF);
-        
+
         Assert.assertFalse(testLogger.isFatalEnabled());
         Assert.assertFalse(testLogger.isErrorEnabled());
         Assert.assertFalse(testLogger.isWarningEnabled());
@@ -72,23 +72,23 @@ public void testOffLevelEnablement() {
     @Test
     public void testFatalWithMessage() {
         testLogger.fatal(Logger.EVENT_UNSPECIFIED, MSG);
-        
+
         Mockito.verify(mockBridge, Mockito.times(1)).log(mockLogDelegate, Logger.FATAL, Logger.EVENT_UNSPECIFIED, MSG);
         Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
     }
     @Test
     public void testFatalWithMessageAndThrowable() {
         testLogger.fatal(Logger.EVENT_UNSPECIFIED, MSG, testEx);
-        
+
         Mockito.verify(mockBridge, Mockito.times(1)).log(mockLogDelegate, Logger.FATAL, Logger.EVENT_UNSPECIFIED, MSG, testEx);
         Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
     }
-    
+
     @Test
     public void testFatalWithMessageDisabled() {
         testLogger.setLevel(Logger.OFF);
         testLogger.fatal(Logger.EVENT_UNSPECIFIED, MSG);
-        
+
         Mockito.verify(mockBridge, Mockito.times(0)).log(mockLogDelegate, Logger.FATAL, Logger.EVENT_UNSPECIFIED, MSG, testEx);
         Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
     }
@@ -99,27 +99,27 @@ public void testFatalWithMessageAndThrowableDisabled() {
         Mockito.verify(mockBridge, Mockito.times(0)).log(mockLogDelegate, Logger.FATAL, Logger.EVENT_UNSPECIFIED, MSG, testEx);
         Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
     }
-    
+
     @Test
     public void testErrorWithMessage() {
         testLogger.error(Logger.EVENT_UNSPECIFIED, MSG);
-        
+
         Mockito.verify(mockBridge, Mockito.times(1)).log(mockLogDelegate, Logger.ERROR, Logger.EVENT_UNSPECIFIED, MSG);
         Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
     }
     @Test
     public void testErrorWithMessageAndThrowable() {
         testLogger.error(Logger.EVENT_UNSPECIFIED, MSG, testEx);
-        
+
         Mockito.verify(mockBridge, Mockito.times(1)).log(mockLogDelegate, Logger.ERROR, Logger.EVENT_UNSPECIFIED, MSG, testEx);
         Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
     }
-    
+
     @Test
     public void testErrorWithMessageDisabled() {
         testLogger.setLevel(Logger.OFF);
         testLogger.error(Logger.EVENT_UNSPECIFIED, MSG);
-        
+
         Mockito.verify(mockBridge, Mockito.times(0)).log(mockLogDelegate, Logger.ERROR, Logger.EVENT_UNSPECIFIED, MSG, testEx);
         Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
     }
@@ -130,27 +130,27 @@ public void testErrorWithMessageAndThrowableDisabled() {
         Mockito.verify(mockBridge, Mockito.times(0)).log(mockLogDelegate, Logger.ERROR, Logger.EVENT_UNSPECIFIED, MSG, testEx);
         Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
     }
-    
+
     @Test
     public void testWarnWithMessage() {
         testLogger.warning(Logger.EVENT_UNSPECIFIED, MSG);
-        
+
         Mockito.verify(mockBridge, Mockito.times(1)).log(mockLogDelegate, Logger.WARNING, Logger.EVENT_UNSPECIFIED, MSG);
         Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
     }
     @Test
     public void testWarnWithMessageAndThrowable() {
         testLogger.warning(Logger.EVENT_UNSPECIFIED, MSG, testEx);
-        
+
         Mockito.verify(mockBridge, Mockito.times(1)).log(mockLogDelegate, Logger.WARNING, Logger.EVENT_UNSPECIFIED, MSG, testEx);
         Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
     }
-    
+
     @Test
     public void testWarnWithMessageDisabled() {
         testLogger.setLevel(Logger.OFF);
         testLogger.warning(Logger.EVENT_UNSPECIFIED, MSG);
-        
+
         Mockito.verify(mockBridge, Mockito.times(0)).log(mockLogDelegate, Logger.WARNING, Logger.EVENT_UNSPECIFIED, MSG, testEx);
         Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
     }
@@ -161,27 +161,27 @@ public void testWarnWithMessageAndThrowableDisabled() {
         Mockito.verify(mockBridge, Mockito.times(0)).log(mockLogDelegate, Logger.WARNING, Logger.EVENT_UNSPECIFIED, MSG, testEx);
         Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
     }
-    
+
     @Test
     public void testInfoWithMessage() {
         testLogger.info(Logger.EVENT_UNSPECIFIED, MSG);
-        
+
         Mockito.verify(mockBridge, Mockito.times(1)).log(mockLogDelegate, Logger.INFO, Logger.EVENT_UNSPECIFIED, MSG);
         Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
     }
     @Test
     public void testInfoWithMessageAndThrowable() {
         testLogger.info(Logger.EVENT_UNSPECIFIED, MSG, testEx);
-        
+
         Mockito.verify(mockBridge, Mockito.times(1)).log(mockLogDelegate, Logger.INFO, Logger.EVENT_UNSPECIFIED, MSG, testEx);
         Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
     }
-    
+
     @Test
     public void testInfoWithMessageDisabled() {
         testLogger.setLevel(Logger.OFF);
         testLogger.info(Logger.EVENT_UNSPECIFIED, MSG);
-        
+
         Mockito.verify(mockBridge, Mockito.times(0)).log(mockLogDelegate, Logger.INFO, Logger.EVENT_UNSPECIFIED, MSG, testEx);
         Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
     }
@@ -195,23 +195,23 @@ public void testInfoWithMessageAndThrowableDisabled() {
     @Test
     public void testDebugWithMessage() {
         testLogger.debug(Logger.EVENT_UNSPECIFIED, MSG);
-        
+
         Mockito.verify(mockBridge, Mockito.times(1)).log(mockLogDelegate, Logger.DEBUG, Logger.EVENT_UNSPECIFIED, MSG);
         Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
     }
     @Test
     public void testDebugWithMessageAndThrowable() {
         testLogger.debug(Logger.EVENT_UNSPECIFIED, MSG, testEx);
-        
+
         Mockito.verify(mockBridge, Mockito.times(1)).log(mockLogDelegate, Logger.DEBUG, Logger.EVENT_UNSPECIFIED, MSG, testEx);
         Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
     }
-    
+
     @Test
     public void testDebugWithMessageDisabled() {
         testLogger.setLevel(Logger.OFF);
         testLogger.debug(Logger.EVENT_UNSPECIFIED, MSG);
-        
+
         Mockito.verify(mockBridge, Mockito.times(0)).log(mockLogDelegate, Logger.DEBUG, Logger.EVENT_UNSPECIFIED, MSG, testEx);
         Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
     }
@@ -222,27 +222,27 @@ public void testDebugWithMessageAndThrowableDisabled() {
         Mockito.verify(mockBridge, Mockito.times(0)).log(mockLogDelegate, Logger.DEBUG, Logger.EVENT_UNSPECIFIED, MSG, testEx);
         Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
     }
-    
+
     @Test
     public void testTraceWithMessage() {
         testLogger.trace(Logger.EVENT_UNSPECIFIED, MSG);
-        
+
         Mockito.verify(mockBridge, Mockito.times(1)).log(mockLogDelegate, Logger.TRACE, Logger.EVENT_UNSPECIFIED, MSG);
         Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
     }
     @Test
     public void testTraceWithMessageAndThrowable() {
         testLogger.trace(Logger.EVENT_UNSPECIFIED, MSG, testEx);
-        
+
         Mockito.verify(mockBridge, Mockito.times(1)).log(mockLogDelegate, Logger.TRACE, Logger.EVENT_UNSPECIFIED, MSG, testEx);
         Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
     }
-    
+
     @Test
     public void testTraceWithMessageDisabled() {
         testLogger.setLevel(Logger.OFF);
         testLogger.trace(Logger.EVENT_UNSPECIFIED, MSG);
-        
+
         Mockito.verify(mockBridge, Mockito.times(0)).log(mockLogDelegate, Logger.TRACE, Logger.EVENT_UNSPECIFIED, MSG, testEx);
         Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
     }
@@ -253,27 +253,27 @@ public void testTraceWithMessageAndThrowableDisabled() {
         Mockito.verify(mockBridge, Mockito.times(0)).log(mockLogDelegate, Logger.TRACE, Logger.EVENT_UNSPECIFIED, MSG, testEx);
         Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
     }
-    
+
     @Test
     public void testAlwaysWithMessage() {
         testLogger.always(Logger.EVENT_UNSPECIFIED, MSG);
-        
+
         Mockito.verify(mockBridge, Mockito.times(1)).log(mockLogDelegate, Logger.ALL, Logger.EVENT_UNSPECIFIED, MSG);
         Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
     }
     @Test
     public void testAlwaysWithMessageAndThrowable() {
         testLogger.always(Logger.EVENT_UNSPECIFIED, MSG, testEx);
-        
+
         Mockito.verify(mockBridge, Mockito.times(1)).log(mockLogDelegate, Logger.ALL, Logger.EVENT_UNSPECIFIED, MSG, testEx);
         Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
     }
-    
+
     @Test
     public void testAlwaysWithMessageDisabled() {
         testLogger.setLevel(Logger.OFF);
         testLogger.always(Logger.EVENT_UNSPECIFIED, MSG);
-        
+
         Mockito.verify(mockBridge, Mockito.times(0)).log(mockLogDelegate, Logger.ALL, Logger.EVENT_UNSPECIFIED, MSG, testEx);
         Mockito.verifyNoMoreInteractions(mockBridge, mockLogDelegate);
     }

From a904dab581bf61dbbf1ea2202f481b937cb9e1b5 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sat, 21 Dec 2019 08:10:05 -0600
Subject: [PATCH 644/812] Log4J SPI (Test-Scope)

Uncommenting xml configuration for SPI LoggerFactory
---
 src/test/resources/log4j.xml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/src/test/resources/log4j.xml b/src/test/resources/log4j.xml
index 0abc8dd4c..70351b47d 100644
--- a/src/test/resources/log4j.xml
+++ b/src/test/resources/log4j.xml
@@ -50,8 +50,6 @@
     <appender-ref ref="file" />
   </root>
 
-  <!-- 
   <loggerFactory class="org.owasp.esapi.logging.log4j.Log4JLoggerFactory"/>
- -->
 
 </log4j:configuration>

From 1e930c446e8276e9050e0ffc2ed56fe062c899f7 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sat, 21 Dec 2019 08:40:20 -0600
Subject: [PATCH 645/812] Log4J SPI Factory Tests

Basic test implementation asserting that the appender/scrubber utils are
applied when log content is passed through the Logger implementations.
---
 .../logging/log4j/Log4JLoggerFactoryTest.java | 97 +++++++++++++++++++
 1 file changed, 97 insertions(+)
 create mode 100644 src/test/java/org/owasp/esapi/logging/log4j/Log4JLoggerFactoryTest.java

diff --git a/src/test/java/org/owasp/esapi/logging/log4j/Log4JLoggerFactoryTest.java b/src/test/java/org/owasp/esapi/logging/log4j/Log4JLoggerFactoryTest.java
new file mode 100644
index 000000000..5d73047d3
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/logging/log4j/Log4JLoggerFactoryTest.java
@@ -0,0 +1,97 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @created 2019
+ */
+package org.owasp.esapi.logging.log4j;
+
+import org.apache.log4j.Level;
+import org.apache.log4j.Logger;
+import org.apache.log4j.spi.LoggerRepository;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.TestName;
+import org.junit.runner.RunWith;
+import org.mockito.ArgumentMatchers;
+import org.mockito.Mock;
+import org.mockito.Mockito;
+import org.mockito.junit.MockitoJUnitRunner;
+import org.owasp.esapi.logging.appender.LogAppender;
+import org.owasp.esapi.logging.cleaning.LogScrubber;
+import org.powermock.reflect.Whitebox;
+
+/**
+ * Basic test implementation that verifies that the {@link LogAppender} and
+ * {@link LogScrubber} references are applied by the {@link Logger} instances
+ * created by the {@link Log4JLoggerFactory}.
+ * 
+ */
+@RunWith(MockitoJUnitRunner.class)
+public class Log4JLoggerFactoryTest {
+    @Mock
+    private LogScrubber scrubber;
+    @Mock
+    private LogAppender appender;
+    @Rule
+    public TestName testName = new TestName();
+
+    private String logMsg = testName.getMethodName() + "-MESSAGE";
+    private Logger logger;
+
+    @Before
+    public void configureStaticFactoryState() {
+        Log4JLoggerFactory factory = new Log4JLoggerFactory();
+        Whitebox.setInternalState(Log4JLoggerFactory.class, "LOG4J_LOG_SCRUBBER", scrubber);
+        Whitebox.setInternalState(Log4JLoggerFactory.class, "LOG4J_LOG_APPENDER", appender);
+
+        Mockito.when(scrubber.cleanMessage(logMsg)).thenReturn(logMsg);
+        Mockito.when(appender.appendTo(testName.getMethodName(), null, logMsg)).thenReturn(logMsg);
+
+        LoggerRepository mockRepo = Mockito.mock(LoggerRepository.class);
+        Mockito.when(mockRepo.isDisabled(ArgumentMatchers.anyInt())).thenReturn(false);
+
+        logger = factory.makeNewLoggerInstance(testName.getMethodName());
+        Whitebox.setInternalState(logger, "repository", mockRepo);
+        logger.setLevel(Level.ALL);
+    }
+
+    @Test
+    public void testLogDebug() {
+        logger.debug(logMsg);
+        Mockito.verify(scrubber, Mockito.times(1)).cleanMessage(logMsg);
+        Mockito.verify(appender, Mockito.times(1)).appendTo(testName.getMethodName(), null, logMsg);
+    }
+
+    @Test
+    public void testLogInfo() {
+        logger.info(logMsg);
+        Mockito.verify(scrubber, Mockito.times(1)).cleanMessage(logMsg);
+        Mockito.verify(appender, Mockito.times(1)).appendTo(testName.getMethodName(), null, logMsg);
+    }
+
+    @Test
+    public void testLogWarn() {
+        logger.warn(logMsg);
+        Mockito.verify(scrubber, Mockito.times(1)).cleanMessage(logMsg);
+        Mockito.verify(appender, Mockito.times(1)).appendTo(testName.getMethodName(), null, logMsg);
+    }
+
+    @Test
+    public void testLogError() {
+        logger.error(logMsg);
+        Mockito.verify(scrubber, Mockito.times(1)).cleanMessage(logMsg);
+        Mockito.verify(appender, Mockito.times(1)).appendTo(testName.getMethodName(), null, logMsg);
+    }
+
+}

From f4921e35d05056838ba173c2e442a521049795a8 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sun, 29 Dec 2019 03:43:52 -0600
Subject: [PATCH 646/812] Adding properties for logging user/client info

Taking property implementation from cristiantm in PR #529 for issue #527.
Adding properties for whether to log the username information and/or the
client connection information to the DefaultSecurityConfiguration.
Applying the default TRUE state to ESAPI.properties in both test and
configuration scope.
---
 configuration/esapi/ESAPI.properties                         | 5 ++++-
 .../owasp/esapi/reference/DefaultSecurityConfiguration.java  | 2 ++
 src/test/resources/esapi/ESAPI.properties                    | 5 ++++-
 3 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/configuration/esapi/ESAPI.properties b/configuration/esapi/ESAPI.properties
index 1e3019534..922dcfa0e 100644
--- a/configuration/esapi/ESAPI.properties
+++ b/configuration/esapi/ESAPI.properties
@@ -391,7 +391,10 @@ Logger.LogServerIP=true
 Logger.LogFileName=ESAPI_logging_file
 # MaxLogFileSize, the max size (in bytes) of a single log file before it cuts over to a new one (default is 10,000,000)
 Logger.MaxLogFileSize=10000000
-
+# Determines whether ESAPI should log the user info.
+Logger.UserInfo=true
+# Determines whether ESAPI should log the app info.
+Logger.AppInfo=true
 
 #===========================================================================
 # ESAPI Intrusion Detection
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
index 094a92a84..c15ad45ec 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
@@ -152,6 +152,8 @@ public static SecurityConfiguration getInstance() {
     public static final String LOG_ENCODING_REQUIRED = "Logger.LogEncodingRequired";
     public static final String LOG_APPLICATION_NAME = "Logger.LogApplicationName";
     public static final String LOG_SERVER_IP = "Logger.LogServerIP";
+    public static final String LOG_USER_INFO = "Logger.UserInfo";
+    public static final String LOG_APP_INFO = "Logger.AppInfo";
     public static final String VALIDATION_PROPERTIES = "Validator.ConfigurationFile";
     public static final String VALIDATION_PROPERTIES_MULTIVALUED = "Validator.ConfigurationFile.MultiValued";
     public static final String ACCEPT_LENIENT_DATES = "Validator.AcceptLenientDates";
diff --git a/src/test/resources/esapi/ESAPI.properties b/src/test/resources/esapi/ESAPI.properties
index 1437fae9a..e11f96c99 100644
--- a/src/test/resources/esapi/ESAPI.properties
+++ b/src/test/resources/esapi/ESAPI.properties
@@ -424,7 +424,10 @@ Logger.LogServerIP=true
 Logger.LogFileName=ESAPI_logging_file
 # MaxLogFileSize, the max size (in bytes) of a single log file before it cuts over to a new one (default is 10,000,000)
 Logger.MaxLogFileSize=10000000
-
+# Determines whether ESAPI should log the user info.
+Logger.UserInfo=true
+# Determines whether ESAPI should log the app info.
+Logger.AppInfo=true
 
 #===========================================================================
 # ESAPI Intrusion Detection

From 617f3735e3a79a8d1ae343e9a920e0eb905b642a Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sun, 29 Dec 2019 03:45:15 -0600
Subject: [PATCH 647/812] Splitting User info from Client Supplier

Breaking the user-specific information out of the ClientInfoSupplier.
---
 .../logging/appender/UserInfoSupplier.java    | 59 ++++++++++++
 .../appender/UserInfoSupplierTest.java        | 95 +++++++++++++++++++
 2 files changed, 154 insertions(+)
 create mode 100644 src/main/java/org/owasp/esapi/logging/appender/UserInfoSupplier.java
 create mode 100644 src/test/java/org/owasp/esapi/logging/appender/UserInfoSupplierTest.java

diff --git a/src/main/java/org/owasp/esapi/logging/appender/UserInfoSupplier.java b/src/main/java/org/owasp/esapi/logging/appender/UserInfoSupplier.java
new file mode 100644
index 000000000..e9c34e31a
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/logging/appender/UserInfoSupplier.java
@@ -0,0 +1,59 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @created 2019
+ */
+
+package org.owasp.esapi.logging.appender;
+
+import java.util.function.Supplier;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.User;
+
+/**
+ * Supplier which can provide a String representing the client-side connection
+ * information.
+ */
+public class UserInfoSupplier implements Supplier<String> {
+    /** Default UserName string if the Authenticated user is null.*/
+    private static final String DEFAULT_USERNAME = "#ANONYMOUS#";
+    
+    /** Whether to log the user info from this instance. */
+    private boolean logUserInfo = true;
+    
+        @Override
+    public String get() {
+        // log user information - username:session@ipaddr
+        User user = ESAPI.authenticator().getCurrentUser();
+        
+        String userInfo = "";
+        if (logUserInfo) {
+            if (user == null) {
+                userInfo = DEFAULT_USERNAME;
+            } else {
+                userInfo = user.getAccountName();            
+            }
+        } 
+        
+        return userInfo;
+    }
+
+    /**
+     * Specify whether the instance should record the client info.
+     * 
+     * @param log {@code true} to record
+     */
+    public void setLogUserInfo(boolean log) {
+        this.logUserInfo = log;
+    }
+}
diff --git a/src/test/java/org/owasp/esapi/logging/appender/UserInfoSupplierTest.java b/src/test/java/org/owasp/esapi/logging/appender/UserInfoSupplierTest.java
new file mode 100644
index 000000000..8ae9decef
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/logging/appender/UserInfoSupplierTest.java
@@ -0,0 +1,95 @@
+package org.owasp.esapi.logging.appender;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyNoMoreInteractions;
+import static org.powermock.api.mockito.PowerMockito.mockStatic;
+import static org.powermock.api.mockito.PowerMockito.when;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.TestName;
+import org.junit.runner.RunWith;
+import org.mockito.ArgumentMatchers;
+import org.owasp.esapi.Authenticator;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Randomizer;
+import org.owasp.esapi.User;
+import org.powermock.core.classloader.annotations.PowerMockIgnore;
+import org.powermock.core.classloader.annotations.PrepareForTest;
+import org.powermock.modules.junit4.PowerMockRunner;
+
+@RunWith(PowerMockRunner.class)
+@PrepareForTest({ESAPI.class})
+@PowerMockIgnore("javax.security.*") //Required since User extends javax.security.Principal
+public class UserInfoSupplierTest {
+	private static final String ESAPI_SESSION_ATTR = "ESAPI_SESSION";
+	
+	@Rule
+    public TestName testName = new TestName();
+	
+	private Authenticator mockAuth;
+	private User mockUser;
+	
+	@Before
+	public void before() throws Exception {
+		mockAuth =mock(Authenticator.class); 
+		mockUser =mock(User.class);
+		
+		mockStatic(ESAPI.class);
+		when(ESAPI.class, "authenticator").thenReturn(mockAuth);
+		
+		when(mockUser.getAccountName()).thenReturn(testName.getMethodName() + "-USER");
+		
+	     
+	    when(mockAuth.getCurrentUser()).thenReturn(mockUser);
+	}
+	
+	@Test
+	public void testHappyPath() throws Exception {
+		UserInfoSupplier uis = new UserInfoSupplier();
+		uis.setLogUserInfo(true);
+		String result = uis.get();
+		
+		assertEquals(testName.getMethodName() + "-USER", result);
+		
+		verify(mockAuth,times(1)).getCurrentUser();
+		verify(mockUser,times(1)).getAccountName();
+		
+		verifyNoMoreInteractions(mockAuth, mockUser);
+	}
+	
+	@Test
+	public void testLogUserOff() {
+		UserInfoSupplier uis = new UserInfoSupplier();
+		uis.setLogUserInfo(false);
+		String result = uis.get();
+		
+		assertTrue(result.isEmpty());
+		verify(mockAuth,times(1)).getCurrentUser();
+		
+		verifyNoMoreInteractions(mockAuth, mockUser);
+	}
+	
+	@Test
+	public void testLogUserNull() {
+		when(mockAuth.getCurrentUser()).thenReturn(null);
+		UserInfoSupplier uis = new UserInfoSupplier();
+		uis.setLogUserInfo(true);
+		String result = uis.get();
+		
+		assertEquals("#ANONYMOUS#", result);
+		
+		verify(mockAuth,times(1)).getCurrentUser();
+		
+		verifyNoMoreInteractions(mockAuth,  mockUser);
+	}
+	
+}
\ No newline at end of file

From 47b8929e518c9c45a04cde33fb967a0f06c13923 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sun, 29 Dec 2019 03:46:17 -0600
Subject: [PATCH 648/812] Splitting User/Client Info & Impl Propagation

Completing the split of the user/client info from the appender package.
Includes updates to the LogPrefixAppender to accept the configurations as
two distinct boolean values.

The constructor updates of the LogPrefixAppender have been propagated back
to the implemented *LogFactory implementations.

Related test updates.
---
 .../logging/appender/ClientInfoSupplier.java  | 20 ++++++-------
 .../logging/appender/LogPrefixAppender.java   | 20 +++++++++----
 .../esapi/logging/java/JavaLogFactory.java    | 10 ++++---
 .../esapi/logging/log4j/Log4JLogFactory.java  | 10 ++++---
 .../logging/log4j/Log4JLoggerFactory.java     |  5 ++--
 .../esapi/logging/slf4j/Slf4JLogFactory.java  | 10 ++++---
 .../appender/ClientInfoSupplierTest.java      | 27 +++++++----------
 .../appender/LogPrefixAppenderTest.java       | 29 +++++++++++++------
 .../logging/java/JavaLogFactoryTest.java      |  8 +++--
 .../logging/log4j/Log4JLogFactoryTest.java    | 10 +++----
 .../logging/slf4j/Slf4JLogFactoryTest.java    | 20 +++++++------
 11 files changed, 96 insertions(+), 73 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/logging/appender/ClientInfoSupplier.java b/src/main/java/org/owasp/esapi/logging/appender/ClientInfoSupplier.java
index f8cbaf719..2ff07a19a 100644
--- a/src/main/java/org/owasp/esapi/logging/appender/ClientInfoSupplier.java
+++ b/src/main/java/org/owasp/esapi/logging/appender/ClientInfoSupplier.java
@@ -28,8 +28,6 @@
  * information.
  */
 public class ClientInfoSupplier implements Supplier<String> {
-    /** Default UserName string if the Authenticated user is null.*/
-    private static final String DEFAULT_USERNAME = "#ANONYMOUS#";
     /** Default Last Host string if the Authenticated user is null.*/
     private static final String DEFAULT_LAST_HOST = "#UNKNOWN_HOST#";
     /** Session Attribute containing the ESAPI Session id. */
@@ -44,16 +42,16 @@ public class ClientInfoSupplier implements Supplier<String> {
     private static final int ESAPI_SESSION_RAND_MAX = 1000000;
 
     /** Format for supplier output. */
-    private static final String USER_INFO_FORMAT = "%s:%s@%s"; // USER_NAME, SID, USER_HOST_ADDRESS
+    private static final String USER_INFO_FORMAT = "%s@%s"; // SID, USER_HOST_ADDRESS
 
     /** Whether to log the user info from this instance. */
-    private boolean logUserInfo = true;
+    private boolean logClientInfo = true;
 
     @Override
     public String get() {
-        String userInfo = "";
+        String clientInfo = "";
 
-        if (logUserInfo) {
+        if (logClientInfo) {
             HttpServletRequest request = ESAPI.currentRequest();
             // create a random session number for the user to represent the user's
             // 'session', if it doesn't exist already
@@ -73,12 +71,12 @@ public String get() {
             // log user information - username:session@ipaddr
             User user = ESAPI.authenticator().getCurrentUser();
             if (user == null) {
-                userInfo = String.format(USER_INFO_FORMAT, DEFAULT_USERNAME, sid, DEFAULT_LAST_HOST);
+                clientInfo = String.format(USER_INFO_FORMAT, sid, DEFAULT_LAST_HOST);
             } else {
-                userInfo = String.format(USER_INFO_FORMAT, user.getAccountName(), sid, user.getLastHostAddress());
+                clientInfo = String.format(USER_INFO_FORMAT, sid, user.getLastHostAddress());
             }
         }
-        return userInfo;
+        return clientInfo;
     }
 
     /**
@@ -86,8 +84,8 @@ public String get() {
      * 
      * @param log {@code true} to record
      */
-    public void setLogUserInfo(boolean log) {
-        this.logUserInfo = log;
+    public void setLogClientInfo(boolean log) {
+        this.logClientInfo = log;
     }
 
 }
diff --git a/src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java b/src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java
index 7c24b0bcf..0dc4750a7 100644
--- a/src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java
+++ b/src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java
@@ -23,8 +23,10 @@
  */
 public class LogPrefixAppender implements LogAppender {
     /** Output format used to assemble return values. */
-    private static final String RESULT_FORMAT = "[%s %s -> %s] %s";// EVENT_TYPE, CLIENT_INFO, SERVER_INFO, messageBody
+    private static final String RESULT_FORMAT = "[%s %s:%s -> %s] %s";// EVENT_TYPE, CLIENT_INFO, SERVER_INFO, messageBody
 
+    /** Whether or not to record user information. */
+    private final boolean logUserInfo;
     /** Whether or not to record client information. */
     private final boolean logClientInfo;
     /** Whether or not to record server ip information. */
@@ -37,12 +39,14 @@ public class LogPrefixAppender implements LogAppender {
     /**
      * Ctr.
      * 
+     * @param logUserInfo      Whether or not to record user information
      * @param logClientInfo      Whether or not to record client information
      * @param logServerIp        Whether or not to record server ip information
      * @param logApplicationName Whether or not to record application name
      * @param appName            Application Name to record.
      */
-    public LogPrefixAppender(boolean logClientInfo, boolean logServerIp, boolean logApplicationName, String appName) {
+    public LogPrefixAppender(boolean logUserInfo, boolean logClientInfo, boolean logServerIp, boolean logApplicationName, String appName) {
+        this.logUserInfo = logUserInfo;
         this.logClientInfo = logClientInfo;
         this.logServerIp = logServerIp;
         this.logApplicationName = logApplicationName;
@@ -53,17 +57,21 @@ public LogPrefixAppender(boolean logClientInfo, boolean logServerIp, boolean log
     public String appendTo(String logName, EventType eventType, String message) {
         EventTypeLogSupplier eventTypeSupplier = new EventTypeLogSupplier(eventType);
 
+        UserInfoSupplier userInfoSupplier = new UserInfoSupplier();
+        userInfoSupplier.setLogUserInfo(logUserInfo);
+        
         ClientInfoSupplier clientInfoSupplier = new ClientInfoSupplier();
-        clientInfoSupplier.setLogUserInfo(logClientInfo);
-
-        ServerInfoSupplier serverInfoSupplier = new ServerInfoSupplier(logName);
+        clientInfoSupplier.setLogClientInfo(logClientInfo);
+        
+                ServerInfoSupplier serverInfoSupplier = new ServerInfoSupplier(logName);
         serverInfoSupplier.setLogServerIp(logServerIp);
         serverInfoSupplier.setLogApplicationName(logApplicationName, appName);
 
         String eventTypeMsg = eventTypeSupplier.get();
+        String userInfoMsg = userInfoSupplier.get();
         String clientInfoMsg = clientInfoSupplier.get();
         String serverInfoMsg = serverInfoSupplier.get();
 
-        return String.format(RESULT_FORMAT, eventTypeMsg, clientInfoMsg, serverInfoMsg, message);
+        return String.format(RESULT_FORMAT, eventTypeMsg, userInfoMsg, clientInfoMsg, serverInfoMsg, message);
     }
 }
diff --git a/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java b/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java
index a83e8c1de..2c0f2176c 100644
--- a/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java
+++ b/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java
@@ -53,11 +53,13 @@ public class JavaLogFactory implements LogFactory {
         boolean encodeLog = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_ENCODING_REQUIRED);
         JAVA_LOG_SCRUBBER = createLogScrubber(encodeLog);
 
-        boolean logClientInfo = true;
+
+        boolean logUserInfo = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_USER_INFO);
+        boolean logClientInfo = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_APP_INFO);
         boolean logApplicationName = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_APPLICATION_NAME);
         String appName = ESAPI.securityConfiguration().getStringProp(DefaultSecurityConfiguration.APPLICATION_NAME);
         boolean logServerIp = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_SERVER_IP);
-        JAVA_LOG_APPENDER = createLogAppender(logClientInfo, logServerIp, logApplicationName, appName);
+        JAVA_LOG_APPENDER = createLogAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName);
 
         Map<Integer, JavaLogLevelHandler> levelLookup = new HashMap<>();
         levelLookup.put(Logger.ALL, JavaLogLevelHandlers.ALL);
@@ -116,8 +118,8 @@ public class JavaLogFactory implements LogFactory {
      * 
      * @return LogAppender instance.
      */
-    /*package*/ static LogAppender createLogAppender(boolean logClientInfo, boolean logServerIp, boolean logApplicationName, String appName) {
-        return new LogPrefixAppender(logClientInfo, logServerIp, logApplicationName, appName);       
+    /*package*/ static LogAppender createLogAppender(boolean logUserInfo, boolean logClientInfo, boolean logServerIp, boolean logApplicationName, String appName) {
+        return new LogPrefixAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName);  
     }
 
 
diff --git a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogFactory.java b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogFactory.java
index fcf42f350..cdcdbc3b8 100644
--- a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogFactory.java
+++ b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogFactory.java
@@ -51,11 +51,13 @@ public class Log4JLogFactory implements LogFactory {
         boolean encodeLog = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_ENCODING_REQUIRED);
         Log4J_LOG_SCRUBBER = createLogScrubber(encodeLog);
 
-        boolean logClientInfo = true;
+        
+        boolean logUserInfo = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_USER_INFO);
+        boolean logClientInfo = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_APP_INFO);
         boolean logApplicationName = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_APPLICATION_NAME);
         String appName = ESAPI.securityConfiguration().getStringProp(DefaultSecurityConfiguration.APPLICATION_NAME);
         boolean logServerIp = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_SERVER_IP);
-        Log4J_LOG_APPENDER = createLogAppender(logClientInfo, logServerIp, logApplicationName, appName);
+        Log4J_LOG_APPENDER = createLogAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName);
 
         Map<Integer, Log4JLogLevelHandler> levelLookup = new HashMap<>();
         levelLookup.put(Logger.ALL, Log4JLogLevelHandlers.TRACE);
@@ -96,8 +98,8 @@ public class Log4JLogFactory implements LogFactory {
      * 
      * @return LogAppender instance.
      */
-    /*package*/ static LogAppender createLogAppender(boolean logClientInfo, boolean logServerIp, boolean logApplicationName, String appName) {
-        return new LogPrefixAppender(logClientInfo, logServerIp, logApplicationName, appName);       
+    /*package*/ static LogAppender createLogAppender(boolean logUserInfo, boolean logClientInfo, boolean logServerIp, boolean logApplicationName, String appName) {
+        return new LogPrefixAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName);       
     }
 
 
diff --git a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLoggerFactory.java b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLoggerFactory.java
index 5123e20b5..3e032baef 100644
--- a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLoggerFactory.java
+++ b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLoggerFactory.java
@@ -40,11 +40,12 @@ public class Log4JLoggerFactory implements LoggerFactory {
         boolean encodeLog = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_ENCODING_REQUIRED);
         LOG4J_LOG_SCRUBBER = Log4JLogFactory.createLogScrubber(encodeLog);
 
-        boolean logClientInfo = true;
+        boolean logUserInfo = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_USER_INFO);
+        boolean logClientInfo = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_APP_INFO);
         boolean logApplicationName = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_APPLICATION_NAME);
         String appName = ESAPI.securityConfiguration().getStringProp(DefaultSecurityConfiguration.APPLICATION_NAME);
         boolean logServerIp = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_SERVER_IP);
-        LOG4J_LOG_APPENDER = Log4JLogFactory.createLogAppender(logClientInfo, logServerIp, logApplicationName, appName);
+        LOG4J_LOG_APPENDER = Log4JLogFactory.createLogAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName);
     }
 
     /**
diff --git a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java
index ce91a61ea..3b670745e 100644
--- a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java
+++ b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java
@@ -57,11 +57,13 @@ public class Slf4JLogFactory implements LogFactory {
         boolean encodeLog = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_ENCODING_REQUIRED);
         SLF4J_LOG_SCRUBBER = createLogScrubber(encodeLog);
         
-    	boolean logClientInfo = true;
+
+        boolean logUserInfo = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_USER_INFO);
+        boolean logClientInfo = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_APP_INFO);
 		boolean logApplicationName = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_APPLICATION_NAME);
 		String appName = ESAPI.securityConfiguration().getStringProp(DefaultSecurityConfiguration.APPLICATION_NAME);
 		boolean logServerIp = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_SERVER_IP);
-        SLF4J_LOG_APPENDER = createLogAppender(logClientInfo, logServerIp, logApplicationName, appName);
+        SLF4J_LOG_APPENDER = createLogAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName);
         
         Map<Integer, Slf4JLogLevelHandler> levelLookup = new HashMap<>();
         levelLookup.put(Logger.ALL, Slf4JLogLevelHandlers.TRACE);
@@ -102,8 +104,8 @@ public class Slf4JLogFactory implements LogFactory {
      * 
      * @return LogAppender instance.
      */
-    /*package*/ static LogAppender createLogAppender(boolean logClientInfo, boolean logServerIp, boolean logApplicationName, String appName) {
-       return new LogPrefixAppender(logClientInfo, logServerIp, logApplicationName, appName);       
+    /*package*/ static LogAppender createLogAppender(boolean logUserInfo, boolean logClientInfo, boolean logServerIp, boolean logApplicationName, String appName) {
+        return new LogPrefixAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName);       
     }
     
     
diff --git a/src/test/java/org/owasp/esapi/logging/appender/ClientInfoSupplierTest.java b/src/test/java/org/owasp/esapi/logging/appender/ClientInfoSupplierTest.java
index b021ab06e..61c0fba6e 100644
--- a/src/test/java/org/owasp/esapi/logging/appender/ClientInfoSupplierTest.java
+++ b/src/test/java/org/owasp/esapi/logging/appender/ClientInfoSupplierTest.java
@@ -60,7 +60,6 @@ public void before() throws Exception {
 		//Session value generation
 		when(mockRand.getRandomInteger(ArgumentMatchers.anyInt(), ArgumentMatchers.anyInt())).thenReturn(55555);
 		 
-		when(mockUser.getAccountName()).thenReturn(testName.getMethodName() + "-USER");
 		when(mockUser.getLastHostAddress()).thenReturn(testName.getMethodName() + "-HOST_ADDR");
 		
 	     
@@ -70,15 +69,14 @@ public void before() throws Exception {
 	@Test
 	public void testHappyPath() throws Exception {
 		ClientInfoSupplier cis = new ClientInfoSupplier();
-		cis.setLogUserInfo(true);
+		cis.setLogClientInfo(true);
 		String result = cis.get();
 		
-		assertEquals(testName.getMethodName() + "-USER:"+ testName.getMethodName() + "-SESSION@"+testName.getMethodName() + "-HOST_ADDR", result);
+		assertEquals(testName.getMethodName() + "-SESSION@"+testName.getMethodName() + "-HOST_ADDR", result);
 		
 		verify(mockAuth,times(1)).getCurrentUser();
 		verify(mockRequest,times(1)).getSession(false);
 		verify(mockSession,times(1)).getAttribute(ESAPI_SESSION_ATTR);
-		verify(mockUser,times(1)).getAccountName();
 		verify(mockUser,times(1)).getLastHostAddress();
 		
 		verifyNoMoreInteractions(mockAuth, mockRand, mockRequest, mockSession, mockUser);
@@ -87,7 +85,7 @@ public void testHappyPath() throws Exception {
 	@Test
 	public void testLogUserOff() {
 		ClientInfoSupplier cis = new ClientInfoSupplier();
-		cis.setLogUserInfo(false);
+		cis.setLogClientInfo(false);
 		String result = cis.get();
 		
 		assertTrue(result.isEmpty());
@@ -99,10 +97,10 @@ public void testLogUserOff() {
 	public void testLogUserNull() {
 		when(mockAuth.getCurrentUser()).thenReturn(null);
 		ClientInfoSupplier cis = new ClientInfoSupplier();
-		cis.setLogUserInfo(true);
+		cis.setLogClientInfo(true);
 		String result = cis.get();
 		
-		assertEquals("#ANONYMOUS#:"+testName.getMethodName()+ "-SESSION@#UNKNOWN_HOST#", result);
+		assertEquals(testName.getMethodName()+ "-SESSION@#UNKNOWN_HOST#", result);
 		
 		verify(mockAuth,times(1)).getCurrentUser();
 		verify(mockRequest,times(1)).getSession(false);
@@ -115,14 +113,13 @@ public void testLogUserNull() {
 	public void testNullRequest() throws Exception {
 		when(ESAPI.class, "currentRequest").thenReturn(null);
 		ClientInfoSupplier cis = new ClientInfoSupplier();
-		cis.setLogUserInfo(true);
+		cis.setLogClientInfo(true);
 		String result = cis.get();
 		
 		//sid is empty when request is null		
-		assertEquals(testName.getMethodName() + "-USER:@"+testName.getMethodName() + "-HOST_ADDR", result);
+		assertEquals("@"+testName.getMethodName() + "-HOST_ADDR", result);
 		
 		verify(mockAuth,times(1)).getCurrentUser();
-		verify(mockUser,times(1)).getAccountName();
 		verify(mockUser,times(1)).getLastHostAddress();
 		
 		verifyNoMoreInteractions(mockAuth, mockRand, mockRequest, mockSession, mockUser);
@@ -132,16 +129,15 @@ public void testNullRequest() throws Exception {
 	public void testNullSession() throws Exception {
 		when(mockRequest.getSession(false)).thenReturn(null);
 		ClientInfoSupplier cis = new ClientInfoSupplier();
-		cis.setLogUserInfo(true);
+		cis.setLogClientInfo(true);
 		String result = cis.get();
 		
 		//sid is empty when session is null		
-		assertEquals(testName.getMethodName() + "-USER:@"+testName.getMethodName() + "-HOST_ADDR", result);
+		assertEquals("@"+testName.getMethodName() + "-HOST_ADDR", result);
 		
 		
 		verify(mockAuth,times(1)).getCurrentUser();
 		verify(mockRequest,times(1)).getSession(false);
-		verify(mockUser,times(1)).getAccountName();
 		verify(mockUser,times(1)).getLastHostAddress();
 		
 		
@@ -154,18 +150,17 @@ public void testNullSession() throws Exception {
 	public void testNullEsapiSession() throws Exception {
 		when(mockSession.getAttribute(ESAPI_SESSION_ATTR)).thenReturn(null);
 		ClientInfoSupplier cis = new ClientInfoSupplier();
-		cis.setLogUserInfo(true);
+		cis.setLogClientInfo(true);
 		String result = cis.get();
 		
 		//sid is empty when session is null		
-		assertEquals(testName.getMethodName() + "-USER:55555@"+testName.getMethodName() + "-HOST_ADDR", result);
+		assertEquals("55555@"+testName.getMethodName() + "-HOST_ADDR", result);
 		
 		verify(mockAuth,times(1)).getCurrentUser();
 		verify(mockRequest,times(1)).getSession(false);
 		verify(mockSession,times(1)).getAttribute(ESAPI_SESSION_ATTR);
 		verify(mockSession, times(1)).setAttribute(ESAPI_SESSION_ATTR, (""+55555));
 		verify(mockRand, times(1)).getRandomInteger(ArgumentMatchers.anyInt(), ArgumentMatchers.anyInt());
-		verify(mockUser,times(1)).getAccountName();
 		verify(mockUser,times(1)).getLastHostAddress();
 		
 		verifyNoMoreInteractions(mockAuth, mockRand, mockRequest, mockSession, mockUser);
diff --git a/src/test/java/org/owasp/esapi/logging/appender/LogPrefixAppenderTest.java b/src/test/java/org/owasp/esapi/logging/appender/LogPrefixAppenderTest.java
index c8bfd0c70..08bd34519 100644
--- a/src/test/java/org/owasp/esapi/logging/appender/LogPrefixAppenderTest.java
+++ b/src/test/java/org/owasp/esapi/logging/appender/LogPrefixAppenderTest.java
@@ -29,7 +29,10 @@ public class LogPrefixAppenderTest {
 	private String etlsSpyGet = "EVENT_TYPE";
 
 	private ClientInfoSupplier cisSpy;
-	private String cisSpyGet = "CLIENT_INFO";
+    private String cisSpyGet = "CLIENT_INFO";
+    
+    private UserInfoSupplier uisSpy;
+    private String uisSpyGet = "USER_INFO";
 
 	private ServerInfoSupplier sisSpy;
 	private String sisSpyGet = "SERVER_INFO";
@@ -37,10 +40,12 @@ public class LogPrefixAppenderTest {
 	@Before
 	public void buildSupplierSpies() {
 		etlsSpy = spy(new EventTypeLogSupplier(Logger.EVENT_UNSPECIFIED));
+		uisSpy = spy(new UserInfoSupplier());
 		cisSpy = spy(new ClientInfoSupplier());
 		sisSpy = spy(new ServerInfoSupplier(testName.getMethodName()));
 
 		when(etlsSpy.get()).thenReturn(etlsSpyGet);
+		when(uisSpy.get()).thenReturn(uisSpyGet);
 		when(cisSpy.get()).thenReturn(cisSpyGet);
 		when(sisSpy.get()).thenReturn(sisSpyGet);
 	}
@@ -50,28 +55,31 @@ public void verifyDelegatePassthroughCreation() throws Exception {
 		ArgumentCaptor<EventType> eventTypeCapture = ArgumentCaptor.forClass(EventType.class);
 		ArgumentCaptor<String> logNameCapture = ArgumentCaptor.forClass(String.class);
 		whenNew(EventTypeLogSupplier.class).withArguments(eventTypeCapture.capture()).thenReturn(etlsSpy);
+		whenNew(UserInfoSupplier.class).withNoArguments().thenReturn(uisSpy);
 		whenNew(ClientInfoSupplier.class).withNoArguments().thenReturn(cisSpy);
 		whenNew(ServerInfoSupplier.class).withArguments(logNameCapture.capture()).thenReturn(sisSpy);
 
-		LogPrefixAppender lpa = new LogPrefixAppender(true, true, true, testName.getMethodName() + "-APPLICATION");
+		LogPrefixAppender lpa = new LogPrefixAppender(true, true, true, true, testName.getMethodName() + "-APPLICATION");
 		String result = lpa.appendTo(testName.getMethodName() + "-LOGGER", Logger.EVENT_UNSPECIFIED,
 				testName.getMethodName() + "-MESSAGE");
 
 		// Based on the forced returns in the before block
-		assertEquals("[EVENT_TYPE CLIENT_INFO -> SERVER_INFO] " + testName.getMethodName() + "-MESSAGE", result);
+		assertEquals("[EVENT_TYPE USER_INFO:CLIENT_INFO -> SERVER_INFO] " + testName.getMethodName() + "-MESSAGE", result);
 
 		assertEquals(Logger.EVENT_UNSPECIFIED, eventTypeCapture.getValue());
 		assertEquals(testName.getMethodName() + "-LOGGER", logNameCapture.getValue());
 
 		verify(etlsSpy, times(1)).get();
+		verify(uisSpy, times(1)).get();
 		verify(cisSpy, times(1)).get();
 		verify(sisSpy, times(1)).get();
 
-		verify(cisSpy, times(1)).setLogUserInfo(true);
+		verify(uisSpy, times(1)).setLogUserInfo(true);
+		verify(cisSpy, times(1)).setLogClientInfo(true);
 		verify(sisSpy, times(1)).setLogServerIp(true);
 		verify(sisSpy, times(1)).setLogApplicationName(true, testName.getMethodName() + "-APPLICATION");
 
-		verifyNoMoreInteractions(etlsSpy, cisSpy, sisSpy);
+		verifyNoMoreInteractions(etlsSpy, uisSpy, cisSpy, sisSpy);
 	}
 
 	@Test
@@ -79,28 +87,31 @@ public void verifyDelegatePassthroughCreation2() throws Exception {
 		ArgumentCaptor<EventType> eventTypeCapture = ArgumentCaptor.forClass(EventType.class);
 		ArgumentCaptor<String> logNameCapture = ArgumentCaptor.forClass(String.class);
 		whenNew(EventTypeLogSupplier.class).withArguments(eventTypeCapture.capture()).thenReturn(etlsSpy);
+		whenNew(UserInfoSupplier.class).withNoArguments().thenReturn(uisSpy);
 		whenNew(ClientInfoSupplier.class).withNoArguments().thenReturn(cisSpy);
 		whenNew(ServerInfoSupplier.class).withArguments(logNameCapture.capture()).thenReturn(sisSpy);
 
-		LogPrefixAppender lpa = new LogPrefixAppender(false, false, false, null);
+		LogPrefixAppender lpa = new LogPrefixAppender(false, false, false, false, null);
 		String result = lpa.appendTo(testName.getMethodName() + "-LOGGER", Logger.EVENT_UNSPECIFIED,
 				testName.getMethodName() + "-MESSAGE");
 
 		// Based on the forced returns in the before block
-		assertEquals("[EVENT_TYPE CLIENT_INFO -> SERVER_INFO] " + testName.getMethodName() + "-MESSAGE", result);
+		assertEquals("[EVENT_TYPE USER_INFO:CLIENT_INFO -> SERVER_INFO] " + testName.getMethodName() + "-MESSAGE", result);
 
 		assertEquals(Logger.EVENT_UNSPECIFIED, eventTypeCapture.getValue());
 		assertEquals(testName.getMethodName() + "-LOGGER", logNameCapture.getValue());
 
 		verify(etlsSpy, times(1)).get();
+		verify(uisSpy, times(1)).get();
 		verify(cisSpy, times(1)).get();
 		verify(sisSpy, times(1)).get();
 
-		verify(cisSpy, times(1)).setLogUserInfo(false);
+		verify(uisSpy, times(1)).setLogUserInfo(false);
+		verify(cisSpy, times(1)).setLogClientInfo(false);
 		verify(sisSpy, times(1)).setLogServerIp(false);
 		verify(sisSpy, times(1)).setLogApplicationName(false, null);
 
-		verifyNoMoreInteractions(etlsSpy, cisSpy, sisSpy);
+		verifyNoMoreInteractions(etlsSpy, uisSpy, cisSpy, sisSpy);
 	}
 
 }
diff --git a/src/test/java/org/owasp/esapi/logging/java/JavaLogFactoryTest.java b/src/test/java/org/owasp/esapi/logging/java/JavaLogFactoryTest.java
index 52e38b566..c0713f239 100644
--- a/src/test/java/org/owasp/esapi/logging/java/JavaLogFactoryTest.java
+++ b/src/test/java/org/owasp/esapi/logging/java/JavaLogFactoryTest.java
@@ -132,17 +132,19 @@ public void checkScrubberWithoutEncoding() throws Exception {
      */
     @Test
     public void checkPassthroughAppenderConstruct() throws Exception {
-        LogPrefixAppender stubAppender = new LogPrefixAppender(true, true, true, "");
+        LogPrefixAppender stubAppender = new LogPrefixAppender(true, true, true, true, "");
+        ArgumentCaptor<Boolean> userInfoCapture = ArgumentCaptor.forClass(Boolean.class);
         ArgumentCaptor<Boolean> clientInfoCapture = ArgumentCaptor.forClass(Boolean.class);
         ArgumentCaptor<Boolean> serverInfoCapture = ArgumentCaptor.forClass(Boolean.class);
         ArgumentCaptor<Boolean> logAppNameCapture = ArgumentCaptor.forClass(Boolean.class);
         ArgumentCaptor<String> appNameCapture = ArgumentCaptor.forClass(String.class);
 
-        PowerMockito.whenNew(LogPrefixAppender.class).withArguments(clientInfoCapture.capture(), serverInfoCapture.capture(), logAppNameCapture.capture(), appNameCapture.capture()).thenReturn(stubAppender);
+        PowerMockito.whenNew(LogPrefixAppender.class).withArguments(userInfoCapture.capture(), clientInfoCapture.capture(), serverInfoCapture.capture(), logAppNameCapture.capture(), appNameCapture.capture()).thenReturn(stubAppender);
 
-        LogAppender appender = JavaLogFactory.createLogAppender(true, false, true, testName.getMethodName());
+        LogAppender appender = JavaLogFactory.createLogAppender(true, true, false, true, testName.getMethodName());
 
         Assert.assertEquals(stubAppender, appender);
+        Assert.assertTrue(userInfoCapture.getValue());
         Assert.assertTrue(clientInfoCapture.getValue());
         Assert.assertFalse(serverInfoCapture.getValue());
         Assert.assertTrue(logAppNameCapture.getValue());
diff --git a/src/test/java/org/owasp/esapi/logging/log4j/Log4JLogFactoryTest.java b/src/test/java/org/owasp/esapi/logging/log4j/Log4JLogFactoryTest.java
index 6b9f55379..3b7378996 100644
--- a/src/test/java/org/owasp/esapi/logging/log4j/Log4JLogFactoryTest.java
+++ b/src/test/java/org/owasp/esapi/logging/log4j/Log4JLogFactoryTest.java
@@ -29,8 +29,6 @@
 import org.owasp.esapi.logging.cleaning.CompositeLogScrubber;
 import org.owasp.esapi.logging.cleaning.LogScrubber;
 import org.owasp.esapi.logging.cleaning.NewlineLogScrubber;
-import org.owasp.esapi.logging.log4j.Log4JLogFactory;
-import org.owasp.esapi.logging.log4j.Log4JLogger;
 import org.powermock.api.mockito.PowerMockito;
 import org.powermock.core.classloader.annotations.PrepareForTest;
 import org.powermock.modules.junit4.PowerMockRunner;
@@ -87,17 +85,19 @@ public void checkScrubberWithoutEncoding() throws Exception {
      */
     @Test
     public void checkPassthroughAppenderConstruct() throws Exception {
-        LogPrefixAppender stubAppender = new LogPrefixAppender(true, true, true, "");
+        LogPrefixAppender stubAppender = new LogPrefixAppender(true, true, true, true, "");
+        ArgumentCaptor<Boolean> userInfoCapture = ArgumentCaptor.forClass(Boolean.class);
         ArgumentCaptor<Boolean> clientInfoCapture = ArgumentCaptor.forClass(Boolean.class);
         ArgumentCaptor<Boolean> serverInfoCapture = ArgumentCaptor.forClass(Boolean.class);
         ArgumentCaptor<Boolean> logAppNameCapture = ArgumentCaptor.forClass(Boolean.class);
         ArgumentCaptor<String> appNameCapture = ArgumentCaptor.forClass(String.class);
 
-        PowerMockito.whenNew(LogPrefixAppender.class).withArguments(clientInfoCapture.capture(), serverInfoCapture.capture(), logAppNameCapture.capture(), appNameCapture.capture()).thenReturn(stubAppender);
+        PowerMockito.whenNew(LogPrefixAppender.class).withArguments(userInfoCapture.capture(), clientInfoCapture.capture(), serverInfoCapture.capture(), logAppNameCapture.capture(), appNameCapture.capture()).thenReturn(stubAppender);
 
-        LogAppender appender = Log4JLogFactory.createLogAppender(true, false, true, testName.getMethodName());
+        LogAppender appender = Log4JLogFactory.createLogAppender(true, true, false, true, testName.getMethodName());
 
         Assert.assertEquals(stubAppender, appender);
+        Assert.assertTrue(userInfoCapture.getValue());
         Assert.assertTrue(clientInfoCapture.getValue());
         Assert.assertFalse(serverInfoCapture.getValue());
         Assert.assertTrue(logAppNameCapture.getValue());
diff --git a/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactoryTest.java b/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactoryTest.java
index 6b4c8f972..c392f1d23 100644
--- a/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactoryTest.java
+++ b/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactoryTest.java
@@ -85,17 +85,19 @@ public void checkScrubberWithoutEncoding() throws Exception {
 	 */
     @Test
     public void checkPassthroughAppenderConstruct() throws Exception {
-    	LogPrefixAppender stubAppender = new LogPrefixAppender(true, true, true, "");
-    	ArgumentCaptor<Boolean> clientInfoCapture = ArgumentCaptor.forClass(Boolean.class);
-    	ArgumentCaptor<Boolean> serverInfoCapture = ArgumentCaptor.forClass(Boolean.class);
-    	ArgumentCaptor<Boolean> logAppNameCapture = ArgumentCaptor.forClass(Boolean.class);
-    	ArgumentCaptor<String> appNameCapture = ArgumentCaptor.forClass(String.class);
-    	
-    	PowerMockito.whenNew(LogPrefixAppender.class).withArguments(clientInfoCapture.capture(), serverInfoCapture.capture(), logAppNameCapture.capture(), appNameCapture.capture()).thenReturn(stubAppender);
-    	
-    	LogAppender appender = Slf4JLogFactory.createLogAppender(true, false, true, testName.getMethodName());
+        LogPrefixAppender stubAppender = new LogPrefixAppender(true, true, true, true, "");
+        ArgumentCaptor<Boolean> userInfoCapture = ArgumentCaptor.forClass(Boolean.class);
+        ArgumentCaptor<Boolean> clientInfoCapture = ArgumentCaptor.forClass(Boolean.class);
+        ArgumentCaptor<Boolean> serverInfoCapture = ArgumentCaptor.forClass(Boolean.class);
+        ArgumentCaptor<Boolean> logAppNameCapture = ArgumentCaptor.forClass(Boolean.class);
+        ArgumentCaptor<String> appNameCapture = ArgumentCaptor.forClass(String.class);
+
+        PowerMockito.whenNew(LogPrefixAppender.class).withArguments(userInfoCapture.capture(), clientInfoCapture.capture(), serverInfoCapture.capture(), logAppNameCapture.capture(), appNameCapture.capture()).thenReturn(stubAppender);
+
+    	LogAppender appender = Slf4JLogFactory.createLogAppender(true, true, false, true, testName.getMethodName());
     	
     	Assert.assertEquals(stubAppender, appender);
+    	Assert.assertTrue(userInfoCapture.getValue());
     	Assert.assertTrue(clientInfoCapture.getValue());
     	Assert.assertFalse(serverInfoCapture.getValue());
     	Assert.assertTrue(logAppNameCapture.getValue());

From 1d9a24ad24ae99def5e81755846d77ea43198dd0 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sat, 4 Jan 2020 10:25:35 -0600
Subject: [PATCH 649/812] Variable/Property Rename

Updating 'appInfo' references to 'clientInfo' to aid in associating the
property to the ClientInfoSupplier.
---
 configuration/esapi/ESAPI.properties                            | 2 +-
 src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java  | 2 +-
 .../java/org/owasp/esapi/logging/log4j/Log4JLogFactory.java     | 2 +-
 .../java/org/owasp/esapi/logging/log4j/Log4JLoggerFactory.java  | 2 +-
 .../java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java     | 2 +-
 .../org/owasp/esapi/reference/DefaultSecurityConfiguration.java | 2 +-
 src/test/resources/esapi/ESAPI.properties                       | 2 +-
 7 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/configuration/esapi/ESAPI.properties b/configuration/esapi/ESAPI.properties
index 922dcfa0e..20421a0bd 100644
--- a/configuration/esapi/ESAPI.properties
+++ b/configuration/esapi/ESAPI.properties
@@ -394,7 +394,7 @@ Logger.MaxLogFileSize=10000000
 # Determines whether ESAPI should log the user info.
 Logger.UserInfo=true
 # Determines whether ESAPI should log the app info.
-Logger.AppInfo=true
+Logger.ClientInfo=true
 
 #===========================================================================
 # ESAPI Intrusion Detection
diff --git a/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java b/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java
index 2c0f2176c..93230c8e5 100644
--- a/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java
+++ b/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java
@@ -55,7 +55,7 @@ public class JavaLogFactory implements LogFactory {
 
 
         boolean logUserInfo = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_USER_INFO);
-        boolean logClientInfo = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_APP_INFO);
+        boolean logClientInfo = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_CLIENT_INFO);
         boolean logApplicationName = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_APPLICATION_NAME);
         String appName = ESAPI.securityConfiguration().getStringProp(DefaultSecurityConfiguration.APPLICATION_NAME);
         boolean logServerIp = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_SERVER_IP);
diff --git a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogFactory.java b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogFactory.java
index cdcdbc3b8..0f318600a 100644
--- a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogFactory.java
+++ b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogFactory.java
@@ -53,7 +53,7 @@ public class Log4JLogFactory implements LogFactory {
 
         
         boolean logUserInfo = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_USER_INFO);
-        boolean logClientInfo = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_APP_INFO);
+        boolean logClientInfo = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_CLIENT_INFO);
         boolean logApplicationName = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_APPLICATION_NAME);
         String appName = ESAPI.securityConfiguration().getStringProp(DefaultSecurityConfiguration.APPLICATION_NAME);
         boolean logServerIp = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_SERVER_IP);
diff --git a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLoggerFactory.java b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLoggerFactory.java
index 3e032baef..bfa0914a3 100644
--- a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLoggerFactory.java
+++ b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLoggerFactory.java
@@ -41,7 +41,7 @@ public class Log4JLoggerFactory implements LoggerFactory {
         LOG4J_LOG_SCRUBBER = Log4JLogFactory.createLogScrubber(encodeLog);
 
         boolean logUserInfo = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_USER_INFO);
-        boolean logClientInfo = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_APP_INFO);
+        boolean logClientInfo = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_CLIENT_INFO);
         boolean logApplicationName = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_APPLICATION_NAME);
         String appName = ESAPI.securityConfiguration().getStringProp(DefaultSecurityConfiguration.APPLICATION_NAME);
         boolean logServerIp = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_SERVER_IP);
diff --git a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java
index 3b670745e..fab645062 100644
--- a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java
+++ b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogFactory.java
@@ -59,7 +59,7 @@ public class Slf4JLogFactory implements LogFactory {
         
 
         boolean logUserInfo = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_USER_INFO);
-        boolean logClientInfo = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_APP_INFO);
+        boolean logClientInfo = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_CLIENT_INFO);
 		boolean logApplicationName = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_APPLICATION_NAME);
 		String appName = ESAPI.securityConfiguration().getStringProp(DefaultSecurityConfiguration.APPLICATION_NAME);
 		boolean logServerIp = ESAPI.securityConfiguration().getBooleanProp(DefaultSecurityConfiguration.LOG_SERVER_IP);
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
index c15ad45ec..a91e0e9b7 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
@@ -153,7 +153,7 @@ public static SecurityConfiguration getInstance() {
     public static final String LOG_APPLICATION_NAME = "Logger.LogApplicationName";
     public static final String LOG_SERVER_IP = "Logger.LogServerIP";
     public static final String LOG_USER_INFO = "Logger.UserInfo";
-    public static final String LOG_APP_INFO = "Logger.AppInfo";
+    public static final String LOG_CLIENT_INFO = "Logger.ClientInfo";
     public static final String VALIDATION_PROPERTIES = "Validator.ConfigurationFile";
     public static final String VALIDATION_PROPERTIES_MULTIVALUED = "Validator.ConfigurationFile.MultiValued";
     public static final String ACCEPT_LENIENT_DATES = "Validator.AcceptLenientDates";
diff --git a/src/test/resources/esapi/ESAPI.properties b/src/test/resources/esapi/ESAPI.properties
index e11f96c99..2537757c1 100644
--- a/src/test/resources/esapi/ESAPI.properties
+++ b/src/test/resources/esapi/ESAPI.properties
@@ -427,7 +427,7 @@ Logger.MaxLogFileSize=10000000
 # Determines whether ESAPI should log the user info.
 Logger.UserInfo=true
 # Determines whether ESAPI should log the app info.
-Logger.AppInfo=true
+Logger.ClientInfo=true
 
 #===========================================================================
 # ESAPI Intrusion Detection

From fc4fd1e9a02fa0d1216a45d65a38f6914e0fe2b6 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sat, 4 Jan 2020 11:30:08 -0600
Subject: [PATCH 650/812] LogPrefixAppender output enhancements

Making the implementation smarter in order to limit the prefix content to
only pertient content based on whether the delegate suppliers are
returning valid loggable information.
---
 .../logging/appender/LogPrefixAppender.java   |  33 ++-
 .../appender/LogPrefixAppenderTest.java       | 231 +++++++++++-------
 2 files changed, 166 insertions(+), 98 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java b/src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java
index 0dc4750a7..9beb1a97e 100644
--- a/src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java
+++ b/src/main/java/org/owasp/esapi/logging/appender/LogPrefixAppender.java
@@ -23,7 +23,7 @@
  */
 public class LogPrefixAppender implements LogAppender {
     /** Output format used to assemble return values. */
-    private static final String RESULT_FORMAT = "[%s %s:%s -> %s] %s";// EVENT_TYPE, CLIENT_INFO, SERVER_INFO, messageBody
+    private static final String RESULT_FORMAT = "[%s] %s"; //Assembled Prefix, MSG
 
     /** Whether or not to record user information. */
     private final boolean logUserInfo;
@@ -63,15 +63,34 @@ public String appendTo(String logName, EventType eventType, String message) {
         ClientInfoSupplier clientInfoSupplier = new ClientInfoSupplier();
         clientInfoSupplier.setLogClientInfo(logClientInfo);
         
-                ServerInfoSupplier serverInfoSupplier = new ServerInfoSupplier(logName);
+        ServerInfoSupplier serverInfoSupplier = new ServerInfoSupplier(logName);
         serverInfoSupplier.setLogServerIp(logServerIp);
         serverInfoSupplier.setLogApplicationName(logApplicationName, appName);
 
-        String eventTypeMsg = eventTypeSupplier.get();
-        String userInfoMsg = userInfoSupplier.get();
-        String clientInfoMsg = clientInfoSupplier.get();
-        String serverInfoMsg = serverInfoSupplier.get();
+        String eventTypeMsg = eventTypeSupplier.get().trim();
+        String userInfoMsg = userInfoSupplier.get().trim();
+        String clientInfoMsg = clientInfoSupplier.get().trim();
+        String serverInfoMsg = serverInfoSupplier.get().trim();
+        
+        //If both user and client have content, then postfix the semicolon to the userInfoMsg at this point to simplify the StringBuilder operations later.
+        userInfoMsg = (!userInfoMsg.isEmpty() && !clientInfoMsg.isEmpty()) ? userInfoMsg + ":" : userInfoMsg;
+      
+        //If both server has content, then prefix the arrow to the serverInfoMsg at this point to simplify the StringBuilder operations later.
+        serverInfoMsg = (!serverInfoMsg.isEmpty()) ? "-> " + serverInfoMsg: serverInfoMsg;
+
+        String[] optionalPrefixContent = new String[] {userInfoMsg + clientInfoMsg, serverInfoMsg};
 
-        return String.format(RESULT_FORMAT, eventTypeMsg, userInfoMsg, clientInfoMsg, serverInfoMsg, message);
+        StringBuilder logPrefix = new StringBuilder();
+        //EventType is always appended
+        logPrefix.append(eventTypeMsg);
+        
+        for (String element : optionalPrefixContent) {
+            if (!element.isEmpty()) {
+                logPrefix.append(" ");
+                logPrefix.append(element);
+            }
+        }
+      
+        return String.format(RESULT_FORMAT, logPrefix.toString(), message);
     }
 }
diff --git a/src/test/java/org/owasp/esapi/logging/appender/LogPrefixAppenderTest.java b/src/test/java/org/owasp/esapi/logging/appender/LogPrefixAppenderTest.java
index 08bd34519..186d69648 100644
--- a/src/test/java/org/owasp/esapi/logging/appender/LogPrefixAppenderTest.java
+++ b/src/test/java/org/owasp/esapi/logging/appender/LogPrefixAppenderTest.java
@@ -4,7 +4,6 @@
 import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.verifyNoMoreInteractions;
 import static org.mockito.Mockito.when;
 import static org.powermock.api.mockito.PowerMockito.whenNew;
 
@@ -22,96 +21,146 @@
 @RunWith(PowerMockRunner.class)
 @PrepareForTest(LogPrefixAppender.class)
 public class LogPrefixAppenderTest {
-	@Rule
-	public TestName testName = new TestName();
-
-	private EventTypeLogSupplier etlsSpy;
-	private String etlsSpyGet = "EVENT_TYPE";
-
-	private ClientInfoSupplier cisSpy;
-    private String cisSpyGet = "CLIENT_INFO";
+    private static final String EMPTY_RESULT = "   ";
+    private static final String ETL_RESULT = "EVENT_TYPE";
+    private static final String CIS_RESULT = "CLIENT_INFO";
+    private static final String UIS_RESULT = "USER_INFO";
+    private static final String SIS_RESULT = "SERVER_INFO";
+
+    @Rule
+    public TestName testName = new TestName();
     
-    private UserInfoSupplier uisSpy;
-    private String uisSpyGet = "USER_INFO";
-
-	private ServerInfoSupplier sisSpy;
-	private String sisSpyGet = "SERVER_INFO";
-
-	@Before
-	public void buildSupplierSpies() {
-		etlsSpy = spy(new EventTypeLogSupplier(Logger.EVENT_UNSPECIFIED));
-		uisSpy = spy(new UserInfoSupplier());
-		cisSpy = spy(new ClientInfoSupplier());
-		sisSpy = spy(new ServerInfoSupplier(testName.getMethodName()));
-
-		when(etlsSpy.get()).thenReturn(etlsSpyGet);
-		when(uisSpy.get()).thenReturn(uisSpyGet);
-		when(cisSpy.get()).thenReturn(cisSpyGet);
-		when(sisSpy.get()).thenReturn(sisSpyGet);
-	}
-
-	@Test
-	public void verifyDelegatePassthroughCreation() throws Exception {
-		ArgumentCaptor<EventType> eventTypeCapture = ArgumentCaptor.forClass(EventType.class);
-		ArgumentCaptor<String> logNameCapture = ArgumentCaptor.forClass(String.class);
-		whenNew(EventTypeLogSupplier.class).withArguments(eventTypeCapture.capture()).thenReturn(etlsSpy);
-		whenNew(UserInfoSupplier.class).withNoArguments().thenReturn(uisSpy);
-		whenNew(ClientInfoSupplier.class).withNoArguments().thenReturn(cisSpy);
-		whenNew(ServerInfoSupplier.class).withArguments(logNameCapture.capture()).thenReturn(sisSpy);
-
-		LogPrefixAppender lpa = new LogPrefixAppender(true, true, true, true, testName.getMethodName() + "-APPLICATION");
-		String result = lpa.appendTo(testName.getMethodName() + "-LOGGER", Logger.EVENT_UNSPECIFIED,
-				testName.getMethodName() + "-MESSAGE");
-
-		// Based on the forced returns in the before block
-		assertEquals("[EVENT_TYPE USER_INFO:CLIENT_INFO -> SERVER_INFO] " + testName.getMethodName() + "-MESSAGE", result);
-
-		assertEquals(Logger.EVENT_UNSPECIFIED, eventTypeCapture.getValue());
-		assertEquals(testName.getMethodName() + "-LOGGER", logNameCapture.getValue());
-
-		verify(etlsSpy, times(1)).get();
-		verify(uisSpy, times(1)).get();
-		verify(cisSpy, times(1)).get();
-		verify(sisSpy, times(1)).get();
-
-		verify(uisSpy, times(1)).setLogUserInfo(true);
-		verify(cisSpy, times(1)).setLogClientInfo(true);
-		verify(sisSpy, times(1)).setLogServerIp(true);
-		verify(sisSpy, times(1)).setLogApplicationName(true, testName.getMethodName() + "-APPLICATION");
-
-		verifyNoMoreInteractions(etlsSpy, uisSpy, cisSpy, sisSpy);
-	}
-
-	@Test
-	public void verifyDelegatePassthroughCreation2() throws Exception {
-		ArgumentCaptor<EventType> eventTypeCapture = ArgumentCaptor.forClass(EventType.class);
-		ArgumentCaptor<String> logNameCapture = ArgumentCaptor.forClass(String.class);
-		whenNew(EventTypeLogSupplier.class).withArguments(eventTypeCapture.capture()).thenReturn(etlsSpy);
-		whenNew(UserInfoSupplier.class).withNoArguments().thenReturn(uisSpy);
-		whenNew(ClientInfoSupplier.class).withNoArguments().thenReturn(cisSpy);
-		whenNew(ServerInfoSupplier.class).withArguments(logNameCapture.capture()).thenReturn(sisSpy);
-
-		LogPrefixAppender lpa = new LogPrefixAppender(false, false, false, false, null);
-		String result = lpa.appendTo(testName.getMethodName() + "-LOGGER", Logger.EVENT_UNSPECIFIED,
-				testName.getMethodName() + "-MESSAGE");
-
-		// Based on the forced returns in the before block
-		assertEquals("[EVENT_TYPE USER_INFO:CLIENT_INFO -> SERVER_INFO] " + testName.getMethodName() + "-MESSAGE", result);
-
-		assertEquals(Logger.EVENT_UNSPECIFIED, eventTypeCapture.getValue());
-		assertEquals(testName.getMethodName() + "-LOGGER", logNameCapture.getValue());
-
-		verify(etlsSpy, times(1)).get();
-		verify(uisSpy, times(1)).get();
-		verify(cisSpy, times(1)).get();
-		verify(sisSpy, times(1)).get();
-
-		verify(uisSpy, times(1)).setLogUserInfo(false);
-		verify(cisSpy, times(1)).setLogClientInfo(false);
-		verify(sisSpy, times(1)).setLogServerIp(false);
-		verify(sisSpy, times(1)).setLogApplicationName(false, null);
-
-		verifyNoMoreInteractions(etlsSpy, uisSpy, cisSpy, sisSpy);
-	}
+    private String testLoggerName = testName.getMethodName() + "-LOGGER";
+    private String testLogMessage =  testName.getMethodName() + "-MESSAGE";
+    private String testApplicationName = testName.getMethodName() + "-APPLICATION_NAME";
+    private EventType testEventType = Logger.EVENT_UNSPECIFIED;
 
+    private EventTypeLogSupplier etlsSpy;
+    private ClientInfoSupplier cisSpy;
+    private UserInfoSupplier uisSpy;
+    private ServerInfoSupplier sisSpy;
+
+    @Before
+    public void buildSupplierSpies() {
+        etlsSpy = spy(new EventTypeLogSupplier(Logger.EVENT_UNSPECIFIED));
+        uisSpy = spy(new UserInfoSupplier());
+        cisSpy = spy(new ClientInfoSupplier());
+        sisSpy = spy(new ServerInfoSupplier(testName.getMethodName()));
+        
+        testLoggerName = testName.getMethodName() + "-LOGGER";
+        testLogMessage =  testName.getMethodName() + "-MESSAGE";
+        testApplicationName =  testName.getMethodName() + "-APPLICATION_NAME";
+    }
+    @Test
+    public void testCtrArgTruePassthroughToDelegates() throws Exception {
+        when(etlsSpy.get()).thenReturn(ETL_RESULT);
+        when(uisSpy.get()).thenReturn(UIS_RESULT);
+        when(cisSpy.get()).thenReturn(CIS_RESULT);
+        when(sisSpy.get()).thenReturn(SIS_RESULT);
+
+        whenNew(EventTypeLogSupplier.class).withArguments(testEventType).thenReturn(etlsSpy);
+        whenNew(UserInfoSupplier.class).withNoArguments().thenReturn(uisSpy);
+        whenNew(ClientInfoSupplier.class).withNoArguments().thenReturn(cisSpy);
+        whenNew(ServerInfoSupplier.class).withArguments(testLoggerName).thenReturn(sisSpy);
+
+        LogPrefixAppender lpa = new LogPrefixAppender(true, true,true,true, testApplicationName);
+        lpa.appendTo(testLoggerName, testEventType, testLogMessage);
+
+        verify(uisSpy, times(1)).setLogUserInfo(true);
+        verify(cisSpy, times(1)).setLogClientInfo(true);
+        verify(sisSpy, times(1)).setLogServerIp(true);
+        verify(sisSpy, times(1)).setLogApplicationName(true, testApplicationName);
+    }
+    
+    @Test
+    public void testCtrArgFalsePassthroughToDelegates() throws Exception {
+        when(etlsSpy.get()).thenReturn(ETL_RESULT);
+        when(uisSpy.get()).thenReturn(UIS_RESULT);
+        when(cisSpy.get()).thenReturn(CIS_RESULT);
+        when(sisSpy.get()).thenReturn(SIS_RESULT);
+
+        whenNew(EventTypeLogSupplier.class).withArguments(testEventType).thenReturn(etlsSpy);
+        whenNew(UserInfoSupplier.class).withNoArguments().thenReturn(uisSpy);
+        whenNew(ClientInfoSupplier.class).withNoArguments().thenReturn(cisSpy);
+        whenNew(ServerInfoSupplier.class).withArguments(testLoggerName).thenReturn(sisSpy);
+
+        LogPrefixAppender lpa = new LogPrefixAppender(false, false, false, false, null);
+        lpa.appendTo(testLoggerName, testEventType, testLogMessage);
+
+        verify(uisSpy, times(1)).setLogUserInfo(false);
+        verify(cisSpy, times(1)).setLogClientInfo(false);
+        verify(sisSpy, times(1)).setLogServerIp(false);
+        verify(sisSpy, times(1)).setLogApplicationName(false, null);
+    }
+    
+    @Test
+    public void testDelegateCtrArgs() throws Exception {
+        ArgumentCaptor<EventType> eventTypeCapture = ArgumentCaptor.forClass(EventType.class);
+        ArgumentCaptor<String> logNameCapture = ArgumentCaptor.forClass(String.class);
+        whenNew(EventTypeLogSupplier.class).withArguments(eventTypeCapture.capture()).thenReturn(etlsSpy);
+        whenNew(UserInfoSupplier.class).withNoArguments().thenReturn(uisSpy);
+        whenNew(ClientInfoSupplier.class).withNoArguments().thenReturn(cisSpy);
+        whenNew(ServerInfoSupplier.class).withArguments(logNameCapture.capture()).thenReturn(sisSpy);
+
+        LogPrefixAppender lpa = new LogPrefixAppender(true, true,true,true, testApplicationName);
+        lpa.appendTo(testLoggerName, testEventType, testLogMessage);
+
+        assertEquals(testEventType, eventTypeCapture.getValue());
+        assertEquals(testLoggerName, logNameCapture.getValue());
+    }
+
+    @Test
+    public void testLogContentWhenClientInfoEmpty() throws Exception {
+        runTest(ETL_RESULT, UIS_RESULT, EMPTY_RESULT,SIS_RESULT, "[EVENT_TYPE USER_INFO -> SERVER_INFO]");
+    }
+
+
+    @Test
+    public void testLogContentWhenUserInfoEmpty() throws Exception {
+        runTest(ETL_RESULT, EMPTY_RESULT, CIS_RESULT,SIS_RESULT, "[EVENT_TYPE CLIENT_INFO -> SERVER_INFO]");
+    }
+    
+    @Test
+    public void testLogContentWhenClientInfoEmptyAndServerInfoEmpty() throws Exception {
+        runTest(ETL_RESULT, UIS_RESULT, EMPTY_RESULT,EMPTY_RESULT, "[EVENT_TYPE USER_INFO]");
+    }
+
+    @Test
+    public void testLogContentWhenUserInfoEmptyAndServerInfoEmpty() throws Exception {
+        runTest(ETL_RESULT, EMPTY_RESULT, CIS_RESULT,EMPTY_RESULT, "[EVENT_TYPE CLIENT_INFO]");
+    }
+
+    @Test
+    public void testLogContentWhenUserInfoAndClientInfoEmpty() throws Exception {
+        runTest(ETL_RESULT, EMPTY_RESULT, EMPTY_RESULT, SIS_RESULT, "[EVENT_TYPE -> SERVER_INFO]");
+    }
+
+    @Test
+    public void testLogContentWhenServerInfoEmpty() throws Exception {
+        runTest(ETL_RESULT, UIS_RESULT, CIS_RESULT, EMPTY_RESULT, "[EVENT_TYPE USER_INFO:CLIENT_INFO]");
+    }
+    
+    @Test
+    public void testLogContentWhenUserInfoEmptyAndClientInfoEmptyAndServerInfoEmpty() throws Exception {
+        runTest(ETL_RESULT, EMPTY_RESULT, EMPTY_RESULT, EMPTY_RESULT, "[EVENT_TYPE]");
+    }
+
+
+    private void runTest(String typeResult, String userResult, String clientResult, String serverResult, String exResult) throws Exception{
+        when(etlsSpy.get()).thenReturn(typeResult);
+        when(uisSpy.get()).thenReturn(userResult);
+        when(cisSpy.get()).thenReturn(clientResult);
+        when(sisSpy.get()).thenReturn(serverResult);
+
+        whenNew(EventTypeLogSupplier.class).withArguments(testEventType).thenReturn(etlsSpy);
+        whenNew(UserInfoSupplier.class).withNoArguments().thenReturn(uisSpy);
+        whenNew(ClientInfoSupplier.class).withNoArguments().thenReturn(cisSpy);
+        whenNew(ServerInfoSupplier.class).withArguments(testLoggerName).thenReturn(sisSpy);
+
+        //Since everything is mocked these booleans don't much matter aside from the later verifies
+        LogPrefixAppender lpa = new LogPrefixAppender(false, false, false, false, null);
+        String result =   lpa.appendTo(testLoggerName, testEventType, testLogMessage);
+        
+        assertEquals(exResult + " " + testName.getMethodName() + "-MESSAGE", result);
+    }
 }

From 724ffdd0b0ebe5a958be952a7578fb5f97525020 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sat, 4 Jan 2020 11:37:31 -0600
Subject: [PATCH 651/812] EventTypeSupplier Improvement

Improving null handling by defaulting a null constructor parameter to
Logger.EVENT_UNSPECIFIED. This then prevents the get() call from ever
returning an empty String.  Test case updated to be parameterized and
validates each of the define EventType cases, along with the null
EventType case.
---
 .../appender/EventTypeLogSupplier.java        |  5 ++-
 .../appender/EventTypeLogSupplierTest.java    | 40 ++++++++++++++-----
 2 files changed, 33 insertions(+), 12 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/logging/appender/EventTypeLogSupplier.java b/src/main/java/org/owasp/esapi/logging/appender/EventTypeLogSupplier.java
index 447c7a6e5..2f857f128 100644
--- a/src/main/java/org/owasp/esapi/logging/appender/EventTypeLogSupplier.java
+++ b/src/main/java/org/owasp/esapi/logging/appender/EventTypeLogSupplier.java
@@ -17,6 +17,7 @@
 
 import java.util.function.Supplier;
 
+import org.owasp.esapi.Logger;
 import org.owasp.esapi.Logger.EventType;
 
 /**
@@ -34,11 +35,11 @@ public class EventTypeLogSupplier implements Supplier<String> {
      * @param evtyp EventType reference to supply log representation for
      */
     public EventTypeLogSupplier(EventType evtyp) {
-        this.eventType = evtyp;
+        this.eventType = evtyp == null ? Logger.EVENT_UNSPECIFIED : evtyp;
     }
 
     @Override
     public String get() {
-        return eventType == null ? "" : eventType.toString();
+        return eventType.toString();
     }
 }
diff --git a/src/test/java/org/owasp/esapi/logging/appender/EventTypeLogSupplierTest.java b/src/test/java/org/owasp/esapi/logging/appender/EventTypeLogSupplierTest.java
index c81204d1e..f86fbbca4 100644
--- a/src/test/java/org/owasp/esapi/logging/appender/EventTypeLogSupplierTest.java
+++ b/src/test/java/org/owasp/esapi/logging/appender/EventTypeLogSupplierTest.java
@@ -2,25 +2,45 @@
 
 import static org.junit.Assert.assertEquals;
 
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
+
 import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+import org.junit.runners.Parameterized.Parameters;
 import org.owasp.esapi.Logger;
 import org.owasp.esapi.Logger.EventType;
 
+@RunWith(Parameterized.class)
 public class EventTypeLogSupplierTest {
 
+    @Parameters (name="{0} -> {1}")
+    public static Collection<Object[]> assembleTests() {
+        List<Object[]> paramSets = new ArrayList<>();
+        paramSets.add(new Object[] {Logger.EVENT_FAILURE,Logger.EVENT_FAILURE.toString()});
+        paramSets.add(new Object[] {Logger.EVENT_SUCCESS,Logger.EVENT_SUCCESS.toString()});
+        paramSets.add(new Object[] {Logger.EVENT_UNSPECIFIED,Logger.EVENT_UNSPECIFIED.toString()});
+        paramSets.add(new Object[] {Logger.SECURITY_AUDIT,Logger.SECURITY_AUDIT.toString()});
+        paramSets.add(new Object[] {Logger.SECURITY_FAILURE,Logger.SECURITY_FAILURE.toString()});
+        paramSets.add(new Object[] {Logger.SECURITY_SUCCESS,Logger.SECURITY_SUCCESS.toString()});
+        paramSets.add(new Object[] {null, Logger.EVENT_UNSPECIFIED.toString()});
+        
+        return paramSets;
+    }
+    
+    private final EventType eventType;
+    private final String expectedResult;
+    
+    public EventTypeLogSupplierTest(EventType eventType, String result) {
+        this.eventType = eventType;
+        this.expectedResult = result;
+    }
 	@Test
 	public void testEventTypeLog() {
-		EventType eventType = Logger.EVENT_UNSPECIFIED;
 		EventTypeLogSupplier supplier = new EventTypeLogSupplier(eventType);
-		
-		assertEquals(eventType.toString(), supplier.get());
+		assertEquals(expectedResult, supplier.get());
 	}
 	
-	@Test
-	public void testNullEventTypeLog() {
-		
-		EventTypeLogSupplier supplier = new EventTypeLogSupplier(null);
-		
-		assertEquals("", supplier.get());
-	}
 }

From 872f8db9f728b0aaab9ac5b270658ad036997ef0 Mon Sep 17 00:00:00 2001
From: jeremiahjstacey <jeremiah.j.stacey@gmail.com>
Date: Sat, 1 Feb 2020 11:25:12 -0600
Subject: [PATCH 652/812] Issue 536 (#537)

* Variable Scope Increase

Reducing duplication by updating common strings to package-protected.

* SecurityWrapperResponse setHeader updates

Updating implementation to independently test the header and the
value method params.  Additional Logging has been added to identify each
unique case of ValidationException offense.

Tests have been updated and extended to verify the setHeader method.

* SecurityWrapperResponse addHeader updates

Updating addHeader behavior and testing to be inline with setHeader
updates requested in issue.

Tests have been updated and extended to verify the addHeader method.

* SecurityWrapperRepsonse addHeader log update

Copy/Pasta "set" context -- now corrected to "add"

* SecurityWrapperResponse Header Log Improvements

Appending the input header name to log messages when ValidationExceptions
occur.
---
 .../filters/SecurityWrapperResponse.java      |  55 +-
 .../filters/SecurityWrapperRequestTest.java   |  17 +-
 .../filters/SecurityWrapperResponseTest.java  | 649 ++++++++++++++++--
 3 files changed, 658 insertions(+), 63 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java b/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java
index 91852b1ab..3cb152477 100644
--- a/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java
+++ b/src/main/java/org/owasp/esapi/filters/SecurityWrapperResponse.java
@@ -173,16 +173,28 @@ public void addDateHeader(String name, long date) {
      * @param value
      */
     public void addHeader(String name, String value) {
+        SecurityConfiguration sc = ESAPI.securityConfiguration();
+        String strippedName = StringUtilities.stripControls(name);
+        String strippedValue = StringUtilities.stripControls(value);
+        String safeName = null;
+        String safeValue = null;
         try {
-            // TODO: make stripping a global config
-            SecurityConfiguration sc = ESAPI.securityConfiguration();
-            String strippedName = StringUtilities.stripControls(name);
-            String strippedValue = StringUtilities.stripControls(value);
-            String safeName = ESAPI.validator().getValidInput("addHeader", strippedName, "HTTPHeaderName", sc.getIntProp("HttpUtilities.MaxHeaderNameSize"), false);
-            String safeValue = ESAPI.validator().getValidInput("addHeader", strippedValue, "HTTPHeaderValue", sc.getIntProp("HttpUtilities.MaxHeaderValueSize"), false);
-            getHttpServletResponse().addHeader(safeName, safeValue);
+            safeName = ESAPI.validator().getValidInput("addHeader", strippedName, "HTTPHeaderName", sc.getIntProp("HttpUtilities.MaxHeaderNameSize"), false);
         } catch (ValidationException e) {
-            logger.warning(Logger.SECURITY_FAILURE, "Attempt to add invalid header denied", e);
+            logger.warning(Logger.SECURITY_FAILURE, "Attempt to add invalid header NAME denied: HTTPHeaderName:"+ name, e);
+        }
+        
+        try {
+            safeValue = ESAPI.validator().getValidInput("addHeader", strippedValue, "HTTPHeaderValue", sc.getIntProp("HttpUtilities.MaxHeaderValueSize"), false);
+        } catch (ValidationException e) {
+            logger.warning(Logger.SECURITY_FAILURE, "Attempt to add invalid header VALUE denied: HTTPHeaderName:"+ name, e);
+        }
+        
+        boolean validName = StringUtilities.notNullOrEmpty(safeName, true);
+        boolean validValue = StringUtilities.notNullOrEmpty(safeValue, true);
+        
+        if (validName && validValue) {
+            getHttpServletResponse().addHeader(safeName, safeValue);
         }
     }
     
@@ -483,15 +495,28 @@ public void setDateHeader(String name, long date) {
      * @param value
      */
     public void setHeader(String name, String value) {
+        SecurityConfiguration sc = ESAPI.securityConfiguration();
+        String strippedName = StringUtilities.stripControls(name);
+        String strippedValue = StringUtilities.stripControls(value);
+        String safeName = null;
+        String safeValue = null;
         try {
-            String strippedName = StringUtilities.stripControls(name);
-            String strippedValue = StringUtilities.stripControls(value);
-            SecurityConfiguration sc = ESAPI.securityConfiguration();
-            String safeName = ESAPI.validator().getValidInput("setHeader", strippedName, "HTTPHeaderName", sc.getIntProp("HttpUtilities.MaxHeaderNameSize"), false);
-            String safeValue = ESAPI.validator().getValidInput("setHeader", strippedValue, "HTTPHeaderValue", sc.getIntProp("HttpUtilities.MaxHeaderValueSize"), false);
-            getHttpServletResponse().setHeader(safeName, safeValue);
+            safeName = ESAPI.validator().getValidInput("setHeader", strippedName, "HTTPHeaderName", sc.getIntProp("HttpUtilities.MaxHeaderNameSize"), false);
         } catch (ValidationException e) {
-            logger.warning(Logger.SECURITY_FAILURE, "Attempt to set invalid header denied", e);
+            logger.warning(Logger.SECURITY_FAILURE, "Attempt to set invalid header NAME denied: HTTPHeaderName:"+ name, e);
+        }
+        
+        try {
+            safeValue = ESAPI.validator().getValidInput("setHeader", strippedValue, "HTTPHeaderValue", sc.getIntProp("HttpUtilities.MaxHeaderValueSize"), false);
+        } catch (ValidationException e) {
+            logger.warning(Logger.SECURITY_FAILURE, "Attempt to set invalid header VALUE denied: HTTPHeaderName:"+ name, e);
+        }
+        
+        boolean validName = StringUtilities.notNullOrEmpty(safeName, true);
+        boolean validValue = StringUtilities.notNullOrEmpty(safeValue, true);
+        
+        if (validName && validValue) {
+            getHttpServletResponse().setHeader(safeName, safeValue);
         }
     }
 
diff --git a/src/test/java/org/owasp/esapi/filters/SecurityWrapperRequestTest.java b/src/test/java/org/owasp/esapi/filters/SecurityWrapperRequestTest.java
index dddad6d3b..03b776df8 100644
--- a/src/test/java/org/owasp/esapi/filters/SecurityWrapperRequestTest.java
+++ b/src/test/java/org/owasp/esapi/filters/SecurityWrapperRequestTest.java
@@ -18,8 +18,8 @@
 import static org.junit.Assert.assertNotEquals;
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertTrue;
-import static org.mockito.ArgumentMatchers.anyInt;
-import static org.mockito.ArgumentMatchers.*;
+import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
 // A hack for now; eventually, I plan to move this into a new org.owasp.esapi.PropNames class. -kww
@@ -41,7 +41,6 @@
 import org.mockito.stubbing.Answer;
 import org.owasp.esapi.ESAPI;
 import org.owasp.esapi.Logger;
-import org.owasp.esapi.Logger.EventType;
 import org.owasp.esapi.SecurityConfiguration;
 import org.owasp.esapi.Validator;
 import org.owasp.esapi.errors.ValidationException;
@@ -61,15 +60,15 @@
 @RunWith(PowerMockRunner.class)
 @PrepareForTest(ESAPI.class)
 public class SecurityWrapperRequestTest {
-	private static final String ESAPI_VALIDATOR_GETTER_METHOD_NAME = "validator";
-	private static final String ESAPI_GET_LOGGER_METHOD_NAME = "getLogger";
-    private static final String ESAPY_SECURITY_CONFIGURATION_GETTER_METHOD_NAME = "securityConfiguration";
-    private static final String SECURITY_CONFIGURATION_QUERY_STRING_LENGTH_KEY_NAME = "HttpUtilities.URILENGTH";
-    private static final String SECURITY_CONFIGURATION_PARAMETER_STRING_LENGTH_KEY_NAME = "HttpUtilities.httpQueryParamValueLength";
+    protected static final String ESAPI_VALIDATOR_GETTER_METHOD_NAME = "validator";
+	protected static final String ESAPI_GET_LOGGER_METHOD_NAME = "getLogger";
+	protected static final String ESAPY_SECURITY_CONFIGURATION_GETTER_METHOD_NAME = "securityConfiguration";
+    protected static final String SECURITY_CONFIGURATION_QUERY_STRING_LENGTH_KEY_NAME = "HttpUtilities.URILENGTH";
+    protected static final String SECURITY_CONFIGURATION_PARAMETER_STRING_LENGTH_KEY_NAME = "HttpUtilities.httpQueryParamValueLength";
     private static final String SECURITY_CONFIGURATION_HEADER_NAME_LENGTH_KEY_NAME = "HttpUtilities.MaxHeaderNameSize";
     private static final String SECURITY_CONFIGURATION_HEADER_VALUE_LENGTH_KEY_NAME = "HttpUtilities.MaxHeaderValueSize";
     
-    private static final int SECURITY_CONFIGURATION_TEST_LENGTH = 255;
+    protected static final int SECURITY_CONFIGURATION_TEST_LENGTH = 255;
 
     private static final String QUERY_STRING_CANONCALIZE_TYPE_KEY = "HTTPQueryString";
     private static final String PARAMETER_STRING_CANONCALIZE_TYPE_KEY = "HTTPParameterValue";
diff --git a/src/test/java/org/owasp/esapi/filters/SecurityWrapperResponseTest.java b/src/test/java/org/owasp/esapi/filters/SecurityWrapperResponseTest.java
index 362fa5be1..499da8799 100644
--- a/src/test/java/org/owasp/esapi/filters/SecurityWrapperResponseTest.java
+++ b/src/test/java/org/owasp/esapi/filters/SecurityWrapperResponseTest.java
@@ -1,37 +1,616 @@
 package org.owasp.esapi.filters;
 
 import static org.junit.Assert.assertEquals;
+import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
-
-import java.util.Collection;
+import static org.owasp.esapi.reference.DefaultSecurityConfiguration.DISABLE_INTRUSION_DETECTION;
 
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletResponse;
 
+import org.junit.Before;
+import org.junit.Rule;
 import org.junit.Test;
+import org.junit.rules.TestName;
 import org.junit.runner.RunWith;
+import org.mockito.ArgumentMatchers;
+import org.mockito.Mock;
 import org.mockito.Mockito;
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.Logger;
+import org.owasp.esapi.SecurityConfiguration;
+import org.owasp.esapi.Validator;
+import org.owasp.esapi.errors.ValidationException;
 import org.owasp.esapi.http.MockHttpServletResponse;
 import org.owasp.esapi.util.TestUtils;
+import org.powermock.api.mockito.PowerMockito;
 import org.powermock.core.classloader.annotations.PowerMockIgnore;
+import org.powermock.core.classloader.annotations.PrepareForTest;
 import org.powermock.modules.junit4.PowerMockRunner;
 
 //@PrepareForTest({SecurityWrapperResponse.class})
 @RunWith(PowerMockRunner.class)
+@PrepareForTest(ESAPI.class)
 @PowerMockIgnore({"com.sun.org.apache.xerces.*", "javax.xml.*", "org.xml.*", "org.w3c.dom.*"})
 public class SecurityWrapperResponseTest {
-    
+    private static final String HEADER_NAME_CONTEXT = "HTTPHeaderName";
+    private static final String HEADER_VALUE_CONTEXT = "HTTPHeaderValue";
+    private static final String SEC_CTX_MAX_HEADER_NAME_SIZE_ATTR = "HttpUtilities.MaxHeaderNameSize";
+    private static final String SEC_CTX_MAX_HEADER_VALUE_SIZE_ATTR = "HttpUtilities.MaxHeaderValueSize";
+
+
+    @Rule
+    public TestName testName = new TestName();
+
+    @Mock
+    private HttpServletResponse mockResponse;
+    @Mock
+    private Validator mockValidator;
+    @Mock
+    private SecurityConfiguration mockSecConfig;
+    @Mock
+    private Logger mockLogger;
+
+    private String goodHeaderName;
+    private String goodHeaderValue;
+
+    @Before
+    public void setup() throws Exception {
+        //preconfig will impact other tests unless isolated.  Still don't want to duplicate it though.
+        if (testName.getMethodName().startsWith("testSetHeader") ||
+                testName.getMethodName().startsWith("testAddHeader")) {
+            PowerMockito.mockStatic(ESAPI.class);
+            PowerMockito.when(ESAPI.class, SecurityWrapperRequestTest.ESAPI_VALIDATOR_GETTER_METHOD_NAME).thenReturn(mockValidator);
+            PowerMockito.when(ESAPI.class, SecurityWrapperRequestTest.ESAPI_GET_LOGGER_METHOD_NAME, "SecurityWrapperResponse").thenReturn(mockLogger);
+            PowerMockito.when(ESAPI.class, SecurityWrapperRequestTest.ESAPY_SECURITY_CONFIGURATION_GETTER_METHOD_NAME).thenReturn(mockSecConfig);
+            //Is intrusion detection disabled?  A:  Yes, it is off.  
+            //This logic is confusing:  True, the value is False...
+            Mockito.when( mockSecConfig.getBooleanProp( DISABLE_INTRUSION_DETECTION ) ).thenReturn(true);
+
+            goodHeaderName = testName.getMethodName() + "_goodHeaderName";
+            goodHeaderValue = testName.getMethodName() + "_goodHeaderValue";
+        }
+    }
+
     @Test
-    public void testAddHeader(){
-        HttpServletResponse servResp = mock(HttpServletResponse.class);
-        SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
-        resp.addHeader("Foo", "bar");
-        verify(servResp, times(1)).addHeader("Foo", "bar");
+    public void testSetHeaderHappyPath() throws Exception {
+        String validateNameResponse = goodHeaderName;
+        String validateValueResponse = goodHeaderValue;
+        PowerMockito.when(mockValidator.getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderName),
+                ArgumentMatchers.eq(HEADER_NAME_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false))).thenReturn(validateNameResponse);
+
+        PowerMockito.when(mockValidator.getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderValue),
+                ArgumentMatchers.eq(HEADER_VALUE_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false))).thenReturn(validateValueResponse);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SEC_CTX_MAX_HEADER_NAME_SIZE_ATTR)).thenReturn(
+                SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SEC_CTX_MAX_HEADER_VALUE_SIZE_ATTR)).thenReturn(
+                SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        SecurityWrapperResponse response = new SecurityWrapperResponse(mockResponse);
+
+        response.setHeader(goodHeaderName, goodHeaderValue);
+
+        verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderName), ArgumentMatchers.eq(HEADER_NAME_CONTEXT), ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH), ArgumentMatchers.eq(false));
+        verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderValue), ArgumentMatchers.eq(HEADER_VALUE_CONTEXT), ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH), ArgumentMatchers.eq(false));
+        verify(mockSecConfig, times(1)).getIntProp(SEC_CTX_MAX_HEADER_NAME_SIZE_ATTR);
+        verify(mockSecConfig, times(1)).getIntProp(SEC_CTX_MAX_HEADER_VALUE_SIZE_ATTR);
+        verify(mockResponse, times(1)).setHeader(validateNameResponse, validateValueResponse);
+        verify(mockLogger,times(0)).warning(ArgumentMatchers.any(org.owasp.esapi.Logger.EventType.class), anyString(), ArgumentMatchers.any(Exception.class));      
+    }
+
+    @Test
+    public void testSetHeaderNameNull() throws Exception {
+        String validateNameResponse = null;
+        String validateValueResponse = goodHeaderValue;
+        PowerMockito.when(mockValidator.getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderName),
+                ArgumentMatchers.eq(HEADER_NAME_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false))).thenReturn(validateNameResponse);
+
+        PowerMockito.when(mockValidator.getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderValue),
+                ArgumentMatchers.eq(HEADER_VALUE_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false))).thenReturn(validateValueResponse);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SEC_CTX_MAX_HEADER_NAME_SIZE_ATTR)).thenReturn(
+                SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SEC_CTX_MAX_HEADER_VALUE_SIZE_ATTR)).thenReturn(
+                SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        SecurityWrapperResponse response = new SecurityWrapperResponse(mockResponse);
+
+        response.setHeader(goodHeaderName, goodHeaderValue);
+
+        verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderName),
+                ArgumentMatchers.eq(HEADER_NAME_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false));
+        verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderValue),
+                ArgumentMatchers.eq(HEADER_VALUE_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false));
+        verify(mockSecConfig, times(1)).getIntProp(SEC_CTX_MAX_HEADER_NAME_SIZE_ATTR);
+        verify(mockSecConfig, times(1)).getIntProp(SEC_CTX_MAX_HEADER_VALUE_SIZE_ATTR);
+        verify(mockResponse, times(0)).setHeader(anyString(), anyString());
+        verify(mockLogger, times(0)).warning(ArgumentMatchers.any(org.owasp.esapi.Logger.EventType.class),anyString(),
+                ArgumentMatchers.any(Exception.class));
     }
-    
+
+    @Test
+    public void testSetHeaderNameEmpty() throws Exception {
+        String validateNameResponse = "     ";
+        String validateValueResponse = goodHeaderValue;
+        PowerMockito.when(mockValidator.getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderName),
+                ArgumentMatchers.eq(HEADER_NAME_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false))).thenReturn(validateNameResponse);
+
+        PowerMockito.when(mockValidator.getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderValue),
+                ArgumentMatchers.eq(HEADER_VALUE_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false))).thenReturn(validateValueResponse);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SEC_CTX_MAX_HEADER_NAME_SIZE_ATTR)).thenReturn(
+                SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SEC_CTX_MAX_HEADER_VALUE_SIZE_ATTR)).thenReturn(
+                SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        SecurityWrapperResponse response = new SecurityWrapperResponse(mockResponse);
+
+        response.setHeader(goodHeaderName, goodHeaderValue);
+
+        verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderName),
+                ArgumentMatchers.eq(HEADER_NAME_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false));
+        verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderValue),
+                ArgumentMatchers.eq(HEADER_VALUE_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false));
+        verify(mockSecConfig, times(1)).getIntProp(SEC_CTX_MAX_HEADER_NAME_SIZE_ATTR);
+        verify(mockSecConfig, times(1)).getIntProp(SEC_CTX_MAX_HEADER_VALUE_SIZE_ATTR);
+        verify(mockResponse, times(0)).setHeader(anyString(), anyString());
+        verify(mockLogger, times(0)).warning(ArgumentMatchers.any(org.owasp.esapi.Logger.EventType.class),anyString(),
+                ArgumentMatchers.any(Exception.class));
+    }
+
+    @Test
+    public void testSetHeaderNameThrowsValidationException() throws Exception {
+        String validateValueResponse = goodHeaderValue;
+        PowerMockito.when(mockValidator.getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderName),
+                ArgumentMatchers.eq(HEADER_NAME_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false))).thenThrow(ValidationException.class);
+
+        PowerMockito.when(mockValidator.getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderValue),
+                ArgumentMatchers.eq(HEADER_VALUE_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false))).thenReturn(validateValueResponse);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SEC_CTX_MAX_HEADER_NAME_SIZE_ATTR)).thenReturn(
+                SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SEC_CTX_MAX_HEADER_VALUE_SIZE_ATTR)).thenReturn(
+                SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        SecurityWrapperResponse response = new SecurityWrapperResponse(mockResponse);
+
+        response.setHeader(goodHeaderName, goodHeaderValue);
+
+        verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderName),
+                ArgumentMatchers.eq(HEADER_NAME_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false));
+        verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderValue),
+                ArgumentMatchers.eq(HEADER_VALUE_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false));
+        verify(mockSecConfig, times(1)).getIntProp(SEC_CTX_MAX_HEADER_NAME_SIZE_ATTR);
+        verify(mockSecConfig, times(1)).getIntProp(SEC_CTX_MAX_HEADER_VALUE_SIZE_ATTR);
+        verify(mockResponse, times(0)).setHeader(anyString(), anyString());
+
+        verify(mockLogger, times(1)).warning(ArgumentMatchers.any(org.owasp.esapi.Logger.EventType.class),
+                ArgumentMatchers.contains("Attempt to set invalid header NAME denied: HTTPHeaderName:"+ goodHeaderName),
+                ArgumentMatchers.any(Exception.class));
+    }
+
+    @Test
+    public void testSetHeaderValueNull() throws Exception {
+        String validateNameResponse = goodHeaderName;
+        String validateValueResponse = null;
+        PowerMockito.when(mockValidator.getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderName),
+                ArgumentMatchers.eq(HEADER_NAME_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false))).thenReturn(validateNameResponse);
+
+        PowerMockito.when(mockValidator.getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderValue),
+                ArgumentMatchers.eq(HEADER_VALUE_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false))).thenReturn(validateValueResponse);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SEC_CTX_MAX_HEADER_NAME_SIZE_ATTR)).thenReturn(
+                SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SEC_CTX_MAX_HEADER_VALUE_SIZE_ATTR)).thenReturn(
+                SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        SecurityWrapperResponse response = new SecurityWrapperResponse(mockResponse);
+
+        response.setHeader(goodHeaderName, goodHeaderValue);
+
+        verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderName),
+                ArgumentMatchers.eq(HEADER_NAME_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false));
+        verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderValue),
+                ArgumentMatchers.eq(HEADER_VALUE_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false));
+        verify(mockSecConfig, times(1)).getIntProp(SEC_CTX_MAX_HEADER_NAME_SIZE_ATTR);
+        verify(mockSecConfig, times(1)).getIntProp(SEC_CTX_MAX_HEADER_VALUE_SIZE_ATTR);
+        verify(mockResponse, times(0)).setHeader(anyString(), anyString());
+        verify(mockLogger, times(0)).warning(ArgumentMatchers.any(org.owasp.esapi.Logger.EventType.class),anyString(),
+                ArgumentMatchers.any(Exception.class)); 
+    }
+
+    @Test
+    public void testSetHeaderValueEmpty() throws Exception {
+        String validateNameResponse = goodHeaderName;
+        String validateValueResponse = "     ";
+        PowerMockito.when(mockValidator.getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderName),
+                ArgumentMatchers.eq(HEADER_NAME_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false))).thenReturn(validateNameResponse);
+
+        PowerMockito.when(mockValidator.getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderValue),
+                ArgumentMatchers.eq(HEADER_VALUE_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false))).thenReturn(validateValueResponse);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SEC_CTX_MAX_HEADER_NAME_SIZE_ATTR)).thenReturn(
+                SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SEC_CTX_MAX_HEADER_VALUE_SIZE_ATTR)).thenReturn(
+                SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        SecurityWrapperResponse response = new SecurityWrapperResponse(mockResponse);
+
+        response.setHeader(goodHeaderName, goodHeaderValue);
+
+        verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderName),
+                ArgumentMatchers.eq(HEADER_NAME_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false));
+        verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderValue),
+                ArgumentMatchers.eq(HEADER_VALUE_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false));
+        verify(mockSecConfig, times(1)).getIntProp(SEC_CTX_MAX_HEADER_NAME_SIZE_ATTR);
+        verify(mockSecConfig, times(1)).getIntProp(SEC_CTX_MAX_HEADER_VALUE_SIZE_ATTR);
+        verify(mockResponse, times(0)).setHeader(anyString(), anyString());
+        verify(mockLogger, times(0)).warning(ArgumentMatchers.any(org.owasp.esapi.Logger.EventType.class),anyString(),
+                ArgumentMatchers.any(Exception.class));   
+    }
+
+    @Test
+    public void testSetHeaderValueThrowsValidationException() throws Exception {
+        String validateNameResponse = goodHeaderName;
+        PowerMockito.when(mockValidator.getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderName),
+                ArgumentMatchers.eq(HEADER_NAME_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false))).thenReturn(validateNameResponse);
+
+        PowerMockito.when(mockValidator.getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderValue),
+                ArgumentMatchers.eq(HEADER_VALUE_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false))).thenThrow(ValidationException.class);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SEC_CTX_MAX_HEADER_NAME_SIZE_ATTR)).thenReturn(
+                SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SEC_CTX_MAX_HEADER_VALUE_SIZE_ATTR)).thenReturn(
+                SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        SecurityWrapperResponse response = new SecurityWrapperResponse(mockResponse);
+
+        response.setHeader(goodHeaderName, goodHeaderValue);
+
+        verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderName),
+                ArgumentMatchers.eq(HEADER_NAME_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false));
+        verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderValue),
+                ArgumentMatchers.eq(HEADER_VALUE_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false));
+        verify(mockSecConfig, times(1)).getIntProp(SEC_CTX_MAX_HEADER_NAME_SIZE_ATTR);
+        verify(mockSecConfig, times(1)).getIntProp(SEC_CTX_MAX_HEADER_VALUE_SIZE_ATTR);
+        verify(mockResponse, times(0)).setHeader(anyString(), anyString());
+
+        verify(mockLogger, times(1)).warning(ArgumentMatchers.any(org.owasp.esapi.Logger.EventType.class),
+                ArgumentMatchers.contains("Attempt to set invalid header VALUE denied: HTTPHeaderName:"+ goodHeaderName),
+                ArgumentMatchers.any(Exception.class));
+    }
+
+    @Test
+    public void testAddHeaderHappyPath() throws Exception {
+        String validateNameResponse = goodHeaderName;
+        String validateValueResponse = goodHeaderValue;
+        PowerMockito.when(mockValidator.getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderName),
+                ArgumentMatchers.eq(HEADER_NAME_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false))).thenReturn(validateNameResponse);
+
+        PowerMockito.when(mockValidator.getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderValue),
+                ArgumentMatchers.eq(HEADER_VALUE_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false))).thenReturn(validateValueResponse);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SEC_CTX_MAX_HEADER_NAME_SIZE_ATTR)).thenReturn(
+                SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SEC_CTX_MAX_HEADER_VALUE_SIZE_ATTR)).thenReturn(
+                SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        SecurityWrapperResponse response = new SecurityWrapperResponse(mockResponse);
+
+        response.addHeader(goodHeaderName, goodHeaderValue);
+
+        verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderName), ArgumentMatchers.eq(HEADER_NAME_CONTEXT), ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH), ArgumentMatchers.eq(false));
+        verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderValue), ArgumentMatchers.eq(HEADER_VALUE_CONTEXT), ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH), ArgumentMatchers.eq(false));
+        verify(mockSecConfig, times(1)).getIntProp(SEC_CTX_MAX_HEADER_NAME_SIZE_ATTR);
+        verify(mockSecConfig, times(1)).getIntProp(SEC_CTX_MAX_HEADER_VALUE_SIZE_ATTR);
+        verify(mockResponse, times(1)).addHeader(validateNameResponse, validateValueResponse);
+        verify(mockLogger,times(0)).warning(ArgumentMatchers.any(org.owasp.esapi.Logger.EventType.class), anyString(), ArgumentMatchers.any(Exception.class));      
+    }
+
+    @Test
+    public void testAddHeaderNameNull() throws Exception {
+        String validateNameResponse = null;
+        String validateValueResponse = goodHeaderValue;
+        PowerMockito.when(mockValidator.getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderName),
+                ArgumentMatchers.eq(HEADER_NAME_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false))).thenReturn(validateNameResponse);
+
+        PowerMockito.when(mockValidator.getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderValue),
+                ArgumentMatchers.eq(HEADER_VALUE_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false))).thenReturn(validateValueResponse);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SEC_CTX_MAX_HEADER_NAME_SIZE_ATTR)).thenReturn(
+                SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SEC_CTX_MAX_HEADER_VALUE_SIZE_ATTR)).thenReturn(
+                SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        SecurityWrapperResponse response = new SecurityWrapperResponse(mockResponse);
+
+        response.addHeader(goodHeaderName, goodHeaderValue);
+
+        verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderName),
+                ArgumentMatchers.eq(HEADER_NAME_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false));
+        verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderValue),
+                ArgumentMatchers.eq(HEADER_VALUE_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false));
+        verify(mockSecConfig, times(1)).getIntProp(SEC_CTX_MAX_HEADER_NAME_SIZE_ATTR);
+        verify(mockSecConfig, times(1)).getIntProp(SEC_CTX_MAX_HEADER_VALUE_SIZE_ATTR);
+        verify(mockResponse, times(0)).addHeader(anyString(), anyString());
+        verify(mockLogger, times(0)).warning(ArgumentMatchers.any(org.owasp.esapi.Logger.EventType.class),anyString(),
+                ArgumentMatchers.any(Exception.class));
+    }
+
+    @Test
+    public void testAddHeaderNameEmpty() throws Exception {
+        String validateNameResponse = "     ";
+        String validateValueResponse = goodHeaderValue;
+        PowerMockito.when(mockValidator.getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderName),
+                ArgumentMatchers.eq(HEADER_NAME_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false))).thenReturn(validateNameResponse);
+
+        PowerMockito.when(mockValidator.getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderValue),
+                ArgumentMatchers.eq(HEADER_VALUE_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false))).thenReturn(validateValueResponse);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SEC_CTX_MAX_HEADER_NAME_SIZE_ATTR)).thenReturn(
+                SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SEC_CTX_MAX_HEADER_VALUE_SIZE_ATTR)).thenReturn(
+                SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        SecurityWrapperResponse response = new SecurityWrapperResponse(mockResponse);
+
+        response.addHeader(goodHeaderName, goodHeaderValue);
+
+        verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderName),
+                ArgumentMatchers.eq(HEADER_NAME_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false));
+        verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderValue),
+                ArgumentMatchers.eq(HEADER_VALUE_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false));
+        verify(mockSecConfig, times(1)).getIntProp(SEC_CTX_MAX_HEADER_NAME_SIZE_ATTR);
+        verify(mockSecConfig, times(1)).getIntProp(SEC_CTX_MAX_HEADER_VALUE_SIZE_ATTR);
+        verify(mockResponse, times(0)).addHeader(anyString(), anyString());
+        verify(mockLogger, times(0)).warning(ArgumentMatchers.any(org.owasp.esapi.Logger.EventType.class),anyString(),
+                ArgumentMatchers.any(Exception.class));
+    }
+
+    @Test
+    public void testAddHeaderNameThrowsValidationException() throws Exception {
+        String validateValueResponse = goodHeaderValue;
+        PowerMockito.when(mockValidator.getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderName),
+                ArgumentMatchers.eq(HEADER_NAME_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false))).thenThrow(ValidationException.class);
+
+        PowerMockito.when(mockValidator.getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderValue),
+                ArgumentMatchers.eq(HEADER_VALUE_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false))).thenReturn(validateValueResponse);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SEC_CTX_MAX_HEADER_NAME_SIZE_ATTR)).thenReturn(
+                SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SEC_CTX_MAX_HEADER_VALUE_SIZE_ATTR)).thenReturn(
+                SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        SecurityWrapperResponse response = new SecurityWrapperResponse(mockResponse);
+
+        response.addHeader(goodHeaderName, goodHeaderValue);
+
+        verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderName),
+                ArgumentMatchers.eq(HEADER_NAME_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false));
+        verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderValue),
+                ArgumentMatchers.eq(HEADER_VALUE_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false));
+        verify(mockSecConfig, times(1)).getIntProp(SEC_CTX_MAX_HEADER_NAME_SIZE_ATTR);
+        verify(mockSecConfig, times(1)).getIntProp(SEC_CTX_MAX_HEADER_VALUE_SIZE_ATTR);
+        verify(mockResponse, times(0)).addHeader(anyString(), anyString());
+
+        verify(mockLogger, times(1)).warning(ArgumentMatchers.any(org.owasp.esapi.Logger.EventType.class),
+                ArgumentMatchers.contains("Attempt to add invalid header NAME denied: HTTPHeaderName:"+ goodHeaderName ),
+                ArgumentMatchers.any(Exception.class));
+    }
+
+    @Test
+    public void testAddHeaderValueNull() throws Exception {
+        String validateNameResponse = goodHeaderName;
+        String validateValueResponse = null;
+        PowerMockito.when(mockValidator.getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderName),
+                ArgumentMatchers.eq(HEADER_NAME_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false))).thenReturn(validateNameResponse);
+
+        PowerMockito.when(mockValidator.getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderValue),
+                ArgumentMatchers.eq(HEADER_VALUE_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false))).thenReturn(validateValueResponse);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SEC_CTX_MAX_HEADER_NAME_SIZE_ATTR)).thenReturn(
+                SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SEC_CTX_MAX_HEADER_VALUE_SIZE_ATTR)).thenReturn(
+                SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        SecurityWrapperResponse response = new SecurityWrapperResponse(mockResponse);
+
+        response.addHeader(goodHeaderName, goodHeaderValue);
+
+        verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderName),
+                ArgumentMatchers.eq(HEADER_NAME_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false));
+        verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderValue),
+                ArgumentMatchers.eq(HEADER_VALUE_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false));
+        verify(mockSecConfig, times(1)).getIntProp(SEC_CTX_MAX_HEADER_NAME_SIZE_ATTR);
+        verify(mockSecConfig, times(1)).getIntProp(SEC_CTX_MAX_HEADER_VALUE_SIZE_ATTR);
+        verify(mockResponse, times(0)).addHeader(anyString(), anyString());
+        verify(mockLogger, times(0)).warning(ArgumentMatchers.any(org.owasp.esapi.Logger.EventType.class),anyString(),
+                ArgumentMatchers.any(Exception.class)); 
+    }
+
+    @Test
+    public void testAddHeaderValueEmpty() throws Exception {
+        String validateNameResponse = goodHeaderName;
+        String validateValueResponse = "     ";
+        PowerMockito.when(mockValidator.getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderName),
+                ArgumentMatchers.eq(HEADER_NAME_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false))).thenReturn(validateNameResponse);
+
+        PowerMockito.when(mockValidator.getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderValue),
+                ArgumentMatchers.eq(HEADER_VALUE_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false))).thenReturn(validateValueResponse);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SEC_CTX_MAX_HEADER_NAME_SIZE_ATTR)).thenReturn(
+                SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SEC_CTX_MAX_HEADER_VALUE_SIZE_ATTR)).thenReturn(
+                SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        SecurityWrapperResponse response = new SecurityWrapperResponse(mockResponse);
+
+        response.addHeader(goodHeaderName, goodHeaderValue);
+
+        verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderName),
+                ArgumentMatchers.eq(HEADER_NAME_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false));
+        verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderValue),
+                ArgumentMatchers.eq(HEADER_VALUE_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false));
+        verify(mockSecConfig, times(1)).getIntProp(SEC_CTX_MAX_HEADER_NAME_SIZE_ATTR);
+        verify(mockSecConfig, times(1)).getIntProp(SEC_CTX_MAX_HEADER_VALUE_SIZE_ATTR);
+        verify(mockResponse, times(0)).addHeader(anyString(), anyString());
+        verify(mockLogger, times(0)).warning(ArgumentMatchers.any(org.owasp.esapi.Logger.EventType.class),anyString(),
+                ArgumentMatchers.any(Exception.class));   
+    }
+
+    @Test
+    public void testAddHeaderValueThrowsValidationException() throws Exception {
+        String validateNameResponse = goodHeaderName;
+        PowerMockito.when(mockValidator.getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderName),
+                ArgumentMatchers.eq(HEADER_NAME_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false))).thenReturn(validateNameResponse);
+
+        PowerMockito.when(mockValidator.getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderValue),
+                ArgumentMatchers.eq(HEADER_VALUE_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false))).thenThrow(ValidationException.class);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SEC_CTX_MAX_HEADER_NAME_SIZE_ATTR)).thenReturn(
+                SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        PowerMockito.when(mockSecConfig.getIntProp(SEC_CTX_MAX_HEADER_VALUE_SIZE_ATTR)).thenReturn(
+                SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH);
+
+        SecurityWrapperResponse response = new SecurityWrapperResponse(mockResponse);
+
+        response.addHeader(goodHeaderName, goodHeaderValue);
+
+        verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderName),
+                ArgumentMatchers.eq(HEADER_NAME_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false));
+        verify(mockValidator, times(1)).getValidInput(anyString(), ArgumentMatchers.eq(goodHeaderValue),
+                ArgumentMatchers.eq(HEADER_VALUE_CONTEXT),
+                ArgumentMatchers.eq(SecurityWrapperRequestTest.SECURITY_CONFIGURATION_TEST_LENGTH),
+                ArgumentMatchers.eq(false));
+        verify(mockSecConfig, times(1)).getIntProp(SEC_CTX_MAX_HEADER_NAME_SIZE_ATTR);
+        verify(mockSecConfig, times(1)).getIntProp(SEC_CTX_MAX_HEADER_VALUE_SIZE_ATTR);
+        verify(mockResponse, times(0)).addHeader(anyString(), anyString());
+
+        verify(mockLogger, times(1)).warning(ArgumentMatchers.any(org.owasp.esapi.Logger.EventType.class),
+                ArgumentMatchers.contains("Attempt to add invalid header VALUE denied: HTTPHeaderName:"+ goodHeaderName),
+                ArgumentMatchers.any(Exception.class));
+    }
+
     @Test
     public void testAddRefererHeader(){
         HttpServletResponse servResp = mock(HttpServletResponse.class);
@@ -39,7 +618,7 @@ public void testAddRefererHeader(){
         resp.addReferer("http://127.0.0.1:3000/campaigns?goal=all&section=active&sort-by=-id&status=Draft%2CLaunched");
         verify(servResp, times(1)).addHeader("referer", "");
     }
-    
+
     @Test
     public void testAddDateHeader(){
         HttpServletResponse servResp = mock(HttpServletResponse.class);
@@ -48,7 +627,7 @@ public void testAddDateHeader(){
         resp.addDateHeader("Foo", currentTime);
         verify(servResp, times(1)).addDateHeader("Foo", currentTime);
     }
-    
+
     @Test
     public void testSetDateHeader(){
         HttpServletResponse servResp = mock(HttpServletResponse.class);
@@ -57,7 +636,7 @@ public void testSetDateHeader(){
         resp.setDateHeader("Foo", currentTime);
         verify(servResp, times(1)).setDateHeader("Foo", currentTime);
     }
-    
+
     @Test
     public void testSetInvalidDateHeader(){
         HttpServletResponse servResp = mock(HttpServletResponse.class);
@@ -66,15 +645,7 @@ public void testSetInvalidDateHeader(){
         resp.setDateHeader("<scr", currentTime);
         verify(servResp, times(0)).setDateHeader("<scr", currentTime);
     }
-    
-    @Test
-    public void testSetHeader(){
-        HttpServletResponse servResp = mock(HttpServletResponse.class);
-        SecurityWrapperResponse resp = new SecurityWrapperResponse(servResp);
-        resp.setHeader("foo", "bar");
-        verify(servResp, times(1)).setHeader("foo", "bar");
-    }
-    
+
     @Test
     public void testSetInvalidHeader(){
         HttpServletResponse servResp = mock(HttpServletResponse.class);
@@ -82,7 +653,7 @@ public void testSetInvalidHeader(){
         resp.setHeader("foo", "<script>alert</script>");
         verify(servResp, times(0)).setHeader("foo", "<script>alert</script>");
     }
-    
+
     @Test
     public void testInvalidDateHeader(){
         HttpServletResponse servResp = mock(HttpServletResponse.class);
@@ -91,7 +662,7 @@ public void testInvalidDateHeader(){
         resp.addDateHeader("Foo\\r\\n", currentTime);
         verify(servResp, times(0)).addDateHeader("Foo", currentTime);
     }
-    
+
     @Test
     public void testAddHeaderInvalidValueLength(){
         //refactor this to use a spy. 
@@ -102,7 +673,7 @@ public void testAddHeaderInvalidValueLength(){
         resp.addHeader("Foo", TestUtils.generateStringOfLength(4097));
         verify(servResp, times(0)).addHeader("Foo", "bar");
     }
-    
+
     @Test
     public void testAddHeaderInvalidKeyLength(){
         HttpServletResponse servResp = mock(HttpServletResponse.class);
@@ -110,7 +681,7 @@ public void testAddHeaderInvalidKeyLength(){
         resp.addHeader(TestUtils.generateStringOfLength(257), "bar");
         verify(servResp, times(0)).addHeader("Foo", "bar");
     }
-    
+
     @Test
     public void testAddIntHeader(){
         HttpServletResponse servResp = mock(HttpServletResponse.class);
@@ -118,7 +689,7 @@ public void testAddIntHeader(){
         resp.addIntHeader("aaaa", 4);
         verify(servResp, times(1)).addIntHeader("aaaa", 4);
     }
-    
+
     @Test
     public void testAddInvalidIntHeader(){
         HttpServletResponse servResp = mock(HttpServletResponse.class);
@@ -126,7 +697,7 @@ public void testAddInvalidIntHeader(){
         resp.addIntHeader(TestUtils.generateStringOfLength(257), Integer.MIN_VALUE);
         verify(servResp, times(0)).addIntHeader(TestUtils.generateStringOfLength(257), Integer.MIN_VALUE);
     }
-    
+
     @Test
     public void testContainsHeader(){
         HttpServletResponse servResp = new MockHttpServletResponse();
@@ -137,7 +708,7 @@ public void testContainsHeader(){
         verify(servResp, times(1)).addIntHeader("aaaa", Integer.MIN_VALUE);
         assertEquals(true, servResp.containsHeader("aaaa"));
     }
-    
+
     @Test
     public void testAddValidCookie(){
         HttpServletResponse servResp = new MockHttpServletResponse();
@@ -148,7 +719,7 @@ public void testAddValidCookie(){
         cookie.setMaxAge(5000);
         Mockito.doCallRealMethod().when(spyResp).addCookie(cookie);
         spyResp.addCookie(cookie);
-        
+
         /*
          * We're indirectly testing our class.  Since it ultimately
          * delegates to HttpServletResponse.addHeader, we're actually 
@@ -158,7 +729,7 @@ public void testAddValidCookie(){
          */
         verify(servResp, times(1)).addHeader("Set-Cookie", "Foo=aaaaaaaaaa; Max-Age=5000; Secure; HttpOnly");
     }
-    
+
     @Test
     public void testAddValidCookieWithDomain(){
         HttpServletResponse servResp = new MockHttpServletResponse();
@@ -172,7 +743,7 @@ public void testAddValidCookieWithDomain(){
         spyResp.addCookie(cookie);
         verify(servResp, times(1)).addHeader("Set-Cookie", "Foo=aaaaaaaaaa; Domain=evil.com; Secure; HttpOnly");
     }
-    
+
     @Test
     public void testAddValidCookieWithPath(){
         HttpServletResponse servResp = new MockHttpServletResponse();
@@ -186,7 +757,7 @@ public void testAddValidCookieWithPath(){
         spyResp.addCookie(cookie);
         verify(servResp, times(1)).addHeader("Set-Cookie", "Foo=aaaaaaaaaa; Domain=evil.com; Path=/foo/bar; Secure; HttpOnly");
     }
-    
+
     @Test
     public void testAddInValidCookie(){
         HttpServletResponse servResp = new MockHttpServletResponse();
@@ -195,11 +766,11 @@ public void testAddInValidCookie(){
         SecurityWrapperResponse spyResp = spy(resp);
         Cookie cookie = new Cookie("Foo", TestUtils.generateStringOfLength(5000));
         Mockito.doCallRealMethod().when(spyResp).addCookie(cookie);
-        
+
         spyResp.addCookie(cookie);
         verify(servResp, times(0)).addHeader("Set-Cookie", "Foo=" + TestUtils.generateStringOfLength(5000) + "; Secure; HttpOnly");
     }
-    
+
     @Test
     public void testSendError() throws Exception{
         HttpServletResponse servResp = new MockHttpServletResponse();
@@ -208,10 +779,10 @@ public void testSendError() throws Exception{
         SecurityWrapperResponse spyResp = spy(resp);
         Mockito.doCallRealMethod().when(spyResp).sendError(200);
         spyResp.sendError(200);
-        
+
         verify(servResp, times(1)).sendError(200, "HTTP error code: 200");;
     }
-    
+
     @Test
     public void testSendStatus() throws Exception{
         HttpServletResponse servResp = new MockHttpServletResponse();
@@ -220,10 +791,10 @@ public void testSendStatus() throws Exception{
         SecurityWrapperResponse spyResp = spy(resp);
         Mockito.doCallRealMethod().when(spyResp).setStatus(200);;
         spyResp.setStatus(200);
-        
+
         verify(servResp, times(1)).setStatus(200);;
     }
-    
+
     @Test
     public void testSendStatusWithString() throws Exception{
         HttpServletResponse servResp = new MockHttpServletResponse();
@@ -232,7 +803,7 @@ public void testSendStatusWithString() throws Exception{
         SecurityWrapperResponse spyResp = spy(resp);
         Mockito.doCallRealMethod().when(spyResp).setStatus(200, "foo");;
         spyResp.setStatus(200, "foo");
-        
+
         verify(servResp, times(1)).sendError(200, "foo");;
     }
 }

From 422ba9f27ad1956682a7b0903c9f8119e6cd598d Mon Sep 17 00:00:00 2001
From: "Kevin W. Wall" <kevin.w.wall@gmail.com>
Date: Sat, 8 Feb 2020 22:34:19 -0500
Subject: [PATCH 653/812] Issue 521 (#535)

* Add formal deprecation policy.

* Add property Validator.ValidationRule.getValid.ignore509Fix. Truly a kludge if there every was one.

* Add static field VALIDATOR_IGNORE509 for kludge.

* Address issue #521 by splitting out failing JUnit test cases, testGetValidSafeHTML() and testIsValidSafeHTML() into separate test files.
New files will be
        src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleLogsTest.java
and
        src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleThrowsTest.java

* Address issue #521 by kludge to add backward-compatibility flag to restore the old behavior accidentally broken by the changes to address issue #509.

* Javadoc clarifications to address issue #521 for behavior broken by issue #509 commits.

* New test files for GitHub issue #521; initial commit.

* Add additional sentence about ESAPI deprecation policy.

* Since we've deprecated Log4J 1 logger, let's go all in and remove it from the default ESAPI.Logger in ESAPI.properties as well.

* Changed new property name from the horribly named
    Validator.ValidationRule.getValid.ignore509Fix
to the more appropriately named
    Validator.HtmlValidationAction
whose possible values are "clean" (for legacy behavior) and
"throw" for the new behavior as fixed by GitHub issue #509.
If the property is not encountered, it is treated as if "clean"
had been specified, i.e., the legacy behavior.

* Added string constant for new property, Validator.HtmlValidationAction.

* Changes in keeping with new prop name, Validator.HtmlValidationAction

* Rename JUnit test file.

* Rename JUnit test class to sync w/ new file name.

* Convert from JUnit 3 to JUnit 4.
---
 README.md                                     |   4 +
 configuration/esapi/ESAPI.properties          |  40 ++++-
 .../java/org/owasp/esapi/ValidationRule.java  |  20 ++-
 .../DefaultSecurityConfiguration.java         |   3 +-
 .../validation/HTMLValidationRule.java        |  60 ++++++-
 .../owasp/esapi/reference/ValidatorTest.java  |  63 +------
 .../HTMLValidationRuleCleanTest.java          | 158 +++++++++++++++++
 .../HTMLValidationRuleThrowsTest.java         | 167 ++++++++++++++++++
 src/test/resources/esapi/ESAPI.properties     |  41 ++++-
 9 files changed, 484 insertions(+), 72 deletions(-)
 create mode 100644 src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleCleanTest.java
 create mode 100644 src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleThrowsTest.java

diff --git a/README.md b/README.md
index e6701c280..f7c38d99d 100644
--- a/README.md
+++ b/README.md
@@ -23,6 +23,10 @@ The default branch for ESAPI legacy is now the 'develop' branch (rather than the
 # Where can I find ESAPI 3.x?
 https://github.com/ESAPI/esapi-java
 
+# ESAPI Deprecation Policy
+Unless we unintentionally screw-up, our intent is to keep classes, methods, and/or fields whihc have been annotated as "@deprecated" for a minimum of two (2) years or until the next major release number (e.g., 3.x as of now), which ever comes first, before we remove them.
+Note that this policy does not apply to classes under the **org.owasp.esapi.reference** package. You are not expected to be using such classes directly in your code.
+
 # Contributing to ESAPI legacy
 ## How can I contribute or help with fix bugs?
 Fork and submit a pull request! Simple as pi! We generally only accept bug fixes, not new features because as a legacy project, we don't intend on adding new features, although we may make exceptions. If you wish to propose a new feature, the best place to discuss it is via the ESAPI-DEV mailing list mentioned below. Note that we vet all pull requests, including coding style of any contributions; use the same coding style found in the files you are already editing.
diff --git a/configuration/esapi/ESAPI.properties b/configuration/esapi/ESAPI.properties
index 20421a0bd..7ac0fb9d3 100644
--- a/configuration/esapi/ESAPI.properties
+++ b/configuration/esapi/ESAPI.properties
@@ -67,8 +67,9 @@ ESAPI.Executor=org.owasp.esapi.reference.DefaultExecutor
 ESAPI.HTTPUtilities=org.owasp.esapi.reference.DefaultHTTPUtilities
 ESAPI.IntrusionDetector=org.owasp.esapi.reference.DefaultIntrusionDetector
 # Log4JFactory Requires log4j.xml or log4j.properties in classpath - http://www.laliluna.de/log4j-tutorial.html
-ESAPI.Logger=org.owasp.esapi.logging.log4j.Log4JLogFactory
-#ESAPI.Logger=org.owasp.esapi.reference.JavaLogFactory
+# Note that this is now considered deprecated!
+#ESAPI.Logger=org.owasp.esapi.logging.log4j.Log4JLogFactory
+ESAPI.Logger=org.owasp.esapi.logging.java.JavaLogFactory
 # To use the new SLF4J logger in ESAPI (see GitHub issue #129), set
 #    ESAPI.Logger=org.owasp.esapi.logging.slf4j.Slf4JLogFactory
 # and do whatever other normal SLF4J configuration that you normally would do for your application.
@@ -499,3 +500,38 @@ Validator.DirectoryName=^[a-zA-Z0-9:/\\\\!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
 # Validation of dates. Controls whether or not 'lenient' dates are accepted.
 # See DataFormat.setLenient(boolean flag) for further details.
 Validator.AcceptLenientDates=false
+
+#                       ~~~~~ Important Note ~~~~~
+# This is a workaround to make sure that a commit to address GitHub issue #509
+# doesn't accidentally break someone's production code. So essentially what we
+# are doing is to reverting back to the previous possibly buggy (by
+# documentation intent at least), but, by now, expected legacy behavior.
+# Prior to the code changes for issue #509, if invalid / malicious HTML input was
+# observed, AntiSamy would simply attempt to sanitize (cleanse) it and it would
+# only be logged. However, the code change made ESAPI comply with its
+# documentation, which stated that a ValidationException should be thrown in
+# such cases. Unfortunately, changing this behavior--especially when no one is
+# 100% certain that the documentation was correct--could break existing code
+# using ESAPI so after a lot of debate, issue #521 was created to restore the
+# previous behavior, but still allow the documented behavior. (We did this
+# because it wasn't really causing an security issues since AntiSamy would clean
+# it up anyway and we value backward compatibility as long as it doesn't clearly
+# present security vulnerabilities.)
+# More defaults about this are written up under GitHub issue #521 and
+# the pull request it references. Future major releases of ESAPI (e.g., ESAPI 3.x)
+# will not support this previous behavior, but it will remain for ESAPI 2.x.
+# Set this to 'throw' if you want the originally intended behavior of throwing
+# that was fixed via issue #509. Set to 'clean' if you want want the HTML input
+# sanitized instead.
+#
+# Possible values:
+#   clean -- Use the legacy behavior where unsafe HTML input is logged and the
+#            sanitized (i.e., clean) input as determined by AntiSamy and your
+#            AntiSamy rules is returned. This is the default behavior if this
+#            new property is not found.
+#   throw -- The new, presumably correct and originally intended behavior where
+#            a ValidationException is thrown when unsafe HTML input is
+#            encountered.
+#
+#Validator.HtmlValidationAction=clean
+Validator.HtmlValidationAction=throw
diff --git a/src/main/java/org/owasp/esapi/ValidationRule.java b/src/main/java/org/owasp/esapi/ValidationRule.java
index 25cc95ac1..8f186a54b 100644
--- a/src/main/java/org/owasp/esapi/ValidationRule.java
+++ b/src/main/java/org/owasp/esapi/ValidationRule.java
@@ -15,14 +15,23 @@ public interface ValidationRule {
 	 *            the value to be parsed
 	 * @return a validated value
 	 * @throws ValidationException
-	 *             if any validation rules fail
+	 *             if any validation rules fail, <i>except</i> if the
+     *             <b>{@code ESAPI.properties}></b> property
+     *             "Validator.ValidationRule.getValid.ignore509Fix" is set to
+     *             {@code true}, which is the default behavior for ESAPI 2.x
+     *             releases. See
+     *             {@link https://github.com/ESAPI/esapi-java-legacy/issues/509}
+     *             and {@link https://github.com/ESAPI/esapi-java-legacy/issues/521}
+     *             for futher details.
+     *
+     * @see #getValid(String context, String input, ValidationErrorList errorList)
 	 */
 	Object getValid(String context, String input)
 			throws ValidationException;
 
 	/**
-	 * Whether or not a valid valid can be null. getValid will throw an
-	 * Exception and getSafe will return the default value if flag is set to
+	 * Whether or not a valid valid can be null. {@code getValid} will throw an
+	 * Exception and {#code getSafe} will return the default value if flag is set to
 	 * true
 	 * 
 	 * @param flag
@@ -59,7 +68,8 @@ Object getValid(String context, String input,
 			ValidationErrorList errorList) throws ValidationException;
 
 	/**
-	 * Try to call get valid, then call sanitize, finally return a default value
+	 * Try to call {@code getvalid}, then call a 'sanitize' method for sanitization (if one exists),
+     * finally return a default value.
 	 */
 	Object getSafe(String context, String input);
 	
@@ -78,4 +88,4 @@ Object getValid(String context, String input,
 	 */
 	String whitelist(String input, Set<Character> list);
 
-}
\ No newline at end of file
+}
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
index a91e0e9b7..a9fd89cc9 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
@@ -114,7 +114,7 @@ public static SecurityConfiguration getInstance() {
     public static final String DIGITAL_SIGNATURE_ALGORITHM = "Encryptor.DigitalSignatureAlgorithm";
     public static final String DIGITAL_SIGNATURE_KEY_LENGTH = "Encryptor.DigitalSignatureKeyLength";
     			// ==================================//
-    			//		New in ESAPI Java 2.0		 //
+    			//		New in ESAPI Java 2.x		 //
     			// ================================= //
     public static final String PREFERRED_JCE_PROVIDER = "Encryptor.PreferredJCEProvider";
     public static final String CIPHER_TRANSFORMATION_IMPLEMENTATION = "Encryptor.CipherTransformation";
@@ -157,6 +157,7 @@ public static SecurityConfiguration getInstance() {
     public static final String VALIDATION_PROPERTIES = "Validator.ConfigurationFile";
     public static final String VALIDATION_PROPERTIES_MULTIVALUED = "Validator.ConfigurationFile.MultiValued";
     public static final String ACCEPT_LENIENT_DATES = "Validator.AcceptLenientDates";
+    public static final String VALIDATOR_HTML_VALIDATION_ACTION = "Validator.HtmlValidationAction";
 
     /**
      * Special {@code System} property that, if set to {@code true}, will
diff --git a/src/main/java/org/owasp/esapi/reference/validation/HTMLValidationRule.java b/src/main/java/org/owasp/esapi/reference/validation/HTMLValidationRule.java
index f0196fc04..0670860d9 100644
--- a/src/main/java/org/owasp/esapi/reference/validation/HTMLValidationRule.java
+++ b/src/main/java/org/owasp/esapi/reference/validation/HTMLValidationRule.java
@@ -97,8 +97,60 @@ public String sanitize( String context, String input ) {
 		return safe;
 	}
 
+    /**
+     * Check whether we want the legacy behavior ("clean") or the presumably intended
+     * behavior of "throw" for how to treat unsafe HTML input when AntiSamy is invoked.
+     * This admittedly is an UGLY hack to ensure that issue 509 and its corresponding
+     * fix in PR #510 does not break existing developer's existing code. Full
+     * details are described in GitHub issue 521.
+     *
+     * Checks new ESAPI property "Validator.HtmlValidationAction". A value of "clean"
+     * means to revert to legacy behavior. A value of "throw" means to use the new
+     * behavior as implemented in GitHub issue 509.
+     *
+     * @return false - If  "Validator.HtmlValidationAction" is set to "throw". Otherwise {@code true}.
+     * @since 2.2.1.0
+     */
+    private boolean legacyHtmlValidation() {
+        boolean legacy = true;          // Make legacy support the default behavior for backward compatibility.
+        String propValue = "clean";     // For legacy support.
+        try {
+            // DISCUSS:
+            // Hindsight: maybe we should have getBooleanProp(), getStringProp(),
+            // getIntProp() methods that take a default arg as well?
+            // At least for ESAPI 3.x.
+            propValue = ESAPI.securityConfiguration().getStringProp(
+                                // Future: This will be moved to a new PropNames class
+                            org.owasp.esapi.reference.DefaultSecurityConfiguration.VALIDATOR_HTML_VALIDATION_ACTION );
+            switch ( propValue.toLowerCase() ) {
+                case "throw":
+                    legacy = false;     // New, presumably correct behavior, as addressed by GitHub issue 509
+                    break;
+                case "clean":
+                    legacy = true;      // Give the caller that legacy behavior of sanitizing.
+                    break;
+                default:
+                    LOGGER.warning(Logger.EVENT_FAILURE, "ESAPI property " + 
+                                   org.owasp.esapi.reference.DefaultSecurityConfiguration.VALIDATOR_HTML_VALIDATION_ACTION +
+                                   " was set to \"" + propValue + "\".  Must be set to either \"clean\"" +
+                                   " (the default for legacy support) or \"throw\"; assuming \"clean\" for legacy behavior.");
+                    legacy = true;
+                    break;
+            }
+        } catch( ConfigurationException cex ) {
+            // OPEN ISSUE: Should we log this? I think so. Convince me otherwise. But maybe
+            //             we should only log it once or every Nth time??
+            LOGGER.warning(Logger.EVENT_FAILURE, "ESAPI property " + 
+                           org.owasp.esapi.reference.DefaultSecurityConfiguration.VALIDATOR_HTML_VALIDATION_ACTION +
+                           " must be set to either \"clean\" (the default for legacy support) or \"throw\"; assuming \"clean\"",
+                           cex);
+        }
+
+        return legacy;
+    }
+
 	private String invokeAntiSamy( String context, String input ) throws ValidationException {
-		// CHECKME should this allow empty Strings? "   " us IsBlank instead?
+		// CHECKME should this allow empty Strings? "   " use IsBlank instead?
 	    if ( StringUtilities.isEmpty(input) ) {
 			if (allowNull) {
 				return null;
@@ -114,7 +166,11 @@ private String invokeAntiSamy( String context, String input ) throws ValidationE
 
 			List<String> errors = test.getErrorMessages();
 			if ( !errors.isEmpty() ) {
-				throw new ValidationException( context + ": Invalid HTML input", "Invalid HTML input does not follow rules in antisamy-esapi.xml: context=" + context + " errors=" + errors.toString());
+                if ( legacyHtmlValidation() ) {        // See GitHub issues 509 and 521
+                    LOGGER.info(Logger.SECURITY_FAILURE, "Cleaned up invalid HTML input: " + errors );
+                } else {
+				    throw new ValidationException( context + ": Invalid HTML input", "Invalid HTML input does not follow rules in antisamy-esapi.xml: context=" + context + " errors=" + errors.toString());
+                }
 			}
 
 			return test.getCleanHTML().trim();
diff --git a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
index ad48ef53b..b0fd24789 100644
--- a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
+++ b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
@@ -238,39 +238,8 @@ public void testGetValidRedirectLocation() {
         // instance.getValidRedirectLocation(String, String, boolean, ValidationErrorList)
     }
 
-    public void testGetValidSafeHTML() throws Exception {
-        System.out.println("getValidSafeHTML");
-        Validator instance = ESAPI.validator();
-        ValidationErrorList errors = new ValidationErrorList();
-
-        // new school test case setup
-        HTMLValidationRule rule = new HTMLValidationRule("test");
-        ESAPI.validator().addRule(rule);
-
-        assertEquals("Test.", ESAPI.validator().getRule("test").getValid("test", "Test. <script>alert(document.cookie)</script>"));
-
-        String test1 = "<b>Jeff</b>";
-        String result1 = instance.getValidSafeHTML("test", test1, 100, false, errors);
-        assertEquals(test1, result1);
-
-        String test2 = "<a href=\"http://www.aspectsecurity.com\">Aspect Security</a>";
-        String result2 = instance.getValidSafeHTML("test", test2, 100, false, errors);
-        assertEquals(test2, result2);
-
-        String test3 = "Test. <script>alert(document.cookie)</script>";
-        assertEquals("Test.", rule.getSafe("test", test3));
-
-        assertEquals("Test. &lt;<div>load=alert()</div>", rule.getSafe("test", "Test. <<div on<script></script>load=alert()"));
-        assertEquals("Test. <div>b</div>", rule.getSafe("test", "Test. <div style={xss:expression(xss)}>b</div>"));
-        assertEquals("Test. alert(document.cookie)", rule.getSafe("test", "Test. <s%00cript>alert(document.cookie)</script>"));
-        assertEquals("Test. alert(document.cookie)", rule.getSafe("test", "Test. <s\tcript>alert(document.cookie)</script>"));
-        assertEquals("Test. alert(document.cookie)", rule.getSafe("test", "Test. <s\tcript>alert(document.cookie)</script>"));
-        // TODO: ENHANCE waiting for a way to validate text headed for an attribute for scripts
-        // This would be nice to catch, but just looks like text to AntiSamy
-        // assertFalse(instance.isValidSafeHTML("test", "\" onload=\"alert(document.cookie)\" "));
-        // String result4 = instance.getValidSafeHTML("test", test4);
-        // assertEquals("", result4);
-    }
+    //      Test split out and moved to HTMLValidationRuleLogsTest.java & HTMLValidationRuleThrowsTest.java
+    // public void testGetValidSafeHTML() throws Exception {
 
     public void testIsInvalidFilename() {
         System.out.println("testIsInvalidFilename");
@@ -881,32 +850,8 @@ public void testIsValidRedirectLocation() {
         //		isValidRedirectLocation(String, String, boolean)
     }
 
-    public void testIsValidSafeHTML() {
-        System.out.println("isValidSafeHTML");
-        Validator instance = ESAPI.validator();
-
-        assertTrue(instance.isValidSafeHTML("test", "<b>Jeff</b>", 100, false));
-        assertTrue(instance.isValidSafeHTML("test", "<a href=\"http://www.aspectsecurity.com\">Aspect Security</a>", 100, false));
-        assertTrue(instance.isValidSafeHTML("test", "Test. <script>alert(document.cookie)</script>", 100, false));
-        assertTrue(instance.isValidSafeHTML("test", "Test. <div style={xss:expression(xss)}>", 100, false));
-        assertTrue(instance.isValidSafeHTML("test", "Test. <s%00cript>alert(document.cookie)</script>", 100, false));
-        assertTrue(instance.isValidSafeHTML("test", "Test. <s\tcript>alert(document.cookie)</script>", 100, false));
-        assertTrue(instance.isValidSafeHTML("test", "Test. <s\r\n\0cript>alert(document.cookie)</script>", 100, false));
-
-        // TODO: waiting for a way to validate text headed for an attribute for scripts
-        // This would be nice to catch, but just looks like text to AntiSamy
-        // assertFalse(instance.isValidSafeHTML("test", "\" onload=\"alert(document.cookie)\" "));
-        ValidationErrorList errors = new ValidationErrorList();
-        assertTrue(instance.isValidSafeHTML("test1", "<b>Jeff</b>", 100, false, errors));
-        assertTrue(instance.isValidSafeHTML("test2", "<a href=\"http://www.aspectsecurity.com\">Aspect Security</a>", 100, false, errors));
-        assertTrue(instance.isValidSafeHTML("test3", "Test. <script>alert(document.cookie)</script>", 100, false, errors));
-        assertTrue(instance.isValidSafeHTML("test4", "Test. <div style={xss:expression(xss)}>", 100, false, errors));
-        assertTrue(instance.isValidSafeHTML("test5", "Test. <s%00cript>alert(document.cookie)</script>", 100, false, errors));
-        assertTrue(instance.isValidSafeHTML("test6", "Test. <s\tcript>alert(document.cookie)</script>", 100, false, errors));
-        assertTrue(instance.isValidSafeHTML("test7", "Test. <s\r\n\0cript>alert(document.cookie)</script>", 100, false, errors));
-        assertTrue(errors.size() == 0);
-
-    }
+    //      Test split out and moved to HTMLValidationRuleLogsTest.java & HTMLValidationRuleThrowsTest.java
+    // public void testIsValidSafeHTML() {
 
     public void testSafeReadLine() {
         System.out.println("safeReadLine");
diff --git a/src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleCleanTest.java b/src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleCleanTest.java
new file mode 100644
index 000000000..dfed45607
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleCleanTest.java
@@ -0,0 +1,158 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2019 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author kevin.w.wall@gmail.com
+ * @since 2019
+ */
+package org.owasp.esapi.reference;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.EncoderConstants;
+import org.owasp.esapi.SecurityConfiguration;
+import org.owasp.esapi.SecurityConfigurationWrapper;
+import org.owasp.esapi.ValidationErrorList;
+import org.owasp.esapi.ValidationRule;
+import org.owasp.esapi.Validator;
+import org.owasp.esapi.errors.ValidationException;
+import org.owasp.esapi.filters.SecurityWrapperRequest;
+import org.owasp.esapi.reference.validation.HTMLValidationRule;
+
+import org.junit.Test;
+import org.junit.Before;
+import org.junit.After;
+import org.junit.Rule;
+import org.junit.rules.ExpectedException;
+import static org.junit.Assert.*;
+
+/**
+ * The Class HTMLValidationRuleCleanTest.
+ *
+ * Based on original test cases, testGetValidSafeHTML() and
+ * testIsValidSafeHTML() from ValidatorTest by
+ *      Mike Fauzy (mike.fauzy@aspectsecurity.com) and
+ *      Jeff Williams (jeff.williams@aspectsecurity.com)
+ * that were originally part of src/test/java/org/owasp/esapi/reference/ValidatorTest.java.
+ *
+ * This class tests the cases where the new ESAPI.property
+ *      Validator.HtmlValidationAction
+ * is set to "clean", which causes certain calls to
+ * ESAPI.validator().getValidSafeHTML() or ESAPI.validator().isValidSafeHTML()
+ * to simply log a warning and return the cleansed (sanitizied) output rather
+ * than throwing a ValidationException when certain unsafe input is
+ * encountered.
+ */
+public class HTMLValidationRuleCleanTest {
+
+	private static class ConfOverride extends SecurityConfigurationWrapper {
+        private String desiredReturn = "clean";
+
+		ConfOverride(SecurityConfiguration orig, String desiredReturn) {
+			super(orig);
+            this.desiredReturn = desiredReturn;
+		}
+
+		@Override
+		public String getStringProp(String propName) {
+            // Would it be better making this file a static import?
+			if ( propName.equals( org.owasp.esapi.reference.DefaultSecurityConfiguration.VALIDATOR_HTML_VALIDATION_ACTION ) ) {
+                return desiredReturn;
+            } else {
+                return super.getStringProp( propName );
+            }
+        }
+    }
+
+
+    /**
+     * Instantiates a new HTTP utilities test.
+     *
+     * @param testName the test name
+     */
+    public HTMLValidationRuleCleanTest() {
+    }
+
+    @After
+    public void tearDown() throws Exception {
+        ESAPI.override(null);
+    }
+
+	@Before
+    public void setUp() throws Exception {
+		ESAPI.override(
+			new ConfOverride( ESAPI.securityConfiguration(), "clean" )
+		);
+
+    }
+
+    @Test
+    public void testGetValidSafeHTML() throws Exception {
+        System.out.println("getValidSafeHTML");
+        Validator instance = ESAPI.validator();
+        ValidationErrorList errors = new ValidationErrorList();
+
+        HTMLValidationRule rule = new HTMLValidationRule("test");
+        ESAPI.validator().addRule(rule);
+
+        assertEquals("Test.", ESAPI.validator().getRule("test").getValid("test", "Test. <script>alert(document.cookie)</script>"));
+
+        String test1 = "<b>Jeff</b>";
+        String result1 = instance.getValidSafeHTML("test", test1, 100, false, errors);
+        assertEquals(test1, result1);
+
+        String test2 = "<a href=\"http://www.aspectsecurity.com\">Aspect Security</a>";
+        String result2 = instance.getValidSafeHTML("test", test2, 100, false, errors);
+        assertEquals(test2, result2);
+
+        String test3 = "Test. <script>alert(document.cookie)</script> Cookie :-)";
+        assertEquals("Test.  Cookie :-)", rule.getSafe("test", test3));
+
+        assertEquals("Test. &lt;<div>load=alert()</div>", rule.getSafe("test", "Test. <<div on<script></script>load=alert()"));
+        assertEquals("Test. <div>b</div>", rule.getSafe("test", "Test. <div style={xss:expression(xss)}>b</div>"));
+        assertEquals("Test. alert(document.cookie)", rule.getSafe("test", "Test. <s%00cript>alert(document.cookie)</script>"));
+        assertEquals("Test. alert(document.cookie)", rule.getSafe("test", "Test. <s\tcript>alert(document.cookie)</script>"));
+        assertEquals("Test. alert(document.cookie)", rule.getSafe("test", "Test. <s\tcript>alert(document.cookie)</script>"));
+        // TODO: ENHANCE waiting for a way to validate text headed for an attribute for scripts
+        // This would be nice to catch, but just looks like text to AntiSamy
+        // assertFalse(instance.isValidSafeHTML("test", "\" onload=\"alert(document.cookie)\" "));
+        // String result4 = instance.getValidSafeHTML("test", test4);
+        // assertEquals("", result4);
+    }
+
+
+    @Test
+    public void testIsValidSafeHTML() {
+        System.out.println("isValidSafeHTML");
+        Validator instance = ESAPI.validator();
+
+        assertTrue(instance.isValidSafeHTML("test", "<b>Jeff</b>", 100, false));
+        assertTrue(instance.isValidSafeHTML("test", "<a href=\"http://www.aspectsecurity.com\">Aspect Security</a>", 100, false));
+        assertTrue(instance.isValidSafeHTML("test", "Test. <script>alert(document.cookie)</script>", 100, false));
+        assertTrue(instance.isValidSafeHTML("test", "Test. <div style={xss:expression(xss)}>", 100, false));
+        assertTrue(instance.isValidSafeHTML("test", "Test. <s%00cript>alert(document.cookie)</script>", 100, false));
+        assertTrue(instance.isValidSafeHTML("test", "Test. <s\tcript>alert(document.cookie)</script>", 100, false));
+        assertTrue(instance.isValidSafeHTML("test", "Test. <s\r\n\0cript>alert(document.cookie)</script>", 100, false));
+
+        // TODO: waiting for a way to validate text headed for an attribute for scripts
+        // This would be nice to catch, but just looks like text to AntiSamy
+        // assertFalse(instance.isValidSafeHTML("test", "\" onload=\"alert(document.cookie)\" "));
+        ValidationErrorList errors = new ValidationErrorList();
+        assertTrue(instance.isValidSafeHTML("test1", "<b>Jeff</b>", 100, false, errors));
+        assertTrue(instance.isValidSafeHTML("test2", "<a href=\"http://www.aspectsecurity.com\">Aspect Security</a>", 100, false, errors));
+        assertTrue(instance.isValidSafeHTML("test3", "Test. <script>alert(document.cookie)</script>", 100, false, errors));
+        assertTrue(instance.isValidSafeHTML("test4", "Test. <div style={xss:expression(xss)}>", 100, false, errors));
+        assertTrue(instance.isValidSafeHTML("test5", "Test. <s%00cript>alert(document.cookie)</script>", 100, false, errors));
+        assertTrue(instance.isValidSafeHTML("test6", "Test. <s\tcript>alert(document.cookie)</script>", 100, false, errors));
+        assertTrue(instance.isValidSafeHTML("test7", "Test. <s\r\n\0cript>alert(document.cookie)</script>", 100, false, errors));
+        assertTrue(errors.size() == 0);
+
+    }
+}
diff --git a/src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleThrowsTest.java b/src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleThrowsTest.java
new file mode 100644
index 000000000..6726ef56f
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleThrowsTest.java
@@ -0,0 +1,167 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2019 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author kevin.w.wall@gmail.com
+ * @since 2019
+ */
+package org.owasp.esapi.reference;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.SecurityConfiguration;
+import org.owasp.esapi.SecurityConfigurationWrapper;
+import org.owasp.esapi.ValidationErrorList;
+import org.owasp.esapi.ValidationRule;
+import org.owasp.esapi.Validator;
+import org.owasp.esapi.errors.ValidationException;
+import org.owasp.esapi.reference.validation.HTMLValidationRule;
+
+import org.junit.Test;
+import org.junit.Before;
+import org.junit.After;
+import org.junit.Rule;
+import org.junit.rules.ExpectedException;
+import static org.junit.Assert.*;
+
+/**
+ * The Class HTMLValidationRuleThrowsTest.
+ *
+ * Based on original test cases, testGetValidSafeHTML() and
+ * testIsValidSafeHTML() from ValidatorTest by
+ *      Mike Fauzy (mike.fauzy@aspectsecurity.com) and
+ *      Jeff Williams (jeff.williams@aspectsecurity.com)
+ * that were originally part of src/test/java/org/owasp/esapi/reference/ValidatorTest.java.
+ *
+ * This class tests the cases where the new ESAPI.property
+ *      Validator.HtmlValidationAction
+ * is set to "throw", which causes certain calls to
+ * ESAPI.validator().getValidSafeHTML() or ESAPI.validator().isValidSafeHTML()
+ * to throw a ValidationException rather than simply logging a warning and returning
+ * the cleansed (sanitizied) output when certain unsafe input is encountered.
+ */
+public class HTMLValidationRuleThrowsTest {
+	private static class ConfOverride extends SecurityConfigurationWrapper {
+        private String desiredReturn = "clean";
+
+		ConfOverride(SecurityConfiguration orig, String desiredReturn) {
+			super(orig);
+            this.desiredReturn = desiredReturn;
+		}
+
+		@Override
+		public String getStringProp(String propName) {
+            // Would it be better making this file a static import?
+			if ( propName.equals( org.owasp.esapi.reference.DefaultSecurityConfiguration.VALIDATOR_HTML_VALIDATION_ACTION ) ) {
+                return desiredReturn;
+            } else {
+                return super.getStringProp( propName );
+            }
+        }
+    }
+
+    // Must be public!
+    @Rule
+    public ExpectedException thrownEx = ExpectedException.none();
+
+    @After
+    public void tearDown() throws Exception {
+        ESAPI.override(null);
+        thrownEx = ExpectedException.none();
+    }
+
+	@Before
+    public void setUp() throws Exception {
+		ESAPI.override(
+			new ConfOverride( ESAPI.securityConfiguration(), "throw" )
+		);
+
+    }
+
+    @Test
+    public void testGetValid() throws Exception {
+        System.out.println("getValid");
+        Validator instance = ESAPI.validator();
+        HTMLValidationRule rule = new HTMLValidationRule("test");
+        ESAPI.validator().addRule(rule);
+
+        thrownEx.expect(ValidationException.class);
+        thrownEx.expectMessage("test: Invalid HTML input");
+
+        instance.getRule("test").getValid("test", "Test. <script>alert(document.cookie)</script>");
+    }
+
+    @Test
+    public void testGetValidSafeHTML() throws Exception {
+        System.out.println("getValidSafeHTML");
+        Validator instance = ESAPI.validator();
+
+        HTMLValidationRule rule = new HTMLValidationRule("test");
+        ESAPI.validator().addRule(rule);
+
+        String[] testInput = {
+                                // These first two don't cause AntiSamy to throw.
+                        // "Test. <a href=\"http://www.aspectsecurity.com\">Aspect Security</a>",
+                        // "Test. <<div on<script></script>load=alert()",
+                        "Test. <script>alert(document.cookie)</script>",
+                        "Test. <script>alert(document.cookie)</script>",
+                        "Test. <div style={xss:expression(xss)}>b</div>",
+                        "Test. <s%00cript>alert(document.cookie)</script>",
+                        "Test. <s\tcript>alert(document.cookie)</script>",
+                        "Test. <s\tcript>alert(document.cookie)</script>"
+        };
+
+        int errors = 0;
+        for( int i = 0; i < testInput.length; i++ ) {
+            try {
+                String result = instance.getValidSafeHTML("test", testInput[i], 100, false);
+                errors++;
+                System.out.println("testGetValidSafeHTML(): testInput '" + testInput[i] + "' failed to throw.");
+            }
+            catch( ValidationException vex ) {
+                System.out.println("testGetValidSafeHTML(): testInput '" + testInput[i] + "' returned:");
+                System.out.println("\t" + i + ": logMsg =" + vex.getLogMessage());
+                assertEquals( vex.getUserMessage(), "test: Invalid HTML input");
+            }
+            catch( Exception ex ) {
+                errors++;
+                System.out.println("testGetValidSafeHTML(): testInput '" + testInput[i] +
+                                   "' threw wrong exception type: " + ex.getClass().getName() );
+            }
+        }
+
+        if ( errors > 0 ) {
+            fail("testGetValidSafeHTML() encountered " + errors + " failures.");
+        }
+    }
+
+    @Test
+    public void testIsValidSafeHTML() {
+        System.out.println("isValidSafeHTML");
+        Validator instance = ESAPI.validator();
+        thrownEx = ExpectedException.none();    // Not expecting any exceptions here.
+
+        assertTrue(instance.isValidSafeHTML("test", "<b>Jeff</b>", 100, false));
+        assertTrue(instance.isValidSafeHTML("test", "<a href=\"http://www.aspectsecurity.com\">Aspect Security</a>", 100, false));
+        assertFalse(instance.isValidSafeHTML("test", "Test. <script>alert(document.cookie)</script>", 100, false));
+        assertFalse(instance.isValidSafeHTML("test", "Test. <div style={xss:expression(xss)}>", 100, false));
+        assertFalse(instance.isValidSafeHTML("test", "Test. <s%00cript>alert(document.cookie)</script>", 100, false));
+        assertFalse(instance.isValidSafeHTML("test", "Test. <s\tcript>alert(document.cookie)</script>", 100, false));
+        assertFalse(instance.isValidSafeHTML("test", "Test. <s\r\n\0cript>alert(document.cookie)</script>", 100, false));
+
+        ValidationErrorList errors = new ValidationErrorList();
+        assertFalse(instance.isValidSafeHTML("test1", "Test. <script>alert(document.cookie)</script>", 100, false, errors));
+        assertFalse(instance.isValidSafeHTML("test2", "Test. <div style={xss:expression(xss)}>", 100, false, errors));
+        assertFalse(instance.isValidSafeHTML("test3", "Test. <s%00cript>alert(document.cookie)</script>", 100, false, errors));
+        assertFalse(instance.isValidSafeHTML("test4", "Test. <s\tcript>alert(document.cookie)</script>", 100, false, errors));
+        assertFalse(instance.isValidSafeHTML("test5", "Test. <s\r\n\0cript>alert(document.cookie)</script>", 100, false, errors));
+        assertTrue( errors.size() == 5 );
+    }
+}
diff --git a/src/test/resources/esapi/ESAPI.properties b/src/test/resources/esapi/ESAPI.properties
index 2537757c1..14b47d32f 100644
--- a/src/test/resources/esapi/ESAPI.properties
+++ b/src/test/resources/esapi/ESAPI.properties
@@ -97,9 +97,9 @@ ESAPI.Executor=org.owasp.esapi.reference.DefaultExecutor
 ESAPI.HTTPUtilities=org.owasp.esapi.reference.DefaultHTTPUtilities
 ESAPI.IntrusionDetector=org.owasp.esapi.reference.DefaultIntrusionDetector
 # Log4JFactory Requires log4j.xml or log4j.properties in classpath - http://www.laliluna.de/log4j-tutorial.html
-ESAPI.Logger=org.owasp.esapi.logging.log4j.Log4JLogFactory
-#ESAPI.Logger=org.owasp.esapi.logging.java.JavaLogFactory
-#ESAPI.Logger=org.owasp.esapi.reference.ExampleExtendedLog4JLogFactory
+# Note that this is now considered deprecated!
+#ESAPI.Logger=org.owasp.esapi.logging.log4j.Log4JLogFactory
+ESAPI.Logger=org.owasp.esapi.logging.java.JavaLogFactory
 # To use the new SLF4J logger in ESAPI (see GitHub issue #129), set
 #    ESAPI.Logger=org.owasp.esapi.logging.slf4j.Slf4JLogFactory
 # and do whatever other normal SLF4J configuration that you normally would do for your application.
@@ -529,3 +529,38 @@ Validator.DirectoryName=^[a-zA-Z0-9:/\\\\!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
 # Validation of dates. Controls whether or not 'lenient' dates are accepted.
 # See DataFormat.setLenient(boolean flag) for further details.
 Validator.AcceptLenientDates=false
+
+#                       ~~~~~ Important Note ~~~~~
+# This is a workaround to make sure that a commit to address GitHub issue #509
+# doesn't accidentally break someone's production code. So essentially what we
+# are doing is to reverting back to the previous possibly buggy (by
+# documentation intent at least), but, by now, expected legacy behavior.
+# Prior to the code changes for issue #509, if invalid / malicious HTML input was
+# observed, AntiSamy would simply attempt to sanitize (cleanse) it and it would
+# only be logged. However, the code change made ESAPI comply with its
+# documentation, which stated that a ValidationException should be thrown in
+# such cases. Unfortunately, changing this behavior--especially when no one is
+# 100% certain that the documentation was correct--could break existing code
+# using ESAPI so after a lot of debate, issue #521 was created to restore the
+# previous behavior, but still allow the documented behavior. (We did this
+# because it wasn't really causing an security issues since AntiSamy would clean
+# it up anyway and we value backward compatibility as long as it doesn't clearly
+# present security vulnerabilities.)
+# More defaults about this are written up under GitHub issue #521 and
+# the pull request it references. Future major releases of ESAPI (e.g., ESAPI 3.x)
+# will not support this previous behavior, but it will remain for ESAPI 2.x.
+# Set this to 'throw' if you want the originally intended behavior of throwing
+# that was fixed via issue #509. Set to 'clean' if you want want the HTML input
+# sanitized instead.
+#
+# Possible values:
+#   clean -- Use the legacy behavior where unsafe HTML input is logged and the
+#            sanitized (i.e., clean) input as determined by AntiSamy and your
+#            AntiSamy rules is returned. This is the default behavior if this
+#            new property is not found.
+#   throw -- The new, presumably correct and originally intended behavior where
+#            a ValidationException is thrown when unsafe HTML input is
+#            encountered.
+#
+#Validator.HtmlValidationAction=clean
+Validator.HtmlValidationAction=throw

From 74492fee25b9640c985da28a91db478f21e6de92 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 9 Feb 2020 00:37:18 -0500
Subject: [PATCH 654/812] Close issue #538 addressing CVE-2019-17571 with
 security bulletin.

---
 SECURITY.md                                |   8 ++++++++
 documentation/ESAPI-security-bulletin2.odt | Bin 0 -> 31990 bytes
 documentation/ESAPI-security-bulletin2.pdf | Bin 0 -> 103931 bytes
 3 files changed, 8 insertions(+)
 create mode 100644 documentation/ESAPI-security-bulletin2.odt
 create mode 100644 documentation/ESAPI-security-bulletin2.pdf

diff --git a/SECURITY.md b/SECURITY.md
index f4d5ecb55..bee2b246a 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -40,3 +40,11 @@ can understand what needs to be done to fix it. Unfortunately at this time, we
 are not in a position to pay out bug bounties for vulnerabilities.
 
 Eventually, we would like to have BugCrowd handle this, but that's still a ways off.
+
+## Security Bulletins
+
+There are some ESAPI security bulletins published in the "documentation" directory on GitHub.
+For details see:
+
+* (Security Bulletin #1 - MAC Bypass in ESAPI Symmetric Encryption)[documentation/ESAPI-security-bulletin1.pdf], which covers CVE-2013-5679 and CVE-2013-5960
+* (Security Bulletin #2 - How Does CVE-2019-17571 Impact ESAPI?)[documentation/ESAPI-security-bulletin2.pdf], which covers the Log4J 1 deserialization CVE.
diff --git a/documentation/ESAPI-security-bulletin2.odt b/documentation/ESAPI-security-bulletin2.odt
new file mode 100644
index 0000000000000000000000000000000000000000..c65623126fc7cab343fded85c86ac6b1b636ca78
GIT binary patch
literal 31990
zcmb5V1#lfb(<XY%%oH;-#vC&<J9f;>%nUKb%*@QpF*C)?%*;M!KAZR7{rB$Pdh5G&
zRi%>Dqkg(I8jxoCQIds#!~_6f0f0I>X(hd3Rzzw50Ps)#D+1VB+M2p}I+z+dIM`Sk
z8@gE9+cCS@nK0QKI$Jt3**lopnb;e<+M3$AFu9m|xG4Q!V2k*hy~3;jz(4uRU$E~M
zuC_*YhL$$Y%r5_3Wpc1H4_8u<M1seI|JwygT1rgiZ#fJAfB|43{?@jGUYq~`2!N8@
zcX12^NMcf2CKh%M23kHIUZ!snT)ZLzqB4S#N}_z6vO?VIQs1N`q{XCF6_hoU<Ycv#
zrPS3m<h897^&M3-O>_*+bu2tAwG<3>wX6)aoDCH{%r(r-%*|}vtew1EZ7kgF9X%bb
z+}+&303dWy5Iq5imL9~&24bfN@q7dEh=7FoK`Q(pP1^u{ho9D-;T}H04*qc_{-tuV
zAUQRVrVL0!1EgsRGSUW_nS(4{K`vGx4-b%DaGh6RglA}qbx5UUWTQ=7yGLY+Lv({*
zLa9e;hka_VduG4wPmpI2DAdg&*vBp2$9#cLc1>P>ML}atO><q>Y|B7z%gk!i+HK3x
zd&g97$J%<w*5Sa_X4l2-r+;vWCur9*C_K<7CBQD}muF#&XGy%zafo+VXlQ6uVq`*k
zVpM2CY+QOmWLjE!cxp*xW>acbVNzB@PC-sgUUg<cSw?YVZe3?_YItE*YD0EdUQS+V
zK~_^)X4&6V)mT$kQ`PXhv8uGLw(fUBRcB{cXecN$5tJASN>2lYmW)K#&!trjWH*eY
zw=cyOfwBrd3!*`VnV|Y?P(kfLMay7m$9zlYU_<vzNeQT;5!6%#YHR!K>g}oRov!R%
z=;$B&J+jn2vsFI2*EYG^G4$Cvd(b@t>aR}gug@NAt?X;9>+fjl?`|LKYMkw<KMaf5
z4^KW%jXX(7J5DP&%x*Z(&$=ipKP~@#-B5ek*nU%8d{b8r>}c!j>Fuim4RwHKyFr&7
zLpR+6qx~I=Bfod2yLM;0?*==@#>R#x<|k*T#^+Y%Cx(}2$CsCvM@K=U%ZFq0poKBe
z^2XlEGH7dOYib|3ws*36^myI(=Xz-NXnAyRW9fEe1USC%xH$f>w6e3kv%dnmU)u+6
zfll_;?v7UX{-(pTqtnBK(~Gmi-HX$Mi;Iinv*)XutD~EzL*Uyb@b3KX?eh8K?&A32
z;`8}$>u<V$dwhO)czJ($xP5u}eEXX}KmXncAP@+CybKQjV0xDp6aMb8cIk_fh5y6X
zyf&3yQr0q`5ow4t`Z`8r{cZ5DH$1T#$yT)Qt9wYv3;{RQPq!buG3eH|`M^w2gPPP=
zd;(1^&-BeT>Gn!pbh$*-Fe9c$PDR|w3ol9Ia4Ybbea&xL(dgFk=9pt%xzk;<HJ1<D
zqi!Mu?c|n6lW$yi+1qa)-q(}!wfXwtm&@3O4E-9x^{~ch!(>t7Um{ulMUb_Xfpx$=
zYPodNSC862U_x3N6N@ZT*jUXs^{qH-Ub#ZmdQnwW9*eZGlLe>7YS*nZE4{K#-P#v;
z?9ug0mLQiu+5C_E)B+RQuaBDZAg)idr=Zpz^H+B-`yRK&dk%bokI#)ayNRAlLRqK%
z9x#4heyvYt^z14+=(710e{<hvZ3?ltQLmb7Kdzsw?H~L{?N2i*KY{&rzaApkGd!=o
z=a%htJnF0c+Y5}zh-!%S{O$s<{E0q~)-p>3&_O4+8keHGpNy&)^$r$p=aN(+7{prH
zaD*%E#ajYVr|$Mwual-dHG0nS^~c$*wG$c3_cGTH`gi!l>uFDiCHC*=9?Nt|J&u$1
zP}@|@FSVtHHeMq~+Z`YL%=&MZz;?yPR$IT3`ZJE@s=FSLbr0bUvu69*+IjPK7ZPnx
z#~+;pU5|S5Rv-G;@>n;5XW&_LM{4bd(9yJj3yI78q_&x&4^6wz<q{*k-4-5b;dVyS
zxOJo5ZJm*R>4+&`IXYl<mx0ApoV-=GHV<03I7mtMoGjstlL2ZG)9auXBM%nUKp_=8
z3Q5IB23#BsTj-T1m|jV^=+76{@&MuT+bx0yL(d*}i{0iu!d(X%A5}iTb4FnEy857q
zZ~mb+&mIOaCVVDhC1R0KyO3VpMi)(Y7EQOlnmozVSF=;eKN_)k)tS4dj;8$ob!~v+
z4Gdy?zs<KZW6~X)RVM590Fsrzsn$$p?>9E!JIF78EBwRnK5u;}=gVZ=mTaKELX%00
zS@&a4%T|4}tLeOe9X=I#-}l@7;dRz-fX;r~=WwGle<NR$ku_rW^C%D{SY*Uuu-aOX
z^=%>o3uW2v1LH!{rHXsUi;rtN&`MjBnD3@nJ|BWwBp>C-ud{Q2@#8df%AHMib90?P
zC*S`AA{K?i-<sd5d-IO>mUp(D<GRh{i@(dv%bfeIYzpGlH6f_$h!t`F>1#_qkW%(n
z1s8*Etew6W^VCDnO(BmHhSyQ%Nb2&DW$R<_ttLT8%Ch6x0wbgU9@X-Yb_~%;Scf?`
z<$NHpSa)EV@l>bX#BH+S33*Mn_F6o%M!OBP%->k{GL=f`@&=e{v|l7PAV#*m?ZWSf
zyY6=RBAfDg<i6$Z@Vfcvx+y!XKH2yD=i_=(zUO$H3wm4GtMr|&yE*o^roDjMUHv}s
z$!}9Pc)_=c+gHi+=0jLtOmg_@-{pMD!**y>54~K<R76^v@OcBd8HK~-=b6`K{-(>s
z@|@ctMLX*o)_H;sNUyETx;&P8Ag1@<$bOb(o|8z|3)|rt%Vx~A%3ZBdmHyWWlgn35
zn_8)O%jy@~pg9R$Nr_n5T|sB<C$>s^r(6z^SsI>BA8ba@5FdxqQTn3lEFxX4MS!dH
z9+g3NT88!a4x%<<-N^38?5D$wYrGz1(50o0c_Y-mZgr+b=YDZ3bK9fDTQ+jTcJxKf
z_(Ak8CD(lcGf44Huq)8Id)RqEKW}om>-zJ(IXjy&_Lv8!Pd*>3k@`~-kr0%qH0sJE
zxPtbltuvs-kL3Hce#b^M?;J4S_Jjo*6^U^~=xfP9>!+nn4BmEH5bzV9^8)nY3M%&O
zDn<Ap{d(>cWPW3<uj94ZV>I=9$?FG#hU=lJR0U7}<UE~Gzyqt-n6Hr8(&aQw+gCHF
zWSx5DDU-c)IWut3<M8Iph9S75+#t}d6+d}=aPuZ$Vs~OIJPW@U&T(T&srjnuRoiMA
z$FZ7nynl;Sz%^4rc$x6KM>%CFL$E5a*0M|3iyY%J(k`-nn+@3mC+5+1{nwK+*NRNK
z>`7+id87n2_JZiAk@5%Q-zTx7Yrn%$yX~<Xc14qy1yIv@iY)WTrTIhGk`<1Cx3htZ
zH{;Zt3n`&+3uxYnStJ0s4l6zZQ`cwmXIAc;9+To_PFfl9@E)$=t`D~#1zzNcvE-fx
z-F0?0H)?FbK9CiAL4!#)nG0r^7#UK?p2dUst3Y_C!6b#qex*>HE_p!c43B>`c}p`h
zHu6Znx3g;g%s^Q!d8haJl?8Wq^|k8ZO-i>M!&*SH|Mtbg!0ydfXsa53mpwdU29(fx
zXZHSG;)!*l>^Um^dVRDBR}r-`ME?o|(Bdj!6S(rdlVHuurhxf#^0PZ!qly{tEY^<=
zTaXAP)aV0a#RN{$IF#+HUKgHbXA4&hKJwC@;}h4DrFe+(tOt9i`?cMZiMvm0hcn|(
zap~s&^M$4JHOe0G@)hgn?E4Krj6MEq@Mr4N2FUd&S758dy6kCZ<O=j$bKN;qmR~I3
zIenn7nfu#)Sw9@~Ucaz>-FB>hHFioo-8E!@h)nn$hIm5YIXnODu+JU^>FUcy^M}Dc
zeh)fB&Eb{`OK=ej9<IEE#Plbmqm0vW88=@1)<x{i8cPCBKYp7Rk?%pX;f0umgy_k}
zl*Cvz6K4-DH3U?!%O;YBg&oO|4hisxr|)<UXMr21ZlmDt>#L4@H6GrSwPJj{9{w;*
z!v_zh7rXkw2Rf1^ZpB@!0S{}xX+A|kaH$Y5YHSot!f>T%wwMJ>9vnO@uLx3;5pMpT
zp#s{1k+d;;3{3{iX`W4FaU`8#+!GTI`~(f_S1m0#B=k)qnM{M6O1@geW?GSWN}GyR
zm__?CVolLqHW@59Hi54DOol(?ys*&#Ui66=`xot8l9h)z!#>ssh0;;xInK7Py>($S
zZ|L}^1}M5>i}>&8!b$=eDS-}vS-(dtfk`DmoRC)-w2uR>E)4b;YGmjXan$HmqKw61
z(*!Vf-8LgD5>fTV^r{3?UfGI6$m2{|$Y>-wC_-91R#lp6YUOqdEW|bwTCy$c6qTl!
zf&@}}Nu*}@WSvGxdKT+4N%M-M4C$gTba>e3R_gT$i+_|Utw-6)z$#Ju0`v3J3)%AE
z2~S2-RG2hE=!=HGsq74f5cg#^Hwz=-jjKsJgjABi@`flsEu%Z@5hRcm2BJDX)vT<a
z!W%qQQ9_1{hKPS<3X#1Sq*Rc$>BK2Y6o=$;s)07VV%0d(SL%!n9M2oJMC0TSPRg)a
z6*!rgSS(UkqCF{VIXe+oZ45=Bi_u~@O$lMBELv?qa+=T6s7IZ46v>{x{VD8;%VRaf
zpw8j(^qOF2;@NJ&Tk=aqezD@UxV<lr3L(BPX_Qo3jS-R)g^bM`8l=~~^+kLh;w6Bi
zK(H<<TO7cVct}NpdIJsX#!`p)Y;gm-J8*GYIR|iNz&|Bz=R7X)1{0tR&hEW^hU*WN
zz|{BRZJSV3XHkWz9+Zh71Z#XF##7vkD`@|*cO29+46srOt5yROC-u?@^9W;md1`);
zP-Qv%#wT+qhlZWh3wy)M$E$tYF8VAll#iC1^hFy*nC=_Aw3MaN&f%``;M-gh1;uCs
zVHDpjsu3=nR7PCy;1<`Yj4oLw9-3q0u4<M(`lZ7C9TNJEMMZx=`|2qTk=hUp*lOV|
zjZ9q#CK7Y>Q2mw$9t9lTjCAb$Ju%9Oxj<k^9DnPsJaGq&__P%Sas~Eu)Y$Z@HRq3R
zslsk{Y@B$cFLROs3MqM(6?xfa8K=@Ftr=wz6+-yZq+rAfuAS=U$Ea!Min<*1QkGcz
zUmXoEoAx9)Rs9R2;u9}x!lw)~EFE>-?Wf<Q|ERL_s*xr4D4v}`af)t#_@Oi5m%In!
zL`}qi1&Rc~4ng-i>yk)$ctgi0JYp`}>a@C0%G?N(0p9&GU~e;_o4Mq6B$yb=<s5Qb
zQ!$g6x7^vcX=7c$KCgr)V)eJgB~Fe?>=1+UpI<-q5Xrj|F5n?eYIASq_aV~0Z*KT@
z{rpKI4AaH<g?$>DD5LZWUn<&}GryW16FXsAA)8qi4in=F@*3BnZJ)L9vP|&D8{>u+
zk95R6EF7~a_#E{;i^|Wv@N5wPKm--aja=P6r-rBp5bO#FGx+<)NULMpHPl*@+xhT7
z>8w6;lVPkrTUt{owA)ef`wi<0b*3nU+#>GF4E2Qavt--;O?e)rE}P~el+M4d4ce=r
zq!hdp6Wnv#E$G)L-U~sC8ph9#X#<ND3W^iOpRnxjH}KK%^p2Tzun5?~N)ZPzy$Zw*
zfo#(+0O8Jd|3$xum9RjlLT5GuKD>}XV-b|oP&6?!xWAkKp^AX1J~Iab#7&s@%qM^R
zP9SHp!!EQXb)$rGh*Y}xN(w6dXfHPG<J@J04Jn*<i==X&l~x%=stKfiO&*oc>V$eT
z&@?$hON{d5d&O&17Rc=o-cXDw5wB)DbW^1AeJ$039D$D5yE>s1I%7Ol8p)?M69!|(
zAm)~(QpE5VtpnXR4To~H)%Lf56RxMLsS5#CeD~0M*7|be^w01KNS=+{aMM?3;N}NL
z$Ly{Ll>k~K@p^~%-py4SZ#lJIjN)KyeisIYx1$yfk$dUqMf8XjkhpeKT=Y<*&ELq#
zicFy18=jbIFWs1W4`wf2!?VBI3V}ywYB08KAQU5Ar(-y*HL+xb!^mMCfHWL5LS)!E
zjEr#i>)V&e%Sk?hP5juYPwqxu?C4MK)<=MVoVc<JT~-IjGEVGp%j5Fq{33>G$Nns%
z_ZyqGC?N(nX;yf?1^ZgACpS^#qold<tOjUda6p?kX2{svdDemfTO6n)_=`A#2>Cjv
z_jKB%z*oDVBlaRE!qmvud!T;Pdms1+SraBBsiw)n;46k7Qc(_<h6g7<A~zouJb)6+
zV|NK#d!<bnQ>}{@v)x{8JU*F!bLOxeal`0KI2)tguMHeKbCBf5LkJZi%>RtBpuxO^
zb$4+Q8^~weJ%R6hTRL;#!-NklBm_EmxO-S{SI-{i-z>$j)RdD4H$D#SafJ@ptu`C#
zoL|B4Y>2}Cz^c$~d*%JQtrJTykU!yr;C@_Iun(iPI}xI3+})g;=3$#dm%Bz-t}kG(
zBc+lJJ5oaRT9B^vg$w9#FU61uH-ch3#qIF$pc<`LbkXXjXtUaWIhtZWY!o`M``n_z
z-q^h1X#LIY;bm_xWZbMJWb=_g4^1l)-<LaP-LDLy71&)Fhu7o)CfM!F&T4NbJ<*!3
zJUhu{egIpISRDh~iXmh{cpOzPMc<%yc;bW8=kxmV78s(MepJbmei_C3!$>t-S~?-w
z+(fj+5UT&r^v60<_R<M1g1V|jG{X;5mjP(i&<Nsy@6sU=oDj(jRkW*AeGw%oRmWU(
z;wA%yZsO%hDng_T8b8&*Gqk|8b>xwG=eR|c8uLS<S;P`}^*EYj>&hkcBNOzkqj|s%
zu94Ag{BV$98MhA=t8^0K@1dpK<}Ot!P}=9c<wUU1zG3r88IMO43-i!`i`}8iztF#6
zLZN=qPxc=TopZOhU<Gqp?3VuZ2*KiqO0PA&Ts9RQ24Dd2_mdQaCKinN!?6rLmi0Ag
ziJ%$^q$WwIlnAo!r3M#Ke3e0_q~wWyVzInq4e`+OqD&8lQ)JcrxuZ8oHAzwAtoAD=
zk6o%kGmHdR8SH?pL_*So&a&i>Jd<XEC02ZvFaltil}9Dc(*rH&G@;zlGxJm+$E@JF
zz3zFcC2J*kXMykl*2`(vde>Y<^svE8rF<WTVuz1&>cl|)uxy5LHUj>DKzqs2rv0!?
z-EnBH>W*$|K~6V+VD{Hnviwtfa^{|-$2TFA9>WqJKPyPY_(ya^;dwAW3;on4#Al*!
zqxa9SLHSDVs8QoYJ8pfR9~Ou+h(SWA@tcy%P~QyG6@0n8#aRa3%4R7b&4`P^iE)(p
zy@2lvJKug82e|@xG@YDEc%{qxAXi2mJ0A}T&Pad%T$-Hy6}!jHeuT4}oH?U?+!c|l
zb@#^%nkuFXxbT~G%Ob}-xY$#xiM!e=!v6QGwW>W08hf^=OeM2P4Ht!D43_!gLu27Z
zgut>s*Y>8z@J&s`(RWcSXVal6Jn72ESA246;y#Z`-6z<&64Du3*f0*bI7G8cH3pJK
zH<oxTO)_DMAYR`Cz<DG^m{T~7!W%hvB0PE*TpraIJUG307y}Q{6r4_Sp+9ht12u!q
z;8GJ;+S8Bf=$I>r$O<Tw;CKMx9M3Mffy7vY8gjO>xq+bXao6JWvJ~;8Fd3bKuu9}Y
zVTdRF?mMXv!33yZTlO@jnHp0|LOV_a-T|k%q&${QZ5Z1GD?JSdmj%5nf`Bh6k7Ryw
zgL4Kx9Rf@1^PA~-f*OYa6h1^-k7n5ml{%(6Woig<_fj!A4W)xg+HsZY1KF{H;>rrU
z<hq#ovE(@wB<pXgob0|fmP^5_o%+i_urpNipbEc*84l5<$v|k1ET!P~no3$(W=j3J
zijo_hhB(GDW?U$Q3MDp`cI0NL*8V0#yuHe-Cyd^XW39fnuBwuau0X+xik%%Fi%-Pk
zgyiFm`D3kg74D9L7Vzn|%nYl;ks+0{cS@}xEiAs$oGN+SV!Cp+s}TFdA;MBOzb%bC
zWc*U7c<20ICsgcK=2<!TeCvWPOmxLrj~)=Myn1?#-xYWwoa}kLCHjvT<O}=duv!r}
zkn6@OGHFdli_-LKp;e=6_|VV@CZdZ)h7@?l3h4qSk_L||ur}=G=z`7QGwa9j0{1IX
z$0&ZU3Vjn|86A|+7Z%NeJ6}1%+EEtIkzUG!Ge>Gu;>b&8m@0}AtF6HAyEn<?Ka)pU
znjG+R>y3(Q=qBlV+=w(ZD1pi`Qlg|qpDEPfhiJ*U{&PE#2ICTrxyBWILFo!{t|SB#
ze;_?$nu+N4Rj9y0J<s6I&F6$ZsEpbOZ~}aK2D2N3-Q-^|=@s}*xN_hIuwX&ty*5TA
z&Zi_vT(|6XPhS~^${TEwMp6wTWB-=DqzP7mfSyFgsTN-^x=S`SifSSbiv>;jC5*WA
z51Vx6B-zTvcQx_^j^`vq3_l96i&&CdO06JhN*Tng0GFkb#KbUD%#?xQTHc0z#uIQc
z0`^8gH@qVnjjOpO4S9$(#1aZ`z8JM_Oc3ftZf659TK{SR=dS59qkLUbk$PeMD7r=M
zSdG8a-;1H|p-$1Wck5fviagIivfUvn_U|QUh^GXHU#-3+$G%{K?-M)<Q`;H2Vh*=P
z@v?;54q1_JbTy;Rvl~+a%S1K|abw5pc+t>2l78#ve{RQ#wtK<H5F(@pN-g5pOw4z0
zKFx{!fu}e<H*ELsq@Db}C*GjXpy3=||Hu1$-rVMEuTRv5+=g5bE)V<1-u$AdVD{D>
zMf?8hS!C$U)75LAu3+Y;-2R>Z^XU`X>zHmRGQYjxqR{lV<4Jj`zR%~(9e2;ieLjC^
zj^Mou#K(T)??>KBMKu({*VW|SxVXtE?+=mSYZD6rBPN0^&;{t_Gspi~Wbw0u*Z;G}
z|8_;t=ekkR2juMj{rdId_=)e~rRR;{^#zBh!y4uFEVkQ!Br*48gjeT_{>Lc}k*I#x
z`HN)k`_{JLOS)vPe^r3r=SgBNXoUC5=g;THaqhPB@qTWl-<7xG#>+f!?(g%M+O7KI
z?HR&Y0bqKEz|-PL59le^x5`nRynd3zmPG@FMI#6P7ToH4?(0_mNX~0t;|Y*D$8QhD
zo$n>6l$ihi03~;`@faw1=|AB9aW|6tzT1<Z%lCM{KmB<VPJHp=-gI0)4Dv<$xS1^_
z{_u|__S$<Zdp(F{iSqY<1s*?jdKgU`hvxXckMRqB>=p`c-ZhTo`s{`CE55&%Qa}3C
zwjYmOgAVG?3I$(RV{3Z1<JO8y9+b2d78>mniuT|&Rq4}Kmn7-4wt7!TaTJETezpeA
zu1!<_{)Wg!RJwPAz&ruvxTIc=voU}`jnH(<w6am<ysDozuEu?xa=7+0{~SJ;mJqL^
zhU#G+e}=iv@|D@!8bShn6|yuAqR$YdT+ZeyQOHxzvLDVip8eYapW88i6axW*dMfc_
z@WtOYnp5812XaR9+MyKwOC74jeA(ppjh9kp0*U5C9NsG?Ca3p0e7??|*U<6ifh%+h
zNrj#VuL2*s5nu>Exg_>P^0%CF!jWP#y-;BE(VU&oCHM<Tn;~vJ>hOK7?|$o*<1+Z}
z9*qEpAl?r0u>7DFIRV12ZzTfH+fSck^{B6R+6Ag@s;yxPG3<n%9(`DE*!T24=RN#B
z=T-|}S>Je~BAJ!8lGjA2HzBFOQkF_!jAx&BLkFfWkcnf7x4c;Jyh+@+y-1dxdh0D1
zU-uVPVfKIyB^x+M_6YJ~``Y^$yDMv-a@@ZfgZFknXBM^`xP3_QwDIXj3cX8PY%|xe
zBd<2GQ4|SB2V-o)-TAm&4)^ys^YZgBNmE7kWnrSB&U9(0If@EPR+e!#@y=i$LJIO7
ze8kI`3A~^~`|~X@M{Lexcf(>FBt6`@@lZkwEB`LY7tkVymVfnsaBK6$7_0A$uB_SH
z!adnLR>J)i{|J5M-OFbL3V6KBl-FYnkhJZD5u60m)G=7=){P%f<RiCov{nvfBk1nm
zhP#<V=p3yOr!=DRY6jzF&}QYh_+iO6+m9>ZNC1D>$cH8$!3^qjv>hj@b@#SxdFHf|
zN=zH4P7g&>DQaJvAM-4`_1rXV(c`jX)DT%UaiK}0xen1eoPC2sJ*%j8!jl=WDx$TN
zQVUk~rRGtvcNIEWOx$BtPA@;L!Qr`%+9MRR%%A&XV{K0nm96oiChRVBH+rTC_W}lE
z1Aaj#Z%$k1pL!_C?hqL6I{0X)h=VEh%LpQfVjuS|9*!kgs;87Q3j)%>l9&>R&*hvg
zmxmBgp?`Lp#vgQ#KZaj8iroLxA$zm@)SOc8O?9Aa8UOsDYH#Stvo-2uvLLs3NFm{l
zD`0sfL2uxke574U%UG#bvhX7+*Q|Ju1pj9aT8sxWYFONtIf$Y+nzLwvFQ}VCoEyT8
zB17MJ`)b(F6&k<yf!QP)3=EcOlv%3LU$qm|YAH-I?KF5)vd49Zuwj=kRW?I6Sjmr<
z=S8S_x9v?)y0K{%7uqv$tP$^dHny~w(KeZ!v|+&UNaA#skYpvK*GOS2xEW+=_WMp7
zej<f0ZG>c(9yU5qGFQRb!flwv84p|PKQ>D`)>;Mdb`gTH9MS7_MOW}6aFKo~0BbnD
z@k@-RxFpe)h*KAy4Mj&}O{e1>6%87Ft!3K!J!(z!=GL}(>c_tbNg@b~szGjU$)1%6
z3yJ!>y{sOCBabX4LfuX0*JhGhQ$#7ED{A@`USR``Q1Mumq-;?8X}N>cEw9{sVpm03
zz~VL%+5Rbo=PL;zz`9*Z)*Hc1JhDu<j#tC+d!Kp@34n&ZxpGp;J_xU>O6X}n2CKw@
zgo9W;5CIx3Imu}Xl{)6l)OT$bKSiy)Q>VTzT)A2UYrIdeQ;p%ube#2cFs}bARh(nd
zpaxrSgVb=wxB+;x(JFVJ;}dmHT)hm5DZ<it3LM9YI^Az-bCdR_TFNF$hv}X+vM9!N
zKpfh9sx7NdIR>ecq;)%bwoR~p#`xPqo{W;%G^;CE2aH!kOR7lIAS9&&^GHM{SKa=P
zXLw)lPiV}hia%HwYu~hVj7(Bw+|4oknk<!0*|Rt_4^9z1l9CyI&_+Z0MxZEVw)KOf
zte-3)8bK6{ko6vTTLQWuIn=vZzl^y-Ua{{3)C&-eZgm*1^31w+^HMkSF@0Q8vl|IZ
zms~dV@@2YQxt$F<G_BjwB&>@Kbl%lUWA5oqfZ2a%*ucbw-_Hr$u_a%imC=KIOC&~1
z6sM~iw>jqf@k8==TUWpK*j3-aDX2ez004SwVnWqLc_JDmwI`&sT#>|=IJ1LBQrkyz
zjLxZ)h?SHc!>k5)*JHkZycu?wM|%`6nox;i$x&&cXRQ8fKmyU@xOuIf5@{py`CG9n
z#5zItDrBPEbx|=P1!;--w0d?(|13H)SsA@%vAWEXq57=c>H=c*&z*1AmH1YR0gXK_
z57hZ3bIreSwYTN(+G>%ass&4{=FY5oyUTo=hH%vQ7rivcbfx#QxTKY(MQeHOo46if
z5K1;C*6O}9_X7Kz|I}bm{xZEqV*%%+lS3J$z9LQfj_z8T;OQ4MQPBhqNixgaG+1$(
z?z`z(*j3+?sIx|s)5@Ssu!U+c;w$Pt-!W<`%raF~aLykzdLQ_eL<KHz%>FvuMRf=p
zsUo0i;B5=iYK0)G$TA#ym4e^tRc%1kwD`Lr^ytb2jV7%q=l3_t>LTOas?n>?XRY?K
zq-3LF_+zh4xfl68Bwi5}e)igUG}bvbq1I)r&CWlFu0E}(+95L)LL(|0uBg~a@<9}A
z8<YpW8Iw0WKX8FoaGLF91B1?6@F!@}`DW4rO+7epnN+7f6d;@?M!UJdsAOUh{nNGI
zF?El%1;fi+v}<eZz0n>+!wxZ=U_VXcau0rrUuT*Oe+gxtPi1GiT9_7<c1MHi+4T)^
zHV=a0W|dsW?;GO%3YPJRT<i<2T=fOg%C71*TOfz#C_Fi#KH-Mk8dPK1Agj0E`1q#o
z2zVQj1cM`k-@VZU!DfmswG$~rF124Jtz0&1`2WcCf&gN&`ltc<o+~=Da+7|em*#&Y
z9!bRqorU=TLsXHN#`DD>8?YEjt)Sy}s*EI~L{iWeG7?M>8Ac`u60jC0fCXdbrfPjg
z!l*Jll(9wvi%AJe!E4SXaf^sp?Tv5ig%WGA8Q&AVY`fbdvNfu>Buw5H5MP?d^@bEK
zk`<bJyeQPxO>2#;ntpvqK%HJp?I~}c*B_+ccvYoSHSG>|i?{wizvY2Pea|aF#5s*~
z<RBlry)Kk4HG>T|&`4xZ?u@`!8ov+W7YyQV5HoS-@u&ai$_}+EG3fka#NPY7cl6`o
z19YEyb8ZT>|CD}zwY}XgK&kZi&U_!k5%j$7@!4DN*rH=`Lqt}GCT2h}JIp6sg%RX@
z$;Mcl`D$yy^2Qvr+SfPMN*2j0nrN?v4Z@25K5M~;5xv}>uJLUnv>(Wgyxc#_ji>A-
zTmcr31W3e&qNQ|vc_2Gez-66DDpU%El}IWq`Gp<@VI6U$Q6W~ATxbD8=A;qA6)q0D
zdAcI3h|hM+_Rt7yEUBn0ix-owR3F@G>G-Zyn3Nq*QX6LGu!dMQKQogj-n%62%@Q++
zEGas>!j>O?B1RJ-f`KtxK69nS9%11eX98j1<l~g~7{A`p@jdPYeKrF#&vJbq=I`cJ
zK9N?jt_CnSZAZLB)?NR=NlRvLj$+V=2p;@vg=w&XnGqsqhk53CW;3WM)WKZuMe=|H
zrtM8A1oj}VYw8?`fGLy^8W-5m@m?jZ;!+R^^+zdl;RGR76d3-zYdgCM+;7}n*>YgV
zxvm|uCTBzZPNG&1ruJaJq{=cW1A|7EFm~`8(IBD-p}YulSG))yb<SR-s<hj%*@#r8
z^uXQ?MjLPCgc*3F#+e*eWIb<i=S3hT@;y(D<f{=Yp|rCEHkeBBq5-6IUZmNF7J7rU
z9ZV*sg@r;3Od+3RfbErSbEM5Nv8z=P(?a8k+pYRE8}f>V2jM>7=6&k$-s39at9qBR
zhDYsU2u>RDDmT9Z8<(M;@a03s)S({tVYSEbYhWsTVV`FBLRd+8rx<b>s`M>Q5~NdH
zC?;=atcP&A+BaBJEYI%qc?r{4s8um_w6FM1W0*4NT5P1Hh9W^MWR_;BBr+M3V+mqi
zgTk#e`~}e}okPMB3Gpy<91tR=y!R(MEq&1xSjzIF<g3uc(xP~JoQU`oJY&La;1=Oi
z@p6d`UxT9OOfx2Hv$9K4an~)&ODl<1Vop910jTT+Bh<JpcaNljI2#YjajUd}3VM)4
zF%oKE0D>TEV=N<BrMgmjez92_o*7vMDzY%>H=+!^HkWr2c@$Nr#0}(>8Vp|YCOGmY
zu}v1wmjx+IN=-Tn)%F*Wh{=K`XvdkjhlISPN-vc%i(hdf0q`md4WvRE3#H>3=(AWp
zWMsOFGiC5!;qKWNl*uDy3s0GlaB88wT-o9)uw55vurOqBBX^p}7L?Jal3Xp|S4(2T
z(`sZJw3UA3<#_2X=-<UMr`>+a&MKH$&;0qEhVehu+L$q)#jRAOA+SLLqd}wBWIKar
z$ZI2-Q}ubya%|UbKZt>un)DIS49eE+ZE%JNyG<8C)_Z4WMo5JW!h*ou@uV6{>&xkb
z%nM37VA2QN>T*Lpz*Z^2AtpdRiyL4Tbz-gEi0B@Whwbqr(l>(lNj1LVLeu^(egnrt
zU~v`>L`LM~V=qe=4wQa_K%{6mV#Tc&7|ZRY0z*rh<w1T{3$8^LhC~&D(uvDkA({EP
zt-Dbm31+m;QWE|EiF*Ks^y`;5&sPkX)3#(vAwO6TGMcgshFxmd<Z58Ts1oeYjz-xC
zy{as*U2|LezaeM{(WRY-kS2WKikn@VBQfzLX<x)hq||Rk5ec7-P#V*jj((^qaf$jU
zpB6zhp^!dZx&?Ov<cxRpyfSViXeM4GPS9=`Cj!|U>wT?GuxV~qh<FUS+f~c3=~7e|
z9q{WjYSm>W<7s=UG#^qoL9{M$%B^UI=dR<r!7KGqnlPtBGG3^m919ECDobh25NIQw
zYL#c)9j=%hgd+_NzdN<;HJ~<bWS}Z{*j+aAD&*Z2aU3X<2faG|$I8FcPgORnELE5(
zFS1&Lb{RITHd!0g8xx)?X`gb*tSA4#y~8e2sGoTav6{NmBD^n5G?*$>s8{c*{K<w^
zMf+~DirjQ>wOP}K5JL4ux=i*ElCi)S!j5Q>P|jr|mz-OnP%U1q_3wImkDD7EC!^NR
zzrx6<KF8G@u-l$qQh1_yUe(&eT=EHPgoFzW03h^2V}@0oLb7H9Xm_AoqG9;F1z~wE
z@EqmAU83zvyMEpmoV8y?BcefKW*Yr~a+!#S6qi7SH&}9ziXds9VL|fpIv;Q-r%>8l
zSKf=vqZWTXV-T&;EN5*p*K~&m(rZE&r%uJZq04a{MO;o2^()4LAy>}Vo05Rh{6Sa?
zA-xsJKz|WZ!G4z_`#BoP*Voe@KL<_WNYxsTv^2uKIga8o5S`T<kZeJG^X%pVlO7)r
zD}4h`3`v%HrGhplB^&^R5G!QAPZZS{fuTyJGav`ojXHo4C~~2y8|$!4h@zkoL$_q0
z@rp^;8zbKN;svu8kc;Bb9(Jf6JLvEk)~ox~zGzyIUf!{|K3(*3MUcE%pU7UP7uwgl
z-orJW4qpqyOqQh*I}UeLxLHL>O=~tODgFDOh!PR??lr>|0zjUg=?M|4P9qqY`Wd*%
zAcPcroUxxJzyq*z`nrf*NK4%!YEsEESuE}j6pmb$G8YTh3GNjz!M>%vARawitl?tn
z#Ety;{!hHz#7pDUw@7!6sbyJb^_6e#L(Jz{GFgq*>50Aw%e0NwrOheMV+j$ERt<rK
zycmyi83H0LiOmvo=mZu?lP2h}jZj4<^`SNK8IY!1Qlt=5LTXGqq6SV);2&Xe(JHpv
z&_ksqt+6mrvpONkF`SH4)iz+uRVOo-@sW8}4OP7+`8BZ;x0-#J^cK-{czAoNzd!r&
z7{e(TRb;S}F~1vfSfY-sxo5UqpC`0>1Hi){EVNuwpA%$-!GGqzqasOIB!001U)QCN
zsy0S~s56JX9Tc^T1KXy2_kqj<jK7@kcQZ`idw7zy8Ef^H!}5wgC*CYbLRL)8!qZ$6
z_XFP`uT8kVJjvJK?$sUNZ>qU2*Z|<3%ZZeTApWSB@`mvD2kYbhPLdc>l~I-tgKa?N
z;D(j2(K$@al0MH$Q^`r}*ld&OObd+2z%x}@DI(M4NHusw5)M(r&Bj1ADDhS%vgnLs
zO&GCRO~F75yNx2DYCtcm{2f&gc0vE<`x}uTA%ib^GI+Kj${@q;TSXx_wTSq$xL!$O
z@Tj|pMUnR}JxT1=MK>Sc!a0Sk&8Z%$m9h4{NBNa_SrecN(zfQl$+7X+VY|d3Uu)FB
zWaH(UnPUz)J&k*(UQIIFRRmnK6Jt>2w^pte9o{xN(aVEZc;{nh`tjwX=(BLy*7Bm!
z5~S6GvW_EJ6&cbM#zs0*r+W(el5}PJAzW$JhhZt~dR=JVmYn&YX>p`Max!3=a8#CQ
z!8tPBt^P)IE$xB?wfPP&qb+L?FixW%^a171-zPqf@8#Zwnh0`X73J<t3otM+b`iCJ
zy#Xr=^<AV-AhbP<4-DXQN;q7W=i_L~^AJetgD=7Alqb(Hh24E7EGTW>6I_V3je$|c
zh3gWg(Q^iC^zZ}U78>#ds32H$0@)ZNN`Af+JJzR=kw53RMtDWLyfoZ$PdI9l^X*r`
zv#Lb>$={G2s&@zWrDLWT;sMY8dJDvm!g>oq5np-{M?@wfUZO4ZNPBuoQJ{v4y+wf!
zUpFIOhgesB1zR$B%LD?{ccr=w`86X_OWJcPgc7)D3a31V#Y+=x+VTnwMyg1tdEGP&
z^Y2Rrg<E`DEGk#T4nv}|)gQYKl6+feTT5stBZa_j3-+@b?l~Oz>gd`SiG5)6Y_}47
zXTNR{r1=V-?k4dXHvEX_Znr~d$Ga3ao>Qav!0yS==qzU>*SbdJa{XG_$zb5eSoI^c
z1u!vBje&@wVrWfi`O@=C-OxPr4@`KZ)g2jA_siY;F(%`%C{ItaaBlR1*(5)`>m@Ay
z`Bn7<HyZbfP!~J6ffq-NLLbufW#}l3dW>BS4{eYg)V4=5*<udt$w52Tl;SJ-N{G?#
zcpjtECSq&A4eUzDdm5s!i93Wp#Y{-n<VXgj#9=t<3>8(logh3U63Rse2i(+`vwUy^
z3L4uR3chZ66w-^p7jRI!-e7x6<UXRJaKF|3v^|O#Y_GdHL@!Lcb1IDS`9g~WJ0F_U
z2SR54WFCqKZXK}_zo<(uL>UkX+lc(v0X1j!!fi)JPJsfe#k)YPgo*(BQ6v1O5!!>$
z$zecl9iU)DXj&*%=Mo4E+R9u0c*>IwEdIDKnLj5FGVquq+_<m9{LO3r_mN8!PU^!h
z4@0uM*$4e66{?UR@?m7z&hdv$MKd;6(*_3-L8)DrmOVFCY5HizDAPiu#<%ZEjav-d
zNC<2pYSqh?90!;ipt$+CH#4dhv}3(TCx%qp2>J0{g1!$f(o(HlOD)${yAl5809DH+
zd^?V^-OqE<82j&zx0Oiete*Qn29)f}c>Lbku;gIbZV5tvOZ1I#PH1X4+$3^h@ZR*%
zkqpdE)C2~35`I@IFZjVfR8VbR`F8_Z^JgbZeseZHAxmC_Vv=n0tNG>9HfP46$}FLp
zhy)=XN0OLEr#6j+neBuLlV&28jR>S_=Stp1UYb}qEUPeX^aSDB(w<zeB18+u>^`fg
z@fU!HGz;s>fYQ&hn>Q|%%`GM`AC?*Z{%0^S24<nYU4`ME8a5Wb-!&LEQ|h$6M-#5W
z9Ywy#nJsVBmqgbR@Q`|A-l3f?dy$=p9y4PrISd81{=LKpsnLQ5OpzU)<Ra{2#}}@w
z(@~xrC{S_ohRz)8gQQCvesH2`Kk<kF0vu?g;1WtuL^DLBEOnkzJN%7rgVF&wU&a6$
zb%;=DQX&|T6bI#1y%GJN1oTv+SxD$6lt^hi7iq9*lM@!JMGy@v=v7e`SuitVDyVXO
zwH%sguGC<J7j*Iai7}F@o)Y3&anozM4(w9&8-P6}_raugc)UEdkfdfe!?fcg_F(iM
zmW0~1eR}<zty1r}I$k+Bq|(DFp4!Ypx}y|&7b^c>q2vEMxV)Ak3WRdmzyRi4CnESa
zA|4<ut{_$;Vi5R0X(zC-u>Zwj`RB-gC&a%M8$(ZfR~JTOLt_h5V-o`t8Ws}+1K1r?
zgSb&J*1azQ1Paj5De!3)2yuNd7}*F10DzJ#3@j+OkA&*4Hpk!mf74q28~dN~A6kp3
zy`7n*xvSHEv16QBnO*GdZHx?^nE(H2nc3JIx|seaE#iN%Woc_@ZtBb|V(DUQ=-~Vx
zO#bB!{Hvo5hIXbl|3UBH2Kblm<NBWm_;1!6>>XSk{!#r8)(HN^O9v-=b0<@0=l^W+
z-!u)4jZJM#|IUm3e>$!I=Bu-dp^NMPVe#KCErh?m8r$2s{KI|nu(i4LU60w9a@%?H
zgR1UFZivF9R8gTz=1;z?l2!bnsOFx}*0B~jWQ0m4icT;6D+7o2uyptt16yPL=SKs|
zTV1aa@zPKIcMg8y9sLz&vOsqkisS?p&17Rm`G~0TaA$=qZ%BX8L$)zJ!r2S9vwjnM
z^SVlzHOstHDYKT~rq8^9y|3>}uHQ5j#&{kM6`M$CyYRY!9RO4*WWU^lYOmiUGTmh`
z*!qr;%DvD78->7GYPWDsw)q-3O_}rD_orqvn@iyd`9xQ#m91s+o^t<{?QZyVt3)!z
zmDgBX$g2G<c=6Kbc>NL%qKelUUE>?gmCbmU?`#HC-+RHlCR6HJLn*8M+N?yOa%fL9
z80Vhb-Atn={rrhi=AMb4q-wLm!csn1IRbHue9*zKsWh)<Wl?aIyo#Q*rK7MR7bL5w
zzn}f?pzX6L?We00w{p_2&f^SPeo-A~KiwpN?ml(<5pq=BnQStJlXo@m*2Xcb=Ra_b
zzm}~C+bAK|Y+XL`?zvYyI2qp+n?o(ga&U2Sa)sFrelb_Toy*H!3c$8)7vhY@B}Ut=
zJ<W3;JpWy9Uqkq6zunWpX|_NrZCu&zxbF1v^EaFsA4UIKGBOWQHXCyo8e2ItOMsRa
z;yQ!F#lt$`wuF3Xj%5lbl!F)H%4;2P4Iz>#x0yA;hfOrf39)a;NDXI;hLMZQZKj>j
z2E*RiAYN?LdtL)YUgM;nOvqgta<1ds1A~va&DJFun@GmFZOc%cihHrdD6C85TKr&G
z>USPQW7`oJ=)mayBb@Rr&5xaL?hn5PCi^C&{RXr0SbTbLl7It~v4lR$5)ZKOLQ_es
z2=_~-CJ?YMyY7217<Eu<7)CQK(n#w)?_F_+Kx6TDiQoE7em_HWYO}sVP(ig3HajtR
zCwr$O1_rK{0-kl(aqM|BsXgTd<74xk<aP8tr*+g>7q3UNUi1&~BTCc9#6usG+JD-|
znIN;3ADd-NRQCc51?#WMG@;gb5irTkYbWCl*Di_cehjt@=cs`z-I{$I5IIYoZXoPw
z`kenzxb7t=a(O+OBq~+R$4}2k)~wS-YPbNf5qzwrBmsZ;31z<l;?^i!IaQFdE&x=q
znk6f(+o<bA82fJgHbX5i0YLoNISwh=t~F{%5bzpwEcp2WqV<2d>-jvK20f<sfZlrE
zUqCfOD$?uOhUJY4s-wpghz6;UDYHlWgLJ{5OwCy&<kiUIMEbbl5Ra3e%)(udS#p-z
zF743tlN33t5yOX<>&{9^3kVEn<2kb9VuijILvLz`WZAgE4aKn3sGM7vn1!O9<;ihq
zjQTggHJS+hCYxHqsFz#S%5tp?FST~=8~ckHM`wCelt_g5=|eA<W*Cq(_Mvh|wsn5?
z6O8{R>i4cJcn-%Zx9NMZes)6~@JQQC1)-7F4l8$$9B-_;mq>N4H=Bt-z$Vluw<s2Y
zg*(OUlMs5{*stG%C2^e_-zXqlUAnPow7$_0X&>$Uq!uS3AR*~aQ?}-TsBmA*DY{}T
zcFucBf^PJf=b&1_+d;Hi_hjfRB=bOchY}FwT|36+R!JJ*qNai#p=foZB%QbKw2&V9
zfh!P0WcCF&CpO)DZ?5CafQUw*QP`XR{1(J+{-wHugN|s`Xxvgyl?Z9!ZWnEgz?Ruc
zXx*&T+8dRJ|G|b=sRfINH=cgY_u!8(SK_#imcJu0d}RhktQ<dUE~Q&ssIvd3akaAe
zb>Mx(zS3OCu{IT8b&+b{F}6v?elL8jjq@RZIgQjCTyOcF=uet_@430LF}DT4r!Qd>
z=jLNJF6#$?d2Iov+n;79y01>K44~Ikj`F^v)T{UlWAlHtRs()sKTJ(tnXuh7$ouYu
zhJyRC5aD6rtGE2^`jY=ske4_et3c(S)=AmV>*y$|xe|-ft1qwUUnG4uZ5o)HKP*&c
zF8G`plBVX;R?R9Aufex?tYu(q2J3A1v<H)exHNA2?yn7IGEaDyde-tW9Tf4AqUh$r
zIFa(UqoEZ@#%^_V1*MAmJj6$JQ3K~Mro;RG62t}{@o@_}X8*kDp*}V;rVh^{RIh(b
z%cr#Ae|#8>SB>AVNs$l056HJz{_NabK^ckVn<GTJrwUt*w!PIrZA`DkBe&;jnT;n!
z(ZZiF+lo}*k6VNB<$7EK8V%;HwNXKrnd*w$otTZ6A8@3UtlrnuTNYmrXH?}0VMhNE
z7c5jt^7#X_Xrr2-B97?$8nral8RhDC`O%qLHe)w2XFQ@ys95R0Mf{k-ee!A-wP!q%
zJvbiY_;f?nR^dAB&2f3VHnqI+MX^G}p+Fu&$JX@HUlwk-8&u>DD&lt`P}u$x2ij3)
zm>?GxlGhnV0)S@nNqy-nz4m3UMg|HS`|NyWed+JM{0OGUXLD9-V^!cyM`14;kIWN~
zRm>;WNK{*gnK8VeyqjQDcM!toz$PmmJdJi^)VHGe@w%qOhDV_yc#mw+XE(e|jyBpQ
zN(uf{;N=|}A+{9YCj?!1M+N@dy-do4|K!wR1@<ZQ57d?T%fn+fB7>vFMB`^!INJ*E
z_o?eDgm>k5x)fVHA^)DdY#SqOzm`7UOO1U*82De0S2%atkv~3wJI(645{mN@@`!I+
zA9B^r9+$qm9+%tG6y81_Sc;;=Hh$wAs|}3E?BS>;J0XsXJpMVn;TYmnzUS9F^(B)K
zU-=zNNz?nu>6Q%ZW{~)Vjue-R1IAyICLl0EI91J+5};w#7lZ)RW8}M$TeI9&<Y3Wy
zB)?yPdj^)LVL<J@!;vU`U40J2(V#&M;^ERW_lG-p@vW88Gr=LXR!-oXqT`}1VN|Bk
z?qx}yrl$-wrPY<{t&=L>^Bh6S!{csE9s^Or8pp6(>RCJO@7U&_SYFD@7~;w^vhSw8
z-0(35#@tqDk3^{08@*nrd+Rui^Z@>x#aodDDUGG>*i$;~h0xZWXIqHt*S#r-nxY-6
zOEXFcUHq9{;U6jvcAPaPjFMb&TSKB!Nai*g(~hcDgH;9UHA*7V9EieLUK=N=3pQ@u
zdnFp=s~#^wvnN$!QIkdft5N2!nnAGB^7YvDr%}HYrZcl%=&%tuv+B#Ayi}{!t$7Mr
z#_%URn1QE8c2j!HT7O*;kF=Qu?08F$!RDbCs&Lc6=>G8?GMRrLm#;slIE|7}%w=aa
z%?uxF7FR|x>#Sv1m_)O6+BzuFn3{7K&M7(9O2o(-B8wYl%ZbjI^w8H_xySr#|33dT
z>O+9=DPv+q4!foq7yoaWmK=hXLFm**Tk@Pa#Z7?!p^U)=>}D<HDuL(<=lDLs%9TCK
z-tL7Vo1cbj$89{%vMT>IbKPZ_s4RvG+WsrV-|A<PEZ*!tI)WFcO=#-)ygeSv(+dOm
zn+0iajbkPSg}%(>)ogpsAGpl4*34mq{e00HmGuEBk8D)(6n0;imoc}I=;`btH0w&(
z&~4dm`iF+zmG*Hhmu<-QBjJ8RlM>r@#Ko%P)yuFFPm+lY#rcS4jlqfq;a<~kLW>&D
z*s|~Y7HiKNe8~5tyU3!cA}VzT-sFo`O$M7sLnRxw8EW+S>u1)yL_H-JK=3R{hszD*
zlux*rsq2*{u-BaiuFVM&hPKE<h<6Si*MYS6N-anvJjOB&DJy;x|NZMP=I$qY6uD&I
z^EvH7S{|-4J~qH&-W`&P+X81HCC4#$GKa@na{EZ$Y20M9qJ!~`)1TY0Win;KCKjw`
zg_2}n-OA}1ZruFN<I|;|F45P@eeu@1U+gUyzW6+(HM4H(C)Mi``%5V3A<UB1MkZ-j
zxO{FsgATOsFQ`>v5iM0fm_YQwtn6e7cVwL)#wYki4O+k8Vh-;N<FfAc;36_fNB$w)
z&A^xS9sMwMD~#fm^wjZ_QiiFkTwoTZN>SpU&iH2-A9b&g^bFlXvy0#JPdb!o%9mX`
z{XfRu{BJ*rN#%1oLHmV&5}*7{?mcclV-x5Uw?M$zgRwV3feJoP&|l&r^)-m5{Py63
zm{gf4<Z0Xc_A|E=Bq^2nSN>e~j~ti(FGyk0KOjEro_|4N{{e}g-Tw<B^IsrRNyfm>
z!rDxn9wR3Gox@om$_119uh#w-8}u;6<XC<gJ6}&)oejL&<zZFHoJ2go{-_y6U8zv!
zV`uM0&T^E|WXy18JM>Orf4K5YAJ495C4i~c=LS_JCjx}ue#k+6*bt<1SM%iz3SVFn
zO>Tal0oUx0y=yM`ch75KJ#Q1sHq|NeLyi61_e0R1X;8`1Or!u@)>i1Pd`acI%+=b`
zGf@8<59q$r=DL-ir<5X(%Bv^)BJS@h<0!9%F}7CcCMf#SfFqRlr`>O{@N!ROr=1@c
zO#aU=XRkrGN3UlC+9oWAybUDi)XriGb_Ln;o6%c=Hja@<c7P^ptKb~0sw8@6!<Pwd
z+G#Q?;oQm1ho#~iOP^6nv_oW#>qn8trW=AEvI3c&F1H072!U<>v!@KHvdN6$f<Mx^
zE|a95+)4bl@((a`g;9|J_}DD}qp^1YvSi!3h08X(Y}>Zk#V*^nZQHhO+qP|Wv8%dV
z^{T)3&VSCm@7@>x+_57vBXW+|xifR+T62y$rkID&K-8*R1lw|lpc%g0QekVFyol{M
zo9l4$L;%u#@h549-8RLI<I9*kbBXoX#t{^kkyPpmxWVKq4SC*1V=SOmGDP`Z7<ko$
z&6<MS6hAP!TL&**8?>U6AMhfDh9g?urL#09!o*eQ%TsZcOOw0?7F@6q!wFFFa>J_F
zEsRF7M_0wLO^;I=Xkn%fWiWZ)tb1d(Q?D^(pzdoshSe=J5^8U6@)MDkYV}=1`I|Jq
z{@XNM_j<4|90EnJP4a;5xq?=|st?mpNO@l-rCaVw68MX(3v_ii_O5xH9Lv>pF$cGC
z84H#3geR$J=X9C35=kC#hXaXNhVrS4SC#h))|rb|*SN)XIUJqT;`__8Ixe=7_Jv<q
z4VZQLnl4`#kb@x<=Tm+f=@u}(NtG0{0!po4nTcP@t&1iOMe=pXy;2=0A331nF*U$<
zz;tr3Z{y)d-uYmx%2?*b28AOY#=-PI8RQOdGJf|cG9R_*e0KO7rYYXfMkWDy$CO2?
z%(rh^*7Qwt-kvPh0zkx4P>DpB1N{i$=Oh6@9t0!3FOpM1Tm0phIukeV&7Q+V2Y~Rg
zMuu!UTD%J{>+|}cv$+0a_aOH*>B1k>Snk)J1m9{U*(hC3FU0k-@_Og9G49#E>t*%w
zRW_A{vdj_+bc8TW8`Ef`{KXwvtmru2w+w&L=YWy^=Vb&+GN%l5R2M^peJyqeyh(vT
zaAk)OM<g*|?5^1}?$-+6DVhQyFUA&nM*saf*o@_0Ts|I;BPlt&58bdeDI36w5>qFr
zU;_r*r8V5<>V7`6R^fe=N7Hq5H(=0jc@G{14cq)H6aGKjCMbIY9a$^O*etcWi)mdk
z#-;2%peLjE{KJm=5)DB7skSgW!Q3VVzxTxqwP|iqlI<uMNlWwwJ>gaEZrD~n#ktV!
zTjB2sDBhzcRKE4NXN#(1_&Nc48>CYm5gquk$RRCIl)?ulkUPL{0xPkM$Gf!z>fj7%
zEXn`yW$%_*rcA+(919SeoK;DH91R&@yyr|ffD%o9!K<;36JA*Am<qh`n*{99A}HEo
zIrZLWq{rQ)cp%L1Pd8FHXOJqE-1eR_0QYuZgO_zuLf>iN&vS9eQ0uoN@?IWPO0tkd
zUAT*y6<hb8tXsQtsQt|r4-*Mbptt~{xSh{c$n9a<zvql||DwCN2op9)8i_jD&(Na9
z?o^a@2kFUo^Rr}7)v0yj#09LYKD|&&q`BFjEZUX(6Q=cgX~qUOI|>B*a>|(<B1}L<
zMOOPn9~l3@#~zsO-fw)|0x5Pzrnu+jNz^UEP5vgQ%msUKA8|+0-3kJd&)Q#8Cx8=(
z3fO8B+04q4^*eKy)0!ev>MAwwdCd{YGMuHRG@}v&et8vaC>nh`Lw6YqY^Zq@P`)}5
zkOde1O@4fr!#&8(Sjl)(UnkDc)m20IujM0g9u--bU3tf#--Q)$l4ueLx68feN3w~~
z?QkO>cKEp53x1q0(sl2o^|LfsB0CSpF)&(Z)N0M6E7vA=T{Hf|nzCLXGg)pUzKdGM
zmn?Pd(6Mz{6*1^LF4fvvofn=@h#xO!G;a=Gw~8lALoHb?H#-#(HWdL;7X;{Rmn(aI
z?nW?pjUQg3o2>9JjNPO>Nl;qA`rU(h-6zQ)=_wON*s8_iTWuzK44IMdO?`fp74B<E
z7s+2U1)Ta(M6D5}_hqBl<LK7ABN>>UcqLLV*H_It&meN-n0dvZsj`YE>U)@{x<Uic
zi3k2Bdoto^*L@W}9%HJfGUffML|sv!A%d1gl}i4+!4^YDR5`YX&;#GwQ28a2`{B*y
zcy}w`16H2)8cNl|1e(Ke695E}G5l6OdW7jFH_8~GKx9)SV5_#9)NM6J-}E#NHmW)=
zFq|$>>QH=pPh*X5T2YcAu8JwNfaJT<tRs~2P3~Bv*v|n{b0q_|_P7<iv_^VqXNv|f
z7`u8*4<1!gRIx%&h=oIy`SqD<!_)yky5$mNOQB%|iwEt!vST{GtHsn6mK%WL9%Vq<
zigD5h9Nmqp_7s>2Iia!t7D{@+Z=NLsXQxG>uXnYox)b^~Il%v%9qgClx*Iy;VtJkd
zu^nEIkO_+1HXa3z1P4Cwc4LO!xP%IGc7CpPZwgiz8qhMH3d$t=w&VRy)_JK}8|$x!
z#R5aEk))(7Ype<YWh>~B3-rKUr>5I@?d|@UIb#nRd>DBbm;ZL3Ro>}z0MJ<NymV!z
zX3n7TsUeRZY!Pk09@=J=CZ7E5<#*wynO4|dpX$-e7Tf!Eb3sr2;H6Q2@sA`M0KA~x
z_cA2^-c&#HulZ*Y^-8UfHbguT>^RJ-FmWR=3I?(TraNQ=DK>L4{<z;8f#pf+@>c;$
z#IIhj-_3?xNw&%RgMMP~-*I+N;Z8*oFucKY!olv2sJ_b8&XzLK)m-6w-WzT##k2$z
zW7bi!3<?vIOA>RT_hE=(7y}rHu9Ph03K4$Ft%l@Q8&fyxEhr8dwZ68QAE`+sU<&4w
z@jUUvF;I+pK;!$e2~-LxmP7WE!bO_Vhg@`%+!nt0*)iN1w~f;g6r(Y$Ju{sa7NG)6
z5o$$b*>dvIn`D}**$V(Pp|4T}N&5nfyDSz&ix@+las^a_>;%9$@tbgwBSH8cs&>a5
z$O^6?Fd{nPPo_xwD~bw&Xx|Xin0tX|(tu!C34!8g6}>>n#t0K;v*QD*qvg%W1Lseq
zaEZu??V}(<LWp4_3R?$aGhpYFr|vDkN&0oM2Cx8qW4L>!Riltze2VNN-FsCZT{pe%
zn}tB6)X*k8B<wy0aipf#&X8Ge2F1i|F^TU>&>~c>CDrIy7QWWYo--*a1ytbpD!LCV
z#HXdksd#YHu9N+6C5|XwHw*Rse8vx!@zhb3?RkHR@iCZh16K`V<HuKiMyuqD^)A6M
zMxu#DaHwsBvA&j=rZYGp*&!0AL;kJlYpNl#kWC2(s-AWO{{32ULzvO6rGJouzc7%N
zTs}xWv$DNDAB1`ogCUMRH4~VYg&bUX5lVQ&lSAk^oL}-y#FKaxhcrb*hgR2=iFZal
z1@2j?oODGZOYeg5tLUXmPPSFTh0+-G4ddoYDIaQ3;`=4<NECq0?kDnLz}!KulyCjO
z0hX;fjj4e9Zv8180lv&QW-I}%{mC~PIMW&S3P#~>@<RR;fF9riTMvOgcukr)+rF88
zfO<nmk~y_b{5(Lg>Av|Ri00176#t_5sGC+Z4XcY1@0)Mz9np8`FTo~LiX*VB?3H-A
z2T6MLbmgBYgp{~|60h$Y7g(|_*I}{g<0G@qW#}Rm^lZ$c)$Gq72Nx%T;C?=P1UL&q
zb_LS>vu2eq7C$cd22^SW4=IE<RRQ5T*|K!h%iz5mVi;+)KI)R;RD}StXEdz+<r|0M
z&1Ls!beIm3!B$QQ-39L;qC--kCEzoz%RJ-gM)&At5A%eGc^Kp%TBVGfd}ljzMf$)1
zSOl(n#e^A7qWaPVeNtC|9UwtA%q;Uhhf($F%3UQVDPV;)sCV<K4XZ(5dU2N#`aa0M
zp&oPsVkQQViGU$CF(JX$J%qDT9jJzVD)f~cSRWKyt&Etjt!JP(x7%PeWgP5U%okj^
z;NG_x$A#&REXU?jQdXh@8vrxxIXFOksH^AF2=Ot@319~tI{pB)3p6z9#y3yqife)>
zB|}#w#SsmoX;5k#UEzo7(}ysI5)6bQ?t{97qgHn~28{7TSkcKZ#t9LO+wOcle~7s&
zWA;m}b^1Ylc)r*_CCs5Heni5`dLF4*c>eg)u_5d$z$tKKES?z2Tt=ukI(Q%$hJ@~_
zahu-3eLVkU<txJAicKmRn_6DFO%BM9R5Ho7M~yQm;6Jr0A(i6gA%50|q&60$`J<Y^
zrj;DF%{7z+@`Dr5V;ml*_xjvT-|wK=4mf9{5$x^gw%#>hjWt_;mlen<e-+CF(h$rL
zb$TA-mzuACGulrM^kU(N7`ue1k+aTbo3ymy@;iIfHi{Bdfd+vK1^&M0oDdU6j_=3o
zZ}j}iH?YHd&V+nK(NxlX38vYMX-edtOCcu%4qa^QR2?JuF5f+ran9U+K|DEkzQP^#
zbz`6zNA>PElzT1@s_lpzUGC8jzn=^gM1Fr2xBCtF4qxj8AKhfSpLG!B7Sfl=*FyZo
zcBap1cR@KufcRCB_KZgX?w@<r`LXw2!TvH1*AoN?#sV&cV_8h~yrRKZz;3@zeGU(0
zYaQ~T7|0P63v|Rfn99ernFzkp*NJkxX}p-#M0-GNlz4)`(CMhDrK&1CjSmjy0^pe>
zZC{9djd=qgn{aQEX>nvHcY^}4p9%j;k)kcY_2b^*o2o^#Q$)8Lw(hUfP14}e^*dEI
zB*d=l0UJM?N`pNge0|JRnt3XE|9u9u63jxKbY~QSl)%jvagGQXgCkexPY*PcF9M7j
z_B2}bSN*jM@AsHm{My|r^(#{Q%}o1{$-_D1D^j}?>Vp>uGRFShldxvkZwhP??YyMs
z^qz>MWbe1+ZYcDJ>>VKp5;$+8y5u+Hm(-1XXFl`eSBcz{Q<SyNa59bx*)=}<3}O`7
zkmY2Iw&JnF(2_sNBN8h@%70Gdd^nP&v{`vO_7v>q^x6@Kb{THt5NFcqiYkotiWn=)
zS05Aq;4ZrWAe2C6DF=z64mJ9E=H_pB)Z|p$NPwu*<~{0MwW0iz2$BYj%{97V)LQfw
zC{u~i%YBjAbJ)oPE#1|1E`HxP{HnKba7ejOX=Qw;soqy_nHXWk66@$Z@DLp#NZ#nX
z%VRk`aWD+^jd~Ohy!2Zy`+Uk3=VNrd#+e(|rk|1`ud3T|``)>+LY>(!I!!IQ!)AX0
zSi8|WV*1^aDvO}U;5%4W&TKOpRam84&;4FEgC~3`F2=goF(?m9+wB8__|!~WLn@NC
zmama&$(uFoYH2Xe%l>+W;t&#rcyAK8zeK7+f7)w)gKfrl+_Tg2FyYi2#L-k5(?k0r
ztF{Gwd*x+}@bs3+A`n#`eSL<FNScKCOif-{MXG25d`CWM-|4&%Bk=}ic6!>7l5)~;
z8YUOVAI;yZ=oY?{#+xa1%R#o9x$S!CN#vC5I!SS764gh|`32sCaDUQjbEWz`qHvG=
z)N_O|5T%B3wU0-C#j?y+LWlZ^MjJ1mb0R%8|IG^Ty6xt~H6Q5mEz0eAiV7?NzxHS3
zbuL0@eKX}=7&|&RsQnX~UIXzrBL9zP^TXC`Jq`_JUkLj4Ue+_SWTiAj?J_jwU&=9l
z<m1bPh5#*_r?_z3;rqTDh0-^>B##C0nC8ChjtM|sAxLZ#D)*)2Fng$-<HYxd@#^!g
zvbD88Hct#dGx_#01z`AY^;{XT4blTgI#^fq;r5|_-U-u}HuYw5UkM@>NMHXdUFAlm
z?XcO(U@ucISgeX+jDh~p{Ln#h3stoQqRzGYQTf`-Uft^s8t*G#mG3ekf7qs@g5OG4
z4WB&`&kOVxUgBI^f0&3YC+aV+%}E|@6w0Wz41u`=sb%OJB$Co;qO|WmMG8na>OGWs
zI`4W!S$@LN=Is>32D0CVpIR{>+!tU3&~B^k)_mb)Z?;!~!D8J&#;(0S*y@F|e_-JP
z`soc)f?KqI4KewY1W&&kR-?j7uPIUmqAvtuT(3CWD+hW|0BhYw5G5rc-!Ne=-)88!
zADa}K{)wc1mkWi2y~Ou6_5h5ZAWe~?pW))1lj6@fgTi>M2ytgwFNrUKjwmqD$!Lj5
z1!nyc$7vZyIUOAh9u~?V<PfNGWhW&njZFsi6(SK&<r!6}L8r=7EQ3PveOoOb3fRg|
zcc7MRiYK_zi?8lL4b~`8C~@@mba;4q$68`|G=&{<ATCA-))gkn=mlS{GDzxVKlTTK
z-GbndN94#}8bIrPyX^xC%E|ZptkC_%<XzWPs+6)!aWz+3$;9aksB}`|ui!K}zssF8
z?yI6uRBbvDOM~|A{ab%!-6$e=VO!SliZYI^1ZcZ%=4Wg}9xxYS0|Vm6TOMT8C(QzN
zYqn((tBJBaK4d^xeqW^wMYCEZ*}^w*egPrK41z$_dviuRcMvg<90So~US8F4Rt$>X
zsN(!KC4q6hi#uYYaCIY$He)wy?D|^w!%=adn})<D=pP|*Luwu1K(XDWKYl`nDc}>8
z%5T_HqgUoDdg}*g6qPdg_a=)5qe5(30vYf6l>uX#%lGv2!kZIsE|gBB6K0sZv@}V1
zN3-d|ZWxZTDK{Ri(Zo&a)LI-kh}w&d2@#WjtM~KfrtIW++fE?~#ULV)v{!L{0N%G#
zL${g#gnF&)$`{ZeMV<Ui=J`Y>!K#N0P|eH|CYG>6ThWQ@M$W9}<BMXmPuxOYipfCz
z4S@QaxnUW((bCt%YM<x(gp_tGFC5KAB#A$Ftd3DxW()057>=7wF}EDfR%u&7r22!h
z`OH&}DWE@$1$^+yRzqK{%5RFo0K-iLI`WhZvgKNn113|<9{>QTvJ=!bi9_|#9R=%~
z`qGj&QS>l_W|DCY{Zu^r$lfgAGbqC0en*}a<%cxw;M735O4PpG;sOx)Y?zps%)%wr
z5pSKXdHxPrm}E~%+$3;RV`wW@g|b5-s88n#$1$@v#GC-}nUvBzvEWJa$-Z2A8m7@V
z4P`P^jFQQipue8>9z!%}j;)>rfZ5cm%JJcal_g6xNG{vhwS>I-%BI|MTW}fnbKh9r
zUbUDO@4pJ}4_8vgNemxkj(Zy-&B7SVH=i9>%XN!WRsgLGgCtLTHD{7N>>3?eC8D+T
zNHnsO?_lkd%+HW_ql!#%_^Sm*27gCIzE&r+IUMWKY?>+H;I9|Kup~$8dlG7U)+%K-
zlsQFTSu(8>{`7Uf0MkabIlye>OnK5v2PqGqsYnFeledG?G@qE1)(~(a&D&R5>|sGH
z+;kpn$y&TH@cYI_1I7%h1X;RvG6GbE(g7Nq4&OBl^;Jqc<T4hIH8aG}26qfDc;J2G
zOo}FTZ3s1^)36Dy@$%f4>}^T4(*COLE?If2WCpADh+#lP#ep2CB)K@_V&fR?>>wOo
zq)5@mipetYDliw5+nS>65G^1RbJ9aEu5~ZZC_AY#4kNuQ5$YD8v{&}CkXOZfm>k*}
za^F^pc9~GWCg0rm;Jb07NE+382=_`K*DVr=^jg`t#6I)x4e5adZ+7d@jP@<OaaHfg
z%jJqs;_NOB!%R{kR!*wOtwx-|{zKc_G|*Y~Eua=@!aZU7c-J($Zdz*dQ<Ld&@fBZ1
z$Q6s<{wLvp&f9b^1jAfN@A5RA<^-SXU}IVNs43AGoj){t96z0!&k8du9xqm|MBkO#
z8j_Q#*)pTjs);1>5@OgH$bbu$Xj=kh=LG0|u!HsK$GR=^`bi0U2}(q?Ri!_CXDpd$
zJZB;2B4&}-((Dd(^K?X=__Y1mH)8iTLVC(yN#2y{lmR&0<i1!k#!<2PV^-Q{gNS(E
zgcdGPSm=B}L~ZU&yS0*p6|lm!6b-@UMnc!p5V0MVLDWBtfu%|Zk974J=B9KdMxLx=
zpT1<vT=Aiz80^Lfcc!>wE;n4&5RO@@AYCMY5p~r>^8<GD{R3<LkwP@CjN=F!4|_W+
zL5-q20g&msBhiv;>egN+GE-N}UAku4$ccCRq4E18L=gyeqVcWY5FeTPax@EzdaSb~
zsSc*-q0?p9NX`RwPE$Lg;Ovlgpi(K*0P~s($$RCfC-fMY4%rtQ#Sxb1iyT6jf=|2*
z8}WVYRE}AzbjJ?8)Nl7fr{rN4%>gZ9<dOQU?Qirmq&dlRx_hzdrgoZ0uI9tl2eG7z
z4fD^j?Ff=xmxMr`=R_plXxTDW>?W;xVP<}T<NxwP?db=+fF^Vr15c=kN=%QM=an5S
z9E7-X9msXC!;;cO>a%OWuhkON`Fi6OJ%Pp4D&b<C54%xzj!aXhakHp%@0ev8M=`Rc
zTGPxlRa3|fg!vMo%}trg5}PGVs%p**T<eZ$t;ACZQI3HdTkj!5n#?f9YNZ$^wQG=S
zEu!NsZj3l-s~9`lRonq`@Je44hSPi+oK{oJ@4+CFbg@^}PK!xMdd^Dkji#xxH#H8~
z%PUi7+P%+8sj0=WC>3lXrio7+_A@$<w?E~v6AZ|7nxpv4f?qILY_?mPDLRB}s(=?I
z;Q?GU(SCkQkA$AP@2|)EtiTTN!J+RS3qrR6bG$OC=-8J;^`z#55g)FV=7yUTj^ut0
zzb152#?nV8sem7iCPgq1H5`TqG?>p8{!KkJqa=ndXMe<Qvd?PK`BNe-#6V+n8<n%%
zo+MH(H3@4DttZFAm}CFkJQ!4A6<Ij?$ym=ZZb!ox8yfspywMc>a(pq5TMm)8iA-i-
z)k)lC=z2Rj7nt0V(mG;Vk!kE;nZWRPAq**?KTsCh)NU=MHfF(vIG=hvnXg33=mt~n
zHcvd=82I+RKENmqk2-7fAV+M2Fk^FLW+{SC6e9|=pZGJ(*IsVLr>OZ@Bvht>NBLFw
z!sbPPd$_vb)WA81ODFp3ajyd`lH1&S3x9Z=QGb6e*QI-h4kp=)|B;}F-W8XK?R|;#
zSq<$i>kX61A?YoATDxVA%<r@7?eh=U5q6|-wDpVZh=~UHf4GkSiSYJ6df-NmdVkn%
zP0AD28}taBk5nM6DiVo?Tu6FUrpPFO>AZ4WGB$uRRaVU?WeSNnpI&7tR9Il^jid4n
zOkagOv@Bij<3SCeTJ|I+<Tv#8{ESI<ZP|IRLtJd4DraAGnkshSc#0oK_)!@FdC^JZ
z@r`*H<&DJQ$(_XU$8tymp_Kf;kr)jVisd4>A!&UkXNOb$pFXTxemTdL+^@sO6W?Z-
zexF+PQ&Cc9u8e%f&#jhw@k4*&X>opPDK@{FjaN9AD=ls*&afvKChB>=TC>P9+Sde5
z#(G{RU|HO<U+of=UHQ=6C6IhQTV|a%GYB@z9cI*|3T7S@INTqE9ge^!C}8MwJ<r)|
zQm1X(Q)-owKD+0!Y;(lrKJkN^JCo&Dh(r`PYR|V27ifR{RmK;1{v^>&x&~k!fu6o`
zG1mrH7a@c`5}_+7ii|X*%@}TL3eS4(33KWcW}sEyn;HlhCP<elZHpZ_Qc!%Dt2Sy$
zWPe%DgDh8k&?@EWkC)IO$)+g9N4LLWdZ)+DCyxVBWetnuxNwN0WB#;=ox*op>vAT7
z?xOkQd(6)M*n#083`9)Oj~zb@yaQ~V&Z^eY&F<?R3~+;hNv*4xVGm4;u@D;SC?_?{
z=}a&-M~Ysf@_6H5!bN}XmXno$R^X+2R_Aau;NvG>v-ai2)q6kUD?+ZK23#200D16+
zC}n!!7X;{G0Ud$$jP?y%U?YLFDyMOoeR_WH6=UUfelRLpf{R1v5R+3Gc~7fH@S?ua
zfu~wnp&`6@&5F)k`<VIuVukqdlaf|>OSsDU&7U2=o0XJy)4lWxsPak$&iGV2n%uSc
zJdPfQukZ{_>gke@_%8u|C?(#!VY)cIyz1v!|D^2V|KKP9s&1mxCT!_q(GB^;D}y}@
zs?Fk>x(;gGkJqU6Uc#E(o)~8|79XR#Y4D%FM;wT%eG)5jpzM@R>x{8vt~4&~?){ic
zxXO9;D(?9o{%^?WhR`+;0Dvd>U;N+y^i2HW7hCCBn;9E9IMUi18c!umSqIP~1YUCo
z8BMS9(}9B8laIHV=k&4!tAf(qr6X;3M<@J{FDyULSv;r~W!i~u%(&FU9*w9k?Neel
zpdc9+H*Gqj;_RSpE85^(Uu~wsOUJo24=Bo^Y<IDy<j_eDqG5xvoN34>cTNAr{k@a0
zZ;9Pb9A>yN8UhkGO3>`#&=ZqmdLPnQMc(luH`eVDpC@9Avn;nBO0QX=E2J4e&W}F|
zQhGelF#x+=R%(bT`IkILU*6^Zh;G+HKt8wb4OR5a>UJnh@saj!SM8N%z>a5<sr!|I
zyVJtZ?G90*ZYJZ^_wx=ex6hLg+L=#`{hCH+VN3q$0+W~6lg2wdWwDw+LrUYL={zVP
z06@T(hX4PYp6y`d=xAnb;_zo!8B(`WId4b$@b(FcsBvkd$hDqWcmLr=k?-3X;AvN6
z<tv$fPh1A-^PYur<BGDGDLDNAEtrvJ$oOlLDdFwK03)_RWin{yREG3%U^G+joN=b4
zA!9PvCP&BQqxF4;jy3CrmezeT3P}2>tyiI+Y9A(8QC^d;drUYJ4Fjp0TmeN_KG8ZZ
zDAhUym9JY%I<d+}4Jn7#n$dw`K%W(B<Tj@DCg4_$)g;}R)veuY$;k1122Q!j`?Y{_
zc(sF&MVBW{SZ$l0w*KNetzn9oFO@W>ZEIbx<84C+3-lt!L1&+T?bz~HL;AW5m=c<f
z7j};ZO@qbe&Irt&SA@Z$iJtN67opu%@LQIVwF4iWk5La4ho&v?_aoV{VLN-VZn6_D
zP;~oe=wIx6E~`0HF5kIa(x^0x61FoMS|fOF7&WtrI0yC<z(N@O5vMjKarYcK&l?BT
zsBIJ6TyyRz2={ewPXM82yw3MXes^P9v_y~?;IluS(<iKSeOE+{e;r>P&-iuLVqbHu
zg<h?Am50<p_XBEJgtkg)j|(J+_XkoPrao8P#ugSaC5R6$NylKJVP7@`^*4$GkABrz
zaQU1qtLav5s5ng1Awo4{VyM%TQr@I{B!h^Apa+$X)zPHL>uir{agNvaQ$2sJFrJJ7
zc+6sJdGzDZE?(_%vC(|Re*7zwQLQ4m=7W(K)#mG4FkF`&fU&2W`>qdyeQ_X+Co;EA
zSYL__^1;nx>Qg-oujpsRZ(MWw1x6Pa+Sd479=Wl&ozgcv4$OzWO*HJt1g_dGJF`Zi
zRZv=Y9jbMLZyX%i(%n#LtOB&zO#6E?c|M#h5I33wtSYJzW3S@kKJDfJB}ha%(;1<n
zp^3f&G>*Qow<ajd3klSgOnVjNONTw-(2a4p(d-4jsm(J%O3oF)?(%9SRphp|NQ3Fv
zfWNX@13|jm$)8bfQR%y%u6ooAwlT0K+A{E}-TP+0^(=iwjl0>Ok1C`lfBZ74bu4AG
zqDi;OV!N=%*7$7ck+ojM=nQ)BvtrE|rrD<z++SO%FfL;D8qesb*!=$b?q0oCCz`y}
z2;~D?rSaPkAP2g{K&`9yzJq1M^;~U&k)~?)bUrom!gz*O=9T5uim}@#HL_#jI07~1
zSCvYMarJO;o%zG%=!Dh@mra#qgJAJdZ(!ZPD6pETq3EUF*;3Kg(n9FBquht{WeB^S
z$fB2>GMW=@D_vP2jn?PB0H%7C1nw|Wme=n#n~c~bCHjL=;Uwut?AkF5DhccKzs;E%
zp6A_cuhsP#vk}0z1Kj9H1yWoA-O}z`IO89GnJyAuc0bV9N-fE52R_5n#XmUrdxRw0
zXKw*%I8}2V<n0X>O)rcR1#q{e-w%*hYOM9wOFC5;q*e(m;YLPX*~)3H6Kz;NL{)1=
zNh#ZC`nOGL$aYKN>h$L!kB(Bf%5$cGGK$HO+p<6$l}AFF5k<@5MP~RT*oOrw0lD7!
z_Ry!qAlmc$<3PNLcgl>iFc2HN(1l|oE?BT|$`9Oio+B;uBbw<RdKD0Ny}!m%vRWF-
z>?CaJK?Zg06vy3Dg6D;Ng*2;T0%ChVG3m9LV*@0N7K-O<IkfgXw1#;jz)Aw#_s$6)
zf0>MrcTJLq4r|UOAd2k~c{yt1Z<w!o3`w_Bd-uB1Y4A$6pX#q_f1*m>I3+LD!t>mR
zhg@9k5z!!%Ix49lT(BPW>0}_Chdte4+nI^PR~a1MX8^_K+j6fxYlmv829tOoHJZ<g
z<f6&weml=(%%>&&9QSv;ZGjTAQ;0rSA2j~(O0E<=(u8f_)>5<6@j~;6EF8apE!`VU
zhzTQ;&7gREG}3d5z6M+`)fJ>YoH^)dgcUYHG#updQkPy3^eVi+j^jKnvP>hmDxg#K
za1F>0G~rd=j#C#*a^H#OYo58^xV$^lkILo34Bp7zMpSk|ho)8@R9CPEgahxkVxl>l
zf)c9tPd!2<W|_Ut)<mRMuk<e=C*(wv3n~pUy<dDoP2ekcF-8t9R61SN2i)H+!9=JJ
z+#HG&G9}HeOfP?l^-(PP$u@qe_1Xq#eDJ8sdjfl~W)ygPV*J4<c5qT*pJ$mmBW4V=
zn<D37g~jQ92Uy5#G-h0HhWYkQRX2(ryi3tL2#|BU+kTKEbf>-H<!4=J$5~c8EpF~`
z1BkCPSAKQmtczC@(V9^_!UQ!02U<8&&Kr9vI=<jIIf@mGXdY7i@lw)<moEuu=oN=J
zk1n!v#D-p0VXu@KmIfk0*1h-Ex>8b#NEea-0uaJJC3*^?9noEtNs-Ei?&yX7A%o;R
zHWyB!Ltl~MV4c5yFV(I1hR*Y<#9R1N9?7<lkw-V{{tacz7$wK(0wA>nr7w>Idbs52
ztlVvoWLC^VS^XBEs}BgS5PKO+dsPau(yZL%EXh+#1X*gsxxz=Wl(XhbeLPc`6CQ9P
zr8Rv((v%3!X#K1URIxRNDJP^nPo>t4v(qh8%1luw&YZBlHV}mJk&eCYy%sR-`(}pz
zU~37ZS`HCj;?%Nh$$=~)0=gQIRqAK4u51l)-dH=3&j4f6b$N$JI1Y&l<!`xZj@C_%
z8(>jFPy{hVUMD;OWUK13)7Rn_pGa3UZ_}9jW6ij+M`R%!_Ty4*4~13B4Py5fX^9tq
z7y!^pFi=Xj;8ly)>hUE^6k@%34M^8qD%JS#SDdXpUA0n5$T8kmEAWd{&oglmc3<64
znxooy8~5p?U|-Yjh)`{p)y#8>*E7MUL)W{Fd)LZf#wQFDPW8I5r;b9EGS~QOP}M}n
zH2Tl?t=b5KE5NdX{>SVwKDLEz4TCkhmEML|+R>d4_&?K<C_I=_t*?cQKHdLoTJon8
zk%Oa~rP2RPN-njw><^kzyRQ{Z8xywYkSHdaHy@1G3%SlFt>eqsri{P{2_QRA`uq!x
zju_ptW$D(_whyg-1KvULJP|;~<HN4iQ?IROt>FNI_x3$M+rk0F*YtF11$SXhA_*2$
zbbB!Ve6&4W@D=`5@d1yw&58a_xAV5gk~I|?LkE0rB86Qf8(%Gyd7o>Ss5w4f;XRx$
z6^<0IDQX&)FtONE$Pj%en!@=|^i483blNflTEELF+(vO@IJ0>kP3BSzZP5L~H!sP`
zKo**DDPyM8>R^M|(RlIpj8T-L%+3xg{&YdvC$9MRNVitKO7=$q^7t{Z3u79LuvK5J
z&g>8dG^p|}ylv>S?pQC69XQ7&QpspCpKL_~iqQmx@p8TZg}Et9TbhQ(;8dpw^9K-v
z#RkHl@<TL`$Je*(5~(NxElU$-Td3&i<h^4aZFSz6T2=!wX-3?VM@FKmr6dup@(yfX
z0JLM<)|E51hvi(E>^VFRg(+(Dn)p%v6dkEVDq+@l8V4XKz@|0rcro&Od(+9S?_O$s
zqpqPbyc|AGjctucJIuyb#L97@0~&~^g02ZOfC{jXi#3FH*SSh;g9cziIuHoV){-#7
z8T-;&FAf~L%pPlQJd)B{r|&z)6k#d|HL9fV6YFr~4JAsraY_=dBNg-+PrH&u(6SIH
zKO~$3JWa9T&tL_UG<IU3fx_FO<#vBG2}Vho^Vge4z#50AbHJz4;W;#!nom+40uz)U
zBN%se$hv&e+nvdyKTsYIZKe;EKe={a+`BRr=n44iGR-CWovP}81`a6s`^{*O#We+7
z33LzR&GFT5vxLWQdtk~B$oU8}$b2Y~B^D+183CI_6Cuz(J;Z~hilD})7V`4%L~icy
z(k^c!s*(oYb#PS7@$eex<i$#3FwiS4H^NV!B4Lbl3q(SUbUHkdMEXSzoUp{OcamCL
z!?2p~Iii`b`5Oj4ZF!iJs*zD>^9BM=Nmyc!36g5;hRGv|_jpD0+lIe=zwBf&bLl_O
z2)2uuZ7d%-+<n~nczCt>JoEZE>dEnW-Z|0nd4HSe(I_&^-AYdcv!V*3Oes_5O#zsZ
zLn{xYx>md8G$GeU=*d|q-;srhz&57v1BsfUlfZZnBoKz97(A>IEio~0T))0W#Y5|(
zr#7GN8k@{{@L+Op^RLFnEYbIiC>`*rARPk&bvy!SsfFQaQF-4ByU=bWW?Zhxc%T?u
zgDWIimC!#FQaGe0C*o7=R+2J*Y>apbo|$5s6(ly<vI$sTtUz*sSWt^|+#6ML2<{hd
zX#U1POso^vQM!K*H?A-a4v0()SR9WMbeqp_*Ef==2V#az9`R&06fBOSi(7QpsbRu#
zLTmz}&r6StNwzt<?nX7r;Q*W505YISR4ssEExsYH7EC3*v@Ai7A)gtWleg-0pp+Oy
zo^E0aC&G>d${XlG0bKC3*PhBFOF-?w+vi>-Q_h<Vtj85j3C%CjD>emrxLR((;;9`1
zokhue7apHs&!4Rj{L~Eh+$0Z8dC)3CqyG>WQGUVqC>5l<xdjFc1^dW#i74EoIs%Oy
zcC-#D4{#et<cj!#6Hh|1+QPiS9`VMUfMf6JJBx7)%h|b6?V#uc1O$hBD-cX}Fn{C<
zH<lG2VyE&R%W>A|*jli66}5Nn90U!y82Qyxg)mNB(>~%Crm$TywK*~T4OH5PdG9y<
zE&W5;?L@{akj-I$hdymV6tYcEJkHvI({fh!#Kp~9<l(x6c@9~0&x**74K3gcU`eKK
zuoFlG=$ER}*^1v{4N9&?p*By2&|AUe622Zcm0Wg)Vc*y}YT@Aci08SK))I>;cKZEL
z9hvu(8I2zMPIo_Hf*y*bS}{*d{Kh=v><zGe2qa0sf(&u(e)3n+&&8<4$FHsLr33X<
z^M|?HBmxSGNLcGr0r|$J!c=1cxxn*p$k5~YTR6`axt7N}+GZ&>gO0g*aRiZ#NU-?%
zTmSl5ZMngD>7Vbl9|E%E0<g^X4OBgFHe5wc4x5R?xH6&@{Tu`@cbClOX(18pVq~}r
z`SGXaCYbj?#M~;{`yeBJe1teLI=N<^lRf&fDgXRxWf}1J!R6ATz%jF|2E$;d*c=$y
z<4(mY?&LQUMOUSj;vm#HA_9<;^>wT$T%mY&VT-8}clQS&Zs!$&QCs_~Ejp;%V4YQ|
zTbx7sN5q-;TgpQsb;7~y)XFC29zp#TGne0B`v#^$_cMqe0;hDeM56`vbu|e}79bPP
z5-+u0BBg${C4@X`!y5cRIfAaoEkao;0h|;{$`+=bV$Mr|LC0#S59Zp-!Otz^y)7L~
zQiQ=5%o8*iv)+`>3$gJ;Wft0lC?Ydk!M`!}N{ZYg`Z!!wI9*-oIWe31=S1yFn{fyR
zW?zL%3ConkU`-Cz2Ceu*oFmsJy<6<M&0wT|)hDSRmN3JlmlpHSc&aYqRBxZmp5FE=
zb4+!vbFTqU`f3!bA%uplgZC0I1$zJ~l|J(tE;00QHznPy1c(=IydP~V5xwBR9pP$5
z0!3%^UQpAFj7g;xR->!9jzc${nsQI)NnZAhZxdnabtye))1h^(Ku>IwC9q$TFb6i?
zE}i}C&jS0wev}QY!18Xe!hV!>)Zut%m^X_YYQ;VuEe3~IeW(PF7c<DsI*#I&dFN%|
z(T!ANTdy5(%pfQ$l_?Kks{qYt4pEyG;0Kft*n?#Ev+5<G^DY6YL_rOEbi-`VBlsCr
z9fTLn*6N0Pvl1e!z9fN17#-?-XlTxAw^Jt2rRGxDjpTaza*$?gv|_|^AbM)>xU0{)
zbR%)2(+O+Ft!uxNhL}k<&lfI2V$s(6zzpS5gG@oLQMw4GGZ@Q?+J5!0`vH|r!p>yl
zP{+SgrDV<DLG9<6WhVE=)SE?EBWmIa-*!Lol%O1qWbgG^<4_-?SdPHT6^JklA{y|7
z7_YR!krGc<A)|0dDVK>cq9N?wjAb%BJ_HkhEolw&t)Oax+v&1kJt3e^u^@J02F0TI
z(OE^;`Ya!xwIVi7I1)vOZIp<cu8IS+?EJ!oOJTkNwr6C33nKW1hVxdnoaGiz5Eph!
zP4tF}N0-+S@{o&Z_}58Z`xm#pYpt1CbNw)HVhaeq8fkSwKgf=|jb`~xr}k}JPMnv2
z3CUZsUOQ@7k`q>ZHfOoK!2cmZ)9Pw-USKJrLu{;UeT34o)}ygw^zIgl^PPi*>!MW_
zBdKCQC*{_kuf}XSr|@Da40o!t<)n3m*?{+I+cTDV*eYa7`q!Dl3!20B&b`+s(|vGQ
zm?g{3iiP^ROMS5p5ek-XxaM(3lcJ=!7f#z_kri@yfz(=Kw#0=pGr@j7e&I2p^T;!c
zdi3#~0-X>2%A!@2@B<B$2{X(Y6!^3wjZJT%X?fVdDAr=L%!UH~wmiPFUt}~;8PwrD
zd2BiVu$Z3`sJ%0axHA69|7_a**-R+lH}_k+0hK6JFN!GZ<W>o@?<wL=nWxiNaVWDf
zyUyxl(n1f*{Q=H%8D|?mh5y!lo`ao=)YumxX8r5-0r-8~uAPbd)|~A91r$JPsCm>C
z7}k|e0Qe-MeAlyt^Ba#3PAe8g?^e<McOBn*DGm)v{^V<E@Pm}x02$?4McB+P5LnAr
zxK=K0@adc$xXvh)-AjcRbUOZ*jB4QR=oP;)soB0_%GENka*7)V<-TBOzm}{Z{)%St
z7N57<4a+lLS=P&|hATKeWl?uM?;dNM=kxt{huC*nMdnwKH11^EiyEnZ`5RRrm#(@N
za11{$?KkdO!;-#Yul`q{TEh{7Xs`0u%sIoxoV3edz43F_H0!)hUVx_d?KzMa4#V*a
zT~qRpn6lYY@#kAy5?cpVfuY6Fw@4xZK%&Q%jwMp(d7EiJ;}6QzqPawFgxbv4NJhL?
zaX1pO(zWclnI>+3jxi1ZCmpy=RE3jG+`%bDqZ@N*bE};@=h|nc9<jUCV_)JQono?)
z<WO&LN@HZF7P;0da^NDDZjs69BD33hVor^6E5_8IqDH$HjYrNWezIB!&QHX!Y~|7)
z;5o_%xeW*-^G6=H&WqZQ>Y$FiPVm8vky*|VMEkRXg{Acg=%pgka?ryrykviSPNTXt
zt{6-EZ4Q;-szg`xt<_!`C(M(yyMJP!a)0jltxHQ&TQ|TWz352FDm?#qA*XmorId2X
za2kT$&)p+BANkdC$|hC`3~#Ypq1gMbrM_1)?D`NDmX>Pl`PEge-DW~*@D=!EC_;xe
zTvISHSqH`pwf!6?F`Y9J5rJ0WSWImkK?19Wrh-8CBbtVY-rU8-;#x=%6|0QU=OmEt
z&_@Pk{7KZLc$`8~GVYLkp4ec`Q7b;pjJV(qCxV6t;OA`&fC{f`Au?o~%VNdEGY*PA
zujK8ny1{k-q$Lu;$NKt<$q(Xvb}2`VG%IUcPyzn~O_^uafxR|k`RB(n-Em#jd_R0l
z8Cn=&Q&QF{8RjY*4ne@r{HS}+F!1_JKzFKQ?hhGkwelWmv(ldA@t;D^f#~0E(T&3K
zfVH61^%@H1H!`lOD3i%4UdTligE~vr9p0BxoX)r{YID7a>XzSo-!NX-KEeMi;;frH
z7@}amn#6klzZP+*UyC>y5hVc{30YCP|1U=W6=beTl(8PbM+kc42pVc;Y*bSwmqkl*
z_rC`Kfrmqa3C$tz_NqfAt1cIBPQ-ByzV32^xQ0`)D2EO##bG@R=uUu=YyV-e5}R}2
z@-6}QIyDWo2&KQjkWYC+zuf{m2H1uyFBaV|cqn0i0;oaO04n`v!-to2)sf~$)0P(%
za4`srlfyr5WGO<q#YWKT4&hD?Igq8G4wQo^TJ&D*9+}(d*WMWNp~r7zU`{vRM)0$&
zMhs%sT)t#mNGR}8bYc#nLsx19=G4<MJsh@w*_A!JfhTX4w4Rx!Y~(5o+)4!8vb08l
zA>V~#Nnw<UI`yhhKF~XBFh!`S16x#Zvp$GmII?k*U@Co_LodsfBR%*H`Yi0qmdTR5
zW?x-=|6z864O6`dzi9rUS)E8w@<?waB_pPctrn%j;PZp@Rp-wY;JE)@#`hK74+Z&i
z1pt9i0RDRm;jhc^5Bsa3@V|Tgd#~WXU1YvCmHuiM{BNCu|3djIHS<r=mOrVPzisfV
z2k}3JVE*#_tMT#QNB(b7m%sOknf|kK%Kz3Q`PXy*+w0#^)c*s@-;yu?9p#Vc%ik9J
zA5i`;37G#5_DAaEZ=3oLV1Kl0{*r|G?>K)%Vg5Ey=KuQ-`dcFAzoY!?ui^R+DF2j<
z`R_P?q+k9vhyR50FA_5Uf03&G1Jb`r%KUeve?7O8|A6#QiJAY6^Vd!M&usi3k(s{@
z?@Ns6ACfbF-NS!5{xfCyCt3fuA!vT3DgRIE{@=a+nW_8NXNFkkUz3~v?)lGP+P``l
z=zayz{*l-Fch7&0;D3T`f7^@cKSOW-?)T4e=g;{5xAi#xm(gBM3KZ<mVMt$}oUh?Z
J!1d4G{{mZU8yx@u

literal 0
HcmV?d00001

diff --git a/documentation/ESAPI-security-bulletin2.pdf b/documentation/ESAPI-security-bulletin2.pdf
new file mode 100644
index 0000000000000000000000000000000000000000..7db6b755eff55b28136af02fd87fe92f1480be98
GIT binary patch
literal 103931
zcma&NW0NS_wq=`GY3EAYwr$(CZQHhO+qP}nww<;2jlzpK_eIsW5q<uF*2e6ESWZZU
znx2LUl6bIauxqeoFc*>mj}Fh)zygwsi&o0m#?;9SkMW;GfmX!a%E{P)R>Vr*$ymtP
z(ALP9hX>Np$-!9P8qzJRT0=bcvJIi<wf2tP4;w|?+D|{P(;6&olL+Pr{wN6s?FeK{
z>*ThSC1O}OVb|#HZmC2lzIjzuxE(6X$Nlqme7_gr%Ut8@{M5JW``xwl_e|UM<6YMl
zSJzf>s60`VX7T*;wse<w|Bv0r$Ej`&tj(#L^AAc5O`F@JD(lt^8`}AdQ()y5w1;O;
zHmY~q)=8!3X(w*$W0@=OcD9bk-S_8ptuAjDch8Pb)!F@yEyB<y_qnrO8zMk7?;X&O
z%ZTNkDE(h_y*#kC<Fu2g)->@)cNPVRvBb^+Ek#fXb+s)}<GQ|2iA<`H1<a3u!fYNh
zQvASnKiLlOdLkm@VDT06+!QLg0V;9d&zF<CS=x`YSYJ2CQpUYQThg#Y<M{qwSzimG
z84@~JKgTp$-v^#_0QkSADvm-ZUKlY?MhCg}l6rLg#%HuqBS1!^LpT&bYaCmH+~az3
zQgC(vdvcE0HP;<u%vu7&&8Rh}_XoyvhaAv<BPu1e|HNVdG{DM3{b2F83wsMSAa;mD
z=UtqaiWb|XF-b9AAMG=gX7jlSR7cR62Xk_nwU<Wj#KUtH=?V#SdBn!P2fPlZ%zZP(
zv2bR-i?!(91bhDZ(7oLQ<88p60M4O?1JFL>iZmBID<4&;(@)BYcIXj8e_9HpN=U%u
zsqyLX{%&&c;SVT5_zf9{L->U~<npjw8!Y;OX)`uoaU*7)ByOMpRUVs2oeK(DGy!&e
z0Csp-#7wxgzqk8%VaX#OzfDe@QEF;RBYiZp?ZBlmvBtTUiZ#1(cSgUKj{Uo%Rr*iP
zVbgnb&b5(wQ;@GM!nrsow92F{;<*@l&v5c@jFY9W{7?LCrk*^1@+2l<s^ZSqSQ@?V
zCy=>%&ajcm3ysvc=!LHQXbld><c>#>(C8Q5bT;h&i22FuK`#n83d_A{e1DrcPbuej
zU46}K!=Kutn1x10=lw9z1$6?J%aUaafFweeHiwBOMN}iV*6wJbW1iG0h0R5Lc0sKZ
zNAnX8MEX+_cFx>#&LI$T^E&iYizSK>aEgRY{#l6@WoINS49q<IhA0S*vOPiRH;49o
zyvM-K)IFOLN}V3bAt*FSBaDMb8RPmIWSztmKN3$sxMb-eemPDhz&G5$K#xD_cQg5g
zxgDdLoE4AClO+L&c<8flgrKbZSKWVsJaV}2e3>>&ZPwYu7+%OTH2zuVYBIq%AJk{$
zu!^Fa0>o3x0Q76<7n}o<x}rJgorNUQrcQ=fOBTQA0kJnDj-Fv(MDB^^&`y_|tXp{#
zp`dS}COR^#FDn0$qr=`U6(qdnu3iAag9tWxm{^q%EBW9w9)WW}w^%4>)RYBzJyhO<
z1>2G&R0M{;unp-QTwY<iUJF?Xv2RItUnYThr@Ih@C4nz16)<`VpUaj)m6Gx>hC{gI
zQ-S(sEeGRVd(dn@R(Mmt&u%`E6{8N6sXL6hF21YKlashpv`_{(k)DOk*eLBP0bbdO
zYW)m})`NU(VA+j915P=b9pS!VzMT2w6R!I1OrPirg&Xie{56tf>o4-WI;-I>qv9B(
z9<jc0CuXzr4Mv{?a2`Fw8l^%Mhl@lbcn$Sb9$f$%tsAv62Cz8GfGJj-9MM-+jeXGo
zcNwR6HuAs%DLrkk-~kha%q|(u_~ap4MjPpv;E)h`q1gDMHFKXdT$qq*788g_v+q$&
z)35Un+xmNYj6Te+<rI1?W!|3OxI)rWzcGN$Xq9P>f+o>Ux{a_JilY>Sb&8mF$Rssi
z0geTq4Dwu~>ct5t^>dsgoRu9SNaAFWLSP0WRDgF-+29bV!7Um97*D0`hGyDacHup#
zKUBK#BY{6~as^lEmXV<B0UPN}6b1Ypr5(aI%|T<2Q+Uii3=QCpsx)nHd~|FENX8(K
zYF=YeSmISJGfm=vHBe2z;A|dJc;*?&M75t8M5>>n9vuR!37s}+$e%Z&VCOJfO(OQh
z8=(bYDu1+^@rN#-tcK!@F>iQXq7Un8^XMyN_!K4b^drMY)g%!9G)599Yom;=%>p%o
z{T3!5&-4guFY&X~GVsEFgQ(w%H~p*H=6UWkbGxmU#qa>Y3@Ot=R!mySOMRh5`A1`y
zMX7DP*1e3k)C{3|C9fUIS9|r51zVW*Xe#Q{P`7kOZgtskA~RmizNk`k!*$4$7@L5m
zLKiRhFR5*ATFr6Dmf-F4M$g_ER_c3aQJuOo*Hatz=bMDn)am1;VpK@Gdi=%+-gNOT
zH(5`8h-k|0IN+DntbA%*uYoveN&rT7{XxP~IL7BrNHrKga;i8?tNzP)jqB@7+CfV~
zkQ%aTB#t%rQFE9!V#ka8%{((YSJQwU-A9uNG<Nnk5d2S>LgD$EunH)$=qML}VqLO+
z8-fWosx(nfj)AlJ*<J$*aDI#{)?JdrhWj-J9d)5U5Pi?Y>Qh;tBiTzTFL6DE=gNQX
z;~2afm=#geO$6pO5h|u|w9alv_uxli$YSe)HGl~MfLmem{RON#T7s1Vm*vK<<y7_Q
zO@T9$B!+(n?iD6Mf}ECCZT1pvXKI7!Pc@S0PeazbnN$CGxvoAxZmE18Qpy3snwJ=6
zF`ye-i)%MXvj))>bOpG=NM|Ypc2=27)-C%MRZ=`UE;`SsG??R|jhC(N79O4ZXYi5{
z!@4IAdCsxjv_&;sm7uf=y@Pqkr924u4;OD_IGPuV+gqFZuuj4dqm|0_&1xslcRH&`
zJ~0MGmuJwG&4EV`PSml0Tig0JAMPehrs&X51JfW#c3sV22wWrxKx~)ZJbT0A*1a1l
z9B0@eOwl<eq-t`+Zmzn;^6_bnG3=ICmnbr`+XZRs%Gy3K4ncFIyukCMu3yT%xEMpY
zcy(QTXEB)Y=q00omX@RswY0fT$KfhSB+wBdGvNmC)pNX&;EIk^CB*fMJ$d&=Z}wA~
zM0WqI`i-=NtMt*ndBn=VGPHL#5-hzUYo;zq%D?$gHgritm*laMNvAfS8}%kD<cmYw
zECoaxzlvvq2k;y{$+&9FZb_Xkx8y3QmRhK<=lmpU!W32mQAJ4Sld$Z!g(kf)qMM_o
zlyhUd)jtx2ih^dV0!*Eg{$1ds7usam+YnM;WrS&Ictla)O8$uyPMTklpKrRh@}Y$#
z%@~o|zGsQ{#U~sa6_x7`WrQvv9_N5<u1dhqz=}_*dLeukHSV1_^#?s|>0WD0d$c4;
z+?2L@zc1uD=46AiINIQbkUhd$4|wi8dDB9yK(dfM^evY+QfkoW3^g&VGATrV-%OwG
zNf~YT#|K4Ll0mgv{N~(#mj_v2GAZpK(uhuyUfBYzJXn6ZjJ9nRR;vgwze>;e=HWNA
z<pFC!Khhcb+YI!MA|T7}c-5k7Ry61#D9cmBeEnRl;G%o0X1f%u73z4?OAegxgsgdw
z7DjO~?qVMJ>Qb35K2W8T3LC&lg=`$WGyYtgYugp4UtnK8f&Wg%sZ%Z1v8(#^o1)?u
zbU|esShJj}(RhYc;mj*u_At>;3L$y|TF+ey@d6%`oS$KJ@Te4g+891-h@HcUW0D+%
zm4Z8+6c@9-!E`Q#MG=dY=|S!b(_v-5b!(wd{sR!|%%|9fQH?QGYN06gGe(UK8(}`B
z<e*IuJt}H`(0dYD7t{a3D>4nVW+@JfBRF@$&$T(-z+|lbEstPfTsfr%+cW?2)ZS;3
zOh3QL4RqE?3`i%E@GS00*fXQ506h^48&S5q&R&y{ShbBzG-lLS`SbKGDt1}_{IRU#
zutcGwFaJ4C?!quWhlRgfF3G3Pv9uM9=jixnj%l+Vk7-6PrjqV{YV}%e1pvl|cC%{1
zi$ED{UV#jqH(iggD<eb_gjBjKLy93z1qhSd*KvitP0L|N8&f;w<E=f%{gr2Ik~G0+
z6)`{|+SM&>;`jFJ*PQw7@Z1-mdus&J*v9C8lKMZ>zi<!vFVp`!FtD>S|NH!3A@hHr
zKg<6E`ZsHi+fcP5bX`(@SmkYQMJR)S!<d<)-&tD$@<4k%fTH05=S+U}v=fbs*(iHF
zf(FLtEDaN+qo<>z7Y#}4__%-U3b*}MDWy8Arsn?MKc((!|48;C|1&>7eY`iJy`E9L
zY<j$ZeICE!UJx7~Kj!lCL_XK#EFbzP&n|4$CiFla`*yd}I&|x<n(9AQ`j&j@q<!l0
z{=PlEd42ewBrv5WZCanpkg)#RT<_}dY@=2$Q}zfic;3PIex8fB+4jzf`hE;1wrLe_
zPRpVm^TPf9%pT9Wqnl4ISg|heHX>-yxL&jRHs6fi1$sP2M(PGXXBO{@=?_@g-#%pH
zK=68CN|*}%&5g(HS9*H5qio1Qpmh~AiR<)z8lI*~&fS68*#3J4#X9TZ3c5L=MA0d^
zt~W*9!)ApqBc(}aBOKyGT>V+9;1kUBcHOg(U>+A8C<4_*gB{E0wC-Jg{dHn>`s)k#
z>sxm%^x6LXkvxQ35MRJ}Krt9Gh{w8e3wTut>@e7Heh#pz2gY0A5SFA3-}$XGiWws*
zt#&_q8GNU2K7Vx8#{7D+_t=KVDm2kG5Aez6{FDXen<mVa#8h%Qc!T$CwS(9p!jGoi
z5T03+-EjOi!zQix$8oVGfSQi*jk<BT7~t#=-4svwuD3HFN6fBp$9^|869T$54weN3
zt2^$nYYJbS{(G6eIYP2~BvwjFp+gLA1KGQ+v^;2ep|~*4F#sn@c1kcSpbY*FUJaLw
zQ<y&hfo)TqnSwwrSfjR0iz)?~8$Qf%Rl;4zk(tY)_mSzL!RGU!jJftOI#NIV-5g=R
z*qwQ%XY62oi|i%Db)r}~w7V)kmO%sgBMDN0D#yA_h7LaR$%g`fP=8q?K6$e!)=YPM
z*rv|v!9l#4kF;}-8$3hJ3`BBjq*=XL8<rpaMBP<>?R<GsR2Q)UUVX)J!59BIx9CYm
z-_qL_uoi^L6<v6Vb0|M?$4LL57*^w9uU%Mf1?0CO0p6->V(r`sO40#E%~X!csxgOX
zR!!3NCHyX8M+LOoBLxjiA?t|-9;>@-1o9ap0(6Qf*(Rb4Lur)gxQM~mPiIa7-SKer
zAa=+@t$t-{!{jtBM+0)a7+UJ`L2k1~+rypkP~?v#QEe^nC#`<<Izm2+8!2L27-x)R
zWY7|p;B4c^wl*<yynK4gzM8QhzFdX6#yps1)SaY31VVbiBQmoi1`~c~@9DJAW4qD-
ze1|yE(DAXJY0LdhIYrNMuNy^uTTSddc-r7(th+^aLmsjqdIZa(+Ab1TMjrUP2)1Vh
zj-+#diTqlRb{v*fTdOHBgw6wsl%8?1u=zw|uZtdI)f>yuA13qCqv;eMyVhYk%AUR8
zxO9{@SDB1sV}}K_H<JKn@@<@2DcSpn_*`ghWq&}ss3ygUjgk!*|8ncUTP0798@m#`
zr%~n$HHtd7PxT-TR0s6Z_!uWS+N+u6T%IFZVB*aw&?lB^N|e!8#ekGB=;lDsbEQu~
zYpN{KGf(zAS19^HbaL_Uh;hh?6d>^}j&zp*V>W>eN$FEDB8@2izzx_>f^GTow^P|g
zmtWoB&2=<IOhC>rRw`y)m{D=;C_y!0KPX?`4R{6+Y-+-_L`DFT<L#1l2RVoqnxCN2
z7*4E>CT~#J(ba94jHt-qn$B5{q!im_VA+u1l!E7ZZ1JbX-$*+KZxhiLaeb`@(~+NQ
z_*?Zqmk%;6x6L-nKt58Xjr>D@gJumv3E3_aQ6>e(_SqMxnWT`p6u|Izwj^IZW0c6o
z%SZ<ltfJ`v*QPpaCjPdOa1rD|GsHK^Z7hFQQS4i~K(BN?P9*l&UL|990Icw)`kZFj
zmf3DD=+l1#rF(@A0~E5J)TugCsTEG9NR=2_5p}u2=O11-1u?IY15DLmQXe(}6BxS{
zr8F!34B#{&V<bc3>GD%xt%aISVTpuwB5h-|*XYuOnexd+KPzkA@?U#hCtA<o%bvlZ
z-6z)#E(wz43V)y?PU(0fDM>RdeUe*PuXHEV)K&Bdw)5h9IsYSNz&!dd`^syg$Yv?a
z!mWzq0~Dq-bM0m@*v|l2YfX;Dfs+_sn-wm|v7i>ou&iQu!`*Aj^QCidhBPduU1rjS
z>U@EJCk?$2(5OpyG}ME1N{g60b_?akCG_7f%w;Hn8#@9Mgfl<Pu$SyYic3uNti_iA
ze<wCgBT#QKY$PU@J8nIcBkgxlJJpA?@{|zKpM*2g)Nps2CDmRlbuUAa6h4SL|8NHJ
zIY=fB0k(d%X%#&~Z2wZidS?pu5x<Hk?Kr-QX*#7)*We1K7H8~>M~zLBS16Z=MP)kz
zI904Gh(y6dm^TxRzTJ;G<~@(kncZf^EkuE+%7Y){+0bQK<&p;TTYoRGRMAI}=@(VP
zeLF6jl{nBv=*PS}UKqZ<m^b`@hB^hfcqR6|IY#afXwZ{SK-(T@a}9->rrx8%!TFMF
zsXg7G_kEh4CT)0Q<|tBFe@HUfsmaS<h`s8HwCo1Ac581UeIm|lzF9bz?dBj7=%(ZH
zdm7A`O99}Szs-lotxBpFfC0Q;xeV2*cWn3^M{E;oj(0wib^g8c_Xde%<{GY9moWE^
zO9OOD&$vbT))6+1wJgM8d_61BkbjdGHiBL$=y4f>ohVLYEcnYTCxiq8gZgA7$pU=J
z0LnZqBul0lj-fVH_eEC5{YXt=o&~-k-N3hK73ym6L3IKs5`Q!%BU~&4ULhV4*q-{d
zV%CeSt6w?Ll*>U8?Gi}I(G2SV8oVlqRv|X@m!xdIv3PoxU?T53Xh6vjwrJmHT_s)3
z8)nF?^{t*p7~g(w;y5yj{fuHdA2r#=Sx3c#!0zu-F_mejwcGg)pnN9fG^FQ*X~<$?
zykA({4jZBMjDy6;)fPM<ZxNNxQ&4J9@m+MW&-|dvX4>-ewcc1TcJLdbl@|mKOzXsQ
z?Fw8>!xrx^cM+DwF6b-hXe&hqO2|=JtrjktYQa*f18%z!XrSVO#pG$m{#G=>O5f+(
zkPqoKFlH*P?uKD&$3TxmAx?ri&*SgT_Y`2Ok|uVpx(dZ9WwVVcYR(k!H^&SD{~3ft
zJwJIegiX|FRGEac{vXHByR4>0hd~&>c8J@$r}CI0t%JWwY$Qs$T(c@Jwn0x=+Fp~Q
z`^#o(dX8+I8=Ha(0Qg8`@bGk-4Vc`<kR5-AV6_cQ;70e-qo8Hj3_jpc(|8SlO<X4S
z8`&>fNNeTx<ok}AvKwH~JG<3g_qbo1QKsp^(RzXNEtER`v1LscGhe)V;!u>^4;q!;
zp&OO?S?oBR?cC291_HzJv4jaM>mtSqmieMJWgMSvf$VF_0?+3iGWtf9Sco_)sAd+J
zQ!DBtj$q={G01xKhpL$&=ojn@XohK(`0U64^3#rD*^8Jmccew!iwZ)W(;o%NN|djV
zXLBz%jxw#~;EchYx(aa!q>t-8f*{0#cs8Hm<J3dV`-Qhkmu+*|Ff7UpOs1Hc1|^aV
zGRaEb92`o?g{_tw3owD{+Ew*Erlt!(&jW?ZV|;s~W5Qf?*E7pc4C~B7^RD1R%rTIW
zyjMUb6SSnwg$Rb{<^h?%ekvB}(4DCZ&;SU)ZazJ#@T4-iNB7IbOZ$NEcLjFmM?&LP
zko>m^LXI8`>;T^@cri*A5r-dMS*;R|y0s0-E<EsF(YTMpJ^jmrBK`Ucrd5!3+ptBs
zwsd|J3_}jIuJ<xO5Xjp!81V=?u5mB@?xg5g_>ro2kF=URj8~ivPp6Y&@ILC|g8@9R
z_Xe8#r<hdU5@ovI%<|>N3RKYISOO}Dp+eS>ph;0WO|^AG#PO8Q24jZ#<BA%V2vlUw
z5aw-G%w&<BXSL(9G%DJ<_hP~{aG6SM=WR1bcSIO+HsQTFOnT^dn3#1v>N}P1&BUIO
zkCkzgO9}dGQwbZoUhH*6b>#ioO-AT<nd%HhX*0W$^q}P!*a*@an#OeH%*@+@i6Q!m
zi8z6dv#j8uD8>ViJ3DMrm^kqY_}U{EQJ*{~vB#rFo*bcbCA>2<iU`1Db!(kTtyYF6
z57r)O7*ajP1D>!$nxS~UrqGxR63FXJ61=oMU6$vSw%@AFqQ2Q)eh{HMJ2hVqt=iHH
zV=i;{WbJpn9pC#8zE5AZoBxfN{A(Ql$_OJpBjf)T6Sn^l6ZZcHF<I7}{6|b+wm&I7
zu=B9HC6qzXVAgJK0M?}q@FM%G7!m>aN%%|{dvPU}0+Yy`*I#V{A}>WdC5Z3c-NqDV
zKb}4pePtnk+^uCUZDe}CAD&uyvwjkJluLJi-k)CXo7mc%ls_LmKHlD+MmyQfy+7VY
zV`(?EXFi70B0cF_C)c~mo*iCjC)6GNbq7!n2Z>iQS|h#fZ{GtZWpRD~S)6ly$Kez&
z7B<z-ig=;av?LQpuRu|SYxd!CUk%#W<MMbhW3;%qcoC`u$404WzH$GE?=J2<=G@n`
zh3pK1yv4mC^SqqHKIZVSjb_Iao;#6wWcB`j6zy%^p3C~aFD7ziGmE{fChk!GyxlJ9
zMv65&Rlg9%x49W@*&qSt;E$`RBZc$~_x?R+`vR{W5e~z<(g^mFG^HdMChYubdc*71
zaZ=kTjZ7*`sJFHMyAP^1b9z0{U8x5?b@J82B#Hua*>!}?9KkV4_^u*vLc-pi=cUC0
zWvUx14(<wX6hEYCYiD5)K4b1VZ_fC#y_I<3Rmon>xttGdqfYjL;W{%zX+dSfoDEm&
zcs^K%e6Xrs*u7`}8OzjGZn`NFZJSuK@&)kj$LI(b8UZELZoC-@HZ&Pcxf1C?=c$GO
z=Ou}Y+RxFc1USgC%**FM$xO**sT@SXItrE)7sx4fIjoqOok6dKNh7F>5h~ki7KWTK
zxBZMLd`L2HUCrZ2)-hiyU9f4f2RC@v!WXtROl{haGRcX;`1Np=napuISj&YcmpY43
zU6jDmgG8)q$Z1e_-%+-$2@_#vJA5HQLS2F-m?o?8gTWgy4%PgMfx@DX&y5<Th<7$Z
z(E^Vo2AdRBjXL5%pV${i*w7I@NTp5zO5|X60zy@JMrr?#KVi@%*dqMJ<&0#;T+1R#
zxs7H%(~<wy`1^)ne3T)%7m$p7%i$>OkwQKvr>MKsNfjH81CwR#dzM6^mqr4UCznt*
z54jU5=kd+j)BpXDQ=0}56j&lQ#oftd5=ltH(Zt*xHDuQZ?^flZ2XQ3cm}ix1n&!Bf
zlijvmPHx5o5++GD9!4DIvymrSPb$qCTP1#Zih`CRr*1$xZc2P55w9NQ9Lrp>jq{LF
zm#mKmj*kEt>-y%qXyN6y1<mh_fW_uXOB%MRglCf(1Zgiz!8?XyD&Oxp_tFGVe<05O
z)UNaLMJRv2R@szgCeBeIUjGM5PW|JZItwSYT%DZyl5b~oa<3)boVwF@N5i{^6(_<(
z3jwnx3X}x|Fw6;}YUa41$_^qJzK`T2Kg>e&5qNkEMU0XY5~@<yH1Wwnd;vA_JBJ)A
zWtn*t-Z9u3w1)-KurvWqm~S1qcbfwGP_BRg0>vn6Ss6yv0;2A^8gMb~8A?jLd5345
z<s6zPlq5j;ydwu=5xhgke4l$%I#xfCQ6}l*RmSL<U024?Mt6U9!30;1w5%w4V`2;P
z8xo-@eiV!4H6Oso7n|D{MpP|p94l_HGzjbNo>p8E;Asu!`N(plMIK0ozYZ{xkSC5D
z3L1S$G|M8MeoH5=9wVp-;vKNHbq<YZ-~jYB;Vdk9wA7ZqIZUx7^~DL;ayOZ3_-<(1
zwz|;hkh)dc3N;7--Px?G%%Rbg$w%(^Ipmi!**8#tH(y$uZ{L2W%B5i1ZBr;y4<^>B
zd=)D+q(ez6^*N+z886%a0a)qQ_AOrJl?Xz(niPdn4XmukgfWS{La$sHV`ZlYWsTX!
zrx6sGDE+LCtRTms1oF_t4JA2WizEw{L!~=^0wr48KxUSzPSn>f9dZ@#IwHLcEWl|M
zcwYKU97$--aa+9iD*VXb^!r*?s}sy;f|z)Iz_3cb<oL5pa%9s4&}H593~$4KQ&Qb=
z3U&-ew;p)Gc!L4JW#=qr+_kzhu7H4+4W+zovaU!y#h6N=%UXq^qmL#Eq6i>livm8{
z76cjrhq#49%u1X|ZW9kru9{Gk++Cb9zRs!XQEOcgSv_}%0$0J?nOweVnhm?i`Ep>*
z)?KUIyIu0aDXxy_^cHqtJh2CMkQGc{bHhgEccr=5z|&~uVUMI0d}zaOP*#05t`V02
zjB<HgD*X0)^4tH-uW6HiF&w_6T_UKl>ez`G5~0n?B7poUXej>B)OuT2!*XeSj0BK&
z1_Ke%l%vk7Mw;}_)6sPy*6dFqa5!MwZa3&o*`0TC0AaNafq&7%$y_za6!enYYu7v@
zH4)xmbgiMpgcar1QY7IP`JqUo<-5E*Zkf!NNA$(+!76qzfa(?yZe#JtO%!!wWQZD`
zxx@)`VSw3`6<S^X1wn_{5wt$91!;AQr8*gel~KbNF*^UMbv8!+d3xWKCsz&8H)`l?
zU&b6ag4}I*qLCB2`A{s1ZTr*NShCopYFs}OqA^9R(3n!byUsLvY7Kgd<07Jd=ZV!K
zeyTlbytqDwU>GanM{*K<xpvG#_NCIRl-z<c@fg}XfFxzkPV;u@Y~AM0bFLz?u$!!E
zRE9zUgJh1O+-@e?M74*^$w@c_JoPw{iw9D^G~*dMXvOwG{`fpI<_mc1sCPe#Qc?lN
z2=X<4O_+dGl@`+|+nEA%*hB7M@HY^=Kh@UIh^GJu%V=+F$C-6gnIhDm@P3=v=yvcq
zge4BE`&R#kbR)Mct?LVqrM3gFsWN0<fC~0nM7vowtD8e}u25%3#Gtyk)XBy%4v?IA
zG$Bgj1gMM`0YGU1-hx>HW~pfZAn9vx9h@nrU>nII#jUN7x&iX<@|muSJ!<sI$#M8#
z9y2m2=QFKwX<>bG%q_~VZsq$@yxGe&k%yLWeAk2GLTwl6-{`db1|vUm*SL2wl;$eA
zj_RpZ(DYA7^pJqLG}F!jn`v2Ey`MNk0dwv%i_*NUQtR@OcGUfLq)~JqTvH4xOUK5>
zKr?H9LCtRTq9ylY!9afN=-iYc<r?jJ1*W+G7eTv;*UIp)FpGCt^|>v8?8@Z|98nyc
z0}mFBTAZHEWh&SnTA#;|8e6<~A}K@J4Pz7lE=~fG+Bm>9c%~T_3l+{x8S$uzb_I&U
zwbXgh^y7RRe5HDXOg2%22(JCWV219uFp+Qp%-L$jX3KOqXLA~_*y8o!Vs_x?ni{>9
z*QZTs%IfBTIrrLhYmU{p$6<K!D}BGnvb=#rYUBC%n<Wmpop^f`8^Fnx(7gIWgP<YV
zL`%u>8hsW|)yYHHWN+|nG7aq_-G>MwvfbgfH?xLT^3zWK;%@0jHE<^9+0wMwDXJ!D
zQ?I6K!hBamAo^=Ag^WgRKk_@YR*OeBON4bjqrlUHi%$qEq0N>qb{VgdoYH%vi%cNP
zPE|$%;CfDDcSh+wd#Z*BtcrRKtY!Iq2CpTgbu+x?^6+HG!eXj!pSFOdw<L9tPTy{-
z@|OO?Jy_j&%99U9Pt~N9fce=^>Lgs*ar&5?x-mufy*!UryOP9(q5JZ2*mv!7u5r$b
zQ#8`>vx_-T&eayQBjh<iF&%ufNN}&q0wH6C8@SN@8M9Ne{(uDrB2<4P)U%5AlzZXX
zen2hm<tmqLB{7RO;xI*$6SU$m_n0?z2uSH-F_X(A@DsP$!jN_=DricCRF_tP2&W~?
z!JKw8q=tq$$$WPelKD)&s7zvF8yX7m#bilog~a7>ko{rYj_dM|r=4DhWRebXR0?%*
z5n*nT<f`#g;*A8Qg$Lk_P;702l1|pbm{yXh!c@qojRTO@&@a&>V>6-SQw}+0gX;;2
za(qI3WK;)6mek55WNhY-60%lrVKb#rCZ9R9Q3K0_qGm555wW;QkkLQxQJJAywmrVP
zCyYdqNh9G88o+@`{QeJx=nEk@ki1kJr=bEDP_;916&-a8-$PKbhEz^o!VSgLl}zBu
zh}0Y)HQ0<MQ%x#hP~o`(>8SL3oohkFmogc3K7o*WTS3p9dY<Nv&S>>-qEmH}`m$-<
zu+D6(Y^%K~!VD_zaAc@X#(JD!kp&#Hb+K%Ge&LlG^K))Z*U+u?no%d=P9-P1po|Or
z)NAFmG^O!eGse2(zM*9#?gIGY?^l|tDXr?gftR7XNe38B18x1l2WSBepq!)E#$|j1
zY!U>Zk8c46Fo)h_zH?W2A%f}mH^?1iwCUha3RD_#M9qJc*kDD?Z>vzyFM^%*c>cy{
z3=Qc95HjfyzhQtrTDEIJ2qNJ>B)@FGAs@8ca13y(*U-uIhcacTK9~nKl%I)1Nbgdy
z0bM}A8Ui%4p3<-DCJsWUFI9@1OypVI0xNz)5b6@ZTQs^wXticYVt(MKNK%8IQzvpD
zcu!|E`^5q+$wtjg>854F1+%>-yV(tKs1Ih_=X8P0G>$3tSKiqu9C9ja2y;ATPuNVD
zVV;*~@)jKzSB~DMP>l@C5LbMg)w`PPaH12kt&Nh`?wKy_uzstD#1;zXW@8elx1T+Q
zF8%_rCXJT=H@fw&NBx&>F*33KZ{4D&{}11y|F;(Qe=C74Ye>c(vOxFD*50}M7Zngq
zvcUftn*{OLbn(N9$l2Hi5^m*tZSd_yDhD&3lwjB{AOm%evQk_cjYSd{zRv%Acu+09
zoAtj55qHhy?fQDF`DBc$xOudtJzY)RIj9cIcoBU4uza1a;`F<DK9mLHCih+f^X9y{
z^X9tQ;#WV5Jpp)W1ODZ~YT~)M0<?L$iFp%Yg%$-5Bmy?^0=Tnh^w4*T#kd2CdAsC_
ze^iK`KRv7&rMy5X8RUH2n!xe(`Mx=R`FQZDhqo^ICR1G)P4;_8SQh(u(!ss6D1&%b
zZk2WizWStKn7DuvcWT0j6@26Pt8!le1^g!}C#G|rb`lR<Mqnf_Zw{KxpZJc5{zagz
z06YUaUv?}r$Tf{#9e<0nkgaEi;4R#W(*E)c1`%&}AVlo2#77)`JcLX&SRW-;@e?Wl
z{O#9<EzU=s`vg|;&n<y~6*=$<CWU$8R7?p-3+q9|6#L>AQDQmY>N%xZ(NN0UxY#{0
zRESi7R2cfTCY?|N9)KSO!hj_0A|>hI>u9$XARQFa-?~_kf%3l)Smp)el5FnvI8-nu
z6aedl0)d0FjAuIsrne%cP#jMtwrGTl{>HP93J7l3*L*agCR@e7GgaAO5&Io25T+sB
z+G_qy%%?DL4|MdP{$5_&BoFSMWQ1s#_4sKZRVHHi5^EA4Sh_??m3fGvfs{vXp|^s{
zQbrKfmnr3#r~^|H5tU`_b_S98Nd5VqY%>~%WIsou#sC!EG<o|ChcoU##y3<=)?(GG
zo6&Y?Eu@%dC)whWbHX3=uZix#l;B9q`Ajtvl*lEpm6wMfPD!W0p!7lcB!K!<iV`C%
z^|kF?2v6VGWlO@q-8OF>1<R1<ngjE^u8Iau;8;w+=^Hxt)V3uf+&IWn_FPsDMb@g!
zEeYV~%K9b(v}rlilc+{dlax`K!i45+Y2&so&F+gT67~4+NPO0o5rX(ladfuO`+eaW
z!Mg>a5Rr81k<uI!V^`88Oz-mOg(xS8>LC=@#I2c}B^RYg)rs{|xC5F}vI*`N_!S+l
z_aVtjED~>_k(^yQ?!#Ehf+O+Qlwo)UMs(s1zUM|{5y`m+Eg~9^!WdZvBAV?mf864v
z+ICg%)rHkagZbbILB1Z&h4srm5ox@CuOly9{N8*ooMLgGzGH7fljEg$ue61sw$fv3
zdu=n9qu<oZS%L%f<RF|`fJ=2AE&hIExcAO#-WDfn=<DD+yONIw7_kU`9Vi9lp^j&9
z)_I@*D&iFVIZOa$U4$ysD)$?ENGoKASER`nED)Ou)U^Wp+twi1sJT6~Lop~7<kbvl
zYi<h`ojluk_bzTDiXE5vJ`D%@)lwi@TPf$hPi<h}!ba`bDqIyO?zFS=9F#<wvEe8a
zj#JM^*jsIC&<US+nT~dPnQU#CZbIDZ5l3910m}_8vtm1_m-ujZX<nPUG?NJf3}CM*
zSuP?6q;Mt-ZA7-02Si{9Aw*+fBo7uU$(L7OMXBmGsf~T8l0kEYg_B<OytK2Qv`uTt
zqSB^7Q`Asdh9b0+{lc5-j&PySmXh39gKXS|p7WQ!b+Ml{EE3`<`R^D(RM=I#{G>H7
zeJq^C<(XrslFJ=-s&BLs90yrS1;w!<{Q%0-Lp18gM>4vJXK(QDFB-|itn#7hc22q_
z(V!~i=u~Rx#WB)zgpN|@LNyBWNjctTOM&ub&45bm#eH7a+J!O7U6>_*uMOu9SWU6O
zLn52?ls%+)Hz<p=dphf2bK!aGXL@>yj)`dRfmV6v+MW95H8nLbRT%|!euGRYlU?>f
zGvzmaKi_bk*$uG+*NUr!>w4q7P?mjz-Bgx!{Tv(WWbFQY5<}4ueJ$6#o-U7LNk3HS
z(fy2O&m$J2!fv~3k9IA0$j0CZQEa>A!_eIuF-(pcExmlA0g6hw?>ej}LC<hPQx4n3
zbeFyRPQArtcpzA-SwgXiMA4VZjb;lzU<5cGW59F>8!)I%_H1myX?Gu`(!o2HLE(lJ
z8P&(`ENW(fyU<Qa|3kfK*tp}oxhI)zaCJ>6*8{mMklXn&pu9VdlI1ohx-5nZQo8Jr
zOv(cTmIOm9b>&lq68xxeqZvI!OI8L0vq=PgTog7L1uFix`31=*OL?KK42;E4-W(aJ
zbBq+Szs`|(_A*H0zRtGXS<vn*8%rgW4(LCvr1mh+v<rHFAqT2lGnv@sDjVrogIT|T
z{{2?K0>t5<XU~j9gNlV57rwWdJ;ej4fi@)2^C2rij3|qe)gxWZioP=zr~60?OF0@*
zIC|e2YEo{<><w8Lg}zu>$lM}D%URi}Z64n<o}S8U-DU_TjQt?H++}8qa4WM*h?Zhg
zN!2C@o|{as8CK)CMrPytnrL&1jh%Vr?fIs1>NQvruZ0b3BfyKtDlOPAU(z<c=Z7NC
zezu=M;VAANC1Crq*~b00V}%@7Ei|hw>fHf6Gyq)N`D}Eh%n`v~qEI_+Y3oXYTXuvs
z`(9&Z+PiaV0KIK*x|y5@z-(#L>_~;ys?uE*9afG=SK0i@ir%XBD=c4<#tJ(7mwYa^
z!`Jc@wx!6ggEWvDwaIPmj$d+s2*o0PDG_aIe@Wsrj~^~b*I{K^<4>*&N^D-^rHH36
zo*<YC(`2Fr2W>ozkA{v4l(5UC&9ppY;%vi#@Q^_LMdj6-iAG@^X&Wdbnjk~HzWMkV
zD#~Z4X4IkP;e{jp=?@<pc4ZA}#}f~(9b`t62$~D>dOCBRc^|^wz1^ti3qagf)RK=w
zy*kut@gc|wzkeE9G8RQ00!`Tetf{Er8+vPFBMkMM=RK(Cw7&`hVNzAQ*iNm`ozz;(
z(_kLD?DxH!Wg5>crY2*`%$A6zckdP{*B@hIXn?&gQ^R^(l0fc1Z)^d7=b8Q+;Q23*
z`ImSY=-K~I^M#)2KZ)nxHq8Hxc#bv3V+h+3x>r@ttoRsOjVJ*5`I3tm_BPi*-t^v%
zVCc9&xl-S~!3f*9XvE7sPfVCPIwI4>K@HvS3B;TiLUVV2JmsE7EgjWZ9pBDxZGAtc
z_j&D=uzfyGH%C`D56+gAtxKQpo?8cPd8hd=2UmH2ywtyxb(7jNBHguOGk$KHdOIR@
zYF-L>YeoNx4A72f#oiRCcqH%edSIyXaJfE!aJzCrNIMsn(>x^YK<1jMh8X#arp-Js
zVrUOAP>vhS=>JhUWqmXD!TI%+ZCuo_%wVnFKWrrnjVdbEPOwSN4%>RloS__p&M~!n
zX+)GJiNV+pk0N=8;cmc{uc5YF-UA}JG-fl+x>jtz)a~*4eR=cv)HjmorH;lw?C2ty
zL@tH`o)9_SU_2+e?Fw6{DL&NLh(e9D5RZ^{956Am5A8sbG{KA%8NwT`qq6nE9a@mD
zBUsS&^-?^V<sAj{ecR6Dz+&e9y3ZS5oPC(=h4Z~qGOOaY-fkHSS*`WGuJlqS-8}2h
zHm@acSQD5F2$EBJp>Jp46(${vxL+T=D-;c97F{u{Y*^6BN%RH71x{7{T7HhQC;Yoe
zaaxxFv)j)3UAN*T_BI}bxB&NZD;h?W1C&EtzT<9@BW<fMdaGY3a-zTr8Fu%I^Rsa4
z4%P(w33^ui7E{QbC1{q_$oR-pP`bUp3{M~(HBD%uF4IGgYYVaxaYnrF7#ZJd<Q2{*
zMkswJx*6V8D7VW<4O&eG7B_2E0PWptQ$}=`i$#6q{G~a7+c3MuHB)?7B)fu9KNKFB
zN=!t{lT1GXbN>*|Gj=Q%+t7w?CeScB16!iv5<$=jSP2wFfb*>drT_-s>I1(}4N`cD
zqYB8@8v5Q~963&zr=2D&o5bW7qM=)rz2jVhQfpv(#7~SWfl-X=3^FnP&-W7SBUtE%
zX>qC5mFg2ObHzRBVh9ZYuH}mGkOXkQ<~o})i`3pA9F_!mJ1;M6Ze86!&3dKcauyTp
z(IV{D6n8u=f_->(j@Nf71m?T)6ppt6J3UkEy43u!{l1o|#)22z=sbw?oS~{e7WD?=
zSVrHo;7RKM#B2pZj!>4~7VIN)UcrJ!Xh542A_RF|lbw?LMqLP=f0d?n%AM^e3vUW%
z%{r9_a-&u%OMR~`P(*)eey(6_Oz-`D?p&_;IoD%gE#ANh%KLJeEy=;h0xwvU=Ni^v
zSGPn_E%fdWDqpa>8|oN6CE-De?&Z6>!NRTxK)}=FPqIi3)Ar}e=aw0LU55z82!>->
zMzH+rUeB}?l_+g&puqV|L;~akP?z)*-GmF$3rDNcSX#&4wwzop=PD_rv><LfEbi5s
z(xT7K?K_7U2-W`_t{pXi21z9~g<Np3^wW)piFxw1@OKAqP$d(daWgJlSx%WN8dz6M
zx5-HL1%x_!D)+Inf-J*QPYu<sds9JXD=Ky7UWtw^BZjcFMG{wbz4f_W7XlAf6A1Rn
z5=Q%M!xJ{3MINJlqz{Kz3Ws?ip;qCk=B=HM-6r@DG<I=kI!uJXBe{dyr7O(E;S>4N
z!7jtIver%XX+j#pY5aie5&q$k86zy4EFnUeB@+j9EZP2O^I*p#3^wbkq)D!LXs6xR
z_Da~GqknB2%6e5A-AQok2^p8@q5@e$Ow^e5sDY~M8s}QQy00ro-)@<k9f>kyI`x`s
z*#<JrH34_8mzL;hs+d{jUQq$^PE!HlOEkxOBvKozXDo~L8?|HN;|<2Orv}>97n$i!
z9>Hc1U{wyomMeY}j?rO;+|}=?A?w?UFm-kq)S!C4bI|S-HRlZdozW3f)nnxOK+K^*
zV7PX*3;i=idA)&L`2m=<tq)07<!3qi5=F6-<z<{jl9^Fc03KMu1URd491ixxsl%^+
znpzX9)eb_E<SD-=BUn+3CJtda?|;<0nsnEZ-li5@!sP3ZbK6&-ZCPX)-&#$yL9JN;
zIdT+$o>v$|{RaSHy_%pBcHh-WVrzkbYR?xcPOn7>Hg8MNh@9Oiu9E=aOl$#rH@FUq
zEwt=J6Qe4uqfyF#*%0s`%TQ7j{A#rcp2&sWg540ZU5-_P5AGR#P6iZ5!(7^U?@&EY
zeYZKwu>sB)xJjjM@~KLaoS)-i>foKdP<hF2hCJVl%$Bt}s7I0A0-gEVgbf`?Jp%){
zfY(`OREMFI(G5un7ZC<Z5c6`N9Y6XeWA=QGiXL=+PQx|};CoX8&ShJn5U&-7DRu2A
zD9LxD1h_IfH0h)!$m0(-HCNGi;X6B~$6NzEZ~FDtM+#6IHK#C8XbG5}1e9NMCsIUU
zY1mc)dhQ*)IcMq%c0mT_+?CoWq1{@FU2zuycMOjp;6SpEgnFqFJr&K(-fSSr44cI9
z9Fl@4L697%gCDuy5gNUe&<Tp8CKyL;^WR*gEO4H=ZFpYW%!E(u*N~kUaf|*d)9)<Z
z)2}uPP#xiwL(4e{GvCR}E58v(7Mtoz{IO-?va^Rw`cW$rI7c+zmN3SxuOn!*2i*Pn
z&I73m!h|Y*s7LLzX2P7-iy41FZzWP>$ss^p`_TxIcH&biP>87;@}~~P)c1DIx8c1s
z)ES(L5y4^Z`d7LyH`+{)E2Fw-TRK{OX0_?ZM>=&@G<?>&x%l@Gpq5o9KP?qks?mF)
zCY}U$Sf-IoShG6BP|#&|)ycxfkq3f{y2?z;s;)!*+dJ66s|pD~Ia<-#@-%~8I3byA
zoTwR`S1L|(?_PkHkAzuviA*qnT8jaQ93@gsZBhD%(t#o4No7p~8^=}`vZbS#5(Imz
zt)8B=Bf2wFo`B=g1m-rC9j!#|b8F^%ob60PlC8IXNN=yf@`sL`$bzAo6lFG3cHQve
z*}WM)#rz}1?>s+i0Dk4s{*4M$@$t)KCxfbU*rGb&Rq=F&#yy2gb!FZQn(uK<5j6T$
zw^V6ey;i1kPlk6L)o44>O#v--a=;H0zEO`F3g;VGzcqUi)(f5IA{qbST_x+-RG9}f
zvx97wcl5W%6es1@^GZsvzHKjdL2JrZeIc4*1ed_xKd4y?PN81Aizr#}Q|0u}CZCBH
zN(rbADeU7L@Wb3vt$Yt6s9`NvsKx&3NyIcgx;X<|oTEF>?JzliU^C?jb1NwBO}PqU
z85EcMp4r!TzJ*$8N+0`3hRCy9QEDEGF9Y9(kAU*$KU=}JPevnGUcqu7O)5q@ErC8z
zkSd<F!|W>tZR;tqKs_U>D%GzS2pxNd0$PoQ=5J%Th?oxy-Y#RXCBZ~QP2+*pKB|o6
z@nMxbGgjjNlwPQ)Z<1SX8Wnox)vcyud%NkcCNYGsVDtPM#5!kKBX`kd#a-*v9jkoE
z1(=dl)>QI6hXjeRq7sSSe=Y-Y|Je%hc#ii-=a`>Tvw@NsgRo$~j0!MLW58sGTvE?&
z7y#%dz~}6EfRe~q_kfCy{H}YR<eNwBoTmBC@eY0IEwJ3m?Hm#F`<0w+yY&RUJWFL4
zDK&YD#D)C@c0&zS|L=(Pf7P-XSeX7#C4%`scXZ7Ee>=MWdB{nR$H2@+NB93d+r0LI
z@KRdtzGHvgVw_ATW)vr(6t@A=kB=Jy;O8?EU_lf>O!UhuNH-!ON;4`+hX@PP(|lEE
zQu(vgU}jHlA(TT<P_VGltOruPDX3fD%uG`os}a5b@N>GwnJx~FwEE)NOUwGY<2d`U
z+v*q)($V2P7NJ5Iur-aH)Ay3uVk->Z9Rwd^t%IR372Np)c<qXifS~~t$r<xLuN8D8
zPG|ag@N!Ijq}p2*YKtbjvwZRB#`|kEpcJ&QI_RcP=`^Ll8GYvs&?DOH5=2AoBHi}4
zCwAa9`ufLYRyco?6Mo{2-b>ZRjRvNQIFZcj@m->{bTIWp{vG7*n_PhL3ecC%iKpX%
zO&}5;7tZM&2-V8sBG48D|8RRQbpL=?#SG)ERmjMKE@NuSpn2U8Yi6y@O;x}^!9n68
ztmz4wn9-8xgZDd7^G;|h;3cn@&l7Yb;zJBHVb8)}=VvDdQ;s%@wSS88xY7=|i}R>6
z?$2T6Q7T|i5NQF)6R?@_r0YJn8LJ1bif;Jo-1?Ijk0#zh9Z%uxf$X`GIfVwE>lot^
z_CxXmY}!0^>zHZ*j+;!fPP}cZ>e%NovKe40wCa84qCd-l1Q()p63YQ%R+MB>>ilBB
zPr4gnj*M;*ZGqq!d`)or<~&3A{_a8VK35mOt)Fsk{;VCSmvjorVeEab|H1Paa)Td3
z6GHWH{arIyH?&i4>`zDl1D~+vIleg;cTkS-ZT@OLZa%SEfGI{gA6)-4c?TFZ;CNRk
zvBwy^?NpLx(X2e}PkfW~2UhG5qE<Z{aFIKLySh!1FQqP6As#kedpJ?xRKRJl7btfS
zD-iN6y2hPD+Gs7ZU#Y5x$_5A*PxuaC4?w3=ev`mP*iJv(-Zme-fa*Tjk%(bpRs;(M
z%LLTis20l^^0{%GXm#8u%o*rl`WfT89}lr|n|x2GB((8jX+I1@baIGV6RawR@1HC@
z29RpLd%6!Uktg%(0Cf^U3=Ps){9b?!Vsm3P8#i_j^$dxOx$A=t^jiVeLT$1zfIsNp
zW%GQ-1o}yZY#v2dkhZa(TObpTP>iHU(C<oEBE?|KFKa23oiVtz+IXc4!Q4(laN{h`
zW9x*woa=j@e;rPiXyjb>>x+pw))qz(&#H6*q<=uR=X5m)M%Y$xGGKa<qq!v<D;>HI
zKjIf_T;EEh_fl$V5;f1X;rFA+4B-;)&ENw8V}1T)o;fE(J-lFFasOq9eZje!j&(HQ
zXk^Szr)Ic-OIZ4OU3M1vJoUX~h+4GjI)1~2q1MAhNeYA9vJU|>m<L|jG+ZT3CmoW)
z|EqPFi1pq5jkOhD*c}u5xQ&vOg?1`7Bbk#fbx)8*+<st4iZUdVLxcdrj!mY>B`!J3
zIQzu)G{p$FuhOMst-M-^xist+_!Y9T`<cHHdkp7UAN5zc)+4e*=J{ar9?=V;C!3Qk
z!$0oaq|S))#!eMuA&P`hI<b7*$S4?vL~&h9tlWw`DQpOGItpG~f-nKOq?A8v%0!6(
zG$5xXtqR42#XO@KEq>bGPA0ZpUk1*yO;08^n70ZBmC6lTu47i?P2pgPQGRE=8w4a=
z@sXcW1nhh4jP9KE+wAOhfa=O8oG$e!?w~x7LybjoFN0({sboIgiC{8xlDa0cD6%Z{
zIswOk+pbtHT)uJKsstsFnO}k++=0P4{a~6r1?dvaoC=-rpI^`t#wzz0f$}({F%YKR
zINK>!<TO&iU&d?XBB>l{$?4=2VKW3CU5?zT#M5~W!R-1Orylnl<M`#+uQgid1eNyX
zGsfl&TK()4mdf3ZC@My63muF0C6DTRibdxY(c<kR1b0;Lv8N(uSb)e$Cc_^}9L761
zJUl$CAkBg73zKG{Z`<cG4FNds_bRTyUGGEV-&9s}m!UqOQNNj}IfZSTB$K=mra=D&
zroV-t7AMx^(j;g$iWu<_l8lV%B<oTlaA`-(pb$>RMGSdNm|?^AcA}vDkuT;N><)FT
zDytDSFxRepqz8$WM$U+nhL7q{n!zgj$|cGt@SQo<2D1IlxHW@Q2$mT7Gj#!e(-F-A
zG=;|{>n9*a`CPd<re?&}duov|(JSy8{<Mjm=a7nHUfEvE-5XBX?txt~I|dtOK0{Aw
z@4`=(UzX>>hm0ku)3$l5ca{s7BZ4KY)9zZN=|q1cBgc$KTePccl1BDXi|sEa3}5$P
zX!S!s$hntTbtY0SgaiaxaeoQ30eILzx377C9TdD064e(NjZl45T(~oz{1kogK3z^f
z>d&VV;w^;A$6wqG9ahvvH@o-FKC|i-_eEXhp1nsuXNJn>z<S?rLi*Uan5`{7mZHif
zj6IA+iW~f>B|7Q83!);E9vM@k?n>VmztO8BbkC=t)dg1Kt{<W%lP4Kh)oq%0QhMkQ
zU5pJ+SSDF6SvI}RUyFBB?Q<P;Pu7I@US_no7$)~3WXJl>*N|yVO`<UlrQ%3YkYsY0
zIN(kX#uG)1QN|u3DStLRzGG2ccAtlDms^)qeJg%eH=5TR-jP*x?XIbBZ$=?oYWo<r
zOKvh9RFtpRhsD!DXs_Q#eNkmbij^HPD<&%z7$1Fm5ARCX2S#4-gld5?4as1$&t>X(
z^qRQ*R?-gt2Vw6V<Vn=DiMDOqwrykD*0k+k+qP}nwrzXb?rB@o*qQgc-|pSGyKyU`
zqB2iq)`^OGPW@5!WIi?$Hh>@T^rc{82gJJQc$Y3#EEBww#(M}ygILu%3EU;5IT`B}
z$UK0!W|*>l)|Jn5LNyok-h0Kp#wn1;`G!7U_e;&Zk77^9u(eGFXR!9;7oaxq<F3Qw
zo>0n?9*Y=D#-U{!GXFK2+v`n8F0Z)3l<)8%b!*slD9KB__UCctvCiU=F%Bs=pEnHt
z;@+Y!^y@#%Zq9g%aQ(uHvqfi?(4d+d3xZ{o5P_+rD3zYvvECoyL7kTL<RD)J-X)!p
zI_P1n5RHd8qI^=nbzh($N7R=vKzD+#n{f%ul(UhsXO_)qV;Y8ecXF4ELHAsNw*~|9
zwm1Erdwm*2+$CY&iH|V*B?VlURz_DSERkIUc9!Z#XQfVuCz4<&6WRMJcyKYx`&2lu
z*Y6gsLthcgl2r*MKeMDsC061D#$DQgY`o!?q50;1`13W9W7szI_CHKlr_-=ZvHM8n
zdYH&;O&{HJ4XVJkvC0`PP)m4vZcL_3bu#vK<LcI^`sngkf0eysF;LR_wwO-Uy~ZTG
zXa9m-b9$x2LtN9!?6ZY@djz4EXB)}cYtDj~5PR14weuVJs87JQ89xd?Hj1+bDoBsL
z;kVxJ-2q{UEs}hH;SMo2ocZWL(mmaa0Edn!=CoJZd1@=ib(H-*L~A^UC3}yei}-o3
z*|*hRwIpc(>mOIAq!a8*Up|g+o)GWI=mSyHpqvCui4_c;lYimU(~xQZ;*@kE)7CLi
z8@wotL>fZublg|itLyVzLfa4aT<)jjbvIt+7w+6K)d%qtds4!!eU1rN5fBRgDd5;=
znDptd;z4~lf}ADMyQga}PKqj>IAhZ^Jx<j6`nyON|4*z4kF!;*^O1$%+3{am>+_u|
zf2-<oOh&=<cs93LEeoepLL*fZYT!8fBzi^wv!If1qDL4&^5k>!Gedz&!K4#r@qsmR
zX&d|LcMJB+?-*>2lDgS;?$6Qan%`NhuEj4VTo~fNJs@UX&E#8yf+ZiQSQ2=xQU}h!
zglQX_*>8hjXP@-qHkWnGZ@TXTI33_-J)h3=ApBSvUxlGy%y7TDD;rI&<?s({xm}N2
zQ^gtWKA&olAFKdQ4NhXeC`G=pkt7q3B}|0sI>(Tx=uN2MBaOaD5`k%`%SqujP=v#X
zorLd%Oii5ewmP6OWIScg>9Ja6_NdPQy-p7OB~ovRI+=_uQdK3mB{Rx#zE>d^K)N@P
z7b@+E)R)pW!4nK<VUqD^9&9)vV@Zwx;>_T(#0o%f1zgHLj50B2CIh=}P#yW&yfyqq
zKF*F1$9UU(OsLm5=_@k}P4<YR8H5cRiX+I+>eQ;KqtPz`qgMbc%qEyAOI@ytQUfn)
z$Cv*MV+O*aocf37V(B_&^@U_{Ct1=|s0^9T^dqtXjHGz(Lia<sDF1uI;bFxa@57>5
zsdPTKh8Yi+@ID$P75!y_>JpCWXWXXU_XMJVc882!34tQvu#*D@$3FIX%oL7}-&s6G
ztFEKCW5lm4KZ;y9u(1Qnb5_o_>dWh8@086OlYDk;Z+7sWV8qGiG#khbjIwTW<Y|r(
zuBp(2vNEps7xdsD$g=Aj!qb~>E*G^*w45r4B+Ymth1&KGv+ZrSI_vh8ZHI4<J<*r_
zH!k~ux+CoKP4G9w9mlaCaPvxgQ<FXFb?~)hxR}xzB0<n~1(wWf`50m-o!v;m`1YLu
z!dP}GDu&S$x-^^d1d=0lq9cfg$1~)FlzTUh(%KVeVbkl#uybx=B`A9qM2gH6`_Y=j
z?F_|ST+JAr<(Shi$uU;OgPg_Ze(-b2jx{=2d~VM_5SCkMS#2Ej?^qEz6p2Q}I}e}z
zTy5L82%eg~DuwG5q+t^aey!m@`6xSPT23UK`n!M8NiHtB#s=*I4%4#W@6I;^$5g`;
z+!pkO5Pmz9tyfTo+BhDB$>|`mYE36<g#vh1caR9t8&4j&-bmHK7`w*F|B!T;=-(*i
ziw-lnE&gC*jkT|njwT(|qFqVU)+kz*n(lT-5gVcW5eD%psK6|5N%9rY`J4^wR>4T<
zZ83)M4*QgGC^b`?3&7)dM(P6xKj#iSF=>e&4g6{3P|(Fi0YB2uFknUc%;s=aU`GJj
z)IVd~c=ZFIILwi;Lw05;8NF@9;g|=BfbTujj{_#_<atmO2q?S_4lK%7gbJnHW+anm
z&lHntr$s^8Qm#2l5?Ne9Li1%99Goq$cThxxm1f~Ul_CDXs-On$Dxcb8i7hOGD~e89
zF!9EqW<$d%`&BlYT&S!oO>?ZQZKX-~2B#sbScOyDqG#QwrY*UK&9Tn0ev@!b`ZDqI
z>n7$6u{-QC(QBIjl6uOxb?kCZn(^1qW<kP-%*S3f7b55NJ9j>8Isk=yC>9Iw@Md8w
zt=~cGX8`OuYQ~oPG?~wr>EGWN-dwiwq2ZL6fr9G;Uw9T^JX1ND?cn(JylwNKrBBb8
zw>e}4(c*xz>Bb)lOMD{fq$W#0$B-SCG9O2s_e%}`obEtVr&y3@-s(2O4`DO{Bwu`=
zSf`)E2zGFEd->K|yty|>>0b-otRF(!K~URiFrEbc=1yi_Zgtj&QNju3kOW8b+qUhp
z)EaeQmRJ`@pm9>P3?(EyTh*<j)=|C_FANqb%DSolgh=)1<!M8LyV<U8HSkdqT=KKD
zAAIq~aWw4f6@8LY^*yZ(R^wB^s^(rtO`EZ@>d>i2&ESbjmTIclP(K%^<EhkgryXkp
zYC2jSCsmi6ADlV1S!Q@<IL34*Xy{W`H(E_sO<T81w@<ch+DzMA+UPg!>T$0qx;AEQ
zQmI=r4jBl_I^>Fp(on^O1w5lwVCnV)yODxvC?WK_+DklQ%_(BNls|Q^9{if`6JJDZ
zWodZKd>daZ{2sE9{s_#><#Bm<*N*T39_k2oxB+CYKQh^Dt$cH5l6#-hcw5Vya(02J
z0eC(r2VxMJhXSk_2YE44Y@;KZzNyzNsLiXEQ&I}J37Lt>=}4FtV112RhCyXHjm208
z=wre@V?M=udmG-HHT)0E6VX{xEP5FS1lW|<6B!35xU`L}$XR?h?)9=h#b|MgUO2m!
zs)F`>TjgKia||lGV=gi6>Yv?kS!YSzg&G?8%7VUnJt%btFBe?TNWJ&#KIdaw9IYa9
zept_X(q|AaT*IJXWYc5>^o^D%jk{RJ8w6fm(FDnfx@a46&<xpDloQ$ua1H+9i}m_8
z9NF4R{cX5>qvBbC>gds_D05O=qzOnS3dPb95fRc_RJ6>r&|BP&fJHi0=_!<{M5Ezn
zWIo`$AjlN{TK6EO%2d1edoAjwLL0f4w>rIN(I*z0k;7Vd;4+ZSiq{@3jpXK<T%8c}
zxV-s4=caW6WS4}`$IcP!X$ry9{hahH!Es>D80;ZKS?ZrE4J~`<TsE0Ph`d`TQn3cj
zN-iQ_uDA44X)E`!4)}5&JJMoF+tTqiOkT9l{ukh5Ij(STbz7EABV6uUh(^ffv<YzO
z-8@=OZxgf9MPp)-mSt3>merj*Ck`{AA7iXb9dXVA58ckY4R5~P`zN!>3C7pE4wvwv
z9}Qk&?@KRcj39AlY&%zY>sd;49A-Z@)1h03Tc?$+p*10Fryw{?y<tmiCt~$bPY{j9
z6u$@va{EZXvjx`#_itLW20tcZ+$=9GKNjY|{L;FXqC-B4TjvefOmGXte13_+uT$kv
z<IXL+qeGPAn})zEeTDBL#TZ3n(E}8WAWWn=vO}gEOAG~mT9miYjn;%pOxb;e59HF7
zV9g~^;LsN1OxR{q=GfaL{EAK$*EJxKFz(&-7MkqGx7u!aS<d=h;7eB2d&hFVhHxhC
z1MdN%bqjFAmTe-6;+`>)_!u#0GG!{kj)CBg!CbRMVZKd+Q$q`Uj8<yh5Q?We9Ga%m
zPRD5&!D(H=>KTSQHEuB9c5}#M_4amqFLSdOc{6m4hiekKpGKY7I5AQ-ttG|G%#!Nj
zmSSMlmsU?=KWRD9S%^83095U}K2SWE-RF0N-Cj_$_B|)|nDlw{y#a9xA!H$D?ULUl
zDop34e+LMVe>356Vj@k@=*R_+NRu8RmvW^V;*!Utjb%wRNH02jbXuZJwWUZo9dVbU
zoV4l1sLNU(U%*+*Rc+LqVOSP*57aL-$8Ou6CFCaNu{_oHEc$x%Su%Rz<HsXR`7z;f
z;2Zc!+{omO6JiN4_e}K)<zbf!qXmfN(#+n`#V`0(wH~71`1xz}{~>s){9;_LD#l)v
za-po{aeZB1YM1^DDJNZddnBoM%N;B0S|aiI0RQ9pk$1GuHok9{FoVyRgbCH<hR4mq
zmST>W&ZBUwI6o?GyI-Pd_mINd^<rG=+uG-KsyBd68yG*^MzCpVVDNZebk5vPpeI(k
z)n&QVLy~k@j>Gw><V<;)8ZYYlXe~*sxVk8TlV4Twb2Tz?73o{Nu61_<;b}s=ezkCg
zGL(K5l-VN6+GiTJ!i@r7ilWJATUxz|o;<Ruo3uxA*q3uq)tMV*WD^UMh%9`Kw0}I3
zYLte%$nWIQNuXF%shZuEeb~D99tMdE{Tu2PAP{*CJSX7@>g}lhb3X*}E1?tRWL9E4
z9m3aiL=X?aARx_)nKwK)LV4$OCr!zZDad!(!SzyOe<<~#z))I0v1pPxH#xHZGE$vW
zV^la;;t=q8T~b#M3RkK74lVm5{-8i0x&$Ezw0}7BP%F@s4Fa>^5Y9Y(G)q#evBtyo
z=R;uEyk)56D0OL5HS5)JqAT1_yG&a>sgtP(Im~oiI@lV_O`T$ijtCAMoR}C2M(bv0
zSzvA{&`^J71DFPXaE`f9!mL_WecO(K&ebocCEHcptIcAs368g)@3KohC$_17s_RoY
z_>4TK-*LO+x`_nsxyX8if2Qpg-(-CmeI*^&t-^}cWYg&Wa9_9a-p{4Hb#G@>-BnBz
zY>?DL(7E;{AxtXyV&p`v&`0+hOJVrs^7e%Jadwd2^c~CcgG9IYUE&FHzt5IHzbG}s
z4q~Z)9PKTL(xOLHF6s;QEM71oHc?-K9->{Yt`Iwv6}f1xFzYw3McgBw*n#QowWt@=
za=$aWw$N8-tE|u1+B`<Hzq~MZGbnw0Uhp$Qvz8}{EoEJy>X|}m*FwmBlSPCfWoN)n
zaO<L-e;26j>Fw)gJ?PG%!Ka-+<i%?i(_`eq)D>Ec1h8&|U_3*b>(GiU-jR1>MmIg>
zcvgi-+F}nxQbGSM>Y>dc&l25|-U*mf#GCem{KIMWYNBz+bmPuFrEK4mZO*2W1zqA}
z-y~0bmTZ_WndzWTXfN9OcZg}DuaE%NhfmK=s=-c<XBJR!*As`${d|#U776Wp%??LC
z)??)k2QlS4V~?${<(c1OEB!OV<@}~A8}+qs&y`SW`^#f1>V#vDKk`)kmxJ$CnI~=$
zSXyBlxd{OM+%^zxjoVWv^jX|9tB`CB-E-4_QSaih7234J_1qRV^TbomezUQRoa?a_
zzeT=oc@rU-$tP^bm1ODhH1adxSkE>}M|5)i#8Czq?Mr3}V5+V|g>`=K!2?K+oITMk
zDeuv%IBW`($zeRZ&^~`SX+%xMxG#avEy0)l$cakP%3V#Oqr0QOo4!%c)Zx#G@(~_c
zI#&6`lOp7%;-%Ac@Z{$Hi)YB`oIhtk>&w-Cxr}A&#amyaerC4<?MObmFy^iRT1iFc
zBS%OK%H0Y+1Z3&{zI(o}nV0kI=GyAH<+Tgr4}jOFfQ30GX*dHXK8S_m?15UY*Y&&6
zv18JbDZVPXjS;aKBBeFfzmN9lfrei13!$WZs!f%WJX#d0S_f5=4QG^OJ%B&1FoA=}
zg=0Ti@KWqEyVWX%IDIp4x+u7l@27rP*#*kTE(;oraZ7J)Y-|3!u#TeTlgk^>+5v+C
zWqmGaH>gfM92o>)R!PKnWa%#_+<(;|ppP01#TpdZJ=u&Xb6{Grijl7D#LQ0;sPqB4
zK;0if`Pl_R*i%b{OzRLRUE>Zc=<9?7anJatpOafy9qSRaqo?+-U&7MH++qzv6)$bU
zsR6G|qtG&)-T@4KZCx9b{qCFo4Xvfu@o`K25cK1~?3`_GUfkqUzeH-ju91+I7D`DE
zusYe4K-RB`rcW=AsPF}5*-;@-Y-S<`6NVg5-nx?W5g&n?HvLs|K8ee@9f3Id!QnlA
zgv%3Yufl}741&~#re4>|3!S0D_V|*Y%_#+L%gK7r5bq4VS>Lq<H8_T5e&+0O%t|`o
z7{de2E*<HgqvBbplR;rI1<LzDEh8;^cBq3O!_JQ;8&s9`<gmXvR{&%0k>?6~zw-_-
zbS5MCrP*t?rp({_*NuRN1K0~8;#}QRgWCE5_Byh-oNNkSP(KiHfR+!RU}o7D93h{a
zf%Uepav4UEJ$wdQM{)wAM>6XMN$d)8&45sjXa^s`!i)}xu!)dB9-0vmh4fKNNkQPp
zFKqN{o5eG@4=<hHUImd*ojgd#!6%+jToDP^v+HE(v`=pCAyTS=1*Z?%hd}9~x@=RC
zuq{euUeYKC-BH4R!Sn2~Xr0^R5>2~VLh(u5fr0G(%q?{#B%F7L9Pb_=k+J+sVO3W^
zB6{b6oCwy@8}96paVyiH<PxDl9k#^Fm8lYj+SywXvDK9(D9MpTyiK_s_Ah%wnKLqg
z`>0=<Yp?KSFTx3i0l|nrv$o$Cn_*C!w5r5Se$Q+SeTY1lNs06<X{|N$6_>V*NK{ir
z+|}Zq^gxGivOZy_Vk)XF?=&n>Rw+eOV^lp+RZTmhDuK1Skh!?flFLzMZfmV9M0=;H
zjH)_G`FoPK$w1FVE=XC8xvdb`pJO?^gr_`m(G$VO&QkBr=9Ml}O-XH`o+&IvjZGEw
z2T`p&wX#*zISx(asT%qUb<4xKmG!wSumrS!O>H?t6)0ValWYJqkgBdqSAA`vx2q@u
zot6JA-m0R8sxnVoxt)A0NWYc;F^~9<32++VP-UJx#@akRRkf1oN{e#)a$5S#sZ+r3
zWR10HdQ(&Ohf3K<92%?26s?kenT6^~<rofwlJ?4SBfD5-Wwy5R?54jIwld30vEhN&
z!28AX#m>S?yprD5=Jr5Np;&a6k`Z_#ig5xmCGv6l+KO66em4T={%)p7JlCB|<p2;Y
zs=!?%;S7U5ob_V|9IJC22r2Hm!oP*e)Rk4`r#RGARltA_0qe<N@M%yFz_HrJBLM%d
z7qte|>~4i8h`dBx4X8dh2^imIUbnt>Q8vpb0IAJ(yQ5{EYOoxG*C}|#N*L%zdp9bc
z#s#XJl<b}s$%VxNePX=_&+LLo9TcI#c6>zh{Dt0m5ERx?!SL?L2VXj!H7txm7~1;&
z8Xy<tu^E&_bEHRVI#BbsWtiyzFbgC%8Z70IkOnTD*6IpIph2N~XF*%l6$?MS+iy!5
zhkP-vJx!7U;iA4NOgN!bE1h#|{aje5E_Vjh<YpI<n$?0PhT%25ObiBekx3)qtqVlv
z@-qPXsMyF;jBMEwy=`9(Pq?K^{JqOL5k^H&a-9}r1L_44|2QYC)PTb*R;f@78r@~q
zvW!f-y3sd53(C^tZO)3!52tl|RoVvo26dwZZRxkn78G1nOz#-&h@5J5W%)jJBc&GQ
z=06BDX+(LV@vp6u<fUn{lbkeZ>qLN&-n&hP49znAw^4G`KkBj+rD;DV*BCR_=M$yh
zc*s$4TTPUEWhRDkB2VUOs`pJWXTG#okfR*F<SI!qYGae_mGK+S&ZXY|4&t`*DECUc
z49B>{7r~(kTo#AK-J`=0x}Fb8a>opYMGTrdT;0yWW-7Y(>Y%~XVgBqW<Lj8zS#_1x
z`H3qQFY5$a6TrtG4bLqlIx-#yV!?ebVr#){B~DzN-%ySn6XXUw8D>q=oM{jmXf}|I
z1T(lD;yoV3qloaRo-d!C2U|n3jF1+14q*U3l7_e=pxK0$`!jt)9@KgtXceNr8O?z{
zfIWvPYiU1#T_4^Ux;eGK^Q|1$jBQ9a&i@3JmM@SLJl}bc704+Q$PRZ}#h{0<-fMVW
zk?RRW28rr^$oocGB4vpnkFgv9grP6L7|0?oycA9w^C$a0nWE0Hwj2tvo`Nn5@t!r#
zWYARAoIcEhlVL95j$VJ2LiH7j@&q`RfTjutI6YlSeW`piq`)Zo4eGB4U>DzJxD$Y$
z4=>JM{G_1?_p~KC?WO@8(HR1?trN6!1p1Z$*K&zyF-vk>c!&#PV||k2&>l{#o17Pc
zg}CgMn2vdVSDjzO(tV!&u65X&Tkt6dmSG_}3jfw5PjEG3fPkRIUf#kWcNO|A4_I?J
zVKa25_DH(IsdYpDVudxo<XTrLJ$#m#aVGyMROg4tpBy6}p%-@eAj14mXI$&0ntoCP
zi$pV?>G*u3a(?zGk1YiDGeaovR*5dNDS`ct%qvrIE$P&GJpBvwoBaGL>{WN?uk_nM
zv-)`iU~)2v!F$U9^{#7aV@Qi=gT02(B|?xtE7f_%(c{4{V8Ltdz@kl>_@$$?Tu{(D
z)`1K0SSt?oDhA^VJssFo7Z{3c8FZ)|^E8F>QfWWJ&Z17JrbX9?s+P;IFj%G|77^^-
zpnR-4&6JSIpsJkY2PJ2L@;pcasX!V}5OFR!^eTf|{H$t+5|_&1;WVA4=FuBEp(Lk*
z`FP}EMb~k)#g?y^xgW(1A0sKp5=eJ+QDhAyn*7UVpfBpgkC5maL)e$;9K66sY<WtS
zg55aImOX$9^~FNN5eki!#6Tz|0_D>Q7kh}gEbP`bNKm3;ffp{&2AU)lXT@v?Y^*cc
znspDjLj*oarl>owd53vX1mz_$i4!8+Pae<kju8@<D^>v+bZbsgp*d6C;`3)K^c8yR
zmTN+B64YrGoHC~i>X@_n1PRESV$&9w`ZoTgb@|B`Rje{NQIN-K@G4xPp21HRt+=Di
zssaOklPc*lrA|l<OmXuIzg3v9<`g~PBz0nIZ(JK{ugDg%;VsH!hqdCuX_4FabNBqk
zLqAO|o^O9U&Qi8R8EaFt-$y=a4IK?t1NVm28ZcqZwrVM<m%ja2iT_w6``9KFw{E+J
zH00HSDY6}snhs+?2V5`na|5NN_VAGuzC);sUFa2YZw-Y$C95Ovqu(K%v%LqC=S<5F
zHrTbVU!iB@tDNy`{~VG|5tnAr4%1)L2=Y9xIm-_2p}&;w23Qc5^LIX?2N6RAi|d2T
zjdYGSdym&d!i%lkuqfwbS5a(Big*gxV8<`psM6dn=UcrVxLfU20p~!vnB-tp`3r!b
zxAS0SAnKFP>ySJulS#a~r{0b}<j)YV=6isoLKGq7;ysI;?boB<&Geo0e^~jCtfdx$
zgGf>fRY6W#<<A(-h3wF{r=35%MjD-EK<;+y#k!+c?pKAX!4JB<^2kR?Sb{!E)+3Zw
ziWtDDaA5YH1AW=}G(#C^K)Gjs;VBW`xwgocQFQPC=S+o*o-joP6w=&{c%2S(VVtbM
zdSF23vRhSwBbqYR-YL^i&9fCKslwf8_s^IogX+PHz~HF_39w3@B|NB*tU6UY4b#Om
z;^<9v;|C;GO(_=zP5FHRop=uTq3cHO^#Ob01lvUd`C{3vyH0|G$#bGErc=Jsq5#T~
zvCJYobR%_h)j%;cFiTR5h#6}+<vk+$RmsSd1?eaaEf#)Z&+@DTg#rfjE8<mC()ADl
zbRlo(p!}Kq>QFzUT(qp2*t^zj3Tb3IM*<~lH=Ka2E9_LnMO=eA_B?qM<_Y&jmV^?%
z=wcJK#Qv;wx(+?EK~2LCNgea;N0k_<C(OHi`o|?hf9F)G2-x=zk}w<O+U2o>Cc~%N
zug48O$Wyvn)DN~pTGxxMtE9*qe)_XDV_%{<w5+Sac+_ZJI*EWfdO4iL*5Z(^SU7KI
zprTtB(E`)Mq(yb$i=K#kwrnS+Hj#Mcoc*$G$9Hvit6sU^ujEwrv1riQL>1TQ`Kgp=
z&2He3PjeT=GcTz4_tjC9kWDZ@C;t)j?19%LdGwVHth=v^7ErR1LZC$NU^8G?>~Rk_
zBEOCeA=bNAPltLH|1-nktMjR&`@502Yyb9bE`mofbVWElZJ#F0;>``(2lBB;H7lN}
zj?&4cU5~1pF={+mR)|;Q0;}*T{K?T`X?|V>oFQmLDcLKe8hdf}j7y&4K<zd9Lf`NF
z(Kheb7jF(^gYc=aC~e)%HD5Tq7eTT2+^O(o^K1}=#{G;EoA@lxAgjU+m`gh<#xo<Y
zhO#`DhSB%8F7>%CHDK`e`=kQ}H`(yp<y6KdefwA6&|mjimwIsF#i@2!-tp({XErVK
zquN{wiJ!|m$KS&j$E)sdlZ}_7GTC2Wx>aOf+wy5xINqIXAHPRmoH~c)iS@{30>5|4
ze*9Qpk64+0@tYj}ic!c|k5?%j|M~KV&(!GqF<JU;M?Pa+gUeL8w@HP9!i0%1UmeDZ
z-4b))^~KF~ICSN$@BA`6$HBGuV`?^bU3xB-#9V0ia|8JgjJaf4;GgYW{1DQM3D(I7
zN`Xu3>{qe8MenS?CT`AacDwl>Pf7v0^Wjs~Q-s}7Xt^`6S35LrO9K$Z@5xVy?-Lq@
z@ne+s2Qb^8O6<px@9aQ6K~)VZ-%)H|yPVeF^l#{A-fYtf3vneY?rh4)0~_Peb4pyO
z7NzcJ=RtJ|RKU4fp8BcjW1C>KMtq?B2y@Q;Vh)*De;3z&M&#mt28n0l2&*(7>Ikba
zpB@*%25_aU_Z`Q8V<A3mF7tY<`k;IC>w#^c?Rumyh!4ktxu{n{bj>;lb5JC5;M@0w
z-YCZOyv5leDOj%E*&#nz)`(1!J5GWc-y6(Otd5hV5*`OsZ@K%V5e71zbRlFEC4f+0
zIyO&KHRaJSL-dc@y(z+Pl?lwev?WIM#JQ;n!S``<nzt^Q*vcb60!lxX3BRf%l@#wp
zc>(na$)0H6;>4d4p4<0fex{E@Aom&)UyG6g?bHFj`H6xr34%`vFZ+i+DR@c~glhNt
zG#(1%H<d^AGG9$`-4CuPK4Y>w@+9`Q@@4iO6Iu2qOPqhkaW{?->r9pe9~0K}qsr<i
z<JS<l&#do`;)C$KS40qLj?`e^_@`fe2tB~}`V!?3KDJ~KqsjjGVJf`DQS^Cnr+zWy
zcH_zZ4BSs!9FMv?3OOY#V=O;<JH=QyC8V6IOU-j4{I=!ru|xKlrT^y0`j8<1`?b`E
zljlqzg^xFouPCuht?{M8(%GKS<NQnYeVOh42$lMA0_1*}fYOH~<kEvL^x83T%uVO_
zA+t$a3LnHcfyx9!3g0<N+;HNz;)Hw(Uv(mW#8H9CVv-O67#HGm0_5J45Mc-5$!?xZ
z>yY&ynS0ulEzZoXszfhUK$}c!#Zg-HR!Jgn+ppg_G#gfwI@|XcNXw}Ljo7I+@|0P7
zEfsMeAnD&DP=GKQyS^(&&n_9e&Gzt}XRZ$0mTpH|j_vkv8|Nup)kcD9;~p8i8S)E*
z{Z8i>M*u8ck2tYlTVhth#R>P3`R#j#j2#H~R<e+tb9~FjQ5lU^QDR>C5k!h^UE+l*
z;EH|YQ9DI9Nv>9XLXGCl5%_I^=Uy~Lw<2+6!UUaEquiuKhCyQ@QUIVus8yS2D%-YT
zN~6^o;~b`J=|%`$l4wBqTU+|?qxTmKdv}sDC;WXzdgXJ3l0v5>oh754Rny$!Pp2*|
z3w-B+{ZuhL6~0E#$;tf7hFmV%9Y=4uDVEKM($+a43cEv!JW3Tn?5$s(2s^7#f?0m#
z{mLVlLZ><rC;-TnIT>pE^Xi>4ts*VTQxQk$a!Rq(DF9%A%g*{?Wu0hgOIT6ix|nIA
zd`0H8B)yXDu6<16M3dtz&sR}hza&FhQJ=KoQ`}9Lo7yF%#YcTbN<QMMjUpO(WumUc
zk+UKh31p_k;W!svV3#t@HzsdB8t-&zGP=RRLmH56OS;r!k||R<n$)DqLLQ4IFJBO{
zVRB#W&chw@V~1A3h=YeZ_lGvU0$u%L#GOf@4nut+>qFZDt6C!B?L%7vAMHd8DJr0J
z0osRbEJe<#G~w<iAT%vnWkM4ZJL#<0cyYoa#H1`qiBuTqP_iT`K|V3WhOH{jWHkOq
zTlH`foW$ai^sjJ}%v3pv;o$}336o)laBR+r3Xa4?zOd42vI&1S4+Lpt>B1y3pw?i4
zgFpcdj)<2;F3JeC2-Myj8b^2O=xt%+1F7ks8`nh7D~<3HHa^4JLUjF^<N=!MQ_~XZ
zIviEQ#VAEGaLGzRGE}6?^iw{;?h#;BWax!yF-DZa9D#0zH)__muiv<WXZmveZm&t9
zUzilXEKUCp^yB}qivJbNF*CDpvHT18=fJT4cL(XeIx(sq4yKF}_IA!<rcTBHO9y9r
zz<*qMLt9fu5#fIut(d8mp}LETp`8=Gh`o&o%s(L+b0;FUzsBE05fOWL9eQRa4sIfP
zHfDArW^PV4B4%bzHa$jZXG0rHV_`dU8&e`C7)D_yV^ce4B5oEg7{-6o{d4G9SlMA1
zMGYOKOfAhVod1&u!>HnHYO7Af^*86=41eWoOj(Hj!<trx`AdQRpZD?qt^8x<WdHwB
zyU|OWvI}BD5`XayN&8I#k`;yuO<Y2jp!rx(`Uw;mhE{=PG9K7hXCB(Bj43>J$os6s
zXQ+iwyE(I8g_{XGU3gXP$OP}U=HEV8(-fdO=seS1d$#%bgcaQT()fe*F~v5F4{?yQ
zk8{QjIV%Xe_7*9aan}FhQqD$TGD=_n`tTK;e_cyVSP2TWM)0(PAn$@e<ouWVsJ+`m
z;}gAKz>6tZfd#!*2{zmh<8A+{EBHXZNSK7YIdP!XkIg6*yN=cw^DA%FcMCLffo#c0
zu9b1-HFCh<6Bf5=Y&@%xcr|w($xZspxYq%lr~uQFUfi%Yaay(@5h1teOD>mak9qCk
z8;g+y;lx+w`DNaIPvWOb;PiiNrJPUpoT0DC^iN~wq{}>I-=|&TCci+t#Lp&FmOqrk
zRf5MG`iFic>fb0CpRC=o4Sj<@Ti&fbho4$*xgB?WN5$COPCvru6&G#xRGl$=PhIgO
zE(>=##TR;D{!iHaZ)*Ji8-$E1E=JD(5UC1qG5rrTMGT!x|6$<&jzvp=le4IWA>bdv
zei;5g_CHW*SeiInIO%XOF%faGGyO#t6DtuX=ii-$iHMVxg@~1ni-?1Zm57y-g@}!n
z{jbeQ#K!$!KF41SbNodd2PYQ{J2wjv=ij~>tZaYdIREDS9q0TDbarlbA}&@=B96aD
z4zB--`FFj4v0SViL>z4F|Kec&<^79i<>da0eO4m9|3dZuT5v@FS&+&wjH>o(c9#F-
znTXi`LHmCP`+s*={9ocu?419XGS~lEG{DNr%*^q>6%BMlyQ8VC3VPdbSDv4r_blc3
zR9u3IprC?)A@Kx&fe;TPsf#a>;iHg6X$ghHZ3+oF05Ru>BcUTHGLr;F9K;fl%z{kA
zk@m($7P5wSKbT8|6u-{)tmJ^tJ1%SOoW5Cfb#<OIm<#qfRT}x&20>yk7>UJK6));N
zs85}@A&J}&1z(XnU8E2P9M=uq<?Yp^u1r^Eb27G|5rgzCBsHB(Gfw5On&66j-~>bD
zP`|Xxf_@2@F^LRK?!Wf~xEAu&fA6`$e#BDORrmc-9q#6N^?_RLvXys<=$i8(R3l;2
z4Y;UDx$d&&vcpI0^Mmh8p>ZoI+i&^h{py2!;;pHory+<>-w~;JDDBx(x~ih$nji?@
z$4E>z&(GX_CP<1G`N%2hF1#%5xnaPTL9d>*J-7de2n7d&01Xctr$|y%Xl!(N@Q3X2
zDs5emn)|qPxf%F3C?xzW7K`)x%#dU|OOr(G<SaHnh1+F&_uU&Rj2(5hCYvS8d*1_M
zSrLab+|RlKehb(g=)TFlM?Htqkj=2vA_%Sr2!T)y$ItyOd1vGt{{*=+tc@X3K8%t9
ztzdaryw2dLd0$OZP+o^n`6J}KxtmkiH;yknKRoz@i`PSMX8o|GapOS~L&|Q}@vLlo
zd~xJ*ct8L1dDtVTL<xlZB6rqze>_UBdCGd&Gu&s*sMaEh{E>jF1(MnX+F(}6;6n@6
z?#lgl$8PjIp!1*oQ}fi1MEf1g7PJE3-uR+^l2cO1ZBUmiF|?rXasAq3hF@l?W2F0N
zsR@%$K~6&am+VPCp$T7u)X$ya7z4B77G3KUJkAUCuqo^E9}ohJc0%-LU>z}A;yXiA
zZx+6of)F(;WI~Y(+L~UhIi#ukZ~eSJ?29WM9^TA5K?0{yF06)EoYa!_r@pmFTr{GP
z`}_*cAPS;)fJPXq5{;pG$8Ajk?2{pw&X9g~krguhnb0DMX3Q(m&k2cU40WTA$e`f9
zp=tV$u>J>aZ^9Qh=j><^=<?`3phgLVU=EVUZh18KLBr&7O`VSQtwr@UdX<#6Qt@Yn
z?vpa373!Mu{1rBR%P!9r0~$h-AJ*t1I?~n4lVcKoueO+imw8;Z29=AyGWaLEtX%J?
zxHuhY@D}wQaAwWpjMmOdYeeWi(sZ^elapy*v~OYv0Cg*@#e(7RDHXVHEQY*dr1&td
z*l)B_-GStW$YVuEqLg#H!PS&=d3<>X=26Wf62C~M+?SOkMR)|1IM1i`zgyIQ0DTL>
zG#HdSz+fvDP7$*^DLhz2(49+_Gik<&BHK5+W-Ekz+lfpJ%?=7r_JW{}vVJTYEU@XY
zc}o!bWc|r&+r5tV)Ztp`2%+uSisN0(5dPhDaX#h^dbaKlGOwAIw{9nSHOlcPQ>bSf
z0NcRZ1ZsFEn>^c;Hmk!}++HXN#$G7lm|&OCEY&CV)5L;}frXxhv5~Hkp^^QUP9Ous
z#w{EkIS>AqWd-OG<nTxtNfx@e<bp!&bwF9J&Cczz3NC|Dm*@V$ccs1&?%UqhLeZ&!
z*Twj$&T`xG!#U<Ta=nyb{lviXK5{T6a}J|~#0REEEt53bV`FX}*~J9e29Z+|lR49P
zp&aFJFkD8d#Mma}S*RjgB#tJN08$d+IxMmx;Z@npJ1pmM6MpVmH3pnDE80#M-Krel
z*9An;g&LJjL!GrfOLyHWWQg=L%PQCR^Qxe-9@KbYavuS9b|O;nY7ukv-gzzZ8=bSS
zRfIBe!!@;lhtrP`DsH{mV?YSr2KnyfHqDPj*dv-+8LFgHr>OR~L6U+9uW&C#cOijs
ze6*e8*m!+tLy$5`5_=?*iTp6eq9j<7FYkIJl8`feh%#o3kpl~cT(SEGkz}lrsFZ^z
zW<W9VuXJIEd(aX%<4Eo>Tv32KW*&LFSlTRk%wk-kB(|<ung>f}G^G>x2favvW;ty<
z#d*|`bSR2yB>$Gp!M-_c)5u0AP0uFNl%}nn5WKrUTm04xBN|3{)G&CbcxPA1+q?L?
zgh#DmK|_QNbv3)aNY*Xr7DQu+pQgK_x8h6uk<5<8me~$8vjuNk4&Q_z^(BVeMQ(B{
zZXWY@qE~A7a359kZ+&LMgB_xqTYK0Cb0Vf)q#xfy3lMnx9al>V@_z5qS?@c)zdtW5
zd)tjkGvszPw8uwdHw?y>CA9}6$xKA087Qq*83$(6Bbp|qpjb)@75VMWQ*EaF{qhC5
zer#x5Liz^UTEeu<jIT>Q=lI`+%5vdLmJ?QvEz@<w-wffd09u4xU?((A_Jy*8Q62l`
zU6MLAKQmyMCoUwT`s47Zz*gFg;!!U&q-eoU?dY0u@1g>(o;eOP=aDEWxyjjLn{*mQ
zvAM%+p5bOXX0;jnFBZYM5)NdrkkwIFQJydAqYMY3*g)d;B)BAlp&~j>sI~H_G>WWr
zXViGBL?2nNK@hSN_OY^U<Cmg~un{dQq|$<mip22y%8m2xULTtNw#IvV$~h-@s0ogZ
ztFMjOYydcQWpw$xPf0?+t#5K7BaX7XZb?0Tie^3EY|DJszMqdBLEWOo&31%lL}za>
zF_Y*nI`McIiHW(V+Cata<ye6K9N|^x(g1JWe0^T$*vu5zZzLuW3xg3QYmx_unZ7i*
z;sp}9VQ?8Yniq(DZh~LzGOYVBn0yUl#1|OnEfqc&xX(vbv8W=j2je99?~92RI+pvE
z^DQ$iTPVf{8n+7o2u1b#Oe7nd>iqI<1(2a-L`;5sz<7ihhB$^y$df{jMKoFvNf?os
z84;_ahy_YRK_3r2-c3N0qFhU9Cf9Qr>WRn>jsy!ab#&DyLBoq^fFX>@hhgEPW9H48
zzy{D^qvZ)07-&}tYUT7<zgMcU5@I=8jA{6#e~o504qca6^C@)ZdfzJCq+Xp$US2Jg
zm5-<3T3-K|ucU`8EYg=($a9@)57d<X@vvB<5W-3nbYAOAH!RwUAOfm4P%1g&b!>*~
zi*|LK^|xed73?DL2i1rneCfhAuD>PJ*PoE&&(!#Eq}X%*iK?6N+{w5fPnZW&v-CZY
z%Teo*3yV&sO?|H&@6DY+b^WLs-o(><E@M~c$WMspmQUkXZrNC@5H{Wz3}c%Ttew?p
zUV)4eXC4}S_NZb3>qOy;jJf?Tv!TqBBz(RQ5lC_gL<TueN5mKyb7ebB6oK-vWR*)9
z;g94+ZwrIYjq!A(JjlPfBG#hhFZTk8E1$$2xngDaP=hs<5+I7$vPa<$!=QtPnW=Ei
zojSa0nY6P*DWXhu!S#vhgq-el?F0n%Es!u}5ewyvK&V(y%6=0A9E^Dp^ZLu~2>mua
z#JF6@{l7l|g7kU!RayceQp6k&x~$qH><<c4AgiM4PZY~ZVF*gT>C-CD;`Pxuzk~5=
zdg2mSXALsNJL-5tVauM&xxIJ<cZQBMA_e^&df@=QS3ti8@38JxS#Ro9^F-39jzxF`
z_fu`ljEOyOjRzn^7SuKP{M}KotWe!eP{9PI-pj9mRicdf5yvsKOcACEfYnJtwRlHc
zc!-(bmWGcEA|mF8!Q2m4G_?4D*%gg{F9zR&+rhW6><-p0OMjRcHrfIA38mvMq7{Q~
z;SNKB0>RWsI*o+xb;iHXmsp6;FYc8P%Zj=c=n-=uS<)fp3LwGbATS_Fg37)-IKUEk
zgE>PP{Ar2p=JD3g^!h-hz2<U!2~1KE9E!cv30ju*dcMpETSKhaO6IjUULAL{lli=S
z+H_qGuJAK-Y=S;G(ca5Dh_mP?q<395(p9*VEGN$n<`JzOAmoZ{(z>#&aLr1&0H;&8
z_c%g+y-AR)HRyR?NufR0&}2j_A6s$T^TCTIhDYqTq_@iH6tPtfP~{_J?0-?h_lDw0
zM|dV8O`FOP*LJTJ*DMsJ_oNnqBc}qvrBbg)3&>_30Y61_$$pu9B}-zKa_I}vbhjJL
zm&%GK$dZ5;8!=u9t3S2nYc>8u&};XXm^oGU%#@o3G$+^ZL=-8kqPNf)PSgzo-ZIYn
ziqSkNSUA$T<0n_mz{a-7h$k){k||;&4AI~Fw-3_ddc`sHx2SL(WFOAG)mfEcT^M2H
z{8a;Cv!5L$>ut0!oz2E45tUfMBk*|EVc`K&l&N;|A13>$_BMIV(95g`$|sms-(cw0
zin+?XBin%?4ZF=&lpSPSX2<p5t0eoO)IRUX&kUfpindUvte@_e3z+)ej}4gRaBcx`
zE$K=JFla=&4oGzUp&=N}!BAj9sNp=;W4vKDbbp@f<uLG>T23k$fu&prjChJcy;|XM
z_-0J=CJht7V6g|W3^6RlYYJnHf}|*8M-#fnt8xf)`mM|}9jxw;$wdU|Ywf__QbFhq
z&s;Uw2&<cF>O;ZX&hY40)hH0om}?en5fPzASYA7A(1&X9ZM^arwJI1ro@`6rA^I8#
zI)y^!iv0#E2^NRv4uD-ikDL`3T+3k2iEfheXH$nOBGMeAJ(WN2pE)PX`aDmU?E5|+
z>EkdK{2lv73V*&nd{_FZBpY*<;H@_v3;n<=B0NCd0eVDDe&q8EEkepG6R@YhCsr}@
zrCv9cLDm%sP^7CyZ-pii|L}hVJ`_z4auH(gWE$U9vgo9hZ@vJfmx5d3j*&Bjv4rKu
zGFc(c5>Ffk$ugmaf=>=~D%2uhSaAFqMKTnc)5CT-|E7v7x5UtwoF15-neM_&f9pwp
z5|m!W>^Ux+?B_?BjGd|U#3$v{809VUTqT?5(b3atcs2X{%j4zB#-4D2$8R9XWQE`9
z`&sGKc579#t-HIYDPr?|{crR1osD74n;iBBf?@Ata2J+7eD`{hV7zM>Xgf(W$u6Rn
zjJ3VA@d2i+Z6+RnNt85H32B8D67aL%NNQS<vif+vT;1d!3j2Jy$eZHG?jVpE_<y#5
zoI@{uZHDn}z9MvbKIM#>cMK?O`F*24_Eb65QQc6xR6(xP?Yqp!d;>1GI*e~u&#b|8
zE)X9ls4(z@p$H72=Cc;Aff}}LRMf?~k$w@t$5Zu(gGl8|Gh&m3AC1R?YVUGGA6d;h
zoL!b6FjWsNSFqY(FV|Hm4=N9;kSHf7k0+NS-_<f{w9^ijw3Fy5fg6JFgCm2>2%8A2
z3VX|a+}D@hmWET5Py;-cJ6}^@qwe;5D|)4Sp-1*dkVj-3P2}9=#A1|DJGi_ZhmA}f
zP4=P*&^Kq?<LP;FLSwjKTuHn_z5K3^5p%VbKNY=nHp7Ex^LSQ0z?~FqXap3GJUrgN
zyT(gW*k`MGdjyH=oF;NvUaaGK9xHto&Wnrr@9yxI34lqHoQSH3*ap!-+8xR5e;R62
zt88J-O901h2aj?!0^epo0TWbtMhp(4r467M!E50)G8B`G-GUGj4#2&Nc?2MGr+rHe
zIE5h!YTQbFz2dX-tnBW8X=XoS<$bC4`4SQeemVB}dKnq@Tg<G-hKaHI;etheRMn%u
z6%5o8H4$lz+nEeOmQZW}SzuOAS#h3nRpSpK4ER;-oCmy#OGr%inrBys<`?wu3!?E>
zYzg^Wa_}K?R!)tr^gJ$BjAdp9*PLHi^XjM{+wVN<)Vk9X)Q-?(eiH=gBE|WhjI8Un
zW12W^6XBAc7R5q>WZ8PNdJ?(%aE`{pK(oB8fpZtWYtG^E>@L6>=b0KTc&@MF8teEF
zZGwc%MuQ?lPe7xhj7M7+FcNz3KgJZy@|9la@VfGG+Mfo-`PTK;<z{^zAB;Y<C=lBG
z+In5s<l3`G_d{##<F?p4=pfGx&-X1u%>Gi5xvy(-Qva$x&kgVYsuS>dwZVJBB^*8K
zclzmO8rY3o3>$kuV3QOPZG%T5whD}e@>{wmW*ns_J|w&rJBi#=nDMvRD)b_3<3N~T
zSPs9(PVNHe>tp$_&u@vU$row~7^x<@^+7FXjETU~!j5u?8evcTRIY?G4?nzNxlxr4
z5Yl|(YdfIKmw0Vog5+*Fck;INSE3iBjd4gJk;OwP?TSPxlo@<gMu!HgLrUFIdkxo}
zhWliLYd8`w#+RX}WpX+*#Sag{Dz(pfBn_hFie}vw9aHFN_{tSz4((c==Gs_#p{X=~
zwtnbr<XPld-t0LpaP>B;4hoLM1EyZWR`EmlbDu2E-7<txd%Xe89#3%}9jWV&l}|a^
z>)p3IuN%MR4%p{ie<VxrEK+|#zFJ@Aeb0onp%3>X&Hc7Tm=Q?r(Gc*gM-av^V-*V~
zLK=g>gTPOt8gmO-u*P`8p)7nM^cXE{0~hVl_FK2}`mud9EPMeb{XU_e`SI8dma`Up
z7EqL=4)z~sh_4GEz2&UNly*F>mopj=3VFE+tv0j4r(11(9936A%u8hyW3q+imF}Nr
zbBhy8i}rn%+G?}oLD)h1yQytf_eV#MM5pz@z1`H)W?a{@8iWz6^gLPWE$;NRvM5|4
z^Q@jq{oPax!&dY8y)&DOcO5XhLz?bZbSMR*fWDw1zOuBB4gnEDOC(N3ETWhbKybn$
znH>gaS{5Z;5kAsy;A_L*c&A{vD33-^(2LLp9i2jpl4q39EAU5<FrXvOdXdaY?XNa9
zl*ZZ8k-)+;i!-QJ(Nz;x`<MsX+uDa__u;SM*FbM2*K+rz*DptIopa--ALfI3BX#3z
zgPcYO(Ovm=A;WQ`74VJnyXw<!q45S!H#wHgyKRwKYuu%W#@8A-oR-X|X7zpI-pmFq
zw6*Sa&P<f^jDrzU#WAeRQKV<++V757=g2v$^bh-pFew)Biz}#qAV&yYKaJoxv#f&~
zEx_B-b>?hO$vP7VvZo`mxzfQN92MWl<H3F=EGqF3h=kr!D<ez}bddek%oq)4h<L6n
zO|bM1Pz{}Q0I%3HhdwrHSoS}6B(*%k4F*2|G~?BgRK2PV!Z?!t3g>jpnh5#`8l-Sc
zyA59dD_8A9q?Z!f^o2r?Tx9PHx*KcnC)#txqQ9jimfN{F=>5o!wCuew@ZS2VYj$V)
zrR5xtT0dNb2dxZz(VBaeFK@Zh^$7lM<P-DLKu#l)rBL5G$j|#O1!Li^12gKbB>vAw
z{wgAgr`WWn4a?@QXh_p(X{tP<AiR@%v_T;(P_Q9`wJ)R7y6ooFKID2D+pg2xld@l%
zO}W<YS4?d=A{Dke)X5-F$JC!F&-mb24wSFK$ef*k5Q7>w9J&i>rmGwXzq*~@tej^#
zUrTcHKI1?5&+14hVY1-_Xf}@pM53$5hdTBLfw;wI4@Y6O8f9}KQUPU5vJ9yeJzJ!7
zC>T??9cIKo!XC55kQia4fDRY#P!gRzi%(5A!lws@CwNPUidL#`69P$Sc*G-D$Hp5V
zMyk`p97Uyg@+gX>K%cNfk(()DTG>;LzbH*2v^wb~$U7d3j_xFWVdhNArIupDPMdDg
z9h{iMj2Jc4YSOHvO_qduSTNWfT~j=~dK&g}>2oSnCR}qcurRRH?PZS3)b|{}d%;`J
zWWCy+m`}I8+r(sK5lF^)LLv@e6E4Lap3|uLsQBoi%j-2fV4nQ}2o89@kvuHD>=`pE
zTN3VjKuvH#fs5eh8-5EL7~kY@6;v|SZmJjMN@j7<75tUkW=LAmAz6mP1Xp5JWRhRF
zoAKxzvvlsdCFnyn8gSRpw}ah>-U(z<=<B}|UepmIh9v=&0NEfHC>X+v+%IxjR-~S6
zciyS;?G1aj>|b`0&yEdwsr8<bO;f8ciaPgn83O*u%6a7!@LLCAoAS>@?d4Y|6wC4+
zz-d3nub%U@u5WFe_Jy3AK&m+G04vC2%K(*=aX~6b15^d;OX0T13{w21Hp!E+nfsq@
zg$+Nj3A_Yp>dHsPRE-1Xk9?3qIFsZ$`H!IY{jcS=Z=CfLqK;_4NC<zBGQxM~uUp*C
zV*ct_?{mIBzV2T4DAsd!R^5x^Wpoi35qIlV_=9(jv8^{~Jnnz5*hI@dFZI|Jluc~n
zmTM}Md0dga9h9vwa!J4j@c!k0Yp^`V0D<!d>;?8F$@*rkO~LM9=CH;bXh&;B-euiT
z-COy09-o+kkK=v)(+q5d;*BC-<Y>!zltt>Qowoap)%@f$IosEH718_MEx>Z6Whap^
zAun5ygm9AdvP&P78NzMgTlE{rzmd*zY;0t{n;sw^#^0Y;HqI+_R8(YiaM=C`{45L#
zOmGkEk6$CT$MAiSJNjppKD{qB3h(*0y3F@GjMCf|yYu-ApH%nwykd1UE|SorwYCw2
zmq6=Y?(H$;{5Rz0O6y3JM)k)Aitg*8w72<TJM<n#o};ie;qF%yJ8x^1@#v}V!>Uf&
z*fITu>W85F^K20Kl)8E6<g$KmtK8?q<^3den`)Oiy-qvQX|FR-oL+mmrTx^j0`7|a
zvVK&xAfn5Wvuj=zBF;r50!!%cE835bP5NSfhEDpg{NC+*Wd}`Nq{QeV@h-gy`Fyzx
zS)^Uf0M}f#<a26@w`9-}AIulq-?Bm${4(P}v}-XL_GTo@o@%PWM-BKhh?nbkLJzSV
zYCV^}=czia7+(Ot(O$2et26hPTpw)Ptr`0q?uXU?!P#F2#Syg&qi;fj1`7_s-QAtw
z?(Q<UyAvFO4-D?^?rs4FcY+5PT!TA@yx({3zWd(&)u}pD)itxadiC?Hsp<7c_nP06
zz-IB9?_cOoi1n&xvYBGg)?`K*0>2`F%i3V3=n#<g=ZMN)gw(UL7Wx^}t`8rp1&(xh
zi$1+Mq4&IB@khIfrx=0z?*{|q;~TY8`A?08yv2+@c&;Uvq-~zU@*8E8M7^Mq;~F#i
zk*P2hJ>;*>KPH6J$L$`2d9_2BGfhjjO?dv!K8R9n=B+2ZK>M#gTkg#wM4dHa3J*y@
zDDAzVXwR^dpD03sFYc>#DSUS#v$S+yKO+_V=%$va`?FA;z#BQY8ZX|AYZgLpo&l{b
z$5{YB!_)wemNo-pML%XXt(zcXNy?Ol1Y2dEsJtk83#9M-WpuNCnuuf0axaW1V1B=g
zI<UOhP<D;{wW6<wp$y*ebD@fui?Ub{`B5a;5Sdw9ex}$}wVGdKl1qL`F~wp`zW7%$
z5+xsmr^^yG8m6HS?MGH7s0HC;{lFh)n2cbCztk|pjtDhy@G3-pmH4I+EJGQO=}$Ts
ztHi=0hk6J(q=?C|crbXd8LZ>D$r!qn&c@jLP>_Smjft^Yi?IUvwmrS5F^v%Wz81$s
zsgH)la#&P{l(MSVs_%D0rH8EctdgO0aT#|;cM)7di+(RsuiJI6)+4M}7}{&u>j88C
z1^_RqO<PM&drpUDTP|BJK`Z~+S?edz>8Dlo4A{$5qoEf^-qbs|@k`tmlD9w~&T%lE
zOq5!<wQ%`!6?DdMCH3|dA0e?zBO$yQ+cON&M6DXNQ5nFfXY7OQS3+oaW15xfV(FNm
zk|-*L>G>haig~PRd$lnwq46K}dj2rThv}gjje~HrQx_YrXA9r>Di(SOt~H2`6VmjG
zp;YUvs;n|1Z$>Kfhr}LdTH*ru{Re;2Zq4r^9T_s6F5i1Eb#)%bXIM^I)zXbDx#*bM
z4`jd{bH+3;BP|<OvQ0n@dKnHJ{#bM%t>nFGR_1mWn(VRgrHE^4Lh`!JHr1S2Fumhn
z^@2n`oo_ZBzdq#<!?v#W@bpy7$4DBFczP!3x;?JQ;~c4qZG6g^E|Apg11_3ELy{>@
zC1An!A7wBGO_htq(?w)I5~C|0o4+eu5tSKfN2h(+J=O5XqxpAbJFPQ%)e6i~Sfa%6
z36Ii0jfuhWDv0xE^=a!dNyYJ2vjkx#dgCCGbrt&YBrII4Z`mv%o*fO>_8((AqsGt1
zcWyoCA-5jh_uKje=XSrvP0FJ0f}%@U`A>vJ_4C#vJY%9!cvqr-gcF4M3J>up(C#5J
zH2?5<G;(UXQb&k-5gt!B>VOc0->GOlyXvlvSbQ_^`SOO)(|da2>acoy>0bR;W=s`8
zfemJ?QnVd*_|T1}6h9`_oDV>iqZvUn9!|XWmxpDOMmzQRJ9tYGdZc<(@jJA&;=C*o
zcY~Gq3*IgQha<0<|8l7fn!$J2m?<5K3StFjV{n9X<#_v)d96?9{xSh#vT&|tZJRB0
zvx#nuJRKgsV8;B<@Zo?o7gce>3gX4*vjv8;@Ik?xCu=>Hplz?~pEe&<g{sy&dkJa<
zn!)vgvWrfi<1g8OBGa;sL5aVV{96$xO`wW><)Ih*+gW^JQPl@79?ib%l6fn*J0oZ1
z;1B;g#L&mjz5Uqk+7{FiZZkiTg6$&fCcEpFDHMk^h!P%enJKkRl8@9o0QbkTOESGG
zhi+ntsqZeq{F&K_nJzF06A1N5QPL@(6P2m|Wm65CKoy$+O~FkHV$<9Il^{YgMd<qP
z<lLiya2+FAm(}o&66@!qkAEWb*Bd@~ymMku>n8Q7`%SP$nF&g$Z{0h{j(=5sde3Bx
zV@@m2&A!X(8UGfOi$GPyB8Ab95`L2TO<ka*yd7hnLzb3GhFeCKHNWET+K`y5ZJ7Qi
zE@(Pd1?9*_*lz}h9Z5ac>%gG!YWO9$`cx8T+n2wOyN?|=WecYB2mLT*m7UmZ>CmAn
z@1d9)Pi1jMi2}iCr+&ogeJcLB)M`=lpKY$rJ4_)e-PQ+G$tu{^^#d2e0?0smTK(!z
zGsj`wwP!b-P5fsYz6NEi0jZ9ed<PWQ>bk~ITZHfKPY1#U)X;Ya={}~vw+vV+ErL5G
zclfiztS%#KBsU(S&L$t?Z`~P}zty+)6Z&1v>I)-DR2><%Nz5S65<%)C-tX3$CnA6C
zh<G-mbigWs5PBGy;WbPaXIrpD)&J!9fL9f$Q0??<7BHsE$thGT-55}gEaag;@CY`%
z*b?&lfszHwLq7LZQQLqHo%cP3fgBcE>J<x?NqW!_>ng}flM8g~R&~T2A2i08us*V4
zhU~lirhP>zz)SrHVw_WKpmaEZi>=b<QWMq~Qu#$2-vkh2dHR=j<s7<kyuHT+2O?p?
zF4U~Q(A3f__@d`y1NMBD_u)H*iQjZ3Pu#4W2zX5kM;Mj8=sw%{FntgXbA5(n+wSD>
zr;`cpjBe3;N`UWEbHFq%DnXX6mCc9Sb>#L^^Y#cwZC5pH-e^Sk4aM)dQN}6lfU}f6
z2M=Cu{cB;L#}D>=5glHpW0!z2u_rIL->?BH;m^D1&wFhyT4Omr;Qd12L)ph)9nWHo
z>WaxYH}yD$WSz*+#sxQW!+cbmb>&o>Me!K;G|-YIPeoq?{kAFC*S06F6MbLV3G=#d
z*`GeAi{z{=$!W~#<pp7WD_SSDhnoEr%(`D9%G*VpMjyrx3k_Xqy!*?0kFj!i<vv^s
z8YD-Q@~LSyH5#Qg6M7Ph$}W_RVK%l~vB7F>Ni7O|<RDz+V~9qe=4Zp9-+d3c;Xejz
zd{xeN6CpL%hV~3AG!byggPo#p8LU@~Zui1csFS-&N_K$LLF(>IUnh%$d6jH8`4m%1
zVPFe?zG-4e)J^&NH%Zu3Zd1uZu2h`p2oattFL@*$L!;-1WJ8C{`opky;N{BB-%c$<
zi=2&7i>v_Z!ykYiLeEg$F8kqFw`2D+B@cT2xa!v_*rP{^JE3a-n+44y&DG&b!)Dik
zu%fX=7YBQL>y_t=pT!f2Ait=br<<A_-A=_w-p<==i<~S2ADoWk6vnD>t|-9M`x6!N
zADy-%yO$~486V*%_Bgy72N^?0gFh|;RyvFc7FHf&uk`QvgUjgp9T+fhLI8?HP_?9w
zh)dn3KAWC?=PWm$Zd7m3Z$3#;B7LA?0xl4=lv&JgZgq1H-900LY;Z;$X{6x#Cddo5
z>xHaWk8L??QWis8sOLF<D1Jd?)f%wc;9qqrJ?6o`A*X9GC9#)W$wj;s^csM@_N5FD
z5EbZM{x+|uJ3l-R(}}m~FSMw><XWl0RBC7>WZUDiMAPYSv7aBAcp=(~rnwb91bKdq
zHM!Bh;W~0y@GwoQoL-=}C+Z+t+uRlIQ`&dx`<y^;|E*9M*%;_cEn0C}-REM(ot}8>
z>fa^FeIs8K_NxWT9}d+Ztcg^q?zkBBllAOhV{ej?K@RA9?abzgi|P13ADCf;I${=;
zt{J0ld+loRsc9FH9rn*5wZ;Sk2m5(yBg8a}86UrK2hSKeU-UH_b&!1z8o`hzMdC)&
z!}E>oDtP(LCjjhv_;B+=iqBV$Kdja`-XFXm`Q@+U&DLeI_K{BmA%o`T;4kr`vDW-(
zdd<58%7vJgva^Y!?(q3EPdY!LkSneoyIyRCl5rN?LuFnuw#I0~era9}Gvc&#VBT0#
z?;ZR8xhL#694>}vph$=0M=Y^?cm*N%lhhrSl5&I+-g6bAq3r7JwmY6R))dQaaq@3f
zR47?It_Q_0Q8T1z8G(9G9Ua0?`7}E^4G6{U_?1;fEg}h{-nzeG=Ag4~e3t?kVfAK7
zq*3yer>{u&%t%eXJZJ3LeVZ*NF>uCP+6tR1@6Ve%vO8)Na#qMa!&s_etJ<-tu5;mm
zFJMOw)ng^H{``sXaP+Hfz5>J!)%6hDcGB2nhugNcPinb1h2@2H<Ok^uXK(zEZ(ifF
z2bh6Zgib)qYtUqJbuv)Cg5DcrCja(%hD5iQgG;5FA-AT7?IL&l%9;5*X$O+=kO7f?
z##mQtlgp06zHo87x%7Khc_8us)+6oF)2Xl#>2Wo6!RHz`#^78k=P5Eh7G|`Kk@;vO
z3KfZNa^r{e(+X~qI5^}Z@5-?}%PtU~L|16>5378E2WqR88N&R~TrOvJWsW&DvwFta
zP?Q|X4y>!<_G!DuT#X!2YIQo0MsO!T?Op`lx6GSr!$rqW#BYn;U!h7M2Hg?LaP2{4
z-=<ZbU?67qd7<M%hk6D_LEzjEOFht&fFL9t;Md>>Z=akKTZ>CR$wd8Kcuy&SgqmGC
z?)#~4p?kwQx%i%r(@-{FFor|qtUZ%WUh6S2XT3#l?BKVH(qSSmh|>-6*<J7B4N56Y
ztdNJ-Ux5j}`6x|Zp`BRw?#)K;3Fm4#0t0;?&523P9Q~VAQJ&jBx&fbMe?vVKA#WQI
zsqM&oR}k_F6*LLmUfO1FI^c@PV;BuPxY@?r-+_P4^N-*T`o4o<L+vDX@ayxD*1F>4
zL6gR)^kb^s52pQ0K-_pO_9=pKN;mr&!Ip*$nHT#GOiOx~+cXDCTEf?3BF%s*fA^<^
zWpM}fZr?(`;f+rdx<mnv+ha{`k|lmWV|s||zJ@P$y)FIz&1EmM-g>(~!MDFK&oMN3
zs+qKT(y=dHXbfwNVib<UKD3KHoEyZ#I*q}&9G##cX<*BRg)i|HYS24H-l6`q*`-gO
z+A$HwSje(gi9NL(xg#E-_M?iYVyPn%>io<X3_ds?-`{~G{as9_b_|hm1Dn_VUj^y^
zD&+|7QedcB-m%T~#$H=?)9G0hIOXuVVqthFt-zBmI^{hJ6R5e>Yb*dfvzQ7bO*1(L
z$q*ZpWpPK47Gt&~j%iz2*G&|tOdi(&wW+}_zi2$m5Be~-eVur^HEoA7e%Zm$Rm@tF
z1+QxjYS{0P+?ed!mQGfST@V?Z4F`Bq^go@reVsmpZ5nE*b{)YH!?J5+vD)zhQe2Km
zds;MX%-HIf{DDsR-MjZP5rmI1xGKR7Q6if<Lj6E*#K}4FF>FS6;}+4UMkDi&pKBlH
zr2RV6#Q+pqZEvL5@EI8|cK}-N9M!gI8#fx$(BXC=cNdx<DhkBe5m}Rw{Q{|<zX!A}
zL*U0MU;@L|_o2rU81lrzT%*)-)ZV0UHfD?O|9nkns=4X6XZMUHK`_RvS$4<8wK+v_
zZFtAlgwM3X-QWUpJn{%=J%_gcz8_i)7)zd06RZ1mNI1p8xvJc7t7jTd5%Za+Do_p}
zkZp4<*o>6(7thxyhx|2qB@&#*c5VNP%l~<^s#*=D!l7K=vpc?|`D6Ekn%#h@BQtWJ
zX>&zOx$fbdmnUB~d<{WmfIIH?%ziEr0p2ldl+M-(X<mHQ`+}hc0*mD<XrnPi=AO^S
zQG&r#B;Y&5Y@%67V!BeH?~><kiw7--H*670d*ZKSlV65;nczxp^#mzu_a|?^V!mY?
zZwaRa+KS6IcK;kftqoIUKZx=|Iuk7I4wKBS#uG|k_6-_4^W#hj&_QGNVb)x<|6nyi
z_o!9<Yx=5g?V!NS+X6{*dijyluh)J&ds3v!=j{ZS)sSJ$TpRsTWx9`913oS+y;V|j
z>JD*v%O;zo<BT%0rA^WSD7Ir}NEBCbe0GLpWpi8}!FP9Sc?vpv*gMCgEbyaVBw8rY
zN+D`NJZ!!kn^qVZgF@a`&K+Nol5@AP>Vmq#u}P|*oQJ0s71TN9uUhz$x=4B-qWEe_
zmv<Rn{spo*L-9r!n%putdqFZNRrkrn4C*MZxC1KD1?o}SuZl#0rnQDpJVHgTRgjjE
zsf<sJP^Kt{pwbf=E;3?+z%<yq@@>p7rzv0lwLLXh#5mzvq<>!R=X%w?YSn(1)7&>A
zSS0*;b?&Ep%ea2o4;of~#Xs#OP2WEQQ2B>lo-C<vBvhfAI6kW|*ef91M3t~CXj(t@
z)84h28#(|5TGO`%MHq44@T0%LXWn`ibw#Yx2lEfr1r5;Aq<}r%T(hQ0BP!R17JS$*
zLOZ>Ft(xLM>Oa3PE=Y+1n(dzM@dwaSS9J+Pe+C`e3!v<l%Lhyk&Zy<rR|gH<H;Gdj
zA<S0`Zt8o?W;A~{tr<o4@}X5V4j{lgs=w&?<+o;kO`nR48(COQ<=#1E=gJ1obsXj^
ztL*O?)RCGmCe{609fhr~<#5VHV6*%vsg?7iI%m5cxbB%Fyd+8Hm9RrW%Ojg`j#9|o
zK32=N?-vDSke8h>sa~Pl^Q_|P`yyl`?$0n-h#bGn6P7^ec++-^ixDAk{qb|8VDM%1
z$f0M-hZ&g?i<!~a^#Jo9X6blg@R`A~`zoy%B;uo6dYQ70(k+fHa4k}VXZvd~lSgsE
z(jjt0Jh&mS=qdbPQW86)V>;!FV|e<{7K178=RE2B?_KwQndV+h=xGld^0Bp&r85Nf
ztZi_XF&FJ1kJa|%!9~9K9YxMP7(Tpe+#E@`)!S1^A$uOae$ohW1zBrN30ZaRDe9G6
z3@hWBO%yy+9WXj^q>op@)X4qV+@I0+6;flc6?5zNHNzY~puS_F#e|xc@Z{=y67^&X
zykqoq*tHjxbQ_-j67;F7H%Bza7q>l1tU%<VBXV+Iu{WJ;8pimuFOe9R3+@3&U#!8j
zU#vu5_W8`_w!dq70Akk%ME1VUjspi)ti^(zyS%71J58?HD_^{H1ed%1&MLj3g}XtQ
zTJul52(C%r;WcEeh`*Mq$1Ah0e~N7pE#4S=fuWdlz-iI(L^(yDQzEF0GRmnUCn)(6
zb7214rnEM`s!3c6=8Er+Cj&3-ULNo3PDP6Gl;5*CH>_*#TGfS5%^9)G-t2USt57>r
zXI!sVEgwcG!nCQUP$#2P3p!hx!UkoE7hO;6TNUw_oBl5*wcL8PUzv_H4*cn~i#WWs
zg){<$3F&fJE?`nv)>5tMnX6g;7K`o)?x|d1jj4>8CJX88RN7RY>%7?>o32{<j1gK8
znHyRKEKHrHoVWBkq-;`1CYi?U=vySYM7#7{slN5SrhG#9gbW)7y9nd{834@y=goX@
zW8`xY|EH|a0s4)DoWsm~Bt8DiIB#+8U(~urI6H9^Wt;7+Od;R79uDN8fezb)K1QGZ
z_;bQ*LKo&Ur*oFTD@D&ZFYb+f0j&71T@Zn=SuEB%ce#pG^bONb2%;8U!<0{Czwed~
z&Dnb$D(-&&MD*{uAzVd0zY{!(@De~x+P=%X!yyYOneZ7W0pp$vP&x`O`-~4bHQ(W|
zrd?^A*G1q@@}Ad)<Y&sipAm0+?NosC7qXN8i2!H8WuEbdDcvPe`<jof=<Ia3q{h;C
zO;xJ8LCrOdw33Rd%4|~F6{zy(WBa2{TnDQ%xQbR<g>`>i8R4*$w`f{*zbxyRMjlv`
z!5go@;5=28sjtr=3wBNk7#md1UOodO$w;?#SSOb#I4yZ6{iH1_Hr~tpiB{CuKC7?1
z`;BczUp+-#-|ro06F{c&u|B3PuSl9NY!q2JB>Xg5USYK4ZIs{H-EA)A>`arHvl_3a
zxvr$UO;b^wwJTkIIlo_PoCGr}j=dw3!y6}=c9^Cr!1P|uln{f8reJ@(hNec9me!`+
z=2)OeM%&J<2&jFWc1-cB1vXJBm@+SWb;SAZtT#<}M(P-?VeO6Y4ZK7L@i|s$GvEKo
zyIeKD)GjLkI$Plb9o5@tChS5f+5yA~&;!J?RL;t7dJP(^*VTKyNiUFX``F`gMtGFV
zYBbi=uRwT8IC7=g+9+rhAHKGN(1>-y5^i=0b24RQ%IR#3xCxXDkt>3e1k~M#yQnFF
zrJuDb)tr_V)Kk=2jfL78+Y9q%Rn^a{ORkgD$3Ifs<k8i`j}9KyKY9_rmVTCyt|}>R
zZg0#R97v|A`Y=Rm&N=TxjpSSdADO!c<UuM*0(xQI>@FbP2+ILNJ;>Tct0-l(n)8r{
zRNc`)GAO$`<}fOn*}qNW#M&*K-KtdfKMM37AP_H%y>jTPZW}G*(H?kfqZ6!J8t~vO
zx}lfijpA8X7>S}}Xz5hVt5easA+cHb$Q&Kwjv8v;;4^cMDoMMkTS4y@*hkP~_c@=X
zEw~6of13D-^HE<yNnIbsx^!+*rE1<)_lLWD8J)*e8rjsfXAz9qkCaxQzuNlH?#dNv
z8cW{xBh4y8JwvK{VKG4Vd~d@l*C|+sz{4U;0OtJkn#)n&^`8$|ZYjyE@5GHVtlJWl
zK9b8?6YF~Eys9Qk#m@v5*(>!_F@|}4sHpiFTtV-n>h(xQngJL&qca{ZgI>O2Ny$5F
zVS|Ot2N`h`wiFt^Cc?)6F=Nw15duu|g{Ub3ej}G`9Zo9)H#@5=w1wSpWmktyXr7<#
zb{OcmmXuS+Ol$&wq+J(araywfYezpB`}sYVf`_Tk((xRb?#6ity+w8iG>T!JTU18Z
zZ)Dm!kTtH=Zh-Jj?e@ov>UiZcU7tM?Y1y{fk$Yq-+!kC)HQAb!DcV3h?A||W?qL>N
zWzSrvpoV%;D#`)Y<!_nFH!J_4ZqigGBJmQdAaWy2DwGN%H0eO?)GCOA8Ug~9+#~@=
zKqhiD6RxKK4Mfu>Zb~Uft70T(Z0<k94)`7mOcRpFP00|VRR(A4D5VNG<@4t$fe8%b
z-)Yr-=PSuQc|1^tkPbM=>jC{|Qs>&=Ht|}^na`XH9cuQsV(q{0Px=!~|5%u7*c;f-
zG>Y+1wNMi+e%?j^$rTYd)KYsu3OmQY7a6G-_k~0**A7u@aSCw>m7uzV33HI-dcTuV
zVaU;q69^Pjf2G9i1B<nlGP|hV-jDY?MIz91e$--A`yEf7i?*m#Pc;WdA2!?DrO|E^
zM~^~iU>lyRQ{yeTqKckMcA=CTB?4(D@sSvUM`1Kr8!q41y8i$rc%`-Npo5gtcGx6U
z-F-8rjq&)_x8n~(W|kk8L({w>M+bvW656gmKvH#61?nSWJ}(E8U*fcpQ9%^Py8&pK
zKb*Q5&~|A|>zA>5g(;u8fXYL^r(oR=dBxEYqS~d>fP5@`%3%8OEGZ74D)+~cqQ}hm
z0eT~}kwjXiO<AUeuL2%jZoSmJt7CskPsaJR97!oYDU5Ut1-St>^|#B)N}5mI>>1eW
znah7oikUa*pngCn)Q66($TAI&Pws8dTAaz(_2@4?<W~ODMeqB=O_Xx>yThR#idZi%
zo=myTt~H+Ap87n?JA0$0UA4<!G${bf8La)jYL+?zbjHJ6RUI{MfK2fOG?ur6mP^yr
zRYvI(bK>e<Uik^V!LD~KuNwWSDC1MRtcT<DLCwwlf^c$q>Tw#I5d6^MtlkiHSt(Sd
z#vvdpvZl~K0)=*-uHpA~(ZUTYaXYzqGVb={%=F=t$#M=1EEo@2#UBnC*x?j^`N=8X
zR{;4E<^io)C5y>o?L)5nC#;8IBZ^<)AjlhXCAp3FeTp%Kw##p#P!J>sl@7eFCH)Yn
zC4Cn9#s7l_um_2bW|N2xEKsYWcy|i@zvP>;Kfsev+0nQlS!X6^?e%+AQOdS*orjrt
z=~roz#FJ3DQIv4G%cgkg2a<T{ZW1$<SKJYDY=8oxkUJCwpUXJPcS&cieIXbEu%K(<
zGmb0yotWh4`_4<GnS@Kz>8~7%2C=iyz7Pj!!BL@)zL0Ym!O^=9f~=neyXppnVAyZE
z|GqyAhLGROJWfukUv~cFqXW_r2d!nPsTw4nAek<?PEJdy#aK`KszuRG)2qcEB?LX@
zq9uLUETe`tuySNam!PKpGBjVn>$yaV;#?q;1ZUx*j2W#MR3OI=Yk)v|qEiw3a@pGg
zyEh&>rGi5f5T_68eya1CZz8no;0>z|K|+;xjd?$3)d>TCBFrmM`BOA?V4Zz)diaDR
zTP%iF5rUwN(YTye3)Bz|a}S=oM}y5$HCsZJ3M_{D!11I*oA*vbB5tT#tv$yo2j+pC
zXs~xo_g@5nZP<`amnM4Bop-J;oJ^Qzna8spPR{3@@~sZ6*1xrFP0{D%S_7Y4oV_de
z5`z`7muxZ(3hHl|Up$3n7Ay&)i&pNf%;YrjkTmxOQk^*)psE*`+mF)(%RXB#BU*oS
zU1(d9+SL(kw=2y{LGt^?b&cZaFxXMd#)W^Av~sgZU+^llO%cF^@^JWaIrMn8*9KKR
za#EU|m8YQrHuIy(tbjp!Cexv|fVS<DY1V1E(PT~^UFL{OsnNDgp{-d&@A6)1EIKV-
zPBov3jIOpWexc>;89FvzL0+h}?phk6?bP^VZes~d?y^~AqpfZ#LF0^F$!l(RfacXH
z&~E^sTxm|+=6h>NW6a@a>5g_E<LFZ`51;NTnj0uVVd;Q1$}BW}FKL1ccnlPe=EP0!
zklCx19*_I{IgU&C+{Z$)%Zv?F5%`j7mj$h5aA9x87tQ+@yxrATMPFkH(7HDCpprOh
z)!Ea=O*xe&^A)-@SwSayim|@@^SAXfF)J{X1A~MsdBY&Nob>8l!mowM=2ZS)h$8iU
zDI4JOYe5_V(~H#?GEFVFJsCDR5O!;ucKY`0nFTwyb^Hm_%hG29zWdI+Xz^28rtoY+
zzT|qvc1hBwVqhu~napqRmG@PIr36!dB{*}!WPWcHMQ<Z86^W*LV0o3f4E$W6XLUW!
zwV*#r?!8IKMHpK0>B_5K(#olEm94ZuJm66@=I_AWWsREXvXf5?OO{>R%$u@K-o>an
zqg(dyc)k~GFSSUEFjr_vDJV1mK32D>QC@YmiLYjjc1F)=9W@p5j4Rl5Oj;(Xq$S@@
zdns020hGALA~5OA$Bla+jIlDfMQVoX0);FUng$E*m%o&_8VD!c{e1N3a@qq%660i+
z$3$8}+tOmYg`m6c+B68c@)>3-&UtJNezl0Xw8`={(NDH(>m3>_c@$TVk@~$l+udGx
z?qr5LZLL}n?vy7@#I=hEMjvfIt>CiiT>(~03IDM;8ypV+%B#C0!bVQdmtG4hmo4jG
zNaTAW9&9|CUIJ|}20FLS4G~9&=`*V5coW@hmq-Fdnc|+IeoJ0f*UYkyoP2+OwSW6{
zrjiU_p1R>PdMu#=@{y`8K@KRbS*$BP99vl5*t;VCiNEJ+9H(<0y+OCg9Mz33XyL_C
zyen$0?yRZyqA5}Cu>W2WSMsRqp|(<1#Z-xN)dFfX+|V@#{-Od-{v*EjNcC<%5458m
ziC!9Fk3`?HvK&*|2|^d)uTCcf{5edjTxnYdyO{6yg*J-8Y_4{pFU37WefPdvQIiuA
zs>_7SwJTz|wov$UO~V7r{P&Z$u?1`r{b|w{8H8~X7@^iry91S^dwi~hMdAgGaFZVA
zD;ec_%>{Awe=jOf7m0Sd(&26P>u;!EA`yvZc6^z#(jf@TM`{wTfc8D9T<W-&d<&{R
zkB`wABak$(=VIxE1wW+MEhfcQBCr@fCO_dq|AWum*Mh)mQcCD{)dUYS(mAqS3ycg!
z4}xI{t0egg>oh`-8XyEzBmoP0gH&fxvA$mYDPn$&`Xl#sPM)&zTzAQWuV5J=$v#cm
z6m5qo5o`>#N)i=Qpi+1_e*Eu2o(?V;B7P%5L-fmi)C?`nQ&hpX;%0s_rc(55#h87E
zDMOkzE+!k!c|7cIo4y6R&p4nn_IgxDSGB=sg7VT^%7c6-!TJ{KH^-`tYMPvTS6i-k
zdjG-s-n)}ieCJ|@lICV3v{|7~Bp`0PpZ`q?fN=H8mXkK|(Ay*>4#NCKa9-rAk`n4R
z{6pH{DRWv}+u`Byd4%iiX%N|tVRNI4gZt;QYIaJ0r2g!*#K>k{HC9JGNe!r$x1^iS
z{%&$jK-rWF?=+GR-DhwmTS_>pzhL?IsLhaD&O$i_gN54?uRz^u46Uu9TcxoV(b1^{
zk<Q7Yb$)hfOVXAL(x*kYJfL;hr;3hvFu!{fU&)fE57k1~5r2C_#_sE2b(e2jsSg8^
zW;?D<ZpXs9aQbF;9^{yI05AExNq?_y$D4^Y@0r7Mc=qZ`by=9-OU|)d?wS&;pn-h|
zzV~QP@?po2uB<vUyefYhM85^=;i%p|O$px8uW8h#al_8fwTa|lr5Xy<S4o(Z!m2$c
zbv!d80Kls86{vpmT{<i|8++xt35FQF<k}=G^;8p)Z`KkOK4(0MT;3hQ-bh?h2v{DS
zx!p_n_aGm|@X}ufRMr&gEolPZ-nv!dx>Y>Fx8BSRrO!adZ!Ufm4=@WW0iuS|-NuGx
z83h4~hSIOG{(U_qHRJ^W%{B9W@9|FP+@5sLyJuSfn-1rURyS>7<gcskvaCn%RhXST
zb~fkqfjy$_GAQt`9v*3C=B7&pX#oK#(yvTstl%Zrw04{I0E_o#xIX3X<{|+27Ri`+
z$#l#LmV-$&UZ{)KkzYx3eA!&$13Hvmy{Vl`bys^7J`a0KUbfuEw)+UbJ#HjCD_+NT
zzn{nMd<0v&N1#A&^KU|c@NkJm%3jII{fJQcj*H*K?EtT!b6o6{#|?r1Ph|NQx8n{a
zj}j5{r)fiJq3yH^Gs+act*miNIzTB+<kk`%_tLi*zdJUI6Nluco{~4*^jQ0gni$=a
zc5iWt6aq+w)}<TmgEiShN7}PIMT*+xn+e!(0usOljH-i-`LKmDsXH5!J(!U31f)Ih
zvOYA(2oil493$OVyR@QxfSibJCB{JL5&8KNe4mx;Fa829m02H@C<0W#uw{?{e8@`-
zBwA*pAyJ5tyu^?^KnZ+qbbpQoRHc&qQi26cEC5GthQU#(U9O^Degi%0Q1qyPJ7{^j
z6FOb!^*kjhhWo**Wsp)CWTqDQa8Yo^D<ocKLkWCL>m^T7Qx3rdbyfmX)SQ(ln93p0
z->eM3(lu5To<3lQa)S5+jKVISqaY8zo&ybs5Ma$)tAU>wUsLMLdStR!rEbe0+MvdA
z2rlS^fkH6@tg1MKpa=p|-Te-wG6fUzEhCAYcgwk#LEu3rYG7o(<!azC5!;uz65#MS
zWJYBcN>qmvXh*yJ7@_>T94HxWHZ~yApR96uVP0|Jh`MY`fdYnzfNWPR(KyS@3L@DD
z3io0lfk@_Cfr4hiX=?##m4<iuwFVT&i<78}T~dn-drPmR8d`k8m2Q7~A}H?4%qEV=
zjbmgqs1kevCw$nz<scYiP;e!CJSF#xnvBMeLXAP-F6X5Sh+fwkJ-N)REQVegYyzTJ
zi99}<!eYemF9wEw0Sgor){W4x4*{WR(`tYn6K2^7;~?o^nIope_OZfS*0y8TGG*x|
znQ}E&D&SffaJiY@_*P6M4|o}BhV@LX8YxLpL`$O#mIJkh$8V28+{x1NfV%3e`V@1;
zqy3FzX616l_ptD)Dqu5^Tu>GjAc2%BEuyM_P*~-FxFz}q-CkKbFi=iO`qi@{z6SVL
z16Trdas*_`4DIQJ*7=ijjgv!kz&Pl*Rlv*`avw6>B4C1EfH4FBydeeSOX|_$<^i|3
zRztUtov)aq92>F_zgeS&wN>kkD52x#0}(-pgb-91L&{(nolp^ER_1kL#73a&CtOs8
zSvm3>%Ha5NU<M*N#WHbWs#JX-`OVT7X^mM!MKo3Ep6<HuJu0(YeT>&J6!7k|RDv1@
ziPGDq(t4F55e@NLpCXl|8)fq8$<gkk8_|oB#Ple)dcS+pz_TSN#T%8%d}mDjLyz`Z
zC`b)WO9o0<<s<FiaOqc(!7{XPnP)YV@Q?1G-#;{UvFaGflT}PKBEbhtscI%6GZFzN
zN|Ck{-XJMvIhDvskwKOI0dYe5Ug<yd%J8r~ZLgno;Z@-62a3kd2VP#8o<-lRpt`RN
zf4{+|2)u>=Pprm26XHMQ3nw=__kU3--2Z#`|F^dBUjoH{kuReEzvRn1R`EY+FYks1
z13M=xF$>qbj={pp#`^zGdwK8pf6!k3aTos`z~K3>A;<yjEnF>$Ihk4ipR|{xvDg*i
zckSgBfr%>W>sg7&cPW0DNO3|0Ff2|7NpetKwD!f_-zr^jbo~c?4^7ZimHm>f&u@Zu
z_e{TU_BSjs4{fLEB<l`wc?u6S`YViVoDM7A^HdKtHR?GN#cMlPg2l&qe4EK*wzqyO
z9dQF}0oq(Gs*gz%-N^EID`&u-=QYBT{hfmIfD)Udq0SMFicabMvdR7OHx>Okxq1VX
ziN^KVsU@0Sfj`3yifteZ(WJ-4LLb8gtI~Ga(PZ(u(UhkbT3P+8%?*CmUDxUW^#Kg)
z;_3X0tA)a<gVu2O{4unZsAgzaqt5WyXq0J+9fIpjmVE4d(GUX{{cWzww&0DQ?pWTE
z4CmejoYOu>zY66=kT^yC!_&i_4NOLelsDsh#N<U^Bhn=v`mB<Ox)C3OD-$<m`5%Jk
zNqR(U5FcJ((w`}w@h&B|NCJE_8Yu!k^icGG+)m%H(w`OBAIOe$Pla$QFJ%cX`N~9J
z(Ow!MOnpY+^Tlb%T|Ss-Yn`^IGO<U@f#HF{6aRtCBy)r4dfDoYLgGPrE^reI=EZd-
zpqA%ScTGU@6{pECmN5ThCKz<XVFTvlO#jri+wOQk0Mzq_yZCd^S74Y;NIyAsjQeA1
zF8G(1k2hTD&JA+pBHIsGMHB^RA<qwqOXnXfwr}|2@n4W3>({8$R5gTu=H`M^c)gMP
z3pYQWeW%7jDK--9)b+uc|MCoT*B!S3{RpoT?hoaSeLzKT=6R6Ri_@3+#Fu^f$bvX$
z2{fi=gP$uso$c{j-t;yDpQFTa@Ie0$R~{$xfBioHL)ZL=t@%HLHviL=_CH!S+?@Z-
zvf+B?XE^^6Gb~)hZ0{Qv7xR1jouhfbBsqEhkv8vi4cj|c^PUjrKZfSNHiZBCGb;}}
z@js@ClkI(DdAF6=d5GEGFXaEU|Mh>TayZ!D`@h==96ayEXSv>)8#Xos9&Yac#QfL(
zN8fO~lQt~O@4(K#j{kPBzbE#u1KWGhe?k83=V1N!{_g6qa3TDs<NLJ1@ov}rONQfr
z_hsXGKL;z%|2ppdGY89ipm)CN-}}GgxZVfE#l?>B@4Wws^RFNG|4NRN`+pDeJvpv_
zrq6p^u6N6alZE*|$#QVL`#kS?y!S=;_l5CrzUTID@bB^d#r;q0_hbJDm*?NC`QKfh
zf0NLEo0d5L|BLy)kMI4U|6ykO|F}HwIu`eTE9SfF{l!ylq3vL$;Wqn@jV%#u!|G!$
z_5SJ)i4Y@42f{~&kduEz!vp}+;=wjyY0^e&>BL&lYUOrbWu-LGd8J9^P0py6Wh<%-
zORAk!!;6B08|OBvv8P4ZsuUSdHBEQqi4n~ucN^!vcOA=Sx8Bdk0X>T$p03;xjh2YU
zkW<2INq4)G<L_`?k*JA_0%-dlL=T_F(+mgB^Rh?6`dVJ=udv~^PCqo*3<&4%mw3Eg
z;f83Dea9Wz$Q8QyJA5e<;_UgmCl4Dd8EzGm`TWO2=0@NBp24ZAVc>%R^Cmy)+3j0r
z!wF~VdwW*oZEu8X{6kc{AIbOw$(zwdNk@1$%9VRa=4pZ>y+7TGH<EA;$y0(Qv-4(l
zEPy%S6Nx>>B97-s99Eb!Yl?AlB3%+~lSIYbx9DQ_hF|ISV<Y3ElXV4eME+({Lu>Ma
zTiS7g=Fz1n6bFxZzuU47gO*<|+P+m;oSEN#v_)?xSdTsv4G6oby6y~KMwoK?d9JSI
zrH<eC=+qme#J3XBobQ)3bbNAZi{itzI^fFEk*Z&NDO*208D4^F)Y5;xUMtyYOQ#C0
zNOC07REioiFgjeDBMghfaffB}N|G4v9jJi*OlSg$M)ULvpBeMUsb%_E7xINKA<hT3
z5KjW0`wrPpFv#lzMXLt{Yk8PhQ{V)=d~+b$+x^wfY+jCsG35m|(=G@^AV#}~1Kbk4
z*uA+JFH&SUg5nSVNE%3(;szdFZu|W6(x1&6rAzGLOeC(i6O*7I2hLDj=oh9O%7vn9
zA~;Lb2BU>pp)H$6Jvyj5el50n)I0vuQa;XitZQJVX<f9)ug<?A^fe@o{T=1O0R?kB
zJ)Vn6T(tM-rMn@FeLcRXI<l}C6K>gmoE84?@4|CVy<|+SK2JPvV=@ptN4EGip=oSB
z>S);<{~$^0W37C$-be2__<CC_utqWhhmf?pP>&t|3{?Pu0npP51UQ*|WHrca<yJQ5
z<dOGMNNflf*EHpRItuS641E=P#Rp-3N8AWF{Z#$6QfY*`Q{6trHg+y=0m5tMzL7U$
zy=T?fnJ8~@>ty)dW$q5(2TpgtTN~jwC~#W=HM3XHBhgGOLc5%pn^9+2bUOQQZx_Mu
z0CoVXD<=0Jks0-Q0^IuV)0vIy85lqDU`V_W8JFhfWK}1YMi?)85ykJ15+G;>whOD~
zGE8G0e8GqI4Q%LD|5L4|X-(S%YM1dVDgf5FYP8d?6C5GShc}BZ<()gaUJy(oYle3i
zuGbtc-5x*Qyu|u<Z!Vu7c@U`*&Ed}x&JoNJx!~`_@x-;owkcL9+9=p49xEIx@+n-E
zWR>Wbtg8dW8N?Mav#3p$^4y~2cH89I_QQULJ`~BptJXQj&JC={ouLh#0(BV<kttK^
zbhJurCi|41rl$Bg1zn$)&a=$+SdZ-FZo8GA9<Y0wTkeK?UL8t8xI$WpF#YwXTm@V_
z$-QlIEoWkCdY)f<u(7`|5&Z7TdtX_)l^@!}eYYy)DaA<-&39t5pD%}T**+JODPiNU
zV>K6hJo6P0f;;?P*|AbtBk;%-6Q*Eqh<*nYDXYn-ukUR2kv8kcT?lNFf~$c$8X#CE
z4U=mAlup5N#o?Gcram59$}F$a#=?P}p}p=ZbbXns9&n7K+P0vb2itZ@CwGQW0tPBT
z!bp4oHN-W%jk|oC>%+eFl?6RMbbNQ#HYQV9r$T<R8cC_oM>a38act)a*PkPfQB@X2
z5tH+LI@NuXwTDNeP&sM$VzF0Z6jS~Ldrcxng{ekk6FQYtC>3k#*EDeeXz3ay+L~zQ
zEZrBTc4DAiXfG?UaccA~f2d(ojR=wP|B)u%22!Ljt@8H+$Hd0jS4|u#YmmKU1PrFU
z6$cwu$zT&wf|h5i)JmP_`h88RkL86`=%4|c9lM?<9ZY8#odMT-&3xXHR5^J1E8bL{
zM87*y9*$>A!p;bWBL&|=Tc|dr$y4JD&;1}{i2(`(TR#W0-E7*W>6?RJP!D=z5vGGT
zpxYisjOCVG9->Y4a^4zQU!<>MqfdgzTUqmmJ2xhZQ&!C|+h9tE?F;00XbS7tw*Km&
znZk<spUwidIJSTo@)szA!bc{<oiehZCfcr14UjUZjl05Y<AC2Sp^3d~p0k`_A?8RD
zsUTL_f1c-Pw$jub$7>6TD^LhspLz{57b+V-D^>#2(a`nu*=zl8o&*2eA%xB&=H?eG
z=f=aH#L#4ENbsH8U6rjp(g<OCrqtTz#^p0tw@bbC@w!cikZT*GLigLGFf$Ggs^1pn
z$XHBnIAY^UM)<6}3@B|2afkBk@H&`xq4h9AqDzT}PI4%ny+~O%uV(Udl%i+vip2J4
z3X{)g)Zd<jX3z<JBe9jUmF1Otm3$2n4G{^6f%mwkoc2jA>_a`i_VxDXt<n1TRX+Gx
zwrv-|3w93O)N2ZMZoF$XP=qyp)b!>7Fm=hnuaK_w+I34|9-S;XlqwYk^RV$|0odI_
zhnC_2_O6*^duF_GthA;XOZIWumT$Xwm0YBu=CJS1d94#a+bNv?P<EoRY)kqL3?O;d
zGNphX(8fPz#$^z~E(c8__+{A<3Tk1G1p(+O_B|cFO=yK5q2MxZyN0_UXH*D?Z)H5q
zd(Ns*GH=SpYWk(#h%Tege8p9wVaB9MXYOj;EBXB&N`Oc^=^@}ag|=*c3S=HI4`@zX
zrMF>SG~2_=%?OGx99C9L)io~Qss3pk0ks~T)@@b*KpDicHR%4jG_TfzffEYNqV1S8
zW9S#L+;vm1RqcBGG(M`E?6F^m894}Hd{2?}Lzq1@SU0b}B+r%|w#oZT<KEZ10d3Ea
zs9k0<>M@hW%S-l_ERNMRTEVH_{2=@W-M!IZ^1U_)i8#W~kCq{iFCnlRH45~MKH!8+
zAQ5<Yyxn<bn%|~r1k>d9mq{2S)Lk;n@l<BtKy;)u-^-|jAX+yAKcy|7|NWtZ!>Zrj
zuBO7dLM;)w!Rv-!oNi?ef%luC<5Y6hU97M5<{d;8R=g+l9?%lFX-*Qi6lTj;JJ~2&
z!5cxg{OD|lRZkD{sSjL_a+q!RK0JD;*zb!5P$BV<F9)f3nX!_VPze;Ne6Wc6ZTApx
zZ?OfufN6-A{_^I|ZSt&gZKHd(vfQIS#om2QK$$bcEK_W>!N0Zs)YA3$JfNMqnI}!P
zZ6AVF3cGo=h)$$VbF->WyW1#PEX`=8WP&S}97d252hfVv;;iNYhN)>Zh*TtJ%qn*w
z`9_v8Z&_30?OVC)+t$w%@_w9zTX?9qDCc%*<d!v{_Ri^(p><8;U60SMb}ekcYv`+N
zz@f*hpcRk=l}*n7o<MF`->x;&CD8C`C+lGEpj|}-HO7BEHAl;eHnkjKMNn-!2~X6O
zjs;{B00f`&9MgEdW$?F(d$v4{!B2KQSW`A|B;0#m;zL$C_(BY4pK0meC3rz(wdm~)
zw1ZmbHJIXyc-)v(&<X*<q965D?hD*gG!Ltxdi6-v9~VT4M)H6%(si~R@+CSGXNsYW
z)LaIz7f=VA39F)*OR{WI3A?mHMypVaR>MvWPaTV+2BPjVPn#|&JrO?gwIetqazcM_
zFW$$Nn2>A{r!J)4;mdxA;q8l!ZGrL9qUhb!CecF`Gx*P@#O;*DD=qb6co?q(0b<qg
zl)nDkaSwOa_tO2yC3L%rRFkmaGp~*E<|p+2Kuu(!x2<q0<enhlO(^sO$4J<o&xB>T
zMmO1ME+;TBMaMyffy0xvm#-$G8y<_n2b_91p_c>Sm$={7XO`sI5NRMI1Q;f3S#NjR
zIc;&kcnx<%UU`zEjMApfv=Nd$Gq;$8@4w?>74MA=qQUT|d{(~~^Ry`6aM@{Gr0D#m
zjTJgM^v7xPw(-%(J)MwkXYDK5`wHI4vXpPM;}ZG=QMC0C32nD(oO8{=eg*t^teZ0T
zx)TbBBQb1n(JeG@irz{aBww%0#j9+-Zq=zjFp;Lu`z75_GILD!DFyu0{HSpUdsg%-
z{hFyTb&U25Mc^+(Usmd@9n)Ys7LRfPSDXlCN4h{#k)RovV1L+kCs}GyB)Fj8UQEI-
z)IQRrY+{FW<-J(iQBQ=Zz5=HalX{!v`cy|G1}2R{AH}ibtQFiFcjh&8u}w{`lpDrD
zXR2W+ITd$ytI&c#YDLB&!&fH<(G8C8$*sSRSz|2Oq$U?cCl^MmaIIjnn$!TP7PD>Y
z@y>v1`dPiK@Ox}b#^Tkn>^LT$S3YhzS$A?DdLQ0ZZ{pSW<$;#yCB?rNdsrX(JKjk2
zUgvU1?*!eAbVJM*g}Psddf>xCPJ%6n9!6VA6{Ll9VR@T=D5Uu8b5~{3kln?z?!*(O
zFSD>$$5Epc1DF=*S;lB9DJ_HT$!Twt?(QpP6gApN;2HA4AzGQG@kuPx)MOHwr3XtQ
zR#$i8f=1k1b10-wdtaRQ68WBB`1oL-&dAdMmwnCZ{e1l;7kcC(L)V?o_k-a?f{H=W
zk4+~Qy$uKq7scRVkSRT03Jc~)X)mT;Q+jjp{6;+cSSMb1v08&cgRaZ>0g)v6CbIf+
zzeMBhfXL4zG>_O%2!l~jys^1U6vI+>VmmTBiR}bfyT+Yl$GH?HT<Oy)yC$H{(Y-o!
z`FI^NiK~zV*Fck&KW<f11QUL&ci$O(V6qZ&lrxpHm9vx$g|Q*n7}!bJYS{BSz{*nI
z6U6<bQKhy_H!4#iP4;ys-G-AcaHo&^5MeVuV|$oCl^oo8KR^<;iCT8?FOww78?jyD
zCDmpZ-Rm~X5K<YkOwt7z`D5nuhx<%4?U|SjxhfMeBGrPgprATD)Qps3RZQZRA&|lu
z72)hNeKz9}fQjFM&ouEXz-v}c0$1;)uwQ{EQK0Gg?)>!`rGs)Rn}-ZNRWi-A-<l-z
zLyh6&eQLfU@>fOlp^&crrBG#)8szC?-)S2X)62yJH`ZWxP@-lTKxTq=159;ZJ>`5j
zW$wf`{kKh<uX1<}dG@J7wXA8(c30y-3^cLGb8BvP5plP41%9fKZtpb+{dRiJI9D;^
zR#R(`B~heo!|tfRXm#y;Fh3*_l}*p98uCRw^ys^MU9*;EX;0s&i$^){LRPwhT}id-
z=HUT^FDt8B!6T<!alPbl?)LEU+AmhHdun<A$mLw^RPB8J<h_K;>HImwgV&?oz5TA@
zw&Kp_*5>Z`_W17VDeFo9X<brXazT<qvPsfS@<#HZV6vdP;Edupb!x-JfjVa<LvG#V
zYRO^#e3=*322S8{qQ>tUOmJ?yUb@1<iF(^CaCxiR&#|Sre$JQLFR!aH?{!>%iEy|1
zbfO%t+RDle(RCkCu`&3y(_wJ0QGNfS&g#$p=Np$7+XajIO6zV!f}V-yh@0ao+c#Rd
zg+mj3{mgjMLu~eB+oI;1=JjTD&Ik%N0G77^oRc|i^(#$%IS;<Q0j6=Y^v9v58ia6T
zr-M1;mCd<MvdXQaUaH2C7*6jfV4EJ7y`u<gc#{9LW5}DghFPpBNsw6gU|ETmzQ;~x
z*|n%l;yii$u{kR&h3qW84sb7*M@9OwJlad$tH5h&zwQ{vMuu}#cCo~)8Lc9zk~u9Q
zB)DOAArD;bSN|BFlxR7bGpX_2?|ZugQ|s+V|FBiKtX=|x4kTVo_Q_F8&d3pfBx^JR
zdck%y&N`ex9}s>j1A8h_4vNI{2Kbks-6x+p-JKNm!J9Z(CMl2=DBjF-H90;b*NJQo
zy-QgFwgPqIX{j-8kOlbu`7rlu9CL%A`kE2sr++iJd`CDuMUko-l7f~v&|$r__Bg*t
zuvygky}S3A#L#luq()q1G!bDmQO6+HbuPUSv#XB{MAiutTrIc1&~&hPOxn(pWl~P8
zy`C$q5;VQsK#oZ+*n}R+yu?UWSpNa(%VXD_d*+uw>M?+sjweqp$Ko+gxIs;@ujxpr
zcj45+;n#Xgd>y2*IvJ4M=^t+QYy+}^5nCl=`@ur>LFRfKB=0PZ0*#-B54e?9&J};R
zGgS6{0q|`jMU4|n9X&<W!emv`2@>rZ3}eYf$NG<W+F9N5%@Q?9V@WG=NnkCfW>#Im
zoY_Il;e%Yaef5T&Ylg2}RwXji($cri!&A9%`>JjVfke(F+94XwMP{W)vWL|mVt&{-
z;z}<u_g9+ME+$jwRPP}_-~-sd`Do4sUoW)gw&77RAQ&a;mAvEjE96>YI_IOkBZ{|X
z5l^&LE?#1=DMzdoCaw!WD>>OlW<bk)dd#&=tC&LeYPQyVuvFD46}OKCI%r(5iaSd?
zc6`pd<FiZ$H;dn~x*T1sENyHxut@>Cl}MG*`~xDFAe}GHIne7>UgPzm@O-9&ipiD-
z%!=)w^2a`WJKhKj4jYZN<%AMUg`v~BqdWbyvC6*6V1DBcT0yLlh{0P^Sr}o4yHB*!
zq{bX~AEX8$xRB|ox#<*0Coh)HS?#ASAZnz$I=3qKfo>ustXN8LBh6@wzPrLJ<ZPp9
zzNs>jc!z{}iWQ0I7a9y2wW$=Sl=8&rWaLdq+Mk&3<L;*+&_|_yyFfZIIdyK#EbHU2
z&AP-o)oIjND5LQ2HIvo!Y=NQWATVdM9n0DL{foa*oZDrWi|AR~lY_CtZR}y}WDT5Q
z7Gw0Lu^b2{g!?@R;aMItIiqxYA;167))z3Li}Ky1YBo^2(y^94yTnWx+1y2f-DiF8
ztIc?!sU)H^^prEVYUC_SjnitK0o^|94YZEGLh&!H_yV^Q`OS+w-)sTd?#~}z3TG+=
z?cM|mA21jb&zn^;zjuZLnFJAYbFkSFf<>B<k3bWM)jwoYNzEU}h#s?q4eCVz6};!^
zZ#7TQ$AFxGi3tm;uVzv1VSxGo_BM;vV4pj|R{7iNv)iWr$In;6u$l_5tRj~qs}@87
zGi~R2;kWU=>d+5Ino0vwCCN2Xl2%7f{}*NN7#>-)w(G{WZQDl2w(X9cbZpyJ$F^<T
z>DWofRtKkg?Q_0;)?Vww{#8|D&N*iNc*ne|#&y5<L++Wlm5{^@5i(W4S71JoP$OBa
zgawa2X2Y%~(%N$P?$HLDUAih`Q6@z8Hk?CAUu?5xnb=I~b;rBLqLzU(ghJbpLoCHX
zt=6tub6ZO?f!>qqDNg!+R6Rb?4T<>q)V+Klm)%j$+~O*+e->x?tMhtehdm4V!z=S5
zHf`2t>FEzIyv%1Hp7h&jUS7|}gJ6=MG0Bd1IUNyxP_l}jTcC5Kt?=2-TDq2B#)R39
zF#qQHsqdAoYQ<*oS)20G41+LdeHh>m;1{s=>?cgKbElyXVb^Nk^~S#DOu^#~!?0EQ
zhGHk2w&be>P%k>5Bdx&=g}$%0;BlgIm0^;$#)s?+Xgh4)vnyc@q<!u>UHh2*7k$I1
zBfUU0V<YLs=qAclJl=TL;p`YA4b2|5$_lL;O>Kp?+Qzc;5~B4T`)HH2RHAMZkkM~O
z8*!#U5aO2bUl2G%eyM@9*U4RO^5Zk#z8p%~Qh{}Q*+#~K2Nu#pZqwP0fj*Hf=^$wo
zBu&Ws_-JF;4c|42>*XKS9&*`M3Pa9_Ep0@#AKTbCh}A#v6iqeJr}WkGl1CKF*#Vb{
zNKb<<V3DRB(*h=QM9BqxiCWN%b)ODqQzuDN2TWF`tV0sxdhBgm3z$rQbZ}uUoCS|i
z#spRQ?k&@S3>n_`H0B<BE2OKmsw(?h`esu2R+A6s0TJUKUSx~h`>_vbNBXC+w>1++
zbSxMs`PsT5pw^gnw$2IHk)m%uE#eX3Zxi-v0u(t3p%C9hM5NMN4B3_%>G+T&bM9C5
zG*P2Rg!hQIRg`-qH;cUPRs6jMMEWH0*3M%_NmGi8fi(%S86rZ$3b*=m9b81}OsTMH
z3k`$mN!F7ky@lwo4m$%u_vAvz-*<>bBeeN_u-5JY?WWYr<tKi7aoQhov>AC~++cKf
zw`GDzcn=bPUL9s_=&W32n0T-vmGD7a?3r-Dv~deQ^WB*gr=CTH+_@k?f-)mt-P4~D
z$zPx>@DYML_lX=VEI<{1LzF<9c5zZ!ZtiU16GQ`X0f#?>{7_VOpn`z;p_I}F1FYr$
zJZijm6;F5?0MQu+86@K9mwmH{iUWj?i4^?+w1aUKVGoki2}4aeZ%BrN0Otlto%sz4
z4AvEXG$=U?8#1zAdJA+AcwoFlv5S)r5Ar*N2nsO>A-Wp0MVJYY!VvW_WRR+r)sCjU
zBTS63a3dSuk%>?p=(jL`HK}*4B4}rS4q-I>G*t;`+cS7X-zOkuky!^9C@6^E{om5#
zLZV*R95f8-c;(ea@e%!HPy#vzMFNl#NY%^LTLE%TT0WE_lyH4f>~yEVd<VQKBvg$E
zHIhXFqO03_eL<*Y^yDT88~>y~=403dAid#tL3<WA9me;!qGW3akiz67Dy(jhAJBn-
zgmI|H;PAp%$o*YUCZM9vZ~oE@6|qBUf-v6jh%bf7ibPnjwpax=HdvCPo+gJ#w~Bt8
zL=g$7QohEG)DZ-jNa)9el0r<d5iShllWgLKjuu4yVc*+$!qMOpzfeSs#)-s}rEHSm
z5{O>(6wwS-xNyR6YsxiUkk`lIx5b24#g-vfER&5(Xrbms>kxwQ!;wh$=Fm*~ryav_
zwh1G?g}-(}1e%H@6Ee-R$kqzZJinRvGjp-2Fn+UJ9|V2BQT%4S#?D&XCJNm<*1$a0
zi}Y*BWk}K2*WVN=JdMn7XlLts2Pja84k4uUZgl5blT}h^0R$rmls~xKlh9ywb7`iP
zeYLr^+V1fd-qu^j`aUyM+kpPM!Y-)2GTmTfPJgGXBL^~k<*ejMzNbC5*6!?3gN<z&
z<Gv?0Roy@bcV}~gv&zQO=B8g;L`Cl4Y(2E(=$(aYb!l^klcUPU0<!3G`k^eiqJLF9
zzWSkgWofX<Q%l4|#LJx7V0CU=)L{j9!K$aYqq#f(yQ_&S?M_2Sb8-7LB$pMit%`_>
z9<AbS^+N!Xe_2U;abvTQhmRLCo>kbeaZh)1$4YBMhpQO#ULCfm-4V4Uv;#Dk`wos%
zTXj!IeS*Qt-1f@$S*5;|VZ@JAPWD<d9_=kvovrP;%^}A70IKCl93K*UB564j*TD(n
zo)%BDM<;^~He?Wr2-a!@C&TvI@m1|D&8gPr7b~1Gpog`&vr5a-_@7>LqNHZ6CGF+Y
ztyb)GK)Q)wSVh|sQvN{8H?^To;=}eJj?lSJ$16|N>MI;guaU23E1?_%!g|)Mbut&w
zl;P2pLU}{(awxq+;-;64+rWy4O=O1EwH?SvEyx@Kps?FV8=LsiLlO2e{q!XgnbO1W
zTC&~hvLL$ylVL;-!|Xg@exYLpDH2l-i~VBKPW8#YQg1-lp;lxiJAIN!4TjNxWf8|D
zMUf@UjPqL&0&-A!E9w=}A1gaEFwpxqp}$EzHHSHbY6FpY0WnttHBO`m%ihOe9S-~!
zdCGp7YQ=Y%Z)H=*f;iD)Kb1qo13@ED{9_V5#kry3g*w@(BIK7>@oQy|=eT+UND%#Z
z=aN%y&KNINr8z_1M2d;Wl(J+<x)YSCm1gXSmEc{jk(0kEp$X$EGDeaTp#QW}g|bJa
z2`a@CKlEF_wZQHhQiAg>qzZqxKtdn10>uG&LBUch1a@~{;t8P@Hy3h;+?#^(h5%BI
zu`*hM#9H}j<bMjGDQNiX8?gr#>N}qycHk^jp9}CdQs1qE0G!K*i#<m!hctPxr~e{T
zHk9|3z*nBXrpT&s9Zt!+`?o-+CX12r-_G}fkj{ww^j2gHmT?wT2zP1)%I+X2?@)bd
zK)P7lO7Yy1v*P7Hq=6)mW|oQ#Wvpl|n`gBnE|6it%E^QJ^ssC}G>sd-SW}5O)C|%Z
z%J>DNl|4SIR?CH)zg|SjzBJtL9-H~;oh27Y6rMkpMuJo;Kk6`2-!G!vi4&U@y@Sv;
zng}D?yngE|CR&3QvxxH3eY<^_+uB8ApC2gTL|5q<NFF5i6d-x+kR*oFJV*=?S)vuy
z>L8b+bR40^WcArZRNPt;AwhW}g8-qwWAIc)S}{q4>{RX=5~G)xfjH$Ae?1Fj^_3Es
zhwSX9g``g9+LAgeg%k%(B*c`x<&p~!<=qoRs3&^k&gZH|Z9oZ_Wm3d0@s@W+{fRPE
zUhCR#mwiQH=`9dqOr6>h&}bAXwlq$02HMSbe31AZ;<t8%sMPyBwm!8JudJ(PwlO{n
zLD7@!x+jmXi9^SW^C4AkVq@|#ey%abfzS|sViV8en*p7xvNK6*0yO~ayX&xw;85~`
z`_w~AoSzeMK8`0dVhS<#_eH@Oe&Cn=@^e8Vi&W?@db{;cCQrgRD`^5vK8PQ(B#)W-
z@f+|Q47L28-Xdhhkh#)l&f1UEH(G2FKJ70zGSM`m?ELMFJ9pwDjc%Der8TLC!b)W7
z@RPC5JbeXAzu|+(N8u!{cND`ho=^BZ)gZCVG_<7Wlx|+iIPyyf$A=haay(kxJx)eT
zK^K{uoCm&Wjc@rp@i9sf`H>w?^Zh|rxd7-WdCi(i3>OzDR&tTHT1>^MEYCCUv{MSF
z@e%b;7EAGQTOS<ay$Y^gToB{2DMj}$&vt^i;lwS-)Al(`)5o&pfWYM5er)$7+Is3)
z*^%iB8kFQaJ%><m4yAIChpuxT*LimG=L>*@T+3CDdYfWI{-BCyQS3k<d*Hkd4N*!a
zy3g*E2M4xbT6I=LSyW;dxiUTP`^xT8gzBFtK0n8yhXvW$MK{@fW=a0D`wy|?D^Kq1
z3j~$244j@^^;fj%;`JNCm|y8jUw4UQ<7G19XupXdN<8DsT#PA3pdL?sUp9%fWUHb?
zR9hSW#C_pnpWhdsB^r}4EDz^W%Po@<7B5C;8j7E?4OZb-hxj(6T(S4zAb#l5UQ`8W
z(O0b~cd9PpH(VFYw_%KcnXqchIYw}4?<MVC1)~RMl{&NN0N=>@M`b_eBS;TIuB}s<
z(hhf{sN?QkChd+z;Am>WJG1D=N^;UHSO=<Hvi%t29*7#V<gHRr$r)DzElxkQA)nF)
z_Umrafp5d55*YAfUPi;_l)KfUbkvq}6=g!rX75uX%}H2ZzOe&t<EWUmqG=qnMNP>^
zcoNg{P6nMvA(3DQ99jo6=Dt~$ZzoD#Cm%DWAx<bw&81Y;m{Ut={60Qm$`?~Cx==g@
zIscVOJz=Z*Demr0<HuXoq_Uw3`boB3bWK-^r7r(EZ$)FkzAVC8To-+XOpoHjAurTY
zqFEez7PS`Rpf5wMrV`Vnr;$k3lCjdB>qbURS9<qaR)RzAf_pj-c>}LPTOi1xsAWyI
z70D&mi|JFqEY``cDsKEs?b|Ztt1A2QmMrxU6!E))46*i4?YAna`Cm<sS!CxcvcEbq
zJb#%tH>8df#0jgZ=(NgN=Esg)OGn%<Qxl{%9axPEW|eYfmG7A1k?(!xZW8ZHFXUSG
zYo95^poH0~tiNoy4{sg?b*#u;^WK(s@i#h^{)k)Dv$Xos%1*Ra;RR-fWh|`=YTPZ+
z7=EW)srt>UV1?+`J(1Ey9>xFR@|<-cFtka(9i!a219Z7Ktk1-;oD%*>%D0?hQ_#7{
zuGa;Rpd7yRM?ZQ2og6n+erkmLDb07C9?7cy+~PipX6XXgIC#Y?VS<7uRwf5J!Co_v
z{M>E216{&=tKu^iKC$7Q{zIa?n{*+EMwDIlZ5##K9*z9ke36G32dQ@pC)@1N@|tvw
zX8uAT`P5JZ<^*_rf1lGVxa7_6;7_x1#kKDXeK8+|#fgS+=M7ZV^aa(|N^894TQ7xy
zaBIQ&dlwz<y?zJLZeCTNJ@ktl`)2|{?_Pgx-au{6fZ#h=-cC?2<E}G^fY*0!w;!+q
zjd;D<p$hi>Uq$_;VDFLsy_CCY@Gs=-zVnd=W1~At2iNYul6GeHdvZb)`0|Ex#)fCj
z_fB$`9B1hVW(Ur-C<S_;{A7aS@Yx+l`CiJP3Gq$xsQV=l4xJ>xykD{`H;s5dzvBoz
z#E@LgQNPEu<@^yxCJ0-7p?-f*(b`-D@uh(kEFXl-;~K_CyFrbsJ;>z>$-^=s^rMUO
z^2YbwoD_gqBbXe7e9CGAZGY*TT%GZ(t^XtEo`-RL-{5uW9tYv)gZP<=;Kz<C_$KM^
zrP>z<6d?ifLfgr{sX+(WGq`?gKol%GAZXbQb9w34v$_&O+%6vBy>uT1)oH^A@dc9S
zs{{Ab3c8*g-Y{y|3ToZ5K5l`2*^Ys@(q|>WU3N49Az0p1V*Eqy|B~q6x_PkM0`)=w
z+4HAHWpfLphqgYp^Bk?mI$F+V<^bi~VPMj3W-tq551EU3Aueo>{T(`X!%?<RsSgkR
zMjUjTYeam2TvxPj4~36xR|psp%kc|lvvi~zWc%j`ZkJ6QDrD=fzkfHP>+?a4%33dY
zE#?jWZ}*&$zG~DPTZ+wJMkhQc2ME0S=l#}fZQb-y);mEP4Gz{A`pbzk)f0pCo}{aZ
zu~~b|HiL4s&TS?1?q)%;IvGJ4p1;IJ5LVlOYW*+K3A|yeb{fDrPaQs-*fn~=88r@g
z@?tCR4GpSO?|;`Rut`;8tkO;HT0QNWVYjVUo>a6NUc=MORE};lx11dd*PNm0!_*d^
z-%NkoKNjvfEP=C=!s#hziRq*U)nHI}PO)^a$JuEc>)UDrXAE47f^(n8@(P04*)^lZ
z`0jx2bu&PM-pT};R(YZON^n8F<VXO_ICsEO9ZEYnT<i?fz97~%RDLY&bo*|M%ISy5
z5Xw4Cp?hH#rRuKVlbB^b8p5M{Y6g3p*%rv}&QLYYzSpkLVGwZ-B(_b>H+pe+jAqQ)
zwF&YASa_A-;xHv!B__v&u6C#^&9$$_gy5+s-a2#kNZq&-^~9$CmwNV5e+EG|@CG(W
zOEIQXi*GhU<Abox(NZ=$rVdLTcCyWneKxMF7VxZZWQ*Q5V3%0nHvaq~2rIbtzR}A8
z4jl@0>Osx=>Lz_wKx%mdG`#9GQ`vWD>gn}(a})IGDkd|N4O}rMw(0mL%qF`II3xP%
z5TqGE&QsC#l5rVn8GSy8%wk{mpFh8>AWHl$PW^!Sx^El*9j^EnQu_-Eb91q<{|6_`
z@js1*6#XYo*v!fD`+uGd$pr}4qi5v;pn_b0q&sG2HunD%7H0h~qaoP<seb=18uA|u
z-ak`$|0Wueo%!D&c>)43&Mr=7Mz%2S+5bm0Bq~8na6AeM8HP`prJ(<sNTh1C*?&Ys
z{xtbBb2@fVXC)u=`{V`ySb#L1dKTi#9&Aw~X|z33#MjStXRe}uEYGbIJv678Wg1z?
za$<-f^}IG({)k$`dvFg4Bl32{(Y3cTzE{$Fe{*Vmf`wpe3=eET!{OOEDQ}*=1R_?m
z#l4LC<MHb)vA6G!vCvRcYE^+ae3C7C+sY;pRY4h=m|hw%*2gv7w)1$iN?!H7((gj0
z<SXe}X2)ET>+nWYrvbVIm6@S2?0W)kN_mT~g!?7uS#MDRrjs#=W1Mzl0n)s5)I-)z
zu`%{*6F+Qbjj@Zo{6^C+toy_d)C<yIf)aqFNNk?T<-EI#JeAxJ)QLL3$Qi(~F39mu
z?#o6$X}d~4@wDD;mRR7O@mcqf4&D<9nYf7Wk&74b?>(Hn+EoSDxGr3^p#QD}|1TpT
z|MQyrx7;iX_dj#9EPxnB7ES=K$_`*e*#Ph=3xGf60)VuDoJJ0&zuYJQfaL}-r~p3n
z?}>lk{{yz==7#y3-T0S7{hJxd#R0e$z<B;+3~&w`p#0bXV}Ov=zX6kgP)GoI%LM>d
z*#HFXze1(|SYrPKm2&(`*dyQ@{IA9Nzr!8@H~4R$QWh2tF0TK7Jzsjmx~QzCoVGu2
zR?a3=)%IdtSdS0<NU((g4onJ+rmw5F!PfDI$D)&Ipf}cuB-_A(;WA2O%R`V7k&;f_
zFR{!lq0eWF;+byRlS>?bAoutn%aC7jDVc`TV$G2F)A0SYDjDMTiTimXF`76yezxkl
zO7hwJ`OD3%Au&8AG@d|?Bw9DX$ZtvQNHY-06P$Pk1xrQ}*3W?r=3uAatxS-I>HUl_
z%r^+>sV}1wGL+)Y<isv+@ckOOK@?Kt({P6HPpt%1FZ5Fy;=n-uA-z?)!a$d|16Tby
zx|$N~6k$-iITgx{;HSr=aC$H7{e;n1&1tnasCd~=q~nEfKQ7hI=3|6(&?&}Eq?jR8
zowi#t;U2K9xDjC`!45yxDMVtjQ=^z5#E&56(gJ4!*aGS5d6XQ1(Z9Kmr(ey2Gc(Ht
zmJcl6Uyz<C-9x>>C37$@E<f{}-0qg^?zuWZyQ%L^0UeyJiIYd_16S4+y34`tSubE0
z_CcL;Ku2;ef<Q&_CG)<%h&!=w^D_IDr%>J`HXnKqCRae7p#0(b$60fJ`JiiI2m>cj
zk+729L8MgUjKXnBvNu9yh&`|l%`Xstx}u&6`NzTtROBk1+E=lb<D6%m&F6T(-CMik
z_F&ubMd$9?p<WE23ZwE+Ek=3G3w;8)iJqF}@k8AnoEqh)c`2tv=@&H(Nb@SL$9=-|
z9Gt3ML0oZoQ!2KEDHHVs=&RLYTA5WWdEK(?LiRsn@dQ-d8nw;3D?Jv5z54b&8hjhC
zY(rK9W~=+s4Mr&JN}^Hf;|t49{LOW3fk5D9dz$#!(pk06ZB3K0wBWep%V#c}+2fGk
zEklLT85eaQXA*YYwp-Wh3fKUu$f3W~Tev0cz(p^++7{P5zX&AG0brw@xRn8VOL=^B
z4^eRe=9Tk&Y5Fg~${+rV;W1tQRtD}LQzr=kTUTwKmJNGa2EN&GgD-G5;pp&nZw_A-
zN7pkUvl{vf%1gZ``<OFw+DYVzHvRXcbaS*vZqK0fq{7v*028GsF|P3_ys*e2kKy|}
z*q1KhdUt(GXhwSf6Yu&qcYVElrMM9AAHnT>)#mw4o$dxo2pVkmzWKuzNKwvA_8R##
z^7aOb*(ydSG^)mGw_Q%9zb_&R@7r=Qb7L`{G4A<mJDnI*<@!&yD<o4|rI($Lr_L1w
z&90m8`OT+j_e}D?`dWb~@+6u$x82_^V$4(1Vbw9Jbm5GZvxasmhj#{bUyGfOvY11R
zS}%w8tzyr)e^*>p$EqI?q&*5h+E?aP<_6AoFDINmS=l$Ygbn^Ur?LCx3VX?s;<@5p
z?up*&BIOJGXL?et+!|4Kr(hneb@Q`wfqxOwaOshp=Pe9i7@FPhBxHX5be!#uvv?Vu
zu|MeTu~7R=-JR`m{3QBv9X%_kCgwr&jC+Ka9U19)c?mMpKU?R!(|f`EevM)QFyTp}
zo1!_xlZ3f=<{tJf+8s<z?rJ@9_c$S|B~#td(9ytD>IBm&W#s>)E2w=agVBL`I`oWm
ztK>Ls7i(z%5kaW^;ZO#44qHEH!{~_B#8HAmzv_Jah*~MLYgAI858X?2g(;us12Cm6
z63Y73RW;2WX|ZscMG73G!F2kI@YiJG!rIf_Vc5}cYBx1Hn9pAgY>ByHZfh0kB<{pt
z)7%`jVuIa!!J@p*2ZFvPfp-ufEZxzw6lX0c9Lc80{VKWGp~=%O0+-~zX5kkTQmCv{
z!&6&=0X1)>*ZraAf!=B?u0Z>}3AC|m^SxLmwHArbtJD_Px94j&j;KSETh#rt2UN!w
zB^kot>@_Pd$w2<=J}aSTu$T7aIj{F<+;F#?*MRH8BZj?|S5f8ORBZT}fcAWwv%Z)1
z<-9Z_mH~~N^Olwf0XrVNd%uD+3ZrnC3?~NTSU|J*NDP$4fkZfzr)m$LPw3b`;bQqh
z;!pHO)%O`wGWF{5vUyAT6me7b08CLOMk@)1CM>qvGmj4!Ik}kMON&XNQuI58T);2S
z8H=j84H8AJ3AX2395ZTWY&dcN=up{;jy)w)hQ4`3Tcx^vWx@J_{V~&v9@%6Fjah=O
zouA>-*LtX9@T?hze^a?iy&Qg%#10%Cw^h~lq@v_2!I`e+^E17(=!b<hb*oE<r}pW`
zJ^#M*IZh_QHcN4Zci8&nkGc)sKD+5}y&GoZ_dku}esHcUs$0zIz^$o^SHr2$I$Oq_
zJ)gUsYMh4<;51^%M75(T;Zhm=sj;1C*=bp)cnDW*o>VzI44{j(S}ZvI)pwhTx${(m
zkj;O$`DLfG<;KBX|CMU~dB5Tl6xU&u#_%$0a4FFH`)OP-yMz99`*?%0J&n-Y-`f4U
zN942bEsum7VZRi+8?nR51*{ybQQLaOYJ$F`5h=T=o9J01H#T!)+B;6{2_j9uScR1J
z3G0XTbGdcE)vAFJgJV}s_awUly;T#A&|$swl9kg#mk^`^iB)rEdmx&7`09j`vl}ty
z$-W*$+Ps-lhTh7L%9fKMC0b2)cuv}z-9N{iYFl4fcUhL<mcHEj%B?_oY?;1)E?zN-
zlV2d0akL43g3N(~Y}3rg=~nh1#ds>wghWDDx*C_OYHKKK7cHhqgQTq{Uen)cD#D(i
z^TE35aHyu7Mn0hA)*jD!2Px67SIXA5;!*ab9$@UOq#i)*tkjste+-nLcM{KM^N0<y
zG|F(xl6}2E;*_eSS{ioY9J=?l(~y%nHhVO`s(}MK*cOV<7u-@@QqC%fWU54I+aE3X
zS7SQ3<q*&ImZG1#HUr<4Yl0^y(fj6U)sy|vQW-mIQfq<j86hK}#<t&2OaAnHtcpLv
zFM1`~_ilX*XnLH6(7Sn`<W*H(x2H_Lu2%10suNaL!P&skp}J2llzk0d+Z+jY+j$gp
zK10kOrmuYt8l))x0r%Rq?k}~pi|G&;jlx2~b!W0rp)V6tLRxb52C_wcDp$3dV}UeU
zAugL_U#eM-pVKu)1L53petMuj&Ozc===GymlvqUY94IcX&`@EuUfm}+vp6eWn~4c>
zR`YjKYrpP#KcTLWIny{7N-HiKX5ZN~wwk;>4D4A4n+@D*$0b8G7a#J6u|Y|vH=UBT
z%?7V6h&+FTPGrai(fkQ?*s<NU|7IuFvnwhctV)}|MDi!AZoB@t@={MC&3^r}4|&$j
z>*8|f_vdA&*YnHg>r)HqKtoa#X03Mn>&~-)Ls`kOsn#!hKi_EQ=oYs%;8EsaRRavq
zgk0Po)f)85)=T>&LQ57)VCUgPFp4_g!iPj9+^24N-023o2x1unae8AFpZhKH<O^4k
ztHl|5`+hr>VQcrnHCwWZF2NZXS)Pq7%A}eufl|cW$&K^zL;k9CReeHaAhoMcaETOP
z>4O|*W)`wTza~mL^mSrnwh+1u6fdS7cr~t}P&gTaWlveBQLfRM@dK_!O0%w^lyRMW
zB-kXY(Wutow9agnGp)9xy+Ua%>sZ!d(<{nDgeGP#gQ@t#-o5Vofz=Cntu9wK>SFT7
zJM5+ER&hPIEq}G(BlQ)3^YbPCjQCNbS;EEO=gM`(E5jH4Ev{*#?EUO5<q+y2m-kqA
zsQrE10cEg#R9wRKsr;QFih`AVJmK$0htZCuiFrRR-s6i=`4y+Qp8Ci?cP=O&o?;8n
zC3Am13A}MXK0RO*x_2h^Nz0}i)AfR5+qI7t81-I{!XXL+PTi~Z*>I{b1Xke`GLPU~
zJ#ECZSCTq6+8DzonFC)l9%!bbzLRPw8NO%ddlR_AfUY{fJ(jwmRWTSg>jvmfGu!5v
zrM?A#<Hg`oVq(@Z^t58Jj7Dr5heuGxVmM=>TS|Ke7coW?xF7qcUTiv^UQay9_HtiZ
zeEhi;*;#5pxky+q;oEt_>~;S1&3|t5J6ZBM!gmr7Oxq;OHf`?<*mm^jr+Cz^-<02B
z1+PM$oV?^nPnGtT%CKN;J<)#UgQep-mDkGvKj$Z3OKR;j4YKun?FnfKL7=B;)R{=g
zuiG>-kd)InFH}O4)sXOec%YQ1KTJIke={i%Ja+Nshxc&u+lw7o4jB;+n25tLq@|zg
zR+v=lE3T}s>VPx89^a0%7@mhI^JrE<e^!@Ozo_*$&6_BchSD5%#BNU=(Seebx%Eow
z<mu6FZE$q5xz|Xm*7f?dU-`0`efH(S(E2(ExRsziSk!%F^V|On^SRvKiP^mWCZRJb
z=xF43Q=LYr(8F<c3HOjASVGcJO?~UyT}gzmcRt5K00JzGpvyo-K47^>{hd;)KM6vP
zNu~}2`Qgh&)dusG!0HN#HK{k)|Fx8Lsss^ePT=<3a8W|HvT3SJ4J;}Z1eOs)Gjdml
z3Ik2^j84<~hy>ijBJW2ngPXpRk&tihvTz}SCX2bK_yOM{EOsO-)jH@0R=KZiDUAAr
zYHs%}xI6K<awyMzbzyw5haR$l1wK{wSRNG$ad(Ol#WOBfvmS$U)f2i*wG8uBR$iCA
zZn4$Y%fZ4yoR3H`j-Pw~s=Az?&?&#W?}U2NK?N_1hjo7>OV2Y=E6wZb9q%Ac-43Q!
zY?%<Ho*u`H{0?G;wR@@P)-RiVdU4IUlN%mT*GuK}DT6-Dw7D%FlZYHvF8VW!m>JTw
zJ+uDb$UhaEC5t7K%$ZUhKq^>%^6Aj4DG-?Qyu$Z)B^I|Wnp;$Oh}1|e3a1Yum}4JB
zY!BltA1>{W5C4>!Ds0F=>&={$mjI`ANUhfn#>~@6c-Oj9_#Dl$i9xjUJgat6Ij1#I
z5D@&a*pUaf`7WB$Wb0J*%4o%pYoFnMwnO|vFa0TVw}X-VKKI&w;(L0&{<IQ>=&0tX
zAkp@$$?{Mv;<{?<c@pJ@zu!Z&TE7ocr$RdvII2hRnzCxlK$odOhc*?4JbR1PzeuBf
zI@vg!ZL<3)K5xUkimeoIIFIRm1My+E$T10GT{CVY+Kv&%z526(zUWS+9!9f!(1xv+
z;~;nOK~4twDC3uYPU@a6qvq~n61ocdE@Q0LK!b9v<m-cMb9Cp**DSvRpCE?b*THAL
zz1p=W#p|T`%-2T1P|2U#-u&Bd-uHWEu2+=r{jCO`0LjxR{=>bGAI~6u@Ado)e9z9N
z%kv<9bxyC++54Zql_m>f&mpx~60%zI*69msG6PkQi65ADW&UL4Vr%hPVV6e`UiH<1
zcY0GVE8RMuQFnz$yb~H}QT*m>G9_9JnlsrYk1$=3+2QKSjSk$TR0Co!Py`F2O~@$o
zViTmXV*{O4Zb!b;Z_T;~Lg)RPK^~Czahh?56&5pm^}2)GgfxCi+-mI|DEk|5_r|}9
z&+x{uUgV+?uiEc5CT|;_^Aw?XeB4)eY#Sl<aeYr_y(rgx`EM6nAKr<Rrn~+y_WC{S
z3YY%Af=n}TYiPJ@trZwni>tO5^r@hj+MoG|m)Y^}kN|IQ0udP}y@}$|FG8HEjE`L5
ztl(kF@hOlFh9ZTL%$b1WW|it^qD41d;wnv>(%PL13>^_mbH?<;6&yEVukF8~DVV^-
z--q$dSc}dI0q!x7y>WC@b%pe!?9pjb4B+q91O!Z^!9vdXe%;62hRo&(-VnIUpyr0|
zCq3!CUM?~kr1SL*x*rfKm4~_#8hABcK9|dr`Jk%TLfG#mP;BLjO7dsx#?RNm1#$v{
z;6gN%df&{J$lhu1ZfP0OpzRAU-TAHduOX-zgu&mX*Ulw2)Z7Y93c%ST+A(M5*=-~s
zhjg1DdNx8>Z$4;OdYkgUcJ+5ResWBN%rbk+pCZu?UzfL3_7tpCDp;&oe5O5lj>Mra
zgH$^$vGs4X;538;%mSZ*Yi5mBD|bvo@l!bu__{J3B<ol`$eBe0uP04t`rj%f*M~ox
zVoqp=(4BHlXo5Zt6DHRq(0{{Bc8onjw(DWx_<3G6OJ#z(pygK^JuPYLgUI9*hykT-
z)BQ7=J2_9IGTOs*%$e3C8spfN#sqi-bwX1##6u#b9wz1FLlWCMp8oppjLSzk8YA4X
z9q;H9YyJ@SZCcn_il6ZIG=LtW%^N=)lKBWtcS9y(HHeBL@+eHklsAeZ_B~NPWZ2iR
z9OZk-pW+pSIEg%`<!wvIkzvLr`G)ZAr)N%{%O`}m+t}FH@hdNojE?opO^dyjsxWYG
z5)i_U<AktMd&ty0>zrr^lKo?Kf_#ZQi@ymYyo^4M=M_gHU49qK<!kccVJD<6(diM}
zFK(S(z<wkk6Hx)b!&9KlcdV}yRmH`u43QSre=8G2!G&6m4o0#5#Vk!=<{(a?Y{rL{
z_$Dlpa9e@%8z#LxVFg}J6!JjXoeL*|Tv(`F5Cc2)%p{*VBpD5XqDx83J;MS@$^;VO
zBT;re8bb2X>}zbeqr;e8rjaS^V2F|2_|wp0jj&TH@?kbqSkjA%122}9J@{b3kO~7t
z7nJ!6s_qJGJAl3o0tJ+tw^&s4E>2cbNfA#Mki`AX*a#`W00w9tOr8Qlgqj;1Bw>#V
zuM`p`2nfFj4<{n%!A6#>g$4-l5WICKLwW)gK#2wu4-+AU_6uBCBqRVKS5pqZ2wcMc
ztq>jbVyhONs7Zwr1ttMX3_*bfF*4v&7=ctAV5;X3m<cLUC?q}Z&c%#{EeFIrXatTt
zjFcn>Z76ZzklS#O94eA*Jpe~0a5~kuSHxva%1liF!r%9sDZZjk5SE=Bp-;U0C#on0
zz6hHDRH*Abctz;v{2CMyTzyo3I9eQ6@r%XIj3SYc29@7O0`Xr7DiI3`oQlA{Yw!zD
zb}u6fhB4ll`Vdq)b6|ob$P!YTM!9-{C2ah2(aTRii|~gKv~pnVUGh&l0a8*!OlC_i
z6xiwUmgMyC(6<l&GI0tTFSj*8;BAoApuJBfcD64?5LrYBpd~^$mKigE{`7Iwzh<7;
zFIrKwUy+ZGX<!U1-UppQ3HA{ZNHTj{avn7=CL)l`-yeEPkc|`QNIo)_jg83O)Iu1>
zJe@oLVo3PGprfJD1*tT!$Wy9a0?LK~%_MDvwBAs+VfrOMW?$YG3D;Ez7a%?zDSVMJ
zfZ~e~#s|k&%!n2nU=0rWLEdLV=Enweb##pjGY_BP<}V9LR-G*5Cyetj3T$jaCPT4w
zwy=VqEG`iU({HH^O)7tU<D?xU5&FNRr?17tIQ)GY%8-SheR7|`hH&o=WWr_TzFdV9
z!r;KLl5p^kDg~LF3)=Qs3TF>BkG3_}4l>g@%3fh^D$a$SN)5|y1DnUm9GrhLyKsF_
zvQNwG?_FiKo0WZZT9+0!S5A{R^)B(RX5{xT<1=+O_^0hOt?jIDY;0`obSSF>ylnOJ
z4lV6$pMVwf()856v3K%P*QvWnh@i@zud;b%`fSNJwES9yU<znMDA%{Dy}n`Rw0T%^
zlf1;`UGL7Z^Ph(@+{oNm`2mFCR*9Pq^bLOd=_>ZvRZf6X_pZMn>4oPEcdPmlpI#o?
z-y`4%Ap*Y~m<BlXa9fnojbqu1Zz1!$L22!v-j4LF^6x6^`<9Mz?dy@25l@50Rypkh
z2=%j7_e~btKIx#+p7v#G_LbI^+QN&X_&F06UQ0(LPotd9=`E#eN9ml)tI+Q}K-?T|
zZMfbSWMc$mdq#&G?i)N?xEuo@*)sVKiPLg+p&(dgVSYGRX3-xUhG_%09=zVHMK*R<
zF1*EWvB&Zi3C;NWL}_P>ovB)V;_;Mf`dPvNyQyC18qY3TcQw=6Y0WcGpS&~#U3^ue
zq285VfFhfat&XD|H^6O5Gb&HnsLc)K4_%83Jesn)hO~g<jxovO<RU|9lNp=ibZWK-
zT7}D!fae)xLLBbzh$BtHjFR7P%7<s3i$LwbMRLMNeMJaj>Ja6L%nM$>APBa)&uaRe
z8%>IQ(1H$5W5i?+3=DN#5T>&J#*Q3*G?{IfD}Dh_k?!{{(IO%2FyL3@fJuIS1P&K&
zVSBU^3PFIjt)@{<1Y>-eObQINr9UvDI0_g|2TlZ%x}(qG!f)xxO=}fM<aUI_ni2$(
z-#n5X6FlL%x{%aD0)0foD%>WqAnbZ|@o~zuQsvqa-W*osB<Fi3l_}vDb%f>WB&&7m
zB)_$#IwrIuOqanmlxP!VmZcX`R;9@b)hAqbs+^$jxWOW<)fkYAbrS`Y+eI73%&ucr
zJ4{JPk$;n>$sT5=%8F8F6jd^2j9ny3bz~++Olh%55tf*e^t{PcpLZu;yp>c|#7bt~
z$0_3{sJfE*B%g(ws!J@WsY#g5oJqb>Edz|EbP^fV-ecsjgug}51P<>);#|N(5RF0<
zeq7%4gUgY)ZVyL7D1*jjPX4H|8Xe>eu^vPc`mrnuS=cO%)!9}ailYc7HV+n=&xG?W
zh$?_gH3FmzCRb+8_=PS+i7-2U4u>o0o8!xfBGl_Vlhc3|D^9>YJ5z;($W4OcC|ng+
zR>&@PAg{>{ZgA2eOdUgB{~4&PiN7`FCU(GLGJ@dds{<CUQ4{Kwt#F|O36S{*oObxu
z4Qni!KMP2&64xT6!=QtF;2-3^D|4^LJr@=#$3wN59k|MTne2p`vn7fV3A|%u@eP#S
z@6_4}uDq_TZw**)*kD@1&|-e7#?ZU12+ISMW!Z#5_v{V~AhTFwL_=32=}lHZ;!syr
z)BdT6`qDv|8_-*YIMB@1q5dOKIAM*dVXNY-XbU`R8UCz67vHg-3Zk#T8bN3RusVe<
zLxu6P$WwlK7t!0ZP2MpK!w1ajc1`j;3{t6BVg3OEhS&cH(@ikY^Rmy?*|E$WtP@$I
z>Q^sIfoIj)0kcM)>w}yZ=C(G!3B_(|;ta-?3$kG>x?%6Di>A_cqw!2@CO1j4m2EMn
zETkQ15*)aaK#xme76q~ruCK2%2KR*!No7+qq`*RNyrk}%QQ}R`FD05=WVvjh4@>`=
zXfdCxL&06d>&7*m<tn5Fa(jpI3-%BKqH{?XlB&x|_I@*BD{@ypf{U?)W4ls(LpAJe
zcvOkD%$Q4|y3ZssgsR)1whD|60&8p*Sd**M!-i~!gDBmf2L5T2ER<lzGGk*HFP0Nb
zl3~=6I<6EMrkScXu@uXK&BNLxGCC-m*H9xR4i+(JdqV!=Fmt0dNfJIpH2Fz1h(N16
zz4Cd~E-xit!og!Q4=t{-ezt%Y!|DNNfE=34`OsL#U*Lc>(T8Q)ix!r|UrzR8AOa|e
zGEeGv-1==i$}eRc7^Y1jaYxPkrdW?sh5Q*rBvLw-BG-8As0EZZE|loL*Wi8l+p0!t
z11T9gRtVGWB&=Cqac-k}?u`{w%dz$$KWray&D12cEyPB19$(!E1{6Bf`KjL;TovPq
zOGj7A8M0LEVk7cq+p`vMG^uPu7i=7jBr4KoI8$>TCCkMuWqD>pOi|b(Hsas8U|6Kf
zd&F6anB!A4%w)^4&dgUxH|$_WZC-~2<4e&}ME8hnjeJWAX-kQ4XKg&D#IjW8pOHE-
zdqmkNS=S@#xz5cU$>BMhQS$1?l6$9S2#CpNLa;EYWe=h&i8}4GND0@!zvTJ^_36`W
ztg}?fK4H&Ry)TTu^Ct?Om+eDR^I`{W-Qc0X=IhDMkVaBU?2(!?3PzRXXW(Xdrdi5Y
z$8+<W#f!N|@E^d$5Pz3SYe-V9%A)-NsYQWh<T;zXs;f+nojAF)xBO<6EjF!MBk!d%
zkz{ei#HQjkl#Kfesc@>mK5z$E%*08cNL}oE!PzKwIm5JC-aaWbIpNc+WCe6PHUXnm
z5ccpvNCu*9C{IJsCHr6|n5!=2g-xIqX%z=c_fjK%hrP*m8}<lV0j8~KohcUnjf{~S
zX+(eOTK0_gt~YL9f!kJD)Sd%qll;#qSQD5|bann47uu847zoW@P|iI1VHW5#2i8G4
z0>``$06}TV66CpM)h|_c)@bSpZKD<7o2=w5Pyel{U8T32DuIFnju3e*Cww@b6yy+D
zBMu-j0*=B;+`V52Cp;N^=h(9>&9>2D&2^0T``^(3nG4ib{^q>9C6p_`dIA*Sk>jP=
zE-d`YzBs>pBAY{U5~=TLv`Y@yl5xaRS@2aqv%WLAv3&C1Bw&3BXx=h!ErGtHZ6;q<
znIKVZ1xuNb9@OTJ_fIla8J(1&mGkklVyq_Qr$A6JR&YvtkPfQOk}YskQc_!FtY=K}
zjKPJvMhkK#C5Po)fpK^2dEZY(+QdyquR@5eu*m+pGRwL#m23^Tm1OS(uIoV0sxWVu
zJPtgwWGxh&4yg+8JZdEt`EGgHO1&;Oe_)dC<1A^$dN0Pwt2XPh#eG0(o$=K|lWd<|
zU*`h1R<>5^7TRF*TJlcidL?Zf21gshs}mG6mCFYclEb<XuMj`kmtvBJd#CN+eM0tq
z|HqHxnJS#cWsC1yzo){RGgAEVLRRY=2ODRKHI7=zxy_4rTv@DJ+qdgf>_?sG^C~<S
zm&5QnkK78TDmcf^oZBIyXI06O)gi^d(<C{zWX=3mDt1E|_na+E|Db#3HFqd>Qo>2q
z)p*lt{#HMH5`SFGiq?KQ%`|b>9c`8!gDPz%{EDkKv+%gpxE-qUkr(AkG+iEq#^|hu
zkZ~8s>?4ulR?d{fR847(*2bLd$tW`!EdA}O5`K2UbN!8~iHEJT@|zh`ypTuycqUQ1
zgoGmsMy)b`jY99aOLb>^Ua>FI_!;DMO_xBAFH%M$A(_v>2a%K5$IlCCfp{U6j@1Mn
z4>SCwb{@Jzzz&QQ=3~m(*EOx#Lkb`W^()thJTb*cu)7B(<G}W^aZZE8`6*=q&xgf_
z+$qDipK?)y<a7`)^0o3?8}Ra(x~0*f`qb^>Cgm%bMjJ7!?H2L#;%Z@YD@LKDQ<Q;J
zk6I)!?~(!4h~tMN`~A3E#+Z5Ar093ojD_otJkzuYZ^JaHx1kQ%LlKvZqPXfw(R4Tt
z;HAfCZLRgky07ua*s*M$uO?54!-DOEhjPG2axaPB1aqT1yd;DLZZ6zyg!b1|=vs_9
zN(@&o@s+19ravre%tph!i(+SouWd9|Z;7$-^ClnhYsA7R9Fe^-rQL9#21U%-3HN&2
zE6kkQp?jL6TZk$%tu#MyLYgnEE&!WO?7_$#Hxe&bB09%!g6i`3Nj0#7lKTe;?@K7&
z7fhc$z<!K&NWHCKew-0`F1y!QH>e2jmxC|2&M!JAHzrc=(>(7MD1Ii;xjgIC^7tbX
zI_JZMIWOljH>B+^dxI~;fpKKFt8_2@-7f*=w|is)V3Y`#!_Snr8do}$zGjR)_V_)|
zhV}0DD1>w)ei=gs^7~$iFIQwe=QAj`HDo=FV1Aa+J){v|B!q;L`#MQ4sbsmb`yWzW
zj1kW*TtnSL@55x<CL^7cx#(_`w?j1qj{91C%+wb+ZsDDtHw<Y^SA8Z@e4bd8fn0Wd
z^;!7Fbm8`~+Cy3RTvq+aM6^x_acvA_w+<+X<hOFK?&fXso7h7}eaJO~LAE@Obx4R0
zxI+QtZ9D!VLU_T}{exWbLq5LUYiUEi{8w8_WKR&cv6mE%63E+j1N>n28=0hbGW*rs
z?y#F{PFQYk*h5#+n`V7kvwL#5dFY(vx8eqIZMRxoj><Q#Jfa4OPwm0-kXMrX@R#iS
zp=5To{rW@$Sy3A<ZRllI)uRON?ul(?-C8z|yN};Dvxnr)r;JrlYFQ7Or7q<6N673n
z8#Qbs_u0K1eNZ}Q_Lfg>Dx6<Nj;x1plU_o5hh3Q}&WC7|YN&dA8TEk|kA$1syy5jz
zhgQjN7kIi3@${=ko27JfhGxk0!8W1<;snhH)Yiz<e>s{#*JxTG(FVHb1M_l`@TBfK
z`Q&T%U~UZa%;yeqr2ontHgo8y!jdWGQDQN+d>f!%Mb1|ZlWA%jBBx{8dv);sG}86P
znx%CLzYlCHn<K&CcE|_EJmeh;^vu5Q^N`BU8d`B)GiE@cm$HE<J0`J_Ha0=Q1q$3_
zngI^x_Nvz}#e59WEFC3_V6Ou-%&Ix)rVNod5U&^ke-~ySp_l^Q^CmuqI@SfrjBB@K
zaNkI47bCnTd`sW+1AvuZm^I>~|IWzy4{+xnpdAw@=l=%n{-;7t@qYsCjO?806^v~x
z9bL`-KQSi<0Ga!%8Wa|`ch{k3W&)@H=~>yCh?qG5oD(w>2j@S-cJ!=FFpNUZCT4an
zMBFU@6>bN(^gqGv{>9D7@vm-9RwlOp4!28?vkzi|3%!0t=l&5E8SFbJ4OLz!wqJ)B
za|!v)xI>auG=SjcIqJYJ>4)UQOY_cHeNuzK>dMr3C7~K9>vhaBLCNhg`VB(O2up^O
z?UHxges$<dJ(+tJfVL~M6+Gsa*%r3T{20)n<o|Kgmxx*0kLz_*8P@>q=<Iw23sJ|4
zSw+<rD$sSm)N%5|pR8l08Nrg3@!as0*4+T_2B68+Rw@h~Z-()<uI+OohRM}X>+d`B
z<MtquS*@I12~)<F4q3~K>Z7g~-A2lbZyiFvV{l3(xh5?I;U@J7^8WcodY8a;Mp-c)
zPbk$(lvXtAHdB-~hPlu>hW`6BB@oNi<JvDw_QU+o%k3XTN3gcSym=?rdx2<n29_CA
zN=v%;tMwQJy<2b4laLgbf5XoK#E<_$iTzKElmAsI{ab>L8BiV?mZmNi&N>_b;o?7x
zkpNrdKWvZy(c@p)<6oiTU-RVOvA-6{zgEh>vd6!|#lK_!uT>IYo&*RN|5_>ma>#$f
z#QlqC@gEiSPe>={zls()|9jCQz_j?!qD2ocZxywUQ*E#7u1vPL5~;-!HePriiyinQ
zv;3?U=nxECZ5VhcHd|#Jo2>MrF7dEHD9v1$phAaW<h&O{Oc$!i@VN6bQXY-b^UXri
zXrA1R!obm0Y>CWV`|69-z&L<vV&~)f%JllN+P?a_zGqdNH$v<UL^9|NIVw1oz`%V&
zj&=iCxRx|ng-3n(Wk!Dn`o<$Toswse*7J(nac~vNu@hODuf4#__GE5J6@gfeUbsU}
z4><2D1v4@dsi6mikHQVu`0EClTR3A*47JnK*jif^)od;g>LX(-A7SV4w}HmD9fddk
z9`-#d&a{xvkGT^sAAVp169euC17XQ-4!p<_jGvoa!ml9Mh!P-suwK2EK?0i%uKt5J
z#Ay)UxPP<KQ34E$6=cm6S^&qQa&$R`b0#_eU?w;4ho8f^ep+{|T|#?2bo2ZPIwmK6
zaltZFjJLQaX<iJSLf@^}t=Jc1vm!+%<$U8Q6i=`|@F|C-1??NTCs0ni@tgCh+5^>k
ztbG251!U$!l8pjLUKVu|CjFP??-wI9Ve7dMqG$EpXE^OpNT#TDML64UB19X5@J@^)
zxO1g1Sf0q0bBqqajfgI5VcSU`5nd;daMz-Ug}8ejAh~~_17A_L#-~KPr$DP<w-9J;
zOmKicNXB{yw&K!$n#CIl&4B<fxq{c~{$N-S^aWPjc|ra)A`>LZf5&d&&ASes2{tch
z0d18S8pj+@ZUJc>w9FTfThL}(*mNhc#^fBSgs>BH<v+{!@{&Mk{|$0}@V4d!xQVc{
z4)!wEkN3{4N&eXQn0R^&{8ufbPl%@ysFj4>Lu+13Nzu-^q#L#Mq0F&Y(a{tY^(TkB
zT*n%@q+mAueAD;CD0iJM?Bi3e#tYzI%)g>6=(QPk`dsr>ub$cVw_|I=*n1!yZ`s!1
zp&Qfao?2SyEbKC`ExUa6MLssUT^qM*)-%tvgqNqVQ&#2jI9w+VBO4YH_X`HzyEd~U
zVr@F76RqaXo5s(`Qk03)9O;6Th#B`e(#DQ&AX;bloL<f%VLZ}`D_hFujvQJey5cbN
z_nh!uUD1wiBD`@KkA)9#!|YJO(|>s^%MvrIU}Z%-dXra>k>GW?x2*Id?hW7T0B<Xu
z-`wq=pyf&!F{J%S%r|KT1z(P|nCujNuBZXlz&#CzT$W;w&HSdUM2sV=3|a;uIpr1%
z>G&xt3rw-Y?h`LGVM>Cbes=dNHv6uwQN3*UjDbFb+#IXT6Kq8#qohwtLnR|1sVcGY
z(m%iox)JtJ)?NMW!0p9{vnjF)(E?I)wXY9jUXe)upbWiM>$x6Wod5|IznP)l-=W$b
zCrQOmiwwhz+Y?go20rkJOW^B5I$B|1%=ux52qaQACOk{~^01+!e+3lO4)U770-%kE
zd1&Qz?=~@1EX0QD?Ash$grN%+&)xoxzO~U^&{GYo@GLFk#<?6d@+zY(Mlm|=_6h{L
zLlfpxv22Hxb?{nl1oj>Hz(3^jhjFN_2#8f!?3!RN`}~Pg=OY%1G)x!CqPX}>bZolz
znB>>#7?wvCsJG6}CJ&JlxAQv!rlxn6!i9a<skRi}!Cch3ef5vgZ;=6c>ifmc9&=W)
zf@4t)x=bjFF_ivo#AKkJ>+`-@76Pq-{<<PCg44h@P=slN%M?Buu3CVd$j};ENw9%H
zb)_=!Z#Pl|&hV+JKq0m8co<d1GiWk+M$F4f{Kt9)skCdG(o$qB%+2DWw)iM1n)?MF
z!<`W8R;V;c`mwLolnKs<@4IB%o}17in>sQSS=K}oPI{o#pYro7-ycP`UGJ*ZJE`3J
z2lXYa`(y?X=v<~fXyFkUV^YAYAE#sAUZZqMr6b88pm-TZUD0tRD%txXKonJvsb1Ab
zCOnM_2#~sPfh1hX`NYIxQSA7!vW=y7)iv&_*CNHugK+lQyJ!_@r%69((<dakmX~6j
zl9Cv1%F7$qyPt;CRLA<57@;9x$eFFSPLYzSu@r^9SC*8}>Wf3b_;=2rxVmB)^wIdL
zO>KwxmL?LJ%cjW<=-Uc7XEY5dOvCo(5tvI(8R}v=Yq+wWMmt<J;AgS%k0Fy|-;RL?
zHi?-<f4<@&Cm>;z;8ZnX#0UTQc6sy|zrdCc2>~8J=Dg}MFvL76xNBioUDTMLyJ@T^
zVOsptQ@8hLM;Vf|&f`x|`y4^4-RkKm9fh;Ksa98^b7lxucH8Cc{s^WO&%`jfAY<%6
za><1~sW1ntz}Uo@)?75Cv(iF5u{qySByqG-ykVmy<{>hNx8R?;G?L%oq8%cTja)b&
zxy(RT6&xRMM2Ad;6J-@)XoLpISXYE(6-R;Y*|L??u<%!RO>OYODkvfe20nsl`ZLq#
z5m|$SLv?f*qU^LbJ#~ZpqXmQ%+1rV9>GXDO*3@;o^1vphw`&487^OH&Ay)e^qt=*F
zHxJXHBgfc{6G;{60WwK21F;)5=&tNtbfki{=zuOl?`ve{2!HbGACgi62Wsd3pU(T#
zjA$vq9|lq1+8^uA?F||Fbb>+5pmDgB>%!G4Ob?Otomvj7h`|-IzB>RK)QaVUw))oL
zpC0KNi4lsXLiW%~D08I|tQ<%>!*qu5g`8Y+`kccPNV&R9h8&}-qzMvh(;A(KhgB*6
zAI{z>K$3P{)2`~W%`V%vZQHhOSC?(uwyiGPw#_cr)VJo}d-mGvn}5yBK^){kWFEY4
zWZsd_71wR*3=dptRMt?aSH@_(7KvEmm<etO!ctaC{@cgtl;4HkaZ}xEoBNh?-*rPe
z+QLll0Eq^Biq<4Csu&7s?f@xPr6S=R3n_|(THy|-Mx)G>kxOSVT|TJ+KpioroE}0+
zEE<)w9wTr|$418S2#|w$Qa+N>u6$LUr_Dg2nox6!hO)!<(z4`ssVQU}{Yd=9Fw^Uq
zwt{uL&3nA2xze4W6-&xWpM=(`2MYId>v_aTyAr_F_vWpI*ZofsE8q0G2+#h;#-p9U
zG+&fJ9!Q>18^NZT5>dmF6x5v?buv-c*1_%Bqj=@8r;LyM)Wdk4R<_Urje2_`nYNx7
z|2!4(%nnnzXTJahbxEPPrI>wk3Az-UW_2xN>nrQJ>cw<x%gy{i&QQ<W!#wRidj{M{
zYP-~XPLKBhXU)lxG#grp9&_^$Z)8rxPD}Jw)Oo0O%rKh$VkTG-K3F=1)CdDv5(Sh(
zUKl$`#jqvaDKke=Qk`cf7Nf;7h1u^)NEeWyho=j!kX0i)bdp2%2J{3+63|063t6Pa
z^or=3muBJL+{C=$>=>%uU&$%DZXTOeuGU-c73)j%s{=JK<kwN2#uss;nGFMoS~xxE
zUnc{{+iyErDY^ypE?8ThbA8pQN(6-n#BstPw7-HEl&1EjL8z5)(v_5TK$-=o?AMZ#
z)?gr*MUo^PWn7X2t1EfYyIyt@?g($%M{E1O+}^<*4bF>8p5U(aGIF|9RM@I+FBoZ|
zQ~WNXcIM0QIDwoY)JMheQ+_JSmoqb34UUwuHe(F@_SwfM&>F%F5t#z-WUiPpYgBvK
zv0}_PxLrd&N9jPW6z~HK3RpxEMH7n_k-53QGnTZCcS=rVIYS^zD<=DGhzi`p7;V*v
zz^ME6)G)#L`l<ZqYW1FWlM|*SLA9sxDFb29NS}I&r(Ly!=y}c)H&c7H!2Au3_ULpR
zxg3;tTV@-p1Y!v}DS4LU6y~guC~&k=xy<O52s@ttPE8&~IxEqfIHf9800oHE^jH~Q
zx}46%z;O-P&4NCgt%a+l)n3zF;(d)#txd=tCfkdHXYozTE6yXrYcZIi+UPmuxWQvJ
z@mlxu;X(P)AYJcg6`BLaKrIKXV=JUi+fqUfORfnYK82bFEb;!C1$~hKh&j}v0liX0
z%vIaZ5W8#cTVqpksq63-2X!s(`T|5IU9ufDmhITAVue-c<~fE68s_1BX~{)PDDEwy
zDhP5eoovcO^k~8gFm=PGK%U>rF+!*&$4Anm0naQ-Y&50>i3#EfC2aT;3Wp-(SEGe#
zsp_{k=V^k$88**gicf>-DYBgpuhMWRbrM(dFSwU)HeKFX4eQJGeb~0xE3rDfxVnG(
z!;?~jFb#*!a%nA7Ozz?&X?-75pC*sL-Z$DhqCJvx#GdaZN5GH<3n8=#3oQ;Eg8GeQ
z<}stB5|&F<&ktguRS$od@g#$_xy#78k?d2+?n~)^+3NVrrGJ`rE2wNWo4c!$c1%AX
zGTKMGH}6J8``fXp>F3srGr=ACNii!$c;Pb(R|BGH%qerks1}*#701m{F4l|-JWi-J
zwddnaynNpGd>r3wcX!`hT)JLwcX|Hl%aTGh`e5fm$ftlQ8UEt_9PRLZpI^7_`s1tD
zMatg{v&ZVq^i?;MKURw=MKa=>z`j~2)Q&stYbA#4TDHRIzF^sg0=hB(IS%ud9S_+%
zF<=?P-7Af2!%?fkH7G>Oom~pJTNGHs_{FL3SSo~-+@|+2|4WMfcjgaRM2aMmG)0QU
z@vd-Wm8gYreK3KrL7aJE3Cr{q7bL3!5>F5=UBi+=-TtH$ouQ=L6r*aOZC~ddfD|d?
zUE1EA>)jtaNhCydcxu5npTtDih|uENj+i%SIeP)moVghg#nAF^RH)(f60_#&ZBj6p
zb&!(n3USr7Cbb$>8gbb+@)S<wXFQMA79!LGp+ezE)kUDB=918=#Xf6|vm>Mg*jCvA
z&b2az;pTV91@mSy8B7U)ejmr@9mR*-?{7%M$!qtKn%UbUCFIPQEO>jay6Y_O*Lq9a
zgJ1ObGe+-rUh=h^mbZ67rxOmCiXS`6Rq%?du@yf09&t3>gu-bl!}k~*&5cyVzTK?E
z!U<)Pa78(iJ*hnLG>Q$Ur)g;>F|3L;_HLaFOxu(R<jh8n0p%WTr2^8#l5L$K60jrW
zIR^28U!ntiIgG@0*OYe(7e=~b%*T97Q@xPXKyhP}<F(6EPqcC4rZ6_0f8c#y8j|Xi
zwZ%)qZ`V|Hx?G-h*PmFjbetQ;e=7WX?7LY@in$z+G~RG-5kYIjycskF-5<(+x%+u#
z9`Mo7SWq@9yLW=Gb}v*a+jioys}ZzeG9k9?w;$<1L%Ur}-*5yW7sl9+5t%+YLU%rj
z`ePlG8+WE&Xh|dneBQ^7FPD;VF)T#*Q2JNFWZ|gcPY9~v;0AP?z3pwceeE~?eQH;I
zYfrq-m@F7yFJ&*veV)hk#cihT+Si+E5-t1bS(tSzsGqnfnDeHSFwEEPH_eY_&W_jR
zm5l3mHP@00f!gqnfNTk6at!6jRu)m934BTB&S!-tHJIdijTFwIhWNtj^J)r_sG;M;
z%%T#Zke)h0^Mmi$+g_&{?|Sd<?~9Z*7aMH}lWQ+aX^df5k$#t*cnQL30icLz3*YgD
z102V7fs#@>u#3E31*_x1r2OKYw}|`ZVFc~MwH_pvG6AGQs>nb=(fNoe5Oj*&gg8==
zNk4gr!@w-iktt~S$=E^288eH>(_CD9P(En)A@0<&7X44-GYhWILEqbzA?|t@<6h1M
zRx~q<(YB7)o6eD*z$buO364_>UP-L}Z?!49(Nhd@(3OzT&0YzUG}wf(55s<XWSiR9
z134u7QdHSq7bL|uqxT%O&v)H3oOYITA@SughIjI}l_HQ_(bv`C_$1d6rXg*~1Q!Kt
zEj)9mg)kx}@e#j^6vlF*WN`x~3zP!OxP1+_2m&d~{<$LM{b>LN5P*R-I(9(19$(U}
zXUrvZ681a0vx?Y#fg!nViX#vTQ`V8PL~4;Vcnl<l9puVMr9uluQX^v0pU~p+HT?dJ
zav}>*ztL5xsEJclGu^IBQ^QIo1`9AGqLWM%%eC@`AUn)mS2KoTZE#OwF2ryox^DV8
z(R{p@e}Y|3tb23&Znb?b<j<sQ+Av_fY+}&AE;IkR&T%Ati9_0izMTj6h~u6JM+F~>
z^&}6=qH+wF3UEfv2oi4wZ+Ft<FbvQbC|7DPRV~t!mZ#0&Y3_-;XD`(My*e(+`rIpS
zz7cI2f^EBTl>$^Z$?WrIQB_x$k8s=D$6(kSZmaHirmyRENj7cZmUQpU9!$qCWpC(q
z;1<lD#Y9x@z3W-@_PX|I>$)2#g9a$$$?tlBXg!faIsS(uR>XosTBN@E_um$Az{jLT
zQo|%u{ZozR`?5)L<49lzC@!V72|lZD`_n@?-hjA~qP`(ew@o$Qu#t}!h0ZuK!`d_A
zd+*KifGvWr4d^QCj212OL>QB-!aT4juh>o90Zz{9ggbe~^sXyj3A;UM6+WdIj6FXW
z31LfYNgVMwMp3wa9kgYhlUZvi8fsykxdanF3>b<Cb&4UBI0D&~WY*O9x_A10xKJO!
zz*}LK_rd5c_<h87R`_+a<;`*{<e0>wi_2zF73XUDu1CJ0t`~wPl;!-usat(4#5FRw
z`2l7E`_RmVG(ShxaK(Hbg<63VSNC0{pwSp&QVW6oTr4DprswD6@3)Ajk9=P|9HTQ`
zcjEiB76$0`2G%N*FV*~feG4F?wU_nJ!}c*-bj>~96jh5QZl@PjPqsEVe-}gFk(qaa
zJJH~4oImqC-Df2}6IsO9f9#fU_*(kb=j|I2lm%_kGO<|m6Hb`f^i$<{J;3P@oG?w=
z@Jwxk(bu7Q@<4E;e@zPj4-<C6Uk`0FBuTN}16t~%)%Tce>+$;k`K`#H)2!Ak!b0>`
z(y7)h^GO<{E?>1$=*B-s29-pBO6&r~eR0Fe2bpaI<5y77>MC^|WN6uI7pqCu2d$9n
z2i$P;xk%lIHL*(7$51HT6R*eK8$zt+zm&%hp^~q}CP}P^GS^Qj@<XOyo=Y}hkt~6o
z@k!Q*{=OTSv;dMtJfMjzu!>;Kk>Z5=w+AtL0To*=u^y;7dkAoY8KNr5_Zvfq)j}IP
zv`Ek)<6PweQ_d`JFd|k8y?iH~N`bU`S7NrX7on#l;EGwL!>=Sgn09{S*d3!rg+;<X
z4JPqN8*4jZI#eyRn|mMKiDB1Y{g#A%DBAQqJ^Ps5osE@=IoOa@C$Klnd17qHw?hGW
zTYH7+6(vdc(!KdpXp{%X4=%{8!0SL^ZSS3Owx#5?`8DfkX(*TA53fK7-Jv}e{mPp`
z{$h!}heJh0Lx(9~HR+g<cRW0(w=Y24-6K(6rS}rV&tiJQbeK>=02mjCn&BA{?lH8e
zCsDWEI=nr4k+pRVj4KGaBhh?BM}ebxYG@~I^|XkQuYuS?8jWsJANIv&(I6@y&+gr7
zRPZp5DsTCCP)rpNkHUdn{sKPEs<j0Xx|b1mpL|TM`DnrG%Xg{@w{&NLiw{r1DuDCK
ze5epkB0pxU^{yd#&d#ImX8DL#$m@0twY$;PJ!SDwAzYr@JC+01J^K09V0|>OBb^am
z;_%Eoy!9UA_T;U5`LguXcvg_2f2qg|N91G2@#Uf&yu5cm>ABK@cD8#V=z^ufSfO2n
zDm3^pKiAf@j4Yx-1Oeq<<gdb{kOp`_B!~!ZR{W6X=wOAv5e<`kuU)Xg`_Z?VHxp$f
zo|Ok)dK%-55;fn!xbPEb4*vT7P5)A_R!&qG&K`AzgQYyPh7d8J&aQ<PRLdiONV`tW
z%|m?jY_TH3JKmS0mwTwU?cn&gf#m?;C^15RQAr1&L2k-(O$<jGRld6n&^9{gTPr`i
zPP*JkOt7iCeHzh^33TY;{GnMrS9`Mh{KDByKMQ$yNE3JoOL#~bfENU~7Pwa)KMpzY
zpji#FIwKV{J@-Vo70X=ekUcd}))<q4O87`uAnq6ofM@^|_gAuQ_%q?5TH&SlmW?q$
zi}=RUf`uS}Nx)awof!b9OFE8h+L)tR7NJwI)9c__@bsX3J|sT`-l83Ogbm*5-D6R-
zxwsSbZY(B>AX$1oUXho3t-#)}5|-#$gnVPT#dne3Ai3jdjern$z_S*zNMN&R**3&2
zYPy27sXI9dgCO*zB}r52XN0gQygH;4&Qds0Qx~}{B2>goK>%0rCoPEPXgQeoL>nh-
z`Pg^C^Dj3gCdEq?`Luho?1uuUO3YVzb8UzW1RU=Lpe{esCpDNg_*HG>C;5z5axg^w
zE<|U}L9DNadbhA8(wE{C51XXIQwnj+ItNm3k+Kb)*gl|(f{LTE=0SoiRr5Z@ikDJ2
zM4xN_S@f)Rz-OE1%B1=#FssDaHJZbDi}WmQ!*fz4hzuRLOAAky$A_e5aUr=9<T@dW
z-Jf}u?N+k{XT<f{0E_W_Jn0{oe6!MrBoAl#_Im|7uwptf@|U7jM=2`eMj_<I;L%3j
zN+zjy#E7W;Rc6of(GcfRF$#NWHs!WXSl2q`RXKYChRGxi?Zo0?D6aGAPW!1T9Oeha
zm8T^e;XeIaSqm)m;ufJ62O+Zk*J0pLfY!K=1_TX=_SkR!hh7Wa_+d0smWonyMIj~<
zXi)=n>9E7&h%?b%;pR-y(>bu@p5eq<lAps)LN#<vJI_>Mk*9M&94unaxvo@SufL7&
zN=ei6Fqvn@5R&(Xsnw%<!huG!Dk@AdMkqThP{Pch1$ads!xS`8=b0=0Zbf2eV%a1~
zx2Uk>#(WOalOi$@f)nhaY~t5~+yFbVSM8u0S<HUMA?d<BgPM&#Lo)%X3TQ&ymk4@d
zKZtAklVYE@<f#w2A<hj<&UB!EOWI*m1j{Z%NP{{3se#%Rde3&kc4hP=0idY&c2_}J
zI~n^DN@5|=a0g0_!O^fY_|yCM%?44kjeDDV{Wci=`C;fvgPS$ZRQY|2Yx6;1_HDUd
znrSy*n!oIHE#LaJ_1B$ucY+GgR%V8@(bA4-_5{)DF8A&t@*=2SrJf_jUl+Iy-dbWD
zt#iD%2A-B<8m!u5Zhyt_IITP38te+TtUjgO+pIetZ*%!xaZzTv%DCjXYFd@pQKW|{
z@>R>vOz3G&O+Gu0gE4N|@;4~dVlWZ3KqR{&XQL+@3*fY32>C$wui!B?5H|Df|IvK@
z!+rgyhqinAbZgj`j@^1(7rLwUQ~0Uv`|CbiOY@oONH!&#$1xoy=ZbgoL}pcnp17o3
zCP)UG+xaT-;$Xjx#i!J1gb^9%3^zW`x11p)a=G=9l+L%`G5_nATfn)mgje`1b`6Km
zEgR>rgrERI=Vl-KmXXjsj9WMYO^3!aGRG79Tl=GleP6dsa`(zJ`lFqK=ZQF8EPWGV
zLu`s+4K=WU5*!;G8&s7%G^rKG+)KV^0M9?&TI)5NZOwBXzdF!ocAt41i!)C0*GiaM
zeH&WlT+EUoJLHH5SFFmM4O3#TTRz4(4CXJn+yAt6Ro1!+q-m~LHunn_IG#TxUX-mh
z_)HIRGi=VQ1q!GU-b`e1I#|0h#jH$S{x0gMvvwV|A!+pdumQcCyWVrHd#GvGPL^Wr
zX>cN)Z#8_0o`G$4;#{(Bv8G*}f?R(TY58QY3|20cC*Qaj!Kma({@o#q$aiz1xVg@9
zv}Ti|X};cW9Be&aEU|vnM%WzKqW?kSqj*Zv{Gih5Lx{>!&U8igObXn$2;~ae+*rs-
zO$|x9P5?ID+_&P;DjS_S9B$aG#R>wPK|kMRWuJ8k>Y8Q^(HN1(oLtg4Lbu+Z)Bt}v
zR#KV7f*m2d=VZmMqK_1uD?aWDw@ZW%hR)(%*&J~%dc@fO9$sdn?<3RwCJo24?Dum6
z$?EZnBf}J2GsuMt?VTPBxgyY$WkYoHIrA+)<J5JZ$;yI0B|`&RZ8@KIxrr{;9Q}@R
z{;XxyNxA*7{gFeagmRYoOrTx6-LV}ZD<9Gh&Djc^Kdv`qLM=Gt=Bf{55(MN?Fg&i<
zL;g^mV6VzRhS44J9xdXoioim>v(OoSKWl5<<$`Y!>1^okNTtp?phf2a2oF9N7vSR;
zKV$imh~cc7F8^LXBDydLNF91(qoC-H2uJ}M3APq|)KESmC|NEV<w?PGfSFTb>;wpa
zKe`@nkOibrT>x3IH#lZ4fq*~eFg$TYzo8P5odzm3-*|pw2eg=<AXDCWs?B&lgmggx
z;;AwJNe=)_a+uoRji&#@F7z!>q5Dthf%X5?E+qaxp$92*17in$Cv#gHX<HlH{{SAo
zB|!g+cVPM!xO^iGbl=T?^my!SbpH%H{4dmj?XRNIzY0(P;vW7w0g_fw-%iZf+|=xw
zgJAo9`FCQWf6Sc!c?$h^Vj<>#M>@ny+XT|Vi~Py#A9q6V$M+W!5F>{`jQA{V1jBoZ
zB|tI6sNZ>doS0EL`|)7q%gALFV(eWl%^Ol<qXaXNe;(yR7v);Qr?tD3!S`F>kA;rt
zgNmSK;LI}1IMaY!hRwu1p4YwQ`~_+q`{^wt9RKqkQ|s2o;8B6qduyBK8wgOUx)8rS
zI84^{{leNe>JVGr-1Id5(P`y9s=MP|hi8B(sqz=<&<v?%X#;;CuN2x@9u5%s*@BAO
zcCc19z4TK0FiRF*(C;XfnK%Mr-!8aCe;xN{5aUoWy9dv70^-h}QS^ZDPvJxuBgP$}
zslh?~G35c{^n44=Am^E49qCgXf@y7x(U%fIgKsdb!{e~V=qLSCN(Jv{iq?ms(bIJ3
zDlb24+w1<9#M3nFw}WU;NBl{)l=Q8HbnV?a<re)W`yH!B&h_|xcFs7Tap*6((AGcX
zLdQSj;cEWjuloNqPR2Gyf5A48-yWX-D>&kRx8?p8jQDSAp}*jW|HlLJ|M9%PfhhiQ
zb^ViA=)2_dzqM7e{;OE%8`AhUVj)KQe`Y8yRo-khRk6Qtdgh9>ajMpf?r?@XHkabg
zxiXvb6`Iw>Gk@FTRA(tI6C!ri*;=(cbzL=OF(V)e?$L9V{$lEbM@pxF$3xHjg^S*U
z(nmxh4^fN&F-YXIkM;x=pi5%*lDVHDD)|X)we85WJ^j*s-FDo5+DyeEQWKwp7?iFK
z$0+jr9vzBJTgmz|R+hoP(-SaWxhUBLH*ND3HNqM&PNB@YboBXLMH>3U*5HHGc${j>
zLMIFnqy#UAHc)J{3p?PQeZ+LE=_o4Wq6^@l1s}JJ14OZ8+^-MU0DN)c=VQX>a4er3
z-%+!A!xeYDH}>6iomcS{Q@Vcpx4-m+_t0ar=?p0F%Pr(Y4gC(DMufs!Nr<ZO;LCR_
z*LFtr6kB4JdTgGKTa;ty6jGZYs@N<b|AEpY=990d_<A<wG~)r}6}C${z=sdwmCHM>
zOSt5NvkxthH-8%V4dgUHrf{f)Avjfg8fs1l3qFs3|D|(JXY?Kpgp-~L9!cuh7j+oa
zu)n0FK}2C()Udxs6|_~%D6&-Sz>pwUa=sLGlZhvMV^lQP^qut1o+n>e*lq@X{@lGO
zc6vZp&e!d*C>8uvQ?`B?KC7p>9uWbURr_@bLzwufl<@V|$48%y1ZVDrl3~PlCm8BW
zkvuA*cfKKjL1f(`Ln}a5G=J8su&U5XG#;>nbM;a9HUGv<=@_@vA^Oxy%?YL&JyUm~
zc(P(+XJ|1Rs_ai~WaLceByDqvbk*c~I%J9XF#(|T0x3jXZ6QDg4$A3EmcJQOzw4SA
zP^7|$$?7<D`GSXY)U{h5vrVC6T&bRWK~#W(hUWgIk|tvj|FDn@{Vb{Nfc?QHEmZ8z
zGZ0AQVPTqT4OXR4diIRG&>LmFb%Su#Cb8RZ^q7s`5^7)U#A*fx0Y%%F1wYE<DQJH>
zOkl22)Gw0|q^7d?Pm$LDX0cDFlCol)qJz+ZFR2oBHOyK7QF{Opl)BQueIj`Y?=#Mn
z(q?KLGIR6lpqzQL_o768AAfG%1{2ft5eFmg+C=d<+TLH6x-<Nk{Vd7<m?g*U@eJ;A
zZ^6>~JQ!B==OmK-rT)}?9sWglmN#5CJ{!*YOh3y>^@DTo1pB@Dbp<afvYs@@{dL3f
zcz7=+lLO-lvM%L9GR0=KsqLkW$<tSVt8QB(v*p|o>MT*6^W*Z>?(x;sbNEYG7E2y(
z>(bzh7M3Tp95d6iwCX;NbaVMirlF2I32d4&=lYuI@C|A5hikM%vB&)R%MJh2EV=kw
zn(OQ1jI8TNE$fpP!&&ekR|U<JHr!jE@Ad%TPL4a9Sl2}g4y^wdHIw=dK6<7xu3M@+
z+f7)A_X5(zZEa3}pC~sL0M4ylEY5I7UZCKP>NINh;cZ+T6xVY7i&xPOM^u!^d^xk*
z7!9;D?IclyI8RgR#BI<JaW<1e8}U{h2KHe?mBmo~OF)|ia|h$<fsq4b_<kMQ6Sc#5
zLc-|5LieOWQ@u`|7LTDyMRcRYBx%y90!vbw<Q?p8S<J0_gL-u;Oerg-N|VW&i))vb
zJZP$@E6Vh((`u!LFwZ{IMU+hpcT9M-I+t~_REK@lT$g!U^c42`ocq0TuE}bX-*RSh
zL|r}XM(IYcUX^C^RFy>8#zLER9O$y9N`bmPU&}@QAq!+QRP)XP>qd0CWfH|nrX@;|
z1ThXScZuUXjk0kg!!xt7yfX`RhtVYoPd_aOtkZMh{u1_bB0lPQa@Klj6~|(wvW2p=
zYtD*jN*s{W%ZZp5xXu&W2~~8U>22Y#Iq)_VAG<|dlzTRXn&W65sP&FTyfE_wmMzIo
zO2GwbNhU$@vAsRFPc-^tKUBYDI?_=;8=2iedy(5iHxUgbVQ5KVO}qpZ|BRb-c^p!E
zX?L7qauHfAOhVD|nZ$O5w_3Icim~?a1A%P*LW=Gwol0a2X`Imd!dB=>@~7P2A6vsp
zDN@hm107`^j0H!a2FkP4NKLDu3aXfI2po4OUv6AriNDh)X7cmzNZ)MtVV!t$J-0eU
zmvhOhq$tYVVCYcHY|A~cGX=2<V8ruDx-RS)EYYk&bb;0bHu~yyvAY4i1_YB0tclfk
zByVPv;$h5L`<<Wb7JSM|TjLWr%S-Rfb3sLik~#;S7ml`$rK^*Bot`o)IO@)e0?zi!
z731R`la*>*D9=u6utV{$ABx913OSs8(M0`d1O{&3cd|;X&Mlb!l&b*~dLP7E!*DM8
zyQmzJyVgN$4lu#)(|CHHJReeouw@s^(1fTzbJ~V@5<}uXh1_bpTuTOcXU*-2{a!J+
zF!8a}_(VeVeojD}`q7#03;m_064?n3hxmck(C8rYcggmzpUb}z20be)!~aUQ|ED;w
z@c&G<vUbKcitg41wpRa<YMK6Ps-^$d4N^0Hqn7k^Yz*I+F3bNe*0QiO{+C$GK>wYM
z|4Xc8_-+pW+gSTA0Ppwb{byQ|GPW^wGQ(qF__w~ySbo_-JoupN_i*+r9G1q+3=)$`
z67Cbs3SPhd#`qO~snfi#EpioUF1|ar>p<2M%RejfBd<XP=kx>UBaAfm#vyb&$YP72
zUUn~X#;y(05>V^5lE2#u=vkuXYWAqpSlPIr*>==VIXw^fkTSPwx=wtgPmxRup_42$
zZ`j7TWm&k_F`V;gvd}mWE(u0-cdRABi%(uV!Xt1}jIisAAe0rAshL_dD`MYyuknIs
zz15P9sKpgA6zhjiWiAar8Ub4vBoi1s%W8RXz<qm2hZ+@)y#ak9tlj@+;o1H#Y1_YB
z>Aww=^#2LjGO{p#x1KZqUAFrdK=vOi_D{Da-*-a)eGR`i&%eob^o$HlO#f9Hd8h$p
zr?{NPbDZsItln%qnjGZ5(w$7N2Vai>9{{A(pB%ME8b3i8<VU5g`J*e=$SP%qFM$dF
zSE^O9O}e#N|IsFsy<&WP>?F}omyR@+NfU|Y3?33<<8_<mB6G>_mQ$Ly9LE|Q7w}Od
z*AmVK#Q3RwU!Sl2%yaxKtav$k4nJ@Q;QUXa{R<BS{0Ht|cItYz8d_YtJka|&eaB1w
zgL+P_t2jcTy<pznbPODJFO;Lq;J2W^8fAlsd~b?*yPaSJhG_dfneo+1;|xLQdI0WU
z^2|IAI3~$)^5P{@H3@G0d{aJu+$2}#-Iw|j+0*)@^m>s_45ji?SkunN^u7ZKG&O~}
zQFsG!xMARbw}11-B_gt7ua^eCnAh$CsSVr|*BGE%oMaMq=915#o`r`?J`|mNZ9>rw
zJ3pIy0dvQ&J$mD~7Fe6%zR+J#{hGFVHk)PXMqkcj)f3HI3l4r+Js@7ujE2qgSxMLx
zbbVute>OmmxgR>9dfy7hA+e3sT$y^?K>q{E8q5a%+dg$WAX|hsUv$>{gqX>nX2(O#
z8)kXm_ypYsxa=Cpn9%3v`HjVb>=qwR?Gu{^`Um%~d;L(uaMAwt6J{sW4}dJREz~Q)
z;oUduUGGLPL6$s<N%5$%Tv)D%f(SDtn!sz-*&ciT`Y10HTRvJ#(AKxM<>#!6E;zO+
z$Msh4jgJ$m9wgqdt;JNnZR!&rWU!jCnV&`|+hII>w)Eg=0bsK6N&N_iFfNv}aKBpG
zn#^#U5G&CMtIVk7mhxGlqAed<>vl|bx$H{d8Soz>Y|+esvjNamX6gDCI|7lSqcjJ7
zH#9mHI1DK;AqOEAIOQ2AvOB%nT%mYXS2*w|GVmVPAiBG+E<~-fwJk1BHVI@p_bil)
z+FhFa(_NvUPob0bHy6jAO6MT*a6a2yWkUU9-AZ<++K)J46z&y(yMqtxd5E~6vGV{X
z?UC<k2`9(ZC?6cTEV#T)955I%)3_K{m24`RmzFUt1-a5C;@T9yC}Pk~c%Qu$<^h<W
z*%tO6;Ts4VSLh`(W^N#8N+r!;a|1X6EFgmvxN27Dn9XxE9BnWxxLDow=j^)600YGy
zCv|z93E6#4S*{pUbPk^&Y{wPv#&0k{R>5e$GPi+CX@ww$IUGS)#~b0P7g8`IjRnNn
ze^qp2p}J{5_LaL?8$@5}>30(4g-wdnXsFo;+`|M#9A%g;qE9Ff){oFRdpKC!W!70S
zclOpfqNNi1a@b}zwL{EM(w*pr<h?d523WfthQEwo9;u7`tZp!)kUGNDilUVAsxs~q
zFl5%T=`lGB2Z5@4zoMV`^16AOi=O9nCGBe2^4b%BiMhMpzYc!-WJ1I~y*&8+DuexY
zRfB1LH?6V8@>spzT50|fgX4X@nM8TRkV9JABwU_fR|<kf3Lpx5I>U;+?Ej~;*YSrg
z-VG-IPF?hgUJSf8{;avaLW~$cxNkNvRFHtRf3UH39-XSHx>4&4ecq#s)CtR0?IB3)
zQLD@O0o6^L{bXC&D8r)W?&FVV)0yt6;4>w4z+>zsg*E*)l8r%T6ee>hc$!1E{C(9u
zlj=6TB9<WAJ=h)kD`1|X)0TqE)CB`KBsa&r0k`CLNZ5VPL)Yd}LDrG$o9(s-fK^9(
zh%LexdEJ=68hG<U;lq)$)F33#L^9}PbM`=3h$doY5hV?_>A`xFxl-WD+aHrcR!Vv`
z6*VaCm=PR?)IQ!1*?D=M2U*XOZp1W6zNEgapcK9oy4$=QYhQh`pYO*xS_X$vvx>Pb
z*@qTc17dPNfZW1<zznBY#8t1@9W{ENHDWtSuhB}asjr!C$;QdQgtY3Pxoq_I1i8Cg
zShR5kxu59aq4hu>7vgXr@&_N!(uFwNNzL7v14sD(><RBUu-$F-f_vtnvE2*FW5k%@
zYFv{KJURhEN<*5<5Lgp@CF%~rs$xiwxM*-QI!Z4m0|odYz2bOm)-Uj5pr_cwLV1W|
zq@SU{zoLPv7XWfx0RX&*><f6hB}%d;^JUl727TZo4x7`U4x5u;m?mrC1n1A6@$Cd(
z;+%vpbI#Ar+XT{>fskFG4~$#ZKx>kP9lBHLLb(trA|oy(FC|q4GZA4FfLS6Ca4B}j
zwGpbmN-oHURszd-cT``;`M&DQ5HzLaao*pLlG)fg2^###YE@ItPy}_7itkh3513XQ
z;ip4=$nD$DsQ)tIR~lo^gG8p_R*I{nVoF&JZEMX#q?3c!s{%6Z{KeD@+PD!N394ku
zuSLeifVjoX;BZQo{gH9+*8Dzx-xKF69^H8}LP$Fk<As&7*K}tYi`SE&J79S_3fBII
z(f2rCMpWBgIP8?J9G#Lrc!rF;t%E_yEtKe3IaR(++BVyAiD?2zlO!*JY)J~!$9~H$
zd#G?!{=wungV^?LyVA|Ey0%Lv=3K}Eow+7I**QX4h(G)qhpj>NlekdvG3N^?MVDgm
zkFPLC*BcN`Qmjb03bjsT%3fP5bWOr`94++rYtYg3j-7|wHqOX4+n{Nh9dx-#T7klh
zrQ|3&!(PD}eO7ZRe0uY$Trn%gR3$ri(@|rV^5j7fGdz7MK3UdUxJJRK7k0Iule&4O
zwz}m(_7Lkh*rvDX7t>?qJ5Duf^r)}v)7%T}@oI?A;H~K`M=v;JGH*V6D5N}u({s2%
zmJ2lYqMczovTS&*I$!$_Ze?+2g`h?k=xtkyl2JbAg*nJ)^5t+sMXcyCQ+t@|6yJ&K
zOb)jvD%VK6y95hs0jgv^D%5;YEKA97c5iv<rsi168RccAWwbLlZFy&y7)sa-5lTT3
zFZ8IpyjQ{B2l;3H`RQ#SW}8|KKFa>9M(Xa1Dz;P^OP7l#Ul;irk<FaRp<;vgZJ^eI
z`hnGXrFpG+h5WYPdIV+_wMm$J%yP`~pB9*d!cF&RDptd3j(Nca!vV!KUutGX!^6yS
zkO!Ml(^jW&pN?_YeY79%nNB2Uz8}B)w6R55cznKUrZ1i~eJ+g~4GzyNJue3vcfty`
zpTA3<MJm#lE4y8yimdu>Iiqt*0j;Ly+JAKu=Sqmu`!@%*D)`W(m*ky}$Sf8gR!V0L
zLAB}cUVd36mZ({eYCglf`;=A*k6fxTnY!33?*;@F(kUtXv|24-Q4r^~3qr*tZz(R;
z>aj4Ot&cOA)a3ydW*2*d)pAxjW$|WBJK>~@zf}Fs9nA`{q%Z6WV#FLXgHuzNJd0m%
zxm<0q_C#F%;{UvCMq2NZ^?oYulDxukJM8+Sv&G&GyzF>BoWps0_$I?e%8UQC+v0e<
zi<sejQarn5V>N_s6SlmygQ0i_^xk%R;G?=2ja_8<8EVmZ(f<_a+U}dt0Vrsi<tH^H
zmeGMss05!>aaS|SSTp&qNe0}K8ff<eS5%gt7B_@v1@6x_+rg(|=$6~*c!0+&?+&vY
z@KqVDgN6;atKS=%g2>tk#vM<Oc#;(#j31{#)}$ZS0^%KXHe6gmiz?%i>ErdtT7bVp
z2*;5hO?5Oxxu0hd!;!vM2nXs;+A*MWrN7S2FODSw!j1MMdxY|UpWO^J<eg|A8rbKv
zkefcSkuL(NU6pUe9KXe=!Yd46%_Dv<(DO$`bXP{ZqxY0Y<0D0UYGYf@1Q_H;H;pK4
z<VHuxIogMC(2(oOd1Y`c70694Ywm^38oALWqN0Id3VABdJJk6qY2nJ0%!!ZUHiciQ
z^^$N9BFqYwDddYvh>vzD%oJNDxxBE#^jR<A{!CQJ=Oqu@O-)5Vi}?j)K!@`fVu*oR
z!<&rQu~+x}>PE!oDE&S%B(1=J5<M)`Vf{i8<aafHS>(<Ibc?={1ZpXG>XhGBM-P7P
z8DdrTEXRNcGnfz<Pfb#^j*ih3?~(o}r<E8_RHqw081mC<kMw4=c>XZ8PoSq%Y>J>v
z(_=A3=FcfTnyDFVV3+~NDV&77uR{wuZYsHO$$3)ztX+5?_yRsTxqo$EA#ZYWfQmgH
z#1zm^HfTEaAt$YeVUZzV066H|PbN03XqbRx0CZ{cd3<r<4P5ZS0tmbk;8S=pu-HO1
zNPuQKF)A25DzaC_GB>;nFmFFSJu-@+xlg7hQ#>rdNHqDdNdAZ4U~>b0ZAJd-@rj6|
zZgynf+WS5_Hq<Lz3CW3Ib7+-N1w01i!er=>`MhU2%*e1{W#L4gGCl}{5CuNj&AM>;
zF!#y53`q5RC$+Mv-);(0;_zU(uz_XeZ;VQc`+QabKeANv48wy3Z%;xn%+NuD<LTwd
z=zr^JNexvQSd{vvAdAhTfb4@85;>E>$AAnh#3(h$90yYS`g+w2a>><)V#G=ZsByvQ
zi;-6_QG{uMl6e|X9DtR)5~DEF0mX0dPENZ)-w}|D?2Dg<+eDns{$knz6J{AIJ?)VH
zB1^)J0viC*PdED%!&HC+#rw;BHH~s&=KYeOw=6f9V-y~sK*5D>XaX%Ff|Q4BoR4t^
z=NF57II@zEUM4=;n)@S_H=a~47(R*CP*R2<6+I#{eAm1TmWG)4b(vm75{w*@Bucti
zh-idU++L3@8@gCXvKf_H$<;)#ab~WGZUv7c%VP3DQchaw41Um`qmC743X>$NFwa8B
zmjICX=sHHsN$?hzXc}B<BnMUS6Im?LVBQ|kxeXdFT(B<JqSn|$w~h=)hq|8pq(^R*
z%85zNhhBgad_gjpZWr$22`<1;E@Eby@nb)MbcsoMrm<IuoPjTDZ3l7Pquo2drDU>Y
z_0&Ghre@{*boIc-xhWjA1nmg5qILCheP;d`$-jU9;>jAtb4|$fk4oLZ=B5RTwx$O+
zO^xcsZRl0?mP`xO(#9rrmUq?Fm5V+1jq{)9K^fPSbua;M?nq^nLl^h5TAGv+V<4%l
z^UW-qZIz0ZqbFy@G;6#C@+S^%9#=`-l6k_XCwC9ePMX+RNP~{eO>3N)y)y@YB)rn1
z64#31&F(%^5E5J}4dI;O)w6HO9Y^ItKaSlhAp_!1H3$ZwWs<Rr&7F%2<mC=;ot)vr
zi~L69tf#ANns9kt*NXY$t5ekFj$V}GSD6%ppRIFqr%tZwLn@{z4V#CP<atKroa}65
zf*lp>hxRTS!nQRPL(*V=1?&43xAYRdII$;2N6imTp4va(^Z-v7DDd!pYDs~x?fmkk
zo?tlgVQrN>eD>h#t|ZUc)Jaix^4QR^5XdM2n<%;khCMUH-4PF5u3D2c6k6uV#O4!j
zQwG!2o|1t-DKha2MXeuaMvO%?PhYpNr@V}7QYiA(P+y{u22g0_1`VpHtiwNGR6^x+
zPlQdOr12oqTzryT2Qy;L6p?s?xk}1~DmJ6^e+`{CVZf59lL#@S!&IH_O62`9=0_<B
z@-c@C*sQcPaSD>e4v#cSR|`!#U~Wc|?+dPyusdBQYOlauZsNh$G||XQ-bd(whrLB9
zEMm=<QFx5eK!g=|uA=0e)rTg=YU*L8fo0SmxWlG3W|e<c{-^2p?#-2*A-cyxC^dov
zQ+X6(Q|}O$zlc0y&@3JoLtz|vj51*BO~goa`c4;?$Oj*O{v%&P@VF;tDe-}*yit%c
zYdByRjED@fe@iHrx;i;a!j9^X?5-PZU<quCpjn#OS_l|GVF0raJmXmTaJu3<;aJ4L
zYv7rOzzw>YuwGoSE}v#r#po3AJj8ZC3ecR#n=pXs;n}d900*Rda**V~v@Dk!D|QWL
zX@OwgfvyL_2k2UFkebGD>LFT~E!F}NH!$VbE<RhJcD8pCK!mVc5)2oXSbRWP&Fn_#
z<g`>DwqU22-=YTg$-V7tn4lV%vtMa!v!UnJrRse%a0Ol&yqO6cd{^^5Wludq*}52)
znbZ0x!f}^x>X8M|i<`BmAtOGS)C&zdB(!6NhxPJt*an{QXUll=h=v%bMh>7W)rpJ6
zLTaNVlns<qRFU+bztV5RgW1HSD-d8CD&@Q&O2tf#iqlZ$9XH^V0F&_{ls!a#6scIL
zGKd>I78unM(@IiNIV7@<_$W?P1Kd0-e<fl;^QnlWB{Hp#?l1xrgr*Ni)UzBh&8(F?
zmE@r&a+P2@rp_b*dkyoC!#6ORO2@j#nzSv!b(lA2%-+soR$5Sl^w#5(2=^JK9`c1Q
zdVN3LIJR`hJvJgMGcGZ-h98{AOv~YfWqdm^$f4RpzSHdU3wNn9C#v!~RH|M9F8rc4
z{OsXGck>+DA-pNfN~FZpNPDV4KUnku$$Ug<0N^~0eo>HI)-cvv5nJU+GHwL~8IVLa
zZ*+P;bd8u10g`T$-^5<6sWDBtME3A5aFFdBx()r{Pd?TU+$-RR1F?$5*mRMMvLq~n
z7jC>9StFjeMX^WIHy4s+WTr%!s~!oi{fkJ1#TC(2+iG90c(ua5dtlC%_j1u@b206x
z6a$9zCf>1f+6fEx`PtG-^QLoh%J3rOc|Dzp`vw|EA9-p>9YMUI>1PHUkhCHuojNWi
zQ2%HTB!%U8ckYGhdePC%$mq1^LY}3PcO10LWPKmh0!no|XUXF8jIi+}tHyHs7`pBo
z<#rE+OFqN~S`KL&6XK-F38~EqE@7gkZSi>mx`|Fm2A^@1DPhT_>olxH9>+6{yL#!e
ztSO9RDc*`Vx9loG3vMHVIy9F7RX!;JLg?dEjadjc%97L^XBG1CI9%VMqY722P-l<0
zk7A{t#L4owS+wD<s%N`SuA%bMqR$eg;qD`c!#DFwRuWxb;pL=h<>N}oUHn4zuCaw<
z^x6gi#t$~nI7)=YnGs_jUPmAMz6FNfjjA6OQH6_+_IMEspa%vX9&)S`rP(;CFEb{s
zvK}khKbM4Br``2TktQ_so05ixMqN(2gOvA8&=teDOJhbAjNEoI#<n0Sm6}J6oR$C|
zHt{0v+GkLU2SDaJBj*N;T>C6Y-`kZq#%6y|defEcy9n79gm>HQ+|{k+c`cw0Dd1Kf
zH_Eh(O){BKod=|W9oWjbX5p<*9>~8{L6dV_O|7jKYn&OO%a1CVK&dT^nm9GV`FQ$I
zjo&yi<e*q~d>f={Yo7NEP|4!ts4V=qb!Mc=*ZOF18v-ou$`VzM@E=Q(ZWXJrt(5C3
zMWYz7j|*3ns8Be`J~QgmyC%M5+#)7?aVwwItTOR<30V_3FQo)jSz=yOePx0L;pS_z
zFXfTRv$NDCWObA@&~=z>7VcDvM@Qjrb!HPH8&7B36kLp$8X3Q|pvz=LE<v!g`L3s`
z$zD!Ox|>T^C>WADRUPsf;Wkl^2%|1UX3i8G$3|;2u7VWs7d|u5B!Dx|TqSW#+D=?6
zX01nmw}%+7hRCl@Sj-NUW>PI}Q9)W)`gACbzuhrVAr12|^Lo}NOAoUuiej|O&T%5E
zV{Fb7u8iH4DK^by2=DJ7Qgn@j9BcS-Ul%rbd%lil`Fc)lO59)PEOqK+_#(-*+i?~|
zP34YPQGBSgH#kgly|}hgW@)9B7#+&wbbOfD;7VMpWJlfE_VByNs$K<@T~rCN^X{!?
zjMA-7W}S}B>m|w`@Lm_C>I^mDCm9w~9r~P_wt$pVJA*LQxCl&o2}sr6>&!At{5F3y
z5%~D2V1D{~Y{G>?YRaYTtp&}{?S=Izj(Yv;RSLxfeEzLaIw?aa?YIGp1R3zKMspTJ
ze%cr}X(`fVOOPBi&^;M!F_hAmynw^`E2^i4nW58lpd@Y;-H4U<XGajJp7m=~{6`Mh
zQ~SHS(?HT^%)R)PAK^#6luQ-@Z8ia|7SVRMShjDqw%aGNdv#W3ZGvr7g6ZW!20sJ6
zOtyQwmYWHydwV9AvP?Hk0%;BzLUyNEHW_{luS?2Js}zoJknhE8RllKY+%W7-3{O3u
zn-it`LLYCv9~V_ZPhG-3%0V93dQgbb-OT8?Ej!IUoX;dV*NRN{5z#PCE!40}0@%et
z1;fjE#KC980VP9QO{7;_cBE>&r}3RCLz^gxs4)Wx#;>}MgDXOkT^mMrhZKG`0|Hl!
zkzId_-P)`Tbt%|QdkHq81Wuc6nhpE#4ST<ykBG<q%k|Mq*w2W^gJw<1pmmc3P03N}
z{R1clcJMpcwNd|!@gN|62S@goceYhrB3AcNp4irD86Gg;oQ8y135Fj~g!~Lt30(~0
zCEo=H5aL&L5aMYUb#cHKBu@!$#9_j+5cFw6gzG^k<cQq8qWzBoMx0@6&zl{iG^rOH
z!u`?Xk3_&+d3YGVa{BNv0HlEyg&1OUrG7A+riA(Ou97GG3^ZCdmF{Or^I8(JsZFT*
z7Hn0S)DKCq6fo#FNU^Mn=SX>N5%ihjZ4vCPnxS&-8yVK{ub7c^fzA;oTvg}JaLcp@
z6e^NnGqi1K(`fO^Y#bU52+#S%HC~cdFFEuz<uoQIBunfqBuuZ2auBL_h|pFhji#T6
z|6=xV&_*!V;g&SRA+4yPMpT(5sDQg!Mvb$?elNGA2vV*XVb<GVPBJ<Sm(Vu`Q?J_~
zsw^cMmmch{RHy|TWmwTs5l_dY#5Tz*OJY(%{7JQ1KB`b5ucjfAoPB^5EwI&Is8ov?
z_DB?>*KAa$qoyE{oH<z2YgH#gO0|?QM0yK2Y|@<<NJT*m#W@o2lGGpYQi$Vo#yR5U
zXW~O##)vS^m7rIbpkW^**AX3BOH+-<>?kcTiKPI;yU0-XBc6gY&6L3LI1$QmH)Kf!
zpVzcmK2=fXh>T@&DH*aM%82E=1VY!Gpn)S4V=!%4e2Bt8LwL--NzNxOaW!mK4=oZc
z4A2F}MWK9~An}USBlWZ;77<=iK{`A_B52P-K}o`?wwjs@wXsO3!c7eT2NgNt$C*BU
z4FV)cRJ56l!7zjl8BxD@BvymFPbPe|5Z>aAG~Gz=B5)Fd7b2J~XF$q(j!#}s?p68M
z4@=jq+rOKY{RjTX!b->XpF>i%|5N-=^uIfg{=)zMsbBD)89*kM?`bJJ(|2pzcgG+d
z6aD{gTKaE%M@-+7xW5~h{$sHA&!e_~r2rY&|Gn>M{4WYn_|GRK?Y!_HVJs7(fP{Fg
z+CyHv55Njg(|5gKCWx=@G@Er1ja61!+cHi}K{-3C#<$gODj#GRtf(l+xLX~tGeq7z
zxloH@_X^?C;0!vVvqc*XOtB!OjZE#~$}*yXay#>2V*n^ZrwX{@VT2V|`F#J$WCBep
z7du8>-2ozy_qdIbb`uz(tvTw!_;9JJ<sG8B0x(-4^OwpXl|FqI!1^hI8p1F!?OD4~
z?qQEcJeVYJ==79_`CgHI=3&usBHK3pwEz$QlmL&&l;CG*C#ekW2-qHwISx?Ci0Gbo
zlozCwD>sOAuvQRPmOHHb*)HN$dF**E`%J;r=Kj6iC$HiDo=FuhhBx9QWJw{@`)5HK
zOuLyk(4lFx<=^e4|4WeX|9A8J{Q&lRH~pvP=(_`u?*I9K{8zQnKQ{e8QF(0tLglgj
zE0xFgZ>hZR8clYFf12ESK)ER`wmoUwUvei%*)X;t*yxkmw~ibL{2(CXNHF?A*p~Jy
z1I37eQ5=*3&6GswK&}qi7PvqZq^?onEKjT|q<jdENujq~+4qciO@LP6^!6mIu>|Cz
zulBvC=_z}Zh~PEz^UE>&_^V-b>-?_j`pze%Nd+f=mxflH_$N4g#`-nn>XEj#47ht1
zeEO*llJXq1rmx@SABfqcrl7TtKz;?$P$Pl#k~PldW_O8pRKqWLeDY@4nsLEtZeJ99
z3_&(uWiVJN13)1B;<S~X`~lpq%g=*z;tSfL?k2_)mk$AVSLmmn$v2;6>pY}J(chmu
z7nFc0+n#6D{t_2okR7IiePRzJ4#&s8CfI%-3+mgNDSnNwWZS3154d3!Jm2IfS)IA-
zg2h*|5)uDYRG6P*lscNIw7UCRl*M(Ie!nV$+iQ`I+^FgZJlT`QWe>mS;9nNiE%-Bs
zR@;>Uz3WN%LdpD%@Uk?&+FvS^0f>5z!q(NJ@epa-g?38o5R=wD;%5Q1CU;9ip5Vr=
zcMT}y;(ChScEP^tlV=Hi96-D>IcSA21RlU*`#4LFyuh4FV|fQ|L`@4GKp+mXEL#zt
zeR1Altx8SBi#p@RWz>HBaEEx*C(=&h2ODueXjEmDT@H4l#cvrNF?1rtz(WX=BUH$a
z2XmT_J9jh##IG_6;lkq`yY0R9dq>N}H_Gpp&9NpEpk%Y@IK}4>RF&QO{dg`0wE^AI
zFWxRr5#PQ`I9EYf8(&E<d<f{xa>|Sxr{n!oo3aXdn!_fiT2n*(Pkc<QDdju%8%XIY
ztUf*d^lAFRcS*ao%|IRY-eyJjBgq}87T*T$0)0DQx&OJnNtTi%4snOwA+k_#EZ&5`
zDSy4pRz8mrEzi&$>Pq-K2xg-IYs|$=)9hsFrMnO#_@WWZSSnc#e#VJoDJy*?DT2FS
ztkqp7KdoeL!C-mn(<znAG|zgJWRhw!3bLlCGfD#gswn24qAKNAp07^(GA13JX4&jo
zI4bcsBFWh@+6*pbEA5q5rPBgKtVK-C;V}y=E1huZtpR;3SEUGc8s{9VKHsUNH)Pik
zhn&;y{I)-7osJQ+$JkaC3;4YLi{pGG*aV1&t5qedZ|3ox@}zNdhS$(jc*U-u+Za^i
z3}~s;AV&ePVbH>Q?=v|oDuS=uUzkg>`|bjxv(vn>R3{B}g$pb+&W>yPNUK~=b~bRS
z9`SGbZ>^ORO8GSyrW~G?nfF}YE;EBu+4NbQiYDSE!jSYCV*Kt`shNlxN~P1IQ&nU=
z7R^R&yB*S2p;?8f6r0a#UH5s1ygs`-ij=rb(`h_eI?@fdZLbpN)0d9hUyHYj%UU7E
z$r}+KRD9eDBj^f7<8yzE;<Fb%CobJb(=Zle(;T(4PcL@lq=FcYnMka^9eRpmjFTkV
z@_AEMV++m?TsM5v$zV7uce5qOyq_oU?#}~Zu3$3RSZ;p?VV_Xn2swwgiic9eUmAs0
zVw}CW#wH0=G<6&};B#Mb9DUCa2p3OBVa!Kg6Vt7bwWo|zbRzmE4UZ<s3yuixCq_4n
ztdtJ4L@CD{i*CVGHa(7yy1Owv33xpeTE6yR+CSE>d_P6eu9H=+)K7VY4epBd9*pDC
zn(gbuib*b)=W*_`oIVf=XvX>CjlDHQB$`jNEMs7_JuAJYuo68mgEFQPO&!|U$s7r&
zN67iwKpG%TCOgXo((j5pqPIq`P7HyZUK6Iz8d|njuCA~tf>=Gz-`v{xy>j^57RgxC
z3gZyhR|-Ff9#d~Q4?=ZXbOY9q%Tp{z1q$%7L2_`g+LM2Bs`+?`{g2|l1Rlz+efX`X
zRJKyG7V{v9X5W*_zE!qFmc$s0Z8S5s(q>8al923_Eu@7KLPQEtQjwHUiKJ{H-?_)r
z`_Jh89(n)I_x1Z}xaOSuT-SB3?Of-&&)E_7`mEp8hfA+ZWh^IN7|lE;w`1y~V8WBu
zjk)XO`}+fQEL$`!8nzVfs1rOIuOam8Qs}OF$?Y3NF+}@r+0nPXBepvl*G`R#YGz2>
zV$_+Y>LuhiKHO~Tw&A4kmZFmQ+oNC60|$J#8e*Glu|;M9W@Cy9;z~;1b(ekoC$qh`
z@T$D_tUC7aGWX5*1B#!@?u;fX4h$%MvF;z}d75Ax(M~z?<k-iqhzNIAc>m*i^7oFz
zH4)Q2OD0~f5|2Y2Jr?BNT9!Vn;ChLfbwal3RtWu&8wq(&S3#q?+Cy3?vX1hGi<e(O
zIP=EfX(8c#J>1vCqMymdRo}SabDi$~&U|z|3DtGqJn4n%=wNxLb&C1K^E@R)<EB3&
z@>Hgs)!HAXFG_oLdT|wRTl2)(2$9f3O4@a}Qs&NcERVs2*7{RA=j&~xWF0XIYAM0D
zLZh0vjm|&UaK2t=izP;Cyl`;D*&{L>9r<hCi_p5j9g0aWj&<(1A0nR9YO&NwH*a#d
zPxw{z-o%e(X@lJO{e+Y$^*G5t3Khb*FuS$uAD~W8d7n&t=v!YGvZm>5Y!VHpCw9U0
zNyc7<$Zfq_SlysFK<C=>mz0b~{;YwwTkIQ@Bch+nM(>h0s^hNX_KZwmWw>S>w6Du+
zPoQ}8^sl?kwD>mUuY+;&;8o-O>hx~2b+C1`qsF$D;l_#YD_uYNe5D=gEXOyxjy3fq
zP4yccYE@O>KbF?t*<6pTzi|1Tyepr#D*X;BcjQgNZKa|~pVkWLHJ{85w>&J{WE2-y
zCuw-3RG>gF@=jn`qV)san6sDz+tH7uwI{-~H{CbY8@}}L>lsn9*N7P_aQUu8@pnT`
zUUs_^tC`KAZ4HP*8}-)DMm3{DQBikl!oTisAJ@xW*?)9b(bbs!fta>!`B8RV1AoXg
zMyE=TYT=UJ4JofS7JuCN5&d-|-1o+ms{Q_`W#1n(GI@?%6+9BDD!VGs1#^F?V|#pw
zdeUu43O4M!kF(z1V=qR6k}n+4X=qu~>%a4{Z;+Hm#OIxcPQA1<=Jt)YLn5i<rDDzG
z0>}LZi8Oud=xF{UgKr+|uADfcd8c9<Wn<=0jOX_Lvl1otkBwws24DEvc!x0@-&>H}
zn6eLd?!~iDRxgI%maTVa``3poO{I*}hzoGIaZDn{&hV(=)rJG>&TijyhhcLx5xwD9
zWRxo5@m<4_p7^`oN_JT_&Ge3K?x|>Mv)3Oqk$gQ*v9Heq!m}J{q<X$n=MUKQj`2s4
zHT>7Orf?a3+ZcP4>+}A-T3xpVkYC8pzrFTFJK1IB`4469OXQ*BK05EeGtkpZzv=m)
z)4YDd<c6f<t*Jbwc6iP7comZV0$%T(m;Ux%PXJNyVnkcP(b0<3)bIPQwLc&{d~{Lo
z(7W(Y(@rO9&mJu_byPOr_3kWp+miFP5q;W?1KJ<-UhR&kJQLLOFlwBF@@L`O*K~J(
z5b`i{w%K}g^XHO1qgU<+-3a%fgu9NGjJ&=xebq&A>cPtk1I3@pZWCUXcE8CvM4^9K
zJ;F1Bp1>Y<U!gQQ5OnsBPm?45VvR`at*sPi>wy=H;Wn9<1cqKS;r&Jp`HhXJ9ow?B
z@Yccn>lN>*dh378*ta$G#;ceE_0>Wzr-bho3kMc=pD4X-_o;g2NOlP^jZQDeb_ou-
zv~7KDu3Oe)@j!-^H@Lapn=ldR-S+V7z9CiG1**apf|dKnx1X8K_O{|Zg3-Iw*M^5N
zHn+Z=6#Z(QYP2iPBuTs3pt$|yx!N6kTTt)bF|PVt&$*~(qKCNH-fH4zl~g)j9^CQr
zyXM|f_t>c;wWAFmYQ@*Lje00O8_!Y2^{)(>=(eO=F#9i=zg(~GjqUjMzI>v(`V%?l
zlclg(S}45#)p*^p-O5(xt6DQwnXE@gYPxvXq^L!1NKlXF9m^@Iy&C1bh_d>-VTeFz
zmG3etYVT^4bJ|2_qAi(xKUsKLz3r_hu{PiOJ7dXj_MmYhJa5zWcxA`e_<cjBocp>$
z>cGFk%SqDr%Z&~q&m6z>PDbloB;U96+wV$?Wx|&Wo~ktXmwIvdqT-mTx9g4!*Oyl_
z6X<p7!W+E4RkDhMa=Qv1bfxq3Ygg70Uq)*dov$r?dl<9pp3LS$4DS~$c9BUIXW%vg
zbb988eMc{)+pX=8(pA3YAFEgMcvb(@&EDIJg;&hJwJ*)4Bpn<1jO=a>sgdls{yycU
zWc=hyN#uY*SFdqYmT&>BfGVnPtJC%slfXC5g;6B0?X$X7oWcJl(M%#j_vob8+Ma@#
z_wgxdEdIlyT|?ItM+VLf>>1TNIySZ@;l%Kh>q#G*n}Ymf3>&!m<g!Pb9<55K2<KUU
znx&r9m!Y@*&W5fROk2aqo0zhx3*WY{w1RyW{33Wq`gHo(syyu2^D2LH+4b&y>0W8?
z%hyPBj1PKq(RXVew0h+~p(|dvY!ETNy5rI2v7_hubY;8XcEoX|^_qR}v0o{cw_GCz
zB8vZX@VC;EeZS@XX`g@+l`_4KO)}l56`Jfn3^+@*-Le~6?I?>m<F+~GQqAzK4SC|~
zb>`O#`QQ7Ri5o}><if2Fr#+3<mhaf!QYb->jd1Fh*%~ux>XdOh$RX&(Zr!8HKb1Qw
zCOpJ(oyMMvENG>-U%au&z;Lgl%X)2{=gBt~)qHAtvAS^7!R7qhizTTyhHX{qCcw$8
zf|qz{{el=G-pVP1x@)&(_KnBdHR<%dOI4ljmW_mGVp^1TZ9*#K=$p05pDS~a5d%ra
zz15;_F>)gfyDtVAsYl7utHk$r4M&OOl;&83+#am#=DvPdI#}VOvCpCnPg-8QXDTEn
zzv||xa)`4$amrAbcZq^uMN3+Z#;EY&y8>3I<fxcE5BK(t?O9AUM;#AVGbjyrz~PFn
zKk@5wD%O#z$h*?kCd6BGSa)%ULl~^f@!;b(vYU*g_vbf%=;!s&Q!pqyDX>AKYtUv-
z!^O<_u1BIF$O#JW`>66>4egPXU>)4YA+M>tLB|cx2yr1z&))G(91%DHGxYSjyFaQ$
z!eeRb{s?0lPul03ynGt5mvwNNHy1mdTV)f@<C|-MdnW9lxyf};oRNlNiP#%Nk>b0R
zf08$z@_>0Rxi5YSRvxf8vXWN&Fzu$)ndG)!74K8Yw;z1sQ?oS4)4Pzr2Ax<(4qmFm
zyaIm_7Aw4aO`Lyeirb^d-6Pxt2}!XYr~cqW0sPWJrcJs74TzPk>21RO%RST$MDOUW
zsd|4`KB~4*!S`$Xx|}zo+&KZqq}M-PBDxoG4JWc!3cT)WIH7M`KWUJ9i&0CcIuY*p
zXod32^~%%2!fwRt?g4+uJyH-l<f|j&U@T>sn^Q6%Cux8ls5<?Y>z3c5h=?|U^G>+J
z&Zr#x&3g))_0zQER;~2ifeLm#m6_JAkn(!Des7dkAWxX%uw!P5n8@2a0S~S}M1-xY
zC3z1cX@#pT#fJ)S>FWn&KdIe!#|hs1Y2_gwmu(Ubc@1(WB?zap9&`yr=REp6$p|pW
z&)aQcx_rn>x@_dQep)HhB~!Xm`15l2TW7TW^H05BBMR3JBSmn>=3q}$$jQDajz!#E
zXHdPP*Q}Z-^`t5NO3bwPzDGkE{(kq5tkD%f-b*mSCo77Ks6|zJA%qyu3szh_o#C2t
zoUha<r+a6P@U<Xjzshzu>8DGM9IP%WQb#)pn#lQY>T&G<I<%tY=-aJz==FJ-&98%D
zn)CxQ2su|$rIL<GdD<om($ze{Y@z)P*UlW+*y#Lv%Ya-=^L>ToJ-VT&w~Ty`8)??D
zAtw%$9QBzh7yFYtL@4`RzjK!k+)WP8Hw@Qds_uHQ`tVuRg9L@JU3?)4E#ZzAA9aLI
zspMR(dVV$8+91SNaM#GUXsV8Cm`%RbrOm9TCgy8vn(xVKGOsm1N+<P+IVJF~V?H%$
zL1cS8Z8VWTXn906#IWx&vk>+;nyX+BrJIFg+PQ~c%3k{HhRGJE1o(r?I$_r?CVsiB
ze97ZtQ^%7xm(BJ#(GA6f@puAG@w6uXYOd$gR$PjpX2Ks~J2Z^>!XCuMe-XZJdeDG}
z-|Sqp?BN?}4IS4X)#06YoV_5ZZ0KtywX(V(7U{bGKz^>Vd;+{4zKj3x`i$;(5A*4n
zT_W)8{K6uV_=j^k%i?VEFS}<Jr))C5;bEU(oK@KRyjL+UFu)B{A8$<>^BoUAq<OaV
zX*Q0yB|E<41Zm5Kb;fYt)diX|jseBSeBeY>apBkhYOYpGRuv-oFUOUKPiOnvRZbql
z#eAXB92|onzJ0tRKO$?7HA%UYwWy{0d)3<Zd+Mh)dhRd1gd7!+oUmcR)>`F?n)Y95
zmAY$}cTd;>UA(U7R%wb{gbVyu%aEK-mf3dj&UlN|@jth2KOU459wd7YYZv{@`w2HO
z-oi(>(6KuvW@V^rd)SkqzI|QQ@*=M<F8Lx|8=_r=l)|hpQa+~NHY%03TkvGgn?0sT
z%Y>VoSDP?xRjLV9`p*J&i|>}n39YGa2}rYk)&FAex~GNNO+s#)(uP+amj1In%g3oC
z!AbWt;o&GYB?x)E27bq`_;};`1o4~{gNv4^(d5@&ata2aF-rO8JSO%|=o~Rkb5&U3
z?yqx0MLT;?MncL-J9bP<u|qUf?N6hi3p?-9$(!zGEH=;8N;$2Q9`uH$6#QiW8>yo<
z)dm|^z>cga{FuH*G5}ZYt*+J>Vuj4x=SN>@D5i}s-1}!>bvn<ccC9`YM8B_L1)(<|
z7W1z%RjtRtK1Z}NI={i{+=Fg4`NS<1Zb;$JT0CYRbVvE>H--0Qjz<d~ZTB_wQ^{al
zPxXB$QGh7?(7d&+Dl=GXk7|Upp!!5lq@mANu_>{1q;fIr=v{|vCYSkmSURTzg<GG<
zxP_#w{qjP%w5s>!vXaWP`>QZo#b=@?K2C>jyr~x!6Lndtw{mZ4gH`Aj=}q64Ng$?<
zNkt;VMy}Lv<5O3Ec-uc>YH>>oNl2~n=s86DRgH>9<W0Vs<ht9c554iXUj#%QKZT0u
zd@O5MdXSbK*y3=NyVO_Z?r~Ge<~J7SR;lF~)Zg7Eur?d+%J*KRG4qj)ZRqXOb#N(}
z^n(!xJD+3^ILdgdKg|@dh+VZIppxm6tLY=Hf+Xf0q>W^u-`&gn%7ZXKueqDSXP#iT
zPA{yFwE09YxpjN+t>k;;7*gm8$rY~^PZ<{bC*FPG<-gQGz$up`zV;eg)Cy6N-5n{8
z?^|uLXJ@fGFY8o%gk$YkwP~t4`ul4EgDl6k4XEp~UV%kZl}Tu;mA&*OCgyjl_?_At
z3=KR5EB4hdJ6EKq>YhG|q`UKyjob9MrlzH(x;{&FJrOwVq<xC2dLi@tqIwm&uUdo`
zQ*`g=Zmr8I+(n%k%`*26X6)TSkznvVmq;nld(6tKZ4h!f$3x~)r;3ay+rY&%Iz!GK
z|0HYx7nhQDpxnZQn%eMbS!67~U>TQT*5$4!<RmZVxWUu%UXpS_ja=NPsW*xi+snd{
zsSe&+AI%Z<sgVL&magy`TNjICcWSpK)pnbzcNJ^i$j%7QjAQInTCq(pwD{Tg>Wi6P
z?tco$m<nI3mBw{{=axxs3TL&)@w;q}*H^WaI`rgO*nN>Oy|)T3I+qV73JCP9-c}sN
z71L^)Uea{aLPs;FXLNT#gXj5diKp_XP2TlNRuBoRgEZ|n(=|Rx?a%G-*7Qm?H|-Ya
z<3Sc6h3@rBl=?od@pxJ3?_k8t@OZNAvHZ}s*kq@e=#^-_%N6@xZCLdsvTaGjB6ynW
zSmy0m-93BhKI*B{#tFzI^!n6hg*W0&tgpeRz72U9<lf%H*L%&<*HNZ2M#Wfr2cju(
z`el6BsSl!U*8;C0q75dOG>LBa^S`lHntW1CE&rb9?H;td74LFq&7|$$>3c3Ci?WR$
zoXIRi7FM4z+p$h%_a9j`5;2dDmkM27(s*{4O+yfcJFz#;%?>@1eek;3ST(|K%qOMx
z-iBvA>%?oNDs;P>{OJvcMZ?`Xg5Q1VP)X0%-0zd?w|OmQU2X0@eZq<kcam9%RiH+V
z$)4A>QXjvJ_*CkpWtSYXXpv$B=64lm#uavsU3qfGj2uuEYv=yVN##4w^?iy%9^6MQ
zj^*qKF6!$#^wc5l#ZrxUZ127Rv6f&7NlX7%8tG0#UM~XbvkQkSPm0BxxEx&0w?{8i
z%=mSY0F@a$o@o;D$XC~~NiMfi#Z~WyY2!tNU|O~vUtEm$;aJ_ElNYm>)f_u$!MJwi
zj*z7Kvsb>-@Jgb`Tgfi*kc4qxRm-j6LMtXdE)L}SGsW=XK|yljje~WUmgMhQQF8Ou
z&7KyONK06=kG8H&yT+kj!zO{VD640^tF&6UKiE|@o%q@?c1kQ_x3$x`leu+9VTbXu
zj%yy}t|l-VJ5Cv{H{1DqsfTo~KGwf)yK}&YMYl)tbjqEdO$^6*=DaC$U1cz$z9;&W
z1#7wd?Ll|ux&W~=ciiK8LRL#{?x|5X^C48>#e?XZBWze!86KG>Hdi$dT`{XN%DrUG
zTo;z#lk*g@Y{1F&;H#i}eIvCAil4udeB^g+J!ZDX(dCWyj@-&GOLLD2z8uUnOKMSa
z8f!S~b@KL;hPAgh<k)|E{h0poYsypCVb>_HZ^NgU#fOAKtMoQ}_%0Bdw6nPS<6vT5
z2iKIZ)aNo`0fzB|;_GYEyt8_BV@Pl}+8Nzs?_28~zw)7FMh+Y66gg<#IJ=@KUpKA0
zt0<y)ZJ_4M?6SILX!A1e=_`YtTDOhHmsCz}-Iw~A@9eWFXOT7G$G^40r{(fjYD)GJ
zVnVkCGI(FC!Hqgdm`oeqql!(RxRZa5yTqi6p7p3ndiT){Zv-VO3(joR(VxBsP9l~e
zp3$9L_sAug+_<&GqEIiHY^$)yhrVjsB+gn<w*;##TUMXyvicM6kVx5Mb;bVk)3L}l
zI4<mR&3^fUPQ`$zt~R-`4LsR0k>PYdhrXp@n_onVEJLTRk$zGbx`^U-P>B~k7FrR&
z7|Zt?9338fKQ1wD#FZow-H>E1oAl|#7x8qa{l*8q(G}ziEDy|NfBwaxSBP>e-PhYi
zCj%;y9=zU3@VUB{%b;4B%kN0i9omG&w}|n<&zchBUAcp2mVHmC2%IMD|9-mSPFUb}
zG^tc<+kwFvKerE41w&apgWpZZ?(Q8^@_U6I>%YHlyoh&qPkB)8;03GR+B?>Reeg{~
z`OMDJ;lTk5k@ALe3$MV6Ho9nck!T6kpC~#RT=9A0;n3$5gLfFO`MC1w0j&h{x2+<R
zkrg?8uh()Rv13d9VkC6WMxaS`oy+}_u%ysQe*3#2S&yc#`7yTpC9O9@On-z;I{UHS
zC97|{zK;KSx}T8OiHZ}sk6N8#lI*WYZl6Gw>z!$3@+J<KV<pD4w|soye~dbayJqPx
ziS-Juh`?AQ{WgxKKhTT5o5&h_?RstUZq}7H-svH=f=OiG>mZx4MShmNWsL`VyC~fW
z5?+&sWye1k3@WYhX<e=;;<GHkC$NG-yE4_Z+FQ|2Q}=*)-K)a2h1(eV9d(@op}Cs;
zmD1wrfs$8hS0V!gU7A&Szn`!0dv<IPw)Mb?{Y%nX`A5@kjN0Fg7JOH6LSm(}#v_7x
z=QeEngH8!9PwY*nv-`?IDrB)f7b-NkUSUk?UOApr6m`DIH!#+7Xq=zxmBq@wFRznC
zF6#!iiL$V!cas(3<UOf7Oe8lHt}(=|O%1%LC9CFa7+aCctHSGh!j61%?c(oQjAYSC
zqm;819~h?9<tF^=g_EaX*U^KRL6loj&jVMk+$x!(9>0(Z9j+pj=|Q955~=mkhdX;r
zI>n!jYY^I_7K=3LUb9}|SIsLFCaHjw4;136=ZzC-zbPRminCQ!^4nszxfPwMw45iS
zlCNRw_{ry;m+PVuyswm>*@!%Vl05uHN#CzD&abo9&v9L5BA@X&yIb;WvcIti=2!R7
z8c!?K>p#zses-;`nR=M(*~B~RkI(b;&bhol(3d8D#q)^cRi7jB7Oym22obFHe%_gt
zB|L6$Kc`ET7F^6#on(odhwhQaKLnsIR2Wx3A2Q~(gZrPScD+5%ld^dGTHd-dSK=#p
z;}g;Rb@!Av73zFRmLZ!U$jhsrZoWkl51wFITyC+A&fRyQ`-AJbOIEZq8Q7bvH|1Y1
z$Gx=h7W2#Ey@ZO5UliT0^Zd<m1x)fOWowO-7PZMcHbwJ1^)uu>E2Oebr@<a|reaBz
z$6~+F@6LUuSg-Rd02&^u%ujKI5i?91a{c3-&&C_^K9{XkDZcDnTQz*1_o2hBTdQ}<
zRoHT!4Yt%clpTL&k*K`KdzuDWX>GId$L3YHank93dNgWh-9KGNaVm_eEI$=3A}Z6X
z61jqx_iL?L<BkTd9bKJ^-?{A|3d_mw2ssgZe8iyf5}fsIT5<c^V`e9g4cbeMzY0Kv
z(0{c@{^O-|BDnPFf9fsf`%=2ruj(y+yqG?#)B=wuf>H}`t_%@P0Hqcfj?1O~=e(uA
zDYd}-hpVO7JK?iSE#|(Njz$0dflKvJsfGWiqui2hs{Z{unzfd1+T~l7vR%Iak5z}Y
z;o!t2MrVKD@TJ@*f4no_N;!#so<b%xG(2|_ap%E)%Ed0a^jQoyh_$#(F+4~a_PNk(
zxiZ0i-`7HL;L@X;M>p$6msa1P@$=kiyYQKJbo1dAT)ytYM@J7jbhYm<o%UVS{%~oI
zylZmA#8&t3x5Qz(dB&7CR}*54uTQS%5MF6<ai5`}l31)y#-FT##g_$B-%u@0c;m;5
zE-l&DQ2PC&N>rWPTAOQmQVMUxym$GiGz1ZAmwx8=RxMHQknIqvU0KELttl2%lF>^Z
zqS&14aEI+0lF&Xo6n|<dBY~tDCK$x?M5`{T>wDyoaAr)@_L}&}p&TRmw<F!Ae2Fjh
zx-G0!Pq}COv0I69_i4qa?VXwtd8{LU46x1*{zA6Mzxm$#e-fr&mR?|h#QZOnUi_+T
z;}_)^b6%t;K>{{Q<iHhG|9+8P0}TT&<g;I*hpIwmegoHA{RP9p*vA4GA~o<Z_H|s~
zHv)|G*SAC%n|T06g0at|GUVn46&pW}s3QNUlG?hJeWDqRJus*h(Pz*pMpTwLQeRC2
zxrge-vi!N*PuQ_<{nEF#ry}*O8PLgQ;NCX~S3@e3?#`f4nc(aQHeeUkmSzoI5C?rv
zK%)_4pul)69*4!Eh%h2~Hoy|8?CMHqG0nMwmV@WPz@=W$2aZh_43t~3|N0Ba<|qu@
z{RII5$2A#rcQ-(i5poX$+*juYVMg&rsv3dw*F0zxs-dO|QX9r%xKp=nL#l$C>j2_R
z7#q)@nDbMG)jv)pmOVHOTw4Z_0B$N{f6Nezogo%GLoD_$VrN={>+Sz5n%N`#MDq_T
z4w(0k(+uuxgK)<{(gZ$cIDna<3o}C(W`+Zp84h4(IDnbq0I0NMGil~2*qNu`W}dQO
z8DKy9Cw`!zr$cA0{J&rbI6v^enoMvR9_arw_MGL8|EQwQObhz2X_@)J&CJe%=L5}_
zgP%xZn-|UrVRFy0H{8g78yvtCw#9*r3}hX2X|_yr*kAI(=J<?UvF93Cni&ZM4OQvx
zkU{%tbha`2d33gwLK?Z-u)N)<$elD-C!`9UVM}GO%^Wxj(vV7FnWKql1Qv!T5D+97
zhJ-@^i%ujWu)xUu5G!R0bjBnwSjL9h(2typHO-kt-{J)9l`Fy%;c4ycyu%&>A}Dm1
zO#r2zvEtO)`C)~@6A=V(O(F(hg(Z*?z`Niu2;Bb-D+d<KjkyJh^z`&Z&^@i0ZU{QV
z9?6LgBnZFHBoZ0$2si}<xUvxqE}#TwVgjzs2OE1D%fa0SVhmE<NLgPSNo88Q(cq5O
z9@cPYs=YNZ{WK=ioytVwu_R7pAvs+rvSbuM^Dkt{WCZDd8(AC&vTTd_`^W-W!@<Y|
zFt;!a3Jd0(OvKJ_o`2%3wVO4?fr@md+v6OOEC!W|^gvr-tk6VG93jQ}eH<|WB@75#
z2naF^iy;FfNkCoj^Wi8!$)4tFkC?%bEs--=q7fJ*5CmH~g^7gZbQTG&R2I^RPI02L
zjHnC`Dg)uba&hLQ1@b1pPYci}fIble<QWY#3S3DFB$+%PQvMUaZJg;gKlqKLdRe=;
zIRj~C(ito)!i_<9qcT`DDw7j?PU}BEvoM1_gfR@umKG9-&E_=`zlXiE9Uf`S1QRzi
z3(9WbKr&!BnZE=gAZ6yH5AqEQm>nXpzigU-Hb54cj6x$o!Tx`?#Xqdxyy&BVaFRi@
zVIp@~Gn~}u?)J{s%vpkl`6Vq-ptAs4AW38655oY}0p|~+Q3$Xi{$HYn$)F&C&v8XU
z+@FUE{c4h+&~2fFLBy~fCUgQF>bIT2EPbD)Lh~Vv1}WJr3-K%R7U+6GO+Fb1C;|~b
z88XiJdAhoP(AF)?Yh!@&KyDj26d-~`FkfU4;LIzC_y=iOm{Z4qRVfs90Q{jt@E}^q
z|DP$ra;`t-X~Tix#)0e@2%oWdNWeg%Y+fdOVRNEEbEf{V-@o#s?8Vvd8v!6r5awY0
zI}^5m7pw3Ha1iC+TepRg0Wtwh`rlCUUql305P{)gXfmJyh6T~VynN2WDDiS}Myl!U
z0tDI7?A^fu_Vi!IH|%u7@6QWZr?T+}Nf{9I!muD#n3vC47%faU8geHH@u&<9YYHI5
z`<D{7z*qqCpKScWvJVfbJ&1MYwdPnDE&2=^ok3&$nuPx%1Yn~LNWcLB!=X^~3pN)<
z!pv0sat{6rSI<TohQ<(qJmG-b{|AlLPO1mh`Iq=F%$I`|D;ne_*}4tz2NMAF{2$cq
z`7B)6Ny6V(Y{)W^(9k*&C^lHOVCK0@T$m)y$J{Q=kz+B?>IIF$gVi~Ruh8IE!o0Nl
zrwIRVGYOoFb9Sn00X!!`_~9@!A8fpF5YF>)bG9@l#huAS*fXqcovG}VFAM2F_k`Qh
z;WRkai{k8VONBGts1%wVjRI#u$#5Er=0SzqQrW95R|;4*!s&K!Cf$X~asZ1l&~N5D
zI7mkU`%Xr4th(4q%HJmwgNC9iG#U>Dy%=Dqz~&vAFi&IqThk)V&h>y~kPFD_!|_BC
zihw6#QJiEf%#mXVcpzB>pcr6vj3xnXCjeT0cWwWlWQ)B<v4!jt-3@7|uB^689pPfj
ziTT2o^+aebg(nkck`iDe>2DH{KNh{N9<~Tq8k2>vr+Xkh+?`#Kwp13#Ln2l8s>4C_
zPllt3cp_RF`byQE0qp@nm)tODZcs*Z4~^wa<s@KXz8VkloCLTHtP_;DB;o!xHvcPA
z$#k~EIsPhB$=*%+eOZRgBp@0ff+2tf1DZsb--3tYNkzEOK<<o<i>)=w8t~GN<_c62
zM4m`An)oZX#NO-reI(ID95mGsZXm*e;!Y4v&&Q}N5X*%*Pl%Nm0t%Qw0v1~9gEaKK
zLdpM0K7&*=9HhV;L7p8BWRJ>lW6+qu=us)|P^1M12|&&SHEv-`UBE;r&Vn+&Ai`qD
zS^s#(m%XR?`;$+Gvb=Z_q$ZH9B?5H^nXdWF{yf#4L#4@_Hc1r-H;4+rrm#KO0-o6u
z2D{4OubtN3ba#+?1-{0a3IVv0&{YI88zAO0yD~`AeP%FMcW39B|4?8rW-pEENoD9W
zsCHCnGndK)J11H+Tk0M<-Py*P!QRZ}W<z#SUEOCxOlaUnCQsv;9bahU1i91N)n1P3
z3O6>|^z%jvIKboI$tq=cmIIx!RYP4v1BJq=pnw-ap@`tFBmx=ysH0FA6bgkWg3q6R
zC!oQ1s?ZM@M3q5>7G8fn0%}SGeW30{5bm-chXKvNR=ce`h5Dl%4(bjK0ot<LgJE$1
z1p+kmkKw`XVNibv1uTF;C}2@Ph6Kh$&6-7(Q`>@pT3}G%Y2aQ40vv_kh(c|IrtZi7
zzZc*qHwvVmxWSYD`Ufftz_vWh4mJZLV+l}w0`w2&`WFoR4sG+zhG79p956D_mtVAl
zN^EBLC19X3g;_8%4ov`3H46r!IB1V^HjE6NxiT9@#^C@3vtcMQ5fZ~$ebK;w0b4K&
zMh4+KXJ60`itc8$L*s~ePCCdqu*<^H4y5+LEgG}?lJOX*q+{0e$aoL~&Vdn7ob;0M
zpu%cSJ2GJo4+v=dTo@KQ3}p7Wpk52uZVng;1yo@+j0kG2=D;v>c~1lt9dp_d=FA6~
zNSfP@gqquqgn>fN*|-4TKW7XQ0b2ENv?D>Or`a$v3aT;SfMK8#0}dGO7ce||&KP78
zCl7!TKyl6`fPoNr_80($1GO)+#sx4u6qfvq3xE-!&1nu83A##cHVkCQIPe2GK+GH+
zB;!a>QOVDJL8_2Q<mijS5CD{;9e_b)Mzi{22-si1NN5f^fB>QA;DW;ef;pZCV9=d#
zv&O*TFhov0!r_3XbGF0d=HLt&G)`RrFz8gJS!3Yw__;91zH+uBfL(kJ7y*pS$v*&_
z!xsXcz&US_U7ur{2w)7(=Mk|asIY4m&O|JkQ-*+l0r_6eb|6K;$x|YZgqrg_0%4Bb
zB@zg8$0d;F%n=ckbj`t;2)1)Ma3SH)P=U`ZIsgocbU9$yIXordh;!^I2?sn4M_+Jd
z(VRIVV~8luG04F6%&`a9xx6Q1@lY~;7Jk4tLZw<i!+^eFIsF@e;eX~IScijzIRmOG
zGNK)#0{4qFq|?DApa2h02Z+>mwWEXWp}+o6gPFs&qSWykM0Fq&WU{&{PD7cbrUEX1
zBB-jPu^KqEhQ>DTzi$H7zNpbDst#0&6Vu%VhEyh@$Y_ExhNMQs;8n58z!4B}pfUxc
hu8LAtC6J)dh{>{Mu-IV&pn?RhbK0;$T~CAi{{R<vfQ|qF

literal 0
HcmV?d00001


From 11419cd7b4a2ac7910abb641986979adab2341db Mon Sep 17 00:00:00 2001
From: "Kevin W. Wall" <kevin.w.wall@gmail.com>
Date: Sun, 9 Feb 2020 00:53:42 -0500
Subject: [PATCH 655/812] Update SECURITY.md to fix security bulletin links.

It must be past my bedtime. Sigh. ;-)
---
 SECURITY.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/SECURITY.md b/SECURITY.md
index bee2b246a..18d510ad9 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -46,5 +46,5 @@ Eventually, we would like to have BugCrowd handle this, but that's still a ways
 There are some ESAPI security bulletins published in the "documentation" directory on GitHub.
 For details see:
 
-* (Security Bulletin #1 - MAC Bypass in ESAPI Symmetric Encryption)[documentation/ESAPI-security-bulletin1.pdf], which covers CVE-2013-5679 and CVE-2013-5960
-* (Security Bulletin #2 - How Does CVE-2019-17571 Impact ESAPI?)[documentation/ESAPI-security-bulletin2.pdf], which covers the Log4J 1 deserialization CVE.
+* [Security Bulletin #1 - MAC Bypass in ESAPI Symmetric Encryption](documentation/ESAPI-security-bulletin1.pdf), which covers CVE-2013-5679 and CVE-2013-5960
+* [Security Bulletin #2 - How Does CVE-2019-17571 Impact ESAPI?](documentation/ESAPI-security-bulletin2.pdf), which covers the Log4J 1 deserialization CVE.

From 5ed5f253e3e9a5135a627942e17f9c5791b09f07 Mon Sep 17 00:00:00 2001
From: Wiiitek <kubiczak.jakub@gmail.com>
Date: Sun, 9 Feb 2020 21:53:35 +0100
Subject: [PATCH 656/812] upgrade for convergence

---
 pom.xml | 29 +++++++++--------------------
 1 file changed, 9 insertions(+), 20 deletions(-)

diff --git a/pom.xml b/pom.xml
index 6a34d2cc0..1997e5a00 100644
--- a/pom.xml
+++ b/pom.xml
@@ -364,7 +364,7 @@
         <dependency>
             <groupId>org.powermock</groupId>
             <artifactId>powermock-reflect</artifactId>
-            <version>2.0.0</version>
+            <version>2.0.2</version>
             <scope>test</scope>
             <exclusions>
                 <exclusion>
@@ -526,36 +526,25 @@
                 </dependencies>
                 <executions>
                     <execution>
-                      <id>enforce-bytecode-version</id>
                       <goals>
                         <goal>enforce</goal>
                       </goals>
                       <configuration>
                         <rules>
+                          <dependencyConvergence />
+                          <requireJavaVersion>
+                            <version>1.7</version>
+                              <message>
+                                ESAPI 2.x now uses the JDK1.7 for it's baseline. Please make sure that your
+                                JAVA_HOME environment variable is pointed to a JDK1.7 distribution.
+                              </message>
+                          </requireJavaVersion>
                           <enforceBytecodeVersion>
                             <maxJdkVersion>1.7</maxJdkVersion>
                           </enforceBytecodeVersion>
                         </rules>
-                        <fail>true</fail>
                       </configuration>
                     </execution>
-                    <execution>
-                        <id>enforce-jdk-version</id>
-                        <goals>
-                            <goal>enforce</goal>
-                        </goals>
-                        <configuration>
-                            <rules>
-                                <requireJavaVersion>
-                                    <version>1.7</version>
-                                    <message>
-                                        ESAPI 2.x now uses the JDK1.7 for it's baseline. Please make sure that your
-                                        JAVA_HOME environment variable is pointed to a JDK1.7 distribution.
-                                    </message>
-                                </requireJavaVersion>
-                            </rules>
-                        </configuration>
-                    </execution>
                 </executions>
             </plugin>
 

From e179580e133c03044fd6c0adfc93d335afb98549 Mon Sep 17 00:00:00 2001
From: Wiiitek <kubiczak.jakub@gmail.com>
Date: Sun, 9 Feb 2020 22:25:30 +0100
Subject: [PATCH 657/812] new way for getting file content from filesystem

---
 .../reference/ExtensiveEncoderURITest.java    | 26 ++++++++++++++-----
 1 file changed, 19 insertions(+), 7 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/reference/ExtensiveEncoderURITest.java b/src/test/java/org/owasp/esapi/reference/ExtensiveEncoderURITest.java
index 37e9ea213..36bd7c116 100644
--- a/src/test/java/org/owasp/esapi/reference/ExtensiveEncoderURITest.java
+++ b/src/test/java/org/owasp/esapi/reference/ExtensiveEncoderURITest.java
@@ -2,10 +2,12 @@
 
 import static org.junit.Assert.assertEquals;
 
-import java.io.File;
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
 import java.net.URL;
 import java.nio.charset.StandardCharsets;
-import java.nio.file.Files;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.List;
@@ -34,14 +36,24 @@ public ExtensiveEncoderURITest(String uri){
 	@Parameters
 	public static Collection<String> getMyUris() throws Exception{
 		URL url = ExtensiveEncoderURITest.class.getResource("/urisForTest.txt");
-		String fileName = url.getFile();
-		File urisForText = new File(fileName);
-		
-		inputs = Files.readAllLines(urisForText.toPath(), StandardCharsets.UTF_8);
 		
+		try( InputStream is = url.openStream() ) {
+			InputStreamReader isr = new InputStreamReader(is, StandardCharsets.UTF_8);
+			BufferedReader br = new BufferedReader(isr);
+			inputs = readAllLines(br);
+		}
 		return inputs;
 	}
-	
+
+	private static List<String> readAllLines(BufferedReader br) throws IOException {
+		List<String> lines = new ArrayList<>();
+		String line;
+		while ((line = br.readLine()) != null) {
+			lines.add(line);
+		}
+		return lines;
+	}
+
 	@Test
 	public void testUrlsFromFile() throws Exception{
 		assertEquals(this.expected, v.isValidURI("URL", uri, false));

From c951b1cd05112bf9760d3cd3d08c842c418c443a Mon Sep 17 00:00:00 2001
From: Wiiitek <kubiczak.jakub@gmail.com>
Date: Sun, 9 Feb 2020 23:32:58 +0100
Subject: [PATCH 658/812] update for reading configuration from file path with
 spaces

---
 .../DefaultSecurityConfiguration.java         | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
index a9fd89cc9..d578850ba 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
@@ -20,6 +20,7 @@
 import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.io.InputStream;
+import java.net.URISyntaxException;
 import java.net.URL;
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -581,13 +582,17 @@ public File getResourceFile(String filename) {
         }
 
 		if (fileUrl != null) {
-			String fileLocation = fileUrl.getFile();
-			f = new File(fileLocation);
-			if (f.exists()) {
-				logSpecial("Found in SystemResource Directory/resourceDirectory: " + f.getAbsolutePath());
-				return f;
-			} else {
-				logSpecial("Not found in SystemResource Directory/resourceDirectory (this should never happen): " + f.getAbsolutePath());
+			try {
+				String fileLocation = fileUrl.toURI().getPath();
+				f = new File(fileLocation);
+				if (f.exists()) {
+					logSpecial("Found in SystemResource Directory/resourceDirectory: " + f.getAbsolutePath());
+					return f;
+				} else {
+					logSpecial("Not found in SystemResource Directory/resourceDirectory (this should never happen): " + f.getAbsolutePath());
+				}
+			} catch (URISyntaxException e) {
+				logSpecial("Error while converting URL " + fileUrl + " to file path: " + e.getMessage());
 			}
 		} else {
 			logSpecial("Not found in SystemResource Directory/resourceDirectory: " + resourceDirectory + File.separator + filename);

From fd1650d4fd8da129843a1346811f26dc43466de7 Mon Sep 17 00:00:00 2001
From: "Kevin W. Wall" <kevin.w.wall@gmail.com>
Date: Mon, 17 Feb 2020 14:14:54 -0500
Subject: [PATCH 659/812] Update pom.xml SNAPSHOT version

Changed from 2.3.0.0-SNAPSHOT to 2.2.1.0-SNAPSHOT.
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 1997e5a00..881b59c5e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,7 +3,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.owasp.esapi</groupId>
     <artifactId>esapi</artifactId>
-    <version>2.3.0.0-SNAPSHOT</version>
+    <version>2.2.1.0-SNAPSHOT</version>
     <packaging>jar</packaging>
 
     <distributionManagement>

From f8180f59c636e90a9677deb9c29afae2f1f7c665 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 17 Feb 2020 20:42:13 -0500
Subject: [PATCH 660/812] Drop 'failBuildOnCVSS' from 5.9 to 5.0. Corrected
 spelling of 'suppressionFiles'. (Old value still worked.)

---
 pom.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index 881b59c5e..132075ffd 100644
--- a/pom.xml
+++ b/pom.xml
@@ -689,8 +689,8 @@
                 <artifactId>dependency-check-maven</artifactId>
                 <version>5.0.0</version>
                 <configuration>
-                    <failBuildOnCVSS>5.9</failBuildOnCVSS>
-                    <suppressionFile>./suppressions.xml</suppressionFile>
+                    <failBuildOnCVSS>5.0</failBuildOnCVSS>
+                    <suppressionFiles>./suppressions.xml</suppressionFiles>
                 </configuration>
                 <executions>
                     <execution>

From 448c8f3a1feb517ba07880e709ea4ed37ab447ee Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 17 Feb 2020 20:45:04 -0500
Subject: [PATCH 661/812] Added suppression of CVE-2019-17571; deleted
 suppression of CVE-2016-1000031.

---
 suppressions.xml | 22 +++++++++++++++++-----
 1 file changed, 17 insertions(+), 5 deletions(-)

diff --git a/suppressions.xml b/suppressions.xml
index 181b75909..ebedb9648 100644
--- a/suppressions.xml
+++ b/suppressions.xml
@@ -1,10 +1,22 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd">
+<!-- OWASP Dependency Check suppression file for ESAPI. -->
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.2.xsd">
     <suppress>
         <notes><![CDATA[
-        This suppresses a specific cve for any test.jar in any directory.
+            This suppresses CVE-2019-17571 for the log4j-1.2.17.jar dependency. ESAPI does
+            not use it in a manner that makes it exploitable and ESAPI is unable to
+            eliminate the dependency completely because our our deprecation policy. That specific
+            CVE is the Java deserialization CVE reported in Log4J 1's SocketServer class which ESAPI
+            doesn't use.
+
+            For further details, please see:
+                https://nvd.nist.gov/vuln/detail/CVE-2019-17571,
+                ESAPI GitHub Issue #538 (https://github.com/ESAPI/esapi-java-legacy/issues/538),
+                and the ESAPI security bulletin, "documentation/ESAPI-security-bulletin2.pdf", which
+                provides a detailed analysis of this issue in ESAPI.
         ]]></notes>
-        <filePath regex="true">.*\bcommons-fileupload-1.3.2.jar</filePath>
-        <cve>CVE-2016-1000031</cve>
+        <gav regex="true">^log4j:log4j:1\.2\.17$</gav>
+        <cpe>cpe:/a:apache:log4j</cpe>
+        <cve>CVE-2019-17571</cve>
     </suppress>
-</suppressions>
\ No newline at end of file
+</suppressions>

From 7aafaeeb3476c86886756699501f09963b8657f8 Mon Sep 17 00:00:00 2001
From: Wiiitek <kubiczak.jakub@gmail.com>
Date: Sun, 23 Feb 2020 18:12:58 +0100
Subject: [PATCH 662/812] additional time for windows to always sleep more than
 given seconds

---
 src/test/java/org/owasp/esapi/crypto/CryptoTokenTest.java | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/test/java/org/owasp/esapi/crypto/CryptoTokenTest.java b/src/test/java/org/owasp/esapi/crypto/CryptoTokenTest.java
index 8f43d3b1b..0d2b8a519 100644
--- a/src/test/java/org/owasp/esapi/crypto/CryptoTokenTest.java
+++ b/src/test/java/org/owasp/esapi/crypto/CryptoTokenTest.java
@@ -391,7 +391,9 @@ public final void testAddandGetAttributes() {
     private static void nap(int n) {
         try {
             System.out.println("Sleeping " + n + " seconds...");
-            Thread.sleep( n * 1000 );
+            // adds additional time to make sure we sleep more than n seconds
+            int additionalTimeToSleep = 100;
+            Thread.sleep( n * 1000 + additionalTimeToSleep );
         } catch (InterruptedException e) {
             ;   // Ignore
         }

From b479d5908d10100a32355c9b9cde05964d4075f0 Mon Sep 17 00:00:00 2001
From: Wiiitek <kubiczak.jakub@gmail.com>
Date: Sun, 23 Feb 2020 19:16:36 +0100
Subject: [PATCH 663/812] inline reader for try-with-resource

---
 .../org/owasp/esapi/reference/ExtensiveEncoderURITest.java  | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/reference/ExtensiveEncoderURITest.java b/src/test/java/org/owasp/esapi/reference/ExtensiveEncoderURITest.java
index 36bd7c116..0283492c7 100644
--- a/src/test/java/org/owasp/esapi/reference/ExtensiveEncoderURITest.java
+++ b/src/test/java/org/owasp/esapi/reference/ExtensiveEncoderURITest.java
@@ -36,10 +36,8 @@ public ExtensiveEncoderURITest(String uri){
 	@Parameters
 	public static Collection<String> getMyUris() throws Exception{
 		URL url = ExtensiveEncoderURITest.class.getResource("/urisForTest.txt");
-		
-		try( InputStream is = url.openStream() ) {
-			InputStreamReader isr = new InputStreamReader(is, StandardCharsets.UTF_8);
-			BufferedReader br = new BufferedReader(isr);
+
+		try( BufferedReader br = new BufferedReader(new InputStreamReader(url.openStream(), StandardCharsets.UTF_8)) ) {
 			inputs = readAllLines(br);
 		}
 		return inputs;

From 048fc0c40549cd86b28d0ac5ef89cbfdc4cbb289 Mon Sep 17 00:00:00 2001
From: Wiiitek <kubiczak.jakub@gmail.com>
Date: Sun, 23 Feb 2020 19:17:42 +0100
Subject: [PATCH 664/812] removing not needed code

---
 .../org/owasp/esapi/reference/ExtensiveEncoderURITest.java   | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/reference/ExtensiveEncoderURITest.java b/src/test/java/org/owasp/esapi/reference/ExtensiveEncoderURITest.java
index 0283492c7..18d88c79e 100644
--- a/src/test/java/org/owasp/esapi/reference/ExtensiveEncoderURITest.java
+++ b/src/test/java/org/owasp/esapi/reference/ExtensiveEncoderURITest.java
@@ -4,7 +4,6 @@
 
 import java.io.BufferedReader;
 import java.io.IOException;
-import java.io.InputStream;
 import java.io.InputStreamReader;
 import java.net.URL;
 import java.nio.charset.StandardCharsets;
@@ -22,7 +21,7 @@
 
 @RunWith(Parameterized.class)
 public class ExtensiveEncoderURITest {
-	static List<String> inputs = new ArrayList<String>();
+	static List<String> inputs = new ArrayList<>();
 	Validator v = ESAPI.validator();
 	String uri;
 	boolean expected;
@@ -53,7 +52,7 @@ private static List<String> readAllLines(BufferedReader br) throws IOException {
 	}
 
 	@Test
-	public void testUrlsFromFile() throws Exception{
+	public void testUrlsFromFile() {
 		assertEquals(this.expected, v.isValidURI("URL", uri, false));
 	}
 

From 7003acc1da17eb68bc92c97a2b7d47a093021385 Mon Sep 17 00:00:00 2001
From: "Kevin W. Wall" <kevin.w.wall@gmail.com>
Date: Sun, 23 Feb 2020 17:17:02 -0500
Subject: [PATCH 665/812] Updated README.md to refer to config jar

Updated 2.2.0.0 release on GitHub and added jar and signature for ESAPI default config files. This README.md update just references that.
---
 README.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/README.md b/README.md
index f7c38d99d..fd3e2d5bf 100644
--- a/README.md
+++ b/README.md
@@ -23,6 +23,12 @@ The default branch for ESAPI legacy is now the 'develop' branch (rather than the
 # Where can I find ESAPI 3.x?
 https://github.com/ESAPI/esapi-java
 
+# Locating ESAPI Jar files
+The latest ESAPI 2.2.0.0 default configuration jar and its GPG signature can be found at [esapi-2.2.0.0-configuration.jar](https://github.com/ESAPI/esapi-java-legacy/releases/download/esapi-2.2.0.0/esapi-2.2.0.0-configuration.jar) and [esapi-2.2.0.0-configuration.jar.asc](https://github.com/ESAPI/esapi-java-legacy/releases/download/esapi-2.2.0.0/esapi-2.2.0.0-configuration.jar.asc) respectively.
+
+The latest regular ESAPI jars can are available from Maven Central.
+
+
 # ESAPI Deprecation Policy
 Unless we unintentionally screw-up, our intent is to keep classes, methods, and/or fields whihc have been annotated as "@deprecated" for a minimum of two (2) years or until the next major release number (e.g., 3.x as of now), which ever comes first, before we remove them.
 Note that this policy does not apply to classes under the **org.owasp.esapi.reference** package. You are not expected to be using such classes directly in your code.

From e007ec83f5169a7f75ba63354a63c697af685fe2 Mon Sep 17 00:00:00 2001
From: "Kevin W. Wall" <kevin.w.wall@gmail.com>
Date: Tue, 25 Feb 2020 22:22:57 -0500
Subject: [PATCH 666/812] Update to include link to the latest release.

---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index fd3e2d5bf..68037a5d2 100644
--- a/README.md
+++ b/README.md
@@ -15,7 +15,7 @@ OWASP ESAPI (The OWASP Enterprise Security API) is a free, open source, web appl
 </table>
 
 # What does Legacy mean?
-<p>This is the legacy branch of ESAPI which means it is an actively maintained branch of the project, however feature development for this branch will not be done. Features that have already been scheduled for the 2.x branch will move forward, but the main focus will be working on the ESAPI 3.x branch.
+<p>This is the legacy branch of ESAPI which means it is an actively maintained branch of the project, however feature development for this branch will not be done. Features that have already been scheduled for the 2.x branch will move forward, but the main focus will be working on the ESAPI 3.x branch. 
 
 <b>IMPORTANT NOTE:</b>
 The default branch for ESAPI legacy is now the 'develop' branch (rather than the 'master' branch), where future development, bug fixes, etc. will now be done. The 'master' branch is now marked as "protected"; it reflects the latest stable ESAPI release (2.1.0.1 as of this date). Note that this change of making the 'develop' branch the default may affect any pull requests that you were intending to make.
@@ -24,7 +24,7 @@ The default branch for ESAPI legacy is now the 'develop' branch (rather than the
 https://github.com/ESAPI/esapi-java
 
 # Locating ESAPI Jar files
-The latest ESAPI 2.2.0.0 default configuration jar and its GPG signature can be found at [esapi-2.2.0.0-configuration.jar](https://github.com/ESAPI/esapi-java-legacy/releases/download/esapi-2.2.0.0/esapi-2.2.0.0-configuration.jar) and [esapi-2.2.0.0-configuration.jar.asc](https://github.com/ESAPI/esapi-java-legacy/releases/download/esapi-2.2.0.0/esapi-2.2.0.0-configuration.jar.asc) respectively.
+The [latest ESAPI release](https://github.com/ESAPI/esapi-java-legacy/releases/latest) is 2.2.0.0. The default configuration jar and its GPG signature can be found at [esapi-2.2.0.0-configuration.jar](https://github.com/ESAPI/esapi-java-legacy/releases/download/esapi-2.2.0.0/esapi-2.2.0.0-configuration.jar) and [esapi-2.2.0.0-configuration.jar.asc](https://github.com/ESAPI/esapi-java-legacy/releases/download/esapi-2.2.0.0/esapi-2.2.0.0-configuration.jar.asc) respectively.
 
 The latest regular ESAPI jars can are available from Maven Central.
 

From d26b98f11d0d1bacc66df36d7c659c822bb3fba7 Mon Sep 17 00:00:00 2001
From: Bill Sempf <bill@pointweb.net>
Date: Tue, 19 May 2020 00:01:59 -0400
Subject: [PATCH 667/812] Release notes for 2.2.1.0 (#543)

I have no idea how to associate this with Issue 542 but if I figure it out I will do it.
---
 .../esapi4java-core-2.2.1.0-release-notes.txt | 115 ++++++++++++++++++
 1 file changed, 115 insertions(+)
 create mode 100644 documentation/esapi4java-core-2.2.1.0-release-notes.txt

diff --git a/documentation/esapi4java-core-2.2.1.0-release-notes.txt b/documentation/esapi4java-core-2.2.1.0-release-notes.txt
new file mode 100644
index 000000000..7f91e07a5
--- /dev/null
+++ b/documentation/esapi4java-core-2.2.1.0-release-notes.txt
@@ -0,0 +1,115 @@
+Release notes for ESAPI 2.2.1.0
+    Release date: 2020-May-12
+    Project leaders:
+        -Kevin W. Wall <kevin.w.wall@gmail.com>
+        -Matt Seil <matt.seil@owasp.org>
+
+Previous release: ESAPI 2.2.0.0, 2019-June-24
+
+
+Executive Summary: Important Things to Note for this Release
+------------------------------------------------------------
+
+    TBD
+
+=================================================================================================================
+
+Basic ESAPI facts
+
+ESAPI 2.2.0.0 release:
+    194 Java source files
+    4150 JUnit tests in 118 Java source files
+
+ESAPI 2.2.1.0 release:
+    TBD
+
+GitHub Issues fixed in this release
+
+Issue #			GitHub Issue Title
+----------------------------------------------------------------------------------------------
+
+143             Enchance encodeForOS to auto-detect the underling OS
+226             Javadoc Inaccuracy in getRandomInteger() and getRandomReal()
+245             KeyDerivationFunction::computeDerivedKey - possible security level mismatch
+256             White space clean up
+382             Build Fails on path with space
+494             Encoder's encodeForCSS doesn't handle RGB Triplets
+503             Bug on on referrer header when value contains `&section` like `www.asdf.com?a=1&section=2`
+509             HTMLValidationRule.getValid(String,String) does not follow documented specifications
+511             Add missing documentation to Validator.addRule() and Validator.getRule()
+512             Update Apache Commons Bean Utils to 1.9.4
+515             Adding tests for getCookies (also 516)
+519             Issue 494 CSSCodec RGB Triplets
+530             Log Bridge Tests
+536             Various fixes
+538             Addressing log4j 1.x CVE-2019-17571
+
+-----------------------------------------------------------------------------
+
+        Changes requiring special attention
+
+-----------------------------------------------------------------------------
+
+TBD
+
+-----------------------------------------------------------------------------
+
+        Other changes in this release, some of which not tracked via GitHub issues
+
+-----------------------------------------------------------------------------
+
+Documentation updates for locating Jar files
+Unneeded code removed from ExtensiveEncoder
+Inline reader added to ExtensiveEncoder
+Additional time for windows to always sleep more than given seconds in CryptoTokenTest
+Change required by tweak to CipherText.toString() method
+Removed call to deprecated CryptoHelper.computeDerivedKey() method
+New JUnit tests for org.owasp.esapi.crypto.KeyDerivationFunction class
+Use existing toString method rather than a StringBuilder
+Documentation and tests
+JavaLogger move
+Splitting user infor from Client Supplier
+
+-----------------------------------------------------------------------------
+
+Developer Activity Report (Changes between release 2.2.0.0 and 2.2.1.0, i.e., between 2019-06-25 and 2020-05-12)
+Generated manually (this time)
+
+Developer       Total commits       Total Number
+                                  of Files Changed
+=====================================================
+jeremiahjstacey 11              68
+kwwall          15              26
+wiitek          3               6
+xeno6696        8               9
+Michael-Ziluck  2               3
+=====================================================
+
+-----------------------------------------------------------------------------
+
+53 Closed PRs since 2.2.0.0 release
+===================================
+504 New scripts to suppress noise for 'mvn test'
+510 Resolve #509 - Properly throw exception when HTML fails
+513 Close issue #512 by updating to 1.9.4 of Commons Beans Util.\
+519 Issue 494 CSSCodec RGB Triplets
+520 OS Name DefaultExecutorTests #143
+540 Issue 382: Build Fails on path with space
+596 Closes Issue 245
+
+-----------------------------------------------------------------------------
+
+Notice:
+
+    Release notes written by Bill Sempf (bill.sempf@owasp.org) please direct any communication to me.
+
+Project co-leaders
+    Kevin W. Wall (kwwall)
+    Matt Seil (xeno6696)
+
+Special shout-outs to:
+    Jeremiah Stacey (jeremiahjstacey) -- All around ESAPI support and JUnit test case developer extraordinaire
+    Dave Wichers (davewichers) - for Maven Central / Sonatype help
+
+Thanks you all for your time and effort to ESAPI and making it a better project. And if I've missed any, my apologies; let me know and I will correct it.
+

From 482194884f5db00b8d22bfde6e5a8823374dd128 Mon Sep 17 00:00:00 2001
From: "Kevin W. Wall" <kevin.w.wall@gmail.com>
Date: Tue, 19 May 2020 00:03:59 -0400
Subject: [PATCH 668/812] Update release date to 2020-TBD

Need to wait until other PR is merged.
---
 documentation/esapi4java-core-2.2.1.0-release-notes.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/documentation/esapi4java-core-2.2.1.0-release-notes.txt b/documentation/esapi4java-core-2.2.1.0-release-notes.txt
index 7f91e07a5..bb46556b8 100644
--- a/documentation/esapi4java-core-2.2.1.0-release-notes.txt
+++ b/documentation/esapi4java-core-2.2.1.0-release-notes.txt
@@ -1,5 +1,5 @@
 Release notes for ESAPI 2.2.1.0
-    Release date: 2020-May-12
+    Release date: 2020-TBD
     Project leaders:
         -Kevin W. Wall <kevin.w.wall@gmail.com>
         -Matt Seil <matt.seil@owasp.org>

From 90d3d0d9ba48c6b372980cdded869faf31fd59e7 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sat, 6 Jun 2020 17:25:09 -0400
Subject: [PATCH 669/812] Fix Javadoc

---
 src/main/java/org/owasp/esapi/codecs/HashTrie.java | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/codecs/HashTrie.java b/src/main/java/org/owasp/esapi/codecs/HashTrie.java
index 4c8d41910..fef14aee7 100644
--- a/src/main/java/org/owasp/esapi/codecs/HashTrie.java
+++ b/src/main/java/org/owasp/esapi/codecs/HashTrie.java
@@ -252,8 +252,7 @@ Entry<T> getLongestMatch(CharSequence key, int pos)
 		/**
 		 * Recursively lookup the longest key match.
 		 * @param keyIn Where to read the key from
-		 * @param pos The position in the key that is being
-		 *	looked up at this level.
+		 * @param key The key that is being looked up at this level.
 		 * @return The Entry associated with the longest key
 		 *	match or null if none exists.
 		 */

From 9be40d4055c0bc186845e8679c72cf4b476ad710 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sat, 6 Jun 2020 17:27:51 -0400
Subject: [PATCH 670/812] Fix Javadoc

---
 src/main/java/org/owasp/esapi/crypto/CipherText.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/main/java/org/owasp/esapi/crypto/CipherText.java b/src/main/java/org/owasp/esapi/crypto/CipherText.java
index 8e57f03e7..1047116fa 100644
--- a/src/main/java/org/owasp/esapi/crypto/CipherText.java
+++ b/src/main/java/org/owasp/esapi/crypto/CipherText.java
@@ -804,7 +804,8 @@ protected boolean canEqual(Object other) {
      * proved in 1996 [see http://pssic.free.fr/Extra%20Reading/SEC+/SEC+/hmac-cb.pdf] that
      * HMAC security doesn’t require that the underlying hash function be collision resistant,
      * but only that it acts as a pseudo-random function, which SHA1 satisfies.
-     * @param ciphertext    The ciphertext value for which the MAC is computed.
+     * @param authKey    The {@Code SecretKey} used with the computed HMAC-SHA1
+     * to ensure authenticity.
      * @return The value for the MAC.
      */ 
     private byte[] computeMAC(SecretKey authKey) {

From 23608fc130683b1ec1b3efea9331be92a815272b Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sat, 6 Jun 2020 17:59:19 -0400
Subject: [PATCH 671/812] Converted String array explicity to string, which is
 probably what was intended in exception messages. Otherwise end up with
 something that looks like '[Ljava.lang.String;@7825ed4c' which is not very
 helpful.

---
 .../esapi/reference/accesscontrol/DelegatingACR.java     | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/accesscontrol/DelegatingACR.java b/src/main/java/org/owasp/esapi/reference/accesscontrol/DelegatingACR.java
index 07af135d7..65cb0ebb9 100644
--- a/src/main/java/org/owasp/esapi/reference/accesscontrol/DelegatingACR.java
+++ b/src/main/java/org/owasp/esapi/reference/accesscontrol/DelegatingACR.java
@@ -4,6 +4,7 @@
 import java.lang.reflect.Modifier;
 import java.util.Iterator;
 import java.util.Vector;
+import java.util.Arrays;
 
 import org.apache.commons.collections4.iterators.ArrayListIterator;
 
@@ -25,12 +26,12 @@ public void setPolicyParameters(DynaBeanACRParameter policyParameter) {
 		} catch (SecurityException e) {
 			throw new IllegalArgumentException(e.getMessage() + 
 					" delegateClass.delegateMethod(parameterClasses): \"" +  
-					delegateClassName + "." + methodName + "(" + parameterClassNames +
+					delegateClassName + "." + methodName + "(" + Arrays.toString(parameterClassNames) +
 					")\" must be public.", e);
 		} catch (NoSuchMethodException e) {
 			throw new IllegalArgumentException(e.getMessage() + 
 					" delegateClass.delegateMethod(parameterClasses): \"" +  
-					delegateClassName + "." + methodName + "(" + parameterClassNames +
+					delegateClassName + "." + methodName + "(" + Arrays.toString(parameterClassNames) +
 					")\" does not exist.", e);
 		}
 	
@@ -42,14 +43,14 @@ public void setPolicyParameters(DynaBeanACRParameter policyParameter) {
 				throw new IllegalArgumentException( 
 						" Delegate class \"" + delegateClassName + 
 						"\" must be concrete, because method " +
-						delegateClassName + "." + methodName + "(" + parameterClassNames +
+					    delegateClassName + "." + methodName + "(" + Arrays.toString(parameterClassNames) +
 						") is not static.", ex);
 			} catch (IllegalAccessException ex) {
 				new IllegalArgumentException( 
 						" Delegate class \"" + delegateClassName + 
 						"\" must must have a zero-argument constructor, because " +
 						"method delegateClass.delegateMethod(parameterClasses): \"" +  
-						delegateClassName + "." + methodName + "(" + parameterClassNames +
+					    delegateClassName + "." + methodName + "(" + Arrays.toString(parameterClassNames) +
 						")\" is not static.", ex);
 			}	
 		} else {

From 1531303c2d5f0904740124031043f552d77c351e Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sat, 6 Jun 2020 18:09:03 -0400
Subject: [PATCH 672/812] Add missing space in exception message.

---
 src/main/java/org/owasp/esapi/util/ObjFactory.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/org/owasp/esapi/util/ObjFactory.java b/src/main/java/org/owasp/esapi/util/ObjFactory.java
index 2c23e5f00..7853ef593 100644
--- a/src/main/java/org/owasp/esapi/util/ObjFactory.java
+++ b/src/main/java/org/owasp/esapi/util/ObjFactory.java
@@ -92,7 +92,7 @@ public static <T> T make(String className, String typeName) throws Configuration
                 // The class is meant to be singleton, however, the SecurityManager restricts us from calling the
                 // getInstance method on the class, thus this is a configuration issue and a ConfigurationException
                 // is thrown
-                throw new ConfigurationException( "The SecurityManager has restricted the object factory from getting a reference to the singleton implementation" +
+                throw new ConfigurationException( "The SecurityManager has restricted the object factory from getting a reference to the singleton implementation " +
                         "of the class [" + className + "]", e );
             }
 

From b8c48a9c22317eff3ac52003de9b6eaecce0f7de Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sat, 6 Jun 2020 18:10:40 -0400
Subject: [PATCH 673/812] Make conversion from String array to String explicit
 for exception message.

---
 src/main/java/org/owasp/esapi/reference/DefaultValidator.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/main/java/org/owasp/esapi/reference/DefaultValidator.java b/src/main/java/org/owasp/esapi/reference/DefaultValidator.java
index abe6c93a5..530e2efa8 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultValidator.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultValidator.java
@@ -23,6 +23,7 @@
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.text.DateFormat;
+import java.util.Arrays;
 import java.util.ArrayList;
 import java.util.Date;
 import java.util.HashMap;
@@ -764,7 +765,7 @@ public boolean isValidFileContent(String context, byte[] input, int maxBytes, bo
 	public byte[] getValidFileContent(String context, byte[] input, int maxBytes, boolean allowNull) throws ValidationException, IntrusionException {
 		if (isEmpty(input)) {
 			if (allowNull) return null;
-   			throw new ValidationException( context + ": Input required", "Input required: context=" + context + ", input=" + input, context );
+   			throw new ValidationException( context + ": Input required", "Input required: context=" + context + ", input=" + Arrays.toString(input), context );
 		}
 
 		long esapiMaxBytes = ESAPI.securityConfiguration().getAllowedFileUploadSize();

From 120ff02fe530ac2933d36253316cf1e208d13023 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 7 Jun 2020 13:27:52 -0400
Subject: [PATCH 674/812] Remove references to WAF aliases. Feature not fullyed
 developed. Issue identifed by LGTM. Checked with Arshan and he confirmed it
 should be removed.

---
 configuration/esapi/waf-policy.xsd            | Bin 20582 -> 19482 bytes
 .../AppGuardianConfiguration.java             |  10 --------
 .../configuration/ConfigurationParser.java    |  22 +-----------------
 3 files changed, 1 insertion(+), 31 deletions(-)

diff --git a/configuration/esapi/waf-policy.xsd b/configuration/esapi/waf-policy.xsd
index 4287e792b508ce0b8010b83473965465fca10b2d..1ddc99039e59d5d626245497c0e53a33e74f38f1 100644
GIT binary patch
delta 28
kcmaF1fN|Cg#toHBn-!U*94FVyv2A|oUdzG4z{|h|0GodZ(EtDd

delta 128
zcmbO=gYnq{#toHBoQVuM44Djx48@Z_u#57-c?_vQkpzd}&HhX-j!26B$<1bmDw_O(
yMU)+;Sx?M)vOaGTOm33A_~iA@Rg+mw%_iR#u>jH)lPk^kP5v*=v3a(0H3tBCASYA+

diff --git a/src/main/java/org/owasp/esapi/waf/configuration/AppGuardianConfiguration.java b/src/main/java/org/owasp/esapi/waf/configuration/AppGuardianConfiguration.java
index 36f5239fe..53e6c3404 100644
--- a/src/main/java/org/owasp/esapi/waf/configuration/AppGuardianConfiguration.java
+++ b/src/main/java/org/owasp/esapi/waf/configuration/AppGuardianConfiguration.java
@@ -77,11 +77,6 @@ public class AppGuardianConfiguration {
 	public static final String JAVASCRIPT_TARGET_TOKEN = "##1##";
 	public static final String JAVASCRIPT_REDIRECT = "<html><body><script>document.location='" + JAVASCRIPT_TARGET_TOKEN + "';</script></body></html>";
 
-	/*
-	 * The aliases declared in the beginning of the config file.
-	 */
-	private HashMap<String,Object> aliases;
-
 	/*
 	 * Fail response settings.
 	 */
@@ -114,8 +109,6 @@ public AppGuardianConfiguration() {
 		afterBodyRules = new ArrayList<Rule>();
 		beforeResponseRules = new ArrayList<Rule>();
 		cookieRules = new ArrayList<Rule>();
-
-		aliases = new HashMap<String,Object>();
 	}
 
 	/*
@@ -160,9 +153,6 @@ public void setDefaultResponseCode(int defaultResponseCode) {
 		this.defaultResponseCode = defaultResponseCode;
 	}
 
-	public void addAlias(String key, Object obj) {
-		aliases.put(key, obj);
-	}
 
 	public List<Rule> getBeforeBodyRules() {
 		return beforeBodyRules;
diff --git a/src/main/java/org/owasp/esapi/waf/configuration/ConfigurationParser.java b/src/main/java/org/owasp/esapi/waf/configuration/ConfigurationParser.java
index 4531ed058..cc429d182 100644
--- a/src/main/java/org/owasp/esapi/waf/configuration/ConfigurationParser.java
+++ b/src/main/java/org/owasp/esapi/waf/configuration/ConfigurationParser.java
@@ -94,7 +94,6 @@ public static AppGuardianConfiguration readConfigurationFile(InputStream stream,
 			doc = parser.build(stream);
 			root = doc.getRootElement();
 
-			Element aliasesRoot = root.getFirstChildElement("aliases");
 			Element settingsRoot = root.getFirstChildElement("settings");
 			Element authNRoot = root.getFirstChildElement("authentication-rules");
 			Element authZRoot = root.getFirstChildElement("authorization-rules");
@@ -106,30 +105,11 @@ public static AppGuardianConfiguration readConfigurationFile(InputStream stream,
 			Element beanShellRoot = root.getFirstChildElement("bean-shell-rules");
 			
 			
-			/**
-			 * Parse the 'aliases' section.
-			 */
-			if ( aliasesRoot != null ) {
-				Elements aliases = aliasesRoot.getChildElements("alias");
-	
-				for(int i=0;i<aliases.size();i++) {
-					Element e = aliases.get(i);
-					String name = e.getAttributeValue("name");
-					String type = e.getAttributeValue("type");
-					String value = e.getValue();
-					if ( REGEX.equals(type) ) {
-						config.addAlias(name, Pattern.compile(value));
-					} else {
-						config.addAlias(name, value);
-					}
-				}
-			}
-			
 			/**
 			 * Parse the 'settings' section.
 			 */
 			if ( settingsRoot == null ) {
-				throw new ConfigurationException("", "The <settings> section is required");
+                throw new ConfigurationException("", "The <settings> section is required");
 			} else if ( settingsRoot != null ) {
 				
 				

From 9fb1ff81b9ced9108e64ec79661d958d28dd293a Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 7 Jun 2020 16:53:10 -0400
Subject: [PATCH 675/812] Address LGTM alerts about failure to use 'secure'
 cookies.

---
 .../esapi/filters/SecurityWrapperRequest.java | 92 +++++++++----------
 1 file changed, 42 insertions(+), 50 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/filters/SecurityWrapperRequest.java b/src/main/java/org/owasp/esapi/filters/SecurityWrapperRequest.java
index 910733d99..939f572b6 100644
--- a/src/main/java/org/owasp/esapi/filters/SecurityWrapperRequest.java
+++ b/src/main/java/org/owasp/esapi/filters/SecurityWrapperRequest.java
@@ -64,11 +64,11 @@ public class SecurityWrapperRequest extends HttpServletRequestWrapper implements
      * @param request The {@code HttpServletRequest} we are wrapping.
      */
     public SecurityWrapperRequest(HttpServletRequest request) {
-    	super( request );
+        super( request );
     }
 
     private HttpServletRequest getHttpServletRequest() {
-    	return (HttpServletRequest)super.getRequest();
+        return (HttpServletRequest)super.getRequest();
     }
     
     /**
@@ -128,8 +128,8 @@ public String getContentType() {
     public String getContextPath() {
         String path = getHttpServletRequest().getContextPath();
         SecurityConfiguration sc = ESAPI.securityConfiguration();
-		//Return empty String for the ROOT context
-		if (path == null || "".equals(path.trim())) return "";
+        //Return empty String for the ROOT context
+        if (path == null || "".equals(path.trim())) return "";
 
         String clean = "";
         try {
@@ -159,7 +159,7 @@ public Cookie[] getCookies() {
                 int maxAge = c.getMaxAge();
                 String domain = c.getDomain();
                 String path = c.getPath();
-				
+                
                 Cookie n = new Cookie(name, value);
                 n.setMaxAge(maxAge);
 
@@ -347,7 +347,7 @@ public String getParameter(String name) {
      * @return The "scrubbed" parameter value.
      */
     public String getParameter(String name, boolean allowNull) {
-    	SecurityConfiguration sc = ESAPI.securityConfiguration();
+        SecurityConfiguration sc = ESAPI.securityConfiguration();
         return getParameter(name, allowNull, sc.getIntProp("HttpUtilities.httpQueryParamValueLength"), "HTTPParameterValue");
     }
 
@@ -423,7 +423,7 @@ public Enumeration getParameterNames() {
         Enumeration en = getHttpServletRequest().getParameterNames();
         while (en.hasMoreElements()) {
             try {
-            	SecurityConfiguration sc = ESAPI.securityConfiguration();
+                SecurityConfiguration sc = ESAPI.securityConfiguration();
                 String name = (String) en.nextElement();
                 String clean = ESAPI.validator().getValidInput("HTTP parameter name: " + name, name, "HTTPParameterName", sc.getIntProp("HttpUtilities.httpQueryParamNameLength"), true);
                 v.add(clean);
@@ -446,8 +446,8 @@ public String[] getParameterValues(String name) {
         String[] values = getHttpServletRequest().getParameterValues(name);
         List<String> newValues;
 
-	if(values == null)
-		return null;
+    if(values == null)
+        return null;
         newValues = new ArrayList<String>();
         SecurityConfiguration sc = ESAPI.securityConfiguration();
         for (String value : values) {
@@ -469,7 +469,7 @@ public String[] getParameterValues(String name) {
      */
     public String getPathInfo() {
         String path = getHttpServletRequest().getPathInfo();
-		if (path == null) return null;
+        if (path == null) return null;
         String clean = "";
         SecurityConfiguration sc = ESAPI.securityConfiguration();
         try {
@@ -681,15 +681,15 @@ public String getServerName() {
      * HttpServletRequest after parsing and checking the range 0-65536.
      * @return The local server port
      */
-	public int getServerPort() {
-		int port = getHttpServletRequest().getServerPort();
-		if ( port < 0 || port > 0xFFFF ) {
-			logger.warning( Logger.SECURITY_FAILURE, "HTTP server port out of range: " + port );
-			port = 0;
-		}
-		return port;
-	}
- 	
+    public int getServerPort() {
+        int port = getHttpServletRequest().getServerPort();
+        if ( port < 0 || port > 0xFFFF ) {
+            logger.warning( Logger.SECURITY_FAILURE, "HTTP server port out of range: " + port );
+            port = 0;
+        }
+        return port;
+    }
+    
 
     /**
      * Returns the server path from the HttpServletRequest after canonicalizing
@@ -710,52 +710,44 @@ public String getServletPath() {
 
     /**
      * Returns a session, creating it if necessary, and sets the HttpOnly flag
-     * on the Session ID cookie.
+     * on the Session ID cookie.  The 'secure' flag is also set if the property
+     * {@Code HttpUtilities.ForceSecureCookies} is set to {@Code true} in the <b>ESAPI.properties</b> file.
      * @return The current session
      */
     public HttpSession getSession() {
-		HttpSession session = getHttpServletRequest().getSession();
-
-		// send a new cookie header with HttpOnly on first and second responses
-	    if (ESAPI.securityConfiguration().getBooleanProp("HttpUtilities.ForceHttpOnlySession")) {
-	        if (session.getAttribute("HTTP_ONLY") == null) {
-				session.setAttribute("HTTP_ONLY", "set");
-				Cookie cookie = new Cookie(ESAPI.securityConfiguration().getStringProp("HttpUtilities.HttpSessionIdName"), session.getId());
-				cookie.setPath( getHttpServletRequest().getContextPath() );
-				cookie.setMaxAge(-1); // session cookie
-	            HttpServletResponse response = ESAPI.currentResponse();
-	            if (response != null) {
-	                ESAPI.currentResponse().addCookie(cookie);
-	            }
-	        }
-	    }
-        return session;
+        return getSession(true);
     }
 
     /**
-     * Returns a session, creating it if necessary, and sets the HttpOnly flag
-     * on the Session ID cookie.
-     * @param create Create a new session if one doesn't exist
+     * Returns the current session associated with this request or, if there is no current session and
+     * {@Code create} is {@Code true}, returns a new session and sets the HttpOnly flag on the session ID cookie.
+     * The 'secure' flag is also set if the property {@Code HttpUtilities.ForceSecureCookies} is set to
+     * {@Code true} in the <b>ESAPI.properties</b> file.
+     * @param create If set to {@Code true}, create a new session if one doesn't exist, otherwise return {@Code null}
      * @return The current session
      */
     public HttpSession getSession(boolean create) {
         HttpSession session = getHttpServletRequest().getSession(create);
+
         if (session == null) {
             return null;
         }
 
+        SecurityConfiguration sc = ESAPI.securityConfiguration();
+
         // send a new cookie header with HttpOnly on first and second responses
-        if (ESAPI.securityConfiguration().getBooleanProp("HttpUtilities.ForceHttpOnlySession")) {
-	        if (session.getAttribute("HTTP_ONLY") == null) {
-	            session.setAttribute("HTTP_ONLY", "set");
-	            Cookie cookie = new Cookie(ESAPI.securityConfiguration().getStringProp("HttpUtilities.HttpSessionIdName"), session.getId());
-	            cookie.setMaxAge(-1); // session cookie
-	            cookie.setPath( getHttpServletRequest().getContextPath() );
-	            HttpServletResponse response = ESAPI.currentResponse();
-	            if (response != null) {
-	                ESAPI.currentResponse().addCookie(cookie);
-	            }
-	        }
+        if ( sc.getBooleanProp("HttpUtilities.ForceHttpOnlySession") ) {
+            if (session.getAttribute("HTTP_ONLY") == null) {
+                session.setAttribute("HTTP_ONLY", "set");
+                Cookie cookie = new Cookie( sc.getStringProp("HttpUtilities.HttpSessionIdName"), session.getId() );
+                cookie.setMaxAge(-1); // session cookie
+                cookie.setPath( getHttpServletRequest().getContextPath() );
+                cookie.setSecure( sc.getBooleanProp("HttpUtilities.ForceSecureCookies") );
+                HttpServletResponse response = ESAPI.currentResponse();
+                if (response != null) {
+                    ESAPI.currentResponse().addCookie(cookie);
+                }
+            }
         }
         return session;
     }

From e700d20f5d3b3bdb7f4323b3174ca64468385c23 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 7 Jun 2020 20:31:38 -0400
Subject: [PATCH 676/812] Reorganized one of the tests and added some new test
 cases.

---
 .../owasp/esapi/crypto/CryptoTokenTest.java   | 36 +++++++++++--------
 1 file changed, 22 insertions(+), 14 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/crypto/CryptoTokenTest.java b/src/test/java/org/owasp/esapi/crypto/CryptoTokenTest.java
index 0d2b8a519..52c60c6ee 100644
--- a/src/test/java/org/owasp/esapi/crypto/CryptoTokenTest.java
+++ b/src/test/java/org/owasp/esapi/crypto/CryptoTokenTest.java
@@ -288,34 +288,42 @@ public final void testSetAndGetAttribute() {
         // where attribute values contains each of the values that will
         // be quoted, namely:   '\', '=', and ';'
         try {
+            String[] attrValues = { "\\", ";", "=", "foo=", "bar\\=", "foobar=\"" };
             String complexValue = "kwwall;1291183520293;abc=x=yx;xyz=;efg=a;a;;bbb=quotes\\tuff";
-            
-            ctok.setAttribute("..--__", ""); // Ugly, but legal attr name; empty is legal value.
-            ctok.setAttribute("attr1", "\\");
-            ctok.setAttribute("attr2", ";");
-            ctok.setAttribute("attr3", "=");
+
             ctok.setAttribute("complexAttr", complexValue);
+            ctok.setAttribute("..--__", ""); // Ugly weird but legal attr name; empty is legal value.
+            
+            for ( int i = 0; i < attrValues.length; i++ ) {
+                String attrName = "attr" + i;
+                String attrVal  = attrValues[i];
+
+                ctok.setAttribute( attrName, attrVal );
+            }
+
             String tokenVal = ctok.getToken();
             assertNotNull("tokenVal should not be null", tokenVal);
             
             CryptoToken ctok2 = new CryptoToken(tokenVal);
+
             String weirdAttr = ctok2.getAttribute("..--__");
             assertTrue("Expecting empty string for value of weird attr, but got: " + weirdAttr,
                        weirdAttr.equals(""));
 
-            String attr1 = ctok2.getAttribute("attr1");
-            assertTrue("attr1 has unexpected value of " + attr1, attr1.equals("\\") );
-
-            String attr2 = ctok2.getAttribute("attr2");
-            assertTrue("attr2 has unexpected value of " + attr2, attr2.equals(";") );
-
-            String attr3 = ctok2.getAttribute("attr3");
-            assertTrue("attr3 has unexpected value of " + attr3, attr3.equals("=") );
-
             String complexAttr = ctok2.getAttribute("complexAttr");
             assertNotNull(complexAttr);
             assertTrue("complexAttr has unexpected value of " + complexAttr, complexAttr.equals(complexValue) );
 
+            for ( int i = 0; i < attrValues.length; i++ ) {
+                String attrName  = "attr" + i;
+                String attrVal   = attrValues[i];
+                String retrieved = ctok2.getAttribute( attrName );
+                String assertMsg = "Exptected attribute '" + attrName + "' to have value of '" + attrVal + "', but had value of '" + retrieved;
+
+                assertTrue( assertMsg, attrVal.equals( attrVal ) );
+                ctok.setAttribute( attrName, attrVal );
+            }
+
         } catch (ValidationException e) {
             fail("Caught unexpected ValidationException: " + e);
         } catch (Exception e) {

From e1b634e81606b1a2c7cd60b1251af13ee1831511 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 21 Jun 2020 17:08:52 -0400
Subject: [PATCH 677/812] Add registered trademark to first 'OWASP' referene.

---
 README.md | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 68037a5d2..155838fae 100644
--- a/README.md
+++ b/README.md
@@ -9,7 +9,7 @@ Enterprise Security API for Java (Legacy)
 <table border=0>
 <tr>
 <td>
-OWASP ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications. The ESAPI for Java library is designed to make it easier for programmers to retrofit security into existing applications. ESAPI for Java also serves as a solid foundation for new development.
+OWASP® ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications. The ESAPI for Java library is designed to make it easier for programmers to retrofit security into existing applications. ESAPI for Java also serves as a solid foundation for new development.
 </td>
 </tr>
 </table>
@@ -85,3 +85,6 @@ Old archives for the old Mailman mailing lists for ESAPI-Users and ESAPI-Dev are
 For a general overview of Google Groups and its web interface, see https://groups.google.com/forum/#!overview
 
 For assistance subscribing and unsubscribing to Google Groups, see https://webapps.stackexchange.com/questions/13508/how-can-i-subscribe-to-a-google-mailing-list-with-a-non-google-e-mail-address/15593#15593
+
+----------
+OWASP is a registered trademark of The OWASP Foundation.

From 8eb9d0fa5528aadbdf474908f18cb4b27ee70df4 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 21 Jun 2020 17:10:55 -0400
Subject: [PATCH 678/812] Update Jaavdoc.

---
 src/main/java/org/owasp/esapi/ESAPI.java | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/main/java/org/owasp/esapi/ESAPI.java b/src/main/java/org/owasp/esapi/ESAPI.java
index 33eca3fcc..e11239c75 100644
--- a/src/main/java/org/owasp/esapi/ESAPI.java
+++ b/src/main/java/org/owasp/esapi/ESAPI.java
@@ -93,6 +93,8 @@ public static Authenticator authenticator() {
 	}
 
 	/**
+     * The ESAPI Encoder is primarilly used to provide <i>output</i> encoding to
+     * prevent Cross-Site Scripting (XSS).
 	 * @return the current ESAPI Encoder object being used to encode and decode data for this application. 
 	 */
 	public static Encoder encoder() {

From 56b4aa68c6dafa6b85f6d187756bad1f4da75074 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 21 Jun 2020 17:11:18 -0400
Subject: [PATCH 679/812] Update Javadoc.

---
 src/main/java/org/owasp/esapi/Encoder.java | 106 +++++++++++++++++----
 1 file changed, 90 insertions(+), 16 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/Encoder.java b/src/main/java/org/owasp/esapi/Encoder.java
index ca82238be..b89c85e82 100644
--- a/src/main/java/org/owasp/esapi/Encoder.java
+++ b/src/main/java/org/owasp/esapi/Encoder.java
@@ -23,28 +23,102 @@
 
 
 /**
- * The Encoder interface contains a number of methods for decoding input and encoding output
- * so that it will be safe for a variety of interpreters. To prevent
- * double-encoding, callers should make sure input does not already contain encoded characters
- * by calling canonicalize. Validator implementations should call canonicalize on user input
- * <b>before</b> validating to prevent encoded attacks.
+ * The {@code Encoder} interface contains a number of methods for decoding input and encoding output
+ * so that it will be safe for a variety of interpreters. Its primary use is to
+ * provide <i>output</i> encoding to prevent XSS.
  * <p>
- * All of the methods must use a "whitelist" or "positive" security model.
- * For the encoding methods, this means that all characters should be encoded, except for a specific list of
- * "immune" characters that are known to be safe.
- * <p>
- * The Encoder performs two key functions, encoding and decoding. These functions rely
+ * To prevent double-encoding, callers should make sure input does not already contain encoded characters
+ * by calling one of the {@code canonicalize()} methods. Validator implementations should call
+ * {@code canonicalize()} on user input <b>before</b> validating to prevent encoded attacks.
+ * </p><p>
+ * All of the methods <b>must</b> use an "allow list" or "positive" security model rather
+ * than a "deny list" or "negative" security model.  For the encoding methods, this means that
+ * all characters should be encoded, except for a specific list of "immune" characters that are
+ * known to be safe.
+ * </p><p>
+ * The {@code Encoder} performs two key functions, encoding and decoding. These functions rely
  * on a set of codecs that can be found in the org.owasp.esapi.codecs package. These include:
- * <ul><li>CSS Escaping</li>
+ * <ul>
+ * <li>CSS Escaping</li>
  * <li>HTMLEntity Encoding</li>
  * <li>JavaScript Escaping</li>
- * <li>MySQL Escaping</li>
- * <li>Oracle Escaping</li>
+ * <li>MySQL Database Escaping</li>
+ * <li>Oracle Database Escaping</li>
  * <li>Percent Encoding (aka URL Encoding)</li>
- * <li>Unix Escaping</li>
+ * <li>Unix Shell Escaping</li>
  * <li>VBScript Escaping</li>
- * <li>Windows Encoding</li></ul>
- * <p>
+ * <li>Windows Cmd Escaping</li>
+ * <li>LDAP Escaping</li>
+ * <li>XML and XML Attribute Encoding</li>
+ * <li>XPath Escaping</li>
+ * <li>Base64 Encoding</li>
+ * </ul>
+ * </p><p>
+ * The primary use of ESAPI {@code Encoder} is to prevent XSS vulnerabilities by
+ * providing output encoding using the various "encodeFor<i>XYZ</i>()" methods,
+ * where <i>XYZ</i> is one of CSS, HTML, HTMLAttribute, JavaScript, or URL. When
+ * using the ESAPI output encoders, it is important that you use the one for the
+ * <b>appropriate context</b> where the output will be rendered. For example, it
+ * the output appears in an JavaScript context, you should use {@code encodeForJavaScript}
+ * (note this includes all of the DOM JavaScript event handler attributes such as
+ * 'onfocus', 'onclick', 'onload', etc.). If the output would be rendered in an HTML
+ * attribute context (with the exception of the aforementioned 'onevent' type event
+ * handler attributes), you would use {@code encodeForHTMLAttribute}. If you are
+ * encoding anywhere a URL is expected (e.g., a 'href' attribute for for &lt;a&gt; or
+ * a 'src' attribute on a &lt;img&gt; tag, etc.), then you should use use {@code encodeForURL}.
+ * If encoding CSS, then use {@code encodeForCSS}. Etc. This is because there are
+ * different escaping requirements for these different contexts. Developers who are
+ * new to ESAPI or to defending against XSS vulnerabilities are highly encouraged to
+ * <i>first</i> read the
+ * <a href="https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html" target="_blank" rel="noopener noreferreer">
+ * OWASP Cross-Site Scripting Prevention Cheat Sheet</a>.
+ * </p><p>
+ * Note that in addition to these encoder methods, ESAPI also provides a JSP Tag
+ * Library ({@code META-INF/esapi.tld}) in the ESAPI jar. This allows one to use
+ * the more convenient JSP tags in JSPs. These * tags are simply wrappers for the
+ * various "encodeForX<i>XYZ</i>()" methods.
+ * </p><p>
+ * <b>Some important final words:</b>
+ * <ul>
+ * <li><b>Where to output encode:</b>
+ * Knowing where to place the output encoding in your code
+ * is just as important as knowing which context (HTML, HTML attribute, CSS,
+ * JavaScript, or URL) to use for the output encoding and surprisingly the two
+ * are often related. In general, output encoding should be done just prior to the
+ * output being rendered because that is what determines what the appropriate
+ * context is for the output encoding. In fact, doing output encoding on
+ * untrusted data that is stored and to be used later--whether stored in an HTTP
+ * session or in a database--is almost always considered an anti-pattern. An
+ * example of this is one gathers and stores some untrusted data item such as an
+ * email address from a user. A developer thinks "let's output encode this and
+ * store the encoded data in the database, thus making the untrusted data safe
+ * to use, thus saving us all the encoding troubles later on". On the surface,
+ * that sounds like a reasonable approach. The problem is how to know what
+ * output encoding to use, not only for now, but for all possible <i>future</i>
+ * uses? It might be that the current application code base is only using it in
+ * an HTML contexxt that is displayed in an HTML report or shown in an HTML
+ * context in the user's profile. But what it it is later used in a mailto: URL?
+ * Then instead of HTML encoding, it would need to have URL encoding. Similarly,
+ * what if there is a later switch made to use AJAX and the untrusted email
+ * address gets used in a JavaScript context? The complication is that even if
+ * you know with certainty today all the ways that an untrusted data item is
+ * used in your application, it is genrally impossible to predict all the
+ * contexts that it may be used in the future, not only in your application, but
+ * in other applications that could access that data in the database.
+ * </li>
+ * <li><b>Avoiding multiple <i>nested</i> contexts:</b>
+ * A really tricky situation to get correct is hen there are multiple nested
+ * encoding contexts. But far, the most common place this seems to come up is
+ * untrusted URLs used in JavaScript. How should you handle that? Well, to be
+ * honest, the best way is to rewrite your code to avoid it.  An example of
+ * this that is well worth reading may be found at
+ * <a href="https://lists.owasp.org/pipermail/esapi-dev/2012-March/002090"
+ * target="_blank" rel="noopener noreferrer">ESAPI-DEV mailing list archives:
+ * URL encoding within JavaScript</a>. Be sure to read the entire thread.
+ * The question itself is too nuanced to be answered in Javadoc, but now,
+ * hopefully you are at least aware of the potential pitfalls.
+ * </li>
+ * </ul>
  * 
  * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
  *         href="http://www.aspectsecurity.com">Aspect Security</a>

From eae125386565b5b89ed4c11565eac041a4b50f57 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 21 Jun 2020 17:12:08 -0400
Subject: [PATCH 680/812] Change cookie path from "//" to "/".

---
 .../java/org/owasp/esapi/reference/DefaultHTTPUtilities.java    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java b/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java
index 149937579..f690e26bd 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java
@@ -715,7 +715,7 @@ public void killAllCookies(HttpServletRequest request, HttpServletResponse respo
      * @param name
      */
 	public void killCookie(HttpServletRequest request, HttpServletResponse response, String name) {
-		String path = "//";
+		String path = "/";
 		String domain="";
 		Cookie cookie = getFirstCookie(request, name);
 		if ( cookie != null ) {

From 195f07c6553e9c62ea520468c3c34faf2a4aaccd Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Fri, 26 Jun 2020 20:40:09 -0400
Subject: [PATCH 681/812] Minor typo fix; add Inc.

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 155838fae..01095ed7d 100644
--- a/README.md
+++ b/README.md
@@ -87,4 +87,4 @@ For a general overview of Google Groups and its web interface, see https://group
 For assistance subscribing and unsubscribing to Google Groups, see https://webapps.stackexchange.com/questions/13508/how-can-i-subscribe-to-a-google-mailing-list-with-a-non-google-e-mail-address/15593#15593
 
 ----------
-OWASP is a registered trademark of The OWASP Foundation.
+OWASP is a registered trademark of the OWASP Foundation, Inc.

From 980cce5b2e20770088c7a68641a95706864e32d5 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Fri, 26 Jun 2020 20:47:26 -0400
Subject: [PATCH 682/812] Update pom.xml to use latest versions of AntiSamy,
 slf4j, & batik-css. Antisamy: 1.5.8 -> 1.5.10 slf4j: 1.7.26 -> 1.7.30 batik:
 1.11 -> 1.13 (addresses CVE-2019-17566)

---
 pom.xml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/pom.xml b/pom.xml
index 132075ffd..a57922307 100644
--- a/pom.xml
+++ b/pom.xml
@@ -228,7 +228,7 @@
         <dependency>
             <groupId>org.owasp.antisamy</groupId>
             <artifactId>antisamy</artifactId>
-            <version>1.5.8</version>
+            <version>1.5.10</version>
             <exclusions>
                 <exclusion>
                     <groupId>xml-apis</groupId>
@@ -243,7 +243,7 @@
         <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-api</artifactId>
-            <version>1.7.26</version>
+            <version>1.7.30</version>
         </dependency>
 
         <!--
@@ -258,7 +258,7 @@
         <dependency>
             <groupId>org.apache.xmlgraphics</groupId>
             <artifactId>batik-css</artifactId>
-            <version>1.11</version>
+            <version>1.13</version>
             <exclusions>
                 <exclusion>
                     <groupId>commons-io</groupId>
@@ -535,8 +535,8 @@
                           <requireJavaVersion>
                             <version>1.7</version>
                               <message>
-                                ESAPI 2.x now uses the JDK1.7 for it's baseline. Please make sure that your
-                                JAVA_HOME environment variable is pointed to a JDK1.7 distribution.
+                                ESAPI 2.x now uses the JDK1.7 for its baseline. Please make sure that your
+                                JAVA_HOME environment variable is pointed to a JDK1.7 or later distribution.
                               </message>
                           </requireJavaVersion>
                           <enforceBytecodeVersion>

From 32f522cb56dc8d49dc8e8cd472df71350bf36831 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Fri, 26 Jun 2020 23:09:55 -0400
Subject: [PATCH 683/812] Massive javadoc additions to help novices understand
 common mistakes of using Encoder.

---
 src/main/java/org/owasp/esapi/Encoder.java | 665 +++++++++++----------
 1 file changed, 351 insertions(+), 314 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/Encoder.java b/src/main/java/org/owasp/esapi/Encoder.java
index b89c85e82..823b00007 100644
--- a/src/main/java/org/owasp/esapi/Encoder.java
+++ b/src/main/java/org/owasp/esapi/Encoder.java
@@ -36,8 +36,9 @@
  * all characters should be encoded, except for a specific list of "immune" characters that are
  * known to be safe.
  * </p><p>
- * The {@code Encoder} performs two key functions, encoding and decoding. These functions rely
- * on a set of codecs that can be found in the org.owasp.esapi.codecs package. These include:
+ * The {@code Encoder} performs two key functions, encoding (also referred to as "escaping" in this Javadoc)
+ * and decoding. These functions rely on a set of codecs that can be found in the
+ * {@code org.owasp.esapi.codecs} package. These include:
  * <ul>
  * <li>CSS Escaping</li>
  * <li>HTMLEntity Encoding</li>
@@ -80,24 +81,25 @@
  * </p><p>
  * <b>Some important final words:</b>
  * <ul>
- * <li><b>Where to output encode:</b>
- * Knowing where to place the output encoding in your code
+ * <li><b>Where to output encode for HTML rendering:</b>
+ * Knowing <i>where</i> to place the output encoding in your code
  * is just as important as knowing which context (HTML, HTML attribute, CSS,
  * JavaScript, or URL) to use for the output encoding and surprisingly the two
  * are often related. In general, output encoding should be done just prior to the
- * output being rendered because that is what determines what the appropriate
- * context is for the output encoding. In fact, doing output encoding on
- * untrusted data that is stored and to be used later--whether stored in an HTTP
- * session or in a database--is almost always considered an anti-pattern. An
- * example of this is one gathers and stores some untrusted data item such as an
- * email address from a user. A developer thinks "let's output encode this and
- * store the encoded data in the database, thus making the untrusted data safe
- * to use, thus saving us all the encoding troubles later on". On the surface,
+ * output being rendered (that is, as close to the 'sink' as possible) because that
+ * is what determines what the appropriate context is for the output encoding.
+ * In fact, doing output encoding on untrusted data that is stored and to
+ * be used later--whether stored in an HTTP session or in a database--is almost
+ * always considered an anti-pattern. An example of this is one gathers and
+ * stores some untrusted data item such as an email address from a user. A
+ * developer thinks "let's output encode this and store the encoded data in
+ * the database, thus making the untrusted data safe to use all the time, thus
+* saving all of use developers all the encoding troubles later on". On the surface,
  * that sounds like a reasonable approach. The problem is how to know what
  * output encoding to use, not only for now, but for all possible <i>future</i>
  * uses? It might be that the current application code base is only using it in
  * an HTML contexxt that is displayed in an HTML report or shown in an HTML
- * context in the user's profile. But what it it is later used in a mailto: URL?
+ * context in the user's profile. But what if it is later used in a {@code mailto:} URL?
  * Then instead of HTML encoding, it would need to have URL encoding. Similarly,
  * what if there is a later switch made to use AJAX and the untrusted email
  * address gets used in a JavaScript context? The complication is that even if
@@ -107,16 +109,42 @@
  * in other applications that could access that data in the database.
  * </li>
  * <li><b>Avoiding multiple <i>nested</i> contexts:</b>
- * A really tricky situation to get correct is hen there are multiple nested
+ * A really tricky situation to get correct is when there are multiple nested
  * encoding contexts. But far, the most common place this seems to come up is
- * untrusted URLs used in JavaScript. How should you handle that? Well, to be
- * honest, the best way is to rewrite your code to avoid it.  An example of
+ * untrusted URLs used in JavaScript. How should you handle that? Well,
+ * the best way is to rewrite your code to avoid it!  An example of
  * this that is well worth reading may be found at
  * <a href="https://lists.owasp.org/pipermail/esapi-dev/2012-March/002090"
  * target="_blank" rel="noopener noreferrer">ESAPI-DEV mailing list archives:
  * URL encoding within JavaScript</a>. Be sure to read the entire thread.
  * The question itself is too nuanced to be answered in Javadoc, but now,
- * hopefully you are at least aware of the potential pitfalls.
+ * hopefully you are at least aware of the potential pitfalls. There is little
+ * avaiable research or examples on how to do output encodeing when multiple
+ * mixed encodings are required, although one that you may find useful is
+ * <a href="https://arxiv.org/pdf/1804.01862.pdf" target="_blank"
+ * rel="noopener noreferrer">
+ * Automated Detecting and Repair of Cross-SiteScripting Vulnerabilities through Unit Testing</a>
+ * It at least discusses a few of the common errors involved in multiple mixed
+ * encoding contexts.
+ * </li><li><b>A word about unit testing:</b>
+ * Unit testing this is hard. You may be satisfied with stopped after you have
+ * tested against the ubiquitous XSS test case of
+ * <pre>
+ *      &lt;/script&gt;alert(1)&lt;/script&gt;
+ * </pre>
+ * or similiar simplistic XSS attack payloads and if that is properly encoded
+ * (or, you don't see an alert box popped in your browser), you consider it
+ * "problem fixed", consider the unit testing sufficient. Unfortunately, that
+ * minimalist testing may not always detect places were you used the wrong decoder. You need to do better.
+ * Fortunately, the aforementioned link,
+ * <a href="https://arxiv.org/pdf/1804.01862.pdf" target="_blank"
+ * rel="noopener noreferrer">
+ * Automated Detecting and Repair of Cross-SiteScripting Vulnerabilities through Unit Testing</a>
+ * provides some insight. You may also wish to look at the
+ * <a href="https://github.com/ESAPI/esapi-java-legacy/blob/develop/src/test/java/org/owasp/esapi/reference/EncoderTest.java"
+ * target="_blank" rel="noopener noreferrer">ESAPI Encoder JUnittest cases</a>.
+ * If you are really ambitious, an excellent resource for XSS attack patters is
+ * <a href="https://beefproject.com/" target="_blank" rel="noopener noreferrer">BeEF - The Browser Exploitation Framework Project</a>.
  * </li>
  * </ul>
  * 
@@ -125,47 +153,47 @@
  * @since June 1, 2007
  */
 public interface Encoder {
-	
-	/**
-	 * This method is equivalent to calling <pre>Encoder.canonicalize(input, restrictMultiple, restrictMixed);</pre>
-	 *
-	 * The default values for restrictMultiple and restrictMixed come from ESAPI.properties
-	 * <pre>
-	 * Encoder.AllowMultipleEncoding=false
-	 * Encoder.AllowMixedEncoding=false
-	 * </pre>
-	 *
-	 * @see Encoder#canonicalize(String, boolean, boolean) canonicalize
-	 * @see <a href="http://www.w3.org/TR/html4/interact/forms.html#h-17.13.4">W3C specifications</a>
-	 * 
-	 * @param input the text to canonicalize
-	 * @return a String containing the canonicalized text
-	 */
-	String canonicalize(String input);
-	
-	/**
-	 * This method is the equivalent to calling <pre>Encoder.canonicalize(input, strict, strict);</pre>
-	 *
-	 * @see Encoder#canonicalize(String, boolean, boolean) canonicalize
-	 * @see <a href="http://www.w3.org/TR/html4/interact/forms.html#h-17.13.4">W3C specifications</a>
-	 *  
-	 * @param input 
-	 * 		the text to canonicalize
-	 * @param strict 
-	 * 		true if checking for multiple and mixed encoding is desired, false otherwise
-	 * 
-	 * @return a String containing the canonicalized text
-	 */
-	String canonicalize(String input, boolean strict);
+    
+    /**
+     * This method is equivalent to calling {@code Encoder.canonicalize(input, restrictMultiple, restrictMixed);}.
+     *
+     * The default values for restrictMultiple and restrictMixed come from {@code ESAPI.properties}
+     * <pre>
+     * Encoder.AllowMultipleEncoding=false
+     * Encoder.AllowMixedEncoding=false
+     * </pre>
+     *
+     * @see Encoder#canonicalize(String, boolean, boolean) canonicalize
+     * @see <a href="http://www.w3.org/TR/html4/interact/forms.html#h-17.13.4">W3C specifications</a>
+     * 
+     * @param input the text to canonicalize
+     * @return a String containing the canonicalized text
+     */
+    String canonicalize(String input);
+    
+    /**
+     * This method is the equivalent to calling {@code Encoder.canonicalize(input, strict, strict);}.
+     *
+     * @see Encoder#canonicalize(String, boolean, boolean) canonicalize
+     * @see <a href="http://www.w3.org/TR/html4/interact/forms.html#h-17.13.4">W3C specifications</a>
+     *  
+     * @param input 
+     *      the text to canonicalize
+     * @param strict 
+     *      true if checking for multiple and mixed encoding is desired, false otherwise
+     * 
+     * @return a String containing the canonicalized text
+     */
+    String canonicalize(String input, boolean strict);
 
-	/**
-	 * Canonicalization is simply the operation of reducing a possibly encoded
-	 * string down to its simplest form. This is important, because attackers
-	 * frequently use encoding to change their input in a way that will bypass
-	 * validation filters, but still be interpreted properly by the target of
-	 * the attack. Note that data encoded more than once is not something that a
-	 * normal user would generate and should be regarded as an attack.
-	 * <p>
+    /**
+     * Canonicalization is simply the operation of reducing a possibly encoded
+     * string down to its simplest form. This is important, because attackers
+     * frequently use encoding to change their input in a way that will bypass
+     * validation filters, but still be interpreted properly by the target of
+     * the attack. Note that data encoded more than once is not something that a
+     * normal user would generate and should be regarded as an attack.
+     * <p>
      * Everyone <a href="http://cwe.mitre.org/data/definitions/180.html">says</a> you shouldn't do validation
      * without canonicalizing the data first. This is easier said than done. The canonicalize method can
      * be used to simplify just about any input down to its most basic form. Note that canonicalize doesn't
@@ -210,78 +238,84 @@ public interface Encoder {
      * Although ESAPI is able to canonicalize multiple, mixed, or nested encoding, it's safer to not accept
      * this stuff in the first place. In ESAPI, the default is "strict" mode that throws an IntrusionException
      * if it receives anything not single-encoded with a single scheme. This is configurable
-     * in ESAPI.properties using the properties:
-	 * <pre>
-	 * Encoder.AllowMultipleEncoding=false
-	 * Encoder.AllowMixedEncoding=false
-	 * </pre>
-	 * This method allows you to override the default behavior by directly specifying whether to restrict
-	 * multiple or mixed encoding. Even if you disable restrictions, you'll still get
+     * in {@code ESAPI.properties} using the properties:
+     * <pre>
+     * Encoder.AllowMultipleEncoding=false
+     * Encoder.AllowMixedEncoding=false
+     * </pre>
+     * This method allows you to override the default behavior by directly specifying whether to restrict
+     * multiple or mixed encoding. Even if you disable restrictions, you'll still get
      * warning messages in the log about each multiple encoding and mixed encoding received.
      * <pre>
      *     // disabling strict mode to allow mixed encoding
      *     String url = ESAPI.encoder().canonicalize( request.getParameter("url"), false, false);
      * </pre>
-	 *
-	 * @see <a href="http://www.w3.org/TR/html4/interact/forms.html#h-17.13.4">W3C specifications</a>
-	 *
-	 * @param input
-	 * 		the text to canonicalize
-	 * @param restrictMultiple
-	 * 		true if checking for multiple encoding is desired, false otherwise
-	 * @param restrictMixed
-	 * 		true if checking for mixed encoding is desired, false otherwise
-	 *
-	 * @return a String containing the canonicalized text
-	 */
-	String canonicalize(String input, boolean restrictMultiple, boolean restrictMixed);
+     * <b>WARNING!!!</b> Please note that this method is incompatible with URLs and if there exist any HTML Entities
+     * that correspond with parameter values in a URL such as "&amp;para;" in a URL like 
+     * "https://foo.com/?bar=foo&amp;parameter=wrong" you will get a mixed encoding validation exception.
+     * <p>
+     * If you wish to canonicalize a URL/URI use the method {@code Encoder.getCanonicalizedURI(URI dirtyUri);}
+     *
+     * @see <a href="http://www.w3.org/TR/html4/interact/forms.html#h-17.13.4">W3C specifications</a>
+     * @see #getCanonicalizedURI(URI dirtyUri)
+     *
+     * @param input
+     *      the text to canonicalize
+     * @param restrictMultiple
+     *      true if checking for multiple encoding is desired, false otherwise
+     * @param restrictMixed
+     *      true if checking for mixed encoding is desired, false otherwise
+     *
+     * @return a String containing the canonicalized text
+     */
+    String canonicalize(String input, boolean restrictMultiple, boolean restrictMixed);
 
-	/**
-	 * Encode data for use in Cascading Style Sheets (CSS) content.
-	 * 
-	 * @see <a href="http://www.w3.org/TR/CSS21/syndata.html#escaped-characters">CSS Syntax [w3.org]</a>
-	 * 
-	 * @param input 
-	 * 		the text to encode for CSS
-	 * 
-	 * @return input encoded for CSS
-	 */
-	String encodeForCSS(String input);
+    /**
+     * Encode data for use in Cascading Style Sheets (CSS) content.
+     * 
+     * @see <a href="http://www.w3.org/TR/CSS21/syndata.html#escaped-characters">CSS Syntax [w3.org]</a>
+     * 
+     * @param untrustedData 
+     *      the untrusted data to output encode for CSS
+     * 
+     * @return the untrusted data safely output encoded for use in a CSS
+     */
+    String encodeForCSS(String untrustedData);
 
-	/**
-	 * Encode data for use in HTML using HTML entity encoding
-	 * <p> 
-	 * Note that the following characters:
-	 * 00-08, 0B-0C, 0E-1F, and 7F-9F
-	 * <p>cannot be used in HTML. 
-	 * 
-	 * @see <a href="http://en.wikipedia.org/wiki/Character_encodings_in_HTML">HTML Encodings [wikipedia.org]</a> 
-	 * @see <a href="http://www.w3.org/TR/html4/sgml/sgmldecl.html">SGML Specification [w3.org]</a>
+    /**
+     * Encode data for use in HTML using HTML entity encoding
+     * <p> 
+     * Note that the following characters:
+     * 00-08, 0B-0C, 0E-1F, and 7F-9F
+     * <p>cannot be used in HTML. 
+     * 
+     * @see <a href="http://en.wikipedia.org/wiki/Character_encodings_in_HTML">HTML Encodings [wikipedia.org]</a> 
+     * @see <a href="http://www.w3.org/TR/html4/sgml/sgmldecl.html">SGML Specification [w3.org]</a>
      * @see <a href="http://www.w3.org/TR/REC-xml/#charsets">XML Specification [w3.org]</a>
-	 * 
-	 * @param input 
-	 * 		the text to encode for HTML
-	 * 
-	 * @return input encoded for HTML
-	 */
-	String encodeForHTML(String input);
+     * 
+     * @param untrustedData 
+     *      the untrusted data to output encode for HTML
+     * 
+     * @return the untrusted data safely output encoded for use in a HTML
+     */
+    String encodeForHTML(String untrustedData);
 
-	/**
+    /**
      * Decodes HTML entities.
      * @param input the <code>String</code> to decode
      * @return the newly decoded <code>String</code>
      */
-	String decodeForHTML(String input);
-		
-	/**
-	 * Encode data for use in HTML attributes.
-	 * 
-	 * @param input 
-	 * 		the text to encode for an HTML attribute
-	 * 
-	 * @return input encoded for use as an HTML attribute
-	 */
-	String encodeForHTMLAttribute(String input);
+    String decodeForHTML(String input);
+        
+    /**
+     * Encode data for use in HTML attributes.
+     * 
+     * @param untrustedData 
+     *      the untrusted data to output encode for an HTML attribute
+     * 
+     * @return the untrusted data safely output encoded for use in a use as an HTML attribute
+     */
+    String encodeForHTMLAttribute(String untrustedData);
 
 
     /**
@@ -298,54 +332,55 @@ public interface Encoder {
      *    &nbsp;&nbsp;window.setInterval('&lt;%= EVEN IF YOU ENCODE UNTRUSTED DATA YOU ARE XSSED HERE %&gt;');
      *  &lt;/script&gt;
      * </pre>
-     * @param input 
-     *          the text to encode for JavaScript
+     * @param untrustedData 
+     *          the untrusted data to output encode for JavaScript
      * 
-     * @return input encoded for use in JavaScript
+     * @return the untrusted data safely output encoded for use in a use in JavaScript
      */
-	String encodeForJavaScript(String input);
+    String encodeForJavaScript(String untrustedData);
 
-	/**
-	 * Encode data for insertion inside a data value in a Visual Basic script. Putting user data directly
-	 * inside a script is quite dangerous. Great care must be taken to prevent putting user data
-	 * directly into script code itself, as no amount of encoding will prevent attacks there.
-	 * 
-	 * This method is not recommended as VBScript is only supported by Internet Explorer
-	 * 
-	 * @param input 
-	 * 		the text to encode for VBScript
-	 * 
-	 * @return input encoded for use in VBScript
-	 */
-	String encodeForVBScript(String input);
+    /**
+     * Encode data for insertion inside a data value in a Visual Basic script. Putting user data directly
+     * inside a script is quite dangerous. Great care must be taken to prevent putting user data
+     * directly into script code itself, as no amount of encoding will prevent attacks there.
+     * 
+     * This method is not recommended as VBScript is only supported by Internet Explorer
+     * 
+     * @param untrustedData 
+     *      the untrusted data to output encode for VBScript
+     * 
+     * @return the untrusted data safely output encoded for use in a use in VBScript
+     */
+    String encodeForVBScript(String untrustedData);
 
 
-	/**
-	 * Encode input for use in a SQL query, according to the selected codec 
-	 * (appropriate codecs include the MySQLCodec and OracleCodec).
-	 * 
-	 * This method is not recommended. The use of the PreparedStatement 
-	 * interface is the preferred approach. However, if for some reason 
-	 * this is impossible, then this method is provided as a weaker 
-	 * alternative. 
-	 * 
-	 * The best approach is to make sure any single-quotes are double-quoted.
-	 * Another possible approach is to use the {escape} syntax described in the
-	 * JDBC specification in section 1.5.6.
-	 * 
-	 * However, this syntax does not work with all drivers, and requires
-	 * modification of all queries.
-	 * 
-	 * @see <a href="http://java.sun.com/j2se/1.4.2/docs/guide/jdbc/getstart/statement.html">JDBC Specification</a>
-	 *  
-	 * @param codec 
-	 * 		a Codec that declares which database 'input' is being encoded for (ie. MySQL, Oracle, etc.)
-	 * @param input 
-	 * 		the text to encode for SQL
-	 * 
-	 * @return input encoded for use in SQL
-	 */
-	String encodeForSQL(Codec codec, String input);
+    /**
+     * Encode input for use in a SQL query, according to the selected codec 
+     * (appropriate codecs include the MySQLCodec and OracleCodec).
+     * 
+     * This method is not recommended. The use of the {@code PreparedStatement}
+     * interface is the preferred approach. However, if for some reason 
+     * this is impossible, then this method is provided as a weaker 
+     * alternative. 
+     * 
+     * The best approach is to make sure any single-quotes are double-quoted.
+     * Another possible approach is to use the {escape} syntax described in the
+     * JDBC specification in section 1.5.6.
+     * 
+     * However, this syntax does not work with all drivers, and requires
+     * modification of all queries.
+     * 
+     * @see <a href="http://java.sun.com/j2se/1.4.2/docs/guide/jdbc/getstart/statement.html">JDBC Specification</a>
+     * @see java.sql.PreparedStatement
+     *  
+     * @param codec 
+     *      a Codec that declares which database 'input' is being encoded for (ie. MySQL, Oracle, etc.)
+     * @param input 
+     *      the text to encode for SQL
+     * 
+     * @return input encoded for use in SQL
+     */
+    String encodeForSQL(Codec codec, String input);
 
     /**
      * Encode for an operating system command shell according to the selected codec (appropriate codecs include the WindowsCodec and UnixCodec). 
@@ -365,171 +400,173 @@ public interface Encoder {
      * 
      * @return input encoded for use in command shell
      */
-	String encodeForOS(Codec codec, String input);
+    String encodeForOS(Codec codec, String input);
 
-	/**
-	 * Encode data for use in LDAP queries. Wildcard (*) characters will be encoded.
-	 * 
-	 * @param input 
-	 * 		the text to encode for LDAP
-	 * 
-	 * @return input encoded for use in LDAP
-	 */
-	String encodeForLDAP(String input);
+    /**
+     * Encode data for use in LDAP queries. Wildcard (*) characters will be encoded.
+     * 
+     * @param input 
+     *      the text to encode for LDAP
+     * 
+     * @return input encoded for use in LDAP
+     */
+    String encodeForLDAP(String input);
 
-	/**
-	 * Encode data for use in LDAP queries. You have the option whether or not to encode wildcard (*) characters.
-	 * 
-	 * @param input 
-	 * 		the text to encode for LDAP
-	 * @param encodeWildcards 
-	 *      whether or not wildcard (*) characters will be encoded.
+    /**
+     * Encode data for use in LDAP queries. You have the option whether or not to encode wildcard (*) characters.
+     * 
+     * @param input 
+     *      the text to encode for LDAP
+     * @param encodeWildcards 
+     *      whether or not wildcard (*) characters will be encoded.
      *
-	 * @return input encoded for use in LDAP
-	 */
-	String encodeForLDAP(String input, boolean encodeWildcards);
-	 
-	/**
-	 * Encode data for use in an LDAP distinguished name.
-	 * 
-	 *  @param input 
-	 *  		the text to encode for an LDAP distinguished name
-	 * 
-	 *  @return input encoded for use in an LDAP distinguished name
-	 */
-	String encodeForDN(String input);
+     * @return input encoded for use in LDAP
+     */
+    String encodeForLDAP(String input, boolean encodeWildcards);
+     
+    /**
+     * Encode data for use in an LDAP distinguished name.
+     * 
+     *  @param input 
+     *          the text to encode for an LDAP distinguished name
+     * 
+     *  @return input encoded for use in an LDAP distinguished name
+     */
+    String encodeForDN(String input);
 
-	/**
-	 * Encode data for use in an XPath query.
-	 * 
-	 * NB: The reference implementation encodes almost everything and may over-encode. 
-	 * 
-	 * The difficulty with XPath encoding is that XPath has no built in mechanism for escaping
-	 * characters. It is possible to use XQuery in a parameterized way to
-	 * prevent injection. 
-	 * 
-	 * For more information, refer to <a
-	 * href="http://www.ibm.com/developerworks/xml/library/x-xpathinjection.html">this
-	 * article</a> which specifies the following list of characters as the most
-	 * dangerous: ^&"*';<>(). <a
-	 * href="http://www.packetstormsecurity.org/papers/bypass/Blind_XPath_Injection_20040518.pdf">This
-	 * paper</a> suggests disallowing ' and " in queries.
-	 * 
-	 * @see <a href="http://www.ibm.com/developerworks/xml/library/x-xpathinjection.html">XPath Injection [ibm.com]</a>
-	 * @see <a href="http://www.packetstormsecurity.org/papers/bypass/Blind_XPath_Injection_20040518.pdf">Blind XPath Injection [packetstormsecurity.org]</a>
-	 *  
-	 * @param input
-	 *      the text to encode for XPath
-	 * @return 
-	 * 		input encoded for use in XPath
-	 */
-	String encodeForXPath(String input);
+    /**
+     * Encode data for use in an XPath query.
+     * 
+     * NB: The reference implementation encodes almost everything and may over-encode. 
+     * 
+     * The difficulty with XPath encoding is that XPath has no built in mechanism for escaping
+     * characters. It is possible to use XQuery in a parameterized way to
+     * prevent injection. 
+     * 
+     * For more information, refer to <a
+     * href="http://www.ibm.com/developerworks/xml/library/x-xpathinjection.html">this
+     * article</a> which specifies the following list of characters as the most
+     * dangerous: ^&"*';<>(). <a
+     * href="http://www.packetstormsecurity.org/papers/bypass/Blind_XPath_Injection_20040518.pdf">This
+     * paper</a> suggests disallowing ' and " in queries.
+     * 
+     * @see <a href="http://www.ibm.com/developerworks/xml/library/x-xpathinjection.html">XPath Injection [ibm.com]</a>
+     * @see <a href="http://www.packetstormsecurity.org/papers/bypass/Blind_XPath_Injection_20040518.pdf">Blind XPath Injection [packetstormsecurity.org]</a>
+     *  
+     * @param input
+     *      the text to encode for XPath
+     * @return 
+     *      input encoded for use in XPath
+     */
+    String encodeForXPath(String input);
 
-	/**
-	 * Encode data for use in an XML element. The implementation should follow the <a
-	 * href="http://www.w3schools.com/xml/xml_encoding.asp">XML Encoding
-	 * Standard</a> from the W3C.
-	 * <p>
-	 * The use of a real XML parser is strongly encouraged. However, in the
-	 * hopefully rare case that you need to make sure that data is safe for
-	 * inclusion in an XML document and cannot use a parse, this method provides
-	 * a safe mechanism to do so.
-	 * 
-	 * @see <a href="http://www.w3schools.com/xml/xml_encoding.asp">XML Encoding Standard</a>
-	 * 
-	 * @param input
-	 * 			the text to encode for XML
-	 * 
-	 * @return
-	 *			input encoded for use in XML
-	 */
-	String encodeForXML(String input);
+    /**
+     * Encode data for use in an XML element. The implementation should follow the <a
+     * href="http://www.w3schools.com/xml/xml_encoding.asp">XML Encoding
+     * Standard</a> from the W3C.
+     * <p>
+     * The use of a real XML parser is strongly encouraged. However, in the
+     * hopefully rare case that you need to make sure that data is safe for
+     * inclusion in an XML document and cannot use a parse, this method provides
+     * a safe mechanism to do so.
+     * 
+     * @see <a href="http://www.w3schools.com/xml/xml_encoding.asp">XML Encoding Standard</a>
+     * 
+     * @param input
+     *          the text to encode for XML
+     * 
+     * @return
+     *          input encoded for use in XML
+     */
+    String encodeForXML(String input);
 
-	/**
-	 * Encode data for use in an XML attribute. The implementation should follow
-	 * the <a href="http://www.w3schools.com/xml/xml_encoding.asp">XML Encoding
-	 * Standard</a> from the W3C.
-	 * <p>
-	 * The use of a real XML parser is highly encouraged. However, in the
-	 * hopefully rare case that you need to make sure that data is safe for
-	 * inclusion in an XML document and cannot use a parse, this method provides
-	 * a safe mechanism to do so.
-	 * 
-	 * @see <a href="http://www.w3schools.com/xml/xml_encoding.asp">XML Encoding Standard</a>
-	 * 
-	 * @param input
-	 * 			the text to encode for use as an XML attribute
-	 * 
-	 * @return 
-	 * 			input encoded for use in an XML attribute
-	 */
-	String encodeForXMLAttribute(String input);
+    /**
+     * Encode data for use in an XML attribute. The implementation should follow
+     * the <a href="http://www.w3schools.com/xml/xml_encoding.asp">XML Encoding
+     * Standard</a> from the W3C.
+     * <p>
+     * The use of a real XML parser is highly encouraged. However, in the
+     * hopefully rare case that you need to make sure that data is safe for
+     * inclusion in an XML document and cannot use a parse, this method provides
+     * a safe mechanism to do so.
+     * 
+     * @see <a href="http://www.w3schools.com/xml/xml_encoding.asp">XML Encoding Standard</a>
+     * 
+     * @param input
+     *          the text to encode for use as an XML attribute
+     * 
+     * @return 
+     *          input encoded for use in an XML attribute
+     */
+    String encodeForXMLAttribute(String input);
 
-	/**
-	 * Encode for use in a URL. This method performs <a
-	 * href="http://en.wikipedia.org/wiki/Percent-encoding">URL encoding</a>
-	 * on the entire string.
-	 * 
-	 * @see <a href="http://en.wikipedia.org/wiki/Percent-encoding">URL encoding</a>
-	 * 
-	 * @param input 
-	 * 		the text to encode for use in a URL
-	 * 
-	 * @return input 
-	 * 		encoded for use in a URL
-	 * 
-	 * @throws EncodingException 
-	 * 		if encoding fails
-	 */
-	String encodeForURL(String input) throws EncodingException;
+    /**
+     * Encode for use in a URL. This method performs <a
+     * href="http://en.wikipedia.org/wiki/Percent-encoding">URL encoding</a>
+     * on the entire string.
+     * 
+     * @see <a href="http://en.wikipedia.org/wiki/Percent-encoding">URL encoding</a>
+     * 
+     * @param input 
+     *      the text to encode for use in a URL
+     * 
+     * @return input 
+     *      encoded for use in a URL
+     * 
+     * @throws EncodingException 
+     *      if encoding fails
+     */
+    String encodeForURL(String input) throws EncodingException;
 
-	/**
-	 * Decode from URL. Implementations should first canonicalize and
-	 * detect any double-encoding. If this check passes, then the data is decoded using URL
-	 * decoding.
-	 * 
-	 * @param input 
-	 * 		the text to decode from an encoded URL
-	 * 
-	 * @return 
-	 * 		the decoded URL value
-	 * 
-	 * @throws EncodingException 
-	 * 		if decoding fails
-	 */
-	String decodeFromURL(String input) throws EncodingException;
+    /**
+     * Decode from URL. Implementations should first canonicalize and
+     * detect any double-encoding. If this check passes, then the data is decoded using URL
+     * decoding.
+     * 
+     * @param input 
+     *      the text to decode from an encoded URL
+     * 
+     * @return 
+     *      the decoded URL value
+     * 
+     * @throws EncodingException 
+     *      if decoding fails
+     */
+    String decodeFromURL(String input) throws EncodingException;
 
-	/**
-	 * Encode for Base64.
-	 * 
-	 * @param input 
-	 * 		the text to encode for Base64
-	 * @param wrap
-	 * 		the encoder will wrap lines every 64 characters of output
-	 * 
-	 * @return input encoded for Base64
-	 */
-	String encodeForBase64(byte[] input, boolean wrap);
+    /**
+     * Encode for Base64.
+     * 
+     * @param input 
+     *      the text to encode for Base64
+     * @param wrap
+     *      the encoder will wrap lines every 64 characters of output
+     * 
+     * @return input encoded for Base64
+     */
+    String encodeForBase64(byte[] input, boolean wrap);
 
-	/**
-	 * Decode data encoded with BASE-64 encoding.
-	 * 
-	 * @param input 
-	 * 		the Base64 text to decode
-	 * 
-	 * @return input decoded from Base64
-	 * 
-	 * @throws IOException
-	 */
-	byte[] decodeFromBase64(String input) throws IOException;
+    /**
+     * Decode data encoded with BASE-64 encoding.
+     * 
+     * @param input 
+     *      the Base64 text to decode
+     * 
+     * @return input decoded from Base64
+     * 
+     * @throws IOException
+     */
+    byte[] decodeFromBase64(String input) throws IOException;
 
-	/**
-	 * Get a version of the input URI that will be safe to run regex and other validations against.  
-	 * It is not recommended to persist this value as it will transform user input.  This method 
-	 * will not test to see if the URI is RFC-3986 compliant.
-	 * 
-	 * @return The canonicalized URI
-	 */
-	String getCanonicalizedURI(URI dirtyUri);
+    /**
+     * Get a version of the input URI that will be safe to run regex and other validations against.  
+     * It is not recommended to persist this value as it will transform user input.  This method 
+     * will not test to see if the URI is RFC-3986 compliant.
+     * 
+     * @param dirtyUri
+     *      the tainted URI
+     * @return The canonicalized URI
+     */
+    String getCanonicalizedURI(URI dirtyUri);
 
 }

From 7baca987d50447a7eddbefbdf88e2376b6645fbb Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Fri, 26 Jun 2020 23:34:40 -0400
Subject: [PATCH 684/812] Miscellaneos Javadoc corrections.

---
 src/main/java/org/owasp/esapi/ValidationRule.java      |  6 +++---
 .../owasp/esapi/filters/SecurityWrapperRequest.java    | 10 +++++-----
 src/test/java/org/owasp/esapi/reference/TestDebug.java |  2 +-
 src/test/java/org/owasp/esapi/reference/TestError.java |  2 +-
 src/test/java/org/owasp/esapi/reference/TestFatal.java |  2 +-
 src/test/java/org/owasp/esapi/reference/TestInfo.java  |  2 +-
 src/test/java/org/owasp/esapi/reference/TestTrace.java |  2 +-
 .../org/owasp/esapi/reference/TestUnspecified.java     |  2 +-
 .../java/org/owasp/esapi/reference/TestWarning.java    |  2 +-
 .../validation/HTMLValidationRuleCleanTest.java        |  4 +---
 10 files changed, 16 insertions(+), 18 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/ValidationRule.java b/src/main/java/org/owasp/esapi/ValidationRule.java
index 8f186a54b..9299ef8e3 100644
--- a/src/main/java/org/owasp/esapi/ValidationRule.java
+++ b/src/main/java/org/owasp/esapi/ValidationRule.java
@@ -19,9 +19,9 @@ public interface ValidationRule {
      *             <b>{@code ESAPI.properties}></b> property
      *             "Validator.ValidationRule.getValid.ignore509Fix" is set to
      *             {@code true}, which is the default behavior for ESAPI 2.x
-     *             releases. See
-     *             {@link https://github.com/ESAPI/esapi-java-legacy/issues/509}
-     *             and {@link https://github.com/ESAPI/esapi-java-legacy/issues/521}
+     *             releases. See ESAPI GitHub Issues
+     *             <a href="https://github.com/ESAPI/esapi-java-legacy/issues/509}>509</a>
+     *             and <a href="https://github.com/ESAPI/esapi-java-legacy/issues/521">521</a>
      *             for futher details.
      *
      * @see #getValid(String context, String input, ValidationErrorList errorList)
diff --git a/src/main/java/org/owasp/esapi/filters/SecurityWrapperRequest.java b/src/main/java/org/owasp/esapi/filters/SecurityWrapperRequest.java
index 939f572b6..dae6a8460 100644
--- a/src/main/java/org/owasp/esapi/filters/SecurityWrapperRequest.java
+++ b/src/main/java/org/owasp/esapi/filters/SecurityWrapperRequest.java
@@ -711,7 +711,7 @@ public String getServletPath() {
     /**
      * Returns a session, creating it if necessary, and sets the HttpOnly flag
      * on the Session ID cookie.  The 'secure' flag is also set if the property
-     * {@Code HttpUtilities.ForceSecureCookies} is set to {@Code true} in the <b>ESAPI.properties</b> file.
+     * {@code HttpUtilities.ForceSecureCookies} is set to {@code true} in the <b>ESAPI.properties</b> file.
      * @return The current session
      */
     public HttpSession getSession() {
@@ -720,10 +720,10 @@ public HttpSession getSession() {
 
     /**
      * Returns the current session associated with this request or, if there is no current session and
-     * {@Code create} is {@Code true}, returns a new session and sets the HttpOnly flag on the session ID cookie.
-     * The 'secure' flag is also set if the property {@Code HttpUtilities.ForceSecureCookies} is set to
-     * {@Code true} in the <b>ESAPI.properties</b> file.
-     * @param create If set to {@Code true}, create a new session if one doesn't exist, otherwise return {@Code null}
+     * {@code create} is {@code true}, returns a new session and sets the HttpOnly flag on the session ID cookie.
+     * The 'secure' flag is also set if the property {@code HttpUtilities.ForceSecureCookies} is set to
+     * {@code true} in the <b>ESAPI.properties</b> file.
+     * @param create If set to {@code true}, create a new session if one doesn't exist, otherwise return {@code null}
      * @return The current session
      */
     public HttpSession getSession(boolean create) {
diff --git a/src/test/java/org/owasp/esapi/reference/TestDebug.java b/src/test/java/org/owasp/esapi/reference/TestDebug.java
index 7b456e4a4..1d37deb66 100644
--- a/src/test/java/org/owasp/esapi/reference/TestDebug.java
+++ b/src/test/java/org/owasp/esapi/reference/TestDebug.java
@@ -8,7 +8,7 @@
  * @author August Detlefsen (augustd at codemagi dot com)
  *         <a href="http://www.codemagi.com">CodeMagi, Inc.</a>
  * @since October 15, 2010
- * @see org.owasp.esapi.reference.Log4JLoggerTest
+ * @see org.owasp.esapi.logging.log4j.Log4JLoggerTest
  */
 public class TestDebug extends TestCase {
 
diff --git a/src/test/java/org/owasp/esapi/reference/TestError.java b/src/test/java/org/owasp/esapi/reference/TestError.java
index 98d984557..ab59e79e2 100644
--- a/src/test/java/org/owasp/esapi/reference/TestError.java
+++ b/src/test/java/org/owasp/esapi/reference/TestError.java
@@ -8,7 +8,7 @@
  * @author August Detlefsen (augustd at codemagi dot com)
  *         <a href="http://www.codemagi.com">CodeMagi, Inc.</a>
  * @since October 15, 2010
- * @see org.owasp.esapi.reference.Log4JLoggerTest
+ * @see org.owasp.esapi.logging.log4j.Log4JLoggerTest
  */
 public class TestError extends TestCase {
 
diff --git a/src/test/java/org/owasp/esapi/reference/TestFatal.java b/src/test/java/org/owasp/esapi/reference/TestFatal.java
index 5caa11cf4..49ff15a88 100644
--- a/src/test/java/org/owasp/esapi/reference/TestFatal.java
+++ b/src/test/java/org/owasp/esapi/reference/TestFatal.java
@@ -8,7 +8,7 @@
  * @author August Detlefsen (augustd at codemagi dot com)
  *         <a href="http://www.codemagi.com">CodeMagi, Inc.</a>
  * @since October 15, 2010
- * @see org.owasp.esapi.reference.Log4JLoggerTest
+ * @see org.owasp.esapi.logging.log4j.Log4JLoggerTest
  */
 public class TestFatal extends TestCase {
 
diff --git a/src/test/java/org/owasp/esapi/reference/TestInfo.java b/src/test/java/org/owasp/esapi/reference/TestInfo.java
index 17cd3dfec..8977e51ef 100644
--- a/src/test/java/org/owasp/esapi/reference/TestInfo.java
+++ b/src/test/java/org/owasp/esapi/reference/TestInfo.java
@@ -8,7 +8,7 @@
  * @author August Detlefsen (augustd at codemagi dot com)
  *         <a href="http://www.codemagi.com">CodeMagi, Inc.</a>
  * @since October 15, 2010
- * @see org.owasp.esapi.reference.Log4JLoggerTest
+ * @see org.owasp.esapi.logging.log4j.Log4JLoggerTest
  */
 public class TestInfo extends TestCase {
 
diff --git a/src/test/java/org/owasp/esapi/reference/TestTrace.java b/src/test/java/org/owasp/esapi/reference/TestTrace.java
index b38e65b96..8e3df1ee0 100644
--- a/src/test/java/org/owasp/esapi/reference/TestTrace.java
+++ b/src/test/java/org/owasp/esapi/reference/TestTrace.java
@@ -8,7 +8,7 @@
  * @author August Detlefsen (augustd at codemagi dot com)
  *         <a href="http://www.codemagi.com">CodeMagi, Inc.</a>
  * @since October 15, 2010
- * @see org.owasp.esapi.reference.Log4JLoggerTest
+ * @see org.owasp.esapi.logging.log4j.Log4JLoggerTest
  */
 public class TestTrace extends TestCase {
 
diff --git a/src/test/java/org/owasp/esapi/reference/TestUnspecified.java b/src/test/java/org/owasp/esapi/reference/TestUnspecified.java
index dc35da34e..8f0979de9 100644
--- a/src/test/java/org/owasp/esapi/reference/TestUnspecified.java
+++ b/src/test/java/org/owasp/esapi/reference/TestUnspecified.java
@@ -8,7 +8,7 @@
  * @author August Detlefsen (augustd at codemagi dot com)
  *         <a href="http://www.codemagi.com">CodeMagi, Inc.</a>
  * @since October 15, 2010
- * @see org.owasp.esapi.reference.Log4JLoggerTest
+ * @see org.owasp.esapi.logging.log4j.Log4JLoggerTest
  */
 public class TestUnspecified extends TestCase {
 
diff --git a/src/test/java/org/owasp/esapi/reference/TestWarning.java b/src/test/java/org/owasp/esapi/reference/TestWarning.java
index 16c14e3b3..553646054 100644
--- a/src/test/java/org/owasp/esapi/reference/TestWarning.java
+++ b/src/test/java/org/owasp/esapi/reference/TestWarning.java
@@ -8,7 +8,7 @@
  * @author August Detlefsen (augustd at codemagi dot com)
  *         <a href="http://www.codemagi.com">CodeMagi, Inc.</a>
  * @since October 15, 2010
- * @see org.owasp.esapi.reference.Log4JLoggerTest
+ * @see org.owasp.esapi.logging.log4j.Log4JLoggerTest
  */
 public class TestWarning extends TestCase {
 
diff --git a/src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleCleanTest.java b/src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleCleanTest.java
index dfed45607..8f7dd8b3d 100644
--- a/src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleCleanTest.java
+++ b/src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleCleanTest.java
@@ -73,9 +73,7 @@ public String getStringProp(String propName) {
 
 
     /**
-     * Instantiates a new HTTP utilities test.
-     *
-     * @param testName the test name
+     * Default construstor that instantiates a new {@code HTMLValidationRule} test.
      */
     public HTMLValidationRuleCleanTest() {
     }

From ab61e0c95edd26f9b06096ab11efbb25cc5ce77e Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sat, 27 Jun 2020 00:13:18 -0400
Subject: [PATCH 685/812] Javadoc fix.

---
 src/main/java/org/owasp/esapi/Logger.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/org/owasp/esapi/Logger.java b/src/main/java/org/owasp/esapi/Logger.java
index fd20331ce..8d372b624 100644
--- a/src/main/java/org/owasp/esapi/Logger.java
+++ b/src/main/java/org/owasp/esapi/Logger.java
@@ -206,7 +206,7 @@ public String toString() {
     void setLevel(int level);
     
     /** Retrieve the current ESAPI logging level for this logger. See
-     * {@link org.owasp.esapi.reference.Log4JLogger} for an explanation of
+     * {@link org.owasp.esapi.logging.log4j.Log4JLogger} for an explanation of
      * why this method is not simply called {@code getLevel()}.
      * 
      * @return The current logging level.

From c7815d8344ad407363b3aaf07d9e2b662c8654c4 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sat, 27 Jun 2020 00:14:15 -0400
Subject: [PATCH 686/812] Fix typos in Javadoc updates.

---
 src/main/java/org/owasp/esapi/Encoder.java | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/Encoder.java b/src/main/java/org/owasp/esapi/Encoder.java
index 823b00007..84e0388e0 100644
--- a/src/main/java/org/owasp/esapi/Encoder.java
+++ b/src/main/java/org/owasp/esapi/Encoder.java
@@ -94,17 +94,17 @@
  * stores some untrusted data item such as an email address from a user. A
  * developer thinks "let's output encode this and store the encoded data in
  * the database, thus making the untrusted data safe to use all the time, thus
-* saving all of use developers all the encoding troubles later on". On the surface,
+* saving all of us developers all the encoding troubles later on". On the surface,
  * that sounds like a reasonable approach. The problem is how to know what
  * output encoding to use, not only for now, but for all possible <i>future</i>
  * uses? It might be that the current application code base is only using it in
- * an HTML contexxt that is displayed in an HTML report or shown in an HTML
+ * an HTML context that is displayed in an HTML report or shown in an HTML
  * context in the user's profile. But what if it is later used in a {@code mailto:} URL?
  * Then instead of HTML encoding, it would need to have URL encoding. Similarly,
  * what if there is a later switch made to use AJAX and the untrusted email
  * address gets used in a JavaScript context? The complication is that even if
  * you know with certainty today all the ways that an untrusted data item is
- * used in your application, it is genrally impossible to predict all the
+ * used in your application, it is generally impossible to predict all the
  * contexts that it may be used in the future, not only in your application, but
  * in other applications that could access that data in the database.
  * </li>
@@ -119,7 +119,7 @@
  * URL encoding within JavaScript</a>. Be sure to read the entire thread.
  * The question itself is too nuanced to be answered in Javadoc, but now,
  * hopefully you are at least aware of the potential pitfalls. There is little
- * avaiable research or examples on how to do output encodeing when multiple
+ * available research or examples on how to do output encoding when multiple
  * mixed encodings are required, although one that you may find useful is
  * <a href="https://arxiv.org/pdf/1804.01862.pdf" target="_blank"
  * rel="noopener noreferrer">
@@ -132,10 +132,10 @@
  * <pre>
  *      &lt;/script&gt;alert(1)&lt;/script&gt;
  * </pre>
- * or similiar simplistic XSS attack payloads and if that is properly encoded
+ * or similar simplistic XSS attack payloads and if that is properly encoded
  * (or, you don't see an alert box popped in your browser), you consider it
  * "problem fixed", consider the unit testing sufficient. Unfortunately, that
- * minimalist testing may not always detect places were you used the wrong decoder. You need to do better.
+ * minimalist testing may not always detect places where you used the wrong decoder. You need to do better.
  * Fortunately, the aforementioned link,
  * <a href="https://arxiv.org/pdf/1804.01862.pdf" target="_blank"
  * rel="noopener noreferrer">
@@ -143,7 +143,7 @@
  * provides some insight. You may also wish to look at the
  * <a href="https://github.com/ESAPI/esapi-java-legacy/blob/develop/src/test/java/org/owasp/esapi/reference/EncoderTest.java"
  * target="_blank" rel="noopener noreferrer">ESAPI Encoder JUnittest cases</a>.
- * If you are really ambitious, an excellent resource for XSS attack patters is
+ * If you are really ambitious, an excellent resource for XSS attack patterns is
  * <a href="https://beefproject.com/" target="_blank" rel="noopener noreferrer">BeEF - The Browser Exploitation Framework Project</a>.
  * </li>
  * </ul>

From ba43950e072fd8f0aeaf7e91a5a031d0d32c0153 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Wed, 1 Jul 2020 22:25:45 -0400
Subject: [PATCH 687/812] More minor javadoc fixes, esp link corrections.

---
 src/main/java/org/owasp/esapi/Encoder.java | 35 +++++++++++-----------
 1 file changed, 18 insertions(+), 17 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/Encoder.java b/src/main/java/org/owasp/esapi/Encoder.java
index 84e0388e0..48b1e9cf4 100644
--- a/src/main/java/org/owasp/esapi/Encoder.java
+++ b/src/main/java/org/owasp/esapi/Encoder.java
@@ -76,8 +76,9 @@
  * </p><p>
  * Note that in addition to these encoder methods, ESAPI also provides a JSP Tag
  * Library ({@code META-INF/esapi.tld}) in the ESAPI jar. This allows one to use
- * the more convenient JSP tags in JSPs. These * tags are simply wrappers for the
- * various "encodeForX<i>XYZ</i>()" methods.
+ * the more convenient JSP tags in JSPs. These JSP tags are simply wrappers for the
+ * various these "encodeForX<i>XYZ</i>()" method docmented in this {@code Encoder}
+ * interface.
  * </p><p>
  * <b>Some important final words:</b>
  * <ul>
@@ -134,15 +135,15 @@
  * </pre>
  * or similar simplistic XSS attack payloads and if that is properly encoded
  * (or, you don't see an alert box popped in your browser), you consider it
- * "problem fixed", consider the unit testing sufficient. Unfortunately, that
- * minimalist testing may not always detect places where you used the wrong decoder. You need to do better.
- * Fortunately, the aforementioned link,
+ * "problem fixed", and consider the unit testing sufficient. Unfortunately, that
+ * minimalist testing may not always detect places where you used the wrong output
+ * encoder. You need to do better. Fortunately, the aforementioned link,
  * <a href="https://arxiv.org/pdf/1804.01862.pdf" target="_blank"
  * rel="noopener noreferrer">
  * Automated Detecting and Repair of Cross-SiteScripting Vulnerabilities through Unit Testing</a>
- * provides some insight. You may also wish to look at the
+ * provides some insight on this. You may also wish to look at the
  * <a href="https://github.com/ESAPI/esapi-java-legacy/blob/develop/src/test/java/org/owasp/esapi/reference/EncoderTest.java"
- * target="_blank" rel="noopener noreferrer">ESAPI Encoder JUnittest cases</a>.
+ * target="_blank" rel="noopener noreferrer">ESAPI Encoder JUnittest cases</a> for ideas.
  * If you are really ambitious, an excellent resource for XSS attack patterns is
  * <a href="https://beefproject.com/" target="_blank" rel="noopener noreferrer">BeEF - The Browser Exploitation Framework Project</a>.
  * </li>
@@ -366,12 +367,12 @@ public interface Encoder {
      * The best approach is to make sure any single-quotes are double-quoted.
      * Another possible approach is to use the {escape} syntax described in the
      * JDBC specification in section 1.5.6.
-     * 
+     *
      * However, this syntax does not work with all drivers, and requires
      * modification of all queries.
      * 
-     * @see <a href="http://java.sun.com/j2se/1.4.2/docs/guide/jdbc/getstart/statement.html">JDBC Specification</a>
-     * @see java.sql.PreparedStatement
+     * @see <a href="https://download.oracle.com/otn-pub/jcp/jdbc-4_2-mrel2-spec/jdbc4.2-fr-spec.pdf">JDBC Specification</a>
+     * @see <a href="https://docs.oracle.com/javase/8/docs/api/java/sql/PreparedStatement.html">java.sql.PreparedStatement</a>
      *  
      * @param codec 
      *      a Codec that declares which database 'input' is being encoded for (ie. MySQL, Oracle, etc.)
@@ -462,15 +463,15 @@ public interface Encoder {
 
     /**
      * Encode data for use in an XML element. The implementation should follow the <a
-     * href="http://www.w3schools.com/xml/xml_encoding.asp">XML Encoding
-     * Standard</a> from the W3C.
+     * href="https://www.w3.org/TR/REC-xml/#charencoding">Character Encoding in Entities</a>
+     * from W3C.
      * <p>
      * The use of a real XML parser is strongly encouraged. However, in the
      * hopefully rare case that you need to make sure that data is safe for
      * inclusion in an XML document and cannot use a parse, this method provides
      * a safe mechanism to do so.
      * 
-     * @see <a href="http://www.w3schools.com/xml/xml_encoding.asp">XML Encoding Standard</a>
+     * @see <a href="https://www.w3.org/TR/REC-xml/#charencoding">Character Encoding in Entities</a>
      * 
      * @param input
      *          the text to encode for XML
@@ -481,16 +482,16 @@ public interface Encoder {
     String encodeForXML(String input);
 
     /**
-     * Encode data for use in an XML attribute. The implementation should follow
-     * the <a href="http://www.w3schools.com/xml/xml_encoding.asp">XML Encoding
-     * Standard</a> from the W3C.
+     * Encode data for use in an XML attribute. The implementation should follow the <a
+     * href="https://www.w3.org/TR/REC-xml/#charencoding">Character Encoding in Entities</a>
+     * from W3C.
      * <p>
      * The use of a real XML parser is highly encouraged. However, in the
      * hopefully rare case that you need to make sure that data is safe for
      * inclusion in an XML document and cannot use a parse, this method provides
      * a safe mechanism to do so.
      * 
-     * @see <a href="http://www.w3schools.com/xml/xml_encoding.asp">XML Encoding Standard</a>
+     * @see <a href="https://www.w3.org/TR/REC-xml/#charencoding">Character Encoding in Entities</a>
      * 
      * @param input
      *          the text to encode for use as an XML attribute

From c38eda06b17190ac0fba2ed28ae37aee0f2b6c41 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Wed, 1 Jul 2020 23:44:07 -0400
Subject: [PATCH 688/812] Add / refine / complete details not addressed by
 sempf's content.

---
 .../esapi4java-core-2.2.1.0-release-notes.txt | 247 ++++++++++--------
 1 file changed, 132 insertions(+), 115 deletions(-)

diff --git a/documentation/esapi4java-core-2.2.1.0-release-notes.txt b/documentation/esapi4java-core-2.2.1.0-release-notes.txt
index bb46556b8..cfe1c1b64 100644
--- a/documentation/esapi4java-core-2.2.1.0-release-notes.txt
+++ b/documentation/esapi4java-core-2.2.1.0-release-notes.txt
@@ -1,115 +1,132 @@
-Release notes for ESAPI 2.2.1.0
-    Release date: 2020-TBD
-    Project leaders:
-        -Kevin W. Wall <kevin.w.wall@gmail.com>
-        -Matt Seil <matt.seil@owasp.org>
-
-Previous release: ESAPI 2.2.0.0, 2019-June-24
-
-
-Executive Summary: Important Things to Note for this Release
-------------------------------------------------------------
-
-    TBD
-
-=================================================================================================================
-
-Basic ESAPI facts
-
-ESAPI 2.2.0.0 release:
-    194 Java source files
-    4150 JUnit tests in 118 Java source files
-
-ESAPI 2.2.1.0 release:
-    TBD
-
-GitHub Issues fixed in this release
-
-Issue #			GitHub Issue Title
-----------------------------------------------------------------------------------------------
-
-143             Enchance encodeForOS to auto-detect the underling OS
-226             Javadoc Inaccuracy in getRandomInteger() and getRandomReal()
-245             KeyDerivationFunction::computeDerivedKey - possible security level mismatch
-256             White space clean up
-382             Build Fails on path with space
-494             Encoder's encodeForCSS doesn't handle RGB Triplets
-503             Bug on on referrer header when value contains `&section` like `www.asdf.com?a=1&section=2`
-509             HTMLValidationRule.getValid(String,String) does not follow documented specifications
-511             Add missing documentation to Validator.addRule() and Validator.getRule()
-512             Update Apache Commons Bean Utils to 1.9.4
-515             Adding tests for getCookies (also 516)
-519             Issue 494 CSSCodec RGB Triplets
-530             Log Bridge Tests
-536             Various fixes
-538             Addressing log4j 1.x CVE-2019-17571
-
------------------------------------------------------------------------------
-
-        Changes requiring special attention
-
------------------------------------------------------------------------------
-
-TBD
-
------------------------------------------------------------------------------
-
-        Other changes in this release, some of which not tracked via GitHub issues
-
------------------------------------------------------------------------------
-
-Documentation updates for locating Jar files
-Unneeded code removed from ExtensiveEncoder
-Inline reader added to ExtensiveEncoder
-Additional time for windows to always sleep more than given seconds in CryptoTokenTest
-Change required by tweak to CipherText.toString() method
-Removed call to deprecated CryptoHelper.computeDerivedKey() method
-New JUnit tests for org.owasp.esapi.crypto.KeyDerivationFunction class
-Use existing toString method rather than a StringBuilder
-Documentation and tests
-JavaLogger move
-Splitting user infor from Client Supplier
-
------------------------------------------------------------------------------
-
-Developer Activity Report (Changes between release 2.2.0.0 and 2.2.1.0, i.e., between 2019-06-25 and 2020-05-12)
-Generated manually (this time)
-
-Developer       Total commits       Total Number
-                                  of Files Changed
-=====================================================
-jeremiahjstacey 11              68
-kwwall          15              26
-wiitek          3               6
-xeno6696        8               9
-Michael-Ziluck  2               3
-=====================================================
-
------------------------------------------------------------------------------
-
-53 Closed PRs since 2.2.0.0 release
-===================================
-504 New scripts to suppress noise for 'mvn test'
-510 Resolve #509 - Properly throw exception when HTML fails
-513 Close issue #512 by updating to 1.9.4 of Commons Beans Util.\
-519 Issue 494 CSSCodec RGB Triplets
-520 OS Name DefaultExecutorTests #143
-540 Issue 382: Build Fails on path with space
-596 Closes Issue 245
-
------------------------------------------------------------------------------
-
-Notice:
-
-    Release notes written by Bill Sempf (bill.sempf@owasp.org) please direct any communication to me.
-
-Project co-leaders
-    Kevin W. Wall (kwwall)
-    Matt Seil (xeno6696)
-
-Special shout-outs to:
-    Jeremiah Stacey (jeremiahjstacey) -- All around ESAPI support and JUnit test case developer extraordinaire
-    Dave Wichers (davewichers) - for Maven Central / Sonatype help
-
-Thanks you all for your time and effort to ESAPI and making it a better project. And if I've missed any, my apologies; let me know and I will correct it.
-
+Release notes for ESAPI 2.2.1.0
+    Release date: 2020-July-??
+    Project leaders:
+        -Kevin W. Wall <kevin.w.wall@gmail.com>
+        -Matt Seil <matt.seil@owasp.org>
+
+Previous release: ESAPI 2.2.0.0, 2019-June-24
+
+
+Executive Summary: Important Things to Note for this Release
+------------------------------------------------------------
+
+This is a minor release. It's main purpose was to update dependencies to eliminate potential vulnerabilities arising from dependencies with known CVEs. See the section "Changes requiring special attention" below for additional details.
+
+Also special props to Bill Sempf for stepping up and volunteering to prepare the initial cut of these release notes. Had he not done so, this release either would not have release notes or it would have been delayed another 6 months while I procrastinated further with various distractions. (Squirrel!)
+
+=================================================================================================================
+
+Basic ESAPI facts
+-----------------
+
+ESAPI 2.2.0.0 release:
+    194 Java source files
+    4150 JUnit tests in 118 Java source files
+
+ESAPI 2.2.1.0 release:
+    211 Java source files
+    4309 JUnit tests in 134 Java source files
+
+GitHub Issues fixed in this release
+
+Issue #         GitHub Issue Title
+----------------------------------------------------------------------------------------------
+
+143             Enchance encodeForOS to auto-detect the underling OS
+226             Javadoc Inaccuracy in getRandomInteger() and getRandomReal()
+245             KeyDerivationFunction::computeDerivedKey - possible security level mismatch
+256             White space clean up
+382             Build Fails on path with space
+494             Encoder's encodeForCSS doesn't handle RGB Triplets
+503             Bug on on referrer header when value contains `&section` like `www.asdf.com?a=1&section=2`
+509             HTMLValidationRule.getValid(String,String) does not follow documented specifications
+511             Add missing documentation to Validator.addRule() and Validator.getRule()
+512             Update Apache Commons Bean Utils to 1.9.4
+515             Adding tests for getCookies (also 516)
+519             Issue 494 CSSCodec RGB Triplets
+522             javadoc corrections for Encoder.canonicalize()
+530             Log Bridge Tests
+536             Various fixes
+538             Addressing log4j 1.x CVE-2019-17571
+
+-----------------------------------------------------------------------------
+
+        Changes requiring special attention
+
+-----------------------------------------------------------------------------
+The new default ESAPI logger is JUL (java.util.logging packages) and we have deprecated the use of Log4j 1.x as it is way past the end-of-life and we now support SLF4J. We did not want to make SLF4J the default logger (at least not yet) as we did not want to have the default ESAPI use require additional dependencies. However, SLF4J is likely to be the future choice, at least once we start on EsAPI 3.0. A special shout-out to Jeremiah Stacey for making this possible by re-factoring much of the ESAPI logger code. Note, the straw that broke the proverbial camel's back was the announcement of CVE-2019-17571 (rated Critical), for which there is no fix available and likely will never be.
+
+Related to that CVE and how it affects ESAPI, be sure to read
+   https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin2.pdf 
+which describes CVE-2019-17571, a deserialization vulnerability in Log4j 1.2.17. ESAPI is not affected by this (even if you chose to use Log4j 1 as you default ESAPI logger). This security bulletin describes why this CVE is not exploitable as used by ESAPI.
+
+Notable dependency updates (excludes those only used with JUnit tests):
+    antiSamy            1.5.8   ->  1.5.10
+    batik-css           1.11    ->  1.13
+    commons-beansutil   1.9.3   ->  1.9.4
+    slf4j-api           1.7.26  ->  1.7.30
+
+Finally, while ESAPI still supports JDK 7 (even though that too is way past end-of-life), the next ESAPI release will move to JDK 8 as the minimal baseline. (We already use Java 8 for development but still to Java 7 source and runtime compatiblity.)
+
+-----------------------------------------------------------------------------
+
+        Other changes in this release, some of which not tracked via GitHub issues
+
+-----------------------------------------------------------------------------
+
+Documentation updates for locating Jar files
+Unneeded code removed from ExtensiveEncoder
+Inline reader added to ExtensiveEncoder
+Additional time for windows to always sleep more than given seconds in CryptoTokenTest
+Change required by tweak to CipherText.toString() method
+Removed call to deprecated CryptoHelper.computeDerivedKey() method
+New JUnit tests for org.owasp.esapi.crypto.KeyDerivationFunction class
+Use existing toString method rather than a StringBuilder
+Documentation and tests
+JavaLogger moved 
+Splitting user info from Client Supplier
+
+-----------------------------------------------------------------------------
+
+Developer Activity Report (Changes between release 2.2.0.0 and 2.2.1.0, i.e., between 2019-06-25 and 2020-05-12)
+Generated manually (this time)
+
+Developer       Total       Total Number
+(GitHub ID)     commits   of Files Changed
+=====================================================
+jeremiahjstacey 11              68
+kwwall          15              26
+wiitek          3               6
+xeno6696        8               9
+Michael-Ziluck  2               3
+sempf           1               1
+=====================================================
+
+-----------------------------------------------------------------------------
+
+53 Closed PRs since 2.2.0.0 release
+===================================
+504 New scripts to suppress noise for 'mvn test'
+510 Resolve #509 - Properly throw exception when HTML fails
+513 Close issue #512 by updating to 1.9.4 of Commons Beans Util.\
+519 Issue 494 CSSCodec RGB Triplets
+520 OS Name DefaultExecutorTests #143
+540 Issue 382: Build Fails on path with space
+596 Closes Issue 245
+
+-----------------------------------------------------------------------------
+
+Notice:
+
+    Release notes written by Bill Sempf (bill.sempf@owasp.org), but please direct any communication to the project leaders.
+
+Project co-leaders
+    Kevin W. Wall (kwwall)
+    Matt Seil (xeno6696)
+
+Special shout-outs to:
+    Jeremiah Stacey (jeremiahjstacey) -- All around ESAPI support and JUnit test case developer extraordinaire
+    Dave Wichers (davewichers) - for Maven Central / Sonatype help
+    Bill Sempf -- for these release notes. Awesome job, Bill. I owe you a brew.
+
+Thanks you all for your time and effort to ESAPI and making it a better project. And if I've missed any, my apologies; let me know and I will correct it.

From cce9034a9b06e89dcb47461f8d08f79885fcf39a Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Wed, 1 Jul 2020 23:45:38 -0400
Subject: [PATCH 689/812] Change from SNAPSHOT to Release Candidate 1 (RC1).

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index a57922307..a9dcd8a5e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,7 +3,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.owasp.esapi</groupId>
     <artifactId>esapi</artifactId>
-    <version>2.2.1.0-SNAPSHOT</version>
+    <version>2.2.1.0-RC1</version>
     <packaging>jar</packaging>
 
     <distributionManagement>

From f00db32b7cc857aeb56f40e1dc584da07695df04 Mon Sep 17 00:00:00 2001
From: HJW8472 <50944183+HJW8472@users.noreply.github.com>
Date: Thu, 2 Jul 2020 15:51:18 +0200
Subject: [PATCH 690/812] Fixed issue #310 (#541)

Fix #310
* issue-#310-coding-done

* issue-#310-fixed-testclases-package

* issue-ESAPI#310-tested-and-cleaned-code

* issue-ESAPI#310-removed-an-useless-import

* issue-#310-fixed-review-comments

* issue-ESAPI#310-filename-configurable-and-added-testclass

* Updated-ESAPI.properties-with-comment
---
 configuration/esapi/ESAPI.properties          |   7 +
 .../owasp/esapi/SecurityConfiguration.java    |   1 -
 .../DefaultSecurityConfiguration.java         |   1 +
 .../validation/HTMLValidationRule.java        | 104 +++-
 .../HTMLValidationRuleClasspathTest.java      | 171 ++++++
 .../HTMLValidationRuleCleanTest.java          |   2 +-
 .../HTMLValidationRuleThrowsTest.java         |   2 +-
 src/test/resources/antisamy-esapi-CP.xml      | 492 ++++++++++++++++++
 8 files changed, 771 insertions(+), 9 deletions(-)
 create mode 100644 src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleClasspathTest.java
 create mode 100644 src/test/resources/antisamy-esapi-CP.xml

diff --git a/configuration/esapi/ESAPI.properties b/configuration/esapi/ESAPI.properties
index 7ac0fb9d3..bafe1e38c 100644
--- a/configuration/esapi/ESAPI.properties
+++ b/configuration/esapi/ESAPI.properties
@@ -535,3 +535,10 @@ Validator.AcceptLenientDates=false
 #
 #Validator.HtmlValidationAction=clean
 Validator.HtmlValidationAction=throw
+
+# With the fix for #310 to enable loading antisamy-esapi.xml from the classpath
+# also an enhancement was made to be able to use a different filename for the configuration.
+# You don't have to configure the filename here, but in that case the code will keep looking for antisamy-esapi.xml.
+# This is the default behaviour of ESAPI.
+#
+#Validator.HtmlValidationConfigurationFile=antisamy-esapi.xml
diff --git a/src/main/java/org/owasp/esapi/SecurityConfiguration.java b/src/main/java/org/owasp/esapi/SecurityConfiguration.java
index ed326d6ae..57bfcca38 100644
--- a/src/main/java/org/owasp/esapi/SecurityConfiguration.java
+++ b/src/main/java/org/owasp/esapi/SecurityConfiguration.java
@@ -640,7 +640,6 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
      */
     InputStream getResourceStream( String filename ) throws IOException;
 
-    	
 	/**
 	 * Sets the ESAPI resource directory.
 	 * 
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
index d578850ba..24337e14a 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
@@ -159,6 +159,7 @@ public static SecurityConfiguration getInstance() {
     public static final String VALIDATION_PROPERTIES_MULTIVALUED = "Validator.ConfigurationFile.MultiValued";
     public static final String ACCEPT_LENIENT_DATES = "Validator.AcceptLenientDates";
     public static final String VALIDATOR_HTML_VALIDATION_ACTION = "Validator.HtmlValidationAction";
+	public static final String VALIDATOR_HTML_VALIDATION_CONFIGURATION_FILE = "Validator.HtmlValidationConfigurationFile";
 
     /**
      * Special {@code System} property that, if set to {@code true}, will
diff --git a/src/main/java/org/owasp/esapi/reference/validation/HTMLValidationRule.java b/src/main/java/org/owasp/esapi/reference/validation/HTMLValidationRule.java
index 0670860d9..f68253cd1 100644
--- a/src/main/java/org/owasp/esapi/reference/validation/HTMLValidationRule.java
+++ b/src/main/java/org/owasp/esapi/reference/validation/HTMLValidationRule.java
@@ -30,6 +30,7 @@
 import org.owasp.validator.html.Policy;
 import org.owasp.validator.html.PolicyException;
 import org.owasp.validator.html.ScanException;
+import org.owasp.esapi.reference.DefaultSecurityConfiguration;
 
 
 /**
@@ -46,22 +47,113 @@ public class HTMLValidationRule extends StringValidationRule {
 	/** OWASP AntiSamy markup verification policy */
 	private static Policy antiSamyPolicy = null;
 	private static final Logger LOGGER = ESAPI.getLogger( "HTMLValidationRule" );
+	private static final String ANTISAMYPOLICY_FILENAME = "antisamy-esapi.xml";
+
+    /**
+     * Used to load antisamy-esapi.xml from a variety of different classpath locations.
+	 * The classpath locations are the same classpath locations as used to load esapi.properties.
+	 * See DefaultSecurityConfiguration.DefaultSearchPath.
+     *
+     * @param fileName The resource file filename.
+     */
+	private static InputStream getResourceStreamFromClasspath(String fileName) {
+		InputStream resourceStream = null;
+		
+		ClassLoader[] loaders = new ClassLoader[] {
+				Thread.currentThread().getContextClassLoader(),
+				ClassLoader.getSystemClassLoader(),
+				ESAPI.securityConfiguration().getClass().getClassLoader()  
+						/* can't use just getClass.getClassLoader() in a static context, so using the DefaultSecurityConfiguration class. */
+		};
+		
+		String[] classLoaderNames = {
+				"current thread context class loader",
+				"system class loader",
+				"class loader for DefaultSecurityConfiguration class"
+		};
+		
+		int i = 0;
+        for (ClassLoader loader : loaders) {
+			// try root
+			String currentClasspathSearchLocation = "/ (root)";
+            resourceStream = loader.getResourceAsStream(DefaultSecurityConfiguration.DefaultSearchPath.ROOT.value() + fileName);
+			
+			// try resourceDirectory folder
+			if (resourceStream == null){
+				currentClasspathSearchLocation = DefaultSecurityConfiguration.DefaultSearchPath.RESOURCE_DIRECTORY.value();
+				resourceStream = loader.getResourceAsStream(currentClasspathSearchLocation + fileName);
+			}
+			
+			// try .esapi folder. Look here first for backward compatibility.
+			if (resourceStream == null){
+				currentClasspathSearchLocation = DefaultSecurityConfiguration.DefaultSearchPath.DOT_ESAPI.value();
+				resourceStream = loader.getResourceAsStream(currentClasspathSearchLocation + fileName);
+			}
+
+			// try esapi folder (new directory)
+			if (resourceStream == null){
+				currentClasspathSearchLocation = DefaultSecurityConfiguration.DefaultSearchPath.ESAPI.value();
+				resourceStream = loader.getResourceAsStream(currentClasspathSearchLocation + fileName);
+			}
+
+			// try resources folder
+			if (resourceStream == null){
+				currentClasspathSearchLocation = DefaultSecurityConfiguration.DefaultSearchPath.RESOURCES.value();
+				resourceStream = loader.getResourceAsStream(currentClasspathSearchLocation + fileName);
+			}
+
+			// try src/main/resources folder
+			if (resourceStream == null){
+				currentClasspathSearchLocation = DefaultSecurityConfiguration.DefaultSearchPath.SRC_MAIN_RESOURCES.value();
+				resourceStream = loader.getResourceAsStream(currentClasspathSearchLocation + fileName);
+			}
+
+            if (resourceStream != null) {
+				LOGGER.info(Logger.EVENT_FAILURE, "SUCCESSFULLY LOADED " + fileName + " via the CLASSPATH from '" + 
+					currentClasspathSearchLocation + "' using " + classLoaderNames[i] + "!");
+                break; // Outta here since we've found and loaded it.
+            }
+			
+			i++;
+        }
+		
+		return resourceStream;
+	}
 
 	static {
         InputStream resourceStream = null;
+		String antisamyPolicyFilename = null;
+		
+		try {
+			antisamyPolicyFilename = ESAPI.securityConfiguration().getStringProp(
+                    // Future: This will be moved to a new PropNames class
+                org.owasp.esapi.reference.DefaultSecurityConfiguration.VALIDATOR_HTML_VALIDATION_CONFIGURATION_FILE );
+		} catch (ConfigurationException cex) {
+			
+            LOGGER.info(Logger.EVENT_FAILURE, "ESAPI property " + 
+                           org.owasp.esapi.reference.DefaultSecurityConfiguration.VALIDATOR_HTML_VALIDATION_CONFIGURATION_FILE +
+                           " not set, using default value: " + ANTISAMYPOLICY_FILENAME);
+			antisamyPolicyFilename = ANTISAMYPOLICY_FILENAME;
+		}
 		try {
-			resourceStream = ESAPI.securityConfiguration().getResourceStream("antisamy-esapi.xml");
+			resourceStream = ESAPI.securityConfiguration().getResourceStream(antisamyPolicyFilename);
 		} catch (IOException e) {
-			throw new ConfigurationException("Couldn't find antisamy-esapi.xml", e);
-	            }
+			
+			LOGGER.info(Logger.EVENT_FAILURE, "Loading " + antisamyPolicyFilename + " from classpaths");
+
+			resourceStream = getResourceStreamFromClasspath(antisamyPolicyFilename);
+		}
         if (resourceStream != null) {
         	try {
 				antiSamyPolicy = Policy.getInstance(resourceStream);
 			} catch (PolicyException e) {
-				throw new ConfigurationException("Couldn't parse antisamy policy", e);
-		        }
-			}
+				throw new ConfigurationException("Couldn't parse " + antisamyPolicyFilename, e);
+	        }
 		}
+        else {
+            throw new ConfigurationException("Couldn't find " + antisamyPolicyFilename);
+		}
+	}
 
 	public HTMLValidationRule( String typeName ) {
 		super( typeName );
diff --git a/src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleClasspathTest.java b/src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleClasspathTest.java
new file mode 100644
index 000000000..f032059d1
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleClasspathTest.java
@@ -0,0 +1,171 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2019 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author kevin.w.wall@gmail.com
+ * @since 2019
+ */
+package org.owasp.esapi.reference.validation;
+
+import org.owasp.esapi.ESAPI;
+import org.owasp.esapi.SecurityConfiguration;
+import org.owasp.esapi.SecurityConfigurationWrapper;
+import org.owasp.esapi.ValidationErrorList;
+import org.owasp.esapi.ValidationRule;
+import org.owasp.esapi.Validator;
+import org.owasp.esapi.errors.ValidationException;
+import org.owasp.esapi.reference.validation.HTMLValidationRule;
+
+import org.junit.Test;
+import org.junit.Before;
+import org.junit.After;
+import org.junit.Rule;
+import org.junit.rules.ExpectedException;
+import static org.junit.Assert.*;
+
+/**
+ * The Class HTMLValidationRuleThrowsTest.
+ *
+ * Based on original test cases, testGetValidSafeHTML() and
+ * testIsValidSafeHTML() from ValidatorTest by
+ *      Mike Fauzy (mike.fauzy@aspectsecurity.com) and
+ *      Jeff Williams (jeff.williams@aspectsecurity.com)
+ * that were originally part of src/test/java/org/owasp/esapi/reference/ValidatorTest.java.
+ *
+ * This class tests the cases where the new ESAPI.property
+ *      Validator.HtmlValidationAction
+ * is set to "throw", which causes certain calls to
+ * ESAPI.validator().getValidSafeHTML() or ESAPI.validator().isValidSafeHTML()
+ * to throw a ValidationException rather than simply logging a warning and returning
+ * the cleansed (sanitizied) output when certain unsafe input is encountered.
+ */
+public class HTMLValidationRuleClasspathTest {
+	private static class ConfOverride extends SecurityConfigurationWrapper {
+        private String desiredReturnAction = "clean";
+        private String desiredReturnConfigurationFile = "antisamy-esapi.xml";
+
+		ConfOverride(SecurityConfiguration orig, String desiredReturnAction, String desiredReturnConfigurationFile) {
+			super(orig);
+            this.desiredReturnAction = desiredReturnAction;
+			this.desiredReturnConfigurationFile = desiredReturnConfigurationFile;
+		}
+
+		@Override
+		public String getStringProp(String propName) {
+            // Would it be better making this file a static import?
+			if ( propName.equals( org.owasp.esapi.reference.DefaultSecurityConfiguration.VALIDATOR_HTML_VALIDATION_ACTION ) ) {
+                return desiredReturnAction;
+            } else if ( propName.equals( org.owasp.esapi.reference.DefaultSecurityConfiguration.VALIDATOR_HTML_VALIDATION_CONFIGURATION_FILE ) ) {
+                return desiredReturnConfigurationFile;
+            } else {
+                return super.getStringProp( propName );
+            }
+        }
+    }
+
+    // Must be public!
+    @Rule
+    public ExpectedException thrownEx = ExpectedException.none();
+
+    @After
+    public void tearDown() throws Exception {
+        ESAPI.override(null);
+        thrownEx = ExpectedException.none();
+    }
+
+	@Before
+    public void setUp() throws Exception {
+		ESAPI.override(
+			new ConfOverride( ESAPI.securityConfiguration(), "throw", "antisamy-esapi-CP.xml" )
+		);
+
+    }
+
+    @Test
+    public void testGetValid() throws Exception {
+        System.out.println("getValidCP");
+        Validator instance = ESAPI.validator();
+        HTMLValidationRule rule = new HTMLValidationRule("testCP");
+        ESAPI.validator().addRule(rule);
+
+        thrownEx.expect(ValidationException.class);
+        thrownEx.expectMessage("test: Invalid HTML input");
+
+        instance.getRule("testCP").getValid("test", "Test. <script>alert(document.cookie)</script>");
+    }
+
+    @Test
+    public void testGetValidSafeHTML() throws Exception {
+        System.out.println("getValidSafeHTML");
+        Validator instance = ESAPI.validator();
+
+        HTMLValidationRule rule = new HTMLValidationRule("test");
+        ESAPI.validator().addRule(rule);
+
+        String[] testInput = {
+                                // These first two don't cause AntiSamy to throw.
+                        // "Test. <a href=\"http://www.aspectsecurity.com\">Aspect Security</a>",
+                        // "Test. <<div on<script></script>load=alert()",
+                        "Test. <script>alert(document.cookie)</script>",
+                        "Test. <script>alert(document.cookie)</script>",
+                        "Test. <div style={xss:expression(xss)}>b</div>",
+                        "Test. <s%00cript>alert(document.cookie)</script>",
+                        "Test. <s\tcript>alert(document.cookie)</script>",
+                        "Test. <s\tcript>alert(document.cookie)</script>"
+        };
+
+        int errors = 0;
+        for( int i = 0; i < testInput.length; i++ ) {
+            try {
+                String result = instance.getValidSafeHTML("test", testInput[i], 100, false);
+                errors++;
+                System.out.println("testGetValidSafeHTML(): testInput '" + testInput[i] + "' failed to throw.");
+            }
+            catch( ValidationException vex ) {
+                System.out.println("testGetValidSafeHTML(): testInput '" + testInput[i] + "' returned:");
+                System.out.println("\t" + i + ": logMsg =" + vex.getLogMessage());
+                assertEquals( vex.getUserMessage(), "test: Invalid HTML input");
+            }
+            catch( Exception ex ) {
+                errors++;
+                System.out.println("testGetValidSafeHTML(): testInput '" + testInput[i] +
+                                   "' threw wrong exception type: " + ex.getClass().getName() );
+            }
+        }
+
+        if ( errors > 0 ) {
+            fail("testGetValidSafeHTML() encountered " + errors + " failures.");
+        }
+    }
+
+    @Test
+    public void testIsValidSafeHTML() {
+        System.out.println("isValidSafeHTML");
+        Validator instance = ESAPI.validator();
+        thrownEx = ExpectedException.none();    // Not expecting any exceptions here.
+
+        assertTrue(instance.isValidSafeHTML("test", "<b>Jeff</b>", 100, false));
+        assertTrue(instance.isValidSafeHTML("test", "<a href=\"http://www.aspectsecurity.com\">Aspect Security</a>", 100, false));
+        assertFalse(instance.isValidSafeHTML("test", "Test. <script>alert(document.cookie)</script>", 100, false));
+        assertFalse(instance.isValidSafeHTML("test", "Test. <div style={xss:expression(xss)}>", 100, false));
+        assertFalse(instance.isValidSafeHTML("test", "Test. <s%00cript>alert(document.cookie)</script>", 100, false));
+        assertFalse(instance.isValidSafeHTML("test", "Test. <s\tcript>alert(document.cookie)</script>", 100, false));
+        assertFalse(instance.isValidSafeHTML("test", "Test. <s\r\n\0cript>alert(document.cookie)</script>", 100, false));
+
+        ValidationErrorList errors = new ValidationErrorList();
+        assertFalse(instance.isValidSafeHTML("test1", "Test. <script>alert(document.cookie)</script>", 100, false, errors));
+        assertFalse(instance.isValidSafeHTML("test2", "Test. <div style={xss:expression(xss)}>", 100, false, errors));
+        assertFalse(instance.isValidSafeHTML("test3", "Test. <s%00cript>alert(document.cookie)</script>", 100, false, errors));
+        assertFalse(instance.isValidSafeHTML("test4", "Test. <s\tcript>alert(document.cookie)</script>", 100, false, errors));
+        assertFalse(instance.isValidSafeHTML("test5", "Test. <s\r\n\0cript>alert(document.cookie)</script>", 100, false, errors));
+        assertTrue( errors.size() == 5 );
+    }
+}
diff --git a/src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleCleanTest.java b/src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleCleanTest.java
index dfed45607..8bbb5f756 100644
--- a/src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleCleanTest.java
+++ b/src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleCleanTest.java
@@ -13,7 +13,7 @@
  * @author kevin.w.wall@gmail.com
  * @since 2019
  */
-package org.owasp.esapi.reference;
+package org.owasp.esapi.reference.validation;
 
 import org.owasp.esapi.ESAPI;
 import org.owasp.esapi.EncoderConstants;
diff --git a/src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleThrowsTest.java b/src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleThrowsTest.java
index 6726ef56f..7605462aa 100644
--- a/src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleThrowsTest.java
+++ b/src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleThrowsTest.java
@@ -13,7 +13,7 @@
  * @author kevin.w.wall@gmail.com
  * @since 2019
  */
-package org.owasp.esapi.reference;
+package org.owasp.esapi.reference.validation;
 
 import org.owasp.esapi.ESAPI;
 import org.owasp.esapi.SecurityConfiguration;
diff --git a/src/test/resources/antisamy-esapi-CP.xml b/src/test/resources/antisamy-esapi-CP.xml
new file mode 100644
index 000000000..14880d0b5
--- /dev/null
+++ b/src/test/resources/antisamy-esapi-CP.xml
@@ -0,0 +1,492 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+	
+<!-- 
+W3C rules retrieved from:
+http://www.w3.org/TR/html401/struct/global.html
+-->
+	
+<!--
+Slashdot allowed tags taken from "Reply" page:
+<b> <i> <p> <br> <a> <ol> <ul> <li> <dl> <dt> <dd> <em> <strong> <tt> <blockquote> <div> <ecode> <quote>
+-->
+
+<anti-samy-rules xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+		xsi:noNamespaceSchemaLocation="antisamy.xsd">
+	
+	<directives>
+		<directive name="omitXmlDeclaration" value="true"/>
+		<directive name="omitDoctypeDeclaration" value="true"/>
+		<directive name="maxInputSize" value="500000"/>
+		<directive name="embedStyleSheets" value="false"/>
+	</directives>
+	
+	
+	<common-regexps>
+		
+		<!-- 
+		From W3C:
+		This attribute assigns a class name or set of class names to an
+		element. Any number of elements may be assigned the same class
+		name or names. Multiple class names must be separated by white 
+		space characters.
+		-->
+		
+		<regexp name="htmlTitle" value="[a-zA-Z0-9\s-_',:\[\]!\./\\\(\)]*"/> <!-- force non-empty with a '+' at the end instead of '*' -->
+		<regexp name="onsiteURL" value="([\w\\/\.\?=&amp;;\#-~]+|\#(\w)+)"/>
+		<regexp name="offsiteURL" value="(\s)*((ht|f)tp(s?)://|mailto:)[A-Za-z0-9]+[~a-zA-Z0-9-_\.@#$%&amp;;:,\?=/\+!]*(\s)*"/>
+	
+	</common-regexps>
+	
+	<!-- 
+	
+	Tag.name = a, b, div, body, etc.
+	Tag.action = filter: remove tags, but keep content, validate: keep content as long as it passes rules, remove: remove tag and contents
+	Attribute.name = id, class, href, align, width, etc.
+	Attribute.onInvalid = what to do when the attribute is invalid, e.g., remove the tag (removeTag), remove the attribute (removeAttribute), filter the tag (filterTag)
+	Attribute.description = What rules in English you want to tell the users they can have for this attribute. Include helpful things so they'll be able to tune their HTML
+	 
+	 -->
+
+	<!-- 
+	Some attributes are common to all (or most) HTML tags. There aren't many that qualify for this. You have to make sure there's no
+	collisions between any of these attribute names with attribute names of other tags that are for different purposes.
+	-->
+
+	<common-attributes>
+		
+
+		<attribute name="lang" description="The 'lang' attribute tells the browser what language the element's attribute values and content are written in">
+		 	<regexp-list>
+		 		<regexp value="[a-zA-Z]{2,20}"/>
+		 	</regexp-list>
+		 </attribute>
+		 
+		 <attribute name="title" description="The 'title' attribute provides text that shows up in a 'tooltip' when a user hovers their mouse over the element">
+		 	<regexp-list>
+		 		<regexp name="htmlTitle"/>
+		 	</regexp-list>
+		 </attribute>
+
+		<attribute name="href" onInvalid="filterTag">
+			<regexp-list>
+				<regexp name="onsiteURL"/>
+				<regexp name="offsiteURL"/>
+			</regexp-list>
+		</attribute>
+	
+		<attribute name="align" description="The 'align' attribute of an HTML element is a direction word, like 'left', 'right' or 'center'">
+			<literal-list>
+				<literal value="center"/>
+				<literal value="left"/>
+				<literal value="right"/>
+				<literal value="justify"/>
+				<literal value="char"/>
+			</literal-list>
+		</attribute>
+
+	</common-attributes>
+
+
+	<!--
+	This requires normal updates as browsers continue to diverge from the W3C and each other. As long as the browser wars continue
+	this is going to continue. I'm not sure war is the right word for what's going on. Doesn't somebody have to win a war after 
+	a while?
+	 -->
+	
+	<global-tag-attributes>
+		<attribute name="title"/>
+		<attribute name="lang"/>
+	</global-tag-attributes>
+
+
+	<tag-rules>
+
+		<!-- Tags related to JavaScript -->
+
+		<tag name="script" action="remove"/>
+		<tag name="noscript" action="remove"/>
+		
+		<!-- Frame & related tags -->
+		
+		<tag name="iframe" action="remove"/>
+		<tag name="frameset" action="remove"/>
+		<tag name="frame" action="remove"/>
+		<tag name="noframes" action="remove"/>
+		
+
+		<!-- All reasonable formatting tags -->
+		
+		<tag name="p" action="validate">
+			<attribute name="align"/>
+		</tag>
+
+		<tag name="div" action="validate"/>		
+		<tag name="i" action="validate"/>
+		<tag name="b" action="validate"/>
+		<tag name="em" action="validate"/>
+		<tag name="blockquote" action="validate"/>
+		<tag name="tt" action="validate"/>
+		
+		<tag name="br" action="truncate"/>
+
+		<!-- Custom Slashdot tags, though we're trimming the idea of having a possible mismatching end tag with the endtag="" attribute -->
+		
+		<tag name="quote" action="validate"/>
+		<tag name="ecode" action="validate"/> 
+		
+						
+		<!-- Anchor and anchor related tags -->
+		
+		<tag name="a" action="validate">
+
+			<attribute name="href" onInvalid="filterTag"/>
+			<attribute name="nohref">
+				<literal-list>
+					<literal value="nohref"/>
+					<literal value=""/>
+				</literal-list>
+			</attribute>
+			<attribute name="rel">
+				<literal-list>
+					<literal value="nofollow"/>
+				</literal-list>
+			</attribute>
+		</tag>
+
+		<!-- List tags -->
+
+		<tag name="ul" action="validate"/>
+		<tag name="ol" action="validate"/>
+		<tag name="li" action="validate"/>
+		
+	</tag-rules>
+
+
+
+	<!--  No CSS on Slashdot posts -->
+
+	<css-rules>
+	</css-rules>
+
+
+	<html-entities>
+		<entity name="amp" cdata="&amp;"/>
+		<entity name="nbsp" cdata="&amp;#160;"/>
+		
+		<entity name="iexcl" cdata="&amp;#161;"/> <!--inverted exclamation mark, U+00A1 ISOnum -->
+		<entity name="cent" cdata="&amp;#162;"/> <!--cent sign, U+00A2 ISOnum -->
+		<entity name="pound" cdata="&amp;#163;"/> <!--pound sign, U+00A3 ISOnum -->
+		<entity name="curren" cdata="&amp;#164;"/> <!--currency sign, U+00A4 ISOnum -->
+		<entity name="yen" cdata="&amp;#165;"/> <!--yen sign = yuan sign, U+00A5 ISOnum -->
+		<entity name="brvbar" cdata="&amp;#166;"/> <!--broken bar = broken vertical bar, U+00A6 ISOnum -->
+		<entity name="sect" cdata="&amp;#167;"/> <!--section sign, U+00A7 ISOnum -->
+		<entity name="uml" cdata="&amp;#168;"/> <!--diaeresis = spacing diaeresis, U+00A8 ISOdia -->
+		<entity name="copy" cdata="&amp;#169;"/> <!--copyright sign, U+00A9 ISOnum -->
+		<entity name="ordf" cdata="&amp;#170;"/> <!--feminine ordinal indicator, U+00AA ISOnum -->
+		<entity name="laquo" cdata="&amp;#171;"/> <!--left-pointing double angle quotation mark = left pointing guillemet, U+00AB ISOnum -->
+		<entity name="not" cdata="&amp;#172;"/> <!--not sign, U+00AC ISOnum -->
+		<entity name="shy" cdata="&amp;#173;"/> <!--soft hyphen = discretionary hyphen,U+00AD ISOnum -->
+		<entity name="reg" cdata="&amp;#174;"/> <!--registered sign = registered trade mark sign, U+00AE ISOnum -->
+		<entity name="macr" cdata="&amp;#175;"/> <!--macron = spacing macron = overline = APL overbar, U+00AF ISOdia -->
+		<entity name="deg" cdata="&amp;#176;"/> <!--degree sign, U+00B0 ISOnum -->
+		<entity name="plusmn" cdata="&amp;#177;"/> <!--plus-minus sign = plus-or-minus sign, U+00B1 ISOnum -->
+		<entity name="sup2" cdata="&amp;#178;"/> <!--superscript two = superscript digit two = squared, U+00B2 ISOnum -->
+		<entity name="sup3" cdata="&amp;#179;"/> <!--superscript three = superscript digit three= cubed, U+00B3 ISOnum -->
+		<entity name="acute" cdata="&amp;#180;"/> <!--acute accent = spacing acute, U+00B4 ISOdia -->
+		<entity name="micro" cdata="&amp;#181;"/> <!--micro sign, U+00B5 ISOnum -->
+		<entity name="para" cdata="&amp;#182;"/> <!--pilcrow sign = paragraph sign, U+00B6 ISOnum -->
+		<entity name="middot" cdata="&amp;#183;"/> <!--middle dot = Georgian comma = Greek middle dot, U+00B7 ISOnum -->
+		<entity name="cedil" cdata="&amp;#184;"/> <!--cedilla = spacing cedilla, U+00B8 ISOdia -->
+		<entity name="sup1" cdata="&amp;#185;"/> <!--superscript one = superscript digit one,U+00B9 ISOnum -->
+		<entity name="ordm" cdata="&amp;#186;"/> <!--masculine ordinal indicator, U+00BA ISOnum -->
+		<entity name="raquo" cdata="&amp;#187;"/> <!--right-pointing double angle quotation mark = right pointing guillemet, U+00BB ISOnum -->
+		<entity name="frac14" cdata="&amp;#188;"/> <!--vulgar fraction one quarter = fraction one quarter, U+00BC ISOnum -->
+		<entity name="frac12" cdata="&amp;#189;"/> <!--vulgar fraction one half = fraction one half, U+00BD ISOnum -->
+		<entity name="frac34" cdata="&amp;#190;"/> <!--vulgar fraction three quarters = fraction three quarters, U+00BE ISOnum -->
+		<entity name="iquest" cdata="&amp;#191;"/> <!--inverted question mark = turned question mark, U+00BF ISOnum -->
+		<entity name="Agrave" cdata="&amp;#192;"/> <!--latin capital letter A with grave = latin capital letter A grave,U+00C0 ISOlat1 -->
+		<entity name="Aacute" cdata="&amp;#193;"/> <!--latin capital letter A with acute,U+00C1 ISOlat1 -->
+		<entity name="Acirc" cdata="&amp;#194;"/> <!--latin capital letter A with circumflex,U+00C2 ISOlat1 -->
+		<entity name="Atilde" cdata="&amp;#195;"/> <!--latin capital letter A with tilde,U+00C3 ISOlat1 -->
+		<entity name="Auml" cdata="&amp;#196;"/> <!--latin capital letter A with diaeresis,U+00C4 ISOlat1 -->
+		<entity name="Aring" cdata="&amp;#197;"/> <!--latin capital letter A with ring above = latin capital letter A ring, U+00C5 ISOlat1 -->
+		<entity name="AElig" cdata="&amp;#198;"/> <!--latin capital letter AE = latin capital ligature AE, U+00C6 ISOlat1 -->
+		<entity name="Ccedil" cdata="&amp;#199;"/> <!--latin capital letter C with cedilla, U+00C7 ISOlat1 -->
+		<entity name="Egrave" cdata="&amp;#200;"/> <!--latin capital letter E with grave, U+00C8 ISOlat1 -->
+		<entity name="Eacute" cdata="&amp;#201;"/> <!--latin capital letter E with acute,U+00C9 ISOlat1 -->
+		<entity name="Ecirc" cdata="&amp;#202;"/> <!--latin capital letter E with circumflex,U+00CA ISOlat1 -->
+		<entity name="Euml" cdata="&amp;#203;"/> <!--latin capital letter E with diaeresis, U+00CB ISOlat1 -->
+		<entity name="Igrave" cdata="&amp;#204;"/> <!--latin capital letter I with grave, U+00CC ISOlat1 -->
+		<entity name="Iacute" cdata="&amp;#205;"/> <!--latin capital letter I with acute, U+00CD ISOlat1 -->
+		<entity name="Icirc" cdata="&amp;#206;"/> <!--latin capital letter I with circumflex, U+00CE ISOlat1 -->
+		<entity name="Iuml" cdata="&amp;#207;"/> <!--latin capital letter I with diaeresis, U+00CF ISOlat1 -->
+		<entity name="ETH" cdata="&amp;#208;"/> <!--latin capital letter ETH, U+00D0 ISOlat1 -->
+		<entity name="Ntilde" cdata="&amp;#209;"/> <!--latin capital letter N with tilde, U+00D1 ISOlat1 -->
+		<entity name="Ograve" cdata="&amp;#210;"/> <!--latin capital letter O with grave, U+00D2 ISOlat1 -->
+		<entity name="Oacute" cdata="&amp;#211;"/> <!--latin capital letter O with acute, U+00D3 ISOlat1 -->
+		<entity name="Ocirc" cdata="&amp;#212;"/> <!--latin capital letter O with circumflex, U+00D4 ISOlat1 -->
+		<entity name="Otilde" cdata="&amp;#213;"/> <!--latin capital letter O with tilde, U+00D5 ISOlat1 -->
+		<entity name="Ouml" cdata="&amp;#214;"/> <!--latin capital letter O with diaeresis, U+00D6 ISOlat1 -->
+		<entity name="times" cdata="&amp;#215;"/> <!--multiplication sign, U+00D7 ISOnum -->
+		<entity name="Oslash" cdata="&amp;#216;"/> <!--latin capital letter O with stroke = latin capital letter O slash, U+00D8 ISOlat1 -->
+		<entity name="Ugrave" cdata="&amp;#217;"/> <!--latin capital letter U with grave, U+00D9 ISOlat1 -->
+		<entity name="Uacute" cdata="&amp;#218;"/> <!--latin capital letter U with acute, U+00DA ISOlat1 -->
+		<entity name="Ucirc" cdata="&amp;#219;"/> <!--latin capital letter U with circumflex, U+00DB ISOlat1 -->
+		<entity name="Uuml" cdata="&amp;#220;"/> <!--latin capital letter U with diaeresis, U+00DC ISOlat1 -->
+		<entity name="Yacute" cdata="&amp;#221;"/> <!--latin capital letter Y with acute, U+00DD ISOlat1 -->
+		<entity name="THORN" cdata="&amp;#222;"/> <!--latin capital letter THORN, U+00DE ISOlat1 -->
+		<entity name="szlig" cdata="&amp;#223;"/> <!--latin small letter sharp s = ess-zed, U+00DF ISOlat1 -->
+		<entity name="agrave" cdata="&amp;#224;"/> <!--latin small letter a with grave = latin small letter a grave, U+00E0 ISOlat1 -->
+		<entity name="aacute" cdata="&amp;#225;"/> <!--latin small letter a with acute, U+00E1 ISOlat1 -->
+		<entity name="acirc" cdata="&amp;#226;"/> <!--latin small letter a with circumflex, U+00E2 ISOlat1 -->
+		<entity name="atilde" cdata="&amp;#227;"/> <!--latin small letter a with tilde, U+00E3 ISOlat1 -->
+		<entity name="auml" cdata="&amp;#228;"/> <!--latin small letter a with diaeresis, U+00E4 ISOlat1 -->
+		<entity name="aring" cdata="&amp;#229;"/> <!--latin small letter a with ring above = latin small letter a ring, U+00E5 ISOlat1 -->
+		<entity name="aelig" cdata="&amp;#230;"/> <!--latin small letter ae = latin small ligature ae, U+00E6 ISOlat1 -->
+		<entity name="ccedil" cdata="&amp;#231;"/> <!--latin small letter c with cedilla, U+00E7 ISOlat1 -->
+		<entity name="egrave" cdata="&amp;#232;"/> <!--latin small letter e with grave, U+00E8 ISOlat1 -->
+		<entity name="eacute" cdata="&amp;#233;"/> <!--latin small letter e with acute, U+00E9 ISOlat1 -->
+		<entity name="ecirc" cdata="&amp;#234;"/> <!--latin small letter e with circumflex, U+00EA ISOlat1 -->
+		<entity name="euml" cdata="&amp;#235;"/> <!--latin small letter e with diaeresis, U+00EB ISOlat1 -->
+		<entity name="igrave" cdata="&amp;#236;"/> <!--latin small letter i with grave, U+00EC ISOlat1 -->
+		<entity name="iacute" cdata="&amp;#237;"/> <!--latin small letter i with acute, U+00ED ISOlat1 -->
+		<entity name="icirc" cdata="&amp;#238;"/> <!--latin small letter i with circumflex, U+00EE ISOlat1 -->
+		<entity name="iuml" cdata="&amp;#239;"/> <!--latin small letter i with diaeresis, U+00EF ISOlat1 -->
+		<entity name="eth" cdata="&amp;#240;"/> <!--latin small letter eth, U+00F0 ISOlat1 -->
+		<entity name="ntilde" cdata="&amp;#241;"/> <!--latin small letter n with tilde, U+00F1 ISOlat1 -->
+		<entity name="ograve" cdata="&amp;#242;"/> <!--latin small letter o with grave, U+00F2 ISOlat1 -->
+		<entity name="oacute" cdata="&amp;#243;"/> <!--latin small letter o with acute, U+00F3 ISOlat1 -->
+		<entity name="ocirc " cdata="&amp;#244;"/> <!--latin small letter o with circumflex, U+00F4 ISOlat1 -->
+		<entity name="otilde" cdata="&amp;#245;"/> <!--latin small letter o with tilde, U+00F5 ISOlat1 -->
+		<entity name="ouml" cdata="&amp;#246;"/> <!--latin small letter o with diaeresis, U+00F6 ISOlat1 -->
+		<entity name="divide" cdata="&amp;#247;"/> <!--division sign, U+00F7 ISOnum -->
+		<entity name="oslash" cdata="&amp;#248;"/> <!--latin small letter o with stroke, = latin small letter o slash, U+00F8 ISOlat1 -->
+		<entity name="ugrave" cdata="&amp;#249;"/> <!--latin small letter u with grave, U+00F9 ISOlat1 -->
+		<entity name="uacute" cdata="&amp;#250;"/> <!--latin small letter u with acute, U+00FA ISOlat1 -->
+		<entity name="ucirc" cdata="&amp;#251;"/> <!--latin small letter u with circumflex, U+00FB ISOlat1 -->
+		<entity name="uuml" cdata="&amp;#252;"/> <!--latin small letter u with diaeresis, U+00FC ISOlat1 -->
+		<entity name="yacute" cdata="&amp;#253;"/> <!--latin small letter y with acute, U+00FD ISOlat1 -->
+		<entity name="thorn" cdata="&amp;#254;"/> <!--latin small letter thorn, U+00FE ISOlat1 -->
+		<entity name="yuml" cdata="&amp;#255;"/> <!--latin small letter y with diaeresis, U+00FF ISOlat1 -->
+		                                  
+		<entity name="fnof" cdata="&amp;#402;"/> <!--latin small f with hook = function = florin, U+0192 ISOtech -->
+		
+		<!-- Greek -->
+		<entity name="Alpha" cdata="&amp;#913;"/> <!--greek capital letter alpha, U+0391 -->
+		<entity name="Beta" cdata="&amp;#914;"/> <!--greek capital letter beta, U+0392 -->
+		<entity name="Gamma" cdata="&amp;#915;"/> <!--greek capital letter gamma, U+0393 ISOgrk3 -->
+		<entity name="Delta" cdata="&amp;#916;"/> <!--greek capital letter delta, U+0394 ISOgrk3 -->
+		<entity name="Epsilon" cdata="&amp;#917;"/> <!--greek capital letter epsilon, U+0395 -->
+		<entity name="Zeta" cdata="&amp;#918;"/> <!--greek capital letter zeta, U+0396 -->
+		<entity name="Eta" cdata="&amp;#919;"/> <!--greek capital letter eta, U+0397 -->
+		<entity name="Theta" cdata="&amp;#920;"/> <!--greek capital letter theta, U+0398 ISOgrk3 -->
+		<entity name="Iota" cdata="&amp;#921;"/> <!--greek capital letter iota, U+0399 -->
+		<entity name="Kappa" cdata="&amp;#922;"/> <!--greek capital letter kappa, U+039A -->
+		<entity name="Lambda" cdata="&amp;#923;"/> <!--greek capital letter lambda, U+039B ISOgrk3 -->
+		<entity name="Mu" cdata="&amp;#924;"/> <!--greek capital letter mu, U+039C -->
+		<entity name="Nu" cdata="&amp;#925;"/> <!--greek capital letter nu, U+039D -->
+		<entity name="Xi" cdata="&amp;#926;"/> <!--greek capital letter xi, U+039E ISOgrk3 -->
+		<entity name="Omicron" cdata="&amp;#927;"/> <!--greek capital letter omicron, U+039F -->
+		<entity name="Pi" cdata="&amp;#928;"/> <!--greek capital letter pi, U+03A0 ISOgrk3 -->
+		<entity name="Rho" cdata="&amp;#929;"/> <!--greek capital letter rho, U+03A1 -->
+		<!-- there is no Sigmaf, and no U+03A2 character either -->
+		<entity name="Sigma" cdata="&amp;#931;"/> <!--greek capital letter sigma, U+03A3 ISOgrk3 -->
+		<entity name="Tau" cdata="&amp;#932;"/> <!--greek capital letter tau, U+03A4 -->
+		<entity name="Upsilon" cdata="&amp;#933;"/> <!--greek capital letter upsilon,U+03A5 ISOgrk3 -->
+		<entity name="Phi" cdata="&amp;#934;"/> <!--greek capital letter phi,U+03A6 ISOgrk3 -->
+		<entity name="Chi" cdata="&amp;#935;"/> <!--greek capital letter chi, U+03A7 -->
+		<entity name="Psi" cdata="&amp;#936;"/> <!--greek capital letter psi,U+03A8 ISOgrk3 -->
+		<entity name="Omega" cdata="&amp;#937;"/> <!--greek capital letter omega,U+03A9 ISOgrk3 -->
+		
+		<entity name="alpha" cdata="&amp;#945;"/> <!--greek small letter alpha,U+03B1 ISOgrk3 -->
+		<entity name="beta" cdata="&amp;#946;"/> <!--greek small letter beta, U+03B2 ISOgrk3 -->
+		<entity name="gamma" cdata="&amp;#947;"/> <!--greek small letter gamma,U+03B3 ISOgrk3 -->
+		<entity name="delta" cdata="&amp;#948;"/> <!--greek small letter delta,U+03B4 ISOgrk3 -->
+		<entity name="epsilon" cdata="&amp;#949;"/> <!--greek small letter epsilon,U+03B5 ISOgrk3 -->
+		<entity name="zeta" cdata="&amp;#950;"/> <!--greek small letter zeta, U+03B6 ISOgrk3 -->
+		<entity name="eta" cdata="&amp;#951;"/> <!--greek small letter eta, U+03B7 ISOgrk3 -->
+		<entity name="theta" cdata="&amp;#952;"/> <!--greek small letter theta, U+03B8 ISOgrk3 -->
+		<entity name="iota" cdata="&amp;#953;"/> <!--greek small letter iota, U+03B9 ISOgrk3 -->
+		<entity name="kappa" cdata="&amp;#954;"/> <!--greek small letter kappa,U+03BA ISOgrk3 -->
+		<entity name="lambda" cdata="&amp;#955;"/> <!--greek small letter lambda, U+03BB ISOgrk3 -->
+		<entity name="mu" cdata="&amp;#956;"/> <!--greek small letter mu, U+03BC ISOgrk3 -->
+		<entity name="nu" cdata="&amp;#957;"/> <!--greek small letter nu, U+03BD ISOgrk3 -->
+		<entity name="xi" cdata="&amp;#958;"/> <!--greek small letter xi, U+03BE ISOgrk3 -->
+		<entity name="omicron" cdata="&amp;#959;"/> <!--greek small letter omicron, U+03BF NEW -->
+		<entity name="pi" cdata="&amp;#960;"/> <!--greek small letter pi, U+03C0 ISOgrk3 -->
+		<entity name="rho" cdata="&amp;#961;"/> <!--greek small letter rho, U+03C1 ISOgrk3 -->
+		<entity name="sigmaf" cdata="&amp;#962;"/> <!--greek small letter final sigma, U+03C2 ISOgrk3 -->
+		<entity name="sigma" cdata="&amp;#963;"/> <!--greek small letter sigma, U+03C3 ISOgrk3 -->
+		<entity name="tau" cdata="&amp;#964;"/> <!--greek small letter tau, U+03C4 ISOgrk3 -->
+		<entity name="upsilon" cdata="&amp;#965;"/> <!--greek small letter upsilon, U+03C5 ISOgrk3 -->
+		<entity name="phi" cdata="&amp;#966;"/> <!--greek small letter phi, U+03C6 ISOgrk3 -->
+		<entity name="chi" cdata="&amp;#967;"/> <!--greek small letter chi, U+03C7 ISOgrk3 -->
+		<entity name="psi" cdata="&amp;#968;"/> <!--greek small letter psi, U+03C8 ISOgrk3 -->
+		<entity name="omega" cdata="&amp;#969;"/> <!--greek small letter omega, U+03C9 ISOgrk3 -->
+		<entity name="thetasym" cdata="&amp;#977;"/> <!--greek small letter theta symbol, U+03D1 NEW -->
+		<entity name="upsih" cdata="&amp;#978;"/> <!--greek upsilon with hook symbol, U+03D2 NEW -->
+		<entity name="piv" cdata="&amp;#982;"/> <!--greek pi symbol, U+03D6 ISOgrk3 -->
+		
+		<!-- General Punctuation -->
+		<entity name="bull" cdata="&amp;#8226;"/> <!--bullet = black small circle, U+2022 ISOpub  -->
+		<!-- bullet is NOT the same as bullet operator, U+2219 -->
+		<entity name="hellip" cdata="&amp;#8230;"/> <!--horizontal ellipsis = three dot leader, U+2026 ISOpub  -->
+		<entity name="prime" cdata="&amp;#8242;"/> <!--prime = minutes = feet, U+2032 ISOtech -->
+		<entity name="Prime" cdata="&amp;#8243;"/> <!--double prime = seconds = inches, U+2033 ISOtech -->
+		<entity name="oline" cdata="&amp;#8254;"/> <!--overline = spacing overscore, U+203E NEW -->
+		<entity name="frasl" cdata="&amp;#8260;"/> <!--fraction slash, U+2044 NEW -->
+		
+		<!-- Letterlike Symbols -->
+		<entity name="weierp" cdata="&amp;#8472;"/> <!--script capital P = power set = Weierstrass p, U+2118 ISOamso -->
+		<entity name="image" cdata="&amp;#8465;"/> <!--blackletter capital I = imaginary part, U+2111 ISOamso -->
+		<entity name="real" cdata="&amp;#8476;"/> <!--blackletter capital R = real part symbol, U+211C ISOamso -->
+		<entity name="trade" cdata="&amp;#8482;"/> <!--trade mark sign, U+2122 ISOnum -->
+		<entity name="alefsym" cdata="&amp;#8501;"/> <!--alef symbol = first transfinite cardinal, U+2135 NEW -->
+		<!-- alef symbol is NOT the same as hebrew letter alef,
+		     U+05D0 although the same glyph could be used to depict both characters -->
+		
+		<!-- Arrows -->
+		<entity name="larr" cdata="&amp;#8592;"/> <!--leftwards arrow, U+2190 ISOnum -->
+		<entity name="uarr" cdata="&amp;#8593;"/> <!--upwards arrow, U+2191 ISOnum-->
+		<entity name="rarr" cdata="&amp;#8594;"/> <!--rightwards arrow, U+2192 ISOnum -->
+		<entity name="darr" cdata="&amp;#8595;"/> <!--downwards arrow, U+2193 ISOnum -->
+		<entity name="harr" cdata="&amp;#8596;"/> <!--left right arrow, U+2194 ISOamsa -->
+		<entity name="crarr" cdata="&amp;#8629;"/> <!--downwards arrow with corner leftwards
+		                                     = carriage return, U+21B5 NEW -->
+		<entity name="lArr" cdata="&amp;#8656;"/> <!--leftwards double arrow, U+21D0 ISOtech -->
+		
+		<!-- ISO 10646 does not say that lArr is the same as the 'is implied by' arrow
+		    but also does not have any other character for that function. So ? lArr can
+		    be used for 'is implied by' as ISOtech suggests -->
+		    
+		<entity name="uArr" cdata="&amp;#8657;"/> <!--upwards double arrow, U+21D1 ISOamsa -->
+		<entity name="rArr" cdata="&amp;#8658;"/> <!--rightwards double arrow, U+21D2 ISOtech -->
+		
+		<!-- ISO 10646 does not say this is the 'implies' character but does not have 
+		     another character with this function so ?
+		     rArr can be used for 'implies' as ISOtech suggests -->
+		     
+		<entity name="dArr" cdata="&amp;#8659;"/> <!--downwards double arrow, U+21D3 ISOamsa -->
+		<entity name="hArr" cdata="&amp;#8660;"/> <!--left right double arrow, U+21D4 ISOamsa -->
+		
+		<!-- Mathematical Operators -->
+		<entity name="forall" cdata="&amp;#8704;"/> <!--for all, U+2200 ISOtech -->
+		<entity name="part" cdata="&amp;#8706;"/> <!--partial differential, U+2202 ISOtech  -->
+		<entity name="exist" cdata="&amp;#8707;"/> <!--there exists, U+2203 ISOtech -->
+		<entity name="empty" cdata="&amp;#8709;"/> <!--empty set = null set = diameter,U+2205 ISOamso -->
+		<entity name="nabla" cdata="&amp;#8711;"/> <!--nabla = backward difference, U+2207 ISOtech -->
+		<entity name="isin" cdata="&amp;#8712;"/> <!--element of, U+2208 ISOtech -->
+		<entity name="notin" cdata="&amp;#8713;"/> <!--not an element of, U+2209 ISOtech -->
+		<entity name="ni" cdata="&amp;#8715;"/> <!--contains as member, U+220B ISOtech -->
+	
+		<!-- should there be a more memorable name than 'ni'? -->
+		<entity name="prod" cdata="&amp;#8719;"/> <!--n-ary product = product sign, U+220F ISOamsb -->
+		
+		<!-- prod is NOT the same character as U+03A0 'greek capital letter pi' though
+		     the same glyph might be used for both -->
+		     
+		<entity name="sum" cdata="&amp;#8721;"/> <!--n-ary sumation, U+2211 ISOamsb -->
+		
+		<!-- sum is NOT the same character as U+03A3 'greek capital letter sigma'
+		     though the same glyph might be used for both -->
+		
+		<entity name="minus" cdata="&amp;#8722;"/> <!--minus sign, U+2212 ISOtech -->
+		<entity name="lowast" cdata="&amp;#8727;"/> <!--asterisk operator, U+2217 ISOtech -->
+		<entity name="radic" cdata="&amp;#8730;"/> <!--square root = radical sign, U+221A ISOtech -->
+		<entity name="prop" cdata="&amp;#8733;"/> <!--proportional to, U+221D ISOtech -->
+		<entity name="infin" cdata="&amp;#8734;"/> <!--infinity, U+221E ISOtech -->
+		<entity name="ang" cdata="&amp;#8736;"/> <!--angle, U+2220 ISOamso -->
+		<entity name="and" cdata="&amp;#8743;"/> <!--logical and = wedge, U+2227 ISOtech -->
+		<entity name="or" cdata="&amp;#8744;"/> <!--logical or = vee, U+2228 ISOtech -->
+		<entity name="cap" cdata="&amp;#8745;"/> <!--intersection = cap, U+2229 ISOtech -->
+		<entity name="cup" cdata="&amp;#8746;"/> <!--union = cup, U+222A ISOtech -->
+		<entity name="int" cdata="&amp;#8747;"/> <!--integral, U+222B ISOtech -->
+		<entity name="there4" cdata="&amp;#8756;"/> <!--therefore, U+2234 ISOtech -->
+		<entity name="sim" cdata="&amp;#8764;"/> <!--tilde operator = varies with = similar to, U+223C ISOtech -->
+		
+		<!-- tilde operator is NOT the same character as the tilde, U+007E,
+		     although the same glyph might be used to represent both  -->
+		     
+		<entity name="cong" cdata="&amp;#8773;"/> <!--approximately equal to, U+2245 ISOtech -->
+		<entity name="asymp" cdata="&amp;#8776;"/> <!--almost equal to = asymptotic to, U+2248 ISOamsr -->
+		<entity name="ne" cdata="&amp;#8800;"/> <!--not equal to, U+2260 ISOtech -->
+		<entity name="equiv" cdata="&amp;#8801;"/> <!--identical to, U+2261 ISOtech -->
+		<entity name="le" cdata="&amp;#8804;"/> <!--less-than or equal to, U+2264 ISOtech -->
+		<entity name="ge" cdata="&amp;#8805;"/> <!--greater-than or equal to, U+2265 ISOtech -->
+		<entity name="sub" cdata="&amp;#8834;"/> <!--subset of, U+2282 ISOtech -->
+		<entity name="sup" cdata="&amp;#8835;"/> <!--superset of, U+2283 ISOtech -->
+		
+		<!-- note that nsup, 'not a superset of, U+2283' is not covered by the Symbol 
+		     font encoding and is not included. Should it be, for symmetry?
+		     It is in ISOamsn  --> 
+		
+		<entity name="nsub" cdata="&amp;#8836;"/> <!--not a subset of, U+2284 ISOamsn -->
+		<entity name="sube" cdata="&amp;#8838;"/> <!--subset of or equal to, U+2286 ISOtech -->
+		<entity name="supe" cdata="&amp;#8839;"/> <!--superset of or equal to, U+2287 ISOtech -->
+		<entity name="oplus" cdata="&amp;#8853;"/> <!--circled plus = direct sum, U+2295 ISOamsb -->
+		<entity name="otimes" cdata="&amp;#8855;"/> <!--circled times = vector product, U+2297 ISOamsb -->
+		<entity name="perp" cdata="&amp;#8869;"/> <!--up tack = orthogonal to = perpendicular, U+22A5 ISOtech -->
+		<entity name="sdot" cdata="&amp;#8901;"/> <!--dot operator, U+22C5 ISOamsb -->
+		<!-- dot operator is NOT the same character as U+00B7 middle dot -->
+		
+		<!-- Miscellaneous Technical -->
+		<entity name="lceil" cdata="&amp;#8968;"/> <!--left ceiling = apl upstile, U+2308 ISOamsc  -->
+		<entity name="rceil" cdata="&amp;#8969;"/> <!--right ceiling, U+2309 ISOamsc  -->
+		<entity name="lfloor" cdata="&amp;#8970;"/> <!--left floor = apl downstile, U+230A ISOamsc  -->
+		<entity name="rfloor" cdata="&amp;#8971;"/> <!--right floor, U+230B ISOamsc  -->
+		<entity name="lang" cdata="&amp;#9001;"/> <!--left-pointing angle bracket = bra, U+2329 ISOtech -->
+		<!-- lang is NOT the same character as U+003C 'less than' 
+		     or U+2039 'single left-pointing angle quotation mark' -->
+		<entity name="rang" cdata="&amp;#9002;"/> <!--right-pointing angle bracket = ket, U+232A ISOtech -->
+		<!-- rang is NOT the same character as U+003E 'greater than' or U+203A 'single right-pointing angle quotation mark' -->
+		
+		<!-- Geometric Shapes -->
+		<entity name="loz" cdata="&amp;#9674;"/> <!--lozenge, U+25CA ISOpub -->
+		
+		<!-- Miscellaneous Symbols -->
+		<entity name="spades" cdata="&amp;#9824;"/> <!--black spade suit, U+2660 ISOpub -->
+		<!-- black here seems to mean filled as opposed to hollow -->
+		<entity name="clubs" cdata="&amp;#9827;"/> <!--black club suit = shamrock, U+2663 ISOpub -->
+		<entity name="hearts" cdata="&amp;#9829;"/> <!--black heart suit = valentine, U+2665 ISOpub -->
+		<entity name="diams" cdata="&amp;#9830;"/> <!--black diamond suit, U+2666 ISOpub -->
+		
+		<entity name="quot" cdata="&amp;#34;"  /> <!--quotation mark = APL quote, U+0022 ISOnum -->
+		<!-- Latin Extended-A -->
+		<entity name="OElig" cdata="&amp;#338;" /> <!--latin capital ligature OE, U+0152 ISOlat2 -->
+		<entity name="oelig" cdata="&amp;#339;" /> <!--latin small ligature oe, U+0153 ISOlat2 -->
+		<!-- ligature is a misnomer, this is a separate character in some languages -->
+		<entity name="Scaron" cdata="&amp;#352;" /> <!--latin capital letter S with caron, U+0160 ISOlat2 -->
+		<entity name="scaron" cdata="&amp;#353;" /> <!--latin small letter s with caron, U+0161 ISOlat2 -->
+		<entity name="Yuml" cdata="&amp;#376;" /> <!--latin capital letter Y with diaeresis, U+0178 ISOlat2 -->
+		
+		<!-- Spacing Modifier Letters -->
+		<entity name="circ" cdata="&amp;#710;" /> <!--modifier letter circumflex accent, U+02C6 ISOpub -->
+		<entity name="tilde" cdata="&amp;#732;" /> <!--small tilde, U+02DC ISOdia -->
+		
+		<!-- General Punctuation -->
+		<entity name="ensp" cdata="&amp;#8194;"/> <!--en space, U+2002 ISOpub -->
+		<entity name="emsp" cdata="&amp;#8195;"/> <!--em space, U+2003 ISOpub -->
+		<entity name="thinsp" cdata="&amp;#8201;"/> <!--thin space, U+2009 ISOpub -->
+		<entity name="zwnj" cdata="&amp;#8204;"/> <!--zero width non-joiner, U+200C NEW RFC 2070 -->
+		<entity name="zwj" cdata="&amp;#8205;"/> <!--zero width joiner, U+200D NEW RFC 2070 -->
+		<entity name="lrm" cdata="&amp;#8206;"/> <!--left-to-right mark, U+200E NEW RFC 2070 -->
+		<entity name="rlm" cdata="&amp;#8207;"/> <!--right-to-left mark, U+200F NEW RFC 2070 -->
+		<entity name="ndash" cdata="&amp;#8211;"/> <!--en dash, U+2013 ISOpub -->
+		<entity name="mdash" cdata="&amp;#8212;"/> <!--em dash, U+2014 ISOpub -->
+		<entity name="lsquo" cdata="&amp;#8216;"/> <!--left single quotation mark, U+2018 ISOnum -->
+		<entity name="rsquo" cdata="&amp;#8217;"/> <!--right single quotation mark, U+2019 ISOnum -->
+		<entity name="sbquo" cdata="&amp;#8218;"/> <!--single low-9 quotation mark, U+201A NEW -->
+		<entity name="ldquo" cdata="&amp;#8220;"/> <!--left double quotation mark, U+201C ISOnum -->
+		<entity name="rdquo" cdata="&amp;#8221;"/> <!--right double quotation mark, U+201D ISOnum -->
+		<entity name="bdquo" cdata="&amp;#8222;"/> <!--double low-9 quotation mark, U+201E NEW -->
+		<entity name="dagger" cdata="&amp;#8224;"/> <!--dagger, U+2020 ISOpub -->
+		<entity name="Dagger" cdata="&amp;#8225;"/> <!--double dagger, U+2021 ISOpub -->
+		<entity name="permil" cdata="&amp;#8240;"/> <!--per mille sign, U+2030 ISOtech -->
+		<entity name="lsaquo" cdata="&amp;#8249;"/> <!--single left-pointing angle quotation mark, U+2039 ISO proposed -->
+		<!-- lsaquo is proposed but not yet ISO standardized -->
+		<entity name="rsaquo" cdata="&amp;#8250;"/> <!--single right-pointing angle quotation mark, U+203A ISO proposed -->
+		<!-- rsaquo is proposed but not yet ISO standardized -->
+		<entity name="euro" cdata="&amp;#8364;" /> <!--euro sign, U+20AC NEW -->
+	</html-entities>
+
+</anti-samy-rules>

From ecf4a202c46c910b3b98559fd635b44b683dfa7a Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Thu, 2 Jul 2020 16:30:30 -0400
Subject: [PATCH 691/812] Update wiki link to new OWASP URL

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 01095ed7d..baddc52bb 100644
--- a/README.md
+++ b/README.md
@@ -61,7 +61,7 @@ More detail is available in the file '[SECURITY.md](https://raw.githubuserconten
 
 ## Where to Find More Information on ESAPI
 
-*Wiki:* https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API
+*Wiki:* https://owasp.org/www-project-enterprise-security-api/
 
 *Nightly Build:* Travis CI - https://travis-ci.org/bkimminich/esapi-java-legacy
 

From 7abf4a5cfe296a04003ca5222cfb5a53f3bca935 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Fri, 3 Jul 2020 00:20:56 -0400
Subject: [PATCH 692/812] Fix typo. s/parse/parser/

---
 src/main/java/org/owasp/esapi/Encoder.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/org/owasp/esapi/Encoder.java b/src/main/java/org/owasp/esapi/Encoder.java
index 48b1e9cf4..b9d42dea5 100644
--- a/src/main/java/org/owasp/esapi/Encoder.java
+++ b/src/main/java/org/owasp/esapi/Encoder.java
@@ -468,7 +468,7 @@ public interface Encoder {
      * <p>
      * The use of a real XML parser is strongly encouraged. However, in the
      * hopefully rare case that you need to make sure that data is safe for
-     * inclusion in an XML document and cannot use a parse, this method provides
+     * inclusion in an XML document and cannot use a parser, this method provides
      * a safe mechanism to do so.
      * 
      * @see <a href="https://www.w3.org/TR/REC-xml/#charencoding">Character Encoding in Entities</a>

From 807adf71fa3c1efd7a3b09a7a190b87c4c18f228 Mon Sep 17 00:00:00 2001
From: davewichers <dwichers@gmail.com>
Date: Fri, 3 Jul 2020 16:35:08 -0400
Subject: [PATCH 693/812] Upgrade some dependencies and most plugins. Add
 FindSecBugs plugin to SpotBugs. Add animal sniffer plugin to try to detect
 use of Java APIs not in Java 7. Plugin runs but doesn't detect use of APIs
 currently causing compilation errors with Java 7.

---
 pom.xml | 204 ++++++++++++++++++++++++++++++++------------------------
 1 file changed, 118 insertions(+), 86 deletions(-)

diff --git a/pom.xml b/pom.xml
index a9dcd8a5e..3235520cd 100644
--- a/pom.xml
+++ b/pom.xml
@@ -49,7 +49,7 @@
 
     <organization>
         <name>The Open Web Application Security Project (OWASP)</name>
-        <url>http://www.owasp.org/index.php</url>
+        <url>https://owasp.org</url>
     </organization>
 
     <mailingLists>
@@ -90,7 +90,7 @@
     <developers>
         <developer>
             <name>Jeff Williams</name>
-            <organization>Aspect Security</organization>
+            <organization>Contrast Security</organization>
             <roles>
                 <role>Project Inventor</role>
             </roles>
@@ -121,7 +121,6 @@
     <contributors>
         <contributor>
             <name>Dave Wichers</name>
-            <organization>Aspect Security</organization>
         </contributor>
         <contributor>
             <name>Jim Manico</name>
@@ -133,12 +132,17 @@
 
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+        <version.jmh>1.23</version.jmh>
+        <version.powermock>2.0.7</version.powermock>
+        <version.spotbugs>4.0.4</version.spotbugs>
+        <version.surefire>3.0.0-M5</version.surefire>
     </properties>
 
     <dependencies>
         <dependency>
             <groupId>javax.servlet</groupId>
             <artifactId>javax.servlet-api</artifactId>
+            <!-- Note: v3.1.0+ causes compilation errors. So would have to fix to upgrade. -->
             <version>3.0.1</version>
             <scope>provided</scope>
         </dependency>
@@ -253,6 +257,7 @@
         <dependency>
             <groupId>commons-io</groupId>
             <artifactId>commons-io</artifactId>
+            <!-- Note: commons-io:2.7+ require Java 8, so can't upgrade past 2.6 -->
             <version>2.6</version>
         </dependency>
         <dependency>
@@ -292,24 +297,38 @@
             <version>1.4.01</version>
         </dependency>
 
+        <!-- SpotBugs dependencies -->
+        <dependency>
+            <groupId>com.github.spotbugs</groupId>
+            <artifactId>spotbugs-annotations</artifactId>
+            <version>${version.spotbugs}</version>
+            <optional>true</optional>
+        </dependency>
+        <dependency>
+            <groupId>net.jcip</groupId>
+            <artifactId>jcip-annotations</artifactId>
+            <version>1.0</version>
+            <optional>true</optional>
+        </dependency>
+
         <!-- Dependencies which are ONLY used for JUnit tests -->
         <dependency>
             <groupId>junit</groupId>
             <artifactId>junit</artifactId>
-            <version>4.12</version>
+            <version>4.13</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.bouncycastle</groupId>
             <artifactId>bcprov-jdk15on</artifactId>
-            <version>1.61</version>
+            <version>1.65.01</version>
             <scope>test</scope>
         </dependency>
         <!-- https://mvnrepository.com/artifact/org.powermock/powermock-api-mockito -->
         <dependency>
             <groupId>org.powermock</groupId>
             <artifactId>powermock-api-mockito2</artifactId>
-            <version>2.0.2</version>
+            <version>${version.powermock}</version>
             <scope>test</scope>
             <exclusions>
                 <exclusion>
@@ -319,31 +338,13 @@
                   <groupId>org.javassist</groupId>
                   <artifactId>javassist</artifactId>
                 </exclusion>
-                <!-- The following exclusions and import of mockito-core 2.27.0 result in 100% convergence in the test dependencies, -->
-                <exclusion>
-                    <groupId>org.mockito</groupId>
-                    <artifactId>mockito-core</artifactId>
-                </exclusion>
-                <exclusion>
-                    <groupId>org.powermock</groupId>
-                    <artifactId>powermock-reflect</artifactId>
-                </exclusion>
-                <exclusion>
-                    <groupId>net.bytebuddy</groupId>
-                    <artifactId>byte-buddy</artifactId>
-                </exclusion>
-                <exclusion>
-                    <groupId>net.bytebuddy</groupId>
-                    <artifactId>byte-buddy-agent</artifactId>
-                </exclusion>
             </exclusions>
-        	<!-- exclusions>
-            </exclusions -->
         </dependency>
         <!-- The following imported solely so we can exclude its dependency on: org.objenesis:objenesis, which conflicts with 
              another import by a dependency of powermock-api-mockito2. -->
         <dependency>
           <!-- This version is compatible with Java 7, the previous version was not (by accident). -->
+          <!-- Versions 3.26.0-GA and later require Java 8. -->
           <groupId>org.javassist</groupId>
           <artifactId>javassist</artifactId>
           <version>3.25.0-GA</version>
@@ -352,19 +353,26 @@
         <dependency>
             <groupId>org.mockito</groupId>
             <artifactId>mockito-core</artifactId>
-            <version>2.27.0</version>
+            <!-- mockito-core v3.0.0+ requires Java 8 -->
+            <version>2.28.2</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.powermock</groupId>
             <artifactId>powermock-module-junit4</artifactId>
-            <version>2.0.2</version>
+            <version>${version.powermock}</version>
             <scope>test</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>junit</groupId>
+                    <artifactId>junit</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>org.powermock</groupId>
             <artifactId>powermock-reflect</artifactId>
-            <version>2.0.2</version>
+            <version>${version.powermock}</version>
             <scope>test</scope>
             <exclusions>
                 <exclusion>
@@ -384,13 +392,13 @@
         <dependency>
             <groupId>org.openjdk.jmh</groupId>
             <artifactId>jmh-core</artifactId>
-            <version>1.21</version>
+            <version>${version.jmh}</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.openjdk.jmh</groupId>
             <artifactId>jmh-generator-annprocess</artifactId>
-            <version>1.21</version>
+            <version>${version.jmh}</version>
             <scope>test</scope>
         </dependency>
     </dependencies>
@@ -401,51 +409,22 @@
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
                     <artifactId>maven-assembly-plugin</artifactId>
-                    <version>3.1.1</version>
+                    <version>3.3.0</version>
                 </plugin>
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
                     <artifactId>maven-dependency-plugin</artifactId>
-                    <version>3.1.1</version>
+                    <version>3.1.2</version>
                 </plugin>
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
                     <artifactId>maven-release-plugin</artifactId>
-                    <version>2.5.3</version>
+                    <version>3.0.0-M1</version>
                 </plugin>
             </plugins>
         </pluginManagement>
 
-        <plugins>        
-            <plugin>
-                <groupId>com.github.spotbugs</groupId>
-                <artifactId>spotbugs-maven-plugin</artifactId>
-                <version>3.1.11</version>
-                <dependencies>
-                  <!-- overwrite dependency on spotbugs if you want to specify the version of spotbugs -->
-                  <dependency>
-                    <groupId>com.github.spotbugs</groupId>
-                    <artifactId>spotbugs</artifactId>
-                    <version>3.1.12</version>
-                  </dependency>
-                </dependencies>
-                <executions>
-                    <execution>
-                      <!-- requires Java 8. So only run it if using Java 8 or greater.
-                           This property set in a profile below. -->
-                      <phase>${PhaseIfJava8plus}</phase>
-                    </execution>
-                </executions>
-                <configuration>
-                    <findbugsXmlOutput>true</findbugsXmlOutput>
-                    <findbugsXmlWithMessages>true</findbugsXmlWithMessages>
-                    <xmlOutput>true</xmlOutput>
-                    <threshold>Low</threshold>
-                    <effort>Max</effort>
-                    <relaxed>false</relaxed>
-                </configuration>
-            </plugin>
-
+        <plugins>
             <plugin>
                 <groupId>net.sourceforge.maven-taglib</groupId>
                 <artifactId>maven-taglib-plugin</artifactId>
@@ -467,7 +446,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-compiler-plugin</artifactId>
-                <version>3.8.0</version>
+                <version>3.8.1</version>
                 <configuration>
                     <source>1.7</source>
                     <target>1.7</target>
@@ -501,7 +480,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-deploy-plugin</artifactId>
-                <version>2.8.2</version>
+                <version>3.0.0-M1</version>
             </plugin>
 
             <plugin>
@@ -516,33 +495,60 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-enforcer-plugin</artifactId>
-                <version>3.0.0-M2</version>
+                <version>3.0.0-M3</version>
                 <dependencies>
                   <dependency>
                     <groupId>org.codehaus.mojo</groupId>
                     <artifactId>extra-enforcer-rules</artifactId>
                     <version>1.2</version>
                   </dependency>
+                  <dependency>
+                    <groupId>org.codehaus.mojo</groupId>
+                    <artifactId>animal-sniffer-enforcer-rule</artifactId>
+                    <!-- Apparently 1.18+ requires Java 8 to run, so this is the most recent version of this plugin we can use -->
+                    <version>1.17</version>
+                  </dependency>
                 </dependencies>
                 <executions>
                     <execution>
-                      <goals>
-                        <goal>enforce</goal>
-                      </goals>
+                      <id>check-java-versions</id>
+                      <phase>compile</phase>
+                      <goals><goal>enforce</goal></goals>
                       <configuration>
                         <rules>
                           <dependencyConvergence />
                           <requireJavaVersion>
                             <version>1.7</version>
-                              <message>
+                            <message>
                                 ESAPI 2.x now uses the JDK1.7 for its baseline. Please make sure that your
                                 JAVA_HOME environment variable is pointed to a JDK1.7 or later distribution.
-                              </message>
+                            </message>
                           </requireJavaVersion>
                           <enforceBytecodeVersion>
                             <maxJdkVersion>1.7</maxJdkVersion>
+                            <ignoreOptionals>true</ignoreOptionals>
+                            <ignoredScopes></ignoredScopes> <!-- 'test' scopes not ignored so we can actually test on Java 7. -->
+                            <message>Dependencies shouldn't require Java 8+</message>
                           </enforceBytecodeVersion>
                         </rules>
+                        <fail>true</fail>
+                      </configuration>
+                    </execution>
+                    <execution>
+                      <id>check-java7API-signatures</id>
+                      <phase>compile</phase>
+                      <goals><goal>enforce</goal></goals>
+                      <configuration>
+                        <rules>
+                          <checkSignatureRule implementation="org.codehaus.mojo.animal_sniffer.enforcer.CheckSignatureRule">
+                            <signature>
+                              <groupId>org.codehaus.mojo.signature</groupId>
+                              <!-- Check against Java 7 API -->
+                              <artifactId>java17</artifactId>
+                              <version>1.0</version>
+                            </signature>
+                          </checkSignatureRule>
+                        </rules>
                       </configuration>
                     </execution>
                 </executions>
@@ -564,13 +570,13 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-install-plugin</artifactId>
-                <version>2.5.2</version>
+                <version>3.0.0-M1</version>
             </plugin>
 
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-jar-plugin</artifactId>
-                <version>3.1.0</version>
+                <version>3.2.0</version>
                 <configuration>
                     <archive>
                         <manifest>
@@ -584,7 +590,7 @@
             <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-javadoc-plugin</artifactId>
-               <version>3.1.0</version>
+               <version>3.2.0</version>
                <configuration>
                  <source>7</source>
                  <doclint>none</doclint>
@@ -608,13 +614,13 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-pmd-plugin</artifactId>
-                <version>3.11.0</version>            
+                <version>3.13.0</version>
             </plugin>
 
             <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-project-info-reports-plugin</artifactId>
-               <version>3.0.0</version>
+               <version>3.1.0</version>
             </plugin>
 
             <plugin>
@@ -626,13 +632,13 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-site-plugin</artifactId>
-                <version>3.7.1</version>
+                <version>3.9.1</version>
             </plugin>
 
             <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-source-plugin</artifactId>
-               <version>3.0.1</version>
+               <version>3.2.1</version>
                <executions>
                  <execution>
                    <id>attach-sources</id>
@@ -644,14 +650,14 @@
 
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-surefire-report-plugin</artifactId>
-                <version>2.22.1</version>
+                <artifactId>maven-surefire-plugin</artifactId>
+                <version>${version.surefire}</version>
             </plugin>
 
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-surefire-plugin</artifactId>
-                <version>2.22.1</version>
+                <artifactId>maven-surefire-report-plugin</artifactId>
+                <version>${version.surefire}</version>
             </plugin>
 
             <plugin>
@@ -687,7 +693,7 @@
             <plugin>
                 <groupId>org.owasp</groupId>
                 <artifactId>dependency-check-maven</artifactId>
-                <version>5.0.0</version>
+                <version>5.3.2</version>
                 <configuration>
                     <failBuildOnCVSS>5.0</failBuildOnCVSS>
                     <suppressionFiles>./suppressions.xml</suppressionFiles>
@@ -767,11 +773,11 @@
             </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-surefire-report-plugin</artifactId>
+                <artifactId>maven-surefire-plugin</artifactId>
             </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-surefire-plugin</artifactId>
+                <artifactId>maven-surefire-report-plugin</artifactId>
             </plugin>
             <plugin>
                 <!--  Using this introduces these errors: Skipped "JDepend" report (jdepend-maven-plugin:2.0:generate), file "jdepend-report.html" already exists.
@@ -779,7 +785,7 @@
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>jdepend-maven-plugin</artifactId>
             </plugin>
-            <!-- Check for updates to dependencies and report on them. -->
+            <!-- Check for available updates to dependencies and report on them. -->
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>versions-maven-plugin</artifactId>
@@ -799,12 +805,38 @@
 
     <profiles>
         <profile>
+          <id>Java8plus</id>
           <activation>
             <jdk>[1.8,)</jdk>
           </activation>
           <properties>
             <PhaseIfJava8plus>site</PhaseIfJava8plus>
           </properties>
+
+          <reporting>
+            <plugins>
+
+            <!-- Run SpotBugs with the FindSecBugs plugin and include results in site report. 
+                 Is put in this profile as SpotBugs requires Java 8+ -->
+              <plugin>
+                <groupId>com.github.spotbugs</groupId>
+                <artifactId>spotbugs-maven-plugin</artifactId>
+                <version>${version.spotbugs}</version>
+                <configuration>
+                    <plugins>
+                        <plugin>
+                            <groupId>com.h3xstream.findsecbugs</groupId>
+                            <artifactId>findsecbugs-plugin</artifactId>
+                            <version>1.10.1</version>
+                        </plugin>
+                    </plugins>
+                    <effort>Max</effort>
+                    <relaxed>false</relaxed>
+                </configuration>
+              </plugin>
+            </plugins>
+          </reporting>
+
         </profile>
 
         <profile>

From cceffa6aab0887e379be1c7117d2e620b36cfdee Mon Sep 17 00:00:00 2001
From: davewichers <dwichers@gmail.com>
Date: Fri, 3 Jul 2020 17:56:33 -0400
Subject: [PATCH 694/812] Fix 1 link to the OWASP web site in pom.

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 3235520cd..8623ac2e6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -37,7 +37,7 @@
     </licenses>
 
     <name>ESAPI</name>
-    <url>https://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API</url>
+    <url>https://owasp.org/www-project-enterprise-security-api/</url>
     <description>The Enterprise Security API (ESAPI) project is an OWASP project
         to create simple strong security controls for every web platform.
         Security controls are not simple to build. You can read about the

From f94ca94e15237c0f0887913d5d33c697fb97594a Mon Sep 17 00:00:00 2001
From: "Kevin W. Wall" <kevin.w.wall@gmail.com>
Date: Fri, 3 Jul 2020 18:48:59 -0400
Subject: [PATCH 695/812] Fix for GitHub Issue 552 (#553)

* Fix #552

* Undesired commit, but 'git checkout -- documentation/esapi4java-core-2.2.1.0-release-notes.txt' has no effect. Sigh.

* Updated from 'misc-cleanup' branch.
---
 .../esapi4java-core-2.2.1.0-release-notes.txt | 248 ++++++++++--------
 .../logging/appender/ClientInfoSupplier.java  |   8 +-
 .../appender/EventTypeLogSupplier.java        |   8 +-
 .../logging/appender/ServerInfoSupplier.java  |   8 +-
 .../logging/appender/UserInfoSupplier.java    |   8 +-
 5 files changed, 153 insertions(+), 127 deletions(-)

diff --git a/documentation/esapi4java-core-2.2.1.0-release-notes.txt b/documentation/esapi4java-core-2.2.1.0-release-notes.txt
index bb46556b8..46f8bab9d 100644
--- a/documentation/esapi4java-core-2.2.1.0-release-notes.txt
+++ b/documentation/esapi4java-core-2.2.1.0-release-notes.txt
@@ -1,115 +1,133 @@
-Release notes for ESAPI 2.2.1.0
-    Release date: 2020-TBD
-    Project leaders:
-        -Kevin W. Wall <kevin.w.wall@gmail.com>
-        -Matt Seil <matt.seil@owasp.org>
-
-Previous release: ESAPI 2.2.0.0, 2019-June-24
-
-
-Executive Summary: Important Things to Note for this Release
-------------------------------------------------------------
-
-    TBD
-
-=================================================================================================================
-
-Basic ESAPI facts
-
-ESAPI 2.2.0.0 release:
-    194 Java source files
-    4150 JUnit tests in 118 Java source files
-
-ESAPI 2.2.1.0 release:
-    TBD
-
-GitHub Issues fixed in this release
-
-Issue #			GitHub Issue Title
-----------------------------------------------------------------------------------------------
-
-143             Enchance encodeForOS to auto-detect the underling OS
-226             Javadoc Inaccuracy in getRandomInteger() and getRandomReal()
-245             KeyDerivationFunction::computeDerivedKey - possible security level mismatch
-256             White space clean up
-382             Build Fails on path with space
-494             Encoder's encodeForCSS doesn't handle RGB Triplets
-503             Bug on on referrer header when value contains `&section` like `www.asdf.com?a=1&section=2`
-509             HTMLValidationRule.getValid(String,String) does not follow documented specifications
-511             Add missing documentation to Validator.addRule() and Validator.getRule()
-512             Update Apache Commons Bean Utils to 1.9.4
-515             Adding tests for getCookies (also 516)
-519             Issue 494 CSSCodec RGB Triplets
-530             Log Bridge Tests
-536             Various fixes
-538             Addressing log4j 1.x CVE-2019-17571
-
------------------------------------------------------------------------------
-
-        Changes requiring special attention
-
------------------------------------------------------------------------------
-
-TBD
-
------------------------------------------------------------------------------
-
-        Other changes in this release, some of which not tracked via GitHub issues
-
------------------------------------------------------------------------------
-
-Documentation updates for locating Jar files
-Unneeded code removed from ExtensiveEncoder
-Inline reader added to ExtensiveEncoder
-Additional time for windows to always sleep more than given seconds in CryptoTokenTest
-Change required by tweak to CipherText.toString() method
-Removed call to deprecated CryptoHelper.computeDerivedKey() method
-New JUnit tests for org.owasp.esapi.crypto.KeyDerivationFunction class
-Use existing toString method rather than a StringBuilder
-Documentation and tests
-JavaLogger move
-Splitting user infor from Client Supplier
-
------------------------------------------------------------------------------
-
-Developer Activity Report (Changes between release 2.2.0.0 and 2.2.1.0, i.e., between 2019-06-25 and 2020-05-12)
-Generated manually (this time)
-
-Developer       Total commits       Total Number
-                                  of Files Changed
-=====================================================
-jeremiahjstacey 11              68
-kwwall          15              26
-wiitek          3               6
-xeno6696        8               9
-Michael-Ziluck  2               3
-=====================================================
-
------------------------------------------------------------------------------
-
-53 Closed PRs since 2.2.0.0 release
-===================================
-504 New scripts to suppress noise for 'mvn test'
-510 Resolve #509 - Properly throw exception when HTML fails
-513 Close issue #512 by updating to 1.9.4 of Commons Beans Util.\
-519 Issue 494 CSSCodec RGB Triplets
-520 OS Name DefaultExecutorTests #143
-540 Issue 382: Build Fails on path with space
-596 Closes Issue 245
-
------------------------------------------------------------------------------
-
-Notice:
-
-    Release notes written by Bill Sempf (bill.sempf@owasp.org) please direct any communication to me.
-
-Project co-leaders
-    Kevin W. Wall (kwwall)
-    Matt Seil (xeno6696)
-
-Special shout-outs to:
-    Jeremiah Stacey (jeremiahjstacey) -- All around ESAPI support and JUnit test case developer extraordinaire
-    Dave Wichers (davewichers) - for Maven Central / Sonatype help
-
-Thanks you all for your time and effort to ESAPI and making it a better project. And if I've missed any, my apologies; let me know and I will correct it.
-
+Release notes for ESAPI 2.2.1.0
+    Release date: 2020-July-??
+    Project leaders:
+        -Kevin W. Wall <kevin.w.wall@gmail.com>
+        -Matt Seil <matt.seil@owasp.org>
+
+Previous release: ESAPI 2.2.0.0, 2019-June-24
+
+
+Executive Summary: Important Things to Note for this Release
+------------------------------------------------------------
+
+This is a minor release. It's main purpose was to update dependencies to eliminate potential vulnerabilities arising from dependencies with known CVEs. See the section "Changes requiring special attention" below for additional details.
+
+Also special props to Bill Sempf for stepping up and volunteering to prepare the initial cut of these release notes. Had he not done so, this release either would not have release notes or it would have been delayed another 6 months while I procrastinated further with various distractions. (Squirrel!)
+
+=================================================================================================================
+
+Basic ESAPI facts
+-----------------
+
+ESAPI 2.2.0.0 release:
+    194 Java source files
+    4150 JUnit tests in 118 Java source files
+
+ESAPI 2.2.1.0 release:
+    211 Java source files
+    4309 JUnit tests in 134 Java source files
+
+GitHub Issues fixed in this release
+
+Issue #         GitHub Issue Title
+----------------------------------------------------------------------------------------------
+
+143             Enchance encodeForOS to auto-detect the underling OS
+226             Javadoc Inaccuracy in getRandomInteger() and getRandomReal()
+245             KeyDerivationFunction::computeDerivedKey - possible security level mismatch
+256             White space clean up
+382             Build Fails on path with space
+494             Encoder's encodeForCSS doesn't handle RGB Triplets
+503             Bug on on referrer header when value contains `&section` like `www.asdf.com?a=1&section=2`
+509             HTMLValidationRule.getValid(String,String) does not follow documented specifications
+511             Add missing documentation to Validator.addRule() and Validator.getRule()
+512             Update Apache Commons Bean Utils to 1.9.4
+515             Adding tests for getCookies (also 516)
+519             Issue 494 CSSCodec RGB Triplets
+522             javadoc corrections for Encoder.canonicalize()
+530             Log Bridge Tests
+536             Various fixes
+538             Addressing log4j 1.x CVE-2019-17571
+552             Rewrite implementation of some ESAPI classes to remove Java 8 dependencies
+
+-----------------------------------------------------------------------------
+
+        Changes requiring special attention
+
+-----------------------------------------------------------------------------
+The new default ESAPI logger is JUL (java.util.logging packages) and we have deprecated the use of Log4j 1.x as it is way past the end-of-life and we now support SLF4J. We did not want to make SLF4J the default logger (at least not yet) as we did not want to have the default ESAPI use require additional dependencies. However, SLF4J is likely to be the future choice, at least once we start on EsAPI 3.0. A special shout-out to Jeremiah Stacey for making this possible by re-factoring much of the ESAPI logger code. Note, the straw that broke the proverbial camel's back was the announcement of CVE-2019-17571 (rated Critical), for which there is no fix available and likely will never be.
+
+Related to that CVE and how it affects ESAPI, be sure to read
+   https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin2.pdf 
+which describes CVE-2019-17571, a deserialization vulnerability in Log4j 1.2.17. ESAPI is not affected by this (even if you chose to use Log4j 1 as you default ESAPI logger). This security bulletin describes why this CVE is not exploitable as used by ESAPI.
+
+Notable dependency updates (excludes those only used with JUnit tests):
+    antiSamy            1.5.8   ->  1.5.10
+    batik-css           1.11    ->  1.13
+    commons-beansutil   1.9.3   ->  1.9.4
+    slf4j-api           1.7.26  ->  1.7.30
+
+Finally, while ESAPI still supports JDK 7 (even though that too is way past end-of-life), the next ESAPI release will move to JDK 8 as the minimal baseline. (We already use Java 8 for development but still to Java 7 source and runtime compatiblity.)
+
+-----------------------------------------------------------------------------
+
+        Other changes in this release, some of which not tracked via GitHub issues
+
+-----------------------------------------------------------------------------
+
+Documentation updates for locating Jar files
+Unneeded code removed from ExtensiveEncoder
+Inline reader added to ExtensiveEncoder
+Additional time for windows to always sleep more than given seconds in CryptoTokenTest
+Change required by tweak to CipherText.toString() method
+Removed call to deprecated CryptoHelper.computeDerivedKey() method
+New JUnit tests for org.owasp.esapi.crypto.KeyDerivationFunction class
+Use existing toString method rather than a StringBuilder
+Documentation and tests
+JavaLogger moved 
+Splitting user info from Client Supplier
+
+-----------------------------------------------------------------------------
+
+Developer Activity Report (Changes between release 2.2.0.0 and 2.2.1.0, i.e., between 2019-06-25 and 2020-05-12)
+Generated manually (this time)
+
+Developer       Total       Total Number
+(GitHub ID)     commits   of Files Changed
+=====================================================
+jeremiahjstacey 11              68
+kwwall          16              26
+wiitek          3               6
+xeno6696        8               9
+Michael-Ziluck  2               3
+sempf           1               1
+=====================================================
+
+-----------------------------------------------------------------------------
+
+53 Closed PRs since 2.2.0.0 release (those rejected not listed)
+===============================================================
+504 New scripts to suppress noise for 'mvn test'
+510 Resolve #509 - Properly throw exception when HTML fails
+513 Close issue #512 by updating to 1.9.4 of Commons Beans Util.\
+519 Issue 494 CSSCodec RGB Triplets
+520 OS Name DefaultExecutorTests #143
+540 Issue 382: Build Fails on path with space
+596 Closes Issue 245
+
+-----------------------------------------------------------------------------
+
+Notice:
+
+    Release notes written by Bill Sempf (bill.sempf@owasp.org), but please direct any communication to the project leaders.
+
+Project co-leaders
+    Kevin W. Wall (kwwall)
+    Matt Seil (xeno6696)
+
+Special shout-outs to:
+    Jeremiah Stacey (jeremiahjstacey) -- All around ESAPI support and JUnit test case developer extraordinaire
+    Dave Wichers (davewichers) - for pom.xml improvements
+    Bill Sempf -- for these release notes. Awesome job, Bill. I owe you a brew.
+
+Thanks you all for your time and effort to ESAPI and making it a better project. And if I've missed any, my apologies; let me know and I will correct it.
diff --git a/src/main/java/org/owasp/esapi/logging/appender/ClientInfoSupplier.java b/src/main/java/org/owasp/esapi/logging/appender/ClientInfoSupplier.java
index 2ff07a19a..5a8524340 100644
--- a/src/main/java/org/owasp/esapi/logging/appender/ClientInfoSupplier.java
+++ b/src/main/java/org/owasp/esapi/logging/appender/ClientInfoSupplier.java
@@ -15,7 +15,8 @@
 
 package org.owasp.esapi.logging.appender;
 
-import java.util.function.Supplier;
+// Uncomment and use once ESAPI supports Java 8 as the minimal baseline.
+// import java.util.function.Supplier;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpSession;
@@ -27,7 +28,8 @@
  * Supplier which can provide a String representing the client-side connection
  * information.
  */
-public class ClientInfoSupplier implements Supplier<String> {
+public class ClientInfoSupplier // implements Supplier<String>
+{
     /** Default Last Host string if the Authenticated user is null.*/
     private static final String DEFAULT_LAST_HOST = "#UNKNOWN_HOST#";
     /** Session Attribute containing the ESAPI Session id. */
@@ -47,7 +49,7 @@ public class ClientInfoSupplier implements Supplier<String> {
     /** Whether to log the user info from this instance. */
     private boolean logClientInfo = true;
 
-    @Override
+    // @Override    -- Uncomment when we switch to Java 8 as minimal baseline.
     public String get() {
         String clientInfo = "";
 
diff --git a/src/main/java/org/owasp/esapi/logging/appender/EventTypeLogSupplier.java b/src/main/java/org/owasp/esapi/logging/appender/EventTypeLogSupplier.java
index 2f857f128..4af1bd50b 100644
--- a/src/main/java/org/owasp/esapi/logging/appender/EventTypeLogSupplier.java
+++ b/src/main/java/org/owasp/esapi/logging/appender/EventTypeLogSupplier.java
@@ -15,7 +15,8 @@
 
 package org.owasp.esapi.logging.appender;
 
-import java.util.function.Supplier;
+// Uncomment and use once ESAPI supports Java 8 as the minimal baseline.
+// import java.util.function.Supplier;
 
 import org.owasp.esapi.Logger;
 import org.owasp.esapi.Logger.EventType;
@@ -25,7 +26,8 @@
  * an EventType for logging
  *
  */
-public class EventTypeLogSupplier implements Supplier<String> {
+public class EventTypeLogSupplier // implements Supplier<String>
+{
     /** EventType reference to supply log representation of. */
     private final EventType eventType;
 
@@ -38,7 +40,7 @@ public EventTypeLogSupplier(EventType evtyp) {
         this.eventType = evtyp == null ? Logger.EVENT_UNSPECIFIED : evtyp;
     }
 
-    @Override
+    // @Override    -- Uncomment when we switch to Java 8 as minimal baseline.
     public String get() {
         return eventType.toString();
     }
diff --git a/src/main/java/org/owasp/esapi/logging/appender/ServerInfoSupplier.java b/src/main/java/org/owasp/esapi/logging/appender/ServerInfoSupplier.java
index ca9b4bbd8..c9e0d8e02 100644
--- a/src/main/java/org/owasp/esapi/logging/appender/ServerInfoSupplier.java
+++ b/src/main/java/org/owasp/esapi/logging/appender/ServerInfoSupplier.java
@@ -15,7 +15,8 @@
 
 package org.owasp.esapi.logging.appender;
 
-import java.util.function.Supplier;
+// Uncomment and use once ESAPI supports Java 8 as the minimal baseline.
+// import java.util.function.Supplier;
 
 import javax.servlet.http.HttpServletRequest;
 
@@ -25,7 +26,8 @@
  * Supplier which can provide a String representing the server-side connection
  * information.
  */
-public class ServerInfoSupplier implements Supplier<String> {
+public class ServerInfoSupplier     // implements Supplier<String>
+{
     /** Whether to log the server connection info. */
     private boolean logServerIP = true;
     /** Whether to log the application name. */
@@ -45,7 +47,7 @@ public ServerInfoSupplier(String logName) {
         this.logName = logName;
     }
 
-    @Override
+    // @Override    -- Uncomment when we switch to Java 8 as minimal baseline.
     public String get() {
         // log server, port, app name, module name -- server:80/app/module
         StringBuilder appInfo = new StringBuilder();
diff --git a/src/main/java/org/owasp/esapi/logging/appender/UserInfoSupplier.java b/src/main/java/org/owasp/esapi/logging/appender/UserInfoSupplier.java
index e9c34e31a..6065ed366 100644
--- a/src/main/java/org/owasp/esapi/logging/appender/UserInfoSupplier.java
+++ b/src/main/java/org/owasp/esapi/logging/appender/UserInfoSupplier.java
@@ -15,7 +15,8 @@
 
 package org.owasp.esapi.logging.appender;
 
-import java.util.function.Supplier;
+// Uncomment and use once ESAPI supports Java 8 as the minimal baseline.
+// import java.util.function.Supplier;
 
 import org.owasp.esapi.ESAPI;
 import org.owasp.esapi.User;
@@ -24,14 +25,15 @@
  * Supplier which can provide a String representing the client-side connection
  * information.
  */
-public class UserInfoSupplier implements Supplier<String> {
+public class UserInfoSupplier   // implements Supplier<String>
+{
     /** Default UserName string if the Authenticated user is null.*/
     private static final String DEFAULT_USERNAME = "#ANONYMOUS#";
     
     /** Whether to log the user info from this instance. */
     private boolean logUserInfo = true;
     
-        @Override
+    // @Override    -- Uncomment when we switch to Java 8 as minimal baseline.
     public String get() {
         // log user information - username:session@ipaddr
         User user = ESAPI.authenticator().getCurrentUser();

From e8e613fefb24e263a1676c042261e388f16c4569 Mon Sep 17 00:00:00 2001
From: "Kevin W. Wall" <kevin.w.wall@gmail.com>
Date: Sun, 12 Jul 2020 21:59:43 -0400
Subject: [PATCH 696/812] Prep 2.2.1.0 (#557)

* Delete the release notes that prevents me from doing a 'git pull origin' from my fork.

* Add note referring to minimal Java 7 baseline.

* Close #542 - final release notes for 2.2.1.0.

* Close #556 - Add some final additional 'see also' refs.

* Close #554

* Close #555

* Added issue 521 which should have been closed per PR 535. Issue now closed.

* Close #558

* Update to reflect fix to issue #558

* Find/fix dependency causing java.lang.OutOfMemoryError: PermGen space
that only occurs on Mac with Java 7. Apparently it was the surefire plugin.

Co-authored-by: davewichers <dwichers@gmail.com>
---
 README.md                                     |   4 +-
 .../esapi4java-core-2.2.1.0-release-notes.txt | 253 ++++++++++++++----
 pom.xml                                       |   5 +-
 src/main/java/org/owasp/esapi/Encoder.java    |   3 +
 .../org/owasp/esapi/crypto/CryptoHelper.java  |  10 +-
 .../owasp/esapi/crypto/CryptoHelperTest.java  |  10 +-
 .../esapi/reference/AccessControllerTest.java |   2 +-
 .../owasp/esapi/reference/ValidatorTest.java  |   8 +-
 .../esapi/fbac-policies/DataAccessRules.txt   |   4 +-
 9 files changed, 234 insertions(+), 65 deletions(-)

diff --git a/README.md b/README.md
index baddc52bb..dc59e7a2a 100644
--- a/README.md
+++ b/README.md
@@ -17,9 +17,11 @@ OWASP® ESAPI (The OWASP Enterprise Security API) is a free, open source, web ap
 # What does Legacy mean?
 <p>This is the legacy branch of ESAPI which means it is an actively maintained branch of the project, however feature development for this branch will not be done. Features that have already been scheduled for the 2.x branch will move forward, but the main focus will be working on the ESAPI 3.x branch. 
 
-<b>IMPORTANT NOTE:</b>
+<b>IMPORTANT NOTES:</b>
 The default branch for ESAPI legacy is now the 'develop' branch (rather than the 'master' branch), where future development, bug fixes, etc. will now be done. The 'master' branch is now marked as "protected"; it reflects the latest stable ESAPI release (2.1.0.1 as of this date). Note that this change of making the 'develop' branch the default may affect any pull requests that you were intending to make.
 
+Also, the <i>minimal</i> baseline Java version to use ESAPI is Java 7. (This was changed from Java 6 during the 2.2.0.0 release.)
+
 # Where can I find ESAPI 3.x?
 https://github.com/ESAPI/esapi-java
 
diff --git a/documentation/esapi4java-core-2.2.1.0-release-notes.txt b/documentation/esapi4java-core-2.2.1.0-release-notes.txt
index 94da6b95d..ee3caf5ea 100644
--- a/documentation/esapi4java-core-2.2.1.0-release-notes.txt
+++ b/documentation/esapi4java-core-2.2.1.0-release-notes.txt
@@ -27,40 +27,61 @@ ESAPI 2.2.1.0 release:
     211 Java source files
     4309 JUnit tests in 134 Java source files
 
-GitHub Issues fixed in this release
+39 GitHub Issues closed in this release
 
 Issue #         GitHub Issue Title
 ----------------------------------------------------------------------------------------------
 
-143             Enchance encodeForOS to auto-detect the underling OS
-226             Javadoc Inaccuracy in getRandomInteger() and getRandomReal()
-245             KeyDerivationFunction::computeDerivedKey - possible security level mismatch
-256             White space clean up
-382             Build Fails on path with space
-494             Encoder's encodeForCSS doesn't handle RGB Triplets
-503             Bug on on referrer header when value contains `&section` like `www.asdf.com?a=1&section=2`
-509             HTMLValidationRule.getValid(String,String) does not follow documented specifications
-511             Add missing documentation to Validator.addRule() and Validator.getRule()
-512             Update Apache Commons Bean Utils to 1.9.4
-515             Adding tests for getCookies (also 516)
-519             Issue 494 CSSCodec RGB Triplets
-522             javadoc corrections for Encoder.canonicalize()
-530             Log Bridge Tests
-536             Various fixes
-538             Addressing log4j 1.x CVE-2019-17571
-552             Rewrite implementation of some ESAPI classes to remove Java 8 dependencies
-
+143 - Enchance encodeForOS to auto-detect the underling OS
+173 - DOMConfigurator is being used inappropriately in the ESAPIWebApplicationFirewallFilter
+226 - Javadoc Inaccuracy in getRandomInteger() and getRandomReal()
+232 - SecurityWrapperResponse.createCookieHeader modification request  (closed; marked 'wontfix')
+235 - exception is java.lang.NoClassDefFoundError: org.owasp.esapi.codecs.Codec
+245 - KeyDerivationFunction::computeDerivedKey - possible security level mismatch
+256 - Whitespace in JavaEncryptor
+263 - I am getting validation exception while validating a paramter coming from http request
+268 - SecurityWrapperResponse setStatus should not always set SC_OK
+269 - org.owasp.esapi.reference.DefaultValidator reports ValidationException with IE 9
+271 - Add Constructor to DefaultSecurityConfiguration to accept a properties file (1.4)
+276 - Patch for /branches/2.1/src/main/java/org/owasp/esapi/reference/DefaultExecutor.java
+310 - Make HTMLValidationRule to look for antisamy-esapi.xml in classpaths enhancement
+382 - Build Fails on path with space
+465 - Update both ESAPI.properties files to show comment for ESAPI logger support for SLF4J
+488 - Missed a legal input case in DefaultSecurityConfiguration.java
+494 - Encoder's encodeForCSS doesn't handle RGB Triplets
+495 - Maven Install Requires GPG Key
+499 - ValidatorTest.isValidDirectoryPath() has tests that fail under Windows if ESAPI tests run from different drive where Windows installed
+500 - Suppress noise from ESAPI searching for properties and stop ignoring important IOExceptions
+503 - Bug on on referrer header when value contains `&section` like `www.asdf.com?a=1&section=2`
+509 - HTMLValidationRule.getValid(String,String) does not follow documented specifications
+511 - Add missing documentation to Validator.addRule() and Validator.getRule()
+512 - Update Apache Commons Bean Utils to 1.9.4
+515 - NullPointerException can result from line 163 of SecurityWrapperRequest.java:
+521 - JUnit test ValidatorTest.testIsValidSafeHTML() now failing
+522 - javadoc corrections for Encoder.canonicalize()
+523 - Links in README to users list and dev list are reversed
+527 - Configuration flag for disabling Logger User and App Information
+530 - Apply default logging content to SLF4J messages
+532 - Update JUL and Log4J code structure and workflow to match SLF4J
+536 - SecurityWrapperResponse setHeader error message is unclear
+538 - Addressing log4j 1.x CVE-2019-17571
+542 - Write up ESAPI release notes for planned 2.2.1.0 release
+552 - Rewrite implementation of some ESAPI classes to remove Java 8 dependencies
+554 - CryptoHelper.arrayCompare() fails with NPE under Java 7 when one of the arguments is null
+555 - JUnit test org.owasp.esapi.reference.AccessControllerTest.testIsAuthorizedForData fails when run against Java 7 on Linux
+556 - Major overhaul to ESAPI Encoder Javadoc based on ESAPI Encoder Usability Study
+558 - ValidatorTest.testIsValidDirectoryPath() JUnit test fails under MacOS
 
 -----------------------------------------------------------------------------
 
-        Changes requiring special attention
+        Changes Requiring Special Attention
 
 -----------------------------------------------------------------------------
-The new default ESAPI logger is JUL (java.util.logging packages) and we have deprecated the use of Log4j 1.x as it is way past the end-of-life and we now support SLF4J. We did not want to make SLF4J the default logger (at least not yet) as we did not want to have the default ESAPI use require additional dependencies. However, SLF4J is likely to be the future choice, at least once we start on EsAPI 3.0. A special shout-out to Jeremiah Stacey for making this possible by re-factoring much of the ESAPI logger code. Note, the straw that broke the proverbial camel's back was the announcement of CVE-2019-17571 (rated Critical), for which there is no fix available and likely will never be.
+The new default ESAPI logger is JUL (java.util.logging packages) and we have deprecated the use of Log4J 1.x because we now support SLF4J and Log4J 1.x is way past its end-of-life. We did not want to make SLF4J the default logger (at least not yet) as we did not want to have the default ESAPI use require additional dependencies. However, SLF4J is likely to be the future choice, at least once we start on EsAPI 3.0. A special shout-out to Jeremiah Stacey for making this possible by re-factoring much of the ESAPI logger code. Note, the straw that broke the proverbial camel's back was the announcement of CVE-2019-17571 (rated Critical), for which there is no fix available and likely will never be.
 
 Related to that CVE and how it affects ESAPI, be sure to read
    https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin2.pdf 
-which describes CVE-2019-17571, a deserialization vulnerability in Log4j 1.2.17. ESAPI is not affected by this (even if you chose to use Log4j 1 as you default ESAPI logger). This security bulletin describes why this CVE is not exploitable as used by ESAPI.
+which describes CVE-2019-17571, a deserialization vulnerability in Log4J 1.2.17. ESAPI is not affected by this (even if you chose to use Log4J 1 as you default ESAPI logger). This security bulletin describes why this CVE is not exploitable as used by ESAPI.
 
 Notable dependency updates (excludes those only used with JUnit tests):
     antiSamy            1.5.8   ->  1.5.10
@@ -70,6 +91,32 @@ Notable dependency updates (excludes those only used with JUnit tests):
 
 Finally, while ESAPI still supports JDK 7 (even though that too is way past end-of-life), the next ESAPI release will move to JDK 8 as the minimal baseline. (We already use Java 8 for development but still to Java 7 source and runtime compatiblity.)
 
+-----------------------------------------------------------------------------
+
+        Known Issues / Problems
+
+-----------------------------------------------------------------------------
+If you use Java 7 (the minimal Java baseline supported by ESAPI) and try to run 'mvn test' there is one test that fails. This test passes with Java 8. The failing test is:
+
+        [ERROR] Tests run: 5, Failures: 1, Errors: 0, Skipped: 0, Time elapsed: 0.203 s
+        <<< FAILURE! - in org.owasp.esapi.crypto.SecurityProviderLoaderTest
+        [ERROR] org.owasp.esapi.crypto.SecurityProviderLoaderTest.testWithBouncyCastle
+        Time elapsed: 0.116 s <<< FAILURE!
+        java.lang.AssertionError: Encryption w/ Bouncy Castle failed with
+        EncryptionException for preferred cipher transformation; exception was:
+        org.owasp.esapi.errors.EncryptionException: Encryption failure (unavailable
+        cipher requested)
+        at
+        org.owasp.esapi.crypto.SecurityProviderLoaderTest.testWithBouncyCastle(Security
+        ProviderLoaderTest.java:133)
+
+I will spare you all the details and tell you that this has to do with Java 7 not being able to correctly parse the signed Bouncy Castle JCE provider jar. More details are available at:
+    https://www.bouncycastle.org/latest_releases.html
+and
+    https://github.com/bcgit/bc-java/issues/477
+I am sure that there are ways of making Bouncy Castle work with Java 7, but since ESAPI does not rely on Bouncy Castle (it can use any compliant JCE provider), this should not be a problem. (It works fine with the default SunJCE provider.) If it is important to get the BC provider working with the ESAPI Encryptor and Java 7, then open a GitHub issue and we will take a deeper look at it and see if we can suggest something.
+
+
 -----------------------------------------------------------------------------
 
         Other changes in this release, some of which not tracked via GitHub issues
@@ -77,60 +124,154 @@ Finally, while ESAPI still supports JDK 7 (even though that too is way past end-
 -----------------------------------------------------------------------------
 
 Documentation updates for locating Jar files
-Unneeded code removed from ExtensiveEncoder
+Unneeded code removed from ExtensiveEncoderURI test
 Inline reader added to ExtensiveEncoder
 Additional time for windows to always sleep more than given seconds in CryptoTokenTest
 Change required by tweak to CipherText.toString() method
 Removed call to deprecated CryptoHelper.computeDerivedKey() method
 New JUnit tests for org.owasp.esapi.crypto.KeyDerivationFunction class
-Use existing toString method rather than a StringBuilder
-Documentation and tests
-JavaLogger moved 
-Splitting user info from Client Supplier
+Miscellaneous documentation and tests
+JavaLogger moved to new package
+Log4J 1.x no longer ESAPI's default logger
 
 -----------------------------------------------------------------------------
 
-Developer Activity Report (Changes between release 2.2.0.0 and 2.2.1.0, i.e., between 2019-06-25 and 2020-05-12)
-Generated manually (this time)
+Developer Activity Report (Changes between release 2.2.0.0 and 2.2.1.0, i.e., between 2019-06-25 and 2020-07-11)
+Generated manually (this time) -- all errors are the fault of kwwall and his inability to do simple arithmetic.
+
+Developer       Total       Total Number        # Merged
+(GitHub ID)     commits   of Files Changed        PRs
+========================================================
+HJW8472         11              8               1
+jeremiahjstacey 78             70               6
+kwwall          65             64               8
+Michael-Ziluck  3               2               2
+sempf           1               1               1
+wiitek          6               4               2
+xeno6696        3               5               1
+========================================================
+                                        Total: 21
 
-Developer       Total       Total Number
-(GitHub ID)     commits   of Files Changed
-=====================================================
-jeremiahjstacey 11              68
-kwwall          16              26
-wiitek          3               6
-xeno6696        8               9
-Michael-Ziluck  2               3
-sempf           1               1
-=====================================================
 
 -----------------------------------------------------------------------------
 
 
-53 Closed PRs since 2.2.0.0 release (those rejected not listed)
-===============================================================
+21 Closed PRs merged since 2.2.0.0 release (those rejected not listed)
+======================================================================
+PR#    GitHub ID                Description
+----------------------------------------------------------------------
+504 -- kwwall           -- New scripts to suppress noise for 'mvn test'
+505 -- kwwall           -- Close issue #256. White-space clean up.
+506 -- kwwall           -- Closes Issue 245
+508 -- Michael-Ziluck   -- Resolves #226 - Corrected docs for the bounded, numeric, random methods
+510 -- Michael-Ziluck   -- Resolve #509 - Properly throw exception when HTML fails
+513 -- kwwall           -- Close issue #512 by updating to 1.9.4 of Commons Beans Util. 
+514 -- xeno6696         -- Fixed issues #503 by writing a new addReferer method, also temporaril… 
+516 -- jeremiahjstacey  -- Issue 515 
+518 -- jeremiahjstacey  -- Issue #511 Copying Docs from DefaultValidator 
+519 -- jeremiahjstacey  -- Issue 494 CSSCodec RGB Triplets 
+520 -- jeremiahjstacey  -- OS Name DefaultExecutorTests #143 
+533 -- jeremiahjstacey  -- #532 JUL and Log4J match SLF4J class structure and Workflow 
+535 -- kwwall           -- Issue 521 
+537 -- jeremiahjstacey  -- Issue 536 
+539 -- wiiitek          -- upgrade for convergence 
+540 -- wiiitek          -- Issue 382: Build Fails on path with space 
+541 -- HJW8472          -- Fixed issue #310 
+543 -- sempf            -- Release notes for 2.2.1.0 
+551 -- kwwall           -- Misc cleanup 
+553 -- kwwall           -- Fix for GitHub Issue 552 
+557 -- kwwall           -- Final prep for 2.2.1.0 release
+
+
+CHANGELOG:      Create your own. May I suggest:
+
+        git log --since=2019-06-25 --reverse --pretty=medium
+
+    which will show all the commits since just after the last (2.2.0.0) release.
+
+-----------------------------------------------------------------------------
 
-504 New scripts to suppress noise for 'mvn test'
-510 Resolve #509 - Properly throw exception when HTML fails
-513 Close issue #512 by updating to 1.9.4 of Commons Beans Util.\
-519 Issue 494 CSSCodec RGB Triplets
-520 OS Name DefaultExecutorTests #143
-540 Issue 382: Build Fails on path with space
-596 Closes Issue 245
+Direct and Transitive Runtime and Test Dependencies:
+
+        $ mvn dependency:tree
+        [INFO] Scanning for projects...
+        [INFO] 
+        [INFO] -----------------------< org.owasp.esapi:esapi >------------------------
+        [INFO] Building ESAPI 2.2.1.0
+        [INFO] --------------------------------[ jar ]---------------------------------
+        [INFO] 
+        [INFO] --- maven-dependency-plugin:3.1.2:tree (default-cli) @ esapi ---
+        [INFO] org.owasp.esapi:esapi:jar:2.2.1.0-RC1
+        [INFO] +- javax.servlet:javax.servlet-api:jar:3.0.1:provided
+        [INFO] +- javax.servlet.jsp:javax.servlet.jsp-api:jar:2.3.3:provided
+        [INFO] +- com.io7m.xom:xom:jar:1.2.10:compile
+        [INFO] +- commons-beanutils:commons-beanutils:jar:1.9.4:compile
+        [INFO] |  +- commons-logging:commons-logging:jar:1.2:compile
+        [INFO] |  \- commons-collections:commons-collections:jar:3.2.2:compile
+        [INFO] +- commons-configuration:commons-configuration:jar:1.10:compile
+        [INFO] +- commons-lang:commons-lang:jar:2.6:compile
+        [INFO] +- commons-fileupload:commons-fileupload:jar:1.3.3:compile
+        [INFO] +- log4j:log4j:jar:1.2.17:compile
+        [INFO] +- org.apache.commons:commons-collections4:jar:4.2:compile
+        [INFO] +- org.apache-extras.beanshell:bsh:jar:2.0b6:compile
+        [INFO] +- org.owasp.antisamy:antisamy:jar:1.5.10:compile
+        [INFO] |  +- net.sourceforge.nekohtml:nekohtml:jar:1.9.22:compile
+        [INFO] |  +- org.apache.httpcomponents:httpclient:jar:4.5.12:compile
+        [INFO] |  |  \- org.apache.httpcomponents:httpcore:jar:4.4.13:compile
+        [INFO] |  \- commons-codec:commons-codec:jar:1.14:compile
+        [INFO] +- org.slf4j:slf4j-api:jar:1.7.30:compile
+        [INFO] +- commons-io:commons-io:jar:2.6:compile
+        [INFO] +- org.apache.xmlgraphics:batik-css:jar:1.13:compile
+        [INFO] |  +- org.apache.xmlgraphics:batik-shared-resources:jar:1.13:compile
+        [INFO] |  +- org.apache.xmlgraphics:batik-util:jar:1.13:compile
+        [INFO] |  |  +- org.apache.xmlgraphics:batik-constants:jar:1.13:compile
+        [INFO] |  |  \- org.apache.xmlgraphics:batik-i18n:jar:1.13:compile
+        [INFO] |  +- org.apache.xmlgraphics:xmlgraphics-commons:jar:2.4:compile
+        [INFO] |  \- xml-apis:xml-apis-ext:jar:1.3.04:compile
+        [INFO] +- xalan:xalan:jar:2.7.2:compile
+        [INFO] |  \- xalan:serializer:jar:2.7.2:compile
+        [INFO] +- xerces:xercesImpl:jar:2.12.0:compile
+        [INFO] +- xml-apis:xml-apis:jar:1.4.01:compile
+        [INFO] +- com.github.spotbugs:spotbugs-annotations:jar:4.0.4:compile (optional) 
+        [INFO] |  \- com.google.code.findbugs:jsr305:jar:3.0.2:compile (optional) 
+        [INFO] +- net.jcip:jcip-annotations:jar:1.0:compile (optional) 
+        [INFO] +- junit:junit:jar:4.13:test
+        [INFO] |  \- org.hamcrest:hamcrest-core:jar:1.3:test
+        [INFO] +- org.bouncycastle:bcprov-jdk15on:jar:1.65.01:test
+        [INFO] +- org.powermock:powermock-api-mockito2:jar:2.0.7:test
+        [INFO] |  \- org.powermock:powermock-api-support:jar:2.0.7:test
+        [INFO] |     \- org.powermock:powermock-core:jar:2.0.7:test
+        [INFO] +- org.javassist:javassist:jar:3.25.0-GA:test
+        [INFO] +- org.mockito:mockito-core:jar:2.28.2:test
+        [INFO] |  +- net.bytebuddy:byte-buddy:jar:1.9.10:test
+        [INFO] |  +- net.bytebuddy:byte-buddy-agent:jar:1.9.10:test
+        [INFO] |  \- org.objenesis:objenesis:jar:2.6:test
+        [INFO] +- org.powermock:powermock-module-junit4:jar:2.0.7:test
+        [INFO] |  \- org.powermock:powermock-module-junit4-common:jar:2.0.7:test
+        [INFO] +- org.powermock:powermock-reflect:jar:2.0.7:test
+        [INFO] +- org.openjdk.jmh:jmh-core:jar:1.23:test
+        [INFO] |  +- net.sf.jopt-simple:jopt-simple:jar:4.6:test
+        [INFO] |  \- org.apache.commons:commons-math3:jar:3.2:test
+        [INFO] \- org.openjdk.jmh:jmh-generator-annprocess:jar:1.23:test
+        [INFO] ------------------------------------------------------------------------
+        [INFO] BUILD SUCCESS
+        [INFO] ------------------------------------------------------------------------
 
 -----------------------------------------------------------------------------
 
-Notice:
+Ackknowledgements:
 
     Release notes written by Bill Sempf (bill.sempf@owasp.org), but please direct any communication to the project leaders.
 
-Project co-leaders
-    Kevin W. Wall (kwwall)
-    Matt Seil (xeno6696)
-
 Special shout-outs to:
-    Jeremiah Stacey (jeremiahjstacey) -- All around ESAPI support and JUnit test case developer extraordinaire
-    Dave Wichers (davewichers) - for pom.xml improvements
-    Bill Sempf -- for these release notes. Awesome job, Bill. I owe you a brew.
+    Jeremiah Stacey (jeremiahjstacey) -- All around ESAPI support and JUnit test case developer extraordinaire and for refactoring ESAPI loggers.
+    Dave Wichers (davewichers) - for several extremely useful pom.xml improvements.
+    Bill Sempf (sempf) -- for these release notes. Awesome job, Bill. I owe you a brew.
+    Chamila Wijayarathna <cdwijayarathna@gmail.com> and Nalin A. G. Arachchilage <nalin.arachchilage@gmail.com> for their authorship and subsequent extensive discussion of their paper "Fighting Against XSS Attacks: A Usability Evaluation of OWASP ESAPI Output Encoding" (https://scholarspace.manoa.hawaii.edu/bitstream/10125/60167/0727.pdf). Their paper and their willingness to engage with me to discuss it was what led to the (hopefully) improved Javadoc for the ESAPI Encoder interface.
+    And lastly a special thanks to first-time contributors Michael-Ziluck, wiiitek, and HJW8472.
 
 Thanks you all for your time and effort to ESAPI and making it a better project. And if I've missed any, my apologies; let me know and I will correct it.
+
+A special thanks to the ESAPI community from the ESAPI project co-leaders:
+    Kevin W. Wall (kwwall) <== The irresponsible party for these release notes!
+    Matt Seil (xeno6696)
diff --git a/pom.xml b/pom.xml
index 8623ac2e6..8a383d6f2 100644
--- a/pom.xml
+++ b/pom.xml
@@ -135,7 +135,10 @@
         <version.jmh>1.23</version.jmh>
         <version.powermock>2.0.7</version.powermock>
         <version.spotbugs>4.0.4</version.spotbugs>
-        <version.surefire>3.0.0-M5</version.surefire>
+        <!-- Upgrading to 3.0.0-M3+ causes this test case error:
+             org.owasp.esapi.reference.DefaultValidatorInputStringAPITest.getValidInputNullAllowedPassthrough  Time elapsed: 2.057 s  <<< ERROR!
+             java.lang.OutOfMemoryError: PermGen space -->
+        <version.surefire>3.0.0-M2</version.surefire>
     </properties>
 
     <dependencies>
diff --git a/src/main/java/org/owasp/esapi/Encoder.java b/src/main/java/org/owasp/esapi/Encoder.java
index b9d42dea5..a8b949d71 100644
--- a/src/main/java/org/owasp/esapi/Encoder.java
+++ b/src/main/java/org/owasp/esapi/Encoder.java
@@ -149,6 +149,9 @@
  * </li>
  * </ul>
  * 
+ * @see <a href="https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html">OWASP Cross-Site Scripting Prevention Cheat Sheet</a>.
+ * @see <a href="https://owasp.org/www-project-proactive-controls/v3/en/c4-encode-escape-data">OWASP Proactive Controls: C4: Encode and Escape Data</a>
+ * @see <a href="https://www.onwebsecurity.com/security/properly-encoding-and-escaping-for-the-web.html">Properly encoding and escaping for the web.</a>
  * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
  *         href="http://www.aspectsecurity.com">Aspect Security</a>
  * @since June 1, 2007
diff --git a/src/main/java/org/owasp/esapi/crypto/CryptoHelper.java b/src/main/java/org/owasp/esapi/crypto/CryptoHelper.java
index 11a6bcb9f..31f276ac4 100644
--- a/src/main/java/org/owasp/esapi/crypto/CryptoHelper.java
+++ b/src/main/java/org/owasp/esapi/crypto/CryptoHelper.java
@@ -352,7 +352,15 @@ public static void copyByteArray(final byte[] src, byte[] dest)
 	 */
     @Deprecated
 	public static boolean arrayCompare(byte[] b1, byte[] b2) {
-        // Note: See GitHub issue #246
+        // Note: See GitHub issue #246 and #554.
+        // If we make Java 8 the minimal ESAPI baseline before we remove this
+        // method, we can at least remove these next 6 lines. (Issue 554.)
+        if ( b1 == null && b2 == null ) {   // Must test this first!
+            return true;    // Prevent NPE; compatibility with Java 8 and later.
+        }
+        if ( b1 == null || b2 == null ) {
+            return false;    // Prevent NPE; compatibility with Java 8 and later.
+        }
         return java.security.MessageDigest.isEqual(b1, b2);
 	}
   
diff --git a/src/test/java/org/owasp/esapi/crypto/CryptoHelperTest.java b/src/test/java/org/owasp/esapi/crypto/CryptoHelperTest.java
index 678b0acf8..aa7ae0cf3 100644
--- a/src/test/java/org/owasp/esapi/crypto/CryptoHelperTest.java
+++ b/src/test/java/org/owasp/esapi/crypto/CryptoHelperTest.java
@@ -131,7 +131,13 @@ public final void testArrayCompare() {
 //        stop = System.nanoTime();
 //        diff = stop - start;
 //        System.out.println("diff: " + diff + " nanosec");
-        
+ 
+//        start = System.nanoTime();
+        assertFalse(CryptoHelper.arrayCompare(null, ba1));
+//        stop = System.nanoTime();
+//        diff = stop - start;
+//        System.out.println("diff: " + diff + " nanosec");
+ 
         ba2 = ba1;
 //        start = System.nanoTime();
         assertTrue(CryptoHelper.arrayCompare(ba1, ba2));
@@ -186,4 +192,4 @@ private boolean checkByteArray(byte[] ba, byte b) {
     public static junit.framework.Test suite() {
         return new JUnit4TestAdapter(CryptoHelperTest.class);
     }
-}
\ No newline at end of file
+}
diff --git a/src/test/java/org/owasp/esapi/reference/AccessControllerTest.java b/src/test/java/org/owasp/esapi/reference/AccessControllerTest.java
index ad53d9ea3..107c1da71 100644
--- a/src/test/java/org/owasp/esapi/reference/AccessControllerTest.java
+++ b/src/test/java/org/owasp/esapi/reference/AccessControllerTest.java
@@ -226,7 +226,7 @@ public void testIsAuthorizedForData() {
 			userRW = Class.forName("java.lang.String");
 			anyR = Class.forName("java.io.BufferedReader");
 			userAdminR = Class.forName("java.util.Random");
-			userAdminRW = Class.forName("java.awt.event.MouseWheelEvent");
+			userAdminRW = Class.forName("javax.crypto.Cipher");
 			undefined = Class.forName("java.io.FileWriter");
 			
 		}catch(ClassNotFoundException cnf){
diff --git a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
index b0fd24789..fc0dc7e06 100644
--- a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
+++ b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
@@ -350,7 +350,13 @@ public void testIsValidDirectoryPath() throws IOException {
 
             // Unix specific paths should pass
             assertTrue(instance.isValidDirectoryPath("test", "/", parent, false));         // Root directory
-            assertTrue(instance.isValidDirectoryPath("test", "/etc", parent, false));      // Always exist directory
+                // Unfortunately, on MacOS both "/etc" and "/var" are symlinks
+                // to "/private/etc" and "/private/var" respectively, and "/sbin"
+                // and "/bin" sometimes are symlinks on certain *nix OSs, so we need
+                // to special case MacOS here.
+            boolean isMac = System.getProperty("os.name").toLowerCase().contains("mac");
+            String testDirNotSymLink = isMac ? "/private" : "/etc";
+            assertTrue(instance.isValidDirectoryPath("test", testDirNotSymLink, parent, false));      // Always exist directory
 
             // Unix specific paths that should not exist or work
             assertFalse(instance.isValidDirectoryPath("test", "/bin/sh", parent, false));   // Standard shell, not dir
diff --git a/src/test/resources/esapi/fbac-policies/DataAccessRules.txt b/src/test/resources/esapi/fbac-policies/DataAccessRules.txt
index f21e8c869..0341aa56f 100644
--- a/src/test/resources/esapi/fbac-policies/DataAccessRules.txt
+++ b/src/test/resources/esapi/fbac-policies/DataAccessRules.txt
@@ -4,6 +4,6 @@ java.io.BufferedReader             | any         | read        | default deny
 java.lang.String                   | User        | read, write |
 java.lang.Math                     | Admin       | read, write |
 java.util.ArrayList                | Admin       | read        |
-java.awt.event.MouseWheelEvent     | Admin, User | write, read |
+javax.crypto.Cipher                | Admin, User | write, read |
 java.util.Date                     | User        | write       |
-java.util.Random                   | User, Admin | read        |
\ No newline at end of file
+java.util.Random                   | User, Admin | read        |

From 6bc2889e370acfdee6d8ffd711fc9a354506893d Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 12 Jul 2020 22:40:52 -0400
Subject: [PATCH 697/812] Change release from 2.2.1.0-RC1 to 2.2.1.0. Also add
 additional comment about surefire plug-in.

---
 pom.xml | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/pom.xml b/pom.xml
index 8a383d6f2..33af4721a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,7 +3,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.owasp.esapi</groupId>
     <artifactId>esapi</artifactId>
-    <version>2.2.1.0-RC1</version>
+    <version>2.2.1.0</version>
     <packaging>jar</packaging>
 
     <distributionManagement>
@@ -136,8 +136,11 @@
         <version.powermock>2.0.7</version.powermock>
         <version.spotbugs>4.0.4</version.spotbugs>
         <!-- Upgrading to 3.0.0-M3+ causes this test case error:
-             org.owasp.esapi.reference.DefaultValidatorInputStringAPITest.getValidInputNullAllowedPassthrough  Time elapsed: 2.057 s  <<< ERROR!
-             java.lang.OutOfMemoryError: PermGen space -->
+                org.owasp.esapi.reference.DefaultValidatorInputStringAPITest.getValidInputNullAllowedPassthrough  Time elapsed: 2.057 s  <<< ERROR!
+                java.lang.OutOfMemoryError: PermGen space
+
+             when running tests with Java 7 on Mac OS X. No problems observed on Linux.
+        -->
         <version.surefire>3.0.0-M2</version.surefire>
     </properties>
 

From fefe6033d8e21963ab5f84b1649b8708366cd524 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 12 Jul 2020 22:42:38 -0400
Subject: [PATCH 698/812] Correct # of commits.

---
 documentation/esapi4java-core-2.2.1.0-release-notes.txt | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/documentation/esapi4java-core-2.2.1.0-release-notes.txt b/documentation/esapi4java-core-2.2.1.0-release-notes.txt
index ee3caf5ea..f91f82332 100644
--- a/documentation/esapi4java-core-2.2.1.0-release-notes.txt
+++ b/documentation/esapi4java-core-2.2.1.0-release-notes.txt
@@ -142,9 +142,10 @@ Generated manually (this time) -- all errors are the fault of kwwall and his ina
 Developer       Total       Total Number        # Merged
 (GitHub ID)     commits   of Files Changed        PRs
 ========================================================
+davewichers      2              1               0
 HJW8472         11              8               1
 jeremiahjstacey 78             70               6
-kwwall          65             64               8
+kwwall          67             64               8
 Michael-Ziluck  3               2               2
 sempf           1               1               1
 wiitek          6               4               2

From fd009ec4cb166f8ecd72e4cb0fa303109558372e Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 12 Jul 2020 22:57:35 -0400
Subject: [PATCH 699/812] Prep for next development release and change version
 from 2.2.1.0 to 2.3.0.0-SNAPSHOT.

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 33af4721a..6356f1973 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,7 +3,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.owasp.esapi</groupId>
     <artifactId>esapi</artifactId>
-    <version>2.2.1.0</version>
+    <version>2.3.0.0-SNAPSHOT</version>
     <packaging>jar</packaging>
 
     <distributionManagement>

From 5ddb8399e60d947dd454007976910e3f51c37f87 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 13 Jul 2020 23:23:44 -0400
Subject: [PATCH 700/812] Miscellaneous minor clean-up of release notes. 1) Add
 release date. 2) Fix multiple spelling errors 3) Document new 'Known Issue'
 about running 'mvn test' from Windows 10 'cmd' prompt.

---
 .../esapi4java-core-2.2.1.0-release-notes.txt | 21 ++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)

diff --git a/documentation/esapi4java-core-2.2.1.0-release-notes.txt b/documentation/esapi4java-core-2.2.1.0-release-notes.txt
index f91f82332..7d6c54ef7 100644
--- a/documentation/esapi4java-core-2.2.1.0-release-notes.txt
+++ b/documentation/esapi4java-core-2.2.1.0-release-notes.txt
@@ -1,5 +1,5 @@
 Release notes for ESAPI 2.2.1.0
-    Release date: 2020-July-??
+    Release date: 2020-July-12
     Project leaders:
         -Kevin W. Wall <kevin.w.wall@gmail.com>
         -Matt Seil <matt.seil@owasp.org>
@@ -32,14 +32,14 @@ ESAPI 2.2.1.0 release:
 Issue #         GitHub Issue Title
 ----------------------------------------------------------------------------------------------
 
-143 - Enchance encodeForOS to auto-detect the underling OS
+143 - Enhance encodeForOS to auto-detect the underling OS
 173 - DOMConfigurator is being used inappropriately in the ESAPIWebApplicationFirewallFilter
 226 - Javadoc Inaccuracy in getRandomInteger() and getRandomReal()
 232 - SecurityWrapperResponse.createCookieHeader modification request  (closed; marked 'wontfix')
 235 - exception is java.lang.NoClassDefFoundError: org.owasp.esapi.codecs.Codec
 245 - KeyDerivationFunction::computeDerivedKey - possible security level mismatch
 256 - Whitespace in JavaEncryptor
-263 - I am getting validation exception while validating a paramter coming from http request
+263 - I am getting validation exception while validating a parameter coming from http request
 268 - SecurityWrapperResponse setStatus should not always set SC_OK
 269 - org.owasp.esapi.reference.DefaultValidator reports ValidationException with IE 9
 271 - Add Constructor to DefaultSecurityConfiguration to accept a properties file (1.4)
@@ -77,7 +77,7 @@ Issue #         GitHub Issue Title
         Changes Requiring Special Attention
 
 -----------------------------------------------------------------------------
-The new default ESAPI logger is JUL (java.util.logging packages) and we have deprecated the use of Log4J 1.x because we now support SLF4J and Log4J 1.x is way past its end-of-life. We did not want to make SLF4J the default logger (at least not yet) as we did not want to have the default ESAPI use require additional dependencies. However, SLF4J is likely to be the future choice, at least once we start on EsAPI 3.0. A special shout-out to Jeremiah Stacey for making this possible by re-factoring much of the ESAPI logger code. Note, the straw that broke the proverbial camel's back was the announcement of CVE-2019-17571 (rated Critical), for which there is no fix available and likely will never be.
+The new default ESAPI logger is JUL (java.util.logging packages) and we have deprecated the use of Log4J 1.x because we now support SLF4J and Log4J 1.x is way past its end-of-life. We did not want to make SLF4J the default logger (at least not yet) as we did not want to have the default ESAPI use require additional dependencies. However, SLF4J is likely to be the future choice, at least once we start on ESAPI 3.0. A special shout-out to Jeremiah Stacey for making this possible by re-factoring much of the ESAPI logger code. Note, the straw that broke the proverbial camel's back was the announcement of CVE-2019-17571 (rated Critical), for which there is no fix available and likely will never be.
 
 Related to that CVE and how it affects ESAPI, be sure to read
    https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin2.pdf 
@@ -89,7 +89,7 @@ Notable dependency updates (excludes those only used with JUnit tests):
     commons-beansutil   1.9.3   ->  1.9.4
     slf4j-api           1.7.26  ->  1.7.30
 
-Finally, while ESAPI still supports JDK 7 (even though that too is way past end-of-life), the next ESAPI release will move to JDK 8 as the minimal baseline. (We already use Java 8 for development but still to Java 7 source and runtime compatiblity.)
+Finally, while ESAPI still supports JDK 7 (even though that too is way past end-of-life), the next ESAPI release will move to JDK 8 as the minimal baseline. (We already use Java 8 for development but still to Java 7 source and runtime compatibility.)
 
 -----------------------------------------------------------------------------
 
@@ -117,6 +117,13 @@ and
 I am sure that there are ways of making Bouncy Castle work with Java 7, but since ESAPI does not rely on Bouncy Castle (it can use any compliant JCE provider), this should not be a problem. (It works fine with the default SunJCE provider.) If it is important to get the BC provider working with the ESAPI Encryptor and Java 7, then open a GitHub issue and we will take a deeper look at it and see if we can suggest something.
 
 
+
+Another problem is if you run 'mvn test' from the 'cmd' prompt (and possibly PowerShell as well), you will get intermittent failures (generally between 10-25% of the time) at arbitrary spots. If you run it again without any changes it will work fine without any failures. We have discovered that it doesn't seem to fail if you run the tests from an IDE like Eclipse or if you redirect both stdout and stderr to a file; e.g.,
+
+    C:\code\esapi-java-legacy> mvn test >testoutput.txt 2>&1
+
+We do not know the reason for these failures, but only that we have observed them on Windows 10. If you see this error, please do NOT report it as a GitHub issue unless you know a fix for it.
+
 -----------------------------------------------------------------------------
 
         Other changes in this release, some of which not tracked via GitHub issues
@@ -167,7 +174,7 @@ PR#    GitHub ID                Description
 508 -- Michael-Ziluck   -- Resolves #226 - Corrected docs for the bounded, numeric, random methods
 510 -- Michael-Ziluck   -- Resolve #509 - Properly throw exception when HTML fails
 513 -- kwwall           -- Close issue #512 by updating to 1.9.4 of Commons Beans Util. 
-514 -- xeno6696         -- Fixed issues #503 by writing a new addReferer method, also temporaril… 
+514 -- xeno6696         -- Fixed issues #503 by writing a new addReferer method, also temporarily… 
 516 -- jeremiahjstacey  -- Issue 515 
 518 -- jeremiahjstacey  -- Issue #511 Copying Docs from DefaultValidator 
 519 -- jeremiahjstacey  -- Issue 494 CSSCodec RGB Triplets 
@@ -260,7 +267,7 @@ Direct and Transitive Runtime and Test Dependencies:
 
 -----------------------------------------------------------------------------
 
-Ackknowledgements:
+Acknowledgments:
 
     Release notes written by Bill Sempf (bill.sempf@owasp.org), but please direct any communication to the project leaders.
 

From 31f0f988d45de4ed08e515dc3a82842fad4f5bd4 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Fri, 17 Jul 2020 21:28:21 -0400
Subject: [PATCH 701/812] Rephrase potentially confusing or misleading
 statements about ESAPI 3. Thanks to Timo Pagel for bringing this to our
 awareness.

---
 README.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index dc59e7a2a..85874bed9 100644
--- a/README.md
+++ b/README.md
@@ -15,7 +15,7 @@ OWASP® ESAPI (The OWASP Enterprise Security API) is a free, open source, web ap
 </table>
 
 # What does Legacy mean?
-<p>This is the legacy branch of ESAPI which means it is an actively maintained branch of the project, however feature development for this branch will not be done. Features that have already been scheduled for the 2.x branch will move forward, but the main focus will be working on the ESAPI 3.x branch. 
+<p>This is the legacy branch of ESAPI which means it is an actively maintained branch of the project, however significan _new_ feature development for this branch will _not_ be done. Features that have already been scheduled for the 2.x branch will move forward.
 
 <b>IMPORTANT NOTES:</b>
 The default branch for ESAPI legacy is now the 'develop' branch (rather than the 'master' branch), where future development, bug fixes, etc. will now be done. The 'master' branch is now marked as "protected"; it reflects the latest stable ESAPI release (2.1.0.1 as of this date). Note that this change of making the 'develop' branch the default may affect any pull requests that you were intending to make.
@@ -25,6 +25,8 @@ Also, the <i>minimal</i> baseline Java version to use ESAPI is Java 7. (This was
 # Where can I find ESAPI 3.x?
 https://github.com/ESAPI/esapi-java
 
+Note however that work on ESAPI 3 has not yet become in earnest and is only in its earliest planning stages. Even the code that is presently there will likely change.
+
 # Locating ESAPI Jar files
 The [latest ESAPI release](https://github.com/ESAPI/esapi-java-legacy/releases/latest) is 2.2.0.0. The default configuration jar and its GPG signature can be found at [esapi-2.2.0.0-configuration.jar](https://github.com/ESAPI/esapi-java-legacy/releases/download/esapi-2.2.0.0/esapi-2.2.0.0-configuration.jar) and [esapi-2.2.0.0-configuration.jar.asc](https://github.com/ESAPI/esapi-java-legacy/releases/download/esapi-2.2.0.0/esapi-2.2.0.0-configuration.jar.asc) respectively.
 

From 92ae8e11b2d16e47e85c61db0e47f503da6162d4 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 19 Jul 2020 22:56:06 -0400
Subject: [PATCH 702/812] Fix latest release #s. Fix some MarkDown. Add link to
 'Should I use ESAPI?'.

---
 README.md | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 85874bed9..3f7970602 100644
--- a/README.md
+++ b/README.md
@@ -15,7 +15,7 @@ OWASP® ESAPI (The OWASP Enterprise Security API) is a free, open source, web ap
 </table>
 
 # What does Legacy mean?
-<p>This is the legacy branch of ESAPI which means it is an actively maintained branch of the project, however significan _new_ feature development for this branch will _not_ be done. Features that have already been scheduled for the 2.x branch will move forward.
+<p>This is the legacy branch of ESAPI which means it is an actively maintained branch of the project, however significan *new* feature development for this branch will *not* be done. Features that have already been scheduled for the 2.x branch will move forward.
 
 <b>IMPORTANT NOTES:</b>
 The default branch for ESAPI legacy is now the 'develop' branch (rather than the 'master' branch), where future development, bug fixes, etc. will now be done. The 'master' branch is now marked as "protected"; it reflects the latest stable ESAPI release (2.1.0.1 as of this date). Note that this change of making the 'develop' branch the default may affect any pull requests that you were intending to make.
@@ -28,10 +28,11 @@ https://github.com/ESAPI/esapi-java
 Note however that work on ESAPI 3 has not yet become in earnest and is only in its earliest planning stages. Even the code that is presently there will likely change.
 
 # Locating ESAPI Jar files
-The [latest ESAPI release](https://github.com/ESAPI/esapi-java-legacy/releases/latest) is 2.2.0.0. The default configuration jar and its GPG signature can be found at [esapi-2.2.0.0-configuration.jar](https://github.com/ESAPI/esapi-java-legacy/releases/download/esapi-2.2.0.0/esapi-2.2.0.0-configuration.jar) and [esapi-2.2.0.0-configuration.jar.asc](https://github.com/ESAPI/esapi-java-legacy/releases/download/esapi-2.2.0.0/esapi-2.2.0.0-configuration.jar.asc) respectively.
+The [latest ESAPI release](https://github.com/ESAPI/esapi-java-legacy/releases/latest) is 2.2.1.0. The default configuration jar and its GPG signature can be found at [esapi-2.2.1.0-configuration.jar](https://github.com/ESAPI/esapi-java-legacy/releases/download/esapi-2.2.1.0/esapi-2.2.1.0-configuration.jar) and [esapi-2.2.1.0-configuration.jar.asc](https://github.com/ESAPI/esapi-java-legacy/releases/download/esapi-2.2.1.0/esapi-2.2.1.0-configuration.jar.asc) respectively.
 
 The latest regular ESAPI jars can are available from Maven Central.
 
+However, before you start a *new* project using ESAPI, but sure to read "[Should I use ESAPI?](https://owasp.org/www-project-enterprise-security-api/#div-shouldiuseesapi)".
 
 # ESAPI Deprecation Policy
 Unless we unintentionally screw-up, our intent is to keep classes, methods, and/or fields whihc have been annotated as "@deprecated" for a minimum of two (2) years or until the next major release number (e.g., 3.x as of now), which ever comes first, before we remove them.
@@ -82,7 +83,7 @@ Webchat http://webchat.freenode.net/
 *Mailing lists:*
 As of 2019-03-25, ESAPI's 2 mailing lists were officially moved OFF of their Mailman mailing lists to a new home on Google Groups.
 
-The names of the 2 Google Groups are "[esapi-project-users](mailto:esapi-project-users@owasp.org)" and "[esapi-project-dev](mailto:esapi-project-dev@owasp.org)", which you may POST to _after_ you subscribe to them via "[Subscribe to ESAPI Users list](https://groups.google.com/a/owasp.org/forum/#!forum/esapi-project-users/join)" and "[Subscribe to ESAPI Developers list](https://groups.google.com/a/owasp.org/forum/#!forum/esapi-project-dev/join)" respectively.
+The names of the 2 Google Groups are "[esapi-project-users](mailto:esapi-project-users@owasp.org)" and "[esapi-project-dev](mailto:esapi-project-dev@owasp.org)", which you may POST to *after* you subscribe to them via "[Subscribe to ESAPI Users list](https://groups.google.com/a/owasp.org/forum/#!forum/esapi-project-users/join)" and "[Subscribe to ESAPI Developers list](https://groups.google.com/a/owasp.org/forum/#!forum/esapi-project-dev/join)" respectively.
 
 Old archives for the old Mailman mailing lists for ESAPI-Users and ESAPI-Dev are still available at https://lists.owasp.org/pipermail/esapi-users/ and https://lists.owasp.org/pipermail/esapi-dev/ respectively.
 

From 073193e4498c83a325c1caec6bd42f3912438ee2 Mon Sep 17 00:00:00 2001
From: jeremiahjstacey <jeremiah.j.stacey@gmail.com>
Date: Fri, 24 Jul 2020 18:46:39 -0500
Subject: [PATCH 703/812] Issue #560 JUL fixes (#562)

* JUL Property Resource Logic fix

Adjusting the loading behavior of the esapi-java-logging.properties file
to account for a possible null stream resolution.
Updating the error handling from system error output to throwing
ConfigurationExceptions.
Tests updated accordingly

* JUL Default Logging configuration

Adding a default version of esapi-java-logging.properties to the
configuration directory.

* JUL Documentation updates

Noting the property file requirement and resource location in the class
java doc.

* Property Comment Updates

Supplying a more accurate description of the effect of Logger.ClientInfo

* Property Comment Updates

Supplying a more accurate description of the effect of Logger.ClientInfo
---
 configuration/esapi/ESAPI.properties          |  2 +-
 .../esapi/esapi-java-logging.properties       |  6 +++
 .../esapi/logging/java/JavaLogFactory.java    | 10 ++++-
 .../logging/java/JavaLogFactoryTest.java      | 44 +++++++------------
 src/test/resources/esapi/ESAPI.properties     |  2 +-
 5 files changed, 32 insertions(+), 32 deletions(-)
 create mode 100644 configuration/esapi/esapi-java-logging.properties

diff --git a/configuration/esapi/ESAPI.properties b/configuration/esapi/ESAPI.properties
index bafe1e38c..ccf146114 100644
--- a/configuration/esapi/ESAPI.properties
+++ b/configuration/esapi/ESAPI.properties
@@ -394,7 +394,7 @@ Logger.LogFileName=ESAPI_logging_file
 Logger.MaxLogFileSize=10000000
 # Determines whether ESAPI should log the user info.
 Logger.UserInfo=true
-# Determines whether ESAPI should log the app info.
+# Determines whether ESAPI should log the session id and client IP.
 Logger.ClientInfo=true
 
 #===========================================================================
diff --git a/configuration/esapi/esapi-java-logging.properties b/configuration/esapi/esapi-java-logging.properties
new file mode 100644
index 000000000..71011acc5
--- /dev/null
+++ b/configuration/esapi/esapi-java-logging.properties
@@ -0,0 +1,6 @@
+handlers= java.util.logging.ConsoleHandler
+.level= INFO
+java.util.logging.ConsoleHandler.level = INFO
+java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
+java.util.logging.SimpleFormatter.format=[%1$tF %1$tT] [%3$-7s] %5$s %n
+#https://www.logicbig.com/tutorials/core-java-tutorial/logging/customizing-default-format.html
\ No newline at end of file
diff --git a/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java b/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java
index 93230c8e5..601d0da2a 100644
--- a/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java
+++ b/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java
@@ -26,6 +26,7 @@
 import org.owasp.esapi.LogFactory;
 import org.owasp.esapi.Logger;
 import org.owasp.esapi.codecs.HTMLEntityCodec;
+import org.owasp.esapi.errors.ConfigurationException;
 import org.owasp.esapi.logging.appender.LogAppender;
 import org.owasp.esapi.logging.appender.LogPrefixAppender;
 import org.owasp.esapi.logging.cleaning.CodecLogScrubber;
@@ -35,6 +36,10 @@
 import org.owasp.esapi.reference.DefaultSecurityConfiguration;
 /**
  * LogFactory implementation which creates JAVA supporting Loggers.
+ * 
+ * This implementation requires that a file named 'esapi-java-logging.properties' exists on the classpath.
+ * <br>
+ * A default file implementation is available in the configuration jar on GitHub under the 'Releases'
  *
  */
 public class JavaLogFactory implements LogFactory {
@@ -86,9 +91,12 @@ public class JavaLogFactory implements LogFactory {
          */
         try (InputStream stream = JavaLogFactory.class.getClassLoader().
                 getResourceAsStream("esapi-java-logging.properties")) {
+            if (stream == null) {
+                throw new ConfigurationException("Unable to locate resource: esapi-java-logging.properties");
+            }
             logManager.readConfiguration(stream);
         } catch (IOException ioe) {
-            System.err.print(new IOException("Failed to load esapi-java-logging.properties.", ioe));        	
+            throw new ConfigurationException("Failed to load esapi-java-logging.properties.", ioe);        	
         }
     }
 
diff --git a/src/test/java/org/owasp/esapi/logging/java/JavaLogFactoryTest.java b/src/test/java/org/owasp/esapi/logging/java/JavaLogFactoryTest.java
index c0713f239..465083da3 100644
--- a/src/test/java/org/owasp/esapi/logging/java/JavaLogFactoryTest.java
+++ b/src/test/java/org/owasp/esapi/logging/java/JavaLogFactoryTest.java
@@ -14,24 +14,21 @@
  */
 package org.owasp.esapi.logging.java;
 
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertTrue;
-
 import java.io.IOException;
 import java.io.InputStream;
-import java.io.OutputStream;
-import java.io.PrintStream;
 import java.util.List;
 import java.util.logging.LogManager;
 
+import org.hamcrest.CustomMatcher;
 import org.junit.Assert;
 import org.junit.Rule;
 import org.junit.Test;
+import org.junit.rules.ExpectedException;
 import org.junit.rules.TestName;
 import org.junit.runner.RunWith;
 import org.mockito.ArgumentCaptor;
-import org.mockito.Mockito;
 import org.owasp.esapi.Logger;
+import org.owasp.esapi.errors.ConfigurationException;
 import org.owasp.esapi.logging.appender.LogAppender;
 import org.owasp.esapi.logging.appender.LogPrefixAppender;
 import org.owasp.esapi.logging.cleaning.CodecLogScrubber;
@@ -47,9 +44,12 @@
 public class JavaLogFactoryTest {
     @Rule
     public TestName testName = new TestName();
+    
+    @Rule
+    public ExpectedException exEx = ExpectedException.none();
 
     @Test
-    public void testIOExceptionOnMissingConfiguration() throws Exception {
+    public void testConfigurationExceptionOnMissingConfiguration() throws Exception {
         final IOException originException = new IOException(testName.getMethodName());
 
         LogManager testLogManager = new LogManager() {
@@ -59,31 +59,17 @@ public void readConfiguration(InputStream ins) throws IOException, SecurityExcep
             }
         };
 
-        OutputStream nullOutputStream = new OutputStream() {
+        exEx.expectMessage("Failed to load esapi-java-logging.properties");
+        exEx.expect(ConfigurationException.class);
+       
+        exEx.expectCause(new CustomMatcher<Throwable>("Check for IOException") {
             @Override
-            public void write(int b) throws IOException {
-                //No Op
+            public boolean matches(Object item) {
+               return item instanceof IOException;
             }
-        };
-
-        ArgumentCaptor<Object> stdErrOut = ArgumentCaptor.forClass(Object.class);
-        PrintStream orig = System.err;
-        try (PrintStream errPrinter = new PrintStream(nullOutputStream)) {
-            PrintStream spyPrinter = PowerMockito.spy(errPrinter);
-            Mockito.doCallRealMethod().when(spyPrinter).print(stdErrOut.capture());
-            System.setErr(spyPrinter);
-
-            JavaLogFactory.readLoggerConfiguration(testLogManager);
-
-            Object writeData = stdErrOut.getValue();
-            assertTrue(writeData instanceof IOException);
-            IOException actual = (IOException) writeData;
-            assertEquals(originException, actual.getCause());
-            assertEquals("Failed to load esapi-java-logging.properties.", actual.getMessage());
-        } finally {
-            System.setErr(orig);
-        }
+        });
 
+        JavaLogFactory.readLoggerConfiguration(testLogManager);
     }
 
     @Test
diff --git a/src/test/resources/esapi/ESAPI.properties b/src/test/resources/esapi/ESAPI.properties
index 14b47d32f..6df0acc93 100644
--- a/src/test/resources/esapi/ESAPI.properties
+++ b/src/test/resources/esapi/ESAPI.properties
@@ -426,7 +426,7 @@ Logger.LogFileName=ESAPI_logging_file
 Logger.MaxLogFileSize=10000000
 # Determines whether ESAPI should log the user info.
 Logger.UserInfo=true
-# Determines whether ESAPI should log the app info.
+# Determines whether ESAPI should log the session id and client IP.
 Logger.ClientInfo=true
 
 #===========================================================================

From 4b97073075a26facadf2931de792eddf0f8141b4 Mon Sep 17 00:00:00 2001
From: Snyk bot <github+bot@snyk.io>
Date: Mon, 27 Jul 2020 03:29:35 +0100
Subject: [PATCH 704/812] fix: upgrade com.github.spotbugs:spotbugs-annotations
 from 4.0.4 to 4.0.5 (#559)

Snyk has created this PR to upgrade com.github.spotbugs:spotbugs-annotations from 4.0.4 to 4.0.5.

See this package in NPM:
https://www.npmjs.com/package/com.github.spotbugs:spotbugs-annotations

See this project in Snyk:
https://app.snyk.io/org/planetlevel/project/f53b118f-f068-49f2-98e2-0b5681787cd7?utm_source=github&utm_medium=upgrade-pr
---
 pom.xml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pom.xml b/pom.xml
index 6356f1973..5c574aca3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -134,7 +134,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <version.jmh>1.23</version.jmh>
         <version.powermock>2.0.7</version.powermock>
-        <version.spotbugs>4.0.4</version.spotbugs>
+        <version.spotbugs>4.0.5</version.spotbugs>
         <!-- Upgrading to 3.0.0-M3+ causes this test case error:
                 org.owasp.esapi.reference.DefaultValidatorInputStringAPITest.getValidInputNullAllowedPassthrough  Time elapsed: 2.057 s  <<< ERROR!
                 java.lang.OutOfMemoryError: PermGen space
@@ -522,7 +522,7 @@
                       <goals><goal>enforce</goal></goals>
                       <configuration>
                         <rules>
-                          <dependencyConvergence />
+                          <dependencyConvergence/>
                           <requireJavaVersion>
                             <version>1.7</version>
                             <message>
@@ -533,7 +533,7 @@
                           <enforceBytecodeVersion>
                             <maxJdkVersion>1.7</maxJdkVersion>
                             <ignoreOptionals>true</ignoreOptionals>
-                            <ignoredScopes></ignoredScopes> <!-- 'test' scopes not ignored so we can actually test on Java 7. -->
+                            <ignoredScopes/> <!-- 'test' scopes not ignored so we can actually test on Java 7. -->
                             <message>Dependencies shouldn't require Java 8+</message>
                           </enforceBytecodeVersion>
                         </rules>

From b7a7043963b09acf2c2401a4b565298b90c32308 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 26 Jul 2020 22:59:44 -0400
Subject: [PATCH 705/812] Revert "fix: upgrade
 com.github.spotbugs:spotbugs-annotations from 4.0.4 to 4.0.5 (#559)"

This reverts commit 4b97073075a26facadf2931de792eddf0f8141b4.

Synk-bot PR #559 results in errors when running 'mvn site' about the
'4.0.5' version of com.github.spotbugs:spotbugs-annotations not being
found (in Maven Central). I should have tested it first. :-(

Lesson learned.
---
 pom.xml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pom.xml b/pom.xml
index 5c574aca3..6356f1973 100644
--- a/pom.xml
+++ b/pom.xml
@@ -134,7 +134,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <version.jmh>1.23</version.jmh>
         <version.powermock>2.0.7</version.powermock>
-        <version.spotbugs>4.0.5</version.spotbugs>
+        <version.spotbugs>4.0.4</version.spotbugs>
         <!-- Upgrading to 3.0.0-M3+ causes this test case error:
                 org.owasp.esapi.reference.DefaultValidatorInputStringAPITest.getValidInputNullAllowedPassthrough  Time elapsed: 2.057 s  <<< ERROR!
                 java.lang.OutOfMemoryError: PermGen space
@@ -522,7 +522,7 @@
                       <goals><goal>enforce</goal></goals>
                       <configuration>
                         <rules>
-                          <dependencyConvergence/>
+                          <dependencyConvergence />
                           <requireJavaVersion>
                             <version>1.7</version>
                             <message>
@@ -533,7 +533,7 @@
                           <enforceBytecodeVersion>
                             <maxJdkVersion>1.7</maxJdkVersion>
                             <ignoreOptionals>true</ignoreOptionals>
-                            <ignoredScopes/> <!-- 'test' scopes not ignored so we can actually test on Java 7. -->
+                            <ignoredScopes></ignoredScopes> <!-- 'test' scopes not ignored so we can actually test on Java 7. -->
                             <message>Dependencies shouldn't require Java 8+</message>
                           </enforceBytecodeVersion>
                         </rules>

From ba79395ecbddcfb0896f565cf54ba26936268668 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 26 Jul 2020 23:20:58 -0400
Subject: [PATCH 706/812] Update pom to reflect new 2.2.1.1 patch release.

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 6356f1973..4a60e515e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,7 +3,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.owasp.esapi</groupId>
     <artifactId>esapi</artifactId>
-    <version>2.3.0.0-SNAPSHOT</version>
+    <version>2.2.1.1</version>
     <packaging>jar</packaging>
 
     <distributionManagement>

From 3200f669ce3ae1fe7685a592d1e2f32eb987b892 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 26 Jul 2020 23:28:22 -0400
Subject: [PATCH 707/812] Javadoc fix-ups.

---
 src/main/java/org/owasp/esapi/Encoder.java | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/Encoder.java b/src/main/java/org/owasp/esapi/Encoder.java
index a8b949d71..4c831d281 100644
--- a/src/main/java/org/owasp/esapi/Encoder.java
+++ b/src/main/java/org/owasp/esapi/Encoder.java
@@ -149,11 +149,10 @@
  * </li>
  * </ul>
  * 
- * @see <a href="https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html">OWASP Cross-Site Scripting Prevention Cheat Sheet</a>.
+ * @see <a href="https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html">OWASP Cross-Site Scripting Prevention Cheat Sheet</a>
  * @see <a href="https://owasp.org/www-project-proactive-controls/v3/en/c4-encode-escape-data">OWASP Proactive Controls: C4: Encode and Escape Data</a>
- * @see <a href="https://www.onwebsecurity.com/security/properly-encoding-and-escaping-for-the-web.html">Properly encoding and escaping for the web.</a>
- * @author Jeff Williams (jeff.williams .at. aspectsecurity.com) <a
- *         href="http://www.aspectsecurity.com">Aspect Security</a>
+ * @see <a href="https://www.onwebsecurity.com/security/properly-encoding-and-escaping-for-the-web.html" target="_blank" rel="noopener noreferrer">Properly encoding and escaping for the web</a>
+ * @author Jeff Williams (jeff.williams .at. owasp.org)
  * @since June 1, 2007
  */
 public interface Encoder {
@@ -167,7 +166,7 @@ public interface Encoder {
      * Encoder.AllowMixedEncoding=false
      * </pre>
      *
-     * @see Encoder#canonicalize(String, boolean, boolean) canonicalize
+     * @see #canonicalize(String, boolean, boolean)
      * @see <a href="http://www.w3.org/TR/html4/interact/forms.html#h-17.13.4">W3C specifications</a>
      * 
      * @param input the text to canonicalize
@@ -178,7 +177,7 @@ public interface Encoder {
     /**
      * This method is the equivalent to calling {@code Encoder.canonicalize(input, strict, strict);}.
      *
-     * @see Encoder#canonicalize(String, boolean, boolean) canonicalize
+     * @see #canonicalize(String, boolean, boolean)
      * @see <a href="http://www.w3.org/TR/html4/interact/forms.html#h-17.13.4">W3C specifications</a>
      *  
      * @param input 

From 5b95e700c8ef812b01a4d788daad9cf30cf35e29 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 26 Jul 2020 23:36:37 -0400
Subject: [PATCH 708/812] Added 'IMPORTANT WORKAROUND for 2.2.1.0 ESAPI
 Logging' section.

---
 .../esapi4java-core-2.2.1.0-release-notes.txt | 33 ++++++++++++++++++-
 1 file changed, 32 insertions(+), 1 deletion(-)

diff --git a/documentation/esapi4java-core-2.2.1.0-release-notes.txt b/documentation/esapi4java-core-2.2.1.0-release-notes.txt
index 7d6c54ef7..6119a5c4c 100644
--- a/documentation/esapi4java-core-2.2.1.0-release-notes.txt
+++ b/documentation/esapi4java-core-2.2.1.0-release-notes.txt
@@ -124,6 +124,37 @@ Another problem is if you run 'mvn test' from the 'cmd' prompt (and possibly Pow
 
 We do not know the reason for these failures, but only that we have observed them on Windows 10. If you see this error, please do NOT report it as a GitHub issue unless you know a fix for it.
 
+
+    *** IMPORTANT WORKAROUND for 2.2.1.0 ESAPI Logging ***
+
+Lastly, if you try to use the new ESAPI 2.2.1.0 logging, you will notice that you need to change ESAPI.Logger and also possibly provide some other logging properties as well. This is because the logger packages were reorganized to improve maintainability, but we failed to mention it. To use ESAPI logging in ESAPI 2.2.1.0 (and later), you MUST set the ESAPI.Logger property to one of:
+
+    org.owasp.esapi.logging.java.JavaLogFactory     - To use the new default, java.util.logging (JUL)
+    org.owasp.esapi.logging.log4j.Log4JLogFactory   - To use the end-of-life Log4J 1.x logger
+    org.owasp.esapi.logging.slf4j.Slf4JLogFactory   - To use the new (to release 2.2.0.0) SLF4J logger
+
+In addition, if you wish to use JUL for logging, you *must* supply an "esapi-java-logging.properties" file in your classpath. Unfortunately, we failed to drop add that to the ESAPI configuration jar under the GitHub 'Releases', so this file has been added explicitly to the 2.2.1.0 release 'Assets' for this release (for details, see https://github.com/ESAPI/esapi-java-legacy/releases/esapi-2.2.1.0). Even worse, there was a logic error in the static initializer of JavaLogFactory (now fixed in the 2.2.1.1 patch release) that causes a NullPointerException to be thrown so that the message about the missing "esapi-java-logging.properties" file was never seen.
+
+If you are using JavaLogFactory or Slf4JLogFactory, you will also want to ensure that you have the following ESAPI logging properties set to get the logs to appear what you are used to with Log4J 1.x logging:
+    # Set the application name if these logs are combined with other applications
+    Logger.ApplicationName=ExampleApplication
+    # If you use an HTML log viewer that does not properly HTML escape log data, you can set LogEncodingRequired to true
+    Logger.LogEncodingRequired=false
+    # Determines whether ESAPI should log the application name. This might be clutter in some single-server/single-app environments.
+    Logger.LogApplicationName=true
+    # Determines whether ESAPI should log the server IP and port. This might be clutter in some single-server environments.
+    Logger.LogServerIP=true
+    # LogFileName, the name of the logging file. Provide a full directory path (e.g., C:\\ESAPI\\ESAPI_logging_file) if you
+    # want to place it in a specific directory.
+    Logger.LogFileName=ESAPI_logging_file
+    # MaxLogFileSize, the max size (in bytes) of a single log file before it cuts over to a new one (default is 10,000,000)
+    Logger.MaxLogFileSize=10000000
+    # Determines whether ESAPI should log the user info.
+    Logger.UserInfo=true
+    # Determines whether ESAPI should log the session id and client IP.
+    Logger.ClientInfo=true
+
+See GitHub issue #560 for additional details.
 -----------------------------------------------------------------------------
 
         Other changes in this release, some of which not tracked via GitHub issues
@@ -209,7 +240,7 @@ Direct and Transitive Runtime and Test Dependencies:
         [INFO] --------------------------------[ jar ]---------------------------------
         [INFO] 
         [INFO] --- maven-dependency-plugin:3.1.2:tree (default-cli) @ esapi ---
-        [INFO] org.owasp.esapi:esapi:jar:2.2.1.0-RC1
+        [INFO] org.owasp.esapi:esapi:jar:2.2.1.0
         [INFO] +- javax.servlet:javax.servlet-api:jar:3.0.1:provided
         [INFO] +- javax.servlet.jsp:javax.servlet.jsp-api:jar:2.3.3:provided
         [INFO] +- com.io7m.xom:xom:jar:1.2.10:compile

From 156b98cd8aaa7a21d483bded315f3509663576b2 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 26 Jul 2020 23:51:12 -0400
Subject: [PATCH 709/812] New release notes for 2.2.1.1 patch release.

---
 .../esapi4java-core-2.2.1.1-release-notes.txt | 237 ++++++++++++++++++
 1 file changed, 237 insertions(+)
 create mode 100644 documentation/esapi4java-core-2.2.1.1-release-notes.txt

diff --git a/documentation/esapi4java-core-2.2.1.1-release-notes.txt b/documentation/esapi4java-core-2.2.1.1-release-notes.txt
new file mode 100644
index 000000000..7fa3ffc35
--- /dev/null
+++ b/documentation/esapi4java-core-2.2.1.1-release-notes.txt
@@ -0,0 +1,237 @@
+Release notes for ESAPI 2.2.1.1
+    Release date: 2020-July-26
+    Project leaders:
+        -Kevin W. Wall <kevin.w.wall@gmail.com>
+        -Matt Seil <matt.seil@owasp.org>
+
+Previous release: ESAPI 2.2.1.0, 2020-July-12
+
+
+Executive Summary: Important Things to Note for this Release
+------------------------------------------------------------
+
+This is a patch release to address GitHub issue #560. See that GitHub issue and
+
+Also special props to Bill Sempf for stepping up and volunteering to prepare the initial cut of these release notes. Had he not done so, this release either would not have release notes or it would have been delayed another 6 months while I procrastinated further with various distractions. (Squirrel!)
+
+=================================================================================================================
+
+Basic ESAPI facts
+-----------------
+
+ESAPI 2.2.1.0 release:
+    211 Java source files
+    4309 JUnit tests in 134 Java source files
+
+ESAPI 2.2.1.1 release:
+    211 Java source files
+    4312 JUnit tests in 134 Java source files
+
+39 GitHub Issues closed in this release
+
+Issue #         GitHub Issue Title
+----------------------------------------------------------------------------------------------
+
+560 -           Could not initialize class org.owasp.esapi.logging.java.JavaLogFactory (ESAPI 2.2.1.0)
+561 -           Update ESAPI-release-steps.odt to note how to do 'Release' on GitHub
+564 -           Create release notes for 2.2.1.1 patch release
+
+-----------------------------------------------------------------------------
+
+        Changes Requiring Special Attention
+
+-----------------------------------------------------------------------------
+As of ESAPI 2.2.1.0 (the previous release), the new default ESAPI logger is JUL (java.util.logging packages) and we have deprecated the use of Log4J 1.x because we now support SLF4J and Log4J 1.x is way past its end-of-life. We did not want to make SLF4J the default logger (at least not yet) as we did not want to have the default ESAPI use require additional dependencies. However, SLF4J is likely to be the future choice, at least once we start on ESAPI 3.0. A special shout-out to Jeremiah Stacey for making this possible by re-factoring much of the ESAPI logger code. Note, the straw that broke the proverbial camel's back was the announcement of CVE-2019-17571 (rated Critical), for which there is no fix available and likely will never be.
+
+However, if you try to juse the new ESAPI 2.2.1.0 logging you will notice that you need to change ESAPI.Logger and also possibly provide some other properties as well to get the logging behavior that you desire.
+
+To use ESAPI logging in ESAPI 2.2.1.0 (and later), you will need to set the ESAPI.Logger property to
+
+    org.owasp.esapi.logging.java.JavaLogFactory     - To use the new default, java.util.logging (JUL)
+    org.owasp.esapi.logging.log4j.Log4JLogFactory   - To use the end-of-life Log4J 1.x logger
+    org.owasp.esapi.logging.slf4j.Slf4JLogFactory   - To use the new (to release 2.2.0.0) SLF4J logger
+
+In addition, if you wish to use JUL for logging, you *MUST* supply an "esapi-java-logging.properties" file in your classpath. This file is included in the 'esapi-2.2.1.1-configuration.jar' file provided under the 'Assets' section of the GitHub Release at
+    https://github.com/ESAPI/esapi-java-legacy/releases/esapi-2.2.1.1
+
+Unfortunately, there was a logic error in the static initializer of JavaLogFactory (now fixed in this release) that caused a NullPointerException to be thrown so that the message about the missing "esapi-java-logging.properties" file was never seen.
+
+If you are using JavaLogFactory, you will also want to ensure that you have the following ESAPI logging properties set:
+    # Set the application name if these logs are combined with other applications
+    Logger.ApplicationName=ExampleApplication
+    # If you use an HTML log viewer that does not properly HTML escape log data, you can set LogEncodingRequired to true
+    Logger.LogEncodingRequired=false
+    # Determines whether ESAPI should log the application name. This might be clutter in some single-server/single-app environments.
+    Logger.LogApplicationName=true
+    # Determines whether ESAPI should log the server IP and port. This might be clutter in some single-server environments.
+    Logger.LogServerIP=true
+    # LogFileName, the name of the logging file. Provide a full directory path (e.g., C:\\ESAPI\\ESAPI_logging_file) if you
+    # want to place it in a specific directory.
+    Logger.LogFileName=ESAPI_logging_file
+    # MaxLogFileSize, the max size (in bytes) of a single log file before it cuts over to a new one (default is 10,000,000)
+    Logger.MaxLogFileSize=10000000
+    # Determines whether ESAPI should log the user info.
+    Logger.UserInfo=true
+    # Determines whether ESAPI should log the session id and client IP.
+    Logger.ClientInfo=true
+
+See GitHub issue #560 for additional details.
+
+
+Related to that aforemented Log4J 1.x CVE and how it affects ESAPI, be sure to read
+   https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin2.pdf 
+which describes CVE-2019-17571, a deserialization vulnerability in Log4J 1.2.17. ESAPI is *NOT* affected by this (even if you chose to use Log4J 1 as you default ESAPI logger). This security bulletin describes why this CVE is not exploitable as used by ESAPI.
+
+
+Finally, while ESAPI still supports JDK 7 (even though that too is way past end-of-life), the next ESAPI release will move to JDK 8 as the minimal baseline. (We already use Java 8 for development but still to Java 7 source and runtime compatibility.)
+
+-----------------------------------------------------------------------------
+
+        Known Issues / Problems
+
+-----------------------------------------------------------------------------
+If you use Java 7 (the minimal Java baseline supported by ESAPI) and try to run 'mvn test' there is one test that fails. This test passes with Java 8. The failing test is:
+
+        [ERROR] Tests run: 5, Failures: 1, Errors: 0, Skipped: 0, Time elapsed: 0.203 s
+        <<< FAILURE! - in org.owasp.esapi.crypto.SecurityProviderLoaderTest
+        [ERROR] org.owasp.esapi.crypto.SecurityProviderLoaderTest.testWithBouncyCastle
+        Time elapsed: 0.116 s <<< FAILURE!
+        java.lang.AssertionError: Encryption w/ Bouncy Castle failed with
+        EncryptionException for preferred cipher transformation; exception was:
+        org.owasp.esapi.errors.EncryptionException: Encryption failure (unavailable
+        cipher requested)
+        at
+        org.owasp.esapi.crypto.SecurityProviderLoaderTest.testWithBouncyCastle(Security
+        ProviderLoaderTest.java:133)
+
+I will spare you all the details and tell you that this has to do with Java 7 not being able to correctly parse the signed Bouncy Castle JCE provider jar. More details are available at:
+    https://www.bouncycastle.org/latest_releases.html
+and
+    https://github.com/bcgit/bc-java/issues/477
+I am sure that there are ways of making Bouncy Castle work with Java 7, but since ESAPI does not rely on Bouncy Castle (it can use any compliant JCE provider), this should not be a problem. (It works fine with the default SunJCE provider.) If it is important to get the BC provider working with the ESAPI Encryptor and Java 7, then open a GitHub issue and we will take a deeper look at it and see if we can suggest something.
+
+
+
+Another problem is if you run 'mvn test' from the 'cmd' prompt (and possibly PowerShell as well), you will get intermittent failures (generally between 10-25% of the time) at arbitrary spots. If you run it again without any changes it will work fine without any failures. We have discovered that it doesn't seem to fail if you run the tests from an IDE like Eclipse or if you redirect both stdout and stderr to a file; e.g.,
+
+    C:\code\esapi-java-legacy> mvn test >testoutput.txt 2>&1
+
+We do not know the reason for these failures, but only that we have observed them on Windows 10. If you see this error, please do NOT report it as a GitHub issue unless you know a fix for it.
+
+-----------------------------------------------------------------------------
+
+        Other changes in this release, some of which not tracked via GitHub issues
+
+-----------------------------------------------------------------------------
+
+* Updates to README.md fileg
+* Minor Javadoc fixes to org.owasp.esapi.Encoder
+* Fixes / cleanup to 2.2.1.0 release notes (documentation/esapi4java-core-2.2.1.0-release-notes.txt)
+
+-----------------------------------------------------------------------------
+
+Developer Activity Report (Changes between release 2.2.1.0 and 2.2.1.1, i.e., between 2020-07-12 and 2020-07-26)
+Generated manually (this time) -- all errors are the fault of kwwall and his inability to do simple arithmetic.
+
+Developer       Total       Total Number        # Merged
+(GitHub ID)     commits   of Files Changed        PRs
+========================================================
+jeremiahjstacey  5              5               1
+kwwall          67             64               8
+========================================================
+                                        Total: 21
+
+
+-----------------------------------------------------------------------------
+
+
+2 Closed PRs merged since 2.2.1.0 release (those rejected not listed)
+======================================================================
+PR#    GitHub ID                Description
+----------------------------------------------------------------------
+559 -- synk-bot         -- Upgrade com.github.spotbugs:spotbugs-annotations from 4.0.4 to 4.0.5
+562 -- jeremiahjstacey  -- Issue #560 JUL fixes 
+
+CHANGELOG:      Create your own. May I suggest:
+
+        git log --since=2020-07-13 --reverse --pretty=medium
+
+    which will show all the commits since just after the last (2.2.1.0) release.
+
+-----------------------------------------------------------------------------
+
+Direct and Transitive Runtime and Test Dependencies:
+
+        $ mvn dependency:tree
+        [INFO] Scanning for projects...
+        [INFO] 
+        [INFO] -----------------------< org.owasp.esapi:esapi >------------------------
+        [INFO] Building ESAPI 2.2.1.1
+        [INFO] --------------------------------[ jar ]---------------------------------
+        [INFO] 
+        [INFO] --- maven-dependency-plugin:3.1.2:tree (default-cli) @ esapi ---
+        [INFO] org.owasp.esapi:esapi:jar:2.2.1.1
+        [INFO] +- javax.servlet:javax.servlet-api:jar:3.0.1:provided
+        [INFO] +- javax.servlet.jsp:javax.servlet.jsp-api:jar:2.3.3:provided
+        [INFO] +- com.io7m.xom:xom:jar:1.2.10:compile
+        [INFO] +- commons-beanutils:commons-beanutils:jar:1.9.4:compile
+        [INFO] |  +- commons-logging:commons-logging:jar:1.2:compile
+        [INFO] |  \- commons-collections:commons-collections:jar:3.2.2:compile
+        [INFO] +- commons-configuration:commons-configuration:jar:1.10:compile
+        [INFO] +- commons-lang:commons-lang:jar:2.6:compile
+        [INFO] +- commons-fileupload:commons-fileupload:jar:1.3.3:compile
+        [INFO] +- log4j:log4j:jar:1.2.17:compile
+        [INFO] +- org.apache.commons:commons-collections4:jar:4.2:compile
+        [INFO] +- org.apache-extras.beanshell:bsh:jar:2.0b6:compile
+        [INFO] +- org.owasp.antisamy:antisamy:jar:1.5.10:compile
+        [INFO] |  +- net.sourceforge.nekohtml:nekohtml:jar:1.9.22:compile
+        [INFO] |  +- org.apache.httpcomponents:httpclient:jar:4.5.12:compile
+        [INFO] |  |  \- org.apache.httpcomponents:httpcore:jar:4.4.13:compile
+        [INFO] |  \- commons-codec:commons-codec:jar:1.14:compile
+        [INFO] +- org.slf4j:slf4j-api:jar:1.7.30:compile
+        [INFO] +- commons-io:commons-io:jar:2.6:compile
+        [INFO] +- org.apache.xmlgraphics:batik-css:jar:1.13:compile
+        [INFO] |  +- org.apache.xmlgraphics:batik-shared-resources:jar:1.13:compile
+        [INFO] |  +- org.apache.xmlgraphics:batik-util:jar:1.13:compile
+        [INFO] |  |  +- org.apache.xmlgraphics:batik-constants:jar:1.13:compile
+        [INFO] |  |  \- org.apache.xmlgraphics:batik-i18n:jar:1.13:compile
+        [INFO] |  +- org.apache.xmlgraphics:xmlgraphics-commons:jar:2.4:compile
+        [INFO] |  \- xml-apis:xml-apis-ext:jar:1.3.04:compile
+        [INFO] +- xalan:xalan:jar:2.7.2:compile
+        [INFO] |  \- xalan:serializer:jar:2.7.2:compile
+        [INFO] +- xerces:xercesImpl:jar:2.12.0:compile
+        [INFO] +- xml-apis:xml-apis:jar:1.4.01:compile
+        [INFO] +- com.github.spotbugs:spotbugs-annotations:jar:4.0.5:compile (optional) 
+        [INFO] |  \- com.google.code.findbugs:jsr305:jar:3.0.2:compile (optional) 
+        [INFO] +- net.jcip:jcip-annotations:jar:1.0:compile (optional) 
+        [INFO] +- junit:junit:jar:4.13:test
+        [INFO] |  \- org.hamcrest:hamcrest-core:jar:1.3:test
+        [INFO] +- org.bouncycastle:bcprov-jdk15on:jar:1.65.01:test
+        [INFO] +- org.powermock:powermock-api-mockito2:jar:2.0.7:test
+        [INFO] |  \- org.powermock:powermock-api-support:jar:2.0.7:test
+        [INFO] |     \- org.powermock:powermock-core:jar:2.0.7:test
+        [INFO] +- org.javassist:javassist:jar:3.25.0-GA:test
+        [INFO] +- org.mockito:mockito-core:jar:2.28.2:test
+        [INFO] |  +- net.bytebuddy:byte-buddy:jar:1.9.10:test
+        [INFO] |  +- net.bytebuddy:byte-buddy-agent:jar:1.9.10:test
+        [INFO] |  \- org.objenesis:objenesis:jar:2.6:test
+        [INFO] +- org.powermock:powermock-module-junit4:jar:2.0.7:test
+        [INFO] |  \- org.powermock:powermock-module-junit4-common:jar:2.0.7:test
+        [INFO] +- org.powermock:powermock-reflect:jar:2.0.7:test
+        [INFO] +- org.openjdk.jmh:jmh-core:jar:1.23:test
+        [INFO] |  +- net.sf.jopt-simple:jopt-simple:jar:4.6:test
+        [INFO] |  \- org.apache.commons:commons-math3:jar:3.2:test
+        [INFO] \- org.openjdk.jmh:jmh-generator-annprocess:jar:1.23:test
+        [INFO] ------------------------------------------------------------------------
+        [INFO] BUILD SUCCESS
+        [INFO] ------------------------------------------------------------------------
+
+-----------------------------------------------------------------------------
+
+Acknowledgments:
+
+elangoravi for bringing GitHub issue #560 to our attention. This is one where we thought the workaround instructions was harder than just trying to fix it and thus we were encouraged to release a patch.
+
+A special thanks to the ESAPI community from the ESAPI project co-leaders:
+    Kevin W. Wall (kwwall) <== The irresponsible party for these release notes!
+    Matt Seil (xeno6696)

From 74fc4ba1fa9d356efa5e7052286482c689aafa09 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 27 Jul 2020 00:01:15 -0400
Subject: [PATCH 710/812] Close #561 plus other major changes and cleanup.

---
 documentation/ESAPI-release-steps.odt | Bin 273380 -> 165319 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)

diff --git a/documentation/ESAPI-release-steps.odt b/documentation/ESAPI-release-steps.odt
index bf188f05f965c9d5051d1f4fc60a4ff4df2e1b23..33e7a367d25f75d5535c1da7d9ec4f8ee7888f6c 100644
GIT binary patch
delta 58060
zcmaI7Q*h@`&^{U)n`C3#+1T3Hww;Y_eBx}(4Zg9RY;4=w*tYHSd*5?&{^wMkr>bYV
z=Ax_TVyb((``KUmHXMb3q9h9m^&Jch4h+nf_)RGRMH=mYb~O2f7g267u>TR9)NU#$
z{Dfc%;6q7HO`M2`jF^&<f|QtnhK7-jnU#i&?FTy#3j+rW3p)oNF9$0hFCPQ9Bqy&Z
z-%lw%Y0aNp%o2ReA_9Cef*e1EekzCxXh`r$Ny$pdsmZG7s>(`gDX8kI$ZBb5NvWI4
zX_?9ESj*`<YU!KlnOJFCxS46nn(1ko>Kp$u26SD`)LqSWoUIMKEmXWLwR~;$ep&wd
zW$SF`Xm8`}>1_MU$==c3+1As;)5;^%%P+`3z}GG?#Wyg_EBuc~be?ZQae$+KfSpl@
zhgFcTXQH2VpnqU!pl@QZYf_j`a)f_+m}^#qTY8jVevDU1l7H}j2#pB)9TFN59T^%7
z{0{#e6%iU06%`zs5FD8p5|bVklMoS`5gQ*HmXH#fkQtMZ9GwV?4+~6+3{HrNOpggk
zkNuqx7oU_6mYfiinii80AC{3Am71CwnUWu!U7MDbpOu@LnOB@#P#0g+mQ>maDz42c
zt;?=xEli8f&rGe&iOS8%EzC<Q$jzz*^8Qp5WK@)9H|EFI=Ewgn&ZsNTZZAn{FHLDH
z&nPM?$}cJ_E-NZ3ttcxls4Oe0sHiBYtk11(t*EZ8`CC)`x4H0dYh`UiMSW{^OIKZ0
z>ED{aO@E6U{#Lcu7Pi(`cD7X3|A(g5hSrYOrn>gl#*U5-P)%=E?O<_3PiYg-U)|DE
z*)>_#Ior_DSKB$#+11nC(_P&&UDN-szIURlr>A9Pv2|*vYi_5vI&-ACxVN*Rr>kSE
zv#zhFYq7s(d7x%tq_wA~XJBY-Xrym=WPD_>Z+x_WWMrgoVxfO(Wo&Y8`rp*R?E3iJ
zzwv+T^JD#UQzI)={R^|>YqR~p`oHn{`T5z!)!F6E^_9id)wPkOgVl|l)!pN@<J<j(
z{_Vwy!`1P#jfvg0x!ujx<ITCfosG-=#q)!W`_r|9gM+=plY`^4lf%8U<AbxavxAGf
z%bWAV>!+jJ=hN$lv%BZ3=Z}Yr{oBj4*UO#jtLw+xv&YBBo5z=jm-iRo@%HuQ@$>Vu
z3gLbL42%O@TI{Eq=jw$Yay<ExKDCE1IBZA|q%ExC%K55IQsFN@Er<3K<ld}5N#xhb
zvkE?BZ~5s7dw8tVCyQ978aGzqkXuFO(gH;TcotSQy2Nn>0aYbr@-*#e*gPp`%jDo9
z1db-$B>O?Z^@1Z<c^#X8mfKYY<)ru045FGzntj;<agFYWX7|_I*JsXa*l2g;3I5~g
zGPP+=v>)sLukySkKh)x~v%Y@l;`{Pu|5P-(f5l}u`}#xh=62;|=*n&C>p(wlsp-V}
zZrAJ<5ah=-^!<$62YMAhrq-=c1zC75E;|SkqmnjdfgSfB(bP$bFkjJT?~lm3Yg-@V
zy7b+e?A;y8{9oZ)k0*0ugQFR-TTW1ULft1%lUpAz>n~O7i0y|jqYk~(3jVu%pSQ(v
zhk^z^=lxTIPbK9`od-i#2DP6M*=79A4Ij&K3jXKh4j+!tfZwR=?bBDU13wJlQE-o+
zG#W8z*>$5y{RIwtB@``qQ?hk8FXX=;OTNY7rR>vRBTw|w!tqiyeJ=R6Tkd_6BQ_NE
zq6-|(sBXE#y^q8Zcf)jDKXJY9D|SCDQ91BlcgohZce%|!*>K@;ea$_retizzzfn=M
z3bDRKcn}E!&%}-Y0@=B_z2+Shx`4fst?L{7&HMJfC7~k!H&}nyTiDY+$!?e4&c|9v
z`mc+PCEuOZtCxD>%=hVjV$Zv?9|~Q#9dC$3ec=vE)qcZ`h<r;kmaW%)`-ofb6-h$!
zjCz^A+ap3ZRumejTkBo+AN$B$UqN1XlAoV$)EJ0BPI|`)TXO-vOitU$aOJ7Trhnmm
z|CNux>%{n0v-{p)&hrD;hG)eCy@SBJs6#ftyXa%_*J~G-|9jY1A#v;HMR@noK%9cX
z=O@?K7WDln@%yiv)f}I#GvM@^1902hpRVy4|1vToIV*fMebQ$WEPS8aAGDzc9^|7e
zXQu&5)Phud|2xw?2Z7Hyp%||0w}R2s&sW)L0r&m-q-i0(bl=OOX&~XU<9fG#TIlJv
zKB?q~|L3~Pv=H0N7+cb4>XZN<kH_brW%uha_H^fU(OnY!8u0m2Bgo}-_<qF1fA@~v
zE$5-1#{YCaZkWmcv1Isi8>*<7ZQS7=YXEq$zU-CcbUja4{@~|&nPbDIy6@4<@qZ1q
z%*pV*yvu3-Tsi7`zn}l&CtrvHJ{s|YyKV<Rz@O-fpMd=eY$iQVWxxF$L_>ck=gV5l
zY5hzbz;hnf-|yB#a`UTe0eh;m@?aX#zkLg=8`v21pvd{)rPv#O$Vh(rdX3t02KM$B
zxhw!Gr{TVQ!B%n~(L+Tl49X;xPm&LdgJFXf&&&1wL0D{64__+3&&B5Vxg~PkZr|&V
zC4JwU9>VTh@4NG-k9$JI94UFCw^)p=huacr2l>vO5ygOv<ohk(-fI2#s(~ZauA3Fn
zALn@8k8V;!)SZg&k8yGaRE7d~K-r@B)%z9nQFdBK%UvjH_cI0N%HFhp^%|wApsoKu
zUbfF`;<bjACEDWKsVmWbKi1EOB&Qt+zmKRcL;sTsY}2XQQSK<w=;3F>Yx$A1=w11J
zTRqmz_P@EXy(ecwn{M}rkgr2E%|T;9br{!n7<bco(hy$!hZ%DseQ9RfK*??*OV<Zg
zhhxm0{8EWQb6b3$?vh^pC-U&ymWrWa+au`o%%JA$?O$IYU-jE&5s=!+)O$&jd-XHg
zgXB0uTJpTa>9HytaN23d?!G%Rcxt;6a%A=#k9+_7X&3z2oPA?2cq_Wye%W%e=FnwN
z>hgTp-hDQ}0SiY>2IrUwOtYXc>kfJ2)sA|e#`d>w`S_i#Rl_cAIBo3oE^;h2Rl~y!
zJsCjOv{pO!^Pw2#v_5VVO4>64K94<avoUDiN&Cca(%APA@gyj?#^(wTH`G(HIq%C!
zuCL2U#6G8{mO0*${@H{=gBr_+!`Z&4(vLS#`ZEjld(_MC`@`7)j?m~KaGjLx=ss~s
zZPJnB>uvbnnKH`#w7#_G%Jdjulax2vn$UG}-rj4whj~Z&7Ci1Z;SgoBLvL_};L=T$
z8lA`cIF~WnC^o1ACOn^5UW`Z58gcS`8;Pwu;Q(tQeJFJ3QJ)Z59alpAwPzr@6)h`~
zc3yb`0tfqty=etd9U~~Y^#{bhmCv6$emIBYr&>Lu>REn@2)5uftG2dCUelhNYz?>k
zJ9TINcsELAGB7`tM>XuqTV5%upT^4SlzemTy62tcIdAZvjzdM3Gz*dJfP@vqw0Ff1
zH_h>PtLgmj%|^Hzwql_Sr;-OhQneANEb~~5%dSGD>3IW$6GfdZ`@h)z$(V54jeKO)
z@kbbU8=>lCH2SHAZA0psT5IKmDrT72m5$IAatu4qmA;9Q2MK3r;;|fZTI|76sXGcX
zMIGIoPSNRU{zJ_&Fql(I(}4eHgtZBSPHSdE(!RZ}(i(T3z8ohn@y>-xfq&)2B2436
z-+%x3*t7#2iy4IHOMDXDBs~w|JRvxFnbJ4!^_nyqch<jowpy>;gBxWiSZq#UBjaOD
z_}q=?SM#LGHHJ+JE$7Q^F>S4t&aRZrH`4hny$H%?Zcn8&jJnp9U^7g+=l97vd69p|
ziDiRDIT--Z5TyFi-V#O}<zUcJWk`G8kWw}xs&0X*S-A$JqRQ=<mB096gm6hKFT24f
zWG1FKe(<<qwP=^iy&-kZ1^qtP1equ{a#jWJ^1p|(1*&fZ2SOl{-~-QfDxc~<S^DZx
z$a#?+$dj2Cr}K$$Cj7ot<KD(3tV<rpVcna?sTsJhLGHOBGLmZPK@~w%GlWw@p+R|7
z01bedHI@DkhJ)XMMppCLw|Sm;_fao35e3v}H|`Yemho9z901ZRY)U3uvts5Fv%zm^
z2>{KMu*NPWFArQ?{!C1DWOgho{UBQ9*m9m$ltZ0R1esVz<~ypL%FmfArIoppU4!Of
zC`gN7my)%!SKDC1f-_gx53}KALHANN{SqK3m?OV0m~)8GDUe9_<Qit#LB~n^y+PXn
zlqKlAK~!f~p**CH&t<K?RK3C&O>k#4S#Y}`WxOO_{aEh&Jl5C2xpt&~1Hs0!DXiJQ
zd#^l4d2o()#8u24?rZUC7FW0KIWt@kkH9)r(y@h9;LnaH9`D4SNJ!U$RG67R-3dH9
z|FF+|TwZ3_<Z91exyZo!Z^d&WlOR3S4w{u@I_L#ki(XXOu-H@Rzd$!;$W{Ffmx__M
z?TG@v642u*u+IlI4x9K^fRRpvO%AoS>(Ki{&ZF5>w7<~~xY$`}LgWBTZg9^)zSmXj
zP*Pz-EHZ5dyO4sZ?GhJOalz931Dry%z!ZYX;f*f~law75@0tCzRLXv{J6bwX;@Sd(
z^~p}Q{U<ko1<-mBx++!w0u#tkZ=jIU?K#D#-D|q<jZA60(ov<g0WpPy)meb2l{2gt
zAO4(^YiaJr?_(&ftv0k2$QTo8-ZZN~ZH+xxJi7<WI78uMYSNp{*9JzafHl|psn{7&
z6d{_mWOS$Ak+e8sW5piUX`1=ZD>hj&$WmKJQbOYoQ<B<oCo;ltNAXSqvhzJ4o0ec$
zqJ<Q#K;SAV4KfqWr|bKpj43g&NFahtYl_O;yv%G&MIm(fEg)z=9?`r{0)hz@XTY3o
z3x7<#4QGaDyCmctto`sC0IQ6@O4oHWKktsW8e0;V@%MNMzxp;{&*XK6@1t<9Nkpmi
z&<1myxm*&@t~_zM<-Gatyc2&(EMdo^{jh`2i{5arK+Bvh*Q)&10FglK+k?e;Z|oNG
zwHh-F_nghksZ_Kb1PDsx>cE!h&@?!~7j_<-;)RJ5NuAA}C5fgJ$S=j&N72^Glk#KB
zlCi<R8qby7GN+g)@%tig1NRpW9^F6m>GjV4tOsQ)Fg)!f+Lvn6iE?NuCDQ-NuXAh;
zN@-V>*U)ksBpDLt^_%G<8V*Fn+QZ>fQ{Jn4mR`_SC8S<inM1U2A7sFV;Vxg~pl85M
z4}Uv>82f=aA^z?HJf)_*!5rLWzR<_%Xy=k7kGs)@GVt%=rj#`)h!TPZDUpSXL^yUA
zHL}Wwl<F&QDbqMbx)jVm0~WR`Afz>Ww}uu!|IU0+YETL+qlD>sI(kX)IZ`Z#b>KUu
zi7Dcug!RUw<`T@*ee{Fxk=Asq9g3bE_Y!*h<H!`!+ae_ZBT0V~9?3bO6y@pG;{t-8
z;hG8N1Y;Savp5r=(8w5vp}59SfagNP0?9!^XYZsf9g<h+ZPt7pTexeT5LsYTh>Y;J
zuH%tyTL-K(6-lP(?{AswuTuvFnz56+6;E8tHa?SecQcj8Jrg@JOr;>^RB>yn)X>9P
ztgtgM5Z(lEAP2{LHAA{Ap<W15C|B2((1x3QpUt<hD??GE&k~MgHI|Q?IDMBmA|Coq
zz2`O32dX)BVp%v5?`T|iU_f2uv`bUtKyW5yK}mcFvN&GhQ18~Cy?c=S?((yM=95=`
z^6VMvuLFUgC$pil3>R`a*l~k74DBE}HL7i4L-H1I;}@noSfb}h!NA$(tV(d^HW0a$
zKGjwKNX;^Oym7&MuYPLs@0LHRyf{W)&+WKIa?oYkS(mY093WfsNH}`qI7?nSe-(5d
zjuF{<yjY#72jMneaDEI`jR+l(H_W-NAq_S0H|yW&<xJ0gidn`@yYh;2;hle5JGy%`
zne+gB8lPdZcLEf89l5_lpoaGw_q=`(%o%5a++BOCevXKf)k8T6^Wzv52f*|huodn`
zEB(ZQvrB<;C4uX6V#aFMB1SxX`$mWv)+aMIl_KEyZl=fTExWOy=RvQD$h=zg3-hM-
z7lV`K)+sR`Ml2eZoZ^$$gYdPGgs(J=>&Pjfn`~bmH#3jeXL*8dOo;n?=L)@Eh8-G-
zPtJ~Bg|wKjV(=O6Db**pv8nV(<Bw>B8911ndgp{QXCSyf-4LS@u1$Hq@Ujq8%-$2h
zd0$Wh1fD{WXxT=-Q@n{mZibb<EY-pcjZ!XB9lSXjRW!6)vG25n$RU@dH4}XCg$y&m
z#Ll1Y%-Qo{v*rhu7>;g%AQH)p6wm5h;0j}gK9tuVm3G=ZxbXHWJgQ?8-d+)PQi#yc
z4)zN>014`BdnDrD4#P+<Gk_092Zi8Skio7(mE_P!<;T`bbyO^{_Sd>2G~T-!gRs>4
zzo259gR;5<rg)J=F1M1UOCDuA>O=srDIe0FBWoYwU2BjMpNG<7AbuN}NYV1{e~bFS
zwAe7q9C)_sdEF%0H;T{ce}eXuYVk@o_~ZCSZ8O+p+RiNLOfu{f<}lk2$z&EPq@_gz
zN!1B!8hBP{WnB(04}RlFQq!A`jR@cOg90?k8y}*R@FM&B-pCab?rEng^N$VCP*EM)
ztkSgB=N>*a(?{IkjYar*Z5N7AiO&~S3@b%$huZw%-}|(2x)^z|W<Obh-11?4$c|N)
z(f`vpk8BPhl9D7DB5O^$^-B9!Q?!^|m>GT3jf<_VkG8BTJ4crF1%&IxRK&koxu9~d
z3tK^WHRwm&u_^`vX`6uih1oD5vOdbw%@SFesCdlQgaxwgT@tle!Ixk{_E+y5MV+{@
zpkC6i=Rdm!zum25*-h>w`j<C@#Np^8Q>reoNRBT>lGPja++fuw26I@qKDf0i_l4Iw
zu(5+WPDtwQZ8gy^A}iGYWm=WCs^oc>{dB)li_oa#!MI*`q7W+4STFYm1e+d*+rZ4_
z!==s)N1&EzlKnzf00}J}eV)hyh%nakf4_T3>CP~H-{V?>WuZ4UL)aL<>Dvyp<9$&X
z6Gl{`z0;9@_AIkSFn(s6h{6iEkTA?Nm`1mfdQ;e!E&YK(Vm)IMrF$xhQ#=+`dAy84
zO22vcwD?SxV~MoQ+C`WLx};#{n20iveti6e9RXEmaE|GonPXsbl%r{@eTmUHSZeU1
zVNtpu@jKL!&hbb;4umqJpd5f^HeTjItk6r~;k}-MGFA*(g?kdW<1C{+6&X0Y&1VWs
zcE@;_#xGF(-r*=NI~VW=dAi#_S+^Y{rpW~n1JPbOxyR6(pdN_;@%rmsI6&_ksavt!
zsEre1dyA55tdd*$ax2&6JU4Py*rJtdt!gKqafStQdZ|ifm0gldQPaNK_@Y{)t=b_!
zV~VQJZ|P%!><k@p6L$|(QA1;s>}(y;sRN#_t7cR3^_>6~LQE~Fx9BID@Ok@PRz<3}
z7}&X@K2L3ae}Z(t(TU;>F1__NUvN+&xXd@RZ?$!krpUU%1_$AWj=jJBCP$)KlfvKW
z{D^T=TF>6N4=&0d11TLd)+<ChVr7-Tp+Ciu`c%WUwVlUp_R`oH{iHY{ocVUgaWDln
zG)+o#2PY}Lg1k#SD^h3-|NhU_^Y$WS1uVu1Bn}SZD0Dmk71^0<|4Uf42SUmf9J;2e
zdBdU*EA~ld&4xFuwU^MrpSd+&84C-W-ObIIZ@GV86{Ef9s4rX4k}nN^6awW4Ix6l)
zhpsxK7(6m|ms_SiAJeEw>S}|=q$QaROokE}t`ftYOg5pV=)8wPX*5EN1KLA@;+%4W
zg|i~^jzk=2fnU|r+}`EqTK0+It)auR%va28z#`rW6Gbr#7mcOn{!J-bjm8>9L5zCB
zt;huv2nUfn;z;7!NVzDoEwGb~+Hd7Zfp#SQllxE;)CMOh!jM=NG&D)$lE8Kod|#+5
zo@Ns^#}L8OaJZ#Frp(f4=}5I*Q1s1PEX^gP{oxOQ=CMaJmw0}2B!d|lg7!?7=$EGB
zhzaMhHt(dq_LDC(%(Oz?qjvT5N1#Sy%se!PdyKnICw6<2YK_jrj9Z0<`9U^0X7i=_
zLes_xZps<j(v^mtZM*x_V?x|97z;HhG%2T>Tv>{OKf$81mc3KFGQ`9N$Q&HTabI-L
zwKxXUrrEyx#j6J<B4UOh9cid5lP=zd*Mndrn{~_G-`W+xbiJO@(qySqf@3E2Lv2ep
zaylz&ipvZTPo&~upDy4#|AgsyRTQMx%IH)N^d~weAUtt=OC8JzTae<h@eYSrV-IO7
z7S$S({guTOXeCnb=iwB6yxiCj{moekEw2ceOp@Yg_xtr{`_U?3#$*GUqaQ)}<kIvT
zE^oumSViud0J;mxHm^C_zOdrhpyYqmWHw!TQWVLbyVCWBQP!CvKK+4gCKfv20%2)<
z!Z4yJA+45Ov#|rlQq#nfPErkH1jj*Jl5;eyM>dEOK6+{Ubot-g-Z$Ii#ED`Cl|*WQ
zr6IC_+|U=7Ctoya{3bGHeCJc{h4pAg!XzK7WqKsZyT^oDI9-xCR*~Xa76P@w#lg-A
zPVtt7iExEuddm7=<g3!mB4;o8+EaW(?TVGcg}X>PV)p%<^yMc#yE2U=CQXteq?Bx#
zfi>TU7zyiCO&h*>I)jn-W-cYo)qd9n-XD1S9-=RN*FsP9IDcY$USx%zQ?!XIYHs<N
zpslyOA}Z;t-UuuV%%L7L7o6fQcXrIj>dj^i4>=yH6y{9S;uyThwP6{)KggBj@x`uO
zq??ymEBo4ztJE&edyli69X?t$pd{NDD7#+UFZqrX>o7EAiZt#l67P1+vp)3!y!M@&
zl`g6D8OO$L6+iK{?(2s{(FiWh-O{#Fve(UWCfhC?4J*(7WjS|hC&}Z{R7>wLWV=H%
z<%im{^`H!XiSo`W>@9evq7M8T^{+OjAwVPhRCuNeU1d2Ga+Ts9Fh?372jRdFDBF^V
zZ8%bJ%ccc~>Z-=}kk69&#~VlidA8{&90P;j*LGpZOuJ=ZNbCD$Ad}^JRSZq#1l)!Z
zBQTMfSgWP%C2oBbVaEQ=v0)iI{QUO9S`<kAZK{XmF>AT_*WU}Pf$oC|2`}Yw1`G6G
z^I$ztd_@rX^if92s)~>WxhK0Ytx7|EG9)CN31PTACOfpwm{{drOsNH#0Gts51t;ot
z_6VhW>%wwJZM*eLkD==7hiG+TEh|0jb-9Mj@rDe9bvmDe;=bF=61o+kZS#AIkdW7G
z<XQ9Dxz<`15udna&ZW!XDQ)+ZNAr8rbFO9ci??j%q(!QJ2q6B@)M6G*xYekuc7xvl
zTfKFIPj$1QFx}e;>IU5c9~Q$8@CT!7&OTOYIqUR9=?SlK-0cDzZX8Z6{la8g6TS?U
z9=A+*w^M6_^UuQe*L#!PK5PcW<8Z6LMIpTi8BEeb^o{AJiqPoI5a_!lXt+Tr4E&c?
z41aWdF==($hr*j0G%$6lb%RjEB|g@g=&Mda3oL|)KdeR?;R%C*@zPMe-|J&H&0m%!
zfqLVTpqP_mI6AB`>~`0xHp01tImxUf+WodJQ!W?R@ml^0s~v$Jfp1j$C!IU|Q#YnG
z=OWoU$~6!>kH$;E7QAK0Z56nF3o~;bT^|x1h1GsEHN8;B+XZ;yT|J-Rj2~>z*<+0h
zuGXR}P?GR+B8+}O&t&T5G?lRmz@G{(yWItgnu5N8pi&ne0Fpii+ka>UmlX?uarr5A
zN5y1s8~id>@01f}QFX+t%Y%6M-xpTQ{i_t-#Sy-d&H|-C1oHr{b~X&*jx*pGyAOe1
zW%O(kLa)q~OUB%0A;jIyr&Dc8cllo~v~D}k@9Ra*hPVSj$zW0)>w*9T*;wC5uNA<r
zG&+bnhnU_M5iaI>P7|-OJS4I?-pZ03K7qcNkscl#nH)b{r?hBNU@_8X8J@Q0TaxFQ
zISLaE9me)Rp8OL$aGxsAdy3^-eb1n#2@eQ<*iG=zMOgNoDVB(TxMRYRoKib3Tzj-D
zAlN@#*YgDMXixA<)((Jv&){($(K{qY>ysQqMa%!o#ll>;^$ovtYp%%Kuq^in=`qeY
zHMYxxK7uo%MQ<eq7riy@miL#j76&8#3Z;!1LwGm{R=LTZxPIr*icwSB;70%@Uy1Y3
z2I8pX+zf5}u)*OsV;oPsOfD`s&)o7s@fQ5C@XHlIqf!0uvqWz00i%+EV2p|yatCCg
zvqQtf*}^17E7T0@Q*XgbA9<ugX`&6qpN9bz(&qMas<=}xLi<A1RFcKZ3h^2@gHBr8
zq3|%|buRq?f=FvSmv)C#UcY+1qV;eFsMiSCiP)u|@?!<+A=WKwB*~I!^U|3qvX~gF
zbyo8LX^T-S!Rg{UT=7(&waq-vTG+U;L!&ZwPfBAA*SHUa+XhwT07@hFp}NpE%2F$s
zLN(#Dv81<}mN0tU9A&R?*ggv!fwM<!^mY^!o(=BIO@Og6QT;Fr!=V#0!wKbnZ#5Z_
zA}`-c)Ce}d^X}1rhIDtdKs~0B%~Ib0)j%^)BsArLraJ3~;H{n7+1%e*>1RA;#J?d%
zxZhG*Z?hOG^yglOEH`lHfaSzzf*!}yP3=+1r!!Q>J~dL6mqZEcN6sdZ45A`4C`y26
zrw*GB<>^Lu>YlyM!YZ_AA75n^VaAcH3NIiTOv(adC|^Sx%o6M$uT60QBRC_x3Y;~-
z+zP=^$-xm&XW=smAzWl9T%Lanf<f3=&{GNS0i$g@XRy<%Sltb?4t#>(a59-^Pwg2y
zfvn&ei?L9dZyHu!XCXfHn-suG9i*38f!%1XdA?snrIZ6BWpRF)V1;QWnyrJO9MzaZ
z#RuKcFSyBbU3Lf}R|Y$<VY>OK4}$@{B7IXe>q+xTR7Dh7f$+%1<+O<o^(}+!QnMR;
zFJr8K7k{D!Oq@Dh?B6^cr$>A9Cgqb4_Ns3PKeaMC@HVd#E&sky5?nibQ)rGGW`OwJ
z#VgP!lCj#4>K{-3uPLe%@8pFM3+l+-O46l*9zP@P5oEvYBALDABAuf|gLne04Sv#M
zYgQ@~zYz@%F%oN{d!G3(UGXjN;6nLFY%5ILnVvtLaG9iv8@%Wf`H81?DolH<Yxv?b
znU<sBDwW9%DGRbkH4`$2Be5wfA}g2;FlsWK3htl$kfU?%rMH^|=W=D?JjAL{`W4DB
z6C|(pirQL;SkOa`4oy@WU*rT7a_OtD`h3b^xR(>s^$3()gg0&B9{AzUQU|xg%@PyN
z!_J=8KC^8V3%M`#H!yApyOeKCEJl-`ft0Mwk)VlRVSavZqT5S=ImZ+mYL;Ro@CmiH
zl{=tp|9GETozfBP?Tdn&VV`(s0i(%icU14>2vo^ZA8N)kPcCSv_(1@)S~6Oduj=<3
zp`<w@yBGJwLcz~HF;32kfD{R9?`XLb7P9cqjsK@=Pi|LLmW90WFV;eBgF+JdPuj2=
zFNrxK{+TNjgga>Lr#uHOH0U-;tx^08q%m(_TREO?R#9I?KR_`NU+vf06g#hW`>I};
zH<EThbv|Z-7Y(a~6A6&$Qt_Cnz@FrFQTjV%*6es0@q#QkCXq-z1#d!h1<f+?!y84J
zZt|Z)g&Qy!Fp&1h^>U23di=k&=~Knnh=!T!Zw8Zp{Fy&=lXNCcv|E0f#&r<8W$o?l
z08!t{k1%}EIWNFfM3N9mp6K!ihmN}Ny8oBPS>g>f!3M?ThXF>|W>^W*NJ&K?bvL`&
zuu!)YUyVRqxAuezibb^6pdv32Ca-9ni}Fl;Zh@8aiYL||!J|mBK-kO*;g+>_vK3q1
zaffwOW5KL`by3<PnezNUYVz_&Qg}TBRgdj>B!JfF15>yfAHQt$frqQ5G(lGEaxfqI
z;MnxZRCbG4I56!yYc5IK7bCFE$-h>~5$EPucIdr9H(1PR^<96z4W*9j64Jdfx?+K;
z?&>15YpF<A-9E(J0l~DuOVFi~6u+hVA#%O`(3h!IH;XcjXV!`L=-fmP3y=Znhpj8f
zdggOz?n+Elj1jz6c0-Bom}1H>YFf0ea{d<)N0e{?0B7VNlMO*U@j+@oLyE0UPI2cV
z+&Kzd-@P$`dx~#IokZ^(b9vlt^3<Isp5Fa!fsh4?rQC755rRnADZN~XwM9dUDP4uE
z{>ZVx1J8|Au2}?}I$unYnK-a_rO?vrnC@G3^F679)$oG%RbHK9$u9V>DvV}u4l8x6
zKca0GK&jD3ZXV<>gV^?i`FJL3+V%ol@Ez;e_r3X_5zW|_r&bVz!Of5c8bg|$%S;pH
zDw|6Bg>Distmu;17)o4VB-DXb0T&ntVlXNZSs`jY{TSX0Za<PVy;krLzKk$KJCP6R
zSv{rA-lc8F;h?MZ5ppG-zYp299q*hw_o$5N01Or9P>}T{j%!!jG4jNcqT>zhKf^WU
zj%EI=4x5bRVfXT*Y7m@Fh1IXLR=W4!U+WbG+izVAH$`WfXQ$-BaZ^OcnWrG8(C(2Q
z(sHb~k6xq9%cpOJiiM)m(1+hoim-_!cue7B7_};R5utL2hpW2%$?$qv2xGXEZt;R(
z03iOn2n@t=OnBfsmINi7;a4@vWAhk9m4m@GbtoLWr*Y1_cr64$SK5`)bE>2I&JQB<
zwuh7xHg?J0GInp+w0}M)ujSz(7REj9`?WXXZFbu1`45+LS6{{A&E#vk*zp!u%fW_d
zw=6U)BDlOU#hNVP-k|GGm}qGt#cM=o0*NDRe(W>Chq<pU)&wIItQl8A=VsW7>xoNl
zo;vC(>ALp~#R2<=Yb0uFjzcqvqlFNzwm7_UYuoXOTHZ_WN*!lrr;Ot#!3-uF+@|r8
zC^%~U|6=aje<RUh2@(b#6|gce6hLU0T7oW$$MIJ=72bs9;9Z=gA)!Dvpa)M<z#$pD
zhg!YR`a17^`rF+sX1~D#&F%u&xvg4Y3Zy>rKH^I|;vsi|mGx%F_)L6LU4=zemAKS{
zi=SU@KpSRf;fe>Nm4}tpLV8Vg4+66oa~ipEbGq2Jg9-UMcm=&k4t3njp;Sx}y(9=S
zuI9)c7cGWfG~)MfArewFYf?xrV4|EADJWjLU6~tc;5Q!BIhk6zSr}kHk{~nmYYLO8
zODl|Srlup3ThD!ukk{g^(&v>`+*KjLbgyGNfZiTHmGQ<<8xK_#q9x!rnZEc{9NBfr
zizXTwQVXY?*$I(yjxd#BeGXmIccFyS$`ekyme3;mBE5+<jRl<=P0qI`AO+2NV%59K
zNEhViP_J}GDf_EF&K9w{opQ+)(G$^@i{PBwl>x<4Dn(4E^13G0Os*{&qMt0xlHyWx
z=x$<Ahb5#PFN3S2anI(oE$AORcL5%Z)bUDTSn|Pe*>^Q9@6x;@jO#}aT%O+!z|#Y2
z&J^u6V;R8#GPM08>85}baLZHIB+n-&TpYogfW^lsNNsXc;D|_|Ows2=84!27%i^lB
z*Jj1Pym9Jn0oe;t+njRYrWQ2AIvz)z&}c@jwAmoj>T}Vd-z55`)iuB68)x2ceYwoy
zTB$m!{M|OIWqLMV4kjz3TvNm1Y+l}{%>yr7cMbZ{#FkGT$8n+`cmq>xNa=-Pq*_@|
zfa^}lO;uOiVSz<+a76L=TiMPmTW>}xqbGX6)6ReFC{|onptcU9Vv2dnlJ3L}{JJUl
z&R@S)FI{7Hb99C%;hKuzsfP9*t)2D#Fqo0F=HOnZ&_Q3N(?Q`SmYqA$dDtgttrn_%
zj+Zi;SGgnunlvF7uv9nYgP~hhP$aCnYzcD`mZe}DOD__ek;7RH0?AcUu^z{7mj4pw
z^PjfZ5r9o<{;~N-J*7r1&XHkUG}=4|8`Q$S98-`BT|F}PU%U5kEuprRq1BVo-F2<n
zxE0}IU)-Asb1*mHC&Uwnur}Uz)(BrJWfa98vxlyv^12iiK<IC!xk`jAX*uIJhpJ04
z$3~*i+Yzi3hC*gohqDA2t)qa}%YQ}W1FCej!Hn7HzvqvxlSOB`gy47xE~FPg-wa{+
z-IxsB&eV%P)f<kRSt1N&ji+w8Kp<8L)=>+Zxxus>EJPlx-)hj8f$+7yHy}9v>v%Y9
zlzFRuns)Fzz>Is5;<p~lglJSzQDhPSUl*9Zg8o+n+neUb<p*c-SL;*p=_;RxAWdqE
zrpxva>z@oxo|<cdgO!^F<xw`5i~4Gt4+K~aZsHizdK`bPJQ-08v~|B3s+cL!^%|fI
zqBL%CT%zv4_0L*kt1cs8=&**8D$UbYntzX%a@cLW03sue?bWos)YRt?akKhX&+Rf&
z=?;`B>_}`{#OzHOY`7=O;bj=`<E^lMhR6=U|3%k*TU$8Sxeb)4t1rTuC^Eqk{>{uj
zYwhIfAYC6Yy8%(!a9nB6don3mb>0RuSy^4%kSBXP;MrPZL9vTtP^GX`DFAW(XQ8k3
zJQEXf4Uo@&PPgE12Ym~)OCu;erh&UA*+w@8DaDnRb7q2EX!((UF!B&cG~JX9z>)8;
zWOC(PjY{?wXuF5plQLtnbs>9nsY<m+U&+$PH0VCdrNW1jAo|U&1LDZKCFH75zMHDP
z?xxjelJ1!!(j<}4(5wRHtN7+5)kY=H4~~iy051{A_wufbt_J;5tW21?I(Ub6OJ4E$
zNxRClEDTuejKN&x%4%E8B}SipO!`tddaSxd!g*SwXo8T5hY-IBce}NJ2%P04CaK4y
z2PLlcqStaYBrfJZZ~lP^`S72ox`0E}Zm<{akroCeb->cJvbSKTkt9HmO-a~69?yUY
z145rkWu~-yNX+pDGQU890dDLrYO2o3anav(beIl6tz6$ZE{x!ldmx7b3+U8HSzL25
z(gX_a!ypEoB~Znl2f-vqf3g<E{-(<VPraI9{;%t3wOne2nyXi0yf(tXd7hbGu^fPY
z$SwPr7-6(FpH&`F5h_y)fhpFzR0dlP4Peb1rJVa#VT2Xk@|Ke(D{i?VwH9lLjg<3h
z&sWBjV`4SZx9WtE2vA@(YBM1#vL!_;a_DNhROgfAhIpV|#f}(lH<}9wqxFCL4JN;s
zqbtUF^zvh;!55AwRze_ZT&_=@N{<*x%u29K4{DEwQhlP|DyG)zK9QLLxvv7Q5da9>
z{%a*`jFhJ$7$BE(fG>3rE}~{K{c%eMaaMS;KgNf6ESpYmU0r-T8983^?jkmqh3)SZ
z{<n(%aAB`T8O_2aqMzN%dC41HR(rwrMMD*vOz%q(F}aIRXL<wktMg){s!1m(w7fM<
zy*xt~C4>P(R9prdY*KGPy#NWk5SW07q;bHHaKo^+m~4OgWmONGV2wB4F7vZ$@4Rz{
zVTQgewz!v{0VjEQ@h4a5>C0{60p<L7JQ#*a{303>(o#O1W!-PqwrFXSSH<_j+?cn&
zn?Boi8Tbr8W9zu(Xh2S2nu|%|l(i`;rC<|%?>}+)oeS%H{h$N-!|ac*q=BslcTe?&
za8x?0zjt>h-(|3`)@2$rQ;8?5bYyr^r!3?jymf0Gv^7<zX4*E+11U>+{PyBSSOQbF
z0-1BvYBi)SwzI;@1AV#TAEPTAk)rLkIP|yrvVF$twUnyuS{DdV=xxUB*KTcxsq80h
z{*C@U)jV-p;y>2Oc37*{v<G|&RsN1OSgL8WJ8apl2$nU`6Q4Kh4O<6c@g6i^=$!p~
z1wZ#z|7YD0W?yBl++q<!6L2@y61Q5t*Szjrz_36&6j{r+pgnPGD8lbhk7i}51+$~t
zDM^(u7T|4=g@J)aN-R-DamF^(1KG#e>P+mi9&dzK#g}az%`ci>0RXIIT)&YtYI7to
z4jG5_8~B<mAF8Z9@N|h*^ot_|#5BVGAT<B|8-Zr)D~)aiW%mSCDrv5AP4so)sSzO#
z>WL^B{*l5114au<<VQd$g(*$YK8C6h$Iwe05lo3U232ywwd5Vnb>N<uXSI$F&!58k
z<nW~<D(`pv6el03tpK_*8839SZPdkKl$23i>Z6&<4OkT0nz+#Zd7GDtRGoHM2d&VT
z)0|r^$$4em#N<rWFe8OC#HMIAVfg<gVO^Qx{Ug`C&8=n;5PQ?0^_soK{XMU#gDB@b
zq3$ol7MBe_eFN=zvE1rhMk@jqF-#u8k<J|N{GqXn2r_!agB~zTVMg<y5N916_}xmm
z_TF)-f`@S`(9r6Fa5{A(CK68k1Vom4L<h6}M5p#+)nILQDe6z56{OiiOrd(Yu~C2w
zLbhDhPf6+c1}la|&D43^yB1a2niB<N%!*L!>PR|zbmNKeyz%#0fp>mBPSZH4g|t{C
z+npl3QEZc_?md8r!iJA-0#XzjqyksZL$2&82Z#ye9<j>cVmZ)myXL`{am)2%40ExT
zt<~6VmQ)?0>u|zf8SHBWzlb2L_mGTnUDDR{$TIw<<2R8tgCA!_uE#^Zz7aVu%+<qS
zbbl|>DV8F&LHjd?BXBKjg`w)t)!bAyKUmZzI#g_RbOBtHb8K#$Xp66vFE)x$!eVd^
zc2<&!B;9^w5{-=$z$5>m{;iWbN{ShNn7oYF-|0Fz|Nh+gy)Tdf`bU(~wIxBA3;b;5
z7poyMhO%w4<w7?ckN9Bv(Qmkin+a*5nxv@}@gFR?6Y7k37mNi=nWr~rJNfq0efGnH
zg@Hwl5cL4>a){X12<t+AgfDE%_~-zctj@p~Mo>v8dFUNw$GYL!L`9{Z9r_|V?k>4V
z`}%*u>iZ67?;{^g$3nDuBp?0jaxREqe0zpK>z*A$<kzVrp*)wHs{Y(Rw>GJ7tjIZ3
zd)g~~om9cHbftQ%BNCV~mOH=aPIdzSy97;Nl?>pS0Va)*hgmLaU2Z~=2&1N<P?+?+
zXwFN&jEI3+o$!#YJX^D*Ow%PoJym+b`_DwBY-0N%Q!ockJIVI)sj{bR_p*z1mo7eg
zX7yIRg4aX2jYp>YR^By6^Z6zu)1%#%v7sooLK09f=aSS++H?}rtk=zWWy1ttb#O<)
z`voK~VU0T5O?w<j+jY6iWbTtT6Xgts&(pzkCl(brg2;x#rL;E!12vhBTN8u_#$dtY
zijU0gM6;QPod1cSwJ<ksJGU^HBvMQvYsdUIu_ksT{9SU-!f;jI)W?K)+O5LTWvVjE
z5}XKy>H4br?<x&y^kobRnMOhgky9jhxi+wFQ<YI2@ha|(o3YZbtT`6ciM47a!kJ*i
z8BZ#tiY8^|X6#^IfwLs<61S=o{Azas30C-%%rC$U4D6F>gn`1vap(2BR3NW(y{Ryy
z2A-#ME+NW%vsJhXk(L%SM#V5&aYdDFp~eFNf7uT(b5ai}`G8RO?;ZgKbwAKK$K?R6
zbaf15ZO_MMXl8##=t!|kuNDW3sB}59#$P0f;}BW*G>nV*`aPd}(C5+f)=WvcZ9HSW
z{#a&L2tQHq7DxZ+Vxwt&eA99!VZI%E1hd!1lR2{qh{fS4d5>p5XSX;pZ`AxQlP5Xu
z6Kbj&sHw~(4zfZ+2@`!ZbS6{zS!f2#9!;xqi}@G2PK~Q*@s}D01oy^&?L)qBeG9Io
z!DK}-Q)f<Z!&*>J_{#06t#;K%3D#C7QwFE;PYyaB5wysA3#=3#;tL#~l&^}%FDiTu
z)19k{5l0hp=L;sWMK*86)K(6Wqo<S_t_+CSv&tRRn}tAcMHLH$vDb|LFI5F(S8i1H
zn$I#Q<MnTha6wU2?zYMF$8qJw4=pCCc4_r_ZaM-Qe0DT&m!4k34QM*mmAN8~f6W+q
zPRR6trF%slGl!fH%cM#w^q0p2p<=k?Z-3D66ftI6o}+ZlS{wW`Q3P#Thw>9FIy*bS
zCNGl8`1MrYhFE>?M=m_@S~CGBYTtFw)X!4)qqChyfj_}Bf}YbT`E}P>k=FZBtz25^
zZ-=sEP_thL*Mw$@qag|RDJ(d?FAzwMw44qh7WLqKF@v{l>a_~xZu1tr=a5J>D6`&-
z{2HR}RX2v{jo<#9imFvGxMvot=EgTp&dt)vO50@7Rk==J;##0O5z_;x{Z+hVdzG6F
zrw`#;2R=;;g>TjhNvVdp^^A#grw?`43yT>KRIb&##Kg-5W)LyzLuV+sT;T*Ib>%<@
z9t7L<Yu_a~|7J7`&$>A!pP#Z3>-MN={yj(BPa~c+);wO4ej4Gpx;sZ52a0{PmX6tY
z{HPGL-+G~lF42GEr22sdUQrFy(bUmO&Xd&ecc&|9My#~dVRE#W9CK%_o&;5N#jjl{
zPYUxYg9sCI%9XMzDFdk{jNZo<cV59hXuiui&c&v*JgjpZrH!Ahm7oP9bci&?z&?Wt
z6%tvTQ6%NVGLn3PJen#RD>yQ3#!H5HG9Mibkw_O~;Xbq1l62twcgavqky4-rrDUr$
zy)g)W!*D*ON%O*NN=a^k8w4gy+hE2Kf@}1!ik=`bh*1ot%xNWF>exmGx{HH@n-U$y
zGPH@(LG)9SH&kZ~y_^~TuJ=SJ(o26CA+mrp(q@0BUfc9W=eY4U9Plts>Nfr8u}iK;
zt6#uOGHV!oyal9$_@zXbxZ!x=LWh}&e?X>44b_e03%SGfY5VCnG3Kwg5(ZjkhKu}+
zWk4crW<auZOMP+MrLQfCK~*O`b+4;z@haKc`C9Ks1R{Z7pkj@Lmo5SMfyl9JIIKUB
z?P~rdMM#qM@z7|8^-pm!1=cr-7ZIB4k#@K|8N)Vh*?@-1iLS~?u<-mMD!4g@WMk+c
zwit9p@q@x+TAKNRf%dFz`O4U-VV%bJY|O_j!~&3Z<Kdmnwu<j24HSN(xR%z~W@j4X
z;cXZ^17z}#+99=1(x^&5o`x|bZp@RW4wan{?Y49d(H8e}no!H^F0<GBc|+KFHYdIX
z8{1WCQ{ev~)_hLJJMD0Y4{2UKPmb=_pcr&qukWw7A|~Da$Zo$LtjXr<err{{7D)P$
z1=#V&3=6WRXO@1_{qk3_W9&5RnpCV(-%Op1=BjU(nv8o`v<ZvGMpakYYy4UWzUE(l
z2Iz@t{PsJqrz`oshzP!}a&8`gs2XV2PkXzAqVD&sQLB<y$%WOH#*J>r!zViWj5yeC
zr?%J8t>@#Ci;E?OsIT7oH^@st+&8oHq*}$H|A$he&6@o(Hjgd%wld20L+EK@zus^!
zgI{uM`s-nTeSCU|a_{EzO7Qv3(w*@BUwX02t4-9*m%R&cTc-NQGH1)T5REJQw6;XB
z7Q?^VrOiRWWe6XL!HgN&zh8b`lfF|eYEh_1RP1^mJQ50@7PuMg?wQW{Sf#6+-n%p8
zd3%>NJm&X!+@g!R`hPk0|8@0$PHtAyK80lXUM`8OrdavG{)4o*f>^bPQPBU*U4(;!
z`(N&25<4R)@I2Df^Q~vJrzaoUEaaM%*)a_qH=0?2HyKic6?y<HQpWbba;S0sk#V#o
zGmI2$8Y!}=RzFTcv=TW2ZbI}ijPrV7Aip5Yw{Lq!MlJpQJ%7cr19$Ri)F#E!@cjP<
za|g=wbKu}SBC;_zFpDl!25GzCSWLQ+>|x2>L&k%H(JINp!ktKrJcaz{=EHyTf6^<*
zMX|k?Nx{JWlT@z>aD03g4i@JB1)C_d2oHyt2s1ky7b_PBD?3{PfCYdn|7U_94&r|d
z!4pw}fsy9?FXt@tLLXUARsBnd(!(X#u1BIzq9w2|bH~^5_pTfZ`X4oh5t1y*cXc8(
z4k>U^3_0n%?;H&?K}f7hH=$xg=<+?^_N`2~l|tmcnZvCaF-yD(dF+`xJl_sPjeVR-
zUI{$CPrYnxz4!ssFIg^Emn`1T*Q7lG;QjG|vqtm*;E-Y9&_iBGIAK^wE?uof@~i9X
zvo}v*Hf-$1X6(_nCMG8QzS|WkQiby95hAmK*XpLnn%g(rst8cpUx`dd#QeTm9yP|x
z<3Ez3W5RKf@xMKU@qS)D>n_eg@M({0mj39zpX*V3-R=c~yX}{d@HwMpiqOMQMLdG@
z3};st7nePW-H&T@*bMw%%qL~rGQ&f-s8ELYu78ML;nRHK?=s^()}e`{j33NA-=j4I
zmfb&I;IaOfB_t3D`aXl{4*Tr{4DVG{9>>JQ{LQnoHCX5<9Q3lPCy2f7zwyk91sCmx
zc&w7>H(&)=sG8`F5gS0?;6L<DO_TNyjQgdisFqbTuyOu6O-@X#uIf;#(1xyK?AthX
zwTdfH;hKgJe;2OLz`-c2O99{RkfY-$QDJH8zE+yueD@a>t;xJPe#Q?cfvm;}Q`mND
z8A4eBQ~Ou^E4+3KOfAHC1{}Xl-X})GLojY~2Nn%TyJ0~B`+IbU!;HjelsOz={0n^V
z{SM{kY8d5GDD%rlJs2W8;dt*wa9s1XMeAPHoWtW3Jqd-2lcQ5`@Zh4gzHL4(dxEZw
zfk4pLvnMeWiGJL_3}2LZ2YTQ4VKmDJ&(aR#ui^W`$m{#afo{n8lV~&1vXyK<WNs<;
z2dEZs_~6qfKL0umX7THmfrZ~%U3^`|2{*h$tUA%apmsFgEgBc`M8I%RQ}0L0=+k)e
z>iqa!?y&VptCjXJ+1KUCBJ$jNl(;(6r*A)f3vn{<(#2_M<NGP_;kx#+mJ)OIR3fJc
z2J_WPQgjlf=sEa@aJ+dO0$p*!*tKMbaoGX*+?u*+I`ieEkmGL)n_qJ4L;K{2?LX%#
zG3?aXbo}b#RrX`{IsA|C#pAJO(Fk4(!az%)wz;1t6nyvYv@x77cvQ&_8n+Y}uf*5m
z7dSe3&wc1X@yx9pf93qRY(Y(tV^#iRcFXXM2!f^F45bMLGGJ_<k!NZ){yH*4TbC2K
z8v8zajkL7gcutOA9`sdj?{&MYwgdWQPptX+njF!6XxOHsA?VA!8G2Nx5CVI2hv;#>
zS~F!N9KD0qw1JuB9k3dG@iwR`0$ChC!$webl}^j+!ksg^TmNe5d`Gqo{JscJn*3K|
z$%Ua5ln%-$<3<I^C|YE8_`Vt7lV}0V`dhc4vs@X6?;pvDZYK(Cy+HytDGxw*_bCoK
z^JHavL-C!@)BYNa*u-Tf)MDo5-GRKpz?k%5Oup&x)Spds*+BUI>~16QIQTPqMN}b<
z_bT|^%FM%vFBFjMH$vI*R@aI=%x%M3T%je)l!9~%+bxYO54wxYV|#pIsYT!m^sorQ
zgdE6mx$0sU^i-PR^;PAN*aV7Bf6FFby3a{>>dB*dy=1o1KIQIU2R`cb=f2)fP0$hl
z5g68+jdLtg@7=J&<haVHLAFE>V?VHa`dpqbYKSXGIBuK@yRb#_q7n7Xmri@|@;Mp9
zi2g_6rfxSk0~=5SLCX(%kpNhq_ZvI!<#@OxvxJ*k_d5`ra@b$!ozf#dImut5Xr?bq
zfqRAd7!k135oQ60+qG$$ALc0w#f*2`G1B6eT|(JDRXU3b`7RqB*wgMLQT}i%>LeQ9
zZQ&TMBR82PQ;6z1y%k)K@p+wm<S$Fknk<sXM_iW%KV2v9?Q|c%oPi=8q|$R*;xJ%$
z6529l@^=ws=IUwXV)x_qn*%i;wRyEu>5o_UyQ%y9TNvnwQN!<Tqd6t><NuBZ9hUuX
zRT#Y;Fpk3Qb@mY4uq3)$<sN_HoUA{IH=5vP3kZ?9BTx5S8NFioapt6crX)}hd|q~o
zQg=aE`^#=6fd=)iE&!=tUCAk*hJBTd_@0M#6~ij^)?gQgI&L6dXGTSXE+>zs1GsxN
zJ(b0Qv_4K)H)>Ri^}i1&I{afD1x!L0GlA?$aNrqWm?;rV99@_V*;WeH^wLu_9Crv`
z@$z8;Q)QyG)HU|sI~EJ(4(>mAj27#ZG~1MIycV;s0Dg0{1^|q+c6N&kK^!9$#@806
zuupU?_CRmXGtR4v3Nn9PHd?zEEB7`-|EpHt&pwYX*?ht~qw}D+3i6(mHoY+ZalGc>
zpV}2w2cBah>KCEiuy=WWq1V<0BNb!py9pigzx|7?lz9904^gHL41$()!>%47i5{|E
z+KHVIwn*H(cHpSKF#moa_y8dj^Z%mjoudN@nttKf$;Q~&ww;Y_+s4MuL>t>SHs08_
zwXtp6cc1&5_n!Cr<C}BlO!ah6cTIPlp6Z&aU(?VrEN8~a=%9Z;lI@R->|W^t7^z9J
zzWkQo+&T8;pXufh&4{LEZ3wb|%$2G8*p8RX?{62rY&J#EZdHD3U71oXP6bd}%0{>;
ztV(G`l>E3@EY-*!{xWDVT4>3tQ~x|Hqy1>j`V=n$|1I@RFH!!@bQ%E6>#x}@INkts
z=~w0xz39ur(@-^=DJGKcPgenW16K;;6A9vmLP3TCa6Eap$FQGAOA@3z{H2VZoO~hf
z*0ftcTkcd=<8$X?PszH@J|5czuK1F(U1uz^C>1;yGi*eO@*r7SYMA8@)W-cue>1eQ
zuRBu5f`(f5*}#_=&;wF-^C)bDZ{JDJp60yYQEEW`S;4Iv-0*GS?6Y5MZ2tx}i>Hgw
zkff-r8@wG<Y}GW@&05w?x)ktwL#)P4R@vc;n^Tl)K+EA{LD<dHw6xwku^aV4&mUW=
z26D;fn%Cc@jyGe?7~L~R*-kqv4}LeLE%6LJ)@Q{wfyyDJvIeY+qo^^3UTyRjuxl;@
z3Leert=@%`JmxZuSu$4vxM1Mb(<W10WsY8g%Ly;19GL}Jus@o@0>hc&8~SEpKL#@9
zITK^i+SRKZ-*{U0$2ZFmbG1zCPiH4ygh~0#{%gTH&1*;URQYqj&|QYBy@;O`|CU@k
zSZLX+QRwb1BOvz7iP~Y8Pv)1k?YlHkpw0Fn{W^_Uy>q6EW7*c<Clu>|nLUx%c5@`B
zc+Nu!!N;XgF6b>TncEePXip%C#X}bwEI~hgt=UR7c;{h1*?#4&;dFN{g)+`)-$esH
zZgTMc;gCC3rByW6lR^70M(10|aGzr>bL)Y>;8dRPUtoQ)=tGc_?|9tx4asq|EbH#T
zSPMGq+`YjqEhhM@nSI<}iZdHVeUUWE{unN!HoMYEnkHl2fVor0?V%cRIvzrsHsi8c
zjUen@gmf$H?Q}^wT6U7x+a8VbNh(#jE0V4r&t%#yi|NyVgW`Lk>wKrUp+G)wIV&?K
zYXS!cEda{1N8~ysVQ67^&nM8PNQLf!hZHi#0!g&TJDJ~-;&xB5f%R}u4lm}B`s)Lm
zb+uNU<(RZhq3rN5?i!*`<&#1~$@^p`e*VCi`qk;Ta7kV*#wk1(YG-}Fa@g!lr}yUc
z&%7PAEUYCCs<Cdp#{0FLIZO4KA1=_YzF~un{=nG9Ej(Y)C<xV2v07teU1UX8J$v2i
z5*x^ElIPUF8Ilf6w~33f;;)-uFg*y?n9W+GU^d6)d`^d|cWsENoF~2EY`cXz0yOQ<
zjy5RuPzGa{(nLwsEL9%~(4mK>>U^m;0b;&m-l^tf0$!K$_->yE5{glnhR?36dOkI;
zVE|1vAMWZGXVJS7Nq*XBXaJ8TJD4~Hn!3;JB2{)r^f4tx+cZqmrOlE;c^PtYlHTO&
zt8UCVG~smPWg)LuNkC~l`YsgpPlA4mi!btSzbS<G#=Ttfl>Q%y!78c*n|?`M_i=WD
zG{}GUI|1DgVGqkEquODKT#w~G3Jr9hTHsLjsgd%99c0rJBkSUfY*DcBdtJ33)b{Ty
zpX~M@4k&Z3NLTfpS_l66ey?!OZe$g#^*ULftlT^E>YLRxXYt2}p1H^b_xMMHoS&!I
zCsQJ@-~4Z<F1+zUE+#@U<Amn*Bvls_x4e!XH;};l%CA4IPpV=P#1GNET_7mZW`Pkq
zS9deRq_!<}4jEqA5wCAhNmX|KhJD!ML4ZZHOsw?B#gOh*wQdOltD-h76x!cTp}UVE
zq`C$8TZC`ZIV|EXO^Q5cld%E-ugiGHlDlTq-O8U6=aWqUc#OfCeEFDeo;of4bv7hU
z{r==vC~6`7b^jY9nb!75u30UV6i`!Rhs*0G0P*I`s?2{2m0({mhWrx>&4vxL-yiR+
zdz4ldCv{Uq31=(G_TBP#U{GB-i<nxKX5-}#^FNk#PH6&4_+V564{#Zf+9ctEk<BlL
zz2xe(aqRAi(h<D{L3_oV0c+T<>B^4$Ip+DZpiFqjL=~?TAg3`;<}dg{62Q{6VdDk+
z0eg=~G6P!Vnibut$y;-mar<}QK~FSiG)1R+ZJq$R7WW5D{p@(9OxZ=y;|XSUJ8sYJ
z_HLe>zjQn)?zqe>_oqQP-USP-GL&nVE7$l7WX(8VjP(Ns@}B}@7Vj`b45M60iz8ni
zIMcc+(puS=PkSFHkq``vrofD@bA4IzK(JlWxpMeLAD`Q~?kB_*wM*d}u%Fc}=IlF;
zI`r=AG9CmMsWtxc#^I;5e_M7pY(V(c!uv6wyNQr04Vu0#7+V^f!{=MJ@9y!(WT`7w
zqvqM7fpYfuwz6kyl3)xSgZxxy&~U$yJ|ounEN1HM-HP@jLYr`sAMh&O?xoxC)6FDX
zQqU)**$E1tkwGx)&)0Xx-T9SrDSw0uY(*&PamIa4Ci9k6YwaMuooL58Mx+u0=j$dr
z#!c_zI<R5U`QgcI5rr@FH`t?N&!)W7qvO2EMnVGqW5jUjoZX#{gEdCKa<j>;yh~$S
z3r}aX-EO{pl=cx&0|1;f=}&={l*EU38{Ha?^9n4rw}QeJPbOr!{5e0vAyiu#_c!Zl
z@|?#_w#@35+lwa+Ni^_WdzAg$!Wu3I9>>djn=%}wT#!19H+sS==HRP@t}O{o%=?t-
z%G1ADRq>@T>NS(DxvGifoVgm|vFSoG<G-En@fX;ob*A)AHvmUEi=#soX{Pmczm6V_
z%xh#A=K#Z3g<-#_G3yf$4`<xR_OAJSt%~;Q#MaHvx+oK9lh|I%o~V=kw;W#l4yvB^
zVBqtyj$PnKq_D=6w=cr!*<1$guWr0A2JR&iK9eKd50>;V_OCe`6Fl?jtS*zK&%WJ+
z6^Ax{{Su9tXW(iIjlu`(JB+04@UKt8pN_TO?sg<KI>qdC+n$kF$&@9&O>~IU*qrV+
zd?i#egI*bDV+(ax^Sc_w>>zmA><2-~^-A0<Ysucbp=s;~&WnR|5XCr@<wsmL&IB`<
z;trVAkq-yMyXn=mOV5r=+2EEwSJz5?9D^wvT`Em9AV4^?nf<xj)f7=6LjRjwek+pE
zT036Y4t^%lS_l8}LpCDF^#0UZhj+YNRG$~{G!=rlmf9*h2J*^u6}eok=DVKc{ydn;
z*PIjq>T0~*#B>zk=Y5>}bJMH$RiRA*hT|RM?1dl8cX8nLcdUnBg=aR(Lscam)B3h>
z>`Re<HjvnmII#?$QipZC?|i-bXf=(~Yd)8-z+>#s?Jj3~v~#WW{v>dCrpuY#bem|!
z-zclyF4i1;1pe$ep6K@-c;0r;{NOCtZyKJ*8{%#E{p0<RY4U3GFg1~+to3ko@|6W%
z?%H0;=->GBZSxY1Z+x%tf`A|E!=&p`1HW?X4G0N|`gQlVGnFl~`(OcY=#ys-n|@Kt
zqAa3|xQu1%uD9a3i=S#J2_G`NNXXaZmJJ&rcrNV@ukaI|lSn9|{;ZjMRSI*8@KWkc
zk&@8e_wZ^1=egJ5E(lRg0U*82<c<%iMu2(so^7il^R&=jyU!csgF-&aZC|zC6F41A
z1C#~P@>=P1kLrGIpTcY2>Ko6+YK)H=<gzGz)cJlDzGu4Lu&V?LW?X@kg5YR1x^TXM
z`h_1riU7`jE%RVk84Z>Ex!FGqlIss(eTGdCAKwFw%vz~!Cwmr8h+yvJ`R?tGZ=i$<
z>aqk?hp(|eE$+Yit>%8W$^;!gdb4Be1De}f_Ozs5qkX-s5R==$pKHFZxWIq*moI$m
zBW6Qv?U~(<_*o_~@AlJTd4wPkOP@l}6<(NFk=51J5R<hf1ki?thMvPk+1cF=*mx=%
zt3fV7P5&XvOzdw$Vy19nB=Lq>gm7`AMPzl0HOLKI3KS@r2Toef@K!>6--0OefE7Xk
z4?|-<WCH?b)?!KWgrOmE*7~E<qhRbD)IZ^b?;kyBl7D6YW>4#M30Ji*%~YTJPlXbV
z_}is(nci&gh!iWYtk3;3<bYeggI1*W=51A%sZp)U%1!<O{Tc+%YG-F>|NM9g(x9`1
zne(>&1}Y^__#=pcD!I|nTj?8uD&Vbz`)vZIMyV{GJ%}NB?EClct82-zSUuOeprIlo
zWT*j5c%l9L<_6mAd0&Ws;El08gjO@t(=*brzdkq@Te~eiPKr~B7It82y17vwEA1u0
zc_5H<>hO(wxMD&3XTbhz#bTN=>0xT{cO(E0$%l;kU&a>TN9x^$d$7bD%XH)^SryE|
z!tA_{j}Lwsh$>mNd^1dBngctP^dsy(q@&T%i{lOhl)(Hv8BKNLt|L|K*c~?2S%h@5
zZmC9YJ+#5DARHN;2Jh~kGZK2+s_~zP8DX)$)2R6PvqMXtszL#GZ`0zXE|9ZL-$NX;
zXpSRttUY63F4^aYDM)C*NQDf`6S>a{DjrG?0olbXs;Isp0v5BRxu=%fA)>;uMeN8O
z*ZRxF@H$G?QS{vd`ATWPw$`qXyADDVi9!Uh%^CzjKV>jI(P4Cid)2S@(HGL^asyAS
zUwPTkrQ~ZRt?HvyRTOmD#5ORziOq&yO!lSe(Too;voxje5Hgvt-Q#%<-UR>6(vkKj
za>2S1%B?LC^5ehT?pkkin*pW5+X4xwz=)z?AdsA3NbIpqsg_B3t!wnDF20rZF}}<_
ze#;{*>8*%KDp_YF6~lA?sYhl1TSMC$`b}Z}RUn~=?&58~uMHDKb|r^4Mb@0^OL95Q
z{yQG9V-wV%QSytD=A*D91NHAmt+E86*GbO)T>F@gj?R0EvomMKttxrt6x(B6HDjwD
zV+v}v&+MDpXL90CrcPxm+re}TcTO$7JE866sn>(P;OF{A)ZL-9MKvQ<y8C<R*tiAp
zw<`EI)aj(r{Ey$dj6eM08wI?*Rg3wbrW`l{JdL5}j`B>Exqz9!>QzFnIpOGLXg<v^
zcVw@a_EeI5aoQ1n*_&w>tu%%#g)H<GdtUsvW@)0xd#u7sA=>tplohQ;alMQ28Xs9n
zuQJ6Q_{iz3STz||p7g}G7Q@jyJ|uCvVQ`ZTFyXMlCZknRaiV<^N(85j6Y3W3&4U?$
zP<#1)@O>cfOw7ngdZ3{KrptIqLQ+c-tsG4H2}gLE9v_RW&G|y}W+6XxW7Wte&U$r<
zBzezkr%(W^oSy(g<uX0P0PLpG6LUsu6B9Q}bEUpL+uS@M&AeJjM+;WBQzOerMsFy^
z5$>316`n$Mi8f|TVtbQ#i?7@{M&l$ft?9$zWa3s^%HK@pnj40J)1DGO@+(|tZ(h?;
zrm}_{|2?^hjRJzDh{kj8)3iOh*DY109yZWUr$toJAT5FB6@GPB^8KbHop88S$tckw
zO6I`!?&$GP*QKa2$CS;U0G71OPFGyg`RJODEOC`s^NG@rJL<7Bsm#6lijo)L!AHBL
zn2Eh>fRBqNOe6`N?0h+UGU5i0_WF&U?jX<`rj$sGYm6~4$REtrKD=6>mld-9?(v`h
zC(QXiWNWq=NnW|^B|gS2jl2^x4PK{#yuNk0kN8A&8D_%n^YIplPXAf>x{#o}BLgRm
zX&v)#nT7c+u4Z>Fdex7#I9MN`?}=M!^(remMt;hu=72a%RF#v5g+izz^X*Ks4`+bU
zIG0p8@#A2q2tMl%3QUV0#kYtR$krPT>xSxI!(nqss;d%1Ud*!<yooX`I}8G!41KB<
zjkBy}ifa70+HM+)`UQ*?3vy?TF|Jx;0rNeSJSjFbHIh-AUxgbf?s!$e7rI*G-EiO-
zTruK5Kt7~D^qDjjt1J2&-h9m7t6)jwz6PQ?cvu{Znm)wVCaa#QuFh0I5k+z|!aDY(
zcsXl#REmFmY~v;=KQsqx2al6ZoIjW~OS5?CM=#>JS*9HMJuv-SGeA21FJ38(MmB<%
zU-51SgG~uPI7%|b(E%#JEnIYe7^6yHupl#Ac{1Wa?{x5xK*O_@8g5SM^zt}HW<;-u
z84lBdti}=i(1u1_a?fFi7S(%k_X~p!%R3~J@bzMg*CN;{hA}rHq?bd*p!9;O1+s;I
z9$IG0j@i;CPh?E9t*C$?hVObkW>}0AX`nBJ4r`PhT_q)1xA`X!xt+II^iQu$+*v-b
zvfA0d$ZTd6=+czG3wIJFjhi|T%Mr+%+Wv6DR}0|zWgQ?n`-ZWBf5L)v0ZQGmB9CL{
zBqAL0ps^^Bf1Vw|!Y#2Kyh%A_-N#lTYgCN7@ogbweE#KfFPkNQUEhBb%Wy(Bb30^P
z2oeM$28{>1y!sT-TDB4kBvtg~-%+c^CqeK3(Y^-iU2C*twq9teCca>oy#`4#z^&Oh
z$T_>Y0lT7io7xj?67Snd5S1KxIk!QvfThmvsa%uF5#`3(v4L$NC7b1CLiyd9?Lf8)
zqG{&=*MF}j0xsQNMZ!$i1NH3TlAGoarJTB09Re@KNV`5@V@QktfUn$YZ=&`oIJH0{
z=OI%z?g{RvmOuO*za9~Zja#7z<$yh5^IkYiuM_m$piFh_K$@iZ%$-ZLu2#7kqRNRp
zV3XWVmU!f<q3>lX0{I|5Dk`m^y~jMz!9TV_ca?-*9)|vGqEt0zv0PP4B`rS7S1)jA
z=vLcI1D6O8Z^?OO53s(q7>dD2*BewCVG?Tezt0$z{_Kcq&MCxDJUKIYW-aG=q74Pw
zfKXd$(jXnEVuaJLfx6oeOp^R@WKj~O6_V5nRpPUu;F%DZe4XCvt2|`tf$EA^%#^Ju
zsj>G5q&BMtWjYDIMwiRMkc|bkdxi@2AEmDQPM$#jV9TGt>RXgjbs>{zb@R=*zwBxm
z&iq=Ob&T(24d|P-`ztsE=GyjplJf1(rA6QooZ+Af#pb-V<1wOjWih#r#+{q|64|jc
zp2=ZCgqMw!&=A@hgNi|zA5kG6(!-Hn^u9#-qn@Xh950eNe@4yftTdEWq=sOb)V7Nl
z!;pdSFx|P;QMF@JQ5F>Buz&GrsqEThRj2a3%jR`N9(5p+)uk7)QZ$Fp@zJAvy$qnk
zdE&e9ZwdAak?+eJaG;i=st+wXLbBl_RJqsD_B`VPuH05?StqhatG_Zva1f&5+g^kD
zMypRmAwcP+Jsd3Q<&K4x;1Q1h^`B^Y?K@CibSFxaN@}S<%$$biR_ESMM_+?QOU-ss
z(T1rGhxYALSQiiD7m~VJxY4Ng;DdQT!%C9G$oDQZ6_N#hkHng2b#C4E5U|+?iXK$O
zN|Xv7BdNh$^eLZyku3vCRF-7@9cBi_;%?>sr{+9sRLA3)g07QAidHw<ul>b&ko$k&
zj;?IP4t76AvfEr1^Zy!JHJkKbDyh{GoISi-Z+C@UtIlZm<6fK$uB3fW46eN1WeFcU
zO^EW9TF63PuHZa|CBaLbg=S$?ZTDnGky5h%#k`gaTA964HQI`Cm$HmIUg1Y?b?{uf
zO3P}@QuZ03f&&8yr2&JtTgjz6_A3iOg@q0=x{cVQHY@z-;MzcBOdUfhheXu-K|M}i
zt%gdt#7k0`CB9_-r9Sy&NHUhu(ST+sPPA1g!1=&7Nox+Pg5A9*#Nb}2V<BlQM2L=0
ze=DI86lJROsinC%kZVhWa+oBU%rnhGRCQ1_gBXQ)?4a4Cr>o=>I^o=Ku5}88rVt+<
zqD!|h{1n&r(VuV%H8Bh)cCF;XGrsg>qpYQH2V965DQtre)%fAP`|`s_n%Kk%hxI2=
zdgFCh%GgiGRf9Or8K(2jNsT6*RS6Wm!Q#-1@oJ9VrfPqPbH_+dcH}kOnS%_ZMdOWj
zAuLBeJkF^$Ll&|1_DL_ur04?3(mdkA>?@V=w^5PFW3z5~JWqXyAPsH{9!_Ug1$EB_
zX`Im%jI@;?Ze1?^l2ij;%q|`>L=3cT3yn6Fb@^O1r}%=H@;=4ei!f{))C)8vSlwQj
z`5%=reL5K7cv7QLuyQFN!RGzx_;u#;jQOdxkq(9jy&F5Z4YWH03noDFHy&-LkCg75
zwC|X3xQI9xO)kGkvn=GZ<)mU@Cq+{Ys0%y6JxV}4DQE74c4O42{|J&h@nKCbo}bv2
zboFm0BDbw1aRi<nJjfsP?x)q$x<2L3&F?Qhwf8&cQ~V^MglT|Chzw5;bH{EYI639q
zb8$KK94<ax>sdKD18)Hs4k>p@3*Q6Ry=#8$9A4;W;5G5A{SDc>G^PK0a%k70E9InV
zsrR!owCmG|7|Jxc;M~`9-9v6FNF(3u@yB>kKAPl_fAKt3r(N00skh~n-KUgv@DK)s
z0=t++toDJW4z|)%Ry??h(<r8!eV5<*^S}qJ8wwaDQrK3lFkKh`|F_=g8*(-AicqP<
zgd9pt>=&-Jf+85aL=A>|IV2LV_kIlm{6ax<S+=Xpty%R@A`HfFJ-b@*ZK>!;c-oS*
z*nRJpHnm~OOJ2g(zNH#23IQjKS)Y4Zf>g~)lSIlU{cnZ_>X~)?`->l#yIfz}wSVY`
zCbFcYmI>9ROJ+O(S>7Vdi>*A~`j!TGX52&@a>Jq}W%mqw5TlVA0^9;5B$utx-r1I}
zUR{F?+egrLlKU8H-R?$5zg3*@%9mc0yT*jyQ!<M@jI-5))=q}|`}(Q{ZBX{7T11Xf
zN*8DxdqPVkP$l*@-;V8n3hlf?48B;F$RfpF(ByKEdMzOU_e5lyjaa^EIcG?}kAB;q
z@<ClKZF1U1uClPF>!1|7X-Mus4&U;`A|8KB^Qs$Su&>c@JHCdpU}fjBE;o<Je`8Nm
zQLzBW9IEZ)81iz>mfQSDe(hnrteB$sPtQgnj(?x|bCfocfrgh~Ka9JIxixjn*L1V;
zQRU|=sh|V+=WVdI&yynkzPtU{`wQ-`jGY^TZNu4DSY@%CAR6P~pIXwtXKNnpaHfp<
zTLu@mMdrb_QG(ELr^!CIoNY<}V=NB~QQ(ieLoPZ!IkYg#Z=?9*yYk&WsFI_w;c-4~
zb+8uutfMphoL=#bn`mAKkC4z7#SH0)ajHts>B$O!cN&>#N{~7#y90t8dRMqVsb{25
z3i<ptY~*p&)XF6LO=blPBjwW1-b`vuy{P9Votx2+!ubz|7eRpI=jabtM9tDSRW~A2
z=KG$s3zRN7hp&?_jE$R@xc~o^=er>PKxt|(H*7cvNa|iKI6B0C@VJA{=$p^zLA`VS
zIlKJV+a=Yi4*Xxp#J{}MwR&(SnEyfWPVK1!=lJjaw_0$v|5A4K;6$m0R1k0o{~PQ(
z^<M#^R00|Zgw*MJaG3v9RHGgo_5USV{!6{qfwKeu)A~P$l>c}9gANC=GjlOw@UXLu
zPLy%TVnYA*^nnp(Zu1VpYRD{FUS6)O(x_Z&?M@o&h}~>RY7(-)m3kB=TX&q`+_mRj
zZC3YI+IGt@*EDwA84JGetqiY1rFZ#}8>&Ebb9LvQ?&+f{T-O&?ow5o9X!BemDs9xQ
ztiEM0OkArs%HC-=O~9IeFI$3Ho3s7SMyrrK2RwbQw1)gxe)63O4X7m_u*&Eg)teR8
zZ7r!^5XAr+la4{t4g*KfaI<~xE*5vw8O3(SXWMl?vBLX76?pd~o!UfI-i(R8jEscX
zy0=|m`nCC#^1z8D|Ly~HZq$nB$eBr(6(3A3zyHXteCGgVLQ?z#-`5UZ++MnOMJ6y5
z-wYZP%?=d(M9%-d;d`vA=Fb$wNooGeP=qoaO%z#(S7;X;7Do<e12UL`nS^TqN4K^$
zo-PTO0FtV0Cn?|iGuw}E``8)Vw|FPkY=rjMOr0-Mx`{jH7_l3`X5G*%&Zg@*;r=3F
zl=klSP@@lsZVu?JLy`xL03qJvNn=TXLN8<rFQ8gE>@}}Ci?rXEX>pbINW6S5OAtzv
zZ~uoUtEI}$Xb^tLrvFl2AZEuwCSOx<P<$}y>DtGoRk^urtVUhjE{1tTOp?{G1cB(-
zkhW?$lbf7q*FVV2bdf@CC0zFH4x!7#@VY9O`wRL%9#8M@OQctzARurM|KsuWKZ4RM
z&;-s4`d<n1Z3d?U)VNa`A1ZH^Ip9WkN3b+jp?()hDI~x>pIsICuT|t_318|BGg8T!
zCyY+8PRpK73#Jltd-v)>L~WWn2}Vueln~s3^K_2hdr!T%9!{?TAEt>?+dF~N9b5yd
zIq-Dk2q+dz*%5uOH*yq*4Lxx%q5%cSk%9McbbT(oRo8z1KG;f4pXO3vJl&%cMNx1o
z=f<_qwJp!R&up3XbhMd#8%Ph>*%0$0YE=^58iUy0Dn%5PScz1uh<hyUpS;dZTKl~7
zY3XZK_)TlwAFWD%KDoY;Atl>QaTrt-Z<q?1?U46Ga#onRO}<@mgJU~5M|shW+2)R@
zK`6i!&QDwb2M5KTz8|b_T2ni9XC5T(aGWuTya+zrYn|5P6M6)c?^sAB^&8_HlQ#X*
zl%2dLkw}ldvp=muj?p8(eb*g=5odFz^^BT7`8`Ww0Uv-nG5l7ffQ$kiDfmsvg+P&z
zvG!|4v%Qlp9sH(OBQ(9^5YQ}-<5L_`N3tss9P8`?EcEqs@rj=zJzDD+=Eg7rWUf#8
z$x$jO`_N{yJM#;`Zn$jF)061d>Hnd38|f7%3YgQK2UN!DbDHQ9K+3u{7}wG<qlVs_
z{LGd1im!bcEqJTf!`qh{a<AdHDAM(nb7Ahy8R+WYfk%{SE`zoi@cYJi0KPvDYlQr%
zvR|bPP_5k@cuTH5c?2c2LknpO@Wt13hjAwe!GFq&JAm4cVMZ{ybHTT34iWBsq7TV8
za9OUr`=sFRPZ3ZR!3V*1nOttFdYrT9WQD`%*34I&sprf1LDL3?2~vzEj%qN^lZ^DU
ziu=4XKPr?$ffm^0@tG}}-ZEgaq*b2wR1GizarICI%p_vlPR{t2B7xMuK3vEnwPhh_
zWEHw=2dpEI8{!D6xr#y3<$Hdqx>bPsC}|Z=a=AF74rbti-eva$LrfW9f=4{VrETpl
zb=MD7^0TC{PUBU!?et)GE@C1Md$~;>L`qbe@3nTjlnGi*;nrMeyjeH=`En4vSkK!4
zfM{#qVQapajDbvv0rzT+XeY;8OYOeSmdtyvM%_ZYZ+7iQ2JboA_1TVu0!Q|1P3`#@
zF6A*d%Z;hz+Pe8W$;<=`mDMU)_vKS(9xm>J1g;d(7T(M(nT+-e+R+Fm3+LRmx$PWl
zHIq(-vJ}NLfvrKy&{~$3gH=Cn1`D%+g}pfJ;y*9DYOpu@(Z#PDRSXt>jSkTw5+3GX
zoA^8xwNkr|3oqk@?1&np)VPseE11!9#<e*nRYMECeKqn`L(XrTZwu&qvuQ0%NQ?Z0
zq4>L@`=0A-r;<aNmdj*SIlf!&5y?$fy{}NIqke0%*)oybTULQpt1pk1hAokR@tfmu
zVwcqIp8j8dUs|1Iw_5XN#EO*~u8;UxoO@asi(}2noLNVjNaI053?usb5*xRXerL9y
zA~@|>epypy0h1``u)46Mtu#i$+F^zB(0e6J!MY^G$sjrFdkTLKe1q}gjNZTmkpVO(
zM1=H}`FQgsYnOtMi??L*^8gY+d3fYYSjy||iAc@%cqF5nvb7%*&fB#(-fy2Y97E-7
zhl%969V!mXb>CQdv!Rmhynqy}yMI|?cH32vS$F?Vox!Y3&lp|Qr22U@uJAZOpk+GF
zo*l2NfC9g%W!Qt!KtQ_f*pO>;8xrouHDlo?lHPqF^qKrFI6Vr5%U>-3`5b9)=Sn2}
zKG?@9q@}@RbdlNVRRmO4Nhl}Fhf|oqwm(G=R-65pL@}Cz3n5t^R_R;f*Jy|fN(+lb
zWD(IqWBBB&H{D9KblZ2A&el4T?pL};WSQjUGsS`UVGuNfEDp6xhnc?1^&aR3rQTpZ
z$-Loao3k)^6UlJz?@ehy$*)(<6NL>~Y$Ad@h2LJ!?<6@;sxLpRVKGht?yt<8Il(Jc
z`?rmxstMp#%XjVT?Xd-n$Ka?DKYHD+<{`{n5*nTkBW6|E36u#WY>$b)s6U3J4vg%;
zjEr4XOs|zhlT8apK~dJlHV;e_0sExlp#tpecTR~2c7pOjB?UZy0xh@@*BmjDslXj<
zo<O5kuVWyvi5~kF?etdhpbA}o!%LSd+wXCUZS-Ddq<?U{OKs3bg|j#x|AM0_m^82^
zkeNe=C@P{=7mt?#B?x7&Pd*{$@GGqk1b@MU`VeoxVMEK;O>3g_US1FFNzrQ!OsE}0
zMPcZ;!tE$NOE4dxCdU-VgI62Pde5lFB@vdULZwF#&qu8@7pVEdGn64N@V;#Q#udD=
z>!$e+U_oVdNa<eHVz%*;tHNu!#4nx*1{B6IIZ`IfgZX8yey*a5b>E%o7Khxb8vNT>
z>$Wn>q2>?f?PQO<s%f8dGC#4v5ln~ty3Qv&C+so&I%x(#vvH%OH{H`&jNHYN3R<{$
zDs)tI<r1Vr5G<BBOBHIvjTu#SM$veV{JA-FIIVt6*>ApskHL3kRBg7c9YPv|Gp%pR
zya38n>$p8jwFa<k%TvxC+|V106ueC}A8RrOAJsx(QdK(`72DMCoxP8A2qWI>k~ZUy
z0aN7A1J40Mf_^LIG1S4FGJTcA$NLGwDlKBX;^vffXmlEsJuBVTjT6jqgO~C`hxABR
z675orm2RTXie^>Ne0H_CaEtRrZZ=l6u~r}Nuc=idkvT7rODeD0u4#C^0#aZ>cp&7J
zP>?jf;>!+@Ib)08(aDVF^k6;mXf+cu-VnF)P1Au29@tTWx2Adz*&&zW0z4t+ffSeJ
zQ3EfAcPM|$fY1@*%b)1iWKUIN{%wZztz4fhA_Nur5HUmPF$A6@pBi(b>Z(#pP`1+P
zvLj!gA(~?u=6B-j=wJ4k@4l=TzWI!ACwd>}U0=p6AK(6?nM5_qAK3iUP@$RstC;}k
zApfJ9{67Wu9|8C8bawHyHFN%t7JH#*m$=r1^0{e{uSD@NgeKLQRrJb`=tW^=Zd+Q#
z_>s{YA2*Oe!bRqqaC_DsiG@lA8ZkHe*xKqrQTqqpu-3z^HWKS_@>{4KpGScfLG8Z%
z@kUEOs2mukI57HZ|Gd_(Fy-^y|6#ECXMqOpn8mc$UM8_`G}1)&4pdeCwwP!W(Os*~
zlq~kvOt^{70JArtm`y1;h36^3om|?(#J9rPywmN+H?gg;5uFMdg14uM^oLa=@kd`;
zQpRJ|nl58sTEg39EoMr?wIp;Ukq8ky^4!ai%mT^OLSWXfyL%<}pPhriGjh;)pscv(
z$7t$hU7GW+-moEb-f@Y|Xinu09qqWTTjCl9<+?S2xyoj1$sgMF8G=>bq`OvjN^*aQ
zwH$1J9=_hk^ncFtB0aR}DBIFGvk-PdlYA|`xnp3~*==>jHJ6kVMb2&Zqpy4U4rx-;
zs3Sv-4FV5(?kuR??3ccjZvv5U8CK^%D7}St^Zs(JWh6oQY{GEiy#_O>t>YlAuHL#N
z%_f<NQIC{&2Z3EY7kk=8*x7P27SSxaVupyTBU|u+setG4DxhotoRywam#~^_6#nh`
zDr#Jbm!&+k9+xnl()9t<Wm(ou3>%*j7pT|}bO45Oz<t~toiJ*+XQNpaB)%DQd!AIQ
zx+VQzJWEj%v;2d&s7a<nTW3mXkTg0y>qeVRlIh`JR<8t~{K6SQ70}NTE3r+Mul?SQ
z!qwQ7F|??Pltn+Xwz^Srs^|#9wy5?ut~KIb_Z;6wK!mpk(U&+PViAoOVA{&E0<)kg
zv4Foy?v!MaVP(E*)f!?E^(C;skt#X1Bs~4fUz%-G#n^Ct^1MYT0dnf`uacXvz$yD?
zx*{!Q6RAQH5TGpriH(nZrX6OHAm(?kcM4O5B4XDx<8o|D`18%asHv??)Q7+hSwZpB
z$!hy=2hc!^`>K-{QmI>ky8s{l!@ZS)8({V=wd^1b%jJ!)ldQepKejClmFKxtgcWg0
zpzVZwYvi!ev=!!VflIiJq+Jv0tK5wGgopHm0xl#%<I_#~XA2bv89Y~8$H+1z+>Z7H
zk-)n>U%K3=DOb+|G@cV)YLX663#Z=S8$tgxlhi*K$h#KI{j8%t%1LJG4P6A83LN8I
zhFnG;O?FZ-&&Aq#fimZU6SKJ9CP5(Q@#3b40Zh6a5Y3z?yMBGOkWl(zG+xbXyX=iL
z3;6v%AC+nyMOW)d9IJ`x$#HfvYEH5f<F<&~1C1y_x~Ym}|0Hm2ATNNX?lBiaD8r>y
zQc+oBM<m1<4+L}noADAvVZm;ofu7)E?!XBKoza-SM$yd!^r4Jxgot7V!@?1_1`5^5
zPB23cBZ3dmUpc9m9ds0<UJ{FnqG<ZaLfcBFAmLjADJG?m5HM4eKW|s#GWfZXg%U)a
z2{3TpR842=Z8hDhEdg6}G3k652f>E+{=XC@(B7fsLAB!vZQ&W&DMbbX078Xlxt1s4
zJR_ysGOWnV%VC<mWuI>cS|YN#O6YjsBu`9}61AT~LrFUsm0Q6N7kDOVY);utD=yk#
z9wP|1Y(vV+$%Z;MS(6z|$JuV&p>!2Kb+^ZerJ86BeE9}EFK`o_jRdM4;(D-*En{i-
zmy+IF1QX=&)I%tfa&WP8fSA7yp*D5~jPM&%xKswIb?#biVy$nXGnJL*4yCk8siBRw
z?axH0s&m!he~6%+guUj%3BN=tSQQho68WHSdW_{?q3x@1zgKZW7MQ$tQY^uGe*Td9
zz0#?MM@99-h<~Su%4VOv0}AK&w6R5~<<ViPsgn?(0G3?p^CNe%1;{LeiLIpidDP$O
zcw{1vR%Q=E0sgfS-_kmfGCv{`5F83dwwY++Hzr|)^cy3MR^$F<@3v$qv*_1?L;CK%
z`c}fzoQKvzv)E*WK4Q<ISTrd$zD7-L(mGabiES@WPC~yx!I<1$nip=tsHS1KoQc!l
z39G!sT$4(ywfqGLETGxX0L>?)+Y4H0n0)W*T8x=vrT^8&<6$~|tvT4jNF$3gj)l~M
zNAZ9x_dw`HDvqmkJ6u-3^g3N_7`u9-jN?6xv5-?Kgq_IcSJF4sy(ygED6NZR3+k;b
z^3D$l47kVqgWW>*?k&3z5*?jWuw8Six{y1t<4vnmv3Bn?l7Ml0U?kQ&Wz@brm{t+H
zW5ZA*lslSg(AUO+SOX6aHe{gm6Ee|hOo&<BJy|Q9!4t|p_O6CSos;@;u>K&cx9uqN
zH3O))UUAiSc{pySbuPa9OY@ygu%2t~Rom7#Ip)T&K?d0QQ-VSF%)_c5YqE55xrvNF
z0=A;TzRvP{x&bhRYE&OU3*Cd&S8rw99=EIf;Mp9}CCn?rwnDFpt{#4e^)h7o`K;H%
z2lDy33qx@JM5ZrxRVp{?CYJkv2TOVK{7_diJ6XyyF2hB{`u2f{-BX~bV{qUyQJ<p3
z{5==5M7!3~B5N(igfU>K0r&fS4RrK$huXayasQcc2oSHiMcxI0Q*UoNp&x%^9Or00
zwho4n8@Ne*r{(Vz250AfZX-gz9Ea|(q-RlKv%Aqnly_{U!0J|2%r9=7{FsH&?6=O3
z`PI!zSGa)1(krKsCzpRCd7pt*lwogS{gXH3`C$Om`s02lDQk(>EX|EuXpN~2$vjiy
z8)c}|0YDmZ!p-qkgHQV$pz0UCpv^(^BDR?$jy10qaLBG7<#1M#3j4+!-$uWnGvUR!
zy52zI2P@G;RWy{STPjXh1O1?KF31{@IxeL&gG@@rXUhbw#B(HM@z%#WTlQDrwd1%&
zb)A;qQ`f85rdV!iVf|s=SM`IVdQvGHpw(Dt07lD?m5npESR$&kV>lcxSMmRvja8rO
zKr1_GhA6*O);DPo&VU!lb&65lY9LUw@7e}YOs8^N^1k7fY>fcMQQgp<ts+)>+P0Wf
zC|U&JI=@X?qv=*+s3ma~ef0CV(RB`1<SG~pIM|Y{6I?cP&OL2ucY?2N))UJL6_}B7
z0LRP{rN%F2LmN-_n##KSb@ppk{O9kShlE<|JK*ij2a~R6nYSUU<lr@1UqS{VAqVF*
z0|R2AK;zziYT&QCiw*0#Ix46c@M=>66c&WY?`)0+Z-@0b-1=0W5(HN3%&FuG-YhoW
ziukRWM{=b<THE_@-1F9Db)m5KrnT^X0hlSi=)2>RekU^%#NOrhGda$lpnN}tUm$UA
zE*FX*2ia$|rWS(Wza};qE1)5NA6~4Bm>E5swZh6+R;ZuQAUsHaukjqpu1PCU%POA0
zLN^3hd+*0%Q@u?NuiCjVQ)mddwZV*gIV`Vrp_o3z%+Pc?4Rls}jIHuwk}vhq|7}TB
zqr9@wnQg4{k?ixTGneyL;{W9D=70)Au=m(gVd3$Bz+vgTt<=IdaOQ$UZcz$gyFwx$
zM;LQn@f1KB;&jyig2Rvgq71xNvMo9Z2=AoTGE#)1TGaQ3pmL5<Tp!XQ>DoVw4Znxk
zQ6Lz2r_--&V*0yhMmtR;g=&jE0KD+=&NvsAKHTQrqCUUXrWA&0*zBN~{zjrV%ZO-5
z3XxyY-1MUwCLG><r0_@|f@gY&_zS86wf?6;Y~=dAEO|(cQB6#)wRX0Iqr91Ia-l%J
zeHHFYO)&&f+>ef8Ma-IEYLrioH)h#q(SCjRz+J16o0&(-+yzNWxC>2o0Z7)Gh!~jE
zeK!v-TY-wS&BUtK#H;6@_`9d1+aLN@UL{nCBX2ciLxs3Yig*+LFO0+E-I<B)V(7L~
zPRiYF#XO+RFE=$i{|tG05~;O(zi{vugT-4-QjfT~2Cj_O^s_v!O&GHV&T7E%GFOt+
zHKDpB7=vwi#22H=o#l=J7Kq`a(PCELzN*I1@ku@mAK-lt{za#X;atiyAW7_4z96Og
zdT!`_8fnY5`H4D5)&Ps04yig>C{6<_yP^5*Y~ab~-iFofVMLvVeLFm%NK7j3M!{fL
z*}(kvG>706zQ-wer2?s9tl%*u`2<Bjz4?~rj1H_}OvP?=xEpEi6L=S{x>MS7mc6As
z++b245yR+BS?dD0u6jz}8FpC43z5+;rZjp@`5MjUGa4TJ=BqgQ@;fll&|A})x|Ogp
zJ*^(vR(U4tT>X`Hgq$LB-xK{UwBqA`TW<8-PGE(6AKX2jWhLPE@`Bp3SzYLo-QFcc
z3x#OAnzj&sB^{;p1zI>SZJDc!W^n2^_G*pU?qICWylJB`dx&>S1#G<Gc+i$Sp!G^n
z@$q~_oi;0YFQ5{oU^a#A{G=sXxGZFl8fVpW^%4=d)hOG{463~=<nmu3kP&cx4$}TC
zxiPjkB%ysjjfo#_a}*c$*`d{q{wY+z7gQ_^cc9Q+<5pKL0*GsLTbpnYvu{Vc!ST;E
z=E31cCH&=bhmKqN<GiWmb7zH?J7*2zYPDK;x}*5+u#w-8lSh-Q+^%|ms;<8=#<{B=
zg}Bj;5|8D#xz_OZW`xjMZ(0V1^JzrKO>73QlY)*rNV|Z{decg$6#+W&aXcycr3L%5
zqvJL{0bzLQJ0OdZ+}O_~wVcrLSE)=+D=ed&@HYno@2RsfOiA#k8C7<<(3_@yM?y0L
zIe0|XbqHbpBKM1Ek}i$>lirr=y3TMe|MT8~OKsNXW)wfbksC!E(C+Ra@oBr?{tw79
zqmFhYP5h$!b`}O-TFXin9OZBmF-R}v#&l9=1d9Fh4G6FVtLrG@myfc&TCpZNBcA_|
z@{^<Rv;2Fkk+h(l^mm9y{qrxy!(YB`GuWK&nVGXJtL`xg`KEn?s^Xgk?F`+j;*)<D
zy{h81ibl3>ZJEf5M%9a%<;?HtzUw3Jf^e;0g#TH14un3LlOchCSpEaQ_+N3#;Q#qy
z(>4iC0VHkN2Qr}#T|J?fG{d7Svf7EFndx2`d;4o6Ef+Nu0hpd|7=ejqj`6bg$2(bm
zTUS|0_HIYo69PYQt4$+znS@#6WHEHrsb4*&gD_U@ayi(OJ0MI(&6w}rie8XZ_8Z6|
zzT1Ztv11$KC?SprGiwAj>|5}kWOo&!2n9k}0r}fLvkMrlFv(-1f!YTA*uAZwlkMmj
zqRHeILgH|p^N&_;cKQ2YU<TD|v_dDrFyE~esQWlut3~_+=X;tEi^4dfw=1Fha_eB;
zaDw+1Mb4O!bNa6RoF0^v84#LM&6Y<_p}=dbAX~;2oKPCnrl6wg(AH-+;$_O$tS}w2
z0IkyAZLaV9H%>4|p_bkH=5LnFfRuj9sPX4B13*Hi#K&dvFZ%T8?wDQ6B9tq3slqb;
zAXb8lO6zv)#4m=TH;EZ}TcnuTS=&8yfN%x3<m;~OZuvVUZ}7}bTr@^W`diiGm3bQg
z>V6{C#;*D5F}tJlJMuP$`lbA6lmM!d=|Q8+ldGe)%HP|J^Lgo`^8@TZ!zPbH_xUf5
z8{`%8|1)g=8MXLnaC~4TVNEiH>RG@bAf}_4zJRg?WSx{Y8H1WSxviL79Hsoc?vw>l
z(w|J3s0XYkkA$%LK(Jv&R<Hgv)iW*hrSd(2JCYX@6=Hima7@+Jy)h7E{R7Wk@a;C#
zL2y#{ViQSt_^FF~{%n$U@=?6&z$4LNYIDoi;4IhoZ6A0G5(Ef%N#Dk9B_h)=#2VwT
z#IC>CpI6~)o=-R}B753zCud-5_?*o{HD-^;a@TU+Pia0LF(wDQgJ*+uUYxzSKU__L
zh;qNEEAuY)&;^T<)OiD)fY!=a<}P?iIY8jC!tb5h#m0p2k3eQ-e0^PnLiL{S`=RZ3
zvAYU!lUCiuRG_MjQ1<()A(Q3Iyhm^0bLR`m&l7r^zkl>_DdBOw^c+UqE!<4i^$5E%
z^%I)Y5HIprtS3fv*A}k*lwU;G6*%(D+1P`|EQ0i>>>b9-yE^G<KQ1PsN^l>GwmcBO
zopkGWOHT<iRq$YSW&T*8`gxe#yWc#&_0~nmh#|NQFAa>dXH2>UeaUxr()sw}aK+;n
z=@Vjf39xJ^ML7Z~p==%s4n4T+Zv?ScKG!HHJ0ahqpaf$KkgB3ZzTVC>nhVSLSrb#U
zZ&Phzu*6GJ4Jmr$mSL<)QI?$r!;A-_D$rz?=}Gn1*fLr(Yj_2cYvjSk$9yqT=B;}c
zLL)WW-GTE14GSD;eIFtyTIj$L;}yz#<qUgFzdTOdXL+CKoiH*{fwTc1%X3CP5HOEa
zp}Y?(duSv97QNSV8dl-gzwMuxB5<3@--$(L@Yj;jNuj9SvA1d_g}H=&D!sp`ou1JF
zFy^`Ch@q+d%|jKW)yNS_*i8i;cR!!11E#G<2!H_4uykeP0LRCFUjDLzed6!^*roxi
z%Xlm7;{>fciGob@vB2W9gYFZjg#&2ZTIkA5s0f^kP8YlLdT4U!D3N5E2rlMl8RqT0
z_zju)cADqj_||;xZsO{|BS@xDX<so~h*`hj16F_u^eV1*I_qe6hO^*1&jZqzBG<)4
zGjQHB-ofHtfbui0_HMLk4D)^r)LzCy-TT7(b4aYJ!~OY}p2Kq3*<3WtdwM$W6~8^n
zTmp^Cna<>7s9|WUibofF=btgZZEuW6lcQpk`yn?=PZ(0~CS3iFLCWa77`*94eRM<f
zgGri}vWBi9igI#4PAn9>&Jmmi%dE7lSpcxeYwag~@DQl=Gk3YAeXZbtPKfef&iC*<
z(WD}9JHv-Y;y%MDIg|BYoSHBM3xuR+XLnv<IbCXn2W?%}o9IY>xQ;y=NA0%I7>)&7
ztE%F=bkWWRR17QxhO9}~Ts2Z*1&gt`A8SGmkN3!gFrzDOehfa36?|pw%(q(A0=uh~
zoI1YX8nIi?0l&t=j=V>QilCg#4+rFXMzVEaCHL5-f^X8ZVD}6yc6%~?>zmG7ancfd
zvJ?)$pFt<d?<JzU+aR-hS%OSmsa&f3_cJz4LE%3RCk|Qp0tY2PC$2x6c-$Nok#?09
zO9!O~Fh*jDz6D*fp2k9pze;r^0IOrX3;8y_@-q)~zRP&jLQ9{OdG&G??27)?cicag
z9KK12tAMs$nus(b1u>s;hVnyVd&MFK>3UY!WE2`PyX<D4&O9hU^3*cEZM64}3Ryga
zdW~M7Ua5x4I|v|oTys(*%B-c!7CKCYblDsbEdTIcK1;>ZyovEA#c47R0b))@dzT0c
zv)390!?Dog9=YnI&5B%yF7&5q;*ke<hecLNVHMTl7x8iN4P}2xvW7wtU8YHTleJdT
z%z25|Shz{=<J`!1xiJ&OMw{QIQSsv#DF!rA`@6Hu8CIBZM5Ef%Z7P9W%?|#+xPBEW
zT(Yn5cjrkk9{=ugpRlp#4xsn&;waU!W4mXXZQt<1ZS%KPrjepNR@D}hOyb6pp<sgM
zXZBZ@6<q&I<YN#}+WZzDi%w+bZXD{jZ$59j{=bh*QXl0-pLcynrX-a+?pFeIN$x9x
z{&65me*KIOc`YxVVaW--=NC>y{~umVi^8q95!aefOTAnGD-vj!!kVWx8X>;6i9da&
zPvc=alvHvqt0iR>RQOdAsT9gGOYP(|g&q>19f|R*JV8p{rYZizS5*E_$4=t5#&z22
z-ns}m|H+<@7pnZxtX6;$>HeSBf-Tx$iDuDB{ZE!es*saE_L`RrY}mg_T-Huq*2pE|
zwv>Q>U2_mMU@2&;Q^nFR&|N>f&SPKRVxaRDuaMws&MYK}63=a9YAnhLT+fq4W!;F-
zyL7-JwBLjK+uODo(J<K)lCAuaFb~%z-daHuUyEfx9Zd0bw!|TSm+Y!%+*S}znj7Ab
zuaI3o_`f_UN%yiAf^3e4DR+MUUZLd$+TLTpJSa(}sn=y8uL<;$R-ut&8JMa>SuQwN
z%Y0c1l3?oAoQXC`!<EaX{e4#g&OA62K#fDMcosu6M5!2tY8^a8ehN=j^#Zh9(-_M&
zLaRF)dl!kd5)aT9CHlr^$X8SY(m7GrYKVM>Gc**lQ=?%T9|2ZT(hxQ`|5^qpN%bF~
z_jdm1KoNBQU&b_cw=Z6P=0tfEBcBz6Y!*gp&}<`KI64%Oq`SzAU$YGJ`|37%|Ceiz
zhs+K0_9*86NI`ZKq79p+n+`dL--~?pEHRuc<Njbd(KeHlob>fBBg@Og+ql3ffw=vO
z-OC%|#TkLP+X`+NARX^G)<Y;>w<35Q3Uhi+Abz>RdkqaccT6Bo!?Qi99^?3rVp&BI
zEi0L4N}I)-V6p;Ad&2HBurc#X#%GsuhP~Q6L_jM-QAQs9Y>;;UUJ;1vuKlaxCfxlS
z>BL2@K0%+!CcoH^OU>%z&G5(oXxHiod0nCPAooJ|U1Pv7rT{VG_l7d)4J*ncl5y@u
zcFP}kMR2VvvcVp{?YB<-@EaBU=V?)G6|P5IW8pTvC^)4blcb|gbia57`$_e3B`{`^
zQ#N;asn_q8D!!SF<`B^4?Zp?hqw_!||EW#<-3^->B&>?`m+1w&U^jkX`_n`+P^Yit
zyTU4f@WTO+Szi6nR~h`ZBA5_NDZ^o3*wiS|&oU|2Q3&!BKhQPyQzK^1a-~FVcO>Pi
zNZomvD*7{ie?+3U#L8{r@j7jpFTt?Q-4<!$(o(a)eB3=Ibdpr6&3o89`POWB_%J?r
zud23n#oj(cM2B&{aDcZsXLAyJnz^cGS9hgpQ!oKQ@B^uQy3e;u$}-j(KK}d1kIeG}
zM3XSXt-W$T#ph_?j{sK!g(FPmS{pl6KGSWsO8;xTOIDC!w(xLyaB4Q*qJrF8dCY^-
zICg5b>&uj*qt|JM9;p0U)#7hazmzLHtkTlzEsX63cxip9m~x+^7B2p%l;)U#{-k{V
zDD_5Q$(S&x|Coj{9-5ykN?g&>q<&~4MLKI?o9Whhhr6lGL}l=!g7X`x{h_Xi{%Th$
zfZbZ<5kDrD{X}|5CbN>&AXvw5tvGC8o8FlFIMCR9&rfX%;c&m#82RC0M}C#K$rokV
zu;h={>4`06QZowg^>05$-r*Te>j!b`NIn4|l!N!tvPe~++0zm;J4i|vRlR@z#<R+a
zFLaZStv>pfS-<7ecoMpwL~-y(?efp!gZj<?1DZf(zpAqQ{jlLp9FChr)m(cFx=xe(
zG$lU=tOGU0uY?1~vtTyyBM**Q<F(Ag5>A-nJo^de>Geidr^IF;-ciB*VWo@T2<{J4
z-F;6D0e|*~d&SyKr@d#QGGwt{saic!-&4nd-}rqwNNG!bPwfzX>$pEeijKagUJbu>
z+#lbTrSGZD#BY6P4$){)-%}5a-ze_)Vba)B8;;Y$a2XC&8gcDM_4~Z=bF2bx`kq>k
zeD>HqO#7!j^+fsXv3rnG1p1y@vV8W~eGHjwPk)_cK6~5?ujhU}qxzm2*_<49lk?VU
ztwdC8BZyTEl~!rXx<d%q{(F%AE>zOTiavXcNGW~0CP#OG!w*LD!_c=Le#hHdDQwvq
zkFCMUg>vfKwSW2yHon4UsG#YX+VE#)Z8)s2W>3AZ_J#T1gr{a7{+K<r^ZK$cNAsZV
zseeP+Nz<?$61ERSzK&@O_zaP58oe@~nRrJ9>BqDJJTlVr4sw5BmmOqvoE}s6KW%z{
zY)*Sjb^AAi`2+LPWBPu7mwRH4IwQ6C<~?;7th6WkX;^+$u(Op0duI+^8#Vo>z<J<d
zxSv8{O-vEUE1Ooi-AQ`BO!h&uIQyWfmVbS)U7NvUW36%*m1ALTE8S2c3lXOmUdI@l
z<`72k=W9R6N&L`>93KGeve`+z^)QF&=+4TYT-&tlKvuD~{3x=mm1nqh-<;J`ct}m(
zC|Yb~w4Hd}(p6jL*7i>I>W2D(nkMcIH#zP#)dKJOfjTGd2;*<Ty|H7{Mo9>qFn{~P
zD}5u<PbN}s$5xLUK{q}F&`+it(ShJQ)%r?;jmoR6;7Qw+vuyIDF#<|SjB1~WJyWSu
zt=zQzejds*`dRGff!buA`hIRxpzHJ4&r_{7wf%k`stDERv7e_}$7+ZDJWwgO&tpG#
z(-Aj{x~(tewes<OBz@IHq#on?D1Q_Q_$^+aBNcEy-gYV!`}+-U=NGr(4jOxvLP+Xv
z!#(v!KCMX0wF`cfj(4i<F!b%3H~(Op7MxD>No;TNQd#9zHh{gX@>oR}_3hd)?;FOw
zK(duac&Oc~(k8Rr9=6&_wfeSes(kp}Qcqvnu0!(SA?XcU_E4n_jJ{pF<9}R8Ht~{S
zV4ELnp#1xRjl)m2jkO<`ie~NY8Xc#A+pMqckx*~fICw9s%!~Q!n&zlP)D`cjz_?vj
zkQ2GKd_FV7$PQ|FevVQgGhP<Xx0nrW5aacu1lSby6W*gREq;ys`Py$oKZ^WW^0VuB
zc5N!uB)!@E@0+CY0%?%n27i$d^q>*I=~%YU5SZ?K8h4<ZFT7E-FfrJowuHyuoJ|3(
zusw-Y1=d0|1!oPMQLF?k11EwPYct=1@!g;n4U?N8BP<#vAr>2Vclt1&+MXHNDKWO%
zj^3^Db{t-zW?z3iYO9E-cWaEcaKdqtx2l8gJ{nb!wNoR3nrjEND}VGO?27L?)`nM>
zjulNobBA-V;SI4A(gNt;3UIHnWkp1*me{^q<DO-R&a*>^5vte&`1#hl{M{Nu+-AKw
zdX~{^S-qn|vc@#`1IcjM?TxLYLbAphw}E8UmbI3uT?R!-rguJ&MRq2&T=2U!o~L?s
zhok;jWx_S}SaCvC9e?j`y~L~PjAPyID(ES9>s46`XH0G8nhzo!J*wwNkBaKYnNxG9
zuDo~aMNjt!+BW75-kKx9uEypL4ZGPkT164T`-NSN;~pILqn>#+?tN(3TTRPYsc~{Z
z*wy&`!C@EGw2lM2nuJgU`@USsq8z`Ht7=zA)ZKciMnwkNGJm?gzOFK(nvk$^xVqwS
zl?Z0(bJJZpH)T>;_E>HBdRvify)faPpx^8s_&o5UCRXi&mv(PBXxpC)Uesi=ocq~t
z*=lwUHAyIC=#T}v@;9Q~hwu6@_SI-=2DNZXme|_8=`LVVO_dGV730eGhidR24*+F@
z#10!MlZ8%Y^MAH8VLaAOZD*z^C2-Ad-x?ef4mBa7Djb7Ox0@<#a0EEE6HQ9t;O;=j
zgJZoalZyGviA>kYhAYxP<!U!RkC!XnP+0Jm+&{bE9Oh>YscOtIK~eS-R0Bl@dLI)M
zWl10p6g4Yq4j5`y)Xf8IeVcZ2NED+Xhj?@7)MtetHGhF)V@(`|8P(YQM#7*l<Bs-%
zbkv=~tZIz4aMrzGL5)GGu1B?+_uYB{i2bfdF-iPxy|lu9*Tb5t!g_YJ=$EWV-L<=;
zmAzy=sv*C3>pA^9tmpB?sP#np{e!c)UeGZC-O+Mgc8(PLK;5n9vhM-$kEE2Y=dJGs
z%YGub?tj+PuMfDa%{BWK!b0}Ro0Q!Q8^ue}df;fsX+16X7-$egt1K&Ne>TYs#XHTU
zqr3Ht+WoPI&2B9rB&Z-O9~TOM?o-S-<$$gA9M63KnyP1(UhAPMlHIMRHY#d!!r-Ye
z<F5LnvZk`0Tc$kYux%^Ehu^JdRH@F$=UHLKU4O&Bl=ZFkTqV^RIhjpi#$Dr%+pVFg
zq{FRe_^8g<?)RE1EPFi@M|H+-yQ|Vs?ruF}Ms-G2&3HYHMRmqO%j~P@2<s^+sxz9+
zPFID>ttW`6&ZsK$u4h@O&Zw9;de_~R=5&lvUx}{vcBMJWR*K%PG^f+G1_PBCo!+iA
zr+?G$_iPo7zPBsQQP$aeyV9J_u+<)^P`Tc&G^b+?4NGapU1?5dtT$UqXLUE1_BNW+
z&U#UAH}~~sjX><zk)hemiM<&b*@EM!(Db)+Wmni6KG{cxW;;K3IW#@nv|2?W9|wVE
zJ6HGNj4($4c~>^o)w>--A)EZJuk3x^lYharuN+3UWm>etl9Z#nw(NMLuq0)Er(8F}
zwmMy<6Qj(|lrwXz?$}f)Q*qZ<=1J;H>JN2=LI!sOWyYeqr0&@0C~3h1W$vJ441WZN
z<UpB2Yz5Iq+#eNI<!Gs`V6E!t>6t^z7=KoAM1%dZx;&)xMpj3K;|vbY1jRlnEPv_X
zOi<bEGuSf|Onr9nLI}HDsKa_r2M6cl{bskR(#7d+aBx1}v#hpa2Kd1ld9MZ9mCDZP
z%{_DSjWOjaYuYm}&Jmtl)}W)53fSB;&&;VZI%sxVDgwRU+|@4FZCkC5+7aH>Fxc%3
zjFyV1sW*4E40g@-Xs99|>CIi;5r18~V=EcX_2#br2xS>wZ|>@l=;>qARH8OJ7s2Qm
zy`GX6R9CEmv9afh%9OkMBzhgo?y30Cbj6|&dyqGE#aay8=j5rZX;<>p>kmQDP?~aA
z@+2w*t4z5oc~X|-b;acSOr~bD*=#BZucBbGnC<YwtFE5rzX>+_;Kb@n>3@oO{CR>d
z2yjaLQ!zz;qmw{o%3W!0zdanO@lVC{^PDOBovxu`oYWOFzH_D=0RL1X^NKmzc~erO
zRh21~?FPA=Wi;9&XHiUm&OyV_=(UwNi(;;Fj^?FXEkj8PRZJ^R{d#!o$38fxdb+VZ
zPDtqSI6ZR8gRYo=ys>tV%72u*l2&yKfMPyx&XnU;udj656mw^Dih&t}rb;i`JALPD
zR8fCSWy)QpRTIQxTZv~W=A-6J*>ATxN`(&<lTq`g9QQ4?z1&rqHV56-KnbymDWy5m
zXn)YMm7rA28qJxKoBF9txhwS%eIZq*+%YNRXpM;~HOKx<B?jg6wtqf}z4?8mXXW(4
zK8amWydl5g{n;_=_~@<GesBA;V-|L@KNamxM`aZG7*s*euJW5GL8LO}uJYTcX_$Q_
z%Zg&!b<ULBty5*nUFEk?x7lkcNvVpdyg5@2dsbgb$x%$ImAB{~Z<Uv2>hvzrp)vf3
zkG!}Z=ORQ)hG+T9T7P1vK&rKfU!l+aMT9numCiEsh-@9v6t3fBn%rWq;HBtcp7+k&
z4;^fp0tox>8n<X!BO2E$L?e|vi-g{eu)z+tXMu~KLBh5?fL4Z-#9!ttdCg+PZxrWQ
ztbED6UPkb~<1PF}n8o{jmA5k3-SnnF&PO}&2sue_$?DBMaeose(WI>~vP5%30cnYR
z`RwPoWs=wh`QYiB{qjLtZ%o8DtvFlNdUeh5)2Xw%>iE&iymfEEe$$(3&*oE;5BS=-
z3rD7F%RWY_VFTNB>~YQq@j2RbLE{&8XkIf8)<`pTCraWLb2?<b;5WjUw24pFWrutG
z3jjw#0Y}uIpMR}B0Pu6#a!vif`5C~GUuOGfrJm-0K68QqF%n<xk?YLAIScGjbl!Bl
zOD*$X7iXFkn9D17F>^fA!!}X4NAw%s$-oSw)K7tJrT&@(w(X_<9<tyPKQ?DGQ|`JL
z5jLpicz}VBD5tp8^w62%@%51yMh`ikF`)=$3o?amUVmeU``qR)+qK{Ax&_GB?qvu+
z!V2Qu5Pz@lhHW{KIdo&rFF$}aEoPo{FTg)*L=>^XT<W)pDLS*IR=YOSDj-OYQk~~B
zz`WAW(l5C7z3qx~He9&C;xvAUztdXi&-6k3j$Xs2gSQW}q3?#`9sazAn!`6|zy9+7
z#E_;YN`GNzbq!K@sloP;03unoYYyQt^_ZI>JIxt(<rOhD{W$hr*I(LJZ3vr&pTK6E
zr6!k6;nKoW-0PSKyX<3EYu1gGCdldD$jJuf!V6D}u&%Ht#@2iCfB(Oq@t*WlH>G#f
zU1@E-EC1L3_u1}>uCyikG54eWd!$@?g87PD!hgRXZC5(KN7|(;@)P~I{G|K4q+F`}
zL_ab=>HQw*m!Y&J#xeJ!|9hldhAKZXj?7O6zen0-DDo5IxcmguJAQ|xOO>G*`(Y@l
z$5pg{<BRtHMf?8@_vDNAe|o#}Mf*Ro{rIB&pX9E5(f&_wPrhjXr?)F#wEq*^k1yK)
zNq_Fj7w!K9H|4X?{##$P|1aAAXSgR{wExrFl`q==iS5T1?f)cq<%{-zdVBIk`#-&1
z`J(-w*nWJ`{!emOzG(j^xGATi{Wmys@(PP8&CJLd@dFr2JQ(`cL;MGR&X8diW9W~g
z+8k3ThJkH<3`G)S{5Ix3V!A>wOASBvM}Lbjl?sOs=X3X=X4xSiSL_HsZis^v+J9fz
z9&DFokK8ctM_!cWgmc$?kg1b3amM5k<HPmRbr)e2n3Rl>JA=YtcbKTL`zY|wod<aq
zm`lf-&>7i`wfXvOyV1M7WYbK~^CLozNU9aXfB0}6Kl$)M?{)PLZCxMq_5PrZ8Gj<y
z=xPL~Ao7DJf3oi#Py5ky-9I!^KjSNw8QD*araq`OyS3)v&S+k>x>s$GmyFJ!+tmAA
z`h;Hl11FY;Hs)=@6@j}0r{c+<e*Ezdjr>PNAoist3ogF5{syK0KDnFPn#h(3wW%|i
zx|lO)TN=RgVB<B{;Ksv$dp7(S`G4@2767z1Tz@>vnmHOR0(10G*IxPlN7xR{jI;-T
zp^3R0PhOi*^e@`gh1?`qjoh$#>N>`_E?M>9?8$9p&%?}cYlGAPQ7YTnD4$i!%vkic
z(L8$+Rel@C_O*AmYn!31Hi@Y;3HAim-Xc!m>}Y@H{4li%eWeM<+H<ARZ-1|EUaCQ4
z)T>VbclJ~Lq5gCJIoy1annuY*GT^2S9~2PTJ(CopPDDfd^_TzDkVX_NjS}Q){<wx2
zgE2o&k1KNU_^ZH=;7`mX<TU$L3J!Ned&(n)ak|^;9Ki1u!N}&1S4gomRUlhjc_cVp
z{1|!tCoz^_wlU+Rm-vOqiGN`B$esb^kL-2$<Z@9;`oX5M8$iESfe~oS8*&qrHsx7o
zCtd+5&(NP<kDdjEM}z@B0=#CBvso|kJ^b<&ycAQP^w%Ks%_BR=dxSsa{x0M$nR87g
z5CSCVNq)YG{DbAmdhWa=-gt}IFn?|W3W#gWbW6~=1Jd&>`DvsZd4EVRK--u7*lj=Z
zZ20N@Xnom_qwYtZ4L`jf?JxUr)cwe_-lzAY^My(5AL)7K`83kIUy#0kq~}@R(@5`q
zLHhoYo@ZiDBfb9x>H9}|o&`OP^uZUT?;q*8Ci0BB)%=3?VzlSz+#3|zjUTKdQE1()
z@HV#l(Af6F*0vwEw}1Vxv+al7#3Y@w4;wd<-^xtMzKGNhWYH+L{cN)GkkLeLcaEh?
z$-XjwvTkT8GNQHPgJx=<@Jx%_5;|C%?o9kP4Y07>S06sSv&RyjA3ogqBYn_qeP|m-
zx7}>F2YEy}d%^kny%Rc-ZPhlv_e9sO!*DU1lL0)YSdAyT0DsS{WFp)hy3RqMGqks!
zt=%~@TYJea1LtQlfTtiejtpt<Fp$=D?J2rlY|Ye0zGZ9ZTSIrmNBiLsp&c9uS_3cS
z*qJN>TYGKZ+upyLb3gn#)c$9qJ~JAj9YwH=u>NW0rl4;h6M94M>4$<IcRPk3-B8cb
zcOY@F2<<?_Pk-rAG_|!`-!pOXT42xpt4GAhVW=2l#7NHnzq--a^S~cFuKll*=xfb(
zZF1owHXeY<Y`7bp<KB&fosO1vvlzNgIAvhx_{Rug)k0r$B5h=P=*EOoVrfe!n#QN&
z5pi*tbJ5bsRZ1Igo1>}b*-O4Eno%cb7+eVQJElPI9)B71!?3;<kcb<&?Ph?k_y=w2
z2Om>F_Ktk-4+dny_ry+Wo*&s^O!+qNbN|RFI1J-Q6d2n3xkbt(0L;gG?$40-ogf+x
zBM~4PTJj_ydB<oCb3*VxI?VmUP<n*9jd2Xl_<=S#fjb53;K;BZh?2u0zXfImG#o3b
zV<Zkj%zqNk%nTzt;D2kw!1Um)<<!CdCN`Ho1sNr$d1O+57!uHi>+kv|g(t;=-W&VV
zA_V-*=3ldbtUX0TiJ2CM^`mM7a5fIZ1=`5!gv5h~!VDs3Y>uKZjgVh|`Cp;-_V!kL
zXH!%r^28tf5VZvD9DaZI!-aP5n2f8(#L<Dy2!Gt4SN_ED5GT_pnuk}7h98FYP~fNT
z2b0EQ!hION&?a5!t(Vn;miAD?PahH9!C`npn=~ONg-=~L=-x!oMMOXlpZzrCt)oJ2
z7>C;FmiA}UbwCipJB{Eb(!P`pr)CJM4-muoBAjwS=SJdqT-DfU9p*rEwC^3ybYl$6
zg?~<fp^quHC<Vkc0*<N!8m*3T7zCs(W553L4-sez{6GT~yl|o)7Q;t`deA-;)Ct`3
zE^Jl;j=tB2gW7-_?JZ2#eb7b;_;zT{of;a31n_7WLeB%)(C9kUe=-9NZANLl9Mu>A
zr=fc=ytER$EQGii3(y%n2!4UsFg;6iB7bRC9Qi?DhjZV<6>D`f91*&tEY4Rcd&TN$
zTprivV6+aSiFC5+_S+w?Z*K&bSvnsb4gHznV}gAcA-h8d=pzzQ$ucn8VBw9(wwea`
zsM<AXRfmx$y25<M+9Tfq3!TRPJgaF+6H5a12|~kb+7OW6YMwpu;Mbh+`_qIbD}U8J
z+S!B4b{K7~3%vWe<wUU=4-=0Tv$-U-``Da=E&frC+QFdFLeHFsQ~&WOoM9Zudfo+2
zM!s=4RU^1cK+m!&@lj2On2L4~FnbzIWe1oT8J0npj_Kgoll)kf&3L#?^$w$l(>z>t
zBz$WrAL6T_?|+<`K_;GyKQ0drX@5Lfi|L4m!?Zxf!2}AX1$*C(q0M_5N5ih94>vIT
z666TS3!`8maxjtMVoDh7-Qtth(B8j!`S04$L|-LJqb5SeMqPglvdF)A&L<62dH5n+
z05eAY-VCQ2@Z^u-w5}Brqrusemyza#nbbAY4gJ#3co`@{i)_!Sd5@xzkbi;A5jAR~
z6^A~ocjkD`476}+4d<AF6Fso&b>c*q;;Tz~oy-w+?JqFq%zQvUEkz)~6`j}-dT-%h
z=*t5XpcMY}VY0+Fd+&e5|BeL}7?$uLB$aXC&op?$@|WQyaFU1@j@A&*k8qO64&fTr
zHO2?wU=7BPp1;(l@P9}zV1J*+3sfdJ86MY?-pBgJgx8J7q+fW52AvYl(uWraYl|?_
z{NcUhFGBaBa#CWy4YZzjagO=*frAph*iZQ3Cwmm(zS?0Zxv&&MVtexW`fTN-P#R-l
z%chHAedNy?G;o7e)}PFK6R5)kQ;gx2T(TJ1fydPo++xc3XZ{V}On-k>fo~&v)K*%+
z;S1)tpi98}5F<NdqN`U=G{qy4vnQLbHBA3jX>2$I!O{usOKmxQAj*Z;BnlqL0O@NM
zTp}+ktA4xZTXFV;%zN&`Wiidt_14)Fhc9>fUIPf}1)+IR+#F#&u@b8}dQVcPJq|kp
zN(SUtM3h`&kcmm=rhnAC^ahfeR2sb)zrKQmTz=VY?w4P7R#;pKxz8L68BtjHkpU}P
z2{~LlSxQWKb;VhxoR73lKGIrSBCVHQLP@xx5_COfk)!xt=*?~kL8G+x_aH{RxOqVg
zjiFKE7ps6*|C(mU3nahJ5Q$J}6$%7V7cjrOz1Gfs5)ifa1%KDENCToWq$r{>Q(6Ry
zLyMW(EEK@z{LJ<kcng8R-|$bA2Q#5;MCg>3q#4b2UmF6AR9e-{w-)XK<ej^zQ+?lP
zLZx{C9+WvOdu%RT4rQGAAnD-oC8+|fa71W?gomt15@wKJKphYjOPr{#y#Z3ZoTBk|
zW_o~D+Z|(7p?{HUI>;L43(s<*5G6V%jABj^i?Q)mfMUFGEu5m=9CQ(T;bnEO;PB!~
zQCbcx!86~yyuDLGOuTR5sw7`JdAOirAZWf+no((z^eqRxsVuRjBEAqnHt;6W7mS*I
znKM&$an!qa=Zj%j_uv53C;oi{|AD_WZs#@@P@#y65r3b!2JTw@_NLx%Hfx>UP1FkX
z`rH~nmb9wtiL|;GK-7g<+>Q$+dO)|*=F8^#-oy_0ywD|%(DW{TC0)?7(OOg2z8BVK
zkj5#-87U#EoY52yoa=n7z6OwJ6&N5cnbk|?U8yrJw9a!_+T0GN<~)>&)Y?mznlmO+
z<)B@KM1MnsfTG!8o|wSTfap1JSXVT%@Ir-EflTlnjEgbzFi!~jw5iQO9G*`DQ$&ez
z#B|`?qcDJzlM0XO2<=PiZA9`C6acCp1w&rO1_;N4ac|&F(9=<&_e|Kedd?9llKXqT
zvnT&eo6IL#tp>YYL%FJg5w1`w>cF*l{>j8ke}9!43<(BXxHSH^z!&}-ld9;q3?}(W
z=F=K?qu=;;{hF4R`XKO^D<jx+&^LV#OA!UF?oD@L*8~lV0!q{>z)5Sc6)N#F{OJ6J
zx43z6q3QK@UGILaJ@w}gl;o(LKfS=RMJ?_7z{cpJakNAw@OvNFC()Bj?WH$bRd6;=
zhJO+S@~|<E7K+iX=ys4B3V%jPb!q|`po1CMmV*cYE@~rRuRar=TbSz2TkXf|ckiy>
z-2LTJnl<1PBqVTiXHJAd!|*|K&1KcW3&nDQ(<{w#0=T}Y8vdV+Dcq#S$K|q7pLmP8
zj8_usp~6mGk=B{<WwV2NZHflGUB?%9n12iK_U7fA7grj~(RA%gC&GP1HTVH(&nR+$
zu2_qJ<CS1Lf`zBF1~|#|@%p?#lkiD>vJ*Zxj}HuVxAAY-hYXS@8rGIbTt7NgvyR9v
zNw20CT~!@#gN0fA%wLUA_ia2m*DpwUz#BxGkPxab6z9qgYFuc~#GudJi3wuzPJhF-
zc(`-qn40go54)|d%^+_v++QeRina-k`L~*0^+Tbbh0=~aw4)`4-huAhCN#w=0|_>j
ziPw*GR$yRMKrBB#D&K17s0v(Yl^2NRGSTcEj|NvT)+SUBG76L92eOYNI7CWGPl{Ef
zdyG!34Cd-KB4urA-_V$rZ?omz{(m$FLb~mc=(fR-D37w_#M8zTo`Z)bvgT=)`A``l
zg|jTRoYCP}eB96Qv%KMFz86jRGyX%~_z$)jR383M@HHGWItwUq!l`Y76j50s`BQ3k
zxCgI+#~EGidLF>ZHFT}nyK42X+HLLTwf6kkUDZ)vhRlE{#A}3C>7nuFLVv5es#2bh
zju|rjnw*^a@)=4S4%R@%OG8pO;FY74rRamKoIOfx`w(ANg^8SA_}x3(bhS6|<Pu~z
z){=-y&rHYFt}QD-Hv>k-BL=8G@wR6LOD+8C-xq%L^$)h=1(<<?|FE_5XR!2V@HeQj
z7nGkm6)#NxXaNxd`fB;XxPNX@Tp|y#FWeLO_`{W!sk&JeNXC=NctV)~#;7mrOBmvh
z6MTlApsIt34Y<;7Q)W|CyhI>wb*3bE5;-zp-`?Loe^-0?Y!6$PElql!zfj)9d|d2*
z3!k#cfBxozPBG{mj7Iq9^9$M@SlId7i;w0*<NW`)SU7NleHC1ayMK9;sJC!EMG;kz
zG7SQyO?)@S!5XXT+saR*;-!BnR!$3bSL5u-HOLZ3F?`H&Gl%{?;3A{JJIobPB^pKU
z1L#M8UjU`F*dpqP3eP}5y%E3!VqztB+%Za5h8A$t710WVw1sRoX84gEf<CaIdz<k%
z^C@;AfHeRu&;ocH$bS^cNkGaaAsqT<V5JQ`_<8_}Cy`C*S7JMf7=laa$PfIWj#)1u
zmafJ?0az}P&+q{Ro>_P)$UWLgIH;3l76*@4Nbb2gC{QqIUHidb+V^%4TWUgk#lmFM
zU{x&&#zu>Rp=41ocC;uMJ6IIjO%Oxv*qIq`5~49e6-MmI@P8q)!#JoyoA|zkOwXj-
zWe3P>Dn(YobQDJ7qsN&PM>s3z<md1`DQVJ~x#Xip#(F$ym)at7<WZ?Qm*s>X!;3^S
zMF#?UJO!LE`PY1YCZNEE>xZ!FJn>lt+<<m~_W_L?BMx^lfePE6znDzr;jbh+!@z~~
z6emXahZs7&Q-7Ly5402yM?H~-g?tZ+MrsQv0tXif2&f7zMT_5}zchvsPB^K*Ge3xL
z_`hi9C3e>?0Dvd2Z}5k-_OyAil5U4f`rq+CpEXi9sQr7#wQe-ak-b-TSk83F`h2Nb
zb~tw;!CuS=3!!o9>niWKBo-CHx<cklGO&xezgHa5fPay@j)ztr<R_V+5pzb-Zs&G=
zQoq#Lwip4mgUw&eIrt3DDy#^xNC><@24s8q+RQe+kk^uM70C*jU1_A5c;RA3{T1YS
zl20XT98(%N4&}v0(<FFK-~!|A$YLP1a?`qZLZ;&&QUoGsj{+iqk^)A@I4GGEX=Mw3
z;~eqq2Y+VZVC)ULYydIQg@*O;=J+C-w2*IR7f%LOLCv(cNdS>t@5C2=&>_Y}3eSA$
zz993??8wrrW(_VsWrf!s<#})H1hXUtQbrBQoHNquN@5`p0RJNa3!)u6^6`7t4<oh)
z{)BOTD=|Y=ohhA^2Y`Cva7`Ta1XNPo%dmh>IDeZREAsq@cv9vIk_KSs?JDtE1o-TM
zR1MIOQ|(C7@K#ZAiU5Y6O5DzE3bt^p8VV?QFQ;%Xwm^B2)wtpiwSxat90DelxR13x
zJlAOHd)Fx06+lJ*+PLl*?e8-e%xLP}TGOaCTNPKaaICde=t)gS3Q1qlJlB1uWm@O%
z9)ChOg}2C&@3}ilh{qR0Od8tFiyKyJM5I)>7~*NVl$AE{5nbaF-C*O?#Ue(pwRtCl
z&_r8uquXyj)4R`}<L>lp%|T7qwZGmz{aY1xYb)RK*J*YK*G8-Ltkbz}K7an5-fLfX
zzJJ>48~XLrXH7#+S#gTIQ-G0df7KQqhJROkf5Un%=F{L|9%*;BIYXPa-q&i{?E(}A
z;8Va;|3u{Bo93rZ``NQ+twD>A1#Fo)!VmxGSb_7YJ`O4#iCz~&VTw@;fcE;=EhB^4
z=an#9Vf0SB-vVR~GNWIY#8-d>^fyJKgdY_i|7KZWi2(%RO?uWiWCOJ0Qa+6`O@D@r
zln~-htRn$OO@D|qo&6R_oR=ZqMkekh%g2al@v#|-WC8e=|M4~H_GDP$l4;D+GGQ#2
z_}$!IDJy9CqeUEmcA4&fRe(p5&xG`qo&qDMZPykFwpAg+0mFD92w&_xta?1!gX$Sf
zGQ4OcqS7;UR450yf%*)P!5Xsl+JAg9uOTHjqeWnc^=UM7zhWqBW=+6&z;LNUEH?>+
zs)X7qk|fo$oN$&4+R0X{HI^jw=>4-N7)8s$P?pG%k)Al9z2|saJT~^j@md6bU-%Bz
z1(Bi_yno3z;37`!HC@LHw-h<C+#&&nu_vxSG+lCI)CEkqEH)LxziK3B)qiNZ8cLD5
zM&$fZ@9us>y$36y-fFd0l|sJ<s)6m9($=|9x3__MwOnf&>Mbj*R>#Bo<P}2TQ8<k=
zo=gi3_@b2|ULU$T>pLV$HXz3`Ls2UgfC1rwoWODbQbpj7;bX_5M<59@_<k4$BD0Ka
zo5I6Q!k?1Jr?)r9ZB+Q0B7YDw%dh%Xo-C3;%J9LT4gP!AQSq?gdpH)SN<|>q(FEy7
zyG}C~5r?~smDGygl-B|j<*!%^-5f<)()N=|r<rK4B?%O`uPxkCsuG&f$zK(^;Y?TN
zL6Y?u%`g<up3WbIQ_3ldyG+IrofuJ9MZzuImBu#PLLaIf>voBOR)2&Su3UFn89C0E
zWJkql>cEAT4;P*#<h|tUF#UOj6t2S&?be2@B=sWDO5|ESNm?(np<~8a68XG=bYBWe
zFF;cyxbkqN5ObO|lY%3;9MO*CEFR7N?%^2+`r(k+f0Ndm^K9okzn|5|ggtKey$@Vq
zL@FHlnClc$d(5eR`+xqO_U8I^rj;#0xjNDw7MA$(%h%TCwSBmG_wvuzch5ik>G@wi
z++5$@-u&?H`Zj;HE5q+h+PB&m`KihUG|GZR3^qcuR2FZU%&~}b!DMa)iLQVQf8>yD
zfyBLaW$XOqII-+gy?7EFW5GAh${+=u`2^6dNwFaW4i#F1FMm-pO34xA>#!^buMKee
zY&8K8GlB1;Ck0e-%+{fx4tr!GM4TV)OK%E;nu;uzZkVLt+1Lp}QP+%A!*e!bibz$A
zA;EXi86l%fFBtTh8I7iPn2%^x9TB&!cw5^g_9)E%6no^_xJmvZiaGWAiI15eW6VLj
z(HvIJ?k~;~q<_JZRG3UekY$s2x0WRXCnb&&A<-<UECJKpV})wRw(1w!wTp%c_zIn7
z57oPA_q%6L78I^BlKegPC3E#>P0Cp$7S3IBWT#5k!FsUVCxv-%eomIX)=1)WqK8C9
z!ePiqi6@LL5<<FV@Y!cAXALo=hkpufFLWrh-|^Uif`1B?;}vRToXBO_5lGDx2_))l
zSUw^2k}Pv6SHU{ws++84RAR)On{blJ{xexPmK`=QyOaN26Odw6L^S<8TGfeeV!2XZ
zb<S<9R>`Q<64G*9wgAf&pf?!K5K^i|Ks(LbMGn7eRSfo<kiTj&*s1G>ip^#lTSXTg
zOR<TB!hiBYS+HKFz1Lw)!k8Xu=Xe3>Muiu&`1@?3d$LSk;+q)0KmiXMYze6vI-;h?
z3WhLw+ss5F#8D9#yJsc=%BkQ3c!K-^^vyWZpEaWxf(3zeS5i#~*<r@ND^M`TY#5sN
z*I)k0=F4Ay`L8TlibN^|nl{m5%5^>0pewPQ_kYfwoX4rBz-q@>0tcDw&=rvh!onkn
zkqC*11p~GVBjJ6Bt@U-)IwyK@4JkZ77-aeW-K(UxM;hsvDpyI8Qm9fk{Wu50GxvSB
z9)1i7E}pFpB<zsJ`l5N2D49C6AJNN*lhqf)g%>T*wR~_;^Cne-vsZk0I++lSO6R0_
z#DAV4<12ps<v$-Mz@ppSIluyk*fGEYhj{z|i>`h;0Tx{&3B8GLuD0n)<Bi5M1VW=#
z#m%`1UsaBDr}&ce*_(jLfidsHWhKlnDr04E7=R~c_Hms*k}@YNlayQ(p!$I=6~4^4
z$y!P*)-*_}XsYnqPiZCR*Q02`<+CD++kZlzGzcf8VT|pi5I{i8@J8;!lHNo=a3)k$
z|Mkne6lk1g@C<q4kDyK>TUweSV>DgGkDQ9+WsjD=Ea+EXjoQsG9NFJ%A*@w1rdqo+
zC7E#xgK3$|SeQ$b3WTig(MpAKpJZQ(l~X!9Z2;|jT+CXiUUls`1+hwaXO!qaM1PO6
zv>h0Az22-FVuIM{f;|YE^``i__@2OtgzuzjB4aiv{;~_#|NJfN4yx}ffmX>fV12cB
zPj#^rk+!j<_Bbfc!n+_+O29$1wy<f29g=t%%eQz4hJX|eOG6@0xyalg(vK4C#%60X
zjO`DiMhB%saePuJETS^JO#7;g+<#%bic`1ibU(F!zcE2^fyFn(*bOldEIqqCAoH?z
z@;PXTi&DA@6M_7i*$J4ZcKhb~=JtoTcZi!gT&RmOX&U1==?JM(=i<YT6>SiS-y%c;
z=x;ba0Ct=IL1|5R=fs2eci-3g{LgPI8z}YIK|mERVLC4q<Dn*=r-<LYeSh6()7j@`
z&^K3~LMQv(atR!@MPC@rrr!AX*RO72h?!YKQy+%u%kM+yDx@c`e6Gt=bphI@H|U4j
zefvZ6L$m%Vw0Jxfq-?TU&wNmS{+t|bMg*F8SD)-U(<Ja0^Ox*x2_|(PSj)Ul{$#dq
zCy#fXNjA{p(UK{$zwbIrihmxI%RGX*0$DTC7mJp4zdszqiTP+wuxSzu_LCV14{qwm
z-LLZIVinh-p#n9k`6pEu#G)@h+em#xqSvp#{6lmhzz#N|1wkpdVXJ|etqO;Rt(hH6
zD5(N;cWKtTd55<A$Z_*JN21YqW?D99&N*0*H8%a`m~%^nGhADya(^H)Coa&GsjLj*
zmmgrd1=$&3`Nby&vtw38K7=YBG^sWvEXAHEezOWK2n!NL@OXw_WOkrZN?K{?o3v@i
zv+}kI*?AoJKLfkZ+j-DrSZ2i(au2gYGZmRBi6R{x;dm94-?)T%x$j|57HRL^v8kRg
z2rN<9zz9P!)QuNzZGYlKH3k-g6N#ucz7mKM59~0<Lh%Z;@>k~2cG1|N7uY9OUMz`!
zNf(yeanW1brwh-M0ZP~{$^Ijl&MV0~L4lI1s|)(#q9hn;aq$EeA}c#;unB-TrIo+I
zHDp_=2zMNinoQK4tka_!*E=XH2HWoEvjh>q>7t=`m-BtvwST=4`hC>)F5d{FBm{=C
zs@ds+x&)rT;si}RI&d~ZXXs|D@5=1Fhl^FB3S_jHCG}9+;AVKK0g>i%xjz_yp5iYK
z9ZJXJaC*||OB4jG>G_@TTdUqJL;Y^G;;Tg&X+c~-Hr2d{HGId5yBDD21zw%_=!PfH
zis>%Rhmd(OK7ZO`<?N>2V&P(?VhM1s$giKGRZ<esh6@Z^`)i^v%4+8F4E#;mEz#Lf
zDnw9*sXh9LF8A6nmK?G>w3A$r)B`2)j4V#Y+zHOEjq(a;g4J6ebUG_FZHJ2q%=XC^
z0u$Lj7W23t1v-b=JV@Rk-XFGoonv(akU=h_tXg{2a(@nVO0X3Mh5(~UJt+vWY|2h3
z?rKV#TdJ7@7dXFmL;n(OASfPjCB-#=mP}zaR~w0^Ce!|k4tWq7{N>-6VxjkNMaHJl
z08N1%cOpb%e>`aYLi=mwUDDA&D~b*(d;~yWY0rF>x~_2K-@H{Q!i;mIdo7B+6C_+9
z1cg+QVSj?6MqDHXBZy`c5Q1k*$l8}{_M|vyN$vwBiI@}oja-&Ehvi@Lgq){HG<F{N
zL)V^#L@Y4BSeDF%*D#kI)0Ma{Lb#YrxEx&K0+w88MIiTs86IwN<?*}<x2#;!>YL0(
zllSY&nQO%|Uzym7de$5CHIb=1cEk&iQ;Lxc5P#zUA*R5xV<wa1xx1Lu9504A^Uf8w
zmzD40JK5)!J$HRsAUH&8GZT&_Hf4q*vhcEoa-Y_Np)y><fy$G)3YGR-fEv7U)jz<~
zY~n^vlF)<|?wGRUqlp~pT;<{Wx#C6Xl2SwwjkrkT@gIte7-v^y#9hgWsWK3%leTGH
zYJZ~b2c_i?lMFzqcGBL8+i1roheS1<iDsmA?fjK9#-lj;7_v#*nc2nh14jw2S!uX&
zBl;#&Hxr;^TX;Z<TX^K&>*Dx8OvZTTlRX4cPW4kf8+A|+d^w_zJ6LjY*^C@~sd2Rq
z8v`z7m7k>BpeQnozb3YNtT^P1$i^_l;(uB*|6YE&W-Iptv^ZQ`iZ$SSasi%?Wns9+
z1({zgnUIGjj&vp|9{RXaFswDIR7}|@&V?|_I!Sfl#9sqWV;U~cte{sce<b0i2oLtX
ziJc+VniEt6|8ZBG>^77xMfHjg)Co*7jcN$1QS4O4`Z;$ZiqVWNHHy2{Y>!NQQhzKE
zmIp!HC1R?$+H;cjbA<COHVUCB4ni`z8%?+9r8Y-+NLUL%Z7}I0_NWOmo!kVO>}8Zv
z)sAl7_1UTrxh_ZNkQyp)7w`<xQV-jbV9Xvak%UY(S5qk8oNLTs<{>r1`{DY{i|4Q2
zzPQBiSIg<lGHt=v2@;0khGbAhA%Cd&jv?WFdrMC=j^WANcg~&^%()(YlA-1lSS+H}
zag9J^L{~mq!`!r(pJIJqk!6cr`aBChqfUo-9$?mB2D%^@fdi6)KZY0DBmh!MJ^AWb
zU2|HARF)t3TM(+_plc*x1jKn()4`l1OaV-~55h0}$A!oX$XN13JLNR37k?;<$vp;T
z+R22g`WNq6LUWNVRjWRZt+_HYvyH1wHZCASHpuCvVJ>U*wI;2*v@qQB-O=A}iO9?=
zso_vn+}z{KVl@9mH$+==@Ly{0o_-~@ow)3k+((f=Fdj>O4lk!Td14V>zcr*Mt;Mfw
zfT-}i^*G8?bXg6V1v_FEv47c=H39-d94yZ(7UH=Rh6_6uJP}<k<u?FQMs}`Ii2I6q
z57<TtU^Tr+YY=cCPes#*5(eE{IZR0#5WJZWuu7PZ!k09R*6=w~VC0%%h?~YQktmh>
zMhcKrYrbSq7K*g<mlzHbM3hq#I(Xl3n`3~Su~c&7n2|(L_9;0AV}D3ok{XGnX+v}L
zafww(G35q88#*qQ;=&%F@BwMll+c0pl!(PmEZnDYQWTJ9tY-sPazYs=qG=|obIYl(
zO>K8hGLyg+KM5B@Y&k)q7RKa_LD+=F-@FS2n71}>AsvSt8j^F9*=@XbIVC~nR$?MB
zR9W~bp`QIRL6ci?z<-(H-mV!Qf;B9-|3+EZ9S*bV?JPFOHgiS9@>y6kQw>yY7fETz
zIm-5sR=O2|EuNcEtkq_s21hCUZ&LDmA~<Ct<TB9-9MAF}TP~CmhWCS;qY9iW%^cs)
zEom8KOi49!e?q5v`^d7Zi*?T}CrYcum#ad(_L|$_aW0#XgnuwsP|)*~c`VkA(+!zr
zoLnk?1=Qu(n^ky&&r%wP6S2T4rUJg5jr>EQfyBzRbdVPTi0r<)&PXwgEUsb#h_nQx
z0e%w$Y`T#TL=MAC9Kq8aX#;@aV;7FJ<*U+|4TT)wp5Hq&xr6Cwg+kDPaDSz}O(HZ|
zdmo$ket@CDB!Bj!;e<Hn{+24pp<Hbxe`*ON8}hAJ=^vbi>KhMI>356SJf?)Oi)q6K
z*MP29AJ0JR=6|h#UD57$I4ZVU0!dUo%zA{jCt1a1kMcIVZ^V&8G6znq1T`<%&#Hw%
zHy;QbtQKk+Z$-i$Z?mvx*k0v+2c5D^_A={SuPIs<2!D5mPz$OHGC066D=l&6bLm$r
zDF}#!(r;Ef463bDtzaO2@#5x1^$)sO9+lI$)n<_?GwH9&Qw{OUtzx57hhm#TQLX0s
zp>G}Y(Ce+7m{VLqs`o}V(|+N({^%oL^tkgz>ildq8&;dT(sH|;sHZ~h4m{?E)v)2R
z=oEH|MSqWFa?@q(hF8i2!)%{o`qGopu-y6^j*=(z;JH7qVZCy$eZUF-k-b(3L1YW3
zKEyy;6P*NH__E3>VHKR+A2<7OJggQ?fvBP!zOW3!Q4l%H+7yt*0@YKDmv`eHs-CFA
zJ2FE%kwvMRr!4CrS~$xNC2UFLUbFtkP_d3s8Gn{B3xYZb3io?b)0@#&(<~=6hc3yY
z6VbP}Qt&pWS9r4C18>MxHI$bf4C)R`eW#{LEsL~~QxpP-n`t|#;wbnmi5r=3?xU0L
zEqe~5)`TJMg3K_9z|N&B(aufik%kgLYK?!vO{A$)eUNN+denygCyrG9=k+4;u>u8q
z?SEpb0<t$<xaHLLNWc}A*%_P$@_Rd&Qd6y0T?t;%w-m=`5S~QvweM*&(31k^XM~iH
zgBLQvT_*SZqixSo(^+l1i>9N+WXe$;*u7@<urdtghGSiRQN00PSZ&U$oy%Wt&9QxP
znH*P){G^fz3GqkclO>GWfMJ|W_K5mZrhi9N4hD}Y!S+|GH2gVRKY^K=y5zb#Yz4`+
zRi>t(VDK_7){>YlWx86D5rC_=9AMj^E5=nIqzM?AG&;e_vglLXffyyO9U+FGH%*NB
zks;eCND@}a?;tWkF+G!_4wFhO*jC9Fx~mM9QH_Q~;wS}=dj+#yhjX(;j8Q5ZrGNZe
z#BeGohmJOD<1r*#LV*=^j|~Iu(SxWy;f%+yUs%MD8ZP8i@Q~dl#HrvhFhYzPd{AD;
z5U|08Tx2>6|0GJ4$ig8aOGFgcNJ&c^8<Wkn6o<}C9n`qZ3DOnYMdyQM;c=y+OXM7v
zi{@K^(>X!Tgz0W!l=82gzm-KCQ-9_t(*>qv2~=_2qNSG^XKp${JQzNdO@D=TE_Rn-
z^n+-df>azY8bR&(-2BvZ)8)H3{)hS<13-d+W@@*Hx=@_q$D?!M6N<M`uOQMY4lXYz
zLM@6_NR^qv3z{sKIkM_4=_a?N`ay3cAy;@aDG*Xd7Lv;%n2=HUYmH)^_kSAGO!qmX
z3{?tGEP+TD6_qm9GUn{X8Y<8WS`jxaQc+Ve@K0niVe^X2m&vY{jxj`$DHUSM9R_WC
zbv2cw*S09Q@!j(mFW*p0joX(m-dx|kfA_p<#f@Z;=Wm{EH-wCdWDF31C3rBnxV}hr
z03qt#_fNHUzu(MIe(VfDeSee2X|`B2FzP{h*Fz@P6GgvFl^R02nfNf5LB+<=t>XAu
zET35Q>L;9AUQv@;)k$F>b6I6lNK#8)++0y-po+b?TWYbpSH7<;V;6%;OLV++P2g83
zBT)njZoBAtl!RrFqXUbfkj}Y7dzfBdXq30{u2354?ZVTVJ<$MJAAe}Nab<L`I`9iM
zKo(mkEDUJ_gUXyQuyJE@90;hRn^8(na2|=mpt~q3ZkCosmZC<Z$mbvu7s=*Tz|`Sr
zU5YfD%r+;TesBY;l^q5uZU=!MT#>YpAkqglN^yWuEP<?C*DB<uStxyGc>4}}(JJAF
z7*_T2_08LNch_(3w0}2m@1AEe8ntxQRjC4DfC~F-Hs-6Wcm;%SA|(vU0Vh61chH?o
zby}efkL%0DNh{Sl$+e0jdrB*rqRjI>W;mhvn$q0zv%^JrU>qYi!~AE8;$hOVn3n|B
z;&dRpx>!>-r5vhemUeraEX%X|l75PMvxi)G#q$1@Mq*O2On=nGApUHv67J%=oTdT{
z(OMEL;L<;{=b+bPN|^Q(%|riEWjl*ws7tpKLvvrJRClRS!}TAVWI*{J?>*#Sn0`{H
zFe0{Ht;Y96z%lKpVZ|`i*u;fxHiC%id<tQK%2nB@gslS1bcU|b{ldk5N)*iGV7TXb
zVs}8_IO>COynixAx%)7bbZyhJsCw+u9%{n?v=j=0V#2vTEw7QHIpH&ls#vYAAQiE-
zz(5IRj6-ZJNwgMpP;P^W6?C<ye|{cP0i&hODQqNDBryqEj3<ZYjAJeES_ih}%ZUCJ
z#fyV(QSB8MXim{*^^AD;79;3V@37$*n;OUQwiq483V&yuq_QdQ9bL|4qM>RWd!IeY
z>G#<TS~}BuQcOkrXR9~>zTBM|S8(QIcrWA{M>M$@n?a1-G1JEw!x;)NUxX!vKv0t8
zLdInNks%l7i+LEqkh2S6;KXAaI+W=Wr#&eX#^Q{6_0as@pahZq98#Rj$k<ssN57R6
zegu9WDS!NBb5u9<_1pQ^x6;umyivvehVsWHjH{2yKN!?nJ>v$85LAB~+dziXEcY(w
z`LHacqC&pQP&jkKypIY^3Kis{o~^Y`=l}ZED=FxORcKqk%w*Ot46poh=k{~w{zLHs
z>75NyDV~&Un8WH@NxmUP$$gbRL{~|{&3Jcz{eR^@Yj~QJ++3|aCTbdbf3<`q$V{Ut
zD>#DH3Ew8M_-s)L(YuyYeo_Hl;TC=|^#Yge5+S=+Myn{RdkG?B#;Qu0o24Hzg3=$B
zgqe49>Zn#U@vTc&nQf>-i@HfaMJYUFMlF=lii<g8QuH549I~%W&+|FfS`)v>9lwsB
ze1G_$cXj=P-f8way-ur%RMHw<k-F>$Pm-=^e`utB##b=N_6eG)YRzs<@7x*9tG0gC
z?AMLHKIr#*{XTs{ul>RGX{9L62Q>$jB@ouaCx80!$3Hak9~Dr9ZdodV-jO{IWCuX5
zs*lbeduel54UwTqwjwme{`$-RA}Q7TD1Wj`lH_C5wXiF_EQ%|AUX=VnjR%KzgjNjl
zqm!MUd`@GwYQh<YDdNKZyb5NMs0#&lx;eUB@`j+{#@g1FSZ9E#{qd9S`Q7fIn;CL#
zAfgKj=cKH;9?YDz1l>sITP6*l_@4G#*aUTIW~BsaB*KUf+&#xiY<p5Qi|Kpm_<!eI
z1XsUEeUq9D_7mo+Vj64}3wyfJ+H9yUJkNSBFLU|@DBiMckgWcaWLS~nMQv`VCQW5?
zU<nXNU!GAo!n@}ng8e17Z3#2Ox7sb)%VTR6yom~#jP=Sa2VDw$*-$y;f;gto73aR=
z!DtkohTTi1586v%^rN;7RD%Jp8GpG^unG%Y9ja=;NpL7&$|}O?BFfdNbOlVXa1ATO
zHPDLXnM8v$=<4>Txg9v7mISKvWCXc4gV+llQk0JwVUaJ1$aL;0iY8*|I3^mLIGD<!
zTnWrKvt9a0R;YO?z0@!myWwF-+o1@F?8vS(H~HBoV;iIn`N)$;h-#f@vVVC)o2y7t
znSeMC5A7!9=UFT@BngKXo7zDs(`9$7viH1v=lGPu0%&i1FRtz(Ll)MyfszZcRC@MG
zX)<vHlo?+{MSQ!b(`8velNYlq?V9UDv6;-oqV8moGm-8E7&5j8@-&DgwCYL?&_)nn
zKvf&N{*p9?zb~-Dw(o_FPJb6<gO=XFypx&}*5LfrhVZZkN4FN5WBljRe5gf!jf`tG
zGgWD_hOwhH7K$ECCu%1;(NO@+SE=@Ll;RqcmJ^N^p~#zpt#w=z`{YFnk%BJ^#EL6!
z$DQR!#HNVebq(a=QiS7r*e?tTn~hbfm@;rgRyEgJcYC=w^>O;HZh!MV+j@&h*d~jv
z;zB{~R9z_6L@`~C6is}bCORF`iN>(e)VvLggq48OPcrj0&cp)}`0FqKz}=_9kX+N`
z7Vm)eR$Ky1?u$flX{LObdaP4%77bBrA8RzRbUrg5M2-HX8IU{UWd(K<noDGsSxZ#`
z<0SG=2Z<fzYiItF+<&$?LQTD1r(ghJ{8MwD&Qf>0JnbEYTWT#xE)$rYt46pK6~_iJ
zR69!iZ$PWEDc2kd9h=|%T=^>$zM;HlC|V5dDR%A}K4`j3usg@lWMFg`)Zh$5;>{r%
z<uF{%tJ0`v^`feoofPf~R)Qr-ShT%>4MqPBmte!~`&N5N)qgdIwi{{JZ=PvDy2#^%
z-BjKN01wD%(uJE5YEi5kMTv`6#BJ|Rt1+AX+Is+YaVf*t?^Bgu0^60rk|GMnC-x7&
z!cO?(fXz5kDv;H*LM}1bkaZ<s7&>Vpt`T-P9huDj8Ck&ypNi6Y7{(a@6Qmjlb?uzH
zi^y{>im9R6D}QSvrcZLlO~byKcr|mMa4aHisPq>J^e}Wt0hnX)Q?UU|cxI*3pQJL5
zH_&e0afA+8$GCEi<$wF_x0ULA6h}y4mFU;y90OY^B{sQbeFacl%knqw5Zv7tcUYXo
zHR$3H+}(BY1b27W;1Dzk?gV#2aF<|#5W;`+-goQXcfYCXs&jg#d#3x$)}Avn-M<wN
z=A#3v46etWtY!X+3GyLh;or9Ge(Gt(^j}52^EI@sbKYu9Gx&5aRQ%4Xy=q)ffb6(f
z6^i<@s<CG^iOUi2b1*+3-O&azJuB_3c~NQ0`p0F~Pv$p8E_qLO_M2>_Ju%7-1xw8k
zXcA*qA66#*IGO$Cpf$9wK{yse_{ez?AJio%fOgIB9Y6q2d=o2s^5j(7W)M=McO?{X
zT_ECBkH9kMrN6aONT^5eAn;<K4KWWw`$flPtn)!;dTx9ZHzeXy##@eFIXq7JpXPNM
zq-mZbs4bRdu;AtyO?H$<Z0zyGY}UMsYHvV~z`VBgQX3KQ!vTh6y?^D`7sE#!p*#`$
zHW(9{2ffcUc-b5V56v=to8EKpodhw$X_G`ni_{|4*4GWsjd6#+hred;X@%UV2z@y}
z@1`0b=`Fg3^F&*Y&QA$f>E)w7z!HD4OeCZQY0x)-wc?`HEr=<X$?LCF-P#rfFdm$@
z{i16MF*x=iam|)bW{p>xF6D7>O?5+yCyHPM3QwzvxA(;C7AuGGWcV=$ACKkuT0<51
zXf>vQJe`@ZX8M%ey|Q1UyoMZ3+*WuPu@Kgpzo`eZo@Ac`+ZhI~umzMDdE}{${2UfB
zE)~DzhSsYJ$P}jL3R%VQu};#s%AvP5zZ0-@`zgzF7x2ZXi23qYUJfw9gHXRU`Z|;k
zU&}C3P2ay%9oRD^B)^-osyIwNdP9DsyRiCPqDe8lV=vRxBxRY!;00+k6K0z-ZG{m}
zB1g(Q@+ukkw&K+a%muRq>B3#09(ror44qrA&r=96pHseKd}kFl6QxbcH#DJXH8!R}
zSV%i@*eKfSuf>Uw&|>vv$bSENXZ$GJ{J`_2dQa#PU9SFk($Y>2c}kP8fw7HHW2Xi5
zWoE#wi(qUgT|#lI?gZlA_~*#`2It9=&nPsi?!X8~FP(T@fEG+s31FBkD#y+eIi?yJ
z3~1WwHvGtqW`KxQiCu-#;n|ap22HQ;oDk?b8?a}A*AD3iE}NM9A=vF1Pd0tCk}M<O
zXnQO0ZhU^;<ZBZfnd<<m{L+XOJ8SclKFfJFsHNIB6ps<r22!Fr%-qO+0Z%mUjYT+5
z>T;$s15O{H??{6UcFqlrrMcokD&xTyi|MI1k;W+XD;#!+abO))_=P~k<H7-spSdpA
zuEYu_mR)+8K|<S)7Q%Cno@hji#60!V%m(W>F)E#7-K^ta^tFktG8POX0hUSQ0mB*&
z3Uz6KfYYIFhz6~M7dY;;!^gLlc~>@nuqIP^UfG}`ZD>Cn<y!mePeU605f%b#-Mmkg
z0XG!U-vt}H#l1u&{gY>ncgJ5e#YgDkq9kfK@R!AtDSVDs3S$p26ks^$^A#bS_}$pf
zY)B$M3tMkSN8Ed>*r&6J&*iV{5*S#p&N*e<r+`KgkRg?&O1=T~NRcR?4D?;=bF`f(
zzxIjunH;c&Kc*v;cHF8Cwd%<+n-{pIVGQ}PX{0!#(1@Y0kgIZNL2OSf31vz_fF~Pj
zG3uwT8K1_p0i{s9r_f(0{fMDM%rWa*+i4I*`@Oi%iqyK692#zkY^$LY6kEa61aO8-
zCLWG3<cEzOfjLeb*9TPg2uTZ84ES4`jf!x#U`O*Z8pA18D(;1YQ|qkgynRBLK@Uef
zY1?r|u-E#@kYY-HbBHM$?4#}yg6x*An#-{2n_RQ;BRU5%5(SB!{x=WFXPJ_S7(Uq4
zO));Sb;Vx9it}-Y{FGC!@nQyMR)$%n+Y|lM5Tg;x-tcr`<&uls)7=E7_6&SMb(`8+
z5AA4uP7PzOw(R3p>M4bvS(X!6Edn#Ufc0LsC!XZ@Bvqm&te?daW1XK@n=<2X$*6Hn
z8hzQa8QkQG8kv0uH4ru?M7ameq{Pezyx3*s0baq1(cxEc2~#?SDIDOwn9hWF5AQBi
z$Z(EZ(whB29Icgy9KoEO9W<pZMojkGylONT7otN@dO4$JC5C|OP-ojBg@^D@U{dO_
zsy;S-U*^~|1_-ye$vw9Ux`@bvMkyHhnrGEC=BG4mMo1XHm_tioSx%b*;p=P~yf3D2
z#a54Z@e4JmiWq&5)M^!8HP73h+^q1nKsHCZw?Qa`-P^SM3PX$3Isp^U(n41`7mi%g
zIBH1^+{@^AOhM<&DgD?#6=$PJ1U}|<HwV)F9OuB@k{p|w`%(}$r|HvARu;rvPKQCH
z5n&eNSfr5lY*dc4XFVq=L`xGCM9%Su2+Gm179A-HiVLcXH@2Z%BCtgYeoXOChm_?b
z6)D@Od`GvJWv$hZgDadUMN+_&y#98TH$$$GArjS`_F9;?C57|bn3SPf<m+8k^i0sY
zo!!C!b``lDsI?Uk6{>z7g0o~;GVDfv8m>)6L6opRi&dU!#;zb$*Z6MI<|u#0I#|B~
zB?y4AM1B<|QrBuqjEs6KV&Ixk1YuN*cAYR6QxhnCOO^j<w7?vlDCa0u*asL&6358E
zCpcine>GfGz_YS@S5v{_RJlTRWSD$!cVGfs60~`cuN6D;MDqWzIfkQUIwVE?V2`;s
zqmPr`mlFlS87|1abTbTTuA=D=;>i9SC99q7$WV+_7LdmAF1f$DbHrKH7h)XAC>r=i
zlb-a<<c5{&&HE@X=PFE1761!T&-k}6X4H*<oMJk=l!33xF$%--RjRZ3?`V?XQFiEs
z9-cDq!WbAO&di}99fBP!O>exCN6q;_aKs8>*%QeCDkX7-Tm!dgbFYGo;<=$4Gp7=t
zl6*-<@_26T2ku})m6etX42aa;;+gcR&*%|pxV6K~csD3&jetdYqOxKkxLr>TRUGpy
zF#ZP*o)U;&z-}_1e0Sk{e2}jmT-59rD;Xo};u}Y&BzTI256x!!8{tA_gYP|GtW%je
z2w#dp9+LJ_YX!isAWyyWxoABM)M_rDluUsEZVkXTPQ|rU6w=A-&yc$}oi>RbBXcQJ
z{oXsUI<?L{x|gM9bp{cBCpv~(g{sRqI$pH1YU+eQvobY+C0RX7)J;>1W#zlty!3R|
z#pfMb9!phD@$(WlN<#<G{c9$~<aT)D1tjY>Ep5TTmy1O;Mmq7pJCbSX3$fqZ>z^Rf
z4kBTPA1o1@%B$jxP9bcM8Z@HYrf>#unn9!9D9KhV$?U4=fi(L>I29<?w_8F$S#)_=
zXRN@!JMMjw40h%+(0t5ck*HGkHj2x1puy+S`yDT4he6NVy3a-?@$k1QGZOO+aq!P^
z5P~QE@KdIE2yx>%GQT)cR;3W?<m0Uh`X!UD@<>d@R-V_1F{IQ&i1J0KEtwKlrwaN_
zN%&hy`o#!-&I0oDpbntB`;9M~&U-g*#spX3mhsn!?c9q)dx3cAiwnj_7yd%BaGTe6
zmv>U1R)g<@f-Y32(bPC-pL2Nw1X|f2@lZ_ASC*k;yi9lL|B@Fi0Y57Tqj+lnZPfP$
zZ%{|d`_qcaJj8|I5ynL_Ytur#)~ppA7p|SpDemAg`zqfcydvxt7}Y~xhkc=@rol--
z+uhYcKpP;Vws1n+nP1X4v?dWD`If}Y%{qmr(ScWcn|Y{Qmg|aC3?&Pesl`XW+6x(Y
zn!sC_;a!tgHpadId~rC|(Bqw0ei<beaAR(DvX;Z9fh0vgAuU#{T<cfMXt>!W{-!pJ
zQrFX5MWrP*M)^_<qxrL{{7m}1(rE*8XrFvmcZRgpBeBTxsartLi0soitW2obex42i
z{<szvX*2i>P6SfqB0XG09E$-aqj_v$55pHY5Ax`xwQ2{ZTdZR+k$tRdj<#^j5TK+(
zVhi0c00OF#R7^C=p?VNF`Iyb8bH4GLk0{+B1r#=jhd2EB{Dor{R~Y04CtvIEMaeO$
zs?Xfr*6W4co1<k!!Qb*_f}krhp#*|*7;p{mWO~hXN%w1tBI=X1T_)DSfKozz&E5hB
zz-dnHJj5!z^>DJ2y0Q_qV0XJ{>uvv4o}^DPJERlOYB5SxF597#!jNi7c>Ms8KaJ~w
z-QK4k4#D`qdG%z-cOvwRW%H=`^cC4+=#rU)tg!2TA~ZA14%Vl)vci*}ntWWnT7Rqx
zq_S)(%TAG$GQ>LXb97}SQ_N`5`2%7PE{i+(E%5L;+*DeEwXyc!loEI2@O&YgD_7ZC
z>V((<mv?)K7~!)7pLtW>u1I@uam~^&NHQ>BcPqcY1;UXaAp#6w_iJ7$=OCUsg-;ah
zzC0rW=g1cJf?-rsS!NpUzg0Kx=kJ)X`pYK{z+3?ktK6139PdLY(nC5n%}(dC#Nne(
zQ~eptqe?T6%7(kt)@tfg+fOKZq3;9&77$hb+SC&rFU?0Pm?A*h{DDvSbjxMVIrz(w
zSDg3ho~LH7mSfe%-D45kHsJ$kgPkmvYC(M}iQyfGECDA?0?HWLG$B*EJ41rd2xTx4
zLXIVF99P_~G&tsPcQ4P4US-G*iEX#cim~ME$x@4r*SgC!M<WHvFWWvkRN6554C3Zm
z-xYs02f!+zNF#`Hs_X~B&Ykov+ProK=uk$Q>rl7dP(_-Mthk=`_^!`TPikD96(@r(
z;}t}e72~xrgAVW{hCzgp>G}!PJ6>QNt^)tXug`0@LdLFXRUr()^&jJsCGV-#Lq*N<
zfp)duiw(1Q7Wfr=vqC(DEyus*K>Xd<WH?%EAl+A2N$2qObe|*RX=WAse-sA18N@N(
zANvrL5T=S2*~rL%K|#BKO024R8kxlOb2Q^s0h`FP9~<h}xUb*!Yi&2AiWp+yz6&3H
zEFuKzSViK@MQr$rjHXuQU8xA?OgE`HZ=HSzTXa1hjbS5KfWX&1%5M*&U`W={2BFy5
z27SYq<nISGnV$M<_&%WXf(~x78SJd^1kCR_qp#il^qC_^nE7aV<QKB&TUQ5=CQww&
z5cSff{AS&ZP{~$81{m%JuUI1zd}1$xC;L{sD~tm&JfF+jb#2?-y_x!d<9S@unu~xk
zW?lU<1|&JP@jqqs$)XYXl0v=}fL#?eF0p>3Vm~v}UIY;rN|~G>1hnggu*EScuJyUw
z=&SM#x>^OqCObrp!j{;DsejE`g^xkm;MSlcC9mkOzWG6qTh5=KE*6FO>O7HBfziy7
z2uH6_LpaQ78bMvrsTTDfahuROhi}-R9sMNub042xS-JuHj+Ghe2qR=J;-=EA=Q~=N
z#U{%JoZt1ariY(tj)+$Xt;BtS%~@{=8>dBtP2@S;c?1Sab=^w*I4QwM%G??c83IjL
zC#?&SI$yygSkD;fTWy~0AoXFj6}fB37l;d{7AS(7x|Y@Byh?YyXz5hpdK(wbGJwIN
zV3lv4D=r#*EmrAYnFWz>{sqh#;S%~hsA7X$%j$0Lf6~L`UJFW&L}SH$*r_ZLljO!M
z-f%JUcDnsZi9!tB7{||8cLMuq`4kHigcIzcNa!bnG)g%7@D<G>V?oKesK!=8NW=F+
zpO3RhV|nbQMXEi70^bbW+u|Sqwwfmm@am6+k=9MBYA6X3(jcQB5xS;-=43k!P86fz
zmrcCCNY)0LZJg=y!PWVG{2=yOJ2_P?4qU5h1l_85c$EtRgmvk0vst}7Bs-F&sy*X2
zCpMF??d-Q;bP}AM>+$tfh0SGMya=8!>DR)(<DUtHu4>ua@_9R?3Dn8ZE=h74BdJ&;
z@k%<pw_Z&K=0KL-=~mqz9qkvvJ|ni}*cN9q1XvmBxlY|U#i5ctCsKd|KFiwMFSlrJ
zX$DHnn$xOv$q!(kzOANXz?Y+@{hdc<;DJKHZ0?HJ_?021;8F3LI5u%Wz1fwT@Fybn
z&Mb2ALZpz8u8bP;0b7;oN;h1U0s+?fXiFZ|J8-k#`Y7bwe?z^t^Lp~x5SrV(mdBL|
z^39;J4w3(tsp_&gN9HZ$y>|;MY5U35C*7&w`^HKw{-uPWk3^~RF>AeGd%v#Y#-5l*
z`reeIIPqLQ^^LYNWNi2mW*)7W4YTUe+HkI}N$==d*Mge39Mo)ujgjpbZ9{>D5G5Da
zto}*`e{o3c-cG5Uj_0C^^Vkx8k^aFCpxgRbU5VsiXV@&9vVqH56#phIdSH4;qRtF!
z)^TIn7P`c|uN{8{5^N>4Ic)$s=X6A(>}a|<>x-{5FuAcVNwGh=(dtkyias@FoYF#b
z*|N-?(VC!_J`;^UbyqzBNexhtNwFV@Y&s@Skq!az3!||eS}O!WgDhj?EYavLM)L-F
z$0%LLtzU52WjR}(=1EP*&Ar<J2GEt^0G9F4`vt;+J`e9wY*7xu5BL|j7cOj*_k_#p
z#Zf0jneOYrRi8AzvZRZlQ<NcSZZ(ATA+*Wps`*4O{;@C_o%gaxlm}A?mglLm_a_}n
zqLAbgym$RzFJ2OV>ot+`_U+m`g7HIRn#X-D6#OAdfar)s!;L^_+_*()CKzX>nPFj(
z%Pb*@CYl<C7N}QTm<<$HK;T&M6{Xz3A;XGdbYL4s2431?R<Cu68VBY*C~Gb}Q+u`U
z`DuPiW$1)GdU;1?BeE+b%TEER5gV#vho~G&HtH_i(T}5Akz#OksSq&qDQ9Eqb;mMg
zA$zm$i|qcMaxDh<q~+pgn`rilszEdH(eWIMl)+;mInJ0aUazxmA2_qWVqLyLcHDQO
z7VFINIg$rxvHQrU#AD4p&m-z~8RhPXRnF8!-ildIiI=v`m8rAgX8yV#IbA0+gX9}S
zL)x!%YJNx=<(7mUg+$d*sc2;5HB4JguB&9G5OZBt*D=XgDr&Z1*bo9#N-`2);@+g>
z4r1fgm3US$*%M9}@77>5tD|7OK}~cwDwjZ2m89aG30-+3mt8M@_MpNTInUY@LU+wK
zWG4lbk1z=L468&eC(LH--!-!T2w|I-iyxOwcr_+W?2PFSo8PiXTT@*CJC>X-r9$&v
z1K$)6GEa-Ye|Vh6d4Nk!E|ncjVpSbfm5v@j0%~kXIce>V-*?x?OK-C;OZ)<loEC^p
zOb87hUkF(h1?T6ei3pN5U3Ym1lxUvP^_HC<6%BP-zHfb%y<@08nYJ8D0g31{xLavs
z)1au5`c(ZRV6%sBHbXOqS)kgpr^&QXf2`HvIMaSt_TUO0?S;y*+jm7tKR<j2?e)9$
zLuO%Y#m_Jfb-V+<YOy^Ep~I3Wy&6WVY`L$&kz!!ISnNf`Ed*RzSLIpXYCa7NnT(Gg
z<1a+YMB%q>cj62%ELvrCVj;5qwg|v}m42g{R>wZF86thzxNv6kksil{Xep697Nmg_
zVj3xKapFvdJY;&~eo`}Y0<YICCMm4d+GT^hXua`NgB>7K-ZKR*y!c^qmpu+kR98$>
zB{<D!<3Uehezuc|mQE^}qtPMLdag&x^ya)wyx@%J^wdpr5EVn2He^I%-khih$)BQ;
zY?4HkU8ux=Y#Z)lSw_P`xg7qG<lao?3f5Sg4HQXJOe<*%u2i<L;mWW-AKQpPb$4$p
zVxLwzf#mMdr{AX+3s3f2kt_WJ7nK=I(&j?;Bt06(=-}@<2Xgy(h3~GG^Y(rdGQ^y+
z1iyo}5kxoD<!F{Tn<1DRk(M#sNNbuo4Z0MrY8~cqV|)I!%@@t<a~0mPCA?hxT}lyX
zN~2u-?HQE}cJ_c<=<+{)%AtRTRG!;+(`Xq`{?MBNFzM$p=4ly|coBkG@s!BIgKb2O
z$MmM&JyD<bBM~=%ZZm^fKOb3T^On`7*~3wa#jF%(j#x+-A4G2Z3|VMHvj3BZ>SgJ9
zq?XO^EWq{q^eFU(&IYaTZi`ZcUl61%1K^1QttviUi+1eO*$1>mqBY4@zT0tRI?>ZS
zySgwZ;x^$okr7W@JjYb+IJo5QsO^fSn9$Z@*DO~oSp8wIH7WCCm}Ue@ACoKu#Si{q
zqNeD9X%>6cLIIJfQ9A4h8~tQHpO9t`z`aQPJ%@3a74@R0DHN*T(Hscu_EZ^invy^<
z+#wYD0eAy89dfibUjIg*8Uq_?FNc*h{1$!aCT@=+cE)Vgquh{wM`6KQt9i5JF)X>%
zyZ16gx;Q?_aUui9x@PI^8jbe!?Epbh`X!|rP5Y-RhXzRXVif>jH@t9-HYz%d{n4G7
zenuCNnmC~x*;--0lcjgXs1q9E=oLH&mlR!GSbFULE=A2v>A{qp5aBBIW+s9zviE!&
zl2lyUqT3+Ysox;K=}*DOh`y9)nJyK3Ks{x~jEfP@e~9}9yw*2%DSjuGcsAYfy4XQp
z8*;n!bqaFZWW;g$ebZjuUNcBMU$7voj;GHci|_HR;P*6ng<P<SmJ0HCPvL?V64o>A
zo9;Y{K2!wb!!<80WEvch`5ozW4DYUWhULKgLA!*H6+d&e`-nlm_m8)CSWP!28jivf
z9{g0>DJLb_fW<8IV)Jl4EQx3uZDsk++3sP=*f7XZ_*W&jQnCws>DsB&cdYpGBr}?%
zbP>z+cv9G`$dQHKQauwg7%mzIZzwugOfGlcd=Mv`DM#Qhb~>zHTqNbXTmBhnlNwJY
zJD`3X@UC}zY?7UXtEM}4)hKk`({fUJ|Fx@TB<k%Qo}PH%QMO0jT&tG#f-uL#D^vZ*
zP-}h2+Yhitxql8pu%5##7BpNS$>9S~)NI3Vu3hz8;b|WyG}K+x-OU1G=d=?*T6t1x
z0TFYkOHa#$!C|P#Kuqo0sS>0Z>V2h~2&@(@l}NhF&_r3a;U*D%y<puOqY*hV#EbQD
z&wk=Hz}8w9Me1s@)~KqW9!U}k^i-VUAPXe<B6JT<=d1IbmehM<9#+jgZcFgW@YS;1
z$ze?_v$ClaM@+kHO|LQ~RgZ271oK@(b1Ld48HNahJ}JE*$#~QqbNL~7g>kkiD-aOI
zq$o#(=Lr43{tCLS_+aNUPqH=60K)EeP+*ruW2eV!2>dI4Vcjt@)Xhkm1Ogihd~Lgw
zsXz7-HzJ3}y!M{;?mNJ)e^b9@5iIdpOpGijF+qa3_9u+56Br3QwrUD`m^j-7xQo0{
zS?0-gKUAI7O+Cs)6XvBsDZLF>Aohrs#*w2Q1%E{YIvgcKJAD8TTBL5~B=T~ko^sr5
z>HPdkBxw&eJZ7YlmgU-7g(w>8PnIitk!tA)-q#buwu=FWr;(Eg<(<Bvw<4s=orgC^
zRC`05SQBQNo}1#Fh?R_k(oZS`$xUh6Dhf@}6!-Bdv=Wcs3z1(mY6A)5U{ZJo12w$d
zg1tsrb^>#)i03LJm%HnG71&GJ5Na0tC0Syqe4AWD?4yb?XnubE0cpFO3=yVTmR+Sg
zKfkKHR80u^HTGf)naX!@mj&}nr#TAlJYdonPgiXt<C&qA%#YeM)A)*tJI!c)f1-8Y
zkZbPx2?aMvv>uVGtKhnmAZ}-$To%I4h;swh&D{rIQ|SpIv3%P5Xi=E7>Gqkm{OWCR
zk`hWk2kK4a4}N{tV@R@nXbM?x_x6RO9nMLEws{cKd)x7*@KXz&XbSQ)M=HkoLBx4z
z@LPpp+4DD#MnNM&XdG2r{`B*^&8O9iHhkB2s!ri{PGK#gCmI)(plSS!Zm%-^7B*8D
zqTBxa#&58ZtLC~6<9pAk&(taN+%C|q;bL(wK)ph7G6#%sG^DaVoBxZ+661~HdFk_&
zZGO@`S=q;v^B>i9C`4fN{Ws-8h2Kf;1WJ#v&`6cGntUWeXm1MNcBzIMDPSs?PsJ>M
z2O7QaZ*%zsv7#7AR{B_3#ke6c6M67a-Xz&0$$f9y_^iin2$O~^me|#^X_<VG3+(E|
zwl`;A>T6fom<)M}I1I^+y%Vf{I&|0t^W78XlRIw=AvnlT_*xuOp>TNVRE=HiV7}7T
z$tAf){vN1S3(YR>%i5tN&?Pmj_JsDL_L~%%>+U+!lh7OqznwSu`UU<E?$C~<w?vc;
z3{3eE9271J77iZ<9|i`BTO0^Q9x@r`!C-;{6hkS~j}d_h>kku0HTh9m2nI%4D6^gs
zLCD|_?^tg1M+CIt9h5Mj^miGCwsbV}bMf+Iw=lD?wfc7#6VgQfD>N`Le~ABYG3ZqU
zFf(uxmROmapPTDHg;$yj1mu?iaq;mA@(A+t@bPlEI@|nPA&qKTK34%O%pdw+g$;(8
zl1vB^4F7~-hWmeA{;~4!!t)b0)3+I(IkT4;0R!QWftgnT1XB2DDF37do&xKC-IO`S
z46W>gR(@%Qr}}s0e<Yuvm1xcXzhuoHwY*QTnXj1<Xi)z0`+s}0gR(JM5Sacufd8~C
zhO$Bd2n_#VEkjv>E%0Ql|2w9?je&uo`sWP{<}cVx)E0PJ$bSX?^2V=U%XF7e{3$eq
z|2+PGh$#Jng>ka-H2VWk{g=1@l4|{7JBJ9B3WxvqgLnB2l`?a-v$pc^<Z!pN{<mZt
z`9A=%|98&Rzd#LVMIh1t<N1HWnf(FF{<~<Q!2JU{```NiiKj*Iw-EHIfe<be!iqpE
s{YU*jr$74tGz%k!gRyXN_Ox>L{IBJRNPp`8{61Wv7+q2!f9B5r0ob+sumAu6

delta 167004
zcmaI7Wmq1uw=eqQQrsO%afjkk+}$ZI#f!TR?ykk%9g4fVySuwP-0pq$|D1F0hr8y<
zB$G^5@??@F$!`Y3;rA9%kQAgLATdB7SP%#cZ%Qr}NfPP5;*h$M@jN;ZD331ISO|Dg
zkWmrE#3jL@;H0M@r=?-0V&-O{q2^}eWMmcM;1S{%l;#pq66NEN7vfeE=aCeb5SLSz
zR@79HmQ<Ek&{mRCSJM!dGn7y>R@M5YYhtBg;`~ch+(cX1QqRcTP|H?d-ql#y%+$=p
z(#gW!-Nn+_!P?2g&cemnMcXdO+yw}-@Q!!&3@|dPwYF_`b!qkV?(*{Sw(|Sq;TPf-
zoa7Z-;N{;NV6PYAVjAe_;_u}j=-C|V@A)UhH8U2-jrI2T^Y;%73k;125A+WW43GF1
z!o&T85(2{G0wPkwBjUoNQX*rcB4U%{B0}P#;{L>i$N!_m)Wnp;gp_n3B{42F=}%fp
zLRwl{kY9UPa$b05?Vt3#q^#=9oXqIF%Bbw>wA|v9qWb)l@VtyaIhi>XInl+rX^pv&
ze~Z%c^73*EN(+kf3rfmM3UW&dOUg>}%gV}%%InIjE6Qsd>&lC(tEwAo%IoUtYU^9-
zo9gSE+gj>tn;M$hn(JGE*4E(A{?I?8(J9lh5&g-@qbV6PnT11{wF7x+!$tX{#ijG5
zjs0Z}i#6r*HTAu9jYEH1d;hkNv~={ebPP8(u2eSeG`DZHceR&y%`|oo)_0G!b@jFN
zj&u$Uw+zmAPOY}}?sZJ>c2}hLRA=-zmh?2#^tROXw6~13)lIbl<=vfKy=^OlJ#7oU
zRr5nF+hdJ~GabFXy*&dX{X>2I!(+q!Jwt;-W5a!;qoadkv*S~vqce+Bg99_8eKQjy
z%i}%Mlhbq4{d3b}i%a9HQ~fKmW9w^^Yinx*Bm2V(`(qndvlDxZYrBhUSDQO4lUrxw
z+jsL@2Xi~;>)U(4>fY(v@#V_V?ao}^&iu&!(#Y}B;PKkn&g$Iu`pWUf%>Lru`PRhY
z&g#w4^5fOU?ms#>K0G?yKR!J^*f~AkJ3T$!-MijBz1h8ZIz7KWyLdXkIz792ygl8$
zK0m!WyZe{Ay}iA8cz$?&xO;hfzQ28bczS)l`}p_(0U*%l=O@Us+!F+%{v|0QsN%YE
zo&mV79(ZlJG@5!e+$U8g>!$v-JS7fKa<|kWm)}*hGv+$rYEdG`r0(<7RvwB_^#9t6
z4GquqD|9WLSF)T9dHmLJa!!&@7Ih!e4jBQ{uUk^=D9#3>r)B&mJs-7Q$)6@v`7S_7
zA_Z>)0FV-lf7+i_Ce3nRz)q80??7F7Z#=%<LcxAwy+mqwmxU?z7aOWDm*S{K(1>B?
z{eK^?(;~k<Nj+nhDTiPBcX8Nw>JyjpVT;Y&j8M50x&mu5NvJ10{!^>siWZvD3|4eA
zw9c!mzB?cc=qB(R>;nMALCBbw-gq@_(B_FR2;^3TN~Oqt$8yMd3jG%KVt&^jeECXa
znc87IBSKt7d}1lVRQNd6{6g|_ZR6yn$uvBXnfL3tLcX?f$@}q(i~h)ivs!&h>!slO
zBSC8#TY;=@I9G7diMgMda7YFA=Pv5qGW$m#G1Ht@mf7pIRVJ|d!vkx*@m@M4@%)Iu
zD;NE|lFLB{r~f?5=5=jh)q44M{*~xM<(#$UexE1G3(o8Md*hS$;e>~E^X0>4<L~F$
zs`<0m^T<t6uY179yKVb>)`!S=&?<*@6QS27(H+}cRQqQ8y@Sq9ySU}Ylp`{Yw|m}O
ztBdv1uZ#Hm5+2}($BS~-X-h%*=f@Hyzp7Z4j=Hj$X5;CG?C1Vq=lioxW2R_))}@dU
z^kz@dC4tbTXQ8K8UQNe^bXG-cUcq6*<g-lHsYs(e;CSgWjUCMH{#hs6vG3th|3*1#
z6|f&AzZ^8Rc=6HR6W!Tz$nTj$?s}=C=L*Vr{WVLe*9q);ST$Ok7q>t10FI|E9w;r3
z?2cvQz~G-_wTq~#l+U9t0PtnTX5C#KYS)_1)??Px8kPU>Svde9f?r#n1F%_7b`NUU
zcwm1o$ynsTlknd!@wDE#ya=Ky!fRoUB^ETZ?|6z9#f&7;_><}*TJZLR6<TgI@xCo{
zT0ZIU22c*t$4<O$VOO6TIqp$`J8+m4n}(z*EkI3}$8woS431=}FaMgLoG>#tJkw+s
z1ZPwcF@tL*BD_3Y5-HCplb_flZdihK!!ZJVyj<F?(_33)`2nFK!dB9XIGxH^vm1!E
zLJx2^f5}NjcX4z%n0C%}P~2RoKmVEh-1BLz3Ah{>h1ltxzj!>iPFFO_01m=l=L0-e
zr~Lj=^BcAM=E8NS{0@|z7nwYrZutq5c}kCbr%`-u^|!Zr9xuBgf}0-;m+hg}_q<p2
zD_e(`rK|6oi;08YgSV@nF@nG&Owww@!rO6%R`ec|`tuSYI)3Ai_IkqK=ASr*ZvjcB
z0DmM(^c$BwcO_E3TsSN<ltKh90}u9uU5B@^Vi<I_epG7D6^71->wpS`1siMm|E$Dl
z$UMhegS+|M9nKjka#rP3x=8GLH)xZM$-Fntk?~Dl94A>*OHj?IDfOR=TdO5^k0t}@
zwj2XXS7qhd-kdb(-SyQpXT;x#01FR&pjFc2r`983p!?`ihCH!Dy%VwV7zd)*CM!4s
z!_EfS2qra@{9H_ThwYOh?;`WoH{^}KG(=Q+(YH$X`2Qmn?EIO<(gL?UE3=QkQSmTm
z()RroQlt&FXvoJ^ocCi_ol=n8<sv&y(H6|2%4wYJ2qUvkk}s~Q0S*rwZWYw;J7!xn
zXQbLqvBe5a3U3PH3USN697>}I?vjk9#0AN{`Lk03`jECHS(6@U1+g<i-hQ)FzrJz+
z3>p(j2328qu{&d_Vi4&L_10yBxU;zY2MrSW@2?&u@p})wvKyN4aP{Lz%7VpEf8{V6
zA@SljT4Ra9GFEm60J-(&jX&{!<4l4}Ql0_IhSg=PgFAtCHVNL3HQgDxIpsl^^YQjV
zh9L74Yzsw}P>+VcUxNnLcr+gfxUC;My&HvEMg!W}?4n5N^XI|jUf&PuEPJ*F(aOVJ
zLN?sGv9~@JX1fjZ&+H(?y3dC$vmqG`nNt_(t2hLcgY7Xz05V&+npI41dR`M#iK5lx
zNR*;)0S+kormwKr<RDNFBQ#O`B-jdSK@n6Da!tcy43RN@yBP@iS|&m=0xj1=JtUe0
z?F;1K8Bx(}ByuL9t;0Sr*b@7FYdcWJysb9#-4?T=O~c6TXLDS}@Fcb(7-mtG<CSV_
z&N9o3+rBa}ARgK;Z`|kl`5YLje29J6L9rMzjZc8EVio|~Ix!Qdn7WPThYXdA02xaF
z;}d;hLxX}09_Wmr8w>tbQYa~VOHovAf$M%>&U`AYU+eqty0$L&c1gy|a7phh%zk1R
z(%{pGkq&UsV1^t1*_Y|`A-|X|B7(X)G&o&zD{PT2V9|KaQDm>8kjap1XK01V-MN4X
zTT6gQiZVo*k77+6tT3eB2W6H<)6Kgb-4veSs?`GQ#PWMS5lI-ijFX*%;n~+x^^JqU
zVZ~7ct(YICTKwQ*+7USdbOIMG4}9nO6Ob!#jQ4EXUR?G~&j$RW5K&9^j=o()cW#8M
zwmmZ6fy|cUnv6#W&T$O$o|*b;iU>*B_yIOVb92c4oBRaHGA>L>Dc;R0Nv5pe&|#{P
zlK7v;zqUmdi&K?i3lT?9`iq<-MeUs6OIxsluY3IRB^;C(;^Wy6lavQuv%_9)heJb$
z%Qe^|=u{%(WzB~d3u7s$-RNP&$&7`<c@U5Nf%s$P_#t0Yn0dYC*H_GO)`Y5U$j<Gg
z(nFc1#vJcP#sjk-VM_JZXc`l>cLyJ`7^ciT5!YB}LAO`QzVqH~Ne3}dHnn-}g<?H-
z_Z)zla3&VP!+6qc`$6rzaMCgs|FXzAj=MDJIL3h^$2TR@Zv@w>w4II1;f^m*>DRWa
zz%U2u>yQh@4H2!`0{sKU)RX)7z;gDWzVe5jR3<rv1Kl+@Kgx=xx-}~+RL$R}9#+mh
zzj#hyXU||~sFV7LX&izumk*AFDw--Fel{!-KKl1)AmW^SO{IRg`{Ft*9JkM>5mO$2
zif-evLMO&N9l;A$@X%EB@O5Q&!s1038OU&T9o<`um;V-&jdJ7ZL0qYIX=z<!M<{sb
z)v{=W3^`FLTP#(apN!2<aj0lc^j`KgyQRjP2)Dl=T$Kh~n|l(+=0#{<tK>K57uHT6
z`)C<_eC#p?H3r;Q2D-|0alh%gnO}}coT?0`#pOAH_QtQzVf@TUKG5l6b|u;~kpSNz
z<JrTdHph!N4-`}qv}elW?ej2Pe*E|E%G-hKFw!H%?mK3Z)0hdtqN;yP=X1jX+EPbv
z<I%aWX>LMuOLL(T0|VC(Mh-CZ_oS6klD6{EuP<VU?TGeol{LRsz1}cYjqQaG@%`Y6
zot$jr%OxQ^NhxV_FK>tB-EStybO#1`f5c5jmkxl9ESBTb6IBH^T%AJI1=_>JT2p2k
zQF(niwCLaPOmX>Hoa7hW{j*Jm$wV4=sT|qahtSz4kJQfgZ1v$Ll+Ywi0!-w$O>C-U
zP9UV3<(DAP_OEdUNY3h_4BE=He0B;;7ohPiWK{TK8S|u9@6=t8XvywTmliOH-n^By
zH$(WMg>M&KWOpi88OY^Pfg{TEy=N$5_QWl)5K42J@JDs@EPV{*uf<iAM}>>WK5rsh
zsH8oAs;+BZ<fT8sb77vg5zg3<!i>E#3Y1!WXrO%c1lKCC;b)QP3_(8OvyQ>G7V(oc
zL^61BMlsH+v=r}fXj3JUon;_#=S4V^JqL9hugKOOW7Ivv-*I;NbS^S_r8l%wrQ)ZX
z6V0GrodTx1r(TENuZu$EYZW@~C-`SWiVQT#Q2E;_b%FSIQ)~7J-SqG$P``a8wR7tl
zhEq%Am_hk%VVY8m@^x`B(i5~%FwA?{L#aBo<)Hkhn9SAQv<;+~Qwvb>&!Byh?Usmi
zjKE_)^aH;wXk(>e94hB!rYtfsxf!OWiPqpU4ajJ=OQ1uXAiGUjbJYx#QaY8GI0eZt
zTe-9H2S(x#`W}bM+_bUKBqu1DoQ=&%IP-FSPQ(O|=4+4POfSJ+Wmp2?H=_44)}&q(
zKjTbNW|e*@r+0cIcmW=n&K}1uU|qStq&-7W@gV5C1knYf&+G3o?7zEy*>c|EKF+2A
z7@{3G_U%x98C_|c+RXfocXH>G%jUWKGSlaEupr_oVb&9@Qw>M?w2*`T>jqYu1zB@6
zfN^pr%8Iek?HDL@+1lek=GNSK<bjcSy}A)6QOTWv{^>3g=L&2Y=TD%EnPn6PdKq**
z>lv)Za6VCapUJYTIl4JR;~`VN{Rl4#cfze#S%;X3uBQ*7lYMcd&GF8nEXn`AOx?tl
zdU_NIuT64YiCygX_(}ADn+N6_4g`B#wrR*z$6<nE(S5O>3eP$%)+H*&E}c~M(uG@Y
zM3f5tx*|Sa7y}IbsI$aSK@D^%-=SFjY1FY9bPP1?Dhv*0k_)Pc%X!Cy42JKqM>|yz
zva1kqvEXTig5NZmHr$VglQX$(kHjaVv$*fxkh1{iPy8a5*WfAXB3<|6soT$+F}-%X
zt*)`;QF&gst>-a(#td%9lPUZntc|B_{Gz$TX=$4`D!}2WActdv)5&6c3V$*nC`_9y
ze`&&bcB-h$6#<b98m;{s>U7#|QjIJ4Jci|KfeefNOc@q)cEGNIi^z2?)E-Qb{)*7M
zy+CL|lfuQyZKUqKxcvK7S9B)lRTU#4_tnfN=M@J(@7>uZfyPrB;QoO>$^W@`E1xmK
z`#KiS54?=r!XTaV-_7KhW<8&pX1N)CewQb3HUGrt_uQ#MCg8l<%Skca9BQipI-Qxs
z=R!=j>9BL?SgmtVEuk-o+#bP@OPb&@Af`5~FjjY#>u6E-29PFxawTup+jJQK$Tei7
z=GBe9MQ~-4kOXsg^@eTli<7+1*m@tgHlF)kK)gKPtEoKi^<Mnu(&zrWyw`3CWykg0
zcX{5|L;17M8}v#3=RIlpAN8N1o&R3we5#}TH{geQ%b)76o%Tm5l%2JolN~pSHgEGB
zNW8cEjF&}0A6z1`G};ENwAW0`IKrfil8Mt>U-d$y;ULLXuiAeQa=O9iN-$xnDNDKm
z3CLwspypUXE_xcK6y9CreWB}~`V%ox3~Yv@L7{`qBy(ZLA5FgwP32TKKB3+%O+MUv
z4BM|zHE8yw;(Hx#M@yb>9(-+c0C#)uyM9k&qwBeT$!Ey6ZC&kOJ&@C18C+dc;jr=;
zS)wA|j659TT)>HFQFNIm*<a1cT=@uq+AEuS;|FMB{PmB6YosD#h#$%PSYTmkE!#MQ
zX)e<d#z%x@Y&G-&4I_>^TSHp;ZO2cQA?vq9UzQ%Vk+20C2D}JJ>(hTPn^W{9Z=Ufi
zA8kf(EWkT|QI%ohAP}C!4{t3O=FG|vl!LrI#w9#Bnt56iuyUix5^VmbB@zOGXI?2$
z={U8_G=YL=uKa|XFz7nd0~Nl@GO?!rHm!Hn!xU*4f|51+!;^oUg++o}QDb~ei6s4S
z_^JAS!&~Wi95-Kj<TS09#Gsu`qqCGbiB-4|Wf!65-Br|%P)S1-oFN+u$4d303UpG~
zdk=-mLLrM4WqpIU9!rDI@dh%bp)vQ_1Qo~`?vvrA!q)UTaVcDz7o#-2@-{dbol)S(
z(V~7iM#NV9fKkU$;G~W*=p{s3Aif=iXMqd$FCKPjliiq=tnSF3sp_K_UUxjWX8WLM
zD3Uch8?10%ykNMCYTiPALa_u#+l?vb-P~Fk#^SsJw*n6-Sb`B;o(E=4AP5kTDqz-$
z4A3LHFxI7NctXXJoO3u2c&)Lt#(eJiS{lD<=MS#D)(Gz0J$jf84kN}RVyHKdccTj-
z)W4F{iWHIl@?Y*YMuuMqPN@)<X~UAKLj1;|m%u6-VG=^^W^K!jpRAaEI3GePu>!kC
zZo`!^MB!Ev6IaI+5dts~oZ~1PXk-1-HELDhhMt}7#wHhJ8&E`{6jneNLi1QbMgIUp
zyfV%)ipdHV<(IbnK@D9Xh<ia#!g;mAd9u%zrQw5{A3a6`pHL|NtbO$2ofB~vswdU2
z7M!czzG-qJEY)CJ;<ZvWp+v2|$y#5YTL%Y4KiEFN;@n`LB?XkWDHWiOU|IVVoXCT@
zgL*4qnQMG<zyve)B+z$hAp<T!`jpKiHYR+W#4jm}m!5xUf1ug2SoMp$A~?7b3a?{u
zt_r)?9D}ta_mPbW8htF(ae(rotr}Z&=$9bTY>}xn&s&ns9Mc-Vs&zfSurqBRcx8$c
zo_p}z%R03q*8%-oL@$b$OP_028yD^YgeU!hIo953mM?*j(k&9`LCq4;o)An}`nvN5
zy2?{~eQTV4=*0?Sm^A!jq9wi)Gec_<l4&E!YsLwajC<1V<`g{qQ4x=EEuhgaZXrL4
z*Vap-6C5?>{<bM{dwpBeW5X%=9}iX!eSpg4dIAXhiA2W0M^en<Pqk0$@Lrem1^uJn
z?bs;%dICZ-<H$ZLj!;7WJbn8;BAkE>UBX6x8R<i=#^14Hb!~V}kL1dx;Z?)lkEDn{
z2xncVc-65_$^VkI#S5E-P4;~46?ZKnj3;g69#QsksRADcZ)GCIH0^Wg`caGMY1!oz
zcmwVRQH*}0f8J*vHfnkb?!Geo?Y-$}_JAN}70WAG)3-P&TXr(d&au)t+rPB_OJH8S
zy1MZ+8~qKMru%v3SqOK6v2f&>H1&Clm+o7;e)(Sbvyk<`laB=)7NvJ4V^nsVZmDMJ
z|7@H+J%-yE!tSpVRKafrB25HSK*0U;|ImnynIgZC@@F~R2o4Y*9%pB9-OpwdT)!3x
z6N@8w`F-m{2p84u7B=%KLMd_}pLA%4P=PHFusC!Z0iwPj*sXoyzL=kTG{8C{c)c;*
zN$88=?r-wbN!XM5iscz3>}(sTZo#)jKtB)12+-EW**h!fZxHZ&qZGasd8Pp7A_+P%
zhA5LS_WmT4(dhoqUY})`1ZKXccWL(b4eFvQYz%vg%80+sDcZOPVk&=`Dx>L`0#R92
zeVXm)d2$k2_h^&;Dw$&~O6{7}=9{_YwXqOh9<nl|o^Z>F&;2u}4X?5yEK(~~iP&i|
z(P{jscI2zSt_OxG8ja=y`D&SqJ~+fDr*l%zwC`%~$^Azj$gWN9ZxswcX-YoKT;tic
zKc$d{4a9uFa_9W;2!fFduPd;;P!s$@y4m!F_eEh@a8-uk@;B{yb}V^AESm$p^JE@Q
z?X@z=nVG>Ost%>!{btGc6w9AsO`8N_un}IZ1%qp%OoCe;ZmY{cNBrO3W0FpWwfz#_
zgq=HPkL+t=Q~C_c0UReNsAO@59|v+SU!f5q!J^Y0l=4V+zJjsQPk|4!!FU!Yn_Ndu
z$%%6+KigGuG#xrJgPIuj9?z?{sf#%JSd;h&@?l?~Dw!7Ul@n!t2*u(=i+h6MktT(5
z=Q{cle}PE%-$t(m!rA!c;uv_9<mzipVURqIdbn!e7jy7G`hPa6*xK#S$Pd}C?TEhr
zdcs30D5JGmQT+jr$w=QxKUPJj%>~9%V<>z)qnn(1A8!4fQAfAkahZXZJ!yln0?tTD
zX1J}mPgqmLtH?-O0tas+!A1g}QV${2RthdWkQ6BA6IZYX+$b%@MV{D9*N!ACJ=^$0
zT6k=s4`qu?3YerQl;DcZ>Oz}VkllvD6V*8}#~Vtw&l*R~Y_PL1%<McDX3NFmx|waL
z=q=h3aMIlbGvQ4K4DC^cJ`^uk=n_Yx(f<yTviGk5?u&M7Vc+)5>pjdSo%wCN&R4-Y
zP6N}AW&4<b%c}3+7i!B64T2&`_udW!bH6VJ3|mh+r+(lfjcmR8kdJjY8b<#1n3PoR
z3WsVt1-lr;EyFh*2{AI;TD}z!pS~pk>u|9Bt!$z72}Ii1wxG0HGU}iEW^eqm@=VZ8
z3-iF7Aftp*wIvvqq)E&F>n56@mkjfbTJ<J)=A`5&z~JVbAf;^DC&-A_7KS4!5rPP#
z8+ww5t7a^|G+X!8=BFZb@B8(4<z29pL{7Lukw5S+2?>yK-DC=}N(k_VLsch26cdC|
zSg%}?Uo?uVBb0{!J|0?KGwlQhB>XH3JH+~CqobWLqIcZ?j7;BuWdBWS@wA^-UPe&8
zGtv3F5O_L+vIMWHb(;rg)PU6ad6t<Q=cXsBOyyR1(>g!Wt9bWz^HWif_~(XvI}(B#
zq>RE{uGa?>%Fh)>zgnn1$AQ6iaFGklQvP4tXt1%GBtsYk^du8Gu1sCuNyb1?=wPpR
z8V5`<O+5lsl3-iskD6A0K{zC*6$c~n>T&nE{s80eb5drX03<NT^dL&K?h>Q(T=lcb
z^q8MHIxsmPX{{bq)T@XVtOz3&<y(d?fe37mXn*sz?eI{~vn6;MpjIC7K0`7*E|8LA
z`VYZDzFyvCWeByPDW8I4o782d>F2s$GR4bux#jL_m<Kyq)@%)AFPpaz@6DD8Le`mc
zbYQqWy}dvenkwoNX~nN^F~0t~GE)a@t7xibk^6T>OZ?J-#1zrkiDRAkq91eFkQ9;0
z)THvt)2}jGt{=W)FoUsyQgRWN{^-vtq->lS;&^z3DaE|(#x%Z#EXSzdqGl-AsQGgQ
zb!KwiN_f+#1_tU&v`sY9-kx18Jd%-A=>bbeD>7cZ*%)?ff^S88sYjkj6Nn4#Tm|O#
zn`uYdLL=CYzsaCBi5KG}&tyDzTH2p_5_xA<l4ckg80k;v>&NA_?^zHrrEa$!EROFV
zo^w<2h*Rbg)*$K9acBxmu|)D+`1y+dxrOGsDRV;c=qs)hfltG5DkDWBw%+UllK_r;
zRl*z>>@D8Tjhn_u=WNo4fUuaL0m7F^0c#6zxFF-GHp+>ySad3$*zvNGVRKGgW$1})
z(u2`)5{)7G$UT!gTWb?~njhQuyQ}ok;#S%oS>e5eWJ`x@Xq>LOYSo4lvl5#>9KlU>
z%j8{V$Ur=218IcKzF+K+ECFHL2q6FCsayF_^Nr_>sJf(J&2i4~E6+xMuB;CC@g47B
z^W-z=)i$0m*4*IB(`W|4st{=$8QAWcBDQBnZ4U|FccWF?bqcq}AB#Sx*6`(E-(aW=
zvK|SScfYnOO~5h*2MP=l?F_A^i^#H)if($qr-*eUcPVJVe*Z1Ahl_2ffd?={hJe){
z$#EVDO$*0OJkd@t!C!qK4LUMFHqE-<_3Lig#hc6wI%n(3+4^)Iev3vCvy~4=-7<ty
z0*k<z3mf-|jWwXAr-?xY<(x*_!eGBEUcZJzq$y)(DaN!m1a~riHnOTm>S0SKSrqW&
ztvC6h>E2g%?ex>rT9av`Vgh-i0WV?lzo>NUm$8L6b~KsnbEq@<(!z3FS#iT7L{vKP
z)zSR=4xdxdAM|e!(gQugk)jS=15f>qk)qK=1qfrl&OLu9B;kw%I<z4uGiUrA@!Jvd
zji_lHFm)SCR&k|H{gUVC$TU4U>ff$FZdQTzibZp%YRE*WWGGfiS^_8>)o1;L#fhyY
z9auow2InC8;w$#+={tJ7K3OS)MWS!$FYOyGm&bFV%ZoQ}>-Npis1hv!{E$CXFr1x=
z>~5h`<*)KPJkgyg;JFnk)&+N77!V!8rwM~bq?qzmZ5z==Av%9|YkEjjn?I8*Z|1B`
z<I|2Z*5{6=2iIPShGqc-V+dn1Th?tpBE*9=lhQZ8a4q40)6o|t)7N%mEr~78K>p`*
z9}2lQ&=Z@rJNpQ}VZ^wdV%6^^56NLCL|a4N0E_~?jaS|2(`mAcvtq{K@RRJ2J{cAi
zG^a8Q5Ln`Af3L#CHOa61@L>hsoOG2PW@Z-d#4T>q<{ql7+YVrcxr?^M7Ng%ti1j9{
zbmE4gBRwhcbSm;K7_I%w=$z6}8lxT&NLRFv@dNKx{buP>&xe^ZNv%=7wUWo%W{6i6
z3FAdY9TLYpHahaAe0DSBLYV`qZ?LC57qu6DPS$sN)v+abrrMqKgk&7q<6(vY?Yyj4
zlPDjqykva_#SHk|GU@uGT!>gAPos1^@2Q)nLTQhiuy`Z+XOgx$R8Dq}(i%FVY_Rq@
zO_C#OF;kG6QT&$yHTM*Ry?#2!jl7(sXyWp58iY|TweN%|^;QXFlJbq;liF_{qP(TO
zC+iid&pzD_NjglE2x!5d=rW^m?Jf$w->JXhjgiIgxV-|hq$=UkwK3v(*s5I3JvOov
zn=&}_WwQT#zX2PX0lLm~^P*7>#(|m!RQ8dp{O?<Bo6_BBn0YqEO=)$SZdtvJ8zR`&
zY7tzD<CZ8BV~A7e$|rN<VTxk_U9x3Aj_(MQwr1^>QJpqzP=kv<!aJw*^YF+8*HI21
zLW<AeIVm6shYO+DidtnkfMVf?Vp+SQIfn8;0bUcF%03Sk#_bI=>%&&eF>Xc%79c}U
z!BUTnq~8rCIgC&gXHO!u&MQ=JxM_gNa6Eh!)}!}oX_eO<syhv{?GtVLVx+Vd(CAJa
z$Yk!vWTlidwbR&36@Vml6moS__JIS<<rjue3Jdt+6JM3aSlO)-66T}#P!K0?VK96j
zTOzl)gvLrH%gNhZ+yvWxK<cFHZ$8TOSE*I(hVgpu2<ziE`+>)dRAs{09ux^IMhJ4^
z4QrNt)qpE2z^z+th#993K==x+nkyz(rcow|`Sq{VlCWA@AdB$e=|d!^6)SgWBNE=c
zekU+n8~MH}@FhSCe0;FsCw`lP84EgC%jHm#tcI{<VI^)M2h5dPE8^-=gUxYY4n%Ki
zjZ~G33;XKX4m?jYY;Dl=(dzGhNnu9!s5>PC-|IjUbjM-^J2G%4$Y<~JO*Z`_iLTSf
z^DFj}*uQ*hzfR;iRsZxrNp(jeWq%_O{yqSN1kDh_$MCXXq?1Ze#4$vfP=i57$TA8=
zquvH+#69+{*+t|9py2yYp?hA7vXc!hR^T7UfWt%@1P)8XNS6OFaUa&FW@>oC9Y$cR
z=$*6BD*Vu@JnV747uKaIQ~R)=a;-oVe&QCq-f$gaYV7uz9^>XkGsKh&G?&_OU&IG)
zDsV=6zYzMf$dK=(lSvK~Vo=%*aQ;SXb}g>8vHV+W!)RHx#(0BAiH9G*(WK5qCVK~G
z&>i*fq@H>k`<%}zjx2Ro5EiPXRkpRy1&+3;vRlaj64%1$Ol-1&3*q={PJL1Lj6iR`
zG5+-HUCp;7p7VNH3mu0U+ea+4#yDqSsdfLlfiE(n`mi{!Y`AS*!G+F>mDS3WfPR&E
zMr31y3SX@a^E<xOqQ%*&A-PI8w!d14Q#^${&+?oZ0?WpFqNF->H48?WxFaG?M4AiO
zZ=8=lsH-pwBQH*0;s9`m<oe5Fqq_&h1NS_z>_gaqM`ul~3KI!dKDnBpvdd$DRTD-N
zanhf9!K4@IH`pq@i9U0Mi*b+@X104TPKla+g-d$=S;I(otE}30t42SmMkkkx^EOVj
zQI^DZhE6-tU_Q^~78SSGqHWqaUDf!{tIU(ysbb=py#8(tW&+C@MA|e3%;J2+c1#uF
z$yqt*a6#RBqlk4Q`5gr8>KScd|H->w!D1-m&Ll1zKJ!?bDy$SXNK}C)SRp|L)}E$_
zLY4hHLCmaJ#Rk&;9=x!-WPNb5n|+y^gC#y<1k?QQTF6s`ywfMWRr5cU&%3?I!i591
zl_qH=8#UbxA7o;5LFBT2xWUISuJ0La;@cZ|?za~Yg|b+;na;2-OBQ1QPXIr2TEfdO
zugRcPXs&andVLn&kH2{a9_Plw@vVNcWg&A{_Q&-`KDtDQoQcdJf}j+Rv*?ogZ?sG0
zckB!O-oahWPMg<qjngjW$lrNE&tZ$c_!k)wF+o97ubjRtOCVfBW%?%apkek{+n>h0
z@yKT?29Lb~guMZMwRboGP(~6oPu{L!9I!~Fj97*CbY@&B@Keo)wguWQ(2q_%gi?+0
z%<n~a&TpH%@QlW&6(d|*-Rx=9qo!=dr_8<WOKKUzH*GV|haD1~(sGk3jvgHYHX47=
zdx`@!=)7d7^Q)Udw1Yq--Go%B=^?b0g31wwEUw1328xK0&|pR&-92$#3ze{|pg~19
zIRx7hv5KH=|8lwDz*N27QB+Tdx2<K4l6IcFwP9N0B;%|fl~|2`?lt*wW9KC>o)PZJ
z-iV>W`#A>N_&AruL|sw~i-GzB?Wc1^o?Xpsf^-y>$96tT`BS`9G;YBN6qb`BYi(Kj
za(_^-D)XboV6_BLzcf+ct6A`4`Ls?299lwOKFA<x{Xhc6pmB2CDvYNOt8+;a&V#sS
z8KMcw^avvgl~5$OiUSr3ri%+KhQWgz>H*(mao5=MUXjDdT+8CJmRHB@B9O|c;EsOu
zvcPVlWRdy1A)7&cVS)jEnrxpUosK_8xLT6qPRTf?$1*-Z##Da4(Rw;&U0>;>^UmE1
z5w?z;%DaGt?wnj=FBRcJl~zN@V>LYPgi|jC%%4eF`P05V1>!aDXWP2gYv_Cz12T3=
zTI*P}5)%T7!FQ#!k2&6al!ilSK7<tI1~A+d)Mmos$~{f=@YiNasO%`r&eTgtse9u{
zC5J_{QLzE#*fUYW$sTFvG8Pi-m8Np;6Zqa39daMbsmRfuw%A05uSH0Vr>~6XvU8Y-
zqq+u@#`8ZzTUTmyzYmb0m}SZhWaC{w_l7ooJvBgqnHk9DlM9{p=9YW>TSMr{soz(@
zh5=0<BdcPlvk)2H0m6I~6c9rb5|Y8)MnH!aQ|kjlKz`m*S2to;q>zCMKAS?Sg|`~0
z5-M?cW*A=Y2dXN|;WZ;rN0wPiBr?A$*sT5{)LGTcuUV1tdlVDOtyu59SKx>_vZT2q
zb-evW^nmq`VXB2WyO&KAVBSBYuw<5&t*GZPt6BJ6X>L1O5)#YuQzG7>{hVpPI)#v@
z;y413{as^#qgLa<-|eyT;C&iPFP<TL08=qqdE}RbtjDThnWj|yPx;q}#rlQicJ|sh
zHuLxO8No42#<7vk14<x&3~5oJTvU!w^Ek?08PUfA8Qz0DD7mXJg$UjW2TzO#X{U)l
z63iwF=xWR3YGK8)6iBzR*=A?jsA}v4vS2`LI4&BALRrFxAxbrw|6(ORvvBx6?TD*!
zh?-@Td!nsH^V_^s+Kk1@QKI8r7|ch%0}6I;l4TYyb3_EGAUO;dSolw0zAambiyRU1
zd@t45C>YEi84@FsM(sD>Vhwsj3PO-v4H%=8=MrLxaDUEcD`rzfGAr#)tD`Gf*!2N%
zK~_fBQhyjqAZlZI3dx@=MsQ$y&xXA)I}?~`hERWUQCH-)m>@J3>~PQssWyJdIUuST
zQ7nz8WjHPk<!X*s$Y_m3)wBQQM7Z^cV5i43;4rWvvp8k9DKrmXuPrb@moGausVjgg
ztJ6e4J+H4EET_QbHY=;q$ff><wPXNnqE^-PUL1(Uu_UBbUly-h=4)ZqB{mMNi(9Q)
z7AF>-q%ymoR?ur$jhNN19=Ip04(_mnsOWw>+V*W&5O;~vn&zv1j6|?qRFKsjAHE=Y
zFk57;nv<3L^uc+6#4ygZbSK)KC>H~Qp;H%(vUMLGxWTrF4pqOU$gYAVdy@h19-<RN
zWhywE{R|c`z8;=3f3k5hW#~-tdrve?=0xi^T@nd$K5tGr)aBE`6RCMb<sgJ#cyqZ0
zfT8$uI+TPp)!F#^0$Kl*yEt}6Ij<10Zbq4)+7m{(*q|z<%y-dJBy|xoOO~efd-_+r
zk_~pP@Vx0M<Qk$)`Z)@H3w&VIilq#j(vcyhFl<t1BBSb{w~Dn^U4|%`QM6b(ioaEC
zU0-&uF;#UzCQhVc8(g$#b*C0GSb5G)+DcRaYtn)FD^6vfJMGJbA?cr1oB+Lrvv9lS
z7Q-ktLfwwvxs|Z?4x>pYE%w(2^~su6lk?K;Y3-bKjTjD9Qe{a(ZI}RqJ~eLp(PS;{
z%>^c<LS6D})R{e<a|I4<)sEa=Rfn_eXkXR4pZz^j=Kn??YNJDoC=gF#Ck9@>twnxB
z3iqGN%Ha?%p7nb`{Ncjw{mGlywZ0cw@TXrf%po1G*JEtovQHmIrl%5o=;53OBIg=<
z^A!$-_HSD-2teobip2S%L|rQTE)b4u6XtG2P4V25&Z?SucVMI{t@{59e*AZI%*psk
z9GKdwuR#S{4EjfsqH-dYLi&FH3;PTU3;W;L=l?4C4<Y<Z{5Ej2adM<LGKfFtgaw-V
zySh+%M!UMc!v13F;gnO515rXiNdJhKhA=9JWcE2BLjuP|WtxUzn%)!;BaQfm$Vv%T
z*cXR75)#Br<BPyyp3SR3k5XL2%tT;nsvi?;q)&zIgU5_rY{CzrLP)%1U`T*~P_~DQ
zlLWdJRV@B#X%LhN&H_@9hJg(r%*3Ad`q!n6f8qZP*!FMNYHZg6^T<U14}`lhyT*=t
z9}M&_#Ak5f<Fm6e{WpDQ7h)F_5oKl*6k+4y6lLQQ6p00}0B8Xa2*MH;{2%97zTVt_
z5wxMSxCrR;zpm`|qIeL91oYpS*YvY>H*FQwSJ2hrguUq>D4YgCEKCJ3)HwktZGms2
z<c&fO!!o0P>1J6fbiHWl9o*QGXFR`;lYax6_bT)K;3@RsslscANO%ws>NZk5E-$0O
zME(GRGAQR>9l%}l;{@L!@8MYNq-o{^A2z$y3R$8Q*w+9QA=v-E<xobb(5(M8M}K;L
zK3{7_chLA>`TtdT1h;p12m{)>xY(GECHdb~zW&0Uw#7h4pY^r-zcT0aXYwTx2ipdS
z@6MKQff^Y9|1|M6KtY<5kP!4gE&dm0`favO3>=)Nr(J>n(;O^lW@aW;yBqWW?n0=E
z0aVg*2sS1E1n2)@IQ7|tF8=Vd&6>@ZJOOr<9_Rmb?(Waj-{S>f{BCAP$jK^l+HA+Z
z*)VkO=f*HcHU~8d?{@!qIYsrIg%@qv|JAlUNxPhun)70D#nC~o+rsJ=$$>prz=A+R
zY4KawPPwH;W~6_3c$$XcD<qc9m<6~r2^OfD?hA+xB!~hMK!NP8Eq`u#{_e*Fi2b>I
zf<XgZC*Mxur~O7plYf6ok2^cE7ULRp?NksWkl0jZ)!q1=pmt<8l*0VyL%6dX{k4#_
zDv6{9eAKOqiI->NcMS&*ZE+Hl+Lh&sHWev1ONSXM6z5U$5vl9zfZQ++12$h#b40#(
z_q${Km$4Aj_CN&T^^KS97iE`u5HQ8(d0_e_c&Wre+1lLx0^{voePw*?caXs<M{vJ`
zhw<#n@r9FV%Rf-G^6TfTmIe8GlodE=iUh;K2gBacy*-sYzavlVu{ea!ySc3bzhklc
zt-^-ky?sube|dNOezT1V!e{K>fuB?TcFtJM6^Tz=o`{2VZgMsXM$Ac44mc^{Ykepx
z{nKFK!_EQ%MJVPiHq!J;EIHz`S`GX$eQjB_m#HUj9tPezZa*uN_#OHFGZCiZ!`V}4
zM&M;j%Maa;f4KiV(U-P|OEQTN%af!qNI&QFCQ1kESj#Y-OSUmRy{DLD;B)2uKv!zx
z8ik{aBg+B|%=)qc+ltKjV?=1bZQB-^%pXTD4FL>%Es+H1R1}h7EGmmC9&Rphuvg)&
ze{4U5z(;E#r>(2l_TXFzKp-R4pP1?tE)TdYR-u%S@%`dbGUxO8KQEHpY%a+VG&M;Q
zY}2zcJ|2D@)-7KzItH;@7j^i9bV!A@4R;d|Kvz7-i18^vm3;tsj>wbazp=Rq>DTMP
zq5}u1X;rYopX<DX@A3Nm?j>9Z@I(TEf*G;kk71Cbvqz6GX(^s;!OUdqHT5r7jLeEh
z87TvWI+}_6Xf0I#ui+_Y;-Ac?##x!Y>W0*UNeLJQ)BowWg<c*jt*jjtI|wFD&1??9
zMjIjwKL-}<8)jX2%S&7zq*7Gl1cCVs4Gnc0<ZxL3BH~GzJFQng=XQ{+X&<ubYTD?R
zgCMoAVCAs4U)o!@Y%m#Wb&Vq8=W@R(tCGp2`kIoel?=QvP;~sc^76WWxt=J*=Wn~N
zs>5tB80`QWI~CmCW<@s-o~qvV{Ye0d^EztUDzk2iqjf&op5L{dSq)T`Vc$+Uj32b}
z+*?DtRJ1&IceZ8u`>=8GN!kA3fE4<@+g+6@&e>n;h)p~^0v$2m;;Kx1X}_d%y1WE{
zT^RN#q&iy<9_a0aQ&+=jws=Tt^w%KTS;y<1oQ_mU@;|+g=qx56*q(ccPG$h?)&izl
zQ8{$)JsqDPp4{@2_ViF)Uo=}BBym#OU*@Z7UnjM>d%u8!-aST{n8@hTT6a=6>{ZzX
zrCk`0lOM)CiaZb7zxOoKJfzF2B$OSWl)6bXmS_lJ)!X0pWQr^#J^tWT6y&%dDO*5`
zyU5WQ-tC{KyK23|-GU5)m)ZhESls<}D@=VavAFCWp02toS@3%_V%-cL3)gGl{hRxz
z*0MM@5K?(tlE0YKNxoQ(w|v9J!z#xF6I%1y>p{-z<-VqwjlPsQtGOB{;?mmi`V=8I
z@Z!C6D*d$@5j~;a5OcE4$;;tjQ4PDqLz&FD`DmIF3l$Za7oo6lgbM<yZ|F7Jt;ttz
zA1l&pdC~D~GlJXMH-f*EN^jC@040CGXNFhhRkStoOsygiKui(BPvtfgK`sqBVO0bg
ztsfFWLG?@57CdE}9%dIEkttq<?MIhG^Vm9EcjsSw9c)C!ol%)b#vt%HE@Vnfx<(>I
z|Fe8oBxF_1i2=8JT4Bfr=LZg&HEHQE|M&g=0%QI1le4jXTQg89Xh9dj-vh0lTUN}i
zq(gb}p#S_Vzj4%<J3hu(CZZ;Yc>xDeEU18IIGe5C_@M!6zP3jyN&{Bs7n_ojPQ}-m
zTUlPDrXc}}8tt~`LO8nH3AJxx5mU$agYsDn%4ld>S^zWSYon{l?<T9hrLX<&$2ob&
zM&eHK(xPZQk||*dBib2#+N$RBC1Wdxq*+?EetB<H2M^aerdjX$8eMxS+sidxdgqLg
zPCJ=;x46CmtX0Wh$%VecK(cFtKn!{$sN9g_Z=5ZS3c#V1VL?-!-s1#sH7Y#5b6%BR
zc3(XzEI=Ni&<6n;7_$9Wt!g%4l0S1Hk-o#3xqFMtwd;$t8p=qtp*8A10nikg%Fj*7
zOdW~%<&16nJur~iE0L7w^O<tC1-$s;z?`7XU36S;zt6LptDvp`G!z8&gEXbC%M6?(
z=SFO1{A2}zP><@AwOdIQ+wmW}s>#zb|8p_`^n3e!7TZIleTD1lSy!$^eZHYR_!X^d
zgWExPG#U0el1Bnlhv9^M46w}}ttUfVG?FN$O&By5=+i%Z!PFqAw0g{pO4S-}bga#U
zcnhL`%BT3;{RU5z1tIVxn{w&E@hlZqYGd2zT}79Y%5`}No;OdrzNyX4Hbx|%T7C@N
zy}{Vrfcbnwfi>3MEsr+MlT#$YYN(D2tG?tRje${kIdy@lG;aon!v<;i2Vuemg1Q=6
z94(p?zuwmnR5VS)(?yl-rzmu4M%f;HUyB9}eUcxP#$mupg5KAE^TCq!v?OX1Y%c1}
zZj95ac{rWSb$WvW$GNR9*@j;p<(>f9%+2~ODJ5w9lgowAM8;QPRk4|@=5}b;*Y-Aj
z!;v?gpAm_;s|#f>|1m1wZAvT4tFcS{Tc-GUZX;M3ivkXp_6yL|j2(AY;r?o0ATs4I
zo<oXO>u85qS2|i7TU9g+EQ@aBbB^Cg&yx;b7&Uo*mA354H!$M^83C4-bNQDLUb3V8
zvIw2kD`Hc|`H?DP1#*60RrL?g=R9DujL^&(j-_mz?55eMtrce>lZJnR`*d}6t);j5
zy|sGg6baDOImK-7*^w|`%}?uiNY>TO)P)tvBHAUymBYE}1l=e47xL<qV12gS4tfSN
zV)K62uiowWd)Dc_mI|OfC|<?5{5Ybmg`v5B{nVu{EATBGJ2j@N*R6sQ5{CdyiTST|
zT@?s{ird`Yg7xA?%o&Jf2E_2m=PSBuBmXqg`PkaJpn<ETFC{DKmK{EZ;7ns?KMf6B
zPA1Ll&<$hXf<q%XuO$~UC0B8E81^3^#E%Y5x=dVOpiisj!U8z+nAtC9aa^m)PR_zf
zm3nA1rb7I$ouzb8`m@ztMF(PI7wGS=?dKI8Ew8Qj9Ec!+2iIjKRp&!F99+=WN(#gK
z)yBdXHw$#y-L*g5JlUpA$l4P}cqfBU$|uJnfohW*n}S4%c0X*EPCFoYx&v9wv%o49
zJohF?reJ+uFaeEh&YS1_&7VmmO>rI4E}l!9?WU9mpVsDMb{34D_sfganyuYg7eD7_
zn}hL7hAWNfu@#44f|eoX(m#Jq09D5sVpT5(=R}Z3OiUBKT6mLU8M#`Xb5RMc+~5M^
zk+jVg0}d<5r()b-AfJ~r?AgxYU+yBB1TE6XNmZ04KY=K<s^&)U@K~)BxMipCG>JvI
zC{T7=#?SJ3j$y3%b6?}O7VGKSTehfgKR(SX<<~(ovOE*_Dbq8LNGrFrof@~vC4*=8
zr{bdmH8$6j;$dV4w17LuP(wJrpfM*uiQIn--Xlc}tTj0M%Jbu4)VP2Zk-CTy@y;VZ
zV9jyT+KYR+PG!P5mp4Nglneps6Z31GK!8F8dv7f+>?{>yaXO+~#Pu<YuGYbF4brMu
zkp|6jo+BW?CU8eHbpem$*H9TL4+nQzuCy7<GH9`D5+|?lX=bN%q*X|1HNQzTNnIZd
zl)M*8#-6W1iWMGU7#h>;we#0-ZPhvo$oS2(eATB^qCyk9B+0e@t`jIEbapU1>^#0m
z%*}}cGHj05(8!-H>_3}0;aOE@fO=3H>lk(KQ0Re~ey6P#;RW5o(+SE>EC;L*ZC`x*
zvHIgqZl@;eA+tqo-pr%ypNIlC<!}LkoZbMnv!NU)G<**mVsX$BtI2*6^SuiYzAtBJ
zkmzP5r)o_vPPL6Mg~7IEbvRRRiEM)ls*va$MTPBGv9^E<aJ2j4XaxMl5ZI+p66oTn
z!l^@rCx-+XTw2x8xR~>ff`O=bt3U0(j_<G9cH7>%mNI9{cinpNLMnRmGU@UqSJ<@q
z4X+6@$b0ZSBgve6FHg%WJ*@^N6x^TO*#HvOGvEGL$Tm)|g%H!0753j81K6wZf$k3J
z#vC*nz9Jy*0xSVil+fRScngN8_^%8^N+7Y=LJ~+Je4U3#`=jk1R9HeHrp!lf)y`JD
z<J%jax>qSKkmG#fC3_|v6F4Y_^al(`V=Fumyt1XbnBXiULj>fhL<Q8KY7%iHH!s{c
zVYm02;a7Fl*5J7*>I_PvVuO50o(yxUhc|4U^c?N%JA4yj25ywtp5_oqIwc3)kY6@N
zS!e}GwvWqLK`d6jLPp;(u2@wyL2!C>UbgA~(eqPzOh@$>NE9yONWy8qMf<LN`Owgj
zp%F88b`B6%0PU?X9}tNKiO(n)64--MPya-MdI6SHfNWUZ-zZ^AP%4ALS5DqgEmv99
z*a?LNAv=bnbaH5h?tj0_m@*7nVxf3~^nHzG+>w~ZwHk+RC@##+&AZ=)2+s*e$`C1_
zHIf#}*k*Du$iK&sW$3}x8aHcaN4nQ%3fGWHhQZG70|61egL0uFq(8E#I&)^q%t_po
zYMx=ZzM?vq*XtsK5c)x&?$kN=cC4ldALIi}4R<T6w~^++UfoPi<KGI&)yYY2a2sil
zx936R)b}3x8Bb>0-I<>&?0J^9X4ou0N>a)1ps_$(6R}R6dka;i%t@OH$JDp>I7!p^
zcNWkH03;X)!HTIGB)}xru2}^W)!hXGS?2x?`}GBE?a`jwf4a?3rf9JY5#%JxQ6*Ic
zb}N-0CZ+REdyb%vRABZJ0F8v-_ed$2Wq&6XSb4pAal$=x1RuwUA)AVYbC$JQL90T<
z35XMR3%$eB8BC4!#|x3YMEr4riKkgF{O}M1^x~K;?%dnC<fK$9X3Ks~rQ(3HWufac
zVXL+KvQ0rgY<PDT?L@BJ^oXE{ZhhA-SN01P!kKz;7sh`AO_)KwjDyiSH|$F(h~T`n
z$*y>=TsUit>kQ|<|KicJOX7Imy_&^wp@YzJnqAk|*omU}^dI;=3{wgu&V!7-5VHX6
zsrozV{q4{+ClWB~1)U625CU6|awQgy?rh>!MPOa|^C$D}?V&6+pe~&HAee#B|L9>p
z_zX2#Qdz^VlV*k%38mqS)(>8GVPngLJ__>|7kld1>$&bt5Y=6^AUfK;I?}iTgaq9R
z8>O{hGj)Y{`sP$WMvlU9Q-R9Lc~!H1z885TxF26cM*F$6g-uskB=q|3GzV(#Au16;
zIF`4x=-4IUmEXmjZg;TQWc5>seR%D5`ld{?@OiBFh_5+hx$8Bpt`M%yv8E~ct9k_U
zPkF4fV~i0Il5KjO0?=|YkmdE;+%IG-OenG#QC3zRa5@wWciC^o)d5}~`VPe{f+^!3
zt$*0G53L-y-%S*FKBsfN%Jvl@n+^)<M04l9<fK+jD${{_osv)A&UWi<e(bIkRUPK^
z%)AuAUY`5*mxXM4INlZI!A!V+qkCLcK~#1Uhg<)};xS(_r$YZl;Hp3gskcfmZI?Ye
z*+{!K#}eSz0=1Op*8+2u@GV@f_m3{kDV6cifh`aM=9OWGRJ&}**@gd%tE4?NP#600
z3hX~o$CUVtRkjmCnAV9G&A^$Q4e!O^`t%*NGJ4%8K$5`vK{H0U7Xv<D-&tB18Roi+
z2}WhaNXtc*<<o+xL3(JNK@J*7ql_loT;OpF8Gcb~dTfu72h4iOK|Z7C5+XvQqL9C>
zQt(<NTYk*0ADa|*H)#2M1KC27>CD}@YPxRf4IDJ1voB^{onmv~Ixx~^w-!xCaD1!n
z=+u_+6&M0zs_H`1z-__HNIZ2P{jcdpUd@e8c3<}YaP`(<S#;eS=+M$gcPdCLjiewg
z-3`)R(lLMn(jo%V-Q68ZH%NDPcf*<Y`(D5EJLkFP51#89_UvcR+H2kGUa^bA>U%p!
zildLLO3{0!9g0H`m!;p<3u~4q;A@e9ZGi;1i+gT+Ev_Pzudmc8e>{6<kit*e^407A
zsxV3oj9;*2h&V=UyYKgP)$`@lmEX(g)QKQP%^4u6y>RBT{Bu=4OB{#*>)UVWXRtRZ
z%*kN;niw6CtiK|xW<<kdD37@`e>}!qpy4XD3pUO$I5sreplW3jOpqQvZ5X!t8j-G&
z;E(eoB1g6;U^SLQ*5JgAAK(EW@AH+x_hRVIN9!g>Ojsy<LVS<ej>!&B@<O~AB%Fnj
zIC1TUWN`W(y>rEtg%MaWYOw-OUU~Az!gNQz!nq`=12<H2T&Ll|dhkCwiXJz;dMcQe
z1?UE!-K~wWzii+G=@E{@;`SKzy~velcPBgX(`+%B63v7jA350=o729p?XUtP_?xlj
z7YTtq1E@cICyCDSxUYPkwnpTU&=NU!ubURQ?MR<m_tWhz3Ga_elW-~~sMSkTD)#<)
zbfzsP^NMePzKs&04nG-i4w6eTHbmWNUzTxuqCKt(>4CKq7z^`KBl@Ad%95A5mQ+B_
zC@h7l>brD|CTql&C)O=&quyctk_M08N~$Q~T{S0#C%X-4L;R-_ola}Xz<69_j{4+c
zs#=l0pIE+?(`t!oB=IJ-|85;>ZNYg;S0J9oY)BI|*{7NvzJt&8?*6{Z<mkoQN1j9!
z+vfNKsNmNsOGYtE+a%c{WKfQ4KeV*b*edD1SrRZnL!5x?I(w9>ULT4&k{7D|SZ6hz
zxD+UtU-U66LJ5Gx?axvb|EE67{;9&M*i4%ySQ%B*m#3a{x*KGVcK637qDg_xSM3I>
z?&#CJGpA!y^7k*K<h4oKpgCQ=wPn7(YrSd!V>Au)I88IQA)vz03AgtCui1PQjD=}_
zKJGCY@$s6!rqz{M@m~9#Gr?4fkuJZdv(q;0gI+p1Cmw=S6~n}P5;XC&FaYi6lrSet
zNhV?SP)CJA=2k)I8Ja3lOm$d<0pM%O%K=AAto2HcNVD4So2LMrmxZVsX$q)8i8=LS
zW28X|M;3A~qBig}aK(}v-O8&n_+J>Od8P@yv$tEQbGUYteoTfXN#6UZH{5sOA$WXX
z;^K;8OU93PG~Eu)FSk*_)QE^gyHhnzc9|S&mtIo6b6(jpGO5~}Z(+|A@+jH*;jXx&
zuUjBkd$6T<)QmfsudIGD2nUiFt=kQd_iUiP5D~p7)>*6cMsk5Mm~buayg!#gq-v@a
z-)X7E!VVl*x-`8=Jh=Pqug(J2wJxvE#w1ykhM}I3@H}f%aA#*}RMTj+5A3};$TL0e
zp-jnVxaf(TvsHqna<)9Me6))0LO<R$H7jWFK6!H4ml;2^VM4TjssJ<Rkihz7cIUE0
zZOp0Pq_M1649sdKHswk)6ML#_sm=<z0@~wD#nWZ5GSn{^N^&fM(DCz?zxO>0E`!t~
zRkW+Yo_i#36uEah4+N+m{JBkLwjscatg06BEX=*Jm3RAmDAZfGp&=_}_G)T`-rMGx
zAU!UFHnF@6V_DG~aO3gz<g`FNGZp>J$>kG#R~iFLoilHBEaP*OUwtE*L`pE-(p6XJ
z)zv*m0meP^m2S=(VR1p1S2eCKAFDQaLA~Nt$uGZyH2n}J{aaZHtr*MTMFv0rA35Uk
z3op~^&sQjqs9_o`)5(-ey$Pj`d(QXC;bdRc6~qZ*{e*5LgYrr_SZjE47n!A(osN;1
zU`n}Yv8RG*9am*>P>saWJi##A5o$*>YQXX4N3czL-DI0iFP>~tS-90wHWhzMvV1N9
z#_kYnVbM*s`yT#tbcr`_-UxVJ!b6U#FhI!V#c#tliiQpm;qdS5>vb^Vx>xK0-*k%v
zFkLgy5QYansDJIGjvpgV`wFFt?u+cmp9PuUJ^K@-K0Ylus>pGdV$<*gTGggu${VBE
zl{FjuFsw;5&oX?bd?MP9OSxN*%%t_+n9bnXAa$F}jNvi=4IzvhI@&Isf8UJUEsR84
zJ>?O`YNMj$Og#{|^puEf%P7(S$?10m4aD{CE3~CrRn%hj`i+KizN?B4r}$CHhTs6i
zvo%-e{o*)=3URNiQcV0LLLgqYa+tYa<|ezKAbS-tWRR(vtZ`dDUo@_-^)XYeW411^
z{#@TQgCicQqLaGQ%`Y<7x$lVb2EN6{B3=+Nu=gj{!TEOR^^I_}kD!75*Z};m6?<M%
zjHx6s1EN4f!dMgF8Aee1iX$(nKV?dpYaTL%N2fyLimSWB;oS3u#>Qa37VqOo?1=Z~
zocY(&&)@_#9vZYQ-YLc;MBQMV!j0&KGF$Hik42n+5)1u{mYkF1$WyXi``J;e-|3N-
z1Aqn#QWh5_CFoaGUh8zSaV!a>St#sG7iiVwVOyeMW7^rBmG0Aay6brFObk-T3A0#8
z06~TpTFR;kF_}{ZDq1-ktFVGRGU3(k68TC&1@qAf88TYMfiZ{*9x)aBu}axidh^tU
z$VE%w!o=m;)laD)`KL=b-->lOK8#pbYuJ9;x?!X}aQ;116IbNpdbsOkBHuB$`2|ML
zD3H~oWf;Q2d4r*MJ{xxwHmx}y$u-JE`E^IB|N66JA^kAg7`e6Fxj`hqVEbu=so}L^
zI=3H4-#R1VkK@hYn&eHCyY@{tVRMzHQP(d2h*^Dm5F?B2PN~mirWp~;6>t8UP_r0J
zQJN&yVmaKClMGPNytT!M%PsBAJP)g3s^!}8EUu}^;Ly+iqs_FKG$HZq`Cqa6GBVaL
zhbHRbpikCSP2~qHJNQv*1S`ApO$pKxzrxAnCj9=`^yziUy$6eSp_QsbEJ6az=ctM8
zbdk<U^O<QY>qG*(37Rk5c8j3(=Xd`b6-$IHD=W)*Y1lL3{*orhK%ca&k^n9e#vdps
zN-M~iH-NA9E6y{NyVp!qY{LjAemL|zTUc12&`2`Tj7CPI9Z^X8^XrDAMj&MD)0o6m
z9lFHm=;+YU5MZ#FL-sd<B=Srk`vrEeiX|%PJHvSJEn}&4zF{@u2(fVXn;4ZH$IwsU
z!XMq1eC5%S2P6!NH@ls_zP^*V>U(J!P>2c9;>NnqMs2XJTEgK>X1>OH=8t{nF8TkB
z#O-Vx9kF5u%cXqNt9RtBY|>H8#yvqJ^?&o{%dBugm<z3+Q|jVy)9a64N=ui(XtgF}
zR8IqkdY!#1n!hjiS$b}uT<+aoX<@mU+|$igOruyQt{8-f%*=9qe*J1s2`9!Pwlp)l
z%EIFo5}9_xENYE!%dpT&SIARgfS@=BF@>9u2wA}Jmdp!?<eeKz=384U|7%)DqD$Rj
z_m22QG_<t9gyiIdjg5_+9eVswsqfa6z;jD0T(SHK%VIUplT|T&ef@f!#nI>gTfOZS
z{!g%lb#-+W6^_TtzYd<Gi`YcGkV5*;2NN^0s){4lL|0dr@9nGq{ThKUL7o`}RaI3L
z6&32GdIz}ZA_okwUzcTMWPn9QMVWB#{x>yIx3BQ{vSTwdGe4U}<g4|XJxokZ+0e#D
z{r(q1&8sG-_ES|*Sl-x}@JXjUcXM-h$HT?_^a=OxC|H)oL6Qa&lanFuGcHjP(z``p
zU_;+r{{MGaa1evR@BjQ~5Xo$%80m>oMapq56jW5cxA6bY-qIB_sx9MH$cx_pjP&`1
zRCMq7e{RD?5t9h={a3*pL`>C8=nm+oX7h`&JI}zxHeW^EOyBDV!T_`*8#h#op>tfo
zmsu1!)4!{-jXc_gTm&X1pkn8<_b*<dE_wC6X6lDxY-n&y{S{1EF)3Y3_uIh%(L{e2
z-$R7IgXT-I@ngU+J3kGL_*;ANinscK`FFpLI!JapNW}I8hyt@MVomC77H^{?q&2T@
z|7e&<1o>&@hSNIzPLN6^?PPsO9sJ?xay80iBN22`3o_|7x%Ga3Nk)e7?>4N?3dhmd
zq_}57U0KlAdc7HnVAP_)<B=J)%8oX|akp~45lYJxCj)DdkZmz({IPf{Yg))|yrV0h
z+<E^`{+`k-*SslnLU`i!<ag(Clmaqhs%D9y2#g;PKctMqK4GJj|M96wF*Bz`#)7o$
zE$FgSr<fVrRU?b~6g_Lprk&H2@-4l_{=RnII`wRkMeJ;iuAj!W(x!Sx_+(w6{jN?R
zxzs{dUS3{CW^en|zpJ13@}L^F(C_njdEtRupdnFUajPF^yhdhJ_D(E#7D{E+UDMI$
zTk!L5E<yK==aflDpHX)NNH$k#QR8}8qZ%|vgG70TiuxT6_|f&y#9ch7wo&IMsq~S=
zr0mCuLx3ZJgSP5ZmR9-4&KB=GV*Qy~yQL63#@T|$n#6&@n558~m#Q=O*LJ-;sqZmJ
zcW3smdrx~7thH_U6+Ws{VD8ZTSgLbaTWJp>(dYHLKJE%9p?Jge1^n+XxHU6h6Da#Y
zyZlEO>q^(lY+T~Zm3-q^Wm7p2<_yy(&{V5vz^DV){k|qS|JRxSA$UWT{dJ+qvU@{>
zW{L09rN8_0lq@#eo2Ccy{;B3eS^tkuzhA~1akIWINsJ}D*!%Mg8=!Q!>1hA81d?S(
z=(bwgNyj5zvn_$!o&DYJ+LjvBnB>n_uoJZrmuH%oeLGZ@BOAk_vpVTHh%=e2FIQ)N
zu>lO+E@zv~ai}qrmn3XPznY%$DukF0zAQ;_<2k<TtZ42B<@!IrRK|?@h1#l5s4-o{
z^rFN=;LWF${f>tA_(kO$bBrx9u$AWn#KtwQ6=(O&@Im<>OC<OX24xZ-y+Ym&cu833
zG_f&_^KsQ48j0;U*j?qm`XT-eK~A^HEvvSkpqyo`r-&y&DRbpcR=0_#Z|pQVO>Uue
zckaPLx<$g^(~s--TE{ur&$Bk7>Iu%81o|^y6esh5%EH2J0jLCk!RdN0P-eH(0$G_~
zpOI>%Hf+GR@#*L130HD-aRoQ0-*!UrFO;os7&bjHy!a2kQkuIh{Wfy$e%Q3zarN1>
zxCvbymqDoxbbOXtZLTInl+Dv@DEq-NpZJ>X2{}|SaXC})X(MT&B-J)`0~4@+@bZ6g
zD&xeEv+}c#x7kGIgMS9fi^r(a7H;l8cnMQu_tK(ZN339l0^N(Eco(@x>Uei4#q7~<
zKGFEh#D~af(CGbsS+Lp9jo+0rX>rU-MBA74KR)cU<;B&qpu_>d`hLQh-9`}wvooo$
zQqp3Dsk;B~o-1U~=y6_h`0f#3Bf?Bgsg<{4j0D5<Q)1&?<%+$4=|L>qRE*bf8gkV4
zF(R;;+lN?ck>pkALe<E2v!&f#%jx&aCYRH$sn6E{AVyb1PANWgGBg{%B4}bQ|9oWP
zhMWD=DvZ=`I$vfug@vn)c*3$8#w{y6{A+jReN}#G=}`=$I$*FrT@Kh^AFqs$k3T-#
z)jBr(i(E#8v`Og7!f-P=%U&RFz62R+4;Ob27s&u|L?1_{X4_D!=-^SyaPdsVwp{I^
zu<!80DN$T@bBj@XdRHx1l`(zu^&d-VJr+`4Y3`hC$V^gP>Jc0ey*awLc2C5V@Fq(*
zJ#aYL+oLwdvP$pjNS^zlnCL@Bhvb|uLQ^?uZ_yXblYPWv*KY&kOUo?QYzr=!+I{bv
zud%<`>^O=;+_KefQD<M<6L{{(a5Ykp-GAk2N1kX^%&R%w<ZeNqXrgZ&aS5NM#Ldk}
za)6xH)O0rT)qU?0zVAifbYYN@^0?u1Y~T61ewAZBzbm?nby4d3*r}!TuaW8!17}10
zdZ}&S-6aOEJyKH9*lL>_t?fYR@jtJz0ggE3@h8pNnaC{MI|83$r`2zrhFJl8`9Ew5
zBV<hN-r`cJ=h$jD6sh1_Z)p48eQXhGb9v))@0KhV_v44Lpschs3NkX0kdIfQ%3^GE
zd_#)L=}zB4sPXQew&4A4+?O6Pr!CVLc2Qn64&UhjW5Op(9yy-U`V?zWqtPW3Q_95p
z>A3$0yM`sh#YSD+_G|ny$}V=mEDRu74<2D5Y3gnu_f{OU>K^gsl-NBnh(GMcHPYzj
zC&5`gJ*b8acb)Lc?xkZVOw40Bo<%ZE@b=;eM}M>aXKW!U`j3M5$Nx-WC2N50bRx#-
z!Q@-{L-VkY6#1hC=;oHm5=Z*5-tN@9dn}18Jd_P@)LP#xC3_YD5@$?5n1p%!o?U1s
zlaBPcI0^hLXhrAFMXcI?qVjTIkjrvtb|IBlQj)=<Jz;E>n~OB;ld9g*<I%7*na2{h
zxytXj!G?Il`q5iUPd>@MNL}sd?}lh7t8low!)(r;_3ZMAph-jsi`3H@?E&|zs!-<b
z3nt{Y?Sg(Q9yWDtl8Bq^7<_@J`?I&nES#JZUI_^a#85KU{n>D>ZO#AWSx5WG522{H
z!;&Mc7ap*`J3M$wnT7?1ky;J%itkpW6lp*EvBhtz@jJf^{rS+q<Z^b>g?YBoMXO{u
zst7t_OAhC~YW@9#<0a6OVcN<fSY<g=(0-qPmQj?IBU!JLQ|HC6n2s1cue`|AuH>@1
zrkE)nPAuf)w9}IvnrW;y3ri_LozWx(P(E~t_l~VrQnCvMkg{=#$iYfBb&DY}u6=Z(
z7}pVyF@XVuNx3dA4C=qUct?)EkxZ1D5ePQitEwoB&32?K`ox#V#Q<qv!$0Ryk%tTZ
za6`K3l?48<PRErhTJ8q6Gg9|O!UKQCrV{nF3aY%!Oh1MgOMd!73K+jL%52iU#y<?b
zIr+(EA}uK?sigFs*OSwv??+8RJu@Bq4*MsOIyB%#v*`Uz_Dfaf#eH7;JWOOD>j})0
zoEn!Q%9>YI`{wob9rQa3a|>@WkwZ7dCpU_QAlo0r#XBS^xhc_vy(0}P=|vlMr0%?<
zBX{P(G(L|d_K&n#94@q_KW+xEZz)gl1<TukM99LoNH=GkstI?E+izc2Xm@2BbN)P2
zr;2Kpk|7I9Iz#R{MsC-Yq7(=MC2ko@^zH89GpgN$u>~zWgw&CxV2xkUNm0|jZ-DhJ
zy2|UhMKDE&Gf7WWBWYGIzH9Rvno_O^0~Fi@pr%xXqpdZLV#rgK+63C<fc&d<CjhNl
zOYKF)3brtotlIg4-F%&cpP%1UsXn(^DP;7g{_wlQhZ3-oPkg=kxW)+9<?{U(cx_9K
zbupF^B5JT34CbB?H7=6AAppdYhB=qoE123}qqSFA&QZFL?{BZk)N}?;FuTJ@LqWr_
zSov`FRN{B!d5GU&dV<1G7t8k@M+ijM)vV4EA1+o!`F!-aoD%shFa3!OWxq?a(5M~$
zBvA1%U-^xz#A1;SGJpHJml}a1)A2(~Gh30tWD(t+JwEqCzJgF*{VlmB#8_m_XQne&
zjJ#?kgXH7+qC;GM8N$24!YFtN1RK7TjIdL|DC%G>hM<AK$RGJZF8h(J<A86D3eBa}
zD{9-@u+#uP`fw#DR{r=8;v%RtV?3MP*;Mo+jxNiF)jP&u3-@?&&;CNACUukoarP`Y
z*(ZkN(&@!z)#!Cybft%Gmt>LgeK^-cTrO?_{9sW~K*~>|rovnIRwX7c-Cclre14y%
zOk?W-W=dI4sBF)`Uj!Z4#SZVt?d_&SjXYm+7JNsv<3#_9P_VUjBSM|Nu%JMxHOXbj
zYxG&kqw^C8z!Y6Pht%Bs#iBrh=M@i6PfyP0$)?0fVjC6ax^qmI$K6sUBi6e@O{`<b
z%zHeW@x7Y}e{pY<543@A@)(Hxgeh@R+?!$_Yhm7D!M`hGnyZPvF)ZH~ZT$iKi`!>a
z6Y0t{0u6V;Q#e#685Pz$ixYy<Vvjf0Dq^5>Ky))se+7qZrM1;n^Cc-aD}&2UP5<a-
zYD$&{?HS=o=jK$RZA+4;n_a?HWlKEY<t8GR&pMP$Sv)#!W6y$0T>IKQiOs3|bYst`
zxs}|4YL1$Mm*)ETwmDyP6G77|R4JBW&qtCG&m`;pCS`Q*kARD*SJ@);(NbDdq~E~U
zelE>QYUEIqS$F=IVo|V$s1HmkaK`p3%QX)U4&?L|dFH$vFUrP)6V;QxfhVcXKG?oL
zRB^7f7_1-Ul$daq_DZ_)($fO$R?69rJn^uxVS!CE<iR^bfriVU1H~e$s;U#iCEu}?
zn4$sUBjhtr`JXA}d;P53DVL9ypF}}gv1G5E2D57&&1fT~&1D5uEq!!VRizDsly8H(
z7CzbU#v+-fW{fjnfjpd+yWOfiGpngv8Q}ZmhY$;&&=+3jM+>>p-=)7(d9}30MDTqj
zBjuOyu5oDSv@p$%yy_GUA?vuZoKV<og$qY2cIVc%u1b-y&zqZVtvDrPr(6anx(dna
zy{MM*-T)lyWjs3ML39;PRp7F|_F0QMv~d9gpV*Nm3bjP-YD?8M<umFc$ZM#U(Eiug
z9H*VVelBvBffs0)_9!7FJEr-vo57L+XzN`>-X$m|3>OcvbjK`0TvXl?!#$kVkNb8K
zio)J?6voM_q!h;hmCFD?$U|aee-4XIoqZs`&%%lh5FDzb_A^!r2FU&z&Pl*BIH;lo
zP@Ww}N8_55a{_GUmR0;dTZREKH9*?yM}-V*;771fHzQoowZE$h;fup?RRuuh@FZ2)
z`1$iiW-hwe;F$P&OQ1}r#$DwXjekGJK^<DUB7SWO5+xj%=`RC5a*e*Et~z1=As!xx
z-PrR2_(6T?R#2^{-8{z1B&j>4>%5u1wi#9RmMwAu!p$Tpq}Fb+kn{i9M#=r|!zLnj
zaNVv;M8nJ*;MHmb?JF4J_+yzQHuE&0AM3_H>AstB*ZXDwzI{AprtLe}3UsNBhZGiz
zXw4^YuHS=!qQ6;l@o<3{Cl1<P!)0L#)C-N$ncouldsQ8IlM2}J?$pVG-pxLJ3sbUe
z#%_|mqYKDbi^n?pXAyT2fyxeza#OOE*kZvA4qu9cyM?l98%oriyQ0R31`!L~xtY0U
z!<;1TbN8olh?;zX+B+e8r)<1hJWE91^iPPy!mmKQa^mnI74GmN9_L+^_UO-$@G2`S
z%O}4zIq><{RliOB!vbmMK*K$PVn`4BANDt=mVkG6fu65I*oec?u3%Vgt%Pr7<H?fh
z_8k{`!@$Am%Y%ye#28%q%V){WpVD>Q%^#>v#+?<}e80LY8*SMvQZ%r<^>A4(059yC
zU*d<Fyz~22!2}d=*v{SJ1Q0Ku>E35-iD`OI%aU`_SU#O5J1EK|*1m)R*j`VwyX=f#
z1c;aGkFRzbVgs#2PYLBV4;2=39F&*jY@RzBc4<o5=0i@BpX~Q*$7pR)J-6;U2m7^%
z1Jd#g27||=LW|c+fu6Ly*A8A5pvty4=BHkf+^}%nr^AkikMUPM^ol-oMG=)7e7(!A
z_?Vj2kHx`zHx+FTzkJf5Y{@F9L0qDYyu4l0QOpgcfIzeCrGs5=ug)<0N0C-1ZN21k
z(d+r*P+~Gn_zKsrd-b6FT-s~t`yjCHm5zw6P?`7In*ic#ullDi_3gSa;CMFC6uXW@
zVKl4BHD;22Tx)|Xn(%Gw?M~qwx7X#a3#X(P_0qL*6Q;rxD`$T0P0VeAUq*sAJpOK#
zB)*`<{Z0589oe^@26WJ*?#TjGH{!>6#C|TXhxc_xpmc(BQ%NUt>fo%BSk%YiV{XCt
zBZl-{YWOL&4$;fR##crMU>9#R*Rjbv*2^;_1ao3cTvf~LL|I~+MXAPbf)PO=chmKs
zha1M_hAWiO#epWrH$imY-nt{4e|kPU%{N!b$!UpWVPw?4rukTy7!xz$w#0b$PE8H}
za4q6rY67sgON{yX^Jj{HCoB+Wb;Eq*;NbB5`EzFVS}qq3F%Xq7FrM@>b<{93;sxm(
z-c!j9ZxP;@+{OMX5<p?=er0*c65ZRehPBiZHSXf=ZjG%j%TId!Fhx_`+*#JFK)<&*
zyLS_C;|!9$Cu&?T?kM*hD1GDQA@D1j*KjZ^^HIB%_@T~hYE9y$%}<iGTg?Yg1Pama
zm|UUwXbz97TyRDHYTt$$idHZ&?JHWg{g338Cr-$LX=~~X(bO(&%h<y&CY68OaNN9+
zR(-B~bhcpU?6TYb`h%JwwU{D@EIWLwjrNmSCT{mtu3Ol?uWs&m$N*b#ZEYAlq&h_F
z7ipTG6kDH)fA!9nyy_hNES1vEU47-H#>fUrzZ4W?!yYG+h}gVFds_P0jF}Blgk)r}
z|I$$c!jQXYp1>vKs+unQN;#3D^&?SWx<x~m{h8&Vv$8;-VIBYd;F5HRs7&mA(YJsh
zJ>m%%RHv|j^2FLs0tWh!AMQadm2J0~aZj&!;^)Fw+vq5|ae2P9p7b8Oqz;4Poj1&L
zLdq(NxI4=@g07GDQ%G?)`eVlOuK(_S57_DxnlD@I;QiVrhJe^8NB`?h-7gvmrWOh5
z7C9@`woLus`B(D3#p8%<RU4XNS-wmf*rr$;rJ(vZmYGf`+bASLxWmo<$If(aGFTy~
ztvBpn>39YTQ1KKu4I8}v_TrH2^CMNA4vU!L|4YVEebLIUMrNwkVvf>qi{TfMr^#0-
zP%Gqni}GdGH`ffQB^LKzkU<_jNn2K>Rjk5bGo^s#VZFb<U!`RuA>pS$a(sNey^Zyk
zDqE=L@{37KoXeJpb3sP{)4Ow=wub8K>;JzGRYfj>m|PG9{VB=47)9jaFoM?h_7YQ4
z7XJ?uyZwtisZCl&#t9N>2M2ewQOfh_o()GjI=TVFznrCrykJUaA>!wE#cEd7v-9&h
z(3k^y>EH`>b#;s&9FT(IXk+6gc5s#weTyZ|-~aM})s!^o?CgwsK_4ZVrL^;nO7yt*
z-8tsw>gwwHx{88={nepvwU(?RuAJLnLN(6_otPu97Y`M==<C<7-PmX%^6(fzW7Squ
z5fQL|2NrQQPq1~&uD1L4?STKW<9VV6u&DpL<(a_fYrlZMZ;0wkih1mk$k!A-SU+KN
zn$>78mbmT>M+X_lzYmt@j5V=H$g#jNNkj8U{$;Se{Z#>}4SrH6NP{|NcGj_eJ^};&
z@9387@b8Y@_{k&bu%2bt)PNkag_f38#Lg1k0pyGy3?6W%zrL@jap4zi9kevoY|H)&
zG|q=FKRuqWIo7iwA?2%RDJvIG?Yw<Udj4~nTti-fBua8~c{*o?(T(`&%il+N@W8`Z
zOLQN*o?Lq&NzkQ_<UmY&Br<JTiY*rxHIhUw*Wxya60QC(lsOk#wRnV)#QKt1Ss5-l
zKI)g&4MRcY6>@Up6`yGYNz&gHaVCuaOk=~Qh&wUr$Bz&uZltEBW@wnMReU&K?<6ej
ztHE@*ou-9~qY*h5LB?07b9lZpM$ya=pGnhVjP>v2MufujN|AtcP+>YD5!t`Y)t-rw
z-Y1XNqw59^RTwDyCs27<ES9MW02nZ61c7-t+!8a6_2AP9r$}M-%~k6S0ZZ9_b2lfl
z|7#5LqPu&i%ayoDNMgj^zvs8khYF-1om*GOb2gpeP(T0e+qa#uT-Sry3qwY)`&k}8
zRYk><l^_a~0PuIQc5RK#Ao@_Mki6n}+Ply1Z5pJ@YHBXq{NQSB7yA19+2cPfG&t`q
zHs4*JtR3v{0|rwix;Eb(Z!hQUA}NG00P#$R$s)~2r5FwBjk8_}Oys{Wz%sjNf6n!A
zoq!?40|D{;h+tl>SVu~l3P8jppYFT6@oLcksVDNRC`#gQ_wo8+ZG1iF{7ztanA)-1
zeh0uVNCcs%M;u6<KFVQ)j+l2GwGK<k+Eh#s_E$7ryPe$MB-phW&VlIT^-fz{*3$+Y
z#ECk&7PnCE&=1nm3A|35(0u3k!X(CHk(rz>3!0kdJ3F({3vGTIv+Z2mLOy7XAqKeD
z7sI$WRjQt^g05bo+vsvITa7~}*Yxyw2Sw-j?U&nVXv;KW7s?FV<JrvyK07V9!DNo|
zm<=Vhs*?n@mseNXYz)3le(V`tn^IPWNpn>g3C)z4ovvaCM^|t$9c&nXO!dMVovp$0
zNT6rkpV6PTnq3!+d<=pn@{fjx`0wrDw1VP=yE9fIB2DKlQuADR{Qin9sOH5GTLUn#
zGRqyaBn))_84El!2sfbl64&4tgbSo;pl`{f35%7%!?mp>d@^&ap8c$;o$)|XLIQlz
zVonfBjZU!@e0g_82VF=QMS6AL=vfc}Im?3W=Bp|at}^W2cC|&1Tu?rBvCL4kJwG{l
z!K$<wpO`q|=g;e<r$_bDDR#88c1)qyXlH+9SgWN%p|uGK4vyz>ScPt!q{U09o}oQN
zpJ6mJ+v2pEtWvEW3<wHB4G?j{kSUxH^a$7*O1^`rB2|WoFUUA9hx6_bB?|ctQ1PJC
z{q>1fu}fzN9ukN_>efN45&O@|Lkqm_cryzrtRl^|-Cd9Mo~UpVZZ191X%7(+5{#g^
zzC=*Sv8W;EcER0gDVe(#`s+B#2+Zu<tWtL^dh0kfyOTL)mU?Y#rc)j>mK(6!;cu~I
zEO6aI*Z%O?y20CV>yZNvSWlgCr)(c_{3URL7YUA3u<cAG-<9T*d(r&Y<mS=5ikT=>
zFYWK?LD}A6jh=xMc6J_I$Z)v{j*W@YRaDeeRE&@DF1*O*A&nT>Tv?Qq#1bA^rV5Z*
zGq`es`fR8L{vLW&$BW$MUj8L&8H=gCj5PZ2W6LcSAIy83;_K$Cx{DdcW&5O|q;evV
zJ7R5pJt0L7gWS4hKvtfh^@?2a?weJ&7PF8LIF=)eo(t<|&>n~mNp%zSj!;>fUfax8
z1xC8;PdnUQ9&lNlZ;xgI_WK%hFDQtsWMK=TfFhM=wabAP9bGP0{v>sjB!~G(T1}rJ
z#FjYGo)*_GCU9ECLMPqaG*niefkm2?Dejx`5|}>?f0njBLPxKh+1lDZ-3)`IWMs)n
zNs}eIdxwWUyW{!Jdy^00q_M&yeJ@o20DN#h$VOh%-EdT|zu!P!D}}xrCRTR1@fEk3
zSGe46qwx}nWst)pGo=bLqxEhn&Fvj2%vrJZR7+>K&1eE?1xhHSN$}t#Y66Or48=h|
zLH*_S=2}Q-%zxFahseQvwS=lRDo`qy*ku396Zn=2noaCJt*@`wxNAEQu(*48xOsR$
zUgJ(W%J=nlo62@7U(Vlm-sz?6KMAK3(XAf+*~q4kDT`4wFd%(OYM{AXhWQXGQDsfE
z)rEfcrc|A^cMi0}frsHIhp3BGc@C5qr?o)ynTnudsPEjt?1Y=D*45zx$tgLoytg-J
zKTxp`q1f51(a}r^xVAjS%-O6OM4RJh>Aaq*nwmF+73!v&q?4VY1QZXNzeR&Eh{C(x
zeMSr?V$bQ7NaV7SmXq`8P>`h^Q`h&t*h&RGJUmMDz~<S>nnO*99I7!LOn501n<U^l
zY0Tz*y%MBjYo)FNCC*=Aaa%dRl|YKWnf~=IXJSW7A0N0bC|asbY5vqW-vhPpc={7|
z;!~3*{b2Dh)M_bP_Snp`d?WkQ)X8+Xc`Uzhvo2M?a>MqTa7Vwpbg_8iM8`ivFM)7W
z3?4`W`y=m|X}OxK@UNBP@7RsZ!mcU<{-AnBm^QW^&njFs5ari<pOtVJ*gxo4dRg}H
z-3%r$x6*Bqz}vQnnz88O9?&7=4c<F<hEU*CgrLDn)V7s}#<mKL^qzKh70nye2RBh<
zF7<@!y%4CqFt$`=t_yg-RHzWs01k3{MpuS_A!z<34|-2i1@RBoR>M9VwkN&PD6|)k
z&wJ8QmzZX~tPKWMu9^pI3gwsx>;3On_ml1|?2N@(9pBbp7^^)O^9UGzSk=ez-lGkn
zI$Gal<xcv*%qHoLB&S>T$+UIzsi{c(ZfN0V>5{MB`l6R9*P;>hULsJ*_f+$`S(_;W
zwJfIm#_-VxwJtp+2QGtS5s82gc%2OSrD$y`nmSfX#kPn<A*G#9QQy@|5d0)}=e?JE
zsN@3ZKmi{aq%vq1_zsCKk?ol=NIlRzil<ko$vBxD!VI@y?OMozMAD^QDY6a9Hp{b~
z@R;Y!0@1sI?v51CeYu1lOsV+K!WcnJVRyqNL)B70f9+o0jcP<J=TizcN6D>*px?!l
zBOMFV2i+<w>~z<ObU$`?OIzp9BU13GtyG>;c{jA+hFh%cJB|e%QRxk%+4e-dKDy+8
zhmDF>Z%r3Xaliw77cGwtX*;{<7V^0q4g_F7lajA4z51_~ldrnJ=W}-lZ#LJiQRCd2
zJmbHhC$>~R55^w=yH#19JYy=Ev<uY=RjPMqwPFftq&1z_x(0hoKNxFlPU(YuICnwC
z#mNxdj*+&uvB_4FLM>%mJGlXA00|fX81(&y8h7+t3L%faP8XpKDHg^6Io8C_ecPFC
z{>zs@BeoYEroX?aEzX01=N{flN=j>t5K$H`&&bF~l1lsXr3FWV1jxDq0jD`*k`r2T
zPQQ!mN_A74nDz#*8#bWndNowG1PWw6jOQyy5@wB>>$G^eOG}5u#Z5tzW3GQnSL5Sr
zgtRz#f6{$&asojVD99iFgi;mOZ*!2$*s2Ey95p`~MuVXgteWEuC?9T+3D!r)1QVz^
z7kHb`as`m?9|hW%xVEb!X(xPqx*it5a91S2x25Y&t{<>0P5F@W+H586kgH%WsMdPn
zrm$Ut9oA;~a7I9)z<<;0yo66)UCUm3>mw>Ka$f5*SUm8Nu5|@tP~M7_88ox7>}jnb
zCEhme0cX!PRy9L=^;=1_@77k)#Y9_!Z-(NE2IXax-FabzbFxFjHCuj3;~WACH+O+g
ziLEAAGnDyMPDgW<u{O_mTfDwOof60vL~^{}u=n(jervdRK<KaelB7Y(VSSMfP6*y*
z9v!wH-NCjk2$((I?H$D*4PU_ld9pn5XmG9M;45FRJpSs9E6`@fds1F2s%qt--mcVv
zugdEiZriu2+hn}>;nG`Y?=;Gz@lym;!S7x7ga<xK8q`{UlL_=Gw7%9*8(w@b@=;bl
zIB|B|MN#l{>GVf;7mYj8q@XUYtJ>)2G-LD@WeTrna9&E0dC36?57jVt!vK_^XMe16
za^@lit3XWJInh~P{}BJ@imDL<R>Y_y)M)hC)RMQdKi_28`nqS0R}O!B?MnAt*W=_W
zIv1zO6g>uxu;Qb<j*5$qpvMoSTCOeWdy4uWXAjBwqI(rMwiv{GE6nPC`S-hz4`xG+
ztz3OUS6G}?VUs5My&;4+WE)H)Ag&(&^<A(~R<y(ohvrAq9wFCj6^kviZj1wljF7Q4
zISRqvM1HOw{4cSdxq~4B@p<PSf*wUdX<R}p`xJOpl^dJ?%?k7A%UT*(cC1&{i~s3$
zv3r6e3)1gZ&1Plc3JK}Q4=nbMo)|KgmXyq#FHDA<q5zaqN(?dA*PvU_7ykB<^BBfn
z<X~`eJnsW74#309*L-(LdIlGU?*MU-5k&2<#|G`rgontsAKiM9^iKUO;jCqYtTqgc
z{a*Sa#F|$%-z`ls9nq4q2V$W(Lsop-S=;I1_JTIi9}f@j;d(7{ELVQ(#4R8ofX`*$
zT<HZTCnpnA(SwKwh#Q&E#%5Lu)togo1uWF_3kW<ddLj>}3N5+WIfp`<^W(?W%3;Af
z?p;=9W&~f`g$B-gL959k2`?E+ph%~l?d3}Z;PmwLMQn|6v~;$+yF2g=@;n?j`XC3p
zrebrFb&7$7-eyD0${JQe&aEpM6Yy(CYM@JPErx$mvjP7cVe#<)SwIA=8^gWcyxs|7
zjPGh|@yhIlH!z~Xn>iNK^_+OJaU$lonOyc1i^(U7N%jaYv+^lusM^X}39u6+BY6P;
zxmT?}oh;@f?<%`6GGD<>OOx5yAk@4Q-E$=V@y`xw`lW?)6b&q2|4xd3rvzYK3kY?&
zwl5Y@gM{k{z_OsdweF4IDBQxO*+wB{Uhm}9A!``&t?5zkz>SX&P_Q1|yFQ{y1^Wt?
zav^Xq_%a&SSGkqfDd=Ho^`STLohU+qlc)UepUh`SQ2m6$`TQHtoMh>|uMxIML00ry
z1-~tJ53`MSZPk-!L43Vy(@|6(SfI9CW=rQSSevF;(L72yhbZgACz<MSp3C>HQg7S3
zKxi38Sn4^tPP*_5+~Y4LdM*Y5pVbv~Ps^RY)t;LMD`7gOQ?XuPT!#^_?hU||p@*RK
zw&E0)EBW>CWu+DZfZLD{Oi8c0jMXm*L`-GT{`ZUCsSfyn?=%g^INzR|sb6pIoi~UM
zqPwfx`5om^!Iba=+xUVX+|8aQ&O_4d>H3?;*0UE^Cc9}-zM}N@J|vd^*R4Cx$}cH#
zxw1c+V%5l;Ff}%wnVFSKX4_Hvy|I^Xu}L!2ks^TOc^Tj0ZQ8_Dyit%4-McUJ^Xafw
zyA}_Bk&NTD_5Aeh#Y_H0|C=+7SWw{pZnSc1m7jlpDV|;X{%JqiQ%BkPsZA(o0qSn0
z5Km3H9N_MkCgo3n)hT`OeB_wE8k^}uCTxL3s?RDyafbv<IC*rg?+1=f+z+FcA!%Q;
zQ4v&x5lnnBMjaB%(5H_g;hgrn>X2u*9#&QPwwkUUe1@*PTx-rwJX?aY?Lhl)it4u3
zmNK%>6|^u><^A@sj;mmgqFyH<Te;ioq6y&xCJJ_0B>>?2(F_TwI$6UT90Y``E7|AD
zGif=h;zFi|9`3F<)gK{OhfY3a-JZwztw?x5K|#vYoJ4fp6^Eb6GINe@gV3Rc2!`PP
ztP=`a4&;eWOmK2@*D8;JkV^{fJl2ofZ&X5~Vh=K3TU5OR26u-S#xKNiBBbuDh|RJP
z)<Y;@?Dv}pT7R624&(@R)eWA<zcC35h^0!wELkY2bR^-{=>KT)NLH5GsfrO>?)Zr#
zpNTo<Em8^UGwsR&I-6O4lm1v1`^t}i?_^AYIo>B#m<Zq#qh}#_d4Xo&Tcsz?qOz5}
zzv#X1xFbpgjH`dHtf3{^ZEiadLe32lsgL;6pUX0qD^_1U!PcP||KsB{@0`?_G~=(i
z7Pi)^7O2iB%*ZA&>w>K?#1fc*k6kn;Gn4gMRl|3FP2{4(cpFX9H!(}P?BibD*^{o~
zdwNL#0PPD<4;b)?c_YY*rn{-fDcQiL-~x@BewdH-6%#=}kfy1%#8!j=2<zw~(MBA+
zgmK<}rW_JM1WTXO{v$a^Bpu*zRT4RfNd<Y-Ct!i|H;;^4(-y31*<LjjUIm>BIIp}k
zkc^mB@EocMKXkp?gS{+E|IvW7YD&m3(cpTq8c|+8lLO*@Fra$oPYGSaNaFB{F16O4
z10{VS(!jDkQ@xG^Nn#YEzXzSbFXJ~tkM_>@PuN4o#$1vwWR~vf-18Uz{P9>`PKR7G
zewTsm<tu+eGy(QA7c$r|0Cy0JkEBUL<Q(t%3c<~cx@Zjs=5;Xo2nzhDCvp*$DBw%T
z@s;!|*olJd7aQAERi($E$ETDZ8{`1xen!z)4-5`kSz3<QaB*^8H0f=;ID}*LyV!`+
zzuaN|!frM+UcGa&*1gXBrK_uJfqaDv%BX`lALtW|LuZLcF6c#wgR{1?b936y>RNq#
zeeL$zda;7F<vK&=Wo=azp--z}<c_TvLp;b5b94BCj_J`nboii^Z8+)PWo{-eHi&hz
zVBwygsqSprBjGfHrCN*(ExBg1d#s-&bvEu>S)X01-9Y5?u@BXy`{%m12Ihm)YA=Ei
zU!pxsf#CdsIf??|-c{@+5+=rl-s>Bo#z?$C9~JjqSZ}QX;|;mq6iK$7Xau4KiwW@R
z4XTQuDy{C#7w4~PId+-SG~7#XPuf{uvH`xoDLxK~%!N8_mY^;r@p>H-9(B4jh3u(2
zvXb5Hl%ABftk@I^daCFymK%X@a)xww``;kuHP|oHF-twk?P!&<lL(o`+n@qKO!~#M
znyODa`<F>)frn(BZoae!&*A@xSA$qt{ZJY(tnkbNn`8O)X7ToPX}hQp)DuqcEEyxZ
zPWeDW`+c`-CJN%`at~Gedsk%e(cL|&bt&y#7XU?*p>2P9eG>8O2$6`5DM$6dwbciA
zqyWI7b&LF>NL%KFxSs@5TwHv0v{YJJ`qaHV2@W6tzR>wU;;u%K=bba)tQM!ag13Xi
zUcPd(b_KCDm$tLR<^GIJ9Lq-DfEsOdZv-i?<NdWmxyFZ*^0Mt?*1LtZ>M1=wx8r5s
z#EykOe;gqeV4dcf(8KvyE*E;N<z)d~be()WTXt2|Kh!`2w#MDn(eU6P8Jn>rH@1ei
zgp~{`e=~fnTtd3$)kn}tRV;?I2SzP?qqd;UzxbYXgh^cfgyJD%Y=yN&AnpnC5O+c%
znJZ40)q;G($f(G9w68bHfuU4^_;vEYg9<+0gtlxY9RVQ?-Cari{caJnPvLiV!IVv_
z0;g<-UH?UfDr)8iosOS11vZ<`JMDczWZXjT7H@5StursBK!nciG4_IIqOxav1z$k6
z5+%~t34#q(wjMt{H8~giqO$MLJ2+u<3CW9NGRcw{m||dW_}^KWD4N{mV1$1lV+X}F
zoOa47N_bn&5@_c6FGZu)_)2*TK5-Z9NSX~t;gGU{Jh85x1qbgD6#%WYgTjm(pBcEm
z9t4}Q4DP9kY9Wwr{EH1r?O||Ya=Z%QyLl@S*?4-8(Fz}!FBasTqeMUQXa0{%h;nIR
zc1c4HQO}CeA0#}^HW$?+g8g*sx|c<^rKla41==4ZDpq`={5;iFr#hQOA;E&KZ+;<T
zS;5^tyy*>_L&=SRuxaTl(@o}T&UG+R#?G}7A0>bd?D*IN@oz}zY_!oPHJR2yXhdwE
zda&T^b}cOqen;B-0|>8(*T1M2P=7_$qxltq@FxhbbE;$$3IeFB@41)e=jTH{&-Umo
zwl;it&bM0hJ%vxClPZde4jX+jNl8ganB?0G;O0PlLNu9kjKf+Ny?*OS7l~c-MQnm_
z?${FOwiX_z?{kwGDM;<4QDC>j<;@Y?s5l%->7*eVh(_h4af|6xI-)(p2>cWR1;fSr
zdwY3Z_J3|p`uqDspmJ>Ie39&O(rMlCVueGVtRSE>twCGec9L^)g3}UeWyFD>Lvd4>
zQBqQJKb#8Elb)}tu%H9)5w@Nhm<z0aaD$Vo^X?-&Jstiiz{D1Y*ORxn7`yP<LdG1f
z=hkKJ^8#l7{Hs6eM7cHI4h3ZmB@G;WE)TUaL;bL%=^Qj0#(Eac%~d50ua4xJgJbaE
zs!G3PeDNh}QH;w@6CF_vuq6~N4wOC{N-8ZXEM(!o={&SH>FevT{3^Avp&VDRR|ppF
z^<EQvC~Pg`yJ2g;Q>~>Vin|T7t4*daC@Ez5Fjv8zcu4j-9tOx+eAhxtlsL7|r>~``
ztEu%fIo73~`0b(p$|y$iE}!hB)qcr-$Zf;!ANF!ScJjU|ZZ_bnm~&XVHG}W<O6D)o
zAo^N<hKIts)u{KgOvR0^t>S%z16k17#sL;0aVqn;lTt6S=_kg&(Bt4OlvsTiENO^x
zKC!(M@_&6m7iLZW7CH!q#v=N?*WT~!xyW>@PwDVy&#n7DCyGTTzzBOB^@(vRYdM}+
zJ5;|vt=ko!ykWcDma5skG3X+!JsF?dVk=oFjh5_iWl5@6>2@DAF*oy!^WGZ;jihv)
zN9#jf?;hAg{;`74)eIkGwDV@;<wnNUhv9>{mKXXs91W`DCGS{|i!xlEb9~Mr{39wQ
z6`Y;D@k><5E^?-t=5kMzULw$mDF#z`AGdy>jmQo<(j4}gKS1-UkcP{+eL#h<kwPnh
zcqm0+&O$4*q=bczPNJ1Yy9`|J-4l9JSr{J~`4$zG&gf}ka1;32ay$>BiW&6x{)B~x
z4-O0fZNGlKi<~?<A9|IN%ZpJ+Pzhz&8XBIQbW=bifcJ2U046!VMw!7ch^Bvm-Fq-s
zJDkjSb$8SX**dSw8M9`#uO$Q)*4D-qpCbDde_3`M_j&GK@o0t<f{SZd=0^I-TlY4z
zhZnq`lOAtCMjbwu2>7&!__v=usCGh|Kh_7wR6aF6k;+F@7PLCtZqaz|CHh&i{c$+t
zYccATDx3WS{Fy^AK?|C)&eI}*@m;|`(N)=xO)lIl&NtKGmGcI#8hoRG?1>p<Z5MI=
zqPWo@9*@@6Gb3(95HQz8b_Oag^9!qx-xiE~KD&$R51A~Dchz{?;V^l($0cemJ%?Yb
zn%Yc!+qtXROIs?QW9vDAOE`uPN#`vgjX~*L^wk(062fbx$?J!`i1CimJN+kJ?uGT<
zp#<w0qLbk#{vV@3)3QDnl@=|QjRtO2qWTN>vd$d@&s*5RT_TrgIDdQ|JUob2Gsh2o
zx&H<qke!%Nx_loqDizuPG{DblYYo%4oX%xi`k^ut7MQRNx!X3HkpSz4?2moSTITi%
zEajdOnn)1KC7OBW8eca1dL1nXm$uwqtEk<|-wfh9S<!7dh*IqG8(MWAV-rR!ru<e0
z?{Pt7LNu_Z-IzOwIA-oG{UpoKxWBT{z19-H+t-D#DLtZWUgK~}b|}*xRdY-J{(R1e
zkbit}VQOp!w@u}0@uunaYwE?Eyby=-Kyh-8tn2lI*3>1&KbjZ15LuuAkL7o1r&67l
z1Ti>LjO%O;j;lQfOY?J8YNM4=__DIHF;|D6`eLJ<u`!2dY^}(s2iKX7l@;SVEMvs9
zF>GRz#^cEKVsV?Pba?bv92sITju062_7<S$;pJu4C==#gi3|!titH}T%j5Ale+7I>
zShu`CR~Dg8PkD;~Fu!~md38k5WE|{RSb>iXRct_oNZxms^i$hXcFw`7g=*fnJGmeP
z4)|OTjVov5<m4=WFEqNkLd5>o5Sc%vTB+UwW6ULVWPp6i8f5N&A>+^rW76uB78Fo#
zwG+Sj*x|b5J;euOc?=0UHy78X^rf_voZJu;#p0lF?J;H(6%m2lc~2!C_qi<y7B-Zt
zVz%?NqbI#<70SDP5E|vq@p%Ll>DZ+onDhB+K2Fv~An!a`CT=%#P%Wp<!0ars`Ve0&
z7L4d$Fg(|P`_0knPX%{!!vp=H9`dTwol+kiv*%d0>k#>WwZ^m4tCjQk%2rZ&x=QuN
zkG1MI!?fm~_H>^-uNSyQ7a!8@Gp}$R<2Odf78vhmFGxIBTPfH*!1Kf>FYliluK}#!
z0woLz`WAPqi@PI-`diyj7@%H9&-p23Wuo{)eX{QTNS<neg0DzA<uj3V1zhW6NH-t=
z?Cg~{XIqI02|jlRwLqI`WgL^{=|AzSbT_s_PxIViER|P?V&Z@PjKKh5VTcIuBMb9d
z3=9lQZZvP-YFU7a`Qy+s)~2Vw<McxSR#sNDWFUoeetOF0B@aGaOhJLEsM6dI@oW(1
z0h!No4W@JjH>i#RvVGA=9IsxPk7kGk5)=kOv_Dj9MjP$EJ(6xq00D7Wpn#}$F-bxS
z(pPa5=p)aG!*di~dA#vN0LaP7qiJQ|I<EH&f{ENRGBWhIeNc?djel_<p520jS-y7<
zTU=Zm5)BViR(7`Cq3|ShXJ>qQlZJ9znxjkpnPJWeqTG<8CZVz0pTBd1&*cnX8uciA
z?mD?Z9^|~*_2sQYlA2D5^Zi$$ORE1Au-a6?yqc?(f$9?Dbuz#8Gdx}xT6yb&$_|E@
z5(dGYt8E*0^$ksFI_)bOfnLWxhcShi6au^F2N%`Vx&?<;`ib&5wkEjq+?Fx)xM=_a
z3^2mw0|oG1o*o|x)rzSJl9Q8Jb?VX*n%SQDo9ncuq$%XJ-oq9bha+Kfk@G(Tj=M+-
zVj-+T0p6!ueLPG#>tie(f%<<X^SSnIoC-ZcB$d#k0!~<17%Utd0gKMGHYdi2)cizQ
zRn>f>tKCs-eqhQL_9Z+HPPAaccHhK=Dkau7L4%^T(V9{G2QFVEL#kcLz1=-V_L_qs
zS2V5egGk^M<0034+dqFujaDJP+{O&i+j4weaDdaw@u=^{lh)`U5KP3hg(4hOcNo(H
zm4~zRd0Q|4U9@L^a1hbiQaCJrXG!4zzLr}fUb$J-Ef`RTF{K022Hn$h3+3t(by<rY
z5tcaDoyT`T+UPdlVq&Go@JuMTn0PTWN`Q#GPv89f{O{ktXJ&2|n>||}F0}~?sJ?bT
zU4dcGY0S5VLD4(!xPp<LPb4IX5az$og+&FLnw#l9{IrL5Jd~Lt;B%jq4lN2a%%abo
z4a92e6_rHNI&@pL3evH$RYXdcxS!h-n(@5DN-mUqQckGYP31d6bN1nc{2A5O_XfZ7
z<mPHTv^PYF7CQPIc3WLa5-&d4on$HOmZtLgfGv8Hu%E`#YsS0<x<9?~n>@q*ul~e>
z-(hC@_&Bvh1pu#bQBK-fgk&QqeZ}A0F70Xt_I5y;>gjf`bfZ5`TSJ4N&EWmd-NbB0
zHA(fNk%oU97$`!%BVqyQHh>DqLG3r&nURn_)78+>P*haZ*SE9!e|US#uqxNJZFEqA
zG)T8fNq4t|bSd54Al-vTL|Q;VT3WgrLAtv^x<k6zw{x!fe(PKB`mz7){rngQ494Jz
z`@Z_T&dZt~v~N6%gFZAe=Y<=<?h#5dB?^0L2%2n{J)ny}>*r0kO&wnrMP=Dfq<XBE
zo4?8UEF74o0N<i~>zytm&sXN0+$iVM)t09V3-Riz_(g{2|F4DXX%oFW&eT~7-okK&
z%T#(3Nor{cMfb2@`St79_V$}hB?d-Duvt$}PCRS9p`7_|cfUykaZH}bt3Jc}(&kxX
zX=USm^~=9=B(s?pT{e@iUidG!=#QE^xjSLdhtT1Cl)@-VAtJtQ$O7w9yX3i-lc?u;
z{7ZB?MBk;0d)XTflAD{0g2%AEw?A2l4iG0Epmn0CNZcm;`2^W8_wo~%3?;}?(gzCY
zKg!elltKT7vwtIsOzm=KrU*RVIA$%tPY4QuEk*eyB?<>vK_93WJswEeMxuL7vTiSb
zMv<M*S#+6S;Dr3MWdjKMDm`|l$Hr7%;)NeB?}hKj`#XuD5l?0Jdh-?Mgl-5Yf=7M5
zQvPkl*HpqKKEDN8qCjVBWoLJI!Y=f8MEqy@P5d&IXp>V?a>jCRfJ<9gcpHx!8*(F5
zXbmEXRO%=>Ik|<!MK6``+S=MQE%2LwfPkmUgVWO`v8$%%@iI9omQbmG)&tz(Fj=-#
z6q%r>v;H)j*}xZ8<E}Fo#$iGpSQO~L%=KTJj&KCPkpBOD1Nz5V_<wU=rCWYKe*|t<
zl{^JQiyx{VfOwSX)VFV){*eNy$w`O-tMhg^bIbPH+S=;s*m9=eyg`T1o`as=2$lZX
ze7Vp^6G)blU)H<dWwF#e9afwHy_Hn2d7x}BUj|Uz@U#8pv|xVQGchys^zb-$!+E2)
zV+q^OWI=ens?gq|fRD%%Vp94B%}HYzo{^DJyY()1c&n(SNnQDUR@UlI=GLpLtMB)B
zPRPMy`YVEs1|2Vkxd$DC#pPbzI4S**FjHl(V##Rw$TeF0K0q})OqxCZqcp>x{KuaY
z?;sxIwR52k=()T;^rL0xGuc_~^vBw1M=!08dsgjk+fbMC&IQX<SFv(T=vz(>6(yxO
zV{aC6`Y^`Rr+{zEBU#zySrP>wOThAY;26JDO(GE&jn!{0-`9$PqpDYahXc({A~8#O
z)$c}+NAlkq-0hKtFN`x}&`CBzxgtC=rA4jpU$bm)zdFt05455JhVP!#LU^P@Q58<O
zo%w}oNGkcCT@ek_55P))5IV0xHzU)TrmbM>+a1HFKF$(TdH9}idwA`!KjT;MeOi{D
z8H^A6H<gnvBnFmy%&*43ow;P<m>{@&2#G!Wc2)JY{e;Ls%W2Uk5E{6}TLyt3kH?<W
zTVHhYj>90YP1EZay%_4p;&pe>Ttop)&5dm1G=`NJC=ih^*eAYpZc>g&Ab)wX3fr1l
zI{R$kKr4yuxv&s5Z_zgy$=WK{GqkYdwK0CEy71{n0%P!Wsp3}-OF&~q_}39gfC{N&
z#%9#5u>o!b)T`zGLQC{VqIQkA%}hokfuT&#t#r<T?7(bHXuHP^k$5GB@GE~ayTNmf
z6VWn!L3%46Z#7<xmO25)(<bz0-LHwsb&uaN%9@^h*(5>KYeQTS;u3NDf=|+B78g+A
zg`_Gr6&~>H_1F0&`u<NE1DA8tuKTwi^{i$dU@<K8m7oOV1h2zqo^5B0@yIz@OJTIO
zZ3wN`m#!^^U13?P+D_S^ZPF>eRg6TY#gLQo^km?Zf_YbKQBNb+XFryoi<}}o_EeSF
zwyO`4@%>YRm#tF$7vH;pu!sonWYxd}%=*LIr?=~0XDdse$e*kxbUD>@y-KO{CogB{
z-ckxuUrvKAz2o~^z4rJ83~%*sI8Ji%^72Ah08=MZ!Z-HkBlE4>53Xk%{#4f+(>3ZC
zWX=sUPlNBmIjo5uO{7K2USo9ZKDD<AP0A#ls=I>eC#kt5(C}k%xu4^>h%MW8(c$_a
zTM=tCRg!q{;i3{I=?!Jgg+m6MNa%Fo2ewNZXut5bYq}Z#3Bxl42{v*vQV~kb4@uGK
zs<1kU5KKJWJ`%Xbg_`!NFIU)kF8WfANsh|WVL|N2mFfrx2*Ad{_$j-(0>D^RWu-Rg
zj0X5Qh{%f=R5F1t6d%A}rje0{zVfcMT8w^^_6(Uw8osAv73Unx&l9b>H0-a}r-Fv?
zybffcc?CSu!RJf{gG7eCX3}3gD_+vj2}o|^+=-s?F%eT{owU>OAwnQCIv6JbrJ;-2
zd1qD~7x?ZX{31y_zQ-Yt*&cGE4eu`Yj-t4IN44|}9XxC!URq;rp2n?CmEhV%pzph<
zS!4bzRy1RbLRUMimKRxgs-N^p2NQZa9g5-}NrZ5@uR$Ot%l=i74PTgzh)>e)G3zsb
z&gho{3hr6{o)GQcQ+pzOH8vS?<xUSX`erf}mqqG%nyrC{BRavLsSBv-mek)mT;mNT
z_Fz0%LldI#Ajxd`bfNoBeEkX4$itvE_Q&v&WuVsfM7sw*KS(t9oItO5_dToyDvicY
zGkj3R6eh-;WrfvzbCq7iR0;-6!=KJ*srLoleaSZwjfc0e>GtDHxo=2^b<$tDcwxy4
zX(KK-ut7IA3#dl<tj}s74FBqt(Iuz$eGk0}x|^Pc#&u}Q<(B)^dN<|M_0_w0|5wZ{
z?Ow;$^VU((g3k|Lqy2>Pz6YO3Y@f?1aMrsb!+_9kNd<pHDWv3()%%sqDZ~W<qRmA2
z+o=BQ<}Wf5yj9cjmDQfE-lQS?&yXk-v}@SRQ=KSme-VOh12{AZk9X)ok<O6k!Z#^6
z{z?ppHREHP)|-~Oqi?ao#clF1&CyXHHechjUsQ!Wr(fyrq=M=*V8O*Tnw+W$_oF}N
zrdN8rC$b-&@(5P;=RJJBA2(_ljQ-q*wT<#%Tlu6D0Pmha<fv8arLR4KkG0bs6<4t&
zfI^yKe7kLdN$PX;lz|vSpLy?lEFGjcaVq%LZ`e?biy*HUbvI|?5~;?-XVpA|mcvA@
z6;_u>BZQ8DQ&2NR2<?hJy7X{qEDNc(*cAL}gD2^15!yVSwcgzv!RW#?rLazVBXfH=
zdd1g#Q*Cis?5ukpNbr0Aa*P3T<@+kTkH(T+*ElXY>~I2ch*iTGawPVi7UYIjb6R?%
zFBsJ4Wm0+49{Na<yFU|Q*h}c@Cd%Yi+PM2#zxYXBA`cxnnKz8-=lusvu%Eqe$!2(y
zP=}rVp;*r<HA;ad>LUxi?mE_frmxEON;wNEY%<IzMw~-mv<|8M$u4y?Hnlo=D-zbM
z>$0}Dl925rB-v@+I03<gaR1(O9WuPtPMDrBt-ji`Y<yGXPVA=<jh_X2t-oeb(dnb<
zU_ejBdRGOld${PNbqJrME1dm8wDMJVJu%HBE?#a@9I1IZ*Q!QzqLO8#@)7I_8ewzZ
z=HlZ{O9ii*p$-PTzY9kcj`afc^s@S}vTkB+sw2(e_auUe!^zWbTF^pE-C1-G3A{4S
zfV8U5_B)8zNgGB_HHJ|xvVX^2QyD?aKdn8hVH!!wxu;3ja+f<dn&w%*R4d8dax!2X
zoE3YB33pPQiG{9bO>R70*WW_uJ-LRpCdViVjmq(3j(#;QdxC%lqrJ9zvH#SmCp@y>
z5>R<1#NjYs%zA=I^tIQEK*8@`6|(E8fuXNgR)y;7Fnq1ZBQ{nMr=AGt6$?O1-wd6r
zH0uWqxwr+id$Th0IPykqo{1W*rYSDDpYVxq1SB0`VXqonl9vI+%=%RdF?s_fC@tj~
z2C0lj2V>ZB`b#)X!?6UDF#WTZ2_J2rpTAixcb{4C^1LTTMv;J2+<nC^X-v<H6Q{t0
z>G=pxH6_4=0+~S<>aV4yCZB`i|DactQM0ryb`TUWxx2a|$=r?juGJB}(P^&$=nN>o
z<x-1>dhGC`u7*n&U}82ODT${qkj1MjLBQmgk4Z^MOx=BbeILY>`*cOD1N{z#7Fy~>
zza+JnI<D_rwI!@0Q3{az7=r|+lzPm@R=9U9H5uP$Of$w0k^TE8#l6tx#WFTS&$n`!
z>OYgOnSV3Lp2$K(64F(BY7&r6h=Ik|M~X9(o2(A&uiP;*pX#gh67d@Nh4v`*C0Rx_
za>9M!yMB}0L1|ZqHqgF71v|eY9;b^}chL0&%#`({Z!6@!KC7h~WTSi`qMoKq{YE;}
zqh*&{?ea{6K#m?4hXaZbI9qsrC=viM_M{g@41R##jQS1@gfD+(_`TS0q+}%))JW^=
zgzRycpo7D4CE3+^F#BwW>eHXc&X{L0S%Qtl(oG%3OwrHO+eEu|%`;l<qwacRnu!Ru
zucw=MKaDc=hbS3y#>bnH%=O|HBT-*Bq13;F4!8&fGwAJPD(3b>XG=-H`QRRZvGAnx
zJtl%u{fpC8h@UuxUyk<L1*Kgoy|f;={su8&Ee)$3@2Ls4K70m!Tn1GWO=pD{t2(;_
z^?Q5F<5N=ah1oXO%lAF@kGAL#XKQA1L_Ww!eT&f7yYDZG>32xbwcS|-rDh-uk@EHn
zrN2EHyrJ``%Um5N-)cBZivwK}(Po}W!^I8m6TpP`#(t<qmD(q1Xjb$?B!*}VkwtRE
zyg{Y9BT16-!w5xpCMGAhtEbSno#SeFHk_%WG(*up{HlC~x3XTKL@Am%#8LEVe{T{T
zq|MP`vtkG0%rqP`WohE9_vVb~GURi$sK0ggI0|&0DWxh{`3qHs7h~#H8?3>59vh!f
z|DAG<=x)Q&+s&+dLl;hn1}dSEscB9>p^$f7XY_L!P40IzkAkfc)!wW??+W@56e>J;
zwWKev#%n9IFZ6H<@v#x1#Xg~KEFS&2gC&d43`l0)yMJ7=9-@0l=#)wDi7Ryj9K;tw
zEzltbhym~IP1z|kp3AEBND-PWu+z5E#&NT##57Den<y|cjvv2oJ>mJhwcekRNvpWu
zb~@1<Ha|IpdaOe_LiYOfOIChSTu>>n|H|r@?rZoE5oqTKasH&CR)uNolMQZd?*)nX
zfjW}oIpLKm2vfd7M1lFhkwcXf4OXLr(w==Pd65x6rwJ=-9Yr^QJtCOs`F<P1fY=I2
z<B8LUg^1K%o~(?)_}Q&(i#!YaIigv*>3+q7WA>CNLlC+lhiJPTpX#f*J&$0!+>~K2
zRrOQn%S!_fc=z`Zzm0u<_0t-qze1bnEsTz5u)1|K)9<gpd-&v?=OverXOTindmxbQ
zDZN8<XHan`otY9CuKCTZBm2G{Nn~sIZS^r9&U|BiG7MXoS0II89-TgB)fF)$S{ee6
zMy6+S64_~^xXP+2rx{oW^F>R|F|f8oT7IEbh&FBQ8A;7T_T#3d5vyh_UD)>yT^SSd
zsq;t>A&`?XA^PEWpxddnDnPv}^42-i<rwh7Pq~=~Db@S@*CrrT1%*^)U)`s|0<y%^
zuu|~bo;1Yqb2HJGe#<QT@xFi)!dvPrqgD?Op?vXl-0#)m?2zxus4p7Toqg7ny?<%#
zkg+w&Yig|Uq>#mU$t?{hzS;&f-ueph7nZiRoNQxhIkw=)FIDerfLf-Q<iQc4wU17R
zR>x<ASq&TBeh)j1#-R?O;p{nY?p}DwpukJh%0T038Y!e*&0juiqxm|KTyr!9jh=pv
z9HZ^TvhjSxzZ*9XKg^@uo0_>TmGR9`uYCrJjE%ca1Kjq)M8wb?*eQA$*K=rs+P$--
zNUGy@2}~u}>`4dpP@4v017{xgSCmZDam1OvD9<5&(dk;NBm|k|Io;ju1~?`cGH%1~
zFf%g5=;cSHMU%JW!ZZe4l@5vKLm2IdGtSplXBEtwlMfC%<k$6aym(FYK6?aJAGF*|
zufDW3w;XW`P&-J`YW0ADn9R9}%YwEzjdnHPmt`(c#1}{bP>{M1kaB+h++d_rsO(%v
zs7QZVaO^@=zWazfg1!ROJN>7~*ixrznE8Bj3xo62Y)Ut+Jd@jQY=0=6An-0uZfryx
zgo9wL{=ms#CmmJxt4qbtHGQvu-djnNfI5c<iSk4YVu*=ROx*!@t%in#dATOVcnx;j
zEc3#wqRtm+ore?Zvf*A6*`^eFD6H^dZ<Zob6Pfi0ad9fC<$K;>wxzff17zk+IJf#C
zFKrUo%dbcr987$1gEeWyg!nUtpTxScd32b<hquOmy!!d%kDlU^#vd2`dG7oTj${3&
zEpKnw0@k1@3{n;z4Y3wy8Hsm*&$WMm*sK6^vEc{ktekYc#uk-Ip!msWyXS;vmL8>9
zS;{YZhlbKvjYHHxFIiqeITj=Yop@@{>Mc>w%hAP9w4ZacF?fT+_P>5>K%DVXhK$_!
zL?VVvD&mJvV=Y^S-r8O~k-o+KuECI7*&v{k!%duEM_9(&&c-W1y>!2aY0j70@AP4~
zAM5itRG^)QApy}Gs(@D%G^pMFWHE)vk;|=;-Fjn|C!-m4(D-A_`5WEws<^nu+HHBq
z9Z9vG;TQqlOIF?llA2S*6<%`5?%$~|Cx}%O5)+s%KaMmdstn_c+h=FE#J0i0Y88A`
zkTiIuENEUaYg2x5M*9q<(}oL0q(52|PGOV*14_R2&Dmds77}$_Lyk_QAC9LrJVqDH
zGHaBn@#Nr{aab^#Vr;};+sCiOR;sE?&b%T?@ng)JvrW6d^Hpij&ZyvJ&YG2{J6nV%
zN{<+-?%$5z+@gtO`ASS#nm#eZ=J;rOsaKMlSBoiR(H$+J`+@CREG-H#RKETFCG<Vh
z%GQUThz-pGULy$R*8VUyzXzX{{wumyIQ<Ym+rf<yQ$d+H4$!9FM22$MpLQ2BOYa!x
zyA8UjUDf2?dZy*Wh)^@FOLZP6!N>}r4zRP$%Dp!XJM0as6CykLPAQbcW{de$LhCJJ
zTDFFR^8N(ZbJY3XRK}jZ+UGQFu~1n`wp^+d1d3-T<EMPK^hqp=N-wOUWBB8!sy6vX
zT!Ma_|LSFnyA~t#lViZ)1hb@g_fPJ`2q8T|-oBYr$jGYMS=TQhn5JD4IXHa~q7&@w
z)p;)wZU>K*V71`YOpT_))8W$+y-A#t)02lvTjJ|EkU59KL7Xipi_x-bp%}zZQfr+H
zA}Bm%z0JbviV--U`KG#HVCxPt(Qo8E{RyGK`}Vt2;ZV0FCr_O?p|fV)Js4hl>*voc
za51E*vl5oxVeG?C{0@E^Z{}_E)G2Ufn5(MuvqSy_0~kUtDdm@`VElUB8monZqd^!j
z<@SgG*;#q1%cx1s)GH0uY2^)XHmO(dhLL2@bNC|V@uFUs?t{~q<BXFJC;NS~0|RPq
zJaREkR(bE6Oxq9fVlWZKl8mW~V)^%9cYdwG@Y?2e$DZB8)+8ogKqp5=i};;!`RtiW
z={SGCsJo>_8NJflU+-`K(I4)^`bt{FS9K$&>y(O2NGCN%&?7woN;*o$KHX9OoSsSw
z6@nIAu)Fmrv^V*;gLEI(5+q`;vtN|;$6#^i4UuPAshgx49CxaB8v(y({1i*0Z)ZME
za0;gF%WBQ_oP9)NNqv4eL(2#J?K8?B9jn(o-Be~zw-6vBsqS2NA97eX9I2<x<>#Fe
zIn?@2R920l3JJ1)l9lUEg09X?t|mJvzYror6wO*y7EK^rzA@T6zke@#6X-L+<Z@0g
za<h#c(=^PxKRLcyX3!=%`u&4Uk#T-!VPh|$8(JwutH6-WUc4CivYmIAJ7a`2mDB`Z
zv+2Sb3w<~&mGb>MAaI>Il=Z%5C1+AFtRUTF{JoL}-Dh}FPC>P4Vi+&3V65dN7&v`3
zw~ZV)grfKCSbkxylNFm~i)p!GGHQbaa~}t{(vd2z*My({_l%aAZfw}e=|>(TNMs$Q
zaOr|Htd6FKv>sWJb|ql_^Gk1i9DP{;FWRH6mB65DWn=U8^Jj4(tfP~SenUgUxAF7K
zc#K-#ptWVmagP`F)|8w3J+D_3w1~vNWaVL4Q>;o!q%xESd>KUFd-1m6iMif7x|xc%
zjQFn_BHocN2~&||X{4b^`L0n^4aQTW`(I~UrhuoF-M1lEqIgBbd>%Res(B7%_S!Cx
zQR=S@<(hu&Iix*PPx#z>+Xe$^3)zB~rkO`Pg3fHuh#y&*KXIqVupsxAd_!d1lItOt
z34&Nhi*zQbWXGTZrybELq5Y(<pLZ!C5tci@)(M-83lcZ$!6PBreAdECy(qnrt{-&w
zS<Fu4%VxcH{t=28oNjl!$fr-ZXy@Wn2vY=71>;v;qFst78c`cR^<Q*VYe_Z-lx6HS
zLxYuudD+eGE8L&5kO~C8tXkiNh-|&msxJEe+lcq}n3Cpnvsf7~YooCuju|D???YKg
z-PN(_2B(4D!8$HUz0Ng;J<yKxT$Zy~4LLPmcA9=U4CmLy`?7La=RwF7T|=c8Z@#O)
z{A)v>F*iJeZGK-~`Y{2x`mMa@513FNM~Tf$Xlp})v<36U>h1pP<qMS($#aFUKtv3M
zFD!ty5a;8{(NR2nf?bu6eWM~-`(Q-snaN7T!LOF4gZDv{@|+H=PknFR)@QL)g-4aV
zPGg#{wHN-~&%6wM^!Z(^4f4Z#Q^mx*j+78U1!N4G{!q2%H!j+z^&gKrFrc@bW9Fzf
zGh0uF`cZoDKlufp`2{BjWR)m9(Ca6Uaox$B&9fdLgsF50H}QbPh){jO(T<9yLjSe#
zaq6ve@>7k7&#k|%W_*KCkybBW&gI;8xe;4NJteRmT^%eS=d7E}kJ~xD!AYX<G_8;~
zafT#)+gmK{6uOR;_$yrn-H~ErXK!w5I^!=dFHaRP#Qan4lCiL`VD1dw4iq2(W%)i%
zI1}tkm@dWi!p*{H^B6^dwNtR%kph*>#mi;I6t2OaKZA5YNvq$8ZG#Q;52f<q#xdw3
z5MNxsPIeSe%GrJ5ORq}e{c<5a+@#xqe)cQx;KqxaVAxGYEU5g|jLGLWB^f`8`I3WJ
zDp+jO%+F_*#O-9Pcc%AodxCae!R~p4C`SFOmh0SAWjS6^S;;?WSYKBskm`;p@9BYk
zIcG^~W~;7E(t{I%=S&bZnY57igQ8h%fqPk8N~-m`i&&1Do%NOFOqn6%`0BSYTkpwc
zEY%Ns^$V!mr(w#OvJZ5(=v0+A2j!*BpJK2KtqKXa>nwjBZ#Fe{B?bo~7ZMbs8lbAV
zYYDm%PFW0DWD@P9Z#I`=<pQjMevd20)R!lJW#~aA0S0srg5#bPAuB2kl!Lw+zClN+
zR3FB>jf)#LH;0~2s+*aaL6p?hYtQ?c^`VY#m#3$DM<Z#rWrpc4pKCFRJ`8CirAy%;
zTfCzs;}~H(LRC>h8di?t4cw4~A1z%g`D@)oqwS1(7=wC5UZ3KL{SSoqUvVwcAbdiM
z9pS%Ml0<LF|MOEsf8GH7{eOQ6yu$tU&j0ssfL$~&Fpx)%2u}5H=ZCa`b|)7*fb2Bz
z{c{Kfi>>^2$7#;+gGHwOUoT?%NG2hLaqv@q9|;g}ltf_u<0ZH?-arX9ybzx(D)hg7
z9~Rk%5@gk(oDjFC|MAtoehuD|9+5M!O!}EhfmBS$1e$!Cngn#UmH*d?{(L&q4FUV*
zeM&q4#sDte%>R19?c-RV2{>S_!Sqj%I`@n<{Og{e|Le|1!UO11quO4Czy8l#`un=_
zUgnSXB7Fyd7QIGSc||tV|915VIG)NQ;>$=36+Hjt*&yINX~D#sW^fmdf@ZrA7j4wC
zS1eZE3cq;`KN!y^We`Cw{BU!=_s=!{=Ov<&JpUbTjqjH~Mu+v&AX^l}{u~+|f|R^h
z9o0r8?0W~AmYw5+|Jy?syM(WN%IJ0Z<|x$$JN<LoeG{}Z34N_Qs`Yt8jcsGqnRDEg
zv#Mo<%{&eQWM(K{U)mZw-QH@zLWn3CpG^`p))mjkrZCyrEHz4Lc{WIYeKF7ZT2$?~
zO0>X1wpvI6rdF%0O`4q7ou$#Af3&kzj2gk>o!SMMSK+#<?vfdr-5LshdyhBcXx`Z%
zXwC@>K@+FE?OBh~)ln3=!W3mNZfaUMv>&V;<F3G`#IGw>e3oLhur=V0N3#CQstRDV
zA1A!#Pv-Sb?$=pck+t+N-VpXNgRXU*o2K`{n!H`E@9OX&e7s9|kp%~t(98C|c)CVj
zq%-&^dVQR1boy8g<*CJIxB9%gE0k<cao_B8EE)8hBj$mCx`p`7U@Z1LT*Pc;#6c@Z
ztSjnk9_ez+IZlY*?azyYvsW#sr<$mxx<6&p`<5#pkTR}p*6)YS4iP6yGF<`i?WgRs
zKRS>5nHr|CZ=yy{(l533x7QLT98rMtk(rjM6B!x#XI-KHOSGI{6Ksv2jQJGa8p`0p
zP~?&{SzILCGD-y)4M2<&+TY{gEVDH@FKuH(L`71+e5nZGHDAY_UqLqJBk2F2jQT=f
z5)<NKS+#u%59t}2NlW(GBWEUpLX#=LI3=V2mNX{%#Tla^2qYSBX1<sXN~r;{)t>Bd
zsQP+5o7qI%60}B^rC}ugDIR+7TeRj7Oh`H){{deTQ%AP@WUh!)-Qq{+E6~8Cda|UB
zbCd;jB85;~b6^Q{R}}bglc!rx*dR{3>3YumSu{@vXJ-aFIyM~^VverC=K&c?k4@E?
z7r%?`KL5{JLjO&%94{bc+u(N9oTwIn7MGl{<P_@^GUY+PncCEc_Pi6@Wv(NHtZhEi
zZr8b%im5um!BeuSM{EAI1;(r{30LFn8oH82OwKmiaP++#=$P3P<p>zb*(jzy<^qKC
zpV4fnbn#OQ-nb&8XFWZrI8H(_WM7TWpq;KaQqvKACX59;j+M%h5;Wmmg)N$rpnoNT
z#hgw{q7P^M7h&LpqejV5!&w=X=rHAB@+V^MlDaw#MK-y28L9(1Hexgy2(S@Z8Gc8{
zpW08v!&Vdbf)mjg{+s?-;e94<l(mC5=!HA!zEHOcU0tmiK!u^m^1UNGH-^a0Cn!EJ
zE}qAXMg(@yybtPbHMs*|4nI*$@%byd3c2>t(ek>wF9vP2D42^h0N)Bbhr|0`6=|(2
zf<NsYs)2aRGd~uys^%2bm$YVLxol4$6k6FjxSg-gwq@ZVn9c@7go*LEwbKQ6trcVh
z+;$7l)ItFWa%M%5-0+Xs@7?Rxf3F_p9L@V_ll_@;z~~WzgpBa1R_CEXcJpV<5o~-G
z3v4hJB-p_jDcRt%d2JgvBj#ey3im&?)SrbN&WcW#ydPJ4Sd)555Z{TK(B7Lv<t-Xc
zNSokGtG_a4B?}FmlM>g2<G|#aJ`r~##$g_`BQ(!+aI{>itVqgMi5xVcmvo6qlGqzl
zG;t!zU%oF$vr&!`mHc2*%v@iUJc?U`_wkOy%D>s@V4YZjLFs8AZ3{*Xd$KvI`b?zd
zwPOla)D(QfXk`kxKgh3&)nKxkZ`gs@8h{9*+2b_#IW!=?_e>&g$bH7%j3p$xfF1z>
z2S<s(zx|CUw^{3Uh2de*9hTbCVhQYjQS&RBxQD9T2Ng^tx{kZsYf@6g<3cg~aHH@P
zvDGcNN4YxSzNK>LE!5~+nrPycr=Su=Nlb(CwsN;+63(eA<9bh0pbDsDnx4nqU44OL
ziXo~(H=l+QUGM@wRTyJ*GL#j>F1yo}xn%WT`8j0SeEe=q@Uw;VZ0&4w;&p_2jWVen
z2fnP!VQ7*(&B4F!jZX2z31IHOvKYcb>KYr1hyd^f&}G-8y?FEEE9+)X%-;7w^J>%Y
z`L+c`bGg`sP}WKJ=!jhz1cbwIwo;vs-%FcK-Eko!BO?@e;pPKh{y;%r2iRCxKp=o6
z%^i0*w9I;%$^NK@A+xzz@H(ri>a%1vDW5a#^XH<)Ft=21a6Hv}hKB(z2S2=%i;F8H
z5ul<222;4<+O+MPT|h^O?=s52nMCMco&(=A$tU)-u0jIthpY#+b!eX`yeM^=+_4~_
zgW$6@AEE!ouU{FhLV)Ama0l*kh4`-f-Yk1SPg%qe{zNV8*G0l!)}<<Y69V@O(_*wj
z;|d1brcL<c)Lc7)z3nke+(Out!3TiVZX{Y?mPbNHesQV>pb(=6BNiM`>Nr9&GCd`w
zKey%NbPCgg-%KSgDapmb0bbG9DZFG2DrW%?A-EBT6*0%r$;tBqgs}fGu3{MQE07PF
z_6YK4@~d|C_WD{{h2}(z{QO?V<y*qtA#4PACS%BRk9Hr?*Awh2E4b(xUm^Idjs-PB
zaSNW&1V_2*JW=E@`Xs9qH&APOJe{NN3sJIA%OnicU~qMDK?A)0VPUM4Zy+Pg&RXr2
z^gR6hMaaZlHW0tEzmALy3a*rUz=w0`6|E?Wgn>cx*l5@h0z+(4iUg>oK=(tX*<jzm
z0LM3YK>Gxa6Wx*DFz9d|+|d7Us2&bsVMH*KH`|aa5Cb-4QeT$!tUB8wK+-z);&7Mc
ziLrV!w5!mH*?<aIC~f_6G5s~X)4KTk;9J?~J~9ATZBX42diM_h-4m-<+j8N6*t!W8
zN@{jw`34mLuyDgWf%S8BbxnOT`zkfz`0gnyl$F(Fsc-qu0X29s+bCvd$8@b<ECzsj
zdU|@Th_g;VmX?+l7MiN6oI%CesC*_Gy9ZsQW_bK5_J2rZFd2%Z^|IOEcpcQi4`H@H
z-~v7Y;Orh&0Tq|tH}Mn<qHIrfgNW~E`-AUV@$M=w-j|nPLwBw1P46!xhjxDDc2&@*
zHmUlV@=hHLlB0%Y=H^nfvc?RW0f>L|IK{aQrvrDo?8^RZ<<qB6N77mezKC9A{Q^C1
z;JE`}<-AsKPtO}KuUlV?irS!wiMN2p@Pw&dLH79a63Bx2aGFn_=>KwJpkj&ej8DG<
zPT`&8743IQ^1{71v9j&VzP(->haJwZWinommLhteFpKvk^UHlQeS`Y&@BrB2#4?ZL
z)%8Z5;_ZIv-Ps~IHrV0gC;F3^Fe3xduzG9vF%CRkyyxZsAw)@Gr8Ey7uzq=Yd6`~(
z956!<YW_b?H1wYzIjbnk4wssX@^}DDoXbCpBCkS);K%Sad&y#yz49A=Bu`lj+n9JA
zX`Z<4g0E+~gtB>5Uy_p_j-Zcle)1_?mP6up?x;|6e>v@$`FV_Wiu7bih}*3{9T-&s
z5do4lTWJoE#?8&m2ON?Vh4CV0-`UvMo<N86{>=mU;})Qb{{Wn?ISMyH{+R2hOwK1b
zVuP!o#M(2h7$UEnQE;7^J7W11LSc<lE5E%Y1Y0zYo&VNKQ&SVb0Kw)-8C<HiPJEy{
z`}ynWsMYOg33RvK+}wcIX0OXwO~@oRfcNh0?e+Kdy=6DGg1$2`HJzNEwx6q#epd%r
zYkYi~9|(5$_FQ<6nlJTqbVvxbH8p2JHwXaHHdLiRMhY?zq0q;UPz-WmU!CIjRb3){
z>oWZO{Elj`91)}HjJYQM!4iNE?9Z@nm}oc1D7Cl&I-+&G>FH^6Q&UnQ?=RhJU_?$^
z2z1P5_r`SsO!YI3PF^`!Y@A+R)*mjX&<?=?*BPH`3%+)Ke(rU7I5~$d1FoUxBcI>`
z2ypwRO%!B`2RUWG@H*vcFeu2$QPK>&5Z1Kn1c0Bo1=9*N&_kb|n3y-!ZuKtTB?Q2n
zW67hzlUN2QUVs_*yfFH`+L;dZJ_)O6sHkA8-aV^=yMEu|dw&B6kS07~XZMrS?FMV(
zHbI|fwX3@+Dq!7GJ<Q%UJm7fqZwg%LsuAVWPB{WbP#*VSc{L+_5gK1?v$U69zV<to
z+#@DTystt&eA>}ICgUk3g3Bn=gv!fyj>arJ><LVcX3kLlH(h6o2<HfmJ_8U4ft@z^
zM~HZ=4Ju+$LA<3Bq&-7Jcu4Sh##{5Q3w*AYHoH4Tv*qk>FC$lKZr=DG_ozsA(=lw>
z%Lv5!>^aY9I5yAT&HR~OG8@n?OQXN`VPe;`u2?8G)#t|9^&&<-oO&)HKB-tJx|kmI
zwF=2i8dNMlq`JCViT14>Rj7OnbX|rsa~wPE^SIvUh=_;>Y)D3ZeG(2}_YyIayt}^#
zGJXCwvmqY`@JSI85YXa<gLlB8tE1DC1t^iqEyt-hv}0pq0fzei{{9c+*%1Gcg&GzS
zk&IBcEpXEc4>IytCuK&QTW${<JHw&)^u~Y-DFrNIZS5skq#nV8s)F+gg%i*@3nyY{
zSE44RzV=<eRfvmAZBH+HGB_k8BsjQyb{}A}L81$6sJIv)*;|{NU~Q)+Cbq3Yfi%Vt
zh5``o3054SRB9+H+M_RRiUqt{zy?}(%}$1>L?nD~|M_!$(G9x%j>(EEwE}+d`0nnm
z$7~dr>}k9VE^;v7!%}Hp<9zk%6)o+Drm)ibdd=xk$~dJzxazaGce=W05YYPvFZwMv
zH#T^WS0ghs(}wF7G<?E~0thKApscFa!WF(dh9eZQwA=ygQ9AniiZu=<Cf{0H!JH~-
z*ASpBAwAH+L4YRBQ7HgD3E)URqT+Sl9w{nqkx>K8`tT5|Nzn12dmwV50qN=K;qksI
z1NLl}SbA%BvZ!H*r4RiPG@tD49v3ziEJ&F)_i--rqy4**ZC{q4K+4~E)M9m;{0i?2
zD++;#Vs;rP{_H9#3#K-vg+`*I@(VK^){>qm>Y*1o&bw3gT@?lQ3ej*S4C;SY>i<IK
z<avHQD?4=EP1V9p1{p{mD%P$0-Bi`=0L$dV2_5x)wRVtR(zNk=IlY8HQ7@k0yg~CB
z0e9*=X4UT|)0yiti7Z)D1NONS$Mr0h%<HqVpyKd>oHk6V&?kp215izzO0RPsNM)uA
z&C+?)lMuo;gInKyZNHv=&E5$=F-{O?=c0P>YADCq#)yP(er7B1lFO^ew)``D$<FSE
z=)x`e@X{9yv(sk^3^&)!=j!&+2O^kbb55Pv?dm+~kyy=Shu)VejF|AO&#&^x)wQO%
z2vekoZQa@T#SiX+`ct4h*PYd<k;NPyld<r>Wml9Rb&a&=O>ES>1e|-jPUYj&sk)e|
z0ixQhMjoUZA5pBkK7lN#C0~nn`vx=xSC%(hyw{#-)+bH?FHzxpYHQ<nJc4oK3hrhh
zIzdS))rrs5YY|3058Rjshyyk^U5ldCcc<^z{kGjBPAPnhN1%gq<IC8#C1;KUv9qRU
zhEo-ZmtXZ(k{ptleN@UeDxjtLb3C?K<ld_l5BD-BF?(XVh6G<$M`GJlXmJ{D^bzGv
z(HVlpGG76|D9&;2k&jW7vmJ=W_VzZQ-2{?gYGMLLU~GTS@`?Hk>oJ=Y9SwT)o@@kH
zg@^Y8%?1^|UXQCZA1+j|z8{q$AN<NYzP$Vhws9hpu1azH&`_kD6_CEP?-Gnp2D>K4
zVo6iM{{_u9K;W1_4;EoceZ7Z)0R`{-_~-J)MXot4hVAf>I;XA3-0Y(FfPN8=kT5AF
z#p_~UvzRsdX*eL@R8$<^+}u1laoq57JAlq@?CvHfB;+mtUWq?S1qbJIO3E#8DdK9I
z0RFyIzjbM7$nI#V8Tg>UbNYknH+)@ixDWC}pg*U-zrPoL3jAEn^|_)WKUk`zb8*pU
zzQ$IoLv;*zP2Sfhe<rmrEPVMwz{UmX860$Raq-zob>p&I$Ul!@VuCUO=MX4BkbG`H
z&tdE7jiZU<&sU-awiytMf;m$9?kmCc>LnI}8tasr!0}lR#fRwV>P}kq4h{l;4mhC(
z<r;n2mUeb6mgBh@85w}K6!e-^hp33ThJfIsM8EX`jK4Bby}i8!Mz(iy67V=hSiKUq
zw%!9EYUo=vwZaR&$z6psft|y{l4^t=GB1Fz1{`JY&YOX^7!wl%GWhGOJuxq<eH}iN
z`hsRlK;}=QUg+Xp+*shD(da`Y{%?_XaBFym5{soI&GdoyeOs4D=xba^h7ziFm5a-G
zV&!IPqSg~q-ZIaN_{ZQ<9)~mN{G$GbW+eZ^@02a8uInoO16qiPp=qmuzxn}p<<ea}
zGDwvsf5vCCoyUE7ut>`hwrv+-G_YG7{!uus@wq;q>-bKptj*?qiA95#`=I%&h>iWr
z3gg62_0}!#eIITsxz+>cr`WaC?;p%;M?N*`58Y&qtc&^x(&8vUGBEF<5BI-~`n?~6
zdsVv5X4s7}T6qs@r+zOy&eyt(y4f!wSoA$QF135Vnki8b#^gBYA6dN?T`PHXzi+4@
z#X*KBJ31fimQhJ$NpLPxPK&n;)ew2yhyE(~U9Dmu7uAd@w0!1X0sGBkxry98Ys%5(
zW^|(xiY9!yc&q9*A@joqI_l3ZI^NPGY_~Vom|3~hL`mAXbEa^L^)lz#>vt)3V@FWf
z50RxF>?^r%&o!zRlg!sRN?siu-_xl3erqFGnsP^m%wLx)mu~o6`&MX9j1gvxG<^cH
z`H>4hS==pDOB*HFMJR6Y<0FHWN^_RUCl?~Bo73Ukn3u(sLkp1}P+JCF<?o!I6udrT
zGlDsrM4w1_E3&f0Y;$&z7>dR6s03c+-ItDIPrLx#cED0p*VaaT`ZS>xTv&<&>~XJ&
zI4G6a+7_$$f_5bkVIn}lhA9l5n3}SiDT9HuT&<#niDxxf0s*q&;-{vjW@lHm<*w$+
z)rw9Y0(%O2e|HD@!*5tv9;1mmh>dDP%PIOICb~n?$jE4-X4mQ~U}B7g8>!;r)CAo_
zGk|&z6l>NU>kA#uci(~OY;5|kYl^j=0_il#X=!Nz4(B^u;77~0OwZ42pVv88XM(T3
za-KWj>`+ApY+#{N$DaeV`lDZdd(-o|yB!*g!dXQ9+({1DRpmudUD1YyhQdRHB&XjO
z7gKYFK+=H64E$zxcJ_1UFEcYUBO^-GaRpjp0Kj8mL7PNzdU;9X%;5s!B|wzKf7Ijz
zh<S6OlapmOi$RAxa6=|90=_HQn)mJoiLLw$d)B)<frNsBf{aW@OZ$c24O%kiWo&E=
zB<g5)S7zz4=sYlc{}?Ec#`kL>j?Gq~>eg0b*&T7A)iimc|F_$Rq}D-s(mhsqPaMme
z4t<Dag<y6?+GX<$kyDcLI2deMclc2imqg?4FF7pj1ST>;s~bfmt1u=2>IRZrE@5gZ
za|TU;s*wy12|1aJlboXC`pvgqZH@WPw=z85mpLbuXP?pzeHxBKC*i@|k>v2_1qBrX
zjFS9(3Ol^;0jb$f<(#b^JGq}IOs*6A2S^Wg6@HSCx2#+SB3@Dlx0)zCT+txG&b=mB
zw?N@Os{QmmpLU>?VU;K9C6Yy9U+XJSlf*oPDl(;%+eDu3iFPpgrfSVSXM*fpf4MhH
zagF3JKX)dLvtlUu&f?}PxZ4(U_7YJj-Ox;q08lo{t0aA<_`vrvqu09Vsnb>tKL&}k
zaO{<TT+(j}V=42~)zfP>P+q}HRdy=Xs@@sMF|d;pv5i-v9T&js8luO(yduHSO<^2|
z@@OcQAV#D<u5=NedrpjID+|@AKDaoS`?#2gY75cqiqxGIy$cfyaM1Gs2v#I`bFM)a
zYDn^cRP;LmUSBK2?H!gURAmzctVZGhA(()6;G_<NP=%73FrpVJrui0MHou_YxvDJK
zpUll?vHq;laqkMyAkTw=%>&#?b<l<e5HF~@SgWXv0o`wFWAm1#L94}^*W;9e@HI`N
zWtoWCi?^YEF4ge&?VwOFJ~p<0aPaKevr?V<ENbuHo%k7}Jd}N1gxq#tH`Rb6dJ>^!
ztR$!cA`~lF-j9sb)FC87*=l0)@@O9YOQ81NEBABUk~Sv;FD*HPFfAEsU~g{^yxiGu
zAZvva-g$9xVU;T1>vhzO2nh=dTbw~*<G)z)I<my=Ap)9z{vhN<_Q~btG#v;sm+PHE
z7fd<-MC2wmeXkl&!~DH10;iHDdfx5>_mJ~Q8s2XP!~_)ry1{Yj+aL*L-Id|VHG-;g
zP<COL_*Z@BpZGU;ORY{_zNICpY^7<wD<>NwqV*N3?!43LFPq?fBHi;<B86Gnf2GPZ
zj#!w_{w9}&=81@E@x;OaHbhdh{FS^BL~=6h-D#d;I%)Dz4WGq#8QefxkNHjaA#^!N
z`muyD;TRacSg}S73;KgAOdgst?mJlqf~cXz%@`0fcC$~|8_O-aYWzdCByfH!>t@>8
z-uO1wzIxldrZ@YgR{GlK$(q{bDiDaVF~kCl0sbwiL=Q8tu)vem6gkc{`S8`d*Y@76
z-#X59!`c!IIjsggvGNHRweAZG@CL*<)kF`(9MI9Mku}mjLRO=?I%#xBT!*nfKGdh$
z<ROcS`053uAivOZf=AmAE1O#Bi7e3ly|EIf2|smW>134z@jjJ@8%5fXTsr;AT1=Gg
zuqiw$k_+4X5u2vL>2m={Teq0+hJ*WrYZyQAG9z@&^p1BYTjsx%{FHCwiZq{Iw|*Ex
zWk^#9fO2lk$pRjr^Qe+Lt(2Y#+9*8dI`g{1wCE%}hse-*&TwLz(x21l=LZn-S}uO$
zb9;9wV?p1YZ~Me8IOZbd+gTz|Zk{LW(iW|l2US6Uvv+QO9ynu#n|5yz9ARx7kHZVg
z95-ajHAn~u-ss)MxpBexv3cb{xzX@@2&*}1q7OZAf#c!*cz;={*9_g=-7R#P%LNTx
zb2BsfoRM^}{tyl#DQO@Npqa+GQzRD-VlY=_S-6+Ttgk?Z<v2xG>=gs_Ywq&|X8i{o
zBAIteD2mok3s-iqC&uW%iI^?FrBPN9BMS!sSTP}=u9s-dQwU&HRiniLXRsKIj7iD>
zgeMZ3VwRS#AkdlFSr;vY-p5L}t@q0Dx8!ZDs2y3a**>r#_Yr-d?a9a>prxhGbrt=t
z(;yu0_#>zNdzsw(R|O?Tn;}%mRQ0kSk)H;L!7!ovCmRL);v-<8HD-q!xW0dHKw=&O
zqoXW*lvwH&%AS5IFzhkpf17;dGemeH)CZz`PFw?e!2hOgfTFSArsd8wb67RZ>E${$
zKAzHG6lMVorhIef11FEurks^k;Sj{DGm?l?W{cuo-ubAWBNBxl1omGq$71m7c?qQq
zI5XH-@%G_*=0cBv`C1sv?aG{qsoC^pEecQ({_rvK6CJWP`I@;et7V+~L<pDxxGmib
zmH*HKkXxHofbRZvQ4<QcZDam!R`^Eix#Nq%p^s$G-r-!xioqA(Q}%kj*7|eIEp3l7
z>Dn)@)HPLJ8)&I%Rb4ma+nNTKhqEnC=K&p9?6`E=`-2F-(M=8fmP49spF)`ac5%je
z<?!vpKvh-Xa`XF*Q!4XzY#@+O^dU}7{N}v7hwRVk(n5<ZYdJxJ4e3%$tzSHAa@QhK
z;>E=&hZb~qS%rn3Klgn<(rljWwm){>6_K*P7cMQ$_V^_zDCj)qVN=}MO4mktrsQrR
zeJ#%;C9diH?#voL&it{-S)}e^x>ZqF(NyRx^4%s4$T;N`W3V4tao@E<`xBbi<iyv>
zT7*`LDCnb-o<1EFjlgg`nyZ%WTx<v-*P*tX5tyD2`e4&xboo7bdtc!FyD_(;iRJvW
zlvdxC+BVbG!az+;ORpEV1%ikz*6JNDqr!7tpi2@w2t{2osIoDE_R{-N=nsqW->3|@
z{vsK9^&z*2#I1tIFj@vsxQKTwlIHx3mWDTHJJ5&gyuiSY)z0u)$Ji(5cr&ZvyS(Ca
zx@G49(b1UiR0~CHZ1!WRWbv5w1OOuhNP8wUd$7EGnN1aF<3aKA<x36@=f2Ocb`f$B
z_f{_s=I43=;RIkqQEVp3w#rmY7jk}Fw}8JmS{4S}=I6c2iRsYvQfPFZLaGt@cFBW*
z%{hD47R%+qJPi)AkB`s0TcP%_v1b++0m|fLjkI$7ZBwFE+F%l(6L9)OL?G$I>ZJ}(
z;RC=-9M$pu(yB%Sd}u-1Fcl_}imEE$Ou!~0DpZC=K|;br4(2Q3N=r-IW!z4py|~!{
zz3{63jM_CE&`DTr8%GBRi|cxWMq~Bs0%BGpcuV<GNff|hxi^+0>(bJnwgB=nT-E&i
zF2GM5zh;_0dfB>;DFT6k|JTbe5A>eO7xxu25tE27zZTCV23wA<JYDtDH^%36ro_TB
zmAJXa!crDn58^1-qOi)}>;_}29J0@*kuISj=D*a;C8GAbYXl9qZ$bchzbkqyzHKs_
zV{_p#<?u)J)9@C2+K&VcQpK}DEUu8etk4T>X3P(rMp->Eh?Cft=pW!={ex~*Tne=|
ziprmHP4HlFzqrZ4#wx}z?w;EIbyudkZ%7?<O@)ai5k=yuFRM9fm}bNZn(xxNWOShN
zl+1D;2$C}Jl&T#RJ?`EVxu1t&hr3DEaeJfFeTqT~Z)Ik}M6z3;ZN{1{T`5D(zU5?a
zq@RCASd;fY>q9=E&Xk#Uo8TtdjF@2&KDU=`<VJmmB9DaxKS!LRBRFZ}G+5GR)$8}u
zh_&N+SF~Y@XBpnx+B^wRVR7M3K)!|kqC8jJA<`{NFL`$vP=Giy9}^_@{Pw_Re=v}d
z#H1fC9FNf`(UX+l^^-2vX`Aj(u8-m2;Smw0>a#&1Ar&ro2Y4LRQv4aLyhO=`-UV7b
z4!<CljHiZ)lj~bsd%|)xdrZ0w`85K6_K^~rA{51@ZD~o*T%=hipA00FMxYuE5|`;H
z2Ykk=#!9Uxvwk;XG%oum^n&k*1w#wSMovo}@ZRFjbfhzYs)-6eKcDu9hhQbh!{&#f
zq;)<h+Nk1t1IK%<?*G~l5Px$n1GeW2T-I?niN6Ksn3^QJ$OPi!6XLn1O%`Pi?B)gp
z1QPrXaW$Y|YfUZdfGqFM5;6m6?L+l91g?w+mMcVS{|{igH8uf3k8d|&qjQd7v^)|j
zDh_fmh>mYBm!U3CW<obDq6`6^r8|<;SQY}Fl+`3fN)}cfi29)qr|J68`**ZBcsMvD
ze9jg?4*5_B2VH+mo%6XJdhbm!UPysV1QdYCSlQTA?tcpsF_y(;FGY5V?|5WIKZsT|
zTYS$pgbH|FF!1-}0t1%tVFGb#E-Y)4j+)OrmXxd!TWa`iB}}H$%pB89jy6aD?)R~A
zv3Q)AprC{Uxwo8F)AH>F`Ij>N_n6q&Swf6}lRSr7##r733lkHQfM9!P#}aC9U)qc+
zlV`^4B?t=(tLJr44f^!AcOpr@-OP>>j*QEKM+4IJ($fgTD!Lc)y2lugdr|*mdj1$8
zft9w-nUGH1sDkkGm-l48(ej8Vt2Aff)A$yzRquP?_>eVH`CRCjnWvXZmUKKkc-It6
zW{zpyLJX_m2B9@0$8e#B>F|mnmvf`bupKOO{=gTgxRmrc{(%UxBD*l>E9L3#E<!GE
z0*5?kU%jgLzOD!kmXMb21-{4Gw9bb&j{+7LQDB4$ARz#Xk%WxwVGcA(Ud&ko;%BfZ
zW4>}O)-*Dd*v*$qUWn)<e?~NVdwcu(ws>Z2K;yE7HisgD#SY*st)l086ZBbjZ)?1>
z&Z44|8~0uG92t)S7V|5Ef%7UQDTy51F648g)94z3R#sb+lb2U}!5wZ$aNY(=yny13
z80b4K5^l>eN>IZ&J9BpBO_Kqq2@DJbL1dS}AA#w32?+Vc#X;Jp&g+s1YY^<e+Jd#o
z%G5JGmbt}Zo%&cG*=GI-j}bemEpbboDgdX#aQ#tKwOUH@kGcQH@MGYQyuVF<$dUu<
zdq!lf;#CMM<+HfRIe#;4iWkO}k#qEAT9W~NfT3fSIWYXwCue8piRA!bUSvIad3d&M
z41uK(gJwqGpVWcc(B4j#CRnDi(-QF)nhnmDfcSnE;~4Pa0QSIXyA>E}I$&Oegwj6b
z$|Ys7XRu=MZEZd89-+I@wpbD8obP{4CQ+%&F&QBK!Vn)53?V6l5lSb=#8gsI$@&dp
zxHmSicN*7F&v}n;_~&vr)aNiFjP^9Api@)3x}eevc!ejImV5ze9bmp72NMgx#2cZT
z?QDr~yd7^OBEg>m`3+9a&Tn0|R#wXMm1VWu%lwA)A9I<m@I2Q8#s7~j`16zd54b^Z
zl*}ixvi;Bp%c~*Ti%rp*I}S&2wWu_9R5bZXxEt+X4)Qi|OXnc}Fw-3R!-=DDq<3Vb
ztN<8ThFkGWkiN`yHE+!=4i21X^F1{HL;OIL17;_JRi2-CSqmsc&Z|oEP$D3=?#!SZ
zRai&|X3sy!hY!|>$dglRPlGD=7*c*qN69;2nf+3k&Z~tJ5)$^KJk4TlMZNUT+g>Yt
zCbNlZhI(C2#g$i8nZV6;SoadljQ<dd`ugV?w=W6LoZ#h$%`cpsp3W|R0C|U+U_U=U
zaHg7xq6l5BPGmGR-3pVZja?DC6Bj+Dh%Pp6fZrKZ*`_K(6tWRq+b3I7%ibA})cw+4
z3P^L)=6~{!z5M5CX`O)nM_h#OAWf?F_HDke3D2j(3lod6C0zne0m{KMs^x?#3J3C0
z=+g78XhpR7)3+FbG;o7V&PL?g<DWrI;p+#n*RN;0-&#UNnw_@LIfc3#s6q?u&UYvA
z@bJJ$B(QhP)w@B!^{oJJresoBtM(g8s{h@ccg<?slIBz_-We23*`TGTudJ?~bWh{c
z<}{$ms}7_r&a1RWoYC%h8?|5tw;#nvF7|CHpsR(i(cLd>ccwf$%`I#jj1iGXQ*1^_
z?NA*R4gq+Q_|Km~7N+d7!V-G4(m{eSui)U|AR!@PVUZ7>%MgtusH-U$qws$LvRtX&
z38#Zmj9dm?^Z|j0e0+%pP`|@Ss;Q)@y7~GEL@?(l4>2SN|0#1(0&Qc;ZAQ-JWo7yK
z`AW;N3G5|WS`$iMtC;WeQ<EZwM>u`6-C8C_s|)blVG~=%ecz{7MbbD>3^k`9=5RCN
zbxT+{XD$Y$VO98l`h<F+2CV>Pm=MDmjQm}Hu=AfOi-?GzV5pjc01YT~0F>-cU^FH$
zTWJrbqN3V=S?gTW=6bNRGy4|5kU8zoh6%(*4!%Jwu*#eby8)$`>Mc>1ZcW(+C5*Dg
zg4*0l1XtX5dU|P|6wJ&~e-`W9?S~rSjL*6A=!E!AlGQyl(MLfca%jc!lc<-w=gp*@
ze{%sl1x4G?5EBc_G04LMbv0~gRn@k%rUpd${tzVK!g{8s6D_|!f~{s%>u`VL@}i=)
zR^8Ubx)dl}`3TYb5iOoczDrZU1zylFE^S`9KU$8jr}`{MYax$RN%xo!u|OWzVz;X1
z0v{3jKTh1gHf5?m9&TBcriKPcOk3IDsGE?>5WC8pC4H~SGQ^F4jupx`dxe_hpuw|G
zyyi+eshuCg+AL<Q7xw?q^_BrybY0u9qKJ~x4N{^Y-K~IhNF&|d-2*BqogyV5E#2K6
zC*7rVch|eU^m^XszQ6CC9}1jv?wQ%M_u6Z(b*$r%+F0lHCQz}CAbWY6Pa~n~V%x56
zSlyjZ{BZzi2_d}&@~SUDUSbp#XsyQmGi;3?l@}pF{3$T{ip%X%m?9w{oe~oUluJr<
z2k)$XJp01UUWPk8<K?~9MLi;Wu&qWGQs|;j4L~_e5*dg0Yu*t@47}FSSp=49@@iuA
zK>~-h(cYDU_T%)S51T{!x$X<elfoNB$s$P8tqSnRWrg!_>f*YM;!&fq+T}LkZa4uk
zv9VB)FgXH(KS&aQBQg>rBmr{@hc%Wt2Tf}YZxpH~=~hfgNZ5Mf0l4D0D*>S(aN?yM
zQ)^z8KiGs&k|(i!|6?tF=KUJ!!RA*69UxkjBpalwS#x}}*D0cTzIDYdGPM7KR!EO?
zbnYf3b)+QmQ6I2@5RVhazI#2>dip}`32CPdK}w>bm_#nE<V-Y=z@pXseen@ZR-Q*Y
z_te$o3!mn|U0hs%z(9FX(O}h;EQAZZM39_Ngf36O3ixYjiSE@augeYU9h}K!!1ANW
z_UfbwM1pp9cGyVbzZ)ZOqbP%l?fkC@eD_aj=UIc8FQAJHadGinGfneaozH&U4|3U6
z3N&)i!^J3bub8HC(?o!~m^>H9mw(y0e-E==##baq4ttO!S>!c{_M^)4*jyYMo|Yu?
zI9n+xVbAEBGhAiD<uZqWCAVW~=A^7irWXj@I3!DtF-)WrP|hR`FgyfQ9fSg2bpxIZ
z+93aTi|Pd^mbf2)ur+~mMXtgPTR>o-t77AOu(@Wh#iIWgOz<Dw%p2+LXN0H<a94v~
zlqj8(ihS?nZ0i?COUkrA7RKC+@7I4K(&IFkEU4ca%x-20J0`f33|o{%k)Gk;JxdZo
z_P0vn`&#SJw!j0$m2;5a$kq>WJ-YEZK0XFa%>ZTP<QpNf2;3FSKw+=~g9x~hB*rFK
zPz&Y8<CzV6K-Wr0NKDR*jM8aT73JniyubqTUE2D{z{%7Xhyr01ZdO*sF<+1aAJ12B
zZEa;!Q-GhGj=fX|;XN?GsnP&Mxx$R(_~9g!K}$ee#O<)osNaDc(k(Yp@9rET7*+$=
zgaCg(NF1r?|8`R!AfP_>Z2^D$jWj{C1Lg?8i5zWgfV=OVl9J-~jFt5m2!;Wx4@`i?
z`?Uz!Xr~Qfif{b9rybl%;9YU6n>ZnlsveYqk;B;+TREuc%{O5I>c2cMVs3FJ4*;Z7
zMn7^&C{~PeyN)mSP01V(lQMVU&~5nyV%zV>k}9klE<`9XfSQgGC?_Gn)iN+x2HV3*
z%b84LAmwqU_2x}8zyakSeK5Ww;BB$@`HvR{=7l8OG_qnLzzF<YT@?`qob4)X&R3_9
z<&Gz3N2Y|Yl<_wO4(+g1$^IXSN*vhC8hV^<HiQtXfti(NT@g>s;q{(d%{u|g6K_Qt
zx|c8I?j))*)fSH~0Pw}a$FFnAv@sz%x^14(5olXQQOlOhbOz%u0o2?)d<ske`0yz(
z2oMyq?bhpo2ZPS$oPpj6Frd)*7ta%|$#!Loz)v>^M=$~HYP%KS*b)&Dx$q`$zW7ZX
z?64uv4x>**NAv}ZymC9khk?VKHamfO?kOzBs8{!%E4}ud+;06cc@6ZnfIb`Rs&;)X
zD9rEz!C^3Zz;!k@Hnz#o@R>hZ((v=&0yT#b`<lk9U7m_AatI@E(wH#kRI^wQzP4e*
zhgyP-Z2AZUg;Qc;40UyzPt6Stl@t}f&wVg+0nrKL-=V0Vrn2RyfrGB}qphG!0VHb8
z#`fTO2!UO=0cfN=79g7DLnh=GAWSYGAdut(3>%0w0Y-e_<K@5+7>~5H2m(eqUqPTu
zWd@CA1M0ulfdQGTI7yhIxj~K7PA-X#v1)xSuqdY+BmO&~H;&_6QJX5;AZRe<`QX6=
zVj?17WU|0WSm#B`#Q`c@14zj?=I_+hdTw<`U4y4ta!Qf@KfVq&r`_^n^lE^~WM_Zh
z<hGF!H_5PV4h1E9C#|)S_#6dmZ@Lr$fLAbC_g(%ukKtHMU;d;1@<Byh0{B-qbijH4
zP4Pe4hM>Z}znWlOQ(If=NMEs70y0j()gMbzZoEG1-70J>&>|QlSq6f69l`kNEUjxt
z6y)U3WfHrb$S?wh$%lflX(vTdi>bc<R)GTBNJwP|gM?(j>(od<?z3<ju%>+gH#C>A
zf|=p9$W1L#znMz>7zKqGgs9)WFc8%O$VNpPw&$Y8&LE`#UT^LJz-fHX$|_VXP6Nl(
z2r(8`n=;CzsDwCWBp6^Fot>qf1x#Ja(pWq#U@yK-^zq$`-}X{R=bNuDJjAmIgz`)}
zCy_G2`{VY{;zm57FO#H})-2mzsR7Rh#$v_knI2HjA@w>>%?-^Y)`6AhmSx!^Zwe{F
z|K9X~yI(t+iboF=-ahOAG<Yw0cxC`yZ*5T?l$-DsXN*&64lH!Z{GMNTLJ6SvqqQTP
zh^NTl{g1svBZc@A!^4}Lva}LLxS|Mfd9Nm(0mus#)ms?+9V0}I{=cF;za0b<n(%}K
z$$p$7uz>@KVKXzcW7Y|aZy$Y?I8yMP8t#mB^!jYXP2V|lnIC0Dk2&5cR~ErPOipbA
zzExm07*Lk3;g-DNF)?6Yg^h)E+zIyIWm9kX(|u~4_hO@?kHKn1hlcUrPKnYY$lN(V
z_dj2KxvbSx@}f5sH`Njhn@9^Vclp_bJABwkYKi-}EXh0Bd1m0*j2&<qW_x?h0X1f}
z7T;kLu-DlK;>MOv;r}~q`+Fa^4xz2T(Alsq0JlbmCT4w;bhcEBHUbBB)n~xoH-f1j
zD2#!PJ!XV(vHfTgP8onQ)k!G-+bzBPy~##yT{jK&JV%0iY=Tf$n8?oARe_^J`r1lY
zw^*kc?zCFc(k2{c^^B1*{04Cdn^qY-H@P?TpJwu#!0UV(opN7viow_i1S&E!L<R|n
z!17zpRB&-~--3d@yQ_t}>D6a5F5a-ULe1J(x;xW{{MY-fu1BlrL&hnd9a@Q&r!W3@
zbnf?i8<g!7n!P&N%1UBkV~goFa3c_0e2ZFCC=E$V&m2CRQS_#({p9P5K7=N4%?Q96
z;O33V_klv?ZzCogost4=3{yE_6JE_lgTf5}iU&B1Nx%w9D1i9i6MYoyVuQYV23$oE
zJ%xK*_vJpAby$d07~P=h-&p7hF3@z5UOVFN8uA3l8kK<6q$`{ZEM3CUadFfbfyzHr
z0gNoOf>G?hn<jboO{Np^2QW;z)Bx=Wve3!T!ISzRJgz$#R|n%3$hiLhjGl+d9*dx~
zYjhj&)d@9z{Fg8541Q$b?W5sLHb9<N3ZxJI`+YtxYxZUjO+EuT_Y;-g|L)8`b7FDm
zQ5grYWB@4w(*15<h5p^u{m1D()K3RN*g5qb(52nl+&pIW|IZf={TodPqj-i9xPEJ_
zv!UuUmMIeapQrsfs|kr@uo$j)WJE#M9>CxLF7m&}^PjB5KId;g5j^h?YOZJh-HCs0
zZxHiY5^d4tF|?7+((}_MS|TI4;y-Tuf2QCf*#offP|r2ONs8W=ys^CZ_wc69DJlvl
zS;Z0jzkfl7fA#M#CL`~f;Ql?8J!Hn>!_BIow-FEx%)JYs1zc+X9BPnY`uA`77jQUi
zH}#+H(QM;BG+7_dpNS%U^7jm0p#rV?X^YIa@IOGR%AW+eE&$I@u704e&m)M!C-eO3
z%G{zk-YlUEhV{=knm(t$g@2VHe^J$WA4a8gA1Ip90_SK0^^wDLr8V%CQZ_{sb1F7~
z?*d%mO~@GWpRX<Y4yVDzUUCz7$Lbd*g3?(&@Fj4LtUKp7Arq5zFy^#eSFp)1Z_XC@
zczKgg170HlZU}M!%+>p!D?fsN<r1u@G5}Z-If*=04AmV#m{Fcb0o1UbdqQfUY_yyM
zpcG3O0IVMo5z)p8$T)(lFSdVz!&!H_JT|@Y0oSRhW228V*U{Oxq4?1Gp?B<>!du-h
zB?us=l=3As0R{?~wZN{y!TmtAKllDEzlo*jH3C@9J<e@z;-jOnKrBQcoyOCyTH{BP
zS;8b-tXl*D{1){du%ZB?0mP?(Dit7BHsqLxs%%?_hleL7IKZmW+37zQQ2OAX4q<ry
zqX|wL45NPK!T^)={hwfZfdqmZb1tpF?w3qu9b!%9x2(Lot+yS*4!R>{+39>~>>Sr+
zx@vX(C50mDbB!O5*CV^qm<WxJt%inPvrO85zvY>CXjap5*iW!#CvJ2p_2cG-&Y-QE
zu)8fo@x!!_3k8jwFHS$+r`ta02+h%5`05#p!E=}~j(R%K+%=>f?PoE2^~Rb!lJvsh
zJneI#<?K~)fqAOQ*q3g9x58^namh|c*$vsK4(rVl&Xqjf=lSzz&5X$DiZrw|G$7X%
zupYuOKUr>$iw+*E+<GC|QzZuS5Y+!OOid(7et2iRkkPDVC(EkRknr$txQl1sLUI1=
zkMAp(SZ`<<y44x+v5%xG<m-01HYJwUOBGcI`#ad<>5@~21^9!~;Kr0<#u?9MSVVr+
z97;d{7_Y|&Wh%QS3iZ7|ZN94ctZZ79pIN-@tV9?Zvww?IPyAUJ!sTk%6;^>^<Da4K
zrj;l7+{X{UkK@2czAao~0<XN0>8nj7f8KaA&!cG;dPmgAziB=*$MjJG%~FDQrnhm$
z7dv^s-}NZi9iQ*@%T+DD=%GvTGt|p@iyA_w6olzBA134xAkRBJtwt^(CZ@vyAa?K5
zTLR#4{&~rDUm%iooR++q2DKRF8G-G&1LfgFzQ*e+i;(`a6cm^JY0Np^*dhT~%bN?v
zGn$G$(u22!W$Uoq`5PmP%8@*bA1**b<;KuqzN<&|;2lciw^1Zj5HV3N((&mqukg-*
zjK%~kILhJjYTeN;8?tAcl%DZNiGF;3v6kOM$GpET2Prs+Y?7=R=)7~hyt1xb4a7Eh
zwSU=omUYU;%=ipAn-3nmJ@{$eIH&#NnLbkC0jV^x4%xtk*A0WK-rM}*XXkUS`g0rS
zxTKVXJmFQj5)xX4XpyU{8rUlMXkRWiD4kg_NVU&)7<`q4JLdcbJRplO|0?ekPdYW9
z6Ic=fGgRStbcD2Rh`(-BOsmoym2~TNJCGpEA%GkW#p77Io47h?tS-bDjJMnCIULW_
zYt>LpKfPHgxb6u}zC%~umDnm-A3W5`a=zZ<DZLQ7uEEXs(ih3x3DAnEjyDXV=eKXr
zxc!<`cRU!hURB0iLcF=abT*Md@vE}mrh$XC0{YU5dN42Bxr%mE)@Ll-*~kJLb2v`q
zWVp2aDJfC$I75+Ug+qR+Vb<e(R@!%}S17CRim`3#6Akm-*~T4eN}eK~v+WhEj$vWT
zS{%EYFzv2#OG6r$^p2iwJ6ZN{PXwe9!2yt4AP+f32cU=g9Ff!FZ|(zC9&l(uQfP`z
zxj!Nz<v4IjQ&ikk>wdKeglCyBsL;&NN`zXeHu9Bz@0m>VUw{_eI~RJ+TQW^kmZy<z
zBbHaR^2-n1jBl^W=CWy=Zw^mHKU0>ADAPBytTyU99w+2e2~#b|oR_`&=CQDcN@@j!
z4;7a4lS?RJ)>9ort`VgQudY8q!z|S*-OYDNXGZ7FEXo>uHM;HNeHbrc9p=aGd%h=&
z=*1~JcmN-5(AAY%DSfbeV=z`L>Pq(!PC2ibG$GLB;&3IGbWFQcO|@yb6z+54WwivV
z_75c24U2+NeLI-fBO_6m#u8`Dn&u8uHgy)a`OSDOMQq!J+Pkp>L(&2Wrgr0VKjOZB
zYjxcXgwSV{A7IacNvc+5AseAkNeWf5Ik;+szm}^rzb!eLQ-S>&RTh7UqzwIf!N)4#
z0bLx9F%<+Y^%_y8Bu#c6>~HdQM5(k@e|=eSU1KtonM_DN7ed-x$7f%rqQmAYbM;C3
zs5>|?0lj3ZZ@j;g+NA|r=EpH$>t|qDZR;&nkv=-FG`aivxx-6t>jQReT${x$m+^5+
zsCioDin9kFO;4fGSx=0xCSJy&mZ5m})4A)bflq}KAp*q)s~uHISs$sRJ*$7&WWcr!
z^?8z2F%`OZzY&B@7pMuu-1JLnRahMc#vuJlQ{k~pS%@%oITE~v>e_3uyh_tE@lz&C
zjM{lciX6S-mi&bgQ>yc{ICyI8nhVZH8TTf7**&UvG&(2J)2?ZpI}On5`*@q-a9SCe
z<A3~9CL~vWkd@+v_~eN$-lNK=e=I8RprvZP=v_*<^J<oCrc@%Qd3Q1f62sj*&UemI
z-HS~r(>-TswVq=j^?E(1T|iT3WQA&Ye$VsfgfroAHXmW&sb)W)Tjn^e-jvFb|9%jv
z1&pThkd&j%ugkEn1s}*c!7|wy0DWN)%lm41+B>rPkidZNR2crwv7R@{amVYMV=q?}
zOFS<wdA%mD3vq5zgt}#WE0g6+P=+Uadw)rh6gEO}Lqbw8q#pnUTu>02uj+X`BuY@2
zP~ZFxsEad=<|HLlj*PM3-ti@<%#X}W4c3JDv+ivR#J!!Uad)p^sY_H)O+H(?27BSY
zFDdV&R;cdq?2x;>^;I<;d@fOrSUFf(%Sdk8YaXwCPScyv^%)0#+fJf3@$;%@G;GUw
zUmz|wo=O(hZ39!?+4?Yh9w8z7-p~%`yZpN|i}{PgM5QCp@WDK;e>-Khlls|uvNd;J
zP|tHm(%Ufx_i_3VWcQ3K;-TFy0cTJ{AEpB?UIcofJ8YLXJ$Wh4i$7;Aq)dB+ex9s7
ziRW;5wlrpx+QLkSbZ;mMt`@VEF*s5e`r_x$&x9-_;^~LxjKO)bVfw~-cQzuazdrlv
z!%(!NT})2Lx=Oj$)>Hy~e5Ss7Y2;SMHas@gQ9j03gE{UgMMIv!G_W9v7%8E$7j&h;
zb=001IOjd<T{%8=J$+@RJ-g`w@43riNweB$DfMq0vIGlWVdwY}u=Brr-FL$$02yuf
z-JMKm0|+)a^gDuewXeaixlxCUji4ar_W^4_aDNmlz1YGDLrR;)tWM({@)@i4jiJ?d
z|GpAaxp#MQ{8OuAR5Bv&OjFCswhFB^TyC%F_0>R!9WH;2m^ohN#6Fi?lKorPZZ6z5
zVH_p9^nvkl5n*0JTta?`!KUhFJ|%QDU?!zIY8v^8gYK6+VS~}FF}Zq+U{l4r9Z@u_
z<i?i7YGvA&3pF11(Ie1fus+9Y%>`5qv<hW-_~}|`;bTtr`*Zl`t?y{`uBhpb3FaxO
zs94WdMFeC@CuAOcMfsADpzt}x2N?5&8sG4)zWTzqzb^EH^g5fN0^#LRSUSx?SPOyH
z!c!J<_=u(G!UmG@h=A<Ol8!10VhZv!wYT}X@NYA!Bx*H5Fyll?>8!Abd6&m?=h~-3
z_<ME^SOZ4wiC}bKv8-Sojx^Sple(p0Z+AH!?iy0i#^*cPE04<D>BgADyR%!8ky;so
zWzq9Y7#^PwwL+e^{H|}uo?bnp5wYDXpGMNxr=alD4c^`Qs*C5he0FL=^dTYwUru_3
zn5z{JbFNxJL9(L*1#LwB#qze+S32|vxh1^G5D~kf9_KX@HY6fa_Sv=7KuNZ`D}OTs
ziy!=>)E#qknkOj$JIV0sm4S91F`BXtAW{I#KuDW!tRS*ivUl|KbLV5SnT^~-S7U)x
z2YdZIU({Vj-k;bIP`!-zt98cn>k8;y0ZPYKt<T@T(O6D<HBXzG4)<v#t#{Z-A|rBl
z$DD6}OiRF$zb5cy#H2rJg#tL)FIzb^oHk~*!`%<hkE{f8KM9gk{vIw7;>zn3tYN;V
z5)dt62vNhlWrRmJu*uU@c#Az!PdJGNg7H~E!BY`X8v)ZgyHPo8BV`K5YjSseGdDn-
zcj0DdqeED@z>~N=Aq?+|9_wj@xxhr8zdQqq*GOQ&_Vsnt5gFlH3C|N=4bzo_Ml-il
zR!q{si>k$bLr>x*g|I*bRLmFj8JR(v3+pmaxwMn%>L%Hw$9h23g4q3=axP{OrnM_B
z5(XeH`09j(Dz4Yj$R*Yfx^rF33)?DuR6RUKAzB#TZm#KSmuoC$OR-jYO^@TcmK#iz
z6-+pvWz&8pytB0oC+qxKJCyQ=4D*IF)xkP;nw6tnby_Hy{CM|@-CI5(MQz%+-khHh
z)ltdd*!o#|0%YeE;%p}AMfYSAYjdf1XT>Z!x%{wnjI2R<rPJv~yzY$^T=jKOq*x+R
z<@}Cx*2oiTGrC8$PZUF(&vs{a;@aqXEA2l7%Ubf#loM>PDJoZqNX^}`n3h#?(x=8|
z*JSEuUqRd#hl{yMrYJ%&0y%neK#~9gK|NV#=d%XSJ<o-QSC=5E2@<_oW*C2WkKVW=
zAF)7uoVmv1w31CS{_vi0P3*xH+b^`zU7d;UsFZ^%m~A(Ji!GcbQ*A{wIQ6Jy>Oxd(
z{MPS1QrB^&f)n@E8r9WL$1%iLB&c9r0om75GCz9@k4x}5e@v_@LDYxcu7|J9GvvFy
zba-kx`13!W%~5Pj1aJG-&z2iAm`g}aM_kywzNjd~w5mUBuQ8<$({<7^0A^g66-d&6
zoF)L;>yH0;zgehMEGpkbp5;|A+(zp;H?@{c=zd)KGzItEiJE+q(_&!z7dDdu8cmlf
zqm9$34h#2i(MTJV{Vj&pSXv2>5b3f%ex}g9bN6REEsoT*ct;1^0@@lXtGQ}khQe8R
z_DdCIFJ4FL2-~v=Qjz+uF<P^!c;?eD4Gsl*{jg5<LM~xm+N^J&@7(dC^agc0DFP9e
zoT>}rnTO6sS7V~69qdn@s)kpoTJYLQj1sCSQ+ib%dNe}K1<Jlz+0{I5@Dyu(F9QOv
zT;CRN6*b5>DCrt`+|7`RXlfQ;bTx-$nTNb0^30M-nJ*;MS)r+_;d)-&)1u$AHgbhO
zlF{MmCi5OI<DA}WCdk4!ervHBY3-PWefQRAuy~JMHYt34nXD*HuUJ)=*9LqgSJ_Ja
zscWAj2vJfPR(fHO$^dLLK;=7HsobIejUl)&&DG|a185I`QjfYk_zaL7UjC@Wy9<(X
zk+(NzwK5tFj&ak@6=zT4xlfc3^dn=hD^{-B78vH4H@9&ZUB|IVX=$c;k4l5JQf@gV
z#i$aDy*%13(m#m-t!A&%gERBC%Dpk@z1?BSk?4Zxr3O#cdavag)__9e`|I48<Fmr7
zf*$AO8mEIi9AO8`nJZGt!$*$>t1&0KI*bnyO0|l~-*#J@Pwa5JzBe=2!DlvC&PLjM
zA~lYbmYw~3!wjCbe5H1;A%Vp>w8Pxzb$DbX5T<y?RR^~CSy@?bJYW~P4O#k;N0@*S
zba#8Thsk}<Bn0Ry5OdiHzrezX5TgVbgL=oUaSHRBLeF03q`gV!$!DTH^F*b2o8@c^
z{yZBqZ#=eZs|2tL9{5+Q2VkoF=yM8^Q01(eVhFg_@7|Iu{A6*>Uw1`8=sNRz9|*#n
z#s5Y;T;(-2^C3BTojWwI6U4Cxo=9Z2JC8(P5fY`Mn;PR{6~B5R=sD6GHNO3&t)a}^
zL%ac9`yzKwQX*q6;H@o1KmcXCYxPBAQoiK^b=QPO&SfqW#gPv>X+5cJp>BcZ;FUH!
z8=s(y>SoxP7s&BDHe})yHno&Quz%)b3)_0g<ys}bSpZeRFwH|;=6L779A(aLVxvEq
zy+TCo*wKinsUGiYVKW)PS}@8}VZgbj`Lk$z-e@NIb$cF7q;}S*Uq0Rt)q!SF=r(EJ
zinm|ABVGb<0lC8m1`cDj+n;fgV?ne<l;xGnD9K(9lM|w56?++*y8{vD&6dxI`c!|D
z?-hhrX$Q0<ejhHeW#w?nDfon5@wQOb_>#&sGYJw}GLfigXLNM*&sKln7`>N$MMc#P
zNJxAa1Owod6WWsruHE=(Z8HC9VX^&Kr}Alw{lNS@KNVHRlvF9M-)5_mre@M5U*MqA
z=-3!~4>=4q@#UZEF_o8NL#l(y00O;%R<@k`jzI^XuyJzXXhJ#F`vgR_{&AzdaTPuz
zs@_8rp^3qWNKgL<S6tQ!CvE58U;x7^^W;?cr?q`O!TU%g6ridsi|?TcJosO|(u!|K
z&fBWeY7RhH+^5t3Iq#m!F(^r!w|Epr^}G4s@uz#<?D=nLi<a#!mPinI<J9DZ;QyR@
zZ?F)A-9XxiZ`Zb|bQi?tW!)eD{b=8#1w5+$XoIIa;HLUbIk)5U_oLSdBdJ3EK>iIR
zj4G!n!Oj2MTxP2GzfIq>B>4ToKi9u^Z!ps~`Sjn@?%g|XM*M#S5>ftN5k~NVNy28E
zD*~!9?&rLfwo<!85**&a0Vz=_<swf*dFiGyX9OoR@jSM;;V8tuk3#k51cVAmkOb{_
z13h}115&n@bW9az`4q`3<?X6ncGL042{^mo$S;=s9r3XkkLG+l$RiUcOX$lBawyDJ
z4s!Eqi`?6j5euC&(J-?sw$+Q*3f-8`l3C5apbV9_nnPGhQM#}qG$Hr(yODiax7iMh
zqwuiK>hg8jzg^fQ)Li)#5=@{RkdnHUG~2+&Bih!dVCb1l@{l>*&+iE;Dg8{lYc1wP
z&&720H8mZwvH3<=n8s)-o2lw7FCZD#^bF!S@+V!6QqfeqL_@z(aLd0mMf=;quW^4g
zeP9<?rl1hA_eoFiPm1?%VlEXkk{1<@MDoXsLMo7~UacU3n#o!dM{x|tZWL^uG1X^l
zbd;AJp`hZM7)v<bVG+ql2smp>@S0cZlKGUhEi;q%sNzzmu=5q^K2b>eAtI9*D?@K(
zl~hO6-~V>vg0g$2Aoe&Wb5Ev+HZPX&@P`Imr=Q#Y*6mBqaF_4dA6{u{^z|U-&CSR2
z|HypCcT$rO0{Qosd(xgp^He9OV8uvu4O_NN4q16b{%(X@PFde*OP3Dw#&A5cT=Lg(
zm9%SJvQx<~No);Ca7Prgqj8$u1ve26=gS#(_!Gke6egpL)GWERPI}JrMy9@rQm>M(
zg#<kw&elLv_gpIe#S$E%Zi_QS+Q3^?I6^gUOqFFna$eBq;hU%_Yv}5knyQiMuDwlk
zKDSw|-jXk<E>~a7*0oBiQncR?)3cjr!(SK}s*_<0#uOKikE7X?%GbCS4Lilq5&siY
zyT@zyLZ=zi@!;3noBPJb#^mHY+EC}O<!#HnQt7_@9gRAVo1{K5J94IC?>a%~dG+WT
z74`GyGkpYGlT|64_OkNDu1%BZ>|;~n-GQPOMj`C|Qc^V0XUJZ?=`zvLZj^H?JG%4A
z0?9v|(ViSMIO~6lPiSPcu6$v;q>bRB>=bGx2;tt>X7A%EWP15>ppFvzyaAj11y2bN
z&(ZR0w7uc)t&sT6hmOmy*u-4VAgY~OWZE{zTm6Lty2;`lgUqhZ{>D`?y;HViMuTX{
z{_gLJ<eJVxo0PaJ>Y+)?4E^&-F3-eu_@>eiLcZFI&#*|)`L?!L<jQ6m@6B7@4j6=O
ze)wRPtkU(ObF*(QCmxEv{G_%@MRiAIZ-Hl4ADU{HZ)r&h-)_iOr^obU7W$EajX|DU
z>)_&k$TgDeL&mo`kYP-@yZBWWEt*)I+ckumh_5H(IZw`)uE^|y<E~xBV(I-Vxz&kb
z%qUD2%S;4BHHWl+mIe?<AKh<mjCt4efjZw%#f-Ypwp614JBhYN(IaQwU^rtqsM{JT
zs2!wDTmuEx&?CskH1nWu9dNPV%gR11NA}HSY{Pz;M-q$-+m#^hpV@5+%aqmy^isu-
zMvEDl(lIL3?n@_$)Lk{4Wq?et<lFW&=2NWCt(pGQ@8>0JLP&Z+n3?`*jPe9#w}InC
zZ`;YL)-Asby8%bhw`X!!9X!eDaS7hqYbJ(vB~s7RgG#pKOOPOBhf)?Qh03V6)O)h_
z)xwV7?LDJYL&6$0sp&7O3~`cQG-yqzHs#XNR#9@C;jy>$`iZ@>H`VN@)(Z@S71?IS
z1qC4<O3-eKX)zS$)oQ(ZZVxz}sR>ICUOuJTs1h9<9q5o(v>}^W{yIB6Gf?(USXj}m
zK+NnH2JdthLL3pa)zctN!>#hOnJz98#T`qdGOC?AFgq<<N@6T7)S?l@e)RC4NU3|o
z{@cfgO})gRiz~$BZJy<LZ}B;OlKqw-yI4+P4)MNMQ?nF5F`)NwAAd}k8`a%48ZB88
z)S<Z<@Z);H)mbO2<IGIvsa$<sGT7bzQY%k=4Sm!9si0|kx!Z@>sjKh#h}#u88r$NI
zJ*R4&U}{b>V1&bx>x~TmycPZM@YclWB}E!{k|FgkyXx;3Gh<K3=9|G4DDz`W1-dir
z$T16EMnnf}ZW%ZV&pzj=fyQO7>s~6+Jauz-=_=4JBoj)zbk|>GKj<AOcPRU5h`XGW
z2XUMgF|FaSFN95}j-jJZg}U5XqK$MY{E1-Q+wTG^mSqHf7)_6`_{<g!uSL}_`?cIa
zW7?uJD)ZJ~X?>Vh4YS*A%jWF5r5)@zU(eZ{RvqM{-|H;NMJ0bBb4=j${FIbLWr%BV
zOJ<Y)fdW4xHr*&>#V+vs#Ao_IzC`F@rm%1u+gf*lVb<Qf*3ORJOFI7dYSu5Fs$z%}
zM#+p#&}?4JH{4py_SJEdlNXfdHx;dGxYZ<8UifayYo4u`7CDry8m92La)wQ$UmCn&
zi^#aF&4eSAq@fj??#G@!Y+E~|>C!OK@4zX_-d_I6YhPItwU&zlKR>QPqkjhdoUWOQ
zr%d9po9vh<5OgS+9pvt6mrA6GJ<{-aP~Qi`?heRq(9LeAMr^xXU6au;|26;CCp|xK
zouN9gJRRkXySBTdJwin_+LkjcaTAf{^A=q_-@{mDbFI_rx^2mEt3!dH$@Hh3(}yz2
zJP}^a!^PV+zr+vYPpx$F8cEUruK(Zg&v67zK3B<5bimiDOMGUIj8cFpC7dCXaI}Q>
zo)NH3&uJt!SgO1EW;l!4ppCe@Pd*Gq*)^4Sa+%q+sFrTZe$7Mw<hoU)`l!J0`E#S7
z{yEXGLq?WzNBf`MLBk5Lx!Rb}Jr<`Qg~TdAu`AIdEqc2StPJOn1H=2ZU$kYp-B-46
zXYUukOfeY4X7ebNqj38gC`%+p&sdJ}?#NN6V6Nz?HsO0YJ9#7D>JTpc`Noe;0v6G=
z-wKWm%*;Bf&5n}akomBO?7e?)hZKo1($0G}M5bjH!^{#Ur~hDkGYEB$D_n(apO|Od
zALe*?QkjuPyx>)v1qGN}scMtOK3$+TDB~&I-jB5urRjs`ooi(&FUEX|kC?cvxWv4}
zq-PQSS@$4<FK|OInQ=M)^?lnNKLCP{THCp`btX~K8M8_A^L;oumLhr0bU;-7Fzi(H
z<WF|+9?63TV|k!}q^i0aJ)*X@)(yad?tbef4ljK$hWbGP22iOTs|58TmDUUMKqwPr
z3UWh$W`@UUN+>0lGv^85>Q3-SD!deymya;)x>}l*I@z(^37ebJOHTLq|5mUrrdKh#
zmGr*#VZS4VOxR4cCH~>Tq)}rbAoKlwEXIG6!vShIt$;TI)Yaw5$-j8@>iZR~VwErS
z^jrD)cxWAFjw=FU=@yEsGN0(f>h*jr^oXW`Sj5t>?WbdeU%$*;Ji206um3wM?_pyV
z-BSx$&~IBNp-?M+FwtSW?U15;O8z+U)>Mb~?2oCs=R#7R?M)RUL3+md=RUx{4rX%q
zd#9%_ZNnZUJA$fj2$~l9`=R$5W`pnFJHB^sx(p}3spS{Jzu$CGQ&Vi(oGM-W?IUl2
z+NeU{XaD`sh5zUO&4QbZsFlG<3IWm=3Q`1KdqBRGeEM&zi@t-Ka5(Dqc1})S$RB--
zJK7;2TPrCk*ZTL#yr~!8DC<nk%z$befy2}$mbUr%TTnGD>;5OZeed4Bpi4MhtbC3l
zO-z`_i+$u~_`ydjYij~KWKHRmQQc}Wq>MUE`UHQ{=S>P{&){GAfk>X~vXGDQV|wq3
zoLY+A9ZwmJmkoGWSfhu~HOO@*MMZri_~X6s7J|SFx8r8??dwLb8`g?NIFkhKLv6Qd
zA#c$oL^&YZjMNJFgBcpHnRhq;aW%cy@DNoQYJeUu8Y#a9^c-w_0Abjsy3PGEX+NTY
z5fV6Fc#v_{DA*NPMQ-g{IRr?b5)R6*U%r%?PYgh#qtPEF|M;xQFT-~6Re!ZjDX`<H
zKct)DtxPFCl?jp*{Z)Z=MV~YuM&B--9JN_vprY8=qfeVYPK2p&7RY2i?_gH3)T6*N
z@%^iGn47fCLPviwaP13}(P2G~gV9qX2+k8jo?Bx?7uWrhxuyvdpB{fj6UY-Lmn$8E
zXvqoqJzOLtf&c}QWiw0B^m9e3Wa@kxOhUq~^IGZ{34k8}wJjR-#_BALjEwB;yFk?m
zL?w6}*7v(Q{!Fp`FMK7~s_h79*qCxkr>O$F$HW$y<s%uRmj1BXOJ-ytoR7~3HjRct
zbeG{fLp4_}M7$0~7Od#be<(xt+_sXT4x6keCeo*03!Reo*d6S?BP0n#+nnd&`LurJ
zs1azAGt~=lmBUFG8ynj|EBeecYWxfSON=oFqAD!P|C$bzMO?0>K)HE&fVar4{rx{+
zlXxj*b#-%7(~H5@Kf}}ogGA~6)^)^^N=Tgua+MqBnvK)SH|QA>IXCguc$#46{W{vL
z3@gEQ(iPzqBq6MnorHH)mX>N^?WkF44Ffq;+$6PwCI^|{T6~NBk$N*kJpA8`;0U8)
zg#YR}D9@`PYJ4YiP4Z@hKlxoL4SQHX16oSH>Yb*3h=knB7z|i$p~~HxIsen$@g19D
zU%>&!4kcf8J$(obH#X{R*qbPUWHzyHRgnZ&C$WhbPY!;}c6wbO5EeLi{Dc|{>`33a
zrw*EIAMSl<BW%3o-|?vau*Rq(Xs~RqjEp{pv#a*?tLJ5I@fJibkg#2#8Rt%4mJb(e
zFoPGyr%Qb%W1(@OOdv2Uz*hH+EVz&&iM5@bUyN>+KwJT`So(-~DpNOM)tu&ao7W@S
zk>~h)ilv!?*Kxg~q(5CM!F10+vGK(lLACF_4}vq`k#G4#rT9kXHDw>c|5yv$tdw$8
zQ*wN<Lr3sk-V{_j7#bQ{TGIKqngY5o00$0S2lFci$SPLXH8dpa;_2%z#c8$JkNjgf
z7V-C?XQa+CY6jG3#0+b$@ONh?x60+d{-JX^94x{s?TB~I3t@OHuJRB+zH9x}%H4@P
z4L&(}hUcWHF1;{&^HBrd#KmaD2pj5B<GIn$ma@u71@WbN&MV35%dN7nBrLdeZk3`+
zn;mq}$!#Me0(rus>mJ(1kIkuB>sb^3+`dAHqQln@_TD{sV`WVrrZhjGTDm<!Qy9R|
z=(><19umUmBINXvr+m_+>1x4)W#scAhEq~azt=u(bx*LDz%NaKBMNQL`n#ak^DvzL
zWBKLlsufk=NV2p%6|>96tD#!0pcd^)LlqO!^U_eh)RQwLG_;Ayw4*wK$gRSDrt%Vq
zO`v+`Th)Q_L9?arb7fh3VH!Ur9%NcCi|6`H)q5$|=ZSG4KSXXFB=y}}8$Xb?7*Ta|
z`8{fs-oZH*df7R+=(OqYRgqNV+IN|+d`2%_-o(VZI6HkeK&Xwo9u%|ZWxV|riOw|q
zCW`=eLxHt5vo(IOw-&s;Hk_YeS!qQNdFcx*ymwe2yS@ksi=X;7_SWwaQS0W--Ol(`
zy2i<z^&aZh>E>n$PS}3&U9GbW3JOps*K*sS0)!+&LPAOEtS@4E0Je5>)2za644`)a
z@E7sn2LSYR*cfi_>kDrE3Bo>eAoK=c)UH-g+&^p6;>Dp@vJVwsQX)kA^JLc==3vH9
z1{B`U_cP?~)?Oo{AAD*Ry*S}`UZZ0u)v=SGls`i&832G!=2n(4mbB@C)6=B<9pk>W
zwbdjUX&wbFNkxV9A5~vf1X1riY2QtTd@}coVu~p9lcg-TE#_F8-)i(Mbk?gxhV}Mi
zuLRn$K&pw(UboY(B9N=`_wwN~YXNDHSz2nLo&Bl53M+;6^LU+06-S$8u-Q?yG72l-
zbRwT^ya}4U!8ObG3&vj=`RJjiO{T9ONn#jaaT)exd*vB6&ktCP;=CM9KdD*C49y9)
zDmps4Fe}gzJ=vNtZyS}pRJa&audy;v&CTag>dmQ{W_@9%34On-Z&xV!aNc#XB@+}V
z1@DDk%!H{aC2nV@Y2eV(ZWgK3+vh(Jrj2bR`fKzp`Vc~Im*V2?tC69=>IJ;LAAAVy
zn62=_iZ#@4_?i2teCSNXnJ3<gbmA&w#!o+b+ujjeLJ^s$fs2o={epwd*@-;{vlinA
z>q{Eu=jDk~hR>k^%yfN<n+wWN(v5m!gVpAEr+hw(%<<Q@@kiD^WOG!8A&093RMz(n
z+%QEugBTx#`do%ZF0f}#He%b5S(y(l%W9Mlmkck21}^-<!?S^lGe(l$K|x-J5%a9y
zY!h;~aL<|hh(&UqnSVYT@qNUd`%AO)EeZ+7fu+qQ0-ZU)U-6zzbLfQ0s4NK!M=l4X
zDh%8i19S^nfd{$xtzW?4gi!^iC8{n1`umPEfv<iKCE2ZbanK0|ZQG7*Q~d56EH0Y7
z{lx3)^!0bWH`Ix~n%(8-;B_=LeFFe5>$(FFzbE!@1qFt{1$G8uI#L{*OhuY%ja{&W
z0r)P&sw@oT-@)*$){qefSq)y2Fxc9}=;)U(UmSL40d=a(^Qi8XLjWKO6b5*>I1rxZ
z%Mkjrq?qK09@ys7aB#^=49|{@JePSNE-&M-V{(WOf0c|LHW4YB8)tE2F#c<Y+-`ku
zL1;&W$u~M6;QI=w^oiM=mbEp4L5J|YVdHKnPuz{?OD4}giA1tgQ-K}PQ9`37u%I)b
z1h~R7Sw(5}@O?yHRByf;+JU^bZ0pj|E}KZXg*6p!fpYN@N5vvKI(~#)Z|1Kl#W|o`
zSxin&t~itOYmzlOCIKcTCN^11J<h|%%&ny46KN<StsxqLAPaD+X0nir<MyX@Df}3c
zV7?at5&+J}?a16gW$Eg1U;I?~t<gncFLz8#IlY)xX6XlPR$Y^+WWEex;kWK+UqAV>
z&0@TmVzFN(nfWrRkR@Z-9!B$(ltf*)q;Gxy;Twm|oF6|v1+MB<3@DXZ83kLcCM$qy
zh4)+a3dSPO#RDE<{$g2zTGch{$$!ny8_VOvVp3Mh?AaGjmL+8IV?7MsVWhM4F)_Zo
zqMpZ(`^ine`Y}Agc7a5ph|r#5&O?a$oLluQ@p!820)Gtu^8<=g71FCw=j(xCBtjty
zdCIk=%!gh{=I>6;m(3dl8Bz!P-*B$x&CWb}MD)P5IZVOtvAf&JHUz?s)!MJ-@l(y3
zzdf_EHSG!}+d<}h^lM=?4DZG93C8I$;>~8&q_@6K(*~E}BZ1v5tc&`efsjYO`TBqv
zm=4VckNr=5Y*#?L9|Z)kFTFf{h+&>PgyEEi2agMrQA1H%m~0`MT^?{>xYm_nQ@2Vc
zu+ZOk@iDX|0IH&sYjGMw@!5<H3Ctvu8;X*yw7xF?sy}Ge72JK@R<)2zsP<y|U}+^B
zO^^<GH>D}-BJ4K;lqN<##{rBGB2>{FMZgGo;KEzs*8bB5j8EY51H!%z%emiVRM4&x
zpo(&Jy#RH%z)=F2JY*D<DMxkWR>09!>kREx+~)pukcLUVd$-TZCPq1B#_qA)9D&ge
z>^Q4g^ydgl7Ouj~pP1Nj()disFMEzcQ*c?3Tb~Mrq*USg>C(WoU*wcy_%*B;QxryG
zpttV3yH1ak_vK&N+nqwSi&5|ib~O0(_;Rkg0~@q#A)bVeR@(Mt&Rcg4(5xHh&i?Mn
z3~ZEOiqqL>o6o&GZgpo0y1YI(A(cuzf3LOz@F$casI3cbV^KM|^6tSZ`aA>4^dgb7
z+7%=)uItuAS^f*{uc|keB3IcdXehV<%=FU+M5tJ0926C?u3`s{Zgp@qdb?KC5+-Aq
z>4jSBqyxJ~4GqFgmCYdCrCMKv(mqj<hfe|m9_q4uTz;SP)_{YF%<BU$otLJC;&M&Y
zn4K$Il0<(ABH@y*gs>Au>qm!zY?hN`Jj!|dqJV52^+?xAu^GReEP2^!KVSEw->nO}
zG?tA17;YJT6_u)c>p_n3P#U>}iX6k3nD>1w4)N;R+8Qoa@-ry2B+5|OfTjqO^$d$n
zbF;5=+`bkAzvvDxlx(B`cj?^q$US+XgsjtEBfzt1**0@Vg=*enHW{*Siap|hS!>>U
zN_o4!cIfc)Q<7Nbrm$6FTwtMLqUd4KSL*AxojC#r%vdV6t&LJLz%H$$eGs90?FhDJ
zjmAYv?8$Ecea!Ve>Yg!t0H-nKm5#ZiZ)XRRB^=0{DTy$rKD5WXk;QyVTKz?m`<$@r
zWg>hz89USi25MumfB|abcVc3#%=z?7?Ac-aC2efa*REHNx}&J%h5|9lDPool63>uP
z*VDX?uf6d}AI_8(T0gfEt4QG;7_px<xLQV0r^k$dwwCde@zo=zl<n9pB0>_-_n&30
z+3NLn#>B(`diu#~dusL8->|AY6&~l^I@=`?LqjS;1#QunalK=CD&Q=ziREBp+ZoM?
z(x7hysYR)A8<O7$=|}&#m?pg>&2*nS6$ZwgNboOnjavn=Ya?2sCuf%vgXApc{Gom)
z&vw|YiM+(MmNAS&X=bV?T;6n-nEP=3Ycy<OpagwdJ>odGN^pan+3s|VP2dj8{sT8p
zBe%Pnw`=X8%BLh);`s(OAqT9IcyfTdp5Q|Kq9bJltt}~=?bi&j9R{a)NztRG)3ZqC
zzfL=Z#}1RUllXX=67LQZ_+14ch{H1|L~?JygN6Z}R@-!2Gl!BHa&%fAV@rrq=@>oS
z(T*qP8dkfg-L%YbJLGDk?^G?;^SzzKtnnRG)R6%@BH<92VIe(s!k2{7cKG<*5~`^6
z>FS?+r;Uhu{xVW_PtZs=NLD9c-)%BGB$yR2G3T(66!xA_tVAFn&9=XXDs&^@rt@lX
zt2YG*Sj(s>m`^^-n7N?VNs-6K^LJ6K?)@D7>JN1B^r}`B&k9Q}>xNxf@Yh`qhi(kG
z2rFihL!WF2jv5{sxWklYU}5^!i}omwZ7d6v^$Ch-TKOqld;NCSj*eL9d(WBilVIHu
z@NJ(Q$jB8Y&?1il#bPI+$(f7mUQM{|z<@6PXP-!!t(pMWJ2=+YJ8I-{-QA~7k2rFQ
zbA>fO2yN?Q*c+U3;cM~-*v*9}QXKK7yg-^?l;99YfQ3JmRUo%JaaaLF3&OeWUzyW7
zFsO%CP?{g4*%=5k+l35t2ih6Zx<+wKVh&YxClBQ*uk@+1eS><d@b5F_RcMoNq)Q(9
zwb8RM^Clz=QOlg1S3@9c+Yv&@<FxIvm0vlzIR;z?tJ$j5cQ4c?qf=9Lf%Qc}K><Y4
zVCR`~xzqF~8j^qV7*UmMVH=UGJnYTRBd=)2@PL3vcU6)nkIq(}EL?N?NF!@hnlnep
zi$4&Mgz&_KC8$o~uUF2Z_VzygK!9D^?Y}D5;z7AJnOp22C8$g|i{F<^d2)sp)>Q{v
zhK)-rTU$(uZu!kk+^?UVtc?uFjyhX5+3Pm5M!U6`&^g_4dax(S@2qw{<|v!%y~5v9
z_{!~~BDENk@0{}GBu;JRw6&`MIeBDEhE;F03v_ivm2-e#=vBNs`YzgzbVG$0KZV;~
zDcrkF{0TzN0(ac7!Vv?v|6X8X7xnu$7K#ylN!bfxjfa!xQJ6UHNA2QIO!W@OxgLcD
z>ayy31?NZ_ur?MWZQ?F#mW9r#C`Ug{F`Qu-9+;a7Bd^SmsQY*x+4rf89Fd~r2&p7Q
zs}ic#G5GGEL&?JZLW9WD?&w8>l!lt+t<L8n<V~6YrfkeT-A$}EQ_&#1Uu<Ve{*lW{
zGYq}!4`i><K>l5^#!RUr80EgOL65c9Qx42dlz_-j9*kViTtou4`j>Zvb6cLFqjy^+
zH=1tdsvUiwPuuX$PV8N>12rp=l@R0N-4s-NSCv`73tjI$6{8RQ^jYj1HdT+eSaV2F
zOP_ZXP5#DfXVr}|#g6xFmV_3aEe<msQ`6$=&Qe=W-^R_RFM=G1UpOJe;g`4LXwrC8
zzAHCs%YQufs2uUd^ZS^)(t?K<6cXqM#zU_?`R<B1){@<KdB`qZ_BXlKHkHOgs9yF#
zj5jX?lQ4C&3v!s4&4f_Z^|NydnCvz&sO0*K-ZH7=@dyHVTizBot1G%NqO`QXU%=)e
zIbvX)cydJPx)LHEI(nyLS@h^SO{r?RNdA~|rNP_iu?!Oltce?`-KypzBG=?IBULUg
zuHU9orm#)#AiQzZs`3g@wi%UP{N|s0P>qNF<RRSN$df;DLy_vCGDD{GfQ6IUDZ7@^
z&%H-Etj>NK^l`B6LY*L*AeQ<l%P)(I1tC*8IpQ1U=PMbPWj?PzijTxFtW6kD0-gXv
zYb^8L6H_Tgks-YXPCmys9Um+_-M5LjZChH5aICv5XeDGNq%}3#r5m8lzU;}jQ_WX0
zlyox0Sn)+u?HTcw)5oA<bM%_H_;NUgB|v;6j(%<8J9S2;k#$*5eIANFQqSkLQHGQ#
zfJ<mN6t>FYkD}WA(Iwl<VA+@<E4;{D``xs_6xs?av_%k*8ra>^8kV!n)@5TO&XlAf
zUCNcr^_NlCU#CIpQiIGk@yZK?qoOi`7{~FrLMeh2G8i2V*@%VP%JJ+*ec597L;@5#
z9Lv501Z2zQNewx^7;~M*5K1j+H8`A4Z8gxt3hIr$cscssB4k`gT(13X_9*(;G{$G{
zwZr&#D*5}&68ZeS-}`A^nX}po8*DI+<M#v;^)eddyv$j)%SC|rA1g?cC}_%?lItn@
zx+*HCF|g#az282u`uRX8`KsG?c4H*#?s`oi1=KGtRhjc*E0RY92&Xke_JChpNKjBU
z76tHIJ*MA1W_bEom>eDM4{!hvQ)Kz&C&mijPoKW@ubL;Gkjz#aivBcxo8XL#;_N5>
zD*J^v;b?d@bRqm49le<4kYjhC(c_E5&A`n<{i}mp>iq09-O1uWlMY%GT!sL(hFbHB
zcHKkg<gP|VmG;4!FSL7-Qi>H`>ZdC+KOl~te*4~C>ZzM~ec92mphl^TRJr#iV)!oo
zMy5!Pxsl8Y-HY5YW=fK}i9PZh4p%G^L+jD5uC_1Hp;r;V2e`VF@XJeye3A5^5oYA{
zcZA4Xuk>qJ1vQm%5>zGxU)n~?XREB3M%%VAw$Ys6R!)|Tjyh!f?XqONGcKOS$WRj(
z&c#xmVWMoT5%G=FA2W0udsN@>F2i!8=xN@&+`}?QDz2bVW@+h9nQ}Lp<2l1-3ei-4
zA|d=#5IqBfpxk7tIg#UxHu}&COHmzX=x_RE1ld%ASk+gksHm%)1%-uSzge~#8wGkx
zgh4!mZIJHSGjGH9#j3o+zJKb4f_a;phCsFZ($Z4k3nnI88?^KxPS49@pE$riAfJPU
zR&d$O397#V7ewKlF<3f=hK4?>Q-b>EexuJpm%BM`qM<}`Gz>_j!6NCx<beAUR88ZX
zSeToC4h*a=m!IJ<FsLv~U_dHb<Pk}?ov(A{udUDEmeq_>F~;LZW{$~b3r-bDuWD5a
zc@HXS!NOF3a0@nN`GtkD;?;O+(-svh#sdz{&OAvnds2CT>l1Sb3@vEKskU?J;Oq<y
z6*Uwvf*>N+&{_Xk$aFY`^zO$?jgOBTRn7oJe1CtxgR7t;ElZKrvpYMFf58NILhFkI
z@gQUlB0mK)#$B?r)Y{(JD?AB>3rHTH`iIT)*!*ymbZ4>GxM>_i-c!W{@o0~!o_gNK
zif0TDLWA$ZI`zxdh*5#lZendsO&-^~(q9UwYXQerxYj=wsY%s`>eFjP-(S<j1=qGq
zNcU8Nx@htmdg2pHdU(`((VEYK1HnuHgTIv#=d<sc>z)Z<4WY#7HYfoM-@OJU=(&Hg
z2a6T0$girf&*ARPS}ojJ$AcUKBu4pLlB9O77QX?!ZDeEvywy;F#6OmB(Y-q69w-#)
zc<A%Gi4nOqxW{ty&nH%Rx756Uy6N7%U^5QB2fbF6OX#1Pj_L{}y>$V{$HW9xQvjD^
z=AIEZDLG<;XZxSC&&Q<^R51c6pFhvc%35<$gdXVoo^i!B6u{B5EXV(aDBTmlQx*Id
zXml@~;P0FUE#Qqk{R18bKR0Fj{l2+BhX~ul|A84X=FS}}JT5d~C1|{RX5(*5<g9R`
zATMvFK=tq06YOyJanPl|60ktzOHE0(hc4=FZkHivcOb1pNJto=`{ya|dCLY%d9x*>
z5JcE64seP)0Nw?%5ICPE7)<ur)29)gOSZLhK;JI_cu8mJq&Hm#%ySpqf4_Ur<U8D}
zRMOL7g4VjBn3R+SP|4kAR0@6o<d7g9+`Dq<!ix*hYwVwq#_#=G?$|_!7q8QTc7I%T
zDM|CKFdUF(#sZ`fyCCrdYTH*`lfm9sTteb2hjlVXD=28^r~8XKxwmWfxM)}Y!TnfJ
z;yAK#y`_D334ru~Gz(;8sx=BSGc*4o3<AY|U@4QO{gZOJ2YJ^L!~LioeeL~L81O1*
zWUPQS8t_kTfQS)1T(iJ+s{mMJMkgi!MCB2@?njotUAUitKK($_`<^-S*7mjoClQD*
z?SfR-&JOnDhxhN_2Sn+BXq}jtm^r?00{(Aut4Y(+0PdAfijHuH50BA4@++U$gAfqD
z0gYoJ0v>9>e+DS6uK;H6>WZln_3xEDtUkp)MSQ9g!Zd$R^4U|s$^dxlfC$X=^fXu`
zo0?vyzB4JEA|NCLCB~q>an9;&vFzVrv4~0-e-EjHC~r(cSTOY+dBi!uTwYzN=Z~vs
zxf%k{E<F^t1vnFG#V9X3Apqm))Gt=u#}cd}2<vP;s++S~;|vXG)3XHx_pOXyYX4TP
zQarvtu9@4|s0|_r!fCs^yMUC#mIxOg-xW|uc65mNynYHw+dpexlRtmnVN`l@c6L>x
zikD%*J_BfC>2Q!>M-S{Tg~=nNo)Zc{Uc64Se=MkX#D{xZ^dOhl$rwCk!H$PKH#gVa
z-Q9ROR%pSluA&mx*a)er;-LflO0@>PwhCf;^ppj^^KRmpnIk8WRi*p4xt})syfE9u
zkqr>zIMMa}(}VjTeL%ZZScpIn<!)Tv+R@1g3<mzwNqtoRk5B-pq6XublSn4Zet(ws
zegzld5-$lXf<hEfnm{Yj+^O$4y{^xJsa!ahoiZwQban=RpWkq}ytsgW^a#+pkps1u
zCD-J&i`!eTuuck$Kw!K?&XfLJylD;rbe6=kr$l^i$Kdq{+-%4~H(T1Z8uYbu{G8Je
zUWx71I$}}PWeZpQj2`>;Oe~>Sh}Dh~yqiod6UXKyg&OMr;p{D-s#@P}aT}GA4vE92
z8<EbVY(ly_q`NzpD2;%0gMf5NcStwV9n#&M_x0fUec!#~-f{2$zlX!2Ls@&RcfIjE
z^O<u#k(<ZqWxbSn1h0PiBR;pQp2pkq!{T}F23nZ{PB74=HYb^znqF??7VZGL?Mu9_
zZHM??gWQn~i9)h}DtEX-f4w+5J_fgbdU8^&UI02O0T-5c>9SkC(4TcMhv89FD+bny
zN{K-}NHHgh^(8Y8!C^H^t@LpE(@!ktC`%O+F-IxQh)G4&0heA6%8i$j%9ihWEarA!
zm$2JRv~r*RmavROuN=HAIqaSi&X|-*t*PPW;+k}?0!L3Ru%`eE0vvnby|Qy)_8%(d
zMy^86Fkm1hn;oIA0ychti2xlu@E&>b;%~TQ=1>jqsJWZc-AGzF{{6u|+J=Jw#67^|
zg`geG5%41pHM~l1(r6nurWGe&gy++CtkKL!_d8FW7>8qHR-o{$Y?RRg*xRy4OLbOq
zI%V+VXRvBOa0wdqDefHXLph^n*o=(yok?hYFVKpLCR$(G8UNrBF4bLM5?oH4_27<@
z)Rea%0nC#eCQ?>vR`4tB>(L8gIJj0iUUoJjuo`{+yi2X>muglShyB4qPPe5;yA?sZ
zR-aDM+VKTwfnZWLxwB)jtNX~(YsP}Ob~kcpeQRTbIab`DWCB{Yc?Q~7NQ=N{%d#A5
zt{v+BY|@pce>GNv7s6m^2ig;@+Hn<zY6fMj1^D@?(u$r^8W_UU={3n_%dHJp6{=qu
zU$El+@_(EjZ`-_CR`oK=X!Yi|!_2Z;AkO9nf<CLd?Y4*W#>eq)hNMun2)u42Zl(&U
z=mrvHs6rPKXucuja(1pSPg*ny9JA9`V%@SZqUuMrFfvM~RrAw{Rvf`GMB?8t2X{gE
zX^#gK#xFp*yJltwI3)uAsLUbfPXhZq{2X;$K+XVG3Z73a=s(wg$ji(7Pz7{4s@hja
zx_gQ9CNJL4q=WU<$W?3#S4v}q8W&C?qZ}DJ`kzw9g~oGNIS7oDMWdmkvF@5Z?V}Pw
zrG!22*G%eTA4aM7BgKCjNv9yDOCgoS<6Nws^lgTH%P1ciIiJ!2TOX|H3<K=#tp%x4
zduCf^P!8AAqob#@c&b@T0X@-}cnddklCKOo$PIK#Vq^fq)Ri8P&qHzXKt#FH6U%>l
z-runL9rV=#2LQ0T0Z!iK%5<NIMLEuJ|J?iNdkjZhIl8i!Ig)#&%=FgeXrYmkX4BHi
zT46%)hidfJ)2xmf_*^7@@5IG;WM+SgzSi*{-|97=fZMH|W>?j+PgIxs4mH|iKbIUE
zvk*7*^WzYMDBHa-Fv^^7KaO6^AeWW3R#nTI3kX`AV9}3FTHQ#l?e1!U@dn$GV!rCK
zc`S$Z0)`Zib;+V%>jKGTF?a`utNro4E5Okj$=NCWblvOjX79}*7`*?XJXlp?=V;}j
zpmr$eD~e;y&AwAAZN)L<oCSs>u}lGZ4x*=Ba!R6lMLJSlQd%DFmt`y5Dk&;TT>GBM
zq{xC=D?v+Ib?*1{FDa|9ElrW5L!m(TMQ|iCS@z3vH&l2i49AR5!dI_JNsS~;?IV0_
zyk70DZa6adt(E)JQ1PJ_^{Bz4igE`{@O@EzCz5jvS>dAT58Htb*Y#w=P!I+U^rHNB
zq=XI3BX!Ts@sp8x=}!QgK~Dt5=Z_wQig^7S;?y^U#(I_kL>mncVJAk;@WLYFkR)|}
zN~tF(mu4opvev1u(Uh&ksEW^4K=5*>wR%g{Ty+rN`Yhoyr~hn;|2kq`_mCXD0&?}i
zGA-a&mBPiHa>~`AWQU2jd<K2A+&KoAIGZJ7OG)2teuQJl4IR=ttn~er`d}vEDwXpc
zCP7kM9M^;>Ts*EoUa8b(KLMF6W4<L-Rs+A;MzGrvQ=iOS4;NjkkA9YkGy!k&?Qk_G
zx4V{%sbG0X6qrs;nMp1I+A%&pPx$#8fKt>2*fdoz1uH}U_Y6b!`0jjc)DUB`Dg|l?
z;L!yW6&EL%ZZ=|(1bN}SKJeWKejvani;xygh~%G`9UBXa^{35J2U@x;XJyEMQG^JY
zKs`Mu1%T#pjs?<{dLRV>&S%i<B5-Q}6)@o42U+<7eMI)i#!G@;gOWthlB%X=YTeGo
zP*oy{C)N*qm3hS!FHs0Mhk>)9o}Qkx^v{lZw7Ut1TjSI6VAkn}MFpxqW^D}{s$|x8
z1nfo)PyGqdgX%(<{{jt-7o52QeIB4q;4HN~y9iCBj}PSI!b1d(D)&5XS66Pd-}_w>
zFvh{e#`Zb-!`~8m^nmU|&0Fw*fYkrH!t6%(RhkM3<SRizgeOh8Al3rjKS<5Wbl6F&
zbyB&Qz;Gp0gd!YtQPu>%D<9w8pq1mx{d?VIr@j2E>_vqI{i<}tJGE61=PC8jVmxtQ
z1d8Jc+u|m_=!C=WiH`o#axa1@{^&M`@zv-Lu?LG7smZErr}xi0JeUjWEN`6id2BDk
zo{@6VH3s1WoEkJmf5H#5VgkW}6Lk8LEK-yl{hhLM%>Nug2@uKsiR$;<KihrK=T@|a
zI9N!39Q-J-4Qv-t9+J~i`kv0{+A2`k`Xn^pbvNn)M{|QwBbn_mgShVrlZ*4JP|(@;
z2c91QqiKJj{^;K)!~Jz{b2y2#je4kpaih!q&}v9GX9+krA0p&BG}LbQP~)>R25plZ
z^ogkU@*Q;+TftycWBq*2?=JvIV*D+W{UskGw;AW=x9|R;QpVVHNh@<DhL@jQ$IWEM
zX5~(Z!g|yW=1q;?z^{~8k#Fm_mz1JBCL-2Wq3}4ob*YtbpNiXxt-Z&5@70ShC=2Oh
zF@@m4whER|c|m7W$-$PF$4yt9TFtpv6>V5^D;yK1QVYvBOk7X!7J(#rh2xc8eopq-
zd{J`Hqn{HU_Q@}6)#z|zaHVeU==cj0m-dBNKRKnCMsk63gE+nzf?7zYVRS<Q61SOp
zS+?_T1<EVhe$5OQKF%+GXL7=dbw-o>K>}>AY+7v*i%E+-F#c?a^A|!6vHewqt}d(e
z@?PZPS}k#G>=RI3KJRf2qQkR8&D+&a@i;xN9SN<`L!pD~@Ux83PqQdm<!qgq`a;zw
zQ692F&z9q(-H(4Q7D}vZ)}$ZjRS0Yvt435^*O5;}f1WZu(<%IP#`yAi`S?(>>(RV#
z1C9T-=JCoeUA>9CxjKm)y4%CzwuPnd88hBf^zZ_T=5|x4ci<&E<E7d0QPOAuZD4RR
zsLGrjUfD}1NMwdgsFNjrQ;9wKkkH|F<gFCMi%5L6)eOzn!;U(tLq<IW;E9{FJXUPS
zKl=I9PexV{R%1~M^NXC?jk&g*uF8aO52lZd4hL{XS%#WX-A{fMZ+Cy>(@;{<r%1h7
z^re?OEO`mB8}c*ms%p3(^;_SS0q@<bL?gw2Psm%`%SP>*5o7fB<ZZdJ@Fq13=COO5
z;IAH&K)5cI`fNfBJ@P&rzTmZv`m-|;m~z&iLe;6O!op!dNqM5BC?1Ge<x;(+lO0pR
zSxX(_v`{MeOa~T5E*`g0np{>DceDD9!+ZxCG)9N*_mHDT75WA9*xOC9r${YJ1!9LP
z7dUyytSPyQx37sSVCb(<EvA!2-L9Prp86Hixr*927n#U(cuUc45~*BxbiF3d&#%~n
z8^#B3MYi)5qC|&6%1zUm2FLEzn=CSG0V5NZygYBV=KJG}Kgy5Wp6E!jTaO;~bbN(G
zsw!9Cn}+l3pPyss!L>X288ogJon>LE{>CNIlHq>oTMrMHhxIwR!-#qR%%n!t(WeDE
zw%aq-Tb1dz6X_H%*v4+z6hB9fn}_P0%InA8k2JT)i5;yC=?3cXI*%4^6IPa^a?(-)
zJuu*Kw`gN?<HK1wlvp0S>IjIkx^!NOruK~IH5%G6#&I(1sc)+&LlV~GRw)v$X~$7#
zgAuuSMJ*aX!%uw^5Bj;thb98)nc0jgS5vD*_^4ewzipAjQ7)Avv}&(TgiQsAH0+`%
zhkgkY@m^`P$2ugfZT)(fODiE1&txOI_DGB$G8Q=d{yp&cD25Od9oGRWQX$|J6kp<c
z`!@DyAwbmnLqm*@O3#152POQfd)*Fs3*C*GnjRdMsi*c(c#6q3%20sush9W9Doa=Y
z7C1brepXDWC!z2~q4Bky&Tgo2k)`*Gfpz-}#y*CNRzp;&7Z{286F2JxxijLp*f5?c
zeah!Bm`y^#IHV(!;on3ST4;WA{%|&?W7M^aBp|{;;qiEgnmXpX6r7jM6}2cD)!t(J
zHN<Mbr&@plgQ34$7+T@0-~5DHzwR1<6{x$&@60>!QgGj(TV;S_Kl>pges#E(tJ@*V
ztI*9M*4@I46g?6c^JyY^02!=!H=p^S)7Cfk{CDbe$G>KO-|`@@<XAXvDPR?YEZTr*
z;2|Pq{s{Xn6D^T4Zq?|Xpy0;GR*XvrGh@CrB$w$aT~Rk5yUR)Q>(2A%cxapiyeKKk
zG}svX8X5N7)qYD#v}(?`WH;N4G%Ng-PR|LaFV3r*2bQ~aUN3QvM#g2V(!vrG<Hy{t
z3Luu_@W_DnA+N`3D0D8IoU_(8Go!EF8tbA_S+xh6eg@Dd=cP`BP<nNBc+{>p*5of@
z(<43)Z=<0N$~~PvoV<FrASbM)Jo58!JS{$x!$pMS4Go!1BJUNz)ICHARTIn%%nmXh
znx0b4#_$)cb~BDzZ1%=WX$!dCpOz6y8-T|C<Qt7tsq!@L8ch<o+4s6-%W}E76tH-+
z-tm}TJltw0-YU{F%w=;Jsk_=pR^ooJ+S}l0(AY>o$7Wlvr?FhQrS}RgR0L#=-<s%&
z`=-evyuJ9o5a4O(a_->rU4-_E&YUSXcNg9`mr3B_y}X_j)n}185>+TnS%*Tkws%Nm
zuEdwyu=vB!dV6lq#eAxp(&JserA%}ld`}bb4FJA>2Os*!cCz~2D?(6T2ufBNhMug(
zQNuBBM@8FnB#3W&=D&Wh?%Y6_lSV-6^)SAn%+++e)j;orQPPVdyH|AEIEehjX5J2p
zbk9W^q4x2Jy-I3VV(36gse?!lUOjX}4bNyhtNye9;bKV=SsvOyV;BCvgj=XdDUM3v
zoq8asl97>lNDly9ys#PkAR&J^^U~Dd=qNVEC)`$q&q9m*J#ovMG<Vy_d-=1=Xsrvq
zC!=4K8(%_<<J%`Btt{;9L(9)bo?0xR+)Io5X$eo}`V;-|(*b~O)wyP-&zb<uzjXls
zK0ex4LO%+_pMJl$gPrzEi{S3MxQYJ_VEGNo0l->>EUZ%xI1fa3>ebWlDn6i#?q*%E
zZyf))+o*gOS^u8@KKg9&{fXR$|Ddo_+eAi=90WZ5wge#E0~9}Z<zMuDjR&Xg!}NPt
z-6=M8^`+(KUXi2}Jl1bKC8N1N9osALQLJ4C@LUtUTVTET>yPc(2igg<asUp2`~*PG
zAnFBo?hk(p2W~t({f9gN_uAcef<rJFY3VP80dSPZx`-9Kr?G*Kl<VwUbctwvU((A=
z^gSH-Ml8C6s&88P-@iRn+^DD`yS2{ed+<mZ4$r7qVdS_tC_<*u!nuRk=3Ol+rT|!!
zuW0E)9xAeA!`aOA!1HTiVIkoCS5%BG+Z>;qByl@R(nMaESb(?^7n0-3{fz(=(su?Q
z*Bj`T1hQMbl-eVZ5qKm1D%xab?k`RGq8h&`>2I{=<>;@%hss(ndZ;EdB?f(zwip7)
z@i{;}tD_(>K}0brPmw~SCWR_!*?}%-L}Iq+HWH7|J(s<05tBpQ!`;_QkMi`fW4lWQ
zi}$x@OYQ0tO7oPJQ1Lzki~c%-D+hM+9b@4h+CGnEnW}RVB@9%WBSlrB>a2c!1lTkp
zqHUErLHj<>t{oRWwip}^2Ns%A8?}-5HsdYp@vb@qDiHwybG}snPqv@K;9&LgHEG3~
z&TtF+;reA9yKi{9iM6VNxbgN1C*7E8H3xSC2jt*5pwPxMfK^-Mut?xzO5dlMCuT<V
zPHJqdA1x&4nZ^z8?Y1TV+CJhD;^%$8i>v(0%bJ|&!DQ!DdnJbx3?w*P!oXK*I^(Us
zbYSw{K4G;SZSrAZ3Tf{p>?!o$>Bbfdg=bopGJS@T_sRCIadi#PA-9ytW1Ae=6B3~1
z(m`~uj6`rUwP}J}$nA0EpS!CEb$*43=|>fF^()8f44allQUr4#;)E*5s-y<bfA*<;
zD}X56Qq=YK6A5EM8a%x~hN`nEw6!VAUSD-YKliP~h&R551i~u<jOa{uBLy?zAT}u_
z-CrGV18UJfDPq0J*a+0O#ts<5?JA|tlgWj8Ol4>|5JOwhL*;aSQsE6<hV)ww#3JQP
z9n0MT*|^+W4wv)pg$a^|K$HMrNOcArFpt5z0SfhhkVA(W_nt?}U<&}1p877v_eXvK
z2ZAllXvpI9#q#uta;5Q<3mncjeb+89YaJI84zz)rN%!!Qu^w%IKgeGrA-U8*SHN{Z
zq1-n>;|s4Z35<e`G*Lx;N_^e6Da|LgfrX~(BQY8W*VVKl?0#tDBIVJe+11$UjY%bI
zdv6tTy)081VQFFgU>dPprYI^uRdF=?wqQ)3&o1dnLnCE+f>uIxqOGkO4plPIY1>qJ
zuUDvX#WYfAgfX;-vmj3MME?jgjUaz=v7k_SYx|M52m&lqmbDF8q@WQ|A1<1bh>Nbb
zWo=nw_Di@yaZi~Qus1eT4;GYRatLap%27>L^e*;MipDHi2p-Sr$(^|*)rL}o|0+m_
z=a07F+0$2>c+VP1zfw=rlr!Iw&Q=vYBIJy0<9QsK4No5)GlFt#{W!t}RaE3~+pU7U
zshz7a({3#07?J<k)ZV{HT1CiInngehe#vgp<n@fF|Mcj{ieQy@bKmJn@NTVItmkt4
z(t{8GC&=Zr@QX5!+d&KJIivNoqwgG{iiL1*MQrlxvt;<33GdAhXlcV%O>O#B{JXzu
zPgvVFxY%-K3E#jmL*=qYO-xip1Ta&&M78}o<dw{2)=OZ1eljb@vZ5PLw9IpIH>KAP
zFp<!TXe1=Ps@s&K(u&tixej1C5+)kKMa6wB_VO>~Y>?=RCgY0R;zR{B!~%;3I#gsi
zbYzR=3B73)5=Ha-pf1`@8T44cg<(!=B(zu7Dkc=UZ6X^HfsR{QxfU$3r6%c704LJH
zmk7wCW22>P{ic{ZVv;C{^#)T$HZv=i`n7yHZje1i@bOJe7gb5|0xk?(UY2gM8oLX>
z2$lGsVVp-0p~9TC?dJvP7QmntbM5y8o*@v=X^#&>cx@3`t<~vn)*f$+-D|votIz1g
z!Jv<15yx4v#k+M|)m+h26+b`Id@A#pga}N*AHT#`Qw$K%>_-(@?KHQ#60_(FD_(@A
zm)lWB$AyZt*q1v7C(?<{Z%~9Zj;Jhe<xudy;;go?`S51{y!C8%1>HWFR7ciEJ|hl%
zu=OEDNkvg%2?>4uG-k0@bS0&ju+;n_rswv-<<hOpa5x%gBt88|HC=kTWHMH?!l?DR
zhA)Lb0b1JN7+xJHdYIaYQV32NnXq8yD9h<<i;8NKj>#lqWR8wmn<c2G4N>_9GIQdy
zd_uiDBtbD_|BL$sD3X9u#BUT40wpa_O!0K^{CnP=D@E$B#*anbv4>s3IWXrsKG#0I
zDmR-A9S!<$ts>hFpG`9dYh#0WHeLX_vqHjo^>)ihsp9}^DquARV9L3|4_gL$D!q@N
zYS;`iGbqvve?>=c4B;-Alo{i-`tDr0*04T^o*<X7mAF)c+=95zv>_V@ty6UUs4iLa
zto6TO8(9pw8JNfVfsYo4Y0CSgXWqco#q?FuDk4i_xabH%-=+s-y^e_GfE5qp(QwPt
zkiVi<p{94yNPL^vL^JaHPa5h`apWf1*_$HNbksfFvaR;REDlyJGQ#?j>WZwnT?1>#
z)pX_Q>7V>K<RnxQA#XoARv#0|$aDfX;j+|%miI@qGV!Uy!^-$&U6>lavWc1WuP|x2
z#VHEXGlFF{MOipia-Ql2?GLsn_9?H|4ays5>6XX`pj|HAZI>SRK+Qpf3_n2|6q<a!
zyuQ=DeDUJ1%F@{4zyEpx>UBupL466=b{ub_(5%m6845T#3Nl}R$k;R#K;yGBMU+%9
zSEU81$Z?~ED@)6Sv1J8yPP@Tu$q?)7ri(A%IW(M(W7wDFZ!k7z9gTQ<<146>pkbs8
zDnw`DG9zz%9gZ|+#gBX|miHD94R~LojTl8t`o%?sVWt<zYGrlGZg9dBv$NTjzQezD
zy(^NBgNA9MVlc}FWhFRGqWmK8^SOj`<u^!iDc)v(-ZWaDhZUE4kAN?E*8C!^<8=ge
zr)>LoGhu&K6{BA<5ly0>0!VV|?b<7wOay!>7z;k@`uTU~vgj3|QM)K43E>GN3FOII
zcIaSPbLneps*64n`zB3;)rO6MCeXr6uNpb12c<lXtS|mqqy7g*s|D3ID=VgUYY-;E
z$zD7K1woZ4^3;NY-Keuij~;!eqs0z%S6Iz|qzn!lQcZ-<oa4{U>2xFGiiLXhB?6j+
zhSC?KHbliV?Zs3c{eI~I<mADA#WeIdjv+b=Hc0lI0zP`f`h++*_lr44qCBCYfP~_<
zH}1%A__twsO%GQ@v^2WB`m4?lpLVi3sIxn%@!Xi-<`>FnVGGl+Mz(d&VT6X_D(2@7
z&@j4Y+Ee@~ZNh-2vH`S+3tj}p)uDAVP{jv9rGLj|m>+n8Pai*0h{rJL75z%I8@eCG
zUKao;4alvHF$2H*@6@H3F8oU-0BXO79p6)<cFj)gk<-4w82YkgTCI@;Fhf%rJN@_U
z1@D%zRgDPX4*YlOz@863Lv(kI4HFd=&{on>QFZtV&UPVz*5KM@s=~FHxB|fOy;JYN
z9?PnRsjIfQt(M!leTtP963u4Ew`{MxyDmQ!2?+_{*J$Ggwl*Eswl9Le03w0E9`gh!
zTI(~%TGE1Wt9#qwa<9st34i|II_sVQ?7tAdQ$B1lI&6d|PneMwn<GCxv><N;mF`(8
zlpR&TJh=N@H9mdxz(>0l6*|B-2POUOxrW<G!mzL~pVI$a^qwOUs7%jzK19G~P<Ptq
zt8v(l<8?im$9B8lmI|EJFaAwfKB&EV;QHSEtf#-5;c6j7U#b-iZJ?-E>Sm<@?!3E_
zc(L8>JBSe1;Hw*->^5<=)J?LBbv>3XW`3VU4l=wwh@CTN4Z5sP)5<8RHd=RG4B&Iy
zzTbX>IyM&UDtdXix2b9OYe=E0btOH1%uu6Ym&z9OTHef1f|pwTY62<?&@|ol>tomV
zL7bxLga77}_oh?PVmu?6Ek#u(R+9;xZBz-+2yeFz<ye;eokK$touw!xBcWR;n`<Qs
z`>@nE<D8f>wd1kWt&NZ0+S_hnEaHaK6XBB4TbsdCf*a<r7A>CZQX|z5nWu*v#X?gU
zQnMoGgT|=5=cS~Q%m#+POZ=ved#9(F-G&-L6Q_T&r+d2nPai3V8m|v^-5fb@hf-#=
z4(#{iOAVA#$}S~^FY80QEQ~S5@A0S3&$%tHvQM&9$fVrX)>C=bq2*iC#jRT^cbART
zLdNscHe+u!O$qkfG0W#S=;xL`T6T4EvexqvLE{}04Q{`@wZySP7k_##hWZbEOIn0u
zGMg)^sy^lHG3#z8CbrkKa^fMfwN<g+Z|~Ir|E4*MDAkW>=>e@O(V~iLFqP%*e^9}%
zm|w?9N+5iz$0x0Ll{vX0$F?2;E?&KdW4%Z~X&N|3WqQ^2cCe$xH_3wpL^R$4ko&6C
zU{lLsO<)6AD*rP7;`rGKqk!toMIZO=$XSpCX6)Hd3_<4-0TfLBlgpKC>cMaXvqMdH
z+YRB}I^Di_h}BZGv2)UKmTKxUNCKbp635%S;WLJYb71I2XV72&A(b%2&2-tmm=W;m
zl?Y5PcvvPpy@PRyn($mCCK-PP)L`LD`<4A$bRKD=;U`y<{Fpr(SDP<4H+LkGS{(>4
zu1t5vJ=551h<L5MxNYYTEgztVQSLC(nnplbw|kk$)xsGZs=)+{(-x<p0`z8E?%Ea=
z?E=HK+7qdu0oO9!rF%XpNzMDvrWv^kk7KRglIJ(yPbOHT%&qtPURzZ7W^JB%$MzRo
zHy36mTup)Rb(uDFsIR|ZY+nYQ8D<VjKdkUy-vmk3R9$234s*+TRQ!^H&g|(Dc_5p-
z_U*c7&U&2<eMxUwWUdSQ`%pIvXm75Q>yboMZfXommfLTOFUmGBa4dg`TmpI1@T<3|
zXrb-fH`Q*(+z4-p&Sz9-_@y{+ZZ?V=PLUh~2U;#4Za1iVc-(x6(uQ_O53cX(Hvm{I
zKpTG;NVS!Dh%w9VrsBF5Qw!b1e=v@#`e9+|A-J?-etwWO^bS(HtZ6_)3q4%xjHxOa
zpXu%OB@^z&$Q0k=x>!zGk(+x&mSreed2003yzpYC!9Dg1(`$NLi_Z;H?y1XE5^6Su
zQ`h;vei=NqHk~aO67l$EB{nQ#JK>cxS{}~hE2Y~Wn~pX9ej>wegS^myKue#ClXg!X
z=AqRAf&{Wwxt-Ry`#7h*zrnkl1li_bcB~N=qJ?NG*uxFeo4uN}A#`+EoQyV+=^ez`
z;a&{4U3gRn+bc!1t%AbaK?)_tp=tgg5p4@Mo1xi<gq(1)#44uOtSWFl(|yg6f$6LK
zp~2%D;y8c52Ww~hhp~{-tPbWA{!fPQLDlEQ0H|#i0pCHAnI~g>G;;{*fdfWI_J6oR
zOaY(s>%uI_8>?kS4z7&jM_Cmt!aOj(e1~x^6^En1s$7m;yE8(Y4M?-);V5Dsvpl5I
z4<p=01I~rVwzH>a1&5v+hzgQ)2aHh;?;4wMT`iy3yFzjG)E<U_il-sBB88zr5SSRo
zWa?ofGFHK8Hg#q&60xvF4Tld7N5<dUN39L+`NsPtpu~R?fum%G`!Q%TROc0Z=-3*Y
ziyf368n!!|Cjx-UX7_HsUu{ao%lT_L8Y~TGi>|^sY7b>elz0iUNb~`$iWt@&K|X^r
z)j9-KDBt00(bunk7mm4xfTlt2(%7F%-^uB^Y5X}UK0l`nsW`9pihm8ZctF(by2N-e
z%jYzX&U9E*l?Rx6J7G)vPGm)|GanJ;6<#>)G?!lYI-*h<&ABq1*H@hm5I3Cp)ZHrC
z8oG?rbJwR_Cdn2j0Xd<&aW3gLXAlLzRENZN%QY(-iFw`J7JBAHo>;5_EfG<x?)l-S
z(ss^8|IBFvkDPO|UVpR##Qj$&d+mAqlXJ^i4SGtLn%oGqb1cPVZd&>dJ>t28sEOI%
z#v^UFNSYi)_Ln;hojqDJj@r9Wtq}*SX{+t|>73H}2JuS<bu0DSKydSCa?m|{R(2xk
zz6MK+kKc?>Gj64ds77mZb6EdkgA8I;vwZ!o>aH1YemxTti4mE)Ir%XgbFQH_dR0X$
zaeLv;T~I67czWSEg93;!@S`R~MkM1glQJOtYiktS@?;$iGW_)4htgf6u@^s-+zXD$
zBW$nL_(r!85|3p5>3X1(x0v)r=BOu||E9`rB=^2{5ne-YJjR+sxXq6HeXT34Jm$7r
zqJH-<LVJu=nolzp7wc)UzH`^RN>E7<8OH8qrlHMZ$n7bYv3T2~iYbZclVO{hnI+=n
znxjk!%d1<po5RM0IiB;Ww9UDhj4`f>7=&bJA*?MvXp1DQ#V59+?%F`<Z?iVb<SXN^
z@yr1MJ-bn3wfT;sSg)fCTvjrF$hI>QU)o%cvO^`^)XxH)_hQrek?kCv)7UGxnN~7i
zH={sB`rR#O?9lO1;Og8|?a<dbET;W>$YnqF^Rt~#4_jXhv<8(-?__CV^G;OVG*^@%
z-^Vaqfo|B?DLCf4)IK+rIlfK#;y3Gd*lX(8jNVivx#mdgI(rw@H)=F3?(gwfR!jkk
zH0+<=+8s=v=cvx?W&h70X^l8V$<(%EUQ7H5w9A_^#V&lBNx6GyPoAa;D!G7L#LdkO
z70%G}@VJ3uH0ZVYkRCL!$jqdqp)vWo+!0DDpxFNpnu?BrF*G#v`sesRkgB&C-+LDP
z@Rhz}d#t-?iiu|Hb|H|Yp>@iv9Kelg{}h5Z3;t&Sl+<R9r09b<g{i42xGRAGV+)In
zZVV_VbmAdmTj{`;Z%u?Bh*|C~h}3Pymdx$gXHv#R5d0&sfB*%d|B#@aGqDc@oy3Y9
zvSLq#!`E*Qc1EEeG!-v#(9w0+;tQ=uU6}%+Uf3La+cH<QnvGY`v%AF%0p3M)mzWrH
z?BvIo1<o?=!!)|G$*qq87(W8p*dm~Bug4mGG(IKOyx4~Q{{>M2hWe%dM3E>(Vp`iQ
zAUJpyxN?HwZEk8R82GIs1)QriLkveT^Yxw1K-no#T2<RXokEV@#4K}Yt&0LCIx<2L
zkmi?Fl@ky(R*pR6tUMRQWbm|CEqiVy?5e%&;;Dty2Yq!;S3GmB?*??d(4TSl^XvG3
zrkZK>1_Az7Mf`s!3TJA4fcnhSkzY-eJ<gBqW*^3h`1T53Di!~YH&mn-d6amy@1pp}
z<Vc(hRYBKutR_!pd5j|Vh-wY~b7qkSTba!Atjd%?%0AJe^VXLEE8klPX&6<jtdk>2
zpG%EJVefOzq@x|lW9G)!>fX}6c02Vb?EGJ`Sm+-xmc3``m1pvNR~y=k!kLpf%wLq1
zylH<}7v?R8wIe3WfO+cmHbtIBU*!Z0txgdK9bM0|jWt30VeQa*sWKf9dxM5ZeA$P-
zm0m9_!rrD-I{4B;)Ad&mN);n^r0B+RBcn=15~{3MyGqS=nVVMnIFT>e+9BqaZKM3`
zj#-tk&fy(0SU_*#&)q=kB)Ov3{FR!y+dT~C9YHXYxi6uLwXVj34)LHdxgGbZp^t6;
zOYGG`<9zy2h3%u@zZ2>`f;l$g9-oIn{m|tUs>{`b>j%0#seI7p%}oJK#gSo>(M)6_
zf}l9S6H<h<3`t;Yf&lS^sPOuXI%ru+t>6T?bS$_B3%Fvs{z7V_IwXBfMJ5{QB*HS`
zI4O(8Fgijwwqy!5b*H~>aD6>hNY`hVo<C4OuI>K=L`wHqImYvG{pACzOVMs_oHgbq
z|0Y{oh%(b6%cNJ6NDL5(;_zMTcynV|uKPNV%a+rpR8a{{IDR~~<tf{lYR}wYZua-{
z*Qn3;^s6MC(?BC)jbm@Jc?@V5c4t-j@CPu@cB!>zwf(Q{N6HEp@XI*K^HK`Py~)MW
z6cgoe4e5&3><KxA(kMQPM|xLRN7Ztat7;KKDY?1wMJ*#styuV<IbC4P*3=`c&S-ks
zePRQ+vK!BLJGg(B34urCl;`UCkM+pYH(r3e6#p;3jiBAR--Rd1bCDZWip1+xt87im
z#v>`(A#^2lG?n$1Hss@Ta$`7|L18kB{f=^6L5Trfzl218zu)#Gpf|UmLK}_t<qiS5
zzEgM}r3bc8Zo}8q^4s}i)ZHyi1Gx=eKl2)^&qyyQXl*f;X9c=&6%Ii$gz(7p4J!HU
z4S5rLMa_4?VSWcWv_Y(_KIn3RMFj&*+4OL@xTvJ!BQ&(!KG_w#4La`_=ewuadkA_F
z?N+T4rARw1v^>ilfw)A8)_pR={<l;yq;-mnT(745GUSD$$cwA3p3=RQNrT{3e;v71
zzn3&7-2Q&1^u7I>Ra4AHj|xiaY}fYE0vksph&*#kx+WAPJalaAG;Z+`i#Ec97RiGm
zou3DEWSbdhkLpv?+h62W<`ttr%o}pDERhsKDLvG~2GmAt!W+#?gm=5JkdHDQQ88o9
z)HWaB6#~Tqqk82}z!Cci8j{yaQ6BlnCwb~uOo42Co9c1fi`^XyM@@zGo0jEP+b5bO
zv4Y*lu`g*Rk3Vs}@?Xz3r(M-kcEm=m^N_shYFU2#4zcNzKLsU3A!%X3`-VkWNmX7x
zBJ`Us?*7u_*47ESArE7(oKDk0p<{|2_#J2`y!^%Y(Ogtm$z^qPOSXcU<U5r>QH*vw
z`PFpHVtxARU>=3^>H;pQw61`~h`1;e45cCT%<O@cq87YkZ~6qs3@jxj#fh+V|Fozs
z<}~J9uk-;zXz$Mf%L;IYP!T{hXJ@MEx+B8*nX$zWtshyy01gBQa>~!YlcB%6<9Tgo
zJ!yOX56{bCb+^Xt)PFg;qKC?aLk12ng--ugleZAGEjay7pXlc|$gar~6WUNk0<C5B
ze4Y-fu|=pr!q-0Z??I!vVS}vyquarXow34=td}jM?g^kJ@lj4Mmo3y$mQ+*DmuZb;
zLV6XzBM>Y5!}yQ}Q7*#gsgHJ~HMJhI3e`udj~gu1J}AMMDn6n?A3L00&i#3R(~4l5
z<lu-|tgNr+gP}it1b|k$Zgd%?F-I{sKz3J-!U}|1>vJ$%-`}71#?{wU(U|>0A)%kP
zQcPk0PNUng5D5-vg`=sE+sFC6nTc>AWxf+PeJJYe?`H&5!9@<h0Jh`u2hF8odktU*
z^<*#zy8Zg~>oW`rBo#9!N|OKdV5)TeEjRh^kkLPC69`;DgA-Um0md0NCgxHz4DJ2>
z#vr+9`z&{jKY82d?*Q2X&^FWOR-IqYvo*VszcC>=bF3L4@d1K=1s3eTzGe#0szJ*%
zY-}K!sgp{?32X(&0#fst)$;tk|76qm{=VaIX}duh9ZYV-DR+|qOndc*24FDgPj+TD
zH_`8w!99ysBc$(6wv5E+cCKs)i~Vul+9XQQSnzB~-&dyfV;_(`-b?e5&HhiObg#ll
zFZxBbq`R^D@!)7OZ#DJJKrw>Ww1)Mt$B=FU^UCcB;v%xcO~(2!Xj((5hvpaR=$7V%
z_(Tun!pP^?O=@~`I>ZoNQCqjkM`yNHb77Te3SG)fP{UG_c&7~OhuuzG?f*?`KcF#%
zz5Xt_eSQ`yae@$a_3fxiI<{o2a`R9jxBRp=DnHiYwWIZ<E5Tgu=cJ43kM!;nv_vlS
zY<^}lt`);j!=5a(eo-0=+W-{@Q;m(aqGMM>k4|)h2J(hUy6-Qy{!~Tp-6MU!^nh+^
z%#_`pHk$Wh((M@<+B+iUgD>MJ??%|M<Jdg2PKPAyO;7C-Z2}eyDQ>2oFN<fJ?#4qN
z?0-2lRZxc5aXKm1>$HB{^3PPPb6JW>)KtEJ1`Z)NX#=PK#w;Vc-p;rvL)OSNyC%~o
zRxX|oI^X*4onW%Pg0WH{f`Wq~<EOVDP?}_)VT;YB*r0p->n5pL0o9SW(p}}}Y)YDc
zj^>PpzO|p$jEzI<BI5)KPmS<?=LURVW|2m~cBleHvx{#}dBb$$D`B%eglMbm5HVVq
zyUVqV*-A;PHA2=V=E~2yrKvXOK1%)hbCCN@RdNp^UJ>fcKht4;=atR<(SZ|+%&T<0
z&aV{vJiX0_etzm&<`-+;&8PJWS3h}9nu6K+X_Rp)-2u}A8v0c~I7S?g)5MOK!=e_<
zyLV7JrkP~nmc4rp^&+l>Zpx)*GzW)`5h(<~7kHC-Y?wOs+H03yjAetr6lWV-ZZtVJ
zW1;i&b6uqOACB2GiY9#%{~|0#X{;y-gLU<}t>4Zv#>ZYq`+n-%nYh`)O4DzsZLBQS
z%+R>HV%eBjB<zvZW;#GMWbZ@W;GB%O-B?v9DaJ+}>OF==qCymj6>7_FQuIRg590{E
z)!tV0n`zoB*YDTm#on*up3T!N(;uXyrSKQtT6|K;DYO{G(DUa^uK6)ON$cG5fNr+!
z^pQwGaiQ~Axlg@w9C3g6B}P$f_d<7)@r-F83TYgd=|$}e7&@(?k8Juf-N2V+Ck#W0
z{?AAd3?{1i-93Yf*~`gROX>qz&xGr!bEIqrSv1aEjjqyWW~6;?!!}0uZl}i<CGFt&
zk6$w5-_!gH2*ju`j)^VLOb}isCVaVyKFF=R+)0!OcJ5xG@IAwjP`*$%D1PlH>EF8Y
zdg{bYqBERXiJ`N0)EB{uQalcS@z3gp?!A}iaIWngBcDz{L;T)C62_Eyofl+e<)gpJ
z`|<^*(1{#d`z-rhvU7H9rnO-W)n_lA_12#v;_&9jvfA3w8Frl2j=1$_^Hz-Bk0c`H
z`mKzI$Qi<<x-^-oU7v+E-zW^>Fg9EdOnwp862%=}77|8Oy_)`Xg}qo~NyK0m07Z0`
zXkAOVT`{>|_D#aI55$NKI=q}<VYg0;#f-BvH-aAPM9*ssi-eA^^1kMdAz4iY8SW$h
zp~}Eg!|NI54T7f8o0J7@{+<b@a9z3bRPege6c{NfCx%Xn$;9zvuBR6Z$(=0QlQ%X{
z!{vq~KJQ!%f4_WqVST=0428l{<s?F`$~S3v`}5sb3fp>wyGP!@;jnjZlhf^v?t4Gj
z-6LK&9j5KKSHolbd21uo4I4Pi9VD6?c4OrW>WkIBif?dCEvHi7z~OTQ8m=5vj4B=N
zeeSs&L1uLlQx5!>C!Wsn3Z3lxQTK&nep>4N7qy0pC<OZ7b8AR(-uq+HMtu)4yKsus
zwa~Q5>M<~$JZ{~{06e(BC^ULeY;3c0m>f4dXUjn8x~_y=mbUxG-r}RDoyPq30js3m
zpHwfM4f)@-GNXky%a)~&tRbngTs1$Zq*KLJEm{s&V7c7)lE#~WLf8qND(t6I_20l5
ztnVGWnS#!tFFjbYrNx8gH0pTeo>1f{^C_S17x})Pb8&i$OB?F%#S23lh@5%*I!y5K
zRJ~Ea^}FIV_0}jxzDP!8x3j>juCEoE;N(H)@Whh+@U%p$u|lZ1;g1C*6Bl6R{F@{5
z5}`uBrQe{&5#HGrLd+Q6S-{<7&T4ZXTjm>AiTcs`<hFfC#L01(k;&FKtU}&Wr#SvQ
zj#j#TZj$qDM0isMm8NQJ99?Q%b1+OvPn@&(qGE)%&`=l}qw#p(IW0Apcd5eQFX-8I
zKCqtO9t>@!{wkmTFG?5mzjC^k3dI$EP7(7PCEZSZPy5Xy!#~?1=BIPo7zn}{d*)N<
zWN|{%+|EC>@SE~=s8HC8gP}3e3$38<zMQs;daxM2YSGi+m`b%4G&+-;?0lOiM-|Vp
zejaJND7;tlq|zDCrvCZ7R|fj`X{gE;6x4rNRnF{qI`}sKIOJ)!mdt$3!ZPfO_54Y2
zxy1}VF|iaJ$Z<cp;s&(=aSLj#nWbgOKl0ovUGgR>FmynQ2kd5^00f(pdFlMIP?`)Z
z6zROY6v#PRrY{s1mIEoGGsbo_iMW3b){~Idkw994Y_4(-2`}8C4V%fIdtIN^81y61
zj@$*4JVMC!O$a{=>2^tZ*ieey!GIrRa`&NI$N37U_+AGfRsnLN%%SzwRZ8qYa`b1v
z6><Cj5UO@}iGg?u4-XIX$XzKK+5d6v{zo7=LZ|-2FB9o&d{8;Ve1NldwCo#&`bf$b
zDpyG8P!6}YUB^Oe#g2@YJA10MD)!%)Rv$g_l)+~4SgP<6umi>+<^8_4%!p6?O{U4|
z!5XxO(CL^%aE$ToRr??g<ZuoI#U-Vi`#%M1aHFb@;$*J2S{+4`WtrhEu{Rf^yQ6it
zDq;x2X4CyiF6XF>4DyhA1JT|4sMP=ez}>P&1>7yM@uMp<4Vl*Z$k!`O@Rkv!h@sR$
zmbT(TyYzz62~mQ_nb=sHCAzWhlVscea1)E~4C9rrE2>1)MmobIm)0kB+zsR*Q|ki9
zC)i`E>GU)fYfF9~F`_pE4_CjJJ@#)c{j2iOYh+R%Sxa5L+6_hE*xUd7%BMWYxc=s;
z&mPBPlyI#%5|W8d_a8Gwv-A=q#t+V4DV<=QX~bDioSE!YH}c=~quD>Qm*>9;pH_+#
z4v>3tp>b&@ygbx>n{>SYBXc3k8d|;%OqTPgQt6$YR{=3H)lMrfLYeh#NS$kl$${kQ
z<D2&dWG~*5ym^c)dSBuPvV0I12yc~}@l6s;%93Ofcr_=BxPq})MJg0ji--az135|r
zU28v=E-<}R-G3naUSWWSv+--whp+d^J6=3^<{bWaAF&L)g?qLkd8F*3eizz3S!z?|
z+jK0N+ZcYCDO7tKy_Xz~oIAnmIw*8ubm_10>-s#ybRxNykUd`;vbL$bNZP-9VU4=)
zaWm4>y|n@5q(~VMqUf+I%E|zC><`x|Q<b0q4YsfY1v7_^cjx8?2KMXS`JRcq|AFXD
zjLq&_C`zx+O%o=S0X1FoJGJNs{Up??<>0lt-QV_b8zj^sz^j<4u;N6EWcy6RQ_>wW
z_ucYBXZGMVr)W_&87tp$w5tBtV0##{wP{&k$@A5Yv+9pd`qMVXKN$F8X;g)<h$a`_
zlw}V!g+VcOTI57!Cui0+&OU{;j%L?$6Ky(b{OumW^=ua0HPCW2in&Xs)yH1L?Zn7S
z&S{bNu}@kGB=$W_KRiT3Mj~3w=T0{ysFu|{Wf-}RaG)`o-T4)K?bk*hx5`Vg&GMS{
z;)kgJR&EsG1?O}Ol7WsYzIcnH-PY>f&}wqRbE#|<f*+JH8-hK>LC=}y;lfuaE3R#S
zLgx^m-+>(FPP=r9jLKB=6=@?yf&L}16^tfauVey<r3Z}Q4-n@)&w7IogQgwTak9S=
z%OVQ5nSYTnwn-^p5LaLFfWeqw(PxMfB2ye7A|Eeegtk-ZzaKp4SYHnf4IPTgLk>ra
z9OurZr!#x1!7JQG3A0vC5Y6Gz6cvRvbV#Fu_-A7NM{N|gkKdUNs><$tUOB~RJd_pF
zYc4fE0zU$?Yh|`}b~6Etotc1LLcZ=P4`+H(zU9fh2&<b<Q9$#*c)APe$|``KtP*1d
z>wXvf((A~#mfN^MMA4}SD{^!?s(o04<18oPql!~%Bz{^O;dsPj34`s|E&NV;0RQwu
z`wu4Z)2+zszutn5vW||9KH5hvbwIoy4Ll19HZymZIU;)|$IaYEUo{RbyyCT3V$9}e
z8730VkHK`*y`){=8g7aYCZ4mH8%*3#nF#%tOW<gmN#0N?VE9}vnhHUSuiim*d||P=
z=D64H8eJ;}^BsR+_Y@nn_*l)5TV;w{jlm8@T@)n`!Nf#%HwlYKY9H@ioxazO>}2;G
z4S3YqJz`U-bvv$^vf6J}d=1c6tr2*N8~51*SK&W20C%re9b{al53M>tvAJniz2l4S
z(BRQ^!Q`oM_=_8IzTQ^5ecUf~%T(gIUUT2Vuy?MO8#3s(hne*7;vX(YBJg0#B*){`
zW|Z!~6MQV?$-!(fxP0B&c`0tY&~ygJ#N{krmbP(uh$dscu_Zln5;lb|@AjJB&Ut-a
zWF+j{(sD{hHx@m+m|jW>k$3i`i3I!`t%!u>Q{<ZNR~{4^0{J_!<Z-*LKPKU92&Mwn
zg7I&zoglqYKIxLUhlg!FliP`5j_+r`b7Q=9WCVnShMmc>m(-1>V+H<~r>k={NAg!p
z2>*OMwmf&T1@>d~Yr=i>8RIHyeEe!ZeZ0s$l(dHe8Nc-e%;-QiyGD0O?YzvsQ!UYD
zv7>{-&E?!}z0I<ynwpxhu<)2IxEOS~?$r;U>ua=eWB*lgD;{`hs5;GmT3=&XaCViH
z7T=ZU&IQLg*<1f*3QO?!dlf^>BSG=p$##>@av<FQSrUrJco-*r_T{;4#uO?kCT;jB
zV}@l$5CNynHyZc7$>CN~i`-py*ZdrP^Ci$TSX!T%UW@y3RHqRwS8h!7v>$o~nhohK
zP5Mk+hATL7&h7L}c65vwCXI`^Afb#J<TCYa-0~A1Y)MAr7PHJW^p<^g9(Y&E#?44w
zJ9WS}Qx<2MaTyuVtlK<N<EX`i7Au*)Rq!mC)d$)geDw|o064t{ul0L2_IFN_BO@^F
zXgnr7P2svxtqA&z@zFLLage{CIP1iI;AqYz!sGp2^glecqx-;dV%er<_4~M4d2Vj5
zGTn+52MRm8oP(9syiHX<ljq2o>w9Zwo`UNp6~2A`RFsh{#xl7NuVpri5}o61%J31D
zhzQOaqMtlQ%s-DmwE#wPn$@bpiZ+C$N2rT!HRxz^Ng8Lys*psHCt1=gB93?8$tqeI
zkyz)1{Lf({ZRhjzeDzlrwYkSvDYX)^`YUTCfv84m^wlvTlXC1&{JR3s9Tk_xVx4s=
zvQ$z`DXI^%`1Vg9U%c?F{_4+eeNazg$lr6!7l%u=PEMA(LL1L^n_!<UAr)-X8o!Bs
zera`iM)<LQz5=S1uBn}>a~clQ;1sjSWu{q=PEc#@KE-h;lv<E_j_B{_x0^Y6@M)tw
zDs+mLbhi>^N>+73_{V9Hq|76K*wz@^#DS|)xtyi{?THSu<>>c^C$1hxJ8_>?#$;35
zms-d4P-_g=^KK5y&1Cum3CmmISK5IN#D3Tq1KzGtv!9^TT6$Btww887;oab*=unCM
z{lK=Cu{FPz<|f1KKFQ~+bL5kkM}Jm0suvJ5S60S|XPlfkz-+9n-j_`16vg<JPO6Ey
zaS#N9*R=1{Pt!+P;a{U5Cm&U~Oyk3WuF~yzQ<-BnKf08?*lMm452@GozOpStmGQ04
zgWP`!DMaL!@$j1NuN=7h+sM3;R99^uJUcx(mvc7gTd?O$Eu0O=Ipa(bufAq1`jIf2
z*NgYe^$DQ{*L)kt&0=}~U>hcC|JAtGH~PeqlrHxl!^so@vBf3bYy^^+4JCYD9fM(o
zk(m^}fgHi|ZltxdZx6=4Efa#3OW_h22NjZ0ESb?B%;KN)@V)#%Nk+B)k$ycmbHS;M
zA<1uTHXS}&q;{ZFF|Ek8m6SdsNc>Z9Zq{ysdWQLuoZo0RYRj2->V$~?E+RPc2FmcN
z>gqUg3P4gVQugaGDPv=2#|XWS@&og@q@<*##x<nXM@nvv;``*#*mh4fWIgldZADgP
zHtoZ4__6Qvsdh$uZp|(VbXuGaM@Tx<axe6Ssna+FuR=#tBjR;)nmoTUARh3~4fAhE
z+U_TXIrmgLSFNuLwoy@sjJX|4?=*<K5~*@20KRC^k^XV10S6>+gej{7{iy!l&-|X#
zN?B0w>=(K<mYh#_x*4n*s#1t5ulRE1i&zz;k28c=xhU`?@7zQ)xt{axnLz(d!W8MX
zl@%b?S5;L7hw_A3L4H0t3_PJ0=i1g5U8qPxVq&uP7x(za1)AFzHN(lRMyBQIS%nB8
zni$)Cq_7ehU8Ysb8@4k8UY`W~GBOgI=xKEx>Lq`UHZDkmdq_MfMPt`5yd_c<*+8>n
zd>c`6w}Xc;I!-L?ehH3uA(C~i?U@jLvn`g0#jK0-^B5SZfI2J+?sQ38Cnk~;E610a
zI^!B_ago~G-EX)~{5Dck$|CGv<Nn5y)s2m=Wt(%iddW;(T;Runh6XTCn<`l7TG^N;
zgyEmG@37z=pQydB-l{1JGoBv}Q3;G9)}Xtw&*@5RUw-EmoP)JnfchP^-Kdlhof->G
z!;%FZm}SPPZPGpP9uHj=wYSfQpLn~P2lXz|EitPSF0#9r+Th};2BIvxoh?u7*SxI}
z+E!hp3_XYuYZHRGqKJXLx8UQf(!CRiD6DKhY(S1ve@<N|ZgZ%i=iRs*M%jgZ9?2h!
z;X`yhpxQrugzn#B!~$j(Y+>IiI5^mi?-s9sVC$d-_N8l#5nnnos$@Gg(x}ny@#c8a
zkYKMOOn0C!FNQU9!~irOOm=m-CHLv6&Kn-gx!15?z$4i5p=~<+k`ZEti#xCM*ObYo
zzx~R{O<1v`=TQ>r6}+Q^ZCzQ>tGf7NC@&XSTT@>xMGyN|jo}ruMPXehKL~hEXcc`V
zw@U(?>PtA5Q`^LOlnl{);cv+b|IC~DNZ?}FxO%ANx?Ki1d?*AQKYM#6{(8ZKIzj6a
z7GD`oM(5_P4PE$ZC4Ihv(Q)kLvt~O#BX-Lz`l9D|8aI;ioM9OQnXsvQ?y5pU_24<m
z<OM>NmtPZw`Pj01Tq*lN;{iUi(XaLt8l_bKU&%^KWFC9wY2M@q1f@2|Mw~JpV}IZG
zSR9h<JJ$uK+`rTmaWP~|+P>NCwOGg?W)#Rw(?4w8p@+!WTD==Cm-}DO((3tbVi8p8
z|M*MqPl|l+UJ|`;L2hX&%WrdJfMd^?W{qt8?gTdjT%mwZ&Bn2di~8tQuPghz$XMGM
z;u>0~Nzhh6Uq4-(V$;Ru=IR_ID?9eXCS`yBwYF~#{D6TCiMxwulY~jxg^KT8{0CN8
zDA8>I#O3ns@z(m|w1IKbn888WYF+_v!mj(8&-#~8|7dvsPIh7#ef2Mg^4@fBT2EuK
zYQ8)3(HYiZ+o_=N-qG=Z<G<^6{)Wi<8A*Il+3)Z9=d;K17wY3Z(MF1$eys4$BkAMz
z&k)|B7wj%jaU%K4^YLB|E(_)=KOYWI`3ngN@i|@pc5BI$Oni%ScLr$chlDi(e<0aY
zQq*5q@+vClc>*7NPvXYU!Slf3N`3$gAo^Y$9zF#8iZtcq4#`OGZrEv-*Y1HBMfk|*
zC=9yK9J>YnKdLV@f|?mz?*x8mr+oEmuK`%0Ml6#!WPmXWLL|QAIn+O#gjzcy{U_MW
zIQJM~ORP!6Z1LMaXl<*exry<SKyTE`Ij+QDZCqDN;8&*3phSjVcQR=T3(e}+xkE~w
zP~M}`eNcLguG}BuEBb!sx6#qX@g_YzL=Rk#z{b2;b)FF%jH0A8){b&F+VjqykFaZ{
z@lPaB)n!F^E(zzF8Cfiv*}I!tP)Dmz;*Glk&IakVQF$#oA#a8h%jf)f`#<TE(S1*B
zitWcAd7fr{dNg{NM(a6poMN|}vg0=RX~3w~<Jv_|E_}jlXRMGox!=(avLl0qcY@Li
zi1$_V+2Vtme{pbf@=o0O#NXR11@D9r|K{6Ln1C%1nq~wHR~m~cA|y=^bwb6TF6ief
zLU@w4a6`OD5`+k!<j&tt=LR?TJ{rwlwyXs$+b2RkCJ7l?DbZnzQDJg%aEzO=efsfp
zV8D7coJax)#cUy4TQRY~2{RB^S=reEdo-M<kH8oTr4?mocfMy*&L546!sbi1+}((+
zy(5Qws6VE9mIq!KU&upEj{asvBe#b2p$B6biY(G(4SzYGPabt6#j1)E4TZ^u!+1O7
zL+jc2&d>B=HqSH?6TVfyvJMo-%C;_%OMkbn1_S={^(yrakUk>#5r%NZ%>O~#TZcut
zzHOr}3jq-+5h)!~Qo5NX4ALOopmZZS^rHyUAkr<}-7z52Inv$D07G}|$EB|K{oeii
z_OZWx9Gkxen3<>U`?}Bby3gyptQ9)5Q|20@imp<;PFNZ~uw+D24Fc)|Uj$7sJ(N!T
zyLkpz2+z*qSS(1au!DoHjRQ+Z&q}?FKG^o~L{3tAmX0=qCA~ddmlM+JhUtBkeHMC-
zSnZ!*ygxhq(r>>8=ZMBDJ!)?ZheOl3lStx$USoOa<qA(@iDtp&*`c(&JkJx*;p^`V
zMbIXxbbPbCyu7lqk|Gd?<Wv8;!;#J;m_7^-4~Ie69^WT>(B9mfR#rA>$<1*eG>*Eu
zL<4Tl&O4{_yj8y@%Z{?3!_Dp_#2z^7Z#I3yPAe@ft*ktXT`hK?IUkhHNK*yeUUwd)
zdnt6bABWB<iJoo#SUPA8la3i`wP0;GBI*m<wK(ogE}Qq2wD9*cdoGzs9!(LGa3~oQ
zV}49?J%^WE!6+k>xfm$kniZ8DrPjuJYBbdF{gUbgM`ND~cp)~!otd*xD!sQWns$=u
zWt66x6-Dn>1U28<U0m90nf(i>yh2+VloTWzK*jY)s}iU8q<y&&O1w=gWk-Eom$kHu
z7me~WnnTy``GqCm=H00$)5H#j1F<dr7P#p>dwofx&`!cafynmcNLvQ89s&Tfh!({B
z$p(j)$Fq|hstl1EV80a5Ee8#{gN+u=9)p8&V!~WcY)r`4i1SG=U|e=t^YNpoxVW!s
z9>Vo7SD68%UQqBWO4N^NL9k)U3Hk7A4zv1-gVj!3ThpM0*=ou+?3T&Ny3EX#@gOS(
zZDIW#a|k3UaER5x(fop5xPR|p%OoT#>yfH*#Fb)Kd62#Ye8qXWgEulr9#+a%hqd}}
z*i)3bJsQXxc+SZ+++Y)B*>^ScWsxsuR=bd%nRoCztnvqIJ2pn%msdOf9ik*WR__M3
zn)iinQi<>S`$5NS-buGkZ|t{H$WzssIL6MuX&5Og^Xd4|(KHfjWbfY0%{l*9JZJ}M
zbf6axf2u8$x#`jzm62^igBLrLxrWV!aR%-0(6a?}0FlXwiH7s-I{1uBR#_PbH+PgD
z7@Cf!;j=mj*I}@z6?N~nSK+5=xD`))FX;9RfA{VomJbLAe)=o9o-Z*$O2;k1Y6y8W
z&96W%C<%t>jm^#a$?fku0nSl+H#|*8Db#gj?(Bw1ONp~2k(1;EkPR!w$iR94D=vo$
zq9BY=zl*4JmO`Bdr^DSJTVeVPl1ZF&-K;FunqL_lsEZsVv12=iJc@O1&P_YPug~OF
ze`XJ+YMn_Zee$;wnTh#5;9<8=f04Q&yLrF%^~sGZ+P_SMOPK_W;Nk6lOl=NBxR%y(
zSDD+`G`b#|YidsP#Byxe7YzUd1GOea+kw5txc_7h%s8JU%8g!D`9p_(Em;H35lWqw
zH>%Lx`#maTtd@^!c+EP=jACq>cR6tG$95Pf$Dmoy2f^9#<cL{;<vQhqpSHXBr{|-z
zzDXJlf_Wdz0Y2Sz(yF(oWJZQhFBR3_LKZ@mLuwNm8o_vq1GFoJ>TyrIt<??jtUob#
zJT{x)A<LIFv@hmP*D5C&3Kcir`dFnx7fe#N_BYO~fayr-i8?yIhL=geZK3u$;_;`F
z)nav~C?U7j7d_LS7J?K-?PgyR6BGFpx4R-4T@f?p6;49nBU=-8{1p@Ce2(Zjij$fz
z?g)nHc><@)GeoaK$i^2t_mA#8#;X!!x3)4hEyW0B#kqfAk^Li%-fs7(qM~~>NQPEe
z?@8@^JTHldK@rOXt$4xbcAa|%i=EvjS?%JVGF^90SUz~Bt?d~lI?LJFbuLsZoOiTR
zy(`8}My?V}8+7KY4@-OSmvQgqST4vdy|JpqYUT%w$~s;>aLh3@bDhiN$|_~OuN6TK
zm6xG)94N)6O^`Y%KZqd(3qL@Qx8v<;Ej>LXc$u1bVShgbX*f9ObcBk>Ey1c#2>avv
zj{;k-CLR7E=n}tN8ox>3!pv8j2E7EcWMb{m{9uK+%YH9U9n{5G??xz}FAEY_U#^j<
z5E6GpIR#z<p1I7>>{>OgJ<*&?5wgl<;&Y<`+{URHIknH4{E(a-0;q7T)Rl$i^F`Fl
zrCrIl^IJj>J2yvby(qWy<=<*aF;X743dj5xGxjyxASZ>Qzm>ARe13WAZu_H{4Q!M`
z#YEx$Wc%VytW0JtP+MD=;RA18+yzO@<mBX*n+_i@FL+JF#Ke#Ra~s))GAJl8hHw3H
zgqZUgAa;ABvUPSz*)Td)J%2Bw8A9w?{%+F(QEAnoE_}@@*WIWET{sC2q|Yk+4p5%2
zAq@91+`?yT$E&y0zb7n}MUm>%Js=lAr$JxgEC>T4KaK~To-O8~dm2wq$dhx)_pjc$
zkJX|V-TL@lF^PzYXL;PjU`m-Xe0EC`;37R59_?a7UNZYe$4-0g?!vzRYMzu_1Clz|
zx8PdvMXZc_LrgYs5LJ&|MUnLouYcR3A4#9DCQ;P*72{L`?8JfwNe>6u94c?P;Z1Q`
z8jw~|5$RVuf?KN2^iTHj7+mXqg%MqC5B6K#uVA|2Gs%~kKlIIn&o8$D_Zo|y7-+~^
zLBZ3VQFJ5naCJ<eSb^2P#&VjLZmi=K_5Fn1^NyD*jC9w#p%+W67q=Sy4xPQT(P`8M
zYMzH$jg=sOTwJY3FK--T$+82e1{=8|5SB~}n=EB`!UZ8vKEl(^@Vx6yocKr~%Pn@a
z33*%ICRm;+CnpEWW5MONVV$V?1=yMa0tsvtfq|=VXQw1XBxuDbjQy*X^PC1M@OD(N
zUx%aV-x7X|8s%0{+x<=z&?Zu<(bMLzlZR(hheCq5A>>>M@SLMF>qbaj?H=m+bboKV
z?c_M@I!~!pxe1+QBI7nTCB>_9LvxejVfqHea+*C>h<VMizh6e2Ygx(I$#I?Mu=aR9
zvh33?N^u2qzwycy@O0!DbsRf!>AteB$2c}zm`vslirsL1-dO(f@d=9LL)<l=bLC53
z%cER*PmUmIpw|RWcYWxb)Ap2XZ^dRt?+Eoa!=H4Y8FsDC)?WXX++=o??<!daCoGP1
z4{kG_Y@gD^M8@xV1o~BRMYt`WLz#rvIL(4iEj=rmxZcg=ay3#MQPX-0sYtv*n6qf-
zxr{uk-=NqhUIJP0{JWn;r}6P5pGsH-4NKHPqzo`UY6PM3k(kdfiohByuJLAIJiPan
z^4Vx>nQ?C%7kph0X-in9Uk}Qa1*~9(sNA=Wo3*tryG0(IfRGWk#@;F}-9(`_xC~jN
z;{1B73cxOLYDmiSbuXWEegDgn$_cWgI$UD$?mi&0nx>I?4$cU5hf6f?BB3*Y<IK!y
zhPhTxGS4MT@#$34B{3l|aWMbbe*Fp!usP~pzBO2AGG9-}y{@MYQaT&GKD$sKB)vve
z{Y8fF>v7VUb?!7_UEcw0ouBMqo9(zCH%B&Nv#kRAyJ{u}iQJ@NDYZ@e@c2p=Otyr{
z%S+Zwfte6uzsp-&)jHbR+Mxg)!gD+Hdij>Kk<gWYGC0OQV&GD6TgDU>q34=@z6LvK
z6`h}-cN?-B{-U;X%Y$GH7`KFRQX3!M^!Z_F&C)&PVv5ST-nkNNyF#;QnV8Ty&eWG@
z6@dBsz)bAujSicpDL<ZcYJcH`y1^tcAu;hPz58;hss;wYT6PnvoonGHtBw8=j|Ig@
za_1DsEA2H?78b>nM5+%yoo?1!t;(r7o)Ls`QbU~Qz6B-~D)UnxsLkAR^i*VcQO+i7
zV&BCiy227i%8>C|(y@PUQ;DYXo_~x4BgGoyTfI`;DUC=VH^eKNMdcHg8Rxlve{HH4
zcH*EFjMEU%_bzG~ruh~gaNnvRF|jc8U<3-SMSjz)cV@%8Tm`OH!ETUl%BZUpDv%uZ
zfU$AslqUr7D>va>BP4Y*Pi^5D==drE!Ae=6YOPsixX-2tDg7Ml*YSpJDzBu~9a%_(
z9VNHBWal&R>`HOIH;XJ~XU5`~H=)q(!7&h$TLqn)DhQo<Vq1H7p=fGmR-)I^-VPVi
zu6MRoRQz)Jgn<9o(7Z86vQZ{fT%K`yYWYmV;abqH>u-GIhnw-QA=J&SsY=9_6PxyT
zH!7cGPWp@?k>Tw2gYv<ub|FjJkSBKS6zXLDHt&kBdsA#KL#@ij{ptZCraoriqHz*8
zo+#@30sCGM=3%9o4UWBiuG*;2N$_i^ocY<&HHy8p48kGKc+V4!6S9TxD{2)tpfrr1
z)BB3Mbi7_1!;PZrY;xrKt^5)pCH)Ht5n$P(OsDv8W;d|MQ+YgBCC^nbG&J=3Vjo#&
zU4k(Z$O3lX1gS5NX<;Q)W*NYTP>1~!Z|5RMh^6m=6HFPd-%d;i7QNp@e&wUAUz{A5
zoVWju-Pkpq;9%>}LOP>tSyyv7Y(-o;n}7E88Cc;M+UF8_w7)VmR?GUVzGk4fJ)mM+
zp8VrV(J8{JeO4)4?j5y_jP6wvnTE+KS89?Q*wLMg7p%2fAwLI78)ZuGAwI6sx$iJW
z_sPvFqzPf~4>(D=Ll>sjrr>?K%PWnWLOVuZ#MaL9aD~r29@Z%ha@idhQqIe|CxOrh
zGEwickH~wAIgiauPrvq0R^#Ub+wmi-Ed-%DXhMPq8pS#lrKsll;!@5yg1aA#`2L_P
zj1o3p5|9uO5b#_nlarHksxHpgw;gnPytufiO#<sf5xSrtqc$l43N(lZzzS5cZ{O6@
z(?jUa9u}9D4vdagg?|6-$ormHGPL}?1a)qHKIfBQAw{f=j0^|2Pr1mWZ(hXF9+=O5
zkDzb+Ijm6+zhn0e4_DOGoKj>Q0oY9cCfZC=S-EX}iK9Y8f7;(>%EW@juiFY+U?GOE
zu<%&RZ&l}wBuwgJT}M&h2ST8|pa<&Uq-FOPK>@e&vhGUX`%sTSpmpZ^LP_<0ANGc`
z`HNfF6n7f_{Jt|Zck(O0`qO{Lx$xO<iUa<Ftnk$pF$J&U)nfR)JGxKrHw&WvZ6B(#
z`vVhnO`b!c@<vg~FwUJ+u%sMpY=HdZmUF|I=FPuXdqZ&a^S{E(_p49v|8>aT(H6b=
z3yuCfev-v+xCXxdW{-pUOJw?gKe4QcZ~Adshw>)W;Q#*lajq#oFXgc6%}g{2ja=t^
z^hF|LF)~f<m7AZRL|TZnsb;msz=`j=OmaNmv(a-?{jW>?UeCMZKfhLh?}sqH!+H<~
zT$?GpF5Y?hL@RKxEGol{luvX9H@ADcs3(C@xN?4y+%xwh!*1GdlX>u<p_#Y@>Z3{{
z%VebNPM2*j!6aF*(Q<MonQp5}hKvJkpn{F(+BWPj8|z5^KnglY$Y@*9_jY@~?2r8;
z=#$cS8UZJ3ST-}4THNH&R8k7y*xERTDs4Dui5DtI`1`VM?C_qkd@!<Bv`EY>`pj4l
zw%T~RIHEC8MG|CaEu{``=#t1=xvt&|tV%7<@XyIOjh;Ac*~5I?VC*CEjGA3f{(3LV
zN{k=zLzZMiU3s&9InP$t==Xk5M|W>R0;8&J#p#o@q}z+Ys+=z6icAY()~b7gV@20y
zb_}nd+8C#&!KS5IXpA}}XRhrwi`uo1QrAEzr>Wn0)hzLv=<N+J+L@NlSnR2;GHj@9
z-gEBHErV|JsXxZA3Z7Gv&&-+{9~riA$!X^HPExBF_ib_S=AKG*MMKdn76!a>0c*CX
z)dyc5uCwL>1d39D8$Cg<$+$QiJj&Z|rFZ_h33FFx*0@aDPb0tAyX}X@vtO$?<U~H(
zi{&-52*R*Mi~@pF;&Yd$g;mOhIFsDTR`(Mx2I1IUa9N63?aJp`;)cvpLbW;LCf$X1
zvbgW=25=3-Wkv_oh6WvsR`gbk`y9LE`4RyeT921A3sjsomu|~-Gm7hlODO(ra`Hj#
zWR+|JoZTG=L|VFG#7(-?{M;d@;VB(UFE8^IVh=qtDI7Ll!a|of?$O_tQ$_<O>Fsg*
zwqo(A2DYTS_^9tsRKc5a41Ln+O*Aq?B&widy)7+CXVy*fU>&BLTqfujZ3Rx-pW`2#
zfy0OM_#!Wd0^ow!eUuDL(t-y{ksnC&@0|^%ew#c_u+xgmhU9P{dpNnn>po}LaDJ)b
zLcEWl#JGd)?>)n4;%c<DKF)<41YB=~`oaGC_(?PO369JaX7DIsWLKbgi&ER2E3lzN
zv>#IiWkXrGpC5nEqo`HVW@sp|zoH<7r^aSft=&bdUn-{^DRXgX2~gm58npFx%gVE|
zGo+!f7`TXWb?merqtVSYUtEh4wz;2`Wiqshw`^szFd^~J>2DHZ91HbL{%c!Twcaf|
zMZzIX@rW818v;SBNV%HpPTf^CPMylrN^C1F^T#kBx*Ik65a5C9U@VFmnpu_K^U}6a
zo|C)-*(TS)*5Ki8ek;|s_(x2zfUkg|P?s4yl_AF?rIRScm#=$s!MWfXBGUvm_3}@w
zbL{?dZ;Q1aQ4%XCT31<Z_oZ4fZ$9bVaeac6S&iV)w#=sMu>LA)Nzkp;&^Xk!eWlds
zk@e>Vpw|)j+>LhsT~P%t8#`xAA6f}7cxhEWmr`B4`rcvj<6`}zlTEdz>@>c5Tp48s
z=kt-qy6$9gLm@Cgz#t3vsL2c*Il#{Ee*GkeE9cg6+w^z?j#i{$F@D+OW2Wnln9rn_
zmN$pBnhHF%a|#P1I~ojBv<x`-utEIQqoZ}N2LHq8nU0Ov_`cF7)!<l^m`r3;o;Dsw
za(-}hF1Ho^1t<JRgQ?}^A4~cl7-yEaOu7<ZzbI8O<k07B*1nq5R8dW;F8hS}`3@eQ
zuh^rsSIsZ(mL;igi#!UeDA_#NUU<MxV2e-=2r+Pz>c)Zfs#TKzSfhLcl<z9tH4Py&
zGRrr#7OE82F?4CkCc?Y*#9n^8vEw1zax4@*A{B|%gwVXd8&5lIEnUzb<9{EgjyoMG
zQIkqHJzGhx8|k7WZ|Sf8bfGk%CgzW$`HdeuXV#c0?|#I!NY*(eO;@JmPmIkoIbkXW
z$pyRVz+j4KGtoYP?ut#ck<GZbB@L6(qwZrhr0C_K=(LlmV=(9Ik~e$btz2yP<vB!n
zjNX%?@lg%pCz9X4SB)&uxF2jW*eQG0bn<PrxI|>rybZ5J?Fq|H#GAfx!67N%S$rLd
zLTFX9YLd^yDRM3%$b@W{n_f;vH?Tl7YZrRGBbo`0V*D3@^q9vDo{$HB7U3Ifqz`n|
z%*@Q}Y7+cz-nvyc`Z{m8*%udGTToB{>imXLlyBmOKI-SPY&eSw)>p$|XHz|x;`O1{
z_ammtf_0UO@T8UtEg_Hs*EWnp?Bf~j5e)gHe~>{$r=gBKXlhRh_Ps`gXcj!WcU!0d
zU<Q}ZhK2@t*4Mw|p0o9V1oqe<Hkbkzmr5xwkFZ9*J{-sY-u@#+u3Iy~H6zR~4h1*l
zcDZxE8h#YucOXW$N}b5e{V-N*A6GknZ~uYF(I5APIisQItcSu3AI$r`_b0Jv8wcgc
z+P@b6VCI-cPqr}{e~$y=lB0TAEvO6S-y=te_Rd%8f1k#UIk5vl>SDk2q9RFmk6ux(
z`Pw|yY-M@+-*Q1PXju#5O5gj%)xi&KZ#?h)xjvJqne-2mY>pc|iPyj%T{Uo;+|Md4
z-TN1p-C+G9EL&=7!M!EumM;Tjm3)RVkQb35*e66`uqTe%B7@&`!rP!SCO>a%&5Sq!
z+MaA)Cz41;f>#fYN?Km$o0}G!54?FhbY%8&i0(?*SA!q!@tzBqgbRFX*$%Yzj8T=R
z&0fU~dHQDu(|6bxGavOFWfy`&Qs=q&HRXFqTj`#>(u1M}AXkx=KfE=Y2kHP%ea}-R
zMQJnesNJHwuv38y0%`loDAlb|k@9VoRVmdwbZ~vT8c|1|Kq3N5AB~OmwfTd)ZXh=5
zZb#Kf7C6Q=h!lcr#ux8kEfcd@;}>6Qp1++wWuPjEyI$;Koe3C-qRot2(K8<<=%#yf
z5=R7J`F!qh7rN|Dt|VGN0Ec<DfkMfCR8gBtWa8zEpP1z-E04Whp?d4^ibaqseo(T2
zi$@Fxo>D^6zU{~`Ls^>s!c*P1gD1fyWf?*r7cj>K&+m*1nP+MzY2}V64m}*uW0I9o
zpv>dgZ&6(K+Tp@7Nj+<sCFW$9DvDlz90&~a&GjAz>K;QNWh{(bHd-&k+rA%S9%+?H
zq`adsZzwg}M`}b*94yhR)z?^uHR4vS+dOya8K~K3F{X)fT<ab%C=cf#u8uSz_KZ_i
zvV7{Fb^Ki{rR>rr{drtTq1nmj5rbB81xC--$ymVPuIhed1S>G3Gt%}hfv|sZ1PPE+
zKO4|frb~}_G#pEk!fS54c4msJo9yxC&p2fL)G*nSC?JvX0zGrFnArmm>6jb&xzox`
zJXw6HjXtErJ;rke8c@uU7R{BtCZwWt*9X&HdphCmJkeHNBX}BtilNr#N8_ayO*z3Y
z>-A+1$p<SAhz>b*Vo#%MfLQy)Jteu-cuBp_RVQG{?X~VtL{ZClS{riSYQof&OTSuu
zN76rzwNNu_L_QXT7>&K!8%~~+q46x^sB*$#oUxdE{*z%XsjW^Uw?YE&aO?!ElB2-k
z<erWav0dIHnn-iMfWf^GNut>EM}z<ocm2XrWvUiOp}TSy7w{L;skX|B*M~E&glf*k
z@{{APMmL*tm~ne;LcTEslDTVMp*Ge;&L;hlk7sh-iDsD$|L)dg-JEi%h+;$;lahG)
zWOAypzP`Li)m)Zy(S{J+V1>ud%RkeyUi}R8d-{ni6ipr&c6H&8dJtdqCGo{e2jU2A
zR5Jsz%2vU)tFf_d#&*P|2f?q{^<-I}E>C@Z^K3W$C$gxS?f+kZMNsfv+H3DNi!R<s
z;?Qb+Bkj2Y*lYNsUSIU)eNPjU9RY!5n`^6KzO0PA<}~jibq8U+jjEq>+fwq|n$NSX
z_K+b0yfA|yhZ<tMurft}@3oS$f}Gl5padU0;d`X42z)v9>sM(ajVBA3HNixnBxED6
z`qqd$myLyb(SB;o1%Vn3LHkd!)b0}7;)-NZCNYV>AMe2WAckuVzjQSZ%AAFwcB%43
z->k2+V9s&Zy7h7mmr4u1tw1hzcUhl~$tTbW2xSyN^3MPR@z*!$B32$-lO84)_0NJ#
zetrjWjO#frwxsH@{znl%aDt6Y2yln8ahQspS#Q@qXbbEZm@vh=T{DyYEgTCrB~bgQ
z)Y|e>D^2QyR3}-E8tFvqh+2L(J9WhE7LwwXz@6QxkT&+iEVn10<SBWe@5N!k!S{zF
zdY!X2ReRr10is~tY}SeKW0As+A2a4JHkiHUb<C(z%A$Wb>xl3DCvk~`?@^oa-u<nK
zu4%~yse-%bo9u<z?ZVo%N3Xhvy?q1->Skn0_8sk#5c=$8;s^u#advDTiQSc2XvZ@A
zzhpJ66~fYQ*nm4waA2ly-cx($?+4TUxFSzk?$$hPz7h3pAmNfeL$c&*TIWg-f-1q8
zrNze+e>(p-FWx^L1`F!T=9xXd5El3UTxc=r2kvF`w!M-rlD?;b&uYR7De|A6^bt3<
zykhI;a+19v4_Vp0SQ6)%;hp_#Ho|3>=$uZ&K4Mm|1hmpZ5S0}QYbz{-exM$wATr$&
zlDeWA{2}k57AYzysq6Xq3O<O&uZ-lrC&gtC!zrxS=xsA<YgHlV7x|UouzfT`b4|S@
zbz2t&M-UmY@|2tRXtV0)mTNBu#GD#h)hkz+iOy%$d^{3^cFceJH>`vTYl(DV1DMKo
zxvDfoMv*$BrdoMjT?Fuv7k`yLg)9_z=nt7bZhJFA(5=$}0c9tNGdfc*jUk26QvJ4;
z@@6$3vQN7zZ#}uZ6~yh?b)z>dl_@x~r=a~PJCNzv?5Tn`KrvAQ*uQP~K#kS-RMt#?
z+ffKFt)_Y-bRF}~77R9&6zNns2K*gVX{;4DLic^v_ii>}M8&FuLRlmzlu@pj7=(5O
z_EC0eB-kk!&?e=T`H4d2t)%a{kPVEkKfz)8Bcb^(1<gXAATb^u&i@Hc`^i6w5*oBb
z=*h}yZ3hYyO{%QuL8oEfKpii_G^IsdaF!0aO?=+>2YP<k1Zi;Wntm6b-F{jK!s3J1
zRpgpFR5;2^G4=1Xbf+!`gFwbP*H+h3i`H=aQoK{Z1qy0B>H^4!-dfwq2^`kqj4%tf
zdc7FlYsP#o9Lu<*r3S<kI8h{h)~5{#hq&&o_V>XGU{g<Xwg+*YRAb4B2%4+%T43qw
zoQ_6PZ@**Anlov;6zg@hzZ8ZE+s>msPxph4u}BtN?_gMKyzmo0<iXI#@NpfC_NC*I
z7p!m{aMGE{l5`{ZIe9-m@+8Z(quHoojY&LD9iA_EF2*s_4fGR$Ld|lIbrd8ugK<Vi
zf=}>mXe>xk{pV413lBwp4;SZUUI!g8snfY^2f@03e^XbqKoyr#xE=*=&X0_asucn6
z%@lD1a%!^|LC&~<kGF2mK}WW`tvL(lag{~9qK~XA_4g~^AfX&$opQ6koTkc^zwmfa
z<^XJ;y>DM%QhA2&&%nrN#I7+K4ps+Y+_~del%|?@=jKa2K<oE8%+b7+X9a6uD4zTL
zlIINjg4nL~furWg!VqIHY)HG2s;rao%{N4u8Z4capO0?cvgAX@R2(p;ADIk)s5<)Z
zq7ZbpNBCWw<~4I1@Xk}KX$d~zzxbH&QLRztxyPh)tBktR{$S~;QE<y4=FWJni05p=
zuZ<1xOzQoTd~ZJrJ2>R>FDi1$rqzZIV@2k&etcZL!fJnB3jKYuH`cI`&G;hk1vE(e
zE<KJ%<9R%f#@h<6J$6<nDrfRyr5?B+jRV*2z~x_VR(brkbLdqE#C`ZKIv#qySvH;J
z_Ph@9c6gQtI69o?hm?+7*27V4NN(#(x0>}2x(bpjGtDYI0!)0x6{Gz!%NSKNr(P6x
zOm(@9HdmJWvw8VE+w43*<?fuAMUjdl^!nH&d5hU)r@_Wdpz4^y=C@_@-;~aP6ed$<
z&7sOfd%T(Dwvg-%+}xC>ROj_g%+wHm*K#_gF!+n}XZSpDqg-B>(%PKp5E-J3VbIr*
zn3!iOD`gV2;CNAkjmH%kt;_8al*mS9Nq_y<T^n9_YIze(6#}u?@+WYlNE7!%=eHeW
zQ<#IbhD%35)1o22p(C)PxIReZJrO4>fTUm?G-IL;lWJ!aFA6$(h!^&XJo-oZyV3Mr
z+`(939($3(W6;}*Ox#(`=nesX-{^F$iHqw4XSl*i>WwCyCqr~S$i-Hq?&7uSqGQR5
z&AD~^=P?hqzR>Z0#@-=gNK|0^>(hI&gZFT&ys!w6Qn1=UUk;#DdIQHYx``^)Ak96&
zx}sQ@wX=s;A%&}C+Rz})puO|N5TR?wi-NfzK6u|+Rw%*C4BG65MI84&SUJX~s@*Cd
zQS~eguqC0O&!=bRQzPY8X`>xToVo19M7<_aQd?c3Dnyw-&JnP!*WF$p{Zg?nLx7hk
zBS3qBD7|{u<_};Mq<mau=Y{c6iL}uvZTSan+E>V`R>oWAvybdgHR<2#KP~Si&n4;#
z;UJ<#=7^rcGHa7LO65kl*;?%PF_qdvjtsk(KCaKz*iHNO^XzG5ez{fErpYcpWw*UE
z@3rT8Ytrbepa=;K+=ln)uxj~x3JY@u^G5^XhAjY177bKf%&n5hdVcu+X^%fVoC!uk
z`V6I;&j^ijOsy|$?TSA0X>IX#F0Pw7eh~F;&ToxG=`vBq5o%(Xkk7R%bSZcrRxf-y
z^m}Hxj{a|n#{c9QiDIDycwqmD{~gn~Tz52H=?vMqnU|km55EH@p213yvEr2Bak^tG
zflhl8`h9E?(v?M6?H~yW4I%!yR%3|$I0?yk5*qo~wM<9!rK@U%^hr=o5;I*{DMyG)
z17$O7M+bw^Cvha%TjoA~&rR=HHw7RqeKu+RUQjT(<Kz&Xj!WnAgQ}86$W+W;{+_*x
z0y}Vyn<hF52};U6cxTVh=vnr5k_`e`I2U8^MR(`E!v<I<km_+MM(3>;PTq$OuSV9x
zhYgHGEy^Aw<=c~zatx*&!Hk>c?a^(oPE<@(YJ8Ab(Iu#mVRmbS4ENN^J%GSvIKRX`
z>b7P#cHhu2m%5P9I0buXh{15QY+CDuK--u7yazzMP9G%&9?FIp8WtVa=A=PS2NC@!
zDa>V@@4MM#Y|6!@-fYZtFRx2DCfe3{=NwPx4$d9W@l~~PC+41~N>j<^tymW9S*INO
z21{}>E|c<NK}N)h;i)?4)xtsIGR!H+?{quT(1ZZT{Ri@Qq|+tmxeA^o{{K4<3;apM
z{y*hmkzbufDm~2ag`z09lvt3=Di+TJ0`y1LRJY^VL6Nv?7ly{LE!u-(pg`k)@~i(y
zuPDN<^v(1G&eRiQ0lFv#V(%gaUbPI9|HkL;Z<0I|TpJw~G8{SgbR=3PQW;huGAYe9
zk6%HoDop=W@Ua-6`5^jX6@~uRw8ah;6|yaBSPw=f(4-p<Ru`JglFiK`?o*wsmk;&J
zIt}LtVyEu9@;Y8G=&`aC(p4#Vig1HlWGXs<g7(|J=*hvq2fmd&vx7sFMAe$(rO!{c
zt>r8sDe=B_G30EFNBS-*r|aeg{`@kuj9kh?Y)s>0FKTeLSoY()j0uJ>!~K{Kb{tl#
zbgbX{p_jlGA3Qw748ksRlMLf;V)gu{!ewFZDW8W^tjwtvX4#^YwmPwHAzAs2%c1eW
zCrwtH-duW{F9dilA@@k1p=sP4C(Ttyda;QcZS8R3cGzJ=hC^yR{k{3tqLN|+II0Zo
zou^Cfc?A-AEIDaa;_bOp3=9l?D%#dmkXwVQV7uIb9lwW^Y&Cb11(J{7QL_A65$i9`
zoB~8=X^N{qDhCW=#sij#3p~Q#04h_zGGvRSmcO6rWqb3m#e~{+9B0xKd?^3q<FpI2
zGy&x6Mzh{|+3_n36*;jSaUQPjDm2y?QgiNt?i_AhbbnPtYLakB@BO)T?2wl9gg!MH
zEQT&EcW>1~K%T}5dA8TC!as94LiZ%Fl%b2ydOsaD;Wj$-PmY?r&ITxIj4q_L)#+om
z-E4R~@smm_XVLPbSRb_(2*gt03&h*o4)b&MCSE9&lPWp6j(?)$q3P4kQ7k-Nt*ZN|
zf>GkV!?q^HUM4k`W-LQa{*01b0ltZ{K@N>nRx4oC+-^L+QkE}`lWAEk>l|_@^N*Bx
zQaJ}-oU)0kNTf}D0Azygh6-{DeU|6vhbGk>TbE^F4l9#ZCY!kC^3kZJBX8RH>!<s%
z6J5C59odf9;I51QyTRp5tvlo}*hu9k{#R@3{fnc<jc>a%S=3*Yr>ED~9_`g^?i0y2
zdO*9tRJS^A4MS)v@zDj>{;9kE{h&xcSwo}8jJx9(@sasQKyUS0LtRBlr)FdgM}ZfQ
zAhn^lp7fTasM?dBnW#(m1f$=%G}aQ~i>$1t=B)xrcUEzUqG%}2a=O0ZsNTLbQ+Tsu
zg*u#yqRo}q=;7c1RroB1>!iVk)<2na`^zQ~NXl_ntgeQet5fg(K{CZRDu}|juPITv
zuWp3{fXE`3SjOH0-fo2L2Y@kmjRq39(hPT+7`zeWLp`G_t>!xmTz*|yNRhV2UcB_E
z2J@zogVVHzBg(BOpb^us&$5O-rP%w0Ibld@+vfhMVx!Etu-;#3#GjO@DRT5`)<VqQ
z?Cd0XgN&OO^}fQ)o31XUzTU_CqtMjd!M_1jN3kZeQ}v_HpiO@H;d2ga>lx~!h?*a<
z3tsq0JS#f(z59E7*jZhM)()lVb0)Zak!0O@j!F&CkG-_)Lu$%gK|8y}S(*72t6f?W
z{8B`05wfr$<pjt21?|(rhkOcEv+V_+5U@#Qt@dI;QOGM?M1qS~hmW7&g`i7@3KXDZ
zeCskoM8;zL>f-1U&k~ZElbYHmyS)NQ|5V8hxjMARI3kJx@pC^FiwU~d`h|vnhv5r{
z;udSf=8haJ$y3xPgUH1f85UYm{<XH*YUmy=!+J$-e9uQUZQF&vjpL`9UwdTceq4TT
zU#Bpl=(*r+nXk2ltRNRTea%x_0|yZC?%Cb39CtLJWw%aM?hpmNW{F;Bp|p8cwd41~
zrMo1Yye0DiU2IRVTvSrc8iB}a0I8oK#m3@q{N~K-!3XzZD_eT|a<BL)WWb^@J!_@a
z>WvX?7ov99j7cEg`RgkyFePnkKkE2G7Zx@0D)4E?;j24I%1;+&`YV9Xjs_e|EO?F&
zD=gwVbzJR*gY(Mhd>zF}A${+;^t?k?oj9X%pwojd+|Q~{|3dVbn{C+^S=f|o%c@s%
zl%O2_6N|$4H;KYyg*M3JyQ4I!Uk31uUcQw3H_0&hhRUgNgTOL5rz~}Sr!$~_Q*oi@
zJ{g6OV{TCI5un`0X-F<mVnaD;w39t%3J5zU(yx)QQPnb+&FwT`RmL-ElRPsZ@X3j=
zBB8@#XOQ51@!}QVcmJaBb4&|HIWl<ow8R^Yygrr3>Y`L_XR~7uXWAt_GZ$oRZ4;+5
zv;;4jba1H9K_eX0mZpa#`9)Q=&aSohaxzjnpDa)c832~5BQ^O4_(}0hg52N3$5f$a
zov{nebVj0)o=Nq4-I{~EaJb9Z*hVuQ?$xp(2GVGU-pD(sW8(E_%ijI{&CB-A<79rS
zFAtIhqjaTMZhbT`pc2d;4JYtF*;^aCi`uncc4?Q^5F|z_lyu?A@vO+!IAf7wvCCEM
z8qJp|2m_Xby)0u%cpQ-<`Cj3%M5+x#tga)<l-!fdmd>s7_2gQCLV`Nl*(s7HhxY=5
zM~sp>#<b?=dB#2t54ru}Iv#0Ae07<oPy@v~&jr2{X+t1kqhC)4F}7yjRm9cO6myzD
zrOXub0eCbtw8Pc1xym2bf+xY-wqXnbp5x)AacuM+>$tD}ue(NT1y7_GmN&(gxY*q5
zb~=K3p|rJag_v`Az8xY#<4F%VP&idQ_;xfmiw^5%0!ml=?-xAb7!8bJU{<Sv7z=BV
zvZ`23ygo78{>rRRft2@jSPZtuk2Thz8pX^iImD|Jm*}bgoCM%bFSG40u}vrKi1(cB
z2TLkYJhQoGNf$rFV{0VsN7OpE1mW7mi?$vCZmr2S7E5@CSIKF9ex@_Y;>Qy^#<!4#
zaTL$WX3!*g;Y|9fRfv9niARTZL`P?aI7f>n5u<TSSMJDu4o{w1H!cgER--(5?~BUA
zkg7Jwf?J5^IdDWfEp3DQolZYW9%e&h8ERW*jF@)praZ2LhSn)82<vau<0;jtJ?fs-
zr3cO{kE#&UY(ibX@BEo+W5b3YF@E-va)A^>7eifPf2C?<B;9uY+na_jVJ&aNTC@9K
z1U2Q;Mb&*4Gqhq7K-5)#?15>sMy4)~B@Ni!0u=TmtuQ#xFdkc7MEn&;C8qI&F;**d
zOMzHpd+_hnd)I>H2G=X!-EW2EjfIzM_!I<<t0%Z{>%rajEc|9UbDXrygWF^bO~)#p
zdA#Z(5?a5i+}g?QLAmNnx7@^wUhY|zBJ_M2H_$SLa)rDC*HX$s0;~ytzxHPyiG}^|
zW`SOxxyaTdOziz^0i_uyldzl(?K?J>&Nh=Jw|)bM)c+UTX#Xd>XakqWMN!^9HU*v1
zCu_i@%2M_{`*8aSe|z+!|DK$2S7jM+cYi9x>q8{CE4xf88(cN)pjXac&y``?=Emo`
z(Dm_SC98)HtlXhB9`m^`-6k7ByCfT%`z4Gb%pGNJ|Glr7K(VLARuLwDB{&i5=Ouzz
z?`{r{r%Tej<fk=!iEep@_5jB02OfbE?aSG#AJ_g5dZUmhWf%S-zn|}qs{f?nX>??I
zV`WtUb`{dSzA>0iL8#=Y&`!EA-%0}+ST&a8U6`(5L0cchxdy*xfEy9unGJIYXX{lT
zucShq_x?wD6!0JGqkfk-eJk5}N^--^waJw8NaA@!RMfy0NiLW+JbBDNWTp|QRK$s|
zV1F6XLtFIzuj4*lys(C~rG)gd*1HgUi>nWTDxNbhJ9Pg;(&fM9T!8=YNtX@G*55+}
zRP6+>zWp!V%{LvPjN6X}rzU*s8veZHTV9$xfjXFHARVAXjz0%XR=siA2}%J{Yw7~d
zjcRC;D%9}jmfPGla^|v~M`h-65%3*YI-pDW8<VtLfgYRap!l!eN>#`Z$sMjT8OYir
zlyID?jjYOx6ApfFdVQ+Nr>@8^d~aTU5W{$EJRed%>z3k|FzNMb!&sBVTdI2<w@Xsf
zwE;+HPKlt@mmb`6y=v}sEClQm;c~Zd&-ZEz1+`AMjEL>OTCPk_LIW)MdV1?7E9P5H
zS$OxRE=i+2UB-{8_!Vk)wi|7PPK93m3BK>`4;CoY+qYP^F4p3bueKv?M`;tTj=(Lu
zNvJkcZy8c5btI~-<m>+BA1%QTI0cK#9%x`ME42+E&i;JSo2MIy8;r{B!?ZJpFyj$*
zNU8!K)Gg<5C^wv$FxPE6gY{}yBoIB@uy#0UU09&4saSK4QVJ&I@Z3u`N$%*9dWuCp
zdvPABwlz;m@T#XbWU>s}dE}cMEL4mx(dh!15+Rd^$9kJzRwXUql-6eHC#2|epcQTR
z#n0=U2kq{O>IZxlN{xfVBS)uC0<2$dWJJ2g#2-)LIhp&NpE(pq()K2v3T#Pe82V~n
zW1T1UV#IwcvE9s1zTEz6SslV}YgllZ9CGWT3Vfix29)f5x;tqp<VKc!t}*yFJz)m1
ze{@rS7oiY0r1@D`^A>=b$jNx?Sm(v1{!K2)MU!67kA8lh#~0Mw<4S=eeGOqD%pT^m
zRaMB#lgO~raB)?^^Leb}Q0`@#?dPZM0R*uYBc-u)myEg-r|2K))&@Kj{31xym9WN$
zdgY>%TkCfI_$GyX(*w<eI=6jAd8^CIqt^P(HncJ`a1cm2Qv+P}hm{gswaQ-_w2sv!
zCr&wTS6^l%*3ltn%H{Y1j*HZ{pF5wAG(unK!#km52ZM(e0H^9isaqtfq>-%F#Vj-5
z(xfRQMy%+9mNjy=ey`c8U=Mx%_=BGx$jZ*@ZdX%t827B9e|!18*+I3^c<=H+ZI5xg
z8^#npfj8?>q1TRz{9J(^1H4A&B8JI$p)9>=L)04dCtH|LVjm8kSYi9baYy%0t&Znl
z!Z5qU_S>y5rH@mLpcnl*;YP3sL6@nDg6p#*!*|EmWE5`Fx-;q|VV2fc5slk?2jqd|
z7S$f<L4KbYaWt;AicxE2;RgJ29xkTc{w0BXK%_wiET>ECjE!SfxcvG<LjFa)>_EE0
zKxNy+BMmPmXZ9h9Cf2LfwK1)|y|xE5Ph#P-;P+myuv1dNva_>ez((96DQjqvIS5!a
zCMI_0w?*TPH4DV!HwrHZ!(*F`SBhan&L{D`G)WiBY=B-IA9pIU3gZa$0IdPS*$j$E
z*uFr?$)txS4y-H$1?tm2GI0rOxc2?PWFwD%E9t++*`L!)XKHA!-#$Js2@MKf_mpJn
z^z%yDp&`F>_j#s4&Kr@7j=m$qn*3cT^Gm4>XOBH)1Ca|{0c4kA_^Vync7LymD<Yc6
zI$Yl`O5!q7_weud%XzqYefiW5I6BD6lAR_d5g$+|=mwMdoABKT0^K9_mO49rSHXTQ
zI@Ekm#57sR;$PL6)A<D-k0z8Heyy`e)*X5k54oA&e4bP~YIM1sQ~`D{tnetmKuY`5
zb9*XVb~nmD%)rOHa~jq5S`m57OJ%Kmlf1}^7UcSgrl*yM4#zA&^K#l+$Ncp}ok5Lx
z;KasYQJm&sA~pZ`L2@`J*9X6etNrAtrJ-~Vw>LB`G|84{@_y_YFj&(>rp@v$)p`em
zMQas&`gC`T$_O@Fdwtda01`mTl@M~B<uCCH){<;qTW^A4A}uRRlX`S?bj5O;MZe?o
zvz(k9E-tR0PFVlwzrM=jtQUMRgeI}`9O(rXxK&c{dRAAi>tP7%omE14`4VYT#~zzo
z@wxLp79=rGj|szMgIUc|WWU>l%07dvkJaZ7QeI~4?T5qY8Z?##-7&RNx~=PtdgjT&
zud+^iJtz*$AC)H!(l|~fSj5e0FOR#<oy==q?aMO)#El;6QCw^ZMGD;t?RpKT+(SoO
zA3XAoTBh8UT8_}rC&2zrbDq?NuP9;uVbMDZxxOdKBv@RZ^bIlDNfe4l8qF=3D?W8U
zo~+K(ZytS#wX1clSaUtaK37NZ_V0Bx@|Vo>#(hsjmG_IcQ)SX7MILUmxyu+=({}ul
z!az`OoWd9AvsgdHNc+N5{q@DdHZ^O&X#|?&wt=+y!s)VET~{hzuh9)iLpxmOh;a+{
zmS*+vWFE7@_wJ34vXur-TPcUE;54q*WL?$AER@>4GHgpq9kbS1!tSZMD}7aCetJId
zT3TuxwG@ha%%|#UWjb5$hI+D0wHH*y44f$}**`|CoyIn)TnnIQ5}U?a@-;x=+R2BY
zwSJ7Y*sHzmp(=wfzM<887MspI*XW1A$btNvL&58T+KiNHQj^O!=1ePZ4sRMlelH{s
zB?lbK!6phlJu;9ub|Wc6+>k|DS^oWs_rt@(pf^}>aP$k=4aGaxhcv8pfboI)b3BE`
z!bap&%0)Y)(kq>vxVC2T2XyJi4=ANz%H6$gOC6#p>$=ma-ZEDQa6LE)^PNF#t)Mkd
zRG9eqYI1WKgoF@z%Ym#7Z#1||aocTocXy|SnN?I&z=IJ#u1QVR2QAAGx-SkA8!whw
z_g8vRXog?s`m`3%=KSkxpK}Vhx22W-T0=w9giaYz>AmB|+iNwY`FgLn3g)oT5f2oR
z3b^$63^GE@r}mLPBOd4S_&#w?0*x1=Fd8@ibs`v|u)<7Sn1#DH*?zw#mgjn}3dzSv
z>ZaS|)N(qhcfH#!t-0xBh_WwoXFB-NknwJ%=R0$|TP?66y}AJ1CJ@{0hF+aj^--nL
zd#*Dj*zfl?x*N^5qDNf{=mQpZfs5^$0->q-laX1Ws>6;uEP|BR0*%6Xexb>AHSa7!
zk!#7wUX6=TikTxZ<wr;;l7mkR0Cay{B^dO3ZJyO@@4B?b>g6+>w@zo#bBFYHR`xcY
z06af}5gsdLSD~`UlqXT?i*%vDqJK}IvF?l44u%lNNj;AW2Gk)=kqPx3RDB)=Ph;-b
z&Oq?0^$u$QweCV~GgUH0wo-C@jWSS<FxwdVF<W`+c$@*RqgKCMZ>r@~AmrHAsY!U{
zw-6>Tjj~hQcDCGWwHbG0Rv5I7XIyRopy>&2vRzhiMhcBfg+A#TNg*9)&(z1Bllr3;
z{3u65<bGn!*S@^ZuYcjlzk#}h8+o7>Ejmvkac6S?6X}^Holdo%)X@$4xC9&VAi8zy
zNfY$Yz+H#~jJ7G0)+|8ZA(cL0AR^y4$z|`WGND*W-+3GRc~aW5FCm=(yYOX<tG9$c
zuZbCdwe@(w*6_1bJf;0)-3WnCaYsd3N1yWesUt&bw%EFr(WFKnzFmo1K5qmp&0DxF
zR3<A&Wj$6DTu+x9$*Ye`P<|cfdtQgV1|byrN$&0CqUWGcoN_isKi|!z)o(d;7*Slv
z@HZ>;%U+L#hDx_;b*?CovSPgMc*@$~ti?aP<=L#ynnz`(-!>gcA#016w%zJVxI|O*
zy4rcs2Q)E68~LD2=?T9WPo4J+R%LXXeoy2R*BjeT_JE5!kCdMW7h>DsAkHU93v*W<
z(#Ro>W9e+9p-NQ}gr2KmMPdpUtKIujaYfQtT)uH4W^gEi9uCN?lBBqvTND)ts1svJ
z7S)}{(xLk#%qJSH$KwXlQeNBJ>yM;$6HoJcfp?=U{~dWo3)}jDv6Sfh-x(l<Id+pb
zIOI=ol&apm+whYi)Lcxgi@r41m0TIh(crMNvny@uXj!BzDCU_xoj6OtQ&y{Osa{C?
zvOMauPXaX6nYVt}G(trOr(_Cs2eDo=?^m!{=*=X81#PAGb4#JM=59x5%HHwQ?I4xV
z(t!@;mARwD2!qa^h?O7VENIbK4R%OwQPh)BL~=N+X`tw;O5}K=h*o*rAI3Ils!@Ht
zenzLptQ^6t6&}-QZl#K^GL8l&9Op*PLkrba03nNE{^^(>Nuv}Vljm{Eo|XCke4Gr9
zP=F`0$r6f9G!{~y<T+Z{hi`PLB2LW?3(QDh0X?X=tz?R8m5F<xfosocQ3!Us$Jqp8
zQi<v4aFk{^QX`19KECE?=71yAzZRLd5yLvHo$QRVkT;>>+R`xAE(zA*gSfB!049i~
z=w};*O<;pfDxoYT^6FJPYp-lp(vFNqJH5{J>P8zbCHfGDM?`gW>LZ9Kyou|$-A>v+
z&iC(4-;-gb%9$8`>0r@5+^$bkA#2|nujx8j@unLQWM*Exsok4~4XQ1keaR#z;%JUm
zb~zq(_uT39LHYZEmU)(d<6(bp#P}ynMTK-s+;KHL|8r!oyO*1`K*l&DyI7d95uNY~
zgGB<HfFxlCf$`L5`cG<fPS#zHnc&oJZP}z@4V_e4(NxoMEQUOcdq|jf<etRs<}bn!
zFhC+7(eo5*d$an;)X}3WW<Hf3KN#7Ue~Q>`>@r^JX*g^Wpz{VW$P%OQv-ueUo+rwG
zU8ESE`RHG!*C9hF#zu1<LXtPK4Q(i<T80EfN+C7p>F(yFJ!7*!3W6yR64=CqRp#eQ
z)vHiLc2Al<_Hs~k$>E8yvF(S9`?I=+G6Z$&W;0B#YpOZEyS`dk*`)1ny#C6$>H}VC
zL@B)I^~DvtDh2SH>K^dlR)6UDJxo$(Jl=-OB6=!L`0XdB@AtR1HUrO&k2z;va?Zb;
zB&`a03Ng>M_!9CEbqv=H=eAj&#2#!m*+{3_Aa6uVIeR&Z#}m|z3?%v+#vQq<>r#GZ
z8K?p8bZ;+uOOPEU7bfw9bh4yVxrIv~mhQOJECyuC`onwTxfVl670r__r3gRb3B`w~
z`YIBJjXDKIv!j;b*4YaT3|+HsD<5zvF9y5I#1jN!H+oP%VqL``0l{m8@lUM^ZSY}i
z^|{4`g|YYq`T{f7)qM1yBp6<W%y7j>M9@=cnz&cGf3FuXHbj!j>mi11D{IPZs=V+2
z!C#Hqa_<ihNA>g$+#bGtmzSHnQP<QQCMhMgwh#WX=mpY%XkaC7Pe)IZXg@tRLSz3!
zo%x6trgGWalJ$KTG*j<=y@)pBk;V$MYx2-C|G$o<eYQ7;i%Me;Lv)7WOcH5DWPy5E
zLRWH?5nzuOdM6J9Bl}hiq5zC*;2`Uc84N~v^6da6OQ}5F^lIoC4VI5r;&Zvt<ffu7
zsM^$S-%Ts5J5!_$SQ*|en48{lI?Lh}nqnNsBMVgnQ4@sZqYMLz8x}WHV?=tFS&6p0
zDus%4UKof7nOx@TCPa!5X6LBMyoSNV$a!Sr!^SUsaUaa=N*L>V)YL(2fwp=-ojE0T
z6Z)&-w}V$bE|yrsYL+K+c|9(%iVD=`D^8K4Mo1~lO}kM;a}F^(-*Xcw9*^QI7W-FH
z`>T|j=6&w4vzj#H@AYb{y;ApwEnOKO>PyNPjQ>DUl5q-tk<{DD%}x=JApF?-!B{b!
z8sBH*R<EL%)I#j9!~}5TJ>$FphWh&YI*5)u;`F|~|C}^)iGA)WE&hsQeO@i#YUixW
zt710ct9O6w_@`MR!RM;{Ioa7=XA2%^Uy0lf7T2rH+iVYY=c0G^Q&)5KG*7>|L!=BT
zxo3s>qbNLcH!_IP=P#%uGtH9O<?%(u=~NnpuVd9$2Q>U)utPv#7Rvh^onxDr^J6W3
z&$HnO7mY>|)~VvOg(M4mF7KUoCj)#LY0odjH*vs*?@1MN4Y*498Cb0+W3{!l^AoAQ
zdHI1WMRaBh-Y%iD!Yq{yi<(*UtIg0UJ!Uy6=@?J>8Q&4FQ;Q769LV|0eP;#29OLUI
z@8ngS&=~Du7eHy13OTK>bNcP#p(MfhtY9<`i=FULb^R)Z@Y&hk`3Qx8B<A9nKoZ9+
zyP&p~$aJ5{ww9Ls^LaXDJQkM=o22ft2Hh9e$BH=)-^r0ep3Q4NgsR+6&Tiq>M?+*~
zl!7eyT{-EEuUB%k@)^-}tP$A~(qzm5sq_@?WpjruYQU_^yPI1YF0+{=a+BoGbuc^*
zes{vW!5f&4G6j2W#Ky+LIE}g@Iw;86W#c&4rAF`E>Lu25Zz?tMsG|A@ZvKO6gLQ&I
z%t@Topr)V@78yCLrg9X&VuvbAMwSWjruf?HA&e$I*BqQ~>c%0J-y%>SN%}I%fOKN?
zgusj&8sW0PqLWki3*~(K_OAc-d%rK?;ow{ZUB7C@ut1r-gOiAlQ1R1^`)xYW_?}nS
z)~wfPTvXD4Q*ya-qlMBX^EG-E6LD0CoL>9QI^MhomuUr)cgC#EHk$R-S;tNdN8Q{W
zyP4}B51;)L`G6bWRIvVf1S2<O{R7|E?QZ68Y;5Qj-MX6~JkfFq`Uugcg558UTjzeD
ze%eUQ()@bsx4GlQTlw!?9s6~v-~5akxrK$>f%h#y+ogDJD~O@`ttQZT%G}(%_@ltD
zPaITq$9~9AW*~j?#1%pK`0ofQAY&GdPHS52jju8r{MnON_z9&e-T>pT_gCL!q5B4U
zR)9a~L&Y~Y)={`O^#44cH9Nk)qUZz0jL#W-aetru4Q;l2#qWhrm%_2(G2B*~Rgc{N
z{AVuU<$K49$ts&!=Bg>Xd0_#k&67@fz!QJm>%V<klw~pQ$U1lCszCL;C#3EFV(hKM
zs%pD;Q9wWmDM=BKrKEH>A`3)Py1TnOri#F#rKJT#x<R_6LAtv;7TvKYufE^+JNxYG
zoW1_wa>-=QXFfIVagXtgdq2;@G)<+}Z2MrZehMs4kT-U%kyx3Zo~1ZI!9-OLN!PTg
zHlA<ro-M2ok^A>}N|W(M42c>9H*jQ-HpSijBO=rC&jD4iVh_`d{>DI>(`oo);a{|^
z_F6#P-}6rh_5Q|_w@j2l$KoHT@Ng@*#>dA4Ks}^}in9Jd$+z|g0WlRE*KfI>5(;}Q
zZ`l2!0tE(uI@hiSOH*CV?O9id2<O#e8}_Y{n{6Fg)w4&%sG;`bCdaOSmFosD8ZKOw
zfjAs(usgRJKILoU2h!iwE;QWj0Tz+LySt$&!VKPb&_2T+6RG;U`t&Nb_>!Hs2J0sf
z`Q66EqZIXsGq`YL-P)+I^flbnM*6zJ7L}<VEJn?oskwqpCiN&oF-Rb%QR+`$f6&>N
z0f=y{Jzg~7i9u@CVrlkzB%eck;=Gl413`&$IqW1W!Rn*XELS{SAfo&*@icI8Z+ACc
z;w4yqx6<hP1Dj3%<#x)UocHde@a?VbL#DTGs45~N&DB|B`Rc>YAqcN7+c2w>w0HlG
zZTieAvYKGz-A0G-tvwPh*)8A4Zhp-trE&S*haE!$T~X0ro@W-Fz113g%0~i;RLBNP
zE_|<7e&l8P7<l{`YE+@oYvO2BJ8JPb^(mK?+MN>W{2<Q1Vi_#NCsX8VBa^g22Iqc}
z^-MnFS&70EM5!7LhbM<4cOH(Loat^Rm1j|&T#aR(8%B48@UHW&e7suvlf=T2<xy2#
zZSW-ZxP7I~#DiCt{|bV95Xo^pZA#w<el?w*_Nl)7S&4mh;TsNI1aMcX^%fk4=n5Rd
zOw_K%wFSk}&jT}LtuAi5rzQd&$$|ZKd$s5>TLS}wnlRNut&7$ta`{@-hch;+W@u@}
z&LUI4tY1bsbFmB;7*7x7le7&>Rj!UFWW~R=olxf}DY6kR{vVA1xRLUYQGT8gzBkQ2
zcrY7u=Cr8VV#6X(HicuaUZa2Fi3;*IzL1FHhun$e9Lc=ylW@d_ESsFS_V)JSvxPI{
zYQM`@jrlQ#UnC++ZQ`r*$y-y*x!}MeptrOSC>l#vVqAr8g@u_rW7y$d7L%nH^gp&4
z&boJ0m8Ne!XhfmF%DkK0+%i8>PyiQPvv5x+m;WxH$m9m7C096=4E@zn#4wRIS87Fl
zG5?kGs%QPKLc?)QX)*t7{SLm(?zt*%%Db+!s4~9n$Gn?OD4{n5*ZO(sTyQwlk3N%%
zfuTFw@`TPrsPXco^R4G#*>$Szm3}jMbzPo(Va?HnFrh1Oyi{*1bTg#MUxmQ@<x{=m
z!FG>NOE<Gd|JkDFQDGew#nH|SR1Mdqq^x5>WEXtFy{lgTj)|1iJ1YD2yZzC8Z?K`q
zD)Rr#M3(3GQ-#Iu@n>`X)!3P(&CKb;{&FQ-P9k+F%RpQs5)8&RG2X+WPjqb@o)aYr
z{{B;d{~$(?6nYlBQ+|F`XK6LH#2a50kFbi?1pXS2lcc)C5V|+Y*1IMC<$frWqtlXk
zVWS)&ObnA>giEp_{0h$G%D-FRth8-k!O^tvx^UjDQ^ITROv4|NYus?xs&u_?x@x~^
zOgch1+SGME48u~a*fO-;!P+XvjCg;rht+ln6bW;7dOqV6DE;m#MEzLz))(Vi2}1G)
z4=n-;26vJ)I)rYT$-89Mjm+k!InVB#<DQ3C5#gfTUfV6+ncuA|Mg`$ksoK<>1iGHu
zveGi`GPnbAcNSU)cRpzmSIK8H33p>7fY6V0DFG=_iC<<xXTW)4*nykepp2_viTn|e
zCPL{JY%*W*w#=l(Cs|TfV4e1S)f$89ZpKEBNedi>`FeZo+S5*5XH1Gt_-%AUoMEl-
zZ6szSWn@aq9aW9_g>V*|@Rwr^nLk6oa?*~O-@~$5X=`)MxTY-@2$l;><*{EvGHrRN
zYJ(cPA4o;h`&1}ahShdj#jOtrY8K7ID0nltCg<=r%FfJLM@L?KQp5kV=;Ps@$_a5r
z=dPrrC2I_>l~JqWSQ%!fSvx_|4ld?Sra7%Ini4NZMldxMYpnUo&iu?B$Be9A&9Wu)
zDkUXX)-cR-)dWPWuW9uB=ozXd!u9rdx=Db09#O@0FKIex@+=V_4MPF|$EpCdcP~Y~
zR8)33A8L7!U1csW4-{zhd29!#_<w+p)qcW?OQ|I3#iEcyV(zRU%+fB}!AuCNmf?%)
zUvMH(Z?@!)-+d;B)WvC1D^p~^!*01>BKeVK$=z?xgu4{;V9q9^WbYGq6@sqa@UTmz
z{F_hk{tIpbw`+ln5zS;SU{;22^c5VSzMzwWuDHgB5W0RK{wPn9?@}f%>ytI8cZ80F
z7SgR(mN??jyv{<htD}R1EYg>-gY{y2I}PtH6&}A@cD|bc%Oc<&UHO`ug3nADl*pmn
zRtMzk!;F4sCa((FVenna(BY+9?$He}u)?#M628}!mqGE+#7ta)H=>NpEQeKYf!|O2
zrEY(Jt^cX(e^eNqbJn;S;)n*0GRC+l6lt9$!AeKxxq=y^Y@#fsol8d7+G8A6^w2IF
z_H5!tnT(@srBA}ok=+zDpSgtgmoE^65yj590CseijojDK*Gy5(OISD=dg_P!;(eLr
z+0y87<M|Ls5uF$Cdt!vIQep4xTs?8T(8=X$1vx*Q-&?5Wj?1q__D9${g<axflQ`Yy
zkpVz1df)G-Hx^WI?0rO?!V2DkgwE$D%UOVhvLpG6;hVDWs)tx)+j>ff;d1)+o*`r;
zY4gTx8iI%)kyDh!Yg_V7cxs!C&d{Krk~k-KQ3+n0Cz(V6qq{Va>UM+5&Hj`Zf2t|S
zXK{mN5D+avaVHR?RISEpiibXR{%8Y!Ar|(zjsZ`D#hYw4d@fEjT%A508&Nwf1qIh$
zezCHByow|9yO&%B8l4hLZE5xhPg}R#y?1V?mufWtOW8+(#Of>g%Sc>yE6F}5f7sB_
zTUT-bOG<_S3&oS%eeWb=_~BSlrNH`0Uinrh8XtP7h#VA3pOMJkNdl>mwRZ48DQMp*
zb&Fy0?Z`2_#!8mbKj7hXz?(sh>FV1ofI{CiS#!j@M@?s{veiwS*_ARCiMHXuxw22V
z2u!K*t_8N85|u(0ICCBoa+=1}=Ff^BsqX^RSyPq=YMd+U$U?9A!u!(}W>Lqi*f;W@
zCjZ)6gBf?3va2DNO=l^8Stv8F5GPnynqbf=2xiZNxh95^r+!nZE^ujHS#m<ht23$S
zTVv(J7gQc<5sfU<us)Yquu=){)|1yhoP7QK+xu7i6a@->R}Y}wQv9UkBZf*{GSE-J
z^DkPNgYjBi^+}z(Cv+oQWn1sJA48!|%^t8illqu^@>E&Mb1T03wv0i3XRcCDFAWrw
zB#+R({1q!nJTIT>*=-f}PaWB8le~QvjtM-W{Yxd5*IfL#xEH&qQF8FL5c<PO=cnr^
zLf1l#zgkd6Fi(!VSf`I=AMnmlkJ)AbVG$>&MSZ>TYX0l_d<7uJQOEN_jA=1c#f6XL
zFkoeLd>2?3zjYLn^2m$){6W`d8L5U{Shv}*4E0#H@7v46X^#9+YbQ1psn`AX;wTr%
z)WIF5?^#`ZCvA`IP^p$(H=GIM#&Y2Hmz4kPk5CL`HPu?nqI#E(FfyXuVPKbLZk__+
zBdqJE)$A7<8VKIGArgB+cOb0qR#}sleVtH6_LbU~#KbuM`m{PnSLU_f<OgwVhfOUw
zxM=IVbgHy14=u<nUF^RHs+DAMR3#-%TUTCqCw25-Xr#bkUMk69sv11?k(7|WRkZUu
zj|woniu{qtOCSfP@61Oa3P3|NvetUZDdIhd8QGK!S1jsfMW7Bb8eNV8xEX_VRyL{e
zF`imFjq~}&y^D!B%O_Flc~rhCyQ3E68p*xiO<+z~mEFrO6W2ni<75lUNVq5O1NW}`
z=@+;*rIXqh+2|WvCXWPXq<E#Et!6tyl_DaD;p(RQ#UAw<vd~s7U}x%Rbos~wB~&@<
zIYivp!4a&tC12=hK>&rK*T1vms_`~@Dc)=W9(iDujEOuu5S;NntKz8`EHHpc7_(R~
zgdL4%3~Y>G4!R5T3Wn|&fcUZu^?{|cJ8~>>rbY&M6gE%EL1$yL`zW-(SYubc>q$n5
zdo+1v%ighlQU^28iSlu9g99;2e0k8Ug3ni`9}jMKHPXJHrEYHL;D6L8^3Slr@Z!qy
zWcV?ex`Q_la&_()e26wDtIb#Q#(k)9aCJ?(dYR~V58~!TGgmu)5U61g_4Rh~sMMUP
z?WcFW>3@OIksE&E=4;kg{4}P2`7x9OB}u$s(s8U-4;bN#8D9;xTFSSm7~C|C&Yv?H
zqvKB{%BZL=2<bIDaz0ihPST<&8n^G;A@~UUdK5}1kLblwXz*_`!LYYOxK>_N?W_+T
zj5u_3*cqc}`d6fu<+2xf;>Q?Amj`(z7oG5dQjc2Q_r)3+lLNzS#dcI=*Ib-0K-nKW
zK-~K12`;?Cg41Mf!y&caig5?Ylt2;%4)>}<6fSyC&*U{`{YC0t?+(IU)&Eq&&^dvm
zws~VI5T^7r_RPZ@mkhb`ouw0sNA7w)>x<L^oc)VhZ=Dyix<f{9(gGUke#J+b_PK<)
z45pr-B)iwG=k0kdyWTxQ(ej8H+rnJ|=nDo7j7T65zq!q$Y6ia8Gc{-W<QH}>_I2|_
z=QgYVILS>huAr;=XkcD(pPDeAIYmc>$9t;WyjseFFjj5-wCZ;K@;ZIysg%p<4sRJz
z>_Bv22iB<04$)|eIH6=OuVaw#w(r@XsS;}0m?`UofX_$R=MNnwEVZi^F+dXR{6pjN
znX`C?qPzA?e9yH`rJQkj{9`^wDV^}5BXhb@3((3@<~4VtwOWkU4R2xMfLjZnisdr6
zkowHmks*ityX4if83O%gA<y^M?^ruI`KqUPRV~UT!x;t0;jDS;8Hq$Q;xX-%+0No+
zvnKB^c^em;-3dH`C$q<aT#~+CG$b@|*W|4lS|I?5Rk3DE1@t84ELY2C<Zq#eRQrg+
z6y(cqOx2Uc?IvdtA?Q52HhwC3b^GcCzSwtdi)2$aa5eMtL;{<rNf2!xn>?`POweA;
zkr!BJ`I^*P8kDjX_)IZVo}D~^|26bef8lt-jAXJuoc0qEQveV=qCudIS1sP*fE6Ho
zjZC&UqFAVh^sM8FeADhRa*girQGY^2DuGLcR)%4{O91or2QsWeLoPM!J}*gT79Z>z
zZyW54iir@9Wbx)|UJ)GHg^@fbrfPB9@+n5X>VBg4*_`x6Et@o8vq9MO`A;dIbm9g-
zoODcfS5csM#!<s@Txk^#H&au1l4LJ7#dJ2(bT_A8y~EwoWi5FVZw{7ar)k`=J$Nyl
z%hxbzcl?V{8Ka+_josB6n^TOtx^Iy(xGTTp((NO-;BB1)RKH&AOzl(eNskBB7v982
z^OZH5E0npQv~;S+BwYJ6SPrIkZxr*4iU*GwRsglv;!)zpY5Vw)CsM7rT_maMEteO4
zT;hW*W=|_rj9F=&x%$Q&SJ4Y%G50<Uu9Q9uL5&gBgUOR5xg;l1mbDoV<m_O!e0gJ7
zX-QH&v%|8X7Wau#ye*d?X<n||@fGD=_1U5};daO9C)JE%95C6E&7CJtPk!6Yvnj1%
zK^<VsDUgk7&X#|QBA!;lBTWxkVsbl0Qld_5PGePntdpl<c*K)W9V~17=us=JT5^{)
zH$4dTm9RZcFe^sQxt?;;v$wEF7R(l^(v~wtb!E%P!-)ObmrBjQrlg2sM~er9vYRP$
zMZQwY{G?CpuY{VXV{4#HD4sT!GwH~*xd}vxN>->8j?=rZWBs%=s-4d^-9?Jf%5>xj
zm0YR`7sJ1e_W14Nx<1oD-eKywQN*R8<|~q^(is@dkhkLH<2P#MK*C8++Jck8F+s-A
zrHqx=m93~AsE_|NF{5KO<DbnFN2bq<^P)YJl%1VD(5yR}E<%teERn-pVZ3Jx*s=g+
zOoxUX+9W^I;!{viV4@BW_gj_Uwh`$T@2EG9Iy@typh%5~7@U}x7*$hNj){n{Uq!D^
zuzTjZ9Ljw<zuTKHvbXSi9ZITdPxT;X-r5=6qfGW)t7nKsS?Tih!z<r~5xQr5jnf|l
z$L`6!1^P12vpt(eV{D$dNQ9RF4UMX@az%N$lV{l<iti-ZR1f_Ay#A9O%LGWZy{3@Q
zjrQ@CHKz2J0C6`_qR5!37gxd9*7#JpMA1JlSm-g&+Z2=(ih?lkvBE*H5T*7oJu4DX
zDyP!(_(mHUH%Hp0F{d&3pKCv4+wmq={hJks0NfL1|NH{{@jUlmW&kXum3^9g)`avS
zy8>+PEz=)f65-n!cm?rG)JvlLzk!n^>{y(?|3rAL^q;680)qTwM8bb>4CUPUh{7Ua
z_iX%M?(lU{vusBMjvjyrN*opT{wG1{8<E!$JQt+GYMz4+5>QxqcccCH_Q#)WFKa)T
z`66KG?ZZeu{mcHKGRouoHtT^^w4XnMf?{Y(OH0K5Bn|}EY_R()tDfHW{<%RFUox01
z)X<Q!exb)g8wA09_YyA$P)bNjN{Wn(OiG%WM>%B#Ss&krNPlHsMK)UlpLB#%*qWI=
z@_Tb%ZFM*8JuNXN`lo@ZDL#W%m`{Fj5oOaSTBm%gicB|AcVih*J2j2dBuFroEkraR
z$aI~oOi9C$$#JA#r<3XX=qj@g^A2NQ4|C!7NwKNi-h(`#N4Ks)H4pyw-%&tKjiQko
z17iVTeYKxIu}IinGBGg;38lbfllcfRQGJ^iK-x`AK3X#K-8)|wQzI~JWqn?NQY{s>
zN>s$$Cu6!XF*k~WafohYY`N|;|B;5UKvym!aARPsw`0w!utb*Ve5=;XiFxE1qruC1
z96;}adoJqiJnX|#n((zpf0VA!UD0R)T$mac7mcE^R4>4zr!;;AFdW;Nd-kVffZhPe
z$O_vpK}AJHdFq40!{uaTjETh|5lMW`AOl<oCij5x`J9~1^MhqHG&EmllLtr)Ft&g(
zjY{LMXN0T%zL|r=7~|2HuS`GT0@}Hi3Bf@<mcB1J23oI|M#Y9#ujiKD9IY9OSbQ7N
zax8JSxvXXk2qGdJ+5)RD)6F<!`v<LkSv8MerPI*9T{=;!AJsBqET9tqV$4vEPqf-8
zg~1l&x8pC@ZR~12!R37dm6{rpOZUl*HG-{phEpol)ryu}Z_7P)Sb88#2&~kzny9tJ
z-7O#q$4K}O+*2H?wqamo4E(T|q4+lY`}^y$NI+RxS;3casIIH7R;P{%eae|zP#}Zz
z8C;`NQ{6{(Z_;4F!Q1f2D`fCpnY>o#5<+G+BZkw(*BO4lfLJ_g#P1%%r|5Y_r~6e_
zsoq0Y_Mq>I+sIZEXwXn8cU{-2-d7K-UWwYOmUcgjJq{Z@9LvAWFMZ$Op*eVxTCYb5
zN&i366rW<6XX;}t-#&@ZV@za{YIKlWba))$B=+Y2)?)_#ahd&&#)t$TBhDANqL6Vl
z^YoY=OmiZJPntPgz#{V0c-O~k1b=*ZXRJ_FXF`DM&L2jSsIjineM2s6c{CLxn=!e#
z{B8lIdTgn@?0--V5w$b|Z1572UY9T$gJ_N5*&m8{rY5026_IBT&k>l%r;=1c>i`N0
zx_|om^__*edEm@hZbd}}c&Pm6PcBYQW%`)**82}m1Z_~-`|Qk26hy+Nm?j)t6y}K+
z9W{&v`A*(lv7)KoDmpJPpM2u*xSXLIOP{IbT3=i1qbpze{sg7p{9?!J1^KJ_pOrt_
zBjc<oA&`$oo|d!$Mv4w){GR|06DPi5P56HIe!_`LsfQPz-$L2uF=4nkd}Ok7@4%b@
z-)@VOuPm~R?%n>ys!Ne(?<4YzZliUcyq+cH8cg!6umkWAG|V*tQ>P->u|&ElQ?(X(
z_riAj=#_xh>)tQ(X^wOZ<XPgfpQgWoPGah)jYDodVYsrWPobfaZ!?hN;E`-my->DY
z?vdARN&UY&e|1Q5f9B$IdT=gw9@AfoeFnuKU%U+i_kz&S&`-}l_Xnj<I18L(_W4Dy
z*s&^>vgdZ6k_Vgd{hV|f$1wI9?*UoD{#Q)cSUsJ+x{<<E&lqHW&zDw$GGaCwGC+>8
ztgHy#yl9U*8dUnHv8B73x%uWA)%X+KE~5tw6?`r0C+JUoL7yz7du46sX==}l@%VD|
zd%XOeK){9qmla(l&jbboZIr<Lu;O8jpk)0=W0*u5`&KlO2Q7N2Y%dNj-D9RK5xZ$?
zm8ikBRg|>#h<eF-c}5!0-C_Z9Z*0O-VgGfN8aiJ6u{DJ{;F2?J4*}m6EWP}w|0n_!
zkaZX6d=Bon?DisqJM@;#Tcs8tmNqob!(iYKkV&1W2-$gWUd`Yd$SG`V)3?z*BuPp9
zlCRuD)<xb}!$v2qqKZ~Cn|H*{rsu*oJ|#I(r2+8RHATWbFpizsN#C=Nv&+AnXzG@S
zu)9(&9JvCbrdZ5`LujU<ZP1hr0hq)&f4`$j#ni?zyQGRO+jg|myF2V}dBgFXz7M$G
z{HeCILB<xJKi#kcS_`mT*1Xq|jHBZbxMkN)QQ^HipGJE~b-!b;IF4Is3uVr*0j`o@
zF?KMIBJ&Aj;`ndDGP<$jYbwQVj32!z?4B;SWBQ6iVPv^!ffx+#k7H-dCnqNzgL67d
zpWn>HV$3)gG+!=l8v6}r$t1?semBt%bl#h+WkSnbOX6)?*ZxH8r}UI_*}m!l^yT@E
zM?qJ?h`C$bEZK7idet)~1xw{P4gf!6Eayh{Aq|dvleOy=3ItO93C-@A92Bu~_{oM(
z#QgSYP6$_-NS1Ne_JK205p*$d<zqGSPI-5AQeeobEqn60quubM!aswCntFcjmZS7E
zUjH!}pVRsNqC>R+7njOVH9;v95+RxC%hU9WTn)$j>v1)+&DSe~Ghi)HjQ>?2j25tV
z_c@Ci4(5s`(ykJ_HE`#}#nlG-5TpLV<DomrwLj=9^S)JETCVAgX>M{`<PBSKSSXqJ
z>ql$UY8SmX)25D+&tL=RV`!W4Fw06~blQqXZ8H0YGS)r#Oaj5Dgn9AS3AKu`KE6eA
z!mdxKf+-gdAY(CBs7K73rw}#YA0=L(td1#}99rfax^qk_W1;N!#5HmF7oL6n<=>JC
zs66q~Tvih-A~>Ku7K7pi8i5hL`&wxhmX@_OZSC!#)DZ|MZT(J5*mVsX|6gg42~L^Y
zpFXbLCo4{tIbenX%S+44>}+gLNl9y;f+18kHnu`HXH}H2Wt+N#_Bo2Uvx!~A(04@!
z5(~ed*6W>2a?}HVg}8YP!HV$OjmD`0?uQ$L8P1>zQbECDyb4&n4eGSg83781$m0iK
zk?~ng6qguwP*YKzSdN-jM<YM~Cu=hIpOi=7Z_eXaumUR4OI14eyp#$Y5KRwF?<U+9
z{w=zm8~No6i$Uund3-Q%3uX<`;)8acIvw1k?NVZ*qd6=_va=<NJjg)YRK?;qwl$`~
zJoh)IdfB<Z*pjJ0*TN#u|Ik-N9zRfmK1MQgXk}$3Iy!n~1z5Q)EV2DB?1Z_1Ru)X)
z%n%O+?ExA<S|?2%92{&&{9}3?A4~FIl!SnQiVz6>#j;p5R<nh93;Q?pih#-irbZD9
zxWMOT|Am?e$3pk04q6F+_BUmXn4|cwBX}QwO@I0q?}2s*X7S%AJkQk!HETpZEm!>q
z{(3xi;S2kG4=agXt;NCc?VnHmLL#7g;)*tSZ=Mz+AaYy(=G%jCc6c5IN_yXbx4&_A
zEdEfuEM|e}#F(g>8X5qy$a6@%G$9dD2g~m-c?)qO_m_5z?%VzW&rPG7D_v3GPV%4b
z1B>GRxBFIZnTqdwk5~Xl@6QUvl%$bO;_<n51JM~RK8V!d7TA7on)Tk}d<Hd>a9@ZY
z8~S;J&>TwQbEN&`2<Um|^20CQfNoZu=U}EVHHLxq9b-waG1HyRXx{p7L8HR*Rjpf`
zLFB(+zG=Y`Oic$fKS1>*@P3q{{;h3oZ5<s?26Gg%J~ivH5DR!;meU3)<Z#fL5A216
zAYi0pM_JF-g6AFDYS1_{S1a7-;VPRLl0Q)cyc=18bcvAf>`jM++GoWEHw{_)$$5YJ
z^nr$_=T+bnnx{{n{@PUb^768<pl@Np3tSn=Q3R(tSmNB;+8X=`!gDzZ3F3TqQXIYJ
zCOfO6Pcy6Lc|8TZ<>N_-x{52EuPUOsN5~TlBdvcLtHv;tL@RN9dEHVP98}=`B)%U2
zad~ch?AUw7>G#ttR;P!NM2;)JOsP<$By*9|7mDdn+S)K^$fv(hq<n0PD_|-G{~U+a
zyn4-Gd&X(Y9GMS{_0(2w4EWc<S$Ff`68;i=VLn!qx7-RYe~WZ~_((^L$;H8e>?;BZ
z3JiQFA@QYWwYRsIE#7J*TOI)4;?r|v-{!F~m6UY?bTP0fIuJKQgQF*MjN9EiJj{?>
zWJDr1?LsK?TeH57qq4Kk{hgirX8F=kU25mL8kg<#m&#r)Ra!>c2?1l#&4fVAgG`j_
z3rn`{VA$u}sX)u0lhk;P?#)iy{?|#@-AiEqudZHX<amH`az18@Kx<f+>h;>MU%ez$
znU+~Sexg(uhljy5dpqWze;o&&*)nOeFwlc}&rczn()qXWw&@Ub8dDSZqFytXb2mIU
zk-`d|U60J^Z^h_O=eG5anTnLj8lEqdJnfZje2v6R>%^5MlZW$v2z>mFdjOT2%7d4*
zf5sd&AT~C()4NDRQ`7RFkD{Vtrh>Wj{Ra~lTr%i>U@{Ci)3xXXnJJ_DwRN--_$xoK
zTEFUzd7F|mqoLzzX6v(u3W4B#di;h!j->UwOizjg^ksi1@feQPbCb&%t6=xOq|%+4
znQDyKb!|B%fQ)=GYN+1ay(g<D5Eftc9GE)fTm`+5KC+Lnm5kx5<K8p2#-1$&H38Ys
zB;-mF<5EYDR}oEU8maR+Jj3CRY62Fu<85ppN>s}m{?6&}|3k#brQWUmdD(sMdq4;L
ze;_&#>3qyc%ccIx$DpR}9`eIgDnfxMI=azK5cJJD!UoNFy~UxXr7`;gX@l;T!tvhO
zR;KRe<_B-20;|15UHV<oUC5m%^qb_LYRUHP{+zxR>RVn#VU&Zm7Hfnq<@@AM?(PFM
z$u8mj9qzmzRWVw#ofAI1%Q!Ftnf2x$rh%?i-WC};T{sa#3oDp6`+rM^6}tQfmw}$1
zxtSU4TH#mcvWSV@-VTcImwk16AJ%v&sa_>5wd?rT(3dYna9}@HWGyEY>Mn?J<(<1e
z?bLCmp76Am^q$FS0>##9vO2fHZEL(Ops5;jH__NT7EP2oJ%qk|HuYX1h0A*CVom)3
zB(NWUd!1O8J1U-)DqrdmrJnUYY=~rS=e6wq*Aa`dMAK-E`pNGR?Dw?&@VcYA69c?t
zONsC8!p>RmmG?))<G+W$P+x-P*;*GojB*NYVYWcS#SgF&`SIqk_AXxF%j@0GzIdPq
zC-kP;UDD!n$W`T`XB<&%$j^NBuPF`169W0)?Jjga#z!V<R~TI;jaE1YbK?(e@ecn0
z0azt(uY!V|cldHxilP$jt9W)sP_SWKp{%$nJ1<e7sLIGDhSwG3jVCWOX*8r_j|Gqh
z(|`(hUa@IZX`AJ<8gKfHUaJ9f^+OM@b^N}E*N7iG*H4j0s1v)s4QC_S*uH-L5lOaQ
zay`=WSUhhwJ?hE}(N81ekT1yxlK!FP8*2@c>NVLPE1;zf!U}Nd82NKLZ47`R@SfGf
zi3zoL>nfcflTIIlwS<5n^@y^&6FB-gvUV~cR9RQLOzXYq-|YuhW^;b6ROMp2sD4uf
zl+;}(EpH!<@BJ3uw(*<()e_c6H&tA=vGhWkfxhS>44y4a=WOCT{M}?1-9Ms?p7Y{H
zK#YO>c(TGGd=frJ+N)6?Z(M-xFJGKbzku-wJ$Z74%|eOGpHkesm|rb24|t{$C7)G_
z*Fwv|6(B!p3;*NoENnfG>hga~O8w{;Xjfnopq@P$pAu8t6M1mIRILPG1yrhz>bfi#
z5b_7jF$*5@NBtEjdO`0p|F9Je1oHOv^nr%)nj1TAgcf{%tM<$=RJQ0KU!NpqZg23f
znx7VEyf6V0A+M_EkHEWv;0Zc1Hs-R_iUvV%e3_mm8UR8jP|3G++MuNww0}*{zYo<a
z6GoLb_WW7FAK=WCl=`hO+;m!SfB$?BjFhysWuV~A7Gr$hy?Y0O7)eRVEx6<r4ibnY
zI*Inr{*#hr>5omp6e9_c_%FH(5n~3WOF$KJl;~rqX=t*(e}73sbLJZAjqx7}?RB}7
zgaj-+oPyIr>3^fTT3<b^1<A5MZ9*VMc!`JB!h+dy>`Hl~xBu4Z@BbsPeA7n-(Miew
zlg<PF;q%mDcmG8!2$#tJw}jqcc6xexqtv;L$?va&|3O=r8jrvnMI|LA=@bF=wD({$
z;^=W6f#09E{B7gL3$-_o2C43kyYYhh2N)Mvpa2uE`{4>Ax8<MVN6`D$gvkKo12-7x
z$lToAyq{JsI9lI-{1_V<(Zl=8E56o!4Q4mK#c%r$K0`=<1TJ2_|6sW1_iOooegy;T
z*)PN|55tcDkE5k<(l)^HV*X;cX#POAN(^62UZC{flR3nq*F)9k;a5=k>%;KI+kzt)
zZICV>#`=uc5wq^(xFS5I=<znZ1NBe$vY3H1VD^)ETxFa2<Y;H@(Rr7%uR?=V<*@X-
zj9nSUtg##G>FU8)S|z}vm<dcJYp;J5H=m2s2E0g(9a}A&DRCbh30_mx9*6upk{gO(
zFUhY<6XVaor;@*xU8|1DMO&TCd)V^f$`^MVySr;U)7nEl6v&JN(`l229aO$5Rakq@
zj+l~X#_8TpfAplN4TIG&Gpo%DtZg)Jb-7COmp3*vTpondwb#U{hN#`D&0+xCxk$%{
zFX;N~VwEeb{POtlEo@?S;_jA$D>D^m_qZ8OOZg(HO=jvh2Jy$I$;J!o_?IPxU;JGF
zd1xkjA|t%)ZRX*Ya@{-XPbMbSKkgPjSlm>CH(c9vXHadAPv5;_SCbR`nY7vjp4(vO
zXFnQyHnn+(zUY?Mpy2_Sc3r{i_djg<a8a!fj{9(myoAXA=FlLNm8cypwOFhYgvU~^
z6=~GE+<5ks=1OTjY;6x$$<IwWnW{P2-n|GctgMf}8+B$h`HO!Mj_)08XTFTA_R?KX
z{IW8F^kaW@_Jo$r;e#8`gh_R)bXrN8-wA>rvjbwwVu1^HZSbhWl(c*j%Panp-^zq@
z(o%f-?T-VKONQgAKHvf`O_<%?Q`FWpDow<?QeJ1%(W>lT2w0yo_$lE(F%^(6-5HC9
zS>pcZ@stddpR<Q?QAcCyb#Zeq>Rwl-fcgI?$3E)Im|PIkpwJkF{rr`jvdmY~7E?!n
zzPtD98i{pk2s$TsW93n2KED{m+$x_o2x^L#-zU$973NjdSx$El=3ZtpV=pS%Tc#Um
zz>;n{Jh=5f2(r}ocX<!Ef(jSuvTkpN2em1@+JtWVVv7p^jc?iKdgFumF5-~&x#5>V
z&0E^F4Ulw4%|7WMi`?^XZw`QkRKE6!!>kVW#;IeG7-D<UNIbtcA|-hR%l!+gtEsQ{
z+>AbQCCcRIoYO-o?UDG?OjIxA<?$0w8!IMiUJd-uj;Fitcrbw2wv|jlp6qia)55=;
zX7BFKtyJGw=Akv`c!oSK#B$g0P=!2%j7(^_9-Lu7-x;=ScdfD3`t~6A>P?;b`qh=F
zX-(^W^7$Q@e17)1wXAi{u3vD;6XlEmAD>}9ibd#WVWG`AqZoGhmEGX=)!r+&GP<IT
zQ+w@k)IY=UngU0xq`sc)E(Z<aH8ip?Bb1ce#KZ(|Fq%#g;%WDc+kEKzD{Uf74qY$c
z0Hvoig7H}g=);&A8F6rNxp1l|D;pbWZSY@#C#XTe$jjXBhGQ^8yEl=$sPP}~<U?~t
zL4oz=P-ZY8V^DA~DI0PWHiF)VYBQwQ(5|j7FbkZKk#QE{*WE42$DejjcsTDje*I^p
zVA&wQSyfe4QgSe9ni|sstacV7ELea>EFJ5w8@hFkZCE)?_T<UY@vs~=DHkRQA%a!~
z=n#yE{5f+qu(}*Bd^_3i1A2{TVD{%rDk{nrqz`#d?x|;8;D!@dCPknc+*fV>o2}in
z;IvyY?jeu@MmxaA2T=I%u(INk5CRBVe*4%I(721E^>HwnEni@x>Ei?Na4uML`M$xI
zzd-JaMkb-$alMZlWV3cF=Y`x4jXXU)0U{IxyG+ogK$F4Lb?d3}oF6}a+;8Sz{wewJ
zn!?=DGB_}>deNVB#^#LK=Kv#K`gB|Oj*pU31QMZjZGiBh83_>}M4=LB0Ygs+@1P<|
z&=)Hr|8$dnmRzck_vJCDU1|FJYl-vrSheFi8zwt&dkqpyMrsIlC*a=y&!sr^U}m*H
zh#j3a-b1?k`sT{bhe1UgBeqFq;G(Chis%07nEzfan<_-6BSzd;?BM7)UIgd@@cOfE
zqta=c+Q;`DO;sHDCt3aVF-YlP6hU?@;@M66G;QloR-)wgW~vo&kmd2ON(8`z8xQ`P
z=hw&R{Y~iG7T2RiJ{1<Dxp%4cwc(Drbw_u1T?p|l-o!ZAQ*X?g#cj6qHT|o|EReM`
zR6;)`1XbV`0H{is8rDrJZ&fMBNRcXtCtN~Qu2JjEonqS2ZK^hHOsuHT&75YQu8m9T
zkzukdy!*i0D9px=*;3%ZuJ0yD;T>&fQ+ULy8ut6QXW@1?`0gr&TJb&iv&zX$ni820
z2Fk0J*GnNFd|M_JaNE}p2W=`ZVoXw9cTdlB?PnnBcZv!KQaEI;uIBG_CMq1)WsAm1
z1ECFP^>6}eVx-q^+Zyd(ci8vwu9x3~7bhdIzvlkA4GF8k=iFSHZz)moponiy4rR-w
zBszv37`eJzWd;u11nwuyu$-_rC^>kxHJYcGC2LYvZ8=`(=QlT9tAM~0cFql8ZSefG
znVp&g&lK26zWS~TiojaJ-vp^P`rL?z5R3Sq#OzF#t*72yuY<9;vdJ9+u&xz&KjGs6
z(PVzt+eK_(qTbUrs%xa$(X?!GX3iL?=|JoQiqkWY9N)bU9cI<s-dthmMq?L#|Nb4g
zy9LPuWVN?@6nEzx-`_<6;Cm(AT{Yfa?b-rYJ-W9JAV6nsygn2o(jLip8y<-_#))bt
z3F0e0EJ8Rk!nfIjRpO4BaNv3wB&Xd3Qtq$)2~M8nFn-VnI0ffO!`YlCICVFtDl9#T
z9wE>mArcPQ?~}13Anb-Qckuj_rXF@*Pj<aI83!xq0y9=zsg8ZTVA0!D@P^s)8F+!8
zXKhsR+l<&MT;mb!X230t?BP7?1B8LSbB7SaP9wJ7udK_zFqoeSxY@zy>L0gMZ5P%S
zHr`&wyizUHu034}W~Qz|vfKKn&9T$q$j_2xAy}^7VBJYNVwZjGUGviMz^q@G3-CH^
z06LZxXdxzL?pq@{$$ZWV_?g9H%I@wLzx*(k56+F_v|aY9*Ijm}VlXk9=sqD}Z19}N
zFoSQh2iE=K!aT}0XBKcarYz0Xz1U}LyuCS(gOk_`6#6a6D<~+OCpE`L=a!crgW6jZ
z>?WYZ^43^^CMX;@Rrv;iM;|<>5w;98&9mBioP;IbE-Ut&Kg|09z!4~lz!53EdvrH@
zJHR*})ySMAV140Au5}#@_bzeh3z;vRc{yKYb81@%(&Nn6ZSy+UyQO==S8Y^T6gOZR
zu$=?H4x)<Uv_DM3=IYeHt~y|n1#_}$r$k-Za!c&DFH^PY+DQv(><n9m2k?IW+W+#>
zzX7ZQ5u>hLuW#tBJMLRnNTN~WeG}QSE^bMBIAl0-a(3f&9os>p{8)FNR8=?PGShXw
zW^GIC?6Eext4g+qq0a9I?QW)XUC)b7NBL?jCKW)U0wnfzs1RR!f)JZ8?13!h_0>>j
zYLEn1$#G+4=%s%6&FLK+&}6>e%z#I8b8$(+ON3J#eyoPHi{I1}yt*5l^;s8ua=RMx
z;%nT*{<vzY49ASu6GdV~1RkFU=|`4p+JZJIu$4A}_oRU3YN#mYav4>)fbFS2;bVCG
zbn(i%a4PrC1?l6QX(6MrPw@}91c2q0O!3iA?!H?Yu5K9>s`C-p04V5|&sJ{c)_<uS
zGxsnS({n9|^&~AORd;bqGga-U{qK{h(@J{L$EpIL0*h{rE?3Ldgr;&C^M<?E-a~{B
zMIalx!GneW+`HUsRJb;z#_YH7e0~_!)~ogt+z8io84t7B1=iWSgT1h_ikUkr!pZA}
z&(|SDv)i}x!?vl;K;y~m6?xGdRjGxIaoiPAn5HT(yw^F=)u{xN+;cd@-0({3mLl)X
z(QWb8a<2ie<&2E5EBq_>nKtglZ2#VG!IO=z;p>72S|?fRn?7r>;2+o5{<yPpZrlh6
z11Vwi_-}T@gn!qj!%wG(;I(i$(If&<590QpoTC&*TPE&#fEe^8^OnDdD3pv#niDfa
zPF;QSi~fVhEwrz;Bl@kmx$@QL4X+=xco6%`tJu3=)R~TX32h!8GB&E;P7*9z+(y$i
zDzlHPP_uW{m`A<wJN^BD`|0x8-3eGmm4+N#`4Ox0-j1Vddv^}QkK+n7%Pxft^SHxn
z^8x+-HMt{U;6Rqt>vF-$aJSC&;r#KwoOoxUGX%nRo?BaVxj|I4Q?;>|D#vp(+ezVq
z=_2fP77xGmIeir|VQgr-ahNJ6aNyElFm*F`otQR%cUuj(uh6JIzHNJT5xkee)mOT9
zCRfxKUJC-D*>N$5rO>5Q$0Ixjgr=NT9$88b%oY~F12cZ(EWhTW8D+J9R<N6;Rm<lJ
zPEM>z52@Zgad({eABX<d#snh*7fG>YRJvvv)y+))tgY&U`y;uowfQ!*jox4N^YKU=
zr0n+Eyv3kD$8EXKj00s5UfbVqKw&oxEi(r;3=z9r=`$8dW7Z?)cNZoMr)Ly5M#aSb
zl)&umYC45-2y3vHlLpb|&`n5L-;Rlw1+f8au+8B|g(p#0s!2tPi~osAW9B8O$?W4f
zyQU4{e;UGg=XR!8q66$+WHeA__&7#<6?5TGgSsTS$Bquwm!14(%9~HR=?U+9%9_43
zPw(%tT&si7M7LJuv-ygnkk7X9Ix`1D7f9f_tI<!W*{_&rKkQMy&|4e{ICK?s)lQ_>
zsDG*^l)soWKBnt)RZOm_(qZ8dEyutf!nR&@&7A7drR8&n)578(gPrHesKUQjL#c4~
ztG)r7TIg(_M;!DAf)MX_{_^BE=VFkbCRsbV7rh1J+}7^=r?;b(VJw)qj+KQ#GASu(
z=0#;0Xs(7P4oizmKx7D{-nE5{yM|s4W(uD-6KxCKPMBF)aX^j6!`j>1#U~>!&Ql%M
z)V(n?HtX8i3zG!<FXM#ANAfj~PCt$2316-byN2*JbsvD%TCKwxUH=J~jeHsoxZEBF
z5Hd7wETT1DPWm?`3#-300La}gnD>OUq(rTcJ{HK*T~DqiP5U^@F9aqQ_6Ao6oDS>C
zod3`#KI}c}hu=!)FR9LRVTxXAad>-JFEpptB@mTqu-@Dr)gIN-{yXGch+}J8mE-Wz
zklV=-seX>&&aecr=FGf#ud^C`Q1~e1jSp2aW`uU)ymk!mbl;b$w?x@+n1+mV3^<ne
z7&nj8Vm;8Utvk@=hhk=woE1CfAO6}}zjK6%F5ThEYGmDxnZ`05f}ZQ0OJ8=f6uHiM
zyh|cHYyGk3LBxWt3&+Y+(hE~mgbx`i_IKL^1-DZfGZgONbGwsnFZ#wjsr!J!&6uO{
zh#!Ik*g&HKC1l8OqBQ{EE|D4DYP|sFYGn$l1l8=XSPRL)o3zWtzJ7bs-&l9jTsX{R
ze>0t3hEAFvXJLyn@1D07ETuu=vWD%W7utBB!s8L^a^hosOtM?^Qs}NgvL8szQJ0H4
z7Ul*hTbNH|Zgwh}89a8#c&#`5DsOhKg=V>dyF8bvOIN~ryS3uCh1Gl)(?q@vl`hWw
z_m{Z)G@+{@d{D%E5sQGpLoUr&M98co07f5iNq8NMwqHbct$<F1cl!3PuC*3y;Sr94
zlUNY<7HC$2<dx0z&jMpZYwKMQL(922XMMg0f^V@2bHE%l9t$%wVh{~dVgcDXIV6G}
z$7p%$D<_9N%yLN+F0{l5-+Xx^k-w=H>44q}zw4gW6S{ouT9s3oY~qg~w7TvlLipg)
z5od^i5C$eoeOq4OH$gy{8qZ4gp@+N>4>1D)+*FP8_Ear0LQ_}3y@i<aL8k=Yp`@_>
zbSh5A<6UPl7N~;h><l<N|E54j@KQ!rd)?9ehylFKEC}>;JvKp!i<(oW?`{#GJJEpp
zk8iY~2Kk1Fu<-SjIs7k`^g;CB(BW%&Lv+dk`xS@k(?7{-9}L662S2}!ADjl8fxy?$
z>^ofx{+aB%`$yS#i5cEE4?y56&9qga=+Xy$o{rkcC=GXacTX^|$8+%~qShfTBhw4R
zeW9dm4ZfAqU!aThPm7!A7%$@r7>mw0x(jC`=dD*<NUCQer;S%!NNZiBe8NEyC}f+R
z@i1p31Um)Vdu)3kcJvJtm*)n9sbHb1CRH)u14`16&;`SMhN)}I7s1f>J@5wBD~J9m
z+{d&2DYhd=k<(Pwv+e$O@H^1dB7Ar;&<Fsy=2li#_ss!G#=F~_?X9hQ%1ajwk<cy|
z^bJ^y&d6U>PM@>cdd0Ih{3hW)3iX)lgtNJDOB!aB@Q)9GC>caaESMSfz`bYifd0Ni
z%d>2fN%OtWF!w6gr?WVHuAB_BEs{8!ij&PT`4z>zhK;U%n72M3c6}K8)#b-2FJmI+
zRZ@a-g_=@c%M(cx&0VR><Oa9lZKnxqMMf1lr$#x6kqnzW8kb}4ZygU(^c0}Su%4~Z
z%DF{nRE3B9yW85^2%JDxhERY>*`!s%Fh$RfryKoF$+Q*7H#nj^ne;w2UPjEi|0R}g
zV%aHIPBqejRiZa*xL8Rxqg4S@LLkZvR${IOL+%=Q%rl^1(bB?4j^Z|clz>--@iM(e
zf_i1(x~s^|VfyT*wHsQWU?H!)s9GmBNE$HEK!%cJfcfkraOwjNHVp;1UuTsIWu6el
zVTW}rLxvQg(vZxhs!mEsEvaz_Q-t_r0X$4h1$O=Y;=5DlF8cJR!RVgcjZN72=Ai~2
zuIsQtMM6((5OrHxpwW}T&w@#4{4vWe4<?la;_b=x0t{SpKdMdHmXViP()H>6(w|)4
z!cAq~4a@=rR0Ii}_-;x@<~(Hr>JSe)6qz^^_jv_kPL&4c%B8|D>g-h+Rx5tAFl8|(
zz^XJ7dZAvoA>1hrnhJ<nwL>Y7_)a$k+i<1Z1^gQNS_QCln_|$XPO8Qid(M9yz_eqm
zAPWw)*Mmk)4*O3V3S-ZdO5^hlc(2g{;$&YAVc`Puf)QVDmE#0dw9=}UzeXQ8zs!*5
z{37eY;4yYlBsTDGS4o)O??B+{PZ|Pa>x_^T??8zRN`99>;-RmWR-N#P^&}|ER~Hmt
zraTBFXp}4jIaviaB71u2kulU!BdR1?f_^0@#MD42i@7lCg-(F>Fh`=YBT5ud&~9kF
zEL6J|_+9MSXkvMQLuU9{ik$+{yGzd6o@Iv`Evx{Vq#-frRC!d``KLgo)@7_LF{qs1
zj7#FEMTIBCT>hD?lz<L#YINX5a>5UD#^vwFMxEB<I|)A~6BFi&epPj>*?DR)#SJeW
ziw{B4JG@R~n~hNtxbf{Y#h@jCg-Vx^MrgDAPQ&|5DFWQ!UYlMMHcvPou8i6&Qyxrh
z)<zSOFi|Td2aQUY&J3dE3ZKRcCO5zgD>QY|#ut0}1PxknTRdJE1XJ6&wVPOfe=IsW
zFvQ3uGrY6+UV*5K`i)J%4|A@>7SeZ|^(Zz)J)2GwyM3<(rY{AxH!D4XjL9E`<&zw}
zi}ur;z?&hFfO_*CO?tD+hYFB)jcaz*oTFP|Mx}w@Y6k|nYPl04piLCLt*?@A-S~D~
zP$MCcfe*D@WXdKvO!Yr#%vd_Q3CL!(=-bje+tNVm!@8lvy&M(W#~o!?I!^G#9N2i;
zB!`Tn+l!of>;efca=S^unoFjPNW6g{Y=k4R;3Cr6^Tm^cbHhoarqxg*Jem54FgG%;
z#2>sfHUYg)q8=QJ^KBH@&bZ`_;!0Nt9CIbEVP&nDc`hS_dr+?wS7lsM@<}e~^e(zg
zDJ63MoPYlgLAPTtOh!`JwZ(m1dtzyb)aRu8?IkPm(ebGF@w8<>P`^J%Fr9E)v+Fz`
z6MoyvGS*k^vh^yJ!gzZ32HePH!Q71|I_tBPSxDqu9L%ae7$zb6bM<E>FIAMZ2}i(B
zS6?wl_nllAk8c<3t+iy>kin7vE3({I_}EiV(!T74Qb%<u{Yrd{yewmCvWytVyd3O5
ztMX38qeX)@LYn#sAi}wlBOL@wAvC2W3~fiU=p>a4B)1(78znoQwBEC8H6)0zYF`Tc
zF_Z&)p-v(RYg_!HCh#gU)a`~ummyyIhe1ktKT(&Y0P%qL0hEoTNNG9n_?9skW;9Ib
z%JVc-%-f@h$cBFy47wUP@>vJLHget@zd7R34E-v<%M_ptK%sKTpXjno;jifhqq?|&
znws?7s}-F|X>s|{UulHOy(UvSD&d~igu!C>%xX|}OoXJ&%NU6qEYG|}PL+TTb44t9
zUwr>?D(yidHWF;LUmqp-_Rc;Rd~{=r54t**lw+ZScxbqOHYjoXZHtDIF<B4KY0)yH
zA~^PE_y`5);~!13=lHHsct|FdNb@a?Wi)>!lzbVLqa+dh5Mo{{yr4i9Q}Wu;elolN
ziR0%dT}t#@vR49&A+QvgV1B&dj*NoT)Un72y>5bcpm8*6!b1};D`1{F{Q13Qt~;MO
zR+8Fq&WeS2IFUj_aPO>rC(Y>ok%lpgN^Bd2Bfw3G5nIfoT*^w}H264a5dSkfjb|U#
zvM-S0i!0f-gR>&LU{XU5Q{}&QPqpMY&1AK|(GM0*k)~F}b>+j6?36!kM<jP1eew=f
zGxVc?-dp3LAm)g7eqqaM?-rsR%1a{jiH+la`;>KA%4ydfY*zP#aWP-=jWKCYI{x0D
z5-tR+8r+U%$$}HD*16FT?C=cGDeWYu>n&A#wqHLlzC-k<9M|SHPL=6y_UTks%A<#*
z^CSh)q#Sr8U@JZQ_?46V@x$RRBZh*!8YYMb*P5f4lI<^Rf(R#p6iMUR(_$DbrPm@S
zA7<dntBfnZBg;r8ZQ{N6pu8+DbJMQZW;g>-#~t15RH1gNY+c%Po65NmgF0ys4lUVF
zMF|D4uQ^rEAco7d{?zRWQhUY(ZhQ<_alNE6L08Yu3TQ-aT%j0kGh04arGX!MqU^*B
z`b2x@rlvEls9sz1YubN~WDQS{L7m-$t+`kRgg?Vl5M@g#c7LNH2DSf;hxP8#mrxaG
zwZX+5UA4b_5E!C}pV$KKV{H}{Mko0aiPK=!F7>yWEf5G-Wd}LmM6O{_@8WwgXnu+W
z4@vN6q#Pqi#Av})mOz)<uQjwOeB6>6!35#Rf%<f_zBk4y%BAYwcRqt&gL)7`EV0Ny
zH?}<f<1r%ZA2iG6wH=v3u&uC{Gef{gx&&M7du<;XT-;uYa4FDaCnILjLkMfftq)p<
z9X`xW#HGM8cl^L2$L`N=J4N_Jm3nOyp{+~kV%8;Uv|pvEmdv&JU*DdMdb}vP%V5%2
z#7dkNdjGb9<I%zd&y-U;4sJ$f%<eSzTC0^4D`q_x-*yRA#bbz|zm8+S^f)ju)cWE{
z-eHRrw@tonC$?+#Z_C(mn~AR!oV$UZJ`<Hby+`5w+BKA^aSev`?C|R}D7-4e<xuJ@
z1TW&mu_%#$A<$2iqujdKnWUO?Fh;Pwufd~bR#|G8NLN^*l?C1Jo#Q8GrAjmq?6p2(
zScq2n`bKSGvcGj(KvnMWcn6rwIHAk!{XxB4VDfX5HFcQ6@@BZMZIdCy+afa5g9A+L
zQR&@1o6t;un8=J*D(=<%V?fk7AgUKn|4c|&jwn6Xw|rRIoU}llEKHgsEtvMS+s&~j
z@T=UDQL=YbEkXfQBo5Qs5x<)?#u5wX=+z}qI6!7GKKj@1V(FQ6ySD(@qMF?uivN&&
zcuV3j)bQ5ZfLctMu{WdeSXw;ctyUl`J2%&~)UU^won+J^B3qL+UYa_pZPo(OJ$Mb{
zicvpYxG)%IGR}4Y&1=@k`7*8jDC)EzP3C~HG~S82Qf`;g)vM}5zVk+Uxz+I5^kg|R
zffJ9{V7{26hqqsR)>}Z5S4q(0m#Hhb1cKL2-OqlgSYzAVh?@*QBzci(Iu!o^`YxdA
zGHrLBv{%l8Z>Q7~LejQ%d_FUUC@1vQ_oUq?++*4RYerrd-iPq4RUTWG?d8$dELgUO
zl)Et9V5Y#aGNdTU-X42-IrnYs<9PK7v%&P-)V#sBxk6l+5&l5P#nM|shU~-KycAt_
zllD3kW%dA7=67BVy9FKO@62M9g9+=;s~lVE-rk;9Yb-uftKZR{WeIWa$?ahx&m#ZU
zta7|%<~(_BFIs+J$R?Gst<f&Cdvljj_Z9)60fGdM_)pV*a$I{bUm>n%I)5L{Rq!e|
zE4eUb?Ct2;&J{3RH@mKwA*9Pu5G=t(aB!Is^g~_aZlQ?p+2q7rOtQj3)l%WHr<SZH
zUrHyT0&<(dXi|z^Cf>2%kU_;X)zc6Y=u6V0sboJnLTM<(9JdSFf|fXJ!~34UyWwD{
zfg^yCOv(a_kpzp%85aball3K5Tw8;6XnDiS*eF`DP5_@{6MET!9m5OArUZ|%D`%09
z%@K_=m_Q)7Sh?Btp(pXQ-Jn5bS+z7?T7_tESx7ZgsU1R|IAjtxYb^H`LZ|(bEb#jd
zQ!OOjls(=`zgV5^Subeh>|Xva;@$$Pj$qvqCV_<DA!yJ*g1fsUxVu|$ch`mxBxrE=
z;O;KL{owBI1b3Jw_r7^EZ>_iH&71qLzgP>JKBuIstE<2IzP)$pJDaTqp)2$D314az
zX<xv2#Fp_zzbmivEOE$YQ|v8cJn^RcSpk?$J(!zlHEoT^N0_J!R@k<Vqm{EC&YG}C
zU_?k#<JF?S#>MyFvr%7*a8VWnD}>WRFISD0B#yxtRVY`T7xPOHq|Uzi##=jH@(C?J
zM@~|F|4P<=MqyQSyxm~+`_=+q0lFzJQ}#OC;%e!6LkcTTgec)x@}xj;PF6*W092I)
z8RbgHv4)u0^zBU&OqjEScly!?-uKR=h*P5v1d6hv1{oYW?XPkPjN;V@t|s(#w%ck6
zBG2NwF=DFlyh!WWEc>-a6RhT$vSh;1aG3RY!3p0s%JF(O%<V>hAeKg><{CAZ(r|OV
ze*pB*vY7Ajx;k!ch((b~m1s_m0A;ovtR3`&0#%jn*#7n5bNXM$3y*kCk?QC6P$q(V
zkeG4(Gr}76ddVjDFDimgpbO(lMlYP>lnb#`qVel~8_g@z6f5_r<oVwu+ioHaWWg<(
zusHs~UNCeA<#@cKP!!(02<%ujsoWe`tZ0-oi1SFevr}0=@^n^j9t}LY062<Li)b;2
zHp9O!76f*BsE<Shxleu}cq=Wcu#@Hbpj;~vTo9CLmdFw%eQY^^cJ7zbQbvUnc+I07
zFr<U6wK4t)Lyp>QFzXdlCMRWwcHz!lZI&5w@NzyydFKn*G80;JLvGwRev#VYm{UUK
zoC3OWU72@HsHKa_`Q(|LzJRXOz|nF=APKIM>0^<q*6*@`il^{fH|n=}()(gbYZ#`t
z-u$HmcAVqC9Sk|&y3vtXnd=fHtOXem*R+@X?0EmCdy!T{7Jc$PwFiuDyY-b?7HBrZ
zDU&WBn`f&QrOI~N_SUsy*#s;+26F8=!DPK?g%sY5H;^j_kYOXu!~l{mPdJ)1Na_n2
zU)$F!UI~?(w4`5gB@#Hfdpc<-qff4)+*#O_!TA)=co3ELWX%dz&ruiX$#t%sy2GcK
z+t1Dq+bE{+I?v?JLSvSjC`&;M97dBbt9rJSmDv;b;Qb>BYB9&a3-=`or#yKmO@eEz
zuA>{r+nZhBZJaNh1(bsIMlEV2DaY^s9Cqv>Dcv?XCF#gfU-HjniBD*`n50NyVRY$T
zeD83Qg1c)5JDp5#)Fa}jK!iY1?(&#N8RM$$3?+tAWkHZogutc$+MgQ%f&k1K@}Qv{
zid_fg&PzwPtZa84OG3xK@5s|~P+|31QpW11L==T}13I1^Kyzi*_Fyw{T2zJY)zj+H
zDo6l0ytql_2{A*pkE8Y14J6w7@@s;-xitSrdzv0AuK(yd>@ZPqtV$^Z8EjZ%_TY@2
z_iGKxQk@Gksg@&OiV`8>Nb4Em(vmr4?Ip9l4@BrtE8m%_o79_JPRevU1PwrBdU3cY
zX%y(Vy8KZBAdn@Y@ZHOfUy8kr>@%pfS_DJ64VLpYv7w;rNgx23XLT~=o$?bTAWoBc
zt1$Iqf>5va>DR8vybJeI1y8MrprBK53s<h`Wg+0?JT$h9AH^B2IaYd8G+H<9_N{dO
z(^2{Bl>EG;e5HWsu-AH+rPI0*7891?b!dLvN8kH^@5y0`hLkSpb$j0jI=`XX-X$08
z*rqj)O?k;2KL!<Kc}LBTu@zDc^GvXHgDxVcyU~YS<*W9gD<iA$1*Pkjg4IKvr9aU(
zCEG`I2#thuc6ax8RQ)wYUM72AE>^d#X5ZEARiE~DtPh_4R$!yX!$#EBCUr!xMvmsW
z->=98tX!lJ9^KaX?Ma<V>697xTwD{FpEI}17^E9NcC5Sg!pa;@ul&q;$4DpDT)%a?
z?R7{^rC9Z6D~Ye}zCK_`X6gR7V?^U14Hg%?L@adzsC6Ufhz^y$gD>`Sq)??4jE;kW
z(wZOWQzcqdcch9TZ7)YYB@G1yGWXM>&H^8a8&BN@FGansG9VrKlGXXP;XLt5f^sQ7
zBR`}{$B1%2{&W;+nLCy12{%(vAP5-B4b&^Y`$7Q5HYbW^IN^78!n|OV_tl&hA+3i!
zbW2TN<qqxn9<B)a-pAV=S_`@%HXf<)J=Ew<)Z&>|xlTUZ@3!V4EnG!m2@M)z)B-nj
z`})}a4uqbgvoea?bhn?KJLoqK9&jxvo2+iqSi>%pmvdb^*vKT=w<qIbr=<*VK0u}8
zGrUCTdHu0$ZgHBx$MJ~6_iDCE!YNQx@pDtkzhMcq1#xgriCs<Kx_S(clX<~_ps}tk
zQQ@zl@6Tdd@zTC&dz=UfgZxwefF988*dqx!(js)L*eeS_+F8DWL5GIohiw}HL8H$e
z&XwrP@xtM|U8U`6XAID*jt7GDq3}?ie?zq~Jd<AAPX2)~z{5@Ry3G#^!Dh&8MxZd;
zpDH$gM%Iy~MPAZA!xeTuJbOSJ8aQ7j3aHjvX#rYV_*5Vrw}tXKVgLozGx&e>eu93^
z=aQhHf^hx~9{Ars0{IXB{mlP@ynprI|9@-(@c-V0|4+RD{GYB}eH$D&Z48y?Lwo<b
zW1DiAr|}ur0j8C@um9CC5nKn24+^|jKKs7G)CTk!gW~9xHQ4?U1Dj4q3;FvEf#60j
zV8mZZE;=&O3HQxkFh%W>m+`Y#98By9)GlULNi?7w(M*M*1Z&dJrXBd22<$UpOd4u-
zy8yTG-JdK}agP=QQ5YW#V^ja4Fu+EBx&%4(9*;NM8nsqK+h<_Fi)Q`|xbXm8bB><V
zC0d?$mpmta&u|Bk+)LcS9}41-qs7|enb9Sszx8&570T)8v>Fb?YBf56yd#IhxoWU1
z;?vDIoh>`iz^(-?ZP1o7vWKLSx!r@1T`>B#ZefsY<}w48;EkLE#@0aQ)l7q<IZ^X7
z7UAg;c)$<>moz$FH-?^`50{7Y&LE@$Yzc(#sR=~Nl3fS9d=7AYP-uhe=y(QuI?&f^
zT7i#sy{5Dvr{mrP2tEn!8XFmrRabYLGtE6*YSx&(0Gk5BTr5}%3(UX^lQD3GQ6*<g
z!qj51+cTrUKt;{IQd@3y5I6if1~|v)kKa~M2yBOFUv_VNhMlWl-K2Q2_;mj3^D&<+
zgVI*1*Pq6ot;`<(-2s%&8GQ#_*FgPCBly{_IM4N445>wOV&Z;|@S?{7eAYf?$lcAL
zAK*oo6>K=-8n+C>3C%5rnhQ(oJUd@Ww460wEnnxW&qTUjRuHk(R%PYY0EA1YoySK!
z5aP+J(D<s0+B9xQ?ZScmd=lry%VR3GAAzSSxCBoR&D&~WE~N&A+l%LCeuRcX<&X0p
zpH4P}3h-{U^IOb&{SYcKCC)<0&0G~yh$Gb)j$3-tG)}ZR3pI-Pn(k9YjI{3XH_I+O
zEN9t{8_ta(mOGw9nol_zz>~`mpLW9~HcwNeCcAD%gUREjxKrPEB8e950k;eNIBB;7
zo|{^Cx(5@ntK|pB*wcMN&DeyClc;U{#|6)S;QjCihf}yTO5Ll$P6ttX)=N$GAkYWI
z8i9x-5Y+MxwS)fj<{tbGT$xS3LN~<qDMkzvb(F1Hfdw!;{oYq`>nD~=7@R{z85c^;
z^VN-n*s)M~I)#MTZt7epcq3l(7<=!$OK-MP-?_F2#W5tGLxDaf&~7Pef4QYvYAmbg
zD4}eG8Q6W&)>ZnH6z{(H{l^v3<2+s?sQ&YC*3PF<%5j|a<now>3+S4gZfD*+HJ;~!
zyFT$$uK*1vY>Qc*vW^k?f}IAGy9RUfPG+k^tqTtOrx$$H;!a&!>!i!Y#ie$XA~h<&
z*-;uz`NN|%P$gmZTPg1Tp#Dkw76eifx|Ie-$D?0NsXShZiHx7*zfuWpJ&ZWxbs0<b
zbhPWzO3>JDy+0RH7GnHSA643LkW&J<|Bm4>0C+@JAL3%;a~?J;b!G%1A&+blwNqLS
zisucr$`&nCier6>PMi16kS8~g!8I40RN|856{ZErDaDvnjKqwJmvm1{{&>kE{rvKh
z9R#1k{qur9pTC14#hvL=9oo408q1`TeZOXZ-Kr*D5c4BD7(Ff`Q+!(bcr;Gu!3~(+
zs#UByKApE!3}x<Q3y>)dC-6>Hn9f2g7||^!Min#Kj2&={_oUL!DxKx3C>Ia?=v9j{
zf~4_YmMZuUk5biufUaF7y1^Nb#pKa}rTC@`pP>BekFa|hLN!)Ap6v%5Q4qHtzV%Qk
z#{shCnMSkQo+$W_W#{2KmojOUZa@_6nES>=TXJ6(%|K2_^2c>|>w@_P$Fr&N(j)~I
z$137NkB?;AThqKem+a?0<pa?&aUM5bWU~~ZNTCV2IF0k!cW)>-_-FJeO~aVQJ3r}B
zGE^hIKh>z+i)AoI*-_Vfw`+fNo~wiX^Jv^b)u^u>qsIJcdpLYJ?LG;kB^SW&_d0aI
z-*Pf#!t|)>b0`-R?5vWx^BjH<n(P|>O+p&Mo4A<h>7-E7IdRc@soYxgrTMaT_|WJb
z$Nc)J5%1mB6fRHf$9XDZ(x||Abt_=M#zI;p+KP0%2Z6wC^0F<!%b4hxb6r#C`sv~a
zRsFm1jD2w2xpbe4=$oRJvjYV2d_9&?6KlH)1fj+bsKHL#Q8Mm_u?K5ZB0T1{<RIHM
zYN}dCkw;(0c5{NQG691vlxgTD>tYm8^Em8QS#Tp}-z<40rd6(bXvS%k^t5Urv9ch+
zI`nvl7ZCXC<+gUU=`gIl1w@-;PpvEVNA3jdW7R}NJg?zrN9Ae9MIdvL<LUjhNbQhj
zIm_ATb$)-E(Y6&;6?NZ8bmJB&BXQ7P-PtY&Up2+<%8g2KnWu=1^%#>{`SR1?IIa1a
zlp!(OQWbkl?0k2U5znu|WKtz_BdVPCJCjJs`%wy}RH^+S+5+>-`&nso){~vkaV%qp
zzMwsiuaC*iG>2zpFP`m>opf*_Xa3se4NexI@P_4LL-j?#yBaS~y|-U8X4Hhk3E0;k
z!W|<D@?Ut~4gk$74x@aje7f!D8HGj@!(RGdH}_Ulg#hE>^XX|ToO$=dkbJsiUSO6<
zpXQbeMRN}@x<8GG)JSSvNvVb;(^goB+gG|RPDLou$?yOYqagQy-tqEEg%3O4a~IdA
zvLH2qdFKHZzNd-L-EMP>qO>%XS+uX@^vUG({IM`qPVmWPe`m53MkWqPDK0GKtlN=J
zvMi)TvqsX5FmC?1=`cLSxr9NyA=UxkEWY)i>7o==rd^nM;9j4Pxg*rnGaE*iBpp?e
z<ZFb4Yynz9LxeKdmYyYuFw5u3e4q^CVhIPHbnbr7HXF(3d}FLn%sMWA>OwSZ2R(~V
zJ!<D75n22&W;ZH>qY9es_<xv2<xgIIV;XKg4QVg5xX%!Y8t#`(=yNb|uXNlk>f%V3
z1!`XukTjZBf)k0LyO5x`Amn=qHA3)C18vac5#ZqWF(ylLo_NwU>1^Rev0crJ?d5BI
zR8$Uw>ik!1!=mo%V&O_+0gEL8+RZa*_a`ACbgAd6F%}Ekbyoe}2A#T*lHv<}@#D|Y
zvipl5Np_qfW#~(jg+il`#CnXIDueO&ML6QW@M6InHbKR|@|Pw3xXfHF$Cykd=o4%K
zwNJPg)V(*EVsVsi?bgmi8Vn?O@YG@cizg#W;t~Tbg<Im}sdfdCKkD#RhOv_o)ur4h
zE#XM?oP@xjOv|fdEsT-G<A)xI|FSzoAFk&?eT+}xml8=*yF!j)qaH=L(kFZ;jvU&+
zfEd_q%16a^!_g=rojjwCnB@wB9bM?>@i#&QT3j`1l)uW$Z9#{T4!AH85a>wdaaXTN
zlFVt(MN1VOeDQg7ypou>!t?_7c!H)hSyoO?&i3~P7OU7Imm@Tl*Th|DAC@M|rcXh`
z@tv`zO+%5^rSvh}bZB*8Ami=t&4FA%MNnKsTXxh*IGyoyOadY=DEQuU7r3e|(SA62
z#9AtIyT}RZi+W8#toNSF^~+N$tp*jbow9<t?`vf0#Re8K;-Jm*&$0T|W1}rjSE+Tm
zXHcjLtAMZ=S=PSIx<)JKeL}zMZ^arR($!j!&(A8u9wFBCQahIg4Tas(3E-w8b|Xd~
zW^bld5<GJ$D*yUvaw3f23Q(uP4DQmCV{uk24pE##aV&J>T(fmiNHv+s_L^)iE_@1d
z$C$(&dPV^-Zpb?ZkMCDdNcG^GY3_gC>m${pXza06671aj@#*7{1$U~g3lA9Gphhm$
zkm`&C1JPR!s)B+=iAvLzuyx9eI4TPS0ol8PmQNqm7yY&z)CC0r>Jpnl>mLEWFIwr|
z4j7=Yv$MSq)zEBdUtyd)wBI{X6&FNTvY*31l`CR3XHDXncy;9@NQ?>j<V!0x&OC%6
zDaM%~e@IKSTFtfCB0IK)P**H6@x0lZca$RN%m8iCeZ)c#I}ZYa%T=kh8XOo{o{;B3
z5B!i3Xjc|X0p`<FNccSRqe9U^{nIK~)EYGho9~yEgk^MEoMw~rF=89yz}xBbl+qr4
zLt`FkeeEKkEcmPH{HLp^^sfuMZCIWn5<zxewaL%X2Ya5`<xGamUKEY377K}H-1>>}
zoSw}!6(`<YZ>PKTo}0+ePH-kcjy_F-iy%DawvY>`6)P7qMaS-arC*vz3X^T1fRV^u
z(=BxhtR7}!Nb5kYQtZ~_wS1E1yw(n$H0#S@@@w5m2q`Jp%ecz%b$X5^NCxr5TTMpl
zoqhi@91X!24GPTUu*i2I9&ZQ?oL1{SK$e5F*vhe{^l!{9NJwP<!t3j>X?rVXePe&T
z84cuYjp^oYA!j=(*}FXu%!4v-N<%u^HxrKKH<^8;pz0sE!3A5axUdJUIp>zMN$O05
zp)T0HP}0(%enGSQ6)lbB?a7P*qaz5-r%%q1h@+(maNHg1(krjRb7}`C@c7-NrTj#K
zJbXUK_7CqBZGX2-o~60!U_~4h^dnFLIdlUpXZ&5)vq>V_^rmiKhod8s_V&&*FtTb}
zG%uu;1<#!+$)w^dFF&kXpI6hVG?xbV`o|S2Up>kR=^8roOjG7zE6Um4?iC2(!mAXy
zxhizc_<F#kr!H2l^7~qcA&nooF-SJDH8+{tD~gMgwBDGr8Op^tjBF#3F*XDOJG(B-
zi8W@dBxp!o)Jv+Qi_~_-1W3ZI>R%&5?~+@p*f3FQ)TzWEIZSE~W$uTxBAoBU4TR1W
z*^?(Ukq0ua)IH%ALAKur8t;CKqbi<{Hx=3+zcFIg@a2SpbC`8gEx~h1?wyk!YNw>l
zwhLy3Lu3tNJTWjn-A)j|roIQ*<ekW}Yt_Zbep<J|v!kBWP8^5`^;=g%1(6F8zXFN%
z<Y;CUDQSpj1wSR4-5u=wF!|!Ba@%Z`t0mSQ=|;36Z;<BrjwS9RE>agGF>!(kJEc?Z
zVXxU-nx6Bl!s=IDW^Klm3C&dp%AJuWvBL2~1pj+vo|OKeomt7-Yo5Ko>;E}95XS`a
zJ={P+i+3vE66y|IrCozK_UC2j%os@h04KxC{psUQfR@AjYsU4?KyKP3(2z+^+zjjW
zG}a$SMV3rUY%Hb5Y&?FRpM|xXotey%Z#EoGof}?K6wlbac9%&$=5DZ=EJ1^5=%lph
z@bqdKLLt680-^}FLX;kF+h3H9Y2+6-Rb^TgCTq*7v1~RHGoF4s(a6=7jqr5!8Yfy#
zkyF}D<IUF#d$t%iu(l-2dMlu-FQhkL^;n`hqmCcZIXM%~v-i^Y$3Lo(H137(Fnjtz
z3a&377uSM*eWcZ4CT<ZA-;y#Gl4A+rLcf@o|19$bIP*Iw4!gLc#Q$wGXB)VxZ27C>
zam3y9#0;}EFp&K6E8~%r8%ryW#H&exqiU+*uk5=gW>ZDv$}040azdY+dYc2j+P<PZ
zOkBot65=Vb(WLbB68R7_DO5hU=%d<}EzaqZ?p8EJGvl%94cV`FB`BvTLVr-Lej(bn
z?P&T!3+T*r%_6GZY=bVGlgIN3>{*{IY7nZPefDt+Dyn4j?K#eT3lcgrxf|+JO!fk1
z*2gjnh=Zgm3;P_@(T8?LZ!E$rxC>Zo@h)zfkdtHt<?v%h(*+{VBPJZ6lx5f>Pj3%c
zwFI9X|DdcGQXP+W<4`Gi=FI(P@XaV^>I@hPBy_Mot75DefNSZi7SB5z|7X6B2X7i=
zo6Tb8197ACG3_AUGYiBtH)X2Q7=orVzog`X_3u!~G&#~fgVTdb2=A!ls=?W60HN6&
zuYml2=1)G{et@OSQQs;}eOv@CX*aMFS<IC`yfrzd9EnXuR3WwW3J1|9$Q*dKI+Sai
z8Bwy~&{2H`*uw5A&x@QD>_2x8AS1}4*$|Y_)u^%P0~eZ_C4W)?(5C=8KGf9IO0}EA
z$~HfWLAhP*DQRdlg7ZIXL_5d_F<ky0MDZO;+HO0I&VD;6a4-dMS1b)j=`sUDfQ`>D
z6#UA7Z)Bcs&(x-L{eAFBU~4%E1<{;d`x?ufXM;=-?z6$)zOX3o84Xt2d_+>U@$F$$
z*-1RFeox|?Ur$mTwmwQA3Jmk<Ag<?W6Ov&z(j|&!gB`($io}k>^ze7@jJdQv1CZ!Z
zRCEx+1PrsUhcMlOjt>wuiq?9hWM1U+YGq^l><7ddQG30Y9(Y#FY=i55hGsq|be4Zp
zOZk@^0sra(|1Zn?JOBJkuH^r+;(zuf@c&J>{+AmApjQtcYC(DHcOPHX{*#=J=MExd
zVHxbV2LH|Dxc&_swSN=2*<YtOc>J$90{%P2q|7&h4e(YF0`*_q<3=7qDjQ09t$@>L
zhBYWrhzIvPLcP&4a&nA7a(+QUjWf|91;`Man82eR+5M^Iu%iKb@<alkuL*$a(IQIR
z1zi>HSYyNgfaV55BUkR_X*mS`{aP66vzMRj3y8B70xk6NW&~3i5)zV!yQ|W|Lavp-
zU&ymU0WF3g?dbbo-nleP2mM^*cRdlT7f{~5f8ojOsG`Qm!L%Uw81}C~rVa7WVLVJN
z&;yGM_zNw7v&wTO#17SyLWJCw)A~{BhXo`R-i9f5ZwN8l@}K!|<f`qTHO)tjr=zWh
ztv8S>ZI>e?NH&T~_B3#@1HVYm3mEQI+w(Gl5$5UR=2MUz_Am+mP!?y-I}Mh5eGhqh
zES%<BK90A1I@@WE@GSAzq2<Jx*S-Q$oR|D)Xq%_57M5!~7rS|NPIg*bA7@9g46$MC
z!Or~qxO=1NT1Stv&ata*+5XWA5EH+gzrN|uuI}iGUsm-<FFL4no}S!B>>$T|T2Y7!
z!0E1Wjw>egS~h>WSy4UHEuHcx(Z!xuhRHIV){(DSX5i`81O+BNvX$Ne4t2Dg@WfjT
zSIx5)t1<?*f5Kry4#W5#8XR$J34Igc9l>7AYDfR__m2M5tAde~!WHU#+i`8tN8_x5
zg8d2U=HBTnp37L9Z{cm$+ntG0*T<833AT;1G3O%ZtrR}I54dqWtot`C^Jh1&-#ZL>
zg5)l3O59kUQ&AHsU!dM%$NRP1{BYNNot^37pTack$NNPI<pqZOfNbJw`%-smraaw;
z+s|<vtR?*hQws#t?l!WMi?}&M1aEI2ZvFj3YhfGjw-WtbEorMfht4XugxNNRwqC?7
zsBus-)b1`UFXYo|RoD(f0<itdZD&8CaO)&Nwhe#orzT7z9s?A6*C$(Cn5FiM9QUFP
zJ3E~9j#pO8Ej(##NsWIq=vNj@O$5ioYS}>s_XDmLS{`rudtxUgc&!OoZhpJdVt=^!
zQD6CG68B7xfWDjSY`A4$o3>bk?lEAJ?C4H+IjaZ(yp1&fcqVkMO(xAmr6pGMdSeee
zjA-frqn{S4cKd^rmZOt?Jo8I#2N9ilJ%vU{l#6xeN2cNTwlnL#vDBt@_a{PF=P{w9
zT%>er_KurBcl0w3RRXk|(vQ1$7Ne#`lZg0mV};m4PGeEt*U1$J(cXC+ka%{z%^y(W
ze%dQ)AvR}yx{5q?9k24wBho``y7j?Di{h&Tyna{dnr}(XUwvURSo%m6Fy!VnC7X{V
zl~h}`#x~wft0T{AooMvP-B96G=bWyKy&tD&iT!lVG>tgZvUNkYw3v>9t4+znJk(^c
z+0$K?Au=T-GTwKi6tmv_LzI`!P@unOndi)I^4j9$BP6LgL#V@ji<SE31_IJW9>YR`
z*6>)@G{8f0w>vwWPW@{3ns%QMfkpG=I<wp}+iMo_Sl?P{sAYXE`>fw+2v4K?4Y+me
z9N}}+sO^WW=;ww5CP7j7B#<C=)^>sc^2UDpBpP|?Js6`Q^h_!P>DnGw{FS=cdv#R)
z_ggaip&+0B;GBhJl%%?PKg#i@0yt~{B^jcKKs3kuXP}3wMwQVrRH4&uT21t_ZP+Y%
zF*cvg@4^AT#_K&0j0oLh;%AU^kw=m>nPyac=*K!S6&rem$bjpQSkJ;N)2TY{@uwR}
zqyP0e1EN5SS_#Wws#DKx5Gen)%xD`A(jX&v4Gj}ma2@qUcUK#C@;CvtPR*0HF*SX|
zyF}Nk!AFDWO1<>inVOtiU&%#kYtVbJA+#vFEPz``8^77y*yM3={i8NSE_6?pF{&tu
zl|qrdliMbX!Djgi9tx_8?4L95+wTs?qglFlP9TlWqG)+$MBva0j4;J{lu&T@Zzp9X
z*W^dW4|QM0!~hCdTRl>Exg0#uwG%~4Y;JoMIy)60KWZNb$4F=Y9cte|tcuQq%UUt9
zo|UPxdMLd4#deJn%F@Etmq=@l4=SzY89m;f!-r#C^oYB1URQ*v^RmqiMi*&DbZ#f7
zE8{9Cl-~`EIy~Y*Wo&7pgN()1*880NN*(U)t0+Z*L144?>By%%n>cb_JB{s%MVu}T
z_kD9qj?u-Q@sVcL!c!xB1W_%_w)TRGpn>~?lf6!s)y>i)_(nJk`Nzx+u6miuJZ562
z+XvVz*bw#I4-4svF{N-#u!&Fm_9m-2I>3QijZ>MEFGYq#L8y%7?k+G)9};TadfCTs
z38-of!SYaY*J|>XXckL&MM8q(1C$W&K3!f4chK*tv_5=pxiH(Q-<wt*=v>(^MHjrs
z&{*=alqzu)(~I@sZH4?2Mr8<*xojNax15QsU0(Xh6ryQ)z2vTQ{cBTG0AIBxn^qrN
z*lGxkuYTLozTSRK%UP?$h<8>G+h5m!5ztUn;#mmV>Xw_&P4PjqCY=7$-p)69g`Jb%
zH?4<j?;oMjYO^=tN4UY-;s%kDF?_A8={2C0Y6lwJ9sL25&6tHl?}e>8GTp6_i<Ye7
z-I*5`7;KUWz^6nSAA}k_J~<sNlMHhquUwC31_;9K=*87_8ncVlX;}ChaBzMCg8d?)
z#YT<DK}v{uI^_mzCnhESm-GyhL;05!NDT(3C?=R%%p30laz89ZQkVbq=O?klw>az2
zJkP6dJl@@B>6;e0_h{uFPug~cO2=fS6y6_Q4F-wOp&qA)X>tXXcQYf?0=uD|qw4C{
zj|T^P>IGbU3?5}w4Q1ttxcD+a&M=C!h+M(?%pXA=_a4GrPBI9}uwzv=XM<XRL?09s
z4A-+T0kQ+H*L7Jm7cZv=a9a47Bq!pmVthu`wXwT!Sby14xch{uZl4>bL)gf3CD$`h
zX7?dVyM7E5m+C>$v8LtmOnQ<#%k5b2+t~a)Tdi2I-+3+AP<3guZVdo;Iaelk2kqh%
zi!mIIZccW;0M3{o&WaAS1o?dQ;w7DHF8i$&CnDqRjO~lB6UiJr(KiRV`}S<ZT6pRS
zIPaU@3+0!D_s|(8&LgJ|Kk#1Me2os0*CK;#g8S78i$vuQ_|{HmPQdmE(`~9tnC}ki
zU=4>cKiRM>S9jDyc>^hK$6Yd@r)qC^_ebUqDAri2U0zogFP&@7gB5CIYD$qb)Y4D^
zN=8^Ox3GsjYfb7gh()q5-QE>Ll_3m4AcUYg>tQRveAYFySC4DlV9qwyczHfN;RkzD
zxLNbZ#OOeLzSEiP(bJkSF*S8~`z(oe?kEsPW0nTG?MN9AdocqNnj$|zQhDa1(T^4z
zv6{8>xIr~aSp*GUZAG{BaV4bOiyhhJlr&?)@YWs0CpXTgecz?k;KTXjl8h@9D8(2M
ze*u1bDq%Qk+ROCXdps2vm#Xr|)Dj)txpGzQ>t#MDS)rGhQ2aD`O!IbvP;K*XK$A|X
zwy6nE2p9zyS9?674;b)%75k0XflD=pQ0aEZ)9#?bu~^#L+Nw$o|K9IQhAMUJL-LIk
zPbN(bB9!7V8dyU0Psp~hkx@{WUNdZdC5`;B6%X+RJd~3(DB+WbN~Et5_6CZ4fa<U1
z3?ubd*XM%?*bXp#M*Aze{w5LRe}Vt<kHGw02Ye&_3j%q|`~rMuLwTpeJ)53T|5@Ju
zO4j21CFrv4Ph#@N&r3gVVdAfH3buID?x5`nmHyks@9*;NUs2J2a((}?jdEI$G``ZS
zXJJwPK+5pffRs`SbSAl(nO)NJ;`%9#?4KR;&x}p;LXI?abUn73$Im*^-Yejxtj4^=
zR6_5ujr<g|90s0jOMTaKve@Wc+gz0C4NB)%t-H<yQ`Wx%3-snGY<DR0Z0k3w<Rb8I
z?oD|XzHdU~U3(S`eeU(Y>%afl?J+lj?)i!Z4}UdZ-wMfP$j(&BlYVV>{kwdg7#Q%b
zZh21HJ#t_%|DL>^O}>6j2mO*u3eP9oj6fL}XlUpssJc1AD`f=ewdb>9LehdIU%q~m
zm4Jpphk674Kw;vHNXNn5y<mp<d-VD41??L!{o_3U?F)r}oQK@LVExAt?)?jvf6obi
z|3e()?!~+Rnf*iDqwh=jIF$PrZ~k!(Ec`>9jqgiD#OF%?*E&DM$$oo@2>fl!KdXFh
z<-eup8)a$epiApwX%QMVWR*;h?sw%0FIdS^!$AL)K@i;ZQ(mE3KG)3oWB4Jx)o<Z$
z#J>5sWl%hNlw{j$dV9e<YME~`#yO%!N%+_k@56FbB5sC5{S`pK>od_xx3sx+B4;b+
z2drw*R6|!g4C1OgN^FlU9T(;JR~KX_PF7@xDU6FY*No6ek!7j57DPWbUO|Rg(A!&%
zeN$n&W8WI9z0TbWg7?}?99BjnVULc%!&eW4MpSW<yl%}9cEat$wr9aP;W#(IB1Zpx
z<DM-+C3rCf1ue1i^C!n^TJg(cPwV$UCGcm2Zt5_MA;<$>L7axhz8e!|&tS6_&Rfj;
zn->2OLG)2-SnK#kyx`JncGju;h=tGJ%^a>W6k?!01(Zq;zRDFKRr~(N7>Wd{C*Y@S
z@(4MyO{D)Pfj-&*Dps<{FZHW(P@_n>h_k`RCq2-Ql98p@531Z&@o~lX2`Uvd^vHnD
ziG*$rZedl_%jDExy3@?6t6-(cv9f&2uVo3OFLl|a(8lQz^g={&gyb3y(@ty=7Wz#;
zYNUm7YiKTe?E7b^=hm_9hNV!#)$LZz-(~Ox7Z`1Znn<r_7g4HD7zwOxP^v4dPbE*o
z6HzVWQYo_pi8b`zb644r9Zs?!IL~s)PYC-y7A0HYcEi@<vd)oo1_&YRaDTp@I@Z32
zmX&~g^Puwd;{tr5sKJ@zpF{Vb!=={q@dek5e~h!Hrx(<~g=JjzMbW9e;0ssSn>F!y
zs2Jv5G5Ht3LkhZ$J9@N2Z~gxDtL#2W#st@`1hI#U9^y}Abn(I7qx+Ia0TCR(C-lAe
z$)*#ur#T)HZq~Q>T4!AFT-cA9=#Uv=a$ico33S3q<`TEMd8GW{7-IVLG9s6}lbEiV
zJD7e^a-fwENRf#yZc+Q`JzT=1K#}Fa%9REI1|eSbynS2L1O22jYyv#OJ--cflnO_W
zl^D90(DUI6yFT?xcCbTA9*2{Qux^H#jkb*R1BNcGy^1l4c%`9#2pA?sT}+#qPQRB;
z0O0=I51A!co;`BrqO4nn$;AmJ458JBtib6yMAmZvY;+-ol{&K!yURGO4*hziI@|b#
z&npAFmrA%Q+k7Z!UctV74tEvyDmktR(r(86Tb2jDS*vU4qi~pn%yl8CAtqbGr`WmU
za@ntjw_Z*sggc87ek8uc1aLBUnA3T+zdlu#*SM=O!mjz!T`{>%K9wmFxu%B{<IPC|
z(OjMYow24WZ13WGI^$SZ$5iE#H=5tV32A?*@}Q;$S{)-|U<6VK7}7Mh{W4f}THVeu
z)yj_I)uTT6RurzyW~fO3Bgs-_P)^PGF5q0>hET%Ir+jua^R7}0Z$qrRwv@;Cm!_wZ
z1O4yR&X$f<1SE;td|2~NFD$wZ=#6m(-M5cuzy^&1`TXgoyXgFdOK9XgEWi2^Uqoq3
zAV(xW!lSgX^-HUM(ja<gb_6cfZo>6P>~85Qc9YR-k681K;UkJ)(7tdj`bWcxE<21#
z$v@s`mM#|WDrZP|;Zl7I<Rk6N>QiAD|J2(7GLr8ZF2i$QzsNLC=O&r@dP<AQh)rkS
z1{8OG_&Ls*$w2&S#f}NzMBp2o--E-a;6zCnO3Con@=mj$x6Ba)CF~hc3DRwTicW<u
zJ>=A~L)jf{-*qM8y*Mjw`wr8>O$UR1LPFnqa|l#+SFtc-DnJhCxOA7XTa>pQd)%Cc
zx`IWDgdgf_ZSwi72KP#fRqpiIYoDz7iUG~mN%znKo}L0eWZcdqp-yKn+WqYI>(Q$3
z?oMn+PKEVu0|YZpi@bL{)n;5-1Rlc+v6jwXs7zGw*30$jf~v{{eG&ATi`4OR>5r6?
zr$_%Bc`;jr??Wy<OjxxSf~xUwx+_K<_4uyFEt*-yFW$Y!5<u9x)F(8^@WEia^8>KL
zYvRJ8_0T)IgH?z+-B~dAoNFuMZ(~wf;PF=zK)~7xwFv1C5sYmaV1{0kB-dcjoJ3<H
z`0U0ktQt@0*1naod=FCWeq2K&+<|JVi&x~%3P0b8(s!2EI2sYcHk$r9QR}W{8@-=q
z{M*F^B<i6ilPeC>u4NobqncKu187+tMkwy_k#Qrf$8*f$JkXeJuR&01G*k`Mp4~+X
zb!t`7W{2)Ea|o?bNX6=ZEQ2ynVAZUYB1p|@!R?>nIa_z2MX(4<7hSQ#?lVM18xzFC
z=fj@%BieWemk;x2g8;~+J^pAAjyR8Y?Q^~VvrxZxFg1+1Q9cWe#bTL`4)}_K9)TnL
zh$TKY--?j0CnchM&(nurBRf+_6?#rgC{`4&jun9Fv&`b%lt+XWHP&F5t&3%edTrUw
z8}z!=H)!?XbgVy{x;i-Io5>&s-+LQ$o)Orq_hZHW9V!#QhPJM-k2eNj#jq?9dvKfh
ziCV-fafUN|wQYb&F^_bicHny$C&ITyUG95N@`%)*bkeACPSmrM!eIcpHwAoeRMfFx
zudn4y#mCQuueD$bMqvUn#wdvQbWg)AM6rCRY?)=?<+YMjOIrsb7xR7<ex6REqB<>v
z=%JJ={%C$Jgy)J#f6`^EuzB>F=3p4fgC7?|vey^J&84x%f9I2bbRCeT8*Hkc7asFC
zG4!2x?Zxf)f;$M^iWq+k;jdWPoX5Dc)?JE+JL%1wX|dV<``Wb0+J{!_aH{l5CGGjK
z-o<lu6chid@;3R^JQ@-#C}?kX<nb?@2js*O{PNmg<OP%_A|$>E`NsUg?h@>I-S6Gy
z9nqrRN?C@yXUh4Vh(ZY%HY<B;`$qxEwa~k1_Pc-yX}&y5<HhE><4N5-Ia}>eE>3*t
zvhIxmPIpw#n{^q-Gh&f#nYgaXOkE!Q_%xpj0kNjt%H6&(e&%SB{k{y-Kl&?M810(p
z%7GM!BXXfw`oo{^yHh5O1G*L@jwh6CQL<}kpsJD>E(}6i%)l)zdvDMZ<qdQ@%VlE*
zM@x4(iHN~C=4j_vbV?#~ZS6fi*cti2oiO(!9%S9dI+`i5{-fv`TXddDHHTu(;R1r1
ze4P((zCeA^+*~6j)|PBJF9Ma|5N|9)JcPv(_uHE7XzQXwIFw}(T}TK_&X@?ff^;H2
zRCH<NSsd}e;`!SF0n||l%9gdJHbzU5a&Y)K;y$wZXS&?VHS^HNC~f+0$YMUTX@$UG
zFh|Ebym&lZMcpcD`nk+Zha#clWT#ZMN9!Zsg+y9bnV<Jk4fB>3Wd0B)(&i}|+nTG4
z*0D2{3@fxe$cfmgLm?_Dx!OfsDd{jjtnKTy)s@Pt#brSO(NfCZxvL)v(DQ<+y*US4
zO$~l6%Y2D;^m|M+raV?UR-yEYZaS#&b&&qOEA2x>|Bfn<J@7Q2O^6wFJ1D4?j#dj9
z6_V*}SvVX`#d+ftQwZIs=?E7Y&6;!>llrI=+4cdJAFlATk9ZpDWs*;BMfK}fV(|{K
zF9~+wV}EUV0UgfdYDNXpUn&M#4yg$u8MN}rVPz4^iSV6H<5Ce?c|WMH5LJY8;lXhC
zc@{FJ)2d3)hP4j<3@{`AmSvlhC6XH0DwWt9M7cZXEkzLpceA|sRzhvOXgM%xW!W;S
z)jB7I?%a^CxiD?<LI;uU>92XR0WC0X0~)Ka3{WWl!9I!8ee)6*z%!4UuQ_oC{Dc$E
zal?OUljXMzRHcd~zMnVUAJ|3|{PNB`XvKR&?6efJCiWACLOhq<x%eQVvz^x4Qy&YZ
z<!-es7#0$5gepeh|CqvtxAN(OZnOn~e=G09&R_r^_v0qMT4@#(oxnSEuH+5rSVH||
zq;&g8npb~xRYwfO09j1K0hmLZnn7O@G22W|8mR-4H1VoGzi*wkdyS6q2v1v5-dknU
zsb8ced`xN<2)gv-V$%GXKkF%V>%?nNUP&s=??lm`g@X~mF5be8SnHZftL5CfynNW>
z{M||uC|9k+D}Y00)>a>h*Z1=Y)*mDt(0m$p#yCRW&ZF~01g1YxP&iRZx(C1B%*&WO
za2=l~PGzIXgsTa>tU(IXR61rqC|$BOxm?Wfn9q!=zeDxD=Og5cuHkp~+}5kZkbA`}
z?p{ezHuU)YtrX?{2fXMguG6L;R9?6<chcuPp>~o;=jmuX{I=;N(oU=yFH(<R`unCO
zBv4xP$6MjM?g8@2?-I?wOg%uOiyHr0G*3ESbGp)#^=rt`H4%Dc*G*f8gWYh3xBB4R
zA--{-+?JUGMc^;(xGHLtymzqTPTMhR1x-oeOS!mH)=Db$QnF2+=v5#JMGh)-M!d6z
zvM_xyH7OP%#WcMBcX6mtn<8$-N&|fVx5jZCaxeYG#<GFY#&<Lo7RmDySLcLrzwv6^
z_&uV}u!FZuuJe?8S$rmKLth?zXAi9GaVD<V-SW8}3iQB!e5nZV9x1~}zR8SlpA$MM
ze@zXmt4rCzzx}%pX5uh)gNMT8`|b+bl7`U@mAKd?8?*?sVh(!U@N2RU@_)AQ;TWVS
z$xWkS-~O2bMqdQvzPWw-d#z20_geJbn7AU+aX8t*G4mHzsl3a}9~84h`%REHw~Q(W
zOx3{X!YprpMckle?+uf91@G-w7oPJIy)pKytbtCuLAxgR1kK1b`W4M>xo@z1j-omK
zvm&g`JNEPKK^9o9b!#6x%@sQtxl}$%h_j(*&y!<Q0-87TVnoD@6+}tK3x*sdI`kU~
z3_dVNjVA`ILQ$*UG$?Nw)>Q?LM1md52#}`?>H{+HBDc74NIP{~4dX0=zf?GTs|TtL
zuj=kB-aIaZzoWXJ`M&)#n&W4O9+`w3)cdMR66RZRRZXm!$6p9{2`8AUHoCLNJXX-t
ztOe-Kh`_-?mdAczgF)!pU|AKqTqlW61Q#rW2P_7MZj|?p5E1E1jILeGd^mP|svy*j
z`}896UMf~}5+WlCB&spVNDPvox1w*`Bt;V$KAPuBWihSce8PJFS{p6rb2%&Ae6Ohw
zm7r2P6*i*vU}ova&YkJ-yk4{ge3cJrGALZn=nEu&6T81vI}5W{{hdPhb^|GPkBQ^w
zYDVW90+RTl{5Cx!j<RIU-z`=cg7O(q$9ycg`qd&KD2HffF#FLs4WWBcW+RX^|Ljys
z?WLZJYQ2CIqc@Dp1miT)E+Ni(=<Q}8MYT?&XOwnq<Em<^O7vUPTj+{1D9xA4=}qHX
zMby9q+{Zur-=)?Tr6gqZ9bcab)$H&g>hEn7jzO$0Z;j^*O{G;UwJRBdoXN#qqze%(
zC-}vKEi?pNeV79Kd*Apnup$XroEE(?tbs@(=yAu3g^Y!$9ZHZnk<U((2E-;}dHrU0
zw5#}i6ML9RPshbl&XG~J1X*Ds%3LjD!6pYbyT}K;x&OpRo%p!#V~QkM4j1X)Hh-Rm
zb9?+DXL9XH#W9l3hK<if1!r%CwhD*ih3nc{Eb7wqy%<09Z500oh0cgE6M>O<ThIo_
zeBz&@rknT<K^h$Ifwm_E^yxUYV&PQyPuv*%Cj|JF3Jm>k_(MB2{WAG@=}JYK#S&|Q
zZW@i$g?NoM?L@l5M@zNJZ*hoKLUL4OoHiG0Li##`p#&K*grTFua_@8A%QWMUZc&$Y
z<}h&L95K`Xrn8+2ekhxKg>{wHLVNwq<>Ey}n8fvQpb!IYMZlHHfulp1)$&JeKP@?H
zei9+$*RmL&bkO;4<U-j+SNtTE{cMH`0Q=XaJb6=VGonV;nV}cn6By#W<RM%vvM=oN
z#Y{A|$2blbSu~MHG`jc%ES>8zzkTG@&iz*UE2vP_<;%|S%#G=~4vE;WUJh3VFQbG7
zF#$|NDLl&=^$sVr3GXMG3T|~m{Mc9DM6Z5+Nc8cSC3lOI%r3oqV}^KASgFcE<p}7>
zb=8Vk{9yP)#}HB=irc5OXf-Ezx7K9tz}G4~rxbdVdi5|8s}QVt5XoGOBPXoA*o-t@
z16{pu|A$1Gey`@+Xj09$!i}ZnsW<lt^+gApRn@YSf$o)wwt-&o3sa4nszzAqkh*!d
zZtFQW;Vk8|1Zkb9n>^3+zW9e~EKOirU9q`_V>)xV;3HyiqJzf728~8^YkZZ+uW3_x
zrpH`e`B1?sranv3@;KG*s(Hp7>p8}T%O6Y8hSyrLy04UL1L?{`)M^a}tzu8isMiPG
z>UHTgUp4P<RwC|E^oJIg^UW)MqY<B7tldAbm%6`GF(5Y@Qh;buv4mr&PH_XqhQ(>Y
zN{_9Dx(P)s?_N!R^vU?L@4CZcEi&0LJn_zndUyZF`1syv2L)%Tb0_^Fytk!=LrVV?
z1Yf$sZu87<mxK52_}j)kGi76^xrP%37|%_W##(nAUNCRMURKcxhkq*fY2caE8FZtY
zTc{@Xf))uQ&ok<&lYW(V{Q3ewJ7^_0QfZY-UH@q)d+_Ubs$fDqG}<Aqd8R_1=Z5R3
zT7I3P+iB6cxU=|vMq$gQad+OH(n1Zt<715GWM!!Gt2p%9E*h%c?opG6IV*SX2FV%2
zCuLz~VFW6}K~8h)iyuP#TMEYs6sK&jSzFgkd^v|}ISje(-sTW)^Sx^abj+Kym2ucG
z_mP4GBZb!B_f)NjC93q{Ctk;EJ+i$N*Vvxb%A(T&H3@K{9kf#pfRXzb#WoAJEm^jS
zWZW^QRUeDb9(I{W{IEo*zv5@EMdpc?GrkkiMd;^+pN%5*dfyjDWK3y2m13U<*DprT
z$Bu<EWg#!C3XQg@$>H(`Fh26s;1F%<E^hYa?Jd@tmk|Ai+w5Rbc|K0RbQaS1fx(E?
zE0$hobneb*YIeFc`m!bgK)0plR%((qQ=@t{m+o($;FBPeu~##Bm!OzbUWF)I9do3H
zu6(DdKC@Vv@<rjyl=}=-6+(kib_L};jq<WbonwKxgNCsxVTvpjsO)=q7+y(d;9B>c
z=be;UyO7V)30INk?hzC#Bbh+GNl7^5wT^{Vs_AGAk9nuv^z}_Rzd(He4Vv0(3EQ2W
z-xXU~aF4P<N{wIDs;8m$gd(8#pfAPdpk!<CXGI4GR3tKU2knza)UW*I>s2SVj1^W|
z-}ILG_d1J_G>9&B0X6y7qCKeYsNIKDPN?!u#Z=ueeaQ<xoW9nGUmZPz4BOXYG2K_p
zaclgEd$vN&-}M-vB&y?g#Yl>7BiX8&LYv^u^Sokgfcr)H^F-={l8>a-%Y1kPH#AYD
z50y#$1uyGcpFg^J{)ig<h{R~=DMGN|gMuVnpKZ7N3E)^oVQ};7Mc6{WHd<umGV6~U
zyGnHryOsA{uiVq9ag}-oDXwA^s(#1t{wVOlV@<s!Kwhuq^J9mbe-m;5Q?QyKC=PEi
zUUdWs4rht)$vj+($conc8c_KTljOxFA%VU`bIHX74<acYee6e*Qf|o+sUa=cc?5)J
z-~L7m6BuBMQikRe0dTwMp`nqmQ0!?g@Myr*)<%UM2S1`*<mJI>J*^F3n2A-A!+dr>
zbEJPSGf!#jJGa-gJ4~4Rb}8{q;KEeua(=LRQ?&=@bb%2EXT01Ie{~;k-6y2fk>pHr
z>*R{NOXyYgO7^a+V%X~zwa6>^#<>R+?#pR^A|$|*IT2Fy2cuuy)x~+qf`K-l9@Vs*
zGd9o(@3W<2Tr2BK7{SYo>V8t6ADtviFXC`%@v)OX=3ku-XLcFB>$G}5*&6lXOLC<^
z0DSExo8zZ1{*y#WsRL(6NEijjTu=jFRhpnhaOk!$KUEo}DVD8O5v->F<XL`~Aq?|j
zR9ZJ5_$e5gvm9qkxhWO_ZjdmiCCbp$73j(2{bVCWk=Kor2{TD6?H!?Fk!xGr<(1Xt
zlpy4{9qB{KB30rB6FsVdLLLe$OqrvI9BQq*iK)CKs#=bGel2aFeXw3obGRU*pO-=+
zp3wWJG*#4Z2i56QUoE^!5E1E`26;sc34Qnxz%_lZ_RglM=?wK_|Ft>2f|216v*b%B
z@^QwovFK1q`ALQHIYUeZvRDK0UL8<vO1vuk)+(e)=_4xkZ2!^>8NZZd$(zvZ)ANXJ
zIy~#G>+#%Cmt9C~)b8R;W17@M-<sF;&X6XscZ;C5QkH5*nHRsX#mB++#XnLRZ=L@a
zP><4)o*s>5{-}y<vciYl`Brw5M2c6<=uUJBdN!PhC$*E!WNjLY;30vd)TA(kJfqrC
z@`*XxO&oG8){d-bv*T>$ra1MHOaw>E^4H0vaH6K=uU+sD_}^V&D0AzaXmDYu;?YPI
z%I2JYviXzb-TLvf-}uKUm5Bxt6dKf))_-&y$2DWVBn1?utlQ}kn~zn}HFH@l-v<gu
z|Bz!pE_?9)*+3$nsCW~<)2cH!`kR?SE>sh*XV@LQ=FPKm%qWx*f2xEG_K*>nPYSQ%
zl>C>LoqoUMDJ6(yiD`n-?<-5Vb|3R-d~c`zP6&xja0~~rJS6Y6K}LMxXZ2I2v~$Vj
zB|mSNlyt!F+q!ol6(dwkf8RItG*9Ah`p}8aM3jM)62sn_AI>EU1N!Q}M<TrOXt093
z6eklLk#+BV+fuN<07K4>WHHb0Z!-R7*zNPR0H*G;@1KhE5x4hm!bkr&*<5JL(<0V%
zuv!>63PG2ezN!lj*F&vR8h#y80lgr*m?}{)Z;M_EB&+5AUSU6_`r(Eq#pY@q<-itN
zBbI2rrj<;and{;FL<xvvPu=ehNN>}fIktov?|a13)>JyAEbFuj_eH8mUwJaa<%IY^
z9aDxTj5pxE<Eu~+ed=*spTQyHg3DMZY81p4IVzoN4c=XPdDNa|V_tUtn4ViHi?xZQ
zb*dK5oW+5ty5A~q?|jl-^U}&sYfb0rY7g!C)+ynNl176r|64Fb`M<mT<9=el#0S*u
z*F_UQT=TZREIy!!a_fX%DJ}}MFx1S?uVekydr*;BgZ&dq>=#Ik_tqmPoI2&Jnmwvg
zI~?FW=y)u;Cpp7EVi$euefAR@+&1Ms(F<fgUgxKyb;z=3YW-Xa{`atB9*)udA+(`O
z;g(I8C^9laYwf99vSpqJI^eQL-xx5^QGGOFsBF$-J#BvTIJsg@*R)bABaP|fyqc7O
zrtPvdh)kC`>c>~hb2BN_aPca%OQwBisra6QMH;}LP0K1E)Sn-$-7357onU{c#)uyP
zPiR1y-JX@}T&zPfG;r^rE@l@(l4I07obZn?`}&xJwy;9G?dpr@G#vTj0p|1HUq{kw
zPri%THr^21<j1g>&6I@t`XM!!uo=uJ;3p_;2Uvo8qGDEN;48ikeV<_7h_fU`nHJdC
z_j)8G$4K_ZLU#S&vZiQne!gOCd3eyIL09HBl<iOCquUuL2g2{7J=Gaj=mNQwK`Oc^
zjoj8NPrg)2uQsgc9CPNRL*VsOs#!C&MGInbFS7iQh~JP%4p$J-5#-eS_2K#Js=Qfe
z7s++saPK#49$%TS9T(WESe+iMt+jQ+b1nxZakw@^&BL&SbK>|(+oWdd#-u-%ZF{}#
z@_w%(5?`hv%w22BY|p0S>_L?z{c@n+5`Ns2Wo56Ut8kIy@-!(5krbfged`+o{n@1a
z0L?7AJIRl5XXtg!k5UG_2$(+DsCeYi2S3<gs5ufS6Cico$G226j<>P*{3q{4NvlxY
zH>Yg3-VY8vP9)udanbXk$J0hccpvJ>AMc4T9AkN5Dj|~%9RsTx>yrd3Z@b75HRP6D
z>uyHcoLN4F^FwutQq%x#?5>oqP~C*OAHC>bYp1iaiZ~5bh*({pLqZ1DdvKn@&b;hS
zkumK&`EYM-L|<4BC^Pjm>$oO3d<*2L(p^h4Cu+4sM>!qTfeFJmu|6~$CI=X|y{;__
zkobBL`z+1T=Ap@<9}{n4@m&%~?a6Rn1QBwjSr%G+DaHQ~;E)GYv9)YlCr^kscE}ts
z+6*?O{DiQf;9WB@IWKUbwR8<={|}O`F*=Z@Sw|b&wyll1$;Ngzwrx&q+uYc;z46Aj
zZEcd9_q#vlbe*c1?y5Q6XL_ou>M=3*si+$$LJR4L$_}_|Itf;N1Yc8Kj?FF+tKe(~
zANRptY1r7_We~7xJRQBUzEA}<R{N#qFI)8Tog*LPW?fs<{+`rKrO?;VTLdsua|+Zs
zy>U1EkO|*czt^$>5V_E>3_}ZU{?^3-XN$au_>QLkWS7!GShLdmAgBdpzkhdJVLwf6
zLjxUN(3$8=ez_iaun0d|S-Gj`b+w|a;muY%(wjd@N2*&Lb=_F7=r6n{ANd%X!QYSr
z`<>5)M`Y}0NB`;+V0TnJlwi`ZY5jnZ#qYZZg((G>b47s%B%Y3@r=#&|id`;CMY6~2
z$zbb^rZXeDQX+P)TrCyzbAmgerrni!gCZ&93ir%ES6JzvGO$UQhHB6LNzk6lq}MNy
zm$McaAWQQ`?}a9+sStU3UlsO_d$C|i{SOzOxpLCf&DuH2^i`HGaaAhww8DyD{FJBg
z!(AV}My?Sk>u!HcZEVjeLdqlyUU2CyU05kzz@@INexs<W-Xe@iy41O<Q*Y^pG@7?V
z^n$fI7JS6rpU~2o!$*izr&?9f+t}7nqk1&y@hahrHT6&fN>jC&X2lFVVh2>WugK9D
zY|L1rbF$!lmi|C1|0^&Ji8-<Hjm~gf`k=?9rhfzC(~|$09BI!Bdo7=(YOBm1?)W`Q
z@F}R~HDv}m^eDr#ul$cwsj8aivRYi0N-X>T416t<Jk_H<B4qQ}LFh{~bDa(&!E;G3
z@{fAj8Fb?nD2P=umd0fH)z*zOO^PMuMh~t$e$-rT40Ha%B{u2O66-sCAvVHr;H?^-
z-N_th4>d2G0|}~8eD}o7&<G>NjXh#mZNwUvqBGIFu(q>smR(I#7cjqHwMjl8h%T>N
zsD~uzGJa}}?!S!@TUy4A>X@uQaKH;b;BT*I5kH!38BU4l|HJhoyTBH)qc}ot&E2`k
zaLS=RB%<`6xpQdMP3;;(2gAA;&}Vvo+&+*M$Wi}h8Oeof`-3O|LbHFdg6Yb<HC$?Z
zj{|m`_lqmcTk@sF4rMum-Ey-kwd&dbq-?LAH5K)pWc!r!SU1P(gRn?-dIE(mLEa%V
z;&k-8=FjkH?VAkoVL$P{T}6u@vF(;2iCx5N*7Mo^XVZ>QyBaWVnOf>4`lUDl5|klA
zdljm`UZbMM=8Ziu!yNUTeZ<%JUe1W*W++Blb~FtCb-B^Zv*9|1vj3liZ(Jj$;~4vc
zT~#}8ReZp}d3d0CftIb(KGTQ6SMZ-W>oh$CG<E+Cca%(&`5uz5Zcsd1cTI2%r@w8g
zFGvMmCSaQu!MhCgljS^Klk|R!<1OHLmRW>$F_E94+ljqWX${v+5rkHBzhJT(6JU=@
z61a5zWl{j!@}=S|vl48x%9r8@WD94p8C~^W<2L9iPsdU7nC6mS^KZ)V!U#ot*Kq%(
z4}K47>8X0_oMVmRw#k}It=={+b)$weO!gKi2nRck2?<AIe13D8yW(rlFsI-#o<<>$
z9b_vK0RLkLRlT>u2T@zmeWrnz5eCf-&$Kb~gBb-sF-8#Bkz?8@G&p|^bX8^&5nlhA
z^x^~Us#=8C9JC=Zm$S9D@BS81QV^{FEr&131JvG5t>`K8mzHkqm6=@bUIJM_sKEvy
z^?!BCau|Z!ULs|366&jz(>@HIi#LjU^kRE14ctq*7!=10<UDRdcPbxyo<*KL9}x!{
z&wXy7ZZ?hyLW;PzC)FMizNo4dhwy~y65EI%i*KO;_gU@?nI;y#Jzdlryzrb&Pg+jM
zM($V4or{}T0J4_j6?4||2XJ#hLO<DMWV}!KCuoh=k>ffqBzhC8pO{e8_r!+;epk32
z@u3G9vX1xi$&<pd<!doKlbInK>68dGM%Pygd>MTsKE`vokTDOC3&f-=9AUW^o!yo8
z*UwGRc~g04eRw{YOf3Jk`ex6EYL*H%l84Ify6eo@=coYv#~+s*APSWACT6Vt#Ma(U
zu~K#sITwUXY&lq6eb-eUf|vn_3FS;lH^nS1Vna-#I=)7~gfiT6)p!y<e%fZvT6;Z5
zN_eog$6mCmiKhu1u$K_udEnuKw`x>hF}BC{Eea6)-H(rC(>~s2rRHYcta9j%9g!1A
z<8JDe^KM}7dV>#OB;q3yPKA0Kd#Nym^eq1k=VQogY%w0g@Mh<X;Jh%rDXtn!LP8vX
zK364O$b`BhrM<7@0sExsdbuXo<1#Flxz+dm0aIqnk-1`Q=~WM-a{aWm+e<jnaJ&tI
zbF5Y|QNXxb3Sum%Jw~ZLJ%nOe%^za5zW)j_w&z#lrpyOWl=9?!D+~`^=WaJyWMz^z
z@82}oI*YE93-4BIRP=xMZLQkk{<0EX*6uPia-HZLBk(lFYZ|?Nzx;f~*ZpYg#fMws
z4@8%TM*8*>*qcae?eXM$7+8<nvS8<`<d$+%;MUs|e*d)amNHGqe?1wx|9w(H+HKYE
z5v20=0pyE_y6K<!RL*~Qm*Ar4@i`;y8r58tr43>sZ3J@NoOzY=+zg34DYiCk75;N4
zUMR0WQP@&Wjw}qcb=>?_rQ*4)Qz-eU`Iq)7K-B*v82%=-G4j03R=mmRI+*n!RMFzH
z?0KY{__IU7{8GfGt>l$d@9CfqebS3I-Ep4F8i0c81<$VuO-k<(%F7h1k!hm;dR^}%
zKTpIVJvW6fk-m=DDiP;G(eq;QwglOWd?a>W-N0YK=l(*Ww?FJ5x2fheB+vW{wE1Q4
zD}Xa8KfHM2r()WcEYp&zDUbx!)2(xp?^ENzM7JWf$u)1QDrr4qi=<_P!DQ*v!73WM
z1u(cYt+--@BK9O~)|w!xlBV8YM8FlP{q=;_Zq|v;>zZJV1;5BREd4qNZB*3UQ}dpQ
z=61Hx-eKF$-Z5#-joYF09J)&4V&>N!-s#pnx8G86Y+Y)pkhz~xsK|=F&d+PkT-9TD
z$Yx&KZt7n80S|Q}v{EPYcev;(`Ge5(1Q=2NaYBs4^Dt7Lud=}NTgk_}@MT^jT$!uZ
z<k%gSv&@*EDJbX9X)IL<197#Y<P^n<sa=I&PEw0liB;0Yd$;=M@eq8H8q?~z%|oni
zGpnxVICje)ce&ZG+kiZBf@E2^WJwt~<DB|h>Dfcj@X@-1Z)LDk{wo9s(zVsrz@6VV
zU$ZlrYM*9sm5;kUVX3y-4ykz6ro`BcXI{NpaN-~ssb%6nGS4(3n1<$(Kbo2Pg7DUN
z%^Zy*zWPQ>iTonxC>mM(7<;QwgCC_)eXidIY_mq24&Ksn#9S3bo&_Z265W4sZ5nbk
z?p&WB8M@Nb$~249wYuZJ+%=hr0D=+!G;h-)=w*k-<}xQg+sC4G{bJj`6Cc>y#^`6q
zn7nm@&1K8)X-C`zb4FmA?mz3=z|`bs$$(bY@`sBd9{zAc6i3KXtYp%Gl!HL9V%rM%
z*vP{~K=U+5+%bQ-V_pg6L&iM6y!RDo;%BQ@4*Go?gBgaS=XO87Hk<jK5<uusAJttT
zie04@_W452RNwL28)VUiTBlo%-7A|?^VzVPh#}2WMZ4Lkyn!|Go2n3qFUXRaMpP5r
zHI1&dW!uW4MlW2d_e5$>_+DPpz916EgVCCh`Tch#S6=zu$Yh4As7r61ts4eC1*g?(
zU_WSN+FTR+9G+RrY<=7GKj1ItS>1c6_OA*H9J<+`P}&)|4l6Deq%sc%DaB&L5h=|z
zxE()48Z<F^gx=RPAE2Fo%FM8~cXd~@7U1fP<HVm8(L}XUnC#B2Vx*Hg8E?u`HSwy$
z7HM&h;&pE-?RII#l5ftPa(Zd|;@B&awRiLuZQvoUKBj`D>UadI^#CSxlIUmod8$8Q
zajY_XP}+WV$h20RiELpNmf_6z(|BAiT*|nCCVC3RhGstaO}tlr?qKE(Q=K>aZ#j2h
z{{`4HOX!gVPvy$u-~K>XuUu#ahH8(v_B)i_G|gQU;{!zc1iUbla>ng)!ttZgS9>QB
zn6PM@37MmET%qO~1AsxzXRY)~0_Z4XQ5GA$rWj7$w9bJ*Y#wfxI+zGz@ixAp9=hNB
za$@vOA#AzW_YnO(8zpQ9aY@08f@<c|m>=$veIzc_rHbMUFQumb?V7PkD_7p=XN+5w
zBZKE|0`!zL6XMa>WmDpsMm>Z$^-C|MkPDlYBiiT8xg$sXi@+ZBV^7xP&J<GX%tLAT
zdk)#qL_g=5BBB?_KQc+7v)OMQRVISfn4D*}pHNwghuU^u+EdxAW=_Y;Xg=AGNJf*}
zqGw}>tuOGDO@vf-6w}3WS+BvymvNqLu9cJ3&uSP9>ZE&{m|AW?X}E|E;g)coA$I*C
zLzJa}wAtWQ2flcod7NhgWq-)ZRd+izpH5T=>eepH$vL_;-3(L+6q9FlpTJcJ9A;SG
zXz54Vb2CoEOdIA@`zo@t9b#x<F3zKz(9!C*oZW`F35@2|`}a3=9AfHc<~A^noZA=m
z^9=PaFC(0I-hHRlP>|a@cJWP6@;d0IPT;jJ;$c&Ov;TyPGqp)#>t7EHdo~m~tF_E^
zRlg>LF%k|N{jRXCsyhB8eLOQzpHpt`Qqzu>@qMYSP~;d?+rSf8LF&xdkg3R2pKFk<
zP&KaR8?|&TLe=S7V^QIn%c+ldmj4r#Q?KeY?kxeUtkkS!o9?b^Aob@_{2<G+c|kG3
z1n~TGZ;sbAIc(KpcOWC5u0nH!tx|dBGpAn6d8({LxA#R+;+89)#ze;?1g)tL|67<M
z@%f-`j_j`An^dD)g?@w5IrBZ4s%C`Z{@ycAe7(#F^&W_(us}P=`Ty<4|5}q|Iba%s
z{b8j~WXH8lA+%`kJ#fw;9vG4)$vN3}?ljZ1DN3vE>pN);TU1Z`n{(nGGg53g9GBTQ
zWvH=c>5}wlqHdzo!p8iI_IytNi(Ilc62lKhaZ_D%xrnLyeMoR#Ua4#<1=WEI?fJUQ
zo?Ja$4G9*%sz{OMU<T)J7^8sgsE#IFW3<ALp&Yxpz95!2A#frKn1Je!&p;(}UqqyP
zzLU(z7LmC9l<oQ`{mT1CeK@Rcl}u+@$o!LKfr>n5UA~VVP?w}Rm0VYT=L7#5y7%Tt
zyINsOP!B~LL|>xPaT-^tt%l=xgin~YENwEXgOX?Y{V+4@*HXF2Bd?Cg&!rS)kY6sN
zpfmCm>^0a{S)AktK)pJSk|yhP5q;q-Ax)&Ay$vFEh*(XPsHSU-7QwNabP>d(tQ^8z
zKZ&wD64S(0pkp~yF(x_k*4)^tz#@7$0pX1}ht$4Gv<iP|L>Zr*qa|fIVi~RJkqW#D
zf#dq=Lo#!3N?($jDF|LREB3gk5jw3vNa*vQ$h{{l5?#q@;5M~szu!RrrGH9W9zfYS
z&>q_ruQ~oJrrb)MXpsOqMrV$`F@3i>@jlb%Yzk8QS?+M#I4>z%L_5ZW9{`KR+ix6_
z#)VLA3<)ju>qT{Yhu|rdTUl4cXT4y##pFPGs-Gj^F{b4j%K-DzP4$;aUPoCG$W#@9
zJ4DuR5WNQ;V6_znHFZV}JAElrX<cG_+^uKugl33w6l;3Zmczz+k683BI)1Gf$L#L1
za*ErR*G0{Ypr`#$=2N-XPn69`Zjwi9f$uMVHQ62Z#_i1$%xR|_wK^k&N8ZS}g|b-e
zwzbl~+OiCj^y(JXD<3ede1?9BM>jP~=Uo4f_5yl;QL7}7{-YcIN-(1}sC1|;=FIyy
z5xylSxA>&KPD-;tEug7>y1rvqYcGn*l_of_zC=}F2MWpka#-TK{SVCQk9Uk_vlH(A
z6SGqQ2nm|rRs7jRZWhENHIEI?W?Rb3*|}%~n3Km2qiKwpXBso!Q$)^A7yJaX6hEvr
z-2<>jUTeej@D``abz|kk!FF&NNoY`L83QE*4dWFNDa(|NLuf>VV(6TEheH;rP`sqR
zeEFSXT%g6vWu(6BUytol@kRex7Oipm3Tyd(I=lS^?;6G$n|7-Z0lRPbblnH&XU1mF
zRT<8rMpt((f)6LU&GQ{@Ibm+rzsIvryeq)YGH)KUW=i<)J8or!dCPCtYVM$=q~E?F
z|D5Dn=wwB=?(NUNfEgRBR*{Lrb43rY$-lQw(B>ZU?t-xgVVRKr`_*7usZuP7RVnF8
z;?{ND41EggWoX?+_4)Mq^zBMg-bMNA+e}wg<#zD-`q{IrGn?Ej3XHy+f1<FY<_H1Z
zyD8UqP;1FkL?~`25%;2ihUedR5kp2*&jLYa{*!l<o7DV9is7%Ij?dVzHh5J}Lq2AH
zoPQ_|sreG}QK3at$E#0JqB`XeL(53Ql3mrL?|6DepEZ9!v0ACVh_7-{Uv&J%i2BJV
zwcA0(J>czitNJR~t@A?rPPF0+cqf0vI;wX|eTuizjF7%_at-c*4WyZx?nga;bEeRR
z_xS=Y`zCmloDZje99y`G?}Jpz<wea0vbT856($$bN5AmCOvKQiM1<3wHNEkcVG;_W
zT}S57<syLhxP{dWwPvzH#yR0NnpmG@f0^<0_o|k1Dvi(3yR}-|4MhwTSje0v63%bH
zb2_$7E0JQl-kZwiLz*bslRb{I4q5enZ|+*+%{HEsnZ6?fiwXNc*#KUhae7|vC9hl_
z<ZX0_?jJt#q6J77j}0M8h;IW+fVwMu`L{9W4M9$&*t&2Nu}9^?G9=4M+bZr>mJF<_
z%b$496oqWZ91p&!0{Nx@aJbw!BUU2bN^0-6t-|*{{)MpB7XMjp9<Eb177%$=)sn|m
zRKlsO1$Ti`%`#s+WqevNmu+KFo8yI7(+0^&`0;4%j{S0-iP>vu)B53_^4*F37sTOl
z_g9J7cdcc_$*4vzAV0hgPkt*+@m_v)D1DtgEqcAy<CJH(mN6apF7wJ$e`HYH(IjUH
zLY;hJofKPcB1UhGkQZCt64LE+5qPm`YF>e0NQ)5gow3mk8jXv0HTGPih$F9teOtpT
zfBx;^;Ek>c1LxuN!i!2?aOvu-XFqo!8p~pasZCt$ZU5xDn+G3ZPn0x@X9xbGMekEY
z1U;XNZ38=tuL~X+7_ydoYU!uydd@rQx<C`~6FGJlV!{NYOY^VVq1WTx+-+E#5$NuE
z<+On|Tlni&H6xSdR|V=3^j4g{+T%WD#*hVeInzI64trI1qXMq&fG2nMi^N(#wwiPj
zhHVBy^eEMLc<!r|0mieL<z`=Jle*mffMJ+9EJ1?Ba6S@nmko-T-S?fiMP>v(>sVKd
zXI3SXYqstAG%KUWKc=(&QT^D-bdwBB6g8~X9;`AOZAV^Ou=N`<@vE1spk~3y{z&e%
zoyJ41jDBEuuq_PYzs!*Crd4@#MdTc-fuDnDxnPYTk~_rl1Ym^KR`5sxeXF>3{Jj&(
z&q&400Y10@_>xl%i&uz~<du;R8SJL_J)Hb_o~9#<r@aV_Wv`F<$Mw_=R=$_sOV0ha
zZn#bs*$5Vw5ZQrme_*b^^-lMyLD*TWUqY7<JlK8svz%b-lH8IwThnx}(z>p_^Uvcv
zx0i5t4ulytZ`_}E*9EhF44I4}5AlLl3L^-->_>9Ih1uN{M2K;KC{o70{hj)8@EMC>
z?0W>I8{!0P>!I@;(F;zq4Df*4LkktVD&yq3MNhOB#Rz&O0&m@pw#tUr<-6hOvK}f<
zY9`Oocqww`Cgn3g0-Yjfo@+IJ!f(LXNvUWb+X8xM(?@Z;YxD#CspEYU7Wpct+nG-&
z?db>@l7MRv<ac>?En(uQB;hCHI&E&{!DUIAxm<mc;p<uLI6J#{5D$sMYH<enM1*0`
zI>OyW+}=((X`Tmjkd0_Sdta(R&Q&{k&|Be~UbMyU?Hm#U#dRK9ueyV~u`Cy@`)2lt
zQw6@r2eu+5LId~ox!Aqs<29aUiTzF%*RKv->7gin;YKah@)V)E3jwVaw}BJ0lh?fz
zNiMy2ul7D=*{_34<`-;-+j9+NR(5gBjHVJ3(WV_W2-(myDl8p3qn0fXhg4m>Ac`ex
z7B*yDO;%!8Vno`FJXn*$J~O9}S_~V<MGz&~gT!2=sfFf!>X^{i>xe2yI!%i85Y&LQ
zwHR1x$gbtmyZ&DxRgq<(L$J9dVlSmk`NQw)Ol-d(Ts3mV*q$=OFIK2GMerIRGc__Z
z<?Iv0k8%jDTZ8iOA)MXOt=!R3bV5*et9v0mIYs=J%a4%CX|?(ZK*cII@SQ89F=R3N
zkRk2k`m~CvdJ2g%yL2cV>1Fb&yB+{g3Y0PjA3H-R_bZWNsCW;n@sh#qzjA9X7Zk*>
z`?c<iD0Oe6;^NAp_|;Ao5G>zVuuLcD*^Ii;%TcrLX(r%p&*!s36S%dloU6Hwb|LV$
z>-Y*>TS2rHpa+m~#Z<VoTI0c=jDyGFr_nX=2_y!eW|-Eo@Tnkh`sNRXc8-8KkZ<1j
zP{m-0h*`Ykh+JIZ6r+Z-&A)$<MWy!6$E85F^Th_!_GT7868`G<`AISqIF4uC3Y|$I
z&^z*3DSL=kr4~3@tx6W}NfLezrggX55dM5fx_|>Ki-i&?ckd*X8|JHWPY*8XoA`o0
zz<|YOXLR;TA<OU}yv?NUS$hIx*}dwf(o`@~(<MRoL$bhrj}G=0ccW9-HG7^tp|iXB
zSV%8kT65`ot9qQs-GVBOoRiDV&Uei#>Vmh%)97(%6dit~fFwmj<yxxlRQ#S(6^Ys{
zBH<j>6<p8)*G{m^z%MpsVhM(s7l^Z*5(ol9vjFL#Za~i0!aTp`wki*#5(#K`cfFjo
zp)YKs4U*YAnaKt5U0mxrO`0rB!FjNQ&cRJOGN+)lZG5hz^~+kWGp0tr4r)zMfq6m4
zs2h|phQ$-UY%ZtMYm`+-6L2k9iLmFn5a3-hWA<KLEUc+x;oez0Ur0ms`-o0`5IP`9
zeEO+Z{uClbw)L&OE}sH~_1h~~3j34;!R36a<)IWXy36EU!R`(}jv{w#-+Rn-te~y$
zslgOc>=|qMB+Ov&_H;Bdbe;2|DSi2W*tHDLDZfXx+H?vJx@bKvL%cdRE0+wXKWaO_
z_GhQD&25x*V7j?Qpex_;Kl!$-G<l3^IX|iY4(lYcpXiypFDC+a-3NQ1H`ZrjQkpL;
zh;>?EWJagrkwv^^P4*wq2w;zwUxvh*{Q1zfEJ{Wrb1agn!o+A)4u-n=Frp~v7SMQG
z#HXHfoPAsIe-ybJ50v%TGeCgEF_aWQ<TgZ8zjHKE&6gakRYo@oPJ_nVu2GPl3AW9)
zZ01tVwuEbjjcfzeFjXEICY$Pz5<Aq=3?*({m@RK7z9~!Z6Hf&vzOOygXP=uKfqynW
zzjcQgiJ5_N%W*ZyZj;hFkpq&^h)>%HGhBrgI#b|WZ6Vd)y|Ai2es)xK0fk-ezRFEY
z6>%^#qeyX#1HUiv?4}#b8)%DOO06kvQo_%D@^tvcZ3h5hdGJp5K^JiC9+P1`RwW@W
zO=-fvPB$hC-{VP%dfxOis~<5pv%s&0f1nziq@T2|7MXl2<q6IvhmOPQZ8rOssQ7Vm
z1t<9W2(@+t2DK0RuWwN<cVIqu;3}RV%fdaYxS;P|k3r~%pB}?k{tE-1JdRr()AHQy
zO<!;di>)f4Lq0HO%tdk&DsVdfirW6X1k){Y;kqz22&rwpM8l5<t4qH`gG?cuD8UK$
z_IUF;6uP=_$8W8(2<Dz4sJJ=kt#J;(<+6+eua8l3ETaVQV$U~2I5tQ!=l2^cRUTVh
z?}Ag9i0k@#-%@sMyX6P9T62hv#7BcS*q}hN@MnPy^lw&`5q5O35`)r$G?;R5CQF#V
zRK9C}uO;DH%LkxpM<uQim4Bj#i^Y2(-Og@d`Oz>m?{W9Xf+3f327Cuy(+<aX(<)*U
zF+)hgP=pC=4OZbWbsrZ)B$AlPp0v+;F^)xGmx3<*HiJ8Zek1Akhk_LU)l|Refp3`)
zq%RSeDW30d$PsnkVK5arR`A}2a=FMZ2|gwc7?w|C%%8p{#Lm%lXPn_bl~kxRhRqr3
z+rvm0GC%}FhyS(Yd!722O)!{|F{7)<yfUw;8XZulSg22JfgVNh9d?)zH<++C-_<%d
zoD-%GJHL|j(b%16#lV_+k+R#4WR~s3bp;gon<3SL9zr(P8mq>Rioa8tm5@F5L|!6k
zc9<25D^QT=TFpQzPMBP7q$%f)mqU?I7LCh-ty`YzbEPF9h=!~`@F1e$lJ#5(W*w5W
z9-V|o#<7#>7i@#X);~6&7wyLQ_&d*ki}Y+lr^HQ)?FuAycc+wUy>|Obct*ko)B^+9
zCI<ykRgcv7bc-&oagVm|mz>Ie5%wPVl;mZYH3XaTjijovyAEZ4YV@qjuwGg#6@9jQ
zKBB9ft6hx#3U_{zLL3iAw8)+QK8|=KM?M+}(_+pM+t0V^AV*Fc;1Mj7`nv&E8K_y7
z2^R>D2|dOCO@+hT%1wrpque1-mTLu6YDIyp^)WIXo-2TxVVDLfkb~rqfY$R{b2P{@
z?YEJu{7m>ksg5g2sT+1ONjcURZ%1K)pGi`HeEcUexj0-T&hOhRa{RE6)IqV!QBc%~
ze-U&LnUZn8e43g9+sHCa8M=ijoUKEI{UbP={U`^Hg}ZYh8$wsb(K51&x&$ZCkVy5d
zqSth_W02;@l-n*G5JvLq2}5Up(oK9bbw2vHvKWC;(1e2W$*j}{!8BYi)j6m)xPT|+
zce|k;YE};*ZS`#`#;5Dr2@{EI@%25bT8d5=S=EMSBMH<Gf9fbQ|14?-SwYg42^=hA
z+q$`8bdP9PIGrgB$1l32!aWO^={I{KxA61Jx_yzYX^9AG*bBJ1BVDi^Vzm4Q(7J*K
zO7#vU;QoOrEqa@w2Bpax{U~x+VOeEjOC2yj-S{<E`dtgdtj@l&N%MGY0Yqg};|7mk
zr^PKrGO9!CX_ZR8Cf+(?FiL|puu}(j^-cXslN?2tX~!^39Mq>yL0lN9IYvyme!vT5
zOxG;4L*$to)b3row;jTCND%--m}aZ6R%~jAcVKa@mA1w9q{xkkom6=C?Qi)fGQ1%3
znt_ZN!QV~~Gz#4)Ydk9D+<%KC#U-bf@r1s2Z_wdIExwG9?nNAMCvA;eMpeSW;!y9>
z`Ln^`<{-JFx;T-cu?Grdvm&u<s2-)G&Zy<5pxq0m)w;2sf~Cz$@_J(Af(covho?qd
z+oUW)_NtV)Gjz&~LZ3)2m%!s?R2zk8p(>_vYH7@-UA~IUQFK}B(1RTHwlg^k2BbqM
zMu$|8=%~y@xcr?VEm3nYYWi$Y%*BaD-v5csR0-s$&Kf^PwhRLjv6yd`e^9;v)?|&K
zhb2HaI4bldMC3iRGcjq`MD39X!Fj;W&J54K8wjF3KuHMc)B0_V>67sicY{vBcDvGh
zeoM=xx(YQQ=3A3QBB@jiI!{*URP6uu-C&^puA+YOS(VU7KBXVdPY>_kTXom2t|9Mv
zq)#2$TGlMciFyZs$cA+(sCC~&8+~L^9?3Gey??TmW8i6l?1m;NcQM6sleSDexG{~w
zu>8ZN@)W!D>F(jEloraHc$Y~+B&YyYH$!F}HcJjMdf9~evHeF)DzN3!fV*~%=~L>w
zDqW3S0PP6+tL;!Ie$*6W#G;nff!$@BbUalh+FwEW)+G)2=!{_3a2<(G`s5(E?G=Yl
zPB%FhEje7P!m|2A;ZWDz#cTyt&w-n#r7RBF+0~I{IOB4__CQ3zYnQgWaJGAVdYWE=
zgX|bww#cxX>d0nV^ED+RTjkpICaM*3W8kV~!Jz)pAo_R9=U-k|mv>@#@o&}Y$Hvfb
zijeBtw(lN*ZSE$}`g(JFI8@Tp`FvLLl)AKZ1w7k(WDBk(U%CyKY1u^mQ#k-TrSK=g
zUVLFie2Q$5;UP}sK&H??ahJ&=1Q{UW{{4sa!!lc1unU*UvgRjsV345zi>oH(SPTmL
zc9rDKFzAJt%Q&~=3JsWCgwS|F7J`sr!%krD5@;Xr^E=t7{S-8nPc_0td^p{%AG2OL
zu16WoCr?=+`KmB64zDma%oG3qk-Vlf@p|h_Z-kAaDwR&nl=}%A8?NjHGto@>Eu^j1
zO>?t!BP=!<)#GTBL*l=m=!v5bXhez3A=qMU^oPt&iwFbhS(BPNInUu{69*}>-U}IU
z+*wJ$a*!0CBB~VZK(CS6`Lf!(Ooy{#L2!*ip|>7?UPmY`ZT&$Exl4=-4clV4G-T*=
zU7J-*oI}Dc!h{)YBsm^6Z;jcQRkQ{JRlB?~>UjwIvwOcr5{5MeQ!WFi<2>@k#y{#t
zei=T;Q1JYh#4cxo8U=`5VyN*LKOG9THt0&A$s6pLJN>tEd#lT+>XOR@b@6gmrhS5>
z1G6Sq3IPW*Z8}gLp4>kuX?AUHP`n{}kS}nSwWc9C=ARspE*m|7&ccTxOOcgn*a>Z3
z;?W^NpgU;`*Ydz$UMAvit!XwHAwYzLlVgv<HO8eWwWF%BhDj@Kl%Ku+<46BdGX@lJ
zv5+sGZynXB%(v%kKEQ^XVSCDdm#1Xq9K$f{jR~6>-N+g4x1Jn4--Oqn7(PbF(UYGT
zmhRqPRH=Op>A(OjTPID^@N}bs#r~9;px{l;fFm8Cafba~VX?mD`wn#$=lk~XIi`Cf
z@w{H(3$vi+w8UBUu#jBJ^yRCN-$Mqdh_#HOh{OZFI|swalu`{2VK%p<jn+FN#xMI+
zvQ||<!r%>YFz`|1K{z<yzC7=^U|aeB_43chO-@U04)}O*MRfDJe6!{6M6hV%`$bSY
zNP<!JbB~q;?qOlGpP605heg|c7HpCXO3!jLkM@jxb;#_`=rS~2*;<6x`J*eqcKzVW
z`Tti;fA5kYA-JAfoVAtrS)=R{iXEA0Y2UoEwZJcbu^mu4#nv!*5^P#jG-`b6d<DD{
zR2XvBNze%Y!yp|nZ((_VGP(YCGS;-hZ1^x%mKq~38eA}s2eHfk1WZIhd&;yvVJ|0_
zMBMld-dwWqXBct}(Gh8YZNIIAtv~L<NaDjmT8}ccO#L>6^_8>@g9N~ProXk_o>4E9
zJBcJGszXWz%RiSw9cFHj+k>8^hoMK=Q~FI<74Jt!Bt6_#-9`L~&%K5-#Edu_M@}JF
zSiO|#A_9*bIU%;;HzIq}daY!53G*xmn}U;H^DHg%&-E2iKe8WKiXh-ghn%Q++(~CF
zCgoE~9c4oW|7PPK9uEgq{q^UAAS?kdJE6FPi3m!KYkDi3<d#x5iRzXq#Hq%UVL;Cx
zacy*aAEFmLl>J-crr}XGeFQ3QSh>V@=>*pN^Kla*29t6N*@sh9ocZDW9t3Xk9S26d
zq<4$yPvtNdvb_wDp6%ygxn#$*rT2M#32DH_8F*Y71&9z~@cbxG@D4vHowUrovj16M
zO0ETK(DDLxyDY{|tn1zBp?P)}yQQke)MWI)NI@O2)2VPD>Zp=~{qV7oDV8}UARpM>
z_KeT7a+M-2^vv+uZ_e>B+|%XZgP=1pflF&S1Fq;x#Dn!!@73cXR^qXW2h>Ix&Qqbo
z3b6FGToeq&d@2D;lI0PX0Zu;B@NFO=Xphyl&UsK5ZFBVMs`=99eR?<Vcr=eRc+)#K
zUC6nPrm(Nco>JiBeY(%6X}lGt`k~KZ%_lYH#y2mJhV2b)W%F{-&d<%*kV9(b2eNDG
zXZbxMaF_wiV@E5}g#08P?ADLSXmc^Hiq9{{bUm|8so>|u(&u~#sCJwMx2A!=%IL(G
zo9TUEV)(of4Hd5FapxUMrA;hG8oV0WeEwomX591&fVwjt!fnT|(h6_GIO327LR7*M
zWsF%jLFx9Oj#;Hh>1BFgQ$s+DiImy{$Yn!jb^#AkOTZ<(7gnOR_YB839@L8>TV^Oo
zx+1{QnmmeXK#N{u$YJ{vj9uUg9mH+2lQ?A11N$IhEJIv3-$J^6PZhbi+N5d6(d8y5
zDQq*_NO_8LTdAPde^c}~5-!vF>R`BKr-rjAsm$uL7>HD7?ErrG)Auls8kR9O*cwm&
zPN3s&t^2H4fylbYU#$xC$apCvZae1@!ajT5a54tR_$*N6ZCtFC9*M|6;dH0UN-c3g
zatA3oAkYaJzMSj1KLE^}YEPZ~4zcw08sU#?lg<7d=uXc;!Fu!fi@@c-NE;);7c9EG
zql9Oy2vj3}ZdhdZj|gzN>*L-P=<NK=NkEIP5aDuKEuJ=Sb{DOZEV3>|56j^Trab`h
zm_fkdSb>M|Z8V`$n-l{C-08K8`Fr_hRrTwJ<&gSUk{7r~C^>rqUnDW*7<@zNXlOAS
z5ktxEGR}=64<c5bVRfyEECwqr8SM!b8PH3NbVKD<DMyM`dw)g&Ksrb?-Cilj9{|)B
zecd>N1mGr^o5WkpDXI{RLP$GAc<bOKJ=qKwBodWnvOz34>RE_CRORK@bY)=#v}N=g
zr<=D6C3fo4Mz{lKA^T2gSb45LYUNJQ3%~nAaVL6Pov4m;&(Kh+n`408cixec4SLhA
z@ldBEaJH!6iwBPt;k_P}J_|jD0c;{w>9WQWF*FxC@!a7y*r=KR5Nt}56h5|ajPm0x
zgSUz|L1g?H;3x5$Fx-9#&V8tPq~4nn&5%(kDm_DE`sDLJsn&NRZ0~n<DB_7ks$-M=
z^6&p96eo$Xxj$+-D7<xi&q9VLki*aykXu6&Zzzb?hP01tD|d~fIcyI<4hSBBa=QlF
zpYvUZR`bKbXzKSSO@Kg8GIJn_pmDj_w5G{$b;%l9B&nDOlRO3D5ZXE%+;qa8<!1f0
zlrAoid|QTc667H%q;KH;qir|q<EJuOXP{2cO~E9YOZa%A4^JP{DKz5b#!|+u+qo-~
z3D?`|v}~E)4Yz8%rS-V}0GRX-AY%+hai!Sv#I-VZR)VdTyyUrokNj3@$55vb=O?!B
zbXb5vI_zV2AfpN|^9trEzTYcd5aUyC^CC;_qRv)=r71YXbm05QlL|v{`LUjql*USs
z$7PYZ*hb09rku6I9R3(@NOe)w8tq!?D<L|UeiAQSSe@PNI_!=v4z!S*)n%tw*%q4u
z&^$hrX2Fog%E1&2t|0>pf=`m~eia4FmeXP^Nbb^)P6gmhx3eZ1lTOj#-Zsu6iQ%9@
zlsse7Ve)7MT$D8SV&ua}EJPy{J&C#1CwcE6!LJQYEKt@|RNF7utW%7bzn^Ql43N$e
z{`zaWSMTlzFfWxV0UtwZECQA|CZtf7-5|v*8A&5Q@*pU0!qEt;p&Eb@F-SPk`lt|H
zF(D`0>vN7Ixt|Z1P4idwtWo7gdKJsJVTo-h-8!bu)$yDKre41l6O+`TpTGdAUKQ-l
zrOLri(|pC&3_~|mZG<dSu6lRev_i2l+OkZA6Ze!sgBHUP;NN+0{6uiOKkCuD(jTSU
ze_*?4O}zS#`&&Wa$R&fX>W*F+PP<s@=megR0|#sBOu9W@E-_nshc+{~#Ufi29I`xm
znrV9l<8$)b8^6=^A3^rII*K`QJMc{zamD3f`juk^q^H$yozTDP)3~&56wpFX8rc4l
zp<~9%4U-+91xRwf<ti3o(8qo&gk+0z;xd3+H}S^Ku}B25$6kOaGoq|KAw(38<XfLY
zBT^W|Zw#BG$BHFE#fD8%5%i}bg;i^%F>6%$X9qb3i#+6x`M!E?+^f10@I)`{DuGm9
z1TmDiF)>=%W0Cj)Y1@OqXMS_(=4c7G@cS@<GQ_K!7kFj?1h`vtBrdaAmk$W_Oi^A?
zbntB^4SlM8+#jR&_xI2-9EpN?@7(EOXxQcAXGGW9e61uPOZV?)Xt?cc<h+7?PiuKe
z<^;r}NI5dImi?7Rx;yxc`aF3IT5FApVfzjeI=+LL7$4E{wN}Tw)o_<0M#?b##ckx$
zH!iS{1cpLf?GBhJXgY38HwWkq_#AVWX5M?vMh@bwLP%_JIY|jATYg%Sl>H%=ESZQl
zFHt|<LKfZMCE{`4vd`T6#%)B?J0yo3j(nV0Bf#^sb+8)caz5nn*fktyfEf%Vg~M5U
zBGdomd<Q%MeXIxH<r~VKN1Cko9yUVnszx<*HLxFqzx{KT5M4DzSub<-GAj)Ol+G88
zF(i#J!yW(L9~V3oDiQc3K_BmI_JBL#+TV`L%A9bWX&R?NVGR*-{~Iosen!nbY0`wa
z3eIzBZ`#_d5)z_M&vEo8Mk>p`4lhW`WwSDSJTv*rDH2bb<mrjx6_iwHjbu@*MY6nG
z2jC3;vZ3rBmtOkh7~-N@R~R;+GqN><ivFxS5Os-q7sR*zm8}GMy|<nKOQ-uAebUts
z4DJekdk!lFt>|0do$6&u#bRv^rKvEpsRZ%gq$!FN$hqX@-y^Dj(7+%DmqnG_VgFXP
zps|!tg@6U5Kahx6%Kp>Npg(#^Ajz(>g$2m%xDL@~J#_wbpM2|y#<FgYM_T^&j)gBQ
zlg(AzD}4^8BwXp)#;Nt~Dl2`xuMwsbx&1w{WXt>tRZlQQedI8kD36HhX04Q#IH9Sh
z43>}FtiwtVM%RCmQRn(8a)oc0wwA@>B+H4&lq1-qz8sCAF88=DuBBkO#y9`%y%j*h
z876%d_6O-z{N6Ti>TYP(q%ck$hF0m5o$UdMr!I&1mtic;%2~?XL!Er@ItWtJzGC5o
z&Xsur)gcCn{+%{+Jkn3$b<#2(x5;C-O66^L;Y}Tuh+RG>LSMW|@%NGUYsD=w=|4w0
zB9+3R09@{f{6&!*%Z*V3I(x{ne-prp-(2v~YoS*6n1k!#Jm`ugyG(#%{()(~8j{Dd
z&rN-M8fCd;mXRqR&Y?YFCPy-<fU}X)ds2C>v=z#sdf+raNzUZE2ZFM$V-R!bkl5p|
z*4i*|8J{rUC`yb6%q>md1gO;;=0xJQ*YKp$A1L3bghX*HmHki}P^M?LmZO1jD-Y7K
zwNdzsAaD_@8k)e2wnmez&I}B7?cj+X1dIlAY>MSJnu<|qY14$O_&&usdMfr%MhAT~
z#o5Y)JG#U2C*wvo@Yez*mbiMFy%4}oSu(%^bu4?aESy;*gbJ5RsSNa5$1ot*POdJ8
zk=GTrYcXi^DC+k|knBN}UMXNhaV^n?@Aqqu%0Y8kCBi#1d95k`Gu=n{)1fWQJF3U@
zOeRXkZ|}EPGlW6vGEY8qR-XkiT0tNQO!B&TMQ_tOIuYIgOhP~C;!`8eD3bpjTz^1s
zs5*<kEoILAV)GF-Xyu}{h|aJfs|gxUu|V!djq||I=D9&ih>(;?`5_=nFwA&n%@U{8
zdc)}DaTR~9sH^HXH9eHJciqfJY(X*FY0xhmX>+d~`t1Uf{J<V#Sc2b=p7J+@#3}D-
z2t}r=nm>sd?%;$Tw`t|9<BsQz?G<)YqK&i=XI$e-cI|D;az&+LiWL>}u@JfoQn{eD
zorM`>otxvj>qq7OW=H@uj6c?xH>1|O5-PtuIa`>w+4o8cO=|{-E@Rp2G{;Gh_%LKy
zyh`1l2V0~;%A3f}of?MG>h%Y-%r-kBHU5vsx}vGPdo1TzrmF?>UEC<ItnzhS80%2&
zhYH2!w+%#K>|7`QQ8e4)q({9{n$9SExrSxSG$eRSl!)2sJf(m`w{_=Qb7Y3Yc>kUh
zjMS(xE!AWTNT^dl7U-M_74?TYuMZVlbdd^2F&y~>YThnBku=jB(qcw5??7t3OxBFx
zP`h_yc;vseu-Th}*>e8e3iEVZo&^M6U4<P!jW{90baHsoP}mV=hpVh*zsl>=YOJbV
z<M;!KQd!J%m2LpKGjGf}-Is1N!IiCzVgbpM_r@i^y>|bTLc3iemrzE+=%q?buGq_k
zvgj=<K8<!ZCIJJ7^i4vna8RW?Eudg)UgdU48N&c01pX&9jH%L;clx=d1(Aqxtx~s-
zcKL9#x|wqLQu6H6R*$>OL&`0$o?e%ym&e`BKxFyOlO#aJv?;Jv4JX<U17Yq@VQ=mL
zX|!X6C^H|LI^F2nvo)dbE7Kzb^E_fvuOWeW|L=@MBps$Ow?rwNcvA-6dOXkYTfbVJ
z7slq_a&^J{_1lOHl{<3fPYqqQljz+2YYa|xQ5W^uz-FljSGPY;O*&b3Y1_g%7eaAy
zFr=SQ>*_!}p`ZgSv5jD{05OVlsPX=LGct3HQLS?A)<geX2EQV$Jdt_3gMl*>&vlU0
zL3kI6XGmj)u*rnF#xB*0-LLsTI%TOAawMqy8r39YDk(NR>G)b1_djTek;d8Jd8_uW
zQ$Ilhmk$wEF*e`HH~22Cn&z{FoGys31L1a2QJ(?BGLs=hF_xn`M_IZ&oI>SM7gO_B
zL@gEECaC@W)5$kCB3s6-O>?`gjn2`aIE#~sAf<cZ8W;{&Yj|XhIvD7V9}zG~1ajVv
z+<6rlQbzJe#8Y?};xH<7KmRiNOQyq7-tsW9{DxRrOd3of%AnI;F&wGFfy_#<f-%Y(
z>J$a~hj;wUTv)CQrKnX94$cllts7Q7T-6H<u;ZwnBUaz>qFW0M)u6#sCar%!SA(@=
z6=!WK7@*RFVDPmZHJceg$2`KjNPMc8a7JeHNxL<G+j}G?EEf?Yv;fu#m%BZ{eVlcE
z2av6;rP0@P>VyiK-&h!eQIkLH$t<%@C<-LO%3nh#Z4ZmBSh@5?nI1!KFlf`0iz0F$
zwiD-2o<g$Y6=Gxa))b64An8a}Fv&)u(lcJ<bHEF6k&NJrm7ERS;<v5V>}e*gIJrR5
zFcp0B1YvH&H#8vq(M0SS!CHa6cYi*DMPd@Jxr)y!S}AH+y=2J6t-YbfgA!(W*9|yd
z>BhG#3!)e4H~@$HD5}%;E>|-ZbPFL(;~MBpt_VM4DN@+>^894wW=sxO5gcNNQeXE^
z$~|&jii*gpph#3y5}G4@=vS*)8?me;Ua&V|Y)4RFmPbsHMcgKiSwid~!6&c`BvC^U
zN8z&05*r2n;_W!IAdwwAx>7nvx&ziCp#hk?%xET^tt42ti@vMxtcCV9>g=Q<W*7MH
zx<85?Zr-5N8Sx6+eQQ#$p42Xm(KkzXCp-^oq@kBU$b@HR>pdl~u8SAQ@@8`h5RFni
zQ|G)V=xmrMyi)t@4}&a-C^FFk#x(geW74KR56+enrr|2Kn|;%LsAAt<Jb|M}pQDe^
z-EV&%5Qg3PXf(0H7Sv#t#1W0Rek0BPOi1S0-1zdN#p31^(+1T)|0?_({$9&lNE1mJ
zAO*8Vp?GBduZ!Ae7=@gMvz*rHB#Ahj_19c}d#UvH2J0`Gh+Mk&xYX2-+QFmNIjtw|
z>QW^wGb>i1$^ZyY$qj1BCN`k!vi9ggH$5v#j=x~A;lzJ*n!dulKU%=2J!;GQ^|zbL
zd*Y_WBTtuHMR=}OAzXsd`?iIW^wD(mypeT4PQJWim5P<Cl_!)~xA_^?r0>S@S)gyv
z($yT*{P}dXJljt(-qLW(&7HX~;L^EVyq6l-OUn{?NMjST<hD|*p%<Wh7T1W$Mh=Dv
z>_nm^uzmK+SovL|E-jSExWTXj^q>bZlT}%ZpaKO@T4f3;?nH-l^dn;k+=dL4$Oc^s
zng$O{nO+4cVXR1%9afeD1kB^%)x|?&8(J>h&)1d5f3|Kjlip2>7SZ^K<+<soBbxZ!
z71bV03`RImx4Y6Cg#fF)GMn^x5hYYMr#%$`-R!s|DD7~6(R;3=fWkZdgX}OG*hqOn
zk5%ga*z7oguw&sbJ%4=qhT_qEEJ<X<F=3T7e<ep1wW;I@%(^KjN7(0UFs_20;S5TW
z2cSeJQHghvL0CE|_BWtr%2T?0gcnkedj!rBe9ZAgfaFQ04zNtL2zD)12f@Z96e>gW
zY%;K#>Z8K8GNCg~IVg=@jZKuD4Aw0;xP6mgu7P74<erH-*b%8>37dL6YKvajqe&tx
zvid8zo-S++hd6d6rc#aRClg9VS`s(O-%+kUoUgzz=&Ojy{buw#;o>h@ddr?vMw|hB
zbNqlrv&bdf3IM88hJM>%H_X9|eVa@rk4eEdHRvD0QL<h*ddU?4*MxU4qAl~C+*Ay`
zSdK%@QFleQ^3NBZmx4eiGw3SoR-_Z51Q5`)kzdO$Gm+J0krCw$5<h^&2)A`{GNXyP
zy+3sRqhr64yK;h+C7AtWQfAN#^wsqOlpn#+#KdJ59Iz+5<{?&y)&V5F-?y;Rte2nq
z#Y*73e@NTuZ;MXCSlNGAinwbA7HYvwvV63%Us=WLkzr^|${cJ}<l~t~bC-%IYOjXx
z-x9-3VtGG0Chbmmr=Z1P=0pGUuX52wgA@1(htkQ=U=cxQJ3^5VMnrYA?qU#lww@S)
z$%Y*i1YjFWAazKqHUJ3CW(CSbC0C~$TaoMxwU0@0>hbx+>yOco;7W&deOlFh3GiK|
zH<Jb2CQo7W5yF2|bXde*(-_}EC`07XY~W8c)VWwxrl`N-(|8zuc71rjXQX>DImR+g
z`q4wHW0;GZGsfSVB#V4giL>X<{>mJzA=q|e1(FV#86P~eIpD(H=CeuylL?sQPsQYt
zVRhq^!NiXCK^b3i>!x51!VM#_u79ueYCS5%U~Kv_Mq<EP$!zi(qlG-8OK-zpeb)&I
z%>IfPMXq9_g$c?zJw#s6KTbVVy;0HWa<+^h3@(h2BLBj><N%iC8%ymIXx6)~8tMKJ
z0bGq65*^-e+TiS>9E6nv*NlD-Aas;A#W>v<+%1Yp%c8*z_k`DsrxIOWLhna^JMhz1
zxjx19JN|xo!#kcu|LoA52MLPZPTl2?u%;`HO3vf5c7QmGK*@3;_am0*_^ptVqK$5A
z#q+_xQ-Bkjqr>Pe$+ejW@Ewxsphq;Y0&iNc#Afhh)(GKdY)>%5{d>WzOeoWcI-&a~
zT$r&D4{H6Gv{mPW26g^=UZ4Ib)HF?8K*Ry?wBeRq&ySwDwev8?8T1~hDhv6ovwHOu
zf<th6mqHK!u6@{pZCR(i@pJZ9WsXFnxU=gyPhqJH4q{i96a-K$`_6r2Xdr?EaJT;n
zP@bVhR7kHI{po=*H3|dylgK*JHUV3C!|MQgLpS9wW{qK>zY~+!d-po7d99k__TA}6
z((}&ijV?c~w@o=V&L4Dr7=<2O^hYCw<<X?8ZIptRKUq1iX?uRBQ&r1Hd-t(+7t?SP
z>g<^S9jbr;I5}aOYCw&D)3a6?&@qXp;#;pw`#SRbD1J)H4%2OZq!Z#7tu*(cvhW9;
z6V%^>sHxy4!;FZ%Hi(mdt6$qvrK|ZjRm;3oaum8Mp`P$72+JIY2+W`O>BEki2&f*L
zI(oo!{$K@c3|2_N+-1>QB`F0)P0f-Zimqx_gVPZr@61kU@DarigTHP20OPDh%y-$o
ze(5Hua6T4_BkSqGaKE@Zu<m?*F#=dj@!fvS0!X9wZt#I8TxCWFj``93cI?{7<kn^-
z3i|VVRZsQhNo2I$YePov)`PYS?q-UOa(f$eG{YD_XD=(9xl4(#G=JuwtCYD$DqOe0
z&#unj+{ECLMt)x8EJq690I!8+jB$$2zLL@SUJVg5V?j+n_x*07e(2LkuLUNIxD4-O
znq|rEcKc}>_f!@9YBo#moQMQh*p)FNm7|s<gBvg~Ju85@_AoA)5;aGbw5&KKyD#pP
zp$m7cF!&WSksn~P7TsJz7j;X%U|H0^64mhIk3iawyRyn|W5sZ!c;KKR6{B37CYh^4
zw*JuT`;DE0;f@TWe)~sKT`KxG*^;v<>sw}^B~+wYVn*aBsYdWDQ$Co?fzlY3rUq>{
zfnU>C;^3Bfx~>PRkCsTtdOAJW-~0t21TRWlK{Z>MUKUr|#6OCeC5;W7Q|%7J5ymgB
z(Vm$m>gZ>vo@<N&7GNq?Q%NCtD_z1ui)Sht(!tzpZY*{vnp_8~!?nJrZ9^w%Oy`Z^
zD2xprtsI4hCxn>4950KOTxNgQLJXk|LLKpnQdcRFY*@5mZPJn*1}ZE_{(p6y1yCI8
zvd32-5Zr?V3BlciOK^w9C1`L7E<qLz?y^A8u(*@pB!op5hhQPWB>|G)4&g2L-t$iG
zdG)&LtJ;~Kue;})ovN9tp8qeI;F9!yESq699Kq1;M9ic@&7Zr$iltM&DsVtAYR$GB
zmZc+S|D5<oEF2x0;aHhD$~;b5F)hDV;4sxR`C3ex{D<=hmG)<n1Yjh4hyIO8mdqIE
zFb%ZtN*||8CR@?bT(PE|nuVclx1~7>fETs%+3V6!<EjsxH-;>c3@Cr9($`zTsbUEk
z>K2_f6VoA`RZU780aId?iSbi?8+JF-Apf=~9aK%+-_Q%C$EjFAE}j1Hz~T_+Fs>1D
zzbV>Y!xyqy#N4q$@T3KSqj<0}DAJi^5am=^h?%4K5Qh4to<dMDmaug$o6|W0B(IWa
zJbI#78m9@0q&o{9L#UPk!?U|_LX4{{mu4p4DV&?m;MPAe!~iewI0_PW!1{b_s0`h@
z<_HZJaiEI#V=B|r-Fuwzg^?=g*O0O|#z$}^jovj$k2mz@79NEV`Q)vKEZk{W>zvXj
zA0nsoi?16I`Wv2-=^snK%26GbO*f@;^hm26Xu4}4#eGz<njwCAnA+6o+jM;AKMMq(
zOgq+!N8hGq_jTz`Qo9b`Gsn(sDtvW2=k?R44Gz6E{%LCvk+ida8)qvO0ET#r&y5d#
zU`~rFSa`4R__Do-N22q^%xM|si&G5cZvJ6B#ZZ2DyfT9k-vcDQUWs*@Zfgao(<;NK
zMc@+5^V11RuL~3_kG|olj!ISTzwAsZ#r?&+u+pULva6;2hLBx{u82;P{W2(Io+n+#
zbQYTTGz90JPiF?as-pGj>8|%A?a+W#)osXn%`?kiTu2elt*mP?I_inRC~pk!j7DSn
zcLl<ffziFudpwVG2Zih^IK<>kSV%L8nJ#eUL^ue5oV90^LyhWW?DFI?^ZpAQV`lQH
zbrh}SFIgpW+3VhjeT?pc>SBm;TpEd&3FkpG;{oaxkM2LO7L~rLgX~z0@Ns5^6yZiA
ziOr@N_>>eaBXN74bGm=M#ZpXOpw`DpEW{r397}u@^R2^U>BP#Ln6ARt45z}1QzxMB
z3fvuwAxVn%tXzRjc~^(bKBmoc)4QE4wh*6hny|-4Q)(*oI{)~559lm8!;gr|A~c1r
zwM#<sBJ9BOGaOP(yVIZii9qa&)%^aUpO)i7h6!pxuRfj^G<_Nz$N|{D%s%2=PWsg*
znqCe<Pln<ZNJbJjXCY0$+WM8c`5o}No!(SWsy}=-?$hS8Dk8l*mYpmbli@htDvrMY
zR94?EW1*mbY$!NmN9v$zzC-e)gd-e^`l|F=Ai@Uh9nVg&Ej_IWC0QK```i<Y-M5wu
zRVR9wC}LBlc9Y)*XQ)W$7Ol$U91cz<h6tS5W%b9sOZY}<oC8$V`+l$1y;XhD`+B}t
ziRAP{d0-|_heGV~ri85or<KbWxt5*A&<xMmj19Tz7EE2fQ_}M3wh5CH{f;ltCpmdO
zy9eM5Il5%{7W|h2l$GOrqg@x(8Gw6GhI$wuPv(Ar9N~T6r^TRc{wj?QlbO38tLx^n
zt9%wmKd$FvX#JQ!znVqNh_vYUQX)$=o^eHI;^d|CUlLAxqq>LEG3k>!IQ$1gA!w9L
zi;NS7SZ|*OrVSOd5TSc;K3IMX<rdHjS7tOcQ1vl&`BEFi+3CGCk~<i*4kuWbm);F4
z-o>;($IL9D_9X9Bw@ldjF5aw(cA7ej>6R4Tt0)B9k@+^WLulC`$etpN4cC;*?6gcR
zd)#4)DJIkG15ta_SpI^P*|xejMsI(H4L1Sd*Vxq{an3B3K}Y^zh=!LIO7vU0v`8>H
zDq831x?-alm4mf!@>sp87XAGqFi|5jKh2yUhjv0?gpSUG;qN*ppccl9crUfk$A;!}
zG>T2Ek<PqlVJ%UuIi9#P{RrWEVX+%xs&f3#+Eq%J6Q(c_Pmq@#hzhIzR4j?Ec>alo
zHwvN_`zJ5gP26o3BX?&xpwJlaW){MxV<JM@{8x7Iug#zRW<l?R`JK%PTn(M$TU@d2
zKRCj6O|P_lDis!JhOs4_I~P+_yHJwr*FKlQCZ*SLnPSxAr8x!TM>XrvY7S&kp&ot)
zVm>K;CuT@6S$3pYC;Qx7sj>TBq`ibVGv83~q{J*0d2gBd4RG&F5K0>t4<j$$PWRN!
zDP}fS_7V>&#4BGP&lFx<z9eSzaxmfrz{}3)W9#eB7`MX3HPeM>LVSJ~0-lDIgWzi;
z_eD!Jq|thwNis7Yipv+Y<%Y$0;M?}AEDbp9w^^3nQ_R<Vg~;W-xHQ+Mhvf)9^7@$y
zhj1&qxZ&){m|>1=Li>cJ(a~<QT>0>hiG$e&&v7t2xuT!6-(1Ngw4rZgFo%j1<lC<<
zZmb=p5lgFrtylc6SAHXvYmD}&@@fMcy{hdmH{d!iyyHIv3O8v-9c=WL<HzTRYC0U7
z14xa9eAt+Otf=vIA_MFqw&{CbEvemXH(xC4pI!ahJbLi*8}!iMZUQ<<VJcZS{vN3e
z91eG|Ey$gJTjYXNjEHz_za3Dw%9U@=@n|$Rn{!3_$kAea@Pe_vre8z+xBq$LGOV@0
zT4EQ+=iYCndI8p8bbpr6Ja!jjWFeU1{sB&e_Qyvt!_F#Y2J%WQG#ECm>}E4;;j9L)
z>kG3~-SW0JzC*?Oo@-kB94Zc&2~BYVjP0tgU|6bC8u?BPMFZ|(a+we`TGh`4`E^dL
zqz`N=o<W2p?Foq9#*&gK89yu~eyrL~9=EI9v@VG6LZ&zufP~<%lGbi4C!M_XfU`xt
z(fKiI$o6adV`+nfq=uo9#HlThbY6DVwtBXS7!Zc^c7n?CvD4v_W$2IVkTO^&@+sp5
zFhVZk>}9&)6<b%I8X`(6?^Vw%!0tJRRJ?3obcIgr9)C%y1a=%U<#GaXH~ra2xN3%7
zX$UvJr*B*Ta;c=tNRy6g*7A8A%WGgz^kbkaw7IpC8$mXd@x!6K)O0%qS8sMOl)b?f
zBBJ^E#WWPwLhMW;&MyQouwV84Ql!f)Hd-o~B%9lO<@dx8{;=q5O1bYde4PB5l(2(R
zo5ItUZA{pK#VgxKGQI<*0tzeNn`D(|6;_wz$-aI@B;>ZSvj<y}EEo|P>Bf5zcqh(o
zLY^zbnV4-Xp8rx5vuO$KMWb~pogL+gU471z7jFa=<coR^-c0`DbsIzdku7GqXt7t0
zx~XAz<ZXE!0%o9_DnZ@iRcj+|#hcmRnRK(O5ISyiG2u<CQ{sN@Z=cBG&e!h<!x!a$
z%OnD54tJ#_l}zxJG{p*VQjL=)kfGOXHq2QdS<hvqKEY)7<;a^L;|f;d<?$J65MS6j
z7N~~GYsr9P(gp)x5keM5xK*7L%wr2F5{2n{l7@m$H1qR8S45oRmPIjgoZR$bhMNhp
z{u36w4~+KKiwUXhZQZ7MZP1x~37cYB=FpCL-S_*u89$U)<N$R>3U&eO=l)w}!n0|_
z*Ya~;ekLxt;OB^_9L_Za@Cwz4q)4zoHTw<~zBX7L;60MyLYR_~Y1WVT3EH!pRL^vS
zHG~<KjK9<6i7~gA?Xo!^^aS+VZM3a9z`ml1R?lcP$dR>@tfzEz4h`Q}B!&9t*(PgK
zzHkRHmW+2B*l(4H5!Olj(DCGc{7hT7gRY}S^J7i>(P0;ClY-WZK-;?Bt&xi$oX;2f
zSSKnGvG4<Pbob3pN|_B$(ETTsk99vamH6WT3%$P<#5Eh(ylL`$@y=_caNco~BFc=)
z@msLgkX6fk-(}eIVYNZQBGDK`__VtUb+K?h{@W}5hr+U*!^dv<>Q}*q;K!{PVu^N-
zU_AI*CPbCCL|Z-Wc)FsPS~QqJ`~xO(P@#(W3UV@q_m70&Cs|Vg_G<G_<)R=qn6ltU
z;slkp>G2yusbf~~EKPY?{gjB|9Y1TzQd(4Nm>#ZDkR|sz!%^oUE8~7>cmk4o-a$+7
z*qmE=6z-c-QWhKZ$Vi#oL);#sY1NS(7aLn`K_FNp8SM8y%{}u;t7MP+plSv!H1O<<
zS)c`MY{x!ECxpygWg>hkC+fG#bpMQWekEB@gPy${ty!1;pa^Czm({^ryc3-k<gkhf
zX4uEBWn)Sze8-`bT}YZF<Iiogqiip7<NzwxUCC}VhJWJF>!I3p^eYadl$>qwO-O90
zw0<#j^*-3?*+8wqOaqm=ep5?6RH6);&^@ew6v^xNTMb%)e>r-31jCqafYvT1pj09F
z7gRo*J^WS(+kBf)HJ5&Hp$@QTN>LF~e9>)S+mAm5t__xBtvU_y6)VX$<UubZC)Or0
zj~T-A%hEiu#(b*1$?YcXv!qM0-WF6QgiwPg%O5^ui$~u_F!+3s0^ZMsUgII0^S)Ku
zQ!*1=JgD{|_}xXqNB*0=gB^ef<iJP0J+1amOE}f5HgS$hflWZOjeCiJ>V7su{!a^_
za&q}F8Yh;4<xoIisZVN(U5Z{odTkP>r9P$eOjPSWxcWUJS-WHQiE0$lRFX@!e2-d#
zwaPc{@!<|H(4fZGZeTAog3f#8fTy91b+RnEcj?B<|Hdr9<#iTJJ0O7%vT=n)b12-Q
zy3svQ6&4y}3T0!Zy_g2*$i|mcjH*{>H;|FnrGW{5&sY%xr9{vx)^N<%Zh5-+8)aU;
zM>@E^hm%m)^pO*O8Do#zS{P?~^%48Y#5}Rt&}W)zrFTJF0W^Kk>@}`PE<Iw4;sLJe
zJ(Mcpz+9!wwOWv5-jjTwEH7~KSJ=JVV<DPDV3y^kh@Nc{D{`zIso3GQI4z?z|4Pea
z&`m!i>dkZt9BX>3S<1IWDV}Sr*bCmR--0m)Fo3DP8_gcVsM<CjQ&zMd(#@emYf$IY
zW9*zSZOWc=DEb7YDqAb!I`Zg^?R`CkWxOL5sVGv+6SMgNp~+ids4!{uD&y<@IGq}w
zjL}L7Ybo2A*~q02_V_!CnUj0RUxL;Tz}SZz#pxI<CPXDPc9vUHI4pzRkt_6*3jvb7
zlA_nc)#~<cMG?|VF6WvTc02>Mm!oF4>4P{~C^7=SH}NiX2wDEzst+8UR`nH9g_Jtr
zf>*Z1Vx<FzPWj0Bteb~A+A~s@T^_y{rmmBI9YTd%hInXvf88-tZuOw;=XazseN_rK
z*QIT2J)dsTFoI_PUCPVOSykpQao-Hsdh3PSCS-n$XZrxCt^6z@POzfKnCL*+?-pjy
zR8rs09fegw33JUHpH<Ly-THabVB}!t*_gfb95%0UAuQ_{8)Y&Jvbs3J3JTSQTu52F
zWK@smny9XH?6J8l6dndqRcoX<wGE=p2t^&cDbZ6_4m2jRl+^s*|3T$oX}fjzsqLfY
zY^#x!kBYg`47CE4Lewd@W<GdetAQ}A0i))=tbi!gOGHo5+PBzn$8lj=V<0<%)wS&@
z4oxO}O4IC!O-=68$CTwbxw9P7^CObADqQ&}?D0Odg0+XetSxf5`#)>rmYi4T-6cNw
zi{GbJeO;ynEs>+^H!g`MLbV^tx@4`+^<q^f=$ETFWg6ktrw?HdD`R3P&~Vv$qThe3
zde3tnT0K;-Qiug6-{o-eKP$2u)Ap@(q~o6L#2fk%5M=RYb)r)XM2kLVq_V3s;dxxt
z_KiJE6aLnVWIDOraivwSr08L!7sX9({oWLC_Ne25lYe|?V;ZTVwn^;AQk8Wc>|R@q
zV~VZV&5=Dg%Y_OdrVM<?!B$?dvSv6^0M*g}l_SgeIzRY~Ty<T~!G)o5`d(d4C5Qb?
zTZWC9LIwG*V#*P&@#}5dXcEeg<bw~fy$*Rlk#E<9JVc&96NnflH%PfR)#vDW07IlJ
zj>MB&=-fh<y=m;4$UexJ1|~~nrn>}U9t##`f+CqxX)1kgP7iNR@b_Gs7qGH=wzW!&
zp#Yj0sy1x)M6rY`1w5Q1cLNnh2*mb{Y~)wD8*R1@og34$PcbK1ORpykPVm|noA7!W
z9Ql80Le0-7Tlkkf`p*W}l-9&g`zo?J=!CxL2i9GHGXj+3Y4BN6g9ouPy?-8a_O(Kp
zA^Y07b`ZBD>N>fghDCkHU!5`U67hXfp&j{CGz<=5BuuXwC>{gKn6Ku?H_B6$f!s9^
zr{`Lk^j+_RIcN*N4_be&<$2R|$uXmDG~X5Gk7-e``IX&z#Y%j})?5WbC`Mz%xwF7-
zPSw3hYekvdSndygc@Df8Qu{fB0QLgu)AyzQx33n?Y^Blf*Uyu<WAD9^>Jku{gl>)h
zu1O#r30wJ4yW?EhV!T0yRJmgF9>pkeAi~Jnm2J&>-|<1CEc3h@AGrcnMMH#ER#W5M
zL<bc%vYsTP=op{Ocxu$$(k}&a+6J`Hbu8O2<_Zx@>GH2u1I<3?Q`dLo#xMd|9KM?W
z2uLA9)9L)x%A3CQ*!y#ZP!#rVF0@y6ZY0N!+bQh=?&Gv9Wd<6V{#`!)a@U3Jt-|r^
zsVbqd<I`MvBG%lv#-AlG=A&psZZDH$7fYlyA{^fuABca5h|?23b7@Hmtcu0WR?jv?
zKif0Ph2KB=*(c`Pd{jzWHtE2z7FqlNZ+56Dyg{Uq%H62YI8|zgT*#wfSH$(}meoD$
zvFzjiR<bsQNP}MizP#O{v=~c<mq3^*O`~A;{=3!HYDa!qNrJs^0#)1=;Vs4nNCnk2
zw%_^JLdP{%8&9?kL)=TVFb}tH@7*cxw$!>UztIN(YIH#;#a$qX1n>u}Q9A_0hj#~v
zjDA}&T8!d_7IVN-LO{Zjcl#o!^CyE)ti~nOz(I|_jfoQgaJKY+;qAp~ZE0<9^MB$x
zhJq+Ti=1i0CQo4RLqV8~f8ilp3LD%-H-Uh=A^3Md)Gvz>U|NyL12rK5o_`s?&{H89
zIeA_|896}_VR=Cj896RDSG#|v`ZEUQpBsRm4Pe-07>N1b6v2sb5G9zg5e(D10#f1q
zdl~+hhdGKW7i@xZYF+|a2>zJ@<`{-@H=^82mq1$f|6amBQ_}vq0r-KMz;+F!|4*{N
zRsi;|N?6~5VITgk<iDNfC?~3NQeG=d5AJ_f^Jk9#KH&`1H1lu}^P{_q_x~R@iaJax
z4D^`suhah%!+6K${M*pqfngyLAX1aNi0{tqr_fQ-&EY8C>3{znc$&cg7fV+MTN_U=
zE|2H7f0g`Kf<Hh?|Csrr1q|Dd08tp-CHRl5_rFxVQRMGGjN&60;OXV>Y~y*y4E<;L
zKQ*OE|Cj{;RF8sTR*@ij*}L$6-UxRn+`lb+91O62;p%1M>h<sV==biNcXx^#N~hY4
I>5gpsKRXPhasU7T


From 84db3c3eaa7a4290692f4e096a56d45b0b69ca8a Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Mon, 27 Jul 2020 19:55:57 -0400
Subject: [PATCH 711/812] Prep for next snapshot release.

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 4a60e515e..6356f1973 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,7 +3,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.owasp.esapi</groupId>
     <artifactId>esapi</artifactId>
-    <version>2.2.1.1</version>
+    <version>2.3.0.0-SNAPSHOT</version>
     <packaging>jar</packaging>
 
     <distributionManagement>

From d9075aa36c66b3e4be81d50742dc77adebdaa30a Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sun, 13 Sep 2020 11:59:37 -0500
Subject: [PATCH 712/812] Renaming custom Java Level Class

Renaming class to identify that more than the Error condition is present
within.
---
 .../{ESAPIErrorJavaLevel.java => ESAPICustomJavaLevel.java} | 6 +++---
 .../org/owasp/esapi/logging/java/JavaLogLevelHandlers.java  | 2 +-
 .../owasp/esapi/logging/java/JavaLogLevelHandlersTest.java  | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)
 rename src/main/java/org/owasp/esapi/logging/java/{ESAPIErrorJavaLevel.java => ESAPICustomJavaLevel.java} (84%)

diff --git a/src/main/java/org/owasp/esapi/logging/java/ESAPIErrorJavaLevel.java b/src/main/java/org/owasp/esapi/logging/java/ESAPICustomJavaLevel.java
similarity index 84%
rename from src/main/java/org/owasp/esapi/logging/java/ESAPIErrorJavaLevel.java
rename to src/main/java/org/owasp/esapi/logging/java/ESAPICustomJavaLevel.java
index 7f4c595aa..31171528d 100644
--- a/src/main/java/org/owasp/esapi/logging/java/ESAPIErrorJavaLevel.java
+++ b/src/main/java/org/owasp/esapi/logging/java/ESAPICustomJavaLevel.java
@@ -20,7 +20,7 @@
 /**
  *  A custom logging level defined between Level.SEVERE and Level.WARNING in logger.
  */
-public class ESAPIErrorJavaLevel extends Level {
+public class ESAPICustomJavaLevel extends Level {
 
     protected static final long serialVersionUID = 1L;
 
@@ -28,7 +28,7 @@ public class ESAPIErrorJavaLevel extends Level {
      * Defines a custom error level below SEVERE but above WARNING since this level isn't defined directly
      * by java.util.Logger already.
      */
-    public static final Level ERROR_LEVEL = new ESAPIErrorJavaLevel( "ERROR", Level.SEVERE.intValue() - 1);
+    public static final Level ERROR_LEVEL = new ESAPICustomJavaLevel( "ERROR", Level.SEVERE.intValue() - 1);
 
     /**
      * Constructs an instance of a JavaLoggerLevel which essentially provides a mapping between the name of
@@ -37,7 +37,7 @@ public class ESAPIErrorJavaLevel extends Level {
      * @param name The name of the JavaLoggerLevel
      * @param value The associated numeric value
      */
-    private ESAPIErrorJavaLevel(String name, int value) {
+    private ESAPICustomJavaLevel(String name, int value) {
         super(name, value);
     }
 }
diff --git a/src/main/java/org/owasp/esapi/logging/java/JavaLogLevelHandlers.java b/src/main/java/org/owasp/esapi/logging/java/JavaLogLevelHandlers.java
index 4b223d176..876d666cc 100644
--- a/src/main/java/org/owasp/esapi/logging/java/JavaLogLevelHandlers.java
+++ b/src/main/java/org/owasp/esapi/logging/java/JavaLogLevelHandlers.java
@@ -27,7 +27,7 @@ public enum JavaLogLevelHandlers implements JavaLogLevelHandler {
 	FINER(Level.FINER),
 	FINEST(Level.FINEST),
 	ALL(Level.ALL),
-	ERROR(ESAPIErrorJavaLevel.ERROR_LEVEL);
+	ERROR(ESAPICustomJavaLevel.ERROR_LEVEL);
 
 	private final Level level;
 	
diff --git a/src/test/java/org/owasp/esapi/logging/java/JavaLogLevelHandlersTest.java b/src/test/java/org/owasp/esapi/logging/java/JavaLogLevelHandlersTest.java
index a5a7c201f..4ddf2c3ee 100644
--- a/src/test/java/org/owasp/esapi/logging/java/JavaLogLevelHandlersTest.java
+++ b/src/test/java/org/owasp/esapi/logging/java/JavaLogLevelHandlersTest.java
@@ -36,7 +36,7 @@ public void testErrorDelegation() {
         JavaLogLevelHandlers.ERROR.log(mockLogger, testName.getMethodName());
         JavaLogLevelHandlers.ERROR.log(mockLogger, testName.getMethodName(), testException);
 
-        Level expectedJavaLevel = ESAPIErrorJavaLevel.ERROR_LEVEL;
+        Level expectedJavaLevel = ESAPICustomJavaLevel.ERROR_LEVEL;
 
         Mockito.verify(mockLogger, Mockito.times(1)).isLoggable(expectedJavaLevel);
         Mockito.verify(mockLogger, Mockito.times(1)).log(expectedJavaLevel, testName.getMethodName());

From 61e4acfb3de976206f0fa5ccbe7c5ba2c5022973 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sun, 13 Sep 2020 12:01:34 -0500
Subject: [PATCH 713/812] Adding ALWAYS Java Level

Adding and configuring ESAPI.ALL to map to Java.ALWAYS
---
 .../org/owasp/esapi/logging/java/ESAPICustomJavaLevel.java   | 5 +++++
 .../java/org/owasp/esapi/logging/java/JavaLogFactory.java    | 2 +-
 .../org/owasp/esapi/logging/java/JavaLogLevelHandlers.java   | 2 +-
 3 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/logging/java/ESAPICustomJavaLevel.java b/src/main/java/org/owasp/esapi/logging/java/ESAPICustomJavaLevel.java
index 31171528d..81e48a8ef 100644
--- a/src/main/java/org/owasp/esapi/logging/java/ESAPICustomJavaLevel.java
+++ b/src/main/java/org/owasp/esapi/logging/java/ESAPICustomJavaLevel.java
@@ -30,6 +30,11 @@ public class ESAPICustomJavaLevel extends Level {
      */
     public static final Level ERROR_LEVEL = new ESAPICustomJavaLevel( "ERROR", Level.SEVERE.intValue() - 1);
 
+    /**
+     * Defines a custom level that should result in content always being recorded, unless the Java Logging configuration is set to OFF.
+     */
+    public static final Level ALWAYS_LEVEL = new ESAPICustomJavaLevel( "ERROR", Level.OFF.intValue() - 1);
+    
     /**
      * Constructs an instance of a JavaLoggerLevel which essentially provides a mapping between the name of
      * the defined level and its numeric value.
diff --git a/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java b/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java
index 601d0da2a..3a43c2c93 100644
--- a/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java
+++ b/src/main/java/org/owasp/esapi/logging/java/JavaLogFactory.java
@@ -67,7 +67,7 @@ public class JavaLogFactory implements LogFactory {
         JAVA_LOG_APPENDER = createLogAppender(logUserInfo, logClientInfo, logServerIp, logApplicationName, appName);
 
         Map<Integer, JavaLogLevelHandler> levelLookup = new HashMap<>();
-        levelLookup.put(Logger.ALL, JavaLogLevelHandlers.ALL);
+        levelLookup.put(Logger.ALL, JavaLogLevelHandlers.ALWAYS);
         levelLookup.put(Logger.TRACE, JavaLogLevelHandlers.FINEST);
         levelLookup.put(Logger.DEBUG, JavaLogLevelHandlers.FINE);
         levelLookup.put(Logger.INFO, JavaLogLevelHandlers.INFO);
diff --git a/src/main/java/org/owasp/esapi/logging/java/JavaLogLevelHandlers.java b/src/main/java/org/owasp/esapi/logging/java/JavaLogLevelHandlers.java
index 876d666cc..cce498680 100644
--- a/src/main/java/org/owasp/esapi/logging/java/JavaLogLevelHandlers.java
+++ b/src/main/java/org/owasp/esapi/logging/java/JavaLogLevelHandlers.java
@@ -26,7 +26,7 @@ public enum JavaLogLevelHandlers implements JavaLogLevelHandler {
 	FINE(Level.FINE),
 	FINER(Level.FINER),
 	FINEST(Level.FINEST),
-	ALL(Level.ALL),
+	ALWAYS(ESAPICustomJavaLevel.ALWAYS_LEVEL),
 	ERROR(ESAPICustomJavaLevel.ERROR_LEVEL);
 
 	private final Level level;

From 5e517a26fd7a8b28396de33db4a5150b69c2987b Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sun, 13 Sep 2020 12:03:55 -0500
Subject: [PATCH 714/812] Testing ALWAYS Delegation

Adding test case to verify that the JavaLogHandler routes requests for
ALWAYS logs as desired.
---
 .../logging/java/JavaLogLevelHandlersTest.java     | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/src/test/java/org/owasp/esapi/logging/java/JavaLogLevelHandlersTest.java b/src/test/java/org/owasp/esapi/logging/java/JavaLogLevelHandlersTest.java
index 4ddf2c3ee..a65e3bf4f 100644
--- a/src/test/java/org/owasp/esapi/logging/java/JavaLogLevelHandlersTest.java
+++ b/src/test/java/org/owasp/esapi/logging/java/JavaLogLevelHandlersTest.java
@@ -44,6 +44,20 @@ public void testErrorDelegation() {
         Mockito.verifyNoMoreInteractions(mockLogger);
     }
 
+    @Test
+    public void testAlwaysDelegation() {
+        JavaLogLevelHandlers.ALWAYS.isEnabled(mockLogger);
+        JavaLogLevelHandlers.ALWAYS.log(mockLogger, testName.getMethodName());
+        JavaLogLevelHandlers.ALWAYS.log(mockLogger, testName.getMethodName(), testException);
+
+        Level expectedJavaLevel = ESAPICustomJavaLevel.ALWAYS_LEVEL;
+
+        Mockito.verify(mockLogger, Mockito.times(1)).isLoggable(expectedJavaLevel);
+        Mockito.verify(mockLogger, Mockito.times(1)).log(expectedJavaLevel, testName.getMethodName());
+        Mockito.verify(mockLogger, Mockito.times(1)).log(expectedJavaLevel, testName.getMethodName(), testException);
+        Mockito.verifyNoMoreInteractions(mockLogger);
+    }
+    
     @Test
     public void testWarnDelegation() {
         JavaLogLevelHandlers.WARNING.isEnabled(mockLogger);

From 8590cbde13e44b0a04854f9f35691a220a019434 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sun, 13 Sep 2020 13:14:31 -0500
Subject: [PATCH 715/812] Documentation update

Updating Javadoc for Logger.always to state the dependency on the
underlying logging implementation.  If the backing logger is configured to
an "OFF" equivalent then logging will likely not occur.
---
 src/main/java/org/owasp/esapi/Logger.java | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/main/java/org/owasp/esapi/Logger.java b/src/main/java/org/owasp/esapi/Logger.java
index 8d372b624..2e3ec3399 100644
--- a/src/main/java/org/owasp/esapi/Logger.java
+++ b/src/main/java/org/owasp/esapi/Logger.java
@@ -401,6 +401,8 @@ public String toString() {
 
 	/**
      * Log an event regardless of what logging level is enabled.
+     * <br>
+     * Note that logging will not occur if the underlying logging implementation has logging disabled.
      * 
      * @param type 
      * 		the type of event
@@ -412,6 +414,8 @@ public String toString() {
 	/**
      * Log an event regardless of what logging level is enabled
      * and also record the stack trace associated with the event.
+     * <br>
+     * Note that logging will not occur if the underlying logging implementation has logging disabled.
      * 
      * @param type 
      * 		the type of event 

From 1fb2d6c031efa14c92384fc6a3641eb0b10210e3 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sun, 13 Sep 2020 15:53:25 -0500
Subject: [PATCH 716/812] Review Corrections

Updating class documentation to reflect the multiple Levels available.

Correcting the name of the ALWAYS type to be 'ALWAYS'.
---
 .../org/owasp/esapi/logging/java/ESAPICustomJavaLevel.java    | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/logging/java/ESAPICustomJavaLevel.java b/src/main/java/org/owasp/esapi/logging/java/ESAPICustomJavaLevel.java
index 81e48a8ef..148082944 100644
--- a/src/main/java/org/owasp/esapi/logging/java/ESAPICustomJavaLevel.java
+++ b/src/main/java/org/owasp/esapi/logging/java/ESAPICustomJavaLevel.java
@@ -18,7 +18,7 @@
 import java.util.logging.Level;
 
 /**
- *  A custom logging level defined between Level.SEVERE and Level.WARNING in logger.
+ *  Definitions of customized Java Logging Level options to map ESAPI behavior to the desired Java Log output behaviors.
  */
 public class ESAPICustomJavaLevel extends Level {
 
@@ -33,7 +33,7 @@ public class ESAPICustomJavaLevel extends Level {
     /**
      * Defines a custom level that should result in content always being recorded, unless the Java Logging configuration is set to OFF.
      */
-    public static final Level ALWAYS_LEVEL = new ESAPICustomJavaLevel( "ERROR", Level.OFF.intValue() - 1);
+    public static final Level ALWAYS_LEVEL = new ESAPICustomJavaLevel( "ALWAYS", Level.OFF.intValue() - 1);
     
     /**
      * Constructs an instance of a JavaLoggerLevel which essentially provides a mapping between the name of

From 9c09dd07aadefb630d778ebdb8bd8df37ad2379f Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sat, 24 Oct 2020 09:54:55 -0500
Subject: [PATCH 717/812] Re-adding ErrorJavaLevel class

Resurrecting class from history for proper deprecation workflow.
---
 .../logging/java/ESAPIErrorJavaLevel.java     | 43 +++++++++++++++++++
 1 file changed, 43 insertions(+)
 create mode 100644 src/main/java/org/owasp/esapi/logging/java/ESAPIErrorJavaLevel.java

diff --git a/src/main/java/org/owasp/esapi/logging/java/ESAPIErrorJavaLevel.java b/src/main/java/org/owasp/esapi/logging/java/ESAPIErrorJavaLevel.java
new file mode 100644
index 000000000..7f4c595aa
--- /dev/null
+++ b/src/main/java/org/owasp/esapi/logging/java/ESAPIErrorJavaLevel.java
@@ -0,0 +1,43 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ * 
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2007 - The OWASP Foundation
+ * 
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ * 
+ * @created 2019
+ */
+
+package org.owasp.esapi.logging.java;
+
+import java.util.logging.Level;
+
+/**
+ *  A custom logging level defined between Level.SEVERE and Level.WARNING in logger.
+ */
+public class ESAPIErrorJavaLevel extends Level {
+
+    protected static final long serialVersionUID = 1L;
+
+    /**
+     * Defines a custom error level below SEVERE but above WARNING since this level isn't defined directly
+     * by java.util.Logger already.
+     */
+    public static final Level ERROR_LEVEL = new ESAPIErrorJavaLevel( "ERROR", Level.SEVERE.intValue() - 1);
+
+    /**
+     * Constructs an instance of a JavaLoggerLevel which essentially provides a mapping between the name of
+     * the defined level and its numeric value.
+     * 
+     * @param name The name of the JavaLoggerLevel
+     * @param value The associated numeric value
+     */
+    private ESAPIErrorJavaLevel(String name, int value) {
+        super(name, value);
+    }
+}

From e4b8c4c56746afb3d609b24c43540f3b53af8a46 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sat, 24 Oct 2020 10:00:02 -0500
Subject: [PATCH 718/812] Deprecating ESAPIErrorJavaLevel

Updating implementation reference to be deprecated.  Binding name and
value attributes to the ESAPICustomJavaLevel.ERROR values to ensure
consistency between the implementations.
---
 .../org/owasp/esapi/logging/java/ESAPIErrorJavaLevel.java   | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/main/java/org/owasp/esapi/logging/java/ESAPIErrorJavaLevel.java b/src/main/java/org/owasp/esapi/logging/java/ESAPIErrorJavaLevel.java
index 7f4c595aa..b0bfc5536 100644
--- a/src/main/java/org/owasp/esapi/logging/java/ESAPIErrorJavaLevel.java
+++ b/src/main/java/org/owasp/esapi/logging/java/ESAPIErrorJavaLevel.java
@@ -19,6 +19,8 @@
 
 /**
  *  A custom logging level defined between Level.SEVERE and Level.WARNING in logger.
+ *  @deprecated
+ *  @see ESAPICustomJavaLevel#ERROR_LEVEL
  */
 public class ESAPIErrorJavaLevel extends Level {
 
@@ -27,8 +29,10 @@ public class ESAPIErrorJavaLevel extends Level {
     /**
      * Defines a custom error level below SEVERE but above WARNING since this level isn't defined directly
      * by java.util.Logger already.
+     * @deprecated
+     * @see ESAPICustomJavaLevel#ERROR_LEVEL
      */
-    public static final Level ERROR_LEVEL = new ESAPIErrorJavaLevel( "ERROR", Level.SEVERE.intValue() - 1);
+    public static final Level ERROR_LEVEL = new ESAPIErrorJavaLevel( ESAPICustomJavaLevel.ERROR_LEVEL.getName(),ESAPICustomJavaLevel.ERROR_LEVEL.intValue());
 
     /**
      * Constructs an instance of a JavaLoggerLevel which essentially provides a mapping between the name of

From f7cdb19e6704904c27e34953961284d16a71bc21 Mon Sep 17 00:00:00 2001
From: Jeremiah Stacey <jeremiah.j.stacey@gmail.com>
Date: Sat, 24 Oct 2020 10:03:16 -0500
Subject: [PATCH 719/812] Doc Updates

Adding date and reference to ESAPIErrorJavaLevel class deprecation
annotation.
---
 .../java/org/owasp/esapi/logging/java/ESAPIErrorJavaLevel.java  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/org/owasp/esapi/logging/java/ESAPIErrorJavaLevel.java b/src/main/java/org/owasp/esapi/logging/java/ESAPIErrorJavaLevel.java
index b0bfc5536..ebe0e354c 100644
--- a/src/main/java/org/owasp/esapi/logging/java/ESAPIErrorJavaLevel.java
+++ b/src/main/java/org/owasp/esapi/logging/java/ESAPIErrorJavaLevel.java
@@ -19,7 +19,7 @@
 
 /**
  *  A custom logging level defined between Level.SEVERE and Level.WARNING in logger.
- *  @deprecated
+ *  @deprecated 10/24/2020 : References should use ESAPICustomJavaLevel.ERROR_LEVEL
  *  @see ESAPICustomJavaLevel#ERROR_LEVEL
  */
 public class ESAPIErrorJavaLevel extends Level {

From e0943e2e61ae7c5df2c8ac029f686e94ea6f86ad Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sat, 24 Oct 2020 21:25:10 -0400
Subject: [PATCH 720/812] Add @Deprecated keyword in 2 places to get rid of
 compile time warnings.

---
 .../java/org/owasp/esapi/logging/java/ESAPIErrorJavaLevel.java  | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/main/java/org/owasp/esapi/logging/java/ESAPIErrorJavaLevel.java b/src/main/java/org/owasp/esapi/logging/java/ESAPIErrorJavaLevel.java
index ebe0e354c..9a2b98aa7 100644
--- a/src/main/java/org/owasp/esapi/logging/java/ESAPIErrorJavaLevel.java
+++ b/src/main/java/org/owasp/esapi/logging/java/ESAPIErrorJavaLevel.java
@@ -22,6 +22,7 @@
  *  @deprecated 10/24/2020 : References should use ESAPICustomJavaLevel.ERROR_LEVEL
  *  @see ESAPICustomJavaLevel#ERROR_LEVEL
  */
+@Deprecated
 public class ESAPIErrorJavaLevel extends Level {
 
     protected static final long serialVersionUID = 1L;
@@ -32,6 +33,7 @@ public class ESAPIErrorJavaLevel extends Level {
      * @deprecated
      * @see ESAPICustomJavaLevel#ERROR_LEVEL
      */
+    @Deprecated
     public static final Level ERROR_LEVEL = new ESAPIErrorJavaLevel( ESAPICustomJavaLevel.ERROR_LEVEL.getName(),ESAPICustomJavaLevel.ERROR_LEVEL.intValue());
 
     /**

From cf4de093ff6b24a00d2e99396522a70b895bbabf Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 24 Oct 2020 22:05:21 -0400
Subject: [PATCH 721/812] Bump junit from 4.13 to 4.13.1 (#575)

Bumps [junit](https://github.com/junit-team/junit4) from 4.13 to 4.13.1.
- [Release notes](https://github.com/junit-team/junit4/releases)
- [Changelog](https://github.com/junit-team/junit4/blob/main/doc/ReleaseNotes4.13.1.md)
- [Commits](https://github.com/junit-team/junit4/compare/r4.13...r4.13.1)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 6356f1973..a044d031f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -321,7 +321,7 @@
         <dependency>
             <groupId>junit</groupId>
             <artifactId>junit</artifactId>
-            <version>4.13</version>
+            <version>4.13.1</version>
             <scope>test</scope>
         </dependency>
         <dependency>

From a8a79bc5196653500ce664b7b063284e60bddaa0 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Wed, 25 Nov 2020 13:09:19 -0500
Subject: [PATCH 722/812] Close issue #581. Details of changes follow:
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Edited output from

    $ mvn -U versions:display-dependency-updates

with pom.xml from 2.2.1.1 release:

[INFO] The following dependencies in Dependencies have newer versions:
[INFO]   com.github.spotbugs:spotbugs-annotations .............. 4.0.4 -> 4.1.4         <== Updated to 4.1.4
[INFO]   commons-fileupload:commons-fileupload ................... 1.3.3 -> 1.4         <== 1.4 causes test to JUnit test to fail.
[INFO]   commons-io:commons-io ................................... 2.6 -> 2.8.0         <== 2.7 and later requires Java 8. Can't update yet.
[INFO]   javax.servlet:javax.servlet-api ....................... 3.0.1 -> 4.0.1         <== Do not update. Support for new major # (4.x) of servlet-api may require updates to newer Java Servlet Engines / App Servers and thus newer versions of the JRE. We are trying to support JRE 7 for now (until CVEs force us to upgrate). Hopefully we can support JRE 7 through the EOL of ESAPI 2.x, whenever that may happen.
[INFO]   org.apache.commons:commons-collections4 ................... 4.2 -> 4.4         <== 4.3 and newer requires Java 8. Can't update yet.
[INFO]   org.bouncycastle:bcprov-jdk15on ...................... 1.65.01 -> 1.67         <== Test scope. Unchanged. Updating to 1.67 causes NPE. Specifically, get this error running 'mvn site':
    [ERROR] Failed to execute goal org.apache.maven.plugins:maven-site-plugin:3.9.1:site (default-site) on project esapi: failed to get report for org.apache.maven.plugins:maven-javadoc-plugin: Failed to execute goal org.apache.maven.plugins:maven-enforcer-plugin:3.0.0-M3:enforce (check-java-versions) on project esapi: Execution check-java-versions of goal org.apache.maven.plugins:maven-enforcer-plugin:3.0.0-M3:enforce failed.: NullPointerException -> [Help 1]

[INFO]   org.javassist:javassist ....................... 3.25.0-GA -> 3.27.0-GA         <== Test scope. Unchanged. This is latest version that supports Java 7.
[INFO]   org.mockito:mockito-core ............................. 2.28.2 -> 3.6.0         <== Test scope. Unchanged.
[INFO]   org.openjdk.jmh:jmh-core ................................ 1.23 -> 1.26         <== Test scope. Unchanged.
[INFO]   org.openjdk.jmh:jmh-generator-annprocess ................ 1.23 -> 1.26         <== Test scope. Unchanged.
[INFO]   org.powermock:powermock-api-mockito2 .................. 2.0.7 -> 2.0.9         <== Test scope. Unchanged.
[INFO]   org.powermock:powermock-module-junit4 ................. 2.0.7 -> 2.0.9         <== Test scope. Unchanged.
[INFO]   org.powermock:powermock-reflect ....................... 2.0.7 -> 2.0.9         <== Test scope. Unchanged.
[INFO]   org.slf4j:slf4j-api ........................... 1.7.30 -> 2.0.0-alpha1         <== 1.7.30 is latest GA release (as of 11/24/2020).
[INFO]   xml-apis:xml-apis .................................... 1.4.01 -> 2.0.2         <== False positive. 1.4.01 is actually the latest official release (2011). As per https://mvnrepository.com/artifact/xml-apis/xml-apis, 2.0.0 was from 2005 and was moved to "xml-apis » xml-apis » 1.0.b2" and 2.0.2 was also from 2005 and moved to "xml-apis » xml-apis » 1.0.b2". So it appears it was just a messed up release versioning problem.

Edited output from

    $ mvn -U versions:display-plugin-updates

with pom.xml from 2.2.1.1 release:

[INFO] The following dependencies in Plugin Dependencies have newer versions:
[INFO]   org.codehaus.mojo:animal-sniffer-enforcer-rule .......... 1.17 -> 1.19         <== Updated to 1.18. Updating to 1.19 gives lots of errors on 'mvn site'.
[INFO]   org.codehaus.mojo:extra-enforcer-rules .................... 1.2 -> 1.3         <== Updated to 1.3.
---
 pom.xml | 41 ++++++++++++++++++++++++-----------------
 1 file changed, 24 insertions(+), 17 deletions(-)

diff --git a/pom.xml b/pom.xml
index a044d031f..38b9f54e0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,7 +3,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.owasp.esapi</groupId>
     <artifactId>esapi</artifactId>
-    <version>2.3.0.0-SNAPSHOT</version>
+    <version>2.2.2.0-SNAPSHOT</version>
     <packaging>jar</packaging>
 
     <distributionManagement>
@@ -134,7 +134,8 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <version.jmh>1.23</version.jmh>
         <version.powermock>2.0.7</version.powermock>
-        <version.spotbugs>4.0.4</version.spotbugs>
+        <version.spotbugs>4.1.4</version.spotbugs>
+
         <!-- Upgrading to 3.0.0-M3+ causes this test case error:
                 org.owasp.esapi.reference.DefaultValidatorInputStringAPITest.getValidInputNullAllowedPassthrough  Time elapsed: 2.057 s  <<< ERROR!
                 java.lang.OutOfMemoryError: PermGen space
@@ -238,17 +239,7 @@
         <dependency>
             <groupId>org.owasp.antisamy</groupId>
             <artifactId>antisamy</artifactId>
-            <version>1.5.10</version>
-            <exclusions>
-                <exclusion>
-                    <groupId>xml-apis</groupId>
-                    <artifactId>xml-apis</artifactId>
-                </exclusion>
-                <exclusion>
-                    <groupId>xerces</groupId>
-                    <artifactId>xercesImpl</artifactId>
-                </exclusion>
-            </exclusions>
+            <version>1.5.11</version>
         </dependency>
         <dependency>
             <groupId>org.slf4j</groupId>
@@ -295,6 +286,7 @@
         <dependency>
             <groupId>xerces</groupId>
             <artifactId>xercesImpl</artifactId>
+            <!-- Note: CVE-2020-14338) in xercesImpl:2.12.0 but Apache has not released an update to this library yet to eliminate it. See ESAPI-security-bulletin3.pdf for further details. -->
             <version>2.12.0</version>
         </dependency>
         <dependency>
@@ -327,6 +319,7 @@
         <dependency>
             <groupId>org.bouncycastle</groupId>
             <artifactId>bcprov-jdk15on</artifactId>
+                <!-- Tried to update this to 1.67 but that resulted in error when running 'mvn site' -->
             <version>1.65.01</version>
             <scope>test</scope>
         </dependency>
@@ -506,16 +499,30 @@
                   <dependency>
                     <groupId>org.codehaus.mojo</groupId>
                     <artifactId>extra-enforcer-rules</artifactId>
-                    <version>1.2</version>
+                    <version>1.3</version>
                   </dependency>
                   <dependency>
                     <groupId>org.codehaus.mojo</groupId>
                     <artifactId>animal-sniffer-enforcer-rule</artifactId>
-                    <!-- Apparently 1.18+ requires Java 8 to run, so this is the most recent version of this plugin we can use -->
-                    <version>1.17</version>
+                    <!-- Updating to 1.19 causes lots of errors in 'mvn site' so leaving at 1.18 for now. -->
+                    <version>1.18</version>
                   </dependency>
                 </dependencies>
                 <executions>
+                    <execution>
+                        <id>enforce-maven</id>
+                        <goals>
+                          <goal>enforce</goal>
+                        </goals>
+                        <configuration>
+                          <rules>
+                            <requireMavenVersion>
+                              <version>[3.2.5,)</version>
+                              <message>Building ESAPI 2.x now requires Maven 3.2.5 or later.</message>
+                            </requireMavenVersion>
+                          </rules>
+                        </configuration>
+                    </execution>
                     <execution>
                       <id>check-java-versions</id>
                       <phase>compile</phase>
@@ -739,7 +746,7 @@
                 </configuration>
             </plugin>
             <plugin>
-            	<!-- Generate /site/apidocs and /site/testapidocs -->
+                <!-- Generate /site/apidocs and /site/testapidocs -->
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-javadoc-plugin</artifactId>
                 <configuration>

From c76fa9876cc854cf3a1c25a34f9c0b722df428da Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Wed, 25 Nov 2020 14:46:43 -0500
Subject: [PATCH 723/812] Added section for additional preparatory checks to
 help ensure dependencencies and plugins are up-to-date.

---
 documentation/ESAPI-release-steps.odt | Bin 165319 -> 166633 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)

diff --git a/documentation/ESAPI-release-steps.odt b/documentation/ESAPI-release-steps.odt
index 33e7a367d25f75d5535c1da7d9ec4f8ee7888f6c..479126416f10ae7d0830ccee03858a7c1cc9d198 100644
GIT binary patch
delta 50029
zcmagFbC4!MxBuC;ZQGi*d)l_`p0@q8ZQHi}Oxw1tX;0hTzj^PCdt-MacK6gDbt>y*
z#)+zLRz_5w&uBE<St=Zok}Nm`1_%fY2uN10mvSPKG}3?0GqK7Ob6g-Gb6kn$B4FSk
zi4}4HX?ZnS6<t+XX&n_AEe$PcbyGPlGkF~wIekYhJu^KMYi$d6Q%yNDT}?B6V`~#V
zS2J}FOI>Fx18)lzFH0?7TRkgFYb#q9dq+E4XHREaYe#!$cV}BqPfu&lP%qyg{{TO`
zz%;+WFxQY2*U${#umu0eWS^KEkC;N=#IgW@qke#$QK*MakgsQwpG^QDAT-c7DcChB
z)H@~8KQqiVH_|O5%C9Kat3261_@9MFhDU^kM#e;i21iGRMn^{ng(ikXC5OajM#m;b
z#%9MQ#Dpbe#U`f2Bxl8EW+#RRCPxJ)#YJVt24}`aB*rBqC&uO^gk~kjWM#ysr`x4R
zr4_~GHD=@%<rd`T6qcoyG$oXFC078m%NuhmnsTc<OEY2$(-VralMC~*DsvMn^RpWB
zqst4@iVJhA3sb9$bE+$ITZ`fvijy15vYV>%y33P0E7H4ba!N}}i%Kj19i<i3Rb@pL
z<rT?FU>Jb5(x$H3#^#!quDT9jQ*A{<eM4(QX-h+GcVkIsb4^c2P4ho%>um36Z|&^q
zY-{f6Z0+gk$*S+qZ5%FZ>8ofPtn28j2F_Fh=UaLP8i8ZL-+gs`v-N{Z&HYoq`}*2O
zSAH+-_t)i&wwLt*Tl;?ZOaPnu`+lzs)~^lK1D3}+`}+EZMka>Grp87FC&q@y#>R%G
zR|aR+CZ^|Smu80Mw<Z^srkA%CCkNMN23O|BH|Ga87bh1Nm*!VC=GS(%)>k$+Hzqeu
z*SGiA56(9J+#W3t?yXFnY)oEkPaSM79_(!V*<Cu?-?~0pxjf!}INvxvKHfh$KRUZQ
z1DqUQ{5ih3xH!JLKe>HAyM4O2f4RRrzPrA7yWanM^Y{7g;_2z>_UZNE_2c#F{_XYY
z>+1^y1myesdkK=l7X*YOTKcDmn&-xqA7a9hhM(oNbEj+^3LQ@b@Cl@~+W=ow{Il_1
zqevf}slmjX8hStSEOGS8(_+icJ;UdhH9#+>*_Bz1-6Ood=;<LY3~9=d?@B!P+P|}!
zLbo0*@h(b1yu;&ylR}{nbdbuUe?Ow1)2P4}%VQacEM2>f?6T3fUm|gie0J8V^S$!k
z`+f7hF2wp_+4wQUgxhU)nbasd^8e)kaKC%Taas&LIosYb0H5^Te%9O{*Atk)-VbbM
zg9vw`Uqa8%!_AL~U7ZTu-}ORxNKAf@_x=5|pR;SDL>~`-TY!&6l1zx*yYEfgUdAj0
zU%0QNNw?JXy4x?W-;KQAYdK%Fr3WtgpP9W(vxa!T&%VgpHRpD(0CL|`;jO0tjeV}R
zM+YP!$X<?*$NbOt&)|XlRpQs;ky7L`jpvWM3&2;#t+{8}-O|(uc`vW;1##~uGW{Ri
zZ94wH>G{48{uY%V<NJSK9?*qe-v<HF+vwqGg7@vce}8*y`5!%LBIaxEyg(0ze{bRV
zpGR+E=jSIee-@8<{&w7SAo9EfSR%#rz7js~ro4}M7(UlM13!_&95&w1GxNJUJHN4A
z-j{U!pDm7O{n>nW|GvCrhu`=<7XrT(rY|Rh{06zcZvXy}z418=1v<P;?UlLQ(feO$
zh68BhKhNk#F9ncqa=+{E>)*l!djIws3VkGt^**L$Ga&-twm#Jz_maZ_sRB10PPP|N
z-pr%FSwGGdKfnGuu$!ibA@6?0_uyAninaT?&K`stcubBy>I%MoRBNi58WQ|Ii$`Ye
z!TLP@YG+(Bcx`J>*>T^M{}Vm9nqnaI@hIfGc(L2?_uWD0A*>yNc)j}id-ld>Fu(Un
zNN&sjzMk+c^zh%ayv6<oe17AK#b13dcH#@V?oLOC8+>lBB7fV@>VET)gJ)77wG(z5
zv!s1)@85GFeeYA3GZ!G2BNv|9drb}o1Auox0D%Ml<E!i}|NE3`{FcAdOKSAszNUfa
z-LJv@#ohNWRYgPJ+h5H7UkjRfz?Z4h@LjJUPQmxmefC)a!0kIgQP2D2VwPW0=xyjP
z->&ytXt}}10KB6AcVv05gxBTSY1o4ccDUion@67C{_TFUn77Ou>x7e`=f|zAqHiS8
z+Y|aju_8k6_sik#+k$48qTuV%+HiUA<IAB?PUiWm!$-$S!3}>a-@d`9^8q{a+_Bf|
ze!TCu?ksZe<Jd63k{NM%_WHY45viBY>EL&z13#Y{+^my-GLcfh;Z>)r!`s1RLX3yp
zWxC)?`0RJ~D)KJPF@W98%vOhpX#58BL8tUK=3)I(*PifuBzjhm&-bhUY$=ghX1DvQ
zw)fqc;?UGbsN;0u-Y5QJN1h$qz~wu!v3CrC_;vlT-g_TVAMP;QbNl3B{v_-0exf<`
zR;pOaB(pFKZn&%Qy=N{pVmf2^F`gaH+{NrFxawQ@xMh0XoKGa!`?xIR{iRITH0$>@
zNhk;9t0WLMgD`eF#h(A`w;b#8nZw7T<*j~5x9kWq*<mR5pTpxPIk^$YOJn{%=H^op
zTHG5#{A@>nlZWE>Lmp@@ZDjO27j6j~l^yEudQ%VKKb>v|P@~@fer5_vQ%6sL!zI*(
z;WmQ5y$yqyhC_$(Ej7Z&;;-mXe1{6)U0Ec6=eOleqCh>vXY@xNhVes3iQ<_Ppk;Q*
zOpn{w%IEU5-0-zO|Gjhda$9oe?Zhz6@a)OIYq1M({KOTYNx1$U#kIxF>HjBfSX148
zO;#`c<@Yx^b<m!R^f<T2(cDwD!%WY?iI`8^CC^daj^q7C?3%iR=OY3TzyAGEjH}#X
z%fsvd5x#!x#*Yw)4SxB4>9dyXNBTO?kG>l_I%|l-|MsW&lvu#y>!Z`<bar0;H^2Aw
zR;UZ$!Hvc9VZiH6^m#Uy*w_2-*?oQ)<HHr$CeL%Rm*AUa_rXm*8}6*&qqAO~JpX=H
ziG%Y_DSaw@+*Q{nC{avSk=T4x{lb%&zAn7<_}?QD`tGD<)zna3c46g(CNl5@gMOw|
z6g8AauJqnyEA!?^#Zal9tME>w%R8>5q(pl_x^q;OnHx7}ak&~uKvFi?T$7<QE}=p9
z#{P&p?^nS6kYY=Tz6@`L?bdL|vU|g!t7GSSA--$#cG+AQQ33qs`QF+>S@k0PGl6gF
za6hwKNBE$kM{YG>L>dXvFC7UbKR%U-nA!F(Umkj1hb+tWDAT~bz$|`<k6`D7n+hp_
zXQRiYu$c7)WqqFYQpQQt<hC7=Q;=j5(X3cOT8AaN%-qC^tR%zRtF0-(W^M`JihgEJ
zEsh<P$j-2_X)>C#-kIB-V~3TST0jqSmXc5nMbXa}j!9-><ZK;RJWM-N8298Jy1yTR
z4YMFl!1dR$R!m_qzJ#vt00<Tp5g!gf_f^C@qYk{S^>BP=Ao=PKcb~~7C3tzpgME#S
zE+e<0UBTJR`tiAFYZMCSbXDa==s=InKv5h?lO<yt$9ZfQCZokt+mvB(YP)8!Ka^h{
zfq){^bpQC2r;roaqz)Yw5FeX=x4d0tOFqm{V8CBLo>Mig5Yczg?GQYOb1oGSXWWJ$
z)q4X47AB;>!iU4{&*Es}JVp#lxaxAIJ=FGMMU#?rf$tWtq+xG+tBj_Hr`wZ!x!nIy
zWCvvv8Ty)05Ihpk2s%d@<kTrK@GQ+@H2^e1?Pj{Uc+y9DFWx^!yTzn<m0Qm8E`S_E
z)5$0dw!}+`?qIuMT(E<IgSP}wPj(e8ULC}QsY6WCQ(683P?Hw(^|#QW!TM`nj^2bR
zN)Zq=bVmkfl60ur7MJ<6lj3flA<gVBL_w-kQjTj&VMLBmTZ~$cmUhontuK|-OrlJ{
z39=+-@ii>inF?Y?zh($o$%YGVd;lkPH+ni{pNDS?NM9(n&GJ#eB8UK&tzKOI0oSfw
z7c{rqb60M_*hD)I<>d-(sLHGk<$6wfx8}1#Z?7Aj=n2gqVz%8T^vtB;x{tr$@9B|R
z>zsoUaU2SU7<Q;#L%fL&b?Y`*uQAc)O)m+h%9u{T2_>5WLK&zp7$~u5oJT>G0Y7hw
zOj&R|WMU@s`(@CYU$g<h#RWbAzfAqc9Ww&?$Xlh=J@VC2#DTEx@t67@ize#=V~>m_
z>W?lK6TNd6B;-!sqqW3>+fSn>qk%9tL`o=Bc3BeT0qw%DBojKl4M!Q`PRqp^dJwZ_
z89Y$=q+2a*B4WO(c+g|ULl|;dYLe{gX@#rikv>Eca3een+C@OHs{*=^GsouLrs#nx
z%P7G<nf=BL(oxe)Ny$GoR~P(-*tl6eQBRnpPjXh0#;0vAw^&khcM#8GyU9wV1wZEu
z@jBZvEl8-0AxwdfYRPCCJ>|%NrXF6aUtHE{zk2-9*8baKuD$igP7kL^Y%<nn`6#Vy
zjrxUqi_YU7!zDmj{hO+C%cvQe6tssQF^#8*k|5mVgRiFX5ETj0N1=STbXuSHo5U-`
z<8baVyageNTo3Ip)v?{k(!m#dH(vg_J}XItBv(bxIXvt%1lV=Ao(%iXBh+|MHO(0N
z-&e|7TjfRpM0k#C!!M)ghV!Ru)r#3~2+Ym6VSXWkFO`70;9=c~m8zcQtiDY)o7&n<
zmD-gd*NI=x3$9c{1zPhfX=&=MoFb6G!=;9Oj>hFW-n39g-<$18h2|f{ZVdlEp>2z6
zdb>-FcCCytSC3Rz2d<(DxU5QYLMMu>Zk>Wy_XI=?)07(7aCUOUbM&qaMH5lZ)l7xK
zE-91!LyUmu+|(0>j-+X`<>7Y_UVXJi?F7HQ{Twj+i9t2*W1tZ$@V21HytLcLk*a(w
z87`quPFZGF^Q5G4w*zz99c&06?+h$PR;q<?;~L6jq!<yClGedjs!gWJymYhLS$TF>
zovE5GBW3l-yuKzVwt3wIGVSEi`ffjU!8Jb0MIEpRxM?YzXfK**S*as|bl0g;9;?j_
z>+JDwLBRN-56ZHtr?0BUl55CP^NRslohA*D)nz*ZeD~bU<ThNtt06PTQG!I@Zt?m3
zQxN|!Fvq00o0wE}7qejb_(TKLq?1ZK8|T3ex0Wi`>uk+%_naL@b|CRETqliN5u#0x
zbrIk^PAz<0j!v#uyju*ODOi<lf&rg~)rY~Q!JrVaTOIxv16jvyAma4r+<ISGdWfCO
zKtU^RFc5X!KfnMw&=z6H5W){y59w_`qF7RQ^51GH@YwgZ1Rh%njfIFVN@xu|xmY4f
zJpAEGG=7)`=T;lJj~38HrYJ@j^i+RLVg)Fon>f=b)25vf;jYAXj-L3avK29E>ulv+
zdfrNC)pr^XOfbDymZC##i4&e)8hTDjVvWXc&K;@I)nPT}gr;~4q8-y`SOCpq4vZXB
zscU#@D2b;n=;@H0!8G$F$f)-q-qNg)I{y5`13|HRb)qPYM8485GD+6e=)$Oa+5jK`
z-E%p&PsiFeEjAUx39s)op3DTgYQ%IOZ22^3X`?+Jf5^7i?*1`aYS9&~q)-q3a_?*E
z4zuH$rXs9ADT~#aDYM(CeT+L~SPPawWp<tR?hU<k>a?!sYu$`<Q{<^|t}*7)y%fn;
zBg-$UCP!iX3^EEQF2~2(J=|W^S_Pz8xt~W46CYbl^wq6es=%?|Vp~aY2ME|!uvZSJ
z>W*|@f@4Uc#fuqnVuWN25n*QsUelF9J45bJ`qiOIZZ)IpM~)9FGJJKp4us?`pLIpg
zbCQLCYbcI6iF#LPUcLwpkam#Q{$K*3iIFUPlI&)jlh~9Pk`y1Q5VU_o-2lW61>^I0
zyx=;@Rb!66A`jzKxN%gzT%@-VG-zjOT#v~@tDJR@fR+seB0XV19X5MO^N{@dIlY}0
z)Zjy}cGIo-=2<93S{JmqCv5Z1M3QL=BKKz<_D61-fO@$wE(V2kwluBjojG^fbfxHG
z#0guvUZ9hH%|MCsp%^ZFU@BliLJ{-~oK^swly-ZXp%ZUBF8CIs;|F`RI_?x9k2{u>
z*Wr#>Zcm=PqG%3e-x`!m8_0yw0r%KZphRPz2*?pw>d|`m!UKU?-7o}Ex?9`u&<@^a
zjjn{BfCWd@J+++<7$8~eLmA~Xb}Cy9Ev<8Sg>WiVL)yN23Fbml3mIV1W;TVo!S)K}
z)Hy+kw7=tueB114Um<pj7$2b;Qk~(gZ%mKs87eSCjRi<i>=X)S{pqO6lR>GKk-wEl
zb5Gviy~um;+MhV4wP5*|i$wrZBVMF{32GM&i5(EGEG{+N|46FWQJ|aMS{A9vUba0%
zC9%f9fN*JUx!#uhB?5@5J};=Pz!QP9-&nJLnkzHa#J_K;)^}L$+@oUM0Ban<T%U`<
zT;M@l$@r<IEQimnWUm<=iCWh+A7rJXa%3p;qaC!%>B3V2SCKJbK;w4;lryJ?MwVgd
zNg!-jun(Jd*Y>31q3=6U3Ye)8TQ*%>u!7?;DJFMDFchgQ{3AdE1+QII+<jn9jZ#=Z
zD#j82e56WZA3}ycH1_I%g1Z?p5zd^@uJHL{@msmK8~Py%D(g+zcPTfk70c~n3_Nwp
zVmK^Sx)#A)o_Pg~NL+KYDYb*=nGU||!x7RT9x=Te%jOdLNT_sFzSG~a?<!h)+q_JV
zl>@~o)Z7DQfC9kkESg4YGSobb*pPy+4Qm>vRHecuB_~=AcPfh%j84Ag;tFPxEV-41
zi;s^KhcMdjJF64=xQq?Lg<>q%G%6HXY>b}iwtg!1JJLF^Cmtt4MD;GSD)mzeK0$@4
zJX_MO*!B+$Xb4B}c|Oc^#^HT#B52fQ%kQ|3ObA}dB|$)!BST3m{ZB%yf*d}H&}20j
zQMN2hEiv-krO?Q74VIzOt){f;Q?)2{cr}Al>M{;rZnulBlFQ=sJ;aW)DQq&b0BrvT
zXCcHBG|+HC>}#CEI`%p_FD9X}2A-2JE~wo%y{Nh6;SW{vO#&dkB>Dw@)^fsTY@DU~
zV@l<P+fTsFXpy>iUv0)ycXjJ=C{FbVMICF>R7)cfuU6Fn?%*@lfdb(P5cVx5Yx*xl
zi}gBQWec!&2xj&0xqG+VXx6xfamY9qT!%9adZ5cEbCro@If;;JaO?|p*8)9|7~M0_
ze%x#N-jo^%H5DL$%3p50nMuCgDWcAf!(<Ib5)3fP2ClmfK_-y<+AZU1ksim*d^Sz-
zx6{UL6w#|kC`(>Oxkt&GfH7x)>RBwnB2a)PC-hZE;L}t-ae=6bQ9hX5%pYCigse9L
zt)(z1%T=_r)YyR>;>{$8Tbobjv}w};Q7MItXv&YkLkuY*9B>bJb$!Ckauq2Ul?glg
za)3erkPV{J7Y+>$%|)A}l-GVQEb`~x@k$lU&cdn+U1fF|XhLhf#g&W9N=sA|viUK8
zLL^*@6A7(wqSF@=rf|ip5o<RHO2Ho2uv`bBKy|><3tWas^Ot*7&2bf4Nd{-Vf@cZ>
zT;k%Z_8N3MXhLCmR&Q5dcbHa=wCx~p4{%FdI=jTn)v$(6b^1q%L@v)0{1)7M0F$|8
zsA{Cqs`tk0lO&|%22K|BYGtj!vO;b#`Cx*f8PnL<^sgA~*_A6y+>@R?3|X)wdUWsC
z*eXsG8CRM98^zLl#GG^}7&iMs19*Qc?E17vi2v!~o^2uqhA{5U-<i0a*8NmHXu!a>
z?Xgts!Is{9Q`+i9gEDm*5TrWW0=>05TYpg`)%=Kr%^v4s8ZN_QN<nPB!4Aq@8Q5;C
zf#N)swx1y?3e}7a8@n=a)(@~V?6Bn~yA8H9`WOn7=<8yl98tsAH{tF}&aK=Xl=-)$
zPk{~abE?GsW-4ttv@(=0q9gp%2k<2g-lZ%CPQc}D=w$WTH1@XKksN;mLCVavA@R*n
zrp4_srcowd|8B>Fq7kgalV9cdqnRh)jkK9?u(dkZ0g<9B__>O$-uOi@^~1}G&aD<+
z0!jz(YAgmALrBP~lP`F;s>Yxe@XsX~jqHl0OMXc%lX0|ipE79)If|sa0K8~$G|Q9E
z@lPA)cK%pl^-{ch@jE>ab3c1lh@$lEh4*r?LuQg?kPZa%dy638@3$V6?Q>(p`>+Uc
z-Iql){y-^rGu2{cb;ubdcn#rgy)w0TwsHQ65y~Bl!B^(O)h)j=w|S&vNI-B%HM(tL
zfHJXdF6@EwCiuy%8;)mU1-QqhknF(6*srq?(%1-!mV!1%Pl+XxBKO0U6$jZ|H>ZVU
z71QaODKeSRvHr^Su(I;PFNtvmR_`ne581X<H|NDoBzHmn%BtmpOo!f(fU#Yly@ulU
zG>br5j-8*Tp^-+lk0;mju_<k#qz|XA7}8J?kDuVT{;Dz4P^SQ`1i&<U&yqqai2A<Z
zgoNMl=V_<5>AW6zj`W32U-=z<;>M)SswDUZMBU`DQR3fnvl%;eGW?v1N7BdT)R3P#
z*gi|9E;N_-=<+5k5KsO(m%QjuX~()SD2#Z}DYw{%QjWqLth%Qu^0q5BztAWTSJ3gk
z=lB`s*2FqbgKq!~1Eje{?<|(tFI^>X4eOZKtv~)a$!tA$O@94l=RRlCV9{loSybNI
z#*ou=@zmx-+lhuBqdx0_LmoY@k3)xZe@{Yj5P<_V6YUq@Y2e9{6dzjW2^U=eb?~@u
zb^FTEpTkGQRn(<sh`~$ui<AJR;bcx^@F#UM1v_`Y{CH%m5CB<OO6CKqzv8Ts^<oZo
zd^lT=^ts!u|4lvoFa7m0>uo*4!FnSE2s7LyuCx!^KzN}cdbod<RH&JdjdQd&wyi7X
zLK1IjS1H|Hk*}i+l@}Z+rZ}_`@EzDJ%(Din6gGW$Z*)Q;9$ugYb(EE2grp;tp^UOo
z1eQ4i>MaaG3MlRi5#EA6>8>1t%DbvGMRK$#nZ5%H(vBV2XpxZF3&<;*s+}U>18u5@
z%oP=6KJ+0@@;8;!Xu_zNd@4KScpY?CxYAl*u#Mz;YvIcF^;xvGU%+l$bIpIY-H_k-
z<&q3sQ|PeOK&HyAgi1Ti;B=3$Y(0C;Y%e+6$lgqv2iWVb*_duJNn7R^Y&&%iy%CN&
z(=fZQO6;z?)-|;ly!~C~mEc%7_C9cgcG?f?wiQ<Tv1^KDjw*x_mU-th>y<_e^jkd)
zc(;iO`cwk*q!?(8Y3zKQgr94WRTMF~{Y%lHGN-VL9=@3bZH}v2+G3NbN^9ASkkGu>
zF4t^R04Q6p8QZpA`uXViMJ9qH5ioJ9&JzM*%L?Pgeelx28uWJ`PrE~xEvpA9<U*_`
z%kZ@!h{F1dWXd)rMHJ6A^*D&Xj!>bp`A)mS%<>qf5J|$K7nDdZcilryA>-$(*sX-9
z$wBr{5@MeQrOtmpRmOh6smgc8V(QJU%Ft`8bOMT_IP{j4NPiVbqhmQ4C!wLOa^UkN
z*kH(Z`^sN1RvAL>-(~2#zJ@E>gO^YP@lScWOw+LFu>J_!*~MJus|W83F5E2US8p9v
z1qiXN7%_v06+0adgYm;IMuC?G|DDtGI4Y*tQpTgn2<dR@g>4?Ej30D^ard1X`b%rE
zd<ziB9^Gxj#VCK@lAELqjQBB7tAJ8scW(vXy-LMMuwL-0)%<g+VRWyKW!9OAY`-AN
zlguoM1TH-S#SqyLdEj%bs>z8zT#f@41<X4>NY|7~Xj9{COa-*YW^HMID+ac<C2Vej
z&t)#8%-$w|kfj;LTGe@zA?p}&mIm9_?+Wl!MvNYL<^r?SNW`y>Q$KT%uLmaxXqsg_
zB|NG{u+}-G;%ie{YV5;GZLZp6BDOXOIx*MVhK%j}?2jNSAh1q~QU#}kZ6CBpz5_h@
zHUH8-;jhco@!C=bw7by(t*tl<Qsb|VrB}^NMZVFMaZ|`xcmVZ6Gczlg5ifM)y8{UG
z-j=<fMm(07Jw&;SJG8rQaxgA(oL_X<68=cEw);`Tv%sRrc|v>8^h;8?Q~Gfw?%T-8
z3!ik8PSETytkpPsWvgqu?njozb}{ex$^3L(B*WH5QBO5jMV<*cd?xh;wc^TE_)jSl
z6vLM}XN>%A3zscf55*1Y)xuH$b0;8o;@Al?FGA1!LvkI=1zn!y1ibA@EOr^aG6O@T
z35DOj>Jb)~m3Q}n3?CW)E>9_Ktp&wsTM#>v!JZlB)&;i%F--F=XARHVt-^|Z9n*tx
ztBhL2jrEbwq#<vo!Rb#&v#rYD4>ax+$5g;nq1f(_COV-q85n6|XcUaYDG1;OW)t2s
zjMabEDl>90(m_CMSyNnjNm@yXiZ05;7QC3Gx(Tk7htRC~Sv8HZbT6k4d~lM?xla!B
z4@W|nk^egqJu(JQbpZ#7Cdsz&Pl+;mG>8*uR*hhi7%em85IpAGklZa!DL6#>1<Cl?
z$pC{XJ8jsRI<TvmmH8Mtu^)gROtKf5;6{fXjp?FKWDt<A`w#v(yU@ro&^DFBMeaIG
z#7oYQxC*7uTv;MC3J-hp+_rXiEP1LTEXd-mh_~+NDSsM9o^89lqC#(7L1pX*ubeN0
zg4Z56aPo^3ySLqPh_*xX=W>!69;+?eX>sg$hT1AK`fI7S&l|YEE$RX5!x&`?zfhc%
z_k*Ej-3Z#2T^w839yZ*9+L^A__Pbpb2?j5Roi`%wI&6&&NT39VB=b-jK1qbOkojr1
z+@mu+;j~xKQN6C!jhOKHK1mMn!;zX2`9`BhsaVaG9bxP&_IMl7d<y5Rr;+I9tnydr
zJb2=+jhcl4IO%jC7KnhBKlSEozt1?N)yr!XR!724a|YVxZQi3DYgr8ExvCv^j5~wv
zx<hlQTprc<BA&FlvgP3*G}8B7Q{m)H>B0rWT(?GC%l_CP4!S#L=Ow~y8e|0Q&~dg5
ziFhyIUJvA~-0ca&DWzh9gEZ0dQ?h=`VU4wdS0d$tZeVI<7Dxh+K)h6zX>n%oaGo&S
zkoqlX%L&GmzLF{?XiilpjxsAFYigwEq-a5GF=dFmEs=`GLmBSlayp1r3V58n9f-<C
z3+PJsWiswCq&(MTb68f#m~@kxTSC<-Qz3ch+}JA5UcG8cEUAqHlg!FS+u@S;5VGb|
zeXhIYK_$+K#KQo&xQM5u6ST)cjcThHs#zuJ{NR5OR=JN-H@zTF`b9c(l6gbjAk}ti
zZSeHyK29EPq3O`+#vbqPFhFoi&Qkdf8`|w_Wuqgf?XY{4{BGZgpo>H>kWZB1^t#0T
z@iydei<Rr$^-wz|rz!cn(pbh1Z)r$W?4YQ~;h3O*#1;W80zI@<baso;MlO8p4J#P)
zl(b*)_6?JAxCl5^-Cl;9MJAYhW3^w_#5dgeAIaucBUt1X6%!NduyLwG0aQduA)zPu
zdxoe^1QV$wB)IXmbOd+aDW*wD^Foegh4v|J8l*|lZyd&*7Ou9XaJ)77OO|j-%`Hfx
z#|Lt#n9YDmDT&Zj=>7RnFuD=xtxPYh#cS~xao56PT04|QDvuGq7U4tQq1}-uj=~@U
zX-X0?Fc&X`v!aTq`2~0ni$GY;1TsaHlxz+AYWW_<ADR`?%Y4le?>10t*EFSroovI!
zgm%!dHYULysF{|Rs&g`VVa^M6Seq9Z(PZOV%}#(?iw@4v?!%LLi)njJgeWC^#H9w?
z?jX6pkxNibR?*3+SE*2;C9(5|6uJy>%Ks+fO_<+Z$u^Ap>%XlpE5k%J4O2<mI2(_W
zRP4*4jPoGu;gdBoc(pbA&EHBi+5x2TSO-x$*^rdZ&oa^WkRP3<wqAvP)Of0T*Qhf(
zYteuj9+8wn>PsLKY_m4Z=vpLrB9mHW$JqnI7X2!%r#se~8%NXu9RUHP+6(a?rNkYZ
zFfkrBi#G^E+CgdGzHkyQ7<Y85#E|)kKo2?@k^YijEpu)pTPstN-FF2Il^7|tt{PBk
z5AxU;kR-5UyqE;I{NQj48P2;-N;_P6PU8TW{%c1bLkp*9uxgXarv29N-|IA2Ojykv
zj#Rp<{Rfkn>urlyrDQY=_B0JF1{6}M7)mozMrU&!NsLd;hcu~v&%WdWnd4K#VNRc=
z7c?IQqHwDfC37-{&;wV-aCX`mQ5jqt9h=wB+)PDdHrAzc*KGoqC}Bdkv>Ot)HZ_2_
zfz)R8ZhQ>mKO>Xmt^;{jdt%#08gQ+S)LC;~4<=}nvG6$1MSNM;klx4s*v2J<xH_<_
zg4-+)T4pylT0JCG>K$)E+-#T5hbaA^3@4JbmhAc3`93p4&(OozQqK6-onZE3y4B8`
zHGP@Kylu4_i}tvip{5x&c=DT-rtpAOd~wUg9oM3YCHg9|m<4U{Wmkx`;>$pgrtto{
zwRlXEK7ImK+t#RYM)KMR+^OX04Y<k@IAJEU0E7)p$g)z?(bK1$B3T+pnRnVrMNuK=
zkGs7H78p9Xwfn&#;-<l0=<w>Uu&|<x1KcTNNQ@?UxHp4UIZMy&c|T<O=*9td?FjHq
zK>>pLDj=^c72^$FCi0*%OhSkcVqWs!%<b?#7h+Q%HkT~JVOSeB7zx<bt&X)Mp>W7+
zy5+jRjA_trdh#UpvR6sJJYf>4MPt`UmJyBR%!Ss@v7YIhrjlhg;oUe7uBDhG+kDx;
zq?Lbm@xg$_6yd=uSIi2lSr-73mf{zha8LC+kg$*+R1aEw816L2epo{6uZcT8GT=Ze
zXlWPION5|LCYAYaS_Ib+R=1+Kdj!9zh5t<3982TFG1pf0?imuFh3a)JgW|;Ds8L4g
z2*5xmH8a8_QG1SCK_$eSo*+fH5;*JN2lW}_AZc>z!g8|SV5%brOK1hmX$fOh7IcNy
z1fM8(yPigR0sTY;o#nXjp7byiDI*fpIreipT{U6s{QyTyxG|zvx*)-_k;A)b#rC$~
z;9$~p#|xQ3H3~F>Is7?vPc4I$Jrs61AQHH8(t9XD`5j_G4)SMFMN*EXAxF2?oy8an
z&KjwO%*37g>ewydAZmb}J5r<Ry0Rv`wRG?*y_b&jx-tun9{@=~K70x7p@H&s`THO(
zCj{Bb5*b@!ZFMP2It0rJaZd~zswyQcNqF^b?rvKwjR&^Lw`EIt{zq2Zr<hX6W+PET
zG9YlH0558X_99|iWD$CiH;XlvQY(}mdDeQ`&fD_w?&G{hTL93EC~t*ZX29IHKDo`W
z!2prY)Mk<$S&YG=sp54c3?rkQ?8rqPEquq18Wj*K-%gAryT774qZ;GFe{%J3C5TkW
zh*Vw6Qkpi(efvi!jBnkQHENnt#MPKz>xLIBQQ;yt%$~K5osVdeHrl#u9y7P86R3ji
zm0wKIoVG*S9|IVq+&IRBeyM;h*6^w%+21B$;lQoVLxDJe<3hg1D@R{dsTj*HH4#^t
zTRXxn*ntaBlaf`JzAn8x(@jm`L}FLXOo7|$KU=hR+*_j#NCAbWYDz}yu^XnfQv+Rr
z(*o-11y0t2^VQm;TAlU=dhTiqkYb^XY;-A2Qy$0KxdD!M-sx#6V#|3OI0`MI_5#Sj
zm-t|e;7UhS4?PG{FfflSNppXXv?=WJ#EppXK#r7dX;7LLt9=4{7ZRp$v;=5Z=yr?7
zmW}?p$uB9vWYx^g8ZQVaJBozdG#KTjsYwyoI{m(iZlDTd7PqVA6w3#a4QJ(Z%XERY
z@D{3E!2!4@ba3v>eU2HSV(J~v41g;c`FfGZP&8?bc+6f$lCAMDCuueFxzyY+dWQou
z@F1*MNZ3!w5F_-=N`_~Nf>>X(!t%#btLWBzdXeVl*q+9a?kTTMX!MQMi@9kMZTme}
z4DBlu?&$3+QkXQ;-hsOR-iWEuWTT^Op1oYL9iaF#-}x#6A3AYS5K8(l68+2=Kqw-#
zJX!e*q_bx&LSS1e$GQ!XlZ67~kj@6L<j58ZTg6^;BB+JIyi7&SXL|pcL|VxGM$(uz
zS&-i;olY?>MoBPoX};mF?35o?pspY~tcU8{(Lvt@hl~d@e3X}xyzR%9hMclg;fudK
zC;){l2O0-^va1aH<h}qQ)x0Sye8mr0^@UzhsHfm4(AR4$5O;5D#2H~9Dj_|(wF`At
zFtWTnL>Ue_R+OM^QA&ZJR9GqncSM49xNGPtn$AeA-0|JF3LEsvz^I?vz^Vu_$C%rI
z+&FvzBO~53Tp5;5bE$Y+dB8aZLPY!W1K`&10<-bcdaGOu#fc;Ho=sYWyLR=d4z)2@
ztah1t2Wit1rw?zW4K*(?$TYCMc=itUgc`YxJI|&a1TwXRY?hS6&>SV523pyz-%@H^
z$6yocd6~gh8>i4<UT=w}t2Ii^-|$3lqrWWuIJJxXgi5oPx{DmM8#0YedYhwm0pLee
zqIZnN8<!Ny0=dW*n9PC*3)z`)pv%8pM=;=Jr{o=Qp!+BRGkTMt{?dnu8Ws}L+upuN
z$``@Pg==pA6W7IfoePZuOSCmd?IU*uk2+OH-#S0+U*UmaR#`g;d2<v>WoB0?c@J-(
z++x;S1Z1s&U!=)ORo%r?OD8#kG++r50k?-p)tW~LU!&wp;)6K~I?K3g!+GeHahQ%O
zUIoRtSR_;^Z-Bb31LE+uaf-t9R$!nS{IzfeJ&Xau4fIf$w&gSm=96ZfmwyYnCwmCK
zNmGwG3HVS)QI8e2QS&!&pEX&R1;yqOXM&Q!&DJclG}jN+wgr3~ZA(m-AJCdqT7haH
zp1@>LOmzAv6%pY(rtBRR(TGMqJvx0glxZRB9De6f+`#%s-=67=i&g#RYEWg*PorsO
zRrLzn;dEnwD-vUbtL{QaXkNh${)1apk6{4rr_Oe<P0B=v%)E^nPZEb8o(;q_39c+V
zi2Yv2Pij8lTKwBiJ~)J5w16vT6D&jCFqdtKd0jATlEC7c95I9SP5)kHjesObkeVKP
zRVjMAf&w{z=CR6(7$Z)}RIP-t^`#v96m!{bL{PU~0b%IW2Q8#Ny?$j8oqOXi5SEQ1
zrKpOOh2uvhmUvZ6N)^vRtI|FtK_5+%<e;;)u5Fq&ZOUYw?Z(*SW58q9iRrx>K2HiL
z>WD<M`QD<0sW~vMk@F1MyQ<ZeYo#h}or93K4WHk8K*H3mIZi%V^m@f%6N8ZBQ<V|_
zb}U-8wrr3{<OR~FF~|zxZRMyCH~YaWYFTBTFo_>g+^TwDXx2?`by(y#_u&jnV$7?y
z_F05hA_-~~u|<w!H-LHfF{CjPe7B#*FY6()o7~Q|uc(t*mK%LP9J>yBUtv$({6gTl
zTE5tvd*)5Yz#`S<@_Zp`{zq4Vss_U5lX9xs)$w!LO3buso85VteCv1UqFb@K=_2c<
zY;)~E&H5ALsOz~}bXD8>G~4D)>c!-PJ(^|byq-f_$>j(e6JYb95~sGyFc98+o4adW
ztwyS3&)<Y^nN#bwAY7!mgkWy5KyFn{5T0|#p=`dkQiZ9ug0P|jjRaXy?YhScH9(9+
zQ;F{Evvg{Sba}Uo;W2R$#A>~Bec2VA;b9LW3G3+6vy5!lWGCv0lomYD8!DZW1^PnZ
zQ5bHH9cxWn1OPX=IqW2#<P5oC?wX%0DPAo>Zcge}U4-c-UT4Dw!Y)O&NeARW6a^9K
zt|8@CoS_SY!*kS0b}j8lQ7k;$A{am}Q|koQf)p3bI86RxA5)EXv_Mowjidm9$5K0n
zEs@O)cU7Xn!kS6zf8dyZlz!u{n%##hxzBS_({yH;0(_CL?&EOZz|$jHBF`XU9JXoD
zuzfh_4)6~eA;m8qH`xdLaxqDUWtw&1D2~efDJ7p@+RiQ}Q%~fa-9C}?C*|x-FqoKW
zQrtK^V+iAx-<4!oWc?8XqGb0EjA{%s7_@#`Ju`n}p*Lq#3!-Vl$E066Yx*UoxcYzz
znn(~7E?}7emTh*RM$N!DY;TCCF*Z0<+f0G&K}~N}c@){ywEiGIW*8xy6)Qcn#C_yc
z-{KGHZ4_$aw4@p8$OXq*LCRXFmofjZGE%}}85^{|=?V%kE|8zUw$KkHNBNcASapgK
znWbE#)b&uxDU3%&w1i13CRt!)UjJ%xC$IIn%mB`rn6uP@Wr_>kPG!omHI?wxl8qv_
zCM%?M$J<uLs1MOy`7v+?&BY>%aW?DokscU57Oe>x=_6^sTq04K!W%S4R`nTkMQDV!
ziVs4~9S!L;qhoB+E?-<iN!s`j^x!6rC3r|b{hhDs!#DJkTVTLTex!*UzQ+wqoOjI+
zOarh4*Tt`fdF#%RY}z-}k6N^2w|K$3Zs+~gflqYvH3RBngV#<a4v;bp5lUr))7LtK
zLon??gS8Gz_$nRJAI0THja*FfgPnPL(%49qH;M4W;bsBN!@f@B^|Y#QpH?=U$a2Lj
z(x9w!#-Kp6x2+l84ktSbcaj)UwEi&01VB$3n0QBZv*&mMraF;OhDPau_A!!r)<vL<
z6N8Ws3!m<|G?wzEjd-Gpw(G%{43(Rw;uX$VFc4#Sg2shzs)pBX8lvU|d1fBZ+{ze|
zO2dS9K)*aId0pdzvCf#+e$c6AIuLldj=|;g1STl{L1$B>YF9pP+tv2D88`io4WJm+
zsoylN(@RE06ZjKNXurV3pkFs$_oVi(7I$4<L3puIOec%cY_)!{Pi#O%d<|U?ePH0|
z-FQfJcT?FoBGc#PyL7Jq3d;OOx`k~q5PJsLW7Y;!PED4R=jo4gFi@t;Y5EMVN!839
zg(5_Uo@`2oSU>m#&6&2*GZHzc17O87haY7RFCLCcpBfNKpg#zN3rU!)+LzeKhdIG*
zIng*xO1cH@9N)XTYR4P}k-8aHeb)mS320%Sl=&RrG>vjr0!>ztSLyrd9&@1WjZxBJ
z%$gHmkQ9~Z=Z;dpO-z4s6Xx~`KFNUzfJV2>qP>T)WdIFDBc&HlH?h>p0)!Q$NUJ(_
z`{tmLtFzN7skWx%(A(&c8iqgy6rqGvtApTwZVwLp$tPi|4x6mywK(eIAUm_JmBr*a
zlXKfKmC2=!`n<&$C()0=p2wIOA0wepqS6j(S?#Scxs#1yoUbSD>;ukA4pNj?tg#{M
zbs%A%gzf><ic0(0#~qUg0b>7lf3o*QvT<uVLYxQD(u+}MIfdd^d!oEn313BuhQt%y
z4kXfa2dZ7sZo>ip>RU+dw)sde7#7;5RGyvirc*bipm}xJC(mo*Tz@uIDE%}KnPRXh
zb#=iCb_&7j0b7u7=11nB|IrQv*yse;b~e%8JHsuToHijid!Q_%0$_iQMt5vgz)2^R
zFMy5zqV0j+epXmtXi~}p!)2^C=GIPlFSi_B9A-!=k^3iT9A&eNSz(&|pazeZ>p>51
zl&YlP`aPgUe#eXre;B~j@n&m}G?i^mI44xmqc}QSn+3rlF*Vkd75AG$-2?uO?+Ll}
z$EZ52Z;PO*Dne@+5IO?FoF#by!(4RCQyQ^d8VW_HqcLoxJ{qrsPXv#|s>3PzW70Xn
z{sLa(#%i=#N8U^=I`&R^n=Y@#)5u;)wU87HebqC>1Zd+lYb%xlG(>Wl{dwwU#fVT3
zz0amUTWG5gROO$+&iidy{2Tpa72f0IFO7?)nN0M2-w*gQK$tUOJ#!IZ#|HkG>~-x!
z1`r)y)4Z2hf$W+DhN4(iQq40E{Q79Tq$f>OwjNmy|2>$dFbbu3wy#Efi)MInv^G`Q
zkAhlsKd&EM!H+qnDmHj?ZWdR&XuAMQ1Z5C?qddqS;ZCRa2nO4>H9&V_IW_puqmC{s
z3rq&znpf!vph%Fz@KiG33kyPsp-7yf{7Vna=uj-GEaiBiaX?Q*0>r9M23-9!RTu~~
zIl#om!xD^Q$_}~3?f))DMGgNcZ8xs!tg^$66wd>aj-U&*Zc5Do8*A+iOro9oQ-IvE
zMa~ACvSwtSwCoT0fIW`OPL1_J8E&mySV0S@xvNbAgm2(m_S>?9H4`A`IbSw(h%TO_
zq8A}$gF!d3!Ic-;Kq;#>L)R6ji2_eE>_%HwbrpWKM%3aMwXJT}9oH;Q+jU;8BbLqO
zRH2q{wq>Yyw(h%LL0NHbV4ywMoVa1CHPl0#GcHOS$o3y%>0(74g>lDDE>v(cO=d?*
zpGP<Wq#uwKD4N!XN;@SF&Y9!IoXLA>P`^J>;yM$rBr^<>x~*Ggp3FAEERw%bN4>L;
z;}6?*u4bCPbD9a1TPa_HgA?Q8p!u5Q!D7?)eu0S-4BHG{P=!zq9P%#*v<@l5J=5WL
zG#ty<shmKX602jn6{}6jV2qT}XhA@ant5OV8gR1%r7}u>i{bjgT4AE>T~}nItp7DJ
zR|Fb}RQj@3iW3$%mt74amrwBKTyN3S>zd1FW`kMqA|rzp6oih<B&FZ}(Y>dn+t#R8
zk=!q&hYJ%&n*M|E=o839T_27=$>8jT1UD$;i{lbbMZBg=ORFrz@DV~>jV19xsNA6p
zsL!xgg8&$|?mW;ahGfSklW&oXHAG83O*CkUF~Cv=l{Hc{RZ}LsrN^dEE|+U<LpXbB
zC(YH!_L4UO4j*1dR1}(HYm75u%_psvs()4RR7nv}JOp5~cu9*hvn=W9rpGSJcjT;%
z)#yTc9|Q%QYV8+9){t2S=BQ)P)XOLVSU>*Mql{ywl@XUTp*?SO)!;)cMK_fGlC#o>
zL2rKPd#FOv$ze~&!d5~p6o-)4@5Z7w=pSDWI8&}+`D~rkUp0lh#8d|@c44-*IM9Ln
zcKF_Scm3;sd;C@p{2ofvXLBE4qclyA`G0W$|8vh%JNfqV?>ct=+kywt_m`@n_iZKd
zy*Qic{-Pn^mXhg6$IN&0<>@Y+Z}Y@2UtqC82OChM=Ii72!c*>i3;!VcMRm5_5Z?A|
z_8zH-tC(Yr=-*>D_lrkB%kx^=*(QO5;S%@b=kvW{Qn}z~EAwGF^M_}pC!UVbb1u9h
za_?U>>?S_dtN%Y-=)aJnTW75=<}H5WCL4E*+kYq&h_txE&pJ_~p#SFlU|?YWi}Oof
z;wA$O_w}Lljra8x!J38qWn*#70LP7CQGiMT*I<Jk0*R8bg<#WQ6%|+P|49sr>%`K!
zYm7je!K;rmh&?hE#F}Lk(<vO5&7nju1P&A7#KL0b$jZWyXlc|z1E=1MQYHa%$)+F(
z73PQt74|uRfWSDV^rPDd%D^Io_nIfc37(2#qHm}V1Vl*|8YV(48#Vf0vj2g%{_j9y
za}p0V8N`2(#9*LqJ5U!CkoR9#>B4WIs{if5zJrpaD+PfeApBoR#`M`YP|p7i;P`J(
z<Q<glf7?jX9fSX$o&E)oq|d&CqWy0?N%~hX7+gB?2Pn*cx8Z+)@&Nvm(7#;&*Z$#?
zAa>@i#!Q}ewz0|6aoH>wq0fGBKP`XR221ym#i*&PmntkLW>syA$6b-y_e+d~Ol_v`
zresbP$<BPn&32}ZUo)$p<(Ar|%<~aLk3E;1NYLnCeh|MalHA_hdt`cftLUj1d+JJG
z2~!f@1H7y4|8Q)))-EqKNc>Q1mf>7-vazYehSy(oMaW8#t$fJO1vuB0p}6Z~yDA&m
zf;wfDIp#1`>}l57+wrIbiD^%e76x+nIU0wDee2p7t)|AXt`>mi%fvg8ib5#t!s~01
zPPAkFS%-N-%rxDrF?-&5K6%u{CVG2y?iP#X2jEX)sK`#{G`<G&>b%-P>`@8#b4FYf
zrPwov8;+keknX^7FRgr}ZHa`?xjq-Fmx3rm8RlldD!ePOAuC6KjF7}UXDEqU#ROAG
zY%;<gatFh6{zww-{89#)e=2|2z8`%tb$FLss8@dQL+T7P@P1`yHcvK9`h9TP|8rHt
z8bA%nEqH2pq-}jeO+UHbkX38MQXi}u00T4Vhoele$bx7RQxt-dRP$-ny7DN_Rp+q9
zJq%R#xYUyAlds;MLH?9h!=$(W=|WKFt2|$`^6M_&O50f5Plrl5=v3LVMr(;1_E7tz
zd}koHMROF(F3rr2<B!6`c$r0yVz;r=PkI&N6I|chzCB$bmoM!9D0mX{mFWr;1OyJ^
ze-!*bQ?1?a3zQG^zqQlz4N4DSjL6epS!te-MLqu1|J|{`DNHHvowO9x`=tQa0fd{N
zJ=$^m2wE_s%AA_IpDOu!bHPn$#-0kD{UcBHJ~)<Re9kso-kd#E;E?}4_2KniZ)nT=
zsIT`o10OPD!X>aYg!BNROjTJ+==b=~94s8P-!w`XM#>5HfuR}p<(NBwcqWR8m0gBN
zMQpCj&J^SQ1G2b7;@e~75ld|CMGoeq^36h~VpV{9Mb+b<=PDdihp45HM-w!2p20E0
zn(vt$JFM3kj?Ss86{O9p-LDNAEkMpY8uSFGWp@4Yf<0S7)8B)`muZ_!{rfMU8I%!S
zf?`2<_DyPM%mMU)KMXE_UmsmB3<r*lZv3gdM{&N2Gahg=*`2mu-1{DD`O_ZEeCeNu
zblD2t4l@T#Pkp0~)^UFjqLJ|kMqng3T<E<*7SAf?$t)ZD5Ks2~7Rn<cf`{{=Y51Qj
z!_(K^ZELoX(xw9E_NoWv4DJOP)TOTJP3aA1N`)qXztg9`jR{Br9)=Zqc&{mStPi0#
zD86q-(nERtE$EfoK-MC%zjrk2;#8FIPmo4Ca@4*9T656K#6Y{54t_e)<@qS_rXeYe
zxp)yjx-;<+Eb8d<S@*_7dfZ*$Q%$1t<B$14h;B3=&TwW9hV3Gz8dM*@o)pG_Ia*_s
zC-$Q{6`IZ4<99Vc+s!Q%-!&14lrOh?eQyMJQXj+@Qbaqc;RGifYda6Tx0VDk`4`5B
zLd%-f`iE~?c8s4>K>`s1)k_|a59!}E^EMuI(hh@m!_`{R^baPD925Y=X!5uw>mt?I
zu!{u$2kVn!Ih2U#s<7Kc&G?ZYMTwC9a-eEtBJ(NYPx7CDsJ?wH-X_FbON^(*WCmOI
z{c0A0&k?k0TDmz2Z|;K_(TNs6rjjOI#0Bis9~&`X(A3H`<ESjVnHdRvtFJ|hsD_}2
z(Klay##4NzraT@lgX+vUc!#SxTMg5e)a|}bk?Xen$Z1HAWz*t^t@k$iv8ET_PmAM7
ze8H;?oDI`}k;4w@EpaLS_tPq6CIw=bGDoJH@=t%p%|BY?lQvrEz2z$mK5PNAp^J?*
z21ak&Rd)POHRh36npUpnaw9*QEwRf#t3G*gcZK9ewyh7>qeeSVqE&xrnht9Hcy~WC
z2b}QMPdgXOm6i5|bPkSzYg?H~Tp8aEmu@c~M&OhJ3SJL1V4VzOOW(FDnNAJdj1<6h
zJ39M=*_$+z2_mV~-<ch@I0z`qZHFG4DDg_U4Q5$2lh0Y6s@R)vx4ay0vP{_WP@qTp
zyRefBWP1Ym72k9T$6pBWen@va2q0XVlqRzq`wjXw?JBH!5qOy;kgq2DuLTHH`RM}Z
z)h}ZK-F_JkEm-a=)n6?&Ce!CQ7A{JS(5A(F1ZrtdW1QK3#lJKUOos8XjT!IDk}r~0
zT)17qaCy=VQfABpr%^HB^k79h>5N4;B8nHG56eg(7!pA!6BLR5QlH-miXsWG1@<u>
z*ooE!f@bOyvUF<{v;We{)6^ayq9JpO>0wR*l(Ykg3rxf$S3U&#kz^~js^KM|3d1Qh
z<Z9!C6Z&rOl6or0p_A{*WJ`^)_4j@BM+Bpw>Vu>9@7^}1$`~4DV}h)vFokfPFxspp
zy`Val9bcldT(v&}ZVi6>rnt@zJNA6Rr|kX8Saw7bcnAu=I5Cb+gF)v#XMl0fzTJBU
z6oz<<{^pR>(@8YDz~T8U6jo4<<mY)ch|pULqx3;*v6&Muz>~jYQRAijsW10MjlUqi
zH$gBgEmHLhJ^S%ly9pn%3(pnU*+ka+#;_7q0`|m<;dC@VI)q*xI`J8+y_S3ElVGRD
zLW&LY@WN?FIIj(n&{3`&ZM~sJO#4|0$c7ag@_V4I{>N!XSPH89C+LWVdK>;9roJ({
zlP6d^+E^PK8)IYJ-e5PjZDW&3Hrd$N*tTuk)-Sg0<jw!y_rv`#XL@SRsd>82>F%eh
zrmH7D3JPy0c@tKJ8BOSJGJRAx?ms&C88R6bni_IrTF>f<rV)<}{qje0|HW$y;rWIe
zv3}3%g%_>)BR4WCWmy#J=_p=hUc-`+6MVQN^u>{RS4yE=4^v(8j?JbgIv&0@g<go@
zRT<J2z>H~4a)2F&qE)HYA||p69ek5$ZnqMg@3wv=8ZAsS;A;+NdY>E8F|l}c)@h-~
z-JgwlL@Xng*|y32fg%Grt@zKHJgA^M$}d$7&S^@Ew7}6f(y|T10eQReyiCB0e%scw
zup$J8y8S!2bSt5fn#5tL>p@JKU^Wc}RsaD4pfa5Hno@yHA|gYLVS^}<jiz|>togy+
z^$$YqVa<-%9=5grtV;f;YhhhP`C;)yj@7z@>Rpw1`!``!2-I!(FxlXyuTL|zGo|IM
zyDrSvI20BYkSIOc_B6N-Wj~pB>85keCV!uj`-s0zq1k2Ev_B9y;EdSR$S|nauNQPD
z1I-BH6wc<<FCxNbRy-;Vyd)dMF;S#x7=LVAaimqJ6b)x69vj1`l4?hO`pmZRA$OGR
zmYA>WK;(zwkLjB^DM8lI-|EPhGzzlmC>Bp_pI780PwJ(p9p!OEr(u%@m6Y%`551Hy
zrubYTF&nP^Qd~F~f-$Le>6x`hWrv>=2e5<*_cz#BW-h2mM_NRHUe<(%5;a;(K^a}w
zWl^4kP3MCyRGbjyP_EGHVoq_kuLmWeos0}RkzXf!+-yogX>>eKt_h`Naoopf<TN%7
zXLS5;olsq1kXZrqSwh`r!R-wfv~>$vBye#cnJ!43?%26CyC*`Ke}7BjqEBn>0N$`c
zk^(Z!J+M&HhP+;x_Zg=x&Vca!)?k8dWJ!vQ-3}F8MKw)XhR9B_AtUzqu4%5>X)=Yr
z4T>Me;t9?+T{-c?0k0Q!!TDtt9Cm%<mlqAg8=SKs>}Ljn_6(r<f*9NO1M)vkVk_O}
zV*JTWpPBwIC;49{VgL()4-hWLu5w&^cZ%dI-wzYS%rVC<u+mhPIw~(uoO{+((gX*P
zSJ3?FHzMCVndO3u1rxV0_G(McqivW%a?WLR-qF|n_}shZFPXOYRr)*-6v0cdNls!A
zZ+#xv$^Uvd79_a#amKDunG41!iWbkCh9R#@V3dZE<rK@veQB$13Jk|)@r@+Ht!(|)
zfRc^f7IW1+UXqmvZLI2kb~PLFynrAM?MSDwEoaocD;$fy0~rL~d-ML%jxGjy|9Ey4
z*sZRmloxWPq0NED4&ss#SVw9Uk71C^ee(foi8rFHS+B9e`h$frd;NN3N9j$~4VZeE
z3;M2O+;$?!&ylf<07d{q&5VY|jV|pD3yD@yw)APIpi!L9mOclrf%?P-AF;Ut<gldI
zzN2{2D%!u06Zdq;54H?|I!modSMT!09jtQTYpBooe?*o)Pz6w{TELuVh3jm%P?5cB
z^@7}TE^3Rqk^_mHb6}{E<NJmu$l1DXBz(6vB`pikcyr@`hDbg_6D|skY#faT6h#t3
zz2?P+rGD3k9L129;hw2r_|tI7O-ud538R3A4J50WS}pLfKnQglp83C|M-C;m{s)oN
zk&gI^(wNG%5%4coKPj2u)M*32u1Nbe#Du9$*Z<Xjb*2j&{vsM$FM^+qB}7Ibi=y(2
z1z9w>b~K$D0PiI~`gx)ghUFo^Ab0HbI2qhS(Bdid8^gIye3lqAis|@6-$gqYjF%L7
z`}LhY%DTj(3;0EO5!eZ_NF3FQ36B1UnzGte>9;jlsjzv{2=k?fy(2QA3;Gl8U{q5u
z1lyyptToB4TYT&*u?rjM-ZD#54+&)aHB=ADF@9GbK(5ir{PvnbPE7*+hv3q(E2Itl
zZO|PoLhR=r&_Q8>wT1Y&EZc<~eT@NomwV=d3Pi=>yt~WBru9*GLQhjK|IvnrRD$DX
z2Fv-z;hcEpsRr-B!R6;b+O_{eJ*j|HIX-R)UH;@2yB>pTCXGZ95eoLN!^OF4izW~x
z9!<#v9GD$9vdnkAyoR?|Q*Vz;iyIpUg*y`$qgg1Pi>??q6<RovxkK3em>}*Re>wEu
zzMC41(=e)iU_>8fX1qMNaFibD^&M{sM&o-d7G*&i6R0`r-xzA>3U<|v8TJTpj~G#(
zvv4%-KB5#o;(!lCQ+sv&sg6&xs<=44yeBRJ2p9~N89@}ky6p^Ghf?-}|G>~c3pe`G
ze20Ca&reV`?1&=DP5ynUB?&d?9ZTo>JNz&R+}7aE5!p@jVc=$8Hy&qekfY7_cFoTc
znwJen^!uK*G}fE&A^c=@yEOJaS-O^f*I%frho<k^vqd6n%yMSLm|8(<MOGLGDf#)-
zfT-LxdowF)znh}Qr3#E{6e@aT=(ckhIrzXJZ7*zzprR@U20MOeEb8p;zkeq@qp|42
zuz8{Sl;q>ZG0Psm4&$4#Mol6OD&XcxCVw{BVBn5&(H2;4VIl^y?@tp?9eP-FuNcN#
z%hdT%rd0)kIre>njC(xGP2puANpunr2BH@W=JIxhDx%Q7yDRI<{QARf!dykdU;tQC
zh}n~Z+X>bUPt&pu!0-zH)h92`S}l@R_VamSD!Wy_xfZCX#Na(;6ODelPqKCBF>FK6
zMOFP3bk(!Q6X_ab*jZR#V1kB0K^z_UC5d7TKi+L6E&nf%0hCX=;<xkhx@$H~2jHh(
zUfBCO(?pt~%F}XKyN`|6{5V``F{d?sFE0i~SxZddeq;0u%La#H#wKE$#6pjLxQpo4
zsyAJ%(rRJB7iOX{atRCh^84a|^zc*szU=(1znM((>3^*4tMgwh=0@eeF2FgSyuk{f
z=g<>q`uiyp%?Wc?!4NsI2r${LZv*DF--}%2Iu{>#x+f=b{-$hbE&D;&&z~k0#ws2x
zd?m`-a@%<G7Vp`im|e+6G(-#LGeLN^9_W$#q8^izm8yIm!As1FvylMXWwJSm)<15d
zS{#!P0Vn%Ku}yODRXKbHLXnO+G5hf5U~jyLQyRf)jb(56`wGOv%x{hRMiXEhP4`C^
zmUslKl3(efHpYE_trD5~K`zrNYe^4V`Y$_4Hf{v^YK!p56ka6f%U@}ChJtl1o7)Q)
zCw~-z)h<X*nvCBGtEme_?=Rm|+Mf>&@4p+WEMeY3YnvX9fzkT!#z9c?*6m2jltmAp
zpcZI&Z11l4TaraSee>F}se=LXDip7U4c3bN@S>%E2-&359k98n*)t2-VSYf=uWyCI
zM=rUi!*|5eRv2!<4ZE&PMA^KvNPjcwUJAP+8{d`3V_~$~HWyvQYe^-6dDTnCo_;=@
zqDK{L34&5WVI%j?p&B-MZi&ho*zDv9OQ`)xg{Q*j)Q5!wd4bkj6jlc$XtSRUP_9rN
z=)9l3;#sKi@3)>mi2jlvcdC}1sq+-OS}*XjDzJg3T{PR2E$g~yfcQAk@B_ZEHpyJS
znUr^>9-WNnM%(n2sBWgRm-#=$>1$nBnk4I(3+&k5-~#+NxO&~ce{Wa{&K^0{5I4sO
z;LZZ$6pPK2^JTUZ?8QJWE!=n><vJz%lP4v+M~k#aSO`BQzd~wCHK55cKO)Y1v*t?V
z6=EUR`ork?PHu<Q4%7SBzbzMyz_02X6dipmpEEqOS9Q3V5w6+4vG4u{w1+w@nI?)T
zO4(<T-ZsBJSFwC-(#qO-_AA@WnCwFn1y;B61bzv9mHV`WMjwD)t^cDkP`u$;4r47G
zDg{15GH0=kWFC?Cm*^7nZY346;z=P&;bR+!rnim`Y^7k@g=v+~lZ!inj+j|)@@g4K
z%+rVY`9z^>wOnNER^i2?6TbMxrSi(~x0YLb_)8Sr+*vWmaKUTZv;wnQmdj9Vf}MZZ
z#Zt(HzbI4xBLOgYMh3(Df@}dTj)FfX9UsX(HQiA~$@6zbG6S11@!Bh&DoVD}xx5ay
zC8gEJGrVMDp#DqAjoscz28S+%w!L+jmc&B+?DYP)j+bwX+>#1#B8CxYLaQ>yW94<{
zCn0qF%dVKF28N2V)6m?Xaw3u2ocD#GU}Fp*58z+-=m36M=xADVNMT76U1=2=RY%ZI
zMbg;g>p!E3Ay79=)TXNHHCUT}o98-e<6pj6QcXf<?;PMyZn=~0>qfVoWox+?gtq=(
zxu2j?m(dFCQvj*AGw>SPN61{|r3G4R?4YqbEJs!Uc!zmTF;Sm*kN=_V{HVq&@59hw
z-_fb1qYAL~>)-0D<wU~5{RqQj^3i+QujS@$SG-0pw_nSa{X45_YJ*ae>w436#HQFv
zhgc1@W%|m(l?ljiQ`cpk=0*z`nj|8R<NW#Q;(wnuih$~eKE^O~Ni{-ABUR=X=~zLa
z{b+XXqrolZZwZ><S0+;J%t(!fYV<5tG&n5OF9Qy6-8u~A+PCQq1ahHXQl$$rfsVCR
z(|3&l<_G0>qWM@<r#fNC0~W|x;!X~m(uZF4)M|C;qE#7A%n*~p{DAczXBa7Yg_pNx
zo%|0!x<Qa@?b2Ni;j560F<TTYOL8ZWqdonkx@Pu@N$FPxa|ujBv@*kOCqr0ZCYKZc
zXaQ%$_YK$?$&Q!;DoWR%IlV#@)T$-?Xz|?RifaQ}-x_vLqC##Fw-__}Ui<XQ8mx;3
zM^#mYbI6y_hHf-mvKA$xQul-xC@vq2$|bfc7kbDp6$v#%SrU4F67X17wY@1u@<-;c
zrlOkQF?Q|J{e;oRJq^tJE+jFTscE8p_Y+8Xz`)11G0*jqospxzt}Fe1smE=+BxF2j
z2$7z+|C%;7o40d0Zgw{Cz5SJ;g#$C!UrhWUi`<yETU|FfU*&6OvaH~R0bYaOw*k`#
zE3`plloU<EC-&deXKW5Q9*{*gEBs%!Q=zu`MMH`%w14Y*gpXfua<R;?XuG;RGtvQt
z!`zN|f}-5s%qXcH0ckBlri>892)p;<BrbkqdQd;HhqlE@BKRiW5Tx^vXZqu#Ar9D_
z^dwV%DuduRgL7lqNx!_U*Bjnc&hX_l<z-f(M${OcD+l4wV93`CgwSUa@?^Za6Q$b$
z$PQ>LIN@W6BU{B{w8(PCWkD{lUIM^#J#MReA9VuGVMwg6xO8-NW&BLOuFCaw22lbw
z&gj=VHA2<mg8RUPqpukyS{jKzu>9&nf7$pAb|BBZzluaW7F}^uUd1h}GpQAcQ*^1W
zb^u%#U6S4+j>&sUuzy?+PV`waR!S@)R(aN)50DgK?S62HSyPVL?e?24Xto0t4J8`k
z$fn9%ifJ>ItnmI+8Zp^L=IcGzW7vUs<FAL)tVH~to?kX(&m8qA?T<Ps5e*JI1T%5B
z=;GC`?d{f<4YeJz$xQc-)k#wvxEk-;69!;WQIFI#ti0fP(Bj--wBykTajYdoF6Pr+
z{YS}zK_WIjGC@IHW<kjH%c?-84mvFNKdP3{e<vVI+W1VcKQ#V2)yRkzZAtjiQz<?!
zgTY4YT%x4jTce^#C_-)g{`n$IdkUSEt~Dj15^9~6My{mXTjj3s{4@C^`1rvPb6jpP
zWR=Sk9%fhLg+Ju-=b?_*>dfZJvK}`)g)I1m6PWW|iw`Nv+5!^n$jbm6m=<81mGPOv
zb@u!sh<R=TB45UMDX2O?WDb@$7DFq9t`8Ocy_tSm20iIz`XuJP)^O9^<A6*8H(k$)
zMMZT%z86YA$dQ7K;>WZUg^Hk}jkfEYi=k9O)2ldb`iR&|5rb}sRw9I7&G)kiA4cs#
z<4{F)7KMjT7lm)~st`Z{8FMGo7lOun($}8DLO6**UZA1O$lq!hTy=#cUodBj-qbko
z8AQA3A|1MB*IEq}O>yZK=6vzq-+WQPRdi=EsK%`?hCNB1mGWNV9`O`Tr;3CV8|Ni3
zrUrNld@N=7^A8%yvkw@#Zh6?x)b56cV_r)m*g96E;y!Qf0xMFrr4i0v^)dTu_!bWJ
zF(rg}FN$PN;rPiPnG6pA#D7j~@gFdg0Aw&QbkqOq#Qv9mX>7-WnEd~N^=KRjVqj+|
zf%;KE&oA<L6>Az@yDMF3q%3k|tYk#hHtuV_WwPc!NVL!N7KsqJK2t7H#k^qMa(G4Z
zvkB3@fq<+Yi<!fq$RDsYEvC|+4-N6cU>yX4KKFZW8^2SU2ijpp1|KrglJEADN!zOJ
zctN+r%TbLR^U!7+d~X{*2MUxE>VWq0yE`+wt}_0MF4Tur*P^a_zd~l(cZiFTMiHvE
z>#}6n%ABhNLF|m@W7@ZS%<=xtfN6iNCnrztHy3gNaTUP<H`Wc!++)_+(WA<<E=|=p
zoQ*G81%jE6DuVAAE%hNNikai(LmC?WREt*v0^F@(IZrCN)!Gavqps^H1pty07Xini
zMcbysE9m#vrrUq~wy<iO#s<A*sYrL{a$>6UcU!GT6dqyAQcwxPM&b)A#eomABRCF%
z>tHEY>6pp`NS@qYZ8ojXR}E*kjjVJntM-)s16J-*A9v3xe-OIMj<p|cp_O;KlGQ+z
zo$2qOhd1})M{qqwP21AtQ-JO9Vs3S`XED(aJ%r@$x#{w*dN0x__@$OFtJ}*I5>yo8
zB{qw5^%Zq15JeNohoF;S1wZILYO&IGz|GK<f{}NRagl&AoSxB7&Nryap>SP-WZwt1
z-#1yAD#>26+}*})dTjmo`c<)~3*M6Jd1+OeD`bU$cH2rj*+0E>6M))-Sp-oH_0N#u
zGS%(R6k9AGeGdFb`QH)X;%MK9<%|T_uCR%$A>0$8vL4y6{rsco69rmF!lMT~7dH&0
zhFgD<8N;@aX^S&&f8Rsid8yZcg@wZI&(zEBn79tozb{^~cjx}?Rl~ClpN$h_z&p|#
zwEBSbTUGQP7Ex#-9t}XyG*d`G?7Ahh?h}*~!YcYvR$a7gcp9hx4A$|zFK>1_tSd}_
zdL(R#Ov#9&F%BC%t@fKx=uqN>qnUyru-=QYu4g5#$OT~^bj2o?SU|ylhmsHV%9@FN
z(!D>!#%$Yqj1ebY)oZe3b!}Bx5KUAj=$-fcR;LGYLnsVL8Ne<c(-<c7>tU(J6Oj27
z*7X&<%&eGbY%|{;8C@lHl|JdU{!;rf)2svgxdQXt=;vT7WRn<oTnQBgq&n<&+T{Gj
zk;0X<4J{uIwz^D{b5E7^;~a=1r+eicp)mca0k&<7&WQ>SvNn?|GeD;yOAQ%TLQMDY
zk(0r4uf3P?6!7d7)=nf6+ng+0^SHP|jX70I=0R~7JuoF-GC0Rbv)fEj<3{;i+2e8A
z#<t>Z#aqP}5R-HUjcs=|oTVcfNfmy9KvH{cin*k$sb_@lAJeH72CIl7<q|Ov!j1Cg
zX3E*fm4`b?wK&NV@*MhJGVbTKEg?p&r^~}3bKUN_2!NBDVNN-w(^T~*W6B9b=j9ie
zGH6M>@wky@^)!VgH`WlnJ9ukcKb#&vDv_+MjO^GpuD_|hx$KLUabQ)nw#Yrwv=4;<
z>@@?#h2S#3n(&D0x+|@pCvgSRwK!IBQtnK>rh4XgIDPbUL5EMej!eaVY02!E!yJwW
z3oFJa0GoZzUGk>bi9VOZX0K0U!)Y_7`fOLqMlsAKq-Mim6dvFLd7N(ZW%yW8KzBLT
z%47Bm{q1nFJ^@khb}pFd<5dBV^F}%8w$g%G-!lj^_&KY^H-(2tF0lMI&Yhw@!L8(?
z;*I;P!Y(y;U){(pebUmcr)E_&V%<fsa2<&U$aN?!u5JYxUD$e~lwW0WA6uPfe=K<^
z(%C)GTk+9?(tj5|pF<bc@Om)3@V9OapH2{kkHxN1Y!r9!);@8q`gclOsKc9iV)Jw3
zKUJiMRrO932~rEIKSi!dvRIG96OR7!uN0I>44@Mj#%A-q=c<u0$#S7e_t{{GLEYsA
z1|e6-;1pH-7E<e4x{~1iOd~YGnv5XMVs>jvgiacty-T&eO%AzT*M|)o&scIq!Og^d
zg=RNT9k`d5z_WHMH!TgoA9Z7EcsSh7nz)C~RqdReUIraWh1z&6vCGOwZG0A#9S#mX
z+sa#{UnT0yt!|f0#B?I>@#C*{$$MG=$fN_rQ<=(@CTEl$wW7$gF>~VhXUO)-<CwYY
zsd9BIPa7_I@m9T@Q-2}nMDz>Up;M9lNXos^|M~6q#O}g4FGOZ_=kxP!EHh$-+-Zn1
zP!>;-|6xlhYG_xIG<PVGOr&(=n8r(b%b1`f()kQ1*1VYXouS85wh)f8xB&5y_qnp@
z#rdi2XbDOkpYY;hSX+7>%&Zfv{|9^SC~kGgu<dHP^ws_DClX#lxIUu$6$-rS-;zdN
zRAhe6E2^bq3l#tLGgp>`J2eTmw!A*%Q;VE|n^!s-#_s<Z$5Fztj@aeYHQ69@W7*s`
zoy}#f^6YJh3K-_8MJ34^8cJiTVS3CEd>s82o;ED{-MNhhvGo>mX}!;}S6P2eK*~`z
zyd14wq`j8vvxck=dFc0>g(2I7OR~F(4i11NC!YJrWz}Sx;Xea^uA6Lpte;SEl}ZG0
zIA2VPMlZ~*FO0=#B2tS#?T?**UmYTeouv9L`5wSOo8!h+l7U`6<3_!R5i6cE>*^5O
z<jL5i5jwrp83bL1BKG%l-6Ppa$q!j5KH4E2G(*262=TUgwK=ie7j;+7vdLN#UK2*B
z566A&D6v7osf(1Z^J3Ya*Eg>pp!ie&zh=@!3XGdBQfuJ%{2#07O82d@I%b5s1NmQ1
z^8dqB>D<7H7Wb|$$#RqtzG?E~c|Y&;_K`5+EIoXa-TXc!on@fwe|ll9zGG0k$WVP%
z>gE`MtfcQj%BTth78GOk^A9!<Gi(OZyH~nkavZfC-LNy)yI`sr1vM05;uf|)^-6KP
zY`l{G;qeNJ@w)GL@`tjx1(3-w2`^2p2DxsL$#Bn_#PbVgnUban#+WRC!mi-k6nDm-
zKh$z7`J?Wfp8}zkQOKgt-WCY@iZ^(}n;IU*iTkKPyx~lZfTss+l*a|emu92poEItv
zXrj611wjXJ2NY1mdq|iccPIySPEL7k|D@OwZ?Ja*u-yX^MlyZ_;xHg@I0O$LWWzI`
zQ$OVL*pccsP|;^j43vYB%>~dkY>gEt@2mRCXg8Lz&E<d2Xt~(is-_Q|Ef}jiCJdyz
zdZnqP*Dy>FtXs?v7nk$h5le>}k54|~5+(2Rm4KbjML(uPzys~iOwh3W3)EXzQjR9@
z1idm-OVaIYP@@I_DRq!%^lwDcJE@YzP3FAW?+*p|y?pM7)y|{sF3@iUk*mM$$%}s_
zz^xA`PvJ(5)R}yauZ}2kdsUFz-cVLU)oJV|+}(skL-WN@R(A~flB8dOiA(v!VbT;|
z>{P3pIdVD3UD<F&>4E?yMKU(-0ePI3;wBPhoD6PIOVkOd?J>|GGx&FOew{vZ_-Cht
zyq9cv6UNtbgCIl|4y$xUqY(OzZ1@Dm_jw2{y@ti^IQ^IZa|~OEsE|&QYqGRxyOX7&
zU~HrlYSFJI!-VL8IREEj3q3E6jbXP)gxOz<r||l;<LOjpXoMLpK5AgIMARM>9@EF^
zJ3Y6`^?Y~$>2fVJDQF(9CIpogOlDGqGsCiT(4)k1|9((IJn(g%=%DzxIf#G4M)}X=
z7T5TGvE|fi=0SEJXmW>7L4|W;iw`A_&xh#11E(Ay9D}idGT=bT6;OkvTh!P!s2h(f
z5;y)7++*?(o=I1h$DQhbK1pJ3*Q}?i^9U!I0yj*d(i1AX`Db2FL0|jAu#49<_uTVq
z2YPZNL9hM)>T74JrPIIXI<OsI8#gKN)D-_BSe}~>9b`tC+cK>**x2{u898PDyTqpm
zlPI!y(6ml`^8NZzZsj=iN?kUVOA#ejM9Q$3h+m2*bJ<c-B^BlvCf3N%x}L|MrS^Mg
zE>QbwRJ|oLY9{;1m!gbO;@SsLDl;w8t}7J<c@;lmCHdr$KISVgxE|()P2ygMBjT+p
zlDcr&niCzaox03s<2%vhxiXMyhlxGx%gR(o`RHSQEk;``mPPsi)^4))Vja1VFK@8U
zosLVy1&}Kl&-<q+_bGP~3NK^E4*`a)K$LCJ7bk^rU!T2)J(4rxG5$NI=lb4vR1^9!
zes=Z$nqRHQy^fLYtOS$cuTHKB370M;zrQE+_z*)6^50E7Cx|>|B?s<jX!@jMosMRe
zf@kvIA-=S2#;JvFp?=vP=VxbqInDM;x}Wnp&c9z4eIUt48|SZg{1m?6TmzRG&tu;A
zRf*uFUdVXMzfxP{{B8f(o!!gazHxk8DLDduX_f~XC{11hOMO~S3TI#n2uKSPuhlFG
zL}aA{YZctv-@7hFOP>sOS5Z2*jQG_(dzg`Z=rCVcxgOzzvLOqMEPFGH3AdSiYWUf6
z*06U0Ox+sq$DaE+vYXLn0$|*$xv(LV>PN3D^|=elwTqllml>>c={)0&+K8L8ua6vE
z7a1f!N(_vsQsB@t6Mw-uuyXsply;wVd|wHD4YQv=c>DHFIoXHjHt3m5>}9$7g3ljE
z%dMof7DskGzHgzv!=6>ElewW~wF_U@!3SvpMilr$bGzOb(9rht1xV1^EjSq69bpf1
z+Dq|lc3iDT5#X4kbp!EZ&AHCL@6uJEo9elnoY$W18$i^%o~pMwoRm-MpR`(t;5UNa
zf2PwDg9a5O30BiXbSHMVQpgXQ_&Ixk3)|sdcFBUhbt91^Y!jBYL!E1o+@|F3-H_Tk
z$>w#?rjmTk=*${9VB0{NBL!7&ZyO=}Q(J*HcdKE9-N=|mjJlPA@@(3)qi!*SXy27T
z)6GGM{iR&EqbTWy`uf0X=6xvY8xVMrIxdf&*(^{7gS;*ppssG~=on&u0dvDE6i;RL
z{n_bg>7C`>3gM`Z#kUcyyAw=ZP{H|((yjv-Y}Q)6+j(~cZuPkQwxQDHt(+utyp2v&
zJ=alsYQR~7t5!#McuLn~qE<#}qf|fZw5lGwfOd3UYZBg_ie^h@%$jF$>v=Uz3L31m
zeI93Lq8QgJG#<CyW{B(ir3ydK2+%pWSWCCwZp#%?C$=I3f0fw0oVD@K4*XZ3WY9VR
zDjv6KAUcf$6zwP;&P@_L<d-u{B4kAb_jvKV)+%OQEu#q2kNGgkp}mdzT;FQ!(uXjQ
zpT^*oBzoxV<FB2sYV14ut;vNtSfjR?mMU)UTfsv5#vr6;21F&niAj3@uzR0|&muHH
zT6wTLXg>^V9JWS!|9g$iGj+cD7^V`CDV&DH%TN6P$iVxE_$*%LG2AsOc0yLt>%_&Y
z5QT^d3g!vw_AtEWse;uH$Qz|#<u8erIm*%N@(fxTv6&&_Md$tyd)*9W<uY|x&H#1M
zrgRqa&C;j_V?ACNJMHX$zP>)Kpje^_I)57sN?q6?(SKU#B`C;sic)}u#h~SX9E@XK
zmF&|2JOb@~990#%N!h(~&8ri-RY`b=aC`SAY5Ee>Z2W7R!K9yTx|G}Ss}u&Y1TMN9
z!4HfA)ZLAmMBKIODfoOGp&!5(*v7TLp$XeBbm0yLH6m`tw_DikuQGKYNV4;2iN;6_
zliK9vxuM+fZfV3!H3Y0zFsB3`>8reRCWZ3?Jlu1QR(&n@J@MsTY_028O@Bto+0ml0
zzD^YnS&>P*ozn?T<+M_n1;gNjqGd_zGv3RqFW5bE;mp@PXBw?I>k+3s3edSl5_&9N
ze_L@*pQZFPjC(r8zH7cUtP38?FJLshof@+p-%;Hwxz!X@+0@4U#8zKskkK}NN?pqY
z(9c|d)XuiId{WvR)~%G-0`BYz=|k7{nVR!(^k27ZV|a}xCUFR6a)kRSknMkhgcqLp
zL&xu3+n2828yX_m<D>SaycUg|f<UeF7WH8{A@{9r{E=Rl?ZlV|cTEr34<Or>a?H*d
z@P~@Q3zQBw4Z=Mxuf;gj(EE-`E@}<H-KQ4J!561+_0Dl61+i}Z_ztFEBHUA?2j20H
z+%W;x)S~UEeDg=L@;~uXBt1L2*m7(s(Cj&<7rG!y(_x58Yghg(F%s{#lV4bd+&?El
z7@KUfgQ>WHpMl6K_7oo^j%NkQns77QUS?nFFC)|N>b*vFx^hx@U~1_4>d#Ps`Fo%Z
z$sC{Dm8+}LlfUf5nI)((9d4&u-jbJ9oW{@U9{T<=>17K2Tgkc6(%Icl@sh}@s57y+
z8E<>yw4F1f_LTg{r_m7l#o>XKS;2WrPJyUIx{WFI%YSQvt(ye<W>H1(UCfO+XH-QE
znDdTzNm|qYpspKo%*4l+12ZrImm4sxje>Lnw0`{|QjqrQLoGyfMpt$9fZss4r?n56
z!Bmoiq?a(yiK3Az|9~dfiEdWbAc@Oju2%Y;YkS(9&*Cgzk~iT&mnUxiTSXANTEyL{
z`81<OREL$DB%Rl=r!(t{-J<O1X;sD`cJ4xH%PGK{dLl^Rl*_AGF?tC|)fSGNd4k9A
zgT2SZ&)oIkx1N~@PRBN$)Keihm5s9}vG<7F52x0xBjWeVYREjBAJ*w^Y~kofi<Q#H
zSOOfwi2c0d=i!Yf;$-)OL>#U4dC^&rWxv(Ut(`Ls2WVid%drEN1|@#gE6!N)E3?O~
z-mxI0tfaBITaGoAz83-I#bt@CQyC6(U-6E}8&8TKTUc2Htj3zG9upfn>NC*FdCA<g
zW|ABhn|9>Aj4h7rPiRV7SY1DvA@ZoM0?vGT_2SWyGi-~F!s%SPk{YY7LhW3-!%_n@
z4^NLLPu_XBYVGQ5w&RIKSPSd%NZUzsKnts-D@Uu&B*I);^(ugeQg?Xl`7h%<yhSzi
zE{|s&*X!QC2tBtpBe{TgM}G>N2k*^OGw$;>&x@x-^m%x$t67=o-gE0rS_Qx5vL@@f
zj8hAG?eap;{JQqas<}MxiTK<4+F~j@gomyqXxvu*bi7rGVm_)RwcEAg6yB^i$$NL*
z`rv?J<A<KQE6_^4yF=2tJTdRhMK<=ep^Yx}IJw<cHutgbOlb9`jmrN-h&SANlolRO
zb|&(CrN-ZHAhzx)-8C8a)4kKg$sM1lV|6+O_01GnI`K~JOFzrvh08^>P&JC$4CJ)t
zf%4|(XZ{4OtO<|eyu%_7XLAHCSxVv?0CVk@lCn1Sz+y=x(Q>8^3`7*6B-<Ke=_sVk
zCvkG&nz-DQQ_P4Ph((@&svj5V<!9}lGlO9as2cstQ+D9&ZZ9D4=@s$laN7pK9PD_n
zo|~Kc5~syHtY+yPrKK&eu~Kc|{Hmxe;J?`>*lM;xY1J(D9p}FpOJgzXHLWZsn@Szm
zIs4NNM6RD7XJ1wXcI&z=S)K%^m^!JA>Q5erOY&UDEU(QIPNVB&n{aWawmy^9nYh<B
zmx|`t$<xb*t(<B@<!&55)VF07m|})UAh9?Xtj$wRU##R*?g+B7hl!jDgV@-un5{G8
z3Tq2=hJOJ}5W=EXBRa!z*1q|ydlkFVTCtn}d)x(Ua*8r%Rm&yqi{J1vGGklHv&DPr
zy##TZx;M=))+j-RsW0I2VSr`9kexHyp<FZFIH9wI5&wH}vQGx<Ue>DB5f0Ul@$ieb
zcl|EG`k^+{NLNt&T;2~e8JkvN1~c5Khan9%^em??Cd)fs%`|aVHEzipmNQpbS@?NC
zj!yo~)BR*nfUD4_rCNlF{5DuVD(za|a-Z0)Y(4iAXP(LiL{{=-D(ha}I<fgW$N1WE
znxTF<sbTO$d~2+#1|VlPqLZ(J&}Wq0U(0r*<WxZ5yrNUy6O=Ms<nc=$x&fqdULvQ}
ztLs(tMSVPehQPv^$r_<t$I>)nUk<Pck=F~`w4e;!m$Oiy)Fge_uV~JcHp_1>0JB+J
z$v9r05>()09$I5Zxfe3KS(TY&ar?2sAAx^OCy+^48yV#)u;XgQLhyD!VKzvAIuG*J
zxD@2b9SX`qc6UwKFoye<PUDuaF);p*eX6F+yg=tbZn(U_rC?3P2mc}EtpWHKUy?lX
z*|#D)l)89=@jOkJu=`cr8<;In*buJP0Dd*<33ut;xh}8Gv9DPxtx_htyW^z{2kt!h
zn(G_uJwnrBhgrm1z2-u%=f@SQW$Vv>nN-^M{?e;^L}yUdlHK7txXreDovUdLJ1M_L
zIBxNNou{qZxCNHSs4DxLIs%OX5LaAbs1bJ=XN*=MG(=x+#9!gP&l$h5tyZ$N<w_b)
zM4bz5r-3M7_c7c0B9<3G(ko5uA3@zZLkq!OF189Mrrh95s^i%S*;S{EPXF5WF+v#4
zglV@%64xdWQxSMTJ$eBeO&e++bdc*m>|{27WB4`B?6!$9YjH#6V*^u4bv2&dfkbfd
zkH^cC4uFsc{Bd_J=Zngnd3$w6jYa?R08*({WG0Bav^0{qeN5{C3(xdfvESOqjQLOH
zmJU~gcDCkSejrl7NwD+;3^S2UOV$+v@2y!Xl$Dq)2e^vhL7o3=#s;j>%)eRAc;dAk
zy($NC4BwphSL-`)Ye29NW-pzXOR(2<E^*nlthn$gb25!YD46{BqRYO*1O#*BL~5j)
zh4K4|h%18&HtS$5-)TUwnONsmI${%5(K8LI>v5$8NkHPWS6_?A>r%=%z00wq7*|%x
z4mgxZPTKX)Sy8jV!&IB>l=pBr@gklTOM;t}fyPOrcSr3PexL$>>1m}MaZ6HN_&475
z#oa7w1G)wo=l<(4r24GkJ`D=bYpsOX*B8t}pH$77Cv(esE7o#bsH5qGlK?b7mQ;_w
zghp}L+767`A!fOM5$Gp2gC2Ry|GvwSZ8zTHab&i8Bt`t@jK8=%U}uZu=YAPv{7`6{
zofD%uEUOTPV+7c_h|q*EMqSIl@)dBDuo@R~_g1uh8!RBE>Nt6pHCU9eH-Cg97|^hE
zoPS{Z&gX!#HY`)Rpjit#HeKx+VW_$FaTIEP`CBNixX2Z^uwZr#d~{}BCEvQB<O6fR
zEbP2#KNde8mNP<&UC8&DCv$JK^0ZAMo<b#iI*HGeTYygS6%)&A^qZ#Fyoc00?UvU*
zJ{G~F53D0K*%K+vLB6PNyBNoM=O^itp;zNatvsFYKYV6*7zDc!2R2BKW=yEd-<aa(
zc4$|Cld$^_@s|(8$=$Gfz_ajL{6(<(<}v3jbGP{S^t-}^T!;Bbp&PAU-3K~v6ywT=
zbjAqw8SnvxvR6CxzWOQtl$p6xel})#6F%D^>4Vs3ALI&q|EV+kPhI=3r%!cD9{;Jk
zR{m5+<xX9g^Tx^LbPaz3JyAA<djp9hBY^XCFZv4OGr`+SKQNUkR?l6a7!G0Jjc9^q
z^vba>VAvwUB#R_?H5kT}01pJA95_8>n}(tK(kTQGbCQ4iyIqN})$Q<K4#Y$7I>(wS
zt#!d)CcR9W;1~74(A|s+wgHBEe0U76|A2mDQc?8__2pzbj0cgr>|iQdq;=rR@3)3_
z))!Mp^M40VU%@3Q=SQ{#e>X*D{(jWI_u3DNv_OX0*I(+MJiD65sRBr@{R=y>A0o|O
zjhoLe@QO39FjqtSW>sei7E;<Zo!nO~b?d#<2%{4<*9|HykUekV+V6QQ($V0@Rs-lD
z++eD<k1l}cBe#fGNpY=HYFRAp-*#_EG9TWaUQ~$5-_h~hCT=JC(}WH1t1@By7T0|7
zQ9jP#9+|JV7|DFs;en?2;L$*KB1Q<SS4B?Ur*}y%<lfM57{Fkt8DBw9OX*f&VE!);
zxq1XomB%s9Kox_=-R0@g5AuBj)24c1OEBv69qaf>OJh@d&(?W9FTBrrb?`pop$Aiy
z`j)b~j<UPqVL&SYZZq-<W&&k4b!sui-mq;7?`{8iUACRD9yp$-0<->528uq?qJmNx
ze>$l<#%TK27User3EfX%^cSH|GreDp0=QCS@c$&>9NB@Nz2V(S#D#+i-0rU`o06AQ
zrf7~SZ?s>6S`GMiVtTmNZCsEy-NN+gA9pZ+mdRlbVW|;G%VP^l=zd5?QY71qaUD_k
zkUD-#;zwi60$yX(H!?LDWTXXQOX$DcTDh>IS$l}uuH<L&ot*a3X^pVn7A_i@HujM9
zfDs#Xszy7hGhXq(USqal{K~vtB)J(U`?|~DL+to@@J`}La{(GGINB|_;D*S1_q8#<
zn=YDNTfcR@Ag2v{u+^BeY*#bn)D8WUMONdruP#^vBXCf?>an|gIeReu?norbAH|37
z^UTMiH?dQ65M$P^kSY0q5Vs^abu)Hjk@e64=KUcwS=&+Q2l{}xeS_qm?8|_D-b9#s
zK)K~Z@WeapWfa;FoO1fHi|bPQ^yRc)e{#B+lez(4P#q>`u0><Z#`?j)Y87R5)n{q>
zzW2O=7`R7^bDrR~=9BWFW2Jcc_ERugJa_57c6dZo0^Mbe`ya#imyy?_mhAi~JVLsl
ze^+o0nxKDE-P_J)*Nv@U2&3M2TfJV)N|&#fTMNXgy}B==h4aTQDd`hTQPgIPT!Ni$
zB2;LuHaA`hKX!N!v1_?;yNp8T-B)5)YiW~V-GB|92a;ARTswY)H6B)jHseIU8&=#d
zVu!-F-qSi;yveDvZ-}EfFAYpnje+OEQQKQz-FW$?Y_;4;sV1Di!tT_&Ft!2J`#z5@
z=C6|y-V2ri-$M0q4c=zQew=l9jjcD1b$Ar5?^q1JNOI00+!9jb(2IP<d8FYFJr8i$
z@dB_IK(Kvlot|RB1c9NXVw!O8A7S|3{3x#>JE1_bgdTnm=5CLqIUiWuvOQ-cJc5%u
z)2TWB1s2&N+=Y9s)2mUq7rV%Y{kP9DfQJK6^wkmh=<EGUF@MA_hN`#_b?cBE6K1**
ztbUuh8xE`Wo6is9LSz4Vjf`r#>#geGhz5e)>{rXdbgobaW>5qQIF<#^+liBi$6PDd
z&r`<v?a&&YGG4EsrS5OOXkT|_;%>*`Fh)Z%IsG>#HjMeFE{Qu|8I8^v3L?$qyhnc^
z@cWaY_xh**7D1%&#LplOVKRkDjRD+^Q3)jQL{RG@hz~d{mZ}UoZk&KXh;Fz)z!sAs
z+Mn!PCU6g;z$*1$D<8QR9`-o*L0;#E_Cc&3S)%gy=_{qneAlKZeH)uO8(;`96M=Vo
z%mQ$YV~(3+@MK>vJ0m``5SI(r6Wt$_`<W8{Y?y50WUO7iQ@+S+z+xk{IUN?T5v&k~
zy2+XfeCO_EWh2(Gpy;+H#^po?dZBr!!KAoRV|w7fnHfgpG9jVr2WDU0??by&_m|}4
zUHTKF9q<KhY<$=otnp&?9y1#_lMwj5+>A&nf$2M9i{D(9Okeg^5y?Exz3H#Gk9iXZ
zGCNE8|2{Es>CMN%eLNyNcXP)nm?C|Pmfm8;MqN*pX$b~{HC$7;Xmgqa(i=5{c#ayb
zU`Abp(0X_yR)08?P!NDLNT~ya5D&sGBYU+u(FV!<^SyBb4)Hd)Gxi2hlVpFuL5lpc
zR+0|303%T0x2|t3?*${VVT3x93f#zXgd%wah4`q46FDsQPGq~LpK7iD9oOudo_w}%
zwe60$$NG07fU{%#@~v(kkVhIfalA2S5Csr5u#R}<J`BG=YtGErb64DD@t+bRGMqs%
zAkZ)jKsZAq$Lf)=(NA)uN#SY@`k)5epL;bK=Gy)>f=G<*f1)+1ROd$;-N7T&JnJ?8
zrqfjw-|==|c#`TCJ4&A(73rr7x@2zj#vyH$g}wb6Qe=pm<X?RW3>Z7e+dUQ?vzw~~
z#ZY<96b-GAZGhwJ9KG|ETF~Ol)|{ZPAyrz4riiq9+|T*zImM#MJ8^0hpHJJPFsvHX
z)e~KwV>h7pyYk5mYL4xP&YkbrBR4!s3fKFe4Z!kS5rLkfB)2rnA(JP)x`wF@!Ky3~
z)!+^_Bq(eN=beKAI8T^m(+%HZG2f#cgXQy?7zTovIO6VFTx8DTNXy$x1{78PgsYl=
zuw<QhPw#`tn8rD4k2}}V$y~k6sl99NEm&aalYhA5Tb!7T&*2qwuo)>XEHWK`3P;+v
zF~MW8uwvpeP>ysje;2?-+8N|z{OHBeIP4a;nCtmorL>p{_|jijX50*esStI*Vt0ir
zbvE|!Lb_iMURKy*pyh5Y&nCuf1tbRuj3T|wOuFMzi;NO1@tzQglhHtG8CmK{(jj}R
zUyNO);hJyFF-=xOP<iSH-OhzD?5QQ*@+6ZT4-gxSCExjitU^cs(D7h?eXiTmJKTao
z&BAy;HE8Jr_WcFl13m~5Xqo7{g=J`WX#zN{0bE@Osu1@rbEK<RSgH^)*u^4SCO%kb
zE3enXC)pk3ca)<qX|u+DBT$L3UG;gB)g8=8?qmXp@YVg+4KnJZSzh<?T@A2gy~OLh
z@86t>X%8%sd4x`%a1PX6N$eH-5@Fy4U&X`8_|(4wfuTsB<@z|NGb<-m<q;Ctu_jJ!
znM<PHH2k4$t0tbYPe2gYO#Ne4?i7g(65lSHiUPFc@IJaaw^ENPX_;)HqCheT>c6`Q
zu$>Ve2@Lhktex+UpBjVFxXo&gbbD{@>Ib07VgJcfGeqpIf0jaRqf)vQ!jjsk+QRbC
zFt|$v-gFVN#Emzch#A5{{#ihHxjwoUGICgxwv*JMjHHr{Q@I*)NIpozukM)Blb8qr
zCRyVY10Z!{JDGM_JCbr~73}DpMK#~(Nv72olcaU+z~&f`*_6l^O)Q_eKMCbxh7|_?
zuwHa@9R9uSL)t{6)ZPCRIx$OBMEhG@-`ddt*emrgjJd)IlLcOr4Sn6{e97R#yO0Re
zE3<8TUS#9dCAo76lnT%+ogxV?Si5;iwc1&uQkpu{w)cp-m2eKUcCv{{UihX+q&aqL
zn%yLDV8$`jrPT!Yiu57o$ArEm86a;ZEm69Ri$j(bqgk5rbl;=n+vVhSpe)FlqG&|~
zETN1LG$g4bB$Dx&2}tn-caW=O;YPwnU|dCG()1u+Bf!4bM2DfzM{o*-Cc2ror)v=T
zsx+a~H?X;WhtcT$y|pZlkt1~wpfpBf$ju=DKNXH$5%J48rI$#Av8}A*yO6FnP3WlK
zcaQzlM9xM{-;l}g+L(K?R4CZWWM9q_0ZmrRAF&;KV4Ud`4K97yE74#eF?i8ZQ{DYB
zWgUXM^Yte~j0Jun-{-kbyG_B%#DQ^beH~o*W*pW5_RG0r&WmGz)7piz&af3fjm*`!
z!C2KFtTCz&HDA3Au%dQE!ic8IF@7&=Z={C$Uj1co2xxG7qNDN85OVsl{wSZ42?*mA
zPTA!J6gf$_1>0BLR6pYh<;?5*HW@E4CcEX^YnP-SRMj=Zo|kzPVHDRVG9a0W<c$dT
z!iNMlL57<7dl*6pLgpNR)l`@pZ~a9sJx=F;!y4#UhDf4<`n$riPl7yo0U;Y0;y~iD
zxt7c18yANhbqt#>du#)BjfMe63zU8l)g8cs9rSnD=uXWl%9Xg#u(!M;z@UwNc_DFq
zuVqeGh|olmZw+)*`9i0itvvVF>S{agZ{j;GI}REmhXd}b9US8;=YGnx9j?@M+*o0K
z^#y||XrS?Av94|o#;;QwR~R+N?wRP{x0B!NTIV8j<Vax<BYJec(v8iS)W8+%>*1@H
z-PQRELT{PdvFU}?PO>17wWhH1y8K1e$r69#3q)@i<uqDC*TrxBOfdz9h(wUPO7}7s
zt_<o>FC~{IwPb6~s<03BD=x)6FTxNQsVRvy3^<s!GKpTL0Q&ZKxx4-HtJ%AkhebQv
z5BK6Ryh}JVw5DcODv@l1TR^{Qq2_q=uVHh*QGx+4xVD}$(#PZg;ac9n;9iYVre|0)
zyn5_$_JFib%tEq*X>E|FO(=Am&LFm162j*F{$A=uCE~x_qm@MYfP-MmOURiFhg~q8
zYHV;A`fdj(gvw()jwN>s3*Sw){bxsC<*m49XDTK;BI3tm+nr9M4S)qU&)iPy+xXj|
z;$Oj>0rELbUFUo_N*_Ln^~S5)wKkGHa642Bk)K5!OBPcLf3H4IChJMpB%!=u(@qWI
zm5j7_%y_9<J?3fK`yTj0wih$)0hR(7C8-F;KWh{rE|Y!z&U}yTyn*aTqlzn4RV>%$
z^DWQUPYJyG4Tq|Oc>++vY+|BiL@f=@S?47}s?aa{acD>n9~TG1620RZ93Pv3Q7ZL-
zlcDaBS~?i)8dGo;Fi_{+UEp<PfgIqxN;)m<&#Xj5fihAUQOE~_^22zX)%qlxMF`$Z
z1CKiwQuFuP<YjH!*5~hQ>t|-KL2XyW0hr1}?+=&kS-4veGHHNs{g3Exw6f%#3ggHR
zo9vfOs*_C_Fuu*-XU*>`SNu!m2i+f5+^=36j*A#YO@%Oa*au2)r`(+klyy{SCM5?E
zlYPEVEPFo@<Rihzitgl-7UOS@7>vl=3ad^qP&9ZCF_xZ(wCO&sdl@tj;JZ7*)!<u6
zi{+dB+re9GAj|?%!9{nzLMS(QXlZxDV|-jM{w4N)^S5sU`=xkE+`|PR%L2%NKc1Jc
zMXTHO-&Ua34;I|J{!Ra9BMnnb&=U5k#mi%FLJW<Brb`?mRoGU*81X<6<B2TJ_C~=Y
zBEPT-OdO28$y(l6L6Q5g)Y`F}^fkGoaaZ%3`^~oZ*&cAiPoUFac;fLc@`QS0Q2jyn
zd*Iv0Qz}A_;S?`U_~j%vwliN<)lDNdae2_d(}zQ~{U-DaPgT6zjZO}z=Pth9#DtPt
zD)P^xZKyxH>U?8Drc}S|$Ir4ftmBIE+QLN=S(5%s=E-rqrw6dGaOevrHL(P9f@YK~
z;x`xY_!+=7tcVOj4-))tpo$7Lm9Bcnw$$0g99&Z8YdMpY){v>uU*cubLr8=cY{bE2
zg>D4!GH`RhuU)G`1yb@5KPzCjh8iJwZ4SE^Ar<*TtZ6&ZR;71QwKb%?H(^}lyx^*H
zI3?h_97BEwqL5sU^~g$}Ps{fxrPJ4P1?!SFAM694yKnPcc3=RSb8%EHOOa|r12i^u
zl`s*jT=DFD6D9LA^UupriAfj{vznDvfE>ywpe2+qZd#PQhpVI~>A539ZZc<;0%Dgv
z!Inl&(t%vSGfmn7N}HQXFzA9tI?jGSRw*L<F4!V*;F}{xiE{d=YfsdccusN-BshPD
zBaq4Tv=}b<OHseqg}jVMA-og}e+v0hAj`pM?1}+P(O~N->?mF2-Ll4snJ_zK`i(S5
zJ~Q569rC;QZV}Z?Rs4nUv=kxu-_6Z$;9x3lvRm7nhl~*qusHIb=VK__`0ok>9wF=X
zF!(}a_;rt>nqDhy>OUG;Iq|-}yS+|gs{@4wHVr9zT_8GMdNUql?+!NWuM_D~HQ01L
z&-Q6AEhD@PA)gu9is+}<&{M<n3rtBi{lki#Y;Kq*X-f0H6s4xs<|2iYMCes4vMg8o
zkuYw_Oz?`HP}ESUE(Bwtp58^%o@)_Z*&Y=PI%8LpXw&V#VYv0_iov-Vv<qC>e1JW{
zNLWOH^le(e7wEN^ej$s!f8G}Xa)ZKou*P#lU&O#Dz68tLE3(kcj9|SEaQ7^uly!A4
z;X5yb>E|FojzUdbiP!0nZj3QxAeP0Z;M&E3eX9o*Grnb!A%@3iJk2->@27Le<g1M1
zX-As;eZb%Iu-k^JC5Qbfj#Qk-Is+Wb7?RpUzDusq2fLmQ4PIynhA*8yV27V*h2WMP
z%N-S@(ae1dmi>}Vl@+_K3;o5p2hO#O`V~bb87mrkb5}g!k$&az)K3{{D*Bg>=FCfZ
z&NhY(jt{K^uN(DJPqh_w)@FN~zgP8_p|G)D%%CF7*TQX7rs6-|WoM+ix%t3_ckZq-
z7>57Jf=lE46N6K?=8sx6s|L$)*M1dx0xug()1Sw&hBInxlP;MS$qUV`L8w)i&>EGr
z-vSQ9NGXwa)*mj^%VT1GZW#tFITy>=Y?8GMP_%Rp6o=jE%P}rF#|oQge{Y_~XUj}&
zKVZCchOXbQGEEuCw9R;H{(p^~Wl&sA*RFAQ*Wm8%?(XjH?h-a0++iR<kl^kv!QGu;
z!68U+Cx_>=^S<AYQ)jBWYPR%MtE+oz_wMO+-!Yv)bFRzNZ|;DB-`bsTT|c{>dwj2|
z*DeixdIOd}HBJ7unaO72vKpeht^=c3d$(j1jH|tWkHa>qvgsQTWOt6>lE`l1W3?Zi
zg1~~=(fFYOsO<leyU}R9d40OMubcY#AzQ~^4FDczKb|!6ps>{nw+B=+&1d_iU&4NS
zGeE8bxap(@X1C5ZvoNM89N$eqgF3-bw>C<Ji<h_-KqF&K5%lejlK(ufIb_<NI(Iy|
zQe;fp>@Vjka&QSHAc`_~6Gt{1L}n~qa!xfd5^Vcak3DV){+RLiimUwIQs<Yr`{W$E
z8YAd&)36H5py}<3JVB&W(Fd9#m?GLn{ZSrJ2?<%~$7b(qIh}U>!D<Y5!QzdfJ(MtA
z=MR$_!%Q%df2&B0Jr3@izXhRL7irkdoj2_uJ6dgv9#t2FJGD{k3*xGze(?QaTQ0%K
z6CG9owN4*Osr8iOo`LvvOxr;>gYq`>V>t~^a-v?fWinYUftR%V$k#xy<qp!HDYO@0
z4ut(3N-KxB)w@sVicWK{Ut<wrAfKZfp28hjKvN^qV0dl5c<{|t&yg+?SdyKrnDgYq
zBKL3_eM;UMc$4-=WjIK+!zo!pfHN@?vug_|LGfi~<^Kt0(cI$XzhaQ_y&C1q-53MZ
z@b^)IBQZVhuXk44GF@7p-<MTnwcSMlY3qoFIz~qrNd$M~N^n`RkjgKK#Mz%h0!M#7
z46r7_+gM(u1-W3rH$#avYA7<)^_qBp)`D@$`VC>M(BbXJ&;|b3*auwl)0;!~e6etg
z)P#Z{R!RzL`pxNqZ`(GZ3qQzH+z3YXgsC0bI-H!$DOQ|fhx64=?hjNALlKWWkZPDx
zmD);w+oM-A4p4sQ&^Mt?5X$92upKRr?o=EO$-$G=k*Z@7OdsYR5hpn<@ES8Z87=Ei
zf2lf^9I;C|%fs8|bG29+h_F%MV|n6N1dPc%e!G4s*plJP^-{Lr2rbWqax1)c5-VaU
zKz!qwJyehzKUn6Zs}QfjGF46mtko4ML1gR6IYZy0T}Zxp1d^acZ_3(r^UZko+`Q<0
zR$SdXJbDR+hAD&?A2BRVTDPFT`$@7*=u%^1L+~=stRu5N(2s!|^t8_3)q;At)%!Yd
zcOHw{3tWw$Ue>rcZ@v9_f2IbS83ryD*IW7V?#id39YJMEwvbQE)6a=OqGGZ3Ae||F
zaj2yRSfq&eXo=|cMn{U*yL$@WZMna&Tx7i^A&o_n`E($}@p98D7=&zu^p3(}l)5`q
zJFnx<J_pDgVFM|!ec7FtV^MHyqEt`X42d|V4fN88m+|O+10^XGhD!zYW5->nf+`zn
z`d@rMnXQ89BNKKykHb^}v0~h=yDaSZOUX=BTcb_1#Og=g3H}a?^-@6!ogK2LSlYwI
z-*_Y(Vv(6)_l0~_Io-xNM6zL2_^er?qy|a8tr<j+nHaENl58_H(}L|T>N%S!&YmOO
z&I`pLdc;lEB<{9$!?xBIpry*=uz|$SLxy*2s_r<^5gsc9v6^E5zb<OVQ_(Ss^2Auf
z3V~dp@@>+wC@)ewHTu9R23fJemhel_QWcr>^&gdjKjL4=pNSLSsLR;+j0?txo(x)|
zMD0t!NcBtx?&0%6mdO*~D;4y{2t#Qgv(Ig(hc)==H1&r#8!!#TO1KG3{V>##*S!uH
z`nqc9Q__jrb%h{6xBFHn*W-Jome^@i@gT8|;17A&V_6tMN&8kfID^O0F&*7%u>K&A
zC!KQyfjhMiPjyF&+2aBg`j+pik|t#po0V}-{8e%UyA*pwENq+Oe?oD9yy_Gc?J0#o
zObQb56K9<Qh=z+%1X|X<pW~7YgUOh9+cs2UljUI0zM+!<RN4YBVenF!Z#km=i<8_K
z*?ulQN!`Y8C=CnSE#URqr^W4k5A=6>zD~A8A^#0?s>1Nq!^wy0@a}zW;f7ZT`|%oT
zVxLszQ#-rA*m?lvL5dk>JyzeaMbSKJy<BgN0pbv24Q)hJXh^0=50LH&CI?Bpa6%t#
zR1!(CvquEbPHsGG`aiN2eZF$^%GdhRbc{PyDb;Z6^MWpv%&YgAP2YD8Vsi#|+kUG^
z|Aq1X&FtQTKJGilH>|`}mvX$gj}T1~F~jE^E{MWIBtDEQLnH))(4=Psb4lZj8Q^E4
zU25u2<oDvGi6Gz?YIYGfp=#y(Qinj6KYE}QN#g)N5@rUoAT@jjNK3G9nS3K&@3LR>
zDvZ_L)q+o9#qGXixurIz$&PZ$Ry0(2o^Q{|PuGsjg(^5oVf~Cqa7YrDCC)MxVfIJg
zhj%$+c06#ug|v|`elY3nQgVvdK>tRe@(S;%VyU3OU>Q}S@Rod(Y<M*{ucP(%v@*H-
zsi6>PUoqFK<W}ic_R#PDg|ocG-rLYrO>Kps$5WIpuOOOIK&PWjcj*b{dF?jjP+qze
zkBfC&aWC-Q9E`$KfI&i{(s?=iE+dDuW!Cg%*t(kzVD6y_PX3eIU}5QqG-PtW^PJZk
zu^?syP~kD?!Bl-bJ+tUQ<Qf7QixRLydcFXzq<phmQi0Q16`42&i^UU8vMH1(TU`+4
zbz1BsGPx9Oh_mBfOaH1a*>7LfajX&6i21+@@!7cA@lj%!W?nC~(igke5dlO_EZsnf
zgv}(#zWK%pNcLI;#=J24HrnD!R`k)@tkhsXdmfjX?akLe_c&%8Ul6_2sFf_LXbONN
zW-n&9IPSIaN8}4x=Vy3W^dELNBD8n#mpOrd_Rf8p!T;W5k1tPJpDE>6WU}Vsj$f%B
zOfR%;cYoeIM!UFSKhCaHDM)>DZih-(FJaN2Dp`B{Cp*hDDoabElQi<W@>1f6zKEta
zux3-k3w*eQ=lIL|=Oc+5iN<%jCO<%sI3J79W|?uDgQTfYgc5J&j~K_*DdrS()z4K(
zfDIV?lx?d25VAM<dq35h(C^xJB}?;$=@U~H`O8a9W6`K&J1u22vudaIbI)AE#RIH`
zXi?%a79n$=DNqk_0<HYk_JU0EO{hD=2)8VIYP%eQ3@7qQkMu5i%=GW$feX-}1>Vx0
z{24*M9oYc6%JG1=$#hDRwRjM5b~F9$bTfeSRVE>O#RP+Cl4AlV$LPp(YI#*T$6}HZ
zecIJ2>ojyUr!7jO<dr?jBq*2;-_j=d0QWnL^=ws4U|Xf{Y!P`nCqqDk==7<xn64^m
z=m^Ivxd%l0{IdMsUK+UIw{##;YkWHO$KR}<y*0Ulw(N|J=3m>tWPQ(Sm`bxvMk#jf
zLKt^3JnGs|tEX9L^tptq;6s8?z~W{_N=EWZjWEdOSBvL~MURsdA~cZ`9fKvGtXJ)V
zsD4f7!eAyKoP>B89FL{yV?WvT5McIqknkiECL``7TLX|5{HWULXjK7scyBoq!!#%>
z$lbwq?X}8<J}iyl`SI-?f`-pJMVBbDO4KkaOV@MA?_Akd*cJj|fx9dNf<{fZ7oj_)
zMqorfy@?Pz2Q+i^@R<dR4&Jr->>+TvIYZHHkfZ4Q6g&onI>mp446D?&^1lxWmM6MH
zw@xY`M@fPlAo{^>u>imgj)6Ea>_V=bW$t5Qd(=8VQ612({|u@m-e!_FK-{HoEXR?l
z+7&R~*aI_S{6pV@LqpSvD(GV;6h0YuHHX7sQ+k1e2x3TA2o8`^1EVu9mPEH``a#+%
zLWS_1-mk`WXJ$Pp`l2q0eIxox#&dQ>y8bvxs2~?AtjLyj%m%P@r?*xK?u3BGQH8F2
zkU93&LD){f(a1bcO~Sy$7s0t{bAa~$vMMZlK`Knb9h7SU4}~VqoK~mrzvPa_PqikG
zC=py=`Yk0~m)D8~>p{49fJtjgY*nz=TjDQ9JSi=STl)~#myB_bX6={wQfiL(@QZ*X
zg4ct*Ec1dFS1Dk$WDZO*B<cmbuvz3&Q;^wf`88dZZ9#fEJeP2&k_rCI=iJ@e;A@vH
zdrkXczIkH&gEct}X7Et;ib)AEJ&Ky5&?{*U1QM~0l>YmJuVQp4Zt6#(<&?`<07V|v
zwAl+tkc@@{BR&`QeH6PfDGHjJtg@ry4*_+Tg*qmW3LJpDK(`X75cneov08RNh*e@g
zL+8_#*0a@8iuSf8^Vcqu6(tu2^yl$?ZOx{w{Kja<&H4!=XTD<ma#wZ~8gqoIXM1+O
zZ=JDrQ&+phHe2nx)J>;Gfiy20I36oHTHz9$JRHAt&3{{qCP#pp(_WfBAyxenN7Wpd
zT%sLGWL5>b+?GT{9b5j8mdc^^BlsxdU(ZP=c-CD12{XJZ^pvA3jM6qNx_U%al8$Tq
z&A$6>cTiIp?oQ5Z4HS8XEZ+X|ol-^hB-gX$nmcCoFzL92W38ddIj7g1Ix1!_k?dzv
zZWb*HDX%=<l)O%YPeUhrvmiKsO9Wz3+l<UbH**3&J-8TuB#bYKwy&u)gjp6Ix-)SF
zY#gO9%v$g7D1<5a!y(OR76+$%3va++d;f~}yPh$bgPLLhj=^>6HQ?^#YyAf5?7piT
z-AeFfIkc}ZPV}!)qK4j8dM8vTqLV-k$>+8l)+(+FO}BQf9KN~J473Sm(^sw^oF%^y
zY^b^c^Ct>;<)JrIkDOIP^IAVKt1{Bo>9J1(+-AVX0<CuMu*Bz%RK@Rvus`X&xh>9f
z4e$}{q(CsxmjwM33wbFxMN;DPfzY+|%#S(Ye~Ge$5aatdv0!PMi?Y`VC{pThg4a#w
z9jnxdOnci`IKPHG^*KJQpVzEWy5D@#B)hc*JWep!|3s;ncjf<_Ir~(TM~@Q1<6_Ks
zZ*~Sd3gPOdrZ#DpRG9j?v16V7{g?Ba6n7_NRZL<w7K2U}k0PQ<%zV`a2^BFKDr6*)
z-#fhj#>@<a*V!+d5N+^=>@dw}>N{w!B$S2ox=~Y<zm!sh(kK@46CwRrK|WT7rP;-n
zKtEiWfe-!dqw*}RMr<L@*`Oh;Wu^}f?o)6g4oChdDBJtkR~>K@KkSv?()VTNvfG=n
z7ukh9T9)~p@?Lc%>`)O+pWqW>&Pn<vWE+A<7?cgpXC&whi7y>;skHe;@^BfY=`tg{
zk@Va@l4EzVjFa?S2_*chTZiF7fKjRm5Ju;;-_PWyaR?8Gv4*)F%@U|2c9ZXnp{Fqz
zri%R-GnW8V%Wk-+<tO`BFC{Vp@+<kuIC^krD<xd`(7#m$JiA^wn*q{FdzhKKGE;O|
zM77s_1@SUeA*GvJ^iN8u>=9-pJCh<m_yE<)mmL-1;2Ov@6<-UP@XQh2@c0wJhaqBu
zyBUpHsEc}8&4C{N)Hn0X$1JM_&6yZsU3Nu<@Zk^ba0bm=y)Aqn@0}n00$moHH4CW`
z979yVuz3r2k`)vzwI;ZMnl}6sgTDL;joiLon-pYpkreyu)}znwEq0jEsa13FyCy9(
zykhWNOo*3>BF<0R^h6YMM|F=tkswRrvW_;<l4V?wR4?W@UuK$g;is|3zW(pFitUcK
zc6BF0HIh{7NW@zWwz4}C)0X5ANnEC07LPJ@rg&*YtlH=n%(7Pr5PQXG;zK{DH;8MD
zga;5hY)eV!LLSOGE)gW4z^&&C2)NVpbQeEQlStW`kU4)sFD25WU=NG{+>FwSRKu94
zNzr2oX1R4CCMA#-;i67F=p^BnXGfe}(t5x~<nNB6iH>D{`Am?Px0Xh3NcExLf0-Nj
zLOIhA$2y!>FrF2tZO0L&9<v~fgS|w`M~q?|wMKZ!m$&<lv-XA{czY)KrBXj>+sC`Q
z4kdf6u>{R(VT<iUd=?!WP*fCBP9W7UbtF_MSpQ~mB)bUV8g03IWJ@+yFsdDEWm;zT
zgu3#Pv2k^J{s4M>vmes1x>S(X3jwdIO4`*+LcqyppFO*~kNk!g=)kdz!)!&N^!@HQ
zRUWZ~QZ>sg&H;*^MWA$n;4ouK2gjgpG(~1rZnN<h$EkFpEkq*>@MAbrH3u^O2gv}U
z1%a-`MYiz>44h9olGcHD1mRzHxg@D|*=*jK=d8LQC<HLMFTRfvf7_DyHnKz!-nZk5
zl|pH`Tb4dVfM^Wwg08Zta9B7Iw0}b_Nz-`yTPLs{tA>Lg_ZBW!;N}U-_BdEqeMP7#
zi1?Lti4rvVkoL9x7GOcYnUONFet*T>M6+P(d7k(Ed&Y3!5W|33>5<mHl^U(S_v;{y
zm}~COiVLz|`SLt0_gNX*_H&Nq7r9qgezJ+EgdC|)+*Xf}-(xYe{f6fGcEf*(4_X6I
zAcgj0u(bM7uQ3IUaY*luh;DsjOHNx4(q(BM)S)!6gX46F2%tiPVrvq1e>He^e`?6o
zFR!s<qy{_E*Y*_yzrkZ$)`@aSNC-boX`Zq-vd*vqK;!q_{*$?f93o3+6z4V?v|Dmp
zo&+BGr_-{LMjE{T>TwT)P>R-U!L44OU4B!Zy>vg|)>_8#Y=rz&T^!;%j!Nd2ymC3e
z=;*Y+X9?3~Ah4(0=Fy<5pnH|-%GO^KY<WDKRu;`MJk%RNGVZhmXD21$Ia)x*$CEYS
zvBF$RKDu$PcX(j;GgG0=ChPV~p-8^K4$>H)_bJp1rd`VX!@3ovk-$-(2x(!mc@Q+y
zkK?*2*r%M#M#LwxhCeUgN?teQ!4Va|uDC46xcN6b4S1kL&tZp`&!Tlzrg@xU!j&J&
zy@$;HK3?!v1@}lHH%8~h%`J4PbbRJQ;fZ5x#C!JfXMb^S3aFA9dyk6{v+W`(ExfKK
zw&<vQCw!Ho{8*W2^Q#hX8)u4ce?MW){R1yLVvalg&d;?$1}p;EDn$iYKX~2Ii^|SJ
z+K9LzEnu=&CusFHa(j@lWn(n20o0!?xEbw0;VTE08&fo2%tjb<(I?dFV|@zsgp7j2
zvO$1$Q5)AP7fQsig!y|5m6aoPFv!yY^JrsRor+JhvKnhjzadqd>lt=c^=(It{>_^$
zdn64_neANrkXz{Pbg!AUWxrRa<?VR=mbDdT2ap%sx~HscgK^q2v*;LTq#R~y##rpy
z5v;s-UX4TJ)n(#juQ!Je=o-5a8n~x#E&83IMa<w)ey^p&hp$Mz6nYwpgu*&5uV7eQ
zaa);=<O(Hz!c(cVbGKZsvq;?g_`dnDBywDEo~7V?GF3>AQ`AdedmC!voc?v4&aK&-
z8}OtSCeY5#okFg?#>udc&8&`W`D6I8D~-i>1B)$!M+-MO3z-4J1iu}b_Krc-5ju6!
zy^c`^xf{J9`iAQMyBZf2^WKh4H3X4$>0s>oNhPJEn2^j)uweP$={G-Q139<P{LJGx
z(aq*w4YC@i61N~dJi{MK@D)`U+I`royMS<9!k0PLw7)b4DRQy-aY6a{u3$Kb>NBiL
zYg%(jczj~c<@MMxk}$=}h!wZru*XQLoj;A?NN&LCD@kmgu2HEvH(TQR;NRv*wy>_+
zA8Xc0GmqupBJNnHN4xFdeybQ8fpynH-nWXHgLIQtRoMAR2{2u6qeHA_6J*n5)dGHC
z<WbE%-%K$nYosH`d*C%wBfH{S24z(}y3O_|?Wn<EfZ4|beG*0G8cg=k0f+V!e=%vI
z-rxMupN<uFb;mL*f+v-5o&9J8F&vAfykS;F=Y~<V*~|8oSR#ItGE=}GC%C5Y)%Ms-
zii#lQ<hhkX5p^ZOpRrT*3L~(|AOo<-IyrBYh;}kQtM`c(C-wEmXJ%G-*vESlr@nvs
z1+-?anh(G^A@>a5+%1#_hpa+tGF@b-PB6X&OVbz-G=lf@X4!AQyePhG5y5@Za3`+P
z?0b=D5hlLrsNUW4q+0gQ@(+dRn`q0oHm}jt5>JtIyqAICfhA_EX((0f9R)hsU_uyU
zgrx!|)OObc-QoN(A<=df^{`0c>GxfdpndD;Q4aj6me}j}s+0ID<<(}V#2|<0GGs2e
zCcTW9qsce~)Ysk*w#maa%F)8tt0G1O*4%Md&-YgY@;UsIr2f*bhayaA$XY7@l3aRJ
zF^5hJ@#9+zNS;5D0Yhd^D+emz{;1IVOD;R4jXgD#n91w!#)UhE5Jr1yBdG16q{-@p
z$121Al=dv{Z^H_x!kKCXEA<G?fnSKvDWCu9_O6Y+u98*2h?|+hBsSD+1v0kIX+MCv
zGJRA<v6ZbfJfrT*^jMq2DCafiTyH+|unj*bQDF2~hBhYONTSToS_d*4yjgIyf6cXT
zQ4ZOi;yOFxmfmJylA-j;re6&req{vlHC!;AP_-8E7q+HK;&x@F1(jU4k7}VSj^VvF
zi{Y09Oi>oU<jf`0Q$?hojizBcaA>n1o(+Aan?=+|e@IzUQ(@bb$4UCp6Pm@6s=-8T
z5l*f_U!R!Wi&)?BRUVjkFj(e$y&rmD*;Z{G$Odiqw)ebUy~S2Uprnc!clq^fqS0f<
zlZg^ChDgK`=8ZvlpcQTb50l48FjGheBQ;Ko^WG`eu~Lv0TTWYds$5f+NdfA=uurUa
zI}OeMcw^Hw8|5@d6@Y2g2KBcuVK<k>wqd}qgS3iwX+HPtPXXx%n-#0k0mT^|0p~C4
z%*sdPzN-2Hk&vNik_A-0HSBg2(XFJYFgRJ1#qM90bHb*Yt7TKWqE*6D@SJhJ&7Bdh
z+<+lNNenm|HT&xrJsvb)?LJitvfJs&65`M^M;yLxJ)C0^%o-;;3)2ae3(kkPE2^n0
z@H2%mTD=8k2>~iaOzLmpAz6^}M&pGrSqmy(Yj@kV9pE7=5Qp-OlhcyG=3(#TJc8XA
z{i+NX=q*e1XuYg`pHXbov^Ss!%8Yx09`4`H@3IZ{rhfj!&4OT;?x2WN|IA7n@y0<|
z30dU}Uc^F91yuoFDlFwOtEJ@CTLhUn;Wt7BQNi`#j0?zIH%)XX=2zViFQ<yua~0Pg
z;O?dT3U*T@isbg_b1C7C^^?mY%R#Z!#(nu*lqS9@F5LZ2Ex`d(h*R^!@jm&bMt8lJ
zT~?4jBjRf&doB|)K6(P<r8;<oEfqYD>q#C>{WI3;tBO`aBd<mCEic>Nm6yDg&R0&u
zztK{WsQ~bIPNFAb?A;52FlBC^;YtwQRUVy79UsMUz5mk}G08W~qNF6riCX8(6C|U8
zmxx#)XFA`pzCY79gImEpuIPjO!e~?IWjd^B?p6y8WsM{1adB#3>+sM*Y`+ZiGFD{g
zvj1c$Nrma?B*n}Y{xLfQegA<#M1~38&LJd~Bk}?a#3r2%F+<}bk?D~~i;cpBm)a-n
zHlu`}SH7NLN5qCXs%@r!2p`N@uTj>t;<17JzaS55?8LhTGD(Nk7vh7UR@1EFm=D>L
zRe6Mbe|+1!eQ|te%(d%=5|iq*>0HHLV)il_-t@vlzAQG}`@mx|L=^~_J>yC6N`N26
z)&WHq<nl=ymXVXf^n<&BY^W4??%rg`*-<S85?;`|<e2N>^=&~}LBlusip@m(NxPQP
zk<$d9-t-YlejPrju~s`KoWk^o(fobZ7SHV`)H<`F1q}P!V07)l!*m&3u(JxJ-#B*S
zg5&fqjHYkQ^kk)q13?9@%V~ZjOLrjpQ9w%QCv5DWzt2kyRL2oowm<V3rEFC3l%Ec!
z&yS|xN)Msg4fqCei`56y92W;p4Wjvi3wL|uDdx21w@HOJ|5^Rz8l+}=&<;qna??LF
zZMFa#RooNMcBQOL6;?98TEhrpk51JHR0lWwh4aq(76g%tLDp#^U0D{nj3GH12XLjI
z?xzKfg2@BA7}{GCb_Qy5O|8sERtW_NOs7;r7wLbJ@S9bo8K%jGFf@B9+++>a<~b0D
zuW`M0SFTb~NhZJ91+jKc1+{KF@ywZ8CDzIs-G`ORjht?Csf+9};Ay^KO=&h;*IIkK
z7)(_r_$?7F8bEsR;@!eRK8G8>0J*;x<kfOe?NMkINUI`LfWHeWy$<^#^!ada?4OZe
zd}SxP9DAoX$J^$kb`ric{6SuenT2{uG<nCBE8mjIQc6kl7dM)?14p+)#W?s~Xo)IM
z{V5u*8gE~O=0))7E4Aa)pyn<}ZlI}c3w|=B18vxvcR>I*z|52xmBmjY32?PIw^gX(
z0ILLEC<S|02=Cb?YLF#8#UNG23GxOe^%Q0W4m>Bq-*C4Vz|rPGVEa{R`EinXCn2Rr
ztI<v><<@MUS&0AU1SDkQmb<8@_WAW2YAJ@Do14urHWz1Ei_~5(KIEHK+E-PSS*P$9
zk8h8v=cS(qQB^vja(}JK12pjZUvNo7-`HB5<TwU+hLN-8EF5sUq7kxUuEwh{jNk*;
zRQdL=zh^9BANB0@*<xix8j)RoiUZ9b%NSjk?GhVvxaXPb^BEFXkd4T>(3)11Fr9qk
zS}OO12CH{PW*Fp}jlotf6eIBTy0T-2kkP)7@cI@<`k;*#kS7sy0o0Q-mREsgO>;@j
zNiq|UNQPm;s;#9FhCEsI7w2gT&4R`Ski+U<h$FF3q@*onywlsqW`wiglK2-XRLpRi
zGsZ11BST~FHPl*oFHz2^4{Vu11S#PIu}Zo5DJKo3T5Ar*LGE$IbzuC2+p!LG6{-=<
z7WtOqXNu|Fc9HT}0JzmKXbx@r48GHm(DvHg+se>`%a}V=Z&f0e(H&>L8%$#8UhLaf
zHk0a_B``OrCuq;+=-(`IR*%0S1PGptSC8*Sd2O?i6*<fK%#hLQBAa>bgFBmNzwU^D
zmL-_39W0G1^~%TJxsV8|>osp}<<)4^ViFqW0(0$I+OSq$f!18tE;y?~ETZZ?{nbH1
z{n4C&r6h?hH}uvwYW!?*zZI>dSOxqqzs)#oiX0(gAvo-IRIBWJnlJ7{-A?yztu_w>
zxbJZm>XfLBrXoVO$~#r7xa``A$iMRPG2QYPam4=0FK^^twq#x#CzTuG;k{E<wW82k
zl3hma?h`QW0@6WXjZftGT3^eTt4Q`WbGRk;*GE#?7{AR_!LDIC*+K8m`09mhhc9Ea
zTP<s9{osp!$0V=+5{P`nGUk#^v9$Qx3jqUc8nBsKuscZrmG*r1RQSBzz8}LhA=!q7
zGJ?apC?HSds=Gqn$d?e3aDEw71BN4iq`JkC#w5Lq0tiqgenQf)TFkXjWOwaAJSD2G
zU^G(C$<ZlhJ3W<JY80^Bz;x^q!)S2ifP;-e`Bd{GYUCmQ>SL=%TsR^Aipw`b(T>rB
z@J)to^Lkmd#WYkNilstBo&*e%YNXYzTy2Y%ndS$uvt9L}+U-*LZq+w-6vwn*Ji=E1
zsDkGy6$n1(m1k6KZV|6J-cpUAG{x)Z#Gi$u$w86BX+Xi%i5x0zNTM8ef%ySdek``h
zd*qyeFk^LYzZjrJ_smIc^U8Ua6RpGX06)wQ@kPESSrS#^3zi>WvIw@pk0J+czc)F?
zy<o__&47drvKu_mc>SA8&r^xIS>i4lydt!}5ireG=jCLc7Hjk+#o5>zK9yyz%bC^a
z@Xz`D)riAdXv3+<)nWASxbN&g1>@Xn+9rzKj%M1=P+rby|7hP)eQDjz3B_ly)D+(f
zEp$<3>-U+jrR*_!5Ys6c5j`2-z(*GS$##Tb^H#ILM<-Au7h03txT^jP5OnLPh1Duy
z=K(TVec(#hCa;7qw=RxY`wTE;`?%ZNNs^6DCc8^17=p#x@t&A9dx;(^CiRox-oxiC
zTTv>ARgqjDsRW4PB9J}kx-~T-<TgVG?{L9WdE*ut#^0TIn3qqAT2n60Y|`U62UD=6
zE0zegU&Y$lJiHd9N?D3K51G?ryw0Vj;{h&6y~?d>)c3AXUYR?I1JKW(b)Tyili;OB
z1`||Eq{r`z&FqRv<UO@VC7|23w>I!DQy=3=0`1csb8L2fot?M-stR8~FQJn%8q&Dy
ze`9+i2-XF$8BrTqS88iSl{-=nZ@W2w5Vo;o#4J)S0`#D?-M{*}QaxDsQW2trMF1dw
z1}mf}D@JDoX?F7CZwxZR7?_;VW+G0`P^d)ca?%~YXoyKM;$^v~q8Tr;5G2b|1dXgU
zWX=M!ggsGYhblC?vK*Ad{Fw!1R_WhS9;DYKmhr;rU8)^_37z=pF6G935w_uQOTe<z
z%;emO!?iU^KL55C7;AY-BIFQ4-UZxv*dOx#&?}jumWQ2JowQ2tusn$uFaATlhaE3~
zNktb*I^q#d;`9J;pEhb!U}=^!##J7hXwtXo8hX=mvyY}V6m6m@ej%QX!TA9<cGVj#
zOp}eT#mzF*YFAvKUOXjqK*?N@-nr=*&@sR?-Y7E&<)(<So@5_f;;UEjf(iJInlm<h
zP8gB!;Azg;12gc}tKyELcNR@Q!Iyf-;}=N&ZhEFat+-_BIZI@9W3TRz+$^Z$RrlS!
z1AA;YT|{ZS>h!vnB=Symi{&&XNL0;dFNYzt0>|Q~^dS8{XK^^bC*As?vi}I%FXOX6
z7wIH%k=!8zc9OIZj9Q=1+R^|W`nqh1Plld^Ppi>~m%&HF3RPe7<2qycv|Es(n)-|H
zXYW=0{P`ygGOQpkejk;Iw^bQQ^?xnC&Y`2uuE6FsOEIHHtVx74^XNTS^_ptTTK2`X
ziQ%pwqV8)(EEDa*Zo_-22^FEgEL0&|S&EIg6FUQNYU!9u^2PsP>XreL?Ydmzu^??R
z{>iNryLSq3tnpNE>U~6=D=Y%o<;xQFss?kVH2z$LB_T1KD@y}k46Gs}%_i9yA;Y<-
zbbm{i?nh4f{nCpVHR2f*7wqDW<5b<Z4qIzEoAHL=z@+=Uasz;Z>bGuje^bm2$;nor
zg88ceuTdVs1X=g!aSh-W#zmD!f$+UAaU6bVNV%wN!WLi-*dYUNQ}v{N>()FIZ>z^U
zI0o3KDM)@_7q;-)d<eOXHS(vGAvE=-*>NAaqT_IAMa?6ya9-eT>D2^hH#3Y99>RkJ
zHjE*fE^_IXdiL;UYz)Z>EX&bp>akf!c!vh{_*f8}8DHoV(gFF;<<IE5Lo|>bnvQk(
z1M(*rS3fp+R!4%ZsAGOc@1+5X72Aq!`l%H;Ukj*!`tk9ZxspxAem%XfhRTyi8+m5k
zU!+)v&!{-TA=s)}k<da}c`AAawL?h^@DxU^ug2TL?E^LuIO^*S7xOY>>sVz=9L+zb
zALsF8rr13f8GzKQx#WAEF2$={(W%5Q{Q7fNt5-Ftczs!!-5AryWcwshY(yV4%6dm1
z@}>eWJh{cVBPXG+zd9n66@6-0M0Y_E@kxnep<fuFGc5afRz@&Y9GU5A@@I^7j><5a
zj0^isojDd9<O-A7*-tX6`mtR(E>_>IVkabr50wtC41xB|o3{035~6y?qHVCbKcPdG
zLm%Q^5a80_lnLad!(Z7)&8URTN4zMctm%A$<g&v4KqO2Zd`l_m>x)@Si1#GlyfdGY
zwN<Ncyi-eyo6Z+!uW<}3Hy2}bQRC41bw$OsCf})Lo-V}gIW*S1MC?KRERZyprKAN<
z83GzYMgl%ulj|+B8QX!Z3W(|A=WP)Os`4`yt6yaJ3Zipgzjf;=&np>l){6(rCr2OE
z4rHC(y2T)$psJ=adY5Vy!LHeH-T9prtX=GFnvxwPY?>w$6z$q4RdgRjk`ehS`EX|z
zgwu?zgd;}CDVj(~sS}Bdl&`ZIv?X)+Xl+X0W&uW&!l5bIR^Nn(ON%eVd1wVJ<aO|v
z3gHH@)>M;e-`dBKM`wznT_wezpLq>`BU<uyPDUjZN3-77bGzmG>8|ACKOQL9E2nsW
z3Rcc#8)IS3XJWQtLkX;jB_QR>thjF~;40ztL9(LD^R%{twg^rQ<IY9M8~%dBT)e!%
zT?SYQs`AZ8+1mNw!H5q*4(r-RKYMyqp>p}g#${Oqc#5A`ts<&pF))(f;QQ0XWtn8q
zi<`&~aKU!{f_KQp9TtOlOTfvYw3TH{zR+VF96P-I^PMAaf}D!YelX(}-;^%$)~v3G
zkx8b&mlcL9IV+^lQ)>ZxSmO+Jv3~TC(*vj_dKtripL5RIG%o!~*yJ&|sN>ea*P{=~
z=cz4eRcHQ2QaopK7_b4G&uAZInx{ZrCxM<$X)sm>e)6dp(Yz>_>tQtrwzhIHN(NOi
zW_0oZf8`YcNw?ChfbcXRZ9Hat)A-;#loo#Dg;_#op7Kj~rp1yBdOA}F<`v2!SPH-^
zhw{ER;opamO5$Db&=n`3pRU{BFKfw0Pqv098=5tdTuvz8LnYSTYMIVIGpc&B`;?^9
z4SIuQ|7D9*(4Tnq)4cy%v!^V1tqqNSr$qHT*kYu2<K|SS1XH(wraq_LD6xGd;c7kg
zGIsP`RwhPaeT)wjouKkBm$S(Ma#jEdV5Zz<N6odV3?qWm*sj2_8b6kdbU?MWcf>|z
zB5&7yr%5vs7u)#8w*}FOUa*)Tg;`I8@en!`dNA(GOU6!RG@vP3W)=L7=}M)0F;BtL
zz;4&rl-nkLcS>-%guG^7of-L;v~yD41CGF0O9(S^ix}Ewpm^|ykayx4mIct<6OM3t
zlV6lqy|(TsN<ZkmMxQvvMJ7;@nj-sCOi~-#x?5wJ>-FlbGS^W$F7OV2S|UjJ{a1Fc
za6vP1AGBdZ=&GisbgdH3TN&0jPfl<q@OoiOiEu>`tsmMg&^<|~v2dwS90;yCx#r<}
zV5qP?JL8!M%~~o5#dA%2e6&ES`T?(bfI}V*D~@p&ic@+f>pV);!4jn?F7zA6+c+ib
z%%hH<F^8zW)!RUnlSmnxv1!RJXWgNXjkK>ww?4nO=fi%L!DVv?)5splCDc4cKEj<C
zFgt8wcbw-S>OWXYW24ke09!hizbar82a{T7#{EmAn)*$p@$HQ7%>{6HH0pdR<O+PB
ze4Qpj`I>vQy>zs7TLtEUeylP*=t${!hbe1}$h$&g)AKOix??jvlo#Si!6WzEerHq`
z4daIv_<cU_g4rw+y#M(n+i~-feXTBRxv)u`1JO#qbfxAA(ueLhh6$VxO=%Sf<=n_<
z1L0hVoW|bApuM}Gt{hn3E|UC0XXa*~a&Nt2UDj_K;{-sWmCi;4)49?EJ~{e6NsSl0
zcXo8@&{Rxe4colnjwfn?9EhvHgf6!mEvK`!bW(j%bO7vK$?C0MxvZKS^~UTZ4!L5p
zY@&goEN<aOk-Ij-+7|+4L_y@K1EM*-*-zf?YO3{bMh5gX@qh_9IQq4Vy0N~ISb^YC
zenG_@k(lkQt`fOu*`LCtGIH*xa)WEZI_hM{lH3k&^-I-vuksez+7I_4A{<!pou@#W
z_;dII2qqzSyP%z)Wv|xPn(-bVZ<-Fxl*LfdG}Lh+gzrX$be?giPzl;R-#~cCY7s+c
zv#0MyXIj+MvVgzl$OLvr#J9p;xud{qNMe&~nmmfvDWQm7Ydg?KMg*0dj)pq{PVDo5
z7zAJtTy-?rPFl(d|Bb?a_L9QRNBQ2{jIsU3a!FdLxVebG{>rR6)ya5N0zP27(3^%)
zRNd+#q1q&_H854E`bE(FP3`-0iPBCPJ7L?kOkKXT8z8ei0P$fhw#v}PzY6P^C6|6t
zTzH5ymm<~bfon7&i*j6++?{IG_@KJ=H5&RfLvo>tFdb58m3r7XeDWspns%Yp%UON;
z&iAsI82nJ_Z`>f6_bicP_Hkm00Tnh{r+oD-4+K2S5UoCVaYds1SIF#K9FWk+-xrGO
z?>uEAZvdD-wN}2#dACMLLptaAV2Uj}99W)uCIQdy{!gf@vhcP)nY`)aqdCCZgsXK5
zt){HY#n<(9WPdJU&wF<}aIav^TUUJu@TfOdh*!K@cpv1Q+f2E9**x0j7B~;8+;;L>
zrzuVPI%Q5~zH&6c-pEoH(Z<J}AzW6FP(Y7nG!CpAtK%e_WAEUUrnwU*@D6+m0^Mdo
zVZ?F7eV5R-Kib>R@u55)w0o~CEY=b(w11$aEyTYu;$5Sai|kV58vjvnF8PO-S7TG$
zl`VUSDJ{}!t{_*_mG-R3Kk9C6flxk8CR*1gb@)j|y&MT@gP%p1yQ#pPQSikkZSY0;
z!@HtbQkp(e_$Hdz0zbCDgK=c>vZL}DSEbvYJjlr}hm%+NwiknCMN~?b)F&xlG^1`h
zJ8o%bj_C~V*}h2cjQYfTETNC;ZdW$S(0FFc`(%r30M<}u756?&5*2<MNcfbn*FLV{
z3QI(uod$2lC9ltCnUBf(wP+p@T%{$Ei3AYT^M1b3MN^Nsx*p6c+eK2uW^)bAy{sT$
z9u?tEWo51)gH>d*pp*YDR%8xx6P<U{3U#2}H)barHFTzH+1Mv{jcdTB=ErUD%FVWX
z;G;hk+z(||5L2UBJcxd&2S*O!gL8^nkqk<in_#CCl+HpA;VbE(EHHf_V5F!kf(J~s
zpbn%))TkVdAW=Y?m;<%0K7sn44;CoHksN#Ljp^GoUR~<dT8#qeEqR%#i0GYY4RMhZ
zjl^5G;xd;Gt!>f;Fe;F%3kb|~lv}^NF&c=a2ANPTi1v$>>#bsufArg?6d^M5q;Xk_
zAnACu;&p0A5s`K%fQ`#=1c;)C5CT*Ll3@dytX}U~k_`<djqbyBJIRm7A(j}!(&+Ga
z_*7JI4%9s9nk`?=4bUzOt!Wjim<(s{AyJC^2&xy&&{+@_ctd3|r}HAOh8dC)JS$xh
zu?`oC4^MkIeGo#(MZ9xu;<_8?StP=3BK9B-!mH@YH&)|22-1hu=hxW@Apo-MHgXqG
zr>$UabzR5xd9l4!O~i(^2l+A1-hr%ch+r@R=LATs`-e_{`%DY_7!mt@ITA-%3X!TI
z6VWG;w*<@{jY$&JcOoYXJbY8Lp2o0dY(6oeh|B1W3N`zJ{us)x$MQ22RYi%iE)?cY
z?x4@8P;oDRZ4oANQ5?F;I|0?)m_7ve@VqM70y;I2=s4$uc>NcpDj7NmWP3qJCsfFs
zgz|dELT(JX^np1@gXWP~QdzzXt&6X>3M*`j_u@KtWx?v~u$agEza6w&{xXlysYWsT
zw8^L+gu5l0tijfi2f4)l&`eBa9WGlc`6r*?^-Df)Og^&?lERuuAb|CAcu}J_{Or3U
zOswydpoBA3fB=q?trobQ;=|vp4#j2rx*-Bv;b5SdU_EY=fC|+iIjXrD#0*K@7>Xa<
ztlcPO8GmU%$lz(<dF$~bxaP0E68G|CN_PVVW82{q^>BFn`w>c|&<;6r_isI>&Kk_0
z<yL=?jWGdouVE~CIUoW(DoW%?c$r89HU@74s>(aM&?bn!4HZgy5;<-|&gQ9*3|C|D
z$OjxO-?`{?gcVQY)Gh}iwREb&l002rqdUxTi_N|D6A!0-O@BKurT9>*1#@wTYKWN8
zoFDmjn>9Xhg6hqrbKz_(sG9oqZ{;Cr?AeKAJXh1|gZZ_r8c@2e%rxU@$5?C5E!UeV
zO@5<Q!f3z;#%3Sa&z?R?oDtJS4flP*F|`fhQPXNsu}gAS07a*0y`dmdGdRowOIT|B
zN{<qkgsZ5q)W%&Qp#*G_zH=tJQ`s6DntU2N4o7#^e}S#)1ZQnZC;DD@(;u26cTFJR
zxjXNqvxz`83?M9pGbax~WKm8{lp0M>VE_Wm1d^MolH~fM>nx5WhbU5G#!)QPS2Q!-
zsZFuFDM19-se8N$Fv@g!paS<EpmzUzjdD8yCUk}eLs1LA?!8n5TLe0frE+MNCL-^-
z>`aO?taTQUyZor0-h`QPrpb7IUQP<juR$ghc625U6uh-<{8aByXzQ-${Q1*RF5<b&
z#IVBRNORk5K2f|Kx0V8HrsxVy6Gxz~q(NRpdxa7aW2q_Q$tRNwGpSi6eZ6vz9-YF9
z0xkagsnzvORg;hW<qw@$mb95p@#~4wB+?im^{5e%+8b{8xN!>~C8slH192l%jAcCh
zlsIrwASLYXDJyF)OmZhQOy+hcay1w)vZ4u(!u^wdeA#k)KeIH=dkU79h-^VdKh2wf
z-md*fS!$b03r94j=0acTFbC3Fe;~@neN4x<aNYvNuzD#_c?^{=UE`d6>lM_E=%RWL
zhx0ZP?pJo1cA4Y@s=J9j$_qViqSPJ<{+*BYPnb6?rp|5*N9UD>I(H%9hxQiCcxtTP
zm!LHEC3g?Xr9;w9VI%kAiDtT>{nxB!-=2}GjTQUaTiUePL8{)jljp<SrfKHfL=-=z
zyPu>rN@`T9ST*mc8C5gUI!Ek>P8kaLNSU{q%gNs-)Ei^0GM*F~W)n8>&gF<PE;H}x
z0mLZ(2KRb?t{V6dh=_f#mRs5puIJQQs9QEj;wWV6w4>93=ow9U-fj#;UUmfybHs5z
z_GyA5%t4$qea!^8L=U^i3SGiGIuN`t<!{p}u2JZ4o62HM4Pr=)G%YqovMV(#6HH)%
zJZ<O*egfB{nV3i{J1CudL#o<veZmzMc%d&-F8!&?4C2x=sg!<x6m<RAMI2&=&O0Z8
zoH=EoRes{_9)`|PD{w?g&n0|{i|9ANe3ab0z-)=&B1WgN$$XCr<3MG(q9OSu%-CV|
zlt;jiuF$C)YYyc!7PD8lG1YEGo#k#gwrUPG?M(zuP0+D8ZraR^!#DgKF^wn+AUAd8
z!pSn@Eu}K16vfOB+u~(*$(W+5#CkL8!J#Wp?SRLU?9T|jQl~4#i>xyIOxW!s>l-;g
zGq~1-H%MzK7c13oL&??8*uPPYzh=*q&)g7+H=;Ti<hMkCY2kgUbr!KiChl$?hX<mH
zgM~5*B@i>m_MB-@PGKn4C@SIr5W3<?2J6IiIC5lJQ;mj+KC%cjiCrO0<ong44F)aw
zxfm-Z8rw-Ek4J_~YFKYRc{SvKFugP2(>1Ei#Yv!xG<!uRtWmqb?TK9pCvlaScnb^1
zenIpUMb<7BN^1{_?#zN#5y!AOP-=@K=|-JHW(p^CI+%Vb%a+7sxVeAqe{@eK83}xT
zH8|-o-o}L9$#<k&WBtzRnAE+PRrMjWKN|jC#X#h**KQ;)B44_AojgWrj6nbTyC2@S
zBN;)w%Ea<#t3n@^1X5gagK_Qic8=>1M9SFB^0YB+JCl%o3+)Sp2B=c9B;OKg!qmb~
zKdB^0{A1($rTQPk8MdfKfazTTUAC+mk7!l?fd_jqE2`2ho19;U{m+767imQ|JG#QO
zn@v~`=86ZE1_rf4qZ9p$(K2CVA~PQb@nYc`<gpB9+EftOJ`BctwSyl?1nw5!&4^;6
zORcAo@03z*%pA7IXO4Qbwdo(wCVD5ef~d|<nf}I31!9hK%!P{R03$<{(ki1)JZ^Gw
zLq~f7{K~6L+<C=?*@*s<W~rt_%F(W|OH7tyP;81q83%ruMp@G1J62KHWr*X<fFogY
zML%B+>2>XD!}oA~gzy(0z%If=u@7J*%W2VTYY1fP^i-U(n34%+GDFOH!6J325$A5K
zaoUN&844!nqJWhJ_68!Tg(>_-5Il8X41eQ{v0`+uH7T~*cAM@T8(kXgsM?z6!7cIh
z%P&36N{F8eiWq_uJY9ez*279~`YL^vW|ETQ$jHzUJ!A|2lP-ZC(xY4*XlP7d$fbok
z(r?aFehO(>aYKO<%oz7dv|TMjn}t;p{&&e*3`~R%l}VHiICDh(i;B<x>_6q7Dsbn&
zSg|5z&|vu{tL^77M^wZYCmCv1w_~`wD*wXsv}x0Gl)Q#NL+2?aIV9sU=$w&w;I5Z=
zsU60idV168w}(GUufZ5DmkRh|s`!Pc*`0F@dFD?($;DfNo#29JA4o#s!F5bG|1Loz
zLl-x{BXAu8vfOAC*ni=B{F*V+f|oDfsL!a|d^78o_||oXkv)B7s3g-?RA{R$&vi&&
zwo07wU1gW})arW|N5G~K4iwv$w{(A*%eH3ZYVKO%8ciZCK?S=gG~-l7FtI8ktf2MZ
zkd<;kt5kH@-ISJ_Kki5ea-Bc(L8+XRfJ$}EazuGAu)HsjZU0J3ARVMK_{z~g{KxV@
z8wqb|bI7r#&#8lczu=mNw|p4tkRK)kmBfFUh=KDw4X+tx!hQdDn&0niD|uAXrR>&L
zmL}z3gc+R&2#P39C>llByK7TDPYCvhi8)mlRd=(1*k#QGX`37~<=^4+@XOgNI6<LL
zFnpUDK;=|nE4JKt^C3L3b!jHN%oZdGVveG@OGDFZjb~dzyg$K4Ywk%38wTCVdIxdp
zTC&Ed5|1u^65RHOKJXxY@<qWegx1z@CU5%+jMU^fl3!eAdJEfYbMkZhDfxJVPEu^4
zQ!>J3$_VUbx}!PdZsn=F_yf#$Ww{KPF(s)6z>G=$pe?;c?v{btWPDXFW$pkfdswHT
z6|4KiiT|f(f2(&0TKENlszQi3;#fGtc2|3l&&|NkpH2yd@n(h;*kB=aDz?iya$`W^
zh%_ecdNl*r4c*C)O{2yoZJC{(EaV=U5t2Bq&%qb2PGId(>xvn(nNKYoexje{<zO*Q
z0P~>@Xffevw5o|+JObPgX*r#I&$)1Vg5YGhTnZQ3iakR71SM|=X&XaoT%*I@O3rSU
z)p9MT;_N^q?A9k^%5E#Rbmk>zMT^bVHglxe`$aqf3R0#7{~x%v@cc&W<x{$J4u*WO
z6t@llqXQvE%W36eYxl25f^x2~S9w`}z}8bys-$<<t!+sBK$jK5b{g(R>h9oaiL7$;
zh8V~E<FW62*>UyR9^Z;g^_&|<T@9@70TFi88m|Ja@G@}waT%eE#N9|+h<z*J{W^CD
zJqfrHiK%VBRH~V*u!&Zmk|yd6;atS$c{QbX5(|%yOGO^rzp@MaHolFUyvLmaEG=CY
zX1&-(I)>XLsQ;Y~_}L#64{0`r2O6M{c)<M|Qfxtbqu?xm5C23A+og^G9K)7}lb$8B
zn)sTewx@hL!J+lDx%Us?f=AXKuj|pV<~(2RyQ{CzHT`OJWd%tp?bd$V%ENPlVkh!Q
zbdKB#O<AY!L^DXz7$)*_FoPTgsBd+0)ydvvOpKWb)11s2c5g-I;>a$3J2MsAMnq-!
zq?*IT-CCl#wH*tam75UlA@B{Uxm=-MDkk33?E8Z6=~u0r!3OSJ6$g@`f$v<B$|One
zA1>#mVrw0d6@r#IvyVCY*=m8X5y-`tt1l#?=})y1n<b)5MKGN8)+4_k0iqi1U+b;H
zA`6ThcYRN9vTjPgLHWp2pA%onk4O*8Qae|lW@BE&xN)wA=f;dZ(E4?Io9jPZujBWM
zbNj_EJ_NS~4Xb+PrbJ9yoh<>EwUJ-BotfszWsoF{Z;-7DLfG~dW4;3eT1(bUcVU6T
zrCOh1V7r!j<WV}r4wc;^H~|_UKJbO?NueE)4H}`7K;-Q&_&*kIkIP6vw<8#s5&|Tc
zsscC!78n*7*oQCqKPGM<wO|PLkF_#Cwdr`Z@mU@)uvs2Zaxet1{y*oUB(l+C!N9=Y
zKMK-E`M)0xUNA66Gd~wEPbLd93tOxI&7F|I^<O0e1N*0N{oiUI-|+ZS^Z9r{`XLZV
z|7nG89|A!DAz_d@VZa0G{-3i`A7>$lpTI#X&)~ES{~Q0WM1p@k03!wog+kE%7diBU
zq4f+7+Ij{jq5JoS|7)dxCnSPq{)aFd_CXl=AgI286Vm_x65gIc#$gb&{~5%8Ah=$@
zK|LP`lz&Hn{<#R@@B*3*g}@;*H*;tCe>Ic@1PX&70|~r>qyJYZaBy({(Tfw<Pt51w
zU|<MP|IxAk(zdM^5D*T5qxVm5Ha*zRLx0>A2Km2x6Z{<<%*o8z&f3buliA(U`oE+2
zZ~nhJ+5h`E5CvU?LlElxga22jK!kq@0Ss&l76Qz})6db$gW1=~@qfdW(HY;9KEis2
z1_Q(Xw|ZYerV$X7692&ebqpi^+f7b*5MUNA&Yo7zp8rXQhWY3EKZD%$gJ=-}@p1Hj
E09e@xX#fBK

delta 48650
zcmaI71CXFGvo1U~cWfIw*fDpoW80qDv5j|Z+ctM>+uE^h+jqZv{!?}Sd#i3&CFvyH
zsZLd=I_cDNk_0y#0f!_n1rC7@0s;d9;zjf(ABQA?^q&@0ChkR;69hz<GtT5E7}!T#
zsWc!itt_Rer6eV$E~})aD5b8dF0NuEt!^x%X(6p+r><kHZD_7x>TIkgWvs1kq+{^g
zK+DNk#mPj|!9v%=RMFi`-OEb*x7qLCRu0y7HkJ-<4pzVIZR}hetlV7P%w2=rz5RWB
zy{!F`z5IgRLy}x0^St7UeeHC7t@Q(4&HVu{w|H+0KOes!Kd<-zr-We7#4w+<V5h7w
z=d=j#{3!R51fPI^6ciR58W<E786Ff68WI{278DT?5fBs?5FQ^Gl@<{d7Z#ln9UC1S
zmmCzA85Nfp8J`{-?3WN85Em7m78RHl9U2!Cn-CYA7#Ee28kG?noDm<9l9Cdh4CF^<
z*QRFWXXR#Q<`pLv)WsIHC6soi7uRN$)@4_;7N$n#XQtHVMC9h=7Um@s<YraoB~=t;
zRFq~n=114&$NnkKs4LHIFG*-GO>QgCC@Lz-FDff8D=I3jC@U_gEGw$0s3@qc&#i8)
zsIIN~Q&aq>x$sYGWo<)6eQR|~7f@GK`lsek)1TsoKUM9ug{}3Koh_C1|EQ_8p|zv6
zsjj`Xv7@6Sy{0#-cCfgir?jcRx}~SGYqG3!wxOf1wsWMjtEaoCySit(rvGn!??hKm
zPs_++>(oxy+)i(G=16mKZ)ZbKSI1aqU0+YvVt>u@K+VEPYfn$lz|hzbFw!?XGCnfc
zH$K`wGBVOPvCu!YGB!Ck{da0$c71&A@A%*K`LX`Fsgaeb{)O4`wb}mlzvJ`s^RtVq
zv&)<7D~qeEYa>ess~bD3yT@zCxBCnI+lv#2tK(-I6T543yPK=Wn{#_R8<+cw=LZ}2
zr)viX2YZJn2ghe8hkIwoz`@zs*}=u#<<0rw_0!Sq^Xc`&+1>Ni^T)%*{_W-2>*db%
z)%D};+2iBm&Ew0%%lpgY?d!|q=jUe?-2DIu2pgz`$WLXr)eCRLSh6J@Dpx^J=s<sP
zD`>fu^Hs})!r$KNw(Tc~y;(^KWY>wavYw=G`Dt-`xGd8ri<m~Lz>Rqb_*RjL1Ygkr
zuBmyA7Ew%rZ&eAY40Ssy7FY7wG8w24zMUZ_@xFgRJ^u)1UdN`o^Hl}Kq{q?>ys}}c
zP1yobjn;=+_t)FkXU=QzXm|Jt-s9*pl~GQlH_QK%d0vtkY5^Q~*4Gamy<XmIo{C2I
zuQ>E(U%&I;+^(DqT{%yE9q7a?HJw=8?Hb<#{Jc1NUY{}hy>cH@>*mP(%v=|j9r*DP
z37b;Dj?4E*ssuTxuSnzfM?|f)t&ednx^A@}-5m<NUm;tMCv#(iqZ!d#_7Hgj-6v0z
zTOTj$FIDUC?ZDy7sBQ1Gtj{jb=WTJ!A-}HYdH>YlQ%U(!=fTjGZtW*nb{TJT!^d)r
ztj{@_?S~zt_o&nD(^s!8FBITfaF3TT8a8Owb)!c01qyv75Xpa2vUN8v;Iki1w#DYI
z;MrdzL-^9d_EI%{&i}Ss?s1bNG8FNm1su*OZMnd_10yj+-B4ZEPaN<2a@`M0l(yX0
zol-UJUC#4QmK?YoUvm$uU!OzwZ<JIl0xU0Ku7v#0M2&y_esFTS&)dp&0edA|*Ee{Z
z_w9R20!2P=&^}JL(5HQ3-HyGTkG0@*Ul$uoUOTH-FZD#3@6-K6Zg*$jWxH@X-r$G&
zLTs0+0q@~Pc%G#hv)1drefX{SiUa`}2JK9*?Gb?+b8=PWt@SROk9|arFMsztvCmIu
zDm3_<w2l+j<^nv)oVJtU%2U@(pThh8D^I@HiSeywm%YK9=Le1rw~7ZkTfTQ;+iYGJ
z;m6{y*Dem9_u#KWqSnugknW>_7+KxVPmZrG0P=p6=>7N2YL4gD8E|^d1~~8SPuF;k
zf9V?&pB26uJ?XIW7rxK!4_Z<I4>A#Ev(psF1t~T@cSd`*e4ldyQ5@NC1*0jSuTs-|
zF8lQf(*itcUYAAFK-^`=^=|#Nz|(DgLdkcZ&vnOX0oIo>)`ZcNDLx)9*Uv$-?$==e
zYr6Bg=q>?v4fuSi;pcEad_Q93y?e*%mUh)i<$XFI*URMnSkimB4U&_~Ht2AP)^%rj
z*(=HEdY&-*&dc#K$BIRH-=mh}^BQE9li_uFm(%{aa@6&HKmWx`wh#e)G~xzy-41?$
zKG7CG0s9qLjM{Dr-upZ7dOr3Jm$iV|v`!{A;5HBK<9+KYw)xeyfHl=wc`yy{)4m1L
z4Qvd$lIMJIlkW{bWF$U)y+&*~?Cmddm;#jc!+rVutz@3UhjNr?6bXu-#2=;y!@4bQ
zm+Sk3&{#^YUX<RSi_PzIOJq3RUe_N>I$k$D1l_kDcjr$Z_XO}c;xdG9(E!@k!)*zb
ztxV_6h@5Xm;{BFaZ?(>Q)xZ&Q*UgIX_jBCtM`!UNs!qB0#~5i{N<F^2vPIFW_bbSw
z?9`5yyCCH5XL5{{y=kB7H3}nsE1$pIte@9JYYi()G{v`5SHk_?ET0bv_B&wS9}!)8
zJ|`7eMpLz;oDss2!_RuxGQdb`<gU!Vl{U*}`=4Cs-jlPTP3L=f@YkW5X8$q&I<#wR
zw7cm%2{3ow!;CqhzEtDwlHGXbt`Eu%yQn*vr4rrdw%9(cCGGl8#NoFsMLoT?$Mn-P
z-I}krzkPl@)o+_cKuRZL?<IBa)z3&*;^Qz0vGWr9$Epy(ey1I)8@M~teQLWBuw!x?
zk9q&|X&vy{oPA@%e=EG*e%W%eX4_>$;`n^n-hDQ}1`R_+3S*Z!&5XpPHROR?JL+~C
z-QT|D>3zCZ4ZXBszp>N1$hOo}4GT5&qzhitTJ6x!gQS<!`nXLXX2S@0KK3}zMxlBn
z>=V67VBLqs5+mUl0Ozs~H&j#6Iq%B}POr-eM4qQcW;q_=KG_5UgR0Ai!`WV^5|1|!
zIx`FPdsNHs`@`AT0;7k(bwakC%fum-VMmUahu(W<@+jxi`qG{g<D;)-Lf&L+T-V8Y
zd#}|V#vR35z_|B>ZG`0xo$eK!V>e++WFGh9T*hdl$e<<&AUGdiUW`lJ8g}x08;+$l
zVGC_2aVT);S|1l)9aBQ}wWlk*6)E*A^}O;V9Tem*)}}e-F`T?}zi;$g`TV)vheHTn
ziup6Lw%Ml;e+zcAQfrIYHO;x<)^N+;Qx~R>cl{JbU6WH8WWBDu<&~oPY0Runu{Wo#
zd+u4T^9G-3AO;yx%s5c2100$k!^R0O#3;wdxu)~qp$&7<YsEwwP9Y0;q-?`iT;?(z
zms*8L)%GBmDC%t4|NX;<lo6+0-&0BjZ-imD5u#2~wV!g>DzL7pwN_f7VutaD{Lwer
z9KFtSc@z;cf58kjT;@Y|(>-WP6+3>$h@+d+DOznc;4gBPuI`+2sw(VXeaua$Z#2f1
z#O>Sbimfr{Y0EJ(zuq~J$?>k-nFXm`>ih2>ADecLMRY^*e|-|(Bs>pcKf&3%8__lI
z^%^!Bbk@JQwOXv)gX(9<nr=>DA>v_9c;1cZRCA?BHwI4%EayvaF>bAu&aRZrH`019
zz3@wA0^3u`4WmwVC0O*+F8O^@_U>fp*wL)eNGAgTDx7#f>Ra51oix-pWJ!{qH-zMk
zu&UdtS?LCZqRQ>4l|OhQ1TYCJFS`LJq=rV=-mo~qwWycNy@7QO1^u4a_?bwS(&h#4
zGNHrSeAPGn1A$-(uzu&7l~47b%zgDpWZa0h09hjA;&eVC_JlV|HO_5R+`8Ct4CcL2
zjIyrF8u*?wJOhckHbfCvHGK#L1S*7k1<+t@L8<ed{vgy(-+Vs%HqQ<BKH{Y&tbhvj
z#)Z7yEH-P44M3QMPR?X)mdjjX(hZgP1)v%c)L19y<$;RIoQWun%#LNH9YiV~o6XYz
z!fYx8LWo3~lIY0Ria%$r<X7fSc6FPFA;3)o981>DUabNM3eKFMKa7W$`CUp`bxQmL
z*z)@V*oO%0{Rp*AuA!D~HSIOt8#HXwv-ll02<xmX6oyprI4o3_s#h2y@$d8}3vL(0
z4VFZ!AIlw{$ND<h*N${<z*w0#1=ae2-Ft;Oii301BaULu5HHhL<Cwa2x0&IBSU8rc
zl8!Be0-qnaqOtZr;t6P55DGK%r#qh=zT0FzE-%w>a<pf!Tx4MWt8wi~f03MO_|J+l
z9`u5&MJ_6CnC{8;Uwkv5&s7SANkPloc0+<)@$GTr+vkB8hmL<MKue>>B7*?7c5QpV
zOS?833HLWz0~b3BP4H|Wi486pi1%8`9rB8-@I^+=AQ$3LwOyiuijJ6SNvB{fP=z4U
zxZ}%$#AQdtd&Ymv<g?$bkCsm4IkrHcJ+l+7{z?yE0yM4!PV&{iLHIIM8py@9dQS0Z
z_L}Z{!;>4YG?i#9(-{MU>r4UA)N=au;=`YF(k;#1czyJxwbgoNd>Lax&6~y*$gR-_
zi)Z&B8D~g5j7{3J`5M4T)tXcNRP>B6k^uEu;y3%=k<=I>1GyfSY3ljUD^@8|@KP%~
z5(0w{BjVa|ds2cBJJC*j((^qan+AXQR|^Sh0pC?ZDtIQUXBYaTq!B;_EaD3x(ikB#
zH7_$6P?8HAqWJpn$HJTR{Q_e|#vU+X-NGAFX~Ul3+Aaxv2WdY<fmXm<rR}<zpLfAs
zjV_7F_;b93SAFZdXZSk9^HI3hBqU#YXo)e-R4#^VT^_&Oa^C!B-k!H4nxNy+X4uyA
zMSHlHuVv1PV^wBrfDqt|etR$-?~UF<yjEs{;+(U5ITeqz21|z!x;n5TJTwZ3^Mano
zB7b3IM^It4VNRg#%rC{>N77Kw6ZdA#lC;FT8qXEmG9jNQ_WmMk1N9LM7~Mbg?Dfe1
ztWVFDrGMIqw<*=26=qYHkEct@ud{3RPi|L|QB`*yBpwpw_6BD92#5XPG54@}loj^s
zo+TDElnAI+R_5SMT?XlKpg7AH+34tT(n8)&z{b8~Oo+ZaKBXkTK^@#>zR<;JYUC0p
zjyux^(ev)%B$qYG3KOIcQXmQz39;=is%DiB$=6rjQlzpAb;+81`Yvo&fJvzJZVfGd
z{+aopP^I8oMgoGh-R#_d@z{|s2Y2AvrHaVmAO-ivBIn}I)P3}W?vd1VtQ`uU9rqG=
z_+U#G(pe$IjU@budn99rkdvWZkMRw7hH1v1<Bw*D%wms&KqX}uhTs@O0-g)?3d9Ea
z9Xt}YG>Km&wpsEutzfP-1EqjX0aAicExRMDwhm|sN`N?1I20vw{dMY~KrMQ5x8jLo
z+0t{e?rx^?xMyNVlCd<MDMi$RG9~D+7Blz^Bpr9+KpKYoYKCO_mr7x}Y`KcYFAbQ<
z_t|_?>oO!|x-7wP76X}>iPQIAM?^#DRD13ted#r)_RI?>q8*Lvw)Du0?AEEuY;X=F
z%t-MM{($N63Y$u|&g|WT7`o%n0_sn0naQ(fh(EUY{BBHo3X&X%<siomCQvkkWK_sj
zg$;>YH{QWogC*K_<n-)q4odiE&I93FX;WSGk5tT~#~T;i_bR7`e{Xps%8R39w4IM@
z#0DLw9kdwQMFG+^*SMoMwzI^g^H+X{;V7Z4N8n<0ram2~@q+zhsA@#ufUIH8X$@hh
ziMLtjPCI9M?o-4pX4;8clmqu1W$ozh(Qwk$v+)@!d&gI{*Nzh%3^}CVpy%}if6gE)
z-NmW5>gR|kX+4C!ATPFlu`g7gE^Fa#r2J2880%yRCt{dBdnU|wbt3q~HxvSl;6BN*
zDIl58?%i0M#Y1XiL)(>34W4PW=r_hq?QeQ}v#nDi9<*pwOli3%_XojifnQz{P);MK
zT8TF0F*Eb<eP$=$3<z*ScdowGOa6dF;E}ebQzR+osTh2Qc}nrjZEPw%QcV&LGX@2b
zR_UB@VD|&np&eq-$FVHW7hD#Ah}wI?KL`5!<G^rb{e{am^6g^{b#pV!b)+a4W~k+J
z5$a$~P$?rJor}GuO@$6Q%q$pTi!UUZ7=Q4lIk5M9Sgv`4#D{z{g%b*ALWpH?C~$%@
z{x+1?ACY?6Jh<@oDmbcX8PZ-6aZ(7^{{!SVmM;Rt+4e}--yQmqUM2t!gcbtMtpLdQ
zp-7ov+eqon+Dmy<%(wQ(q9Z8QqZ*B%)Z$-MvC2VO-2suiNFbA5$<iW=uo|_;XH__)
zIY-nu!o5}{AvzDDL4!vbnMhXm=zoj&z%bn~&K!6)?|I!M-q(-K>3@QB6K`=()J?K`
zqp}=qGHPcMb08k}47Q!^2WK=65&+cIslh2bp^f~`3e7FbVP!yX?1*c6)3D%S`@WN>
zPjbfwYR0`th2HBsVZc1?RAnYvHdIsxH7ho)^|^#h&GZp9cwiEIURwvjRpRjk7ekAa
zStB=p`1C$)oGykRtl3OfAhvv19R9$p%jo}UkViTP7fwN(2$r=b(R!uvy9tOCkq$Pd
zYr1i?vhviBQu@J`WpM%KbTJk7cUIcJ-2K9eA66Oi5ofH59$&)J_kLkEIJ`c>&Dji5
zfv|YY%8(hn?OhDHSk?=FLh5(#9C@9n0l#*_@8_gl-B1^EsUL=SzxtOq{Y7Eu!jr2m
zFo};Zg%VX7wVk0=CI)j@wmtw(^~!z0wGJ#S|Be&ldK)XXZx`VeDt|N0OIsE5Jj#B$
zTq%dCR&t?TuiKLgl&G$kd+;|s4!41r$b^WW>5V`vQzv={t^mK(HFdbc3&4U|&i{t?
zkkFoCc)iE81V}+{ss*w#py*f)wBvqJ8W4n4qQ29TefBJ~hB16*8wvx^e2&EQGYv+O
ztt1}gHf2jmPzWq%tirTUMKN;6!itZVQ3z=_?{21_iPFsBR$04n^IhUlbBu%;2;V>c
zK#!zXXRwcHotdCvu$7}~D1V7i+nT9zqheAxBJkSQk<4*PJPrggAt4>4&uqNRr?WsV
zfrj+D@k^T1XBF=Kx*Z3YM|&zVuy>o!WEriGaWM>DAb34OkQ{d|U=Q-Nwtup0+l5V&
z@x%L}zI1YqeQSbvBowW`-h~0QQAnJNrAIC8;oDo}oucKP)0SH~F6TKBvw|1Roobaj
zc?>d45z|T)E32#%B#WB%mB$yA8?BTNc^Q(GJVPap`LZ)K$qWG(S7c#51H<fWP2s5n
zuCA+QBeL}!UuFUfb%?jfC+d)Sn_U(;%C{)!xuQNd4PGDoG&_6pH<+~6*L?oLUjb!a
znSHCRo76=X4VKt&H?%+c>u+*?HLH>P*q<LUY)WX`81%tJ_@E)AVMMzJN`$Sf@;3A*
z+fkjWI<>ZQInM%@1`gj&isM3<Zg=bklaYf`#npDO6VfWkx<s?W1;+61ldhh(7r`r_
z(N4gzvEfG{V<Eyjb8UVLD)oSgJAp#hR5fpy7Gg#}Nv>IP2e<YT*!nQF#wuW9V*PM-
zHsD$A-&aCw?>Xwr<~QR>#Tx}fI)aRdxzVJp&L{>AkKP41CEN2c^qa)5HmD6-5?Mhc
zDG*^Q(OgKS;#!K%d+6my!$jC1U1iD7DK?ndE5h%HMO$E3wbizFc{!Fnqqu8mG0pPj
zG8-_7c7lbGj6;N@sW?L^gsV|mBFKr5PdMc`p!{IKa!2flof;_?g|_*2vXT4E?Z{D&
zBz|%ps-**MFk(XV@n!x)lhlrJtTzGog<7JimceuMVO$M|Te74I%#CJtl-mVGC>|oI
zj)CnDNvN)S)N}FYH%F2f;en{nr19RVnsyj4u50u5Dr-M^f`W}IR9tIUPrv)AHb%`u
zqPax5Xm(<?H!0O<KFl~*sG1yPlVLPpnk+PJoZtY-XQ)e8s@7KRE>n+jF~=axROvwp
zIo)Im;^e$>rj@lnIz=l34K0Dp!C`EdMVDODW94a9bnjRdzj%0zK!hVz6$O&T+mQNn
zD6wX(a+kMuSr9GvXVg?Fs^oyENu408(v6(XikjjwUHB96Sm>t<*v_P2P4|j|v|35c
z>H(lX-XRX|i47%XFe7+DoXgT91Z?d`U|X@U`jFJ`EJi<bp?Ysu`^e+v#)e1~2YJ-I
zqR9ktws!B|N!yR+zB7g!kZk>M3MZFFC^*~=J7X2OYkc1vk+!)_Q1=Dp#s<ayC6igT
z=tz*ne(p-t>qS^(3VHVXu^O6cg7O8Y@(2P@!bpLwW?i$<0|w&LM3eU74P*Gn{##;m
z)GSAq@V`8@Q}=1}(c9iP+oVMaqXy-LYL<pbeRG3e9G|>UCGeU^neZG=ITzL=83+<Q
z&6nvA#O@yBYGJg9=U9Y_XPNPp2NwrBC)h<>7A8VukLf7tf0M0BFbSQ#<ZDdv47CGt
zm4b!42$~``{p@t*Cq288jl_mcVnQSoteJi_=tB$ybxKAJC~giQWWAY733IjRTJH~B
zeGicrUTZ-o+U!5E+%B?0&dJ+E<<z#k4N=!yUg70+ly3MI2Ii2DnF>yEmODG<qqS$V
zhKKA96$^7FYO!@+q}wp{-XEk(@_2ygm5Vf!5(@<{OESgU#d(i$=Ci{`^9H0un*s%=
zYnvsnkz!5yhD@QxokgPEu6dTHK5m=N%}U1<x{PCkwu+y4>i6|S!l?L{CeEo_$=U11
zIg@P{c6ya(f3qAqH4<cSsjDS+=(AlQ8S{f|SbLBLzl6DGW%m}`QjiCJkNN=B2Gsbd
zq@S|SltHV^hXPLGoC78Z17zvgQ1}W~#3CDZ<eXBe0YO?y(LH3dq&~5_;(1nSNNfXx
z=xe)Bq(<G6P$c#JlHiFl+=_Ze(tOUt@L?E;j4ajSHotB?<)Fs?&aq+|*#1O$VJY&X
zLYeAee#}}f{{82|e4zVa;+H$1Fivm!?e{!L4+KvUSUz2ZzJih*ctP&TE>x@hP@g0*
zF?(Dv4wvB$jROW|xjSP@K_-ko963Akb@m8_OY6dNM{T>sOOKw?>W6T3d@Tzd^mVza
z<ne|im_-_ot=zuz%+fb=0;}ftWB~#9+3>UGwR82gEJ7Ypvz$xE!BZNbd&;%>z3DmE
ztog-5Ds$2_MJEsteQ0VijwIM>)Kb2|Yk;oay1}Eo*^r&??M&}Zzx^;Bet<m~U32g>
zPt94UBTS2Xjp1zP+i+&HZ|N5#RiE&puXMd-#J!zb8=QX@w7K4!<n(0KB^rlW4HX7=
zC!jY>4b(B9ohm}5Glm1`x_?n~rX$hwUYgS<X?kJMXtoc9G&QJVXjW_aBZ>a{SZkuI
zI!#|-CV>BLKGFzF5HMaEq#e3GcGLW2R^q2UE|wm3atuR@Ifm8lRMkc>7dI!Cl|ZxK
z)@8)u=rmr-TVcM#*TaWGsdLh~!#j0jM13xlt*KB0w)1GP6krN)mmRlN;CL_0%(-@b
z{OTyI_NK1sg*e_Wz!mN4`2=P7V13RWYg}-$5MF^0gOwIy@a~yRxtyjnPy~2WK&7_3
zpplcmZNMqkh4`jR9E0pXw1P^B_(D1U6u+Znw6O|!8LPL?2{x@d;@0AVKm7NC6><40
zg>|%pZKO3tDi8uN4q$3$gW>MjeUGvF;CK~B&nCgN%bYkQO)M7zU7S5Tm8Z0p|K>t!
zwR44DFS0kp9LVcVs$gE=r-L`vH`1y5^2(16BG196^@W9qIGt0+sxA)+ZH~7xCx%RX
zTg*rc2?$S&9j=pKG%PS3=`#ySUGpl*bITlsii8YieINr8e}ek$Q|5V0F{9M?45}G&
zrNa(8^B+12O1(2i6Y>ssOxTf8XvBnQjCT13_=IS=ow&Bgc_(W4LcV8kIgDr@5~22q
zjUl7v|KVU}D%?WBE8Uta^3W^G{Z4X>Jx+z?_@D#l0B_n`NzOrML9^xYWuVT+fVV<n
zX-ppyk`4_hG}#c<?;M&lsA=ea_od(|aTwZw9~GOMp@|*VJw!3UcEio&;DB+<EguwZ
z!5a&?Tv2UQ`SbiMH}`-+UY9>gQ5mrVywJh6;o)py60H?thUKZZ;H8f&T(&gcl04~Q
zK#`=m{hTu9)SbYlP$`9Y@v=g+##y(M#%d@e7;zoo(DB6&x3G3>w@u;puGcPF521&6
z4TGMDUiv9BR-h7S(V|S8D26&Ok(n%ofwo#_K2Or3-->^_xDHc1)n{QjkG&Q=ZeZJ}
zfYp=SSi>>y3Ff>(Svi2zh;^tUu#L3T3L;xg@N6LFp{y?WEoP3QS1@>=83y0MH9B%T
z0s<GX#F@GAH83EoA7-XMv`3^rq1f-OCMA^P=2?jt!NPOcJsMDz=#J#8$I!Q2>KmXO
zXf6_%az#~|^@j7%Na<|u@2vDTn9}Fn5FyxaDXq6$3=&AX*CfsL+c{u9@tmN;c5_yK
zl=timlC(()SK=m?$NZkNNhk>~$CMtyN4NvjVeue6-DpkS|EM!H4=UQnQ(T3cu_LX*
z^-Tm3H$@xDSJeP91NqBsSzN#X$^fefW5Lu4MqkOs=38g#ISD3MWGz^pf1C~lx3QqD
z7|;Vk({@g8tzNOZ8*JhC1jc4>IR7K1XY2&Lf@>_wRB^s(SYe%+=+JwT4>M(uPI3i+
z-e|6QzF$P9kOm=Pc6ga!fodk4t%IT%Rh>h|OTVF8aF*e??BGYN46tRzaQ0Lg2I&>*
zo2pq)m`|WABG2-JMJz6-iMOq98T=tWyTS7^#`0(JC#vtnsr|+N&C_vOqz89GKG|Te
z%7)-mD}ya}^E%;j=!HE0+S!|IbIdS64;I?R&DSTCvD%O96HE5DDWVhi<b?qf;>g8Z
z%&~$FFC+Ca-DcTQEPKmQB1fJY{$y?NlLkwzQi14=aBzr$NbQ^3na|P{&+-lqgiqME
z?6kGf`O^u9VT!2kiw>c;XiBH-wClR67apTgIVz5Pne>nX|Br}f0;UiIRs}f#QPy~X
zL5=>DfB)pWG_6A~o%JLrhZ8gVA!ddA?;!dae;MUh<kmv?f*!JOkc73dMfQapIx4H4
zpVDY9<pi`nd?gnlO<Onz-gvWA0qroeL<IBDv!}JstXstbE=&Cl3>$)u<r@==kz{A-
z^5!N8kVLOgKhc|L_u`<=F+_%dW^o35&mapc=>v-PkN2t7DNX*~z6h9^9~1A)Ak-P{
zb}F50eu`NtL(RA*i3JT6-|<_`7|hF8b^7&@QXLRoihH6VVCS9~CTE4x<p^r;XgK2*
zvhdCg{*$yPv#u)3LfrTpZK}LME{2$tI;_l1YyyvW<^%!el0NoRhK&Y*Ouvm#ZWKLB
zSDm-1tsGA?uBfk~8z7&Et@dthik?@#eN`#U8%aH&JRdW}jf9rR4ky;4<T6%-KFRB%
z@UhLT*>TtBPB&$nL?ChFzX{ahH_pThX%uF>$$t(KY(S$&L)atJ&e7-S@j+?Rp^UN=
z4mQ%+3?TbRnm=?Fb07iYt(Tvsaco6yS$car(y4A`M(Dq29Ts3J!ifpRPPBLff<_&=
zUH;wU%y5UAp#7urgY~hDG2<i<5{lAQoULbrgPfDSRQ+(A+v6(87g1aNi`>&OxP|K+
z6=v#l3(Or>+%S{)kHSg)pff83Th`i1SFE(gZP$?v__O*|glT{x$@2UpWf_?xaonDP
zs>gO*VnBWLfiXmxhgT}{z}3l20zWHyIe_Qe;MnxZRCbF<$h6n2i5N{^6yG*G?^-2W
zjI&+Yp~nX8U@^Nny3T$ZQXR)7xJzSX#R6m9)kS94QjwO5O`wS_oKb;0zhfl{UQ6{u
z_<H@J7h|hd76p*XHEYj(bZ)4P2}q{v1h30Vx#hE|?f#mm7{h<9?1m8DF~X2!P%~{^
zW&aluN93^q?2&^^Ryfi42l4$3an?3zxt)s;hX_y|m&Q2GDV`k_V(oK`<#Ff9Qy1!3
zI+wQv0%i#2a=YzDFhW85v~mHK7FBV^G)2<-BfADyT)>$`x>*R6Dqlp7iO8>arO?d%
zm=>kF`JTkqe0ag*Dz8qiWEb>z6<RYWo4E>Rl5m@8ss2Z99{6wF==Ov8SVk(E_5v%=
z9gFDqz4@PE%~+SG=3oQ?&EUGKLu#GNj1%RGoANq^&cC2ozKLO>$#Z}ZQ~6c-UZ5R_
zKq-c01p>-F{b(Kw&fgQ%+*fenzVtDIIuQ@)SllFx-zBWZVIZq?;BtRGqYqiP9q*hw
z^eB#L(pQ{AfY+DUtzB(L$q<PNk2n1I8KNeAESa=AY&epK)ys>lihnj0T))y<>C%6H
ztz8sgvvo1t6q#v~oty{5Ngf$vk_?|rvqy4B!v?Ikk6t6q%cN}ui3A~2(}mnm3b6{s
zxlUnc=(ozc6C!hlgeW;DWw^gA1k+ziw77%OgC)K24aBfbxZ>HB_{W{$RW-_Bap^{s
zgTOR($R4|-vd_G@FZe@NT9?tWs~~&L4<d562bL2wc1hhbbZ=O;e?BL!<>A5?#yswO
zw*!s1o1K<>KEoy5)mPEDGx=(c*4)L_($Ik#Eej2caE@<`(S}PnH{Wz74As>TVpStE
z<40J%f6NFT=DxOA;E#~AWLycH8)M0>$1gd%X{souY27yz`|cmE5i2X(4b8-l7J@lh
zVRK8bZO6u|do01qcbplYGK`-D&>L=W8Ue9lNZ88#f1~c(LlI~(`3d}v3Rvjr3&2#3
z%+fE4$MII#W#0s)VIA!yz#-Bt(;wVOY!g9ys8k9quJi7vQSN3j`gIqmcNaj;t(5(e
z!F3S#;a}R}4>=3WEjByGXJVV`Dom@YM8zK*y}fIF+b}u{S6ms)UCqrG(rT)E-~c8O
zrc^S6<}{IQTSKyS&<Z-C9IBX^L-D90I<a){n3^LO9MmW};jqw90b&wV3lebmiE<VM
z|5%B31x|#4P+W*}Qsp$`V8CW1PIBn?6b56LdNA!wO-DGVw#yy?x9MA@=PQe-lWd&P
zUdOaAoegXX!;PK>F0v9>i*G2Y4j_6JLwa5EqJ~O}(84Zld_t&@BS@)NpF`V(E)aKG
zdBRTH5>#YUq&=~wx}aI3#{Tw{jOsA4>QSYymF{g@FMmcM^}9aC3ck9XV#x{K4c>|a
z|D4l_9?48RSwyq)x+dCKx-Al{pETHv{8DY`ZemcAIj|i!gQKHy&+@d*ANc!&vj7)L
z{CK4>IPqY(3|(2>qcrab?fTIbhbz<;czQt2nWDL7D8oNMgtU1i+2j+y<*I9v;gJ?B
z4r7VK<YC~aGQ26UgU44O@3W`yjk(=rc2eDIGv{62IQ1|E?**%EPQGwf_Mc%HkD-cd
zG^Uc@Y>;gAyy(zr5`I(f0_L~8VodriE|-~|DwReR(5<psre|ZNp|Uc{)l^N-=4CwF
zTyaCR)*v4Zt$0+h?I!x)K;#;dd!ZO8SJvZTx|4HLROEJ;p;2w^kX-*%wlhi98<R+C
z3m<T`^B&uY6qgk!uR|#sVVp9j*>eKFZwk<P>(}ZfYK(7=&ftGJ0V!~9%Bb&=8d>Ov
z0SqKH2ltwVwmOQPwz4nLKREpyhCTh)Y9ZR^xG5sJ6-qK7N#b(NRE&6_Xjf(B2&yhy
zg6##R$XUnIibQ6lu~+@mr7I~}j$=2=e+%;XOq=fTK_@hS-%L_Tu2GJ$qaPQJG|9nA
zZ~3ttRgeo=Ju>!<1~5Kci>qy=Z*^mEaayZ3Xob7j7xiGo7|iwk3HHP$sDX>l66Qsz
zfF##r{Lqz9UYD#W@Tby5F-(f2oB_qQ>Qcn6kud0X1T&ewkO|uMEDlQj$hY<KZxPvm
z5^Ze&L-x1O`J?MZ;h8Q07%uz^iG_3&Jt$shMm^^<mEup82H?1vIZRK=VCt45J)Pwj
z%cv>!++gYrCOj8rs50cGA8f7HO*#zkbu0`P(!6;;bvx*tG3O$As5bM2a70m2coFX(
zN2tDn{#RYAo94#l2M4lOi&N3*D$fUhH7e7l%l1HvpY--_YHR$1m74|S5tf&WI?9_5
z_?WiNqG;3FY``CLHwGkK4J{NsMPqr|UR|U?q{c0_OXMAx{#gqwrDZrYO_m@M`FWa3
z6ZBYd+ug>C@NfegWes;_l{t8vtiIKA>x>lI0|jzxV#^j08zXv4&dG9ENqW3kbIhNC
zQUkDmzG=O!Eu3rK`u(b_FT$KCGQ<=NW%@B|Vee!sQ4jdeZh)0G99P<KpG=BXowq?v
zR#w+G<VoEQxV6@plJ8>cR>>|^@_}6^E%cS1XJWvw$>cw$new)$qxe~;;ujuM!(0<@
ze=|szk0~u@&rElu;YIw;z=i*->85M|hHQs9lOyM9RIIl^!zJ*Zgb9PS3(>VpNxVJs
zN{TM3K?``6PJs;~hWDOb2SgFIO30KTyf&4*T#TyE#9T5*B#6TyAzAoLR`E=TtMyBs
zAME7Fxe1BU%eyYR8gxoAGokA0U~SvYxJBnDtt(Tr(4et026GiEtF17W7(Dke=t^Pe
zFzXfx=4tdJ@dGCw0=*|(tk?d+v6mAYrW}(TlmJfk!q?I@#EvFEZ~lS^c=Dd7ID&%J
zZu}_PBPsMx=zykf{n3JzN*o6{HucLI{CEaLP~bD6%!p<Wfhks3@^`wQuk#N_WhIBi
zm`HR@O~!-tRt|Kw3w_wc9`GT*0$ODfW~W@VRK7x+V6Z`lU&tcQgCJs~KUs>RLuvCs
zQ?7s+rhmVV=F6q#$hq1j25Teq?B|(j70bTg4mqVB<HPjV=CjJfDuN_y!7xO6m&%~a
zAu;Fmlh3`X(1MF@xywls<+hv=T8mXhM#{N0<}0JhF)$nHS~Y`-`N%OFH5d`)SQ8@U
z*tFCftMiF-16@(CqDS<%8%_8GQTtIsL1ci%94!&{qnGbH4PG#W(ZBd2#-;mID7A?Y
zM9lfiv?2DWDO4u<&7*3~@8g;15&J4&8UcLge_zR}BjqV@x`^d$pi3PDi^!RbNzRGs
z>=kZ59%BPtmyM>kt}akcMvj*}x`<4qp!<6T|E}UaT-Yd6L^5*->16k^Uvfv5)m{Ls
zU(}S*iF97%VUxRfv_>~jzdJ8Rs+u(YgUVY|RmwB8kOJw^gheH>Kqj>ZR0<G43n#$B
zscrGXoY5>yC)=NXo7Y3fS>TShOa83dJMWyKpP?&@F7D-}$4(qx{K-*z`f?k8Krufa
z3xZ}CyNHT_u#``0Ru{_B7Aax)D)$Z)=0?5!+4S7D&cLJp8C}OIO`UEJqPCbIN>Q7v
zSPC-H_x=-`*P*b^%Nx?SKiKB@N@A<Q#Z6@)1ew<S&)wY#x+K=sx@3b|3ejYhrX*L&
zl&Q>vhgPkvhMFSfOxwn}A4Msb_g<_JvtRO-A5)HUt*V6Sc2;n?pBG2$V`K$jhY)GK
z#ip~>m+d)LuP$G0-MWB}L}xi}vvzAWOldP|`FHfssoIJC67R8Qw(VNAnvG|n;-9ew
zGi8k*wp-RK{AEpaMCZ-g!xsLS+y~7UnrDAsLC-x@{#rBy+f<n-w3tRw``(SU#H?2D
zHLp7q&@a#oh1c>dXiVJd3Gvzj^{D1%>QFmMonn-6W4<1`S!igeBt*Ze$j?}ZdcgY_
zS{;ZS*JJf@t9Y_4B6)?=DgYKzj!*>E+MHi#hYZ6y4LnU|4^<YfxLSlOI>ljpBC5ej
zaLs@IgrQn_NqjShuzrFl6*E!1Cj7c^Qw<YM?+Ggz{+`SQ1wxY^&kKhHltPupX&gh;
zh@xr7kMJkQ8l+cpz_jEY&UN6Nm}Iq%4$q&$dgkz?!7J={{1hb{sIBPAWVq1Ouv8I+
zl2<@-tdC?W*JYM#YvMrt>tRwVRCU^6;lDyxPJM2^B<-GY6O}Vj!-Nn*ADyh$gy!>y
zm}O;(J4w2Gn^W1;H~OXlP=C$d;zZAD>LAQHkE{Cww#8w|OV>biUM#&jm(dD`Nd%RL
zf229bJ%4E6D1`Ve>_K~$+?e`7HpU{r58Yg$_TFx)f{S6wPtW{<U^-<ZDjY`iB%L(n
zh!$%7iB|dhs_xqCQbbarIk@pdRG~__fxfRKT()%8Pcezu26OsFKrLk+=dMMGrshNz
z5u+l=qB@+G?wi3xNZ$DSEZ;jX54%x}_(Ezlg4IqD?kJXFME4#cxg`(n1h_C{x*|+H
z7ny>aG$6v4d&DA%gK0~%?UV;w#wp#8Hq60NwpL@kSyFZQO_Lq=N_Ss1;6(^-y@z;=
z<C3PPM~Xg_me)`UFoqpxL9E9`yuJ}SFU-|OV{myd(kvDyu|!Q8!{)mdG)GhN;b?BE
znjb7`6CNryKf1UmXWQI3(GXoLUu+bjfJS2<?5rdeO1S;VBpe&Zheb@H3e`**CBX<e
zOkBq8?{u1+e}8U7@AIRF{2n2HZH6E02s>N(#iECZreKu_m@Ra}aET749fiU?+)PLa
z)Fe!;h<<0zols%Gy<jL{%sjn0+sU_??z0&lEc7dC1gqy>4ixzsVOhuz^MY;}9~~f-
z(i|8=^DhY^3%aA|Sl2t7sHoJo{<ioHXO~Q<ef?jsLf>KUedM9;Sco(U=b?LD&P~T3
z-=4u&zyE;-2>m`4Baq>6R??aK>)a-e!h)DXxu>zx*GU;5MO&)PGV%)}%4{ce?qtXB
z-!7>8swCYqKqTPuFv^83$_>fmp_El+3lq?b=G=A42<fR*2o71xv(-w<)EvW9QY0ok
zk|rvp;@b}y1K6<JiMN+e72Kq{mmMv-wD5jpR&Uh<vhEM%madsDTY1-L&F7oojE~k^
z271C+vI#)Fv|~auNz+MGvvxPbl_eu=)xjM(_gCT)=BR`9wCjO{b(f1|<~~U?Va{O4
zJS{9|d{Kd2I_Xe|xW<N`pBm$FYn<S~7&K^1@sWwOa5mGB!(SoP7N*8+hZcInc=9Pk
zjVM?ECs^c25M6A~RBu(r$kUK$+PT8cajG)Q43rRw@%pOz&nh)?<Yg2RscKvxp?x@K
zxyHI>RYrB#tEdM~#!A0}+L(VQ=Bl|6dz?OdEQx>;s<^SUfvrge_L7Wa%&KO<tMv&u
zNa0UXZ(m~&kWa=DdU8j*omX^mKW>S7BSCOL71vE7mjG$L**rv%P+gq~tzww9xT4Cc
zQ1t<yx9mHJ35lz?jBk(&x~p$N-S=<o<I?JBDrkrrZja57Og;>d;UbsrEw-i+Y0{*P
zzlr0=!LshD85Z$$dOr6c&m-q87!z{axW;;YFpaO^ej?#6jwWegp{jqNs5=ld-Hts1
zAT}Dfl4q8_(b!xi@3BA5f0&+_G^(LX=827a1{o>&sVOjurkkT81q(mwIgl#;EHs`y
znpWZz@hNng8dp^3Ej92B=#Bl_2Y=x}38<yUU_mlgVM=SmTu_Po%I&GGcG5u#&`=;%
z0HyXx^gkZqH_dzVs}vmK@f)9%sfxt|iV9zYwdQJ~L{SA?cmjy65KUS!G!z1*=_tg9
zD}BTE%yS2|XTiR;B8vn;*{DVSyQ)g9+$iofpJh<Q>fGq#q(@M?SS8XO$CMX8v>2vX
zr`G2=Yx1e`SX0AXy15TGplViE<_b0bF=pU8A=L(!?&Y|QZF4@%5-KUby*wTO0>v<i
zC`qWea%eLx&k<V2tqnezNc@(qL-}#0ot+&ZlNSkPyxNLyLo8nRBNwi?t(o>zUh8ft
zpQSEGXFHF4NdYtbZqrElb=O(p7W)yc9O`Lrhf<^vvtI|-1jcfsfpPcA%-CKpU<h_J
z?6!fX^`JaagSTxewX)^T^QPRuIXFTM(yRvqud1+1)s5b_MwFyeVdV;Xm&{_N+}Os+
zxmj8%3Ck?nDyIny98+X_B0A*$DsIxf%FTw;hY<Ax&!&aKHw)Q>6usPfhWNSDhq~*9
z#f%3^r|MlIqU8c(uqc(GGb9|25d4z5a-ahjjP?4p?~;snGm@EW-Gl<*@mA1h*&a2@
zzh{g2sn4~>lE+QlPc0ZzcW0+*OTLfV(lHy07ZHdWsvQLH82KkgyuX24SQU9RWwet0
zBqikC{z`%YGc{$H4D}_)#6i6$PU)N6*RHr5xk;67n4t;9N?Db-u6Pq#?_-M#H-8@_
z&*dEZVpD1!<~g?f#?MxuGJQe+8(6BGU!QJ;BC!<qD1yRa8F4;-9(5J9ISi==!zFzz
zsi!8IP`IOkV4v}8N!od6$xuy^yq_wCSgQq{K|1V)-h6VC+J*6yyz~NRI*1@mgE3nm
zj{d{yx42(}XvH83?B=4Sc5S5TcQG(9Q^LcTdX^EI@ZRz=dMXS+(B;f9y7m)+P%qtO
zn9u^kNSn=_N^R2{t=-1ku<ye-iSzWM>n@o#jZOg*@vL6J@m6x6cXDKjGqyVpWU#U5
z2Y9mhP~AwrfD25YhPO@=L;iXzfuC7sh|teydIXYYdIU4)lo#h+y4sQ`WEGNAm%7Rp
z_mZuhul0U-ARGXGrx&Zny>#)(41|wm!(b+bw=4UU6d{P!$3mhW)<4Ba7FgWGUxcZx
zhg;)tWei)kWveQlXepiq2+l7egPNd;H3ki0i9l8qKgd3&rkWh+YRp=duZ*4Q)v2Oq
zV?1WT7o=-69^P4QD|&5GL*O-vs;iG}cBV2M-Uh?cgC_#tYloCSNg^t}xf;e0I5AF|
zIuv&THQLhHgj-zBse{b2yNqA&=k=iHS?zfiEUi}m4`9vbWUT!To9K|*)$`=&ehrdt
z$MyRDdMkXw-S_PF>%p3Ap6<6+xof_J?^%E~Z`3e9OIl{>C+%+^MQesm<E}|Su1aMy
zWipbZzFmAW=3&t?I1&q4MRBk3Ya!s8cl{ZlBck@+@4TL_<oP1R|GLV#d5EZiWcjqQ
zJ}Byb&l)u^c@<k&ZE4)-wmW>HrOSwc?zV4x9o>39F1ff^qL29Mt$zc*<i~k4K2NBX
z8~PtijRs5h%NQ_^#s9W4%KBa4X=1-#Z!d#aY-{@KVSjymdWd50=JSgG`OVCQ;Qnt~
zvE!>{#LSnC<87Hzl3C7{S0O4#_GxVie=V9%wPTwtpW_f75QPynw12<+x+Za_RMa9{
z4=>mCK6oS$GR=20*xfUo^RY@>IlXtM$MyCurFYEh`Y69e8*%l2SoVM0`k#@T)znV`
zNuHNW^C=cykbfj0Dl1Ygr0@S<SVI^XnE#D6OfcXi1x9*$P<lptdh#KS1Fu<_>{3B-
zBAH~l6TwwkAO}FgC9VEtLk;qe3?j{#pv0k5Nf3?H`?2F9<;mc1;v$cs9M%i{c=@4F
zQ1<loTl)KZ{)lAz?c`G{Pl}}C`uqvt^poso!^VDuXJu+&5?-kE*Kou(opdJN!<4=U
zj|ByhCy;`MIr%m66!_1|hkxb&kA|$L<f0;l_zxa3KtZcnK?@Yf{@=Znzb~NwUcdjw
zQ?gz`iBqIrLD5nF)BVq8|C{hrc3wcyQrbemkP!YS#PUBXKmJSE{q3K!bSM~H%GWC>
z%>P)B?hO?Ee~7I9N5uN=zeWD3vHaI;%^N7!e{tt;ptyjPZ6*_X(9;J-sHx>U2&+D`
zNO^g=qEe$`iG?d!j6HU<KABPQ{#MFSsC3<Nykpm%XSGS)TS?n3<6P6&ac2zpzNaF*
z61C3dM^1<w@y*qpYnr>4vQS-LXm#?cpC<PuqQXYq%IaIz!o;;|qx79-(*&$3ZrKvd
z+ME^c4>~|DX%2Y$Txkvdx%}ik6XI7(F<_qFH>xu$q}^IvzaWAEHYOR3rWp#3pyp!r
z++Fm`MQaq>k>JO!<B2)`Pip_WC&`p1>hfkx>}3=r#MZs-eB-apr{o6?EZKLj&W+k%
z*)k@QWkm;5%kMw4D&N^bnULiF!1uL77qyq{U6BL)LvhWZ(NSzbp&d#d?uPfVvWhQL
z00)(6kiIZg8kz`-AdlcKI4q6~&IV*4B{M1K0FHKTYaD$d9w8)k+fHJh=Vz7=@Ak1H
zws+A^jL8Vyv56{ggk%#}^f6*LHtU9ZQ5JpA3D+0tcS+A~Hx&lIsAj+3IwV=pa1fF`
z?o@y!9typHDJ-9Q<*?VZ>MX)$W2VJf(k<cgxh!5VRkr;fG)P04?Ymys;Sb%H@_bQi
zc5>O8{DY!{Nq6TyPL0aVWkVI3qIOZtBNEcgh9w9@`-arj-!nN$3D*6COc%)%=0au2
zcL-f>`qx!CTwl=g|GfA8eTnP}6a)kg0tEU0bKn0yV9m&%pgf@e<sY(NpmYF@3RiOD
zL*=a^JKPA*2$tF^RB54vTs++K*;S$MT19TA(524scWN2a_|Xa0Y3b8xffN!h&t7ea
z$W3DhfyfD*V!}Ic?#|JB&#4#Z!|65P!#F`=d&hsegL6PR8=js50o9BtE4=UZMuzgR
zp(hqb#4jHu!v7wQzR!uL>KgEIB2j4iG?f73?jD^ejD%Y`H>`cGZF%l}{*h5nPnW^F
zf%Jf#1u-wIQYF@{Hi+%1R7hEgl|apkxX04|$>Z3hvClJ~nzmL&(6rY5(W>z0lM|U7
zDam?@U9X~O!&uN{hoUEfqr${x^6iQX9NX40(u01?DrZCmLJp>2ege2SI4E-W{$PF6
znA)j3b0c+y<A_e+LGa>Q>$Di3&>^IH$3iNu-xz0~wCtCp>f|wsKzi(*wKESsMvp+o
z)gFTR^}~_QJ#zk}be7Z%-VbkL_^nV51r<6%09nC_P@d>}?bnKWdnbJw_)V``NLt4s
zpk5x!D?g-)WL+#U)(Lc(>FQ_`kUT}Wwbn7tjbZpnU7z$*pjJ@zq0MG>=H-Lka9X0L
zCDN}m{DWc|=oBUJo6?{ARmSLY7-<tiN;@|g*3vV73%NJ4%aQbmt9=>Gf2-HQ-<KG2
zt>H5()b^HfV(!fz=<45rN0e$VgSH&-LH>RKzCRCZfbyxdUj-;quiYGYimyGn1;n>Q
z3u^N7#?^F(a>Wb6f6D%{1+^K&3}<rXgl|_LBHH^zAChh0{Jrw-m5jGPMMzx;9{}5B
zbh)YQcFv-e83v<WGhcD0nkVH0P3IpfKslN)s>VD|I?~Vj%j=!_QLY3EG~Y6p*JRQ7
zmJyRBweqy5Y5-u0t%u5ICKcUwa3uIG>`xQ);Y1OkDGfm@E!SN;U=fbe5KCCiSp<?M
z+Y_YhQUU6vpiwZ%>16+HFdZNCE~_UHVoDDaJp36hb!&I2yMCyWk0qIP8o#n_rw6-p
z5fgFP!)5XyLafqsueIB$Ou&2!ujWGS&7$GYm#x6XdM>a5L|J$bTkuAw4`hf9xK^u0
zIoRL+*6izS$+-7u)Gn|_wr)4jd(YOa&$1`tKeAbCYR|)PDv!QdZcL%j)Xv*UVkTUu
ztX9grFP}Pdb8;0Rbf%0l^JHep_-?bH8HHf9aL!em)6TwDGwDzuO<6SK-x{zCt?~Q!
zVAao?!2%#_VJ{ZD=+Dcp3ha$;RMG236{DF?qivM1n49U>CINRvt;DYV!pk@j8=~4M
z4PJ!D3TD)tVQsci)zCt3UyW?lkmK9t+XDLDY-$S=(jp&G2*Ga1zWe&xsrXRF?`86;
zZ0{}C@T4a5-dCuUQJ=NhEU5^tEpz{>)tATL`Yk|&;hX(&LYKttp6*{?Z#u1Ims-<i
z#EO*~&X2fRoO?Pcvt#wi>{)x-2*W`l3<HMxVoR5ie#akn!Z__%KABS{ev_!^u-dR>
zt+WP0nxO^r(0j#9f!d@bNg&zldvbpdyaVxL4c@>6PyjRsM1-`J`8d-h3#a_xi?<|-
zb3cGoad_lQNW$aoiCD$zcqF}>s<j^z&eORl&S#%23`6N`hl%vM9V!;fdEZcRv!U|G
zc|I9fcmJ~3?6$K!v-bX-Dx*o6jv=~;QT6j^Y{9V~f6H{N4I6$}J|#g@%dp#bJ$}iy
zV|~ueZAiEq=kx_TB%OPI=rh?}a0XOLr@w#($~n^B&XsW3eV~_la7%;H|Dx(0!vpDl
zxZ&E~+V*a3+xFJBwr;nbc57>E+qP}nwy`yz-v9S~K0KdJCYfY%=9+8H$t3yB$Rg9P
z7ZFfdCBe+}-yFh(Hhqb@us_+3Nfje0IS~@%VU>{MKSzR`QJa}1!t;q28bT*tyy#aV
zrCV{GJ6dW<yI$xYP-GI8&lLM(hd{pRr?abF+E4dhu6IM%EA<5MN@fo=S)YZ-8%u_I
z;Wh%vg@G@cCkh*~*u;d{3dNpJZ={(}s?S1Juo$NR*JoPhtiYA3-Rs8RigDmY%X{tf
z^`RMzTmPtmAadQd>ORCw5*nT!BWhLo7bqi0$R6YO{JtpCS}^hhQ*t&{G2IqYO;#-&
z1w~nBn`|&m1niTt`!cYz;><!3>^S9va!LRm6<S~+rYUSVO@S-GERI&KPFtUU6FvGh
z^4DwGy()Cw4G(>mY@horw&7ceq29sqE{%RGHO}H(>@$w0z~BBg{<KVbL{Sl~+F1Nl
zC;=!tJ&JKL`@rO05P}7FnnV14`wcB`SFQ1mJ9*u2kBXjaV1jKJDhh+gWv)lD=>k9w
z4F#q+KD^pU`dexx9;vW2HQILs@f@^TGybYid;=MhT(8R(WX^z%U02PoY`MznpwgYH
z`AowlXPM`6p-(I^3@D6aLbyzbJJa)Q-E3I}%f1`qEe?fcB{=eE%eFG}p{5Yic7l6$
z#nkU}av!lj!<hCtwH=T6zpzIMYNdf6nhhI;Jt-beVie96)X>5OlffgRE0-Yc0$|Z3
z>8em0u1sjE(~3s36i-dTL&<fc%06@Lyg$5GM$~3n+aRPdIFfrO&2phkw2s@-RjUAt
z)@<dBfeqb(aDm$-v(ZK)@DVLkMpd<g5wT4T@0q)B`w)`7PH9uVC@@8KU2q^X$iG-A
z`$sLzDdT5hY^;v}tkNRJ3tnbPyGDn8$&=D;?HJ)K7kCj5bWpcsIq@#_XwfG6jA(ip
z?MG*`GnY7T_+~>zD@*0^{+e1P61md?g{1PT&6<Yi3m^sNj}Jmo4h2c;Exv3InK`<M
zi%xDhs|)L%O{W=``ii)fV*;d<al?)fzBbmm%MLmh<l+l5^(Q(nkLY{;c!Tn_@CzO$
zxpY9kCV#9L^=&oy-op98EJ9e80}(Zt5=H1i`k^r^s;(-v1Z5+gB0K!~5u`bqYW7cj
z9sScT?aiCz!aIlI^+fmmyz|qj`5pPcy-7rq{DJisvIsQO|8~~!UqB=OcW;t(4h@C}
z=-S4wHKKlO>gOm?z7Kwr>PXLj`4R6)X=!FtRKf6`+7lbopGwL}?h<!<))tP1Mh+S_
zJMz%d;!asp4R286?phO$bvS_>Y|HDOt3_C|Z+E=W+y^QLhABSsV)wMxr!e{ZsqbBX
zvwDFR?wHx6$4(}`cO=|c_8+LK{A~d-u!-oVRck^XeQPS*$f}Ro6IZ~hl#s~%80SVI
z?QZN{=4964DugVyH9D+aCPVo8IG%F9YAF8TO-IIXtXkD+<V{C(yR5}TWw7=aT}dQN
z1fL@7GAJ!qGAVDyr>kov+FrAf&?9`nsK2D3TWBQdvNqW%uqR{?oo7s9Gm=9YXxIK3
z(|Jo$^+UOKjeoYh$x2e_XI-j5g%{bbrLB@&HHntJjl<!~T~y!491qfctG2QYy%RH0
z2Q=yD(yJQ=X07d3XG~LJDRKDhW*_>xr}v;H4Xru~)abyyt{XF27u%&b)hmBET&m@{
z5S5qUZuUIqTIye@-<vR;_%8vBfZ93^((3B1^WT}jreZY1rCt7D7f%Hqwqdq591Qui
zi!PW!;_4{oykIKe**prU8vsYS$K)lfCM%_HTaJnvXZ&RmH=X+>jE8icA5BTRRpXD1
zkFX0gYzTS`Wxu<aS$bi#P>%-F3P=J|rnYRU7Ilm7^Y|8`#-=$3F%c7tz@d#3l{82)
zy{=V*^(N`mP@v@t;Rl~^s(%^ulf+7Nqs2>~SA%dRc6k&Xnj%%cQ2JIEYGwsJVaOKs
z{>HUN%*&qR>oAD$_5k`4dssB0(E?0sN&263Xez9EB{wSa@Q@O3wMq@Ku)0FnVx)5R
zEeQ{w(&r|dBr#UJ-`QRw02M$%Gxk|{6Y^)$u8BThOW9Z|j}!!G4MSq(rI>DmStN`q
z?(s@wEK@}6oMKpxP7Hmz*%vjjk%@Tc-yzQ}csyBcE4ByyV}4h0@=PXm%m2^sH{apj
zO76|fYf{NUGM4izZwGl>pKo+)2pacOiwFziB!BA(#n$j)gGmbv@Na=rxRta`6Y8_n
zl;(t+?1U07C`{wSRoS7Lnw=b;v$cJAnF?;_=QuI{n;mb8+=vNh_X0HjFZ`sx+CUAQ
zdS6f2_s8kKeY1af)&jVmwADvA$W6SU^C6Rt@h^ieBabFJsF`M?Z9PGmvcO50U2gwE
zpk(vlC5i!zI_wZl0LRI$Pj3w*lwJs}XVcm)TLbL^L7&5eQjMeNY8|O#CCPURoSoFF
zlZ^P7Et0lBhEyP3)cLa2ahw|{3!q7ROnDH>aLMJ=)K=JGaWO{y0bE}%w>VK)up8*^
zfC8>R<3F@VqIw%dHxJMUQ@0Vq3KR_ThF$9^RVO;Y4BQO~fp^fr%p}Zqddd+`iA6=x
zZ+a+#+e#)Np<Dck#zl}2Fq2dcx2rL!d|W7kaiUIy7&x!0CNp(5ny!@=fDO8sbPkNY
zKz&=^JY^xYS1^Tt%~)J(Xlh1czCJ%fnMbLX2hkh@mFqIB$n^7JvYkb*cl)<^6m^y0
zvEB*ps756kz(=9Ju#KGBHCM<Po>3Z`Lw3`WlP-YU5W+RXfa-FhzLr(icpB4jrVDQ{
zMTJ-0^&xDjDpG?$z8>Eb+!$vgj(Ufr4lH%cNZReWu;&)R7$r365X!g|T<n~LuNI*u
zdK!!fnK4u<mCPz@ttP(4JI{&QQgeq&TBXRq`lpQp5D!&xt~&J9$k9R6V<sFIC{o6v
z7>^at3w_gVB>w_!SAmCH!2y|T{L(?W1nco3Bvri9p@vUQ{m4M@PZ5pPE@KB2&gXGs
zi%848-9%G6&QAd>q3E|z)<kn!2~2c3wZl<ghvSj4{I?Q25K8dRjo9Xv@x-}d5x;<7
zF!IfKz}RP0!V;+%BbiR)?s@OFa49W6aKS!hcVB%g?s3*#YoSSOB1{jl`%o;BjD|p?
zs^;%HR&=3F4|ir<AAjzs++MOLUhasdL8zSZulaGy?D#C>a;&wS1qiGrAN_B?gStGS
zm4+zxuCB$H*jM^qtljUYQr4OR%ndctIbxW}0CR4|1M;i`!Dp!$&Z6y5S-qm`6tyAj
z%8e5Cw`7Jq4y7PAV&}lW$Y^_$IK`+fi{uOHEzI&x_i;b)j`;?<1nu0KcOfL&J0@W}
zXH|6|cVNdFS0|%w-)JR`+Wv%N%~3_{%Y$j<vpLoeHbA+3Q}zGcI1sDn=EjEnBmIa%
z44g&<na13ax4`K?qV8kwYM9slQa=vR8({IW8DYBq0V=LrP_bPaikD`UMd0?_^v^m#
z*Cp$!bqiUJsUc+G2khJ_;ecD(VTI6|EWKP-JcE$mRwUTxSx$Es7(yl5Z$Jy(oyA*s
zWy}t*v-IG}4AD8nGt8z;w}QS7euw2U2$*_0>oNZg`SjF@Aux9$(;K}il@)Ol&2_+y
zr95$ds3Vz?AY~Dg>MUY)dr!>f!Jpqg(0>`PM_Fk0mW5gPv&O<aeJ#qE!Edl04|lE#
zI&!LA?M{xQ?@Tx-R&$G@69T8s&SYFK_Qoj2(QI@b3?b{!Ce1%BU(XOYTeov-5rASj
z2Hk#1*SySnccYUy``A)}#kHb<PuwWsAswU1XPpo8vx|j3Zvl(BM@}JIF6Tz_E)^?3
z)y~|?fhXwcz8}=;{ch)P`Vx<6vMZP18e=PxS(*egRq(F^vY-<#_SY%`x+gzXpU{P$
z?6l8fo0;NRb83EvY<dy)XN5_yuK-hQ>-PoiaZiTT^?FhtScyjJ{K0sgB60dE=zEoO
z0hX|&F)5{K6f$aF8%Ag)?ju3-*It&Hl6n4@_Ty&Nbvix|9nS*m0=cDy_4_$*)pz#F
z38f5xPGg~dr1V(XC~b>5tTH2t-TrcwVBU1J@>CmI`Ilyp@^g7zqXyA5IFKvXAx3?x
zfk4@|YvWHjmBeMi^NL@%H4GR<bU}Nxh*;|Ww85lC)glblE;eq7q+f}mk;GH{t(VP(
zu6?i~SN21noi)KK&UrKQ+{1=$C*az8J-#GQfe9(oF|AOk;giY0+JmjCy!LLL?V5$)
z376xLNNaruyshbA!sRUO76@9U0I%Bm6x0_9IykTD?-vUO8us>+{sjKJ*s!XtrG}aY
zuQVY<Wkv|cWp&hlJ*>mw(xdi}AhcX(N}^EkVz%~DBxp%Hk}DEwY3s#t%U+k&fx_CG
z(!vkKO!P+I9h3AqnI0$cDz%%=bn*b@br61r#JRa#$cG$Yo7S3K0Q})U$2S<tpdpJ7
zFV;m&4e!rdU}Y@I)K6#;?xk_7JO(qWl5^G43&yd~4FHy&yRqmbFXO|jHcre$T0*X$
zU`9Rc7S}pZjPGKm-?TgQwO6~1EVH8$F7?opI;xacHaaqlRNfPQzi7{9z83mE`nuYq
z!4U2}beEaC-y^VF0N&e5&Ak0*&PWvIMF6%7Bmzp95yusGE~EiYdtD$LLF6aZpKB$X
z{1d;>4mvGEMJVb;Jue7qrwGOML2c5`{j=!MJD42>!u~gUz4AuJ`8`v*DPk!!8|?mP
zUY=>EyrTQt>|3;_*P6t<5Dn`cRFh()@206?^?!rpS2Q<$0O}#4q1^{c_mn|+#`~~&
zP!*{4>Uy!^>$j4GK{W<7F}aqSnL_r`Cf13CT=}+DxKB03AVhH=ddd|ss~?jiymCBI
z%fA=x)^`uwv>LdWxTVaTk)(t>zsW8nXpM*UPw2dv1(d8nh1;ZIRchkb@r}>#De3eD
z&&#U>E3s#<0zn%pB%M+uoAC26_7DHgjBOT!x0Nyz|J|0&0YCZVCTHfJAWu)iwU+M|
z4(2hKz0@RiNt&wQO6W{JN@H4uF{|J#`yDT{B*|RjDhmTJScitaF)G}c|NVfC;-%GM
zQs2I+#L)hoa2VRp^A-?DuZrPR#N97R;#j&MrTTJi0C=5-+i-4vpv{uk!(yjEs!rsI
z)56MbXd<8WKmNY6W^uhAR;Oj#4votflZv@f(BD<oH@iK}Bs_)h{uQuNhEz71`w*0H
zf~uF&bW3|i4^}^_VmmU_g*5x|CS37PY0pXamg;bWQGHkpqbG5#6X3k+E_(a1!#tLU
zf_^cn0rZ&gHki((*5CWgRdDd;v}1fjZ%JY7Qo>5}u)J?w<({Z@@m1Op{1uk<7Vm4W
z6&qV@vC(@wjunJEuzNhiLdfUo3AJUty3i@Ry-V~h7^3xR%3S<~Y=q9cnd8!isWN{W
zr*31f#)$PFjOCdZT_k2V$!-z9wHF-sw<ULIU7!$+0ROk>ugx-^3#fQ0m`!0@A8CnZ
zPIDQgh8guN-FO5pHL6xq{YtMgxttdW6a*ZH0Xm1m8zVadQo6U(sMw)aM{(ibJ9Ijc
z4uZM7{sqEt2MS$PuC=8i;u>96#_S|)+mWtte6tPNaCi}M^PFzbF-z4>n_9pBS$@l!
zwE{p~ELZbRcNE|3H*)GTvuU%G+f?sP)%7+;Id;_}5I4F|W3hZT*Xmzi4G~)EOiI9T
zJ`Cx(NKE0i6VdSo=oU~|Zd&NI!a&F0k0&HQwO}3E+izpz5Qdg;Wib*O`WU5_<J#wy
zO60UcQcH=7*?;hyIvK$f27H)OXOs%QY65!gaZNucz{4u8gNSk#xt>M;>d?wR>TbEL
zYY%1dJ?$Mh*Q9T5M(_dbSrH_DZEp4wA2$1KU;PKEwRFSD;ul@FGcW|wT9&flsE3<~
z{<?`bCKKAjP;4KseimT0?fHE25jIyVR>Wr{bMI0<a+E$6^T!&07k>VoALLg5nAfGe
zpXco|h0W}mo<2*r>>8DjZ`{|fD7abpnW|G!aPl?iRurt2HL!O5lnF0uP`#L5PQy*{
zULSrFfNS|A`Y*=p4}LTwM*;z{_$pfXfAdRC#h74I|NrN2FKjR(U`;ZS`iWoPFRH!i
zdoEQo$T}Ha0tO9DLTdqqIBMy6?I|;&q%XNLaW`0ZHYri%fk6F=tZv<Dl1FmzbNO2w
zS2zzQ8pQVcpHWp8w}w9;>+kq(0<X8h_5u?+7n?}JLyw(Yb7vDQ6A$8@2k!Cqlbc)K
z`e#|*ulvBOzW^Z*K=wL%D-oV@A=VIkC3gME_OuFL^>o5v9^Tz{J24Gg#p`4itTA&u
znzfesc1rvHfH5)96)@wk{p{q)_3mN<gq8Y4T$y#U1uvKvCe7(<`?Zw6Fm=L9$^rZj
zWj=2-&eq06)%<B`v30d!3YB}_Z-+LxV*kp-jazgUlPX#PB3axQ14fJKIrpBtr;cY*
zhm-Ht^VPa|RPcD7y7t3v=B_5{x<s96dT~w3h!@$+R^!7uYYW#t%Fm+f3hdcttZe?H
z=Kgw<cJ^bXogLrl-Y>=@3h^HDx7-ntPrCHFq$h<L%eb*R(}WhN9S#$E_M7ImUOR~x
zFa);YrN`KS)CpJrPx+1x`rqC-oUsJ?dPEqV{LC9l5spA&Fsr+QeK#K4D`B+d?`u@l
zogm~0D1j(_q>4z9&(|}Jro0k9miVNM+a&8KEb+o51Ili>Wf;pM)MY1u5TpKxvTw4>
z-^ujWSW{cls(APls^r1OM!hi-=d8LHg2Of1+|CaG4Rai6z2C%8bkKi>jaI1clvC|6
zeX=?5p5%W=?u3ww@+bHIwm4_t1p#wU63l+Lw1Y<CXV!f=r)3d-nQ!~R6oK1Jz$Fox
zCRj^ACxfDK!``Zz5atwgP<ne-J3XTZV9c^g5rdQZng+|rDpA6eup4vR|2aHX`b}94
z6Z(MyAt}m6evS{Kqad;Zz2a|u*d~6f%lIp7V}va`@dAwBqk+XId!0uPb9>O3wcwTM
zU=cWH?M^nQ_27iy5n{<?5j@O~63p8<@f&ip?PQO=v8}nR-T2l12aq(uqTYgUL8g5I
z_gH?$(5rY}DJ&yhsZIiK-1kVIikuhYP3PUfSUa;@E~-OJ&A*YxQOvthP&*lOb*~Gr
zk3q4DcDJWMUHj#bv)M?Px0Do~D?U5Y**IF2Gwq3qV1wWm757fIj_OgLZ7+-m<D&x9
zyFphA4;V79Mm)Xt0jkLCDEz5KJ#+)Jg9+N^lKRd;%2Em+4lGpsj$xbyi}d958NeLK
zZs{YrcjvG1F>}79dnsdwj*IYJ&T;oR(WEAHJtKfd;yS}9Jd^cZoE$d*`vdu%jm>F=
z`E;oT9<*gycf38}{yO?>46VytV<;MIt)hbW()niwprUWiKWIg^=Aw}VD^P&N^-vXb
zc)Uk0h#6USBQ)?dn){i)GuL8Sv%3nEb7*^mYea87`2~)K9C?il=0p85JM5S59?sB)
zmE2>U47f>2hut$U-|bHGu4_DR!AXwqPFFYpe*&GLxRZ$NYK6?`VfHt1p?0qD-A~;#
z0fm1*96w~?{WBl|I)44p$n9#sh_tJ;STrErk1-rgjO>5OavBXS{vy>Lw>k>&EaX^w
z%TM3adoSbD2rhk;XV=M<u_^ji{^Jr_vPYH>R{?FkG!|(>@@G2b2<C&t_KZgK*YPN`
zPR%o9a^B52oxWFq<gQ_O-Dv9>5j4LK_8hrDyHX97x93N4zviGplvzuW&9k2j>a;!}
zTo&?LK1;&ayovH9!)Y`NiaG&CdX|XtGS(UdLb1?e9yn{IP4is_FZ8BpV^R8fhD27$
zU=`J37YXnP3}gc(S%RU6FOwy`$Xm*3XFbKM%w47Tac<;0U6}}@BhCILQ}f{%D*83j
z__{IA8k8BcN21x$Zz_RY%?t=(T)&9qE!ma%x^c%Djo~`q#ck}lp?3p3I7&5a*lua2
z+c!LL+kCC%$z-Sx6*UE<6L`_&sF<KRX?>L?xz}F@IT(ag*2UtZk?~Ai4TF7lP3Mi*
z|5KTuIm(Va@5Du+B9lArQv!5I@5=nYJP@V0ej<RpmKRU8;DFxq2_^pipD!l)p;p_7
zYmI0{p3at}05nWq)nhBIAaCn<b+5_eSco<iwVd;6VM!S^L4`yTrLxRY8wG8iy98)^
zd@KvMzmk_pqVLcZweREcFL4{A+MnuPItZEniRWSk%Y~ZMa#6#-=EZ{po4>&v$*i69
zpGYD}@Ru+4nx_nG$d?i4wNvLc3W=DlFK>XEgNS|$0UPZK=05(ex|wxuyV7QT?bld^
zI2SV}K}pnDE<+O|Q4ZjGjx-|uM&!G5J1j!m9k{QZO{*a-qa6|XO0|Sp=ueWZm2cu}
z(Lc}z5<Q$Oa46m+JL?#>6~zC}4sFPn$*v##&nG469+o_i&5;o0j*sFMI-b@yAPUT#
zicFejT^911Q1|aDG)nXj#tKp93y#$iZ|2;;Ftuw=#G7QH$|Y02-Yb4*?(7PnM!{Fy
zi$NNq)ISDm?A=8igeNO{06NYojO8l9)t!yKi})Ied+3WoJ)<*}E9!pf%!q3>L|%hw
zTFRNpkr0h{Kg$Sd2<w~wT^Z23hu+(%)`lYN_@84MyW1Df4w(_|1t@0)Ae(vN8noMp
z7moJ%q$$qw;@8YWeBL^ZUT^=?b-z#BFl&oo`tK>oh(NSvwQ$v@VE1{Jubd%)lV#W+
zC?(!z{3R!Sz01J-JpMYye@ZBBw_^MJig<BGDDJv~7a|=CIF5D`iPx?OTnEFPo)d~+
zuJBw#!_FQPiqmp$PpC&Zeo@S;sG=o>bBxI|_~VS0Kv8$dT`D$aPT|<hQs$6ntGftj
zSupDGgO4@R?)(*@xX#*_iJMS2WU}##EIq<r<4ry>p-aum<IT`;KWLZAdwCtfb$_=!
zw_PKHC?FRxtaw8i^o9lX0m&%qBBQz5O%Yt{ihQ7(cl)(NFZ4!*;Au+qrwZo-o{?~?
zZUmf?&;;4YFZw_pfj%<bED4P1gv8Aq9-8%kOJ&H$BbkJB*?Y11ZRp%k3Dq_6#a*yT
z{=%wA^Ni2fxx2Cb+aJb~f3$lGaTQhp1R;BwWnlGPPh}u*MIbJKN`~DoudzX*k9k6@
zJrCqDw!d@KK_hC`Vx>@RcR2AXU)^b$I`SiSe^{cY(9(7M;W~MlH_o8d%?4@w(n2%W
zY|Jexc!Er-)oaKs;ns9$=rA^5ucD@9#m+8OM4MqQub-zNb8`ZFim9S%S7)VhQy>n(
z2LLI5yvwoun{K2vbUa_}L+<eoqDhqM+E%`w`1`28nx8X{(h;V7t(A>Bhw(N;rSB!y
zIo;nNLwKk(ASnZXQ9<stH0oYy3_B^q<$2Q4(epG_7gT<&VzF4%C-Dj&tEi}Q3uC(;
zURqBos`U3!Gbdj}VpEh~-`^a*2=#^~BY?=i@0gY<7MhPULR`_pxNdMGQ96BLoAK6Z
zhpVyGSY_b7j02g>?odZWZ?!WCz;3B<j~x}ucqBU{msv@#7pUd4QXJB^NomM>=x=Dc
z<D)Twu)o`D2!D6CrMQaU<c%<>U-JFd;ejn>Tr~pk`320zGc?U%buVre&dVRn4)8o!
z<g4;Gd01d(_)E#6srT*QcvSr24c_Est&0pa?X!3s`-|=)Q4sK6v+PiCP`6oH`}SVF
zBZnWACc2>Gh0rP=|H?`s09_8wHc%A+K2&GGenW;FrM1^E-iIciyvzFvdw6m$u3pq{
zM!c!i^KMuWz6EoMtg_*)fC%~!40sK!$`y5(=Q5kr=#~8BQ{GY;^4ogy=909O@m9D%
z@i}W25Dkm!EYd^la#<(ZN-Vf4ndrCoHb<JVP})*Kj@Y8Ud^DV0R>6y!>vh0EQp0t;
zkhp(szji7IvwO+>8U6cVnNRk$i0@wX`Mky}Mj7IZS^LHGMo6(y$S?u;z1HEYj(qs?
zUNUi4((zs6|1DZoh^pF<g{UDWs9TP;ioh&?c*T7DP@NqL<M)b?r15T}lyLLyLl*zn
zH{C?&Gqm=T#%2XKx}s+!@Ym^D1Mq^t-q~wboPCnKdTnlI%UND!rqEIK5cs?mP-I5*
zk<8cd@1>SO;$QYfiO32dHCIi5)`%?H8D)v^gb-_o+rgZb;w}MsGE@)7%RKuJ=@(#-
zL}22QPN?!IVCxCk$a~4UymI(Iga4Z~e(?d4yo{o_$r_#x`CPEe>#1HWHGR~o>k^>6
z%#n2Q*xrk}J+=*-vxE)hWKoCd($rfvq&z!iAB5^SU$aXRy{iG;v>s#QieFd>#)h_Z
z8;Ydxs6|+ML)dADDB{;g)&j#)Z_}apL?Gw2D^l(EjKL?zlcQNWYxU=X>NSmT)U_1}
z=FKi!=?g0El5$(rKW$9wGu$_3)wB;6ALQ>(gI@enDK8N@xGvciz^-2WxT!8-_UwB)
zYK-T^rC`z-UwZ*MZ?ahhN@cqt^=LdH4u0@yg+ja;zipm{7wJEdqh;mWQfmoyHn;gq
zVA4_%R#~BZDkUlv>-FzGgrh7kTIWZ8t0tK*K6WbEXaAO`R4UjTz9gkE3r96sML&nE
zg5P-+X_}^t1>ELPIl@{i7!De4Z@kI97ew<3_g<*cVS%UbdRb%`4*Z+0wCJy|h;~O<
zO*=@qUJ1gIr*?gO_Y(XSl4A|<K7XU!N-r4iE>bx@4bm{v<?p0y>~EB{4%FFwJIZf0
z#jx)$RvEAG20H|66U5z%H%ezI>oy1*SEU<X8m&uzKW!*0=&x3a-0qN^AZkA-79d7+
z>bC9aNCNCPafSwIMAq4FuYQqz3XPEsM9E=h7Z<n$MZRn0RTr^}_Dh`Z3}xft&u6KJ
z#iH{VSH<1Uy6Q3CS{i@zv-AxkS-JZ}DHF5kVNQNUNVX_@_jwS@==a|?^BBMTM7}+*
z+KUK;y=mRnow>W(($152th`;N<==o=#%w{wq5yZ<sNE-;jZ-Mem%nk{veOvamFgLp
zmU9~ehPKk>Kr5>GLe(G_g;^oZ5!02*A?U%W{$N?NZ2h^}$i_sBPa`3t$E6^_#B+0d
zVa!_1#95(XYFv%lthjN-*UK@}2Y9W@LW<q2BN`og9pjox{V(}()nXb{$ox{Rq3h}H
z$bj>(|1IW;Q5bSUPQgyqJBT&tvtY+ta1K>9redOHiOZeZdzq#olXW5?sHMx`PtS|3
zZyUHG>t-EXo{2NoS{-@9wS%mW;3E#p7m*eJ9pE<knJgqWB$nzziAfc@@yCd{Qa0#Z
zx3OgwdAbDWeQ28YvfXPs3ab%Z*#RB>Wv3Cw8<(`lG;U{VTJYwwwuh<6qy&7WM-tIt
zr$Z?!PQ{h&Zf9Z&kI<{^hlrc0WIdIGhe(KRE9^hTP<vhjbtCr(@gMRsJ-!l~7R%al
zW11z7zXX>Tp5A*5u@>s1z}r#-6d_(abw+aWyW+~MG$iIXJWIsIpjMe%zsj#Fne$R(
zs(&@N?m8sEn4LJy>2h(HDr-Gx+CF(|$J%r-?qp_fofAIsUguJ(U;IgOwdb^0%YxUN
zH>pj3U9n%Waz$d3qBcE_fo#3y$XyS<dSQH6u&{z^aF9-1UhO#fVW1?JfVhIOH~J84
zbxni}V(Q<Ighw48C~x|&kp(d1U6i*qFQle$n6TTz#s7xHMv_a5?=Rn!Mr-2$!P)pt
zPI_niQgF!MxPvx6?0GCyc4;JtZdTyHii1BoiEdL-^Ez=|pluuf&>XSEYMe<(>EW9y
zxEPct(KmEcDPm-FHaaULY%BHo32+<lG}m8}=y@c;?oP+^=7Gd)e#U^Y9DX3q!t$GV
zZ#Lsz)WaX=`HbFjtB3}N#SR0ZNTJe7iH6k24NuUJ_eu#SsW-ch`d*)<zSOc_PuKe6
zq;iRkhPJ$f4immok}kJ1u6LgDqnm-^d(oG7|GE~vX(rH(nP0lDQRuIN8x=>jSD-i1
z`F|^qDz2c$d`O!w7w3Q~<mU1TwpWZ^;fIm5zZ(d612Qw7+ZIEXeBU3jEl@<u=;<s0
z_7Q{uo{9Xtw)=?H_nP1dyYD3A#l&<(Sa80VD&w37z7_ZQQ{Et{rRIrxXF0TS8x=+D
zv{p{N+a-*9l`na<g|(U5g}i&!wsif$TNUQ2C6mKPT84wVeO<uc`-*!ViUl056uB?P
zUesDePDy@Wh51wQ<nrZXDlNSi-!}=DLA$oHS*1%mK4WngakU9|zDO~bL7}npvSXMt
z8k$m;)CqZwz|jh-kmAW=+JBYiT3=%_r{~f}!l847l749AgKGiTsCw9DC2P@K0~B}y
zcE<n6E8x)vBeJuJZbE5s#j9;LeX@Fiutc%tKcO)qqKxIBuBE*BSBxrc?!uAuz@9oc
z>8WJT@px|*DR{mVo3k<z+JS?+@@KDj`mV{zRAU*Be?=n5j7PwYi<NJ!{-+oT5wxEf
zkH+Ip1fv9qhX(t?LK}eyN!nXw)w%a(d`|;V_0{TY`m??_?r&aO<GFiYHMyxzkq$?1
zBe!nBx4iMmzbsDWm&>ZuDvnDUhf=39r^qgW!ccDDrh~by`IpPb)RsNqrkB|!2mnOz
zzF>-o4djgYIuVBYfkjD$LB;9uNs7oAHlXe(>i=Hb%A0>Dt}YR{hk!H*F~Cnlf3gk8
zDz2QfEVF!*^>)1$hH29&?(>v~hCbSRH)|@H9XPRb_*xq3${UTKo_cURsvuVrMkh}u
z_?&JdnGR^JS6LV)Q8Tp{v-AGKEw8gojh8TUe+2=wU>%$53qO`^wJV}lQ8yPDmoE?^
z62pp1INTZ#TqhnZib;u1CUiGYb=v@AI-JS-!^#gBQye|}%hQ<S6XQA6Ty`F;o@1Pj
z%s4Dnjq*P=HAi8if7@QjJqgAxOP;2j2XaxoVmMp|ej=<L?U$5WYTVABAq!0_rvB2n
zC8vcblWn2%P)^);8Q6c7Ei|iJv7v>j$~CA>zPRo!tIRy?f@Oc%?mv||3G)EnJpTNE
zagcsfVG{Gnix)H<)wQ(i;=?bwQ5d-UmrnDVQJG_uKL6Es?No>l@~KMtFN|x|Lq$1H
zErBNC0;(n5ly#NNTuIh<QmAkGxFLZv+^F(b)M0`4cM&N#HCa0OcTe}TA%4yx&(<1V
zdCB7&PQG8G{*}o<dyQ-K*PMVjbr*PFBYykIzkBLcRnBYZPUcQwemMSx(hRFS-bXg7
zN`UN_Qw3_@`i-?i&1nwv4rN#Do4BO|kul<x{uSasesAblS4&}s-dGfbtqG$k;F`4n
zrfU<jRmX8BQsUBHO1|#KJ*qc}TH!hq&7MVMC@tI2ha3ge!CfPNDA4ijU0{B2*TWyG
ztJqG`we!BhboO*yvEXC>T4#*uS}TBYAunNy{*0|EG*x+<MlF=jd{BA2R&1H<O)(Z`
zwCXbXcfCU8%fo{vrKS~Y8mW@7l6Ec?BrkP+sSzdF(uAgCLi>ay)6=^jGdWCeA<^y4
zgh!;JGC}6gV?T|G0Kw9R5dEB~cd-EW$b?DeyAT_K8T86Mlhk#is_lYf!_3FYbz}mY
zR4|y=E8HdvEi&9CI#IF&-td6UsOlc1MsvULETP^;USIW~zy11$^d1vN{r2cbTIIh-
zI`qV^JNLf7i6sxbdM7k7FK^rx3QkJ!T*Gil*^it~@H>7Z2WIjs7;8nHL_jS=e?Ole
zHJipQLq2bxq`lt?{j`_u=cwS+Uhs68xS1=dYdw9M8Ebd3@9~*Svzj_oiAR1~ZGo34
zv>xLZFEIpPb2)dMgudZgbr#yga<$N7L0Xh#aiNml#dP8}>DcDzO|B1BSTqgxdV>d%
z5C)Z)&&sOc2SBc!R)5L8cR%BF$LgECnipgq0{l*YK$y_<FJjNeySU)bm7F)7+hxB0
z)5kJT#Yi5bb7OMio$F&)YL>Xe+Z^de$eUO2vn}{Yg=oAe_#mv^MiXE+XHmIq#YSZ>
zK6Ll>i=i%Rp1+$;*}1uo#TG~A%3{iaF@<LiwAC{X242?>8P*!ME?Oanmo80V1bX3i
zH&B48s~}shST1MdNd^I5w(n+{&J5iG)}rV&JvygNp)}le1?p|=bF{>g(aIS|EZyz1
zQ?m@s4;>d_PV73(-Mg$lAzgDnkEia0-lFvS3jLdq>vFDwb_qV(gHroA%)35rKl@_}
zDWwg~0T)DN_mZB67!XpeMr))Uru*bH5}pYh*8>bD_IJ()-6j21bz7LUpsa4Q^a9Ex
zxt-ZwmG!e^n6`6c4eQ0o1j^x)&EXNKgI;)r@aoEHs=-CCTi~-R>n8I~m7~CIUf0sL
zgYI+b^Ks=etg@csh3PTx-78<m^Urgbc5fFEV5`C1C9zsScl+(V`7QsoEnlbfO;mtc
z;N+d~Bq^t!V(?4h^GhL!R)8sLTmkCqWK-(fZ+p#e5OX{}!TB-?IoPj;)Fne-U>JMh
z51(SMp9qip;SYdk+pXBEK+XG8?t9jL<?opf1$%`~i_fAaI{o_3Z)?#EtDjPrqX5>$
zCj`eq-Smg{7yFB6-c0pH%&jGS(V-VZUt)5%ga6EV{b#O2_xa1*vd@3!erbG}qiUup
z%6;eHbh?ELr=1ud#<>B<mgdENSrmDL_L+<^#56vR&RfM-p$_u1^+6CrGk#+~<Tq*+
zW|Tn`c#sHZ1QOtak&m1nbIevqh&9e(1nffm(N_WeWkQ=I)97`^D+#^72LVn?zhg?`
z*&GM=QTO`pXI-!i(Ubp1#Pay}8n`7F*Su0+Ph~)RU?$59rA_0kL^M3V*tX5Ib(qY_
zPW>Yjj*=|J=mVY{2n3$5g|1xgk!^K}?(RRbBXLL<fnzI(BH~+rDxmg?K;d=9c|(9z
zSzwPY5objqqL9Cst*zm3d(uL$p;f~+CMjYvdu{$z_a#8@6`U$DnElYU7sIa&yl8hM
z%jfL|Ir2?HjQF8|0{%y5(+5<+Cx1)YYU*$zY(oi4N^3HUg*I;YKZ8BCrR~8!z>ED2
z`}sNvzyzsh*8zCPQn_%ygE`$PF6ljgNGu~wMASnAIiW3h3VLZucMPiwf$QX&k?YkS
zr`&_hKeX<*&qr)cruxPmto`RflxWvhsI%0@#x?I6XL!BP)O_%U9va*lt<!QU*h5QL
zVILqCH%aBU&n<w%H^v57?*iDNRi}a(`zm`tuT;onzDxnc?Lp-|=fmlPYyEd@s`!W)
z^L8O35jx5WUp#uAyr{_QebVQAj5s=dB-*~!M{^L4Ka+rbG~KW3r?T$oZH002eb!es
zI3za_uTio<$JVt|{O&8vp5eo24api-HDYZY4{}c3H*Al0DyBq(My9>|q^H2)P=g0x
zI1}_B`rPGd|Cf^VOHW}fo?w@{AF9O|-mh<e*$=eLsq{c;rlzy>qB9`_B?3VC!P?DY
z>a-Yc_}*?Y+R;_A?v{xEO_1>ndj$yWfBe}0k>VsrfdWQ;EalS~`sRNy;(6IlzUdym
z!U))b!G&0lJIhSBfY1J;f40oW^N?f!1lN+@mu&@ZZJtivExcEv^DZSa5d}JkE*M@N
z=ii6xHj5tf{sl^%6P<V*KC{lY>Bn>e`A1q?bCOryLN6b&ndU|cWF4Q7C$AEonUH*u
zcRg77S41Z*l(!MB3vYiOjOve$*YVKTB8ke$lq@#Nuh|=4r<Wi478{8go8GH|x{KhA
ze)5buWIT?ztx?&L&X9RzlNsv9cbnSVm>E$!x2OV{kxpiy*3N>4Ik#cY-^?oOS~h$Q
zjaxJQQud7<vATL)gNVPqZU`-lh=2W=%zN6_+X7F#X~U)o+C%iKQ|I});~RIZ?E-t(
zqv%p)p951`JScCWW+YWB$W%FCLb^`SIw_RRQs0zWvBAZn?KScP{K%Zyw}_Z63c>P<
zF=o-_f~Hm1W@28v)71J{Tg0tj;&lf#hX5buCpg3Yatb||wwLYZ+UEb4TAKeb&*Nvo
z%^?u0j;Q{yJS@z%C;H|oa&;2?htQ2Dh-gD`YQ~M&u^Q$=uutJc31Dq#(B5Kky!mM`
z^<E~?KWtcxZPYJ0`PtPvv-Gc<h^O+sD*o7d!qxWI4jDV4?}$w^UdG;Lq<=<KqH7&?
zt30Qv!O_zYjNyW?z7wgfiRbZPfQpf&3{~o2(H^R!W3toC?68_No_$(g$>EAjCvB<{
zl{vN!%q>r$;1wax9ne?Zi5U}u*L-2-TloZSdjd_QBKQ#X`wAJ#r1!C3-YS!5#ZdN{
z{mSWcn3@w|PXZl#^|eK8lpJJy$m?<{<}rg97l{m&829HbIkCr(1)`JiwE*|{d!M3b
zKue?}!sL@5JC`31<QH^)HDO3xA4wOa86+z{U5PO{lJGd%6fllJ#<LAr_jTWGR~*du
zd{VL}@k8QJ6nU5^1K4QOL1$Mllz~(Oe>U-6=SU&m#t-%De9QU7L_$+AgYWaKz#Z6;
z`XE<_PXqe>gL@H3&26G`86#u#foJ`kuYcaDdzq`KQr`9xy`eNfT;Tfvk9~ozSIH4&
zL;W*;lQ8R9fW}Av4GPs9b!xCiWDrr%z2bJ!C3O6taj!Ra=kyoqY(>(-pTq~nJ_RDw
z%^pK{;WSnf%0LBO&f`tdX)#ejl&p8w{jaFs4m)`DB=Ny~&P5QVmnU+Ya<=m?Vv!k4
zDKbjmGimxS!6Wfqcb$c03xY#I=lUyxDQ9DZ@j!WBASarpks7j}6)dV09JeCM5gQ`^
zyYbfojf`pm_a+FA-tLe~gxMz%;5p5YJ`cNo`@=>ZEUI%U*nia*@8Y}clJ~SY?31g-
zWCkv75X7|ww(u1A%Jeb!JirW&Xe(~nj=z8nQk3Jx*j|s;P9M;W4L^;;3*+Or%*ZF>
zL~5xH;6Do)1Uqf@VOYDc;G?$Y(@$#9cnzFd>JTm+8q_1@g*w-sKCBT{+1o=TX>k(~
zAik&U82|CcCTSCaJ|;s`8ewK!GuVk7ZcK%GDqdx?Pz#QwYVG|!xJtGK3ZF6f@de;3
z{Y?h!9#*)|dKD#R%PN!aW_v09`gJaVl5T+ySY7cSbH%o;fNy_oIS{SELH-tvS=U0|
z@VcDt|NTQLYPBbOMtCYcSmpDEI^7U|*mDz7UcA$hQ;n=yT5zhC_C`rAI62G}h0zOF
z))YD!8z)gHDe7c<IsQ#EVZyyx?j9*Gc#c=ch5WZQ4bg5{&J~cJB1D-PF7N{x$&yzK
z2tNr4?yDCZ=z)MMg!I~q%$e}QmFTO?N9JIBMcaoNg3mJ``NbH!V<e4zzOfs>IKA2B
z@qD#9Evio;okuA=D6R`2)DCxfOj04LdOVTpfUt<aZz2@oUhhZm)K_Al<@Kz@C&eBH
zq|CF;A->N}x#Lg^huch*ctq#M#`sMDsBBhw7{UDIZinuZ2=xwDh)2nO-}tJ}Ty{m1
zcFSZuGsaO}E*KaO$A1e7d>13`!N^!f^|as7KOO@|&qn{aGpy}r_qqc5KcgTquoJI|
z$rBv6r&!(lZj*K>9O6Q-q83r6q8;Lfk#=ww*ao3@3=jvSGrQ&suK`I0gRDUSUX_v)
zhj1xwbLeF-U@3AaU*A0hDg$kDHW&-WI-GI#ZKq?8LHIG}m$Fe8VtuBYW7PA#pFdjX
zvcl62l^6O>=c*xfOEtQ%k=O0>i_Jm4BCfIFSYf!K_x=<vtAoGVV%E6Vx8gnsm57}L
zom%V_zoCV1>qetb<{yY#vVa=kXHVuiul}=p2mY`*Tc-OJg^b5Iw@gEUb$~3kjw-E^
zP4-jW(uNbFXBPHC#+J*Qcr<W{9FA}p<ir|Nhm?V?%%|;0+wmb_-0QN>lxbr2esSen
zFoWBR9yrViWR8d8I=&%a4O$tOr-E`39}*9kG}OMvS4EFeOsLdh;d~o#2Njp9irazR
z)%hnt$7jX%GD+W6T~i0PWeOi2M@jQ37L-mKmP?06OIp^$Wk9PiJ-S|=fA*&~X+@H*
zuvBvnnlqniY~GXJ@q`_$P+tARBe8gUvxg8uWRB7<R++EHXR6r{JbBk7N~oeG1{{PE
z7Gqai$Ks?n8cM?h<WdbF37*TGPo2x8@)IIVBs^u69=-eUZTtb-9p0~d>ssM2G)s<+
z=<(mge4GhaeLS#8)t?LFO_-Np`x$K|D&AWb!UY~6gnzl{y=;EyAep8=6Q69~P?UgG
zIEY#V1O%5$qM60$3lgAU$fOrnc7Q6kr{~_dntA%FuMrrl<-}S8+{3ts@Ke8XQ7E{n
zB8=ow!)tETeT~{3zNhDI;5(yw?U=e$Z(r|9EB!>G?_t?$Z|_hMmTkA+DJ9qE_Gr#F
zBDUyMO;xgtyZa8^UPAwsx9&s{WWT1I#fnJvNnufOahz{+I|?_{eB1_^r~2>)|Mcr(
zwL4<RRLltpN6l&mpe}#DKNN1-vs-6u%FV;wy{zL3B-WRnh1R!X3C;&<tw+IAcnUVn
z9*!NpZ1y8PwNFz-P2c_Sq0pVKoB64-)QPod9y3TYh(kkCnm&V$oPPGZyb~(M0t1`)
zN6LcCp>7GwkNQa`&DC|J!b9G_Ve_jpNvSN9$_LrHfubS-fN$=KL1uFIl<zT@gQf;+
z?X_^AnxE`7K}0yyKSl+Zm-><kA^c1Qa23%|$A0JS^*l!3_;|SJQ<w{xQ(MtnG<1+s
zB1jRvK`59Ze@FXmx#>BjoJZN^2G2=U+PGJ*jykGOxwLVrpA}GTx*{#5e^4tGX-~Tw
z+&@P8Wq<@+009<CyP5T)sT=D9FTV7+34!ui>TnL%EpO||^*uE)@rC$0iH>a9d78r;
zSq2rd;!@7d@T&<r987wiwp+@&8iV$R<?Z+_u&LR@G3VsoRrkuLg75wa`R{&lhCoMm
zt=RXA*Y3gNT*vyaasV%)WvZEYnTrCBpK1>5@<C`2z-={C6lT~=<*{oF9vmPp<zfYf
zlkJbQoahe&^23Tuzl#4`rgrk_g!aYIncG$6*82N_aw^;QH*#_ZCv*7#;l67jrwP-A
z9{7P@esgpazrdP1i*Y})B5Bt12Zs)7m9pH!TOu^jPIG$Ybz>J(ZcOX^J#E9F+I5Gp
z+>+t1frrC`G%O9=u^HzJ8LD1yQMM;g%PHz#zLlEczIzD<Jbwa<>Y+GC?rvV%1>>)!
zylcPlb3`K}I5*wcF9##UQQ<BoO6mx3tJXyg|B$LG#L`tGu=fwtdK=e|RD87M<yvBp
z^ytPDO^rb*Wk5d~MY7VdnCj1-+6aX;x|Q#10Nk6M_LEbuT9Df+Dkq5Tnb!5G4Z|8?
zqn?{m_3lM-vI1wL`0Dd0f;Rmw*C<&BXu)CG6GE4woz)EtR0Zh;_-VJSj*8)QEE2Fn
z4wz@o38JAi7#As3k(uG*_n>Q|$v8!&r4+){^1UMD%MlJw*-1@pt+u9<6Yc8`Ha}RQ
z0pZq*nB&Ht80zTS{r<VZZ<+qVl(mPJiO-5SB!PAG4e2vGn!neluIt)&%sa8<9$7v_
zHlL6iaa0LE6t3CuS-9b;9eYb`|DY>rkv^+fxi&*r`3>RdUU(9AkFYscth8C(SFPG!
z95y_>t>`W&=?9JbQukX2Xq@ES9154U0;S5C(NQ?e@2TnOFSj_-cu0$agEAt@9NP(b
ze+!QN%hUO!ZC+9I)dNG*^`16()|?wSuJ_SQI2PkVq^D$u7An8f337mo50XI@^WQX@
zL&|)AJKMtYxw}Vh+=EQ^`}0}d@Xx&Z&itCAxCZNQ7B>ci?571ND%gwFb5FC~f5j@u
zH4N+Do}T&=5=&aOFeC@#N8E)|Kn9B$&SbE6qrVy^GP6tlLlK*2?NrQERNF;~?OY1U
z-O;$14YoG7_yG;CXB%Ygr0;T`nO%yT{l9h20r;%iVc_HNk37>cL4^3z(LeZALe1sp
zweaXek-fLiW=&29e{T$(ur`l)pt#9_PYhKpmKhPOK<+okKo4%&>Ds75{%!$4qb?8c
zqOo^A!ZwU1$@F{t7fbL5-!^Gp56?J;5(Tc<CHS!fpbt_|zf5`>0yiZn*n!#&VPr(%
zy3Qo65rpY5k1+%1Ums}0ZuS&Q@Q1%T+bivc^B;{Xi7y+-_h~S9ykYbaKuU0wf&~A?
z%%A{~@5vJ+j4D>{M8k+D6#I|N@i6jRc9a$aNn+)oAgJb#*r{t!h)gYanqj_GDbC_}
zQ%vZu@ba>Si&~M<Qunn-fA!H7McYc)YoOO;&Oq%u+@N^)pBxh<M%Q|3Y#vSYRXG%q
zi{%s?d$e38VGQx}k!zA#ppUayIPIx3P<ASR%@lgrnpRA`#~EFGH*Y8fU4oPDX#eP%
zkH&H~rDZ=)e9)8EGHI3c*S=B-chW%sQD3+yix@PRCog0=<MYyQAIj|RptIoWQ{Edb
z$aP;=-$&3$JTfFVCO^2f%&uhFgPkgJp1$tDJ9H}X$6##k4wY070J$C=S%NP%DDXFO
zn79=@H5fD&EKD)ncd_uT+%DE2RC&&lE*60h`=>68BMR50A0WO|Rrc4x^$+zPHF0*q
zGA~;<0$FUz9L4WmLk)JUW3e3?u9}n1!!N%}v|KseNPG0gVc>HdPtRztn#nOSdRm1K
zWtgkOTe>vxXMAJZfT&<~!hNcgY*Z)l8M`A_Z{@D}<wk7K2LB2DajqwXN!oIl8cCRT
zK`0Zir`2)xj+mu52aFN86kW^w6!#q?@pp`Uk2nPiYkU=4PNahY@i}sL`E9Vhi(w<;
zhF^27Zo-9o#L5t)7SUj&zHwmUL!8tp=$5ANK705#=g?-`fWbLps|^U#OkmLc_2Cm~
zYJH5o8I}T+y3j;@lN3m-&Q(8_&os%P7~ItFlTPA)ljp;;<z|RK1WW^$2oF5$&mro_
zp_IiDN77klPo<4WP(VJ(K;d%<cy4dJ7Lmysp*{i}z3G@l)G}x?{zChD?l{Qd-$AG<
zua8yx%5$a>0Ccx+!S2e3@NrNEM;Ej=S`bg?eyWJmF)A05v)AfMj$t4{S<>s1ws4IO
z<+yOv?hHi^42^;wu?x++C=Gu;Rq??n6PlwN_;{BrPP~?=S1<&{K3AJBu`jMzu*NM;
zH-63)vuR^!)Hswks2xkmNx(_z&+smJ7n=S&x+E0l1Ol6eW3O6xq(g?VL}YPSC&Ka6
ztwr-yo3VE-TmL4oU!&^op=}uK%@2@@S2cK0`A>^#|H@ml=bvkv%G|rWvz`!=TWaXq
z<bT)3aI>b{x?Qq#g<cXbyDy(>vEv6mGB&OC-8zBQQ@oe^IdeG?c`e7Vb`{@P8(;yG
zFi67-0Qx+C9L{YU5?Z=7a*3ohZZ27^UVx!PZL4&ve2VVxq#YK?zpm7oR|thiL)xTp
z^&)>BYx?~w;YXq+4AsLDF$`0J_kDO-`cCG*dX&JZZFnc&wgqN_#GI#})UV+SamOK+
z8$g6X_-UqP5DE&hBj>ruX#!rqr_3M8EEg03{6*Q7FDC<)kOM+kGu|;J)00Rx#VIc-
z#)d*HZfbDCOhBI!KX2Gh9!xZM;w;B!nGNZao;KF?Xy`1S^ThCdT~jUrHD8IiserqL
zOfa${+a*lcMm3T?&^~t(82xkJa!=k>|5F@U=5`D6+*uYERch#FzZZm<9^Bgd)!)oO
z6$u4Lo|r-Ky(Oztml3tKnOwJfw?l~tJqK(+X}~IN9Qi_Bx<exT>WF$7TO#@0@p~N=
zw%AyYV&ZUYY$j)R$C0}>FZ)B^%})qG{|RXkGBy{p9T?%*CY3*D(;Y%+Lg%VkCj||v
zp{f*M)%|5W4=LMB&yLa8WkqhjV9^TTO2@W{@4qQtUHXW0K-1-HS~aLA2zNo3`dy^V
zF19E(HTiv^P*~%hey1x}AL@JA#}M9D;*4a;l!Zrp%1t2ABWmS7;~|%3Cmv!JQKG}}
z1>NyW@BRg%EVdoBV?2~AK@7|M<bw_Me+v8RptzcETih+UTd=|1-90e4ySqDsySux)
z2Mz8L+zG*50>SO^-QT-)zx)1qQ`J**`s`laReh?a&)$3OMcy1^n>{e7Fp!@#R{ou9
z)K2v=iyVy&G+F<wmPel?JaOHhkNoblqWq`fw+}aVxvT`~+8or0RF@(f&X@46nAF9n
z?UWS=%!7JO#4SPz?fLs;+44-wdP;cA_Iid*U=@1S+_(W&=Z?I_p-9pl-ZV4jY~Bn>
zsLBK&s!M+4OD?XmhQt8FX6gv%hA2rD(V2T>pn3=ns7}{I3y)_e-BfDW^0Y5B4HYMk
za=&N)jQPzg6tiyd%f)h74aFV#tn9wFfQ&X%bD_zICi+u%psN9bER(PbMf;6oDVj?b
zdveg%4#K&(eR|^Q_sbnT*yo*uRZ#MB_O0y^UvK`>Xo!IQLl3I1p*St!Q^px4&}XXB
z|K&aR^ZfPfR+h>j(!o1VjGgv)Gr6*S*y`8r^>FiZ#p9>Y>&cUW;HK{OuV1g%m(QG_
zR=U9}`StJXxKEW6(CiaI;z*pL&8pZAnNy7sF8!wV(2;ckNTB@$yTG9yH?y<X1MbFi
zl^#!YLX&>3nF&(p+$X5nTA4;NC=@L1U?ycYknH%E{j&yo*m`8gXIl<%G`7I2Vrpnr
zr>W(_0u&!pa`7CJOF0LG;H)V6H2aK_-)pPzqRJ~Vs)H_^#!=F0F=YK7b9iLMa!j~?
zGx1`}+%w`W)rh`)ul3Z~puDG<`oQ$rUvHOrCy(N}dyb6HBsG~5>6#-{pSfh3K`-e~
z0;y)mizk>Rdwx%&grug7LnoV~ucQZG*fa^X9&J0tS#OOFgMUQGHAh|QvU=#U_=b&H
z$C~sia8K!SXQ42mMS(q|=VDqeyVCF7ut^>2<>;@N*0U_V>rxahE-_#<CKX8?!+<W@
zX?DG4!C-;RQW6eAuw!ziY1#g>8W@C-3fjZ6Hq99`Tl*qCjR{Y2YO5(o_BV;%1)$N-
zdsvlSW3FmEl#}h4H2%(}#hpgP$=sFvp@)%RtR~L>#;?5;X>Z&CG;o`-t5F}XSVEt7
z)@=iu#46yzok0UuNeJ^zZ%Cl@TB{-5XD9Spv#wU2g-1=B6X;0b5Xm)0h78<@g0vd+
z%X(If6b3Sgt&TjwPb5QeS{`3)3w@g8^>?#ze+Yx464=65;`0`jjUj|Fdu>dKlMg9>
z!R@l30-vb-4e1&53jTMRdp@6|7&izy&{YGd0Jml|(o3hrJYtKR^{`^_K7Kg)>5r@b
z<m8CcLS=Ez8Be$gtQ62S<~+>gfpSJG%loWHH6dU#&u6g`;Rgo3MkK;TMnFThA%5NQ
zi>SSGTjHhmc0va53*nkRy>C^Qe3!yM$)MGcNdi^?KVwv|18fg|pNVit@Qiu2C=}-j
zBhN)%sWh3qEhKZ35y?w9gP}MKv#q|4O1D&MLCqSzp1hf8v9d=co<n(LpglVOw*w&(
z>b|0lO`bl8@Ku)2FV9!7=sJI1aBRJ=@I8?Zb!{iId$A*IP@=_Z!_yt`25NDx<&Q~!
z*Rlh~16i&H%_ygsXidx<aRaE$@11gml31zfl2dds3!VcRuzpOnk88`)FSAQmSyo-I
zf3u=IS}C^dKWHY8+7QhLvBOc97{y$aq6rI6T}xgLB>fT>a->pK`?#Cz!nDjWzee)f
zjW19n*U`=*Ghx>oj?anOH;YgEL4T}a5W7CjM7XwXLsp~4R;Jy>PMPV17;Kd}shJ^{
zj1W?DIVT(HoNsCnm8!zaX9srSt2?D#q3?FV1KlX=X_0a)Bp%-cY9YdP`xIm&Fb-Nh
z4ibRNzAJm|c+BgI47n<?A~)frd2d2o`FLeGN2$7^3sfIxHS}xs_~zD#nb_7?a?edO
zGtfl}l<gB~X=|_wBTDkboBZwx7Z!ktEGI_(tz&GHbUq&ae8k*_E#?BXND{VG%*hu>
zLtn(&E&oy#vuV@~ic<N0<|@<*>SYme3LNGdT193-qZjDnC%tWQzu~crhz52dU<AHq
zt-)uMyT2ShAKr(5_lU^m(XEJPwZh-yK7p$Q9_<dsVcDTYZj*~c96N9eg1KjZh*&9j
z9t{OQcx<mczy5TfBcQok6%oc_GU8>z+$*HYE05Uj_S>=qEvy}x&2nkvi&DRAIl~jS
zN*Lfym;HKtSgE%+ipbOwQy~dEnY<D^qAj7W_pO^$aRXm3<2nvs_j?h$6>EM6w0QDk
zmDo0E|MXP?z2^|xNkV0LYUH2uE>K+K+@_z~!Be@BXij!3zMHl=P{(`Z%5cu^&Lshw
zdaropqKH#Kll(!Q5L#^WIMHcty+VY8kx!P24OZw#_sMv0sP?C$TlF`G##k#wg%BK7
zPt<BSLq$wN8`6H_MJx5auVSubeJGqo&?12EM%96twFu#1wV6cnG?fsp9#+epUg2%8
zV@|icQblu~=GvSVGd!B{9Gq{587^`mY`QvS&ZMj$YR1`=${M8IbP~f(=rugUr(tTC
zW)pP@!4O(v_DW7l`r$kp|7HXRI7D=bYtJwPQ}+U(thUv0c8k?$^GzGVnit`t5M<ZS
z4X;^KP4i()XVhj<HmpoQBsme$jwe>ic6*3d$Cc4HY^$qZjg@)KaP-QneQ;u|i?KNN
zcDv#r4jAlUjK~VkALtS2sOQY1qJI!tZZr;O-RD*da8{|+_30x)GB{})PIEdN<%mC%
z!DUw&#^1kY%+QVVi3BE9S0g^}7E$0@IsJjcCa2@GZh#NqE=}$2=P=c&g7Y9u$dX^o
ztyw6>U*V&ngW0$|YKHpEH!LdjNWb-4Z|(U4diGnqXWWJ>rhp1-s#-e<>V(Sc-Gx%%
z=XK;1wKz7fzM44i4v$tVLNIN~puAIB|84GB37&Z9+#!S;khjZ(LL@u7=jc6uB8Lf8
zbMlmXtyBGrLF~=Gb+=jq&q_pBm~*K+g2Q(-x(laZ4_ZI>@i>h7XVeMfba;Xni{QF3
z=-|9;%Xr7Q)EM5eeyl#fNDYWS7lw$W^I}uPG+}*sgY>Gf#xS?0L@TZoRw?it!T7Mw
zoJQEh*OIK8un0-{Cx%{ecoTl6F7^h&GH6MM#Fdwh!!A4;e(HW48v<iZ5c{^B1e!N|
zm0$W7=`WHtzg!bH$OI9_k{WIAC1(^@kZc1MOc+?Pi~s<x(RM<S=F(a=Tc;`$5{J9j
zUF-whj+BPjiE@|&lqPS)p+OK?PPOnJh2n*V|9Y^UVO;p&C^1qt2c{56<UuZO0^+xP
z6MeBc(3_tVri((M^@S2Pu=?qn+F9qgzum1yGZ5oa;=>TtgF&H73KgoFXcSZglGLSu
z{u*J9i56rbH@2Q`b6>)3DRT))8JU6c8mpVe9e!YN6OvOd&F)V8D7KOpDo)SbtC=<x
zy26}Jw2<1)B-)-K-%hBz3z4R4DM9)Wj7MzmbnvGe;d_nl{Au=-MDoMgM5fI!t3l>!
zl=m{hUyj5|KKCKS1eK^nB(yy+5LsDYlL=MwUPo8PA|X>4_w5YU_w>}OUB0!WGyxAk
zEmCfA8#atMN=~z|uT9rYVb1x>!G)~4gMkyt9SEuSIsy3IPD?_43%0wGib=B}SeF@1
zd&QB2C%OkaFCDuQCrLo@FR|^?dw)oxVsI@q%!c&FBP&_as*>BR^sI|6K(M6;sL4pe
zmG1MuqBbl?slvrMawE-4+%8^I*+z=FpK+UHHZs?S|3FH?*J)X`JAHkoQsKfVFwyZ8
zj?(em|8=(eC@eqXd6+B!rL1_T!cX9)gyzdr6wjyW?6ej`=v(R3ib4R%XqK8^vQa?8
z8q-VF=3T?RA2T+>JhZFL2KvzV?=+`-fNbH`)s5o#?c)rd7jI_NJ_4O-K%bcqP8H`$
z1t5NI2Qt@iRH@3Z(aeN0Pw>jP{T?!aR5Zb7{8>|=K@XzXDT713?}^MMTh78zh5B&P
z$T{asVU)OwLS2NHXN|Rnt5!Z&9eL*QAdi}hVdRMFTC$Co_XX0Ufzn__HYts(+Sgr@
z?p;D|={XS!0VtxZodgQsk4rhFJf$@eh3%M6zTQ{Bv*vC>WuBX*0GHzIf8DKBp>;4y
z9VOt?I^bL*%>hw2k_@Ma852X~IW<&hwsUNzj1I{-248lbr=ySRfBk45y3&|DnPRo;
zUx7yt+X*vOk|3*i1jUi<`1#0vV~^Vz-}IQt!<_0M_Dd=}#MGoOT6T&RHWk+p)E?Yy
z$;dbMGe|Ux)_dkh6f9N@_aru4HiYRU#R-H=3K9y#S*HL4$_hN4YU;UYN2;cgJnEoT
z?G@Ni7(xwssW0^BP{@PJccKn3y^e;CA&zO@i1Qt=*W%DbfyM=3%+|+4s-JPLv_xGJ
z8Puu;<7zut*_vak6*w75MLEY#N{tw8{<c!pcC|2X-fqop+eeN~(N*p!scmlVO&YU*
zh;xbSxLg}pU*-8zw&u2<r*29m3NaJQ`J*tEb9)(o(eLFbp{^aSw+*Pc?!M!mP;u2l
z&V=SO#%^3o0dYV;h!N8Nq{H6rzz9R+!{+~@$9TX629$KKQ;v9v@<v^igg4~qk+wl|
zB>g6_5RMMBrNbjHLx9$uiP|8W5kHX59<zMSqhh$9WfYM;!jwpp`XY&tplb8OR0%t(
z<u)A`1zkKv1%uaf+cDcDAg58)c`qYTT=^cr17jks3rfO|EVUAI`Rf#^Ce3mHBTT@{
zn6^7WTyPC;wU9C!c%Kq6tU$k6?gYe4u&A+s)NmHXqb{<ds&bjEtXHt}P-IQ+!xDnW
z5wqnHDZ(Dvj}=)B8Q$(jgwFWR=|DylPKcl6lDuZu?ao6fa;R=h&aA5S2q?^ZV--o(
zaq7$50sX4OBM#!AZ~u_gS|vhhKE0sl9OZP87`oBYWLH5}wZoCI8snL`Pf+i~3S`L3
zR<2q4taT;@cy$2Y_>gm(k?*t4!4v+xA<<z>K@WQf&MrpCp_?Y${>fm4XDTnl;Q|sZ
z_kI~`s*ZO1$v`bzJ)B-G+H;?^vE#&;oe;vT0aBX1P4S{%j$J^`G|SPY^@m<OSj|@R
z4E_nk565Wi1C&Ah$c=p!D-0Z(XmL%z0gpKU(K#c{5<_2S3=z=+RRZph0cqQrh$@aU
zC`Z`8Kx73Ouw#M~*K$xjpMe}o_&aZ#kF6v4#4=QLHoy^7+M__uuH{3L{oo%^*iUg^
z4B83dK6+219V^teqXb#QQxM$LYMhYdgq;$g0#7`m*Z9jq8ltTRVO9d_G)R65pB;i~
z1N7!DJ-BJxv>{|v1*W`1+NiaL&Eju3yBvlRMOk4LYoIuoR)1E7ig1y@5!PT^<2gtS
z5IZzCSgh(F_`~Kl$=|b{>DB|ZvEe+zKuU;Jh^*Xw%ybM+hb|`?bO5-Bka-7nKBTHz
zm0Ckm|3ABj5_hPbn#8FK?Mvo~0Jf9*2^Hi&leNahD&fZ2qRO?0&xH;|x3g!pIT<Rt
zB2^EPoD2Rt9q-3q4gR*@N}j&jauBFzcg{O^<y4f5UZC(FhA%bjG#z8QM@qz-ft(l2
z&cie&payO8ji2X}=NdMj3F4Bd|Nia}syFI!uJh}I|48gnhZ8YHEEgOS*2c(%(tT{2
zpf$qE*&^Y3apbSTRtT&pBK*;SG@y*eGr5kLFbuJz5|i$+M_iRxF~G+v#+N8jnN?1I
zMyky{i9%^Bv#;O$KC09hr-YZr0zwSpg+qAo0WM_EsV~q|vxhT|7h%kOZv$R)mT7o4
z{epBDQ{zZUCqg<!k@G7rlVON%NmRjvh{(3$tK6k|q>m)Xbhs=|zGU!0DP9gCy9}CQ
zj_jK$rJI{kI8F>h7q*TC^(&Noh6)pG-MtsX-l^kM-;eIdZyF(>eJ+fvKoCt_dhG{`
z_tJe>X=`{nFgHGY89<d<4Lx}Mx$l^x7HE0m*R5ApY_rJ_M;0L|3BjLbZ}g}hUW@I1
zDlcf+bw!sI51URX6Rq}`-#4%#9enCD`YZQ<>ucK0ROe0_*iSe5Ib{-R#JrXy!NdQN
z+DoR4Sr0JEk-v|4Rw<KG1);#i1N!eZs@Pw7bc6ykvpV-Xd2OM`Th+?S3JkAV8JCkX
z7|c4glfDF0e<w8DD4-irBQ5!?%fZguKi+h#vKfd=Sw}<`R=}kY^OQ)oK_iW>K6XXQ
zD#9X=T!fM=OTVf<j@?;}l%^aTCcaAp9q$9(tQYRmEFPmwOHlf%0~&Iqr3sJYwAo{!
z&=C#9a*IcXyqF8F5Zs9wZ7|RrO2B8_SG`Wyq8zIH&B81igYT=PKZ@4SAF6B0i}*ny
zn>sc?MlL6gxgsqiM@W!7-GUiDBTuy0J`F#QwIOj7Y_{W6S|qnmm>zwo6R^M|G81xQ
zZ<KOVpWB-%L8x*_16qJCGlf@m+A1nd$Fs2K72(GfOi=)Zx-q(^8~zQp%nni|WWpD@
zc-nkjbX_>;;(iZ*CV~_W3NW|+9?_|kvol)kvV#%zU8$aQo)(3XiCUB)N=-U7vmY^w
zKAorOl;MQxd&#qi10|V;CmR3_D2bgkNuH6Q{Ad$vocn;k0Fr;;DMnI5_(mTnjf0iS
zy3BfbK8#O0i>UpDiyo+~!gBr1l-1}qYASuaE-j8lJQ09pJV69w=i|naTC&nc)Bb1c
z7KdqDNiKFHo#~hEb`R*G+j=<GG~vi0&yFi3CejoMEr8OKxxM{|v>O=N>DI%yR`=fR
zDJB1NBw@eg5s+1zCOh+~h}Vi3)e440uY4-LXlLdlbGpdz$XxC2qZWO>=G`fEj*h-^
zvi6dU5vhxo8BiK1r@yJIY*7%^)2?IP*roBKp1}ksSXR!p+g0JW2F+JxC<ObiW3QAD
zvxH*E=)#1V4l$n$eFMvs?|<r)@J}xW7P189z_ds{{f|y&uJydvh#bP$I@I(?R*=CH
zIZO>sCeDO#6~)=gvfmtuBL@n)XaM$UX%cBglEq_3r06)~hiZL`JC=G;?AcSC)VcnS
zkkzR~Ftqltfh4+#EeWLaupF{Z0m}4&HM%Rb`(;`*e&(JpC_ZzvJ7Ku$cQ<#_8y+4j
z4wo%l4xp<%3s(GA*Cn+|2%`Xm7aPvQ>Kaez5C?KfqzQ0pK?#r9TzNO`LgY`D|F8_*
z67P6x)K?!_y3C@fTLE+K!pE%n&70;y2~R`9uUvz#7E!xK^GzA)P|Lfnq+OkwDx9T+
zRpx2#KH2n>%`Zv*QQpnrx}L)~@2Qf;z()DSArR@iZ7urcZdXnj1k#)~I{oi?q2{B4
z6%*Nvd(3IE51<)ev`K~BcMLHXgK|}mO69>jl5A7qCz30HeS-{tU^z2+n_lh6gLogy
zMTOBY^Wy4Is2yie#HlZWQQ(ByT17}L#FT4T-R#@Iu)i$k)V^W+k(aTD@HY2puv0gy
zB&g$sImOj(p{c_Ae4f~P5Ud3gA;@^3Ly)09v504fExJmxwvH65v9(Va-aJOkmR_a>
z+f~UvI0DPHwH)M63<NJOod(!as8F!LYsXNBAI6w4Tx-L&9ZW{NV+}_K+bdsS;aDop
zS=_~VK45=623|Gn;AZ2G{%OM{8bPqg0hKfXE{XJJ%!&%F34QVf#!nvBkhFOhyn*r(
zFBa9@U_Ul<@iZI{O+1<Q@uk>1aI-~XwpbQMaR>1bm<>WGLxq)+_C-fb-xJAjj-tJA
z`xBZGjeZZA5b&m)pqC2(Fh+J`yzgdTe-%I_z7Ya*rp8va_@sJMG5w+ZNdT{AAQx4x
zzjqr?E8pkm0Nu*N?_oEilrh!u<3hNL+5&qp(P*k5f(_xY1^NfZqo)S?k|NO`lS<q!
z1Ksfm3J6&HMR~QYibo&MOLTzaP&G@P-YL^%CZzgT=c9X<qj#}C5GT3FKtNuKZN}iK
zj?51-iE+PFL2(V4{%KDS(5K@IWaF8YvZ-4uKxK{Z4QdUc9Fs2w&~XPX!EaMFKH4h7
z&vm7#_yfW9cCh_f?jX`H(8;<qB&%tvec;JWN2+8qvr9=>gXT%nLNYyEPAk;e|J2H9
zWZG4TMt8~xNdWjwB^grYqM~_BfPYD(37hIa6OwtBwK00fh<fAleIE-z9&T^JzpU<g
zdlai9Rp;^b5<Aafza@Q^GPEr5AJJeQyNA!Jw4SzCxZ1><u5R;RI$w$XA$a`Y^Csvg
zTL0F6XH`lw1Iq!MLW#CKKn;5SGb+S>LxQCgVy{IT^ea&S)f85^t}1?p#K+1-139r!
zrj49^`2BhEgB-B*LenG%O4>JBY;B<Hp^u{T(@%L7iG>Y!4^c<DDNfGK^HnryvmU?;
z1MCjGcO#f5S0F;Wck*=V-h>tGjI1xGX<7tSzWqtQc-p!w$i{QFBP~KiI4Y^>AfC!;
zh1!xn(xE~wc+9)kS%q@5HZO&;q8Nxk-4qy=we<mVM4$MaJRa$Spfq}={gShg?lBIl
zjPY%;5Pdr5)@>^o`G0ydF}XZL)BI|(O{jTKGSy7nm9Vp~pi(e%F@#5xHpo-v9_TtE
z4SJ(&vx8?F{JzexHfdsm-5rUL8FM#5537gZyQajmAH-cYi*@v4uip|gFKkP$40T=3
z=x=cwvT87RJzj@0r~v^{m#E6RPsWkPaDsN=gnVMD(iK|1!4a8mh+{VDAX7Y;{rL30
zyn~3lC=IIW))cCPD|i)=2$&L&XOzekIp%r^h@vt+;ikgR;m(*S(uJSmYSw#}QLpd<
z^ei&tcI_BRZxq5so{!bBb3Lt5n-G+sJdGtwMOf!rG<k`Eva6+mnE~9Ws25ZRM_Tk8
z6!76V+3O;J1v8K8riX6dqsNp12ulZFrn*ZqG3@2Gz$C;*RquOQD^@3{6g&fQ3E!^r
z1v4$-WSnNYi>x!T#>}aqqD#|6w!}+lT-G+&8}<mwmQz{eSxGblVKsuT_ayePUZ#eD
zwyV%sMI2L5aN4iF?&K_t<=?MMVb={XQs1$&OkR)XeJdpVV`FSM*wn0=!WxS?u%n0-
zsI94a=aj*wH7f6&Q+DxF(lFw%3&*m9YTa}(UiKvr6N8u#hob20M{^IPhsq*;xgqcG
z0z>w^SDBFDvt!k&GFTnO)j3wQJ$yR2@0_0N>~94?8{W|}t5nf-yP_f&s(Lib;w*Y`
zm<ql*RJ=s<ks}Rri`~f4A*liL-&k)sW`-cqAJ3RR`nJjk5_A{#v9AK|)pa4{FQdgB
zt;&2eylYgPu#uH*NNm^}T?N@l#ADw}@e=s<%%I&dvgAzDwB*#l_b6_@!A278+gQ9O
zZMN}%L=}4U%MHN{UsYW4W`G{u{1-%_I@S!*j2IcY)spR)Sfen^s(iAq4#L$<fE7Xn
zqU`NA-6uNCABEi(G}=fP0QXCLLCa40hEH0*si7;*;%_9e-DxuX17_Ws>iG(byP~Sh
zT+B;&^&m<a&6b`3WQh-ybi=`m7j++*C5~`V8-dk|L!Omz=h$Azmg+AUFw`-t`Oxey
z*2*;m5|PpBLv~k+)hyX>>po!aPJqGHE0t6Oh>g_#ByxmN>U-4Q0ma9?fN5?ZZNgHE
zC?m^if*YkFF0U1N-4}OmqRgpxJgt7X{HS?v+z~u5j1qh}w~L&v=rI?@sLH~1I-9Sc
zvTx2K3WGl~Jvm(R9qGyKD*ocY|7CWS2G210qtXa2?`dATkYB<Y$2DvJ%P9m!YqZ@t
z?f~?1@jdm_7gI{wF!gxlfDlp#K*`y$>OymTXqLwOw41TQQ8r09tjGIq$>61wQb_TO
z-#u4Z)jTU)d4|%XW3lW#r~0~KBW~9LWR}nGNvFt=(I_a1#lcAP2y;j7OZ_IhyY5D!
zD&ZZIUN@E77`p5})iI#Io$^8@G3+lgiv`3*t~@G_e>k1{ZKE=Lpo~2ph5f{I8SB@{
z#ffl3`3HaniF+F@ar$Cc+^QW=q<PKlbCbvCRtH5p<fgT~nvbnXVZ-^Mt!nHCLU{ek
ztf%%}d}e-P3q2sDH!Ym8M-qcc>e;wP89&8!6u#NC1YEso7RUhCfQB{^pGlW<S?Lbw
z=3G!UUv9<W`F@CGTIXH<>qF=13wI8mbt{-Y*`sD38Ac|f_G6QH|CalFtsNIqFnIz$
ze}Q7i`o@ONg&z9IpWtr{-7UBBAnu<R7hNP1qdf&T5UvO-k-161@;&UNhbV#{rt#S1
zqRJHY>MAjjN+!6(D};5|3Qny{oJf!MJ6@4h`ACchpqM7p7o&!2phIa4L}ShH(y5F(
z6p^dhWcWQUgURYqECFWJ;g1tZ_Le|tc5>xu9@dU@)Y*PnXSd96aNmw5L4V6!bZN1x
zjScH~=uR^)c-kljuhBSVsaT~*b-iqskgjBYW(U?OaEj+AXLFlHvC~bFIZ7h7G(~Wl
zIz3CU-ue90Eugu2&B@}4bHUbXiM$D9$5hb?Rn+n>R^sWN=9bz^T9X+e9lIqw)>vG7
zD*_UY>{^RAHj0>LP`Wi3fq3bs4O+ki69{2)j@^nT+|Afje6!VQ{WKsh;g4LEZ-+0;
zHx`IEX)cISsUpmRX2VqR*@q{AX5-_^*!kp>M-BWf-YQH`am{8whpi88b|;QAjSpQv
zD)+gc5GCtQrcA9QVW)xE^;E6c%Dc^?KW7J>I<dxgQ-x%<YfhaTK>wt?Z!(=OdyIXu
z>JD|kXr|(BaFVN&l>;cJ3QEy3_)bVhhkP2hyL5iAAZSCQl%rL^wYzqwB7D|nw~zC6
zob%Z?!Ds^w@T}+?dqG+4>rFNOHWMzvVr&iPjF?zh(Ers)PvAHRFSR^s#z5CJtwnp0
zDcW4=8HhmzZ&9QG8lh=mxP-)+a7V#jz;`&8pH)vCq-ak8_qWduj3&Egg(+dh6o~4s
z(-%W3_R1fziL#*^lYWK5VRc|skDa|KRV_ye#+6w9n1w+&h~&m_j+|^j2t__~17@mg
zHB!l5pxkbJLF#W6Sfk1tf&r}H#{x!_ZKP{b06u5KUCQJjAvg7yvvv>9YMMQX+@Y#;
zxdl1xvXtS2V7MFAU(Y&ZTBEdB<{CM@<vzDWk$<=vx&+<$g}oE!^!6q`fP$l6W5R^0
z7%^7_6Nx-dR`a6|k)**GDRN~%OqgA0_Vh4(&-pF4W24SJ6$~?(xEE44HF1=*C>Kl;
zZPPruA;a>Z<#P5x#8AF4k2J(R^9zLCFt4`B+H^*6orjqa*<GiKBb7Qr<fcXD8896V
zG%^vUFa+GsBjlPSf*<`0ZCr`0AK=A;RDkrQbJnBbd{8zJ<0bGFZU8!Pm?mmtdnW}X
zW4#~KQI=fOoJGbWlxa463TMfc9H*Wpo{sT__rU_BiDmpHhWR@@Lx`{m9TMbUvdyw!
zdVgEv5;C1>Iue$}!!z@Y$eaUgupt*)3^B_IDs{Jw(_xvU+@=5ndhjQWWhjYl4Mm3$
z1;cEkiQ}&}1bEUyy90)giRbCU&`2I=q>WJ?<TZtExH1bdM;ye{j<EvTMrJx0#XFM&
zGrFT7)1Kf|Ub&*n?6bW%>b5jYE+vcVY8TZ=Ehc3>=GM%U7Sd_y=M2+HlxEJ^J-|i}
z{R?YiEnWq`K3$(ce6;=BT4Q?bUjkBe{RU6^OiCxof(9DTA!Vq|Nq&|gBM|}PK{o~o
zDS(^5Ol0siMBKDmeiEa4e^f_Ytc!am{74qaDPi6EFoxXBMG|Y?%IdR7DN<BscupmP
zg9FZyXlf}HupEigak!&(iO7ZbnI|FnL_rIUqCb874M`Ner_njPq7Rfwi$Kif`;B$Y
zAnI9+JS`xIL%^olw<N1o8v9!&8OBe8aDlaxJ<NP%k^(BvW5sG|)TRaN)7w?H=B-gs
z*N!M0cGnI$hxG6gshZE^n;7?X)}<}8*cZiwdX^PL3~Ij%nxp}=XPLP$JkB3ET}{4U
zpC=g6w}r>2=YQtK%mY0J2ul1|O1~oED2EtD*%nBryy=$0?3>REbCZ+#`4KWcL5pUo
zne&ep_{I3u#OhfPFJoE4_&+6ir<UY`U<%|c<o_UAOVCwo#X#gw7Q;v*3*Y>{&Y2}t
zPU8z}O8Lgi)||xjdt5|EG4$J>0%E%8hLzRgAX){Xm1s)~AS_VnBH+uiPSJ=H;aRXM
z2@y`*!5m6yx)Fo4NKHe;l*MuGthv8d8Jr&gX_@dkjIXA}02dbiFQ2w!Tmh9LDAIA#
zSU{1pIGiN+Nq3PZGG5YFB)=apoFIslhKY4ZgNZs)kjJ{ZcUM(LYgfKXa;%ehZ*{28
zv&?1jC{-<R><Z)keQW%Siovi5>7zCB{;bxQ)c&k6(3g?C%qu6IfTjwv0YApfzAy>Z
zOk2uAm=d29#)!m$%8pTceowtn5EZ|#A&>(9T>qAi*|0Xu&AtK|NDH9F>7Mu<L<7I+
zlU4ZDDrxYST$J>PRE5G^ZUk8ZB-}0q_v1_YT@WRe(7Ev^rGu-Tw$acnam<)q6arT|
zD04CqKq4zhnXT;<Y3!DlRyaR=Yh+jCQIso8MHtJX`pDw1Bfr{Qh9t5NS~?dy^B6nE
z4>q@%o#+w`TgRf6n=CI|^l#Htgcn3U_l<pE#gG-H;Ix{`CEQ#56YJ-x2@y8;(@b2~
zyzti6E&-Bg@q3ez)@Cqw$xyB9hj}s$Blbt3sEe?*$a)^nFHu*`()mbDB=|~ZkEC?Y
zK^A4e&X=+qkuaFkZ+&-$pbm@p_R;yI=>hj$aJ6dtZjGyAqZ;iHuTwRh?R<rmFKTY&
zbBapXJVqso08@fG+OXTkX4CSB>YUV6x}~>Wa#m9XCc%p$Ct@8N(fe=I(1~r3dW$gT
zttzTqz8{xMid0_(eedvQ#4ZKicQ$%KVm5q1N8e4M8%rx<bkFFYK+0tNI|dNi5J0~%
zceq3|+C&BgL|?K4oG)c?=6|=jc_a{}!0l0d`|nr|@X{D)N<<f;jtcl?Gk4$|W_-2#
z#_o6BXl#aD|JL;B>c>L<m7f(_sE>hsiveN1a0H)G$AWMhE?_wXaWcxe;isPd$|GJ;
zYsig8m2Ky^o$3{vfVhc2xLXs6!PP20-zl-*WyL;pA?Hm%&xbVtjlJLOnP1)aVrKQx
zIsa0<j#|!t*tF#d7JoP({czyOCkVFqc6W6r(!1t=@8@@^FoU4TNdA`1=EK>-@Pq-U
zkGQ(>xyGwhhk>6tkwTDjl3+4t*1yL*Z!w0{MBIB<^%oqlKu=%}!Wmm8O4UX!>M_Bp
zxlDpKE_0~4+QDT(e|f^XDQeIz6&014u*kbQ+p)-f#1$7$aXWI08iv<}LWINdjGWAq
zSQ~8ERCj2GOC^}E@de;Az^R)(q$=HDdCub4^3&X_a!SS-HhDg5PLws-CRaYja5<f5
zTI|dv(Z~`aK`$^%Wve$@mEy`yR`KtoI$=thz%_Vsd_B0Ig<!zviqdnji*mb7<lzIt
zIgMHT7MJ(})0ZwzO<jWC32^a1frA`1EX)ZN6#ORjpI<^?LYF8YLSksOk*SQM^Sdd3
zLbwn{F0WVGQ2#|aQOB{4cFa=cjT#0NwF_+{>iCFOfP`h@b+bqwIZuCNva4NezO&<`
zYA1;X4Pju6^j&-~&Y|;)x<N=)+x(QZ4XfxkcD8i;U~p$_9+mbs{g}k+42>%S!5#VB
zK-wAHP+xt0ohAzFHMdGfIUJOYtE<{yWCYmFD_#Vc1-Becb&!@fz~}Al6l{kNT;~XT
z6f$&RfXtS{6eKfkI*4>gmU%Z0p*d2R9~rDY1|XpH4(-=Yhdn0)&uO=g3(rsqmI9ZJ
zgd}(!58^*7!|bB;hD-2H^)`Aqy0tv4aVFDl$w^G(6;nprA24>NB@)f5eDwxIA6^x<
zbC_UYGCIjO`>UcH7#8DpePR7cFkdRaz1(5N16tYZ!J&f8;Cf?A3SSj-VP>8qqZFp3
zMC+2P{mTP^2Llbz20y4mmCJ%YvkRWg+xvKf=9wp0-1i4lNT!{wzyDp?aFDyJPv<Qa
zKL~aWfUa;_VYIyuAW98r-!eLz&k%$RJ4^PaG!83HKQ0;RR9vsBOKv+Q>iIkqaGEG^
zfU1*E)!cwjBwz)Al!Zf&;F;#DtPAy@$8It1XZx<e9u?b)&AX=p`W@^?(M<+|Xp%*x
z=>*CMMhPq?vN*VLgc)q=RA<UK?oncY9H=Z)^cd!tJu&sDqrLqcCkpvtD;WB{5;Llz
z^A}SUdN%V;$1LR}7_Ut0$Urfj$a5!0P+e#2`8)t6k0=Ez%&vSu6ny@)f63yTJwS~(
z)L4zQ^_C=5A8*z1tlM*AmUK$_`n)hv^eR@GUrr`g71{3)Luf=4J2X`*u5#B+U5z=<
zd+FEP`d@B6$CQcyO8>eaF^R(Wq)LJOM!7sz)qe_gGFTTmWO_0JTzO3=erI_*f#}5<
zn=L?H*VhRbkab`CLSxD1WCkAceGG@b=pBrI_lpZsKnQK1qC_GhUxde10G@>=P(P2Q
zq2|%^y?N2Yk571d-F#DZf+>r_<?X-p&_cn1B8`^8O<zKTEK6%_k=qjqu}^mrnRizk
zu(3qcWK|x~{ZtbEwNL!}aZEkq7_^BkaK1@V|1<H=Az8Ys);gw#=tW*T3&AW}MsOVR
zpRBQO&R$wHp`$eH<g8MQ85AvRgD{hD@<z~_sUlu;PP*^}s{w<QcSF~7A#onjm;O`z
ztL|lbK54FRC2bm(ZO-o01Me6vH{`~AqG@xEUTK5EOsbf@Y5fuiSf2R5^FZp3GRjvd
z56Nh6G~}0lxcMUbr%*m^ngR4N)H3V+&K6n<>_d)bKGBIbVPoJ$RzXU?veqD@;5J#5
zzv2^?4OHGfP@tD`<faOQL8D&86H8MW*?tOC=PUCD+08&H$=FrH-$U<Un`g0)XtyDr
z`uFv-YnG&HGwhlf!H-hShk$O&ox1-Zl$dPMZbEq7oB&<C46^v#0?38#^DNGLis+e4
zLM%crATC0XXe(=0V<+&jMw8~(SqY%XIy=Z6aFp2drqng{cswhOGi^k^ueHE-4tw&T
ztCMmTKuq6AXfj==I$kz+$TNq>MA8l-(Mp@;8fOdg``-wZdzWVj*@IqrvPPM?`-bE#
zV5{kzt-VjXshz7u6GIW`&>wfpiv)yOkP9~*blvU#J`=;?eg?)d(>CnXy;M93d9i}A
z_ThxI5=E7Z82d40j6$PD6SLv<%(!7j?z#I;GVr5Wt;P5%UATP>2k$MvKmoR!rnE8Y
zPIzH9^ed`}vEow3et@7lXP&b%?S>``5im<8YcCU3d5kvCHP|6)Jb!!_=u=HhR*X@v
zR?z*_)p|tD76k-#YO>IqeLN=G5+p0Wp*O`h;nD9NG$VCjonL6O_g4hXXIy@8ol<L6
zgGX@8`hI$~tS#ByZBjUE#L1V1ne<@f&0*MtZEDTe5_z(gBS0Dz_s7Qv1>kSctyz|Z
znUp?eI+~8tw{|h`1aI*~>OOrE*48V{z-^$f(3~;3VyDy~+F5wzS4vDtQu6m40&N#K
zA{t{yjD}y7QF%`?zXj27ed>&^6?uDc7&<Zt1@mD70y@*G2nQ|YE6bhG<?}e{79veq
z74FoVyf(%zyg{2v)g3oeZ#w3kplVh}YS3@(h8k#&R|AC=LB{mIpj!84I{dcN>t2m%
z|NDk=6^`Y&;U753Qc>$Y>egPJg$><NPZT{#$1#H0>`I%hC9r6aqcp54QJY4UW7WaT
zom1|S)sA^pF<J1L(wn0@QK~weivh9@ju`{x(%yp6`=H%oNj29cdHeBY%mS^$2Og)5
z@tPvxp^l(A2sv$s^)QYtazx+MfOxf8x{Q;Clx;+z1y3uEG8pi3Qe$!-M5dXLc!{x8
zW4aGdd!EFGngp4F$Of|`%`l4Os0m^d;EHL9GnF}34@EixNAjLh9E>6$FP-SX7uH~0
ziYQf-1H_9!e`GH0_ervhjxj~}dO4Oe#5PXsIAQ*Q&LF|m{IY;=Fk$T82GIWW4ExYd
z1l})V=k>d|7o+hra(&0VM89;PpSs6hQ7Q~O#YuPG;92uXVJ}Iz96o~^W;5c4N*zX+
zimX_OcjFij5?8C0fFVAdhBCcKmbgD{m*r0^0%1f9sJpS@d7H2EmA36v-(gK0>5)Ah
zsK8+k69f21h3aoP17jvkiqqA<tTs_DE-@R$C6Gmuf|2uR7UpO22uedSu6ptlZ+;;_
z38S*1AA#k$vP7<2@8H+-&3TjqF20evwd{KVdy^?Uz>hy72rT&axFtA<Kve?66%6tx
zAmIj$#XE`#cr$z?#!h)G%6_>_WX-N<>I_(Sh6BF6_i4vMfJaI;W~M%{pI`B_65m(W
z6TT8i6d2oCgQc4dx}8IN22{G0TUgrzJ5qs;43A?efC__$R8lO;{M!PwMyGD}u0Z*0
zP3T_%^J&52*7*`8di3<y`_Z!v0;60#&?lw+CadZ}L^r!A=r|y(ibP&H6Qh2{Y-&S3
zJqefjs<MV!s$2%xjAVfgkS|J$1B)?C${s?)s3~%-pti=I)Z42<qfvrGF@%qI)-4r+
zR}dy)n+;qwl+3IXJb#p@3SFRU4ETD(K5QkzBNd_@>>5-KU5cGaHL#~^{eyl1BpEv)
z5r;a?i))YU44&J(L|#>y2R@#dDk4wzM;X%q1GGSnd2n=+!gPpENGOu&k7ritSCNY7
zgD2WhpLE*N6?@>Ug^}87T@wEj5;nyb4Hx^9KE4>R#;=~6rO3yH-+0sM!dV17``S}-
zaa=ImVOraQnz^f^G?lUvO%&1((!N`5rB^1Z5b3Ra@Y(8SpGyN~(QsC}b~hU2YmK+q
zoTOXtNgQ57B7Bh8c6qMKYUKv+B7BS3IHKW2lj#GqsbL%RRE+MH4jd7N>rvKSqtE`P
z9x9-&8I86ivkiq#?kG3sS;?-9B%b!;N9-kE2|whH<!+2Nl1Yn%TC~If$P$WYKz=}X
zw#BxeU=~M9A|{x|c(mI#E>eW=juvL{6qihdMG!ZgG6$AIZvfxO7|ZQjvwjj?rE19#
z8$wSk$xyqf0o%DWGe+zPp~F6-DZC@Hfh+_tQg6tWmxKOvvblpq{CI5GppN;8IJGG!
z9m78@GBtV2Sd@gaM0HdMv|x<W4dYGJKrn@;z`$MPJ-!3+qa>|<u~ZUsSa^RneHCTA
z)#6izQ9vbO8=_buzy4ZhAQw#+OJQ$+Jmi2}EDrDP$z#By2L(gocY!0tBQuE+Si;s~
z<`e}2<Ji!9jSZo7tn?p8(*<j<NpV~z39NU&9Vq@SB}uYnrY7V~P^f7X3(Pt&t6qc1
zQL)_^Vtn7by6LiMW4_Eix`>ULqf<5nL3WIpqb;qR(#jg}_tX84nRMixCX(ay#~@N%
zG<Vo=P#wQ-oMuK`Kb8+`PB1An|8NId`6;!rXP@7r?U>IApwUEWG{8<!-n4DDW%PKQ
zWHKkhlqC=l#4fo5I)~-n6dvexQMf9;2vxCo&j8%iriLNbchsx=aat0={s|>!>H~@6
zYgX2K!{2`J)!L^u6roX~JYv_D`cxBmetl_-!=lfjFD{s}bb+kUet5;wUfmf@G^wh>
z04$ZsTYIopnG%1|NzoNe9T(0QjU9TRCMD_yYZ5?hCK9g#$sV-_jrAHY#HCmR&@bcP
z=aG&w!ag*C+<{u{O};!`uJXfn(?W1MyV%?h07G?yVOw*(jo(-bQQ)E0k|+ry;fTYx
zG5bW(vqoz!r8*S5(u?LQO<P4zL5aogJy!u@g|U9NlWAYftCqvp$y8_l4q_FgUJ)yj
zwe?om)K@NnDgXehk;NN?G5!&>AI>xsvl@Wp_({3YmNM(z49#mQwZH&dH~%4sgvi4D
z;uG(PBt<9LM*{|IsO#k0*^sZHJr_Hmgu>!xje4#Qt$L{~Zz6Uo#N~L?RFUXI(rF_a
zbfjR8BlMr@>;2<bf_DP(=QHi!3T-|UU;Zxtn*Q4e(q%mRvt_Mh4fGSt<;n}HVeQw>
zV1Ekd`ja9hovp5~A`d&!oxi98gYrgh*p)-n4-chxwC<(?OZG+7_zr(2ifzw4&2(_#
zuuaIrjDx1qc~pDA{UQ7grSY~%*_L<Gg@a@#>9i;lu#|yVXdJAGA{0rcDks%3*EK>M
z9dsNF`X%dBOmJx}Ry}<dL5C@YHw(o78nQxxA%aE+8=CJf(mg4T<e+?LNYqZNf3<7)
zT@ZV=6pEwJ?x=EU37`3H<=NLFIhI6XQ0c@cqGxA(iUE(gsw;X;H*mw%bV}^tn<Fq3
z{_h=zrl9X}rc2Fyi;DRoFXJStfmUdsxmNgh5V&qOm%~*a-38cEUi~GEBqjh((K7h<
z#!;&UlKg2>S;;}k*~lk)UNufsB}YWjCuAOe`DF#$KL{R{2U)dxx(FtU^g#AD1f^L;
zKJ@EVV7!FlNF$$?roTp(?x>^y^yS8c>j3ULV0*ojD0wYWWlVuf6E6YoGb>JJh&J&O
z6u1we_RIcGMWhy&l@7SiVyeD6a=jvXdQ=rnBWEDO7}X|G)gwnt(ydVhLXN0!N`~Je
zK;om+!l&TEn+Ut3DLqnOrJ8HZ@C5`>%Shs2*na+B{}TOM_T9>10dISPQWUMrMw&qa
zfq?>}-uJ)x3mdkfflj(&c;JB`o^O`R>009-F{6?gH0!l=cYgp@16x|nOX@;>0s;hn
z@o_@9)z4s_cIq%_(G}C5$;6osJbSQ<<t47n_rsMLU8G~wWI=Aq#9})Tc>+%eDU4Z4
zVUX8kqDNx{2xpJ#Lng^vS@CR)$!CnW+iK6haD=VZbxx>A#3Y!v*JN}+T2rNRZulyi
zT=#Xj;B5jtBQvlG*iv@C5nG^AB`<=TLMq)sc64#Gjc<)HcDS;7eyOKrT!aQ>t!4QJ
z2r>tlL@MzowcLc44XQlYF<?n-L%zyxPX2CVw7b69X1Md^p(|Z=J<<%t^iWkx1H!aX
zB%Y0q0oGxKNMz5y9$K$JQvtkWD-vs8FD|ajuN2|}UdKNyLDRVo&JyYzVkx#<yN}2e
zg)<d9uoy-NMGIpVO=O<@f_Aeie_qI)Hzk`opFhP-;>|}TYs#4KgmBv!rdGJo(qf!=
zYUc0#Z%8z`VQ72zf0*PaY&rGOm0pMYC&<DLFv8!4K5%H!og`X=0+R@Ox^^yYt-hSr
zf5yY8Yb_@lgU?LVB8do7Y)PmVhM*Td$!}#kC2zl78n|?^KY3KGxifDOTQ6&ut(cAx
z3U<L(c0tYjr^=V*qBEFjU2Y{>&GZIfIDZH38-9a_t{H3COzgiUzmX;_usD2%h6@GV
z0Cm!ZiHu;pk>z!uOpc%W%T%{A7sYSambnQF1SLOCFCHpu;BeFt4-8AW^Z(%8aTXt=
zAmGbxH+l#Kkl*HqcPa$xN+U}fPe-l%;nA%fXm#iXnGp>p%Kj*?pxP9g4L$rJrJv}M
z;JiPhciwF^j7&xljqB*zxI#F@tnO$>zdvtX>}gfrkoXb;Its{+zT>KVIkMSPXTQhJ
zCA8lhhO!YS@-#Uifn#)2s~ErBMMl+7%f`Eb{o|`x{aIbyldfHsvr}Y5@de>S@g4uO
z*4<6IE4DEVW*eLT%?IQ^0z|u}?m}S}U|^-k5T61>;1HN#m|$R^qPM;zFG~6&tVq;g
zU||0=xb%Qf2uhTHy1ytSK8bOIfr)XaH-|!Sll;?nB02UD@@aPW*^oZl|9nQ$5yBt{
z{>x}m499zw3=Hg_#_>NEpT9!V#ls-Pq5eTij|qdohp5*{HqhZp-wuO7`cLoGXD>Kw
z`k!zJjC7)Kh_C+z_-_pSe_wz_{>M`885}9yKO6$#|3Zg<g7p9AR%bW_?*9km<sVDH
ze})oAe6EV^C7m|{f{OH?b^d$0|2?<WOL{;A1kL}9O9w_mV5YA}Kw$n)ANWc-awG&b
z+5Zbg@^4%)<X7<YA1~nKwEx+d|CS$qeO>u_1r7#=0QFyc^{*kaujz%65ZM2jrz;Wy
zpU>eP9L&zh-pbs}#g)<7)cn6U`M<ILt#bUocdjlSEee7_<DV7&Tc!%(U(<nsslY*i
zxwv}Snz=A~+S&fU;EG@9-xEF;`V0*QhV{S3)u#tVK~RYO1OD$v5b=K*1>r(~nK;<H
an%TSl2OS#bpZotjqmG}5A^{MeSN{iLXqL$U


From ce2ecdd100c3a35ffc5c845bd7f04625da19a2fb Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Fri, 27 Nov 2020 17:45:38 -0500
Subject: [PATCH 724/812] New release notes for ESAPI 2.2.2.0

---
 .../esapi4java-core-2.2.2.0-release-notes.txt | 250 ++++++++++++++++++
 1 file changed, 250 insertions(+)
 create mode 100644 documentation/esapi4java-core-2.2.2.0-release-notes.txt

diff --git a/documentation/esapi4java-core-2.2.2.0-release-notes.txt b/documentation/esapi4java-core-2.2.2.0-release-notes.txt
new file mode 100644
index 000000000..4920a296f
--- /dev/null
+++ b/documentation/esapi4java-core-2.2.2.0-release-notes.txt
@@ -0,0 +1,250 @@
+Release notes for ESAPI 2.2.2.0
+    Release date: 2020-November-27
+    Project leaders:
+        -Kevin W. Wall <kevin.w.wall@gmail.com>
+        -Matt Seil <matt.seil@owasp.org>
+
+Previous release: ESAPI 2.2.1.1, 2020-July-26
+
+
+Executive Summary: Important Things to Note for this Release
+------------------------------------------------------------
+
+This is a patch release with the primary intent of updating some dependencies with known vulnerabilities.  The main vulnerability that was remediated was CVE-2020-13956, which was a vulnerability introduced through the ESAPI transitive dependency org.apache.httpcomponents:httpclient:4.5.12, potentially exposed through org.owasp.antisamy:antisamy:1.5.10. Updating to AntiSamy 1.5.11 remediated that issue.  In addition, that update to AntiSamy 1.5.11 also addressed AntiSamy issue #48 (https://github.com/nahsra/antisamy/issues/48), which was a low risk security issue that potentially could be exposed via phishing.
+
+For those of you using a Software Configuration Analysis (SCA) services such as Snyk, BlackDuck, Veracode SourceClear, OWASP Dependency Check, etc., you might notice that there is vulnerability in xerces:xercesImpl:2.12.0 that ESAPI uses (also a transitive dependency) that is similar to CVE-2020-14621. Unfortunately there is no official patch for this in the regular Maven Central repository. Further details are described in Security Bulletin #3, which is viewable here
+   https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin3.pdf 
+and associated with this release on GitHub. Manual workarounds possible. See the security bulletin for further details.
+
+
+=================================================================================================================
+
+Basic ESAPI facts
+-----------------
+
+ESAPI 2.2.1.1 release:
+    211 Java source files
+    4312 JUnit tests in 134 Java source files
+
+ESAPI 2.2.2.0 release:
+    212 Java source files
+    4313 JUnit tests in 135 Java source files
+
+10 GitHub Issues closed in this release, including those we've decided not to fix (marked '(wontfix)').
+(Reference: https://github.com/ESAPI/esapi-java-legacy/issues?q=is%3Aissue+state%3Aclosed+updated%3A%3E%3D2020-07-26)
+
+Issue #         GitHub Issue Title
+----------------------------------------------------------------------------------------------
+303 -           HTMLEntityCodec destroys 32-bit CJK (Chinese, Japanese and Korean) characters
+561 -           Update ESAPI-release-steps.odt to note how to do 'Release' on GitHub
+566 -           API doc comments are not shown when using ESAPI in Intellij Idea (wontfix)
+567 -           Release 2.2.1.1 Not Loading Properties in dependant JARs
+568 -           encoder-esapi is not aware of changes in esapi 2.2.1.1, making it to crash (wontfix)
+569 -           Unable to print the proper package and method name
+571 -           Logger.always() fails to log all the time when ESAPI is using org.owasp.esapi.logging.java.JavaLogFactory
+574 -           Multiple encoding issue for Google Chrome
+577 -           ESAPI decodes html entities without trailing ';'
+581 -           Updates to pom.xml to update AntiSamy and other dependencies
+
+-----------------------------------------------------------------------------
+
+        Changes Requiring Special Attention
+
+-----------------------------------------------------------------------------
+[If you have already successfully been using ESAPI 2.2.1.0 or later, you probably can skip this section.]
+
+Since ESAPI 2.2.1.0, the new default ESAPI logger is JUL (java.util.logging packages) and we have deprecated the use of Log4J 1.x because we now support SLF4J and Log4J 1.x is way past its end-of-life. We did not want to make SLF4J the default logger (at least not yet) as we did not want to have the default ESAPI use require additional dependencies. However, SLF4J is likely to be the future choice, at least once we start on ESAPI 3.0. A special shout-out to Jeremiah Stacey for making this possible by re-factoring much of the ESAPI logger code. Note, the straw that broke the proverbial camel's back was the announcement of CVE-2019-17571 (rated Critical), for which there is no fix available and likely will never be.
+
+However, if you try to juse the new ESAPI 2.2.1.0 or later logging you will notice that you need to change ESAPI.Logger and also possibly provide some other properties as well to get the logging behavior that you desire.
+
+To use ESAPI logging in ESAPI 2.2.1.0 (and later), you will need to set the ESAPI.Logger property to
+
+    org.owasp.esapi.logging.java.JavaLogFactory     - To use the new default, java.util.logging (JUL)
+    org.owasp.esapi.logging.log4j.Log4JLogFactory   - To use the end-of-life Log4J 1.x logger
+    org.owasp.esapi.logging.slf4j.Slf4JLogFactory   - To use the new (to release 2.2.0.0) SLF4J logger
+
+In addition, if you wish to use JUL for logging, you *MUST* supply an "esapi-java-logging.properties" file in your classpath. This file is included in the 'esapi-2.2.2.0-configuration.jar' file provided under the 'Assets' section of the GitHub Release at
+    https://github.com/ESAPI/esapi-java-legacy/releases/esapi-2.2.2.0
+
+Unfortunately, there was a logic error in the static initializer of JavaLogFactory (now fixed in this release) that caused a NullPointerException to be thrown so that the message about the missing "esapi-java-logging.properties" file was never seen.
+
+If you are using JavaLogFactory, you will also want to ensure that you have the following ESAPI logging properties set:
+    # Set the application name if these logs are combined with other applications
+    Logger.ApplicationName=ExampleApplication
+    # If you use an HTML log viewer that does not properly HTML escape log data, you can set LogEncodingRequired to true
+    Logger.LogEncodingRequired=false
+    # Determines whether ESAPI should log the application name. This might be clutter in some single-server/single-app environments.
+    Logger.LogApplicationName=true
+    # Determines whether ESAPI should log the server IP and port. This might be clutter in some single-server environments.
+    Logger.LogServerIP=true
+    # LogFileName, the name of the logging file. Provide a full directory path (e.g., C:\\ESAPI\\ESAPI_logging_file) if you
+    # want to place it in a specific directory.
+    Logger.LogFileName=ESAPI_logging_file
+    # MaxLogFileSize, the max size (in bytes) of a single log file before it cuts over to a new one (default is 10,000,000)
+    Logger.MaxLogFileSize=10000000
+    # Determines whether ESAPI should log the user info.
+    Logger.UserInfo=true
+    # Determines whether ESAPI should log the session id and client IP.
+    Logger.ClientInfo=true
+
+See GitHub issue #560 for additional details.
+
+
+Related to that aforemented Log4J 1.x CVE and how it affects ESAPI, be sure to read
+   https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin2.pdf 
+which describes CVE-2019-17571, a deserialization vulnerability in Log4J 1.2.17. ESAPI is *NOT* affected by this (even if you chose to use Log4J 1 as you default ESAPI logger). This security bulletin describes why this CVE is not exploitable as used by ESAPI.
+
+
+Finally, while ESAPI still supports JDK 7 (even though that too is way past end-of-life), the next ESAPI release will move to JDK 8 as the minimal baseline. (We already use Java 8 for development but still to Java 7 source and runtime compatibility.)
+
+-----------------------------------------------------------------------------
+
+        Remaining Known Issues / Problems
+
+-----------------------------------------------------------------------------
+If you use Java 7 (the minimal Java baseline supported by ESAPI) and try to run 'mvn test' there is one test that fails. This test passes with Java 8. The failing test is:
+
+        [ERROR] Tests run: 5, Failures: 1, Errors: 0, Skipped: 0, Time elapsed: 0.203 s
+        <<< FAILURE! - in org.owasp.esapi.crypto.SecurityProviderLoaderTest
+        [ERROR] org.owasp.esapi.crypto.SecurityProviderLoaderTest.testWithBouncyCastle
+        Time elapsed: 0.116 s <<< FAILURE!
+        java.lang.AssertionError: Encryption w/ Bouncy Castle failed with
+        EncryptionException for preferred cipher transformation; exception was:
+        org.owasp.esapi.errors.EncryptionException: Encryption failure (unavailable
+        cipher requested)
+        at
+        org.owasp.esapi.crypto.SecurityProviderLoaderTest.testWithBouncyCastle(Security
+        ProviderLoaderTest.java:133)
+
+I will spare you all the details and tell you that this has to do with Java 7 not being able to correctly parse the signed Bouncy Castle JCE provider jar. More details are available at:
+    https://www.bouncycastle.org/latest_releases.html
+and
+    https://github.com/bcgit/bc-java/issues/477
+I am sure that there are ways of making Bouncy Castle work with Java 7, but since ESAPI does not rely on Bouncy Castle (it can use any compliant JCE provider), this should not be a problem. (It works fine with the default SunJCE provider.) If it is important to get the BC provider working with the ESAPI Encryptor and Java 7, then open a GitHub issue and we will take a deeper look at it and see if we can suggest something.
+
+
+
+Another problem is if you run 'mvn test' from the 'cmd' prompt (and possibly PowerShell as well), you will get intermittent failures (generally between 10-25% of the time) at arbitrary spots. If you run it again without any changes it will work fine without any failures. We have discovered that it doesn't seem to fail if you run the tests from an IDE like Eclipse or if you redirect both stdout and stderr to a file; e.g.,
+
+    C:\code\esapi-java-legacy> mvn test >testoutput.txt 2>&1
+
+We do not know the reason for these failures, but only that we have observed them on Windows 10. If you see this error, please do NOT report it as a GitHub issue unless you know a fix for it.
+
+
+Lastly, some SCA services may continue to flag vulnerabilties in ESAPI 2.2.2.0 related to log4j 1.2.17 and xerces 2.12.0.  We do not believe the way that ESAPI uses either of these in a manner that leads to any exploitable behavior.  See the security bulletins
+   https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin2.pdf 
+and
+   https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin3.pdf 
+respectively, for additional details.
+
+-----------------------------------------------------------------------------
+
+        Other changes in this release, some of which not tracked via GitHub issues
+
+-----------------------------------------------------------------------------
+
+* Minor updates to README.md file
+
+-----------------------------------------------------------------------------
+
+Developer Activity Report (Changes between release 2.2.1.1 and 2.2.2.0, i.e., between 2020-07-26 and 2020-11-27)
+Generated manually (this time) -- all errors are the fault of kwwall and his inability to do simple arithmetic.
+
+Developer       Total       Total Number        # Merged
+(GitHub ID)     commits   of Files Changed        PRs
+========================================================
+jeremiahjstacey  8              6               1
+dependabot       1              1               1
+kwwall           7              8               0
+========================================================
+                                    Total PRs:  2
+
+There were also several snyk-bot PRs that were rejected for various reasons, mostly because 1) I was already making the proposed changes and preferred to do them in single commit or 2) there were other reasons for rejecting them (such as the dependency requiring Java 8). The proposed changes that were not outright rejected were included as part of commit a8a79bc5196653500ce664b7b063284e60bddaa0.
+
+-----------------------------------------------------------------------------
+
+CHANGELOG:      Create your own. May I suggest:
+
+        git log --stat --since=2020-07-26 --reverse --pretty=medium
+
+    which will show all the commits since just after the previous (2.2.1.1) release.
+
+-----------------------------------------------------------------------------
+
+Direct and Transitive Runtime and Test Dependencies:
+
+        $ mvn dependency:tree
+        [INFO] Scanning for projects...
+        [INFO] 
+        [INFO] -----------------------< org.owasp.esapi:esapi >------------------------
+        [INFO] Building ESAPI 2.2.2.0
+        [INFO] --------------------------------[ jar ]---------------------------------
+        [INFO] 
+        [INFO] --- maven-dependency-plugin:3.1.2:tree (default-cli) @ esapi ---
+        [INFO] org.owasp.esapi:esapi:jar:2.2.2.0-SNAPSHOT
+        [INFO] +- javax.servlet:javax.servlet-api:jar:3.0.1:provided
+        [INFO] +- javax.servlet.jsp:javax.servlet.jsp-api:jar:2.3.3:provided
+        [INFO] +- com.io7m.xom:xom:jar:1.2.10:compile
+        [INFO] +- commons-beanutils:commons-beanutils:jar:1.9.4:compile
+        [INFO] |  +- commons-logging:commons-logging:jar:1.2:compile
+        [INFO] |  \- commons-collections:commons-collections:jar:3.2.2:compile
+        [INFO] +- commons-configuration:commons-configuration:jar:1.10:compile
+        [INFO] +- commons-lang:commons-lang:jar:2.6:compile
+        [INFO] +- commons-fileupload:commons-fileupload:jar:1.3.3:compile
+        [INFO] +- log4j:log4j:jar:1.2.17:compile
+        [INFO] +- org.apache.commons:commons-collections4:jar:4.2:compile
+        [INFO] +- org.apache-extras.beanshell:bsh:jar:2.0b6:compile
+        [INFO] +- org.owasp.antisamy:antisamy:jar:1.5.11:compile
+        [INFO] |  +- net.sourceforge.nekohtml:nekohtml:jar:1.9.22:compile
+        [INFO] |  +- org.apache.httpcomponents:httpclient:jar:4.5.13:compile
+        [INFO] |  |  \- org.apache.httpcomponents:httpcore:jar:4.4.13:compile
+        [INFO] |  \- commons-codec:commons-codec:jar:1.15:compile
+        [INFO] +- org.slf4j:slf4j-api:jar:1.7.30:compile
+        [INFO] +- commons-io:commons-io:jar:2.6:compile
+        [INFO] +- org.apache.xmlgraphics:batik-css:jar:1.13:compile
+        [INFO] |  +- org.apache.xmlgraphics:batik-shared-resources:jar:1.13:compile
+        [INFO] |  +- org.apache.xmlgraphics:batik-util:jar:1.13:compile
+        [INFO] |  |  +- org.apache.xmlgraphics:batik-constants:jar:1.13:compile
+        [INFO] |  |  \- org.apache.xmlgraphics:batik-i18n:jar:1.13:compile
+        [INFO] |  +- org.apache.xmlgraphics:xmlgraphics-commons:jar:2.4:compile
+        [INFO] |  \- xml-apis:xml-apis-ext:jar:1.3.04:compile
+        [INFO] +- xalan:xalan:jar:2.7.2:compile
+        [INFO] |  \- xalan:serializer:jar:2.7.2:compile
+        [INFO] +- xerces:xercesImpl:jar:2.12.0:compile
+        [INFO] +- xml-apis:xml-apis:jar:1.4.01:compile
+        [INFO] +- com.github.spotbugs:spotbugs-annotations:jar:4.1.4:compile (optional) 
+        [INFO] |  \- com.google.code.findbugs:jsr305:jar:3.0.2:compile (optional) 
+        [INFO] +- net.jcip:jcip-annotations:jar:1.0:compile (optional) 
+        [INFO] +- junit:junit:jar:4.13.1:test
+        [INFO] |  \- org.hamcrest:hamcrest-core:jar:1.3:test
+        [INFO] +- org.bouncycastle:bcprov-jdk15on:jar:1.65.01:test
+        [INFO] +- org.powermock:powermock-api-mockito2:jar:2.0.7:test
+        [INFO] |  \- org.powermock:powermock-api-support:jar:2.0.7:test
+        [INFO] |     \- org.powermock:powermock-core:jar:2.0.7:test
+        [INFO] +- org.javassist:javassist:jar:3.25.0-GA:test
+        [INFO] +- org.mockito:mockito-core:jar:2.28.2:test
+        [INFO] |  +- net.bytebuddy:byte-buddy:jar:1.9.10:test
+        [INFO] |  +- net.bytebuddy:byte-buddy-agent:jar:1.9.10:test
+        [INFO] |  \- org.objenesis:objenesis:jar:2.6:test
+        [INFO] +- org.powermock:powermock-module-junit4:jar:2.0.7:test
+        [INFO] |  \- org.powermock:powermock-module-junit4-common:jar:2.0.7:test
+        [INFO] +- org.powermock:powermock-reflect:jar:2.0.7:test
+        [INFO] +- org.openjdk.jmh:jmh-core:jar:1.23:test
+        [INFO] |  +- net.sf.jopt-simple:jopt-simple:jar:4.6:test
+        [INFO] |  \- org.apache.commons:commons-math3:jar:3.2:test
+        [INFO] \- org.openjdk.jmh:jmh-generator-annprocess:jar:1.23:test
+        [INFO] ------------------------------------------------------------------------
+        [INFO] BUILD SUCCESS
+        [INFO] ------------------------------------------------------------------------
+        [INFO] Total time:  0.749 s
+        [INFO] Finished at: 2020-11-25T16:55:26-05:00
+        [INFO] ------------------------------------------------------------------------
+
+-----------------------------------------------------------------------------
+
+Acknowledgments:
+    Another hat tip to Dave Wichers for promptly releasing AntiSamy 1.5.11.  And thanks to Matt Seil, Jeremiah Stacey, and Dave for reviewing these boring release notes and Security Bulletin #3. Despite their assistance, I take full responsibility for any errors.
+
+A special thanks to the ESAPI community from the ESAPI project co-leaders:
+    Kevin W. Wall (kwwall) <== The irresponsible party for these release notes!
+    Matt Seil (xeno6696)

From 66d78d612daf60bef0907716d4f3090cc5b6f625 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Fri, 27 Nov 2020 17:46:15 -0500
Subject: [PATCH 725/812] Security bulletin to describe the Apache Xerces
 Vulnerability (SNYK-JAVA-XERCES-608891 and why it is not exploitable via
 ESAPI.

---
 documentation/ESAPI-security-bulletin3.odt | Bin 0 -> 29388 bytes
 documentation/ESAPI-security-bulletin3.pdf | Bin 0 -> 89154 bytes
 2 files changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 documentation/ESAPI-security-bulletin3.odt
 create mode 100644 documentation/ESAPI-security-bulletin3.pdf

diff --git a/documentation/ESAPI-security-bulletin3.odt b/documentation/ESAPI-security-bulletin3.odt
new file mode 100644
index 0000000000000000000000000000000000000000..dc3352743830ed081a3c048435c7298163a5796a
GIT binary patch
literal 29388
zcmb5VW00mnvo_eaZQI?`wr$(CZQHhuX}hOwcTd~4t!L-mjT5oo#@X}jW=7ssQFmot
zSsC@GGU8H{0R=+?0)hepa%=Tb(jR4kqXYs1`j7ov0<yERGjsKFG&6E^w6!uZa<y`>
zXLPqWWpFTZv2tN>a5S?wbue+WGqZPPa5eLERs3Iq#jF0*@Gt`b{l~EW1yi+jvop3g
zva)qybp5X>gQLAgl%l)@JPZ!Zzb)`mlA_B0#!(<3U?3>af3w|?cV{3VkZ(m<RWU?#
zVp0-HP8LQ^E?#b4AueG#ZgEv9es)0tQ5j(#B~czpF>!HO4H+d}6)6#IB^gZ(O({)t
zHC=OM11B9LD{Tu83k?|yJxvz_IU{`|TVp*BGwlE;eG3a~QyVvHXD?S9b5{pPFDGkv
zcMobx04FDaM-(8!1JJb#()6h?bO<tckFxelcJ~c44ycrp0?4TW)MWq~ngAVhfT=dX
z!U|yR0dTVd`1%6ugVKG1BR#@1EJJH7V_WT$dOTxF{gcYQGP+!|20g<7!FE~^&idhQ
z79qY~$pLmL0glVOQfq?z>ynad@|s&}8XG$1JI4CkW;WZ_Zo7`&`<5pA4o(N29zg-2
zLAHP}FF=w%V8<<d-zOq6$R{JhqbSb1EYa^I$U8D3B0M%ZCOIo5HasaIDJwZ9D<d-~
zp(ZN5JR++#Bex_izcsfwKc=uXr?@h!qO~v~uq-30Bsb%CetcnmVP$b{YeiP&KdEi5
z|6Nzx)X`j9(cW0w)6)|ZGZ_&9h)DyaL;<pL4l^<U5#{6YO-pGt!`Y4FnVl<fMSz0h
z!>m$3Q5>MK;IK3Y(3}sbtemWFAF1qFZ0i{+D><yF_^E9M{BAgGtpRj)9(H#A^!5K~
z=%1?_TI(L1=p0+=o8PS(+p8M{^iJ(}4FkFtj(QdVBTf0kZPi0PZ415CCy^0{5vi9M
zv8SmSCs}1z#kqHtnV01i7ga4ct(|vGHFsTI{eK1q>H$N2ha;VU`5wS^*T~(Uk@11<
zmBG4|vCh5O?vusd$KjrdiHXtarK!cW#p%)cx%sulsnylh(b2>4F~HdB$@mIjdFpU^
z9PoGRaBUT^v%fvNcQd{JxOs54aq@OEx^l8Mez^7baeU%odhvOA>Um{lZyK<-vwyS>
zc-}g=-vM0h&7B==Jnc<Ao~$1p9v+-r9G@K>onM_FA6%UuU0q$BUB2Jk-(EeuJzbqX
zUVXkkTt5Dj=dahdm#6oy_veR?r=QRF=bxV+s0_bhARzj8DN!L+&y8z8SWn!)dAB#$
zX0MlREm{~GVTllTFO6ZoEkR%omff2l7|lKo9_{opIMRb8Q%%`0G^k>e3)6UdlxpoQ
z1>NQ|u08d}M|8|pkW`BLA|lA{Jc~>rSK7(6b!n_rQDNw4RxFc}*b;!-{G_~LFQi;S
z$vtcFY_8h{ho4gb_v!Rm!k%B_w-Ubi|3*i1>!6OUsB(O;qan^{QsGdR{#FAkH>sEU
zDwkDzvuaAGC!i$*m8Wr)O`5B?w1rgT6hK!gRtefQs7k6>A6sTIKh#~x<x$6m)oAE?
zm$^-Z$21XI1KuMTgAnWA-pRi&e}>=oB(iT;0g$aMi#VZEje0Po86NU==-E>-d79?*
zcJYXsWyoueN{!dXWZ-sfzsL5Se6UL#N6gB?R%d%x$`zbsIz1&W?iR%XO>>_-w;e^!
zy#Y&$<sk)65<CZdx(*V)htJlKuhjO2DhYoM;S5zV#{-<E4g{`$&LF!t8Ghc$h2EMm
z%Dg5d1l9l+vu>{%4VoeK-MOh&KZb9lHkjWNjn;1^Ut%$sM-HvKUr`dP3>$aEtsjku
z+6_9tZ-ySqRyi4at%WWoZG?W#W<K^TPW5eXA6B#NHCua5?@skCwYx4F#0B0bQUM=4
z>0`77H}C2iOAlo=9mjDpJ{j}|E1L@~uIJUu*oq?Vl*df7uwjJ}atT15cvhdZ1Hzdc
z6vlhB9Vz^o9ib99CCpEa+C3^mS4er{4PcZeZ~(2!rmlWZnU+}|6JC6ln=V3EDf%tk
ze4jc&liSfz$n^ITkFELU>XffF20+tsPDha7q2MY!9|!&A*+z%0)@oCH4)@m-cQ$wN
zEnN&|Yde)9XQyBrL)8V-|6P9oAxgD=C$`=U9@Wl^cmN}9K4KMKIUg4n^QNcqC@u1`
zl}M;Tt-;I=j3=3R87-IfNpKx`s^>>YqkTNmyA=TeejUJYZqHBDl)PV6Le<^FZf4MG
z0}r#!+pX;8ddJ{i9K>O*AsvGSV-Q<RI@ZkSSX(XS%SX0<W>2Z>h}!jUqkEF)1u^*H
zH-JILyas(|@gK)$lBJ+(eeX-otwqQ8bmbv6)~)sqF@WR{iJkGin%_yB-ftpk8w^I~
z71r8q!EC;j@$lP$v_tsO<=sC2?W1E21K3L(44X^LUEXEK_wgxA1D9W{NLcXefQ8r%
zBe@G%BVWV&zl0QIoo<)ed+0U|MD1U<pG6=0Y=~-@XN1nX4<0ss85~tk0(5u*-_7l{
zce<j+3HA70*!=wbZdz&W2E6y!!f`Qi-5;23YXY`yZ-1u@-;7_!J{-<DCU}=5yVoQA
z8~vGeje7jIFISO+=~Wq=8Nc@bpqz$kJ#q{cgz1Q5pkSTo>y;W<=gL*!^da1MpB+za
zHn4Pq7L5**xATL*HephtSfdBzKK*{)E>$@%c)JjRUJ^6#JXZ@arju1;{C=M~kC6g3
zuh4!qAlyu5`xVik_clJYN`bOLU$tleBs;_2lxC{8{=o-ga<H-5@HsQ%81sf1CHh`p
z=P2W0$=pfb&hH%N)M?~z)LQm!>uEAjM60e}FZb=_yuXXT9~U*1qtQ<<qaMz&R!_tf
z&UjAB#Q&?O-<*8=1SJKOzwK!9C4*7VZ=ooRUfmD5_Li_``GgGr=CG<t20_<IE33<`
z$NMrFV=*#})p!Ti^F4u8v;9pv1&3oOttyOGJ>lz8y~AdLtpLAo+?hJa5gph`E{6Ml
zY$I#1a)oTF2(Rb>*Rdb(e7@Ns@eue|St2DD<h1c;j94W>U=tUHu{yO4?4#Gx`!5;G
zQt)0l?*}AmtMcR)V>v1_DKiv0N}ISqY7iH*I`2Yj^&k#OHf3@penoah4c6#U;7SSv
zIo;2jbNB?Ode@L0Uj5aBTO+KY*P-%b|Djz_#@G+|HPv+}lRUC*gP_%Hq8-rwGD9`H
zo&+#<t1Y=Hp0RX#L?Ezqj?t2-bPvJX2XU1O!krdg{d1y$on!yC&1Fs)T@%D%2NF5W
z>7W7lie<3!#d`gv`QK*Mok0-a*6<XVY@Rjh#VQ}OK%;CIuyPTHj!VxQ<#vd!{C9^#
zG9?_Dn7v9Nqh;1+)cvP%+cG)Upyo2|90Tp*v=Khv7tf<FW@)`8h_3217mJhnDKa;n
znsu&jH+}nii<9kb+xK@jxbC}(oy=wS4lH}8<!@gXkyJ$_(L$2K;?Q33R765QflGlG
zAaW73pHos;x_2U2ef4ii!{kUgU7kNo<%|(;&p(`Wj~+XX*LQIostAC;iyN8$pa#qs
z?aBUl*FxW5>1iLH6!=aCI?y}7^~|Gv<884@D-*owN}TS`almJG7U;X1Je8vf`KcT#
z(|aGvfi3Lgf(l*?rBZuFy6be`%!PrE8q}NB%f#TWT)>7F_63gDUqGri;28u&snqGG
zX_~?Xh=0uE1|a<H-Z(`ZQf-C=U9GTJ&Zysj=oJVbT4lr!+c7KQu<n)lE?^nW9-sSe
z0X%{(m;r0L`@!_J%BlHeurm~d-J7U|4Vg@F<L2xwUEJV8#g<(xdYZVZD7a$t{{9+`
zn5l;@ld)OW%*=knE&h(&==oYu&~?e8R;!7bmVYkd1x|U^<$V{p4&dhZO`=!U15(Mz
zgLd%UQarqfE8(bS{6Y^}fR4zhE+DLPtHv!^aEKc`6@X-9NO1TQMArM8xo<jDiFm{w
z$ImINi$~fJuU3>+;GKEmXQl00PEUY9r_H0P?P5O%;-Da;<HKvl)5!}wvi?_<Q<@Nn
z23Ej2rNPVJq=Bg?aO-+$RrYh$5l}NPgBOv@6>;{j>nV=an|k>I=-5wjcMn$QeyiU!
z;3lOWNH1HK?lgZ9kq`xMhwg+YW$T>yGDyCz2sa_ReGGj}B&=<{OjJg8I~J}YAbGf#
zhXkyY;{;1~*ESchAO(yb-yU+f_YDZE8aYj57Xo8xZ}gHBICwUVD%XK=)sc2A?Jds`
z>-4c-EEU}p+))h?s9Fo4;rOl`u82OXM@L81<Ro53%?fJsvT-cfe>s&0YB~P3RW?zf
zXGv+YmfuLKZas=G54?Rlhq~5V!i9`;p?seb*Zcl!v}~lS$mHv5M>LGrGao__w<gp_
zoy}pWT#3EBkfnToc!9UW-^JlbM@_&7VB%lF6y|3XwyQ_$xD^>T-wf<KCD0`)q9-D8
zLS3B#2l>gD^S9#}1CNv%7sEZw(^UvO<P4C2<e1+acKV$c^U3oqaDD_4W#q<h*s`&)
z<;MWo^~#}RB=<V@msi%`d`SCKk9R|R#8L*by~@QEb#(|Cgw6p^jpLoCivY^e-yT;f
z_(%SRXyD*fRo?I3NPvTV@?QSFr(ZHPxyYBjVCn*=lnooDG$bwAin)M|ZGAw{p`VcG
zX|K&iDLy9I5K-z38mSJ)(iY}P9MnH~PK*OSap@(fzX&#EL`_YF7IH#^G$>?vk_6K2
zL`P}nyU<;+W*Tg~Q8`1^4eS4|&HDGA$9_O1AIArhvU1iFrPbFm)lwyyp_<ORa(!c!
z_q~7o&$@N`az76|2)>f<LKwfs62$vn$2|x>ZbV3L>9Lj&&HNn|0GKfbT^5%a!2%y3
z?=65;50y`Vwoigm38yl3LPBCbI&M^4ih?~aSF$Rhw}E7}--ZuN_#9;-AK9Cy&>gs!
zfhC2|UY_rr@VcJ^{GlAC#T!GejsPN74zMs?|3nBH$QfnS*6@{=IrF!vXiYSkGUw_y
z<I@V0XXZsXJV(1!4BicfsRfb@ZSz|>?+Ql6_965};&xcQ`9@F^(XglgZEGbQVfUz<
zSKf|##j#RNj?+tl2-cv^5LB@J7y@oGK61BR2yTUX%_Oq#>x+p)4!)JUMGpRwNCMEY
z885+=SpL^hG_h$BRl}Hng3bKJC^H^ULteB1M(T7{9u0rA!)zYXPIkuZK1MDg+m7iW
zBOb=-E)K+T4Rq^_=%W1#bdH~pbF~y#j>6px3@>Yn(d7ON8!)GeZL`A*+LO_W#EfaO
zqGeld0zVFKlgh6Vu!2tLRz|l{C}UeXXcjc9fzv!4)EN<n+;Wlnn7uoH-BE@H3>Z*%
zTFy=SFmhtmLr^U+9~|1+Bc4EVg@QsVW2B=tGR8&bEO=-wg#gK6Bd$uS@Zzg6=-jbu
zwU|m%HAH-8ipD*sqNEA>o?ucdZRBD0)IupS8coS`QC?^9yyyTIY7J{AqG(qBc*<Z5
zjBp2cqaS1#I{kcbY6w|aMedpQdi<SWUe##f@nGQlqE=aszv1{jA_&@+jA1}LL4(+)
zLzcN9q2aaRkeJMNR`-e`q(g_9<w^KDLB^gDCpIJc6UAm#{ui;_YIieby4opr1FW49
z`@;E%AuQPUWh$XK1B!N4CF8-x!=`xDN1n{2G|tK}!Z<d*<JDBQWI4|xqRi#v2aW>c
zu0c@EyoA6MwY#7!QIQj_SWVRo;i5WZ*D7G-N$UzSoK<M}g|t$~c}3!N?dS?~K7Uop
z3Alyu&EpGdr}K|W^BmKHz0YE`c;8Nx<r!~eD3AS&wdg`cq?8s)$=Da|;a4hzp~@Ap
zM5SaXYmBuPpB%GNMT{xZ<IazLxwDeQxD=9Axe$9Qfr~{nA1etW<}!)oj+{k*)22Uf
zYqO`T4M!6ow^pYziWSlzu(Ljyp%nMbeIh7^nChnJp1U%6C5%b`vP>+)hl*fL08S`>
za`$XmS-?l|WDV{y^oX*flOvAVv`R(lUfkdB<!253NaTa?NQ&PXom3q@uyr9C(v@mE
zNg6-{!nr7+M;PV|;cmL6UC?LE#6hz&P82eWZe+0#hTrC1rmV7(kUvc+W~MZWhW}N}
zBs8V@1Tzp-YFQ*kdbFGh|LxvZS{Qj?WQn{;g+lC}6&ivp)Gt&_s0aC*iY$?e#EWbg
z(rBmy2u>X-4bvBi#j}FqkVqbDFGn`Ibd)TwHvBG<09klEQ?O4{bQl@fXXIB=_>QgK
zYFuItjFNo>77u(D3gt&!QhU)-tcU71coB_hNaP!4u>_J63v-0kBojPID)?X%0XzaW
z(U^HYR~{B67tv&zHrzC&f=xnBdPUluE4A$K5OHG2udLGC%4E*eC@x)MXte=4zNBhz
z%AwW>MVm6u7bI0$tLH?el_3lJ*xYaq3j7uuyPP98FY)Rce0d)PtjQCa+BVc<F+Dr-
zXw#0MHWH&}6iiqV_#Vcsi}E$~Zgj6z`W1*q)J{9Q`g<!}W=h<Rnwcn!p5Y<G2A6F<
zyB9Z7$28PdF60MRO-1YK?v0+|!~3W933y?o9Vsa`tFkMEgd<T@ouEcixUM1lW<(|W
zYsLg34=gI0<$Uuf76fVfz>Q@1bssx4=k``lW^=@_;W~o$lnjafc*>qxQ*^h@Yjxfz
z%ZeeP`}%ttl*G*-t1A&_Sq~Gm(g-KQneMe8k5n9$!$+2HMyRDb)@7nzuX3LZnTNL)
zA(GMvSS#&cUJz(XMP?zUAJe(c*w%E(@EJ9lzpPtRjf3$J2OR%klhgERV^E4un<J(@
zm>ItOtxn3b%xdZ^ro`p35&3rQS=iZ_4=#OK!B}6qao_MVAZ(2EqFLUv`z_3U+Qj*<
z%<W={I9JI-1f{x>MY-v|qgbwOY>Ks%i_vH7lu50Xb@=Q|hpIJx^HL4^#!~=@*5<nL
zC6vZ>JQ4T~T&|>TV6_ijMH6RO(w5F+pQ;t4P5TFN7h>qtgCfOg`{<27n5zgp*M|(*
zUz5SOT=<@m6n}EIZe3xGMO-Tb@|tm%kdpIWkoT6ZBTqPD=f@+Af^jOC-ML)T2bcXo
zW;&!;m5k@|aYl^aQ+d>7$Xg?0e&y&dBbfF=MrR8vBcdUqO-TIxTU<^!ueKeFKA}aM
zWJ0f8Q@n~2(+qtiSZz(N$5sM~h(~lR71-j`ZyUcnb=0z0_2R|ZsILVlLwRdF%n)IK
zd>kq1Dd=0)7K5ym&y@(rOfo~3ZLk=w8zW||C4G%c!TgILiKMkd5~o&;S2>IIWs>$+
zg-Km>GiFY=$|KGm*K^xDADg^bG@LkE8IiTJ{EV4su?aXn>iR(lb@v>0j<dWLpH86b
zeT&{N1uWz!63VLBVzQ>BWGHeanXxM`W(ip${8wiE33?ur-`Y4CD95_o6x91s?rQSo
zDdcDrI48MqcTkG0TF4_2e15ObM#DVI@Z%)U<dUPyGc4qubj~pqgo~jwitD_@qk>`R
z`jZEv^qH+b$|6SDo&h29JdJunD9DS*vx@`lus05*Z4AyG3!?2d<j#{5inY<RAfqSm
zuGO}5XlRr#(5Zo1M#7~_`oIZPp*Z9oiJ1l9yW`7}t@O2_xt}R@Mq#fgp|YAsT32aN
z?d5W%`oz_mFVd1y=XK1}EUq}@LTgAO$Qsx&#Y7g!PLpDpO%#;M(M}A@gaHtw@eZwN
zbGw}AI#d{s&B|^kUl8vY(O#3h1T!Q?E{p^*Hv;v-^vdIy<|6M|EE0q7S*TJ}M==&X
z=yy6p{nDc9k&0{rO(^Q7gSSVeR5y{>xl+mKD69fxQq}k~SQAxhJj&Z!)4a*tD)s6v
zFNIVMnQp1t-|OP19;#>`vJ?=L$0=pH?{(dBUIckpnpx+QT2H-R&|5UcWu}rTiH1|q
zqq%VSjcu6>X9KZNJ>g5D7GBLpEk(G2_o852$+YNUxwHq;4}MnQFEL#7q*&{Bh6VIO
z!wp*u=0oR9R}DvCLNyyBwTZN+m2fTQ(Sz9Z8M%<LL_It3XQ%Sza})C-JKq<~JA^yh
z<nr(joy>Mj<C8i^L}pG(f8P0=Aozqrk=U*x=jBBQ9O1Zt;ft}1iB0#_s?mv~E-H{r
zMmAC_cEt)!7|EMo=rzdv5JJQ4{ZGl!%SY()`fDT6X;K8j9kP){or2|6gcv2mk(|8;
zjU&@S?ZJgPQBJI)kdfu4lVsZxDujv`IVGDCw-WqnQ&Fv$MPs5N7(fqyXcS^pm|^co
zIyAANnU6tmlo~!}Ez6|@x}_4m;wtB2bzvpSSrTGRHq9dzW)K5hbHC4Ojp^;<V{+7N
ztjxc&ie9)v&IX+hpZc<Z-`0`8ycCR-AC2x`N6^gU49)a-S}_<k6v#DWFiRQZhi2fB
zi|C|YB_|$q!<vk8?}gbl&`_ck(aK7(roxHwwRQzM+3ga}R-k#N)T0)3#;Z<!7Goo-
zM}(L|A}^+3@*VB#cPyP0^$R1X?Wns*aC=0D!z~4ehri?4!g~|66WJueRI#4KM&Bz&
zRb|m+qo&Au`hK%envhUOk(7Q?{8oGs6U9Rl8-W#_#Zi$r9)~fbP(ydqAxpwYJ}tnx
zO`)E~X7&-?AxLv>(^BG*=&{eI=OPucF@B8vz2nQU8apkr*Qc-&n@FPNCZ2ziObMl{
zCm@R;q2ewFdc{=2V_m>i^;>3_tEQsDW5&*OOqN~tHfzOg4fG>l+sCKe;!&pCoj{|j
z?R)<&Y3Pe54XA4feIQs328I(&etIJFBcj`b|Ncrq091kRdvS@8?|zyw-^+Fm)xhWc
z+``_+c#fmM8$w#)%J*XRZYqNS@T}5)?R(I8TCn#1<YM6SGHa2~(_=E$JjeI=h3b?4
z#{Km$Yf<2LbI16n@shA$888>H>%RGGmq_6LlJVNp_!O0AuiZo7{Yd4H|4r7Zdyi?`
z^RNS9z)zIH(00PL*T;Fc2XEVBRz*P$V~hjDHqY7$Lt|ywLwL^!muYs_cYwhA+n+7H
z#Xs(+gg^W32?5`jfTyj)-9EpIOMvSpqrczg>P_hG&(z_cH+J5ar={Jmj7^Un|5KG+
z-;c|(hCe@V+a80A1-@TZ4nL3E3IadyC_RriWBVDq|4t;p|E#dvcb#?aa22}9*ys1T
z-5zi#)$w^wdE<LEyD6RUeK65o;Ct2Ru=6vuncs<e<9{&`@bz+?!1w)T*Y4-Dy8o`z
zk>pIp7`bmNA4PUDTYkM!B=9F9(QhnX;L7V}R<FA}KX0ee=Jb(A-@C8tu?%0)+y7LC
zXCKk$<?3tb@gqKOY3^pd)nu$*FI4#BvD>{zR9ZlR`|o4f*blBdU;C+-a)|GA!_Rd7
zVzW>FE~v`fEs5Nfx7FNZcRqb@i_6$@b1Cy1Xy>#H&(p?;HPem|Y&$of!>^a&(8X>d
zM<-#f=Xm2IN8#+`%rSpuax;InU0x%85tvThlT@Bb8coGPP7#t{)PFX!y`D9i2i9t`
zI?)53yG>92>Yk|m`YI@WYw+)SuK4q*btPc%t#zW21^Cj7#dFRo_`cBC4S4=+__?YO
z`24x;16VV>+?oQ;=k&j=u09(B=B8Q4B+wRoj=UupW&gy<i;?|pjZ|1uhUpk2fOWtQ
zm?5-$g5(C(E4df!sW7SiwRc*Wfj3(GBmZ1j5CZ|y8wB(U)XuY)&~PBm)5a)M_0u@p
zi|8T7rFMPo8|YIvaogb7yCCo8krCjNdb#J#<IQywh6cyI1=U_ofseszy6*h1kzcwi
zHTV;nPE}P%J4T&K?VXfi)Wfxh&yZcTyj`NJar-ix9~i*#-k1ZDw<XR%aC>%M$J*Dy
zTwi~2j=ks2DX{u$w5;v3Q_ac#b~Nzf_F}_*tn!bI;4voyH+%nki7u<Wqa&lEZo=*y
zAJYcgJR3|KMs)E?h4i@0J=ME9X+Q-Nyj8x(tJaDRsw%AC7Clu4>XM>*p(+EWk-+do
z0;218hx=IfxZEwAD;P*CB*sK%M6RTGVS7coxU!9oLLJ<C+iJY7A$tZ`n+vFJT^$g#
zsF21K`s209i1V>%gt`7Q(M7`Gw`7}93q~I2PmX*((*R*a2-BsB6=Xu+2N{9DfyedV
z>0y%^9R!VdzAK*Bs@;(4?BEddI<zVmPVjD{hN9|1VG0*@P+mm_0`}<PITb|oxXw4}
z9VELXsu9|G;@mq5tRUy$0@7`Mq)3Q^aH%k=bE}1&AO?HZLiG+Rj=co?SaC@9GK3V#
z+(QtPAYcKH`BGsR?@mja$>)9>M943nb~n+nE+`JGA8CnG3j5lMij)>ihtN+j=ZVQI
z+zXejrNu2a(i9yX>Z9Vfx;j=iBSNpI{I*O?Nlc*lO}YLn0yaWEg2xoX8Wi?tfgX;%
z+h@oFP+bj3$a_1);Z8eU1)`hNHi?p-QE_<h!=D9)_!>u=RrCaLsbf1nKJ=TyKTEr<
zel0Z-D&IlJG@}if3IYXHo28`ErN=#yLrlx_1({2m%e9%*unv}5%oR1k7?V*_m3*w*
zYXfesADy!Z0S=HJA`+y~F8D_>U<wghhNQ?q_`0abLR%ES$mfk7ns#@Q&(3<RxTsee
zQ|~yCmH9%=(p~WN^l+gO-5hhiHan&3>CP^)y5+c?jX2^vw1a>9J2i2(+ZT(|@HuH~
z`1JX|P4jpczR2G0Px91`gecBHK{wKomysPkCgy}BI2#V6_k$?-%w0Z$I*diZ58h#{
zN@K`z(!*WG=P6)0Sa|O)$4D8knv#)cz>&wn=HUFAic-MaB<ub=2FqJd{{{c<`!=3Q
zp#bZ`_mYL*Y|l#>ZH*kHIyzW;8E-LHdR2QWpYm;a^z^xj`!&t(vqG^n&~hddJYLf;
z@$wlP<)0-tX)G-Ji6$8ntod^6i((HQk=&IdrlPN7>g`6BiJ)N@x#G)jS3Q!0Fu5{$
zq)tHzw~hE>Se*JeQf)jA9O!#&x>0`77iwq<u7(lzwTboRn=)a^x}eaijCKnL5=NpH
zEj*L}XTZaIAU56_y2g)Gj2x0g&K5hA@1J=Ul1SeuOdJNO1XC&08GtX{+c#)af+uTM
zY!<dWnGguc6JUZbv3D+hg06|7#I)~3WJe|3s(4mgVHH>;mKxtNL@6g8^U*=FAdQ?5
z5^92^j#kcs4qcXtgqut%jb+*vM{gLGZW0A04}#&UEnx(OxMT(I*@y+JR84?Nu3j9w
z*g^J73d55-&V+zbl0Th8So2Uzf5tey9*!%;m&rMO>9fZRmG4s9nU?gt8Oweu4}DHO
zOa<yr_}EVN7ILOj0MCBG4*6J=h5GnJ(+SWgn)Sx|H#47#q_LwR6KG^yG0@peWTvOc
zRJbK!>(iE*ogRFlPuSTK7VYJF&ca11krlY4w$svIgm8QW3(Z9un^IL(UIPs$u^foG
zUA!cSz_`j5msDIccdhFl$kEz?SKc<gU7%M%RwQHfSoEd{W5Zsgp1nLlICV3Oz)h3d
z6p{xfsc)a);!&|>3fg|FjbvF4MdLsf{WvjYdEs~XhWg~m;sBctu*t&^WZgEJQK&@S
zj1Xg?M99+%TBAc3$USG{h(7K%!S-mJm2M03{IW|XmVraSVr*u(D@Q_4A2k}PFER4e
zAwT96kr7KIN+rIo<>KX|<|fISg!G6ns($_jW%4>X1gfM^>Rt*BYUFd7h<fb+#0HWn
z<egUP5wbCvF>iCfq~(;5eIdujW{EntxWN_PX66M>py$|tU~XpN@WEC_)-6^&S-y93
z%t4MB{wCe*djD2&G83vm_6bjYJkf03BO&0`6&II%%JZ~{gEj9}youPN*7qxX%B;>e
z`Z_g=vdp^mwrYxizWCe)25(tG>BR7wvw?Z5>c(mqjyw7B+77c+jy%vF6Jiym$gc^U
zP!?15V0LOi1zR<R+88&--oDyeT@6%;jR4*<0@R7E&>8*UYD9uqdp#cqca0}eeXdci
z)yv&onWytcHDrmBXDrBA7x}f9f!5x>sHzPDEvR~CDR5}UHpUFP@Ag%N-X78w8`7tv
zo`9|X#gQ={Wi>5^@W|aGmd%c58e6yO6Hg@sje6yV=1g2ZdU__a7;^!R84-(j;ntnK
zJzjI<v#m>0TBAlEA|f%RZ9OE`M%QC=8;NM=LQq3c4filtU_(-Ob@FD^QzG>(G|$?k
z3-B)>XQN%@%K}yjzd!jPox1VZ#ft7mun|fv_amI*-$3f-h{QW$XI@rRCL$b8?!;fe
z(p|`k+P-HwPnYK#;^${r`9en<G3&~!)|HB3EpHtBFBoZ0nv;U{RUg8P#n&}v{y>tW
zoAJX?gUM-(Tkzvc`Q~JWk^Z_-rT@-UVEYx*`93a{nYFy-yR~(CA0xgK^?l7727Oy4
z?>0);zZ7mtg){V&28&HaCYqPVnn9s1b|8}pJH92l759uZBQ#yIJ**0!ITS&|n^^tk
z@u~_E)EMO9BDp`qj>v~5E?*d~wPDPG<UWtZRV5_Ryr$<iNLC#A35f^%`#L^|xlZGn
zRRa5!AJ6mp^+#NQqbo;q9}|piTw$9;5Gnzd6Y8s!W52|5$+YYvioU)T<4Q*~(z!|w
z9RL*jovBz-LwTc7^tvy-$Hwp%InJR6sggON4s78XRMaUE^c^mfJ2Z5hANSv~QxVJ-
z2eM1u0BMa-s7Z*F1lZj|8Ht4Y!;Ds+25R5(^ae_Pxpf$mje7PvM*(b*&juT*h<?y0
z{Z%NbdK|Sf>=`Xkc3l%y47M#CPl|7N!X1df>n_l0U6@EL<{8`m$Y<lhIVL)J=sAmD
zJb3*r>!E7DWuW3l`f0DI;J?<GAO+kOiPyDnbu6D>ieF^Y;ZZJgT$2R&gsyDcM!aLp
zRzeS2ScF8S%Z&q)6(M!6@Tubw8LWN<DJrRmD{z9KB);*I85(Ffd?QOvSu05VJu`oC
z>H1Y}5r6VC1oe%I;JN|~*-~*KnX}YAo{CBHdly=0xZ*T^7US)y0uO|nzGkjwhrPF@
zUApj^*M&|Xlet*|M)X}$8iYuh+PZM&kS{iH!`@L;BE=2x+WhzIpr^!2EKx9$S+^1`
zJX$JmK5}T{kyvP`W#W$WL2x2XuvE+=uVM-J6xvCORHMpX3Oaev?@>q*=AA?*e;2R_
z^p(=^;=`k;M-Hvj`KS9wLHKQCtzNMGwvqh4Pdv1eybBCGf!!Z_h4twa90U!=0|#uv
zf(Oo{R?2M<AEpc$DpZ{^)*E?K-Xy6$eCi9_ekiZJTZW1hXZ=~3_jO>ek&-mUJKx9f
zRNixpS`5hB#zW%QbT-RSgMIVx%ABeT2pmsJw%A~O%w4_(yNXR+X*(o|c4VxTe~ECi
z5G&5)p%mnGgxOKilHi?>$`>Pqxm%UWg(0C}5pJLuD}lTZqV)cuXfaJ4Kcqhm;jkRQ
z6y|j{=RhsO<vph7OiHRb03XBcdUs_FGhrx*u!r?N-3ewT2aCwPD*aUgDdM$|$ji)C
zz<(`$!&+{PDug!_taPkJ#U&`~bDUax5g(Pxxu9p}t8E1<Nq|No3L6%pX6_rA+KNen
zQdJVOp4s1A`gGJm)-O8w1v~J5AFjMO8Lc0Wx44+Cp6vsx7-kuP<Q)Q&+&mQ`o_OQd
zrQmZ)RdO)`6V2=@los{VAD$q@Ehks5lj#&BJVcr(_p0H?&S9=)_B$_om^5U^w-(;v
z*{G}V_YuL95VhS9DZeyyS#{t0LwIJyccbtR8oqOKG~9E9Vtj{Jkv}#nK_t=sQ-jJL
zDfFn0EGMe$RUFu4kWBpAd^-Ggne8r)L8%$vrJ8e!t7UHR0G4-%0^_}$JE{28;^ny`
zh{Ox=PLAlgZhCLb_8?ls$8plTGU*W*e%_M-yTzpfdGzr^i}FrE4g=+~vKF*LMv*4V
z<gqicN`0WV<ORAIS#~8Djno`Dv5b6nIc3Xtr*&uMbRYpwsnv*RnPj!h;|gwcNg<DX
zuv1%;0ds`xYwu@rb#-b?n4`L%MWvFpqDvi#55d!DkHdg(n~-P?T=A}-^)vuu+5*;!
zSnS{S%Vp1Bl!WiI<{f`^X+&Cncs@-hdDW?VB-*)S|4Sbs54#clJ<MxK-wY@%yaNFG
zLHBu(e=>JJh7J%vMgn}89zz&C0^SF1ZY27;k0B>D`YQZirxJQB3}XX|0FVY}pY76j
zF#<3@n;s+vL4V@?qH<pXj`Jh>4*VMWD|dDS0<H!KZ!Ue<zV;AJUIUD#5NY@Ob|VNs
zlxjZ(#Jg?-j(W!r%If@X)i44IB&&fq${~s)d|qBEPj;Wci-Aj4i6|2nb$-KuSF*Hl
zGLuY@vdnUl?jcW!8J+OCDZ=I0TnZM$qcDhQX`GRy662pxD-l43m7>G1F)1(8nl1gI
zlgEs+n(>_`)1WnAz_3{&KXxutG^SNle>QG~;uq6^J*vDoKHxRF^7Cxp-JOWDi*>F-
z5O5U*?R5%h8JYvmK5O&gt&s>9hfwN{5T_D_*Rrxi*i53_G;H1ULa~mkZNnmlX(&ZP
zHL(k!x5@@TYS~muhcKN89D}h}C|%#^S`0MmN-JNbYveKVw2Rc^i{HMv`}j+pY2B=?
zzK8%OGUI+_qy@vZSf|h9?ukT@MHoAzr)RwcyE!dzj(Y~ahKBX%vXD=32Hx`rAC_M`
z&zYNIwLXT3%==C~@UIZYBXT>HCvOtbNiP*t(^Lc+Wx|KA$n2W6nnY{~j`H;T&rS6h
za3*8-5L^!XqUH7mfB3V}cv}>~QJK|&;lesvtt~3`$O-tQ`7@D3=4hnEj*nMGj)FrT
zA>7|wHx9}}8`{p|pdicsEl^O0_k@-T0^m9Vrxj^Rb&jz}N`-sCL7B)H8;y-a!ia)5
z)Vi<J^%i7&4W;QU7e4&Vs~*iUs`XG(#zj7T%wu*cGU}&ua$s;L+&D8=d1gbb43uV0
z>2)ndc?h<X0m#OiyBn32%2IIY1Tsydfn=!A)3BiQBr~;D9}``Y9`Q(OD8rRXsiBr+
zrW*K!FVmqS6>_S{JO(OJ#sr1vLONoV8r=v>V{U5di&~grc8k{vldH$L^=-~Y3DR6?
zVtceJqi{%SG?rBuyBK|v7Fnw{8zTI&s6a6uT49lYwnL{`4J>i8<bWz{oSmd7Mkoz;
z%(zo^4pWcqZZO`1--==ZHGZPWHfiiT(fA!HDlLw1f@hXQ-nW`Ud(HZRO_7p%G4-@Q
zI+qU?=V&Bn5IA#PC`T+1;XrNW__uL33XMu}hIBZ2I2$kZURkQ>LQxNA7UE}*vf?NS
zd@)+hL1e;16bT`k5QoiBsv6l})N$fTxE#6Y;@o&8VP!awIZ}8_b7l1RP!270?4&`+
z%1AAxR4pY>i{;&%KVQ<^sMoBIUq)=DeV5uji8ae>S7)gz#7R}((Z<Hvl{8dGQ;N~}
zW9d=Tjqg>-)cVz*@ld7N!{c*C>)I8ouQTY{N9E|J#Na102gu@gM*5L^c<#@zyi-t3
zhJq{Xrg3*5EemjUb-2VIvO0vK%%w%O8nY5_P>Ma|ma`uw+A9>IE92fDo`kb+Sm|TX
z(sxe^4R8yIVmn0pjKnjQDYOzqqEoeKXlAk!hOL5)$o+Kh;6?=RX!@dPQ!2~+`h}k9
zk)Wm1xZ)Gnj!ZYikjIi?SM*+kMdLZ{NWz5^b@}LY9i-&p)=n+Z<NaSyBzW<w!`UYG
zv_=}CRNL2u;VXlR^L6kvPtrKeHjzYo*W(ngDJZe*ooU6HX*HiKOA`}0@V^aPgq@Y$
zdoX}jcf?N3b5*vXxGIA;2bDz^C52$+sO{r$ZX_N#mdQs5#D$5q&|r#0$tY<jbk)i7
zh>A{|ox#Wq!Zl(=L7GN?tR<&{_-L_6Bw<WheCbrsjkBWcsZ4_lVc%P*$Wh%L$`#R^
zh4ax!dUEE>(3q2`K3bH6Rar8aqdJoXxh+{}&4I4=>5$hu$TiT@{IX>2|D<aS9#IN%
zQ&(FI;vWC<HZwl2<G%m-l>;bP=<0fT(dv0gT}8{u<mpXj>SVF#U#Q5Jp)oo-d`i)b
zA+MI8WHVDoz=@_v(#flvd9{dZXVQzew-Q@IFOE(~n?--LDCW4bEE~HNBp3}^38q{#
z9}(gX{ltpF#3hDczCP0rX^&*jcjx^Ov3)GYnAb`AWl6b_fce&H2jfo4Bj<|SVTq_?
zrkPO#j<s>_gu`hJE%v*YP*{Bu-8?dF9HG8Nn(o@#Dh9~GOf!*wRIxksD)ZS@L!&EC
z(^wI#Rg#_{HZORF#{jDqGC~u>%QH#*$hl6al!-vPY^w*=(>nO#rGqw8n)R@cZ7?Ji
z)5n&{_4dMj<K%%Q)zZNTWthRDS7ZgO18lu--N=oc8VjbVt&S=32Dg*K)q$sjF4Dtu
zE8JFS&1$RtnID5^K+K<xsYXQ$wp@pL*d5fFYogVJuBnTz2hppS_1CVv7;ldCy`owj
z0k<mH5-bVxQW^FAp&~`TY-6oZtKy?mp=YJ7Bto%lxJ2R0hR5Uf)-emS`AkGwVeV>-
zg#Ls4R~Zdaoh1g#caaEr9INU|b!n(Q9t}Yy5VdWWwjf>^h*gK7V5=^>^^L}iA4%U@
zj^_HU4yAf~CgV<6Eqfka4hKk$*0W-#VkxXPv&QUkY_RrtSTZIr+>xtiWW=eSg$pZ>
z)NQJI%fgd1?ID@%sd<lT^H7}Pk8lJtzG))j)9-{a-oFSvd_g32kcs0yJ$B=i32%wx
z;ct=7K|`FhKJEPSY7t8RpVSGV4FE}z9SnFJmyQ2NiU5)llNYTQHVpp12p3RLQ2!@;
z<3E4?OW^)ZY>m7e++68Rj7%)eOiT?;shCU+4Wah_eI~$}J+ZOKCWB%%#i=Tw$Bm3a
zX|#ZjfPfTbAfXzf2S)xw0Ac%Q|0|>8zk>f~#QA3;4)*3&7H-b}Co#l@h0)c)!Pe2p
z-prQq|K0CDOpyPl-#-G0o3WAe|KNr9-*_3Bn3&m`{R4OSpFID&JRKbz-5mb|`u`Kr
z(b>Vm+04b|f6n#4Lv(R9a&`OP`2Ba4`A<dvXEeh9rZQG`Miyo+jKWr~c1Dga|HC2w
zJ4ka|2P0Rr|0?N!ceh~wL7F(&yZ(pv<7sDm&39?P#hw9prS4#8`weVU-`DQ8>Xb}j
zw}pkxVb!P!h8Oi~NRza>nAPM}W7i091?jsx^(^(0E25my=`~8g<K9e<v`HeCk2@C^
zvE06E058Ih5|vK#VPB$UW6Om6PLrqv=#DdB(D#PK-6aHUwpXvF^l`$Z7Ql<8diO;u
zzfJ62OA=<S+_E>3aVzV}_@Uhw%}Z1Tlo}&<w#QHQCRj2&idL-dFE*&0K5SNXNN4zA
zf2!{sZy#Hf&mOmjgeLrF0Yqu4;dQx*(cpaklDhDN>7*(*@PH<D;n)K=gf%YV;`!cF
z7q{Jp=6p3LA|k@gdItFA(cdXObeZ<<k_3%2tDeJVrt6XijoJW%|4IjfdNN!uiB1kD
z|AD&xLMgy13hVhaag^}R)M~wOR_&!N<am7(Ve%Hii#u~DCFBE}by2{=0Y*zQd}=n#
zkGAvy6`L`x{9Mo9fI2NCnlTexdan&9F0bpod)cSw_a|pkm8A6cci6Tc!3WpKUq_6E
zLW5=mK3-;F<{5B8=%Uk}`RbgLo@Rs-gzwAsoOl5w5q;Nm4v!bpQWXO9RH;O07v}9c
zN)mOcY}E4ho<T7CR_8T{bEe!sTaAC+t|^6>nrQ=<>W3C1!cOB#u>x9^7LH=T4;+Pw
zB<XjaVBBafXTlg+aow&`7)_9pgeNG!w-BCHF@RAFyXk;O)aX#6<akS0<7r4!%lK8>
zu@*P#7opI@7{tz4#p4&JjZz=NaloK3qN5X}9W<^*SbDVWId$=9&g9}bi>Q3-HqYt2
zIy^PT*b!$)v4D6~Cg?5g@OTLO&k*(I2%q{f@4UA#^@+X|2?K0gy?!#Y{vhAnvhRS9
z<XswR1SJOVxc7#$^yFL8AqLOr8;Az7P@($OsW8{N3T@Yc@3|ja{Sx$J#&aOUqB8!)
zqmq;jJiW@R{*e>qf3h!p7EXgCrFxDswG3%9pQ1t10sXrf;Zvv#^n4DS`ql~1pZj3M
zk>m?OB{uanfy#FD>y*IB6a9JMLH6QKl5vRasvS)425y5IksQg8!c2Dx1e!pm?v}+*
z!VH>M*mm8E#lV;HgI*|$C*(!f_u#g91djGu3!?P=xsOIRDmkcVP=+8}@5W#@!mjH!
zr2mZt*%)C#TFxV^kYB-S^ORS{$f|Vl)iPH%XXy{RC!^!IIe!88-wm%vM=1MV$)3#D
zFpGb$9g`t=DZO5-=`=}Y>J~pMI#AcVSMu7q{9xwfzSthcC&6wG(>}|YLiSm~N{-B^
zIm7qo0rP#>P)F#WoW!cUX;H}F7$#hC)WDpGrMt~jj5zf=cmVJkZ3s(FOFrYEBMOSA
zYB*>m#v_o3r$n1}Nu!4)^hGwxI^nd9jGAqfp7)xXRrF7%&yJc@;BbO!stcZ9z*USp
zq-Ub1m5120PBXc+R8bY%i*|Q2*%&DAD`Mq&z42lfBr`CjU4VxfwbkGJI{f7Ajs1Z-
z!7S2-C>(`;V1@D^ERc%dMnt)qZ85F+R{K?)X(9yb+|QnsBNtoU-;*qMq+hTkFmsdh
zio%)X?B?~|-`ky2_SIHpYO9skqtr_@U?$IMAwN2YBw!?L`TS`Q(B_HNXQ^|ozcJ-(
zRQ2we3SRuP?rS^sP3~C3n*1=Qe(Uh86<A^6Trxpl``qJYw<`@_`}~H!-q^Vo)M`d`
zad7Tt$2{?c+0UfxDY)}g<gACjDV!%<p}i^Ph4Dl=BAYPCE|laz{#v|@&X)#5*k%+%
z&+N`Rlb8Ql!<njw36XX+#Nn+cPq2M_@RaYgvKdKnY@AxaL@rC2!7X6Po7`!w2ohtu
z!NTfjB6Q?0lS&8v0Wthov-Z8J-urMN{q54Q-2Tzn6nxb@3BvNOumRH}{p<G=_X)op
zUVZf3O-euHF02`uGoX3h@@ou6^M=oej!>}jwSdVB!^-G)8I0|;MxP}C>kJSr?Fsfw
z$02rfO&Z(lKnl^LZg4sjGiA!{S<Nxwyf0P-`o+GA#734KmtLcrR}%q0nAW3bxwO_P
z#CnA&3pO~D4!K#l7E8mTrKO(pFc3HTCCH`L9o;RgTv#F^gLSL<VPUVn4jX<9eaK(0
zVEN6&iYlo27(oYPIV^&k>w4^=Pq!Ny&A-{#Ly%6)+3n6B`ZQ_cH1u^z&~B*?nS|up
z!3#F5*|{7Z?i|we;KURkwLst7y!@Nwsa+fUa?Oe@OU?SS5)Nine)EBc#@viO_L?ge
zCXD4O=u<#8aOyR!{l-d%500`@Gn0<f8Mn`ZoX77CKt?XeW#$|waCY?&C#jeIsF}0p
zHcJ8Mf+tsdvtx1LbN!~2N1lsA*0aX!FH<EP$KH%%;GmJR#1wZmg^BTvzo+fyvW$G_
z5N}fveQ-S;mXSG(oI((?;*M}yr&Fgo6JcUZqgdKphG$NIW-u<N3Dj5Qh!KAHD+(qm
zi<mQ%%31Wz%f+XjiV4n%l(Yhvwq3jyXV$hg^>29<C7qZ_FaMAvX0japm<bFNvyW9Y
zc=zhVqCT#4;@k}{fyzTKA|w9t?7U}stFv9ghv;aWzw|3tyfxlP(>31b>xz6f-l)(O
zz)8>r(s<-Ie;4+t>;2c@)167m%y;_JxU_9k$8u=h<_8hK?cTkflb;l?jD{>`rXEQ<
zi7(8IQUuFeX&R9w?u#%R9fGvMn+FWmKcW3z1fADd5z@_S5B)JgZBj-KQwiyW6c#_*
z6WT+2HOsm(Ka1mD9D|=j@S=)U-3Zmgkces^<>kTsc)(`eY@;OmQ%-ayt6S)X46H%q
za2Z2-`xCO*{vEc^{+>9z{k|A!lP`ef=kbU0gP+RlwU6_GzxHMuFnG4<EqOrTYc=d=
zxb5>cvhXT2p>yP!&+Zp9u?=CzFR;kk;H#4kZL=_6W{!)va+*)n2(QVR1_)}vo&MdS
zQ=@MkAEg+U6Hdf75gJ3>`o@Q<<fLl$QG`vM$c^ycTG5pH5c=<3mL5vM>W3emB`>!F
zQsr1Nz_8Vr-5nPU{H_P-Wq*T7G&)<3^S5L1Puotbcl;P{vo1rss(veaiHna3aV>rx
z*~rVPK8f*w3bJ93Y6C)6<^3=o2^{A1Je_={aoe~|gUPf}1@wW#1QzZ_s(}Ec>W)9>
zd2TaiUdrR@Zx)mnQbH%01}ta};9-$KwG9pqJLZIPA3jXJ{4mu(&l`9D`-F_>mg!&)
zMxg8XyJpey)hjYAsk&sF7q!hO=pI+z!`CrkgxNEQ7}C$KVbR@iKXyscIXsJ%7v5$Z
z7yPB96W<rKmIBFMeUPC|F8*KyH<L49eG8yPY-ip@e(*V)T9+6wr5)WeA-%v@l+w<o
zoSz-uq5R|aojn~`EmpR%IJjOcD09<yGk^VWi13Gz+&YE2@rM-hH#LLb584PN^~xEB
z@eEVhuvgke-z)TA*Kvm$*3<d4EeC=vs7xz&hZ;$5cSn90;w1Ze*aruhGX0;xb{2=8
zF88TZQ~U{s+41#^Hp+h`0#$n-9~}g|1oC?X?*0AlZ=S@)Hf`|m@Yn@X0(ax2T^u{L
zc5dN|>mV`E6OCWIp^9^GHlM#|CVg(SZFg~N+&SU{P)M;G5!qgXLY&^XW&d>6gd%pr
zskpgDfv%3WGRJ-v`1xu+{=IXkJqpTfcKXpZMg;QPHt3(LK7uco@Fcg4L9B4`wj3-G
zQy|9;_UmXXfwy<m(Q(;cS&_D<B{;8Zco}TQ*1!7NQPF<_*{yQ(LB#ZQg^_nB<n1YG
zeRJ{%0awKkOO+LON@wvjz|kmcE2e#bI`=IPh7<P#Q?2h}4fuW+i2ViSNGgjQ3kD0e
zLj|6+#}=Z<W4LXD3$VS=d~1rZa2>KSMD8v|4zwzQOtt-s)2hI0ghURVABwVO$q2T%
zwjR4st!MWa%d;fPP`OzWn~n@oYg#2hP)HqJFtWo`a;h_<l9<bE<0J7ZHbHb)UJUFm
z0`7JSgiJ8g#<rOhZ0}_bk*4!VRjv^5@n|3mTL6RPn601QZ%AcJQ5WLe_WT5XO%@HL
zX8@KUw1S}p_48Q~XF`eb768hL1yc_`gks%0qaCL{^r;mGW(J}C*}4vKRONiZiX0^S
zoU*rcE@(NUe=i`MRL=GiOLL)|J_s_45<Z4TqOD0fp#=#7OE(3`X}m051--tfT604Q
z4|7)Q74GEsqY=QQKKq<gIR1`1EKr*qR>PyQ+LDS7r%QyE6yh|(vw^#oBWf+MI)b^3
zR*VBc*iRv{_@%k6+tmFU==-?R1&;KuFYpC**ZuuD<;7c1<fQiY*dHI1A^L-o2#m+@
z1g%b?&2b4J9!gy8SBLkE1~$V-20+2H{bBr*G2k&1(kpJ_aoV_O2aX1_SQLVVrS`<3
zIZ{EW&l_H*^YY0^$`+pqOTBjfi7EQ%3N&*osAzDX3LKIN*S2pFJ&8#w60e~J7uOv0
z;gQ{bmEqygmL=;%a7XEc2)&)E1}=aD-YR*~vZ6uSycNs246K}hw{$YAf4M*%L*v@X
z3&1zUB0FNUR}bllJYtUgrAg8T?Tfw_Z3p;M%cbSR%Is<~yTUR`ihM)YZa?wa8+Vvd
zS|d8^Rygv4Ir~bkUYbzRW>{TZ_G8+jPyx!%ADF-ski-6Fe68)$*ujX1ueZ^L)MH$E
zKJD&fZ{FRj{Lie-yZL@K_wpWGcQ>1X=^D;4IV|4~@MtDjb>QlDx3X{Yq6STed#FYr
zf;Y|pWr-8Qo?ni+!#1Y4J)02QHn%;xp1%*0qso5wn-tr0yT7rXNz?xH-l?SVf;81R
zfqKmCxr0sC`ak?Y<xVY?a6CVH+-)-cAAP-Zcx79&JsjJ%ZM)M!$F^<Tw$VvCwr$(C
zosQ8R+rRXCzw>pU_nvcW|FhP!ca3N5g_>*Ds4=T*J8N=={#N1P5i2tj=hd^!zI+Ys
zH2vIC66*vNto?NJtnP)x)Xc*LF0hFnm|DDh(4f`y0U07mWa-;LSiio42F&55DsL-O
zjl7@!*Y;(}Yx^p6PP}r86K<c5pczJ!jxV8B!T8X6sb@*c#s)J+Jkf&3X?d-19>IqP
z$f!&&>VPtpJ<mZ9Uc>Z3gSr~FQQY1by}*#qeBTJ0MKNGz4!tlIDR&oIo@#ko3p={Q
zo<=>v02mR}?}(9=wlyP)#6kF$1L!!Xnf!-#pgb*O8^cn_jrVhuFZ7vuKZ%e;w<I<`
zbV55t^<($~K`JpC6N=m2*2ZzlwP`kK=mILI3sD)}D@NCJ+5MDXx>f`)tfwrdWOH62
z&rE)a5G$6QeSRaLnf>9Q*AGh;c)2jJf?enaaxl+89${*c6mJIFgE0c2J8))9n*OEa
z=f(Cdo4rdU8lbm6^UQnI=l2{y8BBdKo@d)Ddwo9k(;WecY6z8uaBPzA;sQI}<0Ts%
zg<(+%?d+t81fi~hT0#W=Th&*c?PH$X_y<OKTDxe7r)dT+y@Fuj5nv}5nS5N<)-^ez
z;8fWe?myMW1$7{DV`RSHftSi9JOj~<T_EWaE>*W`BV*JTLqvIQ^>>C`cTPd`Y#JfV
zPp3)VEwi3dCMF<6W=Hih8Zvy^h;2x3DkN^$0Y#|P&Ze5`mq<BzsW`Nm;^Hj?K^jeN
z8_I~+*)U+&7qhqZW!_BUb@YJL-*vB<xa4~Rj^CGrJ!?s@svv>t>im>O3rdm6`QAkR
zQsvB}Bqwvn?BKqQ^V!WX2jr8Cth5|gLK0CsT{d_FWP9K~s9$&EKJ0E7Md}#P!I5DB
zL}Y12H5yi=iPg9V3{kj*toPb-&y4_!gb;ZP5sFF;P*5PUKT;Os7|+{gmNyU}2+`D>
z6gA^L42}<9c*s)fPaG>&1S5wHqY_gK<)1(dCf;O4trZbYnG_du!PVgtCavMM7X_Xb
z$oM<x>7bm7#Y0{1nVPcG&?_u*5|8&o_!2z!`Ark0<4EnYvERf#UbQ2sg08VF8!2oq
zr=qyw*rPwfa#rCL5UN?pf!|=mYT#m28t|M!_<loRRY_ts11rsNAo3C;`zq7B@NOWc
zgT%#9yv`JKR79Omtll&*dl28CJt;7cw%@D-antwep1iLYtz|Ff!}4iPI?-BK4Nvv+
zbLqip62-=8C#d~j17MUm{G;Kh?+CRc<pLt@sA&<2OPF9^$Axj|oj1Ha3mu*29DqW1
zdKi&ac|x$qIF^>WOsHPL;E%qlOd``OQ{5<{Xs3}aBJ)fj`B{JNUV?taKrO|J?}{>p
zu}VH9Zx8ti)>xg%@`B@EhHjE<SyU3fDm$Ol$<Tf!1muq5ZC?%Vj3ib7orsl6!9QoN
zJYm2cKb%p$y#(sx`8LPK3A(2W5NS^#7`>@NVE!?FRw=Q(!P|d9lkvY@fclQHV`W`V
z%}{@3=Laf0fL&)!<4VB+N>VU9fHl|+aXG&Obi*kR{hAntQBiEfXtx9az%U44J8w`P
z1hTB#gUYW)xd^!aP|Yx<g(z-H(_*wI$c>)q52;E)y2b;Y#8esYs`P`8S{3LR7HY6z
zn}Ar0(YK`pX9Cwns8R-PXMIF7lfwfxG=sX-4cO%gv=>%B$~TGlvOw}ENMM&fj&R&C
z2sk0q!3jpsQXXgzM0fjpfz7G|a<zJ6q)%vu93^@K-j_j;8{%q9oQ+Ygdn2ylRz-%(
z5@_)p>twYMaKV(t`}<XHaQ?ccrt>B&Pn-MfrL~n0G5D^nPu0Sv&81go-PT}48(z{S
z(|7daxOp?7<HjU0FpsNIEX-Y!ulO{T9Jb*+c%EZ0L2AfUV!0+CgcJq)usoKKR2C`o
z7DT#*oAMQ@4_X{m$~6Opzus^K9cme-=E3BUG=bt8n1fz$FZ%R;W5iU;dSEtMiMITf
z!VN^kAf<OX+?37~HZ@93$Y_-u{KkPOIXRVrz_~fbVg&Pv6T40a%&7tLBzJb41dDQO
z03-BBtt<csViBf4{iM;)oFBI_;&jA?5J-mm1(A}qJz)`;E}~{3voH(*Y4Nu}l&)rm
zL{q%khO*_F?J$5eXwOBhcM^vKL-?B+=@}XA&#rHGr)e=ZKHk@BLrL_~blz_F{#K)@
z#b1v{DHU8HoTQL+vM7uB$`*3%sq}lP@~vuFP22h;H7o>w5T`cb*vTnHt$x|#GHSDe
zk*v?KI%{dfb7>02C<_LdBL-aN&zgIQ=gaxgKAlI=3`1ME>LhhA|C7E_pH`<${cwZ^
zFovq2l~D%#x|)zYxfcFDd3fFdIT?i-GvwUEUa#DZafFnK*i>%%xPAm<nuh{qDY_#V
z2$R&I`_1sHn5=(Z3_Ta+&+c$+Vh0&U>l!$@vu;agX_-b}0jPL5Ia%_K^hgpYQfZ6$
z!l{V%@ngP+q_v-zM_prwm~Y|wjT4)|W;3{KCmPHSa<`NmR3mJ4`+X6t6THe^yFBe>
zvrH9@DWb1f*b=f-cdOd=7Ei9ykk<mf_^bL6jJ%ivUzP@H)3=zby+~##&@oWDs}jzD
z<o)r8V$d>Y(L1UqyyFL@9Epd?elULh+;vGS=hkD3l$|`@SCRj9Gb{&-ki!j4ic3Mu
zHGovAPE88q5DQQUj-?k3yNm_~2R23RC4PoWd*44RtSA=!-IVPP{_g(XMcsqBe77Go
zOZP1}!hZ$VeztqOh~guy)Un*GnY_a07F?aMS5<hjp;vc0g5Yd_V#LoVyaf<@4lp01
z)!SE?uLtRy@4w1l>v!2xNTr)lwMV!@4q>3vdFuF6TV=9}uciDlFlQO1!5cOL2A6_!
z$#hb`FXpb+)FD40jra=wtEFFo_@W5RIw>UC3ZtL-nJdzyZsvvU7F!RLaW++PcA{*H
z(g@=>ABr9o9#vx}N0M+KZvn7dV$tE)ygURu%f7PY$X?J_3r+^y4Rwh;6HL8vnW+eK
zJ!xi+5T|`O;$AG2-u^;k>P1}pd|4nsf(ua}(1N`tJ22V(iZL*Ba1xuwzK0;ZQ6|jV
ze8ovG8Q~k<9K`**X47NaVhL8dVXOofrgO-jeNnr`=KZC%TRRNYb5MGXc<?`{h4i-r
ze0y8ds9kEoa}DE=khJD~*`{W8{7Q0I%N>dktf&x1f?bk{BPRSSBCW>-NCJ^1lH{06
zl7ZO!uv3a;&SMr6%F-oHkznlr<vTG5fFIljZX1h|xDTV)Kpu@_ENEEWVny*B%S0R3
zFZB-XEUqSgo`8?lNqz#LB^s4XocDXqabiOubpg{vy70oGX@OVVzJ@vPA>0Pu_)bbY
zGh~-2qK`CLP#Vf$Ed#%sbG4i>?SYtMCQ-jplcy(!aOF34_f<ySf1M`^B)oPatFlP+
z5IHoR9L6)Ip2<Yt#FPr=4G4lCFYFu9izBRnCXS@ux&5&miXoTFsCA<$F+b{dPy@35
zApZG&9u60U4+JQX1JpH|Ti$|scPG@|Fz`taQEWDzsm*f@Vu#>&MkwSm7l4!-gj9*u
zKmgbhQYx#A+h>8a)nd|y<c~K~@r=^^4JO4=_90KwQ_aQI#Vgfo{l+$auEb^9_WQI;
zb-pFV{&F{#rM>pd#ld_b1J-i>`ud4l4!*-IF4UQnS|R!ZE(j&KyAqg)9s7#J750qR
z+iuY2lwz-z&Ii`?l-mhc9|gZ2sHS%wIFvgYC{+inE;xj@Feo(3ilo#m5_cXk(!^^F
z6sY#nsVoxnMqXXQ7mEPkdcTgQy|+W4^e~Yzf(KPh$9F|@EUGZ-w69At(bC{qLDDkO
zk{3S#j}_$~$V@$Fjlb)esjyNBjla&*P6p7;Kh0^COfoGk6(*!jcz~_A)!sU_)Cy_V
zJ}w$b1eO`~+b*;s)?3B&(4EQZmw0cIckPTAnNx^e!(tb!-Z0TT56S{Y>^h!kms-`p
z)9DGOV2?hgF!TvG)0G+N3+>1<`~V3RQ+5UgJ4O&HBVnav(GF9=iG&(Es-l#Ta+5d_
zF!OE;<8PZR5O}V@TBE5Qg{YG1h5z6?<BhvcunwMoOuaW8@hgI2B*xDa(u{$>)H8Sl
zCrtIyq)}@Y0bb7XkFqQauu9@gHNQ<;OQ9sFn#r7XdDk7Ya{+FPrs=pa*$BjYJ`-*O
zE*`BsVC|ZFk~CUzMAFQbB{{78C^7e9<|*W!ed3Gi;B%X;V{nHPuJWCs?mH^U3`qgj
zXJ|KB<w0FYdk%@Il5e3W;<_dx&LB%E$)^|Zl7%VZ0~5HQX<+9%nqL^f5Z+T_x%;9?
zr9aV%15IWbn`uI6No=e_k)iW^E|Sn_Iw7O+a*z->cD7sCazkppec7FW-n#B)Hql1w
zR3<Z;0!Ov3MW$54T;b<(e(vp39<ObYx}(eXQ1%ejgyZeBWX{R94nA_YZ9C-qN+)}&
z`;dA5%yaYev;ph}eyshj6*vFd_{Ziq9gof{kNry9(I!D~>#}LwK<Ya-BgKv44KidY
z^SKmAJ&$ZuiZYS)VOG>$Gj9g@B&LId3L;u>iPIK`_f_T)#1}tu(pEa0N0%w)B0&UX
zsubj-rK>Mk0pRN(Z;_xaw%-R8VRT2Ro0PyZo4l!a_-OaG@5pw$qe(}wWNANp>x#`#
zCC1Es;Yh9{d67H-d^NUBlUNEz-XFG$?pF#1C#)7HXJyk`+AW8cR(N$-iA$q!B4;eG
z5`<e*2v9;D){00uu&i}aOs;URN2OM$@D6;y5r#azbLE!SR-<XC;I@Bubo>HE-|;=p
zxuAy5?JC$q<w1c~(H~)F7R~$S()SBmNI3W)W|jhxVU<giq^ic7VoKKcra1!b!8spe
zb(e<L6)F1cUanEI4(GArd-TwwzFg@*e_IXiGkv$t0Rb3~>(*F#)JP-KZdaA4erJ~m
zyDfA(^C|OHbseJb5Q+_>EI-mS8LXs_e^?#Zd;><$7_jqq0#fCTVU49(u6>NazTwQk
zEZ<bqZ6Wozt>J8rzK@5}fgQ`D7#6$(&_D9Ms36h+Viz&Rrf0*og}~Mtfg2oDXc#52
z4eofnCEK8Z5i&PV<42Dwo}a-%OXd+xMjxMJrD8V67~8+5tEAq7`JPUUjb)IWF3Lq=
zCOvcD6t}=#duzx$f=8;p_O+cLws18xgB(JivscHwpld9bbKxvubkrg-)<u<JDqP(y
z@;yxU6Ayv{SCPsjx-JWD%C#R|*Z!5P8VjnTgo9V_I1!Ko8RisQd6YXZ-aD+&v<Rj~
znB`|9zu7a>w6?1(N4&*vhqpcPIuNSpd*_;`{o;J|O!;&7P8(MTr{Cs!n*z*7)&xy}
z_d7eoeb9YYt~c(g_#QFCgG@Hkci(}3RSO_o1AKnM1ps(!_^VprpD5%1EGB8>sP~I6
zZcx&)nPWilI#l^$Too2ym?f8HW=VhmOt#3_FR{PcRFPtUJ!Hn_{b^EVAyJHBI=B5{
z-Qn!hQj2q8(S6EAqpp4B9*huwC{L^+Bi$0SBeTzL%#7KSeyK9GG@)KN8m8zE6Wy@G
zd?uOHX&6*tvhY0~8IlnK85*esuoba5FK2ml^H`6b{S6qa@&(92BQ-E19E!TZ8AGNX
zr}{jm*4^XY(9{76FhHds91;FNZtMLE8!4rAFA4Dyt(@@9<jS$z-s+e%ry*_Z!F~f+
z4(rGaLH)3<ec8@0+G}r{!S}MOr`ATq8H>h?1U(34lI|l(V7v<;JTSewDE;I~nrQbC
zRlD2z%lCH>&{p#<*=QkpXqoL)&AQ$^10tAdP@48*VHYKSSYGfNbRBEmZKMMAsRq({
zAB9{U=U4&t=yw92!(TQ{@nGXA#CtC^s6UfPV@i1|M8<ii2fh+u!31}R@!(0>iCBc2
z^=&lco`79zC&LVSe7jSPf=PCuTjKS~2D)-wzl#1YNJlMc#om#6PlmtqcKg*7-Nvx3
zE>;8lFj1jukX8-qqJ%0xBL{<(U~1SMJeamPabbu{_!iHhx(`MTJC|Kcm&uyAfT<if
z&l{zIVS@v-LD$)TCZC#M1D%q6U7!-usUW&!mm?a{x{byjUAKA%NtN0K+$?yq{%sb9
zQ9REZp|xnE(rW-eF1<_=`O#PYRGw0-e@;P@!X37rVV$@B)GCaky9s_(NJRiKV%Den
zZt+;k>3;7Jn`o&UZ=_RE9Ka5{nusW*XsNk;cI&96)i&T6=CO(r(bhV_J9^#PyxZ!{
zC%-Y)Y@6%;gqzo_pVLLxsbMiWZLF8kSaf9SBF}f-8F8$_*0pIJLv=zH;roUKa}@J!
zJTyOALEG$^z{}Iq&y$R-rrjNSXu|G{pUWnNFer5oc}$pyfC_A7Z~(l`NtXui-8bmJ
z9)*4wOO*v6004gQ|LalsRheU@XKiL|<lsnWZ)iLbKVcoffDm}j6J#{G%tsFjYELoR
zVxHB_8mtORf0c@~*%=+LESFz;k~P0uDa^bTU7vQUhcg^eTim0_Vn9hcDr(wrOwH9s
z*HW;?wYuC$jh~8pX&z9JMb+wJO~t8`7(~ksV>wlqOW~S&%_GxJ)U&{0CkiuI9}NMC
z7bReJyXT3;Ik^LAtRm<5BRkgZp5Rl&23JXT?Z?Zfd`Czl!B;=NC`ifCK*s=_R%wX=
z=EQ3`&Yqmpogv+hxqw_A-3#jIspZX3n8JPS?;X`=ngLs$-%Q=l4BVaO1}?XV6Liy=
z&SXy7xZU0l-{_{^F?Xu!oxfP}P3D<A#U9pQ;VX$${W^X1_olO;fB*miAM3vU--S&M
zMvjhV)+P?WqDhCkhRZ4kg7=or*FFy@u~ckwu^7Uf0#d&KGlxc-UOYZ*wO!&7z_-_E
z!)!G=%7z)<uMbRlm=o;R6T|FT#$g=ppaq<xYoj9}>iZCefs9GJYoqu4KORc2j?b#F
zaiUy7ZZYy`0L`LVF$80dh~2eL+`XS0<0#cc3R@~A5`8PvilZrq_bqOlWR@~&Uq&Tu
zAMG_#Fya@>7LFaC^xW?N7n<Gey}YzOB&spO6e6DORi!V-O{EBS1;d@O^n;Y#6$`w|
z*YDIK5kj4I6K4C?#~}reF6_{tk5i27v8r1*v~+6)8_J?auiyF{_ZvnV@86y$;oW&<
zyTOu`6J5r63b=vxo9$KFO02_|bu7V!2Se6P@X|(<drTU}BI0_x0PtlR>7Vz0zC0N)
z9&dvbd4*CAW^?M<!?;WJA;<y5f8)+$qA1Lx#fB=v!eb29niY{e>KMQ$r}=ci6pY!Q
zHo1zYdxq;DoO*tE<=oz=Xob==*;wPL?n&)3xVe8U*7K=e--U4h<fPno-HaE-*0r3Y
z23({uesv2H5$OA)6Xgml3s`){12;9<3%NcMf!vQCHhv@V{XDod1LIVR+Aoy`PqMSv
zq4eOuw}m?DG)%>fRj>J`Tvk62K)!(OB<4cnCE^W-E<#)a7#B*QI+Dc7em0(I_pPNx
z-!iV%YC<2edj?hvy{F%J43cCN{PJDK+%;yl;J5}wQ9=*Ne`FES2f~D#mX^(9b$v{z
zxAKgVBtHbyb6|TCO4T{#QxI3d^bdHhPNj#qEpQ1)y$&`!$<6^unQ90!3Vqd~x9xcb
z@guzC$xpmFkEv#TBG+(oRIlR`dtXN)!@%U4(eYP=FKS3U1Om+9S(_L>wd+k<BtqRJ
z<A-x3CNODeni;$<7T%CbY4942AmD_50tG6r2n#c7epvn<SMtdF7*JZSTM`^X!g@^x
zF=G&pyD0{pDUHDnVz+u|Q!OX|X1l+|>L}E1J3uTu80necr5QD~0kiX<C(I^F#?`&!
zl7Mpm?n}^4fy`NDpA1(&5J>OpBV%CPtvn4#Qj*>E$ydf@8KM7G-}QS>c;|r~zMU3}
zPzLE#l1f9wwZ4BEg%}Hk274x|L|ZNQOUP_CIJV}*(e4elFFcXpjuXCVz#}!Qh#L^k
zi*m?MRPQ~(j7m$Wd0q&HoQ@!>#|G*W{Bd@2$rJ+S<bb`4&D?x_=9aZb1|!52#N_E%
zW%yQ*21q(YWKb(6Ouq*mn5%x&Gt{(J;hrSeh<*5JOoNC@aIKFyXZ{{L95v$b#`tpY
zCZRp;+W~?8X`NymEj_1x<IUOFT`S1@DX>$Ra|Dn<0@?dlM%o*B6@L~~hgA}%sYvi%
z)Kty}NEugn;zUS%FrI0)A;x~^*TlAO<^~!-DU4`vGRX|A2iO5wf;25Xxk)v>l3W<8
zfJ5ii+L`%D_G3`}UtmMo>C;F)f6uiv)VexaKj-hH{hkF1w-R2d#_??H#jFtCPftAe
z7MxsC{2*L^%T9FUcOZGkgqafAu~eQ&0!EYDY^EPaHJx~d<2j5)CK*cB;Pr{1NK{a&
zdm!lDiy$6}%mqjK=UkaJYSRFBbUONt)EF9L);LWTy6Pm(a5EtWzb}JznPYqy1#%}*
zSpdzMf=`${O3J~R(r3y-$--`9rBT&ZYAc^(;%X2X;Evu=d&}4IBe?}62X_4X#Cfy1
zTyzO&Pt)eZ)x@4NQ$w#NkwN+%L<pHi3_1_oBs5PJC3|5+ydD|Z2L|RYO#6f~T|eyG
z{ZAB>4Nl&Yg;I_h&dqo1nvF#+nP8F5Ks8QJwock@#ad{{Ps8K+{9^NQF6<$<EWB>>
zQ^ook<6z--vuu+JnczxRVm}91L~$v6U}N$+KGt#m9?9l;O3s)_)G{}Ud-#YP-fBPu
zNx_sxB0j_GF@IQ+^JWS7FzMJB=_<K()3p6XO}Hg>z~iWNe_C2XE3fvagBOSZ!l6mK
zB3Lo;ZSU8Tz(Rz3S3~MXcvv{fZOu7Y9alT48>*p?GCut^Qe&_q2Pi~iL4z=GMA(je
zJiiapkmM!1evp`qN2GtpcF=uV#oVDt@;q^*7AqCS49W{;KK+57r?A`-GM*k7h;pVG
zPxn5wOxL3Bp<EB9>wv)LtT02zNRgelru^*b;pR-|*RUk{=7XgL1_01W^?waZzg91I
zaCEaY`p=+rio0gN)_mKclQSdzBrK6jqhY_)HfNmH$SlS-_jBJ4oQOZ{qd2==_0HQ1
zz7j;#w~$mV(ZIwc4%HSQ{TUP_?A)h)gCqbu9i36EDkQ${()ME!%|N@>R=l^TF>V{)
zm&=eYPnlc_xC<pwfAfI3S?bX?5OiRSbTpOrYj@TCV^n@2P0a$+fQT}tW+F`K{cLL7
zr*PT<jb%fx5N2I3$1t0*&H&1CMl{;zs&U`j8NKL6FK`9b?<KrEL|))qXkqAx^aN=z
z-|T=R)<~qgwBeVGQnaFk*G}&&xjzv<nzN|Upb;;YA;6(%D(^!EKm{O5Gia4#NKKLv
zL$>vho<!gWEy#(NO&}e1s0E16$C=yJom3#QQ-fRhvyOWF00U+l;D&vUaKSn;U@z9>
zHe|y0@|C_@3b}8f+e_=TkW&p%;>R=T7}=YCauo;__y+eKY;^i|X!jcNy@KC{yQj%b
zb4L>xo~s8q0VI6a(7*tzTS^#UdmFp75Q(ek3%5yTlzsZwcE!*yued0-Ln;RibnIbk
z?WR>ATKjsYprDS0#0;#mj^|{9Yv;kihd<G}a|r<sg3qvfeH}k9aOyJQ$zd3=5yY*Q
z98mAy5z80wfdoSJ@Oh?f^Au`P==D`bVmi`F48tjetL9ATa!g~8&kCT5Et)}GvIU_R
zWhaxg%?e|0=28?ENO^X>xO{o$!TQwwIozo}`xxFQ7Lkbv0hbs>m%g80{^jD+y=AFe
zw~qozRmf-H#jJBS2_PyEZAk&EoxRGL5*dNE4peDBUWSUDN{Y)tfSk<oZobh9l?zDW
z4cGRV9xY}<7~a?f)!0YsQPImLFdUno{nmm4=|y0oXi0z%gA|<u+g_nw4?GX(luLHs
zzlibk@G{xV7^e&k`-^YvYV(j|8)`j+^~jo6yawH176{=J$~EJ8u3&$x;~eG(s608G
z2?x75C{#0bl_mB~5V^qlg3_hT2DlR3<WBgM`~~z?*$G-Q;5a~jZ4*CSL3$_FVH;OG
zjufi1)y|?14|K?da}ci3OzT;n!JgA<X0i+?%q)~xku>-2D>HPyGUsS<T3q!`QxboB
zj~k|7#TR0l@#Od_J{|rzj=la%G8^m=79*UjDDpYCbSy7GF^K%Rt;d=1ED=F3D)=jp
zm!N)x5H_Ck*}<7k0HdWoBc()rRTT2D)QgvwS@_A2fKW{<K!X@VQfRZA5KZGKf!bSN
zVg&hijqq(lrYu<)+E<s;H>6qf;4l?K3SX>Yjd-57`03&C9P&f0Y4!vkKTtHJrp@a{
zU8_2%uVj3aY;;R_RW!s2D5;&s6e5zXt(Ja1mUpbtDi#>bm@!)nm9vyQ7k<>bRC!XB
zz1*d7vVnYrI|#_UwBof5P^6ZNM$t1WTzHCYERI~#f|AIp>Ty5z#L7u$W8wT)<I1ze
z&kF_p6!s*qmhH!#<+JI7kU&UTgN)$7Ml6yO@>O?KQ5CBcO7VFZx6M@!P}v^%O5^nD
zYZluul=ivE7tBw?qJX@@*ks+3R&=|~1~glSY``>mv52wlB#|`xeFUxz<Gz*C_K+s4
zP8dePLW--Psspk}s|f;xS)~MgdU;YylR@epGCSf&i*%q9$PneUrA8UUp}cs6Qi~$H
zA=AQB<e_L7(ihMEd1x4(0?JtnPkoKxI07f0!HfT@vtmM2HZud*jZnDY>2H&^UFX;6
zUrSW!F1Ptb%gO7l4b*Mnhwv6)FGv`>Zl|V=I+v<%U(YPJ>D&QFm>mh&JefI2I<K7Q
z%FRXh=81$-f}JC{r;JK>F71e5ffd6U^<auh94g(C<61~7>!P&%cOiA(kxK;R0CL%`
zMVA$<A{x0{BozNA4@tfRSlt<f2@DJe?@gotm!8%6c1)py8iENKWlma33msqx0Q7D_
zrcfAV{YIwfmJB*SG_DXj8oW6cY(tRR<k;HeZgj)8Fwd%pmTZAmw#6P*8kgQd_?u_7
zZ(v3PDS`ov2?g29z7MZ{{7>%mk^I4wT85r%WxHvSp7PTYin?5BM7%<Z$prD-7h{`L
zF@keObFg?=0%n{}pCs+8G^xDiKoD%YVRUvUphMa3u{SNgaLt5*>?V#QIY%h9;t%ys
z--YUUF3C%%`?*fgUVt;K>oK1LuW*}c_%mT8-Dxk6jWpJ9)U&+A(avwwRd;4DR|9n6
z<nrLKO&9Mr&BuVCvXuJroxvVsCkXlitk-fihc%K?O0+h>6-+wvw>>DE16&3AP=|s>
zwdQ0HNgCUX$DUymZk%J!is16<%#kQLMzP?vVm{eK3ea+JJ&wG7WuR`OkuQ9~>ZYH*
z2>JYGAlBQ~v2V}T(wy89$ebx-;#Dxm>|styH-ff-YE4-$plGoqCmcGo<!C89a6OJI
z_R~YXVgdB#%tON-Z0RlTXH}SO5F0h?Xq1bU{Vh=31C=iMAXIOZ1MbqKka2BW$?7;H
z(*n$_)Wml%_j}$0Pg{5{ZOx~)7FiudHJMXV%6oF>Md;9;JvkmTWIkbuuhAZmojHVF
zwOvUW(nWOiYbwqYd{elG#I4$ieb-hi#{)F#lImyt9@FzTy&-NuMz_rqak^r0)5jsV
z;LaPHP45BRoRhZ?(s$P(t{u3QDGyD>wVa*N?P)PvV?3WzS6&0|9W%$P+G8T@(L-jw
zs*yU54v{>3AwJi(ca2!yO#=>=(p8VfJMu6>^N565ss$z|tG4QKGV40K^V~SCL0sx<
z{vy^_hPgRl^8h}nIb(t8DK36^=k8pp*p+WVU-2q~wX+6%VmW@m?R(CV;G9uBe?PXf
zD?gV$B#9KH7{JQGo{moza^C}gn%Ecfe0Z@s2R3Y(S34-uc<@03)cLhp&U+qNvN30B
zg{~|Fr<+df!&R<~8{4og*3qM>aq1Q!gKcGqT#v{@_PSEcl1F4{3gE3tqsC+mJfTN#
zIO^`ZmVUx;6CR-{8aZx49eLh&WMO}vuQ#jH&DRY;8<&R5DKdgq;Ii1mfYmrL%aZgk
zaP}66+~=6K(waKrxp52MAibt6ni61#NZ`yz%2lh^;^5lj1Lx*TFgnbH-;RV&hC8b-
z8-Z`%Y%6oizOI~5bXcz`TH*b+b{dEme(HB(P7OJVdP^YCb0!*$bx!hypF^|+dGqq^
zIgRB*&+93%kkV19TPFp^X4;EWVaRQ5*TBubg(zQ`&m&seA|XYc7xg(K!vze7Sk?8`
z_ssQ56x4E#g!^<sAFyNK8hNXS6$$id7gr3IQ7p39A=nSDEOTg9m-VC+lQ3R_Q6stQ
zyRn9Z0IVZ|0c6vaqx>TABW_<71yg2mQ?%x=U^g3r9ZoVnORYfYx03)mI1X>g5U?eV
z3Q;8t-MvEi1iQ@w&=n1h>Gw_?c_`eco>7H^z@=Ngh+yDC0^p8!(bP+IG~6nh6Bp;9
z%n+WvhDhM^HbyRI_wuER>yyh(g`?LWf)zzR#kZ2DIa_m0;HOsYA`<D2Jdi33rzYEj
z*QP3D2Z}TifzE>KUGR2W;jSX{FCyPac#3w;Gq}Xj;n+;OZ+4`|?rxJb(++%w(RH;7
zH#&srv!7+aARS2pu_+6tHmL7Fei%d`v4ZAxF|Er`eoo@to;l2V$u1GJ;#kjyyfIaF
z;_&I&!am)!Kt4}gbzZ?UMwDq{-DmhZw-L<sno+n(b*G`(um4%4%4&<-LW5B^+kE}L
z601qXoULe~^f7!if?oM^trq%M6_-Il&=pK1?w!i@y;7B0dXjB0*sQKTCJNZaemT-&
zBgt&==DI;>1|iUmfRz`iv}emCiOhG4ycgzkOg4ZOety8o`w=X1@Hz9{OA-7f!652S
z3M9dc7z&Y^4)>Z1J`bh#E>&kp<5#j+wep%&ZUPFNZ>4Cj$zfKjV4=xrtimK>!)PI!
zSJ7D|R5S9({-{l_m`q+qp(C-^D#6JxDIHAxhQkBYf|9|Soxe6;z7diMqE*3|8GhbH
z??<eYFhNcmi<?5$mPOsiuN!XoasL$tqu;PtrjV8fZ?Ls)GB-T?rVTIi6SJCXmLB`0
z>aj?b`{-m(7r5<`kJ)+$50ys|eMCpR!PVVM&}Cv1epE+Y(%@#E{rygX-F>t7{gqM8
z(q}T8L;A=jk-N5t|9rPpzQeV`&1v+u7*Pfvw;%)Jd1i%A6d2HKQqd+d^6-3)Up7Jf
z&7YjM?NA4rs6#H(wp{}FGOE<Z?_Pw~=qV}e(tuILPS~>vp=jHH(Q{|&1zEJ`c`0Tq
zn4Qx+Zn?|d6R>k{m{a<F^-AN8Y;LZcy$e={=~JcfJw2z6FFWVw3G*9`JJQ1{p%V!@
z`PYnydF0JfvEwwBo4iUiK*`gEBRRnn2hRJYfguNO{FsxTtTDSDI^N9Qvtb8Lqve4i
zXl{J^%yK5rLeF-`bXwP1s`Hd9JL|*Uml5$MlhL7|jF<@WvYAX$d~%si_!mt$E$54i
z@yUU@ysOIwUoLMzp)E72cHext_R@Y2pVB^L9q{n^4<V`wLedMdm_F#?vpN~eYi^B0
z=%e~KN^@TLF3?LbQdDCVks9GJwH!MRL2AoLvHdnvybKxbT1n2;EKm;ETN%0(4GLut
z5%FsUO#@wx!N&q(Zy%C2LIb-TFR%VVJVuELu+mSt^wI(88^$u%9JfsAFS9)RNzKcp
zZvYAA=Iyv<n=ojs=Wx4yR!Mqcbf-YHRR~+TNVd@t_AocXQ4*p9GEZ@&w#0BeD>J!$
z%lHqmR_5?KWQn(-_Z)|%>3S8nxD3)Yp)3493q-CkmSY0_<J!l+KCI?GW*m(@8s$Be
zcL}VXDPUTbiFk)fIDHajxI$glm3*(`hcLRW$hf&;86dE=NV>)X#-*!Dbiqn*4laTn
zs#%~nFrNULO!f|5Xl|7R*Oxy!LMPwkCcuz8;Z-M>+R5d(_GUdUXoqdBfDDGrhobTY
zGLct2Ia#|bC^Wcw<Fb3i$L;nljA#K3)dDpQvFjX+6mYL0yhmFPxwyj-2<IEkD)~`$
zBjXV@l=`?@A&%5O80xJZ^NMk-IgPc3e9K_*4l?1c-(+er%33)WkVrYD4g0vpxaalL
zhRciU8JiQh@@P3*U?N8uIm(f&Pdg1iZ{BVZ==P}7jn@;)MSA<keJVRc!UPj-0`5Eb
zuW5FCb@CfMJOBV_`2RJ{M*Wy(O9?6R(~3z8)Bpcj^p7-fMS_%d9|1zpJ!jBBBU8Pa
z5`{F{H+TOV01$XMB$&`FicYT@RPxGF(Z&Q^*WmLGH;8jM6^l~nz+zmsy@1YmDA`tJ
zgQeK4U6)rexaWyUsCg*;ow;19Lx#;J*b%@MWI2)OUV%L^`$Iqt@;Xq-7n{%c-_F`n
z{AgQpq5^*O!{TP~jT%`BQEjjjHoHT(Q$Y4*$g2ZoAqp3~7P?1f*ZZ~BhrH?W85x+<
z&$bZ$EU6NKm^POy+7uKFycZsuL1@#J7=k(SbW9D0?Ok-`$gKO6Gfh^@LR&I)76xu5
z1a4VeCC`}a!nq(n%uJJfmM<6Rozb5pSkQ(eEU;c1L^v2(zfL%jI?Ab+;mVmB`~rO(
zc4o_LNl~?<F1m9&y~d8E-at?=d)uf^EFiwGH<XkXQ^H=2(q{1fM)v%lL<i@MOv&eu
z{Cg<KuPXougaYvIjp05n!yoono4Eh>`tJ^Kzg?t0Hvg?3++Qev@rZxwk$;gVzpeA5
zv)rE|=f6DvYG?QRm;a+z{=JXS^uJZef2x=N{_lVL{ZA*m-}@^6fb(0;{O>5g^vu64
z>K{=4u5SK!q+e>|-!}9QNPnuG{~hP=NA&(rIDb<=|2xv(kBF1`f1l|;)zJTr^Glrk
z+wA@U=eIig-%)<)qkmh`KcM_Cwe-J({r!;k{sHW_disA*{<?|(q{)Bjr+*t3%iq-0
zf8E1>IsQp1{$kO8o0R+qk@){{>i_NaCztm3XGT@&@ATt;d;Xd3{JUq8@<)pE59aN^
zJ^zg0ztW+<jZW*&<mi9<{TX+D#rNO#&GKKOy{rW2M@AL^0O{kC^%1Vnt$*$PKPrE%
Ap#T5?

literal 0
HcmV?d00001

diff --git a/documentation/ESAPI-security-bulletin3.pdf b/documentation/ESAPI-security-bulletin3.pdf
new file mode 100644
index 0000000000000000000000000000000000000000..abb7458a45b8833f069500c3d362cf815d543b84
GIT binary patch
literal 89154
zcma%?V{oobu&%=u+gh=cH@0otw(VraT(NE2wr$(CdA@JgKB(IJ)H(mUW}bR}%v4QZ
zclX_-^1`CD3;<?m(t*N(&VlBE9B4)YdICE`OK5IxI%yMIGiP%Grhirx=|nB8olP9+
zM6C^+O@vL1?2Ju#d7+)09Zd{upxraOG$mp#T9LY6YHm6H;MKKC{4vPgY6hLOiT~w@
zIZ25_KME7uHn}55s~v$#`qAY9iCtwYNm{S&<+JF_7`n6l?Ui~<j>$d<4&U>Aa8={S
z{z<--^-p|p_5OCeMTxuLn7P0Aa1+YMJK2{yaKh)uDR=DXd;$e{=3X1q+2wwlK!WhU
z9*pFekjb!}xz|tI_HZvU^FA?ZN4m?h+X3+Tec!tNcz@I#fC4pR?wS04Y)`W%GcuQc
zz-h(3v!wgB*51Fuj3qswBdkg_?+1TT<e)wj=htFznn{uHUNc$WouE1HvM1BpLP=|j
zM@<Fa_J7NbB)?YYZ-p~pGcHG%N|4aD@cn*1vgzmRDH8MhUf6JE$5#GI33S+N9Npas
z?Wrupn<8`%MC~MH2QtpW+5Z{!bQ$G2G{_~7`*B&24h#kmZh2s2;odDn=-Ev<#gFP7
zyCWV|O@?;3l&TWs<st$N=}$+*n-RP0EgcxeL`Dj-!BPT6kmRzwnK~7o%;<??M;{wQ
z(0vMv`oqw6K5{X*i6q4u+IH$3Ykm)GAhDTWANz9!hwHT+d_2B@>VXG7+uV)#<6EfQ
z{gEsZs8H4~%CE@c|3zH1jycOL%H>bb5!P#Il{DC*eVpV5+G!NlnD9bNnZaI=`UOIs
zvcf1~spc#;&o%A9Vk}_1##9YL!_#`_m+fJ1e7irIO>wPd3psaCEq2itsNJE1u(G@3
z3dOz=j%qSCuP=+>;~Pe|x$0){yG-1vcF(;xnyui~gMK~^G%{x8gI#O(*aO7Ku(yXb
z!0mM<l!G5`Z8WUFeN0JRyU|6jvmQqyd_MXBk;`E%l|DFg!7{t$9@O?Ih3ya@emkDh
z$K!!FSz&GZ&*rOS)Xz<9yZ&4|Q(e^aXqJEghU4$6xB=np_%V-0AzKVZRkD=1-yVgz
znxh_#Vzwv$ejkTjV0JtQ&oTL}e3JanroC}STBaD+p=o%8wrIv-bXB1H39zEwEH(k)
zpTCAZ&<;qVj#kn=ZZvqwJshu@EXrTRk04V94<G)CpCPq2QqDCjJ_Nv`i@8$81{nu5
zWeChE9{!%hB`r@p{fO<<R4g_g6B`f7K8P<8{DW^~S~!ASzBi7mIC!`ltahO}d<2-0
z%S$2JKp&xj4%M{Bn^;b<nRx6616<VWXNMa&a_}c<Y%uyy2#5s-4Hg&V!5OZZRtOW!
zjk3?LYD}7<cKT3?C>H52_@)6Q@}R*;Q_7Jx6(*Iaz-vbn=pX+6bIiNx5(o-Z8%D{n
zyogXpV_D`I+LjVulNI6j)yo_+w3<;S4U&D1aPj<cvnIux-H%&_vwECa(_DsEHq2F%
zlp6qh&>6Kq89rux_22PhsxQ4iCex3Y<wfn&(|ev8*do+bDjT#c`S;Ms4-Q(>gQZ!7
z@<j$Uisd1uMaB>o40Yv=xT9pNw|s!VArZP!K7gOr$7a8)eyL`kW>2q*3UUr#481)y
zr^(x;!o!e?bU?R5MT3J1vy;t4G;7(Dhof#Fn^KmXSb-QkKFZYPMBrt_S~A1q@bU>~
zi?6~dVdnd41)6VFUS}jCXSY!!H{h~*tXHt<x7m&Ikfn^l*V<~wYIT{H1V|p*l@PAR
z5Te2wz4eP~pYNX*!)eGEBHt=>2K*zsE*pWlRn_)CQ`eHnAsJ3=n<1_qdLHq~fsC?9
zV-2v3n#bTXay>v4CxxH0*l(c(m{f=qJ2hoF5}ShyAYaALF{-FL;--@zEY%W6@`fc$
zGxv1DG)kdE;w-w;8taB@+1V2IUZyq-3|?T8ll1xm$d0on-Wn-@HIdAs(5$7B2nz)f
zspq<MnnrLgG}MYm6#`86UoD=baBYj0k#FG6W3hudjf%`4(rBv&A8{sJC5I~7&n%?Y
zQ)Nn@E5$+*@-4>QTCxUGteaa+SyvWG)t&41aCh4N{1O>k+j0-6W|nH?jh@z-a*IRl
zqS%&I5rtdG`zF+h&jj)@x2X3uWdVj*_bBvnv1s0+tXo75QKi9$4@XVVZDVi(lrW9#
zMd2o#e~}pVF$Py-SO;7mA*IE*0z`qKy9AlgdeSL%ONg=<VI{8R`}&M#acg_yaZ^Dc
z(T9TF(C~{@yzRR^aWA$=Mj34uE(;CP7DW~xazV=-$UOW2M!0=GGn=D^jyGFjLUob*
zc@LZ|rjHJw%8X2T>;>U2kBUASshyFnBqMlj6KXW9MpJ(T%0XHwAzYCHRj=}c=8K2|
z-SXu{1C`k{4gWGDCrS?PKVsWUD-e*?o8=a4f5RujI<5YSFFQ;hA#%RRpRKA$A}7rf
zNzhEfrlQ_{?+;D*YTaIC2pXCLh+6S5ffckHjd@erEsK{?**3<L6|D$sC=&F=VyH#f
z2|Z7dbuD5K8G5y7vUO1eF5Y*i)a#);85``*k&UwU>TKP{3QQP{FkTANpETRh7|<*z
z=zI*qZZ?j~w=3B(F4jpX$T9Lt8ZI$~@fqad$1Cytl~Ff)QWv}CR(pOcd`jFG*{W+h
z_5kNW#MIdb&MDt4YR7y`ak`Fzp_@17la$lwY(@`$>m|_A8$HUlnzS~ISI?t9BedGP
z;yk<v7T4c|p4){|)2d*3gGn+*I2_zg5i(Nb>c(}`#v;wYv2dey*w|7E%v-Rr!mfZX
z4kgd%g*MU~H<;#dz3?Z997>HBW4tfm#J{};g^dn96Q1ctVMdSiV>JqCiOX~xB5HH+
z@?P;|5Y6WWhU?U4L+<UgWoxs=;tyC#uB2l7P3H_+`>HagGJ$#5yE^!8Jfq{aOJ>n$
zuMh3ivm;C(D}>$?>c805v&L<mJ7V=~29b4gfTnb<HTtgF@D^)OdxfmVb7y>Uw2ZBX
zg8un1gxd#!@M6s`6eFIml_kBHjmqWXQ&0?Oxf&i5y4kgoJz}-~*EPy*7ax~&#i3Px
zx>G}nFXIjB2f-mZNPmmX)Gt)F-HnX9rW71)lj*1;=2=uWvGDrEAkH)EVQlr&D7(S%
zj{Yg7@o=b^t2t5$zf9g1gWg7^l~5>WtZ$7hcNMUVW)x$+IveT>;L(-qg{QgR0XXUn
z9ooLm;RuwMveS&XmsB2n&R+GslQwR9;)Sp54edIbUuVy3mdhnx8OIb^rZJAByf}pr
z<8}i?WY<d&*rerijAsE}O`|+13Yep{)-DR`Tf*aD_jfWrAeoP^aUBmf@9M!7l<Hjq
z!O0S{_CJ&M3}h%<<2rkdMMEis$7>#QYJ>DL)C{-3?l-S+XS$#0eaE)szLtf~2i8An
z7QFf|tK-)e&3LuS#7*6-9%pbsVtA3$6RU!Pu4Xn$G6S6pRaeJE=O);g4y=v!`+)ci
z6Re8nM-D5m+H|lS?5NepA;O_A{1&&*6?D2dNaV4kIBOyd*rIc$uc;s-9h7Ag)5mpV
zt$ems5z<S2)qMzNpZ$3vbmyWKu{9}m9KTkCRNrv|Ja0RLTkVb|m+8yR(PTP=s_`6>
z%v(9XCiFt@&T=><WizPAgU&7i0)NWmrL^{!D}H-BB<RTUEdo37)}F#gtRGlm3SoYY
z;FU1}xFuz;YyjuyO!#rDveHUT{prz;R=Khno*Ocu337>Mo7i1eQKY_ERV1syf9>G{
zFa1dBeo=uz(4MS{9SFmwW$7rHYs>n*C{Xu<rLGww4TO}{;dNp8tu>?{{47|zHg(ci
zy$Ta5R!yuq*VENbO+;(MXH7(%IYGx=MA25NiZ^8kA!l5PKgkTg95%j|mAwTRs&Uu7
zny<X3gb0PcR2Ffo{oQmCTiZnC3Y>xH=3t(=F!il<01uf<*%?=I*AqzTJL@%qthH!-
z8X5Qj!ar5Kg*LG@{!hOCC;Au3q5mcEe*;DidWL_u|6`HmzW_Vy{|B%SX-UNpw;*+2
zsGVB#OFk@J{sIGDU@8D=<G>;aB_Q7jH*g0X#Q6D&RS~Iwy<EQhHEd`ms+d5td{7ai
zvgnL<vLpAyBX_++bGTN0|G6Po(&Oj$jnKuF<@fPo@xhLD^}A`ov*{!Tf5y*qv;pxX
z#_#KZZ2RV&EcruZvpA)rbL^?wc7B`gnAM_a&*yAA=lEmjtMOZo7Pa%w%a;7bcKgr6
z0bR*U%)-l1zo4AjnA)<zk;G<I&OyFiLV$&V;=!RqBveoGkNMejXIO>B^%xXId?Q7x
zD@q%On!A8q*->{02ExxNPBmT#CkwkyZ|fAbAiF{EJ*XakquL7t>|%lzva<-x046Q$
z)t@c`aMSxKHbrN(NK1_xC#}fR-X)oR)QIKxO3|i<rS-YeO>@xNvt-t<`}1Pf7k@@w
z<gaK(XI0RYOf@9{xa3_$Zi)kG|N1wb=K>eOTfVB@Ei*;(HmFlGe&}0~+ZS_}J&wkw
zXz%JNlCSt`J5zko)-NwKO@>^MH)yF>^Zwp|RL6(z!lwjfRIi%8rNPTCD01iL^e=vJ
zS)$(h*9Lb%+v$V?3dD}CUR5^Yf!fmsCqz*)o6h$x$Qy2fA#0;|hu-E1XO&==tfb2Z
z(RNf-&iyD$fdzxhq&upe;Q*Y2{3`p2b$8m0JP0_$ERLAl@57db*d2|Vd4`-1`*yZQ
zp@m^g0e9b682|JH$!5sQ#*(zOLB2c;=wGoo_&EiA<{~%(2~dH2eUTqPtG|;B2suuq
zt7Xj*4HqM$33DFV#Gd|6!O*V=;$hOVWh2LjP5%`J1A6rL$4j+}O=Yi!itm@aS*rcZ
z{)MUy(i|ZP<uFlDf5bDx1(_2+b|-Eb;y@#G3>hQ^c2Yl<o3iT|94h0&4Cb_ggT0|N
z9c_sE%shva`U=JkduS;F_edgrtDPQzig+5JW&T8OaWL9{md2zp2`KIOEyzEdNBKK^
zf@HK%ePd2{<ShEK3&iA(;t3P|>@?UzEKH4@OqxP5^-5jcy<ANl6J0=G5?<_H)Y-yD
zFpNxy1c%|Ni;?U3_LcD-YV|{b_}2?1<J962RHBt9&e^+#H|&s?lxprLP!MlmZlX#L
zu+}z1v&PAVB4)>sow{uv9{!=)A2{(Pdfd~v#CX)e@>&Dwg0lm}g3zg<Of%1y1zf$S
zKa@xr^CjZg43b=hb<4Y}fJkRP7)~?A<iG`p$R5WYek|(rF+58Mp~{VU>@q4UTe!VU
zhU!aqO|g&7gB#Fg(i6OS^Qf+K<bu!cwvwmPJj5B}fxWaYva=bdp77YyhRvIb!yM>4
zebReCGQ&G1bc`01t$MCJ|6jN=6QA!ZQT@fGUN)RFz>IEK@{DoKW23il@xY=VJ1zx*
z!a}a`n<y$7p9a(Sh!2>C5L2C%X`udFyZxY1E_yM+58l3CA|<v4S#p7fV~hht^k^dF
z4F&6kD1I$XR_C9nH&NnG_`dl=VuiQq%|6UR!c;)JK~j@c-U4BnzbqKvYcIMSm&S0Q
zqA+I%#Baw+RY)ztLM=>0lce@KsNnJl=%NkM`S0+8gFWL70@-}Es8>;!VF7=6O$beC
zj&w8tD$Q|J+a8P;g!QS6iL}zpxA()H)C#?)MtMF|n@ZH*%R_Yx57Q9wL!LCDVQl?j
zqSZAjy+Xa=NTp%t4vg)|@4x_+7f4`nF?i4!CdCkTh1$pp)c)z~mil?~myO8@8YZ6#
z4rPW#jniJXAij6QN6(^2i7<(`$#YdEU0FZRfy*ez{)K*aU&}i>+&9iBL0T!YFm42A
zl(S#^d9t^|u|8CwF8Jdj)|BpY6(agiYm{{fgPdc8?HoxTz2-Ix>)jhil~q(B(Ab$F
zU$;lhZQ@^9yssBIatm)nnUX!3SB^=qFEuAUD%4VEF(Oan(PC?1_5dztu$KWFG5b1c
zE3sQ<Yl7CtY;~yLxT4rg+F0Y8f8{|xO|&V8nCaw>MsG9QOnyiC$CGL>LOQl0jpMa*
zXM=z4^KM^It)>Di=@3fPDAVmOk5Q_&2|1`p`H3ahq=_SCVs^{0St8okVa=NYg+NTh
zkBwJojHF6HO$mZIxTB3#@x3gjr=&qL)m|x(OoKhIm4RPPa9pXroWmzcYegq|Qh0&=
zqHPOnZ=?SuxF6JYo?YV5Sv_(NeJPMuf8w;XXR!33&hb7K6BZ2Q#w(@LaB!knDd{ld
zEVh*<hG*ONx?B?3uKS%H6-eBax(J&3)wgwrvv9z+aGu-3n#tzk1*YkleZebaID-a4
zs){+#tP;e8&8nRQUuz(ihhYS%oM9dFdYX+IPt6^R%*P--K;11otv$FukHl>z>u|ro
z(VodAA-L4$|689Fx8n3P-m^XvQ$#vncPE!@u2k4PwGVFSve%0dt`HZZCeEcIFO09n
z45vw>AHCHkLU?;`n<)C09R?ZNw^>}CxMfCPH8^?5pQHwHSmClvEO}CMhBQ$h0*}h!
zB{QI>_DmQ<pJamf@2I%h`K$x>y5d@SS#MXpb)Aq7bS=t-8m4VU;x}Knqw<#u^vgO>
z+gVDG{_)nJPaqCBnUk9%7Qb@gwN@uxEJkt1Uto0cN~@Htvej^=JZ3ZPdl?mFCN4q>
z!V0QxRtLOcG3@X_4Qy7k2PW6sFA~<g?Qs-NF1T8mTP=vOB#-{F-j*e3OVpWT^=fRk
z2%v3D+hJX&UyeBzmUSGZo%?8;m9?limF8mTW<tahE@he^{3$2G7oyG@CpfSxT&bD@
zr0N&|g@*KYvs&hO3QL_eE7f8{?1&_Z5O*{d+IXGEPB7p(i4*&_5Ck*ez6_Sm`rP_0
zbb<VBoC*Z$E29NKxusbxsH?qpc6nX51QKV;;NPZCP+=pLL;EfH+IM2N3`M^$=*jIY
z3Ij)0F59i+BP&zKX@wlyG|QlHDFpK8Ku6v4?;*C{q?$e+>vk8a?z)8W7}xM~VZM<U
zJ>(xLyzqDa#U;+Iln=>R#Tebr8|IQ%yjbEVTfHx8XkMB+@XlqC>lqx`(pJG23ofNd
zqT|lWsLmO5+9MJnEMj!ptQmbZz0KSH^3+X9Mr;Css^0Qqbt4`WnCx3JRXT84RI4;*
z!f155Tc?4BNA#6cd)q>#fb3wb+dTT!*9$Fo9sa#}Lv1p&3GKks<ak@1Em>L2RhhjU
z;&kQTS#Dl<Tmo8|$cs`D#PI%6+A0=s2wHph*p(JT=mZ@u9gW-rZy63>ydD+n@~FZZ
z>ihD(?mo2-PD8LGac8WG2i8NS$hbk+Y5Gf2umu8Vg<7GmM3pv3_vO&UV{bz@>glFT
zaF(6x7<}z4x^>gnG)t%@Bjbuzi93i3A~SLRrRBDE#!#R&P&6G+<EPVb&=Ann8#{5R
z#U0#~Uo2e9S8y>|W85ZUu3|!4DW(~gG0<sTH(3U~W<c=`i@%W3uxpUrPz^Hc@A$bV
z*X~VW4W@qDRyn$Do1DPKDKuV+)izf%@d%e;1M=gewRI=L9AaD7#`rv48h>=sBD}xm
z)_cOhT}TZNhu8T#<N9&kOYet=M~=~&t2Z%Pl%C5@=5WY)R*mK6r@GGXlqpPI_HVyi
zC{Pf}2lIrvTjg|74B+%&*2>5u#jS-#FH84#SAc^K3Qf|!InEFQS8Nlg23tLEo*hcY
z%+^CDJKu-iDOa@@RX;8g#+_V!F|B{+^&b^EXGv&*??A*sac+8#G!MX^iL2PC0=AWE
zwB9Sco0b+$IdSEG7c~Vw08SXL4~h)JGd!I?1b6Kx6kibC%Th6*D#lGdSPz*nP7KNO
zsB&)F>PW`>v`f16$9mWKDy8nmSrL4cPASY|ZhnHf)UWI?TsleyWNvyxmnPE}YGcer
zE<AQ2Pn!_iC^DYeKmhhRgZ*sK4DpEOd!Ge%qQMj3i5Fdyk418+p{)>?S?nyG2DxWs
z4Q_gI7W>B{n0w5$67?fIxU&|w*dcp{pTzELVf6+lGO-kn9id&lgVTR~&<B0$;Km@J
ze?^YO-{7L}ONBv<RVgq$hVh5Ro=J@_yUF4fQ;h5W#wVY!z*~pW{{w6G=%D~l*PU7T
zsAnF8(UW}^?CSSU-f#DLd$RDnb@uV_1N2vhXyLyRAOEU~e+35<13k<C5+CgUMSO7l
ze~6DNO|3}kHYDF1y}gq^S<6iweVD@|OfViB#smlxyfy&DdjHFb@2{ltLd7K8W;1xu
z-yI!A$>rVe=fy{b@I5`BKea)8HID{cPkSwX-Jf4_p+7|x6aU0L+I+g1a52>rzM2U5
zKkT1xI{1m4-k%pG5B0i_9(O55ubY5#>z#=kJB&b#q=22HWX&eM%IKHXRg=&fPHxl7
zBTT@m=R5sr`R0-N!lkQ6<d1jSk89nV8}7y9QR|2Sj5OwnYRL6|rbDqalJ5xDyQ$qB
zi)G}&qSmLa+r_@^_5rot0hLZ?c#b`=?V8TbUJgvgbj~yFW+T_P{2f4Bp+>=wYZO+`
ze?j-a#M>v6ep}I@!LrNRY_q$2k8FT5Wk}ce`*mVsV`L(Rr|E4=MUu%bg=cEuMW-;e
zIzXS<+Gk1a8D)fw6pf|8Fe2(ILh)BtuA{>oiE9U$H7ZYqor1V%-)8RoD*-I!fql}R
z1lqNpMANISHj(rIdIG@fp}MPkinJL(t~7BO0r>=CbGx(&*>Y*Q2-D45@N-J6FMtUf
zdgrF8g(N~ep6lHS7Er&bEB?KQl@N6K0DH;NY#nJ%+b*ZSDxODRi56mQvR*I1%oXGm
z&{MQT9e~_Tb_S758JD}L1M@2_jds_?@X&LLde{xzL3Zh4b8O|@hqf?4i{t~S3Y@vk
zskl-Qlf<5Ez1tF5nKfEf)V6spQTAXrr@92)95S;MdC<m8qE@?hsgc~ha+kOQD<x8i
zYy-e3n%0BDisnVo;L<8|W5<SiZI{9VGkx*$m`PvQ#6o9Ep7wCfkgX%@byW(zZ_(D=
z32zD^Ai*mb*1UW#Vr0NykRn`xw-@+nAPA~BmP{Ew3$*gYGVdh{=I<UIW&|ECu4lcO
zDGP=j*g<qA+~?0GjFQyoH7{Ak`^i?}%KGW%`;bmOZ}TBhKr|(wAzuhGhox@Z3w&mr
zCD>n8oad~rM0B%P-glYs>QcATs8W1E@0?Yk5O+K#icBf&IWZ~HIYTo27>r;%-ztfa
zsr<lh@fr|YA_0n<87Cb|v|3m(*?~tnTK(PV0H?vInWgT*>=-G%y<n5#cMR#Eb%54B
z-5#FsXeBt-<YA;Z%QZw6=hzC*G(mnY(!t8iEii%sO^XfmhQW+fVWI^uu<r#0q4<ar
zl1RbTS^8w2Hhk^yHmRGQ3t%D~YZ!D2FO?o*)ZbL{(O8J(X3Q}nGsKSLK^3zx?h41>
zZ9ki3m7-AxQ-sa2D}y_4H8a?2IuSxys%$NN<V9@5NY*vf15x}NjTr0HqkI;sSiuTn
zw2aTMvKyu=;}@t`i=ll8Kendrm)_d7nnCTPr{ujy+I<mAuun1;1b)IM*rP)a+!(Td
zi5x)&>Ofy&De6j$-rA`=3h1Mq(B12HN>%)wl+e2`!4PSa96<nmXii?O57mgk9Icu-
z045e9=g6(PCr9{t*@IkEYmF1+Ft9S6RCZZ5%@`Q7ZS3v8VW~ur?2ow~2^*y}iZb8N
za&RlDeAvcM%cdktP46~Nt%fDAbWBHXjG8tUCpLoG_ulZZOOJNI*uH|WC#hQN=p1pV
z-RjiVoTx18V)Vk(x)MQg(J%IyZanab%+^eTy@wtqE!^JwkXzZZ5;<y@HXf(n$0Xw*
zKsKHnt4g!8Bqdze&giV>t)v4?%sHDFQO>RtT|wX$0q5$nr&JChB`uAVKG(3>ZXhvP
zka&jei%(i56Gv>N?s7cU4{z^Fr8YA}EBx!AqH{egK0c6<FRhbwb~zC3ukGZbvH831
zqrsPBJ=~tj;h}rvF`Xkx#4VaoZBTCP$GoZ5a1?s;c`N-vInk9y2T)(k&tu4?lpAD>
zH?>Y2BZ|Q7ETc_Iz7At*L8FmHGm(E0MO?>7F*;B=4U!F-v6&D<7BYAuru%3(&Q++H
zOJ4$rlElnG5L@eIS#=`wXT#c!x#W^`-<;ALqA8D0ofG*-?ku^qWsn(N{YYiYAPA$v
z)kY8ns~h^APh%=Y)h^jd&E?iXKYNc!UJyRy;86(hxY;OSu1v!RnVpG$v*EHb2zK@+
ztP|$yFFH--Bxr>i6N=Ont0$wSb^gOL>Cis|=-@9{0W!z(KAB502)Zhy`wdVq<yJ~E
z{`_0}?CPT|D`6Oq#C4c|rolXUP(K=!wF*O?tzAT()|F5QKeHLa9l9k$W^B`(B)EiY
zp;W2Vdxvl}apVvxq+@2G^PfIanYD8GwbN+Y;9w8AP;)7miX+(ADh!c1@Gl5sL}J71
zI1R9Em*n~zhZjAr^x;)2HZIfEJfO{nk_!o{N;pnsgRB<UNkUWAo!G{SN6QkzW#_Fc
zC6lO0`Y9V=OBPNaK_nc3)tB>XGpx+y9YJqI=WbG6fln(hdacUE(-Ie=85b;mGuaR>
z=J{^1q*mC^*}%UE1GjA$mOAax9jYIC3Bxo!lR2FcR*O=}j=)Kec_`hLCW1xIHPpdK
z*$5M|4NytZs~9(lsqT#e;6r97CBbF%cCW*Mx@=^|Dd{%@X(!@DZ1m;V5KZM75a=q`
z(^)HAC4yD+X5n8pZzwGeoQ_pJCD~xToy)-iUgtDz!mG8ckK1CUkupOSDakhky%c*Z
ztCJnHsBt9Gy44^jTHmf><0=xJ1#z;Wu(d7M^Y6BvGBoVo=y`|k9xR@y0^V=1z^#Eb
z&7%!1W)2FJ;c+i1Tfu~qAQ|br(m{K5d(a^jp!n|-HFQ$)8#fl$J>R$WxY1NVw=01W
zzu<R%yk50Fe7l@?@KZKpFp*XwtulL!BJ3WwkF{kAw|R1hVsI6<7!<87D@&HbnvKrk
znKg_RysM=mwLKSyC{v4^P^i(kNics~;A{+<EcWNohLc@ax#rP?NDyT@#;>bLz3pu6
zEo=0Fny5K~77sY*-|9d_nioX$<zK};LoajVNZ6(({TAM{HJP~;&UcazqGM~J5<aaA
zO1YH(PR}_!A-XYld9p!soLoTN2<zV@Z{)3Zu17Jizh#Aj|5dCPPV|!Jsq;)OVNOA`
zB>&pQ`uh4${w-}Q!Kc9DXNwQ!vWmHQ!$qlH`3O2oY3hjLlCJ5rr0&l#8JR``-`gQ~
z2o^@<%YH6H7mB)V3Y4p|tGq98sZ0h_Ba{VOvJvUN>@vFB8dh@AH9|e4$4*=1xvurE
zav83Ge}TV?vzd4x?1zDC9f<VVF8f8X)f_Rgr<s<(n`1jib%KR8FfTb{zil#hKW}t_
zjjN)B;-eHzeNA-I7X6yyb6vXRfo~wSA^B}+g(`P4b6M@KoiOmFsV#!qCHi=9^m%R!
zTvKC)lY{5=Pw~GA%i&LH5XpYfdkKs6G-178VP=Dy=CmCKk`7A~owkcMG8%6%*CVL9
zgH0V%nQ;}u1u|{$v=aB6FeZz5x73)&s(YztOR|3OHbb0f04@vgYsjw>E@jmsO|Nv^
z7Ix1!<7^=?Oi3_I)@^;l;h0c9Ak1t0r~igc|Ao%~D2%f*GXF0&WnlO(aLVwnyXF7o
zWf{`^r!>xj*gaEo$}|s_lC!0VYQZQG+e#ZX2<!lY4pk?9Y4XE+<oLE`>&EzJ)%^a{
zHs#{$wR0b6A*G~;%%2X%(J?ZU_vig_Ky4w%8?AVzhbL<%J8D=gOC8?U^TXu*os9g?
z+0{XeSZn5@Lg#)4_rXX52Q=KuLIZCAC(lGdYv!ZEXaYBtk7r0ht@Bd|Mo@C3p7hRH
zI7Ux&POi(tSxJjsPPLsJek{IzH1t2j_(*bl0JHOUok7mP1G@bk^jQ`N&G((!O%4*E
zD?m_to!fyt1|w<z5CtweP3{IJk?Fw@&Oomr2u_khh7@b`**)7&an=CG*$2+V^B#Z@
ze>x8yY(grb=~q1RX{SmQw}0~(1fv|xIW;NW)<7nkX3?JAG_5R->PKBEdJrszixnbq
zkD!qn3<$p13mi>=vXIjprP4^<F$<MTNv44lSZ<88sLTa4raDV5s_4HZb4%=_M4H)&
zf-<=6=~P&CXgwOqpA&FxfD=irqx@l(jc+)xY)roY5KslX8G-L<26T5lYO^;m-0L$O
zoD@Sy!JY2nO>M~oS3R$)uMNdI5!6g|C)-S1S2dh8<n95CTg;>|y5oGxo%Q`-;8-7l
z$q}k(3I)+c18JoXeE8h8k<d83#o^nU@(g2FtvPdg8YBL3!k`UYB(Jb~QUwCaux{r#
zs9A>8!|d(>v;iyiN@GenRsDbZK&&A=b@z^4o)s)BHHiZZ38~Nz;;fA*1oF`BaQRN_
z(vbt!@>?g(i-i?TBaCTS#f)g41r)_+;kp{k1(FI2$Y{|3#>VxMtl)3;ouz5rV2+xx
zXS6qc5!20K**iz{IJmUC<(4YP`ui;Js7ck;F^<=2oC%yxovY?O`BdnGanXPSu^N~O
zSy7c=4MGWrqAX#Nc9Qjl!{+#pp;~P&(_~)RVk)VtwF?2-xZt-^hCo&Zw=?r>)S0OY
z{Vh8!Wl-#^yiNRfBKjyq0P&{?W{gkYVJo(~h!$WH-5!rJpdesUl2g|qb2lcsP?K6N
zMIO+3@W>rp;os$7?=!G&E=<W0ebv)qVAuX<h%T%1<H0k|;e9l=XLgZDy^EcX?03k2
zUusP1Sc_kyX)H)p#|H8-fDN9k>y(&O@s7tVy+IvrZO$L>DokV6lx{8w=YG+ZUNy7|
z^Uh%mXJYp(6fZ+;0^r-2L_LXM7`w-4c}qP%oLjf{RH(i2?>P4{I$#S4xJ$;Zop93Q
zrd2C)g^uS4=~L(K@ZlN2M@RXPMW$C}`#LWp>bEV41E~G0ZzJlwea&cuu-UecRCZm7
z2woRGG3-Lbx+Gygd!+2>iXRQxtbk8PD*T6$Y+0f?al>F=lgU)|KEX=I?YO3f%9BHK
zwHA(&g4K1F0`MSyB+fQ$&PP?5Qupmt{vm@Wz>AIM3+Bdx=+d8{Z(g*=#k=EX_a(7&
zEVV;Q3K!}+d`Tk(YjLHK$op`ycN81dEeV4pL(?gtW1e!sNc|HMy|cPa`InCQ;<EZT
z2Fr1E^@O0mf%+{@u;ti>Sh4Lto3|wrT(49TT7UDJ*D|XZLRlFwfm;)tD+Ee#BTf{(
zf_E0IMH?)C;jd!KsEKn&Pn935Y>fG4D5EqRkV161?V=8oVsn$ok6p(#3gU{=&d1np
zWO?VcYBX(KPRn${<>DMu+2M}n#W1s8hmS=2jQl|qp>6;n<&vdJ;aAu7-T_pPij4-0
zqe7QcTw^MhuUeiU-H_T%GifSLT0P>|&XbuB0~31Jvua*t<KBWHv)pOGjdeN{7r}r~
zvMeI<hn4idB6TfTZyDe2G7fLW8AZWr91E<m8g)N5MS&%+kqTlG7MM-eh!1)l4`!QL
zOpOt(v8GhuT5><137TBctTPE&RN0s_<D|JLqLwEzZxC1^j=<8RF)Zb#YaSUpxdG^D
zFEzw=xbDy3L5fZBAS#VXm<FT<Q{($ll=nTxOtN_hr;gn)BC9CwOh&-Z1nWP3l=a+b
z3A5G{Wtz$`jZ&y`r4Y`^>FYp$jNjYTE|uWej0o{J768=3Ou$}1JjOL@ZBjr^C@aYs
zID!>>{Z=qFb0SQu1Rs?dsIffmEf9_v+;9fAeAU(io00~{=Mu}bmWMTcwBxXvhA!S+
z!ci5XW!ehPIWF0{bQ@27R2>k-ACtEJxrFmfQYHh4`No&gSXQGlZvN4xd{R0~@E~mm
zlNEP{y*@yaY9r{I-HA=4tna2+QWe5MRM&!CS9qmv0u8tQvH{!a)XMFP6z!Ip>=rr6
zw5i-?T5*<aVnVs%H-<(4oJ`q8Z58t76SBXk7F{d+CxLOiWZP*e%Lj_XpCiS;Q1UXZ
zlkW(D$)PQC)lV5>X))&h!0AHz+T@~67c33+!=~{>xrnpb5%2s^fst2jiMIVX1xaH!
z{B^Z6+M-3Iz^L&!KtLTKsPvn6aV2H{MCNz+>;UnVtOJjkk;-|3*mEdT!T;@t!A)l1
zK?3~FVao=L&OE`0d&_#Qk9l~%M(u`Orx%caGpS?kBM)Puqbnm7c)0Z068zMe`kfIm
z4yqi)ma9}Vk!;?9YG6jWuD!}U?oB_&Y0fE^G~-k8$Tck{SmU(qa}~UmWTq3klQA%G
zIDsO;(A_j@{x{UQIPG1SkL|3w*z=_CoBw%a=F^QTbOs(L$%xqdN}F!N<v?0ucc}zr
zvbZKy9rb9_fC%U$q@);`<Qs(`N!U!-67dBI(f2@i-OOcu?!-Cx&F5LH9P=gu5!A2!
zJm=*!VdkGE9`rwH)!@ss?5rJFZeotEr&u=nPyAj7vj_`R=ij3SQ+Ghe^1ALhSb>;X
zH6f|j7=}d=@p$$`DND}tl5P<wEreO#<QsUC)9)pY8S+x_4^Ps=*4eYbbL$8)wo+7L
zGh<CR6_*LY_X20XLilcwH&6n<*T6fO5kBRtSj{=xSsh})yuX_YgchKt=xM~&D$5<D
z3f*&kaN7H%^W1@MbjVgG`i1yz;E@gGqu=bmfu{d}q5q&JMpmZ(O-;=Im74yw82rDe
zsYqQW=71Hp>qPBUo1lzhOc56B*YH>&zugA>tk9fN4`2)A%H+qFGCrPS&B3%8QyO^!
zS>!%0CUFufgf7(YSD+v8B_cW3=f}rhiCsv~!s!^u;GZ49`rN?_<}|R`r-%ABe8I@j
zT#yp(wl7Y1R|oLt?LRk*0m`I3$+!W7X>>xYO)xFyjcqZjeWJJB&DYtD$2&GHDg~Rs
zk)@H32PB@a6+dVJkAV_Ta-aZ!b|yh@xy67S?oe}*!@148xIE12I0#7Ho~6o0U_Ofq
zFpvh7B$}2zV2<~bvj(0bQRw!tXVVm?zW%DOWbT}wJ~>2w2xzzr;#?2I_wZHO+HYK~
z*k7gEPSbVf!WT*xO~|}Y>?mGoSvzT3<KWk#D^$QX%CpEX%|6;`_|WWPCi|!z{*yyn
zc?jCow$66&nLaF};$M90WNeiLI!okN=k}#KAP@HlZ@wZQKoB@?P&cWtAB2~o%Bhz!
zdIJJ)CqiUi2tvSQabXO^lTp~GuDcpsWI9^eca=ei>^YMjX6oBD#d$7?sf=-W6@_o`
zo9<Z>0SX3QCSu&o{ulcjye#a^)G2SYg&#<@)C}?i&>C(~ZyAuiT)vV7$!*guMU8rE
z#*ECqG4NU_w-uX4=YBd*RXQT&HknL<td_UX$2Q5qGy>>0qt+@DlXbr8{OI=coMUhi
zjAk}$<zBGn8@5JFKcozKm%wAS?h<@I25@+ui(9G3<XJsh9Nfkn^<z^QnT2aw$vC_%
z%p4kn0V<jyx+}$7>7+uMv1GV{Nq=(KETJZ2Onwl482J#HojW~NzPfDRc-&)Bqos{p
zc{MgUIO7E_K+ucU$<i_<tO{AVGT>Mx4_c|7=K&u}HN0%>I3DEpicA{XDAVOcgQ4!4
z=22d5EEBzI(Q5E#89UkW7b{VE)RU<Fv_QDIXf#K3bGmtXGhfj8R$*;SSvdJh-n#?3
zhuF~~UKBf%bHsg%bmxq`C7Hy+pUDv?<go`7?wLrgNRwb662Kab&IT#2GLPvVO9&1V
z)6n9wgnGGYWjWq+2v)2(E0?0eZ+>{BrYiNkrnM2b%uC8gjSBahpZP7dVzQ5Ooy$CA
z_p<3+3MG2lbgTFNxzqk8w&kZo$dwvoJew6m2e)GEc3jZB<(Bwb(}pC!#nhXA%ma&a
zgQz5L3f5eAQ73hZ@OZ}Rvdki47MrRw%_-!Y&vn3*angCkD`NbPIMuy^fd@4nFowwU
zwUL-Y%!%VuATPKGofft+c)s#sQad=|FQ2(?O*FKm@urwF?d}*;`w|t(r2Irhc^0ip
zx1?~m7+kLvDMhz9ZERef4%OhA`>kJFHBhmrWkAcvEtIeq^-C#}j+?XP%7#_6@tI-+
zvfNjA(9A83!Na_jOfq4XMIFdJFwJ~9!{5<+2Rbc>dF5o~2l9~{$DeOS5jle0Ae1Ro
zr~P0-ZGEdd#r9%xA+UI7bn5SSMumj2-U*)@tx*y}A8mUxrbEv5balxG4lm4O=ZVoR
zJUhwzSj>S(*#R*F?M|&rM!p-}V@QfD;>~0+!{I3Q6^hH5Qz;_eV)-?$sJ+g`>dx7f
zcBQ`;889xQj@4`4)g?Dms8r|u6|L|a5SP7|Rp1o=l<7Ro6Hf!5vR7Fw>~Gd<jhy&A
zEH{B_nF;7Hd!tz1*fh9QG%MHB2&`<?mllK^qYWt{#9D`Y9{@EB9288E+Tzb3sU|*!
z`KXs{OQ5*5;2#pP$!KXiJHKoDp-tGdgZ8V53;)r63ZV6YrX|EW&hlZ}TB|BEHL&aO
zY_-MQX=d~BA*Qjh=I`hCY>W4mj3-$b2Dhaxd%rf@Lgi^Eux;{^|FV#!t-1=9#-YR?
znO>U&M&qKo074;7h#XY8CYayF{^xZNRL7GeeJf{Zdl94Kz`wI!Y2kFAEPoW+jSU_*
z$FBmKVWW$V2?wz(r@D=Q)Il!((_m`>L&a@6O&YdaTu|FsU1rU&m!iu$&J44x8S1wk
zy$(viE5H2n{-!VM@JeLo`+BV(LcDu16UYPc{kC#@&<uJ7cJZ*o1aZuplK_Nw<Qz#O
zbtPjMPnV00@Vf#gqrvh@UnOoZ>5@3X)8h`6V@&3h_!A@L@3$pz4n9{@)s~YwCc{zE
z1TWkVFpFR5_kWkO{-@iGftB%pTi}@fXK(8N7+PWbzvQg{oN8epU}R-rr~f}^SgyQb
zyiu3hUOAjhP2FaA>obfWNXAGI36SG4#SszL_<w^5A}9PI2v{>_BS|%0x%?$8Tw8Uc
z*rW<Jct5*e5QbDnl%GGpY}N;@sV8EWr}_8vsz_A`^V)5C(v*!*-n;qd<AdpPGL7lP
z`)1{>7S7e#GY-5;7_1F@WAl5(x8VsqXqFms?{s)bU`V<3A&1@<pD?d_tf%%W2w_TC
z92dr_8DOom9(2OT3cJ1Mbzf^*v+;0*Q7}SW7<SuLi$x~6=nC4IgK#sDz7e2S8UCSw
z(YZ44@vf>@;PsC%px*1k*sj>vRC~1}Js=61r{2}EaBJ~M;G@lexT%7asekkF-yJ$l
zPk^LtjqrJKbN_l^Wq$1a@C<@|>B9|){Hp7fH@yKtB3;vGR%jTqjI8I%H!{p}xPuCp
z7!y)dTu6M3${Sz|E%@p1vq$+Im@#Yn$c8B=n4y3mAq1i=LqCzN<$!k{asyX;kA0`9
z4Kc%dr%TfNg0^1)B-m>t5893^nzrBN&bA&L-Ft0yOJ$Mn%%C-e#GtMxK65Zrbl30B
zEM|>D9=<VTHF#B<uVjr}BcNlCPuEFSjgb=mF=%2AUjVCCi(dd*HL!3e-zcjd8tFg;
zK-U$SaeOB~aB<Intbb(W41?ddRBuD0MWXoT`R1A)a=LY0eFA?6De2Slm;V#9kKn)0
za>~LemT!*N4lXvZVf#om>jU<M2QK_4!Zr>bx}Y%d)Z-D@6Xh65GYGu3BzA6Ipp{qb
zr9gxr4WX6*FVP6@%rN1W^n92Py%|z(KTrJ+HFk+VGe)f1kmudY{@+`)LQpcckis}h
z`<|exSonPx{vilQ6kX_x)h5_mXP6lnF8`5|Ij>#}eGC9nGStPampjfjI4ZF-?Kasm
z4)&mNqpU9Zw18Ne^{iEY1wo7@ASPpO>b~t1MnN<u0a}}Gdxj*0vB<0sZXRyo$h;9-
zj_nhZUBDPuGsJN3A`(+##uB5Fah%e;i9O&G*&HM2h_G$1=v2jk+k*e%&4p__+*XWB
z0SFk9@zWuYCS16eLaWXVD(xs6uoCQ)h;dvTGyVIvd=*X-qx`xapyHa%t-&KEoqX&n
zA=EBjTqiY&``&lP>r2n+CHjPGLjGGru`-ahj4otsorB)kjvnrTbm$XjV4c*Yf9L)k
zP*kVUHs-r93&pn9g(Au%rKT1sGv9@{2TNhYhRpEbhK1k<i&KOHj&yX*GwTDW$3Nwr
z&B8bkcQY>Ln$Hkk#32~#5?fsQwUOd?6WhRyW5@Z1(FSEb5Vfz+O)a{O{<m3US*%8a
z{%<t4m?)PR>8e+U7gp=QNc)x8gSKfRCccr}q)cWe#oimcko~Y|%vcNnlNu46<B}q4
zM?z`EX~u=;e$y#t*R)gAMs=msYAM*g>NR<N<12hUa!9VdF6=-h#xt~C^J(|V9jP0(
z#tc51jL^6fk7g}kLwn%}HE@ogC@g-?JU7^sN;1DpK3>=<j~`6aJU<9h5E_Z5mK%KE
zm@Em52<5SI&746gL1CeC?N8-1C{w$%3sbxKRwtH@scXaHRK^2Xu5%XKOVaDzN&e<T
z$HT+H$ceuytm~Ol;8y8Rp&Uf_%v5i+8l(%fE1_z=lxw;KS}Pf3LNL_4u?6f@;KWc3
zct6OPj2m>!ETA=>#9xxEV2mWqL@G0ue}71L%p!_~G%bOKI4I6Ih+T1<IooKg2@N`!
zL~k<X{*YTJn_-6;{WZs$n!ISAxonVmiyMDx1Oo;mL1Uk$OthL|5tEK}igBjpH5TC`
z$aS8E6{mC9bit%?Yt!&fBRQ6Im|8k=N=@CCUfZg3?!L7)lAG*0@izmnO&V~o;k-=h
z*HMeat0N>NB*ZTHuB%IdX61K_r!;Lc{BJ+q%t2qC0^yyz4Q8%<eSczpvtO8H01U}E
zQlSVMDdr*Zf6Q)mb+JUquzW_)NKi5i3JN4?%EB8_`&1f0I#?t~^6AEg&G@U?qPL%2
z>8kMfr_swz`Bp+78zm^;<I44n{>Srcjp5b&)VI(F&`Pn}!fdl<yXz1ugqAU^@C-#7
z{JmsDihyKElVOWu4&!Qet#)x+GTL2rm?KXqMA`whh^%==qgm$y_blhEJJAJAhbHGx
zhpaP(1C-*FIlDW%;1swSEIpR4;O$;JNINWe>>bu4#;n2w=Se!E<m^?)vUcs!emWS9
z^Lvz+gQgn&j`ud_TC>Dh%EjBD5L>=C3=8JhT}bDg3*1qOIw*KcSs9e9SC6?j?|#<M
zR$8Ynqp4A4OIaz_+(TilN<s#s!mlk``^T>6)4N+SH~FWquP|a??#aF#ZnZ2vm>4;%
z98O-FPDUOV&vj=L_^cd9iSvL)@bRIu$dFe>@3QVj)1i{a5{M}Qsaa2zb(L|Ivx+G<
z&1*@WlxAIxl<uL<q57eB{qevugkqjj?o?h!-qtQ+2!yHFtU3n^b~G-dp~ol#VqAy)
z)X)Bax&bE#cmO6B4UZnGp6;{5gA8BVhR2PXpYo1^-cQ=QUdv{{l$wsuRwvH2yC1%4
ztqm4>5$*Z5!-<M=4j&64&rj0U&*x1)h_)g_Lv?*45ev^v%m#u__Lz+|o8bIkeIwMN
zTqhleWSd_Ptc~NSMlAXTK8@zA!-U8%dsILCEkX$r*9_>OEyU!*`dbmB6nN+2Bk+G`
z^E!gj*uiruu9bfB%c*Z!AimUe&r;yCUtbeY$UO&3mZUbgvsJ5!due@vTBj&x(5SED
za?qc1Rfc&`rN}^mJJF-vZghLsd|<0PM=qBwD|RF?4aIhvw4ylY2x++MR9jzOx#k6)
zc%F=2c}lxW4iL$J;REXN#b%%}dn2B=v2+v=8!z|dm!|9w_eL(`rOJ~bLwj)a3aa&0
zhjyd>T((L^gH!69VjHH^4z)@Q<IM7~z9~=*V#fB7XjG9Z9IJnHFtt|#Z4UcqVBJ1+
zc+Ko|u%*M?*!$82eR{i(4FD{P42l#|W3qBzP%G=078#25t@kkN&)v{Y4!oZb&fBjx
z^gM*3zl^mVjwBX4;uejR-(Cl#-JE)d#rU&&?<dVinKJU{$R?y{W~9T*36wHXAP&<;
zhKHnOX(9<}hUmE#P|?#2gUnKB^tuZl$}2egmLwO+mxRu9mdNd~G@dVHGJL0eG0W&m
zx9q$A%na1oXO+BdsK&~%&F=FbXgk1XNU##rk9@*xNEM60DK`@p@T7<H6vGD@a<`py
zwt00tq_IciU2k3NMhCMzm<ihJ{uwzO8A`a`d~0Ld%BvobA&mjV@S2f~{dMBKuR!TC
z{F-*9^Ct%4ZIiUwe`hHmQj5~y58;`2GEWj=9A}q3CUcIcesLAE>fV}=PN&>D2kF?C
zgb;u|3Ykp&Nq@IIdQ+nTMOm%-mbn@hs`)^gKLUKCyBATQY+Z4VkQ59uGrb#q@_Gc?
z^ay#7UL6tQgmfRO8wm&<NCYeyv&cyjFRz9V2;h0e2yi-^M?1f&)14mGi1n~@>c-Hb
zwGoq1Cd`w^q?S!e=hRHf*@Y4~HaWVq`whw^<rME!ZDxJP-pju$jVql^e=c@5mX%dE
zt}mYd({X-pv{F(l-pcm0T0dU=Yq6o!F@O0${KySu#yJmTO|Z8|6A@()olb~@OJFX7
z%KAZ<<CgbAwwb@pVKc(AvE8r0e(-eRi~hP**()YMky`aS5pg!eWM?(e{yoT|m44jQ
z`PRY}I$1tG))!4knd9(PB7iG_dJz|;>-LvGUNcM(8g=MW01S(YvXuBx+CNt)wk_8^
zR@k@}f3*&n71~qsd>X$|QlIja%GI%Upa{|<Kq{4%8HzesEBLQqitm-b6`%Ia!-Z2T
zGAVn4Iuu$K#V-UxiG6!!*cc)WLqhDxk%T+L>^jt>eMd#WGEPlw%?MlUMG?;7k~~}u
zsnrlyq09Z(A;Tva7W();I}aQ@_8mJso$|yYsiBV@LR^fUFkwb)>1g?hG4oPVbf#Z_
zv04;FAsqUrX@AIR3XN3=2^V<5LPP|()#4zbKJ<ut_FU&ftqzatqOY^}cJyZA7$u1L
zbXqpFtUUWPuq2E}X`zKoewUo)%FpAyTuP0+TIt79=pAgP|6lib&x`o?WBj#X1{pOy
zo+kCHX)X*5puRcxfcMQSnF+297Cn<^EucoSfEuzqwOio1=ZGhutwTh%p};jVtYUSA
z%Rv&ao9$2eTm8ka1M}@@sRT6=n7FobzVJ5(LxHy|m5Q4VJD07j>h@3o2)-xc%y65N
zFRiTN&eV+8>vaeIG@qIeIW1hwfNbk<kp;62*xQ&sU$}WbHAe)2wFkMY-zPSgFS91P
zymaD{0-1UoPxu6F&IFv{S=|6P_0d(SobK3Z!1yK>%#xEfH-;`S3|ab;-QZNf6p~u<
zfnIpVq6@}%@l{*O9lSw>U-rAj^pjM4DEv;l>L_QogVVrgL0ArR93tFZb{0gvHtQSD
zW2t)#fk8#srKs1<8@Fd&<{_g>#<`5|f@A`wtdtfO{4>f$j9sG9k{d_N7$Wgak}niT
z;Z%}wLX?7W0w|y5W>D#zHL^5O;=){W`)XJ$OTk2+?HsrJnmb?(XPVTjBL*0cJERTy
zA68+wbeGA$REW0BOIPN)2=+8I96}+dVzniL?fub+aDX(rJvyhw(5_eVdFmzJXp!ns
z&fyAQoE&!`pCg92<&w|U?X{3qmMSuzl|ltL%lwrTP_UP*RS%~H*Y?WI5bL9|e<+p4
zLAylG$BD8-c`W4_H)X|2n*j}Vb=A*x$t=RssY4Rr$o3NaW{{@<8(7H3*dM`(;wIU|
zfrkR*Y2HE$>~TUu_v{)NhzYB+=Y|G@A!US-2)r_g53^q;X4WszOJkEEFrnsxc>ktM
zgn>J-IVg~nhsu^MjwDqK@07nCUxAXZ7-v(rtKFikOjez+s<N_qfkB9e7=o}y5dQjg
zL&h}(P{QyT{tSA8+JNc*cMzOTw2KfIY4{}=9_N2B_6|U{Jl)!7pVn#HHcs2NZQHhO
z+dOUCwr$(C-P8Z~oBQ2+=e{%F?1&wiRk3ncMdXt^qUyKSlQ=<;Jp`otf}!~Nd>vBe
z%Bu=4m-o}<QN{Y7;Q2R)w|%77FNS@Qj5spXzkF)^K38Yq9J46cyb;%I94zCXFqc=f
z`<`P}X;FHU7za7&gzmwtqhqDoFGG5z%H_`$S~G$#vfW4v6!VfyHylP$phQMa*Eya`
zb#&WkUQUjB<_i6y3nfOa^`=xdGcaj-4^w-TxVxVR-&w3XvOim-DE(h%0d5U|-IovR
z)PXZvX_=^!TxN*kP>Ko*jm;aGW2kDYSz(DRZ9_5Xbs(148%LRBZB<Mrutx3o{I2>x
zDXx5KOcAl!nbx?2?lgQRCReN(1rATub?MVeMlG9CD~rg?Oyh}1(+wp;$C!^&?M<WE
zhT{z;<%cjy(@EySj=+<_m(Yt&9oyX6jMAOLjKZ8!>{857H;uN8R*fbbMwtU9O&L~8
z7CEQb+0N%EC$0KGTG56f?{*2X)OEp;4}$O%>9}u(3Z<eLHWKV6=Fd{hW3J~9Q@r3T
z)fBgwU+cMs-7&X=SDxLpw^IG(*o^0AqPo2uhi7tExScNoZ{1pz4bF~qthUp~9K9I|
zMkr6sLJ`eOgU>ev!M{C4JMc-yKJFEZ!*VpRmKqik@khnLZ|&%2VQwhOL10|fQ;5Z)
zl`eiiAU^MY03FvGG&@iC6LA?siMbTrZ_l88QHUP%IM)y~FBs&%bFny=#U$<Eo2z_!
zJf5XIhMX;S@0t~!!D}kSlrPdq)XKT1D?OZr2b|5aELz+^Jb56B;0`Qjy2^5mS?&wh
zMCIFFVTAqB%#U@jh%{sJ8fa5eRxakEH?)vko_V}WuV_gXthpFy*?nS-N69Ekm9M|(
z40(QXu4gC}sGiE9Uy%AWr+*@dlnXGK`-V(ErJ8opc5m%e-bQh=dsz7!wW{;D%VWu^
z>(Ycpi|hLo1pB&qFPHU`B%W<=mE-F}&zNND4_0$YZRz2-+r0@5D=8!?`51$TcZE~v
z?gbUqp2;;G+~;bqU?3cP$W%gPE?kk)3jz;!%^yq{VZ8H8Y6VtU*-~vM-sq-!gV9@Y
zJC73OWL4`h5s)fiQL@x7#Ln&4_)i?nU@VoR8uk2(3da!Lk$2Kv%9Iv*Ifrw=;gwy&
zK9KqV)Cu{9wjpyD=>V+Zy6K>pMxN)qo1L&#?vAIYr-EEU9CeR9Dz>MAPtL*9<LVSY
z5k!nb`-i{XL=&(&iX5JHO)s<KnpRI4@7SGhFxnTX1=#J<nz(zgd;Pp$IM|up{om<4
z$K5;ERqOm8VUN$|7iJ$~I<{X`_JwE=YAj8%%p+-_WCGbt;`Gd5$Kk;aOxmxn$`&e7
z%lpwU<nMd~Vf4C;+f2!0Bbj8`A>%iWZp>K}DjBGI#;sc&kUS*o2th>sAbn^8t+K=|
zQ1yWk&{F&ny`0(Lk;8fu(uwPVj2lHunJ>JZTI?$kf(s1df}QG!S<5rAkg@1APDyh}
z4D=cDkt72+NHB_Zbc4FFgGkD}#bAQQu<(C~fyvSGB@-lL$@T;mdPG#|b?b=@%jMkB
z;m2A(G~1qgv_(pUT%NGonsWzeSH;rB@LP-M4m{@-<@L(&Q&KTR%gK4G7_|hH<CTgu
zBwg|}Mk^1b-8#(z%n0397KBzFBg3>jMsVt;8>SnwFGxcqLnN;go<~iJrX{}xvlD#A
zNTpr{YeG>7bLslv>_X{+i_}8E^9SUH^c*W_<uXmNB<?GIIHp~2ZR%Uaa&A%|)n3#c
z)lkxdv|~t(v?fJ0Lsil9s8%1t9>WlIo5%|36~k4oP2Oi8{;kX%{=WAczPrwg<cH|j
z#0&Q)gcrVyZw~Azd)o8aL~Nr^b<>`a2zTH3j$608)wRl5V;_-TNgI$#CadF~+D6V-
z{Bro2rP;3)j`2lAE%IH>&v+~7F9tV8kh_Km6HAWqrPqzC%Me&t$>lV!qNzD1q)IyY
zVMqM*)sF}4zwfk4-7Cwj`&&JAM!!T?Gh{Ae$<aFBTHFDvhL02MU@cc}0H&8%^P;7^
zur`562@Fv$JJs8P#8pbQ?<6RQI~@;=%CX*+nw^VQA(%!0S1gvy;oK68e2~@-G!Y-=
z@3_F<5l0hERs07HrNVdqJlj6&c^5%5AgkF6-Z1xpgMsTa{idy>^shaQoP|aIjD+3Q
z1-5|BI8>cf(FOt>-p2*fi5{N)+*u_nilG@Av#4n4<xx)QUo!(km+z^jd=UY1-!^F6
zdRAR}#~J_W%B;V0Gn!s!ye_%SK7ExZ{Au7Ni@h^Nx3Sd`*Eoe3D^~@luG!|AvvA}I
z5?6kU92y3%l?4)(a9)Mc&6BESoZ`d^h!9n~V;hny(mRrrsES%_+@YQWcJtTEyyYA>
z)JV%|Y#Wc9r*s&#v}>}<DxKn7wlA#|D?!C9aBtm`wRxCvcPQRL1&Y^s!u%M*d(7DN
zrTiXn%|B(opG?-U?55o^YF%s+a`m-@$Bp$i^6Y6C{Kx@`9=|gfBBku^_ZXGfi@4+4
zrMfG6X>uHRVVT#N#ML;ub!Sa$M|-X@dx_ta*_FF#7xa?QdRwq|BF8HC2y^8}a*weg
z;;)8ydxzW08}Uda)RL}~LTVB#hce9=O~oUHPsG!!|Lobi>P&ySck@7y<lXxg-WUDG
zS}uLwacjX|#=ag({BXudF2<&j?cQPb2DVPp#k|O588AY;3US!_tP2EzAAI0A4w~D7
zUn17ysnyo1vi=3M|I~tRe~Mq?fiN>!ML7T?e9KDh_cxxt5ZJJtX{>|Ey)zUC1tAlm
z4t+n9byXOl(HI{MW|yi~J1Y=t|NX@_@>&PbVu)Tdl!x>x)0ID#N?SZMCPrq27yT9;
zJm>1gKakwCO%X#U9d2;_h?l+#0Jb6?ioeiy{q{KM;ciapFKV~lVax(WEr^NMCxUda
zJq@}K?cv#8auNf@O@my1yH5ArqX=sZUKt37O_o;8`&`NWx8GbOr&Z^d@}WqskI2vC
z8x_+Q40U)M-ABy$j+d3W_yG?K?91^n{9bv9Sa9~O6QdY6s@$oYWBUWn8dV2ax(?tp
zPD4hIn}E9CQEYd9CI9rOl00HMVU&QGJZ3r}H}w9cY5oo4nz**eC~Y>`C4WljbiU9X
zjAOkcW}Dm@aLf9vGH49f;pNSQ|7SY@&V_*t|EvWlY&z&U50SwPysN+VtnI<@{H;iz
zQXh3oTi9PsN#=N$K~}r`0?~*<t~$A?6d&_cV^yn6{f=crM&$G=Mk_im$>LOn$;zXQ
z2_Jgg#*f}P3#AI4<Bb?zHPM-Gp^a!wN%gs6es<1PAH+Cdlk3>XrH4^S0W9tO7!XyL
z7;X}PU2ZR^-<A(8+{v*ZpW3+NWDuQIF;OFaUlO<(au9F0UY1c^nCp+V&{0utqPXjE
zY)3#|7rgqCEV=^(iNvflM-E<*a+wOV!+`YckdJhH;rD=Elzpy#+{v>3_vT)d`HIKp
zUY3IBQ`m1SktD3!Gs8<0;C9YlmI9NA#pebb;TbJjxE!%|dyooVUxnCIkQo7EBSVzL
zxG-Ac{qjcQ60~p^H*M>6Nq0{}ScN5xN~L<`fZ|asJC~{#j|VdfO(=DhPFI6g5uTTj
zN#s{Y^OlrP)b`U?iWnK2myn&m27fZU)Yp)GOav?>^7n2VTQ$}MEX+4A{m8qNWd_RW
zSKcjcL~;g~s}7DM(TlwdvV}z`t?n9u;Q4k++0Y(jMkXJ7KK7<EeXHy9XV(wTRZk|(
zo<SvE>4gyt%4A^1Mtqmc8C^BJB<k!F>vi!&$St(aY+%T!th{wZX3pi(**&eq<w9I)
zrNzO1qpB8@)QB=B2G;_4SPKzW%A7eqpnuOOJUT3uDS_%*gUdD}T-bVaSY1VrBk9cZ
zk|ip8aIC2VYW}ABRk*so3!(|hv2oes&U^!7*~=V@Ho~R>{)Xi8E<XsX9su1Hj3-(F
zBDkZB;b#g#5iq$Gn~8zxW#z3pg#w)Mi(Pbe9S7jl$TrT<@E2{&9t^N&6qR+42v^t8
z6tj)T47T9|V`GDVyfA&JXMp^<1qAi4TN6V&arTZcnC#;E+3{Xib>G_L;HjLHS>AW6
z5l|+UCTDjvVhMHs$*w6pxcQ|#LVYxLMmfNhDS!%-3quMk?IET^Pz2Md=$^Pq+oL!3
zL|@bgfN~9A#lN4wO3>{9mZpKBA3;#DMH&jwq0SSbC84GMVqf~sjI+3Viua^c0<&YH
zxM2oZ2H!3pSb!K9Kry|oaZyFa^Z<*W17x=MHm{7c%~XUU&X@pScHx!a=S<R9zVxHy
zcqsr*UM(rF?JO388v3TRyx*Q${BA#yUGv1=;#*brm-yTwVZj@l4L$pAoa{vE0BQ12
zPghUPZPf_Sb*BZ$v5pCGs0xc_D`^KhIkR+fkqsW%hi;&>JT|0U@I+>&gLGm6j0ISS
z&m*OULj)50^$Rt%-N_c<Eej4?&y-i&<6ORwxNm~optyhhYoD_#85&SBR+0w)`Nn_J
zjpL<=xC=&xcl6}GA1avR!Oxhsd2)vUXj1XyYi<WbMqieL@3$mLgcp@ppj$PV|1g<#
zH}1yx=FFK9F5}iOdd!&``SeY`!c}a5(5)wLdOc;-ChM5F)vH->m;`Y)JB$#MIdcGi
z7FQ+}Ooez2Gox7`PvVA|YwM1QPB=6m9?NGr<1(G;lDAxcUl1a9jSMuodGW-#vN86;
zrm}{syu5UT!Vcxqs?u~VZB6+KL!`w%58)<zIk(M*GBqcNiW2g&ii~o_q(4GQ4oT>T
zNrS86qnT&v@oVbpO8JS?6;)(3eyw+7rO5T+;}qkG<TcfGWzwZ&*=pLqdC$vUl(7}v
z#HfIn>kEv}7+tB-<+bIsSy(cXlb4kMCGo0+$>qx;%+JP(r^?96<jPDI6;&3K0V4GQ
zG}N@!)PYpRjgtWo0Zh%69yikO>dc&0Yf52A>dmyI<m^T#^3u^)Appt&lP!?Ch<=y+
zBz6Bhvb8#^%LxV17j{%NRTUMOl4y(<C@8Bj)dwakPnJ<qmr+!gDHbIHPzWjf5ocWU
zO)5neI%KF%+RIB5GK%~QhtMQxKuQTS#+;a>n7n|bWJuAtNUSiv3UHvRtw7%xT@Ab%
zK=g;TRiXTkg#>jb2x1L&AVG#UV`X4I0BHEmwW2h-NjJiZk?mQT`PrLjYe`2Fkp_7g
zd9@J+d1Wb}eHwSUcq_;Rpd0<6(%Az&c5SOdC6IFMCVRjju@EvqO>*2X#D;D4nyPpT
zjLt8-daKRW#+i}+5)_X5)<ttZ0LhjLY%G<GeF0I49W~B#(^;y_8a4K*C4L%MT;0vs
zu!fm)wTmDyG~L{RWj-&;R7x{&TbU4~m7{t4ECkzTK>C%zj?ij<)l=&rD?e`fcQzzw
zVgVl!NK3W3S%g5{ycQ0<ru;*3E@+n%vv7x;KsH^~zFxlk?taW0fn;;F3oEU3APWvv
z>ixuq27$_@qWY=9WwcDVKgj-L{4g8)kn$xb_DJGxgO8OG#r0HH-5Knm=1#G9QfGJ=
zRRM`Ms=sFy&hfZLSnNgpWT(&yc%e}#AJ!Md#Y>d)zR?>I79Vap7sVAFR&10gX0L0M
z^LEw6UV|GEE>%!H1JuK^s+8rYx|H+a8|4e$pD0rBvISyas>X=RQY6Nj|D>4m*uS>k
zwo|8>w#&RO5hH#|OOTYMNRF}4q@DD{i@lN%BVsog%6CbR3Z91>PiJZmj!>sRMU@d^
z9DS@SiZCi-lW!NX=fy3?-Tj<oH+3rT%s2~0x8M;urSLp4gTy_wK;nLw2#T>s34%Qg
zlKEcS)j?(KopDE{!7zp4w4YjO9n+e#SCg=Y6pW>?|Cs#J<cfqgEyyh$3HdN3KjWn`
z#Wxq`E69l}fj8=9z&-3`0u_d?;pbD(m4XA=S@!D~iCU9oo=DDjR?P;=Cs=?;@i%|d
z1$oIp&C*_}N4vsN6`KaM(8FC~?`c4@rSj*xtVy5U4d&8;HK2<`>FruAK~!e!Q)dY|
zI^@{MBm~K6=--63zyPp@tWePHhOKFTZT7P@XG;W-JqUQrn)g(idV9B&b^@?{WhH*)
zeMe)g+U}aEnl1KQ8+bO42Rn1uj|T_TL6oJ|#PRyn|GB4g&zlPX?M_dd-znlSJvV(>
zb6}?U<Ux#1Wn48jl6TrwTr{%B0us7Z^NTL|zd%c&x+sH~COu6cJ?|ab0yNhp0kJ)Q
z*TaH3-2#+C9S~aT{r#l8aNLk>0o~V{&%zXrljm4mB0ssx(0Qo%IBtJl>wUyNY6a<%
z<%YOJH#V};TuSN9gk`*`Hr2~ia&Wc6QeS~pXO)`#$WS@9z#pEgvf$EKZZD#O&M-De
z=Q43<^VEF5^z7DoW`YiY%>i}7w3w~znbb3lFJhm-E7s59V!CshfMGhp2eWJxZZ{s+
zzG_XsG!j%516{^iKi{1OC@zP8YH|7^d-fNunPG+@9_bD|m<P^R-b@gFnnfGx(TC3G
z0edP}<LO6B2G6*4sJ;aV7VhE@j0$mpJ7`)0&<Xe`4-UxsCD3#=8O5tc8j?3^2;S^x
zjN|0rX1MmENhE@g!~UjLC~QTVqURjwywVbNt}xFO6^i$3<*ye8cisET#38)kZY-0}
zjBfLZ{AKkgg9CParf_BVbY4JaRn1}$n|j~jtg|v2|JKYvzH|FjE(>6O$ToVk<(FZ+
zDli2G8>f|&sE-t9h-n;EL9TH0dOx}KEcxG_&U)$MDQGw^PWnJ6IP{1<1Xd=5hW@vl
zD`-D&3xO_#WK~0`(2Zi-tj$dOF#`u5jroGyLxgAahtqvE=~<`kq3qokJLWd9JIMk1
zVvS?6;_QN{hLlmm(ku<e3&|s?OyL-7vC0kUpL%9S@ia*;c=nivHd#=o`^c3(17QlE
zd@n3F)<Q|0OZYj}6`E@ERDQaJ$x4y>O}J>kJMa&QEPh4#zX3Htt*y~hS^i(HpkoHK
zYjsXu&39f@#bHMcG91{PQ*CaV;Qi2(z;BfF2Q)zSAu2Hr+EYSc^9WN(A=lGrM7YKe
zw_LWrgKTmwGvM`%(x(-nMrfcnw!PpRoX@=B>JkQT8jaw>+-8wAr!Lz_-*@NgQZhso
zZMLIDJ1rPPj8Ag1<|YU``m%rh6{cw}m|qnmTY^Su=i)?caOe~nv!E@V0~-}OyUBPn
z=dJEQ{+kfn9K;!>1XJnNC=$|@&m+jwd@{b%CA*xO44bAj+g0-BC0sV|u$c2MDmxt_
z<rSYEEY6zsM-kixN(Q-OF*hP7x?*>GOi$X6y$ZBzBDh&UmFmcyd{1ZP8R{wuwKtWo
zg1?@X5?UB~1O1|vwqKXx<8SAr?_&}`#3dD<18X#buQFt!Qg3Q+7I;1K4dv`|Ew+N5
zF-k|h9lE|!NpLlS^P=6h-a8r<Mxhfe?$BCxnSC^!;Hso+`LCDxhiV~!_RM~R2b24^
z&?pKgcBauq+Y?D)DEa_4WU{gy8%t*t&T>61suUCWW3~LI_<LE1Z6<ATR*-ZO#_*!P
zdJNloWFuY`>=eL$#p3FTBX`3Or29{(bEq!y{0i}9dd!gAgOj?26WzP)&5+jQd!1h?
zeXrF4Y3x-Q1irZbn00^YVf<#LS{aS)zQS9u%2<QRJ+TuA5=?}$2NwlRjsB#d&SU0x
zq#FF$Lny^gOn_?;y@WExZh#d)KdugxDD$tb0%1$;dAsXEpTrqwt5$GQv!G>aU$)F6
z;BQl4i;=8H1zbYdEDCSAcys7|aD*@BnFuQKBlzTI;y2d2R5@FNo>ds8TZSe`ifExp
zzEKj=TyFH@mLL0cDUyDz;D&@8_El^1Qht<M(&@tIfvDujSjp{$*uARm)wh;GW)Eug
znwwFcVdz=ZR{=k06!xA1e;T~}O5><Ahf>Lpb24!jtca=rZXnYfT5f_?Ma^22mQbI9
z$aW&IXzrC>$(^rN9uFzovVF`Qw7!%?QhRiF^{QI*_3J7d7(VCK(J`tE^npHh?B3$I
zedIW%o3PG$uYb1<vX?_kR#s_qYwW230gXF4WkBLOG(0(e)$Xqgj0tcz>U%j~Sgw1e
z_?;On@R_aPlmk^307ny`1QU06z4P{TZc>Uut*0z=bYjaPd!mVw44&Y-q+)@Y^H}pp
zXNow}Qw5mN+XptrrMZM;#>F0-aOaAAX7~BtF1_uv{KQj=EBO8x0IICLt-})vvj!{g
zz2gnXRqieOE#5`vUu0WN*l>5jUJ~G>deU84U647alK0(RjWnwQ;ez(HeL*qnjsCQ~
ztn%}Bw)BPgChj=XC7+s)TU0GLJwx-N_a=_ywb>>AqVu<Fyi0y%`|UYNI>k$7Tk9uX
zTAlbddr2#=#K*<#=4uFbUMtTewh95i_xpkx@sQcsoaw&bCGEt=HYE(^gg$7xjmI!0
z>}#Al;V!@_?PU3co_t#)CCnau0<>hFtuehJV&@%pnIkXY>|=Y8Bd_=&I?+etIy9@v
z1?lRS*LNr38<V?;iU0fOQ#60v;{*EPLNx3rD0cP;^`y({ZSHp2zQbACWrmZdso?Oj
zq*uswo&X{zNEc)f2Xx}To(<dfUU%!*p?xcqcWWjyY<0T5>*rZW>(}B++IIxwQ@731
zSM#Ate#9)EPq;Th#Xx^tIM|dRObcxPDQ|sXNG^^mX87JtR_?UXjgzHhO<#9$F6nL-
zL@Jo{u1-jfU<+x!VhibQnxMDL&a<m`%)Se0v=FoJ*@2Cvq%9P#$h`+rQ|{pnS9o_V
zU9YkwA5Rb)MRt82m*@bBWpFC~Ee&w}ceWRN2Axp9UbGj!txGRf2L8%`3&!iFFXhLS
z^T_)3L|nLj&BSZ`i`GFo*s<siL+W<i`GLLt9bjHr!Lw`ALV5iDYJmu`j+YvVS7WB9
zn()`EK$q+&kD|RK@%KH^YrFWD261-zLA|2AB5}5}!l^=%qr%)J0?%uzc=ka;4Ed`D
z?CVJr>nUN9=Ze7Bnm}~VID8V8@~DpDoz9<EUg94UvRLu24S_8W7C!fBfh{S#YfH(b
zt=rh<?XkqID|{QHc%IH=^3T$cj#uG|2V*R^{TwZK!ep$51fc4SLLdmYP024Ximw#`
zZJ?KGqxjG68qxQVcrTyOq$g-nA6F*zHvvjFrt}WLY#lLtn&J2qZBKc3F=Co7S{?UW
zvAaF-Tae|^Z4+^t2~wJtfo+rc?b3s0oVsV__68N=X;}Q}(gU@m3pZo`hT;&;d)c~&
z3E;a21+lsL*MrhcnA1|Cy7y5sv*rNK)^P$ZbRlQ85k%h$@T3dH(S7MVRmRsSap#f)
zxg^UN(io!nD%LyN9=Dbd%Yfk~oIAJ*AF?#dpy8#%gXKSNwybWv#Lwji+)0*lqt#@s
zD#Xv0O=8a_hV@aF&S4q6vKj6p!Yg%jNtV9D!8mskx?d>*Bb$HJe3ldD+><sMt-BnT
z6Ar49_S!V)3!Uyq*;87Si7k5Amr4$%u<9_FtE8R&61ns&aUk76LbhTTS!eTk!^Hf|
z9dm5ImED0dM=No{ha_>i;+;a$Mn!yvqJ6%&bqlvb8z1qqN&LB@eWkc}yo`58`iCg-
za*3f4fg0cF;vcoD_;SU%iV)3Jf#fp7(LJg;ge1x>e)fP-c@tQ0k_2AZQ&nkdm9Xs;
zs@FO(4_LEv{7S9^`Xowuu?X>WOe%Q?Zncv5BG0`?+0k+YSYn)%l@;DXVMw!_0j=xA
zjdC$AXVFJ#dvan(MS30Ll%99uKWQ#@b&N8^sQv4MqlQ)DM-Q<Piu9OUTBIiBhRNb*
z@?ut$rLDAbWvBS4eIbyDVopkVikkvuf3W412udAe(@G2Ug)0<yi5QAF3eal}-CL#7
zuka3;=_^ALlZM2Nq~$Rr#N9=26*CmEgo@Ti67wX@#9_$+Q-#t7nApVaOAYTpn9b~w
zT6=^^{@Nsw494A88s>#a%8tIM+GmLm4aWBQ6P3~?AVo$cLBxyp;@D9(iW?Y=t|aZH
zdPXpkBuCnXy`tD#Z=sxOCLR3x=%6B6=C{`$Ik^CzJHd&+oJg!Ajg`Z(j}9>`H7rPo
z40RDDlpnPXGAxSM6W{~L4=#+)g^Bm8kQas(iy=6rmJ1^`ODrggPs9(C7bihSKqiD1
zBNA}tpJ<ViY>F=!K$oAhj|US)G>HXH8sHGc(v3LBmrivsj#q^Zvx_xNV%^!yMQ9HZ
zT)mK2gbG_DT)P-(l5glkwScWXKxC*fjwU=xB4|W7Ly-DIS2mD?pq3Y3fe?l;N*vA=
z=o$*p4vd_aqSOcDUjckQkY%B=EBDRvmE*(mYkNN%>7m<6WEb||WN0(|lX(44RS_K>
z6U%>=6*2r5ryxZ)TO%4_8*4{FBL@R}Gh0WSpM3>>4yE<1jA;1z{`pV{8ky@UJ1OW{
zJ5cf4SQ<k7v+;n510Lf~=O>b%-^NvgijJ0<4UdYEjtP&BjfD}9j*f*<i$=^*&(h3*
z&)US&2#*$mhR?yk$l4K)jh+>P=AX;`b3jGUzyv`fpl2&;WM*RO_^*KwGzyMJR?2v+
zKV$y6!q0XGM)Y|9N-UR$_{kFg54Tl@|0p&8FRA9NZ2yPd5wzmRtpjM`gq}TvQcel_
zn5zZ(Majj8P`paaczk#8h5mq|*X>-Nr{z{I2<7eXMtd2`s45SSIXk?Z1s?&{n{rrS
zN%n6t;Z@n5Tjn&-YB5w(yxF|DL-B8Ws1>2VjWr2m{oc*^W}dW$&j>)Tx`7L%nesiq
zkh0_+i_p=z+J6DzT2ULxAq(_dy1rM8nRbH3ce0|`=W)5Od!+L5do}{jHLFxDM2C_z
z*z_&Gg!b1Q<3BidfcItk?h@j#Zf%-0x%5<gElI3}J(fo#MYkVt3c_;W;+IY(wimAm
zW0)cx;W*;D%VL#^gPm|(BD5=tlbFJdjmgY)kjc#5Vpz8GAx@hWsr3<ddXl--9Q;y?
zocKatT;(Zbe>Z7>eYenmiV0oi$^AI%7BK!s+eCUVCN+GD2~+VItM>_ZDOCAJNc&Xi
z_&xcB@q@EtY;sq5`Z#7UaCf!Lo?;le9^Ud^4p<X-@`=*h9lRq=ZOy!G?b#u_>$zYE
zooBBxn@juO{*6)@Y5#Af{!HcnmL!dWlfL6W`c$-cGWyq9emw`He-!cmu1qs~2S))@
zJ^O$3CaL#-_ZfZ!r($O4XzHNBOiPQ$%0&C4Gg<~b7M7ncJuMy!!;iceS@D=z8Sofb
z=<ygCn11>!c#LfS>zMgR(acPAc+4!U5KL_Jcq~751`LcpaV$S$e$KP}$exLf36J$>
z!7=}|%&h+_=AYmDCzka`yUdJC|HMK3Gwz>w1{SuTmB8??cm_7Mf3;fwOYi@=6!HGG
zROKOP6m68O&HmZw1Mgp=|8L8H@qc<N{9NPTR|)>_iVHec*8fMv1t+8<=3<hKqshg=
zAR0&QU))+9Nv!z16?`6y`viT8A3G*=wO2H-NmUFrd!neBNJ}UwOo)cU4{<XE(cEmR
z8cPYYv8yIO$M%{U5b;wJiKfEDrcA5ptW9XHOq`QlSGI)C>&Zy&uQ*(A4`-?Zx9s=s
z=S`R6zTSyLCV8PJ1iUU&^~oi%_z<`|1O9^5S-phI@6KBatZ$s|>7n|7)0C~QYnH&C
z05FGjU311Q53&#gH{z@Aw3!9f>GkF+!UF%@uQp)n4a-f{uzPG)op{lVWv<=RT-I;0
zsd9ODMJ?Vv)`}O#uL;reWuxmmO_KeOdR7y3rpiXnhrbcF-oCLC)?;VEZiS5c@N=!f
z*Cr0?PnW;HYLJfM`4cx=NOnWMm3C|Vr@0Qk-?AO67DxsQ7v(cOvp+&qTLU9|g$_J5
zqa@(%1>5A-2)l`f3$GJMM{(^wh0SyZ7m?4CbO?+y5>vK++Ui)35k9wWPeE=nCqiwO
z)$3InC-M72>1l~M?^A+9p+h12RIFt8(fk+mTiJn4d@kz05?}mZ1Wdb@l_r%YxewQK
z=JqtNY!|WnBbU<yv0?VAZDAXSY&vX`S@_inI(zK+0)1`~x<U46JT~znBXDf|+9{l4
zyWwqPgZ3NuFl>8nEB7$wC%w~_rQqo!OgHfz65i5X$dCM9M6eaXBrCq%Dh^<E*&W*O
zDZ=o<KGwW2BAnB%Fz(s})wvHNiw=#)pwr%W=?|$71&o*~)^RxHD>T=5K6@Am*^pKq
zK~2qZ>jw~bB#sj82O=Z$VC#9DQTQz_cX#2dhS`p8hf=oqRa?B;crl`aZfjq71CilE
zhPdJ<w-<JmeA@BCT<4>ow7gfO&!WFa`SjuBMMOVcD3H)O5pL_!fwGcyFMO}Vu`gb~
z1}QrBiz<rZvGF>8PhlASj={Oy#HUewgC#r0@=ZqneUR*+lWl(gh`cq~$+6<M{hJ-T
z%unlY%ThB?h-dJ43(koqUueicrI)>?8ytf$vD!{~ypO~mZ;DCTs+*C5%hi+^O<r?t
z?z_9VBnNZU<tEB1Ev%H$c2G*s=a{9gu``#i%yQLeMrr~66Cpl>5F521d2*FM;gl-w
zNO*YUz-ts;!c{3Q9)CCy$dUw&fv3{t?w9IqK6gu7&uQ?iM7G%L5I`yvw@NC=z27r%
zZPLlbIB=Iu#5oEFYg9dtCBjrH-wTw<Yq#F=I?lVh)#Xe+gK>f7T^_a%FliyC2w~rr
zvXu@?vxr%krczH!3+xRP3^@KSt`JE$xh!vU*wiF%P;FAcHf<=iTc{CQr8m~d6F_z@
zCgGZEE8pK80WsFS_GFGIWx!5EYBuhJ&v`zS!anDtXStU-Ke>Mhlz;42x@@z{8+3ja
zuR1J4&RUdhm;7z-lK*&Ok?0yan80Uev?#GFF$;yJs@h;OQQ53|(}I4x+ilx@8~bZm
z3|u+aI*I(~1T7_>uc$*xW3BDJl__lYSmtE0Olc(my<DYM=c*Lo*}rx$?F@t7W${tX
zY5Y0h-tX!#&Hl)Azm`dJ<a5SnmaAy?A>B3bHmzhqt-0A!P*wJLg_-T<G>TyM_4eds
zkxW@$t?vA70`plSwgRT*G}-In^Y&nY%l5w4EH)1nr{sMrKAj!T21>XGx;u$J*dQQk
zw5F~YAF6LCt)>q+@yBi&cEsq8fpbEPK^x>6%$qkEp2N;V6#7;#63)%fgie0A-H$Ss
z+NqASH$fn?R?v7?(!Qo_Wce>$tlPo*l<Lr}!;~st>NeXx#2oL}IQleRW4uSi1VIEX
z(8_+jF%MoN+rD|7@l?!TJLoi}<1tx@vNL0R5wWZ=35xS0c7rg+1s660*ff>yd2}E(
zwQQFm`e<DHA&5RK=ON?)jqhNFEWUKiBaVHwg3et66HjFcj{u3{bRz1vCWb0}Xw-K4
zg?KmA>XVuJ{MG~AKEv_6@zt^<3YB_4xh8xw3}b19d2N&lL5(z?Bz-*?qna9H(^fsI
zC2`W6s{ImpCswWk6VO#qCOQ!PV&($t@p@DKNhotr1qTcXV^wCJSaD%BNtyD|NXYqO
z<49=tKSTU2ZdTe9YR1ELT~g!dVqE>oja6MU!Mk`AtfFkjn$tOvBxRYjla?MD8c@q2
z_m#m}(?X3cS(ppz4C$?MzII`)Qy>hrM!`k3zo-ghC~b^}b95-q#iNW7K_!an-KQ4x
zDYNG1C$i^*vE?*z`m)^CvkEQAsO&|kl#C;kZ6UPiE^+^!bQwHxVh*#J$tI<-F%=aq
zZdex$4=dz0sEijT1ltPD>4H-g<5%})rt>X!mT;5>nVQly)TgAeD=_3!Mob9+d-VuL
z5YGbtiO8El!k-L0S|i6;oL2)r1~3LJ%};8K^joq(Au-dA9?+L$g5pY7jKhsOo%K{7
zPc0ig3?o%IDKN^+<JI+Y-@xL#XQ4rj*A+{fH+U@}85xK#QMJdjG1mlD58e@C5m9(W
zOEDxeBYEfu>nlirA)LZD$v_xAf(|@Bb5&E{S66_?6YkUK>mPS(I%P99J^39domUe5
zwy)~28*7=2xmM703Y;GY47vmid=>1<ox&HK&Kr3;G1ECQ0t;m(mr!l{x#tcM5JiEs
z$WTkP+;3XU=zp;A%S#mzV?~Y#m<*Utm}M3^xO1#Co=Vuab2u_EU3~V}WGzOxU$G$7
zyu!4u=7FmEv{^#g<iu<Rib|YZIhEq8wL13Ty#Gn9A?GNNlvEm;J1cLVIVA~Wv(zwb
zNxDGm9XXQ-TYjoB(QgL+NWS+90)!Y@rf@;1=-n}c$m0Pqc|$y?q9PK~ot+kYq|#j1
zv;{JW<UqE=vjfJjFGAhdo}J(WZ@ZX~V7lT%;JMJO2=t0pTbK+s8<zm)dxLdK$>6M0
z=c#euVA3#!$$Z!rso+OLKH5umL>VZBdNoe%GhXq1%%&^RG+5JFa_~h%@I~Hm^`Z$9
z&a?1YY=c+H3HTPWKgfNn7}Cc|0mW{HeVapn3+j-jaa@%(dnzzCD`E2VU11p54|Cl;
z`ILqr5K+QQ3imWiq<%HgEg<T7<wnI_e%bnhysO%<Hc+jgpBPSlac8o4tUl=)DwtXX
z;tQ^9Bc7V%MonzbPc#4aVDF@?$!EbjInU3fg|t4sgaNgsTA82iY-CuOA7sYUmLcnF
z3()X~C&B;+R}4|4of!_Z0uSV1-d*U%U%`%i@HidPE%<GgXRCK)()ndev{Ku+j%(bh
z(chWd1u%CaSjW|y6{UB8u!6u#94jkQ(#(T(v4(U@AP<b%$%yde0^0P_pV0{w79@K}
zi-=cAMm(qMXNA>jlhECsVFf1qMzHJa0~vC-bb1DE1wIp%TgmnJOO$q@pBY#d`8)W^
zmkP6NZuSz^`nFE`8^s4zW!R{%*U~BcC<iN-Vg?cHy}h%dnq>z50I0#>$4);KOtgVZ
zJx?Qa9scYTQnMBr6>iFCw{V>W1Q=4WC+6D`Y&7tVtAx535j=<xM6T)gJD~Ov?C<v$
z5$0e4GU{g&)BI51N>iDu4jd8fE5a^jI(E2l0}cph(2q^gnwSVb$Ob5sd<t7F#qo5`
zroa7G#lmsImm8<Zau%e&pmwXEa5O!npl;Rs5{Rv_IogqFEWNQkE*B`~ehaf~2|Axe
zL0hE$g3c0uz*=;pM;F7`E7(U)UAp9mK{tm;!$;u}0)%iVOy_6J$1`5_%eyj4og{`g
zB1&PTOQU6qDQ`V^oMOs!s3On(MPc64ij)vQ<s;2d=PE%Q(zsws(RcKsMM5NIT%#<(
zQ3iQ0H0j)|NV}SYhchn~j;uwIuc)X=s>P0Nap+-whG)LacOiI&r(O}T0=~rOsE>U>
z^jeZ**y1uo1Y%yRn@g%dLD#IDha0ILw&v}+ZBA^CyOL0rbV6Q{WLm4NPpV2WTi3P&
zY);IsR5=jcshmgLD1UlOMUisDJxpX*Hb#7wC~;9RMyyU!<!ZyZNQ^jna#0{b;w~;h
za+WB0F(5(0-essyDo;NvCPCuNNsJiv(rnerIWYKS!=8H<io(Q`b{5*U2+#4;BrA(t
z1pe?_Gp7ORBKEyrb!S<KAlSckH+sWzFEgi*xXw^Pu*g9&ZkIP(AW^4%?}D?u8n?6T
zR>x&lM6DdF$pcXKS{BT4Rt|G3NM6iye2($N`9vb|hOtDUVrXi@d4_D<Dsf3KYEk*W
z0(A|6`cemaY@$sCiOu!~7x6~%JSn0-h=Op1`#{u#Q_Wr$;7rhb48X)<{Lb3|m%;2Y
zgtY}i6ZlN2L&8~yhief<1VWpm4&VvGYszwpz@d~(2V%uRed@s&d>s?OhT(KXuF6(0
zWr}5F>0}A8cMVz)>}jh9y{sTioyT^X!Kt7#&-w3^O3uyg_0X|X#=-%UPF;sUh}WZw
z_KmDn5G&`T*KQCUc0%C0karzDk7nf4dnUm%nh2nw?U<8g9jq?i-1Hf5xvp5GUbF?!
zo#_2*Hs*_md@|)xuObN~`E^O`XebVtg(_?z4}d{qsHL4;GnIzU<szp&)jXvOp$Df8
z+t#}j?G()$!$^bjNM$|*Voo3azA^B$c1N(2+J%J2kt@3<76w(i?59WLxYDS#7<c+>
ztIJYkg%`w<<3BNqRP*%`@4IfEzid7wPfkYDab$J!Q){{M5Z=^Jjn=cBh%P$nQ=SU?
z{V`ohE`pI#5T)bJ$^(oZ&Xw9M?8&uSy;NNqU~4j{ZY2^=4?1SGmgI!SS3$B<6yf<J
z&4)zDNL7-mKinvTB|?5oL`5;8deFlFpRzsh(wLv^K)DuJZ8%sOh96SW<6Ia94lN09
z0n}m<u9floZ*age+oW6~B~8f+Gdet7ES%b~BV_`LMIlBj`@vY=Trx9_<q6d-3~q4{
zkCo1RJd{3OlM4h_2ME`?AgG>yofnSfn%HpJ;a0Y`#j<@<!z#aE27i_Q0x}Z@{F5jy
z;_qk10imTSRt$4uEQ7t2`<rmm<^ec<K@cv?p+_Cf4KinA2QDP!4g>zZ0z$KP*1zx~
z?8xM21Pn-Cvgr}wD5<I7^k6pZ#l2(!PSfJE`h{#cNHO4lmGIe+TU$AoEG<@C!q}sD
zob1NwhM&!DDUV_dZiC3J3A`Q3qJ=AslG9;Q)(sb0H7u_-j_mLaCc+95L+3U129p!l
z8I||$=Sm!GWR*5T#o`#`^@SlZ1_KK=bkYzkpprMsnMqkf$_U&qR-D`-n`3UX*jwf0
zMFR8#OZ!BIsrlHlZ=X^nnXC7&6MH12<0j2|IoRS%l;Tvv9XFBl;o`2`(0x2irL*P(
zQK*aIbCo1_SY+&RnNc5bV)*Q)JFPM#@+P<$HutYme%Wn3BB<R@vDxk$qPZj_s7ewp
zgL9Z<CS(rAczKi(<eP&;%6G5Rw^KOICB(y_XN48-j+BInrvH)N&}31&iVn-bBmB@d
zuO6)sm!MQR>qq1&7tT#r`5S4J&HPMsJBF`R!etL5%r;mNdb0V#apF4B1?#3b%dhOk
z!?3uZ4$W#Z;CR*V+AE(S%6kJIhm&c?jh`tr;#@)4uTK+d0d?L&du7?LMq1?z(fu+A
zvu%S?Y{wDJHVC)+$8?pk?`7QV8Ii=4f$q3|5^Ou5fz{gg0*(_<v=WvWayNB;%fEc{
z1&Y-cD<4RuX)iOT9juz)%9|?`8Qvsh-%ia^jIc%fK%H7i*4B}D-M^l8Zu{WkEzVhX
zX8+DZ$ZKGjD>}33u+N{p8NPVJ%sEGJQ-4UMd9NOI_brg?lix&R4JWr>c%#|rCjr}1
zW(C1%rykYKA(T3if}o;@O$bZ0`i5}1SYgMZDgz{uN^Rtp9v8K=fxW5WaOY`Td1r(4
z;d%%b@lC{*n80&i<c(U3#kma_gqj6;Y30wuJtRjUa0oPDv_{-|eLI}pE<&{<n1@}r
z-6#hL=?_-fE=X@#5btDAbDRMTq0ZIeRV~xtea^)O0>h=OSh+<*YIA07YBF21vl$k2
z33K8IjNYhM!CUr4RPfeox2I~!Zi0M`P+!5h;poODW~OlO9=@%jkP)<vmefzW+@k~q
zPSkm6tF{$p4!>_7jPta>?+a(sEl14G^*20xa+;2VbfIkRFFL%Ve%37xEw&cv>+)x^
z1Y?KR;&1`E(T)gz#;T8P9=ExgE2~wFN?!WA6|bqG4!)w+BGFSc+>5Mo*-ZRC^{4AR
zamhNNQ?K1-*qQ2DxpVNWe`@oIL(Xgw6Y;TC3kV~qOc2#6N4rE)c)<ErdYZixvGal}
z#zA>-^P1|${yL9<s=Z24sIjLNJwess3^QEXm0=?Med~yxV5mqT&Gz#ShEk{7dt<$3
z{X6Xhh`AJ2Q;Vb=OZ+k$@oS3xT3$>~Pg|ym-O*vdi-uw?P^0Inyl~j96U{4AodbPa
zX@?n&GLDnPQYvgSf1k5-M8!Jhe8T0gwA1u+zyfTZ(Pz$W((?N<Y+k}sz>3+`?^%Ph
z-$^QWvj}P7oiM0(E9@l+KU5a|oT3)oi}>x^t1!MxzPA6SyS`d*+<JxK2g)XNRC>Yv
zK-sx2dAa=gd6m5R2S{ldov`@*OA6%g%K6d@3gl@GHyyLGb(gcN_)l+Z6$IRdD+J=h
z&BD=k%;Ms9!QxtKirSsu?c;(%kx~`L(mp9+-oEXUj+!Z@FI67w?UD~%?UEM_KS<Wj
zF>U32$tbT6bUpU$kY9a$&3l8#tCNtubb4CxI#l`uyOv>zBTwNeI-D!#x!XlBCf|h-
zd-J*3<-mBU)Fv?u8`m8WJA00Lvh?C*CgJQw($j>aHX4@d^hI*ng%uea!vW9>m)sen
zWT)SxlJs_4vk|=gV#p>VmWrgTNLjAi*sihzgQM#^D+&N#WP9j(cqA#|6PFam{pl_G
zYsr7ve3u3K=B#=>NrmdgiK7D{KnL4jNByQc%GQ;;!?Kr#@&y&r+q!p}^5s;fEGb+4
zCc)hGR>UI_mFi^{$94C0JqeZ4b(j40_4qC6*e2xod2IUAw)9Suhx0hWrv>S2)!$@z
z2OaXu3@WS2zxa7fM(rlX;3k0U1~#SdnacGJy!x&HM8<VD2W0!*I_0jD>t>Vs<(=+@
z1M=tYhN)hr@L6?xn=yCkAiEyPl)8+1^O0~KN4GyfmAYCXy7+c&hIZn<Ko8*|zucj4
zZ~{VX?_xn<)o+|2zs#Y!o)+E4mi2EI-ENWu^Y4<-JXc*F{7??Z4Q_ZLH)498V|r7b
zmdSO@eLtTU$==U*x-eRvBkB`9&^_%?F5dYg>TIC8e0_CH{ie4Siaou_H||?k$GDts
zT32mZs<u19xHW#eY`TfIj{9?5uas`Mfn9A-Y}<K6*bhs$^pkFH0XD1Mq@iuJ<qNki
z`paYkWxpA=-<8t66tv2|8ggvd-vb^dE7{&lHI7X}?i9&nR&FRlX1COezYeV08X#W?
zk$6zOw1D82hj7*J=A&%r_CBISP6eGG^@{>Q5&qq!8`&r10VV0nfb8uFsr_w_qS=mA
zhjM~qNGYmtgDs_2<58l%YSk;t1oe7Alup713O*pp*oVgrI*jM-l!U<Zn-NlfRzQ5h
z|D;En*c~j-<IwMtYOF^Z?PjzLq@8=N?4oXmu+kQqKzkmH1Ky4_puBwNk7kQGgJxI^
z1=Wej<2$CV2(+b*pB0K_Bc48AHi#Z%RZR}dLf*qwfGp(0LJtaL8`X+s@1X%4R)7?P
zUV_XPnyc!nDc_FX$%Sf(V>I6||H;iLrhZK?>HD+qwEsBu<DV4w-FUi|75@lI(`Mbz
z^gl+Qe_m=pP^<i%EK2L9To(Krk(S;Ln957*iXfB~RE>H;>?`eiaa32EWYy3Em@^xx
z0+k_^BmJH~Uc+4&GGi=`r$b<O_XRTaUhB+_UO82rag>sk`rVL{mw3nH%?pi?DNBPL
zGAt4u&U0EpQL;DlC~<&D<bo>wi`-@o5-?Ha3U4h{1$Q&kY@=ngS=+VLT3}J|PW;g(
znsv3Ij?`ylVIQ3q#l5H&l=`s()9PW32`4U`OB!=P4@+uyEIl(f0T*9NwxCQV1O7l7
ztMQu12VDiEAsN3NjM0^Z`uXFDbBuI>$VM6Xn&0FoX1U?X#d^}GLC*1!JC9?}y_%fF
zWRedRzuCaQ;+~%I0{%Nh^B=pBGt)8C{%;1y_#gWq{#S7Gp8(@OS)%a2Wr;HSmS%QN
zMnBx+Ur3Sp2h{vGrpSy(#lZRxQ)FZLK{oWX|D7pPG5r6giu6B`|BfpD3!eOUobo?S
z7wH-3{!dgfcG|q37Ha6)8v=V>pf;g*2oFtM1V7|cZxyGfHfdsJMc59;?Va4Zxfh1{
zZRQy<n@HwT0n;<t2FWS}9TXR97Ynrxj4PTuv<&pvs;l&FeUu14?Q)52e<2v3IV$#g
zBZHx`hNEp|UwcHwUX(ks=AF~2qMf)9QW}k(ESHHD%XO+=jK-K>twi9w<?`NL_h9;_
zmL#z4<P2j_IK+V-Wi$|8C_gdy$a4uW;C;EgT99XjM&P1irF7vl|EP`nv0rP~I@+qQ
zX-|f}1`@vbj|-Vy6CU@@b*a20rqUJ*L6^<szZ1oOc!2%a>Hq)WcK;_8{9AlS|KI4{
zKLG6?*!DkR*}t^--(VTzKXdutXZL^FlQI4u?a6-3$(We`t3BDKJEW`PV(ZD8$0gVG
zGeepoy@xRv5fPCdKQBQ%_-LRYKSDe}7_w2k<Vfr=RGOG>Ln@vsh+<hISV;*vNG^AY
zl0_j{lj3D%@;UhyPE4g&Xy-A96kF4>yL6J}RQJ+WLW-$}`}OCPiw!e_$7SQ!W4De4
z>}YQ;*j%n$pj=Ho57u_O(K8wU33MQu#IddXip#|_HtiRaXSCxm%VYQJF;_P)*fn5k
zXU3cSW{l_kmk0cwBv@;i2f=Pt43BamVd6Z*d4z|qert;a__Ry^eP-6zLDTYMGq(S6
z!VTvd>N(W1pt=X#U1HCD_}5L-3+V*F?`bht6wtoUxa>>JmtUMbzOl_rI1)rQyc|_{
zNFOG3IJl7m*DKpifVtwx{2yQwbhdFk*igs^X@gkRvSkYxmC`n}=@TgBlUKIJhHZ6q
zn`}4_-`}_qsz=Iq(96OPbOt~EWZ_fQ0ZEu?Fs^NgUC%$S*D5D|`C9R^<ekr8pUBX5
z2V6bVa_qRr?|GmbYbOiSeiP~Pl^|R3am@S@-)FiKuF7anIyYud?VQj~eI-`gN9jp|
zt>M^lpr~+)rBnE&!hI&ZNQN8LJ2707#UFwO{Y|3#1)mV%?kf%C8BGfz4ARjtiMC=5
zdJ%zuwc96ku)hsj8Y~O()G1XByW0v`_|lBb{A3VYj<STbA^h-5ciX>-7NZC$rS2QX
z15?+SB`%!JPqhQx(~VH`{zNH?9bj6{S2Q<d6{aaMLnMdndO6o+7BcbL+7XwNB_Htt
zb9em2q$Tnc^efDo{#9j${qQkTMNc<8i7<zvz&0P-lI3p4Jdt-KSX=f6%NSjeELFO$
z)k%vqz+x?MdA$=7!h{Qgq|g?D>F+{uAZoRynfZR*%Tt2qlUQas`{?1D&%Ikjx0-BA
zS*aB3t8$6@5XPD+v;&nDEs@NR^;hm0$N){-;HM^w4=}wyLaRUf6{mcriJ~XZc<!D9
z>JTcye9$fAKCyEBa^^XcM?0G%n_oS(58jmu#@DAzK)7dUFGqF9^l||59lB9X-?hQ9
zD;K*}bchoqPNg)5PB~&nW&m5ycJL7!OpA5BhV@_6Y#LK1?dCDF+Ip0Nx;4}(JB_$n
z!>-eOhkaD)=nU#K>NF~eU0BwZm)X|w{UVh?yLtyR@R3|b^e+Gb;!o>mt_TP;V}ToL
zq3FK+heNZw2Ddg&uPprO1kwYydr!A7d#TnYO_eGdmPC)SAbXqE>W%Fpv-zgewFj$U
zW|@qcBdhzyR}ZGnHEpfxuH~8YQ)Ktf&Mxh5@JaAX@J;Yf@P6=V@ZG@Y!0W*8hNFh3
zhO36JhTVqa2HQ1{HJ3FVIr$mI8`a)XKx?42ngPx9{zOoe6smNM2_!nBh$B~^%=rr%
z{SWS-&7&Jyw#dyPH!la6n3nI`2>}BjnXk7^lQg$TW6}gC-2tzw*WWl7ucOu9@8q{m
zx0UaMI?MFfGFaF+9l7PYqfFJEFI(NnDB(0%Yt5w|0<N?1Lfx*1&D}rdma0(BE8~*_
zX=E4=9FiT%CSIC{3sLAZbV`}%{pgJ_Qv=Dl7+z_!1)W1iZ>Ar6BB(Sp?JaP~G5ubg
z0OF+VG;SzHe&T6Lq)e6N(&if73(gp=vT&j;vFBr}784RxW<J(BOQV#|KnB!}9^+7W
z%Nz9d-4hl~Y@r*p2i)$mii%jPUw^N0bh*`Lm)2VYGF)2O8o!U0vO7mn3P`%1%&&Jz
z(_F;d0SB1CO3m>>C1z3rkp0KYj*&pXG7|5H?ly~tBW`vzZGxr7DTeQ2Ua`#+%@!BV
zGNIGT=>Ll8*^Dr%c{SdHC~RfcwI)GI;c7woDxwaJ@*ryNh~e$k8KqFO0qxaE2uemc
zkh3bt#sCib>FOHb;jEy_`i_kETEcK3mo0RdQqwIj;_%9IfE;dhevJ;eWb@G49gjFs
zu{=gfax&NbUzELbj3~k1r#okC+qP}nwtdF7ZQFCkwr$(CZO`od_TKE?H+eVN`(LN}
z+v!TBI_c_u>iKlOnYQjc?FLTjrSP%ZeW1%)!{+*0?q4ZKyuCK%d~`G3m7Ec2r>yrF
z=#YgEsn+5F;<PH@wsW=8o6+8<VT1b69$+v{{*JxdVmlYn1^sVK4OXrGtz(QLnO2HX
zkjEt(N0Yx7Cf9*~uLy+;|DhV4E}|X^-S`~v&n{FU?c*d}i^?h$Hp+BFRK#Ra_3#_f
z0}IHrp;(=xFxx*ohA4C~ZleA$*TIsl-bwoVe?uz)d`LRvUnY5g{zl`(C7>OSJYd2i
zQ;9%3ZpRDZsWuo}S);2C4_I30Yz3%rJ9BOB&PI-Co->1P=hMr@X5Dw$W>hYl?cEPR
zxi|fTp0+O{ggV{{blOnvZMctd{>z|_@dK5LS{U2xrpI`$*vl0olOv58B9zU@>E+av
ziPe+x=@6)RaDGiPgUNI{kYV_>XV{~Vgn{uq)rM-p6?4uFmV+WuS+IjM=nX!R|H^pZ
zlGR8paIuZrM0VcmOR}j@d|R83qECjf%Bo~XJeGP7lHmr6HfIQy>*w$S*)UzxqsX;N
z%wT3IP0UPdr*+oIH|i#?{lvt&77Um%s#uqGZ5c66xHd_HQL&`O%eJB$vRJJ!CmOK_
z<XRh;vS2%w^p)F`Nm~Hhl#3u!*R0zC{-!|+dZE_uu>+Sg=_8ulg#|H_-TT^sCXp`T
z6~;aa_o(>dbIcFt!StbY>YDVb8V|7=54g|<PB@**s3uO?v~W38wKX$Zrdy{wY7Ey;
znpB%;Ow?O4S}<x=(lk3`TrfID&B_Q2+U}N-O;S0|W2^Pi3;X*FOWIzFkLiR5Z>ZYz
zsi-8&xRcr&1Vl&ChfKWCf4F$DFYeX$j8t~}n3&P3rAW$LnuIFG{h@cF5}$)k-U_In
z#a_goT+j&pdTGC<&mA=liJvfCf`E+NnbOGiX^OKvl-F%unt6912nV4B6^{=v1i;Mq
z;luS?n>dh?(!HIu&cMozOo#d97eS_Nl*o%NBa5JQ0Iq4^SaUc6L(!RxIKJj>d69c)
zc!{sQ?oSVPw%cwdBk8iYQ}?&!x?a1uaGTfkc<#6PcCW9vZ1BDpy?5tEV5NMZ?k28)
zdz|z6XT!5P>b5(zN_e9VG(r@!q1IBU05y8AgW1e=y4>D2j~w-f6U?I5h}QxXL5x`m
zY<n516ambnTC*K}e|82V_b(<1hY>%n<Tsr*c7Zl**A_YkdKY_caZG6oOq8X!Ki~Gb
zT(7;pcD~(woU}Mg?&YYg<l(x}DoJ?DRWV%3mdYt&8%JsXDjT2@N=-ylh%#A`PR9I=
z)recSVL4}pYyeu~>`P5!WU3DOXCGs_Qe;XdQ+}`;C7(?PLK?{=7uj$bobZBiRVbKh
zjx8E0bYyR*Sut1Mf?=)Mu^wMFy=ZK)r5d|r{jgepiQBQUH%2*KK3XqGGG#{GkxoK(
zfPq;bHLpGXZEgrQRyV0cGzrFsNXKA?gcRBmdE?|mGW5}+Gi~frsE8-m3E1|$%zBr~
z+!G=7hFcp8hVsw27M!!vswaMo&rrn3CfTMX;Q?=q`;vE<#~_+cK9$mOJjkj5f+n*=
z`wW~Kf9#2fq7CsNI(8xD5L=>3DpgX2DXnVW*!-RuMFd-sfTe_?Oxhw-R374-1CwQ{
zpzv7eP<*S;dGMIm&~cPU7CtuKB1&1Xtz}ScP|xPOWDxaW8%OL~+m8NQ%RZp5CmK(?
z_ftgKCJMH3XBKZOEVsM!ZpHW6W61o4sHRABnLZdAZtLNbg~qjbP>2r4`#2Cz7S|i1
z=mHAt-ZCDE2K?84pKaK3R7;!VpSn?_LdOQm*vrM2;Dto3c^^Q*l-9<86hOvSyK0r-
z?kK4%*|SD=px16Nk%DErN%$>yhhl!ign`ze?N#(d&5@byE`sb^8%zP<k|f>z>Uc-D
zPqx32_>_ZJ&_s(u?X;HUK^8dTc5;w0pn(cxI{a!xYTUh@p;JMhq9OB+37g!8OxnyS
z7V#2W*e{D6hx#<;Qg;Y)c!v)cc=QaynToyMc9@6V=IEZk+A!ldAGko#=kt`ICzM4c
z{*fBa<r1{~?6M^r$#SMA&R{li9mRW3GnbpOXbm@*0qd^dO`j@Y+7iOGKaX8^6a`W6
z&Y-pFyn0IEm>D-FU#wTGeGUB@)|`Kp@IkjPpE?h-3Wf5G@WbRoD6+;}vb*5Se#IQ*
zi!Jp5xNw(OnsrS+>(0;<F)n*+d_H}4-KV`RDi<E+3w2)&Q9t-3kn66VD&SE4$Dvx*
zV5S!R>DjQ!zFXr)O=#T2n|5A1JMc9XnYL&{%0HG4<Qt4#T1l1LlG&1S0~CM5!H3Qq
zNlvbA%GcmH;^wo%?JU+eYUg`4KifV*<L7q$;)fDb>GDHv>t)GSAv?jR8Pv%FD7zYZ
z`flCbQFIzXWf%d7xuL*(5?&3b*_dX9wxQm{g{e_s1wI+H)YD6~Xh!vw0D>leEJ!`8
zG%kr@mYhf=tMGJ%|1T8mFWK*QxA1ZRh8hNWoS4b>($ex`+nsKl65gS;9A+Dt+wbfT
zjIr=FKbMH-bqfu_c)oHu<8Q{IiQY&)tXzPNX_U@rthmqEtth0WWMM0wK_XBkrd7FB
zx>dqcc0@2vx`EKV-zyyTsz)gzF8Mvw1$_4}D252}k%E3cZ8mNEvDBwU#u@p>1*dsv
zi<C*TTC-eLnH|XHAB3W1p*b#FJgxjWYCv~12N6f?an{V<bRJU#(>PN((>YVd!)fP!
z=Y8jS=X<B9SOSVlXy#s*0|upv-M7=_L48PO_u^<bSNz8jPq?SG7*uuMPWZt-m)+`|
z5RF5f^^e`>DIATK3g6c?&De<?y^pxF{J%jwqOlX?(B2c}(U@uo)AOW(kRVW)isY!R
zuvYCz-R#g$&D_8&Il#g<4NjFssT|K?_u(-_6A)@sBq%Yywpyj>)sg4#39g^lk1iy$
znJfd5W1r)oR@JDY-U~HGg5upoqQQkhg*$<}i+%7qHLO$TKc_6Y3}6+|9?PY_>6D9@
zszo|PZo!XhPZZmCNs&9zIaw#`*1q!&X*qgbl-ZfiDeL)2DlF?Ktyu94_}O|hMKd*~
zZvdVcvW-0*!m)&EJpG_gnoX(&Oa1m5H7w+LN?14)ZjHOrf2M!;jovo}w+niA8`SX~
z+N!l!t~Xt^yLflxZ!OR^dTw}MeNUZFWlXJ4wNJfIg-qp4^_$+9?wJ1IKH*N`Ug2)x
ze&G(_8pOKB+Q$Cmz2_b0J?CBLedq1v+0A;+y3YD)duuytduqFC`)=B4vtRREb6x8-
z`@daMxY(aXZ5!VsbGaU%4t(Qyhqs@8?Rf1D$k}*!j-WnW&vmQU9(A|iBGrWXUV6<8
z9NKPmmy@a=j8E~oeJG9a=-w54`_D!UO<c8^z}<LXYjMnfR5*Q__pw#OnC>E3Or%|<
zg<~74Q9RnMH(*XoCc{$1&_+$fKSE(jO&gwwp75SXkPRjzGeULY2C*|?sO`ko{EZsI
zTp3KycJRBavNU8!!+v!NdwyZQ3A=d3yoJEIFQDlQaH3s_#qf@sBq+jT#YO7Aj+nWl
z7K|HBb%$ZDxu{8JO7{`}n~(|Yuql0#=OmFKBsGuCEJiCK&_vNf=t}&Ou5ANkl$#Rm
zu<%5YT~$aqbX>xe;O3^<&dE4u?^hK)&Jlk6S!PADTzvTO+)s6LK=w*A3$cmp#Feik
zV1zBzAferdJ3&t|6_vqe-~{ssJTVMptIaOP2obb<6j|&zdnwUxt`*LI_{0yIOb%pH
z7-?m6Je5wA{=2Gyl$_FSSfTB~R9B?TCh~PSg<t5KMB1UChNCs>srEU%?0`EcQJQ?(
zhbjxt?^?RBakCn^zCp}wy(c(~^cY1GWyjgX(KfnEqsE>|=ix31j+LCU;O3r5cTk_y
zbeKeq(kSp>I?-1ZD?Zk$by+P`dq~3=h9C*3G?=|;#6)q2D`}yOTXNciX-n?{pSldb
zD?>_lIF}zPfm3lxnQZ#tXD(L0r-d$o;POhhF#!4*Pub=|X#ZIbf7r-9N_*&$x?>ak
zjV^^6dZ1XI(Up4C`xBa@=bxKs#jAG4k2;kG$uoX6J&g@w)>0OOk)~KkCvTZdYJ^e0
zK9w9dmzvE5_SMg^9w0au>`2SA2}Zr3Js|_LCwl$pnStmW4k~M{xY&+i80N&CG)@rh
zi=tKq$+E<#c{gJ#o5bh#dTYC*!?oONiFuC1<x)cX6BIIxv-4fOB<V)RGaykLic|%M
zdWJW<-ebB1i-ku|)l=M!2bXzsgtYvT?@ND19paTNV$i^z=Ui*P+nB=OtQq(RLbo*$
zzs+q7SdV0e#blUqZS2|K=Ww>j)g1Tr$dmNi^m?;POS;bWy7=s~E;n*Jm5jEB+y3xm
z-)P<zaC2tYDrYDOlt`W^s>8}9(;#(QKUAx0E>D@FiBnatMv;PHg0TZx5@bC&ILWTU
zEN;tS#;H!@2{zQbdn->kYy1dc2V<glWS2ci#mH1fwRpjX5%W=#WQ1`vuNk?A054>h
zTDZG7JDB%Gp4TWQYX*TMSExnbI9k1c#e#*iV7hb#Ls^s;$>g4vUBz@QUhHDd{c#P{
zv3Sj7dRzo#9Z=^_5~yDB%+ZAAIJF7YYEdg7-IAUWIa6{vni;Lj5|gtPPPLjcR)sYi
zJzE{y9u~6o`;*2-)W+osIt*%(bz0yt*7&SqV8WvJ8Fo#|rzX|b;{07C&(Bx(<eujs
zALGPzdaM1*1>ZKAuJ137c+yhe;aV$(p+ZTrO|a}&V;1%Uz4JmZHyb464QdOVJNK_h
zATyyc&B6{Lno#bj#Jfm#{M3Jp6OS45iR3-6TcSq+Zzc9TIZ@Z(B@if)6)~Gf>N59z
zQRc69TTt9OD6`e6UI5!ZHhHlX?7;c%vA;OmDMoBx9@%#s5Kj?-m@WS(==-9Bl7w-$
zz=WYOOF09d)iMPV`dV22!dZZTXorYFt|U4h%?H*bk2k1v)nej+T~o-EAr5G6enb^R
zW9<brB}m1*e;EeXw4zB__BwRn7(;4$MXuRx=I1fI(!la=a)_qU?A*BD7qm=_v<JT`
zlddRhx>|GMK8*r$Zip1}%GOAZXOuk?Rhm_C${pXt=Oez_-5J$qblKvO?)2@M?X5x^
zDf}0OGdvsXqwcNLx(;iFX{x4CuvV8U5UKJC6Eq-6Z3n(znogMiYu)ljC1=;Pu_?`y
zN0&{v%7A{dMosT!TD;ImBW322A>p}FqB_y}0nEap>l<GYuY{-Ozb=P@;@{1heUQnj
zRg1UqG#Kq|qp@F`UJG81Io1#j=yb;^=c@mbrBSN)EtFR-mJ6QFU2x_w5=naM?=AD0
ziUz1dEZ-L{Jkvd!Bh7f<r#^fU^<?YWtoU5RGuiBEwBXt;OyOjlg#0CCI{UlHpC}7s
zy-`1-JL^2~)u99pv&REDDj)5zb87bGS&!>Oo8aE72A+d7W?-;TB>fNUiy=8`^PW2D
z1WI<9VB9$kWQ(VgQmY=cinq-LI^3SA-Os?@>t@xo9$T^SLuu|1-BY=$<Rxr%#0eP!
zd~y~jqeaEvIieOI?;<1908P(L$h^T)GI`_dQLb93UrPf2eJPT6Ubi<OffH6F@1<4Z
z$zATazXZZ<cO`m@`5t)K8%4bBZB>x@q!Ti{EU$&;zTmc=<a~u4YdsgEHPL~b+p^Mr
zFx{7)!iDg8mhAZ!`KA!tN-eRLx<D(+e5*oyByownH0sf%YxI~xZf2Hd`oe6D^#n(#
zXeq$xMQOH?oN8X5Cc`1~31hYC<*WM8P2%}|aK3huM5AD@gTEM7`kRqinCz|Qzrydj
z=CN{$E$4_pp_r)g4r<8<6Cy490Ark+G%7g1jsLEFZaE|`BfU;trCA;*J$XLptB1wz
zNNmzR()5P$6!1j?_aTNrOgOX)$~Bj8mrR@+-ajzWoc1Fdw>X2ZYq!ayNb-WgCwgWx
z^7yIp1ySg^1h5XxWY8MC6rVH6o_hIz+#9$}|5U5t8X1c+xKH-EDdRo>_~vq}0wjwa
z)<Np$B#da9L+hrDcs#AlcHFP}q5cIutb;gXHo9MpVxL;zkKbFoeXKv$aEH#$VWo}L
zD4gFWiDkI|+d~=4fnKub?$?7Kiy}T7Ghu{sf97<r9y#tTa<6WiU2zdV0=jt6riPm-
zA97;kZY4_DCyx?Y0$PyikszpR)(uZiL4m@l*dJle7>^wl^Z^yz?mtbKUtc3<PAU(P
z&yf%Y4J+0j!MqedwdX7(XeQ^TuS84`1V$w2#2*Id{3yZ|T&?cQ&KVc-Hym2DLv8TA
zy_gS5En6K8Lt5AfNHDL|DZEj91yvg8ItB)SNJ77cEIld}4b8Rh^HyGgkd=8A<17Zo
zCIT5oIDrK@s#Zie6Io(ZN|;bktdOpmrAPb~D~NpFyqFcp(?Fn~yNq)xfbMg_{M&~F
zs)1b0Uxa`I{W{_?6wEVN{l$tJQ%1?SmM<fZ6ZkY|R3F&f8WS3hm`EpB@C6?nZi8Q6
zUMW8=3S!Sc2_CF!AVggZ5jY0c3Xn3pm)T$XS=cx_l#9#g%N~FXU<|hxRx$#bn7@y=
z98r%K{{pc;T)2`66VxNGZ#w^bl%Fw+_|r-3gMY*wm}m>Xaj-p6OW>s2YkW+fm>2y5
z^E^tP`B%?Qz0QynC68-rMGj2m{0!raAlodO$Wxb3OuvAa41w?}Ad&3nLjLDgI7={}
zPq3)?S>_R0wm?DL9CZXVSQz*cU{*n21=SbzZ$EZkG?ECJ$&!MgmZ#xY?iT;#EDtj~
z05Fl0k(#vlAY|~M{K&DmS;C|^=QU6&F`)A>X!}3m7~wY21xTsAm{q$VNqlz%6a9Gz
zP(ulNA;An1)o?j?zeZAGkA8e*G2vy*+CQ?mIRs`_0H22Pr?D`i)s)R~(nCaB2KdUv
z3@naKd|8CAA4WQJ*W~t%c6x}~aG-w7n@b`jsmfyeRNUZRFi*i?6#3QSgzbO*>g&qr
zP;MmRWCn!>vi*n!TngVLCX0#PwNndg?RJ=f8{$Sk<~yYgfKkET6$PC_Dgwm=5$^TM
z$*D1j!x+P@=Lr!1^hAmST1CUSkO1!(Q@?{>JqGL&<zEz709`CjFf1VWn-i*s_QDE>
z?WsE@)QvV13rEApj1Ua=<9H*~<B!3mnPC)@Wg&a?L-e9!q?MuJvmNc}^w09APS)C*
z>fT8p`ox<c#rYD{mz{;>_Y2~U;ltDY?R9HyVC#ec4pheulR1v<*{U;*3n&Dk7JYAr
zP--H`FRsg1G5=fnS4VFR8}VE-sQ7r;*?B47qEBrNaHd<(z+1=C`e0r44}Jy}mgYwA
zFlK&zzK*)eio6ba(0WFO5Dkr>QG<L-ds#Ovu%k1K%9CZq1*R$_mA;;kQH8u-OM5j+
zTr=x@6=Qk3Jd{8)=WhffRBSTU`T2$B22^lH`!Z-i18AHoq)hTum9vWF1yyEnanqDc
zGz~$o0*pD<Ii^L1zofY{co2ZFO0>+?lrxp37L<V!l{6}3)l~9Q{!;Q(1tdghG`>Rv
zzd(eaR4+l$a{LrcQ}WYOe?<Fo%JQ-Nkp-YsV?%wuJ<HtOddT_sa{Dl-fe5(pZwMt`
zf*X)R`8m~vDjMWcas`!Ih-PsZJiSI1g>xJXl@Lt+@%X!7ei4PTiWq3#Nc*w83RN)h
zRv_s)MTbf>3{5_Zr2*jXJaI36({GG7aA}aQN)i*L4^WuYZ6hmdi)?*;cQuJJxiafY
z6FjO#2A02$q1>u~u{P8@@vvpw8wo3+W9}2IA7O{dp9-PmC%@X@+B*#O+v?foX>o1|
zFD+Ob3Z8jo%A*;<^Cm?^05n|=0Dr2fIf7RvVbm&a#gI%$TEzsYqerQEFgG@3B8o2;
z7%_Y(QgKTE*RXiwdX|j5_}`5te55N~!mV&&ebo}=qp5qmt0`&5j;8!YP=;RgkXp^K
zqKR?RLAUUeu%fo{Qg?aU<)%{nrIW|L^a)`?MG>%K?}{P-T;k^#N5q@}SE@bKoGN-|
z_1xJ)iT$JzolwA`#g*c-UIsm?oh<8EG%<oP>#E2%;b;@#4lYpP<$0d51<07f3XKp?
zdBj<;_wr=pp`HNAy(*AI_k1iMjez<I<bQGnkOd4DV<8QiVPOEg5TYm*@U#Ifat4$0
z<PciL^k?Y3T>lh;stlMj>8po^0Q^JJAMi6l3P#qKzJ>BL0q8yeSoq^s06^CJjXn#r
z(6r{JNuEr84k~L@TX5mH68r-^$jO=Nw}yU127s9KkA%rZ_DbuPBdz1iMuJE}!&6vD
zBCZA-WnhV901n6tp?7GP7o1V-bX%Z2o3IzbpND0kwx}t&dEKl^csUG&a4`X4mo}ss
zkh*T|2SW-z)1q2ZV_p|sbiw_*a^)}o@5fb<(jPUq`=urx5=Z6bfBY*0i^E^a6<zdb
ziC>qIZUhM|3SM8x8%cPQt)8cv!YP(WMU4DBm67{r#TD@q774*5wv>flL*$`APQKdD
z&f$X4wWKCcVr6RL^-kj%vIo+Nw5IQF=y{xFp@Sxuf1!aj_jT?I!6(U#;htq45b>I@
z*EU3MAjZ|mE+HoFC3sgMbl2qSh|eT7`L^iK6TjGP6GkW?iPs^1B*H+(W*~+rvg6X(
zy+-`T;g1|6GHEFV65chzDoM{QGKNo-$dio9kl3;QsS{^g74gmr8SzqB7UxdOq>@Mb
z+J&e|Zo(?ypvpGDV!SAM7F+Y6^gyiYymB}o%Z_VEKg94eNZsM@#f)oa|NWv%;jH2a
z-*_z)BQtZ~N)py8<9+`jg*-DqE#`3KPoZawHbna(WrjTS4*ULj2NzGu3QE5o@ped&
z)+$Y$zy60UW+FTB*Qt5Dqu-A~lxZLdrugI^1&kLf5;TC9Vob;&^r};(^j|9v*tBlB
zJjPHHDQD^9tHv6M^*BcNSEx&j0v6FY>m9iprMCmyIuS(T*oAhK6cWme{4%<ADW`;t
z!=7AGy`*6W&H{w(M2F=>Q)1b0*^c5hulALq3$%Q~GfVK=ptJ5qVVxu;!y5m;>#M+a
z!Wp>kHg=k@FiJP^UTiW(%|3{}D#d3U)s`Wl!DZ3a!+mIujEUP;UE0wjf@{~_PI`|}
z_3wFE{)9<A-xzKSOyLqU(j!xsl!);UI>sR&&5C91r#?F>=l^UKuh+Q1z1q*;i`_Gk
zxt<!%rNN><R+)7}58cGI4AE5!)aKNItqVMG<A^w6Q<aDMnHxk&U8P%k1|QJGq~WF>
z0lUbIafucScz5)O&#F@f#?Ik`Gs^ZV{;H%Ex1F(mdK$43yz~T6OK_ggBZzQ@b&ug1
z%WpFv8D)7m(RtY>(2y<-{VCsA`x^O)j(U1ibRK0$NV+h5DJ-^72%G;a409`d%G|F+
zr3v?C%%oEh$nodB%~V|jOm2x@OXf;ZLT$7?R`kFF9Vsf>oMwn*&pgC7paaJg+{T|b
zu|x%62cUIy8{VRTS<tU4Sddj|v%;Vm_nH7B=CU*(z3EnZm<r)cl*9w3wjy~Lc1_GJ
zp4~e5jiQ{Xt-JtvA*(8+#I#qBszw#?nlmEyR!^KoWEdvVYk4$FRS^ea64(sIPFXH@
z^is2x?T<Fpk{L;|#(uN^xIEBB0yV+7zcEC30p;&0Yrs0hSBoNTc*!b8V}j(kQ6-rd
zr1FZ>%0Z2SU)@1YzasI4;(p+%?-ub9Dy1)vHehlOim7IqHRT^)Oxtx=RYm9uvM+O*
z<eG%@{CGumft4`SaNY|tg3J<)qKNaz)o43i844A}=tgao1m@=S<+cphLW;`5`{2^z
za|$P@QwHE$=R~FizGVfC3gazFc9Nb{uYW!nE)}IwgY}kv7UIuklI0!gisA@@uek|=
z_54MjIxI3~O3Su!Raz{6FGSBxa+k(EFe3>dRV1vp7|Vh&F?%XZrdMPiY8!D@#=qCt
z$JV63iVw(PURn-eA=EOSrJ+=ne9KcgtkM^U^+u?Us^J%#WIeVeWRI`XlRZ6N*q4%J
zZ}^}}j@Hkz{gQ&!6j#4B?35Z5eNrrz7t_r=;9Q%=lX*#`c)pZhGOu|HH)*n?i(Pwk
z8s$<w`UZ{F2$y14jm_$lt7Vs*&X`x_2#RxG5R<Bj*Wx;jSZT|8pcicX<)ySmGWC@6
zO>^N78n>mCo9FEnucgDhgczyQdrX$g-0YUi&TH22X(sd*e(;-IwRx39%0eXgG>8vy
zgwGz<l4Qd`3tP0l8Y+2@yn(eiGPXhyajY_i-BYdX&tx$2%iea}dQ_#KwxDti$Bodg
zJ|oQ0a6{YDagOvnp~8=TTph65|L7duh`2Dj-F1ffwnO$%?6Wbyj(~o80QCIg@E(vq
zr$}BleBb_IdI)!GOjK_T8+Yl+uSbYp9$equsJV!DQiR_*VS3E_Xw0wfTs}6m-!Y)R
zWTQME)@VQ0XuNMxk$mZax%PV{cuNm*bbWGtR}^$U4iMidsJZMm$8x~8_DsCI<2(vM
zu{h&<vEi?$Y&4$=Y~RHocyFSAd=HVoMdzn{3jkvKtS^y$J{iz{TEp-h_r#uFZ;47?
z2MB!*_h3GWN^Xe?HV5F2?%`~E;lSEL0XBr%US|cEe96J^JnqKVc2TbLFz{ygfCR1u
z*tTni^mbzLW)Esi_CIbe_HWScy!rRLX+M{|HNPuZJLMu@K-xTS<{n<wZ+SetUUXr6
zT>);Ec6n?%KdP@jZ4h=qxUSb@dj1W$9`5Sg)>8SoZrdEWM!Y`Lh<>|J;o{6a6cFOh
z9mM0iV)1X1?qBIW-)@L}n!t5Gr6_$?5q6U_`S%<lcbg<hSx+1(VcAiRT2BmVrS2N6
zGHgbM?y^2Y$hO-H4hH(U%MWTrxlNFx#iHEVBaB4c`h|UnY?}3VRot4wTqE3(!fYcS
zws*1D<G6;iyUCf+U9$%dY}|<=>>T!DHH!KKhV>W^Us>C9d;hU<Jb3!kDI2M!rR{a$
zv$@|tMcY|C)>kt&Bm;`{TOMs^>9ilRwB|M7(%CLMQ!_nW5vbk8kXfS_rq*{~4$zHz
zT(c8%@!0B86jHMlqh?_zBR;bNY*(r|68gwaoL;CITA^xutMYLd0j-U}e4D&sZ&#NA
zhiPY*RMASCTf-ilI$-?<>V*^6N{dI=!5XM%+P9LT^=ipv_ofJ=XVWLe@|r;+`kis*
z263rtI4C9BHe}JsKAKE3zB}=JAOd3HqX0^)((yL`#U5940z{~5-b=zsqn8jEd2;wL
zBxM(`Hh^}t3lePV)90fN?g=^7N<WHHdiU8z>C=sMa$)ZiH<4*}{P29>PR}+Ibpq1X
zMwtag?jX0vp-RU`hWD{|j8+E+|Nd-Llegc6d5LobjDi}F1*XdLV1L_&{Q$^Yg5A-@
z?#VS>Z=?ob25JXNZ5FnAHhPlXwfaXc#>?u2rIQD2gRvGR$?C}v>axjd#1ww46CjhH
zixdINU@9#dhSUoE=n+5b8>w=^P$zByvksJ>rKEN}T1AqohBG)>wGyBa66=^H4bB0(
z`8Es5u>jjNio01K`%oRdj*#2PG)V|_vUAjF%N|bY_U9Pyy~b4kd?xxE$jQuE=f9&N
z|Ceuvo{^dLe>1ZGx4s?W|H8<cIQ%vJKMQx*e;p;iY%B*p13L@TFB{9u@?Y85{|_1a
zAN|Sy*|)>|>)-ir$=LsplK+*R{BL|aEdT#}JAg>I(Lr&Di2tu|XH_UdIm%=-pr^(x
zq*)Oy&&bP+ogTL0crncfR&T46mOiqYZM~0qI~&kGSj!d=18S?nU1v@QrV2(-??1Yo
zkYOhy1>n8RolMh~uqlC9H8=2nw35E3V^UVUrJ))+SIZuK0H#QCa;g0M2k#usk4;#3
z#iiyspN`zrD!MnQPC8U!Y0EK6i$(f1Re#GVm;k~ENrgpc48OUbXBW${CZ*h}2Zgf&
zg`{iA83y|t!ke%LB!_<Lc%|vVQH%#%4l>!(H=>iWlbp9OFa7EG*hv<LAumy02C`8z
zm&iCvpO`O`L2ZIxan5wYm(iruvs`Vg@ej5)@rT(d_5U>L$htqv-FhCK=l&K6-WdLT
zBBXyIosWG}_!JobWTkyAq=nRfdt<}p<mT2vIlE5BX2D`iVU}!Sz4C;*G^&fNu)StB
zbp1DT@z-(l|G1z2FUj2h^W6JynOr7@{{rQ*G5%U@7=IaUdX`@$&M#5R!pMrx!v3qi
z`PJUA(*L&oYI9isqq$*a{hx*ZIcEEhQip>B@;@pZ)?Y==e-u3ItiRW?{_1%C)An1#
z%=)X>VPpAK^89Lge%o0%Sby98Ck)Q?Tl_2Y`R&Png988Ok^8SG@P8)nf0@p|cmH1_
zByD12=4Afc>;Dw}H>~&n_U14#GX9sO;w=wPFC~@c+wGIA&V|mzVwsIBW^aKV7?3_e
zxT5G_R837t7;tNIMNF&A)xu8D&;YnvZj?m@^uCt;K;%b7WQ4g36tKlP`z%lI-q&`f
zz<`yND9HuetLz2E+q*BHotuw~oX4z&=XKATre}|<rbJN>k1z4)clgMlW?I|RSiH_J
zO2JcP!PVJj!u}RlM_Rub!a?pOT+L<YnLW!Mfv^q#xXUw>?23(>%wvquxOPMWN72xo
z3(qHEA6~&2*gS?hAoz~ZXQ})yxOEI1op=>3L}f<v9_TCg>^@dHq-xy=`S#?-j?M}}
zgX-{L7qZ4T8{5<!trac6D;n@J)zE;wQSKxZp;CU?cOjnd**Be?W<f46f-%fqgV#7I
zn7pJ$jFd!i6Ng~MBH3AUXOF-+<7Q&b!~|=KvcE3d@z;~1ljG9@KU#ES6k`-lfrXIi
z3RK>@F7`@s5LLqFua5JW-(IaGup_90sGmPcg1Ejs(K%utbG(m~{A`grnX|TYLZ`1L
z1A6>qa|h;7oDnVsRp$M42|R#K%Zlb`7H=lkuL{V*6|;f8FQR!b*qQ+!43U}&z*S;_
zy&XANySfoe{~TZOJs_xNZS80s$wuwSJml`tuCsIDJ8^g-ssm39+^$K%kExuvm|&cl
z;ObOPRn-lsl%P&i{a&yi@pXez_=7<BA%W#bOd9J~HOz_LVfed@Jc+SrVeyx4+3@eG
z%(=u7`Bw@=N(C-?NBNWTsw#0*ACNsl_E}>mlX-_j(h8!yPHmj9yi5m1LcQF0)+2GF
zod=)uwpt<8@^R{JLVjYF#mm#y#Cg1Q?>i#(3T%`kQwZ7KH|Q*tl5UXab)~VsBi<1H
zvO_5jZ-Z8Zqji9vh0OP5s>1kUSVpt-qtlqha}#rryF*lo(#$_;gE89s=Hb4$Sm9LO
z@!Uq53D}Can$8KzIWBY#hqOI8JDRR6PiAO%M|YGvhz>dBd#x|lSCmM1Tg(s6@Bix$
z`0UKOtek{4Yag&-Idj&O36Ly{n<zw#F`*wnC}?e>95=o9Xj#!XdQ?3*xl>t=8UO60
zEcp#Q@q8oiY^64HW)b1&Qs_>OHSL?=0^Pzy(Kr4;AqsvKH*g|ezB4I}s<peHTS%7m
zfv3ybfWBRpED4SE5!hQpKCU+>`hy7zHkqf0@b|5})Kf&vSA}Xc3`}_(V;aN9#0M8s
zz8paL5Au|K2&mmOv-BU*5{q$wz(a^2n##uUi^$~}>+14G4(y!I&UA(7h6I;<j3i@a
zP9n+z;x_;U9P4AS`<NG7jK%z-sy2(<g_Evkj&TnI8$PY2ogRkrndlftRnd{Ew?Rm%
z7qN$|WR*E>!KPw^B)KV)6n4t7MUJ;`TLkKnx1p0%qfSE6jIs|@1p4vGu>BBIur@23
zS!ds#jj@got&gt20dJ}7&gnJ2Jk^)ba{jH-ZVYi~SiX)mRA<{eVdp9ww+J!q_Kti~
zi>!`Pj&bAmH&{CT-I~p_*74)n*qE}PA{$_fKSzEcII#ahrUC&qA*0QAHjmvh#iXpk
z;^osW!WpXyPhQ1i+rl3oqaUMWZJh(GEip4c3bc=<a~mL;yVtO;v>>;eve1XiA}zWb
zII_M#dHC99g+}i2m!$RlVkPVOCFm_Lfp4)Gi}b{>GH&*3=&XA2rEGV}xcs5>m5wSc
zP<~XM)cpbABC4mOx%xYgOXVT_c2Q_lS>%<$nL4ZVYxzl7OdDr0A~Ld23YJL>RX{K^
z&yejk7nzA7G&cq{=K3iy)x1=EElsq61t&OK-oPDTa&gjnH(=ZF<2@<I^e3Qi>nqE@
zP4zq%w=Et7Hk%%%SjCiY{epR>O?yIHam>v(HL#pv;hvJ+r&yw=GuogsYY;)gUEv+H
zO_xxNv!<HaG3<Ivxs|5bm{^yAfSmnyw*c6w#&<E2O~&_@{rf3W*lk2GcA~7!jhVv`
za7NVLsD|tdy)hIZ>`O3~h!zVAA)HK=H?VQVKF4Q_@-opd2B0|<ES|*C3Mo$G0)3}T
zi^=~<QQ3QRubsJiWZ`%zm)eqA5}oI3q9zMC)2>@=n^ZB31F{f+ImI%EF&12FZ>S%M
z*5qH!nLeRxF^RRm`Ls0@*X6>yMgSv-^D;$*K|!gVS^vh9`?&~SA34L%Gv|GP0s8|x
zjvxyTaxAReSXt2)6cFTY>T3zPVaUT&r>n*1f|XSn_J*@f;lSS(4+l?)Imtg*XRLU|
z^-V@CL(cGnKC<BL87$<fhv-8jFuTp;Ct>ChlpI)#0SCRC(}^K8Zn1_T42_A|p*O)W
z+Go*DlSeWl!UOSWcZ#87O#S}K7<p2_?gE8ZNY6_GcMu>bO$Q!k^@BLa*Ut&YRPmo9
zV3F-@{*$)EKNr|)%TKVnPxP)I1fOcBv_P^f1C<F^h9F%ar>`tPYlmhDhK|*oOt~$F
zZBkWI(6b~I0He{%d>dM@$^kQZm<1XjzNApJpogHsK?UBOwL5X(M$tFXD^dqC@W@;1
z?Tw5Cr@naU7k8K_xBl*|2QTH0U-o#xI|a74+*jR`!vR+Ujv<M(s7P#tK&2)wj-cz-
ze%rY1M<%!2@mRf2n7W;BhT}29nWBLgST^}a0JMO@6fX!vS?}2jvgt!Cq6WnsicS%*
zk3$q=M0_;=8}OZ!3<>Jkl(ZCpl-EC0-M=|RJ8)PQOuK@PI;?1=s_z)|^}0WBDR_Lo
z@cQj(*fL_%k(p#s>ifz>3vrGHB`Ky9v?%<Sa^AdAv5INHd>NlZ??z$F*~*~{tPWNA
zdR%1rwZJP0$RwexZ`w(;#xY49QD@DMm4p+@j)GM~n*>RU%$Q@L=rUpdL#@XJ+E(+6
zpJ9NT#ycPp_RIN*rp0#6ZDd$Q4n&iGNY!-zv&eN1%!iqmRRL>kC>!s4?`me-`^`D-
z;dpO`gN+T0^3hnC?641kLV!|=5z_>sl4dC4oJX}nv4m;G(}|Nr>xP4<3*Y3uP@Pf*
zu?`B2j#TjE9LBu930{{yejIm2UVB_3d><3K8ZmG?YN3b`ERgDYqu$E(zRUdt_m%tk
ztIbhwh|zY9$e>*5mhb1vdFJx7iEWSCs+ZC#)*JaZiP{#Y6-y1N3pavhm$KC(DJ<)h
zl7K~qE|scM+@Fzgs@WrUyHd&Wh;>-uW-kq)D`mh^xgt*uUiw6Q#zk||qr^wBnJSv0
zqu2mGrs$nnsjMwxwfrW7c#~-!C@s;Bq{G(jXt2T3rt>02>$=q)CXx4XJ@0cnO|1Vq
zceHK2(m!Q2cy$EtcVk89P3Jx4Q=O3AwFF?7rb2$4c#yCv2sZc=DU#X^gMShvJ85!i
zQs8x*Wt7v92&}hu6v7^&4w4QDKGg+O(8{&9W;<R?CN$P-F4+rHDBITK<aK_P)xpC7
ziF@LOET5}kDZHC4K&CE8XQD!AT#BEuV%c1fbaPT10#U*Ass%L0N7P8PB8Vk6HZSdM
zbE8GUoW+uV9ZhBZwoz(TqIGH=;~!3AMpZHBY${C5w%%zPDO5eWacW5GMFMz61yw&W
z7H}7{tTS^U)9$yH8Kszuch$`f$CDebma|xrN-y`PmVq#d0n98P{Zvzh-J=&??ygR$
zt#?nj<1+(D6~AoTBC?UOfT_G$ddwo(8b!({(@4?$xYHy}V*lN`d<RU<kg?#@M)SM?
z|MZ0hsc_;W^p08*dqi#)bhAmyG0M^nZR4<LzL=v(<Ad8lqq+)ix<S-ZR!Ox=x?{*t
zA5Ye*OqS2r@irs1!^p7!Z(==h66gU7j>$a-c84k=J!}4HKjEZ~R$#^9<TXRZGQfV+
z`XRwlRJ<KWHrV}ZPeUnLq}**>%j5Z0%tQWQ^Xj;XI;$979)<kciz|^K)+&mI?L_nW
zzxU@nlF=Ar=RDkMgACYWs&Jj6j$qzVQ+Rje(lg^ZNub|Vbk4dF!s28|q_PhFndyb1
zb2npof73LcPs@@7zMfXTBPo0=mZ(DYc%8q9-YT;^wcp7`ve~xVhnLQ*HE&{AUTWmZ
z(<5tm>#R6T2}V|HDR*Tys&iU@_NnlE$Gh+L!RWHuF8IAC_F8#*0^H~W<uc~j`wHVF
zO&A+U6pWY|VQ>p%i;@NDwGp83-^{U%O*;5@|3+01$1{a`y>#6-(wyC4w-pvX6{p0w
zJj))a%?z<0zpbxqybI;?m*wE5{>7dI&Y>Jd<p>zVR|$lul7O`C63aItD2ZRBI<AqD
zcAhkEZl@-g{Je|o`Eoq9-O2L(UhZ(cS*<g=VI_t6_YFM_P$M}gQRh3z>-i$*>;6&o
z@(q2#1K4@B+ap1A7h9z&QZHl6D)gC217XTB|Lyf@<jvg{IhHe4tU5utbWmN?qvLzR
zWC)n{+<P7fXRj23`CJ)uZPbsJ8+GD0yYH_wiFd#mDm`c*fl}#PA4fQpmMB1wFJFqp
z-X^`hACIAqqS(|68?^7wLm7#_%v_6Ox+*#qqv+N>EE~}kH9?y*Xi}F-qT=cE=`n*#
z>wn*`7tp^m(8f=tAYb3B9&mdtLX5o+ETQXoc9(i$XLE@YHw7&OTIPca34)H%h^b1c
z;4fS`nL(UNGG;YaDO!*~LZWfRSS7Gj(XKI6N{o&mXW!SPenWU8_;r+@%kDn-03k(|
zNn?~<IblvOmu2jPK@*Nt%m7f!m$lBz@iE7T&D**fZ@u}t56Y`ht=jNS?(@<#CG-Q(
zw2k($(&&wJS5ODyKiwEi^N^T^damTHzaq1%bOv9+YarRpO0kANGkyGKOrxc2HJX0G
zfWAnvUZ_8xUI-;IAc2UInUs`ZSoTtQx;X6-3q18CPVB(4mW5xTD_I_=G^R*<mH+P#
zqZDa+k^T<?+pLLf#LY*&Rbb#H6sZ)c@Rc(40{w2;=B2UN5lgp-;@P7=%**vajaN5!
z{XZf1Mt~Zhr^DC$AB(LeJFB5}N;!Gdc@V*hR6ct$UFyB+ZU*iejaa4}tT2?tnPgp0
zIiSm25o;J2-hHvy-V7#uK9hWo{$Ed<jkK&{;9is>E!RkOb8U+9=-^nsvFH#fnU<3=
zl)rW0G8i*WeA67F!Mz+La64l{wwt=L3uqE65^0PLaV<8NtWj%JPtW&zM@-i+)^&eI
z(f4Xk^V0X3@nhBDhf0O2&xYI8I9M~=?z|^#<&IUZ-b<@|Dzmq0t^LUWTMd)SOnXJ;
zy5UUv0@e)JM&HS&d?JNBASKczWfLZnSh9H|rAdKU@L`<hk>+3>{J%<fW^z%)!J?!L
z3Q*xPqK-uq)9;uSUF=xAn69uMpQk13jpn+)8{3>d+_-@}d0cR}#tIR6A-y0B>=2p2
zQ6otnLn7g|Y)`dCV07IE30YqPn?SKJzGFUg>0ot?3bhi*ki*9Fnut#prH<4Nr(m}I
z)R9fXa~><=;IY>eg~HAlI>a7-CBr`y%Dz{>DJtxkRd)`%j{HY(yMKJ1!>!plp4Xc5
z#dWOTt3X<=4WEbKUIJY#_+6+RAjVLmil7tYk}4Mmc!eK9HS5J2(~PfkjbaGw14D!Z
zGr|Q}*ipD9rH>Zs@M<52dQ|xsd9UmYM(z#0V!ZeFx#Nh=9+4pKH;B&zVur@8l|v|Z
z8xih<5M|&K2;PgL1jiU9MXMC)*GVa=gEWy1GLTT|Xz{dw!Y}}kEk_Cg^}larE3a89
zm*wnCjTR)r?DL&!T|pcJ?$`c!jT1vDK)Q)qFe>+DAg4<hNy<ox&t4=O#Oj75DmbhH
zjiV=0R|Ti4V)MBs$qpnI@5O_Ym=q0JC5$txAJgBE`yA|U(|mdJXd!{hoXB-Le!IGM
zb+7bwZf!jEH9L!;0jq7<b@}}GV#kK?={)UTr?({1am;Dn=5oeGUK+46%aQx7G7Y-c
zCn;B<SXQ}ECF-LzN<0$}L$`&fkT)8{3Jzxs;IjU8@+ErW2r{@olPbdU%2UK_IN;D9
z!D{$039xl^-tql<Vmq0;ebK|-_V^iSx!P=TRjYi%e&D|>TeaB?IoTU>Gr06$9bm_4
z7$ASvy*yZbQFpv~*$I?Q^^@)Bb)iJGb_f=v7{DGOOjaf|P**LIjibo-Nswx^>O^%R
zk;T<g5u}Yp8-%=6)<^p?!i(yH_xuLl#)A3*n;tlj8}5G<@M2aSJ7maMCH$P7WfQVR
z@Z1LMtSPF?AyeNss8*f>5aWZmo!iC5TAS4PU0&|G;up7>Z{ls}x5M50vX&#x)2yx8
zjW%yAG}iW&P&f>8a1h1GHk(Jw?`<5A@Lt~4%IVZiU4;8$lIm$(kqyfc7B1)K2wCE-
zPoYPaKsm=s+{7`S;W%cXp{Hl*FGM_xMV6>dn&z~hu#Mnhx5s7yEu%Ei**wwcy$<4q
zLPC7ciG?;Jwz>LmPUNG`#wjTUXhtNfPccTRk|l;nG^<JyVC>g@%QTafrwcP^b?`GN
zPHSi;FoY8)?;H%I*EzOa_SZwe8QoZ4&Ss5P!&vhzZ;L)DgZXUy@yQG|h2T(>XeVJ2
ziI$HL=|4g%tVmoX?p{jF$QZ1PK#j$(N@Y}}uq-4Se@(fA`T#jO)X<#l-$Rou0Cbu3
z=@SB(ATGAo7Q4K-F-kPWkqE!u{Fr?_VpH38wH$b@;rm`#>nvEtVH@P7(P?bAc*sZ@
zx7uWS<+Pd6-sxx_+44$O;_Lob=DD0Wa}~iU`0YAw5#b)#P+OUwd5QB9_^oM9V?vxR
z9_=JQK$yNpJlE74LYq9%M1#vg#gcblH?qfIk`3`}3pN%`l4TVzP)5dLGBFNk6Z!Q5
z^}6Uji5m;!gVu3i@3I?`+7W7)Q0^)_7}DLEeVVX{&5}29XC6$?!v)mON5?`VLn<>l
zitmokMz@j2b~=DdV;;$Zt}bR#KJce)oWKahAQpdvz-aV9ihX`eToQmp&$sLrUu9$z
zl!x_Gn2tnN^5rb*QUVohiEDbO=&<lMk=jglKznK^_M1BjF?XtWU8V!=>aLkCyQgdK
z7)$M1na}9`B%Ck1<7K%6_8`YhE}OmlXRoEgGDT*csqG-+h-w9xMJ~tfIzD+0S=JYx
z;V_l#xUew6XN5_ZKH$)9*Pjw|K<fTO1RI*14jF}q)Q17tlX@)?%tb@b=LmRv9QS+g
zbS&`>(;3z$@rwotFhe2$vkqH1amE9ZVYt-Jep8)4Z_!}bF^%x^xZ7L!rAhyVx3&Y?
z1OgOeaTXfL%zgE<_nbOL%Ts!eyZtIX-IouwVxQD5_N&#;(`p7+@B;iz7Qi6^0tF%*
z+lV<Mi868Aih*K^kv-9l5l7I8i3Gv!jSaOnI@7p1oR$|Nwix&%-VE7l7td{s=`r%p
zSlMbu#fRL8O;9gd4>~{&M(+c|c}u{qevx>eeVPIVMv->^*kKm8Ks0h?(tyKs-e8^*
zc{xnMUv+ND0Wt(-A*5QSoTzjc?hhv`R-YfIO1|bdW*<J*4`!{g-TWq@qshhm)HJm8
zO!KKFEUjME{tV~Z^Kik4ZDT=k8kI~MQ15~fzs3xY*x%PFe7s1pw}}}e;erIWWOYnF
zlyDI=E%)c>cCd$=PZ>R5>fXi9cZ+dHTat^G!kxy1uNSwcp*$gYHk95CXfn%D4+_L+
z(muc@z4nD9V3s6_RKFzCWmpsB56c~tzL>Nt;2W3W8RJFhR9}_H(32jG(b2S$LOI9H
ze>Hc*X1<OGIGHx>mIoH3JkJuB4SoM$p9V)-=?rtuR=PQz&M(Jacs~y;AESl`XJl%{
z5cy_MqZCyEb7}w%E_I3LVzBdPk1~-tB<k)K7CAg}44WR6gHL}*=)rkBR%<Inw4P~<
zVt+`#&!bpkwck}(n*FeVtD?U3adXMMtxm5Q_`3F~d?JQ6|K5L5MewV*F>wOt!juAP
zZtNNN{Nes!Q4hy>$`=Dz2#o0~r7SI57KE{bx=ino$1$Ge4H<I8{}<z@_WV!C_zJ)z
z?+rYr(T#UIxW{NbP4-x5d3@T;ccgpTXIRBfjHJ^z-#FP={ywmgzg_elEnP&FphNB1
z?2Y+N^UW1fmqBE%yjAQ@PqM<H?cRm*ja@lN9l7S+*-o(oRkDnz64$Pf4aPOL+V=ZY
zlL345<k#Z7d>ct0nV?Vt?nr-(ijdN)>k$er^~Z-l$iy556W)M>u`it+mMRW3HL?~l
z^v()FH6Qu-_0%^Bnf@ly4v^9$nXpn|%!(sEM~VLeVwtEPy{J!s3zkWIfI}or1gX^!
z;aERPFNlOZxI-Z*-|z4_q88eFfQPK#A&H0szaKJ*&|NJkdD1MQMnpZhI^m}Tykf2i
zvJ0Fn?<j&6VL1;X!j%eW0x-T8vnTe&ok+Kv23>OtNqre%&vAYDjznZg<ddauw_cWy
zk7yMM^4X2ZU*FZ=VK{j}@)Z<c;VSy@j;Uh<(gH~8>#pweQs1?<ucxwQVS|Zh^Z4fZ
z&GXgkJK~QT^T~&2KQJu?IVB}|+oJo>EPvX|eLQZ>%+AqOTMS&Y9xd?BfgUQj*e8!4
zw9|tONHmC77u)_#%<Z-f9-pm~p^m3#-jrOt^)I-91`0-mgMV_rox{J1W=^!(4^prn
zs~}=D*wa5V^DIjEZCBgTj|HlWzZRu$%RYNGbD-t|yw3TWyiI@e5DGNWp6_{P@qMqs
z{pex9vbEKR!tVqkeR0?F@;ZRye{JHmx`A^%@SVfoAs!Ix<VIwCrSmN=mp8Ss)`mH`
zj1o{L)h9~@6c5|qLk5sAeOI%oM^6YtUW$V}0oE?a(}$uw`)Q{YyR!rH*~xn|&u@kg
z*vQ$*v&|}xbxJ#nT5R#h`j)`f)knovj{XqL08LxT^DllFn%ZCX)wX`T;)0GZAHB4+
zK`^PSAc@{qCiKo2>N1{HAj5Y;oHwIG8#os+eT%r4cduF(dG*?=mPm9cCmalf>5XNi
zpl<mRHbCX}eh{2^adSz7z42r!sLp@h>%H6{{B5@@?}QaXK6Au8L6T}_G_U+@b$WCx
zj2glRlbXK_?7MxST_-z!ES~+$et=;-NGSt+L=aTJ|8#)<OnpD6D^0oZpGN3w@J&m6
zjW>9>7PNI;zjb-|;8_dtA!B7QefK1wRr_07|3h_Xw%BTa1%cC>pf~P}KX!1FgmQF6
zSi)PS05RK4-!+Sp02c5?rNs>o02vSu8-9W`lUk5nMrZfttlnT}ohG#ePJ*^@88Q9z
zBXB&toPlC*c0ZiKdN<i}p8W-{h;gOhydVHyo0EDam;jR8OZGv}@Dv@Thbw<*!`6LO
zkhr5Blsba*N9444C6i}u0uZ8|lzFlx8sYOd+s{hf`3CA>*_#JGSuF<Q<E@ie?}FKn
z@OyFo@umh=dzJ$8a@rbO8|;26UHx>bF)N;_%I7pt<TMU6)&Q;>*z4G5BVcwd0&e+{
zy{kja!*AmtKPzUxlY{IVZ0%nb?K*ze-0u&y>CUlkEjmyMOQ?lyhNWzrF-gC<0Kwtv
z)9J9t6_H^6?Gc2`v6zywhHvpidlWrgW$ktCH)}$-*2ybiUnw%=t}2{cV`%qbq^e%v
zxYa!qFG=avX0wO0K;ucVBXROP&7l3uoU0jLIr2X^d&eNrf@saMY~Ql2TefZ6wr$&X
z-Lh@lwr$(iRQE)8zn=Fd265uV`IT}0WJYA}Tzh@8MZ|HbB0magbK-BqN9Vad`$a0x
zkt(rrXQGYAe^kZYLdi+-BwBRF8HLV};GpqU7r&{7TAznKDC(rhl3BSzTv(HrMeY0K
zr4!||2uofgIL&3+Z5Ac279aN4ALT9HdU9`E$}_@7nZ-!%`^aowT0=qgZD^Yexa#+P
zaNfd?JC%C)?RCPAi^Iqz(V~;!&O-^9K*uKp;$pm@N?Bu~b6Ds-poG$)e{xO`+XR#X
z4GRiQl~QQp>Qp9yw+il7I7t&kspcToN>fZ?;!b&O<Q+dzki{;w(zzr3b?;Cr!aNND
z))6UX)6VPts`W7*R{%rT-KcSR{n-eTzb2Wvp;`Ocy;&^!VfQ_GvcbtjIc)-3aJHRC
zK~2L*wV-Y1c~PW?jBjZI?-X~vnH$GCkY(9cO+^==Z$SzJGxA&kA6w;^Y5bKoz-3`v
zu{B{HA^<9a$wD||s6nVY5#eW4TKB9#WwQmKwCoTHiup5r?I_)ka0CXPXPvmKL4Xdk
z!9Yv^{Gr@b!>%06WdEcv=Mj8bd&hkJb&dJ*-8{I`ZI`^-n7QHh-Q~jSto;Id=m+h*
z0czGYYeVSl&7TRL!8l@nsr~BV9jo_!9#i`GP4Zl8%Gq6v<#pI-!qeX)Y8m=oX|VZ#
zHr-+KJf`}a=`8J(<E(ilS_dgT0Jdw1yr{TV%&5p~_HK9nA#K(UsL4m@kfHAmz8kKu
zZlVOw8aSHzj(!m=;<EY;=+hJK+w=X^{Zeq_xc+jNVUpT)RJ1F3p<|%S=C4~hQy&_m
z|E)GxcQCR#Ti0zE^<4TzuISeIX?A<+Utk&|5yO>kd;%T`b^$IJ=pBf3j|WZ>IBajT
zr9X*R&AaK!=8<;cN%{^`z^&wS+E3tuKnBtFQE}xxha*pl$&KsHIF5=-&f9zG$?#6>
z_&LU!V+55$?i;Z7!N$}5Gxat32vR9bq6U1yce~g(H89mr=@fvma$~;rXMJGX+cf3N
z^_t3aPP<<lX4LLfMlvE}G{04`z;&mkVzS$|9Y{5g;kM3lumwvMlAY%Rr&+(lWyN2c
z_R=6&yKKltKXnKUzG=B?OTD$h>!dvk%|)Vd#(){hpsAO!#dfNGXPM24w*eUKs`nWu
zm@{oR#+ehnQM)B;XL{bZZPiBF{$V4cnci7bvl*<VUii1eG}2pg4^?F~pRwJURu838
zAUI;zBsA7=sZVIzI|x9aYx;1zlVHN<qLSgGI9l-v%a*cXhrx2S`^BWPBfO{Vl(hL&
zq|*i%m4$rqnr@X0VtNVIm7$r1q^(k#0d0dAbfQ^67kX1PWX52P-!mlxC}1mXU#Gry
z-KVN!wHsm^de54Qo=Kc;V=%dP_w4>R9m|C}GIp2Pid)SB4Qwwt?ErUBg5VDX%i_i*
z+A-XWaZp>4YFltyI{P*2`CYn()`d*dN^8Z{Q{XBo)lfq(E+c=fMQe@!haXmsy{;Xj
zw@qf)lynM`V<N6)h7-v;DHtKFpjXkVmrF;p)<(W|$x-9FfOQs2=~gv&0nYOHIG`*4
z1Q;SQWamr(i5tQVdfG}_h9)C9mQ86m<vE)0U9p)7kvo(lnn+PbeyRCh{xM)wi@VKs
zJBo7QvXCTZMnP3s_P<hi0Dk~)fKvr<s?z>HF+oIKZFkU-dgw>TB80cau<O9A<2Y?}
z=DVAA#7L<0bif+%n>z24u%V))33UMYdccPRankw<#H>;JcmZgWgi`t}G58$RFtLa!
zeCFb8Xw;Ak$4F^F$iJQFBF36XF_M_Ldt$VI1%AL6z&4%!D*)zy_zKyW*_i$(i}lM&
z{ZHuQzeh^_H{IZW<tr5ZKUpj(a|2@seJ68U8);h`+yCJy{6(hzm!^>E7jyYF5&rTi
zzcN8~w*QNx@PBbwY>W*5fy4S8@E>!}e#iaS7}kHMRQ`8v<v$Awnds>L3uxs(8tb$Z
zq-_KE5JGM~Be>TC{k1`u=!sF8?`C5cpTY5?QVOYzh5~=OKc=lV3c<%3I&NU#F9w(N
zJ!`j+d)o8Z=L@H^tZ}qMGc3ijPUqLeu$Ek=kX1gd-aVoWbUizD$<E=QxhhxWKaXds
z6FVx_ig9Ef5r$~1NmkY(|9LBk_V8>E-$i=VCraekD^X{8=ahJOReMIXS@@WJ*|Tn)
zbRW{*`rwIU=vc~|hon>+ZpBqx1?M{_Bw2Lrq#~|8@2nBVCoHtRRc6In;7KDTCS}7q
zYWOQ2djaY|nC?ck?RwFCaM}@M2Bapa`>W0;GGdJ(?~0D0+mU>D-l{ymX>%TfzN|%(
zy`Ks(oE8l6uISy-?&b#aS~R_4J+AcO?Gy$2!lC{IsDCQ9p6$loEbZ%3_3h^zR6E`7
z1Pt*S<K4}yiheRa((mUO>;!#?Zin^o;}Lyha7nlNcCLi^4r70^?%Ms>vGn;403&>x
zM**2UnGPyBI!?!;!86UEkd`+*ay}f;<wyALSPhJJ|5wxX|D#Fq|89Q%m$Vks@8tRq
z0cig%1nvLl3-$kV-2eFB|Eux;ndkcN%l3ccxtRZx+L8G`s~wsDAJvYGj7+Qy|8b#Q
zc|p1%3$NQLtGdd{&TyxXc{|Yv;1kmmY>pGh@!<!d3$ST12{I7yJEQ@F7`34S1w{Hm
zMnK2|0wNOCr;%^p@eOkOZ5a<aD<f+Y-M_U}2+V)lD$g7OIB7e_-njdaGA@WNY2J7%
z!#guS;Tj1|An;f3L%BL1uH5v*Ab9*Cu%gY@Es27l@`Q}}0kUms^pF_}0Hq*-Kx7k*
zolbA5eSG(x`bE5IM9tg;(nqxKPkLhULS~<;?0m&AwA6A{&UZh7GDnh>7q`B95QiiY
z+xq}-B~Fx4I(T^&-`NBTZu~w%|8BOZI&PZa60GR4sZwsCWWS?XI_z}<<jLPCt1c~1
z2~E%vH5#FJ>1rR8(RB6Zggl%<KpNY@4n%%4_UDPsu=hjf%gj%J6^vQctzY`UmH7U4
zgxZOjsksFqVW8mr*`TfV{q*yP3`9yysF4)M$z(A)t=%IMiD~~1nX7(`qBmr07>=IF
zrlU7ixIXN}dMH7bqRwRT27BkdhcC%fae~pI&G$CL+J-ePvU_7`ou9-Js*vN>a>u|M
zux#VEvu17glj$7=bBek=K+N`2*rOCE0fqAphn^+yqsQjFwaXeM;z{KlJb9@4WdCNv
z9ACK~c_ZvbElCIs63}Pu3{6yJ<K&1Sl>6(0wv=BoMn;^By*F}i@<_uj^PC5-j}pgP
zSqFF}6bXn1UM(QmHl)R)<u1(@)7)PHb&WT&aR=FZZQhBLCGdijjTPH`pvbpE|LEG7
zfNYnmN}T)`^ivmDZAAZDMQMU)4>=`%95%?(kGqmN!#gCNzn|i{-7lqo9Mr62m6F40
zt`_QO)#j7o8iBRI#3|r2YExu;xZ>5!2c8$#dX|kZViwG=D|s4G@=hQ(s~c7EbQ7o>
z;zls%R=9l)-~&YhvC=(k0z5)u4$+Mkp^9%otTUn#RO)Pt&Pj{aUpC+kfWHN#RHQVb
zFt5$75gmsQd=7s;hy{RHq=rrDm2+})xCflcw%66(S9D}d4LMfg?V;BagmgJ*R*^$~
z7cx{nz`%OXpg~eYi&aKdCkK(8d@n+As9aG)PAAelZ{Fk0VcUsEC~b}~s5wrpEI2mW
z=VrsEo0VMOVB4vv=&xfXnuW=nS}Th&2lhN;E6fVxNWG`i94Z0ocYUNr(munH%th85
z(RHJT2n<kjo<dVNEs9G3>wKPGYJ5-7prjg7iUXH~1@D?YPJQ+z+gkjkX=LM&$U32<
z`=Yv}00*y9hSPCPPbuO--*;>PEjmS}09ewlgIM&YA(sYCBnJ{D%))`(AXZft4#ll2
zjs&JNDqI5maXMZ0Q7ROlqV?P@hW8`v^^9%j9LiIOUAZNes)IfLi^hsw#Ex|;@9qWv
zFc`8QY3t`83#SER^ZE+-`Be&5_*OawL~l=_TlQD|fCtYS3O9!ty#^J{5_NLQdFr?%
zY-F^gwB(c|wPcl~b>!6)KU#p58)^(v7TnKb5`lT($50V|28yugoNV=T_E#*6&32FP
z1E`hijP5JmlcN>UO*W^;<K{?B&+{0|lXH{cmy|aw(>%OWf`@Pv6e7~XE1}U~PJ4ZD
zS$=Nn)2EWUZ1Ff)dPW3$AU~=#hd9})8-IdRX0)9Mx;1c1Isr5`BBaMQJ_c;P&V15H
zt{~~fSU9yq-yo`HpY$Ki%g2FOA9N_2f7@Ua?IBaWe>9`$dWC2;n<i3q(OC|r{PvO-
za40AM2NL=JI;re2W+~ry2WQ(}*@+;#Xrr?EPV0sxEF4<VXpSam-%D>w_bai>Rv%IZ
zE4UN1Bx#aUp<uRtw0Z`69ujRL?onSe-&+z$?LG<}!Uj-bJl+~RIq(nWz@rKjB6JPx
zG7aaeVNVUki}9$0Ar&~)DP;19#4rhAg(ebwBAB<*uVoHJlc{$`&LC*zOP(YQpO1_i
z!qPNMXoW%96QqvpkRL|AwR4$Abn|6fkc*J44os2Y`c%`YW>!=zcECDDDIa?%#iBV#
zj$VBt>BqM!X%%XgcW7&r>Xz$L&9G9@v)EY%!5&kaL3f94NHyQRK)*!1oL?tuiAxXT
z9B=Igx;Su-6?_)->)6*^%bS<n*+0~@l8rWeG740DyE}5eFt{iB3aYU|`@e_iy@wXS
zvbEPf6~N2-KI&JzKcD@)?K9~vt_dB_zZ99wFS4UOrmc%XuZ9I#k<T3oMZX`l&QaQ{
zU_kO0BO{leTuCKb5A5NM!owxPqrUlP>1mb=I5RS^BzTV)cD_kwh7c{jEE-yXZTrLT
zlQv0BDQ*eO7lE=NknMwD*J^I%(<u5@2gu&9&neUrfkW{xRihsczAw#V_O+owTZ?>3
z>1A{+wem0xj)}`aN*`XPOv;7GbWHJRF;+J$Kit0Gb7_gW48_7#z*)k5NUsLd=`&$Q
zi#ir$6$l1_XeT5U%End5{pvW%GnEP6)ms2Tr$_BzhFKQPhv%X~7Lf}j2j}GTV|3Tu
zXWc%_+G?g~zNf0rQ}s0NvTh8u|F&38EweDXK1`nIU~#?n`hjr4Oz1fpF1oI_U~|-F
zt!pnG!H-(<DPnV+U>Y+xm<%L^*@@4b9a117?qSpua0R&LFS$|Qs9kAct(qKc7-(8w
ze1uMfgdyOJ!^cl@j3Fkk?X0iC$y`&(4ZF=~g}=8vEcax!d`OLcrc>*+#&}PMafI#j
z(Nsssu`eQ6NPz_Wfq@*3e~-Tx8xSkt=ZA{fd!P7%1^!IH7M}+E{u=lY9sGM2Pj6pw
zv=p*5yhO_RgpEx$p6`zy9-bB+tR{{CNlHMR1ivssG87xrL*irpS^wH`ka0je2p%xL
z6_OQYzS~Y{$L7K@cv|XXZywdMJDR|EYaSR{Sp1sk+~#Rgt<Cw7J$Kd7{eCc+dXn6I
zu2Z-DP<k=v`E##wM&R@4|NR9GrL`7+4ER#D<-*4C-qzTN!74Ku*)+&hz1q#2Ny1=8
zPCkv+?{XL#(iSioU_{^<4~rL%X#{MSE}F1pGwq<pDcUrk8=-0`+T>d32S<kIwK?X*
zI*(!Q_!>JX!^b>@nw4TP0DWuVyfnCOn#27hCm2|(?QJfo`mnxP#pyGGV%^JXX2}c7
zZWDg$*96`X5QdA$h>A7Yta5;g;fOTOd`1GS-9Z%0;d|?%+w8hp+6agG+b6gI_EJz8
z5U8{P+e_fvUHBBkiTTpfWXz@hvtO|}U7cgU;cDe;W2zc>db)m1@s_zBo_yS-SAv}|
zCt2;3i*^Szvj*Zn!je8ZI!qv7lqJ0@>>+PUR4-&}gr9FYXw;@ND;ZZY2g64@3U)E(
zGKG`Fy{3O-Kk{3JtYkONVdW`BFLN+fs|{{ArAh#m7JZOs)`)%Npt2{Nd-!Gx`#ZSM
z#&v+LHM|vb;^-QO=>yo>4%Qi>Y0{b65zBN3m`m@0EzXS`PCU1X_{4=)LGvAl_1(d&
z-BQU;lGYJ0>K_Swr{K)~fGArL{3%mQ_7_T+wN)TsBW`VuRIKXw>Gd})chZD43L2oy
zQC&ajhC*YJ+Y^<|);e^wf)+{_bsPIT)ed(iqR7fsp*gV05#OUyJa9-$Yh#&ZKYYkG
ze<F29>l1|aGG00ZH}8g98(hd;H(ZlD-v_pa$ma8`&haFs4~za2H4q*P<aLZ36~}%E
zR2UuT(WH@;&x&y)X$es_v{^XN9UNUA0J88Mk)K%9gtzx;D$%bxn!@a3jh3^oT^Cf>
z1j`0X##`OkLCwL<L8v|fI~|*uV;bcc%2l`(S+(#lB`p;#7cHUeSmb2ncw|M4Cdx9x
zHo{yklTdX;J7+cfwSZQuZMkiNt$@6nyimLXvO10qj(nApC=IkOYMqoiDh6AH>a#sJ
zE)*%C45Ae<3@byly?E;IW3uP<*4ISEwWXysj`wfMo}qRs-OFf7{s3t9iOKg3C{2^o
z-R1g1=)Pln%FSQrp4Zt1+SSx*NvTaVv=#9y@K0`b@J=X!0&Rj_;Fa6srDA4=Cx5`+
zLcOf5pkYpiz^W`$MX$BQcM@m!F`7V<LCkup!|S+X1b+_OoS8d!yA%rHfK>L>55Dch
zn(lX_ZQ!;<m#K3F-&k;c`*T6B^>2S*UN)c4K!4zup}}3OT8xdmFf)^t71xu9BAU6u
zNHLax@Jw^tp6gkLMx|pDf>gfQ1CMx8y0Jf+4EMzy*c=%U;>ob}6hIir=!8;ePRlXZ
zys5x8XK{rm&SJ9<gvUmN2GE}wd#U9kw`j1wZg1vVkr%QRP@ysvyo#ou;f?~`?h#n4
z$?I>-Ev=R)kPq*;41jK?f@3tH5N&Bwe3+9}??fExNpVTWC3gWP4ZV%eiMI28Zsaqz
zp?Khv^KMI3U*CX60zxkR&7yn<IXXwF=n`;i)+5;$9HVGB<kYAj!+&yS5a$%D*|tf;
zfa>@a#CqI-Uf8jQ$pdd+?S*ilkw7XR-jZXIERWrGMed2uMNEho{Gtv<AQ{Jy>Jv_d
z3J-{NXgTTvp+l&w0nS4|?C-of5&lxn(<MbHw#k2z>zA_O8t+TdWXzxrhcn9Msf{N;
z9Q6}2;cZR{_~gma(j;CBYYw{EF~%nim8E6OKAl5)Vg8)CYS%!P(170NXkkORcmiCy
zaNI7y*T=?J&*Iv4>kNxxSBcarhZ3N5dZZ*CV-GNIXG`C;JqjvMqh<DL@!lS4%*#xG
zO<COno-gA4POb-`ugIDM-Gh?0E$wR@&g_jb>h8tPp2k<8H9_}JLNBTyHvzdtMKkD7
zeR^Ef0&FRl^vVFq(LWJE7JC8s_2b0vLn`DlJ!hve!Z1Gs-iCAWmLvHMTVZJIzS4*{
zSkak3_?Z3{vw9%k=&#Lx>{$GGLm;Hqqfosya~->in2jV6>NiF}F@-5wQ(0xs^`>8!
z9>zkMb*1#KwqsgS1!Ek6C=Ug5Zm!;qV?}Z2mWN5)xoJ~(Ch$@(0j*kfIv4Z&X&PR!
ze?U0;A=UQfQ$WuANO?;iw7@F1i)I$k&MKY)hE?!$>YJOAY1<d6IC%7V0QaXAN^_{(
zvMi%y_8(b{;;q3j2qM=^_)!z5%mf}Mtbow;8u{6i^%+j9M)8^AOs7JKR2s&}FY+Q1
zs5*!Ao|I*fD#BqJmHw^nljn{!@>tlmfYwsc2Agb9fq7{r6MLb?30xFF6Cx4I%SwGa
z_>EaauoR`&AB{Own-}{ObE(?UQ8QYztQmud@qrrAVNn6Dj;Xs>AmDStz!}!EuOfvS
z;Qv)}6Anv#zc4&P7mT8xX6ohY&0h`4XUZHVc^K=ba}U!GvrjW`b#EnEONr519cl}U
zbanq*0OMWEHJxNV-P~#gdMe^Y#F~6~=Pr=PrmRXXy&xNSZdPs|;vPaWqY@$6#?ZE@
zWkXR<onphfW1}8<y;#Fg$xzK)#az?0Sz^n?gxT`1MZ*Qt1rv{%*TTH+YyG+Us(uQX
zg*xqyFB43I5tH%anB`>Kapc&Y9keX|d^GiL>h(BvLPxjJ`STozr{w{cL3Uz8W0AIX
zC?6+%RxVW-<VTO?452P^RF*|^W)>555MPmA%Brr`kP<hHpNcDxl*};Rk>e6@?yI%2
z?>TRCf9bDEwS|pEr)i|wk672<CcE=tXwJUs&pnOJjo%YyuLv#@4Ik{Sqb+Q2uxBJd
zbqPf8=v(eVcCQH5PS|z$)~X_~P%ub3_*nq9{8yFfIw!}+B7iAp<;joF_Ir7iEv()X
z3Lq-^pb1V)m~2E2wycSE`oD*G)skcS#p{ukZug05GPFyb$8Wqv*F{H1Uft%_g5x?O
zSWUE^A27IA&9|JOtQr`cdMlqgGD5T6vw@PIgv`f`$x3G4noc4@yIJViZjWZX`)4f$
z0+Z7@0oB&&5cbJ6p{%sL1AGsO-9aZUa$X^{2sezh^|HFu;l({2gV&i;tkE#KS+;nt
zAgp4nndpUN$D(%QOqoF@5s*lAHqFeCl1N-F8X9EPJ<cJKPUTJg+Ic88B#GbP6d}AJ
zmFhC>u36?5oKGK+pY0+4PtR0Bgl?EI2;Z2cu9w#LhEv$Ns6VG@fIAd(q+v<?@u=)L
zX71z;XOGK?rkpeDJ)E5c>G|9eyV%%jaH&+plIqy25xWUChc?JINnD$>ty7sxc;JZ;
zZFn(cf_HTL2?U0uEr}NHp;kah5Rsa@DX$A|znND~E5U|wh*n1uoIR(Q(_O`9Oh->z
zx%?tI9q*D%JPp5xSlHPF0!VCq^+-Q=`Fw6#VCQkN4Qrih@W=gj+BMV7R0tBo#J~Zr
zlGM+(ZvkI(a#kU9s_29IAo_VF8#vY+P5jEjEa)@bYo9ahlORmK*+>FnF*3fRJZR#t
zVE=u9Ed-x1Iw7eA60C(jLn8~^0k#a}JL7)rEug&h)|kpaJ`^^y)^s)`@L}+$aEZES
zIs`SR-+VqbA8B6wzEq#epAlZvUPPpm?Xc(4x2tRk%LtW%EjSO_1jK4zo~o2r3spy`
zPSH1?ejm;&&X_q8w;h`bHY9_f8~TmW2YF8Q+3tx=2#H_0a8!E&?L3Dn*Fklu8H);?
z=|}z;G`zr}PSFC;8a5!boSPdAh1}G-B^3viCW%t9iFFf6Ru1X+Qo_Zs#W<w#V5k+P
z>=lg#w%9*<^QTM6{bi9EOSIjaD~}1XA)g%0I{6b6EcaSO8Z^xJv135X7hyHx?nw7?
za_w--5?ttg?MaP(Pu;NzDb;%G>4)9do&0P~vQz6TPklTp8FDxj0Ixm>6*+cA{IFt1
zb0Thpt8UpwVO$PK+iRt+O#f1_-1v!ExS^g{p&jH9Y_YE51f#hk58~7VT<grabLDki
zX3OWc$%G(vUJjs4jrR$8sqg`z<<QUF$nxE@cp-PqSEy4iME3`M+I<vwyO4N5;P>k7
zP*q76AD;SwdYJbyajtxX{V@DSpl%~c!*}n@c~$OQIfQDhkK6Odw9g`K*?ivLATMlq
zAHaNY3Z|2_EtjODqcd8GzFmK`s0So7OkAr_WWK&*UAd>EuQ_&V9gZl+AJ!-EAnbQD
z0`YC3Sh&r2@LAVy15W{V&}-vU@cBuTE^EOQ>$^xsQzwr|@#=$wg6y{E1uwjxY;gI{
z2nLh0HSICV&}vZ%P);OHe4e47=$#RDqDv~jrP935Q!<uT7J17{mR4-Kj|N}w+`z#)
zMmUG*)vf)~=0JYik6`{?N8J61H*Z2@{)n8)`|hZm8g7!u5?mR<EO^Z0-}A{MW*{U+
zwF5bvwy@7rv<x=Sq8p)ig26k9Nj&(Z-%Bgq!0@5V%vfp}s2l=|sePO{<J&T_<6OC1
ztpnRu%W?Fbz96F_g5Q3}MO}oxsn9-m&kPlGxF#dY@j2}?&33=dD`^X^qW@Z?U7RVI
zQsDi0BzmfOrRhYN8SdzBdQThfhmEQRK)$;FlW|qL)*AmjE=avcyoli-T!SrY&r-q7
zJOqcKpF{fEZVk@`;0w=X2YInnL!+(G)9*nb%U#_Kd2_H!r+BBAxn8+kUa<t$l#*8m
zu>)%SM+2O#(vVH4fS73*1q&iG`cK9HIP(T;NKLFK8~ZFeBmN@BAB#C)5x*1?2I6#7
zB_>B>W%i~=xRAUjuBK<5sHi7l`B_<<$oe^XdO7xwH!wbs<K?X`%atwHo9&`&jXFf_
z?}v`_;iC*(m7e$WzfToe2dvdvb?y%l$yjZw%`8k-UB1o(%K}Hc^<=&e8DyzAO8Gil
zcJBwVvbJt09TzH<rGcym7Y?~)fM!re??_dV5d9VMat)o4wj!2aME|O=zE(!g1q6w{
z`sJ0BO2f;b5q1wAMH^E~%_Dt1XC?b+gE|r31y&{Zt`OV3pNXDjFXOl;F~=Q1JMb!M
z7Ql#XXV56I@$`FxUmTjHL8vk8?Y4CnC0E~hNLPz_@_f=7V0U(x3L$0@t@@w)bMz-l
z@brC23vte+_cl>;aOF3=;6L}IP#3glOu@{L+f4M^;FvFpAn22FA*^!MnI>lG9(u1d
z>XHPsk(@>1Q1R*!pl7BqG0p$X8z`0qD&2uR@m#tC%bsqw#n#~LaD4BVc~Aaa2X)p)
z90eoNM8+Hkb40<oY|9G7p~bw{ll?qMKDBV-WYTzqaa+^1{88u`E<RTNs~YhP=e*eA
zD=+HxPT+I2$-a5DqK-{Ken;`hCTa-oD}1TPj2n%yO=uffE2u{gY=AjPPcGktDT@Zi
ztb_dT?3`@<$sd(C<ScVIgf6%-1RJvcJZ_3m+#p-J{xBF!U=3wz)0r%YIHfEqpg#7A
z$9(VPUNUAZvMi>Jvlv5XW~39#kzE9y$6wiJdV6VC*;wD}82T@+Z*^6%&%kx_KTy{z
z8%wOMdb_y-qbr<;pJyIwB)m<LNFkdK!57{iy1%F=lik2?1_-`r6HTA95UTh#jq}!E
z9m*+e+1CtF&2!dZq0Lw$7P-Wv(y4v>QFbvd+xuRd6t!Pq(nkhFif(lDn160fo~o-f
zZxllJR%rDrb-D|?35cD)JQN4cr8|C=*;y|g&%N&%eSnRASqQa%VlDNge$!Qt=y-A2
zRX(cf0v1I7w$<t->g*obSwX=b3xZ0?_2~7eX<(q24SuTmFGH%)%K}s`wR(QvG_pHm
z(*U~O?FGLJ-xCH;Mg&{T(_&)xn(0~R9AmISK(iQTVQ|_H)EU-r@md{E?v?#Lk@lJQ
zeu#9`*umj-^iaqojwp{{wRx%}&y06@aAu@z7{<onxh%qAw}ggHoDaw>0Q>MzspLVK
zBT?N<X0Hqr`Zo~46zZMbY{N!%D^{|U%Y##RbTWu)I)l5#YqqVoLObH<*fta=Q+1qT
zkJXlyDTFrvhdc7Fk2vin)Jy?u=C1;#QY_IZ1TKRf$Q#GlaYN8uzGS|qDdQ*%k1VBd
zQEO(>gJTdwomjc3vm3oSjCwDjJ&H!~N<!18hJMp((7#($o4;+TJ*umO*NC`?nuTbE
zu0<2`uvR^h#p81;mPI-54Ut~*rhsd{W$AZjRI4*Kv)n{Fm*c1bP2973>aqc6xMsI6
z>%iWhn4Y;mk0!_bM#b)PXoO@?*h+_D%@be2=<4ydyEX`56Jri=tm30_+V?QKw^jYv
zZDPe<-GXYAREZg_A_P*QkC{RUv;qd8QY&|IC8v*KGZXcQ>4D*it`htr73zCLpu$Q{
z5y(}s@rJMw>h!VuB5_PSDCO}4?|UJ0PPTuH82k<2TH^qJ<GBwLwBGCPiHWv$GN(}_
z7^B>e6>Q+_9~y!Q>%@L9Ku#qOkp_U6@Mw>1$e>?2^z&NfTKLL;x8F3(G|V-}n4_3+
zYm{GEA-}cOPq>GJ;|wnb1B3a4(>mLIM7LM)$Ai{(6=hv{U4=Z3hKG~0kA1#Ak2|2m
zt&LlIfHEdqUnnVL@VwsZ?Nzzj+7{VNIc0QL%q^<UsT(lPv_s5Z>%c=)Tfwvv-Q36C
zD(n0>Ko$RZzUQ#mQ@T)tS2LU^*2NazwLKJq9m#-3h<Qhu%#h#~TJI@IH09Y~=yMV0
z2mQ~Dt=E?B?+unYz<RFzh@a>83yAgozrDmsODzDLA61}f$yd#r{f-Puy7pR~baIr3
ze3%N<O4@&0oBC;srnC}kg+0<57Rn<T`G%Hq2Jae=F(ICmF(??SNh<g-UHOfhlC9>h
zh+-i^ooh~icVZD*__}v!uX-BNa|RJE`F&YDTf;*>>&|{1PXa5J*7*eu*uJw*#w$KF
z?H4%zM#?svS|H*1;gSO}wJH2X@^`QfVF)}OsR9+LKN4TyoUdcoIGrX77yI`5N_(_n
zn4aNr(YJXwc<lIoE`u(})MxmHY=e;<7AvT3ayNO`WN5uz?v*e8o+wscEq0I=gj2r*
zox3-ILv+fbv-L`IN0Ms$0IKmq>Qw7D=M9*&KBjDjZ5D3MwQ&W7>Aay{Z+DB`!HX4m
zT0f>o_|Pw+Syo~DW?y52gfXc{F06A1;)fpq;|Den`ggoeaH8%wzvKsFwT{Za%&h%{
z^73$)Zj8caxJ0`omz8Ls_UJzL{%JxvTD|MNw;ea3k(b@sC~l_FZ1$L%Nj>;9mEG4w
zlg)%F|Ds20+}q3Q(dw}*;qXy-X07S*u{W3=ry2U$BD3L6XmQYPuTc70isW4EnWnBt
zb1_WzoE|5Uw0mv{y$d3d#DZg*`8KP2kABCBze@fs-AO%9iu*G4q2L(7ENrNLytSx{
zY4)5hw-UXxOf>ZAe+9%DVUw+2Ntkd===O=$!ID-%R%9Dw%JOJ2>8<%41FAY109R_s
z`ks0W3s9q#P!Ypl{hsDlsy#7Xo666HU%r16PqKe11P9=^?^H}rG+nW=x5u@A-qRUt
zdR&etOU^&e$@KSRNnzZc-!dXh1IzwQ9w0VEzU1*dbF4ATZH5SG#Ml6P3UAPb4p|3`
z+Oq|QP!ZpH-V)(gqvOg4;w;UL=yj!(ca<eRNe(O;$p&63=@6sARfu;i6%Mop91-j)
z-%fZjUBHL7Pwq?f>XU%iWsCZ6ed)h@0Xx$)5_s(mLZ1IFkERdx;B>tkm8zSojZiIH
zn;}hz4S#IY1}ugFHRge|?Y)hl%cYm=ZKB=P2e9uh=M=8Rb&maT&KPZx)Yz>%p%u$m
ztMx|HnPTbKxPi^79j8kQ`-3|4P6*r!m8@=Ru@uV)M5f`q6YW4qSQ94rTQJ5j*HzMq
zcNp~%#Bi29m;jypH9xA5d)Cpow115<nW%GS<!)DTU@~R@hH3=_T6~`}FAuRfc-!z+
zWJ^xp`H8VAB@-vwI9rF>gYOw^f^CAmSWjjQf$s(gh%w3H*vfi*=x~Mcn@_ptwZ6Q}
z^L*I5BboL;!ULVJAK8!+WR9a^_W9i)bt1sK@@cq>X{^y?oFxt|!{8CK!bH(_9-duz
z2sT=S@f9zA(aHCq5%M!-+kP2MP9wFGi_QLy^v{G|U0HxP_PqNU*ENB9Iln_&``ZMe
zPh)zrG#>gmfgFt5@&f$v)=Q+d$V%Ab-jmN9I@`GdA|M&eC;4&rWaTxAxEvigbGSB6
zBlWOkYcY%1s5w)}-iul?=s~(D{@7PY>+<TVqN6&p4UGu0J=^v5QySnmYg44RtB}nS
z+#cGRN_0FUPdFmLk>I!mj9YZo6h6(8&gff?camE@oI$W={n|dUwc=FzFNRTk`!3i+
zScYSIBhVSakUSiI50gi0PPO)}vS<=7gBn<fcoN^=!|5;Z4OTO0Q9TWDlkBbocbw(G
z`{wb@;ZDgb&8kh4d~zWC>7||Jh1Mg`9lO(KJ7=A6lj3^N^?C3~vo+w*fKB;F$IojL
zAU$$-5gcn@oR>g_w>LKppBY~;xR2vs1#w2bcuHJZj-Fk*$?Rl&27fVR@IH)oo>FO!
z{wSkzy3L5B^vi*#Q|x|LJL*D>^vyq-jD%A|FfFDHgW%iY)Y6uH?~<k8NA`eh>E8ky
z?#P3%_KizdnC8;mCdjmI7p!eAgIT@@(31f9`gH^}6dZwnUa!|6Vfz#R26wT^hzKsT
z<0z%08XRmb5`EONi;P}<53NEILH=FiK`@%tb~e2=@sr0QP)m@8`V35mLh*gDK%Na^
zk60SsJVN0CBHkeQ1A%}U&Oh2^@Rg9o;A*~#KoyW02zA7E@GHnVK=-=bJ#)d?*=}Yq
z*$f22e#<sAPDhJ7?Xqj}*vj9-)K#R6%nv#zgDsRo&t{A54p67P&``=Hs5FM*b|=lz
zL8?!41&7pE()!p@%aTBItO*|~(=v+1uG8peru+&%S7Z!&POXFrf2LJ`0-~{c`U)54
z=Jo=Xe&3LB?YdSomu7s`da-payO+0|b-~r1uCcai_JGUA^3Qj$_4UW#caEHAw-=(@
z59BKYju2aeSVtb0OT64667jOPX_LMLgNgEFgPcM;pI#g|aE&_4Zs;T8XhfA(P|Wq6
z@`dZ^Qv<|RVt{?b=ZW@7taBEc%vFb*1p4U{qygD1W-J(gFiu($3Y{FL9<04YAMhi&
zKvJ$+)Ol*+>H+4u;;AW_BLW}+;+&_URVyH@hfVJvmBt}mG)H1`ssz+63JNE@ne})e
zUq4zlU>vu=(Z)W(P?#$hxOkn^xdRpj&|UZ!XGwc4-p{GV+1AZu@Lpp(@G@Y1p2OY-
zkk8Q5)*9cR`u$DQ;*j?t`IkLMvVW59$MV;Is$O6p?R6VYl1*9#K>xBxcnbHrMyhiW
zI{I)FE<h)Y8I0P?ftm#8x$4eucF~UE7Fd|BX&`w^p=#kJ)AL+99RJ2sIYo*S4X;JQ
zNc0nD7JjGX!JGocV0n$sb-CU{mI1Is*Xm?W$O>&d8MVpNM)GsmxspR*Rhe?^aJ>~P
zbHAa&zCD&fV`m+wN`O3vr{=7-apBn(<s2rC+?qWNjjWz5)jk<@gppfm$3fKLjzjou
z0p`wR-hgs0iRXVAtdWUu*9I$oETPp}@_vB$*z{P9&<aWu=HjQuTZ#S^2BVh?3Uj=d
zroM$SmZO<HE4SUoowdADk1$Zp)jNO~84rTV!=NSunu>{ofSk^_S`Sg9<;`nTKUe45
zahBTQx8m_`kqwOs2Z0_4zU#-H56}?8i7b$T$cy(Jh1R~w>9tTTw=2KhcPPJ8A}b~m
z+73Z45QT3IAb~}LAi$W{aSFObAr3%{6;5a2h0(ygjzrk@RzPL%#kJa!4SE({PUg?q
zxElE_YdHt-*P{c8hcU@1zzB}oQLOR3#4xUH-=UjhrW0%#koOB~QBdqh2CdC23@{8F
zgdotOEDr3AZj5eLV_(aiAYIF)hSIJtygeUt6Q?{oo7<KRe0-J%4D+c(VH$fEc(dCi
z;YHSB5Kq&R3-BGw`4W&b$;S#@c@-|3afmbGMguJG;AMNwA{B9CmKGUqf!D=%VRgj2
zG2(vQ0>g7v;`RaGthL_ZF7@7>(9m=g*#9PlE3Axc&Q-f&E?4OeC6}`*Ep4iFeFT#&
z^Bl^>Y<;}vFnJ<B`*RQH-qG~<Onyei`xo1dnM5^mI2d?hPmx<VU+o%Oc_dobWI@~T
z`D+eBd>{q}n-EZ(lb5DWdwNT@ylKb#xp~92CVTUEK6=Ch|BE~`%;5QWd`}VW@+4`r
z#SIDRKqd~_6+xOOU&Cv}v19qiDseHuj%<N7Spo)zQMtzy%eAq#-DR4eZFHnnNzFh#
z4`!U=>gf-E+U48dQ;B<g`E)KibuMVZtrKdy9ptRMly$NAaBjK^zhS%O2xYsu)#Nm;
z<b_w=oBY~+r|#QYB<3yoRrSvKRHc@(VGYiUi_Zm)iRd4pwGxaj7Z?M-0L@QYP0%~D
z-zXdu8Uh0Dhy8WQ@~#Eujj8a#FI0<7PO0aiaqj4VOqcD`Tp~AeRgY2Y&xj673XW$5
z-ONcyEEg|^WZoOU8{&6%iE}lwZ61F)1zviCyt`Uw%vRj#4u@OJlNM_$cSCELUC_;a
z(#P<GqNS9}6FMO|M)`zqF1O_tdcIwb+bNqB-LmlF&F1=do8KBmdwLhHp64Dv6&Q5k
z>rpR246Fs1kSLT++ybw9Nl0~7k22=C&|6#g=8ufGV&0Q}`i;R;EbdVIXKS)pOO|f9
zi{Ll;E<SmH5$be07N_KwSAC8O1ih_Gz&j&(aJ!7B_xceWbChf82VnM*su`^awrvrV
zXFaeI14Fc{)_Xy_?*N$f)k3S7TL#x*RhN_*7Maa~zIy2eaq+`e&nbY*JX*!xX$Dv0
zNx*W&4&0L}<Sil0)@8(TpmX!ma_z23R>4~P@}NH+bJfZf3_QdT!y$CNGKjO0%|dFd
zx+nLRzA^44an;o7K)w^}VW+b7O0(eVcDb!$<;(*T)0jsnh%+;plx%C5;bP+X32ToQ
z%R{gxp65aIh>cgRpG~(-z1re~?-$;aZG^*R`{BSwGfvFeh?^Wxw*{GJ$VyO3M}KX2
z8UjHvj1Ww_i9b(4WHbX53dy$FGrR5|!7VX)-ZJifse)T^ghbn$WL_vFUWu-20ANhN
z;R1|OY-&DN!Yp3gu=hQGBZ%pt#OOrn;8x_717RZ+7W3HM1f_q`@-^`yLdgRb|2)nY
z=c+S;SEu1e@1_^IEf{G$((k_UU;W*Bw?edNe8U?s;%3csYD6cl6iT^ZLi3$GXP&`^
znhP2VKGci%sI<dwH+EYFVr#8tUmCI90B(W7V{zQxihxHJU6*1P;g?+VW-GwGJNTBJ
zzoobfzH#Au>ASn`+o-BX+M_fq&?Q9hvxjxoQMfkZFXzcF?wuw^8M0S=Mh~L6-oai%
zr!|8Vokm0h5vQ_c!(G?9KCV6ubHl6}w3q)mYRDC6UZD!!R6U;-7@4Rtr>-pBgP}aW
zdTR?(=xp%OTK0)Pi!N0Q9X=+iUJ$AL^_h}UZ18D7U$3-^*(R@c<-xweI}Z&bB5%ww
zfF+56=t7ruUoOb=xT3F3d^|w~?EV^VkYes&b*YooMY@i$`%4nfwSnLB+iz!^?JdmD
zCt~ZR_7(kpH&ru5?bfy5wzBSm!?xM_wdYyFrK;%ZG%ULMDv5+O=kvm;J2>3!r7f`#
zqRVuxBd6WLR=h(X{C3sHiCgq8Y1ntB^U)gZvRHa`0H&@W{wqiw#f0p7w(sIC^P6Ft
z+G>zRauvDiKb*v9H*^Gx?fq>VUQ}IDT?Fft8<p4O2j@}HymP~j61;uQI+s3oX;%z$
z-CuK3RbLRz-{+;%hH%2bhu5q=(kGm_Wb!R7a!Om7Z}nV4yF0zkT-^XiKd%Qd(hpCK
zPB1#UI>z=rk8DH*kiI2g+^#qw&~849O=H7!QC4}g4F5<Lr(KLImG&+tyD5UVfQtMu
z>Q0KSiSynhn=HAI3z;C?)x9-q8~nYAWYfu~)Th<smX(8yDHl3PkGbYrG8Vt~aj8@P
z>D2ixul6c`w5EA)gNN=-nFTl5p=er`N)Gn`7?(ueuBa6bOfaX8y-c2M2{hm{+yZC>
zM!r82tUbJTpYUo@UkGNyav%+7e`AMUKI>%B?L55J=-hFAE5mBqDn_wb71$@#{0uEU
zI}M36HoNeGt~=+dN>&=}u=<)Z34X`QzB&P0lPR(0<^yb<UM@%L2nV%zox01|ah!(0
zMLVg#cJ1@q(0TxE0%HUgUT^W;Y^%cqr;l8CF$N#~=+@(l9GDnEZ#(V<K;5!<EwuUf
z`9@!{D!z`<{9TKLheGDT9EjAJ(}eQk{daImS&(*$AvY>Yp*r76>HL0@6B$$U)5(9x
zTD!yU$O^1TW7RRlaBfR3V9@izZO`%YcgNP3mbFa3eXEvIKw$<x0C8TqRKLrYFzWp~
zqYqECh%h$h9xs1m(77~D6I@+|E7LW1<JG@3LZ~1w0Ee5JN=T*8Kl^wlZ^(<HU0N-w
zn(R;K%GD_VD|XlDa38wIB%c2VVkzh}R*;O}OW%=<J`=~dx1U67j<yZb<Y{Rw;I?$B
z3Ire4ub}P5`Bn$+=0)#X=GyeM^cua=9q2e#B!fa~i_DB__qEv#BI_7WKo+<TwszS1
zF_SZlruM**4mS^pUqqbFl(^S&KSb9D%dWMQGa#XLr~gUK$*&u5*`>87R91K)n8a^J
zB8j*-U&F5jXP3au_GIn|4hnC0u8yRC;}l;P-qI@g4$v$kEzkmRn!g>F-A`vvVeT(7
ze5;G!JwRRPn;i1EApD--?R!E;dYU+#`aq-?!6M5*5NB}eAab3|CUJKWbO=LLj}md#
z9N7iy*w>-FLssWPoSB-@>*(rE>)5I}rWGZ_SN~&tTaJ4o$?&-PSJm4xtCj2e^al7U
z*=oiowh!><wcX~f+w|NS_T}bT=PurL&VlZ+FMcl~9c?Z*9o;RO{|AsS+N*sWHWTaV
zlO8)8K`Y&BG=im=ftc~=bX<$TfS_pbG_>`-#iSGyWM^c`k@}ps(tsP;3H;9E%Vyte
zh)q{}i{=R3Ym8^t2zHd`s;AWMJJGfwZVbFfEU1ytj7O|6u^{qFjQNslzo(U7=WXT7
zs*x|i$2T|tBj#nxmZz04SkI1otaaFnC%DRBCoY1-v*(OwRD93EG52xYVblZepVsU{
z?&CeS1y2~AVfVxrH6b|Dsuwi@`Dw75I>2bV>nGd{15q~KTigu!wNbj8I+V9qtt0Mc
z0`tQ!!}4;p<)j&k3dMJ{k-rpUV`bx)!4e|w+Sc09Biiw~MyjY}lxGje6mL#SRS7p`
zPm7Z;NyOu-(l`PosI4celU3!J1xBqC-NyTBGg_|tT?$&q)tLun%A3r%MV$&|)j8ZX
zooW<i<#ws6@555|s>>!y%3JFfjVt<jCB@C1<qG2BQaI(>*UY(%<wz=3z=Y%H=jEcr
zB+0!`Z%^S(%1_Kg+4JT9*s}*EWVKPTMC@~woc>fl);zf-t!29_L+}4dzVWxuXRz7s
zKd;v)>dbF1FP>J+Pg+(|CO>1&e$!F%vZRAsvcx{`ilTa{giC5efo-y3nF#ED$nk38
z>u#Y+{;NV$le{IN9o;dgxL4h#Tt?Z26hU?3Zb3P2iSaREnam&?4Zi$O@t_)H{*Rvv
zK6EkQh~EsPgm&_NwN|N8V6UFQ(j~{P8hdST6*BNVLsaG8hu2pnEiGkv*nu;@b_PE<
zt!JfWpqG4f$^3mlwebDwswzqv*8vX)ab<h&;F9`jZP7al>Kt%^b6J9V$nm7|`F7CW
z?^3rA@#vEF;_|}o)q&omBw+ochKma>Wbn3`AP@w{yUur{h_QhC_WJU74!+|2%?<?Z
zJP|_@zp9$xyQEBzqJF`$l=Ohb6p}{`BLC`iCFO!e4?Z}$c5Jz)1mB@~WOe{eX$);L
z%SuCNYI5MAb_*aBL33|u5~@@EKa%B1>*XLt%|6dsvi3M#0%w1#{(+B+KvGthQ&E&S
zEylzh0Rfz3YcuZ*kk2-T5zJPBBr7}PhiF_;CQCTSf|<P}tuwrIy5C#Hrds-esfBmI
zXDKJ=qA^PdD@ULFGy3ZcUBO*sqed<-Sbnnw^&(J<nx><mqalMb#a#oZ1P=#L+EExJ
zUtJf2S=s@1Tb^@L9e*Z3lD&S<o(vPs{;#T^xIFLL06;;~^!2u^%Yg(+Ap{hCVDq6G
zwwH4xR1}_xuf}0ppr|wT-$YU-Cj6JK>8hHCoFs<$(LN(Q{Ap%Mh_r^BvZ6wTkn@H<
zvi63nU`)OV){q)l!r0yVgcZCRQm_U*LoQdkuJU$t+Q~CVE&7nQHtg|HHusF6tyv?m
zkq7<@MA4*nNm837V17wGylm<6lbLI{g0A|$a4WcSIzfs2tF}T_)j!dyf8o(kV^xy{
z+rU;sthMXfUKO5j2w*O1>LiNFUnfcBGYY%40Kzk!3K5I1QY4lRHvSC84k~?(kDpQ`
zo)HPDylr%zR>x{2l-^L8q9o)C_0Yqz*&4aMVV{qi0T|<lR3zN4Aq@1Ku2umF?A)}x
zj^oJg4&4dd6trZVf2xg7V#d-rSU6oX6969^$k52y*AnZY0nGZ0SeBqEIUS)uStuBN
zC*9bjXGW*TXwu^GO^wkGfu#6obj4Ng=O3W!N2I32XH@Ttk58nt6Cmk^fmSy!H!Ho=
zNE{VN5di&$rKU6DbGU81_<^J-{URY9_<i12C&ka+{`^4(V8IZZR$Yw~>P6BcPY-sw
zPr5r}XO|Fh=}QXuoO~2_qB@#x-5g6~II0{|bQ~#0Gm@QFW?=A7dW_1Hf@Q@wmXh&!
zE(9^QdM|vmPr}|IbV?JEf#)>h(AP4tG4b(`31A?hb(CV^2H-I{F^!?nBl3Ug4aW|-
zP8(}eWU$SILetB%4F_>wf0b$mL5PF%HAFXw`qaWt?Wah~)SZnUZ@i>Phm`Q}c}Av;
zulyYI`>nbiQWXO#`sXOQwdr`3MV&TPGy#jut?2-bm=vD?^im+hw&K5FK(8med)Ae-
z$DB8>v@)-ZZk8T%{z+T5kO5F~(;`8yc8SIjPy?DUkQaTh;RehIIr#OEF}wh-!^Vp_
zc9A@A?*dwu{VgkxuP9|ym(!V`!V%CDPDXu5(s<!ggE5i+Yf#Xu+J4g4xNgJrfu3{;
z9kRrHL}$z|?T*9tXGj}f)p8uoeZVf7Rf--e2^Z>=l6#tepl4W76IQ<5tJ`$DUkF`O
z&=6ywuoKCl35xbC%6rI}$g4~siy;({wyZpnpg>Z|DBW0#m&5tJyX{go5qwMox9~HL
zOYC|qFbOXWd`$I(Ux!S05`XF4V3-+cF*`{3o4ze!e<JztCq_$r`S6x@BH3t4&sV9M
z_$R0>VKebB1uvay!p9*fFTQF*54Ea7w{JD^%XqR!hHZ`$<UTuFcn+m@Lf2WseZf3Q
z8+?1E&1ab+X<NO-+Z;vWXJWBbJ*%;TkJ~u0ZaM=6FR^h#&F}X|YMdCY5KZPEU3z{N
z&o{WSr~~{FFDYk&_gehDVLefst4rZ$?xk3_$?rGqGK|s^Pw-5}>(Ex(E6JDeF20BJ
zPQF`opQvH5#P<3&_Rl|#9XB*d%tN79iO=b2<@tbn&56YEzQE0FHEorwLuW%(r|DUA
zrQq_p-#+~DIc%kn^SFTb0t00D9SU*`oiaNnED>^Y;NitQ4Yw71c!vV0BmmV0d6FpE
zpaLf*cpa$mn-JxRX|CHVfA)vH1`v_)9m6GptqRm$i3fe^cU@VPezS;Btm99|zcIlD
zZFDsVO9NpB=ocolTvj0&@`V6N60emZ^bLSE>`{t(J}8yfCNI@NjKTb6pi$+!&KE74
zUC&DbA^Oz4RR$Hs0NG_`W;t^!A#&p;W{u14B>d(zz>}i6#BRxMBQv3Q;dIqd-Ijis
z@EMu|r!pYuxM_(?(EnoLdDOM2?LA`emj@0H0BMx-K<QE>4oddugPGv2se<T@txVWA
zD@@#0=-n0I7Hct-fXNr%RPBx=I6Rz6yJO+Jv6vr6<X7^w6VtI`JRGkqtW)N4@$M3O
zQiDGqUEHnRUuL!7T#a0mMylngEA%?MQL2^wLB0`blIpp@Y6AE#=Dr<56frtZ?&g_8
zs}#<XJpxp(|1~x)G2tvcvit8T4;AW;9jkg$OKIjo<u1EBS8i5-+JFfjG+qX)kJPp*
z<V38om4{+F;el{y3}`PH!#Ai(zvO$Eiz6puXKD6#TVm)8(T!Xc$(pFh!C-3i<u2B7
z@_Z-t&vDg|Jlzb}nS!3Hl7Bnr_WXNZK=E`Fs8M39pzueDShK=oA&Cm$D7I|av%%@8
zs3Pzkfr8Yrqyd{e$3TuIgHD4>qOVarIg$eHSk55CgJt$^R2XQ^zN5=abvm^NO)Md`
zY)b_%3tofV5fBw%%@UssB!{UtfycabpjG{l_~|HnwwD=bZr3chK-b~cSP`598jg*)
zX$qLZlt^ExepEO;YchcRD6}N5wH*&{qsve0TNr*l6#YMHdlGOex31G*4oO8N%9Qzx
z&LKnQ44J3Q2gl4Y&qIYIA#<7$GKWa!p_GJ5k|FavtBi?%zo)u?aliZBd!Og?Jg;-!
zb@s5<+H0@9_TFpnwdi%HqiB^~>(zS!9Aly{oVhlqs3!dO5mp^|>ua{4-l_+oyL5do
zDl(dk6<_KSH}@}jTVK#Ces5Vc<ju6@^`=*t<#u$$5q&=Az);a_y*SN^!hF*{v5ldx
zFH$09PaGEhXnckKtJ7rpsKy<>FAWDB++TjyxMUut8#@XY%blo7!6|y{zf~HoEN(d@
z`H}BL0`e|A>UQHthIp8AW(AM0v$@LM(yZL!&&iJIVmD^j-j~Km6mMSRWJxGYym)M{
zE0W1Ska{i8l|v#g#NeWC@8=H{p9l-1E|1-8uite?R=?fV;h9!qz~;Z?g8wq__3c)u
z`hbBANorPbb5xm}=+(*euP>PpJ)dQ}9~kSWcPh6WSilPvEoT{*zW1G}$>91t;JAv$
zj!Hg8itGCDKRIly|HTCvH92wTjlt~UmMY#)X#TXT-d-X89X`%qU}x8a#1>Y|>{e&#
z4^r?X_4t0C(l?Cvb<TTC9rz&kJtBW1yj|@5Xc7Aj;a5{FVzw2?HK`oS!~VQ}Eendu
z;h|dD!;blD`Cqj9RNC$HBi?xr;cPG&4XMf{Ef#T9R&KW&opjEpOCC#VoyFIq_k1e#
zE7c^oG9Q@K<4kn(2<?qBdym~4$^Ep^nkOi&_C=^Fr7x*r^1}ljDy^J#D~9J~$1GDO
z>?4%V3+;j3q<+q@#9n%1S6@=Evs(jWDdIrO!~#~PNX?<r@Va)5eP~N+srB`PHH&w&
zznaB2>wLipQM7y_+3=eC=yv{gbHDofe!T#hDA!6a+gnXmueqa6T2Q)Do5t0*jJIdb
z-zFPMhXte~Z=mg6nf9J@GD+o##obeos<)>08>{Vddy1{eKJR=XPph9fsb=`h1XI&!
zn>JUW`eDo1N{#gAVrul274PQntqV>YdsC)LkQq~^R`1ATfOX#A<;P-pclN3|-N|0W
zP=l77iO5jBMTr#Y5&0))R+HLtomVUGBQ7n3zl<;wPsojH!6HU(#I4+0OlT>7Bt2`4
zJDMsO>&z1xac8IBtKfyskGd%TSC)?=7e46+WlmJ4?-#BtJ$32L84h2zoEsDEnQjf`
zRa$DoXU$iZ)shuhKYkTXKh)}T|L#<L9_`(oB`&q-Qba_j8RwDs77MYoZn?ti-&8)C
zi5DBx`}oyp<p-$DHslBf`g;r?S@!n}C2e}_VL}m!UyB=h=A?+hfEyn@Yuf#EIiD7r
z>5RQ||2k6@UGDk*Lu|xS%c=c7t6jZG=SM@H7Ze=Oy*l+IOIu0*)nul-&zNIJ)<ggH
zf`q28g}ryCr9XevKl|>~6hChDNy4u89#$OMe6%@}Ey@QUmW#nFySh(hPHK+5iT}vA
z#O0Ph5-uzD@KMFv=E6N?`ZMU#)tP;YRauA}%LQWtJjtoN&z78VRX%fiKK^eGv_H(>
zbS<WivwK-1-&BkU?Oo5ueac&UuQ7799(7mwOI@yHRas6bSKKarliWed%w=nq5TTt$
zo!a+AueVWsrf;xgvJn$0OMkT<pZ|RE?wrWCcmAE5=>gYzGFaU3ql@`dWQ`ruWZavh
z0oT?m*ChRstAoba#V;a$Y}F=Yi~7t5S0&!-YUEAwHf~nuzst^l*M?iE?gZw5%!f@w
z6NM_d;-$XVx-t2kx|7M{eQm%%NHv+Co8WC6zdOUbI4$xm&Ohy#?^L($TFLm=nU5T~
z;vI;v&63%et7{&Kc^^NnEW0HR&-LfM4G-G<XvCQ`@u9u*Rdsa}`{p6fq+#ANWwGMf
z>LT!3FA)2QFokH`lu1-rO>|GPXb6%zFLD8w?R<)PcJr%`{3kSi<L)GLqwZp4+@{{#
znT_|o>Z-KkCVi)3Hp6<~c-DUFSc>$!v)Ik{vYnY_mCVi0$I~X@Wn|QPs))F5hrLA3
z5Zm(Pil1)ZK*sp%cSd{qLVQH_A`C+BaBN(*%8Ow%aSZXKug?v}pAF*+%)MmiUsNy`
zFnaZy<+-mB-&)@&yF~=%_8>Y&lz5(uv-UlW$=7_Ldv<uv@)IWBFEeH{g2Uu`<0dMa
zs$lr@skV?-ZI`MrzxOgC0x_zBG1XbavHOOHs9jVzSkkW1wyNwCw?AQp>+j?q4qA>4
zrWJ@;j(y?Fvl_10d-iys$2HFzFPP#h9Jm7YrBo!OHy*_F)z9|{9?wvT+^@oaoa=e?
z{%WdyDi4M|j}JfQS&dK($c=fd<x&w=;mv30rOENUuJH)>@B>9-Bm92jy&U-~u^#ai
zIWdV^pHdW!)fzwZc&l)<W({9fyrbUOCiJ#MM8{fFVM?==JeS9Na-MG>)9Qt0(@K5y
zl>;=bE=HW8M(g=zjmP6fJ7s9HhAHA7Js5V5KYH?bR8r%Hym`nsj^Q`{9s_Um3R_i{
zcE0rm!9{qyWjM;U3!79tvW5pjU)9xf4<AQ*KMY3IUmN8tl;-GWfl+pAe>xv+UoLUx
zgO1c}pY4HJ+7kx3!{SLj*)iZ6NL;w$4dwg$IMG7UzCt%ceAi-|Eej`3bb2i#>*V5l
zDsc%;%gEtb{Q4!62FfFr(R&3p5(|a};&V(APv+=0mdUtqUGugQIal7mn&W;AP5O4n
zp~H$VZ2R9$>J`3}3rLQM=e4g>jL&%(J;HM?JtmFE*=S=mhNG@kyU>E-Nop{kfD>i7
zdE<$AKCQ+X%fgy7qfPgXIouB^%*blEM)!C`Yh~Y8<cQ}<I;7yJ-DqfV3Fb-3t*g*U
zk04V~)E-n<2vfYGjWFPt-FJWd#FNf5mYKtx@vpQRuTB)ghE602#M*2~);(g-co38M
z@Y6eLjed5`huYWa&wOGYZlDOLi{NQQUTfrOylrv7MH|tm=%R(#H><4G7;K*ntBtY<
zO$xT>Wg?sy(u!%9LEL<y7k_ntl)_vf=Bm}1HJL$;M(g+<r%I#JTFE>X{Jy-$vFdDR
z>rQsyshDg|uxTL-IqENo1mg}hzCNyldk{pefFzgBVQ)T78XBv$U*Sm$>-`7ABD)k+
z5af-VF&3<0L0_a&;;G-p1~VX>PUpZL22)>tOts5Qq2l(JsPF@88L_2$Zw248ekr=9
zw<}Ct;gMnrA3Oc{)kpi&f@KWZ2Tn_QQBWYG)%r~zC`t*$^i$LC=91*0;5$xIler^)
zrJjA0bx<oznj?UxpngZWqW$S?{vf?XIwcBt_EU>5hm?8Xb=Ij8@CPy_^p%S2jGUP=
zW2|Nr0|T72hx^%`;vWPDxjNF->Ri;iXyDwKRX$&{NwxVp@bHDX^+QXWJBHu8OZ?e|
zB7X!U!@$7hGI&P|f|)HPC5X@T_b$MZ{w)|8&e8Sf<u|BbFTa7q5HMDL6o||O$AAz|
za0C+ZALEcA{wfX`$oL;Fz}Xgu481)LnGoW?UVszV9NBf6E_g10k_8ibz+?Gp<r(s@
z5&6MuEFr@rSH<X*YV{h9dVMV|<5Y^<^+0rXb~VeYr)V*tXs*k7$)WUpC@ejr#O{()
zd2gu5{pU`O<?M-%Y^LDioq_(DYZgKy$BsRQ8!mmEDAQvvnrkcX#)`g8)OHoSq}n(=
z^*T6tre&h3brI(y-t%?CvozRIxya&)@=d23lYV(?g6$ly_@><Zl=Hh67DUoScLj*9
zUArPSCX<<ewscXO`BK)YP>X1MlUqSIf9z}YW~J{<<cL>RpmsgO4b|jxqrC~S2iu;}
z=$}pGc!cC<dSq1*B)~YAtkl5!<w)_fS4`%My04m(`<Tqp9ajq$_ZGKz-dIW~H?L3@
zX)QHA9b3Iy`q*m6>tVqX@bD$BKRbG3J<aA5)zZtxx!P;7edm}z`G#{<`-XB>+uv)P
z(|JAY*&r7{OM1Lo+W&ZUUHCPVH~WuQUzC55|3UXf{&@T~6Z_liEvQwhdGgiDcJ}H)
zKaQooC64On=crcq1ca<#37}l1T4{d~bwhDu=aa*$(b>@~{;xj-_K-y^li5=SG`f6|
zY&2n5ut)VCU(xkZ`=T<D{IKjxf9~vB(xy6FFNfDV{^g5@KB@=Rz6m$|_^jysA$dWL
zCFd`L535}_r-R1EpSuit*F=RcQ&f6<Ng2N#K8BlG5WN~?%;5R#O?X{mDj8vFL7a)V
zwf;hFTacLvOSRRzWvRR4Ast+pPyXxa1C4D#H9=8*yJr&xlcJFG3pdY`v548**F06Y
zs2+4~#WOf<(VsDW0l%wl^dP5BcSuxHmx-@M=NxV7@M(@e>5Cvv+4fE+sOfIz=Iw+R
z)N*mh6Yrvu!nxw1d!+>btndBl#XeZ!-!AqcMpT1?sB3TxD-t{y47lhAjs|hfV5~?e
z0vi&^DuhLWPw>D&G&K~6vW5lG)!=Z-?{Fk50)zRU4y1v;qlMuhFDM7RV?cy9AvpMs
zMzbOTQ3zqEEGUW_ic&}z{05@9ZGE7;P&#1@NDD)<qCq4#s7zrjmWU%33F^QIQ^H};
ztwf*_2!JFO1ik~sf`;G-VPYnza3X>L31JXQ4hbT*q2XBQp@ayAen%rfMOc6cr~m^h
z{aGGVCR7&m{u4<IKpqWl2|{Dgln@Mq{mwY3J`~V12ncC_6I3=t2=x5P?L^z6%@I}9
zZ?|@VICg)Cz>jEifVTe<Z4Lo6_ixeWX8fp}3_9HV{pSWro<0lRvC^@;kDcS~PRVm7
z;Vyiq*=3}5Q&8^aczX~pwlj*Io$frzHHNgeIw|+_riHH9^2b`oD=HlAaHf}67o%au
zFcqu6zs-4vy}0e2W-I3ePg`^3;NtWLX5HdsvE`~z76tA?_CS&H;0vA-V|O-%mn+Pp
z+8QaCnBJ%dNAsctIHu9@Lcy<9=?3kS8y}TUp0e5x+d%uJvW2}_NbHNOilkd2c{P;!
zW+HkhgNFISs>E@N4=_$8TwC{?z0`wu<X>+#m<|*rsZN^q(tKVkSoo4$d4q}T)pOIT
z<A-S#vh6dPVG_GO<A>fRKV@6zg1s6u6==Bc{A7e=EEPt!e)q$T%NcK%T{W44%bF$v
zPH=Ove|dWBI^pygX&aaM<UrWyBexdwh<okv<6*UzH~Q9xCQA>ZLIbG#swG?RC9WjC
z7JkGePV!~fEVhsOlxnj48@ruRcciUK`3;31@9{8slVFz-(n_vczhR8+rqDB%R^1_W
z#fC<#j%C324Y`kk7t`%as<(2h!>XP$OIM#ZIV~}I>P>aBIrg$j%@|72=Gr_}<UQ(Y
zQZWVY<F=o1D+14(>jXcHo&7>Ca`EE0!pyCbTfQOA-x!vqXDQd1=hrEF!&xrww|d>y
zV})|Rk%7KF9$Y8b8>KS;ytM7cx9MHS8dZ~#H@@{CyIj7oz2wdLvNMBiJb&O+i1BEN
z%iY@N7mC>8b`2aF$A45g8(tUhNJ`l4P3L!4_K+I#PRM8FgEQnJ^-()=19zzyH_SYs
zc$h}F)AN?>fmXXcdq;(b>G;Q1NeL?zb{*$eJcEjxBfT}>r0j1^?fsl?<2>6{+)L7|
zft#;*I4$aUQaIn{!Pn+Rp}@B3@kwU7*3I|~qi2(yeKdCdyI}W`dY9Z)eUX>L<q$<T
z_6;apwrAEKMA%jZJ?a}!4E8V%(if=o8F94mUVNFY`##~EUGCoE_g(w;`d~s5tG;%>
z%4u0|*;KH-x#M}2-KMl2jR>Fg-f`|k!U(0Yp}>cncC=E0ZB|0<<xq0zdA|MjLfLyr
zIgtdu135x=cHCL?{tY}Vy?9akPCEl*9mj%%6c>Y_;+~x1{K5+Nft-XRWuLN?mhTn6
zD{H<IDq!%~zM#&k>EnZumm`n!^m@-P=+miM?F%5}cBSkOP?ay6W?w#K9T>1VnVQ|2
z+t8yHl$2eR-&I;$vMTQQt?Xr1;UXQ$Nc>cX!^Mz@BRcJ!#UjX1GLMaK(HVi*qz|i=
z(c>LAXe+O+u2Ri?Yc-$vsM=Fh{7uicb-F>PwM}E?v7p#9wCd{D2KIoJzI>-K)qpgD
z?)+j<)Lja<<w}~hiQTe~&j&n++@DwOMZ)%q;u>A?MU~Y3yCdW}UWUFlZm!qQRbiVy
z>L|1Ku#rDSyz%qBMlKW-PI>|3xlM;8J&we$e=654L>vkrn>l3Y6M4jCf`0AWnz7ii
z!S_>>Zd1<87<7l|W1rc($E^dFhc>bDMXd87cZ0AGQv^$uNiRM+oUKA=Pkh(SM=<h<
zJkcK-@X4^Q%Wfpp-r#hQCtISr-RtALOG&g-EboiYubF(K(A->o-%HX#e_Jg@kc8qi
z!auC>#m&9*>=%tq3TxOYi#8B1?USgUU=Ph9$`y?cCbnz8H%MnGb1J!dWboEe^qxFk
zgM3ZC5LJOGd!NC@wb0XXB6Cq7&U@m}m=b@r&q5`O&5{If#DpT9hM$Hjy+vE9_PA1>
z4+GZ$qY*J36Z9%uZvK+fVqW|G-h1*N42>^LO*XqL&17emBqB_Z73VgK)`}Ks-xIPA
zUCOghPBD=5qPpzc8RI>*x9NzTAp7A9t}P>%Q?ZA}hOqkd9nTed=<=g5Pj$s~mh@H+
zHC5>u`=m_EtcG3LAD_{rl4uwDn$8oaNpU78uxP<5V(jo^wC$zRTlEyhmU&XnQbq-V
zI&pRjc8qtiF6%5p0}*rLx$S;KuaX0M3=a9=*F87k$d8|!CRo-RUfeDGkQ*xTHMfXM
zN0=`v5Z88T?8uS8#ZQl)j5gk`OcWGhLp38Sr*~K8$Qb3}-wP;3HR?u|l^%;AtPXrK
zN(m`CVJ4^TvCpudQcq{!S0i%dHDCS?_uhj?SH$V_jdmNJ@H1T2!}K9vOfZ}>iVAFQ
zxiqtx=Gi};{_(4LVApa)a#?Ra?Z#wt5?gKH>d>9G8xgJfM!tOsVw-lOpEGW?jM>=*
zF1A@cxfIrWn)x-BR9u8_eNUEThSBncBa%z+==nZm*;lCHvo8>e)wJ<;#W;VaL-|>!
zX{W5HN0e-{vUzx4+RN>FV|TneA?58`jszv6vBlcF&+IFwJG_zK;JaBEy-4DX%e`9f
zjhM9`JgBGJTekc*-hB_ZY{t5|y6cM&+tI>HhpWo$ANiEIl*us;x)om!tBP-f7hoI&
zvb!s)?8O@Dn-E+XkGf_z=5j?hhZBptGLcQyUVS}WsIRIOo-MPeC;F-^-?Z9C^#e93
zW~*NH6=s*RnoPTCj}*!Bb~SxwR7@l_%ujBi^qwvpNvU(kA?_)h-oYt2eW*tEt`d3W
zPFnBtslu$EUC->;3<!DqWXZ+y@#ul(0Iiq&&NHlbth?f*4g~M{cKBraE4$M+>1etA
zDYQjljF+7wYESE*C9T}U6wI`KxpV&Ev!_~DofI-nx!d*l@_9srM&0a_C3MoQ_iCd)
zvoZ#aQE$jJ^CUD)^_EGwmhtDiD}}8!PZ;Y;akMRHePhd3zIpbPa_ky6!e-69ZGSpF
zKYb~E)l<VTo>JS-JX)>opU;l+ukl-iuinwf?^O~xdwY}{_3Z3I=$FtJ_i=Br4tE6n
zbB3M2Ie)UL&xm+_Hqh*jY*7!NgpvxA3X|1YPstieOUJ#Bnf!c?gmxreIM^q)Hj)&}
zOY0`zT~hJ6er{pC@9MWt{S*BIK{uM`#6#wEXEMAQ%yLM@rY0=~cuh&(d&4LZ6r&nQ
z_`FZ5nyo<5!ibKSe(+lj*X(@;`!bf}Sp@t)JWWzOPR%bjZ(OVYGB=N>vdOSISpOrn
zPT=Abvg{J=1?hXJ8#m&32YQ<b1(*51^rZOR{8pIlH1pO$N#Zesrr?G9&kNo?m%P)A
zPxWgFnNCf@F4e)sgy;J+19QX>%Uy=xeB{~NYgu;!KUG$)C+dsvUi=#HWpVk=>uCu=
zW~^tS_<21V8mYWw_k_#uotg{>5T#$0LR^Y!jt50^aeBS)TwT-m68iWIlb6gxkE%FG
zm6fI6Q6sBomzNcB<cNRQWL_5ANL5;BarxDr!@dsjolmC@V;}82lI<K+>?j*_j^L@b
zXTpZ2`k})fQN2MOznqbnm<Cqw?wZyds&^LW)L<4(m#FNrv8Z8}UITwZMD^N*Nitg+
zEtUtuhW@3a3zI|WOYZRw@p)OMc!GAROQ3ccLft**lXX1qva!7h+ZgrO)iLEU+t$w3
zcK_Usp2K3Mh{{gCyj9ocu+iR8hi3is<!0Nu9KztI17`$QrFGt9C20@cOe&gNn_%Or
zqSAI?3MFs7E9$YiTtE0hNqTc8V|dJU^OL@x*HXvgI@_H8rzEHG?&pF=Rps|{{9waw
z;zd4-n7cX5eqL+Q7v=@;YPy^~@PYh7#NjudM%|~=(&Qu!DF{+}R&+X7cnx%Oa^Q@*
zR}SZ;WWO~TDylUa=vdKVE}5~_$31{w@k)x6ZhDm_lAIStDnapfhwep|x{An4q72s#
z3F<p&%RX-GCe&O+ADOpIClsX+TH48VsX8>?Xmo0!@3FA%x<oQmbLB$(CC+!d=a>yj
zZ(DO=E|Wf?_etgPRF(DC9#M4MV}aXy(q(b<z`e4wM=+1(RbE?)RR*cuUgj-V-5BXh
zm@H{wZd_k_9F)j8HKMdEv9`ErTr#67@hoX$@dCl7M6CM*<0P%ayZMquiix`XnMH{Y
z54puk1G7zSuJ<nMZa&;u;3*%_cQkPLYsWFZ%4LT~g~64Qm7nxm=ZXlLsG`Cv*X21@
zb@{xk7+d)Sy(TE7pBb)Ly{#z^Rf}9&Fi_*_4HH4@z7}sL?+TrI4KGVyow5_867t&M
zrTi2nop3HFtN#{ruLQy{&Np;!Wb;mIzZFV_q;?E7)E<1aCX_z<;PA!63|Yr|ci*xx
zb)fLPyC!tC-=8|u{Ic40=SgnnwJec_ng!&f-mam!Y;%&{w7~Sp;un{Ub)R#n8B`@l
z?zI*!OOHHTBIw-ou7Jtmq^~4%{WFavUw3=ivO>@ECo<mblD2Eg%QUCa)_L^6{8$pN
z=p<vR_5pvWL>qU$dy`j+CiTK6d8@J`m9A9|-fb@+Db}gTh&;PDH~waO0aJv7{~2Zj
zwUPH7?+OkiJ>Hlr@iG%(Vq#Vbk4WZp{@7JK^=!b#*_ZvcA{XAK=eQ3DX*V7z_iRUq
zVi<`q2N&1K!&p9SS=h0?im^jvg9Yl&<tUHaK{KC7Y?gx=567CNx+uoQ6oT8=!omiu
z+1W1*4Qa3^giOSmaZBV#ppGBPx!hsW#m}V~?WJruW>|f$Grhd|8JXN5-1Ow$PZ4Qt
zVeb<XU^%KPSj~kni!;Z<xa9Fx$|`fFrg36CrYc-!=86f=aKeZ0+PYl99KWhLeOZO8
zLBq^Kbf0Sa$U|(*)u`~<`=XhJF=@4NnB<fB*Qk$sPqHSn^W=>1oxVX>kw4fqncmFT
zl6q8OpMo-1+CxzR4%#aV(W`po6Y;S_(F{mwc8<tK1t#kV&NRl$vpYH^`LLvicZr<>
z_oT#`wVCatCL<fHw|T9%TZ=X9xao}@7Cy=?liUnfqPTY4+Ij!^j#Jj>BGXR$dZg3)
z?q{V6*WfuoE6aXQzHZ_5)6%0#N;WTB&#+U<+1_XDBq<OSkGZpRvHK<?mx6Hg)le=e
zg!KN%^QO@QVULu(S!KzNnvSZuolq7|x^n;d;C>rZOVJei6o!~9Jm3aY%Kl6&jk968
z#{N;(Ot?JBUb3`Kdetl3Ow&7F?=#gt5O~by<<Wa*)nqfmQbgpeZK;pi)som=iVm}&
zCVx3?iWNv7q=BR1ey3^DCMe?x?8o+4rS1$FEN}{b8EwnKPCkBrVCDWRcD0Jj@N2FY
z^+fktp5e}Z#}igTcGB0(R{4rt<HH==y&uk>jJ`5_^?8k8%%GPjw;)f+^*bsr*y!n8
zc$5#!MJlz?@jHngWeQW1k4>?05@Xz<!F|*+hBqsfgooooe%OOJ_Bb^?6<Im+s}brP
zIs<fzYTUceXnc`Lxckmek%5C`r!r2%&3X4^5+94VeT^}n2)`U<&n-3Q7=!~QQcvWJ
zx~xXIMZGlX-PqXa*IJ@XDq%~8N4vOZrb!Fh9u_0xFW~)bE2x|36d0y<e>gvBfjHI(
z2ca9JpI+8DK{CLxR~}!M{DS8C#QEU}1ZUbaIQJgL5xr=Y2OT4or}$K!*74MP>rj}h
zM9<6VoPCyx%1Y{d5X}x(EFycVco23xghnxymGLQ#Pvt>&l|%;5i9HlldU2_2ahWPn
zrS*OL8NRNcy6D?O5;Z=v-*?x>$6gQBa%<1!+MZduWv`&y8yok?=}0_Poz%X}(R~yP
zGE01%@$tA1sn4!ERpNuRmwRW8?{@66>%Ajn5?KB?L%N4%%x7Kl&DhKmDT&SN*2t^}
z6?eq1<aF=1o(j(NE$<lHOC$1vhVYQgX{Rg68~&xTU6KTY>Q-ht-><tWH^gcCt;rsV
z_1<A7xi>hmbe`_~gXX?djPo9Dq|8ny$-`;rsY|=XKF*#_l-_L-KnIps=(wCHurjTV
zKBf6>GoQn{D{HGvYlddiA8MUq7Ta*7?Hrh!v+*RW+&Jc3PA20_SoUV<Jsl@>x4V0W
zuKVN1SsEUd1oAzaPaCs?UhiVQb4;~n#`Us)<sBhG=JUrYNmLE4NnV_l+%MkXc(XdA
zwJ4kA;0^($I>{wBA4Uqgn!THk;4Rlz#8?HM?f*h{QCMfm>#Hcu8|L{X_3&x(l?z6;
zs+%;UB;W3-+EyHkH?d_aD|vlt$CW!ed+e7>{m(y)DkP!0PkykX$@L^V*V}iG+xvAi
z*pyNgXWd}=+A%vyo#d%^>Yg)~E=^zsHh!wb<MoiU`R1W9KIhhU%w4*9Mxk;*feB%H
zB|XL~=BW(=^g-Z-egJz+cUBb6A$x)GR*L%5d#t*O>ez&r1?L#l*nOEeWA<SY@mKF3
zPrCeecMd08XuBOY(^yk^CtQ#uEk>1wa#KM#{=5MXf?Gc0_KutPJ(-5s>4Wqg3=iDS
z6pV9hPN1}Ljyq2Kylpp+NX8lR>{7>ax3W&ea?3kOnarT42AM%;s%Yp51vDq9rdZL9
zp^WKTOD%f$Pd6Xp8}_i}fE(~eN6F{PFr4x;Ev8rBxm04y;X-D|5tASP)F3DRjJlB%
zRWbb&<6QP$zg!tg+qAlQexAgB@lbZ>jF%iK2}*+w@k;kE8!h#EWhimdhlf8lLPVd^
zN9-%MpeIyXocOH7xuB!SS!mtJUUfGnZ1>0Va?dsH?%5WDtjIIQpSm+6&y<MJ6EZ|j
zgtSL{DYfrA_lWqK(xT6B@=0B&;p6#zeewg+j)p6jG3qOHIx7qvG=Zh}6s!h}a;#ZZ
zys(51Pi&K}9KHHThBfG@3ugm8zwKdz4_eX=CnM>t4|AyRj!1#W$(^v3IsR^UtGhM7
z-}`!NMpl_e%%*Qo?&)KXi4Jav-lbD{l5}2$@rgQv_zB8kr?d~smoliWI0rD)*M>PC
zIKEWhyE9GUp8JlLr#o(ZI$oQ!EMLGZN7moth$5joem<U2DCzdK>oO-y!)ggTO)rrU
zcK6F*S;!{oyKhEiMBx;US5t1%<-F{;u#Z4ti-~31^BFtjz<j3Yn1g`GZLw}YX-YQg
zpp@iCwh~zds2AN=^!xYg3~-V3QaCw#aY~XQPTjQVa@k44)G~dtCZXN<{Y9#8!L#b&
zFJ5IK<{9NRcPKe{S@B83-D|*=YgY?m_kB=;RkgjMdO#X8y?gP<6?d0AI-^a|%N1cK
zTFdXCc8iBM=6z7RsGj`(V8ad)s@}EG9xcO<tJcOnz1~S|52ZhxY}R>@7=bim2`<L!
z_0uj$aZKS?8kkD_P%@0F=Ju*OBZu)?W?AjbSsxGBald0=(OmDWUAcmsdj4TG_^>l&
z2-fs$w)jEy%F||8hO_$*Slw`j_uZAEj$BK=2*Sxo@mBCw@fEFT`?VVPb9h(^`v|?d
z!`+}u-f||(FIZNRT-5CrPNC>_PJo;#gEm_x{JHs^oz17>Hc>12gWuxJjJe!6YEw9=
z8KkD&5^lm`S)2VF7(LqTb(19>PuC{PxsqdVn(8s!R)(`MnxEs!wY9vJdq6QR{`k4!
zc*@87l|v(UPQ6~h7G;>(X<U=kaO!eq7CtI0Y@kQFkI9nb7(>rK?d)gos|((pYv%6Z
zbUAk0(r=_vK=2Ji+w+yP>M!K#$(y?1+EP!>n_d5=ahPW5{tfI7y5pBrFEn;VtvPEo
z+n=KfVVr>tVN+bXUZx-)xNwm)V4JADk1&j;RFEFDyvSIS(QbX_K&_=YM}9%wQ8h0W
z3xv{D*E$#1f_&~SwORTJ(xt0K1}a((5-oRD*PW3iXNqoK?!6Vm6J2yh6C<MJj>zrh
zr*zNyysyDrZ}I-g&utctvIB9GC_~fFQu$52_vp*_vGG~SbY2~1r$nk`R+{bUV&pH=
zJ)qcmlm|Yi?uSt_uL{rzR7>Yel!<4Z!_gPLX?9gpwyF|8IMkfnb?Rk{Y+h`$LW_t(
zf)z)C?kBGz-ppI_mP7cBnd8~sDwY}++-KpLb<-98(O+NRiS^x}*y-EZ{oc4AulQ<Z
z^rK)sU+>VK3Y7=W*A`<HK1A@Pz?qoMd?GWWZ=H{F@m1hUefea6h=;CMOWrkEHvCn*
zSG1TWPZZ+w{i#(2A#nLtdHpo!WqA3aNjrFM%+BTmUGqBT=x2qNOL;Bw20}5`BXrH}
z#}pQ2;0?P!j|a`4%F<VULYt`@ZK(5&71_R+c38)pJ-0WMP57+)3EI>lc`;b3+d7OY
zMNCbe^uwJ)?`0kg?R;2t#B%0gSIhLE<tewmmK0~&tK4!DlUAh+M@d%FO39*MIECA*
zSQ+i;+f_P#j`pxAO7wg#E%tN$^}*Ro+AN}CJV(Xekn(<mWem}P8|_1kX>U;$en=iW
zDM*<isn@E>Kl-xiq^0oGrE@#xJ+sOkYi95(CpT$ySl&2Cz062?vZG$bT?Vds%b_MZ
zs(IX2Le!TeFKVK#*+Qpu28WnF?=O3hcIb3LaGm-QQQr$fA>%u$E-F*SX{d#`!A@y-
zcXfIz7Kcl6-&)n?ZF4>ruGyYeN7lYMdvrvcvzk`?M63ikucYM>On>WO^O_1-{pnRs
z<s;ve#W8I`chx_%^glS5Def;EMa7_(7BLat72(p`a`H)%+}go-_VC=-BH`X-jq2m3
zpS-W9`%#zCei<k6A~?z}$P306pKUL`sJY<#jLUCNmxDP%qiJ?$*0J`C9%avG8fvFz
zaO-1fYJB}Vf!&mD36BG!Y(MfzNXiM9Ue;N9sP_eS5>w=EA|U7SaAihEc&^o3Pn_&a
z_Qpi3vknL$d=x+6$mw~qwD3_l|A&_K#tfGaiEWp5N;;m`Z8SPo+95S9#&x@?`x(X)
z*M2=;j%rFpUNVnAXLlT5Pp#?mvDy*c_{SV0EibF57~VUESK_StBIEVN4HieUX*oQ3
z=VU^(3D?`l6!%_#sm<Z6L)PFL-^kG2+&4i{>`5=^)0!H`;jw(m<x!!h`msa}UBw*z
zd+#*Dtv|0}7|zXGUN>E?l)_($XtTvjjoehjO{@)g6Y4uRTBVL$4)0>+Z8D3OPTq)p
z)l0Ex#8Zb-o>IuTf(a{}!+YOW+k4W#c)?qz)tBYj`zxcK2OiMKQDJG3M*Hu789#Zp
z?vr-O^Tjuww`bij%R}#IPso0|w;JC;)<JtBd@1ND?GqLm$1D~t!^Tibub0arh1W10
zl14f8QsRYGF{StNWi|p$GVkTb&B4~krg@`Njx424@kYz`z89zQ=P0x`;TC)o+NOH~
zGk(Yq>(6nqmtexZNw__0VZzNqc;=rr^|7jBPJnxEOp#;3c}ifPR*#W>Mft*jTjGno
zk9ZGS&kudXpLq5BpbnBHATiAEYPqt7aU%C--dCJQ(hHVpL>P;HVpv6#K<vr|_aySR
zTF08QSm$i(?!8}GjOQ-%*?x}7@{~FFCGu%hj;Bms_o<i5=fzig_j$8arXCsiX6h^7
z`O4?p5j^gBXphwMjE73DT&Ki`OGLz}`Z^tRhomV*#4(endctVV`j7-1dg*zXJXPAN
zrF(^tr+?j;rtWdb!a+;z*x2@b3O(Mu2FKBAEosJNJ3{?3&TZ3dQ$AOC<H1yyCt}5K
z*T#~_`ZV800#hIof3WHaO(0v)U7H#c%uvRWd6SmGjJ&~oqi3p?^STBLx`>sgsre^G
z{&i2z`IU6@-<qipET9R@JbE|j*=Bry8`HY%k&Qa)jrDLZp&(U~r<qLaGNhZUjWh$T
zR`ZQC>reJ8g|y=5!_roYnAWYB)-#yay+|cI{6gmSNLfrSY+5h}pn@cf!lLl=8Hklw
zCO=dVOJjd1(kne%@;b$k#LIp*9k4nhJK#jB%5s=K-Q;PTJUTS}aIm!W$~7fq`*|*;
zm)XILdMv)7G4yb-1*1gVLke1SfAHSt7jjp$kGdK)^)FCITF%!h`mw&{IZ8f6{`&Hx
z!GdE!Fr5f_`B!!0BBEvuE{vfAdR_-Z5ng%-%6cX~riBeMyWnrQ^?vd2dDFeUR<+W*
z=lpBfr<?o9lve_<&YOJ4j>4#dBD`v@E*m~8|7ybEVdWI)bY?to-!e=4?yrY~`{`)P
zQ2u+d*J{gsZr9~e&$^pQzy<`Li;?#1HFPg8pgmSaJ=<k-pzQFx3h$DolU1np_^W;z
z-rnfiJJgP?{UtL<DFaf%-P&1d52I(@d4pf`27NIOhi04ma|1&SaPPW8A6pnw__b2^
zQn#JGVTo(=sDKAyEaumADrR|%?Vj>8_1vnBq&D8wZ8zKCdCqBn3He#~Qs+I!l`r{n
zXoj>cdusM2<Cya>I#i3uQWfh1lZX#A$gkn02m9?3&79LD>68kvo--*^k1W$j@?Q@f
z5NLLxGA8YBvRrt3uHt^Wq#k_(x?LzaokX|WNgE%eHqsEkxAa6%6S8!gr{tX7ZUa&S
zlI&tq14Jn*sQG-YX!zOFuTen}q^YJk4Ww+GOolrRIEwVB`n#wPo~BGbU}u_c)9~S<
zx9P3?hNHE&l!6j)j*(P>qphWAmT8u?^9$8|)gzmSs4%k)f98$wGcpzi1DtMtItB^-
z-N;z7TOEV=Rn6>eoZaz19fX8{pU?k?$AZIv0|Gx14P%810p}w)ObGM4hY*OJMJXuh
zYL0hwV-@~OA0d$S&wYf5o9n-Cw{H)Ug}?~^w;);3A02~P=|bkbDFq%MI-<Uuag#AN
zcZSpW3zz%X9ptGTnWyOl{k|d|I>Z`VS0xFDQitZ)uo&d}Esb6suW6ICnJ^U!-+$Vd
zF`m;~GL3#i=UMgjQjT-;9#hje+eOo?D;9G&A>YSuo6p@iHhX4ik{z2SU$$yprsf%5
zYy!Km6c=5VPJhX%1^HOe?;>AWNiMbdNQcA2b&9;~J^D{YRI|z1a3zN4hkSNxz;)Ut
zT{0=GR|yC6==i^}ia()xD|&|M)bwPH?BISErd2)GIdF-2g{t8RmKaW-sLVdrzKj6T
zvA8wW7h_L_KS>W?JdRN?X$T?Q9GJX5qsp$u*Ajvq-1YP*j3jMfIU=WE{7N6@n`WrO
zp9#=Ej8*kl67#2SEpXrq_G`SVAFe3CP35~g3vgS3+*y9Qrx4v*fIAE1r2)CRZ1>P0
z3iogEqlC7_j{@!_e|Tuf!C6s|&yI$m9Ppa?@eTN{{P+f(LLe4^UxDw;k8i-ag!qjT
zM3efXPyO`46BQ-)2v%Yp01q`6g1IK%%|K91Mov%*@8xFnYqnopMTmYuYB(#rpc>8v
z>LJMQ)oI{e3GOcDcvn`T?=h~<;w@}&QUosp2t^?{TtFBD`Wq6BLLy<n5lHxVfRUi2
zqa(r1)qoOCbgyGY{P-Xi#)=?1v;emqh)7o8utWTS&;oBnuNB~-Lwp0QmUkhzI{^YU
zfg=-e6Lf;`H1`&i))bV%d)S!cHRPoP6<FPXlasi(pfqrA0%W+d5=;4oRloGt|2fTw
z?<63;lK|X>Ai5Al#<BuYgWmo%UBps;q3ah3_}|m@y`la!?!;FA1$W?N^+%8RpCb?Y
zF2s1?%tie8E_#UXGWV}30ty3^_A5zSN4ft+-}-kw0#1~?UvL$ISOGchg3cvPa0i_q
z4tcq{xViy{JBThpWgPg9A#&_j{XzWow~R1BEgLs`yr`V4oE!`WT<~BR;0h-s^Wy=&
zcNheCgvE&wD%}i-Y!lQwrw?2NfnGxkfI5tRsvsg>8iFc7ZLtCe!`~T91pGzaC{Pb@
zA%qD59E7C6gZW;!5WtIwlPrLt{uB>51}Oj#+lq&p3*O@=L%!p*wb3yU;4g3jtRT`4
z;Q%~|VM5a2`N1FX3PXYTn$SB2!WrTnltvhQLiwQIz;|L^*`Ih5oAM|BP-xhH#QQt{
ze(-XuPQ*ZfzrY&>@e$$|^a*grKsZ4-{`iD&C*lQyHbUPaI*EM#K@XJo5Bz_WL8KR=
z6?h&(^bylTG(#|mZtw}EA?5@8`k5Y*DF`2^4%8oV^cx=#aB%(We`r5q6aADaqF(-`
zBVc~%wBI|z@A8a-_zz^6h%ZD3gzq0R^nHB%A<IHAgaAP5Pi2V6?w>ep?To+?^e@{2
z4Js${3gQtY*8mS9zy4INf5QoZ5*7f%@1NsD<i!v9*fzF6fWMFrs7;9N56K49et#;f
z@b6XpU=Ri_EC7_tpCj|VIlp%@qQUTMBSC<_K!zx+5CT7t_#K(=41<Ii5-3QBehM2=
zQ9#VxMgV{ze|EUvi9kam*PoL><lzr~5?kR{5+J~TBLU(m)V@%^gW48q_n-O#A`N<n
z^eRC2XaD+7Xrdsj{~S#scYmNs)bGEdxouqdy*mIC_<QxB+Y{B+&vyuA2z`i?|ABKz
z6#75+kFES7+M+-B^@n``&WUU_PALWduucJkiRLL}kwQk6l8uF{0V`2qvl69?l~@TF
z=|DPQ4G?7$O8C9sqkmxo(Q^H@cA`o9hgZF_jia5Q6v4#;??SYR0i!kW=57W^tS}hO
zFfa_z$!H{20KrNWd0-KPVU|dRq&XDt8Q8Ph8Vb;J(%Q|<$yG#9(9_dXfZ&O9brK-B
zSP60iTz*C87vcF{3}j*dS9HLM83814rWXRe4uM1g1&PGM1%&<%Iu<sr=I*Yp0#+_K
z3wt~fCpSTBf+xQPf!~H7?`3Z9Zh_}_b;6t5SlXELyFu2ujhl@Jp5FrR1g0p!Ot-<i
z@)IoiT?r0&H)|V5E0FK|Z~TA(;6#rwd@Gf|$lgDp5(%kYAz|o00tHwOvH$PT`2Xw%
z%;$G<A=rX8<Oeedyo-~IjVmAzZ|?45<L1qebFvX+v#{~tceN(C+gsSUyW;V#0JxO^
z$a4DUQiFzC>ATRtg|I+${<hHkIR&;j4;&!FoB+ggt0aLL?7u=0E(C-buo#^8Kx2W7
z!vT}QX{`S)*Z%^=Uo5JBAO^p15siX+AvD<hk1+hjcKQbx!i9weFo1I~(A;RC3(>4_
zIQs8k2<Zl#6VBZFdq?zguonc<>V$W31AR=;1`=3DoV_6Es}2r07k(!K!G4Qm5~rj8
zTr%N+lW?%MCJg--1}zSzP)Gsn-@)0+#?9K@Ou(GrAZTkwaCH^*!b3|6f&k!P<0gm!
zCtt7@a7!VKIRb_Qi+7fmD2y2n1{1~zA&?jZ4ueBM=H^y9ezBDP0p}552?7PjLJ9&<
zgk(h_;eSthaZXMGu8!Vz0yYFe4|jW@xK++6@heK|Nb>8+YDmj!@(aPR*ln7OIN$#l
z>_%aL;Ql}q0U{dw?-BjQu=)r5B=$8p3JzEaM?&IE6qLUs7Jse|{*%t#+WP-)7(~Jm
zzy?MD)e58l(pz8+3NC>9JLo!kSO_@UxVi~g5j?&NfCb(SXJaoYts~2i0QMw59Gp+x
zI*<{Uxc+(bBS1d`xDmB1QV8@jusVhoK>iQ${CDFO3I!cnLjYVM8wVVeL;Ni*_V0K}
zTp;}Cyo7^Ofk-qQ=q;465YW01KmXQfVCHV+V`FcR6L7&>SmWG?3Ji?;o+jW20dp%G
z2^$MBI2KsHXw(+z1jqgU&Cm)gAz+>n@nb~^VStW8VgSZ}r`7+Zb|S8_{&SXs^NP^G
z1x#GfjSwi%{NTvtUt5z7psTnMMC`y?t)qaafG5u0{<IYYgxI>3eULf+&#}V5fSMG7
zf9D(2w}ntbe{Y2Px7_=8Ll7E<f|?lv&YHquP$LT?p+=U$ySf>CpZY?RWUy2L23Vk!
zjefEIL7v|^BaL&z*%Pe5nwb??r2oEZPbsJh?C$T=i|<Qpti&}UM|XRBR^mSxnCYmx
zyV=_~LM!{ki613c<#V(;iFf4J*5v+m!h!w8Oq6tYvnIIwSl&ZH(^F`U2hIPWr4cai
zBhIS9)D-c{_n*r~LegLsE$xEGx&2WDw3_k9Di<`Xg^ELfWMJdM!rdJIM^(_w7pel3
z|8v5Qf>zO>s()7hW6BAk01gckQ9#0eRtaWWGB`K<Nf{AHRm0&33><?3+ZOyVG#3oU
z1qtBK-4rhuyd@<#zYC`XCH?q=jv@o*TC#qJVPV2xw}bc_tK$zCc!Pu1f&Ts<h5%EW
zEif#w^tQraNEp~x+LBiY4o(*T4#UEc&^`?G_y2VOrfjPhD+~jY^jkVC94xSIfx)oC
zkbUx7I=~xfpYt~uIOq*+Dg6cm>9C-m{tiP3gQMKP!@xP{?d5?3&fD+<%M{yTNW`}C
zP+%QyYaJ-C2el0bDBcDW7T%T)4gV7ubnJW!9cVPPQS}?WSRlaL%fmvejK8M?>Tz3M
z&~DrE3L&9I$Srx%U?#g22IjciU|=ZP3Ik)wRvy5COm4*m0r>YPFznVk5Gd?+7#fM%
zN-qK}1WvpEjx!Rzz0Cm(+7bMXUL*nt`8F5|oTlHJP6*n{_$@CA+yJmO9e_cr-@m5=
zTe#a{=xuyKA%R7|B`+Efw>2+-ZQ~0XY#VRI1&u^(!w={cXd~q}{J;vpHXZ=jwl>1R
zgu%wimb`EwV3civfi>}MbqEVXTROkh3l`&nX4wiuz_zvr7PeiNV8KAJwGJ!{3vN!>
zQXc4T+v)}L;jMCtMZmY|Q!JRhZRIHzf!d}|u|U0VFAuwo_gK&uwxvUEmp?2L37K@z
z-yeDxi$sB|D7L_apz9~Lz`(sYzwiYtkJ;GcU7*c2O&cFP7-j@D2n4Xh1=6sBEqet=
zO9Cr#%!OWLSPfW3F_IWGS`r~8D}$AjK_Mh%WdSyFSXoJwv@{xn1iL~1Jqfh7DMK)q
zw#J*=xw<>B3W6Srl9CgW5dtzUEhCMU0d0?!6_$fb%D_-kC^%#SxVqt7+=#;=76bP8
MDLFV~RpluE4}q#uR{#J2

literal 0
HcmV?d00001


From 609e21c1d0253224f6f998f355ba5edcecb1d01a Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Fri, 27 Nov 2020 18:49:44 -0500
Subject: [PATCH 726/812] Bump release to new release number, 2.2.2.0.

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 38b9f54e0..1b28fb68d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,7 +3,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.owasp.esapi</groupId>
     <artifactId>esapi</artifactId>
-    <version>2.2.2.0-SNAPSHOT</version>
+    <version>2.2.2.0</version>
     <packaging>jar</packaging>
 
     <distributionManagement>

From 5bd090ff03f92fa8b08ce1a67444d7be9bd87e1b Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sat, 28 Nov 2020 11:18:52 -0500
Subject: [PATCH 727/812] Modifying pom.xml for next planned release.

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 38b9f54e0..706527231 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,7 +3,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.owasp.esapi</groupId>
     <artifactId>esapi</artifactId>
-    <version>2.2.2.0-SNAPSHOT</version>
+    <version>2.3.0.0-SNAPSHOT</version>
     <packaging>jar</packaging>
 
     <distributionManagement>

From eeef531f02827d6cdfe392f340230820f274f0ad Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sat, 28 Nov 2020 18:15:22 -0500
Subject: [PATCH 728/812] Minor clarifications and corrections to typos.

---
 documentation/ESAPI-release-steps.odt | Bin 166633 -> 166671 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)

diff --git a/documentation/ESAPI-release-steps.odt b/documentation/ESAPI-release-steps.odt
index 479126416f10ae7d0830ccee03858a7c1cc9d198..05b2881e27c269aebf9e0ea899fffa43e315bd9d 100644
GIT binary patch
delta 49252
zcmagGV{jl*^EVnN8*PjYHnweTY}*^#PA0Z(Z*1E(Hnwg1-RF<D>VCNQ&X?&k-KV>&
zru$S^_x$E02{tAf7C~ML90Cml1O^0zrPV7AK@#ELP2p>Am&Ar01jHuJNC*t<qqd|R
z6tpNo8LT+r6O0OD{qOkv{QT_V>g@97`pV+!+S>T)(P{!8_;29(;q&to1O(*k>x&hC
zGw+{L8VO-RWw+G}Z@`X3&D-?S!Brv}iHb8+Lu-4r(HKYZ<fYbQElS%T&Z<DeKDHxT
z)Y=^;zCxpVrqj8Z!YDZ{2<HsZD+%ASFqynIF@9A_&gAgmGXA_%GCgr44Xv}jYAu%I
z8$@KvI^<6=X&@2-YRu&3-Tq3<b=s`4=>!rnLFwuJ_-D1}>)J=x)!WNwX3p_PLaL8p
zPNX-}<LEN^@BdE%ST%COndaxMc_sOJw`{jBU3z=G&0f@d9mk{_ppIe7{@4l%DaUcL
z&tm(^0oH*t-Pf_BzO0;=pWq=Io>i_xn;yO7DIS$qUZXaATNe+XneQN@&-Lt8R`2hC
zPMWuq=+}_p&Pw-7S~u;K?&-%Ibo7R%5CHTSycY9U@wS8Itju<Az9~JsU8w<&<Lq9N
zZxN@z0PXhs*}r3cdR?DKazFI^O{L^yt$FULJAvk}QSPsjz^)>#m-esIgzvp_^cegr
zXIbf9=j30xPt~=quOqv~UzeDC&zD*;8?Wh`j$;|0HBZ}mSe^VIeN%%+WcyNEnAp<?
zwx2WC1^moBx5=)+_Uf!@*T<0F+cx)C&65<g9`}Re(t_>t;Owu{sBYJ++avz8&T?0a
zeSo&}>D}XSrdvTVq;6aON(Pwo+}MTQa@yIZ&AHU|)b&}g{gk|_-p`Zk^cdm0-tJxb
z;(1F4IIiKo&R#cj@LndHbv#R-=zHI~z=HYRl{v33m%dx;{K`3)VeYJcALl>*&@nky
zyz15Jo-U3{=Wy7w{i)t^6vh4-?XyRo19)CYS{%c5>b)iuINAyT&i&knRMkGiYlmC*
zOO5{+OOtwAZwvfw2d`R(pKshT>$gptzn~XzKIfrrUn1Dw+iSI|J(uG2I3B1wF@0{f
zK641~j}daxTMx6_tF$<7S8f08e*?GuqF>VW*eRY_AKrJ(>?q<+{OH_ttiA$1`sHMG
z1%Ar?6rA3CZh~(AvUuU%`f1Da(ki9r`D!W0=X5r>nL_{Qq381%R{iK9=Y7;J$LD+#
zRNZy`PsHbScZqN5ZSl9$-h9kc*W<e*X7}5&Yu7`Jo@X-ttNNAJmfPtIx!&{pot)QG
zZE=^R`+2FU=Y2~==QRIaWigQRwzi4N>mliZb<i^H^H|?Gj1PPoUS-70{`z_5{Zyax
zF|?<5$$K+^`U^AX6>8%J9J@5z^H7Wx%KL2e1N4ciXg<d$TXuT%yU%fuEzi>1&_B7Z
zze-<+!CUV}S8KnEuhQKPPqO2I<hzV}LiG0sKdIq)Og%rN4$pI_6QBUNUzgL_@=Qp4
zlRsUaDO~4H<_0-#lqAMJv8}UhH{Vag%=T$}dhbjq{jC?<<#@No|13$e=NIsk_d4qc
z5&!MOvY4*p5_~xLlWE@b*i^3b@TL2rlliVl3!rrjxR0&|Rw{H~l}_?WbZ|e1@gBba
zGtG1Qd63ij=gI#G*r?Ab<-g*2D|xza-E`E_d)Yghdf@vS75n+6SbyUDQu9*EIY*kq
zXkM>IQN(pO5yKyGMZE6Kq#GT1lv7--w#v<jjad_8kJ;U~xlw4;0hpOh^jCssF+;bd
zBF5rhYFoz6#WsjMw?%i-<sB`CVP1X#H(jxbk(aYLtG|{2^{-v7Ye&>y*mVw*tZ@7W
z+c~;ABi*0rW98L&Z%4$?i1^&sr!PP<cPvpPevA_Z@8<WXtkg(2v6yrCkN5p@{#Qr-
zr?!BQk+rSc@!RswM>+N^9NSLFj>Bby>b8T2U&LZI+HNu@=>Y?G;z$tuPDC(#If;>X
z!_ns*k8Kk`c@?+A_Oc)G<{0ZzWf#8ZDQk6BzT93^x5s|l{n>XsoOa_&mDT{;!s+~o
z0N)Qp&-$Mv{F$!1#WyRCm~EK&oUWJaFK{uL{9hw4jz{?J`|IwHe83LR$GOY2j$5F&
z)5+##>t(ChR4uv-+SY5o``1g?^P4@{-U+#0*!(;Y2CbdoBt6w`=weMp{#u?wD|Xkz
zb`^5%a2OxIGp<A4p1Gj(r!|8~Kw++q2s~EzF>F{2fr|VXC8t&_gq*RS*DJsMW$gQX
z5Z(ul#Hcv?p%}W#=&7BVq+BToh_Mrxz_`z7X}9NtWcyO}%(d|pvs=E%h2os7@gByI
zZ2urowKg#5Q9o-oBl0TP&5*Hd3U`%$T*WqI-L&k)XxZjz(SDO3@g!?)e|#AnK&utC
zKf`bhCIm+3ta*?3>?fB}vu52&!c!^cq9ZzN3KD%Cg_h>Tk%^PpX8$%Gy^k8!?4kQL
zV)I3VM_>EA28#1D?%+qAf}?IaGhC4|N~IByyPoND<YbPhvaMYk{sa7cQX{j5`uH)A
zXtQ$-2Mcy2yR|#XAjT~0K87lwuwypJZP%4-+rQ8%Gc8-uC^d;O(Et%&RSDaOih#X=
z&ng@KW|$6Fs2jrb4n61A<o>Zwhr_Drj1~%^iv$D>hx=J3EXDy&B4;SP>7ZxD0YL^}
z`>9Jcoiq-EJkKKa`WG!zMMix_?sz1-$wfxxQK3w<JovdxWzaLLGO<#}vz*mlxp64D
z?}YD_?ZvP0Q)9V7{aIFV^E$wnPy7{jV1FJb0=!n#J@{5aKn+{Kw6f-?UTfqk>v?%Y
zD-?;equA4{`6#5bn%>Ni5=|ceTT3B;WQzI`M@O>6UdEUATiAO12#Y6_ynD=N%Y2U6
zwq9(bF?B${+wXT=Z`*wjt}E`N1Pu1ETF2cm5}Ot2h)E|kQk__4!1kkwB2#8qJDvc>
z>^hpiIQSr#C>Q0NG0d%_wR)y1*-2ehj3H$2?wq!OxL#L+_*8=WCaSIcJscTuSm=3P
z8@#OBaI_y3^`>=#cdmKL{B6`shV6zTTdyg%tg!Iro<o6@NjDuo4L@%4ttMTj^fnQG
zhXN+JSdp3Cc4jAQTIMk<Ei$kA@T%^6$~e-iO#{wuMkTvehfGEUAyxXay|g525JP@c
zU?|GbzEqT^A;a$RW7}rWNRt*&Vx>$&T!Q7+sacg$W`ajt?q;@-cdIh_+!SSHeDP=h
zI=d8uR#~qj>h}fmo-6{X$qnKS1@SWpR%&XzSSoH|1l``14NgMzR$e|e*0u>zgJA9G
z+TgJ#!~l9AG@euk;sM;(Z6`_V<5SJ1)4hq7o}qT-(k~(g3v5COOX(+Ii0tfeP$dC@
zj`fX(EKWPu6KwGW5)f^%2N4X90^b8U*!8`08~AMnJ0Q?g7`=3&io%b;)4emb1q>Hu
zDS^b+ZP$Do3O43ZP816ce`S#0<YGD^mLeypR9_v)8<W{~CMYPOWQbbOh)re{JtHWF
zCc*a{1v$IIhiMW0iC_wR$Pji<TTYXq1G#N5KYlKns1O`E#(Sv8!Rza@CP*27Pu~A_
zXM``m_}3anrPK^0l@h@?dOzu2$O3Od0H*iH*=zZ`j)rkXoh(1inm&B3MRgsoidIKi
zWYTi*kE3L!BbZtJunRrZ;@a_3%!DxnHXkIEJ}EIB8^(&0-=O*cq|+aENqzYgf3aDV
zQG<x_-mC8>r(|L+JKNLQw#5P7yN;i^()6M}eIi5`RD8c}ANLu>dO0o;QXNsfA<xbH
z;)s~Zcnw+-x{rO@@&Z;?I0lSqv4jpYK76a4?HnjCDYU3>lbM5EjrQlnvRP@0Yptu<
zSIt-X87LC(a3X?%vgF}K_LIF57AhM&t*9}V#>Ix~o3)hnHs(L9H0MIfmVeonbnv)U
z>-`zeG?yJ(10(cyYML_C#5oj2;uC15NK`X!5v28IrrB%r$HE=zvqe|1&C$TEpR1aL
z<6adp3Ks_3LAV^-)A^*)*O}{JgOyVy>AQc@6tZ8ch}O>mZ>vbrplOI`@nFuB-nV}v
zSy+hkPKtUO2*JVxppkQz&%jfVLTajW3rUi8pGFottTaxB!nIS!I-5(BSY5PrlMuQ~
zBCU8bX>&_UHFSu7>SgCxl_yRc+;n^QrN)NH6k0~jMS@LpmF10>n-WZ%P*j6ZB>A#w
z>S?GbgCubR%)x`+cGMV<!iem2BDpD*DZ|~_sq8#l_V1E8R0{{1FOvfI9#knXn6}a^
zuld{%+BCOoM+t}lMUjl5KMj@GR=K3OwUqN`6E3YB;L)9+^_Bk?clhxQgsiy*h3)Ob
zEFCw{MxK;U04&=nLL8>^F{|;UB&=1ijDzymX~wdEG69sgA+yR~leYN!l>=oc?OMYc
z`P8Zx0puSF1Da+s$YV+rk3y6Zz!YPAyuHcp<wIDzC8{eu*3iJQkpy^Kv{Zs_YwWy(
znU@g_G;3${4v}vg7^_T3?hQV+KNpqKwx#juA9E_+p@;WlFk$LCNWYcsUl|~WeNG$D
zowdk-RkQv;!1qW9)ZY?+p3}^=Gi(-%I$w-Yi-wba?X4()k<`h{4~Z=hVewK4R=(!4
zuon8}`v~Aqjz6O@R1ZJlkEImuBIrVbz%;DG#G7n-O!p2(#@lbeK(*5~x5y(=^SRJo
z4}J#Qm5P`yab+vNH{PpAHCJw#87ep96`05aNhn%Soq|1eTA~}9ENAyV=^1PeO*(50
zSr0{L`5w)xJ&v^XtM-TI$nNvHu4;uVsv9C^E|cHlPF*@BG0&nqFKWJXwL7^SOY@&u
zX+;5b)){Oct1fPq?J6=fpImq*1vl@AN@|>Cf2Nz}5mb0Lsl`j?Zb^F|q&>dT9nb9n
zsq6PGJq7A%)=~0S0)Zt2;2YslaCl=whJi4Rsxf<JxDMXe;)+a~H77lXV@3=8$GYIC
z1L}3-Y0<h)IE`?V1Ona%iy8=ooiPwarbDrhxF7aqF-ZQffy|=3s`?)UC}^2szmgOL
zz;Qn@9{mZ}iswFL4R4mxwj6p7-wPc8Ejr#zNlcI)Br4+hRy6FqoOlP+fVu*9DWs<0
zJdY*&(r?bJ;Aojp{b^bLL}|Z3B2QKnNVAf?8+#^--6iJqCGq0>Yn`?Y?DimzJ_Q7R
z3mLlMfVx(YiMBi$(Lf|0v9FGaTX3+Z`Nd9j$LNlYG<+BB5r>8UnKn=cA8XM7_$D$(
z|1>{z^5{h}1r<O9(SQlpKSvwc_Z6+}F%XDjiWP9-h4jT(^%vSh%&D{pljx>O@e5vN
z(&x+{cX^P#9vs+>>1PTb9uUTiknv-3j<)eOxy;jYer@o!xjDD9qevuZqUfTi>6y?c
zj?BLpW!rU`BB&c-d>3mC`-!auT)@n~*G&77Gq1i?fLf=dvbWu@XDy$z9Cw7)XjUwT
z|B(f>^lqY-nJ@8mhwlP&5eK2ai3A;s_X(k_hCsb(a}a5x_XRn&sZ=kUIFkNWRJLS0
zhDSKZq78_SeYVSkVE;?2G7F;^+8M^)yk<7vI8I$p#<rxIWnmORG%IrmIMqO-Y1#^9
zkVAhUBe&RY^m@09sHwq*Ay>8S2oy?&)A+q23RG`#B`JU|fZS=ddi@wd89=Ec_<=74
zF0krQL$S9`GR1l+K*<2HZ)M>D!P1_GolICVvvV#2RieYhg}WgH-9j$y+78L(Em;<y
z$Zl~u6wU@`Kv`LW!yRM~9GoNmkyK@A2#V!<xq3K3{MDLUm2)lUhB}WiS3Z16XUrzW
zMk836n$T#Nhr-18gJA|y`p<Y|X8<bmYyP-viosl5_=+7i{vg!F*+lkPJ^8c^P5?ki
zbjpwddGO0*KDRvdmgqM^jI|;A!kv%?c{*~R>yEE51trQip;*{bU|2XDE8<rYu?_Zf
znEM`2^ZxfAwl7LgK`LBktS7cJ5s^5;JW{XLkc;ROe$bs6+C@7s!FwZBgIUnv+Q@KG
zezT;E5vEuC2`93VQKyIBHYk2@3Hd&f73^xk9E=m!%MiLrc+C=yAVM9ZsA~Gefj{wG
zp1*%fIF1J=+<m3?0!AL~DnR3HXtR{x`ccRE29!bn*0m}m87_FiMjs84+4PGku~$ls
z5fTZ5?Wi^q;3~JA_}cbpTg=F0wIHA(bO^RUJF<$do4SCkO^x35Lv?6{O!ppD)uV<z
zAW)efh*pMG)@3s}cZMI|2@Jh&=qNXlk0&!Wi@Mun!EGw)0jrCVU3_huDPs!`G8O9U
z;Qj2EJ13uHjslH%Mqm5UesDWc$MQoCE8aKQ;uo5E?+9-}m@Z}Gv~{)DYrOfv7zHKM
zj^E`7T3V+6YAe7$tcah7HmT(eWcwkw26NQ=1i|uzvz>B4V0TR>Tfq}QQ6g>>%O(XR
z1qDZQ^7Srn0BG%2v%XXVC6uZn)#e2z5b%(4f#(~8;9a=%4vsU8nhrP6Yz*+nXFBPb
zc>WCBP7DZPuq>=uVDnUFe<;%-%>`_d>)^-z;}i3=3hT>!kO~QK@xhv#7rbnaV_}^@
z6vrmV*NS@u%MObiD6!;YInq@Ml~GaW)U<i0HVGq80Tjr9ASf8=LqSE1YEUD*GWEH`
z4%W*2b8ih!Xd@xQ3z)%rw94IeYbsxPIN$6n@X#Q}!u<{+1Kx5YX0eoByn4vG1S*RH
z^lysN8A`)mlEGjCT<kKVE!ZWL9%U;!T~g!glk_POgD(S$@BY*3eqro3M>{Znbc#kx
zMT%2<fCs@hLc+mpog8dt35`9sf`09rEcu9@yu8rIFoe|<$%K|)&eU015FtWx(ma6#
zKP*?`1kb+@<{3#x+D*H*6>hP=ZK=bUo)5yLz$BpWGz`ghMh}Byi0e81%V3XMq<i8#
z_G4uDz&6aXbnmCO?U-`G7Mv-HQU<BZNMqVcK+V7!TdRpvbCbq4U(|h`RYzG<=u(@(
z5bNv#CDr-JPG%)nzQyLZvNev0d2*BektSIu1pThA!8Mvwh%`YU@fI`44ROy|+_Fx4
zs`^_2%u<LB&!#@xI*l)7stUu!iiUZj4_#4%(y_cqzH~mz_A?&#ttC@@V*7ho<)Bt6
zFmy^ww*{xTO$IVAui7i>M5xQMj0kfoxJGdKD{W*Pw*a{<Sd@+|3R^*%+ITXimHQT+
zYD$_io$uF7NaL1oQN`)Ms<rf_hNCiV5A8-sSapaNflcxjmrC>0R;$MYsW-j|eHd=$
z?+i%Blm<O_9%$3n-~n|QcpUyW5#62#AQdE{1|k^Jdnmzg+wO95A1dqm@K%QG&fl({
zZaCVf1W7cQu<wH34WtvQZ<A@8j+6+bkJvsJ8;2%7qFXF=;&)q9C}bV>xdGIVq34Mk
zVIn}O8)w_2eTu+){Eynv@2Rf5_n`*@rUiJR(UCId&`4;cTM%s|+~{hs9UBf`;BVdc
z3EN&nLFl$`vRKx!qJyM*bAnwjMaGnnjK4J7qHD}C8eg8ej@S?wix}=Ls9ik~kn5XN
zvLBt5ahGV#%$sz{!CUweSM&Vd>L?G%_#DFQsdJXQXS3Cd-1=4753hcvY`IhG?^a&h
zT{abzV$-A<JBxxTf*L+V6I0=a0MEw~Ffm<M%7^@tTHpKnxS61)Y%g(%{=n;M`(T+k
z_JjB<7z?pM;kx?(z2x+}=fvxNhanLMR)#p2`<m#Qteq=!YM`17*j<fw<|~>duP<P8
zl||++7^<d{qKy`e4O*2}9F`sjG<a6!9v|?+!NyBNi{WHdsx$F6d8i&bK+bPMSWA}$
zy0yjyXRa;Niq#3Zc8phpC94SU+ANc(i(EKW*7eTcB;SQkpVt#)G#1hEC7Px*vTt0>
zjGRjuOn7LP|MgqEd*?cyIJ67D36g`<$}4);2B*!9XBEIpIWjZ6p)=Mz6Xo~7^#y3q
zOVJE^3lo|PP%wx&=QwXd0Y5j+`j9<~!ZYB9lbQ!+=Bq9ZW*IKSXQhQGkz&P#Vc@JI
zSzfW&cAfhgpL_>k{0Cnls*;w`5ZJVXGFwm1y%rSFAt}vOhNu+L2+lyLt~|e3<Pq6V
z;<dl7;ZwQbkwBP51V->>5x`N~YE6cdmKZ>&7j1}3X&XL5LApr80mZ)Fz|2H;7czLv
z7A3TuA224Y1e6++)c!lA4HCw#H~W;a-r#133z?ByK+ZkRFQ&mpY=SlCC3O0=jYG$*
z>7A4d(fQNEB5sa_epikax{c}Yg%O57KWKi+aw$5etXtPd>rB`GxK~c>Z#o<JtV}m*
zsS2uuYPxVgsaUIG1Ku%Or>!+E(~X<UrmD_XnL8&g1(|lueb<{jStV&s9I^54#m(3d
ziKHC<9YLK54)VpQz4<y#_{e?Z?c#PC+6kCLbP!#`M7V)($<N+eU?GXR4IY<NyLNc3
zT8Z|xr75(`DGuxr`ip6BxbqdMB{qw3>*>PI4dIad!O=spK=jP;oarN0!__K>{xW=l
zmk=F!UM;EO;7Tzuu^T!JyRQ*x^SeEy1WNvTZJgQz%Q988kh?H9Rq4DW4%Lb|CmUy+
z_y&9ww5K|6PrIEGlBmq%-fbsA(`1l*>OC<cWAMuyW;`E4tB^q%C40@>#96rq>p@D<
zIJr~VcAnQNAg~8T<8+HeWv;w|7vc$-<aF|<qS<?Xnog>^6?*Ryq>x;+<-FI>#C%5q
zwyXY!gg*fVP9NP6N1pmos42m7^hp;O#0#VCHLU{AF9;WK<ckaEH{G!rpYgyFm^<_?
z={`ZmR@gwP17;WS4w;`N^XG=)cGiz?HUXm=Im@XL09$Y4`o1aqukpx9F^~2Q0@;B%
zq1mBidAF5OA(4fMeq_UXGX@aUx29}{ZN3&*oXhY!dkeHQaVRqkvkR8FsP_S<Um`yg
zdd)P3ix5qVBE3kH#LQlJ3uXev*;#XE@k}s?tc7e+A?rDga74_`%8QkLlwD3>NHI0&
z8x-ZI045`s6Pd9nb)HBt3U*6SQ~x?ce6{Ch%eq)eb(9*l23;~qOXv3k4;=Jct)M%2
zl&xWe%ILXMI_$9cJ;RgixpDo6gj!Rctqn!S-&frmDvI)y-PCau2pKMU8&b`arOh4G
zgNd=RDVXc7$#xG3N~|yaT4ymr9}0~c;9MkZ0gg87xt%7fWmfG5iV@a}NoUKUa_mR0
zKBG!i>Rdy-lSUIeTLW`w!eUKz9dZoFqOacc(v>L5N*h)0z;K(qStbfmm!=ZY@}*e5
zW~GumrU+!MdJ%O4l|X{kMHI*e!^4r};pe#^JhPKg<SK@Y_}E|V6+a{NgOF+*u2d;D
zfIgQA*D+zu;UhtQ!|tCRtc<9(6G$`zk)aOTMJOh_rwqtPsM(`L!UQ>x9S70qQ1S^!
z1F963YVFHLbtR2~IN5UO-)0ST2uCwjxMj&}tQ33EQCgYD9M9WysB&byNVlb27=e^+
zA095`;HfU0WZ@Dlt>`q4%v8fQ+7gOzfQv7mdcL@)q!v7~qhgFoTImm4h9+Oq+@X@4
z=#rmbeJFfJDGwgh9MZ()x@v$xoETc-l=inCXz*R!gsugKiOk-Qbtb<{$gB47tmR;>
zc%Qew74XM{>+mETonZIo(8kKxWoZrXhi^>m{!#Nof{^~$==%rI^X%K}gsDlvKxLwC
z%SEI%PepGBkzApY3V!~4&YA2+)7iUaM$my(NG+F@lFYeN-wNWMo0*j7{H6=2ByNaj
z-XP7hT}FXSyPr-*)qK*H^~z=2;^GfBo4Cp3jr`{&1GkiLY%ANgiSsL$%t_TONTD58
zPn`Au=8Z9-0?n#t{it;^&l_J#U<qC3xqXs9!wc1<JUN47{+wqTVh1<8Kp?NC-X#<h
zJ3|~Te%M)|Z;*M(_LuO$-XZkij5d~(*J9b#I+|eQ{iNoz0RsfHb3NvgcS5~e*NL>N
z)J#v6Zo12c1ZGC85Fm7wr~xWFZ;s8zw$Y}SwrY3GTw{sT)gEQtZ@mi%w7{B5t(s_L
zIBQ($_uI#6nO5PW5;q%EXFPB<jfR7gkGm@|J0MvTX0g;5?=^{vIi~Qvit@s*W5U`N
zpP{KX3<!G6X;9hx8_3W?2P^rORirXWsuH21+)W$#X=BT>p1{md^v_Ym*7pnGt2s-g
zk59eSRF*(OoDCZrbNu=aB+S9Z!_R}Tk?;S@orQi%NZ-o$cW~DU0g`EB6+05|S8y~l
zli?}ciQaQ0<v%nX+!)*MqjP5xnG9;<bQ<yPEeF(NJ6578&Ui7F9yS=%C+5x$U?BQN
zy&tZT0rh5*YCa#G{ZtH!cj53jN(o)C$cdPFwJl|oMJ%%P8qjqBSDViOJ=-m;GH9$^
zq~zp#TSYFV$oy>t>XT*hCEbP#T4YvQtRsj~Y*9)vw4h_7iPYf0AzRUhJskYmJlI6I
z%})(;Ayjxw+f=E6Rfp0O5m*B>SKqY#8<BAb-ib#;4NK}DE~>w=#Me^qU0cLP?n19g
zJ@Hp6A;{RTwe5m{vpAjPenVgLuZA>)m^6mt7PJ$wOeAE^vpYA#)$r{R<3Q;C_`nU1
z8N)iM=38P7iW#17%)GA#pxF_qG0Isx^{mdneaiC*|1fCu<f;?sqZHn9X*WKU^8BT#
zl&DoSDD#aq%DZWOzwL~Dfr0f=Bk7IZFmsL}crr|K?fH}j3_V$U4X*83xN}|5cWr;0
z#!uKDU@9pI1mg#C!kRhCE1>TmD>a+?eLD@k1(W(Ux?yE;B|f=N9nZ;Y$nwM9#-3lK
z)p;;+?=YL>a09_j$cg2*8L8Yajr#GRp*Gz=Ppi4xrH0r8O){vd<fq9S0>(zf<-t^F
zImw68*I^S-K;1D0JN4T58CpzLNT~^{XO!HcCJ(k1YV-W<`;BJfm*yVECM<ZvVzzRF
zv-L&`Eckaq++0PBn-0Y0^BJ`WF)Wu>@Eoyihs@RO*=G2GRrORe_oqh*tG_q&XDWse
zgdB*scaUeEg{bL*?sc#++X#AUzqecEhh#yUqjFUWftE#A>^TGrNFN0qwSB(3oUaiK
zmF_H$fl&h{(4%V#oU`x=zkVwV=@DZuxjv4_5tAPxw9W9)I+D?LS*6gL4tB#u@oG(T
z8jyw814g<EAn~F`S+LRYQvn?;h3n3ebof6&8TDL71t1uD>8JMlde+IAAEO638ws1x
z+jUkzfoU?6n?LbZYbS?>p!=9?Xq^0t1ma1`l70|KNs}u=<Z$v-8T=Xv4r$T`1Q&I$
z@ueyBTH-q*RFn;KYJPTWXn)(RskoZ@dkYqNF1R)e^<C$6w5OB=R_)i8^Nvxu(R`cM
zsiXKNH}>Qrx^Zk;<R(69E6{yfIaKF1J~_49fuID_^swzGg3x$raWmL`sKt@M{ck(?
zL(Z_@mjxh$WVe`yth;G8Lp+TKrV!_K-b7GadJ~?6d<dl2QG<UYbD?RA5X`;sRE=s;
z7a-I_6epK0H{m9O)F$wUEgfGpq-o%(xfW%~tXT_3EBUS87=OD`NcP17bs5$}NS4FG
z0^naIX_!Gn)pvW+9#OSKGw(H$&6BtKVEMAfz&Ue3namQ=Qj=w~(>dLA1U1Et50%2<
zhYS+I$1KU53fwvwv}jmv5Qnsfepn>_z(Ir$=)*;|B?wLF{Q)oKFc)XRYdHaKiO*t>
zd`O7|`MTc$HZm+I68tdFqXm!Q>qAm}0{m=89~@eu5Vz%}3+kDyKbVmmuV^$$RaDi9
zi63`?CJutq^$}h;2G_O}6WTsgBmBf#zVEBhejIWBwVw&$^xHZ@!v#DCF?!?zLg5Ai
zR?;254U-f<_|Jxaixe{MIA(Q@lIX4?ERVE_ny9dLp`UipBY6*PfUPr^M{Lgl7htk2
z3T4hOT(Yh``Lc#k9ou5K?n)fMA0zgt(^NbAtskS03ReLGc5hD<%Lh4d6Kp-@I8TCt
z6MKU_r_wj-CHP-1LFD@z5}{7MPzjWr=9Cbvva-qkWc+@1@vC^BaaptoG)||%x!w1O
zTn+Aw86tO88zGN$OIQVNLD8hw2UxoJqtR&}<8@wWQ&Bywj8qhhwc*+q2<dp!X@5NB
z8)uO_(bpDPpMnz6O{=!C3@VD)@gi>@N$D##yblunQwDu?byit6o=w&?Is8@_16Qyh
zr$xr!R!)XW*&t|q7#S-qxi&sUKizO!fRnAL%yG3Qp4GM+T7AAa#)#F<3`jif^HA#j
zDJ2tCdd>EHxb|yl(l?IEh4l^^>PSh#`3A9WtVVF*-zfhEf(Mi}A<5$#64Ra3clxv!
z<IYf5BUIV+$uQ`e6*i2ciH_0}F8`<`O~IuH69sm-<3I&6fqBz#lc1{p13U=!OcWs{
za+7h$`t@}`sD{XRo0Ha(M_^2IzpeBFu~QGa$(@qXHjrjJ$gf^`QrOvMY3EUcUy`HO
zKvH`7$UPKnPhI!Tw-)K<f<ZORygtvFfdvE-Gz|4sBC{9efifn9Jvac$^mgCA#iPDR
zD^f$s^u)FR6!(XrqDR!)x^sXtvP7r?#0_pIHYDLi)MPJV40Id?Apl-`iTrkl1%+~C
zdNW5^m4>^Myg&IOB%ufkeLyy{0Z~`lL84+4zgDXKN=6DPrf))&P&Bu9y`RQ{#rN`!
z!1ymAEgUI_S2K6F0u+SB^YX<8CTI(|>iVTIN6YkPo+3_F^ZqwZ%DxSSlo%j4QRu{~
z=-ZK)K`^LRD&ty6FW^>|2v!=mhA1Tf*}BG3;h$G2x6bD;D!>RST39=&I3!wn`nIK+
zFws>_ls*myu4YZVE`LG1n~sN}Pf=Zkn5(n%VOQw2%dsx@qt`gRcFm;}#2k~srWqDK
z^wUO3xb?+N{>6n69qB!H7lZoj_CvOv!68;V%oq$&4AdXD1sEz_*Cptno1K3Ou-UKc
zF~octh7#OP;B_RhpnlF%L<=o5q?yhnw|XWitJ^lf@0;oMg1eh1Q8QE{%ZL_r88WqY
z9n}zV$>P9i0ZWvTGJSk~m`t~HqFJ)Yjw836Hybuvr)H;HQVhV%YBM4zU&W!xL#n!}
zEEB+`bualq1im*GW2q_33&hvwrpYBF3#U-hA1Uff{up#6lIXTHM4d9N6C2(vAN$>Y
z0kuC^8al>1*qHVD2Q422Ze7mpyFF8|h2b7~ME^k$+WmJ+Sdn^W4(RkQ-M<fD!c-JO
zgU40-CHoFWtxm##o$M&6ox6nuE?}vh?W~A+Q#Ffe3!Jq}1~24O1idBa57cL|Nb)H1
z_Mr;<+h9>rJJ1AK{We*QX25;U(;~WE32K_zHYVq%K@@%!jb*6if_cM0bf&g<0VV#|
zOL>hWIi+UO*&V`n^?%a{4J74cZKEHBS36cAaoE3yQx2|uA|x8f!&v<OA}2jms@xA6
z*d=)j4+xd;6el7pAkIUEmm}3BpK@<k!7dolY73?ADwV7yLZ-cc>J~G!uf{}Z>Cb&v
zBR8r!M>55NrZI^Z`eph__Y>u(%N+uHN-)h|-F`dVBEmcZOhvB<$EbNRJK4K%S0%4<
z#3&(HOBJ`~FJ47tt#W&`FcSZeR?W32{YuP19KaESo(!RpzhGf8QBq}v3mhR~^OHxY
z9wH4rP<-%j3I@jYFso7e;=sp3*g;cci*Ex{P~&5vJLG3mRnJy{plE=*sev|1xLqak
zQSxedl3UM#pa)TQvKST;9RLNbr~na>gkw<3nx{{~M@T=tReOvi>+7?rG4QHuntQ3P
z4bU>Qgj*Pt_?>~Wc@^&nXKIx`dO|qHXmU6e*L>>3<yz=W9b5l}5&M>LwVk_Mq4EtM
zej3@Jtc81ItDPt@HLSeLhU_3pq;*v2;tuD^<E(}d(;%-x?y&H7sFUeONKyLy_N^!4
z7>pvVvRIOWar|ikvl3FYEPCwJulO<!TR=!9TU=0tdY(4ENKPm!my+bSIcyICzssmo
zfjyNFcN}`2t%-gw9;__x>n=_9KtZJ@=+?KnaENe%oOrYc{kuea@&)C35Z?o(QZG&O
z=n;wp97QyAbmWO>MN*7H12&aZrtkvvi%A%YkXr$03T~FN5{9cXf=WmRc6fMQFo5*_
zG-T>?q<ITg>W?tG@-tVm7DcT@uaosg6?%GAr*%qsm34Zs&MeHGWr1~n8PPghlTJXx
z!~<!2e3{MMaMuZqLWQ;J*n?t#lb7XuKJ==Y+lqES+2HxYq)bMBfJe>6GFp*{0{R-=
zo8c^y)#UD=(zEszwC>ExtWG=+0uZ$3_&P>~S*$ROIT+Kz%kGq3w@XD>?ywYvbX8$z
z+QU5AzsJ?5i6g8FhoS-Lnv%D9aEBu<+-}DT;|gC*p%pP+X3c@_QD4T1ZQFF6?tWA^
z%cPmBp$xx<DBr5l6!lcB8Z~LX#`fTl6&>YhTINU>VaR|}vMo?KN5Hz|1e7a(qhg=n
zTJzDaqT_@jyHu>~(seC7A3|BYFs`5uRvP>>+nR5aSz=4IDDZGHu)@NvzY@Zy${tPK
zAH;I8E)qLt+&dH^^KBzBJtR>fU0#7y0KcQs>CG7q1Q)cx{ZC?-LAFIR(v>`g*B3TO
zgO$A%Y2&v@=2eLJ!+k3Z0^mjTj?4*0qO=1neS<R0M#HwezqDT_b)5BBqj#sMqaemC
zo+TanbY<kp3;h7wRk<L!E>@A=98xE4ybZnwEq)|glHS_EOVKY^;V)7qsr8_|AcCw#
zd=(moBP9zbSHN{Ar3%>-Rc=0YJ@=jpo<So>v1(k^d_72N^DzNi7~oWDegcAV3v;Gl
zw|&Az(&i&X?}S{qmu)YkCb}b#)xS@v3HrTc4`uqO5sjkCIr-#uDp{bGNQ^YH^Up^U
zQ~z5xy}WHDod-YtIO+KxVWUC=?I;EndCJgNVK8RqWSE3SJMuEsZLvSWRdd1P{pUns
z7k3GsKIF^jI#jpCb^sE*No?TG$-W439>4xEwsg^BzJ-v1jhJ#$axBLM4JCGC|BJa%
z^w|OrRmEA!sL#xqTS{KLPt>@6&(bm}eH6^oz#8hhT-gb<rW160O<LKp?|#@Krf8kX
zk1p(ENl7TXgpFIDtU$BqaH8v^83Ckizuj+Y=^rIJNO)xMw}7y+?s2#fpF$(#4#OTY
z2bL@;+jVBMrWBm02D_7+p$@+m_3-O~zHGB^Q9E<juQ$tuPz<QUx<-tqE*^9*S9?h2
zO#zkV)3)UUibJbi4sG0%%FkTuBq!Hm<fn+W;EtF0)gj+zG8?h{^_UVi@}qN(KGR$$
z=8N!uEqDqBYaq=n!_-ezT_L5%mG&|7U$^oMQP(nWs1Jqm%=xcVljO*s^#Dti%}?Wp
zKijY!g1gJ!bKeibZs@n_(>q+&^4Ha;Z6|C6RmO{p?$Kx(#1vnj&--%|7npDJGndqi
zed|4JOjwIYQD32FgbAUgiTQ2DL~{Fih_(teH>W+XPym1EaLA!=6xw?|(M&lWY@B^M
zX+sgg6(zUgRF#rJ(fPB}P1;oO2SxQOCvzo6$bWR{Mir^JT|Hj<)BetaCnXRJQ;`)O
zKwj@^s85ZPTda68H`Flcz8g9Ow#%}T*XOC?l^d#AX5fu)G->Z*`Au4wuQ}4B)JC2*
z@V7d5F8~A1s_ik&(^7Qxc<pO+z(Vsz@5)B>)AENUI(>-GwKtoV@!EMR3N+_JIm30J
zzwfpmny}n8S;A(PY^d`G5}eql*F=IWBtGJwu#p9L{s0D(Fv<=h*QM`$YTCLaR0-5H
z1BNieYCA<Mv)5c!iR>6SseFkgB(N4kVg1jy4!}QQNdR|`X*0rG(q2@dh8=~lZZjCa
zq^3sL4F8+uL0zm^15-j`WXy;&{OPc5XDfrS=c^!({Rp@|jCe?$08_|5UfC6%$)Evs
zJlK$Eu)vR*@3B8-27c|qKUP@<MV!WoKFsu?yvK>+C%cA^r!yroa3yifdWfZo=({6R
z0FrEwiP%EbNK<k`3`wJ4Fp)}$Sf!Z?zUgI!M#h=}Tr_6xzED=|3%o0)-s4m20_J%w
z3Ky_ME|g7I>fG#Ul5-S6VqT0vI{wdi$T?G%W_7;y009LnO=N_~$fU7Er&<{UQajXh
zs|z%>u*$JrroX5mx#lg$`n8_=uBE0e;NXI$VMsUJJrE5q=e*VY9J6BINAZNnI>^6x
zz4$=g3YDKYT%zd(1N}DTM==wHnu5ENo!k^1Gs=}ti4jirL1f;xEWkB0Tc!cQtb8Cy
z5^)QuEIcwnME)n^2h@rN%h6GsP5z)pY%>!xcgSHQV+*quiw0*<xGEhBJsbrhP|4LH
zshLA*SlOXRwFK(^uTt$q-FU!X@z;<^1Hq13v%Pb8>OF~bB8(`sDoafRd@1%OTHuVK
z`yOW#h_4<9CnR2FcYcHx?qYE4C~mO98Cl-rlblp!_N5X<+3Fmw-(B|{A6?-?yVCdX
zH=@1soQW>L{yUgPsE7@dj%XqQ%*Y_BKDZG9Nl<7QjpIP$q{y<M%6ygKMAo>SWvAbN
zgnnlInO@NJn6J;IRW3!VAey5NYCKKvY{KwRD?ckg^D>AEI;ct-TzorM;ZjMl8rO}f
zn<;zbYB-F)3l6O!r@Q&B=9L=Uw-H?xT6Wj3DcW(3i6PihJN4u93cNfT*iR4-Ln{zW
z2|99Z>67B}!NMjAN4jOYwxZejM(eXaN30enJ!V0Pq^0*D!;KiayVs1(a-0^$A)6Ye
zRV-;2+EcrRi2!xvq)_52hh>9%@&kRgjmC)FFym9NOTBWS5e=g^nb>uc)ufcb^9@!c
zNZErWRuv-L3yLBr<j?y#z#}zIQNwCV;;gRmnVL`8#se_L<VK?9f>I+WKU5mzZBn<g
z=N}s=aDt(tK;sSdehVD<6Nl?gRQu=(`-86ME|@r=!d^4MB-p9*bw^rvdfb|Uil1bD
z{BJ`h4L`i-FkjxfOIDpdbi7ew`j+NI4|flPyt0g^66iWczB(ct@M7fXHDYjnXv~Us
z?zRzqO1^BL7sST!{omL@Wr-E1s<rJ?t4fBjeWBWVrgkY~z`@d{e<Kd3OQ*orwOwc(
zqpGfhG32vM3GzX+-?_5L*%=bO3gj=|yo|0?UcbAX-S5!ZU49m%GV-uk%kJR_ES<dc
z@JI!{0q@t|Dx}9)V77l%T;bMCU7VYyt1oQ}PNu)GUyIyzzK2Yt1%u)2oF1^N9R2))
zW_N1lot(R-!5mI{^{0j)hv7#Fs~0JdM0SgLfgKjbt>ezly7%S~BCY6^G%Q}RcQ4>=
zJcy|l_a$0`Ru<_5x(Fmrk;EC}T-?Ml7Tz93=MuU?@nOmUQu>|P2Pk;O_Qtgq2i$hb
z$_{PG(>`rbN0FL?{+Qx$uFQeEIz@Vm({l)hdCt_l!n`iq8`y^~D6d4zlr&$%)QB>*
z=lPHp{pC#ugJHiaZ4q3$XeKh~PgLI{3rN0b6k6AX^=sEH$*b_MEO&Py$!AP1FtSSr
z+(+x?og6_Rwp^fv$jHAT9|Y_sva=;q9IZu2m&nVy#(|y;e6a74LY`6f-hX2Scij+A
zC8aYwJ%<=4q9EPc2%*35`(lO4INR#EC_ul1fU)Sqc=Ul^z8(?ud!VtuDwpz6$~@VR
zFZ*wgqwd*MKy3w)Qee7D;?1llNePw^`gQ)c|1}xV?ZqMV{*#t|PQRz#ixg#W-t1Ru
z>R>w=oo#*)wxhiPB6_Sw=IoJ^HT%yhjX$T^-5BsM9Qzt~w~EbMQmtpa1%Vv>`6j3T
zJ}Ksp11>%oGyeY}GXD*u*+Z8Zn(qXP_1tc6F!6z%(P596uTc7UY`C0PF&A2i(dVL@
z$v^b0t~7snwd$v|-{Tbjtv5~A=LV;j%BC<A_z>Dn-{jsuv4`ExE9O6D;{~e+Po{X^
zAlz@@+!>j=f`3|iUrOzdI_iC(_?)iCB!?GY*Kf65D_`9`kHUR**FE!LzeyOKC)COf
z{iFWh34Z+fFG$^l2D#88*4TegB@hV_S>Y-negFSPLczem{09k@pwD4sup$tg!6Hx1
z4-OM*&%m(0W1z22G~HvTfL3NgC>;f|Y@F!@55MyR9{w!|8%r}a&%&h_zGDK$dEJp<
z4?{Z9FU$`VL|zIS2CcK!J>s9G{~)9OA9$;JQcemY@PFn4<h7dRwLrbHq5lVom6G`i
zN|++`3X1k0_J6Oa-$2oj{{zqZkJtZu;il}ofTE_fg@7T#{RheQKmMo8zkn+L*Vd{x
zP`3Z8)$Q${*40oj*c9tGP?-PX|9iyzzXV~5^nZ9?um8jQ=L944|7tvY1H}QPVlo)e
zf}TFmL#Gy>K}qzHMa#;{6pK&AWfm@ph98ld^@)EA9d4zVj!B!$k{)>tKWUE}J*AZ0
zPtCE79cRUW?|Ujb5+~BRe8zl`$38#3v`_HxQqq+&bW|3)<i<z4dn>a$)w%dsva(hv
zAS_hGBRFTKYo3w{EwSK1%ZzFLQGT7C;^$OTf@!aUYhz$&^5u|G;%I}TdQK|W(uz*p
zmQQv_oe{v*Z>jm!|3%AMb0#^IdX@{CBN?*?BZQpUh1pgklxRykQ%`t~!!+EZF?!i~
zHF;J|m-(Es{SNvAfVsj?w4o2t8$GNE>p-_FseGYr4S-QOzWh}#3EBtW#l?u4`Iu!S
zizEp0TOgiSmO|1zFo1%TaMcERblYDhs!+ZPKoe;Ap!9xvXZ&m#o;~9D2%o>Yi^VxM
zPUgQ;WaEsUrS@SXYip9^rtG=l{34o`^yJsjnDR?%_V4Wg5M@EbK?prj6mgZ}p%_IC
zP(&2!rUDi;moPV4y6pGRo<uile^Y|8SGsWLJSUV;sji0}a%jKg=WA3h?eovp_0_#L
za2WWTmNTo;SY%qwX&e^w^<_0I4I~%dSXmSZx+==DvF?2|;9v|J?Dq2n(BoryotaL3
zf&C{?<&!YsLoPu<Kwu&MH&XxS?KdNSg7Sd=SDeUvfzkk!BD~3s4;8nHY_KETBbaKd
zP$h*Da`CXwXIF*3Yvs9_LYF$j^b|5C@uL&W)6%EY{3(Q-p1s--k()*i{E-vbMfi8%
zT%Du$o>MQ*htq4ohf#vW_KyE_2giVNHXIEpJhCZ6R(Rj*jSSggLr*M>uwOn>g#SG(
zO`j8Y<u%~rM5xg8X(9o})jc{<7zw*_Zdm(VJMyLPl|HGFoFtQN6XFpm>wl70wpg%L
zZW!4~sffB5A(5CCY#*odmBqP6bDL#8F>$eoxOTDixlW-DWJ05ajIo(!R4>fgFy+==
zqihdmEHJenemrG@MmBSb@?sb_$?a45lLyY49|DhaEOb@XfC>LNr?v~8+`jD2kiA2Q
zAH69zq@KFT<u1ogw;e;)g>F;Y+a6PjtcU9m2Htr<!Ok4~EG5QImX=85NV7xLTdd-F
zg#wW&3^4Z8m?w!G0wP2V06+hjCznsx@T<Po#Z!X`dN-gNk=cFnt45j7JvXuvcU2ll
z1U$XzUA?o~rRiO5JN73#;<$8$w^6)a?IZ?H!>)y$Ol?a_1SWoxwvQAV?OZ15rJ8)k
zIL!@52Jyx|%$}J<ju-frMyt{!lZx)f`oLc*NzgN~@oP8%O%VY+qtBO(N0Eu;)nRmG
z%L&V_9A0?_Cu|S;QOj35f4qFXxCr6<03f_W1=g6m%j>)O8@{c)!xM=3cnJCJ116&w
zidpa0=rL`N%!&~5A)=`P=J@mP^_;%tFbrtgjGSqQfb|vdASVNcUe}3@4A>YQlL%&H
zzcXhK=M5^S(JOrsq?=(9ccvFA6HN$rx1rD&{-Mv4zXSqK2#LiL>C&5nLQn}R0A5QH
z7L>!H0E=iLjJ8b`xV1RLpPHO1BZY`CfuNHU_GEP#WPgmge)M8Ag86SPv12x@zVuX<
z4cH-cvia%>#QI&Rsj)q3n1jAVU0{dJ&kt7>jFvHx2NTTD<u)7)qScKe{k7RTjxW2&
z<tuKN^g5?<>32hxZwp<xwC7)IfE+iw*^^#@=2q>Gm;$n!L*$#RGnE4EOrG>)yF1qe
z-Rfk^hKoFF_Vf3vQr0!>rya-3ChK+_O~K+*tQZ|njr>9MAG$yG6edr(1|_ObJEFy0
zpY{|?=iHhwiR)i>RVx=p7*r>-QQulE>pxa$*vE_%VQEvjL%m~zf>qal0BCwVs~WtB
zVG6Jr^twq%R}1Q8TN|eihiY$&98Q6zk5?Oc^*=I5@YS-q-xcQVk}~UROH!<7DQGdy
zI2SFn@o3&p|61@gUv=uqFycpr!R_g9+}SS^`iN%_cUDFlb%X`W%$=@0c^9jjXJAy=
z+QpqW<88Dyq~2wbEth#O0Qd;-t_oKCh~9JTqYEvVtomDH7)?4AE7tuMkJPe&krUL%
z*c>*OYQ3pb=2*V^jhKk~c*RLN-t9Fm!n*vB&1TGeD@_fjKan4`0f`!^v^bo-)2seE
zT5zlsNg+y4g6Df!TSrVRIFps$HuSEoP?aAcvnSWwxn`8?-x}|3pe~SCUicL2MUO(l
z_6xr-905<`?uo>8S;(Neie)awi=@`jf)`g5!e<HOHa}WhdMqP3DOkrzc-s~0jp9cK
zB31DFLQ;~HMqdgR<ZLRn57Rz{NACAa=0Yumkm?eN5ZX(|&GD3&cseeuXm&S0A+IbG
z*34g+o!h-_3C{vjK;Sn#XAFq;ez)g0c_Lmyy>vpl3-vnZ$jnc95GAx&a`LUHSm?DH
zV>N$Ogf<xEf^Uew{wN9k?cWFL2z4N;CT58!#htAU>p$_OTngf=pmc1jDn_dLB6tTB
zNguh;?DrXa1~7|dlHPC{YPi|2L9LY;2*0Bo-(0M6<<Da&0=wD4v_<B5e5$WX?5I$o
z(8s7{_<Y@=#h@xav6@0buX<BoMaB2i+(~Ob?8el0IX<dek6&H9RlZY8?$%<&u4|UO
z`Pg&4U{XN^O^Mnd@F2S!(r_m=1)&un67JX%2r3F{RWKMbszaz~sCYOfAQ<4HuNEI=
zJzQnQCrH7CfHG(KsL(*K9P551(e0rUVqRLI<ih!4N(}qpo=?I0rv>jquhl!^IQcw7
zHjgM4V3C@_+2+<pbs!b|;AG?jwfLR%rfIr}Tnc<vKG}*Sq^LK>FGKB{<E$285rcpj
zt8O?a^o^FQYK{(uBYmgR(g1JbW)sMa&EVez#@Dh9z@6ks&P*~a2zgjYg^9eo=qxxi
z7A0I5E<m9qu)^K>&lj$~6k)#SW$Sm2z>QrOb#lsfrPU#Ydu7wv#!HTJkL4ntI06_@
z82h9MsZck@m$~}6@=E4?SB6_`Qu8YC?_;goicE*<f{fcqZn>4yUgsn}BK{*7wt01(
zPq+?Pz!+YgB%ONWMp18?yQ2uHlNklH(4VQ0QQ?(KkPd#Z7{W|ts0|lJ6y+It!#UFD
z=8)mk`Y}bH`3@dB@0C%N*|v5FNp$wqzA2M@C?k#I_Dtn!z^pA-F>7!`N96352#CAA
zh=Gc)C(<t|8%v1jsD8~q!Q4XnHRPQ%=79?d<XW{s@gP7e6bR@TA^$b_lp!Ym@IlG1
zpuT74QF5>L=vKTb*f&n$Ep&vEbwz~ti&GaIP)L;Pq|6WFP*ZvLwm)%*bi?Sh)N(e}
zo*iv2*Txe+ER%{YY*=ZkzQ6y9hk)V)kyJ;3Rep`E*@ERss$``Q?<;IaxfW2XAz^(2
zaJqhtGO0PE#PdE{o8F{Go=A#t`WlAPp423C-)lc3fXsq@kNdU0L$NJ!sg(rk+^gwe
z|85-2qx$O`ZWJ>f@2&8AbzxXVNqiN;aw1b&?AHfEZ6fRBVN?s{=LXx$o5|{%kly2b
z`|FDL*Pz|o&;L{>WW-R&w*P)q0L=)3_&;^@|E*1-!EgbcvzRqDlrJA3XgmLjQd8>o
zx3!*2gsv~2FG**+)s>~7R6}J14QzZz)7_HmGa6}J-MMr8q%&%6CFd^(j`vBs;O`F)
z-$Sf-d3HNOB|O-#{|{H+7@g_w{9W6&x3;;pyEV4$)?0gP-FMBcZQHhO+t}K;>-OpQ
z_kZ`i$|sXtb0(8qCub&^iG7D(z<i8^V_O&D+sAdh0O6a%XY=y!#&GeDP??tXy$0uq
z+mxL?zcI_&oq={>FS8OZ6t-in%q$LW1pBWTq~f|cu_OJODtCD63VWBKie=`T+;iR3
z+ojVy)6XpYdVPVh*)Dt2F+~2w@@kpwu@DMJtpVgwZgJC%n7x>Rli~K>BF6ebhnDRt
zdr&@MTy@BY_jgkEG7MgI?^R|cJS{8~M}JH6!I|!xkT^GBg#3cm_p$Pbgv%!Rj7Lpm
zdKGKUh+!9d3Bf9+GI$=^t4QRbU)ftK3qVilSbevMu}D)zvwk;`-=FS}O?_fr7wfqH
zDog1n_A4G)`I_~!(efk;v0MDu9U-R)QJ?K2y|zcYruQ+92)tHCN%E-F321cV=X|G0
zAwnWZ=@h;J-4tPMZ9Uj09Hnkm;p<MXazq6D*sFiE{y0CBERA!?l#Y$X9>7QLT>v}2
zH2M3ujck=w?*(xf32$h3td2cY@LD>B(8W_AIA&ugM_-&)ow#lgtA`NaTPQ}0M#`Qs
zoDhhiX{%x_Dy=QXY@u3#t%Jw~ORz7YQ$i3|i!ZhTwA~$|1B?HSSm`>ci#1rn`D42u
z7@Tl8w+Q)`e=M!b8PMDLi(Csza~K<;mT;Gq?$W?%x+t9ZBOSqm=Lxys!(oFNUIeZq
z<zQ`Sv{tl&AlI&}hwP}AiPvRibCiYGW5AS%;z(%ANL(5yjZgQXV!m%$O{DQM_RJQo
zayv!`RMu&MK6Z5}+jpaqBxiFTfv?VR<NdK?U@xN+1BG2pv~@;UH*S&<K;%U?lvGeK
zk`tijLqT7VE3aLpRfy#lsfLHxQesSsJ6L+iHCqvG6Slp2ktD&ZWX-7kE4aqJVh=J(
z5&oV#I4CJK8d8UgE`5Av=k?A1-6A!VR7p_+sMs{Jaz&Xbak}*4d||M_1KW%FvUL9j
zj#N19t=vU&ck_F8<v3t`;SZx+hfkXR+-9#)KJz}7fUuiIQSYiWPv-&Q+Sk3wBfdx?
z=|C-u<WL3aCPpf~Bii+WU6I@HZ9AB9L~KHKO8&OIiBV~!T1zo9ybn9hEX5i3otZ)$
zpk_9eO2WEf7lIa~xg?I4#n?CPQO%@;miy)sRU2gq5VH*8$F|T0atGmd_Oqi^0qOcZ
z2E;GiTkvyL1BBJkc5;umuo<p6r`LVvOKJY5nI1%P^($B1jv~#VHcY&!@60^R(>I#5
zbesjIw9*Q9T%8;k|J-J)4kCs&$)Z?yffcl)+%m2`2R{$-L_eV7u|rIe#T^NZ2uS7v
zwQ#lND4_ie5e>!a{QW1G(~XP!8YQ-{@rKgo@DI)ehow^Mx!N(x4)wuVD{4Z8MRTvr
zzcI)ww{7KeVeKYh2cnrK@`>y{qFSA|1X_%|!zt<$s@Bus=9wl~P32R}fB%;H2xKI{
z$&_C!jx2zqquQN(b#>#6mcQ=Z$~9(nEiFlJSuLe_e*q{@s!fi)rgWvPh|(a59;KT!
z_0rwl*!ffZ{GmsU$Z<xsH6-_zWijb$`Sa2}V1cQJ)@Xy(qj;AQ{Zxu=#YIlw#*R9%
za5f`yjY9AK3P$!aX?$!-|N5oz23Xb)U!KdunzYXpu9ie9lLO6EWTRz6z^KFulVxgU
z$J)!U{1m(zcYyVZrL(gSP7ObX5WZIIdVctO`<O_MK=TQGe}ZY0Aepd@QnK<~eb_UE
zsFSqEj3PlAvYaC(9@bI;e9vz%;~sTFhlf|+UM@Up^fB!h&A~HtzD&JWIgnR5hud23
zPFdAzgTEgV>kZu<$SCXF@%yK4LVyxPqPdM|wqj~}DV)4&l5_fS`;8f;)V_xg95v+U
zR&GJ-M49F9T#+#`@PzZ(THb&8oUjWB6NL;fZ;l@GXOZ=Dr_BnEf6DE9y(~Kz&(`zI
zWUFBe@A8IXX@?iB8N*-qW`QL*75gegAao78w5ZZ%^0dFuNh^$^(vulPnQvGoohvAn
z)V$ruFKIiNZ;QI2{LJ{k5EeO$c%h2!;N_i+R-b^MIIe>pkaSMYMUaV#x3VY+#9lYz
z_(>yJE(qz`9%lQinO6PL&=j8grVTKGRWY}s#v6Q)Tom(ZIcxM<LqN-_s^dJrEwwj>
z1J@7+MTd#Cvy2^vAA=fbS#jRw7jG*=ECEz?45{w$fP&Z!S+ctZ>ab<!%G`GNy57%=
zaCUuSJpyQdxkogz)2QHsnEQetB!fq`1H3ma^SVEp#}b|4_MjF2{u>r>DZRqVow6{(
zbgOJ4H|XYi>p(r1Y~Yp0HmU*}SM(q={QN1&x9haSO3`%%^`hyK<Q%eNDbec(Wwc-5
zFk0|k-HZrtrCn9$lFi5li+{Z5VffvJWSbVNG?Pw(uJK*^&F>#}INBh*{d>Z*M-TXR
zr7sJjrSGfx{_*3gPM#nBlF3YzwTK~b6SsPMAmak?7rZ^MTms{>Xo`x?l@Qe`e>QMT
z*$&qxi<rzIM~*HB44H4yzZAvnx{>$GR9s;g`2V%!VJ~7CapxZ4<uJ7a5B?!~mGI0c
zA~aCgBmip6#jsPBs>aYaFSkD5{!W>5Y^lWIT3IM0Wt<4gz-|VtFpYn1<KxVpa-{AQ
z(aaRhxKnvfA_7%^G;^@E5R1Qg?twJ|UL546&NA5*+K6&&@$_KpC-Xz%#anOD`wxiH
z-yfqA&PB>v2CSF}6VI3aDCNsvmlYgxrA6DF6(u{pvc<MBEoLiuv8+ur7`wttH;fb(
z(X`q{mQ=w$sGWEJQLvxOuNy#*%sDm+;0vAOBhI`)oCZo1tG*uJ<?X8is_zdRPZFyV
zx%IT1mX#h=9@bm9rCmNMe`(KCmlq(0*#gFC+g$nAI$EvWl#}V&%j}6m_iB&|Z?(;B
ztG_Fw%GjPF2T^#{8Pzci9ddefO^B|q9<jblePEKG-;Cc8%bm>`*NcS9gr{ta5r^6S
z?sc6ISp%ZYH)ExV*J@;KHJsL&imR1U%N|{fW(_w%C}II3z1UsuWu=bbn=J`6UP&RF
zlC<u|=;fyMAcg1ssvS)LvT-P+E1gXCRl3^=JPVpg6@X7jA7uQbdf}k32$WB&;n8Vm
z#H020#ov-D5IL~F!UQQOI2o;Go_sFSr_B!T#ek!_4Fj^nzv#0-zn4Hc{C{}1vlYY|
z+xzg`zS3eCz#Q$f$Y4n0B>51{n&+I)<)(_?t8eBA9o<5>?_kv<vcJVv%Ob{&&uULC
z2EYQ%wvrbEpw#bNFLUc^ULH0Q3R*PeTM@*CBu%)cTkaAKt+37M?(m^kwiQ_4-}e7)
zr2wCgm}OfEZ*en|d{gTAkh8|YiiAmRjmsbBRSADGA}`d=ZAKi_Jr*WxZm!dDuV(Mf
zlTLv)c%VB%TD;<Y@9>&o^#%JQ%xgr?gd+L|$@Pn!lru6vj8?E&MQG*PJ=W2gz#{IJ
zaOj;mKeqAuq`P8^V5vb>6427nv`hM4P(WG^f?W5=W(k|oWm3!&^gaW@(678sKW&Xl
zhQ~FNMDsW|&_eIDU2~44qR$3J55HY+59>tr8B|J2$K>)iU|G@^n)3e9Fp+%CCGsMY
zZ|3P8=hXKd)hb|4Vc!Y<%_OEcovmZ}>p?Yf8H<q6)+*mqeqMp;wxPW8dYjjD#t`^>
z*w{a_`0y=bV!2`ecGCP}h^h09xs01eiYDyul%(Z=tAA|=yL>$bfFl_|*1upAAlWd9
zphYD+LSkm+aj<+%-Z;Ntlz?2)Wb~*mW2hSXiNuxnUG2u>fsOqv;7&$q+<kTNq`M+(
z=;+w;9_itJkkRIL@6RbhY8P!mRSa+)H)sKy-AhGAkNgfdh;xtkilrcyUsg*^PVU#t
zh!1wP8^xU_lonB91svVURTXwRF!2!mo4^Y^q6#eoj-5+rtmvM4dHmS@YT?D`^z`fv
zC>gCd_D9bOV~$OhRY6?OLgYhD6mVL)o7+Sy+M-YuQb+}(ffv~cl&RFVP!3ek-<r>V
zfv6!e0+sdCYb<QlunYC6c`%gMO__+4^Dg3epP!LkOtUQTlX8C_rUJ}$5Dp=<mQbzy
zS$9J{B7Q1~W@Wymh!UCIvcZm$#?<Aml-0fBS$_$@9MeTtL{EpWC-kUIP1LL|ubgMp
zfyGN?rYgRF4TiX;VsXMst_14-?0W7~&QBo~dKt=>HkjV=`q93T3@`MuJV5SC0##oc
z+a)1ch<Y`YJ|&%q#c$H3OTr+<ftuXZ)jVebPDJruWofG<YHmz$l@p<!7Z4CBGvVb@
zylKczm)ESEo;|nAJhho8ZriYEz6>Sq_b;sKbo|b)kuD({%%2>x>L(C-h%;>(Nx?$0
zyUpaF)-EGAwCnm`Rj>e=epbIKc_0Gyww8eQB6)tXK_gpw4AHfeKoH5PPD~K8l&Dok
zJLHJ<3f~oD*K<SI4@)lJHqHx`2M5~T=1XNACFMe;QayT4M+O$Ve}s+<L&28@cOwyi
z@r{PpR{&INy<sT?J_u;U$VOfk#3VZ&d4O#t1NZqWiM9}Y;{9ve`P7DY=;*jb&(Dae
z=1QTbw+=D#uaOLzi=8W?El4XPE#YPsICV0HD{A?Wq|F=^c`aeq57SNd_X}sbk?L-#
zbgBze{>83{+R@|WvyE(q`eCy>iEHv{#*Y8mJikg*aQ$w?N(h9>l5w#3F^m0Mp&taS
zn{^;Y(023}Cpp|g?$gVv|2>%<0mJp-6~Y6qt-nS>6KQibI)?s0JO3^V_(APz;am-q
zm$;~dwJ^kA1h9(tw949!NyzHn8M(?h$r+PYY{L3gSvb3>Lts!@IJ&5lre9gOUf#&r
zt|Na}-l%>tvqG0nkmj>7^9Gb`{lxswUag!Le{etn1Jf}5|DEZ@I1n@c=S=s+gCGSa
z?T;jqJ$*OuyFFiWtafAub5k-c5TvA_%*TpQY6+=xR_A9U1CLYo1%vjTy7oSf|5QGj
zD4AC2ycZXqF#nf4p*K+zLk6~g_;*6tO?DT`(Cjg7bu)Pz_-c7*_2`Pm-}N||s&AiV
z*~D|pG@S131p2sq)%iSMr}-SddcOg#;IC>W3F}PQu#`o5v-p25?pU*Q>=kckFhN|6
z@rcuO+)ktt>r3V{0PVbP%ggWAwK#D<F{DuK{!O3!yI+odrz?A5>q>uKBGSxG)mH@C
zLLb(h4nHxIalJpURKMI5&s0YG^t{;ENllH>e{YR?yh*RO#G0%oi2V0Q+n@<}3ShN7
z4(QDhRoaJ+-g`WZ=qYTjQ0aHI&0w@ScIhPF&RmVvcJX<#^OW5(=57cWD`BH_veoK;
zmHmh5D7@;MHoJgCpN;Iv*WSrg{sL;MxNqj*NV8js2kdhR7JPcX)AJ$rR-FENvV+mc
z?@85yiQiTPUcCZ3)ZctrXqkY^7ToK|9|8}cy6Xqi9SPSMPapNCml0=awxM@zlDQqB
zPH_8$b1%W7n_g*&K*H~=1aG_mz6NfT_p54y&8Q;Kgo3{7m_ZevK3=N6e<~P{5oJN9
zl;QL{SvWdJl_INA^Ivz{d5c54uFEI&E`E4MhDVK`isj&1q|EvkTeZMsgG^Iej~hR{
z3L-d)2-EBtdCNBKC%-M59f2FJV9GeOXG4s;+}iGIFt{B(2tQD9D>3iWi1SH(`2^gF
z+SQ9L5}mu2RUne6n~j$0U%Y}1Bkyi*#9gpn$(tjs((3v*@)VykZX$h@ZG!5k7BN~W
zqm}U6ss7D&nD6D}UmF(;nVDP|^w26M9VF{J9N`VBNer}=iPP_8Mz4clCBSrp;D`2p
zx8vq^Mkln09jTc(DGJ?;?eo%vBdI0{bpV+WitW#*Vx18s!om1A!}dqlgTD$Fk)1V8
z)GwKQkNws4)i?IZI&Wu%uEe}WUZp`rxJzOpk1aNP%U$MCZy7-N=iWll8tB(kc5xT(
zOBKGpmEf5g5S`Z*?Cj^5>4f(*>Jh8xY6dkkySd!6*Nd9BYWfOE4}=8YFMgw++}>7}
zgy^kJZ+({LU8b=5hl#D2k-mCSnMzF>O*vX9p*YT>Ts>AKbsoqJSHu9LWkT+~HfKr*
zpxNP+S9E%4U_Eeb;YHKwj(o-F5-ZDoH&1;P)w{Y6aNfb`zqNwGglhDA+O<ET`KbVX
zA$EUtEdpYqqC*>+Cvj<cMIvwT>X5=eA9kQhYJZ?1{X+n9k{G3Q_%7^$Lo3-})}WE^
zniOgPWpG@6SWLS`_lnnHL_3UK&m7{fsTmArOrAw)X)16$Nu_&A4~`c6()h5lA_Vx$
zAn8e{ogaX;VrTo$v3UOUt^9@mj!lzrwW_^M;fbzuq!!4<DNRZPK1SI>Kzd(V&G<5n
z|2;Du$NFT_vwo4s;o&Kg^k<2OM_00qf)$y$nc_Lr-;LHpUrxn+1-$IhR8|yMYLt#u
z9_#U}bUz>;{KT{RcVE&OZVBMRQ@O5k3?qk(W(dY1f=t!P51g7A`zf36{ggkwv3iiM
z?8{9a%`V7DOnr1J*!28rkotsaJ@Y@@4GXdd7)mQU)QH=bj-d3W=Rzi9A)GI!5%|{|
zbReOR`Li*d-$4$)Ik9ujzH>XDvEt<eoL1C)b02{#tRsodZAE+pIN~&0r6_uz>N%LN
zb=#eU8A#5Wz>?$*<{L$q<NL#XU)Zk*x0;5`QO=h`o8xxPOF!a<kWRp;ANCa-Z=8{}
z*>Or1k@q_r!Gqpwyt^p4Wi(~Ex|ELj#^pl=2E1s8lVE{R9GC{S<!0?H_>g)ir;`QP
zUKB8_K{{@{jH1%~-qWmDA`AWMz#4b|X2pU#I&3Z;9R}MX9m1W461j=rY@T*^Xpb2B
znnaIC9lTnY)AOPU!M&K0uBk#)nq^f8APwFTkB+Sy;MlAUL(-iOwv|5~&WB;NO`uCZ
z*Ks3*VT6v>#&@1ZkI?;9(b;vZ3$`lQ0P^C;t62-4yN=r-{_mUhj6W!ABbVjij_h-R
z--#ZEzlnA8e@XB|9U^*L1?=i~L71x(>t!<B+<&qtN~M*+Y}ME@IF?B#Q~&X0eetX=
zhZx8oM`BQL?f%>1;y))*Y@5~=J~!*>Y)R4R+^L(#9`1(KBY@AB&w<w{4K#yye~W@}
zk7hO>pr$T2Z5$rl3Hz^|7=D1jS@#=3t^0rDiWOO7ny0OI`LD^#8J-F@w6?N2!Iu}G
zPrSKOv03jA)bsx|GbQsE)Zes7&vAYyKsZ^sUljh@*hu<JrEQJ_8Hk0RiYY}MTzv-%
z)D4W~0F(qp@c{jdk^x{dkw178pocC3s0cwLj4BKV0$zO<ud|YQE9~|tO!<MNqi!JR
zx6x45mzH(Q#IW}NB&MO1qjNX=ZzL*Z%cNXhrqap((~ksQP<rW?@*`AV!S-gMixOpu
z-lYT@m823dL|wg52E3?L=pXQFSOgr1rw{3XBInn7!)w>!aD#)qAY^+u#gQ<HCwu6l
zR)|+@8G#P3j;}i|B_BDP3-UI^d&EIMN8{1E%KTuFbOx!``0#Jagjpk1!VH<V{+pVC
z@()8nBG>Vr{QqhAMvkaMh;%9*y&B87^FO`a$U%4H3SCC3Q^ik>!s#Ej6h{NcUH@-d
zp{fD(>o&=3F#lUewMLOJlXm3;LoC~)T>KJ#CqW%Qv7v~hs$}8y-z2HCJ%FpyoBbn9
z?M%S#T%Rw*>;<Vp$F7L~)Gx#R3j2X3n)yW(@`C*!6D8Q}myv|+SRG?S`9e|x{<MqE
z1TY+F0r=DxS3oShSbfZXiUnuBm$kc}O1Sp4h7YU|t6TPyq8Trn{h`+X@%VmoX%yJ{
zK0hw*KG9xGJ3>5;y(!?xcAYcTxD|#N>UC{*ulNgTLZv|zy-}B*3_#ttC3;@piHQqB
zu_8OmEWk^F_3mC~U;~svex}M;BMbw?6=a$tRLJRpCC>`KTXVTcbOSKz%iPTkO88`D
z?H7AnwOt4r|K8*r&_}LSF430ro9boowau5st7&_j3dLcKre)t@3eG)vsDrPTlHUk~
zVSRW$82v@_tWfUTk3AT};)hABsg3t+g-;F;Q%6}~eZ~_zja9GyFp(+N?JFYa-vA=j
zI?JyB*WUHj25q;5;}+<~1MN)cEuw=>*Xq6&{Us%QM&fQ25&lBmk8&z^v99`9+e-oV
z5+D^kNTtRyjksP&keWN1>i&{A9kO14ASuQ5Kw!B4F!tb})1+Q*v}51oPNwf>X=S6r
zA?0vpY24ZEM$yu_*HI&`H}>~6q+w?<s%<{-0Bd|ryEyoPa`X(g=Vhj0-PCmJK;S=u
zB}Pb3TcxfkHS+URsnNR(|CDHr;%>Nx7=aSXS#goi#i}>W79X>sl3qPSPbsTgR)(yz
z!|972xMF+GLE?erxLZ`jyxQWeMIe+Jv{*+u=5I`LGpK~iAS=N|K=YmY;>1OBJun>U
zxqNd<ZP5v}J#)PTD!bqHbW&|Gr+Ir?JghT&7?4$F*VPXok@0vF1l_UfeDbHE&cTV<
zlSuhgp=nmtjr3cj)2Kwqd=V}focVS3?c~3$ihk9i=>^9%-E7LBj7}%}X{q_NVw0P$
z{*g+dvFI24u}<7ioFZ5yc^Cj5vNTm>CPw|Rvd53iS5Bts_nC|Raj`d2)TAmH1;|0+
z@j`xGLS0ZXtEL-x@#Am7YWpr-xg}#8J8V8@HcS$kKoti0Kt?w}m2|4oe{hpp`A5AG
zkOLs&qn7HocpRT-dW#ynjUEhUV9I8CrXLrM6H>S*5bgjJ)r@zGy`KX`-sMRg1+d?=
zy1Om}m1&a2e(PM+5+w8eDo)CHDvuOs_%w5aEmxNu&!;}uPiV!wXC_`@d!yBHzRNWB
zX_x%uV`z(RJ%M+HYLi5+>J5GItJd$ou%{tS>Vq`J2el+VFq1MPifyaOr~M!xY$mC0
z1>s%K9b9gYPJ{24(*b~m7tVs?po3^Z-X)3(Q<5YLSL^joYZCQpo;v<->KYyS{;%&N
z1Koc%NQ=yOvew?tQ6IyxdzHMVCAwpc<x8!UFnp9cBLM#%|B)f9-3xJPzBKNCpamJ+
z3%U6G2hlq?ysS(gthZAU@JaWG6Ti>C&OQJNTed^O07^f4fPg~0?-q7dUBxJ-#X+y^
z=Vd!b%O%ZrjxQ*4aiZI5A&t`{?ID)OUBxi=*+Q<Us=w5?)qt&E#AtHVt5T*d^Jp)0
zvBo3Tav_(00(|GxN45ctfM%T^=@_%vND)?5b&vu&C>z<=5(BrxV;5e31v!1%VZz*e
z`%$It`e&MfB!K>P&zit26Pq_pdXRa|4K}wp^pD|%U|}_Z0i(CyUZ=oTmWfaLj^D4>
zK^LWtN69{XX^(%DI%Sm7f-jU&u0#&bQign|(N2nH8Sb>g-PB_M3Jg7zltNczkFc(*
zqME}eY%ZVkMUTUW4a4fqK&}*FMwU%ArF9msIzASl=>mS~Ke>xi^ecO3rLy1Xc8*F-
zbLsXFg!`qFv~^6J967Dvpy7vIVD+(yc>>Hb!o<JD701n%diOW^J^ACEPfR6mq>3m*
zF3<YsZA{KfqqD*4SYd-#+hgfiVR6jREt}?Rd`M1+B9zZ|)=jD%-3)kr94?`31YKpQ
zaaM6)T>;)CKwe=N_OA3KXgdS{{%EfD&Gaq#w07+v5*?3df3}8E$Gm=vsKL`1U7UBy
zRYchJC{{{0*JrWdla@G*vh3}}vc*BYrap1c#~ekE@M=y?&{iMovN&4|(+T{KKSY@u
zh0=7gEQbY7F+S(w98%L6mXA$^hMfa|vBDNu*m-G8YzO)a_(+`aXrQ5Qw|^=1->KwW
zWP$sLEC1%yxMpkOl$<DZWM#WN`)f{7u-0?eF|v7)s1NSL`vR6PjFdliAJSLPl_sp2
z<dBt^_~@r|-48^bkjI`|mAqdb!AE=P^_~c*r6+`v5tV<N`VXG$+>96ICEd;gNDym*
zMxY?A7pajZ6*^Rmy-pM0ePj+{Hu!P7haivt){81UFX^@}osa>Q-*z080}=D~rd;nE
zcnh6KWQe2JX;Ix+C01K!#jV96YO^&@w>{n?#Hgm{RIY2eT*#BF*NPPb_Q-mb<lC;B
zywH?eJK!oLq=3g}RXowo`Nef|-H9ByI-n8aXA7u6o;9}JzmB&Jn1d<G3vJSK0%19%
zo7M_poL;<?UzsL)Ox;vjM#+ge3<}V*+I{ONG_(<JOKR3jzZanSV<J2_fu!=$%ixgE
zmv&R<&^2fi+6DVg%l(wsbSmvi9hR;3onm)!Z6}lwt?t=2ra{FYnwNMSgbx9nhfWn5
zdh8?gbBKmXS;HU!I>FouR#?W}XrXHlXhWJ~$rq3JgzXHjO*9*N^OQ*TAMD7N%jXZA
z*EzZsqu!NXq{dd-gm&uY7ofKjm2ZuH;5A4EG1j(o<^AL}lH-|uP&DT(%fTv^(&^EM
zZD6=JIsZ241C3Q@fl!8$5r7P|4=s!-6aCcm^@>!cr_gESf7~R{W)OGIDx;PvQ4NmD
zwzq|A(amREui&8}pEz!;*is?aR?`PTjykMdL{{dD)fIKvK#rERbtffhz(~q!YJHE9
zl%j9!sBY(aka{>pk$$fo3$)e=-3u(UI^Fc#v|7X;ZrjvQZoFKIP{svLrL0YGVV<N(
zTKRb7S>39f%eb8tmOsL-apMqdrBU`)4IQE&x36;RNQy$f2I)oalMsROvpl#ieJoaV
ze~kaEH6cZF<pKa5RwV!Z-S4TQCdcaSVo^$_-3O|(ENyx^{*i=PV{hy1s$$Pii>dk3
z(zfT22xoTUG_S|UW2y?&2K}^s^3;vB>D;)_%Go~OeG<IRqt?9ePj<EEwOG$a)L-~r
zm+`u4ziQ=*!X-;<dK@#zd&@(?Bf%Fh&Eh?)#!(Wa#@?`W`NIu7!m7+>qzX@~NmxDL
z(;bYKkjizXr@BqA;@OEky*U$pzt+`CfJ2hb&)W5MX(z>@1Rfozv5V*2wyC~bPuWwO
zY4H`S?1s%xLUiV$s4-!n_`6M!J1zW!POJUKqvO|2aG!tk!N)4}5v#DZ4F29Ql;o<C
zGBVa`4=5#vRvyA5r$k%DsYkg!&yK|KY`q~~JP!|<Zy^1w3!n+7ipk4;*v&9eGIYp;
z0TYDp)__|OAAtol(=e$Bs=tIrv_evK5h_a*xLS(Hxo{JbGPo+`g<Z0C`oa~h^cCjP
z5r9$81-*6womKgz{Im=2W_=9HkO#poyheQ%i_aaKDr5%*5x0h4$(fXc07AF3f7T%1
zCuvo=<?*3&m~j9_%jJ@F8Igl_`q>?QV9<Fy4_!MxH!wUoZ{m73YTh$4+9XF5t+H+)
z@_m(x1M7;@OK+<(8MH#`wQ|0MA?A-zck7r7cKm(tuNumVPBmjKs)*V*)H!P*^;!S+
z2RYR6wG38w`iYkEkCKYgiezNvEXS25Y_W~2CADr1^Mktz*8QqogRz$-&%FB6zZ+rF
zMnii0QNZ=e+|q*n%HoHzsg=veG<rrap;`@>A-neSIiW*4AwLxtDUC^YA$%2=A<^;k
z@?*HOQok~ev`Iy+ps~v0>(Z$b`nxKcg|Bku;nYs(=7-}@6x%7o?BW9y*CM_~CDxg?
zN!iy4R<Fo6DRUu61(zW}w|Tk6{n_)+GLEuS;Q85!S{Vn5?nNv@qVBY)YUV5fLDJmc
z_PLCypY}}&Q>S*!7q*<mnGbnec9&<91b!>kl;ZX2m|h&5bsHd++!Onwv8oy#@49HD
zNmsz-9}CYW%f_!TJQRpY*Q(2Ye4{9^+bWx~ayNlsF|jv2gVom#ngDA9zP~o(6Lvx0
zfOOJsw%VKeMzUjXimmrSwk~aQG*YRVbmoUYH)~6kE%&RcC*l{97f4SL8u2b+#{NpW
z$bMPSDs%p@V;iEQcpq>mqkilmD+qa!EyDB_W3#Hdy*i7tl%8(ohC8+Up)jweE*>%`
zkrh!0!}vrQ@MWN%-GpByeYy{fmzh7XbQ(n;&L|nt<>&Ot&W?A-_Bpo(KlcVQ%G9t|
z(xT=Bm@qHpRij9|>MCDntGQwqThTAmA6|!pe0@&i1kMSn;OSn6seFaWU*?j$WX^Ir
z?2(w}dJ_^ha{-TABa!R6W_iAAr7IV)s{mwvA;rh(q~1HWUcC@O*@%s&lU4{&a`|#a
zZpgc{wfxITQ$6EW6*oISTvRFnjy?YSK*93fQ!Yzeuhx5TsBVH@?a~V6)P=FVcyE3l
zJA&(66lMwAn#v}drlhV&Z&a;X7;0DAa!hYD-eRSI{a@9Atakg%;{09wxr!B`x?T>>
zd-;G(2yThX!@=v1nps#H%{w`u)<o_!W|wG*`d+p`aWUd>&{#tI+y=mlS9L!-oNkv-
z4J4o^K4@6RK<#+cNDc8(DshPIRD4%d@S#kvMo)<Hhi}}XL3%1LWg;UWICs{X!4YS$
zW1q-YxmhPT4y!DMBID)Z8Yk7qLGj_Qu}4PC%)X=N0Vk3kTdcc@5P2ey&h1;}sV4m3
z!CD60aHYP%Nz+9}l@$S`Ao<sD<#Z%}a3<2ZC2Iaai?;oiRhUwl#$npMc}k0IqOKq_
znf_;^IRT`~cEo8uCfdxUELLIs6*<khM%rM*MeA1hU3}i|F##^i_>aX@!jgMM0!+?T
z+GnbB@~XAYoYV|RJs<@5;juR=_fj=l0lSvItvQy`WnFY(xe;S<^KqWy;ob0#|78Ul
zKCQ236W5n&y(XK^ey;qbAPt~DUey3#n#N)ksZWeg@s0lIKWEU^#B$1UDms7(`4XMJ
zJF;z3UtU&DW1?*`_0LNEi=14P@ke=w<f|>)Q^3X6dMpQfBM%VNr$3!v=>}S}RfZN?
zZ!CJMn2kTOKS~;>4_&YNdjLRxTzi~|?GCRI?R<1UvTQ%dn#N#y<&$pLkznj6X<l%j
ztRh;pLj9W?x9@YrX!GEUH^^!85I?fdD8^~zmDFAF4aN#f3-^ZMzO_4aCZ%)k@GnVh
ztU#JS5qB!J^fZvcJuE%1x--5(+5W>V@-?V(GxBW1u6gn{qPFr{i9sBF&ft*IV^RZc
z`_{jpJCUXJ29KN8wIiq-uHL=7`c@OBJ$(yn<k<ptOYU_a!^PATv!Fpi*XVcQKjcj$
zs@s3{*?S*8#<&Lo#rB|buvt%&6QB9;dL|srWg_8B{&HY>6lv##?&DVso~PQEMQL>l
zZXn>cJK}7+s?Ne?W7r-gH1$mOT{@lF;;j!Qb782LU^Y+FLl(_Pv3&^lO$slb`)0Il
z&OI6kz9U1s6Z&#jzX%HkP>dcaCFK<c=e-@b;TT?+f15T}L?e^JfVt$qv!8<S!ph_!
zzET~3TLuoMnn54lj_FMhP2bm;lV7602fMMe_R~J78S0jHQ~TL^m3D_z)DA^Yu1+Mh
zGfM>`m+_Gpl2MJ(F>?tyo4I@YPzBG5Pnj#wimjrm8Kp0)SNquAC10#vxo$!nSU<7{
zk{UtZ*oAg4yY)9^j1aZ49VL_Yq~UNVy(I2ta{(#BS1vdo)(5a`#nj66(k-#k3Z%8F
zFvB4ezz-7vNr2wQD_gCM`rSTgoZ=htx6CCmU=iw`+dTnyOQ%l?vJVf|)%6h<C%%sp
zXngvUA()d(1wo+PI;Kw^xhVt+ZM06$2`;*H_XKIxa;k=*I<)p=xb~{;W3I_ce1-E3
z3dp_B$klqToQ9KiN<8bE2-j{?renPnsn}#xe*7qRMMIc?$Rfzp*VdPXr+YQ}`PwbK
zFLY9BCwEoSKDXwn^^yH~RlkX?XDNSgaw+}VEYo@qb%)&?2ozqcat1^+$ZH+Yyf{9~
zKJv)6sy~MTego!SndVr;E#?1y_5W-J%CsVB0E~%Jvyr}fk1HS03^_i-7h!zB$R^W^
zvw`}RRin!-K8J8GJ|jS%_?M$!;NJCL1PEySdL#KNJgWDc_ny6#<vshMWUtj_@k!G}
zYS8c*zmdqY_6ct{W}f@r{6+mDO*<%kf#PO{FO0b!{nadcIfe`TVh1|-V&~a@`^B#I
z{ppL{LDhfk9MlvgU+o<Z53n`o(^F$P_F!2P+*$7{L!MCIGRXTGhh|8n8~KWqks#OK
z@WQEvo@^(42AqQolL!Fk(Ktr**eIk^N0;K0b>bpbE9ig?G+4TZ&#oGw73Oi0R->)x
z4%%_}BVg4tnHr7t-rrHmp^&q}Gv+>8Ryur2H<+N_OI8(=N0psy0n}SY*5oLjT#h<?
z>$`__*Zjw|(W2C>Bk4e*SapWr&+A=&!0m3p*4ZiPTHE*Ivv*NK4vC7{ML0##16ZXG
zi*11{Q2t3<w|xO%NQ;r9E*tNMkFvF^^<;16EU?4MrFxBw1wT`?x%9F99=;RgRYi-j
zmeLHb1$Bv%5l#bqyBXf*xh2K+TZv6#Y<b#xAx!vqJ+QN~rqHEcD4P0xYCM%=YY8?T
z5V`y-fDrZbV)feOpx;0TY-Y{j{f5!{(4qluVpd$w>)$J>kpL&h9LZY{^`V`hhpp6X
zH_$>0_fNbb*Ps5w(lfmMw%>~Z^)$_~LZ}@5mB^})5~Vig`QDmL9452tQg`RF>d&@B
z>&siKRkp!RYg9#ZR4Y09UJ<;0_4)5%cl`_0_leX**3*en-JM+?r7*E7)!)H0KuQlG
zFG|lx4tJ7PD00kkv%+5N-pV4s9~D&p@&nP4FOsuA)x-%@YB=R$%AfZM%#eoOc!jD)
zdiSd#g#Crt;$!B|wdi;^kT2+>v4&3U%ALTvb)hKJh4sk?=hXdd9RJ1cINz8YJY*02
z^j{tN8?V2IOF`qmO6diYAY8Y+8$T{dcLJM!$^`zd11*)qWIyslc`d;_Gt(WqKoBSn
z^c3>M!6HG2d4ju66P+^a9C*AQ*Sc0!@R>6RnBa*%C%Z!bh<R;~Y5zUNl_&xilSA|T
zOnr-*M03`97w5juWY+)I3QtQ`#Wv3*dW0e~U4Kv<Yj;5231({mGHHGvsoyPr%zrQy
zj%p+I;C{OYG<2U2t2|OpduDG%PXTeMYk>tvsYmlNR{+tMkJv18A0^7pN9dDRY0s=M
zp~(9W+=4686Azqw&N<kxXOq4<r;Tu&YThBPMa*V>y>z8)!vm;^lE`(b?^|EF6gOE%
z)m;ayY=Qcxnn+zS<DI9z+ib`H7&yMYQm6{YNanAA>PN@Kr7&AJ`I4Bw0bj@7M%!`=
zM?#mvTH{N7`Z$>E<c|#<+c<94IeYs482CJ0Pm#!b1D+g?qVGkUA98K+HeKsCNe<Be
zokJfTJt`hcG-<5AZDH!Qqx28jD8gK)7;|OeK?v5zg*mt#^TYa0&1`u#xgJf}TzqRs
z%E%r8`v{Ezp+H*dEobGe0|%EBY!7ssg1fk!rM(+SNzm7N{c^aj#iBAtDQX&*4?8d3
zr!ro5mvceF1P`gRa2K@xrhyMi96ZoIM=3Leo=U=4_buyeZ^yx&QC*N>0g@K51OU0{
zywb|em#naeWeBfJ10f126!AecN~u2|z#}PxX-MFC3+Re^b~)_=xOUJdZ6gR4zv{pf
z6^`iRP%}R}XNM!c3}1|NPV|XKUZHbrtymDLfV!FDAjfEXA~FBuT;MP(#LkT3#H>Tm
zDrdQG>%_Sz=ryV($#Hss6o4oS7?y^5XRWA)rrLwCYsb%F_z=~7=^e(3>D=FX?fMY4
zchRkk+S=fV0Xq}`-VR%ntxn@Qj6wp7R<qA%A^5;JVE_9i$WQ%(yWie~8(Z5`c(b@~
ze(*5e-$yGTp*G#YvtbSE-o1^Wn7GzFU!z9-_3xJv5A{z10qkOfk-_dVvtK!|;1to2
zL(t>VkZnCMVvda9BKXLkNQn=>?lh71ZS?M-n7@gnXY>Fw{Wa`K@K+#jcv_B|d;0w9
zjeI=*Dv8BtqhzES{f2$Bx5Y~#>1fR0f7%{+n;$0o0qycWf^^NwnS=be{qO@}EqrjB
z2UIKx_mn!>jgzrUmli$I5SP;&<;{)K53@!K2FHhn8iX$~wL&CmL_pqyBz|#m!E~)0
zt|2MA3o8tyn({#D?ta}BYj;x^S~S@^7BPpqoMs@E1n(K;3_sk}$lnby62f{aeeEr{
zNpT<zW^0fQ@IEtj=`R#oxSp2|baTKfnxTG=k=<3pMQP(fcSc7?8!#6}_INFcAsote
zZ7X~qbtaApyjG-a2}7X@>MzCj7lRvc=z=RII&1^R@{-^)RrV8wMu9r_Q|<oxwaz54
zl5q~=6b7b9^{6b0=P$CM1o$>|qBT&W10u%Ib9RC--)r!`Q!E64a&r`SlH82yaUAYD
zzY{IMY*^SEwOs~q%k?yiJ6$f!{G#@icEW!#8L5+5&i&xwn3;)78X9-3gsl{PG<3K8
z=B^Edb7aHG;c!QLgQzv~Ogfa9Tj9SA=s`K^3Sn3}HRGjlmetOvRt1GG&bJ6w&GuRl
zOJSb$z{{Vk+XFkgI?;cbop?KQ-rojC!-I?h&ryhTqGcq$jrS1!4dS7Qa3a{rFI&#h
zAePEHM#!hIj`oISbS`|ot0<zgWrSa#fkOsXTZ*TNm3x2&0t}quFcdM<D%2k>%u$)w
zjT#!6uP=|1Fb7=)6^3;t4&xRsO`K4go}~G#U<0HOg`7wf--q)Zf*r~3JaBpOC6Rhc
z33@dkJd;$yBJ<Nw*hH_$3_+YJV<@b8oQwg?#3y~|e9!2D={FAPrzKLT#U3rEV{pLR
zMhU!|#hFLpsR=U7e?z3nArk}mQL99UL-CDZDegEEx$2n#Y#dCy7@O{N9!g#b@d$qc
z_k&bw&{9iB9N1J)Kz28>))rUW9dB;77J0C^g({e$hWS;(Fxm$OLPzm1WrE)5%)a>f
z0Q+DyWcS-)2c2bvu-TpS(Qz54J_Vpy_DL|{#JmFuD_0Wbe4#^nR%WE<Fm!EsHe8%^
zNx(_a97cziYr<)wCyZo;T*xs`{$}x8r{ZB~8^|2b$?SX1W7=NbPPpPZoX^@d%e?~x
zf-(Z|g;m@5uJ=)R4>;_PfF$pZ7Kh-0u!}ry5S-j2OQFxJBQ7Z1Crcp^Xbn_f#v=_3
z;KCF3{7_Br`y}u5^&wzUPTj!(Z%MlUzQj`mZZC-X-Z!7e6N#}jca<ST-oVr+a~JX$
z)eW~9GS-^*&W+}^HN=-h3`c}@GZ@^53apn#x2qryjzgBGqvEE`uAbIZL@eaO0ok<S
zElGb=h(hxGG=ER`u!rzSF$5lRb;QZzQVLwRlmzN35PS}F@1~zrf4Mj%qSxdQe|q;4
z;W{I_lN$dvw{d<reQtKA`UCns-x++eO&^IILiUqC*Qb=J7*(R}I!mG#Qk%?Y(qH$$
zG-%QO(Tm9!C)Q`$r-hMPrwwI>&%1pdmrz881@0nX?-1@TEHPzr)(05Jf8of96T_a<
zO)+zbVPdaP$5Xgf$P=?vP=*+KbH*SuVxF@3&OV{Y+`l1n#W5@fqk{wZ-7}_1!M3cJ
zgz>7U=a}?<NKsjQL|NJRZO(J`TY`iUz38$U4zt`!&=x(p#eniw0MX6fA+#fBuvC~q
z1%&>)bs8~C%p1Qrl^C#4gBDFfujlO&q$BVsi?y(Z`)i95Idm+BsfvkRO$TaBJR)_C
z5o`JAZ2$(}9nr66`&tPLjsqPaah#A;fIsPKKnM}3uCqANjB^PAmDOIV=Cf@fR_Fmn
zlEBC4WyAa{>N?|@>}2QWTPeh(gM>w3Xh?+&hFOe($Te=zuMA*GRVTP=M@HU*tC^>-
z<~p%SZDFi6{|Lb$;`E<9G)aD%zs8E_<Fz-MzGfW`Oc{BbM9%15yQVHRJJ)-1D!)(|
zdpWi{Iy%+F6gup8%V-VwJz8=I=q$R`(^M?u?wMdaN*QYlDZ0=^xUZ>I@&2X(QaRLI
z92eT%jv|bHKJEa)7HB?vAV2-OIqi<PmlAVhBG9v2U@mpuK}B2k+}4>}KNb+~Up5GY
zlN!p-!W!CeMHYgzH=+=~d5Sd89gZKqYz?41b<BK=ngKBbzM0O{&;C+d?!rAZj~Sx7
zC!`}k&6veP%{cR}=z@u{z{VqEPJNI+)GOs+UYK(FxwZjBDLNEP2wzx}Pfp{YR{fV_
z6eJ-Y=)1RSn3d8q?R(7U@KcMk?piEJ!(}?l8+PBA9()4RU(D9Z2`%Jkz6Z<5m`H|%
z_mLK9=b)fJpI_`X&XX{<0}9%A%&IpgxfZ(b#&Cns9TUrC;aCXMwKB^oF#O<yBsBB$
zNBRVfP9+SmT~EBV%pbc-nf|n=(fwm|KpvP#fCLYd-op9O+=Kf;C@J&86d((Tdv4&q
z-5i`)e{y|KOG<hnyG~}HTydV^@j;bGcj@|a{~9erAxA)r88Fl-G&PHT0|b+1c3<Q0
zurPCWZdILaRyP)Zy!rhRZoDhT{W)1$=tH`Kr_TwDN-BW@TtU84dHyNwyq79Rm>L>Y
z_7@@H9-0+nTf^Q&xfS1?rY%+cK?do}3c3CV4ZKIv_TX&Myw3?yt<$6Y-TnP?^C7)m
z*g&ox#@jy-%I<O^Oxfb=P_L@Bg5N#&C$ocRp|&E}GOkAdXFFR^`odGoFYZ%Jd$we7
zc`+fN`bsIo96!gD4M@5A$E<Jj+0!116ZqCvhxgr{oC#lAmCuPpOLPg0FxdsZB+3l7
zHM&C&hK+R1by<~BKxA?f3~a{GF9VbqdT-V2^T5N&eMo~%+c!cGQ-DY~sOj6>Ml_1X
z6Qz}cSmlYNR=CC9Fy(>|q0-a?qAJNXOe{5!D)2NS6NZbq!Q6P}=yCvx?JM3zM{tAh
zkHX~RM#!e-vRO<s-sN<HwA3s3@SE<B>X+P^X)((YlC@b3lPi%&Tg)`$L_etXv4Jyb
zek@j2da@+a>@fRACv|A%hB3qe`aFxrDCqzOJZsD{8l0ff8%X>S^siSb3TOuD=Y)cR
zG@39@E`+npa|>O$Y)so`^PTUOD1pxF<g=myY$_z*P{WHOX#`<WfBc@DXS~a07eg@D
zw&Kh0uYGFC-Zl5=pY~=+yEK0b>9`@a;V2P&Bi*&;HFL&M-V0P)hoZ}?leisTICntR
zhm7WETYC`njkiA5sdrmEHE3L4o3y?FKG(OG<#!>af~)*phO3?v-=7T9bkQgjBqiqf
z{ldj({`ik0ft!dCIWjr8z^;cOgid}IR-3OqVFg6qRe^x%(RtnO)^uWJzcc!6#IE8S
zdSX^;RJoq6rmr0gQlvDJ^6H`OG=lM-8_?isc3F5O3fB+;;iG?PD!X?syLUSWIHa$<
zcB$UM`W^r+0e4*f4|cyz(l1PKpvysNXCGBdrwGqdgA8AZdLKSj_$%AbQZnlRDfJVQ
zkf;VMCZR*&X3<1ZiF=sL#;JnrHPxTrJzbsMJ|9(}+f|Y#X5HEcL11o2*mKLuC(d`%
z*w42~=uG1o0ldiT=_A|*p_-aIU^6c1WXRC-r%SEF4$Lck3zpj*wTk_&XZTtjMLZFe
zbo!HBcmS8?Vsm1)%%J?IYDEUlY1PnbymidC7~`juBQunDuO3OM0Jju|JUPzr4cM9J
zk1jAd%Ua0=^q^`#Ur$P3_<=*Y^A?kYDkP?z5{5i%7)!)en~7^m0Vp3spy(s_zT=_V
zwHTN+m`)D#HFpeMT)c0BycqBOWRD!7=k)^^mJ&t!T=jq}1{;(XP8{izDDk|$SjBN<
zEJV#OitJrTIKldB)flgacn5WwaYhu9>X;2DC*>T&xi(Nhcf-{MS<^xwC_HGisJBc9
z>u)3uwD@SA;kktht7|PS&{+hj(Zt-WLpF2>&IP-craxo^WxoW$cJCF3T`1lznV77)
z)LGt$Kb-Prc3&Z!G9%IH*6ArLf%9bI*R2YriBML9ye&H4ZHap3_@BP$UCF%EJV<b%
zEC|JvH|y`hn97Fz58^*vvYsj+>_h~5UVVom(TCepM1pLm4HSxQf!A8`nF8PLv8bgU
zL-6=J)zUmr8?aENg<^w)yivoYtPp9TU~%E$N)VWWBDV9oIfKy^c~4q7ghTD0x-E{r
zxh|7{`O;L|Uxze+8a!&#?3Pz8B%XwCgbf@rhZ^lT$74ISTz^hEkGy!7YP<5fQS|Ch
zz@7CwUY^lkwNT+;1AE)V4&~YFB3iq(h-Q6r+oM7bi4JH|bI_fncI}Q_eN?*_R+{j@
z8w2$8C-`2Frsyl+YGvR$L|}e<J*`b}cg8HoIbe?>r0Q7~q`L1KOWD#K^u{WEvnEm_
z;YIm3C^b*zskj3Hc{yTC*7#?>%}uOmpG*~s!YUeq!Z!{=3OLM5n~G&=iU`;zx;ck6
z+c7*xZnFVnn+*y!g*bYmSgVS$H^Wte(G;C*XqE+w{dF~f3z#8?kwTdEKItO6n>rtv
zt1v@m7B&rfB>d-Le-2eo1*a;7JX*jpcPeL0jt2Hg367XYEO2|{wS-E^{rZl)|DtIe
zT*j})PiKzM2!z{H6+MP8DQHPH0?%~d7SKF+Mm0^viGeXZx}d+&hI%^pQ%9bOQPb0z
zyVg{33<nF&mfM&jMrd-VAV8pXXDN1IX%g{>^=R2cYxMtACxW0(Y>93Z5?r=8@mi)`
z#TJqLTx+?+ySU=Oov=9F)R`~g(#6)Qb*O06IF>Dy2ZqZU%nC016q)KAU6S-It;XyA
z?yL(%BQZc?v$Wu0vHMwx9;>=*99n#$nzYs<?HnoZ91y9-6VX4Yo9@OA_oLw(Puu$;
zN9XG~-=$*r648RQ-s||qe7B}!bJHyoFw@M<!L~tXnm_aG@a|~)q!Z+F^jcimm1`jE
zv&4Cj0K_gH5rD=U1>xH68hJN9YE>K?e@7-cjCD0n=V-7z^QkP_WEL?3`wlJm5G_H{
zWeGTK$QJTiB4~K}*^`t?`SxZ0V)JI7?&s{q9=ot%72!34SyTfz+1X2c^x^BVrLG!Y
znM4lBI9^<2y`gjNs>3Bpml?jlPu8_yKtiwG0}C7nU}%R6Z3raOkg(};`!|0|LIkIM
zpvm&LGsSSTh<E%|SeH*irOb+mo>Znn>}h_Bu9j`2X-B|~Gl@zHGj1KYIt0npN{*8<
z?LF0xJ8RWI2*$Zn2Ug!>;qltGH_6mgBH*Lo4Izp?8Pgao&d-vlPaDR~N>ZXHWR>QN
z0r`567j%6QmSW16592+M;al;UAOtFu@>5^2#kD!CA%-BO<cW=2Wr@_kEoh=sm5v<+
z*8iGOXwvDgqso=O$`<M+(}@bIlZg83JOF+oG`zl7TS*$VO!4&E=T^fUn$WQGF5d-?
z>u6kk!f)16I1naD3(txq<oKR@5{H}53^eRBtu4g+(4b^1mzrNx4xMNuKa%z&e2u&(
zQ6HmGV^k=|LhEYtpL2LrAin<fyP;Wh$jWw|b3r#LzcMQ1VUz)C=<GtBB*8LQ+u+`3
zKv$B-$|pqP8|?4jX0!<75UgaXG1fm(L=X^u33;FYyoWmwhuKE$7op0C{YqckDGQ`h
z$AEgk2nhuTGyBT2sZ2S1WCFL$9MA{Wla2i0wXAZ(x#Pu)V=f~}HZu!#BHgaYf$JCC
z{x{LkTa6!4Ij-B#)ZGcoQWjI4KGiHQH3>>-r>*H)iY`vRb8*@L+jCn%>rgmu7Qd1O
zYdC9)Fvw)2G^|}=$S(s=MoY4WX#<!z#Jw&?T1I>p*G`d-pmkYafk|8}TL(1eblDji
z3qhR5_@jU8lJe0ZcDS@#^2b`7J<e0s=9_0l7IY=<S!0VNODENi2c&HmR>3ddA{mu`
zyK>}*oR-vs5`XaXh)1;r)804xIijxm$!iJeDtV4pr`!O-<<an78*kpEEj>UHb>3UH
zWx4`TirhQsUEpH!;Y`8A!2gd+fe<63<8E?w<)rni!`<b-?5e9Q;M4w{FtDYytF!ZY
zck{va!%8c7JGH^Sk?mG35pjjNw!2xt#>=dhVT(Og2ff&LGy&oNmGu=+buG=BaM0lH
z?(PuW-QC^Y6D+WCIk>yKJ3#`$-GfVly95uK;r?&l%zZOwtv+jacXfTWclTObx~je;
zB}n|YQSxlin8&I7(&L1i`E2>gBNhH|l2cBM7#QHY`A}exYz_rqgB{zOUV&b^2k-8t
zn-;PR%j@3;h8RukeV7XZG4RqHt1?9haiCKuBR-U3hKVUjp(tD`s2@3=K^IooNHc8n
zt+Pl4GK9x%bsdEyh?U|ZJx#_)YY0rrv{X4qu4{j*?ZyzmD)R>mxjSu80q8?HzOREL
zia-MUK|!}I3ZqRuE-l==sT`~#4ccgv+&2S-xS(VVxQGPXG|iMiyNgDyRttkW#Pc<&
z5a=&qJxviO-9yit&9sPMb$q!ul4o$oNi)qp69(d89bc0M^{J_l?m=>q053D`gs}tF
z72ljh5!5!@Ue+Mya2h=MCdZ$%<h15+JYZ}<B&-dWA8YQ?`|P7w?AR587R&UnrZe~w
zYXk_4J8q_YG+#NK4kFLms-03@MIZd7h-&AHEHxht59fX-vh_L3ZQXY-k3rQpFC|k%
zMuwu*qd5d^Pt5A{rz#I;&sGN6^SXrgT`-*PF$D3LD@x)TGl-x0+x{M7jV6TI4AAjX
z{W&c6siFe!a~r#@=Nv8ex*A;(Ys%t<)$kYMB`Tz=#Lsc*8O~PTV$t7cw8v<x52$;h
z5>X3XzfPz^s(D$$U}tPOSr=jNjDCo@<V+?z&<q3#idlok?Q)QN?KQtGz|_9hmF%Hi
zPsgC@_VN!e;AK6$e_kBpnKlV{s|T2nqa{0`*F@%O#)m|f3mDn!Lx#VQl$V1{NGvjm
z_C_UiBw6A8;tLEZ94XQ$R=i_0pU8QRm$e)UkA|>IZ&~2Xdw>Uq<9D_W{<0rhO{gu{
zM3AJ1qGks@mrDcj<b6ZUi$U7N^F=0H^%!I75%-k76mCsV=Iy_WU^??rQ2_g&CGxH~
z&u_QNG%>~VeDoxZHluhk@21U+eCR*o@j~hECI5`{{zoDLUtFE9j3&J-+wZZHUG4O~
z>sWk+6clQwbrt5^uT#1;wxcj_^9w|SHvA1WJ(ca9%{aBs3?eUMb>!2VY*v1avAVmO
zs2+l2C9(Ce(vms_`46&6V7#ioRirdE$0WW8CVd4=*M>;EOcs{F&oLZecuO&g`E%4r
zcYgl}ZaP%{@_T?!Iw)2HJ&#=F1>IA{QbB>!GNw%7HSsXf@M>;8UF+{jbz=A9P!msv
z{#T~7R{I;xQ?7C<B4;xr<{L)Db$j))gijLsl?~8T_*v%rDc8z`fT#ee&Nm!ieIq~R
zpgN47_}EZ*MeBM51Tme)E=$PlVvdD<_pwvH8ZU-lR75j^E=!0hEiCBXFxvi(JsPYK
zFWl(_Hzry2KG|R9otV>8v|7jsd8+1wd5M*z1co3vnb{x<P+f7Pxm=+kLDCZ}#Y^V7
zCw7RHz*DcpI&E0v0fdZ_#HjL_J9uTP87fxrS@&A_9Rme8<<85;0rr0bEP}&9(JqmV
zgyv+rzMp+W53GXrJyc<EOFgk^K#$zbm~1NN_fvOM=cq21XdgY=RdKE6xz=8e;Vab-
zF-C0PJ^p^Z^Nk+4@J2#>&i*S_sp5S&81mrtYx(JA#)Z*<6EJA}7*u86?`cdoERiap
zvfJbH+&Nd)JTp<?QYRdyeBZT?!D}Dg!<MDgef3YoRX-YMbNFX5r2X_?5z|_-D#nk7
zUF9dB7A2Qi)Yj+wh=U00R}I@MZw6U<p6MFB9vfj>DL`IXa2IZBuv!HRx53#0^=0UV
z+RrgqZWAsJ;H*zp$#U8o+cmODn)>S9VhKLG?3zxZz}zoNAnO!8kGb_Pw%WWz9dS(%
z&cbwThYoq2LJGy@z1zL`_{H^pPv6t1z?tW72|}nY-T^IPWxOox^Zp?asSUGoAbm?u
zx6k9q&DNZ{I~&a19P)wMIPikyT<7EE>~B&&XJbGPXknXCoH#h+hjVBf{=7qEVIAcf
z?l7T=D|s*|mBX>0F7|Q_r8q_=0LAqEkF9CNP1R_G>QD#`c4esEDkhA(b|H+JSP?wQ
z%<t$)6is;p#@P5|*x%mTKefpP;-UW1I{)o#yD1oJm;~D$kXXlAkMn30N%5!jUop^q
zcgwwT2V{ow6lZ>RTWCy~q3ISi1erxzRuHmotPMulBQZ&{Vca=>p+=)7Suu+X+rhTo
zub(VDFKQHHZBVKCri;Op%p&}Cx9BU6ByJupR7!(E(yI(xu1->RFo-(c6!&&WN=}uF
zOgYCPwVU5bw1BrX^?M(;<#QeUFXDtOMWno%eV~}&rTXIp!*JV2N#rOt6<p@-E~4K*
zSRmqNFN-0(AC>W_Avsfgr!KHHX?{cC*tqSi1`VL|OMEma(kc5bWLTrFRZu)6SQ+6C
z^L0`IIZ`s+0n`t1iv_qHY4Vf6Z6>Rm6p@>5&s>J48{E0$pQKk~|6-OmK-^(yuEde4
z*-4*P17QHdp_4IJb2yAP<rg@JxQy5efqqhI5cKBMQs_?Yy<}g%Qy~;H`LN9NnxwvB
z<cg77Wvms)9~IOiTg;JnNeFy^m77ydni<{GoXp!gTcc|TWYFyv0a<I=u*|r!2dxUP
ziknmHj+m2p)rwxCt;3BG4?YhJ*LyGpL5PorVQB*j_4?C6%5rV}{b;6Vm9*64ILfPt
zL)|KN9tv6>8Rsu+$gc`q!3AFi_i>hq^f_i04bMO3Whp)*c3z6v|4s+2z+o2y*yP#L
zP+TydH|o)9U#|+@@0F~nUUD+nVwyCXf8Yaq=JOsIN~6Sry>GM&)j6jVFGlI^l@nZp
z&{6<(DH4Qn0yk>xn2%X%f8g_&$sJAV@KbisXgg3-<js|Tf4tV)AxZ<rFx@#Q=T>~S
zP>uX>FdBQQEcJA7jR!)#6zz8oK5UzFY-hPeq3XI9Vn=PDT6?z-rH<S%yfnGXRl9KD
zD*ddlF8i7a?{DSK$e`~syDHgsv9ix1s%!^HbL7MfL}h>`da@Mb4lm5rJ-*@XObY01
zglhLhUs~oH+;7}jVQ-^NO)2uGt#snYjrLFIkNfMR!Y;WM!d00aFr@6dK-&Kv*7^&f
z3Zp~H<DLXfUgJ8FLQd+mCws_%`fCQ8RX#n10&F`ZMG*g2)pC%xi-Gb&URiNJL^U61
zQ94z}>=vW*0y6eK$ag2-Yi~#kwDD1O9xJvm)jAy3=dhCu&5a~DtxZp|ppfy(<4wuy
z#1YOJW$Nca5U=;csBaunJ{aS|MHNk*WU9cTOY&)HTsdlri~ZjJBXZ#}hHcB~{=0OT
zTF4P;CZ#kmDKE4LgZ(WF@3fIAk&^<T96)1qoqF+mJkDy|K%L!lb)#Pjyc~n^7RHI%
z9wln}uFK(s>O^$>MMLn`jn7QiL9=qFNiB!Z%u_zn3QqZjdyA`V`+5?=cj#IMBM1E3
z)FWqw(7e`1OsazH>-3oO0FN1v`$t*(`!Lj}&Sb@60yqaOfoyiYN99oQthrJ^y00ti
zJn>jX9<iT-+_q;>2OIYVR^tLZnKvX&&Nb902anuYIfYJwu>?{jRLqLiiiUDL=Z-C_
z2WAa6-#zR;Ms0k9(t;OSGwcjS61=DNYbjWtIU}jdXF>`3=wfVc6^04Z1Yu~TiRD31
zQepY4rmhVP;Nkwx5pB?6VF&>vCgkO(Ys4emk>CNy-LRLZP{NBPo8YFq-^sE3B6>q&
z){-HQ!A}wq$JRQQC=oys0WxI-JMli7DMDS>eBF;)RSq%GLbL$3u3)QON|YS?2W|5h
zD2j=MA!@;`;vuA?^L-k4Vij9j<<Si-c@4ywQXIz@y>p=eSLXmO)?;9XU_dXKS>5d$
zB39D2?5~ixh{RuB_$fbHcWC0xu>SlU^p~YNk+;6)*hNF=P;tY_L0N<-DLXc&L2@ar
z5|O32klY=@I+!BIfW^b*5wzK>;TfPm;y}o8L``Qx;rrSB7kwoV6Qt%{akb3t<M~^6
zsamUv#UZA`%NNf{(?|=D01J0Lv}E<uvJLqS(NkU2U8@yTJ>yyZbn{P@EE|gz<RmrC
z7wP>OkWl@+6)zGf3|bhwmyRPguQQu_l>csE_v|Yl!6fu;N3Qr@4YYX0hPsORu+Hy#
zs;esODZK^}VZhEIw9P5y05hC4qp>PG7Q>zl@u8O|q`jWeS`!Lzlkzm3$7F-E<3syi
z#GM>~QIZ9t%4H7!L@B=43UFR3)y4}()e>ml=)>BpRZa5|n*y0B^#k_7lvJBUop~v<
z`*XhY^Av<ZbM;4r;(E}SBeF!4e1f{(SnTv^u>o*A@gs{xXIKW|Ulj>3+M_s0)*(ls
z8amNmD0SIT<aq$R6z#qVI-0rR44TSYww27Tfx96a-F+OV4^$9rF-;P6wX0%*tIib+
zN`tgCpCWG}(APvGX=Mg4!w(W-G|UXUsOZZ~S1l6s&k1IEbU~96j;e@}pFBFmgO+AT
z;v7@VA=c%&ccO?YWX99!!n#x?E<CqZmLj$XBB*eiV%UJ;{6hVVFWON%o(lBJ&$^nL
zL3@$>CG36{88`IKcMzK<$ah9V5n0TKuBkBBegk#b-_0~WFBy`bPYX!*A21aK<5x_4
zK$1Kyc{Q_}SlV0JM7Q!Wq{!UnE0S@gYbrOd#Ia|18@S8HoiXY5cZ>Q}uT7oG(_xu{
zO$0H4Kz{&0SDH3<Kq_gtxEx0ff90`2-*)Hh|DqQ!JhosYzksFJ+b&&jUDU-_Yv!!~
z#i~&WOs5dKIW2@JTpV}ht!TOgv4V#Q_9#IAW8qz>1o9Z{o;qDAG1VW-(5!p@^^`7$
z!8k7s+7UcO>?c5_gP=0n*v5U^72ngd2`2sna4rFCK}9QM+O*hAd9I5RLw;$xrL(R&
zwFa2`C8ah8bb&llkbyW3%Q3!J7awQxYBICzIUvGu!u@&#o*LB)X6wUHBQt=DE31PU
zkvZhKCG!H-Rxg$BNpA)1z6~2PiSa@t3RXnM%B%dCLjJEy3AA?1g8-Cd*kSERlxv19
zY8Qan6mt}*H)ySaBh1#x`<S7_M1-e|$8xs96@TPTZ$gy7(d4mt&`)+9xM>Ti{Uf>s
z781_fiOZj^40=>m8w@}04EE+EO|TdUqKRjOZF$b|5pthm8&uj&A6?0LmPSa>jJUB>
z<snRdA?SCnlomVM@*i-Dg9Ih2w?pnWJOP8LM;eWgNX=ejb;>cI(A~KaY95b-{<2+j
zDT|cOQcL9z*GFz~D`fFu(_x{|d-xN<{i!*su)rwFCr@wY@*bYnO+LL;n7Ti5?Re&g
z!W_~TYx67k+dD2l!$6Y;1}pu)dG}@$a<V7MTO86gFf1=dncNRk&U>jBnoX?1q`<6O
z1gFHcNm_&{v#7I$ZdzvOKn-jt4qOeFNA3Q8b3>{=ce;xNGB%Gc<$Fdp3H@Vj=r(U>
z=|=7BDE;u#-{0kYcrp6ulO<E477h~r{#|h|)C{x}Y3HjVTAKg|UdqWUS2j07`nZVO
zxDXaL|2`?Y+H@~!+5PRlcwX3TZ2^FmVbPP&mW<JF1+hiZ{7|VkqbOCI<sj4bF)nqy
zLw*S3)0ziqD8hUZ$R-LChl)zIJ0@e5Ls<3y^nhRL)7TE?yPns{g8id})Nm~Q7V3{2
zw{@&+_`O#lc*C+KnIZPr@!R3UwBiNX_ddwYumZ^KH+jEos>VijA)d=uh-QFR?o4Kx
z!)^MNSt~)JV@)2toH_w-@rX1h{Dcry{n#sdRj@3yA=+-4_3M144(UwqpZLG}kk50i
z$70U8J*gQT=W^O^xhvnMhEqbz<%sm{sVjW?0<_QT8y-csOj}ha20f_Hu6Pjr!q2sw
z376^VD>hg#vwW529+jZKd}sv<I>|zykecT)bdnfe?Wq+A6IGw4?2A9QeyYMY9$_`!
z_*U^IhTEm+s>jr-XQ>r*tFynT`+K5xUS|C@Ng^2&bB_O@a%nwVz~GRXX|a>dpwV%=
z<L!vj<afK9*~x~ck)$<G&6;27K2MZpJw_w8GRH*UJU;iWbfok|`U)o?z2x5>1C^2r
zwmh;5TWgdGMmibnA!`uJn*|QvzJ;IXwTBboDo3BS2D=v}sGmsOrf1?&^u|I};q{qe
z8&Wf0q#k+WHH!237CB`!z=QE%5jJ2g8_DjlG@^{~8zZk!_tFS53v)*c7Ldi#MmQ<a
zZ3mIxi9sR*3l_OFYh3}OV5=D6V&zi`HohnovzEo#N>dc0B(Y;$-t5#3akk$cDoazl
z$Q@Oo*G<$GH=&n~_Ui&l_Mo!Z>>@mZUCe<;bt#%FJq$IGUmM|ETK=j65o!+o5ME*j
z=~rM<xbyW;5<4=;lBGYm8<JW4i_%NhGlot_zz)?kV9ZKE>JP{f&ERQZCv+V5Gnco?
z1lKl<PH%CkN;ZTn!ZP^$P+-j=N%sxijq}Fvsq87A5*0zn$wyNcM=>6S_R4HBBz5wO
zBS0aj<CT!Z>WV8{$%^0IY<xUCGqb|OuiK4A`24#+wx;9H+ATzO&}SB)gL~wD$jaT2
zoi=WKm|74rRvAcRvxW+H<5)F+h|k37;=>ax+gmfK)O;v+MCLpAWH8iFDPL2|aR&_(
zobEO^F=$B7=tDI&e-;nzjKXhj_(3HrAkoVL38aVR4<5xS9=y95M7yPdB^z9=p%cZ>
z9{oiI-ZR}N7$1>m&^Oo7H#n-{h!y2lK`KenCF#&%TLwP0JBE$+$Xe~C1JQWOrHr$4
z*35$8mI`zYlw*x%1wy`PVUKic!Qeg(QwwD`iPapH90U?551R@RiqdbWkc5Vl>ef#;
zDjdF&3z}FTZi_BV<@I-Jf*jEa+>Ry}#A3T7DU2G8Jo$BTNOTyC6|VZ+=e{7i^3#rH
zvTZtMRsn@}hb~s^FDdxro<a0_AT7hcpN_4DGqaV^P{UD&0<#*%hnz8D5OIxY6T!Pu
zlodkx5|oM`jbJl5DSu;-iv|Z;pXh*}It^b!We&3vu$(H54I8zH^z@WNdG$H8>@itw
zn+y*|tG<?GZzP?-b*EAlZ%vh8v1fWn)qzdLhk>nn?s3qjLmTbpVN9GRy<0Ujg^_0J
zl<rtYGp<9~3ZE|n)v0Y&QJ%Sc3f*;J_g@YZnl63*VKk{S&1>S1wqMT|7d4ZNyNYnO
zy=F|leUTvk;9}C_?cx9Mws})E1fMLH_uZ#$6OF?lhFugQZL4qVz>?wvQD}wNFOkKy
z*8qT1;<2%rpf#7ceARreH-j+SOUQDQ9la_~(@d%}^AAfpUa*mryc71wQd`W4j>z`L
zH8^YG*Z=`4bAsW=ezLLQ&H)(1QR{4QQ(a-R``X_LTV@$unC^~f08$LTXcl8bCs8+X
z&>#U03Q;Ucy+h)8GQgvFKa^{1-TNaQ_BQZ&+ioiFvk>a6DBG;(?)Z`Mr>*qmwHq5R
z^NCO^awpx2cC4%$nENi3ILJO<&l|a8<^4pO$&cV9-x)i6OM3f_Xe2KRr^K^I#7UyK
zg;F}fgw@v)F@_6=);8vh%6Rq)9V%+7$XhXgbs|$N1ro;P7KBVY9Qj=Qyq*E$6l}m$
zZ2a~5Zff1jYuV+Z<)h1Go(=e$?QtEp`dwcj*8Pm*<d(@52;M|e9zF$1`3v}<pgQYB
zRgRD(eIxG2pK9(cXKa~ks@6<I%iPPx11NAUeJt~L(=>Rv7>gaYmdt2(&LO=?1$oGA
zPqOCDm1N3NtSX%K<9i<bEOxY3R~W#zIex=yX#Oo#dPl91X<@MC!0~Z7a(dJ~3xQ6O
zQLZ6S;V)CvVtMZYP}!6_q*q$H9z`!xuffo@P_q3Luf&n_vhIiah(oitOz$WwnOr}3
zBiT!TUXeKNYWf4`o*aqd#EmR8luADU+q8_+GwcGF<-V|ViyCe~U<T6<>IvvSCtJD-
zvPBW=4lXQV%ubWq{FrvHN(ft!t2&E`Ielm66N}aTAzx2(#p@GHB|I|%sdWG!(qwO=
z6hEm~e0k(eIp9m8uC!b_B_$-ACTot?1i4+=S>Rm@wSH|CcLVMp5^Jlt03&jh+cx`3
z*Z4)FdsKR@m<mGv#2Z;Q=K}B;v)tC+$`nmK+0&y!tLVS^-xHPpvbnK2Ry?%=F{}w0
z40U|3ZMr=*-hhmV-|kLuAey6cb%bUAJfcWyfn-D1`vpC1L0a-d5@BD$s!X_U4(ov#
zw8S(^s2OIw(~;^0U<fas$%eCxr!gackzSehN~E4MIl7`JAoD$~$Qpou5e8?aPN{A7
zM$CQiS^hddNB>Q2C{ceuUI9;sbb{Oz&B01F5uag!4r&@cf_<WU!bg}1v9coJk^^fx
zhwZZXJ!3OWM}>`_*4*RwfIE2vUo-5rC02#GW883!fDVu64v)Wu-a)r%d90~Ba%0j$
zHSafVC_09V>Ra+od0zl+u<Q9fdO~mDN6FsLHPuJ6>Ur+)pC+{@s2o3R#}VR8KlPW(
zF$o)3t5CVQgH;#;88`Y#%ZzWn8&O!Mf0{W}&#k78Ou%<wSZtzyO+Zh1YoMwj646Iy
zthZe=NU!5qR}I7Ylq`I!?mZf#Pgjin@U@U-oC;-CC*^iBxbY7lb@AuZ%iaK7cl9ah
zt#b47@h5#HE?vE1M)ma9ExCEEr-#^unLh}yi^5`@TD7aS$GHN<K8s8BS+AXQ%W$s&
z^}othj#__p3D;r`Jr*1UHbM96|JjQddHeG${Z<SD&oW|4+&MdD;xf;76yq%;Hg+%;
z(kV-{QE>IWUEll#sOT4;>6+w{+!ZSvI)sTN=V&FLI_XwJlA<C$hiW5T=O_E;eNnP#
zvo>eAnkcE%Gi-%E5H*6g;LI6Y7z)77m>5v_iAJ@dyS|2Tip16`@})`W`#P~Fr$imH
zq^H<+P6{_|L}qhZ0pYRdMCdE-uOGr_^XY+mH7R7Vl6c2KK-Zyel#@!8HM>76@!y>1
z;3M2h7xm=6fPO<Q#gN)0*&cNtr4eo6)9H5H0<#HlWz%n~B!24Xl}PuT)bjx9YNb{S
z6K*4sVzyAP88PT*565*3>u{G=1CHX6B_?l7Y!3Y0R6XiWj6Y3<?xWP=N`;Km{v#oC
zbWF$sAC*a4fb{+&ncTAq24Z7Q_k2@*K11TFn_;>4R3ziW497hji<O=*(2cIhjDy^>
z;QdU=5U!(>|0KdH>LjVUv4rmU7_#zAr0yAyZ?<X?HR@SM52i6c=A|LX;f)+G+JK*A
zZ8mz6TRQtf-~EFPuj`kY?0Vs7<k@H)*T=_IS_?v;1m$rwnKpV&#Hz_lA{+5kW4nd-
z66Ks`f5ec9o9aUZZuXiO{SPaz>ZavyUk?AI^n+|&zOdGL(Me!0wFM=8X!O&(FSFxN
zgHFLWk(Bt-RsO?DPc#{~nejY}@t`Sla!^>uGLbX!0tSzv4fT3K(~ghM6NW5~?0aAx
z&*xWapb`l%F<mDAg-Dpo0uRUB9TY{wO<U6kS!2c=N076rZyR@&uW(a{^T^#)w>YVJ
z_eua8yQItD%T-#DOD81*$z@W$HlYVTy*5zh)eogmLugxaQ*z`YVV0ckcFZEbXea)9
zK!cwx?z60w5Uqe7acVYTRpQ8lb73{#Td2DTd~tX^huK{iIiBd8dT=~rE;Gxn>SJKR
zx>a5bGZ&Kmv5z)4IA&M0OrEQUM5we`-{|cAfi8p!+hlh^Ae(`3tV+6Q_>lQ0<aup7
zbjB2JRK>ial+_(s`Hrmt#j<c(t<}{RYvITqD+Nw6V0Z%Ig@!AAl)1UA3N$Tun~#D4
z_>C@4zfeCqd6Z=Nb}Ng4dLPRV1as3aynRjt<i9Rt=PK0c7Ab}*Y`Z!_N^}<wLPmUY
z;^=il@^l0qJYX7Bc_Xg#3LV*7%2%em{}dc^6kiZoBnAC2QuVUYvpP=N+55&YrJ%!F
zm9;6iooDKSl$0RFD7vER`P-FPYNN*mXiZ;mHMQ+Z{QP>530o3vsJvo!&7AfHT1@H5
zl~bL0{8KUA)f_nReAAA*tlq>AwU>p(>gCD5Y5{SPb+=a<Jzy8}uUDmSvIxpb9OV#5
z&w+8T>J(W|78G8XOame?i}*o4)>bhvv}kZuNe35ol?}-z#^9^EJl(NdBzRZ^^l+VY
zHyM6;qOy76I?IXD;e7ZoLIH}9uS=9fm59Ld;lmNZHs}p?(Dr?mW7-XbIzJ$mxk&Jd
zQP|gg`}!-upt3>6EfV_kw2#p=dqcOQc}lcVM6k25^@n8EI3FX6&dKfd(%tx_CKxHJ
zfSoCeWqc{CHXpowL-%wAr<0iu;0)#YobI>wJxavaot$8NMoUfc-QXe@RrY?b`Fg4z
zqX#jqvJuha@eO=r(RKDi1V4X`iyW?%PCEEb@#!M+yT7+r#zF*NoT~l^jt6@^bvLuV
z#dbe^<UzQ`hSI$DgL}AN7w~Q^fmW&195IYI{S$EU#F)m%o9h-0evci10kj9Q-h&6M
za`QpI;1zWiNfVoQ+yUsV1J-?Zh5ETRLfli&`GS(J%S`HPD@+A#+se<5x>s=f!;_0j
z>2W<+7g=@;*r#jJIR+lEP1@ZWmw!L)ZxJn`rkXgrK>g8e<G=*RMG+Uu#$qu`56sJp
z@Xu@ecvr;Sudf@N8)1CE0zy>IV_I(%iDu5vyGX}Jx(oP0o(RiPIY~B(-LPa!dWyIL
zxT{r*SmxJQW-r8FO)7sYxnX${MlJ}bL2J8adArg-Sa?$tqJ)H{`!ZS~MOraAZ%A=a
z9OW?@2)B&bVhrRhZ`2U;QY6KAYACOXQV}HDI$~ySEMrBgQu}mH0%dXKH&(ts_{gxU
z)!EsWb71c#?}^rvuDsw0txz*5(W<_+HibQu{4#U;%t7*$Gd0MkUZQ3;AIPa+@JXu0
zGVX>ssq&ZK0Z7XGuzX?CEwEWOTPX#lq%dRRomOX_Fid{iX_%3~3sqhnS}g7mUIg?2
zaGh`#qpxXJGQ~J-116db?Yf4a>3BFIQ<_Ss(G(+$#=$tfa7nuWroS>5QI(@H*yV@(
zk7D^=p=~Obs?@GcN59Si*!|VrK4>>Zw6z5Lz%p;WDhW)V(H#xTN22(M17~~05y-Z)
zCS9i;%?&DsAInh}BA-ksWco(Ab2DrDjtcn3cNR;QDC~XefD==heNV=uAx0pnM{jZ8
zL<H%yu-#;#<0Y`@Vwg_{T8nzPEjChX)K2~bXO0EPgSLA&!<+T9x7Wl+X|e3yZ7d3`
zps}&16*u~NP1BDNg6&5<*Np~~BHK9*tc@hWTo)_{x~m*y^9bo{66+HC$9Aljx@pMm
z4|$Y`+fARbfz<=1)I&w~Rn6Mo56MWJYOelRD>x5>C{{KC(RQ&PKhxM2kDFl_b_F5~
zW(P$#UUK{?=D-p{=%_Phs)2)kv-?)oo)L`Hr{YSExo^G*&ulCYbIj(aQ1XcCRG^v%
z&qi+29#gKm!WL5)rBTylu9UKttFS60hIM6W;EjP*0vKwx$j%5E&PAsBTDo+5f0W-V
zzW}QdKcKi^mv&Yp>)v(R`pP|wHU)l3xX&Lq02rxGbxZqOz&8(`E<Kd&Z?K=2%MV;+
zSvfi#HlUTp54}U@wq*80cg$(U7xpaxmZt@B$o2$Jn%8dCGx7FDy!|6!ewvc>^tz~x
z*T%dBARTMwPpd#^`Hp4BbLfhW!>JcJkHm^~f%j9dE-<^5F_Q3LmBp*D8`^PG0JF+}
zggsBCLy~J$T|(KM(O5WVzOlK<1ZzY0UW<q^^-296X)sy^*0XTMR4gKOp86ij>z64h
zR9YsT^JA>W8((Dr=YhRale>L*+RGFZqlk<s(3Kh5+{D$9lQGjFGT@6EZ5q0&U<-ma
z*Eho>gEn*4^pC2A7U5w}OPJb8ox!L&|HL^tIP9(ln6tD+iE&tAGCnZcIUzw-|Nd0Y
zw1Z1|{kNZBJN|Q(FxCb7I*P_Hsouh<C_jb{^gz622y~Thdk9&SRTpL<a_xX@k+onw
zaAh0r0F|3@VQ3UM$cmVaO_~gYs*S)D73@+MFOaulsBS2h+g&%UMs3?I8P>O9UA7!7
zNoi#{&#W8fFff(T^g7YRiiw{cG``yb+PG<7TgoT$Tb2C|S+p&sHw#NM4Q{mxCdf!n
z0~B6s=Sco0P#03=4+kL(c4_d4FfGXdMBnR5>3kj?-NZEPO;SJ9w@y$vb!ysSp~|Oi
zP@b3yQOTsExUw*yWbrX$NS^H{As9fU^w63Q@`Z|jv#Cv^^4v*6Zz3Zb7E?#)e5YGc
zrm3E*2H6@O(wik|8)L7Sb-skRd`&}DAri8vq7A9Zy>M-^N2{X<Y>nnzl&8E08c8_}
z$ag0XPmDE)OZI5#!j6>m%BcII#x|+N=i?jl@{S^0Ga2Tl{jq)uaVPOZu}W#tp&yAA
zw&b<yMQTmaFS379K42ZXSr)rkJ>E@;DG(M_8Wj<!r4SlbuCAQ1cv$^RdKr#Lj&%_p
zy+DSo6T)=J?B%iD;LYI+%}FH!1b>a`0B7?aJIExqbk3^C+fU*+?@b!%X<`y*;YLA~
z?^&Cv%IR~<<9+1<m1A{mQ-ImRQ)*?Sq-b<*p!dTUBvEkXOh_XT8-oI!Qhj*YCZM4-
z94wYIBR;`onYq?=Cf}VI+T(wYoQAz2ujA%G_`;%3NXDHpiqc!iS402};Mr&j)Bo;c
zA~f(uA=qH}Lg1p`j>TZ75S@ds1x5WSHH~KokGSfLt)D@6;V1{HvEtddWQu5_m{^{5
zKtBP;#0))iW;U#3>ZM7L<VoEdo0kCHOV{o@n=JN`SIZWXvQiGlw!jEO<=H8`2>(q-
z1sNu3?8+2-hz9s74R4GAIC(=)j$p4Cm_ce;sm`h@OECuu7-iPVGyV2;f8}hG)@pmr
zo`3QqORfVR8K#|wbQ}t(CczboItvjp(HoNw?Q#<IyD}SxNgo_ZrS5jL=W|7Q#oYq&
z=yS6C&SFECwK5pPQ5C_Xu*Y`GF9=Aw)n?cf_VTG@wTXzvR<2^eG~9*I)NCTxm>KSk
zEKi4|QpSZOQV@|S8f{<SukSUuOze+lxWzvv+BbEhG8-c#aU`TMdPS?I4C55lblhK7
z7x0u)&~96hQd#m)HL89^9iZT6Cb4V&Vb{)OpgGgyOd-3rm;Tl&Q1WqoGi@&HCcz^N
zsg+Sv+YjmkvOaYcARv<PV3H`D67@ii!Kf#bz&~8MODLe<D2iH~AN{R;Qv7groEeV4
z!o}*Dw-O^!qYo;Hz>i5hnT{pR8bJz9C!x(I?rX2I8eNNp*u>DcV3Zx&g9ptVT}SO1
z+v1H|T*e;?j8_@5d6AF>@@nC*Cu+UaKnHO$8N$3*Uy|Pra8p;LKk|r{Vs;3XkM@Hq
zHj;jG0SzgmS=DM-=!W+%B@HYqd&~Fe>eJ}3VXhMs@SjQa?yc~~lgzD3o!S5ZqdPt<
z5oHsyX&fa#o4ynY;v1gwxN=u6#b0-AZRdq!T$|BkMT0L8lI7BEIN?OJiJE(BD4uF5
zSy--m+BdIVfQ~>W)1&-?4KHd(=3|7*-#6sib9i)kYQ{+BR4bw})9o|{b_5aH1O-(?
zah{UMGn*(!GonN;8643OqQw|6DXom%HeK&j5NkVIwctP#HF#lF|B5JOlu^U6v8z)B
z5pUJ_8;VtFeq7%ByJEFlAPL8l%~PsdLH<>}`FCqq;I-rm9~1VaVE7P(X+;~vm!D_1
z{kms=tUGs`-K^a0;E6P{OIpsOE?0nX_x`fmZ(?_pZ!d~=uJS8~d*7ZYhsI;jIR{<4
z6^YOn^UZ?m7|5zEpE&|z`yOf!JS={nRlao#AAMY(>8YRT9@Fa^lPUo`tY^a8r~%Nb
zJLEI)G?jVTeXaB-Q$cJpkOP6t&Ip+Z-z6ZponiC>mv-$|V2FLW`+&rv4!OA1Jg4kB
z;Yx3}fq{p$oZ)NaUcye-k8tdL%~TEYrs`+|@+O%*$=bNY^(-X6r&o#5nv6s|n_+sW
zE*=T&ICaO(vyj0^5~j)Cl;hpvh0c(iPa~OtSB5^$GAB2;e9zv?K&j03U5)sQ1nl=&
z^1i}ZsVsc4&>fneQVU4CPc5nTme{oBD7TKpie{D8v^hr&6oM-tS^5RJsF<hR^>#w=
z1Yc2o6}RmniP+e^*ZENgPe2&d`}SBe0){F!*0_c-fx4$q@N7XtmSkYUoKv-!lj8!A
z@^w$oG>&p^Lg>?Zs6F+7K&UlM&S$N-odRAIxQ9c(ZDm<_?9o4o3O7){r0;~2X=-!V
z^ACzNRn^Cmyv_UZ+JEg)6Zpwg2yEGYI@gQRYmp-P`mKFjX&YvRVTOeAI1yP#=Lm<N
z;V-$lL=vg(bCQS;>9&ir-7B|3mnR!3pzS`0O<gY5s3>wo`{%1;!d(vEatOBcjE5k>
z?X#-x66OlayPvmk?FMa4&9SrqPkjxy`gC+Vz1bz<2~rA^sH&Cobe%C`C(&r#ygy0j
zTZ0<0?b$0s(i|fIjcAYcF-4eZzA<E|OnY&0uCDotUW+fw{)AIn0Vmg_v?VPOAezOd
z*7u5MI~=|ecXJq~sW8~duogyllXkqb5Rp6Zk$~lz{rYM0suhX_&Yu+tmd)kKh6<$-
z@x;`$XhbPco`H;q+rX|K1_KGK)&i<ZVPiU0QrhHgJQ05Tm7hr3EhcmUH_KTG*>8VZ
zj*wDYvS`Q|b<<mpMLpKN!}bONJbObrbqz>&u)D!RFVo)1x74gMY01WZ3Tx3aB6nI8
z@byq4cN(_0*Ct=AW+=H9@s)X5^<8^$p7psmYTi7-?~a>u&dm|8`WPJ+X_SvTuD-ps
zGuXY_crA_m2}uv)R6QjP^WCYwddtyGnln8p3Q@54GFUiSG}x@pZEsc{IEBs0`SCN9
zUT_MqYUojnNZlNEM5q|?WSst_;O@q%;jiy%%ZM(BGOhU)&G6RR4X$1+lf5YytOP4t
zE%PT|sH2o0nGU@gRGIsiE@iwo+~9C%J$%VjdB_wsCB@rC^4>z;vPA!dGk=9$TaBIx
z(NpoYuDJ@hTBshrSS}j@_^OK~|1w_fB3mNCyTb(`SbjMDCT9?9^s_&%uul49D6c>{
z;tbDljy>*fbpMV>g-lS_@=xF?ysMdj`k7AuLw?BeE?V<7(r-u^TUsr9-B=856!dYJ
z7#eym$x+PB=m|KLwA?pAoKQ=nVZkffDqbiJDJ10W-ypph{5{fWKn`!&6CJ87t+7R6
z*C^CH-K}x{vsS-@Eut<5`ftN?#<q<;lC3|Z+8IY1IJuacR2>V6a;W6XnEGp2Iuc65
z?ZjlWXc-}K$X8jTDj4H>G+`rjoD>`~3plhbtH*E?@QP+2U2HL*IkycYgXO>h>Y=mW
zjG=K}(H8-eeJieIfRSI??Q=<+PDQKxXWIS?T94}_b4<mwIai;w0Z~@X+n%((#sUOE
zWLFi&_L3N+h_1{?XF7DRjhGoS)=$C2Axxq;!xL0WksbMsG;59RO&#N-+!A{bb6jF{
zE>mZaQqUJaD$$WqG#XzX{V<~X>!!y^27)8*Wl*V-*?7S4K+Oyt?J$oGsG_7{4Z3UI
zbyrYH-<)|J#z|z$l-zS#Jw)Xj6VvvJWR~k2SKLSAAWtTfFat6bVIzAM7A22z6xF?v
zIY@kqdOCzDylp+RE>S*m2YCi=zv4RS)YX!fwn<o@NRs~1br`Hz+GcER9Tej#O^45K
zREFx_zmIWtfqhxspp`%bt_fTi&cOOmk9;SqU_Q$;4SZ`=>W`)Ex<Y~h*FwvLvh2Xd
zACHz;v)>_6$M+~{_j^z9l{a~#wFs%g3^lS_(fQy5tRb$@DuL}LhvMZ2(cbpgl%j^1
zr~7fEiuc6`!`H8(U80&&p}<ypYSniTLX#%Z3I$^i#Hc^D@%A2P5JVFMNC?n3@qIC^
zzPCk(rXOii%*6^g=7+^Jsi-2sj!Th+gzcPu%F1;5JL!gi6{-lADVvHp%v>f#I1WDa
zTZdBIH$5J-ZCx9@izti!+dv;jQ4x(jpne}uI@ZR1v&u^TOqbn9VJtk6V9@t7P6{)I
zfiCtKcms-Q%3BEnb)lx<rcG+Yc`Uw4cbv*onIqrMTlHF6vq7~i*{2a_7Td*ohuKGD
z7^4u(-kDTK_0;J#>9mExEDQb`%xHK|O=Z>!XIN79S*V)YtIa~76~3p>VdvdxAcJ3B
z+zgsxXQm^TUuHIl0`?<hbZya5rb$#U9LQn@;Evglqs=TP$7RHtEQcg3s4E@EWhc-$
zvCG*@E}t47<jG{x><)7K$>ZKk_i@3#PSE3TR_29CHPXfyX*&*+gBbGP?`008@0{V^
zwYyfa&x1ex`KvP(aNkg_p|%t^)PtKW177Raw)g2QZ1@I#<mfghh?>;NYGOKu7_4AN
z0B}+%ymT3^i+I{5@9An>^QvO9qS9r*jBJB74LCH*<?c*)rMESxi1Ve~uhb+MI_+t`
zS~?)i#+1aan~s7R^`wF#J+O<VJZ^Yuj&bz1swMquf{ptW%e`juzWwHO`mPOSkLC(?
zplSO0dxrs8PT!$zXGSE?K$(h((K5-E0&v6=NK>0HDQX(XSm4GN%>AG%#X43h-gm(p
zR~)1PKD1hIEL=6el969by8R4SO%$=P_@NqQjIE4qCtypCE%{8eg6LRp-cf?JI!@F9
zD^8>)jE=wx(a(=zH0XW-C$G=rb1|AA%U5me3yh08=E-{;+-vp-vN03GaVOg5bRaT=
ztcPVYdKn#T)9($>5RILIIY$MG?n;7*lCO$Jl9)t97+s@f6k2ji^`?*_B?zlMvEo3R
zYVneH8qje7Qf9iuuP4gU=)gki-f@8bp%Vx{b>!k`yu8ct!zXUV3`$E`3fMqdl(q;{
z>o`=5AVeOLc(@0Ph>*fD@%*dz=WhXh35Hfy6<ku<w<N4jBC^EHK6wk5mQmHjd9+UJ
zxo$bZ*(kz`dFG=y)|q50j3>SrJE0uN!#GA|2nVX#0FC}ROP(poN^8nxOjpD}SlNcI
zbE1{6+~W(cl7AZVNXcaa3NK#07_h319imIUu~EC9x$pZHSo;mRgckP(V0fjos@m^F
zXqp(7bmgN!o=jy~F7uwz6LPrv60gTQZ(G|kiWNOb{r&ao>0VmbCVg5a;#=8?5$|$Y
z1qL0$<PDrgO2kmL2mTGuk5VMq$x{Y}Kylw2i+KbEORXq=6%bpnoHK@mVgvZ8HIFWb
z*(>%mtU#2UH;`Iz+$}m1pyGn`pA>~N55c#(ernj|%)C{u9|XmXN?@16>=U8eAkTlu
z!%5M%jDwH&sC;bFHjOL=Nd=>h@#8rlyF=zSFUt2+hGUN<rm`!NU#Vf4U;;lVu)0x?
zQdkc#h={~81I+UC%!TLT&aL44dQKjHT=1k#SSh7=RVNAyqY|kC*J7r+(8{-}P}VoP
zQtufFHcSV{Pp4NS<^8|<4vGIP81S*IZ9&ZJH&7i<`5OHi(x(rzdq=erR7cpYY%((y
z>{MyhM^M2U_xdy`UuHDHqD9Ec5kabY|JQVVXh2(DpV(90?U{%gt_U8_5V=3A*F%3t
z3d9A=e-yiO;=5`HG|A8X+IK)t;;+mW6@zxB$74-x2b+z~FMgf#iwLzLdr{0`ixG=y
zqg!i~{S#9logtNhsPDcN*$~t@N?=YTf&RR2B}WyrTB*~Bt33ig7IoFv&SWO&8UybT
z8l|-$G{rAhSE8JlG)?!LCjf01!Dxy^`x}PR1(C}hizU7<fNUb)uNGx6XvxpbR5j7u
zK`MDPGGtQM&<1g0$;V22#)Qd0D}Ws)j38V2Ik{|z#2a~me~TxBHA~-BlDlgF=8N2G
zc%?*A#beNDA*&QN14?~qfY7LO&`i;UPCN6qGJF|0&CT7i-@RNel@a1vV7t>eA`0ZH
z%7fvU5zhtzj2fRPYGVxHSc(Hn*eI=Wl-|5e^sV2lC?eB?5&rhLg7Tc{LeNfekB2YQ
z)!By7pq%Jym#g1C(i%1fS~kt3Hsi`WE2R7SgWDDsESVGO>F@^@R&?`lN-A>~Sw;S8
zz~`Ov!Me2#0o0%mpISqZ4eW&JLU=LVxG$2Vo@HTyfUF2y$wjN-dyZU;%fbE7v6RrU
zdB^PWfb_fY?P7&ENw`+qdx)nwJga8XEmx=yf2X;-<J)kRb33vg-DjHK<bT93Z)nu~
zX*a){RAiEDWB=5rWBtT96Jj7-l;&Vyi)P@-NUs4sankw24ySrJdNiV`v!n3C_=sQ3
zdDVp(AhS!FI;NGim+4>6Go*NHEImf8nHdvp{O$Ma2U$4QK*yN@N8IeHe!e=g>-v=@
z$}oL|(C3ivTmyV%TOw&_%BDDVOeT{o#2Rh}H>mw-?J(2+2pNky?AdzDJl;~#=AwyN
ziBKh1+u~P(ls+Q_e!9LU$2d`J7_F-*ieHZq0gJr~qf3D;Ra<k?^(LpN%&MEh&+w@?
zFRn1QdtDJ4k<7X$YYz4v4)XF@jV<3m9P#9#^+aI!TP=O=t!s7k+R7vmnxz{#EmAU#
zT+&7eOY^-$+fI_g5{(RuH=Sr0$d^4qu5H;qi5FmWc5b<PIeUX{typ;uWi1KjRHkVh
zD4>Vvr`}gRf-03khHP&Q2&H~rI3Q&3hrpx`=xFgv6Z1duBhj0>$_T3?Rx{c(@cTG0
z<=#;<Qc@@urFHk{`O_PrXbGAzb$*ZZ=b#1&`L2PF5<5O4Bhil{`QbHh^aicDxGhjn
z)#vlhN{^gT)y7W{ah(IyQLCWJDJS3p7}qzNH%DXSTQ>r<vj?Z6NhXf578f1C3RU_x
zWn6wN8qwXUeBLzSs?3=O(wFxS>k{szEI*Jxh8Ha!a3|yV)+3G3$GY}ABt-#{pR)T^
zx`eh;jxXCPW*blpvGe`iDvU`d2sM0j*>LvsU>K|%+jfN8_kN0D3un{6(jlk=0Wxzh
zLMKqf)Rf&Rq^brclLrWsO_Y>83_x%)gJMB_e(&|R#7vGwP-X6Q=aQRVz@Ig%K3J=<
z7pQg~m!Cg{bk-p4*Ht&8V(HWqp4qY&CkCwMP$Cz&WyAy|`l6?#<TdyZ{7Yf^VrArM
zbzNQ!|9r4+Ik+XM<B2Aq3r=AKrZD*@mDv;Hb4Z1kZ16{>UCr8!k5Nh2sj%B!7=Kt;
z+m;K4oLcKz%P5n7+%%;Uqxf<;Nrhf5*@-*`Q}u1ru2kHeeM^Vxk40}i+xd3=`)0Wo
zu3Flc5JN1bVom%^B5m(_Nklp{6RUW#&X0Ip3RMuY&Kzi{)nW4Ao7rlM00XW^_0WJM
zuo_R$0&(bxX#J0aGR&n^#2ima@(3htg+_72u~36wJsmwAuiNLF+J2Cfd8k$paAl5#
z2I4eYe>q7AmD+8+>K72JOM?7urj`s}p&xD?uOawZ%xX@cJYgN6BBd6ri=am*zvf&)
zorI_h;yv$ZP8ucbCBu(&0(2LJu2Ap!MPT%CmFSA`|DY9m93o4Veqrn%8@rf3#7`fy
zYJ9w0Y`~O~ow8@#+@q|7KM)YGn~JFntaSEAI2|@7qwH;?9a(vVnBQ@py;Ciq84OC-
zDsxDq{zC3zxQck~e?~88E^&5hp@+!+9{<L$=oFD+Q$v-$r{%8B2S|@BSo$)OBnvQ6
z$HTA&9w4#*(lRPAA#MVT{<5YI=d#~!t9M{kpP)nBwpSy=gAx6v%PY#$_<%m4|LeKu
zJ{MnA;HtA?t)!dy?c6V!lK1Zc(DI$;uTjrzl{Gl&+?42h5Z3}e_lqe-jF>0EqaqJ<
z@<=(dFGGNdWZb%}HlUL)&G|5gbQQUXRrVHZw%-5tlfuagJV!w{v-0!T3mi^-&?IX|
z`7hc%FQNtoYIt!GS!ymb+~~*t=d8)vTiMp$@z|flXNxooCiIlg%4>5e7NpA~Rp!Bc
zpKFJ*;L(cP&tBHo*F8h}NWa8sN34S|bZgsw^pUy+inqaWNdb!H4o9Z?*;`EUzG=^u
z8GK>;&V&pyN-XlYxBd4G=1@Z)EL^<hrQV8P$(l~tuUtlQ3t8gn+hiMaSs?hM%Ih+@
zXN;F<Zsg93Uw_-a4*no4={Y%ns5EJ-3u1D?r?nI=c6P(c7dKNm7P!BFQ?+`#QT<Av
zfLIBsRHJvrFAPLfYqj6kKB%ysx`6g>$Naz({jX3?wikYTczkf|G8Y>|)7jb^%B_u&
zkRxP4Ss{4CPtCDmhWbuetmjxf?)kroTs^k$-9=KDhii$+&ETa-!GvDyeH1!yKXsqr
zf)#|w?F)4!2L`kjt;1i$1oMAX35Ov6M5s%Obx!F1(ZkvQJ^6ch&t1X`^=nv0f0$BV
z{>$HgSmb^zhL$QhK|t6eL%oxpLxQj%upl7bS<tyUzNEW{fjE)h57hqd?oc^@gn)2P
zZwdqPk^R$z)!pb54FLi1_Fj<Q%m4jdeN0CT2NC>7YC;0ncZD1R;-A9(e?{Jp+IZ8Y
z!a)*H|KLQ2g9t&}`pG5+AJcz@gW#$Dw*hMZ9zpQ$3WVijx@iQ6?mr;^?)aZlIgjaq
zks!MN0*QDBS$IsZhyc;R{Wr1u#XB-2O8Qj<2s52H0z^sr&#C=eAL+j<5LW*sIr9vO
zj{H9_)m7xXqN4xmUW)`_{Ri?tjVu2&;-*tYfzbX>BM9X=oj(#p^Z&v9PxB?yk)z&+
z!bgHoDF3&`YO1M75f_jU5D3u!nWlf4_a(jHUHU&5olzh{!Gc#v2q!aVJ8LTsPZoDe
z>;InJ|JL*`zWe`Y27kS!qk};NI{#dZf3plC{0j{NA`%V+;o<4yXyw7;?d16XYF9>Q
zdP{h>^9cq50{efAV@nSPgQz6_QU346hxk8)pzuHt7B0@7R?eRPr5y(LpZ<SVr|Y}M
Ks4&ob?SBEM(M;6<

delta 49098
zcmagFV~}P+x29d_vTfV!vTfV8?Wb&8UAFC~%eHNGxy!Dae$RK##5aFteq`*mBUi>9
zk^7FF8JX)!NQXU3gGEr11^<B#0s;*JlKsm&2|)(s-$QvOPI+RE69nWx4LjpJ3=A)Y
zT^BVe4FwDwq_LtJ6tpx&4Xhk|cx)==9gG%pb8&KUacO>KV}5OCYkg&Nb7OMjbUlR^
z+!XNo^!4=x0s`{={k;T1?gs+G9wRL#tmd_G<&Thfq~ULQ?b0b5k4(!Q348)+?KZ#@
z5&vww*C^6QV{9<-p@Q0vI!hY8^0L^n_sI0MwbqMmc4Jaw^Ngr3dU}WtN1Srvy%PU*
z9ne`#u3L|qbQi54-r;${L9WmTI!Ni+zYmD)=P)X;!}MGRB1zY-Be`z$?UzWLBb}YK
z>U^)f_kQ1euM4t#ST=qPG2(QaT_!imj{IMP@1Ak&7DF$Nws&;ECtbI{HP^@W1O~A8
z1B=NZ(u2@e@cDVT`4OS3Q=$92UJw_6$msug-`_v`IlDGW`0?<!1^8Gb$%xRs``)ze
zZOn}Sh4V_1d`nfYyZ!R|-N^I3mitv(df=M>nbpfUYl!>%?2D{jb8hzvAoo2L(R!+}
z&)N3qh$slr%l`40|M~tIGLXMY^jbVpid3fY{Bd^y_{zLB_bR(vni?VN<?#bt5cPf{
z(fz^Mrseyak?;2-z@qYFeE;vu1DfFL`ye1@8!aMT;J&^0?{CkofTJf(gnZ4N7pTFA
z?=9?r^O#Mn{QP95&*Cw!-%gv3gkG1Hh_St|1kbyv?<1au&vnnhPo!|ijra4c{O-=q
zZ!FjMCEb8$i{se<R^Q#fFE2TOh#SA>Lg2T;^yOr*{~+hr?cblWH@=5qK*yJ<y)xH3
zx_}GK2mnpO=NaATB|p;5ukZT%`nL%F-oL$uf*&cOy^rZRj0gbOtxt8Qy_ASF{+kYG
zy9-DkrqSOlALojnUw<9hOf$lfcE1vO@G2`s+x^^T4<ZaaCr2N31ztY@)taiNhWNkF
z5|EgBFh7sK+8LG%UfbGJcRY6G|HKTgrWy!-JPP_PUhFpfeRmXm2ycfcTCcwTp1tuM
z%<p{?l-mlpuP1m5JN!49w^-kw-#DTPSKo`Bcmi&_(=ibSpWCZQ-ww07-@IhtSyV^u
z1l`8W>7U#C_ne5|`&8usrUImLq{34N@5#Xs0Pqe7z<1<(e3hN$d!JHG*a~odNsAfW
z*EI0DvmM-D+<pI2RW$UwwPgzUTF}e`zD%7)?0N@t2)vi>v(54YZr>I4d`>QA`6LD3
zhW_&I`n-je8+;7FDF%E;mG??`U!I+YKe%E=7{0uD=K1g6?xz4mePrHPCY%kuK5k_d
z{h|opp3okO72$ioUk-QQ7Bs^Z1zwNVhRb^&Uk(Lxv(8@~KRQkdZunYx_YFo}4%nFH
zj=f*^6a2n)XOVgz$A&GL5SC}JziSl{dwHD?epfp3@v6bjItQc>D)k#)b-Fpe9ZV+1
zddgj92)snhe&+yIk#?z%0c`GOb~=QF<2RrWI;FR<59^n@4g}vLF|z`^eqa4(OG!*J
zyWLl{z3(pMho-)Q9j6QTz6l>Y@@!ZJuHQ+Gy<_l1uj_~PKKu0%j<Y?tPoCyavX1X3
znp1D3ilvM)3&Y@syBgnn=29c3Gln1IIT1`<Ol|_JeuaR?Ez|4fd_sZV$7MmEFJ;=M
zS^uv|0y#)OCI0Xk__5O|wtU;)axBYdjvtGbxB8*ovLi^OhhbQM4v(MY<VGMajrsbR
znoo&oaBc|ja-5t!6~7<yK!4Fh#k_Okl(16Tqx`Nn^%VNk>3#q?`VHV?BBwBQ@&Y(s
zLS7hd!v_EyZ0JQb96O9}so*~rZDYdl94ml#Wl;d`-<CH?{PpyoF&}y8#t$7Oif7J%
zmf0aQJuW{h-^<f-!`J@&_s-SJZONUt6T@`Fv!{Tr#jfKg&Ol9q_3voTEiR6LKk37o
z>JDqNdKoXjzsabA_gtmNxjc{No~j*ZdJaxRed7U_+(&ggPWKyeYwC_(kMKae`u9gs
z&T_{sPqPCAxcadhe*z#D_~rYh?^=pK$?H5H+HTzFtRXhv+n?f7B7V=Wk51Rq*?IZj
zd_LD(VXhDE%w7)z-ftq$v%iS^eEy!@=a(@&T!C$JKNouoyjgZ1+~l+3%nCfZ=;g`t
z?Pmi@99?!w>C)ihuev@#31hR1MCYUH7oJ4*b>XDP{~ig`btf;YriJOU2`Mi$k%A{0
z^fRU*t06aXX7r|5nKwr%hDr5YMRX!w-f<=;Cpl!eL|2))b8!@xtAPY2=YY*M8M@#Q
z7<6y!kEru}1>O%Swv_10@Ko4s4R<ViG#moloI2MF@!XoX%jUuf3*a`-_tqB5su$s&
z@%_?<`<dK3A_f&be^moUq!AJPGZ2yU6Ve!onC$-Y=Aq?v$TDA#G7jAH&*Fvp3Up4m
ztB`PS^q3SDv%Da$&$C?0IE$Fvwj*!|5KkhQ6)Q;VFvpacn^=*SWcqlwH3iztE#U#I
z=w{~B;@MCL?F}27CSy42UAR2hcUZWn`1K%WDG1b%75)8S8D%C$&en0n!?m-7a8B-_
z`upKoF$&`O-E5DwVhcm?By{}-Krkr@d9ih0g?%#Xz}s36$9D!&uKsZKnQT&kmuEgW
z)Y#}Ua2eVcoXxBspNq6cBXdkwRbBwX26}7;isFfzEE(F^&*Qo<7%Z0BrVNYI+BJ&<
zApP_3`4u6j`^Tre1f9Vqb!aJpcvyV9<?Sk4^5KU30|EL89IEMs2!4a^hv2~+b7}F$
zZSYdPH;`cAg8D1G*jxe3P9`p6L@)%au4mdqZ7){TsmT|3?g>g74tBT7sCocg-JX=o
z<^G2vdq|t8u-D9jkdXui&^d}==T3=%XK7}u0iY2|H{;F4lRn~m@%}ODEe83k+;X;0
z0mK-pPG(_<C2nd=2kQmHf;}`WoF&y{SJC3tL2S7Ck4ZX8OIrXHNilDK3oR;4fac}s
zO}L^IK7K=YR7e(ahpJt1Spa~I1ZVpUab|xZ8bY0dVq9AaJ!*`~V$^c9w0ov%eW|2o
z5_tkvfH@_bw_(BFQ~)F9HB-<^HbP+I130O>(bFmWJbYU~@<P6CmX8b;NqE`n%^47Q
z?bdZceY-t(<qnKXviDS8uF!_8%<fRG=b&?MJ}dO`zR`)9(EKTC*9|bCV<L&reYAzU
zr$cP5a|uqub}Sg8-=T5~^&vdet=nL^#z37ny(Ew-V>|&TkZcABW}>{HBgdg~90gYf
ziro~MGGlwn#7^e-%b+&DXag4)c=`Ra^c#1~@a3a!l~(u2R!0#A!n?;`>U%7jtP6}i
zGnc47x|mJ$&Rr3aIsrUKYe@ySpGHqc1L5un6p$!vvc$>*+J)iCCbW7RPBKKDmWwlV
zAZE=nxS;aMw_4hSM7&iApvMe{&}6by#5vW|3Rle|eF((hM!4uSiy>|bXo4>6n|GTc
z2dd1Y`1_;|8#9PUO*17W|IA!n@cYNc&FYDI;v`+Ni;^@R4WPN)VoA-zQ9O_JCOe4+
z{G21y`)tRwAh9x*AQdjUC9`StlsyxQYIv=FaapJR>hWh=`)`Z6_ST;}Jsc)+DVUq(
zqcpNL>K7g@I*)twm&)qjl$BdX%}^wuJ$wl1+)Wht5hfqJHI0WThzPz4<-4WR`aIvn
z-l3j{bB_@%@PK48J=DLH$Mz#j2VZR6xcTe)EX0wLoE1Iia4^$9z^=RXWZ1-xP!d4Z
zG-DlpUny&Cl^X>T;ySGjzl@?8&Y!MTE9ShxGd1Ic`-cj=RMv$I>rSjx^(<%iZL-?b
z)^4iQt_-<N*gh|~Q4SSo&99`VtG99pLjVt#8ur;6mjQJ=>0u0hH`|j6%|DCX>Hqyg
z+ZNaKc9$CMTNz@n9x1O5+(Z;`Sd`=hPZU|)I|VTB@d@dtDKv6m?d6E(=-e8LCZb)c
z84E*PQz!d}7@mKnozQnAPn#_dzk~4Tt1W6L`tR-Mf;mhKs`(rPjaY!U1x4ni-M&tg
z<zp$ZiGV&iWtmyclaj{W4vc9JupvC$Gq6}$sTP8bYe<ukVgw8d8b?2=Hkl^#(#>iY
z<=I_z#%kKk)YT*N`kLUl=5-T@^pi*HyZy8Uw}fa{^+mu<OW{O&(L~Ei9WjK5PL=Xl
z?XU38o`4p3^q=~m%&U6(s%p%?44G?e>5<f_(*X!9uG^8|yXR&mw-NeX4OzKP62$uU
zi_h<$0(gf(xhBQkL?o)a7zNA6CmNt8os{A^*bnwNwUocS&(;ig&)J}52a*mWbkeyL
zf3)ebEV_(S30;??k?9rh7K3LAROOhU!=+>Pp>t}`D@5*ANBl)c(s3V%JQbT;?<>m)
zwFk%y6tv=m08!Qh0u7*o?BItCfA~Y`A-?TL7E9_*{#!2jAN$^xz~d^RFcHv12&|zd
z7fVElhCkd0#}Bh%-D{)vQ3Jb36-5bxpX!f^t%_(T&NRxjX=a4EDzRK*CO)d{gpJxd
zTX~kAw-Q_RoyUU`P4AVZXi-|?g{GH=o&m|pEHQY^zeZ|wby$o!pvd2XX~y*F7eMov
zf}#dh>KdLJN)l)adO9R$FwFe$GwVHxwlpiGjz2$fL6EIpoyiNMkgoKLOj2|;y3nhh
zHsFCCzc{u}$J#b6HWeZWuJ1IS%=o)%M0FqRcr|EfVmu#z%C^_;{xMo=(G{sAR|kZA
zdGs}Phud>bQxepll*Q@Hl-Y08KE@x?uZ2jUFu6_p^oCtJcUsr;wr<9|D{@!3)EIN>
zUJB={k>(dwlOZ#F1{*~XmE&RV9&WE{t)^RfoJS249a~KF)va2pz_Q(9SxImO^4nFg
zRSu`=j&xswqf4SDh#GOAhh`2DVgYi3u4&7lTp)HR{OeF8x0=!Pqs9jn>A$+%210)=
zpLNB|bC8CDYbcI6i}+M%UcLwnkaUpM{$vE9j+HEYlI&)flh~9Pk`y1Q5O8=y*@zno
z!Q=LP!EutS#u$A?8pf`0XRmy@$Y{fF(9YJl9+QPqIqMz)EgJ|zd_spjYzBBsa}(Q&
zO>d_MH~7-2-E?cdc@;{L)CDi@3E8|e5@(r$$o*M|`S~lIU%gxi2c29xN1Dd;&YUZK
zx>95@@`N=*FUVQHW}w97P!tC)C~ZMP5%dh4h98`SW_y~x6L&m5<QBc-CtHj<&J+Q+
z2d0$w;g0C9o;-O)kz9zrHAsL=8_0yw0oT}3kVIpjFvt;D+R=K%!UMiq-S7{>4EMI-
zp&i`K8eIv0ehc=hdn$V!FhGjdhcfbM+*FPlYI^7J3c*yEhO|TV67+?n7LrAq*%ZnK
z>no&l=L7}f{*D{cZL^m{h3G9pLZoVFb*7KLF&&Cm82=0vCLmR@QxFisBIcyZok^jU
znZK1peNWcky~uO$+MhJ0wP5*|lbIhvBSE-;5pow5kqr=`EG{+N|45?OQJ|aCS{9|r
zR<=DvDX~UR4}WQHx!(5cOE|jvyr8xMR~Xh|W6k<$uFO;u@4ls4-*LHfkCJ5rtZ@Wm
zeJ&Pbfg5!tQ%p-)4iCVk<e(W7g;LiwA8e(fa%3p;vmLa{`NB&AN0A|LK;w5Jqzi|q
zMz&$tNf1m|h%c*l*Y>31q2D`UDwwGeYYuIEh=S8G2?keY2qcLt+@l6EZo8_u$H1H#
zg%H0~tP|e(NR`C?4;i|!xT^zlu4aTJSaSmV!sm;{Z{^-@s0TnaWcHh~-_oz_R!sMc
zG4Ql0i{bDz=~{Smd8QRGLUGN}rnC<3XIi+f4<`tN1cZ!kOq)xnBf-*9`OW~RzN;AN
zZSyic7ItLkFmq4j0df`>k#rK1q2^(PhEzOl7}Id2Diu~KIgxVMQ(43iG_oyMH!zbF
z$*pW0JUqmB_)$Q=->gp9<1!WqC$h0z)2Lunu`ybf`}(Qq?<nh_o&@YjVb!~=s<clj
zxI`7k@*GL`V!J=kprPy`=lRgnnTPkkl0c&`TYkrPWc}cgToUMVqAzKs6C=PZ$mNv?
zOHqRsVa>+S5+(b!6c$yk!8}yD)s#Mcsurydr)F?URmKkR<8r^~D!DAq*hA<zo5CU`
z4a5p)a1lf}K?RKvz`DjhtYfQ_^JWwrYv4W!=Y-sS(~F*49{x}z+r$UrNupigWiKag
z#>HEzKc-e*xQpG47ODI6)n-0*SGOLAVONik*Rdo|wKNj)XjKj13_fEXC=i?gVcuf1
zr~m$Fv0ew@R<;0ZhoDyvpSyR<jb@E&7>100f$MOjLk)EKX00+ZFDDaF4vu}H>{_4&
z5utenIgEQx-<wh)qND-%QTWP@H?zpLJB8KRuo<l(i9?KXfa`8U5Q$`d_RBb0B**bH
zpG{MI?KJTlMRe+s%95AS9?`NUU`&~ydKL>X@Z<o{l*GR3NIdGwCr%JGQHlqXoB5+l
z?9lZ_ptTe_MY)QWmKqz7UA&nXVQcfroF;ubFgmr60af`Cc!(}Vhz;)Pp{`G`S*{`l
ztukRxSFR8UWc^X;2a5`e>Z(m#%HyyX9woMSyix_dv#_c{TbWY^n%G)zapfwr(h}W-
zWDYpyON@d|bta|}N^<@}#1N`@HDc)oK`z+i9G2@K;I9r`dV$RpZvOJ9syVJgEy?7l
zSMW-OhfP|1)n0>Y2Td$2&+hH&>kik-m9`rM?%fiV&MxtAHmsphp8ioHmdo=3zXkUh
zz+h?_sv2pu>b>#)Bn~aPft5wMT3IWwtN_R@rW{PrH)9wZoBkDrIlFR$j(^f~fF=!*
zM2qSD8e7GVCgm*Ce<NRdkDQYZ1H)oFXaMhTg;}5W3=KFv+_OtUM;F4m`8yMz+q$2o
z2Q{#5cPtfmu%$QOl)ie=piGqx1gXxkKx?he(O(o!Ge06`b-=!uhRyVxQV?Blum?bT
zC<EK=G>~1U()Tk(L?D~7VB%H=&iVoNh8=cXq_-iKMjt~#5`A5a6eDWr`zBm{DZeUr
z2W9@P=~G|>d>ktAzZpwg4y_F3i)ab{^!bs5>{1j1Ct&k7bh7(w8hcyrh>yR4AZ6y-
z5O`+D)8Y>3)5sIAf437rQSsN|$N*Ql0jTCFcOz{k?5wRWbwI?J3O>$at2aJj4E>0*
zqI0W-m%!4&yBdoDhEQVC>XZwft*SA|1-x@f1|$1o=@MJXWm5K5u2V)WK_}r1S8r-;
z&GM9Uywk?Hoj+EXz2xuSe9q6qT+dz=BFKGv5xtyj5Lu*|Bm*IQKEm*L`+(M?vVATr
zIA3N#&ik^+#-GUL?xtESERMOO_^+WntyiWFE;cS==wV!O=)7gFoZa#(bDKvxhWPl0
zl%v}w2FMfJ=0cvxZvvlOx)Hc0R`)pMk{x*H`*jwA8XLheQc&h-sd0o-Wd1m^;vk#r
z<}?s2qB>nOMJ5wE)?dFotpHZucqOqe!0Mf4p&`4L>gK%oiIgq~+w59ShzzI=323|Z
z*=tBHFSAI*<+%B2YHDc|hXgV`Uz^ev3c3iYiXjaZ@q`IJ>#rI!4RvzRO6W$PSrP~Z
z5x*Dg(1;tpJnghLo!0}ek-o6$EB~WUoY?ePl|;Y5=$l+t3cOn`R)Dc{C%xEI0-`<+
zhlc#r!S-1SRiU}OXO|B_fq2T-x#UHMN;~F-L1E;BPPxTCq;fRIVAVZ!k&k_``GrP#
zgo2LGJ-b-AdlSn%HJ$-5Jl#EJXR*v-=_+MwSjW6>{qg5XR_nQ2%B!ut$DB=rMVDz-
zQF&_{eQwjmQ=2nQCjb>MR(;kJn=EErADb5Y{+^ipAQBsLCdNOZ)4+>4IU%gh3pS<z
z^5AjZ>h_hrKbMz~v#3kW5S@qCmINQU;bcyDP>iaXoQ<nremtsG5J_1|<^!_7;;fP7
zVh(0}I7g4<x!b+}O+Df--SsldZ9V+KdgBieCfG?FX<ycX2tc7BT0}s$RG68djZ2IV
zmYo~MLNZTjS1IjXk)M+cr8g`nhB%ZG@EzDJ#JvWp6h3`;Z*)Q|9#NnLd6b=Mgs3Bx
zsf@f)1eP@e>Lc`nq_{6sXbbA3yK)FJ@2b)i(aEA@`VK5uJ8od3MM7pTFt2Q?b_$;t
zw5cBAmxut<A;6a?Ilxp-qY1rY@~P~Q{dLeo;Yw?L!7hsPt%Wnk&v((<VF9ag%`N}g
zZbN><)-?sVrqE%hfkgSM5;FZTlfxs@vi0mWtG(oGBWE*t-a&WG#&nZW+A`N*+qrw_
zjbPM;n#p5TVt3uGuBpY~?e8*=1pC6V&w&$^^L}`@9Y9Fw=dLNHIf@{1c-EcotamyM
z(0}zX@ZBah_)`hYi+rFpwz2bZ5^k<RR#DjG_AhyZ%ACR~TEu2DlsS%SX^TykDvf0`
zd}8xnyIiwPLD_oE*tYeO*rU@IsW7%g;KZ#ucjym07HDs-gO>)D;J^F0+8w&A**%D%
z7ot7chJe?GU~=m(;wih-R1sXewBumDIs%2t<~!{QGs|P>LPQCRUQj~4U+bQ73YlWB
zqPG$vCI>lU#6-RgN}c~sRmOh8s>*l9Vd%}R%Ft=6bQVXm>n$sh*cM2mVLBTpqoS^|
z<MAfipv!jq$zL#38A9yeW$L@VMkqRfmrw!mP66Cqrs<fpn16)q?PD+V)kF3L7H$^v
ztGAA-0tH!DjF><~i=B^$!T4Ynqrpo<{?6%n9u<>sDdSRShITmj!ZeRlBn-Mkd-zQa
z{iU&3zU9vu-EG4`FMr>Xo1_Se{5epofLvmKZw1%AO38q~Uht~bEH>3Jx>v_M>%vI7
zUjT^qA~j1UhRujXHbgQ+8u%QmYI5d_kYk5I2J=Y>)-|OR+|)Q5Qvt29SzFrQiiN3d
z37?zbb)5?>bFc{{U~WdXR(08=&pw8jrN*-JzY>!Xr9+yzz$i5m_OIj6&l=?I!43wR
zW*biljcVbqbq=Zc*_4(V`?64(t2UX4t^p=NC+2$Fkg!~y1K>sY`PWI1t6-I|9D?`A
zc7P|g^Dq4q0lJJGuPtRj`x_n5+KRJaHNNUNI@PQ+q#IoscZJM_2T*TRGqZvj@j@rw
zJ0YIivKN%d#}c!LXb*A6cDGG-hDG-Ciw--2pGnsCKWn%bm=!rrXbzfeC6zm+9|0@z
z-$u^fcqE&&0%nKdt;RVkTV30AKeH{ii+RRR=BMkT=(jeCda5}q@=VC!vZyYo6j!by
z#H37+4PWM5(DS=3T(@LB6*s6>3rhh^oxdiIogwlf^~^sc*TG!T<e5*v+nz+@meDFR
z(S@6k`5dYqVQ^S@b{|ObknryElmO{#EyzaO0$5S>4ouLut~ebC;hJ~3Yq-|#6;^EP
z7@iDUWmLlMERVb<4S72a&VM?Z?NkPTqH?7=r2(c2MR$iZ(Fl}D!AO$AqM;p6L2jTo
z;k?3G0%onUq6VWJ`9+sC#g&(&m6RxHqfP9<i;1h7U`x3P%$lE7(-}(lashSVgOj8#
zeR3Fo*b~Ez0^SknkkGlS3)qP@iMNHsB+BSef1E(EXoL{QYMCL0;xhdT{k6p*1&ctp
zAek^b8E7zNuMIO(2X-~HG9ODT`tv8F>_ry1(P2kphR74?4~W<Ohk)E&C?pvuo66xL
z4;@CLB^L-Bh0<rvY+-7JhdsbNm!16`bDpX&Gm>~K!mY=7>Ys*@XS*)%=&)NiP#K58
zE0+twkhKSP?EE6d?rry6!tJp9x!e@`$7;)V8f<&+p|;A*{#wfI^9HVOi~99p^s)t8
zWM}355GYx9{I+FRrxw<S4fo)7#;djcZZ}2z!OLNnjVSvLJEH?)NCCi*WFB(EC$Zob
z5+BW$M@*I%to8~Tiubj;5hEV&C-DJZ1Y%PX?`X^@C5yST6STd>9#12xZ{eKvG$QSs
zRsIUCCwKg{QL_*LJA)R)0-@zkz4_YjGj?h9@*0KJk?_;pfwp;@_ZX*IX2W^TYNs9J
z&Jg?Vuv|*lM>XEaCv5;{jy&uSjf{P_G*~%P+6aMgx2+MkvOhKmgC0&fc}dWl2AP37
zv>Yu%!afT)*8{mLcY8vxN@*D2AWbxU6fECzm}9Nrm59GUH!!ra3M3Ihyj7NIuxD_w
zpU~YA`z>h7@yC?Dk}D>tPgN(5vMQr$YNTkTXh7^RWQe*g5sLuhVf6R$xgA6*1>DX)
zj)Y~S1+=C6GMRViQeJDaxy-9$jJnCqEn(^uX%IYf?yQw(uiiB!mQ=<;$!2Av?XW3(
z@Y(ZezSmvypc3bV;^Dt=5Kc)ZXpVy$)mG6}vr97g!2iInavh~@dPAJ_3wP$G@PxTT
zsO{9+;OfzSoIC(-p=i-)#~$zQ&_QrY&eC`f8`>ReWn-eI?Xh~4{BPe0p^AjjkxrCh
z^}56Za5v;|ik0g<^iVn`rz!Zl(wWB(Z>fn@>>(-1U>Tu)#uZrvd1|ZZ>=vVrT=+T|
zRxso#X}{p^8z$#+;&Z6FzYI4EPcZt$X}_$AZ+P%MlFk8EBbntE6_b+cu&}Gc0F;Eu
zp<yR@dxj{^_!DWw#5f6dwD@;Esiw)v^MX!gg$}808YIavZ|ugM7H)Q>usk*SOO~)o
z%`J!`#|LsK7|oMX5@Bgj`}1L7v?J16S>Bk7*W$6_ZiU4(_Q;Ero+G?1LWev<yCYBR
zg~9mJ6vO~gFjsH*v!aUV`2{#niy#<|L{deS)Eo_mYWW_9pPCiY%e>7J?>3NY*VLth
zovg#f1olucHYOpSC|Q=5s&g`V;Vuhxn41^qF{I;K&CazJ9UNiZhbQwE(+-;O(Mos-
zOAU72!E%42mLQv~Vp7ts(jdc1;^q&@b?IT1aTEZhH{t$wCEL&*um7&TtPGRXG)yJ!
z;%z)j(y%UvGS7pthELW=;nda~Hh(KoYX_1fU>-#4<UmlkJj=v5KzwwX+IbiHQ{k%W
zU8BtCti{xD3#S%RT>=?lnzf-v*P_6a7}Y8}&K}^m=vHaGJTTYX*`p6=@$n(lUWooE
zCG7xg!bQ1RE#7_@(hN%b^+gbKLVKWDC56sU1bNcR2=|xRw#>N`Z>>y8cHb2=RHCQW
zx@kbFJ;-CBLlDD^@nGQN@PWfFWV-A+EA4RRIgdm4UpsLdS~$mmRhv{c?YBn!UZ=id
z#B64FqSRgOKbXW=Z(F=7C8ef!pl)C`AeRE9p)1Wu8J*2_Br`lUA5y3JKl_pKXN^w{
zhdY0kUQmA&h`_E^l+4K(LJeFQ!`f?SMrU$vbZlNfb1@c;*;tp(UAOUHB8Lm!(rifF
z+SJ4kq&2H|<Dnb>8JQ$=8_2ub6Wun_fNgc6%AV_bFhQM+gTsa@;?2H>@Hq~^GA;oS
z;OM}t3T!h!XqnyIX!Q_Ns&~8vbFp5!93uCF(w|7uShD47=ljkKJwpv+Nx9%%cY-;L
z=~laJ*7Ri^^R(4!EIQz9hM8vC;L2}Sn!>H(iCZr2xD{0_(N&SgE@*=<yZu-zz6=6s
zis-LfOTaMc<HJ|AYmFXfAgg`AnMwgnZ@^ZTzzQ*%1;TG&K$Ml5j-Ed46v<LU$h^}`
zDvAiYeBA9tGDFkCuH6p~5j73kqQR-V!N7<x3~;56Au^cY;@k{Y<t{z9=lzuFqaC+z
zhlgtl4iwN=0eNMv7;o@4kq4Dw6hwFs^_Kr;YKQZ^5S{w4xnv#=$K0?%Ps9RLw>s4l
zhruGP>6Yu-8dIa*^yEqG<*br?c|j*piNviDFC!SsnG3F+V?NV0O{K_e!nt!CTuU)U
zwfV7vNh^zW@j`>e7U9AvSIi2jSr;TPB`h@Ioa%QVVj?}L9<=z<-)W5fwEVHZChqh|
zj}4)qrCm%X5sEgMT;{iF5mEynsBT5}@C<oTix5lS982fLHrH15=@}BAh3s`JgXF+w
zuTe(s2t-FCF*Cv-R(p<LK_S4Mo*+T9;y>%)1N9waCvI}@!gRLYV5}npOKhFf62h!3
z=nAU|IZ^I*JB{)N`ils-$Z_I6>0u;ML?)`U@8@>9X+k^r1CAJRVnqN~x*#F4QNz3G
z#SV7h;9%0U#|v4(H44-MxqP{_Pc4I$J>>SeAQCuo(tF6k`5mIcj`C;GMN&?sp+~pY
zoyF)2E*fctOhldf>R2t{AZj~zBu3M9Wlgwi8Q@iVFCFJ~Wftr|0g?i|coNz}1Lf=T
z_rY4u@UoR9GIm7T>QVqpT6oI|aW8Zm$|@yHNjUXwu5LR_jR)4rw`EItzDE|jr`S@6
zW+M>-QXp`n05^Jv<|1-icoAxmCz~aXLMx08Y1Vq$-pBIs?&G{ho4*-B-U_G8fT?eN
za+^<s{znF5n@LVoF*>uRiuaKaw2X3!6DL`W&>bI2bYPf#I}rd=c7H{8Mm5%z@8s&?
zN&vBt0kOK4xio#0>-LXeIPba}OY}5_u$wWT)(sC>lETHWa0iw;HeSL>ni%V{d5m98
zoj?^V@BCu?=JXws{@6i^jbjX`mkO9-4ev_g{cU_^cAV-w<R1sHoJiNW<!Gxa6=ON2
zCgLh{YezT*JFtL2H7Qwj>Fd(FGu^aQ4n#K9tW?;&{<B4Er@b|*z*JBu%BB?59{XV$
zdo|D%SS_HgUeIJMIB%^3iq&avkk_s@KM5xC$VQjaG{te8z5DUbI~@&qTscnzd!a@2
zULYy>5-+q7Z0U&Vp(lPSI>wPD$*<odZ3?^G@gu_A5F>!nEe#6OVzp0T??U1fwiZ9l
z3hi#u*s{@IcljkH=<J%gS>pwMWhdd#n+Bu2bTuh_JLlh5F%6XAOyc&n9HRL^(&6lU
zE}1T{7M?<tD_E`x9qc=E-(v>I*m}n^1K>(#zFyQZBy~CiE|d3>WNQNSNqWuvFDfo*
zy~BYSI1m5}CL-2T%8wB`CMCnOBmvB?St0pjsZ}&<UcD%Db1W}o2#?fPXH>ez>cwB_
z5^eiESM=>G6CP;oD^eKL(>_7E|GtQ+(PX2OY@UN$v3>DpzROi49#qnz0HpL^M7o(V
zfM8@;d5ZEENN3MlB>%Qlu5}v%2QxYPA*~H=$q~Q~5=+HFb0WBf-n>jj&3AhLnOIuT
z<3`e$CPjeHIfGU)K2}K}YH7aVuk4gRW{|D`8jPpv+|fbb1-pzV5?r*mlDyr=mWG_N
zRN+g2JSZ}0E)+J_WLFv1$$bHQnt4-p#EL(X>I<EsU{AqOke~Nh5YFD#hztBaWMW24
zYZm}zRv@apJX9GLDNY2xZBa@Azf?#n6=y_(Ww>kTDu&ibt=#F|uL=wF$-t<e%D}1!
zA=jA8fXp~z0X;LpD?%BDR&%L%TY11G^@p(b<%fI23-pGV^;WqSvNL<uJ*%`ZSMBOk
z9ZF+}Xzeo94&tUIb|3CY8%kbKuxU_x@hspD<%9~UjVsTl9Rwn+gmjjK-OwC4gBnWN
zz28!5T*qJ&@_CuwP8++>U|w&Dx~nx>Ex_<ZZ==5~<2bF0?1WOYma2;kqZ=ZfReGDf
zcEO*pMDG}rCq6lh8Dfz&D1{jT2BI_ZK$ma14u8PgUdbo$K=)Asdh{ky{iP2BB^(eM
z+S}f~NWvS*!ii(<Aco^=yv~VAjw#ZbtM>701(zyKN8dU>{9oaLVRl(N2w8J9a%EOm
zDOnFsklbSSTO>rSfq#_AN>$y(Q%ffqyz~+TJWdaxsx`MDo<_-+#0OI}RJL)~hRe_^
z!!Rvnf(o*6v2d7R-T+lw$B)C?#wh@~=`H_2HTY}c3R*b*4|mW*A)1!cXy{MsbsoMg
zq@J81xF$_Krexql9eF)w_(sj&pnaAUU1nsPN9+j-dUrdstkPfpD0VI2<EUGrx_qt4
zr4=X!;)#qF#e}DiQjw8<W6D0!k&UQi)1%W@Ls=HGE)jR0#SJWvbnRI#IGBLyH#dVS
z2R>>|Gpnjsm=5O~103O4BOG;CS_1P5F7TgRs(SPTuwpvf#WtxE9WwJaYTU`}{<t<j
zripQ6*+3ljI>e}Wg=+C`J9%N@ZE3DtOfU_3!d<r|=5@iWiGzx3azzc+Hv@W=H3E|%
zKx%sERHf+b3ku`{n8qqAVvPVCl4)9r;p<De4yop{-3XxWyZk~>X%AY6eR}=M!aDcH
zUm(mIMM}{XsSC%CO3VqW7!)dAgI1+|N&>!`CMm&ZYhByaZQ2wmI@^tL$H$M^C#Lsm
zc-*O=C?gWh=6j10rslx(MvgNipQ=_n&Xub4b#?-tHatF`0SQz0=6Ha7ipcef<0d)*
z`==@c-tAb7YHisdq3{cYZ)30({M*V=Ax_SNcl5H#JV7!ag1A-nz|gF_-0HCKZ?3}`
z=A_tHZSAv2tt4WUXd;VTr*5X*$I!+o@ZElD|LljTZZdnfzM@VhSuV8w2&_7&eT6-B
z^9%mxYWZSwu9-I-0}DW!>*e`E^!(4R0#yz8%_rqFwX5UjvX$6r)i(R{GWpi;utoP`
zbJInZP1)w!ftvLvhEcb3wV0~5^=a14o3x9`2M1Kk&Urn@wvx*cR>sYTO6=M$!yq{G
zZLY3$wHm3Cy#N#5We%;|f(YT}68yQv0=ZQ+0XU8w$Flj_N)-TOZ3RI^1u8L;qS|$j
zH%g!=v8EF3*=On063Oyz8U16@B8b&`=lZf68vVl_dNStGrB@m0uE|dH6A2A?kPl=A
z1vAtI|DzD>92@4EwlM7E=CHGTvJ1q9xm$jUq<FOinK_AjbrFWUc%2O^2%8k?CM}R1
zK?Fp&yM}~IaRxve4vXuglj2s|k*ZjDwuL`{RHoJmtOY49m~ou6WgAnCak4;AMu{Q^
zfx}cghAEN#72&2tjfpvv-v7Wp|0w;&S2ep2TXLW0tfuM0JoQDkx{u9u14oBwi8O<V
ze%Pi#&HCY}JHR(+gqW~++~g2w>uQn$!#L~6UL2hzCIyhsFKuTNm8mCm$!VX+{gZn3
zCJ;izI4N!%kvW8Z%jZTsEWG}R{-b2~543756Bv|!dOZ_gW1$a6bPIxM;>V<a21~{z
zhPe8G394`~B+fEE4D0MbjhcaR_}&nAV_Zm>wwVI!gPPu|@+gw2Y5hS$>@a);3uZ=E
ziO0yPz6Ib9$!#=B(zK)*%E$%#T0!bsn71*XZ5au{u#63A-*g2z7$=CB?H1ah<S3uA
zJBv;+0+W<mw7MR0Il1wuu$B->#UwMd%<ErGu9USt*O_xhrfhX!nc_mXbD45nO(h(a
zWTWt{$qGr`@wQbl%0o<7ek`m(bFuJZyv_Q2lqUea$D%bcGh-y()-?)+F`_|pWL2Nx
zmoT;9R`EfYxsxHSW=yP2`sIsj7;zgfydLbtu>?2CXMoF9eZ+=-N((f2$<K7*!}s`M
ziSw@cfoV*Eb@8iVp1N~HoAwR$qZaMBEgtZ$+xY->;1lh9&4BvY;I(s!BZN#tq*B@7
z^ff?da0t2`Xt35{30I{<^0T<ysF9OVey}r7PZ|rc@+JvxIKnKjdDzdHte!^o?bFJJ
z14*u!SsIjO&KMME_O>;{)8TAS?m-+Yg4!R>kl2$BCf-rq>@}W<p-w26sZn~MeT=A{
zeGw$%OfTrm%&R*tjj4QTBc7z9?RM}bLkV#AQoO<*3jv}JPf)wkPSx<ZPyeVnL7JJz
zHMcT`pwuv-8PG4!PFdHuV5l?ZaTs*2nGOP8uA_7MK7k2{f6&?#soIy1+jX^lZpKf)
zW08;Q)NdNs>7}5c^8bk;a9CiZ*RLC|ds6#Xi@PqbAhg&hs*}xNwpu^fCpw@az6L-O
zKpPl1dN&>t+1*q&j?D6X`7WL7zk)Qsk#1pK48ocL_L#Lnms64E=6MBR9}JY~a+p4Y
zYf?6IMI#H+qNSM9BGeB)L2;yS^o&H!>9F9M!;P{<6c0ydObrMo(j5fBh9*u{?MrOr
zL!aQZoM@aTC*Oj0j_+MvwPTEeNC9q!Rp0eMMgm)yCS^XyH%+5mlt5Ed<W>5_JYo;D
zeb7rfj9GF64U(gi{5_ECw~6RZZo=JP!6(@<08nU_*);dicJ!cOs3dga877um+2IAL
z(yC6~ez~Y*>TI-1s;#NHbT&F9hM^FFMaZGm>L7TZ+k*pt@`)L%!zXKbEC5G+?4)Pb
zwXzu8XL9a4rZT^%qCaoZ$BFf0vF6cd#>a^1k}0)=TUL8(Ozvc38RqMWI{Se0l7r;s
z6>F?WdL4*ZCt-U4wW88~wsEJFLD7G=KRNrtIXE>Pp)P}{8O6x69D)g}J<;B)1h2wH
zL*hy92NLPJ1J!P*w-Es8aR3*I{WdSj1^q(Xl*+R+?sVFw6cmpR+vIsoyqj24g_4+g
z=oGz8shcZih;t}r57>fyGanK=-OqL)z(yyewzG-m-UW8q<g^Li#S?iM1;%zXremuD
zRywhK0c_lsrUz>KSz&#lNhuEuhoRb-OFQws+;Vhrm_E5g?w_Br0m^2XvqIGQ!3~}-
z*Mpuu$W_U|^?N{z{ErzL{?LP|<IdI|X)4>Ca7?J8MYDIdHVc47VQ8!=EABUic?A9w
z@PgR-V^kg9w}szS6{)oxHUh$wEqMXWRCLT;8o6B>21%=<F>IthnxKP62#3g`!y)o>
z(k0R10#4(`YP4AgAaAA?6L+V)O`F%^W#piwT1Wzhw(1pX0<>|SwG&MR8X~&Rik-S!
zF~HYD?X&977TPHUR|RCU@qAkr|3>>*h4Vc5OYN#@CKEH?_Y<xx+=ZZ?sfeIs18+?B
zy7nOxhz6%=-b<uFdQA*XUaTsq<`o2feKcOulP)4#kMytp;XQ=9FdDgdwy#Efi+Xr*
zv^GuIpPWi$Kd&E6!JjF%DlTMmZWc$oXuAMY7<mwFqdeFF{!XX%2pY?-HBfhAIW6SS
zvyL`98%zeznn&qK5kHsysbs(p27~}zktkK!Ru9bRP&B$M^?0FiKu=f##HvpQT>Udm
z2naMez`()<U<yPt=7iqj^nVwlphSpC+mEZdsO)edCUApf!0SS;n^LjE#98|QlWC^@
z6d<*1k+A}&tQnXlE&D@1V2<N+(&BuPhg&NbR!{?L?rM`GHt;O_?byJY@saXeE*m;T
z7EjX9iV$<apqf}=%ZqFvl~tRe>Wb4vfTx-Eqb;idT?O0L$XaZpw$;tL<C?{3`_8L%
zgtEEZDwOigwoLWT)_u1tNGpyFbkygX6L$=?hWa1p42#kRvi*mcx|q>N;aqW(3l&_9
zlQ~h+=aJ6R4@e5+P3uFYostLVObMbcWWCfV-=E0wok>@cnFh(-)-5wnW}9FZDc>lg
zJ~_vLgu}L-tC^<n+-7{`R*IL9kfiu{DBdP{u(<R+TQG6_VVj`~%20}dL%!v})*)rs
zXIi|DhGY3Ul@kb4B6SS+Vznt5^pP@ZtshXMW}fH`I5|O5nI*qPar|MdFp&4ID{_$6
z|C*R90u6*K{a7l+2?|`wt_G3HCwOwNx9I2qy5{m(Ibaq%NJwA>1z{sI$r-nQbnhu>
zw>9cjB=-yHV8g``r~kk|`UWvl)kok>(z|#g!VU`hVY^0960IrI&?pPie}ocMV@iAw
zDF3T4&9qkg0WfUcd7xGd&527P+aexoh>?7nXwVX+hoJ~AYb0-~rbv9th|8E<F4x)y
z{BZHsPM)ig?Imjj96r2^s3<hY)fi{SnNM0RRohl@S4j~~JOpAfdrONmF)!)qX2dPa
zcjT^()#yU_90UiRYV8+9)sR{S<*K7o*UKoeeEg|L9>+*8BPwY^ectG*!TYfk(@<(F
zXQdB~*8I}<P=%<I%a(zOrG!!_{zG0L(2YrD&_BK$c&1##{MkCGziJA5iJ=Z!?8;<q
zai9bH?fAX%?)Ep}_V}$H_&t=a&+0M0Mq!!}`~L{Mv{P;`|E^=@zb$wYet)SN`rK9$
z-HWrD?k^ewZYda#bj<uVU!Lv&8N8b({`vfi4LVqW8Z|#(?-%ZJms_|8kuS=#?S_c9
zXS4SxMI6OkYlMIvvpHLCel4$SX&0MBcKS=453%Qa#pH5<&sL_xa;6WjN-tc&=U;G&
zNWFhiv6^^Qul}F3P&ds#r0CW~>x*fNkEqGU1O4_N3I!r9t{_$?Vif%Up;yq*(EmZN
zQocCNj5~$GbJ&&W1i_&rotc@foLHFYlPrxosA1Kck;^1NE?E@>Aj6#yAj3Zg;Ncmj
zlzw&_K^j<u@?3K#I>S*;^bPfafGEjAK}U+_pv3%B`VV>ae*j+1gIv_4;Q!=8u65e4
zbwK^{p#EDw1Mdw~?LR#k&aa?9|0~#k1!aT!Z!#=H`5lzyf4|hffs$nKy@R6u&j6B)
zm<TX<xc?tYmhmr#?Z3MJD;e^Cl3m_FIsUh1)H^61U^+gB89nUTA6CrL)-FW4k2F?I
zUA<IcIVrnpTRi@X#GzkeBy?&sV>dNxsz`R`Gk&%+ef*k9{p?q%ed;_f5!Bdo$%zED
z{^bYJyCU)J&An%qw~vaRim{ij^py|=!M#tl!yopI*V^T!28o|)%`zNI&NeocSaAA_
zZt&Tuy0VoI`M&@zb!EsN`dDttMs}di*=0_-j1_yDbq@C2D#4=K6C{N}TzyW)5#isu
zHb$#yu`H_vp!qTh&Lko~6n5eCwMZt~G5@SXKOtn9?$ww*?>wJ8YGM(-WdwYH;sPSC
z2~!=IA`Hh*8c23vxt3Nw(zk>|Y2BU+)k{H?Aq{_J!YI5eup%i(f{YNyK4&V4SjC2r
zOKdX09CC%gar{gc>HJa#nSUyO*uEcqF?D>GTc}rl@JH+nGVpn2V=_-MP5ymw+Ap@M
zVNC_WC2(qZq-}jeMK`(LkX>uUTn`9Q4TOds^v71lUt~rwi7g66POkYhYF&90=d5$w
z;u;1jdtPeE^vPFm&metDt6|VNh`Hj|`6<uWtk~Y=TWK3>`|D6D2cIfi)@Utp!5nIz
zl<y4uYSA3Uv`;s)XaA!xF<xfTqu6ciET%$qg5!7Fx2G%U`i1o$Cr)C#VlrNVf`GvO
z_#Z3&x8d4rKSB9G|H~nlU!e2=hR8hqm6hfRS(M{X{ofr696}WGKFLeLy<ZBj9YEL#
znxh@}kKhF}%B-oW`>B$zH&>j*W~`~O*+24>?}KBx#^<cF<;^)$1&;aOQy<>%^@esl
zkNSFlGw~oYCtQO{LrD(c%T$%M1b>f<<zix^{-#z!H&RY?2nx$|D96|VBruXstnAW9
zDPnPEb*38cACSf$65SpnjaXu7FS0Wwmv0s_7OMh0Dykm;JXc|xIz}&rKANDKa}SOg
z)_l+8+GD=Xuy;;ftsrh*?S5@gYXNfKQK2R{EOY9Y7aUj%n*JUfzD(O>>ED0(&LEHI
z;uj0Rv29YhU<{xQ{GoRR*nV`q&>uK8y7Q&+9L4)7&UnJk<aFA7aqWAq<xhJu@n(D;
z(&i}mIL;g}KJ|?{S;zl@k3qu4AAy!&cct?VT|BFpC$((sLpa&@Unq}^3>nUcqUL+9
zjL2Afx2xGkOrHvx+p8XwGq@L^SC_h`Go>?}DHWUm{?3^GHpV9bcp6sd;l8HUu{?y`
zAp5-;Ne|`mwV+jQ16hhl|K3rri&Ij-JwX`l$Wi$XXw5+>69MgKI{0Wwmgl3zn}(#&
z=MsedY0tz*FsWkBXFVE|=x}y{Pc=y{k3Z)Je{`ezazrq(({C3s)}Z+M_oOle&e0en
zKd~LvsZej;9>1#r+HP(sd9MjUr2M!%>U$%(lKXyqAx5^77*24&vb1x<`DjTHk$s_$
zD736ut$+BX=fwIu7bFtGQ@-SJ`;z=!GjHQYBk3?`H(ae1$@pN@$VCSH7)=@1WLcyf
z8+Mi8`(SxeEQb^pSru}hs2M-<Cod7yUk*}@N@6-i5F--<MEC7u@-!jbTB1KKrqJ85
z?N>ANe~zG5)6mXI_;4M>icGZlGnO>zA}nB~{oIHJgQ8Nd8AoB>&B{#dTYW83L@@+C
zjJf&pH=g1(HRbkn9aLw+#ywos*=m@!q-ytbj#{_lLrO<{ESnZTY`wS9k2Agaep(zy
z<PBME;Aofzj2w1IZ;4Csy`NSoGb#|dmN_xrlz#>=Z2r+Ao3zo&=q+EN_hk*74O?ui
zF)(`DuCnKQsxgnk)U<LlmmB%nY>8F=S@p?-vnwb!vTc319zEK55~KQ4({xbl=ex&|
zIpBn+e%hs2uB@~#v~zF_T-(Y_;>!4TxO98@FcP~IQ1E)70pn~KSNgVH$#`nuZlnOF
z+tJw{!q%jjf*(bx{?6pM#g0!=Za4JUM1fn%WiZR4nR3qjRK?bOyXEb4lWoG9hYU5+
z--VS@Alnnjr}(BzF#dv%`%}8xkstojq%?)i*niNkX;)#*8{gY3k!&?3U@efp%3l{a
zuYMT^==RTaY{B$css3uIF_}Kcws2KygfcDW#aByz8so_EFSgY@Fd4?fGG@3hOSwp1
zapiIY!{N>_NS!ecnnpo~)q@e~q%{`Vh%8=&IxHjpL7xOdk*G-cm+JgZKm<`}EvS#-
zz+R*-2sBHdfVo?vn9WuzPg8q<kebvzwudPdP|^+{Dlie1T>0SdN0hDDs)mz*EQ}!6
zkgH7yN$k79P41~6gG#w8lPxvI(%<*h9}$R#tPhFazkA!5Dx+_djSaS%!Vtu9MsKs4
z^oHzMc6y1<cGLa{yfygkm+Ce@?9}rGm%3-0x$K0<{}3E;abg^k4vofhP7m#obG!Ep
zC=B%x`OPk=r;}uMfzAC{D5Rhq#mD_>5UIBoPT`B%VlyXRfGdB;tj0qjrZ4wJg|{HS
zH-SGaEnH=bmh<?m-Gm3xh3f|FY$EM_qhE<G0ej*>cRrdQ9YQM)oA`{=Ui)?En`p1b
zOo9dS@WNqFFt7b1v7=l$#(G1Ih~~2rkOLz+<o`fZ{g0K5v=mSeNYoJt^D&(HE-QbS
z<xSfZW-_O{&kxYpefs{*&zR4+($Q9&)P2=TI1hhj5>z@-oSv#Dgc}%Z%EnMK2rJqY
zEH^PJWm6ID<09T*)x?@t6!~XO2*QQsNJ_ER5JOAyk==eEF%`Bsn_dY2Lk-*kfRWUl
z=?p#ngI2v+mx$0Ydh}DG6KE^A+;8_mI9Z-+%-0#q{IxWuZ*KkJrr$-6bF!H90$)QU
zb6}q@k0b*=uas^_9#Phx5R{_{<2t8HQsxpEZ_|VBjCjy~T_fO2f8gL#UKa&L4P*e7
z?j}&yl=xHaahjAXSV%*G8Hx`FP#@3z$gaa87LlPww}+P~L{++f)A{D^O9vBs-f|>z
zg6<x^YEV$|C~t|Y{ZlzpWV`LG@z@{^Bo#&mLq33wk&Wy?d0l8;sIFx@a%Z{2rm(I9
zM;g#`qQP;lQDHfvn=iVW^}8ew5dWA%bu4TGKI1!MPuMrfFlx1Km-S}>I^o1A+^neI
zMT9MFdDPo@iFb*T5=e5<gB`lDr8VZ1Ocp3!+GD6Pn<rEP7JK**f7cvUS#9fsl}6)D
z8Ckk2gE!GX=qpsU3$p7gRn8n-*A->W8fI&rm2f2HVv$5tRq=I>y;m`12izjCm~5#k
zt(=ZQnK!!+EIJ|ogk2H`U<wnQ?6R{i+)$BBbcp~4+0ve?G-)veWehylMR`v5+)n$D
zv7^+YxuWkXImOvgPOGAOnHcrsQDz4`?W=ck>3Ci}(yGZ)xX)3^Y3$ps==eW-fAoQX
z7lbYs2=!Y=0^4qATUH8)VN!Nv`oQ)3lb5y}UkPN=!>UpeFPj|!yfLH1Wn>t~Akidk
zC4(|w3$FW|p|L03k@yFQk`#GIztwS+G<9Sd<9o%%On;{K&2ufzlPM1EQplT$r@7hp
z6{U`ce%v@lmeyEvI1Ww!y=fcY<y_psdSes-<^dXSh_D>K!T+-*`Cm+Z1x(;vur9W^
zE$;5HxVyV9?(XikP*_;p-CY-VcXxM(#oZkq|Gmk}ZPIi)O{Q}unVykzzS>FkyPACA
z9lS99--rbG3VoHn!sY*ez<yEAE}k}~&h#F(Hs|;&ack^1K3&3vDi0%gvGYuEi!9Vt
zWlkz9lNVmKRn#GYWR=vv2aL(~Pv<yc;y}bKO}yJv3uqdr5nS>aT=op~KEF1V1xRG<
zf0w!l+KlAE+a@D2Ot85K>f(Dl8V?2p)<4hLG^_GK7(`GKcrwuB_3(@{kaC>k7`U$N
zG|Wcga(G9RVODp3X+p@v?TWf-oh-|Uhc#9AyttVUdtHJNhIM9A+f^`V-4~C?+;18N
zJ^1h_>%^39`pCVw@&Bu-qmUPLqo&D&#0=(?=HEbQ5{spm$ba_*>Ik=DY*>IBjPQXF
zA@n}~UYRjEGYvz=UZ$e{n^^a~NU{q=%n}9wP2HTD+MPDz9s_|!QKsy9uc%3k*N!d^
zrjhE@78kyya?^2Hzhh7FvQ1=QF)#l4h!121*z78^Azr&L6mzuBgRP}H=aY-7c%%%Z
zQnQ4*$cfP1a-}5w(C*uG&jT*&O1e{n2wd`@s1OtSM<&TwyKlw)cD5y~icom+;~S%R
z@l83&HFL2vACVM^@bz1k8kYy$9`h7KTSt1QLtxJ$B(|*#jwX!*AGZ*!W9zg*!-K#y
zu(%ig5Fb1KtqVAeqKb0DRg^+ksf&btwf;%L2%|w02y#t4peZUuWd>{{HGFrW4IlX?
z64oG$n~NbxiYJ4ls?3Zi5>hvoNd?+RcKq{HHyp#0pI-LF`)Mkq7q8Vz@E4j(z1SS#
z<`}w@oPn!OJ_rvn;_llATeQtz&u&1O;xecUY>6<s4ILEqHx)&Vo6;{EkTM~Qlu@QD
zPX{MNd{@+G?4ju95HNuC$xp_H=*~SM?v2oub@Rb0M@t`J)8u=YK7v!iKY7Gj-E5M#
zEHWx0$lrKZR^6fPpzlK-Ad#X!_km7wQ;Z$>rxlrQ#F!g2===P0S7abM9_zzHCN86&
zsta<4YUQ^MEVvR37ZXSx3A;=3xtBVuBRi+RBXRe^E7g<&LKQGEVFg+7>>jrfi)=21
zKpq(elGN$y(!E0+v?&%t!FXtX(!{*b{rVQsQA4#mAth#F5**<|Sc+n)cp<WC(p+rm
zOzHt<D>q5lGx2&9uzNo}6t8Jq_sD=c#>8-SVd*3_+UGaX8iK<6R4T%ZFwS3lJg_y~
z*d5}g7dzq^=mA8IYRp?Yne-e}h#a%S2BE0Gx&73@rCw89npxQw6X!P^E;j}%eRJO%
zu?eH-1C>KFIFB&?)^d+|YQTqAKH`KV!bSFDxitkj_ya@t<_GM^Ca9g^y%VCl$m8Jc
zfnEaE&JcUM-`%>u6(kQUmdKBN8!3!;p(EI-nhq(<2T~wY+o1aoMD=6y51qLZ;dLfi
zb3%0OVD%Dfw8ON*LMjp28@3h}<N<d@%_~(XwP<A2sIXm^a5B)rA(}quzXFPCXlQJ>
zVR6WF|B{kUxyRyAN1zMB3@FGZN@G_%m5&lyFvd)y3@c$4h^Brv+oEBQancl7?V!U4
zu^r41P9FiDmOZOR2{zL8{uCM2K_E{3B;fH+=lN+o^hC+d{6aBHMe_y!1S_Laet4)D
zNGt#5GG(eJqBjI=$VDB9LG1<VM`mbP2cdX`{uq#z=B$-SsrdUoGnU_}+}`k4R-y5n
zv5LezKcv_>_8PUL<|C^q2VeKDb4R(w8g&&n6qy1jXyk-3LEloy$8i(fS2GI#a2rDS
zW-5|gOw`}7YB~PYF9`qGV4Tb_Qhi<t@9?$tUYLL>E9J1E>*GNqFK>+vI%tZSW!_>}
z%-V);7hmi(h;S9zS@WTdQ(7x7`o=^sP9|<CU-3{Hm>F?~+n-yw^Cz28KJ&MYLrvkU
z<@^{R|9uh0>GU0%A2p8-Pb<J*g<xKYs~U>HnVFx_eq-07?njBMY}e8gchA%m)}OR3
z?G=B>hJ~|~;yA^_#qR_;JMLTWK4QIl<a4XJ@J1*hyryt3HiNyg-!x+La?({UB6$c|
zu(lGRyG^&JPzEMU)k<Rv!C+**DYi=ty{SY1vtWv}Ov$-Nw}<-^B^*+4*6YmsBR^Kb
z9%p}PJ~Ww5py<hUV~9nvDEXHy>7YFf)G3i_9Og5gvHb02%~ZCRVC90NtFerTO5;Ir
zxl+!!Hxj6C-QHciJpHW@qJBwq+HCTHUqe+S@^JN$*70(9^zg$-bs7C0QpfCQ9E2tS
z_!kdG#Z$j0AzdCba*AA}>ACxFHNc8A>Y2oQ&$b?_pi=Qh$Z);XA16jiPS7@!_K?+G
z-GNEa9{m%nVPhu@Hfq@;6SgysrqXB!X2flEGTQcoS&GE8XF2?ubmE^p4l{%Gu7$`F
zPHQ?5)SG@P=FH2{G##>NYcPZo5-V8%kViRU`qCPmGq~Nw9iCYClM+Xj*SQ}93;YtL
zuOz%aQHSk(kYbhcQ1|2f4aZWQ@1X7CQAAmO!nsCfw%$whdZWnOy2uuiX32b8ro8*I
z5$y9+(;xW8(ky-RZd%cuetbHr7h~K1S8Y3;tvui{-az}($~0Bif`8BM78~FLZn5=y
ze*N0A5|}%7t|e@V=f|D{CdijsC>F}?CfQ2sXkaD^C^jhAp1mm8JX@ta!$bKf_!QF9
zY5*<vg;6n{+jTbr?@&wGHaX*$d)Yk}dvqV=q#akypzj)6<emM@W*bRN-Zc^C#@Oab
z<39onX^wQ6vrQF|lyc9bd~B70uW76hlensGf$iEZJ2v;oRDs34B9TwrK=mObvB{TC
zec-byNUZTi7HvHOA`LcDB5$dkXaSx_S!9{%Ulk>y;%PBb@l*RIbzeO#$ZFAyE8`lk
z7bjODEg_Ta)b$FGTwnn8^O;=FdZom~z0#XoH)83VYt^;UFKzdZh}UQUX8yc%(`eCq
z#;g*(MuyW!bdrs4#MMgBm9He*;4{(i1rY@O8=@to7!vNdR6-Qj^h{?p1^1s-i7ZU~
z<Qwlo%4nG?mx_Aq*0eTXuZX`}gAL#Q-rDbvX0hv$>p0kiYl|;7%*`B3=z9CL$}Xz{
zr=n;<rZlSK+}7Ur{^EkbiL!kubuAPnMVFC90L5f7mj%x&UeVUq5{^K=4bM(xOI<A+
zc1a8=f@|#(<C;ji=_qOkT!R-BQ8=o`$+~nk{YD!Lk_FD=cD|L{WwjJkwyr_G)Yf~c
z{vK4jIo8$(0Z5x4RR@Wx^;vC@zD3~rdxLLb{rF7P-rAe%O`X(${ZR$7#^(prOPZ<1
z<VS*>j?0rekGwB^qeEwxwyqlMfWe)CdR`PXj9fSlqp$w!K^+%YhvE%lg~NKT%%3?m
zGh3v;`EIxE$E=ENwD2_$J7#apoY{c<E>(TbS$+(^k!dpG1lI4Lt^p4jV{pj+sN?j*
zSCpd^)RN`?QBIWrp3al`g|8-;WPsJ?B%ca_T31$j3`CPxsiNUgu|fGEwtJ_MY{xF0
zA%8x^Yr0fXHqg1gX7-^u$n>c4L9h^q>|8Gde#i_yN7%(~TlUzekzS(#S+XY0fgWmF
zTo||^caD};P<(Y~-o^JQ*Ru(}-XYcP7_kP<5W7Rpyetcxf{*nM5bK#cD5hjy8_p*(
z3erfAw4V-RfS6uQCegUSe{4a|N_55+QBt`5%<B^*r&9aNhmycGp}0P%P15-9G&=MS
zeup8e|E*uYywRp)XiQB_D35FzW%yRpHD^gYI(=Vgk^Jh>xI%oVYO$B}N)cZxj5)FQ
zCmy#|b^AM@7{wP=xR#D=io?+TkM<{&4)$44!4E<4scbD%o%^4Ok7&5Kwifx`GPAOD
zH}z#duJpM~mIY0QjKDIJ58g7y=L+_&Cd|(Ve{{Ujx3Z(>2Z)Lt=8&22^l0d%7OH;l
zN|h0~G{kB2CmA%0v_=^+K}yrYe`fndb<XOD<q2K_*sk(@+f9eq<r4`lxzzck=NU0^
zv(3po%dF$(`och4Ji_IKBOt=%!-SOH8JN*3XvP3m3it0pjL6l0Tp!{m=J2i<Q6%r=
zJDgMj;_N^|4A>#7v%W<7PnAvB?U4L9HsWvZ8x2OcRkOT#%>~)j$dR?i7b?M6)M)Yz
z{GoK&06urtn+HLrJ%H$lvWgWk4nMk6DoTSWYf>KU`sU65(tzFO(NC3#brc%sCngnB
zQ<X4VsHb{!lSPn-i8c1UUL9YpwCEuy@%VezUv14~ISl`XFlAf+p-#lvk2m4Sr;=+f
zitG5r4Mz16G4gJ;wN8NZvRlGO*eP{i3HrAiaCmCKoVEJbGIEW3!{rb`0oq=UQ`ClH
z-2UHy*`iiQW#eDX2t+d#PQ{GbDi+uPO3m2Z5{r%An{mt_oQb!i85ROQFRyP~GUrbE
z6b{E-6!3;eodVg|JG2SvHxBmeD@Hnwxuj<MCmO_Qj+{;R9f^a`$jHa)n%3U1+$ixL
z0F+Jw3O<&NxbWpdrdz-mS;(fat*>-&FsFGiV#A7Bwk|3(R}y7wSkmdH6-`1m$ZzTZ
z-5NxA%k~u9nCUcM*P#&O4NehapPexg1SG+BzJNku#(jmZD!1CdBI4>@R>p3`TsswR
zuza(HM7X#iVDp^rP^48Wlb+_+6UB0}K;Z(!$$Gu{0%^|EmY1L<pHL!Gp<C$@d3k$a
zqCHtT7E~)R!NTxD?lyOE8O$_4305d=vK(9!C_E3%6Njc9O52Z&`q4r+BaNE!I&&KP
zQD?O6;dw|Zj-9D*&8(`nDBlNR5bQ)wN-j4eNv<lOXshEk?`kAj)cht!lQ}91yq3`G
zg=!~*`Pcq9kMw2G88Qh|)L>S4{K`>yr>={UHchxv>54ZedNbEw!b3R-H@!E9v!i~g
zqjA<36MaLUD|uIE$E6qPp^b9vo?CA-R5Zh;U7YvB`FQt30#((U&7z#Jxg7B#dQmEP
zjeo*XIGZjJN^V*ZN1GnxF7ma~k>)ErY$D4&WZ=BxW;<8EA0CN)D~n|9T$POfx^%2c
z)|ExNcsIlzsN-5XHpKqL$9YvGb&kMI{miC+1i=2wY)gNGm<A$(fS{WF-^}(av2EhR
z0Gs~bT01fp7$Fe1H=IcI#INrkb+U#rgR0Y=sWe(1H9G!xRLw5_d!bdTRuVXhJY)iq
zAgBRjK0)PzK>bQYW$KG5!GR&aj6Sou<B;%gkPL0cvY(HQ2|^&9cmlo;`|ex6(pm;P
zpoNDXvocce4^oNSYwUS8??zUlo3<7p&9`{pw|oy3C?)|7os|y{CR9BY+*dt_PwVa_
zJ&yr}?2I2^m!nO>l<ha=snAt<*NFm{SuZCv?+@q`16_eL0ou>bUR>|4Wc*^P0)y@>
zTUz-iEOTSWRp;GWYVTNE-*SosvY%81KG0elLXi}+Cn|<DH3uk{uKD@7+QRdmRr70f
z=ugMoHjscK1ZPe>_9M&oZO6CGU*DVWlKAYP)wfLy`^wW1?k{9T)fVn|+K$OR!&f9B
z5`~P#7FSDy9_L1}90fK&(ylYnRR$5fxV+nK+g`34&+nR8Xj|7DC;|qpJtRNxUsQj?
z^^~9JJlR32>~*KAZ&Gw+er!Izdz3zb>MLs5m8}40tWTHoYh%4j$^NLJME5VvSNAph
zQN|&!b-Xz}-e%yNC86G;b6D5kk#~ZSv=Dspy6{$UgFm8|s_X{cjm*dyc=j2V@E9WK
z82n}Zf~y^iH^hk!e31wIQdKBZ9JDGtY~5$ZH-2qgmwLJ4EW2HlRcE+?SMuw$uXd0o
z>1P6_RGv)2@ao9FhmBS!?|!D)VfY%b<37p%iUbuyAt97C=4ZXeB(MSVNQTIHV#V|i
zh^9;CZySw>8T4A(GLjr=`$=j7-Abw>#<crmA93%sK@%Dp0&^f+zp!)iCfMMibk)Iw
z>z8*e_bzNMR<I$@XkYN!Bf>8=kq2ma!N~*w1y0LcArZd&j?|`KKvoc=M6SH1WX0$#
zNC6nC=lxjO?sD8vnB43Yw<9nkC5%BkYV@)`Xhxz%iWiDu3<ksaD8;y$6Tc=CfPT~y
zom^(#4EZyhdZb_8Lg<_6^HoY_-PLD^JngPomm#fhuf_mtrZh$Edf>A@JCq$p`hpY8
z`iH|fjt=>DRHpe1WIu;@e+Ml$FC`e?E_6UdRZU-`OL=R!(s{}@@5FqmM87cpIn)N;
zEXo!Cmy#S@19~@OYT@!&;abX;h8GJ{L%P|ex7y}uev>_~XY~WFIP<v?x_zA1nGy%Q
zE}JtuP`5Eh9T8ewRPX4CgWhVtqmKbN^Xe1QNhT28o+@AWyu3z^JyTERMsgfGG$UI!
zyg<va-%eBKLi$zJ>v`7By6R)iQ_UL~n{p0`X@5PEqbm_b8F2|mRCi;BzO169Z;Toc
z+oc^2t%xM)8aWush4k)j#?i!CfIUUIG{qeH687<T!ryyWT$D;*kDFckro#(Z0wps?
zpLWWmt{zB5mlc96C@eCg*A{>0b|=p1Z4OUuswMbv^wGR|JUe+(B3fS^-Lq@jcvpXS
zJrF5p$Ea*;m3^Y_7!C#4Y6l66L8X<OaR}>ss%&1Su=z8!+1Ier?#;ZXdl&XNd=2t9
zkDm3M7)$*#QrXZ)*qsg+S51IZR)@U%)NRpI15U^7KHsLsvleuXx$d;BQm89%t;VBh
z9KaR)B-8fW$cZAq-b$Rc=iE2CyOC4_Jc7R6d=Rsz>mqKKtqS5@rA71pmreALmz-9=
zG;RXfpo+VA5AudY_rI5w?_B4V_UZWt8piIKQ&#T1wQC}g8?FMy8wdb*zGGQwP1~mN
zrJWB_#dQwXiS=3T=d!mVt^FgNH80I(=C9(H3&`SH9#8sLzP6o_vq^%8@wheet<p}O
zx@XR{fG#OZ4Onw8Og=8$=gQ3R>b}Vm0V*Ml=csiFW}69E{4wQ#Dgp82KwAD0Ojf@K
z&RS{H99POr-!1xB<bMFq5cn!7jH0UlVtRdRcM7b(S)>+7voY9t?7!N-f~QR{K4sb@
zQ^W2z4dEjuvsUcUFthRBA=xa_2Os3cactZx%*q0B$J|*PACGo(CLbX4)w<?pRyL0%
z!)(2m*<|FSx4w{AM?%8RcM6v1)(E=tYdR#7(VfY9{rPHK3!Z^RQmH_(bjAv$sad5b
z?P#)G^t^b!S<?NAcqXm}%6z@5v&JhPoHcKkbY;Z6$N@onR7z60l>BRhpCosu_Ln9F
zq0(!6U$1v(o)s<T%7B-KuzZgCPq(y^#ttP33&+0_$rMiPGdL;lS(6k5x?knQ+E>&5
zbJPTiR{Sw$z%?Q2Azucyv@pE`B~hvKOTGA5mexK;bDKn)|Is~v47(<D#BME9>iXf|
zmnJ;;F#QA%tK>K}za)&kDM|fZR@KVJ7s>w{XTA&(S9%I`T}4CamlRn;ckfITw159&
z94B$3dP3JTw^YOItrZKqOjg(Rs`K|@fO3Sp4w)!tcsPTxmhmY|;AxB`B4b44hf6y(
zeA^xP@<zW?pNhdczoe5)L<LHNa7P{G7r3h~S=f);#bLX|E7JSPPIiDfFM;dWb<K2_
z{yzhM&6}*eEMKZ(EBzI~;&?SJ8N0Nwxik@_j!ZB8vOi|wLrtgzW{Mg~D)4}NKF@`%
zBn`Q8&V_s#D_S~l-rXs>&7HMPEqHdNJG6Nf20t*s`G8<ADL-tf_+*c8*aG>QD9F?9
z-R{i%P|{O9$0}oke}f;XF%tj1^RF!uR(+IIy*Kmjf`LWDAo=fx|22~yLQwoniFzZS
z*Z){ePpW^7#VIQS@F@I#TKJz%RW6MjDDfW}63oY05!<G6F9!u@cTf0{=a~`PY!(k`
znaqRT|1%03jXlG<CHk7{GIys)L?r`HVg@xRkl<MBpT9AI*b(zh{RgE>MyD~mu`PQG
z{Y%E$vCYO3bnN1e=RQgH*R40=-`w88vEC1z&jApYz#SqfI{uZJ^$_P5g?-*ER#-I0
zm@<Pm&S(h~cZb}ic`*ExQ_rvBi@tYx4uVucB8@qJU&QM#-QtO8ZhV{|?5Eu1iC}C3
zygZ?!JulI|wHUYLy;9Oc63n+O3OIr~B5g)~gogWbg|SoR<yF)TOo=Y@g!nW9yS<x2
z2qwULJR0~dyTH+-Ohooe`loCG8$$gSGV1K9p-Kp%1wX2$orwa)Lv?>S&DIL0h5XN1
zZC3|7wamfuMH3CD#KBBA?+n$<TKY-64a<d*(hA;tLa8v5iK%C7g46@vzaVGxF;AIb
zut3KPBP2B6BGt~dq?0KuUZ3>zvQ)=9#28>mOcm@E^9!E%Uh?nKHdDdekH;e1K3)&_
z8keySSIGCGsI^}XWTnc9FdKs^)7a6Y^`>9`)fr9ZptkA0Kb+H8eHOP3b3ZBG*m60X
z(-TX!Ea6{d>RK^*lrqg5H{IrLfmpHWp<=YEbcu(QCJ`6^h&Vw*ej9}}K?*aZEdn^#
z^%`oD8YUfI++@xk{oeaa)<-(B4dv&xg%_#@gHg7sSqynkI&uo-_cDx<S<7sHlBpc<
z63ZGYBB-0<mMSIE;cTTS5Etc)T%z1;lo&G@AMjFYsqf9cHR2uxH>bRG25Uewkx6Ne
zf}hpus}3?pK;=p9IdhV^*L$bZzzg6Iuhc;jZ!W;ph9a|oNKXlKWLb3$dH%IJco@<Y
z3wm21I4nJB3Fe!$Rrx)&!#QzKYBjx<eVE(7Ikm^Dpvtke!;4hF>q~IxiB$pMk3(5P
z7_uYf^Q%MCE@}QVte=Q45i|K>JfL&qpG#F$#Ge^_-ASPD)^4P0a0{gXX19!CQj@Cx
z3eUZtgTMEOW0r1c?Ryl~4ff_oZN3d8HPp@4NM-)WcVs=eF=<xdt}Ru@TbZ8;8)8D5
z-!ZE)+&b{*9zA3Gv&^dql`On;*t|h_`s3zFcJ(CeT0<s|QxPdnSkkDJfKQSjd&NpZ
zH67{%D$dx*rhz+vx$Z|7kYD#^T(cuRW-jv;FGZUm#di!MRb^Xd+*BzF@F;%9N$|=e
zd@fX7az4(Fn8v@2L?&2QrgUSowj?{=ICq=RC3K<4b7mpbjSzY|l$WcG@zTXAFU43c
zl}GskHtsSGqMiBRukX+<T~5n{Mc}JhF9&Bx4{7(23a{fPkAX%&TeMy9H)n+jKi~bw
zeWG*1alU)TmxjI%WK+6vJ~oa2$nQ22-X{q6)&i-p*QYo5_{*0PKRyzBeF-6l`0giP
z5`~{~QiBe%w0tu$&c<@eK(qPo;a}Ug<JH4<kiQ*F@UgMHp5=O{Jj{Ea6h5qoJQ5Y6
zOz<^0eKB9LfSaqVmvNtm>SR!2Z$z9G<@C1r0K4Dz=MU0%@9ZS2e~$rWt%@K+rKu}m
zxnJ8^;T%K(4q<Wft%f;~fV6CIy^?G9NB5OT*|XulHKeW`V?GV9UM56eTJ%>I&L`O5
zT<{`etG?_~{9Q)hT0XYCb<BSNx?Zi%Q}4q(>FrnxfH&dYQrwtLDc9#lb>T{M<0@<1
zZ4T{Hw!m<!KI-n`=POIwO$yG36bmJy6g2$8$X9d$tloVrXFQ~wJXAs6Kphkg-MxQM
zO!ecq4|$~$dRwi%;_}7Qa4Bi8$CI8+99U}XvE|h1W^ZX*|AVdX<OR0`AqaY<zT4;z
zY;6Atye4Y@D>@weH_8_7yr1UP;<VO)#LqrY<G#s<G4D3_@sG9=)lA>R^rG(kz!0p#
z?M$QH@w8&f;Iz$B7`JKj<7Xxv;pUKn1m0R^sNUqioiwt;W<HKy;L>iSk4>Uzf5TWf
z1=Ezd{Ydv_Q+8Y8*T2xZdWn{e&21(5+OgSnfXuFuI8PFy!ND$4=%<bXP5w^fD4Vef
zwJ22^ImP*mS!exH7QulVU$(oWAlqw&P-jWXE!EAT_3X!RGzk!NnLZ(po87`+4u!ZO
z5~!hJ=j0UXa0zwGBbY#G{^P~@c=?0*!y4|mp4qPnrKbx-LqNghoWi~n7;4d8yWjf&
zobL2F{dXZU<*l71@_dX>)x0*4dTT+ML#o%t_PEQ|rK4BJXrk4=094fuUpM#k+-eg)
zoJ;2Z&YHK(VK?w-nHDu#>-av+%|<h9RBAr$xX%(c3`iCi$G7MnUan`_?6&6%Y7knJ
zg1(7wU(MMD<OU@bDH*m+ZkA5iHWHix@rw53j~Awip7JYMrjatj0{c8T-s_cfZdTFw
znJ2vHWRO0_{ci8I_L;-zC(q-sO5(k=4hc6d*R>9v12$xWoh;G2jLVg`4{ac!{o`O#
zvx6cMpoBzyzuA1wBIe*4!L2>n9CaQ?G>_V%e3IVc3d~%tKSwC}rHg04aSGFcPg2l+
z0$$741vC%M%DvFl%z81gYIs3HyrKoX`h7I-1<DYOL$W4GX!$FG74{0$`U1l?223Wf
z1d;jQgx<HqIr)s8R<l5Tj2W$^e2Wya;drk%+Fl3S@9%HVt4LNT0xl#&!Rd>8L<Y}`
zeRxIr&e00c&}cM#Pebu6YZCo{u4j;gualZW4>6lhzC}%9j~Wp-0e0X16m@^1x@|yR
z3y9RSZMRB0ZneS?2LENZ6X>CFpoWKWv#^Iw139m+6XYZ4BI|?>35t-zVmJ0sa1;D?
zLWia8!5U*HoCF)Uwn(h_2(fKJfjiPI&yHs7bYtK~B~x0+v4QFbM@j_1!_76{WZmED
z(3?=v&Dyqc-TZruj146Q<NI{!ur;Za`vtAwbY2^!c?cBlW{eDRL)J${%_W;xK8(eN
z*KCtDM+5w{XAvrwaAL3J+b?U5ne(*X#tARyxDT!O#tnfJ`9-wG_cIgLlY7bsCHLB*
zYTLT_pO_je^wK&e&*|$xHtM;XT-{tp>sLsd$Fh?aSHzWDDRt!5F<W~PfvSARI*!wH
zY8nq`E{lJV2Hx>ISZMK?FKpt$tz-G-qp>lPEg||q(tF9+Ie4>e!LlJdFZ7|!oiED!
zs)G>y@V@ym_i@v1wF13s7WA=l=n|>ZT@!zw(|ai%IqadcijxY^^zf|%arDC~Ub}Z%
zO@puBIJt)^nvC!g?uB)_Cv!@KHnVI$uGp4KRY?*nL(sRUjjO<v+?>1M@J1CtYCZ~8
zZR;+aBShfYb@mU>l1*|JfU?asKb(#a{27F(>OlTU<aAz?ss%H<>uvt6;VLQvr@?zn
zw>vM58>*JJzu_D}T6h535iD@Y+&H_dy!gsbU6_NLGGX>=<gIvE#HjtPA0QvDQeLM~
zN&a3KFQ4E46#E-h9epkuKkMT_n6Y<m+>uro^*k0zw=^=iIw!DT#lat)OuIF$ah0?#
z(6)_tU>;op+s)LJcTQQ-h`!)-pQ1gJ1aZ@tXD&9e5|jm?yWWCmZxv<Yp$r%d6L0FQ
zJ=TH6WOdin4Ehg7c-i=p8cwG;N_Y!#pDG%w@eOKmp6cb~3=z35<!fi&yLDvD`!3Dl
zr1;<;c6(tLzE=jbsYl+QS<EnKMt54fOVE0cc)75w+AqnBomFQIVdgKEwVnYy>8ApC
z&iOoAm1Dq_WL@#-xff_GAIL{+!t8x7Zri!3z)W1zX#*u<bNK{Y3R|!6!$^Al20ZS7
zjHdL9#ZkT9)()0IjA$8MtQEjM0zberaS_pUDn|M+M8MwGP!N*?Uj9qN!p0@rXpkDp
zrUEl?c}QHjL2=faPlYXh?VcGfZ8d|{!)m;_>;ovNC@oKBna*;Y|BiD^)^u9>)XKul
zZ#~{@{gm9;*^q@&!9(h<J)7dV)VwF}ZDM)sa7z8RmBsBVGDIBHQ@~ottXVofc7bly
zRXCf^R8nWrQ>dHIbX;zP<mT@6;x4#|P^(*;%XK=n3~yyQ8Erpp32bGta$|4Por0Us
zr~%e+km`?4yppmmB3jkL?hCj#u)QA~N>KCbvQmq9_6(*mxpCgTwBo-WbH93t$6Q3@
zyP21Z?7y_lW>oT7t!S}aNISQp)~zh|E^O$mu35<QoQl0~tS_arfqCjlY);t8pG~wW
zkuOBIruVp2p23>;rTF~YusJ-W-;&eU0NmQB{_PR9txPWXaFULHZ)~ScKS}MdlgWST
zKNnnkZKn)4737Jq8KZ&4k(rIUSgj54AB?Mi&U8z~{z~t(u<|D+>sg%7Hv4BwteknK
z52RjXa3W+QTPd4FYzOn&3N{NC7G{43udWM?VSPX&j^wfjFI!3A8UphjRuVF{K*Q4C
zD1w!2T_~_<d<oWdhO#km>94@am2>iHTUIeEelQMk5~5*(zmJclXWkr&A+UPv4|n;Y
zi-!Y0|5sMTt;=N>40X8Yvvy%&=0}(j`?!{)dz_K6vd%)eg{53sSHyR_i?`Eai`1r7
z>Nml6JD$O8-e*=-K{}m2p?m%t=!n|5ILW=L4C>KyU$#08Ni%a+A2XObiICvFiCtM=
zz@I_Y%{ArZNN;-~tvB_kYbg`SvzMon312<afym!Fd2DFUDKbNkh(us^DOz8koVi@h
ztJ)J_VG9>N6WU~Dvu3i%jxVk&(j8F-7{P=@tVeZ6;%)p2S@tXcNomIc9BlEIEU9TK
z9M!E?G_U?6D~Js3X)l%^=?~(B85%y+$}G_W3e(>}<--B1qG5X%lq1;|+6jCYabv!Z
z(p29pmi?SH>tifRxrvC&_78(@frjCBvnaRCg!uwFb7|W)A$oJ{=*MAAR@5BlZbqwn
z9<2;97IiL(Tjp~&85vk$L6%nj-OJ;2h@Z3Ax3xx?lI$)-K04#Z!0Ld|zI-G9OV0w;
zEwG%_sdSe8f(=584fcukl?)?;3Sy&>$%M8zHBCU)d{nnk6|Ubncc6~-R>`>t&t+A&
zqBl5gq{LHM9<p&$^Wv|pcAuVi$v2IOgjqaG7e*Vn3SBF+$OAyuGE`naeA|*D=s?y|
zfkKP;@u0FLTgtq!qX@)yeKqT3V_HCgmuYyN4e3G9{B})xirHOmi!T!QhL%4Yzb-1;
zjepP0ni=o?VbXkv?rdSxNApU6J%2bj2hqbVamxgTB$L`bacgiQiEX;J+@eVLP<EuE
z$hBx))fe|M?Hy=LO8A>P`Zcx^d!+gVyomxW*YJlmy<4cA&G2Dt?Lpic<WsJ)`wKlD
z+Y>+YHX5aDHV>yOX?E-d&~>+WmIt`zrB3t6_Xe%SKCjPfWUIEHN!gS-4*^nZ`vm6@
zH4;4$y4Wpt`dw=ojeBXzqwIG$$`=`Hw(da{v1%#-W`I)@KiD;AICA8D);WW9C^f;i
zTd_A-p9=;O*0n0u_IwGG$><Bg-Hc6g=mYfj{>YWZO{vvpw$I=m-QmTMZdW^nQ!_5m
zWwnXi#N6sL2Ir*q1GG>Eb0M0Y(d6|>_;fh#&0hUL&E_q2Pg?K|IeY2tUugbKv;W#f
znY6he3IWV%rTSX0o*)7k*r$_~DMvui6ZWL1j^kDJ-lC%>tJZR0We}mvIx2gUtE?=F
zuwz{N5d+8UMRCB!*PQ8h)s8M_qfV~YePIwn;Ax1|Boq^YZEMao9M7G3I)t^T3_GZ*
zz+rvBTh<n|@odr@M*`vco_@6>8Jb_-$D7SPC}1N{47Hz0$SKh0HlMuWR$f~CoIRC6
zBp5>WYsvLMVG@ifYBD{_-O}XaRM?H)6_aJCj`u7u#9Xv%ClkJzvgCyt+3lptk|;3w
z#k;@N^KCh8g3k5CNt81uZ4VSeI4|So=bVUn&{4W=ZrVo#j93ZxsukXC+F;X^@rRSn
zE5KKYyZpS`0ly=mA@mF9=JI|Hxe-;9l;hy-1YBdz=ztoD`>jq~^!qD%v2VIo?X!hd
zgEdQq9mMfW;%Oj?KXbb0AAI9@OdUrColx`qKX7!D+rdvf6@NZtNq3v>aM-guJX0cn
zaU@(`9kQ`T@o~KlF?=et&&`WcAC*@M!2k?woCGL>Xk%^_-+7DJ|FW1AbM;lWlMEFR
zQg)uc$QUk(J6Jry;0<b8IW0W0{@`^)S|5=vThyxCJTY7A9;L6n^K}wzdHqu?rntlz
zzqn|A1AKO6U#H%=A{7Gj%9i#%G@nbKk1JVWrLJTLOjG%{+66jhV9#L^y<LRoDnM(O
z*s7`34eD+4Tft*`flljNKQFVu@h8Tyy3DDh)(~%WkA19DgUhqj>F}G$lXijb4>{ji
zZhC<p_`xlr<5^Rxig(6@`8}Fd;57W<Q|$E<e(GQN1K?GBBlap#bNiI{p8c=%*UX2)
zrEI6gXR$kte*GsZPc*~or&QJ`CUE`<fwW&Y{jv7N{^FT?P<#<{Jc(a)Xyy>+`6rpe
z{(s`k{}b1t{QM<u+4DbfH!5G^C_Si(^WHf)oo`@IAt%d+v2Ve#r1`O)A4J}ud?$JO
z=mw{=MH{$^6eGY4ec(+|jNjM~_>EeH8D$Uzu7|=I69L#@q(kS&T(fXwKU#%ALJl&L
zKf6_MJ3Ws7^*}rYZt`p>Gujpdq%+H<@RX?rhwo=yF%8i)5+Y)G0tOA5Qc7xGsjj9n
zp*#sRWQNjFqHKazf4w($u)LZ%StK1ke+QMISQy<A_|+Vh{p-o#!TTUM$`TRkz+ky&
z>il{E3#cZ#2`KKue2g-GGikZF#3{|bMqdl-pHrK|TTJWFa`srW(rfTm$B#+Y+AyrL
zMD)6Y>3HC&%tV15UkjuKbBC(lJ-!59j@={QB*e7OsAMp7e%ZexNPqfxc~iot{y@cX
zpS+tK$PhBbt<Hw>Ut0IWMfyC4d1AWRVIcL}0AQOxLdJsF2pGVu-xN9Yo<Afw5&Oa-
zpa8?+7F-2=ZKXSf!G%BEWEzp&)t)EZgVpq!_g81fa%2aFX3Y&kRv=WFdo~GERwib2
zUTq7!-Z)?1)uD&T$6j<bsym9BdWxRL$3g8tnC+-*s7a)`^y#HE2c!0BocDv54Veyn
zpy6bJ62#_H1t|H<hz?F?`01?S6sr|bSDX)pAowteHc)~(!}xJM24G8)!X}BsII#gg
z`yzT$2#bdjxjf!fw<WG9%}|`u-f6xCw;A&8#rAS;*t#NayN4UlJ?)|YESE(e#!x4a
zlE)Mf*ZY);B2Tp)=R79&C3Yf7;X`2oa^7M!wz9S8rKJR*|I&TCvvy@cvGEkKTP@7t
zJw5BE)gEQJD_$}-Yw9KK1tB!-Qj2lcV7TUcyFqV9Q_j9yBD$R*{r-=ym(U4Fc1j*?
zDMEn;MY$sr*b@HexiR5$*F&*yAFxRf;IM@au^xAk>23j^zNLG%%xSvu(*tP)7!GUJ
zJpZj+%^l8sI1xzjMf2kNzVLGEPwtf*#+r91WJ^54#V-p?-;Uo}<~(+S_<RaZ)pZv8
zZ+?Q^y@T^j^=Co8Y{N}IBHi)AdEp%OF$iu6Ogqc{!*(ru{&qHCFg4S{LDh&WpaGRP
z->SJ|Yx8Jmy@s^5=DWP|(09=Y5I&&9yG(M~@Jjm9vXH-${1k{0%U^z|8yOW5M|EB2
zN}~VqI{J3pnp-%HgHIcrbPeOEwV5>Cv+H7h)6@n6H|BG{)91~kboF+%vq+fUr}rvS
zyl~>0mO057O=Zr&DbVFEOo`%Vd+V(rx5o{SS;vLlZ5+1Xu^P8lN0SN-xNqq`617=l
z+w&Q&bF&z>n<V?+vS4=;Iu^h8oz>gnOiiDYz>i_QHZo2(1zm(h@9une=i!~U)Ak^y
zoOJmPz1QH%&<@lb_&&K>yiJMwELsJUgc)EPzR!)zop*YVZ#0c}dX{YLSq{BQaLmKq
z;ZtGJ34h0WqUH;`2z2~H<;9@igzjJO@)8Zf3ko9^)q?r>49E51LwXC{3j<Qc^>KUA
z|Mf~(@PfpzIB-P4!Z~{|o>|~tVvsJuTzb?wzZpk(vk7lGkbJ@O9SuUz)kGGeZVW8P
z{ua9&uI7Z-t4DB3ob7?L{$=iAG@?FWu`q%SiTV32D!Tc;ullQV5fkF>uvP)0dyO<W
zi^N~Vz9MkZL6|}~?pC#Nkv73+kJ9*@^>z&@`EdJ9=cYRwdp917AqJe$`9Gi7GU1!P
zBJ6r&FutHKiZYk=8IyzK3m`@93&{K>3{UQbn?)GPXa<!Y3wW3y<B8)4BiBa~9<p05
zR~vTTIs-vqJutxU9Y!OR-?{mWpq>Ol)f&pHpZS-b4p<Mt-WNs=!7QFRBJvNJt7R*^
zH)crvTibbCAaGEVLHGMi{4h=9PTS+Kq~EW)BEPy2SBp23J)aZ@+2R4L=&Tc@EZu$6
zeu(S9QWKR0Ee5a^q7aU}&5{oM;Ob*xCDgPe@3A4o<^T};Ai1ePB)O1ddtph;jUw|I
z5s(dna<3l_AU&uC{^k{21rVYf@&<2heL5Jf^I-IyFd4cK;rYMbj!Gzj7&u{y-Cq5j
zx$3JXkbatfH(2!;_aO{oa*+)9b!zI`SBQoEbWD2T?txV_P5d4swZnpmypb;58Ug}s
zw61X3?hMRlHfaTOA2(h@jkyY<^zuZm$+-}b<85jZQw0jbABJB=_33b+43P#D`d|ef
z;cRhb?GGZS$jHHf3oF|wNrhN~;HmQ2G_+Opfe_g;K%7ekZRI&Z5It>%`f5ZFI4<=~
z=DKB`X>a_Q(CVI<dU0s8>xq28NIK=m+B112sRs_^5hhHXZY}6V0C-J|WA6D+qi>K}
zv$GCdmG?P(XZY~+=MeO8)bxX3E|7?E`b4aBQ|uX%*xEzB$RQ3F-pxk&c7Ke)lH&%R
zX-um$_z=eSaPYOx`z%OwyQ>pA-ye!k)7|67=rW_D{Pi}kn3{aBh}&eK@4knY7-6Rb
z)Bsn5CXVv<PbDX87OKIqlwPwX!>goQpt!onAG~FjG`KRgr>N@)RhA-Y!fl=p^8xzK
zaVYZ69GayUGY&}fYlig=1XmZBji>`|ys|@D;|F2$7kdtfjZYFn4FTta(0tYeo6pe_
zJ6aXssZ-wFBUDBp)mHH8Fh`o=<aYQAE<gy37u1T`mS3r;-*KMd%EfFfJzi`)VNV@4
zB1dVI)!h|6k{Vy)b!`$fX&27($51M|N#6R?-c3v@XCG5~-?~RD1_<iZZ?1$^XGW6?
zSj9X{2J%bGY^R?>Q4Z~luo%oN=-BiWqdhA>_^}c8hBz2L`>-^Rdc-W}dw*0bEdkkn
zbT?I5w<92`1f9^B-4RM%O}#we9ydc*m3C+-`8z9f$+0_use$}s2=B8~9@tdEV|dFv
zrvzf8)Zp62R{9dOh&~#Z<JTG37CZBdQ#D|eUIxK;^P%+n>dAN9siY@^gofj(_kNq!
zVPn5(xzWGB)bHpY?LZ*spnaSfwgUYJ0RkU^pZIVzjC4Ih(lr05137E}Y&|f_P>&r8
zgzGnG%1}}0r4l<vUT8>b@3*68nLWf0q~mWHb0+?y5XsQp4Fyv*olFQGr2O!(H3K${
z(i&qq-VX`gjnJfhgd02`Brb$BhgOK(f@jZIhZ=4~4vPKBP_P1TViBag8o>9UFoZ80
zJ$9<>swp*jxI{LL$um2qztQiS0g!gplP{R3n_xGL1LM{n<jM5nBv;KPf!eY-pWR(M
z>Bm(xjCK&wo6>L^zk2X6UErSZj10_eT<%Yvn?g{y%xjPJ`tIx-1|i9yljN!BBlkDH
zFiP7gm97LaB)6(}Fg!I4?}7ApJ-8e(lPzaL`tZ;sOE7P@C%0k-b{pajqI#s!bkYe*
zHzRh5M=98~JqtP_Q$fHqXM%iiQ^Ukwx<kgEs6t8=GiGl|-7jW}aqZPKWkV;ZC3e$%
zTKJn5hVT6E#0pWPO2Z_KS6yAlr1t}G+Zd$!ha|yM^JGPoKcx+Aoj{|5QZN0u8;lTX
z&<*ME_pPqiEKZzD@o@ceyY`nQRvtZ~d)FYzK&`TAqL8BX+t+mKy>&{Z=_4Hn&*(dG
zmmnKw+t}1a5=8>7@jJ8JX8uES_Tg^rW|%jGPf>qH)E$XHd21>0vK4GB(wtbWvb5)i
zUR}R#XYWH50gg09Yk*)GX%w$9MFTFGl-HbJk~^f6Of?5P3OW+)ItHD(7ybqg`lB``
z9Caa*Loh7a-J&B?lfX~48I`V))$IqAX5X)!6?wEg$-_XUacUzjc7E9D2+YbzWtX%*
z0%3;s^3ETEdOFl$WBxxp57Lu4nzZ~vr+(<5@5@jkVXBaRI|q`rSghpYI`=_1GRYfV
z`!QEzKsH5TMas<d4#rh<@$N4+o{i8J`2_u5=DX~-1+J0@Cv*&Sv0+=VSO(dy=1({-
zPXf&97SFrFSN%1!*W!ob)Z|!V)gEiV`xs(G?+J$!Ojn@&TG81`5A(bJL+=>a=>AMg
z9grpHEVuC_p9W+L;S^8X7X+3#i@S$7RNmIS;0Wd|82B}tEHb3J7dq(t%{;8GZ-Krj
z_bfpxZAhj^Fc&Tu73zZx4Qd7tGY{}I0uunwI|Qk%v@qHEgIIQw$@h*iIG_TSLJ9F_
zmHB`Oaq1FGCMeXA$a8x=pV2Qq9x?g^I#cGv7UBj44FsSm`zE3{hygtm;JDS3o>P)9
zeyQnTb&rQe6ZiT`<n~d=l&KJ@g&^M+<fQtIRwq|w{*U$bZv3C*4;nTs6nJ(=>^FND
zhBuCbv>AJB$(#7`;)a?_db7>JrqiYR`gth-E*)$k<UIQqf+UjDUmMyN!t-PZ;b5cs
zw0=@eE$9H%HOt%4o45V-#VcH2x%-LPrS)E_0Fbk;u=lp|P0iT~ck3HiUpU1KN@Dlr
zFN17R1^US3O%K(c6;5nv<l#OFPAw{lw!AeVU#d53@&z8aVGv?7A{!`B5FHgF{VIOc
z-5;{|2Nl<I_pgsj_I95hrQ<kPFeoU^Ei9D6xrV@<LGxnm$@U+kmcZjgLmp5aeHDby
zsX_epg2AEvTBU5S@D^B&xRcyLDc#t`R7bPAU@zM+$adW!O!pMH?T3T?^vf#vr2OO6
zWck3u5UVTj*(}F@Ai6b}pip!@ju3EFCphfO9+sAV+pGsKPJSvo@h>ivjP?YCPbYSJ
zUB<u`GjxH4y*A0j`;p=wfxJPoc`ZGcLKq5PUh$2l>$~-KqJ2<%WJ}?nC7sKb(~Ezu
zzy283o2f-aamlKa9?T;VW%-o#TD^9{-M;@L=#_LocE%GV4KPko6-ao|EP-Dk{r-dL
z0nud((VtokTe7-Tw%wPcz|UU^wB{X)vXcpzR6=iNq+viV3(4EyAwZ}!D3?1jqJxc(
zhhmP|a|=m`%R(!Ye8kGq@Jufo3UP}qx(*zy_vtC}zP3aRbXg;w5ei^ZA|OW^EsiYa
zg+h`unP9Ow&1DvZHP^)9$_Ll_wLW!K*S_<$d~M_0{4KcsnlKPuh2Z1yiY*6w2TU5s
z@N1BZA)%2W>r$9NeB5TcYF3+S&Vur5`7vklP_-IRCO_oyxax8J)_79FAYvwnw#PPD
zb~o+eY^b8EN<Aep1fS~rV{*mk8LtolN=9U_khm0gd(?1L`c6n~lAgTLXPBYvBD7ua
zX~WyFWf0fH38og;T1vFgJZTSSsSzK@Ne30#`wphk=&7yK1B>=~v-F41=RLro9Yk62
zim;axK$HOxfdCwDA<H)Rn?G$poj)|FPs6*x&n9Zd*x+T%Gt1YfzQkB+aV^()c*^jd
zz;VLC5{6S5tlh1mCwM*~Rj7C<2h;U}@uCus5y|xvS*aT`CzI}$caPg$pL1aUmJd(2
z(dg9kL--l_*0AQ2^w%KC=W{w-uhBFQR>aj5CZ-E-b@go%CSgVJ;Pa<rjl(wND|dB*
z`>k%?X77DMgQ+P6mt@rMC%do!HnoMO#B9j{na`i)85k#(6?Mf+L^4DJS4>kAIM0tD
z;SrFRjOwC^7I-a4IfU=7pb5aNS$GL4oIW_{{a`gEayo6zo?V%XsRgKn?)M5tN$p`X
z<3EHe#7E$8t(fpbsR})Cpyi+z{@=UT1dAl)!G2ak?+iDA@z@^qEP*TXhT70{p{z;$
zL)Ouh^x1}TmGy?H$>R`*?RE<N6@)}|HQp;DbulB~tCUGs#~GqW+;RvUeC^0BaNUCf
zs4v8jwXK9}j0{m&HB`fet@Fil3r&?Q&Mm%9BPB*5c=Q?;7Jf1a<G|K1-uM|2vR=-=
zy(ur9k+M^HYvf@6*b?oiWhETR_`Ncu93gbLC<THqsioo_4&sy|Bkn^ilLtwh(Eh4q
zj=A+l?}+84=7EFqWdTmvjL%CE0?LX8eXeBX+zJt8Ah^?rSNu7S#^cxY7>b5F&*8_J
z!XH+(&P@2Zp)>Eq!SdM&h8y5N#Qv2~&Q>Q}3e8C3gZ|mxCIJOeb(h)M<v3!9e1yi5
z_qrHI+Qt1)81xL?Xn?{M9LKGH64CNrZP$=%V&TB~{^9;Mg$ZaB8`?Ie?RRg|^3a)c
zoA`9H+I*kPl&r<1?R{~`cx@f!p%4A)$X3QY$Az64U0k9|uo@gy?&WepJxfto^rtB`
zueFpYoF+rAVUXsyIgEyLNo0do_J$#cL3G2J2=?|Znf2ZX>&f)0qS2bTnZ}sy{t3r!
z$W#o;&!So6%msKI@J7QUi=^%{0>447#|{Wu?kD+N2FeZz6+oNJ6MPc|A^#R4@1V#`
zJv)l=Hptbxf>hq!vyAJq0%DK{2R;Tdc`a72OT0Bsp9NnYmxgU04?@zgS<3L9Lkb^}
zko7$4EOd~`6<eq}fuj>;`sWdM-_w2<qK*vurx-$M0ShpDB5g$M0RADdN*CgGHav8x
zDG;%I_J|pAsvU~`_eA!%D1&;QBt+(0E@e*Kt{&t!mtGjRa;i5Z)l`fa$nAe(iBEK^
zPiOur2-7jjx>~cZ6?wa8wphM2jy&#E%e^($R5{xn?E&63--g4-`_O|+(BF!8kr_*W
z`;?y(>*ar;();B9QvpE>I9+sYT6m^+?$MH~Q@3ukns6IXrNi^KMK}9-5@$54&N}6q
zZJD~*(iV(deFdpmMMDyJ6i!Tmu($DesZkLd`*X)AaM`6)+IE|?b&$NZXRtK<-awXN
z*(FZMBKJqj3@&SSddDHdl?!CULA6=hV76V>drKJ5){trce9G?KcdFL*-oDmh*XeOx
zv2v;7-sQbWP(OZZK9&B1&2)hJrW%BF<->%IH=^p{BLZEw+`Olcm)Y(Qn@D;i7o*kS
z1Q;6RwsN;Jpzv=;>Q=ew_U-xhp?c!Wk<B8n`vB*&?q`*32y~^qtv<yRqv>Ap*ML(u
zT5w<$Gm%K!@XpSB8qxrfC0{?eU)>Ml&Ri~U{u0v|sH3Ya_;$A~=QYb|1fH<>lRc6|
zE+{NvddIGu1XM&02qDYdz>rK&Ce{-#Iwv0+^0RoZK_4{%eM<VgW-EO#QQr}E8lPcS
zqDy|-&?!gLu7AHKi4tg&b^k`|M;dDW^9hhv@b{nVMQ845JehRpX4HeeU~ofG8;F{$
z_JWKLqsJM`xs%059|g6`*#uLm4$|ph&z`iF9ImkV9#ZX#Ik8^lk<3;`@#xWQQ7S^m
z5gPCpVwL7Mnd)<fQxaU-h?=!V64_nKS2+z!bgV|PaXeNjij%10&_kQI@gCgk$8VsE
z{uk8gZz?Ic&8~mA4&Nysv?`7NXiH~k1jexk<x*A()au+A&F^P9XxdN*0Sl7je`j3S
z&`6wZho56N``*R9kZAYgEisA~V4?MOg)E!Bix55N8M)U$j2jwly_U3-@+%O7??-4M
z2J?q;4uv$?)9y{TB-&M7@)s2()tmr9akD?Q)pRzHqOeW~WuTHm{$;_@_~``xzlPTy
z`xs+j%uTKneC<(S8X$z~lx1nFyY$_BR3U9sPr>wLTHQQp+d-e|dVouA8YA$|U}MK1
z6$mhVxftL2Q&wkei{>#6n0}7JIuP<_RJEX{!Pr<<p~5&zj5JHBD~L+k0uDerUMH?R
zzKQ0pQ?qguAj@ab(x-~z%jAHy7%mNMlO6QWz>-uKtNy{8ILJOEOn8#(I-+|#T+*BP
zT7DurWEppsjkU$)V7$=x|H}FbpgfvpUEJL@xVyW%ySux)gvH(Mg#bZ<ySoH;cY+0n
zAc5eP%lFl}_x|Uct=g)c?wRSH*{Pb@+3Dwruu<S+dE!?DjLAHHxqcwalHtqsQMTd;
zt;~jUE4+3QD`F`?eC3%tQjnWCT;Zgv6tBfHRR+?m)fFj0WE&~D!{1_DNWOXmlAy$F
z$=dbs&3gC#dC~i<xVC?E{1OZeQv@+FYFL)MVL^ZQgJg%$rPjoT;AMeXM`mMi00TGZ
zX@kGJ74>Sn?{)C*A`Z0=xE@8ls&#SRe*69YObxU!3|=X2wDIHJRm?y;g36U_A)lCM
zo`Iw!#S-lyI#c?RP)iN4ND=R`Qqh~u&Qz~=_f)*w3V&g_$OcP78jED}nLvn>mF6`t
z2-yhfU4^A+b$6%^UdJE(4v@LR22x-Lvb!%QqTtv>X`Zy167fu%=w%Tv6EOn@N>V5c
zR|@JUj(bpr)i%=fKly$zTLsfcChm5fgaN8zCAi&p+1LqJl3A#>Mq6k}HIKTJ{GApX
zWr7qsyJSysv`0(7@JKksBD2Eoi}<Q@dyI35WW%WNS+hk+4U&D^GKnCwFkqvSZ8J5~
zgY7OGI9n*rpCjBZio_s##ZA^F?zZ>Bw$~S-r7GgFfuzsFhIi|#?l>_K9;*a#n!q@}
zE^6je@d=9Z<apyMfn1>SZSsjIFH#3J`rsM{S&6~6@JsP>HJS9yZ<WH|;!)(!#7S?|
z<!pS$g%iV12CdPe_N8E?dM1PS@C6{tlu7W_N_u02;dGGM=k~LsTKo)}h9jI!m_}kH
z+(f1U80yHIJ_ihaT{ZM+=_Kv?A^@b@bE}i*@vTZr?5w$Dh*(GPyFBcPER3L}eH$E{
z!Q<Gtj&2RuK#<3i&IN+No!ST4xueD0NudgT>o-+Nlk&=~s`w}VYB_>EihUv$wylZZ
zp*TQ(O{$9av_c>z1&R2nvrZvI<K-9vEo=Xe2}y>b6imDw8!EA>3NUEjP+$rweUX<i
zc)8rS0#X0PNp76%AP=9Ue)AWUhK21m@OtCZ>h``5`a82wFI%cm@P;{EY53~l<U@6I
z_rAXPhgS&u@dj%0fK=vF2fM%6MgZkusu^YjR{w}a@d9dtTwkpL;xJ<^ZA5fvNR~)1
zkl_g?2T8nmN*`lX8cDIc4-nB#Z9Z)IKe82nzIOB~(28n4!JV#>YP|J%K^IEl)%(n*
z?>i5%H4D3Azg?{V!g&8?cJDzS{|)0SR??bF1z!AzizZ2!;qwlcMByP4AB2)25`sZ!
z(zAkjr18cK@Ut;4wGF58`w7xS5b%q&dx%?5b@Kgb!ywD=z0iuJK)fFbGlN->8a@N0
zCD_+2zEQ7t*)RE(#_H~B!Dq1Ic2U`GX)WopW1O;;jg_7kJM;20b))m43XW1(KOzzx
zlEr0-vrR>q{m~ELUCx;u58ZDeZRATHO!~T&oDww9zf!2Y!h5P%Dkv~mMwcqQr5vXi
zUe7P+X#G8_O6hrO1d2LV&Go9dReF>?^ap<8tSqzlH8$5!TOsK26lcgQh^7|O=_u1(
zd4hS~xD7j0lr1OVVx3gp3w$#Nqwo}9kdUZyUdg%3%q4A|GkqDc?x6#iduf7Ge&;n>
zSUMsNo80d{=l4Y{iWvb^cno?l)gQBGHXVpuLm+cW0(Mvr@WqvsZ*fa5bULpl6USh&
zc*03Bg%V|}52CzDkDEd!m!b`EcHD0rSkoo@<*Pb@HOd;X5LhWb7hg9qMhw%!>!nuq
zV)r^KfXIoZ8z_;ul?>Ux&@>6jUWdS#A4cC!TT;b}K312V7VKxw<5Ih`_4@lB$BZKi
z(Mye5$)cJDC`@MdVs?w?UY~eGzLa%-hKEJ}Zuduo_746kH}LoVg-;9k-#<AMD^u3z
zN(Gf!ta-Q-*Q$pzi|so-pSMoXF8{Ef<W#8?roB0LKqYRJvgl8ju0Q@0on;!GttHV#
z8hKN7C2>q&Oj8$FyQSd;K2pka61DO9SmKXF(>q-=;3r62fJJDt!nngh(p)4$i8uRO
zjN|$Ya~it(#~LKS28@5oG1Y$v*`NA#kY-KjcjLR7t@(%P6H_+%%S&xj@t9->EoBU|
zYM1tN?|kFs1FVH;ancGFA#=Ye&;W4?t^C&hf=u#Ns3+41w>)QhrvicuC-O;;^e$!G
z^zY*#;L@lC-rAA!89}}S*#NoP@sPLKbXt<NWC(F?E932KD}eJ=CNXE#1cPacV-hFV
z=-706WlcHPVu}%c#?>kNEOaclJzAsml|9-dD3}i4(kA#2_Zy7$Ty<<<dzJ58F?j|j
zLqMbG%$c*8t}1EhD90<g2Smogiv0e5I=J9hAR|d@VkYhT-|QcKwRwWJ?2Jw3Upk_)
zzhyU0r`x8Wl(=>yOt=^xcW<gS&@49jT)|cHAwei$akC<&AbF)l807G)CGf<d$4d$k
zn#hTc!;()msCGltyk>A=FcT0?LA(r2#8LILpYC}GF#9`5c#;W|5qFWT14xU0R2_7*
zfT}yZx15P#I+PXU-cX13deve-md41!#Lg~3<7b`XD->BJY8aK}n|b7St{f|D3xTk}
zJ(fX1qvqSo(A_d4Fe0D6B#7NZnt6KotimM+@45o^5IEi3;h1*FF?4<k9)lvClHWpx
z)#_RW--ZP%lH8%&rWBB)B|#1l17NpUgn%0y194K=rCbHe{KvxfxNTvwCZI$A8B|3K
zVp01D&=d-vioc%6VX!H?#6bixWGDm&NU4F*nU_eSTQq+sZ4;qF_(tzn>$*F;5fpP-
zpUl1)b1maJw<_Imk}Oo12NhOqOFM33=}vF065Is=jiU-(^&oTNt%I<Wh@+8pk(P{s
zi7$flr`-YCKWa@__L5YXggYqD0v-xYoH@N-AMjsxN8_hjmq(NcZYcYj8m`N0#e(%9
zTr$X{H7&L#*yk<r7bAg`mc*@Nm@6uC!lOm|C83O(<30Q`AerFxFhAS8@WoYXtaKhs
zF(mp0yQoFvQ*)5nYsC#+wrycX20WK=sFDf(?B~3_y5Jj^ZF^1o5xxat{KIuQ3}*09
zb)a%eLQIdMwm9@!ngfAEY%_J>{_u+!9g3U!v1kS53Kl?-Pc>uq0um&n;lN19gMA;v
zZc2`ZrY5WE?EFnY-EE<c$)f^?yGXYhuMqe>7O_V5Ac$4sAXDelwbrxMa;o-@CG(eV
zlT{@b2K48N18vRb?SiHl$E}7*BWJ!6e4xUW9figmq59dLo$qT`oZa;G9<j}K#~yX_
znNc9k%O;M;s*YB;1Sb#2PhIn0)}kp9pqBKP=1)k~KgCfs2d9>4N0XRUyWN&WL>*gy
zla|S$4Iua^;@`|mCwkW2{0=j`F7lM4D~i@OEWUn3Rg#Wx`o+HYb#F*h817Ea>;o(!
z@*G*b<K-Krit1^eXX_1j?AlTCNh!yAW3zK^pF4GQ?0yp2kLJ8=S`<=VdAw<PokX9;
zF7_5daQ@Z^#Nzf@nadvLMCzfXgkxcRNwfn^rD4qS@X+1KYhd#@m0`~MU{@hb!5<E3
zR<k5H^=o(|2HX1=yk8BBDIC-kgKz+Y>-1~D-RYNxP1LyqS2w!V;HwH~Utye>pJPOg
zeQWeis7^$uff|y}?YXSgT$P$`9a_13^Jkf8lgy^CT;DlMe<IjW^_V|Vz$*{GnR?`|
z5t`TeiCLACw#|%x8ss(uKDJ@C`$i-_ccv+RBZU1y@6By-k!OI9U?&BFfxZF=1}GNu
zQ*nx=#1{gg>*$#ubHo1<WeXuD3~XV+(zF!kY!FbS*5d?km@YV0s}q^_b*yrJ33=*w
zeAu|CU8i*a^GTEJ*4E<`gZ+23ig|azkJ<B2wfXcYAv`X|jQ3{euwxLeUTSJncF9F)
zpPM>2=-+=juS;=vK~~2m<zO)YI@vsmh$^uQ)t4kx#Av9Hkwkv)@cx^#vk+eAKW##^
z!5eeJG-IgmpuLh&7BA|@Oi}()N)bw<SjbO?3}6NMSQ(b(lvobHl^gib-##kO(Q3pM
z;hYZ{!dhne;NU(5C*g1ujDd2zPkhw@H}RuB`E7k)W-hz^S$mN^*y9yI=2z-_^|i1=
zWek0yPl!1u>6?&k2p(Zj4mh8Ypfe=CbjX#`R+Qw?3QF@;W_T0ng?}W+-cmUy>4g$V
z_-Bs}!=(VDRI@NTr~N?|KaE3pIE*#S?O3)z6|tLqS1dh^!3b5{$B?-Kpj!9BMJ+$s
zzj`T=5s+WYSH;tVJ6i!txbUHWs|$JdymGe!q?PtDv-V`B>9C0EZu$!oWT-;Qwzlb?
zl+xHE%t&^pM85L@s#Pz$D#F3Fkm)ME7Bb;kqq^Y<r#=i3liV$6%tGDND{2n(@MpeR
zQ6FomRy1c~gbmqM6~c$#v?G}`Zw<Ea{k(U6^ow-aY}PEKMjzuZI$*@Sl{?uA3YJ<E
z+(1nm{)s_f{**@UK(Ad2GNxFH{dN1%=hrqn%-Hmrx%geP78+g&cpfIi%VaU<CvAEn
ziuvRE$6`U2q!k@)qGikYAgMmg3BIg!>7q~LkNpGRY!y2kZ|&+&g=!_K)RBm{8*OEG
zC1xziA(FXFy)1x7nR-*abRt%5bPHzL>qLnCl63LmA2XZ8wMN2&2%WZNr1K#U<(*du
z5>VjQ3xx#S8Tq<PpJzy<Y)#0VKcSZq=~1u;Mz|TJ7psObQIn#_5zKMxLQF{@Ex|>f
zdeBM2ugr})yQKGmjmqC0#}J*!{PdY5uV^ca+?47^zmEdu2csxw8{=6=@(U-j1GViq
z!qj6Ig>kT#N%@FTjHA~HulVx!-f`C75Cm_}C8MhJlXrZ)YwA&Q#+ypftQNP~K5%Ez
zu@x1CloLty%Nz+63OBx59Lp|2xW-uS9ov$P7mjJiS(%obJ)y3C#ARHcT|9su-|UAq
ztgaNKKVW;n>#LLZ^pX*9a@gn2@9rbN;srWztl%(PQ7C=8J4usAETvS<Hj8(FqGu5(
zTO>HjoYuiHs2@v}S(Dpp`pI!7on#Bq1oM3)OEniV;XBD7q6LAj#bu81C=8rW29nmH
zcLd>IcDZD!4cQ#t+2`!~ASeVdxhUVqh`;U0e4E*TD8l<re2G#hEqCkk2h<OZ;a$*m
zHWdyFCxZ4bsAXvyZ-47V))Uom@RPoxl}g-vVcA{>>*_BEwS^Hsv#(HsrXJG2blkF_
z|CyCCv3`HW+(NTp>V01D{d>-E=n%_*S>=)5v7Hv9zW?(uotSI>_o@rBU&YD-Ecbai
z+Rk$>U>PO%>dH?x8J(Cb^@-c+5%OCcW{%(R0^eTvPw^pZ01BkgaRQd!Fy=L`pfLgI
z-5JrNZ*0kF>p{9A?Snd;4t98w0TEHDL9smrd$1NfcQ8F{>X+ZtIa-Sy>1+Fnf#2w{
zBkM%DEF^@VuCzee7g=vu383-&?)=W$M-Gt%=#1js#)9@rZ!40)BY$^UHql6f4_rU)
zV-QNwnk~9D=(Edj$+MRo1l(H7IG&G^pQ(#O+{9DK{FGO&;1?a6@%Jocx(eJ^Zue-^
zRnWaob7dQ-4YoWPNiUD#7#Z#hAenI5hO?8B@Ej{7<KxL5^jKvsBOlwm&^tP``;nyp
zl-p$AMiq$^2<#$_1A3oAy<j?|%s-e@QJM%G^@)%cr&@+UvjaG;TY~+{DQrZ1GVAyY
z@@?ex!yX*b2^)$la*SJlbJ8Cu(R111<+EvBm1!PlnQ-NY^X?&YzD*RqRl_|}$c@u^
zadQh@DV?0VP<Y}P8}Xih{L(MUO9fQ{%-H)}gqZD@(dps!wQ<GA6}#bU92F<ZL|b2!
zc-uKsbq59rbMGH`(Ghdq>34su4>4d7$W|*V!1}@Kj$KxD9nnU_4{J^J=>)CaM(zv|
zwr-B)H-ZLI1h--wD17C>@?wh@O4tZvFZ+f1e5}u)o{&*+ST+gJF6-jk<U)x6hGooO
z+o-G@X+uGt2AId2JL*(?npHJe)B25R+FZ}DYpQR%V)Sp`Y&oOpXv%CC+DF_%cW3)8
ztgQ!qI<0Rf8@H@&FuU@C+xL`J?J!Q;W)_`;O_U={Ef`DPyMk5s&TH{#yt+)B><#Ad
z0o~)5LWB48ZN<MbwTKx!D(<xa9X@<T>gCY0P$U%A33&y>lFHkv3?x@5@l&2ErQN%g
z3Y{h5zQ^~ihh>qI!i#JL=hNvTdYs}u`nuat6X%RC8+2|h-rSzl!UWnmdDF;sH#nL0
zaalEyt-lR{*Ay1tO)Rzu9xdFIY-9!q6Z{Tj+B*hSN9eRE_j*Pd<Q{aOG3F1|{Wmo(
zD(3xNn;Hlr>$0J^jngVhNiiXr-C)6rzcX)s$Odw5pZS?5aAI1_y&7dT&LnO@dU%H4
zmEbF@F|_-!*Y<?t6Qkx?)Bn;Kq{_t=#0M1=xPsvzs?V}2t!vFE<MD|(S2SS9O2U*V
zBUavi#U3Z6cK$SuBe@9&=qpKVovl-;I=5Kj`rzN@O184D*`H|EOEZrb+#>E;XT-Se
z;(o0hABA<-LO!sHo`-akR#n*jIQeh7(N2e0!zRe4$*T1oBcE#i`Oh?yvPK4Sf(Kp;
zHL@$NWl(nYquX4s(ykf|2AF*U&@WM3p}}Mi9dKk%@fVXO`u)uxKz}+>*wY=)stle|
z!gcne5yWsTk@ALF6P+JH(Pl3{P-2PrMaoP8f0F2$%2(HGGbJj5kelyT21V4J41dl}
z)hCR=CW8!%tdsjjiD)O|vv!|kaoW&ua&BgYhkdd?dFK0jKtOBuy5$g@6LR11&D}z2
zXxJ*WHp@kZ>J;NE5G+k&K+ps}z?*Hq^YWtjvP}f{NyDAETC@K}qE(pqPiM{Ez9-d+
zceZ~hME_)afwg(9rj~fBq~pB|1P?4RTWw>RV&7O78%zjetguwTq}tv_pgWvDCM4RP
zq8=70JpF-7GPG|!J<6d!)iQg-eoZoemAu;Av>4<tU8c+>z%}J%#2iD$A)vngez-#(
zu2F#&zEK@9DzNU3yLNG~7Er+9pDgv4b|VyFT0_=S`KRRaql!6nQivblQb5YWsSFr0
zb9zN3+;0_nf5{bx^zo<0QZsq|z4&m)5W*NwZ3MM_lyq60@Hl1IAJU#B1MOG=)i~2_
zU}YYmx$uh#KyJmt7q@q9><yLdLPp%IR3@?E7Augkb#BKY)V1lODvGUamEk#cf0oDk
zJVphtG3Q3hv4?H=VW|S6#|pGD`DQX@LH0&gqc;n#_Rsl_ZOUQ0GhAm!+_KwDOfr;y
z*^KKU#4n5>zQ#+YQ>wON{-U-tN!;%2^q|t4jxjBCKye)JwM7iSG+>&t<Ry1Lg`O%R
z<9sX~+kr!y{pfu73*8)|KKeuIvYHCpmOM`K_ukNKmNX3}VvBHc4f=+poIb>c&M)!{
z4hAcHulK_bEIX=ggE^p`zK-6v>$kYd2$VE2<8Hs+Ei`(}1Ts-V#t?}(!u)Y45456f
z;9=?nK!TY@IvlNaT3YZ<wT_d5wAgmqzEkCzwoDFC|A~ESz1L-E{@WXyuEi*~CAtty
zt1f7uV;Q@pJgyxBh8?6;vPbi|_h35XaI11HCZHs<GvMN7gIW2Q+*eg!AQCbZO|p>6
zx0c<GBBqTL6$U4pvcx@VB{yukrA9WbJ4Pi8NX2u;`8t12xcUbS8A@W%(Wu2=$LR5}
z<$CX_Mv&c3PnHmeo;l*^b^GB0i(t+;$yu0As6ucdyhBk<U4fq|jM3^XFk48am`VLD
zJR}=Z-e{r-CVNrkOWj_FwgWt5CE{>_aY}kJ*aGaGoJX)5qhGb*BE4m)9<7(P?=y-G
zpr*YEJy>qs8}xAhc5#<uus{9d2W~b5yL2Z-r21!8(ug+>!YasWU+`iUaw@1w@G@a3
zk2x(RufAf)q)ER~Du_z12WMQFo94+*#e(WT#4Bl{4O}G+hq(KxKZD&Ai6Xf@`dvzS
z<NV~Z$#PLFwQ*lQ7pIGFi3|6<Q%i8b07W>p-yQE$UTSqW`q*U!=`$m~WU=QlA>*Sb
zGG3{JN7z!q<G7yY(=<F|t-Y#fB{uO|wA}Kt?O%JzTj_k^H2fPQ6`2P7otNm17=QOd
zAWWS<V7L}Uca=xyQpZPe+!**2B_{cXS)80KIa%kNb&6zE_!1E(<V@!~-v4{%4=}VH
z-0O-y#4n6Cjb5(9n(l73*jU~)svaM&2DSkYEyVWIFh6ruc0T8Kwvtqsj!tsyT+wf{
zBha_+2t;I<;2j)7Qn?~8gK^1c!_3gQNMw5CF=Asd;br!Tdo3v87gevP*b#AIj%r&O
zAMghA*6WnDZFp=T|0v`Ujok#dK!8a)tf2@W1htlK70-Oco}$Vl<oo^W{_Tt7J7b<*
z50scxmrd6i_A;}V$;g%$9`aR*;r>Vcm<-W{0%p&661)=NM{)JVm*n!vo0gGN!t_IX
zfo!N0c<$b0$T`uig%V!Sd*qlK;SKFU*+C<J3KUz24wCmQr6XquKE3H90Hr^V9@JQC
z923uAdc|n|K5L8T4G?Ob+t31r1MM)n_TXW<3@+H&h0<>vyYa#CdY48sf6Vk`rAh)p
zg{~{<ek99xAo?*Wp&zhuzyCfjGf<sGXxaWKV3e{^#Z!JdoVhrjc`G}DW;fs)!YxrB
zN_SiuJTr*l3ohF0m8Y230v2{ig}46M<mDQoW_r*LNV0O%KQe8x02@=>7tnU4tV$DB
zGQVEO2x5;((+E@tH~fk7&iWPvk%vLnWg=Zw9=U=cITp{Aadwa%GzKOQ=wfJZPudx%
z%{R9(8(Ae5A~2m%30-FVPR4Ihm1dYB8^+M=qi~ZoR9oOc9J#>-y!KYF(@;sKzS;$`
zc1;Jh?Kttwn_4B+$r{~<mC22s?Qp4!>@(nLzF<vjwpiC$d%GA+S0(x_6D=7)dhp`i
z!a_cW8^7fJT9jAIMYTtvRUoa7Pyzlfs`NP=h|m|ny|I5re({x^>~`#%*_voyh~7<%
zYW$779y<s1l4SA@;L25O%VaC1ru&N<P2Pc{TcKhc{wlIWm8bp`16PB0AVTvZ`1FO^
zae7E|4<t9(+`bJz71D_|V$HiKfE!?D%8bh5Cz0%Gabc@a%>h;gyif}EtrFg|OVlDu
zdWu1+Oc3M`PU$Jk2^@M(hQHzNEP|sgfWQu_(+lDy@lHd4vg5TFCzT3ow$CiYe{%y8
zvv4b1)YJO?1`M?n!!FFtW*J*bvaLnxZk8Sj%&P3GE6c4@`Aa5t#?<pOE`q44oKU&H
z)aGm84ZPrzhQ6`2I>~Vi@{Ay7&s#X)bjKiM$6ilVV;I2)uB-AL+<ePi!anZZ@3+Ou
zj5H#<`V<cW7EWZ0Zp!zFjXB)&P4)Q<i7UxQ<y>e@D@&P9zj7^CctV3UxFRzQam~eI
zD;J3oczRviF+<2`UrKm=jVFE3MhnQ7h`nqeXRN3O%bwwqnwMlI9+eEkgjHKlCk%PA
z8Ys!v6q*A~2q1?wybwoXp-4$v%6MmVjL!;Z!zJ?rOB5<*I4zkImRFIXarYW(t-Mz#
z7u1Kg%pii)@WD8xyn@uz#xkvS2jd|3_>y`se!`tN2f9kth!%?iOYw8Xj2^p4c`R_N
z5zsu^&N+OSBcbh$xwn;}2bVE-n%<g39HTqVLJye4@V(gAFKi|?waZ{`P*2dFEiu1X
z<g6ZnUl0NWPsVE}_oBSEImn8f6?|sMX!VgTy!OFeEpuOXML;VOOg9deMpb$h6YpF|
z1T_tsx3=<XG-|Pljq`zd_AKpKtFLW&uHA4}MOZ{N`}%7`g8E~*0n5n}+ivJ>Z`AlX
z;(n`I$#Dw!QNPSMY>FKr;vhKec2%qGds{An`%t&D{adT8qX6!EoW*)2YNP3h(CvyY
z)oL!g4kGd|ynIZz{KXt`KMN|FxK}Kh*C$BjhIx4JlvS-Lw3cO8P<#3XOuI8cU`<ct
z_*!2oR;o!3G;_Hn4mL(p+Zn&kR>Q7iI@v)V%=+qu?1ZmibXcuuYJKO6dB-Gghzdjo
zj#<WCawwLUet98afXx6l(~EYeiJ-FHZ=MRDcRCJYnI<LMu~0^FSeFFkiClG8shju`
zLlQ5pf@;BV<d0RiIntS=_fQ0=l0G46SS{sQD6+eDBAyY|R5BW==jQ5^u$`SrEjJ0+
zZDKlhi(xc6a=^jHqI|0T9zFVyaGm-Ez>g0n#9wv!N+{Ynb{M|Juw&jJi?)=G%0sbS
zWXO|<K~jUXww<SK(K_4m0Cv8oK3um`Cf}p_#*X5c{*y=e8UR)DJf#I+@X9l)wzP`Z
zo@}c|P@3WmaN^Iw(d44Y;WVP)>O>BgH6~MzxWIgesyGqb;yrdwM3}X@uwM!QwCJ8W
zscl|4&vRpRI3D0f*de0iYf~gqC8DtW_)<i$4ZasUX#2g%G42OL?r#MoZj$}M15Gr%
zx%57js+%S4p}{Lc`y0)$)q6Rar^gvZr8*m1!>6&#cRRBh9sRyoxE^&_4{baXxju^d
z75|O>hhV&WZTn=2+wpA2Im*igK>J(!jw-5cFE<pQ!BSIvKeWh2m2JRhp^mcG=s`@U
zbX4?oViO-(^atB9g3Vj)CLf(Zv0P|vO4FM9GeFRzqZU@Dgq<&w-4CvGWAaM)a_i!V
zb-(~qet^5PlPuZfWU{xMiXm8{o#2UCyPxE-YSJ(T?mcqBvK_60SRKg)d_)W&ii<$@
zqU+Yyijdn3AHKr{Pv=iqWEy{S;$dDnEpAJ_Jh#b+=NwAKmabeT)P5D~VDs==lqzE>
z={jQ0i1oUVnn~b-)T`RAL4EHI<(0XUI0XIpQUAGmDH&dBbSP1^RC?mR#LTXQMBY<-
zOai)nXL}RxD(x|WB+xzsaLl#Y^L2LK{;Mi{3B8O?%4kUAuK$(ojUZST#AZZoWL>4L
z5nbU(IkMyC07BTok`c2=y$sNU(suvi>q_-t;Y&q`5*7jSXRtzwwqkTfkY*=8`N|+8
zjDg7+V<zI{424RBE+^gjlZKcSBSDsXI)?Ew8$q%>RnW*<L*_gX$QJfQksYqo?9O&j
z4)bRglv$&HM|qH5msr6Ir+2Aw{3&$mqr03JA0=$V;g*PHr<ujM8;@&ilydQPKQPYn
zj6}#GguMHYhy4-ncfHbSYI)cN)hVltPRr8-@si)v``8Hrm{fG3q@y0;Bu)<i_gRxR
z1(s$7V|>+#i6(vf2SB7ZEjRmEdSmexnqn03TrAFaxbf@07-5<md@XL4;WoRHLiLhq
zp+idM%8afp$AHd3rimt*At*ORjE!Xb;8I_`$`?$(F>}Vo&xxZF9y~3%`(Os%dez*~
z^v<Fgr}$D2`TPPY-%QW-XB3xBJ?Dt5{@ANKq_ha?c-4P%2RgCG_cBD3cB;>A>PRB*
zRJU2qVuM80eD-r0LMw4Ben=0|A8?k0<9pI=94Y&cvi&qZ|9zQ35+BJOGH54B3&E)M
z`Mf<{hrT{X;*+5#;nP~o(N*yAh(dK#L3~#npLQ!!bn`&T{oK8(pFjVkL8cYt<*(y%
z@%CyXsevygH$W~ObxtKVuUV=YHDYZNq?t$Gg{s$dQ}&84rcEq&B@uOh3u3uwH+DPT
zOKqqK{Z)|)+3Ip!#GTkVfKx}uTv{Oh8&kJjvO||kJPxES#y_>4YWGe7jx~`6PJMu=
zbB#p+yK+^kUfpP}l+K^0uq-5ob8Tthi-A>aq}ePx3kVs`M`!q3y7WA9${&<n#;Os|
zqPSp}be^Q?zIEDK%h^mc1_vhJ=T{g26jZ--O9q-_|B#$+2P&Aq3h)}`6HJozjGffF
zg>g~kQy_fnPnv)q9#$?cpR@&-19r*4+f_ZO-+DC9#oHV34o?8~848kLH$|<yHXm?p
z<4yeOKsiElU%DOlu`4<bhgS3g0t@FQ-nL$Ca83)u7~v5-NMO?#qWLn9Zn<|KZ`Q_;
zoWQaIou&bsg@ku_NRN*N!I|-eJ~2c7bHy|I-Y^Yhr>0|l!Jzyp#`X6tp0&|nE9%%E
zG5hI&V&#rvyM9__?w3L;pkZQScD{5=aX?QG_+qF$b-bBx))OVgI&x0M2@b(l!-|9!
z%F0vOJER>-Vt}VGW_>-;9&R77g}~9!V7Qc@6<5zHTk2^3vHZA5AT!18z08z)HJ5zP
z*QI!sD?XF>iQjO+YW1onm7p&xvlnanm|~wSijC-lM%m!#L*88Ig(tTZf9xdm<!5IE
zpseUq%Obi5ibzOK8V`+PfX=k+=UE-aRB>dct1Xx{);TW6Xf`eyFm>iwbdW1bVP`+h
ztRBF2<+xmXw~CvT963@tyf*CE`qRF#LPFHwSiA!^|2uTpa`*$n3j$mkoHCJ|bmR;B
zm>HFj`KT9#lr^1CkX&}yZ-~U{!>_5OK!1PidSZen`PQBJw5+XKL(`pFdi+d*ID4&Q
zScSP5n~NHU*3WAyu66k?E%OW^ZqMQImStiO>SuxE`D`UEc*+paFf!5yXK{mN4r2$9
zT?sK$^1LJBKvi+hV)c^@UqN*K%hw(~<pm`J&Ia*d`IMOBy20%8Ten!`Q&iP7fYG~5
zs~C3Oj_c0vym0+;f6J8YFmcN?g`jxPKDn~zFp`YOPsxWnt1z5qd^H>~LQc^{LQ0)T
zT%=-y)u26v!$)gN`Zn8$QaCg<$LgyPaaqY#I1jCWg}e?PQxV)C*1Bp6?OVqL^4M%~
zjH{&h^E0pEFGNe;uBqt6k{H%|pn=;h&rf%?0RQn&!CpDl`%|!T9@{tzYXK9p4I4^e
zZ5#n9S61bHb0JqLrw@`9UB0Ka6|_ZgS{Qd8LjFh;4s*%MB6qo!peo-&w5^>F9*p=f
z<cO|q%(JIQH7b{HTzs}gfT#GW)f%EY76T*sAAEnh_-vC*dT|r^K`z*C;3vF89`1-3
z#9JaxE~Tw3W6Gr-<Iwog?eA|K`IF>SZ1zK$xA>-Xk+){`#f(fcg}$sXTq)ThMV?xV
z*drR}s7noFkDMNLL@(p`@AJ;tTgGKS2%9~ImUP@2`Fiys`8>5Ht?JF+NJ{2yjsiAe
z3mEOAP4g9~>m|@LC=JHT0r1mLC5Yz5!CVh(L9lgIOVKi@im_u;hxn_n2uQkBW`%@j
z0qGO56I;fI7ooK9n=i}~G7FSZJy{mZGUyphotW1sOJJ$IawzZnlm7h}X(Zka4&Ctr
z`Wd>7{<4;A^knOJvZ2|NDHVkBy;Nd7ZI&7Qvtz2Kdr!$aJ)k#8fc>W}QsF?-^$+ub
zuPvUk<aIVQ`dtz=?_f)j-c4K6T@p+^0-E}qc4Nf$RfKB|)GOFAciCAOMGdh&P;`RI
zKV8nJ2FY2G0A|WPcGNtZsxTrrjh#vytBDiINC#9~dq-?kCh`v5cbaq~ak0&>eA^IR
z=!Hv(QkV@y7!RStK<MFwFE1H8mC>N4Xt`DJJEkj@?&SgnOC!5oQ*&Os_}v-7)iUzB
zeN9&6U(&8Ac@H=OV=W=f$ZcY1o57Ny??T>5=U5gkz2OLFe+r88Yt}a$Md^pU*Xfg{
zxyS@6(^6%Bh)HTgTlZ+JaJ^o?RpmKK#|Pfw&qxFbzyHkX1B44(i2I=p8$;JLHKps6
zaNf$XzIt+kGl4e<TS|m0ifDb;ZiVhmK8u4(gW^DN&CN3p-v>j5?cJToLTJ%aK`5DT
z-shuDQ$OT24{*rGVZ|}-Msdo>VqHL~K3t|0#f5(3c$=VPoqg2tGv*N0w|X0lb`mLP
zGd3;V<E%gO0c@mwMSAr4y*(cestvAMI+;fINv@z4C<+kn#DKXG6T6dq2T}i_G8!AD
z76RC^@q#r0n|PSCdNb~yA~n=+Dot<ad~Yrek49ZjMO=aJQ?D~bC|~l9cb1R0Z>zyP
z&`(rmh8!s!?=WSJ5qVc>Y<eFi+IDSbhVw%lDR|_50rtCNvS=9JwZQKSco)s)nBe^{
zuGmgmmhJ0wVJn19;vI-q2c)YsPmw;*y)jJSd}zw5K`0kSMw<v1LgX~|J_a2<h4mF1
zJH?VwbY^b$srS~a*5w1Xu}%OaTG?DgFr6zs;FGKGliYO4duK<d4o$@r*0{q9?s%#e
z$bq;90F%1hZnT`v*3!uh$uR-2ccp8$dKI#2Zq%D|Q#j;`EwV`lhO)Rto5k+h4C_$@
z%7}u<(}zU!dUKz=-PKeZ-i!?BYZFYs!O?GA)Q$Cx#0mwE3koamh{SB?bd|_O%YPRw
zmy>fpRT$g|)>EfAmgaSOt6!<UdsVc`*2!T5nnXCT;=50QGzk~*g%C_a?sh@DKgwUN
zZ!{A;KE5;^S}04PVrZ!2LkQoEis(G!&!7^udA@@1kkulF&*#qGjn1{Gsb&2&M<=m6
zBfb{($sGsYKoXnW(BxCRP76i!S=)g=;vT5vbTr%vaN?c^#UKEK;OgV44$?AC_^%Xz
z{oECWosaUpw;5x{AIoKFrIMCn{)TI_nlvZlF$ws9og!}<Mp1RE%fuR!__n|_p_&&#
z_cyg~&!tMc<?Mv*H!}4F(rz+4gAgC2VrvZT{A;j|*>V||B}GR_^Qls89=Jx6vM49z
zDLrXcO%JNuUt*xoG9?$Q2{Ryt)~H7S<M63JkvFu9ZC=jmGk3mMCB)!IN`K>r$h_x>
z9CJ>RQVpoE(YoYoZh0W!VTNh-!AmNW<i9}X<l%sXM*qH0+<fCHAAJM!r`9Skx#-ad
zY0Tif7)rHehXc!3&m!RYHSh^_O%~qv2a`8_LJS93yKs$8k=3+yh4_ZPj_i+R0DHl^
z$ANnlYr(qu17}CQsZzZ1-NO4Y|H5Y4C2H$<hg;wxsA|W_YlEgN`OCC9nfdDRAbS%_
zeMCDSccyT8VPYXYn$g6Du{utQIrc72S-LxMBJbd*Akb|#6h=Hp{5J`0`{VtCTp!Ad
zA-nggq7p6PBKrqQ+9LcvM!f5^fLvs^BG<(C!VAgYyu2D);;w8t!%XRsR`Z2<ny$3x
z&HmAM>x+c)=`u08K4~LQD(V$TP@DWL!raY;?u>#jHt9nz%BA@wlG5~%!hd3jE%4(8
zIvGcot~#rpaaDTk$%CByayfaGZ~HJ<Rz;;`Nqv$FL^JDWa^jbF=b6s&fM@$+y>seQ
z@A1Tbs=GbeXhY-KZST`<vO!ownKj(|FiBMS9U$>j;(o`3hAS))c}_aK8JE01pJf3i
z>zCpML~xbXBqkC;J@4l~x@hVV*Ed7?<$Fkq*lez$c~_ML%wr<lX{^kZWUz`%7IgC8
z#EQ*9ZlVirTA>cK2gdAVz?h*kUF+rnxodnQHZ?zPqgP&z<pUr6nczVvvx1l!&C+4a
zO9MD^2p^nN^r~b~>ii@-ouG6!dI(=>FJ+<W0|6sNeKEYL7Sy5Cs2Y`{5hMyo6LYZ6
z)hAHj^T7gTB$8u)qbXyD#;aSsMyp8xy){284H3Nytua1wvWa*bxD}VVa%gLpE`(8m
zTw6q7rlZ{c>5b7yEH%W0YC&{RqTFB=hx~oOHnkX$ktdzYQUpoIs|~M9JDP~JQvqy3
zh9f`}J%o^oKr(Dllhx}zTe7jSw8?#>emCXuB*YS9L>e9b4xfq&&ViaIL$mdZxdGax
zp*5{SHIw1oJtRsA&`(gaWQNXysK6U4i#d}Yc|F3AoakBQiimZzSaNjM%jts<LN4N+
zXA|GkNY5e>ZWFN&aTs1rSFyR4&`FRnqQ0=fP6$Dk(@yRJ>arEgtEun2xhS!>s*TvR
z_8>pO**}!k4G|1R;G6`B^?cVE=$LI~A17kJuR!7`PbE?X44H^NiM%CZ_G(O#puQ71
zS>WNDn)Nn?wP5p!2}NARY*wn-7Y@Wyc0X2}qo^uMly{>rcX0=OMum!h`D=?XnTO)g
z{jpn<7u%2E9-dz<TS%t{5}n|j6mN)9s+OUHK(-fjbV7y9O{{2OEaJwH%NU%8G-w%(
zBbDXL)Vllv+$yZHE!~Uj+?5Bbv%_MZ@c(kqZvD$VN~apl?9(ozei-hSWU>xhPafnF
z_gyn7jdi4ax%8i~f!C-4-q-?W9VCTykwB~;BTE{6;pg8RVd8wB1SOoQ0t9fBY_-7c
z6d(R(cPg&f*AEle3I_u%1RL>N1XQRFDbX!8AZAE_x+xStxJA23$}-`~eu%--!1LDQ
zdvNVveI@RdsnniE3dZ)MC+d;#g!f~VDxqC+<ep!8OkK5@KPs$#BO7A^<X$6K@^TUA
z(a|Eu!Yf1~u(5cXP}SZsMK(e7?Wj=FQ^@g~ayCyzWVjkb$3Ea-1<u81qpWxuXLh*|
zX=T$ur6qZWyhcx$<2IXn+b14Q``UpHU|R8^P7CJp2-OfVv!x*N?+$B1(j?WJN!Q}}
zcu)=X>))y)(zx?e$po(EwFmPXS+%kqWu{q2JH|S5Zn?fJY4Sf>rHlrAU~KmB1MC@N
z#F??()NtP>9n;zo9yP6&6uTw&1W<H}HyR6pNX_6d3oK!&iEBMdToSJ0qB0wIg~U>@
zDf+J2m@Z{&Y-sWs?06jAIsZkr>QkKcX`PsR-7SA;j=Xh&fajk4)2?O$)iA;`ICJs<
zL>A?=B&o5CR0bfxOdzGXI$3TYrrzRMa+o45b^^sheN{8do!S(;hZ019owm=L2%`+p
z<%0^{dx5%xZ?(!D1enm79t_2;{JQs25o{6YJeJC#*_w#F7qYXd&al?mK;FuudPXy5
z=D8;0#YF`vEWZYsP}uRgbm3e3<`4Bwh4!8X&L2Mv<szQTO$;k7jx~4O7Lvp}aO)_r
zW{a=UG;sv#OB>}yv{xw+F_xP%pL~EUF3jW>m5hz5eR^~XD+;uPZ)a9Ff2x~(<gdQ#
z#IdB$c8T9imL-$M3aLkriq!q#hL4}H@KJI)XEqQwLd96Y!%vL|Cru5zd&<t<50l&t
z4U@Uuja&=Hi>z$Mqj3LZpHRNiF~BTM^PY<3B_dmxIY9F!ptol~TAtSK(#iqEU}`S*
zmyK{Btq%mEY~IIqehud>R19m70#(FP`O-Db+qYdq{SjSK@8xjbLBjpQF4G~Ca!7SI
zxlehi$4!*hE5W~O+70uj#njb<;pn{DSnn<beAnKFnMjM%iwa6-Uv~GPTs|V*5;k%#
znQWm8I(W@)@$DV0-dwe>yQKxv<A$jE-cFy7@|tIu^O8{fl<t0z)+(t{sbbZ>qh?mm
z#^@ZgA30?z;3H+-YObVwn^bR#waR=_Xq-#j#Ji9q#<<G5r$>zTZ**_q=c<JdfrvN&
zYrUl%<$6w=gSusdB#uV5PCq^yjG5Jx=k38j<YiaTFh`u=W1k@?#vB50()BeH;gUS;
z9xHVT@904A!j!*EtGULY!)>ZcG&P7JG19fz6v?jDuuL$4Me_9FWB5s2j}~Ggv7Dd`
z?oFv0!;MK-*cbY8<+2~T%pfj3lPc-wM?u$*v%(=}=)Ch1$XU}CS{0|>?qTQ*bppqv
z^jyMcxQKp(%*QD$i_Cx}f{PfP#uoEEDvSe_<*J5cRG6{D+8K|4A6=1C57s=&SsZ4c
za8sJysyfTvNL=+iZ2FrBoSL9xN&JkN8;5WB1!6i;G`XoO7f!YrZyA*_r6^`W*fuY-
zOXf6H71o<kFAiNrS|>b~<UnTVwK`o9USzf5XTlyIS>MQo*&$%P8E=TzQZ7zvz=o1*
zfN@~627le2r+~RJ5^q#>D9CS_0Mo+zOzS*inM~Z>JRT236%Pw#6iOgwj_o<ysGQ1B
zqETGTfzX{mGE^_F!;ve?nr1XY^bsqdN$d(~B0r!OV=!dN&&60d+0;QIc``a|Qp@`1
zlUHLd2-7<gJ_FFGF&8I+F4pW5nY2dj2Dc}6C7i-lV&W|-8vhB=TO3)pR3xoEB)U5X
zT0<Pi=0K?{iKH8I4w)^Q)ahjUsVrL>o9X6mIpCf`G8*{&YH-?Vyn_k7Ti{5!&iakj
zF}Y_cyZQr6e=PjHnt{k)ufs@QM80h4CS{z|7=ixv*8l+T+nItOUTtFeqfMb7O9Cmr
zq|vzUc_-I(7$SB2&&rH3Z3mN(eJkw?ga)Wevb4YwY0}ifPd~XdNc`h``<41{!&$cI
zCZ=}*blLJ6Jfb!E2OjL9?C2`D9CCgc_TP(w-K3R0?C1(JZZ=`Pn5!OC8W_|HO-}SL
zMk|DoNz4Er2JuqSI^>BAX8Lpx*Z~a2dyRu1Nd)dT-=9&%B$ql*Bj0JIyx4hckIx(p
zXzMfIp-uEo>jY7qpR)XooeISq=b4KX(HR-4mDU(_5^z&e8aq1*;a6W};x8&M%|`W?
zHOn*|QjhnHU1GBxgW^&Z$~o}MHOiA8-?56ru0jCE*+ECbl*$3VTGE@kwZ?DZ`Uv4K
zJb+z<hhjg#NS52G*WMV&*5#=<Z80qq&SZv|`+`O4P%F;eRO_@Gi!&Td&P4$$yFVB~
zEllAzir}gHV)zSZoE4*Iy;-r%w#Rh$#OTUkSJl=$A8wgvKz{jYPD1=bP{a_N;OP<^
zu>pXU-ttxYEX^b($B~(-BYMOZ{yRegJ)~E;CeYBBzKBZ;b#%a-r{WCKvhoiFPB3Hq
zE74Ak3~e@6Y53n|YcVhpK2#=Ax^qX=zo_{9&;HZ?X##itOO>l)291_)vf6$Q^F+mb
z@sgot^}B|9Yw|BVPg^#<$0_Uhvvi(PlEZ+E%aC(s(xJOv(v@}?d)nEbF28;JF?tQg
zaJe+V7gNPAJl*bsYuK}3>Para3hWdYJm*jn3J<PxrsY>D8X3B{`5l4laJCzb0{c&V
zkDs$fTJZ7}n+=)uTW@AP5?{N|F>+?E4V7fti;HZv<++aN%h!lAzp3mIpILqD<_G|`
zgm9qPqTVw6Wv<#=kZZW>h-)>8v;-CGqS1`g6v4!*iLin;enD2r0c}z-VRzG7ZvMEV
zoyhh6%!g%iP68@5wJQ-7eJck7Irgu#1kyn&L$4eIBfl*VwUO|aw}u^S`<*)J4+?K+
zcq>Mrj`(3RQAzw)h!{98((zhQCf$L9U+I3oa;)T0Ntbil+E|*EgArzR9v~>9IiYA2
zVef8C^*kZiA13EjT~yu80^(LQ6Qyl(&6IzIFTk(ltl|WPKEd#9X;e)YwPDLmv>d?`
zTbE_Q%WOlEAm%EXyEHbx)_S%lCioL<w&k6svSHAzZgdi-t*2;=De>syC&K|dA27f}
z^eLBxdk|XNBU!v1t1wbi6G(pXSsATtuPrIh9cSbdjXKG3MNTOQSE-}0R~e4xkb6~U
z?&1$H-<0JtVaAoD8qJvG58E?Z<!%|MO(xdlQs)n$az=C-+pv00o%nxv4zziPpoL!&
zs49erBaVkN>~wbo`TQCD@xuv7EJ`plq`(FXp;NJ4(UBVml18O5X*X&Zxc<<ce%~@`
zTGp1??afB+l^G?8*ZLfM>FNa55xt?9IhXa+%Hb#aSzZnn)5Lsu6Ix6-2CaH>503!%
z13*rvz;iyFo**~{E|0>6wsM~kKT*lsLE6TU8rSHkuZpvWWvxQX=>woU5DB~O$(XXo
ziY<eA*;&zIYpvZJY3_arPk@4yDbfEst}Q&j(MH9zE}erRUmV4)1HkA&h|zjhwba)0
z^O2x}E9_NXmfzM>QL40W&#iq}{7{z_!gdDkkJR1a(=u7r*dJmX^N(rY`Kt5!vpv2Q
znd${MjJg_F{{tfIm^B_yiB@zKxbwJzP)_1*q%Fk0o%nu}H;kSPT#LlkbzCXcPF32(
zs8351^@VUQ;q$zj(mRQTC&Z^Aj~`syg?*ja!A;rcPF-HUD$0JbjdTpRM^OJe6Yygo
zC;`%J91k=|AMt?uH>AXZ^pAqG{5|{=F>JRw0&oIb5l(uZ!fFEenxu84emcdW^|QJ6
z58#4F)}E;E)v@NhSnI!QsMIz6Vs&i=Nh<BuaofhjbBbao@<?=n+y+fqukS=NMA8%{
z@?$8I9HpVn$yFz3k1;8BGE8$Sd&IpBnTsQ*<n7#4YzGmQ;gf1E6L(vw=Jrk;Y<6B^
zjEBHiq?QVW2B}ye!PD&9qVL%ktv^GJ+<7VvB*TN>xFnTHlHWfF&dbEsJ0mLvEpz7{
zbM<r70%0SNORm;lNJKN9>Lj*GMVX3WI2)`-e?1b_YX9756Bb!y<hbj9dXsfi@(n6L
zp8lNlN`6dwRG!wg_B0p!BF2q#Ju*LT?146*+t<?YL2aD??3d&Xh+Tf*Y6}`x_sLC*
zn6x=t0xs*LKl8e>%u~uCNf_TC+Z2Sb?JLK92M4v5t(oq^0)@-8KEuFvFZar$bc!7*
zyF~yrKtkXP*^@#CA{#V97lFvzU+{l;+8$SsfF4IMFeL;?FjWO`2rMuxFt86s@(-pq
zHRBO>BpT4y2nZ(Rf08o^Y7=ujU|=5;Z3F}#=|7@qi5&E}4|4MNj~nU#(Ut%6pur1b
zi-aJ6{Ky4Tj)WkDz~cisL_$dXD`@yfAYlNSiG&b=g@c3p#~SD|>O(m41VW64;QBY0
z;XeZ6XAoNy1ns}p{?h=_e<r}Ro<aRl5Y({$<vHk|qL4|?;2^UXaAM^D)+$hP^oMTr
zL&xv}PWV4`|C)UJw=zsnd=v!szmEJ{g6jnw)c5?qO8l#H_|Sb=!Un;|K%o6ES4sYx
ztA#Hh(`X1f<o{~6+9dW9^986r1_GOK`vn}#$;#90ACmX~`!4=(@9f5WbO!i4=q(0<
zK<}Tf|4-`p|K9bYf5E{#tUNvKoNfN)i~k>0sr@H4-#^Uq|Nq(sxyC}^|J&yHSO`M!
jFQD>R2uhNF%>Cy$LHz$EKAxOFzhWUi!B|8<d?fx4^u{qR


From c230167445ca39b838560297ec0d06facaa55ead Mon Sep 17 00:00:00 2001
From: "Kevin W. Wall" <kevin.w.wall@gmail.com>
Date: Sat, 28 Nov 2020 23:58:01 -0500
Subject: [PATCH 729/812] Add references to Security Bulletin #3

---
 SECURITY.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/SECURITY.md b/SECURITY.md
index 18d510ad9..f23c9566e 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -48,3 +48,4 @@ For details see:
 
 * [Security Bulletin #1 - MAC Bypass in ESAPI Symmetric Encryption](documentation/ESAPI-security-bulletin1.pdf), which covers CVE-2013-5679 and CVE-2013-5960
 * [Security Bulletin #2 - How Does CVE-2019-17571 Impact ESAPI?](documentation/ESAPI-security-bulletin2.pdf), which covers the Log4J 1 deserialization CVE.
+* [Security Bulletin #3 - How Does the Apache Xerces Vulnerability(SNYK-JAVA-XERCES-608891) Impact ESAPI?](documentation/ESAPI-security-bulletin3.pdf), which decribes a unpatched Apache Xerces vulnerability similar to [CVE-2020-14621](https://nvd.nist.gov/vuln/detail/CVE-2020-14621)

From 56c1e2c98412bbeb2167ca17ce81d0a8293bdfb8 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Wed, 2 Dec 2020 21:16:31 -0500
Subject: [PATCH 730/812] Update ESAPI URL to new OWASP site.

---
 configuration/esapi/ESAPI.properties      | 2 +-
 src/test/resources/esapi/ESAPI.properties | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/configuration/esapi/ESAPI.properties b/configuration/esapi/ESAPI.properties
index ccf146114..11b84e336 100644
--- a/configuration/esapi/ESAPI.properties
+++ b/configuration/esapi/ESAPI.properties
@@ -3,7 +3,7 @@
 # 
 # This file is part of the Open Web Application Security Project (OWASP)
 # Enterprise Security API (ESAPI) project. For details, please see
-# http://www.owasp.org/index.php/ESAPI.
+# https://owasp.org/www-project-enterprise-security-api/
 #
 # Copyright (c) 2008,2009 - The OWASP Foundation
 #
diff --git a/src/test/resources/esapi/ESAPI.properties b/src/test/resources/esapi/ESAPI.properties
index 6df0acc93..053cfa357 100644
--- a/src/test/resources/esapi/ESAPI.properties
+++ b/src/test/resources/esapi/ESAPI.properties
@@ -33,7 +33,7 @@
 # 
 # This file is part of the Open Web Application Security Project (OWASP)
 # Enterprise Security API (ESAPI) project. For details, please see
-# http://www.owasp.org/index.php/ESAPI.
+# https://owasp.org/www-project-enterprise-security-api/
 #
 # Copyright (c) 2008,2009 - The OWASP Foundation
 #

From aee6f524701e33e0c49e808113421c9b9163ef8f Mon Sep 17 00:00:00 2001
From: Snyk bot <snyk-bot@snyk.io>
Date: Sun, 10 Jan 2021 04:58:59 +0200
Subject: [PATCH 731/812] fix: upgrade com.github.spotbugs:spotbugs-annotations
 from 4.1.4 to 4.2.0 (#584)

Snyk has created this PR to upgrade com.github.spotbugs:spotbugs-annotations from 4.1.4 to 4.2.0.

See this package in Maven Repository:
https://mvnrepository.com/artifact/com.github.spotbugs/spotbugs-annotations/

See this project in Snyk:
https://app.snyk.io/org/planetlevel/project/f53b118f-f068-49f2-98e2-0b5681787cd7?utm_source=github&utm_medium=upgrade-pr
---
 pom.xml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pom.xml b/pom.xml
index 706527231..3d9eae0fd 100644
--- a/pom.xml
+++ b/pom.xml
@@ -134,7 +134,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <version.jmh>1.23</version.jmh>
         <version.powermock>2.0.7</version.powermock>
-        <version.spotbugs>4.1.4</version.spotbugs>
+        <version.spotbugs>4.2.0</version.spotbugs>
 
         <!-- Upgrading to 3.0.0-M3+ causes this test case error:
                 org.owasp.esapi.reference.DefaultValidatorInputStringAPITest.getValidInputNullAllowedPassthrough  Time elapsed: 2.057 s  <<< ERROR!
@@ -529,7 +529,7 @@
                       <goals><goal>enforce</goal></goals>
                       <configuration>
                         <rules>
-                          <dependencyConvergence />
+                          <dependencyConvergence/>
                           <requireJavaVersion>
                             <version>1.7</version>
                             <message>
@@ -540,7 +540,7 @@
                           <enforceBytecodeVersion>
                             <maxJdkVersion>1.7</maxJdkVersion>
                             <ignoreOptionals>true</ignoreOptionals>
-                            <ignoredScopes></ignoredScopes> <!-- 'test' scopes not ignored so we can actually test on Java 7. -->
+                            <ignoredScopes/> <!-- 'test' scopes not ignored so we can actually test on Java 7. -->
                             <message>Dependencies shouldn't require Java 8+</message>
                           </enforceBytecodeVersion>
                         </rules>

From 93a433df7d1519d8ce58165383606bdb575232e9 Mon Sep 17 00:00:00 2001
From: Snyk bot <snyk-bot@snyk.io>
Date: Sun, 10 Jan 2021 04:59:47 +0200
Subject: [PATCH 732/812] fix: pom.xml to reduce vulnerabilities (#585)

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-XERCES-608891
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 3d9eae0fd..081c836ce 100644
--- a/pom.xml
+++ b/pom.xml
@@ -287,7 +287,7 @@
             <groupId>xerces</groupId>
             <artifactId>xercesImpl</artifactId>
             <!-- Note: CVE-2020-14338) in xercesImpl:2.12.0 but Apache has not released an update to this library yet to eliminate it. See ESAPI-security-bulletin3.pdf for further details. -->
-            <version>2.12.0</version>
+            <version>2.12.1</version>
         </dependency>
         <dependency>
             <groupId>xml-apis</groupId>

From 3b57136cde1d86c6455ed72770513bc81611ae1d Mon Sep 17 00:00:00 2001
From: Simon McClenahan <smcclenahan@gmail.com>
Date: Sat, 9 Jan 2021 21:55:23 -0600
Subject: [PATCH 733/812] Add Maven and Super-Linter GitHub Actions for develop
 branch (#583)

* Updated versions-maven-plugin version to 2.7 to fix m2eclipse

* Update .gitignore

* 30: ESAPIFilter in RI should allow login page destination to be
configured

Task-Url: https://github.com/ESAPI/esapi-java-legacy/issues/30

* Create superlinter.yml

* Create maven.yml

* Disabled display-plugin-updates

* fix merge conflict
---
 .github/workflows/maven.yml       | 24 ++++++++++++++++++++++++
 .github/workflows/superlinter.yml | 25 +++++++++++++++++++++++++
 pom.xml                           |  3 +--
 3 files changed, 50 insertions(+), 2 deletions(-)
 create mode 100644 .github/workflows/maven.yml
 create mode 100644 .github/workflows/superlinter.yml

diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
new file mode 100644
index 000000000..a81c84710
--- /dev/null
+++ b/.github/workflows/maven.yml
@@ -0,0 +1,24 @@
+# This workflow will build a Java project with Maven
+# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven
+
+name: Java CI with Maven
+
+on:
+  push:
+    branches: [ develop ]
+  pull_request:
+    branches: [ develop ]
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up JDK 1.8
+      uses: actions/setup-java@v1
+      with:
+        java-version: 1.8
+    - name: Build with Maven
+      run: mvn -B package --file pom.xml
diff --git a/.github/workflows/superlinter.yml b/.github/workflows/superlinter.yml
new file mode 100644
index 000000000..91f580a3e
--- /dev/null
+++ b/.github/workflows/superlinter.yml
@@ -0,0 +1,25 @@
+name: Super-Linter
+
+# Run this workflow every time a new commit pushed to your repository
+on: push
+
+jobs:
+  # Set the job key. The key is displayed as the job name
+  # when a job name is not provided
+  super-lint:
+    # Name the Job
+    name: Lint code base
+    # Set the type of machine to run on
+    runs-on: ubuntu-latest
+
+    steps:
+      # Checks out a copy of your repository on the ubuntu-latest machine
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      # Runs the Super-Linter action
+      - name: Run Super-Linter
+        uses: github/super-linter@v3
+        env:
+          DEFAULT_BRANCH: develop
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/pom.xml b/pom.xml
index 081c836ce..a7f4972a0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -139,7 +139,6 @@
         <!-- Upgrading to 3.0.0-M3+ causes this test case error:
                 org.owasp.esapi.reference.DefaultValidatorInputStringAPITest.getValidInputNullAllowedPassthrough  Time elapsed: 2.057 s  <<< ERROR!
                 java.lang.OutOfMemoryError: PermGen space
-
              when running tests with Java 7 on Mac OS X. No problems observed on Linux.
         -->
         <version.surefire>3.0.0-M2</version.surefire>
@@ -940,4 +939,4 @@
             </build>
         </profile>
     </profiles>
-</project>
+</project>
\ No newline at end of file

From c1f64d15fa84fabb1899664c8e9144daf153af6e Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sat, 9 Jan 2021 23:07:25 -0500
Subject: [PATCH 734/812] Close issue #586 by updating to AntiSamy 1.5.12. Also
 remove comment about CVE-2020-14338 which is not addressed by previous
 Synkbot PR.

---
 pom.xml | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/pom.xml b/pom.xml
index a7f4972a0..f83d7b17d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -238,7 +238,7 @@
         <dependency>
             <groupId>org.owasp.antisamy</groupId>
             <artifactId>antisamy</artifactId>
-            <version>1.5.11</version>
+            <version>1.5.12</version>
         </dependency>
         <dependency>
             <groupId>org.slf4j</groupId>
@@ -285,7 +285,6 @@
         <dependency>
             <groupId>xerces</groupId>
             <artifactId>xercesImpl</artifactId>
-            <!-- Note: CVE-2020-14338) in xercesImpl:2.12.0 but Apache has not released an update to this library yet to eliminate it. See ESAPI-security-bulletin3.pdf for further details. -->
             <version>2.12.1</version>
         </dependency>
         <dependency>
@@ -939,4 +938,4 @@
             </build>
         </profile>
     </profiles>
-</project>
\ No newline at end of file
+</project>

From 0a8a44f8acd9ec2080ca9f9617296e2f085673c1 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 10 Jan 2021 16:59:20 -0500
Subject: [PATCH 735/812] Add paragraph on GitHub deprecating passwords for git
 operations.

---
 CONTRIBUTING-TO-ESAPI.txt | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/CONTRIBUTING-TO-ESAPI.txt b/CONTRIBUTING-TO-ESAPI.txt
index e4fab6e45..0adaaa747 100644
--- a/CONTRIBUTING-TO-ESAPI.txt
+++ b/CONTRIBUTING-TO-ESAPI.txt
@@ -5,6 +5,14 @@ Getting Started:
     "Contributing to ESAPI legacy" in ESAPI's README.md file. It
     make contain updates and advice not contained herein.
 
+A Special Note on GitHub Authentication:
+    GitHub has announced that they are deprecating authentiation based on
+    username / password and beginning 2021-08-13, you will no longer be able
+    to your password to authenticate to 'git' operations on GitHub.com.
+    Please see https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/
+    for details and plan accordingly.
+
+
 Finding Something Interesting to Work on:
 
     See the section "Contributing to ESAPI legacy in

From e17ae3976d61d4a3fac44d0c5a246eed6908d2ca Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Fri, 5 Mar 2021 15:23:22 -0500
Subject: [PATCH 736/812] Configure Super-Linter action to ignore errors.

---
 .github/workflows/superlinter.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/superlinter.yml b/.github/workflows/superlinter.yml
index 91f580a3e..723666891 100644
--- a/.github/workflows/superlinter.yml
+++ b/.github/workflows/superlinter.yml
@@ -17,9 +17,10 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v2
 
-      # Runs the Super-Linter action
+      # Runs the Super-Linter action and ignore errors
       - name: Run Super-Linter
         uses: github/super-linter@v3
         env:
           DEFAULT_BRANCH: develop
+          DISABLE_ERRORS: true
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

From c6da91dbd727d9d1dd9dd0cda7f65163551946d9 Mon Sep 17 00:00:00 2001
From: Matt Seil <xeno6696@users.noreply.github.com>
Date: Sat, 6 Mar 2021 13:15:59 -0700
Subject: [PATCH 737/812] PR to fix #517 and #588 (#591)

* Bump release to new release number, 2.2.2.0.

* Fixed #517 and #588 with currently only one unit test failing.

* Fixed my pom.xml for #588 and #517

* Fixed an encoding bug that was causing an early truncation involving invalid escape sequences.
This was causing test input jeff\WILLIAMS to be converted to jeffWILLIAMS and then passing a
validation test that it should have been failing.  Special thanks to Jeremiah Stacey for the root
cause analysis and repair.  For #517 and #588.

Co-authored-by: kwwall <kevin.w.wall@gmail.com>
Co-authored-by: xeno6696 <xeno6696[at]gmail.com>
---
 .../owasp/esapi/codecs/JavaScriptCodec.java   |   3 +-
 .../validation/StringValidationRule.java      |   6 +-
 .../owasp/esapi/reference/EncoderTest.java    |   2 +-
 .../owasp/esapi/reference/ValidatorTest.java  | 117 ++++++++++++------
 src/test/resources/esapi/ESAPI.properties     |   2 +-
 .../resources/esapi/validation.properties     |  18 ++-
 6 files changed, 102 insertions(+), 46 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/codecs/JavaScriptCodec.java b/src/main/java/org/owasp/esapi/codecs/JavaScriptCodec.java
index a43cbd004..65ee517a7 100644
--- a/src/main/java/org/owasp/esapi/codecs/JavaScriptCodec.java
+++ b/src/main/java/org/owasp/esapi/codecs/JavaScriptCodec.java
@@ -211,7 +211,8 @@ public Character decodeCharacter( PushbackSequence<Character> input ) {
 		}
 		
 		// ignore the backslash and return the character
-		return second;
+		input.reset();
+		return null;
 	}
 
 }
\ No newline at end of file
diff --git a/src/main/java/org/owasp/esapi/reference/validation/StringValidationRule.java b/src/main/java/org/owasp/esapi/reference/validation/StringValidationRule.java
index 8d0c88cf0..11fea3112 100644
--- a/src/main/java/org/owasp/esapi/reference/validation/StringValidationRule.java
+++ b/src/main/java/org/owasp/esapi/reference/validation/StringValidationRule.java
@@ -274,16 +274,16 @@ public String getValid( String context, String input ) throws ValidationExceptio
 		if (canonicalizeInput) {
 		    data = encoder.canonicalize(input);
 		} else {
-		    String message = String.format("Input validaiton excludes canonicalization.  Context: %s   Input: %s", context, input);
+		    String message = String.format("Input validation excludes canonicalization.  Context: %s   Input: %s", context, input);
 		    LOGGER.warning(Logger.SECURITY_AUDIT, message);
             data = input;
 		}
 
 		// check whitelist patterns
-		checkWhitelist(context, input);
+		checkWhitelist(context, data, input);
 
 		// check blacklist patterns
-		checkBlacklist(context, input);
+		checkBlacklist(context, data, input);
 			
 		// validation passed
 		return data;
diff --git a/src/test/java/org/owasp/esapi/reference/EncoderTest.java b/src/test/java/org/owasp/esapi/reference/EncoderTest.java
index 502094001..8f345e199 100644
--- a/src/test/java/org/owasp/esapi/reference/EncoderTest.java
+++ b/src/test/java/org/owasp/esapi/reference/EncoderTest.java
@@ -232,7 +232,7 @@ public void testCanonicalize() throws EncodingException {
         assertEquals( "\'", instance.canonicalize("\\'"));
         assertEquals( "\"", instance.canonicalize("\\\""));
         assertEquals( "\\", instance.canonicalize("\\\\"));
-        assertEquals( "<", instance.canonicalize("\\<"));
+        assertEquals( "\\<", instance.canonicalize("\\<"));
         
         assertEquals( "<", instance.canonicalize("\\u003c"));
         assertEquals( "<", instance.canonicalize("\\U003c"));
diff --git a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
index fc0dc7e06..61c485d0c 100644
--- a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
+++ b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
@@ -15,6 +15,13 @@
  */
 package org.owasp.esapi.reference;
 
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertThrows;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
 import java.io.BufferedReader;
 import java.io.ByteArrayInputStream;
 import java.io.File;
@@ -29,6 +36,7 @@
 
 import javax.servlet.http.Cookie;
 
+import org.junit.Test;
 import org.owasp.esapi.ESAPI;
 import org.owasp.esapi.Encoder;
 import org.owasp.esapi.EncoderConstants;
@@ -36,17 +44,14 @@
 import org.owasp.esapi.ValidationErrorList;
 import org.owasp.esapi.ValidationRule;
 import org.owasp.esapi.Validator;
+import org.owasp.esapi.errors.IntrusionException;
 import org.owasp.esapi.errors.ValidationException;
 import org.owasp.esapi.filters.SecurityWrapperRequest;
 import org.owasp.esapi.http.MockHttpServletRequest;
 import org.owasp.esapi.http.MockHttpServletResponse;
-import org.owasp.esapi.reference.validation.HTMLValidationRule;
 import org.owasp.esapi.reference.validation.StringValidationRule;
 import org.owasp.esapi.util.TestUtils;
 
-import junit.framework.Test;
-import junit.framework.TestCase;
-import junit.framework.TestSuite;
 
 /**
  * The Class ValidatorTest.
@@ -54,41 +59,11 @@
  * @author Mike Fauzy (mike.fauzy@aspectsecurity.com)
  * @author Jeff Williams (jeff.williams@aspectsecurity.com)
  */
-public class ValidatorTest extends TestCase {
-
+public class ValidatorTest {
+	
     private static final String PREFERRED_ENCODING = "UTF-8";
 
-    public static Test suite() {
-        return new TestSuite(ValidatorTest.class);
-    }
-
-    /**
-     * Instantiates a new HTTP utilities test.
-     *
-     * @param testName the test name
-     */
-    public ValidatorTest(String testName) {
-        super(testName);
-    }
-
-    /**
-     * {@inheritDoc}
-     *
-     * @throws Exception
-     */
-    protected void setUp() throws Exception {
-        // none
-    }
-
-    /**
-     * {@inheritDoc}
-     *
-     * @throws Exception
-     */
-    protected void tearDown() throws Exception {
-        // none
-    }
-
+    @Test
     public void testAddRule() {
         Validator validator = ESAPI.validator();
         ValidationRule rule = new StringValidationRule("ridiculous");
@@ -96,18 +71,22 @@ public void testAddRule() {
         assertEquals(rule, validator.getRule("ridiculous"));
     }
 
+    @Test
     public void testAssertValidFileUpload() {
         //		assertValidFileUpload(String, String, String, byte[], int, boolean, ValidationErrorList)
     }
 
+    @Test
     public void testGetPrintable1() {
         //		getValidPrintable(String, char[], int, boolean, ValidationErrorList)
     }
 
+    @Test
     public void testGetPrintable2() {
         //		getValidPrintable(String, String, int, boolean, ValidationErrorList)
     }
 
+    @Test
     public void testGetRule() {
         Validator validator = ESAPI.validator();
         ValidationRule rule = new StringValidationRule("rule");
@@ -116,6 +95,7 @@ public void testGetRule() {
         assertFalse(rule == validator.getRule("ridiculous"));
     }
 
+    @Test
     public void testGetValidCreditCard() {
         System.out.println("getValidCreditCard");
         Validator instance = ESAPI.validator();
@@ -145,6 +125,7 @@ public void testGetValidCreditCard() {
         assertTrue(errors.size()==4);
     }
 
+    @Test
     public void testGetValidDirectoryPath() throws Exception {
         System.out.println("getValidDirectoryPath");
         Validator instance = ESAPI.validator();
@@ -160,6 +141,7 @@ public void testGetValidDirectoryPath() throws Exception {
         assertEquals(2, errors.size());
     }
 
+    @Test
     public void testGetValidDouble() {
         System.out.println("getValidDouble");
         Validator instance = ESAPI.validator();
@@ -178,6 +160,7 @@ public void testGetValidDouble() {
         assertEquals(4, errors.size());
     }
 
+    @Test
     public void testGetValidFileContent() {
         System.out.println("getValidFileContent");
         Validator instance = ESAPI.validator();
@@ -195,6 +178,7 @@ public void testGetValidFileContent() {
         assertEquals(1, errors.size());
     }
 
+    @Test
     public void testGetValidFileName() throws Exception {
         System.out.println("getValidFileName");
         Validator instance = ESAPI.validator();
@@ -203,6 +187,7 @@ public void testGetValidFileName() throws Exception {
         assertEquals("Percent encoding is not changed", testName, instance.getValidFileName("test", testName, ESAPI.securityConfiguration().getAllowedFileExtensions(), false, errors));
     }
 
+    @Test
     public void testGetValidInput(){
         System.out.println("getValidInput");
         Validator instance = ESAPI.validator();
@@ -210,6 +195,7 @@ public void testGetValidInput(){
         // instance.getValidInput(String, String, String, int, boolean, ValidationErrorList)
     }
 
+    @Test
     public void testGetValidInteger() {
         System.out.println("getValidInteger");
         Validator instance = ESAPI.validator();
@@ -217,6 +203,7 @@ public void testGetValidInteger() {
         // instance.getValidInteger(String, String, int, int, boolean, ValidationErrorList)
     }
 
+    @Test
     public void testGetValidListItem() {
         System.out.println("getValidListItem");
         Validator instance = ESAPI.validator();
@@ -224,6 +211,7 @@ public void testGetValidListItem() {
         // instance.getValidListItem(String, String, List, ValidationErrorList)
     }
 
+    @Test
     public void testGetValidNumber() {
         System.out.println("getValidNumber");
         Validator instance = ESAPI.validator();
@@ -231,6 +219,7 @@ public void testGetValidNumber() {
         // instance.getValidNumber(String, String, long, long, boolean, ValidationErrorList)
     }
 
+    @Test
     public void testGetValidRedirectLocation() {
         System.out.println("getValidRedirectLocation");
         Validator instance = ESAPI.validator();
@@ -239,8 +228,10 @@ public void testGetValidRedirectLocation() {
     }
 
     //      Test split out and moved to HTMLValidationRuleLogsTest.java & HTMLValidationRuleThrowsTest.java
+    // @Test
     // public void testGetValidSafeHTML() throws Exception {
 
+    @Test
     public void testIsInvalidFilename() {
         System.out.println("testIsInvalidFilename");
         Validator instance = ESAPI.validator();
@@ -270,6 +261,7 @@ private File resetParentForWindows(String sysRoot) throws IOException {
         return new File( winRoot );
     }
 
+    @Test
     public void testIsValidDirectoryPath() throws IOException {
         System.out.println("isValidDirectoryPath");
 
@@ -393,10 +385,12 @@ public void testIsValidDirectoryPath() throws IOException {
         }
     }
 
+    @Test
     public void TestIsValidDirectoryPath() {
         // isValidDirectoryPath(String, String, boolean)
     }
 
+    @Test
     public void testIsValidDouble() {
         // isValidDouble(String, String, double, double, boolean)
     	Validator instance = ESAPI.validator();
@@ -455,6 +449,7 @@ public void testIsValidDouble() {
         assertTrue(errors.size() == 13);
     }
 
+    @Test
     public void testIsValidFileContent() {
         System.out.println("isValidFileContent");
         byte[] content = null;
@@ -468,6 +463,7 @@ public void testIsValidFileContent() {
         assertTrue(instance.isValidFileContent("test", content, 100, false));
     }
 
+    @Test
     public void testIsValidFileName() {
         System.out.println("isValidFileName");
         Validator instance = ESAPI.validator();
@@ -482,6 +478,7 @@ public void testIsValidFileName() {
         assertTrue(errors.size() == 0);
     }
 
+    @Test
     public void testIsValidFileUpload() throws IOException {
         System.out.println("isValidFileUpload");
         String filepath = new File(System.getProperty("user.dir")).getCanonicalPath();
@@ -513,9 +510,11 @@ public void testIsValidFileUpload() throws IOException {
         assertTrue(errors.size() == 1);
     }
 
+    @Test
     public void testIsValidHTTPRequestParameterSet() throws Exception{
     }
 
+    @Test
     public void testisValidInput() {
         System.out.println("isValidInput");
         Validator instance = ESAPI.validator();
@@ -605,6 +604,7 @@ public void testisValidInput() {
         assertFalse(instance.isValidInput("test", null, "Email", 100, false, errors));
     }
 
+    @Test
     public void testIsValidInteger() {
         System.out.println("isValidInteger");
         Validator instance = ESAPI.validator();
@@ -694,6 +694,7 @@ public void testIsValidInteger() {
 
     }
 
+    @Test
     public void testIsValidListItem() {
         System.out.println("isValidListItem");
         Validator instance = ESAPI.validator();
@@ -710,6 +711,7 @@ public void testIsValidListItem() {
         assertTrue(errors.size()==1);
     }
 
+    @Test
     public void testIsValidNumber() {
         System.out.println("isValidNumber");
         Validator instance = ESAPI.validator();
@@ -798,6 +800,7 @@ public void testIsValidNumber() {
         assertTrue(errors.size()==13);
     }
 
+    @Test
     public void testIsValidParameterSet() {
         System.out.println("isValidParameterSet");
         Set requiredNames = new HashSet();
@@ -831,6 +834,7 @@ public void testIsValidParameterSet() {
         assertTrue(errors.size() ==1);
     }
 
+    @Test
     public void testIsValidPrintable() {
         System.out.println("isValidPrintable");
         Validator instance = ESAPI.validator();
@@ -852,13 +856,16 @@ public void testIsValidPrintable() {
 
     }
 
+    @Test
     public void testIsValidRedirectLocation() {
         //		isValidRedirectLocation(String, String, boolean)
     }
 
     //      Test split out and moved to HTMLValidationRuleLogsTest.java & HTMLValidationRuleThrowsTest.java
-    // public void testIsValidSafeHTML() {
+    // @Test
+    //public void testIsValidSafeHTML() {
 
+    @Test
     public void testSafeReadLine() {
         System.out.println("safeReadLine");
 
@@ -914,6 +921,7 @@ public void testSafeReadLine() {
         }
     }
 
+    @Test
     public void testIssue82_SafeString_Bad_Regex() {
         Validator instance = ESAPI.validator();
         try {
@@ -924,6 +932,7 @@ public void testIssue82_SafeString_Bad_Regex() {
         }
     }
 
+    @Test
     public void testGetParameterMap() {
 //testing Validator.HTTPParameterName and Validator.HTTPParameterValue
         MockHttpServletRequest request = new MockHttpServletRequest();
@@ -938,6 +947,7 @@ public void testGetParameterMap() {
         assertNull(safeRequest.getParameterMap().get(TestUtils.generateStringOfLength(33)));
     }
 
+    @Test
     public void testGetParameterNames() {
 //testing Validator.HTTPParameterName
         MockHttpServletRequest request = new MockHttpServletRequest();
@@ -950,6 +960,7 @@ public void testGetParameterNames() {
         assertEquals(Collections.list(safeRequest.getParameterNames()).size(), 2);
     }
 
+    @Test
     public void testGetParameter() {
 //testing Validator.HTTPParameterValue
         MockHttpServletRequest request = new MockHttpServletRequest();
@@ -984,6 +995,7 @@ public void testGetParameter() {
         //assertNotNull(safeRequest.getParameter("e1", false));
     }
 
+    @Test
     public void testGetCookies() {
 //testing Validator.HTTPCookieName and Validator.HTTPCookieValue
         MockHttpServletRequest request = new MockHttpServletRequest();
@@ -999,6 +1011,7 @@ public void testGetCookies() {
         assertTrue(cookies.length == 2);
     }
 
+    @Test
     public void testGetHeader() {
 //testing Validator.HTTPHeaderValue
         MockHttpServletRequest request = new MockHttpServletRequest();
@@ -1014,6 +1027,7 @@ public void testGetHeader() {
         assertNull(safeRequest.getHeader("p3"));
     }
     
+    @Test
     public void testHeaderLengthChecks(){
     	Validator v = ESAPI.validator();
     	SecurityConfiguration sc = ESAPI.securityConfiguration();
@@ -1021,6 +1035,7 @@ public void testHeaderLengthChecks(){
     	assertFalse(v.isValidInput("addHeader", TestUtils.generateStringOfLength(4097), "HTTPHeaderValue", sc.getIntProp("HttpUtilities.MaxHeaderValueSize"), false));
     }
 
+    @Test
     public void testGetHeaderNames() {
 //testing Validator.HTTPHeaderName
         MockHttpServletRequest request = new MockHttpServletRequest();
@@ -1036,6 +1051,7 @@ public void testGetHeaderNames() {
         assertEquals(2, Collections.list(safeRequest.getHeaderNames()).size());
     }
 
+    @Test
     public void testGetQueryString() {
 //testing Validator.HTTPQueryString
         MockHttpServletRequest request = new MockHttpServletRequest();
@@ -1050,6 +1066,7 @@ public void testGetQueryString() {
         assertFalse(safeRequest.getQueryString().equals(request.getQueryString()));
     }
 
+    @Test
     public void testGetRequestURI() {
 //testing Validator.HTTPURI
         MockHttpServletRequest request = new MockHttpServletRequest();
@@ -1061,6 +1078,7 @@ public void testGetRequestURI() {
         assertEquals(safeRequest.getRequestURI(), request.getRequestURI());
     }
 
+    @Test
     public void testGetContextPath() {
         // Root Context Path ("")
         assertTrue(ESAPI.validator().isValidInput("HTTPContextPath", "", "HTTPContextPath", 512, true));
@@ -1070,21 +1088,44 @@ public void testGetContextPath() {
         assertFalse(ESAPI.validator().isValidInput("HTTPContextPath", "/\\nGET http://evil.com", "HTTPContextPath", 512, true));
     }
     
+    @Test
     public void testGmailEmailAddress(){
     	Validator v = ESAPI.validator();
     	assertTrue(v.isValidInput("Gmail", "Darth+Sidious@gmail.com", "Gmail", 512, false));
     	assertTrue(v.isValidInput("Gmail", "Darth.Sidious@gmail.com", "Gmail", 512, false));
     }
     
+    @Test
     public void testGetValidUri(){
     	Validator v = ESAPI.validator();
     	assertFalse(v.isValidURI("test", "http://core-jenkins.scansafe.cisco.com/佐贺诺伦-^ńörén.jpg", false));
     }
     
+    @Test
     public void testGetValidUriNullInput(){
     	Validator v = ESAPI.validator();
     	boolean isValid = v.isValidURI("test", null, true);
     	assertTrue(isValid);
     }
+    
+    @Test
+    public void testRegex(){
+    	Validator v = ESAPI.validator();
+    	boolean isValid = v.isValidInput("RegexString", "%2d%2d%3e%3c%2f%73%43%72%49%70%54%3e%3c%73%43%72%49%70%54%3e%61%6c%65%72%74%28%31%36%35%38%38%29%3c%2f%73%43%72%49%70%54%3e", "RegexString", 30000, true);
+    	assertFalse(isValid);
+    }
+    
+    @Test(expected = ValidationException.class)
+    public void testRegexWithGetValid() throws IntrusionException, ValidationException {
+    	Validator v = ESAPI.validator();
+    	String foo = v.getValidInput("RegexString", "%2d%2d%3e%3c%2f%73%43%72%49%70%54%3e%3c%73%43%72%49%70%54%3e%61%6c%65%72%74%28%31%36%35%38%38%29%3c%2f%73%43%72%49%70%54%3e", "RegexString", 30000, true);
+    }
+    
+    @Test
+    public void testavaloqLooseSafeString(){
+    	Validator v = ESAPI.validator();
+    	boolean isValid = v.isValidInput("RegexString", "&quot;test&quot;", "avaloqLooseSafeString", 2147483647, true, true);
+    	assertFalse(isValid);
+    }
 }
 
diff --git a/src/test/resources/esapi/ESAPI.properties b/src/test/resources/esapi/ESAPI.properties
index 053cfa357..914ebb887 100644
--- a/src/test/resources/esapi/ESAPI.properties
+++ b/src/test/resources/esapi/ESAPI.properties
@@ -516,7 +516,7 @@ Validator.HTTPJSESSIONID=^[A-Z0-9]{10,32}$
 # Contributed by Fraenku@gmx.ch
 # Googlecode Issue 116 (http://code.google.com/p/owasp-esapi-java/issues/detail?id=116)
 Validator.HTTPParameterName=^[a-zA-Z0-9_\\-]{1,32}$
-Validator.HTTPParameterValue=^[\\p{L}\\p{N}.\\-/+=_ !$*?@]{0,1000}$
+Validator.HTTPParameterValue=^[-\\p{L}\\p{N}./+=_ !$*?@]{0,1000}$
 Validator.HTTPContextPath=^/[a-zA-Z0-9.\\-_]*$
 Validator.HTTPQueryString=^([a-zA-Z0-9_\\-]{1,32}=[\\p{L}\\p{N}.\\-/+=_ !$*?@%]*&?)*$
 Validator.HTTPURI=^/([a-zA-Z0-9.\\-_]*/?)*$
diff --git a/src/test/resources/esapi/validation.properties b/src/test/resources/esapi/validation.properties
index d20f7d9e4..84082c255 100644
--- a/src/test/resources/esapi/validation.properties
+++ b/src/test/resources/esapi/validation.properties
@@ -1,3 +1,16 @@
+# OWASP Enterprise Security API (ESAPI) Properties file -- TEST Version
+#############################################################################
+#
+#   WARNING     WARNING     WARNING     WARNING     WARNING     WARNING
+#
+#   #######                                 #     #
+#      #     ######   ####    #####         #     #  ######  #####    ####
+#      #     #       #          #           #     #  #       #    #  #
+#      #     #####    ####      #           #     #  #####   #    #   ####
+#      #     #            #     #            #   #   #       #####        #
+#      #     #       #    #     #             # #    #       #   #   #    #
+#      #     ######   ####      #              #     ######  #    #   ####
+#
 # The ESAPI validator does many security checks on input, such as canonicalization
 # and whitelist validation. Note that all of these validation rules are applied *after*
 # canonicalization. Double-encoded characters (even with different encodings involved,
@@ -26,8 +39,9 @@ Validator.SafeString=^[.\\p{Alnum}\\p{Space}]{0,1024}$
 Validator.Email=^[A-Za-z0-9._%'-]+@[A-Za-z0-9.-]+\\.[a-zA-Z]{2,62}$
 Validator.Gmail=^[A-Za-z0-9._%'-+]+@[A-Za-z0-9.-]+\\.[a-zA-Z]{2,62}$
 Validator.IPAddress=^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$
-#Validator.URL=^(?:ht|f)tp(s?+)\\:\\/\\/[0-9a-zA-Z](?:[-.\\w]*[0-9a-zA-Z])*(?::(?:0-9)*)*(?:\\/?+)(?:[a-zA-Z0-9\\-\\.\\?\\,\\:\\'\\/\\\\\\+=&amp;%\\$#_]*)?+$
+#Validator.URL=^(?:ht|f)tp(s?+)\\:\\/\\/[0-9a-zA-Z](?:[-.\\w]*[0-9a-zA-Z])*(?::(?:0-9)*)*(?:\\/?+)(?:[-a-zA-Z0-9\\.\\?\\,\\:\\'\\/\\\\\\+=&amp;%\\$#_]*)?+$
 Validator.URL=^(?:ht|f)tp(?:s?)(?:[:A-Za-z0-9%/#?&.=-]*)$
 Validator.CreditCard=^(\\d{4}[- ]?){3}\\d{4}$
 Validator.SSN=^(?!000)([0-6]\\d{2}|7([0-6]\\d|7[012]))([ -]?)(?!00)\\d\\d\\3(?!0000)\\d{4}$
-
+#RegexString here is PURELY for regression testing purposes.  NOT for production use.  
+Validator.RegexString=^[^<>]*  

From 936508cd34829e8df2ff5aa066558825dff50506 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sat, 6 Mar 2021 15:46:57 -0500
Subject: [PATCH 738/812] Close issue #602 by changing "/bin" to "/dev".

---
 src/test/java/org/owasp/esapi/reference/ValidatorTest.java | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
index 61c485d0c..bf4f67123 100644
--- a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
+++ b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
@@ -372,7 +372,10 @@ public void testIsValidDirectoryPath() throws IOException {
             // Unix specific paths should pass
             assertTrue(instance.isValidDirectoryPath("test6", "/", parent, false, errors));         // Root directory
             assertTrue(errors.size()==5);
-            assertTrue(instance.isValidDirectoryPath("test7", "/bin", parent, false, errors));      // Always exist directory
+                // Note, we used to say that about '/bin', but Ubuntu 20.x
+                // changed '/bin' to a sym link to 'usr/bin'. We can't use '/etc'
+                // because under MacOS, that is a sym link to 'private/etc'.
+            assertTrue(instance.isValidDirectoryPath("test7", "/dev", parent, false, errors));      // Always exist directory
             assertTrue(errors.size()==5);
 
             // Unix specific paths that should not exist or work

From 13465ed39ddcce24487b9b1b947cbb68932636c7 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sat, 6 Mar 2021 16:20:53 -0500
Subject: [PATCH 739/812] Remove <html-entities> node since not part of
 AntiSamy XSD.

---
 configuration/esapi/antisamy-esapi.xml | 321 -------------------------
 1 file changed, 321 deletions(-)

diff --git a/configuration/esapi/antisamy-esapi.xml b/configuration/esapi/antisamy-esapi.xml
index 14880d0b5..c45fee06e 100644
--- a/configuration/esapi/antisamy-esapi.xml
+++ b/configuration/esapi/antisamy-esapi.xml
@@ -168,325 +168,4 @@ Slashdot allowed tags taken from "Reply" page:
 	<css-rules>
 	</css-rules>
 
-
-	<html-entities>
-		<entity name="amp" cdata="&amp;"/>
-		<entity name="nbsp" cdata="&amp;#160;"/>
-		
-		<entity name="iexcl" cdata="&amp;#161;"/> <!--inverted exclamation mark, U+00A1 ISOnum -->
-		<entity name="cent" cdata="&amp;#162;"/> <!--cent sign, U+00A2 ISOnum -->
-		<entity name="pound" cdata="&amp;#163;"/> <!--pound sign, U+00A3 ISOnum -->
-		<entity name="curren" cdata="&amp;#164;"/> <!--currency sign, U+00A4 ISOnum -->
-		<entity name="yen" cdata="&amp;#165;"/> <!--yen sign = yuan sign, U+00A5 ISOnum -->
-		<entity name="brvbar" cdata="&amp;#166;"/> <!--broken bar = broken vertical bar, U+00A6 ISOnum -->
-		<entity name="sect" cdata="&amp;#167;"/> <!--section sign, U+00A7 ISOnum -->
-		<entity name="uml" cdata="&amp;#168;"/> <!--diaeresis = spacing diaeresis, U+00A8 ISOdia -->
-		<entity name="copy" cdata="&amp;#169;"/> <!--copyright sign, U+00A9 ISOnum -->
-		<entity name="ordf" cdata="&amp;#170;"/> <!--feminine ordinal indicator, U+00AA ISOnum -->
-		<entity name="laquo" cdata="&amp;#171;"/> <!--left-pointing double angle quotation mark = left pointing guillemet, U+00AB ISOnum -->
-		<entity name="not" cdata="&amp;#172;"/> <!--not sign, U+00AC ISOnum -->
-		<entity name="shy" cdata="&amp;#173;"/> <!--soft hyphen = discretionary hyphen,U+00AD ISOnum -->
-		<entity name="reg" cdata="&amp;#174;"/> <!--registered sign = registered trade mark sign, U+00AE ISOnum -->
-		<entity name="macr" cdata="&amp;#175;"/> <!--macron = spacing macron = overline = APL overbar, U+00AF ISOdia -->
-		<entity name="deg" cdata="&amp;#176;"/> <!--degree sign, U+00B0 ISOnum -->
-		<entity name="plusmn" cdata="&amp;#177;"/> <!--plus-minus sign = plus-or-minus sign, U+00B1 ISOnum -->
-		<entity name="sup2" cdata="&amp;#178;"/> <!--superscript two = superscript digit two = squared, U+00B2 ISOnum -->
-		<entity name="sup3" cdata="&amp;#179;"/> <!--superscript three = superscript digit three= cubed, U+00B3 ISOnum -->
-		<entity name="acute" cdata="&amp;#180;"/> <!--acute accent = spacing acute, U+00B4 ISOdia -->
-		<entity name="micro" cdata="&amp;#181;"/> <!--micro sign, U+00B5 ISOnum -->
-		<entity name="para" cdata="&amp;#182;"/> <!--pilcrow sign = paragraph sign, U+00B6 ISOnum -->
-		<entity name="middot" cdata="&amp;#183;"/> <!--middle dot = Georgian comma = Greek middle dot, U+00B7 ISOnum -->
-		<entity name="cedil" cdata="&amp;#184;"/> <!--cedilla = spacing cedilla, U+00B8 ISOdia -->
-		<entity name="sup1" cdata="&amp;#185;"/> <!--superscript one = superscript digit one,U+00B9 ISOnum -->
-		<entity name="ordm" cdata="&amp;#186;"/> <!--masculine ordinal indicator, U+00BA ISOnum -->
-		<entity name="raquo" cdata="&amp;#187;"/> <!--right-pointing double angle quotation mark = right pointing guillemet, U+00BB ISOnum -->
-		<entity name="frac14" cdata="&amp;#188;"/> <!--vulgar fraction one quarter = fraction one quarter, U+00BC ISOnum -->
-		<entity name="frac12" cdata="&amp;#189;"/> <!--vulgar fraction one half = fraction one half, U+00BD ISOnum -->
-		<entity name="frac34" cdata="&amp;#190;"/> <!--vulgar fraction three quarters = fraction three quarters, U+00BE ISOnum -->
-		<entity name="iquest" cdata="&amp;#191;"/> <!--inverted question mark = turned question mark, U+00BF ISOnum -->
-		<entity name="Agrave" cdata="&amp;#192;"/> <!--latin capital letter A with grave = latin capital letter A grave,U+00C0 ISOlat1 -->
-		<entity name="Aacute" cdata="&amp;#193;"/> <!--latin capital letter A with acute,U+00C1 ISOlat1 -->
-		<entity name="Acirc" cdata="&amp;#194;"/> <!--latin capital letter A with circumflex,U+00C2 ISOlat1 -->
-		<entity name="Atilde" cdata="&amp;#195;"/> <!--latin capital letter A with tilde,U+00C3 ISOlat1 -->
-		<entity name="Auml" cdata="&amp;#196;"/> <!--latin capital letter A with diaeresis,U+00C4 ISOlat1 -->
-		<entity name="Aring" cdata="&amp;#197;"/> <!--latin capital letter A with ring above = latin capital letter A ring, U+00C5 ISOlat1 -->
-		<entity name="AElig" cdata="&amp;#198;"/> <!--latin capital letter AE = latin capital ligature AE, U+00C6 ISOlat1 -->
-		<entity name="Ccedil" cdata="&amp;#199;"/> <!--latin capital letter C with cedilla, U+00C7 ISOlat1 -->
-		<entity name="Egrave" cdata="&amp;#200;"/> <!--latin capital letter E with grave, U+00C8 ISOlat1 -->
-		<entity name="Eacute" cdata="&amp;#201;"/> <!--latin capital letter E with acute,U+00C9 ISOlat1 -->
-		<entity name="Ecirc" cdata="&amp;#202;"/> <!--latin capital letter E with circumflex,U+00CA ISOlat1 -->
-		<entity name="Euml" cdata="&amp;#203;"/> <!--latin capital letter E with diaeresis, U+00CB ISOlat1 -->
-		<entity name="Igrave" cdata="&amp;#204;"/> <!--latin capital letter I with grave, U+00CC ISOlat1 -->
-		<entity name="Iacute" cdata="&amp;#205;"/> <!--latin capital letter I with acute, U+00CD ISOlat1 -->
-		<entity name="Icirc" cdata="&amp;#206;"/> <!--latin capital letter I with circumflex, U+00CE ISOlat1 -->
-		<entity name="Iuml" cdata="&amp;#207;"/> <!--latin capital letter I with diaeresis, U+00CF ISOlat1 -->
-		<entity name="ETH" cdata="&amp;#208;"/> <!--latin capital letter ETH, U+00D0 ISOlat1 -->
-		<entity name="Ntilde" cdata="&amp;#209;"/> <!--latin capital letter N with tilde, U+00D1 ISOlat1 -->
-		<entity name="Ograve" cdata="&amp;#210;"/> <!--latin capital letter O with grave, U+00D2 ISOlat1 -->
-		<entity name="Oacute" cdata="&amp;#211;"/> <!--latin capital letter O with acute, U+00D3 ISOlat1 -->
-		<entity name="Ocirc" cdata="&amp;#212;"/> <!--latin capital letter O with circumflex, U+00D4 ISOlat1 -->
-		<entity name="Otilde" cdata="&amp;#213;"/> <!--latin capital letter O with tilde, U+00D5 ISOlat1 -->
-		<entity name="Ouml" cdata="&amp;#214;"/> <!--latin capital letter O with diaeresis, U+00D6 ISOlat1 -->
-		<entity name="times" cdata="&amp;#215;"/> <!--multiplication sign, U+00D7 ISOnum -->
-		<entity name="Oslash" cdata="&amp;#216;"/> <!--latin capital letter O with stroke = latin capital letter O slash, U+00D8 ISOlat1 -->
-		<entity name="Ugrave" cdata="&amp;#217;"/> <!--latin capital letter U with grave, U+00D9 ISOlat1 -->
-		<entity name="Uacute" cdata="&amp;#218;"/> <!--latin capital letter U with acute, U+00DA ISOlat1 -->
-		<entity name="Ucirc" cdata="&amp;#219;"/> <!--latin capital letter U with circumflex, U+00DB ISOlat1 -->
-		<entity name="Uuml" cdata="&amp;#220;"/> <!--latin capital letter U with diaeresis, U+00DC ISOlat1 -->
-		<entity name="Yacute" cdata="&amp;#221;"/> <!--latin capital letter Y with acute, U+00DD ISOlat1 -->
-		<entity name="THORN" cdata="&amp;#222;"/> <!--latin capital letter THORN, U+00DE ISOlat1 -->
-		<entity name="szlig" cdata="&amp;#223;"/> <!--latin small letter sharp s = ess-zed, U+00DF ISOlat1 -->
-		<entity name="agrave" cdata="&amp;#224;"/> <!--latin small letter a with grave = latin small letter a grave, U+00E0 ISOlat1 -->
-		<entity name="aacute" cdata="&amp;#225;"/> <!--latin small letter a with acute, U+00E1 ISOlat1 -->
-		<entity name="acirc" cdata="&amp;#226;"/> <!--latin small letter a with circumflex, U+00E2 ISOlat1 -->
-		<entity name="atilde" cdata="&amp;#227;"/> <!--latin small letter a with tilde, U+00E3 ISOlat1 -->
-		<entity name="auml" cdata="&amp;#228;"/> <!--latin small letter a with diaeresis, U+00E4 ISOlat1 -->
-		<entity name="aring" cdata="&amp;#229;"/> <!--latin small letter a with ring above = latin small letter a ring, U+00E5 ISOlat1 -->
-		<entity name="aelig" cdata="&amp;#230;"/> <!--latin small letter ae = latin small ligature ae, U+00E6 ISOlat1 -->
-		<entity name="ccedil" cdata="&amp;#231;"/> <!--latin small letter c with cedilla, U+00E7 ISOlat1 -->
-		<entity name="egrave" cdata="&amp;#232;"/> <!--latin small letter e with grave, U+00E8 ISOlat1 -->
-		<entity name="eacute" cdata="&amp;#233;"/> <!--latin small letter e with acute, U+00E9 ISOlat1 -->
-		<entity name="ecirc" cdata="&amp;#234;"/> <!--latin small letter e with circumflex, U+00EA ISOlat1 -->
-		<entity name="euml" cdata="&amp;#235;"/> <!--latin small letter e with diaeresis, U+00EB ISOlat1 -->
-		<entity name="igrave" cdata="&amp;#236;"/> <!--latin small letter i with grave, U+00EC ISOlat1 -->
-		<entity name="iacute" cdata="&amp;#237;"/> <!--latin small letter i with acute, U+00ED ISOlat1 -->
-		<entity name="icirc" cdata="&amp;#238;"/> <!--latin small letter i with circumflex, U+00EE ISOlat1 -->
-		<entity name="iuml" cdata="&amp;#239;"/> <!--latin small letter i with diaeresis, U+00EF ISOlat1 -->
-		<entity name="eth" cdata="&amp;#240;"/> <!--latin small letter eth, U+00F0 ISOlat1 -->
-		<entity name="ntilde" cdata="&amp;#241;"/> <!--latin small letter n with tilde, U+00F1 ISOlat1 -->
-		<entity name="ograve" cdata="&amp;#242;"/> <!--latin small letter o with grave, U+00F2 ISOlat1 -->
-		<entity name="oacute" cdata="&amp;#243;"/> <!--latin small letter o with acute, U+00F3 ISOlat1 -->
-		<entity name="ocirc " cdata="&amp;#244;"/> <!--latin small letter o with circumflex, U+00F4 ISOlat1 -->
-		<entity name="otilde" cdata="&amp;#245;"/> <!--latin small letter o with tilde, U+00F5 ISOlat1 -->
-		<entity name="ouml" cdata="&amp;#246;"/> <!--latin small letter o with diaeresis, U+00F6 ISOlat1 -->
-		<entity name="divide" cdata="&amp;#247;"/> <!--division sign, U+00F7 ISOnum -->
-		<entity name="oslash" cdata="&amp;#248;"/> <!--latin small letter o with stroke, = latin small letter o slash, U+00F8 ISOlat1 -->
-		<entity name="ugrave" cdata="&amp;#249;"/> <!--latin small letter u with grave, U+00F9 ISOlat1 -->
-		<entity name="uacute" cdata="&amp;#250;"/> <!--latin small letter u with acute, U+00FA ISOlat1 -->
-		<entity name="ucirc" cdata="&amp;#251;"/> <!--latin small letter u with circumflex, U+00FB ISOlat1 -->
-		<entity name="uuml" cdata="&amp;#252;"/> <!--latin small letter u with diaeresis, U+00FC ISOlat1 -->
-		<entity name="yacute" cdata="&amp;#253;"/> <!--latin small letter y with acute, U+00FD ISOlat1 -->
-		<entity name="thorn" cdata="&amp;#254;"/> <!--latin small letter thorn, U+00FE ISOlat1 -->
-		<entity name="yuml" cdata="&amp;#255;"/> <!--latin small letter y with diaeresis, U+00FF ISOlat1 -->
-		                                  
-		<entity name="fnof" cdata="&amp;#402;"/> <!--latin small f with hook = function = florin, U+0192 ISOtech -->
-		
-		<!-- Greek -->
-		<entity name="Alpha" cdata="&amp;#913;"/> <!--greek capital letter alpha, U+0391 -->
-		<entity name="Beta" cdata="&amp;#914;"/> <!--greek capital letter beta, U+0392 -->
-		<entity name="Gamma" cdata="&amp;#915;"/> <!--greek capital letter gamma, U+0393 ISOgrk3 -->
-		<entity name="Delta" cdata="&amp;#916;"/> <!--greek capital letter delta, U+0394 ISOgrk3 -->
-		<entity name="Epsilon" cdata="&amp;#917;"/> <!--greek capital letter epsilon, U+0395 -->
-		<entity name="Zeta" cdata="&amp;#918;"/> <!--greek capital letter zeta, U+0396 -->
-		<entity name="Eta" cdata="&amp;#919;"/> <!--greek capital letter eta, U+0397 -->
-		<entity name="Theta" cdata="&amp;#920;"/> <!--greek capital letter theta, U+0398 ISOgrk3 -->
-		<entity name="Iota" cdata="&amp;#921;"/> <!--greek capital letter iota, U+0399 -->
-		<entity name="Kappa" cdata="&amp;#922;"/> <!--greek capital letter kappa, U+039A -->
-		<entity name="Lambda" cdata="&amp;#923;"/> <!--greek capital letter lambda, U+039B ISOgrk3 -->
-		<entity name="Mu" cdata="&amp;#924;"/> <!--greek capital letter mu, U+039C -->
-		<entity name="Nu" cdata="&amp;#925;"/> <!--greek capital letter nu, U+039D -->
-		<entity name="Xi" cdata="&amp;#926;"/> <!--greek capital letter xi, U+039E ISOgrk3 -->
-		<entity name="Omicron" cdata="&amp;#927;"/> <!--greek capital letter omicron, U+039F -->
-		<entity name="Pi" cdata="&amp;#928;"/> <!--greek capital letter pi, U+03A0 ISOgrk3 -->
-		<entity name="Rho" cdata="&amp;#929;"/> <!--greek capital letter rho, U+03A1 -->
-		<!-- there is no Sigmaf, and no U+03A2 character either -->
-		<entity name="Sigma" cdata="&amp;#931;"/> <!--greek capital letter sigma, U+03A3 ISOgrk3 -->
-		<entity name="Tau" cdata="&amp;#932;"/> <!--greek capital letter tau, U+03A4 -->
-		<entity name="Upsilon" cdata="&amp;#933;"/> <!--greek capital letter upsilon,U+03A5 ISOgrk3 -->
-		<entity name="Phi" cdata="&amp;#934;"/> <!--greek capital letter phi,U+03A6 ISOgrk3 -->
-		<entity name="Chi" cdata="&amp;#935;"/> <!--greek capital letter chi, U+03A7 -->
-		<entity name="Psi" cdata="&amp;#936;"/> <!--greek capital letter psi,U+03A8 ISOgrk3 -->
-		<entity name="Omega" cdata="&amp;#937;"/> <!--greek capital letter omega,U+03A9 ISOgrk3 -->
-		
-		<entity name="alpha" cdata="&amp;#945;"/> <!--greek small letter alpha,U+03B1 ISOgrk3 -->
-		<entity name="beta" cdata="&amp;#946;"/> <!--greek small letter beta, U+03B2 ISOgrk3 -->
-		<entity name="gamma" cdata="&amp;#947;"/> <!--greek small letter gamma,U+03B3 ISOgrk3 -->
-		<entity name="delta" cdata="&amp;#948;"/> <!--greek small letter delta,U+03B4 ISOgrk3 -->
-		<entity name="epsilon" cdata="&amp;#949;"/> <!--greek small letter epsilon,U+03B5 ISOgrk3 -->
-		<entity name="zeta" cdata="&amp;#950;"/> <!--greek small letter zeta, U+03B6 ISOgrk3 -->
-		<entity name="eta" cdata="&amp;#951;"/> <!--greek small letter eta, U+03B7 ISOgrk3 -->
-		<entity name="theta" cdata="&amp;#952;"/> <!--greek small letter theta, U+03B8 ISOgrk3 -->
-		<entity name="iota" cdata="&amp;#953;"/> <!--greek small letter iota, U+03B9 ISOgrk3 -->
-		<entity name="kappa" cdata="&amp;#954;"/> <!--greek small letter kappa,U+03BA ISOgrk3 -->
-		<entity name="lambda" cdata="&amp;#955;"/> <!--greek small letter lambda, U+03BB ISOgrk3 -->
-		<entity name="mu" cdata="&amp;#956;"/> <!--greek small letter mu, U+03BC ISOgrk3 -->
-		<entity name="nu" cdata="&amp;#957;"/> <!--greek small letter nu, U+03BD ISOgrk3 -->
-		<entity name="xi" cdata="&amp;#958;"/> <!--greek small letter xi, U+03BE ISOgrk3 -->
-		<entity name="omicron" cdata="&amp;#959;"/> <!--greek small letter omicron, U+03BF NEW -->
-		<entity name="pi" cdata="&amp;#960;"/> <!--greek small letter pi, U+03C0 ISOgrk3 -->
-		<entity name="rho" cdata="&amp;#961;"/> <!--greek small letter rho, U+03C1 ISOgrk3 -->
-		<entity name="sigmaf" cdata="&amp;#962;"/> <!--greek small letter final sigma, U+03C2 ISOgrk3 -->
-		<entity name="sigma" cdata="&amp;#963;"/> <!--greek small letter sigma, U+03C3 ISOgrk3 -->
-		<entity name="tau" cdata="&amp;#964;"/> <!--greek small letter tau, U+03C4 ISOgrk3 -->
-		<entity name="upsilon" cdata="&amp;#965;"/> <!--greek small letter upsilon, U+03C5 ISOgrk3 -->
-		<entity name="phi" cdata="&amp;#966;"/> <!--greek small letter phi, U+03C6 ISOgrk3 -->
-		<entity name="chi" cdata="&amp;#967;"/> <!--greek small letter chi, U+03C7 ISOgrk3 -->
-		<entity name="psi" cdata="&amp;#968;"/> <!--greek small letter psi, U+03C8 ISOgrk3 -->
-		<entity name="omega" cdata="&amp;#969;"/> <!--greek small letter omega, U+03C9 ISOgrk3 -->
-		<entity name="thetasym" cdata="&amp;#977;"/> <!--greek small letter theta symbol, U+03D1 NEW -->
-		<entity name="upsih" cdata="&amp;#978;"/> <!--greek upsilon with hook symbol, U+03D2 NEW -->
-		<entity name="piv" cdata="&amp;#982;"/> <!--greek pi symbol, U+03D6 ISOgrk3 -->
-		
-		<!-- General Punctuation -->
-		<entity name="bull" cdata="&amp;#8226;"/> <!--bullet = black small circle, U+2022 ISOpub  -->
-		<!-- bullet is NOT the same as bullet operator, U+2219 -->
-		<entity name="hellip" cdata="&amp;#8230;"/> <!--horizontal ellipsis = three dot leader, U+2026 ISOpub  -->
-		<entity name="prime" cdata="&amp;#8242;"/> <!--prime = minutes = feet, U+2032 ISOtech -->
-		<entity name="Prime" cdata="&amp;#8243;"/> <!--double prime = seconds = inches, U+2033 ISOtech -->
-		<entity name="oline" cdata="&amp;#8254;"/> <!--overline = spacing overscore, U+203E NEW -->
-		<entity name="frasl" cdata="&amp;#8260;"/> <!--fraction slash, U+2044 NEW -->
-		
-		<!-- Letterlike Symbols -->
-		<entity name="weierp" cdata="&amp;#8472;"/> <!--script capital P = power set = Weierstrass p, U+2118 ISOamso -->
-		<entity name="image" cdata="&amp;#8465;"/> <!--blackletter capital I = imaginary part, U+2111 ISOamso -->
-		<entity name="real" cdata="&amp;#8476;"/> <!--blackletter capital R = real part symbol, U+211C ISOamso -->
-		<entity name="trade" cdata="&amp;#8482;"/> <!--trade mark sign, U+2122 ISOnum -->
-		<entity name="alefsym" cdata="&amp;#8501;"/> <!--alef symbol = first transfinite cardinal, U+2135 NEW -->
-		<!-- alef symbol is NOT the same as hebrew letter alef,
-		     U+05D0 although the same glyph could be used to depict both characters -->
-		
-		<!-- Arrows -->
-		<entity name="larr" cdata="&amp;#8592;"/> <!--leftwards arrow, U+2190 ISOnum -->
-		<entity name="uarr" cdata="&amp;#8593;"/> <!--upwards arrow, U+2191 ISOnum-->
-		<entity name="rarr" cdata="&amp;#8594;"/> <!--rightwards arrow, U+2192 ISOnum -->
-		<entity name="darr" cdata="&amp;#8595;"/> <!--downwards arrow, U+2193 ISOnum -->
-		<entity name="harr" cdata="&amp;#8596;"/> <!--left right arrow, U+2194 ISOamsa -->
-		<entity name="crarr" cdata="&amp;#8629;"/> <!--downwards arrow with corner leftwards
-		                                     = carriage return, U+21B5 NEW -->
-		<entity name="lArr" cdata="&amp;#8656;"/> <!--leftwards double arrow, U+21D0 ISOtech -->
-		
-		<!-- ISO 10646 does not say that lArr is the same as the 'is implied by' arrow
-		    but also does not have any other character for that function. So ? lArr can
-		    be used for 'is implied by' as ISOtech suggests -->
-		    
-		<entity name="uArr" cdata="&amp;#8657;"/> <!--upwards double arrow, U+21D1 ISOamsa -->
-		<entity name="rArr" cdata="&amp;#8658;"/> <!--rightwards double arrow, U+21D2 ISOtech -->
-		
-		<!-- ISO 10646 does not say this is the 'implies' character but does not have 
-		     another character with this function so ?
-		     rArr can be used for 'implies' as ISOtech suggests -->
-		     
-		<entity name="dArr" cdata="&amp;#8659;"/> <!--downwards double arrow, U+21D3 ISOamsa -->
-		<entity name="hArr" cdata="&amp;#8660;"/> <!--left right double arrow, U+21D4 ISOamsa -->
-		
-		<!-- Mathematical Operators -->
-		<entity name="forall" cdata="&amp;#8704;"/> <!--for all, U+2200 ISOtech -->
-		<entity name="part" cdata="&amp;#8706;"/> <!--partial differential, U+2202 ISOtech  -->
-		<entity name="exist" cdata="&amp;#8707;"/> <!--there exists, U+2203 ISOtech -->
-		<entity name="empty" cdata="&amp;#8709;"/> <!--empty set = null set = diameter,U+2205 ISOamso -->
-		<entity name="nabla" cdata="&amp;#8711;"/> <!--nabla = backward difference, U+2207 ISOtech -->
-		<entity name="isin" cdata="&amp;#8712;"/> <!--element of, U+2208 ISOtech -->
-		<entity name="notin" cdata="&amp;#8713;"/> <!--not an element of, U+2209 ISOtech -->
-		<entity name="ni" cdata="&amp;#8715;"/> <!--contains as member, U+220B ISOtech -->
-	
-		<!-- should there be a more memorable name than 'ni'? -->
-		<entity name="prod" cdata="&amp;#8719;"/> <!--n-ary product = product sign, U+220F ISOamsb -->
-		
-		<!-- prod is NOT the same character as U+03A0 'greek capital letter pi' though
-		     the same glyph might be used for both -->
-		     
-		<entity name="sum" cdata="&amp;#8721;"/> <!--n-ary sumation, U+2211 ISOamsb -->
-		
-		<!-- sum is NOT the same character as U+03A3 'greek capital letter sigma'
-		     though the same glyph might be used for both -->
-		
-		<entity name="minus" cdata="&amp;#8722;"/> <!--minus sign, U+2212 ISOtech -->
-		<entity name="lowast" cdata="&amp;#8727;"/> <!--asterisk operator, U+2217 ISOtech -->
-		<entity name="radic" cdata="&amp;#8730;"/> <!--square root = radical sign, U+221A ISOtech -->
-		<entity name="prop" cdata="&amp;#8733;"/> <!--proportional to, U+221D ISOtech -->
-		<entity name="infin" cdata="&amp;#8734;"/> <!--infinity, U+221E ISOtech -->
-		<entity name="ang" cdata="&amp;#8736;"/> <!--angle, U+2220 ISOamso -->
-		<entity name="and" cdata="&amp;#8743;"/> <!--logical and = wedge, U+2227 ISOtech -->
-		<entity name="or" cdata="&amp;#8744;"/> <!--logical or = vee, U+2228 ISOtech -->
-		<entity name="cap" cdata="&amp;#8745;"/> <!--intersection = cap, U+2229 ISOtech -->
-		<entity name="cup" cdata="&amp;#8746;"/> <!--union = cup, U+222A ISOtech -->
-		<entity name="int" cdata="&amp;#8747;"/> <!--integral, U+222B ISOtech -->
-		<entity name="there4" cdata="&amp;#8756;"/> <!--therefore, U+2234 ISOtech -->
-		<entity name="sim" cdata="&amp;#8764;"/> <!--tilde operator = varies with = similar to, U+223C ISOtech -->
-		
-		<!-- tilde operator is NOT the same character as the tilde, U+007E,
-		     although the same glyph might be used to represent both  -->
-		     
-		<entity name="cong" cdata="&amp;#8773;"/> <!--approximately equal to, U+2245 ISOtech -->
-		<entity name="asymp" cdata="&amp;#8776;"/> <!--almost equal to = asymptotic to, U+2248 ISOamsr -->
-		<entity name="ne" cdata="&amp;#8800;"/> <!--not equal to, U+2260 ISOtech -->
-		<entity name="equiv" cdata="&amp;#8801;"/> <!--identical to, U+2261 ISOtech -->
-		<entity name="le" cdata="&amp;#8804;"/> <!--less-than or equal to, U+2264 ISOtech -->
-		<entity name="ge" cdata="&amp;#8805;"/> <!--greater-than or equal to, U+2265 ISOtech -->
-		<entity name="sub" cdata="&amp;#8834;"/> <!--subset of, U+2282 ISOtech -->
-		<entity name="sup" cdata="&amp;#8835;"/> <!--superset of, U+2283 ISOtech -->
-		
-		<!-- note that nsup, 'not a superset of, U+2283' is not covered by the Symbol 
-		     font encoding and is not included. Should it be, for symmetry?
-		     It is in ISOamsn  --> 
-		
-		<entity name="nsub" cdata="&amp;#8836;"/> <!--not a subset of, U+2284 ISOamsn -->
-		<entity name="sube" cdata="&amp;#8838;"/> <!--subset of or equal to, U+2286 ISOtech -->
-		<entity name="supe" cdata="&amp;#8839;"/> <!--superset of or equal to, U+2287 ISOtech -->
-		<entity name="oplus" cdata="&amp;#8853;"/> <!--circled plus = direct sum, U+2295 ISOamsb -->
-		<entity name="otimes" cdata="&amp;#8855;"/> <!--circled times = vector product, U+2297 ISOamsb -->
-		<entity name="perp" cdata="&amp;#8869;"/> <!--up tack = orthogonal to = perpendicular, U+22A5 ISOtech -->
-		<entity name="sdot" cdata="&amp;#8901;"/> <!--dot operator, U+22C5 ISOamsb -->
-		<!-- dot operator is NOT the same character as U+00B7 middle dot -->
-		
-		<!-- Miscellaneous Technical -->
-		<entity name="lceil" cdata="&amp;#8968;"/> <!--left ceiling = apl upstile, U+2308 ISOamsc  -->
-		<entity name="rceil" cdata="&amp;#8969;"/> <!--right ceiling, U+2309 ISOamsc  -->
-		<entity name="lfloor" cdata="&amp;#8970;"/> <!--left floor = apl downstile, U+230A ISOamsc  -->
-		<entity name="rfloor" cdata="&amp;#8971;"/> <!--right floor, U+230B ISOamsc  -->
-		<entity name="lang" cdata="&amp;#9001;"/> <!--left-pointing angle bracket = bra, U+2329 ISOtech -->
-		<!-- lang is NOT the same character as U+003C 'less than' 
-		     or U+2039 'single left-pointing angle quotation mark' -->
-		<entity name="rang" cdata="&amp;#9002;"/> <!--right-pointing angle bracket = ket, U+232A ISOtech -->
-		<!-- rang is NOT the same character as U+003E 'greater than' or U+203A 'single right-pointing angle quotation mark' -->
-		
-		<!-- Geometric Shapes -->
-		<entity name="loz" cdata="&amp;#9674;"/> <!--lozenge, U+25CA ISOpub -->
-		
-		<!-- Miscellaneous Symbols -->
-		<entity name="spades" cdata="&amp;#9824;"/> <!--black spade suit, U+2660 ISOpub -->
-		<!-- black here seems to mean filled as opposed to hollow -->
-		<entity name="clubs" cdata="&amp;#9827;"/> <!--black club suit = shamrock, U+2663 ISOpub -->
-		<entity name="hearts" cdata="&amp;#9829;"/> <!--black heart suit = valentine, U+2665 ISOpub -->
-		<entity name="diams" cdata="&amp;#9830;"/> <!--black diamond suit, U+2666 ISOpub -->
-		
-		<entity name="quot" cdata="&amp;#34;"  /> <!--quotation mark = APL quote, U+0022 ISOnum -->
-		<!-- Latin Extended-A -->
-		<entity name="OElig" cdata="&amp;#338;" /> <!--latin capital ligature OE, U+0152 ISOlat2 -->
-		<entity name="oelig" cdata="&amp;#339;" /> <!--latin small ligature oe, U+0153 ISOlat2 -->
-		<!-- ligature is a misnomer, this is a separate character in some languages -->
-		<entity name="Scaron" cdata="&amp;#352;" /> <!--latin capital letter S with caron, U+0160 ISOlat2 -->
-		<entity name="scaron" cdata="&amp;#353;" /> <!--latin small letter s with caron, U+0161 ISOlat2 -->
-		<entity name="Yuml" cdata="&amp;#376;" /> <!--latin capital letter Y with diaeresis, U+0178 ISOlat2 -->
-		
-		<!-- Spacing Modifier Letters -->
-		<entity name="circ" cdata="&amp;#710;" /> <!--modifier letter circumflex accent, U+02C6 ISOpub -->
-		<entity name="tilde" cdata="&amp;#732;" /> <!--small tilde, U+02DC ISOdia -->
-		
-		<!-- General Punctuation -->
-		<entity name="ensp" cdata="&amp;#8194;"/> <!--en space, U+2002 ISOpub -->
-		<entity name="emsp" cdata="&amp;#8195;"/> <!--em space, U+2003 ISOpub -->
-		<entity name="thinsp" cdata="&amp;#8201;"/> <!--thin space, U+2009 ISOpub -->
-		<entity name="zwnj" cdata="&amp;#8204;"/> <!--zero width non-joiner, U+200C NEW RFC 2070 -->
-		<entity name="zwj" cdata="&amp;#8205;"/> <!--zero width joiner, U+200D NEW RFC 2070 -->
-		<entity name="lrm" cdata="&amp;#8206;"/> <!--left-to-right mark, U+200E NEW RFC 2070 -->
-		<entity name="rlm" cdata="&amp;#8207;"/> <!--right-to-left mark, U+200F NEW RFC 2070 -->
-		<entity name="ndash" cdata="&amp;#8211;"/> <!--en dash, U+2013 ISOpub -->
-		<entity name="mdash" cdata="&amp;#8212;"/> <!--em dash, U+2014 ISOpub -->
-		<entity name="lsquo" cdata="&amp;#8216;"/> <!--left single quotation mark, U+2018 ISOnum -->
-		<entity name="rsquo" cdata="&amp;#8217;"/> <!--right single quotation mark, U+2019 ISOnum -->
-		<entity name="sbquo" cdata="&amp;#8218;"/> <!--single low-9 quotation mark, U+201A NEW -->
-		<entity name="ldquo" cdata="&amp;#8220;"/> <!--left double quotation mark, U+201C ISOnum -->
-		<entity name="rdquo" cdata="&amp;#8221;"/> <!--right double quotation mark, U+201D ISOnum -->
-		<entity name="bdquo" cdata="&amp;#8222;"/> <!--double low-9 quotation mark, U+201E NEW -->
-		<entity name="dagger" cdata="&amp;#8224;"/> <!--dagger, U+2020 ISOpub -->
-		<entity name="Dagger" cdata="&amp;#8225;"/> <!--double dagger, U+2021 ISOpub -->
-		<entity name="permil" cdata="&amp;#8240;"/> <!--per mille sign, U+2030 ISOtech -->
-		<entity name="lsaquo" cdata="&amp;#8249;"/> <!--single left-pointing angle quotation mark, U+2039 ISO proposed -->
-		<!-- lsaquo is proposed but not yet ISO standardized -->
-		<entity name="rsaquo" cdata="&amp;#8250;"/> <!--single right-pointing angle quotation mark, U+203A ISO proposed -->
-		<!-- rsaquo is proposed but not yet ISO standardized -->
-		<entity name="euro" cdata="&amp;#8364;" /> <!--euro sign, U+20AC NEW -->
-	</html-entities>
-
 </anti-samy-rules>

From 6e0b0326ada64fc048ee50da02695828315c6d59 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sat, 6 Mar 2021 16:24:49 -0500
Subject: [PATCH 740/812] Remove <html-entities> since not part of AntiSamy XSD

---
 src/test/resources/esapi/antisamy-esapi.xml | 319 --------------------
 1 file changed, 319 deletions(-)

diff --git a/src/test/resources/esapi/antisamy-esapi.xml b/src/test/resources/esapi/antisamy-esapi.xml
index 14880d0b5..4eb23cdfe 100644
--- a/src/test/resources/esapi/antisamy-esapi.xml
+++ b/src/test/resources/esapi/antisamy-esapi.xml
@@ -169,324 +169,5 @@ Slashdot allowed tags taken from "Reply" page:
 	</css-rules>
 
 
-	<html-entities>
-		<entity name="amp" cdata="&amp;"/>
-		<entity name="nbsp" cdata="&amp;#160;"/>
-		
-		<entity name="iexcl" cdata="&amp;#161;"/> <!--inverted exclamation mark, U+00A1 ISOnum -->
-		<entity name="cent" cdata="&amp;#162;"/> <!--cent sign, U+00A2 ISOnum -->
-		<entity name="pound" cdata="&amp;#163;"/> <!--pound sign, U+00A3 ISOnum -->
-		<entity name="curren" cdata="&amp;#164;"/> <!--currency sign, U+00A4 ISOnum -->
-		<entity name="yen" cdata="&amp;#165;"/> <!--yen sign = yuan sign, U+00A5 ISOnum -->
-		<entity name="brvbar" cdata="&amp;#166;"/> <!--broken bar = broken vertical bar, U+00A6 ISOnum -->
-		<entity name="sect" cdata="&amp;#167;"/> <!--section sign, U+00A7 ISOnum -->
-		<entity name="uml" cdata="&amp;#168;"/> <!--diaeresis = spacing diaeresis, U+00A8 ISOdia -->
-		<entity name="copy" cdata="&amp;#169;"/> <!--copyright sign, U+00A9 ISOnum -->
-		<entity name="ordf" cdata="&amp;#170;"/> <!--feminine ordinal indicator, U+00AA ISOnum -->
-		<entity name="laquo" cdata="&amp;#171;"/> <!--left-pointing double angle quotation mark = left pointing guillemet, U+00AB ISOnum -->
-		<entity name="not" cdata="&amp;#172;"/> <!--not sign, U+00AC ISOnum -->
-		<entity name="shy" cdata="&amp;#173;"/> <!--soft hyphen = discretionary hyphen,U+00AD ISOnum -->
-		<entity name="reg" cdata="&amp;#174;"/> <!--registered sign = registered trade mark sign, U+00AE ISOnum -->
-		<entity name="macr" cdata="&amp;#175;"/> <!--macron = spacing macron = overline = APL overbar, U+00AF ISOdia -->
-		<entity name="deg" cdata="&amp;#176;"/> <!--degree sign, U+00B0 ISOnum -->
-		<entity name="plusmn" cdata="&amp;#177;"/> <!--plus-minus sign = plus-or-minus sign, U+00B1 ISOnum -->
-		<entity name="sup2" cdata="&amp;#178;"/> <!--superscript two = superscript digit two = squared, U+00B2 ISOnum -->
-		<entity name="sup3" cdata="&amp;#179;"/> <!--superscript three = superscript digit three= cubed, U+00B3 ISOnum -->
-		<entity name="acute" cdata="&amp;#180;"/> <!--acute accent = spacing acute, U+00B4 ISOdia -->
-		<entity name="micro" cdata="&amp;#181;"/> <!--micro sign, U+00B5 ISOnum -->
-		<entity name="para" cdata="&amp;#182;"/> <!--pilcrow sign = paragraph sign, U+00B6 ISOnum -->
-		<entity name="middot" cdata="&amp;#183;"/> <!--middle dot = Georgian comma = Greek middle dot, U+00B7 ISOnum -->
-		<entity name="cedil" cdata="&amp;#184;"/> <!--cedilla = spacing cedilla, U+00B8 ISOdia -->
-		<entity name="sup1" cdata="&amp;#185;"/> <!--superscript one = superscript digit one,U+00B9 ISOnum -->
-		<entity name="ordm" cdata="&amp;#186;"/> <!--masculine ordinal indicator, U+00BA ISOnum -->
-		<entity name="raquo" cdata="&amp;#187;"/> <!--right-pointing double angle quotation mark = right pointing guillemet, U+00BB ISOnum -->
-		<entity name="frac14" cdata="&amp;#188;"/> <!--vulgar fraction one quarter = fraction one quarter, U+00BC ISOnum -->
-		<entity name="frac12" cdata="&amp;#189;"/> <!--vulgar fraction one half = fraction one half, U+00BD ISOnum -->
-		<entity name="frac34" cdata="&amp;#190;"/> <!--vulgar fraction three quarters = fraction three quarters, U+00BE ISOnum -->
-		<entity name="iquest" cdata="&amp;#191;"/> <!--inverted question mark = turned question mark, U+00BF ISOnum -->
-		<entity name="Agrave" cdata="&amp;#192;"/> <!--latin capital letter A with grave = latin capital letter A grave,U+00C0 ISOlat1 -->
-		<entity name="Aacute" cdata="&amp;#193;"/> <!--latin capital letter A with acute,U+00C1 ISOlat1 -->
-		<entity name="Acirc" cdata="&amp;#194;"/> <!--latin capital letter A with circumflex,U+00C2 ISOlat1 -->
-		<entity name="Atilde" cdata="&amp;#195;"/> <!--latin capital letter A with tilde,U+00C3 ISOlat1 -->
-		<entity name="Auml" cdata="&amp;#196;"/> <!--latin capital letter A with diaeresis,U+00C4 ISOlat1 -->
-		<entity name="Aring" cdata="&amp;#197;"/> <!--latin capital letter A with ring above = latin capital letter A ring, U+00C5 ISOlat1 -->
-		<entity name="AElig" cdata="&amp;#198;"/> <!--latin capital letter AE = latin capital ligature AE, U+00C6 ISOlat1 -->
-		<entity name="Ccedil" cdata="&amp;#199;"/> <!--latin capital letter C with cedilla, U+00C7 ISOlat1 -->
-		<entity name="Egrave" cdata="&amp;#200;"/> <!--latin capital letter E with grave, U+00C8 ISOlat1 -->
-		<entity name="Eacute" cdata="&amp;#201;"/> <!--latin capital letter E with acute,U+00C9 ISOlat1 -->
-		<entity name="Ecirc" cdata="&amp;#202;"/> <!--latin capital letter E with circumflex,U+00CA ISOlat1 -->
-		<entity name="Euml" cdata="&amp;#203;"/> <!--latin capital letter E with diaeresis, U+00CB ISOlat1 -->
-		<entity name="Igrave" cdata="&amp;#204;"/> <!--latin capital letter I with grave, U+00CC ISOlat1 -->
-		<entity name="Iacute" cdata="&amp;#205;"/> <!--latin capital letter I with acute, U+00CD ISOlat1 -->
-		<entity name="Icirc" cdata="&amp;#206;"/> <!--latin capital letter I with circumflex, U+00CE ISOlat1 -->
-		<entity name="Iuml" cdata="&amp;#207;"/> <!--latin capital letter I with diaeresis, U+00CF ISOlat1 -->
-		<entity name="ETH" cdata="&amp;#208;"/> <!--latin capital letter ETH, U+00D0 ISOlat1 -->
-		<entity name="Ntilde" cdata="&amp;#209;"/> <!--latin capital letter N with tilde, U+00D1 ISOlat1 -->
-		<entity name="Ograve" cdata="&amp;#210;"/> <!--latin capital letter O with grave, U+00D2 ISOlat1 -->
-		<entity name="Oacute" cdata="&amp;#211;"/> <!--latin capital letter O with acute, U+00D3 ISOlat1 -->
-		<entity name="Ocirc" cdata="&amp;#212;"/> <!--latin capital letter O with circumflex, U+00D4 ISOlat1 -->
-		<entity name="Otilde" cdata="&amp;#213;"/> <!--latin capital letter O with tilde, U+00D5 ISOlat1 -->
-		<entity name="Ouml" cdata="&amp;#214;"/> <!--latin capital letter O with diaeresis, U+00D6 ISOlat1 -->
-		<entity name="times" cdata="&amp;#215;"/> <!--multiplication sign, U+00D7 ISOnum -->
-		<entity name="Oslash" cdata="&amp;#216;"/> <!--latin capital letter O with stroke = latin capital letter O slash, U+00D8 ISOlat1 -->
-		<entity name="Ugrave" cdata="&amp;#217;"/> <!--latin capital letter U with grave, U+00D9 ISOlat1 -->
-		<entity name="Uacute" cdata="&amp;#218;"/> <!--latin capital letter U with acute, U+00DA ISOlat1 -->
-		<entity name="Ucirc" cdata="&amp;#219;"/> <!--latin capital letter U with circumflex, U+00DB ISOlat1 -->
-		<entity name="Uuml" cdata="&amp;#220;"/> <!--latin capital letter U with diaeresis, U+00DC ISOlat1 -->
-		<entity name="Yacute" cdata="&amp;#221;"/> <!--latin capital letter Y with acute, U+00DD ISOlat1 -->
-		<entity name="THORN" cdata="&amp;#222;"/> <!--latin capital letter THORN, U+00DE ISOlat1 -->
-		<entity name="szlig" cdata="&amp;#223;"/> <!--latin small letter sharp s = ess-zed, U+00DF ISOlat1 -->
-		<entity name="agrave" cdata="&amp;#224;"/> <!--latin small letter a with grave = latin small letter a grave, U+00E0 ISOlat1 -->
-		<entity name="aacute" cdata="&amp;#225;"/> <!--latin small letter a with acute, U+00E1 ISOlat1 -->
-		<entity name="acirc" cdata="&amp;#226;"/> <!--latin small letter a with circumflex, U+00E2 ISOlat1 -->
-		<entity name="atilde" cdata="&amp;#227;"/> <!--latin small letter a with tilde, U+00E3 ISOlat1 -->
-		<entity name="auml" cdata="&amp;#228;"/> <!--latin small letter a with diaeresis, U+00E4 ISOlat1 -->
-		<entity name="aring" cdata="&amp;#229;"/> <!--latin small letter a with ring above = latin small letter a ring, U+00E5 ISOlat1 -->
-		<entity name="aelig" cdata="&amp;#230;"/> <!--latin small letter ae = latin small ligature ae, U+00E6 ISOlat1 -->
-		<entity name="ccedil" cdata="&amp;#231;"/> <!--latin small letter c with cedilla, U+00E7 ISOlat1 -->
-		<entity name="egrave" cdata="&amp;#232;"/> <!--latin small letter e with grave, U+00E8 ISOlat1 -->
-		<entity name="eacute" cdata="&amp;#233;"/> <!--latin small letter e with acute, U+00E9 ISOlat1 -->
-		<entity name="ecirc" cdata="&amp;#234;"/> <!--latin small letter e with circumflex, U+00EA ISOlat1 -->
-		<entity name="euml" cdata="&amp;#235;"/> <!--latin small letter e with diaeresis, U+00EB ISOlat1 -->
-		<entity name="igrave" cdata="&amp;#236;"/> <!--latin small letter i with grave, U+00EC ISOlat1 -->
-		<entity name="iacute" cdata="&amp;#237;"/> <!--latin small letter i with acute, U+00ED ISOlat1 -->
-		<entity name="icirc" cdata="&amp;#238;"/> <!--latin small letter i with circumflex, U+00EE ISOlat1 -->
-		<entity name="iuml" cdata="&amp;#239;"/> <!--latin small letter i with diaeresis, U+00EF ISOlat1 -->
-		<entity name="eth" cdata="&amp;#240;"/> <!--latin small letter eth, U+00F0 ISOlat1 -->
-		<entity name="ntilde" cdata="&amp;#241;"/> <!--latin small letter n with tilde, U+00F1 ISOlat1 -->
-		<entity name="ograve" cdata="&amp;#242;"/> <!--latin small letter o with grave, U+00F2 ISOlat1 -->
-		<entity name="oacute" cdata="&amp;#243;"/> <!--latin small letter o with acute, U+00F3 ISOlat1 -->
-		<entity name="ocirc " cdata="&amp;#244;"/> <!--latin small letter o with circumflex, U+00F4 ISOlat1 -->
-		<entity name="otilde" cdata="&amp;#245;"/> <!--latin small letter o with tilde, U+00F5 ISOlat1 -->
-		<entity name="ouml" cdata="&amp;#246;"/> <!--latin small letter o with diaeresis, U+00F6 ISOlat1 -->
-		<entity name="divide" cdata="&amp;#247;"/> <!--division sign, U+00F7 ISOnum -->
-		<entity name="oslash" cdata="&amp;#248;"/> <!--latin small letter o with stroke, = latin small letter o slash, U+00F8 ISOlat1 -->
-		<entity name="ugrave" cdata="&amp;#249;"/> <!--latin small letter u with grave, U+00F9 ISOlat1 -->
-		<entity name="uacute" cdata="&amp;#250;"/> <!--latin small letter u with acute, U+00FA ISOlat1 -->
-		<entity name="ucirc" cdata="&amp;#251;"/> <!--latin small letter u with circumflex, U+00FB ISOlat1 -->
-		<entity name="uuml" cdata="&amp;#252;"/> <!--latin small letter u with diaeresis, U+00FC ISOlat1 -->
-		<entity name="yacute" cdata="&amp;#253;"/> <!--latin small letter y with acute, U+00FD ISOlat1 -->
-		<entity name="thorn" cdata="&amp;#254;"/> <!--latin small letter thorn, U+00FE ISOlat1 -->
-		<entity name="yuml" cdata="&amp;#255;"/> <!--latin small letter y with diaeresis, U+00FF ISOlat1 -->
-		                                  
-		<entity name="fnof" cdata="&amp;#402;"/> <!--latin small f with hook = function = florin, U+0192 ISOtech -->
-		
-		<!-- Greek -->
-		<entity name="Alpha" cdata="&amp;#913;"/> <!--greek capital letter alpha, U+0391 -->
-		<entity name="Beta" cdata="&amp;#914;"/> <!--greek capital letter beta, U+0392 -->
-		<entity name="Gamma" cdata="&amp;#915;"/> <!--greek capital letter gamma, U+0393 ISOgrk3 -->
-		<entity name="Delta" cdata="&amp;#916;"/> <!--greek capital letter delta, U+0394 ISOgrk3 -->
-		<entity name="Epsilon" cdata="&amp;#917;"/> <!--greek capital letter epsilon, U+0395 -->
-		<entity name="Zeta" cdata="&amp;#918;"/> <!--greek capital letter zeta, U+0396 -->
-		<entity name="Eta" cdata="&amp;#919;"/> <!--greek capital letter eta, U+0397 -->
-		<entity name="Theta" cdata="&amp;#920;"/> <!--greek capital letter theta, U+0398 ISOgrk3 -->
-		<entity name="Iota" cdata="&amp;#921;"/> <!--greek capital letter iota, U+0399 -->
-		<entity name="Kappa" cdata="&amp;#922;"/> <!--greek capital letter kappa, U+039A -->
-		<entity name="Lambda" cdata="&amp;#923;"/> <!--greek capital letter lambda, U+039B ISOgrk3 -->
-		<entity name="Mu" cdata="&amp;#924;"/> <!--greek capital letter mu, U+039C -->
-		<entity name="Nu" cdata="&amp;#925;"/> <!--greek capital letter nu, U+039D -->
-		<entity name="Xi" cdata="&amp;#926;"/> <!--greek capital letter xi, U+039E ISOgrk3 -->
-		<entity name="Omicron" cdata="&amp;#927;"/> <!--greek capital letter omicron, U+039F -->
-		<entity name="Pi" cdata="&amp;#928;"/> <!--greek capital letter pi, U+03A0 ISOgrk3 -->
-		<entity name="Rho" cdata="&amp;#929;"/> <!--greek capital letter rho, U+03A1 -->
-		<!-- there is no Sigmaf, and no U+03A2 character either -->
-		<entity name="Sigma" cdata="&amp;#931;"/> <!--greek capital letter sigma, U+03A3 ISOgrk3 -->
-		<entity name="Tau" cdata="&amp;#932;"/> <!--greek capital letter tau, U+03A4 -->
-		<entity name="Upsilon" cdata="&amp;#933;"/> <!--greek capital letter upsilon,U+03A5 ISOgrk3 -->
-		<entity name="Phi" cdata="&amp;#934;"/> <!--greek capital letter phi,U+03A6 ISOgrk3 -->
-		<entity name="Chi" cdata="&amp;#935;"/> <!--greek capital letter chi, U+03A7 -->
-		<entity name="Psi" cdata="&amp;#936;"/> <!--greek capital letter psi,U+03A8 ISOgrk3 -->
-		<entity name="Omega" cdata="&amp;#937;"/> <!--greek capital letter omega,U+03A9 ISOgrk3 -->
-		
-		<entity name="alpha" cdata="&amp;#945;"/> <!--greek small letter alpha,U+03B1 ISOgrk3 -->
-		<entity name="beta" cdata="&amp;#946;"/> <!--greek small letter beta, U+03B2 ISOgrk3 -->
-		<entity name="gamma" cdata="&amp;#947;"/> <!--greek small letter gamma,U+03B3 ISOgrk3 -->
-		<entity name="delta" cdata="&amp;#948;"/> <!--greek small letter delta,U+03B4 ISOgrk3 -->
-		<entity name="epsilon" cdata="&amp;#949;"/> <!--greek small letter epsilon,U+03B5 ISOgrk3 -->
-		<entity name="zeta" cdata="&amp;#950;"/> <!--greek small letter zeta, U+03B6 ISOgrk3 -->
-		<entity name="eta" cdata="&amp;#951;"/> <!--greek small letter eta, U+03B7 ISOgrk3 -->
-		<entity name="theta" cdata="&amp;#952;"/> <!--greek small letter theta, U+03B8 ISOgrk3 -->
-		<entity name="iota" cdata="&amp;#953;"/> <!--greek small letter iota, U+03B9 ISOgrk3 -->
-		<entity name="kappa" cdata="&amp;#954;"/> <!--greek small letter kappa,U+03BA ISOgrk3 -->
-		<entity name="lambda" cdata="&amp;#955;"/> <!--greek small letter lambda, U+03BB ISOgrk3 -->
-		<entity name="mu" cdata="&amp;#956;"/> <!--greek small letter mu, U+03BC ISOgrk3 -->
-		<entity name="nu" cdata="&amp;#957;"/> <!--greek small letter nu, U+03BD ISOgrk3 -->
-		<entity name="xi" cdata="&amp;#958;"/> <!--greek small letter xi, U+03BE ISOgrk3 -->
-		<entity name="omicron" cdata="&amp;#959;"/> <!--greek small letter omicron, U+03BF NEW -->
-		<entity name="pi" cdata="&amp;#960;"/> <!--greek small letter pi, U+03C0 ISOgrk3 -->
-		<entity name="rho" cdata="&amp;#961;"/> <!--greek small letter rho, U+03C1 ISOgrk3 -->
-		<entity name="sigmaf" cdata="&amp;#962;"/> <!--greek small letter final sigma, U+03C2 ISOgrk3 -->
-		<entity name="sigma" cdata="&amp;#963;"/> <!--greek small letter sigma, U+03C3 ISOgrk3 -->
-		<entity name="tau" cdata="&amp;#964;"/> <!--greek small letter tau, U+03C4 ISOgrk3 -->
-		<entity name="upsilon" cdata="&amp;#965;"/> <!--greek small letter upsilon, U+03C5 ISOgrk3 -->
-		<entity name="phi" cdata="&amp;#966;"/> <!--greek small letter phi, U+03C6 ISOgrk3 -->
-		<entity name="chi" cdata="&amp;#967;"/> <!--greek small letter chi, U+03C7 ISOgrk3 -->
-		<entity name="psi" cdata="&amp;#968;"/> <!--greek small letter psi, U+03C8 ISOgrk3 -->
-		<entity name="omega" cdata="&amp;#969;"/> <!--greek small letter omega, U+03C9 ISOgrk3 -->
-		<entity name="thetasym" cdata="&amp;#977;"/> <!--greek small letter theta symbol, U+03D1 NEW -->
-		<entity name="upsih" cdata="&amp;#978;"/> <!--greek upsilon with hook symbol, U+03D2 NEW -->
-		<entity name="piv" cdata="&amp;#982;"/> <!--greek pi symbol, U+03D6 ISOgrk3 -->
-		
-		<!-- General Punctuation -->
-		<entity name="bull" cdata="&amp;#8226;"/> <!--bullet = black small circle, U+2022 ISOpub  -->
-		<!-- bullet is NOT the same as bullet operator, U+2219 -->
-		<entity name="hellip" cdata="&amp;#8230;"/> <!--horizontal ellipsis = three dot leader, U+2026 ISOpub  -->
-		<entity name="prime" cdata="&amp;#8242;"/> <!--prime = minutes = feet, U+2032 ISOtech -->
-		<entity name="Prime" cdata="&amp;#8243;"/> <!--double prime = seconds = inches, U+2033 ISOtech -->
-		<entity name="oline" cdata="&amp;#8254;"/> <!--overline = spacing overscore, U+203E NEW -->
-		<entity name="frasl" cdata="&amp;#8260;"/> <!--fraction slash, U+2044 NEW -->
-		
-		<!-- Letterlike Symbols -->
-		<entity name="weierp" cdata="&amp;#8472;"/> <!--script capital P = power set = Weierstrass p, U+2118 ISOamso -->
-		<entity name="image" cdata="&amp;#8465;"/> <!--blackletter capital I = imaginary part, U+2111 ISOamso -->
-		<entity name="real" cdata="&amp;#8476;"/> <!--blackletter capital R = real part symbol, U+211C ISOamso -->
-		<entity name="trade" cdata="&amp;#8482;"/> <!--trade mark sign, U+2122 ISOnum -->
-		<entity name="alefsym" cdata="&amp;#8501;"/> <!--alef symbol = first transfinite cardinal, U+2135 NEW -->
-		<!-- alef symbol is NOT the same as hebrew letter alef,
-		     U+05D0 although the same glyph could be used to depict both characters -->
-		
-		<!-- Arrows -->
-		<entity name="larr" cdata="&amp;#8592;"/> <!--leftwards arrow, U+2190 ISOnum -->
-		<entity name="uarr" cdata="&amp;#8593;"/> <!--upwards arrow, U+2191 ISOnum-->
-		<entity name="rarr" cdata="&amp;#8594;"/> <!--rightwards arrow, U+2192 ISOnum -->
-		<entity name="darr" cdata="&amp;#8595;"/> <!--downwards arrow, U+2193 ISOnum -->
-		<entity name="harr" cdata="&amp;#8596;"/> <!--left right arrow, U+2194 ISOamsa -->
-		<entity name="crarr" cdata="&amp;#8629;"/> <!--downwards arrow with corner leftwards
-		                                     = carriage return, U+21B5 NEW -->
-		<entity name="lArr" cdata="&amp;#8656;"/> <!--leftwards double arrow, U+21D0 ISOtech -->
-		
-		<!-- ISO 10646 does not say that lArr is the same as the 'is implied by' arrow
-		    but also does not have any other character for that function. So ? lArr can
-		    be used for 'is implied by' as ISOtech suggests -->
-		    
-		<entity name="uArr" cdata="&amp;#8657;"/> <!--upwards double arrow, U+21D1 ISOamsa -->
-		<entity name="rArr" cdata="&amp;#8658;"/> <!--rightwards double arrow, U+21D2 ISOtech -->
-		
-		<!-- ISO 10646 does not say this is the 'implies' character but does not have 
-		     another character with this function so ?
-		     rArr can be used for 'implies' as ISOtech suggests -->
-		     
-		<entity name="dArr" cdata="&amp;#8659;"/> <!--downwards double arrow, U+21D3 ISOamsa -->
-		<entity name="hArr" cdata="&amp;#8660;"/> <!--left right double arrow, U+21D4 ISOamsa -->
-		
-		<!-- Mathematical Operators -->
-		<entity name="forall" cdata="&amp;#8704;"/> <!--for all, U+2200 ISOtech -->
-		<entity name="part" cdata="&amp;#8706;"/> <!--partial differential, U+2202 ISOtech  -->
-		<entity name="exist" cdata="&amp;#8707;"/> <!--there exists, U+2203 ISOtech -->
-		<entity name="empty" cdata="&amp;#8709;"/> <!--empty set = null set = diameter,U+2205 ISOamso -->
-		<entity name="nabla" cdata="&amp;#8711;"/> <!--nabla = backward difference, U+2207 ISOtech -->
-		<entity name="isin" cdata="&amp;#8712;"/> <!--element of, U+2208 ISOtech -->
-		<entity name="notin" cdata="&amp;#8713;"/> <!--not an element of, U+2209 ISOtech -->
-		<entity name="ni" cdata="&amp;#8715;"/> <!--contains as member, U+220B ISOtech -->
-	
-		<!-- should there be a more memorable name than 'ni'? -->
-		<entity name="prod" cdata="&amp;#8719;"/> <!--n-ary product = product sign, U+220F ISOamsb -->
-		
-		<!-- prod is NOT the same character as U+03A0 'greek capital letter pi' though
-		     the same glyph might be used for both -->
-		     
-		<entity name="sum" cdata="&amp;#8721;"/> <!--n-ary sumation, U+2211 ISOamsb -->
-		
-		<!-- sum is NOT the same character as U+03A3 'greek capital letter sigma'
-		     though the same glyph might be used for both -->
-		
-		<entity name="minus" cdata="&amp;#8722;"/> <!--minus sign, U+2212 ISOtech -->
-		<entity name="lowast" cdata="&amp;#8727;"/> <!--asterisk operator, U+2217 ISOtech -->
-		<entity name="radic" cdata="&amp;#8730;"/> <!--square root = radical sign, U+221A ISOtech -->
-		<entity name="prop" cdata="&amp;#8733;"/> <!--proportional to, U+221D ISOtech -->
-		<entity name="infin" cdata="&amp;#8734;"/> <!--infinity, U+221E ISOtech -->
-		<entity name="ang" cdata="&amp;#8736;"/> <!--angle, U+2220 ISOamso -->
-		<entity name="and" cdata="&amp;#8743;"/> <!--logical and = wedge, U+2227 ISOtech -->
-		<entity name="or" cdata="&amp;#8744;"/> <!--logical or = vee, U+2228 ISOtech -->
-		<entity name="cap" cdata="&amp;#8745;"/> <!--intersection = cap, U+2229 ISOtech -->
-		<entity name="cup" cdata="&amp;#8746;"/> <!--union = cup, U+222A ISOtech -->
-		<entity name="int" cdata="&amp;#8747;"/> <!--integral, U+222B ISOtech -->
-		<entity name="there4" cdata="&amp;#8756;"/> <!--therefore, U+2234 ISOtech -->
-		<entity name="sim" cdata="&amp;#8764;"/> <!--tilde operator = varies with = similar to, U+223C ISOtech -->
-		
-		<!-- tilde operator is NOT the same character as the tilde, U+007E,
-		     although the same glyph might be used to represent both  -->
-		     
-		<entity name="cong" cdata="&amp;#8773;"/> <!--approximately equal to, U+2245 ISOtech -->
-		<entity name="asymp" cdata="&amp;#8776;"/> <!--almost equal to = asymptotic to, U+2248 ISOamsr -->
-		<entity name="ne" cdata="&amp;#8800;"/> <!--not equal to, U+2260 ISOtech -->
-		<entity name="equiv" cdata="&amp;#8801;"/> <!--identical to, U+2261 ISOtech -->
-		<entity name="le" cdata="&amp;#8804;"/> <!--less-than or equal to, U+2264 ISOtech -->
-		<entity name="ge" cdata="&amp;#8805;"/> <!--greater-than or equal to, U+2265 ISOtech -->
-		<entity name="sub" cdata="&amp;#8834;"/> <!--subset of, U+2282 ISOtech -->
-		<entity name="sup" cdata="&amp;#8835;"/> <!--superset of, U+2283 ISOtech -->
-		
-		<!-- note that nsup, 'not a superset of, U+2283' is not covered by the Symbol 
-		     font encoding and is not included. Should it be, for symmetry?
-		     It is in ISOamsn  --> 
-		
-		<entity name="nsub" cdata="&amp;#8836;"/> <!--not a subset of, U+2284 ISOamsn -->
-		<entity name="sube" cdata="&amp;#8838;"/> <!--subset of or equal to, U+2286 ISOtech -->
-		<entity name="supe" cdata="&amp;#8839;"/> <!--superset of or equal to, U+2287 ISOtech -->
-		<entity name="oplus" cdata="&amp;#8853;"/> <!--circled plus = direct sum, U+2295 ISOamsb -->
-		<entity name="otimes" cdata="&amp;#8855;"/> <!--circled times = vector product, U+2297 ISOamsb -->
-		<entity name="perp" cdata="&amp;#8869;"/> <!--up tack = orthogonal to = perpendicular, U+22A5 ISOtech -->
-		<entity name="sdot" cdata="&amp;#8901;"/> <!--dot operator, U+22C5 ISOamsb -->
-		<!-- dot operator is NOT the same character as U+00B7 middle dot -->
-		
-		<!-- Miscellaneous Technical -->
-		<entity name="lceil" cdata="&amp;#8968;"/> <!--left ceiling = apl upstile, U+2308 ISOamsc  -->
-		<entity name="rceil" cdata="&amp;#8969;"/> <!--right ceiling, U+2309 ISOamsc  -->
-		<entity name="lfloor" cdata="&amp;#8970;"/> <!--left floor = apl downstile, U+230A ISOamsc  -->
-		<entity name="rfloor" cdata="&amp;#8971;"/> <!--right floor, U+230B ISOamsc  -->
-		<entity name="lang" cdata="&amp;#9001;"/> <!--left-pointing angle bracket = bra, U+2329 ISOtech -->
-		<!-- lang is NOT the same character as U+003C 'less than' 
-		     or U+2039 'single left-pointing angle quotation mark' -->
-		<entity name="rang" cdata="&amp;#9002;"/> <!--right-pointing angle bracket = ket, U+232A ISOtech -->
-		<!-- rang is NOT the same character as U+003E 'greater than' or U+203A 'single right-pointing angle quotation mark' -->
-		
-		<!-- Geometric Shapes -->
-		<entity name="loz" cdata="&amp;#9674;"/> <!--lozenge, U+25CA ISOpub -->
-		
-		<!-- Miscellaneous Symbols -->
-		<entity name="spades" cdata="&amp;#9824;"/> <!--black spade suit, U+2660 ISOpub -->
-		<!-- black here seems to mean filled as opposed to hollow -->
-		<entity name="clubs" cdata="&amp;#9827;"/> <!--black club suit = shamrock, U+2663 ISOpub -->
-		<entity name="hearts" cdata="&amp;#9829;"/> <!--black heart suit = valentine, U+2665 ISOpub -->
-		<entity name="diams" cdata="&amp;#9830;"/> <!--black diamond suit, U+2666 ISOpub -->
-		
-		<entity name="quot" cdata="&amp;#34;"  /> <!--quotation mark = APL quote, U+0022 ISOnum -->
-		<!-- Latin Extended-A -->
-		<entity name="OElig" cdata="&amp;#338;" /> <!--latin capital ligature OE, U+0152 ISOlat2 -->
-		<entity name="oelig" cdata="&amp;#339;" /> <!--latin small ligature oe, U+0153 ISOlat2 -->
-		<!-- ligature is a misnomer, this is a separate character in some languages -->
-		<entity name="Scaron" cdata="&amp;#352;" /> <!--latin capital letter S with caron, U+0160 ISOlat2 -->
-		<entity name="scaron" cdata="&amp;#353;" /> <!--latin small letter s with caron, U+0161 ISOlat2 -->
-		<entity name="Yuml" cdata="&amp;#376;" /> <!--latin capital letter Y with diaeresis, U+0178 ISOlat2 -->
-		
-		<!-- Spacing Modifier Letters -->
-		<entity name="circ" cdata="&amp;#710;" /> <!--modifier letter circumflex accent, U+02C6 ISOpub -->
-		<entity name="tilde" cdata="&amp;#732;" /> <!--small tilde, U+02DC ISOdia -->
-		
-		<!-- General Punctuation -->
-		<entity name="ensp" cdata="&amp;#8194;"/> <!--en space, U+2002 ISOpub -->
-		<entity name="emsp" cdata="&amp;#8195;"/> <!--em space, U+2003 ISOpub -->
-		<entity name="thinsp" cdata="&amp;#8201;"/> <!--thin space, U+2009 ISOpub -->
-		<entity name="zwnj" cdata="&amp;#8204;"/> <!--zero width non-joiner, U+200C NEW RFC 2070 -->
-		<entity name="zwj" cdata="&amp;#8205;"/> <!--zero width joiner, U+200D NEW RFC 2070 -->
-		<entity name="lrm" cdata="&amp;#8206;"/> <!--left-to-right mark, U+200E NEW RFC 2070 -->
-		<entity name="rlm" cdata="&amp;#8207;"/> <!--right-to-left mark, U+200F NEW RFC 2070 -->
-		<entity name="ndash" cdata="&amp;#8211;"/> <!--en dash, U+2013 ISOpub -->
-		<entity name="mdash" cdata="&amp;#8212;"/> <!--em dash, U+2014 ISOpub -->
-		<entity name="lsquo" cdata="&amp;#8216;"/> <!--left single quotation mark, U+2018 ISOnum -->
-		<entity name="rsquo" cdata="&amp;#8217;"/> <!--right single quotation mark, U+2019 ISOnum -->
-		<entity name="sbquo" cdata="&amp;#8218;"/> <!--single low-9 quotation mark, U+201A NEW -->
-		<entity name="ldquo" cdata="&amp;#8220;"/> <!--left double quotation mark, U+201C ISOnum -->
-		<entity name="rdquo" cdata="&amp;#8221;"/> <!--right double quotation mark, U+201D ISOnum -->
-		<entity name="bdquo" cdata="&amp;#8222;"/> <!--double low-9 quotation mark, U+201E NEW -->
-		<entity name="dagger" cdata="&amp;#8224;"/> <!--dagger, U+2020 ISOpub -->
-		<entity name="Dagger" cdata="&amp;#8225;"/> <!--double dagger, U+2021 ISOpub -->
-		<entity name="permil" cdata="&amp;#8240;"/> <!--per mille sign, U+2030 ISOtech -->
-		<entity name="lsaquo" cdata="&amp;#8249;"/> <!--single left-pointing angle quotation mark, U+2039 ISO proposed -->
-		<!-- lsaquo is proposed but not yet ISO standardized -->
-		<entity name="rsaquo" cdata="&amp;#8250;"/> <!--single right-pointing angle quotation mark, U+203A ISO proposed -->
-		<!-- rsaquo is proposed but not yet ISO standardized -->
-		<entity name="euro" cdata="&amp;#8364;" /> <!--euro sign, U+20AC NEW -->
-	</html-entities>
 
 </anti-samy-rules>

From 5dc43c62ce9a3d59a7a802acd43821cbc0661c26 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sat, 6 Mar 2021 16:29:36 -0500
Subject: [PATCH 741/812] Multiple pom changes: 1. Upgrade AntiSamy from 1.5.12
 to 1.6.0. 2. Upgrade batik-css from 1.13 to 1.14 to address 2 CVEs. 3.
 Upgrade pcprov-jdk15on from 1.65 to 1.68 (test scope only; still problems
 with JDK 7). 4. Downgrade animal-sniffer-enforcer from 1.18 to 1.17 because
 of problems.

---
 pom.xml | 19 ++++++++-----------
 1 file changed, 8 insertions(+), 11 deletions(-)

diff --git a/pom.xml b/pom.xml
index f83d7b17d..13fc7847b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -169,6 +169,9 @@
                     <artifactId>xalan</artifactId>
                 </exclusion>
                 <exclusion>
+                    <!-- xom tries to pull this in, but a newer version is in Java 7 and later
+                         so we want to exclude this transitive dependency.
+                    -->
                     <groupId>xerces</groupId>
                     <artifactId>xercesImpl</artifactId>
                 </exclusion>
@@ -238,7 +241,7 @@
         <dependency>
             <groupId>org.owasp.antisamy</groupId>
             <artifactId>antisamy</artifactId>
-            <version>1.5.12</version>
+            <version>1.6.0</version>
         </dependency>
         <dependency>
             <groupId>org.slf4j</groupId>
@@ -259,7 +262,7 @@
         <dependency>
             <groupId>org.apache.xmlgraphics</groupId>
             <artifactId>batik-css</artifactId>
-            <version>1.13</version>
+            <version>1.14</version>
             <exclusions>
                 <exclusion>
                     <groupId>commons-io</groupId>
@@ -282,11 +285,6 @@
                 </exclusion>
             </exclusions>
         </dependency>
-        <dependency>
-            <groupId>xerces</groupId>
-            <artifactId>xercesImpl</artifactId>
-            <version>2.12.1</version>
-        </dependency>
         <dependency>
             <groupId>xml-apis</groupId>
             <artifactId>xml-apis</artifactId>
@@ -317,8 +315,7 @@
         <dependency>
             <groupId>org.bouncycastle</groupId>
             <artifactId>bcprov-jdk15on</artifactId>
-                <!-- Tried to update this to 1.67 but that resulted in error when running 'mvn site' -->
-            <version>1.65.01</version>
+            <version>1.68</version>
             <scope>test</scope>
         </dependency>
         <!-- https://mvnrepository.com/artifact/org.powermock/powermock-api-mockito -->
@@ -502,8 +499,8 @@
                   <dependency>
                     <groupId>org.codehaus.mojo</groupId>
                     <artifactId>animal-sniffer-enforcer-rule</artifactId>
-                    <!-- Updating to 1.19 causes lots of errors in 'mvn site' so leaving at 1.18 for now. -->
-                    <version>1.18</version>
+                    <!-- Updating to 1.19 causes LOTS of errors in 'mvn site' and 1.18 requires Java 8 so leaving it at 1.17. -->
+                    <version>1.17</version>
                   </dependency>
                 </dependencies>
                 <executions>

From b7e9a55e3614d6a471ee531d4107652c5952678b Mon Sep 17 00:00:00 2001
From: "Kevin W. Wall" <kevin.w.wall@gmail.com>
Date: Sun, 7 Mar 2021 10:56:17 -0500
Subject: [PATCH 742/812] Address latent confusion caused by obsolete /
 deprecated ESAPI methods related to Issue #593 (#603)

* Code clean-up related to closing issue #593.
1) Removed following methods from SecurityConfiguration and its implementations:
    a. getLogLevel()
    b. getLogFileName()
    c. getMaxLogFileSize()
2. Removed the following properties from the various ESAPI.properties files:
    a. Logger.LogFileName
    b. Logger.MaxLogFileSize
    [Oddly, there was no Logger.LogLevel.]

* Next version is only minor patch release so 2.2.3.0 instead of 2.3.0.0.
---
 configuration/esapi/ESAPI.properties          |  7 +--
 pom.xml                                       |  2 +-
 .../owasp/esapi/SecurityConfiguration.java    | 28 ----------
 .../DefaultSecurityConfiguration.java         | 53 -------------------
 .../AppGuardianConfiguration.java             | 26 ---------
 .../configuration/ConfigurationParser.java    | 11 ----
 .../esapi/SecurityConfigurationWrapper.java   | 27 ----------
 .../DefaultSecurityConfigurationTest.java     | 43 ---------------
 ...ESAPI-CommaValidatorFileChecker.properties |  8 +--
 .../ESAPI-DualValidatorFileChecker.properties |  8 +--
 ...SAPI-QuotedValidatorFileChecker.properties |  8 +--
 ...SAPI-SingleValidatorFileChecker.properties |  8 +--
 src/test/resources/esapi/ESAPI.properties     |  5 --
 13 files changed, 6 insertions(+), 228 deletions(-)

diff --git a/configuration/esapi/ESAPI.properties b/configuration/esapi/ESAPI.properties
index 11b84e336..828144b45 100644
--- a/configuration/esapi/ESAPI.properties
+++ b/configuration/esapi/ESAPI.properties
@@ -387,11 +387,6 @@ Logger.LogEncodingRequired=false
 Logger.LogApplicationName=true
 # Determines whether ESAPI should log the server IP and port. This might be clutter in some single-server environments.
 Logger.LogServerIP=true
-# LogFileName, the name of the logging file. Provide a full directory path (e.g., C:\\ESAPI\\ESAPI_logging_file) if you
-# want to place it in a specific directory.
-Logger.LogFileName=ESAPI_logging_file
-# MaxLogFileSize, the max size (in bytes) of a single log file before it cuts over to a new one (default is 10,000,000)
-Logger.MaxLogFileSize=10000000
 # Determines whether ESAPI should log the user info.
 Logger.UserInfo=true
 # Determines whether ESAPI should log the session id and client IP.
@@ -487,7 +482,7 @@ Validator.HTTPJSESSIONID=^[A-Z0-9]{10,32}$
 # Contributed by Fraenku@gmx.ch
 # Github Issue 126 https://github.com/ESAPI/esapi-java-legacy/issues/126
 Validator.HTTPParameterName=^[a-zA-Z0-9_\\-]{1,32}$
-Validator.HTTPParameterValue=^[\\p{L}\\p{N}.\\-/+=_ !$*?@]{0,1000}$
+Validator.HTTPParameterValue=^[-\\p{L}\\p{N}./+=_ !$*?@]{0,1000}$
 Validator.HTTPContextPath=^/[a-zA-Z0-9.\\-_]*$
 Validator.HTTPQueryString=^([a-zA-Z0-9_\\-]{1,32}=[\\p{L}\\p{N}.\\-/+=_ !$*?@%]*&?)*$
 Validator.HTTPURI=^/([a-zA-Z0-9.\\-_]*/?)*$
diff --git a/pom.xml b/pom.xml
index 13fc7847b..31911e878 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,7 +3,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.owasp.esapi</groupId>
     <artifactId>esapi</artifactId>
-    <version>2.3.0.0-SNAPSHOT</version>
+    <version>2.2.3.0-SNAPSHOT</version>
     <packaging>jar</packaging>
 
     <distributionManagement>
diff --git a/src/main/java/org/owasp/esapi/SecurityConfiguration.java b/src/main/java/org/owasp/esapi/SecurityConfiguration.java
index 57bfcca38..d21a7eba4 100644
--- a/src/main/java/org/owasp/esapi/SecurityConfiguration.java
+++ b/src/main/java/org/owasp/esapi/SecurityConfiguration.java
@@ -730,34 +730,6 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
 	@Deprecated
 	boolean getLogServerIP();
 
-	/**
-	 * Returns the current log level.
-	 * @return	An integer representing the current log level.
-     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
-	 */
-	@Deprecated
-    int getLogLevel();
-	
-    /**
-     * Get the name of the log file specified in the ESAPI configuration properties file. Return a default value 
-     * if it is not specified.
-     * 
-     * @return the log file name defined in the properties file.
-     * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
-     */
-	@Deprecated
-    String getLogFileName();
-
-    /**
-     * Get the maximum size of a single log file from the ESAPI configuration properties file. Return a default value 
-     * if it is not specified. Once the log hits this file size, it will roll over into a new log.
-     * 
-     * @return the maximum size of a single log file (in bytes).
-     * @deprecated Use SecurityConfiguration.getIntProp("appropriate_esapi_prop_name") instead.
-     */
-	@Deprecated
-    int getMaxLogFileSize();
-
 	/**
 	 * Models a simple threshold as a count and an interval, along with a set of actions to take if 
 	 * the threshold is exceeded. These thresholds are used to define when the accumulation of a particular event
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
index 24337e14a..5a96c76d8 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
@@ -147,9 +147,6 @@ public static SecurityConfiguration getInstance() {
     public static final String HTTP_SESSION_ID_NAME = "HttpUtilities.HttpSessionIdName";
 
     public static final String APPLICATION_NAME = "Logger.ApplicationName";
-    public static final String LOG_LEVEL = "Logger.LogLevel";
-    public static final String LOG_FILE_NAME = "Logger.LogFileName";
-    public static final String MAX_LOG_FILE_SIZE = "Logger.MaxLogFileSize";
     public static final String LOG_ENCODING_REQUIRED = "Logger.LogEncodingRequired";
     public static final String LOG_APPLICATION_NAME = "Logger.LogApplicationName";
     public static final String LOG_SERVER_IP = "Logger.LogServerIP";
@@ -174,13 +171,6 @@ public static SecurityConfiguration getInstance() {
     private static final String logSpecialValue = System.getProperty(DISCARD_LOGSPECIAL, "false");
 
 
-    /**
-	 * The default max log file size is set to 10,000,000 bytes (10 Meg). If the current log file exceeds the current
-	 * max log file size, the logger will move the old log data into another log file. There currently is a max of
-	 * 1000 log files of the same name. If that is exceeded it will presumably start discarding the oldest logs.
-	 */
-	public static final int DEFAULT_MAX_LOG_FILE_SIZE = 10000000;
-	
     protected final int MAX_REDIRECT_LOCATION = 1000;
     
     /*
@@ -1019,49 +1009,6 @@ public Threshold getQuota(String eventName) {
         return null;
     }
 
-    /**
-	 * {@inheritDoc}
-	 */
-    public int getLogLevel() {
-        String level = getESAPIProperty(LOG_LEVEL, "WARNING" );
-
-        if (level.equalsIgnoreCase("OFF"))
-            return Logger.OFF;
-        if (level.equalsIgnoreCase("FATAL"))
-            return Logger.FATAL;
-        if (level.equalsIgnoreCase("ERROR"))
-            return Logger.ERROR ;
-        if (level.equalsIgnoreCase("WARNING"))
-            return Logger.WARNING;
-        if (level.equalsIgnoreCase("INFO"))
-            return Logger.INFO;
-        if (level.equalsIgnoreCase("DEBUG"))
-            return Logger.DEBUG;
-        if (level.equalsIgnoreCase("TRACE"))
-            return Logger.TRACE;
-        if (level.equalsIgnoreCase("ALL"))
-            return Logger.ALL;
-
-		// This error is NOT logged the normal way because the logger constructor calls getLogLevel() and if this error occurred it would cause
-		// an infinite loop.
-        logSpecial("The LOG-LEVEL property in the ESAPI properties file has the unrecognized value: " + level + ". Using default: WARNING", null);
-        return Logger.WARNING;  // Note: The default logging level is WARNING.
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    public String getLogFileName() {
-    	return getESAPIProperty( LOG_FILE_NAME, "ESAPI_logging_file" );
-    }
-
-	/**
-	 * {@inheritDoc}
-	 */
-    public int getMaxLogFileSize() {
-    	return getESAPIProperty( MAX_LOG_FILE_SIZE, DEFAULT_MAX_LOG_FILE_SIZE );
-    }
-    
     /**
 	 * {@inheritDoc}
 	 */
diff --git a/src/main/java/org/owasp/esapi/waf/configuration/AppGuardianConfiguration.java b/src/main/java/org/owasp/esapi/waf/configuration/AppGuardianConfiguration.java
index 53e6c3404..29e398eae 100644
--- a/src/main/java/org/owasp/esapi/waf/configuration/AppGuardianConfiguration.java
+++ b/src/main/java/org/owasp/esapi/waf/configuration/AppGuardianConfiguration.java
@@ -111,32 +111,6 @@ public AppGuardianConfiguration() {
 		cookieRules = new ArrayList<Rule>();
 	}
 
-	/*
-	 * The following methods are all deprecated because
-	 * we use ESAPI logging structures now.
-	 */
-	@Deprecated
-	public Level getLogLevel() {
-		return logLevel;
-	}
-	
-	@Deprecated
-	public void setLogLevel(Level level) {
-		LOG_LEVEL = level;
-		this.logLevel = level;
-	}
-	
-	@Deprecated
-	public void setLogDirectory(String dir) {
-		LOG_DIRECTORY = dir;
-		this.logDirectory = dir;
-	}
-	
-	@Deprecated
-	public String getLogDirectory() {
-		return logDirectory;
-	}
-	
 	public String getDefaultErrorPage() {
 		return defaultErrorPage;
 	}
diff --git a/src/main/java/org/owasp/esapi/waf/configuration/ConfigurationParser.java b/src/main/java/org/owasp/esapi/waf/configuration/ConfigurationParser.java
index cc429d182..fefcff8d5 100644
--- a/src/main/java/org/owasp/esapi/waf/configuration/ConfigurationParser.java
+++ b/src/main/java/org/owasp/esapi/waf/configuration/ConfigurationParser.java
@@ -30,7 +30,6 @@
 import nu.xom.ParsingException;
 import nu.xom.ValidityException;
 
-import org.apache.log4j.Level;
 import org.owasp.esapi.ESAPI;
 import org.owasp.esapi.waf.ConfigurationException;
 import org.owasp.esapi.waf.rules.AddHTTPOnlyFlagRule;
@@ -143,16 +142,6 @@ public static AppGuardianConfiguration readConfigurationFile(InputStream stream,
 				}
 			}
 			
-			/*
-			 * The WAF separate logging is going to be merged in the 2.0
-			 * release, so this is deprecated.
-			 */
-			Element loggingRoot = settingsRoot.getFirstChildElement("logging");
-			if ( loggingRoot != null ) {
-				config.setLogDirectory(loggingRoot.getFirstChildElement("log-directory").getValue());
-				config.setLogLevel(Level.toLevel(loggingRoot.getFirstChildElement("log-level").getValue()));
-			}
-			
 			/**
 			 * Parse the 'authentication-rules' section if they have one.
 			 */
diff --git a/src/test/java/org/owasp/esapi/SecurityConfigurationWrapper.java b/src/test/java/org/owasp/esapi/SecurityConfigurationWrapper.java
index 769c9eced..2c54a93f5 100644
--- a/src/test/java/org/owasp/esapi/SecurityConfigurationWrapper.java
+++ b/src/test/java/org/owasp/esapi/SecurityConfigurationWrapper.java
@@ -551,33 +551,6 @@ public boolean getLogServerIP()
 		return wrapped.getLogServerIP();
 	}
 
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public int getLogLevel()
-	{
-		return wrapped.getLogLevel();
-	}
-	
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public String getLogFileName()
-	{
-		return wrapped.getLogFileName();
-	}
-
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public int getMaxLogFileSize()
-	{
-	 	return wrapped.getMaxLogFileSize();
-	}
-
 	@Override
 	public int getIntProp(String propertyName) throws ConfigurationException {
 		return wrapped.getIntProp(propertyName);
diff --git a/src/test/java/org/owasp/esapi/reference/DefaultSecurityConfigurationTest.java b/src/test/java/org/owasp/esapi/reference/DefaultSecurityConfigurationTest.java
index b24ffa5bc..161b5ab69 100644
--- a/src/test/java/org/owasp/esapi/reference/DefaultSecurityConfigurationTest.java
+++ b/src/test/java/org/owasp/esapi/reference/DefaultSecurityConfigurationTest.java
@@ -352,49 +352,6 @@ public void testGetDisableIntrusionDetection() {
 		assertFalse(secConf.getDisableIntrusionDetection());
 	}
 	
-	@Test
-	public void testGetLogLevel() {
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		assertEquals(Logger.WARNING, secConf.getLogLevel());
-		
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.LOG_LEVEL, "trace");
-		assertEquals(Logger.TRACE, secConf.getLogLevel());
-		
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.LOG_LEVEL, "Off");
-		assertEquals(Logger.OFF, secConf.getLogLevel());
-		
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.LOG_LEVEL, "all");
-		assertEquals(Logger.ALL, secConf.getLogLevel());
-		
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.LOG_LEVEL, "DEBUG");
-		assertEquals(Logger.DEBUG, secConf.getLogLevel());
-		
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.LOG_LEVEL, "info");
-		assertEquals(Logger.INFO, secConf.getLogLevel());
-		
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.LOG_LEVEL, "ERROR");
-		assertEquals(Logger.ERROR, secConf.getLogLevel());
-	}
-	
-	@Test
-	public void testGetLogFileName() {
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		assertEquals("ESAPI_logging_file", secConf.getLogFileName());
-		
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.LOG_FILE_NAME, "log.txt");
-		assertEquals("log.txt", secConf.getLogFileName());
-	}
-	
-	@Test
-	public void testGetMaxLogFileSize() {
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		assertEquals(DefaultSecurityConfiguration.DEFAULT_MAX_LOG_FILE_SIZE, secConf.getMaxLogFileSize());
-		
-		int maxLogSize = (1024 * 1000);
-		secConf = this.createWithProperty(DefaultSecurityConfiguration.MAX_LOG_FILE_SIZE, String.valueOf(maxLogSize));
-		assertEquals(maxLogSize, secConf.getMaxLogFileSize());
-	}
-
     @Test
     public void testNoSuchPropFile(){
         try {
diff --git a/src/test/resources/esapi/ESAPI-CommaValidatorFileChecker.properties b/src/test/resources/esapi/ESAPI-CommaValidatorFileChecker.properties
index 74d2da68f..402ea806c 100644
--- a/src/test/resources/esapi/ESAPI-CommaValidatorFileChecker.properties
+++ b/src/test/resources/esapi/ESAPI-CommaValidatorFileChecker.properties
@@ -397,12 +397,6 @@ Logger.LogEncodingRequired=false
 Logger.LogApplicationName=true
 # Determines whether ESAPI should log the server IP and port. This might be clutter in some single-server environments.
 Logger.LogServerIP=true
-# LogFileName, the name of the logging file. Provide a full directory path (e.g., C:\\ESAPI\\ESAPI_logging_file) if you
-# want to place it in a specific directory.
-Logger.LogFileName=ESAPI_logging_file
-# MaxLogFileSize, the max size (in bytes) of a single log file before it cuts over to a new one (default is 10,000,000)
-Logger.MaxLogFileSize=10000000
-
 
 #===========================================================================
 # ESAPI Intrusion Detection
@@ -485,7 +479,7 @@ Validator.HTTPJSESSIONID=^[A-Z0-9]{10,30}$
 # Contributed by Fraenku@gmx.ch
 # Googlecode Issue 116 (http://code.google.com/p/owasp-esapi-java/issues/detail?id=116)
 Validator.HTTPParameterName=^[a-zA-Z0-9_\\-]{1,32}$
-Validator.HTTPParameterValue=^[\\p{L}\\p{N}.\\-/+=_ !$*?@]{0,1000}$
+Validator.HTTPParameterValue=^[-\\p{L}\\p{N}./+=_ !$*?@]{0,1000}$
 Validator.HTTPContextPath=^/[a-zA-Z0-9.\\-_]*$
 Validator.HTTPQueryString=^([a-zA-Z0-9_\\-]{1,32}=[\\p{L}\\p{N}.\\-/+=_ !$*?@%]*&?)*$
 Validator.HTTPURI=^/([a-zA-Z0-9.\\-_]*/?)*$
diff --git a/src/test/resources/esapi/ESAPI-DualValidatorFileChecker.properties b/src/test/resources/esapi/ESAPI-DualValidatorFileChecker.properties
index c757865d0..322b0f5f4 100644
--- a/src/test/resources/esapi/ESAPI-DualValidatorFileChecker.properties
+++ b/src/test/resources/esapi/ESAPI-DualValidatorFileChecker.properties
@@ -398,12 +398,6 @@ Logger.LogEncodingRequired=false
 Logger.LogApplicationName=true
 # Determines whether ESAPI should log the server IP and port. This might be clutter in some single-server environments.
 Logger.LogServerIP=true
-# LogFileName, the name of the logging file. Provide a full directory path (e.g., C:\\ESAPI\\ESAPI_logging_file) if you
-# want to place it in a specific directory.
-Logger.LogFileName=ESAPI_logging_file
-# MaxLogFileSize, the max size (in bytes) of a single log file before it cuts over to a new one (default is 10,000,000)
-Logger.MaxLogFileSize=10000000
-
 
 #===========================================================================
 # ESAPI Intrusion Detection
@@ -486,7 +480,7 @@ Validator.HTTPJSESSIONID=^[A-Z0-9]{10,30}$
 # Contributed by Fraenku@gmx.ch
 # Googlecode Issue 116 (http://code.google.com/p/owasp-esapi-java/issues/detail?id=116)
 Validator.HTTPParameterName=^[a-zA-Z0-9_\\-]{1,32}$
-Validator.HTTPParameterValue=^[\\p{L}\\p{N}.\\-/+=_ !$*?@]{0,1000}$
+Validator.HTTPParameterValue=^[-\\p{L}\\p{N}./+=_ !$*?@]{0,1000}$
 Validator.HTTPContextPath=^/[a-zA-Z0-9.\\-_]*$
 Validator.HTTPQueryString=^([a-zA-Z0-9_\\-]{1,32}=[\\p{L}\\p{N}.\\-/+=_ !$*?@%]*&?)*$
 Validator.HTTPURI=^/([a-zA-Z0-9.\\-_]*/?)*$
diff --git a/src/test/resources/esapi/ESAPI-QuotedValidatorFileChecker.properties b/src/test/resources/esapi/ESAPI-QuotedValidatorFileChecker.properties
index fdd127902..1a565c41c 100644
--- a/src/test/resources/esapi/ESAPI-QuotedValidatorFileChecker.properties
+++ b/src/test/resources/esapi/ESAPI-QuotedValidatorFileChecker.properties
@@ -396,12 +396,6 @@ Logger.LogEncodingRequired=false
 Logger.LogApplicationName=true
 # Determines whether ESAPI should log the server IP and port. This might be clutter in some single-server environments.
 Logger.LogServerIP=true
-# LogFileName, the name of the logging file. Provide a full directory path (e.g., C:\\ESAPI\\ESAPI_logging_file) if you
-# want to place it in a specific directory.
-Logger.LogFileName=ESAPI_logging_file
-# MaxLogFileSize, the max size (in bytes) of a single log file before it cuts over to a new one (default is 10,000,000)
-Logger.MaxLogFileSize=10000000
-
 
 #===========================================================================
 # ESAPI Intrusion Detection
@@ -484,7 +478,7 @@ Validator.HTTPJSESSIONID=^[A-Z0-9]{10,30}$
 # Contributed by Fraenku@gmx.ch
 # Googlecode Issue 116 (http://code.google.com/p/owasp-esapi-java/issues/detail?id=116)
 Validator.HTTPParameterName=^[a-zA-Z0-9_\\-]{1,32}$
-Validator.HTTPParameterValue=^[\\p{L}\\p{N}.\\-/+=_ !$*?@]{0,1000}$
+Validator.HTTPParameterValue=^[-\\p{L}\\p{N}./+=_ !$*?@]{0,1000}$
 Validator.HTTPContextPath=^/[a-zA-Z0-9.\\-_]*$
 Validator.HTTPQueryString=^([a-zA-Z0-9_\\-]{1,32}=[\\p{L}\\p{N}.\\-/+=_ !$*?@%]*&?)*$
 Validator.HTTPURI=^/([a-zA-Z0-9.\\-_]*/?)*$
diff --git a/src/test/resources/esapi/ESAPI-SingleValidatorFileChecker.properties b/src/test/resources/esapi/ESAPI-SingleValidatorFileChecker.properties
index 00eb8d516..bbf49c6d3 100644
--- a/src/test/resources/esapi/ESAPI-SingleValidatorFileChecker.properties
+++ b/src/test/resources/esapi/ESAPI-SingleValidatorFileChecker.properties
@@ -396,12 +396,6 @@ Logger.LogEncodingRequired=false
 Logger.LogApplicationName=true
 # Determines whether ESAPI should log the server IP and port. This might be clutter in some single-server environments.
 Logger.LogServerIP=true
-# LogFileName, the name of the logging file. Provide a full directory path (e.g., C:\\ESAPI\\ESAPI_logging_file) if you
-# want to place it in a specific directory.
-Logger.LogFileName=ESAPI_logging_file
-# MaxLogFileSize, the max size (in bytes) of a single log file before it cuts over to a new one (default is 10,000,000)
-Logger.MaxLogFileSize=10000000
-
 
 #===========================================================================
 # ESAPI Intrusion Detection
@@ -484,7 +478,7 @@ Validator.HTTPJSESSIONID=^[A-Z0-9]{10,30}$
 # Contributed by Fraenku@gmx.ch
 # Googlecode Issue 116 (http://code.google.com/p/owasp-esapi-java/issues/detail?id=116)
 Validator.HTTPParameterName=^[a-zA-Z0-9_\\-]{1,32}$
-Validator.HTTPParameterValue=^[\\p{L}\\p{N}.\\-/+=_ !$*?@]{0,1000}$
+Validator.HTTPParameterValue=^[-\\p{L}\\p{N}./+=_ !$*?@]{0,1000}$
 Validator.HTTPContextPath=^/[a-zA-Z0-9.\\-_]*$
 Validator.HTTPQueryString=^([a-zA-Z0-9_\\-]{1,32}=[\\p{L}\\p{N}.\\-/+=_ !$*?@%]*&?)*$
 Validator.HTTPURI=^/([a-zA-Z0-9.\\-_]*/?)*$
diff --git a/src/test/resources/esapi/ESAPI.properties b/src/test/resources/esapi/ESAPI.properties
index 914ebb887..f3d7b46f1 100644
--- a/src/test/resources/esapi/ESAPI.properties
+++ b/src/test/resources/esapi/ESAPI.properties
@@ -419,11 +419,6 @@ Logger.LogEncodingRequired=false
 Logger.LogApplicationName=true
 # Determines whether ESAPI should log the server IP and port. This might be clutter in some single-server environments.
 Logger.LogServerIP=true
-# LogFileName, the name of the logging file. Provide a full directory path (e.g., C:\\ESAPI\\ESAPI_logging_file) if you
-# want to place it in a specific directory.
-Logger.LogFileName=ESAPI_logging_file
-# MaxLogFileSize, the max size (in bytes) of a single log file before it cuts over to a new one (default is 10,000,000)
-Logger.MaxLogFileSize=10000000
 # Determines whether ESAPI should log the user info.
 Logger.UserInfo=true
 # Determines whether ESAPI should log the session id and client IP.

From 4e49712141850314e7af4aef4703915abad0e1d7 Mon Sep 17 00:00:00 2001
From: jeremiahjstacey <jeremiah.j.stacey@gmail.com>
Date: Fri, 19 Mar 2021 23:55:11 -0500
Subject: [PATCH 743/812] HTMValidationRule & Test Updates (#607)

* HTMLValidationRule static updates

Splitting the logic of the static block into multiple smaller blocks.
Doing this appears to have make the tests more consistent between the full
build and running the ClasspathTest in isolation.

Both now fail due to bad configuration in the esapi-antisamy-CP.xml file.

* HTML Validation CP Tests

Correcting test file reference to point to the antisamy copy file.

Removing invalid characters from the antisamy copy file so that it may be
parsed by the runtime.

* HTMLValidationRule Tests

Adding a known invalid antisamy configuration file.

Updating the static initialization blocks from private to
package-protected for targeted testing.

Adding a test that asserts that when we attempt to use an invalid Antisamy
configuration file, that a PolicyException is emitted.

* Adding Test for Antisamy Schema Validation

TEST IS FAILING

Adding test to verify that the known bad configuration is accepted when
the system property for Antisamy is set appropriately.

* Updating Antisamy Version

Update to 1.6.1

* Antisamy Stream WorkAround

Creating a ByteArrayInputStream in the HTMLValidationRule to circumvent
the undesired stream close event when processing a malformed xml
configuraiton while antisamy schema validation is disabled.

Moving the property test to an isolated file.

* Antisamy Schema Validation Tests

Switching to configuring validation behavior through static methods rather
than system properties.  Properties are read once on construction in the
Policy, and without forcing test execution order, the validation would be
based on execution order

* Stream to ByteArrayStream Fix

Updates to the process to convert the resource stream to a
ByteArrayInputStream through the use of a Reader implementation.

This allows the java7 try-with-resources block when converting the
InputStream Object, which should ensure that the original stream is
cleaned up once read into memory.

* Cleanup

Removing dead method.
Adding newline at end of file

* Antisamy 1.6.2 Update

Prepping content for the Antisamy 1.6.2 artifact that is expected to be
available in the near future.

Updated pom dependency to anticipated version

Updated HTMLValidationRule to remove pre-wrapping of ByteArrayInputStream
for Policy Object creation

* HTMLValidationRule Cleanup

Removing unused imports.
---
 pom.xml                                       |   2 +-
 .../validation/HTMLValidationRule.java        | 191 ++++++-----
 ...TMLValidationRuleAntisamyPropertyTest.java |  52 +++
 .../HTMLValidationRuleClasspathTest.java      |  47 ++-
 src/test/resources/antisamy-InvalidPolicy.xml |  24 ++
 src/test/resources/antisamy-esapi-CP.xml      | 319 ------------------
 6 files changed, 208 insertions(+), 427 deletions(-)
 create mode 100644 src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleAntisamyPropertyTest.java
 create mode 100644 src/test/resources/antisamy-InvalidPolicy.xml

diff --git a/pom.xml b/pom.xml
index 31911e878..576c85af2 100644
--- a/pom.xml
+++ b/pom.xml
@@ -241,7 +241,7 @@
         <dependency>
             <groupId>org.owasp.antisamy</groupId>
             <artifactId>antisamy</artifactId>
-            <version>1.6.0</version>
+            <version>1.6.2</version>
         </dependency>
         <dependency>
             <groupId>org.slf4j</groupId>
diff --git a/src/main/java/org/owasp/esapi/reference/validation/HTMLValidationRule.java b/src/main/java/org/owasp/esapi/reference/validation/HTMLValidationRule.java
index f68253cd1..d382d177d 100644
--- a/src/main/java/org/owasp/esapi/reference/validation/HTMLValidationRule.java
+++ b/src/main/java/org/owasp/esapi/reference/validation/HTMLValidationRule.java
@@ -15,22 +15,27 @@
  */
 package org.owasp.esapi.reference.validation;
 
+
+
+import java.io.File;
 import java.io.IOException;
 import java.io.InputStream;
+import java.util.Arrays;
 import java.util.List;
 
-import org.owasp.esapi.errors.ConfigurationException;
 import org.owasp.esapi.ESAPI;
 import org.owasp.esapi.Encoder;
 import org.owasp.esapi.Logger;
+import org.owasp.esapi.SecurityConfiguration;
 import org.owasp.esapi.StringUtilities;
+import org.owasp.esapi.errors.ConfigurationException;
 import org.owasp.esapi.errors.ValidationException;
+import org.owasp.esapi.reference.DefaultSecurityConfiguration.DefaultSearchPath;
 import org.owasp.validator.html.AntiSamy;
 import org.owasp.validator.html.CleanResults;
 import org.owasp.validator.html.Policy;
 import org.owasp.validator.html.PolicyException;
 import org.owasp.validator.html.ScanException;
-import org.owasp.esapi.reference.DefaultSecurityConfiguration;
 
 
 /**
@@ -49,110 +54,112 @@ public class HTMLValidationRule extends StringValidationRule {
 	private static final Logger LOGGER = ESAPI.getLogger( "HTMLValidationRule" );
 	private static final String ANTISAMYPOLICY_FILENAME = "antisamy-esapi.xml";
 
-    /**
-     * Used to load antisamy-esapi.xml from a variety of different classpath locations.
-	 * The classpath locations are the same classpath locations as used to load esapi.properties.
-	 * See DefaultSecurityConfiguration.DefaultSearchPath.
-     *
-     * @param fileName The resource file filename.
-     */
-	private static InputStream getResourceStreamFromClasspath(String fileName) {
-		InputStream resourceStream = null;
+	//TESTING -- Mock Classloaders, verify that the classloader is called as desired with the searchpath and filename concat
+	// Verify that when no match is found, null is returned
+	// Verify that when match is found, remaining classloaders are not invoked and expected InputStream is returned.
+	/*package */ static InputStream getResourceStreamFromClassLoader(String contextDescription, ClassLoader classLoader, String fileName, List<String> searchPaths) {
+	    InputStream result = null;
+	    
+	    for (String searchPath: searchPaths) {
+	        result = classLoader.getResourceAsStream(searchPath + fileName);
+	        
+	        if (result != null) {
+	            LOGGER.info(Logger.EVENT_SUCCESS, "SUCCESSFULLY LOADED " + fileName + " via the CLASSPATH from '" + 
+	                    searchPath + "' using " + contextDescription + "!");
+	                break; 
+	        }
+	    }
+	    
+	    return result;
+	}
+	
+	//TESTING
+	// Harder to test... Use Junit to place files in each of the DefaultSearchPathLocations and verify that the file can be found.
+	// Not sure how to test that the classpaths are iterated.
+	/*package */ static InputStream getResourceStreamFromClasspath(String fileName) {
+	    LOGGER.info(Logger.EVENT_FAILURE, "Loading " + fileName + " from classpaths");
 		
-		ClassLoader[] loaders = new ClassLoader[] {
-				Thread.currentThread().getContextClassLoader(),
-				ClassLoader.getSystemClassLoader(),
-				ESAPI.securityConfiguration().getClass().getClassLoader()  
-						/* can't use just getClass.getClassLoader() in a static context, so using the DefaultSecurityConfiguration class. */
-		};
+	    InputStream resourceStream = null;
 		
-		String[] classLoaderNames = {
-				"current thread context class loader",
-				"system class loader",
-				"class loader for DefaultSecurityConfiguration class"
-		};
+		List<String> orderedSearchPaths = Arrays.asList(DefaultSearchPath.ROOT.value(), 
+		        DefaultSearchPath.RESOURCE_DIRECTORY.value(),
+		        DefaultSearchPath.DOT_ESAPI.value(),
+		        DefaultSearchPath.ESAPI.value(),
+		        DefaultSearchPath.RESOURCES.value(),
+		        DefaultSearchPath.SRC_MAIN_RESOURCES.value());
 		
-		int i = 0;
-        for (ClassLoader loader : loaders) {
-			// try root
-			String currentClasspathSearchLocation = "/ (root)";
-            resourceStream = loader.getResourceAsStream(DefaultSecurityConfiguration.DefaultSearchPath.ROOT.value() + fileName);
-			
-			// try resourceDirectory folder
-			if (resourceStream == null){
-				currentClasspathSearchLocation = DefaultSecurityConfiguration.DefaultSearchPath.RESOURCE_DIRECTORY.value();
-				resourceStream = loader.getResourceAsStream(currentClasspathSearchLocation + fileName);
-			}
-			
-			// try .esapi folder. Look here first for backward compatibility.
-			if (resourceStream == null){
-				currentClasspathSearchLocation = DefaultSecurityConfiguration.DefaultSearchPath.DOT_ESAPI.value();
-				resourceStream = loader.getResourceAsStream(currentClasspathSearchLocation + fileName);
-			}
-
-			// try esapi folder (new directory)
-			if (resourceStream == null){
-				currentClasspathSearchLocation = DefaultSecurityConfiguration.DefaultSearchPath.ESAPI.value();
-				resourceStream = loader.getResourceAsStream(currentClasspathSearchLocation + fileName);
-			}
-
-			// try resources folder
-			if (resourceStream == null){
-				currentClasspathSearchLocation = DefaultSecurityConfiguration.DefaultSearchPath.RESOURCES.value();
-				resourceStream = loader.getResourceAsStream(currentClasspathSearchLocation + fileName);
-			}
-
-			// try src/main/resources folder
-			if (resourceStream == null){
-				currentClasspathSearchLocation = DefaultSecurityConfiguration.DefaultSearchPath.SRC_MAIN_RESOURCES.value();
-				resourceStream = loader.getResourceAsStream(currentClasspathSearchLocation + fileName);
-			}
-
-            if (resourceStream != null) {
-				LOGGER.info(Logger.EVENT_FAILURE, "SUCCESSFULLY LOADED " + fileName + " via the CLASSPATH from '" + 
-					currentClasspathSearchLocation + "' using " + classLoaderNames[i] + "!");
-                break; // Outta here since we've found and loaded it.
-            }
-			
-			i++;
-        }
+		resourceStream = getResourceStreamFromClassLoader("current thread context class loader", Thread.currentThread().getContextClassLoader(), fileName, orderedSearchPaths);
+		 
+		//I'm lazy. Using ternary for shorthand "if null then do next thing"  Harder to read, sorry
+		resourceStream = resourceStream != null ? resourceStream : getResourceStreamFromClassLoader("system class loader", ClassLoader.getSystemClassLoader(), fileName, orderedSearchPaths);
+		resourceStream = resourceStream != null ? resourceStream : getResourceStreamFromClassLoader("class loader for DefaultSecurityConfiguration class", ESAPI.securityConfiguration().getClass().getClassLoader(), fileName, orderedSearchPaths);
 		
 		return resourceStream;
 	}
+	
+	//TESTING
+	// Mock SecurityConfiguration - Return file check (true) - return resourceStream - expect Policy object
+	// Mock SecurityConfiguration - Return file check (false)  - use junit to place file in any of the DefaultSearchPathLocations - verify Policy Object
+	// Mock SecurityConfiguration - return file check (true) - throw IOException on resource stream - Verify IOException
+	// Mock SecurityConfiguration - return file Check (true) - use Junit to place a BAD FILE - verify PolicyException
+	//  HOW TO TEST NULL RETURN.....
+	/*package */ static Policy loadAntisamyPolicy(String antisamyPolicyFilename) throws IOException, PolicyException {
+	    InputStream resourceStream = null;
+	    SecurityConfiguration secCfg = ESAPI.securityConfiguration();
+	    
+	    //Rather than catching the IOException from the resource stream, let's ask if the file exists to give this a best-case resolution.
+	    //This helps with the IOException handling too.  If the file is there and we get an IOException from the SecurityConfiguration, then the file is there and something else is wrong (FAIL -- don't try the other path)
+	    File file = secCfg.getResourceFile(antisamyPolicyFilename);
+    
+        resourceStream = file == null ? getResourceStreamFromClasspath(antisamyPolicyFilename) : secCfg.getResourceStream(antisamyPolicyFilename);
+        return resourceStream == null ? null : Policy.getInstance(resourceStream);
+	}
 
-	static {
-        InputStream resourceStream = null;
-		String antisamyPolicyFilename = null;
-		
-		try {
-			antisamyPolicyFilename = ESAPI.securityConfiguration().getStringProp(
+	//TESTING
+	// Mock SecurityConfiguration - return a valid string on property request - verify String is returned from call
+	// Mock SecurityConfiguration -- throw ConfigurationException on property request -- Verify Default Filename is returned from call
+	/*package */ static String resolveAntisamyFilename() {
+	    String antisamyPolicyFilename = ANTISAMYPOLICY_FILENAME;
+        try {
+            antisamyPolicyFilename = ESAPI.securityConfiguration().getStringProp(
                     // Future: This will be moved to a new PropNames class
                 org.owasp.esapi.reference.DefaultSecurityConfiguration.VALIDATOR_HTML_VALIDATION_CONFIGURATION_FILE );
-		} catch (ConfigurationException cex) {
-			
+        } catch (ConfigurationException cex) {
+            
             LOGGER.info(Logger.EVENT_FAILURE, "ESAPI property " + 
                            org.owasp.esapi.reference.DefaultSecurityConfiguration.VALIDATOR_HTML_VALIDATION_CONFIGURATION_FILE +
                            " not set, using default value: " + ANTISAMYPOLICY_FILENAME);
-			antisamyPolicyFilename = ANTISAMYPOLICY_FILENAME;
-		}
-		try {
-			resourceStream = ESAPI.securityConfiguration().getResourceStream(antisamyPolicyFilename);
-		} catch (IOException e) {
-			
-			LOGGER.info(Logger.EVENT_FAILURE, "Loading " + antisamyPolicyFilename + " from classpaths");
+        }
+        return antisamyPolicyFilename;
+	}
+	
+	//TESTING
+	// Mock SecurityConfiguration - return file check (true) - throw IOException on resource stream - Verify ConfigurationException from IOException
+    // Mock SecurityConfiguration - return file Check (true) - use Junit to place a BAD FILE - verify ConfigurationException from PolicyException
+	// Force NULL return from loadAntisamyPolicy call -- Verify ConfigurationException from null value
+	/*package */ static void configureInstance() {
+	    String antisamyPolicyFilename = resolveAntisamyFilename();
 
-			resourceStream = getResourceStreamFromClasspath(antisamyPolicyFilename);
-		}
-        if (resourceStream != null) {
-        	try {
-				antiSamyPolicy = Policy.getInstance(resourceStream);
-			} catch (PolicyException e) {
-				throw new ConfigurationException("Couldn't parse " + antisamyPolicyFilename, e);
-	        }
-		}
-        else {
+        try {
+            antiSamyPolicy = loadAntisamyPolicy(antisamyPolicyFilename);
+        } catch (IOException ioe) {
+            //Thrown if file is found by SecurityConfiguration, but a stream cannot be generated.
+            throw new ConfigurationException("Failed to load file from SecurityConfiguration context: " + antisamyPolicyFilename, ioe);
+        } catch (PolicyException e) {
+            //Thrown if the resource stream was created, but the contents of the file are not compatible with antisamy expectations.
+            throw new ConfigurationException("Couldn't parse " + antisamyPolicyFilename, e);
+        }
+        
+        if (antiSamyPolicy == null) {
             throw new ConfigurationException("Couldn't find " + antisamyPolicyFilename);
-		}
+        }
+
+	}
+	
+	//TESTING
+	// None.
+	static {		
+	    configureInstance();
 	}
 
 	public HTMLValidationRule( String typeName ) {
diff --git a/src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleAntisamyPropertyTest.java b/src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleAntisamyPropertyTest.java
new file mode 100644
index 000000000..935590400
--- /dev/null
+++ b/src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleAntisamyPropertyTest.java
@@ -0,0 +1,52 @@
+/**
+ * OWASP Enterprise Security API (ESAPI)
+ *
+ * This file is part of the Open Web Application Security Project (OWASP)
+ * Enterprise Security API (ESAPI) project. For details, please see
+ * <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
+ *
+ * Copyright (c) 2019 - The OWASP Foundation
+ *
+ * The ESAPI is published by OWASP under the BSD license. You should read and accept the
+ * LICENSE before you use, modify, and/or redistribute this software.
+ *
+ * @author kevin.w.wall@gmail.com
+ * @since 2019
+ */
+package org.owasp.esapi.reference.validation;
+
+import org.junit.After;
+import org.junit.AfterClass;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.owasp.validator.html.Policy;
+
+/**
+ * Isolate scope test to assert the behavior of the HTMLValidationRule
+ * when schema validation is disabled in the Antisamy Project.
+ */
+public class HTMLValidationRuleAntisamyPropertyTest {
+    /** The intentionally non-compliant AntiSamy policy file. We don't intend to
+     * actually <i>use</i> it for anything.
+     */
+    private static final String INVALID_ANTISAMY_POLICY_FILE = "antisamy-InvalidPolicy.xml";
+
+    @AfterClass
+    public static void enableAntisamySchemaValidation() {
+        Policy.setSchemaValidation(true);
+    }
+    
+    @BeforeClass
+    public static void disableAntisamySchemaValidation() {
+        Policy.setSchemaValidation(false);
+        //System property is read once, so we're preferring the static method for testing.
+        //System.setProperty( "owasp.validator.validateschema", "false" ); 
+    }
+
+	@Test
+	public void checkAntisamySystemPropertyWorksAsAdvertised() throws Exception {
+	    HTMLValidationRule.loadAntisamyPolicy(INVALID_ANTISAMY_POLICY_FILE);
+	}
+	
+}
diff --git a/src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleClasspathTest.java b/src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleClasspathTest.java
index f032059d1..3b6fd345c 100644
--- a/src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleClasspathTest.java
+++ b/src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleClasspathTest.java
@@ -15,21 +15,23 @@
  */
 package org.owasp.esapi.reference.validation;
 
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.ExpectedException;
 import org.owasp.esapi.ESAPI;
 import org.owasp.esapi.SecurityConfiguration;
 import org.owasp.esapi.SecurityConfigurationWrapper;
 import org.owasp.esapi.ValidationErrorList;
-import org.owasp.esapi.ValidationRule;
 import org.owasp.esapi.Validator;
 import org.owasp.esapi.errors.ValidationException;
-import org.owasp.esapi.reference.validation.HTMLValidationRule;
-
-import org.junit.Test;
-import org.junit.Before;
-import org.junit.After;
-import org.junit.Rule;
-import org.junit.rules.ExpectedException;
-import static org.junit.Assert.*;
+import org.owasp.validator.html.PolicyException;
 
 /**
  * The Class HTMLValidationRuleThrowsTest.
@@ -48,10 +50,19 @@
  * the cleansed (sanitizied) output when certain unsafe input is encountered.
  */
 public class HTMLValidationRuleClasspathTest {
+    /** The intentionally non-compliant AntiSamy policy file. We don't intend to
+     * actually <i>use</i> it for anything.
+     */
+    private static final String INVALID_ANTISAMY_POLICY_FILE = "antisamy-InvalidPolicy.xml";
+    /** The intentionally non-compliant AntiSamy policy file. We don't intend to
+     * actually <i>use</i> it for anything.
+     */
+    private static final String ANTISAMY_POLICY_FILE_NONSTANDARD_LOCATION = "antisamy-esapi-CP.xml";
+ 
 	private static class ConfOverride extends SecurityConfigurationWrapper {
-        private String desiredReturnAction = "clean";
-        private String desiredReturnConfigurationFile = "antisamy-esapi.xml";
-
+	    private String desiredReturnAction = "clean";
+	    private String desiredReturnConfigurationFile = null;
+	    
 		ConfOverride(SecurityConfiguration orig, String desiredReturnAction, String desiredReturnConfigurationFile) {
 			super(orig);
             this.desiredReturnAction = desiredReturnAction;
@@ -78,17 +89,23 @@ public String getStringProp(String propName) {
     @After
     public void tearDown() throws Exception {
         ESAPI.override(null);
-        thrownEx = ExpectedException.none();
     }
 
 	@Before
     public void setUp() throws Exception {
 		ESAPI.override(
-			new ConfOverride( ESAPI.securityConfiguration(), "throw", "antisamy-esapi-CP.xml" )
+			new ConfOverride( ESAPI.securityConfiguration(), "throw", ANTISAMY_POLICY_FILE_NONSTANDARD_LOCATION )
 		);
-
     }
 
+	
+	@Test
+    public void checkPolicyExceptionWithBadConfig() throws Exception {
+        ESAPI.override(null);
+        thrownEx.expect(PolicyException.class);
+        HTMLValidationRule.loadAntisamyPolicy(INVALID_ANTISAMY_POLICY_FILE);
+    }
+	
     @Test
     public void testGetValid() throws Exception {
         System.out.println("getValidCP");
diff --git a/src/test/resources/antisamy-InvalidPolicy.xml b/src/test/resources/antisamy-InvalidPolicy.xml
new file mode 100644
index 000000000..d8aeef041
--- /dev/null
+++ b/src/test/resources/antisamy-InvalidPolicy.xml
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="ISO-8859-1" ?>
+<anti-samy-rules xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="antisamy.xsd">
+    <!--    This AntiSamy policy file intentionally fails the AntiSamy XML
+            schema validation checks (because of 'notSupportedTag'). We don't
+            actually *do* any tests with it other than to see if we can construct
+            an HTMLValidationRule instance that uses it with both
+                owasp.validator.validateschema=false
+            to disable AntiSamy's XML schema validation (in which case, the CTOR should work)
+            and with
+                owasp.validator.validateschema=true
+            (which is the default), which leaves its XML schema validation enabled (in which
+            case the CTOR should fail with an exception).
+
+            @since: 2.2.3.0
+    -->
+	<directives></directives>
+	<common-regexps></common-regexps>
+	<common-attributes></common-attributes>
+	<global-tag-attributes></global-tag-attributes>
+	<dynamic-tag-attributes></dynamic-tag-attributes>
+	<tag-rules></tag-rules>
+	<css-rules></css-rules>
+	<notSupportedTag></notSupportedTag>
+</anti-samy-rules>
diff --git a/src/test/resources/antisamy-esapi-CP.xml b/src/test/resources/antisamy-esapi-CP.xml
index 14880d0b5..4eb23cdfe 100644
--- a/src/test/resources/antisamy-esapi-CP.xml
+++ b/src/test/resources/antisamy-esapi-CP.xml
@@ -169,324 +169,5 @@ Slashdot allowed tags taken from "Reply" page:
 	</css-rules>
 
 
-	<html-entities>
-		<entity name="amp" cdata="&amp;"/>
-		<entity name="nbsp" cdata="&amp;#160;"/>
-		
-		<entity name="iexcl" cdata="&amp;#161;"/> <!--inverted exclamation mark, U+00A1 ISOnum -->
-		<entity name="cent" cdata="&amp;#162;"/> <!--cent sign, U+00A2 ISOnum -->
-		<entity name="pound" cdata="&amp;#163;"/> <!--pound sign, U+00A3 ISOnum -->
-		<entity name="curren" cdata="&amp;#164;"/> <!--currency sign, U+00A4 ISOnum -->
-		<entity name="yen" cdata="&amp;#165;"/> <!--yen sign = yuan sign, U+00A5 ISOnum -->
-		<entity name="brvbar" cdata="&amp;#166;"/> <!--broken bar = broken vertical bar, U+00A6 ISOnum -->
-		<entity name="sect" cdata="&amp;#167;"/> <!--section sign, U+00A7 ISOnum -->
-		<entity name="uml" cdata="&amp;#168;"/> <!--diaeresis = spacing diaeresis, U+00A8 ISOdia -->
-		<entity name="copy" cdata="&amp;#169;"/> <!--copyright sign, U+00A9 ISOnum -->
-		<entity name="ordf" cdata="&amp;#170;"/> <!--feminine ordinal indicator, U+00AA ISOnum -->
-		<entity name="laquo" cdata="&amp;#171;"/> <!--left-pointing double angle quotation mark = left pointing guillemet, U+00AB ISOnum -->
-		<entity name="not" cdata="&amp;#172;"/> <!--not sign, U+00AC ISOnum -->
-		<entity name="shy" cdata="&amp;#173;"/> <!--soft hyphen = discretionary hyphen,U+00AD ISOnum -->
-		<entity name="reg" cdata="&amp;#174;"/> <!--registered sign = registered trade mark sign, U+00AE ISOnum -->
-		<entity name="macr" cdata="&amp;#175;"/> <!--macron = spacing macron = overline = APL overbar, U+00AF ISOdia -->
-		<entity name="deg" cdata="&amp;#176;"/> <!--degree sign, U+00B0 ISOnum -->
-		<entity name="plusmn" cdata="&amp;#177;"/> <!--plus-minus sign = plus-or-minus sign, U+00B1 ISOnum -->
-		<entity name="sup2" cdata="&amp;#178;"/> <!--superscript two = superscript digit two = squared, U+00B2 ISOnum -->
-		<entity name="sup3" cdata="&amp;#179;"/> <!--superscript three = superscript digit three= cubed, U+00B3 ISOnum -->
-		<entity name="acute" cdata="&amp;#180;"/> <!--acute accent = spacing acute, U+00B4 ISOdia -->
-		<entity name="micro" cdata="&amp;#181;"/> <!--micro sign, U+00B5 ISOnum -->
-		<entity name="para" cdata="&amp;#182;"/> <!--pilcrow sign = paragraph sign, U+00B6 ISOnum -->
-		<entity name="middot" cdata="&amp;#183;"/> <!--middle dot = Georgian comma = Greek middle dot, U+00B7 ISOnum -->
-		<entity name="cedil" cdata="&amp;#184;"/> <!--cedilla = spacing cedilla, U+00B8 ISOdia -->
-		<entity name="sup1" cdata="&amp;#185;"/> <!--superscript one = superscript digit one,U+00B9 ISOnum -->
-		<entity name="ordm" cdata="&amp;#186;"/> <!--masculine ordinal indicator, U+00BA ISOnum -->
-		<entity name="raquo" cdata="&amp;#187;"/> <!--right-pointing double angle quotation mark = right pointing guillemet, U+00BB ISOnum -->
-		<entity name="frac14" cdata="&amp;#188;"/> <!--vulgar fraction one quarter = fraction one quarter, U+00BC ISOnum -->
-		<entity name="frac12" cdata="&amp;#189;"/> <!--vulgar fraction one half = fraction one half, U+00BD ISOnum -->
-		<entity name="frac34" cdata="&amp;#190;"/> <!--vulgar fraction three quarters = fraction three quarters, U+00BE ISOnum -->
-		<entity name="iquest" cdata="&amp;#191;"/> <!--inverted question mark = turned question mark, U+00BF ISOnum -->
-		<entity name="Agrave" cdata="&amp;#192;"/> <!--latin capital letter A with grave = latin capital letter A grave,U+00C0 ISOlat1 -->
-		<entity name="Aacute" cdata="&amp;#193;"/> <!--latin capital letter A with acute,U+00C1 ISOlat1 -->
-		<entity name="Acirc" cdata="&amp;#194;"/> <!--latin capital letter A with circumflex,U+00C2 ISOlat1 -->
-		<entity name="Atilde" cdata="&amp;#195;"/> <!--latin capital letter A with tilde,U+00C3 ISOlat1 -->
-		<entity name="Auml" cdata="&amp;#196;"/> <!--latin capital letter A with diaeresis,U+00C4 ISOlat1 -->
-		<entity name="Aring" cdata="&amp;#197;"/> <!--latin capital letter A with ring above = latin capital letter A ring, U+00C5 ISOlat1 -->
-		<entity name="AElig" cdata="&amp;#198;"/> <!--latin capital letter AE = latin capital ligature AE, U+00C6 ISOlat1 -->
-		<entity name="Ccedil" cdata="&amp;#199;"/> <!--latin capital letter C with cedilla, U+00C7 ISOlat1 -->
-		<entity name="Egrave" cdata="&amp;#200;"/> <!--latin capital letter E with grave, U+00C8 ISOlat1 -->
-		<entity name="Eacute" cdata="&amp;#201;"/> <!--latin capital letter E with acute,U+00C9 ISOlat1 -->
-		<entity name="Ecirc" cdata="&amp;#202;"/> <!--latin capital letter E with circumflex,U+00CA ISOlat1 -->
-		<entity name="Euml" cdata="&amp;#203;"/> <!--latin capital letter E with diaeresis, U+00CB ISOlat1 -->
-		<entity name="Igrave" cdata="&amp;#204;"/> <!--latin capital letter I with grave, U+00CC ISOlat1 -->
-		<entity name="Iacute" cdata="&amp;#205;"/> <!--latin capital letter I with acute, U+00CD ISOlat1 -->
-		<entity name="Icirc" cdata="&amp;#206;"/> <!--latin capital letter I with circumflex, U+00CE ISOlat1 -->
-		<entity name="Iuml" cdata="&amp;#207;"/> <!--latin capital letter I with diaeresis, U+00CF ISOlat1 -->
-		<entity name="ETH" cdata="&amp;#208;"/> <!--latin capital letter ETH, U+00D0 ISOlat1 -->
-		<entity name="Ntilde" cdata="&amp;#209;"/> <!--latin capital letter N with tilde, U+00D1 ISOlat1 -->
-		<entity name="Ograve" cdata="&amp;#210;"/> <!--latin capital letter O with grave, U+00D2 ISOlat1 -->
-		<entity name="Oacute" cdata="&amp;#211;"/> <!--latin capital letter O with acute, U+00D3 ISOlat1 -->
-		<entity name="Ocirc" cdata="&amp;#212;"/> <!--latin capital letter O with circumflex, U+00D4 ISOlat1 -->
-		<entity name="Otilde" cdata="&amp;#213;"/> <!--latin capital letter O with tilde, U+00D5 ISOlat1 -->
-		<entity name="Ouml" cdata="&amp;#214;"/> <!--latin capital letter O with diaeresis, U+00D6 ISOlat1 -->
-		<entity name="times" cdata="&amp;#215;"/> <!--multiplication sign, U+00D7 ISOnum -->
-		<entity name="Oslash" cdata="&amp;#216;"/> <!--latin capital letter O with stroke = latin capital letter O slash, U+00D8 ISOlat1 -->
-		<entity name="Ugrave" cdata="&amp;#217;"/> <!--latin capital letter U with grave, U+00D9 ISOlat1 -->
-		<entity name="Uacute" cdata="&amp;#218;"/> <!--latin capital letter U with acute, U+00DA ISOlat1 -->
-		<entity name="Ucirc" cdata="&amp;#219;"/> <!--latin capital letter U with circumflex, U+00DB ISOlat1 -->
-		<entity name="Uuml" cdata="&amp;#220;"/> <!--latin capital letter U with diaeresis, U+00DC ISOlat1 -->
-		<entity name="Yacute" cdata="&amp;#221;"/> <!--latin capital letter Y with acute, U+00DD ISOlat1 -->
-		<entity name="THORN" cdata="&amp;#222;"/> <!--latin capital letter THORN, U+00DE ISOlat1 -->
-		<entity name="szlig" cdata="&amp;#223;"/> <!--latin small letter sharp s = ess-zed, U+00DF ISOlat1 -->
-		<entity name="agrave" cdata="&amp;#224;"/> <!--latin small letter a with grave = latin small letter a grave, U+00E0 ISOlat1 -->
-		<entity name="aacute" cdata="&amp;#225;"/> <!--latin small letter a with acute, U+00E1 ISOlat1 -->
-		<entity name="acirc" cdata="&amp;#226;"/> <!--latin small letter a with circumflex, U+00E2 ISOlat1 -->
-		<entity name="atilde" cdata="&amp;#227;"/> <!--latin small letter a with tilde, U+00E3 ISOlat1 -->
-		<entity name="auml" cdata="&amp;#228;"/> <!--latin small letter a with diaeresis, U+00E4 ISOlat1 -->
-		<entity name="aring" cdata="&amp;#229;"/> <!--latin small letter a with ring above = latin small letter a ring, U+00E5 ISOlat1 -->
-		<entity name="aelig" cdata="&amp;#230;"/> <!--latin small letter ae = latin small ligature ae, U+00E6 ISOlat1 -->
-		<entity name="ccedil" cdata="&amp;#231;"/> <!--latin small letter c with cedilla, U+00E7 ISOlat1 -->
-		<entity name="egrave" cdata="&amp;#232;"/> <!--latin small letter e with grave, U+00E8 ISOlat1 -->
-		<entity name="eacute" cdata="&amp;#233;"/> <!--latin small letter e with acute, U+00E9 ISOlat1 -->
-		<entity name="ecirc" cdata="&amp;#234;"/> <!--latin small letter e with circumflex, U+00EA ISOlat1 -->
-		<entity name="euml" cdata="&amp;#235;"/> <!--latin small letter e with diaeresis, U+00EB ISOlat1 -->
-		<entity name="igrave" cdata="&amp;#236;"/> <!--latin small letter i with grave, U+00EC ISOlat1 -->
-		<entity name="iacute" cdata="&amp;#237;"/> <!--latin small letter i with acute, U+00ED ISOlat1 -->
-		<entity name="icirc" cdata="&amp;#238;"/> <!--latin small letter i with circumflex, U+00EE ISOlat1 -->
-		<entity name="iuml" cdata="&amp;#239;"/> <!--latin small letter i with diaeresis, U+00EF ISOlat1 -->
-		<entity name="eth" cdata="&amp;#240;"/> <!--latin small letter eth, U+00F0 ISOlat1 -->
-		<entity name="ntilde" cdata="&amp;#241;"/> <!--latin small letter n with tilde, U+00F1 ISOlat1 -->
-		<entity name="ograve" cdata="&amp;#242;"/> <!--latin small letter o with grave, U+00F2 ISOlat1 -->
-		<entity name="oacute" cdata="&amp;#243;"/> <!--latin small letter o with acute, U+00F3 ISOlat1 -->
-		<entity name="ocirc " cdata="&amp;#244;"/> <!--latin small letter o with circumflex, U+00F4 ISOlat1 -->
-		<entity name="otilde" cdata="&amp;#245;"/> <!--latin small letter o with tilde, U+00F5 ISOlat1 -->
-		<entity name="ouml" cdata="&amp;#246;"/> <!--latin small letter o with diaeresis, U+00F6 ISOlat1 -->
-		<entity name="divide" cdata="&amp;#247;"/> <!--division sign, U+00F7 ISOnum -->
-		<entity name="oslash" cdata="&amp;#248;"/> <!--latin small letter o with stroke, = latin small letter o slash, U+00F8 ISOlat1 -->
-		<entity name="ugrave" cdata="&amp;#249;"/> <!--latin small letter u with grave, U+00F9 ISOlat1 -->
-		<entity name="uacute" cdata="&amp;#250;"/> <!--latin small letter u with acute, U+00FA ISOlat1 -->
-		<entity name="ucirc" cdata="&amp;#251;"/> <!--latin small letter u with circumflex, U+00FB ISOlat1 -->
-		<entity name="uuml" cdata="&amp;#252;"/> <!--latin small letter u with diaeresis, U+00FC ISOlat1 -->
-		<entity name="yacute" cdata="&amp;#253;"/> <!--latin small letter y with acute, U+00FD ISOlat1 -->
-		<entity name="thorn" cdata="&amp;#254;"/> <!--latin small letter thorn, U+00FE ISOlat1 -->
-		<entity name="yuml" cdata="&amp;#255;"/> <!--latin small letter y with diaeresis, U+00FF ISOlat1 -->
-		                                  
-		<entity name="fnof" cdata="&amp;#402;"/> <!--latin small f with hook = function = florin, U+0192 ISOtech -->
-		
-		<!-- Greek -->
-		<entity name="Alpha" cdata="&amp;#913;"/> <!--greek capital letter alpha, U+0391 -->
-		<entity name="Beta" cdata="&amp;#914;"/> <!--greek capital letter beta, U+0392 -->
-		<entity name="Gamma" cdata="&amp;#915;"/> <!--greek capital letter gamma, U+0393 ISOgrk3 -->
-		<entity name="Delta" cdata="&amp;#916;"/> <!--greek capital letter delta, U+0394 ISOgrk3 -->
-		<entity name="Epsilon" cdata="&amp;#917;"/> <!--greek capital letter epsilon, U+0395 -->
-		<entity name="Zeta" cdata="&amp;#918;"/> <!--greek capital letter zeta, U+0396 -->
-		<entity name="Eta" cdata="&amp;#919;"/> <!--greek capital letter eta, U+0397 -->
-		<entity name="Theta" cdata="&amp;#920;"/> <!--greek capital letter theta, U+0398 ISOgrk3 -->
-		<entity name="Iota" cdata="&amp;#921;"/> <!--greek capital letter iota, U+0399 -->
-		<entity name="Kappa" cdata="&amp;#922;"/> <!--greek capital letter kappa, U+039A -->
-		<entity name="Lambda" cdata="&amp;#923;"/> <!--greek capital letter lambda, U+039B ISOgrk3 -->
-		<entity name="Mu" cdata="&amp;#924;"/> <!--greek capital letter mu, U+039C -->
-		<entity name="Nu" cdata="&amp;#925;"/> <!--greek capital letter nu, U+039D -->
-		<entity name="Xi" cdata="&amp;#926;"/> <!--greek capital letter xi, U+039E ISOgrk3 -->
-		<entity name="Omicron" cdata="&amp;#927;"/> <!--greek capital letter omicron, U+039F -->
-		<entity name="Pi" cdata="&amp;#928;"/> <!--greek capital letter pi, U+03A0 ISOgrk3 -->
-		<entity name="Rho" cdata="&amp;#929;"/> <!--greek capital letter rho, U+03A1 -->
-		<!-- there is no Sigmaf, and no U+03A2 character either -->
-		<entity name="Sigma" cdata="&amp;#931;"/> <!--greek capital letter sigma, U+03A3 ISOgrk3 -->
-		<entity name="Tau" cdata="&amp;#932;"/> <!--greek capital letter tau, U+03A4 -->
-		<entity name="Upsilon" cdata="&amp;#933;"/> <!--greek capital letter upsilon,U+03A5 ISOgrk3 -->
-		<entity name="Phi" cdata="&amp;#934;"/> <!--greek capital letter phi,U+03A6 ISOgrk3 -->
-		<entity name="Chi" cdata="&amp;#935;"/> <!--greek capital letter chi, U+03A7 -->
-		<entity name="Psi" cdata="&amp;#936;"/> <!--greek capital letter psi,U+03A8 ISOgrk3 -->
-		<entity name="Omega" cdata="&amp;#937;"/> <!--greek capital letter omega,U+03A9 ISOgrk3 -->
-		
-		<entity name="alpha" cdata="&amp;#945;"/> <!--greek small letter alpha,U+03B1 ISOgrk3 -->
-		<entity name="beta" cdata="&amp;#946;"/> <!--greek small letter beta, U+03B2 ISOgrk3 -->
-		<entity name="gamma" cdata="&amp;#947;"/> <!--greek small letter gamma,U+03B3 ISOgrk3 -->
-		<entity name="delta" cdata="&amp;#948;"/> <!--greek small letter delta,U+03B4 ISOgrk3 -->
-		<entity name="epsilon" cdata="&amp;#949;"/> <!--greek small letter epsilon,U+03B5 ISOgrk3 -->
-		<entity name="zeta" cdata="&amp;#950;"/> <!--greek small letter zeta, U+03B6 ISOgrk3 -->
-		<entity name="eta" cdata="&amp;#951;"/> <!--greek small letter eta, U+03B7 ISOgrk3 -->
-		<entity name="theta" cdata="&amp;#952;"/> <!--greek small letter theta, U+03B8 ISOgrk3 -->
-		<entity name="iota" cdata="&amp;#953;"/> <!--greek small letter iota, U+03B9 ISOgrk3 -->
-		<entity name="kappa" cdata="&amp;#954;"/> <!--greek small letter kappa,U+03BA ISOgrk3 -->
-		<entity name="lambda" cdata="&amp;#955;"/> <!--greek small letter lambda, U+03BB ISOgrk3 -->
-		<entity name="mu" cdata="&amp;#956;"/> <!--greek small letter mu, U+03BC ISOgrk3 -->
-		<entity name="nu" cdata="&amp;#957;"/> <!--greek small letter nu, U+03BD ISOgrk3 -->
-		<entity name="xi" cdata="&amp;#958;"/> <!--greek small letter xi, U+03BE ISOgrk3 -->
-		<entity name="omicron" cdata="&amp;#959;"/> <!--greek small letter omicron, U+03BF NEW -->
-		<entity name="pi" cdata="&amp;#960;"/> <!--greek small letter pi, U+03C0 ISOgrk3 -->
-		<entity name="rho" cdata="&amp;#961;"/> <!--greek small letter rho, U+03C1 ISOgrk3 -->
-		<entity name="sigmaf" cdata="&amp;#962;"/> <!--greek small letter final sigma, U+03C2 ISOgrk3 -->
-		<entity name="sigma" cdata="&amp;#963;"/> <!--greek small letter sigma, U+03C3 ISOgrk3 -->
-		<entity name="tau" cdata="&amp;#964;"/> <!--greek small letter tau, U+03C4 ISOgrk3 -->
-		<entity name="upsilon" cdata="&amp;#965;"/> <!--greek small letter upsilon, U+03C5 ISOgrk3 -->
-		<entity name="phi" cdata="&amp;#966;"/> <!--greek small letter phi, U+03C6 ISOgrk3 -->
-		<entity name="chi" cdata="&amp;#967;"/> <!--greek small letter chi, U+03C7 ISOgrk3 -->
-		<entity name="psi" cdata="&amp;#968;"/> <!--greek small letter psi, U+03C8 ISOgrk3 -->
-		<entity name="omega" cdata="&amp;#969;"/> <!--greek small letter omega, U+03C9 ISOgrk3 -->
-		<entity name="thetasym" cdata="&amp;#977;"/> <!--greek small letter theta symbol, U+03D1 NEW -->
-		<entity name="upsih" cdata="&amp;#978;"/> <!--greek upsilon with hook symbol, U+03D2 NEW -->
-		<entity name="piv" cdata="&amp;#982;"/> <!--greek pi symbol, U+03D6 ISOgrk3 -->
-		
-		<!-- General Punctuation -->
-		<entity name="bull" cdata="&amp;#8226;"/> <!--bullet = black small circle, U+2022 ISOpub  -->
-		<!-- bullet is NOT the same as bullet operator, U+2219 -->
-		<entity name="hellip" cdata="&amp;#8230;"/> <!--horizontal ellipsis = three dot leader, U+2026 ISOpub  -->
-		<entity name="prime" cdata="&amp;#8242;"/> <!--prime = minutes = feet, U+2032 ISOtech -->
-		<entity name="Prime" cdata="&amp;#8243;"/> <!--double prime = seconds = inches, U+2033 ISOtech -->
-		<entity name="oline" cdata="&amp;#8254;"/> <!--overline = spacing overscore, U+203E NEW -->
-		<entity name="frasl" cdata="&amp;#8260;"/> <!--fraction slash, U+2044 NEW -->
-		
-		<!-- Letterlike Symbols -->
-		<entity name="weierp" cdata="&amp;#8472;"/> <!--script capital P = power set = Weierstrass p, U+2118 ISOamso -->
-		<entity name="image" cdata="&amp;#8465;"/> <!--blackletter capital I = imaginary part, U+2111 ISOamso -->
-		<entity name="real" cdata="&amp;#8476;"/> <!--blackletter capital R = real part symbol, U+211C ISOamso -->
-		<entity name="trade" cdata="&amp;#8482;"/> <!--trade mark sign, U+2122 ISOnum -->
-		<entity name="alefsym" cdata="&amp;#8501;"/> <!--alef symbol = first transfinite cardinal, U+2135 NEW -->
-		<!-- alef symbol is NOT the same as hebrew letter alef,
-		     U+05D0 although the same glyph could be used to depict both characters -->
-		
-		<!-- Arrows -->
-		<entity name="larr" cdata="&amp;#8592;"/> <!--leftwards arrow, U+2190 ISOnum -->
-		<entity name="uarr" cdata="&amp;#8593;"/> <!--upwards arrow, U+2191 ISOnum-->
-		<entity name="rarr" cdata="&amp;#8594;"/> <!--rightwards arrow, U+2192 ISOnum -->
-		<entity name="darr" cdata="&amp;#8595;"/> <!--downwards arrow, U+2193 ISOnum -->
-		<entity name="harr" cdata="&amp;#8596;"/> <!--left right arrow, U+2194 ISOamsa -->
-		<entity name="crarr" cdata="&amp;#8629;"/> <!--downwards arrow with corner leftwards
-		                                     = carriage return, U+21B5 NEW -->
-		<entity name="lArr" cdata="&amp;#8656;"/> <!--leftwards double arrow, U+21D0 ISOtech -->
-		
-		<!-- ISO 10646 does not say that lArr is the same as the 'is implied by' arrow
-		    but also does not have any other character for that function. So ? lArr can
-		    be used for 'is implied by' as ISOtech suggests -->
-		    
-		<entity name="uArr" cdata="&amp;#8657;"/> <!--upwards double arrow, U+21D1 ISOamsa -->
-		<entity name="rArr" cdata="&amp;#8658;"/> <!--rightwards double arrow, U+21D2 ISOtech -->
-		
-		<!-- ISO 10646 does not say this is the 'implies' character but does not have 
-		     another character with this function so ?
-		     rArr can be used for 'implies' as ISOtech suggests -->
-		     
-		<entity name="dArr" cdata="&amp;#8659;"/> <!--downwards double arrow, U+21D3 ISOamsa -->
-		<entity name="hArr" cdata="&amp;#8660;"/> <!--left right double arrow, U+21D4 ISOamsa -->
-		
-		<!-- Mathematical Operators -->
-		<entity name="forall" cdata="&amp;#8704;"/> <!--for all, U+2200 ISOtech -->
-		<entity name="part" cdata="&amp;#8706;"/> <!--partial differential, U+2202 ISOtech  -->
-		<entity name="exist" cdata="&amp;#8707;"/> <!--there exists, U+2203 ISOtech -->
-		<entity name="empty" cdata="&amp;#8709;"/> <!--empty set = null set = diameter,U+2205 ISOamso -->
-		<entity name="nabla" cdata="&amp;#8711;"/> <!--nabla = backward difference, U+2207 ISOtech -->
-		<entity name="isin" cdata="&amp;#8712;"/> <!--element of, U+2208 ISOtech -->
-		<entity name="notin" cdata="&amp;#8713;"/> <!--not an element of, U+2209 ISOtech -->
-		<entity name="ni" cdata="&amp;#8715;"/> <!--contains as member, U+220B ISOtech -->
-	
-		<!-- should there be a more memorable name than 'ni'? -->
-		<entity name="prod" cdata="&amp;#8719;"/> <!--n-ary product = product sign, U+220F ISOamsb -->
-		
-		<!-- prod is NOT the same character as U+03A0 'greek capital letter pi' though
-		     the same glyph might be used for both -->
-		     
-		<entity name="sum" cdata="&amp;#8721;"/> <!--n-ary sumation, U+2211 ISOamsb -->
-		
-		<!-- sum is NOT the same character as U+03A3 'greek capital letter sigma'
-		     though the same glyph might be used for both -->
-		
-		<entity name="minus" cdata="&amp;#8722;"/> <!--minus sign, U+2212 ISOtech -->
-		<entity name="lowast" cdata="&amp;#8727;"/> <!--asterisk operator, U+2217 ISOtech -->
-		<entity name="radic" cdata="&amp;#8730;"/> <!--square root = radical sign, U+221A ISOtech -->
-		<entity name="prop" cdata="&amp;#8733;"/> <!--proportional to, U+221D ISOtech -->
-		<entity name="infin" cdata="&amp;#8734;"/> <!--infinity, U+221E ISOtech -->
-		<entity name="ang" cdata="&amp;#8736;"/> <!--angle, U+2220 ISOamso -->
-		<entity name="and" cdata="&amp;#8743;"/> <!--logical and = wedge, U+2227 ISOtech -->
-		<entity name="or" cdata="&amp;#8744;"/> <!--logical or = vee, U+2228 ISOtech -->
-		<entity name="cap" cdata="&amp;#8745;"/> <!--intersection = cap, U+2229 ISOtech -->
-		<entity name="cup" cdata="&amp;#8746;"/> <!--union = cup, U+222A ISOtech -->
-		<entity name="int" cdata="&amp;#8747;"/> <!--integral, U+222B ISOtech -->
-		<entity name="there4" cdata="&amp;#8756;"/> <!--therefore, U+2234 ISOtech -->
-		<entity name="sim" cdata="&amp;#8764;"/> <!--tilde operator = varies with = similar to, U+223C ISOtech -->
-		
-		<!-- tilde operator is NOT the same character as the tilde, U+007E,
-		     although the same glyph might be used to represent both  -->
-		     
-		<entity name="cong" cdata="&amp;#8773;"/> <!--approximately equal to, U+2245 ISOtech -->
-		<entity name="asymp" cdata="&amp;#8776;"/> <!--almost equal to = asymptotic to, U+2248 ISOamsr -->
-		<entity name="ne" cdata="&amp;#8800;"/> <!--not equal to, U+2260 ISOtech -->
-		<entity name="equiv" cdata="&amp;#8801;"/> <!--identical to, U+2261 ISOtech -->
-		<entity name="le" cdata="&amp;#8804;"/> <!--less-than or equal to, U+2264 ISOtech -->
-		<entity name="ge" cdata="&amp;#8805;"/> <!--greater-than or equal to, U+2265 ISOtech -->
-		<entity name="sub" cdata="&amp;#8834;"/> <!--subset of, U+2282 ISOtech -->
-		<entity name="sup" cdata="&amp;#8835;"/> <!--superset of, U+2283 ISOtech -->
-		
-		<!-- note that nsup, 'not a superset of, U+2283' is not covered by the Symbol 
-		     font encoding and is not included. Should it be, for symmetry?
-		     It is in ISOamsn  --> 
-		
-		<entity name="nsub" cdata="&amp;#8836;"/> <!--not a subset of, U+2284 ISOamsn -->
-		<entity name="sube" cdata="&amp;#8838;"/> <!--subset of or equal to, U+2286 ISOtech -->
-		<entity name="supe" cdata="&amp;#8839;"/> <!--superset of or equal to, U+2287 ISOtech -->
-		<entity name="oplus" cdata="&amp;#8853;"/> <!--circled plus = direct sum, U+2295 ISOamsb -->
-		<entity name="otimes" cdata="&amp;#8855;"/> <!--circled times = vector product, U+2297 ISOamsb -->
-		<entity name="perp" cdata="&amp;#8869;"/> <!--up tack = orthogonal to = perpendicular, U+22A5 ISOtech -->
-		<entity name="sdot" cdata="&amp;#8901;"/> <!--dot operator, U+22C5 ISOamsb -->
-		<!-- dot operator is NOT the same character as U+00B7 middle dot -->
-		
-		<!-- Miscellaneous Technical -->
-		<entity name="lceil" cdata="&amp;#8968;"/> <!--left ceiling = apl upstile, U+2308 ISOamsc  -->
-		<entity name="rceil" cdata="&amp;#8969;"/> <!--right ceiling, U+2309 ISOamsc  -->
-		<entity name="lfloor" cdata="&amp;#8970;"/> <!--left floor = apl downstile, U+230A ISOamsc  -->
-		<entity name="rfloor" cdata="&amp;#8971;"/> <!--right floor, U+230B ISOamsc  -->
-		<entity name="lang" cdata="&amp;#9001;"/> <!--left-pointing angle bracket = bra, U+2329 ISOtech -->
-		<!-- lang is NOT the same character as U+003C 'less than' 
-		     or U+2039 'single left-pointing angle quotation mark' -->
-		<entity name="rang" cdata="&amp;#9002;"/> <!--right-pointing angle bracket = ket, U+232A ISOtech -->
-		<!-- rang is NOT the same character as U+003E 'greater than' or U+203A 'single right-pointing angle quotation mark' -->
-		
-		<!-- Geometric Shapes -->
-		<entity name="loz" cdata="&amp;#9674;"/> <!--lozenge, U+25CA ISOpub -->
-		
-		<!-- Miscellaneous Symbols -->
-		<entity name="spades" cdata="&amp;#9824;"/> <!--black spade suit, U+2660 ISOpub -->
-		<!-- black here seems to mean filled as opposed to hollow -->
-		<entity name="clubs" cdata="&amp;#9827;"/> <!--black club suit = shamrock, U+2663 ISOpub -->
-		<entity name="hearts" cdata="&amp;#9829;"/> <!--black heart suit = valentine, U+2665 ISOpub -->
-		<entity name="diams" cdata="&amp;#9830;"/> <!--black diamond suit, U+2666 ISOpub -->
-		
-		<entity name="quot" cdata="&amp;#34;"  /> <!--quotation mark = APL quote, U+0022 ISOnum -->
-		<!-- Latin Extended-A -->
-		<entity name="OElig" cdata="&amp;#338;" /> <!--latin capital ligature OE, U+0152 ISOlat2 -->
-		<entity name="oelig" cdata="&amp;#339;" /> <!--latin small ligature oe, U+0153 ISOlat2 -->
-		<!-- ligature is a misnomer, this is a separate character in some languages -->
-		<entity name="Scaron" cdata="&amp;#352;" /> <!--latin capital letter S with caron, U+0160 ISOlat2 -->
-		<entity name="scaron" cdata="&amp;#353;" /> <!--latin small letter s with caron, U+0161 ISOlat2 -->
-		<entity name="Yuml" cdata="&amp;#376;" /> <!--latin capital letter Y with diaeresis, U+0178 ISOlat2 -->
-		
-		<!-- Spacing Modifier Letters -->
-		<entity name="circ" cdata="&amp;#710;" /> <!--modifier letter circumflex accent, U+02C6 ISOpub -->
-		<entity name="tilde" cdata="&amp;#732;" /> <!--small tilde, U+02DC ISOdia -->
-		
-		<!-- General Punctuation -->
-		<entity name="ensp" cdata="&amp;#8194;"/> <!--en space, U+2002 ISOpub -->
-		<entity name="emsp" cdata="&amp;#8195;"/> <!--em space, U+2003 ISOpub -->
-		<entity name="thinsp" cdata="&amp;#8201;"/> <!--thin space, U+2009 ISOpub -->
-		<entity name="zwnj" cdata="&amp;#8204;"/> <!--zero width non-joiner, U+200C NEW RFC 2070 -->
-		<entity name="zwj" cdata="&amp;#8205;"/> <!--zero width joiner, U+200D NEW RFC 2070 -->
-		<entity name="lrm" cdata="&amp;#8206;"/> <!--left-to-right mark, U+200E NEW RFC 2070 -->
-		<entity name="rlm" cdata="&amp;#8207;"/> <!--right-to-left mark, U+200F NEW RFC 2070 -->
-		<entity name="ndash" cdata="&amp;#8211;"/> <!--en dash, U+2013 ISOpub -->
-		<entity name="mdash" cdata="&amp;#8212;"/> <!--em dash, U+2014 ISOpub -->
-		<entity name="lsquo" cdata="&amp;#8216;"/> <!--left single quotation mark, U+2018 ISOnum -->
-		<entity name="rsquo" cdata="&amp;#8217;"/> <!--right single quotation mark, U+2019 ISOnum -->
-		<entity name="sbquo" cdata="&amp;#8218;"/> <!--single low-9 quotation mark, U+201A NEW -->
-		<entity name="ldquo" cdata="&amp;#8220;"/> <!--left double quotation mark, U+201C ISOnum -->
-		<entity name="rdquo" cdata="&amp;#8221;"/> <!--right double quotation mark, U+201D ISOnum -->
-		<entity name="bdquo" cdata="&amp;#8222;"/> <!--double low-9 quotation mark, U+201E NEW -->
-		<entity name="dagger" cdata="&amp;#8224;"/> <!--dagger, U+2020 ISOpub -->
-		<entity name="Dagger" cdata="&amp;#8225;"/> <!--double dagger, U+2021 ISOpub -->
-		<entity name="permil" cdata="&amp;#8240;"/> <!--per mille sign, U+2030 ISOtech -->
-		<entity name="lsaquo" cdata="&amp;#8249;"/> <!--single left-pointing angle quotation mark, U+2039 ISO proposed -->
-		<!-- lsaquo is proposed but not yet ISO standardized -->
-		<entity name="rsaquo" cdata="&amp;#8250;"/> <!--single right-pointing angle quotation mark, U+203A ISO proposed -->
-		<!-- rsaquo is proposed but not yet ISO standardized -->
-		<entity name="euro" cdata="&amp;#8364;" /> <!--euro sign, U+20AC NEW -->
-	</html-entities>
 
 </anti-samy-rules>

From c58cb15e6ae116b44d78bb642d95c62c70457083 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 21 Mar 2021 13:10:38 -0400
Subject: [PATCH 744/812] ESAPI Security Advisory #4 - How Does CVE-2020-9488
 Impact ESAPI?

---
 documentation/ESAPI-security-bulletin4.odt | Bin 0 -> 31271 bytes
 documentation/ESAPI-security-bulletin4.pdf | Bin 0 -> 113175 bytes
 2 files changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 documentation/ESAPI-security-bulletin4.odt
 create mode 100644 documentation/ESAPI-security-bulletin4.pdf

diff --git a/documentation/ESAPI-security-bulletin4.odt b/documentation/ESAPI-security-bulletin4.odt
new file mode 100644
index 0000000000000000000000000000000000000000..41fb6366154d7bc846c501bd10dbcb9257972724
GIT binary patch
literal 31271
zcmbrl1CS;`(=Ixm9ozPfZQGvNv2EKswr$(CZQHhu_wIL2{BaQ{&W-=x&Zw@cu6i=F
zqdGb&v!7Ow1_eU}0{R661RU<7q&va{O92D~^q=zY5|E9Bjft~|y@`Rny|smrfwP63
zExoI)F`b=(lZ6wVoxO>zv7M2Njft%@owJF%v%>#PS%qkZs{$Pm(0>Z%KV>TBE;fd?
z1{T&%^v?g)q_ej*3s;a6hl9q3{x=0qQbI)OUp?~A9iU&J|603&?~Xt~Am0iyDxw5L
zl;q@;6to<)Og!wAB-||YJe=GtoI+f}GCa~6^8Cyag4{|XoW_d05@J$PGRo45nkrHv
zDsl>%iqdMTYT{~^@_G)c+GYxR&RPZ*nx?MCs*)z!ss?)c76w{Q2J)_E8h#GC=4R%m
zR?e1A-cHu$UQSl7F0M3`0A3CNmk>aZ7ocGiVCEX?<`rb_SE!;qAuR`xRRR2w0BEQK
zv<v};x&Tw-2`AeLN2duhbAY8gz|{)i;Q{de8}1&KW*uB<65ePN-|ih<Xdm6+9arp`
z(&77e!XtaoGY}A9uNUlU5$Nq6?`ONrE3zTVx1}hvp`x*&ZnR@!v18@D>+HR6s=a4v
zcHm@n;N}+S3D|WF-t!0y4e(A4aV?DTI0^6w3k?g4N{mWKPmBspj)_Z)k4#HV3r{Tx
z&umJ~D$LExjxK1+EGSDWX(>$!DacA~$PUZP%_}R&YRQjkE=emZEi0{RtgWlAYG`e&
zDs8Q=>hA6i51$AP{fSBhBt`<#QUM{Q;~CZc*$ty<?aNsOKLwe9!rI}omXXr#h32lI
z`tJFPiu1D4pUOr+LlvOC?Wd=|yS8t(vTvz#V7z^FxqR%PV`jf&5YRQZKTw@ESf4Z0
zS~1w!d>j&b5R!C}7<QhPdXiRfl3jmOntf4Rc3#$W-Pm#8TzTKoG}7BQ*a=wZ1zdLw
z-}MZQ4RkK{RW6Tp?9X-`E%ZJQwT_OCj!Z31&rMG(tSw9qE=-SaPWR8v&i(5wE-o&t
ztS_%EFRgEFtSqdpu5Ya`ZEkJN&Yq8s{*14kOfLN_O#oK54wsjIw)S>r_HSnQ0Ly!)
zi~Cnw`$t=c7n|p|8^>=uci*?e^T%uB2U{zT<D>Ue%dZQQPs^)&Q-H%wz|+Rw{SM&l
zVB>y&=IM0p;PBw!`26JT==l8d;^g4!{P^PH;{4+C=KkvH;q~e2?CJ9J<?i_D{`%wo
z`2F$f`{VlY@$vrQ`}ytZ`TgtT>EYw)>+}8T=jVrL0mK#vh#Fo}L{P<j<Jt$o8)wx=
zuhT`V(==SU(&2DJju<fCF|v`u^=YK`=kt8wPh?kfxXx&d2~3elSsqcp;PcJSHX5=e
z293{600nl{Sz25+ON_G8dHTu?P#CB=(~v+!9cDm*FiYe*E>r}V93*xL0!Y~F`fWgx
z$asQKcnhhUJK@bvw_n@s_fOaE?KkHS?mGpNZw*A@|BD=2m!%C+p+x%9P>W0S(_|JI
z#%GB}kTPk~8g<vExUiM)^5~Qx2UZ?5lt`a0XE8^G52p!6h$?-f63In1Hpld}nq#Iy
z71o`|b-g$}U%CMbexOcM?Y1TOTmh-Km_8S&3xEq0dEUpFUV)ao7a$Fks@S0TNKWO;
zZuy(Da_MzZi0Dmgc3WeQ#)o<e3LAFjFV|weWq%xOP@3?n^)$fR<D{SUZEs@FUg~QS
z`px=Y=WA<Mk9hCf3&v6R>sIR>&Q6fH+?y5;iB~Vfe!Q=8LibO%mlSm<qs!tAp4;|)
zZEpMhVcUKP{jOh>w{@YT)+2>q`Zvc<W9j(D==^qT!bG*3kJ9H_qLtshb#sWkw`=#M
zsn2yr3<ZJu=Rm3*dF}TB{k7wc@9MQ%z18+>ZF{->A$-H9T87*AL(DP%%i`zG&eQPj
z21CPLaE<IM&xf73?<0E%kKR_Nf$<Idckj0IY>pQ}GTWA${A4%Ijn(~@+bjkFUMFk`
zG;yQ&q1lidh^-><&zg;zPPsq+uebmM;wd(KjIlRag)rv!#-%cQbvxW+)|mOh_}@Q`
z*`$WQu~5(Em&%+VEQF3*7z;wBNIkvZ?Z$C5U#!=>YH7TF5}(R$b;lQv+RbKlB~#eP
z7kC%CGxt7PZ>>63ooYwjYRv-84g%5cv)-AZjd#R<q)JN4EgAl=^5gdxm@Y(>hn<Z1
z@yGB_i8{n-zP<^QD$GQIxK)VQjHb@AJ2<ivr{y2C)Qw*CIb{VtVHlak4lGX+jmHUn
zZ`UXuhZto6-|wI4)|}fG@5jZK=85gNQh-w?922#hZF_%~w$p0NJ2(5T{!Pz!3Il3}
zcB2Ui5yBUh$Ni$4Pq|~H4IHZXYYEKuDEnqvERbyUjw7JM=xEr_G@;a1)9n?ddg27<
zRSzj@7PlGSj&`ekWxet7S$?`UG)W7#;Zu6sYSq$sQ|GdJ`V!ZEHP@d)OG7#1qq$r@
zTl?Yc=X39HR&7P#$Vq%P?GPxQ=b7cbXkG_Ud33*WKP$g&>}!jt?;Ww#^1d?C%w4)t
z)mgYyZ(FUn?!7uQyR`&c<~Q9?Vw+dJ-F}JHQ0eh=*h%;ta9RsHvf<LZ1&zNzTfUjw
zCb=$Qkaje8YR6r(`}IN3>D%oR4Y9@iOsV;Fze16d{b6>w(v22u=6AL#mCG&VTP)&f
zOIJ(Om^%{`wQ6Vn_TIx?VoS`M+jf6GVYa%XP@!}v_E?UWEH8{A&yy?a#`})_HImD#
zRXo!1T=KcXTBzKLVM{K*ZNHhC<DTMd-6d3l9dMHWV>4pYdfVdyAda&0Jx71s&eZMH
zlGiv7$?UiI<~V*F&$OeF^}!~#6&c~TNf_Onu#y5rY)2}aU*wQ+yvO0TZM#0z;&;00
zW(~a|pQG}4RU5Y{w&N4F%?{%BIbpjl$J_OGgc><IrB;Rb?ABqg`c55n<@JfU@=R%q
z(ZTw+K9HCn)tR@1v3|Y}r)B=%A0N}~(^ox*jk8m`rdog#^i4eJ27?4YCw7liCKiS@
z`Yi(-JjnImUjtm5zsE*k6n^)5(7sjOZi%@1c|MK|U~ksqRw@}GK}ZZ_wDOsC9!m#n
zS##@kasn~rl?ODpuvS}19W~P{hIk&VPbiDmsw<<>D2>fAB02u0%D>8_IE$~KRv>8?
z<*yNVmfImk<NYx$uQ1s&mZKL<d6I6aNXauqe@ZLPjJ!TQ<B+nwxS<K_&qU+}PhU=G
zsz|P<QmH<MF0Eis=$!eCrYu?cUe;gI*B)i48aCJ*7LG|%sYQh`6LU(PYH+G%<`VLn
zue1U+%H$<4n&!(_CV8BJ9N>nsaE^2>PW^;9+dV5wVlf_+m<SiKn30f)3m+N^;-Ppq
z(V%i6Lv~C}$K?9mE!shT6dsg?sXT23ddOU@<r;2Yx_Lu|)cFa_kg9FID);*REBV0+
zv>5KETQ*^q!lQE}B1abae)}@{wMAODcWG&<XLOTgKb5UXqL}15+%@-Azmp#DHe&?>
z>frjca%jYJ(huQnpyL|n%->CYRd)D}OnFyGn?TdOoD^3aC~TCI@{(T?G`pJ=_m$9O
zG1MxV5b2v+Dvh0SN8aTN*d$>h=%EwUzDWph+Bg>RO5IA1+i&pPK28SCMIeqmzrJ>S
zPAs#iz>fMqMRm|!(`!E$C~Be?Flcnp*o*VC&F^zUpOO1z$Ng$0Pw<^>mh%<avLGIb
zJ=(+%`*nOf_4SkZ>BoPU+FSX3d<!_={W^EJbc5hGlvysp%e1n>_kL;ro;A1eTYh1m
zZN9eS6U$)(P=>ud&BrEL|EeGi%Z}WY^VH`0wd=2(r@ZEdhZ~I6*M_+>b9p*{s|60b
z{}E6RVp&E2jCny-hV&+(c!=D<SgXTvYM&K{Nc3I2be{BdJ|FN?MK@wm#M70894k6)
z>40sxeE60A&e6sPn{C}JCck+;Qn8*W4YQfF|3;O5p;KQUkAaIx`KvH5qRz_G8?pE7
z*MSenASVYL$<XcMuh1)l0SnwpeeO{%#!}H%aojLgmww6zS9r*<Oc)~T*!5{j@j_|w
z8T?W_I2QAlys$d4zqTucG#CA8PE>~MhDhYR;*Vj1H5{ekl?5Yw{sDm+DF*k(I6}PU
z;y@@3)KhDLn6tzs@$8&Y?$V^zkW5gSn=#2o-XfSo)-jjnC^l;qYg;yH$}%$U**3yd
zhLOsj4sKP=fj+=)+$7aB?1Ne${cm&i-adhI7X$Eo7@Q{+7?ScFw8SZ!r?w*^8feO@
zj_o|*2j{rw?C+RZc__UO3;bELsyk!D%E9h(xh2XB>!`*@o{#n37IZ0%j_*C%TT!L~
zMob>mrKM5|W!5jJhRhaD_zl%4n*CG9PEBk37F>~u)Jf2PM4_^9$C8ZNk(Y=(uBYAU
z)b*&&(!weiRZvJ!L`mW$NE45;nj@vVco8GeQfJ|gp*SVa?rz%IOnTGFJ!z7{(;Lf&
z-ye!En6Z#U*$gMEb8vYmP$EQx9TJTX-z}A?3qwH6T^_$PCf1niR{@*X_=BD7@8E;E
z5@R98WA=AsM?;8Tq!$JsLZO4C)F)iZ_Zla%d;$fU2>dk0O7R@ykW7|oV9i@8Z=QIv
zKgpGhqEv=qN8lg0BU;RtPtP7pk6DRR(Dh2W*fAmD)WuCE8U>JXbO|FWJyfp;Qu;Ei
zi8tIF-mCCxc&lTqMr^Jf7^%Dqy0c-i)^RU4&mTTJ?Er~Ub03%;IDC5AffxiPjxyvJ
zXM(}D(SXtoi8{sMG5z>#B2d9sC!TZ!!<i7deeZ5hOc8H>`8J=Y9xB137RI1-XY-(0
zk|}oL8j*z>l{kYiL#9XK@D5nt;ia@zqb6Agt^qn6$NN#Y*5MSU6VhC3T-^9@8PdT{
z$&F1?X%gqJ1^RI&)s*ZHMpaeD@CXZBB@Ra7zCm$C)}fGhbLQ}y!ET}ibWlq<-r}Ch
zc)1o1`ilCdxCl`R-Jy!|gg#UbFvXuxIuxtEJ!l*h&@BIOuGl5Hm!LKwOPa*!UnSx_
z?$~+_TvVBHCS1tW($`8}&kZohM=#;jR}-cf^3+ct55vimBNH_KZvVDPK`qc7R6ZX1
zk7o@^Tqd7FY1(<GS*4LLkE1g!IHf*W9nN^mm6bLVk$4tCNy=t+g4*D)0Y{1iLbiNI
zeLS;a+j3KdV{%t3V>b+r$hxSA#EDmO*5Vw-Y7V%Jbod77O+Gjl0$-WL=VkQA*RH5m
zYj)zplvhJXb8@YjNGb!5azUJ_eH?d@Rf>Y}+^e`v!*>Ek{(IM$g1Zwh9a)hgTEMJa
z^zgzMFkwbdd%m!(tEK#*?Y1WTF&mQh*g*C^V<F=l_#-?5XkG)Jc&?OfcHEH#HbZza
z>oR|}$<A(d-NYEp|2kCd4<6dMFN~N|`9XjD`NGB*>B?r^>5sn3XK<w6ucDQ4ZG`6|
z5SjMavZ>0zzWeo*eq~;h!2I}U>Vkhcm-;EWx{FV0!e<>Tf#A1^a#2<z^t#Mcflg7*
zzEX0JwjPl!5-;oIoanE-lzf=0$zzzgO!R!Ma6$QByx`Z5j_+-(42jf3Qgh8Sa<3*z
zq^6pUq*ljr1GN`%s+yFnbe3ZgtFgh<HGj+Zkc!OuX3At*;1ophsf*3H<gw@8O}!rV
z_4b4a&LNeFbJE94C+gRCyy?S*hyI4*FfTH<r}ZR)Z7T2(%&K7I487|r*&Yqd!4r_v
zl&|FK?E*J3G}xgo7QVY1^i4e!>c6I)?oOaFCrdo7fE-}y2-t-E4jW#Z;g(10!GAU{
zkZ@-k3q{&5gtc-rfB-M3@ekXYyVX#RDchcb|3!R`?_%VewhxwQreO3+Xu$QsV0S7V
zM5N${$N~aD4+w%4xzO(a=9ye3iEp>Iyz1m&t;mQt1+fQ+tV3pu;lskK#o@`r+cJmu
z<^KkSu0-t9W|+wrI~o4-n<!|m4o##iIu|<6P~J)bNshP(8g_4SP`^GEOl7y5z!}I<
z97}vCL<;<9uTCj84v{m2lRXj=WIcVdBt*1gvvGzSHCQ?5X7jI6a1s?vq*j|0nM7S*
zSOe8CH03Y-hb-b`%X-6N6~!SXm&Vm{<R#i<X|%9p>0#(172-8wG9}U#%C|pMWF15_
zW!Y4XO$DA6dGk%s8XV0)@fRyKN+$QF5!83=>dym$^_7BMm^QEjja=-B_;J}{u7}L!
zf~QKP_FTc@mL$A^iY6!?b=7M=kx<JYwpz?tuIxfE(2Z-RB=ivZ8r(`A;&UeoiqETS
zsxE$>m#EN$;zhO%)kjpS)trb>$--;VEEwqO@X1Lbe~LCl;dxqqxmy)PLP3BHqY^V-
zkhO1wMI&+1>T}M6pwu7UEFAfwHXerI7#XDEM1o2fIOP86d)zZ9IQ!lnrJ;DEj0Ten
z%^?wTvD=*J>Q&F-S_Wh)Y&*o9M|Nrn8o#^Df1{;pAeHPkuEvWko*Q~WXmA^9oc*lD
zh>4E{uo;z%;yZ5FGV*ZcUlGz^xUFZo7Dumb3qtM>eneKY;UFtoc>5vZs$*E?n%cjP
zpqv2*z|}HOngiJl#_VzZU^-}U(q*+`N9x}-z_uza*4cMvY9g}LQ^X*}<OVA$Du0X4
zNIKTS(Onxx$tHU1@g;*2%rGWSns`Y9qgq2uA1Sr}MPtrqo<#HPWKFnj7Fsdbn1zdS
z#U)!GW8m-(Mp+t<D3)iDOBMdZkxP$i_`ah}2P)6Q#G`*>N#4FKCdk?tI`{`(ZfTrJ
z&AP19KPS2@-iPt3X3=r7-6lhf#{9gAU#(=oZ6;@GU{>=@dpp@f^PVP!+V5^VS3zfi
zgF9RD*fVlPV1#G0n_%O7fQyX+^i5VvBnm>i+t{fOJx5P(!%&<QH#!UnPW)pHmEc4Q
zuUg7qq)DA7`mn84S+yn50PW<kpRY{%4Y(v12PVQ&0r#|ko6hOP7<@^Aj;|=MwO){$
zpC=q?a7{f<U#KOh6OVpFs}&4UP#>$|(Y*CLRN`L*|A}cB{uir-<OX>gR!GpD5G_ZT
zd;Pi!%Nf7p^BD-j<3M2+hTtzFv97lAG^F8ql=;b_ka~CoXn-^QzDm`wgth-u{CK~)
zeje@;6G!StfYgJg2uWyj*c&!VHNl?&pT<2-6|O-k4t%(zgAUAXSJdUvgZr}-#)p|R
zNLjc)dCH)Z0Ce%AU@lPw5z#!sd?&C0Lq}Fxfl>t2{i$cAym>hqh<X9>r~S@aO(<-C
zdOHjONf_Xr9(k1+0suy`v^Up$1?)4(!r!u8G`9-Uvn3s|;L$w;GiXCL5pp+JmXOg*
z1Wu3x?>y$xlP2r5yEROS=Tg(=7)3N0SVaVcBBpg2^X9~`&p!qB^fPhW21^dOl!0^o
z_Y^oy_FQ-P<alFP>kliJ&x5$G>m8S%Z#q+gu{Q@Xe-vK%N^yvqGA*1#^mcEBD1+4T
zMRPyz;GU%wNc7mN7$TI#u@%#Rja6DKc;OQu6OCTAlxO&&mYW#ZYE}D$ML_th;|Ot1
zMB&{wmVV`w6QVMDC<3b&RtD8`34cok`qogF)Os3vnk?;kxzOS;k%*Beu1r)EpKxu^
zxPv{erCLi#gfo%|q9cb7t%)!hq=^~QNT#~XkVy<kU@jm9PLYv|kt2^A5_7s58;+$h
zBnUgjsS(@rLc|+88iL8OME99ZNstpEWjv>xL_nZ2C4?VsDGXo|lPZ#q#JL?gmggr-
zwBShy60JIgnZzA%%@AoFy>qx^Ze)<2mkRTp=lLDk_`!%21ulevg+md)7X`VQ55_GW
z#fKS7C6KmGHeBUjLi6IUC&nEW<w_*f9_x3~ydRN|U-CD&&5Cp`!9SnoeH7Y1P#hz*
zOTGx$v{#xGO_J&u1vLqr2RXDa&4r@5Xyd7t>nas8;+m+?ZNbFu@hYZhA@{)959%ba
z>_2~WcKMrtZdnLz5PG5Ppx4U3v``qg>Adg7Ezx;=HL#xtKDpK&$&zM}atemZ=ZBN8
zQ+x655Uu-vgru&-8Ry=&#MYDsQS2qgym^N>46&O!zjw)wK>o&Y3O`aHrW|xT8=FI-
z=Ov3JHQ57da|*+gd_xvyi7ip#zjGtipoNs-P?3ElOAtsWk@OVI<Py51=-f!PB#WIJ
z7`LR+2!`(k^+=V3J3hF`|AlHNN$StZReSw_WP&ylCUN2|Oq+9rl)Fm6<J*mJr~Mb(
zNk#Wu5jta)o7Mhiz#t_1hu_bKYshhxX=)Fx?<`h_gC)ml*+NZ}tt`I|rW22G2cIJ|
zI7Ku&5(7HMC(Zzzfy)nFm}=R^J$hZN30{M4dgXLOSBT<zY~~)=t1l*=)*PV#2)g_L
zHPMN+;sq#T4YHO=Ibh&gFDoi+m>Hu2r&?2_=JzAV&e~y9=*1P~U&9%jHM}NnVdBvZ
z9UA^CQ%9{BSxzsF;bWD%zK?kX<Pm5wu@@xwkl)7QV{|O`?kjC|o@FYf!H=Y=Y>z=l
zhot-wF37Dk%$W^Jf5s<{`l!cbXS>y;Qkhbo11^I4q)=`9k&Ik$V)0<T)>4@0WhAW}
z7zmZOOWZH0tSV;ED7U_vL`|oo(&>$vk{8~W(yBokE2;QVVhC-Ve3GhfJ8x2Y!uX|Y
zbgO1YidzfsF|-e=3)#3meGXMiMtaZ`jmUJ&RJ<D*4w)A1?lR~~LTkB841-~~AA~@k
zpB)so#9^GFq5pvWSu2Ge;0r*aYhXeY7RBXRB<9O}{fUQB{Y97Dv1Bh4SL3Zc9S5Q?
zm~E($FmnX@?$3l00bA+QA=OYpEnpqN%cG}OPZaOWHEuof`!~h1%90$kWgKq~`{H+Z
zJf`}0M$HMA>_T}hyAH=#npB^OnZyQE2EE*!zh*=fa!v26y}H`81Qk=F+Tl8j$Y2LL
z+|5#R(>IuIeo4UvOKPXTb(fVB1MYqt&ONXhJ)V#eH>2P-A$BG!zT4V>7K602%*kpF
zw!Og=F=Tkhh58|$S|uDO3GD5jVvqxNtyLHqoZ$wqb>(J^LU`YykA7TD-U7p46qYEi
zC9W`W#KJrVv8={IT{|lQSK|iiWfgDtRGU)E3M6qJYudq7zM2pr((Q~BNTq)JFc@=7
z)WqLP(nDx_qIa&%5fJkMz%DG)R^9n>AyJPU#>mF^n!l%qz`Qvs9Y%Kr1BnI>f4_=x
zAOra+w`R`!OWBJ6h)UxTS<sYP@D2yC=dsWn%-0~QO1dLe6%CvYpjlOiP0dg-4m3+O
zxre5hypw~kg4?Evsim7|iZmu+wA((e)&okc<BjRG_Nn%U#DwNKd=usO2Mw*Udc5sP
z!p$I9y7g7SlqCft(m8R}mV3<o?b|jvJ;V03`~A@ggY_Q;(j1$(@bLI>8_iUdfn7Pb
zQsI+qOvA4Dq}tk2Fie+v!Zud@(kB^{RiAOVb|DggMPhmwL|4BZ26@GiN*nsdZ4XAU
z_~y)=IJqIb;@0mWT8JPCR4y19RCqga=FhdL<Zw55#^P5Yp+M(tKM4z#b<}2U{+bcs
zk%nfdW}Wzz!2sLfX7<%oU@A55d4jwUtf=@<%*S5JNRIC7>*JI#?_}>2p6vE@{03Qt
z{L98{$aFOP2U*G9SPO_#*fOlw&-V$mWQ6Pkj%&txbeYk_fZ&=j=z{A-u71(B^z;Ie
z70+Y`G8<?pD_eSSdHMeIBKM*K<;B6=0oa?u428|8UfFq>o{pE_tm_>_XMQ1ftfpc&
z4e*(p1oa-uObLLo-c&n3ew{eJ?WyG<^|6Z)``J%^@BLIfR^^cYPK$HX8_%uzDI}n8
zOas{7e|0~c4~Cj5%YMg-`*uBF`u)oQzwfKzzmKaCc)l-(_W10@_W149rxJJ_UuqFF
zmEgbMknEDt1HLO`yBePRd%dn08(c11d%lrz{l1dbdS8=sy|4E{>HBGYzenl$->O6X
zMBsV8CRz!8egf3sy-$-veIJ%@d!6+!D-pUybbmgm5%4+gE`%ZBd0rMQ^|giAO7K5(
z`F-#9tNDrbyv~yOe@1J)pZlm|eZJ$xfA*>MJl^|S2|V2|w_bZb7A6rAQd@tnClP#)
z>u+)2xYj-QI{hAe9>$FL-&fRnTb_%n`QJxJb!h>+)w{lL`Jf0w534=T*VXhs*PpRG
zU)%g1&+(uLykBE(J)ejwoOh%2cyBWSsXu4&y*|f=tpzm^*hM_O3L!vd9QbMU^i%Xx
zsizkHPQC$s0j4v8FFe|Fj*t_^eDaftO!k;r=y}@sR0~tVJYUm`6}Jnn`MeTj%fDD8
zPSixBp%LV)O)}!#&v@4R_`}SP?|8UBKpR+QtLTd4`EfdU?DoIJS*1@+gd?%girK3*
z1xXg97c2vA$wFEG<-v5In^Gg;Q<;~^C$cG-fbb#|i05~x<DxybkXmeN`K<@5xDoZ}
za9VUbSFW?1IgkX=Faj?MT9C;%dx$!4%Wf3#q}sE<*4=St^|>3MqAU+JaV~URNFU(1
zu}M9G-VQCI6gK)Zc{L{-H8x{r?N+T9jk!^(PPuG~^Cn%bD|U`AnwkTMgeGhg?M;I-
zbW+DvpwnAB4WA=W*0W^Xd_3E&ufi%fuWemVL5MdC;g4EGSE3CcOrr2y)wVBt-6Whg
zpemdW;X}~2tr_+jz?-i@DkubN;PI`6aU4yo?bx`O#!L#7EZrJ=KF#G1<zAiiu{Uk1
zjtR|Q;SD*{@Q-k_Tj56aoQ|e+0v%EhrC3x$dgRl6`__KbrAEURX&A?B2sWD5U^*aE
z6A&Kr><@<pswX2O_>dkw!_v*M10A0<%*{!1WyMh^5~oimS4)jFL=;&oDO05u;``KO
zk)c_m$wbyb%+9Z(piz^JjZJBsIAi%PaowU>S1zfjzUUCH@>R(xA7g<(DzZ(%?`h!n
zgfRROj~@Tt#M}wSm2Yb22sPDNWuOy`7Lr?K;$*Ec?Gui`S!GqO9}s<k-2ln{tSHG{
z3-8a-(vGWpv$z?`wja3wAAv$&<(wl2``wiEHx(y)`WC>NljCt>*omRmDrI1~ZQiuA
zVckQ0gZJS2zL6*{c7krKfq(wszIhr2C7*!l3?U<j>1<e=eTDZZfxO+q!~#6p9^al%
zXGF>wPuM^-J5CZFZft0HkVn8IPEHOh!J>J?Y;0jD&yIJqvs{I+_Ic3Zs@~~cqLk{D
zveLeVZt}q9`+axhD`}a}+|Xc+3x=u`Nh)a<+ZP}q%7HKQW)kZ?l=>u*<61sU;xgVa
z>c&9SI+h@BnZMYugAO&}mH(IYGvEF1%se^ix`Y7lEkw7CE(z`;9y%kA%z7F%mSV2m
zP_Rw)6)77t+y-YuKfE{tr?z*khUJ4~j#syCZPV!H@%<YQAJp%Le(L^aNZX~$*S_MU
zJ1HoFq=##Z2kSM`&(0TjZ(YB|5-|Nlf^9IgZd$Lr1jq<$pf((yhSA%5_;*w)_xj)b
zps-nN+{@JIJGquScsoojCTcplZClXlf7sa#1j_IU#}EVCEaq-;c{4{og&k)YkQJ<J
zKGdqkNT8g`@iKbU5n`kVrB}}N_&wH_fR1=(C^gO5g1k5#Jht7e4SJ9|V`;}B!urQ>
zf!8rBCPLDA)Y!bC8dlX4qDhnC1eieL#LKK@#!6(s1Ai3P{Z$I77;>Np;yOyX(2DGR
zI51eaKfz9uX<FLUdl_#;%7nL{d6J_qEWz7$1AXJ*02=Frs_S`^C^7DdeKyy~BFCcZ
zcauty@*pqL{)7taYb42EkqyAaA|`|MpFY0jkrQHsrLC^)BS_FIw;QoF0&EkSz5fzY
zn(G!yNF}LScO2fBW|(o&<Z*ITI9~qMojjREjSc(vp5C;+5}|vA4g1eG+lx)3ujZ<3
zU4-DiyAX)x@{<<-?677hM-M@mPj;44;h^b8GdibH;=*bJvz~0bfVyaFZz;*=bmUh9
zgk0bX%`=kbW%o`+$=Qi8pBf}Uc?GGaYki{*z_Jn)B6QJD36<F*6u1N*%|YkDs)ZgS
zohk{i6#IAgScV#b=>)jySrxdX;cS~qS)-#~MaJXcTa@QX!QM9fOSxMVSV#kDq7>G1
ze+S$oZH61a9lac-8AMG-W1-C1MUi5ZVWPBi2no=qIT_7uH(^*vlS?KTGZM{L2mMg7
zK4k7rJl-c1&vps&DXf<nQNfn7%iloWq?^A=&4KpNN;{Lq)<PK%LMAW*&!e~N>`+f8
z>|5Nw3ATC)hT%W|X)R+7I3x8h&*)O>L@*xo_XRB)OucIrNT8o@5Wn%1ww&LDCVI>s
z0Se^$(8S^N+Dx7r(p@SMIuOuV;{AyE#qK<G8;|@`L^BxOx)`I7@cMC%j43H62gKq(
z&r04LNDit)HqKYe!uX^-ew!L<tj8E{E(v1k?>0m~DXEvL_kx#1k>TysBcj|%BS>!>
z?-5|~H`_X|5pq_Wjdd-~b3axmvP_c{Ob-sg2?t2V|Jg(M`QrcT&())%IsU=;(9w0Q
z-|*urT|4*gdP|J-BYGQl;@^TUGteQ`mlnq+7>oE|ZyH1=P?w?Asz=NsoNNFq%gl+H
zKT@X|P%o9%CQMR`bG)zX*#1<0?cHBMWx260h~V9-pP@T&aHZHmU(!Ta=4L!mx6STc
zwlNFqS=SIE*m+1>e#6l(UV4UdfwOH%Cq%9~Wki18Hji^TzM;a~*caK<NGa4J5lM00
z-C0r8>qudst4D;g#<g0fkx92jte7bbdn!;OhFP`|js&esJ_rpl40iHED(ukf@|^T^
z&=B+fiwPs$Whg)ZUXjc9aMa-I03t*2JBcAGcyURcVeA~B+*J2PfKK*nn}=TzJ;F&k
z=jh-?KQOCRHti$>#jJoj>yz5LJhHAIXt4RApn=yq%Oz8j*OvjxXAab#NZd_LdD4z%
zKYko3oenEetk3@eHojXJ`I>sq4g@+HPLP074dWF{7Foyq>{hCY;)G4YNY`Qv6hrnp
zFKJUtz)rYunA}oR(4(SDybR?aJ5H<XTIUXw?43yrE?Wk4a@7v%#~wzE{^xFKeZPgx
zKF$|<TX(_Ad0a<WfB4;xs##h$SMZb35^q9w5A1Jjy#=f<o+r$BV<`-wgsyy|o+pdP
z9UoMcfJI>K+VSNBo`oNa;Jp-NcMnl*7qH{rg9Hj@v}{iWfK}w1PLiqXiPQ^ae8{9q
zY0ShaKdT09z|)S-`veXUmoJpq!~42$vwE3)8&D`;;!x+p`{etj&t&_sfRotK*AGe}
z|6rY0`?e(#$>I@UjQ@_0P~CtL;c-^HdRp9r+%0{E(BJi>i2d1zdG{9pUcIopMeXrh
zXq>%Csib2lVI2GpUJM<}PvZluyUfvzNitf@-^Uo~L&WgSb4kT1Q;Y{iyo>)i@E)uu
zLFIUt2r(4Q!wbQ_^XN9go5_d0Dt3%Eq-iv;rnsa7ll6pD-+Ka7pWg*Iz4A*M65M;d
z#uYIM9g3#EwHT?Fg^hyDxbAz+s^#ezc`0q}sG5n--QikSZxa84TavIS_G80DKDn7F
z7~Oq|+GY)g_-D0yHL9GB4TXB+Y^f3v@eDc#DBG?2W(#VLC3r<6%NI?g1LK#}HOw!=
z(ltsN*-E+|SDE+p+{Hr6R4URcQ}RD#tFr3pvdfeq1<XXKzIxkvn2|?9WvL=VAp8@r
z@q-_qCC7zn73Jz|(d9V&@~y=qXHDtYr3l125qh+;tjpT};=#><`p1i&o?OCKnAK+s
zw5JZIP%Y9cj*41gxaer4&c%=|w+4ANM2Fq*x@ypMo2fpXgBYDwoNeHF)mb5-j~Onw
z_PnFzIh9A(uaB5%hs+hfo?t5sy-kl(cb&D3<0b`vHxSrWLR0LkF%V2S{J_<d0Xia%
zlY>BDoRjSWP^jXGY-Uu5ic9-ttFas7bgQy*I#Qg*VrEXXXV1iFwAJoE2D|@a{L^#U
zq|+HCg<u>+x+>E1oT)`><%&q1lomz0>xrOCrv^1I?f3y&7DJZFom!pVCH48Q5f$e1
z`eN&Del6aA-{-+L?2?9|7j{bVPvSANj`8MfI10^^Fan=kNK8>5<%WH}J_3O)Pyf1j
z4FrkLckBoN=Z~K*5+ATMRWAQItvJLPsUeR_o@N6tkRVtY>}NB{X2w}jE?ovyFq%kr
z2@1y%pPzDtE6XQYMD{4ktCWgH>qa*05wvbvSB&GHX|NVH%1-W3&vmLEh$vHB55?lk
zi?Mp5rGWl3>9d+yqB)LPqoDKY?uqh)rKMHQZ71!sY_1n@{!Qfl$Ea+vhIzKq=Nxeb
zYp+oWEU*a?1l{o2g@<%D2D!4q`re84NtlvPU@6QZ-~^MPQz}EM3ze+B^_LJdj_4p*
z{W@139+B3C=L+k=_GL_Tp+T#q*%f__m9A;@?52#PIln<5O+_PT!y6ao7b)-Wt$OBb
z^nNioE|QnDW{))M^3&FE91rcRW5(bBue7BGSs}$wnF!kXRQY!I&u?WL0x(#Y<fXQU
zx~Go;?Q_pOF;*I_o?IgEX7`WlE{t{n>h`0{H|B*IQ{49P(Yq1ebeAQygW+u2oPS+K
z818{bsq0TkqZ=Y+XU?a-L6!M9Db^elX-&rbU2yrnsrp%~s8{wU7}fc%wY5`+c0Sh=
zxno@|=isT`ASFkYZ|WnqLg3B7)q2n4(aS%C1C!lJpaJqMnvz4pCH1hpDbu=2F*~<U
z11kG$X#BE7Oqv>Ah|rG1kN!gp3iP5KwN4zi)bdOAUwr?bE-tBuZ=dDv42urvcOOve
zI88+-we0e}d^2U^4qWQ<MU0XWbX9#Wdj*kz(cBo0ZHaxxjq->h!AmT-jk?ZQ<@ht9
z=*Y=8Xxqf1bSnY4f*g<dw+G${voZtudw4kqPLZ#n$C}UWh{)shZ}}?<(3Ttj#TfUI
z^+Cdw8QPu=seYJ`mw78foLg&oa2zZ$W4C4q8zJXAZ_B4qCqkTLrLH7t6Xsy|;i>Eh
z?q9$c-4?^sP3g17Q$p=_4oG$Q)W?R*s{+cZLeF>pm)u!r9Fb4Y#m7s({S8z=;)_F+
zO-y>RBIFa@%{3u|9o#dLSe1UmCq+*<7t`xaO~)>%jiyF>pNka5-Y63gV#U=?(NGpO
z6l?ntjAQIqSv~DaVnn1a+dXBPxG&^INR{M_OqvKIk-&!9w;CnQr8b+{k1lqh%jiIZ
z=T6imZf-i($n4Bz7yXqm^Zb_FDm=eTt|z=*$}}^h$mAXY3sQL1H&w&AaY(Wco$qEe
zx1Tw;ew~L;G;5%6j{jXenGn4QqBx#iTi%vVETmDRY9Jxr9eEmqzkum{o-f0I?_pdK
z^%Fg>%!PU^HDK#T9ShC1gKlfJRudFn%)M=3<JD(Ez^W00^oBf{$y-3n#W82@N^o3w
z;Z&5M^TPCrW>Epnw?#0Z$XFKK#z3Gh7wuSwu(hdA&H=j>kLD;Orus?8+g4>n8|xyd
zT*pTPwlh{3R-#!!H*?`bA3@PnZjV^{-0v{2B3V>0ETpU+OckGK2@OR7o;72j$h(Xc
zH5#9%lTwm_5f}pzLvYBchU4YhrTShb3tQ$Pi*Q!*Ay&ei98tS4peptF{E_!>*Op#O
z!0(F2iZ-4iu|Aba&Fb?n3!uF<6OJ9G(wmLfm9ccTCh2_I_16D}<1L4gYcGOV!^fe=
zi+ML!I3op~d=DuM_mQFXF%lDDfmVH>YD6`sl0A41TZrJ7x3kMySN?}*#Kp&|0$~uN
z7h*>*8k=?fO(IHJ$Hr3sc)%$%LPuff@^G>JZ)>oRh%lVk|1TL?h5{f^hIrcLHcXBF
zV~PVwipq)92<iX*pDgrWzkdA>O8b9C{_BAK*RVG5uyb*yH8L<VH!(8SH~!6Fq_6*L
z&sbldGMLd)5LOogBHWeGh*`!NJ*pme>>qty8uAzFN<J&uKQPz7@_#3}|Cj3j)VTkO
zu$`@`g_(=v|KQ3yG0__s8JSp{{Oj5|(*O66_KtRDjwVh{h6evTB=-NprjxUQv&;Vn
zoV}gBi~T<`zsvu|)Bh0p|DX5xAIN{-OJ_SfYkLD*6YKw`wg2G$_tpsh7d~3p7?_zj
z(F<8P+Zfn8{WndTTH6^ooBY=@{I8xYn13dX>};L?^CyJ6jrFz9dd!hn%UWme-{1X#
zmW7T)PL(vWskSbynwITLmSsw`yQPApSn1<*bd(Sp8ZNm(?Ya7W_@FP51Yi1ncY$zk
z$G*`gpf~hySz&uA#tBhd6`u1`=2YYAa#>CXS4dxv?5{P2+w=bGJ+EIPc5d=47wJ7F
zUXP~~y)wG3Gx9y{U+jJ_X3U#K7%6sQbk74R=Uzl#y%62Ju0%V0{NW(C0~AxH82Ap9
zoxi4G{3N^ERz+K$!E>c~4E6&T+qmtruJIN=>nzNyGcTn}rp->G8@sFht1?_iTKt!+
zU(<J+9(kQKnF;D{=p@Z+1s!hJcCH^2MKS5<xw4lnmvx^vd>L-f4)5CrcgcY=B|A+}
zIl7WfT+4(Vm{#UDJt=H27vflg5jIT)ABf$g0!PY-h$t13x2JKOhPJ&yEvLYtupc4p
zvMB6kE#-D{lCLil?CS%_PqPX3$pEXdtCaL$wu|j`Ht?#Z`t&&T%1tvbuRi?1Xxw3N
z6aB0m+rHvoGfldxY<l3X5`i*KjScORxXk@+w<$z$8|QfD^962WB~XVX#A_k&V&YwL
z*vwXkbAbKPOB^RbodmX)OPp5g*x(^)MifFMwi@R-sIvux0WikK6A+X#6Vf_bq1E-S
z?R%RoXMFWP7Ro@Ss{z#rIJGWji_2;hoRYfJh=;5pdxrHjFm_4FnaOxhwvd~oo0#gP
zXb=57^TN#h5Bf-XounY=-w6<GJ;d<0uJJfTlg}}|!*NP(CSqey&Y4{GLlP+}Tv4~J
z+7Pf{IKz6n#-69o!h1XHIPmPDcGD~3+9;^xM%{H$1myf~cRDc3B)@?;l}Bh8<milW
z1jZ0nB=M*E(9NgAB(>04@m$}{h$a(9Gv1=@`T5_W&>bK5<b3p%;x-+qS6%T}bV~yB
z^i5HLdhHnRTa<anqY1$8&O+Q}yfEI#n7_kmd|sY4x$o~}K6AL-Sej%VOLV~59A;P`
zXf<IG`6@F%(7pwB#0|#?eC!^#F5!k3w>m^aSF$`An13m*wwmu9XV6^Ff$=go-j=IE
zZZyMjr8~K@8e3h%BdkdutS$D@0sr=C^myoVlRV#Y0}BgPDs}b5I3X-v9JPbz@PXJK
zgOwfodyO4uf{?a<w%S?*>!nZR;s#9ED4Ahh1i`TmDidI*Ww_fz9>Yv_a&5X6VG|2-
zc<H|YCo$Q@MG6M^pa)#)0geIYet=8B_op6UcNg%U3;0<DbR$WV*}R4n&ybUm<tF|P
z(g7Lh86K5v!T`A0ilX2)q)t(&5nf~8&w;atKva{ZFQzPs=o4y^*2x_>czmuPJF~zE
zWiqWhnP{ESM_n2BMhF%W1S{m24*-Iq*&(y967+3LjYSG^wkFXd4o)fL=AcWx-_w_u
zXsdlxJ2>pCv&NoR{t)7$V-V*~K4V_ve<jjU<;hu92m9_2d~u5^L_1Qk3^{aivq1b>
zoa#kXx8`()I1#Pfyos4v)eZi6c$Z`cSYLz^c~X5j#87d}{YV(%`jhIz$JmEg#C5H4
zlLo%Lc~dJqIVynoHA6u1P=f4(0N)S)-FO67=-#}Myx39d0P~!+Xp>;eX6k1HGE*AW
z7)9ox`s)_j+oxkO{J8}|5aalkGBnVZb+l4LYWyOLNMHU&H9C4fh)Xi~SWckc_GIf-
z2g`cGo!8xS@!+?_=<suIM4X-%79&$=Tr=^<TXXi+{KbIj8XxgTXgBATkLiX=&s-Rs
z!8|uMCoXOkp}_6gMx@dgh;r8op%v6bi?SC(u;!L{EVd)PO~j(B%`I4!R#M;uSc6V!
zkhu>Q0Z>05QT%G)IxM+%N37ohF5vpS?z}-lk<LCYQr*lp9YDY40|~No7At<#h3&px
z!g&Y2y06fe8K~%|0NQ1~i2L>v?|=I|Q+-qQKZgU2fcev6WV#{T=l@L}{MX|l&|<~;
z(_#VtbtVbCi<3!()1u#dgY|}tIO;RVgeHJX046d=$D`elfWNThR+Y$91!JE{Ly1$2
zG}!X1F`NQYZBB37s6L4gKg}f)#RfHxKjq^(_f@<bo0Dquw}2nb_a@i}aDHJt@{_o7
zU!b6!sfsW^F6?Y_P`ob<+}5v;$A0^=CM$&MztZ|FXK&h~YUiU1O(C{V=F#bSG5bd4
zno#RG`TS8e(P&tW0H}=15hfnVTmuB>T#!@_3h-<UetJQFP6mr;`-n~BCj0@!OCDg!
z7c#wMZyfn<MUxbky+R|nB;i~3nB1;io<UC(aAf=u^mTZ^h&2nd3Tk6LK_hW6>1?p<
zpiDtQ5Qf@LD3XJwwWN%01Sbi+^8I7<w>oyHF5-)mbu9V3d-vvdE7jyytmK3Fr1iwp
zhdM<ecByWQqQH(XO#wwLj|KGAsy4%mQ5-Mh(XeG)>0CEMDS^i(10g=jaD^n@;1eFd
zyYGW)EFe*t8t0;(?YC)YNE*L<N?lD>>&klQI^VzaP%b89l6CHnJImRMHNm_Xu*YY8
zOD^UEQ>Gwm?eol9EI8nZvB1z0LAHBkDaA&m>Nq=E$B6%DVzD?`^4TdH-J+Qi6_Wyw
zO-azXDlfngcWy1V^M2^J!inwc>?JaBL$nap#eH{n%MR}?tFuSO!9-fdqK3|ibdzG=
z@}HQc*ChRw7kaT*`VJ{`iMQ&{XB#iAcZujfbA)|{p+oi4(@Oj#$Qhv$2ZE|WJ(^+0
zkFc9o(K~;BRyzF)x@G%VTH>%#^7@TVpFOoW`ID*FWz(WU1HVV)J+-i2+laN-ms;^H
z)kZ8Rq$6Z5?wOqmMnl7bU#@`FS273JsQK$!)cX}_u8IWc<TKhjMEQ=Tn|UKW?}ZsT
z{+u*9(&NB<BeQa3z`2mY;te18vcTf86fSZXfM=~i%a6ri#)Jx2C|tbOv}X2GWpc1h
zvbVAI81v@{ycG6kigts$xDiJW48ZHuD<Fq8hJ4pY&|DC7(B=O+EL*)q5TjzaLATl+
zBm59Qn!qQHSp$#`-ffE3Eyus6i`0pW<<4QlNc?A|DX{u$&^?VS3`yl8$evVttURh5
z3i0yL8M07kVQ+9!zD3z7hK))t`ci)B8^-^<|0rl8c1P!-o|GvvEHI%H`>o@~{6$p`
zF>37EMhF5|tcUz{SoPvdNYgejO*qtA+|NYx$QF7z^!aSB<>Ve23e)QE<^%;mQd7Ev
zd2K{K&%<{j8{W9GNm)?OD5tLzGf%Dci#6;%@-NY3P-_-5P@-A?lO69o3JTt6u0+%L
zC&z&SA3@brWl`9K89q8+i1DRJeWr@5&|=OhS-5uiz&N>D6`g6^HaYsX6+TQR;(2Tn
zNZXM`fZ*J8xQ2g7X~}td#Jyl3%91Oe25*<yRBEL@<7`JAD39T=reUsbM1|~<mvSY7
zYG!RQ)JW&p-L1Y)$wh3qFecGZwcsKu;uM8qn2KW=OI*2;|4+K2EPBcmM=_`{ks=Fa
zifQ?bdAg3U=ne)<6sp<PtH4p&*|niy^hMOSMrxUUvwCm=*I}7i*^xf^ux1QbaS*%f
zG-wxc16r!sv?(*_<eKrGiQr#!tvk)|6+8#xH1XiM;e)7ak#7fo)fj1GD}X80-zs&3
zJdS14SV7=09h1xpq)ACei&`#{`B9Q&A3d4B)Uy(uDG?*TOJdLph(28JGYsYG(wJ1#
z`&0NnU&7Z$CI|TWFH|my(xiA<9N9~i_$iv~FsgQ`Hx7BGPlH}`o&o-_N$_;C5$R_W
zSj>@Vps02nzDLHAjNnyKLd}(6<ilO%2T>KJ)8xa(g_c8-_cg_merlZptT?>qc4ipf
zQ{v00agEvI_lkrRjbL{==6#FHk~p<Tm=R1L5S<?xgYj}<5w{F$tUau_&q;Kt>9DS<
zWEJ2|iTySAw95^P<N9hEwO63<uF2029SFf#ZpqJs=XYI|O(WSRym)arQV=F}R^HOh
z+Gb4ubQEhouwzkiGYtd5V=NX#nd=E=?au_fR)j4Q0r8oKT_FNdhmOa9uGBO*DSu<U
zOeK|^m>z>ySb&D^D2jimE{*{U3!>29bE+d!9F&?9in;e^?w4cVTVRrJhTVJ}GR(^V
zynXjlz>LczY0PlJO6RV>F-D^U7Znx@9ddh*Crxmd-am4g4A!v58$E_H?>c;;HESyO
z(Yr$RTaL-V^BcVXFs1W*u>>U&@}16Kv`p5PV_Yj!CDmZ;{4vl8ARk#_d7lLwl9Y@~
zB>yffR4Q&|RsC56e3_RQP{)h#lk<M$79K4qPqCARyZf?K!19T&7gJxLe7AiVziCL(
zsrnQUXyiumiNBltjvwM6=bhmfA2%txKsg-yF#h74pc7Wi#T;FxP<Q#kil9>sHoOwg
zH`Zmp|B0sG0btw$NQ%b)ozE4IBVPeSXZOROehDh?2jBd>8Q%9lx%jF*?g05He7!CJ
zg=F$S1PbYd^8F8YfsFsI@>#+h+b|5KR8L<eLn6VNP8E$|)9{zZ+QDvnE=1B6Q<Z1f
z9d%CwYYK&-hsd63NbbAo5L4>r-sJIuhq*=)up^mh0yhB6Zf=+O0=S*VlB?<}A84Xs
zeSrvpmLJ*!uHdLXZ5Yg{+aW6~7+6p$X*Q1m6R>u5Q`ncwjqpH4NWGcqgikq&4S-+*
zw0_|`n!<Iz;f$~Q{N6q4n3#pIvyRpiPAL?>NrGtLwE}mRl$4--^5uRf0`+TVgLJ{w
z=yU9+HqqQ4L@oj9*heNSNf8~txAk^>U#wMQziqO!tJ&!m{8{iNbQ38s4sX-QG}B|w
z9i<m+a36j}`969G$xze}Mc7DoF=OU;pX-UR0Qafr1jYJj9}(9^n!gFSwWT)}$GQBH
zKWY>eFq@S}H)u1)$eyumw)~_XNU`BhbCVMJWF5<~Ld`rdw44WuGXOPfqQd?|d<v)A
za|sn4Ah4`#*pQd8m$<6lJRB?t<=W_%Xqn^&4V&%LfHj#8GyKv%Ah(X3GToo{@k48#
zw^<bgtePTK{tymHk-GayeVvSO(aLCrAWx^)186aEj<&Vh;^(*9s`qnT_eKZ0j)sxq
zM=jXLVg1?*USP#RZJF#Xb!#d8-dOP^t2_TW3ev;quiTZPtItO4{R<!1tagnS^^D-;
zy~gI#YAcT=`<hg*7Bje<3aZ^(eKGRA=nWU^VM!aY?U=e7xoXvcQtWU963Ra|kIo9c
zuvSJ0M+R=;|M#lQ#a*$0p1pNtwO{bP7c1>ZI3;4D-`_*`FJEpTcBg`}7$ne$1eo&q
zCExDnmfVWIvDPo|G->8}#}F(7vW*FNjEw=a{F4pXDpjZae%l_9bl{DHjoep$^NNqT
z`&0d)+07t?f#iZfP?x8cc_Qh}2icYW(t-eQsLdLu$HSxTWk<<-0a-7k4!Q9W`m6bA
zEkL(>2yJ6`&HKzq`%24UY0Ho$FG$08g%F#M<yhPzX{EJQV(>J}Vl1vS$=S4}KSj`)
zSf%Jz`F6=Q^N!}@t$yJ4mbM%DD*J51ui$##*o>{I3Y@rOu8<zK;yMHaIC7nVgr@UA
zF_u(!+AdueV7@LJ4Z?b;x9yYa7R|LfyJ02VJ1GM)1nfKwCrYEeN~UNBfDh8!Jg&;<
z-=Jr!p=p5d%n~7EIcoGk>F*K0r|MrJJ|IHc#G0%B-c0-;@s-!@^W$XroGk$_8WZYC
z$|KAKO<_>3NIm+;=3$}AEk)#N5HXK=k_sCF5l9!n`mEEyto=p6<-oPfd#7e&1vHv;
z--KXo0BREE3dw)eqFX?<j%~Yl)0E?}#~x$)lBcupIYQ+y*ZcM0c=5c=1>xPvvhFhG
zsFjNst?;h-@(s)2ocg~of!+D`=wXIj3jyD*;M)L&=2P$gXzZ(_;#j_QafcAx-95<Q
z?(Xi8!2$&LAi)NAcL?t8?(XgmA$V|m$-VcyBlmaSdVBuqUaR)Ex~sZsYD;|^=P2yl
z%Lm2to)>j!6wf?oMEFx5$~+AO+hrY|@HitlA4<c=Q*J|oM`6MlX>#&w6rd4`(T`im
zqJAu?5?|-B3B$3@D$A1r_m`-~sE<e-qO%(s&2g?vNDJmSayQd5yGh{nKcWfMu}mL@
zT3s^``P4yz9__CeYg4cu+SSV|;37scjaKM)JNKuhY7w1!O4oqao|@^@Nbg<#wT_G4
z(Crym;t!^J<7QR6k)t?i;Vtwy+IX^V4C+>Bd0z}oWBr7viCm>*T27{3=B~SEt`4%r
zzJW`Wo2T;65<N?igF{22cA*pg{)1paw(j-Kt^91cb`2rRcDp3-p<5|p`D}Qf9uIAG
z_(3OXlEDbA?M5_WgPCv>%a5z)%FIi*HAk)1+DrmT8=_70LUR=v2?~+`rkj^6k(@RQ
zh=3C*nNv#muFJr6j@5%(5OYfp?E=hKcv_WZ>a&Gwz3*4_k)y&bDh*x7sV!dKXMxm%
zs;i)Ckd+}nk9iKd;L%OJDv)gg1$#PP7m)7yP5jz#EhbU)u+QsgsYzl1_vc87)E%(K
z23pZXjDJ>Vg#jVY7x3ZRlk+y~l2q@R*68X8tSE!rjfG$LG$0w)cOIRPYo3khj)jmI
zDzoGc5=mgLHTdI&v1R$h?gy@}IAgoMHJ&iRk|O?1jk!ogCZ7Tv%N0Wq5L+u?L{0`<
z%qH>F(hwKcxS@Dgkr#{V_!&5OH4Zmg?$#pVWcdL;gu$wYKd-&cOwpgM5lR5KOWo7T
z+x)H5`|0SrL65S{U``*$0OTpVG;+rn1>`2RWsl+*o7=;y?kRF2evgdh#r?PM37S4$
zYcw6r;34n|^fF_r$88#(tvp*fixd3`rTN0w^=(rpSaB%o3|>>5SOOR<I@*KTrC0(-
zGJ)?}(EM)rQSU2KGbQ{oR}e3t>hWja-Nsw50x=<>K7Y&jdhJD0?x+?jr2}fD$~-#h
z+c)5xj_1csKRJD+4n6(6n;mhQJ=a<sDdcyiPd<vJULH&uGYt>`N3(x_lbM=B%*Uhh
ziPbSQ|JN>EYaJT2I5Gbe)|gS6guUsy@q*;@as~71?06}AxZm##`_|Fo*7`-^18wN(
zkNUm4jOX~NL~>i*bDEe`!Mf>Yub4Icl;VIgQIJCuwLC(FMkxiURLs?A*FY~twK<f4
zy7u;cM_cpQv2WjLDB-ev2|<8J@_za^x93%;*E!)Jzbs3@EC_%|!#~?qd%-^Nc|%}U
z!>MH39{cBqDT;8-h#O_&E#6d9MMyM0Pzy!Uno7ZPjs!fUZbp_F*xWeePK%MM$@VaU
zhiUV0C=8?TE`XP(w}q+21&u7Fd%y{fs5u7<CBRW#5mU+64n`g=+vXk7tY=yvj^yNI
z8-U(E`5mD@uNJEC9t-g^y&JLS=5+y)zU9mpiOFVRHNpL%EIvHg&Bf{wJ6hL<gmM@e
z5=cHZ)lMG=%U}mMEKwbXpD_vM+I3ffI!+S&MyRaR4TEkWQ%v@%j^e8ogfO{HsCJS(
zEdHmLalo>?lRQbrd@<{sLu5NWixATnRSc#)B~RHr7O>98ER|5hCr1sk_)lN+xeymL
zEaSkSh*5$lb<L%%rlwfzE$Ys9B@s!)W69<UyqmWA4yA>uw558b6nGJA3JD8?6tLZV
z5w-$ug`n}EOlrF<1fLyV!Y9eT`#(t84=;Vu_1vYjRLEPmah;4s`=EEzfJCCW#A3ei
zR&^XOK0V~+_|o#$>rywX(Zs>96m4_Lv6UCS!9SY|RLKj`YT%y@DWgbB%f-CowFX1u
zCbhjw;g9+n->&jqkrrf3qTgpBLoLAm)_>eM+Obw~bw|mt;(8QU^z}fO^WCJ&94320
z$|M(hYGHgf;ttX`NLK%5k_|m;rf;Y}n3hDdt+3jnU1c~X2Qx<JO`5hu7BFVGPP<_p
zLd1nNR>8pA;L%@_l<C0$_QrCvuFV@d#>HToge*)!gVu^qjJZh7MddFDj~{`-LbY0o
zCe-Onx|$@3l-N*8usPS+F}SEgPku0S^}`~N`oJ03?z`+ay{Sf~P^g_tbl5fxV=VWA
zX!D{@qYfvu^k3$q7G{JQr<FB!It>)=IKO=m=_xrEKbE=MN@9QordW6$41*ArYiM?4
zA1xUgY9tpKXbp$kgiB1hsjK{<9>&uK{1X%l+TOMPm2a~Xfg{2#)aGJ}BZk&CZ$8|6
zIvFDS8&pGCh{yLhmHU%Ak;p5UjpjPLq^*4>UZTSTW~KP_%E>-KGrX#SWX)^|7=8Zv
z*A8H1e3mM_1e&168dPYq;Jg$RV>vB;pXb*`AE{DgUm=@Q&#E<{$BYDwViM9sBg&LD
zjkt8ffeHE!$!G(tAI;HMv98>wDF-Uq3D7=ZG3Eeg1`1U>`ms0&F`Yd>h`FNiVJnMw
z@xC{WBv@#$CoI0Q@+06W%iz)U8waJ(BbrbuJIn{<-DfP#WjVKCqVx9z8G0>yqQ$9e
z6wY0};o$EFBkNUdBQrv@FYO@Pc;kv7>}Ni?W(}LZyV%5dFsf>@n8^D9cMp@k>RLy_
zZ>RmU5e^+%WWg8dGMcy0f>FpbtF|O+Xs|PYJBqk-x@k3k8yix?!pR7pmqb=VUL~Xd
z6D1}Km=ro(gMWIk@gtUckLi5F%EFBo_Wf38%L@I-SeJoW4ISph0WX6oo4nwbl_7#7
zJt4UC)9v_p!0ajGdlgkrVs0Yj9hy1%s;I&t%)-x`ogP$9sP{1U+CghdYc#5J_Zu1W
zw_SIZlP|3kgmQ>MTnlQ>4#(kxe6w{AYBoC$tnp6EtlbfFNAqI#7x?B$`4i&>w}($W
z34@bFl++G%C~WzK(UA@nG~n=FnBu^GWNSf<83mIlke@P;?>_tN!$en;FoaLJ^^|5x
ztYiTC$D}7ER5&f;U~wuCGzSx1oD^X^AAxh#bxllIU-k&b&o7XBelQIzLad`b`CTyH
zLXO~e3hTh3UX(sldbQ|TsiV%}o5f1+M8*959Yl2KQUPT|huof~xlrfGrDU4#lc{!(
z7N%85_fL#ksPi{|MiwMEF^6EE?253YVDHJ9Q}g%fz`~vFn2hJT?z@)L_4vv0<h^>9
z3J%b(0jHje+IO)R&+!2it}yn9nWyTRJ>vVZ91ww{&KR60(is54pM4>#GSsqSzj!yO
zT`=(ISfYXl)Jn?f3c&39FsVmqqOlFy(gN!Ca=4-s3iY&DW%O+^bf@QTySck)Ku$t>
z2L7_(X~#-4kzaAA6tP{n{ge|agkt0`fA}!qa0`C5Cb{lIMLVaQ-8Q-Kk)De5%_2T%
z!j-3sS}te^hltnx&=tvOk{F^MECPotS%oWPA(OI=xD{x*SIKu80f4RUT>-+1(mi-m
zFrjG6e4=U?L4-ck{*@}aJd_Z(^tHH`x4GjzfEo_4h!x8ujK0~0Ta&S!+iYd3PKQWd
zVdR&a2?iS$Cb0?0`N`O)Yq45Oiaoh2>D1UFGuR}DT68pn>u8Y5&%kT#+ZNvC%_(7o
zxSe)5Rf3ENiuAJ@8z;<1Hd6i9acO~I8lgyiv<8E?2;y0>1DHa|cv}vD`T%v3TS_pJ
zD&|>Uk$*#iuG14F{M2j@CYx{!C}AV%id#Gj<_RRQO+uyz2NHkh64*hIlx82z6{#f$
z36TcV2etW?#JH=JgAhMZ7ZB4;N#fyDh1|r$3E9?9M=l?5HLjdo97J`Ih>kSk8;9bF
zHo%$zf;H(f3h76j!WUjJ+scvQCa<^TklESlBNyk&O8id9uGC&nzE`DH_5I_JO2DLp
zq_&lIQk;f3jeTizv+E{wsSuI9W{P+X7tWQ8N>m!chr6!_V26D$j3|-mTLwos?v^SN
ztd30Jp$f<`_QGS`!%HMq!uYqP;v&Wd7Xy}1%=HBcoMeKy{fRC#@zdJsP|Z9va7_ao
zhwtFG+dtPybowpCH}~jmYV}Z@=|Aa+r7gzdh4|F#@Xh(UMMjR$4GPiIc?FN<6s>$f
z6=#)U@EZcR^}HNrWY5&I8?VD%0NUr~7vuPHjiNC1SE>yvPx>O9CsISyX=B*oW+sQr
zA|YNV+FvQv8NuUPiCqW3Gu_Vrcod6n8?Vk>nzSZftpF9b;#!qK{E@-PCTj522YnLx
z7A`6^^t1~dLT^5~<K!zzNFFR+SeF-cgSSm#%cY#IYN9zF^0;W<nHZ+Nza3!<hk&N0
zLnlcGzkT{UekUOjELEY}K#ynA)-E<9`)(qRxxS^Nm2y@bSTP-#4Ni`9qrC|4>|O+V
zq^V1;-Si*>IGy>bI6WkU;bc)jco;?m-`*TA{tv4kxV-N;Um5n`i;_C<4N*(=`~9M4
z(~>mZy5SaBy7UOosO`6@+q15EXUv=VUwXhD-_!%5E`MI9+-AZ+^$PirvFt9&p>GEI
zz-u@vp|1*A!_o5!LSJPr<!Ct=d%l+!Iiz_3I_WXtW;Ky46ymHtGS=kd2aNf_DEzpv
z%ZhQZ*F~O94(^yf-0is#h5G7x8!Zxx93tH798q3E{^%w!2z^K{FVUZm#8(^m{)=2M
zn4(=E6P1FO+UjmDf!VvoTIc?;No^hVud%5~o6BqAnA0c4Ap3k#f=985$xVay$II1*
zPlQtevIkOmq(}7dcWPUZ^?YW~;yT3ec<vt@cD~^T#Z^N;w%C)Y@2W#yWZ_LCIh+&c
z%f4$x7@&UGV{d_MdnJvlj=8-|p?T7N=w{poIyd)Z$D4(GH6bG_9|^J;Z%?@#ZVRvC
zMz03Z9tDA}vk_NG8|m%gPjF2#-WX>Wo4$GJgkBee#A}s;bgnfjmrO$dm54FllXoC5
z`*VG%L`bE+3Q)Qncu+LBc<It)nG^*cBHep9dWQr-4RXOVtB;CwDb-bmeN*Zi{|1gm
zd|0wg-v+w)S%{m80$xCViY7<)X)rgyQN=V5U+x29Krt@h%<sY?1+f;YPykL0EL6yq
zx8akg5$siRT$tYjn7Sek)pn{<ADw#Fo-vb>v+KBO+)4I;4jH!6B%WcycDqePj$xes
zdKU@a1u|YR%!@7=r%HFM;=O@G(O5@bI=6g4a5Q!)p675hEWmL=fxxr$bVLNrE+@tM
zo}xdFJ_#gh-8?H(EXNlCAG1we@oM5sdp=uQy&S$qX2t2nXPN4Jh=s<S_{km{z`0dh
zn>-!I5Z*N0=|JX$YJ5cSvCtx+8(=SW!N7bc%qdU4x^3?^QC@S=EZu?mS<Nki63ZMY
zAuF-`IoDjVMuhi8NC?F`M^!vlYCtjrMAa{Z42!K`VQa)~Sbp8hS-p4T++I?K{HcO1
zbE_PN6QdzB!Ic!S?Q-0TlO%xdoTUXrw*nN4&f@qf7)?^l@qYSMLi)ylW2uK#GKJkw
zv)`Z7KMo~Iu25-SFHsLhOi0`~nSIEC%?5g2Nu>WXtfwidls8KfcCRBO`lbtOWfnpo
z%_|ERX|{~;xS$W+lx<AZ63b5*<Hg;=oRQm|OzN-W%e>DFRp~CS#ItspO93yECZOJI
zIqb0fJ67^;0K?sMqPKTlzF>XA$+{>rKY4cZ%bbvvPtVfOi7y6eearUjI(`OqE4K;e
za&dxQ!h!a<x|XxjPg5F~n#mv>b~v{xe8jh%Sys#Uo)wRKpKQPn?ihMVj1MNPmWyBH
zo-o(ZexOmkN>6Ze$5kW84DQ|62KbX)`C1%bby1!7$;PuJZZ0TnJ{seVPcvk}8oBYn
zR}LMdNS0MU@7{GvTU0^4rX;%TqCeSti9yA?`$2iA+tbCoJ9;4Nt_%UeJ|bHxk#fw~
z7#PQJC(k3TH!CTH`*At{nqBW9pO{DzMORauUZ$(NCAX~L@6bLB7dd2WY`86DhHZbC
zByz!eEdf3-wo)2f_p>yp;OJ`OxZkqhM&)F=Enc-p3gAVJ3T$;$W}l^-Xaf|%gN6IZ
zGpl)Jn10cv^qmLAhoe<nJ+RYw9H%$dY;Xs0iM5HCk!rnK<1#<^j-ziy#ul=>(eZM}
zQLuX3V-_-AMI}Sf{ZMNAp;q&mW6SNZSk5KXSIHLHc{FIFIT^{d81eo0HHC=l>t|4$
zmYi1y?P+rQq%4ZYzJhcAuOn{+*L$lP0|pmEkY@BhaPM;67Z%aodDC4KfM|Ui7{!4$
z^d~cWUAeJf0bzV!!z4fN2J-9f=J69Jbap3u)Yc-3#&GQQAcFPd*+Rt+zwfh$vA>6U
z-6LasT5pj<q3zN`9}f;tbyi6l;(}fG!!8(^;qrFgP*4|A+!q;J0s15u_@=1WIp6S4
zp{uDh?BaiZVIaRUaVV&>%!i6Z@=9OLq&G+j(NR&s^*^qVWlXbMG4<e1Ytg<Z(r652
znR_Iy_K+Bw$lyK1tnhN538TMVxgd^A<i5w8x(CbVLYLV2EY^1{>qVId6cnps%5xoH
zUXe!~rFV}VGKCqd_q~4PW>r2*Ym-xWH);tS266qMbkTS>Jh&q&^qijC>v$^*+jYRb
zjv8jXy24B#YHZDT*-g=5k~ScWPZE+~9*_7P9DOnYgl+$rX3EJV+V1Y2{~<0IL3<o9
zfDS*C*~ONsF}#;D9s4j*M~RH}aX41$?m#WEOMx^e5FH$LqrdQVP3x^-IPBYmzxmIr
zLUD)u50toRYv8Ie21wTEcW4V=fFmt#f!49c*yi|{rTQB;;SmsTBcYY=r#2qKm*LJo
zd8ZZKPIQZWE2VYn;X$lE`B-r+szRjZ9(k%q<Btsdn9MKAd%Xa7kR}=y+3~Fse;9{u
z1GC`I)@uT7vcTkBUvImyGqi#PL!vpG={h-WNlfxp+#SX89hPJ*P7-81j>~dYrggZH
z^als=>kKQsy`K(FT|<7Nld*qT@*Vu9-R}yS4X2-aPkrW;xK5obnc`3rW)*J7rZps$
z;~P5?@VsqcADyxJY2pTI1aq~K{o$0^eS)8SIl{ade{!^`Vj32|#aWy1#lGp{edV`>
z7{taFV;yEYV`opH*U^D;Wg{axWr8d4ERxqQ5h~-vQngt4hP|^K_AZjn=0N+PB>+|S
z>NDjcx(f8$<<sU4I*D8ISHt0JP9NF;E&*e27ehOMVkH{tVu)RBzLC=4O>IpDGfX!M
z_mbAtWYN@CHqLI8b?umP-+a&EHqLf2oVw*9`iq`T*gQmfDQic0HkqJ5<}mB8SjpFz
zTkMi;%+87+Vv^MDd5)e?r#^Q@r5k)f=jsOfSy)~VRqg%I8JZEEHx7ll$(Y8RftXb-
z`;Ck=K`pA{e9Tx2dk240v)wt?mU<U3c(y5n3Iy5^W)2z^p;kHOw?_h)0Kk4?f3*M+
z`zMnIHKT>Lo96`4a_&@gd8N=zmR7VJh8;We=S0u!VM<EDx?NA1=$w9j7^W5C88Jv<
zny>an3OGj)ss?sO*b@OZqs)SXxOWnWG99DOv>9uf{&jlT>_s2TUrGkEzn2ot117m%
zcLu15t#Qt8-BB<_9rRwgYh}pr@prX@bNSzJ`VTMtqPs5zP+6BkZi7i#-*$!y&+cuc
z_iXt35y)Kk)?4p+UpQ{cgMVs155x1>g_|2NzX|?M+?-K6&k6j+W=w(w{y&ME|0#R#
zzo?FZPR74e_v+PkKc}%^cyCq;85n}&&!CnCSbgG9*KwUrt?(=*aEx_h1F#iXzP^kx
z<|*fwr#%k2av$=-;vbm53;cQ3ttL_mO$IJOL{s6I13+}D^*WrK(!RB-Sp3xOcaXXW
zO>=^6lyX>Bl1o@GRIjX7E2E}X4MAtcJx^KGEi!1e0{9*cOFI_@y`rN#!?Jej(#?cY
zw;VtrKU)QawVZg@QUj<_-{*sZmk*|+0EdUQiM#kL%CTZkQGS!7OnxrXcuE#dZG6X9
z#7Q-|uL{X!L(md1#`<Q^b;fb^cqxe(r3A2U42c<EWmyBORoLcb`}m%!I!ZMwok?1T
zx)5X6{XU@L8iBIRXy!AwP0gJhbG$3QTcg~_hHF{MVY*BKfMZn%W~8$@GuX6fJL-FV
zzl7al8+#97lz_9C7s1ne1BrkE+J0r0usmrr%Hguf53!t#L{CGpeHfE8k^Z>Sig9q%
zaSi(xT0`q3R=d~yNlL)koQwCbTIq`g>pHjY(nI?c4??*o<eS1X+??56b*2U(34V&F
zh=_&YD6u30&1fawO;3Qd4SDJfDLYNP7s4jw4@?)st2#q#QBM+`^pRMw&7CWPIu{=n
zL*Ct0)i42p(04j(H3?8zCpyc}p~|qKJ?-7#ef&k5@>QmF1hj>)V^tBx`z|CZGi<yz
zSKt)Vd?&^o&M3Cs1YBs;(u#Dh8m_v=Idr(L?UD7zPORd_f@b>MWWn`H(RVJcVc19V
z+TN$Os3SuZUH5jx1CfFl+>7GFb40*=`h3i|NoM<;2abysxYqN*R`VK|%`@4-ihMIH
z;2Y}c%!B;(cIiap8H~uQ*iFI$TC#3e>M%m)=57hCk1Eqm;IEme^p?s7e<+c}th}0m
zXE*v5HG>tZ(lXqB3oFX&NJ+5dwWvFmF}gyFB~{9NQ5!UZ5{{|C^PC5OjuWo1`M{zJ
zc>-;PVt0R(M<j3qIqnVqdrsufq?2txfPs0#{*lc5pXS8xTxlC)TT3&bqZ5<EN3-#`
zaa(^D)PQroK;XoZ5HmEi1I<XYRaO^AkQOxaRVvy>M`WCa^0$)jS#!G;5^S51b!n%@
z1VdppMcr!brnHnJQWo{c^gOLh&H1Z5D@zUZ#HoarR{r@}bS<v7blirCfsC9;)|0il
zG;XQae2Q&k-Sb@bQb+@Jk#O)t5h9j1dtP|l6Fcx`n#xWm+0pKIB>Z9PJjK~H2*wR6
z?ZFKsF@8c3@Ny#oPW}Wf3bOrdiPy^9-8rW_gGTMM{<(Zc7xa;nOB*1hf_;On_Np^I
z|4pw13y(8X59itb%T4llqjc6Y#qX`W?r(>$Op|Z8JC$`VV%9<vdFGGNhjmxP>XMbe
zyRYufVg?!<49x!*J^6oUbpKoTIRc%WEN#sle=jTjI=YTKJZRpVhA}(N^!}ups&VP8
z*lZMQ=i8K&s}KYqhb3c8hblJ{{p0|CNQ2qyZKzdqjP)&@uPysoK8%nKx1r4!xb35R
z-Z&|2a{31kPA*BfKToe$#|-b@9)}B5H~XQZnw5Qv`LMNQaL6W%crXKRc3b88Ed5Bg
z!yv@Lv7nE!v_Qu$I@`NPBDvNtqp|l+_DLzSxL7sIT#-I~*n&7&K*s`0v$(?59Hu-~
zAD5z%o1>@_9MkjAxqurJG@yHL(^y5P`2-;B*(lZP!2471>Fv3XEk>E(#Fr3AU|Q|?
zq?M&Bu9CLfjs3H2{aA(j8^1Z+E@Px}R$$60dNaZ{ys=YaGpDy%XDFARHKAfYN;COp
z+;zrRW?S0|+bHx`#HZSaGvHxFT6&6t$LEP1rrWMTJIlx;q%cK1f&n-Qc1LFSfZ5}s
zX)^QbF64vlFEfQ8kbi#`EDhgXad6VolU3O|O5&K`)K+P)oWZpKqq@`?y(zunM4{kF
zdq+|$ON5?B^OFc=QYX9W<G>Vlhv>y|9_4$_t0jeRE_W~?2;C=nAF)&78J6(<IFADq
zaS$I#zSp*n<0eUxst}fIQOJgifxi&U7seWVw6?FQdbPsFZ;riO|1^n9t7(YNFIPoh
zZSHt4+&jbgy$7#)aZq;oD*+EB(vEk~nmPiI*ZUa+d?Nb1Wq$`I)gMfKe)I0VBwA6I
z;P8$OnB1}i=>fo8_}%D{V_#O!QV144W18Wl1LX2DWZ+LDmhN|B)6tNN4O?;nTkh-L
z`bne>bWX$PCjIc2hkI_U4|E?_pqkw#K*55+ug7yFU5?0udS>!e#AKu|$0aD~GT~m_
zpGojYRiIEBr@#SyS;|X_iZxZ^0hPIGac^`~QxYCrJK+!}D+1Um%jGaf;=l+%URSp?
z>L&-NG1nb5wEM@JBh^05uKOLsw+X!Ki6yOx^=G?z#Grxuax6~k>;7S8LwyqfKC^$m
zXuGB3wA)FWw&w2AW9N&rL+`{EV;Qn_?IpV{n(KSC$qs#vk^W=V4UCEY-nz}oeLTWX
zAGMKBcJAg<fr>B}&2~JA^N4bty7du-ne`0QI|vaK;loX4w?B634C^<kc7q3pn|N*7
zv@W?ey_`!9tgLZL%{C+3)@(Yi7Z^B4KI$OICG&>!MF&cl%@JW4>aXbYM}U5@6;;|M
zpx%vZmAqwqcQ{jrJ)o!xO#2m9BlqMOj<Zmyf4d!!?^Sjfk<eq-%~cNFy&-VqC`K`@
z<YB{S&XBy*RFxY*-|6Dgx-&s@3c-#}lJ+Sj$IX(=qq4j!AN12NbGo7``|OtTqY>RD
zQ-TP0Z}{dLF~BIwYE$F06Q<{`E%5<<d0@tMNn@gVnKogsH45FWk+oB>|Hur{vRUnC
zr&AfdGPhl_GT?^OmHvzee6Ruu`C(7kOfy3?_g4`=dSMz(N;xTfd#6XEHH?60S&DCH
zU2&4nfz4jw(U53Agto9Q0i=sv(aG!WG!9~NmGehp$fMVEvP+QS-y&n~B4U5uo{N?&
zRmE_8QFI8V#JKfNlb9(b2q22px~vmG5rKI7)a9lui9)q6A1Bkh?G$+KjQhlZmyYs1
z@MLstTz+Jvy^jVopf?@&UeY+MAsu_D0dK<KLmX2W@rRAk#Hd)N7M#dMpFjw&3?N6k
z=)3lv?H1RiT*{t+NIFE5bu+&EFElxsAm;J+Ng5Q(JQ4~%G+?v{gK=@^fkS~dS~b+d
zr7-$XR?|>HITN&`-%YLrm!p|pH4bPLMwIo_mdZLOW7mt)ONAF(>FLi(Cr!$wO4<y9
z@gn&ilHGRdQXG5?v0M)CiLxUQsP;r&`8s5EC7rN@CDvvO``H=iBxT-+iv0~n5^;9~
z9>3NHbJB#m9jNXT7E`Jf-JL$0KFRs;F=a6=z_sKVH=Q06Dm(wq+7mCMq{QB`+gb(8
z#%`3cP|$<44J1?`U(SXxyK{#}+(OB6O(8Ks9v}(Da>EY~c^>8fV=0-yNO>$06z>vn
z(y$@@F|GhJh>?=wl6McB>LcEHYj0M9i`~}G;G>6a#(b^eEU#-rhWi%JUivLGxChrU
zDPZ@Ma|WwHk(pj#wDQ_DF$AeFf-qQGlw-o@@rK5}ku{YV_9#1zXJrDO3_G?Sg%u%^
zMVAcV+3S%-^yEMF4Ns+9QYiY+5Je&bcgCnYQNBZiqR|k<@%@#H0?ORKl)n)e$%5y4
zGO4`d3RvH9(W0ikP+1w!5R;;AH*5r`?*o-9rBDOF0-8qpDaF=6UMJee^9#6FEjaGs
zvFwWqu={#;w7B+V**F(6brw(b#JnMf?*;4nJd3Q)7bOUS9MZ~S!}tihV!uIfvAO0H
z1)v}U4U6WMQxy_UQM#VUFK~LKfm1f^>Dga{OoEuYJN5ax)72BN-s#uu&LkzQNtZq0
zWUJZx<NmN_vJy%R?9gSoN%Sj7L!Iwkf&R>?**Kv7N|!MO6MIc2R7Cd{i<ozgXLr1~
zfl5BWpD_GL@Q`iYFu+TAjsb2TBR&=MK#XwkQwA-y>=$1pgX%+thofS3-d;i|f4n0K
zlPk)zZ;TXppK^d=dsKD^KvVtam)TW82|h%@I!O=5ilM!yh#V9GN3}|RTI&WIH2yCI
z6kmj4d?7UaArkmRf7E}`+_yqTh-Eo0hvJ*UWRUKEi9A!PVo*y6_?Y!l?e8qt;q;A+
zK!~L;(LrmNlmAXeRET|3T&$AU+V&>?#VJR}f&anAgHJ;g{yChDuzX4Ex$>K4v0H2f
zvQ|863d`HedR091_(6Rs?&~_+!=c&A(}LFRsO;AAm&(D-H`w1B5~80GXPUoE7$fHY
z*M{VGc@;+|cWdB(ZAVV^*KKzJSRI>%EP76rB}=ip6cYf(mQxfRqXI^kl~bUwY~6Sy
zgB2}pq$l^6%zlF(5T3J*DX>TMKen^Pq~pnWBTcC@!Oe`WqWSm)i6=>Ek7p;(6OGTY
zY6GT@3eGc;pZEzL*h!|J3*L6$Ri>A|9%j89tMa71CpLtgn@r@A$)L~=<~kPMrD;w~
z;Cu-eU&NrKXpWphqh2ibkvAncmRO{^smGB?1WmL6u=~tTFgEk`@f}xGblFb@YDfUO
zut?=CfP*>`)!K(}7aOmnfQfJ(0sR3QN=&9R5w!N!W9Aw54k9Ft()nd8Cy8aREd{DL
zzoK#6TgMhI)0}LCXK<7c#0<Di=4V2)O!lEISA&-FiMiI?{bjWlN}*Od^0tQ=j5{tH
zBzQi4TIQ>$eZZT@uV>#0q0Lq)Ww4QXn(^BFWG*Mu76TcpfQ!{!HqvSW<o1V_GFG+x
z`RwKioY5$BOE*Ei*M847N|idpn&ID)areCGo1;VoleqL(0$`lZz-S1(M#t4u*#wRU
zG6x}pOh;zYW3*j;A&%XeJsD?!OFs<SG~y<-QMIJ~GN!@wkbn99DBW(9I|I^B5t7v~
zNQ{m;sJ;&M6)(V?*>zbuG=e8!WRDzh|CqGE>ZUL%R)Xkr{a_ZLnWMzs%5-C-qb=2V
zq*9J4@s1LVl537ARdIL)Ie&uHUJ5EmdiPVFGdyGL$M}`GyWUOMwu$Xh*sVOgK`r+7
zS96cRbY(3<^Pxcn-xrpLAF3hN?)HkW2XY%fJ0UAJE0R<Zeo^}r6em*XY0`x$aLG~P
z+_yQRY4chT?=g<!V6=-X&pc%+k4pJSe2{-t$%zZh`q?qC&8QF(C2;(u8xBG6m{Mq)
zf@FR9i>ObakMP^j$E42|b9^odN{NXFjQCuR1l>bmw6b_cSP4=lv5&qjY!1QxPg<Vx
zMuBK9ixb*`XP3B7Xn`L`K!G{A1@3kdNkcrhj1c?wa!s!Hl;M75y(g)X1RJQFoIy-h
z+fIaYHITz_m#w;1RNB<E1_A-#z0xgQDzGU(e5oa*NnUO-5qfE_HaV^}3fB>%Dscvo
zMc7J+;`{}@-xi5G-wN-xUwj1H-Zq0by`L^#HzQPPrq1MK{0qco5=P4uCMmnv;sfax
zXZh(34w3p1ckVdKA5Z(LI!qGLhL9hgW8<e?adNMtMR+czkDg7!C!Y9;th*lZgWSjS
zIa3~Ly+2D-YEC7H?y8lQzjwa>JWrvW?OQ>xg{2{Mcvc|D=eSOvB)0JA+%6D^y6G1V
z$15G~H8hwG4cyZl$%B$U&1_WOylQ^H(t#u6z0=LBzbWY>>~Yed(C1<u&B$T-P{t^M
z1V5a#$5g`A?q3ssCENui?ORMCZrnDctatGNh$9RGKSJiMQ$vadoeVp~x6i4)kZvJC
zvIfPLW8V`|meQD>&ZcR~Ez2^-v4a;M6ImA#4{YjF17<+Qz3+#Azzo&rR1nt&<+=wQ
zC<Tx!Z;5_OVPy#=-aM!sq!kO8;MJ;(kX9dbATbqEwgjhvyDv%=iY#x@=sn>{KT*5P
zp+~R{1$PJF@3hkGX-bS2m+c<ZgVZG_N;kZxnK3jR?wD|*KQ(PyMUg!A^B8PNF)S*8
zAV5(B-C-B!(G1cP-jcNuwL^+*%cO&_pcUhd?B1tSowO2kRJ#k%J61k?Y^K3k&9ivE
z@YdttG3mm<-VCHWBc#PT`gGZB6Kf>q_aR~v-xw!K-}h_R6h-rO(SJO!0W$^3hsC6U
zR7aZ7?eHPzU_IfL)9tRm9Ce}Om5yvFsn`#?;tVRt9CGPj=<}S}-XU9~6wS!kWr9^_
zZ-Nlo9emhj12u#06BT(DZ9uV5O|X+K*pi7Lzc|Q~tqW1IcF_cR%haoNaxGy=bOTCP
zL@ySedqGiS=VP>rfd_3PR>N;=ID^DtDj~w8DUt-dsH5^flNh9jtxxUb{fsoT#cDZ6
zz;bfM(w0KONGJgQpMtwyAg656$AY(XIFD5L5~OvS7UJcFfB72=F7~*JsiJ3XGS@L}
z@C!3k*%hCYvmc4N9`W+JK&W_^2nbi`OoNfm@9#w7wqR-Qm+@cu^1C0a?a#;Bn{YV&
zHZQE$&qBRTa8ZZFDPj>ZDyDdv-+e+NDYjWq1K+>AwJITTBr1%+G1<(s_!@V5N9O{|
zwy?ZMG~Zx39dZ<d`qgoL8NZxJG?q*3Q*WV%*^MZl%ck&<ox`yWcA#5tRIBVI#~#Zn
z$lS9H;Q>VWen&{Ip_aW<%w*Bh=N4wi)I#*<BHSCvPwYFAJ=*rAMd=ZaufQ)LL2HBe
zbR<8Dr4$n{v7);QQ8ORLl@8Uj6%f?tb?}Iz_3MRlzG%3&r)rw_K2srFtiO)Mg0^+W
z9VB6#l0(<ozwJqVU%~z$KJDn5)2_3$tla*vMbIWo$j6667=gEKk;gT+6d7%N1bAN}
zMK`b9+wTUj|1@PxV7gGdsh|E?2U1nPK_%=tK1i5w9^+{FUD!(RybVeO5wl*x?A-kA
zFp)9L8q0XPkX)T7n4F4f6SYua=((r{;kBnOFT4*wNNi=@@JxO_cXM0mth=9Ps|mhs
zV#b6(e}uxhzNs&ci9I*(QcE;p#V4U%lD)^Q_<Oq!gGVJ6R=XmV{fevwoaL_MVJ*EY
zo>LF)9a?nB8S&Eq?YYSL%y3+wo+3%Z_7E2lw|7&lD!(@$+Vv8R>Yn|`UH$2UN?Xsc
z2S@5495?ST`_H#lCR$n8cbx!fFPY*w0c84lK5H)_E1oNV<XNaA4XeXEd2>U2%M^SO
zX0rD*l!exlYFX4NC);36dmVbhHRPgUMIm1E>TF$MZ91aOY7Ah#ELXOPZynqs-#lNQ
z=C*JXdR-7b#uG@u!y}jb)e&Ej{PQMPOnR;{o%j~VnuTdhFV$T+bF*~l$qwKR?PELL
zI7)hHZ|20n@b$oQ(PCzV$Ld(4gZEW58)_w4tqqDWMY7;W?6Q-FL;-AD#qE*9fHvv7
z@FI^nv(N3o+{=VHVav-yK?C7M7dB<aP_AtAnS(pzrWqKUG!0ZK2`wZBVv(AN{9+F(
zX-kk<n01DB@RBE-j~N@kFUgpZzWG%FK68Llgyc_T3VO7QLa)9Tc-}y~Vy^h}3c$}v
zLl@deEb$OIHIjo|uEFwbO6ud38&8#KT7I5<$tS6(v5Ykr%^_E(tR6yz*3?4%asQ3^
zy(iepX^db-b24uE7qxE~aDYHy#I4!%luI~gz$El;J=kN1(NU!~&WMtfz|3NFf>ez`
zU_qRdRkV?Spq6;x#3UA=*-;c0$ZSh2uF4UWuxj*VaTjxZ>A-V6JZ!sg2>_~9p!nzx
zAihFX>-)r3Xi|ExUvFgWjuZ;6-hG=x&uv&Q8kf61cJaU)d$4nLM)BD#Ff%bh7d3x&
zmVHuK_(>mN@<}LW)Fygl+c}<*u$j{82hp!%jLUT`-6k5-0idTm8U(Q)kvFGSkq1{5
zoIYx63pRmbH;f48>`2E5uoF&<%o6z)R-oPy{5gPpYo1VBoX`jaZU&SJ*3g4A3D7TG
z5rP(RZ-*kf=GT$7-<RKiUs6%~sX^3kBgRTKk6@_U7uI0xd&{~r0XHU@4^=j2Ha@v0
zbkLy*mruN<l5bO_3EzL2735{5#PL5=G&#8(_aw^K#hSPnE7b%0a31KSX6+x&IpuqY
z#%|YKjKFkP;y-=8=+_zpvGzsg?HO9CGulxSdg!YC*ytI}sj3*^w!|+iDccWu5!`k1
zq-+0I+r}7(wqI?(LreM0I(MyJ^RT$X^DL=Bd(I1SLwi@yE!mM?xYVNJ%oEO>W_dpX
zbX%h0<XeNwT6Yx_Vzi6S7t6^F`J*lgK6Wl*lzV=aBa&^JZ?xE^abxgn-B{xF4bS#8
zc;=h>SlMlM7jOq{G@L1#epY<uC=oYpY}POdDJ$_*e{@!Sf+!Ss-7BY+#g>>(Y#r$_
zWp||)tM>VX;>NcTjVzU^uQmq@I{e4-kwMa&X*1h0)u3Z5!CmOqpu>EPd}MGHuLA=o
z`|6&Xanf#o956_dZg4b67gI6um*GoL`NN^jqh{_@YM-lm)c)!t_lok!biJ*NfOdm(
zIxAnT?4@<310SW*lVWxkmEF!gduoh(0g>S-J;BXFGHyQYo6Tatx1`OB7IEXChgPSL
zIkw3-5TI#-q!lTY2Ye`ZpGU`huby@8KIN%Cl4>@tA!N25XxIj0JVRoNPH(D>7`A2>
z19@ZgsPFlxkeU@G<S~<dt~u_>34$wSn@7F-(14}_ZJo9zYUUEb7t5!TkP;R7gK%H;
zq9i(6p6W@BH+Ff;3*r4;=kL@$^oU~#_mLGv_S!NNn|-4_U+@da4CuKh4WAtn4$*S!
z?xW@Mrqs`~=jL+4eeGgc1xHkZq;x#f^r69TbR)~UEY{Y`+o%-Pt-m3>Ou+jLy{*v1
zUq&!lC#c3_kWJI5P@670=|?YHQsiCDry=u${kWV|N$T(iqQS>B&XtZnFk+Yp$Xsse
zn4XVJSfi1?0(QSIx>D?L$vSDKmIIp7NxG{w;)p(RwXrkE_%t9DAO%t4!R1cxjfe!8
znar+8%-$!GV_du=l%7m-BN@fbZZsL8-%tW}$XQx+l#iW>dh{TM-#@ALNBPl0=T&Ve
zZ=X8fX<*96?|s?JD;C*M-EV%q;$4%=MAl*v$k0AEz&^PV)_f-ZZ6FSjb<H0mgMn%J
z{l5%E%wGngyttY$qqKqq^Z)hy|8iZI$IILHlAs3OaR>G{u-0j-(<opiczpc{2K5dF
z4GEM*)A6Mmle(frsv(}xE$F=69qt@O^HT|8KoKEe&%YxML8(Q<bTK+>*Y!mj<!O8Z
zVGhA$XEvAakY%G0c^JGIU0E`+M`Tah;SgMxx)xgQ`LiH#!dYvIA7gV)g#Sq&GGUg`
z2+&%bZk>~~$pg-V2EI2#MF%45y+r;?fk$|DonK2`@T;*9(A0`~rkV6dait{Ol$CPf
zhNx)3oy6!gYO9g#AkvYSQ)(!3&w?9QW-Wit6jcp7WAWfw2&|1btaVYP%7<K6?s=6V
zHiqQ0Z^{AQ8GT8j`K<&JB5O5)qyyn~Yoz0;BizOrZrrIs&xpq%XLfAXG?hC#Qad+O
ztDJZ`^(6T-Hw`-EA~O5NgGp&o#hg_bt)_3UR8NM#M}YgMVzJ<_m;ngt_XvPPV1WI5
z&DCGS@E7@`0_#7u{#ji0PZjxJmui31SN%t+)jv@Fh*<oU*XDP?=TDjaRkZc5R5^cW
z{!uCR&zAqqd-LZ#>n}INKN({F&Vuvz_y1G#pGemK0qO6oIRB3Hn-}L#Dfkaae`U$}
z|Haw(4>*5i&G~nn-@G}03Kq-%?xR0hbp9RX?{6jdA5i|vs`KwSe}9^Qf5G{0mYsh`
z`OUNQr?mVBl>f!L^Y37Pf26zr0QM&f&wr!*@e%(u#{Zj#=TBk$@HbYTKfd8V6#p6s
z{hb2vr<`d03V!}iLcl+@{u=-L`<!{x{d>stpPGMl)csvkK>wF>?k~~8e`@}91^?~H
t`%@-?e|78qQ}3_q&hPd8Pq}dXm(^ZL78>SvGqhj7tY6EOgY)mZ{{x-)zm)(0

literal 0
HcmV?d00001

diff --git a/documentation/ESAPI-security-bulletin4.pdf b/documentation/ESAPI-security-bulletin4.pdf
new file mode 100644
index 0000000000000000000000000000000000000000..12ab1dc41f9cca9b21ed495f99698991178fad1c
GIT binary patch
literal 113175
zcma&NV~{ReyI@<ZY}>YN+qP}nwryLh>{?~MW!tu0weH?0y8GOS??iO}${92B-xHBB
zM&_7gilX9lO!TbKWJ9GxJwt6n1<=fdjD!xx*3i7X46<hS7Os|rEdT5%Gl*N+x|%sN
zh}#;unu(g3IGCF8^FzD1I-42UL3`#NV@t(6bv*C%70(1+NGjyOi3!yOb;>Oy4kfBE
zqhLOOF=xDgdgY+&v{i#UPtLUfnhHwW9h%--A`Aq6To~Ul=x`TcBMkh%-YyB?|E^S=
z+yMjx>J116NGzEjEx3KZ5AVh*_%waqKF%Xj8c$0EusFL@oJI@wO$Xm2LnIXz*7J{w
z7ROS0GN;2LG`z<Y>`&zT5&V4x{$5{pCycF*z0&Xk86qI<oJcL!4W!kUG1WQj`wrLe
zM5H`NZ!!@}v*(uFR5ISjwx~`)a{?n$xoaPqp)qje;PqVDGJvrVxeYV>kkK<j%Let%
zlOeiK5t53`#bI5n9GIfjpcnK7d@{a0*8KT+Ea0Eox4eID4|%?KNgwEg4><3bR!$fo
zhD8B`2&8qBLB-W-!oQE;jeR1&ucLsjctj$Y0(BHB#}`}rnl0s@TEw=AZAY&{2Bvet
z|2^>FyrY}=R{|Z#+2lkg#&>%jIftB-Gx$4~`9K{};srcifZnm$LmTc`U>`jl3^e>!
zROJgw64aCHfE1yD!cQ^?v$c_cbD{FszaygL?=iaPfD^Y6A$efW5!S=PT0gakk<1Pq
zIL`xk`s)*xX#<%90=&ViYc64apFe$SKyWM7!EYHv-k)$zF-tdc(q+sD9eOtK-#57o
z`5h>#4$xY`$Om#hVB|+Uq(`R+!}yMN9&ay5!V90m<KUG}<B`BqCBHfp&RNhMvEur-
zmul%tkUGNL-SFZ1w^8qnz%%9{x7s@ZmZ0|9TV||45u7E`rvE<quHEm&3T#oK|IY=e
z9iG1idfXCYD<z(h69LlO!3pNq#N-|`_CSQ-49gI}5^VQFS)zZYM7PPxYA<_fzca<N
zTk<8)es3H+q&<orWeVmsr1Uhv&3lHJ_}9c$E<OZugQ;^zX3E--h?AV)%yJS+51YJH
z?(DJcGS<epf@zbt9DctVE~$5APcC52@sJR0rmB`$FuWJfTgW{c>E_Jv78x~VkO}l4
z&T00jLeUY5)$DwbB8tFeCt5IjdXMNVIby^!)?=10p?*r#$!)4sv>!`*S1U?9gw4<e
zP8dS=!L@mRYBLJNBEGt99{{+SPh$7zR)MwieYY0h7+Ib5Sz})WUrRo|A<1dO8sXlc
zqz0drscH4eRZx$!i$TWdSuZKe;w&UnbZ#XrXOVC=*%VcZ7rGd~0P$d=Ua@B<QdWXM
zeqyjC@z0~OyjlCxg3xoRrh=let*A`HE>ptGI^!U3YCF8-5T`~%Yp}NuygzBlX9^dp
zdpS{G0lWy%amj^9MsWdO^Ts<!DO*C`28mpCs<ITlhghG8q)=`rolM=OwDDq>&5C=2
z2`gH?0)5Aq0e4qvN<l?m7MmQA<{IK{NZlfQY2+l4-%hHL52L5QqSMdn7^_LEMn!E}
zo#}?=Mj%e}GnyxHiny?um!k=)@;26@fXq>uSKCP(SYn?rLy57D6*{uS-Wm~l#D{du
zw`N>>nX+F<BsOH&0y@6-X$2b76ByARvfLu`n?-sNZjXn-G>x5Q>TtO>CqffYIWwq-
zM%cHB+MAVyPB-1r3nh(8w_r%L+jh~AndK}L#p1#uQk-l@5WjEo?yngn{X&nHMNW&9
zrl9#&YRR{j4A4f`(Dj0zj6ZGbUU-NuRWH|f#%PFsZ@dvO2KO$+@h(``Tet2#=xd6|
zKSd!klF4`35ak9>vr=dCNK%Dj>nz1pidTEiZ6(Zmoa#ou$y$#`(}&5Cj6u!>e21H)
zTgx4~x_G33^_nYKH?<kYvpACKrqtNRe~SC<-TY3)mtpENUsg@j@D~~BpiWetxp-KB
zCNA5r$!$x2+nRAo(EaHCUOo|Yn_saehClAF4-SOmSyWm9Aq!w0T9%CN@8z&a(=8dG
z##?3vM{=|T6FAYJK!={<p~`~MWUz%&UdmgRqL=Sw@1(=fRrK{ag3h$Ej>SW+x@@>p
z#=K8RIje(VUR3Hhq*&K-)SpkKFRmy0i>^}|c~OQ;1x@c=9D{naujPcCG2}knAVbm4
zsEL7ziNX)y*qJ;mCGur?t;Z!`o!L4fEoj|*ua(@`tlvPPL&f(Yo_0|?dASJenFPYf
zEQ4RG=V2N?=)p&uTuzs6cf~jCj-*PXX3Z@>D>1L~>oZz<Vwnd~iO<$oVseK-i#h4Z
zRC2uE$}TI%tCWlJn$0au&sUzpE)X$=3ig{Cwh}f(kvdxbBL*YJew6t{FXlEX&B9u%
zklI${ta=$EVsLvhM;aOT`_)NoN+%e3gk|nsS-%<X`8Hgd$%CGXFrw!hbBcNRsh^_m
zs`mxA@Q9J?+!DzP0>(0_;l<1~6ADH;EZcKk)XGxif!Mz%3x+i*eIcq*a*OqqNUw>>
zjH=q{`6Wwc*%*V%C_@>REI2D;vO!Z(m-9k=Y-O4@+c4c0fJH=|;O#M!$O8$vJjQEn
zaV2(hXk3tuQK1M-QR4NRy2S{sK=N6X&z{8ualpXZ@3Tx%S#-CX`?>S-Jho<x-?#P-
zF(d3O10=VYSU%npF-sC??6_)PPq=q@z?XX%LS4bGk;+X;T{G9s4tLlH30(2?=&^au
zo;rp-!sOXfF5EXs?ZFDQPOXvAyH<HT&AUZFMvLkr{VN>H$H2z4)tjf}#=6c!ji)<R
zchL3xwzaemp;hWx^tc6pR?u(uH7IAl#BqdM=0CXWhEjBDeil>C9=qz?JRpbC-<ZX<
z7=|Ywy;<77LMzAeThG-@X;X|@r=eQDRaMrXzpq|7R|f-}B0$KBccS%{U9@U;b=H^X
z)4qd{MVsFCXa(eUvvj&4k8LxT9I%-anfzRTZ58UhL1=|QKJlvki|$?L!E%4u{j;6f
zDzj9%yd|gXLomoLW*HTA*_#(zbdo47vl<UaZME^MsHW=+jqdbb`)7M<x8y5J1LS=u
zCitB1-Jv1-Xx6S-@sQP2HU<G7u;V_G&}ZD_6hQZBe{!q*GF%gMbqxT1##?u2;0EXe
z?>n&h!jm&Tr=|B<EplftZwh^@Nd|Q?$QZbyEjA@>B+ggEs2Bh7+E&*g^J0t1)eIp#
z!DV0$%E$Yit)K(@^_ThAYKv*9r}RdHb@PBu4P$VtPT+tSky^Rcyjdlg1TB{GrY!vD
zHzm?w|8S*x!tW2IM8bgl7i}Y!$0_PxJIh*Dqhx$iQMc!G<qg>uF%#EMN7OGR3G2Xy
z%w3n}K!A>X5QYsyMB!b9bOiQ%?S;41_=7yL$#y4%fPMFnw1i&URaiS7?Zi!Lm3!LO
z_69F`m95+-{u5_dqvsHoZ09QVh0BY%ZDa8EnH`J*po{r^N4PU>li`@SKikpc;XfI~
z1DD*3XZO0k^^$t@UWEm;@KFtq;dRS!OM5$15w_Xg^0o51-sPfTH-qHQOKu(BvYlQ^
zL-jrtX)ngxdm01xNBF)w?G_FzVn>*U*mvx^S8^*$o}IM%T777LM6=s2w$+d_`TQc<
zf}k8c$R2H3lup4%Adt+MRL-)`^?z2}^-WNofo-R(hKd8_*GmIvl=#Rg?1^|Igd0_^
zQb`XP$`4QoklW`Qsf%$j%9h_>!pnacpsp49rDjcKEjKKAuB{3@qung@?s5H>iYUn~
z*+Y)aKjPwiEk%gd`QBI{I8>-72zKsH?agO^e(297y;$Z4aQhAt9L~?^B|Tp`oRXNW
z(xqJCt9yHoy;*CD?`gZwtf2V9BIqCC*Nra5ch=OZ#t{I6y97Tl+%;<9&}R0g{|k-(
zS^Z1X(Emd8zYAtg7Uq9%|JNqlf3P<D{{w6H>PR`zbRzxv)HuTxgkRMM5(=c7_~o24
zEC?Txo16tCL@wx@)kn}&E$Oe@rQ`2_h}lNw#-Vkofm5dce7>6TH&^v7tA%U2hU@#a
zBBSr?=IQqByk_1ze=vXt=XNkafKH|3kbvQ~fMF*r!h)@Lree0Q!2hq2!bTo{z|Vd0
zNlhoE2VX=VK+RyOdMCA_{q{b(Gk++8<HM)#=lL;#Az?OyAQU>TMxn-A&(qCiAzR(!
z=7QmaguWu9Avga}*t<91Z%wsVPwykLzFxy;9@}HS3E}Fl-9TT}@KB@kp+caia#1S+
z(3fle_u~DzPd;EqmAXhd=h+QAxhl8S8+t3})2*vAYRx0)tr<_*A?wYh@COOMP~x2m
zWu(fkC&6InP><GBD_vvXV*>(8QzgH2Gb@#BD_Xe`11DeW5W1mqF@Bus)+?#O)p)Q=
zuyTTQq8x!d6eCh2DOgg;JF{ISUA;w?!(sdqsw6woeBtoWSHe`7k__5(btPQYOym*u
zhkcT2kOvuKUZ4FCCJP{0L9Rs>oX0p4BUXK$rd5AR=1fiQ#GY05h%3O6#MZTq?gK?5
zr^RK9EI&?;1~mXrM|K`}E<=O*xIgPBN8;dModeih91Y*4+>DemqcO#r`zYP*nek!$
zSaAm_P@r^J_+780Z%6yMY8&RRZX2p@p+}0|winV+mTuFtO@Gg9=K=F~W}^`knd`GW
zkltbkm_qAPO0kw47&PfLhZDBCv<c5JoYrL1dgiY}^ZIHNK#0_4Jurry-=jPGio@XU
zs5{U`I|)vW^zh^|dIjoaD1q_Pr1FFO5~bm<xz1x0rV~#R0*_S^bj$&GdD<OcmDCFL
z92_p04~VnoATes!7v7q!T+K_ogI45uds+pe&LWtj1gZ)xvXajAV)2Ov&lDRznlPf(
z?SYYAV89AK7;t<^3{A9kE>q^Oi%3$U3*;>=e-fG+XOKv-hY4`KNES;ZklaQNHO2?L
z5x6e2yL+MUUXzW_psM%fP}w>u5ZZJ2T#aI(h-t3*ssXS1SdtKzL;bc<4^u=(q7rtf
z0gN$VeHd1;EW5H9bNzNqearO(%LY?S-0W*?|D9=U_EoH9ojT#Rj3x0KB2UI+i@gv>
z0AJH=XF-)5ZhwrID}roHxa9)Q6=k!;udC9R(VWCKk4`_epf@jnJ)KzZrF%w8vzng0
zF%K(9R{L~}pad_;;9i_G<V<22@xz0{JfM{Eyzy;XE}~r--z#kQ?y|L4K^+Z_k}X-b
z0s9M8=A9!<Q-CoFqI`^fBWSf_92RwyYlQa8L3&5rj8ojmd@=%;mhbQQ!L))a8;k~i
z$*qQVr8DGLVp}%g=H@LG3#=7kRiy1S>gwlUS{S)TZVcN<)+zEMFgfz|V=z(`nXROO
zO)E>FS{t1`Xv0*N8nU{z_i2eW5}eGO5-Ap-GHYiVPpwAYkGOir1oV#IJnf;v{)*uE
zIeV1Gc1FKfoO0&Pr@$xrlR8LVLALtQUIIykhujT_dF@AeBcSUM6l>*RmA{1MAW?MG
zz}mSt3B<g>PpP#w=FNqR3S+3Ke#smohm#f<-%1U58>VGm`M3|{#`fBAZu{4_IOwgs
z;1$jYe!3#5z@(!vi8v?DWnzQMRZFTR9`Prd@DuQ2h4w*i{0el*(q{8V6wl13uHth3
zE<%n#&;m-`-YHtO*?rZL{sQ6&)6K~OmTfNEkQ|-{Q|372xBGMW=MwkJWz(-0zI8k@
zq)`I+hy<r|V|F<zlN9V}l9cJ#US-)d*+RuunE-p1b43j=0zFFlOwi^Ij*=}eET|QX
zWggr_qq>u;i}CsMr&f2><KW_Z2X!!4Zuwnm@`&JlM~I%~4782Ffi<#Yx<Sk2oV_-I
zOcm@^AET_|N&P-`5?D_t7VFu!gJ+Fxtxbg6{<(GIM=;M`s~a4pvh=CR8V&d)yVpH&
zoZdpCG$>A7Xa(nx0b~JtgbGb7N>A0;4>fcQ+7<FXRnX6M8#0DWC?_A!1GR$a5CmpJ
zo$e@bHW=`S|CGJ1YTq2cSnjYdkz0m|R4!{F%(8-UkllYU9QZ^?p<*gDOeq>+e7|OU
z^c;izxM|yF!U1>X98LtN;5qOYBAB*vnlZ?!%kq&)$9f%w%wIkaodWxxE-5#^_PX)l
zbXA<a!qQxcCL=A?dlP%4x_d|5KMm;8pGB@4F@QnJN-Mlz5_4VO1v~b~3JV-lzuQty
zFY5$#m8A3JL-C*&YOigLnn%4)D8BL|a<wh&rvQ(XlMqeLXj?ng8zKV6D)|EO#2v5;
zIW@Be4zSC4)Y0cSjpW^+YQ#Q3Yy+wJ?8t-Px7M;-9wG~<&k1b474_HIa7s!%mj{%h
z1{JFMAm0V`RR*eB5%U8W*iC+f?Yn+HW112C(+NwnV6L$3M3vOds7ef4=b;lNtk#Z<
z5*w{~%!vAreq*SRwLzozMYbl1l^kU)gZl-%IGy{lpN}b(m}b?B-eRhETM;9*8@xD?
zTH~f=@d&Ks8q6xS#N&b?-<F&1!Qiki`&=1-lakDL2N4tKsM;I}XT+th$m`+*OFyR?
zI_Q@WNFH94{e+4_Ua!#lW$=W5)2^N#Tc;_uFCG#LZBl=94%UsMXn<}5pGWi_Pc*LC
z<s=Gu%jZR|?5fn+At5|+W1M1(*3jZZ>T#Ngz&ILY9O@l;2r8#RY7S0&S7*|#T?kGt
zHP*}_@wf4?7>GgBfvOBfS!L+{#CC-;1Dr4$hY_#>OsUXvRg@oJSEr3kpqP1h&RXc$
zuZD)Ru2L;PNc|jLg(>Du{tfSX&lc+>(#4SCEaB~Vnan|o9b1O_DLPvXDN00bNGb}7
z7Y9LFr8P7f+}Y$QsI<#Fq7Jw%gOi6scEJmq!}JMK7Rfrxy>aKf9^<~8TOAqas4u!R
zee@6xaWxaO4}v04#82BC%;)3`Kc%UH+3>o>`f^T1u^7jkJ&bY7H!C7w=;Go_UwUNW
ziQYb6ehrti!M?=WCzmY791*^}tvuq;V{YgIg2%XHPR1IkK3QRVEd)FIw{ZE^Q|QS{
zqKF0+44-+)JL8#$>VPq0>$-rF)S*UYd3EydI*9`AWK7($OASG@A^jnkpgHOAwI|e~
zQL0Mv%d+tWSB*8~Pie1!@ZI$0XDz-nb=NxzS3~u$X$d!&Pc+ii=fV3%7nbuSJ<72e
z0;N{RnJ*EVI+D2$N*jXnxQD`!Y-i?em$O9`R2|<D1$PM>Y8b|u*X<*+jM%WD+P9sR
zWkjpC6GmL;i6%n(%>`ZDvi3@4?(m^SgeHXG<={A9FC7QZnK>npl8d#$_ob~$OWBTF
z#ONzP`JF17AS*%SUW#Z9=#(eE5wEgc!gf)L##!fYlTEpuKMHuC6dBbdpzP%Ee7{1p
zezl|9U&#N1a6<0C!zExICV5gO$nZ0Eb7iqjM9%pM>v=3d8pD<v>?eHGly)XLD!m)q
zFHZ%2p*;NNJrN1h7BF8!V+*pGgCOcT4vpDK=29{eLisiX|3GibkAyTWE0uZBq9Xt|
z?QoGih;`i`PJ#e+<y<%wv+LqHn!MM+=cgO+kObj`rsC!{ddo{0(7J&UifPX&8)L^{
z?&*Y?Xc-O3HqCxd&N-lKO7mh&<9Gf>GVp`!b&&-^6T_Mo3Pzd74%9J{z&ke!n@N(2
zxX+tY1g#|?6+)Dy{aZ3SpMC-_3$2hp-Wr~Y$fR-+Sc>tH!eY^RrU}a@0qf#xE3Arf
zW4iGrStdF(d^vVRh@`-XU6z+RZjGMDvU?tlD5o&w8nMwM&iVu?{}Ebf0dw31sonB}
zkMxfYA->Iw=1-^pwH)YSgRzDdn2^3=o8U_~>tW7X)r7lu&}PCiopQ8QS5kZvu9HHt
zfpy9anI|be&kBKU*KH0Rfj+ZlCU6exH*wk(OwNF;^1?>ar(fp*kNiWVEf7!xwt3TS
ztu{QT?g8hbH$xLI!rNNJ1d@jNS=M-KZeu;C3*#LOQFE{McpSJSgT)$pc>p-Tk|-i*
znr0wqDGtSm$=20Y8kM!H*yV>>j*x3fOmUBUTtbR8z^A$%ZrfcT_jx9?6o{u;H9wUP
z?1{Zqt^jRnur^(FrybkHxaiJJ%l_O~8{<W<cRVU2byq7mh#OG%U}bilTixK!&aZB2
zW#0BB@?83|gJ0&7$Uw<4W1Izs2~8naeB9TdtRBKJL*VM0XC2c@UuOE8Z;1oNIfc=8
z8ojdD=<efx)!~q6I6u5Ds_d63mE$O>v6ykAb>VOW+PsxFVfD7{`csnZuB$J!5<R_D
zzi1ltK_LGZq*V(t<9`sNe~sr~8De2(XZk;4#Q7g$#P$CmMy>yd5lbgh?|+FAbi26+
zNHCC2I>-@wR1j`(E_2GiW^}?FAV3-eps`QBf&xFBwRhu~(AMwOCY67<y95Lv41Qab
zao2Wpe?2S$4E#Ob6nd!P`@SBJuOH1YZdTN;DxUA&5BFaQE(nkJ9|;2ZE^EB{&YBf5
z+*ZUfy}EJHzNxN{JMzQkFN|kh^(JDtU~ufU81~2JyL6Vs85H+XN_M{c7CJBhHa&T}
zB?lp{34d_Q{&s$V#h=jb4$Y3xiF2&Q#9~-k*s~~qjD17wE3cXFsOvKOUa^}zqCH<^
z6!%$bso__mm&V*fk?0TQuQV)AI~c!mbbZtR^a?ThlUPH&22>_A=!sBB6V%;5dI}?7
zIKOY65*XMQFbF)gn7@`SVA<V=cV9~L=0XTa0g@nXy}Bx}|J*y41N_TPsEpLBdK}Nm
zwW%*h`JAQ`j@zqwCQB{)2b;Wy{JlT)@&sEUYb5`!6ebtunktKJQZnSUmxlTiL<KPE
zf0=WwYyWBx<y1y;WpCLObJ{<j-nMExVty`Wrl*eMrTbP3x#siPYRyGgPj!;hy}lLb
zgN#7v8%_9miokH<l%@zSK*-_8`uN_B5a4iDp3H5#NzaRxoENe=x}Kn)SR6tNO+IQK
zGp7F)_7=0lFyYg$whabg%f0%f3&HN}{>1_;rKT@6%WiLY;G%H~{|3DwwMD2+&uLKO
zVQ;IQ`x3D<6E8U9W@dhkD;}{~LaXF^Ch7{L)+R6EC(=W@x@d!rRQw%%b3RLVAUBX!
zA{nCG4sfaw%t4pG!Hpy8VX&`t|6TEH6e{irqhKN1PS!LcgL>uqWdasKO`fshmIJdV
zpi$LAq1FwiX&{sYP5gb@bhQ8z%`ZDhwg>i0oFkfHg44hhkO2L=$4tv(Xi-TX*X2(y
zeK4Sj;U*i^vwY{m?w1Jkh6b<s*BhF=aQWPteB}7{P}@Pajg}|wv9|rpuQn;+abAi{
zq%7e4xG6=l*5d3_{#>in#n91);bA4-A@%s6a05f0OHOATRc$Wv63zXaJ8K2{^Hwk_
zYR0op-*T^Dur*7wKuuwaP`BJE2aI)zYeM>q%_{zk<*r0^B{QvNDbqxu<bB`yNkJ;L
zJ8QhEt(2e)mJ47+E4xAwJ&+%MHe;i<LOl?ic3LF1`29LmeB)T&_+7D-PWd`#0Uz#X
z-MB$pyv`vZX!_mgspT?Y3{KY#_%*@7(O;}9u)Iy1<aZEovLpeL2Wx+d5l+%3bU@7w
z>(s-VMf7L^<uF%?@774*Rn!esPa&a|L7$s2htu36oo5ny-cxK=>SGc<OloAy!)7sl
zjir<Xse56^J<LSX@?PJKZHXr9u9FF}`j1%QT=wYQsUv&@Fq@@w04IUh0Tj*&iJ6?U
z&?xr9eK)QwIvLeBJzDZjL}TFZ{e`}RDXNkhrph#aqg&l}X*MzF44)j^W2}Vo3BG;H
zVvsi6h|-5%*Vb7P0q{<zNt*;U<4?up6#w7EaXrP|PN~D*auAC;nasgPS)4HEz1+?I
zlOaH^((&-`I4l*N(PDVoSdR{rOmC*p33)1<NvRUzT9d>KIM^gB1!r09^DAkp@U9O#
z7(n>#y>eIkWic2dmtjClHoJel;RxU^VXf2jsyZ}iPaSfqkptED%@2{8I^F0{Al2Xk
z?7qY7@zI!L7hBKstO2#?2UJ!VSt=1Vuv1+stCTSc)!3gG%*{q>CR#@m?4Pd?KVPeJ
zEz|W1AO4;37KdDSg+eKPRu=W1EEV^)K*smCqtHN$M8!^vRv8IG5H}%VR4*b?Q7d;6
zsA$c<Rfw1`QuoTe6|2!*lRfn*$dkV{^E%%6E!?TE;~TB>BjKyJRUBC^SJZC?e-S~{
zT2JBe=8$nVPhL47ZQ@5Rn9s`<RUb(Jp+)t&p4qi3R6?_N%Beli1~n#b3+;p|UDk2)
zW;X>X1c|yg)9Pq$^}x%jUH?W8j(ckD&o3lk02TO^*|5=rSUZ+z<$lP2W9KCpcgkM=
zTJHQZ?T?i8;saiyi%MITpbug@jR^78POHF?ksG6Fp#p=6y`G41B}5?x8|Jb_KX93l
zWzmzIhp<yx#zpr=p0kUJqd~-X=Xujc!WS3CUQ6-0sGi^U^HYnO_49_G^<=R<gshLd
zZV|kRpnr>O_~YGBE;PYmJOl)**`y3?G&xqZ_G=sj*44glk`+ymR%xq>`2^T|U9e~G
z8kRapFbd`p<8`1CG~RKJyFuj~p62Ow0R<yrFa*csN=n~R;6+SZ7Mc{elTXi58drXC
z?*vTW01%`lc%4}9uV!7Z*2v)|I4Ld>xA*X~g$oh>Bno(!2VL3RV3a#;Lx+MPXD8`W
zLPr>AQ5nw0$B5}2!9l`sd-7jDcAM*k!Rd^M+(@F~?3xN1_|Uu1jDxmHKv)vNvbNHT
zyo8=d#m{-XqEObg!+_AdI|+`amX=@mjnqZO0}JGjV_c+}iwEEKiMfBdH|tm~^jX_T
zOs|>gP3eEB)++1C-!M-mGcfmrubtg=IfzC-5BDomnh{}yArIq1zS4I>3G7X!O3V#@
z45ua~MLq1bD&5#laRm-p-B|WC)7nN0X9Zl0RbTar<XqRsybcx2jT-+JIs^}#*PmZM
zx1f#i!^?g_QL3Gb!w?oRj#`=fsd*CBIppddzx;%#4(@13{9JcPyxq6!9JPh1nTfXY
zj2nMTb&6>`5<f1ILBox#O6sApHt{Js-)St$8;aa~wb3|ImTz1@U^NG8uWr8ILYP@`
z{D&3iY$dQLq!OCHA}XR&d3j}S#%fsp4pR2Yo~3bD2WweT@TQ0%^%k1Ju7-<-1UxU9
ztr#Rem@(a~cx_svCQ?=I?YbuAX{Qsp%wDT}nl%c3x@t;Fs#E**cT7`^(_eb`W@v-z
zm93j42&;v?>=&s_hrv$1_d~m%1h+1}))o@lM!oDYai;4o7V4~?z9+jBhjzb?WZPGA
zB2VDwys4hiEn8zvme{t&h`hd0`yd7N`h)Gix91Fc9Z?8WrI6rdK2fS@q&IL8S$f<D
z5Z;=F5`yP{C4+=vS=Y!uU3eI;69J&6RBiLitB`;utwt7+0i7|c&|tU-GvbV?U*XKr
zT_I-f;buIGOz9lnNo*^1_qk-v=aCdB72yQcTi`b&l<5%MB5p1tRqokf%ohuI^=7Z*
zYtp}hB{7EFrYY1bKfu?pXVkpdxUDxG$*|a`W9#Tw-Uh}xs^|dvIxC4loE9NxhUDH@
zvV|kwqH3`~>gwDmGhNYo*eJ=13CR58td`j>^#bei^@8;Rae|t<yUFl~-jiR#)yp~7
z{1_6r>B1iCDNYBJUXq<xd&x5NeMv_!I(i47n@aRs4T&@%{q5LPO%ul{cQb9j-L+R%
z;dyL{?I`WjuvX?1c{Hi@42R6ucg(ZXe0U~;MWVhP6jBdx1Z@GE;r=qTJ=u&ji+(!O
z&Otj_2m%`AlhG+mbwY|at_C-=!f_UAOwz8<vWx?)n98OqHcp!^Wp>w*(wTii*l=d%
z)gKNDICH%Z_pJR5Ap&>XIj7#$9?>bzRYP%|-kBh3`=~M$o0%AW6M;ETulv3Yq6Fat
zil&sNg}cpJE?W^4HdtYmwI=gq<i^irMkplJBs!UH*qxKIJe_x<LbaO}U?XbfWo=uS
zFKifJ@xTiAm>^ZvUOyQlrG<zE_NTa!gacZl@T7|VLL+xfaFs)RbO&2gX!-rGrn2!u
zD@VK7B(|0}3ua`NxmT^5?O_-SA8qbAFLu{Ak$w&y*X>Q<E?Y#?jjhnf+u$*(*Bzj@
zMU_))NCD|r@>(^tDb^y8m%q1}@;2NP((c>*D)1ANGB>D{@>S(y*fb=>clHBJT!CkQ
zEIEBmKpz^jMVIHBd0JRjbFN?mTi6^T`WEQ$#8q&)+e^w*V|=#Y!E%Gw@*IMu0MOH^
zcF$_*tZhjt!i7JO8^Z{!6sd$l`7$R@Kk)8;1pfF8BP)d8X^?;1%o&8o_Tg&lQ+WNT
zuAiyT{q~8V%c}c{Zd3=bnay@0^N|^N2ycddW65$elc7$HN3LrdhB%Nq>3^7J1=yV;
zc1=}`)<>$7U7xFB6$&k+PgHA#SSz-0jC}rmlYZk{@ck`?wpVl{e6^|4FY7hpGl$@F
zwF$(RI|==>e<xt6mbLpo$jZMK@?WyT#K!V}WQB?8KWv5R--_!0)=brDOT}EVBmSBF
zeaFR!XP0hk3A?C6*iH(<6`I>5G!Ap5x3jCDCY3I2<DoFfxNXm%eEqDJHX<Z%p#PHv
z`lVGx-d=tF=)fT0&-RTs6Mg<jz)<m;vEE-NUkky}`<L6#PbDRF@$*&y@7T<TO=6$j
z4OLvfUE@vtPGm#wAj^woA5>4pf>ZVJg*rid9?E-RVIL<y+~Q2B!+JlW4`wBUd5b)@
z%iaj1FS(-%N7)FyBOyQ8-bI4W5(lbg!fjEalMoAA;X|QMpYVz<k0?78anw>F3VIma
zzjR=Ek4ft2fPpLp6ZrT^M6Xyh6nqk+EgM=`MRM;?=|e;ilLFyRzty%`jDdfMEX?NY
z?d~7lU4uV1=X3QgMM6oef?G@nUrqi6V6OYYJGOfq|D;95!#|-IRFaA|CT;JP^0K~Z
zkjTF_Y=6`2NC5g(ZZu)0Z8AYeQ=wWi{XR=cN%<fxIE0n85pi}<O4V`F^xIak<Q(BP
zq5gOn%!o&mo^WwTm#Ha;0%CpYME`j)=yuy+LD8=&X77W;AUoRGv~^DuN}@8h6q;EZ
z?m8QRvGkg7$8eqn$IEh*`B2_Tn&PBMws`tLeO52%Cy%<Dtic&^yd6=MuDV{@OO)o@
zW_*h$VcFd98i^I7;LCiPHBNiloJC2>xGCz2D?JwKVX4;7InIa<;QYL-2(Etb1FO$(
z_GkNsY+>p)f#Gl1qOUWXP!ij*u(S1CJu`81JIK59uQBJ4)={>9niNL%ICH2X76|PM
z4N}&s1ZH4zg|)5!fgmeuzN^d2hVz|uZ=@~}Js-NDnonWPPhP&1C^~VJfdqcK4#*QO
z%qW$A>xuP3lbN8J#~w637fb!6tP1K*MSq@(Ura&4f}zBjK(<Y*`k5GE>}NNbCM)2X
zIH-%eBvjx;hJ#^!>NuJx_lxpui`?Kvfv%yoeE7zMg*3(gXwr`@OX=y=W(x@AK6Ac^
z{#0$%i1EE(mCA|=Ql|+~9Msz*O4@u!#Zu%HnHod`)qE8%62~cA7WS`q*ey&Y6XoE^
zJI}E&f#0>gJCsV%s1jQEovd`C_f<Q6XWfY>nTjDz%AFbS9wcJY*%Jn{AjX**Q*Hv=
zc{(-lvyq@f)re5IxlC9`LbT`K=I4Iv2MA5v0N$UG8eBZ{z=oD`%r3b|(s^IVN@8E=
zd&+(*St+D-=8A;X*$v}(d}APC9XiC_hQo&5=%evWrD7UWS|Pzm>|H;a;21~DwfLQI
zcfK}goMxc~*v-g@ePIc#x9HIs6^0<o_Fexd*$)eCZJS_&f|$dbLWCiro(ww-DNpui
zXh&j;lrQc`I${^?SffUpAp;1<eWjMf=yv>d#9qQX<}N+ege@|n7KR{IAl>wI(hKy2
zP7-<F7z(Pag2f4Y`qjY`R7Xhn9aVHiDO0LJCe^8!?juO{Jg(+!<~R8vv98W~9a&B{
z&3yDi;lK+38sWWoQh<t*KOatxnu=<NI}fdQjp~Ww3U^tnOK1+VWtasHBFQA>c>OO~
z!VQ@;!w7?@nC>(%BsciH>DtR8;Xrz$7vu&dR>P6INBdVsX$!fOR1qqFYNK3%yKqZn
z*E`NJvjtk1Sj(n5$Q5c$+Y&StR9Y>!d0}A^+@of6m@P3;nRv{BBSw6$X?hl4^lUmF
z?$yDEn^1F;<r_8tDVSGWY(VtgWh}V7ggPfR4urnh6t^Z~hA#?*6SyO13=M79;62pL
z_AnN`Ox4~O+@%B62rUtYv<g4dmj0%m`1Q5XdP-<mSr`e02XPbJ<|}M_Sd)EE9msv2
zAqrgXnl%#^dP;e7w(fA;kH%ZTWg;=gW)WBxwn}1iNWybw6oNFRqee6IIf4ENXosb<
zWex<3-;dqLcMWoU^vS{A_XB7!INt435FRYmQVmX|k099@Fg|-qt7N%-GSn+;yXBl$
z#3b24H-4Uoc3BYF-V&($d<ON_%6g46JK;C&&XJgYfgA1haDe#;x2YKt$OK?VA8%|L
z%X`P^`Rc{?ok%8FEWKy~LdV)R1ln^YKlY#cL-(Pc#>(rA3x)p86*>@8d)mHbC%uG8
z^*BtI;!br3J+A64_toOaODE=~#`<N0&zGAox#;$J0MoGMazN|K?;DT&gfGk55sAn|
zDZD&7sj<MC$n+b2H+mz{@er=vRyByM0t@Y>5xiPkS~6=jJ%4tI_1%*SE6LL0KsCNA
zn-1p)2Iv^qX2)@LvjfvuF0lA}4#-u1zE-vHL^9%06zbBiQ`3+X1QHHwKdi8|bMM+}
z(#xV$@r;|Xw(S$z-L0Y#zwrTY7K_dZVH8E<ir-jdC7pFQ^Oz()&JDzELy9y3#+0>v
z>R{MYnbO2(>8M0fpNN#=_a;YC^#$wRCb3-dZo5@#nuy;_oIeS=aL;jaXFfrm+A=>C
z=`sc{ev`g)=@&@JU|}Zed#33(Q0p?qNEM}fR$R9V0*&758b7zK27gDP6njaG%<}#?
zQiC5z-vq=@PO9DKGq6TR3mjEDvo3ZGW)jj#`;i<)Zs*v1a;>pJ^YOec>vO|sbgCNz
z?Mr3pRGv!!Oz})-Zmx5mW_Z<2xC@c)4vsN+ikq_XVdONj@n}s%R+bGw5Ub)mLxBO9
za3#a>{L?{y_=$S|fda_!?Ev=s&E})X-Zq(IDc5KcOOU&BrMHPf1;t^i9s8;`eH`L*
zzs^bBqdIj|^(0+9L#=YFWRV1g(dizg!M1)m+^0n(h%)FB8OjHP%GdUcX<@mppWa{k
zZlccz<yq=b3`6J2Y~wag59gz{d-Cc#+eQ@P70ChaX%j^q57jugz$gLP$ppEct4WTe
zE_@sQXzt=+rS6#?M&x^=izw4XQzL$wWPd-d>U0iu$SLiMcX8|Xp~&l2uKT2+E_+OX
zh^auGfUy|JMOkgoejk(4{k?ggeOmV>15xQGcC1L=!ilkLwuw<9c$ro*%t!!z(HFY&
zl!zTY<jl$?aPYLn_T+LsIx&4;+$1J<Y+&n0Tg8gE8?f^1-)z4Bn?!x;_!pm#$z_1g
zcS_o+-%->>0s|GfGE4Gk^oq+e*|~L6FF<LPNGq*kme?psWg-1fOWY!x2}r>2^X_wl
z2RV6!|AEK;i?jYKt6^bd{cj*+{ZAnKH?{e{0a@!mKt}sdSo8Y3vbktd+a-v&D4jOM
z!Gz<D@y&D=Gj`0-;N+HvU5coTxn^^eSKm#IUYXXw7YTYo_v(B#As`R-3#XPRu9@fi
zvm!y@`{YTX$J=Qo9^~t}B<9!8s1f#FRG;6LfPiseh6Ic5=;En?LZ9Dz3S7l(K|l|7
z_gYOS!;N*E6JTBcx+8aAqcrBE@$3EZmEiJp41u|Mo&>(RQ<k@wM@xpp8+V>BW8WGa
zcLEd>16=n$q8Y%YyKNdA(1AozXkn|_v-POp8FaI!<2*et0s?DW;3*Vm39MH^^MFS_
zHugS|^jkyVD2yc%^T-IbpFeq+i1yyvz|~@~O1x<b79q%$16PKAUa!YqXdyCWjBMgm
zQ9mJ}5xbaXnm^DlnyH0KccDD;aK$zuawsdKz>{5ID3+3^QvBjB!SSlqDR6ef=B6!H
z3K&`I&u_}px-P*pO+`lwLEzbR!nmeyS$DJ=m~3ySlG8Doj6H}gI*^tJoupka7pyMm
zP^=Ruj=t;+|MkhskCDEw2O~m6|1_O|x9te7Ji4v7V^9UIpPz(90*)0IkilLX{zC}G
z31URh^vQ~}&k>#a&@qrJ$iLsP0R<C`wj6K@LcblR^C)_bae}$Ss9iBbboU~R_hHBp
zs)}Jl9{??vaoBPpy`iJH)?I2*l9l01W0yMP8sdQjLW2{_3lxb~)6#}?r&M8~bF*>{
z8o{o1m0^gp<>O7Z@4)_AHOtP(0Z$<Y7H}eHd=6g=CLHmj!r{c^5`?1#Z*(-qM@T|?
zhN7rG(cmG;_iF=06>$fK%uyICU|gtiGNR3`H)iPjq7VFlDl#jOasmc+6PFq>1g=qy
zt26u<05Cc&c_{2gNt%{Pdc^iQNPHa%9M2IIk)A@goQ9e|D6_(mrgE^?Tbj8S5XIhK
z4*7@rGE%0=yKsNfcx-#g`kMY;wBF<T-zoZR^dqnJen;@%&?X0<#UQ|2G!SywcQsv)
zGOwXEn+wyId$|p{r!^hEYxkbeUC3Tp)qVZN?mcg9$=dUk{{5`o6gV2cYG!b&CWY=%
zQLI*|N-Ka?YZk0$E49nvvSjm5bxT80O(qnSv_eP+ANJLDE|WB3!gH_4(MowvGB}tC
zGV!0?F8i|Yon*0&@7XM{Ax6ZnWr^$PU?SkiN|>Rh?)Gtv?W(BCTDS`(@h0iQI@kQN
z9=#vay_z&|DsCRR!Hz}Z6rHm?si4M`n9OJ?N}poDk7>c-B8W%I993h&sgFmm_|y*B
z>G_|`b4LMN$u<ZmyN*n2hP32+r1xw%PrXZ{_-IQ+8VJXJa2^E&b+nc)VWpr*@6OMM
zh;v7glP|<3L>5U6aRF*$RLmO&eRvDIjj!SXRw^ZvzvyJFU*)QqXT;2!lUdT9aWw5F
zry~3{!^|U2w?^@ki>SO^M4yeHrlHk}L#WrLMrj??$~m-FG*pG=*jVC(nzMN5@10u*
z`wW@P<JfL>Q7dF@^+?zKvo6V6YWzft8&g^=F3JTlipYSgThy69jnwK{e7v;1%1~>n
zhR;^nyIiNwl}VDoZ)?|);bcDvx$3d3we-k?|M{ogND#8?8qy(2O(vpss}Uy1cJnE(
z&Pqf#aGK&)m4fzrYcN@1)+XnP?x7UcWA+Lrz<iitTfCdu{(aE}BsK-j*KfhwnVkmy
zeKMr4(kr~H48pU&N>;4-p^)W8_@RST1<P7|Ov`$LkIv)J)9?~tC`N*dUh6&MFj@>{
z072;)3`A%Tj)>dIAUonk-};dF00j`HSt20iU5Be-6t6QCg{BHd2E(r3K7P@*M(kit
zuI%^&F|8Oy!DW1e9bXSRnkb`z_uLVfL}|zboRrt|rHRyG@_ZA?z!|OB;g@np8A3K+
zxmQLA=-T_##$<V5oac)Yn>laGd9CH)Zn-g3K|@;m6S+3q_o|;M_bu!$$yj?JXs2_V
z7%om9jw>_T^j15oPcj{Ug8bn!#VOoTlFd@mwWzRod;7GA`?AOzaOu7n8$qU^0D3pA
zHy*hK0^j;o#A{2k$XSQ1f8-Bp)=%c|nS5*egAMx{yu~MkEMtakL<!`9fD3-3NfWNB
z>J9WA>ynIgkcCl}bY8H>tO&V>5hj<3O(P!uw_&zEHUg2sE^tG0k7tEZ?y)J{41N;F
zA_}Uz+#@^U2gl8B?^tz#67G5oS1t<3y6Z0Y!S@5NnNXIbolJuKWH)Nj+&gz<9rP0Z
z$0nsq%dHL62SIggoFE!VSJ$Q9u!jozehNdq%cW6C0{|uO?3E;??R3_p&4zf79>~PB
zn)%gK!=AHg@C+pD=W!Avgq?shl~P<4mN9zZ1?)xMNBuRK-zNp+&7h~LJ@Z%su7N)m
z-mXuV2nOI~0l=6U&@~lQ2Ajypm}H2));w8^)=r@a;GYl0C`Mde8O33+@NB+b)#|_X
zHM)4j56;w{cFoRw{rnxC;X`8Pc_b!$9Nl1kT3e`*Yit_B&vnH7ffFLVm|N8tA54KR
z;@b$OWh^?c0~DHXgeIG`(2LP?&fpEMBzV_|7+yMqiGV>xv%jM5N+DL-7-Nla{m`3!
zCSx;Hp2>kJHhqz3FbHuQpw=}m=}S?g2X9NjV>`d02a$c0s7*~REvrk&8XF~_EqbwO
ztG&a8arIjXp)bVmkYZOscbgClS7MhPgm5SM6Pdk6ZW=evn{xhg6Df%004gw3?xKRB
zfTl#vRiRy_HUMXL@3O3$Rr8#fv6aP2Gc`0r{vzcf%|22#Az-0p6dNzv|E|TR5(Z<f
z99sjlI&l~P9Us4;Xx4KpMPM+QEA>%Zx>vJjV5wE`UCqZdac7meQgpVYwC8OBK-247
zAjybpxchxXDI-ZLn{?pgu6s62+^bGK$BD@yteHjCwbRX-$^bHql<+cy>Vfl;vEPXr
zoE5=M`XpNPoA34yIjdbV&o!W+*jSccHTbjLE~kkgq>^iPJq+!ObJUW5w)GuT?BXXh
zZObw#XopRF_{9Sw_<;1ATmk~q4_30Rq+UPAY&uT3wKKYj>=k%;ox7=8OXFv2hZlN5
zRwg9)p3nys*<Czcw5n^N@K?8O{#^QediuT%SH7eHzFC$*rTIFp#RIK3%kUhky8+>n
z+<2<m8=W=PpH*t@^>#q%y@uQQ@;vg^3Hj!JX?UnsqxaA^a~AVY2x4b?Z4&lP=ipEJ
zoAVnR{6gJ~d4&^jGv#%@D<BT9GF?7~WmsSJG#y-C3xze|IU7k;+zD<Z-!*cZzh7)S
zfv5D|<z*he<r5#Be2@njmS4CwA2w4>P8-T_Z<Lii93)jmE=jD(fOj<uOLK~l0niz-
z2a_axSDbd3WgAh8^0YhEL#1NqJexKV7rltwM}-_s59|?D;Te1^-n_TZaSH(1aP={!
z@~t(gf5yK(9xl`^COk|Es(pR<y76p%NOH>zYgIXIehofhm*7X4oAUZqT|(Mg>NP8P
z9qC74;NM}3C=P4cxF7u{g+=4mbANy?*@nHGH9Zq&DLhl0&@_E!PT(i&V{}Dm@rEii
zABV<XEI<Gg(vJTT3Y)NR(z>W~SA-m&u)A4vL06Gh4`BhJmrMWnvoC~g8lQugJfk(?
z3PeYc*0MY!#g!+{C6wn|>OZBgU?li(0eQD#bQR@o(v6Okt4ZJkR&#qT<lR%%hR0SV
z5aaQtns7vVV)bVS+|US=<9&@w&AYyMcI;cEcv4itKmRml_tgdSU}bVGOnSTYpI+k^
zeaIi^{|UMOceMUb$<F@Y$j$Me$o+4`@qa_^V`VuR5GKUlQ;jLDH8=ibTM!~cI~va#
zdQU_J{~*l){g2l?Q<d$DXo!1K7^#=utf`!gfpkL){a??I!*gKa*S($G!5PuSwgl5X
z95dFI5k=R9eIbWvAV^OLtMkUik}*qblKKgf6B7GNj;Zu)(3-`hNZrFj%!y}dQ?+o}
zW~UwfWZFrtiv>Am4l8OvYQK*1R`QkmV|)#$_-U0VPn2<oqf9b_lEkMum&PUO*CT7W
zhOvp@6{J0jtkUlb^-|SSpUS|<{77@0-YJ6~mn4tWCK!&a)~V&mMr(qrYeJ76cu_Qd
zXENF#bPUuqDyZgR`?z*9Rc_WRV_1L}5%~?nIYQRK3d}mb-#q<P)p?-sOWaolVE0W8
zSiWU_mJB2oUjJ}n8eIPEYaEyN6F^@t+JzgjNEjn&4CfFYJ=gu8M)be)85ZXMmLfLB
z|CkWlzaOsurwRS9lfO)aEKID7|NmpY*Xo}RIvRL?@%t9a^ziF8%O3E@y0=%7E_riX
zi<R57q;f}{@aywbS4oh28y#%hUwUs^^VpD3L=KpED??ca5K*$J5eYGKLkTeZ&<04!
zm7vOzpoU5P4>4X~f(^(m-*XRhBxHU-ZFgPxcW2-K+;*OJoww0)i~mk8Kn}~+LSPYp
z`-+dmW2ohLpRCFe+UpAj)Go`kBFx(VjT`3(22iVUtepJ3)lozOI~adcm;q>ato5Ui
z!72y~7(yhsd+~z5xW+9eTTkM0u6luv+KC9NxWQB^0D%Jp#*oWXIL|3RV~K)_f+uZS
z%{P3>es~YJjlShKtl36g-U(-C0>|Fltrs96e?244G%+6#>BXu2R7Gh^kNyVi6gtdl
zoa0H)(@ici@=0)yoI~po$CX<K7eCQ>C;SNZmEX>1oaa1&eZcq11^Wv^een7v^@>$|
z^9*2w2o%qPeuA9`%a@K+Fo$RA&B83`<02Lb9lrM*=ubQ%fblS~BBIEi2B43Dn+#S|
zG>a<(BuoZ>Yk+r1n#NX29+?mq$}Co*Z?p18Z%s%PT6|GFIPn*Yi8;<8E?#=ICe98S
zC<b^Qmt{hp>nJp>BIfnAH6bH`a_D`mV2P2vRFZt$`}-SllH)JD(=d-a?1jVpRiTQD
z>0fLPW)|PH&e084kSLz_Ev+lHl}P^8&9nY2_ECK2sd`FK=^TIVtLX|?kC|(*R6bp^
zwKuXH4^#Ep5F0z!GtJOeAy+rOnGIbbbxQn8Zixaasi71o2OsVHJuk?Tb<ktO5+qi6
z+<YBCSH0xz7I*78z-C|Sl2mEvRT3AhtgUl+t*XOPCNw50&oocrFywT!%>a|Q_XYyi
za$K6F@f){RG&_GzN%WJZ$*x(fZkx<=6f<FKR9f>d7n!E9ad6r0bqR2l5;X&k^Az?5
zb<-+2ab_la&<sV>D7#ZOt*kA}3?r02Vnv;Vhe_TNnC26hi0q9v!3+6&^nh8etR8F2
zh^41*H_hCqlP?YG7vQaJ7eZ3UUkZY(cN@+7WcP4W_QB+P{->h&d!CA*&nLXss~uPO
z=V(kNh=)`mRO{u>ZS-G~i=wecz<e~%8`C@wEili)8Qxdh#~NW=Y!gL+*T<I2>DWO+
zE;rT<bYsSqOosh>Yv+3>t51N@PUEh2Zu_MR%tfje&-e9*<MW4w&)8ov1zaVBoonO2
z4DkGs)!4Z{m35Cv6x*ve^39EWX%MqC1-G}X$Db(Ez#j3^<=%^z?{`8k^HfrwSsowH
za|#~c4ID4N%opLqyfySMdI+Bb0lP!L_6oc>C3~+j@Zp30(y?mo5n<+<5qM@Qao$Bm
z_${Ga-8U2r4oL9f0^#2~CgP9f6orWFY0RSMAKxb>!SJp&z5AB!amU4pFIKa8PSV4=
zF-(&-OYyg6PThx%kma)~carTiV&NS(*IAD=y$5$%vvsqqADKEsM;|s~ywEuVQc@<4
zmi|l|w>IfF>hhbY*TlC-PgA5#D6^+!$vnXCS0&tgHEY#p!c}r$tGAkOxO?>KDuHK8
zc%aSRyRO%2i}4?_Ud7ob@FhgoYw_Bp%XT}}E%aJ-#?RnwE_gkf6`HTN2Cn9&$22y<
zZ&hyf8`kNx&D2R(Z7p@`C4sN%sF!Ft3ASGqAG1Tp!?f)!acsqB+oVyS<=UW?Nt59d
z@Kv}h(yN)ZFu$>xDY>!Jb(>z3^A9p`!@Itf9<Jc6rV^oFrsr)|)^RV_s#&Yac@(Tk
zWF&#OzMo0@Lh8R@oYBUISlpM6S%L1t2y$5`#d+mZYr0Gnf!pm_CyTL7;X07x(1<L_
z$*_t@O&%P0{$Mbj2BHV1Gg3?h+RN{UIEmjMdx~qTiowc==@6!<2j$#lE8$Z($$8<A
zQHe9)Vv|S!=2E+qKN~n>s3*IkkA(AuN~!<M=+~lJ%i%{hm3F{RQ@s?9e(#K_X2`x#
z4Ru#}vy_~G8>`LJp|q|?Dr;bWB5^;Q{q^L9NFB}o{|I{rC|Q~=@3(Q<r)}G|ZQHhu
z)3$Bfwr!raZQJg?{k-3ud1uz0xnHgot0E#JB5T#&SrHZa+yDAIlb?S_`fj@q<HVcm
zvDG2EoJ(FMMN#GoO^0k|TkejXDTq}7EuK%(bz#q7iE0(13%u^X(O0jF-3{nDAov4&
z5UcM<-pnY)Lz}bqJHON|c$by7#wT!=m)@D@f{G3$bq+c&9Bmy-S10#6J!MvK)SVak
zpY4|`#>YJ-E7iDAo}JWShvHv96pwclaya{-iu%$B4BUR~WR+N*TQEJBtNkMMI*7G~
z=3Ml1Q8^_4QwOm*zyz~T<KcDka!3)vmR&4E6QcgYX&d4}42k;`a;xofE$Q!-HMb`=
zykc-+;%%w%g^1wwl7Kn|)S2${`&&&VvJ)H@;S;r?(Lv;Ym{$KaUH-G#NYBdpUt;+F
zi(rP5o1HPOh^>v2kg=nogSnlPt;4^HGWyoWw8H%V9F($l#x{y>)&{m#kpGBjm^$Jy
z{bYXn2ng7^YEsj)vg1)R{_Jbg)3Gt&u`{q}(~3LkTbUd3+n8Dz<IzFV@;e$D+c@E|
zuror^{&Ssw3e*hr%#gH#`gUT*=B8#&|MY{TRdh18R>5QY>GIF;Kl&ZU40!)q1t>uN
z%<2CbgZLkjiT@V-U|^vCzsP-P$MVY#;=u)7e}uDN;jlDjW{{Xnl5n43RPg%tH^#5{
zNuB0>Z;`7=bMf7|UI(zASU#`FkG=&JoYN1WjWW{M8;8*CAc-x4dfL6p8UJaJmVjEf
zl^kv>pl6AitJ$MYV`bxhVcStZ<@7k<L(JT&={oV2K1DPw{GDW>dBZl&Ez82aj_#aC
zlZDE8a7i$#yJIa0UVQS_5gvh)VuW2^1fi^`OwH7ySrPledyN-7>!p@#L@lm}u2?^E
zDsyT0*$CLeAeq46QC7=~1Mbs9I@G9W>;>o@VeR%m8UDZQC;z93X%(Ffoc^)5l7qAH
zziI{a9gY9_r2j`tn>#o<37Y9U{9{2W{r@*l4@s+PZscU<sQL4p7mtyd8BhEF80+8u
zgU9?YlmL=e$yV9M{2$pBJm!B1vivt2{>Pg9-!^3a-y%u>b8Sb@%Eb2H7I%m4P_9ag
zZ6|9DPub6mj0t0w3?3$8KSzIHs1OliJVaO^5fLB)vT=M`?3iV6nz)`)I-VMcQn|HT
zSt&V4UTI=^lLMSt*_tBtvSMe|$P&-s*0rT#^kq@DB5}rhP17?`LTGcz^VYTJbH}RD
zll#ZHPtQ`Is}oyjquFo$gG-zTQ5Wlra{=(KFt~&zZiM4MxUax}({u-}^Rh>S`&z#0
z?@_^bF98}X2l(=jOa6S{qX()H3ZM^f<?`O#j@(HEI=HU%<e{P@gRdjgUHiUfZuPw!
z>0B!6`n__~ZF9k0J$-jJT(G46l;`-rk48!V0z|}m;s1Tb|JJ)H=?LkDy>|)Byo|G>
z@}^vKhvv({e~&YxbJ)&~Hm36d#<xLQLUSFBK?!zXNYPJDpiHD_5~-NSj4Wnq7)rO9
z82vjwRafwh>un@9ydllAs~*E+5?KmMeDa2|(w24VzxsL8hFN8LW%2}Qh1ib08F?k>
z6Z}~9&>64_Ic*<)t*qvzjMevM-|H{Oxfa@-@0B=wesO69>%qD{;6&e%s$F|0SwAur
zQUa&f(to{KE81yAsR$yAf5zWb3KumnK2n>*2ZqM{jH362pAh2iCxiHbV{j0O;OZ7K
zJK>I2OB-Gn2*nu};{jHPAp*hn4CBS)?*>5J`sV;;bp%h9`(kYM@kFq<8{XPzL5iIw
z<r6H^+CK?fh~fw>ewXLw@bTtvku3EY5LXBwfgeta^Vs-m+pq9DZ$@|6E}_>e{+QlQ
zWbA?*a9v^EA!I4o8(F7>u`EGLq!v1vwrq0cNdM~Cjp*ia_gLWNd^7=+hxkmxx=8+^
z&f7q$8hpF{j`9GXf_e5H*QG>OiWkJv!$6w89?we+NwADb=j<H^nH{b}2$t#3jOq1{
z$&Wo`YV41&7Oy4*mF+hTHOq5f{IouX%6E%n#GVuQr&{g}{84bo#KXmU)YuQ8f&)-v
zDhh5NdjmiQoy=A?c@q|PX*ZdKh7e&@L$>#`kbaz?FWxV#BvgUlTRxY-)$o;aqhy`R
zHYrxo^LdL097Zl%d9xNr=8c^R(xy-Lx&n^#&&FP3=`PP3qg*-#&TC1{Ochkn<daJv
zju$3IWErNN4&HlvMG*VO`^JiE1}}gxG}`Pw&iyaxbo%wwG{EdgBA>YWrMWp-)d{7c
z`b%!OvB%@skg9&|e2Tf$Gsq`USRkH$4ZX@c)k>-s6irF(5?)0G@ik5=?G&5XXE4$s
z&4SB$*LF@f*i$g7AsxD#HK)r@=Wman(cazLtJi0La20XqvF35+vFC9evG!xwW7?wI
zWGiGXWh`aSWzJ<eW$sI|O0-Khm5qg|g=LYm$PAYAoFk+T+oal#gTsSfi=-eF>+GWE
z2iByn5QZ<~HK|WwNK)!F)JiO;`sClIr@2^ooIaMXvy6@y&a9=Ly5-+rQG1$Oo=1AV
zY)b-J16y#By|t&ExE)=I+%0p>W}|9)KE8TTQK4wDSGw{{vwU{*gL>GW*LhvVSg1fa
zFAR?JrI7C0=c6)3EWI_%=cCVO;f({)N6;TnE9F)E&YX}z3yy}V_LIUSRcW-f9n1kK
zvV5Nd!4hShbX*XO10>RrNf$0DWz5!W&)K5tV^PJ7@+vJ&ZJDUs>+XX#S4r!Q&(Rdy
z7S;2>+U_W&t{_Xs;$;qk@jZ-d@M<_34>`9tM?C8*3wk^#IiD>o4W_d$dA%f65>r3U
zEI+|w7_Z|VeubXHDJ%*8PR{e_RQ60(9~qB;W1%>TMqP`NP1y->oBACQtQd)kV_#As
zSFEmG)5L5{LD?wM)<iyU=CU}w9|ht_aaVzgR-<+2tAt8A%1g+#BaXKhPn<%#&eb13
zA@rAN-N25d2F6W-TW8u`cCcZc5G*dme|4@(snlV<-_xM_T$)dT62y4B<Iwe@gZ3(;
z)92x+nbTdAGzUX_&7HIpccmlc^?a@*_zHU@jORP3g>+k-C^bg++UsB<!AAyrH+(SL
z*|J@nsyW~j?xZ&wawcF4r0sQ7UuxO$HPTQk=ev>NQ~W+U@*?1GD?|QB=hkF#%DNG9
z8))f>O@Z`2d0`#n?yVMrA()W&<(%;@^KLwn^bITz-<iQkr-Wou6Ghj!N|Jn18(W3j
z)(Mw$ToY5*0!umeV$_)^bV0Pd_X7LbT&1B2n%gcks~<0-HrWPpE>N~Hg-{7-M?=^9
zFSpIxJX@~s(*w#sQIA6mEL*QfBEwUqfdS9X&sA17(4#o%nPMB;TX!F<-H!DZ=bM%t
zyiRR2GTq-(d~|4Na9+D4qZ3iNA-@~fGD7C0C6dy1fA5oAojwF`EViD8igd}5Q;H6!
zGZo2e=G9F7ijZ~fT@%?GPoeer1-IggV+0b{HyT|zS6N<pRLR*O(hwS#;P--V$YPV&
z!Zh6DX;W`=-5RO=Qsse_Wz}{QuxM@DO|~Ip?aZ-J1B6rKMMh=f16r3H@O99&S-WY*
z$F7kj1zV*cV-ozgnH%h|(6*&`fT?RX*@h0|FG^a|tQpf^$rj8*j7nC5AQP~uX7yTo
zF2+l6@8RqOeaV*eM^NMBIkS`kD&sb;2_sgWKqe^=d>*J(J0PINBYMbqS0RCP#5UeF
zF35trn7tadf}C;Qcr0`M8IEfPnUV!VMg~KudOgaFK9e;kk%n1=CXM;~zi!EpjzPv@
z*5bqQe~Hy4>r)OEj2DcX)7Ggh8J3KWFmf~eLv=^wWm7fv3)ri}^+SO+Bh$K#3XEX~
zQLJ>j;g=VbT9D9!K<L%&5@&V2LRY&U3wEoW&fouzYbO6Wu0swRJfQh`iwpq4HXvh~
zdG#fER!m?`?of?K@XrJ4u7MGUbcAFR21|E$Of5fRFB=p*)4lorSPhy-;{ilRZ3p<m
zkl}!4fp4FIU@A2-R5TuAaoh2@V<Ugt9cE{^ESpA=4W5P!f@y%BlR?j?Gy4W2!^Am1
z$8C8Kx~aKHtT?@2PHk=1y^ao5Wv*pvafx)kw!C6AD{HXbzjf`VldGPiJuSAM4-~<K
zdxBn!Tl}_7@MD&PtvG9^8U-sjLJ3#j9IR35sggYE{Wc?P=i1#*&t5Bz`y!1=q1lO6
z{T1Ad7zj#8xr-D4Oe0pTUwvLocjIqB8)C(wzFpW1J`^4-HLuoIdz7b{x*xDfa%Sly
ziuJa*b~oQ!x^Az1+Uc6v(-hl|4^T?Mw(pk^ah1s**Oe&_8%2x7Y0Tve(1ntNu~TA<
z)gskcs@da%l~fw|E0Qzj<h!6f!^-G(EyysA&0Vyu>Sqf%0H?qgU+YcF*&G|$Bz4H#
zbNVDGoYFWpW3#KB3L7vQ`YIdHs4yxhxJ8r7rWRHvVH!5~YK=6pRXo}WJD55s)_*58
z#=>8kAY?@vnvF6*Dz;sOBxs698)su1^L*slrLkjXaJ34%w!BY3Om)3lkTfvIy|~_C
z9jtY52I|gzP*5GY_wm3eMec1OoYXpOfEM4xqDQSKtzknhd6C`ceuBS8vNPx^SC3Zh
zIQ|xCB=RXE*ksHhTBbB`ARf+0&7~f5i`PJ<MX4xe6)l^RLoKb4P%9LoP_b6RP)1>{
zIZ$?7phy=Lp9~p=?+C~Uo75gWiuJI<!y#Nks|&2Rg*pz@efqStD$rkE5`3QC#(k}#
z8{63yd73u;q99ue3FffH{#`XPt*!li-out9P<kA;jA&hvY7iW7<+fGc{Epb~rwYUS
zy&FOb)8ili7zFalJQ{rDF=-Z}(oJ}o%M$OGqG78*&Fsq1%UKiJ4S_=KF_wBdsg(oK
zmvG$HXO!sL5T+x+Ydk{Ove|CGf7xP-^c7+Uv-U1U5}{6!X~`>jWnwx7(f`cKAlw`6
zPmbhG@}c}9<Z4>J<+$ItMBF)~juJFAykkH0)cB_7l8(c;zX4CkuxT(=mV!y~S40~-
zf};LFMBTX>?OJuPUj{1{<+04A?t=Kh4i7A#=m~@)MQg3?AYZG@(XDKuZr#4$FM+(z
z{WD!xG;>1oJ!R~@`Ay{+?5b!e{eiYHb%Npwmiv~vFDrG<nszW9g<ZaYHHM$0Bb__3
zh{tFQ`*_4@KUr*vKcJxBMo7df$R^C7Y;vDqEx1|otS3}ZTZToCR=G`dbGjo837K4`
zkNDhf&K&%kE%O1S*s>;9%o*vVGgUW;h?Fh6m3NUlwIbt`8s6SkaEn<WxpnBAA<B$V
zY-&+(YH_>@-5fNlNy#|XbgoS~*1@=%YECOF<OLO(rg(iKJBHTdi<3=C(uK%_%7bIw
z9dEtfhSUtPq<CeihvBuq;~QV=Yd(kIna4#>Gtg*>xBF|j2O>D|BES^)b-bliMx0j@
zjHAg{CdK2Jttyk8@Hv)YKNcr_m7b|Oh77jYn0AqheuAQs#4Nyuh~iQ1`K3}qR;3Le
zf;xXJP%X1GHj#dYj8G)A^kkXe{Qg;(M~`iH9+u$!2+H9of%6@dlN0RyiYU$auCH0S
zpR>Q@MvI7l_@UF`WiSMnN7g^`t?9zFw*iv+rg&^5$&d;og&ujdv=>>cDZROPVJntt
zq7x&eSgAp$LDNxSfIm^XiLk!hD?xwHC+rtK`5Wpx<X{94M|AEo@ranU(7wceLOV9f
zp?)Xfc`mU5Yx<1Bp+QpT_)#6AbgTxU$bDd(lb=D$j&s#C_M{iXvjB|;XjWW~e5QQ1
ze3rZ}AL;=r5^5r<66%6Rd}S%e#qZ<9ak;ikXHr94Ri;gQ&4!Dvu}%+{VVq_xn)YCC
zQYrB3eq&LvCNjyTTUt@rZ#?USJJRhg%C9~8Vdyd#iNqU1qPNTsfR{`J_1UN`sVV~@
zT*U(TB>y@LxQvuyMP$5|;Ut+WQk=ODs%)AwV_Gg-PQwIvW4Ade5p=E3!hRX{1n#Eu
z=j*Qz*bb8EY<5D#RM9lUehd6efEwMYm(+Y&7<gI4;lQr`<sf;38km`L&lyX6!@H#u
zXNCZmqy*J6V~I(MtufN;>S>45X%l<SncFsX&dQN_n7Q`~#j>Uet3#C&p`^(r_9qjg
zo6zUw`?2>5@%CPwAk52an)!-R=bBobERiC4OC~$*CG!V|lZ9cCh-@kj#Xu<KpfdsK
zx@I-i(w@Fc$3Nv9i&^P1)+N=7+ovZ7oLO1bGJkT)Wj9Ms=bujB9=xJ?x~Er<&m6Cn
zE|snqE*7p9E*Gv3{&4(hcWHmFc&d1|e6oB#e>#7@f6sc?e%};T7F`r&7HtxB7JU?b
zEto2(F1R8-Po3T}uqDfx&5+tOxL>wixL)OevjpdUo2>DA7{k7{+ALk8XMuZa=DvGU
z>}TGU-Mr>Z?U&Y6S#UeAzk__<e!q|pQEX*kJJ56)P_Wb)+V9YLQK^3URA%sI+QDRX
zW4xhPUTZxJjngtv9d))_XT+qCT0Awt($0(}I7MYjwkm3VY~E}}WC<l^G)8gf2Ddk%
zsQx0aFK5TH(LvU476%+|s(}pAw?CQJU)!GVB&^&$>m_X*jbd?+h;P$kwXx%82ubvw
zu?zfmS22n<#P=8K9xN+y)BdxcS@s|(k+47%dv3x2Ml3mpr4fIW%dQ}PS03r6>{j45
zeOz~rW+}lkF1b`<)QnJ(SV@-_7Z}hmx0p9p?N$F4o0woWl{2Lx;3d#*OWXPc=pDQc
zp4E%3(*eza%rrG_#u7GaEXoiGiCC}~iM9#O-4_oroq;-?AO(c)`WS!9#pIDsm+nFU
z_v(%pAd%?D5HH-!en0hhR;m-m2IP>WWXwFN8$(TrW{c3ra|d94=r8gXb@c;Hl9%@5
z;OaBZ$TV@PW?%|J!a#?`^2Xc3683gcr$Be_Ilivhj6sbs|9ArAc!GvbuG4&aA#ztA
zV-jH}Xh5~p@nX}-(m6ppeU?Evp894kpMw9)Y6B565l<6h5Zy8jVPQQ0G}K$yvr8tF
zAK8Slk%lXKF7whkT8K_ffT!VTkbB|u;wgN+8I}h0M4d#E)a4GFOSTT-z^Ij+zRh5v
z@*rJ38nk<sN`Xqa?kjqwxkJV6UWUT4r!hp^Xi?+jaz{^5H6LNsOq@u&3iU*C(Yf{;
zhI&@FbhAiJ;zZ(_RN|PLeKUim@x0MV)ak2Kw@vkywNr+tR8}Pn?ea2a=jo+Xh)q>D
zF?RyXGQ}`C%MzVj7~$)>KOPrY3|^(1kjoc&YZtAdL#q3*SN!Xkck|i2BbHWB%~Qjh
ztWN-J#1~P=6a2x0$V?8PjUBAJY7u*+c`immfFX0VIWoGVv08GnrNn@m$;^aPn_4lk
z<o#T&$zZ9XeJXk%J&6Bbo+`F1_2|Fz79GDNI@svF&XuJoqa`V#tK*wwP+M^oX-oiq
zv+_`SqFu+keMzf)-4tHWc97Cqv5zsJdZ+BzgzUxYp@5?zFtl8djFBQ~wC-!pyl<^D
zty7ykx+Jart`UjC*icv;r2~ISuvR5Q{_8SGmIUcYsHNnrQ6QeYR61{doVNH|CEdxP
zRlYCjF;v8yz63qYh@wcq2|^}k4?*=?kp|yAFxXY7h+n%<XHc(Ap+KROJxU`ZZ&K9e
z!sHnJI1Q32A{Fxn`oiGSp)s?pkJ&2g4&_p#QDw1=*t^$AQq{Eul!6)CgwbjuXM1Ic
zt5KNE@sJhwL*12`ro(ySb>d=UEW;>D?^|WnZwv=~W$=J~b;96^#QBrx1)#0ZXHpYZ
zz@Tc*PrcHvmMXi%NFK(-QH053^9bJZZ=s>+ZwHWR2R6m9Ir<v=^*SBOV}?f%4R4v^
zA+^{7=Mw4dn>^2KZprRnfS-l46+G78+=Z`5Gzr(u3Yh|(LGiRazjJd?nIHrBn_<q9
zCVyA^N~RK+yiMS~W%23M^BY%iT&I86yn~z@=lD!cnv%jBMf^k(*84EEnXU(TJoB_l
zKUH5nHTA#!x(@(TmHA@ezZ+dQ#r2tOyUq)FiuF_mc|B8=8xSi=t`QS8KeH!xkKc?-
zU<VEQo6nVRIv!UoRwR!GjXY|_tSs2leDLAc3YA&1ENNECPxLmFMM_;{wPGIMMCftH
zxx%2FhB1ghS)YY3&O)x-rc`}fLoklqo$M|`_;FY@Hr@pW`}NedxG$aAUPj;SEV_3V
zW4_vPy}r$y0srZdei5BA?X~dq&Iv8~<&P!tHj<Omz5c+P;A23r?O8^JhaHfp=<~<l
zG2B|<Y<neD-6w6_cw2yb<NU<?%37&>Bk-(MVPT3!fVD2<=Lg_7pvLqUWRqiuo)>QC
za_{x}p4wFY;|<M_Me4d-$8Qa>S5bf-Wak;?`acNNy*2rd;}y#^6O`3nMBe~gA+zqC
zaVtP=GuNpaN6f3#^&|GwJdv~wgcl<l2v@OKV;Kk2qqGzhyXcBblz%8{$~BbN7abR1
zE$^5|8YRTzwHg8RPid`0==_23n?qMYG4Onn{VA^#JO9XxP4Ru(l`tg(YV|M;j|TS7
zr3T%mG93YY!JAWoQOJrJ68CaZMltJss20`9JSsnAGc6Sao#C5X328jGGO^&Rd}7HN
zsUiQ>QO-#mmMdfa=_V*K2|R~Jm~uq<GnhR>Ht<WtoLaQ&WFV6YL5j-HV5JJ01X0dM
zp4K%#gXxS6%&mknVBty{A}ZXyrP~p~LtCFj-Ggifb(U0CW?oC&ObFbnabY~bqTE9Z
zZW4Pw_5y56<QjNd(xF5~{{kjHThsgTHM;H1bKEt!$lEWoSXk)WxZP?$IaXY7*f&8z
z@ziELriBJ7E;zBQ`(<r4#K>WRUHmOYg>JEpLXUezUypvlUNNkd^QaNRq@p4~HC%L>
zu%M8F&Ax0qC&5}HGPIfky+CS$wL~#bek!zs4u9ZX=^)~dZG53H4Q?;AmHT^wBl5+v
zW1rm^jn5d$v>ajfUsQLurMz%h52Ej{cGFf=7S57%9BAS4*g#IUbQr%hF!R6iT<PTg
zJ`3@?vVj5xq=&z{rar?Gzkr)z!vuEh;n|s)0n43&7DE_yvXYr^Y;R)YL;|n@hCTzi
z$SK&7fkL{-C$&NXs{1~V80=of;-2_{c7%Wh2-^E(-pnIn0AQoSMLqy*qg;jA0%dhT
zl9SHr5n;gm{sTsy&IkSr${BhjATb0TEWA%*6L<iyf2>%pla&h#%mh>r0Urn#SsB7C
z#1KGsko*WNK*_>lTg}!UGRi=pfeGu-kiQm~FT___{6oDE!qJyS00}!qNfg5R3>wz^
z34mU3+Rh0a9Q3r0FEu78;&sJNRkxN?Mnwo4)>jh2uYEw!4=#>SrA(z|Ai0N<3!xAp
zR7VIs)xkf{4(l%*qH35j!8{J$)oq;)FZd#IVk4-PZ^FCjC^`;MPv~91uGvky!Tqfe
z(aJuU05O3g;~%h32!9_sEbzy`(1KU6y&ZQtfWj|6UkRG>=)n|TNKa_kmx4q&JTxe4
zw0tWoG%+D}!vnZmIUiQMusB3<Z-WN%FdS4k<Re@$embZyCz`PdCJ{Y*GrYbKlU9yU
zB<T2W1VQ~VJds3ktAyWicrV&=NP3EF7@@b-Wol0FYh%z`!UD^}i=a#9i3Y`#;Il%t
zFag-1aD=-vNQQlr_MsSCxM6&uuN|QNMuLgBbkht{HM~>LZ-&0~Y)p!@d^T$Xz#lhq
zd<HAbj5V!75Iv*y^rJm+s|!wpa^Bv)MsT4iM0$hUo7dX_{`^!hK_z!1+t+H0V*GPJ
zC;`CSfo1Nvy2~32Q!UKPO*K_EkGIg)o|2aL>A@Ph)Ys)U0c{njy6ZDK+nw!MV4+KA
z#ZNNbZP7J0X9ucGOp7S@-O<S^x|*2V8{@2%R_0bWeHwy_()(v?!NrFk3~b8_8&j+-
zl~!h8g_n~LrGe#r%ObH=4^2x81C8$Lf`)<~ru4eYGh0G-OMr70-9_z9U3n(XhR&4R
z_3ceXZIfVZ7J$}@f{NOda<^3vesI2}#cf3mP5N$L9`sliAwve;T}|yvE%oir!t}ef
z=t4G!<YEwZ5Nxj77!Ivf-R*U8x=S-#OIv3ZI^ud^F3GISHAEa5n@XCSTQeJjwD*2w
zixU`L1h#k*(uU3h;|AT$?#7P}y6a5vKqO&|RWJ^EZ8c-d8k=f=Tbf=hFh&6$R%XsB
z%u8Z(J!XUmja!P_$|hSZn5h7?;(wtPZi$Nf0xaIt1UrZf*#g-^WIr7(J&~&{u{6Gh
zzn(1xv-AsSTQb&4UO<qBMpp3W47y4q^bCp^T{dh1${jQk=~dOV!^1Vhv+w{zZ5^&}
zU`Gyy*-G|N7mKD#41K6eb*V@J?etHC;Mol^bNuoN9?ee@{cAVhCoJJmm*_4225=p0
zK~%imD+X7u7x{Br#L$V8WC+k>oXUZM4Jd3zyn^|nWv2W4d!FL@8rG4sn1U+R<B8<s
zv(=MhgbOn4eh$=PKyMN!?UgE(n@IAN{ypNwh!oCM2omuJ4ny#bigy=bhk)kqU?vNb
zSzN}hkvf`T>+vIi_1&3COu9Lvy;zoD4SEwS!XK5-kR<4eQy`b0vcZ>!cDja7<da7d
zz?7p6C&WR{wNV1Mg{256!4f&}S-Uku?;Vu??Oi|?`e6o#JYWHg0rY}^rd$B%>bk%Y
zL@8p*?+Uj27u*vRKq1OPe*p|_DOcb31XPVzZ<P<<4Gr;wOAp<D8obvDa0{;Y){f`5
z)2EXyOE!xHaiF{JJY6QZ=M~R)j<1^FvOz6I@rNs)zeA(h@Yt#2JujFeEH||U5si6_
z85zu-a=wBq5W)v|Zwi1G+LnAQyV$fynTrH~DBRRSk)EUlrFqk|M%V>B)UPt)fL?7h
zYalg)hHu7XJQii$l=@O`-be+vugc{ze#h?@!P0M4*Sp6iZfZxdIRe?|&xPRtrHap5
zl;n?#2v_|0COOXlr1eJJ@K%pg9l3Z*;35VgZYsXphndYCB<9)vd{$(|?*7C9e0Ls#
z*LE@d-)j5uL4pgELh9|r(xmpo<fx2Z8?bVl3xWg)Peh<V)OR%Q3UEt?@n9VaorA*E
zqEnzJoFcDh!HnMGJhNaOeUxD2$!weAXC+`F!11`KQnzf<enOnPyfAfmZ|r$&RfzQn
ze$#Yv=*6Bgj)=JkgJm_&eKwg_B<7wxK?dZ>?S2jV;lc}JBxk@~Oh^0iCZMMp<wD{g
zv*<eH4xCcXYMBPu3^;{PQfuxU-iCJVFOCOf+3^jDN7&g0DEs__*zt`V^KZIT&I*nM
zEpg;A(bISB=3y-IUcbMzk>Y1(1RalJiS+4$41B#2FoqturM`Wf;E2Ly`wHJ~eG`cj
zP|k`QffM&*2hEA2rd&>cz6XQNO;VfrEojo0dQBPo;Ce@j%t9x9rH98GhZP+8&e*fZ
zFH)!$nUh))x=Abq{~mnN)|#d+q3P6r;(5s)$MlS#*vE1SoG0tXml_2Zcb`zriW`J~
z^J947V@!-iinzu|s>^D@vlDYb7p`zEp2t5%$iY7{|5p2W&{D_;I80ozBooHO1c(-!
zr>qiIbSTaFA^AGQF&Z8b-!mABj#_(v!`>@mYR3f79vP8zt-812#0<r6f}OO@pc*}v
zCi?j&_Vl5<CQ#OqPfHC?UQi$;-f7zfgRsb#0X=k{b2!g36F*-d{^C)0)+XN~8J5|v
z<d_%U=gI6puSJ3tmyGPSIpM&7%AZu47E}-t-GQ%2%`sWpSqM{lkKppLAAFdTnx6k7
zwMQ?;eRlsToOtEVo_PVISek~>ovreUG+DHEgB!J)y6}A$Pc&94DS~v02U_eNTk2#$
zG7SEB;{CFLr!G|)A*j^S@E-GxiGF@xbQW(wM6)=QO)kAih+8xtnXV^t!Zc8cT@~bA
zpLE6CivjzoMR`%_r%qkDq|l)>k6nMAKii5j{L7G0L)t!!O=CA<=PD4{KcmEvK@;#s
z+BYKeF%L#!0BmKA%!qQR3qb{Q_cCE;Gz>#c9omsWCt8e^V$RZE@si19l)XP<)SR<Y
zRxxW#8Mr9*z>4^<2B1$@qb77KCK*q^5B(w%I;-@pI;p*ew6hQ$VkUF1JYiPc;^K`B
zU@J@cv;{@Os5N3z9?X-lx@RKrECPWj^UtZZUk2<qi!yC^iEG581{C;lCCS;ON~$x;
zaSbM8<3?OjMM85$qhPb&>Ez?qN?#(bt`t6;m5qw)O2A)4TZPwDC1@%#ud@~uy3C7$
zj77DPSMbybUMw>F&Bba(!DkUGQFc0#<jRUsjoPa5M9pbSZP|Z_$f-*1UQ3HH$el1x
zX2EWt6)E$1S>)6$i8jO8gnLlE^67;;n3Y5fR+ae{Nne$i7dNHI2f^__WF_%6ay8y6
z#b;L=A2W!~m!wwP)7)20o9dH?^J4^*6*XI=&GVv%uO-6n7s+vw8}}{7cr!}aGRn4%
zu!wiRvN!PeB<8Zs`!vpEqYy%@71v(YU57Rf1KO9QuQ_kaI=LGhN?c;*waqQQ)idKQ
z6*&Rvp=e8L0~&UURfj&PmMTv<Wi4R;bd4u<5=U@<Iz4Ax@C<HHZ$&9|Yy(`*59!dc
zEGC6M5^^o3S><=kGi!H3!zhF<yz4~HAroUJ%lsWCeoFCPqlUAnJ2$(Jpjf!TGzeVs
zh#M#2h?dNPh_hAmCqDl(*^Vq~x>^2}3>{zpLH#LO)<rm%MIpp2^)`k8VT(k3Z930^
zj{(=SiIHjiXnsw&LNR;6lX#*h2zd-RwztP>99aD3v;W?tP=4+GLS4iKYIdwD&~XD^
zIe9_$z0?w`_SQq9E6|dE{?SQ=d9Txsx06%ZYYXur&HNRI)3e)Glha?5)zAC!D`z{P
zhjzyih{wZ({f`S2PXktuMzE}H-*;hO$*+%a-yYJP6zCUXX7AZ>-O-V4`Tc9x)r9S-
zz3!|aS+1O+tkI!q)7|6j1^a30{^|a6byA*ga39Hl7;I+y5w4d~2wZH#9P&O<m;(pV
zU!E@+<{SE)UnUql4^aeHGvpspty%9P@HipMFXSH&is~ElK;9Hkyk!GmIc!7NNH>Tv
zHT&6YK{;rKxIR=d9-i3V8xuUBD>xGaU{4vXz-=$R6U$TXHFfXOt~n^z_w^o^t}&oK
zUa(*3Fh0zPyl-N@9!kA20AZp)FO(h38>&=4dj{7}^{~8!`#8-zAx<xS+7?&*uv<mL
zoR_X6z?!YtK;8f{T(uxR>H*giL+kqWn*lAGmPgGHFI!QdS2~P1n2Yv?KsbxL^0e>7
zzAy2<EgSng&EPLMVBPQ4iW{3i-IR6F9p^~hmXXp{Q~L<#cKs7JQv(?&yYOuEb1@;i
z%pVZZ>-JK;^1WEdHzL4WY{Me`#9BhVy9iuFJN$sKX!hTb8zsYCKwG)Pn4MNJh+r){
zzP??s&d>YRiYq-JHK;e(r><GUy;X=e)+8IN`o|o{`!Jk3=Y5t;tzFa+mfHdA^>&sh
zI*ajBRpSHH?u5(n(HXmoRs+(Mj;+PiuEqh;nrQ*5?yDk#Fw3m~HNKa~IG#|I+w~x<
zCw89>%&I*gw5t0YInfpOdb(A~_oub8OyX52%TyCP7Ee3I=&frN$K@@0*U%JG6(d{p
z&1Xjf)n`aLkTpf;H<NsOM*^J(#lLODF}lkbqB_WdRcTZllgwS~Ft%GqdpBD_X#M9S
ze!I@1c?3Xi?-)~}nAjnE-1HM5x6lEnR9tAi;#`m~*y8}w&g?T(1yfE86*)q-%?Y;-
zmK{kr+<q7!viiW%1TzkiXk8dbD7or%$7h(11aWAc7(*SUxB7Ft(o{||@3!f%=!V?`
z2yc;dja(cYAsMiCZUDIe3M}JX93*8bMr9dN)eLr~IQLc?;yiW7TBc7Qsu*-29$WRT
zs$?GarQu`(uA>7r7oj>dduPHlJP24FE@U#JYBJQKCtA7eF|lPdgJkd#&3jt?x<mu9
z^5qtUS;DOIj$HJ!YnQE6324$$G3>PfP|oS6;8dabn|X(%l3Ir~GfthVXgD=d&lY89
zor-NpZ@6QJF|4BkN|*-V_&2gnEG8`_t=9{dUijPgEBD(1wAkn3#0QY8>$c&40_*-m
z{F9xHf%)G=;(v)H`A^*L-$dNMiAtgWLsSYGTj;AeD;hhPn@|hbS{eNybpKzjl8ur1
zhpS{`$D?Qa;pgb-nVA1Ku#%mT?Z1MRjQ<U+{HNppLRS7O!u-EcdH)fH@oy@Rk@^2h
zR>n`*1kk|=KYIqHoDu*b;zR|;A|Mc<c$J#-`mP9uD@7WQ`uEhB1~)69<{G|Fos90+
zTF6A59^d=`7C;Rr?giLV`<vu&s;!SCv2`<D>C4EUi!*C@4^1h?>H20;tSG{8-LDPi
zE)gqO53WHWc%JqcTDCR@_ww2wZw@U_P@r@Tq5kzq7#!QjWlhtU0Qkz*n3pl{ZmVzc
zJ-zP+{DY0jmH8sj3D(H1OB;A(`K3t0+9`l&pVw4dj$=)VIaT-arv>tfR}$0o_Spp2
zp$&)*{Zw&^Q-h=E_c-jNGG^a#_Y02Go<cly$D^W07;OeTggL2*2aFxUqs-TaKIrtS
zqZc`O4MyK+_wk>I7lf<4qPSyU=o}M^Id>O1irJrt<F!8FQ$OcA!N$JWFB^O$Y$|+2
zQhK%+q5-$Zrd@;DIgdppW5P_r=P#f?x>-3jD)X-~o!DxC|0fsx4@svVBmJkd{r|9?
z|GUrqkAx=!`+p*yEOc~utPBi4iS-BWWoE-;VPgHEJ6Z6U+34}un3(Zc=zi+h8GaHw
z9t#W0zZ(9NXZ-<>e_kOOf6!nSMix9qCN?}amY=>X40!*l`)R|(LjRL~2Bv3V#A9V;
z{%Jsm$Hw?m$w>D<L8brPVhaBaD*acq)_-;1p8@`l*ww$?_va%2w}2rAc8323m0os2
zxFRVp@p{^BmY<!Sb<Jmam01Pyi5Up^0!Wa?#`1yV2ZFPir56hN8_`3d#p+{%gF}Ww
zgoDci0>Z;%OCkLcf=`1^MHj&q6`oZU()o^rA{zR0Rdq$>8(lDU$1^RuzPYIUhyDFE
zOA#6K41;?#6ot@Vt4R53?X7vy89c8AuK#JS4SM{hH(Yh+#r8&J!qQZEG9yJH7|w6|
zq)y#2eLO};W}H7%H(+Ka6*8vdqDJ@dx1iY|Pb*I$kjz5GBFD=o#7A^lsYPoSL1Pt0
zUYv+pjhT#enTO^kE(yMq7lhWf;$e4J^8VEkd^=z@VbPlQp}A)p4X!t7Z|1Y5<r!vi
z0dWevhF;OK<vCZ=;qj~D4JSH&9?+D&>#UEHSKQYTIBh70I4x!*NyCsu!#jKC7oZ=1
zAAX+xF1&=1l9QBGPwUq$Feu4y2`Pzg8e(U=wb;CYxsVt%w@>H-E%da45hLT6$uVqJ
z9$SI0L4Wa}gov5%A|E#Brh<YScl1k<j9Zu&WtbA%07mN#??x=<{xsEF`Oa|6U&k)F
z_a|(TRwANfHaNTXWXMwlP7*saAX<Uh!OU}Yz$NEGIJd7K^Pc$IQ#rdad3m1PK9RJ$
z=k^qCYGf!by_{K{!>hCKNPcU#9;G<kl03v^2Y9@}tOd`b^!1otzdC%o^<$dMFf{-g
z+3cV-2B~)-cmJOE(>FrsFx!2iZTZIlJ5TQ!pAfaj+-Sk9`O5<7iq5K<p_A{S_-PkA
z9P)ji*Dleg_CPG&i?M|n7dim%V#&dJOd93r8^zkicTE)t*E+(lku*oZXfs_15H|z&
zginWK%3*TIc=Ov3+U_5EGW8@(^II}Q#3D4JENuxLhaR><xR%s_I62$k==%RDkbOni
zlu~<V9*4hpWl{ylN-7Ar$tKnCD}i@qR|iR)tI$75wZY2yb*~SyDX@c)hY=raGB69&
zh<Yg+AV#SHMM>{Hl-I9H=g9cYbJK~kJ>(S>9Y;@wlXQQ~w>0V}M=3CUBIHMkB?1xd
zjEkC~**wi`UVb;+ILZ&9`k_?GVT?<$VrrqVMypGcIvxT({{)fuE>_tX6BFhA-9gjM
zOQ!GHr(~?Fx`cLJu1;*YvvE*nC+5><&X&U*tX+_Cg=nzbvk~tlVIJgA@;G&}`$vO&
z0L*Viu5E2R1!^7dXHThiVpLaPkC+M~f(?flo5TKz!-(7dX>iquSF@0sWe!Dss$j|;
zVeU0<t(?*4-Z%>l_RHs&K_B=o5ku~;6hVt!oa0#p^@TV&{ZyO~f-SR4t_+}W?T~np
z?BIZdPY{ww)0d+D{IX`Vmq?yFlILaC?Tc`CMYh$ZG|CRPSdT8sthqnyhp?|AGj)I<
zx%M=?bpz2Hk(W=*e(oK{2z8tdK>D{(iBt2aQySC69r>al)O=8b!tKIy1fK+Mar%Dt
zaprMuamI1Zan^oa)F+;?(9^y0`SZIu=?p~Hc0H{~Mh*EVWN%}O+a1Ss$<Q88R%|hs
zXKnZ272bZ<2VIP!(V4FYQOmrWmEC#S%Dk$&U=a_%8CW9NILL%V#ka(xp}dZVkcvY5
zwCAtn_1RK!&<v~~j-UZlYfkYpwYUC6r)-$Jk#uXI`izPwYy=1o`TPtRMqP#IG5jG?
zONjf=W5WB-tKl{nJ<~G0A15JsC&gvhwN;iYOkCbM@Sv$D<`ph)caj6eUC6OA#9l1K
z#CY83l>(;7Jj?3D*P17<OE4wE`pd?C_s1VWWbD#YhYmqjtHj%bn?zD^PzM&(8e}OM
zt-@LfwPI#RSI1X~S4prAU_sk<H3{30`amV51h#NSW4R%;1qo0DU!Jva1VJa*pe6Ju
zLwja4(L#510*Pov5lMRw^bUpiYpF89H-d#uhV|?j6Zos05z|Oo`I5)+!zUx7hQDbV
zCbS~M?der}Wf35U1hoB_)OCqu=@auAE_O{2VR<!Esi&5d&o_hBhcO%pEe54G1ROYf
z<WgyA5RT7LPHj@sA0i&04%&i)hD~gWYL`0Utp}eSFh@<k0C#zAc{V@eDa#gH7dwFs
zW>{=6-6DOYR*0|WxJj%TdGx=SpNZVEePqm*d(3zSyCk;uwvp0J@aVSTq`n7cL9w(q
zzHUWJc)m)tz1|nTz1_lTPpy8mO5YVQ%`Y>dU8KB>a9=_Lt;l8%g{a?%TZbs@RnQ^$
zi;<AZk1zkmTc6&*K7fUcy-R-d%GOdV=QX3FV~%z2({I@Umh6H*dOen=hqdf|wklW2
zK`FJwI+^3Z42H1*f?de5mPah=mcu1<dN+c9jQR=4RZ)Vn*LepuD%f513xvS)qOR!M
zvQ|St+dIT73hc9Y5K|_`IgXmhE@z%MK4Nv!WCkFPRlmsVH|bmJ_ds#tl0*s=+>qHM
zIx2<6=1RuLKR`G@m-jJiMKzEJ@$R$i^rE9j_pJtVOtPil#-{r_g|Tr+EZjzLJY&Xi
zGrm8j74>u|cL7u*Z@&UAH94-U+MLljvda4GKK2DX!-(|`)c)pS)$n?r87_IY$@5lq
zd=<RoxIqe;Y86S3%v_~oC(xR6<ZyEk5^^oJ0*~3rG6T^W;#6T%1#ww<iC%G8PygDj
z$0ra9ffOWakZ}+)er$2U@yGjv!Dd)*nkV%6&VIf<z3N3{^tFK!TWy##pZ`?AHWN`n
zp#;Mmh=J(0`%BQ@KF~XmtDmmlOfJ^nu=UHqX8@pwNHpHj*XR4@3;tHZ(@1Iq(k)0o
z$UbOHh7fEdtlkVy#DKuW0AB?`$X^^B;&9->Ui`LT&o)dKsfW#5+f(!7^@WeFZM`-D
z0$M=z7tDxE2paYxElt!I3XnPi8ISc%>;jTcJ%`WngK~w*7U$W_Q_VNm=OX)I$fo47
zD~=<#%l5Xn;ujOIh3)s3uyFN;*uC$&sx=QB_NRcxTBG<rlmRt8wPec$gef2BqVAVm
zXn+-VU~sFyG;G@QI5o=$+}cFTugaDxh$WCTx%vSNse%qxfO)u&#kPYIYJ7NntVNG}
z)$O>hB;2$;+QFn8b$9f#9~icv$aLJ)=Zo^u-kC?okF@4RE7k2TIb(5ok+-5`VcE9(
z&{YOz<%LSiuO-^pNuB)ZmoCCAV>R0rNhnYqKU|S6m*06Nv|*yS>&Gty{B#2TUXJrH
zK`N?j={6IoUs)((N+pc&=zPO>hC!!B`064~1atNXHK<uDeISBLn7(hj-dbF^w1eT{
zOuvivlx&E270@V-a;Y+h4)5Cf)$B1SP$t?Wx)oAmj`rHL5Vwh#!Xt{_XGG|6kkG>v
zAK}<r?X^Q<_7z`feNNo9+1$u|zaRGasB`Wr)Omu$@SAV6pfm`YZek{YmIPHENfr=8
zVC211|0X<()<$BS24Yop#l(7P_c28{Y&&h?Wo}fNTwlG}u_oxEd&Bm>GK{`91Di39
z7!GP~yG0be8MO<cqs~3Tw^(6fL(K-@g0aAbH@EHq3?}r-W%Lqe;N7Gxg;+hOuVJ0L
z@imW9II6)w*CNpWU1RsoK}1O4m6n1@P6d~i@+H-A4;w<117=RPkp|D%_sUZ_(p*Vm
z2%<#^cfNmp?caz!!o%L#!s9^$kTU~Lr(^+L4q*zU5vKG{2Bn2o$7n~q{9WfKX6Sd*
zh;McRy#w@VrYGJ3xZw|m3y2N0;@!qrgR`A<mVI*)t{J_}^F6pATT6IejQ7}owb^mJ
z`#4a+ax`T*iS@bUOrFzu7jfC7e`ZQ$!y>q$1@)o$0T2CBFd4lTc~1TX-V~T1XF7`f
z0xW9JQo+qUWYgf_<vVmX3Cjci&Hb`NT&ddA?Iiw*aUKNpnEHm&8RJJ^xYx(lBweMd
zS~^J)8=i6F>4{pT4>2?Io9S0R8q*?jRRnlHrJP(wXO^vC#RuV9<@x9G;F*9R;b*_R
zl2R!-5sDd*gQt?0lwlf5%O@;I7s7|asAL{(P#1zXnLx|B_smyW*56*n;CecPXJFDO
z0rP-3)?=Z^0jg#*`Qy*d$^C6M8}x3UsqF>Hl{Y|=m13SU@5C1L?OKQPrKFo^vzXHm
z=@p$1D67{C!;5LOwel^bDQnNC-H>dLtGtk$A})UE30q*y<5&o4`yhQpdVB$?v`{oB
zYakNIhZV8{Ir+UPlXFg_C%RnVVxz)hCxe5$267e)@e)~pxjK)mbY7q%r$CHZ0ALJX
zhZ!cNu%kTAxG7xNU(?uP!8@K@vuv|UkrVcW*|N!oh-fi5qVY<a<&5e1vrGi#SSs@i
z38XPjn^c1?-eS?t#aBw}c4HNKh`*{py(&#u;G^Pa%v7y%;hToStak&}F3ty*2f5?1
z%p%d@&LSb2PWl9TrKsZY$C$>n*qoA0<S{20Ow)$cri)5QpMwkPm_kSR;7W=m1GsRp
zk%9F$r&$4%`l@tVyx!ZLIh!liQ>sN%zTdLjy~ns?N_Blco8BIqGao0CZB}ZXR^6|f
zq$ejcaMWfy%hXnTUdpyVugZqrlS&6HWxejk%9=vzI`mKHKwTSB0qDVO0leT6Uw*s$
z7u05zcw155<xMs$SSQp?BvQ2o0_6#*QCcAjh3^4&0o#PkfSmg}IP1qI6wElO^3GPn
zHsaAs9W$|nkQZ_v=*23BSfPj`Kv~5X;W5cUPDPt6@|zy3Q!_+jxxE1?(nxpF^c<x6
zr>><s(_7!T(;s!EPSCrLQZ6)oX5~^%(s|$(a;ysT@SGPF$#%}jFSojgif(pxxHvgQ
zt}Qct)7PIxxA}bMo}+Fghp_b2R#l{}-`xPy^2{y%O}WTozK0p~{8Dd9-3H}S!#~^H
zfrPl?GZ78JYsy&OIUehy%h;r2@fAf#!4?sho$dU7FfZQ_l=C~0>_-i03Hqka9APx*
zAP2JD!_zd(q4cA%_YxhsAw}&BqS5uX>`U0F75!0?kbm1+ZBkAAlhU>raK?JWaWb5P
z&Fy$Z*2(;a;`<2=^k#$<0VALkP50|$(oEHNMZcMxk{}!UG88lwQBMevXr?gbH@uL8
z(Ic?NHV5DV!@eYk)0+Tk>bAZ~RI?KXW_iLu{6GR>eA2<_L8-ibHJxfJWq(mCfwnw|
zKFBTzJctCp5x)|@mi5M6?a|Fqs7VpKgWE!TYjf+p{cd+zw|F-M@h&kuv4pshwX3yI
zl>%lPo2UJtfw8^OPNa_V%A;#3HAhr%wl`9*&=bt=*9O$}rMiNnkEq9cX#nLj)@6HO
zn<#5C7TH}V-RF1KvBCuE-%8#`Cr_Q__|3zs6kP8w;`jW;u&|E(J&rPNpetfiJ{5km
zM9N>aI}%%+{f!F6YIM0-{%9Q#hivr#gPBi$Xcg{$0zF14eFz57>R9zOh15bf{^+=U
zzyAuk_5Ef~_}1%F41wiUzR~*%yku-&;N9a_%e<q@X*S*Ig^j^}x7+F6q^H+wG_e{P
zC`jvp1`+lqx8nCUOQjs85<{tnTD{>fQ)dD22RW}_n_PvlJRTLi(G71QnDN(fzxyK1
ztfa{;+uG#?;w;<X^DSfHf~A#9iK+4VdQE_3WrfmQP+f9qsv6&Je1z2+)9?%kJ~xx`
zK-*KrdMiR@b==k2`TGc98kq^peg$n+cT0V;werZ_%1%Kv$|Z(+5PD|obv&~=#nbxA
z1nj#s(A?d+dImg&LZ)Ma6&flVo`WW9q6K04I$E(y6&2_y^QqZl<zulG{fhe`?xp&(
z4vQFqnp)!au63LDhus<k^r`uXsJ(2;6GWM&eiZrz&E>qau>JEdAt^~+cPWd1gnq%e
zpVkeOyvz68?ux*09V4rPj$+;dP0LdSSTn@MMFn6HodfKIJ``?=7=`KhRu)?3v5U`0
za>P0RdGNQo(I1a1k<Dx>c?M$aDz}6-d!xAg43G2wD+SeThms{+pIc@|Q!Z>7s}n*j
zL*%}N3uZs$N};OvYj9!{X6F`0VPrahp&7mA00r}U|BAHA(>J-%>`|ORoav7o_sCE=
z6wlt=cWwQ7auO+sqbl60hdrK7A&owLfWdf&+UIFVa0gJ{Qz3EbCWWM)m7HI6{Vc*l
zp0kBjWEE87EwIc^q+PVb)}CiSd98-h1b<x|lIAUN9W{on-1S=HDUCCl_dde#*`efF
zhJeDd?X|g%{d6?!w)b;Dbyn>+s95HE?-95jT8yQhRIARxAssIcyUI&dqX55Ovb}yE
zNmuX0?g|pd-w+^hzEA&81M?@=IjVyZIwMlKAqFzFtYrErFJbH_v`nCa0kHIk`@>hr
zG<c}f4O)!;F|rL*#JNEWK;4D3Iz(1n?zgpwfnr%%S#1{6J;kdG-R#9LovDX1ar=0(
zatfWEv4%!hjkU>T>53^FFFLOkO3ix}WK_~35Oz_Rr$cFdmQiI9-PSkBMwFjtdlG||
z>S^)4@c!8|5kN=6VI(R6pxf44EK$?SFFM2hiiUCE%*h^DSV!z#2h)$JZ<2y-`2Bk3
zR4LSv$;EaJt!*1z`skMyV$Tk+Vy0}QE3vt#f?}~U027NK@n8LX_P#dYyh3OM#i#L6
z=z~M1=3XfKQVRX5;0;dqfg1Z3^%||3S{0g>8$vipxC_{LJxg68I`f}lAM(!-uZiD6
zFSxgscTqQ0sdW1+rNa2P`(hRWl^!i1_uBYGYM<qlNl!N__V?`$9J~kK>&{syj@4lA
znu95PlP+V($4M|pzutt|;KLfxNlYAmb%{-|!w5#@&2#ASeDF&`Xs9|pw|(*RhiLyf
zwrgkukvps0L2*29v(6M^oeM}{k3$4Y(Cfz4>vu(%rc}U?7#J9{<53?MS!GK(xLXy7
zK8ZK`HpfUCMio0O#Zrxz@J^P)PZo<R1*FA;dJ)m@ZpES=sTig3PO25K60UM3Yzf;K
z*(S9@`U4pg{$7|;_*^(K2VH3@G|_!>t~<oKpP{SlV;@I*N=4v7(?pN!h5l=ih(nFm
zC3k|VyO%c%#sMhVHIbU1LJxakK5K!z$~~o<PdC425vnpyLSE!y;_@bjwrzoggXhtJ
zzWcXB4(`G=zfepldc>rOX2)%ABs;{RqE+mqR<-~dxS_8e+J$@j;HxHS)piX?<@nll
zYk{$>sOXVm6fN#ivpiXoGgOcQKpvN|Zg00C0Pqz+4&5F|wHChGc?jr)`~O4PI|peJ
zbpM{ycK3Amv~AnAZQHgzZQHhO_q1)>*0kOG%o`gw_80fvy|I7PQ<YhHPM&-sGNY<8
z^YcZLe$W5ISBCdC$nuu|?QG=4$Ebwxrg$hEkoZT;q;pd*EFR?*{2JV#E{poa0Xax|
zjYJMas$C_GBz1IA_xdL)ROFFrjR@od0S_4>V5109pSyEc5OFr{nTG}|p%cBsoh-$u
zISZ9{QC?VtY<$5ZgJYEd1J!Z-rhUS2DfHO<PoEBhUsq1QZK4m-zM;|$OK6oGC1^j<
zJ$}bOah5s`%`+PXv}a|CY<@`R3scV}i<`VLwolR{Obx-bZH#gE2$&;fI^P#*p1B?n
z9uVF`*Q8g0ZfMo?E&yKm<9955`@IuqmebnL93IkIZ|$?b2tL_MY801N7S)vZ4oSHD
zVtVM{e^sH)F!A|d@jekIKY`~2#6<<l<1YeXKH)*LK0W<CsDM83v}QTSXo?>|8o$Op
zVbtg*5v;b?{mB9XcJK>lC#TpeOOOr5?w$)DRoWhImlZi@cM9_U0R|h7xLe~FBLSm6
zaa{I(A?IX1I<KY}TyjAaj9K^jiI+t#xHQknpoO~o`#f8hvjP|wXKjrd8+KpsPJrLd
zedrW_BWxMRSEtdVK+_yrRX}CWpSK4$a4V{b%hua0*m%yENHlQCA#8KSicrYzBrTFn
z8k=3s;OKdxtZY&9=^u0LeBlQc-nfwUZNHPy)#8ux#yat#?Fg}4I>!q8fwrtV_|AJs
zPsUb0Jb2SYburxq>gRT|XI$;;b6u{EY<YGbJws1Vs|N90bxzj@MBKWiywJ`~w`}?c
z<V%n9QPm{#;!oYcID|%PxF>d%CvpyTgtEO1UEy$e2wd#l>Cf%ZK%zebAwr&Knh~&P
z`PlZ}pqAZ!Y-=phx*QrT^X1L+IfUiBeGD30Se+>5ZRflHiry)uE6~vFMBM9E65!&S
zDTGSZ1D=!fPqj+3Ijysx?Iz(P<fHIY=1mf7Q<I78-1Cd@`@ydPShnysG}}evC>zSt
zms>i@#a{&Gpv^~XQ|EK~(?8VvhrSpUQd^|kPW^6;%YEjuV>}UFTJwpVpRe^YV1fG0
z8t=GDe$Hm=ZeRjLZdGl?U<^d6w-$p>zUO%le6!EreH1Fcc2G24Kj57X{SRULNV&GW
z=2+`auc;>+%juv^yB+s~{g*BiorrHQxoyun{k3ygwf47*)Ygh`rp|)%VF{LNjR{oR
z!S)%vz5`TR%k2%;`vb7^*7F<TWv5V1N6t>SCA?@S5eSTdhbI)@FC5hQIl2y>>%5+U
zJ8ygSUVLJVkqFn$1e6(1(4RZ%0j?=3N#_!zuZJKcAgBoDSp59v-IAj}s8#~gYt0B3
z-{h2o4)?BTo^5x0?IxaFRk}~NnJng0`t|s-d%k0KoL#?;V?NKWHXrS}?x(S8d+(>s
z&LPfA4ff<nVBNolG9}Ff)9}+q2Fy~fuP<tmbwGxu#6e?GSOa?trqTxXO$83wvm_Q+
zkzTT26y()lW6K6&xHm=&x^pVJE&QLP1{O`^0<M*HiBAy9B)ArfK-!=^K9i$BUf1Ls
zCI|%K>oCL{+jacp$s&J-G+rrdQ<Lekdz}tyHT`*X4%kuU%V=-vFCeo4i*rD1hswkY
zj(A@?@(s^FwCKD#h0%E@ut-jY{vD#gulK7^{nm2DJbUoWW|VLPmQfJ3aq2fUY35we
zY3dqi_@sFtbBYDyY4s>RbK=QVNT6!t82JT(mjvpzVcpyHt^{l&x;K6ZF4Ko&*q-&p
z*)PwP(52m-<i(&F5JmC=4mv^sq{qQSI*7EY5_6>t3bh>algyHf(uu|+(*?r?@I;)u
zEL~<u(ZDr*s6N^0ajoDVYX<h{fm44{*nb5Yu?MRKxtI6ys>U!3q8~_uOoC8H*pTPt
zG1I2Yp@xhJ!3sqUNS_@$OEu7dwAV#C0XaH*+{~JsHy+lP0NAQSCRBonx5T#46uU4%
zh7J)m>KzJxh1^5*L+n%BQ;PajBS+f7+7>lUNvo*ht(kVMRf2BksaPpkYU!%!Y8uxo
zt>~IjnUk5+8?YNuvFUh?myMsxPdQf&Qy?DF^ala#aFbrYOkblm;{0xKu#OK=ibX4k
znDJHq4u8mSP({3aOnZ%CSBn9!!S;@eF;SyHt6O5M-Z1tl28ji1sYkTrStu6no_+j1
zU~c|9XZifua27{pjsQvNtcPG8-Hu~NT=mYhY|3UFTz^gHwA$DMJ_}U+Eu`LjXk%r6
znUm^w<1U74YlruBh$BW<I3af9-f-~<csnvXnfAK&NW$K={d&5bW@N(+BmmiCuw6Q{
z`qobZ9rOW!tnw{t<o`rO&(k8Z6-Jx>&6|8Zi<6}jCygYS5y*6d<@UOo-n4P6Dz*<3
zxhMAI+V-Rk21obqJEFF4;jqwvKMXcl*9j}p0mDpew|h#K?UOja;d;8-c<(xG>&+{0
zwlPC`{apVz!3FUknR^H2PelgH7fhug#sU-nLWQ7{7}P_(|7}4=6l`m)A_gpJzedsk
zqmelkK=;CDv0Wwx0hYylcaY>n**)e?3x<Dv6xR~xLJ%obRrOlHL%LgR8k8ys>v=HZ
zQpSmY{<oBqJb1^|Ssql{w|4Gn5;;k}s}}-+X$|f=GL%gh3nBM$Z|{>tv$vQHv*i<n
znVPesMV|e#J6Fg`7-*;?>cJE~R%pz=FR2b?>y(+F)Tg0_zcr2e*yHLCq#5xq6~FT?
z5q6Kihqi+{zFIV<?i2ph=229OeP?m6V1+dr?zlM2ycWq-zuD)4NQlN;7%zCUZEwyP
z8bN_Y0;f!<>XKJ2Z8Yb0f3l27E<}Wi`DXj*nBZ38FMs?kp1OV?`pSK?)Mog-@9|Jz
zMW5f7y=<$y3%`oHVXTo$alsBO{t7jQe@deHXUve?FA(;z2I}R31w|d^V*M6}Uzuj$
zVkoFZ^dal=5Sx>)9dAXh^z;qL60b@sk*b}m4XlIIgP~QqRatlB^?sHA!yYnx7>XF4
za9y7};YZA}SJB#AyJDg*R8M5nE<{+Mp`m8o?<aJ3&fgGw!S0B-4;dY&WgVw+_6<se
zJ3mlkPKCKUUU-i_??h&|O8YwD8QU}#lTHZpM@ht&kxRMc8hIro8BM33xD(=FK*7hL
zu%q*F_=;lrRjrQ*otsQ6m+Y1<%zjQa6N-FA);NiEPD7Eo>2XuQ7CD&F4Q7{DnL6bm
z*39Bk=@1<R#<&u#mJP%qEN5I5<&)`5_{9l&7i&e|lW2Cl1_WFFDd7Tt9Plcy=iT1s
zeH$B2-RbKcnsMan*wkw6sf*UKFSn8NIP+*oJon0dBWdMtB0|PIZwPx9uxB{?Ssytn
zXZmdTVNM=zL5|To(;s6I#*yu)+F1((M!Eb$s|kF*4U8&<R%?5C-SI|r?yKH&Af4$v
zES7g5^!o{y*BSL`!*MM}FE~SpUx1cq?RN@LUtTc8V=S_r1(jeL>74ILteuu(*|maR
zzw+d%BWY{yRwMeMBYqhb1Df>DvBQ?%DeOTK^ZCwjeh+C_7qI*?gA$#cJ!>>sA1#s>
za@HU@R_HT`w2?7)RRg2?C!fTi+_7D=1DSdiy<2Cy&T~SS7J=<HeX3Gc8+RrX!tWX`
zhhBb4p?*(@zE_hN9}%u}Ko9NFuQU@xMFZw@ZlIhi>gz(R-~^pM)_Dp^zrD63Zja*!
zeD1_=GQqoTNeAZ^MR@PF*iJh-Pi*^dW8i7WGFjXDb)S*OU4dC%94j@aub<K7OD1Oe
z2y`Or5NH^HJH(%P8<tMCXDq6FHzbDou7T3EOMsQaEvhXl!?!>h-VDd$*<yXz4HhFT
zA+@m<>F6$PeS*i(y25j(-;8NfnG&1+YG>97hps;;2BAyJgR;su4OT%l;viTI8AD$P
z{(j@Pk<$tbJ~4%jZi2F?rxvYn&+_DZ>IxrmvE7(jIcYkXH80;f_)4-q&gf&Uf@sq@
zRl-#~F{lMTqp@YIx`(T=z`=qMow1rhPU-*#!xCdxMKXo9F^57VM-nCUUu%W8XqByD
zB=aoA^41&i##5}DdA?Et!b#L8&>2NEjrTFnEi+;mh1w%?B=ac02s}`~l0=b3)zcR2
z&VA*3O;WDcHsA+Le<Iq<C6b7CQ-hyD)(Q!%n){UAS0meLEFt&im+&Nj=bke6DihYp
zbp>@mZVU5`mBt<@oKM6y&Qz`}C(;lWSY7-Up5%sK1`loQajIEapS&?#BNOGZf+0&s
zyZ-ySZ(4WnxyP-{*<2%h_yCX&CsHN%wUJfI^bJH`FR>2OrK@q^MY_Q|4-F$CZ^|`<
zBZ-0RMwgSB>K%P9^4AR<COa*Z2kLn*DxCr7gZJ@wMn~(sHQ2iaX;DNT&P7>ma^9}*
zqaXmsDO}(w_?7xP-d{9EZkKuPJ;q#lAv9Tg9QKUSEiU1uKQXXw%NP>DS9?8Atgfon
zN?GW<SEk_HTV9|IK6q&=`1XFsjFeSh_I~95L||+Rz<HO-n(_}qy~pIyG)xsdGT7zB
zc*0%DugbdO-iZFYfH4_ys|6zhZGf?gmR}vlyV3l8x~-<S=B4Z-_o@CV?t_4&NYpof
zZ|rhHx9A4=76rsU{HzV%{f!+muLF%FXb%Hr5r2uW_Qa_*c~Q)=hYj5fcdP^w2)k^b
z;U(vWd+y6C#`8z=NnOiWvj|So;s%++oBzhl<wb1?B&%EDvrWcF-Da@z@6@xtj*QKT
z<zv<x$J4-*mRru?g_|=?1~=GFY^6O*4<FgPTx(KUuYzCgm%yhC^+dMW68(1mH4t9Y
z2j*3O*g^F}I?AotWt8**PU=_HwMHlED?K<Koa0iVd+OHvB+PdkvHnwEWEG16^QbJI
zTRplb-!+m?kn~N(5p>5>w?wY<*xD9L()A9MRgS?k_qEGoZ^H>JM+Pf4$-0xT;Gwhp
z8o%nwnTBes-*=&)cnQ5pQ6C3;SxOsVc4+)Kj~7XMp4c{lUgFNacc0Z>)el>m(0JVt
zHzE`<l^aGaZbPEFOQi$>=jU=Z2zFm?zt$~CX~#4kima>6{y10frR0h3%0AH2W4Z23
zZquql<kN>l97!@LM|A+K_M_+5;JZ7H_prseaW3&SPBToR+jhR2`E~&Cx2sFBr@D`f
z&9IDM&N}?lQ~i33lRZ8BAC8U1%te}qa=0$InV=Qdr%jNhIgJ~pC}_;92zWu7hMu7w
z(ALpdu~k^46SQ9h_)cZLKYwMEiRHWUDt6{O|9*A!e7=|bQBI?<P9r@f(}`e6<i+>$
zGn{RgA(s1Pm*`x8`*!>B;zk7y+wXXPpG&i)@`TRCryu9cv(@7<<4C*RQ%GjZrkP9E
z({X74{^-=l?n9(9IcO{H%1}OLq85)TIx0S(#D2^)s)_T?(91F*zKIa{-f``Lbc2=)
zZ8Hj(Educ=5FDmjQgJaJ@J>Y;V87bQ+);o(HwV+CisbrkNurv5>EnCTGvDU>vcc<;
zSnJx+>-Qa@s3~N?41BmTn2HaAdo_+~T_AgC^Yh^>wGX6&fHh_S94jix#*<z^I1|}_
z_>r}5-@n&mQtDJB;2zf@!Tg~apL(mB11qw@u+}uFj3?7&6xDtRuAB-BQEkVdUGCU}
zBh796^YG&J;t;S(xue{%of~cD<m4Rlu=Az(?(;*{x9}R*BfAUaW<Phg^#V73<4`{R
z_IF+?+@C=T_QyXV?(=eCO9=GjC421Iuqfac<}=)DNm32L)Sv8u6U@=u;d>?VSiy!4
z88zyZ%W_P=(k!K04@62JZo4~1Zdtc@7wlwi(rGgjPOlVVSbH=OvgnlThC1cSXDViL
z`sK=9O6|F0PNX`vFFY|?D>*jVr}etwYEAxTm%YeQi-C8*`irERt1BC)D-0xPN)C3V
zfZr(T4Hq)&Z2`L|`riV(OM+55=%5+$PjT`}(}AY99sl5qTtG#{#YDpX@pNU@I;V@+
zomur+&tHd4PWgj@86^uH3S5E@q4)=-wCft|Y9B@vcw!(z3)lt@B2t?yaX9m?xcIAn
z)FsZ<$TncCn1U#~LET$rKw&RwutCKw;Z+W^lgBGF&n)iYxyXlpWYJbE>hY(V7;|*t
zvrye~uRPx_y6)A>4sV@({$%$<-i|=${f?spNe{};)S2_Hn{MgHMBOZLYSK_kXYUg)
zVd=2h1Ikwqk*CoT5$9-g6K#E}_*J!djo+??kZpu8rL7;X!&7wRf;x-Q<H9MQ8zg)G
z(n(xaNn>EyFM?f|Bj4Nhx)gCnxApdtX~)ZZmQRTJbW^Xs==6Qxd%lBmbm}q&!D`3*
zb0PN3gl2YU+>qSImlm8q*&-OR`8Coe|7)Y#W>`hxLTF_Wv+yBbV9z(7nDI9cKSaQJ
z)04E&$r<kHo+Gx1*k6WgbdF&>l$eOV*Drfp(VbrM*&M6gu-N455#4s1?b5?K-kX3f
zwiqqZ%ic#H>ar6)`OZbBwjZH~Jp7_BIf(}u>qc+odKG$`>_VUWjj>DL1_)q+%<y78
zUT?tm@Xdzgp7Y7z%fiNUqM41XIb`XCu~|WGEvGm%B_!awKf~b+8+tY30)M-2kcVPh
z9%^jOd4z?SWuoSZDfZdOwLV*jL2r++Y42VB4Sw}i=Lbe*k3U`QR)#o{19pEa@}pjf
z9Sr|;{w(tKB=LsC?Ke5Ft`Rgp#0vKCr5Z}+d>ix`gazLK{wR<j#2wAxf`)tFibad-
zWJKMxzg&zwP~G{O&U}H3;!Jg^R=lyWXb<H&?Y&O51k+vQY_v+Yzl-(jxzMmRTxmZx
znMirR9w}wSo;!qISu>Xr2eBxLDe;i_Ssw#)6beA&6ev+$n9oYxxEO_Q&4%aw97yI4
z!YY~A8$PFOcib|RB{O`Zwy#Tzb{fL^t2`G-HAL#b(W7MjCv&hGoJ#1W>F<bbl+fOe
zr#R0J%X^&tog(P>*HFO6dn%#-ba|ZoPKbJ~7(&NylImlB`5cNXL5MM00Ydb@>PbGa
zyqL{p)gDNdy&9mQ4<;91RslUC;Z%uVGGctT)Tx!oun9vy#RZE35)9D==ZlR&u1-wr
zeXq^WL>Xl|hU9-swK*#Gr$RCni-Zh?kiimcTL$xLL=xE%HFn;$m2#mu%DH*GBxGmX
z*{w<#zHguC&rG~pZn{on#GM4fhtxy6Q7?9McNF)W9Kq}T?b=jf3+jqi@)RP+BzyHN
z(gy7Ga(4Ifax30wZdKc8vVLyWvv5d%LQ|(xk2Tcs-DE7<=%*9n!gqsa4-*Suv`Vjk
z@y&P=${#k9F<5qBmp$Odt9H%4TjG=#+dJsN4ruwAL6pZBh&{KKP2`DUw9P0z&|VwA
z)fVzd9nxX^LG`0ue78xA=1Syp7~?d>C^*oKBz4S<&Lw-6G^`3P+{zV1nR^V**y`y)
zH?)HqXia_Jq>xy{qmyGM*ATn<O0u(tG}0h7$4(T><}HvkMi496MN318`fj|0?oebg
zpLb#5xtPs97|e&WSN!5LBD>Cy8#Ab+6F9K}1Y8oNia?ga-5*yZOi{Xxw?a?X5Mh%u
zNsy0AgNPlUn9x%#3XZK%fDYDuK7#e_!Vn%jSY#eTKuOVj%a|wAkmq7ZS2v2qd35%g
zv<@Ns(NYyAk9WPUB=2H)w(Y~@M<1#EI|cSVA>*Bm7=%9qoR<vLV`O35<O=H(!-!AC
z8LWF(`={N7EstlU$>EMd(BRkf{Y&{rt&iWmN4pB#!qpEbexAAe&^*Yqip9EZKTOY|
z+z45~;!nr0d9jz+S(|-J<;iMriQ$2p##2^b{0c-(h3?s)s^1tmd%VIXf<G*S-I%&k
z`!c_Dr#^vk=5R!2py3~={lIB<C+2L3G2w!DrkrX0u$QrdSs@E|-|;(gq{Qf8Tpy~g
zm6*YwyfVK~b45#ELgyO!y_qIEqrXTG^m#aa`8eff9D2nhe#6?OO|Sv;oTcud&h%yA
z>GnXLJS9LjAuMkIA0T4e6+Qr#1WKRz<cdWtXU7pd&9h<Kp>B)54=KMr7o^VIWv+5&
z8{*z}{=`8{$tPa*0<7r4GhYKfIP<EmL#=V?UsYyKo@>H;(u#g^EI(zD%)G{L7Wown
zJv;DX;jXi5OKQrP-6cVLr|OII4Pj7JCviCRwV%DO=iJ;8*bzCeefHb8u15x!8ZTuA
z100>isLY|wq2_OvMeUmHG+S-mWPMfr#~P+lw$+v$k3r+c^4fOY#FO;<)RW%Y^BUJD
z`1{mft@G!Q9km$r5ucb|cI0fMtflFl*Y|g|cRYA?j5?xOTy?aUmAr_&z&{FqT>fPK
z-U#G_42NzH)foK63{()1GFN@-Ybnr`cpqx_=GO7&CB(L~y>=snesKN0YXm#WYtT!2
z_oHyz2sh^0D;CUHc*ZMMgjgtLF~)+#ZPUy8hqv3hmvsYQn2+C@jcDL!i+gPK=<YMb
zO+DOS-<$rJv=tD6G2a`nScW^db%4W!EQf6);FH9z5pHZVk63~TPP;qY$kDy3XIv@r
z@wH1H*1WxGooyqfOZ$`1Z6l@%bi`wx7Q%1DiS7|r;%Ik$XBitMoujG<@M1rUu7rfF
ztcpo%MMf&DbF6dj>k3ek)(&Qcu{0(zilV~vWI?&^QrntRYK0!l^Pil}qdcvat}>6*
zBnvu!agaycO*<p8lINk_9;xNJ_iOISlb0lI4kkI0izPK=k~<sL*-RTcJ9ryQj+b@$
zyl_yx&d;f=Dw2~17xUN8bV0_gDhyV@^$QB}^IhE)6*01MH`3Jg7Sz?wDQe3zk0h#|
zn2j3^lEBAB*bXGWJ!8ev&(f8c=y(-gfqs!u8l5mNsV-6_t2DE?z~wL&ch!_gj+Na{
zJ|^sM1WJ@CB+B2|7`L0b?M_yk7r8`g;68MJA6BB=1-g`L*E^YXU#eoBZ<^##x@}cU
z%Dg65jyeXE)>Jg)g!eY+mftRV=+|nvTwCh%0J%f7=wph*9%kh+FOpxMlNO`?0!Owq
zW%VDV6acj?{uP#DU@R0oLRLCIpHZQSE(^h|+;@&|BIm**P8ShQOo@w1rL_6@$Woka
zyDCRpNnulUr_2V}pUHES?8Gnec@|;)o3Xv5%K$fwk1|I=@ua-ElERAmvCd?iGN67u
zJsJ*IGH}yO5V)+}S=I=n*jU#@NJPd6<foF#*;d%Kd}%mRicMAM-=u8N;&Gw&l=Of_
zHR6YLqJZmkWu?+ZFMb624kYo%2EU=@BzE<d6zC3tW#JLl3^kw-mnG1Okh|dy%hlNd
z(v&6gM;0hapM%M@oOy81kUKS9CWxqLMrBPU9aV|fGCbM|k-97|(<yC)1O7%rQT|p$
z<rQXs%=6|(WvXT#)I1%fbE-|J<54Ca-Ets|U6N~F?`7pcoka>27MC2WhH3y9!E=18
zPN6_ld8bn4n)DVmO;=SzR|0N|rxZvU0bXChO#|aV8yUw%-VJAViG4(eY$1A_`!Tt(
z0t2IwSua>(QE;ocPMjxuudwuMJo_|((Yg=xILGM<tjo#U`JoE@P-VtKk<u%@U3#tj
ze)c;P5=#o<yd1w=*ZX=8DD!@?UgF;JeEdAQ%$6^z!0VlMRAJGkFm05d$wSvK{R~L1
zppx}Be3|s|va&1kaeFrqx2VI)@^7zpv+2LHFqk)Wj688(Ns4>6@|2s8bp@pzvC?Hr
zkLqse^XfXsByFL}>4>EcFFu;pwdq3L8RgNGW7U)Sb0FSBY<0^zo|Rsx^x(egIz&oJ
zpC?fjGpax9{Do(-93_=yQxbR>dd1VZ89Gmgqxz{y+!_?++3VTeq?gf2D2*6DVkG5l
zCuzph*^9*k5Q8yZMHZ66*Ca*1m`%KGztTWStSki#mJi471_epn1O;?$QL`qd@Uq!V
zq;0>{Nsy0^<fs+z9LWw*{}hNIuPNUswreDw86r18i=Fh%L``mXZ5CKSIl9^^@K!+$
zqEKQ;3WypgT%S^SU<6D4N$UR{p4g}#%}{6UYwPPuaGAhD0F&k)EGkExrkcjZT1pN?
zit=X+w7rbpNP0Oa3Lq#9P0fm^POH2cC!B}0EZ-1ub~wg?;o%`^YCCsW&|eh=<xHJC
zz4{T3+;Dgqu5>qI{Od?|QjM|EKRIf$i#nQB-^5v0^g0OCM0z+Vsy+#4htxT3ST>g3
znA5;o)mPO(R2R@;@U5I_d46ylqnbw38WIUS;fHgJUY~})CN`4F1R&E-w~GAsHj+i%
z07f76{}yE$M}L3qqtz)jH#AUSqhLFhotBhmgmxlRiZ(`*1$8XvB{OA$Ndvws8lQNc
zmvRxF(XqjykC=X9WGAH}LO{)u9`i?b%&phg(P&New8Sd2@ygbMiKdRStY-?)s73|t
z3mQ=kJg_`jB`6}frA~2aI$chzv*47S6{Lf~)8C2<Z<^I&T>(L?%Lz%y;A{^8PxMHB
zoLnFPQ(ZFWkSlka37FDHeI#UsHZ1mnm#(}aZ3KMt?lD%^QiD=DUQ%J@r&rjFwr{C%
z>|ujj@mTnEz<;*qe?5<k&HQ%3{n#8=OnKsY%uLe1%9$~NPLjOjzf{px#q>9s74}&m
z7~BL^tE;L+09-h=Y?M(*n-7EYQ=a<$eivV3Kwv!fkANcryrM5Ld_wK8z&5_#xN61o
zQIyq>Mch8Z?_X6#FLenYI|0eYG6>&{Rm4{C?}>m6CPR{T2r3FbB&snV`#-ULl6P(f
zBuAk}B<*Ob=T|*GyGVylkVt%J+6mqE60Z{W64yesl~{hZqr_?}<a`*6V|-M`3EgoL
zuYcntdXN|?_`n&*R)VC*`9RVS3!?U+4oDRnm>hk7aVB`Ne^Z=_Kjjl0mF5w(vvDf^
z%d8ELNy_~lQ&#`vkYu|{<VSX^@C5}p^W7@={<w|DxIK%+`C`bkxQ%vWn8hdSSKEJf
ztw}gm+15-~hC)1i8eET9C$>ZHEN}`DEyPrg%#g>a5N?zQv*d?9kCjy5_Abpcb}#Oq
zlSa?alSW_gKi|^{<sOZ$kO$715?P|>MT}vb#dfDCtMjV%e3}5+!A)aA<DJk4NGH4E
z%y(NMUNWOS6?{wmu|$_SvmeOvvmIfuXT~~4DHKIlfHvB)W<ki@GsUK;lVtH;?oUgv
zvn7dA()WeCyf$5_(Kch$D#j(R2w17!ad=!ei^K?ith0sNU;#Uo77==n>Un}bvJM%x
z3RFW*dIrz)W|#b}mhSeUjh+j6V7c1~-}bkz-6iTqSbYG*slluII5AKTP0cDxx3J-n
z{?nablEoZ1s(Agy!&q7k6GkmVUm7e^18T(*V+&3?R~gvF8oc>O$N45zks}En59{LU
zNJvj4)>~-J%D&D*I#!IQ)Rm=G%3NOVZGvB1=*NezhmFtktu~aJvFl>rv^-U%VM7nf
z^pZdL7a~nkBXEl@idOZ=8x@8O%4NpL#0qtbRI}Ozly0}x`n>CcwRGbNsHhs;f-g&^
z-o+!mO(>>%^B*gtWL+xzMiyp?iES1vbQHC9B?>IDD|xN0R$!d!xtg_x(AP>+FNN+Z
z;s}eFX&R%Q$EX^`w1cNRGA255Fqmq?O6EE$-q)moIqX`p$D5LRGYCvI@=rMZ-i*fu
z94}+RnMKB0ia;F6HETQ;lc+#&Q!A!DOOVcrD+0e6cqm;vTCj1<HOdU>V+O1;eTC9L
zROytiHEd$MxaV)`#iBMui3WmnSF;C{C2}$=j<t}A2#v@+fw4ihyou_d3ajH8eCAea
zp2h2G?>jTia*mkI&0DBjeW&O39k?;a3?9m#c{twN^3w&b&8b3iwKx;2WLrc5K1vdk
zA&AA+JT_5sev2_D?nIe#LdDiMjG_+3sq=f2T#;Ri?FK`bs2HBkvs|c;;=AYK@^A-O
zUEA_IW>qt4p2W*s;14;a^f_Bmj_E_kJuM{?LK7s{H*;oi6OIvT&nlOlWWFCib(rg<
zg_%k>CKL?uBz$(XDHBQUZ0B4{8R^WJQ#@!a;2Re@u9+~4l}k*zowqm6y)hQ27!64x
zF`QQE+A|9oMJbllT<9z&&lA;}v%MJ>r>evnb#`#o#!J8O?hXqTpB!h63~WmZ@ni*d
zd}@+Ln$4wd&%NL?)n0Mtw6B+CaUvUSQPn(`AG6DETEugEwbOaHx7kk&v|n5^M%pNi
z?h9+;5ehqAdmKYxSG?C)D^im!coW@3eACB1x=YZiqjmXi*T%HlG(F(LJ!Y?@r<Zi)
zYJyW!x;Lo{JUh%DmODioZ=$?q<jVCCbq#hNbuoD+6M80Oz3Z<v>pP=Nep{A2Z{KyK
zC?Dx2TvQL>T~t0&TfRBE#J0Y2hZBZ!Y^@efa~0l1G*1@T1<z>cMq9kbX(n&tsC*~K
zpLe!roIS>a+woH0q$tCW8@@{mzurb(Ga>q-<YNJep*C2x+sguBt3j$o?5&`)bA_Cd
z1nT6k6sEClLykBPg_}cbNof`S<ULzo*oD>6GUz?4{Y%e_w_M=VIIG+uhFZmnL7oXH
zc?D(9iqO;8b#NLrXKxDqQ8HqLD3ZVK`$}IK_6naZW-&)j^ZTBs^Qo9J_3E_H8u)`U
z=+UW5jY<DXy9KwHFJO<zGwY^UDN&n1D|<YwMtTJs?$=Sh-oxdu7g~RZ#B^>Z^cl?N
z*QikIwwk{QL*%o}`3lUKJuv!qoQBl1DuYG*Zj^U1()yl7A5jMPXEg_F<k1b`x-<(1
zIVwoq4U4CFcXZd=9*hTk2)fV*y^zzt7`BZ2-g;boT9{I*`Oi|)nM>%u7}Kyx8*muc
z*eOLQXS!@7sV<9?=cIL&?UL>otV>}@<HuGG2U|7muCymO53g~C8NV9RitbiV$M8p}
z(Q`L^L>ou6hcC=)tD0F@I#;X-Yg3)Ym~hKY$^O)6=w^=VH(X4BEiFVxec{qF!x_8t
zi9IK1#6I13uRqQy4Y~pVyUMo4J!wOtCiFUT*H7`*$Gym1Npfc`bvfwtLsq%SofH>T
zdbxP7!=G`h`PD}ooweX2^j_olitO!LnCp<QUdu~{YN&_JimE5f&LdYn>78trmjZ>|
z4rYS2>Kj;4<_hlASXwSaZ8?pa%|%C5Ihv(xuAQpESCug=)Hg!iJf}jDTbeS9SdS?T
z-Zch&Z??*c1NQndY>eq6HBW~RnszruC34wfZmx}+xwGA=bZC!N#e0%$LNLy)Z&u>>
zolHsIDkka^cik-$+^(CuBBV*ZqBrWEzF#Oyb+zA4&G1Q9=Y1m+&2d6@uPY2bE1p*6
zlB5O^WXRnY%LIBl%S6bOK-IOXF2T!QRk1a!*g9(}d5mdGk#~%wRu~pMoE@c;`^mK<
zkGVITpPN2w-zC0ro27WpBzJEskAa6)Pk~8(PJH5ksg=AQ@t!6$8J=$Vol(4Hfo|1M
zk+0at<fO_s$-D0zweuyl^E3L7olC&u0OO@!O)arrq2{~YDb?7@CDo(-!_67h*v<mo
z%kx9B@x#nhvgbADXO>SfuHVIm+FQ-#`_>joHSbE?pr4kTgs4xa)XKH(hgXNx-Ltsb
z8OfjTYudy~>q|@K`<olavF{-rfMgu4l3exs%_SgNH&OJl(II`uH)o>wWuilxK9+~B
ziZfESRFn<0^6k@2^qRr>E%z96Sm`M??pNhT>}PgURtoV@dxJCfEqrtOzWllJ6yqKL
z*vT}$goF1g=Irh1X5l*>6Z?_K$*Z<v%~x|k^nCu}t+%sxayrYb-P{B7=!|LHg7BIA
zf}GPXY3SIFvMmwS!Wfc)gyCBq?Bp}I`poAv{AH@~j`gNjaCVCMz1}`lGm)z7I495(
zO|nxISF1IqW_stAtSvwG9Z8~>G4|b(a9@8I$;A`|P&uke_THA9)+Nr>A^t8*kPA(e
zV;sXs_RbRI<>b+LDND`@2`D8?MBo!g;_VXW6(_u@JhY?qpbP$364<sOxhXre;d-4A
zbUf#{GfVzJ4Ec5-;P5c4vUeolU`WCK77DZ1Ch>zL=v5oLQNGhk{tzV@(Hzqf8whSy
zc4W@#N*9bNJG^zwv}aH1I+lYkKU7KXDo99Gxl54LRUU((^w1@NP`S&J%xR8~L8%uE
zm0ZvDkTq8uV}dY+oZ%MB(U`=0ajCM`54m9E*xmQTk;+jWQ>r%ZmCR8d<4xwyPv|x|
zbYNP$SFfrojpA<EpyfuDa@`oC#rIqhX;31GtuPLiY}puNP3FF<({Lva=C&q9NRDSk
zpI?@2sW6@h6g7yH#AQyHLI8!zoEQbktm+35FiuR~q)U8PZm3@(wpNy?3~%ZyN>O#Z
z0dKUo^K1Acecdj;T<ayPUYp=zWd?bXLv(?9Z*>!cvOJA%rSq{>e@L5LrIAfur7(6b
z>_}GUVFs?zJda=H7?%t_4@;IYF$x{G7@^*<De7CCU?OGH&zMZz98W^2QI#M9m>2mv
z>JRRxQ)#d#XfKSSCU=B}F&y(wW-dQ;WlA?Ab~2eSO9+W9`XVgv6u0dZw^UIqOt4Iz
z3@2`_Fm9nyO5;gat|&4jNC)E^SJ_vPNSBmUVN@cy-YYsJY+n;MEjuJlmR1{UDsP~_
zB21@D#QF>j!cr2imn`X<R$`QhPm~^31*lz7ILApGd<02QQqaeRQ;y~8qui-5{*k;>
zX2h+DQX6a2uB4xiJq$??(xw_?h_9y{vnA1}Hja`MbqWlcLz6gmA~xc7C^t@$v~Am_
z-Q2}riEV;h*%%u|BsD0yXb6s?kKdz|P#deuhc{RiVRQ~tK|jYAnuqQGNhQG)_h*lI
zNm#Ll36g@ceVRWZ5mvAvoESrVAHO@!oFwppm>?Jy`zIAFH4(`ERlmPFk{#LSfno3$
z1~F~QLnI62CpGahzo9Zxbpkm|I4CdCl`sVnBANty-A`T7ere)g#OM_XagoIAiJ*UC
z@smMQ;(x>``%8WpB>4Sws2I#g;!9pN@Yf+>-CatNsDcSEj!IK8WPF1mO-46pn#)C3
zCe#YoB|(BsR4#D(Ss!(49}fXzkHjve-2cbU_U9kf-^#x?9M<kSZ~MMszGwY1{BJ(d
zp1y&^4>ofC3&-L=XomlY)3E{o6aNbQOF#n<5&sL~@W1dD|Ba<0^gmcC2DVQBm7>Bx
z&q$9?!wm2W(5VCbFfuXzzhYDv|GzLQ0K@-|QTY#b;(rL#vHtG@bu1jL|0jXEq^X!p
zdD!4*Zm@|n!(Z2Q7!(mn1jrPTUuEgMKLRp;l@o-;iEQ^^<FzWe#Gn3XxpA|;Em*gE
z_F<#xiC#I5EBRP_yh^iOd0#F1NSoHl#mH>cVLD6xU`zEJMRmH~bI6=G*~zV`RB3tP
z<?EC=Ao5#pS}}S{qUnjT!R-9X;`=Ovzkl50h3%auc~sIhzHr$tS<pUl;_)u0vmnrz
zd3W{Ql!-mzI3n8pWGLDkZzhm*vRSYx%Vb{u<S?l$P(P{Mvdu2;`Mg=1XF77X^j$u{
zwmhCKxSe>csy=NCbS;=bT90f2bJp()jfp~-B{{%(NMI<?69%kF-t!6fGnt}sCRx`w
zrD@K36#WG5E*x$z$pddx@Et@y5|b(XC^H(xgJXUrT7`X;Dwp`ee@@ohPu4q++sWq(
z`S?P~_#olNyc63a@beBN_2cKGd8N75x*LJc_>ct{oon5B(W@V&avr)VioM6;YTl*l
z*B!cHncs=MG#|$5w<KF0wVVTeHb3kJhvO1ja(LdJHW!Bacf{aIPOi=cir|#q{5)s(
ztUE0%got#);SqMX=LF%9;?c*2$F(+~Clf<}@3u#|k@}=*t~=u*{>uqc=W!%fqvm_-
ze&_Wtl*s2lbpcB(+6!d=_A<vcHpkJ|sFxsgclPJ^z=anv_PKx~M<~7v2T1IirziOw
zj2r@qC*lKF9~TnrOn-X-E_D~!^PkXd&~F5~6COIKEpT<TRWrY3`R&aS2VH@N2jge`
z3um9VPPEVqf9lsy@C<!s)&JJ#{(tHM{<l8%U#T(d07=OITNv;^)R=z&7zO|&hJg*B
z$jk=dyU+vDEC6^6;LHJl#;`L3z%T%{W<clp2Z;H99MJ!+89A8oIoSS{0UQ8nNfu@f
ze5QY(nSbejw)9K@Q9*z$K!A{ig8`qBjSX;*37><V9r|B=|I+MC0N@M&K*K-}z}WmV
z{FlKD2<o2!(|;;u1}GQ;oHG8S)Bqf^{KpWQ9WYq1GW@e)0#r)>p9cIZ|L^*rpMSyq
z3zFqOegS6&_WvCJ^4ORdpxFR{|GUQmfZF`?!^RE>jvdfQc0jp*bprzY7t8-@G{7G~
z*%0vO{PW8U{hzx2(+EHs5E}=8tn<ICEdFPl{2xG^{|r0-b0GTPRTcrh{trMLMkZ!f
z=Kmp~?G59seAIs0``r7?{Um*yJVG2aGEE#HOp4$k0?dM(Kma9;OPm;oA0TZ?I;Nk1
zVM+=GbtiARw61h`TAX4ip(PdH5|Jcg#8bUl*z#Cb*(|7K$J5$8<g)Ihbiq+<rU9M#
z{`tL~m@WZKSnyco#Wa2S{o1YfzF@-4eJJMHgl2Gf3-2yiT^-#FnXmTKka~NstnK!U
zhyeW?yyufAe>*_!d;XhLa23o9_woww%Hw1<KAQfUMDXmIw|6A<E;VQ4=Xk@wR|Ky*
zJMmU^NISx@hY!dc4$*pq4Sg@(anD!YN@K^<N$Y?&((wd1H<#dZoeO$C2jS$9z>I(I
zVa)!!{x$!pQl;P@ac5*ELV~8hv<-OB??Si_^t(Im=mfF|R<Pcqcu^QA>5XXzDwffz
zvu8@MqKRt>87VmiQ^Maj9}Ml%P#OGm1J8a12d83}v9s)yfpSc5K=(hiK)J-`d`{tV
zL`r83Oi2=ltAe&xR4ghKzI4CPFYQ7)n|~a^J<$Ikjw7ALbtT&f@|=x*QJW)p0X=)`
zJoTF7b%y7O&^5K1^UL>HjeZ(9`59p!#y0{fZirSm0!8|QzX-SE(H6!h#&=V|V@~E+
zIHH1F!F=o@`KWO0VT$w#WbTV&H@vYoY~UQ#o;q<9<Irs0D@}JT_`c>dNl+8%>q<Bn
zlQ*D^=A@k*qD$P=FNrL_9{2^-Lv*TQisD4)`-6N#f_!%-Uv2544Jn=Sk+uu_Mc~#4
zDO*_N1%I=&tITuOpasJI6HWe(vPLxc2hDGJOhE{RHw%;*gA@VRIp^O~wfEWf*5+t_
zoAFA<xvVHMmVZGlIpY~AWwqPq7pG0`amZfU$?SWMK~r<zmzP*~C>v_+EYak=M>MMW
zU0hWLG^My;$6!+owls7=FAH$b@K*--;B%_MA?BUrh?W+jLTXJpl<)f2#<b$kE)Unn
z=9QgdIQT}g76$UA5VL&FY|ir5Z@2wIRDyS<e!?uG;Li+6cMv6{STbb3I1|;%&0)PH
z{puEl!@k#?9FRycLr)r-83V|jnJh59UUI-3H|}%0Paiclo+O!JKBi@+M$#wNxX}C>
zX>c<urq^&fHr0#*=j8%xY^PKnJ#{)UDWx7aK`npjzvS?6T?kGTJEqU3%Yrs>Gil5=
z!=X@v9@)E>H>j(tmtW%G@OWBOYS(GEJ}L4b@uoh+d(kv-q@vX5e)|YsN|c&hPF_wf
z#wTqK|1Qk<CYnsvV^r&bQbKoKl}$kf?3T6=Q&3YVgLLCmto`-baoS$s@WQS9i`tUX
zl6u~ik)7?))%3L?xSciGbKSlC&DHcQ0ha1hMoy_*>Pcp^dhUhQ=hzI!RrWGa;r-M2
zp)!2)kxpb7m#O{R<wPjfVs(Vh&a}7d<ta+0C$-1XgYW(5Bch7y!+6w%XKkyKjoW)=
zPRt22+^TWZ=g4hwTV!@tJ2aMjbhH%19sKN}Dh_x?8!IyvWTszh_4kml0{2J-eJy#F
zHv=s{2e_52yxy*&Nlojuw3A6}IqPZqPz!b?L9ogRlR59Q*}k{a^@n%hvZzXd2`AZ1
zPE{HL0u$n+<O`TXul-klF-&5KoAiyks^;h&b9yF{Nbapvkd29aX`#Ez@p;woBp2h&
z=z2;!jTN;M^~Ik_hz4gV#tKGkRX5SZrPMi-Xw#socg818mu%Rwql^AFTW!7^#vCSF
zteH>G?H5BDeo2qia|%$;3UWmTVFeR#(v=qb*M=^^5^G60fPQ9xhNtH6JPFk}`$`Se
zMo8}E+P6*^Z8<EG`cq$z%+7PT58wI6o?OrhsqedJ-TSWH-6~J&4e#|m?_(d#iQQ6B
ziHmz=WGtQLL-mLgr)%uB#q;O>ucf(U>hfrsKz3t()Q5<|`AMxPRAf75&9Zm><dh@0
z(Y{+qjPd#qmO5ZYujqc-Dcq)wHjbsqv?#%fW#h%urW9ZzNtOV#AbB)PL3m~83^kV=
z9zAVsYfdN2T7%k@E9I;oA6|Fdb0L?A4m!jeo}tkWzc8ak6X&d(sOf3xY3S+dlF+53
zNsf`EQtKxcO|Bb2qXm>^v73rqIGel_1Ix9Pu$0<mO(|3>7r{*#ltc%IsZ~xGgOR_-
z4^vTnyjD4Si@syPCg;NoplUAcau0GV%PV-gEVNZ_Aq-o!`fP7NI$1zIWkX4}f*W+!
z8JY;l7V=ur>u5sNF-TR9XL09l=IoZ#PTOUX8p)-KC&%L8l4^ZcSZz0qD(f7wxfQM=
z(l|BnBMH`<$URx<tB!|Sv8cMx;CY_?Fey9e#0$NyeUE3JFR$M#3XRXY_`a<#9XHIL
zdYq1R&$^>?*Cx6?PSMgTp5eLo|JJ+%B^==Mik$f@#up&RMKD!1n^u#~7<T;lBe4PI
z=y#+%x@m06Mbp5>{y>?HnO;9ZU$RwA3)C^wBdD`4?4i_Y6qB)H&VoH-h*G;$bgB^u
zp95UGWN8YcxJwXS4$I&M;Ybg^4A=*RLmIjkzn)Za#qB|iLfw^?j_Q6J(B2%3(3{?x
z9hBCQN_0PQvbP|*P@CKRK^TN2m#Zl>4l;VK^`hq>77x9|Woyt$ADT`(Xn**Ju`5DM
zhq4E|06Ykuy9`sFiCXexez8O<Q7SB6Cr#Oq3gW3qp$A*O%48w^2==?Ow|m5bR<iG`
za~|kyZ(-6(EPVx1w~VCCNgHj~XTBbi?)V2lw(w{Sq>-}75S6Hi(u`ppPMBZ!h@*%#
zTgOlELf4OQ$Y<mY+4If_pO5s;$aQD#3sz8VdUN?NG@RH;DlxiG6eFb+i=45=&Y$gx
zYm@qnC4Ko&%D|bEiPa--oSFmAHC*0t(HDXxpG%Mzf$jNl&UB^Xj8JB4v-5dnQ;Nj*
z+xytY^clVFXWSK+a#Xnw8}0fF5PdSurk^~=qe21%K0ca(YsnOw#g0c&CbsIthi6TY
zSo8A^wmAfB8!ch#o~+HzTb&+!Q(OtHEVYEOH(5mj$;J$ZcPBFQV33u?WI|y490zp}
z3UN>k0-Lo^mVtuuXp=C<5NN)vkBt_3(w~MI4u0ofO`m7)Oz_3Hl1hm4ay7H^eiSbj
zf7}H`fY@)8ArGBkqmW(~CBvGegGD~Thu__JZyQnEUyF?>uQNm4KD?c3o*x7FK5SOZ
z2k1ooZc}o62923weZDrtp6Hq~alM^~8WzC7dVL=$O3dAL7G9Z#fGmwv<6wZ>f92h9
zQsP&mKX$eKsBo-W{tGh*c65(seD(k%93!EZJC}CUkoPD}bfU>_x+c%Ams*VWSDPj9
z7&FR}w>56n{|BqS!Xkp?42fi@;qfF!!kgN-AW^ya+XPn;YM2Ng$Rk-`mJ_;IK$vg|
zaW`?{?0St2+Pcft+tce6jB~Jjc$F|!x{Eo^LI5W^Tzp=}o0?|^ixChL9_VmD5o+=j
z1V^=cPgM{NxWjS4Bzuz9^HK}Q&Wl;0=hC3;*;Ol-F8cI+Z{1lB*_WH;(8;xd;@4G-
zofC>2>MwV#?g@_N2IfPKS1he<gp}$qSLf<|nb$(Cp8LjEVo||K11WsFxHlTmoG~Nv
z9DFJML3t<3TVz?CY0o)R+g8cq5b=I~%9)cz4@^S^OY#hCZ^#Icmizu!CT5VIscp>Z
zX%PDoyG24$+JZ8I8i}ZG3Hmj<5l-odkh_ui{$=xDw~T3R*f18C)4;vesZxFJU}^nW
zQQ!h2mXBR?ah3)Pleffc)ABVVri11>7DmHc6w(oM{#B&i(2ZSdqtp$Ub_|D81VLD7
z)Awd_HqEN)7BXhZm7Izb0a*MWSqjRN<cDFla;c_j#(YU|7>CAa>}Wzd)}HkxgA#R)
zw&pub?@j$J)v+JkW+#JK$ghvR*dB*gnwk+js*0J{+jslOsd&d7vhFR>c%xRL3;U*p
zM)lD9=)$r+F#DwEhU%hALzU_&6lD1@mNf#V{MCjF9KygS=VL{E<-*dhl|Uv%v}WR`
zL23<=NTvNZIVqAck|d?+KoM?uY5Z*8CUM^cBUhRgKa%}DBA5E_RHab8nLH|&6m9>k
zE0dbbh;=r1I$Jn3Fjixnm7{jc&i-D+AY#NkNz;uRD5pn}a9PZa8qAe8tD-7DB%`bH
z1&TN&9;-yAI+D)FaMrLkwX{1nA2vrtxK0SPP}dkLa{}OeGqhTmT_}dPoQgq+C{=te
zo>8;hKd2~|M)y4Qx_tJPv{$|+4qEnqiM{4`KdVnTuGV}`Ud{7OG?cJH^uz_{<V+nK
zlA5)3OxffN9pCM&9Fv;0wwDXC&K=99m@-K`xt<fy3%Yi!2`n)$TyFmqBTGvNk8l3A
z5^LD{d^tS|Rk27#u)~mtjg<(4xxij_S0)$B)Ieo|JUZZ(rO2JmoF2uLcJ|!A<StHv
zkdzC4A;k>~3Igw;?FNteT9J6OtrxXC&;{kw^N*Ob5bKN{Be_8o8LHADE?~=4k3>X$
zps1SWU#$B<>U2`Sc0Xp@?%+#nRHwCg!NQ4_3PXqDiUt8zEu!tud<K5t9U>GAo@7f!
zP*ft+l(0iQNoA47$tUsqnWNn`I+Bm}fp|vFJN}fC1nO?l{cKy2&=d7YI`|Bll%rc?
z!oG^V=yj&Q`$aqbA>l!7W=>P<vCu}YJK3zl&*bIhe!y+nyVvc#UeMuwd#^(-wN3K|
z*XMkP;DRp2m+aGb`{QQS&f}Wv`f19p`-P;0e%}(_nTO)_#;?d*V*~H{?UHD+lt1NF
zzxVm>B+g%PHWsJy0T{`df)lj2OLwF!?UycC?J=e3RHd?XJ3IjFm?L7PLgCpQvT&Y9
z`kOt^5Tp8!^V8)k6LIMn$+U)hck`sZwB}_OC>5PR22pT=B7*`N8>x!)j#vnl8Nb0T
z^l$9e^a<Mw`@`f5begtxLuVMJGAglF1}Yb-2c9<t=AvG_txCQi_;VRz6563SlD-b7
z@g`~bZCV~T+7s<1sio9b>VA_{FZ6IeH;Xd{i>xzG+{RR2G3(Z=@tc>=k4}9hnivjJ
zr|}Zz;n;%B5)T^-EMa6L(SB`X8N~du5??YjzM}o_R|F}Heozv;FjR`UxL%Y3IdCU*
z5-}$RpW``CQDIa07wCk{*Uw;`-qlB$v%8cfl-k}0{6JAD(JyY&ZW13qGvg?Y*M)Ao
z`>hjhEnL3kZ#<*gkFLT4IjK~JRt5~R^rsoWy?jhTK4Shao!LTYpY{5<0|^63N%uSd
zHaxHLVeCd!2YoN>8UC@io+Wb9o1S8g3N3jcH!QV4E9I+AQ58CPd*3B;w(;1q>ywy5
zvQ?wif_{rO1V3=T0D@uHWBR6FCNYv|elOr&*Hcn@dowy+gHC8@AT%cYl|P!!<wFlt
z;cA6ASz?{By$PHNb=obFM{EVHSTftf@&c;(cSJSd_5@R_*>u>yBREoiltG({`q9^5
zhux2-t_8^*YEN4l>5aE*FOT%3I-Mzfv>(i`AEf%ZX?vU;oCs`6g4wa3+mBrlL~<}$
z$+DVd!w{te7~<uWcLg(NP#^ySsbsq|jcnfxt16JPbJ>G?V^}bq=vrh>Tnn40em!Om
z9B+vm{E1SXzoa!K>J*IOmP4ikMUq8+^QUnrek}vBv=jA8hq(uG-|VZ&KVGt+NSjhl
z#2F-TW94&V+GqwLblIo2^!q}DD<@vp>-g^GS!4sZ$42F`XLLAlVj_ElyQkI9If(+(
z!ussKZp$y*SQh)masvE0(~Z}?t-a?+CXUm?O<nBZ%5y~f-cv~^f(q_@7krxK|KjW&
zgJXO9b=}xbW^5ZB+qRt<+fHU|+qP}nwr$KfnZXQB{%hA-wcowov-dvdLswUgQKP@~
zZ&dequIssPJK7VxxIXLg9l^@)2qUDMx;8ThxMEw?pVcF$E62631hQA+YE3q;14OIr
z+)kM}XD?5kovt0ef73&Rx9%5<i(6~AUT!*jZY3P<&a<+9ejQ1Y`<9h+V%Ya>k~~ws
zIFi3549?i^!LG=#fjaELA5#xuev}||Gc-rv8BCdCs=~1m$yJW;H4p|Nzg06`>BKc!
z7dRRp5(h)qB?aU9(ZiYustSRs00+&=q?v8R^Dfr<w+-DWM4Mi?j|>!5qL-&IRY#>_
zmAG`Kq?uzeH|__@>+Fp8B>jS>j;`Hl{rK#!?)`H9)a||U+?O}_(>&SB;hLq({ODY2
zR@HGo+DiX=j=G;aw*~9kWpcp(S^SKn9bNeqfNpLc`tih${fT+ml4u*-0aBGEn&A$M
zPxR!+!jMmO1Ii%rK6#)g%6pNjNcU_vHeJ(|Fx(y8vgcBk;*F#iAfM0P<|~BglxPmy
zimADtT$a+Br_~VSG|vYpv9d6Sw-bGR7hL+jVI6k-CiHD!S3#32k{67Gzs9@z*y_ZI
zqKfv(-+686o^f_&a`z}yc`GEF%Rci>vrpR4Ev%Y*(WHV8lTK+>K;Fmj#8D}Q;g3W7
zWr4$RtELTX)jz9Yg<`3dh<mxxm?r30-!cFreXkBCQ~fW0C(^_{AC*n2gwP*L04s#d
zp5j=Sb3D$XSfv{HMkmxppjs(!Q2;g~-3x-`daQEgUC=1FQt$vN<yuN32$P~zN+Wcv
zh3pB;!r*hdiL}7GGQf$V=^OI*2YQ_Es*YeAOMfK;R`Ty3Cnq?_dU*<Euy7Q1E3PKi
zf&gmW`BBqjbr<rg{d49VbDJ1HV7r135*8MU4WG-}$dRH&27PAzbgOV4(Ib;TJ`9;T
ze;{XmAp5$n-F(OT>*xyBbnp&>ZUzK)A7IPxs?w|dZS~j)5wXiPt6L>N<~8WW#6%Mo
z-u?itJ%dGX2MMfarpxJ<AgQt=xTmNJQ~zoC5K7{|m)BP0Zjs(4>l&HB@CXL!pGSGS
ziV+<$AuZ)q$H$|B3yl!m{h6cRw)&IjEVib26v`v0pDH~J9J%-B??2Cw;xLiJm-;0d
zRp$ioPohJ80+g6BZ{CLT-wU8>As>S<R7|)k?!pbXDDzN4xZL(<$R-OVEQDyf5Atc{
zm6vLb9Pmzr#O_1pYljbr?gMTS{W<3fVEN+&_)sEc*dWODvjl%YYj*0)kThCBZ~D-6
zK*RmBt_)cyJt4%0kth-9!8!{G>w&`hNId<`f#t;hzB6%pbocus;Zi^rcmv@T{U(U=
zd$d*|Z4m-GLFJ8?n8UdR;_JtFM1X&REX<+IFQu46l%gg?ItQ;OTSLVIzT1SMA~W!%
z#C?SK_&|$d0Ez<d2rcjt3XF5^N3i_!2k{k(jKtskr#&Ui5F8kq2$--2I+-6{M4!h%
zj4tjiY7Mw0VLab25CraiO%%9DWd1W?IY>X1;17#3Xa^uR5iq<T#`B6IB;NWO%=AdC
zk8r_|!1=j)kKn@+bM#^%9j&k3iVZ?9m(YI#>ybmc`UQXb-6B(AfU)~MI75bhB!R9+
zPy#E9F=9pqU=!a{&r4C-0^jFgo<BT3!*2VCS_(k8hf{>l?h&quYT!bJd^9%DiHQq;
z;v*7Lr-V!G;N3<AwD!6D%%c#1n_eUUUkn5WdV29na?*4j667_=vnty~MTa8J<wrTg
zD>8nZ=z&QM3-;^+A{DY7It!N>6%l~(^MjdM<mU!DmWzt{UZ1zC^HqT(O=}legZ?}2
z>m@LoAQ%Lda7K25?^DO=o2G{i9pa5V&vqQj7Qo#?v=+9xQT8nm(+~gb_}G&KyFfbg
z8#Cs>Oe3D^C4s>w@f0GmXOMU6&9xru0yPF89Y~!&hz#?|gAu+#CK?M>(c5nGIhfCt
zet*BJc|+s4deW8g`uum66>J5hv1{@LkS|id^~Vmo7Z+ip{0R^szzr)1rpgi&1p7cx
zK0bJZ%Ct(`TI&1hT3Bja?5eC?BV6bVm7R>Vb(<Ttnp9i*woEbDSK6&`w6}?~%xkRe
z-NK@+h9^Q09K3afn{}OA*jc%?wSq=W>uY+(RZoMOJ3^?{tz2}4quU^^Sy?(n)pfnI
zar`=P&Q-xxvKxbeD&5%Bmj{|0WwR@1whb^=R@!lZ$dOiQ)gok*r>{FI)YMHH*OoT6
zmevlyFqeT^@@ouinDrf2xc#AlRF>D4=5^GSFIxu5*l9Pw-JDFC8+#f&x^=<yqx&2i
zC1TM)lYxYtTjD3_nv>~M+e&7(4{Tl4RuUUUxLDz%pX3Z|jI4xRiaTrS1$7R=)Tme6
zvH&)HQpuGKH9Pcb>MQCiNUnwwV@&DUZ5&{Z`6KIl)-}%S!ztuus(4s_xR)8(s<xge
z#)t{_ijI}oI9gdaS_Z%~!wPG`(amxZAed!Az7>=vNgojUseKOYY@MYN>l&*EO_9md
zE_5O!R+%{dIt8;M%}XF!f;l1{@G#vX;>I>5E`3yv+6HwSn&%*XbU|<$NC`6mE}U-e
zANiE^HpA`5a}tAPxZGDumdAuZ<T}hyF*LRF|6vJdxE!6K%de5*Z641_4?=3N8xwOr
zzJ+`s0h5p>fei}9fhEQZ1bK25_4(&zJq(4F62$e>9f&@n4N1xK>qN@LrynT@(PD)R
z0Ji~95JZU5!g7c-;2}qnSa8)A(2fP7oCNBI0t01y*9f2mQ()l!{uPhhw@y0(NJ;7=
zSvCU)yHNAlHSwrXiwx_*Y+*#fD9rze3=p8HLDc2awM+lybU`Rs6F7uZ9vI|~N4ler
zM><s%m_&F}97kNA#U$;I&7cv4s7w=HuO<0nyd)J+6&hQmhGHE0q0pRQk7`9mq(>9Z
zu0aDW>Cz9sBsH*XNp|=4eKcQ9%6YfQ5&E7JEId<{9$KoM)Thi*Qi3?OhkfUFf+Qwf
z1VM)}iml~1DJ5B=`yp8(W4AGiU6C=0DP8&yq7nf5dZOjcB|7N$#0E}9Oc2K@K?xU%
z;d1<oK?Mm>Jr{~y85fFab<7Z=G9I##tYcF7fOwnbK8cUt_q*#piJtgA$=m=%yQ}+G
z068}IO`d4r_fyq@m1~WZ7>FB$6bO=_D_ZEA5SbKa=DLcoDrK0EIa;tH&{F{)nkX@~
zfSwA}ELj;EpR~aeJcURT#Egg{SdYPxI6jNt?>eneh<z`nC~8H1FOel4a2g>qANRNY
z8OHawy&`)&4Rsj<7tj)ezGnDqxB&~HP{?a9#;E1*wDaeUIi#%H0Zqi<lTvn`BogF2
zxB)w;8E4Qfpe)pVAEdfpXFJXubZAmwtkmDMr{as+YzT*IS?o2ek4M5n8)S=C)I_q?
z$StxaJU>(@jtoupQJfSV+-Fh|+RJO=)qvwC+-blqTp-;0qivd0C8qw%{>%oLIn((t
z3&*0|82)@%uH`Z!3&cEB78zF;X9iK6rM?;3%;S6}@EWXQN8u7o7}&rgL_H3Oi+hGj
z$pdn0S3c=vCpJ5Xm+7JIN<O4mxKidhD2Vy(2>*b~>+<yT$@&xCDJKv&2%hLUOnn0|
z^(D6f9Tc`ZzZR64EZPoGF#2-{P;q(e_3MuwPpT9_(Mwm+n}!x+>xSs@Kh~wr;N^cH
z&p+Z08~`DN0@2iL=n7SR!Ukgr=xAw*Qp3)_?iZYf5KPXPppKekI;|&tE_xfT)={d4
z#8}0z-_DqY&hH2CVh3^sy8B?!xdie>&gEqIco{F$dCK)8MmQi)+@L-b>wd1kL65Y_
zj7f!gMk6x1pI>3J@=XXPZD_Io7CWzr5^jTl=scL#%d-v>iZ=lW+2qBFWtS1B19zm1
zDMp3bC#X&=At+*Ppf(AQfU4v+)C31Xq4;n9sk}AFJ!lLPLy8wl`49}jQz*))`ml1s
zOU#n7F`p<XOsZ*H9_GZ(zsGE&hhwrk%UArRus@gUH!toBjlk`VB556nss|&_hq_2m
zf9ONjFwAmP+~%Eh;3s6k`6SmWlnqG;VPPD0N%$Q*PsYfM0ypqlb^sq=)X4NRT$+{%
zf^-L!Y8GFrUBJkxp?Z8F&MEv9`web^mV&y2AaB<Fy$xSi#DbhSeX-D9C5yD&YMTsz
zrRo?Nl|9xKx^SjUTb{dN;ch8fk~FrIn)e`58EK+`I2{Iz&HQ#QlXfsBPDS>HEfXhZ
zr=*w6G;CNFs`Z@|#)P|gjOy_-$4~_Z2GRlcK><&fAAH=sWYUOj<99^Q-}CN1)q-}$
z;%vs~Mtp4b1A8Nyc&f;#*U87<`|1Z-xsJ$#EJE$~^M6}3@AGXUZqC`k)*?-`wF8pJ
z`3^Hues+}iLZX`EDZLY#QViDNq=_2(GzCt0DBK+(c^&;e&PQJ6cOg-{0ZiBbFi?{}
zFGSWWnhg^w%+*?0{!NO0X&SlBmjMk?zJq$qnyC^DHcobNE9T8ARA@@8KH5!pB3a~k
zmRrF)FcEDWMr1kfHegp<z{E*_Qi)Pha3PLWUNfWGdO)H`M({^QvI3oxDo1Pyh&iAX
z+0?cP`C`npLmkqJc*$Y9ZV{r<Qlq-Wv%HAgcvr03fg}ogNNh>UV4N{yKeg{#fH;_L
zfit~2^Z_0ya?7Q_HDVBYPRp-B3=?(jsqP}6RGCxUR;6ExW@@|*BA!}hWEH4&Ysqbl
zS13}Z9B1WFBeA@q5Ys4Wd9Vs=Z<V?;8K^U6faG!0!dqkn9wxitD1*wGm;@xfuL>kW
z$5~8Gdw(75RI7}KhH4hj44)L*T*vTmP=q#?5l2-KV1~L!PGRXs&z=m@f21b2QH~GI
zzx>G8-;tA(KxL)UBs1bbIUGT2!WH(uS;E+=@TvR#-|fp*!$Eob`@sZrEA47Y0V>GW
zU#c+qUS0D0hmNT#|1=COoJUs~eKjjDnVOoRfL+Lgby!7`Yym(+!DJr3kv`28L<Ps1
z#7~i&6q#cS%*nOywY?N!9qW>`N-eqqkXgSr$+RbvXpOj+VCe*|<NA?VQPd!P5^!cg
zQp`UST;(ry+)6EI>TtzQxe+~oSdzBgC}BeKBuc@nD(SKfI3}?w|5~9*YL(N};DKnO
z{<F>@s@dRW<b%fT##=8O@?$W&s^8L5o<4XWh00=#BFL&Q*(eqDJ|nf~RHXF4)$v5G
z3j1)`+;H1MKCC%B*$+3^>TKQL;`E^MelsDf@!*Clym`~wZmqu6s68cCwfpWuIA;5v
zThVa&vhb;02UM)2B7v|PG*CHt9BMoI^f7LM8=AcP6nP3i<L{Mnn_)X8f^-cHZ<7|`
z8gZk<!v&U9+MOw8!K>Z~KxkC47(nz6Ph~d#w${|TukmG8f-t1%f^=xoGC`#HX;5(!
zcTfK#4~6{6xE_Q(%J9a-Asq>N%)8m&LMv9Az+Ww<#O+5IoF^*fv!W)f#PvLK7D%*u
zJ^t!$@1=8NXM1juPh8v*VuqfFxAO;~!HQ4Z3)6F8(B%arnfm<>SjItj%-Z<nW!}t+
z0rID<H<^RjPsx`r@8X~yrLMu--Nsr{Qj@jbpFbtjj%}_I=hRV5uV{uj-`wA%23X&~
z3FLoD3J^5aqJ6c>u{YMDJ+~h9EG#$NEO$!Z|83Wi^jheU29dg^pWfMiaqo~GU@f8{
zm$*&bHbE(io~|<G`=n32g}w$rFLub>xoyWbPLg)nrAof9b;t}ro&mxMG*cz>0Op`&
zmz2#7O*95yhnINJjTi4X%iJiYk1<2N+BXtymN%3;pl@ft#J?}W(}lej-{g)EU8yun
zO2;GEhv4E1*UiXWzeDCz88tiM-i&tf3JQvuZGJ;wFBC@22Hy2Q$cFGgAZk27yxY}D
zR%qXX-bInhj8&5zZt{We*K%Za<^3wg9)Qw)h4pePlx_UT)uveMj-ip4ei7mGv4r-y
zC;V&y_N6i0>um<}RUR09xI=~Tq9ySC#&Mp=z8}OsIs-pxMt>&Xs;BJTk<h)r2znLu
zB=9c;^mc*qr-UF94E;p8C4%;y4<OhM?!BeuqudwY8zSkv9YpyY1!aBbzaD_JycPc2
z_!>&u#gF5wH}FNcKP&kn2<`jF|MlIB?7h#+>kGvzH;6ym|5@?{A9|N=zZ+$TWPclF
zr<pHz_ju4v(!CTbHkxlTR?^*BoPz(27Jqy43UmC_&G`Ti!IqQ&QQG~CFy_sE$Zv4-
z;k6FY4pH;v>XpN|UyzW-9T}0UM#5cS-~*+H8PpCo>0#501Be6UxUE)j^x5QK2Oo5|
z6YLqYZa381e%cM`7unX;{KGcNpR@0+l(apQp{=$|ciN4&=&09dw<p|6FViSJB;a-d
zIGG3sF|MGyihi5$?uVjVD{r*B<ojxF6uWP<w%e2K+V>uA6t3KDDPCK&`|z^E?-0=J
zKMutR3z*=)YY2H2RDXu+-r7sLe{eDP@)6WBA96vjuB5$cL9eFWX+d+7>Co+0uy(#s
zL)Wec(~$jc3!|Yw*km|ZrdheIB<s2uZNn8irgJYog4*A7-3O%A>_xo%u)1}GW=OnU
zaO^rFre8ipfyR(rqu(E{>wZ!5iiE~6ME#i-343xV3Jd>EOrU4p_ZroA%FyreCc|fk
zF>^fmssp{LZ~6=UwC^>`nwEa<t^hd_Regp7!2#CUy$5~P&Hh2gogO#$7m^vlkW<6`
zD<@x8vc-Pmy+aAOHuJrQ71_+#=sAj9qWy)aHIvyLI&>y*1t)AKsdZ8vFd-(w0h&Ns
z1MH=Xr(SNjizlsw2B>yMpa%G;D$0pJY!9vz<6#6Nn*lnM88Z`!{z!j*ds@1_*YhW6
z<4fU(Fags$;v4(T7YNLk7tFuY?f$DRkd=w~pY#92aQ(k+3l#fb4OcpOLu(5M7nA=q
zUD>{cRWUnTXCWawcWpW*#&5%pj+vE_kcsWPtc{70js0I$S2|`!7zRNnBNJO^LeBrK
z?D~D_|BLMU-#P=?{!M2fGxPsRc1@7|r!z44neU&@zySy$6lkJiQVH6(!UcSw-$bI+
zBLL(6tINBh>Lu_qoWHz(Ek+bIbFG+Z=PNT+Kw)nn3-P8Fr>XYvbRY+fr=Idse*O5g
zw5E&fYSlaiAK7?R&S^ZGzL}2HemyBFMZnj1JYZ?-*LgiDwD#KGs`>~(o*DqBfvL%V
zKILit(~d_3Q)5&8@u#jz+wK*$s}|iI*HTh(smP$E8e}ztrcNg;;8azWk@0O;FDs$=
za@p*%OU1JsX}$dx7ghQw=p`r%MSZNZ?=L1NEH3Pk_g;|*UmUqGUxHhxSHTn5Yy3*=
z7}*{8tIR1_PaL0UjfB%JEjZH-+0E<oSQ5WrchNi54jI)K!h^&_t|7kUYhzyNyXKto
zCn*Aamm7?Bc;hD)vO4?eyZb;Olv95=9E8tqR5oqLz%zWlPodVo8@vCH4T1l=Is3P^
zC*WUg&;Kwrzb(!GurR*`%YP)x|CAj65gz~3{QOT#^B?)~f7qPNF#qG&KjP!JAo)L;
zq5p`M|5%^@9RD}+<9}-d{EspG7y0p9IsGq@T*k!K%-Nif{r}ho$ixg_`4{=|SPRx(
zc{QEyH0PIzW{b&qO0dUTPYRPhQUfwl0I149O7sCm!W2ocAFZx7NOzpEb?TfzA`4Ma
znste7hK>2a$u^6FazaAfG%1d2XFA)osZ>iQA32%HrtNC6h4dz^75(2_r&@ehsBvSr
zQtn2SgqcHMpRdELOQLMt1O+B8KPX4Af=`jd-=4@skGw(ln)-HHIy~Q&_F-=S>5Bi5
zzH{3;zDQUfq_;OCfXn`sW}Fr34kD;YKA6<^wuHaO8D40Zq5qSWNTV#?2%NDO=;1Zr
z-1CTQnhHNZK`Kp~_|DHa^%LYar7HiS%$L-G!6&uPi(+axji1_vVLrC+9Z0CTIozGv
z8<fi(i)eGunLj=Wg&l9REb!H$ZXZ-*@V2DZ5YzH3i=-=$Y7YG(B0~DH`0Q&NmSNQ8
z#lj1WH<shc8{e(a#+=}l={IfAto4ieJX;UuYCgNZc>YF6$m{wM*_w6?LcY&h;=Zuk
zU*?1tL(JHR;Un7joe+F-yEyH&nZH|@&k*b(98e<;X}bYAVhjcU7?Wfy{`7m_`E2m3
zhbCv3wqWHqpe7_fIG4AUOY%Dc_;r6cJTbpl_Z|$wj3UGbHqTg{(LaE)F?P_eg-7@Q
z+U$EbK?<|wQ%_4qm**kyL>5MxqtXZ7sL%I02sT7}{jd{Yu!3m&+rIje{kt2HW5#K-
z&3o(PjJ6k*KYV97O<<Sq%m)p!c47|4_{VNIpMV_`6h;7~d_wX7@-e)t)jVQQYkRXf
zK{HAfCP}q9ox(~1J8X>AV_W^6={}ErDH4F_G13mh94rS2Q*EBHf4MUdH6~hn$ahPt
zbBW7{8XIN^dWl;RK%LX&)$Rt%ufE1bG?hvCv;p1IbNyS~CP&xu>TH`>uIs>3wYbBz
zWgx>17Vi8X2XcAhPuT)=KK^IBn_QTGoO|j1Ovec~ywZabSWn2210N|599}-qv;*1$
z1IhHH2F;@rk0p<{sUsF3>w81vx{7TT>&hy&l`v0+RD8Sg7j-Pg8UKs7(jpM+3&+yo
z6H+5_(;Aa>=G-kbeVMd5LS6t@fF(?@5>M?KBdbNOmXj@(B@erY!Ge8HIdGuF)AY~p
zM@mkgbGB>dRK4Rr&~}r`_mj6+;OmeKUs=0gWeg(Fqg+nl?2}DMbW5q&Q6@r?oI#a6
zxajV>PyH3{Hij|R`UYL3`Qg)&^jaFWLJ#o4ktdmE%a~KDLk(k$E}o8-_gVGUtX+Ne
zP8exqzFc-$%^lElG>m6IL-XGnmji6vk0V|uuTC_@aB3ROsbx;Eb)soxysAz5g^XDB
zY<o?QBfw$n->;dbzPxV#F2pQyyHRwv?sy$YzQ*3)9NvWd`D8)CJHI*_d6UEYdtHld
zb3d!K!S+<M*;Zxo5sUAAvz<(H3&^FYYZk32s4oM@r2rB~IG<z3TlIhL>T?45NqCDb
zxK|%@rXP!>OEhm`pcE@12<4jt1{*A7;~!$8o6o4Ou4&vh$CUr%Ds#rRQ+Es=chcs1
zc|?2L?l9e6J`Pyc-hTplF`Mg|3As?w1U|)EQQ9zQC*K-k{lQ`Zi$s6yUT~;>U|Q3z
zU(6P4cYv_RbPdKgeBN4km9}K)j_U4|Kj@zF4uf#`>)5SjT$p|A=61LJ5oq1X0eXid
zR`F+SU@ekGk?8T*MOrW_L=q)jiUnsN0(3JOtC)%w$Lvsp=|UM;)g8#Rh_#A-ZDs8b
z59~-TBRU`N$DI89Uq{(5((YvR$-Wf6>=4wx)IWFmxi-G~<v-s~b9D@lqvw_LT62yq
zvj-&<KtSEYLEuMIE#qs}>`$7!FPiY2Wj7dPHZ(WPcI4v~UqjmrE?l?zdV@VYEG^r4
zf<4ak2{C$MPK)rlPy|Cx=NUs?>}3}2Ex;oEae5;<kL>o_ybxdb=<N<d^O>>cc$zj8
z15eJtQPWWuGKDsT-$;8xajO9tk-r<=jZZQvC?SAAWY?Td%?E@)27609EmeoP#s&a|
z{*{fieLygiN<dJ(lwV-8t<lo8S+DzUwwQw-@p#;Z^?2OGqx9KJXZX+0le>w&WVwl7
z7TllPci+8CgQ5GNA6R$nfi~nzdyMC@MGB!Zq{cidUMlKJ=3=5hfaXcTp=3CnHpXcC
zt9W1@+lZ|aJkWie7W-?iLNQcQCizF6q;v4}614<VG^%G@V2SIcmEUJd-9jo)h%#V5
z6b>EcG=oe9RVG;TVbG{~RpP5?SyI=-+S~F`7!{E8t3l1Wf>`<>nzmx1AXLl*btriN
zC_AhG$8*Y@kIV=6miNhr-gsZhn6BF~5{9{0FWl6F=6kC+!rsK6gI4F`kR8v=zNZCp
z;<^r^;pdDMm^4fwbCgu=od6a0Fw#@iG{t&ZyBw<(mMKte^87@~6&Y+FhaLNz;i7TH
zN7K7ZGP{f2DtD)vx^BJLOA$*<*4ly;mq=9+!H64tjz;xQvLfZD+%M47pVULozM@>+
ze?jS!<HRD===7pe58B({zDptF8Q^x`f=_1m>^<Fg@yB*KhRo9K;VMki3zg=qq{lG<
z2Zb9<*)3&A87=DyCG1!;Rh+!dCr#O^(?`LqNK9o!l-U~*T7~1^KB1qprbU&mrqxl-
zF#9Crwzt_A%Tv`mehqrexUbuvg;#{r^-!OoJF`2kJ}8(J{sPW07)5C3mk7gbS2(<7
zd!r6C`G`7Afew&=mO_+*n_S^`?Wjw~1zeUEU|y(JBS@5SV<yZT;A>KSr*5*i-2c$J
zMcLmcTG|NFrU=lY7l`9pNk?#cE6O&v#L>*DuBxnJT)68hy1>WMAY_Ws2#a}PM&IYZ
z36C5VTnrRsw1b;(>ooeP`mY;ndMvBi(Ppk(Et`J*F3^f<;Z6yY7<y=jun{&0tjRCS
zZ_6(dw4<|QVO7(ZhJV1Wz^=ft#2ylDe!x((9!+=34=EfCD53w-FgG3@WmSMV+K!&J
zK1cj?iofY+_;}B9Ccp6g80pu=6KCV|`Kq1${i5x2WzuALd|~zLYN%;1ym0qLOczhA
zGGn!>$2Gdxy8n(lCbtaOdS;;`sD~_1N}S2RCAdw=hd!e;|9nhtx#YM?HhUPh-C+Of
z%Q~r4!)9Fj1^(TqtXg#JN`uAB)j@SXAh?K8Mb)RxdI^`BEWbk-Ha2BPdAUxX4S=yZ
z$zocc4_uT};tg5HUG1FBpFQi0pCS2LJ(4$`9csl?)E&%>Jz<Whp(%Zlu-SUG-e~g+
zW%Wz&^Qr}Pvs>Q#Pf54*HNN|C_p{y(XAjt_)8%L`_ucVdIUWjrqObi{r_+6uOqa8g
z`5jy9VNBcb)tx;o<$KWg_PZk=_2n46Vyn+E%ckE0e*)b)d^0<Nh0U`4WQHX&JJCo~
zkdiC!YsZ;ur{A?H!CKP-?Li2{<pmiCLiyGZpLaQqK9$3E+|MTiJm>lMSlz*{%NZQC
zY<b=M{$ePJZH!^v^Yuz5TMNMZaT{h&`{6F3+{5J{#uv7#Gq0FEeS7Bt{*IwsCw}xb
zG0+u$zls4T2410D=zHm>z%Et(dbdGbE5syQ9mx*J6#+Os0D7t}j1Mim%Xye>pSY-3
zp|tL*za?BF60{MOMhF&>BTGzzk&!)BF&>z`6){Apk)OJFR&xP{1u@NIN?Um`kqS-@
zp<MJ-KNY+(xmF4lrdPEO!sm_M8I#a4z_CSsDK9$K`>N;=$dxWgjuSLTTx;}^bCDp=
z3zsVuh)YS1cPq`6SS7o@vcvb=tPtQNDHZTjh3}`OVP3=rff_R6KZP1$Vb}7fpmZM8
zzr4AVayZGpj}6Nz0e-}cigen%QV088FJ2XU@POW7t|dcQ37<O`wAV91UH%HSE`Lz~
z5W){71}4yv7jI%>H79sxJSpfTC6Lztj2H^Vu|A-<9WPltPU{!yEt8lbF4y*4PL+E;
zXTmTuM+giz<T^)`QuK9f#Ux0h5-q(<PMEik=!aS&qN4Jz=`Z3>NeNJMAcUR)#o>Ts
z)Esu!c^nlR1_MHbyZdC}z>R?qNCCo>rCKDC6x||#8Y+Y)ECoA9l7NgW(trVKVU(bS
zC#0o(Q!aNW{0-^tr>{>*J-qPA(riYE3mk=^7#=0~I0Csa=+|ECubGg9GVX3q`Q2yU
z&&Yv(O&}#b6=DIW7N$f9Kr2dt3th~AQNWH04^b6O;wu+`HVjn~kl(J4Pz?8&KFEa8
zd~nt%pBZsil95D$%tHt)ulUQXqI@V|9RQN8mTwdhB7Aoiie-)o5t6{9K*=<suOl;D
zZD?8Mn~El}_yhb9s)*Eu5-ApZa4A-$QSLO5&ezwgc8EuzAq*={Hb8?1-avw?l7%{4
z2ZHjKA@vbt=^NP(Rz}c-E&l0Qces0EDzQV!^9b9>^Z6i_JxEcu;j;5i#V^Waf@sJ=
zP=gHfPYG-#L<qtq0yx0zk27=c*F^nQg`r&IhyW#O9!w)sI59EQd^D2+tP4cHIJD!j
zwZx2a$?>*4kTm`T3jGkIWCkN?IpQ?T$f$^Yi*f{dGP1W-CNXJ9Dj4!;*%A@bF>Xl*
zeU2Qs5)tVZbUGC`Q{kq$g=WSzLauDf=|^b=S(OW<A%CuVcKjJ^^5~*`OA%jUV6u~&
zSP5t0I|9;KD4DTbbm31li6p~C2Vj?WIK&9y`aH`z6VIRZl=ymd4OC~n3hT7aEDAnM
zLflYG(jkodh`;|J1{f(s&doA^941n%u&B;8^@&gc1fn<gP&Pd~ybD@Or(4(09l~vE
z*DlZ3k8E9<BhX7RPS7jc)~`0_7Ee+A2M&M#vH9_9L&WS^t$uKO+wzC5wkI!rt@`h~
zu<M!~xmMVft!=t&@9OJoR|no(m*<xuIk(hJNFi_DDAgawt{&xe^r@vLpfcH)+u63e
zYL#mze_WK)Z3vgB{&4Z~xk>*lT_pMQ$HVhi7k%73jA7^YwhjK=!G)tgDq&f1saxgf
zc2B<<I5`2WmT2zi`o)E#Cs)<d0KWY?2>=C00~#Q*N<Q&>d++yewAD^;z1-2`-vv!*
z*?+Ec=pz(=x>YWoUZ10{cJ}=^eUnQy#A#btICpl_99A<+ZQMSdrph<2;O69@6z;6t
zJa%x^61A(X9F~RjE8IM^yknB;!;d>NK52P${-ulaS0DHcKut)9qay>(u@~e^Hw8HH
zVQ-T@e(~h#siMl<)=O1&_T1956v`}xoGQKpL%1*^*pm!gt=^C}5?STT!V?f}SB2Ep
zosmO2D>n5CLvNU5MTtYP$k?=Wpt*`~Rx0+@(p;gI1yX9`g$S;!swX;PRzc_XNJ2=Z
zq4y-!Uj8G!32DrpB_{P3{yI4iw#1yq|1E6M6o4yNFBNLUh^;=`ox~3^;YTA4{;@y+
z+@i8Fbq=1)iG(`NSO-TjXkkuX;0vXexIbGi?x4h5Vd^Q+Jk`Wc)lcF`h_^!{DrO^)
zS#*lkNQxVHsixwR-H#!`ZsuvOg=;(zxW}P0VO?-t@!UMJe|v3jgz32yMu#lLQW1^P
z+&9eQFQ$kRJWt32D2j)QRRwOljU0=~*z3j>`w$>1coIkqnf!%aMs_5wXdJA{9s%49
zFD8fP-x|iFsY%6_xTg-1(|wBvCWU7iJWn522MrG_3S|C4XcDIw!B}!H8ix{i12*><
zxWzaZ-bVo0?bE`p9Fr=UkJ8~s4UzkF8xAx(Iv<`J;E4J_1)egLp6z;T&8fvID-^;%
z*!@WI2v_F~UfUEwH_QOP!(J%n4ypRqEno-Q!SPNGj2wPPj^)Z0M+7Xdozn!DlAh+n
z5#k&>B5vrA($~R(4WWfS|CP=$A9h(&rrAG-Sm>3>pOwfZaJ|@D{-;+Y=O@-x)~vw~
z(fF&sno)&t%iDG6p<_N-bW4qT<O~x<#|?_{c!s|cE>;N_QH-$AjU6G@YLb>qL^Q_9
zX&Px}Xrq`ugEH<SLO3L3E0GZzs}#JT%OuQ<OVWQVI&C4U0H+W^t9puo6suXQ10)Tf
z3XSW?7^G=w9h2C{e3YkZfNoz@zmjm_1k}XRlUO##_n3hS!!kxA8`w@*<~B<Il;)!+
z@swgarOhRSd5sEAA~iCb$;NranYOPWc3QM#&fm>rS6R}5_caiai}o9*9SejldufT1
zPpsVYPK?RRO-c=K5QXHkGH^NLn%qqdajExG?X~y>5v)|@Mpxa0$uuY-M*OaexOhDK
zxqS)e7||SVEmmq~tUFU^5F-AFYB8oV2y~gwv@A>|ZxrXPjHmWTI(`it4VYX$e|+{Z
zY=ev$8HRED8`EhtH>InV${*hc4sl$<wPPMV7vO>rT!TFxNmMS!Wr$^#C*vBv@)G9C
z8}t2LmUuGz>q@?g#*!p=-7Cd&_&W-Dc};xXuEy6ZL8GYu0gSu#y+XXjLP9q>)ew-;
z%s)}VFlEWPIA3;U(R@io6H$z|sINEm&`9s(qeus%Crmgz`vSlRPcLTCtLI^X@Q?9C
zRa#B(;9Z(+5Fg);ib;Pd;#(<w$H&M@G4Mezq|vl@kuJH+44+K4ZmMvIW$d|C?eJ8(
z5<qEW;F7g9B}<;3lG&c(5hZQjm0Todoa%xB_)Pwo5tUxKNykm%bGp#FZ;&m|p20em
z;jjGbo>MJs$!knpkKsC~E+8XB0(Y9GH4p7hQ<|3RqDD0tPvARzQmHNz=HeOuQKEuF
zmZC_I%@E<HezEWD7N#gG{vuTt;W2hRdb_w{E!F)MQ9+SjF{y&qEhy697FRUEq-z*p
z@@V^luR>Ci6*=+Yb@FlOTWI9nr2b(UU9{}vKp43Mab)P}slYx}mV=-6I%nD@@41$P
zvm(+q>!ELkI;CaMoIE@{?t0b}ta@mQsT|H*7CWwF?7o*du>(V+(lU19yaN2VO&EFK
zF^66<2)@u2wJ>Px)^ADi-l4)ZF%LrH%~*QqDq>d{(PO)JU%!#>wS+#bL{N3wB-c7I
z&0<P>8ITTnWT)VkO}IIIr1-ZQj*9DgW@EiX>%tgQaa_d|R%2=0)VUea=a>J?<gGIx
z_lH$yI-*To?aP57I%T{9t)>62-kdDeMn644V}Rv-d6L=*(Nk&iopLpvwQ7Bpcr*a-
zv}jF*_6IlRXJ$i2_tcl1d*qZaLDh?fbrvB%340><m5h)&TkKn!uUv>Q;$mISl_DBd
zPPV3$yq<~{rXGv!(!E;A_&Cy?-h5(I)A@Y6lB+RG6Z4l2T)CXs6*#W0z|Bkz<?ESg
zPfOVvH6Xc5-LZffaU1=FB>K15+=Y_U#CToib+8iA(q|Ti6j;`Un>4;@`<Ywiyv_JX
zN2tkqsN(vR<@|727VXLoEsRZ-Pp8V{-+KTp>L?#8|F4D=*->_7ajXvc1#UD=tnEdT
zwTb(3<>t9e(Zj=I>h4MKQ!PK<o1#YVUvJ~tzQ3lnr5<i_SGx2veNh!U?70i0XYwYi
zsXsJ18y#nPUftSgvUSo+jgRGWJ3mZq38Ze+a-#3;dIeqO)vp7}e^-le@*k{cjx%mf
zXP-|j>L)24@!u4u=?ym$B^#B{9{Ze|wSrgBxq!3Ox(ZEu3CYww=*<JBMl7C8g+6eU
zEY9CfO?iG$nDMB3>%akeyl_7y(Qks@WPX@JE&eT%P0kcaKW)S%M*}{t)t<*voHZdx
zUWqc@5vGC&^hkkR4x{m<D&%tcitept1$4O$md3AR8ng4`bOuxC+q^|5eB?s@>3H{W
z9!&m>eUQBNBl&2Mk;^7#$RTFXA>Hkf$nmYwb^k>3sL9T%OSFqlG`l*=6a+BI<#=@H
zxSO(jbY$_U%JtAEQsh!1=X6QrP!h%RyQbc@$>942`~IG<9x!r?A4Ry0<!cadcc$@J
z>gR9p<DpILtxr7sag-0a860YSKQ}&U$4UQy=rc{lvnJPbLOP0H2RrJT2>JV{67YH%
zdGr~1L<4BAjq+;GiBeDaWpb|$Xcs3JHvy1i1=W8XU6YXS+cI-HrV4Tx61!oI?fYBq
z*JW>M${=hzNO6!Ra@+3GZ#hJ4Ir#N{L_Q5%ZH`|dd`3PUwP;HRZ<;1*OOMkX9>D@Q
zq3#hj#{DxVgFyuyoj70LIo1hC**(Vj;@W2A_#nY@8x!ZH03fg=f&kjYZh&N|RFDd^
z<aIr?Wcu&=c(C8(e-hov!bRnwnbJi_HiOToP<Z>q2cCqCxx+bLwmZk^(|&V_4#Z48
zefJmT6JiDB_7h?O$$~D60OImwKmg~d;lBLqREao&#+zoc18nJDD<ZaaiPh4RLDi-W
z!!m4z0E0#uwspx|8Lu7Uelx-y;)8W_be=<FquTGL9rA971(L+;n!Gt)xsHG$WpX?~
z`;IQX4!_*ivGJhjf=_(Y6-CX8V}EmQQ%Yir)WK5X?AkaNiDsu5Lsjy4#$`khtEZzb
zvV|V6v^hRSWi1_w+AMJ;;_WJWycOPig%x$MYULQK{uXPp@o|KdfeEB${T69e8R?|#
zP*0Uo9ppG*O;1fS1DgiVG`~EVMGXaqcD-U;sZvoxODrYl2scJ(r=v)v4m<pbG*rLE
zxL!{~Nh&34sJ73#UW|fvC2^SI4tUhGCqIyunhchEEZ{YHAmFtK-{*pR%*)Tzhpe0#
zd6FklzdljRAy}a^CajLWhLF`sR%jYm37&r$P!5tn&7E#W>~xw0>$D%bB1Xh-)}olE
zEO$c5HocMp(->{c)@;H2(}K8>D-3HWeN=Lo+E7b$!l7BgCq8LCd|n?T3L_lY72Z{;
zVwX7Sn!+>fyfqF5Nm)rYB2p^&z*0#?%DJwFjuO48SftWj0|*}-EfM6xfT$K320S{(
zT+VP5T91-+Kr#xq(ZeSTsYZlw`Bs*3tZx}C8QBX3(vCYI^*z@ozc=r?;tRyeE&J}@
z0J;C*PXDl9Hg-mi|Kh;x|F=m;68|d)mbJ6BqZ6{THvUf#%=$lbU=|j(Zw&lTsK|GC
z2ooa<)4x*S|7!-!!u0PM@PB}{e?@KoJ@Du|B<26afa53sVZfr#pD+xIqC+HcEGR-!
zl5rZ3`3XKiYoN_4Q6^d7zCUL<Y>Mfvv(wvG@nZ`sIN7z@&!%Szz(*mAi-S#iG=aN9
z6)jS}Hv;WnBVQR_z<ncNT?|O&!q9d~jmK-N$VQsotfQ?#&`7;%u*%0Vb^_JQ!#}1|
z7&3Wyv6`BW(1HA??aU0@V94z)(T^s_E7h&<&^497IZ9bUYD2UJOxZx2=g1n!qht&h
z9maXby;=#7()?kwGoBU)#SU4=#ivOeyF@oae1bDVd}1@gpJ81TatvdT2cQ=CprvEt
z2j0<MFfwku;Ibh)!93X>2p$*vDAyHnmwB9Xh1c7M5B8t@Mu!Kc)dX1HDAO>dMJ(^1
zh3W7e=H8&kW-(U(ZkGN(M)>@1hv(nYU8e78`mZdX?<gF`|KBf||4wfIW9a`Swub$m
z;rZ8b`tPwd?EmN38di2j#{VU@Mn^^U^M&(yi#e7V(bNwZ*dI0`_6M*c6RVQ~k{}oe
z3mqMVDH2>-I2I}MqHC+$N0kk8vlc<KS`AiuFQBo((M{T_S=Q>;N5$@jZRh-9t8Xja
zz~$GkneIWjuo_;suin|*$?oT^hnJq8r~1Jg++Jf5Y9s+$@YOkee>Pj}1fjZvkYa2!
z(3PgZJHLRho{<tPaX_WD<X`4>f{vgW&Hg5&97p@Q?;(=x;fy3&W_sb@VC2STM=4+v
zFqj9#U|D7&_h|3^a#yxGyGO05e;#<QzV)_>?CnqV)y(^m?+o5Esl}TLxe^DB*7NFB
zJiT}!{n~a!{L+J!Z}G>EAF~5V*Bd2Y)a~I;pp(IVe&h}RWhXN3&gX2<{*Hi#1^!)|
z7{H1tYie4*@tX<3%vz_5hR8ue$#G(CsmYm)#0m55=SLvUo%>eUpMqY2U)UP~o)TOM
zdzL|ZpF1&DitJIVgHx5qR`zsV+Q)z6zz!>qQh|elMhiWiv6>o={@&^}L3#sK){eB!
ztv?F!X%imQ@s-XV&Yl@t0JI2OCl-&s>rd|G(&mZSC)5k+-Q`mB;%`#a$3l;Om;;x>
zr9NaX`m^l;c;IZ}*!GCCf+CAj=Nkh)&)q?Dq!1SZ&nUSfD)moXm#CQDwcpvZA~E)|
z>n@xgIpsoY!xu!}p+A`wx)8dB&=o@1@>n_0d;S!p`d=f??J6ihl$pcxQb*^D&p(`b
zKXN^iG@(h~%8(hIE4J|oBjyzora#w<#9|*rV>uQ+f?tgA$G1rR+%wP!pg}JUWMLp@
zm~^?fJI2vRD*`2F&nZg8y44vnn=5n&Rk-WPM`j51c-I1U?<hVk-tIeGJj2_At&@%{
z`mq4<h_K`T3^WX-8|XIXGUCYzZo_CDhmj}WW<5u<Fi99oO%$6sCmZ5$=Ctm|M{?XI
z=i?_0XEJZr4-bek3DIamPsQ>D$sz<mR}0)Rz7dN(YF-6sk_%I7(ZrJW0&S34m}uC#
zb9!oK$Xv{CA9Uc|h_x1OQ-%S7VcoUO3z!faBvo^C6jdqNrT%>fpMZsB9x+9HQNa}}
zhE;W0Poe3Q&#BTPES(G1bvDNs2e^!D4({-8@BKAuJXN7na6MEU7Ufzy=pa6;(gc$I
z1mB+fsY5!#u|l5#-dpUVD<z!hSa>*Mpls{>QWABXQd5(RbMB3_A4TcSkiY~+YurbI
zKS=HwNLsk{A>J`cG#Y<RvhCq8181fd!d$2*)-9N@@Yla%#r*5Q?kZ$HBbq(uy)Yly
zdN2S*v4?x6js*RxZU?W^Hq66%iWIQIY8qD9+L;>2?b@|@Cz-PukbrWCE7>l&m`JG?
z#Z0E|_50<0EgY4!fUp$QB#gr1x94?xjd;$lYviq<)pFSjE|=~Ou-epJg<qZgO26vg
z71>i93NBP{6jm$ryx8?37>0RZ3|Zib7O(Wj)wV9^nTxPx#WJXs6UWD3Xk|(o+WnN)
zl?ai;f23g%B_v6a(#XgMbEFTKiNJyJS}|$TO<6CnSTPZ29*$+vJ6&bbtNohKqKEa>
zuwu}<1<P~JZM-cW8b4IHZr^@=4NrU!pb>-oSUY1pXa8{DdmfPa?Gw(JdK7n19>}GE
zuDq8)ESp*~ckawH88}H-6ImQt9(t96Z=h>WrW~%=IBs2n9>^+)ErfDRdI1>DOr#rM
ziC>@uDB+7X%J4UwY`_+QBru#V@(AZJ%_iC90KLn%rY30KTWeX<H`0nl-UTlN8|U!E
zs^L^bFPFehKhQ>2`y7q>lt;6S%ZlZek9$#BHL_@btjH}`bZm7^IkrD}9<r9;RK-gF
z8Z)}LeG5CcxWolQPc;~MSLZ3&pClwC#0}COu(=>_miQoeYSR*l^?B;ziQeTkGX7F;
zwQwEk0}&6HiJDW|woS6k8&L`LZ%{!kgs?oZp;9Hsv{j~#hn8k#)+E=I5#yG*r-OiY
zHYoz+vEYOaI~bdB^+!HiX>qz1ajUIH)WBc0%2OO9RvJGcrA(eQinYL04^+xjP7%41
zY>wslUn1$;0K}^-$~d=SK-g$jlswSsn5Nkn2w{(3A3=msEg(j<49glr=3u;nw*=MG
zgidgdtj?QDaHcMgn;#JtAs&oMD5fCiYwv1{14m9}7&3PSYWG)**rUW{?J}I&<p2^8
z=os;4*=wHR9ZJ~Ih*E{i$rSi~mp=y(o|rwG%%YOWR3n2zZ24csxzN4rNjr8wNX8`Z
zgtMj+Qs_Hx9~v%SiMX@wW2!o{FU5+Pq&*{$i%HiHqb1V|aqZj!3vb*;<U$Cx1(y+V
z2{=$GgbChH+O0qf?~aznEfN<gXiO|j&P^sjS~y%3H-^tKXfRA^@h;?_N?#W<(RvqB
zkQ;)kh&GeY)v47@tD3hgx@l~L-?k@0qN-D>SE^fV$~PBUitUtJOro^lY;UIe2LbRk
zFG0>(A-Z>tVkfupGhiNGKK(<`B#sUUIUEM=Vm-73I(MrjIKCZqhdm6wwLQf>Zv+><
zwVHu+>Uu6$qN}@iJ499be_?1Bt1mt!Pm|QMxt%1$KBa$s-SLB?Iyk&;ZA54uTVQ$g
z?!I1|X%39!kr%N0MKhs=j<lmzaYv=#ouNBrO^3<G)He(#`AP5uRlbvK%gK_rk9xpu
zh3jAjy3hbhozs{>xmkrmuaedFRe0ohi#`=q)%Po7A!^!)1!8kvF2yP29>?S>Q=2@y
z>4e1nw0#KdwH0!>^>)nMwKhU+nXZh|GNQq5wZL~i{sNmlJG9;7JFQh%1LN$6WqYsc
zah`~DHXRLlp7+%56o@aoE%gp`%X*8C63K$%f|>Bg<RmltCF6BFbr=$wa}wuQeBbDU
zv7BX@YKp{rH^b_cm2IjH93({CJBDG9RM|K97kO)z8`ga|^WCn4g)$M$#D(b_*27FG
z?xUMd9o9fw^nThLw@#hEX19C!)u3)Pd>De>y<Wx!Z96vFHc074=;wY>udHF6;PN{N
z^}9Px+D*(3zh2xd!E?LyJZ2Dm7D|f#pisOaR|-`eK16idrUSwufOY|yWi}$3wT=<Z
ztcG;YNk>+eGi@tD7-No=jmXSVK@oS4*mo_VqU9Qvn02kuSzmWJPR84_9KJ}r=)CYP
zm)}EaI8e`I|BBefEN3X&w(s_v?Z30nE_~f|jgx1eI}l0Sf|l!C*B3F)JwE*ddLkY@
zr7uh_PK)tNhYo7k*>RT>_Sx;!$pM#trE`}G7uM=zHh7N<F?Lp7f^@q*(#ft%c-s#r
zl0X;hZ=oV7d;ilIgZ$%!OXsE+SPRh05uIh>TrK#Ijzd}$z;)qlzIN4;aUV2<fl%q0
zr>|Sp$!7OfQTu|8Z5>U%Gtv;F!I;i#Z5e}l)~{C>M*r@MpG&qpzc&a-bg%Dg{nbMn
z=6J6O(%~towgY@}-N)+Yeb&mml6>sXMhqacF00Hnh_MWrH)$6a!s&c2pcF<w591KB
zGf42bcVInV7b$Xm0h+ON$L%DgREvO;*sRK_X^kq{8S_9w$7DxUG5w?IiD|57%4cJq
zBA%qXq<fVR8h$zkZ_^C!Zt`mCZlY@XkBp|}^VZVsj2<!@<+qup8t2giN?!Rv&6%ih
z*SK3Ke9;jn@o5&!Y(jI<lol}h&NHvw=r+x6r$057Ze9LH_9vCApW?Ud4*>)rdHOB;
z3=@+PCp#-#Zyl)Wb~ZX*_LH@4h}r7tiGkU|%KSgx<U=_UNLPtKJ(qbC1T2W8%N5Wb
zFyi49Bn9!l_kclpVgNAE5LLv)M&osH4DyRgi>}`VE5ULCYL2)eA$1~>DB6o(l?t1*
zI#f4EUCvke+7Jexa@zO;X~G9`hQ!i-3puz`N~VbC?YqNa(P894y93f`Pt#5FHQSPs
zCR|D;;aB%B$6X#h2eryVRuiA@@tgzqf$uSW0^ktM9J1mOaH2)B{8G!vEK7A(H-+JT
z+6WnB=E<BaJHcd}&j{4;>pw`BkT@6q=;bpu`VD;9kxxZGe$<dpJdV!nLYX$;5O2nE
z!*ik#>wEBG?6_02wRB#NVm^}`4<V<(I1ViZ`-^h9Nlf!5v8B_l=l5Z9<&x@!!IJ?G
zq?sXVPRY)O=IWzSC`->>MWrcv`L@U5tq36py1Zg;XSaiic;-pvmJbC;wd7vq_!*g(
zNK3CV_W&FB@pQO;%lHTu8yY|B`g|upKQ0f4i|-ey-6|PXrBczE&T{V1JD7*z`Bk#j
zO|P%bRrd8pC_NCtM#$;m7I<$$X}R6$DX-ToFXCye@~)KpXkr~~jpRADY^Hz@L|rZ^
z%W^h~Fj7m;4_^+4Y*2n|t2hOnsA)~&^*9pEF}j~)@P_AiM#MD7R~6El)8_#bTR#w&
zorDUIc0}-HSSojeGD$m`^GPY{u-PkcX1-=uP7w}t7yk5#UW{_Cx|G1-)O&Zcyj99-
zUtstK49THN)+61#`sg=p+PXvXQt#3zS|`R29-Z;3i!kIQZk<p&WpnE5*`$zISa6T_
z+qGX;%7(Z<+4LL142}IgV;~G|>PWm=LK9}=zAG%54ojys9j6uM#Ivf6j)l>5>d1OW
zrU^*ZJxch9*J<ee%P~h}nD%STnT0pTu2wRNWJHrpHJ(~MTSa`T%N<2zm_jBP;)P$H
zNzQ_&M@H9ar(pYHQXGH1J@He>`<hg#k(xYPBo?>dPSD>oCy!GyThvI9fvK&Jmzn&>
za36iYCCMKZ`zwE2e9*?eX`_bUGL8yEY#BSGXNuxc+lFioxsV8WUW0v>;L=VV2ZaHS
z1-C)(hj|K6A*I_4q;hN-A`)#3C@5P>$w!Go3(ZJqKJ)_vHDz`7B8afU#@6IXLN828
z${?<asr@Fna-ldOI1~lpFSttjl#FsM@-b9m!);MX<HJpBbt3mzHOYButU7j`J3ggN
zDK)HBt<|mkgf=9bN03*DBkvSD(yo)bC-i@!j-fYE|6mjawgmpcFw#r>_Qs!s5xDUK
zDFQ_0MkSGiM*`e&mgmXjw_Pah6=jJNFXhsT7<#DP?_*+1rX(@$jFDdg@qW+xhx|XB
zy<?DM(W0i^W!tv8Y}>Z0%eJlVvTfV8ZQHhOP4&6+&D?YEnK(1wuiTlr){e-?wIg@r
z`>yB7by%keNt@AYb717Q)G*=oy&}2MrHbWr3p6q>Jw)imCP;JUjQpLZQn*k6!3wj+
z`y?Y)B1Adke-vAR-WYAf$q8GMW#CMHf1J2|d(iWEFgBuX)|0fMiHW+SAhrGT*ZSKo
zP#Oz&w~Zc>B!Tz5;5&NArgNK>%7`_En4~NcnW>U7$jOPBx<&=HzT~@PC6OQt$3cWT
z7~zAnv;;Hqx^jwx=uNt7{+rrY=-U<7YJZ?h#A8&>`=SmMqf084oLeg`OWMS^WsMp&
zivu)HqNQ{r$y!jqVVeCoJJnFE!9-1j3TawlYEf-TBE=#_Bl{tPiZMmqWTTS?r<I44
z$GFEb?ilVFu4dwfF6*kab6v&?Rh;FVs1AdMLz);r4O#FX&wjBYRJC3ZHvn*D8R$-D
zaf3eWDM#$5`qzNfy)V~;f~%m^q{K#<FURjYm_Sy7N3X;rR`1<p>@c_GLLKf_i)Fg=
zWIDak{dTQ13ac?%7i-x)jxGp=ebZN_{t!o|A#R$G-7FYsrojO<@5Dm}r20WKNm)sp
z)L1TJdIFk72ydghUQk(1BXO2~%1ENu$Tzjm7>AceO^-vpSOnHg!)AtlZYr5|B*y*;
zRuw~O92U3D8{MQ=HG14q=Y<Z%B5(O8>x@@4E|0`lfXd1~<x{k}>JXj@N_VFP`G>fr
zg|eHU-d&LfQM+ZbmWsmbTEI@-uEj&dhJIYd+uxUd4zz%!daznJCpl?Ta!mq22k8o?
zjmteQy9;lW9#=XZfO(&Xg8I~lu?&8HnI2)FxQ`-jzvhPP+f3f+lq^-kQihtK^Sz3o
z(<6rSHbb@aGUHr<{uCE(F3XnO@b)UiF}68m5N-uSQSSNC0==avp9ts1q1d}|y^NE9
zwbS)QzbeY@q-}(xn~azc(uN>Dg6^Zrx!w}MP=_;gOG&?3-2j{G2n@eex`$A$;_NB$
z1P&PoSvWcdg=0qUbV1E2M_L~<mOauG<`M7W<9gU^BhuZ6>&J!FNS_E#{bxT`;4>0j
z@O=JN8Z2OxG1K71`5LP{6^pdg8WTigf8vOO5ro>SRmv-il&43YRg#Pr+9BM#JHAg8
z?BrIB&t%qF*0sx$mEPxm>l@P})93NgpDxOcl0iW4Pz_x=%-V1{9v+KaP|NtikwH7m
zDt(<&97gHLS{w{Z6O(X+yn#!IabGI&KnGh08piP<C>Z5LlI9UPlNCQa#^tzt!#%fI
zSA!BIik67Ge5i;Bg}RyAWGJbA*>RUYocWIHr7BsjIvp9f7s3pu7({v67uQ<zo$!4z
zAha%1`X#7_^hK%T!CmN<{?LU=c{BJ$x4o>&grJ|XIlcVR9Q30MSm3cn?=*~|sD&by
zHGx*lBC=mQS`?3QZ&Bwifl-T-pN1FG<S^r~vDPYLm2O<@OI&gBX=NjX4%}w+U?V7p
zWh3Uclgx*lGZp(P_C-6^cOrMBx796S*Jl`vU5_zd`_V7aFLdluo6KDn-cjwMJj_1k
zpJ1=y?|rtj>9WLSmdpsKWH1Rqsk>^eR?SQzxCWS$q+*H(C4~@FQ!2z0F-OUv$y?6U
z8q^grHgx6m6~->PocS=f?tP$h8qQrglI|kjgYyHA;z9d@g<j`Qj%x0zpME>P=JXy-
z?lbR8-g9;o=RD3O?_2aBfh~fOD0agq09PKH%%QYzdV*X*+VSM7PCgVmL{dp%6kT?1
zk*+dbQJ2cP;F&Wyvb3QeCmqg}T+IJQP*r_j!no1_@299Ki#>Igoz)&gH3mR)mMU2#
zcT7+N##-}_8leX)I*ny}@W!V{K^)E-Xj(Od;3dvuA-_ODMXGozGkwo)1`KEYuvmG>
zYpEhjdFOCNpL%6L*$qXjoTUIr$SU#xT2oI+ipW`EZgiY2JYp{7IJKZHs5LHhmo2%m
z{aD%-2e8FjT!wdu8Hg6S`^_6kMC}qh%HNWg!$gupX;5-qu}%Q}fp0Vb(A5zJ)G$o$
zr_#MAgB+Pc8(ygcT_;qv0RYMNvVQ1H4$S~<uaH+p(N2z1wv+ep%B%LSuYhAH_EeQW
z4*^Y<lbM<<B0Z-(0DBvA@6?+tUctH>Pk5cRu~mM?g;7}MGQ}L$AllJ+L0IUOB^UEh
zXz6yn9aEmu`9a2ek0K)FyB2Tgm-KD_psP7_P1MEs-6MQ#+7~5dFy2S4zNp1nCED}r
z7`YF5k9dxK@#GOvoHLh(exi|v`0n7PFl@XbF<?>hJVGHuOZE)fX^<l>X+fPM-xoU{
zK(HH~E<mjt5KFU9R+=@rs$t#mm%&%d3C&r>W5ukWVc9$WN5KjIoyr&srKJN*R7z&`
zC+HO!*ghJJXaVc+*=^cA(45Y=Pwo4HdrYx`qJJ0!Tv`O$g%@PhZ;zPQz}EMYj#K+(
z*eApnf2s%Xh7hri(r2tP$D2zaR_b&Q@$nWP(GyYx8Xd2^-S1twII^3$lMEZMg}-Ac
zZimFC-OExjKaNHKd@8YNy23GGY}2%b=b-oC^QQ9FPB=}g?g@o<Wn7=KJAh9WTOq0O
zeFWDEGUJ-2Me2QJ1WxKvsH3w2A7$#r-7&4ms&bK!Wph2I318gm=c}PMglq)EOu@Q0
zLK+=h->sG*u4bye;kx~t-lfsq2aXS%Lq)QG(DdO+s7iQjpOV7b6RZerCL--iE9HzG
z^Z1QK+cdARtu-$)^*LspB(pDaZM_@Z*{ETj)r>bXX*jFHsx_Ug!;0ob=YI{%|6bSP
zxHq5x+GMyV>D#2DigWV1?b*IMyKe-(yIfcU#$T^$(gO;_U0Op{pRsvp1Q^IxeQ1PW
zpYb`ff|3ya617>=zv_YQuo6Yu#hqP)H4O34vEhutUV=fdfj)sd8t^J?qL;9xaMu(d
zRsFq5DrT2a)MR9;Q{F^@x!WpXgC&=0QL)LABeg`+Va2bgRdr&exfl-|wAq+fSYqV9
z_8YPAa(+$5F!i-p%177D<1V%^nxRy$J{C^6Md90OHiHcrxayU;XjxESK_E(DX(nI#
zQl71F0rk3?^wQ3L9$x_BX;xvPex~5FhG-O6bixD`<|)a2#~B|;D!YcLBX?8(7JtY>
zGA+L~yPoa(QIUDrc%6<Zt7#k9HGuU{0{zInwS;T=*hKNdzDH(e;Av_(KQH2g1&;uj
znJSRe9lx$cdrx~d4Drgjisc#c`AE{4&Z1+Qm^>)HEA=qKkAZUk67Q}P*5%+BX^#rM
zPfkKT1|-d2(89cJ1NYJ{VbIp4Okw#%Jtq#a2M>5Q4U8HQSOe~?JC$de{~(?b!Mz8^
zsmyCqp<(pn@DTrwJjXd|Y3bCgOX-Fc*1uORp{k>So!oI6TPfA^f~UJ7e`5}`+~hCx
zis~=)sxBc~=cb-o6)>AwZMzEYcYi8BFm3@rurVFu{65rJNlwoertgWTKruwNU%ZzU
zf3$WXy!fH%k3(gyp6sri6`<$jrLF0iQwu0Jf%MG5LsYq0a#(pPIrI0392t0@LsNe7
zHrnaSCugQ-V00Tsx<#!mgj+jIwJwmA?8CrBSlXieI`;YfD{uh%iU|(F$edqDB)%8m
zy`GaYjkBkFT8w)5J%#7w*elp3m0iCeUcWWEZ5Uz;D|o)CNMO1^TGP=({>Q+%lcaRz
zim0~COwRR900LQR#}AbJK8=Xy#X6@J;5WFFI(c0n;Sr4U+ctMB4m^Jp(aS(=Gu^)!
zvbMh+y8L`u2=y<5*@4-MV-1MGYQ8Lmz-e66)a9E+k}$(RXm9TK=C(kcXDaJo*S!2{
zEBq6|JR@-V;`0y|eCikKu-icrJ<_n!T5{Yp1a#e}e`MoUsoGYCL~<4v;T)fu-qbTj
z4xd4>(3&9`Qq6dxpxQw_F#U+e*Fh*GV}nNm8~O1YKDo%q_Qz`~9S(vipSI?heF6LE
zIEG2l#?aSIV)7UkKaE&rQnkl(_o3&7zI;*F29^@T+dEy{9xPn7)MaCefMIru{f5q|
z*S0veIoPr9m|;p+OBCJK0l_u;01~*bhuf*9rzhVY4*nfz7<s`6l0qsMzwfcd85xqb
z6T;c!PaG@ljBW4|Dfl8gSJDbl0#`p(s0KR{w|G=s?rzmyB%sVdNp4AB`s+Rx-o3)t
zhwxIopWteIxm5)*NX%_&Daz{dW%Ejtr5)MTt!fk%@};GeM@gtCXcQ>{%-0zy6<Tr{
zoNe~n6@ZMTP?Y9qKNITWdqV?8(`Q3-Eel-vm7VOQVam!?B#u-Pl28S8%m&79-GmEJ
zNJgR6ROQvn;*%z+D?qXv67)-8OY55hfzmX!xE)wLQ76f%X)AsuPZ%dGs{D|`uhgJW
zDupbwkTjX3q%Bt|JycdzUPJ~8C;Xu)uR&jiS&ckJ4NCfBdVI7rV4;Ad&Z16Fp4!p4
zZuNT~#coT$f<rCJ4;2V1RZ4vcSUCu~_}v#zyNUDOTYDoBGb?E;C%YXjo+Qbl{9Jo$
z`ZQ(ss@&r0#`;=;6nW@!<VkYcMN=RZ<3zN?$qAKE$RpH5TjyS}XQqgZU^a9eIR!0w
ztzT-H74u3cQ&a~q(FSHtH{%-gNZ%YRa<u))^73K|9v@uC?smFROXr?*{ojD-<o;VJ
ze;9haL8`}g=2cXd9%JnJ&7|!b71Vxd^f5D(wIU85yq2evQ0d|h$5B=Z6eXPnKV_KX
z(1lekVo?30p#t+|PKQ3${W$#Ngrc*#4dvf#bv9WMAc7#$u$)3&t^x(9+e>1#-K>#i
zDxd*4g{UqXW*y@{F=y9^>Ms2J<1A1rKS2A60Z*tKACBbH`S7Uc`)VcU!covI(;0J<
zn4SY1)<t<Dq=(WkC;~|Yc^f`IlA}t82D+H2&adlW2ksHNapbe{xI=Nrv|gHv-{uRk
z?XD5}<0s<NMvLxCwa`AkRLcc+*m$Q!N^WNDr%|D7@+-KCfQdxwr++*NVDl25zTC_K
zd3Z?ZnP!rViRP*|s}ua(DgHs)JU^8J7{yjKtbWlVzk9R|eDt54bb7Jhm=tQuO(hBO
zwiW%K+~y>OCp#Wx3CV}mTcs-cTY44!gblH`Fcu_>RW#3_4Tzk-D)Q64D*AKH3rwFb
zRB8Bmg79yCB}huqCdJz*)6{tHhkEU~{9>qK>AJ0uBz??Cl#-%NiMP>asQFD2cPlMH
z%3?Z_@0k%BvVc07rKvJ9LX-XxQA&im^S-7eN~MKEu~o>SKeG^X`~4z|sZ+jZ+G#MB
z1+VA{rRTC46yAXaGSB&VK$Jad031?)?APi}78+B|wPzDKrW$O!{iLgX!rF?bnS(W>
zQ1qAsp!9Do?r<13F+s){JdkPo`N-56#Cd-KG5$O`AWWDm&v>vUSJQ<)XpjkCb^>Jo
zHk_Aeu!daAV`^b5I$ki1fMO6D5ap*H$WU6mcCTt<46Y8kxD1fRKRo3PzGfKP8ju#N
zx-3O~Ko*_2gM_Bk0Zw=FVB@B~Ew}&^WGb$}qL6%MekMN-=YiIZlZ(3Dd3B$HYku3B
z1IOdb?FYSV&V~Op;pWki!vWUv<`?Ig=E0RdZK7#6KR3%}32jIv7HG|EHWcVyLXL+@
zQqAguK0NB?;%#61t(v8_Mw1^4MCVy;tb$x$9p9VEv4H!Gp42XDIt4cWB2PAc(E4i4
z)J>4kJ#3#mN36oqr^YvpgSdK#Xo^PJ>}6X#1}bKRkB0ztc5I?ov=`XJjDD5+$Tc0B
zxLVRU$>*~5u5WU{yVbD-TX_XOH9^-aL`m%4oX`NNt^?`iJ>AWl7vP{mvfTh_iok1%
z%ETN(pEbFJ_`5)Q$-S}CMOqV+Wnz%YV-nTzCE#(b|JC=>0uz*%59Wkrv0U@FX!kVn
zgkv%R{{WwdIs9ESj`?&S{Ig|*^F*RouLJYiSa@x$R1SORBIPDOzba7q&G9?^4hW2H
zP6eQZSh)Ye9C!ulMx4mQ40=zu0Zb7u@MD=e?+|(n#1#a1)eT@EXbp!{gsLq(VxtON
z9szynj;={}bcKflklZ3cwkg92GRrh^u8dfcRM~OZA^EtV2XEPY@dZ4?c;qasO%tS-
zd8@HJ0x@`5oot_|GhS8;;U99q+Cw<ZbK_s79}Panm3^^u#W45kj$+d&HLc*H83MQ!
zCIJNJFcF02O()o|xpeLWaeKq4HZ&mxbb0*UbBF#9OXT*!s4Kmg=J3rOe|C*CW+{3(
zEu2ode$3Dk3JQVE)Q}VYRwUxb8izaCgg<9xJ*Pwn5gzhAb_(5IAtE;+WO-_0md4be
zxk=~G@{Tz`{`FL`ixYxpk{1>|EX3vD{(UR-Dt;<u(IS<2)*{?DX|zdhdViWYPk3J6
zQ6-ueKQ@n5aA#TuWg-_f96Uj2TpvukI25BQH~O%EN)kcxaa$Tlfi1}0>&~<WvxiQe
zwat4#Aw@FB9;}uudVG9NaU5lm%>|lAt-0h9rncmnYC8E^KS#4$F4~^}zHTd9Jw@2}
z$w24ve9v}-q~%ZV1X<ax?{$d(LRS}c^_vnsJfP0XIR4v*tH^`jH4o+UBs#O2^Tz*e
zOzAPb!$-W!84E~XbCiYcE-<2v3NG&KM4544GKGDr=I1UD7jhMD_v47*(GxGKi?c1q
zqH^{SCN)KJk4jw9RWOo|4O`q{eOSoWcBAAV)3br{K&-;ncr}l5_7e692GE;H>U9XI
zq^HKSFVpvue|QU5Dmp6Feu|0Cgu{9xX2wE+;z}q6>}1Q7crF!2<HJ#>9+b$D{moH{
zDRS7Sig1q#(SaO_z>`VQegkOg5S(C|>08iK97q<_0q@RcDeQSy#ZK1+sC&~eVEVgT
z9(vl`w^qW`Vc8+4343$km8(;q^nTpWW|M}$9dhAXxw}+jhtm_MNI0(^^_58NO;PzL
zT_8mol+MBrpGF=H@M=jAE*YQ3;waZPfue5<ZiDZnQ9pr0GUM-D`<nreqn<X%!v%0R
zRLD$bb4p;iI$f>30yVj8Gl4u)()O|+tXcAajth_!wo(nR<CZz1ld>^tQ#F$abxfl_
zov81efh8hoBqLyHzFxeNEr7ocY$^VHX&jfJv{C>+>ox1GQ6RvxZAgh3WNuf<4d*E6
zCKDXmQP{gBKB;Rt#j6-Yy4iKujfMdi3J}Dk^0Pw-hAmF&F7~|A#e;u_2IP+poMT2C
z(2vtzoXwoqC|z?XCN+R6)_F{jj^^caDqasWd+_K|FItt#4Oe~})@9MaUx~C#G0Eq%
z81oEKXS@R{H|V$<039yy6<YY7^=p!q$sK>q9TC;}e@!k>WG$KK#h}y4HcgH4jJ}Ss
zo{R3dnILg8sp+kMFsl)tmuMAL7s_I;LOX*tYn=ZKY+uBGWY6hr-r#i*RgH)-XKKA1
zj|^>?N$^DtknCSy1h^yYShW@(Q;+G8alBwzhUIMMTr_{NUBD{gsb8+R2+1wet}32t
zz@%GNO?Vc@Ild~B;utU`{x-1IA^CK9;SQZ6wD7jUsj{I7>zX+gh$=y0Yudt_W%3Bt
zC^`oM#9T2`W#r<_QX)<21o0$2>Co%4V)J~lD}#+@bAaD5s2#vle>vw|`F19mqaq$Y
z7)HW2;RHMxA*9$sm>!u|0M+Bx@W5I@V!D=g8&wmB+E+z03$9||42=l2LuT21oXKW%
zo++;R6y4!3UU8Y~9z1+xfYtC%`NiWsa|LHCxXFD<bP|LX4y%j09<F3$!#el&ei|J~
zj8Ys)oPT9e3TIFX%b<U5ajEKmFr0T?YK6emYQDL!sp|V>QVO%Z>P;prV@yJMCp(Y?
zc3!q9>{rQb9keL)Z@p$wX3)H4emaV;WmzQjcdeZu3Vz5Yf%0xV>&YZ7W8{|!iC=HM
z#fLy(aW<sB?8v4pcim7RVcCu%ubh2G7fGFGWin9kE>j@AVHQb^J~@x}`$HcB%`@;<
zkX{I&f9*_0E@yLmsb=8RC{9Mk`>d=Wa9*s)??WHI@p9_x?42J=*>-K!<=Gl?dx@|=
z^apwQA!Qvare58CAC@6yDLz?lo%aU`XFR8$tnak3<v?TrZbcB1!ANcI=&*0?ZfPAr
zwrD}RRAx_5mKI{mcY$VC`7k>l`os)=y%}G0k#s@+3I=_lcrU5PjN<!A$Ogr}!;Wq8
zV*(jYl>3?)nxvai@oEhD&NWR}IJ_v2Y$pXY8C(V>Pf#9_OHmG!D^6H8))f|EO6W!k
zUKTA<)Y<nGQKwznHr;e6)C9UQFM$r1sPlU=R%32j&J^jZr72!)4T>hdu^hbs-PgAk
zc=-<oCV-cxfA<`WS9_3dothb<EKzMJnU3DFn+Ys+cpqpF8j7s?IN={6@q67Hq02bR
zk&(OL(%8+aTC*yN&QVhCpD(vzh_43{x55xFqHr(Y+FaEUyM*^FvXL#NTi%~9QY2Z0
zF|taxcC2}LW%+3_)=lp-Iv5}1S?>ukUH8#&Hj>$RrTbId`?B2oK+n&7BtuHKq6zO!
z5}T?c9zWewNxl{YH{CqIy@n(=aRoM4<3+Y^V_CO`b8Q}@S!;*!v`2D%jtQ!|P-S&w
z@vCs0rk8d{<iXf)O9OD_hs#iJJ(6$UaBm^IeMrKvKU)%TaYbN1Xfkmz`Msa)sXl&j
zxv?j<1NYGu#QNRrcZbQ&0{wKm2^hE^AR7rQJ3w0}^GOrdQIpcP9qXDP?2;d;>M;DO
zfNj+wnSvvkD%n?0IQKAy+*lIKbR!SoVGQ8<P-5`n$l_{P63>z#^~eg(@yOU8;Z}Jy
zgkCWqk^NCirc|p*64f?rP_xggTq{ZPt@1S?bR!ONB#90JnC#;=1Z#J`j}FrP6r?cZ
zY;UY0?ot?OMA+v~;L47DQ?6Ae=`!5sNmy?ikhxMGLFHW8O=R`UW_gO1t~OM}Tmi3&
z;NC~;ey0tL^-!{Z`XxKtrfk0yIB;J{Hu9_N0LG&BIB>wwPgDC_@~ew;retpds}2RV
zRM;XL%c*;U1NqXDunzmHX^Mc?Z)r-&9&31~5!k-WuY82?D<@V{$-Yj)T45yOXA3{c
zl1`FvmFkF-`o2bjR$gq@VO&-@39rh?!cX-KAr*T21PPVWeTjtfV*=It=!2gpT8#<L
zrG_givj`G7INZeX0)M#ky+~T5NC13T9!%mIac5TrHQa{_eyW$o8YeI@tC=bCsOQEG
zdhXsaoGOMSAyjEv7n{`gNStEa%(oPqP?z+{XdDqH(b?BXpq3dTc+x722%{BFhbh?;
zc>YQjKrJ=ohil;@x!YOuvhS2QEXikynD37}y^Aw-f@8-6os=b1P7tpz4N_8JGc!Ug
zv5jpp%lDMwqIQX4H<IBX%ZyK0HA{($UmZEeRbZgZOl%%5cU4#y3^iUglZQ?*BV&ZD
zI}XQH0H=eh3-)k_b}BP`b#vz64oo*8o11KyF@xCG!b&+MQB-1J&rHvY6}QXR)n}j{
zCPX6Zp9>i=+~sitteb(jG3+&W^XyEBj3V3Hu<uL=A6t_cDj|m3KC&WdQHezo9W<8B
zG4K#;qzp5bB`|2;7u9CaAj#7*G|Y{Qlp-QRj!h5=gaZNy$H){3WEUr`of*fCMG$0I
zuSJxd#SoVyDiMq`HAlt3L=p`mjmc>vFkUAuS{AdP#ZGOHB?g$yXEzL%K+GTps3y6G
zN4syS6>CrGXBRJ*NWZ>N3h9&7KZpIEs{c6R3|3Q>Xho-gMzH9q53ooD(O;`!%+kAF
zt4{K*5LVXD4#!jyz{s&yza;3FBvvCSf$y+H=7gw4XvgxXY5|FQ*}C!jTmbfr;w?G;
z0-P>Ya`;#M=l_qXMo-T`$MV0+^#8X|HG%(HrvIlR{WsX^KLgcR*uUMu-&8gFzlbY(
zdRC_Ye^vVLiT{Tx{eQ!$vHlC38tcEU(#QVKD!u1FaB9gxNPlr^G2d1C!jB*NfygE3
zhQoils!ReK70^N=hg{Byxb)O<DAy)-%CN>kjAxu1?dV`!O!%~R7FX~Ua!<zFE04GC
zAJF|fpK7HT?-Q(oxZrwOyI3cz5z+)1wRQ-=b+mvg>sV`E$Z5U3TB7#Q?sZKF{Bq%8
z>Oa$q+&wEjz)LJNnZ4W6k}7OopxSAPz=h9(mB**MnHE8{tZd--6;KIzv%-E@-r3N~
zv>dFaPOZL}?&m3x@}x@&r<?C5pCQ=yKA^K3B@ScM5H6<6#<+}o>~q^C65u7DREp|X
zL`zQMMMtIQc*v&bY%(t0yo)j9$@YJyo}OpzbRfK)0jGR0FRbw9alBb@1bv{;zYWFf
zeZ{*zY!TG?{IN!OGa)m4lnqw(8LjIYv?);eLQMH!e1{GFKzS@((3vButO}S4xqD<J
z?Oo5fBN7l4ulubyqyC(+W`|xA=Dj6q(*gajmgfH>ckTbU6#r!{pYcD}^6Bu|{&N24
zzdg9D-vxTsZ?7&ZBLhC;w?>wQ?OR*>U9)Fm{MOHYt7n<m|KmB!U!U$@FE1+_B=fgR
zm-R2Djp=*b_mcbjI_qCQFFW&psA<0+S=jz#%-{3<9n1EY(8k34cO2y3d4I<<e*1OV
z85sWsq3v71`?u9kt7M~WZDwF&X!NbY{jWWLw*O9OWBd1nHg?wkqNnA8aMWB#xH|i^
zA)Ask9CAiQdRqzcQ$${4(=<qws6i3!$EvMG2jACxtvyhKinS!0p7ux9c+9Cc1D^&2
zNj0MY4xB|^g@rczEzl|zXGS487M;mHhY8yU!HwPbKJIn(RW)EIzyj!COqKtY_;%@i
z)%Mj(fPptF#<L>e%l4ti%pw>=h9IC#D)jRaj%;O;m+aGbk9W_-hHepU^XW6A3IPxf
ze_YzjFYS-)r>!<Ufjtm`gl1PEDCAeCH3UIiSMXcdo83;?>!MaV@9#VIkDdL&w;f3o
zHqrF`@}6QHFToI?Nw}SLTou+q>pJE!f4O%=RQW!Q3BRa}pgVSdt!ipiX=2(K5k~<H
zmzxhYt*{QCsh$=#AAl2^Ze|GH_it<oyQejf`Ut^S(pUb9LI-j@su=$*(ruRh0U!hD
zQH+BvGx^JKalP^?)m5C|tn9GjK5cWS@@l4o`lQ0alWVOuW-M>)Q;g~`j$u^0B5uNy
zn3Zc~#CiQiyhc8TLYP%ny&{LKo48vDHa=KB%`Kg`h$Zq=Wdd%Jaa>nimt+E)rlF=G
zWzwgh2A^~ER<8zo@cbqbL<%`rzSTa<8v7`~Ew)?SJMIz$MzrNKC)6P&*!3OFiZJLf
zxtn4w1(>~rec68Y1rUR|$M7S7glV5_jS@t{zWp*;RZ>=x4PT2KuA?uA9K_i569X*2
zb1bXFpIK7>ovgB$-r@`PHQY6xTMqjuC99;B%Ek-gD#<7@S@GkweU6iu^o(1LTiB%J
zcNMWUlKhU4b>gFFmmFyg+AG2-Ld%F-s#aa)OJVi_!!}3xOO|d^eAPI#5t<P4DNH>7
z<aov~OHo*>#)(9hVIH$MD~c8@_mPc#STnd4K}7#}c!gKPNJ2kpLRjN1tFjwlXHHt}
zG411$)GKsWqerdAG{*~?<^D%(p7jP58dY~^N|TGgRPnZh)D;_CtGkJp$b?@OE0?@&
zno{ML57f<z9jHN`fn&{=)+w^V5x@@@_Hu4N7)5AOPR5hA@Y!v|;^M=s7)rL<eD1aM
zw|HB9>h;X!mF1<C<(1_~@kp}Y^SX}L9H4kzX)_t&4C?o<HE$P+Kk7z+CJR7b8hg1~
zYV~IgHE9wke^REJY6}-oC9G?=8o28qwES8ncv@Ijsqbw3qjH#VB$2-^pZwNxs`2)j
z&{kq|a9PqRsd|}t-sX4_CH}Bu!n5VKpXF9q>`L)TzzPQE<!Cxz+4UuJQ(pi>u2|V|
zeUWP>=`dg;+pu2_E{&TF<OYNSlmKLz{nO=R{(<C7aw$pp2qp<S>9CUMjJP<?SoJ7A
zF<w~$MZqjYOPTxWyaZ+T&)`59>SRUIX}&PjkrH#_h$=1Qhw%nquUpGmg6O@@i4EE2
zM!T99x0}&AhAsD<uM*7x=_j#H_E&@5PAmwDgT(Eb_15cpnZuzNV<HQ+Hd|36Q`h4q
zR@SEx$!qw<b#bQ#1|N<zNrGWpo!6k_+PE3yvP3~F1IRR<trpjUiV!l^vb}?49I{sQ
ziwshVdVYNOxSYJWDPpN~D_*7koFN1<U|s30?@IDVgWtC@B9SJ86xs0_|K~A|68fis
zshAt5DuP5U7F>Ffh=4^DtCIL^D`v5PNf-QsoQg(loMx~@DkTIrMrur^>@jEli-J$W
zQwR*NSB2L=fzL`}v#kBbbFt5bs<V#Wmk)1@Al~t>r^~7)Tu3d43l25==Yuf;yh|AC
zZExq9ou+t+cpp^v5y<a5;%3d!E^eEl{7#D5Uk<N@TP#Li)G?!Xla<xKW3yD1lT|B`
zQPJjC;UX@#!fFZ9)<OJ%!g1@*f;MZq>gxGND}K_yXacg|TC$kT^bSa(PN`3m=K(XL
z<q{m_7C0n`zu<8jtu<bZ!r5rmN`GCQJ<xwtNG{!rCq#9U92}fH0hK=mUb3wv)-joA
z$hcM)sDD`qet1;byi|1$(snjgHIiw_X-_-35e9Z{26leJkJ_QCZ*!GhKmNgCGJJM4
zCB-yR`K=^oUlberNBvPS{Yol}`(8$H^#ORSSbx&KMz=-E+w>$fEe+3WZ_vW?$s_Te
z%dX_}_oqrRE7in$ojKa;iUmxB&)dxO;-JHWDkbIC=N?RK#nq@7$>}3hvF>;-Vc-&n
zg+sg+yQ;h)`%>W#00^7{iX$HTg!Z091HrBl5(XkUItX?y$7_sBriZ*Bk$^JvOg*m|
z`k!QZ23)uqR26Zh%^uq>f%9Lb-ee-;UkV>-x36$l6BIK#M1)E3v2&Eq$^4i0hero!
zKVl##$*EJ#KwJpmE-BuNg1?aOvPuXS!(7X+Hhhi`{2rGcGbPg>DHH{5@u){mh!|Po
zwUp(Qd_H>wkD^wm@Nldw<<ga73G=_9ir*V++uy}o*t4ZniW!6{Xc{Pm3xr#o0l0o*
z<AJf^CE!vfoqM#PM~68l_lhdMxIE5-NKW4!(9<kLntn{FwnBw&->N=jY%Sb5pKv;J
zFE+1f-!1Xlsu!^PXwI&`>~vIr61_|0@0A1%2#-72zGU_+ZQ-`+kG@>Rjf(FMer{0W
zT&Xp&P5~AMk``1s3fT9(mWNC7_^K1$(W2R$XTM`p$Y*kJmHLke-%g38U6|}cv0G^!
z<)?BHP{%uqeOaejc!*ucNScR8r#B#Q+U=$fGg>K&B`oPP7C=pmhHhI4kJkv@+LERe
z-Hy17(?_4|%R5l*J-a!S<Bw;J+rd&0`7jQ}iNzQyTe}&eZnh3KXFubXY+|Fu1}N&V
z3^~WD>fgu--Adj@=Mu{f76itc9jXx;6;vE9ixehRG7j-!N(7D9gzte()cm0X`#zyv
ze5X|;S<GoI#vxl2Q$mJGB$RpTC>2*g{#U!`L`_C~hRyd03$u8;*fH0T;T|5y)GK^&
zEi6sdy4_i8jB*SKF_z}5{oDvYISw(g4YgqtbhW8-27(&+aJYAm^}XkdV1vMNV|W^+
zE_g?KP_6iWareJ}nCHt%(lJ-o$oUThx`PRNqXq{q$o2m@Q6UO3n(6s*);~cRR3C2S
z%ym}Q;7W)bQ9alSA_<KS%aG+~m<26DG;Dw<d?`z6ApP(FpoNE9Dk&7S>rIUw@nq(N
zK;5F{YZuuvPQhHW>R(u+ZAHhyP!)+2<mpuIWUE-t+as`}#*{e^NQE91m_k_zlUA<A
z<j)fX?PVOB!z7JUpp??1F-q?EN&j^mbI55uR%aJ42vJ&Vs0CxH$K3f_*l({!Zna>b
zFUOxwn7rq;p*gVrb=MqN*d_a%92HkEA}14v3d6|U5GgF@=9;gbH3SnX2U6)!w2(r8
z^o?0k*4u{(ThJCZ`dsw9*oZoo??M?WL1{|R5TKA0QQk*P*qsUf0WP3HOhMY-`%ex(
zlLGY+Ic)W%DINQt)2d7|ww|SCS0=jsCE!#(a1f{mSQ6$*pb3s`KE^k&Ai(sv7`a+r
zj(8#CUV=FIB6wD%5Yr$;@Tmd2>gvIQ!d`yFk4R`tSeZH=OcMy03*Tu1!v$m?Y_m!1
z+z2~ivXUGQe$#wBoU>q{b?BZPS6~S9U0wW9M0qet=m%KS?_ZalTaY}zV@oZ3A0|X_
zJ9b3r_*eLhRV<uEf8ang2v7wX_z=<=Xb6J@O_IdN9|ln*uM0i=t7Rz~f-H0r^Hl74
z2=`%ZP@;RQ{`z(Mg~_N&F>)C_N{`lR8~!tYhJbQ(gE><<l7*J~00@<V00>%gIB>Jg
zv0pGTmG<J1AWcK$bcCvBO!|M~?&6ldB8dOVs(uy^FY1?9AjU^7gp~>J<}$d684NrZ
z24$_03rtg_k<r@Y1_KxagQyg<Mx*3nx@V`RfsGK_`wd(sGoZ&@WMwsNj@!5(U}T!Y
z!l>=e98MhR1a8&s#DEP`fIi1UO0S=c8K&o2(&2}>MQ12F?#VYNa-tent|N^vLLFOx
zbm?Sv1zVjX)@{f(@e^en0}*$u6e9C52Ama(HFgx#?Xg>}=7&M4kKbz0A3bc5-1xTB
z5O!r$3MsYWTo&|wsS4Y=gA5#=#f_HrrojUzMp@RgTj$Eh`eseFhBB<91=z;HJ<XYx
z(INQWv(xK`>dAxgg_%ATcMc8g@s7r^v&+lE4DCa+EAzW%yNS7(^~TbHxtY<#ot8)$
zJd3+}56|HFC5p(@Vy;W;$nuQ~EA8KkOANAULrZ(vW89sv{UPISDPc}6?L4w~r7THF
zP8GM#PR?xzqENXP*N#+AgeWd;SOI)O6B)m_wPnvBvw+}UY-jkrv{l2}HV%HB=mwV~
z2|qFbC<JK{!X9c*z`0b}HZ;^2;p#L^ojEr+s8wbxMov1j{@QFQ%^Ntlb9AmYvPK?g
zD4(#p4$Nh0YT>$oUEDQyX|T7WBE%ktC#!%Rg{yDnT-R1j^K)`(N#pkPb-#DrnBV~j
zX%&^Ohj32g<ZRtQtLg>uuM=ZCPDQci2L!R*;hp%yNZ<_?I(GBS(b0)aX~DH&4d&p+
zy|GR>){!wx(`0gFzXMPvm$mMSL)x`2;&~x<#YgVFid;Q#VJ_&ukq)DktzLcn>oUTd
zI&r_#3bZK(Qy7!kzDUruA_jOmK$8f)c`y}yx4}P##2SaFt$^0j8;3J|o^lq<opn=4
z<P-+lA{hXQD?w<FX*6y`jGTZFr>fg_zWGi~07ppQHB>alw^yqKcDF_-bfVlhchLwv
zEa-Yzj4Qt1uy>w7D<Y_pp=zhuO&S71O#@JdBm*1zb5DaXut~{O4QpK~sM^ju2|`8y
zp?smY@L0g>(=bl?C$V}KA8s%yg^Ht7xPrW0hW&|Sd&1R8iC?iiSWR4spJ^+sKAAe$
z4AB`r<H#FGp}&)flw5Wp6sr5r2E;mZlGl~ugkrrQ*>aU!k?u@|3L#m83Zc30(!q#E
zi17jlnLOo8-h#yWvjs`2Jf%^fjY^CE6FX_hoHC7kotA!)63q;i^MJ?R2~CPA@u*CT
zVQx`_VXpB=zf7lL?w%y6GXn`yMzx_nnF51+mW9)sa7Mb-QfORhq^ZWOVo7AN@^{=&
z5@~Ae)Gt%Yk&C1vdahJTbXl(cJNBpNu{;!>GhhH5xARV4WZrd7?)69|4o_#cxW=`N
zJkvCX=R8iGgEBATDtsxN9_Wf1+F8^>n%OzI7t5?vF0lwp3>!oY&#Y{$e~iX1+1>Su
z80K}|577?ro?!-m@mOH*Jt3l>5J+H^?qa|@-%4IWzh}MvwB7`GMwl$jOpL*;9|E&`
z*{y8C3qkRLF^fMkL-3i71P2(&L~1}pfn2SbF$BPQdrJY+NM(uz2m{p!pRoj!wfnII
z*aDC8#D1Z8?A<s*Q9<mJhh76{oiNF2hrF%IXRny~=}_lOZFBu(vk_89izZQbrJ}l1
zRErd5B&Wl0mr7MRbeGOmNfqPv1|)r_>s=zyLe8?Ak0+fR43Ig44+=C%G|{bdv|M=+
zv)T1nw@$6@2;>qO0q?b!%)))Mld5R0gV1{&7=gbW0NxVcq0|Dhv-{(LHpIatL%DY#
z_I4zf=z}Yb8JZPh$ZA=#ORi`kDgr4infV@st9qaDnVhw}X_g|`EI2?;q0*cb5Kzgw
zt$|E^ZP#u)(hA&J-JKX28ogbjb8c3s<@HCRzrMAvzD<wXFLlQtke3r!M_%tEm<^AS
zXet|CxLka0NT3j{7%(Wu%zRf0l4kHNPN&<Bm#JD4ovps7ZD%Ys*r4yJl(9WuLoG53
zCfG#a`e2B$lmZV$ep?g{28v3&#^8i3IFFw()?AURkm6dZ|3x<U3v+XdqR^>VRiDrt
zP^^bmMspq5A6R_HqN6ztxeXM?9U2mrG4*43CAwSx*ih)1uWOh?T#-?)CXphBM38HY
z62>~n9~K8=ac8f(x=7C=HHIJ2b=3};9h-vvOc+!TunqwZ^fJ0+!SW1G(_GR4w5cXu
zlng}2tV&XniSQnQhXzuG30QbBG8xev0~u&HY0fs7Y^nc;z%vLB&|s~O+&a04aUIn@
zT0PL8z3A_~tHCl^BN?ISd4!DlR?#V8vzTlQNJ8*DW+H-wP>Z1n^@9u!e246$hAJRO
zO8bYFI*j#t>m;Z2=NKqW*o;<qs8f!gY`B`l1JeCAG7Is=G?I!#9Ai$kBkh{dr&>q+
zJqF$P`TRRYH}j!A6ia6KeTOO9CL7tM%?N^oCeWc6(&EVQ>GmGN4D~ZfPF0xk<=CZ=
zSM;7sx%Aq+AyEk<yRoT=`P@<{EF9jjwI|_ALqhHBQXX)j4mo*-4ym;=TKnqC`w2|i
z79=sZVwBp0TeztyM@$3(!e&BZDDX#RWX*78iuO^w{B~2VR%MLs<H0G7c2AO3!B3{3
zRf5LYYTgXtZ8;E3g)tEVQwWT)2G8`?w91A`)J}wRm!MONkQsCeufl;QyD4;T^ZsNw
z6SC!6tn!zz!D;w}=b0r{A@vfBOi5;aaS;nbrKzeD;YLDfDB|t*=u!)~c6UN7gUQ#&
zFwbiy8sp7yEvhq0Dj&p*3o`|$%m&0}n?XJCg(~n(*>mC?wu2{*yW^sZx;Q5&9=KWt
zYC~>zCd`u>whh9|10>GR-VMQn%xs6~oFhMfk9F@1=tQ;!(fv*fVb7`%dWP*Em}(u-
z;O~oAZjGsv!FE``XkHDJZGsq*W!fA4nSN(SxuaanUj-!lB6NQ3kdEf3h*w!uV(f5$
zfJ{BPYIi97PC5PyZTAt}Gu<bsIO@5%Z+~t&T~+spV>g+7(s;jEdi?qHr>8T4R?~Em
z<glgf8iAo&<Xa$>b<b}-2){hz@3*XAXF@$+{88CRvLH_2o%e6+gYVK$B>;?U7tJ(M
zqUO|2rG8<0+J02Y$X}w~HthsKym&S5A~o6(ctceka8>{U9i@E(#Sm{>{Bb!z0*nA7
zEn?2<s1NKmq05+{yzJWSCN+UclBUI;{A1OY87dfKT&9r&R0y&(O-rTuT=H-?z^}wB
z&_9n6YFW}+S!^-AZJvcR1D(?X!q;ojh?JX76lrqWEGe2Z7QsK~6wpy^Q@SQFI3zW@
z`synOqGaVBrLz;52~jryM@cL<GD2ex2));&Cshl$s4{?5Qa)EwcBwSGRIt@;hvGP)
zwNNiCp&G$`%o*9wWz70~vxmAZ_Gwr*Exd0s<D?EQ&eJ&S%%xQGQk;s2h?b0107X!(
zQL1<BY)_Q;tVWvaX0JF>8rFntmKWD*<i|9XZCYRH?3-?6;?*BOg}kiieM6L#5mB6U
znUqt)gE#Ioa2Y+wX3C$qWYkeyx`>3wTEk|W!&?<l766M9lljs_yK;^ZYy#=+wy=~$
z`q|7>NVPf%kP@qOm@loCPrtCufLL;1sMJYIu^Arl&>kaGt`rDz^t5FcQ(X7@-DxGy
zzU5)ZWdTF#+!tQhnn)O1%G(^rW7}N#j?y7Bd3#JH!>TG#XLDB^8JC$?CM9@6b+7z;
zlvT2octT|7U^R^EaJfSZaHEy`9~fK(9yqA`H%@Y7r`6N46;=I_$CNW)SCmHg39~qX
zUm0E`sZM>~?p`DuJ!`8bIaS{$pe!KaVDut!5BKg#IiZxd&-E&}?{ebE@G5X@H+o8l
zbbiC_Xftfj!b<2jsb~`tcXlz`y&OzAp_wr-O)@gQuG=um?H!6NH=guN3h@qXlXBEb
zqWGxvAZ?SnH)xYO4|hsAhHy+-CR;Sh6#y$kI1~P(DY!<n&g;-Y#E~<>Td|42o$J!i
z)A0THt=-xHdfoRBy$5y|9qN4>d5kO{cfZFv7><PF4vCaCPC9gS_B^I=@{IH};cSV7
zn>c>PF1xbj;9wddy5<ybo#O++;VI(`_&O}rJ~jgKJ_E4<kY`>9d1Vf?SXo#O`FOGf
z24{cg@vb6BlDhYCTQOMM<$4c<twQUuFuFd)ON&=^dNx36NA%_8g6Ue?+4{NN4ZU2|
zcjfr3isN0@XXE(%Pz9Nwb9P-O;ChmjmXPH5d|>Q)6OfjG=Hz;V@e*+45szjah}Jkf
z^`&2V>j}qo74Jij=3UvhN$)BX<b&a7a<{WWeap!4euw^U$@qRR@Eigw`>~wERnQlO
zQ!N^V$GuYeZpz5D0?CW*N9OoUhJ(AbQ&XhZ1RJH&O~moOtylWa7ZgOnbspdK#a-&z
zh0rOwgEyqBDw|R(8FUrdBWQ4qFM~V31Ax<+*Y{yyyVWt5@CIo6{Slmf0&XvUc#gR}
zXJQ^`8raIhtVeXaMD_gQl#Fj1)ji5^HZp-&Hw(hq8dr3tdp5?k{1S<%^@8sF?YmX{
zyJ|~5*VBt;{iZ?xAQJIegMK~otZC|x5BcvkYcGu!=^#xT^`iAxruA0g&VxhDgG49W
zFvZRmQ0v*9!5{0@i<RryeX3J`s<gK9J&m9%WfLivSbLmwGE20Uz;!lN@;%*1E!&(!
zYb(GjH&Uy#I6)c@`%sB%g@b5MY^5nIX##0aZ5v=!PpZu@Ez<#rjOfB$1BZ0M@dOQ`
zg`N%BiLYapq3v)g)1l~bayf(?!4++Bap(2=_;PCbgMJI3+l~?_Nt;5y-U#`C-0$Ss
zK>tZPpzNvRn<Lov(SSJKzWP=4oCW%Y+TtP|G1~^~o>5!c_eyyh|G=Ro50<poGe)V4
zgR3>PUF+G5j7IYdB58XM5yxHbJ(EGrB8Zv!TiL42@$7iK*i+Uwz~Sh$Nd9Xrrw)|k
ze7aIF4VKcW*%X?~pjw}y+;((q1CC<M$(9$Gdg4H044o-Suuf4M)z?U7r2!+I!*fR<
z$UX;%2Ho$@iA^?$6ep2pTs4uU_sB_Y7Ca11-l*oT8a9la%6=3IP0mP<hbnuzxUa=N
z#{SaS^n2$&CZJqY-K%}^oZcro+hj@(n@TTxv-2eMGd2%T6XM|l>d(7E!HX585^DcC
zitz@)iFAR2LWD!)-gEOdhBn~R3pwTjkrGTGQuzR8fdj{4$5E8JVg-5-V|g|UhV+B@
zv9PrG+Y34*eiKmLK-f7TI_aQV1#)T%C5f=?eE34b@%an6aJm6$xqLsIm+CV*5IjZm
zY<Ro?${bye{j=yIpbROLRvc2r<nwrkA$+nQkblUf@i|Qd2qFO>djhpq3jKum?MDqU
z#XR!6otngsJSBYg=LkJpzl>wP0M1Hy75+u+_>au&A9Oi3_WvD-f2Vi<OMj%~W^441
zTwBP<!NA_k*3riPA5Xts&_=YP|1uE&H>NR`zlb@uzri>=>vs&vK=;qV`2W3W?0f3J
zj>i8H4*nAs>^q12U!UlI3Y{33>HZyME_%wmA0K}3iYH*`LT|>fjUoU){uiqKawF3P
z5PC+wK%V|Mfz6hD6ZL)eJCAYa%aF`QOC4$L(zX&@OyuC{k1$O?K#p!hsuJ_kh)~u9
zpYK1Z(B0pxLg-wa9jzpnu?7>-Sz0}2t$jIrwf_X_o(s9)72!H{xqpE$E{m}v{4qzb
znN)r?VFwzk^eUpa+-(#c)9HOX{Jp5IYJ_~iM5X-`d{%}}V-m!Q7LC9A)TgG9El}QT
z)Hemi*#6TNe%MJb^EtYOowSoS-61jn4~aD(Ew^T=!u&LK^0p2}*#f*-yz`ef0gMgR
zd*%{nmez|GkSn6w%)eSE|BvLjf44CHWlGKRpV)D9|Hza7=EUEb^Y`)JeEK^#{?4TT
zI~VRB%k`h~;(vVI|GWVHI~R`a-*VyT>Dk%-$>_D==HaQRym-8Ml-{1oRK;SpT0a4i
zL%r-G$X`7zxaO}P216YH3Y^M90nsQer2rYui0rB7_7j?C8)>NNc^mmYkDM@fNnX^k
zGIGzQDw6Kh)r1H6-E*Rtsl(zbJ@HS}+uO$0#~CTNNma+==2^$$W?P8p8=#mUD14az
zB(9F(*h3i@ynqe9e?*4GuBR&P5%4p#z_{YCnD1;0yXDcszc~Y(B2#;zqw>tp3IanQ
zmBatu!Ve(pYawo60Ne-<2y@QQcbU_k57tY~j}**f*8*jfR?j;U<W<0>dG5*Vf;(Z_
zhUf!#YgH`VLN~_;?fykuN49%uUKQX&&wu`ma7WD(VN@2M$q5r9N(d;%p{>g-=#$Xj
z@C+bmN0JBg$3gy7b-GlgT&co*s#1lF4P9YD+BinyIF*I749)A;7m<hHBj{_xcz{%K
zMknoyZJiv)si^5a<1E&PrK1s|43#+5iw{Kr!wOeKrYP97*Ris%bz&e(-d1+dbckeO
zm#?;9R9?j~`f6BXjv24yBl&d8Z-KU%(X69LJYl_hRBmuj8({aT928ghx?-Gx84)Jv
zcJ6ifCxu*ujDetONwom)0H_ph{65_K&U4;o7ayT(*n9F;*iF&xjwJkK+8La2?D;XS
z{?=)$Y(367@Z%)kC+1`RcIXOUXsF-F;Mv<G^|vc!GZn|GKOUs9W2{=~{O9v@{Q8@6
zaPY;!e?=wc7@IxA1F8RMtYMixq_~G3u)@%!^a+ok8$v%A-Z*xCrtz)9d$|#*$Ky@~
zCw<K6SPuAQYO=dF<CFcsfL8azOk`^0vh^C}R5+p-sAXo$XEQa{(*}PdV10%*1ur_0
zF)zNKbDR03k4Eq{MjT$+LbOY)o=ihGGLmr&Hx?(h!+$X+;Wk1GzQDmJ8{tVtAL#g*
zr+=VMmz8*2vvGcHv9-9sEvM)t6(j;ib*d`s$a!I5aU7-eXuPu3d~ux8M5>C4mXex+
zCRHIii*<#5#JVmY>z>1^ltZ{cY1jyROjoHtta*c^)~&tg!l4<v^L3YS(+FY_1+4}9
z(mCeohLB0CGp{o<7n>)>=4imv)Dvm?BKHSl8%-Jou?gfJV@+n2fU<vpADZj}`?FrV
zqaIfG+9|fS_Ir9S6#4kUoXk(hb7wXF0>ar_nwbt#wqtWJjGJhVf<<{OF$x+1K??I9
z3qL{>v116hj9?3YFb*(V1oMw7^`bI4y}aj|=%tlSnm2ibg&l@zh~nS~G{onVSD~Q9
z6XOx)=25@P&4lz+^tsQ^XcymbzIR%z2`z$IfT=HSZ&&2z$fchaBNbJC^#i7Y^%II_
zNKz3iVWkeeFliZv2&-pq_P}}j@!<>|W&H}h5l45+{KOLCizz{|b4bhZEVr(H*v?+-
zX#-mW^Xkh3!hzMkLdTvp1tp@PW4)~h2-%r2X;Kq@QmHDof!kHr7I$)S@JnvARZkn<
zZ+Xdvqq|nUsMaxSz#2Sq^|nU;t=`S1tJjv1tT$He%aKh4OJynf=r*s%?e9M;P&Hg1
z7lUL#RH(x6U1VeEY~KLrv@$irLT+h)@eYEb>Kq`0b>wrbAdR#;7QSdwX)~BM-8M;d
zKheU?PrZV>$)&;z2QDL}@ogrM1bwK_`(Rn|v<3lv0VU#{126=~N$Ojm`KW-<@cjW7
zSV=1d+MCNFUkt=|EspB|laSC0sl&-er6ig`k;p-)-<oH<-X=t)T3ir86O$Nn(m-f_
z6|WLfK$EK4Zc*JqLjjm`ptkIc%q}_wExlI}lp#0V;bd6bf|^UU#k_oYg=lr5!n^+q
zZOgbJ><=2(xl=tzJMnq9fZ~*znXRi?IhDDEsT~uQ)~fUWDDFGpss8%M%gD$|*|H*;
z*IisAdt_vjy|2wRt`(6eg(woTii||amLz+N$lfc-&dU0KF7-U6p6~O0`aQqjzt`)=
z=Y7xlocDg8bKY;~0JnU)T)#K5Vi0}bxj;A4g6WtHGBE;Wo|Q#){?qZduZ}x)X};Ch
zoa7km2zbl!5XbQ{#mKE}YkU6N%*s=S{z5hkv&NE|vQ^KDd_y0_qy3c~UUx4PvWwNq
z5D~4Co9jGbmCa_Py8*$)R=C~Xe>Iq;sNmk?nF0FaK|QA?W!}D*MW35~qWv&b!hv_o
zwu9|8K^+#9S(qr??KW7(<B40cbFEi_*l_k6d(XXIKCuimtbmAooa7D@R^v>_?Z8~8
z)VB(D$K|c@x{QoSIWC{R>U4?h5(Llc6ie9Fo`jsDK1BlY+GNj%wZQ08@X=c`@LCzw
ze%o90o~u>N$5D>D{qCBiRu!!w{UqR+XAU{bB$sdH6{U#S)1GN2<CcgZQ4tDMhoT>#
zE7mfuzdLqz>cWk6;UI7_Vv3q1rOg!BUS_A6(vZb6GYM1-!#B?ttmKF+IUbyn#4N3J
z{%HeF>SJ=45~umuDjYX_zV<2_t(zUD#LBfFn0309I;uTQF0tuELV=m<y$4RNb21;Y
z6$eP{$hcEbCYn;BWV{cV5OhTpREzBXE&&3F-UYVCTP>rso7F7tEyo1}r>`@)+>IH>
z@49U(NBs86X&*Oo5W6RC;01nj9noVI8@FSmD_`;pKV?l?d*r6NFSz`GD!A$K9;%jU
z@I>#L0AyyA@`-rq4cV|W+-6anG=hQAiJTXaeB-fDV&#DR@)nz1I-OT<EBulC=S?_V
z9cvoCuy!^|5Gz}3I4PE3UkZCc?nwf6!3pvRMTFhgYOY=(cG2dgzP#q5jVEzkAzE1R
zWVG;Is8zI3!fBnST4s@iapRxssTeGyAy*QrHbx>#&N*)nO=jFWAtyEk8QU?FjeN(=
z%r2D}P@tD!FcTAR*~!ATxSSbvmA`pHCW}T(_~d=ItxSd)@z_b5JacmMcLQ84G;LVo
z=~f5@CpKjPVXm|*%FP~15&2wAi^dyYoy)z3u&0Pt3w8*UMOS+E^cQ-s&Y@6-+nUyF
zF}+nv#)Ho6zN0|}^=WhCH%qpw#mZM_y+LmXT!uxy(#%Z1@IQT((w01UwCMro6^pb~
z4s~6-B3!R>O2uF!)QacY*E1g`F7k+htWHeo@TxGIMe`af2lB$GJCqbTV2FUG!~#|I
zCK{Ru5?QO89VS(glZ3(ncD}`K-NRYlA#I{dy5q0%t==e24!u;V>#~~g+uM#C#;p|?
z3|!4S^*oPfS#7)k_sz8>M+245R}p!E&&NbAU<<yBl2m>n@k~?q9^vISsP09h0QsB_
zj_lB(iK!UyD{U#LqgE~#ep;~#r&G-36G5hW{?KT!;EV}bSn4`V?OExgntqf%auB)_
z5EJQ4;qABE)M(W+;yJ@pyt6*N*7EdzPf*mx`Etm5CAzK8h9FxhUd3mpBV^HUbAc=8
zJ+&~=Mxs*gbKEFG8tF?GYHx48yO-GJRX)p<O87#)o1)u9cru>J&?|Q6-WhYH5~3Nj
z6>dY*SE)R@buk{XV?CE|5%2ay;>DbcLtV98Y~U}N+Tya1fyOCc^l*84#uJ5=WJFM&
zud3Q`S%$Dwgy(Fke*QTd>eSiy{qI?9ux;2oCpq~YJii21>buUp@8qVuh!|)|^DO7D
zJyA=7`<%=~{E5k0O~=iMl>4W5%3W$#=GbD{p1l8pAK0S$VAT2KjS-r9)&c^k@&2||
zANv<<yM>{`xskGBy0G;1H{}a)YBiH)Jc($hVt3t-QyXF;g=KQ@_fSSH@0-tL9v2&t
zMTJ3epR1)J3plO@2(i_gK<u<QV?||xEbfVDYhKo<N92D=rnsxg=d}9th60N`yiVD^
zE#^3ir!F$*MFYsDU)@s4z!{4xnj>v|w*K^$tHzhO)kZjt^Yh}l&Th5F4jO&ftmd)`
zH`WGO5*FoMWsU|DJ)htUdOp@v=)Yr!ZF}NOa@7=tDug$O63VG{uSk{Wp=9CaX5uSn
z>W$$@9p~VhFJaPj(amrsVNMy~D$6irI`w&Eh9-YNcGh5~V*9Emv~#VWC0szpPLeP@
zdZr0+YvT5LrCquEyPle__gkvuw{W2@%oW5@VIi^jQx^SSXq55u(O!?vY*=*Cw`5)Y
za`&@o^;*wf2#25TJeQo2@5EQRU|qJ2k{y-xivq(%!+rC1Lm!n3h#gz(b#CVfmD<8B
zpVaB(2~9Q+J&E-lt>R+bzk6-2_D#9d*S3JfD7lEe9rBg8IA9w|jhpCfgBPkXEj0ZF
zu(ZCov@3Iy_lTmWur7%v;%(t7lX;R%WHpQ`o!VbC^6G!IwRt8rD|t69>MgIkN`G`a
z8)AB^PCyv%+<nzlf1_v{h8Da;+YCyLKy-=$HgADNCYm8fp<VLwxzsC}##FJNVwY{*
z<RxPEt7rW7XBtM{h;HmScq|T;y3Xv)EAd+F+KA93b7EVa--9mCdi#A1_ZarwZ-2a~
zHtG<t*-GE+XP=kxGV4Sn!ODn*GMwZ7Li#ErT|})R=epAIH9g<d;~VH5%ZWs*r&xS5
z{%%1G<Cb?}i~8)t^)<XAv02COPf4Np_AlDFW=PXNEEV66l`Nt+S3ZtM5Ty{=#6i&%
zWpwkt*10u>UVl|cUOn=D=cDsQLpTE&jYb5EJ$*EHqMf^M_Bd&cBV+AGNR8(Q>QmK?
zHc#?xZkLc*Bk?)7`5rQtd(g-Su}Y}-#Glxy)isFmq_Tj%ePC*vlqyLeE1U2zs=15l
z)bm^mPKsDUJId$XnG~_Hl&O+dnj6nh+E7~>SyuJ<C0$3Sh@vhhn@?6P^dUY~oo^{G
z=-|yMK_8{HUvf>0g{HNd9y594XI|fOLvG(`@|}yfM1MBOaUA-9mY9xg87L#8*;3(~
zTO{9q<T`@hu{M*>5cZgDs*P<?pw+-0?P(>`h-A95Ta{&IX!%f0SG96gSEwj!5P^Ks
zW8Gyj2dR!thqhaVSvGaqTUxpo^-Z*Xu%l<lA>#ScWT8OZ7ymfZh&xkN;|?d)hHB$+
zFAAuV%hJ9M^~Y69){Sd2{vFEeH_@&P7W4L5?;vE)25)eC4~gtUN_`gIrFkz_=lB!}
zRh*A;$->F;UMu91-Lu+Wn4Yk6bn>bWzAbu2xA^Owi=L&SuRhiFCi7z_?hL9X*W|1E
z&R=ZJ^?T^XFR(37e-TSa<<{2+;V(|TP;GFq(T$~bGI$iv6=U{3M%R@@b3E%3Wr}6~
z%a*GzZ&nsbwBr?UpBnmj%5*xM1YZ-Xp5UpPX#$~lNW089a!LFwT^q8bao=;bb>s8)
zd*5s9AKY=s_xp!8(|c-)^B1n<%<rd7_3z=i18E#@630O^{lPCK?;Z$ld~#}j5ri7P
zXXLk*ptWW>@WAeC#F`0Sjlr=t3(g0@nK*HJDQ{U-k$MS2skP5#6)t2eoE_J>r1k-p
zc*Y!e+)TbTl03Q7NOcwl-mereD8Uko_dMmd_UZXRG0Mud_|3I(X$W45i7;r%Laper
ze+@1eK@&$1%1*!5)C@5}1;306;w_Kj6<&Q^fXBeNdt+C*2;T)+W)k&GQ|W41TfFJJ
zO2PW9K<C@%TVCqO5ji-8r7mq&D1~LT!Ppy(^wcAqHEj^SCLi>;&x>SN=reeJ9@}2D
zO6m>ECr@%@ydwZtF3X-Q8fw{N-IvH!#%^$wP-bop&5Jixhvusj<&vIy<sa1oIeR{8
zJ3Yqy!k`Ir<CF8_syuCP-A`+5pvS$r{g!jq!VT_wKZTW)(I+93N^<ch8${NmGgsVW
z(^yMHkit=KapN6t3f;evMxc9d*F`p}3c?X8n{9^9b}_)SQVX=XtW!~bb(}^#^O%Va
z-Ffz7)1-^%9~srtR>S0uEBg_<7-Y~d=vT)-^>N2a;_Op@Kz#pxByPHiLlKK%Tw-M0
zBU`?wHRUI8+az_tAZl~Tyn+WtT?ntmjQ9Ynmbd0K3Sm)}8f6AgY6)N2SZ(PCt)tG;
z-*!|yt1RZRGUVzpv^DK3ysB*6Zd`;y6tR}C_w>+_?Cb?nZx8h2ZM3}!Xp;GK8N0y^
zSMOX4PmDdRDa6Iam0~5dF|yH7TSwCbMokRPA%TRzX?4Ao!-hy)`YEzFrzy?|QxJJw
zJ6<n{8z&$BxyP7W=;?SU+e{7iSucOwyU<kn1OvWmdv>ZYa)aAkjT~cgw2xfCJx*gO
zV&Tc5R_x|O)32M?x5|Vl7p*I{>h=sDS#|Dvt*BTnzMgM8hxq!Ljy;^FV!yTQmKJoq
zm8eaB=#6OBwUtTN@Gl{K@nd8bO~j8~Pk&Teci_@veIWiCeBNX6GkpT?95?^TNZV8B
z*dnDmoV6&eXJ~Ma!rMn?M#+<b!UWdQZlA`Tqdvi1t9VgChQ3u{NqAc=@M|00SB#US
zQbw-%S`6%xj#SK5?7lkfU=@o;uEMrHu3U}}s#iQs%F0j|$tN64zQ``B>=RVD;k$8m
z(+;;rjkM<ZBTed5g{b68`g)c^gY)J(+S&42Pb*{9INs+quD*dzkXKjlMU~@Z<VxL4
z_!54NZ&`ADE7H@CW!>8#FvpYUR5j_i`5mFO+a2d0js?k9FnGn)H1Sk!>*<XI<G8*o
zNX@WOlM>^!oxpW4gPXTqiuw%mrTRq8?wIc8N|7DM+wfL%l9CYiQd2NR6U_b4l;?pW
zG1ck~N!qwH&C?&8RJFQY1dHyyJT_K1I9u*n)97TRPS02A6jYQSe(@qX(sym!{7wP^
z@gD6JDUR&nrWbE=y@d6JJH;(NDsr37i3?mD#7{ff=M*k^>0D1ti>y>g&uz3`_?2{X
zt;Z>7wvsOfa-K~QuP!53&}<Z_qJ<Xy%cPWxTiul=EH$w5ueR&1C@Y#G<+5i<yQoIa
zuxG^Yl8kp3cB9HNQPlb?9%)zXdc<6oqX|p0i2~3QVv-$$GAs463yDjvCn`SA5Vs_-
z?7zRhUCUHP;}{y$ab6Sq^;svq;lQxuo-s|NB=*NsmC_x~F;h2$;MX0mUwDOEE?HFA
zxMUbQdg(UR#L%XGTJWr;s0GhwvvuC}%j+5?T#S*+FH>I@zBKLISRvoKy44eGc>%xv
z3;~iNs^L}>SxAKNQwC*t4@(ULlKA?$l+qFpgN51&ArnM7??aOl9IE0sbW2>_75VU7
z9q*gabS94|<kFAgvFiALNMR<>PDUfd&YMznRuys*q>oY?F}<~Y&>By@zg8HyC4NIg
zjV+Glt=@xL?bEY@6kifeUXzEa@zN_q@&y#cOWn|g-Q|ilA(_Tu)w%Vul#Y#>khIwN
z2E|9a1wr7=94`aNvn2aoZm=S5ZfUMZ;XLn%YT9RhON-8KVtV_`x-e7jMxphiPp`|~
zWvYr4h>p(eR+NM<63Km#k$Qf^*;ipkvm!aGJT!@lB<B;!QsJ02EB#un)Yx#ugZ}1p
zt)*7+<Y6k%_{@g;L)a}Ltj5xv8&0Sa!Q9N80jdPLIifFLvDGSK-q=?mhid(;Ln|rR
zkVrNPDm+jeZSb<FD8t$o_Qi^iZayV*>dc$gCR!ILNu`g|e45f%)Kl;b2QhrSyINr+
z_Qu-BRO8B(45;}11b^#6yvXWhriRio5N+_5R6?MBmW9C%L7Md)ybm~=xD}ovWG6R1
zY?@V`WPMJ&Q7ie{pQS>K`V-O0ZUyxsX^rIbtEMI9XZ>b58Dy_LzKlY75|bHXHz)hQ
zux6qpT6-~WUNKC~cv4!*keoo2;Y;nEg^T{4u&&v;1tUDixjU7eBug587Z_M~Qkd_3
zc_hB?9|5+h6gM={5$!sC=T?uZM2LAphxlWv&8?k^FjbEWBn3ArGICD0oG3c!R+ph$
zN$XS7qyPC+$gOk7$=n;u>q1UTls}a>A6tO?Qzs13;cuGPu=%PM(or6tSa8}DN>;yu
zAT;|r@phcR#p9;;L@umld&l?PSt81X&vVReSo-z#fvaw^)qIq*>$Uz0Dp{=5;c}Ky
z57##~qBmLh(KoymuDi^F?$-9mU_~e<2P&v|oU0KBEgLhsLDZ6wzUM~H9N#XHKo~tz
ztqH$r<t1NQgVjPETw~6br|Kb(D9bEp9J>8U6~76IuV9BysC;be6lpl=SJCT2YSc3C
zgf8S+Xp`lNJi_XI_D);enL8**Zq-Day6%<f#c<o>VO5+f>uP1DT_Fl4Az8a(>d%j5
z=td+bzTm~O7R_43A-tRW0$Y~7bE*TY|JJOK`sOQBSnzZ*brwP8?W7l@YG9E!N@LM-
zRPXQiA}X+0IRj7x;$np>(a&yOCs%QxPd_K!#K5`bcKu|^3*!PD(p9W36quUeU1E|t
zTY<i*?8$_wCtP<Z#vkZ|5(+=EBlwTk^XiPqUqkTcM|PgiyZ4m-1mZ%UE4)`ofo<u%
zn|WF7_0{m~{r74elBxPqUc8SzJHtEjXg}7ozK-BO2m6|VclEf+=MK_NvSA6r?TpL2
z53ug!8ritv)zI&UlzZA_tE^lGtqs!3cf!d9%%*t1hN)G&t_;BIl`EWnR#3xY7%l%+
z<M~zwX@u{he+MFAfMC;c^F`##Y&`o1ll{z78e*+&qa}M5TAgV<;sdB8>5JE%IYgZ5
zVw2$>Q}`(ROqq&DPwBPv7Xnodg2|M=k>gxt93xK+Bxu=1KTTbqTth_pw%Gd0D^>|h
zf@_^v=Tbz@J>VV7#j%x{P*GRXLzz7wZ%1o*nV+`aP`BAVL&Z=Gi|yudR<IqsY}e^F
zVe~2aesn=vk~-HOjkkx|Kn>dqQ_lO074mP`&v6skZD&wL#zuwCZH9Btq^uJw&ao8m
z*RttewNAsap_hHfjWBw613jrPnc{4=hgRs*U}-e?>i0UVf#L~ed<<KMv+h;#I@xC=
zU&3aLM*@`?R;5pBrpW3EvZ(Krur)77t1*?jdaZHe`A$XK+z+iI`!b=KNL`2|=r*MY
z6*wMLH>oS+mG30Zv3;j~&}Z-lUwo*(bAA_ZUC5}rMRoSO{>KiI%09%SbWhkO@;mGe
zaCzdlm$|KTZiw1&Ef+{(^TUd9RHUwYQh$9=dHZzt1mT53?4`OT*1W0Q7eu*2p5~qr
zz3P>cA)cPa)z}{AJy*}Dk3~pP7m`ejOXbUJpsDZnv$ztMkl^35A|cDb#e%>4aB0`}
zWBV!X!sJsscddfw6*tZd_?715UK@K+FpntSAAIX-zqu2(+H!Jc`Pxk0{7%#A*edr|
zrOi-z!8wM)-5iw_ha_Lfz<RNYi$j@;Q(HY_sY6+K?$Z4M`|UZJ;`y6URD$5OTNG`G
z^jGaAJVoY+v#oDsN8`?0Tjpn{TkWT=RrfI#B$vwCpSaUtj<rToMHirVe$qckVv^B>
znl6yiy=$FnM}lkLe<r}6w1yNhgtr-fKHXtTaV(m@yr#m5{LRP4Vwo`WJ<q=7)AfA~
z%l;Fg3o-N58dtNv>TLGDHBS$33=@q-O$0UHx>$XG%-@t|%Z=9?;gG5ChqEdtB6lL}
zwp@w7RgD$((AcNy8Pfb}gw_QSRTLeWM{wwcM6&%0FH`ZJlR`Ewa)>s@d#;45KvGpS
z#om7QqfbIC)nm5|YGz4M=$yRD<T*DsHfAbu^0i4-;<fp0mhIkG8<PVIE;9p73uhKA
z#BWu5xAZx(gxH3E7~LCM;2gN-s?~cllc{c6KAY}UAcyY&Dm#ULXd&R0ac?W(E7zu>
zD#v^ZBiaQ0;^*iqYcGgjwJk=>Cf3rPsiXC`TIhX<di5IF<$jf&ci@hLu%ZWKEP>7)
zVjbj*_a-1!Ol2Y0;?>qXav(O%fvfmtaUN1X&+)l~-K@5DZ>EatoN=Y?JIT9Eqo#5y
zCTmZKhOa$1c0(>{VfZD-i2FddR#9tlThY)}ji~vD&*dDpQFUMAHshKc&6*u+==e=d
zBNZmX{QauP3|=o;m@3+(z3<F)dYSFAWG@_=9XRvxBTW{<qS-@3JU12j>I!#uvEdwV
zF;9RyM}ZARoi>f7ekma(i{VyiVN;s<vReEdo*+(#Dn1yE#$Yu<rUCm#E5q~oovMzT
zp}Dy$3dOm6sNiiLQqiH?bVGtgCp=!aLPN79@hWI{z>GN0gRB@t@P;-Ew#(yaoF<6u
zZQ)m9^oVtOGIQP)Lhjj6uW$`~D(*vfmqnEk3n`~_b;D<?%FdR(FH=iMrgfTev!|B0
zU%3&RM?^Z2AQhrVc#`fGMM^7ia#OxiO<Zj`<q9PwFU3@xOjj9NcYv&J;I#m1;Fhfm
zZB6h){=AFz1596!li~9nyDn<g5NcbV=gB>MC1%HjAoNL9l_$Mk|C4h|kE`-X&!07*
z4yiXMKcOuSGU}BZxtZ77D+!@GhGT!-hbWVSJD94D@3YjqO3tb?+7pQ6X0s()bAkuj
zHH00()blT{vxzf5e1J44qR4ytG!Gp1#a!Z}AGS1pGw1KJ<loO15a1VtVZO&yRuBR?
z>wnZ9{AD$T{9!ePl8qVC#T0FWa>U%#_xo%5fVvH!P6GJDZ5WtI5OJh};-9zlA)pXK
z5T<Yg>4-k)KnRjDb-IMKv9d;E`u&UYiC<0@K>X%p0XX8{l}|)m#$3`TyAfa2j6P*5
zg>@(Jo;o=z<*u3ysrb@877BBkm!s=zE$_5Hv2^6`wl0~_Q+Ag^cIhk1^0G}S4N(OF
zHs!A<YbYFF6KJxcN809s_XeKiNdSjeA|IJ%C<$2Vl2vTw+qj4H#((j=8N}q{OlyF0
zG+R~c@--aE-o0_Wh1=rZjHJ}ewg`N^l!obPrbFtkvlvL<c!kQ-nEUqa55ZdfYSk8T
zlm_OGWESevEL_bZ$5QqaY9kb17;g6=7_~$>k*u!mr<@I#>T4QFyz0y4hEJzIQ1RTq
z5f7<vz-yzwA3hifVQ+id5FUT$-pOIm{q}N|_A;`?43);jUOD+T6UN%TJCc_BXU=wg
z3NH-aJ@+|B+s_A7_?5lka}s&JU#O$)T6*GV#)((YyZ5h`f1U8q_{^x`x2~cLyS)}N
zacQY-CseP%V`e92)~v(F`Q>Z>kylo7AzELyPh2F-3;LZB{)Z<C{41^dZHWdHP?>++
z@5cw+@At<a!v8_v-_?Npa%RAR&i+&bBKYf>0fPVj%m64q4DsXLfKz%W(Hh9aea8y#
zfrtv5CPl*H*^{i7pWt%hv)M!z`SbJ0H%ZA{ij131xHniJlJ%iy6Kh$9BHme5Fe?P=
zc-AV0Far_%Vvg@sSiPH7oo=i%Lz`>g#ZMRd2X_5NUVBkUhv$1+w)Yu5@(JHx-SG1n
znU@G<!_mAhOD22bN(0UO+}x}*{w^7_WtpAoq?l)NBi=;*()M+BAu^%WvCE50fijOv
z?U+j5uimZ3QzSDp70Q0kg&6YtYTXVAB)k(kWu$|+Fcfog^;FCiZ>jOH#mo<0roPnE
z3nn#FKK8?zvG^2IZ+&bUO3#&H7Y5`eYw^ugx7~9Z9cuG7^(B^!%ClzWHL4|&$A|Bn
z><h08wDt}wA)B5d8-H;Veu7~|<5)F4<cjIT=El~zv^LNM;4o5-1fw*LB(N*x*Zr01
z3^n>^?+{ndCJLB#-Q2MjE+amBV>ze8v22eePL4rmi$KnLM0%n{^0CJKAe&=g&MzVj
zHaA`yW533m4pJ2x5({sCH^U^FLMzERcrwMP$r=Cd1eY#l(tSUUo;ho{P*_+5*yF@q
ztOVlM#422uj6;-@llTNus$2A}spn;!BeXJZsJWv2d3?LtU&|!9ex%Ke&Dtt0c7Z)^
zB=t?inGKq9vt%}}9>@*q!(qsbNhvw4jgs+orxS7e0#@6%VARYUdThK*m7r#rqSx>N
zEGI$Q;e29}QRewuBT}7yf;XIIVtZ$W0-4+2*)PZx@OwBYACHU_4yDh1MJE8pbLD);
z4+}lZ^p+4f*FDOMu7HVH=wWr9PA$_}V@O(NUP(RCoWSyaN$E=?0c2D3<cfKQN0t-2
zn5bait2?hl2Sn;x&sM{|%<V6CgG5oQRBL5!uj4lJdRorQWO~IBeE1w^a>+86XwFjO
z;+;r2TI9t+(~rkgpCMDDQsGglQ4EyVDC?uIt=rkaia$>52TyUcf)hRm2@Mb~t3H{%
zrymt#<7hV8m~HP^6;;9!edk#wYClWG75YK+?c`8;?B>nshEI1cwx9iw!Ks<!qc=8#
zHM6n3tCS8~U@xOms;J+?XVD3x6vs2od=wJH>0mhjGPSi?O=BW77OB-*;<fcM)vZvg
zKYlRYrL~3T^4;b>XlHo+R$=>s?^ZuNRWT+t-9t>3!ZWj6L8ApU;JV=&0&}HX9Cj6v
zTWw?vFDVukacb|cSZ!I!cI=kiPtV!TvU_2~7Qb6+GW7E5wq4Dw<C{7SuY(lG3UJeI
z+StYmrWi!(*QiQWK2yj|j<AXQF!1<I7QM<`={n@{m<H|aXukPWX!O7f0h^hntu5m0
zsQj%R6+tmk8m5~;$&rg=T&43FSm(7`FC(w3I<hH$eK+{PB`S7LXUqJS6>*E!ROkJ;
z5ZC5@;rU0eGLuR+;+i)l@6}~Rh2fqr`torrqQ4@0!#CSp4HbE+gLdH9=KKu<UWq9D
z?(3St6glE>C;^+w#U_c&WIW|Lm}|8B{t07>X4&CzG!@A7YYd}YS#b0vm7@K<E5mC8
zA6R`ixKKIo?>U{tr-$jYr7d4i@=>(1mXg?hJi>S^Vf4yriSq)uG_{-*JU;EqVB(4F
z1$t887Er}=LGaEAVHjI~!a2F;<D(y3-{$7_zyBbx9Be$r$d~itlgM&QP0Z(Lf*rlq
zN6gK)jRgr+-^WD<oKL>lL5AP_kUP6`dU}+;d%L*eVo@pE$d?Yf({fiB{G`t%JovD)
zx~B5MarR>2zCZG&oDr?dXKTH;i13RB%erw%9lLXO=`qIIp`sUd`^2xgT<_Gn7o>U|
zE-gX;T#5~b&e#x7tZtX4uo|<E+}s%<+DZztjND<r-lMH0NkPU$Yc)BYt5raBKBjz^
zopYLaF<LZn$u4n!a?7Qgv~91TNcL-o?re7@3Z5Cxc<p25lhqVo65L_$<*uCbz6<H@
zErIb~Cv$Hm>VLoi+uO39%62gMLbR#k-<Hk7RkP^Q8oJd&Bv{~M7?iZzT;JVWfby(q
z)AIR}kRIN%t;@WOmk1wrsvl~$O)QZi6s?A7wFtV~3yJv+MO+<npNRL`INP_hr*s!N
z>NH!vH6Pt0fQIpIIa^PhCl9zw7Ldbk7s+%(!@o^JtG~Z&kn?<0>$42#KoYN&&$)*a
zs_{Ijicc9U%Dvw_WVC8h+??`WKW~?RVksV9!ujfY_M9;2by4@VK(Asv&iA{`9)XE=
z+H(7|xDN_U=|;g+-S<u#e)vFC8!2U={T0WUkn+??aj_Sc=&bc7xf+T@-C~~J#i+qk
zTu)2p>0Jk61+Y3cD%^c=%`F%*yNw3OU+CrU-D>5*!y=6<V~<JgWHj<1SS&Ewm?TXV
zqX>Y|&h;>Tn8Md;JYF{$T_ChF^q~2D<;xsucTkMAGemuD!Qs_&w(ccA>q|PRixtci
z@%I#zl?*`j?xdS5WcqU35~t<I(fKJ=8am@1_2H3&&lh%lM{T4GZ8k3n=2LK{yYw_f
z>J^cYZ$1@c$)dHM)5ykG`pn3e{lPua=e$<jm19Ou>1Iw^WoMqN-xLaXZT5_@{n49+
zb@Tqs5`!mmM!i~Z?iyaW_LRd=PtC){-i%0W(VLh2f@EX-KABU)&6Jaw0dnuPqO=s6
zR`H*!vO#^~pP9LT-U<2Awro*05EDlo-N$M=dqV7eDj_7nrARTLGo_PR{=uA2WP$%h
zymjSt!H3=wLfyzUD#3XtidAi|y!gw=X!!h)tB;txVB*ukhY!iwrfQtE(m`A)6;z0b
zSf_Wk)cs=H;(ip3y!?HZA3Fk`KLpAI9xdY~bWT#wKDw(kvR!rZ3W%87&}((?{n|SX
zxu7r@*e=XBi2pLIk=sUxJAsR{H?MPPU}V#N;KS`6;$~3~1+LyJ671m*?_Kcs9H)2+
zyF3pMji+z}PVt9>+Ownd>CvucRkXLRt-0-DhgZze8Rrb#svWB@vVWFfCzwb*;3Gq#
zZ?U&@m$Yrc{03;qZ-2$?VZv(*9NWv)AFf?pXkQ-d@Ar5;@S^n77txImPuzyP6W)=K
zLR!x1b)M+SaV#C&>*q*{-}pR0wpgV(Jfq!_6}@WMt+uxll$jFZ;Su3<LX_tsXh>#t
z(tPyQaYrjoO+w$O%jVb9vtGvDZ-0Hh`)$B!Bm1OYO<%{_K%KDpoOnylrqm7Xc=NUi
z!K7W;re!FcdFQRwr|Vy!_t=M+vsDd=XIwZkn?<9i_&QivPX`-9BwI{|uOiamoNgQA
zw@M#9N{5BcMDJ{?xEp!YCTDvVeQ<a4Y<qA{zn^*&y*+k1DoQNQa9CaU&9-c5*b>iZ
z2yI)*bQ9!7Y1*A<Ekjq@a`!o|d6T#<DbK19=`UFMeeG=Z6M3Wf0+qYf@4OIM%w9~H
z^OdZ%J!NB2z|U;=+6u3-$hc@=Sf-@c>`5WXQs!qY6HN=UNZl)&ecXd0rB~Pu2Ym{}
z3rUGbEzclF#OX?e3c@emRmz=Kl^`nFYs~+Qv_AjN!9peZ?%;4^zIZ;~n>*`Mo2DX+
z4rU(MBR*Y?YgInelkAy8oe6_V<Df_WdZQPY^goWo>bB@*46At>sZnHPWnRo&%=8UV
zbUInV5MCW82_L8(Ze&OkZI`_}8Xn)r)*!B|%Fk%&^(EDb<b87aedYo!i90@&m7!`S
zE~?@*=1V@WAeN>+A&}|odlJZa?APPY$auWc<%`I8(rarJNCU*Y@0UafucTskKvM}0
zMMgO1g!+RN(G#>Z?zAn5SCTaAh#p0~QKWgUDzSI1i8`f!NA3am<V18781KuQD|Lby
zW#Xx!tM`f?Ytzi6MByehmE>j>jh;su1eUKRsn$7dPbxle=HMKqDv(JQHm^9I(*Sbf
znWUovvhUj-E7_u8-Z~tsOZECyycbbKC%ovM1h4Wl^VXceEjDr>-)SQz7@l&wg%^le
z3?(QBwaA^`l}HNlkdst4M#!5}nTdwWpsSRp3HM7C=>l~IsR&l@eoeFVid*<#1@>ey
z<-3FfeVt5g*!OPq*4o=ZQ3m-MgB$GRbYx#lCG68JYDC7(n&7??24tJQ%+xe`88dGJ
zp;rrqT8T~wdFi?kO1kZ``E`BDA>kL3$tP8stc`ik6BwU&jB!~hDp`AjFz+5nSq;ZF
zhwQX?k9Z3WC2n!pMop!c33kx&^JhV_o>rdhjJSjT%$=Yc)fG#}teyQk0@c3|5{@fJ
zbCCyQ2{MztW;!cQUgdmDN0GUM7su3bm?m7#K$QI>Hjd$)dt{UeEP3@4C$Z{I-j;5v
z95~0|jL+A@`}AQ=pf&fnatRJ+-8^=^&n|)5V}1+pM<#_ACRLZYX;$tGUy{TzmlTyb
z^(4Ge^+vBW{l`1PLZYmyIW|5MMuxXY&UW;X-C1@%K7OoAluygqFWA<M{`Ot+$1=D=
znbr+-1cnXbRipAXRgYC4hc4hVhJW1jOdbK1NWWw;rw@F<N>a*VS{%N4%J`YKut{?t
zBh8r%JQqqeY;}3Eu-jy}O3D?I$uC=7FR!nEt?ZO(tg4C)Wok^&^_8u<M+Fu=bBBP+
zEsn}V7B~F#nOS7YOAo2G1Zm$3<Lh2NtR3+Zr_@PLFm=tkYqTRjUb-e|ZgPd?W2l;p
zBl7|sz6SKf4dIkwgeeQnC$#@P#Mq_&(@B}~ZHQu`7-$T$Nif+>kd2}qOAIy1!sIpG
zXC%C}I4kUu3W_J3vCiMQ{8AdHL0H1w<N~>Cy_Z8KWudf(OF&OVXSaGUlaQf8>z9+N
zm!)m7#>L~QLpRlL5eQ3X&<@kwmAoUk9e~w$Zx^po18c%9xV(o3?~Wvbj!HGU%}F2$
z{}n|*Vc#_wE^p6g4Rz-v)cas)R#j!uOG5ZviV=LD(75r~qtsnyh=@;&#-e#IH6`9-
zoxb@vh`QTmdcZr2WO(@fLa%i}tXD|FV&R&7ZcNL0BfElXgXa?hdh`hwuaPiZu$O&q
z4jp;lMwcD8<wp5jzCKQ1t-r-xc*J~yXXv#dB{WMn%fay4`H;c@6t1XUc);RIv_3sk
zSBI1?g&Jjk0{$HTK);Zwt$iU{mp;zT=T)sK8)QHt1325cpZ;M{1#imT#rgcT_1;#d
zY8<m{O1oFY1u?H$M{)3N=VpiO^U-J_bmioAnX`+zG?%9xQydb)bb7IQ2Rs#$@wg;T
zpoYa`<`e2(@K$t>=L*|fnhQK(`-s-@E+de=rXAT~I-9qWZRu3o+mC$cfPJOEEcBt{
zSro*bPPk>gfLt=IB=S}OA37%6GA>WCe!#ocff90z9=OXdE<hb?{kk+2yg0kwRv>3F
z0Qa$C=Jo67N6!eID)IOGGmu@^xJnc!5m)WQ9&pg{xaWrn^mDtLNxsU)Yhhc)AsIJk
z9F@OerS+K&%wk7niKlwXu~s6ouNN0<z9#gfHS?<$VFO7`*3#@V#e)nsTtHn$m}T}L
z4%1EHD%Fw|+Ov|PQpk=-xdo@$aTd9k$~JGFUK4k(wqY$c-gtb>kWX2Upi3?g7RhWJ
zuPsC$@Z`43LT!SC>Inl5&X3VfbcCce8kUw+nk(X=bv~7lGpl#rDS299X`5FVHmT8T
zgk?TsAmh=P4<}f@5U*Jw!Caz2S^#!QR8#aZEpfbgria6a*BSXTD0t@>#lngDG4-^W
z?&$IyIMEhX#R<kQ8E3y{2=qUOHJ!|f$RL(cJu@#2o|M9F2$A+2FuZPH&FmwPT)PB&
zo56U&vx^YM5?qZUB51fHc?s`1<(U&#FNTI*z$Xp2=g@T)Iz6g?EKy<;jh#vxYch#P
zK&Ogz!9aWthXeaTL=gBsa1uA4kF0+h<K)-tVR(D^AKf}%KXdu48A9q+dH$3(GO;~n
z><w1;i86*D=fM6C_`|R#)7%R%)Giy$GXsZ)Sxq96={#^Fo*K4@<4s?(k89#o{)^NN
zr!JsElT-0%u$Bs}E-5BQhmPM=JLk>Hf^|3R*t*O+vUd^Gd+pM<YILrtwL)$vQzQF*
zOer&uzs}hsoA(Q8sX+AGBwZs678&yBqz<}}d0Z#tozJTRo|=3kPLOnJs;k<=`Bd*4
z<2}c^$<t`2(_BQ*S1#E^p5wNP4C@E-O1C)tG#fp1rEs1GD+FGHaakA}5O&JPvJ|oi
z*C&WiCDV{=J!NMjv+Z*ijKt9i=c37KZ6N2lOF!oJei2dF3><G?D<+6%crS{XQ|76#
zypISUA*WY46VhA{``J~qH~582GlCs4b%9yZV^AzT@~*Z5xZ@}PORm|B?lNU@UCUdv
zXa%0q%9l7%Eanht*Gfe@Bh7mR9feBa5i91px*Ym(kEuUFlBMdHY1=Kb-mlT&IS$Qi
zK2hB26W=CLVQXGvYF_8au$0^HG-AIWnSD16q8A_GW)ptv0>cwfDzh#zLqD`SI7srA
ztiUd-5c*3T(-<BhRTTSsi)m-o*@#B`(hNs|!rpY9vIy;TsWF!uHTd&Hv(y&r$uKM`
z_ZxigLKNUN`PPwz5whI*cor+mT~_Jj&-OG&l&2qs-WqI7h`wzVm<TQ>-zM8t-UtVs
zK6y$cywkP$ndj4X$xrI#IFSh)+foHzeF`2%p1s@4%W0@$bf1SUrVMJ980*%!8e)Ba
zS>gH__9?}ylW7klJa0nZQ6Cc;zk5YD1o=gky%o4yGEyjQ{PezL62v=Rn5#M-CQFq+
z+WF98E-tva*1n6wnN(eLgstqV(yTaEA?N{{Kq<Kj((<KaS|ZDh&c(nid?K}+!3W0P
z_g&TER=hd!o~R_2^@rL=+NIky3BFgE6OAynlYACr!Fs~9$KzBDPC>vpy*8&1VYpAQ
zpp6xUI(_VNv_l2D*3%|^X4b<XPwg?y+SV3}w?`g>vis==oOEL$PnxWlqG_sg^zxni
zFGgCqmwk$$kZ~k?+jW*T&B;PBv@?{Xa^^ZYc*}rD!#;gjY)?Sw!;E)#PS@>>_>jai
z>In@>YhReST5cyY#0b8VEm7(Jn27tqv!uPx#0tAbDc3gH8QgjHWlm~$$*DSNGty5f
zFD+>JH(6f_R1@BBeJ>cBjeV7?fu-EC;Laz$0GM!Ufm+{CZa?mb<;^fB;5ci>mc|n7
z`vVzS?Suv-dcuL>y)62luCEn*uz$|2Y2NwLF{V%4H~pm@P9G&_cyCV1rTcksq}404
zXZOvdSx?70n5a=D-0v3MT)-6)u6=*$+QaNZb;f>E<Mmo4o_pt*^}9}tynY;~ioR}0
zVvE}`sd~Y!OKLp)&dTZRxsRFly5ZzVh_Ye_mrj#A*^a<d*ub-W!=<GzKfEl2wS6d)
z7>7Wt@L5es56<wf8Gf?CQl#DQ6gKdKaoS&;N#!}m>2L-F<ibnu*h18$KU1x-a_|TX
zQ8kA>y+!gVDVC*M=Gpx96q=7b&nN^LdAfS|arJf6;x}BB(a6UGve#Je8<Og^Dk#%%
zxc3<~P)L4O@n)8*%<w5fnmi1v(7NNO&-vjZteICDc`jQ9nhNRE8PK>;@c!$(Huqw4
zL#_q=_Jf_z^12W2qF#nYppDZ!8eT?}<)5=o-s(!#u~vDqT<bD5jJ)OADl_6yqdC$h
zS_(yl&+6Mu?`lMM*g;WPE>sJT3!ZSGXSGVjnys|ICa|xPc;rQLZ9U{3nSEb8GC41`
zFtqYYZF;`v^5X1@AzxxyRKtuMs~eOi`PD4c(3g%#Ex2XlHKLo#`=Kf#ttnzLdS&F+
z?V?SYcja9K@HJwvLc6zaGuhdYrq;mCXjSXRuP-=IwRs#UE#or*PeI0kexY^3ndKT=
z7pf*jpIw=(Q(f8RzDpn>zBi|Bt<d$pPwr{9w8r8SoB)5K<{^cesW%T!C471_zGz2$
zX7Sh#zbf6(m+AEM;-w2&$dL<gT8!Bm_n(MIGFC0FedI*nPjc?QJ@)xIxo;{_l5goF
z;rY6B;?K?9o2imJ0aSA(j3vt<Zkt_{J5_w5vEeF{6BF&WB@=fy0ndc08Hrv36ZolA
zwO`s4CilIX72y3<gki37pJ^=p)^ai1PBzQVWCzxQJh7<W_5F%dVq<lF0;G(NHQ{2@
z(+tr|=8iibtxs)O6N?r|wVus<J7N&T$nkdM-9*laX!v$nAfu>G)kOn;(ubqiq!iA0
zwo6jt8>**#8!AQdLrHCy0?vK5KE(jf-L_l8F6N$QxVN;s5#_wmGrGONGr7Q3y>S<M
zq8he7?A<l^`sU`a^9dU6&lhcd+Bw{fEn)^dutu(#i+Xr)R18!u-0T>R@@zL`FS$rw
zG1ta3Xvn@~c<yt8N0*a_<695fUg63Y!nRBE#ZfNB?bXHMDv1!Km&H-z`Vwo|jy}z1
zKC47N?=Mt<f&I;)!P|i-{D)2gEp<JlRL(sD<6|s7LkngLWsve$)QhyW!iviza0c4R
z(kH8)eBfxhNoO-&N`LwIpb7FYc~9?xdjq^<*34nFy$yUML3$-l$Aa{n_*5%#6`h;{
ziO-B)_g@Q8*!TLpnmFo1zD{C4R?eR55qNf~%L!Y53HY+h<oNBt)!zBK7cPS!)AYb%
zhi=ya)^e@zoTw#A0^@uV<BOp=5lfb*hgrw&k`Fs!ZOHd7)bSG=jokM34lW%w9n=WT
zmX+dKXsWjx>P>E);7%#YKjkq>{vw5_Sf$=F>JhZPF0BaCcBaxHo6SI<#t}a4n$6a0
z9aBfMnrBMOPewog`H|XS)dyFeA<s2V;^M1kjoeZn>8HMZPV_m-7Wg{}wBr<I`FOCp
zV=dZ8hQpD!rkSnW{@E@4^JA%(k%Q{Qj<%YvmyspTjj$JLcj=}!xnplp3ABt;#yJI4
z#M{N(q*KoO>Se2J9JY4OeitTiMJ(7Y1Qzdj)(A(LyK_|L#JUULu8V+Ci3zy)-EFGt
zrY9*Ugf=rHo#qt`G!P-r`))jcp61%^Zh&jA_1-zkzk7O2!I$z%Demg3qM$G3v`XHp
zMBk3Oh+kkrdfh6Ky$nU7ekka9ovS5idb)Sn{+^IGIFW5E_Axpw(CWdc%iUXCq$Zbj
zY0^7P?)vj^RloOl{7PUzxb#q=1gAnl&l%inED{`Il5?r*CevdlN?uqlE_qv!e8pJs
zF>UO-SE*H8C&~xac~t^j6`e_X8m5TMNj6JlTW;_bF$Aba(L&urSzAJ(3;G+7kiGW3
z$8QRcNAEln|M=!OQl0$9Z*qqR>9E7&0N{fENMHkheEs(l*a|-#2Y__3vE-3Qo7&r$
ze@|lbBYr$19{~l9$cMuCnZW!oDCR(N!9P9;fKTxEsqBN4-_J?FUrz#nLjUba06!d(
zKhJ`N?Jp~NiGzSVL{zh%lxh82DtmD*_DOaZ?#Gsiuosr}+O5yP)#Mdr@`bs#efj#|
ziVVeLIs4C<V9}hsn1KxWm{Zqw;z>`@TzO@0j4x*}lh10Qm-F)y;ZL(z8xou2u#&e1
zwL@~<UrS!=ZsVSdk&%|rB_w{GwA$4-;~02P^OfxON^X`gXv@yinCEtkS)+E>Q`4dZ
zte#jd9GNpw$r*DHAd}ra{(vpo=$d<5vBC(g%rowb^)<S|@qCQ;G{)msyxV#jXjW+i
zt<nTZTPRli5n=bjYrMzh5@VUJ3^JZeirHweT7SsgGZ^kg12%s%xRWB#xaS%V64*x=
zzuf1Rv)t#n8u?j_d478TcFW#r`ICeEH=oz&@5f)th;!W&`NH&(*Yp0{%Eh?6NEwQ2
zBUXed9KTb!|L|miztXYarmP{r{Ruy$tOXzt;3#@NCMZ~t3C0H;Y0rmwh5<(m@E^dS
zU;*IB0SFTu3_WNE2W)~LI0heRLx?%<9)alt^oR2Usc+yXKR<9ZK5)D}6b$?h{QUKJ
zf&=sU>39O*b(jP0fvocP8WG^k{C}93EO4GaCWo&MlEt8Q_!|^J@bEVP)o(E1Y=mzx
zekQ~>m;g``a@Y<)_265;;(&wp4}d?7_`Oy|MC9N+52gbY05nxyQ05v)v_42xS{9^<
z^h6u}*bS2}$2bU}*Fi0ds;Lzcq-yGdDKLQ@Vxx|9MY*|{BVCyQmSV`bjI^*Zl|*^!
zWAg9(U@)(s0GJ;Rg~I^D1Mn668DI#KaCAhWUG)h82?5=ifcps!ejKFgnE>$}JRRiw
znV^T?0qz3>1jKmo<Dh<p32-b2Plqjm+YK;JfOzCwP;O2D{u&@n7gI-9Ck*oDULYwA
zpi;)&#vG|GCkc{gLc6#jMMXhUC`U9vn=8}7us=u)Gt~bTBcR`iJtP6}ng?`!BmIyq
zz~LDGBk~Sd_5*pC5&zG~JCq*uP<p`C6BtSWQ~Dnfbik`02m;LW|B#~pp)`OiGXUa$
z#Quk<^}lX+kV8R04kZ9N)H=wa)<F-|?T^g}eDLlcDZ`BNf2C=_bt4$1f*h*YpA&Il
zk3SFr9AxwlBBW4mfG-4NrW7u&m?}HWkRT;f;CC?K?tq6M{prEi-^f4g$p_N3LE9rm
zWMyP!`S{>Km7f5dkB?va+XoChLx7K<=s{&4TK_;GARS#jOk4mC%Haic&+xlTK0r(z
zqzt%mCcy&<{)jaO@E2plfN}VN@%RB8_$7glz~R{Z0A2?;$pA3ecRUUR`yCGfuplq+
z_M>>Hx**-ZbL0Rg;O!WW{D9OU<S(!Sm~p@X3>N$t45fh2Hx2=hd@$JIvj7Hb4EHc?
z1c9HJewgoo-w*oA{1$VF0E`z9+3ztw;NT%Q!N5G=DCQW*UtkWyj10&TgUNTk3jBkA
z2deR%e-H$m7tqz;V)2b<-_bZ4n83h<<}cBJ1LGfv5W^UZSb-NFFzL5qJ@A|A-|^yy
z3h)9{{tLVgRq>l(4@~VR!T#XG{*|g92nG-+M!kM7EMQuOv8QkP{#SZ-$cS&s59a&D
z@f<+@N?ZV6fEnK52ctkgDbFF_Fv^EfI*d{t@D!tP7{$Yg8pGdj%86+M11cWB({=C@
z^F7e<AN?_HF=GN|g?Yz8AIvkR-8b1_a5#WtaKZ2hc<+JifZq?y6eG*;cw)>GXmHRT
z^KOj60MAg&_Y#M2DEPY({LEK4_^<TuPz2xPe01gj=EFe#i+ufsJ`CO8X~fWUz^~ua
z0TG1#&L1B5p>Hbj-Hr~T-B0@ZLuC4$zQQoF!N?k8Ll|CTWQ4J;Z!$m79n3Svbz|g%
z!4tq+0QxU*<rDY|To2g%9oM7r=P<DR1<&Ca9m3!M=-`3ge1FE^jiCX<(|>^%7$(RI
zu;O3X{86?YECRk^@{gH{D<SCUs(|pH%K|`M4%P*jr2uAvu4rT7s?T)bOqdR*A_w#W
z;S*!}Ooy5ZY#JOq0qqZk!~dh~eu!)bNE|FFKpJjlXv}ejN;ZymAW4*q1=8hUO#;xS
zjx<N>V|+ib(!;C_AsD^kheCnX$oHj=ggK@rA6PbMsmo(N7aUA&?9nJ8J7Cq|$m_xD
zVQOzLZiNBznxh;z0Cax9=wK1^BU}C+Mo@$xfRO;88DJ(j;Cq4P5+<_#6;{@0w3Dk4
z2;|}6!He=Rb#>xJxmbaYqVq$j`VSZchVt>kf!pB(0q%o&VN5VMm>2PPkg>w7xm<az
zP$(;VB!)d8Q_w$=vjQPqO`U9boLo@0fE;+-T#+uWAajthxv{GmkA}UhuH8}me~5Aa
z5&oFqet<O-91a0k3*(3J^8bIK;D>1VpHKkcD~P#Y55s+aIG_;xf^c5Q-=e?<ZS7`u
zz<e1E303)TOt&?4H|4QMTA2cCU>jFgH>4{Fh(bsCjj_Z3Tz!F!JpfxlC}2y6$b$L)
z9<%>8s&FXmD5^h%pZ}P#hn9AT>)*CCtG|scKcC=HY<~zc{{glTh#;WI`~pzG93g-y
z0$V`{#D7~2e#2XgBmM(5fMdKE6bhIcpa*<_FN4Aac!3L1|Fv)Z?#2E-Z-0X=X6f|@
z*z#lI9TWirj0*xx5}|?!UV;BEuD{WPKZ{u416*MMf58X1!T^l`|Ce$7#TguIy8QuP
z54C^~h^~h^0QtMY<L}$oueknMpo2pJg#|9{1-us&3<VSc6Z!s@5;(eB@H*PKqJdcF
z4sv(1cLZ4=(ZHMlB&99G0|6%EJc2L;;)oXju3!BlO@(04gn;=0eT4wl1^5CenD;N|
zEZ^<Q!p7Cy%@v5qE~XYhM8-@J&>(A+2ag4c$A$;#X>RXkf#h*@LYmuH+L-g8F*~I;
zXd8DVj|I{R*tG_>Ol^>^JSa;ZSCj)1ZEfRd1@t@ojt7_}fdvEw!AGh5vycZ&nE}ec
zFhBsng|mD>ECIve|26MnW{)xhMC6XNM>&DiWhA68%kVl_9L4<4!XL0g0PGSo-2f&U
zz)A$8`LMrdpY|v#D}blGrcS2j)`#)|KrmYnm=^*9=1LYQb5{^XYKIL#hhI7((IAb>
znyL~`2QqTuwMIMGAEo8b;v)<&34SIxAHex<Qzu|e@xMt6u=DPUvPb?UDSs9`4^;`1
zbA&+Pn9vER)8CrK{x1sU4+AUo!1N&qKq!!dB?|=hHv_<*`KdpPs0ZE@4!9}6jNw3P
z4RBI_YsUI#{Qf(N^M}zE2nYheHY*&kWH1Z?{10RS|NZje+hWYs-V$c}yTurgMf?-*
zf5=q<%tj4@4`Y>rz&iHd&#25jkh~5yXqQ8$VquCl1>B#djU(XQ0gD4+g5Gbu2Jm<0
ze}W@K00E!}U<UXM1ZKv{2h6Je7qR@aIC{Xzg9-FOoX0G<|JEexpDS2kvHg$LE08Wk
zx;VMmxB~GLY3}A?gZAP9JoeEg_(9I{4`xvZOK=Df2Z0&i;T#oM4F0Vhfxj`A{wW#)
zF~-dSpyuE#0?@&l@t+i#x!Kzz(Ke0{UMCC7BO&G>5Bn#iVOHl53_0II3<Ox){w;O+
zza#C>q9^!p?u(i6exLnfRzrWs68;8h-<R#btS%2y;C~<p0l+~6ZW;mv6$pSa9QL;`
z{WEv{cjhdxKMarjfbRjQ01H44{PzEED*h~b9&WlF&;iUI;s5`o0p>eOh!hY-0O<o+
zM=PN0<FF2d5TpW3LJv1h50jKk2U#0Oz;Q4g{Kp6E-Kw~u?QI+}wIT<5yo5la)Y0k!
z(ve3?gX72jQ=mBPp8-h14Q-8b`IaGtVYc5f+t-+_ZA{t)*wV(NJTPf4$Pd3Cq*gFn
z^HRX}yOayk6u8Oedy*As`j0drCbNKf9Rz3w)WTS}nIpfqgJHUV%j|s5O29A~2+Yvm
zhyS*ljzIwmz%VF4`MwVcgji`)H1dM95U>;k^FbkCK)MKEQOE~l=i_6?_|fkrL7py1
zOF}+OSsWqos&D@=b5)=~!jkC#2IL?C%$W|pV{$x%VIDArGnjw>gh2!`bu&N0fWCtK
zfHV6M24E|Q2}?i2_#pyE+5wq0Fy?rTqwO&DK0m_*fknd4FrY6KBkQB>FcXZQV8G=o
z{71$B`ob}%=^Sl`sq*_7218)7-9N&Bz6eZa>PHwKklKL!GA=MZ{bgL3AoLd)oDWlU
z_2c`1)E5MD1U~=<J1P$V#*fKj9O;X>-R3Av5dO=!K-XVn3FL5&@E+J{g<<YN`gsg~
zeqjE66o$YQd>m;fcvO}^iV4jBOJ4yfrn>Ftz5;NdOztR50CP#tk#>T>B~V9T2=K2w
zKme6uzqEt@2FCv@&IklhrgvlvK|V}n%g?w70yq8q0)qjifJfV5O8kz(5SYZ&PwxXV
zgTH}6Fn;r=c6@+{j_`mF42NPWynbv4m^t_tn*oB_QN04%!7!ymNBRn2Dgutc5I|`B
z83qv$IBMs70PL4>A;8Yg5xxMX1v_dp0PI)a1cSpd1wcRH0>Ci!ZAV}NM|B)Xp934Q
zN89luFtwCF^@Z~T#`+5kNNE280~mM|CICKa3qTx!Vs481X$*dV+@pQ@fpVFn;{rva
zzsQ##2AmG|%lm$@Hz1xtFa?}HjVr(p1s|2A06+XUFhTfHoCO3RM{NOcV8DLCkud<+
zFL40@gZ-i#2$%q-Wb`Ne5HP`C;({RLS9$>$rqukWzJd_JU-&Eth5e#0g3#aCIpFM$
z@CB2c#}v>0I0gVi9OXR_2O+<K0YTtsUm%%vgkB(k10nNhJHQnm^#^=FNcja9DDdx>
zzVM?q4UED6tFMD1e)acILHIA@!hnE&bPO1<75NK{AGnq8XI=s25x@8=Oo02LFR&|Y
zV~=#f6a#D6Tt#B$Dj;<f3RCC?SSnEH29kHQL;+8L9v?hOGwCyl$Vl?RB_$*zC7@7Q
zX&FffKU6|Wh94{|!3P9D2?$V@_3xWt$^@iQ=2F&3b30cz2PO~#43(6SmX?75!3Qo4
rM?j&{2slDg0+@k;1;LU~%v{nHZR&zPm{tLZ3h?t2va!ji$P)fPeAjW?

literal 0
HcmV?d00001


From b8adf7fd37b2756a1c77c5cec1da1739adf17041 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 21 Mar 2021 13:11:43 -0400
Subject: [PATCH 745/812] Suppress CVE-2020-9488 and reference Security
 Advisory #4

---
 suppressions.xml | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/suppressions.xml b/suppressions.xml
index ebedb9648..b99913788 100644
--- a/suppressions.xml
+++ b/suppressions.xml
@@ -12,11 +12,29 @@
             For further details, please see:
                 https://nvd.nist.gov/vuln/detail/CVE-2019-17571,
                 ESAPI GitHub Issue #538 (https://github.com/ESAPI/esapi-java-legacy/issues/538),
-                and the ESAPI security bulletin, "documentation/ESAPI-security-bulletin2.pdf", which
+                and the ESAPI security advisory #2, "documentation/ESAPI-security-bulletin2.pdf", which
                 provides a detailed analysis of this issue in ESAPI.
         ]]></notes>
         <gav regex="true">^log4j:log4j:1\.2\.17$</gav>
         <cpe>cpe:/a:apache:log4j</cpe>
         <cve>CVE-2019-17571</cve>
     </suppress>
+    <suppress>
+        <notes><![CDATA[
+            This suppresses CVE-2020-9488 for the log4j-1.2.17.jar dependency. ESAPI does
+            not use it in a manner that makes it exploitable and ESAPI is unable to
+            eliminate the dependency completely because our our deprecation policy. That specific
+            CVE is the Java deserialization CVE reported in Log4J 1's SocketServer class which ESAPI
+            doesn't use.
+
+            For further details, please see:
+                https://nvd.nist.gov/vuln/detail/CVE-2020-9488,
+                ESAPI GitHub Issue #534 (https://github.com/ESAPI/esapi-java-legacy/issues/534),
+                and the ESAPI security advisory #4, "documentation/ESAPI-security-bulletin4.pdf", which
+                provides a detailed analysis of this issue in ESAPI.
+        ]]></notes>
+        <gav regex="true">^log4j:log4j:1\.2\.17$</gav>
+        <cpe>cpe:/a:apache:log4j</cpe>
+        <cve>CVE-2020-9488</cve>
+    </suppress>
 </suppressions>

From 504197b7d3a4e674cf2ff5bc82137d6cd341b966 Mon Sep 17 00:00:00 2001
From: Matt Seil <xeno6696@users.noreply.github.com>
Date: Mon, 22 Mar 2021 15:41:59 -0700
Subject: [PATCH 746/812] Fixes for #588 and #517 (#611)

* Bump release to new release number, 2.2.2.0.

* Fixed #517 and #588 with currently only one unit test failing.

* Fixed my pom.xml for #588 and #517

* Fixed an encoding bug that was causing an early truncation involving invalid escape sequences.
This was causing test input jeff\WILLIAMS to be converted to jeffWILLIAMS and then passing a
validation test that it should have been failing.  Special thanks to Jeremiah Stacey for the root
cause analysis and repair.  For #517 and #588.

* Fixing unit test to be windows/linux compatible #517 and #588.

* #588 reverted 9a84f83 and switched unit test to execute against a build-relative path that should exist no matter the OS.

* #588 Re-inserted unit test.

* #588 -->  Living with failure on windows to keep build alive for the pipeline.

Co-authored-by: kwwall <kevin.w.wall@gmail.com>
Co-authored-by: xeno6696 <xeno6696[at]gmail.com>
---
 src/test/java/org/owasp/esapi/reference/ValidatorTest.java | 6 +++---
 src/test/resources/esapi/validation.properties             | 1 +
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
index bf4f67123..ef954107b 100644
--- a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
+++ b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
@@ -372,9 +372,9 @@ public void testIsValidDirectoryPath() throws IOException {
             // Unix specific paths should pass
             assertTrue(instance.isValidDirectoryPath("test6", "/", parent, false, errors));         // Root directory
             assertTrue(errors.size()==5);
-                // Note, we used to say that about '/bin', but Ubuntu 20.x
-                // changed '/bin' to a sym link to 'usr/bin'. We can't use '/etc'
-                // because under MacOS, that is a sym link to 'private/etc'.
+        	// Note, we used to say that about '/bin', but Ubuntu 20.x
+            // changed '/bin' to a sym link to 'usr/bin'. We can't use '/etc'
+            // because under MacOS, that is a sym link to 'private/etc'.
             assertTrue(instance.isValidDirectoryPath("test7", "/dev", parent, false, errors));      // Always exist directory
             assertTrue(errors.size()==5);
 
diff --git a/src/test/resources/esapi/validation.properties b/src/test/resources/esapi/validation.properties
index 84082c255..95cfceeed 100644
--- a/src/test/resources/esapi/validation.properties
+++ b/src/test/resources/esapi/validation.properties
@@ -45,3 +45,4 @@ Validator.CreditCard=^(\\d{4}[- ]?){3}\\d{4}$
 Validator.SSN=^(?!000)([0-6]\\d{2}|7([0-6]\\d|7[012]))([ -]?)(?!00)\\d\\d\\3(?!0000)\\d{4}$
 #RegexString here is PURELY for regression testing purposes.  NOT for production use.  
 Validator.RegexString=^[^<>]*  
+Validator.avaloqLooseSafeString=^[+>=<?!%_,~:@|\\-\\/\\*\\&\\;\\.\\#\\n\\r\\p{Pd}\\p{Ps}\\p{Pe}\\p{Pc}\\p{N}\\p{L}\\p{Sc}\\p{Z}]{0,10000}$

From c9c3cebe6a66e6d864df89bafc51845fdf0ce919 Mon Sep 17 00:00:00 2001
From: Dave Wichers <dwichers@gmail.com>
Date: Tue, 23 Mar 2021 21:08:42 -0400
Subject: [PATCH 747/812] Suggested pom.xml updates and
 XmlEsapiPropertyLoader.java improvements (#612)

Close issue #614

Pom changes:
* Upgrade a few libraries, add some used but undeclared libraries,
and delete a bunch of declared/unused libraries.

* Upgrade a bunch of the plugins.

* Suggested updates to XmlEsapiPropertyLoader.java to eliminate insider XXE risk,
and other minor suggested cleanup.

* A few more tweaks to use autoclosables to ensure streams get closed.

* Remove debug lines.
---
 pom.xml                                       | 127 +++++++++---------
 .../configuration/XmlEsapiPropertyLoader.java |  31 +++--
 2 files changed, 78 insertions(+), 80 deletions(-)

diff --git a/pom.xml b/pom.xml
index 576c85af2..d8120a174 100644
--- a/pom.xml
+++ b/pom.xml
@@ -132,16 +132,12 @@
 
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-        <version.jmh>1.23</version.jmh>
+        <version.jmh>1.28</version.jmh>
+        <!-- Note: powermock v2.0.8 doesn't exist. v2.0.9+ requires mockito-core v3+, which requires Java 8 -->
         <version.powermock>2.0.7</version.powermock>
-        <version.spotbugs>4.2.0</version.spotbugs>
-
-        <!-- Upgrading to 3.0.0-M3+ causes this test case error:
-                org.owasp.esapi.reference.DefaultValidatorInputStringAPITest.getValidInputNullAllowedPassthrough  Time elapsed: 2.057 s  <<< ERROR!
-                java.lang.OutOfMemoryError: PermGen space
-             when running tests with Java 7 on Mac OS X. No problems observed on Linux.
-        -->
-        <version.surefire>3.0.0-M2</version.surefire>
+        <version.spotbugs>4.2.2</version.spotbugs>
+        <version.spotbugs.maven>4.2.2</version.spotbugs.maven>
+        <version.surefire>3.0.0-M5</version.surefire>
     </properties>
 
     <dependencies>
@@ -235,8 +231,8 @@
         </dependency>
         <dependency>
             <groupId>org.apache-extras.beanshell</groupId>
-                <artifactId>bsh</artifactId>
-                <version>2.0b6</version>
+            <artifactId>bsh</artifactId>
+            <version>2.0b6</version>
         </dependency>
         <dependency>
             <groupId>org.owasp.antisamy</groupId>
@@ -248,49 +244,19 @@
             <artifactId>slf4j-api</artifactId>
             <version>1.7.30</version>
         </dependency>
-
-        <!--
-             FORCE SPECIFIC VERSIONS OF TRANSITIVE DEPENDENCIES EXCLUDED ABOVE.
-             This is to force patched versions of these libraries with known CVEs against them.
-        -->
-        <dependency>
-            <groupId>commons-io</groupId>
-            <artifactId>commons-io</artifactId>
-            <!-- Note: commons-io:2.7+ require Java 8, so can't upgrade past 2.6 -->
-            <version>2.6</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.xmlgraphics</groupId>
-            <artifactId>batik-css</artifactId>
-            <version>1.14</version>
-            <exclusions>
-                <exclusion>
-                    <groupId>commons-io</groupId>
-                    <artifactId>commons-io</artifactId>
-                </exclusion>
-                <exclusion>
-                    <groupId>commons-logging</groupId>
-                    <artifactId>commons-logging</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-        <dependency>
-            <groupId>xalan</groupId>
-            <artifactId>xalan</artifactId>
-            <version>2.7.2</version>
-            <exclusions>
-                <exclusion>
-                    <groupId>xml-apis</groupId>
-                    <artifactId>xml-apis</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
         <dependency>
             <groupId>xml-apis</groupId>
             <artifactId>xml-apis</artifactId>
             <version>1.4.01</version>
         </dependency>
 
+        <!--
+             FORCE SPECIFIC VERSIONS OF TRANSITIVE DEPENDENCIES EXCLUDED ABOVE.
+             This is to force patched versions of these libraries with known CVEs against them.
+        -->
+
+        <!-- No forced upgrades required currently -->
+
         <!-- SpotBugs dependencies -->
         <dependency>
             <groupId>com.github.spotbugs</groupId>
@@ -298,18 +264,18 @@
             <version>${version.spotbugs}</version>
             <optional>true</optional>
         </dependency>
-        <dependency>
-            <groupId>net.jcip</groupId>
-            <artifactId>jcip-annotations</artifactId>
-            <version>1.0</version>
-            <optional>true</optional>
-        </dependency>
 
         <!-- Dependencies which are ONLY used for JUnit tests -->
+        <dependency>
+            <groupId>commons-codec</groupId>
+            <artifactId>commons-codec</artifactId>
+            <version>1.15</version>
+            <scope>test</scope>
+        </dependency>
         <dependency>
             <groupId>junit</groupId>
             <artifactId>junit</artifactId>
-            <version>4.13.1</version>
+            <version>4.13.2</version>
             <scope>test</scope>
         </dependency>
         <dependency>
@@ -318,6 +284,12 @@
             <version>1.68</version>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>org.hamcrest</groupId>
+            <artifactId>hamcrest-core</artifactId>
+            <version>1.3</version>
+            <scope>test</scope>
+        </dependency>
         <!-- https://mvnrepository.com/artifact/org.powermock/powermock-api-mockito -->
         <dependency>
             <groupId>org.powermock</groupId>
@@ -351,6 +323,19 @@
             <version>2.28.2</version>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>org.powermock</groupId>
+            <artifactId>powermock-core</artifactId>
+            <version>${version.powermock}</version>
+            <scope>test</scope>
+            <exclusions>
+                <exclusion>
+                  <!-- We exclude this here, because we import the version we need above, and this imports a newer version. -->
+                  <groupId>org.javassist</groupId>
+                  <artifactId>javassist</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
         <dependency>
             <groupId>org.powermock</groupId>
             <artifactId>powermock-module-junit4</artifactId>
@@ -389,12 +374,6 @@
             <version>${version.jmh}</version>
             <scope>test</scope>
         </dependency>
-        <dependency>
-            <groupId>org.openjdk.jmh</groupId>
-            <artifactId>jmh-generator-annprocess</artifactId>
-            <version>${version.jmh}</version>
-            <scope>test</scope>
-        </dependency>
     </dependencies>
 
     <build>
@@ -419,6 +398,21 @@
         </pluginManagement>
 
         <plugins>
+            <plugin>
+                <groupId>com.github.spotbugs</groupId>
+                <artifactId>spotbugs-maven-plugin</artifactId>
+                <version>${version.spotbugs.maven}</version>
+                <dependencies>
+                  <!-- Overwrite dependency on SpotBugs if you want to specify the version of SpotBugs.
+                       SpotBugs itself is frequently several versions ahead of the spotbugs-maven-plugin -->
+                  <dependency>
+                    <groupId>com.github.spotbugs</groupId>
+                    <artifactId>spotbugs</artifactId>
+                    <version>${version.spotbugs}</version>
+                  </dependency>
+                </dependencies>
+            </plugin>
+
             <plugin>
                 <groupId>net.sourceforge.maven-taglib</groupId>
                 <artifactId>maven-taglib-plugin</artifactId>
@@ -622,19 +616,19 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-pmd-plugin</artifactId>
-                <version>3.13.0</version>
+                <version>3.14.0</version>
             </plugin>
 
             <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-project-info-reports-plugin</artifactId>
-               <version>3.1.0</version>
+               <version>3.1.1</version>
             </plugin>
 
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-resources-plugin</artifactId>
-                <version>3.1.0</version>
+                <version>3.2.0</version>
             </plugin>
 
             <plugin>
@@ -689,7 +683,7 @@
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>versions-maven-plugin</artifactId>
-                <version>2.7</version>
+                <version>2.8.1</version>
             </plugin>
 
             <plugin>
@@ -701,7 +695,7 @@
             <plugin>
                 <groupId>org.owasp</groupId>
                 <artifactId>dependency-check-maven</artifactId>
-                <version>5.3.2</version>
+                <version>6.1.3</version>
                 <configuration>
                     <failBuildOnCVSS>5.0</failBuildOnCVSS>
                     <suppressionFiles>./suppressions.xml</suppressionFiles>
@@ -829,7 +823,6 @@
               <plugin>
                 <groupId>com.github.spotbugs</groupId>
                 <artifactId>spotbugs-maven-plugin</artifactId>
-                <version>${version.spotbugs}</version>
                 <configuration>
                     <plugins>
                         <plugin>
diff --git a/src/main/java/org/owasp/esapi/configuration/XmlEsapiPropertyLoader.java b/src/main/java/org/owasp/esapi/configuration/XmlEsapiPropertyLoader.java
index daf547272..a801397db 100644
--- a/src/main/java/org/owasp/esapi/configuration/XmlEsapiPropertyLoader.java
+++ b/src/main/java/org/owasp/esapi/configuration/XmlEsapiPropertyLoader.java
@@ -6,10 +6,12 @@
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
+import org.xml.sax.SAXException;
 
 import javax.xml.XMLConstants;
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.transform.stream.StreamSource;
 import javax.xml.validation.Schema;
 import javax.xml.validation.SchemaFactory;
@@ -99,12 +101,14 @@ public String getStringProp(String propertyName) throws ConfigurationException {
     /**
      * Methods loads configuration from .xml file. 
      * @param file
+     * @throws ConfigurationException if there is a problem loading the specified configuration file.
      */
     protected void loadPropertiesFromFile(File file) throws ConfigurationException {
-        try {
-            validateAgainstXSD(new FileInputStream(file));
+        try ( InputStream configFile = new FileInputStream(file); ) {
+            validateAgainstXSD(configFile);
 
-            DocumentBuilderFactory dbFactory = DocumentBuilderFactory.newInstance();
+            DocumentBuilderFactory dbFactory = DocumentBuilderFactory.newInstance("org.apache.xerces.jaxp.DocumentBuilderFactoryImpl", null);
+            dbFactory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
             DocumentBuilder dBuilder = dbFactory.newDocumentBuilder();
             Document doc = dBuilder.parse(file);
             doc.getDocumentElement().normalize();
@@ -119,19 +123,20 @@ protected void loadPropertiesFromFile(File file) throws ConfigurationException {
                     properties.put(propertyKey, propertyValue);
                 }
             }
-        } catch (Exception e) {
-            logSpecial("XML config file " + filename + " has invalid schema", e);
-            throw new ConfigurationException("Configuration file : " + filename + " has invalid schema." + e.getMessage(), e);
+        } catch (IOException | SAXException | ParserConfigurationException e) {
+            logSpecial("XML config file " + filename + " doesn't exist or has invalid schema", e);
+            throw new ConfigurationException("Configuration file : " + filename + " has invalid schema."
+                  + e.getMessage(), e);
         }
     }
 
-    private void validateAgainstXSD(InputStream xml) throws Exception {
-        InputStream xsd = getClass().getResourceAsStream("/ESAPI-properties.xsd");
-        SchemaFactory factory =
-                SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
-        Schema schema = factory.newSchema(new StreamSource(xsd));
-        Validator validator = schema.newValidator();
-        validator.validate(new StreamSource(xml));
+    private void validateAgainstXSD(InputStream xml) throws IOException, SAXException {
+        try ( InputStream xsd = getClass().getResourceAsStream("/ESAPI-properties.xsd"); ) {
+            SchemaFactory factory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
+	        Schema schema = factory.newSchema(new StreamSource(xsd));
+	        Validator validator = schema.newValidator();
+	        validator.validate(new StreamSource(xml));
+        }
     }
 
 }

From 9da70d2691d237a094c89971f2fa9eda925846aa Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Tue, 23 Mar 2021 21:50:02 -0400
Subject: [PATCH 748/812] Prep for 2.2.3.0 release. * Change version from
 2.2.3.0-SNAPSHOT to 2.2.3.0 * Add trailing / to owasp.org URL * Change
 Dependency Check parameter failBuildOnCVSS from 5.0 to 1.0

---
 pom.xml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pom.xml b/pom.xml
index d8120a174..4e7324eae 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,7 +3,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.owasp.esapi</groupId>
     <artifactId>esapi</artifactId>
-    <version>2.2.3.0-SNAPSHOT</version>
+    <version>2.2.3.0</version>
     <packaging>jar</packaging>
 
     <distributionManagement>
@@ -49,7 +49,7 @@
 
     <organization>
         <name>The Open Web Application Security Project (OWASP)</name>
-        <url>https://owasp.org</url>
+        <url>https://owasp.org/</url>
     </organization>
 
     <mailingLists>
@@ -697,7 +697,7 @@
                 <artifactId>dependency-check-maven</artifactId>
                 <version>6.1.3</version>
                 <configuration>
-                    <failBuildOnCVSS>5.0</failBuildOnCVSS>
+                    <failBuildOnCVSS>1.0</failBuildOnCVSS>
                     <suppressionFiles>./suppressions.xml</suppressionFiles>
                 </configuration>
                 <executions>

From b77feb23bc84a76de05a58c92754d5e2362f0762 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Tue, 23 Mar 2021 21:56:18 -0400
Subject: [PATCH 749/812] New release notes for ESAPI 2.2.3.0

---
 .../esapi4java-core-2.2.3.0-release-notes.txt | 288 ++++++++++++++++++
 1 file changed, 288 insertions(+)
 create mode 100644 documentation/esapi4java-core-2.2.3.0-release-notes.txt

diff --git a/documentation/esapi4java-core-2.2.3.0-release-notes.txt b/documentation/esapi4java-core-2.2.3.0-release-notes.txt
new file mode 100644
index 000000000..df95a77fd
--- /dev/null
+++ b/documentation/esapi4java-core-2.2.3.0-release-notes.txt
@@ -0,0 +1,288 @@
+Release notes for ESAPI 2.2.3.0
+    Release date: 2021-03-23
+    Project leaders:
+        -Kevin W. Wall <kevin.w.wall@gmail.com>
+        -Matt Seil <matt.seil@owasp.org>
+
+Previous release: ESAPI 2.2.2.0, 2020-11-27
+
+
+Executive Summary: Important Things to Note for this Release
+------------------------------------------------------------
+
+Important news for this current release
+---------------------------------------
+This is a patch release with the primary intent of updating some dependencies, some with known vulnerabilities. Main update are:
+        -- AntiSamy, from 1.5.11 to 1.6.2.
+        -- As a result of the AntiSamy upgrade, the transitive dependency xercesImpl was updated from 2.12.0 to 2.12.1 which should address CVE-2020-14338.
+        -- Apache batik-css, updated from 1.13 to 1.14.
+        
+Details follow.
+
+    * IMPORTANT: Effects of updating to AntiSamy 1.6.2
+        - AntiSamy 1.6.2 which we are now using, is not doing XML schema validation of AntiSamy policy files. It is IMPORTANT that you read through
+                https://github.com/nahsra/antisamy#note-schema-validation-behavior-change-starting-with-antisamy-160
+          to know how that affects you as an ESAPI user. In particular, changes important to ESAPI users include:
+                o AntiSamy now includes the dependency 'slf4j-simple'. This means if you are using an SLF4J library *other* than that, you should add
+                        <exclusion>
+                            <groupId>org.slf4j</groupId>
+                            <artifactId>slf4j-simple</artifactId>
+                        </exclusion>
+                  in your dependency for ESAPI in your application's pom.xml. (You Gradle, Ivy, etc. other build tool users will have to figure out how to do this yourself.)
+                  This is especially important if you are using SLF4J logging in ESAPI with some other SLF4J logger such as slf4j-log4j2, etc. If you don't do that, your logging may not come out as expected. See <https://github.com/nahsra/antisamy#note-schema-validation-behavior-change-starting-with-antisamy-160>, under its section discussing Logging for more details.
+        
+                o Previously, ESAPI shipped with a default AntiSamy policy file called 'antisamy-esapi.xml'. For 10 plus years, unbeknownst to anyone, that file contained an unused '<html-entities>' node that not only did ESAPI not directly used, but was also completely ignored by AntiSamy! However, starting with AntiSamy 1.6.0, AntiSamy does XML schema validation by default, so that causes any non-compliant AntiSamy policy file to be rejected. This may result in some rather obtuse error messages and you may want to set the AntiSamy system property 'owasp.validator.validateschema' to "false" temporarily until you have time to correct your AntiSamy policy file(s).
+
+    Old News
+    --------
+    * For those of you using a Software Configuration Analysis (SCA) services such as Snyk, BlackDuck, Veracode's SourceClear, OWASP Dependency Check, etc., you will get a notice for CVE-2020-9488 (related to log4j 1.2.17) and you might get a notice that there is still a vulnerability in xerces:xercesImpl:2.12.1 that ESAPI uses (as a transitive dependency of AntiSamy) that is identical or similar to CVE-2020-14338. (A certain SCA service, which I won't mention, referred to CVE-2020-14621, but it's certainly not obvious from the description that this has anything to do with Xerces. But, on the hand, this is for Oracle products, and they are more obtuse than most when it comes to their vulnerability descriptions.) Unfortunately there is no official patch for the former CVE-2020-9488, as log4j 1.x is now well past its end-of-life. And for the latter CVE(s), it (they?) supposedly is (are?) fixed in the 2.12.1 release, but based on the CPEs in NVD for CVE-2020-14621, it's not clear if all SCA services would detect that.
+      Further details of these vulnerabilities and there potential impact on ESAPI are analyzed in ESAPI Security Advisories #2, #3 and #3, which are viewable here
+            https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin2.pdf -- The Log4j 1.x CVE
+            https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin3.pdf -- The XercesImpl CVE
+                https://pastebin.com/Pm6AbcF7 (A somewhat more in-depth analysis that late to security bulletin #3.)
+            *NEW* -- https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin3.pdf -- Another Log4j 1.x CVE
+      and associated with this release on GitHub. Manual workarounds possible for each. See the security bulletin for further details.
+
+=================================================================================================================
+
+Basic ESAPI facts
+-----------------
+
+ESAPI 2.2.2.0 release:
+     212 Java source files
+    4313 JUnit tests in 135 Java source files
+
+ESAPI 2.2.3.0 release:
+     212 Java source files
+    4316 JUnit tests in 136 Java source files
+
+12 GitHub Issues closed in this release, including those we've decided not to fix (marked '(wontfix)').
+(Reference: https://github.com/ESAPI/esapi-java-legacy/issues?q=is%3Aissue+state%3Aclosed+updated%3A%3E%3D2020-11-27)
+
+Issue #         GitHub Issue Title
+----------------------------------------------------------------------------------------------
+408             Update Travis CI configuration
+517             Encoded input is not treated as an attack
+586             Upgrade pom.xml to use AntiSamy 1.5.12 Vulnerable Dependencies
+588             Possible bug in StringValidationRule.getValid with canonicalize
+592             Not able to turn off Java.util.Logging for ESAPI
+593             Logger.LogLevel in ESAPI.properties not working if set to ERROR/FATAL
+594             Not able to turn off ESAPI logging
+599             encodeForCSS changes '#' character after upgrading from 2.0.1 to 2.2.1.1
+602             Update failing ValidatorTest in 'Java CI with Maven' GitHub workflow
+606             Vulnerability in transitive dependency of esapi
+609             Change log4j dependency scope to provided Build-Maven Component-Docs Component-Logger Configuration
+614             Potentlial XXE Injection vulnerability in loading XML version of ESAPI properties file 
+
+-----------------------------------------------------------------------------
+
+        Changes Requiring Special Attention
+
+-----------------------------------------------------------------------------
+
+Search for 'IMPORTANT: Effects of updating to AntiSamy 1.6.2' and read that section. The details are all covered there.
+
+
+Old News -- Important Logging Changes
+-------------------------------------
+[If you have already successfully been using ESAPI 2.2.1.0 or later, you probably can skip this section, which discusses important logging changes.]
+
+Since ESAPI 2.2.1.0, the new default ESAPI logger is JUL (java.util.logging packages) and we have deprecated the use of Log4J 1.x because we now support SLF4J and Log4J 1.x is way past its end-of-life. We did not want to make SLF4J the default logger (at least not yet) as we did not want to have the default ESAPI use require additional dependencies. However, SLF4J is likely to be the future choice, at least once we start on ESAPI 3.0. A special shout-out to Jeremiah Stacey for making this possible by re-factoring much of the ESAPI logger code. Note, the straw that broke the proverbial camel's back was the announcement of CVE-2019-17571 (rated Critical), for which there is no fix available and likely will never be.
+
+However, if you try to juse the new ESAPI 2.2.1.0 or later logging you will notice that you need to change ESAPI.Logger and also possibly provide some other properties as well to get the logging behavior that you desire.
+
+To use ESAPI logging in ESAPI 2.2.1.0 (and later), you will need to set the ESAPI.Logger property to
+
+    org.owasp.esapi.logging.java.JavaLogFactory     - To use the new default, java.util.logging (JUL)
+    org.owasp.esapi.logging.log4j.Log4JLogFactory   - To use the end-of-life Log4J 1.x logger
+    org.owasp.esapi.logging.slf4j.Slf4JLogFactory   - To use the new (to release 2.2.0.0) SLF4J logger
+
+In addition, if you wish to use JUL for logging, you *MUST* supply an "esapi-java-logging.properties" file in your classpath. This file is included in the 'esapi-2.2.2.0-configuration.jar' file provided under the 'Assets' section of the GitHub Release at
+    https://github.com/ESAPI/esapi-java-legacy/releases/esapi-2.2.2.0
+
+Unfortunately, there was a logic error in the static initializer of JavaLogFactory (now fixed in this release) that caused a NullPointerException to be thrown so that the message about the missing "esapi-java-logging.properties" file was never seen.
+
+If you are using JavaLogFactory, you will also want to ensure that you have the following ESAPI logging properties set:
+    # Set the application name if these logs are combined with other applications
+    Logger.ApplicationName=ExampleApplication
+    # If you use an HTML log viewer that does not properly HTML escape log data, you can set LogEncodingRequired to true
+    Logger.LogEncodingRequired=false
+    # Determines whether ESAPI should log the application name. This might be clutter in some single-server/single-app environments.
+    Logger.LogApplicationName=true
+    # Determines whether ESAPI should log the server IP and port. This might be clutter in some single-server environments.
+    Logger.LogServerIP=true
+    # LogFileName, the name of the logging file. Provide a full directory path (e.g., C:\ESAPI\ESAPI_logging_file) if you
+    # want to place it in a specific directory.
+    Logger.LogFileName=ESAPI_logging_file
+    # MaxLogFileSize, the max size (in bytes) of a single log file before it cuts over to a new one (default is 10,000,000)
+    Logger.MaxLogFileSize=10000000
+    # Determines whether ESAPI should log the user info.
+    Logger.UserInfo=true
+    # Determines whether ESAPI should log the session id and client IP.
+    Logger.ClientInfo=true
+
+See GitHub issue #560 for additional details.
+
+
+Related to that aforemented Log4J 1.x CVE and how it affects ESAPI, be sure to read
+   https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin2.pdf 
+which describes CVE-2019-17571, a deserialization vulnerability in Log4J 1.2.17. ESAPI is *NOT* affected by this (even if you chose to use Log4J 1 as you default ESAPI logger). This security bulletin describes why this CVE is not exploitable as used by ESAPI.
+
+
+Finally, while ESAPI still supports JDK 7 (even though that too is way past end-of-life), the next ESAPI release will move to JDK 8 as the minimal baseline. (We already use Java 8 for development but still to Java 7 source and runtime compatibility.) We need to do this out of necessity because some of our dependencies are no longer doing updates that support Java 7.
+
+-----------------------------------------------------------------------------
+
+        Remaining Known Issues / Problems
+
+-----------------------------------------------------------------------------
+
+New News
+--------
+See UPDATE, below, in next sub-section under Old News.
+
+
+Old News - Failing JUnit tests
+------------------------------
+    If you use Java 7 (the minimal Java baseline supported by ESAPI) and try to run 'mvn test' there is one test that fails. This test passes with Java 8. The failing test is:
+
+        [ERROR] Tests run: 5, Failures: 1, Errors: 0, Skipped: 0, Time elapsed: 0.203 s
+        <<< FAILURE! - in org.owasp.esapi.crypto.SecurityProviderLoaderTest
+        [ERROR] org.owasp.esapi.crypto.SecurityProviderLoaderTest.testWithBouncyCastle
+        Time elapsed: 0.116 s <<< FAILURE!
+        java.lang.AssertionError: Encryption w/ Bouncy Castle failed with
+        EncryptionException for preferred cipher transformation; exception was:
+        org.owasp.esapi.errors.EncryptionException: Encryption failure (unavailable
+        cipher requested)
+        at
+        org.owasp.esapi.crypto.SecurityProviderLoaderTest.testWithBouncyCastle(Security
+        ProviderLoaderTest.java:133)
+
+    I will spare you all the details and tell you that this has to do with Java 7 not being able to correctly parse the signed Bouncy Castle JCE provider jar. More details are available at:
+        https://www.bouncycastle.org/latest_releases.html
+    and
+        https://github.com/bcgit/bc-java/issues/477
+    I am sure that there are ways of making Bouncy Castle work with Java 7, but since ESAPI does not rely on Bouncy Castle (it can use any compliant JCE provider), this should not be a problem. (It works fine with the default SunJCE provider.) If it is important to get the BC provider working with the ESAPI Encryptor and Java 7, then open a GitHub issue and we will take a deeper look at it and see if we can suggest something.
+
+
+
+    Another problem is if you run 'mvn test' from the 'cmd' prompt (and possibly PowerShell as well), you will get intermittent failures (generally between 10-25% of the time) at arbitrary spots. If you run it again without any changes it will work fine without any failures. We have discovered that it doesn't seem to fail if you run the tests from an IDE like Eclipse or if you redirect both stdout and stderr to a file; e.g.,
+
+        C:\code\esapi-java-legacy> mvn test >testoutput.txt 2>&1
+
+    UPDATE: We now believe these at least some of these failures may be because the maven-surefire-plugin is, by default, not creating a new JVM process for each test class. We are looking into this. For now, we have only have observed this behavior on Windows 10. If you see this error, please do NOT report it as a GitHub issue unless you know a fix for it. (And yes, we are aware of '<reuseForks>false</reuseForks>' in the pom for the maven-surefire-plugin, but that causes other tests to fail that we haven't had time to fix.) See GitHub issue #604 (https://github.com/ESAPI/esapi-java-legacy/issues/604) for additional details.
+
+
+-----------------------------------------------------------------------------
+
+        Other changes in this release, most of which were not tracked via GitHub issues
+
+-----------------------------------------------------------------------------
+
+* Added GitHub CI workflow to run 'mvn package' to test if PRs pass tests.
+* Added GitHub workflow for "Super Linter".
+* Minor updates to README.md file (still trying to get 'Build Status' badge to work)
+* Updated deployment process documentation for ESAPI release steps.
+* Updated Security Advisory #3 with new links.
+* Created Security Advisory #4.
+* Updated ESAPI.properties file to reflect new OWASP wiki page.
+* Miscellaneous pom.xml changes related to plugins.
+* Updates to CONTRIBUTING-TO-ESAPI.txt to add paragraph on GitHub deprecating passwords for git operations.
+* Remove invalid <html-entities> node from antisamy-esapi.xml AntiSamy policy file used by ESAPI.
+* Add prominent warnings in log4j.xml about ESAPI's use of Log4J 1.x being deprecated.
+
+-----------------------------------------------------------------------------
+
+Closed PRs Activity Report (Changes between release 2.2.2.0 and 2.2.3.0, i.e., between 2020-11-27 and 2021-03-23)
+
+    See     https://github.com/ESAPI/esapi-java-legacy/pulls?q=type%3Apr+state%3Aclosed+closed%3A%3E2020-11-27+updated%3A%3C2021-03-24
+
+-----------------------------------------------------------------------------
+
+CHANGELOG:      Create your own. May I suggest:
+
+        git log --stat --since=2020-11-27 --until=2021-03-23 --reverse --pretty=medium
+
+    which will show all the commits since just after the previous (2.2.2.0) and until the current (2.2.3.0) release.
+
+-----------------------------------------------------------------------------
+
+Direct and Transitive Runtime and Test Dependencies:
+
+        $ mvn -B dependency:tree
+        [INFO] Scanning for projects...
+        [INFO] 
+        [INFO] -----------------------< org.owasp.esapi:esapi >------------------------
+        [INFO] Building ESAPI 2.2.3.0-SNAPSHOT
+        [INFO] --------------------------------[ jar ]---------------------------------
+        [INFO] 
+        [INFO] --- maven-dependency-plugin:3.1.2:tree (default-cli) @ esapi ---
+        [INFO] org.owasp.esapi:esapi:jar:2.2.3.0-SNAPSHOT
+        [INFO] +- javax.servlet:javax.servlet-api:jar:3.0.1:provided
+        [INFO] +- javax.servlet.jsp:javax.servlet.jsp-api:jar:2.3.3:provided
+        [INFO] +- com.io7m.xom:xom:jar:1.2.10:compile
+        [INFO] +- commons-beanutils:commons-beanutils:jar:1.9.4:compile
+        [INFO] |  +- commons-logging:commons-logging:jar:1.2:compile
+        [INFO] |  \- commons-collections:commons-collections:jar:3.2.2:compile
+        [INFO] +- commons-configuration:commons-configuration:jar:1.10:compile
+        [INFO] +- commons-lang:commons-lang:jar:2.6:compile
+        [INFO] +- commons-fileupload:commons-fileupload:jar:1.3.3:compile
+        [INFO] +- log4j:log4j:jar:1.2.17:compile
+        [INFO] +- org.apache.commons:commons-collections4:jar:4.2:compile
+        [INFO] +- org.apache-extras.beanshell:bsh:jar:2.0b6:compile
+        [INFO] +- org.owasp.antisamy:antisamy:jar:1.6.2:compile
+        [INFO] |  +- commons-codec:commons-codec:jar:1.15:compile
+        [INFO] |  +- net.sourceforge.nekohtml:nekohtml:jar:1.9.22:compile
+        [INFO] |  +- org.apache.httpcomponents:httpclient:jar:4.5.13:compile
+        [INFO] |  +- org.apache.httpcomponents:httpcore:jar:4.4.14:compile
+        [INFO] |  +- org.slf4j:slf4j-simple:jar:1.7.30:compile
+        [INFO] |  +- xerces:xercesImpl:jar:2.12.1:compile
+        [INFO] |  \- xml-apis:xml-apis-ext:jar:1.3.04:compile
+        [INFO] +- org.slf4j:slf4j-api:jar:1.7.30:compile
+        [INFO] +- commons-io:commons-io:jar:2.6:compile
+        [INFO] +- org.apache.xmlgraphics:batik-css:jar:1.14:compile
+        [INFO] |  +- org.apache.xmlgraphics:batik-shared-resources:jar:1.14:compile
+        [INFO] |  +- org.apache.xmlgraphics:batik-util:jar:1.14:compile
+        [INFO] |  |  +- org.apache.xmlgraphics:batik-constants:jar:1.14:compile
+        [INFO] |  |  \- org.apache.xmlgraphics:batik-i18n:jar:1.14:compile
+        [INFO] |  \- org.apache.xmlgraphics:xmlgraphics-commons:jar:2.6:compile
+        [INFO] +- xalan:xalan:jar:2.7.2:compile
+        [INFO] |  \- xalan:serializer:jar:2.7.2:compile
+        [INFO] +- xml-apis:xml-apis:jar:1.4.01:compile
+        [INFO] +- com.github.spotbugs:spotbugs-annotations:jar:4.2.0:compile (optional) 
+        [INFO] |  \- com.google.code.findbugs:jsr305:jar:3.0.2:compile (optional) 
+        [INFO] +- net.jcip:jcip-annotations:jar:1.0:compile (optional) 
+        [INFO] +- junit:junit:jar:4.13.1:test
+        [INFO] |  \- org.hamcrest:hamcrest-core:jar:1.3:test
+        [INFO] +- org.bouncycastle:bcprov-jdk15on:jar:1.68:test
+        [INFO] +- org.powermock:powermock-api-mockito2:jar:2.0.7:test
+        [INFO] |  \- org.powermock:powermock-api-support:jar:2.0.7:test
+        [INFO] |     \- org.powermock:powermock-core:jar:2.0.7:test
+        [INFO] +- org.javassist:javassist:jar:3.25.0-GA:test
+        [INFO] +- org.mockito:mockito-core:jar:2.28.2:test
+        [INFO] |  +- net.bytebuddy:byte-buddy:jar:1.9.10:test
+        [INFO] |  +- net.bytebuddy:byte-buddy-agent:jar:1.9.10:test
+        [INFO] |  \- org.objenesis:objenesis:jar:2.6:test
+        [INFO] +- org.powermock:powermock-module-junit4:jar:2.0.7:test
+        [INFO] |  \- org.powermock:powermock-module-junit4-common:jar:2.0.7:test
+        [INFO] +- org.powermock:powermock-reflect:jar:2.0.7:test
+        [INFO] +- org.openjdk.jmh:jmh-core:jar:1.23:test
+        [INFO] |  +- net.sf.jopt-simple:jopt-simple:jar:4.6:test
+        [INFO] |  \- org.apache.commons:commons-math3:jar:3.2:test
+        [INFO] \- org.openjdk.jmh:jmh-generator-annprocess:jar:1.23:test
+        [INFO] ------------------------------------------------------------------------
+        [INFO] BUILD SUCCESS
+        [INFO] ------------------------------------------------------------------------
+        [INFO] Total time:  0.906 s
+        [INFO] Finished at: 2021-03-21T22:03:50-04:00
+[INFO] ------------------------------------------------------------------------
+
+-----------------------------------------------------------------------------
+
+Acknowledgments:
+    Another hat tip to Dave Wichers for promptly releasing AntiSamy 1.6.2. A special shout-out to @simon0117 for adding the Maven and Super-Linter GitHub Actions (PR #583)
+    And lastly, thanks to Matt Seil, Jeremiah Stacey, and all the ESAPI users who make this worthwhile. This is for you.
+
+A special thanks to the ESAPI community from the ESAPI project co-leaders:
+    Kevin W. Wall (kwwall) <== The irresponsible party for these release notes!
+    Matt Seil (xeno6696)

From fe7b01bb2bfa99b93297dd38ec0650db57718393 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Tue, 23 Mar 2021 21:59:46 -0400
Subject: [PATCH 750/812] Add prominent warning about ESAPI log4j logging being
 deprecated.

---
 configuration/log4j.xml      | 15 +++++++++++++++
 src/test/resources/log4j.xml | 15 +++++++++++++++
 2 files changed, 30 insertions(+)

diff --git a/configuration/log4j.xml b/configuration/log4j.xml
index 15aca9b40..47c064004 100644
--- a/configuration/log4j.xml
+++ b/configuration/log4j.xml
@@ -1,5 +1,20 @@
 <?xml version="1.0" encoding="UTF-8" ?>
 <!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
+<!--
+        #     #    #    ######  #     #   ###   #     #  #####
+        #  #  #   # #   #     # ##    #    #    ##    # #     #
+        #  #  #  #   #  #     # # #   #    #    # #   # #
+        #  #  # #     # ######  #  #  #    #    #  #  # #  ####
+        #  #  # ####### #   #   #   # #    #    #   # # #     #
+        #  #  # #     # #    #  #    ##    #    #    ## #     #
+         ## ##  #     # #     # #     #   ###   #     #  #####
+
+        WARNING:    Log4j 1.x has been deprecated in ESAPI since 2020-07-23 in
+                    release 2.2.1.0.  It will be removed in a future release.
+                    The new default for ESAPI logging is JUL.  Either switch
+                    to JUL or SLF4J (which can support log4j 2). See the latest
+                    release notes for further details.
+  -->
 <!-- main resources -->
 <log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/">
   <appender name="console" class="org.apache.log4j.ConsoleAppender"> 
diff --git a/src/test/resources/log4j.xml b/src/test/resources/log4j.xml
index 70351b47d..9b06c2a23 100644
--- a/src/test/resources/log4j.xml
+++ b/src/test/resources/log4j.xml
@@ -1,5 +1,20 @@
 <?xml version="1.0" encoding="UTF-8" ?>
 <!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
+<!--
+        #     #    #    ######  #     #   ###   #     #  #####
+        #  #  #   # #   #     # ##    #    #    ##    # #     #
+        #  #  #  #   #  #     # # #   #    #    # #   # #
+        #  #  # #     # ######  #  #  #    #    #  #  # #  ####
+        #  #  # ####### #   #   #   # #    #    #   # # #     #
+        #  #  # #     # #    #  #    ##    #    #    ## #     #
+         ## ##  #     # #     # #     #   ###   #     #  #####
+
+        WARNING:    Log4j 1.x has been deprecated in ESAPI since 2020-07-23 in
+                    release 2.2.1.0.  It will be removed in a future release.
+                    The new default for ESAPI logging is JUL.  Either switch
+                    to JUL or SLF4J (which can support log4j 2). See the latest
+                    release notes for further details.
+  -->
 <!-- main resources -->
 <log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/">
 

From e275bd7df917ae022e5e249eca855255afc3b238 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Tue, 23 Mar 2021 22:03:15 -0400
Subject: [PATCH 751/812] Removed TESTING reminder comments which
 @jeremiahjstacey already attended to in JUnit tests.

---
 .../validation/HTMLValidationRule.java        | 21 -------------------
 1 file changed, 21 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/validation/HTMLValidationRule.java b/src/main/java/org/owasp/esapi/reference/validation/HTMLValidationRule.java
index d382d177d..7a7e401d1 100644
--- a/src/main/java/org/owasp/esapi/reference/validation/HTMLValidationRule.java
+++ b/src/main/java/org/owasp/esapi/reference/validation/HTMLValidationRule.java
@@ -54,9 +54,6 @@ public class HTMLValidationRule extends StringValidationRule {
 	private static final Logger LOGGER = ESAPI.getLogger( "HTMLValidationRule" );
 	private static final String ANTISAMYPOLICY_FILENAME = "antisamy-esapi.xml";
 
-	//TESTING -- Mock Classloaders, verify that the classloader is called as desired with the searchpath and filename concat
-	// Verify that when no match is found, null is returned
-	// Verify that when match is found, remaining classloaders are not invoked and expected InputStream is returned.
 	/*package */ static InputStream getResourceStreamFromClassLoader(String contextDescription, ClassLoader classLoader, String fileName, List<String> searchPaths) {
 	    InputStream result = null;
 	    
@@ -73,9 +70,6 @@ public class HTMLValidationRule extends StringValidationRule {
 	    return result;
 	}
 	
-	//TESTING
-	// Harder to test... Use Junit to place files in each of the DefaultSearchPathLocations and verify that the file can be found.
-	// Not sure how to test that the classpaths are iterated.
 	/*package */ static InputStream getResourceStreamFromClasspath(String fileName) {
 	    LOGGER.info(Logger.EVENT_FAILURE, "Loading " + fileName + " from classpaths");
 		
@@ -97,12 +91,6 @@ public class HTMLValidationRule extends StringValidationRule {
 		return resourceStream;
 	}
 	
-	//TESTING
-	// Mock SecurityConfiguration - Return file check (true) - return resourceStream - expect Policy object
-	// Mock SecurityConfiguration - Return file check (false)  - use junit to place file in any of the DefaultSearchPathLocations - verify Policy Object
-	// Mock SecurityConfiguration - return file check (true) - throw IOException on resource stream - Verify IOException
-	// Mock SecurityConfiguration - return file Check (true) - use Junit to place a BAD FILE - verify PolicyException
-	//  HOW TO TEST NULL RETURN.....
 	/*package */ static Policy loadAntisamyPolicy(String antisamyPolicyFilename) throws IOException, PolicyException {
 	    InputStream resourceStream = null;
 	    SecurityConfiguration secCfg = ESAPI.securityConfiguration();
@@ -115,9 +103,6 @@ public class HTMLValidationRule extends StringValidationRule {
         return resourceStream == null ? null : Policy.getInstance(resourceStream);
 	}
 
-	//TESTING
-	// Mock SecurityConfiguration - return a valid string on property request - verify String is returned from call
-	// Mock SecurityConfiguration -- throw ConfigurationException on property request -- Verify Default Filename is returned from call
 	/*package */ static String resolveAntisamyFilename() {
 	    String antisamyPolicyFilename = ANTISAMYPOLICY_FILENAME;
         try {
@@ -133,10 +118,6 @@ public class HTMLValidationRule extends StringValidationRule {
         return antisamyPolicyFilename;
 	}
 	
-	//TESTING
-	// Mock SecurityConfiguration - return file check (true) - throw IOException on resource stream - Verify ConfigurationException from IOException
-    // Mock SecurityConfiguration - return file Check (true) - use Junit to place a BAD FILE - verify ConfigurationException from PolicyException
-	// Force NULL return from loadAntisamyPolicy call -- Verify ConfigurationException from null value
 	/*package */ static void configureInstance() {
 	    String antisamyPolicyFilename = resolveAntisamyFilename();
 
@@ -156,8 +137,6 @@ public class HTMLValidationRule extends StringValidationRule {
 
 	}
 	
-	//TESTING
-	// None.
 	static {		
 	    configureInstance();
 	}

From 67980b8739f9ff03329a96e32af9d8012e9290da Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Tue, 23 Mar 2021 22:41:06 -0400
Subject: [PATCH 752/812] General clean-up, fix links, and add IMPORTANT note.

---
 README.md | 29 +++++++++++++++++++----------
 1 file changed, 19 insertions(+), 10 deletions(-)

diff --git a/README.md b/README.md
index 3f7970602..5a2454ed7 100644
--- a/README.md
+++ b/README.md
@@ -14,8 +14,12 @@ OWASP® ESAPI (The OWASP Enterprise Security API) is a free, open source, web ap
 </tr>
 </table>
 
+# Where is the OWASP ESAPI wiki page?
+You can find the OWASP ESAPI wiki pages at [https://owasp.org/www-project-enterprise-security-api/](https://owasp.org/www-project-enterprise-security-api/). The ESAPI legacy GitHub repo also has a few useful wiki pages.
+
 # What does Legacy mean?
 <p>This is the legacy branch of ESAPI which means it is an actively maintained branch of the project, however significan *new* feature development for this branch will *not* be done. Features that have already been scheduled for the 2.x branch will move forward.
+You will find that GitHub repository at [https://github.com/ESAPI/esapi-java-legacy](https://github.com/ESAPI/esapi-java-legacy).
 
 <b>IMPORTANT NOTES:</b>
 The default branch for ESAPI legacy is now the 'develop' branch (rather than the 'master' branch), where future development, bug fixes, etc. will now be done. The 'master' branch is now marked as "protected"; it reflects the latest stable ESAPI release (2.1.0.1 as of this date). Note that this change of making the 'develop' branch the default may affect any pull requests that you were intending to make.
@@ -23,14 +27,19 @@ The default branch for ESAPI legacy is now the 'develop' branch (rather than the
 Also, the <i>minimal</i> baseline Java version to use ESAPI is Java 7. (This was changed from Java 6 during the 2.2.0.0 release.)
 
 # Where can I find ESAPI 3.x?
-https://github.com/ESAPI/esapi-java
+[https://github.com/ESAPI/esapi-java](https://github.com/ESAPI/esapi-java)
 
 Note however that work on ESAPI 3 has not yet become in earnest and is only in its earliest planning stages. Even the code that is presently there will likely change.
 
+# ESAPI release notes
+The ESAPI release notes may be found in ESAPI's "documentation" directory. They are generally named "esapi4java-core-*2.#.#.#*-release-notes.txt", where "*2.#.#.#*" refers to the ESAPI release number (which uses semantic versioning).
+## IMPORTANT
+Starting with ESAPI 2.2.3.0, ESAPI is using a version of AntiSamy that by default includes 'slf4j-simple' and does XML schema validation on the AntiSamy policy files. Please **READ** the release notes for the 2.2.3.0 release (at least the beginning portion) for some important notes that likely will affect your use of ESAPI! You have been warned!!!
+
 # Locating ESAPI Jar files
-The [latest ESAPI release](https://github.com/ESAPI/esapi-java-legacy/releases/latest) is 2.2.1.0. The default configuration jar and its GPG signature can be found at [esapi-2.2.1.0-configuration.jar](https://github.com/ESAPI/esapi-java-legacy/releases/download/esapi-2.2.1.0/esapi-2.2.1.0-configuration.jar) and [esapi-2.2.1.0-configuration.jar.asc](https://github.com/ESAPI/esapi-java-legacy/releases/download/esapi-2.2.1.0/esapi-2.2.1.0-configuration.jar.asc) respectively.
+The [latest ESAPI release](https://github.com/ESAPI/esapi-java-legacy/releases/latest) is 2.2.3.0. The default configuration jar and its GPG signature can be found at [esapi-2.2.3.0-configuration.jar](https://github.com/ESAPI/esapi-java-legacy/releases/download/esapi-2.2.3.0/esapi-2.2.3.0-configuration.jar) and [esapi-2.2.3.0-configuration.jar.asc](https://github.com/ESAPI/esapi-java-legacy/releases/download/esapi-2.2.3.0/esapi-2.2.3.0-configuration.jar.asc) respectively.
 
-The latest regular ESAPI jars can are available from Maven Central.
+The latest *regular* ESAPI jars can are available from Maven Central.
 
 However, before you start a *new* project using ESAPI, but sure to read "[Should I use ESAPI?](https://owasp.org/www-project-enterprise-security-api/#div-shouldiuseesapi)".
 
@@ -42,7 +51,7 @@ Note that this policy does not apply to classes under the **org.owasp.esapi.refe
 ## How can I contribute or help with fix bugs?
 Fork and submit a pull request! Simple as pi! We generally only accept bug fixes, not new features because as a legacy project, we don't intend on adding new features, although we may make exceptions. If you wish to propose a new feature, the best place to discuss it is via the ESAPI-DEV mailing list mentioned below. Note that we vet all pull requests, including coding style of any contributions; use the same coding style found in the files you are already editing.
 
-If you are new to ESAPI, a good place to start is to look for GitHub issues labled as 'good first issue'. (E.g., to find all open issues with that label, use https://github.com/ESAPI/esapi-java-legacy/issues?q=is%3Aissue+is%3Aopen+label%3A%22good+first+issue%22.)
+If you are new to ESAPI, a good place to start is to look for GitHub issues labled as 'good first issue'. (E.g., to find all open issues with that label, use [https://github.com/ESAPI/esapi-java-legacy/issues?q=is%3Aissue+is%3Aopen+label%3A%22good+first+issue%22](https://github.com/ESAPI/esapi-java-legacy/issues?q=is%3Aissue+is%3Aopen+label%3A%22good+first+issue%22).)
 
 You can find additional details in the file '[CONTRIBUTING-TO-ESAPI.txt](https://raw.githubusercontent.com/ESAPI/esapi-java-legacy/develop/CONTRIBUTING-TO-ESAPI.txt)'.
 
@@ -52,10 +61,10 @@ In mid-2014 ESAPI Migrated all code to GitHub. This migration was completed in N
 ### What about the issues still located on Google Code?
 All issues from Google Code have been migrated to GitHub issues. We have a JIRA/Confluence instance allocated to us, but it has not be configured to synchronize with the GitHub issues, and thus is should not be used. JIRA is fine, but if we can't have it synchronized with GitHub issues (which is where the majority of our users report issues), it is not usuable. As developers, we do not want to spent time having to close issues from multiple bug-tracking sites. Therefore, until this synchronization happens (see GitHub issue #371), please ONLY use GitHub for reporting bugs.
 
-When reporting an issue, please be clear and try to ensure that the ESAPI development team has sufficient information to be able to reproduce your results. If you have not already done so, this might be a good time to read Eric S. Raymond's classic "How to Ask Questions the Smart Way", at http://www.catb.org/esr/faqs/smart-questions.html before posting your issue.
+When reporting an issue, please be clear and try to ensure that the ESAPI development team has sufficient information to be able to reproduce your results. If you have not already done so, this might be a good time to read Eric S. Raymond's classic "How to Ask Questions the Smart Way", at [http://www.catb.org/esr/faqs/smart-questions.html](http://www.catb.org/esr/faqs/smart-questions.html) before posting your issue.
 
 ### Find an Issue?
-If you have found a bug, then create an issue on the esapi-legacy-java repo: https://github.com/ESAPI/esapi-java-legacy/issues
+If you have found a bug, then create an issue on the esapi-legacy-java repo: [https://github.com/ESAPI/esapi-java-legacy/issues](https://github.com/ESAPI/esapi-java-legacy/issues)
 
 NOTE: Please do NOT use GitHub issues to ask questions about ESAPI. If you wish to do this, post to either of the 2 mailing lists (now on Google Groups) found at the bottom of this page. If we find questions as GitHub issues, we simply will close them and direct you to do this anyhow.
 
@@ -75,10 +84,10 @@ More detail is available in the file '[SECURITY.md](https://raw.githubuserconten
 
 *Documentation:* https://owasp-esapi.atlassian.net/wiki/display/ESAPILEG/ESAPI+Legacy (Coming Soon), for now find general documentation under the 'documentation/' directory, and the latest Javadoc under https://www.javadoc.io/doc/org.owasp.esapi/esapi/
 
-*Realtime Support available on our IRC Channel:*<br/>
+*Realtime Support available on our IRC Channel (but if you want to do so, and want the ESAPI dev team to participate, email us a heads up first as to the date/time):*<br/>
 Server: irc.freenode.net<br/>
 Channel: #esapi<br/>
-Webchat http://webchat.freenode.net/
+Webchat: [https://webchat.freenode.net/](https://webchat.freenode.net/)
 
 *Mailing lists:*
 As of 2019-03-25, ESAPI's 2 mailing lists were officially moved OFF of their Mailman mailing lists to a new home on Google Groups.
@@ -87,9 +96,9 @@ The names of the 2 Google Groups are "[esapi-project-users](mailto:esapi-project
 
 Old archives for the old Mailman mailing lists for ESAPI-Users and ESAPI-Dev are still available at https://lists.owasp.org/pipermail/esapi-users/ and https://lists.owasp.org/pipermail/esapi-dev/ respectively.
 
-For a general overview of Google Groups and its web interface, see https://groups.google.com/forum/#!overview
+For a general overview of Google Groups and its web interface, see [https://groups.google.com/forum/#!overview](https://groups.google.com/forum/#!overview)
 
-For assistance subscribing and unsubscribing to Google Groups, see https://webapps.stackexchange.com/questions/13508/how-can-i-subscribe-to-a-google-mailing-list-with-a-non-google-e-mail-address/15593#15593
+For assistance subscribing and unsubscribing to Google Groups, see [https://webapps.stackexchange.com/questions/13508/how-can-i-subscribe-to-a-google-mailing-list-with-a-non-google-e-mail-address/15593#15593](https://webapps.stackexchange.com/questions/13508/how-can-i-subscribe-to-a-google-mailing-list-with-a-non-google-e-mail-address/15593#15593).
 
 ----------
 OWASP is a registered trademark of the OWASP Foundation, Inc.

From e5f15361662b3b1db5a907d68409c60238d1cb8e Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Wed, 24 Mar 2021 10:45:17 -0400
Subject: [PATCH 753/812] Update ESAPI to next snapshot version.

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 4e7324eae..13a79fed6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,7 +3,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.owasp.esapi</groupId>
     <artifactId>esapi</artifactId>
-    <version>2.2.3.0</version>
+    <version>2.2.4.0-SNAPSHOT</version>
     <packaging>jar</packaging>
 
     <distributionManagement>

From 9ad015de8fcc139269c2795bbbdc0dadd02f944e Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Thu, 25 Mar 2021 23:19:40 -0400
Subject: [PATCH 754/812] Updates to release steps after 2.2.3.0 release.

---
 documentation/ESAPI-release-steps.odt | Bin 166671 -> 166122 bytes
 documentation/ESAPI-release-steps.pdf | Bin 0 -> 247591 bytes
 2 files changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 documentation/ESAPI-release-steps.pdf

diff --git a/documentation/ESAPI-release-steps.odt b/documentation/ESAPI-release-steps.odt
index 05b2881e27c269aebf9e0ea899fffa43e315bd9d..a3b8bf3f2da8fe578dde00f0bcc09f6a1b94e4be 100644
GIT binary patch
delta 49400
zcmagFb8O(jw>Dnew%e`kc5B<VZR=Cp#@4oNyWP6oc57^HW8eMWn|t%-_s8!&$z+}<
znM@{`Gm|rO&XbT1ca{W)q$CRtfdK*n0|KIq=cAH@B#ru?-Vt@gLyiRm<Ub83<17pe
zKZRWvEh&v0ikg;{ot8AIj~HN~66Ru-;A0l~&L<<lAuK4YAo^WHf>%mfPFh}7Rz*iu
zR$50zMoU9mO5IdW%S>L!Mo!;JOV7;E$Ux7;O2^W}R8!7OSJPDA*vdrD%~ajpLdV(4
zz{f(x+fvKNPT$JX+RDz=!O7mv#nZ*k+R4Gi!^O_a%gfp`%-cUWAQ14k4@&n73U>=l
zbq&k%3rh@$O7@A#@r*6>ODYR=(hsyZ3iGrM_VY^iw+RFS!-M>iL)?-=eN&?YvclbR
zquev2{fpwfD^mkP{#jUbcw|^uRBUuuNMuA*OjKx0OiXZiQfPEaSX@?2TvAkAPJCiq
zcw%;3Qfh2Uc0y(jkQg465)+afADtB!niU_J6rY%!7?F|`mysFwBQY!|B{m}?BRah}
zHm@-=w<xb5_eWt_T1iu4X;(%~Z%%n*ZbegWZBJ=tY+*)XQBF!xUUub=<jVZ)#{8J_
zg7o6T-0H&As^TBjmAS1&@eRc(jb%Aam3iIeDP2|BrKP1sKxt)JWoc<ebyZnWMR`R{
zWodOyO>s?gL0xBcU1M28TUk?AZ9{WSb7x&gZ&PhWLw!SALs?5>ZFgfyXG={_M@>sh
zOLJRiYiCbqTXRoWYfn#4cKu*(<7ipSKvnBtUB^I0&(D^gp@zQ6-oAmlf%*F3<<`NO
zzJY<(vDLms#=XJ19~14RgFP(+eLYjXO@jk{tHbr{BlRm2odW{{!()?U6Qg4jGZSOO
zQ<Ebppy24h!qVKz*5cIA`rPp9!qn#C$mY`Y($ezJ)s2Pq?X8W~&CSiJjiX<`_cr!V
zfBm^VTp8Y7ojLwBeg1o9e{*?%d*jc}^1<HL_2KH}@%F>nucM=*z2mc^KNqLR2j_o|
z&Mz*GF7J<Tp3iQd&hK9yt`6_6&fl)~Zmw^h?#`c{fT!E1*N4}Sm&d!em&dQKuUSsH
za1aniIB79qHLqWn{>Z6YW8Q{3?e4mo9)>CF7^S`%G%Au~E{GTV4lpmvG5O>}-97Bi
zPy+OW=&4&l@MlCh_-Ncb<x1Vj+h+#0qw6S=HEnyCn@f=Ey_3_#SWG(ar$%Mk_7g2N
zwmk7@0A1>mL|w|y)%>6Cw9)&0NP)k5zuzfP#1~PNbAfn(A_R`MXFB%nJX;EUNS$Ac
zy(Y=Ca!#&On5M-3|AH@v6z5;PFE;bXuQ&Gz^v^2QkL_%lgrAFRjQN)i{3ix4(~U<a
zQ8fV3w}`*<<+`)0hM&^icL{%W=dBg_f9tdyGrez@YFx%;)SQh{y&_)QQye@C@an!{
z_rLxbaXnZJqj`PbdHDtuDd^ewe@txqx=a~fcqzP{VTZyu4?WwRik#Ek=$$wJy#TJc
z8CLW1cs1?5OUyfbjt~lR7WP6Y9?xCVeZL1zR~7wV+4@sd^HR<hXV&r!!VPm(`j>48
z3H|r{72CgP>IB>H{V(T%hx`2A6SikN>)yG53s0R+!MEB~&99k&+sC9rSuU}$^Zh!*
zzVjJ|&yf6&Ea>)uwXdgQ!ROcc4~6rCO@W^4koF8uKQk*nV9jxB?(_MXMN&r+S`gTH
z+nB%HelqnV_UC(9s|6m9RwEJuzD)lf6chhFYi`dq7Q7i%Z13yqzCLf?f)se2X^S%C
z={c%z`}*^@tN78-1GrUf*YEm39%TB!`~&zPufMUiKYgx7=+xFf_pbUJ6Z=&^o=o=1
z)-rva<NM(~Ok8y<*yZ|s#CLxcy8&w%27hn0yRPSTi2pYGwk9Y9n2z^GJ5PTTC=J*j
z-2B<O8qw_8BJkc#+<)*bHHFywCLgGLoN0TA2e1=w9m69W|DOI9%zk$}zmpVr%<#Wk
zAnzCKJGvciC;s)h*Z-AK+rQ5HlGCnl(@RX#OwZO>x-tJDasJ3q+aIv=X9I}(KEqVV
zb@jH)HVg3IkHy`Ny$ag*zV&Jv_#NkA>+X0ruDm_r@4PZ@ypD}x8w&hAj;TFi@;_O*
zum7+<hi1~V>HX++t<_}w+QDY(cRJ-WgH!w*47<mkH~cydyYBJ6I?8}e==E!Syn7|?
zS@ro^S!2@k`&xXRJ~XNS0S|Cry`JPd`rmIIVe8iSI2Eq&u62EU+}G#vdA@$M_y2z0
zf7O&e+FVra{W|Mjf$j|mXdeD8<b5%XE$yA_e>Ta*)U(}nGZRy9U~{{(emlz4`sMM`
zNKRhg`)hv$p0r=Ne<sBIY_dH0TAVe&!VCIw{kre#i%*BRc(GsZvKK%{YJGCi1>K{z
zVV3qU{42``ZP@*C7PdOd6u;=(|3N2du=ABiaj@3*z3p-Fd{f{)-*MCPX*hq!_eAq_
zm93rN^C#Voy}!lyx2p~JXC~zt+xgRPx`rFKxtE@se0}dzZ86uvta+||Prmtf`gQ%@
zcL~$j*o;4(nD{q+{J(&sazoy=w`0KnYRmeAUVzXer$68K?P00Ep8pf`)Am|kuGPsH
z9nT^8)-yjg27B_uK-VP28S5Q~>(<xKdW`Y_`~5Ba+{@W^Y5UiRK?wbqeRf8-YxjBB
zCK^(|KTVBq1lC7{^Q6_)M&ok-sMpTrZV0)*w4=wgz2IMRyZ``jhI80R{<~{03II;$
zZN0jH-_Fi?zbp4kIUXYG&cl)2g+#06GjQhncby?&=WZ~;Zu9DM`O4RGN5$|>QvJLx
z{{!}>u$NEZXMd~X{8cxSf8<Wn<}=>4+^wl#9GkD_reJ{P9e8`Qu4LO)-Tae%rCsIP
zD+4i6ue<DCF_8b;pU;)9^*OJ*Oi<{u=seD|Y9s(}o@+kuE5w35m&f&Z!{Q!!?qe`(
z>G1v{>sXsLmlX3bCe`xafML(F9{~ZXAD_%Aw`Z@<Cf*z#5!DA&yelKQl@{J~_}8mu
zbk37E+CWm4F$Hh=1w`Nh8a=cSEsH3x=GH(Twtqwl@Ep&8`PkZFMzKXdeM>-I`X=xV
z5d{wf=h$1TWxENZ%hs02%403Iy-z{WeLgH6sUNjnSsP+_H(GZvKBQ5{<2T-Gn?ClM
z6LbBSj;Y7m){egWM2m*I@2vK{-FVby#a9C=XHJ3FA$CZ80c4V`cl?3zg)!GUMOyW-
z(_L^Uu*X$b^~jrc_`y*X;(=b9l(NRX={S<U&q@7#s)=gK_JySMPfAyzFLQ#Iu&7c-
zbOp#lNswOstwK6~2TDrp5=w%a<ZfX?+0FhsXnGjJ`CwtMTC{uvbMHWq+s<vk=h7FS
zjD&prJG%v>C#b@qy!DoD_9UG*A!*IIR2l^}Kt6{;0V_P39#;*|%4hovul4mR+XO4_
z5uSCm11|ZX=|y|zzQ>|rx1f;IuPM&Ie-E-&VBl--D~;2=HvzJrGT8ro`sEh&${IYs
z%E+$kWr~<9*uGrGLwnETHrH0I11%#qEGYs@$X`YnchQfcU<yZin-l^SqR0Y{Co5$F
z=t@n-=MO$(_mNyiWW&__Sdm~M8ro0+Wlb#BvVgfy&6tWqj7L<tb0%5j&oSQ1V`*FH
zPaxXiSi*uz;)gjdIPn}V?XKqYw6VETSEs8^tA5UE9GnPtn@QG-m0A6fzQ*C&rTnu&
zdnUtGyjM>&y{p#>y>klTJw1%Rj?U@?=yLIL@b`A`ID<P%L$BlRhle@VnBz)Yrw@qU
zr5aNEg1detHI>w=3i=(mIVtECO>ki9_+8?9Pp6;HJ>k)z4Xv9(9lPW#xdhVEaw>`a
znYqf^_}j|OiO5LKxIA*Tc<z>BE$d0`*6RL)yivSl+O%__aoeF;K0mXgDDwa%fWur6
zvZqgfrMfXFz|jovBsfX!)kJNaxQk$I=DRnyi3TnWLPKIogowcWOCIH>>gKa!9~q-O
z@V$X~4jlB(^PWB9r?q{S;vIYQr7>qM@isJG2bDI;U1}9*<`(#XLy{?qJ(zZ&p!@um
z49iTKyZu!*<xaDKp86m_$2jB;IIWN}|AY@@^mxevnS)9f>k-4^+QJ9vY)F5gG@Eso
zE;hAQ_gjkISr5EzMr{ia9LPo0qg>pC5A~iP<W7zntV?_+>w|&(qAB9=*`^gpAiw;4
zEDi7rou1Fx>S6HWB=C&v61BF#O<|nZmqAH`0_R~$_sTfAA09vPAD=V@YBk0n%Xe|a
z?RG<+apTRe(e=RR;g-r&-DaXg?ZL5ovc=;`CA;u<5kvPqI?BbdQ*b#apy$!QJC%!(
zS_GT0pj`1b$rbW1zenH(oWTginEIK3Ftf#oVnBLj7FY(L5){dBeq&zt=M)>}9|scx
zb&i!G5a1PJJK$TuiQj<)UXWd#y-m|Onre(Gwl+w$Wp?VT_>oC;<*fUrLKa!c$(?sI
zDSVsRHWo@T_FOBzR>`{fAQKq}Y!t#p+=JFe3Qe1pWMrQ$c^K0sK!X_OX_?_A3X5ux
z9cJ_5)Tw#$-vaEmZ;H@b=6!zK^4^HuB(RgO(63*voXh*sqLJ?bc@`bmTx4t#pK9Yp
zdtpxNd2Q2XAwTTq*AzKE-8YOs_jBVMcW<Tek&lD%xA?}YxfQs;jAZe~R2rAKnGIqG
z>WI&(0+!(VY71l=rY|>P9`^@a;<zZd?8xh0bTMR)Cq$2>q*vUCWUSnT2uC}WnV9a2
z`AsVQLC7jEhDAXDi;h$hDVp6cdWJ~zR7oYF{iv;VQkX)DG88VB>7vxwEqpBCbUi(3
zRM{?`A<NXjLjqaYAv%ai(mTS8kt21EYUxvG5+lE;L;$HGMVCjz?6bIK!bkA}XY%(T
z@(Mf%jF1#EnGBJyAO7xg2|8S+Q(Z@E^|x}%6>Xl56LvNLKVvk?k2AP4TDj8%*L#-P
z(#e2)76L~@p4>@wuw>;N6MiFJb(yy9h&NrsA(K_Z?lQE$Kr2LVgO$*A%^0j*>8rt7
z+k+=N<~PT5Rn5iKoP^RsU3=GKx@s)L*9XXK_+5Q%jftSibb&ki>eKK_11m-#p~g5W
zHPtv;(#{QVZb0H!ywp499->qKe)M=1$?#>9RmGrYY23I+r<fQKD57bYGucaNu1zIR
zSnE{fUo+d*w-}k3pSpoY8qePzo?s?e!?c6qxQ;K}!J#x4-&9PlCYYNDI*<sx^@Zv~
zGZ=SS+L2qcdpq1sO-+9l`jHgULO11y=9Fpt7H$tfROs#Gg0taTL@F}Z%un-!2$fKG
zBpko3BNpwr*>&D}EeaV?>FR)yEGWuK!#I0jIE6Z9P&1-TeonH?xC(9fdci7LUm7)K
z6PcsYKcHh!{{mqK0|{Z16h=dfyodn@Y1k)$%ru2%CaEQViq4hR)xOLn0@;aX_;RXP
zg}eg(fQ+NbRdntBYC<d8{5dACQ6L!)XGU3f5QqzgL2v=f1x}|-?L0&tx!ua%RT3Ie
z4~Yjm6Dt!ayoqk0O{waKZBgL{mACHzK0ulP6?>sSTS15|rfF~AhB!dD>gf2wWo8+h
z;MDo5Ej*d|4K6+2((|O2b(Lj^R}HUCV~GHm9t3w$pogON6qF!f++3$&l210^a#Z-k
z;a}H*0{3PR6z5zV<ro;P{i<Tu?=>0DtLS|3+ie5tkH#}~E?x;H$y`iHVKata83uaM
zmoE<EMono?CFu{mN6BMk61;~XwcvDIrAvPd`|}S(rM+8xp^hVMV*(M%!Qtdu5hY3>
zGAF{0N-!aj{mqdLom;4LH?+nFCgFlB(d;63!TOu!pq`A9w}#Tu5GK@y^%C`ymIE<k
zo&81c9sBGS_t0bU-vy?Y&idK-!i93&Ciw}<AZ}6uU1Sqg3_&whJ>(9OCXjl{%MY*c
z-}w7+YzBX%PveSjd;-#~wiXhgp~Yr^%U8OYZJ2I+KhfBmw)M)3!9}o}rWz7?8(jGn
ziV~1eh*~4;77+>JA5PuRk(#$GSJr<W*)S2=Zn;<{2mD~sqqx{-zm;Gpie+X7R`w2)
z2P-P~G_tkkZrSZ7#K}d*)#-A&k$e4iulF2^!~gLyxt=LQpIu|C;V-&kt<S3lh@pvC
z@xG%-RHW13=!~Qny3Jy)Y4D!-EYA~Z*Wj<we!tsV_Ni0JakP&e{rstf|Ir^%u)=}J
z)O7y#eRjJ$JFfm|hHG`dF^B03tMELQ%jRIVrvUP1h>S3qSZ6Jm;|_Eat9=4r_RNls
zx#blt??P+b=4gVzQaneDRN@jIcp)9pRx!zzoLPs;qoPLd5OeS_OErHZF?(yHjC|wj
z$R{oV4Qk>DFVIfhy<v=A{1@$xfQf$tEy(FEp(r4|=tqxTQ6bxD&$Se9%HQNrl}7i1
z>4XquZb5(=L;<Jn!i$NuV`Yq)2OC|t#@VdW7Tra?uSUp$s=+R>7eZkK#`hlr^5lgJ
zLDeKc`QJf0)m{2q6uZE}g>;!&SymfPp(QrJAUlOgN8#h#oHz@X-bclSzy)|<Dx%sO
zF7+<KzoY0z=Ti~{o|h}+-kn1b`#k#mhX2g!=qm}`ezh3?g*)(_pdzH??x)w`8Og_i
zczD4;3woZEh7yQt5=Maq5Jjyi;PAqg!!;Kg>r+JpbBZZJDfd&jt|KNHtY<BrrB{U8
z*PekHjh-+;5oKfpKG>0Qh+)&tG@UL-i4%^k40M)^lir^iATtzp*mic4^!C!Jq=^%j
z=Q9Yvk<-!%A<>^6!km^IrDVw0bdzl7@O_(ds0retB1l5n44=*b@EU>&=`>izL8MZ!
zu2EYP3d1M96@>#x_Do7aynlw4gG!!V>ANu1z)SdIy*F~Qy@T2R^1&`*u0v?8P&(?h
zyd$$QjRoLkOXF`CpKzxp(Ow_0E`~-B5v3W$A5o@edoNE2agbY)3HOM>X367T;9wnr
zoZgv(<HW#_DQ6x6<3<+zJHusbSOL{I{+Jo_@uRC;Wc=q58hLa5sN&z)ef@HhM9Ezw
zlTE=V7b)J-up8?8)5{m{S0QrNCNFM_F~EdZ2JCUy8bqki4_tQ3V1F!^G=*!nBkR>c
zKH=-R_Fxt}mY-clsaQE6>}Ai?o1YZYRtt&$sA32TEmC*~_{KrquJa0^3ck^ZMNLun
z#T!}J>{~v=Ta7`rP!Uz%KIg!#x-$tLTe_&ouo?+Bl-wcmaEdcJq=G5Tqo6w6mtOEs
zU-v?z3`$N1`1~dE*(!hFPoNf>L~-?_g(MyE9fJ(&|7+!vo(<44?Bpyrcny^`Q12GA
z$%3U^S(4%a`;uCh;eLQORUhKo4_QpaN}Xu}aH$pZyLNmW%qR<K99(I<RmAxLa2*5q
zM!SGItp+<;R=wDG%+e-s_uteO#O&&$TyW8(xU|Vr$r>$kG4yoXtJVC?`t`Nj?uQ;*
zjcu#HP+}xU2Ms1x3Z>!?wKi3koc#KW!J&GE{|u4<E`mQlrFhI+TO|dTJ$seJA2cAD
zYi;}VjeV}6S_Jb0m4m0`k;&;U^lXF;58Jif8(T1*j9$@|AH;WSPA49vx@u_(9o6t-
z9hK{Yl83!x_!KQ-pyr(;)`Qs3OHs!`HNe1t9j16tW+li(*|Y?OK!0!{kasFI6fJDW
z^~7eN?gc*z5%Cgr78EmzH)#c90tRB0H8=zEQze+0Yl27sE;AvxYT~}e^G35W|N5Z9
zo|-3<_n6zfTm);J%urLFj<5DlgVm|rlZ<<L(Uxl=`fE_fcl9MF`rcr|dI#>qykM0&
z-E{Bva6)i&iMASlwUt3}>@|KDDV)E$biWjU^3+_8DVf%z9`n=6tInUv_<}N|yR|}^
zh@xmtwU^dWcGE#&1*Vf16R&|A(*C;dj&<hfR?znnpzYtOpz535G{B5dWRxzr@V+Y_
z;ztfs!n9|ZSKFvh;rnEJC{!2?t$x>?#&%O%o#xd=PYj8UlNcAld^7A${Q717nfbN?
zj9td3gp1$2-=aFO9c6upaw<{F;D#2sk)%lndZ&e5?A{PX@60oZ#^aiP(%H2vfOpoB
z{G?v*B#c>%igDPy>213%Jb|D-HX+wDU=tEn?93eB?<?X>xp8qJf;BJ@A}c1T5XFt5
z5t*Pxu)z{_!_&6uHu89rLCDdCGzxJAib^|NV0%@UdixNSEXX;xCLr)>3Op(ag@{J9
zY?EH#F|=C!!u-c|lXPFQ$sFw8>)M|tOA5#0Rk#Vmb>1)+x9poxLiw=aNVxV5=^keH
zD~Mr=kQ!EATb)MR)3?HVvxgLFhNcQxMxo*poUk*$S#~Zikcvx+f)Ey^nad~x-}b;w
z8SBle_@#~@Yh=aP7WcN_#X>Ctov4wMO5g+4<j!KbX(DT?r@N{)#32|ON2bAOe;wGw
zV<r_$hb=HCvV;?3X^A$LzD&e27|DiVh&FFIleW^|?6zfvc%p=R6;PC^@v1+PPz+>L
zbcpV*`F(-JKnXjHvuKQ*hLSJ?eA8svd+3SDmZ;ET1(jPE`u<`&jE~Li;vTo5-6oik
zr7ubO>5QFiYE(k%Yq0AN-{Pc8bjDBQ!M)2kJ^i+9XR^jh7;&?0)OveN)~%ZCCdO{N
zj0u`u#yYIKA)8~PTczdQ&DL6AcnvZo!%0u8iuhTQa^~uBZ7Z~GFI(dQQPE#Q75>z7
zBAfP+DMOU05<&N5cP8w3bk5R2TqT6Thxt{$@>{SlFta@0S!4>Km-|KX?e*9gCwG2k
zt_NFcp7ewh6>XAvOcEA*6eOWfMvNw}ynf$l;Qzf=w4i%9(X$^xWw#|3CxzxYIyJ^Z
z&dBYf$C?h?mK(t@OO*%;m`Z9ZGzTGt*k>kE4uD*u>P##;>ERVlXDWXL<Whl&;{}SX
zCuEr<TSD^`-SzqpLlUf_9f%AQJQBw%Gz6Zk>xW<v<UlU^a~8c~9HziNT^U097r3cy
zLXj|~bmw}}3Y+Ey%N6wt5hqJx^JL+Mkxio+*{vUKPwMn``mojlQ&p2^mDTG=nRqe3
zD{KlM`!DEGTC9!r8XE*pRuwuprg<3Y5qVsL!ptUJU~kwPxh%cw&VQMYlY@m2TrN*B
z8aQFW?0OJl^VR9PhJ@8TICRn33YQ){Kxrk(x1WfWODMVNVF{x9P?GCbx9?9N$jx0c
zLj)`JGG7ho9yucdgxrPVbiwWmfAISwoa@)^^cq`{#v>AW1Y%-V!dL{MqkKpY&BiCW
zwXk!eH!1!m<w0ZG5i@Da|E75l^QXk$ta}uL<ukwdgW2v3qobrj`6D7)v<mDycv2VK
zn0G9J-G)zR@bnjb@KmvwkqtS@?0MA*n*XRSTHa6kZ&q;CK<M|v-|4gKoLk~&6ydW;
z#?&Q)jCir2NZ`yJaiipFyZOc-#vWZ$&OJF1ucQO4pMmnXi?wQ53+YC2vXk$jHt9!i
zDS>KK|NeZIKr|%7afg`s3wS_|#gUqMBDKQy1|80lprhE$!?D{-NtU3!X+bUPcAYyg
zd<T9^%H=Fa0hQkQ2T++MBQj_Tuw>=05IN-qFd#UnAW6r&6ljzVJD=U$1q;yJI%Dq;
zOo+<Sn4PbcreNi&G-PL#11>+e;?%ij2T_>^6p)nFQ5!`R4k3kqpve|X5>Lh58ojJZ
zuA_n^!^m{LYYdy@sJ!+^F?|iS{dPt>p#Gq`S@KGH2Luv>0ybyxGl2%4`w8hDvPZIS
z2xB_skG`)inFz&KkcFMiU~LIWmp;^}ije6$Ag=p97%?s3=3!1oe%nrdV5a1pwYw9@
zrjQP0f#nQzCcIlw-S)PPLAqn@8r`-&<Ym0h@V^sHnNp9qA@)cYk}A6m3}t1YLVlQl
zKYpcH07kF$Fw~T?$<S&W_ymx!4ru8!s4z)NC{>-X>gi@h60-%V$qROo7^studj^*t
z-rHwC!{fE9Ymw?goHn#kG(Y5(DSelx=VDaduo`}bTuexl{d^%MqK%141r0=!i8M8y
z$oPcZGtfbW=evJq$?nGDt*x!$)m*C+7}YK(1I)*W!d)!prev?2t&vD&cr5mU3yr6z
zPX3V5p2TpNO=8hzPt~wklBOPDrBJFhEc_U5(6B1&Ma#q6vs5xh1(7AOW5#A6|1lA6
z4wbI&0<w|Y?xWB=!#Fgnh2OA;R)Tla)NdAsDp|P4d9(9wUtDnQ>9%^K2v174@a9A)
z38WXQrz2goixL$TT3n*q3h$~!7U0_>5W+0}96-rE_NAL;Zur=Lq0bwSR~yYvSRuI$
zEQXF-`w{!AcWHPuVU8=xjCb!5$NrZ+FpA>-xw?fZ$kZ1-YNPX^2M4kDYvY@34O8B(
zc-;>Ym6)+22p%L7+J=Ls5RjO_La0u1NkH5E-RQ7<gv+A$a_~VDzuESJEHc5V+_lF1
z+f6EhnA*OUv(gi)B1A)W2}mZ+A<l*=R21{yE#nll6lw3v2WZ<P<qi$9Fn3lOdI}{w
zEWz&3TvLcSv=*H>-h}LPrnK8ABcrU8I<(j$sLurP#AL?<^myI#Qv(~#N0rv?EdW-*
z%f>AzFBRc;ES!RGp#3wO&cv)8i4;?+qH<#ITENx<3acQyzPre+XqG~v<9tKg08Y2c
zkPsA;jgzoc<C+2TOpCBaxRtha)=%r4LTRoU2sHiRi#Yq??|d#U>F%?s)h7id+O18(
z%SgJ-qr+bD6Za<eNcii_RCM3y$AQ}qrI%!LQ3B^&VeB@79afVib^1Be1$XVgs5%fA
zQpp8;&nzJ5%X`J(QK4d_ypt}WN2(3BkK2j)k3R1Z2={h+&waCUmO)A8zr$rhxgrKm
z#+nFj<P>BF@5m!DK@ZIantDh+-$^kb4`*vr1Pi%BL=r`fLxkZt!-V`oeF0h+fuTpG
zTzIh49PWlYNR{}&pT`$|zwe8KXz+<!Ft}ul!8eA^^cBS+*Czb=7MeYI*W11qwO|K&
z@Oe2N{Y=w!;v+t9%{qVKGLgMyQ**~kMe0Dog@B-CjYtf4n*oQ!Y}66!GEQ9#h72vu
zmE17yV9#13X;Rbopzt%g=m2WaA>nbShQ&)>QzVjFQbF}wN8X9DlzvNwKM|#~yCR*!
zC<=>HmY15jKYiIYa`U0(aJek^3}@IC+y)jkiOR8l@3D-%H?l!yV7lHBEvKoPv7Dmi
zP6X-3?C1~#y)I=V7`?Tli5VcF^U}-Sr=cD&9}?oPhxs%jd4^92IRzTWttCJ<wTs{_
z^{{}TZLXPN40y9^9eRgI=ilrCtam?0$%uZJPoWGNmmI;wke9?P$!0UonW-U1K@lw3
zlHY3?(#p|xRlt*&!d(@Qn@15otKm*ol^tb3VPHykai+2C#>N?Kth!Ms&?dy6zNT<4
zvxQmfi{nc7L7i_3?EsO8TzIoCQ}F&iUo<<SN9y#_B$nS7c|%q#5+cUV5u{*UtBmL%
z8iVdmQl>e29o!PuBGDRNIy6gl+C^^;kf~ZrtFl;v6N|Q_UEqBbwJ@&&)N7mu5|$Bu
zyLIH)jil@S+a#jXRSyRTdWinAamfxIkFQ;=`29osO4?n|U;u)WiaO537Q7n*?&lDR
zTs#Fj|JwZbj!clx2yD=_!)pv`xC%aEmt_@=8zZRe-g#Y)Y>Q&y@FYlnOrRtyH;<<R
zlRDKXSv`~Rco3%m#H_`<3&@^ZAQ`+ME&xG(yN{55Ug7$C{>)<KBveWRhctU4go>1-
zI!slHS*z3@1C-s6?`)%Yvecw)z@_zDO`%)i*W%@3PM3*swxONB>}fShu~30D>$rkt
zc2cA;+$qOkn4iEMbslpE)M~?fR@|>w_U2Y%ME>~|iH1MAD<Q4&D~EgEUa)0aEZYiu
z8xk~pVGz{nakJRIDAYYyu|H*C?z+Un>YMe=<}KVMDS-Byttamm9Ulc~7U7U9Awi!V
zWmIG&xW8a!bm~#X5Pc8WaAVhVLU2qX<d9rY&E_i#Q(i(H>Tt1J#RG?~6AUO^a*iD(
zwzhCBB}o#&bX^XVa)tecZe1@y2{Ni8Ep<=E5lTFvyto%a>BXFdL(qHe@#>`M--mYY
z0fttG58OYEG1Wv03V75M&K7ot@=Z_Kcn}1qMmpgc(N`u@2#1|K2|IMLOpDx4sM5!1
zozhUYvVFpzmwjYAB+zui-PxQ+b`?b(^D4vT4qAJFH8#4oyAz}*0YmpNTebOT{5NyV
zEed3f>fnt2e)eK9Yq(G^8m~h=h-UD7-N#2ifS*GbwZ>lqbvvy`?2Zyvn`0<f%D-BJ
zB##OB{#CDNa_irAf@17$T8rtx2gOOw1Y6?Z&`dXFV^h$XPQj}@9z*;IQ-)KW?8uzb
zNMJV_hF>h@<_8zYV`Uy{mmMPVAs%d(C3kRWpPzmSS|n4v?#2`$Y2f$!WAPo<g{=oq
z6Zl|&E1SfO{?QEsE0xQgDh%T-wN`q1l-0vtt6+jo>-}459{+S-h19e_F0Y}V@{i_e
zQFdpYOtn5A>FyLMr==YUsS&##RW$WYvGIZO!xkKVGA+2Isr=^z#Q9n;4rizq0g>K!
z&KM?g><oOZd%E=@`@hPC>-d|?0}}K4UVz4O6s~3#Jzo_s(w-AWdFTvc3F?TsY{ENx
znby!gqAGpd$01{``W}vmNcL2QUHTs-pJ;3&ScC@Zqrz0)B;tL_&?I`137I=m++&g{
zjK&I40Z8i!SZ^0NN+~c5{ubm$?ndMRm94yiV<##`TzJ)p?^yFw+ZZIt_!ZJfN`Q5M
z?qkIeAw(c3$V|yz5QHwF8R~AkD}kaK|3rf|Trh;$A7^FZ8d5(yu$xpERuC3{`WzxO
zLL!P#sKfW5V_sWx8D~0MOC@L9O#Qsb%?gFn_|iGtrfwtk8ovb=xNrwdh*)=c@^T{#
zOgn74_^TB+*JH0dMvY*K#CQ$PTA-&e!<|gRuh|ZRa8tw+OS!Y`G+bSe+xds6M5l7&
zv<!;$LVOkVW?EW9G*448el{v0I+Sjz{YI4iFk*99t<(-PJ_8aVm%W4S^fUDkNPUA9
zh|{L2{fEbd2)>OtwfAswJr_nK#)~hcV|or?6wYMZrd+o^zIc&*uzU=M49r-y4iVg_
zDUdf{A31L?A}ywCkODb*%5ryNsoAK@r)fPgX1Wtrb&lLVVQ%@~?iBiJG~r%IbeC=L
z9G1&w?{4qNIJB}IDl{6EE4jyDBc#-^_{^a-ZRoT;xtI+I_{C5dkEgXgGEzaZD3SuL
zp;C!f(Wex6`NSFvKzZ`OfNj;`&UXh%kP9eLvI!PGiEwYuqfKxGFBfN&3(MutW;a}`
zn4w4!n!tUihr&&F8yCJJE7Tix#nJ(8dd6G6%AgeHG!N24$#8C@wF1xU5JM2Q%z6ic
z*!7PVY5YjK6LFs5M(=dYK>^CW?@4$N!HLNrM&H$ioQ8Cd*#mxt0>MJkTih~B#rxFR
zcKj>@&HeV}-126aIf7I)0!)Mc<0$npkz|n@f&6^26lW#EybRiEAM`kB-_>Qj6M(ay
zKT*{94LB)A<(5%0uiL7ZZVQb+)wn5^&v)0U>NeSg>zF)erG8li@DCJR7CeP(J9x}f
zthcjW(8CC6(R%2112oX5!(@)7*kN2=oi@HWo+Jd=E%@vK`%fg<+4z%IdX-$FhO@u6
zJ?qEQ(P2HVc^6$?jMW2?x|}bKe?S^YW<}59Q_*3AyibItK~nl|PWV%g%Y<8*A&{N)
z;6JL>6yN9{&~i?UC8#t6PN;+wM`oei7>SgZ1Yq3_6QpGW0ACZC9*1|Fy7rx~3R}$w
z&di7crJKwT<|GGfN=nryxYqqbYkgLj(Anv2IFVkkg1K4_ixw{Ip-1qox!2ywBzn$z
zJCMD7=4EOXv&}&WV~|DNRzkt;-Jg%(PM;if2Pea6)v~;G5XC~^%tQ@_wK$o&@#jY*
z_KD&pi=@NTfGm=WJy-p5u#kRpB;j>grTih6X#zXnR2RfHRAEOVWHL9%Q7Hsv=^-WO
zxLNWA2A#~fRv>Ox#<X=1agv3S4v{n#dnQ>Rjug$6{rtIYvo>!VqUYJo1y0_gmc#t_
z5V_>?;G`0Mjy?#N1OHQ&aNKD`Wu1^_xX9u^p?B*c0CEVSZyOd;2>ZH(5`6|5ZEli!
zn!BV;+8SZ8xuHMn@nU1zdYMLZ<Z(&2pYtkfJnnH+*Pa@}cynv`ks6^LO=jRP{-(qO
zUUM>oNR8%QEr%{Ee6k~q`#C*IT7}N0E^ZCW*{-586TaN+Icd6Yn-xt#p@9Nd2zZZ0
z1tm($KsfF&SVb4@<yy2a)ddRJyu4z1<Kt*dy9EE<oBoJ|M7Fd#z6LQv(l^!(g&hev
zoi1AAn<|cCXY}b{R{Vc=Fumqb!4JYSN&jV>X2b+LN7e$Sg$%O}`!IpkE9fl{Xs>?>
zn@#hdl4@cq@PBeFt;vyD+>J<{j8qB=NX|K+0jPGw`w8$U8!Eo3AOb`Xh$Yp)MRXrl
zk`ku~`YAAsC9xGK$N6)j)d1TOXIkvda9=7ZXq>RkRmI$@wPEfpsHZc7L@=&~&9_T8
znm7wS+>AAaLT`O#*fqWvGxc?=kI+D21JQOqyrzIEYp83l0eLzEWv41qgjQZqcO(ZK
zps<ALIo{E=Tkgo6o{wv}f|Ggi0(EK@P83%k4O1Q4<$ycLY(<<*Nf|Y2zaub`YD5Z5
zMa}#SrIukaS>PC)iv7Z>D*WyOv~9x72_S{l5)8qpusJ)7D^YC_{`UkzCh)l_*A_Ke
z6y=8w4GlDwAsC7=4QUx+7Ui#{YF6X~R6f2QKtgY#K8Nn|hC`m;QMPl{?6N>*`n_KY
zlq5)G!F7VB!N9$X2vvl6Ass{N1d)$Tn>(1)6Equ@g<$2ybquU=yhrU`BHYYKBx&Wy
z6`t@^4<{$Wla^wjIMs%SCYYC->~U2FGwHI29#Z+^TuZ})V!TI%mZ~tyR5N3MJDSiK
z<Jm{MGvPn>IC=Q=I`hthV2G3gjz8eCGK{{@pHC{rZHi7e97F^V^yg9(<_fVLepn&s
zB(ifMnBHyfFCrf}p67aPc_=^<j9yFR{L6>m8$>#6hqcA6?*y8c;2x?BwAtp_jlUiD
zhHsV)U#lnHe<N$$il2S_9iC7N7%}sBT#zh*Iamo#u}|kE=(QvI2859Mt~<r9!(h)a
zHN;&w^&=FFEEyU6FvFd=gA3uwO_ro!9%v>os|Kk^Jn2Y=1?^VceSkm?Kkft3Dy0I$
zLLkKiF#rpGgprDiLIcsmBJi%RbJxe*Ff@`h>3%NXHHO{|A@O3sPi|`f>R_nTQPtA*
z&EVg?c^m)M4GfITh<Y(gO5Y_xh3=D3Hu-^B<sq6ClEy1tV0<5<ir^mLBtk`-5;6h)
zc2p&3V_NoFtHXugRaN0d=F9HMIZv*J3>w7m(X&SH@vQ14dUl!kjyE1;rt`_pV(2yP
z3@#1Y&O2qg47yDUm*{H)P*3RyYXje;RJr>Gc!g62%EaetjD7w647Afs_o5FTUar~s
z@b3(9oPYlD(Jzi9Cy2W8KuWc;)8=z7Tf?QsLnNX^&>wf-f?Y}2b#_Wz%Ml`lvACX5
zMuKF@{!j-+8U$^;RGS79?r<Q&vQ_CL=&SjLL#y!RsyQUVfIw&s^bbUQOmpkQNyLZO
zKWI~jGeK7+#bt{TCAFIPkI~h=wM+SS7$if^=S32iIwjJrjJ#eX4uYP2jc@REf`S|q
zD?ssl2KWaO>Xd;d`LXAR#(>w{EZY<Go=+&pmq}D!pc?E3cK8PtyJgEDZ?~r-g4OrT
zk;^zcm!8(WR}E1EgCb^!K^s9G!amJH%7Y(+#)N@`@5Io9B%okaTGGi{#DNP(5TsJ+
z5*44*Ah8UOm;(*PMCOvnjnE1tAnF53TN6$ei4W%4jkK^=aB~dVI`7?HklVTE@}<mc
zlatn{q4<IsB7X`IMCTMYMx}D$$5U4nUs1~_r97qKwJGI*{0$=iMJwnt>IJD5j<<OS
zx~^ZbT_(hLt6rXH@x&!-Q7Sj0diY^~_8PoBixYzFA_%XK)yIB$^j+BE@|vb2Qb4#_
z4*KPZNG;fpsv<)2byW_2IP(hT(!u%gEKc6WjprFUPJ+{Tbfwz)l#ONhamz-DfTbcg
zsIrldLQJayr-cD=)c(s~DB8c}N*}8drCBif^ry&d3zmBl?1a~nc8|;!-{ELQluo$e
z;n2i>JyI9`(zR-GES;z;9aVtsLfHx5WMk~QAH%9guU=8W!BU0qwb1PzvxVnk&U9mu
zvQ<VfIQyvpbBolL_t+w64&J#rVxw`e7$}1PO5{`naKr8j-TtN&Jyg=$=4N=&HpUSW
zAcYkQB;yi~E7!KoJ%k>eO4CO9C5h1;|3-(z%(q6JzNXOT^q7T=Tt2$)+~LqHp`^Ug
zsINx@?HJQoHLl2AokG0KJBjRLNP<4Y@r@Ts^H&u5k7@(412<a@!=_&C^J62Yu1d^U
zoeMi-z|kOf3O{2~vf);u<7Ad=JNEcV(zDCU-1~mtJ!9_Z*V>uh&1^N37Y`$@pqcsq
zqv|=}Wzwtgap>s&B;e*F=VZRsz(2#0_2o08-}80r=-zo!%YZjZLDT+of=eMAVEw#O
z0d9eoRbswQ?0#!3>^{tt*wK^Y`~`!T%Z$FFUZ*DW-f6{Q8-_fMzQ6YK0)%TeFUK32
z`Tn<?FCWc2{;>UlOg+_VJ+Vw5yBE_L26uhFPk%MBcK)B$+5f5FK8Ps(5Y#1|e}VTQ
z&`AgRXVT&dVs#=$!T+tlfPsPeFa1TzUoKL>$kfaTX4lNfXu-tD2xiaRXtx1`70398
z95r-}8EYgcM%p@rSxvAtKO(w6g4xL6@>d{BsPWl@5rUyaMYtRZIaXO6EEO;OL<OV?
zmvsS#AUI5<Gcz*<3^Ox*lBH1xHQY)AN|^-6g@}Scf$Sp=&J#Qva|^TR%0&>a599=`
zQ<(N68r544>b?nxk}Nb#F$P_7;=d)sfr9+w|F>MEd4&5L8N`1CBO%v1?bkY>K;D0`
zjH*{ql8oe6P>lbj?Ej7SUqLzl8xg#Ls{S`}eFNqBZ`AMx%KE>EBm?Rl6z%__{Qpb;
zYkHUW|Cv7e9TXpMTxP}yd;W-~b~}Gbl0>IVk%1wlh!!$IxsV{*oW()obNM0tem&`$
z?a^h#a}qFqqBowh^L;hVGrdh+;@XdZWG5vXztFAo9=H+=TJERYK04kLc9ss?(`RS}
zZ*`l&ujwkiw>t6EP#xA;QJJ;bP#LeZE-_$mlU<^*(jWrpO8;Jcq_`r6HC(?JAcLFA
zMmE!jEV+q8_B+X2R!5-`Ov%K<GK_$R)A4bB?5L1;*P6w4Ld3o3`9zb$h&z4tE|y{z
z`Pc>pA@2Q5<bj%#dAjy@)COGlMwnJN32iZ6)yh(JbdF;gu2vSN9MM5iKp@+Ny<F?v
zp1odjsUiT1JI;Z^#^Z!TBr>()9OT?82pHFwvk^TfUbkdOVF+*xFtlrFDQB5s>d5`g
zR0?Ob6Q|K*2^DHCemIh@z0^YA+wWf;<F}Tv{o$txl!tIWr$>rC$@W19e=z$IEV>$H
z_-F=hD__XwWqkX!)EUBO?Z89K34efMfQpp4o5%o7BxBTa#ndwGU%15eLApHplbn|1
z^Qak;J6*<=t29^gU8dtQU=F;O9s;+P$}2TJXtT~AwAImAtsBYnMdqdEv(~wx)=jZK
zrlVC<)Ov&;>{=ZuPaDEbE5&h8pVB-VoUzE(n)JBy5#mUOJ;E=me|uk`|Kpyr2EPd&
zLH}u(7$E+~KmX@Awby-u@`3)h3tfJJ5&^oJcf9C*e*?l|HXUDeZf<l|t9{c%QIGu6
z@il)zRg_43ChOd+0V!a84v^;9P5rIC!q%)Qau&zl7AnAJBh17k{PB?G169hWv6%w1
zd)CR)seIW^vtm6Pu=RC<og?Rmee(TS0<`Q-&4|W0k~`>B?NBqpkrlPvJ3N%>4#0ra
zIxNkxBrVIaetj;!k7`=sg5O_ymA9ZW&lKc~Ie3xu`wF=|)m~+vZ9Y7;sF?mUl7Cfg
z!|~QjJGP!f#$nu=DW*Ng%s8h3SSqZ>_*rJ_9ebEY%sx2+wU{*m3jR^x<~b>kYc|$g
zxJp^Tt@DRP>r9(BkjoZ$i#1*Wj1SEmN9l#%gfjEaZsGOM3B;@$+94{IAa#oFq%_wC
z&jVjQJpytsgiqzom(z3RfPux5^!1$9)*#Uf4&xk3uF0)%$S}@eq=f@zf)g*Hy3Q^=
zR>vHFkL()+YGeD$5=dCNz~c>=Z+=|s@4;jq6g<Dq{K@L=h*G#oe{(zFXu9)3vUBOV
z&UK^u!NgO1YV>hFrbQ*}8pZEJOL~OpdlPzPZZ2sN7;~#P`UWHwCA`PzPFR-0OJ-vM
zbddn>W~{Tfl0a1<WsF%;5_JKw>6_LfeC%uj)^h%(3ArX~pZ}#c`O#T*Q4FjH<&zzf
zp_NvbxV{$olaCi^PGA9mK16a>KA~Tx)OIxeoMpFm;O?>|021g0{4wxHb*2b{`5;7a
z6z)o8z%X%e#d2$m6_EH~iOscYTqwGIrC)=6w^Jn5$C11F?&?9dTR3g!OeNyft59F2
z8^-ubSVK+v6&WX)Qg2cwo)}{p>-A!KL9B=v99kE2nyM8t`7Q-W0ZlcarD&ptb7zqf
zkr;tPv+id2`-(Id<#gKXCPSLWJ|A(E8mejqVGl|pG-0XM?|M?^?X)FKwAC%BkVpze
zS}Ej4eH<*LLG_Gq0^)wKp-g@6*I6vK39+Lyvxw=xjf`Rqs-1sx=I3thk5XC`e{C6Z
zFXylyKdwDhyYm3iwSPAi`S`4!4To)ZIL{M`p`1@hZ!gZxd(|@ekLC7$>?r#5+O%!A
zg{P~x&jE_HI!_(Q`L5;m+P?=L_%JuUE_7nZ80Z&n7I6})EY=w1d@$eL`MUs|1m2Xl
zX3PYaIP7v0M#=C-yN8R3X@iqr^>He_VpO98p`9TU;M#zdl|-%Z-e_s=(Lo~4Xu<8i
z28^>|T-e+1N_q=}Qpb33-Hy($5Vn?#1A?eA%y-3qmpTDux!Fi-GUeGQx4|q+#=#WH
z6Rm3V*H(bjHJ%AS9y;{cVAsh(foM-4e}XSQ;p7Ve9;Z~b<@bk6k<MH;WB-sCv;ND5
zPwodPK}n!)thWKlSM9y6Yj}Dc-`$6K$7=4fMzgc6Mr6eX-=f&C?VY@s?N0{w(@#$P
z@5QDW2O=Bzm_`iE;VI{d$FAH?V7NRd2B~xAL9?hBaC%50o%ALmI+4W(&<9;a5cEkP
zl!=N&H{Z_g1Vo;M*82wJ_iIJ#;z6_Y37NZ9irD~LtvpSG0U~NLj@TZi)RJ}pxxhqT
zQsd+MAd+mwRyDlDTVVu+hFon#NaDaXUUE+bDRjzWmvpHyHsPKx;g~=)RDDSF-pAS0
zOj*rVOl+{#45lEi3kIk4k~dVxiqlJUwwu;R;H^TRU!vQ>pi|EmeCjS;=86-N{zEWy
z^)_Iff(47tdqxlAk#oEITo~#j(#I{Tr;}t>jl=U*D5Rhq#n1EV5UIBwPT7stV)IkH
z08jpoS&dg*OkeIR3GtN7i86k_gk+^P>haB&ej^S{AF*p&PdmxbAInxk1=JTYn)~jL
z>3-CK$kA0F{l(nv_X$qg%tUw)AFqtI@IL@MnAFxn`6#=6RYL05@@y#RzQ9|m`g6YF
zfNDOipcF%)TrblJu%!C-oI7RTpVO4~>L^(4_zvt4WhkD|>1{4f{C?0uwhDJ^7*IJ<
zmX%>7K@=Km%)(kU4kOhTp*o_Z;7}9S@1)RT*Me145_7XFK<LDADJfsAhpP$k$p$!$
zrDVdi5wS>+0;)jU;U;nwc|t9~(yBIUkrUQN4;+fOwp;UTj5q@lj#THE^YkQefT|P5
zX7+$C+B|H;`%@u5s8wXj+p_sG=+Yo7YT4Bk(WTw-fmymxo<FrHsysrH90sx6(6{)W
z8u|KI&Ro5!nxo*U+v$NNzoRSY$bkp-?t7uR{GX|0@FMYHRc7%4@@t4Fq~aLSSWv}E
zuod3!rGE*GWI>Dg>e`>VLofH+w7$`FtNt3(cu=!kXg%Yu_E|472qJ+2g>eoW6&Krz
z^gGo)U0KDs<HhlgO=e#U@-=4cNR8#zsKmKTvszrW6!5_4CkwEOYFFCW@&%B15RN#t
zsjzE)IV|nYY;_i)@v^7-6&5t}WKnNkCS4;>jH4*P33KVkQqWmZvz&r`Y>t}FXnT|P
zTN@BT8EUwwx12Essf;3)H8f{cfN5jBF@9UwB+h26P_uNl)x6#R;C*JhoQ83yu!Ni_
ztfEz9yz4uQDKqrbN5Fl?NCh6b?}Rtp(r(xZ#L~drlOUBMUb*68AKs-So9ccV-pd{J
zp2f+GCM0L*dnC@`a{s1bhL9jjBSR|kJCjG1AL%UGzmAd35FKg0(ci4%JBU{3(?2?!
zFpKYkke11jf0t4G%LK|i077ldL9KLyYf^vI4Oh!SEj3iqjd3HS*#J;*JnIHTB%9Zr
zQBe3^Y|ibIMxIKE^8}hiBAzxR_dn>pAd(cnGLpS_3=2nn>vU9yT25O{jyYgLy;DLI
zcVeG&dze7K^^``}R;JX)Z=g13CH>otZ$h&W@F}r{@z){e!=LTaukiX}Y4g>x`^$0f
z3HVQlg7Jo`W&TfM4ZJe{e?yf2yaoQp;Qj$uH*Y(0S4J;;yGwohl+8BOuWiFZWvWlJ
zJgKuIx2kK_O3OvFF^^xrPS+5`M9^%bcN3STr|Pd6w_%b=#81uMw|;z25nG3B(Bki2
zABDevix}o4;$Ngs&~g!c035dV0;xdZi_QE6KQ0dx=louVhYbyyS7_n>keLlS$fgWU
z#+b_8gQ_Xqg^_F{dulfsQ6$`ni?p#DVhjeCvMZ-yQ9TEHQp$Ll`d7PJG<ygmi|<TL
z=vK<6fBGKJSX?rbzxSmjVY}IA7&i8$A$wocWTH3N%S2aDjgrPE1B%bX^2#MK3s(I*
zI~U_z^tuT>-QC@&<u*a!vl&-SnXX}jkz*Kq(~{e9Tq-@fI*EOEr1dl^O`D9?tGXN|
zByrla#B05%w;c}3@(rZgj&@GRXAkkiUrT&Qvt7C>b~?vq0zS}UUkRR$vh-$~eg345
z;_AX!rM(d}9kXw-01E@H1`5=_s6*eA6|Eof%KzKDKnz?q?uGC-U!i>=+aLD!GT;J^
z5Clm6Vwtp82++TO-MOVMq?(6enXT*y2YL9}8|0Yax94E1V4m~Bi_+0WvJnMUg8s}M
zkG$%~*WkB&hS*x63hXXaRp(AQE$5~4x`Od;*%(MoRp8LI1={;fx*?!IWy91+zL&7a
zB#N0B*ehEPifPX<TB+1wO2A`6<1J`uR}dw);*R~WzY>E5NhyUd_88SYeC=qE-x&uI
z5|4M!K);lqOzE?~ZiH(S>7c3)q9K-Htx-;p>%%OUM!|3K!+MCn;8Xx^hYSP~2m?81
z`{EZZ^7Oa@AZLnZ!rRG3n9$wxjxCPZ8Wqy)Chw}Ew75Sx^$4hLifYmX*MGCQF~v%H
zSt0o*eRWu{xl$Rw(-;advsg&dgV$3mjqulJIQhpY1;ByQ+h^QOUxYi+sA*!SJ#>e`
z%f0eVn3O@k%B7iB<p+nn5&dq_oqy^{c{Z1rt-6^g@G<AmPG6#}Vk})u7C35(NoeII
zQ_zk|-?HTgRiK{J6o$ajH_x=5z<_>xFc~$mp04%oKO!yGzFKa3UDO8&llQZ|@C4b2
z+W#2*)n{frMf{-nnMrk;h3U_ewU4w%1SqjPDy7>^0@Ca<_xqo+48LMdY=&uZh2k;P
zMa+#+fOSckK~{PVSDH(iS*_=;J!R-D*hJJKw0Jru*1rhl|8VtHVR`jT*JyDm#hv2r
zuB8;0;_ei8xp6jDT#CE9L(y{M?(XjH?tDD&^&kC5dooE@uB;sFWHK{J>qGY6JnxHJ
zjF%09*0D6a4K<egcYChZY00Be(@UJ{sG)U{Kxv5jmZ*A#g0Q#-Y0>%4AN-u-x$W-6
zEM0zM9H%GZdn_U(LUdE`Cz6LC@dv=7Lk`=>eYoY*Qv-_)=)vcBG%jz{*VD}sb=%)5
z);NeoHGXxlC1s?<+f1!G$cX#1P6ifbz`yUN$(OB;<yl3ag-kL|QG|N@BCCdpiG}<_
zN|IHeCvYB9Qz{q6&j87wYl`sO98;R9#3ugNb4NsDIr~q&e9YB~CSIdVze}6cA&{9z
z@`SS|uBZHyfL;pC^8x%Y^DZQ)kiTKbq?gNZf*>ssjvX&3YCGhTwK(WWHYwzN#n>8!
zAJ~G!LBICH?)t?Q^D)CN_PlHPN4AYT%+G(aYk+5F<W$a8;(XkN8TLzzcD-fw6;7(Z
z1Z7{3vaU`9KD$v<k(C#sCjCxxA+#Z9^iilQ1XIv}fZT7+NG#I0+_GyHJoJHlhA^NE
z1M0KUx;l=L#R+VO$##;y6lDe(e$US1`Mxp)>e67nZVmB93TZc=Y~MZZ<SE^@k{W?d
zT(Lxprq1M4k<SFCGKpk&pS3o&A*ooUoWxF*`9W+ARW7KMob)eZ7Dt%Ya^Wavk~s+(
zM++xEf$V$e1zE|z_6tYIGdth#;{x0aSgBv38|P3W=hC1iSzp)w90v*rD`Vh;*6C0&
z4@R~6h2mi%mrWkvVcVb2&SkKPnepZlO*Z00c4_q|%-GLNrMqIWU~R9PxX-*sEWTEu
zb(n0d^JB~>X$nRPU`o2th-?Y+?iG2(Z~Ef<0skC-WC=4>dA3Sv)jct4r>`7nU+Lj9
zmp$1i*5)Qbn_uV7#hCZcS}~+PZ%rOxYxU>xE=i~~TM#PSeXqkqVyLl@jSAvLk-bum
zxHaOp=IjJ(w^tzub?UeNF5do#8h*&dO*=7s#cFxlA2}uHs;#CUBalpqVJ9kfj8$;V
z23{6q2!}4jsH&76MoQTU8dpo^UXq#fxD|sqNu7VkqhV~1;T5C*o1>_&aI{FjJ4$6D
zI1ub@7qNA1+Jcd2X&pmon^Mt%-9#8}=o?d5eo+0>1A@h2E{w(<%z*hTX|-h@X@zn|
zRs884JRENB;>>~wlW;~R!a;;GOnNBg2w=6Hkq@x;RE?SJmQNtGhMC<j#2RntLPeBH
z6LhM6+$@)RJFe`mk5zpJsd~2^`v}+d&V0oNQ^=NiV6IoBHA33(E2ari>-$5s6TrUB
zfA<4madjvk-u}{DnC><IO<JAvQtiGRwLCz-#r#(R`uBH)DR8`rKxn%PF6$C&1K579
zcu0}Y`r<Pq|6~#YoYKz!`%`Mhy)SxHF5BfhlTV-&R|QuxI8C;@D!1f4b=@-)@or&I
z`Z*lb_ivQv4#Qj)oWuI+G4U{>{bL=It%b=%BXm}GOXd&jv3TDJEZ+DhJhQ?Pl#UD9
zgABGT*y3nK!;>g)n_?J(*e%trW5C))u4UN_29y1?q`xwuu3wsAI<t0b4h{V4@}0k%
zP0O3=i_SevAEs8cSe5&?(lbyYcB65qz5-#kngWUZpnI!wkVO)-HG%kir}gW>=FZPb
zuO1e`e$)4QV_4xoL(DZxiILJiR{x47d!1FY-6PNY8dax<178;;R}+s`M*$D!rIos`
zJ_r&GH2HmTIz^&0^8rt^cUgG7X*c;a<{_UkiMbX6XyTj<{(5hw9H>~5c<VXq(48e@
z3NW=!)lW4am!3bR2$gyeG>$4}0QBm!)^Vzn1wA%C!*tCKd|K`Qmd~=8ltG&9E~Ke>
zzi0}^`K&x|$vs5sO1R;Fya6WNrt0Z7KldNm;B3sYx^D;`6(TPCna5peB4xsFp(wu&
zlRF@}Ff_(cF0;Z~K!@4UA_q^Yxr3&Qhm%mg7X(pcG*WvKFH7@~y;$CxlpZKY1W>OO
zmZ+Wr$O{^Jr}SkEg03hpvT$v4k&l$&{9Xq44K1y<F3M|4+UyrkuK?N&ib-AitA(tN
z^Mg9CybqHG&-$9SoEmm7ghxlh2)SsGp<*P}nbo=%7kNJtrQKj`ACXgudup8KV!+YB
zs(>9I%FP*~*@~Ydy91t1gs_<dW<&K!9(tDFl}s=Qby3+p;4Xa_X~XZ!5c5EYL>m_)
zO{L$UV<oZ91G{VcM*<Ga?4w2}w1VHNRr^#7IgwgRsv1WY_*L$G8CA)-s_6wIW|#&5
zd*{t{bdsm>-Z_{DJCRP$xdEof-{$A`KV*Zw>q))_4`D_dXc-x3)pF<i+@_`HsiCv8
zQ_Qp@h3gbFGtaX$s5R)NRw+`q@?~h|%*|f*x^KsV(OtV_dO(rWM0&=X;S3gw2u;{(
z%V`L<@2`snMwJ8e7vax=(MIH>$g)e|SgcQcA{M9h625Hx@VynSlv^@wkI4fO=x;mU
zMudC9XFmmbv{>)rQAqit1n^{;!I|3LH0cql=s~@Em+#PQ&1$*9;0=A3Nh$owSdf!P
zFr0?A`>?ICvIf8~D|<o~>c#LG4EYiya>3(e3Uf|1T@{oT({gjA&S>2R75>wju~1ju
zY)2fb?i+~ir2tEg_VT8fnfHHA8}EzMZh2uUo1^Zd7>pPrlNxaKFKK2A*NkaO2`3q-
z=F~QhvAOQT3O8;DPSGOn<@Ay~MRw8n1#P)p?Mc_uNDK6M2H{U;l{~aO;V$2jxy2Xl
zw!9qOWT`2{Io)vh1bI9eVRLyq@T&eE(Zf_y9XJgaEk#Uer^zq<1IGD1v&D0-kRL-g
zsG{73m}<P!7B<J9;%?<n9xbgFf%O2k>c!SCaHqIL6*eS8Qte%#MPpTxOs8|fND$&*
z$b5PsjQZIB1#%!P!$h1wmF_8$7r->wYM~wX+<T2!v7a8rRK#0$e4&&Ik0sq+f9xsH
zGrKy<BtAmwa130eM=Ntybm|_ugICzEXc^)Qhp4zx(Z0H@3g8fK|9R-8@=O@_66($!
zf#s<9!+h9g-CN+iLjnkNh}l(y4+HI&8L(wG`~s$f>SleWE4T%6TCl!g{!3wLSHwwk
zw|H!Bc1itp43XF6w}aVkM*}(j_ba*LWYh26MP}sLu-?f$GeM7=5#+Y{x-##Sj^1`I
zR0QYstnu<2%0U_Lk6+)3t&X%In<;p=#-#2V-lEKtz8<@SY|B-S-V>4P%e)($ZXpH{
zp%)<LxHimxiXA5fzb0A%NJ}*Fn8~0fOeSXO#v${nQa3j<&$n_G{`7`|4?=F*!s3~J
zu(dV(O8;^cl~Cle9TE7@rQU?U=_}^`=_C4MD9cCx%p@T=qSAe~&sNm3gJ2ue!^H9%
z)*LQn3Fr)!w8~(=rS{=zno6i(7ov2ELjsuX&Usk>2vHaKrYcn6SaQ%?(bAM)*HfWE
z;NiyjmH8#{pUwUKE3Tv2pwcI{mu?M5QD-FWL`;HS`dM`L%YO`-VUQ!;2e$(+nuzu-
zEmtwI$o=!UvUmxc-7HcIu{y_+R?679g{5$%^}|tn=^FmDIRKt?5#5B)QMmfmTmfJr
zQiHX25xz`CodrKyu;sjdE7(uO|8|ontmk&!>*mOw@$lvT?heG~W#3N@@LdU}Y#7Kb
zVwuS1?EzPl@I=y@7P8Qv_tww?bQ3R4MqPgee0uK|;egcCn<AtZZ$Pu={B!%~aFe2)
z?29l*=`H;b9iz0R4bil4q?91%xSfWE|2{Lv4WHQ(^L0!d<D<Hjg;#wd)yK!9KG9U&
z>hR8zakOe~YIRnN&eeP=4S&&lW#A3?;r>AK-!XQrtFg=h6#_!_*Z+TtZ4|<W8vlQW
z_RqLb1i(q_V(hYHBF%%4zF*YIGWO&b6Z8#YO(jr%{)kFagQA!kNOP491>ToJnzRF|
zBl{~!<*absqHLq){jk7Dx0jmtV0teR5(1RH?KfK0dr*Qu#L6q7tMKy`_*`gI;B*av
zockgx{cv<HW$!`F0Q|NyxH#@A%<;)=UGR0?2f&HwuiVvH_N!0k^;xNg5)OKw-LMjF
z-YZfV!_EPSl4A&TpZ7*WD~*r&lKI<Sj`*JMI7fTi#V!NXpPf8-pIuJ8!j63+&iC3l
zC2q|MlWO&sbN-b-v$i2gj`|3p9{Ie`Ug2*;R12l0)qwwoDP$f4UXEOm+mE-ivyT6)
z0jA|q(sZ4}?#+v^Oe&;?*!#WkiM&SZ<DpB!bcW`sw5J3w*S#Lo)!R+*BIRTF;sAnG
zUSGs$y>8?gb-hB*s|mDac?sT}5W$V3kLNPz_0(p0(ay|NV6~b$pltr)&)e~B*$qQr
zZL`xRm{&zJhrbGisy*XX2;SeM<N;D2_^DMnY3Wk=a6Ym;JT;$`L%?si=Tdg#GJI1G
zv)x$^Z*h_718c{T?kP|>*eM|<Mj*se`QUKnXkthBw653QTwgdgBC8K7)3<H%!A$cB
zOF`#0B+p+hn@E8(OeZzf$uj7&#T#5Iyc}8fTD>gsa=};vZI)H1-(l%^H@QUup7WYM
zPKkLtyKqKLj-(+BYTlyEzYa|g;XIBJ*QF|131i|1g5v_wA_IP-i9noVz&i_#W=!--
z6iQ_2?u!p(dN3~-Np^zS$amnIkKJO8C`hqTzraLl!oa~ZNwc(%d1dUQZJsE%ZeBRT
z+_|~*V2K+3P~>OgLvuZ^y3m9M7Rgy4Se3;YSjIA?@q7;@oD*JHK51sNaxoSe@+aa5
zz7kDe?U+Tr_qho3dLsF*2#ttC5-MdcUsa?W3ziGW!hP!^<gLC?hz!ZnOHjCq+g|0b
zu}WDYFx$kGy;0Z`2x%K_?`zk!9IQ%Ok~>IUE5J_inF)bd-7XE)hikI{U}3*p1<0J%
zZ+l({k3$I~3a~fNxXqb$es#`3pR0)<PKNbCA2swZ<(1Ph>5RX+KPh_1XLa!Mg$;46
zbIvQad>EPH`s!%&STH>XwT$q(Lhr=g;Hw+8st~1HpRLXmg6;f`v%~W9Uw0Jxb0Qx@
zZUU~YLPzp015@lV&*-!eAh339=1I-znry-F3^~(oGk0bY&8w=<=cI+he{BJk5l!)A
z1k@eg{*eE9rskM`DVj1_)4dke*0SQ<@=GXods;Yd6frvZQ)JwP?bA6ShbvEh<_PuN
zxQ?#R4}f#813*Wo#$aaFCHS?eS9{z=W=1)5vx2~qn1UxS5|&#4n3`5<iC-7mlV!uW
zg{QRtC4O`8*4(;(IeJh$aEnanU$q54j~^W~^l5ZE3fQ@%TquKLwl_RXv`DDQhRB;z
zA#O_Ste?j5gfh~&tPU$o%LG~MZy)5)mx|pV{jzLjO-Wr%<<l`Ey8b2ja>#GX;${t|
zu%LpdP+Jzy=Mn`0?(a?*sn;c55W?9uA#dgv>W$f?i>AqysFWjEe*~tp7z}b0#t4PF
zu^EI=4TG}mj*ahEm%a%MJ=KXBH-9q33j}`Nly|zBn`BYYTa>pblQiG$!|1NhNifPl
zHjkOXW*9G>=0G{Gjw3XGGc&<sggx+xMp@-U4&pSAd_rUaZb%3|{ksB<b5tnuI&Wn>
zO`yob^3^auuYxxRMa<B|J$g?u&S!$<?F3QXF1Tq?Wco8?x2etYI%<*7PO90D(CARh
z-6T3<P?uTA=Wlj5j-w}w&v~<YkPsz32{jA2rkc0q+wIgP;kPoj$xdTnikl^mBO{qu
z3YGFx$f3~zSJ`~QSRFMS3-7#jZZOtWgj<mY7&p3Kyv#*5J~M))SY#QqgCEbLdX-aK
z9F`mVoW}S5U@IHZEg)v{+*zfApGd041`X`ddv?i>xRDW2yg(e~SwVO4Km>b1tgFWG
z2OjQjK`mx4QX&?9*mq)7aa=|5;iE7i9UUjAL=Nos4JM~AZ7Wu(yJ-Kf&+49v{RD$q
z_NSgf$uCa>_!0DhJ}wvX;;F^3#O-+yYaiN-IeUR(^!(oc4alL0)}q+2xTO-!B!>xM
zh<xLt02?Bagr}B#;)Cb#3{wzl+t1;GRgm|3FePSs=usv53-e<Vu56CtuI4TPLoJkm
zj|60kL=rp3m$=mi{%yyLp8tTOV2sc_PZ1+ETK+dEX-0#E%3||>Rf5ehN)SB@lgrW~
z=@IEU{Gi795+47TC@8mRCbN9;XT^S7b-cUBjL5w?2btd2rL}0U*h=<jNYSv6kx-*A
z-SdwD?F_jKM8X_j=Ygz_>S0otgT6wXUr^h3-(pev+305wAICCTmfW3VXlh2%$d`*Z
zB(5^NApy4Bc%d_wWz{XF{}B<QgqVp3`$0|o5n8!g`_aMG{|KQeuxH2W@N`zRBoPs4
z?x@2UtXnrP8XF8z`Z{1c?&lUwA^l4T`ffKc^O#=%fDIw?+g~Ek`<&B++uyc{(uu$u
z1OHyJA)s#14rLMS8tp3IN6d)}((?FS@x3Jvo!*_TOI`57_gh)A7?_$|4<)G3P!)b|
z>tng)#ar-^`|}j55CuFw7>)Z})zi6ry(xfqDNQyf^Fc9Al}ZNz?{-_k*A!<3@e8(o
zZ*M@S-t#}^sL9<>v|81Q!dNdpCP5^AF*HE*@`EYE6&U1R?UtkjGXm`~Hm%)~RG!d^
zv@EiC58VTd&v0+(tdSo|PEWWuQdY#)?g0U~mc=2aw>86^Orme`T68D@2(6pQPIInd
zNCTCjhM%=c3B6C<a|^?`F{?dr9jt)!#ywJ@(>24unpS84J<0x@C3orVaF>j*uT>dy
zCu&#k&>Liw{nr}|Y#AB&mBN;WOshd&vVXoqHOe^#sJhm^$x^(2!MRh~fP3}%{U}59
z5Qhov%6CVQ3*{jgf%Nm+sM*)y$dk(jVl~{k9{y+1Q7LJUGN#JWrGQzkzHT6_%*18M
zhQ3O0CqoDJsJk>xMiV#?j>Q}tihiaSn7Vb>fnH1@yW|hWeDk<9^hft7_l=T>rDs3D
zo$Kn8$DgCpL6uSDRq5U_hA)wr68aQPmSKyKW{G*c!P+y$Xn2hL#E8{@xFM-j#DMuP
zvSFo0Tr~&$v06>h6!vpLU;tz-xy*Wsc>mAKjC^^;)p}q<65}M#V44GLYUV6!O)Pb=
z%Fh*SI*zZJ4BFxE@7{~q*=aSdm7lEJHolhZx|~~BDYsAF8<;F}cD<C(iNX#pBw=-y
zP?P#35!;F8d)p@D7!jt-P)41BKNn3=MFMe5K7FWy^%Q%ajyo4D0ZdV#`ngCnmdWB@
zWhi$)#W<%27-T@r9l_LR5Y8#cJulTh%C|V_q-Qpps{1P&o(b^A9bC-Zf-%zXL<Y+S
zA`;FCaf*sccPHU#M-T(u)TsxkL`UF@SCD4^<i6VOmz1U~+nEvJU4^fXDbG4Ju8(~W
zmCEV`WtKv<c7uo|f%yl9hHIA8N4`WfB_2IHBJtje&%tGX2fEDzsTILuABsyl7sbVG
zJ#9)posUu+t>7@o&bl=4<glW<_!F#pOj5)7E{QlIvwprKebDPb;-L~((ozj!mdC*r
zj`rNrp!i?shKSXl#oIB)LW?}f^6rGP60{!QKd>lPtbjk&YkU#ewe#`cTV2fWbT?>f
zm%L>xV&E)&m5$&J`4S5#qzH>QC26T@>Vom9qQ|WhjO}lsIcI2CB=N+}e*W6oc2!9P
z7`Sw-9<A?HHQ!<)40E|JH)q*@>%Lvhu)m6o@(?@lW3>?JZ-9vPuWC-lG-8Gc%l%cp
z)s6KLEdhW;O+bQf?ylmrsqok;f=3eS39b(&qxYkHP1|bWdwRlZf0qG>`qOHz-{@`$
zaB;-B@&>vxq!s+xuo<!JuD`Qsw08@AE4_&7d<(8CVxmpMls~ImxkzWVwhB)pDiRKE
zS!KMW-|V=x=}!{A+R*T*i1F0ONv_P8(~a|a0=$RM)L39IqY%&T$r*voCSlp|IzgAr
zMUpctB+{(A%+Nc;-5|YLY~-g*{8O*Z`(4skvKv7c$fqd>AViepDN_s6`>+Xs*`La6
zruRPNS0-=$){^J{{A%u}&vS+rOI31SVmxcH*@g(FV@$ix!}QU6pe-eL2zfeq%Jgsm
zyzdqSWnFg#>!F@cYCQia1wUo-#dyCh?Bb>f_D`Oad|nzf<WBg>oowt%zxtP!S+(=#
zuT0zM8snj-C9bPhzk$s-3H|Io>y*;XY3j}@B&slO1zKK*&jX6xap%@^bj_u9$wF3V
z-~0kH76*|s!JDkhX15y#>I#t}*0p{hKw?O;<}Y}w@zTsJaeaPL!nz|hT}@PKOcdmG
zTB5s)6Ye~HpziM6!%rtET!^(16Qk$+2kv{(5oy`>O>*<Q#q_hW(~@!NvOe-2+K5c_
zA^V%$S*V2zW4%eTASdWG@=Pj&qlWQpP|f2SJkjZ^$sR>SFp6w$>-%~M^{{RQJT27!
z-B`-`*Fp@=OsY$j^O4F!Ykqj|iGv_FGuDV)vwV%ljPzXaxU?c1nfD=pbs!v>fXQv-
zv+?SK(CnDm1aJzI#BajbJBM?bnv@NZ!VK|D#S$^|IL*Up{q2P~Uk?UTz5z_S{2Ek1
z32~X+B>_}`u>gL9+_5#Mb~gynXE1{4Uqm?UUlW)!r?0cqx*;j}?j)9=FN}f{1qEt2
zuJSaC5`a6OVi&OSAv`T=@jwb_4aX;(v6V~9V8)SHql+fDE9s4~n{T*Z&?sBIywlKF
zmiAoj<y$!-2-u?6yf9Z#0j=LC!**(0l<I$e(U$I8be_FWGq2S>KBxkyFB_dPhNrvu
zh>V?{qrJ1{`VV0$|8}i1z=R%<?CQG}oY#K7GZYPWwZ3Wn?7Ynm@oMm|HrRLkEV4XN
z31-2sInWL=OXE3nlmBP<1>;6-P=y}2i{0q{1XLvd&lL-qun>Jnp34cc2oW>5B>wNH
zpjTi^3bf0M5c*BCv1<*$IJuTBEDM_i{ml*yE`Ge4`@l6Wf{ShaZr*>b_u<VZk$$ak
z7nXdZN2ZRj?Dp~UPWhYC6UO~@IK2i#L0hY2P}aJSPw2lG{gQ6-jKa61WT|FQDkxGS
z0mB1@RuA@G-zf8N&7n%<RMq~S(lqBR<arf#AKylMNY#51{B{kH=e7I!E;m!Mp)pjK
zoD3x;S3W1hfZD;e2|0Vz{XGNpH~(zUQ57|J)%GG=%dgCJ#h$cFUY>&-nEzN8oDf?!
zI(sfysh_A7v0J*v<ICMNDnX#NYai`me$u8T2@cK|w&W+LRP?D%pwWjPq_Sm4B)T>>
z4)p6pMHOD;x_1T4>7Jb7v<HXqHn`Hp?j?)iv_lO%HGe6hDt&B;!=&N1h_G-QG0ZJH
z-57eUs_Ey?1w7=oJ3;kdR~BTxE}5AI#z?z`M^713YhsTzCP%VJ>k3QP-5Jm?iUtvE
z2OSsCNQtmWu!yqgKYx?Q5VJk`<XcB9bF@_v%quJL*JBHK3aAZIG<oQcW9RRnh)6IC
zsiHO;MJ8sO)=yw;;98P~Ng+403dv%Z!u@Jva?24Wn}zW!c>Pl(-1i#@`FRjjP{+;Q
zG=-aO+eL+&;TDK9@#0}{5mTN#{b+_C$%-r}q&BEB!Fr7?Q1^~HQq!ROf!KQX!1^>q
zN7Z_&PlgrnPF5gVkH}#BngK^?v^-Dr`U1MKmD>sDl__I#!jGtklGYpnbF!8@cggZp
zRJwu_Rl9lq;33?2Qs?V_4*W@xh}HJj`PA)c2YI|Rh`UE=!1~*}ny;r^wX#^9W&aSE
zleP?T@`tH1t0>VID&h5|7q><#C7aqce|!(|cAI-38gVeyq@F}lJWmg>Cc%p3tT7{y
zRFgZmN;oOaE~W`oM>a{Z(5X;aTTR8x^Kg-vGbm@<#E(-=|2ezk+_<));L=xfc7r)W
z<$9d)ByBcgy_ag`%@}Ir?VcNFa5h6oSFvf^+P?lKvfQ^cr0qnpFuSmlW5~@f4rUm4
zY_A5&999CleP-CJ`dZOYJi)&R=u6b$0(B$TNeDrT7f(FZWm53Js?X^MH0l~w8AJ#>
zTzwkXY!qVr8Y1<8?6Q$!DvEN#%1j;|EPu_rl^eA&xdfF&VKsubH8l!tJDNu718z@x
zVYHUwP*w0o!88d9|Jc4i4rfaFh7ameR4S11T@GUim(S$&YAdohY7O&nTAAHiO!<n3
z<4n#DGTgGndY}?ly+L>;;N1;^hJXUJ&_Q8(BF1IM|E16PbOvM^CJi-zgmSXUy7}|V
z*P|}hlRJ+Tqjw2kWB$o}3{-8B`XLywcX!QNwmGx?LY_~Rdg5k-D^J50M7m9yVQQcw
zT_SIm56iz{txBRd_OP#Tf6q1IjaD6e>Hb&eGN{Wxp*J`e7H5F<&U}W15GOuE;B(qH
zypK)vEFTjMKQHZ${|xdLtU)ne4>wx%t<BP4w_;Qfl+Z}Vy%0T2i4+AvnK1oGQ!S)F
zLO@r9rH)X*%58`pY*it?0#k+yi3Xs-+}}QbTYM)E)~-@%U%$nLMy68N7>`2rE4{7$
zENUpokAFx%mv>gMK54I4Lp-b1?s`mF<Ek;f9j<shn}3fswl}oU52F(KMxRCA>$Bo|
zJPX|WK1lp!E}uVIMM-=WD_E<*=@#7h%jH_6qH!VQ9{0E3JkO0b)tdO6=M;#eJmV(;
z0eicIz5Ju`^Wa;@lKxiFJA)bSgt0N9-rq|xW}>Bvi>q6s$`CicjssG#NR>&8D{$E<
zh`WpR#HD=?s~)|wKW>$Am$6J&I3?vZ>$R%rN(8oxw`uaFS1Z&VR5D`5Yr7)APf`h3
zJ-2khrR)uI-6~5GoVofO+rWT|65o8;W69V8-i<b$mr-kG#!*D8{P<5AO}9op2RRpU
zRaKu>s^p`H?grkUik5R_Y9(Xl4b6gBbd7q8k{{J%-mRI@M-kSQs>u%OsneY0ei*vC
z%+9%dd8L}aT0?@5A_P5oR6^0TnPqeMwhbm+Rb<hRe^9BIsc^ED14&*#GaP2lH0V@p
zTR8%bBJKvN6HHeU_MH1Y$|@Yy=8^De{)IOx-h$M2=45cJ>-Qp`T};dyuGQ4PlY_U3
zaZ*op7CG;N6z*bj7RS<bQRLQHPeGbZli#uz$8x-R$|gUHsDbp(2lc>uVg^N_-1Emj
zHDVom785ISuoCkL0fB~JM6$n~1%3q;r|12;?<*92%?IbOwJYmS8RXNeEc_#&V`rSD
zyzLWLm!c-3b0VhHej<Nh4<1@EqYvTQdMmD`yDqFSs5quR`Z%f5lpMMH8%lP+{%!u6
zf5Qka>v9N!GxImf!c26wrz*A%#5+qtFcso=lZwz~nlU7*0z8g4BD^M!>Q$aHx>Hfd
z2A>;N70W-_+pDeF1vKO}xO(pG5?mvx%+;CM>W~UGo*JstGS=0bRsO3fN*Vg-5PTA4
zOhD%)X?JSLf8ufiQa{x?wG=pU2^QD>0Wqfy)<W|%?Z+>Xw0Rn<7xR#xS7fU^4(k=W
z%ho&y`yqq~&}0j7C5Q?;_b%bXD&xPl#TKckGgv4Z<SL)EA}F67H6FOy6jf~*Ph%nR
zoP0x^!#bw2&SEe9Tc|sz46r~QN>~j2CmGZ~(RH;|YVaDMJ^ilCjL)K)tk<eY^p_kx
z;K`M&NY>DYBJj31x*d1!WqA9#Nf0Pa`Bsw5(+*6=WV7v7a=1?5X<EK0vv#)_41H@f
zD^8Ym>E*cerw#59P8eu05_g@9FElLCmHajRjm)g3T+k7_SL_IiBO<~_BD9ufPXNa}
zpm~)mKL2Mg;r2*XaO2=ffKzD^#qf4upiep1{M_vK9-Zh6_S~`}#46E0n#gEcjjl09
z0{{S7gvD5Wr(BvJCY2@n)weQvs-@;6c_<!yMeY(XJEqyy?En`3N!|kvdnja8p&$<9
z?IMt&E|vX94`%)5<QU(B*DJg3PYag;QZF$rGh(xwjNkUFXh;G}ckflt6PJ>K)GgdN
za2tp?X<Q40a^o65pp{5EDO3tqSS4=hfp>nw_hnA~dlAp;Wod~S*HI3kNP;Wa^YJL!
zd5L9`GMk9ty!ExWlVn4my4RXfP}%&`>FIb>$@$^i3<n;`hYOkUPgp@PA~=^K^#d9a
ztTxO7CoQhnJ9Fkw%YWKXV4|!p`<E&C@BC3?LS4uQ1r>_x#5A-yVYHK1*sH*H#nrVa
zPOFTwIkNB;`8w|~e#w$er2`oB18{8dqy{l6du}tN-^SmVs?XKC8l4b_Fg9-VReYKB
zs8fX$40~MGhw%v0h@L#emEPnJvp5L;wsPFTU15M_*lqfLIW`T_)XJjNx^s#Gagr<s
zvD?yLre-+3o{ml6()Ny=qyr~a#KR3v4ehJ!+Ln+E{6){<N1b%aXG4mr&o5o^VEn2C
zq?dy*y!RuO-~F0m2U0hu28)uffyEvSvFZoc2A}g39138W1;6SW3&5s$u*nUE=wD&n
zm*{#@pIR<Ik>EF8=;S$Z)5ijZ9df)e%W5%s2|0Y|3`mJBdo^+&jy6(EH$zD)NHhNT
zy1-|KT!FRo<CcW(vqElIM<Ko(g@MofniU?E*8VeI=JXLO+j1yD6j!^o`f;E^Bb=Q8
zGrPO8ktvTaa@Nyf*SgVa^XUQ^&1Gfs#H|ck_t<>SAmxljFUu=PeSX)NUmj5>PHA{t
z&I0pzI9`9!^W<<i+yTR+y~1Xr**{e($MmyL()Ddh6%qwn+xC&>isPpoaB<P`9caJ}
zdHZL|d^xYbwhb-)?GW}9nD$};kBdjp5W>sCx&oP>a-QjZ$=mA;5acy3>K?9B2!cXl
zRDR#AJjT^d)NEZR9_w5FdvE5MKAF(b^9)ZpP7~r1?ibAc$n+~8WQu9#gGj`GJx}3G
zD13b%VpBM1?8L>sTN(b@FaW<24L2mjF-%4dZ55Ar9U|25<-=d}OBfB8_cAh;*pWk1
zVbQr$TD$GMPvbE*sXjRA^9ww^B<TA~Ya2n-Y2V&}3{U$D#9UqSBijh-+ahT${ISsR
z3l}Tot?%B6<vd`j1q*XHS-&s71+nYvUXb-m|03P9|I5C0-Gy(j#S1!6R6mim81Nw2
zde>?0-Q=Ad3B`<YezA|@tR=wv{Jj2_1v51whIdk4`3;d7Wq}w&gktz^<g);mpzGH7
zpA2kd@KqRYnhzmdCJqA;nAKmdTfu;Rj4iG^3&MwG91&0$tvoLJiv;hAdM1-M%dr#i
zVVKt;F(v80dUXy!-27eiOGAC(i}A7GWBdF1xSPULY1)+VQDt4@TEhGB`?Iy{5A`LC
z*W~BPM@A(k!CtRX#?AHU2Kv?YucuR3kD)#~K2y(fN=&Lgxg;rBH$eE!@XsZT?c`_H
zhmZE(6M!sSi9PD>kJfCMkD(4aKK`>@J^}eM2|2jWhBPVtE_J|m+1<P9^E>kWPT3vc
z0lrdw7Or`HD1FV^sq~tCQ?OHLvwSaVq}Q*1|FRriwe&7^Hl%*~4#T}$JMp&sq5V*q
zHBo;E)5{4Ta_DLQM>U1(?tf^Wz<+S9x{n`l3qJqBIjVoaQ8&>R<-Y1WwB2(i8fB)`
zSY1NnN(<n^-hID<^BMbNh;57+vE4_gOe3CS>=Pk|VSL54CuGzt$}@~Cj9UI9Ug~#u
z@b$m@iRujaKlGqL68+EsOkO~jN60$qR6|eYhMai_l=sg}XkZ2y4B|1q3c1|$ICKxE
zL6wv4qe=f}Sj{gxv*3;Sus;?cfHqoitZ)!v-M8fR+R!=;*XleiyN+fg8bt$38uWg#
zN#%aE8L)PKNW#}FM0gNj2*)mFeZ1taj1IRsz0QAMS@mk<v36d`CcI7GfXA;8nJ8pk
z=Mgz~F=npY=s6D%{Yi>AtDg5yn4rE{I&Uge-7#3B()rxPZ%>!`_LijY<Er{njNIc_
zXVTewKfj)x3#)Km7)AB>*H@b(`9k77WWI(^7XmzPqnu5b7wc`%!hMi01-~IGpyx@(
z|C(yeedVYKF1-6MpA^X4v|JDdNp8gZ_NE@M|2<n*e?SiKpB+F+GpjWAKMqqx8_!(p
z8xt5pY2=cGMlblAp*~w{`44Y+jSHg2;k41=M8xylEeem<GA>y<&fG4&;11gX%1q)J
zdOx^C4wpubXHJhM(#P}qtN>q3y!H*o-b|R2B()tot9uluWVWnH^3zJ)WB}AxLy>Q+
zsbU;;?eC|+I%l4$r!UvW(1grJwso^Oi>-l&VOLA7aY&%x8y&LI!<T7PUTPp=rTfQJ
z=B1=!EI}h5983QXbKaLr#MML)%1#b_G>o<^ah}12R0JiDQ`fIUN*^+iak3!Dw1djX
zj7aF84rYmuW3d1!I#|^JW+^Oa1*YJ;)Z$~Px(FR`g=jLLxBqSPv!QP^L=_&k^_+|s
zTDuo4Gi5&AGben=^#VdT@g~~ub|f-6Ds$!5K=cwIb;Ry#t>I>^CJ*zV=$jE2U1pju
zlytiN0iyGn@6Fd*0Q*q<^OVfQor^GNIr?h=01{r(zuzu?Ry4U7Ka<!$_91i;4wHRd
zd_4eseqlUIc*HOYhu^HJ=bw`t{wRE6n0nTaX#?_c7Po69NxXhMy~XI6*p7eoe!x2X
zXq+P`SY%uO5eZ9p3d?u@sTZ^jcPxpi#ZBL$zU*yo{cPyDjK;t0v#@&Ct!LTJv=AIg
zFle`1Xwv^<5ALsd{IU<1ru%^T*G6y$Lm^<IpCYWwT^FBP`6Z@fMrbnyyOGkdCU!OD
z!3N(5tJzM-%k4aZQb^dV35mgb!3sFQ6|b5;at`_-#tU>lKDHA4t1;&0YQI;Rx6L(Y
zO^d4+$k9+&K!MEE9L{XwcU}z;F*CRGmH<1MMcu`|BAr#4Falzd&%u6mC064T62P{3
zp($)bUJf~`Hx5ZgutXrpjno{a<&UxJUwER^diV2(cayPzgJsEQef7~42P|F(<l&Ii
zEK|KtPiL$-+&67LGzSiiUmhmSZlQ=!FyO)m5IA4riF=hLz$ji{aH@Wf2{ieLMGyvs
zk%>p#yu8QZ0Q_hHHOIW~9HH&Agupl%AZ)Y^nLH8%c2Lnd=nlw;YPhpyy;?CJ>KMC3
zLo%Gr6>%~iW%Isq@1m`#FCb8en~v%HaX!$*GxE>eYDc{w(pA=~^l>b<D$JB)(CHJ7
ze|mg0{F9-EK7nKpf77XHh|e>e4PGD#yU1O%=Q-RHT<fY;BiO@gTm&ll92j)3@-q?E
z@1R5rNZIppEQfW3FhyNjf4?Kibu+)YZ+|V~y2t)9KTqX%`0ICOXH4j3CrF4gXv@vY
z2c2KB3zduHZ8JvE9@he1abnIVb2;A-y2ERKzY`hO|BG0+VGo7acZp1x9e3PwBYF5Y
ziC}ko+`C{FS5}OV7oR4miU4~vgIR5fPj@0OC`?a`)%F|K8WF?+Dd;AN&}OEX{ABOi
z1iuT>>==uf-nd!cPgn<(zUd0HK?@+G9CW<iL&be<!MMDSyteoZ>0^3r2W#dQv`5Zf
zMsXl98?#|e7=+^d69V0llo*jcVztJiR}q`61DX8v^px@9C!+NasZF4W^y`>AYJ2<p
zp(xl@u1^(P;*@;*K*S8@Y`hHO2V}<}N7Vl0?W`*Lk5S2uBD}!3vi`tlmWZ71_&eId
zRRl~KF+o{EUt7AnS$?A)2FoI5x!X^?hGvI{__FXmYYy;B{9a)}t)I3zMJwF*rwDY#
z@04>Pr6rUfg~t>n4Y~$?aO@^8MD|=ZeS*&OPKKVG^|AM!mSJJRNyQM4HeJY#N3VtF
zDfKX~1NRxC|Eb6E2T>TgDDpyKz8v%kGm1yU-&Q-(6e~CF>MoSS5_(sm!PP@@FX<;|
z-e+slKFFJlt$s=!hPg0j`VJs#VjuExyc-4KYfb%i<E^~S7CZrnkeN?0nUTntsGyut
z(fsvExn$SpRy6RnD@c(u%!wbGj4CX|v2&0@X;RjAF1Pp-+O0+zl%lP?S(btorJC($
z*uw6Y^=)m}5kR%h!p->2o_YN+&n#1*B>5?c{K8mQgT214#(|r3*oR^du447z&kP=2
z%>$Mc`kx5Ak2(Q?Do1H!8N^!z(Qd1y_%wrb!Q0Jw|C7M!Kq}@n!KFp^2>D~^ftw6@
zU}FB>{mwVE9n=+?XV@cwX*D-<Lv6k;w#@ufgUdUc1zH974IAzYu%W!@C6-@@mN$Io
zd(l?C%2VTLWV&p`l_Z|yoxTvj_@;Qa-kCl5bv<2TdIPu|Xfq@n_%{J9ByovpU&@fp
zY@gxy33|IYNOi<T06y6prO;7yq$RR6d$<qMp+(8TYuZ#`#WZz#vfJWw<rCYCC!?IC
z7bl{BG&}o9FT_><EaVTVzve<jFGq)3Za>+O3iC?GI+Ifp2}AY%#^)A!OP|AT4&CPQ
z=!8({$BP0i`{;MJmr~#<AD`>1^}3kQH=FobIT$~=wN6}^I^b?qL5ss>BitMk15rzO
z#Jtom`-(M{t6s^7L%{QiZEl4oiNL}`@#iBRGc*=*jJyEnxuPCsn4g6rwTPAjW`~Da
z<@uPbLf%?HC0_F-H29d>){C~SIe&goV|wNd-WV7gfx9_Xp263d4E>VVPxAKrO<x4^
zh-RFaO6Fwy;hOnjJ@n>NHwJOwgLn((T6MrLXM}W$z2A8i187F+Fq&1y+?;)In+7O-
z(LU8Pg%^M%vq4rLl1hEk5>zE6IC?Y^Z<b)ZJNu>%IT$M)b`Z_b22xavrP(#$$By8P
zycW<K?^zS>#IS+hTznVu8c6cCrNMeu_T@(`lFT4OO+!}IxSAYdK?#0?bu%t!g#qXX
zw0@1~JI?hQ%n?f`A;_)Z4}-tgj*~lTRXW?7AJENRt3SK3970^5kZAu9%gc0taUn!8
zFowsHcFUe}DT#S9SZIYZ-L8sHfcmY;nH<<x(v~L)aopq#?S^9;|CEZ7G%${Iv3~lf
zmM%!SU372%kqFtDDBJ1L(d?Yl_m3_*zC!Ql=LSmtTiR?pTBoJBpPbnyB0fJbrzk&B
zrI<tvx5(I$mJH5Vpl@@l|M@w>{QSI|v?}WJFJ@&w>UV@F<LiKLLPcOnWd;M~8MqnP
z61Zm+Tk4<@*YcFfzrB_zhF4VeudHIwj$cO-94%dNCezBOEfNmEz1#+qgyyhvNWU0i
zT|DVepSbz$%=3QzOj{x9M|$+B`{nIUoF7dRV}=h$hlUa<Way7g<rJH;7EIXp@RTJ6
z%$tL^A#pl4B)^XJ3x#+%r_E@wgZM-sAFpCega9&9MQfI!8fOh^Cj(rf4Xm4s7PvzY
z$Mag7Su+Ws0vWKRhZ~oaB~Ws4V&;K?!R3+|rhoKB&TuFlR+>s$A(dLvb1ghgpM2H&
z35*x%hS_yZP_BR5fgJ)dG6;GRiX?j$Oz1^e_1w7RCoNDsLs}313TfEG*%tsbjKK{X
zDRz2mYqVrki;d>0u~q2;T0iUY>JI5fi#eq35~0^r5*O4y>%)`6xqUfA693-LkX+Kn
zbF}Vx-AiNnWDk)VxABJf?$@rfI!07J@%@qpJFAI)rGD=eyq7&|>HK`Y1uEv=zk8_3
zSJhQ0m~Dl~Wg6K6>Cj9<Hzxq7`drKx)ba!SznL5&-rz6k5B=K$=28pq0$2tEIOH8J
zB@q;NBZ}NM1n!MrIi1Hd=~zT`*vgVdz-(qZ<{A6db^pG|kGfM}mDDFOaejEy4E+Ej
zh6cey!ajEjAoyiLPC9K?SDKql{zfc=GJO<`2zSS3QGj`>D;fPpn5h7KSMHf`i1$8N
z%VY74i$jb)f<Kknvk|+(z=WXt`RThJ)hGD*V2Ab2wCtih(et!wt5JV)6{`Dyp645q
z`a!Q;PW<X+l=w1B+)e3%Tqd1xoGjUvoB5Q^KL*vmWwrq%ug!MW&(S`^hOt>YLN*$H
zjmeJ$>$YnXQ*0!GosPc%m|)bW!gE8~T%)DdL&o%=Y(odhL2pW)!-fV?N}nK-jQ0cP
zwO6;C!%=zVbMG=iq&>8F+_DT|FvMA2V?Bu|oN-m(B}PIA36w#Wm;zIMQd@oLhIKkJ
zCH#(|F(D&Hp6>K1={n(CL@XVz<bgp@)ah3!-*CQx`Q!1xee6QO<67-`cklH%joTGy
zi8n=gfI&c5SxF(tn_%&n5OC6Ty-=#r*|^cFT}7{CE)9C$pT)GDn(g1cD&@Vzal#v=
zocaDcqnWCLegDwx{&fjc{Q~qwf5nigV>vC!&ZlKgBdX9!pZD__d1)t_q-Xg8Y_k!w
zXw;tnDLjtPDyKETayd1%;X9ptJPfJyTOl<rW1_{~YoiPt`5yIpO8O_a)h3kVK2N3|
zBNRXGr`6MC{nylon%~Xmv(rwm{_$`v-|`U<a-NKezC|LP{=>cb&CUAlBW9_I3(Yl(
zP#MYV+^})h1$T!r=$V{yanh%Q^<94Y*oWq(R&uFELcXO3=n!lD<qR(uIwayRXR~#S
zM1+Woi-pcFIo9L4#9Io5qjd^vB&f#WNuAe;C0mCu`z5?<=fUq}8y+=AX(|o_>yX%(
z+bZB+bEG+rg@uB-EWiDN<GEKVG}$Uh@@CwiBUvFOVe4>KIWr)b>hGRa!{bi^vVvNM
zdjH8y4X>4P;G#Bn)69=V;hz2N`{V;!6y6;1+x-P6Av+(^#{)klHh!3j+Fu{NO+ig?
zRet?=f~Tg$U4xv?6|?QOXqEg#r>j<{z1QI8ytasBNJWVB-|B~(N29;hTvZbUNQl@?
zo;Z1P9(SGMxpWx*MkWR2+jh|R+sjPCY4Uo;FWix}0p&<vcv~;P_fdxyb{m6~1GeRq
zpA#}uDvMSZKq0oDMhHZZe?p$vj3XxQKNPhy`9CaY5zeE1q+oyFG~XXLJRIM&`)SNf
zQ{+ykm;4rvA_jj@MijVRD5sbv(9>qGu(6FcuT@!YrAvyZK(&pKA{;TP!<EF+(=K~~
z=iz^Z3Q%!vXn{wQ<rFV542N!0VmG9A27JArAMbjf`-b;D7n;3Jm#?>eUr}Li8@+2k
zMErQW=EiXj`*v=?(Iu>}GjZ3^HMXwj#X(Xz_8uMn8;P6eXJ<iE+PTs#c4ZMw3;oo|
zH%I4?b5ov$+0v(mt1l&Pi~2(e(@LweJf0rVe*qY!h>r{{ql)%uO#>DeOin*kLdzFC
zAzlxvkh0^sw8eB4MG4`H?I2}Ix#o@fb@Lp5nL|qGey(7V)E+Q37AILG!-YU<cEydZ
z^)<o~)qtLWVhn8blZ{D-$=AW?QZxtx%}oSU1!ucqEXMm#HpGRHHJ!x1kiw@Wf59}g
zaR!hveRnY)BZx&dQhp@)ujFL}lIv=kI$XN_*vU)_fP#(Vs?YK-a5@hREueB#V~|Bf
zQJc>-u&$%QmBxlOmI(K+3IFj8j&(*VJ!O!J4BvQ0wI?%z*oa!%pRP^{ePQ56wpmv`
zq@{3<@%JH31cgX6J8hJ`+SuUu=Le;!e0IQTP$Dwo)@_QZ{>RBso{}rma-@(rPKjw4
zD$I==B9Gyf-Q$a_h+pI!n&GN@Y%O9F<SE2CG(I;2sw=A>BEL^{vh40=6*Yg-^ygIE
zRT86v6M2h0!3iY+!ci4`>?=VU{1nD)ctRZt(rl(WOi>{GZ3;%5XET3)%%A1o<~xv`
zp}wFS3;~hZ;@3$swN$&;>(QLiHW_l!z74c(@r7HhnyZp~R-II*9{#y~RI1G|KkM^v
zO=iU&-|pE^U2~9PpbK*OF_L6rfa3(T3*_d=*=lp_lL`;QMkcd|f%sih<Ms;r8hUYy
ziB7JJ#yZXH)eL`x{1DxMWh3qH|FHi>9ZIw$#+ON|4V*}mkM=}kvs-SEp+$MoX>KQf
z?RB6LW=$>Zbb`XcwUfYxE=fqcYb9VMf{Xcz`OOm(9Wox1g|F}1V7?^1_65Oy$UZ5@
zcN}B8iC@qmq0AiRIXwM1lc3*T?CoxB)rgjbt#Z&IJ08@27XeW$OiFHh^!EU4imR<e
zqN$*j{Vgqh>pIQ&voUvi0qY+&OG(q67&Z0JNPZA7BnTSlrwcLB>$N_(wTtJ>xbuw|
z>?-pqQ$+d15S9%+F7Xpze#$shbwTlM5`xMHu1N;*xkynu#`s;fYT+*yp-b?y$;_Ts
zO*Sj?w&Ed?g;kp}f-$W(mrwxApBH-an|juMS8Uhzqh$D$?<Kr2vUCnv=ALeqlT-I^
zrAF#cW(siJeRA^$FMq%W;xgx)TH<-LmH)ziTUAwvDjfSNNj`<`{X1i?nBsH2M{oGB
zB7Hqh!1}m}Hwqa{xI622EuRaKEHP*8ns%l={<A^e+=tcN*;g`ryU_-;xl?x!h-qJ`
z+D&*=-e<OVtm1KKbq7^i0nOfb`+R3=tqWK4Hn&0C;^5bo<yMPUx69VG^A%^nZH^fC
zX|#5q@w>dHQ&_IDZ;UlCg)J1M{tWava_`k%7!q5#M)7`6YY>{iUpj@t{IsFmp$sVO
zY)Ty~H(tLyUf)%Z_5)B2BXt+ufWzs;>kMHqXS7(BsNs+zlJ6ZHw+(sl5>7pfw(*Uv
z*~BLkRHwXkl^*qu*_Ya{ibt-)3c#<4Y{<B_LHSfMYhOp5!9vCSLB$wEc<s<I7-Y_8
zvRG%3HmQxCxEo$dgE|8V{N%rfg$S`q2(RJyheQ?6zh(9bg20~nKbl0D7u&OPmE1aL
ztC*fFUDM~XgpHUUb~3MDMI9X${Z3+24!Q&O9W<KoT}eC$$C*)M)jm*h5lnx@etJ|6
zAn*Rr&sl>~srJ)pWz8BPkQ^9w`^=~4gg@S5hdUIsh|WUHqIHBmEVrF)nbQzODn<E|
zI(^6A^zSTG78dX*z(;6@oV%+*qn$q>DM9#W&8dY^X!&W=jj^kp2?{5?P*MtMt$l~U
zK8AunEz?R|TRL4MCk~=};tMlw3b8wDDioCtwszR2J_<%HK8G&!?~fG2jt=>*p6xMf
z-CBnxVXB@9P+jWkKk?2o>0|XmBF4A|G#FpfetQgSwcY}k)k5x(9d5`1vRB!%1fx&6
z0j5fQM&7|<DM%(JrWB=TP%NZMf2=f6MGz5n1iem{Zs2#me-aMK{kfAC)2sZ@Dn+4!
z0dp(QThTES_VRRuY>9gel}V-pMn;5&0Q4@`!BJsFkn7zwJm2X)`9)C;2rap!{)6XO
z`Bjd&oi+t%`o_K>4DY3>l^2|vlw_udnrdMP_#N|g5fn%=-GYkTR1dt_1ykN6#m(y4
zeiC|e*<ePInNgjw;lVi?k?In4HaM$SHY{R4{XErBUrC4xq0{*{{x<{^OEvh0V0F|L
znSh4V#<<gRb4>H>9ywCct+;y^WI}Q4u_=9{A&3BIRb8BeSQHsh+}1?Wm|<ygvT2o6
z+?&`!c;!;1SYveZEF>HgBlf)BFVeT4?Io>erH>ii8m=?e$B({rW!A;4!!fa-V?}v&
zxk#6I<A{Yc3b)U%t+b5QOH$FOODuJFDdG6sF7dTApq;O^zjTkThNHCum;GqxwzhWb
zuQ$NkUV~dbefPQSQsWZtW62P#wYmu}DDX6;x6)+T#PUZh6qPcaBp0j+Ori`IZ0!DA
zLiu&l_Dr@y1*{~SEX6VfUI3=k-WQQZs@+fM6BCp0UZMDk;!&hH!8Tww8{g^uaCl!r
z1TPXInrwgLSkzuep2Sde2Q4?!3>suhDn~%WLw}0S-k3W=tcF_&VSEup3#G#9472`&
zBoLXd)nLNR)LJg17<aO?IcKfJp2m3z3q&LPjOn?<+a%TbRi5YeDO4eu)Oh5F=Om%p
zm>#n{YJTSwa<UHTpVL2XjfsTN)RYLQWRnbxG?3FP#;dmTHEB3Yk-?u39uU2Mq1^)D
zI<yIUc}2R!o%7JD<YQ3_rLnIy_Gc-HaV7h3$DR1an5&%@yzX~Pq@m-HBuYf^!DRCk
znJf)r@P~<=W?6OVoL!Q{Z?ujt0|g;I^JeV`ma>)lrH&47iKjiJoXQY?XsQh10w-kt
z{$E?~0Ngv&br09JZQH!HZQFKl-TrFZw#|EM+je_v+wRxrdFPw|`yn%#oa|)n<m{8l
zB<GyH)+l<ujT(C0pz-iTJ-@E6%Sv=*Qo0KO)gE*$mI8Lgt&mn0?hwEU_NRW6EHj3n
z#&C$J#jB#OeMfwSHgJ(ScrZuxSFbeWiDalt_@X`Xywxr}rGZfm2$c8qp+O7n#iFVB
zP<>O3P*E6v#bB&3vTuSdI1%enRy~DLcwCE1=b$TX5v=xyZ+8fg7CYmuT(nPkaEBfs
z6ehf#l(xJV%z+iNCSFwD&?hegg4qHDZ3mhKRZ%|47D&A)v4p|$(j6T=EZ+Udrx#?I
zxpa886Y#wOXo$JL2E1SYf{zkw2U{1Is~%5LTFI|+g#J67n@f3G(VI4+Ndd`yH;Ot3
z+rLdpl?Ih1Sq#NNK$_wwDf=e3q)i3z@)V-}MTHgqdjGCr<(*77&zw`6x>`cZ1;Rfa
z&_5Z}Ya>ob8W?3^15(3NEY@SIPo7wUa4GR1x@S5yWVt&6>ncEqw^%5ZvU8y^Sb5mb
zWu23Bhx{(Je)`jgdL4%r%)H45Wzy=6G<<^=$mCVC0NsCbYULsC?9w8qf#U#R%O#Fy
zy5#Aem3yf~|E1+81#zL%3)Ua}yxXXJgsIWMf)wvhdGzFzBanDRS(T>hF$SDgK-w~}
z*?Ou?LuQIYrlP6V`c&4Oc#lh~?-)^&Zrm~J1g{KLL26>FF3uSEYgcExKb2vG$dz(2
zZRc^K1I{u#@&?ayk1^kyL`NHtiEP5Aa~k(6?jSNQEr9NAMK|Vxo*{K<%ch}PEvrl$
z_lKg~5%%0V#XxISeSs#V8h2hggq&z<7LB$n*?k>o{k0gTb#@_h9Tw(?u4lR&s~2i(
zdVbcB?a{o-DjXUG7XIna&rHv~<2!E<4fyUPx9IGcf{zIT^)7GNj-YnHmo$@lJDjG$
z{wJ#*omjCOT}2;KWYY~pcruD(e1V-U@17``KE)k9K_D`b*uY)Fs0xEKXE<5`T1Q08
zMl_1a51oM!wF=$<8uWbyoX|pd1&KS>;vPp1#g@Y5zwM0tg5JHl!Bq`oB26zpPr)NI
z-$NHgaLg1}bPAAH_P?kACWZZ{si}^QyzOmb`y<B!hRR|qG}Tk63gu&%k@9Kv;cFxk
z;0II$6926ufZ`eIHuvq$aR(s|=-07(OHGE?o?L!qI#Ui|#I52X!+h(%E??iJf~J{?
ze1}>AG5fEMLliFStZpW4`p>ifq|1d6o124P24amf_QY+Thvx!1VOrf3w!kg3w(|*b
zo^udu5NnRgMvrb)<CX2RwVHfpKxQMq;&VNQ5i=t+@~9XLw}uHIqF!a5R)dqwf$%K0
z$@17XMi)jprpb7dZY@vIUjMo0kc&`MiV+LB2CQSRy^Bw@|09guCGusXT#bQ&c#pz{
zVRSqi*>d25n&$)*qJp=)y)sq`hKCsW{f>VNH?1$Ed0pBJt${G_cE;1LH<#xs7=)eO
zD)~Iy@@D%OsnuBYL8YH$U2x;-m>$ZkiO6Z~P1hpM-d%TI0#D#}LN3#NG(+kML{ecH
zod%j<6u`kMXrZ|yRvpW?5~DFve-aDGR<jh+jHe3xp(_XQgSX5t)9mjT1OLiM`KvZM
zz0dTL;=Nz{EHUe6l!3l5={t!xrDj(u8f8lra=xPIm&9_s6dTExk^AYrQjj@7R6jU}
z9!i{8VBdLzgUV^oRFBmsxp;qu8$fm28v#RyRwqacFpI@QjDh!x@HIXhiZslyy=}wC
z>}nxyfA|H!&WHV%c;V3J>L+Fo1Cy*9pf`&-S3yc$-z#itSBKF4caXZ~6TX)CUzGUE
zmH*;_@r@}x;nI#lmm2y<SB14d)cwQke8&W^z$M5I)F(fTzs7a25;BuW#ma@gkQoS~
zp(h4qE<P7t0`J`&xtAHtzkwkdHE<s7>7-C94Mzb$-=x2!Ya0a-oS?!jW}1A-xyvjc
z^&>hC2*%fkzDJuHqlUz%b4yZ(n3au@vKhz1Q-qq&ih?#?eiXR=Q1|(PDWd-|!&F#!
z1~dP<@!`edmhrA}i7~We9Tg0bNOdt)VGIV=!Bd&4Q8M|=A@)mCqd_4rRSBHR$XhtV
z+b|UX8UK#AIms{{1D^afT2}t>0=hOR2n4n~@bR6LD7tNeRa@5Zk3wvG`shnTI;9-#
zEbrixkTc}%SN-ido(z#ck~4A0(s-4+V?JwQO+8aEmiL*ARCtKWldzMC=K7}e5}rA4
z&u!rjN(>Pd;h3K)EdqVUv2`tn$&762C-fHJnTQ>1LV$Hh_<1)nUakl@Q<&1~D17<L
zboMCZscgMN6eqG=R`Z(_>`mL7pgfrZg7|n!Cq#OROX81S$ttf<Ke(`>G`c4hl?_>n
zD$};5_%5l(pWu4mHgiR3;p_u`MVbiizJH?@5iYBJ<O-u>(V`~DMof3vTB3s>N%3X?
zJv|S2)NSU9h%8FcsIg$1;Szqsu@H5#JEGz*v%T?sPjo-6w&EqujHuFUPPK&%n&57l
zHgxnF&J$Y_9rrzFOd<<5Qf&F*T~XNpvjruJ5f=w$t5!b{r>h*Bt6AEAL+*Dob{1FQ
zjggMQN9GiGG8Z=R5~jPy^oPJTkf1hz)>+UcrhByU+rI$`J26$?z{(=1oX&|5#MO=?
z(Zqyy2a?CuP5tTx9!hP+a7v=I3@uARfO3|-R31_SNqO1BAjLda*>`2sE+Hy+K=Ki^
zbXU@o`ldK#19x%zsqBM`o%M0uCNqK9xyc}ho%>NTBoZEZw0Q~b2=AO%rgkm>2!Ep=
zTzUJr=te&c)2eqd<`@`T6zNb^Zpd8`8oV!U|GV{>QX_wAtS=2G?ZJ`hmr5##v<^z7
z^x%t)b@fQ2XswudD6;xaCiwH+0=tPPQsLO{o^mztza-cjP&$->1a4D6gV{R4I#=Us
zsmDo@bASDEtNM^x(JvPek^Bk3A#w8%uskXb!%TI)1|6WduL25@V??Tx_$d=pH5kVE
zJo|&g7WFBNR<-N3oo7p`OerRaeLQChBJ@67QIfTLk;+5E#fRln%1TI+3~VaxrE)*;
zA5vmBNz-wI5{#UuBZ_d4z4b!BNWV6ab&yq4gO`&(u1|+f=^WexqE`oC#oql9BO&WK
zAErPeOC~KoVC3~c6Sn<x@@n^OY!Auf{^-!y01*SC5lB~06%7`rxZLz#b?u*60G6B{
zBNUj$VId1wb9M8<B#kT8i2n^Hi~eYxLhG)%F9nqjVh>OGeUciUsW@9YW4VP}vYngQ
zk>d+x#T=7!@~jd9Xz321-R6>F1BM)vOfY7gHDE|3OgtkUEy=KKn2V?pPD{BTlwW(&
ze_P)^aP~38ZBKksuY|4ThR?chIFH?L7;$<k?uh(z&5#SXQG_PeJwTWR@6>ztmg(-D
zA<Vg5eRH2Va-cWQ1F=F>Z$efdeJF%~-GU2NKFk_OdBK($HS{k)zipcXndqz|y|0s7
zxF2Z0KNK@Md&Qg!Tu(e8>2f!5h<K$3ksk!tk(3Aq5&o;4I1Yhe!n{U$IY$V*Y(8P}
zvq(A%ZU>~v+rWm(CorZ2tt`H^gF!r?@~TMVHyCbp;wW8Pg2fT&#XaQe2BPzC!oXX|
zSqXn0?(Rb#<RctFYEIonM+<_M#A&=)n8q)wMSkgg9_%Axz@DEDq&+_Dc$j@Ud+)Bg
zW+|gjsbx*C=A9=6E_DvG5egA7mw9^g@1bbx3onF|-eO8agn4HoKQSAMPclh%*nG=D
zqz8%MQJZh;?W}bmPZS;Y@}m~G#X{8_7oOfe7J7rQB`|sb*%n@VZtCpe+}r#-32wk#
z-3hL+78vS?BpxaEFWnb3X6n=!KS+)^%B8|=IGxbHvN$NM5xfMv#G|0~Jg{HL3|Nrp
zxNw8oH!P7-u1uv;G<<MwS67a{x7g}!VmctuKyXF2@#mKESjK;FE2U9yBc$;60+pgU
zkoLxyZ#xnI+$8&|$%_n9QPiu`SjFmPz|HWfK=(+vi^9fRy0wb=>@fADxFuM<f0Sc9
zNFdJ=?!3hMQt-=(-FY1G-v>^1MKWQv#ITZP6zOFJs>DcRXd;88N1e*cLB_0{{Du0r
zv5t%*b-Yb_@Xk6S5!rR7cWGeJo<sF${RT=eI@^Q+>pAYx!StG<@T`h)s9534Qtt!v
z2{~g89i-!Tt)eUgE~0Teilz!f%JhpWA7xpb0^J^uPa`rPel0W=&0{4+)jL3%>Y~h)
zlHe0Hp<7L5Gyk^dQDYqJrb+q_&4XVXu>pw{9m(a?js8wCf`?)*F4_Z|&9CFeS!hbB
zP+2*EcMczM`2E}T-fH4{W(u@pLDHL%6XC4j(xIBEtkq&e?TK{Nn)iPYX;vt-^Wq?T
zzpi2XaS*A1isd$UF~9bO544U0@m~Ng%S-`<gG9?@=yVy5OCm$wsoEv8jv943s9yfg
ztS)GRVTC|~QNMA-n|z*){Ml7hL?C)+`yFQh?h*pSSx}$aFaF`Lm;?sqUmvJjNOtrP
zZ_3`^7r3X0(v^@CzG$zj`wgnYyNA&=tV;_k4)C6d%fcU=f~sEIZ`n{`5l{8J$P?kU
z>0-7VX1kz8GKq1XL;V4};&c5{viIQ(ad$(&)Tt^b9GDOZkQd^x^_hOvddQAM%fkzR
zut=n$<#8kF4(h!rAHi67$jo20ShEC<M=ggLO2Jvfj0p{GH!*NT83@Ox`L-Msuk3+`
z$}xeXL+_y**+5_<C61sJMvoP=%=yNkSmxIWdO29&P$SDD<Qy*X{iWwdVkXJ$C8qMw
zcPCD<YeaD&(;>lN2iOyV{VCas5P(4d!f#g(`mz9y-<{lADd4p)Qq5RK$NVhfChPO7
zEsnR>+Y%s?Iufh>H(Y45@qt;B#LYHoDk!E`qjb*4$(Oz8i%rsdr%s><T&!f@hn`T&
zAO{?wY8g^olh%TkZ7rKr&8ZqQ{p!|YbdT$15H<&RYTlBxTamq~GgDN{IIK#5iF%YT
zPHaR88m_~{aOZ?|yt{9Kzq(ZDhU<v-u{2>%_ar+rWaJi$YlHrsoCQriF|%4;zlG?%
zjXIo`ojlsko@Vu%m;-ErproK|>Y%)Gp@}3r!xFE^kjr0-{blH5o@u-KwDO{Hn|i5B
zLArAkVucF=2FI&i6_d$AF1ot`@6q#}nz}=Ho~N`^ARiRKs}FmI{oN26H?Eu&20LX!
z_AKjCDZ{o@(U8v{+c{(S2b^5_9S@a3%g-@S9CF4cC0@4Mki_N+iK}t7W_#K1I+a9W
z&Mhq@^0XWkI&oipR^>gnt1({8S(M30Zp`Ozhw402Z~MQQzxI1Hdi`7hc3zsAWe()#
z_TGtV`jmexn;^v#Wr@!N!c+2(z~8n0_Vgct1_ZH_&|}V|G>&Ziy5Rn!(P5|iw~|G(
zY)|reqwqcp>IKDG$X5sg66>&pyp~MubxAsvgQVatYf1dl`dpQ^GuGha<w_z1aYr(u
zQPa9<v=U^kuCl6OCrzgW5a&iy8S*FWysX`KQbmsZdcs7{8Fr$XVN!!m=SAPp_W(AR
zjbSo7t37ITDpbw8uBD$M;Y^L>PrsBsw<b?fz&6yJ<tvK!@Mt??nv{Q|asphJiV{%a
zLQ+H^!XtP9{9VWwFX9or?eie}L93(oMKyXdYDh8*VPVhYAQG@W08h~(r5>g>G4(;(
z)i+wR0FQ5uLsk<^3=S0B9<)(2-Yc}?XFx%7@CDLYM$7!5n1$-MNc`dLq$U`SQ;@_T
zA`&7?_83)KT@6EQlc(~9b|_i-eHAP_cvqTq(l}GaH}GlmoCv2K%<k%}5nN|I#6vYm
z(80KCeCrKfIU5jjKulI47S2BEz$=Rw#jO^OlEA;sP&O4`Mcyza+<qW;p`*0hNJ7ZV
zjbH*RBH&_<7tBr3Or8btWuqBg6EvSavgz-3twG?oM6O)s0vaNhg%BNi{5&unql6#f
zz5H-P%qsZB`%;bFmb_%I;Qd$+6wiu)x+y^cm@NZjWnlz;z$lt~Tca)^zC|n!0!}TL
zh}4gwM%ij+-2PU>>+yw=85VXeYB-GBO+T-e%WcakD2K?U?w7MoY);g~L#weoUP_FN
zCkRfCt<fX|+`eh!(ABjIy&Ei(hwRwzdgY2M#8({W$@4#vMk*<q8)|3JFkp;Hg=rOS
z%IbHLNhNE90O(CT*TG_xT((b=>tQUgMk)xj1bT6)v*QTj6FE3R$wn<Df3oWM9wD@`
zzH#>CxD@r~!P@57SuHc10PA=f#UD|aHVvkg$2QxL(e6>x0}a520_zmnvk60za3eX|
zYQn)P(<}jBc)t&tozTz@b$vsAYk}=Fr960CKpX2KfG|OMTf!fn!JL})^OX{tkHnfL
z63k1<or#p*X<4uvDu&C|{3xG7k0ha%i+~5;7B`L-y{_cNu+6d?oGS+xLpI&+kL=QH
z^ZnmOEWcqmGq2uc+W?x{@Ae0m{Yg1aS%`r!V?jC1LljQv;gG1>B*~%MLgYoi-U8&(
zH2R=PKnAi$1QL;upvxnzn6Dm#Uw@H{oMhx5RmR#?28E6q3Sqq39O{+`Og23R7t<vj
z7D)%G&!BCYB&8d3<;e8OHWCdnE@G3Lzc^+ASL_=}S1$4rl_{-izzG-o@lA=$7L1&I
zecD!Ho7ZY$d_#Zi3P(Yoz9xJ#uB;ESNYOG_0Auc(`CCrv8Y(hgm*LvM|9W0-4{^^V
zJ>Ks|I62(~dH_m)v5a^|qc~^&;)1}MmtqkC(ca7+9+{Fr;{}&L3;bH(2@;}}cx`CH
zY01I2STkPhEw9JaL)3DY4X!Lx(@d~0?VcbHHC#zh-Z;z%IT@?-epH#JuPc|z=`LZ4
z2Xs`k=<#0;k=xf&^{J1@>sq&?vjm^{+NG80wyY6Xcv6Id1|o?Tkhj*6G?2vnB|?P2
z2qY_U4tvV@>=U1Wwo3dvX0J%of7!pH?fWw}To_<jemdMT*KyU)Sl5C%b3K>}Jt4eY
zujoR}b{w~Q&Cdq`c0M;nnZm0kn#uH!3Lt;ZXJHm!QtrgavKi4l)OgIu<ie$#R(K<5
z|GWTE(OUPo{-<}X1Z&YI5k*-PBA=fc!H_(0WSqT5#5`KLf^}rUeKo4G77|PR@$RwX
z@Ab9)_NJA?_IB4Oy60S@9&Pbi5HR&c-dcKJ&mK5ZcX%`s6=XIT+LVw6`$9n?2jCZV
zTTb!qicRkpL)?LtM&>Q^8KMn;{%YpjY9y?Agkvum1%gOc8x^NY_E2Xb8j?IDOH~*j
zH;Z(EbwiH6Ls9`YsFI9EzDb889L0>?CnrvX#9^Z%?n37MA+8Az>4X(UK2i<YE(pWt
zJ)3$SNY;13v|FmqD(zoX<a?f?Mu3bQPVM(9*}z!O*9Gan{@@Ra5cmkoyA+RHEUpq%
z12Y!9)#eaisDX4ZJSbw~m{bGs^iw#!g7=UxUrTC_v7wvk`^9blZbwR4S0AEGQpGw$
zs?+gOGo|O464rTfVoOT2hrwVMUu}I-F^7H&4)iBIJs}F=sQ$1FgIHl!R{(y(^vKpe
z_1?!Cp}wf<!tYZ@CB#JXd8}X`L61@fD*f}>2GETC&O%40c>2nYJ&-Bt_38}N^KIin
z-6MPsECqi~irW?}_~A(N#6LaMs91WFY9s~LFxUQkBWurVA6ncCUK#$GZZmFeYfXA7
zep?EYg+6fCA-emK6aglzvVeMC^S5+EE(zeHsPaM%W5k^UaVFEJ1Y(TiC{MJ3_$FAR
z)j<>7w&eFbv_M6Q=ubWi^5-!0a6Gh^k9lltUYp|+8EWg$-s_@rttGricppushLg8t
z9-b1;%3sP=Z%#wLiw$@n5Dm)^=p(A-N)Twk2qwAS8h1Xr7|Ke-{{V+n+1y6k5-ram
zFwS$6&y|Jufcvu)w1+~TW;;bQ8eFt+0fXz!?(5BO)lR{7CBs#b3N!_2{xhS;nngT8
zC8vL;h;zT!gNW9)erA*Z!}Z8a-qd-&xV1Y8TB`gaV%1VncLb|K<(D(QeP!_`iAYlM
zVFA{i!}wx)%=|_-q61v|rNqlgb;uwQyDY0#nyI`JlTy7KscF7C@>O@1S~=*okK2i;
z(Rbv^%40Yqjh04XOXnA>lTCN_Th9q<3VrQsd#Un(OdXNPXvShrz~Q8!=#7mqutcUT
z;D|M4SH~v>b$8OMhM?#n)2>v_k3%H^-WKGd*Vu?Y44VFM{{~R1AbJZJ>PMf%Ps0yU
zG3zYCVe^p@&??KA1E(5)iJsQ!vPQ!tq=QGRoqZvB<g0PXWBERBxmRjlsDXKy5$Um`
zu-u2z4~I;HVg|X)=H4d4={sUrj@6cLhn#^3xgf%%J=lw(@fi+ls<UIf8FHk-OXYF(
za#7GU;}sjJT>MZ()o~GglG%WCCvP)iMQ?dC74Ih=vkNp*F0B!Ln_d8^CB^w@xhJhp
z95jLof#*hWS@TNXc_}i|3SdK!zs@U@7Up+qqCyl)8(L|0w>DMkx7{^G{a&$OOaD;L
zx;>RWtB}$-S?5q}L~$!ic#(7(shCC;KtkK=_^iGih5#I{>rd9U;MR_gS+_>`x=QYI
z&iP;%Q%U1bST4obS2VMsHbObd<?|B3#`5JGP$ho+4$zYW5okYq(tfM2F)$+X9*Dtl
z1j0=}|L5Pd5kATM<zmIpwwEuo?maN6`fP8gs2x<XRs^lrrFy~xlRw0=p+Bvx{Jh~t
zYJ(gh3I|x#USVxWaOy<j?rNm!Y2BBfe@pY=3W2GO;=)WLnVuO5t(9EEqk|hS4iMox
zTf6e+WoqtrN~HolHADYraX87F04yvtFcb8!JaGNH*4{kB){Umj4VPtmk%9!83sE`7
z1sHGjflHJA_uq8O@5v*s{)Bw~PR+g+kYriq`eA^SAi|Pn!lRmKOP@|B{ko2m9#b6^
z#;sl3dhOXR#vwRQcs-=1AZkn~VMBG}Nq#e%NMm((bzcUFON0-59b4Ls<{p~s!K%hz
zH(rLZATnj~rp}@@+r$nO)8Gp38H&+%zXTFycDpN-sUbq!g!(HbLxl6a^hiAfV_33J
zpFaRf2@{Ic-h9gnELV|uOg<56(*xOtIvObZ_Q^}`krT<C2+Tzb^=0q2;&A*PdEBAR
zSBbpDM2Kofh5Ae8ZG^RCI1V(qDcw2vzt_B%<SG1w-1^m9ot_BJ-lD?}7r&n|qGkdl
zDZ8Yow8&Ucr2W;iy`n@<POen(NjDunAPoU@X)K9P{3@=2G}KPvDNtZglFB#bv9e4E
zT1Ckq!PRf5PM^oL8S@AOvr?!9YV`waJCYKrV0%1?FREyz1CotMtK=mHoGmU_pA<7~
z<*rfPzFMt3-ia<4CLE}gRT+@MCdjaYLwWV4@Cf)yKisn)s<lzDlnD<4i9jQ@3YUN_
z?^t3Yv79KkRp4@T%%%0|JT)5yjfduu@xr<)ZrQj6VvQVvz-j#>Xf2{zF%=V@>4377
zeH|N5`NC2zr_Y9CZKo7UWO44a%@gG;2p0ydega4s>}0*T-5Ro=6n{z=(Xnq#G){jS
z%<d##@<(Y;#PQdxpKt5f@g29x&S8LlPnBDh>ly<Imf+_o+lS*PPc;F2xB2ht7PUTi
zOW6<WjIA;=x1vbJg%<tIN7wp)wPjUfH;0L%YYTa84R4XC>=lLI!>`S~fqYG`e+%y}
zSPiKPPAf8HVN=!ZSis3XDtM~**xTQdyaMepl5K;SnvBUno6cHfN2ute13>_0SFz?*
z8~QL&cWg=Y&if-*HQX{RFB<UbUQHW#AD)LhcuRr$x>UAFTnJ4EftJi<d?-?Sh1|xf
zT1CP0)dv}cAiWL_4lU0W$FF7nI1SdvZBW4*8_xo2ao$4Mv#wk#5!s1y23=m*<^vWJ
zY*D{Dyei$kWknI3_QP@hC653cj8liamAaK3Gff>UC=Cs<vd9KP@;qrx%q2}(?72l*
z$WJP1b@-i!O_3q0U9zlp!X>2|FTt!p6H*5Y$t7%^CB$1{S`MyhKsj@#)7IpU6?v-5
z26{IgK}K9g-0^k95r}P*pAEH%R9|htSFWT82P@}IQ{lJ}gPM3HK?i>FA6B&Ux5U|!
z<Vc1VDgaMY;E^9!br~5+v$6>{X*AT5+RU&DC%Gw{Fe#%O*#eZO-iZ{P0h==oQeao#
z?bg%LRigzsGD^xr?}h3Wt#^Uc5lX^j1I1IahCCN_s(*m^<MG<k&j5vL(sl!C&ROc~
zEsG#m)Ma^!DKnSm8w&t@4k{5WM2c{ez*%wCE~bG!mM$~>!0pt^cDLRHQA^3PP<1?<
z(dqc5C)UGDJ7;{WlP{HjSk6M4xu?^nk6f5j8XR>LO&Cfc_2S3R15WMe0sCr9W82kl
zcMktanb>4JYx5CQa^KIU4Xi{l*$}^@Ib=%-#@;4ka-ZjojQ~6=dqnF$4pUj8a%BtK
zqVFiHKgmTRnF%XLi0BaT6oXv2+!{Dex1^nXr4H{5;o01Uh-&XDzgv2j^YL9C;zzX-
zyTiMfK`SiR8joa~v9M8RCf`+WQBB1lmlW2_Hne3qka;_=$=ZB0@Cs$A11IfN+tAqA
zg%XHgO85NsB?Fvc(P{TgBByLfEhiTTOziBUVX_QS&ZW-^m#RwJ`2RLeCyK+%S0w8h
zn@?*5%I*&}B9KYMOT@I<o4nE;Z@(`5AljG~3x$Pp9X~{xc-R~$>8Mjx_ByBRP$Cw9
zSC77Fb@!;Ek~GK}tkiIwr+wR2%it5d_oZ<7tckBiO##4w_Rj!Hz3=%VZm$j9L9KN{
z9!SdODK4{$ePSiB;Qdsg$f*~IMD_Tejtd7cQ2b$~EE@m84lxAcM%`-lQC|K+s4t|l
zj&h+8e^2;zZW3{}0wI$?<d_SF;e<63(vLsDJJG^>e+1z);4`xSm67IO<Lxf2*1^Sd
ziH-ReTnk`5c*=R`?g>>`(a~stma6uc(ky1tle{&3vzOGTN5zpI*{$r_=ee^=`y^!;
z=;PUBoP8H(wH3>}l99kp=+b<^Xs)(P2eLj<GOkMgf+kuu6@+bG$tVna&oB!HHP}4N
zBnVa5@38};BbDdV1x!(1sMYzTb=K=H$2u<d=mg+)HfD&8*yU71rFGY)isL(12PZ{n
zw@~;Vr1{4vU+M~P53&Krx{R;oFeE6PfJWONXL{*IQ~D>UI2=7hr2=lMM>5F#SKX~;
z>M4U4dska~aJWJ0lM)|A9DePx-)@BleO94p3g(WGq#ZrBeg3riN@*>!xlTd5AqT~R
zl@K5^frMoYgRb8NsF8Z3%l4Qhr3Sm4M4z^oPvHzyt(B%C+&q>(Xw)O2E~z)W$t%A&
zlaBpB?A(W6iz&j?k>(?a4W~4VZ!!cuvi;p064XAg0mayeB@sDOJM>9o5}1;gdRwx_
zt8w2%+TigSi{nt?4h|#%;hcD^!`a_ONe?hZM+M2aCzzHzh^PqBJs_@#FpqS-R&}_t
zNyf*&pe}K+v5r}db*S9>!4pp*W~bb3jhWJkXJ!L0iE8(FLk4zG{cbw&yYUiF-EQ=^
z=^uGdZF#j+JaYf0T^6bP>TAoT->T(;j&nMV6k?I6NiwGr#mYvvOiCZ0EGluCQNw^9
zfO)ah5~CP29<q$EQ&)GF)|HxE{z8L%jO?=Hkwaj4^TG&rgRrlEC{l)-wwPOdj`~72
zWo+vu|290PaO@^LW`>Y;EkxUrj=f$Va*`<}w1p%9Ob5qhjK*nxC6<IbP$_;HG2KYx
zt&Nfvs?g?v<ndK?lP;d9x|$>9&Ie${Iep?+B!*`qNQ;}ROe$Z{2=j(ym5OJS*u~GF
zkpq&kS?e5`Zv<atifb~HBOwQ#DI|tdE+@W>?OJiDN&QAS8CF~$hz_A!z$$9ZlyE6e
zx=<Kw17}v5i-u*C8%OVhY3It$FULWz4MYE@Mk&ZC-??~qe!diIS;XoBBNgybP&<ux
zE><&aY<INIf2rt({S=7yjT1HM8>&xfhXM9Gl@Sja?<SnLy3s&$@&xb1y>rKvT`n7C
zH)JF+{(>Nazx}?ADlGvoW{{O7NF|au2aAq2G8;K9jJZ4qy7Z4Or)o+S+&kza&ocj1
zr_G9=b10y9Tt{5O;r9l(_86dwtQ^w7&VQYmwut4#_p69$Zwe%jc3y+UZ_t-GqgS6>
z6_1uSe#jhd9yt<pP;z&1(}WbOv$nq<7=?5Wj78^d9li$ylmkc8IfUn?Sh9l#td65K
zp9JVR_vl12^`Ks3JrVy?(X*5{L68U%X;8}XCeMIFCN=%bk%<>Q_ZUztDeJrOi(=d0
znB&51zOSPHi(6DVmY9M1P0(XnuTM8e_D+&#(MDR;?7jt$vAne&fAd#uT3(W_C*gPk
z=qjxRq33(LA-VPPP)pYOm8<vXQ@+DPlznA^n@ZIMb*Q9Qb<YngjaTPa8xVQnL83@V
z#ztZrc?2w0R4&t3n<F4}B-<;uF4QUfU9g4`fJDMso-vaH)q0f8zWa@4gwgk_aGk%n
zG~Ok|b^d!?%_>cp=kO^4O^N4QDs=$RM9G^8*`0%SPj{uEv^~>Q$W5)T=|lS-J$5@5
zwhziHjVGEQwFzVMB3igaX-UJnVqhpktm;vJw`;5~0)SO^kN{9<D|j)7qq2B|`-QdT
z5Jhzmhym}A@@l@7UmadnZ;D~a<jCxIVTFpYmOsQ71i;`p!)sk#lS0+GQa89Ihmxos
zeYmk&(I+co12JMO6zAAgaAXh%<H7h!Dz{?K?vPfK=^KZNBWiFW!OFe#3dGM-azcjO
zyEXl$M&+i4fdmXf(LH}Pj=FbMbOJJ9;-Xl(w18w*$oJ-Rq&U1G&nd4}TtbN*4-$_E
zyWh`I+o|KszQ}HDYL&J`rHfpi`P)Sz61Go@%T$b4HtCU!+^)+Gk|rnS3mw7p*+98?
z?<r2b@f>|nur%}@QgswFh1~`n2?sQt`o4r73NZAcT>*~ckrF=dWyx&doCKf;+;B!^
zNXL)li%c4bG%%-sD`|*N3vDR!{)LnF%%53q1Teq^qwc4W%LDwr&sa;8t=UGa7x_Z2
z<kXnO4j{rYVG&VlTK#E47br$C{%pX}7dHM%pUG<yq&O|W85M5jz5&M^OR>;|;h!&F
zlt0QZgakC=0lT#$S^}r;Q=TjSk(!@t5^?e5Lzp{O_@3-$L3m{SQoC4z<0^XiV+5m$
z#POnQs1zV&IbCL<?JCfw-|qIy*Lm6QDY|y|?PGsY2pF^$;4(|te5--;wgNGVGF?V#
zLEnahSvH2>;9eVoE?z|21^&&f{UA{D)O7sNGYq&1b2|@V_W6?i79vE@&N&ufJN`PT
zJ~$wm&&%c}!dbtg%+G>dU7@rH_=X8CWnJ|HbAb>J0ZLr{9YVT4rGTsfxfbLc^_s7j
zE5<VWoGxaJb&38LH|0!r8V546ao;vOsZ?=?p@-LUmahD!OxRQd^RKXJ+^F-qUQxXq
z-V;FMBkoz5{&j|pQxki&1^dh~`OcaKbO-aKaRkp*%X(nEnwL(~J<&UQtVPOBOQq<+
zWxCf~O}Ns9C3_|r1|P!rKpbfd+^Q1{r#4Z$ujMQyMI&|~xn|{+gT!hv;KYs8RS4L$
zkQ3T0)N6*f6*qE%yU?YZ?*ffLXza=TvKG+J;g<s%{wG>?HK{URF=x=7yrr8I3Ld6P
z3LFZ%t^=oZf<JBW1Ub`Wv56I2r6LtQ%ha?tv;HL9F<4uoVN;QLG)sSbLOj?0V(z2&
z?;JxqEm}biZ{E==bt*pm-X4;|gSsts+DTNSBIv+edACH#Z^Q}KMa1;}KOxgtQgHxV
zzYgKQOkn#0qRl#Qpmqjtl-HymQ<p<MW>#qkM+4F+aAIRtnhXnw-qc^0i&rUN?0J+=
z^$Ct2CG~oiGLhf49I$n02Qz_+9lJVapOcH_9m~iaR6q?rOIv@u;CB$#fx?S*Hbdmv
z%H7%H`N)l#?gHo3eDmSa=E|1?K}i6tL<xs9w^79toMTCdgmC!5AR>frJfA`al-OJC
z6bJ;t3JWiG@q!CKsxZw9eC*nx+m<c3;?L7ewH-g*oYrpZM5KQqyMTR#>po*cHo{?S
z{eiBO2fr5necw%7*G3Yi5P2xp^q*NMwB>R<J|jVU(WOFdQI4nEg5C)$`X&G%D=(bC
zb_Ovc0?DB)lmdE7pJ37D!W?$B!3nk0^qE@rKdzDmZ?ryw1@f)ksJr|7l{4z*xfvF;
zFHDkMMw6&$HyG#nPiP$-G0>~*3b`OcTpO5m(CEp05f~eviD<TqL*6vx-<H;`e*Sy#
zz(w2QmWRpKgm#nF*|+$;z0?5P7hm<RU`Gz&zE-o{Z2Jmgzd^>Sr3_SSWvkXzdJrj4
z&?D#a9p_@Q$zl>nf00214wjxv1V%+qg<!&tXT6JxqBOln58yb@)R~@;_-+i+5NPfp
zBOY}z<@a^2<t1oQAd^CZqJo-&m7AjUg+|fVeDAF1YYWlluS*q$!E^(t-e-5eKamfc
zI4xIRps%pmEwt=pG)yME550Ju_KFuGslR6cJN$GQug3NbCFDFy4)xSjudIx$YREYm
zH_CO1f|C{6Jh>z0Wd2+YWMcAN#cTS)8Hgk~217>&KlH!WoH}LXb#--&E#51A`hP0(
zpclDg=bFroc|+r6in;-ls!WxKCKoAb**H&0CuTm9p6rv9OkZf;>L3#B1En_+H?Ww0
zxUH7C5x6`;x@I*0KDV52ysuByZfiF^x1i7(Zf}>Zv^<Y}pXl9Mylb7m8$G{1*T{D`
zJamYc`8q#!8x8SaKebkJC{m)b$Nt{JvFu48J4Qhhq@kh5ORfeq9vu|PzSd`hi5@u!
zI4#vRQ}vIvNd`hGjGl3@w5TkrCg`!_OZN;O_{2&nz_#m}za{L>x>YXX>mIL)Q_G47
zE@zLjch}NP{~J4K117Nk(OM=eKf+umQB}&%`6ik4EC9uvSKvS|*l*THz)1vo<yDd*
zEvi<L$kY-HBvc37Z1m-|8cb-r58XYkKV&59R7BK}=&GkF^-?)Pr7MkVV!Agk1^=a&
z9Xd<p>G~yEwn47KT*V~S>`?GBid;g{8g4t`NDItx(H%qlOBRA_pIM5foX&av(ox$$
z8zzBXt^X%M_cdUxc!>_$Q!;F_b$I8ru_=$Tv4sv*pG*lb!fs)>7v9&0XGr6X=r3u<
zO1>}bZ`?b{k}7XD*i@f$*#FP6!+Mw98H}#2S?Y&g7Hb3+(b3t|M%MKzT)a<TJ7F*-
zqY)XiMwh2}LPcRprb24~&(${ka8O7)Bzy_aBib5@WTBA3F=0T6us(VgO?_FdCKNMA
zRK5um6iW}Ft%KboeB$vpT$nOC+81>l9)dF_<S50qt{!iEZ3`>QcZzx$*84~Pm`yYH
zl4TYa{amwSU`-IF8s5&NHBd%+|96{bn&lU|OVH^7+?_JzD$xvtsnH-C4wC1br7<!u
z#UjSnAS)@^<1L#QmBZ8pFgdurObv2F49jc5kT(fnis)*bU?5OpT7nQPnW}*owt9vt
zVf|+Ubot@|cOQlACZ&4PG{eU2W&)~nD_3Z&l7LMo9o-3+Xr|*=XN~Is`lz|fVk`LF
z!9t06o9<)|w_rU4c5B9cS%D^obo5Piy<Yycv#zQ3j78C#!Xcn!_Rl2bj<SoZ`JNQi
zl5GfJNi8Vt6fZtcKrS8mHpDgR*15P^&{hyW6Fr>9h9w*IS(_;=8<uDU&N^IU%Q=sF
z`V$nhVw?%E`QqX#VEB>|!JesG%{C*}!g9=qZh$^M@Y9>viz$HKl|F6-l>#<o##z1c
zEZEz+QCK(`&G3=Zp_muh2LltF*C|;*rKtfhjD+D$Ww5r)C%6uVS@c+4BY@<>S20nd
z@;WF^*_1%M;A+Nj99&ra`2iFO{$gX!xe!(Zt#B$9-NMR0ul|#<b~Kzuf)+hLdqRX-
z;Y<p<!7{6KTsy%&^ZW-gy&ZKnVh$%J0yA0`@q1UXTzeIbHnik|P$1FHq%Au?@S+G{
z3lZh<`b)wd+?y9ej_E9)t>FDzlCKLF9;g8r2QRxv9F)&SKM00^Iw72WmNpGIDPtFI
zcHMGS-d1}7;udBp)Y8`kAKsGDicJ*v{?}U7dVivgzHN*A+R68(Q46GQaj6@h%^Ky+
zr)pG0n=aORn5Mua9(4gz;d{*HcIgP<_LI1jYI3$JywJkwwGs#_nstSVi$x~`$`@2~
z*_t0-4sL5^vD1{zd~tznszWj>r3K!!-9x3Q@m0s3^jZ9Yq-J-F^?9c4^s8;U_i`@)
zcefFl<L29@{mH4V_}j)^yQ|xc6_H&e>>IF!bAag0f$e#zdEw10R$RW|V37(a!_7+j
z+o!7Tv43`{U?n-}PmfOpzQOVUvi0*mNlEljU9*H(&`x`m?_!VD%29Gju(n#1Zzj1=
zhn~}`Bp;nK$}`4xR;FMeWKXa8+jo$9B?Qf%(Cnnap;gLQM}_26Yt(#FUn=w<GCWg5
z>?b!i8l*$nSo>FOjH}gO0HO`xmR8jl6%H)jQ~1dEQ9P`ny+>xicqgF0YELIiXPV_`
zVw=pLI;LA(<?I80YR57{n}+AlkQ9ld=he}blZJpvo=Yo=YILlpHqpIpSD|{e*x<U-
zhHZs5WKE%#(?TUKoCwdF;_IdMIpHPd6|S!piM~Rm8>;E9!`haV0~Ze%E7RlYFY}m|
z#|j+ThdAh86OPu*e6)*IWtPYX($yUo5ng6No)F*jca_~9q*{W`BDLgkvy>ODV!dD#
z45hSwCY4q(6!w%97uHhijHnvCr){UExv0*i)iW~p)v?Cy*0!ki+D1=R<O>m0+MDTj
z`8ekp!5A&)<KXE)3#b8T3#-7RmWIH|h!!CQ^e>yyf$jvU$`5>~auGDIc`&hQsq%A=
zib>dr+T|ad?(Gj6B>E8sXB3goBuUe6+H0TcB8`%D(@JOSHeWqR!p>XY!DvM@6{8YM
zlC<3OBhYb+YQ*ry4tZE~fvZ>aI<61~8G_hetg*qh5@yzQA@~8nGfk`ofFMTtC{ruG
zU)~-GGuNN3eABTxZJqCJzJK_|qJomO@-TJ$rFO>6z#k($u<%U`n6tn(5Zd;OYvD@>
zlJ~YxN*YRMm{73yPa7vhe$}PR%v0$nQ#1QKv8Ws-o>?D)G+rkzO^TEyI4LU&K^I4>
z=7jD8$q8I0q+9^j>GGTe{}BuQW(JG;a=y?GAo`8u`By!tV0H**^TUqn8ILy0P+iNI
z=6K$`F=bm63RBcX3#(N(YtJIqOcz!QFll`)?p;FqJY&^+_&-D>=P&c0CyCzLU8m3M
zXzXMhY)_x2k+}$XVl*LO38=A4z?Jj+4R>RVRu;O*02!LdCYW9*iZ&@Y=02KC`IkcI
z*iCkZwJ_&w!;(LaTa>;#^H9jHN1#G-aH(h&IK8nmrfbw*<O#H5<XBGHik)Z`qC|JQ
zRzgNfr9yXHi{)89_~r-7ix(n^fXGu(B13K~z3}Ew@lsknFH<v3V^I+3O2mpD2jqxQ
zGuLrUz<o2`;4ejt>2<Y`i}ue!{RpIsDrn5htN(}tg=bE}H-=4$a6028gj3l5GA7{Z
z@0w_jQkk={d_5F(8CA<_aa#^ih(;Rv?b)#^fLkl3Sc@6X{3eL74%(%nN<=|y(gHL1
zAjwP!IhBzk@2&RYdwFZ@@&Jrpi5RQGZ~G<!;J&MLd<Ox?D}+iH08_5(by5E<2*L)z
zbD|?9b>Y+QihrePLXUePA&g2w3xtFb;0%*Asmj|2hIbmUb)qWf#fEkzz|au1J04qJ
znilblDGGCc3`;COLp;Z;xUFTNAgq(<2(49(W>T8@d$N@s>5+waG2`A@t1oWH4|N#|
zfLc}Vo%*b&CzC^;WFvk%F%|@-fd#x{f~_+Lv++ppK&&He^`ea9Auns%l8z{LWpm7E
zaZePj)cz=?4v3Sey*W&tKre~PC(d-?CUau4Lx`Rgw1c1sPC;RTjji~WZ}w+w@S%g<
zD8wQp3F{twtIuWK7xX&oiqOScW&GiP4&lVEjofKDsVDkop>xk%&I2dv!9)f>XHwEd
zi<AxIy+?)s;`Sg)i<2QHTnn%E!G{|D6W&~AIn~3k8UGJ&>}2{V#BHBAD1SBbXCT^m
zHuO*Om%mzEDQ-=AqVrN{auF>pg4glIY0T7bA2EjmRcWG>@x|58c=Q-*Cxm2D0I_uK
z@gFm3S#lBx_96(~x(B$lxrPd$%;3-kjQEM*qg`;Np<(8ekPH;bAKrr?TW8JPpctRm
z>$@*8AJ?%{lKhiN0>ORkqUJ}`Y#E~Qf8M3vbGJnmyc$g(S6W`zwc36H>MJvg0b_@S
zGN$83hZ^QjwEx0jt(D3S=v@Qp0hth~5)LY>mY!gJK)4F`mA52!1=S8imVFeT(R0p^
zCKwQf%Zck`GdbQZ)aIq<w^LDjl4dMHkp<8lqj7>x$4cE9rg~1e8c2{UwhxKMG$9yY
zuo|);pRaS{yu|4xw6qx6v?HpU%X>lf<n{rlxgh2nRq0bTHn^RI4eZ6MfR$D7`4`6m
zkKBY#lP&8D{}R_IQN!4ETWNJWwjdVg#oA|lN2+GiSo}4<*-5lAW!~WN*TYs2wv92I
za5<#k1oaEW#l_qkW3)u~Sjn&BC0G-JL(<U`6N69|(n6V<$IL1$VbKmklOXXC4b980
zd`B{6y^J4q9IznC_jnnOfZ`qEF9Fk&6TX$Knkbo65&wOYu5iUhKe8&gOc0_APw@i8
z2XuC@on;8-)IRkrhvEld*<>EBrd&ISN3ETA)2U$-3{O)D2kXDn_ND2EKSK?Y1L!4H
z?8ghQORPvO6q=uT6yG-#8Fx@tapN}9qnarzf8w^3cBdJH|Df_P19XXI8|{BFy2Pqr
z)66~ZmUnC(2iZlgZ$cmC(#g`=0Y&&VZarGWNL>7S|8(&@sCuPNQ-xliq&nPu14iRb
z8%RKbTDpthKK<PF(`l<iL-iT?)Us*;QC!vl4{vnyuP;^~j^1S-3yCFbmpd)<wY7`?
zw2x{OKJTpwpBfUI25^97*;Y8aYX2}WK?r8(^X`&0Y&pgj*ApHjl8zOqD|#81UDQ4<
zEr(;Aru<}9d9UKdx$uS970*H``(b+v@1-NVsWb0Zu9);06ZKohezCCm9ndN-eq>?}
zR#iNjW!ZuevqRhw4nAAH-0NC9D<JSS?-(MFNODavXk^3U0lMfBBv4+IXmNY~CCJRI
z!V{=a8rb3L{uUZtAQe+*L!vhq3yI+zv+%_}Qh!ehP$t!DcB@6{I@=}vmu*5ky;XaS
z!%$V{P}VOyTUkjhFvw%;aIH^u3G{ehMW`G|rL4#vy4B({bcT=gT2>n<1Z3v>N0CPE
zkj53Qlv*{J0+8*m_1l-PDg@q`1x(fqgI$rVMk9mLSu1eBR`)I+Tyw-eTT~TFUF%0M
z3HvvX3Clc*g}<8eczYW{329lid~$r@rZTZ(kR77cOBZiaa6Q7|$Q9yb_<85nSgEby
zK@ZhaK*D!FNlcHvnO|*3cqQF0w6EDhg_4>?B$7EnEI>2Eno;T%f%r@k1T0Kg^yttL
zBnyzR2iUAYo*%VwZ$y>49FdxS!R`EcbK4pS#`qm%p*wt4ie^E`!5xGBzs=5$&(q5-
z4)1`1#$!@!so=J(6DS#N9Ws-mV_-hM79Q#}nV_7j%&6io=&Kr2<N`?iVdYj3wNIyI
zN~9>;Nr32Ug_dE*J|vrqB(f=9xC-mDppYDCepX?<s-I^Iq9nHtzxP|r(>C&<U4;Y@
zl#UheBh6j{FbXfDcD<oNY(w5qm&k6TXn<_+GS5OwWg=}yO-l^v=^uVXunI0pn3WgN
z9|{4d5Ha#=)p%dohR&Wnr}lv-bxj*^gl8z$dcac2!V>YhWEsABnP~zNGOXO?$RtZ;
z;QBf!Tuf1XJRv5-rov)}rsE4SRP*&z{96N?m=(|E<q4xeIv(Cf+D_3u{i{F}ITO1|
zuC3B3gvRRCWJ~0`i7vE#kV4%_#fvX;$F^E~`w?5NXWY@KV6{2ZV;$Va&r1pq%7)n!
z4?uPP0)QsaTn5ds8><-;AT~PGbfk$y1~;M@Lf}20!u<McT3aen+2Xr>`VIK4(Uipm
z7i18!&!u@fUQ(tP%2sT(F4_XQN(8fDsnViaKGT4idr4sh9zH7!o=qfHnD@>tAjiL<
z<T%IIVoB-#v3VuprXF<ly+X~)(l_`#4G0ZNpgn#d7`bFQW7UHcHgxDK0m6d`<=(o*
zZ0Rkc&Xm`m!ci`WA~6Uk?9g3GD^lOvLU4SKgd_wtpo0hYN}xVOGCF*q;^@1rYh-yP
zphA0;HE&Jzm0=&VUSY?n+^pG!Rc-@Mp?*n8X$22#FS?pZQgD-by|ymNfJM%A27ucv
zKi|aK{V;V|w3dG1R&pL<K<%VM$%O3_v@a`Ne7;6?mfcG3P}<Cg_gdtb@*F0WK<XZA
zo()?x4fCH*Qq+-SdjzUvCVEmyTX0v<?Sv69o8@4Zgh0STUSgzo7W0WTM!D$fRou`=
zABKj8_KzY6ESD4x+JLf77>w#O$bf@~023<<gG*U5rvGCV{|yQE+&D4NEJrDSS^8L$
zrnb;XS&K&4+BZ`M_>Z#WKG;o#gcA_ZASWo0q6{zy8W0)~5EKxQ5{{R0T1E&63&MX&
z4#<OUvdln0vdn2~As}2t|FIRJ(I&<N0Rh1P0|CMPZ2!+P!<@z(3W5XnUmprTC6El3
zG@DQmk^ka|<%)Bda)E*Vv$Fpm&`)VlHEsImtpCC3h5g_p?$emVK&bwg1#q9%7Y2fw
z799qH{$F?h+XLSJ-U0gi-&1M+2Yme>cenRxu;C!={~sLT{{tuakY*STLjOOwgm4fX
z(2xh<w4OI$T!jBueExf|<L98!J1}}0bOZ>}{{r3q*lFMYzo7qA43zTmzaadyoCpvY
zp8o_&Mt=+M@h6n@VE>K(|GFcCAG4jAs}X~To$deKL{LyrK>rQzZp2T$BA?Sff418H
zv7o&nYnuHu;49PryIICwfPq}hTwSf~EnNQpeEn~cQJDXAeIOu9;54U55Ul^HTukK8
k6_JtBDk4Eh{~O8w{RqMSKX3=gX%~?o_z<Q+AV2p13+jnz=>Px#

delta 50003
zcmaI7V{l+W_wE}f6HSZ>Cbm6sGO=w>Y&+SpZQHhOb7I@J@4Wx_o?GWsox1&HuU`G^
z?y6m@ySmoeztdRQ=p<M~IZ1E`G!PIN5D=DDPx)9xam4>TzxH-Xtl2?8tl49Y6rpIT
z7?>!CV!M6<><l7Y41zpd61=Ped;&7Rc~nHW#Ka`UrIjQVG!-SqH54S&RMf<k|46AB
zN^6))Y1^u48EP4rsT({0QI#^(R5jGrH#5+3G*osm(X=<!aW__QGg0%j)G{?OGqrTE
zwzaafceS@Pv$eK&wzqV3bv1Jhbo2D{_VKdvP4e;uf*b=990OB4gJQfx<2@oWTq1Hk
zV~c!jwSBDg0$t4gJYD0w%zXf#Kwr-|f5*5$_k>XI)F8*qP^XkIue?aN;&^ZWe=RUH
zI3zGIG$Jg}KRh%rJUrYlFg748J|HqRJTf*kGCe9LA}A&;GBzP1J}o*mJvP`kKFmKZ
zDhx=C^iPcniH(YhkB!WT2~3NRNK1)MPEHO>%8SUVP07s5%*o8iElMn?iz#f2FX>D#
zuFWi|%Pem#Oo_-%j>$`p&&^6J&5SM0POHrhFV0EI&&@2)O)SsPC@;-y%!{hYkFPCC
zuPe)HFOF|5Np7#mC@d_@D=aN4Ei5c4F9VA5N{UM=N(;-&%kwMhbE;a)t7@xjs*7rx
z3hUY`YwIf-+NxSQ>nclXs%si+3L9!F+iMG2>nl21D(e5Wrq<?`=El~J)~5Q7*2a#G
zj<o9D%-X@ChMtn9{;HOq^3JK!&e?{JzS_=_&aR%Sp6TlTzxBNnT|GTb!;4*W`a8W<
z8N<y*J)Mm`T^(bcb-g`Zi~ZHh1Jw&7tvx+G14CmYL;YhTgCip&1CxvWQ_EwMv(ta4
z24>gC=l)JEtj~}4FHiL^&Wx_j_OJgPpP!$fU0j`A-dtZ<TwPlmUp<QF2gd~FcQ;p$
zxBl+$tY7Xgo*!)7pROJp9PAvP?w?$o9PXVRADo??9bDWU-aMV$Jf7V>-<==aUY@;P
z?p$A8Ki!@^K0e+&zTCgOzdYW(K0kbZeu992e0_bf;&0~ui*p)rAps@V)eA4cmPFOd
z<kH?nJPL{GSBSdi_G+UMjskG<QtQ4JspSV}nXhga(-9?N<pvX1p<X@H>C{YNn3Nib
zbB5@dh;LDlL|&T^w<;-Xe0Xpfcit(HmavhE)>&V*7Q^ukA|iPm@~5a&1On8U@y)y4
zm8i?KX=Bp~Bx1bc)BEwyYLC~okFKk?m(Pss<B#|hZ-eXzFQ&)QWpd!p|FZtC2C!=A
zh%?Q{Q}asl^={E_SGx4}c$>AT`#O$EH$WZDmi4g}7+j9yXqU<Ml?|+)>Aa2|^<`$i
z`~(l)@ThVb+H~(FPj;`o@*K71-MV=A%y<VGeXeJ(vV4CBv{SttMS!m%gPoP`m(*_B
zDV@`gIq0Yj4M70t&wnlEtKw+~%U+r7-h5MhcD+&s9>>`|CEmhMe*;?W_p^V;e094%
zk7R%7`k6?|%2;vVQ+GChjdFdJ1auW?zO;Xx#((dXrN`h~Im=A*JSYFkd8)2;c^%m;
z{<_5EeZJI;-gr&h1RTcFKWm=0b+J16KKiBxkI42Vw=l7%4{SbXuJierxo?wPfbG>;
zldg{;-M4M7ubL-GXkD%chouFZ=fT<Er;*(*nYTxLsh#C6=KHjrPw(!BGu`qE!FAhm
zSJJ?o$Hp%7mgCMgZT6*(hmQAx&8Ngw^?t5wr~3%+^>*(H@WuU>25?-%eVx5-X5+m~
zHfwv7KGFBSb%6!(xheg+zFhilrTshmV1~J~`hA@5_(R+HSmCNyvwONYHjTr6&*rCE
z%TXlzXO#CIdA7%eg!wUCr|xTfzJm=v;MC7`NLB4Uymq){x77G=U};i!>urIr?ci1O
z@bir;di@q?+WZZ@fb%&IZSxY&{@z}zS?#eDtIP2~-HGXav-O!xcz=wLoz{Ao)n28^
zal2~sZ-O^)n=kq$9rvB$nf2j)myC`gu7r=yO^52MkA7Jh9sZxPKLw^YpPQiDzsz5_
zwtm`hzqCr~dc0c5@;aUkZYI+|y6bv>hE_ki%X$Gv?XtX1H-Xh%*Z(x$ue(dUOK*#R
z9QWp<pSm939WcA!mR-6YqIErz@L$!gG`Cz&U&wWz-|u8SpK6P{B;3wRO+4;f!aJw=
z?kbD3-_|x!dE6!3u?||My&vm4hw*_=gRAuD+223Uyq@Z_KZf>nFL`bTP=8})zd~)i
zfCJd2SssU?tWaKOqaUD8R7LaI-dQr!qu;%c18umM-iH1OyZ$PE9R_W^8(yvbDZWZ`
zJv_;Z1Cs92?+MZ0AABW;=P`AC4Ldx}p-%FF`*m6EEsywwH@Va0nSyn$BrcHSMhRl<
z6Pr4lcC-Cd%q;J=r}xhI(m%Q}T@H6^0N=9&$)2zOPoC?{BSieS4~t^Dj!W?2piicG
zk7E<r&cm1Pi%#adB29qS!T&z08d#~&c~v~gBhkkF9L9V2{%>jS)6awK&cY|Zr;YmT
zQobwhx00v()=dXZ-Iu+isR!P#QPH1Y3iT&WFEuZvzvf7@8O`cdDT+AnCZhR(@GIhV
zFD9L+h@<S{YSmRPMr_QQXgkdAzRisS!w$gIbfUi!Jd+u^Ed?<K|5D2$W-g{d__-~r
zlP>pYF%<Li3%KcuNr<?d#aaEmr1rJTdF_Du8@tYak`<0me>+=8d!+j_ZLGW+@9l^f
z8WErC`t$`z;))@Pz>jvM;MoMeKV_ywz==km!+*T*m-D?k@IAHp2al|6-HzXucRtFp
zXX4m&LUtT3BUHB?Jp3jWwbpW#K1uT*xD!Ky;BzE`;muBnxEqc-?|5vRD6itO-(L15
z-W+3Hs_eq|IAyKQ%#+=V>~`O8yFdGmhtqC!sod&sQ!t$u?(g$~=ur>+B;m_&*)6_V
zalmZD#Q)`Tx&8tdox%4t^5SrW@3z10_Q(tDaDSXTPiwmdcsZVIUbbGgicZy{JELvA
z_Pc$(bUnY>k?oz3>xRzHheB(`J4#Kp8#r50k-wHF(~92puw4aT+aJco?Tl-aw`VLU
z7Ph7{@ypNE5rN0(Jca_pq6k#v$0*sgqQT^h^*o+=?Jr~B?*s8ZaKuN&*bha~l}Ar)
zO(kSYK|qWg!T86$M@zds9wgeAs%Nf^rkGvxgfA54WQ_JOhGhB&tJVev-RoyfXM|q`
zx*5`!P2jH5j;q*)teTb`87<m8%-e7B!k=WU?2a#k{Ao2K_h$fxYcN4DIwy^Lyk}q8
z<eD|BRub+?QD<$DVH1$3>qxXzM~)1fj5fQs@u+>&&}Mg?uMz7n8a(>i=QU8ApRor&
z>f{}C(wO0jj8G~KbJjDwj~vYqmAAEO!+wCDPpW6sP#-_$5^Z*_;b6gzWVLoD>PMS~
z-bYjU7j(=9y6yrlWZQlPmKmv83Wh0(j0yUP_$rFnhExRX4ZN0F@HfMBxPsjf9(U;3
zx5oF6ecBwBO=q-F2wfx~XgFNY(xK7zaN^lRVNC};EA|M|Y(I6VrW40ukmp$>U;m<I
zC`+r&$R3YmH91QwKgyShlm|VRDGz#NRwh(xdz7=<DK!E^Nqr~0uWT>Aji2hv4QkIa
z3Y*vdKD=VDumk(^IN{*6B5pyq;{2-E{3ew(NA;Q`SDDYt8=4_Vq#eZ`p3O(Woz?WF
z29#)W_}^LzkW5fNV(Cbh*voix{|H%)A7OEakav%HZ<)<8+tiD0G^Pybb^HE_?QOg7
z!F9oX6o&z@k5xPFhLPATNk@!3sgdeLGyJz7jTM+OLfi59F=p4%{KUWq!9+MI=Zs)(
z9jw$cRLD;1s-g`bdw1uw_{DU);>D)o)izOW<nH0f4huZaYlD_`8jkh@Bi}Sn@Xj?(
znZJ#iO0(TiWa&2Llob@*+;hm2GU=q@r{c$MzSRI}(xtZv@H-SRLB$Hp>^3tynbXpb
zp{WtM)rVJg-;>9YUacE&cGD}_H9Mr!!wIR<mhGe@SOXdIA_GEDj`k%ZH4GSbk00AM
zdq$cxODvUWh)b|sJ2k43%Z%}e%Uw+ua&MI<pPM2rjV=oJud_-qXq9w3BL7?<@5vyL
z8s7kjHx$IrBv>gaaiS@>1>tmiSJpW3QCqor)L7fbL=6J9qici59uNcQ0nm7o9f${T
zU$>nkt&dMNn~wL!nz{yBl}o>g7|gK=#Vw?shRDti2bJRy=vd!q$YQl}Jir!DAOVpU
zI}m}eNbo(7gI%9H*MUElumk)(1yM^UDkuOS0(bY$)D|#Yl&J_3Q@367Z79fyTPZ;_
zDD0I%Zj+Pgh**-Gpi*shAa_i9+le5*gpwh0K|LmkRpgAI7@7p%V-)1<3LmCL<R^m3
zhcsdLw8b<TI*`)_^W*2Du`<DtL!7%>EWDl`YrLe<_oV%AcZT?Ki+`<PluJ!PQYZlg
zqp1DFdqH!&34WN~A7`)S@7n4{6?HOvG;4bBwdU1zJj$9KWf6(XK|hX?n2um(^+GRn
zQHyKGPch@i5ZJttQ2HcAwXGQ|PX2)EK{^()OX$fZ`-#q?jOvGv_g;NBJ|z=v+1Z}X
zvMKiW+I9HMk)jvz?h_`upyK^w^SBQ%iuQ6`BBVH=dO@C>`o<D5lkw=c#CIQix8?e;
ztZ)n%(P9Z6rhoWUJK5S(UQ%dM-zG5!xft%xiDt3V6xUi+v#*-1@-a{(+~I@=l_d=?
zvY+gguuxg!X-1AYH!e0@->fCCw=oy8(wqw_S^Q;N(#GRbsrO?%(^$4|4G0HxcWRo_
zRmC_IgyZ6ArbtxMZxN()XQtU}^TxvL>$5~wu+7lGt)8ozgkoP6FbWn1+d()T+S7QY
z(ASykV1txWB<Q<;(iE^?DvQ+5y{#fefu<s&#eq3ddfonwU|}K7Jt^vGAOs8Lhepm>
zJ_Aoi3a+WnDIiJQeHvNpuv7<5hQhQ`#yXoz6j`0MbP^G|OCl_}GiY;4OVzcBf9hss
zTb3tG>)&*H^`*oFOBYx~&P9MtbC%_fmzxkwoKRGQP$c@WY3QmeD}f~bVh$SgvZcm=
z6hdUD6V6GlOdjseN@3^bw0oDxrdl}Ac$wtCcc)5*!L*TLdClX3(4qlu*N);5{fi<P
zLw*`4vaNDTa%n2%&Bk9^+QXweLhC90E$;B;9SB}?4Gi7ehgmvqpp7^wp8#04lLa|U
z=A&2RNJ&_$U>OJHu2YR<ln9`_449Sw8n?yOuN){rY1JCk$fZ=h@FV|_AJ8zBMjlh7
zcod`*2c{U~;_QrfFCT!=b_-M&daR*=V?%N9wkXMXoz|Fnds9zC8fezes2w7oHZWG{
z;G7$LY(Gva#cd0t(?T;Uo}q{LV=y7=I!ND@?ceDjhkcG4(4Do&md$zt{@)`YQ2&S*
zKBt;#rCTo+b-oy(77Zu<-dm9eBdL><8xmb0!s4M4sC>;~VJ!fB^1S)+C&!=B7^;V#
z@W+x1b`f+SL0}rzVd9K8-KTp8BjW5fV4&LRnp@<MsCk`fuLnPaY)germN>JN-W%_g
zC7Ua^ObwKp@$!x35>YgvIt6;_G(|QxS<ddg)6&`Oo3z&&G9QZ0^4yzMdK_r$SM3hZ
zk=^EXTvQ8IR5k!%Q|HNVv8T?R5}0REofkFVIolnbkEQs|EHxv6I;(WHk5y+^i*{vc
znomwV<NTX<L`BtKWrfpC^9ag3o77?@bGM|u4^r;m=#J<1Qr7QVdh*p$ts><t`2$J_
zz&FAo;qb<W3<6*pRigJyaqYdX#T1w{YEF6%#|#(xk97cW)B&}+@zf|CN1R5uNdkVa
zgGF@&!p>-jB9oz*N8As)vS=hf*Z^h`9u>V00u;22(BFyj{NT8s7>|AgY{hdQG6pwG
zsay8FhwlaUnshuF5||)8NL0l0t!UV}*>U!${&o56l1NQKx$aALrQe)b!O=3H`cpIg
zh*E!pM4SLC@}!wbUX48y#ctwrdJ=eX{k4wU`nG!zN1y!se*_I&aX?)v$V6J63~3;e
zj@Vbn#LPKZQ+;D5x}$Z*MjF10^oYU2|4bbygO4$9@JV2f`e}CP=-!KD0?LmFq7D<L
zcaAo)?;}#%qt7496vOY#1L=dY>L<8|m|bZeD&7rHCHn>~GwJ=x8+U$?xgH$YjqYa(
z8y*nC443w0a*DF{GQP~!bb4*@vc5UDwWUZPXrkz%sOg!|BaX<s7-idao+79lVSE>D
z4gHC&c>y#3UNh}W&b<0o0cw?;!rpejp1FL^a@-M8qfxOORwx5#>fS^yGhgEC4BrLh
zAPxf1--H8?#rgzMR)eA5v^a>g(E9=%+LWu8jU7n;C@5L59m6A>W6}CY#XQ^QLa_g(
zRi1@W2<Z%EZ(cK<ZycwtCu3Vu$uu|gCz_Q$bgY3!)36atCx`w(MsBg$==EwDQB{Qv
zMXqYw;V+N~qw#%3<gec1Oq2&*0J+m__51;hpbVhY5&XcH1m|D1uc6pmCz)cs<fmkS
z*taxyhhS;X#ZDqDnb|oPhAPo!;>6t$gl-|1a%qR;^pYrxOJFxY9SUQE)2FN~!Ql$D
zJ2*!ylu%)52#n!<xq3K3{N0*Um3=MiiaL)mS3Z16XT&DSMk7#}65nW$i^9bCgJA|h
zlqwvL==4Wre$5+qN!Fi>4O_9r#vg>bIGe~it0$kf#_<OTiB1`kArF2V&*zkf+!Fmk
zh_*6dU$_%gCr?A}bJ_6`qM$_iCKv--IxG~175+Ps*c$se)NPNudH?$ln-|5WKxIx-
z))SkV@CY0sZpl|G$VK!CU+B(st)d+OCTMS@YA_QTTnia4(s!1WG2G;eFaAU(BJ%X`
z+XlrCPC=hXvix05n1gZRdTByeanD)85k#nC6cr8cSnwy_%k%ed@yBuCguAcQo+FR8
z6`*m}w3$k8{ix%-14^KO>ssX#4Hi6MqmG8itoub3*()W-2#JKic2pV(aFtqs6Cax%
zE%O=a%oYSxgbslgXa`o2brWZhwW-m&ey9%3;OX9@s(RGW2Lvj!1Ch$m%DOBjr_QkB
zJN}{f4Q-_+^6@0bW)U~*Ot?)2-POg2F5b4y<go>N=?b-V@P78oos&;82mVGp!>|1)
zU$~vfW4R&w6|Wm?u?vmdcZ4?}5YxGAoVKp^dW|P92qV8_+Tpt_K}*Z@UoCm~hZV8&
zkS5jKfh=DHmmrRM??71YFt$?;2<)!OBujYWCrZSPVwpt$#K54aU%b7`8))s8vp!S<
zC6p?{)n@s|5b%()0p}Zo;9a=%_6{?R8umBPYz*+nXWD5Qczz6AjtmGuC@c$WCfGcc
zX(44Aq#3_;QXTxbUtB`2W<h<KH&OusE<RXu^Ma@KaSW^@h{D+9_*!wVK-poDJtdZ0
z3`d%Bff6d}oT?Vj)Fxp#Dhi~3AQX($p@0HLHK-w8ncCc82Ww^CxtIDcXhT853z)%r
zw94IeD=Hs3IG?Oc@Q^@&v0%T0NS~+NkXbaj7q1?&E}qIfAN`wxRJ!7@r$i7KKPS8N
zXbW};rF+?mc9-P%`XqgF_~6Tc!n@zJnr|q(_0bNDFP(znQjx;co;$%eLc+l;?QCpj
zarHgd{C=&QOu6u$+}x1IP=wWFiTIY^PSly15W#}7QrrOqKP*;&Sb_8JgSm!M5w_DV
zZ3SEGZ(C|GCg+1N$uRNgI}JlJol(Q!7-G7P|F*DuEz&)4F8eVud_Ws!S(?{V+jexh
zKnu<kMJa>iWrPuJrK-Lawr0~WjZGSxJQ25fR&6B>!AmU$1FW+LloY2UTj`Y?xfbg`
zN>(_=W=TzUM;c^6Cj|Yjj{Y^8W3UuK0Pz+x$PIDNS?scQdy3jyKFm_EHut6;+d7R8
zWr{Mx#frLFf;U}JgW|EAaGq2i%l0!K_N@g|TtfSMXyu@0>Ch=H-4>j}HW|pgoJy~V
zBcTq<G9t{Wz#75j@6?fT+<fG=AQ3vUNNjm2YNN^MR<2tBo@z>pGL855OmO3tPf^9`
zziVshNexG3>K@vSppeQCEdrawEiRSDsf}ijJ5q045&AIP%-<Q1^eJ_Eu3XTjt-%B8
zQ1Dp%Z^Ak~4=EtwH4s6NUPJM|+qRdJ`%szJhquyXcYe0@bi+~JB}gJcgnbu$t{|OI
zeVa_%bfiQ8NFT9X4mJ)=TzI!=%EX_xrVz+F>~npnA4AU*H$p^!VmHpVd;1iD*Lb1o
z(VwZV-1nge0;UCc!O@X2=8y<zq+1XzB;2TKupMg-pTBkACv18R1fbi#$zWN<hzyeI
z&IxqA6d6%MGXB<Ri>fihXnc9<I$}d$EMmAfr*`oG5RmJel(Qb4lyH}5P0gBg$iZ89
z6IOG5-|8q2$$0HU?WnVtyJxf1id_3u*blFMCU3b>>+M!v+g>*1mtxbT8aau8DS#S0
zL=jWr20tH*!$fyoDIM}jXnybO<6?rEvbn@1Dumb3^2RcD=m+tWHxgun!gccoddcZ`
z&xzLo-^1YW14{#(%Y6-W4c5+;IaN>%2JEgzTeB67lGhioxymB57Yr2>36Vx~#s<ww
zOAZV70~$Qba`z8-p&+BBp~Wz=DwUZy>s(ZK?d(5<uolh>bZd<ZPMljN6{{1n?HI56
zOP1kYwVB3|7ddb$tm~bBNWKf5KCj11t1qGh_~K1d>RC6=riM<X4946v%m4B%UcGZ2
zPaIkW-vr1(YULEXYJ*be#xwKbB^{U<-q0Cqo{92$;QIX4=_P3fy@UwO_$e4fowA)a
zp?+?h^&xu{g{8v}CpHhv%vW9N&oW$w%}NPUBE^Ua!N6HXu)Jci?K<@}KKTs5_zk`S
z5LJoGXb5atff=nQ=bj4+=#Z3V%0pBNXar{<R97BfEOLnKCvjR|*YGKv@JJxc!u%un
zG6>+PZMDY3iAxM1)Qi@{rL+wnAs}6(VG4b{0T~JG&SdbIEsAJ6KVXbm2`JSksr`0J
z8^n!VZuTi-yueKl7cwHYfb4sm-%Nu*BR0XB(-J!U+Qy+n=JZbTg~<HrVG$R{Lca^g
z3f;!^_kwVPpC2?oWjGa_lGm;3qqL{%f7~l2^f#Rid{(9zwp0aHLN#5uom8w<vAtuo
zPFty8rWrMtO;w$(GIvf~3NY=O`K&j2uu9OJIAG)5i<z<^5=q+sJAyjn?d6IA)ZRSp
zCVb?+@pds=b**^JAv%bzVItgsx1?t;O|akuod)+ys$E;WR?P&v+R|iN=45;JaJ|J;
zINbS)loIR3*!46ar-m>{zM!a~n5dcIIg>}MhO1Q$y=C}(PeD5J+*(qF!IffSVpnt+
zb{|91=65?tag@CE+E~>GmSrj+O3+P+i>h>90*7kF>=)awSg{TGNN5i=o}PAFMI;gF
z$GzK5f~Ltpxs-ciM8=?(Im|d-gjPZQGD`NExrwuKch-aCqH%J^vh7^YRsKCF8pm5C
zDl?@GykHN=M8}iDie|6*X*$X3R_MJ;kOFd%mh)Z%W3wH3*sl5?;(i1G1x_E`5J#@s
zQHTk_bJR%}7{m*s%{8q&_iqSiaO8^%r#GFk8Sn9c5|}&mE~!2N##Yz>$pdC*@DAyp
zCG+P7VYXI}Z`S^!>e<UF;cUH)>-#3`zsDmcMcvys2xJE41ZRhm<Xl%q1%(&F`;iUm
zO&LH?-<q-*ws~7%aW2DvIy-Z;R52)14ATpixybhc$KS#~<a<rkhl>zRiXuEo6Gcs5
zc=Bfg#MoJLX7P+Mh^z#yQy}X(j&Ouc&&rDxf0SKLU`R4G=;;^bB^!@iPGrQO)OjGm
z$lESKP5ny@@z$Q3F6&?=)={e0>UT*eE}h>GJaEu&wSw;8QMQHxgi7c+Q`+pX_&vju
z>^ZUhhlH9_9<2>UM&DQ68Y+r%m0Z<u<Ovxrc^Xp8lBCS+)q;qzu_>7AuE}-}2}-Ok
zeOqTSLLLeX8{nM9Z8+Mj=60GamszzMC`MQ>CY>yX%CR3g`wS~psB;YPP8yAEZS>8c
z35zw<w8=3bi@th+w9=JGiArk~uYfS?+*u|H5$C27k@BS&-e$#;T&8ej&3a)qedPdx
z)kPG@27|+qq~YheKs?ivQRFIy^thPc?G-=6^#YM<?5|WPHu{_=T*ibnhK~gJ47z{1
zvofOEOd!z=M1<IH7oiyMo-!aGp=ON|2@zyNb{s^ZL&?PhM*}Jp7OL&bhIJ*40XSK*
z=-+1bwFyTvl(}TcYb+Id(NS8N#~jYvw5hVCJxRAEof(1TZEtQ)<e;f8oFt(VEX}A?
zj*Jw8HQEx2Fize)>iOcHl3MVHj*2lVDaAszbPe9bxkE);ktJW>`Vjc^Qf@q`Ii!ip
zbrpa9SWz?}VM^;;4>b5LZhY4Q!$d~!$2ybmCFE6mSmtt&W}Nri-wOES!F6~Nj!v+9
zGiW0v?6TB`_ro_PcE8B^ApuA~Z1nvD=y~?-b;6XypvnZDmWv22?uy<HBH02(W&FJP
z>@%5-rn7g8^uPnl;95>gMd@?Lz7@nhS5rxk`Aug4R022HBX^MI*)~02y4_bhy=p#j
z%WCDaZE^7jn|17D(nj9%lD=zl7`CNN+r;^mbH=1fCZymFs|QZIKl8?zV7^AxvtHyn
zna7O}<r2E|bNeJ;x+kh}c~UyZ{5khD#13v)K7Vday>kdAcDfi^+^~~;-yrjn&2OQB
zy+df=a7GJD(sQxwY8_1=;(k)&S)T!d*{L3L$t%9zwd+L6MRKO6N+->ELmV?bMi3CZ
zN>B%tnK#2`W7}xcO<lD;X0EZo>1vO(>bKg3Y=JeATs2ltcT&I9>$i*1G^xTzC2rQQ
zPJiHR8Vv&_A9qt^wnwre%w(xC+G`RKbw~zyUqyJ}*D+yjiqFtg8U_U1=hUgJ{}p6t
zp@S5C$|_QrBvgn{QSPP<eYLP<SWjSPDEj9pV(R<(@l~C~)5fP>YAQ=0A<l-4j5vOO
zkDr5!gP#XsBj5kGbr$+5A$=;}-@#ob_(`UXlx<18Ucu2!jfbajCwkA3lnQA&xG;e2
z_tCjC@eBslaXR(5_Lc+cu^mg1WGB363wLV_>Ju|3doU0^!`=^<2>*Ih303cp&VDKe
zg}X3#9L4x9SmXrE+}f5h$|4pSdUfbJ&NlA>dbV3wCD0hz2#Lw}wu&4|;rZKe)F+GL
zOS%nbw1~{q7zYr;n4;ujXaR>tV@Y6e;E=88!wwGqY#wYP%=)LgnII}WrcH|Ez^Z-e
zi7>1_nu|~B{*CasJ<r6Wfw~3t4`-D>SYm4__bx4>BX=R!q#pPyl@Mg?*IKrLXR+Ez
z{RTc}Uk#}U(Wwl_EodjA8A!;#&hA_dR>QVOi~^wh;{rC^XAJ5jn{SELDP{ofZ_GTe
z`k-0isL@K9JN2wif4s}{2n!k1dveqW^iT?JIkg%eO1b~iREpOs=$HA#80OxzzTbAn
zyuiSEtCIA_Y?wMl6FeCty7YWX8F;Yv>R;QjaOF6o@7nw^iJP!Fz*JP^55f=l1#9Xc
zCy%~=tk`Vg`|UL37EJQ@=!PX=ekC@!PaXG*$AIOBowXgGaI4c`!royP$>9cqtDqyx
zA5&7<-|F?_fkSONg-@$F+ocBB15MJXDdeX~8~jFw#N|O$XxT}JQrDpqP<6)`?9^-H
zXK2w?!KKEm9+9$(8r;~HsLk`Y?>8EaUmANDo3P*wi&;tyPF5Q&u;AYTLfjk$jGGR`
z=JOfVa8WGhR`6`mZTpPX?b&AdfmO8>Q@5u_am&9q^k>Qj5QH3vw|9_d9tEgr0&aD%
z(c1{Rs(-dy<%VQHn<I0S3tARku;&oWA-(0bRrh)CvcE<!l)E$C2S)XoK##5|aL&Re
zeETiUrACZAW&1cHMvQ*|!nDos(ApAFwwa~S8uqrsMRBT4bLx-<*8_$+@*r^{hMBNY
z@KgRBECuUM5_I@KKpAzNNBJQbdg-V3`+C;NnIEGDe>D;|p|@+VfKHPc-xS7KuALkj
zfbL_mq5a}hAP`GblJJE<N}OB~B!`ouO6OCLw@;PQC%CA4jVnzC=rzT5gsCVS=2U%c
z*U<j9Sy6E|_4np4^jvUm7U;RmYims@@~_&hE$1Gia-sP&ty4$xPHybUhIivwx5!R>
z)K;K-w{ob=ZG8UHY7dMzNekV6A_$3-5;KL}hguv7*#EYJKjZ}aeVHFJP-csH$f}!W
zGuXpuU<z?w`%M@XXz7iA67(jJWJeA9gUpGhB}_2)!d*40Nu7^S4^f;{w%ml91X3H%
z7rJzO(U7W+r|MFaDZOST6s739eq;3QN<PU43)Fd77a>U&3k&{Lf`%D1L~XYx^$}H5
zB;#H^$t-EB50*D`4E$F%D3fUdT1t{kR@yIDZ2=82qeI0o0Dee60esAY%rW1!lR=Y)
z<pyy`Yv_l0!Veroc>g|JR2zbj<lZ0flJ;}4<~$Y?;1>8ScF2d6NRY4l9bhBF0>VKL
z^W2*77(U)4#V0@8(Fcc?D8y`d=mL8t>knom#w!|)QxsIRqvOV%p@{>bbi9QYj={Ao
zL<P6cR0%(^faUwX3a!Txr{DV-5RQMW!quI@vk{|4E+FJ@AYdij;M*`s@q-FC{8}WD
zamO*MvlT^l6=1ogj8#R1v<iH+0w2kHX#H)RINf7<4mgdsMWD?1gi6-6CSTSNs$*IV
z)?JAG`JzQ1wVP^Zzx8AEQQ^vC!0zpdV0j}4Y=W&P1IM}I6u+=H*t08rB42|3?Inmj
zKLaAv$rmdAlGE%GqE%KlnV*c`&n|u!?=voo6oJNSH#oKX9FeQSoiRh?tZE_Tl5Pnp
z!!0Nn_j)f~6smXHMSGqXSXWd}D<KudU~Rbc1wcC7blM$H`NW#%O!T!y)F-2achjnF
zEQ5+50v#`Mb`g|5qQm<jQ9q^8S6641Wa8LlOp?NGg)ndh^0Ql{{cL2Vsg(2s$A^)z
zQj==qlJ(LIw)uat6_q)x*2J;ebVIAn7e^bi+L|Vu_PHze{*;uCEWKuXK3w~~H0cvd
z<;;2q4Rxd_?sS7#H&!FC@UN181Hlc-8lUL?4M1YLll)Gf`eM`>;$ny@lQtO&U9-Z5
zaWv6Udcx@!nW!PK^k6K{4tE?NPsTrQ5@sA&)qj8o!JdI4s7P)+4q3mx?hDlr5odkU
zTJkuivENpDf!L`F-Q-5eXcIuQ9q3!HG%4g{y|nYF&L_dqt1lt7eB>4awx_1^=2MGw
z16(kugqqdoIx(<-K!S#%zKUn`qC8MW2eSwHLz&#}+qJmY7imVQOPZY6<b&e=Fi>!h
zTw8bYcS05qk%zd!?Zk#8yoj9aC5(oSr62^ay+nSy!-7INGP#+ftV+e*N!p)$5foQ|
zg+3q~*?_1k?I2OMj$13$dL<);6xA~(0^*D2_OAC+S+ICtz7ZJxC8UKT<?w9g>XwIs
zFn?aY*uVsB0asbSG~#HP-pp0NscPQ;_KUJ_Lq0hg$Vm`9u`K#_B&r_-s+q#L7ToJv
zmH<{7yM`#q581lLQsI|dDZ9?=C&JGNDN;~7sW2o`diu7d5kJvYO_Vkc2CiyF46Mst
z5bvhpVdzm*S0UzT?|j%6c<yqni~i^}3aednE(I~eWUy|Ag%A0(RupP|ag}><W<*DN
z&)LPGKD+&pX=kvH(F!#JLlgz|!)+NVUDqM#pqrh4^0(fv>oLH58io?sj^}Y8FsFXb
zRX__VGoYEyAh&!bDXZJo$M2iz1w7&I=1EiyRLRn#M4X3AtXxLbg`G1wa9Y3;q$N!r
zUmqsZEF5W;%(G(2E#^&!P1mW}>6R4yF*Dl?3CdS-XmXLNt}4s;acSL3J`le*7GtT(
z&-2IC=cLNUCkZ7}(jO`4N&FaeArkMlFhHF$sS_REEFb&RegU;VSQ;|M0}M81z80e8
zfxxZHx_-A~3Nkm?BM<LC2t>R8ZUHM?&&&ax)}{0J0ZfRBLU8c7YQJRP-mukC2(XnI
z1+{fE7smxGw6dHO5O1nxF>TJ;C4v_6C<5P-@&@WNStPg>c=}L<{H(DksqJY3E&muV
zMls+%=V}t&t^_vCY#WjD0W^q0uOcxFwVW_-7>G{PcFv&0|8gm>u_UL|Oxn9c_%42L
z>LCH7zgXMoN8weEl}YUP@8Oh!YM%&+268bLzrV;z4V5bOg9da-+`<c%a2F>a%OlQ1
zhLt1LC7p6@SHUhA(rO8&>?)S5B|xUWf9e!7w68{oYwFE?S0y*B0nU+3u%Ky-;{<=3
zeA4|y`RROzz@8jL^H-<e7Pp8nmjF}2Gu$C^Ues3RF3d&Ivm7x}5Y|H3wfT!j0a>%$
z4lR_#FSu1>EmE%%a}dV?gPshbkuQH?F+oCkg%cbhe)E%CupS~6JwR;mZ!!kP^)Rbp
z+Ty^+Lg+zLV~bA%6A;+=Sl|Zv*;LiD<u4%O?`EQ}g%W04iF}l_8kXqVb0FYOl$9ik
zg+vEHK`Y2ZgeT(Ym$K&Sk?<1IPjA&8Bgy!9Z>kTx>X_tQs%g<Ow1k=Km-wE6vUwKo
z2xVxNK6*enL~C$37T0|0!R451PaRwRg%SOhezl#mT%r68AAp}m)-P+}8rf<mN=OMU
z@3JO4h!k!e6}-5^xpF_NA;i?rt&lw|xE<<b`Vm}|HotxAfj9=EK&vF0C~p*Zn$N6=
z6eWWmGxa;JjKfAyIZI4Hn0lTzu1HoeGKZ4nj~Q$a0-y7!W4;}gAXhAUu8px?FCMH6
z?&~g1)<Axx1^~MCZ7vKVj37G>?LqG@!H#@EsUF1VK(W+Q!z^lqA|6Kp4ILeMB1(Z2
zqd=ccIfW@KAN^tyh9dZuADV)TrL2VEs*Io#l7Sr_UI&cy{xo>%bEJ6-R<ckCUFn%K
zNt2>hyw}lcqY6E(s?#dDyviyqNP8CM&LZEczl>;|4QSH#Z<u%>ZI3Ino*V8up^>k!
zQW<+t@OSjIn9qY=HFaIl>L(jKUzn6m&+~V$xmZRk5|&3_qkA)$MY5dS9aMbQx`Ni3
zS((+2<3<Qvb9f!2!Yq~_#vF`p;bC`7tJ|d_EVo~ZM7pZ5HR)lV?BC<;)4&nZfkRP;
zbV<(L1P<<S#Dv;ySz%n@t0^?Y$IGlZ(B13Heqq}*U8lJn)y*<#<ftpbuOZ5{sy9VG
z6{|!}TCK4?*k?vXI+&C>(1jZ?;FN6hSI!ZzE;*JfeWPNZ;9T?8s-pV^MRuuB*`?!B
za6W{xcwtmQ9i%u|INO?Mol#;#waEW)GO)tJ1?a5=^Qy2%QTGS3T&xSnj2ZO~1xtV1
zNJtA#kWZ77C*{ZQsC0aDf&;+?&37wI=+e(JZ$`S3qwxH~25GRgvm|Z&7Qws<5qG$6
zi9zrpa!2L}BVO78mbO6|YOQWl-e1};oifgPtlqm*)R7-;8po0beY!I8<cWTO?V^;Q
z1k}YS(3?SO$Bwtb_n^g%L`l$F*?TJZ=E(m=${@8GloLRZF^{W4!*HNv`Nipf-ASoT
z_C%GFM_tdgr;MlH2vV#PTQy$~lG1!kz!vIQYIXvGaSL;%SGRq_Nz&#mNbiVTu$N^g
zs4B9<pV_}psR8=EWDjNfs1c2#$|>pO6_`rmuO$*Cjp!`=XkzMr>!z2psibq~qaP<d
zFBCE?(ASD&P?n<%c@+X<W=?{MU$iAJQ`r_R462$78t*?R3ca|C_wXiPM%SjgEw)91
zH;xI|IoTIR&gIiP#+E92%rh6%w-!}OOp4*SprOQW?0+#cj5=H3rm8qA8TFny16-4H
z+r1;l^?H_;N$DeDo(9%X*JaC2pfwz!<7!gNj(zq+7coWZjDK`tA4^C;*~V|&dS?ch
zMuibwC(iIAZTs$iQ%(CQ(MG}}gTED0(m4(j<dtuP++o;5=D?C6WxLL3){uk~QD=8_
zHPGhMq#k}f(35HQDQai#`u%3H0EA#b9o98sG<9*Kd%D;`GH>!LFQ2w8A5a`x?s911
zo>YG3SS32T6eB-{uLX6y#H|kbG?Q72=B-DUu#q2~bM%?yI5J;^{Y$}9Fj%F!rknVx
zsL3byxX?ak{7Y7zA?jG<4)vi>o;m$>Y?2r$T=%z7-uyIrDBOna5ZGPz0_MISgx=6^
z)u(khujQ?)P1{V^2q=#i7u}=LG>9s^KA-pJBrGuB=4C9Y8u`?_TN|?$kD|Up&j=Ah
zOA+%~j|u1Wa}#alYiv$?T%q_uhd~Z~qtM#xiDJrjXZzKsojMdAR8ev(MpY>h7?n3W
z-K0eYe^6Avaxzz9h+L>c2aGCEak;p^^r!xv1y7787^WgCIDov~RacuDCpTa5U~Z^k
z(s?(q4``QRC9ls_!7DdVwMfSs-)Pd>#qymrH(PU{Nv@4JZQyHl>RuRdQfZHFo|dGm
z$7^4s0~VS$dRI20o|Zo>(CLG{uf5nbjn>XnP@sP;lrvlh`1x%60%$_A*JSaVnKB_x
zA4qVbpPm!(GLZO)g`p!0@O=IZ#-WrQL@rC;`&6}bNT}keX$A~nhE;cpR%Wj`Efd%=
za8h^^N=RVMheG?GZ|(nSB>>z#rp<6K2|E$_8g>-Iy3HW`lA0PJQ~Ylh2X!%`4NUO~
z5z!+~@TbEzovjRjkjJY4x7`T19*kIU9Y0g>K3>@sp7EeQbsX4`ND%*zneQ<_W(I!m
z!9P}628N%;iagBpp}fb6;3v6+ji)gsFmNVv%({!F3hTKcQ%JBuCSVIzBTdN)G9-?I
z!9*w~V3lUb`=pf>7#eB#bJCc)`9N8+FYv6Gc#Ti3^PA-YE%FzzM9!2=S881BsS<M(
zfuf#_f!co0c*xmP7N&JRb^rkdD@{bW@W`Z*c&BO^15!KGbE`8nwUF|$ZHAwS0lCI4
z$NIId+OCC$jlDCPx&hsA_dpc9tkYKWbM%T`AH@?Q>mc9a_2L6{D^y;>aEXQ|4D{QS
zFU3qGYBDacla<sI6+OzCMu`zd_CaLUw#?5tGh3z(!K`#3KoWinsU$QqK}24d{sU@7
zo#p5#);e!cJ*Jt7nJf6Pk+FqYlSTbkV3-OW3q2eKVkKvXghn={L1l+7)e@-Nzl&-o
z>c#{9il4f4DhPJun$4a4Q}0QvBVl-fWm!rp;6nlIO|-xnLH9k*#uHyX5Kf4{%Iy3I
zDcHr}*iqPEgEO?a$0s?d$mmNUinP%_T)(^SIX=3=hjyXw-)}^F=ROlzfc<wcjZhIA
zBp%U3U`7N|^}&tsOMpVds2>LyB}SA5R^}-WC$PruEIa-w6#SW4IK80ZK3|_ft5k|s
zK{N+Y2R5Fjbv9wRtCpXYpLyy>1|C!;4lcf(D|0F*TaN2Q*UgkYayA^s-35hIk<;D$
zQT0p->f4B_3Msqm*AVHr#>5b4sh#@qc?Dh`wI44Qik2^s9C+l?(kIF3jfG7VhIGqx
zZAr89jn;d8j#xETYRsGxNmKVhnhP;xcdr@1W;src<d8`T)hw2<4e6;}!$g2Oa+EJ|
zk;SscJ^6t?+eTwZZjk<|+oe`H(1?c7n?&rg$!c6m;PD149H`{Z5~BhU<_Sd+7+m;%
z&Mi4kQNwCN;-sejnUY7@#tkq<=R~08fKnqUJyh!FZc?|h=N;?I{{llrfyNu^{T2WW
z6vpDZ5!F7r!2Y1?xeFrpudvgIHx6>_eBF`KnI5-dpyDH$AOG8sLBj_xGR&L1?wna?
z2OVdakhY~U(ZkilAg3hlp$NK;k*9_T_hRVaIii1lXvB(k?z$0mO1^BD8_34+{a@KZ
zd5IOLs<rJ?vr3w<eWBWFrgkZPz}^C|?%#;T>C(=(acLJ^$Ed37U=02&Q-plb=y$3t
za&m%1uLAjtH!rOtncMFsYx^f;c9)L@sf;`{#-e*T97{VlEi6J_cfjklw+iVoX10G-
zO#aqXO^l1Ct1op6PP)IKUz6NrzK2Y>1%u)2oF1^P9R2))W_N7nnVh?(!5jt>U;U^d
z$YJ<ULhFU|C6HaCUtottaO=3TGVi@O1W7A;B@BvJ?A-Es8V{nY#e9g?pp}F>fi42^
zQzS9QSZ7x;jD@#Hk-7M;5PX<2Qu>{k2Pk-j_Qtgqd)#))$__1w(>^Uw2jQB7{^;T`
z&WwS(It6<3({l)h`Cloy1-U?%%?<2B7nEm$MRKZ-K}vX;>hpYXi{A34z5cLom6k9r
zT@(`;^e3v%kvSx96bh}&!uqw#mc&)qSEierpu{sKCm7kKJ?^7b^G>!vOgVoGk)dBh
z9thY?L}yEe7+Q;<4w0u-jXgaX_+Z~7g&d>Iz2C+P?z#b<a&l)_S~ft86P}-DWr)yU
z@O`mDd7N$aTm+!sLBLq_W<2`9FJBK2{4>zlUzJ1oC~21D%bWGL$3f?8%D=XPNHHKy
zIpJp3gQNsY5dAuD+wYpJ+ml1^{U<H`oL*18Cn?I{yy@?hl)-i~I-9&eYzI4iMD!T-
zjM*bcEB2pN>V>CS-53D;3&+0t-K|3NmSpQ0PksPLf1dH_zh8>^Vu6bf#`OO%GXGaH
z=D+yN|2MRUE<H5gS*+`NdxMD&?2Hb(M}LLT$6>=|zlu83ijO`Q-AoqJv%1jy<<YF4
z(t3|o_}AYwSqJ6@r<cm6Fyna<+D+bM-#@X3UC%4#KW5_uss~S|c-|n~Zs6P)nYx00
zT6kSb?vFa?exP`tu16<@6<^nHwOuP+-93-OeRbD8^J2dlp2ye94*mZceE9QUkUH@V
zvLQvRF(4pVARywxGD1~?dVc?<^I%|L{)f(s-(VyJo(Fq+ka|XYdh)&*23#{S*rtGE
zM=;1hC4j3ieH#D?ldyzfQehMnmhBb#35spU(72@!Png1~jn$7iG~&mYrWdioAC%4_
zN6iNg6Jp1}u)d?Or$#j0V=IqVW=tp*39@XI;Rz4F^8+6KEf5<^BPG||xfi};0>)|G
zfnX1VR4TzY)E5*)P7)dht+UoG{2yBNAH3@S<Ou7FnaGJC{zDS_&nY#}DS-l6|I<s3
zyaOdj#t#I8hyUNP!~eKh{wo-~17-WK^>qiT_+Lxq9`x7$>%0H=dRh<|Y;xy4D9r!n
z+y3YKKd1b<2W9%N;D6TqCxA${4F-exAJzZ*qRCbdpg2HuIs;nZ(+7IU)Z#NJi5{{@
zSy`Dv@u`^f!X?r0BT};-@gKp%tz?riDdSnvBhTR{t#QMr<g)vzIkvIm%xLg^4+RI}
z1Ul!>=nwLk=ckwU32q)rx>AOY$^z${xF|O-C3eR;XKxEu)(Uxqg^D-?r;Id>Q&Pbt
z7CdO_u|h!Ub$W{Lm#QL6dlg(814EM!hqNL`8ywYhV!5VfRKm7gl6}eyKdxR&&F}s%
zTGpB~iJ_FU9MEiu=sg%g<cu!Nwi>|%8`_zA!gCy^;U4wT%g(FGvue7G=NJ3--;vxn
z<7f(!;~BLt{+t>wRuJ1{{Jm^2SNI9m^ufBLhc!TG2fA%Z<qK`AKaBG6<?nI{&_4Js
zPDa#>$4o;RBms~={Bb-o6cT0u{uHEytJcV)+kVoK1#(pY8h^tFrPtFt<7dn8>=DOD
z*!<O949>Ap65pKy+pnluYHv2Owk8QK%AT8FUqsUq9(?NRQ@)AKe!U%tGN54~gdQjg
zxQaj=6r+efim-g$l>dUp66Qurm)#!PlgLKxA4*X6N@uR@=lBvTmGzKA4y~8GJoU<@
zeZJYczPi^24t+n9a%L48^9;*5^}}M`zRZTDfuw>POY?jI7X=wM*1eAg9E@T8-F|L=
zdVDO;Gn1(=u>VA^Tq1n%B`638EX2RaMfe{C_J4&$bIKDa7wCT@XXzOfAFxtAZA1C=
z1_HyYU0NxHd6F6*DsC0nU`Mz{FjZHfN(#hf<6xi9t_pnC%5yRVFSUp1DWr|#Mkko3
zrB0{$k_mr#^lCvwY#Q40MND89;opICc8=bAOuaZAPOkwUhVkOtJATt090N*Oa5SXw
z$R-S#VSTSR(qxAXJuxssfNvgBxZgc2O`juI<+ZmXp?uS)u{aoK_vl1H1nkPWLG5$x
z$d{gH+N63?qI8yZuzQ4z-$`!SV*XaSK}08|0_tM8ctUEBU99$3=C3uH+f1{GiHk+V
zwTrFKbqX~g0~#fGjLjsydST9*DW~olWqUAvfvNrQ<0%6)qWPByz=L7bB)d=LM;<V1
zcKA5QLRVD{81s$)(sIU=-Iv)Jva=8Nr8nV%)KxRS+~wHmwq?k?&}mA2+ha<Wad#QQ
zz&rQP-<gA-rNsEj(h`9jVS1=?i&Z=?pD#Rx0mhyZ{Un}EK!k_^;O8B4=kV$neAU-F
zd#E!(@A_9GGP_LzUo}dEZaEQ^xT{h?f`=Eqi&tj56upa0$NpqTET@jpHj3w~t@yxc
z=(UieiA_lf|HMzy_K^a^oy$bs6ywim$GPE%K%SU~*)!va@qC}sC>5F{Qjy&lZ}>|^
zae5{;K6OW+DcqlX^!c*!C?cV}I+TuVIeyuN!!uX^gzW*)i(J0iDfIO5<Rpae1Hw9#
zVU4)DJinX0;oHdBKY@si2b14EU^0rLnD%as9@F+nuLvR^BAV!9jz9ld&+c0e#ek+w
z&z`pTUta+abkt|)b(z>mhmF=Y4rfO8J#%t*+MseAz0wm#x)~;MV|t-7)_`zx9SVu&
z8~Qx?OTZ5}A|w<~q)BZK3PQyz<FzDWLD?_zvxpSHXjxZ*TZu6g)?`;1%7=&Y2cDd;
zC#gvz`(e!WqZgwQ%ztZ%8M9{fp{KHFzz(L9$y19b*6Tt|iRn?r9P}aT0y}Jeez>Y&
zw1|#4m|%u3x8`6FscsbRug%hSc-ciRUva&p*FFVg)9!{W-WIxWY0tmbWVzT)pLFvz
zwrYPw=abzWBHv`5Dd%ftaHl2N-nqo<R3}+9T;y7@pTA#~vaVr2?KoUES+(P62o#@U
zMQeMg=MAF&(D|_^KY7YIC|-Tq5hd#Kv?p&e=h}oxT>rAGQn@g~pfZ_-`qpYu|FKHL
zK4u6gz|y90g?PmT2C1z7K-1-3Rp&trm4{8I*GWXWT2L$7+Bmg8RDE0Ia11bcyxPdE
z|B+6DubSEYE<bOZm{C_-l590gL5p$rYtdW_kLLaKuQ_+~Ri~~rBYtEk+@9XXo!v5_
zw^-J2XJwROM`)1r-08}bSFxH|I!1+!ZR|PFjJMI+kaCwvwp`}5fR6z0B5%ou=rzYa
zy3m5js<$<U(WG6mV%2Z{NG$^xIzoMn&0%w@)SEbFjOD4_hzhHXSDd8b-CpA&tji5q
zZ${6z($xI&Bl4xzCs8Gp5`(jIeAQb=3yP5>DM0Co_jnI&>xhm4XR_4YhTgRitnvj2
znLRk?&NU)s{?>SP*9Gv%37ulS=u(K=eBl>_A>gUsJ(0L93+h)_vCKt#lGGZQ^Wcg=
zcrSt6=0#~qjio0g25CDAZM$H-QT*sYqzZapNKBMe?@PvloK2zjX4<E4&-s4IT%d^%
zTwNj_Onb?=Ii4IHN5_d3#qR1W=$Q!^vu6Cp?A-2ci+|>q4EToUgaOgs@A~{EN5n&@
zn?^`?p;qS<k?|=9qKFnlPQDcx1HD#br0S=F&<3NF{|)hXp`zg5{(Yd1P#dCZVwQ+f
z%*o22{u5u)IX|unO53KYVx*ckoM%9R^pO+IZlAGd0JB&+@eQY;hKv0g)Jh3pApDMU
zd~>nNnKzH6u$vV`TV$5YtMaPIjtUh5eT-U$&)XeR465uMqahghsyp>nRD3_pmAK~3
zZbW^T?X9x)_|?Tz<ukS9W+h7OvSz`PhdtK|CK;IDl%NFy53<W41$R=DA5sA#?uIRn
zpe(Oi1%vVbaP^i!mHbY)Fz)W|Zi_pMJB!N#i!bhr+c~%{?(XjH?(XigxXZ!e^83Ga
z?}vA)rshc}=}I~?HR+_g^Fwn86AP1=umlVT5-9az^<LJ)UsimA7F?jtS3W8>(5u9C
zP)TunsD_f8S|GQ0zLXrzGq?}P-}tZ+TI{uXLm8)?XU!6n!UI~RB=fbow=w*a4}Ng|
z4S-ofrM_vJE~1r(oK;S;p$aMLjrL2|f_IwLB`;zXk>=75=Yze`b<@n&!*Tl7skS^I
z1Wed!0-LcLT!?3TDckg*I#RNb3kyOY7Smv-?JhbC4voPGmp}|qDG99ba4GyGGL$FJ
z^SW$B<qh22bNxw6->$Ycq;jurKHGT7Tkg411c)Vr1BY`=jF1m?XM3KjpDVBAIB;XV
z#izEcf<zr_-BD#f{3*(|ljxpPIqiK;1q4X?kKown)^$D-{lOa}u9IW=*|=HMo9f{t
zN$qSw2P;-M6*4NZdI{Dc3=vJ9p$@a@%7&pnqij4!{nQ*XoKiog3YhN@Wbs)Y)tGH-
zhmynQN$Hz1%Y*r?ecYa*UJbNp%Tdi7+|-jiyQKie-d;q*#MM(6mXwXfM|4!b0P{|8
zx6#Chd=keziJ)_A+F%5cVO8=)^nRl+7=8Spq<jZp<W(@<^9ZVWRC{)--sB&cCJPlf
z!6>?+Ao<1q6dh1WQ0k=53**(&c=K^Q`SaHur_);3#r)UoXmj~5VwuA-`Iv%+)u!tE
z`_DKi7(Ot$pU4R6FMn&c5d;$}xqx&seFg0p*CJXqR9ugQUE-tcS}quILLgi7o0PvN
za*}+$#-Yq7HSyi|zn+l6W+6~x#W!~8c4RMg6Tw}2b^bWMnFb4Lio+8{au5sMO1xDU
zgjJNpRUxk=u&2g+z9ZKra7`XYw$OiUazDSCt-XpFfacp@R((DP9bQS5<$<tpG?Xyt
z_FoY?VA=lfJp2DnR=y_Q|L;QhLQc*eHl|K2?zT1;dS}t=+!&u<^Ol{wM|vIkTN7IY
z*9d*z@4i%>?KW4|qVf%u5ljei9Zh%3ZckX$v32Jzag#2XIhB0ke|X;}9fDCG9#BJU
zfqQ~`9ig(GJlFOeegX3_5{_+Mgl`|$@dAWz4xi1-zZ=8FJ3?hz*7q8mBW_c6`uxT$
zYj+0Pds&olp|BlmWoB`3BiMh%AQjimi5=<JRJp@jSJ=A@RV=gI<euxM-Y%WynSN&B
z*Xs+6&34(Fjv?|dmRHMckA+Y;Y7HQd0=dOaH)8f;22O_CdyAOr2OV0ruk1njgmKj&
zAKu?d*~>6^)xB3)l<>5$P#pa&%?D??Z$jeSBIFmezK@khBwRMhXFO^mGpJZ=Mhv^y
zO9)mmm%;PUT}2`f{mR}_Spa%U$LhO9j76F%n)SPh{Qh)*Z0Zy1x>(2kS6Rw10o<>6
zWaVqt&qm9WD8z2@V|Rp{CPaO<kM!Ce?V8@lI3n;`870Z1QYWC*ji2+KCWQ!zAf;EJ
zc2k74we?`1aFn`Lg|9ok$`KLpW3T?v`s4givNX;mQ#v*ldjKD~cLD79(&X>sHnLS#
zy%)q`B)p;Bu{!op!E5OhLKjbgAaKmaP>!KEtvYetAXX0{z_(D04vmyOV>lrYL(^8p
zT2xwFjKxB=0$T@>3zlGCLZ^fvt`=Wx!*+Lw9xVPhVx{Y(F4kZP=a21vU~t0W+#=*#
z{;{+!XFzY~FLEs?&0%bWTEbmc`bz_+>7sDrk8}hNo+spj4~GpFcoDdc6yU+y&}gk_
z1wpP|Sr6G!FEg*p%I4@dUXKA&B8nrSEhBMhpfo=Hhl=^WX*H3?%h)qpw94%my|PXV
z^s%c;*}fZ<BsrV&2z+&h8}E-D1A7^r7%1#&qOCK+x^a_?03t8?p`?O>k(>ZE9}0$o
zTzTy(twJofNHsjfmJ(x9T;O2oA=hk0xJ}sh>P3<SuaY&B_OIX?_liBpC`I^t?%<%L
z)M!W@F8cKGnVr`+|96YjP*NpD3B{(7l`G0jiPNPQ=L>@c9@t*Ym!<nRaHPU%Z{;qM
zyPMy$E5`xj3xAm8I(*Xf=Qewd@>%w=1ccozih5V2c{&dW*S<_PkAQrUMACs;7RjLs
z(oIZMdPj8Y1G^%(;oEjF<%rmX?3Da%c@v}3NVS$?WOyHToLP!9?mIJuIGWj1Dhca`
zT?kr`=8`yG7Gu=fqnb$xE%(hOsy50JAQl<Kk8Pn1<PO5^>}N--0@C$+42WO2x8Uch
z1_-O6?c^SBVKZEDPQcfFmP={=rkNf@a`h`$-Hsy7pf*grsqZX2EYmldbo87BrgYK@
zcU+wu82{X6s}3TDHp!w`cPr>dxn*2?4t^fuiGD!EV~3a`i#rk+5s=IUYT;_jQ9%0{
zA{vU-`TI|>q#GCaHA-w@;|-<F;UAm{4ojuhbG2iX9qNO#Rsd^4g++6(%&8gWmD{#*
zxv+K<umjOd6Zu5;9#O5%TLLXc-r*GW303Q9aq~<QtfulQ=D$;?J~9#DWXi7<M;5@*
zQ|(T^y1H>j%U}0y<r=fPmX@Tqtd>%|zW|gc)h5SYQ@YYtL}`&kkJ3$=dg<?O?EEQy
z{?MaA<T#_+8Uo6_Wm!zRTK>Fr4_ILCp)=ZG^(fwDLO+#aTXB&SxUr*2ES$}VT%*vt
zzk-pyOd21X(!YLbyeaF4FVE#+P1<J;S4$$5$$@4rveB|3U{Yd*$uhOFW9{WvehOZV
zJHUFy(%IPur-2_s2wy99JwN=teM}@rp!tNpKfydokPIYjqm-;XS0DBaA?hUUF{4P3
zhAiiZiHEgR0N?W)%(zFL(Ba|Lx0ef#8huRrMSJiJoi9`GRnDuN!)>j1r>ttV!QT&w
z^@i>aWRi96`2ABiAwUTt(cDHfTQN1g6i!|>$vJ(v{l<(^YTv^Ljt25`E4QF^qRjGl
zuE>}ecmnWzwwCu_J}2w~!bBnC%bTOe{8?oE+-b9d<DYW-UN6fIrnB`tGudhw!@Inp
zSi0dwYo_qmz1b3+ihUI#5W0q4T2yH>dD>s-q!lJn>B$VD%r`8P&J~nO8s2W?m$V(s
zw?*AheinRS$TvBQc%h2!;N_i+R-b^MIIe>pkn}(&=OV~N#amgF1Y)lnar~qaEEj}y
zZ4a~k)l94YXlM%0ebWY*z^a&AQR59hNG^)`w45~tts%>*s^dJrEwwks1J@8nMTd#C
zvy2_aAA=fbS#jRw7jG*=-vX%W7*pNh0R^!evSfD+G-1ommAUQkb-kY#;q3avdIZq^
za*seXveT&GgP8k*AS8oFwgbF3E%UlRn#U5I;r5^v|NfhA;8J>pl{;l&gy~k<L~hW{
z_11xUF4<Qe+o%d`T+xFp@bjl6)YoZ;m7?nk>P6Ed$vI@lQli%n%4om9VYJ}8x|tB(
zO1rAgC7Y2A7XNt9!|=Nc$u=!kX(pWnUE_a6Y%#xo*x_h{@b>Qs&mKMC+m*g7h?c&u
z=KIHwt2%jp_)8`;QPv`cz)jrh?SYI7z+dq8ymA?zMO##Ku7s#o`Llsz%67OmS;S-x
zIdXJ4V90!n;iV{M*Nwbirs4|2!2ho$4|~zK5qItpUJg?`@ZcY!R|(HdB0>X&O#&cb
zV=jiBvQ#yOzInOz`Sy3poMTHR4%f;;At~cTPzH80V1;@7a~mIL_LL)ar-*i@XvUq&
za}rVYM>7Xo3$gf{=N?!i;Kf01>MWC8p^YfV7EcehelkBKUcB`dz5jqH{rxd2;asGw
zWx$G=F!6lpk5az;by>k7S6Z~)Sy3|3>6I<Ejd?L!$?MzNM1!#_ymZ4zVG(VsU1UiW
z?1S2Q_a6oOx%|2T^vIlJqX53pIX>dd3&d%OV%68<yS#l>K=u8B<4IywBDbEF)3VZ|
z%ENjKx3tSg<uC1dn(_j~Fk8SlU7IWaT1Tt3n{qOJdzn3P=w1y{;jOm0ZS{AcGOCR2
zDRK~nSDjHE<Io|eN7sbt`sxwuyVM6J`T5QG9kJZmoN>KKxJ-D;wit1k?eAXK36V9l
z`DUy%@mh_nt%lP&Q*pIY8rh?Z(X8Pn2t_PFq!+u(y{yy`e6uBi#w#ggQ<B!*7=zrj
z9;EQRU$vtNKsFAAbfuHozDgIkoxro8iBtjjg!DniPpTIV3X4Gbv>G0rhDJPEZ(sZ^
zsREG$`zuV4f`XIDYUau3B7NHI;9hK0w_!kb_!mPK==TyRhyM@HcD908V|yQ-+gC&m
z1DK=zZ!#FtI7vQ4v*tPHbGfPF_v)KDLPxg{?mJlZi0p5%)v}0j<Fnepsl@<TpxIXP
zVgQu-o$F<8UCqnGMnXZ0hI}i6xR9g?*L2HWqM;SGIsF|z^vbpZ>-*dOzpa$#BNo|~
z!du+TB;S;JKIE)%up(hnTjTP_c~!!nOvnqhbDI$db&rJ!o15$O+^gAp^Q2Rt4Ib!@
zkQT3a-#ff!Sbf3%2=f}C=$TMN-ypeuv6FH}=7-S=HmeAoT)W3QIx|?r-4YIiGv~)P
zUY~SVY!NICs7eA_8k%lN-wTS4gCN&EvRT4rbeR<M1ijBdF!U>;)K6QZlHqa9B+)$1
z4YbfZZP%P5spzvo(L?I%?O~m$K7&e0>6l#p1}sa4LQ~#98YYs!*IXhmBKc;X-f>QS
z-%+gsmK64#;NQ$*iqqLTmcJfU6PK|F32m+NJ>};Wm~R`(E3dbCO=k>$4;%Yu79YN4
zOe{C--%gre3^8}Uv6OMsO3{Y>oszU1aP_b4V3)6_0B|G&$ody-0wfzI5wxgeM@Y=9
zJPwwx$s6Yvj1rK6B~3<;>N19^p`S=xdEeD;JRaEC&jRjbl*Zjx7f-q?vWAY1E$@*Y
z?gyD{ZukD2BBXZF6;#En;|48YvwNw?=#k&y26683UVSTw<(Jh`lau>3Gvb3??M88@
z38h7pSOG_Wa#e+$4oo~mrxtjDM^vF>#IbV;jTPNfFOMGs-mey3j80F_-hh(PierED
ztT5%+WLXu&^(;g_)I<TNrMtOJw4yBvRUw5`FdBG~oj{pNZ42cJ`djn)FAz0EMxe5O
z291TS8g`*RH4nz}x+xQpa^6K8@AEUVi|KC*{G{C9hp7N_9fU&&ttC_|f7ablkBFa2
zqFGsPDWXJxvs*UUQPP;Y+?BGrS3K)40hnXD=!)p+@b!cqwW*1k)#a7*OggZ5i7Zsb
z_piYa*Hqt}u#zive|A0hDd(q<3cU>FOB+n@c>QSKNQM`BSsozwC4s6hjqQ?<EJVE;
zN}rNW#Ns#U(j{S(;y_Jq>S~^|04Jh&ud=jN5;Zpl5?tj(sOJR)M9NHfxfE|2veV}^
zE2n4A?Xpa5=84-jESfJviTnKvt2!OOvumVJ$OiK#hphSuJ;a$djig{9+1+MxP-~Zw
z8`^dKuPRu8Oh2n%l{^rEW?M@@dyzc9*r1UuJ%;F7N+5{jR3|0~SxVF@qaAX@dWG+b
zsq47`81}=G%eRg5Lgm4MuDAJ8Sw~5^P^nap!PAlPo83P`N5-MxOM|<S2*CJ8!|N*m
zs<qy*6apV)#KcBk7Q`$&9(jOmB?I^QD~YZUeB%A<xAUnD@6ge4i=LkmRn3*cz+fF>
z<X<BhG#5KpL|2ejMq0wnB5>+t3|G|hAxW1B92I#jVbKrMP4@Q-XTFi@ZmD#t3se5Z
zu87*v<K(lAY=-(_vpb1v@@dA7|JppiN>p(DZp2CmlO^L|@naVIw?aP%SU2lHjG*o4
zFHUl}h1{o?RsVZ3I|7F5!z+XbTw8yQgf`OVYIF?!fo}d?7Vv|{)xx<NCNFVO2Ww%-
zh`$J674K=4wH=d?)x9%vm2r|YCau_n^{cXQc2S4Gpt5juQ728mvT(h;k+WS#{;s@H
z{bFV%ogmF;W9AJg+4_n3-;#Ufy!e9y3K*D%>HlAeZ6-y7m<9*_w_Ei8l-VzU_;s7u
z+c}%sIsZ?g?OaXTA4w#8`flKNd%omY?Z^V=res<mNJ&ANj}@WR5>n@^&d){$9;fUJ
z2JJg_?R^~oseCk1GOf~iFD^V`{x5k#Z=xoK3~c}K?}W0O>@Jj{*<;%3X7V=h)$-5^
z_~?qp-}N||s&AiV*~D|pJe=<B1p2sq)%iSMr~MqhdcRr0U)4$y)|s&RRu<{~&Hr<8
z$NF2xUh#GYGsM*xk2r0|?L;cEzGOZl(9Y|&y!?J$ixc+~LkiXI-}K49`{meo`mz_c
zuJq?6BF*eneMO)x^kLoU@DmFe*ZcDdu=?euc&0Mar{~4SPHJk5;d^V;<4t<KCDvp$
zLFB(b+6GOh09MQ6fZiNYrG4n=y~o3dp2Fq|m3~*-3?`dnmrnBS%+*+J7oR6PPuVSF
z?uLM|5;jUFTdn?A*?*Xh!mGY%vkOQJ*~p%J?VZf!FQBH1`(_S~G`p2}z&@8Cu;A14
zoq-Rrx8n5IlO2pkeov|vO#HSY@ah%Nq5kIkjgEQQf_okLL*M~acl}_xBjFn3>7)Mi
zGU6=FHuSDdGPfht32wh|?j=}s(<?0zNcf$V;Efl+*T9YPepPL-8C3+DP|$ZBGpORz
z$4k}sPX*&KqAbXiGMs)V3rFVwRw=R?HUD+Dowqo&>$-eW@8XANVtmy2saOuKMarUo
zu~nOFkZDTiapQ+qK?Fw;VVXT7Z`r2(<hNzBBXGkNOc{svY>07}TibmN2DhUJ;Rh;i
zCFXq^aXzUppMX12yL!<@qIcJ_3Pcihv(Zxhi&wB=<lW7UxC_=Rd2^%%EUm78BTw-u
z<0jHa*(RutY7wK8GFl10o$B9ghxuMk?ga%yW+oQ~J+z8R56SutM|gv35(8~z;`Do&
z$?G6k2{7Ft_@TYu?YOy}(FrYLM`|Wcib6kQ`@A&aNUBLf6F_E!V*B%{SZ73ua4`PO
zu>H~X;IG0(WM_>N%}XX9@Ug$TzWT;KS?BGn(3P0C$g4D{2zN<L<gvwOZ@J4n>MaBQ
zxwjCs2Kx1sUEGEHQiZQ?C3vO=MCWw{JNr3iI^jKydc-QannA<DZZ7xi^`hpjn!ZBP
z10lipi{I!cx3`rgA$n`mTc4$Qmnp3NVPY$0q_197rc#qeQ;rtOm(`oIC|8daNu38W
z;}tQ$Xqk|Eug#ef0%&$P<rSSC8dyKJ@S^E-N4{coiIru)o2R~t>RsIjIPc)}-&#Ro
zMm739?b;vF{8WIx5WBy+76CC)(V-2^leo0JB9S+Ebx7f#4?9pLwLj31{viN4NsLlD
zd>8h>p_ObfYtYCCye5SjKp7mD9~RSY(Y@kz7|{-6*E5IsYib6A8IxyGTADhZq|!a5
z2S*2fX?$2&5d!>Wkn|+f&JVy^v9tZ>SUi9FR{p|&$EHcRTGigB@I>D^QVZnblqRJG
zAERs`AiXcGW_p>%|DKtSV|_B|S-;5R@bDB#`m@Btqbu14s9;5AZl-t+^>?E+(U((k
zUjZ+BG?f*_l?J6_mB)HKE8UL|e&SjEyD#Ysw*+wEsa#h%hKWN)GX&!hL8j{D2Tsk5
z{glo3e#)QTSUpHr_T?szW*1~6ran3qY<hk*NPWU|p7|f{h6ULJjHQ(wYQ$|zM^Jjx
zb0L$l5Y89VKm`8v1|3M~WBzPR=Xa39Z%*u-v+vx_XRLVn0H+l--`vL)){(^Kwjw?P
z9C6yMQWU*U^&HICy6sNF3?yewU`g@@%Z;MT@%`bxFDx*AuBIV#l=J1#=D1z+(vP?y
zq!TdehkXUd8)sx~cASz$<o(V@@Syh^?=A{%8BJLZRF~2*-?)6Jz<?L+a1tyKiUZTY
zw%n|p1s_rm<#e(D+lvZokd7NKqo_2$_cSY($U?t5u*TiLS+U@b4x5WdhrzZ;hj6E*
zL~i0Yo2T0y+9QU(Ceb5O2d@_9^t@<7a4)8$Z>kWL{<bOvkOuFFN5|F;aBS9wA?eNs
z+sYpYhVx+<Z4>A+%yrzzU>KpJweg*&F(7n*C3JQj>w>KcHhA&l)vN{2UB~SZ|5s-{
z;}6Q($YnXWBl}$7ccO=3YO!wquNM4Jhlt)*0lWHL5a#N{dYKG2_g`BSrP4}ZwrXq{
z9m}MXY5w@KzIaxbLk#4PBQYwtcK-#oxcJXW6x*h?h0o1;I$KgSI(O>kv4^{1^$6he
z<#XUQN}IvEzePc~N3)m@(9o2dHVzN&g#DLI3_n2NtV>N$>;7NAVnx=N=jrNQ{>$=m
zhNprJt*vZM@a4tl6K}3mY}We&_544{Ov(HO^*1dtaGc)>5KdMC_lv?`8yiWVskF^;
zAOo?`Q!%Azf~)Uffx3aQ9DtIbC>}qfWB}Mq<PRPN=%I@MDnif*lM3U3fLEWz>#Stn
z3cEcDbABM{s2d3SZ8TK%rDfeRF|7T+7SmG7(Yu@d*AbPnWl}CLQ|aXY$wz`dD82Mc
z_z|kFV8Fdu=%PfKqIW5QMkT2P3{h7vlmRa)6@~}=nr{LQ#M6iLBInn7!)w>!aD#)q
zAY^+u#gQ<HCwu6lR)|+@8G#P3jxPh8l8>Ct1$i6dJ>sCBqw(lnWqz<oI)hYeeE2tI
z!mN=hVTR0G{|(JR`G=t(k?VL*{{IAg^JSyiAw)VAk6w*s-1(p2Zsedla)mA<)v4mA
zM&a}iTZ*H{UH`vfg{lVBuiGTE!Tj$%sx^v)nY1e(82Yw7%Ed3?cM{a`6B~+1s!A4K
z|4ou6+XJ{Nz1cs)+|CT_&h`01EMAZ*^z4fGPyI67udp9zqM2VrA)puR2bn0rX1|Oi
zY{%*t8_E}w67Z*6bS8k|NDIKHxwyi@i`B>Mr&w_2ds(~tsf24!XZXMhvAShHDVp)J
z*&k~CAB*odmqvlD@AKp0?i20BbR)#$*qZ{5Y}Ywcjay-ep<dT^_lm!eCR7?k(HnIc
z$N)5bTcYRnotQve5Q-JqS!MxV3aoecG9w$H4DvHo#u{N5Ag&<O9HBzaQ1YzsyET`K
zL^lAVzRca+poC9W)_$?KRojK2@$XH}0Yl_k<q};vzo}jZU)y|HyqdPhsZbo&Xj=9i
zrr_LzhdTIbDfx{+7}kg9gVA3!&kE(f{n&#sEPj~8np$AIXDfVifS5YU0_!uL*lDbK
z^@oW}v2I@xLH`C2sn%J3W$j&GZP0d0IBtP{JkZXB!6G`?bgk~|rN5+v&q&;@BEny&
z`%zBiF4k2aYkMicUIL_o2dUIprV-Z*3DR&!Q{7(@r$g2Y5G19z9taHgAI2UWbeh!5
zjdtvt+yQ0!ZkARyDjZS{XO_mD-EI^uoqHWM;(B9$Uqc#p7NgqcA7G8IX%`1SP>!C#
z_PoqAtecu{9SHnKu*3-IX{*#Vr9pn4Dm8kS;hz$%QQQsJ5F=1RIV&#mxmfk4-Qr_W
zRMM+w>?vh+%gT^-b~t^}16OR%IY>N^9CwQXM$D@%-dY4gnL&$nlw<zJBsYUfxD2uq
zTm&@VsV`1kG}nhCJ(q7zsVzF8wr8%FKxOy4o=&PQ<}`0li-&b)4+FBw?7I2^Br+av
zf}lHAolpKW)HygYdlD(1Dm2Zix{-d1bXt`NnJ>ZxqcgwGzMVYvs_0iLnn7?}6X<4B
z24!?Q*-uBqrxlyrboGx^3hkSI!5{0y{lqDPRg#B+!*5L$nTb(9tnBe4^Ocin`+eqO
ze_ZU16g8;|MgekAc)XBbmrxf}%&O@JUi|o5u-d*$S8mDJ#txg$nGKUfCQyYzK9JE5
zP$iwJ^dH=$R{l|M1mpn7_-Lg1Er5^X6HRYXW4F<R!Hmq=%+Czt!f`?h_XNTnfTEi5
zZn5`sk#~6#M*-|Nt?sT1L1o%xvEMouwFJq0zlxJGp2{Ny8a~b3V9V7d$Mb2<^%Gh#
z?^%df*xu-LobNJ?ecB~I`54=xTTkF!q1q&ot9nCU{Hpc)FYIYallmY{@qwV0#0M5q
z7DTaaHTkq31cc2b)vX}B>$!u=?a^uQ{c?Ih;f1r{IOrf+kavlq!jvS*!qs}c)0#xR
znx~GRT3w?f-~aV}WT5-c25FJ`PS)DnIqG9LcCV7xv_yBTv3#kO5{8dbX9VEi<3BQF
zwR<5h&6mdg540eIdm$H}7vL90@8IyVGJUY#PDQ{c-6Kx?KKnZR04QwP4haJ&{pbM{
z;(fQUtLiF7F)a>yWj`<5Ia)4hwsU+znTr$MRtssICTS0`JnkxnvCkHAMOFQ!zO4pq
z{USz_qh6IVZ<$AXp^G&hv6c(D{1f0ir#Z3>XaqFt{7A=`#YO@~SXI?Q3h1D0WM4}R
z+zyXjc>NXR^l66)bMx&-mAdPnX(j>muY1-6W|`Q$X)=J!Yi_W)#i4%;F9Zv#2@Dv$
z{q{Nqwtk!VWa#+)dL498>Ufmw!<Y8>N2yarDJ}Ry8Rbgk;4EdxcN*=aXqNF#E8I;z
z2B5&$LrE!gMfM1UbzK$J96n)l`J69$96oFqR&NG!r3f>9+f-9p|K?T4_sw(xzx1En
zMJf7~y|Yr;Z*)6HrKY)bdkDh)(n-2HW=@WrR&dbp!!EG;*u*>mW*K4P-{OknW=p;M
zoBW>q@y;ivk~dOClp&XA{qr^^=cUovV0Emp!K>}DbgVE?95ZywruiBlk`tl`<+Gi2
zlWIpd17078ODG#bR~c%YRlKeMZxSG{unT)vdJ?pqfq#EASNmrAmV8>fb`Xh<N3=g%
z!=z(gzeUvGX^bw;JLM`O?0OU{rJL)sSnx?loJLvp_F~!Mpk7m-xaVVzqDOc&rzU8t
zk9Ap`Ertnn0{`O=QRYUWG@UHVVS!VO&$&2<)O3dBV^g7F=Kx@;ur2JoG$ytK{RMm^
zPIxrXGPK*jl=|;faxQ*@`-m&2c4}O+HE~K#6gsl9U7r0lrzlwKx$79&yhzjs_u+j3
z%NIt<AG;6ftLI7^)=YB9N=$t8)4A>kB2UO;&#ekD@0UmL(O!DJCjx5e387>}<=>|M
zgC{#T<Ar%ixAOoJ#9AXzkk*UTNRtXZD#l)?3GhBLhcFxbxZOjL$A9ZZ6`q%LTbEwQ
zfXZ(>j>>_EWqVVu_YJ&-UL-Qa(d)FRZmbfkt+V3RViC33ny1?y?-62D({n1<wOlUb
z$<+(EV#SC(vR)<mw(BM@H09O~xC#j=;IUa1PqcG>ah+UuB3~WQ2=TK8R3Oh9+wNb-
z+Xl?R6y=3B={bS09MVl|g)mMpUdpdb6FsJGsw|`A#2f|%7+CG7I|>bLgxivu_0sPJ
zX#bc94^AMdeDpFpB=n`-)H!qw+Jtt&zS9A@pYobcrCn*lvemv*>@KeDgfgMkJ=?}K
zsQ5$k5|4xMA?Be|g@zvc2>l$QVN%vGNPtc-w}KUxaW`7%+5_5<=2-H@<2_+JgKHDb
zhTc3SlKlre^5ydR1Lt*)ZpEl~r5CBOl{TTBy7>j@?L_5UqaSz;QbA0$?Ob_3d5wT_
zJhKmq=A30YSjAF0J^HW>jQ1wz)RR8YSalW%WhfZ|$o8RyF=e8kn!a9<$_x}bjr@<B
z1lo+^&RJzNQYEUvQQ7vka4ov|OzRaqwB!@VjTKue<l1WbAjnaNm5a#Ae6hNs4jahP
zvbOG|Bn=ozSxv3)F_KaYjUCnPTn|90hf@^k_u8>QYn{-&z%r}TP0vlMMf~BmO%3J7
z%cTfq+^Lkc2`<c&G)XHTk36eem2(-lv%>O6*fnk(f~_>l-m0NP6y)|*ZXHQc$k!mf
z$bAwbP=1yN*QJleitdl`pS32WXs%oUpu>vfzrXuERW#&Sy<OjwlIiw=>feA%o1Tt;
zBw^Or+d8|d*z?n3YW}pe?KvdEnVmSz>+$iJs%nFN+CF*e#@cjl+-K!%pYJ{iUgyzh
zUic@w+VfhhXCvw_{I1J*UA14eaz){ir87N_8RWg?q2Q6=i<kc9J*&o15~Rl7uypyu
z4LriC%x0ttPpe5-J>b(FjE)dU<+{>S-KJOZ?8KhloC&{Q>uM#yAxZCN?fSa3lj2YU
zkFK$c=iIibzFSY(Q=4h=<v{I*%}+vf=Ax)EVW9ZCO_4h-{DWSr{l=r?*G+JrfAhh|
zD)bSnu(b^S-Y}Hps**A?)@lzZC5KKP!Xu|dTg9nIxjxU1#PDprAzmDqhlk8Jkbc$$
z(1cUP<mEo>W}GM)I^@BC3Bq@4z%7W6z%tV?sR*jSghsSNQgsn3OBA?TipaTe6OuBx
zD&>V;vUd8y6|D>v=F$;>QO^avb^)DL`KA1{3-4xq49k!Q!7jW;{cjeZJ2q9w4hkY}
z4Zo5zDF*?BZfF0jK|tRpX;r!9@u72=aR5cj<&t$7k%M;n*&Rb*(0M!$eLFsPcyivv
z^=#C<XJoWVjwo7X-9Y5~DisIT6{nZpR%J41h16^1d<jF$AEEBnF&FIk``}+Slog$7
zrdm`HHEPs3Ya#Vn|Mmwt)bO<oR(FPpmhz9U!$c~Qk(IL?SAb2}VjEXWYTX*<2X_^$
z`&GLJV=qgddG)7%H^QWihV=HM)+=*M3;HXIAIhdyE+5kvn7o8)HC%@5+RNvJ4(){e
zR9vJqCf$YbRa}Nd$Ir`;;m%6^$~e*{6}5uKDvPg6r%D*^s%RI!o+}Thc0xBl9EYOV
zP8nwxAE3Avf%qDgSZCTMWnX(+y&}|7=0cDPE<=EB^Ky&(v*({>9A&5HXD4c994NXM
zu?UH})1s=GvjhZ5bAQ|CGNyjoHziD++Ob^Nau#Pk<Zanqo=p<?tyEKr*QaB8ad6gc
zfK+l%?2pE(YIwZsqLC(D0hfO)Jew>VzkCBxASPX_fS3LFMp0n5RW@biZUVt#VsCl|
ztFIlj0oDe5e{IGm?1HH2rQK|`H}#EV$KDiM?}Kbz+T>`ZQZwnz4}WgfmMUBBS5;5M
zFC;IJo+32jUBZn0m2{E)QlM4l{9(s7L`U&H;7~^W*h5wj@*-P=87jtRRdsuH7H26v
z-O3GjfVKOfFt4UA9x^A96;TMo_(U1-WuTwkgkMjFbRQTmGyl?Q6n!|OWJH&r(<eJS
z-W}WL+#3Ac8^|bA!(K^?niF8cyp&gsBJHZHe4VZ4id}3)zf6C49S-vKIgJxIC#Zs_
zdmX0o6()bFOY)LA%jvL3Vw&qsNZ2d|JZ_CZBG+}z@_g4yS1w{#0m%G9ijUJty?1QA
zdLe?c5gSh@tq{rO%N4mH@6OipuQi(L8Mmsq+4<q3QVDSE@!tmumiL}=S=xHF-h)GR
z6AWsXRw$<~Ozp*c^YhpdT<4-NOW4*_Hrcc#bwzrkYSqF}yV90pdZY0cD+TQTst#m<
z+U+xo^LO#*DprK*dO0}n<pVY$xFs$R2d_VBW?^YH@8q;5a;Gu7L`&57vIUBZ5r>1u
z658iB0A9SR``O|2yL@UO0X^|S!!kx1$D>9Xh>uc<Lu{wwyP|>*Wd=0{LX<yz;}#9l
zQ+X*983Dn$v(}7`ID;MgM7GM!I>B*3tg;k}jF*RNoKznN#fQJf9vLw+`;MLmoJe|X
zvF;{9<caid)Rm{2@Ph|y8T7-I`UWRW7a3Jn1dxK{U)`0{k^I5=RU}dK2U@f(byi_Y
zWg3TR_vR@bwu!oe%w+nXjphW9D%%mK`Iu-km$F!e@s~F@=Nf5)4HunT;dh|;yxn60
zT$b@4i>ZVq_lg9VoU63YROjSXYn?f%8IXEF$cM+?sN74{Xa($A`nKj+N|$xfh2=(!
z!Oh2ciidZ@JN}mzX!x|go=sd|s`Z*|I{Ufumx45a;doU8fN2_wRir*KKE*fsqyL;y
zTNBGE$EoN5CgiK>4Be4!lR$lWSvie~w#n2#EA=mOa#6+~<sFi*wro!U7hCJG9PEue
zpg#TS{7N^_nyoUl(0XIhQ^jojk^NE9I78@q)!zdE`s3Q;L~M6>jcDhi`;le)LDn<|
z^DCcpyN(1?KS}d~`(zc-q7~}j+_-(8BPN>%U%Ww1n}_(3eI_wZBcNAOcLg<!6_yt6
z4dZ=lcj!z?=iK36lGs>*G=C!QR2u1NM)$Dvyz0*Q24(vXx5(F^%FW2L4ZG&a+lboA
zYb8c;^f`k=CXY!CwC!8}g6_m`tv7hwbgmsi-Ej5p-PO06FzxAESR>CCuv>Dk`xq{!
zrkDi{3c5zW3;!W+A_1vx|J7&jefSvT9t0HIgUZ2XJxxx0=ELimaWt2Sgfsce%cDp;
zCv+db`~p4IzBEd!TW|vbx7`tE+g0^%TsDU7Q9@JCWZ$LJSuEcAP%;;WdI@IpG(BX|
zd=%S<aNnfx;<;}|+veP(f#5qbbUUFhclC>~U;xGFky27#VIVl~?YIrc@WTAtw7DW0
znG^=hCI6lM6oeO6CJ*tI>iFC8V5%AP;q92-1kv<;jXC)x`g^b&J8M7PgPNgkX*Z3Z
ztygJxNJZ^X^yKP9LOY98AaWTWi6I%)7(EM@kh7V)w+~hDtoW3<0-e|@s+v*yvU;_T
z-Cgp<+Lh}j1n|K6kv)*q2>Qk@w0qgDzbRvcsEzF?nY1SjhePQlaW|WbB7Eh7^I?4e
z%T`RSTrb@c8?8WEs|qt5G6DQB5s(DvZM?G8%BbJ%gT^Vo5r4~E5(5^Y?z!C)aJO{&
zq#*n7U|n4wadG1NIDy8eKN*8Lxl|AY%B^Gi<dK^~fKX_ob$U*4(WSd5NUN4pHH_7v
zwI{>1S8X42O;+M7oNrLv`%GM|=gMg~S*OIazKL+{Hf1{2OOc9AM&-wka#ys335eeW
znfu!MvhZ}TMn7M>h4+O{O6}yXO4{evJheWuKd<UHvGpwF?@cbHUz=rG@1gFnn*)Ku
zYgNtwU_^tw)&cE{<Fo7|k8G>@a~R+^VD6Q9?wh!!{NJw%pI;S_Gyuj#so6+?h=y_H
z1KJ_SXZRwF4;a~G25~k}zp`p{xy9!Y?!{*W=o9~P^b6d({)+$sjbCphUxi2Yp7Y+b
zx3auvKa}jXx-33vn@9~BKI1nMzpZ`31MSAlbKjf4$X~Q+2c<7i+|2leG1sHN@?|f_
z{$mF^_+sbTe*49)_WkLL-9goV>>Sh-C133w4iB(3=hIVTIrd;#6Wm$vD?^@8-!jPi
znTBRar5pK*l#w9U-|)hzhMsIEd<L9@43h`|=g~Mu4A>~7z^S84@yR-Ik*XDRzy=yD
zeZyy0jnE3qI7zF~R&)p5IQ&u7GnpE#_1@o6%At_6!ZVgWI#zmoN;jCG-b+>$lSh@E
zYys3;Cf4LAo?MPPeCxZ1b=UmIwb7!~tRv|_qF8mt;Lqz_e!%T+z}DF*=~~<O<Fj{B
zLJo<F*+n=-py&at(uc*iKo%(fq^;Y&05GJ*#8H=x_rpio+SPipH*>bb%B6aZ>>GZj
zXmjaf`#pRo$g7GDV=bi_UJL3HB_o^`_;xeA&2vkN?Y9z}#MJV%^+K5N@p@oqWlf<=
zvrshk`_y<U$JP>TIv{fSR{$aE=f&!^$w9w?4%o~Z(Bb`t$@<Wu0d8VeT+i#@E2)tH
zC&wJgTM*5mouG%U)NHqf7Ve*TL#{vlhoxtD`)$7$1L|p;V}(#T`YVxDAtg#}%=5i9
znK?{m*QM^xW!0Z;iPo35R;z4-o7Sj`=BQS3^t~c@{p$1I!|wVQXzmkfh^(g*rMf%2
zJW63=fhyJC!81Tg4<Ro~&qoe-l2#~kEOE2KUhLk=BEKIMRR8j$BVQzEf2xTSsMK)E
z#gsqq6PO_lz3~cFjr8tULkRl|v&F~EpKH<cZXjRKM`I10*p)khb?ZV=rVHzn56-Fk
z**N}--EqD#Ie5q(`02ko^fz9A50`@0f0fb;2ACjRx4auaE=hj^n|{g+{;mTpmBVa5
z@<Vwo!8|k59lAhJ9Ox<JiGxLg4)X+eohCYE);aKaJ+5`Fs^Bwc5HP_LeNJ|T{t@%q
z9@GANiYrkBE+&We`I+VxHHr4D^)AkRpV_Sctreb*tcq=(S@Z}+X1e~MIM(ifyc5jU
z00=T^ejlmdEq=^@Fcpq!BlX~Zy9YFMpAV}%QcinjZ$(ex($oSAj#7{2Wv&3CFCVd4
z<~~Z4osZBbuhO1bVM3AjAGifqq$eIY_ndREUuQXe6;2!BIMuvET#J~^`Z|6~*@g#D
z6D5)BQs1|}aw%@Ij;gy3SlI&gPc@MOT`}XGr@q^4$N(5Qs9z~mg<~Z1S3vcnW8zYn
zt($yFEYz=KZ=-Fwg(IO$VXg6{K7Aa_cJjxDj%^$_>zqA(e++z{uBS-ky#Y@SN7479
z%@4V@c$=>En<NM5|IVS0jvf_{C7LwW-?lLI+EMxkZ4_ayQ;fN?@E`>1<H8((ZpZwv
zep54Bo=vVt6E+vr?MNBfBVZq)F(4F3OTFc+y!F8)1=|DNrr<6vXKC*SQWEsFUcVf!
zYq6-zQHq+z<-^X4_o<B6-Q`@6Fu_CWEZha1ziHru5(f{o&r!+@p{J5C)_u!5+uL!l
zXH*wtSb(GjECE0+I<K^H^Cb%y7O@QBb!i|(A%!A7h(;;(=L2{oWiSm1JZ}MA(abKV
zU927SN!tj5#jiT>M1>>zIMmF~&e`FJFT)ojofCcHkyq#(TPqesDxhwrILI;Co=D6;
zITtw03bC`GII-vuw8~lT+d6SB3VMxdNphSXAO#?b0*0lb-dQWEp{am-Fm~<uIgB5o
zx-Y%MSTUXZTd!RoqV_Jjl~G$895G;r0=L7~WUJG-4x^C3qSfs4SqMHb4%q)b3G!3F
z;O@6K;l|eX6y7ZEn;$&P_xI5XNT^MB@N8Jax_56QC?>8o&)29?fBpMq#6$g)Kmfbg
zU}Uhn%<NYVEI36pWMBw-JQ}jC2S&`15nKcx`4cJe;g_`&Y2QZg4vP7kNP0$3roV<g
z3H}P?4NuE)b5EaNy^)W{UnQ{^ZIp~uqu;P^_O^H_Bpr<z{7>5hZ}Y=sKcHRSN06>r
zIdhO7w;z5Wtc4G5^MHya;hs__yKyph>C>Vo8sc)AqrACM`hhTObYO6NXsAK>5>qQg
zl12pNJxJmg7Z=Re%HbN4vb(UtR8t-(-QBOdV(o4ULyIPR$0FuXm(z@-lHfg~oZ*MN
z8u_~+MnYImrLVmOHz^LJ!E6n(0p4e(F8zf<3)l0~fo=|XMKd(-F|xaAxF~Hr=+5Zq
zXanZL$R4jHF+jqhT-Ub3_fco!n80gA%9bz`s-XT-e19>x0f#QQVxq&gSY8r*=E{De
z&?r#neyZJHzt))qRx-{(oWj5qsUDR@@%%+LlmOp`PP7I}bU?%ydd^M|=6em^cZ!7o
zP;QRmPLi8ZJ&wbD=Xat7m<<biqqfTcZn>Ujai`0L8Q?D(Uuh@&7n6}XndRIM9*&ur
zxTK+R$4b~r(MLmfOKNv*I7c>|91eH1H;7sz&!j_%xfTA~fF6{it`NqhQ!`!)XIbrx
zYE@A9;(Uu>)oiZ?u@vS>54`-zx;?O?s}uc~*@?F^=lyMPG(5;C@EnCWCt5~=dc23|
zZx9bf1kj0KC%<etM}t@@>lh)Q!aCX;mdUyB^{%3b-j)e|fff$A+EP4CtlR@M5MbaG
zhoOj>R-yiAVUEhOZq(4oa(#J}ggNLcs4%QEaTvF7Y2t*^^d!w^1sfoRDC9(<_&%KP
z5bQ{H=Yh+MFNxGsO3<qT;hCfo7MY)h!X|n}1~de5ri`Jm>Txm!un?d0q4PbX3#Q*V
zq@R{Zp%#0zoQ}cWHcH^#EY3U%Pfd_v{u?4q4w)Fhk6I-<9ExuQOL51U$W_k_VB=us
z#n^PG_fYamh)4JnxF4iagO*x4;=rbY0<yc2wYIq0?s#*vwaA0TEmXl2HO#LPhS5GS
z016$&!;}enqqF$p=L776)sWq9haGg55yED7&PT^(oca{RvQL5mC*~bUSh<oY=L;Ru
zvoa$+hoNiBv*F^TO9D=U<}f<EToX<cJz*p(<U)>l@;8gror;H{Z6I?zC$sN4k7;{#
zJK>7wa6W6--|ihC5R?&sFRa?ecfF6oz&+rwKLV1xJ6arq2f{A$xIu7ok1T~gua3B&
zaGxxNK%lkyG9GDQ02iLH=Z9)~-zRyeuMfdD<<uPv@Rp?e?@K&I;P!&3?|t)mJdqen
zb5|Kc<PFSyGIt@5QQdHxA!Ds+@7!o!TSI(F#BfAdH-o`_sK9z@bh`@T;5cM?AUzc~
zU3T@frXpe?7Y@j#4R1;Mqe2vt=coC5x`#c4M~dMgS4W&YE~UVAOG%)v0>S4%_ip-0
z_16-oMD&^*;!p2hB3x%gcT(fu<~Gg`r_asqRDVFf=R1Q>wizOkL&$#e=lYZ~7o$qF
zU1v%3LTZ!wO#15{m<BD{KYB6y0&!w}rhQtNXmr|8X863@=Wz)|WWK>&1neEc-GwEl
zOwRhm@n1M{;>57$bW_Y6Vwl(~)bSK<74pO^6_g={-kdSYjF_ivzOzp#vh;7rTyYGG
z!RX)se)o)NQm`#6CSknl={Y97A5v5nA5m5|QqOs=QYT0lF^Dd!;jqZ90E4y|$Snqx
zw*rW6_70&PIfJFb3@RY>->uV#zs0=qi&KdeYS5uc==Ho^f^-BPWw934aDQ!4B8QH}
zFjq0NtLZ?EiASWaF<~tqy$!(NyCeGbY+oy3!EvAiB#sl33h*ag4G1A3)pZspnsF{6
zpt9Oa)qJ)s#0ovYND}y%fL=B%zoM=)p2<#jZm3HkCLJU!0z*S8WH8KP3`DMRgMMX{
zRCR)@c4Xu|xSDzTYOWKT)E35C^N$c5B2NFwLzCpE{cEg<K3;pH>1)>Ez?_k{N#u;~
zwQK59vva*Cr}7Jhsh4BBqoY$zOrgVmw~Wq!-=igmfZn28Jx#?j4tUQD+fm9?TS(D`
zCc=G9ql))84Uo#A=Hj@}?sgPm^z(5CY=QQ}2lCUeo73)ydnqwDCIUUX1?E!c9aOYs
z&uyK#^<x3y{$+zeIH{rREUcjoS7aebdm{>w+Eb)??r{9@WorQCsbhvZY6iptpf;VU
zpZ%q_+=Y8+9y3IL4<w`~Kh2oMLd`hyuIPe^vB1V7V@Z9GKh!JbU|E=Q`nk4&QgkSo
z5WcV`pPa@)qxvt$C`dv)(06auFe{~J+V_~x;ind7-L+VdhRbx8H|)MK1Na1{znHC+
z6I#g8d=Hk9F_8=j?;{=3&Ot$cKEK#&oF`#y2NbmLm{o5~GO!l9@5XS0&>a)YW#L!|
z)3q|oDKPxtgCsQb^GEswtxhFOyPkM!nLl=wGQ(+4qx;9`fIKjf00|x@y@m6mxd-=y
zP*UcFIY1T=_uRmJyE!<q{^a_emX!2DcAd;fx#B#-<AW-X?$Y(O{A;ufg&YAfX24jd
z(9|qO4G1R91a@EJ@O)$8?A)q4+pKOZ{&@5IBiwjbjQex4w9toi1y7$dDyakta0U5F
z<@u+y^IobPVQOep*<XZ&duUdSZ4G-9<yL%mnyysw2N|R@E9CkgH1Hlt+k>-3^FAj;
zwN8)nclY<p&4=`MVFS5(7;pbTD7(vvFlCFcO}(nt3Lw9G?oSp6&q8fQuw`70{?B%{
zp!9{OmS5bbnD%VR;PPTZ>MNy;bNn1rHX!BdAG5yAXHR=5PT*Tx9o~0)awdFfRX!&Y
zEzu<~!ekftk|;CS*60pB7&g*1*JV{k0g=f`Ft8azzYI`f7`#=p&jSx9_aO~7ZQlq%
z%mE_dAYc>q+(tBt#uKHLf>`B=q*l1a-Z15Y524c31EMO)HB2lGRp4nvCJYx#gSqj{
z(d7UX+m|DZj^GC0ABD-sjgU>vWwV%OyvykXX{lH6;WynM)i1d-(_)q*Bx|!6CRZYl
zwwP(giGEP&V*_W>{8+543}i{9*<tpLPU_Gs4ZtzP0fsz_$0+FlMm%fGGFqIV(Hlto
z5%jOKG74x18Rmq7X*FS-TnJ}b<`%kg*_gM@<~!dlQ39RU$!A3a*i=ZUQNxQPX$4_X
zfBc@DXS&N}7eg@Dw&Kh0uYGFC-Zl5=pZ5Nic4__=(s4s-!%-smM!IXwYvzojycejp
z4h5votCP4LUO0C^)rXAcXj^*_^o_SZ)~R<}JT+)sUz@bPc&=|R%kM%;1y}jI3|BoT
zzCRhH>7r36NJ`A{`-O|o{P7=00yhy8a%6IFfn5({2)+C)tTtbJ!U~AIs{#Sjqw~7m
zt?9(derJ?=#IAxGJuxdas$5T3)7K6LDH14+q`Z1)JB?tx=LR%*nq3xNiNZBRK=|li
zn#%5-%kJII8PZo?yHxLBeGh<^fIBY#2fN=U=@%wA(B+`CvyZB!Q-o)!L58nHvk#vt
z{1t&{DVcSEl;#OZNK^wBlhC1XvuL8I#63)A<5WTRn(EK*p03VrpN}fg?J7wVi!QMC
zK@gbR5%%1&@`>}^H1_jt5<1g(MgTAJdin^rL8zwYt{InfGGyra)1}s72j-Qb1<UP@
zM#X;DGkmR%BA$p!I{nEmJb+7cu{kkYW>Ef9wIT!Ov}$NI-a3Xl#`r1a$PDG(t4C5Q
zz%7L_PmVKu19m3*qYF&VvQ}~dJqTFs=j%!73qNouciv)>P=&<2Q^J^s4P%M8YBO<7
zDFEeTDEi2~?|7(oEe2){rjrAG%^gD@7w?-OFUEU6*&|2jdHn!}r9_cFS3Tg0!3L#;
z6G!?aN<6PGR&g8|3sLinB6}ASPO$!3HO8wU-a(yqoC$@bI%dPkNjb-Gt_=tZ=x(^W
zAZuC(1ce8U7WJ0tVEv86ffgUlGd#CYVRfyga~45rG%+{pkPRJzbHT2q?GG72*)Kt`
z-FwAh7mBw_CMK&cb(S~c52w7D-B$>w%t&;)b$ZH5;5?c5b*n;YB9zr2Z;Q@%TcVyh
z{--Z`S28a(4-#A`3qmpF%^LV!7*pA>|3UnxOV(2bgq?^$&#UiHB>HfBib#;{w1Gm=
z?X^~XrU3Ol7LC+n2p)f@TABxH0~V^ZP;79JH)^<)6(SuJEG|4;2?BFa#CBdcXE3@V
z?@23%aH#!Lx5W{)>oN(LFKxB`bw~rK!J{_KZh6&0;z{^M*uWuks1az#IUd`o<@$5V
zdE~{rRNIx;jiOh70`9Ee@$!t}s)Y&%ySGj3P@cUmqP1I#Xx2BkJu2jo=zumg2i-|(
z*Y3#GN40xlr3nwbF+fj$g6{=silG9oRtBy^1m?Hb)7k`gXUuY(1NJCFs-9&*s{5|7
zlr8N+Z>$ovHIW(#FADJApwv8-r{WF-<mHGlS>vDiHaD@NeKJ)j3ae-c3g0*gsbOBa
zR4hwVM8H1L%{i>uj^R0Sn++J-Y*4T%#L*MQT2+j_8LkqHrs!ltvn*Kbud4xEzzjKz
z6vDLkNf+7O)cMF<g&8u7uxZdE;Xe=ibEtYMI8`a+(E^USQ#qh9IU3j}B{*UpvB2$(
z*Aglv_v<_I{)?t@a2dZEKfO6ZBix><=rMdrK})g`c%}olfabw7s%a`t42<E?1;dRt
z)YG}2I`T}6nx4+wwWf+=I9PDD+{P3!LX$%U0Ro--w_=BHO(Gt#9xZ!ljsBnNL=ZHI
zEzylag3A^sUduqbRcsN-&$X6Iyo)Oi+zE@*O`Z7?E?sP`T8D~8jbqtT`EXf-S;1wW
zB2%5COOn2&)p*_CopqsTBnC)qmKHqU?0#0F$ExlchZdixCav{IJ4ebp2SlpzMD!2p
zrn|Aj{b-=(X?s89=zKlryHxC6B3f|PdmX=+@78o|Zn_0B12fIs9BdnOruj3^4)2b(
zPdY&^N3X?|UAYFrK1-Yj3E0IW0?>G)AY9vBBk#sXt%_sg@5m&Fv99Ln91WIdK9xnA
zEFwl=-=PH`q9sVWECHtt*+O1R1PxC=dy-Nq-@epeY~JkC{hYnnV;458BD_X0i)!E|
zJ9~+bK0L7g|8(^Zz@0>G_HgnGC$??dwl%SBbD~K)wr$&<cw&2E%*3`Po-gliZT)w@
zu4>e&(_L59x4Q51oP#NK)$+<Ha!A7d;vxGTs^G3ZN}_UwUg&+gsT~ahYW=>%WeA#P
zwA3C?G7ABdws3GuTM`tO^?@SG*TtB?#Vp<(qp%^LhD@Fp9Y3u?0pIuIExum1mAVTK
zJIO3AEz-1O=<4uMu2FK5m~r>1dD3000VI&*MHNzikAcGjICQniG}OZ3BH@g{i$0lB
zn=JjBCsLm^PMVh_M@`AAEEePKLtNAgfLl(eUO7zmM*Px&%LwAHQ7+DW#T3_Jw*!qp
zNXZkLcE}Q_Q!Z+vQdCYHg*5BWDYWShHc=ExU*!w-ljz2UHc7<AxDSD!2##*-Hr5iy
zt&lyv4tO>IOc5z9+wbzd;Mgvv^(TCm?WIGJk~Cjf5CmP`3r~`;i<yiEEE-F3J~YT#
ztEGM|sYFb*k{(I>;J?P+6RA&7t1&24W1#eQ1}!-MRUo|9H*fhNI%4av!Lg{9R$Lnw
z{xD7tIdXQPPLyI(sAF{RH>4-YZR-~<K?!4SZb<_NOoCWQR1@s9kwoC&^aa14Yv04}
zi$niG9u%R-N&M8*?UAKWM}vGo3y%N?v;0*4R3RTdGJ{=V3LXIK%SZh1UHN*$vF*!)
zWhEm?GB*!-BHg9LjvW}*6_aZGU5yW3CF!TJg_j$KjV!u4U8ZGGW*VgOc4ynQ6m61x
z&(f?Bfa&u`LF-UBX&$$h8DlhW20zqntTM7oVI(jIM@CDsfpIf+glj{LxQg&Bsf(-_
zPV2I{2A!~6wh1uh@Yo)i2#23Vb2Ys6$oS|MJ6ztWaJ3U>OY)Jmr}U}GgQ~?oYi*Zg
z?xEQBhH&V`DA5lnllgkEBS(73VM8@6;fh-X5RU5zWW8?<vd3Kwk~ZSg)^Z=M&3O6?
zSI2+x-F*8_+}<am&U4GULR<2fA@~0H&VMoeaHe2p6y)krBFMntvXfq4J8k#se0O<}
zUw4%UJnh{H1MMBXJw4AmTMrH&wpw9-GFzNlS#Q-+;a8a&fBxXN_qA-K|IL=Ei&`E4
zjHkdQDT3pEjFD!8#@){3mY*kGOy|l^pDA!hk{ohkM5B1`z7*&sn?k_WV8-^PSD=>e
z!@9a?rv<M-^Z2zzfsG~h{hbd4(eY57s4#>JvZ0bG!T&8q4;59EM3TRfS3R~rhb*kH
zlA_z;-C&XopbLxJ?m7-m5G}<<c$ta;q}2GQq+6;SBQ`X<YkSc6G0Oa+1YI3ADFD>r
z9G~~0QH2E7!-5`bBzmiQY-*SVV_9egDwMG%*={}gxWHsInD7MaH1(7Ko6AOyRx`Z^
z_=|PPV94*Gy-ne#J;SeC&D8Kws<^TrM6XdDr_EFc3~2C2b-Yb#lxN0*+K0(N5kC(j
z^`xO4#SQPgcoD=7%YN1n`bZiq=@#45d2(8F7|!^haA+GgAIAKZ*EzRn?D!3w2Gh)+
zrgPX5OE@sJ2Tq236dzfv4g&Yus@+m;1#jHt@M_1)tgqf^ZjJ*EBpdVQJKCQ?9z!Z0
zo{Gls^mIjQ$MbNS?&#I&FI8@UqkAiz%tc*7`(6}`_6Zo_xHD4XIwOdWvHM`3zD6C)
zWVYk2`deu3OGO3Fw>DO5_jzi}jjuFC%qdHk79-yYmnjf#62HZzXE<7TiAMjN)f}g;
zKBVl8Ohhhp{xPWn{?*eQ3NvHd!LkT*ckD~d6?-ztp?UyFK-3a6VUvRh^x3L+FGAJ6
z*Oly}+|I-xYxnVuEaGJS{rtZ;&NXA?|549?7%kBWxh_0kGchc@Qb5mIA3XA%sJt9x
zL}Zppus<fQCBY2q8(*MLW>1zzw(1q5{zA%ivZ7&Ecsz_*dd~!7+6(-pJNa}F;Vb*4
z(S+QBNdQiKBw}*dd$l|W#FO?9H!lTh5-t=Oanz%YtA;<4`;fUby_mLN7eRIABO}@V
zE|GJ_di}UpqKYYA;H4#Mv>L;S`7GJ&=$C<GE>EO^KGJUpp9dmg*y8GZB^0R@nE|)m
z>}rS4Rmb8RguoCRjhj%%0j<*Q@m=`^t3Mzrl#y=a^i-Blhh-qO-vlf#V{O#qLnbS~
z#!%JutB4MqeI=pgh~ly;8R;*Q%89ChR^igr9HaOmsPxq+nl^aC6_U^dKDH5m{d=-8
z^xtC!+6xEAFf$=?S3mu|(?PLnsClHyZ>a9d=JN9F<}qdR?}<l=`Zx0n=^Fn|s}p;k
zhnu)Ebbm0Uwb}xA>Sr9~6a<bY28?&~@Ef+OWeFbQx|I!(6u4QY2PwBo_#*toTHRPa
zx(2>VfpuuVaWNrqiZ*oc@M1a*ot6<<MePgwA7iI|)ZX;JD~n_VUX>7%o0-vkptb!Q
zf7V+iTzt?9YD}`|d$GOBJ2j;xYc-P<bXUm<^%N~h2?z!d989bb`6+JL(wuHk5Ws2i
zmg6PzToXG)OJFHiV;wdvaq#IS2$AJ7cX7&8GL$V~vmP~YI|d7|${klu{B8gFn+1h|
zqMafd@l8pzeZF~%99je(xT!#4m%3w8fu1>=(OHx)9;Y9sFOZ$CP`KUNRj@4<IM&}z
zU@KLR&_)64&xpT2pDw7!PCOA{-?IOSRw{cP4F&)8{Il}%HtR&M$FA4N9av>L;BH7W
zBA&{xyw~gf+Bsj=JUdz7R3{Xw^w@QP#$y}Z%aWzobMv2!s{s`D=CE&~2nXqZ!e=yO
zlntNtyUI^NEs9Qa$gQuB;fLXt?`qaJUUV|FTr)t8POp`awIm>?B(MiFJyflXf!*L}
zhWs}CM(JxGB)bI@$6lYToaL}TzGq;SH2uS?#XRc#s%s{R4E>-efuvL9BIe$&*kbDn
zdDJ;UC=1=b9WwZR8X*Lm=V9-X`@8ewzOK7Lfg{(y61Wg;oI`5-%6J***MlP<LKABB
zPzt!Gr8(fT=VWP4-J1*IY!3cHX&7+HbfLw4HFr(S>u3nbwy?}9Odg)|!PvEpeA^{3
zvy5~Ovzt`MmN*=e%wao77k#^hP#7oShhX^mWNln=S2Y%{G8{~WSs9|Uh7RSbSqNn!
zS_DfpdmTN6q%NmN9~++xeeI?BTa%PO9s>AB?f9>=?XF<FVJgbzkjOI5a)L{(NRlsQ
z;D(Oor%UdgtMqW5!tC!JGqq_G6z!shK$8gb3Vi0x^`S^x1O_P<v<Lg|lqi%$t0r-w
zyO`Do^;3lxMUA4&4azm$+Gq^POhP~QihgiOVCPXoq%`Oyy-Ty?Y9(a{fhg0BvG0Ll
zNm&&R5~Uow)E+(ukpiC5)SvyF=C5_Ie+Uz@6cF-i4vO*Ks<|iWM%uU~5F=TXu^D^1
z2(EuIfyK>T6@z&_E8$Rrv#0n>Ut+3LU4vm+x$Le54x;jjbL$mpm0b(!*Qja~6b}nj
zhPy)jn36|~kVv-!4S?Na04~Ssd_(}uR<f#55vlRc>{Up*-h(UdX?iv0A4WMn_+7f@
zN-XJ`U4FyOJum}?Yq~ZpYU(az0Z$vDkg1rPc`SOX@=GjuY<f)j0AI<kV6>)`lBf>t
zeI!4AQot26cr(rR8Ku6X<%*J8WULp*9~aakn$44TiSvJfmYr8gnjPC$pUMNa&(~=h
z0_e1Rgh7@XR!p<btbuDnYhtEkd!wdAp0y%ZC>t>2ghQ``BlT_!fnZ`|p%|L-^|~{G
zO0sPO11QGlmDH4^SW0W~!#&D2Zt@y#85eKsi0|?oK?UE34zN}TblGN?^e?#cvJ_t7
zJFi4-uhRjGsL;znOww#A2o3=1+h#pV?fXr^=gi5R>M1LYDXLDT{sbG)yO8%xR~jiA
z<aMW6sLDQ*csWM%sFdIwh?1fzNdz~6=R%1Y!=3f@2{w<B)ZVBLH)R)vx&t{y&Q$4|
z`&MU{APpEtcV#1=U-jNbHt@wlYwV*i*U`c@91QVPu-!fUvSZ4&lLfd$B5S)AVn%Kv
zTY9w*r;gsyy*0VYRy(m_EB>ypF8h%R>u2FgPp9iNw<ghcxq84PqGTh*mJ>4=nE{&Y
z%~FUvx-?aF>&Drg;@8>?(d>=BGSAn0+<dUW+(DV1R^Uln?Zk~68<^Cc@Y6+xUUn{o
zsWLgFOWAV*x4j<G_y>TgKxq+kxh6r9);N!*kP<uW%N)@m|Cz;PmP=0|i?SY;#Ebu@
zVm`#vMMr)qr=)NYtdifNc&3WpBTC~5WbA*D>q&mp+?3*P<E7|4QD|YPwL7ZMVI>-#
zA5CyrpP6DpBH@w4nU>Rv!=E?E)Xf7U+!%mT-8>@yYlsaKSp-a<W-3FYO7Lo^-Po&(
ziC!N(317O6V_LJjUYCwg3fd#grj!OG<%JZXv3_LXoHa5evXhYyqR=}}zxh6&WHoLg
z&+R+A&@KmDjYD|}VMXqY5j6eOW^+JxAUOH1CUEb<YocwZUb)-!HHX*4T`s}`M(K@n
zo1<*!b_&jC_!f{x%Za)+cFS4CH?8#+m8>B7F*EKs$YlcLJ}GJb9D(rYOjanygR#Tl
z&t}zmRtgcznlF{=@5;JJJW-Z|A0Q*O?j6#?#D0TTyNsI38<ryF819#aMeMAcMkPX9
z2C3jHWW{PkL)c$%#+KCsb9!5!(RSRCo81r^u!8IQoj?eJz$3M9OTotMIZ<6c15zNj
zlcA|aC^}RVn7)BJh8tc<h54VFy0$0)2m3llq(O^`E?9h0PHv_~EZh|V769K1eR~PP
zzg)HoYI?X%j^z{985Xsa2!0NF5f4AH)G|j32a@m*$-`L*4_J)h>be%{e$}e5iGmiR
z`7yNxfL5E7NLkh|nx-)jWRnTQlmgqu!wAP02UM_x%GT6MW1AXsYVfnASoUu^7lQuI
zj{Y3XC$o5iI?0TxF5U1LNjoxsg5$yy|9Il2{A%5$iZ{V{`aR?)Lvbo+dCRtk0@tDJ
zf|Y}`1XfaZVoHVJR9Yo0Lv|^#H;i#OO^ODM17LFrSnbzv4bmR7!R6Q^r!ye&{_gpQ
zx*C8E`s!72v%=}^eyzP+t<l6}7gOQsgX5rXpdlV5)b+O|Yk-<%*mszg;<E1cYeCg3
zj>T^mzf_5`@mK+NV&i<_zTf@{)vw#}!T~~{#qmd}I6~7pllf=4pL#a0K62p<g5A5a
z#lYiN(9#VH@*4Wz4L;{HZ51JRsdcb$Jytfs9d=1OsF9>uwKbXX7}jL4FMV9W?e+AQ
z>JToH?#2t~EHE~_C_jrhll{?3vY=ErOkrQh#r9hP_AABOc!9`TJoP(WXxpz<GrWYx
zKxRt)pluL2#TG$lUdr6TywAb{8Ghh=J#dUKrUQvSDnmfdE1>O#!AhGJ>kq>fKe|+O
zj-eO!Lje!1J(8Vh1AGjkp%e9uT$=?+jteJ6vwxC?YJMbxs`8#?HM48*Vc1Ih0L$SE
z1sF?AlXzY2nrOh9V+Eb!5H*!Y#9cV*x<~}I^w3q<VM2_WiGCLaZJF_!S%U5b9x%tH
z4Vn_SSAmc4aO)5YT%H?^vrjPv+mPejjU=d$o=B$&?NSlHbl+ZG4&NCJr@(HCVHwFU
z)Xn&=8M*5&PpkB*t*#!pAHi3`>T8y9N9*_iwq=C)U@#n>#dzeL3U%u{Scm!3MD5$M
zKIz2_ztq4XLs1ZJ#pD+RiL;V-6ToJ2d4F{a)xuk!EOUpqNZOgEsob;@%a-nA@F5#}
z)~LtNCGt<bCS@vDhj|Jn0oWuQ?IC2PabpL#qMDP_N#w{6E;G~}SN4JLI`Kl|iw1Iw
z7&?9JQU$j~UA(m>j=JA18Wp2x<U_V*1mT5><8HhZjF-VyanPgO3Q(WSynsSQklRqt
z^x0~OvF><=dfn@vmvmV)`UNS_uD}`m03I?87=^*+4)({M*uIWc5aAQRzRVI>v`V5$
zjmePbyd*yCo2Fel=d4w$hkj5}YIR5xz$FPDfMvH5<8yP#J)2jPnPtlc7KRn(+spsb
zs9G>rABr520bJf#9L@^Q1Bmm>rUlHcp2|OyJ__1>8aAa9;{}Q2EeH&i*7(o`{oa=o
zsBIXB00@cDquS9(=L~D)F7&3D;|QH0OEoMZmQJ4M3@ru%93>p4^Hq-cV^>-uf&{iE
zx2?kglG}hSYjDk9(Jj#6Fs2S1el%r}V=9_auoI3^UhKpPW`luLKs-Hk%WICepzAct
zkm6qY*lNzJ6kLLO_?@{57k=^^-hgYRl<4uc-=ISrI4DuI9el6hWhnJntq~ld*>k*3
zDFzg>H$O_r<(4o|wr477meN^juJq;h*d=b2BtCQ|Gz4-VcQR-oHAe*+7(?=K_hKyX
z<!asH)k%e_dy;Jja7>Sc*rd$X7glk1cAb8Qf~NHJRtK(m_U96EvZqK}?9$cH%rD0n
zT#r&N`Y0EhjVz;x=Ul?s#cz$$!i^b49L==TGD8MyphK`=YB=0#4-T3eQgu1gox~9_
zxwOeYb=$;sPc$Lhyd0$(HM1ji!%DAz%6jvl_0uLxq(m+PhYA1wt-2Pf2iOR=^Hve8
zPeuh?$;v5JHaCKMJBe92;TJYvpBCM0xfZqTUArz_6!ut}fmWbVlTeloQSSvXMNoW^
zDYqiYRhnhN({<6Vw7i0U3E@(k2C6AQedo_62o-~fOtm>7VU~qk^Yi$NTk74|9>sgR
zpp^yvq=?V}oJf6y_#wt^pD5}7?2`}LG;c|!i#@ULKKeVOa7psBAABpc0DR{|&NrK)
zu~Ai!>*^h>nOgQ-dWFqp=ABU^LA+yK4z-*z0cYu$I4A5BA6fOpGkQ&+ETkdYW`+63
zLZue*Y~NG-KV9(G`PLIr$K2l3jE)OgO_$u&?&*;fAf#NDK-ZSC!n@yJ^P;}tS!CO|
zRb_I>jq?143*I;ELc<Y%g_gErlL<Y`M{)jH5%T+&)`CuwU<icf1vITBx_4VjdHh6`
zmucJLZ>=6xn1-XwhMV0LAEMY@3eGwVtvco!f%jSmOWN0ywF}Z4?@8jx=;-r&hn344
z+5CD(03*XvCyQRA{Z7ZnF}cxoyNk)`rn-TIC0EV5Z|MP7q<TGCBc>ADWd8y#=e<;f
z)MWZ9yVSB@dkjQMYLxl0Md*5?WDvsXP%lY?Xx<!f^wAx5k=GtZfUOjL-Wudul%RSl
zexII+L)I4yQH9fQf~il*c$s?ah0`d;>r><aWHi7=;XuP}LYp^|JYc9r8sIiY+#v6#
z;bj))juk8-il&XSlcQP>A%1$7L<AHpaj4fi8w6Rz2o)=xk+JYbDx0({%~cvB86=6G
zVDn_BZi=y7yD2YE?;&<nh1@n#n%#w5+1qaLE82p}VzY~I@b=ILpH(HPZgkMT3jf&z
z!Z<YiRQSWc+6{ntiXNulL=nSWY=jWmkbsvgKVff5WbrLYEnCj&I~)VM6f=M!Ga0d;
zEWs>}8fHSr$pB+{n{-fZ!`RF=hl)f)@Deng_b++o9HMleki9rBH1EpZ@@WxaxSV_x
zRWT&PF-XtMCVgTD-#9!ZygD9nS&S|qu52|ces8Ps`RLrl0tdHlFB<OK^+0S*$J6>f
zSa#qyCZL0J^l{k2RiBkQZeoN|06bPHjl~io%!O^u^lyA7Ru?ahK-vDfQKkCda(hJH
zLl3>-hDy1bTDAvBsGxM0`N<)DT6%Aa@rCnvNJk_-Q~fW>S^kNhW(Xi148JH~46AtP
z;cf`!o(h^|Xsw1u1Wj}74@uO%@d4h%s2rWHsg|zZaSdCn2&XbaNs2a6hZf6<N4tIK
zSg(x5emW41qf|;iH*d)(5N0k<(?CAnXi^~PgA)2ovmO-HuV!qf<RZS7qnrar1mR{?
zAxu`<jSP;jKc#B<a;MDZBe4jmV|=+Ux-^#4-K`0<N5ykFo>~-*?UEofXf$x=)5apw
zqBE4g>35y~4)4rIJ(kI`WuIA9XmjLb!TOehJK-Kks{_)||L1XHF_M|Bgn}G~JRFeK
zFfr_i76XrMK%E%1CrMr*m@iJQz-<7X$xeQaMk*2%V0o$)_0p;T79tHCWhG!ZR2u3x
zY7pq?D24FovT4|&Gg~+5AC6W1D9PSTI)&*;r6}H>F2P{Ubd#)$G8P-zuIHQpZP~R^
zZym+NsnfbtLy{S&r%r2+XEbBmm96sn&{3ROR~6-%%B9fU2K4-6GotF!<r_hfEK|QF
z<hK5Cv9zR~WY|@Nwc`oQ8g+jcC;Z}M)a&Ku_xEG#u4))ISv2pbciR>Un_dj72w2*7
z|MsCd*%yM43eP{nOY86c?BdUj&3LW3gyn0d^L-ik*`9*tTdb&6dFm#TotaNe={P|K
zl5!51qswhEr&_{0o3~L}izj+;5Sf#7zYdZO^>+`W(CjtNhqhD!`K_K?KL<?d6;vUb
z2ZBLxQP`q6v`wu<?ZhFy1Q-Z-(InLl@z*JTx8j2kj`0mIZW_#;Z#y>AdEW$)=R{cM
z-1jDq4L!EgSJv;WJWVG<EJz)+E7~!#?w}sKl;gnrecbP4Pm~T4siwH2l6+=uaLs9L
zH=_|e$s7{TpW&wfg1E&}8i9nh_YzUMOS{%K#*E5%)(R~ON{WbkQ9o4zV+?sB`jr;A
zOdBk@T-?0gLBkYGW6_EC+lT25PtO&n%NA~@t30cyZtIgeOx1_}0F1|3`>AcC8xX9K
zgdA)Ngwpq@!-DFpQx#c!qV&zUUr*JX+m4vhw-l|J@aDO|RpTK<R4r{R<4@x>SeO{I
zU6z*2Xjk@Oohf-a@Ev!O=FZh*@=}Z{tc{aLF5E0ulvZabpXT^Y&*6oSRH@ysjSP!J
zEr<5cBM~!Wu32z267;eS0rLMCBA3eh4uQ(1++m&4(v3)3>3TJ~uEmm_mv}|CoVN{M
z<Yz3Z{S{ikUPdChe&|l3kM^P>al+a77uF*w0@<kxNk|BVu0N)68M}MvB{tJzVd*v{
z%pm_Px-Z1bzy-<jO`tWBXirdK34L~&<Q8|@qY6HBL9WUiI{M6mjdv_Y&zF21^;J&~
zs7hEyIATkGUWBQ>MoB(m&-n6)yK=yXNL6vAbXpP+lu45@MQH-xsq8H9s)g9NwTQcm
z8W<LBtGJAU=P0*s_K~XbjYf5=^jtL-0RN3Mx?;+KL!afc{!yl2?9Q4V8B#^t?e|Df
z{>SRh>O|qp0z|his5jj4v$pB}%y1JtJbtGq!H!^_!r300_1mZdu^ECDP2YFav_&b2
zFG=`7f5Mt{n05~Hp$Vk;3{!{+dc4E2$|ax=E0)QEwSuEID|eY*nf6Ygnlm-Fs>3h+
zGp)!H_Dv`%D|PzoR$uu17w?rH3-h$yUxyQQ58~x<w1_83jZy3@R1$IN7HJ@6V8dA_
zdnUbw7~m@_60X=VW^!1ria+I^p*kw8d^P5Q=b!!$a&SH-nCr{T^7ALyVQT&zZm%6~
z{|dbV@6+;_Q+H*@r37m}XKe@?y36W&(oQ)al%cNI&r}MX!Cxi&zt>fsO{y0-!+smp
zo+7jTvYvp8GxiuLmt_#rvs9*Vag9=@3!vW|ATBe!`)NRCp6)SwrkYz#8Igc%N4L}j
z(7q?2rhGI|)DQ^kBGT7euj{4Pv2Cb?VtFJB-K%<y#pu!$WB&b7$TUHLw5FAEKNZyY
zBzgJd@wPt*(^Gv$e6Q5Ja^j(@$f2!MOs|^$zAd|;@$xrzarOxgdPzu>U88ob_9U0T
z*n4TYKI^@6eg)>;zy43T@^R~*E}>csVEDP<FrW!?K=)}sUijnbRqCS{6g5YWF8<(X
zpNY-5&{2%D0^is{Ur3`Q-bTjJ|8aZwkAimTm8MBH$yK4ku0x1GVxC&!rIThYI4Lsx
zTZksYZGN&}-giZ_HcL~wo5_+&9sO3wLlFa5GxnVE#bJNUjLAXy-zXHD+8gU=z!?Hd
ztMK<G!Jiw1?(E`qh!XCiJ2@$w)Zv-UX$ANv?vo+!*nfTrp)8~a?AN4_#7f|t1a=*1
zM>;51S+e>u6aLG24LZiIbW%<3_aD&LPzbI~lId0TRvgt7I-6<7E-;yls%*NpNaCZ6
zUX5_gNxkr=tX6C_GvYK5E@lb&eE*6<zPj0Opjn1Fwd%1Ik1jKKp<}Y)?xpHbcA`Bs
z6}pa5iYXS-&-jf7&(km<@^dQ@x1<joOXr?f&=DH4yXG6~^6C>--Hph8>XJ;1(4F+M
zEmgWhK{h%g(hqUYMIB^H1almp{+B9NQ72K=ojGI&ckt>ffvS5vuE`o;7CGi#M;k?D
zdcs46m%|e=QM3s=#oTQ0BD;M4ownx}3r^P`6Pb;|v551rIu7pVHEJ{b5~Sy`Wa{X3
zVT&eD@oe}rwVf88E2ImmgHe43PKqz#*xBo%w7)DotD9E3zaKrN41lbizBAW((uiX&
zw*@ABY4lZpEVE(z3Ymfn7)gkK?<)Ugp(B!v-AsRxMSs|oIW;7tWuC~McnO6=*M@w%
zsBXhc;|@g<NAfeEj_cbyWhDY&WV}N92Od9{2^NO2CoqzVle(rKyvBqv4lid**E;Sd
zU;eHT>zT8uZfQ#W;T;b;c3GRwhoiJ2mqt<=oWrPmeNrdt>{d?+;L!~s`wG{#?4oGT
zLBuFA(_^1Sdf86+<B$qBTg-b!BOzKIHT=wE(4xei3+vKip|4PT>AT(g1=QZ+=*eW~
z^k4gP#xj%as(v~qjC-Y}P*XvfUk51jL*q6@E2OzP2>6Oy^^K0MUuc3UFpc&W`LpTp
z$E&1@MvfSNgJ0CP1CSZh*pU?r3X&ENB;~u-dSoj?X|)zN-z|kAdM)JHNq~__xHl?}
z^fAWfvMSJw?0r5Gn(x@k%p2vigIh_KPmhu)sPDP_P#`z$(#!jlU+%|ZcCLJ#c9BAe
z{Eo9dxOh+T5O}zU16!X9g1bHN*A1#cg(v(ruh5>grF?Z7@OmmZVJp5QFiQ&jWuW3|
zrDJiDw7cI;H!ZKlT$QyYyOU?^hLDsXNiVXh;(qN+D7o3|)SABNY;4_?`0f2L6S^c?
zUuo6kmND%+q^RPHGrKC|ghw&W&3shA#g+|cS-p`javu|u#oLQt)gt^7^Io46s{bDP
zKhH{^WMQOLAdY+(q+>_FUv-A4BLfO6Or`?inS}o$9dD}`9A479sic94yvYV<5vB7{
zS()kBD-t*=>g71?Y104xLSgmBah?;Y#s2rpC>bbRt}ammSv(xWn-@zMQ?D<?PSfXI
zmSHad;^L4{`ZB>gM*cwi<HsL=y~+k@mk7vjGu{R>0Bb{!y=h9cL3og(q2-rk<~VNy
zv(BlVjncjN<t8Xe3;*3|vlU!Pi#BhZ1AW(Yd56>4j&r2f3z}=qN2Kr{yE#F)^ycbf
zdqG7`Dy##Z3-uJe27g60%0@*_CN^;qMK)NE;C%hmE^|0mJ857$#b$~~AO79n7z*Nj
zcc^;$)Oio`eCcUs{)p{);pT$7#e`75^@aKSxWVt$S^}wDsXnS7e)i;l`9hz@%aiL8
z9rc+>0HryY^_fXvk(&?t1FN95M4Z^X>k2?_A2J`X%Gb}g;bWh<FBFt?U1d_<TA<5o
zT33Fv*S>){7@1m9OpoiuxXiMl!#rD$&e3y&2AVW`)UN({9BdOTA*UKSIzc>Xx3Qr|
z#YGYp%EV$YN)0Z^3G*#zdV5vGJZ^00T^OMKya`smh-tl3Aeg<l=pvpN?J3{`xx=kQ
z<|J7u^gxp=>nLFJW3N>$VVK@xn7k4GFsi&(bir`Pk67gY3aROw<>gHK*UXC&A1OFA
z9q^&IK!~tlaNLw+BRkHc*Ar?PwMHAvTiL83<RMFnaaU7X7oosQw6;gj++4wkP@(kh
zoGObezq9c9#Y=)&t;))>k^}uP^+>RhbmIw&Z-Jaij#Aa#+7$Y?<d2ENH#VY|oarH6
z)sn9!3jyr91s;+u=5cq7NtJ(m4?&V%M?m@FluJOfOtxYQQb}RP<fkdm0)D96j>8B&
zo+q-LDx_%K5v(xiFTioiUW~e~Uda$+w_~JE*RHMqjfRUYBBiN>5=9~0U?K{u4<>03
zK=)JPAgHo8jB@%V_p4a0PjH8VsVcQ=%igzh5c*(kuOHGy0cAbGHlWN)r%D{%8yMSF
zGk+$C4?lFYg&zfPJ8#l<*j3-8p!>BFc`58+L?+!o#+jR0(|=sRJF&Y|vP@>{U3Y3M
zec(=?G)xa9_3A7g7zrbs6}B5KcDw}?U5@Z-L26Krw8chfjM>P2Vb3uGxl#A*Wq2`v
z^YWbJmJ-eG+rc2i2pk`OS#_bU2h@$Z!v)%pxo#Wvri6EL?3f#gf;cXj4z<_VNEYDI
z*Tpx)4^C{Due8$;+yCZ~!|ybG!(2OLNIg<uT~n{^`;v^n{?*wJV-@S~5R!!zf3!_3
z_cto*;t3Np{jLDGq3pou#w)g`Vm1sxxQ;qQh8h^i51a0?_KYBeer0D;bl|{r36{}N
z4(f!(SH9#K*`Yus50-`0s6D1!WtAnSFjB3i$y70AJy(8BP!!|FT+a*bGmJ#NMP^n|
ze?B7B$K0vMi(78L{4(k*;a?;t%+k(^WbKDeYaiLaV@(0y6CU#?^Z<H_GwsrWmZ-bG
z?oPertRK+dR>}{ZWSH4H?SM^4#fc-Ykoj%tgOFWQYO%!wGl1!3krcc=!JX>8N9A0s
zy%Fc&7+9DgCqBC^YU8moZ6O|S=1Z%9Yx#*`!*%40ip8!Iv4Fsgaf$O=r!FA7l|BOh
zaE-~cum{q9iyytpZ<IApxkG|uOjTUTl-^J%XQ8pV$p~Xp`%!~{{?m0*^$}qxS{d5C
zaMf5eJavKc5yJD2F)>71CXM5Btl9@}r9b<jtzwg_ZCKjdGy}b`v`ANGNOKcMM^46U
zhwz{ea<p;Cn!Gg#(p1+3hXm5ZQQa@H7E+jtH7#L!H+2@R>cWG4YG}muD`3jh7AeYR
zflmLI-o^m|y!zUs9AMbRCcphRfVUI>tx5>v5_JPfZG>27aZH2{O$%}`-aHtxO1nLn
zB+{Y_y%4c>P^QRIp#H`>%nl+q<5J%sV2Bw$8<RL03Rx45Au`CRE}lPcRbN$KG`FX2
z<}0Ojk3?wyre)bmkOaAf`2wSMsNLXnM$`Lb6Eiw)cHqQb2LRf<YhPc^C-7a9`3YXM
zBdIe7O*IqMY7vB&k)8&~zt_$a{Y#)Mq{tr$gd6Ho;}T|AmL~XFS4!jkZ0{nfW^0uC
zrM`8N%%M}=1_N0xZIk@eSdc<G9m$!A4k?S55l!O!APG(nETxy)bci=ZtlO$Kjlz95
z3AKrYWJFXI4(R+eYf+-Ap05U3>mSjYBxxFAu9|edg|+-hLsljbG^?TxuF1W0Zn8zG
zBMWGaW?zyce{3XX(<9xRIyyB}BP`jcrU^Y()G4Fvj~w5k6kCXI$jdtpch01npYg-^
zEy$U~2f-|<L4$fMTG*1;suQ6xO}oVEp>)VRe77Qc39Oy$rNk5ni71W<^VgCIjww}F
z&YJyQ`$l{f22YA{85X@rf~ghEaKz~8w$tFn<^#!2AsqB0rXwnw=fqArv88iPS<ZF}
z%W;3oKt~;&Fbg{pqI}=dL`7DYQx4|`2dEsQV}~q?B`l>@CQ_10>kjfDY*7LUTh@p;
z9KJCy0B}h4=3$wHgiy0HTgeRffXXs)uIo&GIM=tu{T49;eMefy$p-hGNf)1lGh+;?
zuaLJ04-&^pU5NI&p8;Rb3kh$N?mM27ZaW5@jeK+tt_B39M`{|^Fb-kWIm-Z@_Tq64
zL}SIPVaYVXWHF%}^Pp}5mXQf+=ImT($@E*306_Gj>V?UJhw7<q^OHpe^VqXx8$n4i
z2W^Lcl&<pp3|5%$uA_nkoj7)Nnl)H0>Lv|mobL1kH94HMVsI9rWwko1sw~A6D4>^K
zFVFNn(EgLNLtLxrId|dVOOjj%Jk!lM4r|#JP)tQtC}=H)OGj@`{cV>Or`?m@JWBdv
z4-iW}>}oFLitvcJ1mMu-Wci-QhOB60(1#%_M2$h8*sQ$4A!t{dV3OI&rIOSp!W&vR
zi_XAY3Qo@@a*Uf`-^p-wNGN7pN+1Lhh@epS_y74>gU!JDY=T|<YqEVyJ2JB|Tmnm6
z3awA1YFa-|;j5PG+u9<IVhYNA3qmSW9)PS?^(XQW2{$u|RsD%oGnbC)T!%e{<knWI
zyOqC$dt)nYKJ+fZEfk@ZUR~1{;tQfKWfi}0!e66Ap_ItKq-gXy(g}Pcm3#R7x{V^p
z#re_Q?Nee$YZHtxd=*X>uRN7#iE8~2NqD{tV#zd2X_j!3Fj@(1R&hW2l)lomm;s`b
z!`(qhyVQq&)pNA%HD|4hH}A3Of63F|WXR-2fEUPp4TC=Y+D8d=5GIqrEqL}P`R?A;
z73q#XqokM|LFA+SqKJ*4-C9IJ$Y@rv7!kbV`A1F#&CJ^JGrIaLI&_5N)F|p{3bkiD
ztnoB+yHcyxA3*Dg4^2ec0&ki?$_KJ(OA)}jag-*Mx^l_>xoT=UE}mdpjU_ASeFu{$
zmukZbBcM)H-(N>^|C*A8;jE*1_ui$&pULnnw`j$K+>!Yl?)2{ivGxKM6_%1df-%*C
zVBB~ojgA#gm^wjTMPH1oB;wpE(%yt1kwY3wWRzejCW@F^+GdBQZ#s~<odu{C7;K`9
zT3pk;AxIgcSF>;I>QsiuSu^ZLvM9}u%lrITtab??VtcWANp&g6zo|F<Y3cl4a)XNw
z{Z=q?1VXo<4&=?xv)Osyw>{CGzt3(~>alZ27~LZ-=Tem|fP47-*c~vkInK8gLAg-=
zlf!vnOOQk5HsqLts@aNw?*pKJm~or{S+(V}$3SfV-`Ybrv+MK9j~=08?v2^r`q`dw
zo&Isj62Q%JHmr>j0Ij)#zrIXoUiI86K4r>_P6e>Rk=Pg@65u-d2es3UU1C$O-}4W%
zuJjxdnbjc{x0>dZ-6q`V>^0DFF_+W*h}ciq?fMmld7z%EM%q*z4d{_JN$*S4#wBiK
zA^5($i;vZ0B;r_&&_Z-^iDSm8+Hai)4@D3$O!cLl>=iF|2IqK;W_o7mVy&=qa?17Y
zzYUg3?>y9qy@^BroFnZooRiGL6%E;?`YpMLu=moEYHN;3ZHjbnPpDv0X-S=P+(0I<
z3X-8+l#Pse$=ztj2cjl<i|VU5t&fOA#~(c}jyt&gLm@ub$CBaDR4_3n)C}=d-35c@
z3L3H`0utsOszn{_7gK)h>lnw8&rb?^T!h$C4)TXsQssQph}$jTL4x^v<h!FJ1B*HK
zlqi1(@ki=GD4D7@cO(C>NL@vBJju&+0H^)WJ|&*7bOrymHQ;ff6RFc8N%W(;eL`^u
zYL#x5i2NiGQA_I>i;wOfsi}ApvGr?`us89JlcUW$r+k+?3$do_5GG~0XrqGgG4<0A
z`-F!a-j!fXsaZDxy!%%b?Pc^;rq7^nq1sLAnwk?Sey;i&PSu&{c3P7w{8NM!1`!nt
z$C)}q_)dbcI$*(%sPm)YE1~uIJ6+N|Jpc)Bi@}{D#IVp9JY1%^v@~DWd_$|jn`L{-
zE+vnZYgF2jmPjy%NvZ1@&vG<!Bj#c^LRF!+n_(%0>LO+TU?wbk=q(P-G55n`>ZTQf
z3C52Z0h-0>#fk!{5&qQJxM)-{K#q=ti&M|09tsU13i#Rrs!CyDI8jvG;%Ph;`uLNd
zNZcbTcnLGdUI{*6dsYsYQd_d5&mMW#SB^nB-m}Z{0ru(z?$9+T)xqil4Y@-7AlFi}
z#-Je+>k-<bVL<Az#P8##Na`?RYpY4RR83cME9@ivw&t_`<~Zm5XwbZMirW)6@0gn-
zR>d713Pc#>BTuOAZ0`>BtTo<BA$lO_fSswPq@jO?*jI1cyGXI82S&mR^j!rBC5r@^
z)Vb`>$(=#x<ox;_LMt#0STyu1gr{ze*uzzfy3@~i$h*2QtNH0VThpToAkC=%K+(Uq
zbb+ZC&17xLjZ%b`sg{1q7wjnIL!?2i236+%187nv`oi>%hBv~Njg^LtkyBE<oFpF2
z<jhNS-`Mk4Sv9}XGQhhlyw^2X0XK`)BbO^>qrBC{694FL_7KexU|nGX;mp6Bb<66-
z8vGuJE3A_`9nLFI3O~oupJ$DG7&~|%P$m)3Hh&5@gLO9HS3TDn_?sWRvWL=qi*OAt
z4Omla*lNe3X(FLcK*dnea!8D!Z$(eSD5vFq2w;Vn8;l6tP*?Fls7WFq?p%X(VsQ6~
zqh)bc+)*LQ(i&Uj_Y6Wz(_I=DzG)2DS;K3yp<e4>(6?>w6Ky|@X=WU6V&$T5QFJUO
z$|94lpzE$<Xo)M1v=frdp=1QdA>L$-0m^6-I#i*fH0)$-(u-KsEo&z*lduXVAZ<)h
z?|GL^1ih7jLCWFtYx<Bl&*)44ss2^xG6UbV``3~-t%_FHZ`1>q)NZ#)rsxW3^UmIB
zgCfl8_q}QTjRkN5h|bFN?Ike?;a!;#jx?yAn=!K_%pO66!3-i;Ba;-05gqxB0M&Y9
zdsD~67^nC?*gS_QjnniwxFqD|uS!%zB(=u3XJ53)fx4LqqQRi>M`>h=WEQR{*qT`y
z>Jct0P(?|@I%L;^^PYgBt|{XNl!NfLF{%5EYOr!Q1H;a$M3(ahM;y0dpgV(6s2+*3
zkbx}|lcHNWlFI(*JUFgdJq_G6fU~1x(j~%6Y9~j>>04YUmAY2a(l!O{9YHiOwgH6^
zOWlmAsfA=%rEd4_gF;``>-q$1??6U7a5VsqV-g#RJ)l0sE#JW+h}ZmF4cAhIlDo8B
zTTsCNR&WJhh85U+a%+h-xekszc|=Nk+<$?syvrM_g-aEptC87`&W}0-Foroos`z)B
z?21?ZiuAR=rxZ2BygW`ARD2FbDBb~O%@UQA3VD{&GmHMiV5&6nRtPBD7}b|Hp1zX|
zyl6asaemq+-tWfMkJhM=w4+T5xfuQ@e9-7d6;(u-aVaw3(48|cS(y(1rd;4KLKI*!
zWm3^c7|SH_C!&sgHy{*%1LKn+>(=$5hw!rKe+{&8WEIhvgQ}15#N%zOcWca~uQb{H
zWQIbM33~m%<0R2z=xAb3K7eAX@>aY6ZHQ@@8Kc@TF0&s}9cOYBrik|o7JcTHED$Zr
zwrPZ!#Wt~Cp|;@}hDdmG4@T9Iy>&WGT5X|FD*}IpG8#U0s!Un|82ys6Z-Uj7o^59Q
zt+2iQcDtWZ0~vg(VkVGeyR#j!eA07)WYFB;(X~a#nMRR)Fd(y8&X`SE>dazNY<i5T
za&VG@y3z@3Ry?&+o1FdR^67~ou1p5?o<Nu1T&~SD+>5q#0&f4ZGB1s)5jMw(+p!qz
zL=pe}EVCm{mw)*QXm+h(UIckO{nMKEe{3jM`??%A+>4zo9kt%0Y3tot*w7vI%+_Oy
z7dfSs)x>ZDHdMh1hm}g^sZDoV#ML(SNK@mSR~3^LnJ)8vbSFw(k4?Q?_Q8lpYDbNN
zFkjO3=Bqeer!CbFb33@Xn3C8H<FP1u9m&85H_T#5w>z#H-~>x&yIR7xCdjZ~q1<ye
zult(a;io2qEsArL9aYnh>s>lTSzWuf-C5y0JtYbTdh;Y_GJ72Uw66;#MNNYli=4Ou
zxnHy;na4}T`Y(CniUZZ6jx07B3)f6<q~(^9?!UoQ6NE1=eW^woXDMUZ_1~6dNj?{;
zAUM%kuoq{p2I55QFye%3LTT_U;C+4R#sVJ~vGV%ez7?YgF#XWPyhOXKW1M=#!oFn<
zCmA==pKzdVPLIeS>1EoAUO|nr8t{Upi^j}ApQivtcO^kZ%2h=ph)==8jjdDD3og5)
zdXY&I<Av6qTCkx^w|L4q3~Jc{DYIQ-x0B^4G*N=8fL9!#d*lGZO&z^Fo+$6K|Kh=^
zkU?%PLk1lngVYvoY#E1)76{Kp6c6*)EIhbyTrB@abcSD7oUWBw8Jn2;BMHMpScZ_%
zJ8$vIJhGZFkJ@1)*Ci(?8%by>&vXpSGLvML{?rF;H-rsw1k0cd?odS&pwhiy$}=Wf
zZB4lXV!FZyL(4X`9TP2lWS`%76#dc=M@y~}ka%$FMS(R<%wTQG&CS|_%mbf~fZA@v
z5^C%_x_26js)J6rrpXZrXI?VIsZ^$wGOt-3LA#sp@j5&U*0n8T7|}zNKi_X&9;LLc
z(r2W@yUR`ucvi|P&}iVM?qJkX!iTHfaPPQ)U!@4pQ)hJY0b)LPW(#og<{FWF${>~?
zSw}Q+g@&k?);yXVM$g!@&;k)so&ZXL376;y3J!3;DG?acU|fsamxev|%zLH!AyC|y
zIA%H20RgHN;=-3atQ1}IIM{f%%I79c<A_p_WDxQ=AC4WOD|l}6l3Z_P80L6lDysrO
zdh->-2p#xEhS7t3oWgvFMnE8%>2H#sXDT!wcVPkB-+TJ}>yj&N(n2xCvpP{o2$?|T
zR@7J<Qt4g=!tzdA@>8B*(|Bm&Y-TM&&hLlMu-NZ{L2vWg7Wm8oJ(Y=+AJOl@{kl+l
z4-~6`b@)9>MzhmF4wV-DcoocX?=Mq;T$#ZnlLkIBTR5@G<3Hn#;XzF~T|##`msbKx
zm?BsleZ+yRJ~!Q6Ne~A#-*N2jsn42zlid8D13T0tzRGM7QAkHx9Ol&aD3h^;r62RY
z;UQKeZwfgqF`_YTH0zBrPca2j8Il?Bx~|(14S}6wc%}s6sILbWvJ^3Em0FDew&p18
zc;rogJA;XUa}2CqNTkN1;546XU5Qd+(hSWtmp{rLoWV4aW;dGRC4tjElR2&rqLJLd
z*GRn~b3RUns>$XKVu|C?VWYZ+Hn3B3US{fZ26Q@Ve#}rIIGM_C$z{VtUWki)+gusU
zS-Q>=oLz%Z-(}y!D#ep3o&(2#LS{)!I;8qif59=wz}ccnt#-y8CD^j4G#6L%0oQWb
zRC=&m{+&+4@JNue3KyDvMm!7HnBl2{CfYETxfrmFiPRcL?#0tY+uChG7LgtV_pjF(
zl;=njjB<v3GIEu!$})@s;XqrvQvJbAt=|}6-ZY!qj4kIVpYG!q)wT#MnlmQS(%=p*
zu4?CDl~m>~F$@1wgUvhRg?4Eh1}H&aJX(Vh^=yP_f_czgI4_eVUuB^Ev%;|@mMlgd
z*>cgYh7Ll;Q$ofU?6W8Q(;vciisj=ZU|Ovo!CvNZESib8ogu#bo8jz<Z^Kr~?Z|p|
zoo)J%`xU>ksaEsUZu$UBDKJR1v3m4tS-#NE2I~nGrP=9Oqv*NQ)2cyEo_7AS!KxmK
z9t&^k>?r&)G3pz0QFUn|y+@onu93B$=~vG+tZ;8AHBPCX853>Tef|DL28KDnes<6v
zJG*Ltw~pktezl1_R2MGfHTWmTAaB{Wa2kq|F;*Re(G(M*nu{KAhdhwh4mINkm$9V9
znys_K<s}(yDw3F$2vKsgBX%P|?mdd<tL<ZSf)&Yv*1DFW@Z%WXY`?<biho<h+LU;s
z$ssbc>aOq`Z0g;cGnDmySGZaPqxR{#ovoXloLp98OE-uuo;0MMAPV+gLzi>=Ru#3j
zGD(<f`A$}Ym_!Z8C2j;WH{Cz7?j$NKQOiL4(29lvf7=(}*pcZMe*?zm=2xm$vNvhg
zi<Rb)){~&lq?;xRXu$?34^)mJN~ICO+gtrZC|?&3@#*})&?)^pT71(){Z4&}bf#}I
zLhA^>8f@wLat}_scGQfP6pBV_JUqMq_JS)~hNMqj*e3>l52+E6?&*0evf|Ry6Z|TY
z8(H^4ZP1vH+Xe+zeY@zabjul2Y4iY#>l~zvTmw~3I{=pxx&{lTDD=D=27qSv&`dPZ
z<O#;ol6{nXm9AA8hcA;_bWbX;7gd-FW9FgM)#Kj{ao19&Ux?gcMN5aA$yh%12&1&I
z&I5KykpK|kkv*W?CAgh(a@AHb*MOvtneXRPVMsiQujZ4>g0-&$MQ35(wky=W|63GO
zD4X`322Ryqdj3uD6oQbFyeEZNMbBvJ5N@i8oScge2uh|?D5%fxyWJ6=%`pqC%)RYg
zcG2;FTDRzjwithdXy<bJ{aa9L9o%+9Wh*k4MioeSWyxNe9JH86idf{77UdW3kDiv4
zQ{#p6D~0Bbm6oH{c6!%;`eNB~cu!Qv6^%y|ltMp^&NrpRni!u$EVOKeJ38ZR(r$Qy
zOuRvX+3rOD%goZcTp;+&Qrl8miIjWGm_n57`_&W$YPCcs;y6@Q_m)kmm@DhH7R8fU
zUp>Hbu~YxKTCRcpHSK$_K89kkI&LO`rdPcLJPnGGMLbC-Hx7q<6_|`88wzrDsNBzH
zmf9jcj%U>n|D>p|T!D*(A*UkszYfdLms8<$+$BiE5j5o+#o)(7^#1gA^me@OTx@Cj
zf|KVVTY$lo*%#`GQEB{RC&E{3xAv@Ggs%ol0{yI}m-XKv|K8i*g7Gn#)SN=NL)$?_
zNG@6yL5@xR$hm<y4OSJvdEHf?GDz4@h8^vsxh!;s_!Jv~(#2M!DaL(5DRetRlq~&D
zKQKOiIdg=YK5o(Ye6`eoE-5o@OTV>GUI}~1&u=pwQyEa{=m&Q;Vn{;X*G4_M`V0mv
z>^japs1#5Q1*U71*`-l_Cw0<agTM7Vrxh?2KR+|mfoJ_phND|@2v4!9p-A7?a8>1%
z8eKH^p(je_XP}ISVh%V&VEv<EP+&yZ6eaS<k~WOPcBif0j#+h*27br(D+vyiNVhhR
z2v_4@)Jfexuf31CxGMZNofYdPJ%k^?g>N!B&%Z;U<tNoYgWkC+%c!IaV}hT79E-S|
zZ^mRXqV9Ol3S5xMqveP`bpA#XaT_w4TKQ7!f9DZyB9<`9K4MKa20nh1Iaox^lhMqs
z{{Hg@gB2e*#oST;hkD<Wph2DzR!mrilEVZ$`g!0rYpV8MrnPS(_BY}A64jy+Kui9r
zv_79=M!YgwWg67~t#&vI7NxlT{B2`n!#%j4_<NjY_y!0~ySD9DKe0=ISQ`w7q=Kp4
zv9WIUHbcBm+G}M7Z|H#|KAp58lN|Q_z+;0c#PAn0Coeh4kK%WdrZd(Xr_tO(rg+*m
znZ{fuFuut0x=hYl!)2;F*^A<L;M)3q=ofxT@9D+gN~5;AKn5pVYIC7tM;DBIF%#tz
z{>Mug6^oBMl^?VT@Ri_-H99wZLgCdK?T@v8m6^|+K>PROzEP6{?+^~wm%jTryfCcN
zmz%>g*_xY5t&I`jqa=Y@!8ju?&9R~Sx(*o37Z_Zw`PT%_Zaa^z!l^4GKrJDu39KY>
z6uu{GKbaQHZ|xVDAbCMj+d^%L!9k5B%dj_5f&5=pLcxf?;p&oN9TR$f^$z?@{u$Q$
zknl$N9-1)_s@R|Z_U}JtbHA2CN);Wzz-$pAz*OYHK^R~dU|^pP>i_YWGaO+<p#Joh
z`_KLf{m+&j9Sp)p`VZmX-Y$hBHyD^BcX~@Oh==4q7)DQ{cl0Oq<8w#&pIiRxe8ZiN
z5CX!3{0}Rg?(+)N#*;1;0uujkB=$eZj&Aa{I(PbZ2ngZ7(d+-9=FjN}p&*+7hd|^!
zgQw@*ffFMA-x8+>gnrT&pVM<fL3IC3pZG)|kY2#kk?z51(vidd=fT8bpG=FFbp9|9
z<9{>l|AQ30q(_8-sQwqS`jS5Le-H?y*UzUtfa9mLgoEJzU!gz}um53Ur8|d%(D?pS
zOO;fF@JnzoFgVEn(}16?@%<GX%)!Fl<Uf9W|I_UMV^yEt9S*_+3f?~%CXP0i7H;lL
zuI85if7buDy8plJ{O1E4%+12x-Nw=CzYOmG|9Adxe?hqa(?bz3ATT#~Z+i<jrgV)6
z5Hjh1DxrkR@R9IYi5Dm^FwFl$XTbucGogG|I6DG_@L!$(zem%5TnYc*27!}48UZ4N
Kjtm8Tg8v`(S~EBR

diff --git a/documentation/ESAPI-release-steps.pdf b/documentation/ESAPI-release-steps.pdf
new file mode 100644
index 0000000000000000000000000000000000000000..e08824860ebdd09ecb104ed2653c8054bc2b1e14
GIT binary patch
literal 247591
zcma&tV{<NAw=U{9BThza+crjQ+qP|U#I|kQwr$&f;xp%}v)4IQ@2Xn+Td&@KK)ZUo
zTO*Yh7NupRV}T|eEE?<@Y#GdjW+Gr9ursuT=Ha22HnBBxHYZ^I=SGoU)WX`?#F1Xq
z+Q8XF*u==r*o2P{+R53`#J~pHJ?mOW%5Ja?spnJ;pxsvkh@$`w1>#5OrbWyPD`>Ta
zd6L(EZSd<Q35$*AC_1wKO%;KpPc->EcXt#MKFrxkzms3rca!zK*2udQqUYmlHMRH0
z<dxs8b^Yr*H}&yyk^p{Nmi1xoR`;j*<1+hNz18dMl|Kd!`}K3}P61|K{39Rt=k2{U
zb@OtPzEL?%9#WQkG1_ZCL4hrPM*HPOkp+~*&r*|ie;%2~!BtLM^k-%{Tno{SR-O5V
zyKU(f?l6b-jv;6P#+2E1A1ad{xgJG65Bn(Z(bO@i=Af#%p;7UTsV*n|cO&vA_h7G7
zjRwc9bC9!-7h=9fkqw$Fu8XT#A}x2r=9sj`ZAV%*Z63z}dzV3p;(lV~QGLH#x>WHh
zz0-^*o#U~B_F;k5n?c(1@33#)bHntX8nrxrvgo1MEw-p0Y9A#K;kz&z**u^EPH_sL
zUB;97k*P_q?e75+!e>2hL0lWxsX)<;0SgDF+*#2v8nWW0G!o{{wcwlwN`7&s`fEST
zi6+6{!HmSWmwu1Vrq%dzM1wW)Gwjr~YPb6}cx~y0Oo%u>!=gW3UwjR^2q#mpT;GLF
z>;s@59CSya!TI@-TDS~yZ;O;~d`B{U-NHMe#TWAl=vZ_WCN_u?W(XP$hBt%{j%`b7
z6A21hq$vO|@YZI{)-BvX5PY8P>hi_*R=GHdl!+`#o3@1ETKMMDPhUq?P-I~`hPvy{
zsQ2KmS|te4$<+SWc$pDxc(7-0&`3O%Q@C(Ty&fx~4dwRvp{)yTaYV(of$eUSE8H?V
za<aC<D#reOnVEf^lx#nH(kJimDu-wI?+ZtmjPt=~E$HmRoa>aeViSqpW0h^qf{@fb
z$}d&GZvd&m!jysGWVf53CVb4t&gM9+{5fC2EAO;>78L#IFOp+ujje@bf)z?jJ6Btj
zmHCf|jIdj4yslZ7=((<$CKnf7Z}gZX^>~)g-_)ATRZerqnxG6Deh~gaVX<E4EQbl%
zW9jT~l!6Ee@OlPwxkkQtKQSd3UsyAxm=e2-Hz-~F_8q{LgCAaFvqUlrAyP&01x1no
zPNH5=@-opElY@HmBD~~73Ms;6mcR!$vsz}<Wf7nXu~$k@?YK>_92Eg6<$+0IPHAU3
ze5tY8LlVw8%DZJ~pM*mBQP_~OlPdTgoBr3uwz#L^_}#zSbA@}}pMzlL+gPzfqQTk>
zT7ilN(7?2w@T^$C3m%0NOG&fJ7^jDObgV4<y}|u>l#O`~K;ujZdOMjabQRziLAR7v
zR>@#!QqqP@m=FOH@=qMpz;UxQPJ2@5Cx95|c?w5p5K%|xkEG{#>U2ugFIn%2Qtz}Y
z(iSob{s*s!YDWwvPlS3GS?zhSZAVZe%Ytbhz5ZXI-xcd-mDScA4s@twVhUc4@aq(x
zH^w<iFVGziSY~;h*A0o|6`gx!04no2HV$x|miZ0bEMj2#LlgAdVSQ`iiuTJwD;P)G
zfkiZ)zXvp8FV_uxfs<l7pe9z-o<K8r6dd3Y91PiyQWN{A6J~nucF6K9B`W156|qsd
zG`qVwQXc>c<9PlGjdH>{Zwd9VMyzc|%I+q~P8W1?L8`iP?9RThI>p1$JIJi@7_E5i
z9F2Hm--=f@R|!{nW1$tXwb}T|C2=nE2rQdc#pduE#^nSqx6>S&(~N_Do^h*0c2Dpk
zjo0D|^<L`ShsTJ={hUw~OR1;DUpnRK!b{SYPugeN=Jsh3SyCfv>G4j2riag=LUL$b
zzU=(Rt9kOgqg?DT(j@M1%fha#xN8-=bd-}EZw)KE-o+ywbG)nim{2^IS4S&xBrm8C
zr0GoQ+t^3CNh2eX8>^hix8^EP+{Cj^W<9iI-l5>MU3d^K0!F_ylc{O|nuBbmwHo7-
zbD3Y5%1W!JeX5*FqTI_#s`YhD8<=wHfl&f1{J(*Lw<uA1o%ur^gOKQn-jCY`b@n1S
zqJb?*dohFIrUg+EaiJX?f`~Hn_$qt@tE4e2c4<v&L?*)X<;ozE0{%{;#iR@(nG4Mj
zu*0^RQ;!V$S#(X?>n&)Sz#%kq1$$^K%eIznYIcs#Dl)b$#Onzi_(OI*pcax2akkZx
z;toQ`>TKz<C$WY}+dv=uZJL?Bm7wHWX4awb>VV{jpBF()5Mlgvu#N@v%PStUHJ@f)
z5{Z3RZ|DIi1grH>PBulDq?PP1T(0x{c#V<{Yy(0tCBZarxIfd{*+^CBK{ZruVTGpO
z)w_iw%**#j%nwP;ihM2h-$Q=P^{Ozo2$>Xqd@7u1*Ko?g#vcZSG22*M1X_*wcLA>n
zJJDk%C`#BGLIdj5XZ#LlW=nfZ7~@3gYNQe<wj>Hk@Uv9d{425!GNp+3JNF6NF`K$X
zkh14|7ZcZsrz^-I*)AZft*yuF<Hurk$3cOSudkB4<&fmk2#YJb*}?YhCgQba#su*Z
z!5P&N61Fb>v0=iuxbt}0zFXva>1O|BmSZI?Fu7RTzDpK2mh!)ZszBW)<}!N?Od}{_
z!6B4)CM8~Yk)MQx&|5!M$f*dQbBWhVet=IZN0=rL`alJNI<U@UsF8(2Fn|3yNjrY1
z{t=}D0(miDI4_=-On=EaFv@CUWK6S1V80Zn^J90ysS@}K&FA}<#A7s!rwHewyVk%M
zZ*c@D@iPE~>4X?f3o2pJNAdHhb(ef@xrt9O-*L)l5Ye`{Ky|)W?#=e>92_T8%}Lup
zTXU00O6j9rnh3^8v`}*y3pvuSeu@wgZ+GG$cyVSY!@5athl8PLK^MEWpoo+h*Rk}D
z9$e$K8@>n;0jQ1y<5}r5c-r-wXTmpBRF!lzWo9i+;}1yl`QndH3rzyEfuJV;^|y+>
zP!_gRxuEsY8{<8kLHBoYMHEw%7^J|!;LkY}MIr<f=?K>nZNn19(zHU9$u~Mj?u$rd
zsV`|HP@4{gZtJ*@0BR#ZSpIm8-01KvO{j*|3|HZVf?u5bL@uQj+z|>?6?NMc-(es}
z9T40Rh5UZBm&24!V+Yl+d5kIA&gvvLdUpeTHh2iS(zUpoBV<MaT#Cb^AZJB<C7;sa
zd)-^QV<Z|9cr2^%!H@@dytooG1r1CV8M!dH-91++3sdpI${br7GL@UWvO_7nO6<FU
z#{|8|0Mj5vutunfn619LP!^*-Op_)Tgz+$Nfak`X7wf_6+o(QRCLXkaddx-X;6p^a
zH(Os#=8D#oADVx^oxCw>j)SNCwW@08&i40+O+_`XSebUEkx!@OIr5v>^Az-VeE<jW
zK3nD^F`U_4ppXQ4>FwXVUNSRGX?QcC%Qr^6H$1cO$uPgQh!f*X*{K<HTAVe)MSU%f
zdm{tsJ{aX;M#4?{0;?yU6wBRrYk=vLx)5Rm@d{!Qc?^dD*dMLMqOa+!z1u%^dR(dg
zBNYfP>7Pu}Y@s~cvne`MHt@7HtA)_wl^}mwq{73Z<D2N>cvtxC%Hc;u$rGz*;%z2q
z?QgOrB%i;r5?qH2VB(A1b5edNQ#jwYv|+NhxK}}8kanfh3B#zge6DzoUyjkv-hX*e
z=3zg#)xBjl4=KRKr<hCZ9{||0zYKcCzhCErnIvP!Dt!6*kJVDO_D;eSGY_VrEvX+1
zgB#<VjR>?tu3A_&c6E^!XW!tSY>Ysl5}c>8pDY+?4^P<n7XydZgxG70;Y`gzsUkd(
zKN~*y$yvFop-pU!|6ld~bNUy`(Es}Q-vbjnC+ok@|8>dwAB<-EzhHE=rbO)J2vW~%
z?cTb7(#{%5Kmd@!Z@8lqV}BexZ^tX3P+WrBgWg+B&vIRH3tb*iag=o(9i8Xp4P`Ul
z&-<6&KmEO{rfF!*-d}Imdb@BxK1!$SgS+y6eqXbj#t_xZ>+mzPL2OtxJ>NW^58L0M
zx`O*h&!D0G9f^*o9st1WT`QdF+x}syTXAx`_viZy!2KgXgDLj3p80sPvmrInLk<30
z?3mu3vmCP*t;0{H(lHgE|9gj6(i<R=?L$-%QKpLiWlIK-$M)p_aLL^EZI2V00My^U
zVOKX66^Xaz+uX67h8cP895WoaVA(jL%n)q~#@%T7T3K>$HXz~0CikI7NEAiG@);b5
z5OB)ROM<|C@(gXoH-~)sp0#VFhB7lr6uQbhjyq*{0-`}ev`(@l=8CcDODQ0X=h7I)
zO@LFmN6r3ZFa#gxv`uuPZ~h(>Kl{^jqJCc(HY<6*I+n5(CEDS162qccxx}=)3Y(<E
z39W(bZ!Utz8)>2jF_#8$>hP`*6vp8|6%<Rc{`?yS;(&^zoV?Gnq&IZ9Ie7uTPrSi}
zr|=Kh?wCL^bqA&ivdJic!G#AJj9vK@v7Jz@#`UXI{a}$NPD|0SLe)%|34+3&v(fjc
z;Zpit4fyusPEd&|6xE)MAU^6*?h&<c3-n>N%k&(1x{b#Jj!b>r2$_P4wIq=Il;N8x
zF-Rmu6(1$$7`Z_H>pV3r#Zx1M0w!@*QsWW)UtlEX;_Cyn7Qtc%<mB@~)^Gz#pb_CQ
z`tsDQfOIS~`Nj$8o)VdkDX)bk^$0JzYgJpK-Km;j1IKEfKX4!`>uAJt;}We2j3fDb
zjWL&NcFE?Kwlp8r!gm?3;02Q(8Il25{kN>|EcVJOW3U0HC;>uk;m8IAft0+dky5bu
zfr6PM?8@`}M%N6VllF%4UN63F4;-5-)Xj83KDBZql-KVWIKx79gP_<ExS}bPzQ&bQ
zzT~~Mbr^<z&PC>=UcgXd%1hZ1KytrnLDl+t7_v4#j{B&*iyR09nG0}ebq#vLRTHAr
z$xNZL<}Z&)1Ff`kIg;n;la)MLTe<pqV<qYNWU&eRZAyKhxYL=jk-d63j{`n6KBRI|
ziO>%jM140z(z=P$lS~?hzzOW(!Wv*MpwIH@yX+K$7p7E}cCgaovY;s~f5R+6YM}6c
zeTQ<s<A?Np-+yId$zF89_9Bc#-DUZHvVArxgsQw>br^y(KY_1QMwK>1vITj93}q|l
z{mLTZNBkBBnC^1}@%7yje@Mg&HL^JYj$v^Pmk5Q$RynW=`nmOTmuY2UsHlkC*Gyru
zlZZ!`HIe%{aW!oWnm`;2_8i*!m}8|7E9UA+!)u@*lO`b`HA(1YOi`Qe)RsV+8$5=~
zmB*=L@C2yIlx4N<1`cGAq@%#9CE4t6h^O}~cF!b@9#l&L=-sbj-%En&6ibD^thU`D
zHO>>PjSui6^DDrNwro{O9%%<CTwSPIm&cKh7rv}zOy68I7<E!!OUK%9CFf+&KJC`$
z+VR<)Hz@TGW%`CH*p8+Q{}G)je6!nu&-5Tb;syY8nj@TSD==5VB{<AB1L5em>OC3F
zX>BY*hwJ1a)>_qW^32p8!nREa8K5uwK<*pQW`mlH)Kdy`_E>QW@COR+Nj?%NxwuD<
z?Exu%RyVS=@Y%sI5(7gZcQAG#%)Ruw-)Q^=RO~()0a<8~=mQ@3mhkC|#NH%lGNcM#
zT+{0wzh#!t@2idE@fDMHU63=u2|Y)&K+Iq6HHySvyp{b<G^}!|aP~rXaY~X~QNuQi
zTL50i27jOUm#V{DMebSSR2)K*EUrwFRI2D@A8|2)qk`T{;!D8M=CN@x?p+#DhHb8L
zdN9LHT8|>^9$?_)=_$pOI4($6w6>sFjML8VdgRJ?6^<UY;vw65_4lPF@<s1Nl8yKE
zh)z-tvR-mV0v=il={z4Stz;nF1X77)hv;k>yld)-D?7)Q>eEtl0j*E7VOws_6`XV~
zPU{cbt=LPlVgY?eomSJKP&lB)jjkgV_LY@XvVByJ#=%1!{R>gR8l*>FCwsE!uPV#&
zPzkni4bifrisDzh_s24u+ofz#t0b3O`wwY`hLg$mdeqwcI08r0h?whFG_e5ozO@Tv
z^)RNu7<VH@WWqJ#FQZL9y9OBt1`)dWtnnPX#ZIk@cI=AM1ikiR;JW(a@@l1iz)umJ
zM&r7MP~3^oSdw>Sn%i8%=rp9!9D28(zQR-Z)zM4|H9##>xT_ShQHeF&P%;sGuZZ2?
zJnjfDP@S`Z3<{JR4zE476c>+|F8f<{otv0vqa}9MfP-C<%wfS;$(A}J;ef-E3mTfn
z|MzyBJVTdVI|bRpQ|8^YeQwYVa5uy)Rt2U71$Qp%pb~lD6^j{sad(Xd+5n6WGYs_F
zbq1z5kd0d27HgtSIaimm87enqR!f{2U+uzn)husx1yNL(g>}8yrMZrDjPB*!Y5I%0
z08UHwF<Zt=TheAql>{K4?Ip{2cICE+-V4go$+9w%w1bw*09Y-3%tkJ<gk0CTV!5JK
z`LyV$bj<7m!YuT+7kfHrkNv_Oh*wyLn$vA@KwE0TpQa=EMSgVT^58x(pR=7T>n5xl
z((QVU-6rcuCQEXZzr?ih`SgssNdZ?+SHnTsG_7t^hgiD@DN=6@f85!NJfQL~#Dt+#
zM#bcwtWsX~WFitZ0i$|kw<PRfOl^;Eg-^x>0&xvBatnB0jZGZ_*WGT2&bnFqxF+rN
zw$`hOW6**eHwBHzOIqhNn3Aez^OJn@iW8@D%A77S^J99$xa_xFQ-Wb{TcRvKmxwOf
z;@JE-<R^V0kNj8YR4|cR0KENOs#*aq%g|esQniVpD+*m-m`y@E>!SSBkeYNiOlQQG
z=zuN)#<HI5KSU)Zjg{ddf&i?YBHIi2T?9b4MRBw0+U3%nHaBm9*$Q5q;d2zPv`dI3
z)W`+3fbSxETZdKc-L8Lh6u>q-Kx*3UMqs~$40K@*rpSg^8`K1}j*ZyZ7&7W|csU9i
zK^ll4fWgn!!GbwiDic#($J`+?O`?#MkFl@Mn&nsDZ}4dA0p={3Csvy+nhOZ*Q4ROg
zv}4ZaIMT@pNQiI?C)Pchsp+k0(C^#3%}luB0qcHps$~j0R9c?+EnLO=j5PH)k-T~e
zcS9tL3n-(*Uz{e8U=-wAwAY@(5PQ%OnwR?Qh0A>qD2NdIr$AUKK%mUDQi!J(re|@$
zW-pjP2|E--kN_aod`a64v#GcTGAnsH`nr=ewl(QIfP|@xqXMo){XxwLCIfy~kZ3}m
z%$jg$Z~C;qYDl=~FlZ+LPEzzsIwc3Mq1I=bFYj1XH7bEL7##G$JX`ELx}v{grf*Et
zMV^ASUiZY1@<-Kkb~t+CP->7>Cu`-@sOZ&)E2`|%bt5tK$D9mNI#$@+xyXYb)(_-i
zq~+&-5b3|v{4bHRF|z!(NICvPq@4dZBGr(JykbM%o~=D|(SKKxXfPfu?!Or&>g?-l
z{k2ZY9w$Puesp`9MWvN;-Qs1NfH|_bQh2c>R7~8=J$YW+$}bDwEAdI`_Wg89Z};<a
z^YoF)-3rBD`uxN1=QH_zw0VLf$JktoanRmhwYYk_Mp(n!x-sv1%F^n$2^MrzW({zk
zyx+=hi1`4#J@twW6)ldg($lq_1=?l1RZG<*lB}CFy(0=Hsb&z+g`8=|5}G@lP2Nms
z5WZg}*p+Z@jJ}L`v=qn{4KC{O`FeHwb$#8zDqmzcebfKh_jum!1zUcHE7Q8mlFlTA
zmh-VAnDQd8{tK>OArh1-ikAos*p&eF-`H<(?%`F=#TYI2tnKagYU3W-I=-<3(3e<y
zy7BHL@XYzb;rZW$S!Ohqih5Q+d6bhi)nPgY?cJ^gFcJvmM)s@}1aL^L0Qybng!-wM
z`mg_{Y;gVvG#OXbg_!^7?-`>yj#I@2_~1Z0I}qComZk&e=j<5A0A!hA<c`7yPlb<e
z2!rMteuE=n3ev-J2c*F^$DR9vm7X8rsM^;!U0@N68^{x&v`c6=W1a)c|7J-DgLdjv
za1X<_Lrl+;L_bh%Hr`N9Lg7YGDL%Q<qggMTpHxq)3v>aqrK=H=A_r4MqXlYi;&azA
z!pezDdj~qxYwNhj=J5TZ1_j%p4hc>$=hm)H2JdmC17T{|m)AL~L%ObjK}aoJluPc=
zY~$jw8ZZGdknFK<ldDy!2;whYVCwP7S012FRtL>h#te=(ThgO&xhb~loTYNfw*7Oi
zZeop`15><qqTECq!-+5-h(&6loesK6GU4V%!57ARZ*`=KQ$YK>MuIK`TeQd_#8FC+
zOw4-C5l)RKWO-t{;2L8c-_%yxRz}iWIhByklzN3mLbPGS%C!UjNr=51JtdIp*o;)C
zFuv;B{h+%++B`qDe~EntCyPa5q`?4OK{7qA!rr}R1G18xxQZ6;YeX{am3m*U#3Eng
zjE7}#as!q^aw6FD*{xI~K#rH)q6<m;h@xjcYS=U;TC5?a_dH=WZuXo@On-`jvxJtw
znA>|`6hmR1B4r5H7pOf`a|zi8gBRE^?`sSDPPXDM&*NF!g80xCcfTYr8Mzz5Hjyp>
zbc8q$_^D>yR_cV?ebiel{3sn_!Kl>P+i{8U4Jyx$`X0ti>iR0;Bm;}A;A};JR2|zO
zBWxu!fJYftu(bet@=PgxD;h;6%ack2&8Q1u%Nhx%?o7xe&s}bO;V<qbbfywzAfW%p
zZI$6P7MaTb;(E!8WXaaL3Enp-ImLMQcW^2c#Lg*ufO-29kmzIfu$68R5YDy_5|s^H
zb?0n4v*0anBu{bvuMR##SgHl_nIcXQ2(o5~7A1JQBbg)VU)uZfswf(t!-7^M#g&{5
z*$t+m?X!tIfFQ9qd@Bg}hCO6GzoEB({;O^79(G7KQlB6fk1?U6B0X&Zu`drXD=|7g
z7RIf4<eMb-?yqVu_EB3d0>Kne%fGw}s-_6vXC8@nyV%N4$`2KSGjE{x8O|~5)0f=O
zM<9@k7UK+7PykG8^64^BR3-aDVY9q-Gc;)^X&y4wu8}fuj0!sSlg@+aiGPOM{ndb!
zPcFAGLppVR-vPe-6@S<iMDU_EsKqkYtf3_jfA!PU3NoNPn||9ctzJQ0u8GDWJKZv1
zvyP15tY`_1*HfvqFptVtg=Wr)xIR7ay|&5dbkU2ADN$3?ua)f(F$iSWHuQ4bV6J)U
zHsgKb?7EIphart9XsjU7aVl1iP1KFQyvi)lqDkl}8d8**%9|V`C~2x4_f<iY(psZR
zW05Oll6)pT$`~kVPN&9B64CRW22%0YJa%-?YK}Y@q}a14c1J}vepSqfTAU+R`EwDg
zSzxd_RiNNpN4hAKYd4jVgsty=x^|zA7n1IvnM5n-)iUx|53KKvcX2tAJ{6PDO%hsX
zCK|)fmJF#ST);*-vE0E59e+3+sbfx+KC2q8t4{kW+SA~%5`|DlUd!aG%;<ULPh9ut
zN?dv%4P8*^ujQ<Ux%sIWDysLjtwMH(N;2(aVsY<fM>sE%l7G0D)Ghu3D3@*#P?JY0
z&QwiMgPgEX>BXw*nyUVxU6eQsXBOAZJ!{Z`q9)*lrNoSXtB}P+^H+$-oN0)>#A7HF
zojuN(ic|w7j7}00J2wf)SxrjUp-hLoyC0Dh!wr<RYOvO|xF400`b+b=1&)=j%C?vi
z&(K&hSo((EGi}gek3mXfG^ph`C&8<U8)&oj?yFzi6VHfx)#J!hecx3{v&xRD1AA19
z1<ItAFx~gK>s|wqY%IZD5^->Nl9HEOGiI6Z)h=Gw#cVJahk+YQUchcxsU_I`yd^<V
zYTDXpaB?fOM`X2k+{QQN^R$m#d;Vu|c9)Ui=StS#ytQnV5Ik@&Jqn#l5Rs!RN)LV?
zih@I$_rvkmU=HyxrU?ziz9bc^Q5tTikvA;&%I$8SlOWw`Nkc5y%}7qjTx7~LHh<`G
zXJWS_Wa<G!PrOvbtOLtH_Z3v!-%XihU%ArR&yMSeUxsih7T^0%?6%@p=>J2}|F@d|
zTl5(@S^mE^6eHt*RDH&O6W;$V&n?!Jialb3?|H4g;}lR6{+nQ(ry#Jdf=bXz0(XRX
z)YRG7XV}<xlF*B<*gzub>rBoZ;;`93qUi1It(*=6>(}+^$MAXYFO+5v_|l{2_hbIN
z9o80|{R#cPz5Vfp;&A8JF(=@MpV7vl$LjHR;>h`hp~2PrNK=9Z1bF`753|c<@yFch
z?V6|ctGWI0@aXFOtZSW%je%l;xrcx!3mVA;nxPpPFh}GGgbLrI!5A8s<{35G^Q!xV
z4?O11qNxQPteoFE&KU){4Q@!NC9F9$%kTg2jB^Xk?LwkToHG2|?|CSPd1^K4z7f}&
zxld?)?+0mQyeX34;DqOdMr?JThDPMji{}n9+c+joLR8kkEFJB_=FeadueuC0_7l0S
z0w=e5iee`{S@`Q5iam`LU8M<fl$`tK))KE2gt!CH1e9)~dpC)_Q~NX$yf@AB2J-#>
z_dErVvI9GTI>Hlh{F_{^YbwfN<nbNL7*8%!L;G`KIeWn|X<mVT|CEKWNR3I-A@P~e
zHc3@31hDmx{z|K5*nM37wml)ar7+gNm1RS9sI*PYgiWcznWhb^qc_?mp50XCu0u*`
zjoK4al3GYYWyDLDl6dgE`g-dI*9XZaTr8LQJWk^76#j55M2aeGDr|9aeQj<BxzBXH
z_Sf3kRD0#FnYG3lh15qarX<)X)!K=tM>%<Dv!EQ5TBo>tiV^D|DMmf2#ggtGaX~Ss
z{Ru7MIt8=w!TVM@i<TKiac8q007N%G(4>;kJ(+VsF`=GhaEmv*)JQcs2D!1O)0p%W
zk#kI{ijb4IZg#Tx`L>mha7Cs8+y*y<abRP9`4+!dgc}JJIwcs4rDkTgKHUQn>wHJa
zZRsuTSvMZ7*KZb|b*ISc0EA6FU)({dLk=f^^+Xg*(S0S+9JQCDa+^hLUhD@aTB9mT
zJ7uR&6$)trs?c@V4u!D>^oJ)H9wm)2_RyIr05(XZwYyctVyIq46U#W#i-JW3Ye7&|
z)=^6P=|ZY8mCckDIfZD9#OIh~Lmh@(r3t!>WmbcWn&2jE!t>>ysA0G$8)K{Q;;T8%
z8p?Xye{nKc9+NfcNT~gaOJ4@xle?0Lml=)yomSTym(05EIkBf(Inn*<Ix&SLOrFf^
zhCezc>1!3>>=<hK(fxCzV$xeY6$WiCK^o?7L%wL4M~2jBjc<{23Jn(O6rw|_`dD_>
zg=fXd4%M(JJW##|7JXTKXxY0Js9rz2OtBjAhwx^^d(@Ci%ggeCozLk0L`#!<am#C~
z8gNq`5S!V60FLY=C8MEpQUV8#{Ze9;*j$-ad7}ujA!>-?<_b-qD)%XGh<}DwDn&sm
zH9_^Kf|tzbt(I9k?av-oypjr@R#65R<xW=ofGrnI#K8-TOcq*eiBYc3P#J5WawTnt
zs`HZVm%)Jq?f`mwFx(M3yNdl{z<SEJ>PLw0Uoa;t-%3rw3Z_s7mzdvmbvbRgm&t!m
zfpgcs&M%WPOpD2V2j%XPEZ0B+mCw3dlgv);rN8bs7z`!QBzyZC2&I~*i9^?+O_5&Q
zS(t{jAn_XSabt5690;{EIBP$=a+R2(f@+A7J)*NwlS+X7b?ywxEffSS<?Gt$#xgN_
zxRP4H@tR_dOSXweGk5nx-7?ZK`o8?NSe*N8jTd<SJdJw|T{?Q2jzC_qX%zg)@{U;p
z>Fp(sU?uS(rduc<04HP%p4*z5qF|4gN-!OSF{B;m0{E~fJaW{AK!pz)QcsrB$QTcE
z5?siKCzvq@FYz5JoXY^GH(p<#y?<`#Y(A(IW64-bL5V8!slbdwq=0csgTc|er`)Jv
z1pKAQIZyFu>#yA6Deu3d2|RjQJQnT+!LqrN57404zXLt+A*nI@nM`gNnAVDSO=T@v
zy94&r6h-E6aEcAE0o89|7l5E|g4u<<r^3EU^O>SM&`I%`;&}^dve%GyK5C3$*@qZQ
z(yQN`l|CXP0D_@mLnLSWWZ9gL8FCdtBN!OO4d10Fg7%eT3-5fb%4rBZgy4n8$wlj-
zyNW4fDV<LfaKrPFBu*z4A%K@;v=k3REz+>D6_NaH5tl8vr>7dc77}e^4Gf{{b+K`k
z$(uuvyUGVB3I&S~@>a*9VeW_eNaAa$3#Drm)r}!z9A!eZFMIqas1Jq2u}|2-k|@I?
zazBFQd^;BiLvXPcSKv1$9*aDIhl_CW;XkkyhR4l4u%(I4pS4FP#k7&78PBmFeQ~oq
zI@3mznuenO^+J2q=(?dyT|HO;y%r~dTrIN9tD+pM?1WcME@AMRrW$f+_Rdq0D_>t>
z;d5>pDT_;No~$c0ptLQZ0wjYdp_aCSyKU4U6J%xcG1&O$yOb_}MbWF3wd8{xUs)CZ
z_){nI1-2QJ+Hq#nrPGOaZWUHXPCh*gddJDim1f@7_O~vN<6L%JPj`M)J{&;C>8$pN
zaJIw6XYfE}HAkgqlkUj2@?@&VQb`=<BT;dky|*mECaQ-6G||pE#`iF(LsyYBmj%~B
zJF(c&<m9C{LlUH={QN<4F<!{YpGUz3)aVT&B&^9S1V)pS5^mdNz1m9k?-=ll)l3om
zvrak|$uiV6U?qG0nR}?1%2(N?D%}4@L@Mm0ktw~yDkOloalRv@Oa~)L^yeO1jFta$
z{_Jb?R(I--YP))uBO9M{VmRyvp8pyYMB2azhg_$!$DoR7?5XArje<Drp>``vLAT>o
z2hIj{v83@WGXBD-0>nS#{IZGn$avijM@DF1V*fO=NyUJaUT;%f$IKf!=Ok$64C%=B
zD!~%8%GIR2iUS6mVMB(3<E)A0Vs&M=UBCZqP+aZ(+3em{Z3NYl47~8vhI<8|>n8?%
z{A2|^Gn9+y*cx`JaWv(f@UH6UGG5QQ&Z@(hEomW(x5};7$>WVsFGj+T>u?z>%rmc1
zfG%mM``ESCok7h2-IQmO3y0&2Y|B&Hl<Bj3H9xC}bK2({8=npG5l#jjb7fQSJFC6&
z#qbG51wPXKKLF~#VDw*Y6DIcmpP*R&Q&9hgd;goDsx_q|FWFFbW^2bf;*`Y_NU=i&
zu7)CSph0z#ZalTl3g$Y`cW*t;9IV%6O)2(ee`|2r`J5&?PJ_$-^n5un0igBe9O_DM
zcXxc>{y|@~u65l!`|a+JH#YxH!SL{WuoREar|-K%3;A7XEWfW0yBo94tibKd`{t;e
zU2JS?Zth>~4yjg3_zvocj`Vx1oj+g*93VmG1lqGN+f!wbVf((%xBB}5pgbNYrMfwq
zLc26|{!sYX8s2h3cxum|<@8)r;hJ6UM%Sz*ta~Z8Zx3=JWJ7qk6E$ln=|$Ugd;|3y
z3|}!kuyF16#CD?az?0Z(V*#knJUCNRyEJ?$oUJUf#4DRK9N0i-^;1u)PDyV>fd_>t
z;{Kd<rfPuaEpjAYiwK^|8IfWhg~@^lhK%Q>1Am@9lNP<;Xg#iPU}Z|+(Mhp-*@J=a
zY+h2<IUw%!$6v995@#a0KV^SD&q#>?G$pK{(e+o1<1e@8^VM|tjh;|($sX!iea+|P
zB;MuITvQVYJjM1$)dVeaEY>!Z3kPG$CzEH|SAP_8m_Wztn?D-7nl{-eGb16J_9xJ_
ze0)d+QeLWf_9c`_&g09Jl{6T+|C|emum+K!cJow0;?ujTATUJo?f{H=#SBx#|Dxs*
z(OH~IP({m1Q>}<c*?IilTHqU#TMNNPb*|FjC}k0+`Sf)lXYt=Z7{aFC>FQi3@)ooY
z`1W-A0$l2MpQlttv#v}dRzE{<VcP@)b!TR$)(cr|>p$pfO)w{}85e*<LR2&TdP8H_
zLE87~v*VD}+(;kAG7|9KS~#PPdq(T_zuS5cXr3R-Pt}B6ss!k1Uh){$Yi=Gl`%~kt
zD20`U<7Mo?E_F-^&jrFUra|_2;z0rM+&@G83e)?6_A;>5u|UJ*$aAji)Zwd;<m!4p
zl3BaEfC^!7FMiR$)#HuIBW#8#43sKZ6HfQN-+hp12zElem=Mjnmw+Z<-F=Zg<Y=90
z-{?lWAkjvYfwB`@UF#2Zd#ABh`F1AzR29md>;fk1cEo0Sn-Vcpy{}gC2Gna_95=pC
zQ|p-tn+7h1oWKx~MI0=sXd95H{V2kdUCGvjmk8L4LL^`t!0n7!JNlc@VJCcqlw*r+
zRDV`zO9l28$MjWI^gPB>&cS0&d|s)<I(rA^TaKW_j6fRoIi<~|3)ou{3jT1w)3sTM
zuEvj^Ho;PhxF^dqJp%>JpT-(3hdgw`9gJEFHwvR&h-~KtGZdoau#qT9>{U|?VsTsc
z;CXL)7dOUWYYU@77%WhYHzfZyI*`tF!(9B4O!s!r#u?G<jL51wt_BSJMfDCr(RZ7s
z%?rd-zz!C)zMkQ;sjNXr{Yk{&nEED@Cl)6TFO(4nI>X&m@FuH_v?`ma)|?c=M}ou!
z=7`A{*T9&22-wJig1wPD!PDB`Cbe$OsRbBgW2IWannY`|^%T++$jln|i=HH~6p)Nn
zw2dQRqeS|{-i18aGwV;_%$=8Gn{OFPc>lP*ABIKW$TsSzWP5RM?FSHwgkYdpWj}M5
zY;xq~j5yyM%|`9O2Cf?yR5Fmn`2P__6UtR{#HR1on9%*O;KshQYvT3fzVpEP8OR=`
zCHUO`fHT`W-B!<IMVVX)5@E?%-x(Qt;nrS%qfbhYhBK;3$Qgj89|0H#NwV8Jane)P
z05#&Q<3A0%ga^(fC8ilEJ1>piNaynC=^;v*ITpokmfIzPmfGW#rYWa#j-i27GC!)v
zOh(oy$4=?uL==eOR+*ingTJ%K^oFs6FRZFx$OB?*Et|`?gxB41cP1TD0y!K?3rC<X
zlDO&YM4qyNkn4ZP|0X^jQ#fsH$#WfVesJ-)ti#+KkSq0Es%0m)(Buri6vaoCvj!bh
z!~SqaeefAQusrDs=b?{Im!&!TGsTX(&KqG;<V?|Ug}<sSklr0Tv2@<y>K^0)OI;hO
zn_dRfr7YQV27=mMZIv+*pI}=yVO=ih!hD>Y4BBRTd8!^k%W9#0;$ZY4Ue>7Q{UX6G
z!{pH%J8laRt~pb;m)$yne5orZ*3j_>9VAwNs1}}rw86zh>BFhnx_&+J<Rqm`aHgu<
zgo~#5Xojf}r3=L0QUtoO!(GaFtwMx#1R8|YYQ4FzYH$uez#mN;rWXDt&%K9WO0>;O
zBm^|Le5aT}#6-B~=2LK&ar8A7F_a9#5iG%`=dhfr5H0Fb+vj_S3Yj}eNUp!KsopBC
z%we8g3xWO(7^(nU?N@G39><PXB*-hOf=suuj!UMuqH^oS<)Ugxf{8iXfL6u?v~g?4
zt$}A}4RDK^Q0Hapg*YQE7AXUC;H!J!Unsl#Q7k)MLTFnWHR;y`*J!1V^K#J7iwueD
zA+9!HBB?ToX2oB9AoyXDP@#qzdJ`S~{hYTd!|+LI6YNXG?X1)_&7Ws=zwheite@Jx
zS&7M;Y_HjvpV<h1WK||h9>Pn^XewkER5^v6v=}eCizSqZXd>UMv_bD@*vnP6m45IZ
z{`r_U(t;bn%qaQzeua|TWL$sXA_yK$&?{J`Qs`M;`yH${4r0~i7jtIr>jpIkii$L6
z-rer$Bi(~{m0>%`1S%Wgq$Y1{TCKb*cd31Uu$HUX*rlHgrxP?y`+TUahno9gT?1$E
zen;%uyInR@4kR>B6J=SZZgcXdLKMIgN={H2ysxe-_%SYbf|Ea}0JFKJKnpki&|l@Q
z>7sLg&%0I4AN6${zb^X~%NueFv1dkWC)D{U%?ES`(+Vm3oVvD`CeHR~5sj&q+B*61
zeL;@iq|5wIGWkE#L`;kf?Ef9;FtY!rO#Tgd{x4)wNz;n7ldH#QH7Ko2TD}Z7*vA99
z&dC`kGDcMoIs$)W`}wMb(5$S;f3gOZx><^^SiV#7&T<15rpN#7WdCFb#8U)?u<Hu|
zT)Kt%ownYf;7SkfZ}#%p=Hl;(X2fqfW5MVC@O<uvK>81!#`<v^b@Z)Ary8ZzJ`ib_
zFi$WG_AHd{I}R}u!1<SY-M3-u-S7zNP8#FJB|TKa+N=3ilaO_&3^-mA>5*xIj4)B2
z0qH37U08azGQFCUL%zc^=V#U>s`YRZ*CBSdI8H%R9=uQP^8Y;De|`dTlwk_AIn+bG
z4^t7u{CsVmzEAmm+Xm;eO9ts7v-}|@2WP{2f8k<gL?_1ez$+D5Sz+5(m9W6bh;qi5
zg$*1ZCcKe<9}PT=ktZK(77MGc>8LnKzr#vQ=bI{TpIxhuOmWdWEk!Ai!=`()I+X-g
zQ#vPkjv8y|q-SIgpKWH__o1NqRi8j`6c@A;WH=$Pkx|}?!uX`)q!ZL64DJhViF6@9
z5{0&z87c(mTuf|)tN6l$EiBr%Fcav+2>mlC1w;7^-pa$(X4R9~Frkl^4y1!8DoO%U
z%fqx#g&y^`c&JFe*pbd2H3eAS4j)TPmnkx>Ob8(l6|g*O2wtF^4_>b0%rjj*P&>f+
z9lFZa7M&bTpNR9|LKU#aS>Ph~;@XXjCs;yu^0Hpd)HoblnTs_N9U05&{@Go`k*xfQ
zarz0aC5!(#$l+H3_JAGH$mB^iUxbH<X3WlF^cHKg6>OkYQL(JiT)^Deuz~i9JJ`8H
z`(8D0H9om6J50$^s9P!OoaoPj&Cp0Z4;JmL-deo2fPP$bCE@I)a&PM~s1QgRK^JAW
zRk1;h;>hi*)J`MYBJXhNE9%@Cy~E|GgGLL2na!K2-BIC;(UMY=xqS%(5!N;a)?tJ3
z_1B<&92jQADeZ)|ZQW_W4qjoJobAr6kYgJFjcoMMWj5<o4QZ?MuwEzQu8>0Qs9H*?
zBJDg9R|!=d`<6kEg~`p@+U2IJh`AQUQ=I*`SKBPZWT8f`O(glDllY|#t-%TYrI|xX
zWA}W3BTzN$M5J6MdTU|=hnK`-TZ<$0!gj%gWZ7OmQ>ENT^$o|Z@w8e)lbREI?)73X
zlBq(kQ<By|`E^UtPKA<Y`od)d)yf%-T4BG-?27|FGD==1EhxTaKnIJF)?!Jrl?)00
z?Evu5l-|DaV)?REZNpLpe%|R_gjMqa+AP>DPW`0<>s#Gf@SM1ihF!k3u1w#7HdwA7
za1y*Vr2h4yjoos)Ey{1(N;`GBSpp7{ke(tlnX$z|M?JzjZWeF4vl_)X)j`oyu3%r8
zLp!S}YQZhUec3WMaO73r&Hu*Ut(jI5()F!!W&Wj*1<88y<Rc@19kX1Oq<^y(RO9Tr
zH|L?4;f9edX4_<tV7nKS$Rp;7wY^7X3##o=K>q|rpC>yE3NkI2!TrFToR-UP)A)z*
zQj5)dF9L6CF9<u{19~sK{OD#X3t<8=UiN8blHIenQ~C@IX~%E0cUxo(L9sQ;{zCm%
zF!dJDCvGku3eyeBT5K9D<z=ui$wFm#={*n**{(0gCqSnaEB48166qdN`yR=*38T*_
zNXywENXH<-lfQ**KJL;-&Ggrht<(|SP2HniBrV1YCBzGOGn?Y>CE)MgJTt59pK%!>
zWf@}h?<499>?a+ZC0=$l6~?Sg#)N`Nbh%{{P6h$%vB=PXthjC-1!?)Rx<-grv7OlX
zt9DH5nb2hcLYBK^RqS)x^l``+kG&B0eqn|971KCVfW^Vx@vH1W1H@IvY6wO+D}O`n
zwHIz|){5|3!D=~~AqkO9AWXRc&^$^iD)Jrr;*4)SHkFoxmW$nUz~smQ^)xjEfeB{1
zw}q*(R>0S~gJDRGx$xVM->XpS`BqcyTr)rS*zQ(Ls^aV(ZKaEy7NISBmCmcN)V+>;
z(XWQq(fJ<6(u9soNf?1n@P`%KJ9wI$k{ea(XVNg$PsR6))y6JdNtL99JS>@QO77OR
zeHclKKIu&ZvSv}5WsfhGXWY+>6>J&{ODJPn6>?AeT4->14H0zL2`Oqp%Ha(%mMy9E
z&!&!N%w^c=2muGz>M^%%&@hpsh#O`g^~iTV)O1$^&{WNP7nNd*+?Hzja!s0U3t>E+
z%kAcaXRnp_<$A1L7I}^hqpX0$&b_TmC?8{3Gfoi(otFMFi!Twa-)?+kcrzAwrjd_g
zaYTt4CE|qxLBJ;<Ztu(x;5w{^=YOeSwNH>hMi;%3_!q7g@tJg%NcHDjx<tuP+4kYY
zqZ#QELb=*R6jYV!Iisi|gz>CQmxT~w1{-j@5v5FX=AnPxc?SI|BC}LgdgLmyd8p^Q
zv4Kmy>PGs_+&-1cihNbODQJd0%AP;E395CgTNvikHtrd_P*!a@KTyD$yPi1yg%Z$D
zt0b)8ehs(TB-c{uZGn_`H%!rft;+$K!Mwh`1HvL$gsEG;rgfjBG9|cW8(`XPDLNh`
zqp){OaF!0owPxCgH<f~duK8vFB{tnTQ<bhsu8kd6KA)D{xtxR3TOi2ZM-b!PYFPzI
zP|2aDbRuqFU6|e}`{zS6myqVcm$kl7{YFjja4qL%DO>Bt6SSj`fMJSbiO$;&Xslxi
zV#=f;0!pqi*Ti}&%h3!Ootf8CqT6TUldP6DHn}yXo(4$Kq1_i$Pj-iup^xc8WI#D6
zloLU{D&0yV$(f&4kcOrA7eW4=Wz;;e?e^N0WGs;@ouLIL|ER<lYcOw(mWt+H6&2*{
zNTsv<vj!;14GgSGpbPNHBlIE0*IREtwTx(ijL&zraAwZ?uFcTO23i;$y#xgv`|BU`
zv<0Gu<0-XR*shCfj-ym|-#41(+Gz1dr({BOAuMd6MB7%jHaId=yI_NheD0rzL^nJP
zBn29O2gGo?H?zG#Z!tKy>(D?b;qdUkv3IL+_Wog!-*|z!YynYSY${^Bx~~NkIA@@3
z0p@Z;0gi&nxQk&(WS*H0un@9oLcl8iet(6WL=V;&)hW()K<$9b-9S$~PrP$0=YrTn
zKsA@^=~A*NFi7WSx@+hta8(NUgkdpwd6M~0Hbqvjf(o2x_0R5dm^Y|B<75H-NJ_=h
zm%>r7S*n#^x1L_3*!r<eUn{JazaDad2_V|;{q)tT2@~9|L5wJ~>g?t`I)!3(vI04-
z^X+oCO>q(x%BVHwcn_U|V#PHvRxmVx4O&))gg=I{piY*t3BErD{eaW;EU^D4{QaN7
z9VQkwrvJtt6T^StkLlm6?|;KzvzAos;XjL-{{(v;0j}yKB9a1w{@1qPV>XEpj_OBA
zR}jA%fE!Z3J}4Ui6nw>a(j|-yv`STm%W8592hgdzdf#4105bvID>C}tug`~7e7YYf
zx8dVfzaAbwJ%K8YmB6-*$y0thzqM!Zy@$8S%($mgSMWM<%BTcSbcm=XeFG#_7$C$u
z`yYoSyx2~k@5|%E$Kz2to5u7?ym>Te*qM72O-su70}zPYeQIC01!y=y0#Ycz3>V!6
z`AL&n#44~26vtwyRiB$<K=cW9`Sa+M1(ugiSOXjAI8+kS9{vni<^WXG{OYmc@v^qS
zLFcY-&*y`X45FAVZ=k&x(oW&S5D~w?pif^53&iQ|)Il<zVO!^u$i6hOiWRwFeStly
zx&iowBQUvs?aE9msOHM~l6XkMeGy6g`?*Y6rZ;jdcJSo3P6`0YY}>9@Kdv~_7xesQ
za<kHR(Os*fcH3Qj`-|5HN{)T44as>`N8lq>1hDCggXC3oI`nr|LQ1Ynlc=IkCWWF8
zvb#*nd#5A+FWH^ioAW=7xPvrRL1g5hx0i|XUWkVquV3r~$OvSZ1rIkIYdB7S=}1AP
z@uV9ZB)g2?z;xN!`((tkY$U*<wnwjB;MjA0D?)PEvwYYn;lDOdb4S7vwVIxTe_0?R
zNpkQx=b=H(3!1}O97jJLOx&MzdYxj5kON5m?6la!ApL1DNw`D4`2#)%1PT%%N)8-e
zwU6Z=JYklSV79UlDeZj6Ex(WS9PUpv>{#U?xG^+uF&-7bt<@AGDFOH)^BxX}k7kg9
z5NF^kFd`n}xQpnUvF8IFY&aj`HMVf@cT48&lWDM+S<s*MaEN;D$zCYb-C?VzNStga
z#JqK~d(=UM*+ST(!qnVq6@%D?#yD8i0nU1f!+THyODh)XQ{;NY(%35W9nOmFc5XU2
zV$@nv=|9Oigq3~u`%92c7)=HojiNcYYjMprnEoMeYry3NXk*b-e&_2bTR^qu6n86P
zQF#NA0n-;PwCJcS3Av(Xo+aXNnmTuAM{BAb*yHzBxxw$L5g}`$Sj>xEsb^Z#B5G+L
z-xeg)lR(24_LJ*?j!|r*z=R;P!$dz*EHC;4=iA&Lt97d&9>jCTWiuykI_AsNaVfwe
zinNNWFr}({qMU>1P`WGS{hTeAW({qqiMR^yZmiEW?R@{L$2iKCy4zXt@rbWCbgZJ!
z^mQqce^~dlznj_%8%Jhcxif5%Yh}aDDJ6KWX60PDSD%(Lo)Vid>6>JhCWMe+2<c{(
z;dE~-idZLn<IZu)*T7YkRA+545U$Znj~q>nT5mZQ#G~8)clKEr>LWl)=H~8v{w=2f
zpH$33xZxV{sz?+!zCgQrZ;&Uh{%Yz1Q$LrJh(wBzvD{70E4zav8g(NN2-W|mekDLg
zyxm<w!ywL=wEB`rpLxDhJ#z1A3Yt2l96O^YnOfB*!!%Td=QuPNO&w+L3zhGv(>>Kz
zn96zh;DW*A4*4N~he9uM--!k0kU|6Pa8PUIf+n(F3JqNCm`1WqbJ`C>Gl}hjiW-B3
zv0SONh~*_-+AN{!1U5EKi9_z%jBIXspIS?aXl_z*a1+uXsLq)zghS=r;0j+rrW~#t
z6`AlBlmaYckyI5Nlv{gR0GKj%ZfitcL^ZjEb2^H%#E=w%eQ0AqJ&o>Dx2fAaQ%P$P
zSMDIE1nVW|u~?f{gy8HNE!nuS8C_y$4Q`-;@Eh}uzWoo*qM6U_7_Ay+-1ZBUn~G>!
zx)j`dTPlfY4D)i9bik4_(tZtg{Yiy0p%2O0>n8fPimgN>;k5U)U?m-;qv8dlG(P?*
zVzFgp8P&S7WizZCD7kolsT>@;J+GYeAw(%A%LbxV%i!91oCiTn!I^~rM9icki;orj
zKt;ZTQel<;7+&M$EWBX=Y=BwG=>=S>)^sLUi=-gGI%S>xs8fleZg^Z_6tF%tO<kd=
zMLL>35PJ>n1=r3^j5>*~RBO!P4B(&j&g$wy1&?tBJ*ZWa+|n^q^5`yYM3fF3%peCH
z>k-U<5;+dN!v-Lc#eJ=X{DSm*qVO<<7%CID<#p{b+tv+GTa-E1n80>nn%Po~@BM%w
zPhc87cLuf>s*`nh!lq)$IfLG+xR30-ict<JhPHeLC#}=J#KQY7l}IAv%c>(K9h`d!
zBx&RpgHe!98Y~2&A5w(q)zI1IsgGH;S>_k!>5ro*wjMVFd3|KiCkhAEn=h1vPx{#_
zdr*lh;vKWF5e0U9mPmN)KRM~ba}|+4Eb3miFyvZI@smA$NHHl#zn$b8r{*4nLnK0*
zONAR6J$G_sXghrg#Co}H5gK4ao_`5#3sgNbsqY}KJ-|}VT0Sjd4XhIx0xwMJR&d%K
zp!l#~6RS$@lXVIdph?;lUJ5ID3mZbiR?CtZG}9j`Hnv{3J#ufaaLhTOfG<8Ww?Y|~
zEU=Ud#wpTON>R%I%R{5zd2epW(c$40=Km=p--e7RZoe6)8>Pn8Y#90}YXTeOtV{?+
zpf{br>^_EcI-UNx*UfZhJ*`_7HL;QUSW_gYyX6q#Tb1N!yj?!emy4%c9RW`mu45BA
zSN+)TSI}X-%vIi|Em+v~qs}0<d2uvk$B->L>8K4ndnWtP-L5b$T2>h5F0-k4ao@e`
zEK(-{A2arvOAiEd#wA@%3x*Be5Oe_vHuwozmE`j;62+9VcSmkkgFuU?6Jom+D(9s$
zMMU9tRr>(WHk185k6VqZ^Zzh*PECS^S-MVFqB1LO+qP}nwr$(CZQHhO+cr;i$LZ<5
z=!lu?{R8&%y;{In6Tb8lqys-`?WJN&-RtR`_p%I*qgEE0qHQm%lAur&v_sTYHrH5I
zBn`%Td!8_p_p^@S*b^?QU}s55sxV-73*j|%HC5&&+++^v=Y8SAf7+&DLXF1gDI&t5
z@pkMwQvB6`WroIM@HSf~8A4FwQGC<j_qb{f3#zqrd#Xl)z@pu^@Ru|ni$R4zm8^#U
zrb{O$ZbCRmJ1HgtoTr)BK;pK@z>}>x+L<F4GV2QX)cCPw{*3$?L<V(H*NaJe>y!4%
z!3UB^xF5?KhJA=@U(|}RR4L(BMPUZ6|D7qO@B*<|E?&=_FyP>wVbwGG6R?KZHo@!W
zE~n-~o<j&Lk<Vl)X?h{QuKZxNrpn$;nG+aE*4VfqRnhBIFZ$VC_1@rqeP~t|3TeW7
zOofwJmSCy<y29KRxKVx`c4a}818E(g*#bm2a$+k3(B(3=hvE#{sQn&m+ubq>$z;;a
zhB1KdBt7&gmeb(vfkbmO&$!|EOx%7ew3N1xx!c}lo{cfc+mJk=H?_&Pya%(@sC_S)
z(&CtiVD^aIAD?iHsMzJZxL<WEN>?|HJ`S8K^XPp};4U4yfiFgS#yXpI)Z_HfUJY!p
zV>OW#wJ(^+IDdYeqzAw}7LPCWL}mAV+{`sC(?Z26=fd7YhqfjJq0fW>jgAt?a%~r*
zJ!{<0p*K<Z?ha`{i=Q1oLreWm+P*kdIV!bFHvTcsbPue-_DgTcr2|-3O~Nj=_p!2I
zo%$6<1P5wlV7k_-+yCJv1JCfHQt`uI?u4=5<hxE0@A&*+i_$QveR4z(wb9J;8dvD}
zq(*?E?t1N&z;4oiLeghq$jxmK9#V<(JRdc@z!j$i=4?LjaUj$dXjTbdv9Ayqz;WgT
zvJOs^C)`(==u*?C$=N&>nU{6Ew}Xe0HRFpDUOas3teOf5#uE|*G)m_b>$n<ycu86o
zhy8N$M(_9GTseHhB+#_*vRK?(GKf;aCNBb>hwV4|mm5V~ql=>JaDz!f51#Y1MBdyV
zKJjI9Z&Aib^Esl6z6!Bo7#Elfti8f-RP^xz5=)jiq&p#~suU}qBir@5jGVr{^Jm92
zjRZ%8poGckFEJ%=Y!&qgTOJLIW3Pk{Trut5uhi-R(ULC4d@?HIx-K%zn((XPPuDk`
z*8@$v{{s5|<oAF2&umQpj_uR`t6uu=K^FRdSknI+=wGQz)Lb;fZGWhkV)at%z!UYt
z>b|Xl)=PN!Qior!H-g6lO%eO_47kM#h$kmK1M#iz?!Sk^vtdpjWP}(}H-DTx)=c;I
z^tDq<SAX2ul<;^heLWabFX-;CHu?B`ewdxoR6_*>?BGayp;8mXbl<ohei`|~NmYU|
z-aN)EwCKQL@u0d=I+_wXcDmHd>fC4Y4?G_b8KN`7qc2O{PDoq;PAPPL#$<&dTEveh
z&nP(NUYQcFo;=iS-DK0QIp^$XUpah#UO&EadM!|c^U6|z*Y6rfu`H)Td{fgPYnb@P
zO<hfXEd_@S;7O-+tKXkgFg0|gZ+J$l930y=8E`Qlc*3Zl>{UCR&4IHF#9H?|yf(RX
zW*cABAYXS>Ks1JCXPBrr73S!^3kDPKS>@OEdefesN#{l>FPP5D4+k-%fl3fa7Yv1i
zY@%fAPIXDz@h=J!f{J`hoUGIcvHrf*IGbesHreZGnUfxF+m1H2?LxD%xjvi5o0>=V
z1~@QnEDZE3zg3ge{Us*l8feD7;Wu+SnH9((qtgAG(ne%lHXs#ZLAb@3bIh4i$na2G
z3{q15`(hw<5B@<96MLAd*H|4Uu&R5L$Yko(KbwUT6W0jmA$4_%W%HMI2bzqNFayT{
zn<o37?C?o;@!DV%mg{ru;3A2>Ks=chJQLiyrQZqZ4+T{%PA_=qZ?}9S<GqpVb1HNk
z9^WZ`y^rGK;*IS)2zZPz16l8OKg!-@0X@D^1_DtC*HMZ7YO9w6$29Z-2f)$2wzt)B
z5N2F{k0&k;Dm9DuKD<&w&6cWVZ^IJ7Jw=#52vi7;{7BJ`*l%t56|C@;q?nL9xq-MF
zhKK3LkY@bx+_)H6j2+m3YWpOFP{(U%$O52TfAHT63s7_yIhSxt1~Hdf0k?s)4E%2F
z874-lci-$UwSYspS~Uy+aF|k}su$R(3~KnbxhL@<6?P>;!UmhQ3c^VhlX)JL4GioA
z(-eJd23ZLUT<XWhRiES=Z@Jy-WmE+2aWb-9S5Q&OfK!Oy1Iu?Y5yfVy&tplIXKd4y
zPHxPCP&6t)b{#JzG5G|`{L!&X@3U1zpk6SEut$Ca$QL04`ioHZ4GgN^Nn2PfU?Sx}
z!kCtY_ZTFrU>r^aH!-6^FWw_rL`}g06LqT{>yo5_%NW|BBy9JJL<G5+^FRT20cy-g
zca2S;08+^PI=HGP<7Ms)10AYVkj>i~Js^|=7zV0?9aKw~l*W?9u!lnpGZ`bnHJn|o
zMRSl91vIF*F?rPW!?I_a--rG&jjIT{<>&+^ONaPvluKj^UX2Sf1!LO$Es%GpxM7#!
zY}X3A2@fIwHSb7kXCtuwk?R2iZGDOE*FwQr%8R?M0R?!`$yNB<v9e3%EYl#-e@&J$
zxzc}02N9Qk&1jodZ`&A3T6r(FSjJE`m?ar69Lgx2P+<9vH@NM+&(rqUOw^YT>tx-8
z_=0r~v3)<H`IT#nv3{U8zP^&6#q=t;vsFA!>w9J-dbeH=Qze>0NIOd`$@SZ)7ClFS
z(7FLN35K(Qj+~SuuxQB0I%v#ARs_mQlSu2GQNxH7M-<Hw#+)ndfE_HS32{a7L61o9
zEJ*I&FHVjuz<hSYOf0zyhcFW3)}@y@U+2SNjD%l9gF1fe8d8<GOXAYG-gWNi8!lcY
zWcP1-p?xt+%*1ycPAK?$g}`^#RP^Nl^Gy#vUnX;4CMwZUW_NMm6!@>idnFv4+6gAl
zcPk$uwrxB0qR?$3pgnsay}TfX(>nc(STe8O!HX2x^{Rs;8~5aHPn~zv@N$B;H=Urc
z765QOvKaEw15^utDK%z_d`HL>DT<$xpkyb{avrU_AzZob%e>($J<Ze{d*unft~~18
zOWv#GX@Imr`&vw82XGx-QGk2s1L}RFH}i|aYeWa=85`m*6p|xLW&-C3ol>{(EyV72
zNX$yLiO1`%FzZ+WYp%)9I3cP?e9Kfik-nIUfJ|s9J0bjDAFsS6^Mj}gn$&TW?Q@2f
zQB1$zL&L)SUUhCJItMCVN#wA=`q)>6jhwp;Ix_)_G6Piu2dMBy>9Sai$*!n!wn?8F
zTH>w5Vq;2MU_x>Md5#I>2|nHURk~~aID@JlgzL?Uo;<YbHzlIuutEzaFP`w%Fa4Cj
z8w#)t*+e-hjoj>9p;V@ye3WDlNSp>LE1DHo?b)Dbav&V~$U2=j?>mJp&Mk1eHTlYg
z^5N^K>&fJP_G*f&26Dtil~dO4auq6O;FrbJGV8Osq!g9+p-Jc0d8=e14dpRwMHG97
znvQrGVP+v|_M|otKqr{ZKU*Fz#k2Tbw&m}O<$FrLE?S&ev@xd2t#|Vm0qzK~fQF#+
zMKx(okM$Enj^70>c#GW*Pj?tiV&rh+h#oXjS^IsP-sF3EPR!9#rm2i-WO>1hwgAo3
zN>7#eK>#`RGi9`u`9<LONWR#-Il#wrHl3_rKxt3H<(SO-N*Y?RHFdQtl@?F&=R~Ze
zkMd(p)9TIa!{fS+9(9knj+s!zv&ZE-&&4$)nve?i#g~+!YcKugJHg{wDqx#jT*WS<
zQ5veI9p#{};p&XR6)2*7Mh+F5re2|4(eaQGY*yt!(s!0_I=Sl;N&!Pvl4_3H@f+=b
z#f}x^o(dJBj4($9l#13y@1*fG1*<D3W-Zh1@_;|4>qAW;Jc_#$cb+ASDbnxS62sC3
zmX8!>W3_t9n{<95hIoG2aa9BiWH}8`516K04zL#P(%e?1qFCmqt8^-k0wz-LAYt&|
z92%&EsCY{?xzwcCbO5c2)bbWl<<0}B0iUmkD3~%vMe~Xnf%!)_xSU*trv;%emVbY~
z+lNrFGaS2tv@0w&u4-4vht$-)R>JGpfz-c%?2aa~k@Bq%LCnZLkn%@u=VeDlh)?b<
z_m3<c7v@RG(hwm6bbzxg@`C$4+B&2%hU|IQ<}ArP#O<HiA_yNmbGvUGj2{R%?xiyL
z<4g2u4YzL%aJ;0Gl}oSVJ5%xpNZ?PHLvRm#g>Na}k3(aJhagQu>V0Pd$%_vV2Q<&<
z5iJJQM*BLtx%%U9ifn!)n7Yn@c^p)}a>6bdJ|~-J&O64Uyk-1t-9d$uMCgB?T-ZJI
zrQ&a70A5-Pu_#S$>})+PYXwsYZwr!10r4+1is9d#D@7zIf9<`LS}(Zp^qpQzJMR?5
zC~$e-n|I*2?s63}@3{CFUX&J>s65ua*D_zzjOHw^)8mNLoIpW|oOyh1HluuZ?cm8E
zKK<&l^Wpo>Y@vCuYn+H#Iq?$NIWXzgewD!ikoow$hzUFR_Wwky`{(CB@|@y7EFW)E
z-qGtbEL%N*g9&P?|BWC2l~kl>qG$WJQ2ehl=zs9zKY|1Q8$V8|kA*X`z<0kWEUw8K
zU5y9g=askL?`Gun{W{oK4QBftN%Qa?4Q`c3)KLG?g0|r3LOm`^x=h0lkK*>ev*9BH
z<ejNV!c(z;)6@O+xOK+!`lx?@gVWQq#k1Y%|EDvR`ug#%X5poRy-x(E=gU*+<%qIo
zzpk_*_UPX0?dTw+<z!?dM!+7PH0n&OBXdcKy^i{t97!%S_OA@RPrfL>ZH_5UGcSs8
zZJO9RfNEDkwhN1DUK77s*uon<e1Lmo23v5SjZ%d8mGE*qLuoSe%EupuH}baUpNm5*
z$1*XINQ5f}<gP_%9~=qCg=<tjj{6IlZQk|BRy)ila-c^qvG(=KE05^ls}of}0t_I@
z<uzdP-Sq|~9_!QXc!V|;dk%aLieNASWiSWApOI9w5az}_xG3hYHs@a_NIA|X8Gq8T
z^1_QJef+TU$j^lg@7$DV>oZZ`p@fiCBvDAkx$NQ@;=jl`9!jbIB?u`4Uuim&F{sj@
zmJA`|(scDD#Ig><kK0V)oj{yFYb}P;=-h0{*TC?$Rw<WNh~FntLQ@t5y<~Q_M=;>l
zdcp*vKF8ncHK`_acT^C%bb9JIc5KNt5G>imq*=%vhPW^L{44i&IEx=?^^lPV<jbRZ
z{zPdQgBU$47xYHzw&|a4j(IYNCO0wi!O{7S6ivNkPC+38ofpBE{^87XeDQiTd$Od+
zKoH8Y?xN}e0lMr@^7B&Fu|!8~Zu+6Y;bU3+sYK`zTPv9%T*x~^D#oMnk;GZ0*D?bj
z_2j7Y$jX4g0TA~+;u)*9+TY7J`95_{Ez}Mg`CYBNyga7?9{SmX3o{`V^Qjv3HB)TK
zgQqB|u7|DDSnM4$)l{iv4O6lFqlLEo@%XSCL<A?$^ev`5$4a(i)mfB3mgaCpAWXDx
zm6EZQ6w`__x&DgQb9G)90a;um3Wm?2P_DsqK@x4juBw=AKbTStr|~9xx}$Tc_a9f9
zFvQcC5XaNe0LQ$FYV~Ah*llR)ME1>@C*xJ7ev(qzMX9DfFGk(i4YYdgrUXLG70g14
z<J%Cn9JT&uIciIBoK0wHlDo4Y`7N1(V}_}AiL~ieUDFME>t+)AfRF2HkGQ+7=_BgO
z@l+(gAH-JB6|(hQkHmf=2?GKl&=xfhp!&P)Y3NC7_#Q0j*iCq%@L5Flx`QQX!>H&R
z0`heU6MBcCri`sw5I=N@3u3dRj$+v~NI1CpIah?Xjev&s{S1XUV1$8dMTJ2uv3w1Q
z1m%?9%gatovnJQ>QQsl&qtM88k8?4I|4w2Zb`G8{5<_QeHLBu!vfNBnuydaL3bsQX
z<ynYG68YB3psj|o%Ms^~B0cA)VBIm$Yet}4cEnq(Gz@Kmt<*Im8L24^l`GtxV@jQ`
z8qByF<H6Fy=!g)rBI#3k4R?cxTDkdPkN;Lh51)%x8I_8ZVopFzcpQI_HqzK2yL1vh
zTZ5RO;f*`Ga-t=bR4deQ=t`m%(3|iiP8=A;2MMZ-Zk0sP7c3eXmo!Hy9Y5r2HE?o2
z2r7o5>lQd#qIbUHJMAWYVB#S|G`vzAy-<y{8c_YXoeq#obw4er^rVR+Jbs)4;t*{k
zLSnSHxhSRC4<{c66Nu$5^{ZNXgpF~+HoWiBAF3kv#CZNAWXvGtWoQg#$m}pdUcSj8
z)Mc4s#uZ#Np-5+06|*Lp$v*Lxyzgao<U<v+a~}T-vq0zK#BuERn4;e#4i#f03&toV
zZVe*Um?T9GtyIuBel=NZLB$+1tkBJ%^+t$;zH6glc*+Q=27c=vL|aoFwy#oM9VkJ@
z(@kq*`MvtJ>L|tq_!fnQgs}RpVT9q{fjmc1^)(f%Y~R4h=GL@V{EMb~75H(ay+k$T
ze$8?`Fy)1iBbV#3w^a&hULw9^<)wl9^*f<qa@n$ROg!yO9S6dz_r2h1<AIQL7*c`Q
z>{5F=Ig^w7%2em<V6ymz)uH%asbI!q^}2;FThnGS0Gy@63RvV70>^}eQdQEyDR#x(
zg)VXB-<Bi`*2|HUS$@(tzDPiKG<e%c_!c(*os|0;WW;EPR=l$_-5fXemm<g6g;#L*
zRIYqR-W9`Txq1Y5hrt*Er~>tqqSp9KBTV6Dd13_Q`!=VIj1n5VIcG)atp7e!RL!c}
zoEuaA4tC`^I@p4}K?AE(N|$PyI_PxWR!ePBIDl1NYsgp<BgzPhLBBpOhiG09qJHqt
z%hAEkKn)gpzbGPS6XS+1BJ{IhMM<YkLMt5kx9IEAZchX67TG4FFH}XPt0`HgFN^p%
zny~6#6P&agQ6ElcqB40I)@Gk+s~zq7as}d}BE_pXdCZMpc2JvdIHG-U+(R%S(7`wO
z25noidN2pz3O`zbHEkGdxgIYP*zT6NB?Z@5i95;-q`zqw0I*EumeHIvN>3l*$J@`C
zqh}`{MYmSHODAA9HtRNReu-5iP_(9mvk2yBsTFtRZh6VLZ)c;uuN&DuY*B+`M=~{*
zg6$n45SFwl3_I<<4(C~|+r9qG&f?_;72zf**%ePV!AMzEueBU4N_DcPPK#(xQZc1M
z)NKOgUCl<Ld+q4Ewhd@~c<zQR4cyzLhd&Z;xu2U-SyV(=7vuvdxoQeou~0vJUKSQh
z&NMZ5AvG+PS1zG~6&4r0eicS=&h=EOn3kmlq=UM!a<EyPNdIh+@1E~8VyzAexrPTF
z%nPGP=j}Ty$weap2dg|iDbg>EA0aqCC@Bn<2zOb!=VgXfvDGz+AA5lxNiLHYm&T_$
zt1OBlFu^7$H!UR66~99H1(ZrA-Uqdyon5Af=#|6T-WOF2-{N2*O)D^_kWT3u8*NPF
z^INly4_L?)c!&zD2Nl<M&{U=6!Ub=G)BLPQa7Ek;VBNk?7+7JeJpQv`Mk+!!rxC?p
zh9rZCzP|ymb`f}?d|7VAt3%0PrC<g7Nm!*}HSK*Rcg+C!0|{MvVE_te0LBC&paPew
z8=L*IpN_>!#~)??s08`iK!NYOm<yW$Zl*u4Vi}OKZ3Ku2=4o>J<_SMWW5N}!8VAIb
z9B2YoOM>3+itK%`S_h_dAGwx1dWEF>e}B`ZJt*^@XTS`gQ?*ia46o#vn@u;CetFrQ
zQJx+Z(cuUFk^p2F6wl{<g{eLX7v$cnB6d(b`XFE$%{~#eqM=%6<i=7R*Jx1MiNSha
zXXAR)m$0$rY#7R@^xJG4MVme6h;fU_Vq$}PdR_dz3u>E{Gy;NFy4%Kr890Qjv`J`*
z0>>WTG{?N*A|+EP(Oj12S);B=oXs+}ES55Sg;9KKC9{`fk-V*`*b(Fxu2R_$tSfu=
zu5HOYUTN#A!_ltNHS{ZS9#;BSq@pb@sgZ^B5zRv^$bGpQ?%UlX3G#~;+J6Jfe+5nH
znf_Cl{8!=l-(bn`k5Iz@29`@2e}&0b=)dvPI48eCe4-xT00299ns$s`0IlD~D`tMw
zkdDk>A4P-_h1%0&n`^(Rt7{A<5QkPo<lB#dN`AaPUkp!Yz+KakIlrDSMs|Me-)FuT
zGrd1nM&6(3@SwALHH#Nkc%*%{HX(K&pJrqNzW-R$rgCga88Z^RlkoOn0!g!?{bGpx
z&fdnSWJET5G=u}goW#tY`p&}f1BQiGHI4KU{sEE;xqE-Qi8)yrk)awMHtK9eHaNZ(
zn?Ga>bAXvN6-f=18stFr5vn!)8qHAC^B<byx4o;JWwj`#U8iS|32=URiHp`L`oSn`
zol}JZ-%T+##R~v6$>cEfdR_s$unj=!-JbG|Fo{%k??=E1Ln17mRZ|b|IsmqQwWaU^
zz6H1OM+{3MIv-GAz{o`lJ*U#V39*EB?HffFZub5L>Fh62I|F)n;)Kglc`-X(_S!$x
zvHJG^ZeiFva|K<!Ie6d&LdL!f6N0?s;^rI+qSieK(n+Hon$r2q3b;VynS%8pu{M?S
zF2xZ-KKK<_V)1FM`~A#jbLUslw#FFbAk8laQz_UMn?F#48_r7D1wI(YP|Lv+Jfer^
zivu@14kV64=*}GVrzUK8db}-uibluhVk0ms{-Z(a(Est#_!$4YTS%?iRfYy%MvlLs
zbdZL;T2DWCaeV2+UfKsLiOBpZY&HH1Xu?064PLbV#4l>IUXPVW-&!K_L~|7*|B%d_
z2vpEr!H|N~z@b2%f1fhVZdbe%2z2f%E5~R2vV3I0FYi*PeC7^gT|`3&grFJwB&J1S
z0E|ItT15`A<GN6c^an0TNZYDdT!;^i_e#a`YYxPQFwkGKc2QXs%7HD@V;_(q!86#X
zbrnBWBYnvI5)T{`;u4uZeGZ-x)?5<s5#-%hIEEO+T>wDrkLU$R`lD2TuB9Yzvo!b)
zTRN0(ox^MLZ7uY4_5y({DwwG15b<s@g|Gr7a*1a~(U?DC2vqc~qV@S!9&?O(l+BtO
z1@16yA>!A3V9VzBzNSl^wQ*QiirOEE!!&bee-<4SIMwb$s*v@=B8cBTejIIV7qM(_
zv1Kb&#hIyn1-`Vacl60*{7}R*ZHWP&*+=Y9jo_La9iF|g$9_2Ro+qS-r+N8gAK(W2
z^EN~@G)So!bP<-J@<@nkkV}=ILEMoDX}I}h?7@)zWRz48-~(Ed&f0QT!xR1Je5|^R
z<4xIWTX}%E%6qw4FvU*8Zo9}S1ZaLUvTF}XN$pgpz1nmWzXoN#+F$Jg$MFyRnqsb6
zvatG|*)LI?#iq*zl7P(TMBz5$@qj?YGvva`YU>QkpYB8KPST;RY4;{R@{~9ADXK0N
zc51#@)sL;FcGZq_J58BUmuJWehc8<HB)Jv@@J*Dwv$3oolNJqeq_rAqPmT9NC=aCt
zAe9|mHN(>EcN=|+G>~!X`BvU9Tw!D%7q>w+jroyK;T-LZ#~V>ez(=%2z->@L&nHE}
z8V1P7yxeZe4`Qqq`fFj?1bhx|F!3@=1RI+6Ywbp?g_`-tjw8O~ekj&4#MJNihoGZt
z9XY{uYv1$jqs_-+B{yRY)WR^2PujZ61yP7p>Q%-TDNYL=9fr2_>Vgm0G39ceQrD@}
z3W@+jv^(g%lMTmU<wP%l%|q1)iW6Z`Y%&z(@qPV*T0cYJ>xh`DhQI*AXDYZHy3?t0
zx=7T~pJjLNy~{y>-qmOvIn*EC&NuN|bA7hJ&F&g<wbzR~{X6vvMpqQoj_Jw8;d5P(
za_bre_u5GyfzBe*f$>!<a1ne)&q7Cp%dD5afL$hUderHVoqsB;W>jKuKiWy^u%)^}
zfr=g-S1Wxfu1QYx$8y`Fo8-B~WHeQe*k*s^%UngK<(9wv)E0qdNp4j@VwplVvFNt}
z-GhF)vDB!%J#F{RtVTGEM3Xj%fI<mw7PwLbo(7+JM`@&+O~I>fyM&r7JCSGRbke$l
zT+LdH1)xI<cB(@XQfC6VR<i1GJk3HC`&}aB5GN6V!ovkfQ(;ZPXB>$omr(oIFOniL
zGxI@fM#?-azu@!Uf?~g{k_lL`$*@41w2$pk*blTp^^zDpziuT&!gtGGL^2L#<SAA!
z;1X`xP1+W2&q5&qJH&FDe<dIYW7OGH?Uo_`H@>koyE6&trS703ik-8?D01g*&~Jto
zGsR-^iEK8J#U8D+;lsF3()HCcYJrP%Z8w=Y<+1|(HHt&rL>rn&x0P`uIo#<6JB{!H
zslPi2S2fXF;_TE-_1J+@7SbEg9nl8v3s+r$3ulshj9Mh&nvWTris!ggaGm^b#I*HB
zAl`}|&f-Czd33)OD&);iV(T^~otRf%xvGw%3XGAe<Q+>qo|Rr_5_NX1x6eFy0MFRu
zDu}1VL5gv+@XYY(rDrfLFE$Iw5UJrtft{_hjLQ$widJEkuF=s(Dl{AQg2pS`d|VA<
zzXT6f2g~0tOZWP8$Q;B99|VnUQn}Z%6l@e3_n!&>&MN)Va$3@%XkVVAS9X4t#_8N3
zNQQ0lE+EmbTSIV@fQHW))FA)z5fLN$;C$tEa_fs7;3ZH{#(J!(Qp=*Kc-~YrZQ5Bg
zw@FoG5@X@M&Z)4Ma`GzBeRw~Y?U8j+90w>=x0Wa-M?b{?St~wqdaE47r@uISRkAF9
z2zgEmknVc8GW~`mb8P9r11btACVPbHaOloIKlNQCezq&+%?wfZBW8&c!1Szf_SR_(
z!C?Qo++LrkL|K`*=160k_TH!@%amGq)wB&IKL}rUDuoZB?4~dFpx71!UhVSObDftw
z*(%p02aksGO>~^chnez+oTzhCrob*LHz#Cx_p(+0G6ZXVOGk)QJKcFIy&Tjl{X;9(
zgrL9(y&Gcn<LS%8yD&2C{OWA<LlI0D#_m2L{hqt`{DR&pt~#%ra{U2(>e<`|$BqKm
z)fS|cLoz04>uL^!RXB~WF%bLRT9P#t4r5~o`ln%DCy<2Q-Fe_wv^77E{|HWYFm6Qo
zx!w2twCjV&nYV7TsnhH#ycb7+&8ZX?&%Tv@$(<-Ko`oYsGl~b%vgS(`4ys_1bK$S$
zd!eg8r(0%XDg0=fO7G*P>=^x84YkhrJxcbT44vykj7_lU!fM@%mV%|=pH~4`<tZsh
z@*;Au$?vy<1?&_Z{-EMR)&=Z?c@_QxXCv*B-w1jRYt1(RdaH$zBqZ5rt>dU;Z)|4r
z4LzsX-*BOoU28iP2J!j^TBp{hyRugT2bRA6xhT6e>Ee1CwBORt&+u=3)Jl~$xINaC
zKiZGK8Wu5>+gHY#4QuiP%_|5ku5+@;zm@cI8$w$*N?ClgnYbr5^R?276fD&6RdUn?
z=6>N|%{wbUj(tQ;zX-@ZU>fbQ*1*UQ{}}F;cT)AjzC+MivvYq|P5EG)#$iRats-l^
z6Y6T-aQMg7y=isLtPt>tjm#6?krscSJ^CER<zW98BK;?5{?jUFrlb2GsgvQq+%EZt
zd;Y%>>5#fq%tJF=_s!q28(*#ISVS^iz25pNpe`b<zvoLzm?2;pLGQKiUpO$mp@qb^
zS)^nsmpk&u_H4Pc-*Oj0rT+??_VSMmfZ3aoB{VxdUso9mKJ%sQUT=3+Z>|oa3Rt^C
zncUw_?+fPA4`&A<f47z8(7X6u{R>D!02<l{3W<ZzVPOY+ZWUdQPH*%Z`8`R2^&Y_@
z)SsmC)c1n3v*EhL9Dc)t)?m#`I*Eup4#0%UxWa=fW|Pi5S~AN0l@Vd1LexSbdk^04
z7B(IZt~U1A65Cs|97;hcRrk@|MyA4agCHuwf`(CL6S7k&202P^!*b;o)SU>}VT=vJ
z9@^%|O+-6+!fu#8an4}Xkh}?y7|5^)!KDeJ)@y6zhB31&?PFzvNdVZ_cXj})O&(xg
zD%?~?f2hx$gItUTL@@96b~N0SCET7rBlYU!EKt>IOj3kjB^((cQAsjf7>bZito?CO
zxXtjp8Kzp(S(w5IDko8y5VTSsGCNgXsWSn|^ICy$RwVl{F-fOw-+&!i<yXn?2kF}o
z%p@0D>=8?#C_o5=cqOMaXSlgYnAHL4aXdTmJEC2c6Ol<CHpcc=gWh?#zw2#?m$hsy
zh@W01))*VKOB;wCKUo8$<LB%S2=!Z+l#<9dQwiU>rg`6b)8|lfyb{z11pICd^z?r@
z>AGYsfTi+n+Ql^jPosD=3fM9^t)TMaUJ7&MX1hiQF!91n?z)YnaVBi4ZDe6Ftxr(8
zJi3kSo&Y*hdP##oddK*;pm6QGxyUTnW}QqRqVUeuO1Kje5Gg=kzlu6b4iKA83qR$&
zv8~P}c8(Ob*`>Gbb8x#Lo&7G8wUxE3d@9%v!NOJ&&Fifj%7|1z<J<4dc#H=k5oC{U
zZ8dL~Msqn9m(`bkykYHDwp|09hAs#Kbjc#36dM#@rSFyH%N^*vs}IMd!Q75V>Ra9e
z^=Z%5?oVdQle4?Cf1K<C#P$^TI`Qm$k9?`0j^l4>f6Q=QvZo&82s}Xv?PyVQj21T}
z8;QGj_%)6khYPbEqhwSft(1O-Xc>KZfewpYR$iLgq?8z1+bw;?*bgI*Rc<<s38MbC
z*#_LuaUJM|Zy{KD<(ZNxN?w=kBb|Bl+xMX5ceXId+O%MO2TxHz1Kv(T$_+8g#~j7^
zw5}8-!YsiL?`ZJTU|T*^njSb#vbP=39~iC4WCPp09!zag59K|LDK^HVI0W_gXnQ>v
zZa+x*Qz$%|%0C6fAPCcKSn9>b{H6InU1@)S!H%B2BVc3bx?!gBTw13!@r$m?rKA%R
zebo+tGCY+!me!Mp`db1|PJSC#yVuZ(m_h2rIW{2)Tle_@=HVq4f)l${8ZKAZ)DjDq
zx54Tf_#;mw3Zlj8P{w5p&4$OCSf>{55mYcXlpyM(d>%Bnl&AM<AS!JRtF%PfHb9yt
z?#e+1(#v;|!=!rL4W)!2i4|JWs)B@g4AF3eBY5H8Miy6OaH5#w_tA-xDy=S4R+5jB
z6qI&9n3wJuQ8|S~mNhlPvJEkpj1{f&MI~9W22UIbow8`VL}RsBFwOQ;NQM}R+Pp`N
z8zoi-X+|Lrx`j!<kjM5aWf~S{x-xu;(tBuye(^OoAJ8cPbLGcdLz1eg53x~lt`I{Z
z@pzLk6s5YFVk~SD2#6=8m^b2YrK9>b=cSO07Ch#u(~~<=3-I5?*sYN@QO*`A6|d@`
znxSy3POJyf6ED(F1rJrMx3{~}qYbhmpn-)+#pI#4duC5eZo_k9VGrM1eBI5WR-XCg
ztG2^;quxirLr2d$K1ZkTLd!|@k4p<P-zK#MW(ygY;om}Wkmd2IiyU!TlfMu@;T&fX
zo6!Jv!13k5dfl7IOHDa@4`^$72%W1e%C=CNsx2~-z3070ol6XI>rI4=>t+SaH3Njl
z)<y<oT7FqE5LgPhhb6&-PjpwsL6@)Yi)c)WrT0l4=`M5OnWd_e9sS0!&ie%-KK1Cb
zW^o`XD#{UGrzAx`YpD2Z)0JaCh~rvQYgTR~6O}Q=EGFSh$;q78OUeUnxfvLjcE^Ts
zoA8c`-?F_lpI`UrCjF!J(DWgtIG6g#aqFUDa{b7GLLjq6Yqy)b>|&S;_xa=l8PuXS
zmMSGRU^#SBb+rKpN!GrsA?)st6}W#MVgK29nI*obA*6eA8;P5y^5J4jb~`Rkv%9Er
z4Kr9?+YjpWu=Zy@_zJdzgNH)k$OaM?lu2V7EzFiSbrH|Os9nUE*71r)U?}hQsnSYp
zw<_p^;(HNou~^fOq~mDvtVMxTp~T}g>j?%P`im#db1$tyep~MEw6LOZY;b2@wQC$x
zelUz^<TCJRUpN1R!-E{29<p&TZ>!a>>lvGKM=+rJ92s>pe>m^gm$MqKaaIRA12(Uq
z)TK?o#bVnOt#Pb^UG7HQBgirl+BTDCcG(VStLyzgZEk={0kK9f=^a)}OO7rt7gvXp
zQrC)jd8`VtbE6sXsH2NT;jI?|Ha9!sn^9b&{P{xsv58KxtX`d`z8@9@fDibzczJWr
z+owKGV}MgX5fZ}O-Z&|k<73xbL_-)1kF#5;b%qaLDVzou+jiS9PLCXmZFKLrceeNm
z)^Eh|Ym+R#z*g!)91JXmqWUdR@D{}%6wo819kK(~QBW@~;CRfn_M*`Td$F3}HLszs
zuv#R?*?o%v7(mC|z&;YBvN-)9<hc6`mG}|iPcR-+iE_GAaamm*ze85g&%ON+9493h
z#B-CL<(PdX))~V0l}n5E5YNXx7@$TYChKzir*2{wFQVk9?B16*IoRgj)gjRx!@NAq
z9@{{moEt1sx#-ALzrsJ!n{cq>JBmk~LP7S(6R!0y64<QCq^-n0)9>qJH*8i{CTf~r
zRy~RCJ)o^xPRY*e7awxV&=JxEIOI0?4Rq{1YBW%vgH!oehM`i|nZkxrI@#d8Z1IHe
z=0#Nu-@htavfkZN({5O%+u!rNnuxT9S>a3!n3}o76<RU^#A))mU&(ZKQ5Jb7b3&#8
zF(*Q+353qm^ke>xZx9A%)YI(bc)uDKdeN?S<?6T1M&=}nF1CaP`dFrOHYJ3~dxqcH
z#8xlyJ^x9p0nIwvJ*Cz$G_2NUe~K#453^T;=PEu|c-#o&S>YaOXnr>&DRibDF*Mh3
zi6A<7F1Jm)%EGdVGLOLA9~Expb0MKcS^J=Nv-u4+FhK)=kTwMsz_-%%x~!E&xzSK%
zDFp8%Ai;{Qc0#F!zSPcEOSfqwfg|E7Jhrl&>!ccNnKf6+Mt$+DcC~#aH!jeRHd{m#
zav>VOV5<e%OBv4vk9yt?7uH*k9RK?KsME>?EArp4@n2cWzYaO=zp?RO?fU-^GXF2f
zI-1laDj3_Kw{~>qF8r=v)&8_HIzAD^ZV{r?qt=Vl0}FKbP8xrE8;&&}swkQ8x5~D3
ztp8DCPmVUMh~WNuzMBy1+bNtf)1Eq8@$vqA>R9OEc@!Ji(D8Xs-RnxHIX?V^l(C{_
zU}XP#)w&FgYNj#$RWN1VC0SDAllgt?U;O^~bnqu<TzjgdS>>fHvt8?{B%|8IiYLiW
zWxW@wNpptU^UusIzt!Fy<R5pokeJsA^x?H~>0>~fsZ0*5l?Tj`6(x%F**T1t_H5`U
zI^m;l_x=^ur9_QUwFX4@pb(YSP?EfzIx?{!o--0@YLO8lH@rCe6(%YF1br72#bl<y
zuczfxnwNR8%QoffcoL$p<Vuxy>(>LQ6k=unhq+inI%=r^$d%iTo$l|y)%^F@Zr<re
zuvXR!0Hlx6H03`t@NDzCD-ZBg?j~XZwt<vpu?^XTt+!Y4aB|h9{zBP8sQ@IaX+r#g
zO_JkfbI`Vv&AO32qWs^9Mp~{CvOgYyIF~u01S*j<(CN5}0d#zt7G=eCOEdGAl~I;&
zq<V=bQn*7&o%Q~Yn0JE&$6lKw%bg%Kh9wbP{mc32HH42}h71dht*ajP@@tm-uF4M)
z%s0aMG?#0;M$Fal<z!Zn%xwx4mvyd}K-La(JOdT$yBg=eOQ$`WFXbo&9Vk>fs!ikI
z6SI)O4N8Pg+Q1R*)$3%iNx6XlH)*aesJ>k)G1<V(3C5jpcKd@^jZ{FBd3u9Zps6E6
zOpX2;MaL+6s)6gyK!SdIS{$+GI{YJCH?u3=gA&6tH)~UFO!@=`4oBY@P%e!w^(L$x
z<4nAxLuUG;3G{c4XanqL&N>0sXaIer0RD9E`_aC-lfKQAK^D?=gh9NCGow;5S=UCa
z$rCXgP%Xn%4Sjblk8^ZfyjPR&$iRxI2JO;zt_u<9g+%FTahQmaJ*j^4pXG5EZxJ`7
zSNloYBxUS9>&|~5w(Dqjftu(DGmcAiIU8YBiPV0`5>X1ghtaH1-Pso2M^RaeWj7`8
zrLM&dX$eE1fw}ke<{H^O?f15lyN83*jKv?#!V6iOp>`w@tj?_NALVdSbWkXXnv|jw
z@$w4~-Xd|S+!GvvmyYOGnS_X{i+ERgyc45=NXAZILFe*z$$o#o*x=w5e=GOy&-i@G
zmNc|ime|1Yy&mb5^ep0Lknkeg4r~u!>RM`RShpge?cZN0?m1I2CCK~f7r>-M(PL6$
ztT3uKWdNgPFY2Kmb)6^Z`6IFczfSJ?&ys90boouec~xy3jFP!VB$7B>V2&W@NM4EB
zbVHhSjhftWxL&gNr5Hl>3v}X}^qBOZYzEEp8Qma)Lq(*JDJLEo;q1yr2v)2Q5w1~U
zg@%4mlc#ezh5)w1r9CYJkrO+mlDJ)L$ST#SxTafgr_kP^g9240C#*pAs%``s-fN}h
z>cK+pm*C}LLV#K;pc(bCSI~n6%O~8K&uMQBU{pjg@3lZQ{yZ^ERr_=J_AvJJSI*HK
z5;>o!Fod#a;wZbf45J%0t{|wwZdbgiLNZ9*1|8D2D+Z{=2MV`wLGulC2YLfdNxDOD
zpb-v~0CANmQN&t-X#r9M-+&or@&3&p{oOucn$TFC1iXM=i{)8PJLuh7NL%8g7!Q7X
zk{b9G3rX0pp?mx$rNL%f=)9w>n{Y&>F@|+W4E+#%;#nKCX_!F8ip7{V9Imx<Tda*N
zjFggG5f6Oa4mz_-uVqq0QF=3eW>@IN);k8G(Ec`#pu{OsTz?o&)uJn6+U}Nz3^ARV
z469|6fUX`#DlxAQy~4FB71Kp&tj9!Fcr4@jmZ*LcJ3zkDmgLRj@m5XaY|Skt;=Rh3
zeCCeVPT6t@9vbeZIr2tbc8a~u4Q78vwEH1STcF-2n^pFl9wCGufh4@^nyENlr(lyc
zJ5Ptxpuj()3`04NCIkx95jrkZ!kAL9c0)B46+t4OIIyotQhu$dFoNbXSUtMHs#a+l
zL3v9&FMpeq$Qohv<X32Eo3yQ!Oh8Mv(>}gp_bro~EYl3%D~`-wUfv;ELuxjuEl(O!
z5zJ($qU<Ku<SLOC$7y#L?qCl1aUST`x|k^|pVCgKyJ`Sc0;%md2H9WkeQd9>E+c&x
zKAK}~W{fDA?@Rck0tggl5~qZabAvxfP2t{JFkY_ZbYNN7u{$1CrcAraZ=)-*n4Edo
z$f5M|B7*gX+3XY53Q6F8zyLCJG0qe&cB~>lno6K_M9;Kj16K!&-+$6U>*0K-uLIH2
zkM{RH(ulN&t074n(OUM7=AWe{Y8u66?B%Szy?+8lyUBz}l{UnFQ3_hy*8zA9;TG6}
zzD@IPhJCKb9|5s$F7C)>E6CBu^2Y$s1$6i{PRc~uqZg0r_?Y$^FC@?m%&101uiP-I
zypWv2a4V8(C|dBh&Dk7CZuYN4l1fc!CkZdg^a_cvWJ6BTFnTKL@=Q^@EMDDd-?gF$
z_cGatgjP`QlubS8j`LbYUgm~1MV6JJmtxx-LbzXyX^-O$J8nGI>L-8*6Lwr{?L}of
zq2x=<;aXf1&gLxz34baC)TY?HRCVjyt4i~f3Vem!?8;^Odvmynl+p4IhD1qd{C8+i
z;aHB@t=YdFuk;LxD($8?rioJxwFpMOU&whK2sv0|F=nO^aZUX07mJQ(tLLm8Os9U0
zrD1{)G+pYRfGm~EHrp-G{b^J^C<V~Uup9K$R5PS<)l&MjMu^5RL7MApoNm%6VdyHR
zgAwr|5JO!7aXGZNRIDy?nXVgrg7OP(G<zorPR)WG5%uh4b)IH4x+?ht!T10--5HVZ
z!spb%O9!R&H+wHD3N%z{b;N!}4t7(pIb4uX%W_IjW9_+0p69<NH`!(w7W6$dHRk_!
z_&RcuoK=J&Xn||W&o(FJ#7Pk;kr=L~K($kSfz3C21pSgMZ;UsBG;_<U;d*`MSe!R4
z+0k(`WCk;Qqjv+QV#C<FVq;)X>e%X+3TV4`{v%Am1^*MeTE{@aW%mdCuMTj+iokx4
zH9IdVUy_G@Q+<llW5_U#@LxsH*d>p`*-lN#wh9(uBe%SAy8?zZPNBL!0eIDtnP4Vv
z^}To(CTm*u5YXC9CoKESi>Sg1XYMiO1>|($@FH#-Qyv;E)VX(T-YO;cy<#gxiGr$G
zk!Uu{^-d+f*Ma?+uG9!)M%8gam0bp(&)R!!CtB#)Td^N3uf^;_*u~J04J3wDb!N`t
z8&lUR>L-O28p~Mi4n3}^s=JPfqi)^G?V#K2gr<Tz*tiJ)AniEBT2!-G)0dp)@rGo+
z`mj-*|1M8Cs$ZOitd65eg^?njri-z#`4M`maYp~Z^OiAke=cKg_L)_xC~XDE(<-fV
z9Desn77r9WgAYsuw&A1P(tv%}m)XJ90?)(lnPm!<=Yp9x*jSS35nNEHrh|w9$RcxW
zR;U<XHOkwNbV|YDuIlmcNFDfw+5jc~^W0lNvdL}2Das2I3cXki{SAg;tPGBZ(GU9j
zo?h6^e(?7E@5C+yA44zoD|ORc4Y~=mj$LUO`l=TrnZ^}j3=?Mfn2?<x&HWhr1ntNr
z5!jqgE`tnRaW|(@mgRC8G79E_V!Yy2?2`tbCVs&eFucpmf`cje8QdyE5sU*uX;!8E
z)mHggM@A<)9&QP8J#`!uIe$Q^RIK{wjb(>%j#j&B+*NeS;;p%QCohUB+?L+Kjd)D(
z6S*ebX{5x_`ABUJ4AP8t53)@Go@6V?90q=<<&aR~jm!_={rCjMe`D`|<xuHa|6`w=
z;a}qh|H0n>m$M{O|7bV;Pl&)>HW?ZOEI!lKcTMUa^``1~pm1rww5iXpJi)MhY-fAt
zp`oWRtF+?RPf>NP$Fr6g9cjoPsrAfHed(U>hXWcP)-M_@r4pT=FT0=jTd)-OrvINI
z*qju*SXk-#c2{y=Qh8FHv1Lm3S-)LKd$Q5t@#gH|_J&-fHm1jJ@A3aWEQ!#2hdtXM
zlND@N_X^nDr?wWImaJ$aH^FA7?+64&jcFX<IJRZ<&Z;&qkXS!8<H~TPs9yQg8METm
z4tB5SRKRf1?_qsj4ZSt%BIH;VcB47ts^6bPQZoWP9u2OFlx#Il0Ef%H0M)-iAR`)|
zyuI?O4=cGJk>dDL$NvB?uz29`?7&5{ax<E&$VA4uT)!j}A0w9k5h;oOrRlXg*5xi_
zp@EP(F~6GZ*IOf}k$avb!QXpjd9n7Z7*C5g3)Czq0OF+e9a*{<R~KFx(POnP`%d?m
z%epZgn8TP4D*O_l4uNXcyiueP+0a~GH_Ey7sOIPLdYr0jB=<7TDrGHi0KQu28aZ(*
zv8Arc;rK@k>g;`T0~$j_BiLfIw)=pfa0WMN#+EBKn&LKg63QPg=YfmfRyBoEOPwzT
zDu-{~9m6(2hHoD%)PEa3O8r#7O?EZQ$qajM)5r~W!68{hAQ~FL^bX&wsb(yKAZUM1
z4d{=t@&`VcsJy44a>A^2kZ^q~!GLoELUz2rapCjihe?C;oL9Z@nXksYTZMJ5-N3vQ
zbD#&bFk@nX^zvZKy?5w0!?lVq1h|~P6~0hYy2U)?S7*gAT#y=EiG;~jnp{~1)y?mK
zpFG>H^G}Hj!(GcU7yUJ)AGOp8%ey&KDr*^!-`HcRbmB8-aIUp+C?Q+*mqjaA8!d){
zP+Wu)6MPd(_es<~2Iai>8;9wy^7zk*?7G^HVIhrxqT2~h<W<GY&^c@o*Syangtt|f
zc~1tCA!rC5?1~i`?m1)`7oREiz;6=Tc|<2?alI(0%b7Ba*!+{}2Ydze%KA1Obo*)}
z!d9vg_-tXNaBjgW%LJd~TjpK|-NdhShYfZmeqE1xq0jRE6ZV(&_=k~8J0Ou?vUaA>
zxgM(!h4yEaVpc<lq~5}xreS;_0(c&6;{tJ`RBZ3vG3maklC{x>)Q&d^)$;A4!hrM4
z4U_m0APG|AdCjV6qr=P@B~h<uN&t(+zfkQGnqQwL$C-&X!zNoWh`pNE%OEGmY*=}w
zGQ%`lNYO5S#9J>3xFEx8e9uHF@qLF~5{Qt-jC*C>^1(AS5;Bci9UD^$D+EFzL#d{?
z1(y=iDa8j&DQ$=u3Vb918_}`8vHg@&uZ*k{%6+*n|L*MY8iyNYf}3`9#PVDLG_Z8`
z1i0|A_>Ql34Ms52GqI&8s^=<+S$Q~tjsD(9MtyPoLYB{VtT&(s3Seke!L5?xHT2VT
zd>a#u^-jvo5zqyL@2o3&U5rS~l7NiYvh(zd?Gp9IrQ#x9P8JSc1--}o5C;_l3wtG%
z_dl~AZFT(3loIKT8Otz%9}8(IS6+uavb@%{9e~oB3t0!s{37S9dIRf1R1V&{wU1%O
z-knQa57IZd3F$LJ%8p=OX=~a`;QIGgJbDgXt|>oFQzm!MT7PYXWR_IR*~7+GF<zTV
z?*>a(VYcK7nK|_Hexi0UCLtckE1VVr{cR$I+i%6iw)rE}558Du;5rLMmV(7(>+s-t
z{~5?+M?>)(LIR(kHvv88*Q)&&86MBl1+|0x9GP{rL}AXio3j}M9YH#mDeQ|C`6R=D
z{9GqeqEEb0vuiA>LzqSJu&*f1Ue1BGHU8aoaj!$vR7xiMJZZgY%)Be)0bbVCdQP`t
zwlzX|Z18xuDEZ7_`QI&a;mo3J*^z~&lYuQCUOFxe9dr_3f)D}Fp*vObLMex9$qe)s
zLy5hm09e@t;Goa)5p(3DO=eoKEnWqP<?=%%Hbg_?`=HI>-Z^R}?qnd2!I9Eo#NfbV
zS--Vhw9EC`k<vuWM*0)!qyZH|0PZ&nLHDZ?Z`jbU`6w*ph6Yy1y;FKIf$Zub%lVl}
z0?}!C%Tk*I4Nco-{4g2EN>qi%F%d1A$*G{#D3oY}>Fbf=sDwo5grb1I__|UcL9w~R
zl9i1HJ!KwEkf)oK#fxjOV6Fzww;778kH5${0#-{I<mM@(FjBmF)NJpNcPQJ=>u<Eh
zB;Q|DMI!4Ob5-6gFRhEP6Svm8qnZe;BkrFC+!QWDxBPA(8y7{SjG)@m&@&?JJ`>Rs
zGj8+pP_jd;T}=hoU$l3as$NEjZyGIFr5I~jxQT%;07#-2sl!9s=Mo=TtvR>Cjn}V6
zb!FR&-MkkW2hjuDOz1<+j_VwEOqo-ruRf?Y=5F_+Tv210QQUXHxyy07kL0hv^B>d#
ze1ah|51p9oeNWO2&Kkh5_lk?+EMSTd0nfo!L0@}TeeD`neZ^F{`!`0=fiZp-M-EFF
z=<-YOFJ43;)|~Vfj?p`I<RtFwZJ$A!7qr1|G46AX&rIlt$?^${q4dsM3W;ANN?3+p
z7+^>CCv3$c<IqP1wSSf)gN;*~W}sTNN6=ul=!uGt4b75YAb_Ct)E-XlSiuWv)olym
zc|I(As}`{}uHQdA>je6+@elnM{f!+={a*wncBR9c(If07%AmD02yVl#^R`Skpw*mR
zp4~(1Q)=W>NxBx;ghCh7OFOCzNXedFz_eok_P*K<NaL>1oD>E6aDb{@=O_y^ktr|<
zrn(zFgm9#C)d0akh98KME>U1e^Us!Qd1q!VJ~`s_OAL^yUX(Mse6f(wC-KD-QZuIv
z?XQ~{P3gvn@nytckEGb_bT0m;<~JTZn{rQLK%UkQ#oeiqG|&XVGZkK@C8nz}NsmO(
z`@-aOKh7dj=c1bw2GrC_TNsS@X#6zr8U!lR-)%I5b<DvDx4Z`HOjJd*REs|n`D__y
zv8P1%_N~bR2gF>I^`M)lfsGR5e7lwW%w%~VfkyYbGxozPmRPue;Xf0r)k_cEcG1ow
z#*h=$no<kGxos;3P*w#wPAk^!&gv9MjTj|3e4XpJ=#?%5tzKqzKs{ss@MeIyO;RdD
z7-#P@V3sor!d{(h#fw+S$&n@As&pUjcVVuyGKj8qEMf@~6K{s?oWc3Su)3BuY>_!F
zUArz4g^8Y-Z6<#_X?1inU;=Obo*z=bSklZ051m$1M;XuFd1Qpy?=a$w5aZ(dvXZ3)
zV|)7$Rd(qk)56$oxLxke(JUTg+s_5NGQu@!9o)5gM8f}#0Um<omiqbs7<<ovrh=wz
z7)3=<Kt)7pQ4ml8L3&38rASdwklsTt(n~@VM5K3+u5_dX2pvL)&_eGJLJutoH335T
zqW5#Z&yVl@@#fz-d(NK8?#%49GqW=tbRv)aV{`mH1|KCxHf_bGw24ae?RC&d{B~Z9
z5K5uiIdx9fY>!k7_@SA>Th(U|o*Vt?U!+C7(DB9bBy4)Czjs|Ia>(_@$bKl>_cmML
z{g|t~`tPrwx*f9?ORt3e-!SKYLsSJt#Q!%;K=}V(6G!;}r6vxXZ0}tnXLLuC16Lmw
zaP}t9wA{p$tvSxWV$7-Uzf<@4Z`f+3TlQYembm=2#QV1qG5w?+RuOL3L*i0~JnZD4
zlkLQs4&CH;ay+tt-`-!|Mib@aRtM;u5-&I2S3h0Yi)<U9^Zj%e>_@`R5=MqnQ#LII
zkl~P%)4jw<5(bgD;Q^c~Xw2~brlu;!ik+&^@^pOmS!W__;k}T?=~UQG+9A+9Z)tb9
zl*JYdiURO&l2+bA9Or9ixp}`R=8D07iJm>L^2KZL#n^mN6=F5~b>*?MsXXIjii;qx
zWIr*{6HnuQ_piJACf;&I)O3u3s$K`y#}$1``a<^B{=BUu=kd!BJvm?9`Qc$ZADbg|
zQZqcB>gU%gmlv3*0e6`+J863+^foYhF6wGO%Q6g5m0~Y>`;ab-vRVif=$VL~;i6|c
z`VRjR_9%P1egC}!N8_gd8KMCpvQ`^=LuOde{L53~RsEXh@5U`%*cE$8FZy%u?-PU{
z3zdR}VM==0DPUd(`+h@uKPRW1V%}{kCS?N$>3l(I!9NkS&Gftl!aPR23xd5o<;%eA
zXRP9Fk;+op?T@TKz~JB2to#mlk#@*Tz5*Kkwm7Tz==axKY(}26KHJlKn|Gt{)*U(B
z74VN&hY5RH<I0L9>%6-9RJ2tSH)r3qQ$BcgowZ^*GYP32*BUgU(aKUT2_s#_Jd&^i
z45)q$wA1}MG{&048UHJD>bJz*3mSCP7LUZr!r+Pvh*koxa1O;<&2&tXk0x+-c+UB&
zdBxW!f3ChU-DxSttZAFE!hH}XrWv+P4xs|u-|%j>S95Y@bW-{Dl#@eWQmm}Jy`Run
z>M*Do%lPosVK$$z?8<kgm+?j4YYh)2UW=}Ra<5T&)y5CU^_xk*oW5h(HAncI()!@2
zw{+q_WHY7Hq_bT3@x{{DA8lSPm!kLFqW%3&y7MsI1jAYCS=!5S8D1ZdmxZX;?SCD!
zGjb$IbeS``4A#Mh{Y3|72HyJBI8x^^r)Y|!+H;!!{II|9D<R&bYgs<}5!EM`%k-+z
z5<ZW9YM;v0U8U2tE~=dhV5b<+R8S_pvk4eZuAIMe=WaJv;k`#%MP+e9R(1FC$h!H>
zJLjpk?Vl1}y9d^>VV8BY>9ae&HDO<-;d}mUa0%Y1;~qym$oQTV{o~sQ5m}nce-sMz
zJ7X3*(>i!{PDX6U`#e6;)4C}cI`wE~>Ak$1b6G@%;X2&0Q2ZR%1wH0&uWfvXk_v89
zjolhJ<le6$fLm4d1^n^6?8eR3#tbz(c=|&+!R>O*WCH4LKg(WlGfJRgruFh?DD{Xp
z(c`+YKlAI2(dO08&mf818b?rla8qB4UuF9pjDe2rN(8HtY?1Z4dB1Z*Vt;%P;^Or7
z7S}O&$iswuP}KQT@FfO;g?mNJQ#xuZ$8JKVjX(J%jsxQOSsf0$%j(MP8S{&kijCNB
zS9P!ln2R<nX7<0-kxl3SUD6r&=Bjg^TCa6Vd16ruATUffu#quNzrY7D1jsKPkQQ{K
z30Z`TgntWtaV?;v_s7`}C4tj7`ejU4KD7}<f0v4ViOTfu#!xKXrT`ihBrmH`K0l@2
zzhNmCO2Z_yAX(e4#C7q)1+LMZTv3F<1HIfis^aU9mJ~dlEabGKTKkoe@8Y^Reh<l%
zJj!_OYk70J0oz$OPh^R4zb9(NirK`r<lhKeQs*>E5A5Xq`PzbQMj|F}zD4F!fSqa*
z(-7b8=RQ@8)gdGPmSw)P$*b0nrKG2Q4sTqoTHd)eXSTdSx-n$_QMp}${PT`SMCXSD
zqVsLJT_=O7jdc!hU`eM3jj84rvtvNE=AR2RMrH=uuq?3SUF^Fgb;IXC73cQgYp+FK
zZc8W2ye!ju5lLNL&<?ob-3~IO00e~Wsy6;~x%G(g(uV;aig`&D|KM;$C%e<@kN0l>
z)~EgTMd^EYe<3Cd{IcqzJn&LY)+N4+-6wrYAWM(eqoop|527`XgcN`bDssEQcb;CQ
z{|rjY{yt~bFO8fu?aAsTRCTURUV6itxyK>EG}t`QG%iJ3b@8=U(mmE|-}9Uiplc{N
zFC%q|d+pDY^M{;9DRIx8y*t^};h)4>84LQyf9=@5d{R0bt-aVBW%fNkA-jbGIka!>
z=3m+Ky_>sZnpzYZvJ!tIkJ4OfiY9@a7RmOaIU&x|!U1m6*a^37thiX4ZKmB9`L$Kr
zpoFTxyeN6->bN~U_cdrsT3|wGS99JsqyB3fb1f<tjZ3vZu=9-28D1+$FwqZTH|*k-
zY`Q4y#O$iouQ?sDOOE~gDeuaJn!GpJIun2m8u41IkCnRTyBmZzCMWa$lXGqJmZRvh
z;FBD{k{Z<)gLlAZKl0u-bl~mmE6zrDC?C_UKO)`HcV5ueSkRFRY2i=1l@W!xw|?uA
z-Y!^ILt<_n_##)daDl^-Td&k5zqYB@X`jU%`8!@xRWpd0sepD=?B3_=&met(;9(E7
zwzQ927Ot0IJhyJxm+<6Wm5K`Z=yYxAQI%EiO)<*Ym*ys+)@*~{U&8~;UM9#&8#dOz
zyIP|_+1=8jzHl)~W3%PDW+;7c;)9o76Py5Y66ix5`x1ltm!M=fqYmbAM8$K=r%mHN
z3H!@Q$gs<0;oQ*aU>j@!#&=sODlN;;3Ugnjf)QY%Hs}77gA{uavyxgprnkcukj72w
zg?~zRY@e6C8Op*uspplvI8XS54qJI=VHsg)=fB7&;F%MnY{GqV7P(Qc&m*b+>`4cm
z&E=as{tD4rY(FNRef)8qTp{@)y-%GR1N&u)h~IkOLce}DJp3&YSZU)Uu;kTJ(^|E$
z<epwI8UJwHWz6c@W4~Y8@8m!9B{4|@M{a(1nSONhvG;ZVidRu|TH%B!TeYe^|NGW?
zZ310S`~4yVJ>^78f8TbcOR`qcCB{qH-*|9&hW+UMmk0DY;c3lkA||b&q_@FCWebt7
zUhX23RTO}N7>0om|FoJwOQ%Zf3caN`F@3^yD=mBp3!-9jmd~*eFLjZ3_oo6qkJbek
zO7hajkKu1tg&uVOQAK@jb4y3ryir@cbG^Q5gGQuW&cv=WXI)bFvHQMEC$%=0+Xtf+
zn8CZzhJ%B`few+ni@vi(*Z$<vZaR)=vtA>Z^sa|CN<MybDKLBl-th9;(!+;hW3-7a
z4O@5bu)GeZZ(6euMHU&^&WF#W(rL=wXy&uD6x_}X)M74>&|Q6R{0<(ix}jN;SrNEC
zW?Pk@w4hm2Aa2BJD3B{!+!42TU-Z*Gg@9=%vTwSCru6jUo8nf57>e&)GP7kw_x2_S
z*t+9P?Ipue50&p}^4=4@?Rl^1h@Zf|L;c4Dc3AYruNQh2vN)q3$}|jud@jeq)KgV7
zcy(>=gctTKX}ST@Q`&yUyI8$y)(gLT8ly6Gpi^#KZpM}FE2xOEH|UJcjk{v`w9cr+
zHb}U9<<$QLgZ_h-|3XzoB>p#dzwm$0>i@6ZQ~3X-st`&?0y-;t6Gzl36)hE%$X2@c
z>8h6x=}vnZ_OijH0+5K`wXIGF+I2f7Ato*R`rW}0d6#}C+V%c?d>&L~X@L2i>7@hg
z(mLw;fljvV0d~)(G40~~&@V)P;SAM*%LU7@I`HvQX3+Z9vtv`iT>(0#A7)?fdbG;O
zr9Dh{-Vwivy162m7Etu?5nEkey$kZSN2IdqoM|0fu$Gz6Dlt2v$Z+BM1beE&+Reao
zZ(nzxx-=v1ta_uAA;pp3faHYh=!euf-1M`;MqegOdg!sAx*m5WB)zz??f;2Oc+PJz
z%O`zzRlZgvhBb(n-|-g}YQ0;<ncm<RBB*MAb;nfI0cKhl{xqQxB5QL(YIGr2bW_($
za~Jz#b=ha_#a-jknZ?>QA&iWp*pB94%iZLMK_S80HLqHpR<P9YXcnWd8H8)g5f1G;
z?5WH};&eY;m&Ev|>ETsI<OPyU2A`Au(2QJBdlAPF^Jr9KQRcZxH+2VZVR>e2f7sw1
zg`@}ENzXv^5uiFH=|@-#o;B(*cP>FLp6pDh=C?F!PT!)OSQ@U#sR|_9Wl#Hu6&~n;
z=S&6@0F%)JL+kIa_A4hoK9<_<+Qv0qNfql7D0AuS@iF@@n<UmHZV@DT;NbB!hOxAy
zob(uc<DJ2x<^WLP<!$*mru|p<a%kYqBCkBExl)5_GMoebuN+f872UC&k8hBR$-fM7
zy+iL7$skZ_A*7JGM!czeT{6EXNB=v$?L#9NOGGofJe}6;hT2*f7sZu@M9H@*SD!y!
z?yOi&u(02HdB5%_?+|lwI=fEdt0&#;w>dwyu8yXTf8?IN9+<B%rQ_0&pEg`5U}YN2
z8;9VP6^+}9irOsXQ89axKuHt(+!lHEC<RPdO|`2kkYp+}JlIV0-&C>ks9$kofXD}z
zE6>S#bLr3A_|BPAoQoKNhF$19?ib}eJHPUEdi-3H`jg_vn)?L-@0)>#-S6(lK4(SK
zf@Z>?q|8`tr?+q2>MU$wCff^o!@G0>1=ZMP?rR1v{SF9vZS(w%$tEVHe&n4`dB$V8
zHoecL4h~9@IoA~qw4b{-{wUf|VF)9!KbUQow#Sc6ISl<lY0Xp-RLll`FzGO0=Pn~U
zh>!bD=kXW7d`7%bk5BN-#2ZsxIYB(!eXo0sTUEBS;`tbY4j7~L)yz{8JSH+W_(hT#
zc=#tm0v(Fcs|NKNrq88!AFJDyetuj}yQ;a~RcJC{=RlYw=$YTQ+g{Pom`vmIq5QO?
zM|=>UGrLLr^rG2k(yRr|AJ1*XQ&d0gp|0z|aF?gyqG`MP(QU=2dt7xZBQj|T4-Z%H
z1O0`Y=n$_{3e6Q$^Z%Pp`ESJ1bAjhVf7}1+7i!`EdRWLh<%74gCI2T4Gh0h@H-0U5
zGq=Cj$_}Phmi#(47H-xLB*cXHl`L(ntlb`niaqClW#i`h&eBER$-&vl(bCcFfjGaa
zrK1)3LE(SNLa6!Q*x0*Sy70fTH+8dAurznFu;iC_vUhUPayB)$<X5oturasPRD4Cv
zucc<{YWG0+UnLT1Sy^gVHy2A&2Wqd>ty7v0%sT0qa4XEz`KpA~fb8jsmGSXbKl#vN
zy=$v_hC2*i6~rneBnn3rs}k?!vPybLD+{%!aq;^pUkwk~y2l+gFFrXh{?kP2`-_WQ
z^H(WFTN3zs+q*>h%PmX$LT}xpY>l~TvS+rXaPI3AufkcNa`onqL_B7+?0vz;c(H!9
zBY0yRT9WSNzY9GZYdSuFLei3xkB=}J04j=qKh?`-L+v?`gF@q5P`}phCX(m5BYqAZ
z9v;rY!9n|<XPQSJK2r-jZljZX<bgaer$?|cF&&?g@J*Ee(+8v3Xj@xbdr9r5TV^O{
z`~Td%_zDa@h58*7j*gB-M@J+6bN9;&0deu4F)=ZTi5O>b|1`$`+`dcKUKR<EJ41P*
zWiI~b)}^bChqo4I=>O+EiWVD>Qr8Rru9`FbN4A0}z67>fYwh?dJK_7_l6SVqCGEW{
zuV-ODQh9Jg_TBfKOI>fjSS|m?`0~P)?3&e&#aAdU`Hzo}3t9Dtg@=CzAP|T#+sYy9
zeYwl(u<j68>`RK~ihF<>Hw(;6`c~KQet4uP<TZ5F+kK=VITDR8fu5Y0OxH_!ZmCR>
zcC2zRPI|dx6k#(nZdMgYVs2yk^0Tmm^m7X;RB!g9m3|Z+PpUXP;oF>a6BHGBqo?jy
zBcG(_29CmY?R(m~bOuS<s<_Cicw1pg;wr*Ym&PVYZ>&s(?m(UfznfS0SQV50*;zGv
z-C6V=ta20t-dd8u!(rxDE*o={iXr?J)0DMkPcpPLxre%LXsA-W_|k2v>U$vNiDQv)
z`IhaBo0VAXR;UVgiH)@2I_eov5J$4Hva(W9^Z`1zCK}I{DNNBM{3Cc;g^);^-(hx5
zzo6)Fd&z3X1f2%=0#zCYhE`*LR=)(N8<A7>R!pkcv@UkHm(;Bo^{aYYn^$CM(Nnlv
zAEhJqI9X!4uzUKY$H8fshHS2{nuo6rAuxT)DTRwo#z$Os$IJgrCLk?2?0J2oK;TxK
z;8DPSr0gV|!v?{Pv2wtl6g(=qII!4NP<LP=$xP2^GJhWnKRKdO(YEx2L^Vd<L8)8%
ztYE(+q*?^VDIP!a5y+yar?}}Xj!ajkRw%7i5N1M7!K`YV1~TOE5b9K5WZ0#%<ckzP
zFVJzbK{UK(HGEm(NlmqF;777;aSv>C8jpu{GC-wvn37RSV_PS>olI%b!9P!Wj<?~S
zT_<7Y@yD{BPE7SgY_y@Wat~c7ltw!9nk>_X=m9Fx@bhx#j%RF)+<Dc}s|5reKYgUG
zvdWlDcv)UNlwN2IK4FUojGvzveIB`5y^U+_WRrj0AJnZNZEw!uxyiFjht=>Urm^B1
z68%1X^h|uKZ3K%4d`wpAXPa?X^o)KjJ3<rIjc1%$j3|PMJ!6FIo|Smcovy*09H&!z
zjh&x0ox@^v@B#<-VRJ>##FeBS5GBN6S{A9PL8%_@R~ZL%D%dy!&2*_knZ2Ee>}<~_
z>wC+h5YEK7Jt@U!y5FRJM(Z0xqV@?9@{G74`6E<K<%IO|QdBoXn&-pFNIj=C{+_cn
zxS^B>S5rokZ{z7#yvm~C{E5bsn_3Ani*cq}Y71XSJw0OlOKeA%;jtBak0oSFF7CfK
zJ;_gv3Dbox<G94QyE8s8VT*eF&QIG<7ovmu@tlznC!i!l=fbEF>0nS??dbcx_fVw^
zqG|kHs@_&sE_&MCV^W^Xy)FdYT<sn_GD3TY0i+jrt@*b3YVzsfj(M?m3Wq-kw7(X8
z{=_-?biO6vIYsk{`7%x-cPdZnO)BhDo^Ff_B4Sx4W7z^+6Y3F#lXGA)eQSK^CKe5+
zG)^tzl}WAQu(9eaAdpH%-|$r`dUA1Mr9s^U=hPIDv#2x9YWC`4R<iU=?{!CSMaBew
zeM(GY_pU`7xk{5LS7wy!1$R|cG(L>FM>=2U(IRd=484Uq+?@uOxAc1304yPX4cUiX
zbDmuZbbq@2&FNCL%^C5wbXMRMhinO-LC@zwycq_A0&C_?hnWvVtMMak07z-9y%=Xx
zzog_a_@R_UaM9V&@6-SrvP>3(&U@c%u9f~458P6l&O^M7#DL2&r~b!Z-+u;Xd#G?d
z8A#)6Fs*g_X>kaDCDXmV_5y`@)YR?mPMLYSDeL=X3r(s`o}uI@T1J558U`|5d6uI~
zTr&n$UeLbp|9x73XFDUz<wI524d-!{Zx??=hNGPLNJ`3~W_a!(K}}EW<V&Z3XLMm9
zk-3p$+=b++)pO5?eudsCtFxNbwNxIGIFFH%blE$d3be^kknJ&8%s=|0Q$Z0+Wb5fx
z<-D&tz0)t%o-HTS9=|%bJ5Dvit4fh@)gU`aY~*dY(t(aKxFhGCrsgYIbsKkeSWr-q
z;suJmNGg=AI?PGVxxa3JET^7d&(4<cY;;DynacNs(%dcfU+Nzz_EdX<TviEiUm~we
z;%-cA9N=SxjC0PoQBny=|H!n~nk|LDn!Tymv(|xTjFrAh<jnaO;cE9(dMuU>F!Jld
zLvtxYyznfm-yyk>xSgB*$&e=+qImbG3I7jHY+t>t=d<opY)?CC&)`PeS)>p#2ggpm
ztKL~qwa^XAo7EbZB(G4BydqNy5RVnZ%CePUIghBRNWi@i&F=4XHa=HMR&N=DxeNce
zo1|{_X9cw<%?d8TwdgEjn098Tg3Kx19~mn@c|CDOaVy-oAw?nLU4Ym58^jgI1WSRV
zX*hoGDVP`qHQY0F%Y4;{c5&gC$^A1vgg}Fdr{+&VjZcHEzJ{`&lRu=m9C--NvZdn-
ziLJJIKM7@f3q()8X;;+pJ5c7yb31i{{u1%f@MczCAQXUAo)z}csn0gZJ@s|N_4WY>
z=8U=E+ec4bp;@B3a3ARQaR34>(_nb^aLU|rHL0E+EyGqakVWSeVN@Qb3Kh8Ub3iHN
zxhaz}t1L+TopN|s*wxP*ELQ!g-rFYB7^b`_d3pJfNl6Nms_3yTRtb^2RWIyxnQG_R
zN@~Rf1)Vu3_A0xxi6Jy4DQhGw!)yl}+vvry%d<NpdBRs+eAiUpBF7iamitC;+y%{H
zj@BbD%r)N}_%PRDva@Pi6GsWCvfip&#>srYPV$QmTH0#>Q#0OMJrrXIs%oABUl52u
zuq+1+mt<}l^xKm~dzhhwj&Albsy?7|6bF(k{AAuhY>p>KmK#Y~HnGRX5&I)(4f)wc
zQ}sZnbCsEK*<|8M=)!AR`^tjovw&?$C#T)Q+aO}g2p?s6{c8Q1!3=BJXDNN94Az>c
z;zvf8aUsaF{mnPMKeldpI{x4fiDo-MNG%KN+a7d3#RSY?_GFQ{pyR-*Uh>g7b>H#>
zSqa8QzQe;8Z<s!tTPAOegO9SzqthY9kX^%{1m$H|AKbRr;vj^lIr=P_#pRpkTc`44
zluAxY_T;(Au<FIq`K!NxQmM{Qt^)FsX@_iZX^O4YXg}Yb#SWXFqIpvR0RbEoUycyq
zmoU7P6%G2a$I}a^ZiV)A5G>fF9u#I!gzi4-9ON}=F!z0sP55=r4!3V|Eh5ZO4!v2{
zi9_90EBr1rtlt)MpM&h_AHEqjI?&JLh+ZECN5`}q3<>F)>I}I4ZcU3M4=!2cY+n0p
zQbNi-_w}o!+W5F_2(;<XKhtXETVbaI$n$7Q>uT=h23mXxZLE8+WXK7Ix}6sgOo{fs
zxH}jjO=ab+*0s`|b}D6Mz@0Q+RnEH8k0XQm6FV%d%o$!M*7>Jy<0aYIhP9QRmL5oa
zrf>5MJ~7-eye5(oV>r)BZ(vQx+8I)|({cIj_oKLvCCy`8_9j&Dv`1nVv<SvU_^VXH
z)Q4{8RbLF^PX>gA$$(B!OACdMSpQ75l`A4lqLUy_|7X}Ek|75hUz2RBVA9_uko^VE
z(HX+A6ujarf_;zF`a|;Ib=?+=iyF@iYPQ#gvVw!Jg};eyd&Bh5_$cXW-V`Mz<w*Y(
z3KPQ55Mbo26V&3=Ug7ppB0t+CR(^4r&8=`f#Yc*eA+YayjaDD$rvH6Kdp~C?;cW#K
z?lgv3KIXow%Bx{tPGr{7QWm9-9C{@Ym{?648R7QP3a6xr<8vsFRqMtvCaP=NM*Dr)
z0#8f@NUiZ$(*)%H0lRsRsoD0AAM*zv;JU^Mv@_U%_OX175eL@^Awq+Hzs{=DE|1Mk
ziTmJ%3nSZL7#BQo*GO}iB>blZ`)*olU&rZyMw5Ywwb9$(!#(C(wx<L2YtM{>dpyKD
z##Y2f#A1|8BR(>ldRAma5zEf3;-jDBw>$ozlJuQlD<=2XRIE<_jv{(5aSRU#uMMdP
zvJedZ5SUpg<F-zvjj~clCdfz<Em!GCW!Fb!gV|JH!cL2H{DIXqc7%X#p=%UB%Yc#L
z;iyJ1>EvjSjN&AgBV955(MiiZa`X$rGeDRO1x26Scl>rTN_Hz%#A2SmopLL7&(^U~
zL-xSW*UM8=a~KC!Y?3yLgIGYG*50HG9$~&;b9A7%5C4<xsVS>^Zav^zA6MUKeJ@Ub
zXrk)7qu;5l@>&|5?AiVxcMgq5WZ<;`HBJR!JYX4Q2tF>9FHlg+=h4Ia@^^cDER`)^
zi2j|DW22HOxKh2fOX|qkBalJBFfFK@-;zoTXQxn$tQ(li>4hA2|Bf877T+fsuNBkb
zz`px%I=OD1r%#S{-!XL~sdA73Y^1eHtzqSGC46f@wA5IVFz9DsS`DC^MEu!;pNy~b
zgdCH2_fKM7QFL$qGY?It`?7Tyd^Ya<5zkV<@_uY_n=D<b@7IwQb|E@}a`m};`(=yH
zy~>&1$~{B^*k?Hwj>mowRIHq3gbHT$Jn8Owr*GLQHS6VP1HhWgKh#8u4u4#Uh?oUI
zJWQv#qa(pYSzEucLK0XVnL7h;vGqWouHWUNczYe!3Fdkd<vXbu$rg-pZVNlixR^Jk
zUFgm=MV^n_TBBP-I}6X!Heg}ISkK3vgDog^)SBl6Ji2V>tG3!s-ue^#<8^jYWSmj0
z5N~y+hCXv`-nryv0QpQ^{oMKCDDvf##8TmpEN9Nde%5+9X@k%3f~WH9P@vqs`;`XW
zoNT-Oh>z7lARxbu4$j8C<&5Zo1395Fm}x4+8zqS_6n+>C{<*ar;i)+s88=3hegMN3
zZ_M`5Dc$Z#!~1!y9d<;tyoc`Y&pt`Ywh$(@1VoHfB)T}gP6@J%6{*|k*`vj&sm;|c
zr4b2iPbJZk0-{fSyK>*TnP;6&XsiGmn(TsHFu2Hw(u30p`&&|bn^;-931>`){|&uC
zlAN3;?vU!kY2IJ<S66=1$wuowp1|6xIs=bosa+n010dR<1mlmZYh42wpucOZnlkM4
zkB+RcZ*m}+=gq~Djh^^9Fh#Sp#qxqDx#(zp5J!n_7XAMEaaI{srbZ;9R)g4m;JLWt
zi5~GrL(Wl4K_{AKY+<q>g}a}(Lsi2fyP#{X`W)tN&Q4V)ZSSFhx|!zm_HW&U%+1|&
zYU1IE7WKzJaU1QAn{bCqc*FW<N${6>u{Y!vt9I8G@_i-5YaAjYrRP0THT?TQ!m>~2
zc&vcZo+^@0k__)z7xYa=XV2=4J#>GJ;9>(K@E2Jz7NeMlDJnzZVb`vSPY}K5XQ>U^
zvz}-0(4qnNG1q;}=6A~sm4)ZL2f^`4+Um**n?np!51!M_HtmW3FF+(1ZsZ@mhjvN4
zXj;_>9ty@Q<Vc`eFH!VyrUHpXA{`|~b8BnA9f85F)KyU0i`2@P;i7Slmhq@Pe_6UG
zbba!`7^^mL%-ghG7_)>R;MG+$aS}ro0BVn_+*bC<%M{K2ukML4Q&8N!x2Fu#*TAD|
zU5V-P9U{VaIVY!*Xs*<|A>`CFP_F|VW8}o6bPDib0Ux=^+T`1zCS(J|b!yXDveAN^
z2FqDvQZXnXE&BIwswMQ!EjGH<myW<dl6mGJ4by=Oqy@YF?`y9vCe!>gM7(Ie<(Gct
zKNgCckHwLWI{_(TPTD#dPxxd$^NQg|QrmtCAZLO<3=Pv8>*(k(hrfYri2i;4Me~jp
zxeyOOn}pB)##mvsBT6uZ6aaRm_`<KmATn3yURi?Mj?QA_H%blIyZZNyW=e>#zHeD>
zL#E*5#-(Pr$I$%zf+G*dey+c*6knA^^nG{OS(tgP)f03KiVBiouGD`Uepw148@=~d
zqd61<9F!^g;!@ibZ|41_|4VIqHBbk<hg|7R3@BEj=)04K+Z7udbM-R&YiBVjSki~R
zRnfQ?-f6;fn?h)1RgI&d&($0FuQ8b1=<2$6e0=Qx?^Vt4$dy&(O48-O9dkxFA<u*{
z&ZVbUzcjyix@VBCOTJC<Y4MT)jOxmjgTyTWT%uI$^RI>SG|(jzSqkLeL2Nd-{Rt^r
zdE+kN-sIWLR~?8$C@CC^Omr{?$vTs&zzOZwD9*nE|5}|)o?VLr65Z+2k6O>>_9&s}
z0R2`chYW~xRH95NXFpSY_c6k-YFCI-X5_|>?9N6x#$`IM8kc%2Ta}>GaR2NT4#dww
z_iP1wviwTprl_<l(l7jZo5EirOBH_B0%xeMYz|BcLFBeO(NlAWIoMcM!kaX3v#3(;
z_wQf90J?@dP9&7aCXQvMdg98JWvMF9K)IEdhtIHXG*wMU3LCjr+PoYE---^WTnnt~
z@~ZquN%YfCiWbwldkf^2i0l?q1L-sAGvYjQ@6aVOpL3H)cDDBkFCpd&1WapUU{n~?
zYc<f#;g=9jA4aO5aYWU+B5W(Kc)`97ZW#*zfBs{MgsVamTj~8RbQyrjx}F5WaC4xG
zFC-&HnTUpE6yNtEeQ|Gd?9~q{_VnSt_F#PicRV%V5j^WCnT$%Ux9KR)Hw;XiA(6Xh
z4*sex@-;HUmkU00zQQTu+d&Z8hvHU43<r2qG+nf;{@hQ<dw!Z^`M$uaCT2w2fY!_S
zC_5Q7ZFTTbS=4FnWCsBV#Y9C~tY$NR|DOp;ss*A&rqF1Cs6!&9SV_<HP^CTrqF!w;
zWrj^vg;DVfAw9skSL!#HbTY0Pzwy;U^Dav|k(gc4VR~iuQ{~(F*gzzXwdB;QDhN91
z_A1j!$F`UrTH<xElq!~`bo|iZ7|T6(GF6_Ju2*H&5wb1DbF9(8bOtniz2VC9>XlI!
zXRzpMBh!IU%vIgvk5=53{75#7jk-l7_0bJ`6>g~-|1Fb4*8&Cu!P7)noAj%4zK#>Y
zK)<_uS6V}?L{|(v940v0G&gBOh-P@j_dG@nJwdB+B^|CnQb<OQ&pCUv#n-otfv)oB
z<OAm1Gc`KKsf6jygU#`d#`Gdvre$GLcHK5i{(g{4M7p@unmd|y#2zn?S=?S|V-|C~
zqndK^QZ^>3aoqF;?5{uxBwkX0X&JK|F3C;nrC2abTbCpJ>`^gNd`MdF4J)VgU%OLa
zAZb9mK}ANhe$#3p#U&VfAckouW#3o=R^QQtRBesX&y~>*+YRlv$qWNVany{GLERU7
zTaA^9t#LRj8xLdIEC+6gd+c(8!(!FaTNug4i9pTtiZA19hJ%%d8b|^(mD}p*k=M+p
zoO-mxs6E)X&*;d`Y+C3hCMH_%q!VXa;4VYRl)%(7xCw#Yw4tS!o)+Um#M*Qeu#!WM
z8`YwpIIm~kWYjr7qVwA;WJMgv1O&jbSWn)74=}WP*U6uV=>xbvW8?Aet3tJg9A%Ld
z=lSLf{S^`jE&#Xg*9-qu0~APHMH8b`)V9999jpQ9Ic;8EoN~P=4Lq`j^f)NdZm9LQ
z&GGQ9DZOEpVb&o71HY~jzsx;sr<{W?n2PDHO(3wQoQ`TOKv#`$g!l_O4OBE!4>BR&
zpFMGVlHnceE<m4XxMT1q<y^(4YPpWhcPO275kECr9%$r=skV~!6S3_m-^NtA9wqeF
zs=ogr=H^F)jzh9N_4hUB`epL;j_9iU!Mb2Wkm9nFy{OgnnG|8ZLYP!JVMGel*nacq
zuO1<v)&n+?c3+(ARgI_YCZjAPCCtFZU4nc_4`tTq&iu#}l7@XI|61*j<4-IJydx=m
zumpwU^kghBzWpT{^l;;T&p<+;!qK38iCF#7Qa;11^@B5uUsA-to8`i~f<5tUp%TAs
zD(zh7K+jSS@g?--@Tt?`O`qk`dT07xhD!T&->Y?HI*`tTjNWC?Zsr<4y8JljVyu3h
zW7$+OrcoO8n3j2`P|SDmKF{vS-hgkr4T<94y7r~kVl^3svefW%pGTsn^ul(N!H6@n
z^p$wcw|Np2$!b#e;D+r9<DJzI2B@}I2k<RaL<EVGEwi}~Sa>e}iL7qBMSM%o`%)Gb
zW^Bku*{>L&)(xDhd?STX8CD7l!`SK3$K?yFFXen-f$lP{O7i{2UByb^H=}#l*S_i>
zx^iD7rIJ40!NfP|L7K@F<|gyChg==vh%IV<G5AmOt;RH46B51_msM^0=mt7&l{!7H
zA*v*G+_{Ndl@F}l4#utaBH2_>ho48w8ThkxgsaFn!&6Mm2>4b7%2_Z~K{t87VXNwe
zFV6Mh2{)4xR?$iHH<_<3-wW62aZw73r$!?EL_qh!-Xjdxv0+fIXS1Lq7b!+o^}9>0
zS%KIPLEhRDPg>G|{rQy8z{%GA$O%>w^S}q|lo@4}Q>@jGepe5^c-N+o%<~jf)6rN2
zy&CZf6`x_}jN6tQM0iGrbHV8A9kbWsBb_`^f4SwS)1?R2*}l$1fJ2H=DQ?zMs_?!5
zv0fr($_!d3TZ;W=>Cgh7(9o^JU48{K43G-?5d^q3RJ?M9ZlRM*>4b!AFi~%KU5v5u
zs4v8_SGz%P5{nB*S!o&{>WbeQ%~vassLup-0PD%S*90bY-Wo$u%9#;3`Rc7pR^T_e
z>NLJdsM-p!=qdy_g3ycfz4ZP&=Xg8|W3<J_6R7OQnNY#N&dM7E>6u#ukuTcyJY>-k
z+)~f42-UB~1(Iul@CEo;6CRaKk?{}V2U(n-{{sB|U#rX)4!xO3^YMBlD*TL*5As;E
z0o%qwspB;1Kp9|B2eO-oyXfyf?{(V6pYAY+R-q;aMtDE^9|$Gxb3e)gdJ5x@E(?>P
z9R-D}@-IJoc(qe$xz7XBNC)$nl^o&T-!3!UAFCMY^v|AS=6G@vhV81@dW$4STRFv(
zQRu@RSDw4Gbd>{FPssMEzvRTcun|RI)qNcUu`4$=o#e`kq)d)526pP<#SX(|<%z<s
z(5b|ctb{<`*pN!y(LRHJ%9-MXyEIwtUMZbXtwiZkjYz?$PwiO5<68n6U;Yb6YJiji
za{mP<JHMx{1UwYO@0s-8qWJpt1F$We*%jpX4>)x%%ES1_#uL({@7qgUd?1kDqdq>q
zv3hv&*YDLF(-8#B_*mEkcY8AFa_NOh&8NL$J+NcM0RLa|d38b7ggl8LGKTW!Q>3_b
zB?akm*cB}y+w`}!)FOIhiwrcGZ;1IjyrH-hvpE6HI6U60mFxZ2d?|XA+|12%aBLz)
zCM)lE*-rblpa0+}ko6^u=1N=6^fb(BEMt}BjhyJGb_20{F0=rNLhXt1akH&kfBWdW
zoeHF{>_?Isinc7&kkvmBS3=oRklK6L>ObYN+0(H-k=N+CRDTMXw%*we9@#R{r~CUF
z1w|;e^}i2MP+Xw;Kj8U4!$m>%=KPup{qp<w@0Q;SEvAAf?vcS$s=s}FyGEbuE%JH7
z+NX?-DVNc)^wJj~zkR-8TjBHnG+q{czrw}%xitSPkpDwhnzPAe=DLXgP~fcr^9Ea#
zho@s-Ul;a$`AWT;Ldv6*`T0NMzS+#F!@T3a+3=hFnz|nG`}e}UnD~Fc*sLbtAXoN@
z7YIATq3R89>{1;m0k23I55Ish-j%<AM|6_u`uiu5LDzmy%a%>qqfjV?VyXL{_h!*#
zZ(9iO%`Iu4i^z1!D#42}qk~{^(f<rd1x0S-nXknz#9Q)e_Z{y=t)Q7Wa-Br}hE?a0
zii0*kq9er3ZQy+GeD+lA{LRlUMZs8*Ncg2O+k?0Su@q#g`gKiI&&~D}QX;QtcwZlz
z(1d+?0QH++<;!ZfvYMLYO1ooH@l&v%<&!5@j?57etQK5EhhObKv)gh2UoPEx=KmkE
z`JxK+iXV=|X(w$=aya^@VGm<9SRpZOXR_^(lO~s+E>;6dFf0nS`r~SuNhtSjJZfG2
zOo$W7b)_rthqEMVXlMs1h6c4ffJ8;M>U{Gh;?zWhV2B$cDX#YY?<s%s(ETt6NV+{P
z%}vY5Xd*+oyoLut-8!kv10Ws)$ytZ48*08k<~?;pYr*}<bHTGn6~Sn^T$c#XINWqY
zVY%2^u~t+r^ZkJn@ncxOiIw>^byWNmNv=5QRW;qeVc%Ov%5g;(ZpZ1Qszg<Nf)%I(
z+@yEPmd;%#cbsHhPtb~!2+9cVas$-#$RHglO$uD7b6pdRKR?N6$<7|?>6y#RxC@NA
z+-0VvG7dqq-Me>_WyV4f1^2D4t2^$B<~aJ#oX0>fjc^sJf)!=R9!9$7V!L?N+eyK|
zP}X|i4Kcwp`7O!PT(yYM!8XuJ4}&Auk^GwX>dyu3O9&jWZ?Gchd){C?nD;z1j!t%C
ztwElP%tvd)x<=u84c~XVlkCLLt6C6w<>?l!Y75!^ZgPDq?e1P1g2~L7mLg2<;g}aO
zD8qsk3b#x%Iu4*g5b<2WSGDRkBuPEvA0dl-95#TMBodMBq~X_Um0Cq6Hu)(wK%-HR
zw&zhL#EF0j6yZB10`^7o3BwAqD&5jXBlIT$Kga?#uYPd6`8>twA^nlL?WQ`XTRWfN
z@-K7m0*<DR&!~+x77t-MarI;teOs3E9oO+%8Tg$2;v|GrUDCJ-IGHE={UKf}J%=m3
zXbsg_(iqer_p}-!CC)HHFoxBZ-n@9rX4lEr*Voka;jP+>SB?TekAwm**F?oU!51)I
zC~L8?Bcw`*DpIJWEGKLtxPm%KGiz&WU+xr5mIY$_yDIW-Ki}<H75ic03W=5LqNzl0
z9uL~TMRG$<%>6?95J?(U)BLn7`M9_vaWQ&fsZX5zGbs+X?+T$+748Sg(;H1ab4^Vr
zgo@!j$JE`9_^J{|da;AqEJ=r^qmQd+rwBV}wR=@%rSPcH2V;62znL+9+AZXXg;O_8
zik0R;Zu*=QYc;blCrNG=Qjt(R_930Huv19*1$apo_{)%<9*I97jNxB~t-_6pq--K0
z#MkfnZf(DrSvriBAK5~RD!!@nmp?m(QpLt7`O`5o{jiCZ<2^r&bR6P{jy}uV$^+^b
zk3Zv1eT{Aer{vFLG9djnqW^}eBU$YMkGi{+%vCcd0*jQW;xE+{9x>$!nh#D@)#k2!
z<iQzEQFF`ygZ3rfBh{ab-U03R^L&QdPp4LJH#Mg8<7Ljf0kzDof)2-PeY(|=BHDF}
z09e1_Go`mafqmXfa7uK=rz2s$2_8ArK_|0YHxi${ea%A~2$(!SP)mgWgtDA&|E%jJ
znHwXmpir9gbuGvlqXzWQd%u5U=HzMdpR^|Zy;y)8>+M{xb@NKtc_~TLan=daxWO&w
z_jEbW&d3Wbk#V?(=KO$qJV!`bc_^oCAv&0(ozO}h)2flE*kEMu(`@IVvR==B0@Cd=
zmOhQma8kV`%AMY2W~$$m??nu3(!aaAWVyh6TfJ(o#0O&Du90!J2jGXS9%Q+T9`y~X
zJr;DjTHp@Zsn64CFD!QPZLd1`=-&BO&KSq@*22^A4s5KuO8Zpw%-S$xD}p!*gdf}O
z?yNI3MIej%AqRPmo_9-Ps!@O5TUrjM&&2I>C~BbAR_>M(jrh)YUmTy^nTCVPy8ED$
zXl?z&sc85*$rIu=-^{qNd2)j5Y0ChOjp~vP%HRMT28)^lACM!3AFa?4@ks44g7myd
zecjnIV}-c{=jljRo+H5rYp#EAYq7eb|C5tl1Rx8JSkGA1Mi)u=nUsH_-{`b)tm?}x
z3DsTH!#pp`%y00qg&gnb6&h#;&~Q>Il^o;cVb4wVHnd=6IYy8)Rm9syu0-i)qA4ez
z%gaMjH17Tsj(!5a+HFI~0I8V2{)2y4;CDFrnfNs;zhg+Y%Z`x1#3Z@PJ+gtktH0lz
zz(=>a0kRfNI?<TYK;F$P?|8|9=}(h#S?<F8Re5W-gkN1fybc~QXG&(hgIK-#!^Sm<
z(d_jlX%^q<WIoI!%ZQjm6Jm#h*zZqqeI&vVe^f15X35?LU>UD+Bkos?uRd9t6L%i#
zZ!Aw$p5etIJ<hwJUPV<oS(yF<*Nn#dL<D8!-Q%(1MY&G!yI)Nsp3v&0&Xql#T1P^E
zPa72>v0j*@j>J647@ONU`$RlT&Nx{`?UB6^X=3~z8FeblFWYallR4z*Y+WCW%AL;Q
z59IUxz0FmPE8aMXt(;H=qpJUSO7AUwl(L)J{ottc`ozb<>~~$sLUORRGkV<tLUe22
zR2&d95E@OF^<Lm=y7ztx{V3JG1~uZ1U7jJQ+$;Vl3e_|VEuJi0S`MGdWzO?FOAa{}
z+UamFu67y&!na5AASu53vO*Jrkkfr3fbml7MlWOmQFxob3m+}?)>vd#_^9i4wbag0
zqMl8HrYJ9|8^7zMjIY@kE6wAWTXjik!cJ(M9~u7;nfbWOie`BbW3z>=o)fA><vT3a
zc~hnI$f=RGQZ@~V$H;0CV^9p?h~X^X9hGlm{XEIxR7OmL<!)VCFc6Q1Y)|GH8`sWx
z)FY*p2>Ztq8M!RHL&EOKl8(ks*0pVX32LcFlfmEnrB;1&?eb_rUcX9h1|0y!eB9-9
zrG87kI*|aSZdv!rB_pQ+>~svr69A~)&SOSQcb#f@HrG6!mCizB#t$ao3ei5m`W1|{
zWJ@Ht9A<X=k(OId740sE6Gyi;2kljVCY+28c_Wq<-%fKnX5ZQk@{-k6^_u0Cp+OUk
zX%6SM?59&u&I3DZQV379L>*2lQ(Yo~L1H}P^Rlqi*};1&FG8P4edC-wtoVFiqe?9W
zr~&i!@u^dAlN_=ZPHl;i`<ArG*&U*Vnwm0UO6I$PTu8BLy3-xJpB>eao9Opqv1H|D
zeI5RW>R838+!UNOCFMjvZF-j{V^m5i(^msteH0nUx`iiiOkE>NGgm;X%qfC)YY1jz
zGEcr-=c^yUYTl<$3R^Qb+)a)`Ta4C*T57C!W}KiR-u6c-bjbU;jxHx{RmNq=oxXaw
zDQ#7L{OWfhpeD~b>l<{qBf+V#5dqnfKGv^Jw<2~t+YU`~$vQtllo@}9Bj|8xAn;U(
zSLK9kouDg^l|vU)=*Dc_BW8O=3u0FjuQ!gia#Q39O)S2qk{!owhP)dOnh_((ofx1N
z7U~Xa0e(K^$fL4=XIVScuX9oT8A5v&XQ{hK@kZ~d72yoYd<oj@vmU4sP}TVh_iAgZ
zgTSc_ke*uBFJ10E?vgu2$NqF_$zb%jT_ah=*n4#X^FY5bRbzG^0La;l1n`LkRxLK=
zp=WybXI}UT?k0K_6DmC82Q6OsFdjtZ0xd88r-EAPpWF6VL?(i;rw&6p#;y@E>o*|*
zS`+ruTHxkr-%x@f{mAMX;Pag-2|w+Aqi=obz`-9uK)EVC<sNiogrAtS>RD;iPA3r!
zR$LuO2Zmzx)&{xG2?T=65-|4P^j_0K>C*W#2wy}JE=<`ytef$?LWXEh+0O^|@7obp
z4dYwGt5*6H{oiW*nObB3RQ#EnsVHoSKSLGvo}0MNGDA+*dbN&?3YR^k8YLe1J;M{q
z_V)YHymUtei#f|DZ_^qa#yO$Kdre-)+;WDU8ghOc1CTRE*3%6_PHHj#iO*O_>59d1
zxA6~Q62cCqZ>Zl8*YMOLATi08_f36rQqi$N*ge7bE0UOM%u?d{qqBW5An9|#E|%Yq
ztW`)lAZ#>5_s`xe>p@j%p7B#S2ELU3wk{~EKK=y0nJ24}b?X6o^q#Nx1umQ#%YnR=
z@lH^?VPtAHs-s=UuIcz>@~lt8T3{~-fIT}2(Si}JY!ogG^v&7z;f^qO3vb<pjro<G
zH$O={DWrqAROHTZrM=1nWW_mO7^`$(O`EmYAg3*v!lP_!K6xF+#_bPiFdZF<njaaN
z@(5RbL#t_+YshK-vRRO7`#tqjfbZxD59TpBN~4EdQzw_4i(+KZUXs=2WIlhXSDP%P
zzMVis>h({9KNNc+r)Qcney$zypIZ`yQ%Dz>cC7tmWMnLW`ua0!e-YlYB)sG8T+(6}
z_gtSq)mO@w9CJ}=A>rX^-KU{)$ucVnr?gDhz5%aS(ceVo##U|~C!K_eEs35#&ubj8
zs~4tSI1KkoinOS+`h!Ftk>w8nRW8cSRpC4myYHS>tyU7ubXYvQ7F8NPRcV01GE~pm
z6Fr$%MD#0u@*_R?-iV|mf+Vjc^QGK3n_&K7Xk3r(9&UQRY#w>i7c+q)YgtT0HSl%a
z-R)=I`WkPM1xtUy-TY>Xo8L^qDS)leev`qIQHz8vINfifRJ3y>3U*t-r=B4_TuqYw
zD}bSQT_^1Az>c|pTAn5PTcZlDgx9DARI9TpF9d!1eQUyzBNnthGzZnUCjx$;a~sU7
zYB{eW$(zKHQ>yj*RNW#vYn5E&y^=+4(-YN?Fxb)LR{m3js}&1Gcg<_PAuE6E`AJl#
z4gF@L{c6w<Z4HqAjYeAX*ra_+#x;cjM|9&Uwi=xfAOATZoa~Y%_w#p)`CuP7AZ>jK
z`a+!!0Da-&{1qT{f5}Hw*w>nDhe<g?mOy7^eH2nY^+PI>=$LM)X@lodKHs;()jGvR
z5FUhF*gkxmj7x*~e(b{U`qp#>Wpt)(?HSB3_i9M_#svRK<NEU?k8BOLUjG&S#ij}b
z{8ZGX;dh4f-h~SJC;%f*keV7cMfQU~FcD5SuDuoKzZ7mTS=U<o1=Kwg)^4xMFLwRt
zvGw*1+G-IN4P_le3{7kxPp?gtVi%R%(Wrf7aLzoF#eiRy01Emmx?7m^wOF~sS1>$W
zB1+#?f9=%qkL(+dsDeh2=HInNpsdl(@e4n$67f*<OV#;OxatyvlG)I?B;s?gI-Iyk
ztLRqAv0syQmcB&7+uZ0D30*Q?-Znp08<X)l+t;`pSOq^RuLjPX9c38GQ6J?&HXuD`
zO&7a6zRlLUVmiZ_+bQHoTd>(#gPkva%N$9{jqKN>I%+6l0!h@55N51{8uv6wtH_j*
zx%MsVswR%`zGR?W{=m^vuA%Wb@zb#nuMwaCh_Ls=J3GAf97tOwBc0myNL`&No+xah
zh7GjZL$`?N11*&GSqaZNprlKMz8J>6loZ}+(Na^F*f|upm`AfWOpNHp)|yU*R8Re4
z*$QuBXzKk__jzR08&)EDE+l$(1^egppq@91L^vW&)KQTmVnz}0YxgoB>zzn_F<W(Q
z<MkaQ)vXGe`_ZO$xA~R!1$qyFy}<9e1}DQB6ViK|meCSoX|CDCE;R3yt;bpFmilKy
ztLpVm8_joeQ_lMdWVd>Z8h@xN5U)4)4ts(W#PCF=a}L0VC(U8HzA3`Sxt0k+p}G75
zxPIvp$BhPaoCq1Q6u_0yrprFHx(_^^M#M65>o14bD7sBDsmLmKYmeQl$M3tL>pZfM
z8}Og?z-qATgVP^84^GbD<Xv1gi|p8-JG3cp&-SQHc!5D_N*VZ~DdM;%`S{9`gJ4tf
zdXG*J(bdUquHaOf6V{;2+ouh7JU*K(6t(_qQUPi7c+RN}h<iQ82;mmro;?7Zvi&fz
zmAiCwi3p3NVri0D0yd$gSR$L2mMUD6^8msw_=5>U4)dVzKH>yVQT+kPAzg`aiTA1d
zxfTKPLhd2%xDeVX>9IA*XbgHkfB7FLT-})w0u1s$n8(<BTf61b9>{o)lV%nI<h1^F
zMxEWnT~loyn{-x;dkYJyvn}_4m)VT0B9lbG>42kXib!v|wTTjm(#=Tdpnb#6YKex%
zoCyxgWb=(yt>HXQ;9faGF>@;L^T0R0>qnt^XD4}u?8XCi%Uk%$sy~`W+C_&uBlf@K
zFan-wd0KweA)TT@#oh}`BgXCgiDUMX7mfTDuSi~GV-3VRjAbXE_G##lV-75Z<nwS)
zBO?Mv&WM!s*jCSntO;)?>2<GmZMeN?>Y9i&x_xDTZ+a(vx+u{P%feRbOa%~L{J3kV
zLrn`q2OgQ6&$V&dS`C)liOU{q@wUEz5KA(ST_DG275f@%)_yu4eJw>&vIoigAdH1+
zf{S;+l<#wNvYI06djRJ9nN*BEcxBnN$qdHnm!7++vap~rQj-y{Ea$Sn$+LxVsv8R;
z`i8T}dYx`+Xv%WjepWmMr}=YAHWdHGk?ny$qSoV)PItfuB1v6<*;Hj?zvbK(n-l8g
zhlq2c5JEqZrSpRAgxO4qfW#Tr$}Kw@@*JL#cmLknISPL%n(b)!t<E$ZK<|7#;~TWg
zEI{iB+wtU7nugKtuOjs$Oj)%LN~@-j?GoKO78jl+NIlSG+Bg2nV$da5Riaq{I+;Aa
zL7%~ZWJ`VJ<srbeiXqF3v5j%f2>an{HrtNF-yZ*Le+9YPh}UMJkVg@r;{*)mLEiq^
z(k~&=6d^1(t$4ch)>YE<4(WPCHNTV*eC^X`f0`9B7(gFTF+(yp4>bN-ae781y1HEP
z#0s8|8P}4x`w6_FIUn-&%{L9&4^Z`<!Ag*`BMjM!$8qjbHr1-Q%b@#3U+{rk6<d+c
z1DSbM-zpKQ(g@^B7j;L?nwd*x6GKBo%jPDKUn5i_N*>lv<t|BJVxh)12w@1f<S(?w
zlDZFFJNygRlyOx1U&E?I`kyf-v+23LZq?nf<tM6~W)_2|i1BkM3jy(RV@AWGeEpYv
zL$k1mZ&Xs1wKG{~gG4?e*iu7)bdnqu5+ja|jwK}}&z?Oy^M6Sey>8W(GCZnYY^+a7
z5a0v*`lzg|tnvTj?Y)DV>f&fo6%mvs(nP9MrHVAE5$Rn)K)SThd+(ys1q7sprbrJE
zAkqmSy@lRFAXI4y9YP7^<@@~Zojdd1%$xh>&O3iG=j_AD+2yy-UVE+eV+uUqH5ghT
zcecZR%y5uZmsKN*-a(6ruC|^Z78x{G7|qC${~O`)1`VY;i;qTzH^)MgR!-A~q9dGR
z83WHjGAf!l)Xscx=%IKpSihmL^^D=U=c9O;7m9FZ>I@%WU-6U71b)&T-^bxXO1J*Z
zgxvzcDjz<21cDTj!OfnHi=M9>Tl}-ws#kUwoVyE(!@s$rkR~Tj;9W~7;<Er6{|Y<!
zk-c=)YhWGretne64%^<b>-+dG!px;XVg<6S?@j8mtV)Li*(T=%N52B_$gJ?pS<)R4
z?EVjKtM|BHk)P(9-~R(wb7>s<fVRP_Z@c^NkPzEpZ`nlMe?Oj+TlM5Gx~%)U$Pgw=
zzK}ac9P-}cCfsc1cC#_Ve~`Hdj*6*?B8)AT$qvi*p+!V4IFm=b?7yp^NGjhrARXF5
z!BUX&JD!jA&vBda{{>e6KT$07IuelKb<c<S_e60;1*+O+AclrF=UnhQTw|5uAaRh?
zr-fGf$xL|sHsHGJTjBe4U#%)65s?!%GY%`?N08erH4+p&0)!@K+!&;qaPY2#-Y6Ut
z5eYmBy%uyiSYMIuVd;sm7i4u3Lk?t$UG6Ph2lhn=Dbf=AFw=27nd!PIVoVP1LRtLE
z?PXT^!aVc9CU9HA_+p@T#e5ctBr4Z07E7nYWAkk4hR{o241ER`zG6%>kj8IZE2h4S
ztrID&w;5HQEoxHNm7ke1arrhH>VPhdI}1ax3Bk-SmgzirdNr-X!XJMQdz#nAh`2$+
z2iFKW(GXr?-(P$S1Y~4O0`$HkP^6?YO-9>vdIY=ILs#9x1jt;L-ZMAW!0VS6=&7{p
z_nHB&FHNm>>#bNG68k89Y9k#k+_{L;c9li}w0W-C+F0PSfmn<q1cptD!eB6l1EYgT
zBz@sC^|X|iTntX|mV+Ho(KIH_a|qD|&l}#o4)IzH4C{upCR~q~*!i4vu^a!K<_kP8
zDatXc<q1G1#tsp9x%ZUn-Q5a-w08Xh>ka)Wdh=)Y@MoGcHP7de*5#5vcj>atOR4nB
z5$<mS6j^{{5J1j-SPW)pd?1xqY^QZ2dp%<`<V`^f{h|nwcvts>1su*cr@?Kh9lMRZ
z?zui?39Ydt%(%h;E{nc>`}Pk<6ViLjS}3>gtK`|YSQ}&Q(G1ypolWFTI(`9XppDNf
z=U2Zo&)gkT6DRbYrI!tn$VtQeEk0X4d|o5bT;n!9g}f~}9kU!(2RmFs@<4h*H|w(@
z`tKjfQh|bn1d_UVx?#SM@!?L2T-`Ef0aWPsB(`C99)1xArj`<jVc-!zC0H5KNa$Lf
zAtJ*|C#(HgW!q~nS)2`}w$ns?z&2ks8fX9I=M?_B^h^@{Q(V5Y_F<Sf$<SU{QIC_g
zm@1XGvrARx1-3p&pCBIr9bXibyBNhxn}=R<3KrVTR_hB3TkYQf@&B%;3YFDr?_zSK
zzSjj}GAR7^>BiF94C+_Ti8=Jx&@rt%MkcQXF~6`7e8}c}JiTKpH5n?cU+)xiP3tMl
zYh-s`sQagv(9wVHX+=r1KSzK>Lv3qd*YV_(?(_2E=8UhCspY{2^IF(K)6o5i6v7cQ
z_p1y43S;lXHTdcZKK$b$^ae=p!rXCUP#3>EZK`&(C&9_{!#AuCyk~6a<^%LTehl@K
zTdPppYhJN8=qfiVoar}UN~+zOph@W9tYDTK!L-ph-4_iUWgN+9AAnkJD{R|Dl2Wuv
zSY0oGi}DZ`0!O}RZJVy7`Oq|9jW-P?R8wU!QUV4v_E4I@xxhMGAHEBo`vdQ1UAOna
z&YKYOES|~}pQdOp*M;v}nPIE)wRAfCNZA_0AccfMwalj#JU1;WL~$=52-at(KM|;S
zepNHGoL#Tga$sTiGPy{g{-yzUS&Xd5zRJ;~(QqZ2I%%I!{VdC~=K%!AJ0(618J7kJ
zE7agr%2Zy<1P%EK(|i0!RxCKC?9U0imx8S#P1h4se|BIKm#YVrd|KXz6Y(2*WxiIE
zAUI3ImDYW4JQz@0os*7dvq9KiX;AFM^EF!i(zZssR}g(S&u#VQj}tSj5nDRdgy^I5
zMr<^V;Ck*js;NEhn`iY->`eiihbvPRkDp4zOeoVJyX&z=LmDbpeCdsT$_3SO@f}k&
z98E{P)~5ST^?Fq%+ER%L<vrRk2H1r?kTNW^T2O)9y!lCB&E;CA>*sftXWyjZk!-rG
z&%I~(33s$?U(eo-0`n#Nr}xt&Dj$EXd){DaUMpr1${73Bs3sARS*WylPv5S-aZ-vp
z|57W#tb09OA6GO5bWh2iSi3&Ffc$CEX$I$7+L(PO^72_^#NmEC&KqCwUf`_W7IHUF
z3?&M=Xe}&7;9ZEI#HWz+W92-9MBZOzE>%fKA%o%_R!emHv6u6<&Qf?4gBkC<fhJIF
z?pNzU)p3e;Ic;V$aG)l`<WS`u6->TM&&oq0c0jVd22`Ph0_(?u)iB1bX3Rw%QzS-r
zFqV(q%a4Mq_I@Cq8<?#lIBM9FY}q7WC$1*)kO4=_liet@ZV_Xz0JUx0gU@raF7u6(
zIM;>Suc3EabQ0@8n~!2635Zq9^EuF&M~GD)!^iaBy`8QpE4U!h@J5xL`x^_|$wuXC
zwY<TE`#RKh*0!u!<0F{dklMt|`UJrF#!c~k^L4;)?d0Vz(+=DY8(Z#rT{4%{`>%~A
z@-qx;z8t%&3}OJx>RKlHBlF_Ns4WQzf$+6c2j1(%bTQ?#K+Ew|%_uX2W$DH*s-E4T
z;Hgh=WWuSd(CSCdMsbe7Mm@!oZ$3Aw%p8nh23>2(!I)Nm>lKe8&nUGd{kM{7qRl<X
z&B^FsX_|GDMqJFfWgsA!R6#4{9nC^Te}<~Kgvh}3&g;#t>A*gx5#A*aoz2Egi~7D=
z)|EhQsBRRBUftQf`(pU|3=q9`S%i<Uu5<N|>ojzAsSH2xDdEStYJWcmiS_FWa+0S<
zb><Q+lTVo*aJ4zat2OT2Q{<>%#zSt?(Vj7Hxl5QkREbS~dyvt&SHxv`QYssD(NI0@
z5_Qyfmug?5?F}u+aroO^Sl0%Rtr9}LUp-g*JagRPIz&v;Tf_lId@|UWOh4v$#w4vJ
zFyL5wUf=PP&Z|TgNzY7j%?iqHM%5mkg-tP3-*d)Pww{-W?i6doQ(c5r4|{7eI`3DD
z9W<#9_v<moHG7r&=+U@`0_G9r3Lo+-Qj$&hf*fjBQ_{e{#-!L%Yy(COX?mQ%*~I<2
z+JO$W6D@*rQ3inH30?e0B7XCHxiuIf>I>Q)a459pV<u;1^-fGGbM>%I#@Tdbu!=h9
z2-0W+;5HERTpHM55xM`<m=}l)V%z(oO__5tZre&H`!jm&*^&q;1F4rRoueIGqRG@F
z2OGYyisY-65`>3FDdN|Ge>cE0#Y++d8=T~RB>?#4-1sC0vPNFJ&I!&&*Az~3o^#eX
z2OK}1mf9t!l^y-9ihAT|VB3|59Mv1WduCA2mO6N6yTd)<Eb&;zou1GPdX1kIx%2$-
zyoDAzc06Fv+kOyRA9<i8)x-rOQK-eY-`7KZ$|m#qoh-Edt!2=-)+~DfxY>!{fNr(y
z3kT2IW?ukQMw@Zr&x+>ay;N)9%2iOJXQF=cpB>9~P@JK%%9|u?Jf_Fvpfv%~sd}!L
zLAQ1@n<+}dGka2YxoZ15u%_}$kQ$zyCG5y=PGfI<T>U4XT0y4D>}$7U!vw*HjDMRE
zhR${Brz0`~t%@S8x#KS*rE@_tPxOAyfQ4Qi7Nh#T{nSMdEKQ&adf~KG28<>P*WZt7
zJd$F=@on95aIoDx5wG$Gu^sag{ILj#L!A`dww=Bg-oE0>GMEj-Rf9I^{~ge#{|smh
zVl~9jUHvPl!Sm;<)_CH5noiv}bII9ZZg;ey_7kaYVgBbOHbYY0bzqLbPwm3pZ4#c9
z*>^S|Y~{1$daMD^qH=`CNwAc4AT(T^5J{1shMv{cN$j0BXyw7$*QpD|DS2s!h5D7E
zsv?^5lhF_ClOWdR-gkiGb=6`OdatMW0t3ofKybO37cOMJRNNV4lAh(b(&`p&l)|DY
z4seagrG(=k*T=2oy$QrGTkxxp9JbiR@ISgqTNl*#X`+IdQnf6qhla0qu-HtVrCVIc
zGx{P2x_W=>vG0__RLUVe1$Rw;kL`T4>1<FT8O*(3`i|$Fb&-lFcX)#Xx@1S!eV{=~
z5dkSQ`P*1{nQ}1<gM%vzs04yQnk|McdhlJQl1Oo6pEDr1pDSZ1#g`_@6eKK5dnG4=
z%YJCAgL$bAEqk?q`9;-pb(xl`Dw5gp6HYCfP?n;vE_U#|#>hm^?&pxCc5j7;B&)km
zoqEj}TeGN?Q9h#Dz$}9)u~*o1EJdSLSj_nR$ZH4pz{bq6RuG&KU)5`VWK&vY5S%QN
zDJ{V3ayJI5=5qc5jtwSs=UUFd9EA(pL0;C5+rH1gxi-=yDKh60pLOY)B%J-!G{|?m
zx<<J$q`Lo3oEz2IMiEe5NvM2Tpbk&S#5#m$$pp51w|AOvoHA6)_cQ2n_Vx+&qCzj{
z_J2jz)!SS-imAu!W+n|r__ju5?$#vh2f2s@cE!+`__?X7M$bLx*2-E;HEaoL2vU<R
zcY6Jnwc2~emFl}_<co;jQaeB!hyI%KNL2ldjW#0yU;Q50q~g*1WlO`fMjzdku@D>F
zw3d}y0%mc6_v@v@R*Js`^9VxjwcQe@@~-`9-L(R(-<+4H5l9oKo2|tc)Wyb=uaHSd
zs0zCUIJ8<~QGohhp|Dt%J4P=3jy`FZC+6?OXmEI4-Hvmi<L)~*(uM0aMDM_agS*}j
zil+w7gMj0TJ+<NqgiK%8N7RH9jcIB96IaAUejxOWDRBsjqzPkGw5t_4l(Fkfo75P7
z7i3raRun7iZavJEFwoBdl0ncY^rk3ROOM|ldJnthKR!9yzo9>x!vpdZ@QF>hAInZw
zTWTDz2In=H#hrN@Xs%nQ1QRA@zUVc$N)Yi#R3xi8++D4<LMH&nk<a^vf?CE761C>W
zV|FqPT-35+M6|3C&!^cbb=p=1l6LcdPIVQj{oLW&zJZwrYnwJBP@29<np@Nc+MLkQ
z;fh=g|HmsInM_5NaW|S|C3%@`T_{cv=&bqPJxDxZcLt=m%g{85t7`#+sz0`3x4_p|
z3ztoy_}zd%t=Dze`oY+;lUwT(Tdfzn*V)kD(`JF1vYgRjPdP{wTFAA3-*#b+HdA6z
zboXv(z4Xg6STCv%IIVo1VObRBDI5bQH~B4T&STH5In6^WseIy07Un2*jGL}7g!UUM
zd6;X~JQtiGcvP<|Pb#!t#omymNR^HC!Qe8@{-8cGBC;j_Br459icxW9J6m!z+f1>@
zx%Aypjd45izFH~Po_3ZfAg_7V<$g+7cL2hG743qwN-#E)TvCSy*Jk9|=@?l)h-=m;
zr!}CV&1_Wq@$RRaWb}lMdv$CVjU?+mIytS1w;bvp)%r~Qv&m{s;#Jl&m`n8BP0Dt<
zd}*|CKM+ve$#sdtOBxk(ePJ1^#A&D9*l(-R?4e=}=K5Ttn7#_uArpTNDT1Xe|B+q=
z1l1hJ*&A|*``Sh<RoROTlshClpm`S~1kIh(b%O*~=yU=#ZJkC{?;NeLnx6q&uspkz
zT$iIx>yRnF1Su4MFm#tO>DYdMpqZJzcj5Hc={B#}Vi{CsN58en9nLeR0Er7e>5Z>R
z4u@jF3xBZT7*c=;zqmOM!@R+U6wDemKJc?)0IjLlKC5T#==jshx0#`?KMgoutS%6P
zW@`xO9=qa^Y!(2xjJz!_FTecVdiJ~Z+~9gk8^0@iy{dh+YJQCl<tG*JJwMtE-MupA
zNfR{3f3jGn+mzheXXbrV-0^^Gk#W{nvuu5&<?{T3i2?Csz@&b&n~5g@YW7wp$U8)h
z4hJe%Zti9y*7<#J*99686A?Btg!-d>H&8(xr5E|91%&^~EhZ9iD~foy!>PPH<MH#%
zomfz%zlg(YJoZktS#1m>)sKd~C*ot4yncE<ubL`2b}w#u^Ibf-k6x@e4Xc0W*pDM9
zRSVRHWU8FZG4Qoms`J%V;10}83LrC1=FVKcKa6Oy-R4BaKH9Pinu5FZ!b3R5_P&90
zUmqArY<4Xd#z1m*=u=t`JPZ?ODDhb^kzeAR=AuQb3=NH^JGDyxX?HqK&l1GJf6ZPJ
z`)wkcJ@DUVCwY{ydhhv@3@3#6INi{D`&#Lw9=1K9JD*xYb0W|^v=U+=uEAFwai}20
zA}Ku9EEsyG{^@rcywz`i`5Je9)%x)s7YD~}@mvyeYD}KoMoq{bFz>`J#5&*<PLGG`
z0NV0_+jM<s$LUAgEWy^eOCZ`&4T)kW5IrWK1<zYDOo)-?znwATt1RQKuUjeGj_DIy
zM6cVg-8jd%m80#0-V4S;JrW7SY+OVcZr`!PmR-+CrpsSlW!PRJLoXq4INWz<juMCm
z*RHRx4nx=8?wuW@Kc&OMN$&Z$-!C=~%O9>lk!|c!-AM?$+0-ZEwzJ%Zh1I6}mO=83
zPjVm57|8C8*-kAm*R)*K9D9woZOaB$GG!8eYKZH*1vm4+uMY9Y)eEfC)h#JE_TJW8
zPk+zZV;A3QNbMo-Ks#!kks+rnR~_aTb=N-VDSj6%b#;=WkGq&T`nhI)yVsSmA70w~
zoQOpDfEM1BW3fZO1xxRk4OPmvE;PyxJW95O!$d|rrd^nbtKW}*-KrVLF<YY~`0vT@
zTPP>Y!?Nhws_0k(0T+8|trs@7w%jLGV6bC{=dg{94WX!R>`iLSEAH1I*b_XG<xGHO
zsM`+IG6ED=nu#Oq(^W=j7;bQnV8V(2GLvt7_(1Tlbm7Jg*2TYajvF_KUyS?@Cmizs
z@5S6ec-xwPkK5#0P^Q0serWrvl=wgQI5Qp6h3B-Zn_BaaD14OueG09_2!>N}w{L8(
zCeln+f*SMX-_v{^-x2Enk$KzZZotiS{(IrII{?w9rfv5%mPo*`-}~)r7jh3m;N8FY
zWZT@c5?})Ax@ED02y#7!-C8g<kNySQ&ns`X_Of2ZNeozw_=^RM=U%Q~s}>#wBYqDJ
zX#7VH9wciK#T`|R0xFpNF6la}oFNr8U6<Y1$c5RE>t^r3=F71<b(>%RgJ7J_;{kH6
z-*fZ*6@2J`L<8zz=U=ubLn{lKh0>2oFHacC@C5soqv5HUv~qh~<d<?P&)jv1JD}~p
zmj-hBx{e>JMOv$<i*oe6iKPB<CwlqyMS)l$Feesaq;VlvwY0I8Up;&eEnv1ojK@9i
zpg_*(vz<k7hj9l{ZCS1J6`*#Sy7qMaj>GV13p$Z#Ay-=H{G7LTX2JOSjK*;gh>mrA
z=NXTePi9I-<d<yfmsjLy`0gBOH0~`fKC7$D9f*BAkX+NdR``qNpl;3*T8=R3J59ET
zT=2)IVgdz&*AQey-ok2@KSrt?<>d;^mH+7<@7~&ZGYz}&u+FkdQ0}|HobUQDuS;3t
zJ%6suQe>;03!KqB$kbM-^Hs)njrlB3>qAZ-ezPvivmKS4%k=4TK^JKAUaI$s&%my3
zSpkT$LG!*88E&C<Swk<~Z1$)yA3%lVF!$%v(7)aSd+dgX6ADaDQLYEAz)eHXR$6I*
zNv#Qtmt%qayPTX*g|VY|FVkNvT!AZF*JXERYYaSkR2|xRy1KYw!kDTeYjI9t%unmQ
zP+VZrw>ciXybe+4Jv@-5yW}{aHBZqDq*!<kETjcAJ&tr@vy_+9IB2*v-}c2SDdMfF
z^2(&JhLRbSND|wkr*gn37h_`@Z>hVq1{1Y)B@$2S*Qq?-fExNXX#85E;lbwB{qE~X
z96}OIy<fL9+uM6niC0*Xo<s%^tyx?KS&LF=HW)ZACHvPaX;pTO+lK3Y{mL2j4w@3`
z7;07Ej5MckIx|MD5gV@=%j-ii^=#d>(M+44uD{tK>N^@O(rn~oyj`O|H#-NeFi9A4
zjxVvBN6~Q!Y*|_4ePh0?TlQ+!H1nX+(_4oT8au7Mf*j<7G_Po;lK9vx!mh8<LRYev
z%r87(*2}B3ZBkDcI6EYo0jJZMmv(;dJNpY!=bpnAy!<=N)d!y4CGCVdP?nk;KI5jH
zjRATxTl8+NkFk-fcUHd?RcO8A8p!lQe~8bawqfaycX-Bes@dUd2x83Ij(_Nhei^UI
zWFN|PNS2^<wH?k0+>u8weJsdBoEZDU{6x5hF;<B~Ny~fQG`1{5hB<58E4I1`O3mKE
zTy+fPoLw<=+PO@`?{aRqjh$l~<%Kvs_3Ik3E$N3rIbOD9^*O$4G!YP~a+|{*GP<0F
z*Ohf4`>ps4dRCsg?ucW07Z)*x)EmD7h2_c+u4R?ZxCH{^tL|Dy80;8iE;l_Jv7d&j
zbMYHKn8T&6=E)_vc6ro0PMfh+ShGdY<Hi_J77rCZbZx1mK3+(w`K)C%^s8$#aE8k;
z=^d<xhnbu&=s4C~TA7wBlQnsjE6NqX0E^a8ND4n{kjR>fkpio(!AN?Vnvm=r95&UN
ztHzH76nCaxHYad&a1gATSCg~|FT%flQgWG=ZjC>FAA2_oh_@ik<rK{(fD7m~)Z9$~
zk<%$THI9ftHSfd_79m#FDwe-gr_*_|O|3mK<NGpPkJ_+po%*o9O%|C0Z$w*BUW)|g
z@2_USGvlkdsg-ks!IqHOcAgQx@lBEv?qK`o*vM4f$YGj6gx={?xa~CaY|!jF{n6Li
z0V5;Xm7*l_@L`O{xK}-^r99$kC?vu|@sS;{X=XQ5FHk+#Rw{4iEhs>;El>_b9zOoA
zo;#rH*z+Q<u{C9`w1PF9mA7LxsR}y+jf9Q)&onxA{D_*+&kb((EJH9gO)({nJGsmF
zj$_V+9jDiJ#;R5TJ={3Pyh(4j8u!4h%{%hi4&4$vD~)LfeVvz@z$84@Kd0Q9r_4-l
zr#|Eq!YOXa<aoa}wP4NrsM@uY(52jUCUbJ)sac|l8;qfGCn8<d7@&4z7M8JCh_E0q
z?r=7qB0b%lVdSJ!in0Qn{ID^oDgu&7ZZqlsRxR6ecXNBUVa;{$l>9B1d2~}}mrR{(
zfLFL?avwYO=ltEJD)JLE-vm2a7X0p~elH8NdG!1{mDgDo3C|x7kjQGsyxORvOC#;e
z@6lIb3tc09;eIODCK71+d(B#4kUi4OOA9p5Fsz(COR~TEmMtxxF4i~2tMBb@*vE2-
zS6@Go$|gN}k*O!A^{z|uYWA1Jz|7{slRU&Sa(mfwc8_B7KugM?&#+0a=bN8G<`Svl
zV;|pi0GeKR%!$?&8jrl6OH?f}#4z2W<F3NZgAI$9FDV#q?cF5mQ|&^HGuv!DY;_*g
z5HM-ldEMDKm%a*u&a<s^zyp;w4~L{(1(y2VF5Y^?yCt%L_;;M6rX>xy+uO?3jT^=Z
zT?{;T59oDZDJ$+v&>R6Wzu~q${`mn0l{eI#wiDFfHl7Rj=WzPZyfzAwdZzvLas;DX
z?jOFYf={os^IBEjT~*V;V`<=mGyUyb2jUP@&0TS4Ecg$_{gb%;=2uewcKSA^PsF00
z4-7`y*vAWs%f^U|3<gv!@T<spZshNm)jkz|Djwv#V<vyYih+3(%S>i&0P=6#{B|DT
z-WQGsBp<b4?V1AwG?Bw<vag#{M4wh)-d!8ijBGbA+4oZpG4VC35?gmJ-(6i#1jbT2
z*5Z{<)x(cJs<T`k@QB-<h9Rq{WRnO#zt~oN09#0DNHKxN%jRk@eE!%$r;{9uuh13K
zL{POyhq?6hlbo7&BAFz8A$Sq+6k2x#1Np^1yj`VGv=CU-sS72P3$`E6Y@vFL;yo=|
z9r*A{$1?YbQdI5%Wy^7tS?ZU&++w_S%@pudFMIOeZC$=p9+#7h%R`|S37?bB@RL(o
z(E6L+9Ka9uuyIWL#5j{?9Z>*0Rp~f9O?=f!c3Ta4=#{bDHKtMCFfKh|7<##_DKX3<
zrY-`RZ%p?Nk95J!whZSt>WDMO0T7e3G82x>cIB-t=#;FQz;M)q*-T9j(W^a5@w?#W
z;G}#pOQwf*FqzJzfC>8zySy-=A<g<nsHgaV9fo;x6Y#vR7cpVdHRV}En*Z$%Xky(`
zY_;&-CG#&*b&5%2NyEXr{2g?jIm25XOp8b|LDv`O9;sD{nECCdqUsnL2DNOf9O*He
zRUTC7D5~(cG^|c)=uv(9$%K=l1G>`l<cti^oT;kzv}6s#AAs@V9+qwuIB_m_!*KLR
znpm<WffUFl*tbzXhgryr`D8F^!TYaIV~d7k&fB`1GMCM*4Gv!_1f2drXi%UUQM~(;
z(o;^6XZQPjlF;|s1CVo#WIZ)Bl#ZT;qB$!AaS3c>BA$jAg6Y26i&5cL3lKjxCNfnX
z!gwGOhv;fm)5^_R?JP=tI>r1a&<pln{FIqY%9rJhJGN!@QH9<Q#9^4O!_N@_yIn2g
zM_{rl_;CN?o5}q?_)l{R2ptr7J>RxQj6}Eos(DzLhY)2SWiiYX=GzV0E<wC9=Or6E
z{d3N)-1?0{yF<C|S>*1JMc?#|;2`yCx#v*V>mu`DJz0B)7Uf5jZ1SB8F$JcKLwH6c
zdC3c^$Ilg9vZ#J{z;KPQjDqipsHEkna>*;o;oub{!@W*ZnU#DS6zgbPJX%ZnYwbYf
znMM+|`zv1}u7ySqUV4$`ni#r{t(YjyR|bO<BFNH;*G`KkcFk9FP{Ew37%V6~2TU~s
zChc)e&Lpqqcd?Cpt12-Jj4I3gHia@Fgfw-Ud7!5JeGC2VYYj$-z1IvJj1+CO4lkDJ
z%S{p`o6$EA=c5znFIx%~ntG<0k9Rh!a|B}V2ee5;>{34(6w_3;$_S?E%Xd`N-J?d6
zD?0VYsTNSM%!@SP&e!mB(>!tuwUrbMSPhYX{F1Em*lv+Vf0F1+iE+5gb<D>A+wOO=
z;o%J-YZghl<wwyP_@K3(>~)ijH^56wlso7XI!OWY+IpN}h}f2PlKG0bdH^2r@geQS
z%iQ_Z=-l}i-SG0r&qPm3B(vY%4l`DjWyHr;tn~F;@C!ZkXeB<C6j7|s;<Bm-HRRj2
zp7G~dSrhX^vB1`JnF2NmdpoaeyCcHSH5lINF4J~T5r`!VP@FE1tUZREC!oZ6!&}-x
zax=hMp2}VDc2DqO$(J!(#7fS3vg0pQ_(*x|<I)oH?<W5CVxf$t{2H#X9cTUUIc&gK
zu)m!|7ZdBFD$l|h)>ZsQbx?+JA_l16Q*X_A(r;^}Bv4}1cr(D9G12K;{0$3j?YX1l
zA9ns@m{`uBmqBK+qPRD@s$FXa_oh53cwuM<U*79VSNY#-q|=@n0TrD4+T1jPsWjsi
zcQYhAX34syVonX>4+xDt42r?a0Xv0=Bc)FwA26=NM$-iYFCMkXdA+gPH+t|`<dEU9
zLTB#luXp6}dHJ-4LGq5m)(edf=w2*D?NdpSa7{Z6<2senz)+vvuCcna*jpvfG|Q9c
z_6Z+U0bR|kezqzc;(J)rDKc^6GS!=90cp5ag6I?re@Sd{KEQIlt)7XxSYwFuQ&lxQ
zR_RB+Df)p>sDv%Ze7V}*4L%CNO*t*eD7%X{)sqB_@u|9~ZxGPwKi*6Z3eaxfiE4uX
zNiUyq+NujezJj>qXp<J$c)v5HU4k|NtMi+)_8y;!`3eGT@nH5zxQTMmTGsLp#7QK`
z4staL=WbBiq_lTcO<qo^hR$&;BYTFq*7t69ua2$E5ARCSvfCynRA{!KHvJ=?mjJ0m
z;rr6(NB8`^(zG_VPf+FqKMWLf<a|uF3hnQVFj1s6FEuVuYgc><l<H=}2mhsW&s84C
zOu+d_AG$QT5ypAs(lr@D;g#<qnePYwF$q3;XFD(o_h&LA93ZtuheI3n`7=nJ9%kW8
zy9^tb$Gdfl9GAtJ@|dOC)-!y(fg<*Z_D1ANJg(f;mDO0<pv+kY+!FExB3cP+@|vEy
z_e1R$fxolPQ{kIC>DB6_u9{gux}r7FVl8vPue5H0o^LM%e-d=pZ3>51!#Jn)IM>Yz
z6CMn0G?V{2b(m2*{<*l_TnIH<DM@-X$)AuZ$f9^&9Nm@Ni79_7JO4Gq<mFXJ2Eeyo
zhON(xJA+TwWFI5BwKepLVQg)Zx^nRzZSxXF_gKIu-~m$%rFDWBdDfoW^jx(@b*A-r
z$*=oUh4)TOXvbVWLwM)(#=N$U!r_8rr$lw@PbuJpu74E#2D6@`Kr&jpIa%|q9gV`n
zNg7<HuS+uTVUs+lmQ{mx2W~VN7ZGi^5lB$_ILoME2mINGNe|0Ce{pDwQ={+X^EMEj
z*wa_Q>!q~FS==A)_V`Pe@rHoaCwj=%r|z8$TshQwPHT;sN`2chGk|ydc@Wi=ERWd#
z<Vl$NS`#Ss!rw=a*<06Ll}bwExpxH3t*6PSd`xwBjUFGK78P7M*49r|%{&~1GqvtX
zGfH*Q2^q&obOp<l4CemnvrHBko?{o+lbz_-g^GV;8mlfXZbIU|;<+*EgF~YaXYP~T
zdCWK@)BuFYJW5tG%0v?yim<)epYkqY=rhExGa%P<*he@{P%4A&C}uX%n}`ohZs_w3
z32TLU7WJ%L%DP|I-Y0xKcqAltJSb|+xPD>FN1U}9hZdk6&P@WUw-7(|oyH>;fsr5;
z+U(U;Z9lA&y;wtumw=KnN3?ii_I6T~Y9N$by&rjZ7w96{7<>JXj?`6e8l%P&gzft2
zXwDb)!__tms}41M=iMnOR=8j^ww4T(s~4-P5Z)amNzg1XV|Rx0E=mP$IL8`%CWve2
z?_CwpCNPam@?aOEZV9e0={wF@#4i{Hcu_<jX}>|$R2Cw<QtOwMdf|z$YC}B&D$z{_
z&$w51%$6nQ)-EQUWJM`RmXUimhZ2YUk?enD`SpC#?=3?+38nfDy(}q*bz<KS1Ok+S
zX|tvev{`N`T+(;VGRg+eCaP2%_?9>wGAaKeJu{{mjx3Tdt^1s`-c>SlW~FhoAM@7k
z^M-@U7DH9Z9dlnY55<1QcSp?;GOtl>fXn@;y&un8_4_wwE=fX#dG}9qVA+qYhdHI0
z!}p47@?W&mJIZK?Zf+orWV81JmLr#~#JzaV>^cjDXK(a~K7*rPCNZ(J0LGBPCr)Mv
zBM)$|^3_PGfTY|8`hj(;$%$smiDJE6h@bB+*V58Q-{#I$Irbr<+hrm%O?83;xBb4-
zvImvlm+d(YlVaKahx@waz|MU(q-E*Tv>s$S>g$(YKjcT-Uhm^tF`|HjAY5wVVZ4vM
z%ulKnqy@hpGB14;)r0Fhz2K=MMSrJltzV7C?`;vrsgQdtLx8b)(`7{iz4Iek^H))#
zIMML!Nps|KUKzh8J{+wy5}~W{!p=>ZKTn(Ho_8uX+*Fd5tc$kyBpK9nt$h)t$jGEw
z%^hOnp$6K%50mW+caBoNbwoUqqv|S_(GeHBY?Y*;JBaUC+q2#dVsD-UehL{n)k2@9
zzQ+gJ?2$o{%!H;rU8s~c?f9OnDBX&)y`*84&!<ojtm5>3oE!5N(?bUt!$QBR<!@jz
zdWjT;j$WHXJeRf;cscIW&kp|aRJh@FRmI}=I6)HR<sCIB(;8av5aJ^{R>+*aIn3by
z;58iR4n-|xmnDGR4vm#N=E;-A6UyqoMC!y&>j?ABfs<X@WFAK<^=5Xa)LBi(t_onh
z!d%|#N1*<EOVJbCVp#1z_-ayguO6^b<@u*aSShh9+3l(=fOX#GdwO9&_6L`9xq|o>
zxsg>zjfc@}f7-iFVjN~)zzi38i;A9(LOcqz<j*CULrwDYtPMST2Hx%VSr*Cp6FO8!
za+zHIc%?$;*)r<3a9VpR7hU^GjzyU8Vrx(Ysmbh-qv>L|{K(AqN&Oy3mDe_y;u1ku
z7eeY&-|#9u0yr+F$pJXh*P650z7q%<2B^KKWFKOH**n(yn!-@L&3><TBTi*k`%vxo
zC+Q)tzJfpNjyUZg7#BcQt)J)~NIMsnBdn8*BS=0Tj9}d7Gi=TI_}{1eW`T#ub`*nm
z?{jT$3J+^3LKTamg;1@P7av%s@Dgc=!t8QR&AdZS4A7kZar|Y1GJii$6JS7GbpC-9
zKV3QhAY~`=(}zwV$phZAPtV7voT?0BdldKMg-^0A+-;k_%3GkXKAUOx<4K*{`!jAz
z>(f+vkKz_P6uH$M9>DcS4Oo@AjKjO%)St-2oD5yhU?`m(DwfOdtSd&|iR<ka2yh8E
zSIh);P|(W>l(l?RnyXAobugtLh;9N>*=rw@K9Ug0{!U4Ba+E8k=Cx$W;;S_N(e#U$
z%AL4}h9fFzy+1z>4%ms|+&Oo{7&CzDBPtV`E`mn=YbD6~*mt)V2)Qj-gY2HL05q(m
z@bvG3)Qq=n?LX9QEfl1tkg8-ETRlcD8_YZeznUUsx@fnO*8fCcB`d)1uU_ujvCZua
zFlTF~)?d0$rzdtNjSDes2p6u;vlVmRrz<%Yv5%VLeL%ADCx_S%l(h7b^-WOae(c=v
zE2e_P)B_NFh`plWXUqns_c(+lru!?DSu21%z&GtKLBsv=*uD8cfMz`k6SI6?p(LNi
zld|FN9>#h&)=Jmyjnb+W+*t{8J7LoBF04RcTwJzM`smAj3&}XU=<dLlttV}bbLOKp
zlFDtKFiT-mIJOvUM%WG*NgQ!%kX$h(&Noag{j59c<Re&{dK_8#qCg_(r|^4XyfxxR
zHtpfS@r5Rv;TsqFfLt`T;&%AF%b@{ds7Rnv6=JNY&xCafV=!g3GKDa^DnFirKeh82
zog}*U>wJ(AD7g7$9%tN;t47xdY1kL){N$v<Q@qFZ{l%<*DTx25K%M+Z$QkZaf6`4-
zijhgJu{Lk~aDR>8%z*fit556LcO8~N00)*=p-aH75#B}96}*EYy&~Jm9Dj_V(HwqK
z&7XnLHmf&x3QG`2XMS6SS!vm$pN^u-Hz=FAQ8q6|s9WXyzHlDjvsS7&LRug3XWj~7
zyqgF#)=muokl3XJ5$gEm@Uk>%t+1I%d+Ph{7&csi>0g%Ge4c0{boy+zK5Eg=-w5op
z6GJzr?7+<o+_&_p$N(q~Dv{+X@6wMZ3A~PN$z6Ba&&S2|sEef@xz0OJm_||B`!o+e
z6`PyyXM1w%x-u#BiR&VpQhlf4S1c;NyMu74!j~+lm}DW7ztki71b8UT=pY@;6)`hl
zoly0eE!)Vo7C)h${%&kH<u>+?Xwr-*oX`}2r}Fst5Ggxgf<59_d%ZVfn`$3z@;cF!
z8n1DUPB_rs>BuTrc;b}+FXZq0@z09xP9%8DkV(^}VL9i^DJrex1js$$;3F8UZMd8W
zo5Ka`d(#USyYnMNtG1!GR2A|7COFXhnBVj#&SEPi=EZ@YZF3;hFkQ3M08)=f7mB^h
zPOcDTO&ua^^V2J{{;{Vty{e(U5qzw8y!@MK{CvCLmjwoVtlds2COkxB&Qq76F!c*F
zSNENR&-{`2FZmFTgBe(F&;Zh*smH)X+|}bi8O1(&*Q{Tn{M1HuUt35rt2Islk8#u^
zbhqKy9eS+oO90Dd-}247Fjt~x=#i~iD^>-oF6~kO!s=Du#c~=NrkP3Huu7q<_M8p`
z?;;ul#>FKmN6rf8Jnt<z@Y6M`vNYXUD?=N7YJdiQKh{sfdTBZ^pUB4U<_9^7F%&I#
z#aMm{CqF529P?4HIEadmX)VdCM~$g3ls<IO%cUiZdwn-SV$SAx$1dfOy><Q7AQT;w
z?I81AO;SxqU<CC?d3#)}A;RUmvzFGN*}UPWaEy0ye4J9c12vyb7Rv~vWFPx-eOtig
zWvgY#1}3q4T(i-b07fuWb!E0{rsp~CM4PNzsjgXv@&_MNi_2nzEnWiDUF$MfMutVD
zAqfTwn+emrVz;F&KmTs$DZY#u7@zBZ>dtO{di1zvLrEU5kT?A}@5;%TCzeHx!LNU*
zD-5=*Egt_SEJMaA&c-$g$z<gQuNns~SdqB#-f8q_nHr;mn1z5@=R{S=2d*QQ)66Lo
zh?nF|v#JoUy15hJ_=&f0_fRMmtOB!y*6@iTrT9{p$1sm2?VxBiHNmpx=Y7;tXf=Kn
ze9E`_A${{OP|#`B97X&bi`{lk+$d5SuP~WPbXso?N*WL<AEQ)Fs(U7T(j_xAN1qAj
z$CM+?Qs&6ko(bmYS6%spl)C06aIfAOS<CybJM4s=xlgCfmL+8d+BTUnFr6I5_226=
zCp{|7J@D>^-jC4YRBdH#6G3JazJuC0Fv-w~Wev?`@(RBn2vU~*&LX;<TwTcT<Mcd{
z=8vuo#f!PX$yJf2WRhCC*q&9;rAm`Hx5?3|u^E)bJI2f+ouCtR8EIQC=vwJ~&h2Q~
z{!;#@x%TA%+0S9RcWi*x6AE(_G6W@X6?6Jyk6>e!BJZPee25_!jNckM*jTtiA-QEj
z2$P=tX}Qd8`L(IJKM>7q@lbctsfskYlkki?la>OooCtc+8IB?BOY$}UH8Xa(`HXHb
zgPKrvd?jr;`1+2FVGcvg*9+dVCk+y=YYI>%OhG%ze!H73<Xho+fXznYq+76Swc|y_
z`hsNk=6N|Si>hWG;)w9DOlL>jYvZe9U3Y=#!O{opv*7%PLzg;(h3)W?X+i_~3J9Wk
zv$!);HfaS26>p&KQv!eWKy9X(0>XTaIHh@PR)9s!Ypr_C?=F1Ilp#0?Wp=WeD7~c|
zfVQxkgCM|?2DjB-f*ca!>;!4L=uFs}g^WsknY3S@>^wdckuU>juQ+m~y3f-SvSdH-
z+t_10I<brKWh(sip4wV(<n`@Gmjb`~_&8EnGV@fu58Btr#@OTD;iGqTqSC3*y=sur
zJkkwZ`)c)>)`nm$of9f>>2;s?WM71Qp!(*<_(d#m4q2}(ZY%nNYBfSsU_jbFpIx|k
zI9f_?V~?C6Mpu321vmF@d}dq*y<|$G9$1vtmKyia&F}nKAcZ;al5l>f!Za7lR(pcT
zgQ{p2duw3^dj<65wjfWRavZ1ab8WHg$=aMh5yty|V@qI_hD4?KBq{jv_;iCD^Ji|k
z<YS<xRp!@&=9Ym;;Y~fvML$NRoMz#>L?qL9n#}+q1|QZ}#3uoEPiNF@7M%miR7J;a
z8kHg}G8cE7Z^fRdu*(<OanQIX>GPM5IW9<gZdi{$O<Hdz>AExe?70VS`Qa0+#8_01
z%r^s0y5Ahiv)t4DH4icGN5%S&E7)?uby*E;oLL5s??G$`%Ez@5eyDDhHblpX=+vf>
zE05>%l=MmS>-q;x(udU3Oyz9oEaZLq>f|Fvvh20-{T+tsw&cC6chEl$*%?Z_;keWC
zLH}X=J_ij${5`;d$`w~=6x}}>rYb93)WanqXw{dEC>FYVGtclK9^G9yP=1^-KrDld
z)Fa&lckxI(GkjxwJpV(@MTxQJ9MKUwTvR5Qe48IgaPV-Q4~TM}!_0&&Tqk?$e&P2?
zKF&3-3i&EwT@}n-XE{C}T`x$K7mtd)m^+{_pTk8i2R>a0=+As{@0G^^F?erJH6ePV
zLK$-URuuX8p6q^l=b?<w;odbM`7SHnb^K~>6{|BI@U#?6rs|XRT;M#ky}A^O!y9&x
z0i)Y4-(Q-@HC;~M+ZBS}>KHPIt-7$7p}^xHnE-}}4Khk!DW%Z%>Iwhd#Z6M!u>#Mj
zP#AuLO38OYI4?ckamoES)J`JP7YIF!h`*W*Oto{Gj0EcO_zuWZIW=p$e#CO^H*lUr
za0q7%3A{d_X|Psy6PKeepF&PApm-i3PFLp*{V0<d5Z&xfIk?Af_mP*flZqm=?)By?
zz=RF*w0m`d!`$X>xF0$_){0vXT_ye3Y+U9rngz?|a>q28aF++U-cw;UnK9yNbKXD{
zY$n?gx<R;KjLG@5(URp3Qw<V#U*P+EFt#A0O%rnDZ<6-rd-^KP?B-)3ms%Vo6_BR~
zvPnlfyXn{VVHJJmoJ!1r`=zV5_$u{zNHfVIF3L`oRpx!dlu~$`&EL>(@ThoaOAWW`
zy;;N<{Mr(5LUodbZ)uy-boU5+Sr5Hyuw@_XlwDPfl?;tZ^X{^4jEFgS$bxEDi;zLP
zk2^IODU%l`+@zqpF_%ydXexPs`uoL6gw@*8qy1aUZ4X=y&X6KncXmpvc`U^wLa)*p
zV_}lno%e-S;y7uBZk`RqxSpLIiX=!*u8YM!NElvZzCSKBV~!PSzTjh@!Xzf{YKO=?
zz$G2$UcZm?ho3h&Pth&&6Vgy9b+^z##sEit!zDi!tc~;H=VAw8ClrJyQ@NGjYQCry
zhOTQ->?`e#LZgM%uinP39(1a3ih4W(X<~e*D`3k<eG98TZFoXu2RcN~<Fmtl>{pK^
z&SlN7`~jq}0|SfD-HudF^$5H^@-hJt0UV~I{Q^ul0Vzl9Qi$Y~`C+@N4eyh>rZcuI
zGrzpm=JkUjYCc3=q!)0P?ltXr3m=!=Mf3)DG#y8l%0L$|HuS<hsTjkV@D3`$H?>P{
zO>yl4J`NWz7vwM!=i$$kt;}wD#ee?$^u&BqX)4(1pLJ8@uHqk~skH^EIk)TIop?2V
z6RVEqTvFymUwY-<-~#S2v1JaT6ChtU;~UaRU^lS+bM+RUB#}$?!}`Kp@dil7{M{3f
zCd<%)sYR(VbUJza4q0wUV*IaWiQ`wlH}QEjpOKZ-84Yh4X^$=l^m&KI1qhXFTF#~^
zw*A!4eghV!-R1u>^SadNgCHQFEyHJUYMDS8zoXPd>nO&E6i0#J?oj9DIEp)BEzbT|
zOate>{OE<cX6)w6LGCGUytzNuz(In<NnZTC`gwOqpuSm?*;isY_9Q`ohsM?tluU$y
zk93E^PTOoI#e`8flG5uv<$keHEQ4Iti{oEC#4)j|nsoSjy!GxqAPyj5%8Hx1z9kPv
zFLs|Co<7DWOzATS>5AcVUKPpwxivPUZm+*Q(>iYzjk5I@8*jgS0N;&uZj|zzsHtJS
zul(hd_~Jj0!kg}D&Q7px+CFXBb4G*P^?T)r&qP)W>p8)DNUs4X{mE3YCE_%rpx7dD
zt`N>xWvV@!vi<ko8+`O!lTPthKYDh9WKQ?bmWU|0DLTv~{YY;dEL<PB2KA`R|20ZX
zB@S^A`>KF9DZW^i2vxf96APdc*Ie1|`taA|`9?a!|F7D`zbVT8F&O-py@VG`YC)x>
zq>PP>T;}S3Or!rf{$9DE8}?4b-QIGd6C7>o2?{>hF+ISGuyFV+YG0IAH2)TAd&^3z
zX##pEy6<2)odwK<uc1(=ot+&4CGNik-t)MzX?_9uiB>skLCf{g_)InDI2`<o?Ekob
zQQ?2yO@S8_KGgs3g4a?$Xr|^nBIMN+XKKj$5YvB&&(sMlTRX#|@8TfvEFf~*2f)<S
z)RcK4BrAJ`&yn!Y@jpx0&vsT2!m*K8S0M+kl|8Jt|GmsgOe~9`z;9c#?NPAEl47s^
zaiPR}F5bp_!Lj6!!FMniQtZ%wCq<$t{%gn^#C-po{59eg+VQl8q8#o1OEh5h;<)z0
z+kPS6{JC*q=A-`zaD4vE_>7W=6p%lB*PqsZNp6o7{NBtb{*OCHl7827Crr1YuIEqM
z!>ctn|AR>j7W*R;$zye%N#$vqP0_l@NN(mhidnRv>1@_ZO&nyQ!8$$NqvgNWeZOQ`
z%5&*x*^7Mpyik)7r#>qP+h%}AX*~E;w_Hb=J#;Cb(j^@ITWYseUNdk$`YBPuZF#6S
zQa)#IRT=3um*x}flErqU4DdVX;||^H_*z+9@0307?5x|p#hrT^##T2hJUYT6-B-}1
z|F+ZSZAQ0(agYbhVeoJ5(b9iZ3CyfbfS4Q=>-`##gpaTvZ=Y_*Ucb~)8JW<ol9zf1
zy0m_0;!_dD#xxGptz9P4mOlGADTEXzMy}+wx7XUwVcrc(oF`k*E7d80EkpJ?DfC^f
zqHT(tjajhrY%5^lBdd1WAAkFDER||DcA$zWUKv#O)4B>^@)eB{E8@miZHN1?7OIaJ
z^pDx?Q+7-r_p3UzjR6xl=4>e$5M$JOjz5!ixxn}q8cJP6S&*U`2y1}<N8_UvXV%#+
zvZ7K_8@KONIUqYD9P7Pxwpmw{`s1tsalZXSTbe!<cytxfVMcxYiThP8`h4RW5L5Di
zbEyD9Ze_HQ9Ax>o<9tv|_&!yzzZoJawlpeEWao-qBk@oN0SaM=0&^`PNhv!JQwoyX
zD2HxQNOLYB$8VX)0vU7U6HSBjpwX74SL^cEsJV*NzHo!}*L=fsl;d}~b5<?u|9gG)
zn??3G^vt)MQk_Sc*(kov(Um&Ea`qCK=jIeO^f|yR?Be%1&sCF9u+LlK;FSG7mU7zG
zPL&@PtXVdP4=z6yvo#&6mm&aP-W*eED8aaVn?4fbD1OGAXBmI~*VOd}pHJaWMEvhH
zxK}4;4(<R+R8k5U!<$!KP$*x2$BHt4=a56g&9e0i+%0~^(rt``pIho*N6lc9AERS6
zE=(TPZ~t;S8FIKc=_I6m^^A|p0KhfN_ID(_7h)%W)R$`%i48xPd^_Zs3vjCUvi)2k
z{M@NNz~A#h9JgVPmwVWk%x%aKR?nHlJ8oWCzC4#0QRv<cO858~^3q8r^TcT?lPTr*
zoN1BxaYF(5-%<2#P6J1y60ck*kabQ3$^DSudg}~T0^nHX3*A1&iLXYmB?4s~#Ylc%
z-HdzkICg9N73>bOFnbCttl{)#*MPOCM)BYHP`Q}i_aQ`}8>eBumI}!IhMNxUJws0)
zOcw+vhx9qQe=(OFJnt^Dn?1xE)Ngzb0^}cP^sxG~iBzbtbFptldfjlQGNt}&^;*f1
zu{k`hG4%P*z|mX@2pe?f51KR4WH|#G_a?MYxvCHJ4h;>d#Oi*QKI=^Wf%LM%DBEYf
z+WttU(SH3JKVSayi{9UT@PWnnB(fwEd+`u&pCR@@_s>INJ)2I&@bHVTS5D{2fYUd{
zYyz3H;<gAdR1>A@jH3jMi2Zl>)902$GH(60wxUAY2diLRW}eREry!qa|3#(`gv7S9
z|1;nXe4cmffjo2l-xb%}ri$RBGj6FP@;6H2-)g+^@rIDaatHJW;_~uxb>aQ)zpltP
zZpgjdTl(Nw3kRY%Hy?+7*Z%hvZ}2fiT|OY<;?fB66BEf4c3$4Yi{rBY{v$rJf39H{
zs_?tHf6shS{a+1q|DO9_3;`nX_PazWe<#4o;zbdu8TtIbg({2xo7Vqz-u=Jb`2TFs
z`~P>b4-LRUSut9S^x$)RyWEO4&CN{Jx3(thNiX3MXU|y7x_N_`+Db{!$f$OR858v3
zyAY61O>1b9sL*{I+^?bq-Xc*kY6En8A^Q3hyEiLZUXmk%Mx2_eN}ovaXKbn{y-69B
z4a~G85;ayH?w2J)tohuUcfev?X!+h_K$z9-zJna6X}W@f5{;pR{H5XE*Hs0YrN6fO
z5PFh7&0MQ-HRZCVK1LA=U^xLUWW$+{X@zmk<jL=a-=uDO{4CFYWG|QJ_4qGo6h~!i
z<QZc4GNzn2(p6Iu-{jY62WviqJRDyi8>pT?%a~M+GYug;5w#IDu8>Hv2z!CddX5C$
zhUZY(Sv3a-K9czGD6UXV?^`(t9s)=N9+KxzqrD%|=+PZmpjZT+tsm(XROu_#P7i9K
zzZGc_n`@L4K4wtQQGklla|rSnIeY6V(&x_ti#47(KQp};cLECQPB`@)e)O-MY3U31
z0Hu=Al0XX)&*3GcB%O%0Z-^-lJFH0?lcMV<iv(l?^NthQILXhLW4|IBYJ0!(``HQt
zKk3;AMrk(Z>8dCb2o`@JD%Ns*rcYl#t$b@S$x-*jcy6c3K+EW))^lWb!{IcVQmXYm
z|IO`(?;Q(lNV0EP1vloAR+x?B)KQzTUwF?yQ}_dCAXgp7jn%JXPP#PaFkugT);4wC
z8YqvabK!h%HbK73)bT#0&Li1ZF=z|y3&AWuzuMkv)mxYnAjlJJ0v@*E<WI|@s7U5C
zR@N1vX~1YK-&*qFe=@ejkpby-tTi=XExVDgPi$IJ@hMwQ0GS0${<&>3=3fQ_={Dtn
zDc_Q1*^fH(=yTX}x|-h@5-U0#<M^?f)ujqiy6B3|xxBE~PI}LyA&_}dMV+1R0@_ab
zE`Lxd&@4}D4HwhvlYW*Tlay6HmYDg3-M&kcXY66J{LgVc8<HMF9cTj$_(%yBfj#z@
z-uyP{^ncOzmSJtK?V51C1xhJUr0BwnTL{HltT-+1PDmg?kp!>dP}~#THAo;h6xZMu
ztfjaXr$FhNbak!cefP{h_ROAdK7Qp#Nb=nGeLT-~opPOf@%IhlsSM~o9*|iTAeeeT
z_^jH%qC$k*Y#5J5pzBl<@;mHl8qR<%9h}Cn#c6DJUT)U(L!-R$Fo20swr{UJkO<PY
z%ajb%LO6<!A&RFd#J(*(CD9_#t&h@kbj6LMPm^`mr1c#+>;nCr<4o5B-y!W9d62y6
zdOCU2`m6b3=Ag{!U;v6gA{F8udY?ip@S``2woejB)$9+Gb<So=*2`%b!ZijjEQsQd
zB%N!g8+<t29ar5zy;hTH-Nxa<(aP->BvS}N8>JaFaW^eY_b!66C}JojRbcR~9a4Km
zBy>S>Je<n>wL6pj#Jr$Yn`OJ}jw-xnz=BGGf*XP;Rzl~Ixhv64-S+JLP>M6td<fIk
z6_3+?6~M2?HJ$efrqb^KY-PTj!=nAbKo8w_<=3dJKbX47@}Tr(Cl5TI?q%V$Mp<*k
z(TMIT_eS)QFjzhpXYC|<?V1{?`EwRo)6;u2mQnVm*@MMAZ?!iYB;twlT}K93YsEib
ztyV*Sn!GN9kY(VN=Cr0md|=G+ZCUplhgA36vj<i2w&j=ClU?IF`grEfW9#KdLP{>`
zL<_#E$ofS)zBIX_Qo7Zi%3PxCM8yxURZFyT&edwoX3H3yy$1}Z=Y^MkzpJmfp0Yg#
z?YpILFBo>6p~~V6)Y$ry87J$VuDU~+AQiAq>lvI1k_hnMw5eKz0y;n4F5_JZ07j7R
zh$q=;;(fBd_s%+F73yM2LSDw*#<Nzb3t#pgs*w|58H9ByY)8JcQ@&=(!nxB6mL{UV
za|p?#kg(vLXLfTE>|?O$BR^?nIAO~CaImzL-#ax-^njEr+#WOd>lz8C-wKc%j6mTP
zO(H%Y&jei1oZ^Qj)N$x3$`m>VY|)ebK8n6|JvYh_G?udpu>wDEZDr&a8vEYMtow?l
z-qTeSFw`qtU|H$p>>Xf=;7!Xsvos9}=IKRXn?2LFCEIKONP35&Md&O=dt%Hc_H>K)
zm=tLmFa!M(^rTJ)oMIS==hc$F_d|dsWjGq`jAl*q_-+6aHsE;-YHT3r>V=$ApH-L$
zf17(OV16(Kof4wl1gpb<nGA_4<uwq63+YDkEW#*UMDhJs9!Y}(>L%mrsE!Y}UDiKn
z#IxdOSi$BXqPn(6hLk5DRntE@IsO3nNG~rgbT<gq!(W+PPnAmjI?yoi%|J@;vGVQg
zla3<X*R^=__B}lZ2o*j&p~527Q6pxOHD$=o-r(3YznVEG?UARVlM_O_gnbl>+jAN2
zXt+jVSb_IIS?@g@)fmu&xI;GrcC`@Lw4n4X50n8n-|L<{oVzj~bY%H`?1T~vtNMj>
z7yPHG>NV=YDq$V(xHv95wVD^JHZhtwfYwX9YRzn%u3~I-r1v#P>i{soi0C9=P#PH6
z#k|$I9P9}OQhmvPwTefGi`6Rb3YZ$~V#~%3s4u(gYTt+`qWaxnDKM*1`vU9t)1^Xo
zBO3-rBquzBQC)7d5#G8$^Tvf?B9GMC3X~^=4=90Djh%P{{ERoI=8kWGQ+Xvw7XZc=
zH}G?a1V)x$7`Jl~dkDf?v~9m`r3G~#Rjo}wwpf7zb(><`NdH_}8?mtx^;SbKAjbu>
zVqe$j-DAWJ>D$t5G++C*YSXMKFYWgRDH|{f{70$|!0Dghi*8o(c*#<tZ_&3+(VHEL
z&0I-unM^zf=DAS`Ei8krN_%63Ki6e8kSjI{#N|x$M7_sS6Hv{YZFRU$<_4^V-^)0c
z7I=sIA=4$_uRknSlm4Jscc6@Mt4Uz29pk%i6x%H|ZmGG5Yn=Lul>Ue$1`$MEd#Kl1
z??U%oygN#yJ!<zEpR?jLi}%#A>&@_r(|FV}jl!qhru}!OAEcNs3`z+dhm@^{h`I23
z_1rDHed8~|%r3N$&dXmb@+?|q9ZC=i5i=Ia$E~>TNe6s%C?seJs=9Uj)o7qLodFAB
zY`s4hf<8(mmTAvRNQ|(YSvbg3cDm_*PoKMSpmN^-J*x<EBO{2;V~;gS<t6@kQ7s1~
z0Z3Hzws`z<?Ys;8pfmCC8qxjVb><rF2(;p!f%`xC2>btKdH4UeO0)AuED-!v;(gMx
za{8wz4jdZMNw)v`cU@co_;3FpR#-!3=I>M)e7Hq*j63wfKQ;BZ+)yQ(x=(TF-+;rX
zvCd#?ALOYHdGPP{>s?-`&3z1=wmRM43zEqG`-gZ6>XkSaB{d$B7!po4Pl;hk44A=~
zK+g(w@*PQaS}^dnTJpFSmvv1?+tA(Q8&XDP%y}p{VCEbjprI8+3?sBvFH&FI&O-6_
ztJp5jq^=S05M<(h;{ActYBPjx)s3_-KBSQd+%63Ys!IiR$X6U)Pvq)IqlXwyhILlG
zwuM38ya@Nur4yoBb6`nW<tFFOLDLjtqu8`ks8M{QitLGT@)#XNUV|cItx54*vI#@F
zLH&V2`17rnDg{4j<`yVhT0aHnI=PN1@7Jy%XdasgAkZ^$(i&Us1E0`Blt-|8v6SRa
zuhq0sG(R3v<&Q$Gu=->xs7Booi;qb`$w9O-NIqMG3ABFhG*lOk6hh-#j}}IuM8u&b
z2rs@1cih}m`2%7C0#ka5q%w5)Q4DF$Jr?sPR$~CaJ%@-*w6&~0$F>6cqrzOh`y;_V
z-8h>!qc^dqRKK={M^RA)U2IKcTpR(4!0?Gz@@TE%HX+55j480P>dIP7r5IBlk7RRR
zk8n)Sodj`{BB>cLs(GS9uu^hpJ7u<_QiIeyA#)EUTFtH9&k_mqDyhrL^|n<pg(0yc
zQziB8ynOXM%;>bwQ!me)sy1yL5e=%=JCi1k$^)V!cF)KY+hf-VbMh8vU;-tsc~vM%
zk5UGAvv9SE#HxXx6-!mjmELD;;hU&>fdYG56*(z=6FGWgvXZgcT&GM>f?zWjFG!?@
z-y<y%$^ZNvz&L}Ff+8tvY!jyY*k&NhMHjwDr0t{z-nalHm}$1$V>uTTKLU?Eyvp}_
z1UXFx(HeppRh)&k!oTVTKN&ktH#XAZk;P7Fbjwcegpx)Svl|)Wce5sDyVD{WHPy9S
z6sE*uoMMphI^o3ne#%i~nm+5{6_YU+?{Yds3TWyWqFQu6ia$!NoO?I7Y;b=PvEMms
z-{J=>U`ukY?|)m!UrIO(<<Ji}0Q#d@6w+Qo*2<YNdwzzKq&Dn*2A2G3ViS%0s_H&(
zdIxQ)Y|5wELWSn1vIk2em3X3*ig0#cE;Gs$I})W5Ow1z=xsYPB%}A`FvPV<ex4D>w
z07rAe`cGM+KJd&dn8;|K37b2-NBzFuN=8(!NQIEl0>09!Ei{}qZ<=ePcXn8eHN#F1
zN{L+31lJ>!x6NGT{9eNet_eno^z`djt!YFqsfuu$s^`Upn&nkVPT>xzbvhHv>pdbO
zb!}eNtl?qt;`w!=W-ICtP;h}LGQd$}O0l!#Xwdy8;zxf%Us8#md1HuXtPNH=$<VvH
zu(;#AF(Gs-^>E*M;fIJzAq!un7UatWf+4e)Y=CYZn_Ou|8mE`nXYdU*?s}B>8lPXb
z=N)r<dt5KL^AQf0ffL-Ou*}jq1V_2+W|$aB=I@+*5Z@kugp%K+Y{zWZwT4^im22{i
zt#*e1d`h|aSalvMH*y8}j;UAGC=dhY%s-Uj$WH<%xf5pn^nJF8cOjdr#|M;->x|Q}
z7}4geS+F3r4>6ENB<4kH88;w#d(Qi)imL-HF6pgX8j(bCpli(4Xdkf<*i+om=O_(H
zbmXO7E;)r&u?=Ermj@pCT1%NIG1d}~$prJz_~S+(MUzvC-TJ#g={2LW5H<h&@u@MK
z@j^FB2$MMTz4(@+vmdhF$hcOplBcS3r|4qsbf&Zasjj|XL7q`wgpy5C5W$g??Rj@Q
z>Y@?oUs;m)HdWN*^NjIlNQo%G`BkEV8(waRd<Pn4Ag@^o;$C&-EQ9V6aN36bSahK=
z^plpXXCDST)T<T;2Oh;O4Ve)emX4dmlt0j)(i3JX5HFixU=<mkF*S0<-=T!w-<Fd_
zw>4Ro0!mU#W?YlGCYRC)ckzyS`5t}7rtKf#((sV=M$NS7?lQIg*FE6r#LmM2#o-oh
z5-j{Bt^T;pi$-#?0if${1znE+<oP7&CbliiH@Q6I%BvKhT~{qObCM0sLA1)c0vS@N
znAGdX#Cb(ONA!sx>z&mw8s*d5VX--~a#QOU8gXTa0h@WVN91H{TctqI6Uoa3T`TOV
zL8|zL4XyF~GxQZ(FG4-TF2T8e>wW`EY~N>pZ7h5NDM7b<XRIk>*bT#6%`&Tv4h1HK
zqF6BgKK%ydEB3ETlR_Sl>f4n`HPh+j)p*&21T{F8vJyp&Ob}w7keN7bB7Hi9k(GL&
zPYkU}u{<#i%-Z{U_FS=A9T%;!Qu%X3dOh=Bt4*^<q8nU36@=~?Kc4OUe5@=u%QV60
zk(S@=Hs9d^1}1YHo0RE3F|75!zr2?C)K>SyS)=P<iD~orM1v{uBin3lrWUo8$qz6Y
z28J{X@+*~GTvXZGqJK&Pw>D~&L%w=D$F+8p>1MM;Ch3BT<KluCiBIyknFslG41nlU
zds|n>z!a&D8W?BXKsG)kVM^7=^``AT6^5&+9l@|3*`E;1Kmcs6L)J<MetzrZ@wOaA
zpSKh6#9krj<;lgo$m~)P4thT6!j-sQ*;2e)!qKW};5*_8(`-Bqnm^z0Pa7|)OcrS@
zYr7&~fr!?1w`rs6(<!sEqDOWJX1SSf1ytB_r5s4FQDVk=@)KMVu*UJ#qCwt`!ZXfw
zXg^V+$&i<00u(4~+^naVP^C$XVUiuSdr(ZBn85VW4&T;F_NV5xWdyS-*xc7IR9v#f
zby-jjR&X@PSoLVlAt#QzBO!q>@5l?a!=8yl-zf`Vcu|&b6@TwpPvT0|emnwDRv%oh
z7o{FC4fefP#I^EC?BtVNfnn;HE%p|Gc95tvr~zyXL%jM)A?x-+*44IDo_g_E1R0dM
zZ%6Lv41r=c9%<W{jnB+*#eso>-EE1$Q+F-H<z=9yvX!zbUsU6YWN8kjJ$36fDu5hv
zKX)HL8jmtJsFxp`KRZ}C%e#nI>#4KI8f3>3(70K*w_Ak;G*#?vbAo}&Kv9jQM}04?
zkRQhQIYS`9=dL>yx7TOz1&}`kvkluU!hhk`0BQg17L%LN;ko3|YfE;&d~<Ux3YSu3
zzJTRonhB*>X&xR!ajzA1j1qq1UkVo1kDridPvmqJ2me6IAkqve)5o2JNQktDA9`H(
zhVJf&d#cfsnm;bVL`ZZOyK!}#P3TfPvZKqGKjZE`z^40v*>t`MKM0SUy=Pv-9^_C%
zT&aWE2FRsa>o^td0O#3~ey$lj#xk@T(WV;^VecGWFUevOuk@~c-m+N%V`EKn<`Gnl
zq7>iFjLCW~R}iS~ulJLp_YSd`i?~F5pDp2%NZ%+Q4In$+y-@4orO@m)#ZX>^u`{se
z`-W1KBQ!avO8+P;mMBXUk0PuKG<4~WSKLYhHF~G7;!}~7Cb*w#lfrgP4zA`O`6~w0
zpGsfOP)9r_g$42puBaoQo_^qo?<&RdfIBJFEgh1GXdXM25^K7Pe2aa~;>9!AQQ!Zi
zP0E&#&ncp%OFJdAINT;CxO0Xj(sV9O)&?miCSshWz?^QfH<}zpOUqne3!A4;Zt05K
zaOui=yv!J+a#WY6)f`)#B%B`b+?hESU|darAC4h7!N3t|5^Ipj{am>*$e`e*DX(bU
z;*_#I(9gRn_BQ)-^z-OS81$8%Q~ipZ)!n190hXgi+nXNv;omM_dv9&(|Iv8$_O@%&
zE={xP>f)^e`Uk7r9E@h^r=L8d;;X8&NJVxaMH1v4frbDl>`E$=x3=q0iZT>#?)34f
zO#bJUTuV&430mq8EjpTne8wXL_nX^VGs)x-EU2D8jDR@Qa4ZI=NHA_z7`baOkH9WU
z8}})O7mLDk^YnwhEd{ynPe6OX-<-tnOo)iLXj_N7YKj%$Iy&DcZ26^C_sq;13`B8H
zP8lQ0*^TymSylx7QlwfwzBOJ!;Wr+dcXTD<N{=h!374EQn}ayi&ow%e6yV5%N_G*z
z(+lIg#0FHvwlQDSkTXgk*`b^UGa~&M?!rWqX!5uO^!~L6(wcmL#SKvsVH4%e&3A&>
zV24i5qKr;~Z1nb_kyhe*G1@~XpxXHw-F5v&fUzt2$c~|nTAU`=(s{LN?wWx;?OX|t
zT13zKMPQq3q=p|0eb2|m_)+O>t`^Zow3x;`lHNS+B`!-4Q8HN*bFk`?q)0aceF!a_
z->cVCE#{UXMt28Dk7}>D?`vL=)p$9!-|&|z)ddtzkoLi7E^5KgT1!yZuR4j#-JZ2B
zdgqj1zmhM1CXM1RGAn8-T|()vo$~hM?=-W1NevDW&4}((|G+z^`-RJYK!9^RC*6Cp
zW9j32h5>esOQ%lDoykSxT0S*~DQ5LT_4yMbx4d5~(k!JEgXZwb)nj1*@iYyEo*5#y
z;u=$hPQ6NAeK~XZU<45|3^Wew_!@Ss$Pm}JH+YM7q+F$Zx{hR{2T!WO<6f0(+d7*w
zvfqO6+s>=|T$jLD$2efzctrNjNL}yO{9y3Jn^TzQcW2W2-q<sp`$EGqaj=;FEx#X^
z4#)ar8~VrV_xY$W^%wDmjNuQzJeN>pmgip}%Gn)#KN~wqP<>=q_ca+oo6XCtfP}-M
z`PAs^T&>wfdyNye*BLqySdtBWg}34Ff2v)(gvDkpRv&ZmUG*Lh%q#i-c=vvuJ${mw
zC`Dty@diSw<SAYZb!L@&<F(AqiEP`+*od||g-L7#!gj=Lv6qtNF5Up1A1&o!(Ka(#
znF9U(LhJ1WCCZKjLHwa#36kHVde=k-t%`>VM9!$lF%?f7VnAqg&P&?9H_M9n@!;Qr
zk}fSD)n^nO&_Qgf^;6U?rRo$t=ckZ8S1J#r7K(vuCgU?oa<ffr3%KZf^PwZsvnm^i
zL&zhuj&A^Yjzn&)YJ%bi{sy<cCtdlw2MgI^r)*!hvXYZEcwb>mUfr!eO0ww{wG2BE
ze7wWmif<lvM!#(lQXJs5eP#&t4i#Db7hTYSmtOFX{JP*KiS?O!qM1tia5HqlP5PUO
zo`)vRQ!KB&-#gv7MY938_6PO-wO!6LDLO07mv3*A@pyl%pTqFJ?two;dj*NiK2S&I
z<&9^LnnmU_&Aa`KvlxN?@hj@`;iHWx87>E|l@C*!K5PkO%YYl#<e#BAbJqM*-2V{a
z3$s3Bo69ZFzsmpyM*m78zei?`=wCCc=l(NVth`F%DZk8(ir0TLJnz0de<5@hK63js
zJo@i8{-I<h?(dh^e%$^CZ20uw?(P32sraX*|4*YG*Rnt!zoISi`IMhhg8%-yPqP1S
z;fw#>r{Rk*YU5MWs@oD&7GcSaM_i3+Z9})OSx{1!OkySmOwWUP0=LYzQ`heDkOJmp
zC1>&p;OY5z=J6@}AcQlaa(2m3$*a=>fMj2xs+((iRU|#5{L|Y6Y5w?4sgLA-ib3iz
zxF#&VVRjU!<da=cHvMHe@`a9NQ2A5<hv>wxB40i>x8}jMFLyhF!~?7Hbx@qtTeI1v
zI>1OQB>hwDHN-AIew<KSK$*ac#zq&`eNK<RI^K)Ir<ez}YpYu5n+Pf0zwroY?}~i6
zP^DznLFJDdC_-UI5uY)myEj70R8zDV3KE>8g653KPIZEMlDNmVx%N~h3qzN-$Q*5~
zyy~jFRr4O3<{X7CH60&rsKnT4-cJP8*Nm~BobO8oC0f`-T1@9D1S;AhO@xneb5@Tm
zJNsnyd!YJ{*`{f<y8;3_S5CbKrwTY_+hb3J2co4tBx<h&6x0xk)dV^Amlu;+Ha{;M
z>%F5cV_S+H!$y*s8||#peQI;xfiCeOoJGR7m)?VhY4KVj(vh9Kflj4nj8je()Ydnp
z8bktPdoqx7H0Kbp;3cNZtxdBf^^K5`R%h#V-l;`S{i#+*w|w?CdS8uLjimNy!zC(9
z%u-WKY|5$Z_+?LGXK^*KbvEpoP`-X%S84t!8|A1Vo}F__Fe{%f8k-6ZdLoo7KNnB0
zAm!Pp2yOIJ5Cl}#6{pzr$2X_Xz+w~&rdPT-P55N;Rn6$D#QF4drYRg*gj&_D*QYDC
z!!hLrMhsu`abv$PMRi}q$4Wk@I8-k&m;*oNdWxqrIpsg10cnnMYfaYc6gC>Z^~|e3
z5>>*JzWv4nvZRD#Heq>b#~+^4vs7Xbt?=aW*nwJ;RhbDYy+AvRF@59#u%mnB@b#ED
z=OjS_=qH!e_F|GQ{c}+4M~c(26uIWhs)-ntsYtdsHXol{IJmA%A;pkB#(*J43qAbF
ze701vgL2kZ9{8%PsUH*x{|0i?8>4r2UXmrU5w)D-z%eSQmM6w9_IJ7}T!_F!<DcBR
zyU?@7yE$2U+|R644T<RR-HZtmPan!9-#*^w@iJD0W?y_Uy<33e)*kAqY$*?ss<|71
z9%*EF1b%C(?k=QHV0?eRGMT!xSB6n}AnPAsp=M{Jj^5-IE|L3mV#h79tm$(@B&iss
zR~nR|Y|%dUUQvLt&Vtkr7uuqsX+;jVlU%KM(QMpM4y9%}dO2-3cgn>pglC7IN|zc=
zsM7<g>R01Rm}Op7W|<895!9ZbTX~KGYxbc#9NdI#pP+{Ow|Keik_+|AZlc@jD*43m
z$Hsbk&t`LRhvCG_NTI$TI8nnkIw^S=jmYPTf}tE<>Xxh32Q7<ef?w&zsZzg<px#wc
zdc{47$F}+xB;>les`^<}dE8P(t?y9Ga;bNF8<I{sk`RZ!QodEa5!WHB$E_D!IxG^p
zR`x(Q+DlNum!w+SA0|ys9~Cx`zc38fRZ}V)I4&%?)UlYd8{(D84<lkLi4;4cVE<k#
zZI~4@Frvd&4j+fgoI3r2-;yjGPUZb9PgL^YpC=c+<$R31#r&GOOk!wEz2#~~tpuv5
zCkTugt}v((3zYLVcA)tF@Ya6CZHHxB1>ecUew2~5$5Q3iYgeQ*`<vM+!4`W)JE66;
zhy&X&S>a28{~U{mrTz041oI!@2>GYWC1lmjCys0OjtkwLRlQ{Bf-U5nH97aPj_FBS
zqJ098`9N}EHo&X4%GcUb|H>5EHlypXCQcc&P3yBQ;dm0XhOe2x3D|XZJOIw!d<04I
z-i~OV)W=G>27anftYVLfPp_;6n9~p04z>{tpZj+|kMkO_p`|_J^CH1&OzkyJsFN3j
z79Q>0$)&lK6l&z!k>FY%zvt>BtCGT;;cXq2NUfxvK04)^q(efq9^8@EOjBi0Q2$}4
zr3!=SW92s9eQtzV$YWb)`N~ahAds61I_goH)SUxOne65(id#z56-Y8SXH8h3n!R~7
z3@HtJ33$c!Y)1p>ZTe>Mc$$s0b1JB($nm%^<wcNJQoff!G@C>Z9Rq^iyg9E*&KjU!
zqD;(>?+zVJpmOI>IejF#R)5Dh(%AFzP+Fo%l*2UW>qV(0a<P3u$Y)Aipv2%**#YRd
z+V0knx+<fU%m;|l*rUl_E+HW-sITN>W{6^1BZ&R^!yxWk7OpAcF2`(7JU2@=JjZ@+
ztAaYg&gNd=Jre_0idUZ}haQq<kF3b)zEV?)NB=p8n%+3}W|_Vkq}*YdBb&-3+m&b!
z@P7IksnNV>J8G@#Vr6belw0p`YU5M;2!9(^jTS*l54)Oq(Wj2;auG*0FOzo@=X%Lx
ztT){li3Dq68S<y^?R^~@6R#`yDDr%Q5m>xgHKi&a98w~Rq&r^BkWxA7eMk(OGZ5o3
zahV4$k!jq`_;;8@mwuL1zE(HoweG3ZBRORe9DPZ-x)MJ5Y4e=xmd7e`V*%exG_E{i
zsO>p3i(%SB@Lt$Qv!arZG-5w3|9lDiZtqxEg@S)DMSe$0b1F&%Tr8u;$!WAyHhHC-
zju=UzG%7YLrv<Y|w$z<`Q<)MwB5FvrdeXl6xGUX?@Z@Z61U0sJs|}?k>^!2*_)-NB
zlwPW5g3I-%g<1vtzE^CRWpHr0rrvm$86&2kfqp?KJivT-yZntwnl@$nG6O|-lTl&H
z;4g6I9v8-+6LptZgB396txTKliWMmEa${!8#$%0x{dzs2tUe#xuOJ*i^(+01{Cg4F
zxIQ{-xX#AKytEZOi)>5n#9L}1NGX;6V%HLnJzL{@1$}evS86l%cF=nV_AY?1Mi^Rb
z1p2@au2xuJ>O)QwS4INYDCoAD+QHmWXd2)%XnfV}oh)TLtW!iO`iKl6HJTP}!2af|
zp}9fd$1}lNfpa;xQXy28S9q+H4Tn`n%C+5W=w~d0<BKPdid)l_P{$^^6a!Rm>45Nk
z@eZYVy5#L5H>#7$F`lJY(lQE(BQ4)A$Y7qntKHT?TN>+|(l(qcU$4g}5Za#O#Wc2}
zOnJEUy!D)il1(8;Y*TSEepvWORNEFS!5`JsQjtdLT~A(NBYFF5mpDZrMrh%H<;tQ1
zng|jm-N0^rojnk5L$F&_`r-hBVEP9hJw{z4L9PqBJ}s%;Hf$=BN@U&hn<q}HkGIRj
zMY??b6k3BI$Ts`&lZ%kojN;=$Y84H$7u?fH19g94Tez8E)rlhu=N6`k<qH7uzvO|e
zRG1y^zrdR_qUJsv!-H}|B2Q9|FN$}bD%|5}(6JKJE7%kxF3?iH5{v(Sl<ai5B|tg$
z{3_|25WR45taY|ta9~hS%-io8PWqYmNROhavp0Bz0$73`OXO%$)FN_AJ>CR?G_PCD
zTDH(hK-<JHHxXD1hOc2u_yipCoEEyQ(lQ320=A4{VG=6PnBBz*n=WZj1B8%#ZK2OL
zrpL%$;;y=f&-m%nWzpU+pqqlSx{Xx|bAf+%>v;|?Wkr1QZ{TKKHmWSm^lnrU{$6E0
ziE-&MfN9u%Pj4X1!P;PSS0pY!t*f9-uM3Y)Lr(=AT)-Ib3>O3U3B~WlB7!C*jv;wf
zrUj3`(&f0S+SV@ZS*RMjm3{<CNa+FIf=5OmmgAX|+tgxB#kC~ZNDIzkd32h`^(db`
zSHr668Fm{H<Fy^U=B7yKcmlfK;Q&5O{g4@>&?mc#rL=fH0+?#}h0~1fIf`fBTko{i
zoom<YaSSKWeR-9CFheMfFwSTam#-{SDiBTi*iik%jwf^+y?GfsI6-gCE)8k!8*;2E
zx2JX40UUst@6n{t9O7lU#@@%tUPD$>P|DLUVfhs`1GgjYi%tcFqXvG#I6E{<q+`!M
ze=SmbIjK<fKrS0V+JoBFV5-9E1S6h_FgB@6)tih!BVDZJY?{P}cQ)_u^tG&01WU(o
z5F>V|ouZ7nCb^3;o-Qj>PgMN{;q+z3oIZ8gJm<M(hy^WZd!bZIJ|m<onb?76&QrG-
z^gbG|$a&9z?*qDnV1$#CuEIsUs`eOeE;)9fkAQR3cj{LgX%^X2QegS5IwHibKx6wG
zx<#+oy$-+#h+)d2)!|^mWspJ2i14emoqa-@7*07c>}e^?LN8_<dWN@b+nT?BH09XF
z9eos1iI=MG3ff?xP|OO^B|1`*G!Ndm=rAu0L`I!`k!VOGdKJEQS#NEU6F;NCH0Q_j
zMZO@6z?8pPH#X~K7u@m>(n!IoCcM3LGQER97A+;Hl6)!)gZ6x#f}XBTr~r+0nk!j&
zn}vKyM05R<b|OyqH2A`MoAfNJCqyw%&f?t=QfhPtMT^tQjVGlMHDP$x0p{UHdzP3n
zg%dnVE>>t7C+K67{tf%^y%ak%@Nq0CTXp)@B9*G7MvcNa%+72(Cm3x>&JVmhSRFmb
zQXEU+CtK4@Gim^M>V@>Mh7N8}D=!-jx0;w1sDVq-w7jTg$rOCDs+JRvdd!RvS_3o^
z{sZ2_OeFLhi$Qp0tLgsWjy|TSUrZ#x$wuQDH>bSVw`b~ZHMMp^ShJKj>f@jyQ8@iz
z_FaurJ5owA>me)FKv0n*v>eodHi)37xI-i+eiGqMC+w}QXg*)^)dwwsT<&bf9ZV9K
zeWUJgzJYVAVgJx_L%Dxm%Xy<%q|xlX&E(uCv-dkEPxl_-HOAb~r+(TAbZ4lGtUds;
z`N|%=UG`*@&>7qy*I2H6hY(-i5Yt0a5`N4$joAgCt>q59)I&=-&?oCk0+7F8riu;v
ziz7DZvsNH5)7<qY)e8=L8~K|Trd{ve91#_H&^C)mJY|X4_Y5m+d4haUP%yn+j9(jB
zS!;R!(5H9~7uKvkUC^gQ*<HD3T{Nnf1P?$jLUTq7bC&(?4V8rv5gRufIX!i#Vj!ji
ziVL2&EY0bZ>G!N|9XDj};<Mej8t3dspalPh6442WvzpqvM`lfl-6}kLh+X!OfTIOF
z+vA3N^6w!`sftP$ds=-?>Q=Srufl##w6C@U^=k*~Dm9h}_cOCNNwYmh0!B|ao;mhy
z1*ig+2!RbWv<>QboM=Q0D!baP<`i99JoDqh`pf&w*tNUIC1DmU6$+p#bB@Pb>Z;{m
z$D-6)2T7`Wh^c!WWeuAvD|}{p*mFgUb-V!?N!-w?z&}cGofkCQK=$!Rk2djv9{6GD
zISR(K$aWGwsuV+gZ;#3!A2Zwp#KmVVs}PsENtC?$74u5&3u?DH?#~XCmVybMoK8Hd
zvWlS<)O_=-H8fFm{@ok*bHGg*v(+{_yuWy>jtuV|7Q?a^$obq5mA4V1CmRU{xh)eb
zdPazDJeY(kG$iiQi`5ZN{_uPnYZp9$QclP!1>wuK)~H9x4-OH$M@NA42(>I=?4;Tc
zN$ij8GN!R35nq1nn)zwQkqcT(QhoxZ8Xju3ydN0EX@yze+FdLeNsg%46)&0qx1QMZ
zz3D^^M}~jpi2}nWfYWpFfOPrdxKt|}7T0i6*{Z;dg3!aCUNm6L{ce+?>JBScstRif
z%4U#ea1X+IwKHzr8_n>3oXDO0kCDNi&u>$Ngl?j5UR&e$_wq^QM-PmU;|Chwzk}~-
zv$Ch@+jgu57ch?RC4N1xgiA-^;8`BtG|GrmR{-%+`VpVNKd2F5N6-LX3K3|s&)`=s
zFQfz|6`Hck{U!(M2{_<ayYYp81lnJCZoy8kgdbHh<JU(SaP9d&|N9>hC!f%!%TFH^
zWcA8Fql9ita9d>kGoHB3za?#pDvM}`3a?lD3j_MY^BG<X{nyKD---Uwnf(7YK6y|M
zyZ74$WAR>?MC7;1`d#4vhk?xh7vr5}1Wk*zi+O(mPS>sph<=>3H{M!B{g6wPg_XlJ
zj&3I2LpU-qK*w)MXpZCO5HtSb+dGbY{L_f9d3skHDX5t4g7F%ZYX-UZX}2ErBeal%
z({iT9@d^Fim10<O12Q}XipTLj@mPugI#&U-?0EG`h0f!>9i@R{J=VlP?h@-G38R(b
zubmbUJ=^b<doG*K!6mBIF`=uhF}w*N9O{*El2D$ch6Gv2$D1<06(^6BG1FOqqT%3g
zg4MT}oc$2h)CyoFB?BE3%;L~GyF~vu_A9{5A+pFyR@Tb(QWAt`-kB`>E+C*D)bIiW
zUT|W3U%N9GA|D#H=~k-{!;i<2SWDCxN*;$>wX^;h&Fx#n^VH%z07csjP!Of~2=whQ
z1oD%WO)j8B98-}u3!VaRXOj;w>n^6HNBP{x68QA%cPI6MPp$n`=us04P{6dA{Y<iw
zy!VV-OlXX^<AS2?W93^2se<2fk;5dv6gjbpO14U_vfTqZJM|1w3Np&LtkG@VzHK=<
z>#(QgHOP<N91S0nM+DZXte!q5nM0ADwVzRR32>Jq%-*QswnI&+AnxAkPN}js2dBk#
z714#e3M=6|b(2hlNj+zqRkaF%-j_M1NpuQ(^g?01Lys>Lcj9i~Gh%O<qd61-#R#yi
zm#5Waw>4JwW6Gwz>3n)|NM}_-s4juNp*n-mI=w{sA8ua<@M54^9iw@ELS}6GhAw*|
z2jGx+U_TGBzY^p<y=LFHrpKPhJyt%6-b-7;P}+iE@>X8*Dp+a%Z6PL6Mjqh5U>K9+
zo=yvepXW+OH@R8HiA@UJ!;NT_xip)M6R7_ug@>50uFk==d+gO-CMmc*9F^2;LUguX
zv5%_qGG`GkmsdBjM|>5RS!|Z#ip_CwpEsaN)AFgPbnp=JMz6<H>cTuhJ|t()PhaBY
z9|<oK2M>%@8+I+3K0K!te#8`ZKj)Inx?#6OE{_%Y#M{-N*S>2j`lOzHv}rPnP)O52
zE~D~|h?~Wf@z4OO5^SvY2uWY8G}UJtd6IafF_Y9NZBwIN)>HgdR&KetyRNmCGaIwI
z6^03HIL|Sqs1;|Qv$jiQ#vd923`i3XoR#a?pPBBKiB=cnC5`tOPuMX`uj!-IoC|?Q
z_q)yfBY40AIiIH}Xa-Llo4pJZmJI3lnz??0fwlGj0w=293)S|p>vb13Y)SA=ayiO>
zJ(m?WR(Fy%fT~SU>ID{<@Z}|xNipTA#e9~~U?~|6=9pf2?8xiEOXL6FmQ-j-POS`p
zPfg|AeNWmNhoZV0LOioBCvFZ%<7;r{&0(_OSoDFIAL&>!{?x9LIcPNOeq{qk)iA5`
z*8@rGDpt63O$xuX!gcSTztnxStTOo*5RjAZS<%kfFCQl-Yh5K$T0Rd>Qk$=Ll%}r=
zdg7GFFWSwvFx1ot0h)^Pgmr}n;2%~ci702ef0t1B?pQf6fl2_9YXIYUy^pj?M{lHu
zIU7zo!}GIn3`lEgycj|~8m}z+3}g9q_U0LjADEXB>rYK;R5*~o9p~tJQcGDIW>CNZ
z$lc1XJ${Clkz}pgm&q3KChR_mo`$YX2Fg|t)Hu})G%Vot6M`6jGJUpCIY@IZv1UCe
zd7yOkC-{}72->NZ!J-_sBS?5wkTwITvG7AM10n;ZY0){d)9a_CXrhFBL;3V$+h}$C
zWc&pl!}#KNMNinFC%}j_<0PnRYHlOUO^m_;h&47)Q%qO{1Gb931UruN<W-RV-EPY{
z!H(O8HYW@Q5erk9Au`|WJ0Oj(C{4vS%5eEAHFa6Z`5+&sp*C?Zuu_(17*A#2@ZInS
zM%<E-F!ip&4$HlnSQE;0t+;%Vv;C^8nF-H`?%*c_EV0}j%iJDlqTpbS@u<)w5%LkJ
z0DlF|R(8T9M3E7QpP3(GFsAh0{P1ZhewU@3kaI!3s%Q!)gp{HmZnfZ|da@~_EdOdQ
zADWE?xFf#1Jvp$WF>B{lk6TUf7%Wr)`SoX6t}wR5&8ef+J6oC?3@>$DN|X`aOGl4H
zkaOg5ZZhC+=Qs8`(kMHtJAB39GauZbcLB&Yz}!j0@d~1h=d){qM~*T;0?i{?uwcVL
znV+83b9mI2?LS3$BE4L(VGy;i>tI!<H}_E0woya4Q%rF+vEQj<p)C>fpUMNySj!Xt
z0NXGLMfsrp?nb;EfTPEy*L`9X?bqDpNu91mRTev1mMmks0uGnhF796t*SPr|ZawV6
zFsCir2yKmJ=K|&|Ma9f9E1$J@N@f-5B-Hs^gj1|W?nOK{+zo?e;r2s<3<-OY@R=LL
z#^!?vZ1z(!ljkhEuFqLIBIHd?u#Kf4#$`pC%H3sHTG=)s4J3-(c_?K<W$cz$*PUMM
z-Ed+(Zb{kDd8!SSmx*1bG}dXdu$uY7(7gb8W$YU@hoN*3`3J>kBmWTjBES$1{M@Mq
zo?Bi{G2XYw2mn5jSqG<P!v?n2XrDEJvy;{CIU(y+?Ay_ogtK<LKM>m+X2T>zvTRA;
z)+1f=z*MrB<`0UU$*$AET$rOa<{MSz&l-fbDUs@X4^6I)c>-)22Tv(Q|M$fG-bz)-
zpaX@Xs^34<eRq&jp0_#2t{uqAMBl~Z!vk4et*%x>90<kts@%QhMp0k+SM&E!;c4LM
zSnpgTwlZ`zMhrWt7#qA8rrONz6z+P|W@SBS$lb6#$5RurJDFBZX!NUjQXMcg{zb6!
zWVw8JkU?SIbq4YP_JsPNmrKaGBmjzTH4Q+a7RkM_kehhIHX<um+;_OfNXzsbl1y;+
z+7gt<Tp)L>ky?O!tg{ueB2Mhrp%2LXtULYg&DWr5{0gFCylY2|(f&eX_hd2|{b(z>
z)B%}{f#DOtK2$Mj)b1$0@fm`h%4l<}eb6i{`rY{8hr$Je;zYo`6{De{-@f8o4DHI8
zpL#y!coWD2(?k0PYw?^{nn_Xp(TnqBpBAeBs-5dW5<OZuEIYc2>(usXa__wDF&%<$
zYOOukFN*?Kjw(4nfTk6=O3qxqm8VGH$+AP|am^W(qw~=}nPW?=qhQIBz!yC>jV5j0
zH)cNh>5?8mH!y0`-$MU7N$c<4a4!!q$4)lV7I9UB>%C>)&RT~TBTsItQ&%U6R&^;Q
zyxb|`v>_Qc6oA8^Adw=jrM|6OHG$hw0U-ZOAuYt_!Ps>wAyGCg$nFKct+?ur*gpa|
z5%ZG(e1`CJwOVP>>&6`)$SGL=Wj8jTiRQ=f_!AQu&5lf(UF+`-Tm6=EY%i8`ntObE
zgG@8%sk#i!z%yHgj>Xc!npmLsl|W?l?djq1($9OpiR)M`ww{saH|6wua&?u7mFnCD
z)?D-HDdQU7(a%+Gi1>()e2>2OgN!(t@maz3Yi$++&YI_ncAmMcQqS>T(h63AHK#eu
zC;GYT*tN$~U<rU@VxmU4qK_CN=yi_U<3S=k6Z|ey09sf2a!RL{_=Cb{?xo;^yVrWJ
zWAi^ENI+xnCk!fr;lEgG=M#JZ{Huh1Zl$J;GvW4FWfWT1g%9rzL|x;-^U{C!2qP8V
ztp?znf285h_TPd2v8C_-rBeR&zW<bM{y!w8|I4@GS?YhZ@Hgxj?D3-LUw=gO|0T`+
zUw-2M1-EXIK4J~UdGt~4n7qpr)+=w;n*oyU;1gxK?Q3{XT=jo4sb)1yix-?<SG|SB
zJS4$DKBN^u@G&%z1a3wuwxw`SN-YLKYAicrw|lKuj+S3V+>etwV5`s%gEP-B!j(@q
zN9`#%VKq6|)m%$23=)_N98l#*IgHVAX5k_3G%vmf@&c5)C$DK-{@ndDu#D_T?bf@z
zj*2XetWwT|l0W~~2BcXaxq@O1>>)a20&Uu8qD(2|J$dB<rSBgc$OGL4_!Juu6T66E
zgPy@JG$u;yzv`?R)-4<cD*H+MMrC!0usp+q+a+o|nqXg^!DNk4FSZ+!l`ziLsOi_n
zs_p6h``=v^yiL1IaaPqdwAtj7cfSo8vA4NX|D}(&!K2@NgVTy!1N!WGigqG8$aA?(
z*x?W-+|)=1tb<VoIH+YbI$mv!L`RQIZr4(6=IveU))8c460G-QK%YRuqAP5!+|k*;
zTNfa8eu(mT2w8zx7-7!iFlD_INj+i8u7J?1O3gUZo~q&4qQk*uvKxQV_IX3Oh+TZ@
zxO|E*_JI*|c*5Vk2(JIT(B`tpL_#JHUL92~0$*R%DN}<Kp0)HmuF{PMQyj38f=?yo
zCcKec!!JOl+>SeCj!+FHP9ja`&85W0TQji+2~)szj^1Rm1WGhwHpu|JTU<9Xasr`g
z?#tD8)D9?JL>-w;;#qAGc%$OZm%mx<P1_zks||Mfo7I-5bS@7gA_|=~lW*ybG^Wpf
z?d6-n=VPo>7%X$DYisiea_rrV0{g^IU_ZrP$6r$0^uJ5p4-C)`tw9Y&RJ8?M%#~1E
zE8TWoIEMHyt$VcC!D?9i5nk?Y)^axEUc<x}cseMbKb-&{BkKNJ?EZ7sQbUywUvd2T
z(%gU|9p?ml+C6ulHg2F}d7wRED?r6gKda2gTn~0DMOjF1M%C`Y$=-n0_}&d6;S?U+
z97~N{ha+$Q;8sZIVMsi}@6OLLkO*F7#>Y|>YQL%rbgT9eMWSQ(Jbj4HGELy*LRNCB
z<v_%#MLfP?s#MLDXL`CJ4Rls62j%Hg#$>BI(5<OP0Va-b^t0z{rL#FZgs%Ej7J|yv
z#29-nT9{8K7yv`E-@IQY<E<P;p&Dykmf`OuD9QaP&evHWVmgZXv~_$_lp@>wVIC57
z*;TyyJ4Lv49%G}kSlX>-%$n)r6|L7F5l5~=N5=Ek0wLerJ9QNdn-$o?KBfLpi&-S~
zNW<)?u9eWGw2m1nKMDlt(c+&ZhC$@qrflr`v5_%bzK(c8eNJIOTMj<e>}gNr#I|Ny
z%cl9bT;4|W{Se&M%C(EkaHjFm9%WAiY?QO+E^Q;6L-jM|Ni<9Pj?OPvODJmXRi;8-
z<Y1HDD0n7hamNd<2Sk{(H}T7LB-!gVpuDXq3|C{=62*p)g8uf73GCL*NYFMWFo+PS
zh&7C{JT}tLprfoZsuZ{JLn#BCVTB(C!#Te;>t(dTxPk)|x@;vRx*`<jtg>fzUMf@t
zd~&N;bd{#^tKXK>lbG}_4V%B!sT<+))>&KLabS|dktpHd1wyTG!m)kqm(rzeYA5uf
zeJep_x22@{B<QsI*ws714y6>q_gi#t_+>SKH|mYCK3HJ7_GHagH^>g=iJz<sG}G(U
zcP!c|7J*YSlsw?5J)gK|1jH-qw{29Dk)ns`&#3uwqvq~xX2?-Sv_UtjC+r<qmP_EY
zeGz}k!!*3)^Pi7H95#2#oUHYqFsB~q63i}M0NrXZPS#e2Hles9D@Ug&_0o^put^W2
zV%^!0&LejRJe$*h7!hcC;^BD5TA%mNr_OaPm9;J7dd}d*Y@TpEoUfBC-r_qZkpVBN
zU7RuYo1ACSzn6N*>2RpD`PfJGXmZJ<n=TcUAp@oZq})}<RJweNJsa7v*=<o>0JtDR
z#GM6A;2idS#QOcKS`7n#DfWH0EToLA{t)p}G#)V3lHy72eBg0v-)oh&Mp$*(KWh*2
zE``?Ih2Y>xiK$T`<!Tmf(PIc+UHsYmvh9zUxJwisNeRIe7K0~p7s;Mmm3()}@7)a{
z!9LK0jLh36*lY+E;P4C;zM}K9K1#G{>0D8XHI{Cu$iZMu=D@FchwqDNIOg=>M?Nj6
zsAW5;W(b*ueiy$@24SLA0*WW;R2Of*Y>+dq-%sVUV*&m}XX7(x$q`bm(I<A=dE%0*
zi2d)O=z}j!_aObSX{a^)(QezCydIjD2a4>z)M33rm1vR|Mnv&r8WqOGSR9i0Lab)~
zf9+r)c4#xZ>H$!gO?%OqO+@t5h$CdnJav-0+XhAzZ|csVC&w6ZU8>&tg}4}^H;;G<
z7@j`ODbb-}@af_BNV~=Sb$DH@{Ms-5KSR)_2($S{ZWaB!b~oY=@6gYM`2$A$q$x~y
z@Uw9k6&q)A08#fxU)Dw>bhK0SIFj=%x$hUTP3hE8)o10ZOk}<ijbzgoZ7AyxD5+Y{
z$;w6SL{3h#<2#p}V_%97FJvsgIoTS{vthFBMnd#$LK;EgEi|m5+-ps7towB`I`l0@
zw5ZaOG>d8WpZS_$qYtuv)@>gL1jUp2SaBo%^z?N9pdQ7>?QcTJaMHGfx73%jbA|9%
zo>$rRcizefCOGTq$)-QZ!yP_n*?ALSYnIO{m836`bQX5@I>BFl0p0=Y_hkS2nX{rg
zdVD9QeXuITx2=Rxe?2~My;nZ)IeMKQ<3E4WmFD86np(y6{CGC!BsS5Y*3wD12Op6f
zDQI87RAP;Bj0z_VS0T4T_dJ=;fVadM|E9I+)rRE$L(`1|7J?cLtDflUCx#_6%+<sC
zFrCT`#-a+c_=hPEHM@Lenx^gMvq-aFwD$kpXPa+$t0JmtZA*i3+NX7MZhyH6@U2*<
z&;j}IMY{^9DXKoOj}c-0+fOjTRTQ!R;0yI0p4d)r{Y`AEg8oHpKkYHtf6XwJwt)}c
z$}?;~a(ENQljV1C!nU>ly+5Mo{-mtvY;<0<Pb{ib=gEM+t1Dk40Vnp9M~X4<%M$hc
z!maJTj24i@Mvnz7_SQqAkH0Mjo(lhFG2kEV$?tXmH2CXK(A;=ckA#JIey80QX)aB9
zjV%~{ZTgCsEa5rd?N$-w!e_zVcrk4Thr@xitmi90ZSNQP1-J(tw$in(Y@EN+Xiiac
z4^p(dSxDb%zGuUSEdPtmcCA(VZBp<_rS>tP%td_5!}<OB=jq-zwwOQvWc-;iZuw&L
z{oSP)yHlxql;WWpd{N9HuiMC%x8Ku0x?L&1pT}%qEPXquzRvX=!Y5k&WT54yAonSD
zw*S^qmGAiM>K(ITMq%+tVcT7(%=~4<YL|m)nz?jO{qT6t5d=H~qD?;G*Cc+su~$Jn
z{yabhy1TJ)z;5^$c9(b(Amb7H!({Pdro*QhA`(jHH4yt*YGiJF0f$rn$>QNE+6isg
z%6FPlZOsYh5jMQMbhCojcyhAU{xEZGwK&>(@D*yeBfWWj;TxZ|J}LS!CBqigML{Pt
zwy?Gg<@ud`9p=olrqTkri14*yvq_V&ZuYGg6ur75`NlO(Y}mUefj_5@h^YP~LA}up
z3-l-*uPLNO7xcllp2Tra{xq52zxMhq%vD^Nu`=@3U6#N`dof9>>W|-0s)1^#ik95t
z_pLgED5^n884$YljeS%yeM-DavB$2SlTm_}WP_+u$0_RBgVFjKQ8GHh^w9O`qT{8^
z=YuVCp~k5$utC(KNjQhs={ka*Pu*I;q+Qzz^P{<9G)1eQV#V=kYqRhS>Fn^%Xef><
zstd~f*{FjBvj3x?3+k_ZNAS|+2@OP5y%`rc{>mfst%3ykDD4)OU97HAdP@*3FoIM6
zQ&EeXW3=5tJg4{Cb{Ai8P@@lB$IUb#O)K6*ctwS9h}&a`9Zjl@P5D^8x;q(;o3v6i
zvp<Y|VM%tN-0gI~dzg=AsbqU6TDAU9&TeI-&CZ(9rAKC(HSp5D?&odqrQSktZZ%_V
z;aH~AXfJc4;zm3mny8Zd>DK2Ow5v$0T<OtWYX&k5t|qxVp~9p|-OV+V5?wC=8I~q9
z9EA82<5(TW>F8}b8hY;{mOk2?6<Oqln{6j}lLaZVG$)rC1>!$8M$Ye;LGoUZAd(%`
zYjrg?>pF;9fxLH;coZ?x@%@?K4P?aoshJ9mtc9m<qr1fxlGR(KETy`m)*6g{t*EdS
zoXAe)B#YjqA2z!Mg;PWT_d=dSfs(OzhRfHsx>Re3<DAtHbC@>H98;z6f=@DCPe7s%
z-v7vxxuq49e6<#@4{?O=+QXWkl2-7iiJbXRN5uOQAd-1wQcG!Olo~7VCWa%XN2DFt
znhqoPNDh4&stb+w*7b<fd8Sk_$S_3!atvp(X8H7%*8Ai#)iLGSZz9(Ea}pr5ptdP$
zWAF_h6TJ_|heQ|YJUQ)|%LID2a>D|WsXSjRnN=E+UO#u%n~ltI9M$~W_A*X6%Uwfc
z5b1vYV)wy$BGu=5t!+X~1c^g6e6}-G{5qIn#x705qNAOar%^Zxmvtp2^pbPi6KsR8
zz!#-V=grrqgIyjoN_>lq8dk{?PpOxRPF{~Zt{A2dViTWvEtQBJ(S6iDI{uVaeG^Gk
zNg&l<oty~6<_!@o<-L{yZKGr<bmZT5ZY@%5bn6G?MN6uEe84x5&lPmHO#q}nWP++`
zVH1~BpXoD`q(nEeKL~J_W=b3K&2~;*8fI?duw4~MAB_pRd|?R`?MiTO;#=!$jGOtq
zU2v600W<-ydfdpM6Q5|tu`G>#sr+NL9SX>1fg6j^-N4OL-%r~AnC$4D4-lA%v0q9K
zn3I;qyiy^qk2m}R{wzcr%9&OcKHXhu_@|QezHcl!k9!j@q`4q8C`IwFtsSq9p3->#
zHjEuK?tBb&E3HcV=}Ukd;m5KcyL~$l7oQCNcth}V_f?c*uKBEZPWa~bME#F-**BMF
zcKM_!7_iO2!uaU2!Az`BO0IxHtdX;u5c!0gj|rjn-tD|U&trKbS}eA$MZaMaSs~#=
zphNH=dwC{XM=Udohsyx@#W_yxtrV8u`6I5YEYMJf(P}e;W@B>$9uPJx#<!a(2x(pZ
zXzF;BTsC;En`1JAeEE=JLv7U8<BeqZ+HzH$=pCt=<YottK#tW{`e#Kmd{-P7+C+0(
zjQ%ZgaL1DyBt{6UGLqP0%?ibJQMVV0*6wZFN2JncRB1n*){Ro;m}X?K99~4keDnqJ
zp%q(##_1#cHnwg_xB{HB<Gf8XIa7=8WhX|mgE~VXy1boY@2v8vV>RJba+$cdyF~3Y
z(eDi|p}K6ma%#9W*ZI8Z@Yx_LKl|W$lq4_G&)egq$@GnraY|6+5PTzYKjXTJ!uk8v
z@zu1-mdr5f1yD~I!}YoE`BC(gQv`Gjsi1M0*i-VpBZHER?PD7MQL=P$H1W_Q?1Sw+
zrG%f)2HRfl@-lo*jrneD5?L;PJ|E;)-8lFJxXq}%oU9H!0mlzJZbb5>gYRqsYaAD}
z^C3)SX*d3Sw4CgShr2>>-{ic9QTICv%p*i1KT>~9&^fgDQy*c_QUq*NaVW->ce=Zu
z0e`A}{0Lfgy7D>%x57xu89CYQ=$j>1Veqr#2bcUMB;C+ZY*(2c@_pmaBf$S)@2#WS
z`u={;DikPEw75g@QYaKn3&jhxxKk`xfEIUJC|+Dk2o(2F2p*i`?gR<$Zb5=f+VAgq
zp1bb4^UR%@XJ*}5YxpN8C!C#=efHj;{ds-fpS|fNg|5XT*nq}Cv-cb3Kpo9#$h+0X
zm+bIz+w6yF6>w~F<mV1(l~12<q?d{0YsVv{QZ29ta-Fjo<d-&oqj%3cN8sTdqt?@<
znit7)uSc74?+7U1wYBYw|FKyXtc;%A*~bNO^+a=fS*){s$b_(Dd{3lKpYMH3+&lFl
zu{Cy1c2H`v{o&87Z%$Wy?+iWW2VW+Df8-uV9dbsN>113`2;YeQ1`QoonWFSxsoz-$
zj1OEence8|i_?Fc)-bRj_vP$9|KBjR5g{#PI(EPfleiJ`mx~>E62YGQv&yDkU^4z6
zCiM|h)}Plqqm2KonUGBI&&AEo|6Fq?SGw=-{=v^_P5*MNFPlXF6!9+jzb~SpCE4e1
zqQ=1h=J0R%2gv_|a{rSef`pf(6qP%0OB=`z_Ups|5S%o_dKB<ZJ>{yqV8Zjdqxlt|
zn4R%(d%`Q`Z;J#GCX1ETn+PIUhF-UaL`#d+CLi~OR=nenutSmoLbPGb50WFlv%{R9
z7B@QsR}ogK6vO%bFzQ>2C8plRi)g#O3R);wIIza~dJM~lEJ9Bld&wB_lO2;PeHiC>
zz3;cr^6>e4VmCWzzh>4z6nK<Td#KV_=-l#)rF5S?nJEhWp5uHi(+pj`#&@yOy!Ra{
zIrIs)6S}!OZa~J5E`a`)=$y?sZ|3QX(<Hu84hBqODe#gYeti!wU~k;wY2WF&%=^-x
zq%LuQ**6KG@yf;HUS$4FP{K&T@ZnDjmXF{mLqOA{hine1QRp<}Za9}XX<ua<j}iJA
zkII8f|H5d)TBGZ+1CHx@l78-X9tQ`@eNgVrYe!f2<_YB&x|V~@a!uLj!g9Z#S!N#>
z)s8=n*lusQvfqLNV)5uNFzW~3H+oZv+kJZ|t;+6k)pj7I=49+hNmb=Sz)ew!H@Y_m
zc*qae3_;x1$(gxg+DmdSz8Q*IqgMH?8`{v;klFT<AHC*0Mz*0Z8m43!?v%khXe8yO
z?ap_}Os?$=1W-ino{A|LI0S&}U55`gef${dA|tW8yygx#e4NBr9(#;>3cvT$6xlo@
zI2k(0A;?@U(cPDN_T!!XMFYL47)agojhMiUlGB0Q8;C1k681(bO$Gpw-?xJu3rz|v
z$^NzQYaHh7@y`%X6szCc#?nWKCv!p8zH-z_D46Ib_#1THfX-t8R&Sk}xvpv*IG}3p
zkz3~b-TcxrOGF@Cz6Td$Ot7Vub1=kCxVHTQpW4Hm<>N8v@xx<fk9|oPZ2e#;jS~HP
zZwsg4W4x;n&w#s5qw7ljUh`1oRnj*;^B<CRg<AU~rcGiW8PipuT~_ZmIk{7neR1`>
z1I*jJbuSl`U60g%@0q5X*&p>4+ecV&Kpd5WO9sA-!$dfGlB&2AXfh3D&B;tA3A_#_
z5l_9c!}rcVge8$bg=Ri4n4y=6GD@Xs;I(WP`rOPLBZ{4&cy{>7im5LWnKDjtx|g()
zB`29Lw-Inc7%nl*Y%Gs2$}F(1Ne6?AQxi;_S<pre$~%-U?|E4H%>mQF!maUL^Wi<G
zmm@(Cy5OHaQY(;=0{Qp`F?<K;))W?K864MBmSZ>AkYuH&?_~B|PwG_L{<FQb(Q?hR
z!hPp4<#sZ<qax1d^Z@n8uC<=jMq#L057^^Ex=CwmH+H#f$Z_SA4<h`j#P9>w>>U3m
zz2_!DSE?Yd_x37p&?m^t+N;OJFnD|rd+@lFYtSw?0N)nwlq7Z<D=@4u_^9(isJ}RH
zKFH@NSI;1$C1>nDJuPcp0pqllLhpQSVpPZdJXlN16D=XMgm=UT<H+ATmD9Z6_vUR?
zMzjFfH@RZg)q^DI2mr0q_8HJP8cbVFT;iY-oO&81r^~wS_z){$GVJEL$W7_^OI#`r
zzhr~f6<74O^BBoznew9JuN?!?FKX#4N>_~CXR<k{tfX7Vu-h2wPRn3s&86x?vCeL8
zCsUrHlHBGRQK!z+U1s-t9SNNs!(1feULm)WbLIwRZePn;N^A}n-+X)k^jW*QuxQGP
ztFI^qX}j_GvCj#C%@iNidQo9!wqBDcBAEW^G(SA{AP{aa+zkOqi65yvu)?P34HFzz
z-U-a9e`e8s?^?<==4KnJ+Q&MAXjgsHn`fq6+B1GrWyc~&DjuO^*?93QaCR-O$c=Fv
zK%63OGT23nnuKnS$42?ixhmhDvGIk79J0_yb?h={@P``kb1l|>anU1H!7Ydbz3PX)
zVEGjJO*RYhR+J)g4<$Ca!zE((rJELCG=SjNdWnS|C08<lUst7Q-$%A_24Ne(%XFq1
zJd6xfGX;QOaj^VuW1Q4WZ#r1ubT$(Lcv2&EgcvQ_#A@-f0-BlAZJlChBsk!8q-6*A
zMMudE{LF@yj*~y6E}$1(wx(5Lq8MQ{ULIa3cN%!)v5_{bihYgvOp$X^l&pkpRn87=
zNiiFaxzh*E>;Z-2uH!Ln(Qe!oYxY`~ax~OE`QdX{P?o^SR9XoXq$B5_Rs2*90Nj3w
zmBre%%P2K1ou>Js$h4}k;L(#2dxh7geAbKa_@^x<`X(;DI}e?C8~F%oZKJj;1YPed
zRqMWk5nEJADCX(vZf>sjZ@!Lp#5r_7QV&VpsgI0D0liS)oF)$J_qu_D-?2eX!BTb6
zAu);c8m{c?r^UMLs0o>Jg@UrspTsakE^nFgoCwY718$PwOM2Qs=3uTN;dG`MB7)fa
z<L)4rfl6#b0z)%N##I5bX|Npxpc1n?m;mJ*4~jd%Nx#p>04Sh`ZRVv~>}gyO!B3To
zt<md)?Ts-9?{)=~TuYdFd@mmQf$e=8DG~+w^;MQj)pz4`pFhf!=?2V>N-Ruj1-)l!
zc7aQ?T%w+_GO<X-HGNCO7WGWH**8_2Qe<OAUiYQBD@<s5J;Wa-)J`6v;XTV8H855k
zUX7N9Od?3?Blyu}4QPr#LuP`R(6yveD7I$WhClCNW3A+(3Jd){b$Aci7uUD8ZPKAe
z%qw_Ih7*0~ROm;U6rDGZeD*ZIfBSJ~-<<jEW~WH7A8S~x`sQPSYrD0MjKn9c)f^Gw
zNovB{8e%n{pToVpyN@!raU=JhMoK@?ZZ&s<(&+^n^-a(;1QSS^trVGe8rViY^~$KS
z$}V`3%?~WP*-YV{MJ+*C)@-lTDl15;Yh0JfT<u~VE>EsRp_S<!uMD4beMpfv6cqP0
zzSK1F+jF7D%uxk*GYUfyr+$USgWZ!_Z2~!JG1VE44i&vAKsGlQEf;;gW90{Sgs#5T
zT}LY$zA`gFPLJ3hyIdzCDVZ^1pJxhZtGY^4#8|;T)%4Y(S(Q(W3NvFm1pJY2w*8!=
z<BEFK^@k-whYU$}NSZecY<Cwn$Rftl59$ZMHg!A$&R^zE7AsX6)({Ss=&n%}wdz1o
z<6(Z*TUx^M?lOUts@LIIfhv8CVGTwF2}VTyeZC(HiaRrK5f)*$4l&u*DSmNA`gv`}
zEK%~X1_(VluR{6uSm=PDk>Ahl_Yc=?j?CQhm^Gk0dR`M2iP&{s@zX@HMdRboA_~9~
z{>lBUme`_|n{~SD&7h;o>J#f}5n$dKh?)9y@Y7{&877mYa<b>$^URx{L!pQS*oXC$
zOX|UId|goIv#ahEzi$^mncZKlWERBcKDpRZXi}#$Gp5%!Jb?p|W!{xdc5YapQFwUf
z3wnRH<E}Zkt%zr(g^hA+emeR2ELu#7F&}U1pF)+DKgFFL@@*Kt0dozt^YsK34TU47
zv(B2|41Htr6>jl7N~ebvos^c2E0{8QK7F}Ay(Zf2RlCf1meLN}j9BAcVfMrf>OaS6
zvkQhC0~em6-%dVIndpb}Xlz9#nSy&_yE7)NAImCPi2z{+oqJ=C2S_~+H5CI01Z3gG
z*1)Bzddhwt<<indt!Gkg$+P)_c0t#tBz6KR7@tJnY00^a8ox^HG>@_a<SSfqJp4vg
zVOy=LDu$)HSJPZ}T`wGaJtO%#e(-D3!N)!nBd|%`gU>_XEF~zL1cpem5FNMWdm|i@
z$S2TkZZ%=Dz3?U}NC(;pUg1v-vPnr7Q}E?=@Y&e}veF9P_88_`bnnw`>~3NfS!cVA
z5v$z}WMWBndmJ4yz$smGH*xC6UtA_qa7D|H#*rV{^L=LK)&&1<DANZN)SkiMv7D@(
z|3G6UpZ^1mou&9lk^yQ5QY{;n6|b>8Oc<*h%dOp@h_y(UI&v2?lwhq2t%YOGbb2^7
zlE?KwWn(@K|Hj59nMcvGgl6VyoCU~A{aR~H#lsCG1O5!W6@Tz)OUA+vcVCDiJptA4
z9XRAwsTvgE>%^0`f=IV@tr3i9`Glhyia0uJm9<pl(2lNNyh06pN~+|a=@HJVOjcg^
zHFtSS!SeVR>AtKF3tvm#MdBB!q`u2g)7+!F!N45nsj8<i{a3FDJ9jYl-3Tj8c6!8X
zw;yUEGgL8gsix>iyo<~g2s?OZK!ERd_9_Tl)K1WM)Dr|Y=!ZC;IZp-s8zIxQQHW1f
z?o=wzHsY~dkzp5*X`JXCdfq){bP8g6M&&`ZoUQz#>Sl-E!9c7NgtBnH)*ow)`7kUW
zYDBY5zh5WA9KJ)9p+53j?(l)!HQd#;fsMj``>G|Gy{mC-O?&1KA}fvhs@J!+mo0&o
zH|Ni5;7vN8L_`Fqf}WPpzD#Y~m6Tb2fWzK%*7dlb*ppws5_c{$hB^3hL&BZtv6;|z
znqIN7o_-`E;VRp5cU5j8If}L;1G}*&55_-4MLoe$LA_2mB1ZKWl5Lto>SU!E$SONN
z)_k-4y+b|_kL`+J0Aj4!Tm$@cc$6J}8LDlh2~JUOcr(&m+z6YR*P5&w8}c$AU&i1#
zyNox(^7%z+>-bT2*9NwS3qy^@%4r3Fj8#k<Hz9>l2fw~~L32;n%MMqXVLtkZv!s9G
z-48n*@U<vl>*OO*&L&EFwBBdOq!uZ?x1p8xR=r|&P~v@hPIf*gqS5>zyZ+7B0m4gL
zR_ZZpv<_JQ8&}+VQSfV&RUXOPzKK}pSd>@))Ho^<0jl^w0p{WSpTlT*8~+_fi&jlz
zKqC_^q%I>+dfFvK@noDc>rqSWfny%7j;WnHVKq)H*@%Pcj~Y;doNL3cjXBbyRJOtR
zM9bHUEJ3va0Z-EO2(ck|(X%ExnF08dW{AgzGK@455wPL-MiJj(zEM-X2{1&I?^{yq
zX>ti1*9DOWFm>6-bzbIbRg<SnmhCLIP$z2(`1lmYWyzZ)9{=tifVTNbNc6#uv+T>%
zT?iLf@ZtAJ!C3$<Y*QDSz3jrTiiG@@g#2BzWHFPmRv5i9l(E-OhZBVrwaFkRL^b>b
zUP49i6=eT7NXcEcPe@c<4`I=kTrxT0e70v}Il6_5*fKL4Zv%P+XxxOlQo)8HBZxZp
z{{3n0<r&GN53f^9cXZN3velA*Jkk+ATHaPNIVF<c{+;Fk024(ujJ~mWQJ0IAnpO5=
zK$ks=OtUZxf3R|bfMEaYdb;6K!Rz!aPpKlzOhlRlwkhmcB_j0n8wR-nUV)?lXLO}m
z>ONihY$r1<-+Udyky9OO$=9L+5nUB;1Z%~W@<x@|s-<9URgnXC$IY2=O=@70DSK)d
z$=h04qq$O6dR+x`DrOzl*b13-biRdsQx*)K*J&kcdnBs&ikss_QoT1=cAKuVRm;)#
zf*CTzrvY-OG_8v4$i9vgaINe&t9s!^4td5sCCuKD!0{TKXVoYMpfe*0(Ve9ZNYm>>
zR>E83j@)z58la>blIwy%JL5Vej}!au^wvYV3c+?gdUl<3i*Ob2TIBbR4gbk?X7BRy
zOO}r(bu>HaYjO2~SV@uUJ#TeRlX+BE$jT!RDEp>L<Nh1Y)=l^CoK2~InDfM}YHMS7
zch-pSDcys%WWy4poqZI1lNdyTeb{rKAD$A{fh}<aazJg)jXSj=>)d32G)MdeZN^U(
z{sC==^yko!VLR92jVHe%94@C!OmfB+TdakynXLga;)G0>{Q9N*Pk9za_-7X0Sz9DU
zm{qAL38c!kEB6)(6yj?s->WT1c~DN12k?}NGM^uzgm?B0JY$F0i8t!a*ouakwCyeB
zS-KCoc``a|rPwj`APGb@KkB5_NUvvQImbGdnW+q{mL<Q)NMEd-m~LV8U8Pu`(qF@c
z5k{=xT<e|FxZ`wSzIxrdg8qf%rOM*EH8S-i%~0%d69=$2;M&+52~r_>8?KN1Y9vHx
zY*}r$uq;(Rbw#WP8@~Rm<X~MfUl%+XMH&Z-G)g;?FW#etM&)LovUoyP;(r5Iw2BhU
zCw<d$t1s5AiD3Bhc;eP>gxvLim?}E?n&zz4`?W;zW}ub8All$z@^0Bubdrw$*Cc?t
zy~4LR_!0u^sxn>hMY6&T4qkID*8bc-n6A0K=mvMiw#I;NLj&LKTa%LBQ##*uN_bc@
z4;Rj`86!j$vJ$xAO3$<CdkEF|1K&DKQQN5;Ijt^i+C=^z^xODwn1J`MWLQ7XtW6sT
zb0V{r72`vfW(+UXGM5=GvFldv#@#8A>dW<A1?FzPwW$v?<JNKyy!Yl`AP-X($jZcQ
z@va{YKlOqGCtgci&2YjkTlG_MFGx!iUnE($^NIKQ#$Y`vx7jP;AGB5)9I0Zbur7v{
zk^hI`xl4o~{srwY-}OHW?fw(E_TLqO{MaY?cb^jXb<E-458e0wcVXcFe7XNg5z;XD
z@#v2QM7ym6mUwrd`zx5!^|b!oJ9b$#QMtsj+Be{OzSsuO;oYx(-=5EA@N?Irge0g<
zg#_VYvOH<`4=aW5r!7f})BobNF!mA<?D@;^NGDCdxaG0zO&frV9tQX|iqJYfG(@jb
z%(0!bW84^Ael$d?&o>we?1QpgfeHMeC(|=`{gf8RR&icsR*T*`#~t&?>_T5B2~3??
z^QFQaJUe`Vw;!#<%_((Zb;1TQ;?v#wYI>=UP99QAyDqwqH2{AAmi>C)3UM!+Zjn{(
zsvQtaiHeEVdC|hUGp|1Ki-?JT+-Cbx46|IwG9K}<;IDn&XQXHZLN6pwb8boQDp12-
zid|*o#X%E6kv3l~%ArX6DiM1>*<(&?kDqXUaq{Y1ng-CZ-Tl32)Wt37?;Wi_vrY^j
zADa1&7;5CK4&AVCvMsSSR~80Z`ctD+v5U}%^P9zd%l;QJBNG|dqD~%6&;@IQ9%$(w
z=h#fmi8L4!=Kkm=t394{Z7fpCZsmk+!w>iThr;n)Ls|1Y#p<wgznPEh-wYu{etCD(
z@jCQ-Qb={1JNE8h4<SszHU!f$m=Qb6@?(#x5uEkhvZ1#dFi+*+P-@oGlrW2{jDO<n
zEGi|_2#wByXPqq{X{jZ<oH$QmR`MD)K+Y84MEwXPG|vN8XMeA#e4W03eXQ(NJ^dV5
zy-|SYcb#llOLhhJfqrSH+)4)&k0)EWy3#H)7CDvlQc}&C%zMnOkgp4aR$^kl^uzc`
z`{u2aT+$H;CwKqEm@hu2Zl~E&bey{&z0|``fdIyJ7wjO{l_nN%#@>@*%}UQCa&-6l
zNLNZb86`gFoM#}cTh)ZiBN~*<r$k@ht>POtltzE_6D%%Jq)%n2m}f9*QY7&46r>V%
zl*2<7LFhTP7ahSq<7$K+Dsq60lNgGdD7_NFaJ+M7BxHNq9=WR0U>=w1yc-$%UYiG~
zt+<%bFDVQN;y9%6JJHfX?Bpr2p~+5H(+-hW0?vd#FLzx7gRcsS<#IU6t3G#N=$Y4S
z0t-O|?99#EX$Ynjg$Uf~o5j+Vba3%rbUP^_JeIXTv#8`T*k={Ruk?gV(yvAIOE$oH
z-98|Le1;{39SAYFOiyCn$D2c*w@2BMq~6PI#6F!}66PnmCbZG7#nCPV-=a^bJ2E=c
zGbReaLx#lz-tn3g_72&(OO92?l6bdx_CXUT0S|Y$E|TUdN}}dy6)T{M>Ou{#8~zfo
zd5s|{<4co8HOmZ(iQYM7bPaaB|JC=tql4EDQM0EK3n-;1%`S5w!1?4r+^6<E+PM5A
zIxB8v|HbXCiT?gU>%`HgJWlb%>-(p9um-B3xdFfXrmjUsVnA);#!pFHqP20#A#%vj
zJJ+7!z5}C5ev`kAbb7+ow78?$$;mgH_AY-LFhLBjNGrTWC%k<;FzzQc4*qatlEA$8
zl$8CkLKS!RrJPh8ccYe5@HMlokjUpm?~`pI*Y28bJX00%?#`^wX!#JANsU&gyW17d
zQc2a=5uZ{FGjI!9Vuq{)!Sd^^!*jmtDL$-u`0TY=Z!Cuv0m`W>Z8!PjwJj4JZtMSG
zAxBXirLH3(wCeI^>MtkR`$mghi?}EKd0laBZ^|WFJ{ak0cY7$vgQxT<oDQ$Yrrz2y
zCcLUOJ^+=Dn7IgU>B4vp-L;ZWicfiHJ4Y|R#Se-*pI&uR(!3s@;d$Fd{l<RioccpD
zrFKfDa~1C}Fn=Bua@^)?i3tMBN0&?OG%sqI3h9T~?Y)<$Am$%Q^!Hxefj$?N)-w~O
z09e->Z8W_t&4}&egS3x6<o8je0y{E7D}xQZ*FTMs{CY<-G4S&DPE}$$h!Hb#JPBW4
z$k_5Xw#?#P<^D36*FQ*6rc5nXK!X1VE%Aw-OQme>Zj@l#($$4;S(38eeo{UA(j<~Q
z@^n_@Ie4rJ*1P(3VDBr(G#OnA)rJ-mFa9=t{k?4lONnvMUJWHrulUIz8d_R{j4J<!
zE@4nkJng{FY<TdFR(X}kM!#&IeG6A7=+Y-~%L)8|+H!~$DQtYX|J!i8t0QxSRY@$f
zk{|qgO|Lb(H-*yJjQ)+F;fb6Md6=D^0Sf~yu*=vNQeHYDNc~o6?lNGdyV}{hvBO`p
z&LifB(}jbx^+5k=hcqwrn+Cm=`S{m2o-VetkhuG3`ER@7K=1`|t6`cR$DD-17ef-~
zfPK`m7BMoOv)*%9e%Z}G2U62sNsZYh#P4JpHwgRJ;x4p!@Zq_bJeaB0%jQ|Ipp92W
zhU+*U^R^7L+fvmy8Da0d*snEyH@zkPnTDkIX?|x#YNmdBkBu`Y-)n9ZrOrq>dHt+T
zy<DfNfOMLn40%^S1<KM>acM`QTeU7G9wYr*zkB<b*sI9RtsIB>Mp~PqG<Vv$9>>{h
zT2`gjStg7rI|+_2zkj%d$;zAqfVR!Y2l1q2J)Un?7G#QUD+0N!-nE|SDxPcdl{Z?b
z(~H{Kr!6X|VVtwot&TB6JH1yt{V3lJ7HZVt@|P0uEN+GSt7$n$*PrTODA=VDE<HNH
zFV<j5{ehkQsJ5jke$437Lse-vK#Cos4v>Y|R{BSC-sWe7o}~ePTtz*ncYZ(^Y*3LL
z5yUDIIl>gduSNIKWw<U<5-|6(=-Li0@DYqOBrQ#N5gU};?<GbZ;OTKn!V{ozTUJV1
z0e5oRS-@$s#yo?uRXB^`aVCZ9gDqy=Eq*YabibnTr1euwa4ll^F320ciBD=L;|cK%
zvMa3@RYvyfHK<4c;{vUw6)3pE?LrVcy%ea@uOAMP8-K?|YC_C>`%RGm#<;;{-C4in
zO8lBpZE(V$9x&q<a}(bpAlQmu9M>Se!7uU>0|{n5toN@^sxRTEW9hcw1)X)zLv2ij
zt~EZ7+arzNs`phDU=&N<KNQ%cVFZ{hfquPTx$ZSkZScaVxYHd^Tu1IXP=$rx+_g(y
z{;U`GO}DeQNxmo_jMm8s{JOXIb@h9B7<(rOW6|^6+*_J<TrhJ4uLicq1Kw``aGj>!
z8N%N?Hk#Bg(urXS_RZkb$%e9Iu8Ul2O4+|yCrc@RrDN6>b)j*!BI=ZO8rjPauHjml
z&=%SqcsVo6e?8rhkSu|jjfnNEC{_X}gq3N7nj(YgLJ;^Z??_;Tk4;_wa2qYp-bl=$
z?RSEoLcm_*dYcrcQ~5sVoZ!n2(3!o?xXO!%7SG;btd_kxyGP6ohq*6hWA^medp`M@
zPj>J2*41lm`KhW!pTKTE6L##hZsv;(H61l;2$019ch2hu#90o)Fxrn={-mnl&KEH~
zzx=!ckvpB?vRj04&wV*qMHKY+KX2xlk#@&g_3b&I3%DdDSu{p>)Dh6ZirT-|cdg{i
zW<hjwDZSnpGTr>ne4@v$HqRy6bxdDE#ji5WVzxa<cid6w)CZJd&N{_FldQ}bVrB3t
z<M>}JGvl<%Iw`PhD`Zry)m>-M^5GT=Y1bgu{+EJDS24qylbga})POX<9ki!19cL>}
z<)j^|{aKLCQIF-d<WR+Y5r$rEVO$4KFvsVdjJ_|Lw7)W+IKqB%f<KT&(1@hgJ&X%M
zl<<pw!Quxem{^6&exIiE5#HW?qbXQEe_%gBG4@_?q<Mq&l>HfgrIx=`4EWJpazBbn
zhWR!K+Z1)W^tQRt8TES6USYPXHZy#^Ysx{{BVht~teS}~lG??(^7N6kx^UKj<2z7s
zT->AbuWTWbpI9#eOqE3fjT4=%ld6ph?cTNiKp43s)z}ys>06d+s~^~5gh_sjDg0pl
zHb~0AzF$aoT*bUCM$O>X2h19*GZ_AHZ6GCzQhC6$oS84iy{+xq*8qe_>LeY7UdP*t
zH=DVJzQxlvKl)~L4~kl@!q~tS?wA26uZ%pmcJ5>iMWTPPZ$QqTQ`uncgeI3$$sZn%
zy2v_LV01}?(5&;rnf7RKtdHc49?7m|T21@VV#2`L0Yq-UG2k}hEO<1tX5r(vh+J_1
zjWgDcQ?N<s&IebFQb_~snumGv6k=d4(Fd{k8l<YrBBCK9Em-~St1)gZ!_!^x&@b(<
zUFJ?sh`uo{mo!6fE3rrrHS#Iq(A)d=8Mms_*W@{-fcsWNu%bV>EP~)`w!>SY`t&Bx
zpS#0%OKedhF$8PM>B=f&L9dSjyY_R5#MX{|#W4=1QRe7-J|=2RaM}@&B-%u7wuJ<V
zew(OHR}Sek5+!is`^p%7`#`xbcYXtdO%uF2HcT&51j%mJ{e3vYZbHTzxQ1@|%4mG`
zyrej_Wz{{Hzjp|+8TsWt@sMiLW&H8jLzCo^HOVq5kVn*rUr-FRy+NbXCD`D&nB_Gw
zn9f3IW6n3gJw$nj7RGpUw93=?HpRyatG?IyvS~G{0YXa;1d}VETgBkCy$TA6-J}=G
z-co>DEw!H{C)StcmHhfYZumGXvO7F*ZxtdG(6p92HsDT>1@Frn^dl$JS@+m7`0+Bo
z(BzNy2L6qL_8mhwmpDh1F<iCXbrUeGa9riH>6v~6sjw}ga32~WEwWk2c(F>w<6l|F
zoW)<aaC-45UAsiGh%N%ra<hpq1_plmw5dafpB;%f`sT~XrJEvPl`c6}Yx}+(RDN6V
zH2qPe%IG>7!kL7fWAXu7;*qK|w^sU4)Q#ibNYGq+wSf4BSi^gIX<>+GB<OZZvMG%T
zSpDwo4psXOCs-#+nDB_)PqD0&?(vM#=C>;Sq8CqAtu%fRmQ)cPox6J{lx$=qm)sIJ
z1nJcpCC%VK;DeHkZ1Kr<;1Ja4919N&rOy(Aup4|1%uB(&2}W5L<#&R#h{g|S28*sH
za5fb75#XRj?U(%ebUU|4#<B)ME9rS<<9=zmHLD4h^V>UB_}&Kj*Pw{76*n=-6K5{<
zlY%r2Hk^7C?4{zv=gO^BU+<#8{BsRhO%~GVerhozTc4@Q^t_9Mvdwkt6dTwk3~;c!
ze=&3*AbiWFw=*DsY84xp8n22%41VUT?-}&AvVq-2lFYi^t@yFse)#$}K;VaQ{dDQ;
zMj|`npd?nF$AnGCf5?7f!ncjG=z%<yBPnNiRN|+m^WSPAh=WLs%UwaOCDK%DFL=MN
ze>0!!d_g>7pUzb1O5`_aOWPhO3d#a>Q+&)JeYpJj&=22KsNM_%40iLl9}q78ai(WY
z4|XiD0gV_L#JSVIX@<TnlKZ9xZFyU|N&efZ{}p6JTcp>36NZ08OX3N+O_yK4NBjdu
zhBDWBh_e3u9n%~YXzssx_sVXi08j2Ozxd)u@_#65`WMHj=ld60`9GnD`Y%Bsf45)!
zzpTpoQoZSD>(R6A3UBCDyQr*Qy|_6}zunp2zrDFeJCueL`xl24?>Us_%l!R$`%<56
zC;HnGD|U>gJUa`v2@?cbkGOl&)O+=lRxh*g)K6Lv(Hh>vB{<44XE}kEvDLd-VUy_|
zJ7gz3>G&357E7v$$A$76*O=1%ZqNMU?p#$*%4ogOdaHFN8!PmuvYX*UL@>)+Okl#X
z#5kHayj`gqu$qQzSdN`zQR*h5K*vhxNl_KXSI(N$Jye{8b(3f+<nvIQMPF=nQ2de{
zc!lIxJQ_?o_OziCql##JeZpGAz~w2XK>bIzwqR%#f~aSX%ic9jc&MtS_kMqlN9jiQ
zvP-Vo%SMFd8@bME%b0&NGo{Df?F-h@M=!H$dP^Q&SRfIrC3?PGirzR#UBB{YfL84V
z*P^7Kw~oYLSMvsfY{Khjk6?7xRpUoed~xO(#nRJ*V%g#Pc+)(fPX*2_ahf%G4;teg
z9p6au`ss@>e~V2@+VR0udlzt<^y{yHzNp|Up_t^76a8(vhu5q1w0x;$wp>2{e$&sl
z`hmLfD<h5<YRL)e96ozevEmxptoTN;jo~MLmLB95hnTH)9LxB#hxgRAvfuYT!mIE~
zzB$f$-mXM3MeOdsiW8+Jke~Du?N~>yg?cTdO0a5i^mf0vIgR6D)o$RI{e}{XNMZ1#
z^5mw)!Qh@0Y6RXa{K2s1Gv!gEIit*BC_mV>UN~=!N#fOsA-54*w;|3vPa6`nyjo9L
z8e3*t<jeeT75qE|QS7UIL5)r_l|JFZRae}|{tziy7=I;H8n9Yty6ivxBoRdldmwM-
z`fRkPSF@)_Yq-&pl_8e3>^84kAE(n9oCHophD^NmN-)|EGWS8)lvRkFm<k~%CkRVm
zv@1kCjCv9CRnJsE5I`>7tEy6km&gQM?d~I`Mr8l=T6c=arb0MYECb_ZeT9*T)7z4E
zgWA_$$$tovql8xK9`9QM6YvVjep#X2`?QQyv=Za--dRx!%mrMgY1s0E6Mgb0mwaoe
z{M}|PHLw@$PJv0`2BVVkh_lDagp&kXZS$D<FjlVzo{@yvq|ows+`n4w&rn2rZZJ5l
z=z8AKjDg$Op2zB5f#_tyb_1fn;Pf!Lq&_u4@%Z(-+a!A%-G=*x$Q>;uhMtPXY?E~3
zJRz``+ORz0<N21l7c3(2n7lsFTi=J;n*N_gn~$*%-R@)pySzD3suwv*TF-pC(W>;3
zh!yLk)fZ7k5jZhg_S_D`FF-;Oat#DtLM(=fnq1GnBb50jLlHZE8}$qoAK^khF^%qD
z$8F=T>$uDDCrbJoNmJx*UiJwdWpbdc`DYG*nOb1Oi3uP@dPQpW;&>cNziUeK4?F(i
zCN*x?4=gcLcYNgi)<iz7SDGW+{S|OD49`Q7$YPC1w?mbjQQJL#EuB}9@p7SanhM{n
z3fX(1T0GQB!Z#;r5$e4cTTn2a?G3`rZQ9P`z3T)bhQ32ngr<4UDkj(aeLoJZ%pb&K
zyu0aBu?!bWD*g}zA<ue*dwce^><d@2zoJtcIw~j2wcgDKti=F`iqVo!%VF4ozY(i-
z6XcKC!#w*hDM?`n=R_il5zr#fZ9VSQ4+@oO2hKm*+COA^p|pT?mjYdODjZu@^e<y2
z95bYJ?_htv=@u2%#n}~xl<$CIVErG>>(#^mPmbyTHDcZW1&q@_KSW$f<cY*V4p(Ud
zW%DZW&288%==x%1mqhyzC9wdwMQ{6E18&!EF>(CobISIgHyI3`n<xO5Z&y{Xn%KA>
z-I=B^6>5f&vPs;PJ3(Q9f6cAL=sX&*TmqP{ug1*flb}j$+#3-kXX}2~#trnh`?uo9
z<Nv1X-D3N}<TkZGtJ61pd)*fC{dN#}L)rZsvqgg2x*Rk#+QPhlDeThG&&|-G8vjl`
z!*7t47ex$yuly9aQP`zmaL_tu3Yg?1?G;h9(vbFYd%p3gAe)JLBBqk}k{zQ9{eG#c
zzJKn2{=RR*_D*j5&STy4n&gq|YDJFva>P1rbO7jcFs+gt$8p^ty<RDYvzhB<^WKVG
z(BAMu{nLTXbS>?rG_$?;S7>93d~jKU;BvyUTuK=y@ODvFsC`F&zQX&{m>;)Op4*^7
z8*Fw(TU!V{cNY)9fWPiy0u=w44hTyp{q4Lc)v)ZBQPQYGeaF2QBYy55KBxLscW>fC
zKplRQmOlET<xy=SB9W?Uor$Wleuqrg0LRV4wawbGr60HKey~@+sE_lZnyoPSbKiu+
z9X=x1{^k=`S%a9-ns^ddwYU}m62krM-=NPkqUHP?Ywd9ux2sExcE`~U3jXlr5L5_E
zB{5x!_UeD}`FzOaL;DV3j1;zCI^cv8dL;r*)q%aE?_fnu9+%^A*$(&r2&cI_xMm(-
zQMco1?lx2jqy)$xWcxU+d<wE002`y+W;mOh9`jRA>xVwLe+FgPML>qfJ?U!j(V0Gb
z4Co_4!J2r**{<79N#we6L>}TVsQSkJbvIY6K%yX**v_`BGU8rqTP?S#HG^$OEcCj%
zX-RL$8D31_D{1^FF5<?INn#lJrIog$kz4Z~j&A(VnR-g?GUae5{r7c2P}2|LUVJS^
zsbRaK;%~wQKBglvlItY5PYTF4yK5X>fe8;{-`QcGEl<RR&;U-{GMHqmyS2*f+mzG2
z%NhrFc7`jX9_*07i`b7)FN2z|vh@clFgjSMwd+vVv5&5&>gPE9)Om)eA(x8*=y^xB
zI<IHNW*D1{$YW!LrJ+}Ty{%AMWhtTW2rT?BjXqVO&*o??hi<G@$GOlI5=>E(mppd(
z#<H`QY!k&wx)5}3Psu`_MDWf5-NdvJCl&q4x8j|JsjkA+YPBY1n~B~Ox%vrlwU!Wz
z)cV?>-Pxar{HGl|{ioAXzK}@KNvzG!HDrIpvn_frrK~OEDhDw+5Au4a3FT@gX~_NA
zVWW-wIo9f&Y5ii!b1hZp!?(vrM_bN64;gI1hZwJsIwsCMRH%x`INoht&zD()Umwvm
z4JOW;t5tD4AS7Pd>uZ>xsMiv@0*z5Vopadu@sgLSpx93j#%(bkwUL&c65yI7Ns|&i
zNU-hh&6aqCiMpr<)bGdCU+HSR0$-6<MIIcp&P=(yCg8gOA;|1CqE_WAjJA(qxfogV
zL>&S$b9jjqAJRIN#PwYzUl&@bb}%6AW~9aO80}FSXqP-vaJ)HKwCFV67sR#_2tf=@
z^lYc!+tJg-#O}uUQn)StBKO+!fyI3G*Iv!%GV6cTvD3N~5i@d9X2fs?@<<x!7oVHw
z+^b7VWv@$PopDeX@eHfP=wRu+mtgOh!rwlO;g(*SJ>et6`FSY!ejoR=w}GSMs)ElC
z{Fo?1-?n^m9$ot2Z*UA8QZnDw(~9EKMt=qiEJehyTT%c5>%_55?XZ17*k>~1Yva~O
z3JGg*k9yg$;Gd+RX(rm-Nuqo#zqxPOE^Yi~govqd(>ikg1~)Rf@t(_O#2a})hAGQ!
z&D&IZ#&NI7XI?aJlUUO))csbI-m@B_bUs%lVZZnVuvtB0PMA&R8rm0APNjIeDF`jm
zd>)1%e0k@u2t*0_e*bMWjj->g-xl3)r-WDQg$tV-r1pb@ri>2L4@)u3V!Af0i+FCe
znQ>x>Z|*CQM?>u+n)99A$Ls`F;lxqwc>z881@ml`+X>)KAG=arnwOw;tbW;?gk(bu
zfwR4iiM5gW6WGw$dJ^8STsb4{DYh9hjGP-$&|<*fVX1B;Evs2FadA3IkHsf<9gxpA
z<I}dM-`J|q)t>pTO3=laA|5k{kaP_S3RtOmD0ik?TJGDo=Fk%)oTx01I8fR1Z=gN>
zrb<5Z2`pPl2cs8Nc!}L#Su0PVbO}0C{}o={CWyGncVT(wR;Y(F_^^01^OKr9#Jp{@
z!>VV`b805TRaIr3_l(Yv*_vhGm$tbbo3@q@!_z9w>!^DZQ?kq$HS{3XqaoT&Z53YR
zeFjNKcYGD6FIAX0{qA=oEg|onC3(PA_qcN7Tj7bvL&)TxN@E75R?oKyM{LQ_rg|W5
zEs##DjI(s(&siEm5nJnE1FI$SN&EW6zzR9&pmB}TKEhDE%pfjb<SEBo=*&s?v`@Yr
zmPg76mu7ctpGbxJaITyyrA5+mM}IhI44yz*=<Vp2&^vHopv{kbXg#_0{gNtHwp%!Z
z;DAM-6rp`I9&A=+qqO(iu;>V@K!`hgt2tXt3a#V^ArJ}35|f>8qQ;2CsPBZD58Sc6
zql(N54imO77vzb0fL<q@7_B~fvAM{)4=HDM#`BmltBsr!{UFFIn_@$~Wmj(9P~kDP
zy7tCFL5Jq0&AM#AZ2K!<X{@Y%fx+t0c4LSIi}>gmvT#c{g>L4jH(YUVECso@#fL-|
zDr2Y9^Y-^v>T26}m>YAghR3OUVpe0S?O89r;wFFTVLKUtND&U)Z}pwsia!QOw1APT
ziDs@!?ADr2u0vSw#k4AHA%3>631j&3jBj04=I6_Dc`^guboCGOHEx9%4R_tQ)7;N`
z4NpZsP*@)2Kq=ESJo&{lOz<t3u=K{7V8|6?86zw(IS6@X7jaiXD}p(0dR||P&N_yc
zqE(;3xiBG%(tX`xo>E^u7_T+4>N2ss)S98|rUcmaF)6%x+>kF4TPKPHhm7TgVN$js
z*cNQmpCdtCTYOxq?jn?xaulq~dPhGzjwjJKsYI7HDjW-(C*>5f6<D=-|Ld6r<*roD
zFL~R~%vm?f5B94pY%Q&g6A!v+zwmT`F0nias7CQ5rc>USqZ01z66rH$ME<_R?>$0O
zb!vu+qi!BO+bE;jL>I-4w&&#cV=_JIEmzu#B2xk>3Hem4z9WP?2}HcNgoD;jIRlw?
z^u37X9Ow|r4ZtkZr!dU`^z4Uy-%XWu_rm!NeMe)C`NC+P)CH3rOgQ*89!r<Xa0)p&
z0hqv7(?f)hv^Gq3l~%*ygS5a}yAauGYRMV<{B9@D)yhZ&Vp=%x!bNBcw;WDJPU~~g
z;b$)btagvJ8Hj9+*+S;gjg_LRcL%=MdAfZ7rC6@1nhNF2{28B95~Xcj+~dr!BhoDh
z>5Q^QX@1Tz0Hx8H8B)gz(C+~PVf2_}Zk~ss=?0bqFyv=epele4R&rHj=lLe|onp>A
zC~CcG>`LmU;R4e<BH{5wt&PdR>zPY%%QA_=qq8N&E>Sl{ieBhKK#aeQOHNVP;ab73
zJxM*6Xi*W@+DXuHo+FKq6$NL(we;lMU%iw+-f7c4%Bi@W9X0JEujKdg?0?~wjm*NU
zeHzg5<;O*c3yZvKZ5fuVFc6S+SKK3tSC2YOM^t2k+C-v{r(;KtzVwaRkS?Esu8JOs
zQt)VxH7a9n%vOlALz=-dTWag-a!K~uKbV+#j_y+8UVoTl6f4g>KEcDmw<A|0!2yKr
zAd9C`fxx*n7B=B!l5&NdBI8Q2hr1%^)Z~6eh;=}Q!<*x3L)CCZRC;y_EC63y!xU8#
z<@1njU+F(&ywq5nRHP9sRAI6hm$nBeSfSYv<-fK%Bu)A>EaBq)qnqnFW{g{iF@9Va
z;|JZdN^)@K_fclLd&?|q1z|^%*Bst+%Nlzu=<UU;?G}BjRQ#>3;zJKZXSobM<%AHC
zNDeX}%9{nD%AqK(-KZu!^|%(;?6=~Aoq#*O-TwJf!fQ0C3zM~`_hH-c@=FJuB=q3W
z@F(qeZlc&--6GB8<GP2`aEk@jN|RdZ+pn21yK9+GQgFA%Y5VuoTjZ0fuw>bRfQ-9>
z8tUS9QC1YT>Te<m^w!&$c+vM7jIO1`cuvD)ZTM$?@^6$R1()q?vDg0k{R=`ZM4g~z
z1KXxk`3^ERHEo*h90-q2xO|o(<w4IqQ+U~;9euKa8?l>SXHfXrwUTFK3^+-zoetx+
ziJT0RWm1-5KIsxnVi{J^)AlwL{{^ow#?nm31Z<`iFbU~eRd%HX#rc7Z(LBFFn))x#
zpAG2}K#G1Jajb#~rxV-`7TeHMn6ZQnGnOb1+q~1<rI+6Jy3ov$yvNH(H|o(X?&bV|
z2Htq!VWGZ`=>EJqlE|DyCi&n+di20l7jqVkK6#=P=+_`6Eq#R_sibv%beB4L*R>D@
z8r$qi&PciI;fv|VNdAq-I<u#q`{7f$E-Wht$6qz_iqQ2BPOSOCYtadxD7uM-JK)j1
z&^`0^V<|;ZSC19lmm5>OqEExb1^%Shyh@m_e?}9B$3_1oF<MO;`f?7VMO^8oeiQt9
zZ@r7S743293!xv$l90nrWy{|2<W>?cS9>I<x(r%La)4ey^F)9E<el>k*tzfMRCC_W
zlkEbtww7#|%b{Ln`OHBN%KRi=;&x1qoR#oHc3Tf7v_x6nOHAuyO-UhR@hIEKp$gME
z^!LXHa>vQa%Ove`C^ssd+Aw30X<x1kg>x)E-Ysq}C!t2X7fh9aR<WS1onWqzu~Bo$
z+F&4>%+q|9u}B|z9>nt^1i@{Db(t8sVb$}9`d+sgU8pznUAgCOAFQ8d<yBmO{3EFb
zIPdds_#$TC%x%8br@x25q~)viK|{pkq*5xr)f0W!19OgJqA-y59FUGcM!HF#kWCR5
z{lmK6jQRHuxC@zX<p@gm{$(8`%0!4#I>v@5pK_<mpQ!b(3lUeSPOdu@^;5~M7dpyK
z&H9i+ylj}>;;BP2eEn|rzS0!E`zoVEIvZ2wvkST-tpd4J2s6@Iy%Ejo&qogJ2d*-a
zSZJ&BOJY+&Htj#L7O9gSy7#eBC$dslm9K~e7}h9-2hd4Mf6VuT3gOTBa8`+JWHbeu
zfTy%>FRv2ZpR)h}R`i$z>J5Oknb6$GPM`O;!EmeFc*XHZlptVwWzMAO)91L;a^uo0
zfx9Z8QX6}t6f+bv{+B^#Im_<tkpbs3jNj1vz4Yxa2#ro0&?vYOqMK!t>+7)%>RgU<
zq=aqdz3x(4`(5M6a%xs(f_ZFwMb9@=<T)IQOvHq(ggAj6Ajv_aA<cbwu`+=|^}LV~
zm|m??b1y_&;}T%~ZB)?9BK*6l5Rb3?p|N;{XQmmyg;Wz}z8E!aa3U7pLAh?zG)Vl*
zv&uH^D-37Xg;TarHEn3WEUqFa*-&qtJsg-QRSCW-EcHE#gy#FEb-V%sMzmh01220y
zhK<)h3_iJ>S{xVYzdKEUiF3pqsBhY>6#%M`P<c8$QPVBco%O0?0J_X2Zn!Q+kK#H!
zQ}_`b#OP!TeO2ai$K3=IHc^%8vlqDa?BgYa3e@@&eHQ|@p3%Yf`36b_)<xzGx`0Qe
zHIjv?j72K+aPh5~L@W$6I(UYOkgziXtAF^317VE5AW?Y7yp#7nKlsM;NlDl+nsT(M
z9w_Sgs~400xDI`s=8p+YMEyS@%KT5nlmB-j2VVd#+I>mBO(<Cmv7h;K_q)aMh?}||
zz=l@f$!<E&_VWXonjv&>wx0_;-*dr@|9Dx-(jq5)>Fg2XqxtGl54yf^0MpI*_&8s>
zb`vc*Lb~ZVcwVb1x`g1jFR~kt+oG}5m)w`LR{`%v6X1am=FbZ|bEB9sZt@0-QOmET
z!@{d60596*(#KQ6_tWnO`?>zUdk6UvgDb7{o1Dt{(wnZM#Zvs{uRjML@6XqTTZJK5
zhi@(P!A?p5rmy<|UzR|Jx7@YYr?#<db~)^+^+1lJxNAa%V?eibd-iSb8IA7t;C@k&
z@qOcSKwOh0Q+m@)P0lTYH!3{m5;(-dyT5acI?ela!egh_B#wz(Ty10O`lsRb4W+JH
z&igf#CHF5yu_*1PFp+6Z1C|UFp3g!!z%lt&+4%Srds}+I=T^#e$xgKOW{xjA9MI@{
z<J&@Be(jRLvwEB~^{}@ZFJ1fEnbBDH>_uoFo>Gyo-)s3vt@L>U?^};2$9Rf_E(%vv
zA7rMNP+Lh)@y9nymF8bGT_`mcvxRGtr}$Yma`3~G4GdQq)5P80`0~yb(;HJXKH9u8
zwEIy!3AUfG`F0k+UZtJTK=y+Bo-qjf$``P`%~zJ(a1eNPZF{uSIhpfFUr_m!#mkm}
zRNo|s?%ge?u1?+Ia~NwcKm4Y3yo<0-cpRQ858v)qG6Q_Dy?<vH4})o^$9GLWGRA&b
ze?^=Lz}7jqfrQ6sD3#mrq5{uqk%r#4QgkMU?VDnBK!py?Q;qq<WMzsa3WPLE+-SVM
z*MQ+A^)~**W<Oi+wWp5w)#d50M1Mcu+msb0DDwKM@iGwmQ~9`(qcyH>pXD^9-}tr!
z3BHbapi@QR>{BRF-%E@8bx<k&x|NXlo5Bv;Me;6qWS7U`x#~e7&z15X#|DW;1HxR)
zeg0L`oR#Q%Zr|hnpQ_hL4dtxgJJWcZdqWb;gwZa{#`j;(VAeJG;wrPW;op=2`ucWV
z?}{}v)>VH}ilO(XvES9rwfgzdX(vx;BzLe-Cum%%f?r=Z#b{VwlKlMUc-;+x+=1f}
zUtk&`I)K^}rfu8)tT4I1E~W|V-q+F_KD?stT;G-X_BID4mh|<;IFOIN{xcsJ9^fq-
zT8i0$g9I&0{#HqCqi_tP2-_?bw4|ukrXDSK{25k3IDeaf8}0S&yO6MOJE#hEvJa=P
zL_fOor78&14ei1wc>N;HSAJfDy980dbq&S?HzVlu&rKnsnVT(3!~T9uC`Y#!(oJdC
zHxQQ-W3Cj-f>V|<t9yAEF#&Xtv$8|E>46)R@!swE$~H!8j;GIRfcvYBXki!3Ip2vw
z@`GI_3J1Hfc;5PA&<U8Q6Et1c=caBBe;w=bS|jlsy@cMH+)cja5|dQM4s$Jp5r4if
ziy8I;>V&CBEAG68V+Oe|LMZsT^rK(avR&y8EY!l|z;)Af3Q3q;qxW3n0&Raq*M(oV
z<{aiul?kMj!mo>r$;mO~^HhkZ*q2Qehs9~DgyZ^Mk3htu8NdqFR(ece;Gi$tfpWIt
z0w#Avuww`Qj{CKDcux41x1RV4*<kTeisl>4x7eDY_6=gmRbX2?r7H(RO@6u5yxF>o
zo+GzS<T^MJdtW&%8hcA`6wl&Z)r<BXVA80-PXZ@_cmTzVT|T9lT<E7eUxdD3D*0AW
zljm*!zCqt@Ng(3Zp78$Z-kPiPnYxbV8t<^!`-me)4;;)!41WxP>S%W72qELb8Fr&(
zise9l?e&ukiJF^n&7*qPhy;&AY7wGJf*W#E)V?VjM7mV)&TCBA{ZH`WKUqiPzW~kq
z{1xhdX<E3&em}lthHGJO?&R!fVPf~^$idVG7gtc2;W@*fBOxInftUYr`qjTqi;MGV
zczm+p(@{0Gu`qMyQ+F|S{_|eJ&cxD!Putqu*@{6#Sb$I7!Wy$20)vn+KcAGfv(tME
zM`;JUPY(7L_Rb8i_}*FATVnoEPy|z|8ZMu#HOSe*kxv$6;%xEO!py<kf=}83<lw0O
z$;8Zp@2!QawV8#SqlpJD=J?O24EhZGm@5r&B_(nHb^q?EyDj{GeqHO&Q&l^B!k>RC
z^Z)<*|7+m??HX9<xr3U%bN7GLwf?mBzg_F4(7$)Amwy`apOcu5^{-y>^2MKC@jvJk
z|7~ku)l-UE5hQ9HEbXE!@VZt^mCurgq}e|Z{>VZQLc)hr#(*mKOE2$*a*C;pz_@sS
zjsuUlC*hc+57F(t<<WVFzh8h5B>mmlVp86I)5gs^H_fxf>b%v{ZfbXzr@_Zl4L7q5
zaIgyD+;-_;2d6;O&5g5{&t>kV`OcuvavXiyu8-@WO^WK8F3+?T^<W<;?eq?|i>lk+
z^s~IZ!_cEm%G6|cT*A&z*qa7pFVchFu2St8FO<a1<aw13Zpj2rMuhsE`1{RXEpJb<
zj3FL(z{iaXejp({p_`e>KU227M+Oz!6ba+NnG;ki&VZ;l(cCRht>rkJ-^*Uvo<7EY
zX&dj#Vp4*0wj}mO+kH)=KCLxNet>teB0bpBiATrC!=Jwy2z)Px1(Asyks?U;S6{gI
zePPT(^5PRc?-J9Q_YgCHGOL~UUCSUzHx2S-s3ryU*m8OZo1uwIGNkA@k2g&}PCP(M
zKSXLs;bfqXVB_~g$i~mOD=pFxURn3H^RTA#uKJbJRTl<25j=td9>taiCnY?oN4iYj
z{o#`nh16}<H61T0Mmho~aD?br&SHZ5_Mq3}I=b{P_jMsefx0oCQq?2ff@;d6+;&9V
z0k}B13>R@ST(U}bu<{S=c6M<l&>yUa-Ycqs`{i#*3cwsBfRln6e0$TOYh8S$c9Eio
zWKHz$4e6Zi+Z1XAjgPbgWNb&^mv~Zq&p_$Mi9Hmb`|Sl+r73%|0|T|6E#;spvue0b
zeUpS$vyBxWhq6qc4>Y=4D+GK9bmJ2#)?wgbd843oA3}Sb1T2@Jfn~fa#O4QdEM>25
z@`{vn;CsF&@?XSWaDJ31Dx)cfP|-8_-$;84;7EEb4Y17YHnZJkW@ct)W@cu$nVIc2
zwV9c@&CJYhGc&W#|Ln}pZ0zjqUYsH$vr?*3RJ>F^eV_DTJCZHH$+9Esg7$b20VN{d
z<s=scNzH|$ADv&yC@)cp0xkO~t1q;DvwWz&6nRKE#&wt8!o<@t>rCoi@lf~JVmP86
zI!??=<gP<uI+6`%9xJe_^f`<*dvq9ae=EWTS_3OU^x6o$VHv_?%^nRg5<imnKwdgK
z)xL+WLHbAY6WIp(LX>ksr!G>ln28)}iKtlCvFyol@uS=cxAS)x7oXSt#1q*QZkJ20
zxyLJR-M1O<X2v?OhQoBuq4h+<@cIgIcETaHJZ_QtFr^<*Brwg5;~E%M9JuFg1$Ab6
zOsAGKFJZA~rj_H<eL7ISIWASbV<(QX?Bt*ZJ|Adjgb~Z?27bZu0^S>Yyp>YdWJU$T
zWQCR-uZC4Wa)LN6Rk4~Mqg03CnxIAInfSHUETNVSSQegviR+Ft8!1^zd8!<9K@ugT
z1YO6s@#=}%=ssLnEz#b$pd|nkmh+NUDjWuHB+%+ab2jM{ac-vMJ>3J`aj25=n?^{1
z--OSjmTd9W_?dJHZ&Veef1f0bBIUJD+A?{e^D>rX3Q~&{ih}eDht%1{{ls^XK*Cwh
zTLcNzhyu^7nwSCnu)E|S_n(i6A+{C#gE@;bto}d^2fW5|=zhK7iE>WPvn4wM)PQDv
zf@WZx=#LFaz{43HB;`a`FV3nd0PfNnRUi0fc#mbw{Yy_6&uKNXqeNITsVP1@E^?r(
zG4~8`*P_~hHd;$ouWrgT3;Ou|I~{t>krZw0N@Afpm}Su>D;cnXRgb_7yn<@9$yVKo
zB*`J5hSfThf9cpj2S;_}_ppAFAiCtHAaN>2M-zw{m1zmof{^Ut+HoQ=bPX<oO5CtJ
z9R7#}L~}QR82`CnChyzq`-=!k%XJZjD<TXIh_X`?iUrV2lug99d*|Q%n*%|j+?;g<
zSudY3H=^c}SW&5>)jh6tvDoRO+x>}DK(XK7ifY9m8mmgJlnJB#`IWRc6`<C$?Bt9e
zl1xKeE9<<6FcwCc5;23dBq<3i8XEnBzJKeZ?663W^tRML&b6BbQ4QUd&g8bBlG0h3
z>a%v!3w)oq&6jF}2-6!s3^VvK|1CpcR@$XDxb7VQb&0<)Fh6hjsbphlZ7!~bGDDfo
z71w`%Dq;L>s8q1ah5q_&%qA~7(GMF8LuAvM5idIITjauFc>5X+*^<-gLFKswtRnrT
zJxIgJ@@2M7QPSDP2sNge%~HU8vT{A&K8bIUI!rJj3QkIUxM`&37Lndd0}E7VbxyOl
z0rQ;s^dGE`*Tv@3UnkKcg6)2h71yC7f?RXjSBZ1Yu_MI-*MFo@B|%xbf246B5vLUG
zO1R%GFr)ac;R!N4#d~|QycAbAvuZs=1|ca`)!xzc3&9*zu**P093GzCr0Ko;jUD@J
zAWRRdF9_~d^?1|P1hsA%R9i9oXp*sJIZsdPcMjq;ZT^l-(FSdLc*dWV<ln>3@k`4)
z@3~9ClG}!a&CCrfQpTCZFDlh??UK5e$#NcE1jYKcs(+z+X`Sb(RHB2V!;!#!)*&lq
zlRbj&SeEGq@=XlNRDJj4f!x0`t)&+z$5~NNoDfC=jmxKg&}Y9%GzxmI+Th5yq197g
zi>Pv93r1{t2q#!k&_yE&Rrb);`XUXI2<IYAz4+lldV1!p#&%0LqErq?L2a#E<vfR1
zcig2cw^{m>5X1xi-I8B5`ojVtC-}8ULyyBpwvPu-MS;u{#d);a%V;9^w=CmAEI$1m
zFk>9Zx|QxG1_Pwk-pvH2{SBe`QcN>g17Ybt_nCQ0<n27tf({40(8vm2jWCNvdvHId
zw(3eV%Y`z^lXW9bYI$~C%`1;Qf-}KavRFi3Hi_LVOYgbTrwx8DE!qqSh+*IY4p$&n
z@QE3nmAvprq=J=x1@p%Zi|FOotpjTJh-sfr5(pm^gS$S*)~@h884&Iz`nt?3mRa&C
z)wQt5NBd)Vv+FfZPOYvC&t3Hl4->E44USiq=Bjjx#^nI2hsM$DzD#Jy+5o49Mv`ff
zh^*eEQysoz|8QHn&UQ;CZ7AISK@zcRffIQvX&qZmW*S}LfsZPM`rFgKSdfOgp?og)
zdOJst2EK+Bsi@r*Rtny_{Jjk<u#hV@Lw+m_rlt<njKpbOimhS+He1K^wF5T=v&zfG
zG|Na~>rO3V;4!4jA9FxE{!Nh5GqHZI)`z{-aZeDvMQr+m{HyoZGT%3Y)BwnxuO~b|
zu5Q%OkKRBgd?V8S4fOgOr1}eGF)}eR{S$jJ{S$lrucU^Fi4FfhSq(k@zhO1_|DCib
ziV6M$#|aB5|DD?W9p<sJanS!0(S0s|ZUGP^MI}T5KtMnMF@QJ#@VN#M0)PMm|8;y7
z(60jw5)2F!6bu>y0vr++8Wt7?8U_Xq9ti;s9uXb}1_2EL5g7#)6&3ayItCgF1`-M?
z%3qxTfqeZ26buRs3<?Df1`g%_bNTEAAVLDTffPW12m!!|Kp==fpZx$F000=|>)-y3
zRQ?Cf1_J>F2ZjKG{Axw}uPuMI0|9@o0$@Ra0Kf<!2w%7FQs4Egw`8|LYTdcu;Z4}T
zPJMwj&n#XDP%7!G@9#v!;~M!)F^k=ewV3##Ka!$~x})M9oa2ayAzxoHjiC%)r&I}s
zJuS>K%+;H@S5nrw+a7aM^x3w_K>;}G)rNYkyVFmkuUFMAG$&&O4tKGPyYtXDlMfe0
z$naO(P*Zgfp;`}y9b8VuhJ<)=V#HR)P#)1PC_cm|nGx2hBH5yXqk-GsL9TIj74&8*
zlFWr>R1EH2=wpU+$^%w+bA9QDRg7E6^wp8xi%D(gt0HWyD>Mij5+VRpRaeqOoN=R@
z?ii0WeN2M|j5ih_kk3a(R<@%$GRIJ*7QsXBODPn3MW9yqL9O9;U_V_s?I-lCO?NJi
zCl1LLOD0npKmqb!W1t^EjQ{`w1qS+h`T&UkkTNjfYa{?6Bch-ZAt2#{GcpMg5YjWS
z2+Dtn7xL?I0D%D$ZaZ2fYNzilk+!moRLT6yO)mBAY36mTL&6Om;s1Exb03obzT59N
z%|d#N?dg4hnBsG+sqd%m?dlKz=JQ>sy;~b>6Mj=VCk&xtcligly$&k4xt!HZY0lkL
z?1ji<sos9NJ7<YE@0ghr(9(_}Q|&Ii@gWVU1l9~AhS_d*t2VQU9U9jx9o`#n;`-V>
zEa%&hH&pW~RX0hS&X+6Ah;krQOY=LMld*8xNEVJn@_BDEu{6Ay#Knsj^?}WR!-{Zm
z73Xr~BjM}2U_0>R-6vp0JZijYSI7{7>#3`&$jS(1%3l?#>oyIN%xL>HMQkJ5N^`NX
z^1qydc)D<@6ljDSk>;iT=L_J$Qzqfmwv$zxB{GiM^f)=v^d@hzKaq>U=E&86zTSNE
zJ6F-oS}I1Lfy0~En$HR=XKr#1>zx)u(p{-~WQa|M_c0o9-^LbW#Jc^I2kuN^R9vJ%
zIPIh9<Kv(`?m|}8@_uR7I=kgSvBAL}5CgNWu^rZ!6OA*koA3C2R{+kNBwf<5N1S@K
z^B5{Tvv=(3H-&pSHPsz>$v_St9$(o53V@kuBJYxg<LkLHLOUa74|NY4mG+D8<{3hY
zopfXxG_IKx!4qv#YN^Np&WkTRko<mkBuG)Xp4{}vgc&8>+_|WNg{PaDDoV3#N%=ga
zhG%g@%V{TVh<dThlZoOr*K%v$T`<97o>lTEK<sNs;v)h8V4z<w@_!Z}M0^4U00O-L
zzrmHl--h9rX5a(r!$GP{2b-n!d9}$3@!k~gtIKhoC<H#fi0JNh22_7_^&Jra1OoP7
zln4+a0|Gt)y}*^hfAj?WS5I?XOGGga71CaRlC`rO=zl%S((j1<HqRgvmE}Miz>gqB
z5HTd*z1#gJGD=@|>h{$$_t$#^0t^BQ`Iqwh+pY%?FbE<537LQal#nqVfk{BYz#(B9
z1>ZjxjHtE;m0nQMk(fE}O5Skh@9z;fAMkah(rBX`<pOuP^3DJI$1>EL;h^V;9l7Go
zmc--7D&iOK({SEw&;OqlC-9w6H#``Y16}Pv9`7aO=1${cqv8^JAEisrkhe#Wk_>qG
zWzdz9ihQMFHA*(@tiBUlPA01iiEHu0qM^xj!*|i4pbsz?S6N&g=4b3;4SH@t#~Zr>
zvU<qa(WSnHJ_4FS(xrvOPDFdH;M)vDxw5P%0L_feONrREV)GS0l{3&}<RV|jAF=1t
z*+ernpMc2hM(e49y4Cq>cmUk-5=oiQ!jnnY#Wg(Jk5%{5%34A<DPfPR_fLSP6qis1
zK|>7<U6V3&eH#<z+`t0G09#!%{95O`#+S_(O{3r8-oe9Es`(D?eWT9z{@O08*BxQ8
zVD9&P44YQE2D{iaJa4olL%o28262p10hJNtqyt#h884Z-LhiMbP$Y3lB`5@@v=_y<
zSSgvthO8`u3dWkqdXAvOZ7J`ig$CY&pv@f6Z^dHUHf@-2Wo{2qYj}pji@jqtTQ)-j
zLHt*v8Et%FKkU0+^N}g8!U_z}sq?Le*oZ(=!xH1!?1zGs%tI1RT!Z}p<CJpedZ9nO
zvw`4c+0??5>puaM%Y8BQQ`=7&s$NbeHXGr|YklllR>o_X&gbft)uxg)qr?eP8h9h|
z_l4H&s&jQUV_u9%y-h_@2~I8f?sjrZlB=_)Ur7kBj4T`>DMj6o_%z+ND?gC0y_ogy
zow6Q=zT&|mKXLH_-x+MXxM_9Ttw!3|(4JMpPVY)l911kMrn(l#SUD^tJ08i!zqcXp
z`3ScZXSw!DBGnV{b@3e#P36Nq#NGO??%1N5PWD+7y=sYz7d|^jmozX8-T%n7^xn^*
zLtrkn4Se}}T5;1F@_i1pkzPZieEoOVSUW8JR$)tsRYcmNEzu7DdfPrV)|MB)p<}Q|
zRlyzX5*k-kbA!5wC)n0EtfuY(efo{y|JHQ-XSxp-bf=wbYzE)bBJKp?SZh&AC`?l}
zXusGS2E)T@lhPW9JP_QeR8rd^2TA#azmchs(|#Sc*||Nrz3pLw0<0KQ9Z0nm3vaz_
zpzcOEE){Y_80xm5fOXf6Eh1yrgIU2S1#H`J-)3XJ9XKF<h$4e658iWey6M496|2jO
zoP;NRo~CfUkc8kXN2?OgeIgwNKY1lS6u(3u$464%c|$RSvLABNrAiF*sd)lO8Fmrq
z^RyM%Vv^PXx_`RIESvJqV!2|Fr3~vVmUE>NA^08!Q<gzUmIuFf1p{mB>xN{AjzT{T
zG5;U=w5T^KL@ut=$Z9C@^=LCr7j`OgG<7BHeLYRZN=0b6GQmdhNRw0zoo2ry%!sc@
zO+f2NdoZ?#YAG9VamvBn!TuFyvaG-naXVVKWFNnjciG`-$gPm}%s7rwF=#_;>8~8y
z483;cu$(M5ZJI9Hu75Ub2G`u+Y=jIW+0t`aEKw`ck3b7Hg34>AyVMjwAlqYi$8miH
zCu&+#iWq<^5v@ybtejttOSIQC5l{;n{LRuxQKV|0&|*K(Om@mFucajm8r-`}@8$EA
zqn7mmW&%?(Pb`cuU29F0aQcE&BIrmM=)SOJavGuWkAsp^LNd>LQjwPDMwS7AIYolL
zsMxVA#S)@rKw`^6IsOCk+GvtNI3XX2--h8X;nq&7gOz(A2Qn{nZ*?Xqz4Mav$9!?O
zDfBhlPcWws<-?b#&46Qy9p&-UR5wbkNEhr8MH4v9I>?WFj#(V79!VI<8)5T=UoQ?a
z6urd>d&@n#MMgyNQ#w?prdMl~+i8T`6cPQj_!;x1y?^kB@xKfq^BR)1Hzz_8PDwfr
zFAo@tl7hF}W~(H_zCvZ*R~Vk35~$hsCzwW#cLk`%1z+gIU0f_yPznxv$ia$U$U4P;
z*Oat1CY?>l1Tz0MAJaEksa07`Y+O{JoeeeDn=)Jr=9B@q?Y~FP<>jr56@b-riR)76
zV}>^UeQu1d5v7l$UD+QN(DAykro|NeCOFMzdtJ``3D~o+lv*~h2|~0!GW%T{m&=}O
zKRH1_x+Z(XsZ`NrKd2Nm90*OCaJt5?6;2+IvLz_}xVQp-bF8?-&0JLbD;OMU6&yz+
zcZ&NCcOm+kVqgINUc)%UNK=9CvdWg#H96SrNvT|E7@fqTl}4~0vBQi#?|zPkq$TF~
z6L9$<^)+WwAbg=m5Fm)ZCglH^-GLAR1Pos@WzWp^)inaXLwv4(E&YE2O+JEVU{&aw
z7?*vV(@~D4B&TZfLtTZ*j{GbSG0uNitzoE5`ny}CMmGxBUi=f#$Rn6IPw{_0g~7s|
z2i;v_cM`{^gISM@d;&%(j1l6!*&oWOtw|oTug=+cQ<}6GL6@60mYI78LZ|}7Gh9Q2
zC){j))t{yGFt#&U|6UM#!3G^RKG3nmk=cvQYpjK=%kbkJc1Z4k<txs+`T;QRV9!?A
zK?2Py&~s}!YkJ`typ&z5EBKAb37I9W{ll=RZrbf~)PZl*khNV|ZWpE108h|;F1m{H
z5D5|ms+CV!TZ0h<tvYdh{Gj?r=tr@w;YvCx{{$f@E=-rt#hla8Jn}eoQV^zb`smNh
z`JyWIdKjHGvx*XX_MboT<+~>CO+*vRx<OPknMZEs6k!p<Ghhnkz=m@ORcnOtFG_jo
zA0w~~DMuJnClOfmBcfELE#;SdC5^W316k+LWE%}v8ZJX{z-$)tpjYt`A|WZ8P_{yG
z)5LFAZS!m93A6a&qZ3)MKXM;H#ny}9=0Ct}jux#HX8|kV`<9yg*u=|sTr|I9uG^P&
z@pa&m3{@2mKVqGnjw;)Zk)IY$m_O(h5}5dILVykK4D$kPhky1D{$7R=k4YW~F`W2w
z#U*@(R0mgk&YOM50}WodyRUeCQ|kV#-0`DKmsf@EJ7sEYveeM%zi$9ebB%2by@r%q
zJ)1;b$)u`hS2MM*8sFAQ>uqNWb~S_kU#jItk{LV6fTk%`x`T&>({hHk<r{;04V+cd
zalq;!jc3dxX(?bCOvtyfVP)j(wIbAMz;S}+aq(_U{mG1e7v4t=Lek~f#tm9P?!!uy
z!ZeJV7Q&*4>y5fVg=JZU9r;VH<Ti#%tPmQU9V(R=49h37XGV554%!T6ln-kL?%^s)
zV#nb_j@MRiNXKA?MbPEgAq*H@NfQIrtwo)ezO1+;oP>b27eXm!eh<q^Y>Pv2xJg1u
zvtN}dhw4qpgECK~MnQm7gxVrTZqb;{Q)XdL;AhW=oyJraWKB_m3ZD@0mqa(TuD$AO
z%kfL^#urj8+)0Cxp9h!Ly|z|fEJWCp+8WzexPb&tAfTA7!pvKr(gRl#1Nhg(rF@6e
z`;bPDBfw-`E!-hRL`G9WtZG0qFdhXpcM`P_61b+<o(Qo?Pos`Nhzs~`bDw9K)Ds^@
zYl*DTm1&YAc&-uphZRMqPS~I5M!y8QfO=rdNV!~6E(qKp06o!n)R}0boH!h?QkqID
zPN~yPx)v<dGTVS{JNDcb9%jHCxA~L0U%<3kF2ixvn}X0})+@S}t^cwhtezeSu#9HC
zo_A9#Ob8B|q243ma$j#f%EZj<z|WL*Bgj^Umoh;rC_&ORf3+B+9Tvb2ie@<~9wr<>
zv)E=H5t<oeK@d+&BiY-t13vpegZL_ZVLY4{y`&S*Ccix7982VgSG4LKVQV0>XCWnK
zX3~R!svGrDqBw~}Kq%<YX)%`V?i`*nUom;I?>2aQt`SL)X6lVrV^=!cW}g<~8pU;V
zTl09<pm~%YlQiy(U6=+PDiwXHR#56i5RGBVT&#Z&rYw0{y$>&lL7(uWR`asuyQSQX
zVuON&sTP)9Qz}CMJ2WUgee9|+X5F<Pnn@VF+RGV(^e5n$?;oonfWO!YLf>26DRtc^
zfc^Hig1t|gey$hc2;U!;Z;4sh5tg~PoQ2yr)@3f1{S(msyyW`{xUJ;79s2})JWlb<
zt=}!-xW3AIO>uuIaWX^zFc2`<U##ly{Om6!e)X3Yul3KJL2!ug*~Y*APm+efu;6Qm
zoPHV6hvnBn6vKWK!@heriO_@f<VWb;LR?>|57}iq*556%l~=Bo;PWnw)eKYkBil9r
zLnt6F1TgnFUfDjCyvx$DaldG~{$LXmjl@I`cGcVsexHwkfg8#zka_xsLLh`8KZwH6
z(MpNJ(Eh?H7{c{1w1dL%r-?o{dVhj|f1DWBHa23AsWEoY(~Lap_^T@4!;yr_qe@={
z&hDr?9ANesI$EF~;9PCi4|GD$`I8?bay}FiRATA^0iMkg0V<<>PY}rX5E26Sb-EYR
z^Y`&J@aEPHZCD6mqq>zBEg{B+?=U}s$;(HPXP3m@PXI9ZM#2uU0H)6~15mE3RU$C(
z@rnZ&6i32KH=uV~``hl9C`l2&=0jjm@Gmm^FQWXC<ds2uZf(z(EVupf|0c=5NGbv)
z4c~db=ws+cZC-!{5mwk>-d`pEkP;*Mkh#Lmi=ePHF8$-R!l>gb@@6^@MEJ*B!%Ok2
z`97Tet_ZA3P-(mBi%QP^k^3g<&sNXaIVlSb){fW*6r3`(EV1CUz8L3RtlvCZCU&7)
zSvNV_<SF6yn{)=|KSjO%tdt73*q;U?^_zyW!Z%2TTzkO*=WIG7humDs?{{+SSE;~b
zFExIYpd`BfTFU!cDfd$8b!(q9(Ef(VU69V-*FNN>L>jy)tw@QL9WRO28%!<V!e)Hd
zKutt*c{CeLZGY^T1eD~gd~(UW7T~Hg9#ya&uXV~o&DT+QD~PKXzF)!22U4S$qRV5p
zAsu%3d{U5pSRrR*B^h)5>z)-hoMX1?%RBRL2;*!0?_Xv5cZ7j}Z*WcT;2)oR#osei
z`%i>{U}V*AaPm958xjGZ-yazCKQ6+4w5>St+c$&`6rLFD86+g9px$h60{>|K`?o-W
z^g~a@EavaI`BeV&xy}}zq=POVt#ojU_X1JytK~s0jr#It^T&D5ZTX1xLV+b5PmI7J
z8pG~@3Y7&<pv?jJiY~78NoJ8#5aPux=)>kzC-rk8MCONGlnf&42D1w8H*Gwq+cFq*
z!932MF+vv=^Iiz<u7rw*Ns}lLn<U{oq+cL$E2JRIom019-_?9^iVxnC0xn^>GFfwM
z?7H}F?@hKHmJzW&0mGTSSWs|LELJKQiTa-aP*sxYUwOr9;Lk$o&;i3zGD0xWQ}<zA
z%XKM&k{1s6kQU`r88^I$BMQ)<^6o%W?3Xps9mK?O)(jsR?L$^pMG68iivpohAq)YN
zBARXI+0mgGhH2p<=D{RF&}?``k#J1<P9e5Pr&VUvo6q<3DX3xdbYfs6*t8-T>NAkY
z#YYp;cQJHFG+Hv_rxe|@68onH&`36TeizTB5D}yRp%)?7GYTCnR%8y%-njyWSx)UZ
zA4|T8AMLjLOl?gZS-5B3QYp=G%vY#SVrHbz$sM`H{>9zc9&STnL#QVZlhwyJ-{1AT
zfcW7E=ASZBHO&gT>MyqrqU6M&&EIRiqVaxR!$c|OgH$bBk}Gijg2)Iz!mkPtKw;)p
z(4I?Mro9zI!4K^&Y3yDlEZrko;jW7BjFtNS^xi?zrb&c&!SU^OZ29JayEB%~=zsW-
zppNJ{xe;5Oj4jg=xDWgMy+58%I2?&s{GXT8`1G#M4#KrO=R6sNeC40wd#e&ZO}Z(+
zw#ZUl?O@hH2!h7uA_&ixY${+F9t&IvB@kwqEoaAp`0e@kLFGw%(-82ow>!o_gf&a{
zru)IiiTG)l55lI!!+*bmINC)1S|RLRw?@c7#GnLoYiWNEGOZ*}Bbo}=5Sym35VDM&
z!wzx*Vwaajy_nNC$O)qm-IsVv_yjNvxJM(p$e<eJ0LANylZI5-@mK920SN>42dQA3
zlbHwmI*2qnYiw!<qk1JW<@NKX3DE`8Wt&1JAczx!mUB=@Zz};OP66br078PO^Y#!_
zSY>EPq7Y<CMPN=O1`1Jf$-oT)B69uqpC1iYj)Z`gRkR|gC_`E@6-ox?s5P2fJ#d(E
z(!xf#E&eT*IR57je&j5J!*Wn%qD39;mY76=qA|$O5+=#-CtywUL82KGq7@23_4=CT
z>=EDymEmwK`upon=mC5I6HP>ZMTziOA?C%(3(;JZxXKJLV$hrtHMf`Av+MX+<^lqw
zWKBQ2AH~v8xx{0@0{uaM2IXt@I#@UCY-v6B7qke%IFzx{fZCu&XQUsQFH+Ij%fM~z
z1#FmQN#HMsIEQkPxR&0x9%@vgO*3W+5)SCkD{_HM-v+H8H>*SM-@^J&ABf~z$H@MW
zZ^SMqJ{2Mu`YDk^Tt^9si3BbWi4DWdaY!D?Z?{)d;s|LhQ~1<-!?zB6>f;8P3{`-!
zVHlDe#;XE_&8U0>krfSI3hrj?Y*dC@&LYa6CyykJL9ii;6CfN%V-w9*Zk|IJ-Zp)m
zPT6Q5CJ16)%nf{S#0{juEWa#>jW~BlYj?1#C3^%;qXmtuys2KjKu}k-L1xQE`e!dA
z!jAPF9wG&CbH^`g!SWHZrheaF`nP`35gtw(Sa0vh#fBhq@{+!ix{;0B=`V&9Ns9&f
zl6Vkd0rQu>pN3`WG>5|^2rPC)PN2kv#>yGArn=me`pK$I)g$JmOI2+nrDHCifc(#u
zf46nU^3P4Oe;6pSepUT%21)~(W0B0Qa9vY+Gl#(!>OS)zAt6=i$3nI+AYST@Ys7Iv
z_+BGj-$y9dZt6`BUh!ddl+J0#5~$zr>`Sq=KVEOLBYV4`?o4#=_ouqL-X6yG{|uG1
zy**E*p6{A0J{>i1cKEzGJdY{qeNorzSE`nFZ?Hi0#@P+n*jLm8wL*&{hfuY~8IeEL
z4-4JzcHe!yJwDx^8*{$VZ<w|Mg1}JLS&#$B5E&n-6tlxJH!V;o`f6uiz4MYit)x$F
zY@iLe>$zsQF*f28Sbp8i(TU3)HIo-@kD<bTf)2+OnK|_C9JB94i+uxIzM3PV1cit@
zll~K4QTKT2$jw=A?XGbd5J@kA;GfoYW$5$k&$pg&r7CwgDP9o07CLs;_`GnN#q#S|
zCatG8)FR3GhL}TT4PQHFMPkVYQ|a+goGczgF0FYR%BG_@S;&{Dru~uns;A-x5$ww{
zk1@24m8bYIPK1=)_quc&eX<4qHXZ^9%j4<5=006EUl(&zZvK<S?Y7(i=I7ZU#Sk)i
zX}WvV`SQ<=Z%<j<+eS%tG_vU(ZJjm*DmWS-0#4>vSnoqOZ0|K&=N6pmpmfz_ej&r$
zb63P^nwK$6q$47U6%UE(ZQ&$H{lG9nLVov6C?N=)jOq=Kl1*L4a3DsZX7(7KI1lCr
zXXYbzX$J}G__DKGH1I4<c+9C=y|Y}V+m{d{mAk#1o{1zP;N2^Qr&@{@rbmvoB)t0~
zSM2&^$Kis*H0J$GwBMy7jMJP!nf$3^!(<}yQ4k43TMt;b+{zP7-$6`a#_QL~@N?HE
zl6uTxWjF#(!fIxXF?O>DCL#MJwy438)yV*cB%Uspg!1GG)vb4_QRF>7K>ilz7&1r2
zj}e_>HLmkAXkx#Q(R$wY=21e0jinZ+75r0Qb*y)Zj(!fQLvk^HYc7N4bhpc2#~~=#
zXj@mzqn3DFc;L%JXK&Tw&^0a<d9gsqkYKXui>i1Q`7R_jbL%*#h$?EV@{0!JNTK@R
zAU)!Z^GegdOX#&l6NuTm-U-Zpq(9KEKRaFCiMpp_(0a_ZUZE++qYNNg-MZV1jQ<|y
z^^1sASh>^%fw+5~sW$>ul<#(qK_2H>MzTq$CdVu-qc^iU?cfE7F&9%dWpV`?u27>a
z2$5j9kh%#_Le1UU&YXA}pOk`FjXdyXr?IIKlJi5C2uT<-gq1-cnlfdUUMwv-mrF7q
z2zW=0HHQKdP8>;jbs)oNO@z9%0Tp#_oO&6*@jKcRu76oE*jh4`sw5b+Du5=g1`<f;
z_L3Aop-0+?riOf+2QnR6l>KCWpUa)G;TxCQ&zS(gTC|A2i>V5JG}#qKtIaVMV_REh
zI;^;lTVO9!Sa7Fv31jkyVv8(bDl-L)%3otS-n?<C*IJ1~<HBAzF==ERIM`7O@)x3`
zZP%ujsj-62MlYAiG{<#rFoq6+xao}tn%$H>RCnG0R2fCTRyB8@C_VI@U;QDe8Jvyk
zfZ$oM`ms#!%F@pg?t(DH!Ju6dVRP&(@ff4Bt7K*BT<JbR!F&=&qr`YM_SA9VQK12B
z5BHk}r~K7C&lJJXwPpjzls48`%u9{2s>!3T+)g@Bh6>^t4Ri`2&#&+i*@N=)N5a^s
zNJzP3bw5XH`!6Ly;nF0AdEh5Wjn2u%p1MSa1opAsY|Sx7=Xrf>t(NL>Ey>zudqiAc
z#7U<V;v!Wv+0Gw}H6e?yi)SccVWos-k5@8JaZ(b>Y-Ym7d2%d7fWc$ebx{<0W$UU0
z)amU!U0y`;qnpPxi3DeLK|yL|RBFFxC#i&*Yf_WtES8|}nkx6SqFSyIF#1m(QnzZs
z=C$aRT$%&(GlR{1PwN9`qwGd#k&SFL=#lfJ7wFCDtMUwWWmx0HeKu89Yq1ujkR$zr
zvho_`NWxsQ7A4|T+gVyThGx@#OFp+DoyJW39`-_emL0a8oMYm1t<!*OdsJX4_K6wY
zY1Qn6>_3V}%{K~do!I6Pp%Z<Brn6LoIPo1~$euwXY{yz*u+0f+=UjVHL&Ypc48*E3
z#cr_%S@tziIXicl+49Vn5KVna0=SH`j8@ukag!HrSj$;OtOoYzJbzl!d%;5ND2fNv
zx3e323UgTeBrxPD^ODW`z<#dST?njCnPNHVKGH_Hve<Q5S&^&P{yW2S1Za8^joNu<
zUg*#VQ995R&VgqMf|vG;uI7jfTlHGLjz}mRA|VK>FYy=s8RR4vzIw<_-EK-VX|0@)
zZSGI0vZHx0C4n1b)<q>h=LgC1r!3A|Fbyc4t$AU{CsmJDN&Lm4ugRF-#{02wHnhf~
zXCOgU0bMv0tB{e`+bq*l0tQz<Ky(8pJMm#XUxG`zXCo3=z<}Cv$!BD3CZbxQwQ9z&
z(blq5B2P<ZrWj@<ZJ2+XVH?XO3hn|>j;*W56`k_L>P%pm3XTX|KRK)MT19jmST0x|
zMIpiH3L~9BCms!cB`bI)=>O%2?l?w$*D(Nb#JZlbue%unx<+mou!(u&^zA1`U+K)f
z7C_sQNmki2-rcnQa8qQc6;;Y>Es~^ytZri|Q7Ed6dVEq7!rUc+mZ=f}?@!@3xI7E}
z*PJ~UbBR#1;V__ycXCEjEF{ci0Z<JXYk|yuJ|kxKXmSf@41$XOSDh($w(YwWJ~_3Q
zt`aB~CVs+B>EThfw(968(yRr@1vjn=P-??_Q0*w`ljupJADXM)UN(aBwov%Xr&-nl
z15QMBO(3UcQTNOZmY|DOK=-7xUn!w6Dn;uzwk|-Wt{?muV21^hn#r&pA9g$5TlAS)
zbjjLiQFI188QLz)wd^8(R3NJ~PMSf>;yQpO0@>qyUbmA{E&8E#Z8i4=Fo+!ucrWHO
zZksR)@O}#I90_wp*uCFlQw&zzH2(f&h_BvG+MF%UV6O+{;Y>Uc&Z#JURJwcG8`w6H
zaFZI$H@~!XuJpVhukSla#B=1r4YbH<$-2p7LA>K(*1G0UYJ@A4Yp&Isn9r+QYz_R)
zth(8>HNw5I%9DZhK3B7PwSX}j*y-%d9{9kq=VqxQX2+ncZSYyj_E|%Y?{&D{<>ytT
z=#d$h5l*#Iy1U|XAL9>_DoMyOp`<)ktD^MUoJHjG2L<iaA%O?-X%|kgc##Hcn^$9b
z6ksRzy$hPDYR0fhsSVY!*@DS2XNMQnkU`7V*%$8{tj4?D>O@g1zJ!@UOvJefy^X6O
zO@TzA_Mh07y$YcWQ|GPN48(f}qEWki{kE_{Ou+<7xz$>)Plq9x*y@26{9Y2UrJ6Gf
zV!XZs3e=Sgf_%lFH6Y#KtA@Qff9N6cmlK?>Rp@Hcyiw@4fJS{;U+{l+1rDV3L4viF
z)lC_7$Ki|m9gDGSgAkpdJT#HcC$3)}S{gPPKq%qgaOCr$2dRr&Ci<#vJl<yJk-7y|
z`Bo~p=~0T2<U?!S8XEf}hxP`+H8+a%F4Ysleca#hH3<Xj{yPBr7ux)r?G`J;zu3+H
zi$lskVCmnyN&aDP^)JpO|Fp7l&+OEcs;1&V+|1UCzZb{VHfiUg!4;7tV-r6EkLd@l
z4ZtMs$7jfReqE+rQ}H1Mfz;W^Ecm|f$n)D%BWwF^Y^Y0i^j!-`ZY`!b+xO{d*R9xh
zu>9oi_787Nbu8RQK6c5i>&wgOF`JwdFuV8rQ#e}1>K0VS><K&-@L5f;)o8$LV}M{c
z-1+_K<@Z0od4FFb>eBHW#}9uT&mEltXP<bue0SFwC*!R;P&&T=VfLoZdFOe2ca(|6
zYJTw4iTl;hwV}@HiNN;xdccdrB9=&AF7?zgqj-^V|K}~=pwJ#<+E<&f@C^yEAQ`Os
z`e2uG1ROJ1FSOX@+qaPSvyVKzB=v7rB1I3<gdKZLbwey+`S)$3V&Rk<t2-`<9)`A_
z*jL<G1LYyFFXF%sb<&3OTYO1fx8sV?ilmGA<WZuFh%?-b(UUj6A1@or{EPS2RLD?-
zP;^9tordezO3*n;xozk$Su!7VsdHMouziN&5AI!@a{+Itu^bHYskAKa0B}OFrv}+b
z=bj9fqN%=fh~p}zp&v`<CQxXt;E}|^nsf?xz$DGNV;It;!#fA1LHqdDhTo*l9K3x!
zqPcaBnxbI_Qhyfom=|u7Xp)>48B$OqK@L8`@%$d(shISm3)d0K7%w-~6b@cqX2KQ#
zaxgf25LUO2HXg8^`)x~|M)XnRL1c#ke!`?Ws{E}9g18F)#VD^e-;FwH$KIz=UwhR{
zb#KHYrTt8MOmy;=cCkaHEjJK}(#W<$v@+%$T0L2~og~0G2)5;YswY7Hih?d7_Qp#(
z;c7Qd-HKS5wHe+pp@%7<d1a&7Is2iM2`#MwH&zRHg$Os?S{@jC*RF4B5XRj?H&tpU
z42WEa9LtWFz#WP}a=JsgjZn9YZKu+`$31^o?S4ZG9yH{z$<U4cGP$zGeE|ISw~Hae
zkO6#Z2CN~DAJ~#<w08P2<8j3HuyusZn!pu}jmi;E$=N|F*>9>`eu5+$E1WQLJ>dfc
z+MlN%;SJ1JWCO07EGY-#Ws)BL-wv)#>@aCf99>J^n-{Pn@G}x{$I&iQ>3Qja!Xt2A
zw4RWwVXQWT$G*qUrJCCHuQtN{?nyyu6jQ-hIE{3O->`is*#6=0^Mr9c+n4?QNvH7J
z=lZHjSl=IF3E|>k@_C{U7NUB#t(jUWhL)qO#M+-iwf>2y=hig?M!?CV#xxS_{yB%L
z#&#67EY-6F?S`inXWm{f;%%DxG;{RkwI=X~lN;adgmKDU#xPa}33!rl8{%@91uF{N
z=ypYb9(e+Q3_}b3k#x05!*Bsrj^oPeL4v?UgJgkF*YNe%eFsW)I9lK-h$wpJJT-WZ
z-NE^&Vq7xqV+DQhNB4}<Cf3*ettB3k?y?_I46??i{pED9NDqUNz)aMo!)R#=qMs&c
ztVMCWQny?xAq6-hlCzuvYocCI_EbGQdB&=S@iCAJ>DJ&$X2PBENUasfRU<v-W;7>j
zESQbHsL&$TU=>Af+lfYLB|aE^FhC11o}<Z3wGHD}6QwldbNc-GJ@PG^O1(y);7J@R
ztU;V1Xc$+n2P%FdR!A<ZTuJ-=)RC*7I{5^<86k3*`;O*oeKv1z)mkvZGs@zbE=pt_
z`Ej1tW$55>tHLqDUGGNPs}}8~Oz0!yfQhODiQZ4CA7$o47!)#9^6bJAbZ4rpBeI~3
zm9<e2P{&Ep3O<wc!dgfQrn@-!N}NG+;*XYJc2(Xdf??U{%L|WKx`oI6jqr;SMZ!h&
zH|M2|)=k0XgsjxnfkK9Uy|}xD`Yv|sKJh(<#P#5pLp0)O#vt*8DXQu3jn{_IdotI@
z3_(03LoQ*3ipu2lg7C8ie#O=nO4B~Ygqc|V&~QKO8CTqZ(VJ6U3}1pz)nLh#aEozn
zO>YA!?(@gjc(O8!LW3UTw~120dB-psJyX~$hY8OErG4YtBgQg+75(Bx`6Vu@0w|Hi
ziE!qRLA?3UGh-gCfD<0(#X{FvhmO@=h833))hULB)yk~sCh7t!B1a0$vfupaL|hu^
zWs0b9rzIZLbVF4COxoA?7}=ZW*>1Q!Y1)<NYz*YZ5EK?_wv}{9IFqV4=kOV8kOPnV
zYt5`=@InPiCK9_ezn7uNG^duvQCDOUN4?Up;K%rqLK_&qYyd~ik@b<iJ>qnH!8|w%
zU+}Qg8gQb(iGdFo5H?sKKI0n#K_9f#%jnCTz*hNE*Tl<`+7>|;bvbHd^L^O2hF8qj
z03?kmoES#eKP$Kt25X%&{Yfz!A&!2scpl8p#uzbRf4)sY{A#({*Oci`&{9~5Xpkf3
zjppm1l|T7CJbrPvKReYc;K2iRinyRM74UXnxeQbw{HhWZw~?Bp!Gn!}evTe4Z$hZB
z^%ke4fU#LsJ3+jAB<h>cWwN;m<+AeK%kwKS;zd75NUJ7smZ);=L}?q_T#AHtiZWF=
z>r4k&NwkeZ0^E@VjD1iA^rOLyE*X_YSlw(?5(GE3U*7#g$iBi$dIOrnHnvqea#7nH
zOiX(nZ+mi?^Vs4DfAs7IsgsI@LoX@wUDA|&LcbXzp^%5T+Bl#-`ySo;^>af&(gH=Z
zQAE`j<IW0;10-V_$fLR6%nt3oNW^%L+_6Y8NBdLF;XR7Vw&<CvKj4)#hUKUGEdLDu
zlfsCzq-}GId~9aX9JMThPf&$<-p5@AVVZl_cvsi6T)xGTvBeFF2%s-_o@B!}P6jk?
z&4_0&mKM-^k%9qlD2{^evgmTfAxV_vLjH}hZBRZ4Ps62yDI?y-gXHGH@J5`r8?F0U
zNSZ$qS(-=e+$^Ux2zS|T#EpTmOvpzz10sD_IEaeImLx5At+5Zyj>BUt_`ae#2T0B9
z_dJs-?-{CeY37hKQGUOI0=BXZr;@>%7r%Uo%a}@BO>U(GsV-Zk6n2@37O^HBr+Y2v
zR_LXnRxYy=qu)Ku=PxK_p0a^q`9&Co^YGw7yy7PPTp%C?l;MCb3>k+TR<|J6#9La^
ztPB*bqBP5M0;1=yg-qkQDp9ow_9jkF{2|i&ZSa`1=u~G9D&h6`8ptV=S9_FTm~W%e
za-Ud!=D_`=<&f8xDLW-g;LM_8!X-f~W!v6LHsdwH6Q<E(EyCX2yXqCJ&zn#bm|i<^
zZojUhk!s>Si*0&LUnsGp#cag6tB+1~xAdA8ncFTp6@Zl<i8bMaJEdJM3B%x0VE5)I
z0i-JMxF^Dmk@eG*u&w;LvoVi4Uy*!2P#SIyq048MRw$R3geUfSbS&-tHxwLa`yyFa
z5lkMRaNU~Yz{&-%xvyfrJr&_ywBLLtser52pv|BBTHUx*@%W{x-iNEU+)B0Rn|E*4
z1Tu8N0qQF*Xb*D@8nbsz$LIYdwAF>8_55zfH*ayh{5~g9eSOL&>w9E1n3$m&)=JHB
zl5WY)pS3V9<Il=1^&9r2)E05!T8OAq<R>aTSy6i`b%h6LW3fL4EO?Qz_fB-#FC?OI
z>|$Ewkl$Oq2dzWx+RLtrgr*oh*_CP%PQ(+o!AXC16QUs2NU4JtEUl49=xwEjl76Ql
zs|-EpVQyX-%W^uY$goLTR|CkMw5BdfNQjs&EQ*rRM;s&;znS17le*9CxfR7ugn`V|
zTHo^e|Jrq@o<<KT8T(_oY}7QW7J%D!fr?%i%3}cIuG@au2(=RiYCBo!Ni2x1rhf2P
z><iKa{ki||AoM>xPZ`<R+5gl1f%U(;p0fU5Tu&>tq{`1&k-i}G%qhQ{asu_rG{)*X
z#xN}tL>;7t38{Y^7yZiKWo$u$B#B1d#>l?o>)my}@>Dh6EFwDl`}1{IqWvfAaAMZp
zaqQ=hx2uWcuIn=P_v_Q4n`eVUula~$L)q+4UhmfgGQYV)IzC;XgZkeQCL!f<+o$ZO
z<qaQ?OFx=E%6|9qtf#-J?ei|vfH`#_hxL=$eR#iF9@KaA9?_D2cCc<!Ru$qBJjUF8
zf65#v>^qmH+88`Fknqml<-8Gyr0O_u7fLrWp6evOr>=Ii|1S7!H|XuYEg*tO!#EKH
zxg-0r6Nh={oE0<seuq>!C!g%aPlY+)dS+$FDG%8%f2O4wMT?~Ku?(ZKmlUVhV)A<@
zBDR8I&r={d$j$fV?PB-&`PzF-Zk)MgYF5r3F@xNm#aPe$>d0q_(6YarlRFpfv!<B*
zQbUl%eIN4kx<Wk98T;dyMdxNu1;JMU_2<ggy*1hoA>>@ei4R&tVJw(>gi+E&;swhU
z82YAOwk#E)s?vPbnJ&G8eH>)!7SciUqK(JcbY||fIl`q|j{@_|VnJWDK=(P7D2>)p
z262IPj1jIZvTm2FZ(vz@Z&O!B!-CJTVfbKGd-S%!f0lZ2FcKPfGsexww4X<dx;Q)-
zkchpEPzx+J5Kz4TfF&Ah5h5u&$XBY+i1<92hTTHA0!;kAVlNd%l}yVNkW8$XZ`G7!
z`lG1#!%>!oD!_$j>5+h*Q&h-ECPQ7L5uMSe)Y@+dm&Mc?t;%pRQsBi?7h>K`)jD%u
zbPH$4%h_U=nl*PIgK(P%{3z^b>}A~$U14eID9@7Qz$79hQPv;1!xCqB6BE27+r^*9
z7O2Gu1O9cL4&<FA5WO2xYC5`ws_T2j7zs*<V2q&9mRvMje7DeoAw+$rddi=Dn1*9d
zn?nqp=Dj06ZM!7K()?qgASG9Rp(s+kmDa+9k>#0H)i1Vn3&ZvqQU3zLzXsBE9Ja7K
z7!js3CHyg^4!azpFN=_-b66!%f<EFnJVZ$NmRMN&!h=fYmk)=$UBcnP%kD}kk0rLI
zY^ZQsWfhuwVqjvjh(u$CDEe-Di{FNL0)kTLuY)^L<$d{HarEt2{b@8%lCB_5tjO7^
ziUuf5f>nN(i$@O7)$VD(WJWY4ymB#hTvKvH*V|8ydr7(wfP%WJ201jLAVpc|7)sW<
z)fjS!L}lNnz)x(0bW}L?9+j`ef)>E-?@4+QdgU<C?sLi@^ojKcHf1+Ho%m8HKoTuu
z=8MI&(pd-$L681DB-7w4B)h#*B*?97)UY9=+%C5F!tiP%x4360098xc0VA^U3bHmW
zE4!D_tPf8x{}iJ-Glf!BDu$<ZJIKei7*)q`_sYlB8UuvW7@p-eau81$@JU|s$jUPR
zW^keIjm~&iO4X;cV7e|=XQma#DUD)E-6*bV<G}?wIYMb1Puy=zG9h}VnH&DI3VdFm
z3!y3n{n?XqSH*TC5Hpy2)}BFFi!^Gurm*N@qbe>dL4}vXSO>K6x4#d9X>NB*e|V(r
zV#F02A>dI!PjNaeITU5oecMCfP_Zkh!9IdY)&`_-A08E#lET_F4RGW(!&Hznw;HKZ
zS*2a6tdNi8A#p$wd{kRjmU)-tTF$8uR|qh^3bA5}S!Zb?BH3uvz9%m<2MRRzZdo&C
zhF@Vd4ajg%>>wK~lDCh+#v_cTf?k%5#zYIuDypcY*@4gHvYIH#WD?huEJzDPb8LuU
zS=^tH)wkiD4<szO)U+uRd}*0dZPUbcX6+DC4tLNGo<F*j)fZ25pxn+k9zt#9oP673
zn*;Cd;R4iEsE$}3B;9VQ%?fhg4hXe85Ry}1Zq~O~xCN|Kw7eGX;sOc4PDS$uWMDG!
z_i7Qak@kdFadd07O5288oABZWT3>0PaP6x%fA@r{PE?!ZmM%69nIO=om3YuJFnKH8
zV{DUSJ(q)1$CjgEQWc{|(m&#BVf4;U4qCTncm04&J@}w*c{$|c?LVfbojV>I!FaTO
z`glFo!~K|XVy6Gx_rfc52xWM@`vxtSWmq%rBfAR+wCvgb7Q1U=ef6CKV)v3+gRkXW
zi5z%vJ8x~TEhK5^?5F7c%wtyo8b^J*C8!N;S+!UpcXA9~q$KV2@IYUV39^9tk0}w{
zElQOG0&CDF<=5Pnh%$fDkhh84GASJLT|Y+88a4R5=u;E@kGINuLjLL4GxxNgORs6C
z9|?t)yaU|R8ueuqZY>@4>lOV|FIU|~7Yi$R%AyAiTKlKr>o-@9DRB5H^Hr&+Tdu5i
z74FM_cDzCmlz6@Jo<L5vtX*}07S|Y0B$`UWnGpdJTu;W6A|_1Pb1}mz7P15DSNFoX
zT+Un#zSx*$?HHT$2|KN3cxQ{N1R8QL=6Lg~Sf<h{o4>?>hcF}7^sCo}4Sjd1q7A#>
zhMWA-RNA!g@`~=^Vae{cf+AS<6gN*AXlMpR!kwdX41ESX_whvzt%@J2)a^Q|dVOy4
ze@?P-C$LO*NQC9L5Sl7tEuWHV&P8S|+s>DBNG?0qI$-39Dw_hYzi=c-&bMs-D7~hQ
zg<M7x_rT}{IaU|D!aLdL#)k>@oWzFaDh9G|68`m5vuM26!hQ7m2h;pz0cTS*TLBOF
z?1(8;(fG1b#Q>NE5A}@6QJ9bz5?|lXWL|X^my+24@sQ`;VP)^)!uaozbj&AAv?D&=
zrVXbAvGd2`O<1b1#28Ei%6T1914egouF?|RW_d-%8|JpzS4}dT<=62`LIW1%65)nY
zS3LYu7w6B$9h0I*8xyQC8gJtK7osk-_LJ#0L|5+#%}nOazyX^G>~JT}JY?mEWaZ9$
z$<eMxj4k2LLPpu)lRxc8Z2Uzr8*C{wN5MN3rpzp-+10KoQ5rktT6NIf_L60l*U+A*
za5_sM^0G89lMiECVCEgdJ}?RFVP)2vy+U>%dmcUQPuFPVr)=5Yg)1L3j-HGXnjBtg
zIp4yPm0SucY1K=)%|f%%)8lGYMpi!gYwRQ`x(O5$W`js?j>VfZhGt?Rma5+{W*wK8
zVDfoj7`>A><t{&7;YtEjHVZC{Q0V?xd3n5n&=yJ4H$}*ec;SQ0%6%)eL4uJ#0wxTa
zR?XNux8S&?9HrtH&((G`AFHS^kHA@UHSmCU!1TMLP9(&K7T^qL90WSfxYe;JiYz;9
zm&?5Ly!exO*)$A<Cy~3_qiqpY9<UqSG_5y(jlJn?8t$a~vsb1AXR>U7Ly<QQ%m>7h
z_>5H1K_i)RWovw}D_s}(f*RpRFb~bG<A~bZ>Dn*4WS2H`<?q(Ewer_9xYUpKcCSeq
z;`p>l&zNv}%E&(Z`{$n7jkX$2Tv<|G>8QMEi{*^yY{9Ec6ixASS<6D~gG7b0PDZ$7
ziWu7ZS#IJS>_k``VTj-k-_#1|M_WE;b&kRG3us8ylwB;S5Wu5gjCQ-E;y%jSXLB*R
z0i@nDT3qKQMT__BQ0FzueV=eb6`!>J=N4;av{;7+kkRoJvN#s$52+Hg@%fWvaHmhr
zgdz^;rw6W!bB$~<US44iv~@9bTY2a}O<67mOEd-rGBYWsPdLZxCMc6oJ?#5!r?TV+
z?5~jLrysSU)3MEnZ4$B&Qz%Mz-~p1Ca3Rsz{;}B^ew3Gn2nK&9XE&IpZQdr#=G`z-
z7tu4KoRZnmx0VKRynbdP<>fC87r64%WdX2yKAP&YAQ5`-$mh{<oD5vxKKw+hUvKGB
zJN0JnDSY$0>WK=}VCP3j8(xpDYlBV1d#3E~GPPdYejRB(uwmzd!uBkAErpTF5!!9J
z$tEmuy|iVqsEVz{NC#{!oEvM8Fq--(VSMNJ+`kF26^Eu9Jlb5beF%j*m#y49(1*}f
zw31<Ru`D%T%U_|W`#t_Z9mmpqE2g9sZ*Xr}&lV-yx6CFR_g14)cH;)bQx_Pivyg{f
zR4?iF2ZYbSvQx}!r=fM4h@cXt5ADn2)ez(Q{rD4eST5(^@Pxm?|G$>nndlkV{>c-V
z|C<E}>t9A8|C<HKhK5um5gWqqSG6acn*3%>eb~7N_P8}t5DsdNeJ}#-Vcmzz;(`R_
zg@m@XL?Qe%f7dSMvLQ9S<oO-ySUq@OT(CE;(iq;7-9tTiz8@}cOn*>^rn+zsngi9Y
z%FwsZV(j?7clng$Ck-|0@#*%Dsp#&Vdon(g_oB-3{6BP^)3PXB5S+Jd+qP}nwr$(C
zjk9grwr$(C@?RvWR3&+Vb-QM!yTAS|e^)5mqQXn<sElrOK;X*b<dE>>mBiH#0KD}I
zGKa@8d(=!JlHo#UM>6wCK|Vu&^?IZb#5g(1_2HgMRQ4mhbcl{ms&|R4n|0wWY2)#p
z(rFf<{K)e$<tlyPllzCt%qkcB`VY_%>_V~D=r`!#WJE78K?bPG-{<S~{?qN9Au1aB
zwwi$s?8pgGiK3t-S#OM)xF$`>qJZ@L{q;*C1w}c9HS%eBSYy+AHCz*E9-Z1t(zuY}
zY_<~=#*3VRzVHStwq`-$;#x1b7Ug%6^Dm1;WWuF^+)7rSWpi@YA_izuAoWg~e*a0_
zJbY404TKD!WZ}4%qcbS4r>lQJXCJIo9#eCxR4rlXOZo)zxs8g_)VNnH9n1&NX$mok
z5?K-YBS6y;Ef|xJ-7UprxGZH!GmpNsb7UyfOo9{oR7OV5RS@>A6uA|+))!tT2#b3~
z*|`$Uv3i(^>2EKl0~4T?wA0%~)4U)-8ru3CTt$Lr1EBkO4D8PA_KLC?3t=2eEJPx~
zYO?^Vq!Z;AoTTXl9h0>9up~J_XF!f_FXw1x&7?A-FyENG-Y-3Gf4xw3FNw`I0#;n5
zMh}-o0k~QsV;5~;8mLhXYK9m}|0xWMdkCuEFSqBAz!6}!@J{mVM#|jx{E2NgM@9c%
zY#D`d9tc_B?|^YQ*Cl?ETgkft<=WOKr#GA|shURgz=9wJDe5<`W}+g=GFcntqL?B9
zjV>fMbT6ZWtsxt{32wg)JTq%D6e<3q6!=?@gI4i^*bo8Yp1Y!~$K}2(xYZCYWsGO~
zrBt3TGOcsn!hGQ}YDfbutb7UFMQfoX0oc0y3oA~pKo2mPR8@)j03A3Uz+B<Y1J9>I
zU^wb}w{6SA(nhs*t`mrDY>ib7Ui{515*^{430=h3%n8#8p*3g+%#$shWnJrzNzP7?
z{<YiyBXT=LKZxBTq#fdk9QnHhHH`bZCg+Ll+f-RfO93c47Rl3EM&!SnZIm}z$AP>X
z1)Tb%xZ84*`v^a2Q7nPCAasKX;6j9<Lc9Ijh<cR~cCI~>0Js8Cfj*6i08<y;0SD`Q
z-1W&*#io6+9}&1a=(5fes>)!Pm%3_Fneu)Xuai`O@cK-v#=@W$TR@JC?Kah~&#Ybw
zO2nA>$qthsNc9#ALRDSF-bS~O8VF~_ZA}v+O{rgoiPO$;kTS(h6a5)YOw}aC-r|Xw
zoU@(b0h8I*8g)<7FAJ`=P<gEabLj7DDRlx;gf)fNE?H)D0_Pa^Ul~$}MQ2)*MPa;;
zZGK-ah;mtdG%CNh89^L*pvnC*<NNvKk|+MSJ$F1MqUw%vx4C90Iteq;0$pQ73XNtn
zA>t=zc$qZ(4El=P9li21zMZv7VV!9un+->$)jX%Q<rUVU;9+6WC>kZB3?++rqeAw;
zOHpiKeP3?p_BGMTsZ>q}*{k-nkXbuts~U~;eWOst#F#Nsx2TX^_z#RO$oorR9TZ>+
z<y7AY&PM`<#ZsU~TgpTpJ+J|gWS=b(<Jk=<F3JZh`=L$AA#d5da1h1nN&4zC!y2#h
zn1!VKMrZa8?y)1h?DB~~W^lQCl>JC7V`o@LMl{(pm+2F-OHEzTmQojEkXzS2H8FFz
z!c-J(E)Xit4^6l10YyoF7r@>v&nlS_T3nZp(9dzjuHmw30D~GP{h(YZWpN+QT9s{!
zjdeyT;7FwcXtaez1yb5kf^Z-?y*ksbR5xuWXReGBl>~5B)We*XkuOk3JA4Paw9v#4
zQUusTmF}U1QLKUx8hznNu<$Tc+YA3k>0X*UA{mkzoCM{GF;mBB#ZiYhlMsYZrXx0T
z(wnDk>)t|(Ik8xU@$R;G;j;a<u>&H!h|vn&rei+wS*vn!+?G0!=40=UeIanL!ueZe
zfuKu-JnJv3)7E`sEv<oo12mGl?{;aygagf1X|o}$M4P4R;!TFyg<ye=mg<i=gqKtG
zJj2swTDe*D!w2%<&VOIFt#z}zBW+<PCt}&rK{4lmcF^vOGtNV3fV?Kx&$MC2iJQ<`
z!Hm(eC9XO+Enh%$1sry>6Fh@qskpCU$47MI<Jay3uDKWaqvQ=eT`uq1Hm|hq%4zE}
z#<w8%f~nhsR|%67;_}TX#7MaJ!IyjsX0j78I>8nnv%RJT*mf!?yna>(YW(4vmEOO)
z0lKnc^)_p=PElJW+!GMi>vWjHI~0l=hBnwoc+dh-J+!b(Km*cEnu`<Mj@CQP<$K|a
zvmmy8%6ClWl#6}TXVWO!!GW%S={ef|eZadEdl~+D<LqB5y%Y0xj?A<lVybdn%JWT7
zc{bF4ND%=v$3k|VLRhd)Ra}aE?i@POqZY5d@GZNtV)pC1HnSrdYb!E_@(}Y=)`V+l
zFKQ7@coVWm&zIpM)TkERSmIrhrcI8rA&&-E%*y^8zpyE`sTKdPIpBYJJ{dXL82|Si
zz{vc6YwnE9|3A_Ff70w237A+o8JYf134W#9(+6c_l|iR0J@X>-V!Ag0QU*Rb#8e20
z$q<sjQqw4bRv-WdLXsd*gfKF*J~FF50zpIpQB<Kl3Yvm}ps^hh)g56QzfOJNhVQL&
z;N%eM!l$gtTu7jH?#a9FE#IAtS6BCJxkA}hE|;sUk_-0bi7GOa1u<=$`7CV>)bHmJ
zR%l#NsGrZ-FL*fan*n#J48l-twlbUdEf9DumpG(~NTkpHHAl3`?WEU{pYRk#D9lem
zRa5Wbd!^1Ck?9p?@mxC;b1SvPODL-I$k}RTJ1lf``D*OoiK1AOwam@z<7#w-hVbZ>
z(C2UaG1RrK;RS~9=xo19MVYVd@jpn!+`A7rVd;fy%R(4zu{k#3Qm^`f>r1MudyK~?
z0pZe2NWCy4{C$<*J*LYg^N>@woIOGeSyP5d!{#+y+0@O0o78KG%k5!0kZy2=<;70t
z+d1asd1_|r4mWwuR+)X@uO~1VT&I;oug^<D!B7~wjxxvLW@3?8Jf=2_-FL`gWHMR0
z$oL;I{x5}p%Jv{VAzfp{uioPU7y`MbfJF9YKCWNt#GiWygGHO~F=%79O%F(O(sopz
zyl#?vMz>I2afPhOOnw5dh}*F8)r6SSm;Z2A9*r>9)_5<Rr)fr4#CAL@K1qC0p-U*k
zs+Ta%C#C1pWbr<<NAk98p1^e11mO2h2(dAvbK3Sy3_0uc*nf$^l<Gk?yFjZ(w1=s2
zwhXCK<J#9uIV#B;Q<3Zmu1AUvNO8ljaQ($sdm=p#EKdDU7q$c|Ct|5Zrvm9M&7`TH
z+=xl=V}>j7UH3$Di$v1M#!sPFFEjq3=G|a;_rwj4)FJZmGpyH3{)?HvJ^US{W@x!v
zTh;K*U3IL)H+e;&IU{?V^twzgQYEGakHL3GQRA@~Jl4m}|4^_fF!*dP<10?T`&D4D
zI0<Wg`g?pmO-)SRrY?7Bd1+YJSohw!Y*nO^ESR9ddSlKsz$C&^f*bc3*<>3~lfgs5
zC!sw|#Rt2UhCNJS;LwvsN*yRe*y(sQG{u?&j~OatBa07eyM$ddWW=Y{Qw*lC%64NQ
zRV)!ON>vb24aP%3i-H+UwIEB@VW7lH*Wg)rvP(K#z6cM52>nPY)T!E*9@PeZs!#V!
z$B3^PF~Y&Z)UiEG<9J1o$z(Dko#0om0&fEX$p4`pfnOPh2`X2Nq{GwIhoeSQVen6(
zL5O;o#D<fChA1LnN=S@53mADxDOIbglUEk=V$x2z;j|`V8WTE*G!*@GC1YsE8fUKW
zPfxduTNSFs9W<)PWc9rpPEs3U_UjKC5~N&@-(S7N^s14Je6m<6SpP)oIS252`&i0&
z@`|LJenpl|Vlc6SA4maTj;Q;4?d<3vq(Em(XHLMkvdln8t?NDGH@0=yak{cmQVAl1
zZRcuVN1$#ahO13g83>T<y$0SB8OPcyNEyj$1S+Y<aK5MD!9Kr$THSIA|3JvrY1cW|
zhXMmOVXNRLO~Ckuvqn=b=8!TEwxo}%6-Y)?DiYE_hFKLuSx5<PMy7%&wi1!0vi=j#
zBck>lt{+xT8cH$Cb=RtbAhnDo`M-b$%(`SJr=k>eAUm)W6=_G_U9L%JRvG{<W3`Gm
zr0|pcR_*xT>w{dfbtj>TFjHsm_wO6u_r9s<krL{QpoO!DP|}Bw4Kos^j*zf>$+@AW
zQ_>6iE5j8HM;n7&8O<Fex?EIS!_?&|3PcY_jAjcMmDrf|sM1(-;;1b>oHrO^K~vQn
zbS4Oq?6_OV)gO6r$vQ}wWJKNIMQNq+cXgB)sZZ&jRQKDnNmJi}7&(KG;y|RSh$}Y@
z;a@mTiY5^YI+b*ooP->X+bKzZj$$kTQgPDRzL}T?kn+XAP#Mf5m?cPK;$sO4QJIT@
zWI)1U2KO@fW&+YtxpPh{qqt2HRDk%B`o-9cc#98GhYme1pGZYKRdd78$jUF4#fzDn
z=g}iTn&s<Yzy_4Mjc5!NxLX(ig_uJDfG^MHg|bRsOVm}pDo8XiV?e5kGjvo6TV-$X
zHm4qD|M}vjt3Hs*<8ncFMS>vYcqni)t06qPUT?3nK6m^y+%w%rfM{5;fr!gls6~Pw
zfj~O(5s9gwrhRSsETfeJb49eOHy$RG0(W}G(^Lg_SOrLta1<7Dauk>#jEH$VMc<LN
z&~alz5=VzWPYNutnaCrk#cdG}O+qS5!D%j}YisH>rURN;Y$S~5sf48BBtaxv(iNRn
zW?lvt^OdKJ9t8&;e!)$IuqaZ9GoL?A2Mbu_5hjA0oC=CfHCdsSEJc|N5`-)fI00o3
z@dT%>i9DT~!z*^lust>kqM0xgGxhTRGrJkdF<*E?3E;5>L-g^kU-roIMaX)EXp|qa
z5Q5P>ayS`|R+Z0DdTh=#VEl|mg;nG)r`x4MVUwdCDuGf}w2M<=O&47r5Zk7}`VPhb
z0WZo33Qk1K<urp)gNw`z5?=oHVddAKTC4c*Qc-jOMza^%KpzoU38)|i#7R<m%<eV2
zg0CzlvQWvY*?Sf`jVmBe3iczGejcWej)^mOtv1-#gll??H^pt*Af%r|YYp`_=LTvG
z7(%PZJ))Yk#~Q&qO8?#+f8)G6_^sdq7ho&uvlP@4LrTic2{e>3%RAD@oej|Q77p={
z^cxo&-2HaopsrqQ2~D(Wm+v2alZ4&^s-0ob_QVw92TNvm3hv!}nDM+5bForT3c-(e
zc^Q@}o%9tYFbi9G02_455uDq!H7jK?VpA@?VdO^HIEca3x~`vvGj$tp6;8t~U6_ky
zPx{XJcF<FUxOyW1<{S^^rHB9XG6!D=zz(Sg@XEzYzSwDR@we=GIatg1me1&|Q4W>s
zd1Fj7S5h))QYvW8{ZgL{DUq`GaDO-1{OxYN+xXd*SWH$K4}R{ftwqU~h?pxm62df6
zU%h%k7gg$3Th%~WXtJ{g`{Z&U1C}!tkOoUJ6;K8{F5*uDOj*FTudXBiI6xTq6|#er
z5;WHQdYuI;qg!X~(e9%|n7!B{XaDa^n90}SJH%-h&xahO>q=*ie(z$q@$=_<SR)Ut
z&2yEd#+o**(P+8Ra@Y6r{6z_`owl;QoWT3j+tL<y4p$HxztcL(@2TV1pp&xQ@^zk7
z_>yg>dqaccdow;Q$h)Le*V(FLdt|#lddE;HL00l8&^2HXBv&d&$;W+n8ck%^c8(Nr
zA_CQ1EI<P~JHOY8!tq~ERHnA_KRQynI7=(yE7e4W8H+X6O`dFJYfL^a-T|3XZ3al~
z)ZH;KU@tv%%}&F7J8&_781DB(QE&Vcu;#cvL%-YI@Qm}&T>9r@=Eu=h*)8W3PjpYc
z$UN%=Y+<kd8mH_wa6&*rf(_Upk`S-b;sTj!J#5F0_QHrMt5y(@!%B#OafIV=0u&&B
z2%7)ER3PNS_c{=HFawteG;o5p5MWB>lpt%w@3v68vIDV%8CXFLg!iHQJ`i$CgEtUY
z!v9ne3L$hLW<&RvKrCszg&~|MA*g4$<qb8QsA)F@B;#f3%?eR1R_u#>EEVucy@)_$
zplLhkKuoE`8zCEo6HtMWfQFviQA$&-pvow9zshj8;krQ%h&bTHIh6z}J1<r5RI(~L
zZZ;L**PWJBdzwLQJ9Y+jG2}fM$}cN-ELy?LCyG1Iqsoqe@ahd`4_hd0{%G0ly4>%I
zJ3po}bm8e@Y;ARi<mO3mbD569I!wLy>}He*yZ#m{M^j)lYh_NkoQopEi<2y!_~{?E
zV88+)E-cw*N7{X|x?%ZBtrbHY#}*0saaT)(b-CV`3TScVN`$4od>AUVD&a;%zBW}=
zmsG9)S-1V`>M^9-B;u}OBZt(HW4~lv)2#UOMVh-=x&ewiYsA-j9JQw3cG-fBepI*9
zX~?+P{9Jts3r~fp^X{f!^G+)=%5swXxSmQc!`Xd5(5_SZI<)5=GVo?B#HTBZk}I1q
zLgbjekvfFsc$Yx~oUSIoriszDl~2Ylwd5hkr_SZ0&A~88Il)Q2Vrj<rwHe?$@H13j
zM{TaKc{TPDEB#rco%*8jIf`}gyJQG{BR}miHJ_ui&gCHEkDT|@4V~5rZK&ijUmg#w
z){~z{fbI@;2FyeNTqNtK1eAlCClZhepao)qR3Hz)Czl7DbpfzNHOK`prnK0^XJObq
zxzRa7Sth?WYS>c0*=mbV&-1!`Q{E1Esw0$7-s~0Ej34M2lZ85g$(|K)89rhqK^28j
zTh&A{+|ll-pM{pyD}NHoM33rDxCu?(ef4VD6v8Frsb?CfjhVrUh*nBZIKJcmbwKO=
zc-ca?^S&=&t-AB|U|kaZ(E30FGB9pTU7AEM+vWRhi|6Ajn2EOVU&l{uGf|?0Z-fp?
zB*9MhrF3I25L=?siWz?Kw_s63r*FvO7-re>-@q7ROnnotnz$}xdpeX*vNf|td;G>>
z@}m}eqj?w?LnC*~>o2VcnU7?i6Fa-9zv@uu`%$qzvJqi?!j?d1(nwR1NE+F{ylzC8
zrN>lCx^`1$F<JwbB&3Ao2f%z&Dzd-hsH-pmfAY03zv{Bg;Z7Ea_Xk|NzUPIvx5Vml
zQhe5X`1h2a&i`$8{OMjq-NitTea7p%Hp5<*vpnxI72A4a-|cDfJp_N3;io?!R#|sq
zyZ3}oY%fU>Xv4W-T8{wyP?B+7f`~lkDNUSHL<vgL;$Qa<SS}3OP1f{NLy{o8>8gfg
zJ$1dBBuDr?zKvR(?^ne0g|R%`nm<f1zOV4x?X>!lI>V0xoagD&e6qKP5#xt5CR{sD
zCGQ94IicV?{W1A5`jPCpuv=EF=cUkYU6Q;}fX-pv<x?&sW5x^nN_zDIVk;6wbXacx
zn9CK32F+b@*a&sKFk+wYAQ%nb=4F5jpXKA<EVwBj#iL*={HCp|w{v|{(>%nmvcCg~
zO3m$=Ay8%G)=<*SN-R|(UJiV9ep~61@W~{y`E33lxzB60>CVj*+vR?``CgXZdR43d
zx&#=ri>2?x*7tF67rT<~xQOn0*{5{^tv}Ft)73(e2<)L0F%R_X2v7`)!9Rcspd9pl
zTfjVIgJggzPz#g*%92+CZGdL;rUeC@vM{3>0IdEbhW|YE*_&xxP)QZAoU(!$n$pZq
z$ZTc!KynJ&OCpA%KqiX)kW!|&HCj{RLP-E>fGpH*9EQb{6cqVFiI6||rG0Rv)}Q`C
zGVyb*kQkQkK0KaTOUTWjpCCHZk?5%?cA#%Fp7?Jwr!$)v-hlpgrM;iHPMo;O{YYKY
z!ffzJ@M?Gv@Sf%#5fAmL;aqr=9u$Xyr2y0Rk^#*!)<pj7@K<yr;!f%82aBzVA)2Fz
z(OS=ghAV_|SI#IeoDz)_xsN0j;_yAYsU{O9n$gsmQx`iM+;oc@w20ZgW9<=o_QW5O
z29lMsMlv=^Ni$|tQTyvsv{4A|(r`92fv%kMDZs9r3TeQioC&hbWxBO{7%JtLzQkNu
znm45-MM+gYkLTQ{uQTBxt_|QSO%mk1=r6?!eb;Hs7_~yqL;p&`!|^s=H|G9owcE=_
zpMA(^_&??50w)3u*HmOyF2e9Ln4SX1t7501q;lnLJ&f|>u-pGjjiO)|^R<aj&|sC-
zHL0!b@O-^e!plWC$heKPCo#!}&Ac;b%;r9wI8q4b4P`8bGI5LyO@xHB-p`Ai9GndZ
zk-9Vn-z%sXds-BU%FTbf9ZQR@IuiAWXw7`R7xkSf`H}5!KLdO|0Zk{+GjJRRu3&N`
zD~>r?m~ud$N8*(neD;Hg%hb<-Y{}H`f=tQI8w5ciqhtf<PU;{_kU3-pWbEfa%4GsP
zX#WELGDPKD0nLKwlaJe#SjegiIV(;3ol&%oj<HEK1Q9tlPr50LQL%#5kR3;I3T8$v
zY_4Yhn*|X~aXjuEa-jRc-`SbcJ(S)tn{g}%v<q*jnX&x`X9v+v#;~NNZ(36W&%B^&
z^LeR?{@baw6i<~?g?6B`5-F4Zq)|0yivZG=D*LL*L(qs9KO`tc3>Sw{4Yr|RqG7&n
z#bL-{%8;SiJ<SypjGGkC<rgXF$mlx31HDN@#>vwO_mqvr*|=+;3T^OVf9`j8Ix$&A
z&Zn~L19IA*Ku_?LW$xua_*2_m_g&jeRVTEW@k4(bh^XJs(azfHJbzen^9$F6WE&6+
zVp;{qNoH0yRmiNx3GG-wW%Rvg7zA787p47_!Am#u*QeYz)E|0jR#I95SD8HrS8LCg
z(dw1<pm-$xr4_%(H9uQ#Z-|>aPUFdem<yMycZblBU!7MNvA1!qbH#IUoFiAIy0~(Y
z<wEXK=EAd}>1z7i0LuIfRJDW|TYf6m_P5B_#mJw-O6y|jKSD0a3Rco&;++8-ms&NM
zrt#V($NRE!!CZ#-#d4yc<omKoR(j>1Tb^aS`%Uvc0LXUF@2bC;a;3lQWAUuMv19?h
zT}+)x@^&kelthD<E1Hhg+%-SLR=`1e*-2Jad)28@E)D8W)m$=Ip<*E!D^7}g`qtfE
zgk!GZdUsR}whU3F%@Y;IrzOlnJpMZ2`CMvDKad;UcET{tx1(I$`%(vOzqh{avo|T)
zRaqK<+%2<5$&5B2eTKXBrG@P!w4*N0$MNxiZC`1tK-N^&kti~V=^w3wcn=YjZ``$I
zQ=LCEE7jl;GfP4~x+Z6>R8Em}tVSCd4U7v;7WaN^lhAnJ!8Y7zh%1|HL&22^OS{3q
zhTUo=tjuO&8cd2kYcd3x^$*e7r(L$M{a>);COq!vA<~unimo<gqK$75t|-Rr%@%zO
zmbvMXU(+UcaG>PQlU};{bu_hr$)GoS_wRQ0Sm72kCh%MF?Zu!ea+ZB=pWET1km=)P
z>2czb!G3L}6+-|#sBIP9U8CNf`&g)Y>hHDn6uf$`<K<I2b)NLPUz})W_BfVjs~|v;
z!EwYyu{oz4%h!lcqN2al2wP%PgjS>C@so(>VDTVRgXA_<YXrH-Z!v_(avmp<)`*Q_
z9I$+(xrpFg!0tFE4bOqjro+_R@qi1f6~uvk4_b^dfQ5WaKfw9I4aC-R2|b&3hxbRX
z@BPKsB!maJUrrUvqd0vEb79ho7k+D?c&2{;#~`f!lr3EFh#5N+kadHzUi^TeqlZmU
zsDXm8kGr>F1v*x@!a?YR9>!s)4t=rLz%A$~^jY_P3;OQU;FR9_S*Wevc?5q2aBueE
z+$xmMazTF>KkYmszL8%4zI_jR8hKEk5j{-NL;f*n89E1j&ch%jz0ZCq@$Mh0U!Ss`
zrxZ>fZU=4?ZcVP4I8G^rV6;a8DPo$DSsHpZOOr2`QfkjLl=HM{(?ZFU;sw5WF+XiV
zW}<^nO{wpG`Geb<ov(wyF>nYjhV-j*2w^0rkFA{7DKfLoWJp@wN3o*K06aaFsWA2`
zMY3$$l^>*|ua-NB>z9sC>W1@gOYRoA!p>ccm_5QD8r88@hm=bI9LDHK2S@ytg&=T@
zUIZL$gRnVZ`d;!0<`v}&i`S}GtH(2%JRh06H=MVemz?)Aur%X{1;c7kd6y;MT_U+E
zir29nW@r-mmh!2gDg0+-0fH5e6)#+{gOQXNab^)LkT!?7b4Rf6pv#F$wm+BfI_S#R
zZJ+-|RANU@&=7dv99}y^5O4i;>5KGC6%6QFDt(cyR}cbj@UI6`OuD?cWTUE#l$_K<
zgIL|dAW~1VY-62t;0cRMokXA^WrFmOj5$<JQNvFn%DNaLmeM~O&?w3vR?v2oj2~9e
zJL$j|6djSNG9?VO-+-Vr_kUH0D-^Y*qAX4kd+?S$JAr9p<0%BsIzjW}AO%m9_pU)`
zVxuy+HTrUaK9l^CmTPm1{E&#X0PP}>^j7)gIr!>5??DBv2@CK$3j`(=YN#{FVOe<t
z^YDXgeo6CP*^PdojjjFxCvG|6ptCHwfU)X3^4H4QYrMLif@a!o%genE1sVEIgx32v
zx}E%oMtdXgAQ5=1H|)*&V(oIjs1b4ujW9*bjbu&z8ZP^rCSfOL6wJa6m|>ZMOu<Vq
zIhb;p2f)lYj6-V7)qN=9!WlJztQz9|Wi0wd+^MHubTj(0PvVO{$(Wyn`!~{nAAj6p
zn~uK`{V17)Q!r}G2+lelCF$CMab!pQQumWUA|JX|>_CDn7<Te}9D_0^;gdmW_#?jq
zcKrCKV9k>|`nl}+o|-SN8*2>nDn}b~jgTY#4@jp>m%U5PBJDteY%rs&wZRczI6`&C
zUJjx*?9bU&rUU!;9+9@@!w&T|ruv`%gn$Qzm-14CyyTr0yK)FKpd+snykV$ZGGxAI
zBlcKUn@5IMv#=gow_LVeHkZv7vrPnPSQ2TPF)Uzf#DymELxl>632hlAo(L@V*Td}^
z%Ds_)bR_%Zu>95{NJ)jUYioP>+Z-$W4eLr?fKM5DnUcI;#<jF_axCF=-0kIGB67W~
z!X}Cu@{a(5mzYmEmd9bvX|979`b)!8tjPT@-6cof{?+<LcSao~bf;#(oYMvT=L?{j
zx&lR}&q|MG&<`;*YS18T^c9sr9iRmwADkodp&b+_!a+3bgV<8(Mm+>etU(YY?;LSy
z5Xd2UY;t|B71BfINBX0~VvEX;fFY7qnh+9CqIx$^<Sj&!K>soltlgt|V07f4ITLLu
z`_f}AW{?l5B?`FAU^o*|;7wB|>XHv3bHwGMv<ZeVB|`bHWF>(*hy;jsbLEzHn+m8X
zjT-4n1XVlS55~bOjq#i&#8Hv8sY)trSLUKw0lbH{rVf5Z{;s^%f4!@IV{3)EL4`^{
zLBSVq<pz=>pEAD}MmnWSFPwy-uVNdNdf(F&BYA*?Qu$zE)w$-bf(f&(mbqxQ)WBzT
z?DpO(NA7U`svC}(&@MdgYMXQeDVBu1Nv^Dn@Nl_7h=oZT-i}w~W$HO5?<Qm>1MN+{
zWu;wOjcVBw(tp__cz&lRdbX4A9HJely3$w2{3QKOkC*yp?(4VKHh!1!aP?aQ4ckKZ
zG`sC;nEw8Cg6(mcxYpg>zS~yYjQ{j3c5+2|*76CpjNpz;iRSD+NFb&<&%rE_Jw<Hw
z@ty`g`dyXB_+X&_kq2;Jint%CfJNw<qRcYAj?8E;j7zMI&4k{Mci^Sdfj!&#0QZ&8
zZ^F!U9yrRHIhVQ2@b4$;!Is{s?3z7!mQt`S?reuLWNMN{8~1h)@id}ib6RT}foI)K
zY<8$RXuo*Bnt&Q?U^+9{rc6%BvbdF5gllMgc3j^a;e9rj1MP!mX}|*)W+^bvRp<K5
z;ljo0rg>e!l!wJu>l{A%pN@bLa&|?gOq)!ryq(p4<BUq)mnvti&)O!}Z-UF=g|PkU
z8o$cx`)m~7KG10llHYFMRp5<xIKA)3CFzrSJk)?~oexOUA{IIe9UfnWe<%0NW(9k!
z@98+NH;`+pYm2%(4o2g<FmTirW15ob6YUOnTcTj2$$@8Qu%Ww#0t6a#-5PnS*fWiN
zI!=K9QgiB%+s{S4?d5S0perh4_>#7F04;&z9@UvVB{LlJksm;<C};UL*pz@7zvt1{
zs{99OK0c`S6}SqUd*v63MSgd&4BmO;#x+=v?j9xPk^5?`djpYJ;VSaPd=gB935T%%
zR?>kAQ?t39Y*^><R4ZjU$hGH3x|65lSe<Vd5U@(leI3^QIBmmN{)Hx6gX2-Jua`l(
z4!`po_vNgfudUtn?rO=m;>l`N8dk&HIUeYyxGR2T_O-!_SDZso;1RpL=vJpEm4?NQ
zCT{xE1sKv!hsO!(YuM2k{kHda`{t|EBY^t&O+OtziMz3@goOS6lWS~e3)izuQzlnw
zq@p~zR=ZDa+SVZMnMa(<WEL76es)^0ze={s<33Wq>V%)`0izof^F0R7cYsry)7mKi
za)B{Kv}^r_4({4;1I}@>SR>k2;SsG2pYoKAVH`7$b12v63nD|*7+0wQu0C%)qE*2u
zpy?+g)es{`FW15QrJUKMr&lih$O<a0@*0bEl-yd8dDe_o6Pt*Q-q_;8J8%&#Tm2(O
z{nxjjJ<H)*)u~jIVq~bQx6c_t%DQ#uA|i-;09FOUbB9F@QWrZ{PZhL7uHVm>xb3dF
z@<5~0Qr?*PjK<%%?G)O!vES&&)D*st`(9_b(WQpx1?bitb((m(jh>SKQDe4MvRm)B
z)%EL*F2|OhEr0svZV?AP*vii~osUw|IVq8(?2&DZ^wu0|<iZHZxt|@@aoIp8OSv?#
zKUQ<eKn071<X8TybIS^lwSX?X*lzIV2e5BAtnSXp&-O@s2qtiobX)w<xzHpuw0)od
z%VaDydc{^pV&<=y@!rigywve!QYGc&+hn>vF6YBZxP71GzZzBEj+(sLFkL5Xgls+Y
zR+0v|f$2?+GQm5LvMmFE<be?~PK{vDX*RXHth+ExI|?`9K<v*>!WCFMb_Y9-v#`Fd
zg9z-`PQz?$w)X!vbZ3kamrlX6u*>|N`x0zEhaqdbb@_+1u7bcqx8ibXg>CtXnzG}{
z9R^B4IK*DJA@OFZVb5vUs%?ckFp47AQl-+*{32D{0+uWbUgDhu*@5vnPpHkxr1U1k
z25c&d7ajKZZHF+m`&R7Nh0Anhi(YJuD(r}CI^fh_!kC_EZ`vLlKTioCO93BAmP18!
z;Zpgg(6S0UU|y1CymXKayYm;zU)s?jxR>y)`&;M=q0a*3$u4jBb7foo-e;lGKaCj6
zon32hYc{SPz`I)Ojf$FFJ)IdcW!>7ScxBh0Ite(}){AMf=QkNHwhSw2H?p~Cj@)Vj
z5>aBbCoN{<<C&nm)Ivm88?w`8w=a3Rr`~~z8||v8u1^<M$+5!TqE|PruY-7W0e7@V
za-Nm53-H#rU2NZzY+!7)?amAOHacDSF*z!z>3|0XVCq!*Z+S|63iHymyf2F*<2M@5
z<6%21>&lC~x=Z=zlw1op&mg`~O_Cr*iwF$YoOBnS)gmu8t9Dxx9l<JHU5K;kzZUk#
zZ*~Ja)`ob8veX}`rp8}X2_v#WTkICj#5$o*qSr+ePUvZ~@O=YKI!S^;3Ww@3Ycm`f
z%i#k89(#3mbWWqS*EiBSuGtmdM{0Ma?IoqP-oxY)t8xL{z4Km!x9vbR?_tB!Ui?7b
zdvuMrt0Q<S;DdGFcqU>k_<LzSpND~XC9S_fzdjGit2*oDUJDa=A;L$hgnu^Tdr(I*
z$%*Ie@+T9o6+B@q1@ok17|o_*^;L|t&E+hEc->v!c?DH=o}u4?X>i;d1`Pk9dZzmA
z#;%yO{%KYi<TId@y6f}w9HZXKyl8oz%+wur%Mz8FPq^?CrkW&1I+;nFp(o>7VtBQK
zDwa*%-k^25-EI2n4KJeNbk^!>R<WAu4Og0b&seLsPO&A_@j#c$UM53sLN>Q=m^%YQ
zhB{kJnyYfN|A!a#*?65lJh%Px`Wo(2W7+OKa6Wk(-BR0G^w4&A%2I_Fi1%I{s8s*`
zT&S9v<L2D!74`Q#8b6AD_2hUX6yxb}7$_X|tU*uPX?;aIX=1(9pc-P^Y>2(&%s1j}
zipKqM%z1WkW24={sRwa@(fmdui)_)*$RR64M9)3r@rvj=N^fh>RYihrZv8rR1J~s(
zt!Z}0PzVleqVD^CKEEm``^4LB4!-(z8j9Bc``mChkGIilbr}jPWuz8k&Zm5%Vz1df
zjt&GVrF0JbdT&xQ-MYmcd)t2NUs|InY4k6@@$Lnm+!YiX$1GHx(^O<mRtSta59KC7
zZ*C_z4XUBDa1zXgp43q|2AZ~SGmaeTj^=~kV`a^qHM$*k<iZ{E=~Py{<?%V5kG|{k
zNPmoeT4j!Jkfy8ly@)-kYeGf8^?F=0-Q*KRtJLSeOy88$=iC_G!W;$Q;m8STa$JZQ
zFau7O1HaS|*C(XjKEToc66AB0*M@b{#n8GK00Mj+#jR1Dwx#bbtu}TNJ?ZUL6A&)$
z2KjKW|DuoSOxFFEeQWXat3`f;40zLTaXcUZHg(|zjF4xFvD=RYI-y}=(im$x>N<*c
zgh`xl3c@?|Xi(Nb^eXASUMA{e(K4_EKWMXPT|?gkNgWk!_>ujc1ifhA*HC8R9j%Za
zR4z@nTzcEM^xtgOb$UZ$pb!qWj(WpE_Uj-wUW<n!RjkP0zHk5c`__RU@clXz$O_Nz
zw#KX7R&B1Q)Jowlz&jm+z3<h`gk8YCp4v3IH3>f1mQXli*)4LTmzX0OBc?d#*gdYD
zB!jVr0Wk`IX3-!p4WvywZxYA_ouc_~94KQ?5O(k&4%;@e<oDeOOBEs~Bgw;W>}>k(
zw5(m@;|N{qo%9SkKBYd}-(F-(F`{!lT|abJ4Q+z>={QJ7Se|hu@f!LaC$~qYm792s
z0&5r$c!zVx!@A8e5vHgGKY3?kij@56s(RiCG@5m95~4cwj-76>D^h=FJ^l@U!Dt*?
z(URx#I>B9ZYta3sH21T))U}z`PJYi1uX~}#I|5#K&LB+oE-hof^-hzevE=jU&d`bA
zs~`Cdm+Rj2<`)}$JJsJ_bB8taCv^igd6KGDua)C(a}CY6&vJy-Jqx>zj>8XO`wezi
zvHoD;D}9ci<7E9|Y&O*IYYXP;#?DUhV0lCND*Y9c`DActFR$9ec_GWMIJjD-Snu`R
z(TVBb!I_MiVmz{PBA#49BIo*RXwC&jgG8UyoW`@k{1qsds^sM(#IVSEWo?`Qt}Z5J
zp*0ciutYrdQpU^Z{K;Z7sKqvlf~n?iCAUw;#}7kODeEM?rEe6a7@^fuq|zWyh@Ugk
z1(o&-2Yo|MB60PI)pLUgH<p8A{*qzK(R49YJ$c6LI##}?-<ormdvE<!sBa81ki+v0
zvQ*e(&0}uT$FCv>m|wBI*k?iXvnHH5-)#9JdG(#sCx@CtXX942Ok4eyow1O{z*CnS
zf0>$rsvK2^eINK;5P08RkGBdWwSK~|7I%8+&opvhPH~>EqPg{8r8IID-$<7j_dbFH
zuVaQMaOy@Ir`{_aSN>}%H?Y_$nAjMWtcxcwLnGP4_+~Mk<F})#Sc}1BC72c?`n1^%
zx*yN<Z}L~^%eHV$-J|rOxwF}k#)i~f-%JAdr7Mx6M-NxJ*YC`Y5ZTVY>5d)#Ra2Un
z4;)&oXRF>S^VM_NbBx}clPpq-B!Ohs8q#c`bwc`VSNb?bgL*zkbeJ+dmkOILwLjbP
zz_~r4>-DeT9lr<M569QW>CzgNa%QCKq%*x=X|s*FUid`)eSxko`YJ^}#aT*zN?SB^
zYK@fB4=p1`MXNbgj=?CCs|DzHBdq8ouqRz3XdG}dC;$m{K};n*vV&}>vxCu<+F)}}
zkxX1ZY)g{<ahbvjM^cJOlQxZ)vZBb{5?lmc+mIo5bqjEV@Qo#R&Oi7MH;bkrJ8qkT
z_?BmqKAHbMDmM<x@C@A6Mdcr3N+&d0f7CQi*?}=iu%PT~1#|E|T$+?ZFfJKM>rlog
zl$w?j;K!1{{`~6Dz4g2;yGgn{#hHaw44X>%<(l|#x%R48S{)89^ZWbX&CC@_?Cj8$
z&OxeM#iWeAXKDq0?g7w_nXQR`ZuQFcz`>|CYH%~485%tnC?JW>Zil`TRlfVy9UTn}
zbKtzb^Aq4=_}{0&_P+O#@Vk!#g80>sw$HY24bZ*{H^G3t*1pO<Ht_f)U;Wp?m1_7t
zcfoT$4$I*5@B5PYHm`t6JsaTc@B3W%G0y`8_#r+Chrr43bnpAz_}??&_FwxSAbgrf
z!D9H+FM<{DVqXMP>37ClU;T%`#r|1~{Bjp}uLHq+8dZn8hsLE!*MWTJp)>b^=fS^c
zzW2fKd@lox`8v>Z9|mRcY##vB8Zy)v7ulD_j}*eW6vBOqVSGg}marZPZ2M@N0hY~x
z>K_8M`)`2Cm)6g=54f+n&n+J=!{A_bsmK~-6hVS7C<<2ZMYUA&)IIH6UL^?+@Y&_*
z*X_UZ*|k(c<vYZRb0$TjGTEiS7Q2wMdN&28`dz_d8Nq;q-~Rr-v)P$Bo3AZOzh2gL
zF8053;C`3%kiE4A9=WzOzr}`6p-?WyX*>;WU>t6*q27GG>=-@KJJLvJj2{VH;(>yG
zD+J}-5W~ZdIf@JyB2Dr*luT74XTx_QX~?-owHz|Xwd!psY0+0BzK4hp)(<%r7!q$l
zGDJDZ2g;od_r(xbq8c<pp%5D=QWVc1p>`$nTu>`%pEWM{gm)<r`16|f*tst`8oI&b
zrBNdqdwkW=>Q#F2s!mKh@c+?OK)o~~f`gbZIf3UID<{S@7n0d+vF6p$f1g%WzBF#?
zfBio;`PB<WQVQQN>x{hd)dp$rsC6-rl~=s@pV&_qR{v`Ss$tgRuKK|+cx9?tkC!wF
z$}uLZmfMfzF+U{8yqaM23dY7Y7S0MhfEguGG>H)#HR7$vYv37T=8@C-5HFMM!hqg-
zd{o(}N|)7L4Q7GATgd*W-Pi2LgB`}+KQI09RRD_3M(-i`Ax_VbsqUm~MvwpCO~_zd
ze7}ZBZ5M#2(hHutX9)R$awDO>G5Rpvj~zoc$j`VUz;=*|dU;+|+JW>yL{o5ZSSGLI
zf3`wxADe%48`@boiVqesVao*&rid=Y2}~6oR}Z#2h1OV|2?{(G<lBpAhEcE%0V;NG
z9il?q9!o*WVGY7z8iFjwVHA>q*otM?gLoOEU<k4S(SfpJ31Sp-=`8ln71%iku@zH4
z3n43J!61~07!|`X4S_TwHW(4(!Y?tuBX+^2&^eOg!bU1faf&Eq#VJZr>Y{|~^2kE9
zMbS>DsCOh?1?Fj$IFv#f8v(W!<u5DEFAiz&U$R>*W*~e70zEzN*G2#35je!(%3O-O
zTCPGdt&_=hp-DY8@)n~YTu3zwRnO+<k#`+ZzIP0z70(1}qkGlK3_8|6Y61OH>?ftx
zq&o*O!J!xNIs`(AoG!ykz5(I`NNh6bIGs)YCA){9aW@6U#ZZak#s?>h)+H`t?K8`(
z@IGD|P!eO$Fa;f_TD}_iO&0ddA;6hvjn??Pxo{9@eZ~cwr_|#4U$d<Hb_4B&0h0rM
zF34i%E9xwRlix^vV8?>tP*v39(<77=*eZSB5!sV9ez*T`CHtO89Z`dPVJ)O9q3R<*
z^3eYMM>|PyID(2)pNSI*cak)5oC-Me<{^MvJupYNwr6;-G!62H6mibaV@s@3^RK$b
zN!;CNMHdyI<WAu^P=W@T({Uv?4Tg<R)wf6O3xx3gG_I`twYuMSw;m^qx_!5O&SQNe
zW?@&`VAk2*Nje3$-NwR(Cxl;JegRBmYwJ&`gY?lEVCuv*rX7qfybd9{H$!c!n^}#G
z)%+#1HY{A;{e&put`rGtNRqOkROnF!f^?`Wi>y+?ISDT&2ODZ@sgN?2Nl6eX>TK~K
zWLEp*Mh8D9|9BfdUQB)>^yVjMa{q!MDq^o+8R)G}cMHAozT4%Sqs(6Tu63{d%AhDU
z8yoiktX=8d@g&{bJ#ZiY9y**&mmwAN`%jU$yr1iFomF<lj?x@n5exH)91+xf#4GQF
z5tCh>Rig!(O_SMx#2E4pZcPR(Dz)8&9%pZ6R^!q1>CxEHRe0+1oqGbzhVelx1|NrR
zXYpc0+zD+tq?_x(F@N_{K~#3VTA}3ntop6OF3094y$8J6fGzE%SNS77M*T&XcIJ`4
zD%_3Gft^YoATG!3ohGD8>G_)D$~Vy=vEO5i&IsVeu&1XldSCX_IZUpyPL47IspfUg
z(D}oqN0~4K7Oq~NG+Q?JS8_*y3DY@e(|U<BQp7I`bi*cBhb{)^0;OBEZH;Yo>`Ys1
z3uB>d^MhVIGB9+`j-*;f*zYA^AC1eh<Lyv*{fh>i9~YUW`zE)Q*Egr1p?Ljeob!Bv
z-T<FrH&7fym7d`=JjZ$|V?X6y%Cd~oEp08O-%~UrdOuzTWgxbcmDGP?X!QOk<28@z
z4NeKvt$H1&!x0W`iOP)P>R@an23P**d`F`^@7cf61+sy0!=qR)0}j_!@|>O@fc_G;
zvZDu4JD;nDU<@$+U(qXM7{5D<AFTiGk<(K(+4MdolO`nI36!x{!!1soBL@tRmqs-P
z%ur(JUOQr2|1s1sXh(09Iib6@K(%$AdkAjcHC9dQDq6RCUP1rsl7+gJzVTdoPFih>
zB;8%~4zKNgNgbBD!}n;wignBF$Al3|(yg!RUQa|%L%lhCtpNM_%S(R+HSFabNpZVr
zvGAIhnq-b7J+yR>7cje3QjfCt70v#-QzK*MWpG<ccG;Lf#vNS)yI#y^Fd+VxM_fMo
zjypmC#*K++IMa0>^8NcRW76cepRl)1vuLiy0O!m5H*(IYum^aUh!#Ijy?BY-THv)&
z{r642T_&Sf7)|%V>PMz$^_8dk23TDza67>yq?8nCXzSKg!D3_<S<6Dy6rfiiTv+FA
z%~(`C;(Yljx!OEc1HRY0P}ge{%!a$Gf`{>$^Rv2G8Ol)}?|U2K<v+C8@}IGJ20du3
zS6CBQNDQmx?RX`*u39hNiV}mQ{{k*aW8bv%X1d-Tx?U&13(yQgfu^4U&<W(6DgfDA
zDWD0+hq50W2nW%i4qyvJBfq~+V*hNBy@=&|;|zp@r2oH~UZ{Gh08yYAgncSNuLbsO
znrGUQB_N+HkN8VTKs*$KSb#Q?-N41&7AVMl<bD!?Dgb_n`%Hi_r1#A#^$7o90A)}N
z*^4)Xf5;<u?s@@tbhPz~31y?16{VuhR0$=sK;`3D?BU4t7PO_sTbTl-nMWwyp}lJ>
z86Itu{vXk*=^;iXe_v14{tgwt&)3vm%oBQ7+?PfsW45UT*lO@l{nszM#C1I|*6YrF
z?1j)loeF@Y+pO1b&)b5%+q!dBb$w3U#Av&7@h8$BM?Cf>o(X~1F(?C&1~i+66V0!c
zLO0-GKy>|8K|hy5=C9PPCO=-G)%tZk*yFvUEF*vH!V0a8F?wU?4k#66$1azQ9rbP$
z|9m%<<|YqDbo|Sn{xwqgS;%3+%`G@CzlJK!uu|_4@}|>RfY0ZRG{m}za0iYO;rrQj
zDfPHe*8I^=vVUUX41Jiubg0tZUwA+FjTWYx#*bkW6t}G{=HqJ*yZ$l+g>CxWh$D{8
z#}na&k6g1eldWDea65s+N_|l<MKEj_oHaT-d;6kHkZMBGGaa~_EVwHV7KA8vJ@?eS
zVrJelzC{1Q2k3NpX|Zq9PZyFG-u6CEm?{P9a*m!fJ0IjM``y^LtY27X`;4(Se7&r!
ziNv$c<_ukibvqpebEkhB&y*dx?y#{J$5MCtP6JP#(dVn)zV8d3KWysGJ6rd4rQ~+~
zmTbGfvwNUj{{>xyYvJqZDSzyzEM~UloZlM${!~Bywk9P7jYP-uHNhs~Z}q7z*hb6P
z^LfuL?RUNro8I2hQ|9xqI63VcSA-XQ-|dICNo+As{?eQ8EWVF4hEnf&-*dg#5Ofc&
zFc&GX^_<j(D6Vbg#cK4!e=wl6({!&4+HpXZt6UTa&BsxWs_)xSu-D@0X|_l;rB_}{
z$odZbDoy>%$LM?Q+t^L;_a=Do?_O5r`hn8(O&*>9o$IO3@vCPFgSp9Yo-mJ!OEA_+
zu`zpe5XuPAl9#~a+bi7?R6F$LJpDRwZG>7%zSoMJn>+ArrHfBF@@0BMofz&$UuHRE
zHU5D7zABDVoI(z<J|Q#I3Vn#!!nEWMwB+5Et86bDceUDizZUF%7#~9RkX62W_aU#j
zqg0ZtqrfbB9PZm)je4W%u573!uiq7W89al~GtGEI*lkJ(3wR?!1z!ri#Qm@uo{IU9
zC%BV0;5IvYQt{}y!TrG^BG4n-$^@z34bHd?^%!x~BU|WRv(y?<wu~)S$LqkRr*0J-
z{31MV3Hs2m_1;1U<Nts@tjc#`!t0AKXkBJzoffxY(jK@ynbx6FpKH12{fKwjaRq-7
z`3oy3JK!365<)lZTd<yF<u%cxfJ2iW{yF59d?Wv{xv=LnTG1@iPS<|Z{xi%r@!tLI
zE{ZmeG0r}s9m70>Im4!_vhKDnxuSJX@~---E~_eASH9agW%cgz*1vUO^Avte=L^1D
zOG!#0&INa`z38r*N}z-8>ONolVE#V(xherKb}!BcmJB2gv_HaP4vi6|T`k0-o*-H?
zG{PP#m{+ktFSlH)nz-Qt8xE33pf4eBI<!n9N$z-H3Fl}VTjG%<!alUbEo~cF@^V7n
zz?R33KxR6$3?vD}k;g8;8XaCDOB%$n_=``<oc?-fmiVlX{A0-!N!sWghm;$8Z;qyo
zDhqTmO!dejl+=;pnMu;AHRqX0q}zV>$RelQo_T17TY4M&@9nrPba`wE_uohlEdt8#
zNRQ3&?lFIS`D_XQq3DO^Oda!g&OEe<m%(=ruE=AkIryqP-5mvAWz$d<#a#uund%yC
z6@A{WO2JFMrtp;H9d7N;(pI<E94Si+TVGvUUr%9ITiH?*94}72I2Jrhlr(k|31TZV
zv$)DU#R@`c<VowoBWm-xY-K%vR~Iu=Sy9uTW$8|sgT^t*)E7n8+~myM+)QUg4@@gp
z6{>Ws%PDHA|1xBI1S_+hDUcPtPHwKv1&w&jRo2CknaE5fg^yvASzs02r9xD8^c-%h
z)t8y6EY4=8zQUYDYiufn`D=4kb#ZDcb1K%+X01(o1@vSrDzkMdV(IKGDq_~wVJYGb
zbjR11pO+min2SM`mzk=IL67AsikLNdy21UJ(Z$kJ5)iawt;@^Hv*Jll)XWKYnlGsf
zm6ur?N+{YiqSRMa<|C34u&O7pR#RtcY|H9%H2KWth*Gw8xM;b7Mp_Cx3MH$0eCFb%
zqo8h6G}m$!UUs^^H$Ibkb?4KclapB0W!;57VlO$DV8x26dis3G+|b_DUS=t7V6TBH
z>UvAo@7<r9ol+)FkE}&>L`2$J;$qfk({(XQ*IAR3QRP$-P&S7+G$E*S6*WDAwv*MH
zUM6*g1(oXHe&#EyECvf&72SnETQRt*+|Ii?sv_${u#l&d=BsN&)pl~8z)G3eGu2iW
z<=6?SEd~QY(~s>cW`zn&iB7Be16XJ)s-vQcbxN7s<|tCVVyT-vR9Y>F$YL=`qpOC0
zC<M+*IE2Dd6sC96yAM?L*i~0pg_#SNoS7{zO--X{F+@WWteLUuz<TV7Qc8j(-IEU;
zILgeDv=zkB61*dogF2GDp^{$vyx}IvyB?CqSi_Z~?>IE{2Rho(@2<~nIg2%<tR%>U
zVo+bsUYr?N_-924X><L{5XB70mNA1)%m|x_jUr_G%CM1(PE8X$$3-}dwWB$i8Op)U
z%ScH7gR^&l&TQ${g}XaWI<{@wwr$(CJGO1xw%xI9JL%Yevd_2Ach0^0{^yRHG1jPA
zRdZI&^}eg>&06bu<~$Bq%#we!KOz7RX*@i{5ng^A@1IK$duN?D^B1X4LMIW}x1-vB
z1s*FKc-onC<Kt@=BWoeyBRiG{Dkz=F3`T(`QG%r`x#t6@s0h?U)Xo{KQQ4)S;Eofc
z^<j;hQEK4L(+E2*b@A4U^3;@OEzaJDvkcQ4_da_gKOF%4z3!oQXp&mRB}{4o$|bye
zKJ$ELrnaf!A@`#9-7a@QU2t~4o}1jnRI$x$htN2?Q`B263V~W3D@h#E%N$mDSB^3c
z_VQBomRanyqKAz@!kjLVq=?M9j%t@Lms3gVMLX_E!=FiJEhU*7q$_Mk-;(M+O6fHG
z(L{}B$VkzB6_$G{LF`^n+hm1~yfOoByrR#6a-VbBy`xw_;hmgR*{n1@@(xu+52`|V
zH!t)=fHlFyP@@+zepP^4v0uHwPDR+>EoNH*eePNl^>Spy1XV~g=F@FVM!AH3jNjJv
z0Ox4GErG_%EH70N&86CjDhBL}fm(Ak$?A#|O*@o%OYWYb-`K<MCHdPI)PBnXc`>q@
zqbY_N9?F)O=84R12XfzPu%2(OxU{gD1)=S<j}_$QhMs6*qW<DCK(Z_HqA$63#2}~N
z#V4enuwVGFWlgAJTk*pb7W8DNwvQQ-y{6Tk<yts!L}>sMmEakr4^<0kZGK1Scb94n
z_hnO}YKrfu>D)+a;F}#Z^RUW(6)@E{nqe9fdQ>UbMYv09c&tQs8&ZDMz{L5n2mgzM
z4i<Rml7EWcNpH=GapTPeTcnrf+s(@^=C%NE$8*=v(IwK>9_G{xc$>OUy|3+=YxG2)
zwBY)iF+}UjhvL+%cOlLmHRrlZYE3$pd+Y7(%50nTO`&z?#m>jc=#Q>_@#roJo0l#Y
z#Vu~Hlf9DJB9$kFX6v4kA5|Yi*ekEx-P}Z8+K=n~*7n2w-tW8E@E>i_60hv0H{MS3
zBO$~-8IMnjXZ>9@mR_Sl@6f2v_+9&Vh#20eS|+G_-X$dKAFpBSZ<ayXM>^|0g?{DF
zdaA3u?ovJ<Jnud=AZE}ESW9*~58peSx#!N;TbUb^8qNY7Cwb0Lt2qFGM`xd;v%FF*
zLo32)YgEL~1j5HxGP=^1Tj?9)OqX5th~w@Q-sQ&<iE|8xLNLdc&dr<XRaecMus1du
zGgjM4=e6s>%$U2kA**w;>pnK_u(}L8yghfH8%|djZkC-t19wU~^RBNHHjK44Ox51^
zs~MeP7C6ss^i-0V+*r3jCQ_fCTL&M!<Sj+7r1HL}`f|M+TuGfF+)K>`Er+mKxS{rn
zUAI<dH+i4L^L-$+v)i4)yPjcD1!b@V0nxJuV-8H{S{psh?yl^G+J<vfN`L%t)lhrz
z-4&$C<@tk*w{L#6qWO&&LJFBi5@>6}R<hp5Fqd(NF6MhY_xG;NSZmS-1~ry2!cn>f
zIdfHWR#VfuqZ``G`hW^Tn#5w^7grY0(|ZJI&;TK<xuytg)LCT7h@RgnD}Z;(Sj>cl
z>ZtheMG}<D05-;Zjg02Q(G&Rktngxbh8g(y`iRNV^8)Zh<rxpnBhe!DxGOZ&`CdHY
z(Sb4~Xo~XLTmcLylDs6LIs$!sk5e>J0{qj!!9uq63_4y2h5Brvjlef~zXY#B19xs$
zNp*o{V_@DHOcVw3RH#B7a<5O?XGcCj%=ecv|AABfA58JD;4-v~EDVhQW|cG0{5!mi
zf~$=owUD)ygMgvEzMZL!gSFjXRViIdLu!8BuRn4LQ$0gFT?bQZD|uZjdvNN{K<~!(
zI1Hb{ryU=kwTn6>BLh7SB|Qy24lO+m4Gt?at0uLmgRX_CKChLrg&__NI5n@mzM+)^
z4l4~KIQ7?DUlmF^T3T>weq9?8LsMgu&rW7maB6u6LrWzbmQRzf;e|{s4Cy{c{UXB4
zfq#<P4Xq5mP6?cr;U9u&(lGuH!RR&T#v@l~5P-HkGx0``^#trZGk*C;qo5EVy~(C<
z@reA4P>3b*2eRHwcVAOF(Gwy*Sb6sV(>jZM(O;Abv)0$n>W$Z0sYLDT@D6trncQA+
z5~VVoU6A*v{kW?@iyh#2xNVo-b~>YabIYLUoXlD;x=!h|NPEZNA`Gk2haYTgE2QRj
zDtdalMG4g2MrtJ;j~yqn>^0Onv}g1vvC`G8(~25@wPokjJ|z7B=gQ<48OXGkJLv>_
z$SLhpaa@cpud|4&gbtE~Ydz?iOeB|L)jr9ZXGuD+H%)Bupf|3eK&`DSXR1sT4?0WX
zw9{=_!cW3zY7sXQ)T%KGXgB1->7wnzzih7B=j8N#mGYa%R*CYw8LJ(7W_=62vwwz2
zwto)8w7a#AIaW?5Eb8jlVtosUnAKi-p4P?_{y?XDD>xVTmc^N^Iue!gHr>62Sb%*N
zPgg!dPM1BRP8z;t|CE(SZ{1k}yrMG2Z&x**F(=4x*>8D|oExd%CKf`xK1J$r(Jnvj
zBWD!nnvY`VEAd2qZQ`+`kT5UwqRnNO+g*xCuOKe=XU==O=_q^FXGA06E)~c(v(ur6
zA-Xp`_kjlxW9M7)1G2Z!I+HW*PU?tD=;y*)_p+Q#ea`~z@<6YiXSBB^<vi@o5+QE4
zg4-k)ZpM4;%h;K!BR?VTPUHx$GS=#*rBUNC8uw>TGmf{7!QD$_Dd{d9ZRxJM)T5wr
zVeYX^FTqa`nLBHn#7>2eIncvK)+t#9_AZOIq7&;1X25F6dGF?n{SnAmZP(^lJ_pV}
ztw4sa=&oOvD+dSlf37rYc}G2muVtrT=V<s>E1#~t;n&6fe_U{;cJ>bZCZ8`nKUal>
z?!RP~&&8r_YT#gEug=U!gTu(kghR*7jKjplgv0o`2*2tq^z{GPPDe-gm;AThSIPXT
z|5<`F(bD{7`&ZwW-lskDXG#BM|F5yW`u>tX>tFNyHTI`W%Sr>z$U^@g_W#oT^5O5}
zuQ9*o`PBLA_!{SH?tl9O{w06;_g{VdyZ^8A`Ir8e{I_3!`S#iV={xw>d3@Es>{&mz
zqAxvq7S?}%9$$K2pUY?Y<@<jf`_m5mFWb-dufDHy{Hy%*m!6T~FB@7KTE@Qw&Hvby
z{=He^(EhcX%7IfWSSwnY>RTHael~q=P5;YoMgQ+B;a}M^Xc@l3eEm~Qum6nXLCZ|T
z!th@sd91s;x*!ZSSZ8P%$(u8ox-p>XxG|X2Db-i|q51gJEWz<Dq0xx=ArVk8_!)iM
zO~%0>X6jX88H|Ldwy|&N?1%V?g5C~<Vcmipe2tU_1ERNk?&d?VMes}QQeiwC2Jppe
z^JPQ3s^Fq>KV81)Gn&U;nHlL!U2TL&e$thIr79Naelj>B->@!U_eL#Q?wQ6xRrjqZ
zUvt|Ezj)Gz-ln86*k{V_=}XO(hQc==pao^n7$F$CX9HpNY{wI;%HZgoFcN(W5Tx>1
zt3`Oa!k;&J?1{ow-;0hN$C&lrb(E_KuQr8?Iz>f9(GHR*px5BsGP(Qo-<ih9*M0Ua
zFC{V*!k&V_M8N}mw})T$QhE6b#p=1{W|8m!q@}t&xK8R(N56R=1>9xlxke%jWNhd#
z5Q>f%h0PmDi#iTZFetaW_Yccr4Ww<OXQU)##JNjqdGYGPK7CxkL5Bs6sM&JbMl+td
zE)z-+lo&AL`e{$E6%;w`Zf$;Oo9XIE+wc;x3U^{CUDLS+aY*Oxjc?CIL$)~Fc1uac
z)a~6}#)kgkpa~+Bj&2$@-%Gj7-W{&e`Q`DA>h{JnIoA+zkA;HI6Kkk8!2n*vpK*(D
zwfnc(P__j<sB#P=5b%iToD~GCXk+(JJGq}XROOGq+#@)~stzNg`HOGv)`%$32`=OM
zWPU0VNZiK`CI6ynY%*;YaCp#;1sRE=N(g0dKpwaQ80cquq;ySeAEu~|yp1`)Eu_DK
zv>0SP{sBNRc)J)P<_Xyq?w+^{e9<@7VL-a^oh5KC?a@@(;n0?{*zuRh1wSO0Z%aOQ
z!P#8qY-8Mj0rCS@iuAh}7CZ)9y5ehANCLYw#Y)>1x1TruOUeZ$foV6L3l)(>la`7k
zMlbCNzh9N<=~Sigu=e!xrH^<<i;Yj0tyf?BbBklcqBgVfeM6nuXIiZBWGz<7iexs!
zKlvf>gHh<}T!qcW)i~V5?Bw?K)P1L-;ti^l2YUo@)7gt5KPJDADCbUTAnwy6sylWo
z??cQX?2#*)V$y^EDf5^gmnF;=xF$4sGBZ<&p@vaRO)x>~{LvShmPaPnsLfk4NHUKr
zR!tT+VzA;b9fFmzEq~wV+Y*ty!O(Z8oU2`T>qtRqP$NNS)ULIsqb6&aP-=2l8rfND
zGzaTMoKpBw*pvePXT(Y#jwp@>ar`>KiGM;t2aKx7Y{x1RCDycVX||Ndyxz)6fBt9F
z;wklT79!(|Q8gJ|Mo9Qcq41qV{*0(1F?z!K6UfWOhBcvh>P^0qw)s}!APF|l23Kck
z)#XGnC3Wg)8tiz-odVi@J7wx+nk?dYo}BR_bOZg1TpSD{eFay+B}UK1W9R$HpIDxD
zfh1E-VH3LFl2Lq~c}ZFqX7!HR+6~er7v>ibXV_<&JD=pF&h^+i<WfHSxK<&A8t<#8
zhzpau_4ne27678>UCpY>EKJFiwrbknhDzj^-zj=F!Lyv(SIyCLOI|9?e2sW_vjaM`
z%mO1`6l($Lr#D(6YTEe{n;&2rNG7rOQ%%Qv1S0ggDvl-Re%3I**jN}(nxBP%r_`x=
zDw<qJ_?TS6-Bubpe4@;YpVXTc7mb@p;X_};m3S+R8l1>vX(1x~HTqDetVzVP5)8*S
z2eq`@YJ4ctG*h<tX%(ars!Cbk+e+~vfk;e_Qrna985o4-QIll=u3^hoG&TG&e2g%v
zCr~YD@&r3&80M8(8Cn%8N+(<+!U-pkBr~uG$0=<qO=J<%l*JUaZ^Dzo6%wtjcJ1>W
zuJ$hI2HqS<N%7xN<5e;vwGtKQ7nfGB?ikwCZ8sXoBdn|y?sh?6JR>Z<PMl0~*5a%V
zFuV@PAtUMzpNu9or&zcuMaq3c;pxgMVRp?OhWfJsgdkIZ3u5eVya?*`eB>g)wD%1@
zpXQ_hw^x|hD2ZV<+11W~TE%7yG3K_2DXxaIV2*1ODdb-;bP(Z63fGYsyG5*?J`7g+
zdO(#WxbzL{W(!q_D(EKnf&)As-l8c9Sf&VNXqkQ@8D2Y~2ul|jXF6qXXvl{mdMvQ8
z%K}I3`oaT@@U+UM42o&<=3Otg2O}m7o^mY45$EgR=EbslnBBFo5ii0Z2#TM|Nph&l
zBb!=ODYD^Lf@+j&cH)iTTdkW)XGYd&W5BP+&CYMe&C|z<X*0_mH^o+K<CbaKa%yp~
z`PKKWu-6!!o4}pN)u$dYs9Jt&LPof=Y!xyqKRZVawhkU5@F^($o|aP+p$8wA5xq;M
zrEz<(C&TS1SJDBZ*sR3{C8sC&{j2`$P|t8dg<rKCH^D{)zu#;Qu;G_spo%Irx&ERR
zpJZXGz<f5EVu<*`TAL5jc~9)2Z34p&S2bS)n@gceH>GxLH)nK3=kQ!)(z)b7=kcz&
z+gG3nX>q{iC3y7GeB@SfH4rE!Dsn|Ja>w}9S4_`wFSh02&j>wTFhH9M7(|;23IfD}
zlAVpeO=7EJ6P2g_gsQYeCZ0|U@&X%N4%AeI{kZ!T5TTVGEB5T&@=~rn8}mnB=D5yF
z?$>WjUIsbe<``nP9oaa?^kMt<X`DYlkQ6aU+4SoA{J|RK)Q^*Q5UR%0^lnxnK`oK7
zQv0xB7qhg96SZx?wQ05lh#<WPPx?WI8S}L$V~2-fQERn|;)G#vxut(^X;Kx8aNFgJ
zZ%Imem1#{QpFZhzlpfx?aRn&EBT=fw2+v$)7}vpD%tA>m*p%CfAh!QLIvbOfDUDA;
z<a5fA(PCOD1C^?Q@d(9tL|_rV&Xr=%?WlSaWKW027rto5{%u^j`EX=eF~1y4aGnj|
znRp-LaR}W|2hS&su`<tvgynMc*rOcEXGty9*-1fPr}G;!W*G#^(wo$MTatZHF=}Ki
z4Y4`yew^_U(z%KS>-vts(IAu{B^GkT7l%ErW~jj{ZbD~DHMn9y+CUEWG@ycEQb?@i
z$)cd(%vqu)IY!ayCLt;E^IKu_XjEvaH^9)VI&XS2=$k~#6ONRqyplSu-fZ!C*{)(d
zUj*nX%dp%?@oC%_S>ICT^ReNqfky@_oy{OBlavzMaZL+xE*cfR^IA4<m{&2N39FTG
zXpML4nh+bae>*MLDd-Z|I0?)~PhFEa4a8%n$VDz8AyumnCL0USRGO=Ik=5EjEJUUc
z9v2f6KVu3?Dxt88&Y5+G@M*g*cfyh|?s|0ET1n7+F!rM@w={1_2|5qFP`L61Adso&
zU%7;gdS7)bx(D%c-n8U?hCQFmSc%~4qDf*2Ns>@XV9>)hWgv<n&<@1!Sg>|h8Apms
zQ#N~J(}H@^0eS|Rul=FTkA->zL4G(o{QG_c>UONw;*!KBK2lJ#=VWw>wYZh<qh`_F
zOEG)aGz+zx=p>*Jf*Nx^G7Gdq>+@j~6+p(m%4n`EwAuG<Z?6ptZKeCb`y3~vR;`E&
zHkg}JwE7O=VnWt@;fk5l_L7TR1HKt~N4^Wj4Flp!493L|bY_M&pQdI`s|kYUbt!V|
z)K9i(l+gv{q9(w!dG;fkOqEZr`P4nR(k)F=)DyT`2UyTH`)lUCHO8~&$kLzM@-x25
z_Mhw|>~}{G<zYt;zQX9QkNu0w-p&-~n)8nOL(Ea@F3*pn+L5nC_01g(cdY@ZTI!te
zMBIOF3t#A~<cZ4+<uL^97pc9DN<c0|tJ0O&T1?V8J=fCbZMoZ^-zdO1J5(f_jtO${
zrIt-f?$9ed%qp;h`oPAeRBG@Jj$HeG0A5tIk14l<`_xio@o{RvUd+B1n*ywe%KQSs
z&&GbeO609|LcCfdInP>gkNyN~`g5H7-zOzGn>}#d!0B>zeb=AGM@fs7O%gOC6^UIp
zIdtu@AQ%}D@^Stho3VQ)=@p5eYhwOqw%Abku8}oo2`n`3nWa=U*2e0-b*z)=1+cUk
znWlcZozNFwv51*Zl}g8`oCcX$EXs7K*$=s=GY@;g?7<AVA*=hm>CSG#hr0i62+Gox
zTOa3lm!pU|)PP3;Ha5GB@I;(h!#8KI++XH_c~XFi0s@e$0xHCOb)Z<VQeid<{(j}{
z%HiWfh_@%ai^ah}k+cH^#VXv*{e6d{#gat3kGDII1~GEA8WkuR85N7{V~HM_O)QUp
z=ro}w+%d1y*vB<|P~WD{Xzhi1ESiYN?^Y`+@#GXvvCj$r_}CRwf*57Mp%oqR#LgsR
zujm(|SrxjRk)f-9Kk_?rdLAn|ie@?1qa7Qo6D<~>PGe;{F63jia3OGeJwje&(%>E~
z#&q^}JsQrk3rmo#Oi%Zf9bJ)VReT>8Ke;iID%Id(ybB3(5@6L`t1X~E9gli{@#e0o
zP*W*zmoc6J!?e7#6_UD|m*})|8gEUR8=Rvqr0FV_4+|cNFGmKXRjp6%iO$~@)U$5n
z$pBJ-xK+b3@bN=hGV;-bAVCU7Z3#+k&d-e>Zv^WzN<&t`xc)I{S{3o(vW4vQ^YcCj
zrxLR_UO0`qlcKWg>UGj;SA4Q6Z<o^r%XvWlh!ldO3hGBqN*qwfgaMpIJ1!xkA`{xr
zNH5fdVVk<2VFtwsx^PsJbj^k$iQ8Fp9;AIibnT>lReOg97r3ZQBh^&AT<U?O@l4VO
z(XIM2f%<=t>6}FZlMGz=0)-8haQdJPRHRIie`ClUj%>x^iUvZ^c~JJ*qDBs1Vc>tX
z{6r@`S4&YR>7x*17d;UA{jJ%i9S1w9EB;Bd{yc(CnVfk<0~K*EvE{mW9}Km6y@QTJ
z0P!rTMX695=oF&SQA~-PWZ*k$<M65>R0H@7lF=x}LS~{5I|+6|i<fKCSb#yaqP!hs
zOiy$y1quaIoM==XM#i*~nyi`{c=OL~5yk;yz%+yq^XuFt1yeQJ*OQjB&{={?+|quL
z)eQbJx=1&wE7fH;tUMkupnMm3gTrQos-yW0Z@E7S=K>tptSI-%no;~c`bH1ILA+ay
z2xnZZQ<M_zk1Gx2Evvv6B&#kUO;Hn*!2LYf_`tCuXeF{Y^0y<P<r>FC=5d?;E;%FA
z`4-|q8xEia{Pt|c$1>?q#xuO4LH?=AA!Q{j-{W(-Lm{xF=-8?3c7{IhX}G8E&76BF
zWx}}4>z%n=_V1v%IIf;w*3iA@?#}|*bG{$+SgKVuz93w!Y!zjhA1<{Z!(fxO!|Nyb
zNhk{w7wNzpumo+vq}PtnEn4FVzyzpyhnjpJ`c8byrrKOgBIyq?SLHt-Jy!#m&=2M}
z6-X&11rh;^pELJ;sD2XL^LD$UfwHBAF>Yhmy3GZ|d$me=%{l50b=N=jsjHBw4T1h{
z57?2SY7w5721PJz>l@u9bUqYr18lC)l99iokO`CT5NJ_^%^WC*s%zDC=+#JdFU&pP
zk=lhL4@In5mXA1!%gs1MJI!_P=^T{9IC>B*V}wF!o;)T|Ucg}l6xVuzxR8l4A4bAT
z`ftLUk`e>Z9a;1#Lv~>0AijOVY65zVRNcCrT23hjdyTiI&)>KY78|W;u9#HxC{LBe
zgrCQWch*IGM5$W7?S5T!ljhSGi_a@+aenM+ODHL{3-dbV^fA|^Lnc3RcUh&3cM9_T
z;4BidRekZm!ZE4<*nfnE${B&Ct-FHZ?*G7}T~_s>?v!)4-nx_lM!mojCPj*ZUDVcC
zZ$1p{cnw^74$w)Og*hEIC`~oxArYl8oiK3E*o?M7r0lO@gj^`-nPyl@0G2eBiARbm
z-m^0iTBPhJ`xzm*4+phfeHX?d(k?ozh)zD_W*qNWxkvn>jJ)y?aiXfA^EC74(HqJm
zV~XEIkaI?aa`2I%Ov{=kzo4zWq{JhGd!9`7XTJ};DSaBpv_o)#tz5=n2*VyQAtE9e
z3>O2B7CL_*0wobbc!j}hdeZ8mS=In!`qkbE@q@i2joo6P5Astgy5AG&$94<l?ZviF
zO9-P#&~B^%-bq95bTF7muPyIlLaZQv+$LTnd{bz<;2AQ=^*~syexjhif^2+&YOcsP
ze<JRy{-r%)Cq~rJI9^d;;E|x7YmU&NYb{uNItjw^Q%9HG2jEYDD*IZ>cXDsP=J)vf
zBT~y*(!eY+*&%mXVa^&GH%A)O;C@t_*lS-Y22fy5>xN^(%8@J!7(&sZ?pbLIm>S+P
z$b)5_R><EL(WU^)!0C|hMt<^4E{nib%Ui1GuWgVQbv>9&DyDu;=nPBQq0>=~K7GKx
zkZcpnTXBGWvrIUv7FY6vK9m$Sycv*WmNLC8dX(ukJ;LGJis)xGJx=HrjXmdJ&u-{r
z)jcXg)`qvnDMDS+Qy(+H>K4B^RR-K(@`NL5Euzf;GSKRK9=nKCy!8D#m|Vh-;q!*D
z6zKKZAZ>7qW@N4AfLD{(l2uRO_~cWvl~dv=CB%YZ$AU?NUV#G(Dm8vhQKxlU7qo`o
z{tl=(_TCQGO~rcwY*i);4JrVf$k0in`QDNBFylA@>Lw7R#ig#&>9keX5NylZ9D)yU
z$2J=*y!{^GI+epI^6=0L<$5crhPvjxNGM@t=#}Mrs$MBrG%J3j6R7~J%p%+GSzRz<
zz2$hX1>%n}b@odS#03Lp(HaE~n~4y2{%0r459Hk~_4<wbWu^0^;^oxu)!S$uTJG>f
zYi=MPzcstGOLD-qU$>=Kni;QKf>Ba4b?eI%IW!w>w3elbzC9QLSLwr~2ip+&wA7Hr
zckd8)L4;}7ejp}$02s)>Ox?rAgKKHr2uG8a5@(2vJjcV5jtHPI%1M{U8Z@Bwd6i}6
z2fd+8?9`=EVLM!7bUMT*N(b12rjG`0pDNU4Kd>1^vfqYLmSw3=87y##vOi3e)Gcnh
zeXMW8u5nhCKRKLJLQigBgQ{r1txqGXH?Fsk&C#FNsZeYNM-l7(Tp1`yP1XeEsE>|L
zzJteH7D@VkKECuBt=SnbvZ6GSNEA3v^jnA2o{QETdR)Ij2-P>^*lhzk3(3Hh&&Z;s
zdMd<X@VrbR&&i9DSsurNkj$>m_#&jwXYv-OQb$2;_3F)dRHE((i9cWUx11%k%bfD2
ze9qZP5~b)0P{x_s*28O5oK_?f5!UWQ9KCkDy1}?@`If*ar8L?yWRCseh{K)uO5q)(
z9?RgR*tUz|y>|UOq?RrK4Vu@%U>hwfjBgF4hV6XU!F=HpGaY+{rCe6Qs^|i>*>uC;
zFKl|ri0j#Ndcf#a08m4KI~{x5q+Hg)WQAU5b^A}|No1oqrLxmz#>4AbaTywgB@NZW
z`6;1l?(r$Aq<Vej%g=y_IeHv=Q$@@3`oY#v7sgSj`Y5e2;f)O)pT%Kwk3(7LD4ZDH
z%&U)EcAg_eW*PkD!o*;0e?od&P#GH})xB-9Wb>r%n9=|=uO7r7N>^44FQDN(T&I&(
zny%uAn>TN>o)7MAqSd0Y2jEF+ydM@)>t6L1=B*}k&%yU{hrR0%(9c;&6@hFy0^^S4
z?*ajS_XWBYh=SUdiQ6)P!;tWG6op||X{pb{l#7(2zLG;Za-8e?l{lHkfSL3F+_XF8
z4Y}svpCO71bta5KHZ+khbV8A6Kzu>xiCS{p;H6$VFA<CJF`9y~DorqvFX!lXsnQxV
zHx!w_G{NdcboXxE#}3YtSDe9wgN2w%g~5@Fd8syC=VmwwHc^%_zhSL;);8aGgxu@C
z5_=?j&VRo8<_>k{`A5gXYL=xvX<%D!zT)%0XFy;;Tu~tyl5ahaN#78Xq^J6sl%?}3
zBBZ2qWM|LkB6*n}08B7k!dHjapLV}XYH(L)sxx2h4LIwaqtY-@^wrSxa5zSL70#o=
zqS|}J)(iS-fhCG?!Y$(P762N;8Hnm6@kDQx17?X`H3I&!acrws-f=4!hg&2QB#=rt
zA%F_02)84R#Y&J8ThlsL3|S@W!6ZrHcVXu@i)In@RRG&akP=<P1!EFlCAfeB_u_{`
zuA)w4$!CEl4i)2BUBa_W0#x*!mP_e}1sk-*El~~?11X@7T_V86sTC{j$4<~eP5|cx
zJ0Z!gjBa+6>vG^>ql6U0LsBJxM*8E1Z#>OA2g|<_7GwmdnTD**BpfJNIM8RjR*-R&
z0E0<9s*p~xW=mOG5wMm-u`4OR`HMn#r@JfZmFdA*gB~3u66Q?^!#N!0gqTk10ig^i
zC*6P!jSzQ$v~|YHi8t<(61nBnql%2-+>=JNbm|*H1*4ItNv}~srMnD-+<xkdtWmuT
z<lOwt^+bcF56Cqhw9}!dEPfjdIq8JVp7C>a>IUm4K{PgRflz^JO)%(IooX(sB7a0f
z;87)?s~zoxYSOF#iBhrb{<t8JH%Nmp)8tj|3Tvv}fu{;?)hUDEqpEH;)0Cvzz)=Up
z&%!el!$A$szyha0V?%5<*eOI*4v|ylCT(6@OA3!{^9uEyx*xkGrCWVJ<yfJHew>*R
z>WIAB^%`c^V99+YZFY*v>sNed*}E1@!+x3$3<G7Mx_`CZ{q`{ZtAqCi=MSlM!7e=_
z6u9A<kcPeCya0<o-X1G=yU5PV(~^_}*#{*ChePmSddsZ^Y7IY}Z5#$8qhfrph)^Vr
zTAx>5rZmKh>*D-`>L=-yyl%)BeBCJ3$Lm{;uJTnndr^eS{l&yhmU)&D<J@=`Exr5u
zS}S^8OHxBn{rH+YKsHw~XZHHXZ;-IG4e$MZ{V?_SUv5=J-sJuFDXwOvI$O;Iq6i9F
zMfBf%M1D3`XRCek0|`273UTMn;YaC@sSG$NW}NuGNzlAezVAD8z3%a?tCK8-*hNio
zf{w{>gGg=NwomgwBORGiF6pzs(BX#<@)-En39$^^-?~RsuY;mTz|irP!J>tK64z&K
zePA*5ioT~s*npH}_T={qU>G;Jqk8v)LcouqV8lF#J6T<o!eZ%ZSSfK`Q0%(;B;c(=
zhr=-RS`4NP?d47ptIYE$MRNEFZAqbQOXA<sbB0A^qxhguS9D2+Re}QbrQeyAT^OF8
z6ZUh|hYmog9^nm!t<YNfUX@=B2Ow?7$QP+tWE)Gr9f_NMKCg<2P=Xkm%?o!(il5nQ
zQX}-SQHsP*|9xi%(vp{+EHDY@kUvr-PC96LQ>`C?_+eKWQ<5Lt+E1z=dRB(6Id;~L
z9?SOaz!XHvOxi3h8x!sQ`!0EX*hZ4~?JD!8J92*aHnR>V#jgMu*WLY;(S`Tj+fCqI
zcaQbF=AlWvhmx=iRezVCnX*b9y79Qg?0!Y)o@MkIMQNVU7x&Wp-EFKk!cYu*-T4?S
znE=##-TWaIvQRde7&xppbRdxjJPaU>2RznL40WxzX-trHtPvE5h!Zoq!hj*tKQ>*Z
zwj|P#`b+Pav{tx24szuEYJ*zeWh>Di!ses63O#E&I_2|;LD^pdvv54_`Ys+m%yp<L
zmfRk?soac;HK{3h*j+@iz>48#=_H7vx{X)Q+k>cwoz*c?8oY}7%tk8i#F0RzC+{|K
z>LJPix%f$7S!8WM(|Oi%euRpMAq{XHCO~mgslTG~jOuC2iVsTp*m7l1`_-wQ*XtYV
z54qNKmHd#l1!r&GLDTve1+`ICJ5h47UCZrBihO^+Qic%B10~9E+Nf=PnIz^bYdH0G
zYI0s_NV`n2xk0D-@$=Ws7UCu)spf;m>y5GYwfFNRay>{x1$8towrA#fLZzbp?05;O
z??yV_iEULr{4}(qC{tS9NLH#DeC!l;oLs1|4;?sM5#F_RpQ-Y*(a4hRJ`1G<KUC-h
z+g_IHHZ+kbd-Hwt{mo)M<_af_kD$$g)Vaia*lDDf%}&O#Vb!bdmdB%$3Pjj85vcjY
z!seRi_2}$Mz|sRoPC`b^LW!VL*nruT`kmCWP`O)>-(lRzYdd4$*<>{&FGa+!*LwRU
zRs{|RC5_J0j<L8UV-WRHtj4-H;&Xc^6d)>qF8>U+dHb+s)j9DU-SdNe%xi1OUa>jK
zkZ}2RKndWy>G=5kLm*t$A00h-a6T-dvB&*F+)<vVJjf(9Lk=V@7$AQVRzeu-1)DL!
z8`!rFuec#s=&r8@GHhhjX{Hd-yBwRf*8N#z3J>j!IyQI={L&8?^6D0z&TIFk;71!7
zmePTZXK+%1YaB=*rHbCD5AC`+B6If@ikQpRj0dkr$(nlnKvoxXQS0ksS>8$OfBwkz
zp5@wT@JX|^_0}FbNZ|(Uuuon^<aS543f+AuDc#vSzmJa@M9>eMlp+wgLK-Q(nR|B4
zkiejQ^?G7J4czJoknu9L8lIT3C{)Jikr#Yo<%_MhxhmMibjN?q0>Thhe04FL484H%
zYf@X-YX@IufsVzkYcYkkXwR<S7<h8(sJ|4nydejBt-PVbXwtxRfGJ{JK4WN`0gU4s
zNQuqpMVBxw#DKSEC}5#zN7bDY3Y;-&(}Cl60v(c~kG}`xmqtfDQWNPx4DbSNNrY<M
ziid!DgD?vF&IFB*)*D1k1FOtn6D+zpjDlSI2QTn;&~xMjMxLlz3*!KCD413uL?m8b
zQ>F(^pqUx)$0Ds_jfQQ{Y(JyNWUC&DSk>cVz;&tnJUJ}ROQ~qrg>HbQiixo-W*>$x
zjJDjXxOQmJg@R=+dN@6OeN#gk;W>vzI|;J#H)!-nbRntNy!$3Y<gV@W>gStfWNhK3
zhxzm*t{vj(I_${yK)<IDo!m{TY`M4a#Zw?W6j%n%_NgC&G7!8+AhJ8W3G`+>FxXlo
zw{_Ggj%WCR0X@Mv(x@u)2L5V+gfJowIE^ei{+d4zZ|S0CW42gFxB>uC`G2}*$HRwn
z1%`#H0FW5Iq6$UGHP#|6K$>$8+DFs&t5xdMmWR_Xye<f=(pDRx0^3vu>Q$D%MA8xn
z-oF0Iu!jDC$43jl@`6Noe)zG5DzeChSv^z5RPz|e_Q;hq(uug7wNKMM{Q*o;TK#?3
ziH|hj_Y(a)Pvd&+iJ<pg`J1x@#QDdodz|4P)(Q9*_PfoAlVPz}pW7|hbGJ2F%*b<F
zcyGYS&%5N6JA>z|*wIQoOkCl9^kISv+a0*xe5uFewUA3Rs~<x9QKA`-z{|gmy(rQo
zW?RAh4jth|0A^lx_8o_<4}|fs|LC~^%p}Y(FIaa!r#x;1ThnhS`9!-3Jph-{A2DxV
z;7Jtja3WvcsT}sV0((km0a!w8)@OKmROuT=<(&<Un3FIgzC;T)Mmy`$y~fjTP2R0R
zT>yA}?~+`?HPI_@X>(C9o*JL#EPok{Hd4`hEZ9cRn^3WA-MEFH#g3DU<BE0?0f`IP
z+u4&Immlw{32(A!d>u(OvTW)!Sv9h*586>8Co**Sxg??@3fmF_^Ul`!eUV6w9lSNj
z!o4p#!$*Y%#FomZe&7>oPn>aG|I71HmV*+G{z;Xi0-tn`d&iWsCE+Zp2$BF%Y{wLz
zmfw-X(pSnPxF~KI^r9f=gNAf3a$t5OKYej%)+lyDT1e7H{#Og}(<f>lCl8P+^B|a4
zX2&!$9*p(6p2yBVZO1ew9Ofdp$dN#N2}$~NM0NYlWrfGC|8Un79~IXNK{~CuNsuyA
z3U3!uc-J&!&A+Wog)N1GzHxBYNY3bWJ$#}dBW6N<RV`tGhakHikl);mEy+nBK0Q&R
zAm2rzhK?RZV`aWj0{Y(Hm(xeYxVmkM;Z3X-t^iAL4iN9@clkwPFKdSQieCNib{^+u
zx}|wG%C(t=^_7J@1QO*rtr$g;J4j1TT{Rgw6%7p)yAWSE1Q}mli45J(_vvmwDlA6<
zIGM?N?nfPE-BuEv0`V<5RhE`3#;DVki|2swEZ1QPr`Ague$p;9HaR!e*YqYfW{P|Z
z@r!|)b6NhKIbmaN3}N|6QlE>_MM^<7Ri7`^Kn@mI>Fv4r&4aSaH(q$>Km~n3UdGO*
z&K5uKQ$4eSbfK{lks!W6l5|6&g5KTf;0&UiGpuO&RP5|7t=^nh=UxI==mgeu=g>GL
zND>pt<A3krs-9m|M>sX#06b*n3aXm4rBiVc?l83gpc#ccSkF^epC_3xv7eK<MOLWA
z+gwmoQGvb+Ru7!$;N&PIBP5(nJmovc7v|XLpF%qYEJiY=Dbr9(jAF)5Xr0b_2!~sW
zNN>Qh)KE$}R@}C_qSohtqgE59IqVPV4CKc=TUig{F4M6fBHTmcx$3tLYXC{+v!HZF
zk4Cms`x)~Wuil0rM<cs{IM^|#k_WJW0vg##052y*P_Rt7it1;-Z~+iV0SqCsr?#en
zWHBWd0;j_7Kb5R3f7Tu5lxlMdGLo6iBjwQfUKH}|#L{uJMO_Y(dugwUrouCFM4D;V
zmK9OXRMiyJIfKT!gX<A4K{uN8^34drH@=U7(9HAs5(q3rV+qas6o8NP%xHKd=~!U+
zHSrnYDZ-q#MQisc5(nSn-v6X&;hm8L4+)v~=&Fa4m>+5=)?Ir_P7QdaB+-TXL)o*k
zZHGt)ZNE++K}Ne7kUmSZ?yIn#Tv!iI+Wqq4+SR3m8tVy=2L>%0pRF|TC?8x>HX<TI
zf)Z<Um&m3{KDPs_#LuW5d5L95p9m!S@~|Sv+secgs#|WV-=aj6@H;aK;RZz!b2mRR
zq<WzhRk2S|t$YA!HKr>d!o;^WV5Be;HV&iTL3nL&bXbh3Qa3-}BcwB+X5Sk#rtD>y
zqi~(<69ZnJe$ZE533s#Y(xu0gHn^f5$!ZohUkqm1<W~SNmRS*=_N?ZdZV%>`^{3;U
z#CC(nL!<SYIJlmcl2qDjZR7k5)#%(wA0509{vFQf?aW}8NdqE4m7@C$8~tWq1zoqE
zQe`86+kEH7igkr};UxBPOl|zYbVz11W+Saf=suQGZ(|1QK|UZMkOtGBmAG8FTgd-p
zbFe<Q<XhT<cywM^1N>~B-;=<v2orS=e|(8m{{*$&j$E`r718e{dK)~(?&@o?%zE+3
z_KG32=8zA=G->2z$?H@j7e*_MwY6K(hNOzh?FA}PZ7K|{t|kgADM<t6i@);`J%T(}
zQ!MeWmHZ^~lwLz3?8owahudN!)GUw&JXrovCqmG?0PlL>mgiUwIH*n-34+|T!K4Hi
z*Mc_WaR-dO1WqO-K1z^=pK9ECj|<;{(?URHA#(D!QV3%n_8)pYOlhdIS}YI=>0t?F
zvQmio@4U-nHl^DI0J14phNtLPchD-|;vGa}BuCMB_Kqb6ltYWxbRwxI^M4>FoV(VJ
zyzG%J)<4Pcej|#0qG5cm1VprL1S#BJ^}7_!M<CLBa`DjTT#lTqbFmMuDC$NjNA*h=
ze54xW@I2(FLKT?Mpy&d=VO7bDxIA;=g1AX}oCrVkjP5z2-+AIFA7U;62<;AAvPT9r
z!^FV+1puIf`D+VEhMMQHW&E%)WB0?Za82I9=oGc`m;oWfiVc&a<L)+OcBiNaVUoD0
z(1nXF<^1VpgftUgo-6&Mi1gLtkM4EQT2S{Sb!sAD-jO!$mVA%;KpHj&Xx<#gV(<y~
zA3rQRjCUM~`}UW6&`EY{W7pKpmDh!yCYR?>y`4Svo%bF;>8^b=)riXu>y+3s$`@WG
zN}H`kRjj*!HPiVM2-M~Im!2{sPWA!*dwv`4vrXea(Vjf_q%U)x<1c(K0?#Y$mq(rS
zFa2-X#UqR&&k{HEYmLT{TzxqP^RE)IEi1J}rqE4kS!X$BZ6ZJ$4K6qN*jc}Rx6P%O
zubE9&=4v9gHD16`wDGJPCYFuJ=M=eR?MQPu9*|yy42^O|EgHIJ0x;)arbsY~c_UGD
z{TPLEflZI*BidzQnZsU?y#LId*mwxrjy>4+fa_AtHdJ?K+~zgNDWiE&V{vV<eX*Lp
z|8(4;iY4Av#J$v2+0~`pet1D4eNI%p26?hBnrJo(JPCY3%-!gc>h)9Kx~elnJ;1W6
zpWW9P<#G+CnZG+|%L3F3`<bEN(Z3tp_s!3Et^t?f^S5hoR#S6FG^qZma;E<2S<b5y
zYKZVx`?w@wCXolVmdtKT3EOI&O%G)z(7ZkeDdGJSUSy?A?<Djeoo(_*HLl^R-GM^a
z?1|BlDy7fBlHI~$YIoyz+{K$Jlam#g+a-OgifQVjPv-3AEpIx?5T*2-b)}k_sb*Ei
zL{87x^Co~Ovb&koNh}Ae-E^C3dMT6N-6&9R&p=kOnqak+8oq5}i3b#n)K1{3PzWZf
ziBHW~v+APOACXs|)dxVs6%$U8`+>gb-dqH_y1LdqoPwMh3*R|H<k=`Q*kgH?+9L}%
zItz}x0zsfV1FY?STo+2_+wGm1jI<A$+=zUfnUE7Hq#h0UJMLMfC_MMY*ccdUz53et
zcY=Bb(85B^l4T3>6O^-HL<-;$48l!7#Bn_LgLe~y(evf!^eZU6A|J&~9jMTElk~xg
z^(QOO5RXpFkp*im@wpVc60zQky>QQrdnW%QK>6=Xv$QlUv<&|RT>p1Iy8jAX{x|CN
z-xLA9f1(Ib@>yFL{3B0*fra*yC&0|~#S{1>3((Nh|3480z6}2lOo31I@BfCqW%}Q+
zw+!_3{}WRnuE%PJ1}5;*6&$-Qi0rywR1HipSB3y;y&~}fz~4XzpHj-8*QcrK1Jzl1
z1>mTT{^n*`;?KBO+rw^bS5OJ}m7Y`{_7CkM^`m8sCywW_Skyr;QSzq?>h<*fng^RM
zDv#xt*?Kj@r^&~&R{u6v73kTRF2koN8XJ_iWscVsjGbqjv_ozW-L7Ojb9MSF(t~!#
zn}>_u76;CYphp*ti>R7??Vce|BmUaP(iv$0?Ze8$sV92lvRspKvnF%;`#$eUjXcUB
z`Hwb;nz_N5+~VI%bYRR-8sLkFOUGW{E8`0~k%*S9>%Bm{W+Z-apS}aPD>ZH*>pp;Q
zm>2<UoOJHBn|VTRka7z*2GC(x{1J|je1FtTdyTQ4-`u89dc(vhe^$O~I=Lj!eiI*&
z^^V23v(D^3*%a~oqwP1}m8f;+Os#Wgy(N00z1<GzO-3=nccR@JG}q-%T;d(@5fIxo
zSLWRTRP>T0ap&B7{Jt&mdGL>5JAbN)d$oFxD15*j;@uHrmNIanP>+2qE~UOB@nNXC
ziW(@<7UUgvT~2e1AH_}*v(zjb|Kr8Y{O|Am{|0^k|9dU}BLts;`M*K%|AL+W3v&Mj
zss9^p{w04w&i{gy{|n0g1zG=3*g7*a_?PbAu=OwfFZs*ntNh#U@A6Cc3#R_}xSw_K
zFWCEE?O%OgWBqGRmQNV`U-IXCU*+F@U-B1(|6kB|@P9(K|CMw4za!hfmeT)%Z2yNG
zl??xLj!Jq~#{ZV1^4uNFLte4<vE^YcZQsZ=mWi@p)l%FPqTn21S$2jnK+IG;Em6=m
zm5CIxQBp(>iM*=VyPFI@Qe4&`x+oZwqx@$crSIr)Ge@`TH}A=!8w{YKYiq}3*RjC;
zd(XqQG@^jst&5kBcd!x8hqX(Omxqi?4^m$5HuU3ZHUF53n)%~4ch^NV|0!C36!G2A
zY!*+2n@QbQ_D2!P&VmYZWu#`9UYn?U3QN^>1@oIMp5WEsXh+?;)#K0?a%RMwNBS!d
zJ9-HX;)W7fv<%P({Zw_oG8BMTpbJZzuEv4YqjY)qa<~g^-<MpaL$b}FGd!pqz(<^#
z@#PaM?`7@p5Be~vPo0zKpj1Llka+bn{FyJWR@$?w7naSFe8JX%tiT(41wlEXYjw%H
zie?c?Q^$~lByr1dnEDYB=!o2GxU{6KKyTb1dPF%|4hS36dFv+Rb?_IdI&Q3E7RC>G
zj>VWpTDp;RnrDE?t05D)@ZVa#V-B>j_G?5D^-}Oz-%zj(u}ppMri}>EEi6&Q*dc2M
z&|q8~_3XzKmT&&%oL+YLV@%)`MSJMdf0E%9V!?NVhqO4!6&h%Y_mws?7}}OF9kwGV
zYIpsJKbz0O6Ty;?T?XU|uFpl5c(q5VZ_NDFwjO9h%f%~wc`*Ik1r(igw)_$9SdIM@
z(*eS;Bf=Zvx(}uW@#DTgBiN%iqzz`!ox02~{#Q~V9yoTagJ161^E_Q~SAg#bo>_t!
zJj*^##cqnUCl1+s42^NF0msVgQH^=<k3#JjU47-dGcB5H81<qH-ztUEzC9q-3eER_
zX3`jG^V2a_w!0g%x}{aFvii2xg#-6}9KeE6WX>O|$GG4(Al<mm!Zy`bJclIT(EOsk
zYc&>4@#3#JP}ggM`kz9WCfF-cL|az%U^KF>it>+Ly}v8gUT|)R4usFNr)@QSYh~dd
zP>;|CaONVW?9C7-brX46b4!B8N$l^I4yX~dwd2`v4|CP0^O4+T6r*$-me^TT8luIw
zkngTSI9d2-`wa8Dyjy}UrH5108)VK}bf{&kS5C!sDvfY|j$lgkwRiY);S0Dw{(Mwc
z+QesK3Uf}m5X<sP8sYT(Q4Gl_x~>7=1yCD<7VDq+f>FX{%-}&hn$wO?{Nnvfg7`)H
z{!lngejK&rV2%h1640i%J4mi+<?(_0MRB>>uF1jITyY><AwJ;Gl&-oZ8u^jGgpmbO
z+3Y91)($T%DI=-d$oLRZFip~wkB<qtXeLs8f4TXtru43z)$>-fMw5u)f(k2_51yQ$
ztWH?{Gf#6$eX?xSJc^5Ar>Txr)Iv=)^tB(gq$Wd?@MZF<zTFy46Y+0bfE2;Tk}#wD
ztgtjz80MQb)GdxniI12#<7bG-WG;G7qecmOX?pdYEqY39g#sqqtWwEA>2cfHK&rK(
zu$g3s^icyTF{7Qama%+uBIy){X>ewxWCmjT1(XD|&zC0=5%k(1lS8#28sUe`qp4o!
zZ|CSAu44@b+LGh5%$Z)Nx9XK!l%t!M?G^lNJrX*^5-d982FZ&<XXjq8(bsX@Hl$$E
zQKS3$E4KjZS#E^j_(oy6%e}47@^S?&me;*TsUlOnSHB6aE*a{Vn3N2sBSZO02^ti;
za7Ft+!IL|ZW(JWnCJKs1k_w7DB;!Xj4zoPoJ>A_r+#+D$$*ebHEh)m!5W#CtjYqGv
ziuxY<7oWK!HmD<At;e=dDC_)NB2!dg%o&T)s!-E13(=U8O$wk}EMCN$xZn7)x;$qm
zxITVkpP!wk&DT9AayFkXAbLM-^+udEdapnCMna%3Sw?aG+1W*AvblRnWLhH|wV^yy
z%+TPJ%bB!HSsJ^>FgH@k)SxNjBO45lE)5<y64V;tU%JAOOOu*7hYc=(tvO!HM5(S%
zKtqL{#SX!*y+bB(+Uto#+wX&iSh+~)qw@1#7^yT~tmQUxu14b%32R74R85(7VPHmz
zFs!v@A~qw+5gl{j$QWIW&y_3unPgk=ijg2GA9Ru|=mM);V9F;M4&vTi;89nqH5=(G
z0dldm@}#bCI>lB9;cTn<>ZZtiV#HLZe#O7W|7tW(^)9LybwD`op2|D!C_WW?6ryH?
z7w2_OJ|;OPStY`pd3XYX;c|Jn%I|cbp>t@$u#6Pd0E&(}51iMc>@A|B0$EC9!q_^4
zqPJq-U(r)6{9GamJ*Vz%YS<Hqk2*f@ep&&2aehkvZ2B@<Rm&cng0(I*26$lG_73Wx
zIp&_7&yM3eKABrVF@!U5dqIo#=V`iRK><0<W}E*$64QU^&9CUm;vInwKaEnUFV!*F
zd#YJB%&N`=E}%pLkE}lW8zU>9(g`-s$nMW-i%j4ukAvm-BgyF~p-&_sE0L34&z|T(
zh!MOPVvOs@v}e_;$ENHt=kdc#(2V<QiO+o<u~hniGxQos2YJUpxc*?YMuW!{!=oGs
z!3yABUBq{FvqkfZy$WeskE~2rFNLfE<t|#<p5JEWXbedW0?Y8criaf_QzkSStc%`(
z`9Ee^V<G=oF4x6+h_1$YB{(pJWCa+})-9<nsDgP!vPs7kjl;GNkGiN<&8KB+)?zqV
zNJ;{CNM-6V(j9l#fk{&EoM-^oS01o|+@D5qH=Q*E4r;GcWW;Id*Me~A%ypc>J6j#o
z*D_OjZ8w-#E;CaFrThk!V34PHyB|IPcxfbU99r~~Fp9ShlRd`Cb#(EoQFa%hEM^dq
z2UiRDMl|wskHs~d#w#0qPNZBaL^zoPN;^v~vF>i9v-22aQSgvx2LS128ky=0#E+Tr
z562zj<(BCy+SI53_OcP$ZMm#+Tx|JttyvBcAz_Qi6k!ohe7SLJbMoCnrL3n>C3W6n
zJ1x2DQ~^P;tfTK>@j`$8avi8P@yp~l{;Svq^Vs)4DaX`Vu#@>Qq(zF)9VC|AzYUTJ
z8y5s{Ws{00fq)K=>~87n>HSe#QQb0v1&n^C5gHs13LXyZsSXVo5gHd5ge{lo(=9@r
zI-cI0LL%XPA1wt;fI6-Dj&6&<wC%!yM!Y3JC7PC!#7X`Vw4AYQUUxaZk?G0gj^Mvx
zH%N9$O2ib9gUZ2aNg;aG5AeAK3{5dWuk<-9pQ)|Q&tG+y<4eDub0c-l%-ojV+(%q+
zHgZD0U5pn3td)DJszL=-P|UMjY*$uH78Z5Un9k%r*_YAf4sy7>G<J*-Y}UwN;u<lY
z1sHH+TGN+mZDsNXsbo&u6f5YXC6lh&Wpi&9(wkbYkXd#t6z!wJA@oNcQ$O^Em3?@$
zksa(tPd52=IFLYTT8Am!smf$^F4o${FTgQktC!!)&J7>}cqCejXCZF-uqkAmNJ$no
z${)=+9<f7a3{DhF$rrWs)pEXDw4-_ikqIdA8hyV$xMlb=4ve+bcG&asaMAHWp&!G=
z{z7~l6^`2V@R|D4<2Gnf`^BZ~wsnr$6C8>Q@|7hpMa+;3g08E#Kt2VY_kg`Q;|MAm
z)!t+-daT>v9RVg96s*T{$DhFV7!G`-8O6bfFT|vj(#rvxZt(UxHDXZ9h(2;RIxxes
z@#sucVdh6@cs|c;%;cY}3Tdshc23kd3{bRmz?zi7nWb<;zCS+K*ZLhDvso>7M>uF4
zZm0CfTJC>3U!2ZcFFT2^>&_%UjyCu0=m^7sHwdLh+-~!tB6~p|*+}MX*?AuPt4=Mz
za68>1&{O&zW#FzD((IJQSjb7DD{P4RQzgl7?%NC^Rby!p3bGB6IHF^2824kqc>1|!
zKjB7DSf?(58Q^Q2qFilMXYyceno`Hnx6Uruc63?($$2#x_YL)jQ$~r?*>V#CGges5
zNj?3mk7S*h57)-731>Q68l}nJx9}PNA7$?tBwN>RX%}|cwr$(CZSAsc+qP}*vTfV8
zt9DsmJ#Y7kKHcX%(f$3%oO8|0xmIN4osk(i#(fP}ziBc*E1+@yP^<JiigxyD1Rj*q
zbEb@;M+z{c_j!WLgTLgkv4rn(kjsOsBS23^WCF@e5U-s?rqeKf3tf`qRAn{dvepxF
z<8sq-V`vXb4+|#7>j_q4&B&Q%QccAwBq}6o#meC-<tpYX>D`mg5?BdrMON@^MKw|#
zY>uACYm<kw^RorB0dI$INgnmQOR1Mqcj4WOO=Ffy%Mq4JVl?5mhnDFS5x`L-fZ3E<
zx;)_}qEErkPus`dt+g$#%lTZ-xLvm#1H5f*UmBtB!9(BPDcP%wbMS8O{4TG-8!l`d
zdOnvw9p%#<j*hOTCa|-ZpdWsV^a_((&4x`OOBo7D`pXdDA{bK&<m39wSnzG=F!Imm
zQ}TaNF`P7!=I^j>4GOR0#>{4+G*Lt|$Y~`_6D~5_crY~=P6b6^F&5sA!#Hf#XSXFD
zIR*2DYClTtL5lV{Dg`@5i-$tg38wWKi?B#B#)BmD`|H#@)YVC?=&M*ZZR^0n(`N5H
zvK7!!M$|QsO!p6h&~>7G{@6PylVSp6s2>XRY9$s=!4IDfpEAK5L>&|eKOmPSkk-Fy
z^YW>rRb^J?TBMm|p(fkX3bPImuh&I4-mxajST7)(U-erFrPouBo4Dk?PI@(?s@bb}
zWml-`lxpPZ;4hwAJVr)E7F0~iNF!}fyG7-cc{qleB-^Vf|MW_A$hOGt7@sn_i11W-
z%RlG&MA}O&!fwHS;vVFb;Xcq!-K2v}*@$0u#$(J#0}ad=qATjwKdW)uU3}6U#e|p7
zL$}RZ_<W|&I4*OwM)-r-MP}tb`|r>dHK{^p7)U{@X<>mJ%S+eddhv*=0jj8#Cl_U!
zJ9L981xeD@K9VRph-4B~pbuT8c^4hNwQO(io388mWWSO)#%;Oxy`C1*UFvi3?sT`5
z-%)RiJm9=67-lRq;+K|=TqOQUd7P{FR%o@g@~}N7u-04Lo0Bj)h!^G4GOiDMvT9hP
zEWa7W;CPiN6-Qx$VcczPI%tk1!k{NC9!y_d%(uSQ6qSfXRV0?q2*dN-?*q$m+xG{{
zJxwlpnC^Nwv90`C^EZFD^>)<Xozi-iyD+Zx{@ila^S#<~<%{Qy<CT^CGM{c8pxd5Z
z?UgpAA7EI(!gNh+O#|xxNZ$c%52~_0WKnpb_-z7f&I-<1Mvl*vK`pA-GR+P24QV!h
znmR+&`}|c}4L!ClZyG>oO0SC8k~bD^VnVV&P@Rdz?)9>0gvENhQIu=jUe{G=I8oSR
zaKXl~GS&w71pR?<N{>6$K*HbUKxV3K+p2{BD2Yv6GiMPAI2B$W%L<c40e%%T&!L#p
zJB^jBFR7ksXWReuD+k#n{|#SxYc87}g)$(P(ns-eK~3+|d`XV-n5X^_NVxzBUFFJX
zv#9G}B$wCc<L}E|$4Hbva8i6d{lWr-Uf@Z7$~XG?Zx;3CGDAG!7W*g|GD56chHP#o
zJ5VQpkV(^1h!gsGd@OL_VBBBb?&FIh&1OY10;I!(C1n!cy9>M(OSFB$5@*NCD9<BM
zxj0?77`_(IuSy?o1)<z^eLDtlVWN>%;ho`gmN|+HShFUD=W)HFmGPPrme30A_vnh*
z3qr{WwoyW_AsHuO!Rsf|eE`Y`AgG#k8&xXHSE`*stD?z+qtbrC;vUA|+Y9WmV~IXn
zD+`S`b(F_@701Ie!0s<AnUpy@LQk?`jX1rjvfB&xxxA7aY~$?=6>J8M+zsj`vGbL?
zy_nk^$vmG+2A&>=q!{(?CJBr{zUb>@bel-qJf+W%_3q=eW2$18*)=-7FoEa0tsD>z
zZ8@)ls>3T4Zq<2579cb=!HZMNj73KIjFl`FxYHGw(HYoEj{q<u%HHw4jX!BVk(|-G
zWM(W5g<uvgLga;+5`6uF-34Q*vb=u~gP9x#`uR&__8Ko4JW_%o%ki)8HFC6%2*w@*
zxv?gO@6G#(^P^}Eq(Cz5fIWfrsFWeBt*~~8t3rgfEV>hSdU+>#2l?=^4dL!=8*2CT
z?j^V@hbU!7pfIyhX+5a0VvXA7yaGrCunHT`ndCter%m>iX#?eyip!ap)7KdUD`<82
zVC0TTElbWGqKhxFwa3?52}ur8&7^`5v!~3M5||uuw1%cmDpi)wDP^LU0oS?_rqgX)
zFkBobUW_Y@&snRLT9j{CnhRY_SUNy!_m_J$+LfFm+m*T`8#RB(8Stv7%cpF0uJ@Ty
znR6z`fKNW1$(}*J;*W7}2GKONTHj^%Wb0#>`mVb?o48*TOG@WF88~mH(R@a^eW7h9
zuew)}!$g-<FX+!V9~K^8vihTZq&g!-E014a11-Ma2DN{uH+<h7HtY~@eq_UwhpSdk
zeT`FYS)=oey_35sqTG>pq0E6V4~|lioZ+eOL*|-@wz_ES5&!FE0jLMa1o+r}YmZKt
zt^9s$q*&2%zeNcLTD&|GX4zO?Ps0)GrFq>mlHrimKGz~nO|Wx$WXgJyb9ENR?mRWy
zUARJ_H&ba$q}mE*dQ2WlmN|=$NoEh+>ryh%_V8YVK`SP;^ouFpMlbYmg|W;F;#c|m
zml;XlU5Zk&#Aw^DKTEH5lotp2+e4~(H2f&()eH}my4I@YZp8}&58Cmd0ibw-nN5^A
zd&-!K#phwyvbYQr-M*x>1w<oMc=M4Pw)2TZ2XGv!vx5!kR;+xwN+YcGQY?TjB)(i5
zLpz0SxmU+*mbj)gn!1&S&g$}}d(yO#c(s_d&1aeRUENT%2kkF-<*el`yHn>|FA`rG
zk93Q+<=-JQ`#tuiZF5p7NMH<!goHR&u640fFNgiSPsfdDx)(}A&~9l9Xwy2Y6D4{t
zG^6jZ;9YQ5LGiB~?1%6V&`X<#ZV#{=tFt@8tC=3I4jt#d=qwL(<RU`8SnPK$Lpy>!
zNbr^AiTsY>=KXxQ_(e9!3533~t*0j-@mw((FYJFZyRh_Q3j#L@oM>zXz}6N<hk62^
z96!xCx^a(3i0HUrx+cBDQX1dqG<ZR2LT3axpApXGm#>H(*l}d`GG-mFe;hGSE99}g
z<=3Ll$TwSNSX|b(IM)oEpsxy;9!OndhfI8?#H=CJMtX+dF|K=h_U76Mu5izKn*hGK
z7Rl#%oEqMR9;t7x8Q4>lS32uzO?co1w{dl9@sh%?c_M9;O!=YVsO(f&P-^$@gJ!Fz
zLJfS(MPQ&_9|XpeK${2S=mQ^#<7t6+KE{(oJe*ZgD!YZY<VG-zg-GM-p$W4X##VJ7
zK@gt>#=<MYwo1eD<6_^U7?}uYpIUjNcAEO+d~e>ylX>cu8W@e@MpMee=*JI93}8kb
zjK_227ck@M!G=|U##I95%Rlqb60Kat;gG1a<%RLpunbdT3L~V5?0Q*@%y^Swq9NTK
ziyl*RNBK#MNmQu&2eJs5${|8IdicK`+0`6|8d^p*>Z|jFsz_yi>Q}I>pH!PQ+ItDb
ziDQbPjv^O~wi}A|qibI2!6etl)9o(x^=oU*i#YJvJ}sx_NZwa4G&!PkN7l|B>w@$w
z)6M+xE1r&n)`NA^S8#5f)`kMtgB15pzxWedV9G!R!jAQ4*?8z?Kpv>p9f7x9d<#3q
zF7(c)tsTLnDA4!(#TkfO(@^X>hCp2-U5#C8+)%JjA{w<+-!p&<N|#O^!M14Y$8M}q
zpgylrAgKs2m4&VvLI}se1=BdikCBa+Ll&u}Tlb|}7xC4srS1sFbNqIZ1AR&-w$A_V
zP<v$34ikc_*!WhG@h{y#giYD>V42Z8a&7Sc#g4-n3^2}Pn01Un{~Iygyi@=O4GPr>
zBQTo=ro4-c<!=s%A2@X#mxGDbRm}@P2GD2H3#;kU0>bZUu1sRS<~K>g2@GgkI0Eta
z*H5fY*U}cM6DS0qOb#l&B5I#FS{TcA$*!cluO{o!;LX!(SIv_so5;bvpMFlrQ(opR
zKD1UGu!)V8xhsOKsz<=o_7gt+!np!C0;G>dvR^X~z^!l=cKwn}5o%fBuM9^*vqSg{
zcikRzyFeU(b>J$>eLdj}dN4C@;W+^TRUDE(4H(!L2_S>eGFM-$_@^aMI=T$IQwYFU
zFcX{60*pe3miNtmjR^jjUDmX4@kI1G@YsGo{X#l>C5WTC!Wifd0j#$0lkjn-;VNDR
zaB;ce{wAhUk+Zw1e?YDHlh{MY&a8oZZX>I8dpw2fhjuM;JH{Y_9E?js_^h34Ld^V+
zXyp<^*)tkRz-z#O`Olr&$_^XO#r-%xd(}K67wF&xX<d68|3o*`E61p)3v(~7fr|tE
z775Gk9ZCY11O%54=Fk!q&8vdALl_3VY-*}P<w3Bag}48(xmQE}X*>ZEjvu7WzqJdT
zY5R1VldRoAfnNyOr;nb6<$<3UUoBBc_BS3+b~CpVB1WjX(g!X`MA4mrH@a342t%Jc
zdk}Erz|!12^rz<1Cj}<3N-{B(w{igmDD1FKlMP!5?%E(}ZfQdf8K{Cx;?U@)(qP%O
zCQy)>5{)`U))Ig6Q-=V2%Zg^>N)6D554G0yZ#_qItS~6THvo*hP9g1I#O_en)YyZ!
zq?E#ef~>qU)QDDB(a}&-HKapWfVAA@r4iGXKTcE9xPS*NXs_$97q6m5fuceUcbuS<
zbP#^;udwixiI&%(Ntvpoq-z||))29Gx0cWtvZ@DPR#E00yl-$fhUGsmE0RJ{Hh#hk
zu*&IbcZ1zTMNLjl<v=|GFE);W?1h+Ai3~PWF=#5RYHjYU)2ynfuBoW12aZAH*HTbb
z(1cOGe7MB_g-=;irKzmL>KQ`>hRUJOC}yXOma=++qB=8$0H{F{rcI+5r@f147xu*2
z&}t%U;NGULd|YO)ya9EBpk9!@hLZenDQIqNEh3R$Sk)j%-4I9~EOO+M&IVuH+F56%
z8>6nsUTepSKqegIH?|+NL=Xqkc!lzG-hYo>Uox(%Eee`9(qQ3PA1D}bEr4{Cw6#AT
zf%*QSnFi1bAC7I%hs{L-2!!0<V>ph1(gQR|;)b2P6hokjnzXd)IM{#QfN2;%e=ez?
zy4u)~<iSsKnuuO2xR<&bHmP%t10bSG1(dQ1H34V<V*pGVWKg%O^Q01OqZjwmjJWAw
zQDm+>oz1amc|;6A%iRG3q?S`Cw3>q7a9TrT+HxBr(|mx<@i_k%a2tjzKFdRgYBLTH
zm^j((Ga!{XF*yey+G!O?tLr|83^a>|A6hk@yg)vVDx0Q`ntt%O&JR&AGk@mBpM>f&
z2cH;eZVk54XNG2+^-`^wg3=#7#ZMlB3@qKZhif-bXS}h0tAP_u|MNFpVV2u^o~osa
zaOt@vv@G0D4~jj7$n`xaNZF}_h(I37iW+TpO>@ep$2q=0P2eD%5*WlDr}#&LbDW(y
zP7(2|XaoiPI+G~5`~XPgt%?N+gEAGwPOPRx+|_OLl4JmOonE;rV)wA71o(>Neri>6
zkb!ewYFTp7#FFIx(u$;@a5XYU_rN&G>I{K|m(Ec_UXs+l8f9vb!R5T;!HNzegthJ+
zRjPFViY6n3<QTEfYl1{;>u<y!=`rFcb;fYLqTh(v!OjmgwZv9v)31t4@$e}hmC9m*
zWt@mTlFr1!s$%=86)`~wl|*+x%Yz!BAmj3TMB2@_2tE8iW7{o4ZNV*q*&b7;%gYIf
z4E-<LLXp5YsMJj=mzsN351Xe$cl^Mr@kf^T`y^%;g%fBLBD(whrO{Y!GYSh)0pbGc
z#ju7wO~3m+9t2Ss0D=NSKZpVVuaD8_tTL3NUMma>;1_Lllmb+@$TAObHNWk)z4H(j
zs@)BcxPBG+Y;NHtz$8@wn)}j4YXF%SyZ#J1(fVJa6Z$$h7GPnbe$I+kHtqcqB#3}g
zSYGb{C4jdc0J1@kx_Q?{Gql4>LiNA=i0C?PyC)aoO)tnp0edfsm7)A*!p+9%PvaSw
z=TI7|1cnfWpYZK?agO>nihFATUbOul`j_D5ThBE4lDW|AS`B2(e>KP93O2Vc?jK^z
zRcEe`z-ZnVBm+oQ-94VB>1V*msRBzg>74nS@{YU4ttXoG%BjJ_;j61@7bQm?fxpYY
z)8n;gF#~mqCFnG#BZ<aqb}VLsFz-=y23JPJ)$-AbHM^>tz;Pp-l8c*$r8X(*>_9u}
z*7foo1dFSR+%+j$8QeU}=VY8QwGgf-N*2r1d&C&Ju4yu|td0EkozC}iFMr%P^~gmu
zU<9GlhoR&>R_N@NupiApMa~i!9~$~v6yFQO8($Sd2mdqKaXDdwS=(?^EaE1C*@Ufe
zQLqAVREe<6j`I2o6C`>!zZzL8ju+yr6hf3nlGqsL4!wl`9&(Ql{ENzyFCTpwBK>Zz
z%pNdUw4HM>I#Lq8sCyYeF7R);v`{NhFg8gBmVcv5gvj!k<T>yZ^TjWesXy~=;^Bgf
zFQM+mlh#~I2C_lUqpiv7O3h91@d7|~oF|M9htOl`VoYJ;3=?<w2T$ahI5wYDQaJNj
zlhwAPg@H-6bt}Onni7w59xBL!bF;#YE}4Y+Tmc1<K1i4xe<hjgq46;(cri$S^X-q&
zNSZ)tl*P}xD8%qUmM)k(aUx%5`OQf&39W+0w~<%*OEC#x^@1gvfkOwv3`wdR#dF|0
zWQ!ZSC{BZ9WQM+HRKd8@+3WV@=(bOUM_g&0v1IYp45JFPBgJPgl#3^ENh_&oN;x%X
zu4(-~7e0|m5=-5epjnjr6k=j56)vp-&lK~}F#~g+$C(py6ou+S3L$n-kPYuzC;U_I
zwAxLn1bHM+_K3UYD#T2?EVr9Gj=ZlZPYmvvmbiX;&Vep_V(1+;s1;*)gW5jrm~KT2
ztuZ3^P?dO`Ous!Vtv^a6bmwq)y{CGgl_`l(@Fzj?sNiBjbQNwP<gnW<7+^-Q!&);a
zb&NsDXYOmB|6mKN&$0s%jDSxAP>zSlY%*F^fv1Hc{xYzo)04wo)ETZi>`%v}qnRi=
zgJOnx2-+D--tB2gjuQtT#8G>^LrdiKFYCqY_%}?6O2MFGLhBb}BNqNf6SG=aF)i{0
z@uOKrWzUynlmUjfGO-=#9VwK^v3G(yN(1srpTzX@dqoy<21Mnjff53lDFGMBQbd(r
zoO~q+SJ*!Q=c5*HRnW)6Wd{{|5;&X5y;cxSQUu<DIi+)E+5koY^@vM~+Ke$4FQlz#
zeb9Y0^PUcDXuDJZXd0GcP!up+`jvpwlm^mvGl6Rkt?MZ44F%{X7JE5SrbLRt<9{jj
zlLLogHN@QFIh=dF($4K_#>t1^O&@k^FmGoRa!`S;86#qEbA>L57;EHTl33Ja>XC2|
zCV!bS*eT22j9SrXR|3?8oHxdeQ#)!27?TH|G*G*Y`&&Vz7aF#z0$KwxV7)lV)4)r@
zf-r`z$B!xrt{_!7QY1}k6dM{d!WxaKI8i(Z{MBO<ZVMULgSCwxzwyHWYmy<@h1-L9
zowkbbzon74UQ~RAEXSp!2quIS`y>8WgZI#W2|<;j<c-jUC@WQ7GFX|2g-8;yAJsfN
zzEcRjfIf5Fv^0aVbe1JgjH@>lW@_|HUDTLH)rsaH=~MS9{2u%YRS6^9_yky`V_zv)
z*>#{8-$j%E6;6skD^LEFHfC01^$jJ$S?GhE+;{|BQ-j}VPBtI1yxKCvuqbKxhCBFS
zod6E%#7}dGk1CWMt7b<YJ9xK-)OEB~@K2~#UC^6STff0n9P4lJJxI5sP2*7S>i8VT
z03mnJmuVagmXON1(RL;>!WB_fAP3YO83Qf40H~SqQWEzW$XsVa%a(ZA)%=Be?TOHe
zZM#Q;6Ps6QWR1smGjG}zKmYuSL8%M=8+qe~1YVe%Gu~p?eH@o*qNHr6n;DD(l=aB|
z*2DIBiAoSb8u|cMx*j2j)GTOkr=HaEs-lBD#dP@Bbrf|*-wBb@J^AkwMXWHQb$sFp
z@noT*ug}G8-XrRxd`!~E-!%a%v4STJb+TcghuxYNBC2qnczvumI-4r^oa&f;ZIS1i
z{0^}(v&d%MkdLk1?==f6TdAMCkAXo3pLvl~wYD{Q#8Inoh&@L>ads-7d3(uTM!)3t
zbj85$&pFG8oYjMFs%nXK=hYCueDx>_YLTz$KW;9mAO>7kZ+^anqwF-_dH*H{A-qc(
zgm-6mC)fr1^tCLgA<m**Q3d-tzj3}x?zv%YtF>=ld%j*Lc=4uEh2LnoO7IVKND;ZR
zb!T5E*nwO{AYgv@xTgO)H%e7y+VM%1c)@i|4~lG;-fO&WSu;lbGEbHGSZ<f@M>}N<
z-%(GM$m1*nu3AyDF}6nQf3U4}C5|$CxT$a@)}H4=>}lMNw_Dp*Xa)N_^&AsKH_O$I
zxNY0)iacJGx}!jQ^#ZO}aDcQ{{L0D2+pl*1qU~Yw?tp_wP;lT_+&!=|mk*&EuoKds
z4eCEn;M%6QXIpb$rfU--hkG<7Qdy#{+4H7v<Hq80)WcEuZL0C*yZar0T8N<Ab*Z_r
zdxFS|7x*3T|E=ryy&U~*G3XnA%K`E23i{QE@Li6TJJsvkSsC|T7{qrmoa=J%_3)DT
z@bWGBa&YznC-OoB@!bvJ>sAu-U5Awm*vrK7@)ykg<Lu!jko%)M$d_#I8S>V5Xm`iu
zz?I}92ITt$^W*8^g^&0H)vu=sG?$YjlkaE9ikABz_2(nl+acc7lY04i=Zb@Nl5X#8
zye`cceWm-w67PD@cG-wO&N-RBEeO9vsCfzZ)QCSEA$q9yQi(qbg7o5U4IuCmZXXbN
z&4#@%m|l1xo_U|Scc}JGa&-Fnp1FN&Xr3=;7+*|NS3&O@S+7koUi^Z5*Q1}MUN9h@
z#b3-JZXEY~nfALp8DF|+J55`HcM|<wwQiMq|0<o_(L(T1>}4bR^ar?#zub*PeH?(i
zFc5vIp>4zBZ*<%hB5pq+@$|^_^UWPp#|}Pd>Ab|#kbcFxbq)pLq23B1Zf{!evPrdW
z_~8YKz_}cNU9;W8{oZ?ze(8RA8F}WN`Bv|Lw$c0{>2i0w(zKlAK>I8pc8(2iCHngk
z??t<w++&e=xzct+4R%(-yKa>qbQs=db9MrfvbNrO%r3q`cTPur#|GWBZcXkG>}^cF
zutL-(+m!}c2Yxr0z<kpo>NbMzocH6vQtib1+s5Bo{J;bDlRY{Gd#?~-b4L6hR()~l
ze)<6spCnsl`f18vOd#l((C#KI>csk|EN>NC%@gXh`e`B9BwGdgr_WlyxVt4{Q^j9E
zA?Q+W3xa`qPPui-cR}j!J_3NW$@Vn!w6%h8RJ8}vUNRI~IYDQ7cr$Y8_9$^`lI(`K
zk@N`m+)1@*_u6iM*96tlG2N|*9W)RF>zVXBLc28wNp;kBVWo<<re*h{<&KEV9Q3!X
zlJ03Bc3*2k`RYJ-yO<#RR)frB8SI*_gBIRG1Lx50nIq<Kl7!@X;L4?2?UxSjjwL#M
z{6@+t8dxDd2nW@^1;)|C-@`k#^T~;sVcX@#na<8Ta+GlkKs`a;y*prhxufN#-RO^<
z=v_n2N>1-HMcJQ(=4KTdiH+{Z;N%wVKSPv_>@UYRtpJIn&2qpc3j`md&HCLNp4TS~
zL6$XA7-`47IVk0p1U2GcvQLZ+6=`@-uhP$e7?V;50zi$(8d!BqXr&ogsJ%*V5XhUt
zCaw-Q`=(x%Sf}5w31JB!O=RE<t=dKp2FGy=Koz1vZGd{c29d^KKx|NwYG3`1!1U!i
z0Oh>`t$mmLmro+}i|yYUJ^!&A{tI+Y&&baBzg)~eROJ7PU;cM4X0iX_Viq>GFi>^=
zZz1Ol^o;cQG|a3&JaRUUpF2h-#{bs6%*g(qG3QJ_(DVO=Isa$lf9GEQubgw1|H?UM
zV&V9|xt9~BYy#<_{cgBLVz%-F_@OF;;xsjhVc+Lgas5b3gfIyp|MqUsHLsCg0lZzV
zE`!OcFQ2Ucb$mG&UFxN7-!=nVaC3zmM6v0D_)YCpd(2YMf~koW)ZL;{f)TRrWRwH8
zm&uoD(h@eM5Ub_}-j7z=_jpXoif4RqaBOph2CZ*`03t%b?Bp}8WSP4GD0sfUypH$$
z(C|p(3vv?)f}ljLArg&Ax<P4I-6jwxra*9CK?y|vwxiL|tj+bf#;Hf?ZH_$D(eF5k
zO+YqyhT$%jRXplBtrw?MQ<@Rw)+6R~h`A5^JUl9P{Ofg)1?(`PO^_FfOzaTqWUP8$
z*C`R<MC$jG90}vQDZ5gGZwPF{=K^&4CsP*18lMPW+nbWl<H$|&Wo|)__NV#u`FGgl
z7sG3vZ^W0wBOgJduUCF?l`q~(;PZ*;mEczP168S%XvZ+kGpNr^J`Rn`+ye}e&mYi#
zSBfnEKZ)P}uJZn^)tKprl>a|z->m;wf0=#=*9>ew$owBdH3!4b@sE|4^~Yw+^fUi~
zRWma%;IsUc>pzxZ)}J}k&+}QCnE$y!{*SdE%J=`=_s=@hPeHT%*mnQ11vCA;h=11D
zf6o7}^ZtzgvL3T>{BzBJXBGa}C+&ZSVE?Ob|97h}%fEqO{}8tSZxC$ypZJ3R48cC)
zFn7XQYTL=4v(Q*Jl+yj}DXP#p)O<PWKWGz1rfZZnsD)ibJ=j1jCTS&A|2vc)f4cBb
zUtba`cxQ>VACR?1f<2;UXi9N$@gF$Ir2F=ke0fR8KUocbxyy>5w<_xoijrKXxo&o_
zEKRyUeJ--&v(T~N1W2WU;1u--@e(N|g#p}9{nUYxAnr_&LN5?_p?YyJBd)Mt_gk8~
z!15r0&E#&dx7q$C+A8w^#A$?`l-P~p{pI^+W8>F_w${cJ?N=J(`V;1hb630<KdADW
z!L<P|_CCvs4f7Ie?K=T7IwR2OH0Y~x3GqdXd$$x8S@;zn_n3VDE$oHmx0kQZob$qg
zkN`l!IUXAwY?#p#Bul6p!@EQny^F`gh_EQ1^)H8T=?wjE%tmPws1H7_#hHrSV9O=2
zKG65o#{i)v0FF8|{72Pu;x0wZF49`@r*A!ve5LE6DD_<waRe+1LQQtCo#516g}A-f
zhc85gql!^PMVW?O7B{$@5H^UmUTl}FH~jj7ED#?F2mN0@aCH4}y9li~-LSQK@IU`t
z{CY-=VeZ378+1NNBa6PZY{*W^tCm0yHNS@|vd&x~oRHuhBc$AaS+$!swA}(V-D8~x
zGF`Ig#fur3*v#F9{lfRc;Q4}E9X-_5o(=0WXV2#c+r8z}=oD*{%YF8&L8UH-+a>k_
zvj(z|>FW*n-~#Bhi;o^T0leb$L3@^o$?QOhpBa$l{ya=&?_2m-k3^FdO*8=Agpljo
zX-(Y|sDZ0F%Hgwx=@=~O`*^7JOMi!#9?OmAE8Py(7~ccdPh%?HmYXn#t#}HMd6Zg~
z;}gg2?c@dXCBp8MzAt{N*7Dl^lJV~1+0wyctGemzG}7_ZvXpXM&@8u~GOpxXlJBuN
zDo&-Yt+rQFOHNHrp?0RRhjiyaZKRkm8=bxQgV_{u0<Ij+h+&reia0la?Ap}+aZyn@
zxZG(c<*ZU!Y0Z!NSrEmhQf|4$DeCZQY|o!0b$6^Mj2lOigxxN#C@Ccgl`u$M6SCw4
zkxI_DvX5vwmV!&yzd%EqOWrfJ3j?j1%s3bpwh)dvNp)VmO4%Y4RH_L!E5>LvYUaWc
z%2-jUPdeb22T0JiiIPchWC;%3dcPck0qZ2%PA$5A4mZBVv%QQOx^Pxma~{{IO%nw&
zHCa?;p3*c~gq~kBU|?TzK31M-GDXiWpN`=K^10E;cq6t&(d}$;-q=vASYy{TilWw&
z5*i<RNU0`OsV!0M@<dy;;O-+qSSdA0Yk%(DYo~47<4iDAE6+@F{OljVxI&$%Tbqa*
z!#er6sGKQfm5G^lKT|>qrc<!S!jhQIfnqu2B-DZ?Gg*Sma~Zc`b3b<MPj7xpk>B#@
zGQP&6)y1ebPa5(m-X~W$(Kf#KhkDfMn~GImlb$2Zpfs^$@3!h!VAyCP&o(n{f8GJH
zI7>2bI#ym5*$GFp&v<&)33VA<Yh81;_cn!w$~=Noli@Jj`_Y)dWsS}sdfLXUNB@Dd
zj0VlYH%z=ll)1_nec_~~;xyt#%_=`{A(fIz=&?6^Z_f>Xs3grQ!!D>Pd9Lc3WxyjQ
zglQpQLQ)SM<8}mAcjIypz_D88D(8}BP?is1^*V7VsuJykh%t_ulHha27EK~=-I9W`
zF^(xl=wHY*Z6(Q5$*Y_!vk5N#>kf}@GyFQ|my?il_7$+Iezn1n8=3VJl3JymeFPfl
zcE9YeLxgJwD5Q9+>Sm5$Ud=WPLMW#>)g52dYpw2Gp4vD)o88nXVu~;pvnq-n37KeX
ziL61f<d>6Ah3QUqy~)i)16D))D$QARjjh9B<(Npb6wD7;t5LgJi)W+?u^fU|F)b7h
z$$k74SgcErogbE&kwv(sF0f^DnY@+N>_<_PgB66t65DNZf;W&EomO+FF3`h|8Dm+y
zPMw3bdDYaDif!nkqf0`KH6%bM+7v5g(DWk{g3W=*8cq;0q}!_J>)G2JxCYQ>ozd#K
zj@R~+rkB>(M4~&81O0MbNBOnXHI41-y8K}OKt1cuMG;MbdRT}ioYIG4l_98!*^Muq
z=u8#a^R+G8v*=7fW*0dsDLJFqSj#ZcI+U4;5{AAtyUnEC>0Hl}-blpQO##bvrx%Yt
z<RAbNiyo0DBT^7525Fv)2#*}%m=gO*4685z4FEU(LYHBaBZ5ymnrC+O$X9HR`-SbG
zY#zf*S1p)9E0g(~*<}(yCOs)X#VJ8|{4grZC`5i<qKG>}PJ+i@DSc2Jo2hJRVzlwM
zgD4%xJYpg_K`{^aqOZ@{7tOX(x}U{m1Qg30@CFH8)X?yVWF>l0bi)o>4(9Eg0Wenz
zD4#HC4U0PI3Z|2AB86$IpiD#GlJHq{(so*jCAm%{jpXI8C9?XbEyjGDx}}T3cw{J_
z!!*Vo8LFcJ8RPMf5ep|9itcdf1J6R-27~Cs@#PC9CsN&!lhwa#TwWf!sr3V;jj*w9
zBv=U6hY(n6-KJHDm{bI{_49@#k3ZepQaC;-EBl_=B%w-eS;QUFj^&RDD8<P^?>KAx
zpt-WRoNUkR^)=p~H9b4G^9v1c`u8JaJDthg_XTgeV*XeV&$~u)g>-$3S{d4p2%`al
z>I5h#w`-u=^4djBH@D`EeSZePDmo&@_!;6O#&UQ(X<ha^!K6|gQmg7{r*sPTtT<eT
zFurIN1wHg6eU7(oNcFltNf_@&JavD}9oHRt9Zx}T;`d@>&tExFANQz++@GXv2PY>n
z#J(Okm+3@BA6WO#r!6rbi(2PRr&=6N;wWt{-sbTdLl4J_9TplO)S24D9Ipl1$+{qG
zYal*)&5(aiZJq)m<Fw>lwA;1}r;KY#wp1deCL|*yvctBM+vbjnWn(GTu1IT0FtubE
z#%PYMIVh(yz4%^53GCN-eUa{ToE=<DxXkfC^ukW1bDDNI>%Wgt`Zi*=+L~D1IZx_u
z=we|%>pVRl?{&U$vtNe>p4n{Iy1GhB%-!9WLi|5@dfbw`-};Xixi-1ZRpQ`)6UY{R
zk2Yz-VCq(`Jb3xf`QI2OteG&D3ly$6y)r(M);YiSUO&3~-ry&~Hh6a^esf}~duI=6
z>cyG*OdAn6tD<H%bx#Y`KBDg@%uA_OO}bQ9X=#*JFSNVCP>o7fhiEr_$GM+2CwST<
zS^8dj&{~yIpshsm9N+CdO=&M5j2#|0o~UwcEe+cq??uuumuxGtl(7oZg4ZdvOYgQ)
zSIe4CG=#s(0(y7{ELdrnBL4DcssQQJZ$f=~t2&lh&r1QW)}XR*?~=5nFZ1*Q<?^ug
z=cFEaa<V>uuz)YG`VB~30jH2PHPs)HG#^v(uxib*-jGZsSud=~ShUssxLoqg<?H%(
z<Z46kc0kvi@r;Uhird;9_fhi4W+lf~+sEoVH^(=ps`L9~2adSA%i?(#CXrw9`2g#g
z+J}j$S9B~ppT#Up5(YF-ww5hGf!PHMEUH4Y@b{sxQS}`vQLREHN6w705kX!(Lf3EL
zP{*>U9FT02HJAIra<XYFk0YNavwP`#lKa?0j)uPmin6N2k>V5_aonTs>^k?n4bInF
zZK>*f+A%k;pD#4?u%C)eG-O~663vo<IQb;lshR0u?t}fNX`WsfzuaJUjwa^P*bN6l
zdPU3ftpS|VB$jupK<3T=s;|O4jB;s!RS`JnXwz8QB9$*V93PCa#rPH<Qa$aD;GUoA
zSj1UPRYo7DO1*r3zcBZF-|>j?8My~7NLaqFsU<tXZC0-Xh+b|kB~XcFf@qT4p-<}Y
z25K1J+?SgrcJJaB1a=<aZ~akuzI-j6g2XY*9P|=dqSBUX2%FMA(GXI0^<{azclAl;
z7M1LII0hTj>!N>Jd!!qzxjDr3;(dL&W6S+SX#3lz_kDb$*40DC(Q@KEnGNOW%JO8)
z>LiI`Q8=tWIy!6C#IeR&C{n#gt=%$X$oe~tnOTR->UU`L;x6vE3Ap3P`ix?26l^sK
z6|uo*uz815F_O{{;z+G+b@y=@Rno`8mb+?#`ARvb&9-V|#0?t`A5ZGxiuU7KXo|0i
ztLi%06jNF$rJMM=#^3{Hv}83cQ*v@jN@~(-w25QN*kR2y4dtE`6!TH1LUBM;K$K0c
zy8d)?MuX&pv;~SY+U6k+Te?#sAe+R%OozmxO#4>Rgp4p7!(M619j1NS?Evg%#u`xp
zEZk*`lkaSFY&J0t*%rb4UdhcLO3BgGDt0`t7}1G>mXii5SiE9AQOTu=W}gy$+xtzH
zl#5O_PSS+ho!ms3NmiPky{G)omfy}hY>dv8){O4g7F07g-}{e_u8u2K)!VKk(T>me
z-dwO4Hf7>&&)01(&uAq@yV_Ziwi-3tBOcVio>nBwjhL!^O^THsOBKelrA_Q?bTf$>
zS!?p&zX#Sprx*F5KPaQOtzDkqvI;2B6dY?f)Nbq!|Gr?Ge3G;pq&&XeTKDDTB(!IY
zzmf^?*swYEl-J4`IaxKAiWSRZoc>+#x6Y<DzR}QZP?V4!6C^zq3MkApN8MAP{VdZO
zyMcqPWXZhFZauS%BOH=jh1G7GO8BTH@%4Uty*X~WaDasTGi12jFy-57`q8K}<sFKR
zk*O(#{eAqs{%DG;^uU!O>+%P(1^c!CibRbhR)y;xlF|K2p%GMXtJ&J(g0mH>bx~@J
z$_|!o-?1Hgn3!V0#E}-MZf1Pwo<vI6bm-?dtzsfMCyt<kdw24RKzGeVs%?uPn$4J#
zU@C$=M!L4B;e_}zW5Z`Z1xR!Hk-^FCh@{xSL4LGgW~ooN9P>%;#l!0^b6OcA+C`SA
zAXn)7kh3dw{pI?P_S!)3y5;;VgU!|UoqVw3BXRiWb!&`mdnjg%_3UNfe)4Il<5?!5
zKVGMUMPSG1`IFuKR%?%HMLYFx<rlXH`vpHiop%G@WAi!0W($;oxJBJ*!(R>2LSA4<
zsMpS@&V9nrzVQtw;c7bOwZ$#oOrA&>1qS#0v|UfBs<g17!)(I_di=9ca?ncX;R0Cs
zW<X6t%>^s6+Br@&?e<w%@qPV*-RarDHl(6mpGKZn-R2CvZ}I(UIumoaGR$M#Zj-e>
z&nJ7euY<iBu17IQm-im}WIUR~5_9af)q|x9S@J&E9rE9%mMo%v0bVjb=IIK%S5F1F
zx%GKvdF=qX=^!plxpN0fme%WtG_^-pTgJkaL`}xR)I`UO_ktMl6XF?R$gJN+e|vLw
zruPeDRhLiEg2h`5+M!ab2i5RriZ5}(^nW|8t_cx-LJGgIC6vSY{1qJ%YhFDa&FMbF
z^LZ?E<a@Q>7E9^-IvJ<S{W?ZyxO+LvwAEW*TU`EQXl(yje{t=h|F&GP%%a9oS%+~W
zy#o6zyu{3VaBmQKINYxBHw#CP^!~x|;jeoP&?uR94(W_p!->g>35IpXrA=<g6D6<Y
zv1elqEl;tVb(I$K<j3i}2SrCR%}IZClwEfXWA{V6y=u-Ohh|&oWvgYp;bY_2)($jS
zJvY%%E7IdtExX&zcAMwo4DCJE^Sz)KtD1)S3<fk5kD9VH|CGm+6}`!CV+@(m0-4Zg
z(XOXif`V&Gqeljsr`jhiRKVv@5V86panj~hFKDQkd+(|~R6_lp8AkxFp2x0J*oE_F
z4ua2(TP7?%s;Teow01uC;A0Hvc)gdsv|-3~ma*vBPJRg8zn0CxU%Rzm1k_85Lh@Z0
z_iY~9=YXqK5kiHOIqi6R6DqZWM0&qyX>!D8<hwFFAk06(PxiM&n8ssRTVZ&E;KoSr
z$$fygCbxz@)A@=h<#80e%Vf*+W~rs#f2DC?!bOflv(&-lzQFn*`S=!X8ZtsY^yt{C
zGM_F5p)34>hF8?bg~TuErL^l!0;;s9>yq<lSuHF@R)<m>XoRc^#GWtd^%y18LS_#X
z7FYL&kss}9y~RUhdu|58+C$vV@70j+buA<lE*85a@JR*wiOXF>NdxY%2nKqn6Lf9^
zs@zpva)zu55nM6{S@siq3;?p+<6$Z7<s?`0&Fl3bUqq&|1ASJK2?WB@Pv%wfXEMm_
z7V(d+lk!akGVP0qib@%s7AJIYCMO5|gy=yJ8-9uwaS1^(bk7s~yGUD$vQapfJwQ;;
z!HF6f^NJLITE<oQYRC|~8cDkRilkyVV%FQm%ZM&H5#jwc=ceSuPVPedF%aLo?uO5d
z2^}52v@arvmcLI}Je6P1UhKKq)MPW`E<mX!b2M)lNiDozpeG&m8kmppy=ue2>6Gug
z{{x~U&H;}mU|^(t>UiHYY~e$|lnMKq%WE|ksJApDM+9du#Ai;qEwp1s5Pf!yjuqMO
z6Zfk@b)^$-BA4<GpA{D0+?691ygM~Z<cqP)H?<rgB$}hNw`E5JkM#VsXF!h-bBQ5z
zw99qNj|tP}8)oFh%;rx-%BTG6X-16<Cno9|VV_atW=73elm?Gv;2R*yizpc-0`#@F
z=dC^yk6r<52>2|DXwcs7`vT~?4kbMSZ=xC%H8@;=G}(3TrcaHGIpq8y@U8!wJ%Jy~
z;5&`aZ>;}kzkLeyq(AyYtZGY4tcVeT(|yF#;|a)IwG-jN++MhRmPBlbU>`e;FuV}9
zD2cWkJLZ;*5Jp5yzGt6st4Dl~(A?aw3Q-YX`Y;Bgf&%|L1Wm$8JHu@bUw!I`&eb|T
ze^t@_Ydb;&%d+yd4%ga^T4fSH5&OcU47q)hry)T}is7>4_`OH<R|U-`dsR(LVZ9NL
zda96DbD<Mqkvz$)o0+5QqjAKvVR32%*Ab$D>(kZgjGE@hSs;Yfa8sa}O8aNXfUr_L
zdp<$HuzlKQxZyNq^m4*(2+%yB8{D$sBe#gz7)6CcxWewR4iDrbqswzsmqL0-n^FBN
zx#nYmGPOHHoP`>}GT=vGGXtJ;7(&;29fUV{tYCI#0^UhxuC(U?as<DoQHZ>0a)+{#
zu$%Y&Z~e2xw*4M;bEbtbx>3*B1I-UdqQCa2Cs!(Tt6El92i{?IkLJdRQ9?$TeedX(
zqMFDdybQjC<H71p2cr-S)T3338=vHJBSr1$q*EFJ)vV)1tlpCmI<5Qg4{U$L8GEf3
z)aO$Q!9$ZTZvyO9zu6@fyIxoKTkrW+&JR4xW8K;MmN$D(kz<*3k@oFLYMiE*8y-dB
z3)@yBb7q|fpr0DOK+{>T#uP*x;X9N+2AzdPR%#cGk-rPbGoKR9l__3v4OiH;T#;Ac
z5pr&d*dv+x&zo1F;*BSN`rm3^!5xsKS$jQxr@4!tIR1J_)OD6m@9nb68Gx!U>~w^v
zynNLz>M#~R(}-6v0vAiad04A7LCOCLO;ba@Z~QcXX9-#3H0SHDBKxQ+ASmvKIKJ{q
z36NA?96&Er7NWWUZKn!KlGgR_7<-FtN}FEZkBMq*OV@Yjvh_@I$NK%}RM4b+v93Xp
zbKjuZ@=CXC9R8xg=_z1R^RZ|227W?DP=jTh8**Q-eflgWqTrgnQqv=1o+s<2bn;ch
zr!Ybnn!~C34;_&eWq;L;;jEu+5z8sgr(@%_7B>~3vEpXL49mAA&$(KZvE7|=6wM1`
z0B?<&iI0=P@-Ujrl^4mI-HFDGOL*EmpS9%iU?ladMw{EWcFYA$4|#+Wn<%^-z3)DC
zstxLZ?4j!(<i(u~qT<b-1}I->EXVRwq9}e5?%NpV(Y7%0D4>7UP>0{MoB)nF{~Ki|
z5#IICg{PatAaH8@(WpjD28&y*NY-|xI7pFvBhc9dJe`;a#`XkqC-NO)XDWGXB(=f4
z6mloxt6Qi|!O-&qrVEdN@_gwil;dGIhhYxUTx{51gmkam-VI@o#Llk_@{hZwi6FkL
zCWzXsF6oy~<DRSUEn_dfkLIVAO<RZ^y~bsJhq)+>TEZN}9ItbU1S*KvVC$YerG6&4
z;-K}?(Ss}1y}6n^I}?18$(&}WIa?&K1xImMLZ8SqJOsRW+&wVa5m~vMV;M5ntV5HR
zrGDzMc*T*QELncZGL9v;iVNiLHYH(B70o%)tTK){xBXR!<g;J#vcK0hVsOad3ReT+
zv<bOqbtt`#%+ha<3Q77?Z-WYf#oERSZ?KPIoJ)Q!Sod3Jor&&=UN37&2Ge<UE5B^Y
z6!%ZLWt0S)+l)9lz4ba-XfCnH6rEjevM$IRhPcGqU3xg!5tB$8$|ITiV$b}_vFEmY
zV!6IpAGryK6s+1J7T$;q21@t|<4Rqrtv+~XDZ6h%P-GAcLAWpM?}d%61HSQp5+v}w
z-NYw@)wH%o349F13H(UDf;D(wPO7uE%&u$NB6@`67+lZ2s(-3vIHH8x!8-~Mw>|85
zA@}uD!@G;ua*40$#_`TtRMTA|eMF(_lXB7BxZbw(fP22@(Fqo0%X!s7(aEZ%nje}%
ze5Y`7_)stm#0rzqoN%@!cD0UU<8Jfcnav@p8gb*g>+IBlSHvj-4%7@K|C1;<Ql$U9
z`bIOjX#14*#u1PWqONSnaW*=VsZlZ9p>M%_MUO*YE?t7DluBXomUZ@Ak|ePa_NOP~
zg*=WHKhdRtwDB+{UB){(IlFOP*|xOmYMU}q$Uy?HOOi+H_Y?ufTZ`4>G`vIOO~{$K
z8RdBrkGHOS-slPi7(yI5eYjtn*)Xh3w;N#&daW{SLRpoxGLT@nTPI_TI`*Dh)~?NH
z5V+B>LRkXCJTvhy3h<p|Uc>=pW`;NvG5MtYpOE7;+Hz@n&jaP$a23SiLa>OTe22OG
zs`%#}iv!d8f2*SX2bPMJm7e`S>AC-}R4VcRmP++MQmOxgO~v}7(*CayYvv!V?0>?k
zegHZ@YVZG%V*L|v{r{F@{m<6_M&SLI1onTZV*eFS#YE5ee-n7)r)>J^p+|1qBe2&1
zSt#VwlvND*i*cXwlX>_hv{B7v3YoFro+5FYCAj{)t$l6WiMg1?M6(chJ``FI+-|F1
z8DQG#0`~MSsgpX^L_@kpep#GiPZ-*8$pMB8KN)E>T=EQ;?3#A3Ufcn}QF}gOcGjzP
z|1{#v+1O5d_W`il^;JYzo*HGJOm{f}|4wSMa)QpJr!yMQ-R0)m<yd2EDiDQ9yg+`L
z*7Z*oRPL<0i11(fHgw2Tr0sgU^hz2hM=|WGAv_7UJVd$sNv0;92DuM$lX?qiUB$Oe
z^bPHl`T}}oU|8BDlZp9A`Vc!5G7R^U#`L&IN;_W(ugCkr{qH1{fA0$qY?t=e-_i12
z9G)M0Ym?x_x`b^oq59lhh=ywX^#-;?Oho&)754v=4fX#}QU6x9{gF%mL$>`Vr1>AB
z(?8Uw|DZbkLtpw2YSTaSf61>u#HN3!P5+tH^fUigNb^6B{~J;h%YP*`{Z#P(Nor#G
zH>4((|0}79=_ld%KdY}-s_(X1YB=AxJ@dsnxYZlQ_qZb+Tg&km+*wTpip?4lS;O|Y
zHQCB5M2KDWwpJ}qUDr+7EC@(K`wZM=LCk&dNEwvy_~=<dc<4PSeZ-^+5G4o@gTy`u
zXirc9dZcErSqGV7QeVHUb{u(kW?s8*+D_WfnyEQOYZG!2gEKVXm_%PbV#09fs@Pt~
z%QFRbdjck^mZX~CW^BHrN7(`<C{@^&kH223$-;na4L`|@C#bhAbi)xrO7U~)0>!tw
zZ~{I!Moq_?j-xX#y8sSb2=K}|L6k}-{QB?=!Ivhn9uvPt;`rtHkDE0buXz%@aqe&G
zy-Kc`GYr~2Voy)`jy$%S&Vd8J-9k^*(eL4DMJc_Ng{g}UzkRp!Y-iQZa3tqw#uw;$
z#5jk}Aaw|%OUwca{!)3we)0E|+{~q(W&Q<ugYA+D@ZpDe<Mxj45-I)U>O%|UE13E9
z4ssSCTQpS47?P$l12wOU4WBP?@Y=brJN5tv!o|Q0k0gEKi#h^o)L&ZKD5^LiX4GG+
z2HGnAJE~0l(1<WkYM~5ui<viKb4)DH^n>i)p0_|m#BLUT;ljNsZe~DF-q-D@I1T(v
zORixBKD(#60TJOBo6g%Zh6u@18PVIFkB<R6Den9$72~MwZV1%35=C@m??Ph$qv(c3
zrgngwSiziEQFW1(SOQ=N*V?1VTfwcH@(Es<L(G|%x)V$ddY0Z|$yDX$?$A;URQYpV
zRMc$e6kT(vO!d@824tzk2_c}&A{j({T@gSgF3Q<!w!ay3zw5dgaFpVx$=U=>#iECE
z^o?5|i%pSZe3`y`VRV3^rq;ogvKCXZz=*Ic!yK9Ifc@bX9aP-z3oyu^qoQ=RTI?#}
zjGS2o;diPA>qe34EfTk3^w`Z|N%e0I5_Lnvfa0C2LZEU5N;)iuNz8T1h80r6v@}-#
zX|jf4R{IQUX)C5_dI(+k(rPhRqwGZx^}irO($|`JPo%FAea2bRI?R8D%-p;>sAk{o
zy{M2sCSIC%z{ItDB)~|zwop8dcMdkB?~Oj^zDf%|=P2-cJVUzNTd=ji4o8&yxrpV0
zG@iO|BEE^v^GE6@<|4RW80NUBfw=ZhaXy;gR`H{w8pv|p-!>gjM)qT~I5Dmv>wlOC
zsWxj(ZLe+2p1ua#^*fqbEf<bZ=Sdn|pI2{ok8h@)Bi|x&*a~plSBBqou)JXvm|31>
z)erGxTPxSHjrBaqU^7&?H#f{j??_WXt}&7&9t#(*w*pUd6cX?0u5XXCa;~3sY)@W{
z=OKgKm9$SfaPNJ-I|G2bx$f-ZU6-l2u>RjP%o@7{=vl^iZfOeax8b4Qi%6Gub-De0
zVm#OYxOaAOxFebQfkL}#GpIR7ck%I1+$#;QUd6kd(b1v{6)bM!w9w9UQ^buDyiIA7
zcfms>In0V}B-`~EI7f}u7DElM0c{p69ZYM7za1bW4(idKXdEUI6UPo0yQd7B8g%Qm
zd5u&nWBy1^ktL5QvL>fX-NWvc$KJU&YSg5`l(Au|HkquuxOQnPfToGLqRiYmtyO7?
z@E$N<M%%>l#75L;a9gKHci30YcbT`vOyg|KyFVD`nXEPWtz@M{);GXzmTmUxS8Fv-
zS4);}F1G2!gRW?)7HZh@w_Fw+u|mc`HSaF6ZN_9+CR3hfS)vq6lHlU;lsYcZsu=%a
zd|@$GaAu|H_<cpn+fT;{>-17|u#B^kM1XpclD$z@&AC*iVxc1An!75N8V~IBdMfS(
zuKR>`N*xnudRH`J{%Z${pTi<P+C7I--Ek}*)Oyz<L4;)z+m;lIN@!6=idjfve1G5V
z3ytB#57jS)o@~s|Ms_dIUi9wBO;l4^1X@Z&3qMiSKl3(20hi2P#vONrLX-|0lSpi0
zHmP0ly^cMSa=bm_P%uZJh_ZWHw+h)p1~;sss1<sO;wf+Vb9+QNRr-ZuprhP_sqh%o
zP-Tt=sc9`tQ4RAQf%E?K+l?D6X*gqYwxHmi?A`VN)`>6AbGt)qC6A(7nzGyth91St
zw!#A^O9;CVMxubU>(ZXl63r@94|pSBv#&u9ryI~~Kq$q~nnYt)>ULH+0mhuI-}$9}
z(WktuH6f9!qU_#04^(U@xpUBY@p$`0rY5D==_#v{v;Lwu;QXLMDIxwbMY;C><LsTn
zYl{|a-PpG6WW~0*V%xTD+csyiV%xTDCo5jD&)Rjrs#|sTu3Pt<hw(Q0Hy?WMW46)9
z-&%8{{e4!8A3=QcP&Uz7!tLshDG@*~Jb3r9mkY4Duws4wr2$6jdz4@c&$Arprglv2
zUJt!J$ck`C@9lf`a!eD>nO7!9AFlbrV;}BK4nz19ey8hpBNODCyKo>mvSxH?=4Y+-
zg^J?)l8iY6(v{^8_pPB8(*=cy@`>5l<Rtztb;Ez4h8!IKi8TC6Uj6?g4W<7dWh(Dr
zYNzaJYh-Wp?^2ZYKP%C{eBoau%Ji2pWaMNf;$mk1?>IwtuD>~`{~#Jo?Ocd{Ff;uZ
z&hYQJ|4xPeGiJ#C&zK=IGt>X1LKB4Khlr3uZ$6^9t_j$ia<VDRrYZQ&a4H1?2AY!A
z0)L(te(zAL$?^*R@wf@*IJ16UQyhB>ExuqH#2RCvcQg%W+(VOGhVXHCRWNmLl$D0v
zw3iuaFJ@woU8p_yk;%cy_rkfSdCuc~B#4@`Q`>#!Cwq=+UILeDrG3je!6(now~6gq
zNS}+zb96;AroU$^166kR))^H|kZywCPztT8tonnsRl73bL*RxeY~EKR&E$uaGPZKV
z=(*gL@n;ioE3-^8vv)<E00ESLFXeEPvZ*hyU$m{~znc8N<mW%nGJ~?Kk&CB;DT9iW
ztLeYRj0zh%oBrdig5h6H_P<t%{~;1t*xCN_cWnPk<o(+k`>%}MzfIbIeVbta7mOYI
z|IFC2GIFv1XO*|@<>`~M{P^5G%lzI$k(uBbMht6W8Wtc#gh-4H3YLLHg56@0l$juy
z6qyMfF-*~>5>wDLjE;6*salZ&ZKnvVsO{f$ZQJZxp)_1gKNlqv%Ii7XeNP4^{qDzq
zbNYFaJMNp;ndf}{oa24XbuU!};D~Z5C#;vWIfrxqzEwZZhbl}*8c0inhc5gx@k^_m
zP$J^h)%tm3rZZ2&6^GakQg}jQ)y>AL`=ZJhTDU_xBuBqVY%oz<wI3veA{8k1+;*<s
z+9Mxi!#0AK8&y5c^66e-8{!Hbzdr3Y=VC<%{z_h|lf}pM+0BkLT7i8|L|DCz#jEbJ
z2ggDJX<=szKblfcoC`&m95C+TF5mS2qN@ynoMj~v@eTaO=rb+>sS0k%LN`jALenf>
zxriG>(Ku|?$dhAvj$Jbat!dZKGS5TJL&;(PC&lOC`#9Vm+O)9pmBvIO`ux5Nkpp#o
zPCP`shp0M{K|D*@)$(=B{hOgwVV+WMl<SP}jBl#Iohh6^95DBMrrAXJiQLWY$38P`
z7c)<t;S7>1ep6(O34nQU;mlUkm$)gEpM$j+6+4wW<KKJbXhPQyCm7|qgFzc*e?XYp
z3D-R%sQc2p*1Pt+?5Dg{w-D$-lQ*?9?x+Ly?X%&^PkWe6tPNOD_kiRT7<5M(fBj*@
zEzRsa2S4@slg|s;#LlRNCD#J1JH#C1JGC5fn;tcyxRL>h0a7>Kt?=yivw#-A(c;MZ
zfs;GRFMdaSwZQg_-Q{K-aRwnS2jYuT2xO?lm}g~7CN8E%m3PREB^+z{Huns0s|&UZ
z6}7iImtRlh8ss7|Uwy{b1byKM%Mo#3huMwz;!>nvfbhWbfVC0+6_nop+75d)l-g!h
z0(2#fPdil<|Jwb*COO(0@zcCfyvJ;Yi1buY`aJ#&yW+=izOB%P;o%qusd`*aQV;%X
zfN3V7<N3$uhtQWN%`S!=X@j%9V)T3UQg{ux?guKF2PpB~U+6#>{&Dhm+6qKEou10y
ztnrWElOU?8_cSL_$IfQ69WG|;<Sb?BazCi)Y3Rl#r^oY-a?czA>r)iPLbc1~s?y-I
z^>E_g!YCZ7<m)#5cu?MzUHiWWKniK9s~hSHCU7mJVGN0(8R$o~b!9ud_Dkl-$ej1k
z30AjL&<xEkz*&ZuemdGvutPV_(G3jHlIhnxz=(K=*@7;$s(XnD|B=zs7roFyusti>
zzw3jcK~GdGmxf?(f>&V+jPX#Y%skD-Tt>qv5Q@e4yIaWbyS5AJxH8l-x_)H_!zrCZ
zYp+?Vawfs8u&bzc@a8EP_J5T0YfFXC@k%pSWTdMoB?<E&<8PC}Vc_Afv6~1_%f5C*
zaG>ZdCzuS@xdl|?V6_oj&dAF>sZmhsyOO}W5y)bA&{ihBhWs8VHTJ>CGmcF5X&I-5
z^9eTK*<tAA?4_i8rfQJgB~p@QzEAS73=a3v0q*lMAlgF*0hI;aFHHP0t2Ow80QcJk
zbXygO1BM+avM>=~=R^*=DJ-R|jGKp@)JmYy!Dv~nyPjau04l7F<+WG4b<sX_%oINj
z{RJ=ts{`T;s2deAXtR_Qot~3?T4gWU0I_nz7d3M9qZ(&TOe`)Yeez;n5a4ER=^BUa
z(A8LFOgL&dmFQ9pc#+*V@n_Lk<u1airM7%oIle>Cm=e}>jF>?e{PmjXMm&BBBw1(m
z0aAzCVA3aw8)mOu%b?pwG-`wVw@)Q(uHugx+qggO#zH^<kf8c00M1ZTM5!ty3M-9G
zjZH%dj&?w{pzcZf*OW<pE05*9T8w3SgzB>1s$lxqWKxT#)Y1}3tu%)Eyfe89JgaJ%
zC{a^aGrT;>_t;&(WzYq(KvtM=s!4+}frh5svY<!_+qs>S*xpt%3_QKO5?o-I$WE9=
zL<T+)>uXyyjzq-9L_=7p>rQAhEe?GmxD-5+laAXmxJeg$4H`CMUkQyiIV&SQI~c0$
z95GnIL3IZBYzebA_%K+&qMlJ3dSeJg8<x0vFxL3EuxgW1p2Wr}@^K{BbR|J)8If!O
zOYO!nw5L-300=}FcqUVo0<uD-M0lTUe*ny-vmV<OiAEW6F(yuzqW#z=1=+9x=sIp-
zcoAK&5L3Eq^JUixXB`m5QQ-bO1TYKsn0qWFhbOjeJX<9LR-OPi9b9=A>;(jrW9?6*
zn%>J-Dbb%AT|<{eJpp(Y3@>{9U=mpbXMsYBWZ~_$6vPL)gxI$$Y*R&z{rNgq9Z|Op
z1)(1M4N(Ii4u8*V^}3qf6o#}f)L3~fgEH(d8p49%%ud);Lm(*oH3pMGba0x|iMvaZ
zS-}>FQqqJ)#7;Z&(2#!vit(-ruF{BOEb^_I5R21@DVEKpnI;NjM2GsI(s7U_%$?@|
z(vOde{BPKzV9bhx(KL!beq-?+;tZ8s5IyjMr&r(<OSm`ycS0C0D{b(FyhAP*(Xtg2
znnh4Ux31(H>-HAyBjX2|K0wFNj6qJ3SHq{kuS%yP5r;K!EwRs`k%Yr@39{XWC$I59
zE*<5922r_4#d2sRE_u;P`g5H#$Uo9b_M-em<6)$`f!u~n&d}(afI!5PB0hAl0bWcO
zRVH?z0WFJ%5o+Uadu(L{5Jf8#(J2B1r7`Mh*yMw557MLc*|i-sGuQ2(<bT{{^O>y}
zKRwh>VL+!b1Hxo~{%lCN1$ma9TvsPHQ!V11A0ZWwByt<w;vf!)`KAcbDd#0DO+Ae-
z4xc9ANoYLOGYd@_60&S>cpgLiWe&xMhW8q@IbKUNU#k((WR@JMZh?*f*jd4H%C29p
zI{nEj-W9pq-#g;0m3FF1)528J07A<02Y}8|qv<Qw-s|y5CDS{#d~*A4b{iuhXqG&B
z>hMQwjdpK()9!89$fiecgT$AldsyesQl?C)GAasesq&PFKaa0h)>1%mTOjtwbR+tO
zm*IV-U=MBEuw*cv$*5T<26Y09tSwa762%GzTzy>h<yuG=YT%DQupU}*?nMJ~A(=C}
z#JM=HYTTjlD8*?zcH2$uEGzBp+2ct)X*>Pv1~%NhmM_i4kV&(=JRSjI&Swx~z(HFm
zDPd7!0L@aRVpcXX3A34*AMoq4Ud1>Cw9l!^j3c5%!X8u9D`raLk0yql{s>R7=Na85
z^I0vGrScva7aH*DPq*TDCM)*6cDG^sA~uhIGy)&}o=@y5EZZ<%Zt!2T7XM5Je7nq-
z&RMKA{RK|L;9KmS%b9|MiNOaQV~_)3ru=>-{&CC#qU$R4tIW>|_yHR%eF<@ys}UmO
z_y`&=)K@3=`<^bN^>rhgBf_^=YsQX0h@~Vx9?pN6ar44!qN3*Q^)Uc6cqNeF8ient
zprTxgRaQwZ*NOuRR%6A&{Ih4PFtNDEpy6*wxmYo<wPx@_0V`=^3%dz>DSBa%fg})k
z+WQEYsHv&t@Q@qxPX<)aTxL6>$0Za$Bf0aY^W(M@lJcpRfX}t*rGiU{6&@zaRqH;r
z(!lyn!RpeN$j;>2-X}kUyAPVwhZ&cT#ocdDr^tlVyma-9X8K=>DL1}fl(bd=9qgWw
zr%GK!0)uvJ>(yyQoZBtTIBE5oDy6N$IjXjnGjwF}X~w+QWB09f8P{EK@0xHvKw&_J
zu?ZV{_QuS{A`9A^!B}-aPV7L44Fztoxov`8b}(_naJ`6QB1=CYMu{H|b($i<55nFc
z<J!J-aqae#MF46+qN6OV^$X{6?hx)UO<=8$4&5N_Rf3RtsadjB8gxE_|LH=UW>>9l
zI-MACp~$mHJ$SiFtI|XxZPAI_moyl&pDiF2Cr-K2LoJ#Ub}fSNi*BZ2xpMSpYJ?dz
zEvWafG^1)fw)av-w=nk>WjDCzNwG&eD}3)P+74al>#zOrjN`%ZS?P!kQLtM}NS{k8
z)aB^Vb8dX=dNYe=wY1y>(|Rh!jv988pY8w_3U)qx>eRT6goTh8W(7%hu&6X0o>>&7
z0NG&WLlLvi@VtHOt{~%n3SO~{b1qun=HtrmM{+ed`K}gop?LU8^O%C8jY`gsq(2hu
zyx13npFR3-u@CCYvxM}u4tBlC_+94`>N`K{oI%|Xh1_a|_~#=Nh5O6d=mssCxWQM-
zH8~ZqX4nEJ?Wu7=CzZsnoS8=mDhIhBwfU-qrKPVt{#=a6pf$!H;@O?t&iafl=*gB2
z!)*Zh_<?<C#XeY+ovj!TSt4;N1}j!pXjh2Qm@<|ylf)hOrLLRabDhpj%`8QZh23kz
zY*0U%q<dZ3Kp^CE1=}a>7}KZn_n%9|;Tgu^d44UcEAzwhZ^;;7VwcNyEkTF<QsYY1
zsBjMwkY_POO%G!de`<2c$xAdmeX!a|wOq~S$|kswEsJqk>y?f~UW=YRC51{sPp_84
zhFPAmLV}+7y#xw_6`wvm&StbSiDEEOzidA}FoV5l4kRq#!|?W}3p~2_o77B%dnRM`
zk5BZ@ZxggE(~RMb!T2v91#XBIwq8s9>EJfG4gI#R&1QF|d$9FMt`8VdNSoM0&)Bq}
zurGL47>$XG+(BzzwE$F1USTFL;I#C>tBpC6c{2s76zS}3!#a(OQsQVSYZahnSRd}T
zg}bk<eX{GV)1!$F($4$@e%DgtLo)c&&DQ4XRCujk4>hemyc*Ba<E)eF?UNKer;_6>
zhW?XFi&6{YCAAfUItw<l=#c}5Cu~M*BE2QkCKVQl=s-nhh*&LKSB)vHSmZlbWB1No
z`S|M67`*He+7VnpvLqK%>r$+*^DUfJ35(8JFg%ueb>-c=`48&ZR8ihn$sHTlt71+G
zlwgUH<2Pg8?8Uhmbj0uCd;4|H?E1X*uL%aFr%rg2>wx#!$cA~m`Ky%@N3}{><H>19
zoN9XIGJY1U1)jCYiAW)*mQfX<yyL@MI4BDJK>q0UAqC27GK~`>F9un_3<217wSqIb
z_o~3#pUUvnU6xS85_uJmfhKXLjg1{vKzmBI<@a64h}t<~5}7Y$H@2R$g4Uof<~sMs
z&Pey81OXuq%xBUVKEy67=H*BvMSpvCLaCH-#nw8PT8TTj2t~KlIq-!d_t>ZIHJ~qP
z^p!a{oBA;cHkm1#ZpiW7S;#EgSx18jvQfGJIPF^RdyKYWj8m7~cWoO*Q-++~ZbF-I
z0NmihDhKk<!IgQ)n3~za7pc4e(*qbXrcE)-<sDAls7{mUl=IOENlGcZaNGWjlKHXh
z%<W1TGjkO}@x0Zsm55sM%$XcGL2)9a&tla5C^(VXK_#8(;Q<nZ!IgWN3Xyhg@KagX
z9mhKVcPSyYo;oAyCI$yxE3;?)8+<jTB*T59Hfs1ao?lco4{vF0iL0x!$#zt@J|R8D
zr}s000MRCgK@YysI4>I7{Ug=laXl?MOed_PGQ|ZSQo9LTxB|sWV`io$UL|z+TR$ze
zCT)>Axnkd%tb$v=Sb%Mg`9aCnrJ~IE4<i|XY!Qd0H1eKp1D0LqL!8Tr^Erd^E!gSo
zTg}CV-uG$0t10K_;h}kBDIyF)?L}VCTbf9(ey}~~+YD@Y<EjfitZLO%MoYP+%x#}c
zu)M5?(RfgWGi+mYO<VffoS7w4YmjyXMG;96dYmbxc9$hitO0VA40G&LjsexQ-2o>l
zGX|IlcQHP-wPEld>QwtC|JGkiVSQi9otd%b9_WW~HX9Gv1PbA@{c*6mnJs{?>w)tT
zHs@knxW>182|bTvi+4V7UNR({;fP`$Jj)vko2wLzUDslByJ>m*cGfR}HE0Y#-}Nod
zP3lTq_UzZypz@{nGvDJ{puT_$RcWoZqz$b3P@uFZVA_PaGDW(PWjbg|nrETDqm<a~
zQuKXt7S^ubhVL*)hZ95EhfuT;k)O&}tMk{Rl@m+F+R5}b!>6SO^`htd2q*^v;fa3I
zihE1xi#>=palI>n6_T%X=;+DB9BGQ7vO_Y!<3VmE6CIANy>9;4jR|Mv*eOc`K1Zjt
zz@*Ox?=*Ybzv*xJq*+cQE(D28P-Bv)0hq2ih7Re%Son>9=6kNM?RQw*v9126)9bi<
z-lxw%uZy)7X`&eIyI<!WGw;Q<M9Xegw`2~vT(&Jk&31#?>er^-OnJsdzAEov5>v4m
z={BlpoDR#kJ7=~Z(_mD6kf93#0K$j>UgwinM?-BVLYe-Qq`xC`M^i-<kW0h^?0q@q
zcD{&Q@HrFhP0&@{>&fPqwe9o74YhpX=S$=~riJ@MX4{ejD6etP&oMy<oGaqpp*+`8
zJQ~~yJzB(Go%nFr8U1JQ#d+yctEZE6q|ix9)?IgD2YUBVcJ9jE#kbe)Aky|F{>$qg
z{Lka{!oU{%bl<Nx+9}`(ZP<4|1P>m?*bI2>=B$_;>55fnHMJ{;AhdHeJ`)*nfC#7`
zd=c#X%NYr}Hj?MxKjwLngXeL_(7+*dzsf;=&;gim=M9(2{6o3jq#1+F>)L!yMf2wE
z&r9~={+8dMAEyN(-3m@9TsInZK>p;ZuM?*qLC}j^ud<v=yZaRh!GK7uv>_Cz8!f2=
zJT4ca85EE`j{T7wnr`W5a-p7W2g9Cek)G+nv*CMNYnod|nFK3J;$yupxbM%z8+++>
zUc+~uh-sB_r6wvOe)S5*Sw}2k`Q{)oG7v_KAIprX>c2GNhKY3BQSm$-dv*md_QnwS
zO&Q4yo*BQBcG9GYDrx&}O<=;lhtTTI2Yb!S0M~a`b+H%y9M-@dYmrig!Mr$V#ujiD
zTq_$`Bz7+(o~*LF<EYt0hEk>Tt1|i00)3b>9GqC-a>+X{Zx8Y8wjEKPf?k3hkQ|3d
zKI)RaDFl5C(xrs{uclTv+Ja#?Yn|Ap(PnvzxSYYmzfLtu?BIwqKVLke^T$ezXSo(x
znWp~O#~*HOthBIkKJ(xniCNm5ud5?`Jk*e7yFb~UgPuD#tl|P6Vg|+&JatG;%?p`@
zJa~bE>CgdAau9M;>zQMTE79+|N|}Zlz39;|<4#B)*scR&CKJ1kLSS;X%M^YQLye7^
z^~PT%?`$HjFQ{vTqVv=aSC;16?fkVO(G4OX-mBK~x*yJO?E}`sS3*jvjeDuV%6-U-
zL?XH3)QPLrMlXn{`(V_DCl_8mPfab!5N{2ByYO*_0}c2PKblLEwqfjML^8e4HdYUA
z`z&YH3iO7xKZgS<b`o<)X%d0!94s~W%2dv<&`p4#{s<RKO@@gmqN~Bjc2WFZ3bRTT
zu2ij~7M+-k`eFK7If~)})PEYx(Qm|T##aUDo#MdD_Y>i{;o*tqJV`ZRaItOQP}L7_
z^+9d~wq*46*C>FOsCux|U&xOO%yT7>_uQhMa~&8ua>Rg<2EE0F(rsW}Qoa>?9S*Z{
zJ_C>4MwzDn6j!+@AfE_&R0AVPT3D&Cs?2Z(PJA52f4{^K9@<ap%h0Sflb+4i?|l?C
zDs{sBZUQ&v@7AZ)8xY^{C+$8>hq=w?=8taT$lab+mwG!W)P=pX1R*GMb3vc39W=^J
zTE4Yn6UNESQ)df{^8DcUPcmQo{4mVRoIWHWa26-9_9W<nIl&R(G+j-DW!WBCt}N6^
z6ri_bC>D5|Cp?#IPvm3Y8WRn3XX!nyl#>jXlkDXN{u7gfojKIa?}Yz?)LCxkIb`_Y
z0!7NG{&O}OMM)&j`+mEuY$=nn7tyBR&*mH}(;%E?90FYb_1?6>W0!C#Gh3KSRZv@o
zbDF@HRvoqjznms71Ma(v-Jojz<>!y`S5A{euk+beJ@3)(Ro&t1xAAD*1+t#s)f_zP
zGO@W}y`6#IDiggwr$qNoJ>-Tfmbv-1;D8Dj2CNb>h>S)7@Taew4rR=ALx7#>>lD9m
z^PH<b7P8wy${9WH12FGLu3qVxuCN^Hq*)R6+Lbw<ypnsmv{<N`?C*qWk%ixeWasd=
zMT`8-=$oJUMo3?my*LPZUsRQ3yk^PY7X{|jkUktI{g#!gM@p3ZU;qWY*1-CUt(gy^
zZu08G-)*;<d^#^f&;@KjO(%*rC(+78>B}_dh#X$INtQ6(l|u|Pclgp>(vg@ncW5XS
zm9O(G(2#~~pE;P<lj*Bx>C-88r2>0ZqwP~U`=>;`UrF^Son{Jw56JEUTb7OUJ}$AG
z0`^{|#M8%Fhev!+==WjgA3>p-z_xp_3W|z7Ny}P89Kv$p!{x5lxXnzq`Dv>puq*um
zD+k$J&I`DOnPchS;$x6$5i{S8_V8SVU}$|=SeQ8O9<#$1WVmFCjN^??(f~~hpOgH3
zbLIZp(v+VHjBY4I^7;EEiy2DEp+nyoemLVeS4RL=SoiPGO*=!hWIta2?U7qhYuYqy
zk6HL1o-NR@YTwkJ7v8u6UVhWH#p%P}4R>EG0`0Ko_#LN>gfh`Q=4|>66m?H1C)Ve(
zmb2Txx7g~9<*$b|pBZ{T+#<h4j)x-Gd|`0!4q8j5DNEB!HbLR{)6i%4XKINGecuS<
zrQ-3uzDD9Xq|6B@z9$miKEXd~#JbnlEpi^=59L1XN9*@kti`{-4UXVUFlt3oB98q(
z5>}}RaC)4#dO7!CzYsy38H)M0qJu2Zw}`#xxtGAZwH3kI$8X3K^aQyqaA8E)GlSVh
ze0re|=5Z4+NC=_jB-u7V_~GpcZwENyaspG`MQ&{BhC!tLQGN+^&UbR6a_qNeQs3&1
z;u+60EUs@~GR5tyIf`^e-t6zH(J8=D$<g{w*d04hxU1$!tLPSc=~OGsD(M6Kv{@8c
zl$}#4DqaOE7a*E;CwQm@VU?bdd1cG7o&wfdHCQAC#Ty+~*Zdd=H+jMW9-Z1}h!Dh%
zxucmCI(1I_I(2DRJ=>1$(l213sISv6q+QT)k}haW{x&Yuh(q8dT;Sl1P9Ak&m@<E}
zJmo8iO@%w@#!CwwsB8x?uK^|I1#1KIO|g%=#x!u|>X;`)Ws|IGvc}$zyCNJrRy*ZN
zWNuA6=>|Hr`8w%F$~o7LyP{7V`jf6MQzd^3*H~x7qtmq4h^3eJBwcVfN#~NTK3e3y
z;k4TcE-vY-wA9+lH|e9tLM1wo&@~Npa6C5E{{7zP`6C%ze|!mLzd^&sRzf8M^Wr@2
zF$DFhzJ_GF3l{JiQYu))okNB6*JY2k+{7WF>>MgqU!x&bMas;vgK`xm>K!7yA2bh}
z1(NCO*+ePF?IT7`F4p7BG8Q7tY`9hQ)P{tC!nZHk#In_>7tx%@5Iu*gyGbA~>Rr&-
zEmO|$ixwqlU$lvqIHZ$gprJlgMoW8ByQry=d?OiZ@JOQwo=k6bbCDpvsTIlYuBbjX
zMx=xuc^e5GBNR2#f_Fs~IS!N|!A7r&V`m5b2NHWrb88bc?w}(vN^EQGRnY#4?7(X!
z7#94XT}OuzZonCY#tN$KRpiL#M&}C5orAhggoO8owke8m(T^M=@0%D3uMO=1eEe)d
z@7(RWChVo=dcJw_m*=M7lIUXGXY^QUP@raz4q<O|cX=C7^d`og1=LtK;9du^t*xE;
zJRmLG{X7TQK8UsE)*))TfUr6IYnrOxSCOs~LTktA%Q@Ll2c<-@qulJGhc0gFtT>UV
zsiFpz_;pZN?n6cw<7ryPd_-ns^J<)O*DD(8AZa5Z4rCzSkbOo!x^qP}16++%+8ku$
z;YK=m2A~TTuo<jm$U4k1FzvV6>Z#~10N_i?U@6hxn;J&S?kZ|hh=mL5ilFRsVh^h_
zsXy5jIeNu47T{mN1UZHB6o_Ir&X$TQm|+9zyLpfqqFUY2hP_rW7@(I5q;F-d3&{#}
z!1-x|z^Du@!V6b|jLLC&oe^`FA-X{(f_KJmp9)b}(W3(BgEg73ZUP=bvLGJ`G{o`@
zr8yvadZCJPJ-;Qa_{)E!mX?=Q!WOU-uCxM$;%KbG6(63%SRnh3DuAaTXmDW;8@i#r
zk+{?Zz!ZKwH-G!8U={mv<)RX1?}JuI?`eZIN6%xGDsYPLALMKVmI)%u&mog|Qg(UI
zd7VWUu6##D1Kk&?L_1<dE~telkvCl!isR>^m(W5pLr+vk&uF<J$H@d3(^lCR;^615
z3tOU2N-D+)b<2);;BW2lsRTjka&)wEI()gu>THSsE_cDDniXrxZ#s0T0@-l%)Tf?;
ziq-oSO@Bt|VFP9fb;GWOsQi;O1*E=}-qV#uqu^HG6Z+3aT~#*yuR-{R5?m8Iuw%8i
z808+_K9K;gjBBle1r$*&h6Le)^3VzdC9j*1d9d6~kWc*EZL<7sxjw4lW=(!w+;dG^
z+)V+^)BzW!E)FjWCE5IV*@+-6(@k<6=xu@yfO7<f(vQSX(TbE3jIy2rY&92!9_sdu
z^4yS$wBm*pRFyZyC6Yh%&^LA)%21Aa49DxT=O_r1{mx4|DMm2ecWO9*Q*+SaJG?7;
z8rzVk;gJN2Ms5?i3Ve43#Ad&rGSy3elq|%lng_lE+-Zj?h@E2<BS~&$&-qLZnKU+K
znlrdHsXOI9aGeaJ?0@R5!jp!mOQ*?sDQ%SFyA@|5Ib#I79BGSIJAS-cCd$hv(mCIK
zKXQ|(bBH;7P@iKbm!g_fC4LI7uDxF1yC+GoDMId)hk3=>t^0v6I}L!NjjgxO#mj;F
zDKo5zP2g-6<`(=JqD~WYL9{mXfp#b_ykq;6)O%p=7&EuyuMxpw5PtNi_~^kiGRJi~
z^z!K3?*@ClGdimc<cKML-}A(Q2{tcY_rQpm3QA?!_oZ$c??jX5S-TN;hP`7o2^yGF
z0weWPfk*b{`%US{lcI8?@^_<ki+dPRRqPm@g>s<mt%HFxBX}fX#1IaZ`$1t6<jCrQ
z#~1jye{Z?yKu=0#f=-_9!?1!JsE=K>*ZmA>rD~lF{J@)6wZ|FxhMIE9hly#Mlpm2}
zmg%wh2%`S#`fxs>&Ovl8<JJ3qUe90lk2=k|GeLsvM=b_@pzdRVDusrDJ&?!1=X`~}
zet$`efA*Q`c|*n!K%oGa%j*;2l>hlYcVzd5<nO>c_}O~sdHrnOtNy*ZZu4pGQ9~eK
z_?`nYR0hPZtbhUo2?mI;^V#G3pyxT*xgQ1fH}P|~N!#?8@{M_&zQ?w^^R(77fbvG*
z=a}RR0ax@zgUIifodx0v<=mId>wJOY_n{iJ<vrqGaz9HG*;1A_YfI;ye+Dz=4f5;@
zlkhIU>+32%*7F9#CG3aPB%E{NYpC70%DWiKEXRTgPU~w#mWG=ErkWM>M4ynNB2`e4
z9Lg;66t*L3_fO+#>-~Gu^a*%!K0un`wrGIJ!{dsgjBv|kx~=qO?5efgz4HY;IU>Fi
zR6!y;&;L+(666YS9*)HGntLd?{rhab=5=?FUnDrm)3vlSba&ub?6n@PQSMwzYKP#3
z#*zbRqX52+U4!j7E1m^iqct;H)cth7YKz`>r0h9-;&orV;&j`rZ0+{P?L1`n!O{<_
zoTFRw0aC}030QBdgT|l_G$%xZNS%9Pd02;^#cz6M+hCt)L@-D`Gl*?X+nvC2H#(d-
z$UWwHce`HqbOIPbX%9hfI&BMlYu0!}cFEg~j@Vw?!g-?EZ#KrV5Db_Z*o#k%DJrrU
zG=ZgU1>n{KmzqYb#DZVL-|@QJ^KRz`pde~(g*$S)1?W5cCGR*j_O87lvRVb#K|{gu
zE+H3L`Vnl5qzd}B@o(FW6*~IzSRAx`I|Qor&do2-4TPs-leY}1WEF6N&#$imbr4gs
z_gIY-jN{!VP};*TT{H>TdhG+JddOoA+P-OC1dWe5@u9|LD17w&wkD4FlFew+wv3bA
zoC(J@&}i-N7zd$sPEfc6&`0e;cic>6Y+x8*%-fWw@l)nO_jexwE4q5!C0P{+oLlMO
zRd&V&3=YhUD0|GLHC~i0t2{nWUM%b@**+s)5OSP%=yt~K_48}yM=>KthbYEV9?^Hc
zhY^aJ2)>lDHgJK#1D^;}paDD(>C4Bb40uX$bh;TTkm?k7D<*FEo>9%TNm12OD!oRg
zgG3`7;WfKG_^LlOG9H%M$g(LyFepeBkfllqY09935mb<)C=VicK9(RU|J<X#I(nQG
ze}G*@E&3@5RlHebBNVEz5QG~NiE^XfdGIElU0soX&WUApGs3Wyix3hM%mQ={9N|b`
zn=n^`8AwVLK{g`je%6y1Q+KE^?}Z(3ikYYgOWQm!_^ZsZhJ110<Cu5<ORnkP?G{{r
z!Lxtd@Q*A#7^c4{(m&%)|0+ID{C~Gw$lBZ4|CbW*zg*gX@>%?Q2{=0!8xa>L=YI#c
zasDGF??2!+7RJBsi~l!7@9(((25$Q|0_uN*qW;-p!TLYLZOPMizZsFlpFLq1yfLZj
z>yy=l6JgLIhd&k1eFGA(a4I+xp<#Ev-m)25Q#**bTg*pBi-~tHTi@s8U-LPeAO$Lv
z2|Lbe2Y<Ba;eWOxX0rdf*tFCeZ|!C^P6KQWesaG~^5=vt(@g3wuDeFLKi+P^OMH_~
z`j5_x^5-lM?oJa|Beptz++q?^sG7J|bNfrX`mrC@o*X!jYh8A_Y{@^1Nx#B)bjIsp
zYg+$m5;?6kUVK{%X`EFPQ><LJQ#a>#*`2veq8?R#-x)&trEH<t=9;?(wMp(lt#jR%
z_5tEHkP4o@wYnEY*B(Dm1|(2lw&ZUX16r#I0JCrV2HRNxfb=@}gYGcxkgb4Y-(`KF
zUoSi`?3bB;|H$}4u*>=)|9!Fkjr{Xl+UQJwKz6Y=sIknSy#0aWEV8UOxzo(wvA9<Z
zk?j-zH`W_Z*YMnKQC#MGydTb+_7dwuYm$tAcvjdKf<4DWYuoDFZvXDwZXspZ7sd_S
zLu)A9I4?XF=G6T+lgibP5!N8)2WIb#4*r+f?_tiEv7}vrL9^M1f4P|d51k$VpNscj
z(t50analqi#rKamzW=)m=KpfszyIF<@%Vq?9r?Fi{=Z>`|Lh%M{}<j7_W#j4!o<YI
z_+QK;$DZCkD$DI>txv{z<5Ogryx}HKCXyaUQWQu*lI)&vsHjAUAlM0H$x|UQ6q&><
z0eitjMXV7}BwF(zUOqrHsQoB>YL?yA&EU;id@WjqR(vgxGX4aQ8`2cd+SYEu1xxSm
z+q<7PmvzryE3G}NZ+h0Y6ufmakdBN{ykok)c?SNI@VP(^I00mC)rc}IopB6;FL*$$
z-8^k&H-*Wo{@_FpK;`mP=i6(1pSqt?0d3Sk&}9UF`=WL(5Yd24PKsl=_#!+=-vV$(
z_3-4c&S7^`s(=64_uz>O?hd4%ZN2BGAH8ek%v(Ker?$XY;uTb*jw|((&#$!`Cv`vY
zzz+C&G9W_Rk*HD(z`j|0-3wq?d)${7!z1mjLw5xGK0^;Lh>GLVL;6R@Hy}Qm14|Y<
zQtIR=WvS@_4)!CyZD{d8!lAMaJjsyMTh9&pz7Gx;Xk=z_zSP`h_*<WrwSE=)1sX3n
z_?7@}kn|SqGPu)#XDciNz_2bu<^ir3TFmJI{WK`Y>9p)>OB{I%B8?kxy2p4KN@#@e
zP1}KMz`+~6p)SN1(l6sD(L!Vg*1Ur#G6cDc1V2uJ@B;D`lSL?z%^$$A?;0{mj98uR
zk|>b0YKXYuN6IgM;4Cogq(6Yv3i;Ol{PLsx5OQoW?Cjfs?ps`K|IBUaXD$1!&>jqF
z>mdzcxNN!_(r0p;>18kR*MZ~OgxPZ-;Yt*s--F5eQickhKltU$ejj}&${NxmkI5GM
zRIT#`w~f$w>&%yP4c_|pDPgxTmFG3IEyzqsgdjlPp!gQ|i{rQDJZv49YZVX!Z}1&g
zzdj;F8+0=-)YW%-ot|Swi-A5PY;PGC>yw-d%f=UE%ue)KEXT1}rCNu!b{ZQ88#|qD
zLtD>vht?{IxvZ<|v2eRlfAf89raFJC&CI3duvjSg>muOz<Y%+_W|id$Sn@nl?W!f4
zRVvjjUZ4-PFt-(nPh860!<zLafx1wSO7e=bZi2qCyPGIkJX(Kxg0*`)*2HzBB)$?E
zrhcB(SzJU+%C@?~1e3I9P*O(8D`WnzI+;Y4WjD)^DjORykH23Zeu(uL+!{f^w%Z`Z
zgJ#2XWvDJ`RZtx0?6RmV2C^p^cGpbk9WSCE4c5uU7Z4PVxp+Hd{L~l3>XWU_<d_Pi
z$on;%y5iB57&fw!WfeVrLO)g;i*>nd1M@3mEaDeUkr@fO02{uW<lrkH?3#c{$Xr4%
zXZ89~XBTImZ;WSX6%KwIU1}_Ps!m<P%;t?1Ui~`yXtUCq#8bsecQGWdLxx65bc$)c
zw6GR9-T3?9;}|PGNbxwM2LeXC?H81#RrCDhfv7$rJl9o{bGh*t3p4wgW%|#j!u__k
zLId~?TpTUMp|Q1S9y;XH?dyn&;_xYFS{ZltWw9h2^=9!lJiyYS5ZqT~-R6mw4Kyk%
z{I?a(+>bN7hq`I;?K)%8FgZL?2wZJrV`%Olvw=D(r*RJWE+<PbKb>H6vGMXV4Q}d;
zZ7#C3!%2kYs#o=b33m4*;oOYewgo|rImF<0HEf;=hrlYj#-=UEn|`faq>~uYb3?aN
zuo&zpq!FXyV)aCJ_tX^xZH0(dY{eOs=iqqDhX1kmmB)cen47QZ(jcL;jvZTu8Y3V#
zVjCP58{0qc3wW*6WF!@PG8nR{&559As~p+gn$SRNiD;(*!PkXRFDVaOPE}!9Qp9Ho
zoM_-^=>dwXcOEQFI&K4%?$?!#RQ|;{>0}+I)xC{u9X=fGy85G8%LaKp7TIl6+t)73
z?W_>{l#Y&Ti%vbQd4+BB0!O`NMinknR>4tNZW`U_vN|mT>t|mCg#>A{6UI(#2!*Jm
z9N1;*{T;UAsl_dO;UIPzh261FMXH8D4$gGMRDzYyG7SFTv=x<-bCqM9^s*w66y@WF
zwXK#l)r8sorV=V~1bEk9);=(sXmS>e0+l*&V!oN;$$D1J@0WJo@o0&-TIU<(-WloW
z=8XBY^;&N07D<hBvIc|acfhV@Lz(88ms?{b?0HxnH5oPd`DtOSPaP-3G+Q-LU`<`@
zAgrOs?a&x2uogm__0Q52be3v!B7+S-qub31(2Z&z5!SP{Pg$%kDO<JJ6?G#OBz~u<
zVjLM;SK_rKU&RhGukUm<Jc6U<9k(!8`^J&#s7jQ2d(g}@_YeV(!A&aCi7f<*LaHdC
zBCy8n{0V|%95VwCGdQe427v=$k0PJp>>F_^|5T(`CIby;5w;O00AL^iBKIM%<8%iF
zbtx`HHA$_HIqCBn;ZUQz5SSPa)|F-UJn$kZ(+rQSjLwjmIjd5CFhvQKBp74Z*|(Q;
zn3`VPaSF0OiHfB@47f;L^cx(uD3N+v7Hu6|WB+zoGzvz8ga0B$Hqs9;Y+w)+QE^1h
z-B!n*-=wAP2|A!P@<1Q1WD=8t5qc7e@f8V~gVR{H8ca%I)@y~!>?ufeGFHZB{;UAv
zON%uhLi>BTVUU<J2q3qB;}-GhQcEwJ%qjY7=LTcKPWs!K)-aA_-*ndG(N{%9O<m!j
zazsuhY~?9TLd_uWz=?tf9f_8qY9o`y(z%pZt#toX!exrkD1D_Nh(}I6ZpJp7+y3M3
z#THQVNSVh-i7%ygKP?~jw3FYJxw+D@H?I86{zkRC)uY>MD?Zk3F8LG}wl)uIH8KOc
z7($)^fzoy?OpV`{kykWtr5r=uViOA?3XQXMr&KnS2`&{SBRyf`K$&?kciDzkJ{HVs
zX5*=)=)GwLu5_vPg)(W5j+(lWb3m1;oMuJzbh))&8mVloCQnN{U3x)WaL~Ga{;K$;
za7BpN<M%``fX{tzxdCiAIl?1<lJIS--*A-|cM?_2k^8xPQDXEGoBpvwy!yi(&o_jC
zW;9PsV0Lt|jiAFM8{&Z`@$i*Xk;p1nuk^V2uFQivFZmGnV0QTaj?@@%loDjEqZKQ@
z1PvyTsZxZD{lN5$$wh-#G4)0QIj-HERzu`!#72$<nzz<Glqia)HSl@KG0&q%dRn~u
zbp$B6inSn+qGS-OZ1<T#(iI~h{Iq(ooeEwyK5Z9bBJ|ZE-aKg95Y3aH4S-XIFh7Z<
zss1&O4_H2L5@+OS6LS1jOx2&54ulY7Cx+QTm!V3hw3|x4K8a_F&@5tmsyc2aA(g2m
zmZZfyvS~NHcG+8TmX6)q#b$Rr<te3ma&2nrx>ZxH@7M17aPs=3HrT?7<BZFFWzCCt
zUl4X-!Uq*3j=Pk%;H32%S9@MZJv0rgS?!Ac3iyiY3cOlc!nXt?37WODUd|Xpjqz~h
zq}ue!Fkzk|>1Z#K?OoK(Wqgxz2e}lG|24{GxZ~bi;289){{AChv!?y%yaMN;eY~8h
z%zTKPt*x5Eh<P{@s8a@V6xSmTRqQ8kVh8AU-vVr|u(C}Nm4dmPlqQY2F*X|{3yrF7
z#B1q6lI+no%Ot@L7CzVG$TjRN!B@MT#&YNHmhg1@HygDF%HHo+2B`~UiKjB}4|g&D
zUfMU;Dz$c43vCh|TJ1y8ZmrtIilyH}C8CYxk%zK0sH=PInJ(hZFpEQqOnOB_Oa%B^
z#b+TprM$Eeq-r@8Tez>GUxS*TlmxQ!yhfNbkm=|%2k}GxFGpvVe*JTOge{LaM$H-#
z%^CshQvu9p2{O@-6_zZqL9DXUi?Gg<@Sd@DLdJ|5tnd{>8PX3vR=<XWsEwIqCmk*D
zGI($vFeY&%Hppw|AE>420CB~hyw_Y=(xz^ucz~0=Q;{kZfGlgu-PXY}1b=4Q4T#bR
zp~g1JudMvet7~IXnFay*jzZf(ib-d1bA9eNtp(RN@#tv<&x2<8&5J+0(R_&R*)Gu+
z$D2O#+g}5dAiJ6ER$`M;Q|~SKT{3$3-Hjez)!Y^b4dDC$pW&d6mJ=RKV?5ER#ODz1
z3<#N{OsiCrxbT<<7skqvbCv^g9VfG5T;?F`oV?jFNw&KV@m8(rMOVz>39~NvRN4z!
zg%z188lB%w4RksLx))8tc5df*;Uy(M8@QrN%p5=B?7#n9W@10DyH#yAx4z%?_y3;V
zCC+_~FSXHfo@~jKakt$$AX(-2ve~wE*2d+n#AM|$W8Z4CcqTPIm&ujUWjRGh`)Lo;
zpaC<F9t7##i!Z$={)&^Aot2Q8nhL02N8#L2gegr_q7O{B!69g1j@{^T;U7*=THBLj
zy6XalTg2H4GwGv<&K^CYs4T&!N6S{K;?RMi(Jo`Hj&a+7G2(EjSDOUMifY$5VMN&x
zgt8uvq}zcQNX(r#KjAg=zsd_QwXqX=4;vQvc<$KL-|D&>XO-hq<;_ZQEq~cO8~nQ7
zi7;nu`%_ldK97!R&hNCVJll~z<?|V7Tk_CkZeTitV7thN>Hl@??Xxm69iK4N-Fn@2
zEivEQ82=^pS*9{`Qm+|}PlAoMi_%_7QXeID0DPD662(dJ3u<AGUPnl+R+p#X0Ugp2
z2{%zrbT$g`tr*oa%ukY1U=Pm-E^QKxoWxczJ`qBvjA4F!h~i+)9BC<iU(lnRW%24k
z;ZWa{Kj;;<F~kia;~+<6+4lWe`2ASn@Z3td`*k*Kf8%9yyjRB7+M+v%-_7@yU+XpV
z{l=R4eFj;ZScN}7d%f1#d(tDnjx%~a;!)erM}?mAXGyeirF<3JRmxK8Jb}K{xPgM4
z0;f5G#hL+@mVJK6sbf(A7XOfa!IpyBn>V406x!JtScn6QGugVQS<q_ts_Em}WG+L<
z1;z8LdEOhueH&BPuuYkztwNFtk8k0&i(Kra^v3UQ@iW?(NrV3>)B%6Py#Fh07+{Ig
z1aVBqOwJ<26;^_k)U3r=^c`*Vc|}8sgklZrJW)4ax%9Nah00e#7m3&Q1}&Pw;l;ue
z>|l$TpXmaz?>1s%-8TyI0%V*|bHOMe3Ox3u3M5vw-iX#$T}phj+=a+r(DMZo@Qt=w
zM1Elk{R|Cnw_^pQt0DjEVfu}pPyZLC8(*L(-+X*bU=^&b%hi0c5PQmTN>72z0_Fu*
z4kX{5e+A`f3bnF&t95PORt+Upl`&rXuW8d2R5|&ch2(f_Ck1v62KVin-Qv@PI%WA^
zkCP8NF&!;C=*92Vc{xg=NAy*0!%*qxQl)trkIIjwUIb!k{#D;fv&84KX#HGbr8UQ1
zO22AXoY%dAFtQ%-D9=rO!@ml?QoeG&?Av(u<$QU$w#9ZefFo;QTF`#f9*Az0i;^k^
z<1Er?uJhB5%%W7@|5<54Y(j*CJKB#m_ByT~)#|!M&Mu5^Swmx<qt42xTA!k6Nk`Vs
zl$Evl-KKKgIImxNU)D4aSHtiL>2n=NsPpj|ch`9A4;@~AtxSyB`5IHv#icxoi^6n+
zg7P|KxrmCI1b-)(Xi>Gar<P50wE%5Vw5ZBS0Wh2bxm!rP!IBrtid?J<GseZPwrF@y
zH0H?nJvsSI;w(KMTFu-5BoA*$(001H&1`qME%HrnCi(w)sU5E-<+F`X8tswUSU)<m
z*6%64tFPs2y<WrTYd=2G*6>?!_F=9e#kVr??t(#4o}wNfmoiITPfARR(JYg~^l(m+
z%bvo;-RhE}wuN+EJszQDW33<FV8}g%)&*OyN}0NsCdVJ`QBThpx5pM}md`mEUYy_T
z;y2svs=qIyyAD2|qfQ3^&Yc=j!1Ls%WKqp#5*nedZQkgVYDmTLBQYCXG_I7nx6aSU
zLCQC`8|H`{f`Fu&F4ae$=GGuK2qxobpA?zAe-BY;Nv_dzFRPK%*{UeH&6_m#J$~@L
zi9OXF4-@*|R(iS<@_BiHw=gV+i>80ZT%C2#U&Xo3_ISCdKB%AUpE|dMwC<=bx7D?k
zUtG@+_P*{BgztL$`T2Uz<K57I;}Q-#Re)>`xH-ZO8GEr#vM8Z=d@Myr$IBdg5)08<
zC@&sx(wA;eI}$~WU)dqw3G))18cBGWzL%&voL`VR9>~f+vd09*hKZG~pty<FZF=<o
z*_{`&)+dI}dG0=Yze#AbxP480e-_vF(YZR4a-2M;)O%xeet^E-0u_MTVSW42=z0lv
z4c>T*mmY^)kpws?E1AkEY{Bu2HG_z+C6k;m*j4Z<)-n#f{M+6llkewI^V5|Imx$t>
zwNvv^e%B`_YL<P-jlLz<nZ>e<vI+m&+iENME=b}13?l2hz22wyc&CirSw6dmgIi1m
z{Ow2J($jIq*L*eUhyRe$7qF5yi;U+~MfGjM+z&ipbic-*hYrRVDna79g&S2Hr3b3R
zI!FSS=igMgp)kZmct|^Fb=CmPYB$cAD*nbdrI|x<_G~h1sXuC8$<gw+wC&b22@-@+
z*OAv>`vMpJh#bJivfrH@8c;C7APg#fW^185!HJc7AX~uKvX}NMh|33UXfjL6?AkJB
z%6znnvy_OR31E`nBJ(XQjEaMk^<jqw$z2}wrw47!4G~pDA3EJKyT48++qL4dC2B}%
zp=bBk)ybo}1Rszv0hk_Jl&)bggGwSiei=y3dUL;HXpk8P59oba7iPs9yozL)D@S@^
zfG#4c^lVA%g&B-@<9Z|g9#f(*UhWo$zUR;Mr9fX#(#~=Z&Z9Ycep(fY6(bgG$7U$3
zXFT(!jB9OSlO9kfqFO%B=AIYXuV<LKt40iw9Vo_~YK|PHW7|GdYMLz`Dw9h64M0<O
zoD^V>UtM5NsTeNGr_YY<k{h&6n%*dJYfW1{+t|(;ip2OyAt#GMmci9;N7_|wLL=MC
zJK!sKg0hP{uiYC5B9$Rq)+KF5(DpK(evo!Heztx;PuNXw_eyUoQ2%`yT)So;jVCy(
zU$xqVd+I-}Y20i5=`@~pI_eKv2%xI^v&afb;fE!}{}^<JQl8c4QTsw}2lH941SQ12
z!v+$=H<>zU^#^ASEP&=3Y7i6VK?fNma9>0r)W!YKn`?oc=mY&&EMpuweUSH#tsF_%
z*gOPaNZSeA;MkLRkhwy^DFmh@-;(^?#(GUmKe5{{Fzrvu8QMLtcu??C@lx?i<uT-U
zQHN}|#3!t5OPO9HUkd?m>r82n!QWF7WSw}*tn3$3qPlguh1w4k*gBp40(sK7h=Ed&
ze31JDU=EtPfLxPokZ2G7o!UN{hc!cRwLuCG%|JE-3TJc;SO}%sKJEibT67IW<u-Ln
zKWzG=85#%PsgpzWH6UysaxG!7A8~mnwdw{SnnB`$ToI^F=vcjAAt>M&MEYlH2FPVl
z-e?-&ETQJ;8u0qiH?(ySWsUaGFxG}qFR36GZLO*l;46bV)1xqWkgL`#Xq*Igb2aJ)
zpea_fs_&~WgI}`zwMUO3d`jv>ZH|4tWt4QXH(A7~XtOkF7~mk*UcO4I21Hm`w;`W_
zU&6Y}sV3w~s8J4{1FuT9{_2L^y^EN|sabrVg&TE%)!k;srQ?g|H;59D^Qc$aFr^s3
zc6%aGMe@+$;ZX8)3o0q07!#CY0W!~$+knxFi+i{&D)0`5R!N-O>bvlP9$?Y8_tLb1
z6XA+})ThUAa`|3$E%yGlrq0dXW8*RUUBR{Bp+E;jE#JWoVE?g;o1zWjP}Jzmqx6$H
z`)+xyOXzUlLP7sh%8-t^hEUM29>Jcb!qMGjQrp`QvRZ~C{l)m?T-?%0PqLiHJ*~HQ
z&<n*QFMa-vZN5F&$Cvk2N#ftx3HE)v)e#8;e0hwzp7{*CdpCa`p6rI8p1>2EQAJw%
z39kz`__`%vjMWOXJLW5sdKoy8G-ju0p<Ll#d_K!Z4<B9Lygv<7<`1!NT?!lLjK6A-
zoFU!>VZ7d8tybW{g7{gThKt^0LM+s#5(@=yy!0a!pWl6Ukl;fw)7PSZmbY;rwI$M*
z@-PORcn<P`CtqG6JcK8*5qWm$>9BCq%r)1<he7e-5pc{bvLW@g8`M(9D7^`X^6fh~
z=qb*J!Q;a4Nvm`)QiW2rpS_<9;0E)Pqk*bO>)Z2*_vDM);=}&X6?L}lZeor2ax8L8
z5>8-<Jw2%!(2Rm{DHgy&Ko9%q4h;-s6O+k(RDk!>2zJN1kzK3pBHF*|uZJw8hZ00$
z9{?);EmRe9T1uZ0c!NR}rs*M52UP*Wxf}g~at#bzg4h5EABPtdKnseS_UUax3CTjE
z)rsLDEYv!>5r%#oTa9c?K9-(~DfWXRMsIG%ywj~i8r79tk58iN1_Sr-7x;djl};bm
zpE(moRUx;~W%@!Vabe>+RDz*Tc5;pND~t6Km@+$qdAsEc;E4!f-QK+*g+BM8D<aOh
zt4~aqDs9kCD9Ti1W0d<{$hf#NTb`yXcBr(pHhuXhTXbpEaIR&P1Pb*`)zbsKQjZm$
zkn|_E7T*1(QuO5a>%vr(_N)uNnFlvQeY-SXc#7+=PfNo2#US$IFho<x?<>Q)@c%{K
zJx0gU=<A}7ZQC=pZQHhO+qRvVWG0!hZQC=pZTse3=k9y=TKhd`o&D*I^PxvqcUM<`
zsp=kG^?!cP%lvqY#pVN5c20W4+|y|Sif$ZIn(sR_fz5>ESW@+Kdlrw7v>o4RJObWy
z7J^nu-k?n#D$-qg*b5)p9d9-)(<*H$ap#1fW{}TuUizYJ(HLt@=0%1&*W6m2hB4g>
zQ7X-bWR)ZgwlI5-HU5(>U=&2-)^J5ZeAt7(?EbNdr=jb8P4;z7_-ismSVrTX?k#0`
z0U8))F@U8y>&(~_MXq)LZsBJclF?>nb^<d}=fvg=$;!usCS5-$DYsOqC#p;>>Qmj6
z^PaGBn?~wj$C1e#)Mtoadxl+K<RU=*NR(eK`!FM=f5(~nA43(C@ttcvkE#B5Z29Lv
zb|IHR>k}iD+5THvh`Z}-jo`)EZoyQaB&#B+(qzHG!-6j}UQ4xj4|_)y80qD?FxEvX
zmMuO7t20uS3wM&t+PgpXw1~>L!=>)BZGu3RDO7KV)PLB{B2@<JX5;qg>&XVZHAWU|
zz>d-iLOorJ!Ct$gjpp_7wGTAe(HnjNK~RLD)$x0%Az@DF|A4-+8GK^dCb&c3L*HVD
z4;lzR+Uc%6QuM~_&kBOJ#>pzzm(!Qa_<dtxG7T&opEXjd;AoxPLq1FM5i7oxP>o%z
z)$J_X{5hFnX475s0%X=vb1(Q7qJti*gYe+@$~^u$IxJg$V?^Y4E?xV1lRf`B*2*@W
z!!ta7gyWQblx?w?Hj2`csy;IS<6SadN#plnIPnVl<T38C<k$FK1fu!*{&GZ<hiv{L
zhu+`~X0*ts?bUQZy`#n3mTLDBk6(|q^<&6wc=KRr^9Q)E)TW15*F#EPLLTeBCYLT;
z7xyzGU7T|?h?x6p$|;@%wF8!%YW9BgFjcG``;-+IQ7?p>-M&5v(hhiD>l5bXHdBIG
z%cR(7FL45~_UulN!IZoE$qsPXG#=VLIQ+iG0q`ma84e@v?%`+{7Mw$ZPzhY8OSnWD
zoP<&i-zwk2E5s)J-bPIxcgviKkN%eOnbzCX#a{gJK-V)!i9_)5{=tCz*Wp|1V`o68
z-6c=E8vSMC<wl3w(q?Vvu8-HD)&WmxhO9>%>y*X1%&HsyvXAu>RXg1|-dbg%o7|`a
z-a6{aV9x5pVwF?-vzIGp<sjEV&ib}2l6%I0LCw_c(J}=R8K1GZy`<2f(0UVB_9Bgs
z(V~F!O4iv_ReMcrcTH@t5b7ert7Q+zS{s@jM|##(a^Ro<t$(3!2a~v_R2y-n$i=pn
z^2nPpe#WerC*o}bx(3%ORprIVR#V-8XQxxD3u=|ykFF$1BrRc>MESmE5O>3Us^=na
z|E-Crw{?;^=dzPZ($o4q8PFox)AkRU<96s6qnPY<cCRWW+lh=z@A?37DN_^<7O9FA
z*^Ax#!E7ssv)w0jzpm%C!QG%J3C)i`KxUdg#rxhhpQWBvQyQj~E|RL~Se+18MzW5J
z9=)TmoDz}}j#5AjP3e-+G&sdbfQF4&RM8hhlcK%foHH#8Saf@|S&WgW3+OH_#tT4v
z5kHtxxcK*p)&B9!yW3OIKSnYxh%WtQ5G#127R7R{4kp5lJU}#5YK?Hnj&WXVQ#tY(
z8t4=jwlU7eZD&NfAjVKIMEYYmvH_BA<Ty~(<AvxEfbr;K<3{@IaRDG&6gdReiMsjn
zy4E<cgn|Z~P&?QN(I17&^5KSe{t01=jXU)4tAYkdf(gHyVL=scJd)vtF49}l13Q`!
zDD$N!8W3&?pi%wR+_S&q?4R(DgKKSndolh$xFj}KX4e0IvV`q_mrD}<*U6H<${A_?
zSBNL;H+J(4butk!e77Wi`$-JU|2$su-#|PWzD*`2XA>J$0`~9GlfULyL@lgMzEP%s
zTnzu`2@|&e$|o@~Gygk2DRKO}r4d2o$vY(Ngb3(Pnj|<mo}l(v=*I_uA$)0(A+-?N
zyAMxpLrNO}ZroK*!mz<cu4ZNG^`vY;PzbD~6!e{QGte@stt2?Nsba)I?X4ZdBPoQA
zUGo%lbR}MK9Za8FGaH?&NmfvH)ip|RwQ8Ws>kuox%hBS-Mmima039_{S)>HUy4!co
zVlEEhwaSKSqe*kI(&`0TTNRl4(Mp!mFp)k>*Z<-HHjpurQk7K()j##?aW_!2D(LyV
zGRhG>rr=$hBQ}C*f553$NH#)gKbp~NKbu{EmK>S*>i1N_lk!sr@B;Kcu|teDGTR8*
z*xOZJM5o*yho~H$!iWF+wHTZ1r$eyxC&#PP?et7Ql3!?U_B(VQ*%ycp`wQ8p-hLi_
z!YH4}_gWUG@GlOT?(6ROzC$Ae8=7o_eirZN_Lh?USDlPWy|iE6!0v`+zJIqLvi&#Z
zrhl{F{q0x?<3CfM|G|2)e2<3w)t<=sO@IEi{Qr@k-^+ik^N;7h@Be!3ACKACp#IbH
z|6o8_S^q(Y{$rc$-(=`txBqv$f03epGuH8sL+qc&I{vYb{>yIrH(JzpqvXG7WMriO
zcFF#;7PZjs;f|t$#_nmiQFiLHmFO(4HctXrR|1Ivs>qMjj|UOJ3?Y#e0z!y82MB@)
zL@A{Xnv95m@U28~LI}yT_BwzF;HEkF7818i0Rio?QaXS4{kWI`=6Gy9bv;d=$*OF8
zWP3e2mCyfSZ^p7vU?LK)$iA?%|GIz4g2;!4FmO8PAk8n%eGq(M6r7M^fn_qa<MG^j
zf~dttP{he)uo9T;?(@?Kif6^okA7dZ^jpX>3o9mao|aTE^rK<6hQ2z=_r*Hxv@~Pm
zxlX(Truowy{CZ^uO8F55Y6K$)+&uqk{RIqbwQ>NGFM#}$_RpJ{+S~BdWT+>yU?wPR
zfc`v4G6|uwbI>CjvnreR+Pe^_V1EpR19U!Yf0{1<*r7!Z;eVl`3=Q|PZ+MWj1KUeV
z)C?6JuXufw6zAud80+ggKOA4-Td1DCrzzpEvdQ2uIjOsUUT+rc5R1lQ@t9iQwA}na
zmL!v<yvzT}^KOA&2fas7^SAyj*tPX&a3!kBjGzBl-mvJ~*vYM!N-B}`**zeL>476k
zHsjj>-3eJFR;WWYYj{u1>9cmNbd2K(SSc_(%i4hU@K!yJ7vzFAS~U6ly<2G5O96n#
z{}Et4%%D?kmU%r8vW#EGoWc@#dC;25OBE}mYFp@-S~VZs0qPE9`x@jm{SEqUry6ZN
z{ITF|#~0;t%^diSW_1Kc^kJg@7eHkot}1=u&ll<*yr9Qz3Ue%TbzJ>`pUPfqni9q!
zngMvhbL*Ep>vdX{;`5(8`W;Y};L@ivILx3iajy7={8BTTyMY@W!LcJY<y?oiZ{omC
z*$Sa~!g0NB%--elsJfA^1)YkO4Y)S_pe+D4@!!o*WSS$W^o0pcA6QTAT3h*^%uq67
zA;<V%IhhLYv;_T?!H;$sS>n^H37VexEodL{6eAdykaPF^Z?L6;lmQH2i&H$~xVuvY
zpue;A#ukaF-cqR@uB4>&<M4yDJAj;pb~}|w-^L`#lB4m}xLqfX6^O-P=-QfV2>h03
z2n{#41%R(wxt^*3Kb-0qndasdy~xOZJl@_rw;NXcg+|T)4>T&cms|y6Co&L00!2E+
zS1w>!FFBPGW#G?YNfDYm6qR709z<`D%q<G)s0^N;`1h#{iR)`Ot15^H`nto|1ViIr
z%N$79ApzzDpgV|y=yyDV*ty(QFk@DCJiLVWG1_=EX)7eH1woN(uuR4k<V}JCzwLEx
zqy#{>!?jpW4RQ?@P8*c}lr8cr02j&I$q7+i@?eaE7Q6LsRKh5plB+LU1awm>b5~Um
zY@N8i%_)Y3-RF9@Lc=Dd!QAu<LU~B!#}>q@LRXfSXe~Bi&fZ6&*rb$<`RQqdKO5LW
zQ<z(5ATkyOzq;QF`Jnk?0&`Wv6?xu53sN{QB<ykRM4tmi2x%A05;wg2>vQGWRc&tW
z#x-3>4B;ctgr*x1a(7M0@J$K+bdi$E7bCYWHNR<YWRrV>5S5cES6!Qv2iO-KG^r8R
zdZQ}O$?s$7imxp|+q#Id?X-U%i8onKu0u#tC;#)B5Bhn_ec7IEt8|pU``z~LPtA|>
zvt~_Zw5Cl)cs?J=5>E}S6xzJ)4grZt(VMV1@G<-HxHe@j_b@hh>I4;U`(h-qE)^k*
zy<<!X07dTto<$D)BvS%&k0JD)k8>jztzKee@_N(=w8zq2B?n<Q(O;at{0$@?o3m(;
zT<xAu6mN?ikUw#hdf!tYvrRUj<R{T9TQw^f8iN0f2nC`*x;z@vT|U8UAr6)K<b*%w
zCzQUrPS?bQd}s-w@dM1oKCMXk&#GV2xkx!^b#T!6kz>ad@}dD1YJvh%BEBG?ZK-D3
zD-8QK-RrAz_Fd<oLYLzuK^Oh}V~J3jV`Y|tRZwQA$2u|cht6Tb`1Z?36y=W!wZKph
zt>?)h{bb`~!F35gaufDQ(>72=Nah66jF6!()rXW0qp5*`Fce8CLl}o7yy<5kU<C<L
zxP`#`cz%g1_nCkMj#nz%hrywY)gZe>gE0&G1P7kJAG2$A+bG0F&es&gF1TxkxP+o|
zZ1B46C#8<@HzR<;FeNAd7QxlgFa9Y6dCO5DZd=e0oi9k2>`}(UD_4nt6g7UlN$z1x
zDHcIE&plQS*}Tw(2t5+KKC_{aKLCST%-)X7=3K3PRe`oK%hOS)Wv<{Un%Xck$TJIy
zsL#tC{2L<5EhD>*<|otz;2IT%K#@s^tp%z`*+iq;ya;!HxhD4y6X1hceK|Zw+Fvyj
z<|KF=2IiWS=}q~ScpZ+~<>6|n(zINr!RdAf!F56~rlBe@4~>t3U3Er4?69pV`IQX`
zsvw&AR54+Zig;Jtq(pzHpXwZgw5zTA#ch>b8w`|JhJ;t65&0z;2@n}(`b9klVrQuv
zD2Qz)9kbpoM3RjQGLcgXB>ymS4y{C5%oCb>fEp^Jiqcut!f|OCEV{S0!m>4&37Z)U
zGesj1V^mRJ0O@eHo}17FTHN9Sz!u>nq@`=>v$muF<wrt|5$V}Tg~U-}*8y8?!-v(F
z(btSJVIb@@5;m52nv3sYO0M0Rd+GklDY<|`P_Q1R@5FT1!|787Do$<{_z}|LG=;Xu
zmaN1}Pf0UWJqOVGWBVbEap{|o`U#>iP7Ep_T)JzHkn6y(S1=mw<Rqh;#6~r5<(L(|
zwy!IgUW6oVQWY{eVLd7d49?uZGeUc)E7mDbnI6??C=(qoqh47FKklfVsZpd%nz@%_
zA!{tk@uA~m;}g_Ht%I*KLw0{+w70isWbLXTPFojcDweQeyI0@X!Fnu2StzNDT285q
z<8!VUqRgh8EjehnO+Spt3wGeqiK!%GKPkaLXeXV^M*L$C#D>(#HZ+ZOmZ}YsZUekC
z!$}5??%l-1kgB@I!_hMV5OUc-Qr67z^#MPAuTelIAvQ?{5=6@)4sXx5ffu7b%1+xh
zl@$FlZmp5g;7X~V?^EfH>S$iKj%}K^=Ar9eD?fVl4xP^E5$3mMqXCm{!&~s_Ny)=<
zTFWyb=x0e?oZmsiaGn~qR<XNvp4TCD2y?C7tPgbh{rapfx^HAT+!HP*!xHg>!eqz{
zN@d#EGKedQV<8N)th52-iOuPWe5p36nrZ61z6|vvM}?@5WvyIgGoeVWoIaCAs7V6y
zfr**4i~xV^lolB=v0u$YuEc1Km0c6XaN%%nZuF@6qv;y1?oa=;=8TGtBE7^CGQ0XY
zfglDZqpOf-*7@u=U&A_G&+VAPYQ6M3Z!Cp6x@-KFJa_j6!7FONlR3fC3KNU-5r^ko
zCMHuupn~IpOisT(Pn)lg=FR6_s@o|mKQ0%G@!s9rLdWMA-Bi+Ap%ue@emv*2W#Zmn
z%4LS}P!Ey~98o@`SqfJ2oS1I4aVF>FbxGXr&X-`Uz*-D#UZh^<tVzRv=vK0NmOFv~
zO_(Bf?Ve1Z%)%t$-_^%z#h!!G50=ku;5!`-Q$pbFG`ikz#LyXe`j6I<xk&KE9-quQ
zQy5$h=3GvqruE*Q=i#^5<&Y7%!Mdf;m|zJ`zQ6MYY$Io>x?rLifCR^v0kAl1vGMwi
zcir4B3cS1;J}9+DVgsaU;9^jf2z3^3BGscr@`<OOF_h1vA{4M=nhf)1f0GV&Nxi$|
zS{yP=m!GII6_4Qr4=UJ7gN5vbU#cJGc9a9g(oSW_u&yVmwP14JpRh1B4PJ<M-cG2T
z98sxtr68r*9i<nzzvpdrUts4n9V2E3PpSv$%pJ`YVZ3klk~ttw_UMInFrr<@2w)Zj
zF#-+#CfH%ssI;z~hRT)~z{*U^Nn4UBAzE&cK~!|3@7cM4FED0GC~Mm;$O(J-h@WEm
zb-6`%X%<`My+6`)t*Pi(K$n)u^|)JZ)`tmz?Wop-<%kT6Me^8VnG%SgTB=A03;n`Z
zC~pL+ip5U9iU?Eiv;CxT)T)@<-UyUnhsB^8Dk)}eNDK~t2)~;ScGzz3s#pr}vX6$Z
zFp05G3*b;bzEj1KG>3|Fl9H!T4O<4Qan-o~OoejlH!DHavRI?UB9Wy6r<+YGpc0Mb
zRDSkI|8mqtETBEO)~uDVtK#eOLWXJSl|@B%!Ew-AUh?H_P9mv=>h)c!X)Wf?U>fpi
z#LFSJn(Wvui$bO_Uhv16yxi>1MRWd@1i^f^--yuHCKngQZKC!4Nx~~|nPc?DA0=|R
zzP{5dNhMEArYG1GU#BYXl)rN!@jD$<utb-{ocPg(9g`HODbXI_N)qOO+gJ|dvzOFW
zeuQF_GocQ$j|mWA7AdM-&YLGw8__;7q#hqKaqc4&IhV9yisz1ac@iZdwt_|lN(PJ`
zgN-t`I<21{SAV`lIiph5Ldn5($-iHAl{i>@4mqC~d7sRZIUvOKDCr-GUB152oLue5
zy+O6Oqi=h{*t-Dg8FK9-3=jO?%_hx)-JdaCT1g(cUULkWsngu&pFF+(#WY%HA~nXa
zvoeoP=d&xWi~!D8zdcibzOi$&h92z7(5po!YFukzc?NnYhuGeLy<eM61>n)})7LN?
z4bww60ELyxjQYs|r&<|n%tx{>OF`ES^&&J9mA_p8ZDXaPAP?IZDO&#Jy_<*h;{&D3
z9yV!SaV>6ck1l>OOt%_dO1n4A?AJ9Lb}2PV5cR}GJZQXFUmaBNZ|eB1L{QP46FXMS
z4CCqz=|f(x*ZVWCr!L>ubK4=x523cF)9xEc2(^aifo?nTLSv0(7_TfyuX&}Y^7&i!
zn8sj(Zv++po&rU9(u$#P+o!ivw6lz@j_Z__xRyV5ZJ<6k`&<{8fVze!B#u;4E!A!)
z(s$b6%ZP-#*y65kEUOSN$>a?T;oc}4sA-<C3=-f7VUrbfH)<ra?gJpE(*d+Z93SYy
zY^3QYKxqI_h+$po{7tmtAi{(}Ct$56>#>p}Sfx}}KCHP$C7P8x9&lA%r0j#M(@U%@
zrGn_bKKYvRvdkkc92+D2=S@q4z})VYL+(A+l$H?Mre<p_40PPD_bnhsb&yv>@NQ<2
z3DzGZ*P1ay0q)n*i!DE^*CP`a%uW6bSpJ|);XP(DuZ=Ko)NfrEz>m0?$-1>rD!c_O
zDy3-7qUHcdfMvfGZ3wGXSTa$Q_bMA!*iyOQ09X4_(GhSb3Af+zzW-Sv)I0yh{<_~!
zjEDJhzxzY$dK8}Iyg%sL$35Xb<IMlQI!kG++rz8B%HU4yTQbt6oNf{H%uW|5G0#q;
z7-GP<gG$}gz%%4=eM9-tYy%}~A7EJY>z6Z=6XGeL7q#v7KI+LgdHo}Y7;LOOYdnLj
zkBRGIoI68z!7z8!d>=Iu<JSVGVf^NAGZ@OW$XN$ZtJZ1bx%%+weUV&(uJo<Ju;=l2
z*xV(gT(wg1RymUhN!%aHIF=p=McTs36RkR=@{fMeS^#T8GIE>`!OxfIf(u@bZoIU(
ziN2{_hKBZ|iJcL0lkPhjruZ%QXXSX<M3ucv4v_Pdjc^%vHNwCvCjM{s*IroRf}T;T
zOx2*Q!vke7gS;sT{(hv75Nt|qBK<$za&n)V_>G<??LKevuKBvUT@4qK)>y5VYn*VC
z0DjW#=x$@;u&chN-9L!ozaM-&@qRMRTxi9+VD~iT^A@PUvx*wjbKRpsGi{nNSi*3(
zv~!)~_+Q>PO8mToyV4)Zy3n_QRgvp<SjK!4wEK~!b0h9y1MAUudr^)wo{jO~Y9b{h
zq!UYFxV9+fQweo%_49bnA55WW|6bo((i`hnu)HE<q-f7Nl2#b(F$sU#g@p53&zO=_
z9t;E1om|JUs@^*e`MjH5SF7y?XJXA|=XZi2NZUDj2n}E!YVJrMGitDGQJsagUByNT
zAV&jqKU_J;q^Omrt=^wOjh~-zz);RC+u=Ms^3Mmf92XHd#yY6Q4i61_QCL4FE+AMB
z_lj@O`-BX@>LYqiJPW;QdG95?1z}YKRetyKuz}$35uvW_n9DjT0YJytCBexoEmtaF
z>yC3N*~{)XK%B%#sgLozm8bQ~jr|@@95SCy+I41E<!P0Za#kiTVy{gAFFXiNM0n*(
zMDW=>UR{F)EiaN|XVN6jV<rlFoX9g<Gh)ZB5Wzo-a6`agdpI6vk;W^$-xWTyMj>lW
zgl9QITuTkiY*h=58r3;3*Q-}e9i8)&9ei$&TZ=RtycE|xLQc|eU+$bJ@23GgYoT_@
zPK_e7>i%Qx$TA4?dxnjN;eUpo=m+$LqNze>2g5_v)u@e#YisqlVFd8iS+&wk&KNBn
z&;{h$)k(t)a#nZ1E{=;SA_&ONm-D*cF5j$ve;nDxR&9K&8)dm(tW&4x8004CCN}Lz
zas$c@CKZ|eI<l9OUQM{Ky$`u(TD*FGG5cx3w9SiTe-(8YA(ZF^xLV4CgoM&js74p*
zCuv!?V$2%A5^A53J~^;a7`6t>>`E0*d5nyTjRMoTA&+41T<e(5Lspjqap1%S`)EfJ
z!@QaR>sq}J=nCQJNI)jt%fZa`it0uXVl1}#`aXRzawAD+t=?)g=IS?jA8|I!_j>&<
zvr4@9mHo0k7OSEayE~*to6TYSYH|~pzyxMJUD@e&_#OiI5oM<9<LgVF%YqxolLyFw
z1@b8$A{v324u%gS_Xlet^$o_Ins!(}=FT1fnWnd(QVww_TQFeE2dd8nUQXXAM#loA
z@l?64mu~f1(NylaOKD%gHP3hx@iUNWS@yt<dZrD{JSS2#ywjtqq*JT|E#IAMxVY%)
z&rqUze&14|7`2r00WYF8NB`XbQBs4}Ncvm(K*$4xuq-#lNBX`q5C@wKcPS`3!J07+
zB()Zm&r?0K{y^>XOmWUMT*iy}=Y09l)5m2LJZ%YH+{$(Qy~<QFC}=r)>Ji!AP*bym
z%<f!k6c+UO<!$;a98D$u&2D*?&}HZ;Jb3H`(nM}_z~0%3ucm)2aWB{)K{bXMIQ$5G
z+cJA2<gJ<ISI_DS2XND<>G9GK0g_-#;mGRm_SrqWWgDYgc&Tpv&&KJ<+^Z~m=0aCf
zv@XH#%4Yyq!pB{}oLdIjEL|>@PT3|%R{uYw!%azp&e0QKJUbjQ8Rp?cq^hOiD(rjV
zy44B;Lqp`KVD+X|hYGNT0oF;LKy=>4nH~3-9NWjY^Rco)0{s;55~>LBH<}YopTN|*
zQ5&;%^uVCE;~@{Nqh4E_p5|p-D|Ne#CV@hw3yG%)pU3Z~*WCmpzM8KV*HxeH)y$=~
zs(t&n5w+5-=S;shD?#`ckWGG4-dr*ZS!ZixWK%;pfF)*_T=Gnrv0ClH)&?v~)h-#W
z8F9ca$2_}x)zWSLe(*06*(0!4wY<2EkdaIq3s9b`bcQrlmPIOjY$6V3BZWJjVW6js
z*V4R*_~{l@BRK7UWFj`)dUsWs*>@+TnRc-pvem*_Z=qZH>dvWqec0Ny)2(Wa=jXUt
z0Hnu1t6yQIPJh>f>`pnnd1r4gm;w3Z*{C8(hc~>{?9vfu!bmk7S6$#`Yw@M|sNuT&
zuwe)fz6E^p0Jgb(Vp4mOph*5`kt~V?PC<0So)wNG@62ZvkR$Bm%*LZF5nD{kPL|j!
z_9$Fza-nPgNut}jok1PSF@dlDa&2~(W~W`hdxHw!p{xcsstq&mw|h_XoRO94^8qVE
z;l5a6*ZK7zR^1JI!;*k!7CUm&NPq>|2V;2rGVn-24O_2d8>MNEBDRkJM>^VzEqWwC
zTAO{gA9=$)6mL@_UNm>AUL*)<3i1otV$2|IV?)`D1VLk2&_;q8hg}X#ym~L7d1@zM
z?o40G*0<S*t32vi7|Ut{)Db1jau5Vp@w#I$vSR8P3|bVeu&8fN-=ZnI>6+5e!itXu
zYATp0>IdnN`gv3>vP<oBk$QnT{E${KT+OzqrLAJIYXowmqf=X!EkA7F*>8^%h&eF!
z`|YF|#tHAQxAL2kn8`cWZ{hGyg-dZ#+e<awb3QHuBtpdlcZ&vJ(d9!NUnjd$Q`0U5
zJ{pmiKXs%Hm?wpNqPZ$SCx*D(Z@_?w`0en~3(=pl^9Dwr_KKAHZ?$i>vW8DKX*TC~
z{BgSH;>p27;XbGx<3L>)(Lo_*NnY&@u7+2DyQoVD!{*}J*&E^#0Bfn!VYbtBzBXni
z7x|&80EAMPphQb1W?n$J+Ux-aULSWC&3ukm4crZ&XC-P<e3jS_y{$7|4(%-P6JPoJ
zT`$uW_;F56c-n2NEDq<;yUWXj#6Ul?a=n}*8qEh%14LZat{9vS(is!?MDC)DXZw)h
zka$uOjhbb4U~o@1Z4iw~&WIBxt|GJFMCu|(S_x)M$d7YjTP;$trcWL?xhBJT7S+SI
zDnxM=*TSJ;pkMTk0(%aO;oXho_NDpZi0$~$yw3)nk}yH<ko?k3O1#6=I&Qc7<Ep)l
z$0I?d<xZqd&YC7PZN7ZY*%IwWeC$H$w0WOyO8hv#O2Tnwm;$>9z&VrYNGa6Ctyr*V
zN<!#8VTYg@s`|H$M*1bW)gr8t)gyj$fkE@SSmJfMz&n{Z>c4=@M<tP0k?_4IIee8w
z&wBgkc<8@ZPHOi~x?ra!MC$1l-IoHs{uyD&jya?j<?yWMQuY-8scuN|gg9<@Kuzwb
zyf-Ndl2|M*J+vtP^>SinZ(#k*r|u!kN!QuBH)_Tz)aNX}8f|q=!VNb!Y*zFUP2(-{
zs@ewC+SK9qT!XIv1ve63pA3~VIwGiOZQ???cqw159GkAr+RwhIZc8FsI8{ZYszZmn
zC~zEuDw%<TLbH-T8sSA&?8eT-BD-j`lCy#vR6A(J#+8lXz0yuBT5>;<`E~h5W{NE%
zIMx>gYE;kNNLGUiU4qX^mtqgvEX)0_FmB*YMD6nmnJXPCa+?R&f!foGR9hWN7!Poh
ztvE_FLzBvKjG8`6f51EPOh$Dhu8%v7h?a4Zk9?qazaU7W$mUUB=s_XemB1vvON!?S
zV9_IQxInWLRjxZc_tnc6+-&vT)8wW*5LINN-Ah+pCzi+;@BRE%#Z*FO;!&6H$N+xg
zObN58QO$_lSEe4OGoB7uUTbPif0O}ysC0N{DhsVZyUUK;$fJPLE_lb`mK~qbE^AGg
zR$!*&SP?1F&5HnQ`b0+dD`rV{XZq{qqg-wWmQUhJlFfeNl`Ny<+Dg0EDh$6H0o^x1
zyMyGxruh8|^!XChJH@=__)tAWanuNnDOz(784<M*O8EA7x;`j2Llk3Hi6@tIAqU&q
z9}9en&W?$*;iBg#cRbs+5tNX%bRyDk$F($Aq!_SbMPHAZ*+`{K*%H)LBaoSUm?8KZ
zUk=F}tVm>v|85aZ$-g{Gj$I#VQdurc6ey)%A<jvZ&F<wY+QxUFy!4WV+U0p}N&dF}
zJuRSoS>Ju0dD^BW{dK-oBuvzBo{P~@{blVckRZiUN%@D%Jp&p9j-eG;w8F*hNSp+-
zqgjj#xZQaeL0<aKkA`(b4=sT^cMdmt7t+?~A6DV)uJ~W<)Atp)O01)O_i)Km<tte%
z#>eJ|MV0Wmo5;SIxrKD26&aceEKaupd;+h~7hX?-uh8yv;2l><ckjxxcoH`YSRAcl
z-IAB>83$Drxve;p$8<aJgn4E{jxbSdb(Q<Jm-M^x(Z3B&B#?-#ihs(GSKsl&3l$vI
zFpw3&e_n&Gy}HDmsrHm0TBpKa6O!xxF%0z|smF;Jgm8h*sAI%kj>49h%GbJ5ZyoOz
z_NM(zh&KJCo^}bR?Bn+*wql%I=i(0x(1)wIaKaR&O}J13v~~g=iO$U34h+4EmXyI@
zDO~uCAw&^(=P^NS9ksmQacTCZ&<`BmLeH~ew)rZL<%MS@^T9p3><PDP%ur%;$$cnY
zvZ*@msbA2fJ}pS^KY=Doc1EIZy!f8glzy5G5Xw#gn)MsEDwS3;PwMO%fEx#%>tpl*
zw4KjA3sOStmyLFSvodFN%2(G5uBzK>?up|BtHk+qsdD)5g&wfV*r4#qK@<CEKwA%O
zj^<#l5uIHW+CB$<v2X=?f%qE2yBv@A?8~e4{iV)?c(|$!W2qLldLC^N0@-z1nN3QM
zW-)8Dg>mX@A)X#N^l;mvwMt2G{#XoTV+|f2$`mHT-iJTQAYuI{4XJP0*262h!*9WB
z5t|P7a15P&z?kFu#l(kKTjN=ihMu1BDVmOYADuqe0;D$9FCYD$SK6(Hd0jMcR-3KC
z3ho~ox79l_pZSBtq;TXg(w%M-;d6lXN4DA(AN^s~8`%z*ID;NEBL=$n*3H@-(1tU3
zrj`AGC?_fA2!Xtnz1xiE%s9;2Yz^4%EDRXolW6GoEBj2rU?TN_C*0gEIl;}~1Ua<m
zee@8l6Tthz{-OpOM)AGrlS#hspDTRDILBK}4<f}+8O6wY8}C$~YiI4L)Ly$0hYD0f
z^d-NJexa5(a|kWp?Cr1o{@4ZoN?0zL?riY<=nVun@mL1&76;W(%g14m6{txB+)=f1
z?@Khqx9Wj<^~G4ZjNW$Q>Zo7?pNBx5TalUQx<+E8<WBG~LzU3%JYCdN3tAk#Vhk{q
z4Ogz8m1bZYN-dUM99;7}b++iB!7PBc<Ab1)jt*#nFxof#&Zu=oe4h&+5H@6NJ+?p}
zeP6gy*#9-S=Fqct@^r;+Cy}T(J`a()Is$^jqkmFRpnrn*2ley)X?o3#d%1?u{&PnK
z-L#RJdhPKf@&|mCrADyE^kXAcv&~A21+eb&<I$6@hUdT#r=DecSNTM9q34v8>*8Xh
zAH;-31w3_fCcb)Go5SEL8V7nZX|2OK1PA&AVh)crT)~2+HI^J5(|&+wz0RI+JR}kb
zrbH7?jB8RzIEk}Y^Cbi9vHMYMJK<D%s_mp9%DTWO#Q6TXy7MQ=-OkwLI6Aer`@E%V
za5c9<MAKIq+uL5D*H!gU?efq)yx!+_96IgCMV}r;tV~OEj&Ri&!?W-W9vT$}Oa|n5
z=P^?apes*%63>XELon*(BN4=c?!C#bp>_Z^y%tQfDNf&&;S_>LDGh$q=!vphxk)}F
zkQ(yKt}6U3D8*WbhF}((*lsUrLrTuTCAdP17>fG9b+{TigP}&~_#W^(QtoxZis}F|
z@HQxc`5~AmA9?>-CoD))X${N{2V+L-5z%I+$|^a}<329Eqlg+fOs)}zA;4GMojd?d
zK3@blJM&(8CanHtFg<}7=m{HtIt)VB@+%44_G{%_Llmy-1I<bmT7(4i6o6G}K3yS8
zg=!dROlf#mbZ&_{94i1-dqLm&da3hG@>*b}`NZr;$~`K@V}?>mdO)6pWU;?Shn(aN
zRNukG{LYfyM_8X8Wu5}6{{uDBg=?^3GE|g8$^01&0|{;Ff;o(%ZpA`YB(-GG2LC-S
z#7sK#t?c@&iGKmz(Or+25I|0{b$&WOMh>_^L&Q0;u=9n+L$(J@`&pJzQ*_H8qr8MN
zRH5=s+7!|4t&%T-PCqNIXFRc~{86jxZu3I{hjl>q;?bjo(gN55x{y%t2qmj{!BU9V
zWNzdjTR$^IpQvDIyuua1E$9-7(P6)5)^nn>6}3K-9V>!TU+z<e5n>x-=9kX%Bh(R^
zQ&est_g62HVE2^`FQ&S7E`{rtdm^jFhc4=sf+@a^WH11omyFP{!uKE`loy_W?`sf-
zpqoVy3Q|?4Lxa)b=p8gPOsyu5qbsK$JNN-!r%KWU?-=x#-1B;*P(g}C)yrmpR{`ei
znsl*o4xC^dkZGy8)k{t%Bx3xd9OPyLBX}X1eSB{y!bWIc=T7X(tQAceu-{2{ZR8p1
zS$izwA<e{MhAb8f5-PT(yL>uylZTI)w1o^_V({fjm{XhLfDxHOO^{z*Jj={tB0aMY
zWtIqd2s{#JW~p(29l#wR=Wx$OIIGi4O~+I$9w<ph%t7OgS*^!e;>7nED`t5*^|?D<
zyzHij-d}f2mpO(<!Np^n8b*{~p6+*PQJ)UJt5OS3U|)=1D_P^syTN;0pRMYdy6$qD
z6NE9uhX;&X5`L+!yhYOF?O&5da(lsMQlxeXEl;=O_FH+im}$NwH18UoQkrV&tfh{(
znA~qzvOU$GZ{g1S&l4+gzE9!zPf5?V8lQ^+bOlE{q{-x&${m2w0V{?eU{>vOn`@hC
zn5EDWgPT)&;59*A9S<MFC5N^?o+}dXbSGg~Rr=DVTb?(4Q#|<bf*jqcc!ozK41xZk
z5uM?>aoMCrz=WL<Enb>N<36gYc>ve<Xs~)aR7?7>r;kbHvGQeSsAUNXGfY><`KCyB
zXVmZTVsF&dc=Yy`-z|Q3yq~X2E6*i!^QBSPF5?$(Q)>=C(ENyL%#Qug>5p2xHT+&9
z(F)}0smqlOVBjxHDX3va&hWfk*vZO-?{Rg{4%3&m*n^f53%hYjW)%kx@xZd$f$v8s
z%P=4qR?vOc$7jvE@0_E`!ecmEBq;m6*mgRlLzn^am&4)3ky%~4nkoF*Yo(>5Vrtc`
zRm&Cg>*w=u+bU`W@)k~=v4VI@k{VYG2^M!XSeB7~V6Qp+S-@l%8TM`#fu5bmE2nOC
ztU%>aQ*l3TCCR^?ip_o+Y~u5#dgpyQUG1E%#Oq?GOBPt)5%ZexIq8$}_I~i{1)g61
zY<Q{_;hF=d_w$g>WPX8~<Z6;k8iAa#0*yKERre<ZvaI8KCa~J^J$`qPe|m=$3o`9U
zxe<@s@n@D`aC?}Rt4_Vc;HgMksKtYxP$WObe#ZB%q5q^i6G>!1UhLP5>&;A3y*nuP
z)1>JhU&G~z`eg<N`CI+G(&6+(AQTkBB8++9hdH%FYKvpuAkayk#*}z=vk8fg!Lr@2
zvU?j?espOB`ycw@D&}Q^L6s;k9sV|{RX%hNLu)rNuu-{ulsap52XkiZF5g8gG!?wh
z)Vj{kGWPhxXqOQz_<efod?ID>sjR#N584Fds6J<oqMtcpO&C%IkXVI_<|;5J($f=e
zzswwS<8dda&SO7;3AnhPLVvM`iKxk5DRV#LsM%ZX3@qX4iKYTae>_vKeg8>Iu8TSy
zxq6I!xxV>*eJDzl`LPe^?Ycl&_T&`6_tJw;TvzaE*fDA;B0g?q<62)jU?vLYQwu)_
zh${SDQQAgRUHHCBL{`m#sD<pqA$v>L&EzV#iVV-%EbcNf!nPId_t42cpP3ssLFO0U
z@gpv~<UHvkg}e<iPMJCi6INbW0$xqMNH$72*sL~@Wxj?aE;ozAvE4*op%A`35uTkp
zp&zaoEUt?@W++cPS@YKd`VHCKaTG~j?~ce0x2gOy^&Qq-_(Yr?z$dx?G-29raG}20
zBtqdf$3b%POl(DyuS1mjD5@3?3$DHkwl%L>KTAK5W9y*zY#{{QE+|f*#1NALa{mdO
zw<9@9N+Q-D5Rdwf!x{iVh`l}7*Vnbpd7$<^#&t)FTw&s}!v+9BufVzGfO2Gx`Kk`Z
zbz&Vcjb+lBm1EX3R_cv|hK=n=DAZQ~)P^e<v3r#rt1`PdB%-*)Ehz|N7Vxj0`a0Z<
znbF`rwXE|<8=f1oxR~WsOAJOb?iHo$&Kttg1?6T5Q@@xT;Gh+p$c1>zCPL0#PP0p$
zq!FvnF1%ge56Sx=GuUFyDY&?9K~jkRkOUY6jwkJfjN9BGd3xk;*bugd8K}ONRrnU%
zKL@`;9`Ry7+ErXHr0u+opN?<BM}fK@(lZKka!Hj9b{8&DbDOLFB3YP9oZ1yg7OgbK
z!bXoN>@bAk$pL#Hy2q!&e7&;`Y?f0%z*6`)HIW@SMqmT8rdMi}dxgjAF&>A%6m%z6
zlB0v#L+G&=H82i$jUE2;bsf%$BQ7xdNP+W-8XUWXjHZrHTP*8~iR#OBTVG(2u+V?+
zW`9g}i1y;|1%0AWlwP`Y!jFs*l%P=FyJQ&=sWP>|TV|5nAvsQ&YQAWN5hFT0d+!|-
zNKPR6*(s^@Oa54XA2-4K83HHW@^sZK*hm3B=Xe_j3RV^`p532V*OW}PSV9j!>uccg
zh3uE#FM}A@AMIvC#QlC0ebQW%uNKd@Zw`6K9PAL6T<EwG2cZFc^i?BY(p?<ZJ9oHW
zYD>Pzb;EpsMVw#xjEr$x=)QGp-G>IwZ{YRlgc+DnMGwa&++aMBx}s{c^4y4%0>d-5
z+R?0g*ydoXfmA<DFkjJzaD~Wb!5Sb~3YpBQEdi@%qL06%bHhFrjy*8G7@woDJU%w`
z9g6cM8*uD|W1hv70chIuO=wm@YBYPU=C5o=BwY2exs_%)m4R_=1t;C97KNg)F2tM+
zQtVdk3J8u(s5pat6PGSSHbw1(qU$ib2d<@g>(f1QUUH)etVTR;p|d7q^_Ob4oH|=f
z)-5j4yYTg<y9d4s$dx)u{!krJtSPH5a4sD6T(|$xS}0-ZWG-apV$L&1Zh&sIJ4SLw
zcE)yDx_5Z}e1&}V{ILBX1M97sxh|TuT(^E-O*W=vs$}l8h-E_0IGgmMPNK1*{;J8W
z{HVaLuvr{$>TLpBlU&1g-P|1Ko#9>aT}ar**jvUu=rLvnLPX)%U@U-f#&20M8UV3r
zU;|uoyR|SRo2F;vhZQrUkaua2mdD9NrKzVk^=Oy~kmkdqxs&%L)l~f%!rw2h5mCYZ
zLsONIXDTXnfjwMIY#a+^I{Wf{`o#G#$y_7MF`QF#v5-Actkz6Lo{QgmmQfUv8l8qo
zeA=_XB=EIXW0n!xsI1TgZm=F+Y@9pUO>`XUp6AW7p+dN`HE6aDYS0N^WZd%5>ayKj
zBj{4`GtXQj>QX7Azyvq5G!vKROo4Af?8SxYH1iZqRSi<*leAkN(_DQ<ovpA*;#g-z
zY-DO;4CN9Q#B`zzEff?B8z|<pxQ*YZ&2u@Yzb@paMmV9HLIp!tFN3$t*3-qff}T?z
zA48AF=#tuRFJ9lo#Ye@ZFrIXsVLSG8;B<(9#;nB5wAjqeWs{+Smi#%SSkzDD!P;-{
zL-6OJD@pLsDW*$r@u{eJMLD|UywqHXp`VhAPttaEH4>?_ERL3vl9~n$o2n`s>x+T?
z&r-DOY>wtyT6GmQiG0v`uGuTm$i(7PkA*&SKP4p>dU?J-_#o>3D>Xgq`Z_)?W%S)m
zRduTASMX3O3%zZa4>LSI0rqdyfSw;US+B1>-0IGF(pD8!78P)diwn~TfuFBG5h`pe
z$|GnAnHOHOjyKKJ*jN@-Ud<*o0j#q&0F+9A^A49-78IXjT>MYcPhZ~VxoQA`761%F
z+E!p=0z4QCEPBU=PES4kkE(Cws<Tv<K&%#Cu|HDyS%2#2n8=et%L|!bFO{H9*uXF=
z1J@;8;x4ct%tXaAW2CcGbCSnZRaaF(DW)p-s+#qZ0B}<wwB*^AlFmSwtFkN<yY#n{
z%5Q-v0S9)MK|R8OKr2t>$Yg*v*q-uF>8)V+cZF(vlB%1y(swqMmhN0eN59-1mAn<c
zmx4V0>L0`WDzCN>5OPWW5#yY)QZE_+^GE4(G9^QrO@YxnnZ60|SP5bTau%>uFwEVw
z$V@~40P_qhGw`IhP2(hB2ouu?S}fmN8QiuI4#oo)Bim9LRKgbZR%iphND_q~)*R3>
zS!_YD+}~5k3g6wdP&yej&Hpk)0q{5v^o~#@)RB0iz^%K(7GR;!*&d<)6JKpSbnclP
zP2~1mnH)CkC8eg1Je>{Kv%Q+?=j<&L!E_cNtvT8~YXRYQFlBxb-eLh0NHW;cm+p?=
zlWekAV9v#gzXGZEeEz)_)7Mj(OHCrde2c_ozWP)uLpS~^(01w<`VSBcHJUpb2%ZJU
zN=e<6Djg_d$$f>vTWQG<QcTTGZp%J9ejI27D}CRhiT>Dxl-pHhG$JbSpW4_(N76rC
z3Zn&5xT}rq1pMEvPQRLzlSh^(lMG^0*DQF*pI}2g>D#IyCXcb4OyK?qaTN`F_k{LU
zrHuP#6sz1qDfgWg)|UiLKz<>oBIKOK-4^Q}u6K|Z-xbV|r&#TK$%kse(}R$|9q2$a
zHYF3Wxakv)DBq29hhO`!-m{JxQRVxfd7}$A+OW=$1G#uA=N*o(YOJ;TaZ(A+GhAn1
zT~au`x~>Y7{3fNWMWNJbR@hWR7nwJvo&8WASD#DNTl_qsH%f(J3skG5CiBf0Ur?xG
z8(nsjucT~~f@&AAl?Wnmtb(Z*&`lFe2Wc|=V^@Wduj@upl%4To5Bt2ywKLi#WgYGK
z7c(vk6%<9?o<^NaTX&KaOWnT6Z;c<-sgHWcI>htE6i_S#M#`XD5L?7ZX#TBECbXi=
zR76WM-38ft#dZXo)dEd2G78$J<C%(7;|9QO*nQ(LJ+Z#?-@{~8d?^YS5^=lPH(#E3
zgXIFn`ffB9=L06J+w7E<;HO*<cD8IXm)pXS>V*n*2j<~pat6tceYjNe8?E!6rhpw4
zT&{=-L!7_aMxQ}UG>gZ*(g8n=0Q-K6Q`7j7z-RjV?lF--rV+p-I8fl>`^XL;$D_8|
zQ*i5C<3x4Di=^x-T>ttAnjzpu$OSfd-?;7oKfTWgdc(DJ%_lr*!Ds9n98u%EcUM51
z0#jOpaf4C&#R7e3B3KT1iBTnP1=i4q3~68O5A7)20_`XfG7oQ{yc#+W2U`&LCrzQf
z+#nqCs2}Ja3kDh{2sE_M$-E&K{GoR@S`lT459P_#M{9ZQ;i|8z3Oj_O>S4)Mm&-i{
zq^i1mD!VP#O=r03>|hCa39^k+*W`~H)S8ap7vt!|Lt2owo=?U$qj!Xt_l-yX_%#O_
zA6-K`Z@cy}r^`#ucp5G8O<l9!&Osl>l7qEKP%Y-Rrtk%UqNl~omLwnUy#xi8;gD-j
zxGwARra+6)aw;rp{~*CDuw}H2A*6-d2dtkWrMKd{#2s0_oO(amvrg8MiZ83Z>!^m~
zDU5F=`{;r_5;Pf;TrRH!mMm+YG0d>ea7Of=$1w0PJYKhRHrJzJqLlf#HI=QExs~nS
zaaQ#+t5lxgo&q%v4ezQqvvaZyFA`@ThVGQt%j@_r*t3D;50R?FnNS2|s2sRXY$8nX
zJ2=L6U6{_1Y~Py=^o(d=5AgIHy6yS5t&M4zSp(p)P~|3+^g?jcGXpYD1QuY{NLKBR
zPD8JL*V}z$iK;DB(pJXia4n3UoddG-n-CQA1!Pa9o%t;AHdk1M9Ux`|<MYkqdIa?F
z&T{QIt~H&|NpQBjRq26Ap6{Q{NmsJ<hET!&;%FI<tW@i^t_Y@%z(#Wa#)2Me?W}#z
zieDQp7Qj>M{yNx<tn>k}QmpjmoerHfxg&fLI{3(X<Q3!E!_higU92^!##OzcELAL+
zR^cr}<`m4ieOSvOU?zPct8zw@gkkdT(P#sPg^l(PbtFq=h`>5jYA}wK?#4f@Ucz0M
zro?J*5O)$L#KaH#-A5UzX_YLXgL?7+Ak=uY9oUPR7qOMft`imU*tGzC4(xHQx}#CU
zv?W3u1)Mc@p-W_F9XHg{4>EzKN3R=<v!pnrC0DG0605j(agG@gykUlS(}g%_Yhm$X
zH$!aHX-NA5_o8yD&h}P^8FpK;+o1*>B08bBD2CERcN9W+w27gkv<GdLDP)I<{qg$&
zYl&JeL(cRGyOiBK<1J_h;H;^>ol8lXWqHd9)?~(?78v(bn;Hj>n71$op+CSD^+)KV
zSwLXUVAEhOz(nvGblBnnfQSR!Rv5z8u0t0ge^5{muc2J*iG?Z;Dhaxqkk<xp4mu<W
zy^kSK=5QBPpzgVJi7i!$2zf=rn4~3#P<lR#hL-&#m=k0|iRRI~F#k=rjAEUch4iv*
z&JeDsn3=gvp|+3LA}=`%J`W`e$;tv+NJ9^7DMR6O;3Y}F%#aWp0t7@~<Bd>3A#EuM
zX?QJk?XQ7CJ~1RCo{JW&1um{`p-B%a13k82K@X}5A!>gzV53PNXi)=P@E##>`~^e@
z4{GqY;j#bVvA-jQ4F5UB_`mC8i~MVf@h>0yJ5gwDVCF>dH#GKlvWtzG;hV;$|L5%D
zcM4I!$;iaknc&~h*xxJuZE%t8uejI0B*6YFjm=8W^zVX;e<owI=utqodE|N>+b}@A
zZNz_(E0Si2Yut-X-UC9gQz!z5$BS%sWqa9bl}1It9j<=17<trkUB>Bf(R9W5_(Ups
zTC|%+KYcPRGVlyrt^H_~%4*6zm+(8&Vj+q0xIFR5+r3!Ud41s2@Xp)XD7ne#vd;R%
z;rkI)ZG=4B)Lu--=UVdea*q+JcZ1eWF_}0?YO`yid*sC8U25x)U#}ZC`QDb3TYZ=8
z2Z}#USS*|8q<GpD@swY-r|z<pUQutIR0SU<gVcW5?KX~Dl1=w8ZJ8}~*UCJey*07I
zU^Y_FN}kYps5lI4^*91*1>`vT9@}B;E2Qgi3FR@~Dz(oxsk^jQE4s8|1=qI3b>?y@
zP`~dq#T08)o$VXISE2`H{0bVH?MpXuj}C79Divn!d!CYoKehhe#`{t5a1Wi$@lkL#
zf3?8xH{<XM9nJMB<=tM`-Q&jb3VnWX?8aq$*MB$>$AbGIaCSoHlI^=fG_Tile*AQt
zRsUHCAN%<e@2-6KoiptdASfOG1MzN;JN(4}jf?L%Zsw{cZTY2F*YHD3F4#BD4)K*|
zDrkm|bLq7j?E6y+)xQ>m{2;q$=q&5+fU`>UX29jThdFNUz5aM{@!5Oc6~gEG#&vRk
z;B6hBz|(uZ0>k9`maI&5Uz!|=omGBu+8*h_-g|8<y~gQ+KI^3J`QcW49Si;B>p?qy
zdfw#s<A(?S5EwpjYm*&iaq%975u*Q6r9*CKv9H|Td~?z%dN9H{Dwm`a>nybAYSel6
z@`L;E*LZ!xX29l#``g3szX^K(&yKdg4Q;Y>{9kK%|BD^|-?qU2Prd)|!m59Llm1Is
z^}ibAY=2{rv;BL6oSvS6^*@JI4>&BGm6kHLe6A#JX+78=wB*oSr8`EN=uH`(4Yc}V
zVN-2jkg{mB7?G9}i69}8L6Z1|CXkRIAW3K}WCf9t#+c%Je;HUL&9mB&pBS$?9Wv+4
zkZj0`j~HiVAdKH_l$#C9XL6WLy=R$Sc5Zz<Ug+{fh?@t2C+Z`($9sZn3*03GAp&fI
z5Lk3#6B~{XHEBTTfo|`2ZLbCpo2mK05uAh1WNWN-w_fGG*}cONlmZgaPMtZl;&;!g
z0maV-a+-P|BI0)b9{Pa$t^j}&zC2Ok>EHYGSU-9K_tep9{Q5Qck>$*{-A2}u(oMAe
ziM$@=yX1eQeOK%S$mjwPAqNh;Goo04FOn#I(i>0qoIyDgxvd3o`Xik9SuBqPWWjm*
zCQ!06B1%qNT2gkl@2g$xq4-p$Ma?8c`q=bNCXODRQ6ITyxv}=DrZs8`VD{jvS$AMC
zmB}72wtxN_I^F;xws)@v)V0^=8b|weNROyb#2r{SnCF_38`8_*&1SF8&}TY-sL~!P
z*FR{+#cMp8&R@HIo54NETF8ellx3fLCm)-&@Dj1X20b)nsetC1&@5m{oZCAL#VL%P
z&(q=UNWmTN)qyvP$*V<fN5K~Jx%J4MiaQw5)rm$MK^J%%d`F`WX>l9!E+5}N{)tp4
z<Xz{QK>yL8-#GI0vpS5>;oQj`fXM{_uJC@N25B{c8NwAqzzV?216cHq5g8+NW3TQM
z{h8p2^8ab>D*&R(y2sa8b+H>2b<{ObVP@Vm>Z+7tfuKl<!Z3sagENGQg^Jw)c3@(l
zn7CqL;o7ZWcVg?R`#<Nt_l7s`p(1{}zyE$8&dhx`PM>qnjaO4O*s|Wf%&hnK54C;k
z_~+@SFTA|QSAW|fGa-DSr>^eg(JRuX_H-Tkxz^x4CA6(d2JGl{w%vsQ&x-qe${4pS
zsrtpD*h}9UCDv69%{)=(?^zketnF+3?s)ysTI-6LRic-FxYYICq+wN_PKj;SI&<+0
zea4M3<!<&$y`4KH@_^;=sl)Otd@>u_`0U*O@PXfz)49QVxSu@b!-kcIoRs|?hUM6=
ziQV@pd64n`@ePZ5_Us;M+rq|r*YZt$cUfN#J#w_;`7n<eRjb~*E$=sbud!q&$E0Xq
z-JW(`w(jiWIdffFx?}pifpt1{PHp15z2z>)S~ZuRI(O-aTa&phV<#FK*luun5b14y
zVvnyn#d4K=pG$OL`Ezbnn{?lEt#6eMM<yss?;ld9OSkS{68BB4)w0^=u2keC=UILI
zyX&3Sg<pM8cXRCWsX=P#(%c@;U7Fd9yqVxwvTEfS6T9pSa8Dm08PQ_%iMsbhwn@oZ
z9oO4#57!&L>b!Pdz9oHyOE;-PQsta%_U2vw7bLTnP2E)?BkSgj&JIJIqfedfz2J^=
zXYX}Z)N}jG4RY<|ua_+FX?aqjI3n9NblT|YL+(`Z7~Ru$rO*7UO`phzYiAr;TYRC5
z)yLuztFs+0MjqNxZPKoG?|yZ2yZ1<U=9%P72mJxRisdhNSr)N+$PooxO|GpHvvTRp
z6)To5seZP6Z0WU@wT9@n`)_+X;MlH6anj=+_Hgzz`(Z?jx>T>eRsXa-cq7wi=74Rv
z^X&F%|LG94H@&Yxa=^J!*8|Tg|28<PQN?YVz#)|fzh2djs@Y1nVZOWVWDly9wJvG_
z)gU)w{}pANdTh|rB}XGR2Of&cxU;X`lMONHk|qlmyiCart=*|}_51S{PU_{jG5Ojb
z-94)Z&T#9u`IooltJgY{*7exjw7ZSk)Na<LYt{Sn+{&NVD!emh53lp5W_7!Rj;b1m
zYX_`xm{YsbG`~(+sR!-`&x(rC?i*S@b>8O7)n>`M#8f?>66rmxZiObx5|7q;Lq)%9
z?!Ni*u@kdH>pqH1+}SQB>5A3;y;N+>z?G}pMvP3l5x(TO_nS+)F&7$)%WzdjKh7EW
z?4#qj+-9A-rEWTV=Y=}#YQWfFzw=w}MQ!%?eiZslqS(GZ>bR%X_{yv8mhK%qvGz=d
z`W~apH#=PY;P?vNPPUrfeO#H-V@IsnP%6aRqtZBsaleIlUD*+%ST_1Wz=AqC(?SwG
zT}SWl@J?mj^K|T5z178)D}B#-TwkrSo1C^PJ;7n~YD?$w>g02W22}C)=$LrmOR7Go
zS#q}3mDkG-+>vU!`gfo6q(bdFT`Oj9o>6X&F~zg9{z}(QHCFyMsbjtCr-F`c3;cZN
z&asJ?;sdV^EW0yoLCXqRNy)9ot~ShER_WBMCbdG#cHZLg=85f+(pM7VHm*L<=&uT|
zPi^}B^noV}JI|h%e9d8Hg%0I!ANu=_|K}S0T9i+Ad39#jnJT-lJQ~|IsMpm^j<GSR
zQ47xAoS3^IWr~N@%|{uJ7aTY{{hqpM@s9MB<dZw9dU&*oyk(jBWkEvyMU$FKN?v_8
zrBdG=I|f*d%&lxY_H0(U>Xbv3sE(BbtA#D_ZRh7#PIV;eNv%@Jly&>YSuT0*RpuUl
zIPN#6h4#l=yq{9r^+t3RmnI(rX7vlfJISrY54BdKk2J_?eeL{*$q!FdpK{h^L}0kH
zL(J=au}AX))AF=g&3A<@504o<Zr8%so7&fyQ|h0}N%Ly-P3ltiROOf%3;Mo1cXa$p
zy9pap-e0lw@0wRTy!#9%x1p8#>*xOVbj0imjq14!cvR<OgPacO?%j6x7#lsjxzqg$
zr{Y|OX5MLE!etelb-6n9^3a{juFdGz<?iG)he~{^sG4kh>%^MWKA*kbznNT9l3iKd
zuw~6DqiY{q5mvI~NRRVtOFW8rwEWS`M=knoO`fY+mK8X9(3^e}2W@Q}aboC}Ecfn<
z{GF)VF2M=I|9PzaWD%LGdwG2NgXO0?R5&}gto@8be^hR{Hf36gCe}7Km!EaXo{)Xh
z@T6PyamsYJ{?b)G6Fm0K@bLBP-fgYT!y37(r7x2wwd}0h>Kt)QoSN*tu-lB+hoA3R
zm3-vm>S6QOrbOJ&Tl4Z&#<*McZuGg*VWsmwyY+H+D#Y`PgYM7Aow{D@{<e0RuG)(U
z-uvM$w9ArS)SbI`L+(9(dgAy5CFI1L_o>-uhF@S@laMt_{#tWv)Rn+?P3N@;Gak>%
zS`#K|df2bKzvNkmt=3}>esXEC+P~e};2Oy<&nLI4QEB45<fS*yC)M))b#~c~Hm6ra
zm3h_Y;biY^hwgT5zV+4p(XHwy>P2lc=dAVF+I;iTsK^T)?jJpqP(AN#hvDaATCVP#
z@&1N(;{4*tOE#qFZq~SdVPvhlL0db8wm9)HJiPb9kCzUd7IzA9&YmziuEx4v^&Upu
zO1ivrV0&%L6BkxH40H<}J9Kq|Mc6TUMDWs_q?ywetm$mKrPZ&+X2{xW;{t1*DianS
zp5##T_@MZkb<Ynv=$_;sF(IW@`9^DxAKTV)uOalejWy1Mt*}lgrCZ~-cluoaX=7gb
zom{)|UUkEewnH9O{(H*AtIy-3n{Q0oFj(5=dFjU57kN4TdtJLfZ~Ndshi#1WJSR;b
z*2!2W>D}4uL!UqJJTo}!z7gL2tiS&5&B@$<X5QGPzdl2IdaCEgob31)8`DExOs<`f
zu_<zpq-&?63DzFxV((Y$y;fN)Q+nR>!iCMpdd#YGHpIH|jjj*NzHi=ntdDkS){%pO
zQL1`f{Py&F>{`zEMC(;9-6pkKlzc?Bd-LcA9&e*U?$^*<=@V~=7GIx!-LKDv?!!Z3
z=eD&wtn3%urgPJqLqao)PgpT2tX3_J+u9TD>mRg=zBOfD%?G9WUp<$uSu^MA`(=%5
z%*pc8rTme!C!pcsxZvtJ-gTsrLr3m>=QX&sDx~w4<s;{34qJ0z(boHeI`y%vv^}cr
z%ae;k;@^BYUB6jwWQ#t}A3Sp3=$m#d$EvpC@B{IusA%!yF=gKFE-`Fz@rF-7>`=Si
zEv_6C8EHGW!JT_ebU|IVwvt7=G|!NQExYf%DsH`Zo71lx|LWIfot>{um)9j@ch0F4
zecfw)qgOMY|C#ap;KHfi%a@=0^1AEaXP-Z9`Yy!cbVRF@uJ>#I`m+9oq^sksI(ORs
zY~bxro`FL%+U_!@h{t_;HFb)-%8rM7tf#;3SN(9_=631DD|fVsUw64whnv6q6&q|^
zzhQ-His5RHURg7n55AhZ_v*dRjmEi*ct6$gqF-=KtEn+p$EJliY@0RfD1aJc7qiTB
z@|*p!A@8yWjt}mc6R=c~*78Qn*_Zbxzge^@b3yKq;EUD1IBoSgUoH3I))QIvJN@(e
zaQBg|G9SNKd#rKHmgjFhQ>a!uLpw~ozVlXlamqoh_TcSal6qB-El(Mrk^0NVw0>H<
z3eSGIZ1?nWt5wsr!zb=p*EBO{yMD3g`NTKL^&ji9w)jpMbfnvnaZkcaEb7t5<@TG)
zc7yx<y0`hC-LhYQ95`~*yPmhl&550rG;2UlS=jI1Ny%R00^V$X_5OId*6C3nM%~l=
z@#0d|4tBd5wz_a~UB<iPBZfYk7kA*)BB$&xmD29!zPmUnVo3QZSzl&XkMSsf_I}I>
z{k7}8-sJpE_1NZ=vrzYH^Su+P+h?b?x#;kD*e}|)6VsaRkG5_zveJ~Z9m70oE0Wdg
zE!su}mae9^oM^Bu6FlE*VBq+spC&yBnJU&e9F&FZ7^9!+-!%J3NSo6m9{shkx1Zr$
z>yPS3^)u@AwjJ91c-E42DR<IK+JwgVbkBCJp592?D<%ETIp_73i_fk8EAeE>>VNe}
z9b+@+R$v!bo6qfzWiC(N7HQL9&g<4QH0zSRI$Go@J-aN7j2yPorT*tfXBHhCmC*d<
z<Fd<#4f$f(d(rzPgKxjJ*w=b+pR7T>=ZtpE$lKz2GBDM4(wo2EYm&<>TT%6vBCmJ1
zuC*8c@>}n2<zjZ9QERoQPqs|C5oFV6Va;Km=dNh-{ITj~$G^nOH?B){&3XT1&8mc;
zSm*moau0Xcw+=eh?XLT-1y-)<y}Qj=X?0}6%UTJRdAkSn8+p8C%O<UJGk%}E+cKxa
zxfRK>x0&@m&nvembH|6dC(G?o2KDk@-t+p@_<u6Dz1mRKHTV7TH+I&6?<`AidbRwz
z)#Ec4hVH8snECgo{qg;7zmNOJYg=0Kwf9r))Bbk-y#K*Xm&^$}^dC|tl$o1Xw~_sf
zCBOMRjF`MiGisH%=BF2XFU1_cYIR6eJ$zG%FEgWOu5y{x|Nb@u^{&;PNqr8q&CVQC
zzjIoK=eTQrPsY_r_-m8JmM!yKv&wn&tC!azvtjX;but$YxNvJqGxvTknn|WAFSd}h
zQMan@^{e%Z6~)&{lWSJ<D&c!$RPn>@OC_z}n>Wqgr<!_X!cmJ~yCsBOyF0#*B6~-s
zbrjVj@3O^$;vOGrJo<CQ#p1gUzO$B$Y~7&iNKMBo$Ewd8mt;S=cv-iGC86K539G7k
zm5;M%WRW`Z<d}EW)D<T5$n>}|aNf!Z&7+FH3whH6y1tyZWUtGn=JDH#H$AZH{b=Y~
zc6)jGJzMuA>L(ty+10!9+)H)JL{|84VQ{0s?$67mZQi}i&#zjU)Ti$f-;8vVR5CaX
zEjHZS{`30q*@3OrhDJMeI@n~m-h1N4!&PrruUY!j$d!rfu3yZMTzj0C(WXIKkKJS9
zvppx}iC-n`uh!Gs)8F6oL-~q2>&a<ds=OZKG}rRCo!1r>>lON^<%5jNjih(HAD8XW
zx`E@zPk|xc9g;%hoLYZLeDE?OE2ZkF^}~kk@vrFccCdZrnpEkA{;vn;jGZQa^7f5;
z|C^h~_ib`FrO~a+4=UHpXjs`*ePg3>%;_3~J?mep^!7uW#<!Ym+<37?q+yKH_NGsK
zA9paE49*L-uDr%}(xK-S!yQxVbZ>d*Vc9|Z{TB~kZyEdHK;WgSFW*=<KbUy2`qH$D
z0~<EzvvFPKaM^_@QR1>TUg=%;B+k83@x!UJjTd!2oPFreeI?%n#5-MYC#iPnh?PzG
zcVk=EYkS4Gvv-?4@qJ3h4C>vWmw07)<Ne3wx1{$~9$b>$r(aGbi;`^~JbCG4b6v7*
zNZPEiB|g__6L9G1yMfmNe5$C%UYTkix}$9+FIR_0WfM+yjXUUTcl7z55p72;D|Y&B
ztoF&gP3@kKE#}kmcudeWO)q`35$Sz1Ta5B4wO^Op@ptvb@Z9t;kEG6PT*Y%%l~c^m
zoLu9w)$3-Bf9q~j;<L@A67fEn<x`Ky6Q``Kk)}xekhavgY`<H>DRE&=-eUrbpM6l)
zdA}~8&v0*1`h{!#`j0I2VxNyyWh>to_YAk^C)as?yiA44gY%v?Ei=Et!5zC3t1m5+
zCW~61U>MrerbB3D!>`kFr@m}>u920!wOz)%++T7J>Za{&c74P8DobOtCOS9iJ<6@>
zv3JYH)|mCU{iC2i8@3GY|I5zRCqE}XA2X)Xq06HOs&3cJo9z6l{+-N)&2v`_uXVeu
zYgEr=ad+SM8hh&L>q-5s|8&WIYV*-;<B`qv1FF^D_sfO`pITO)zUsNJ@%M&{$Muv?
zs#fvp&Lq#Z8C5lQmU9=noGIrtPto?a&)_-}*N3J}{qQ*H;N|S-vtEJ8CCUt$?YD7s
z`P4%JcUBl~r;R!N@_Mg(Z$F>exBKdmaJU|JS4Ejm-Dd|n`K2xBUbl`{n@@?WK3q!3
zb-U_cD#NQ=PL~o-+hjJ(8J*KCew|JC=`q$@^S0PU_Gq26+H1M@Gp%vn<u}XAR}QE-
z(I+VP%%s;jx5gaVd@oRucz)O~YbqbQn*DLb;z1ox-u&fWv*4{AG-2~E?R?YipleE?
zruV4FO|*Zkd;QnW@iA_T&t#r!e!fniblA+(?w*ZnPaQYN1#ac9IoNI4;>(ji+|>=c
z71;A_vz}8W&kt|8=ecafw$bH0EIjYo{8_$rr{KA_ZO#~cC#OB>`pn%YDgK^*;Ec$&
zuP*!*HFA6xj}7rz?k#V{$NH{cyxP6~<K14$oG!i(+a8IlpWW3lt#;pfr~hd)@qC*L
z0mWwJ>|JZw$~$e(luy0y`L)a}=46{#tzV0K*}t^1_P;Q${k)0#rNOVKe3_jVxnOAg
z;Mr$AR=yAa(kHun=BSpVXS%wC?w?!ib(+)8(x0l{*B@9hv$g;D3cDx!T>7hWkB^5}
z26fx*RH99*?YSw{LpR=<(=0IO!GU23AF2lLY^jx|It^~&vqZmB@>bLCT*A9c5sSu*
zSy7^lce#ZtdV9~Ep7MVE;dXWd6gRF|)Yx1y&t`}F$D#9F`$es9|7GWn69?M#UU%fU
z$LLaCUY&wRRVaPfxt4p&QyrV<EvkDk=|*Be3%3ncX+8^nn__ukl9ylmgFEY#j(@&4
z>DjdS3GMEev2LSSY}**#YarPnnJr(Uu3Oe^cfG8~QR_Y4Zr#yGWb^3U<Qd{8PGe6-
z#MS<i;~Dh+pr=m#G4JS9ar|+8M*M5LxVv`KH&%W1X78Jbi-UHo%<zowx+^%d#%|@n
zu2nbwJ#Fu}m*f1_%IzntxSTY2{_E}O;aB_o(M<m7!{`rV+YXx+aw@)^;rj5C!Ke0g
zSn)30du&_(t+j0Z|1`YGS+_g-Je3`LevWqF?4V!b9UNDkNm=n>=>3dW|D5`ue|7y~
z!kEjym(59ORJBpt@v?o1vVBuVANX{t&5|HZg()i*Hf%k1ar4U`qzCFBX|?cHtG98b
zAo#7E{(RbY%4Y1uwvBV<j+$FaoVRsu;=u8H8^5eNWNCweBNJ;L6Z`GjTUuPs|Hg?-
zAML=qj@xct8*e{)*zamey?^SY-ga$f{BdCHx)pWCyKa7XqDo%s=O;J3Kcq_RySVSq
zu3qZt!z*Vmy1u%fINh?_c}q#tu^u~@MI`**dF<`UrCuGqGV|Kmrgy4dOR1_~c;mSE
z{GNk#hfVjh`*LBxvul@n&WQ7oUrw%BV|wdy{p{v1*1d8F_dj~CiE{3(*7Zx5P72?+
zQg+(DvCBSru@iPy4X21)G>wKnUn4K^ruFSLvwF-QxZ{%~?!8;`&EI^NwtuHyy0q@G
z<U{ruuPRZkSJsz>R$SD2V4g@^_xSovE~U3@+E99Cy7FnUS0k^KxLU!l?UFNlMqOW0
z;&+!SJ3G9qQM=wlOWE#>#j~C_9sBv-XTQGxZ2N50I(3NG(0MDn9UHC=N$$Gc^;)kz
zQ}sDlx2iVH6<>EqA5w0}@gW1lrrPGL%;;F<^i9XqpoTBBb35Kz6Mi~&N^$XHDtvUt
zn#E`8W}Kcl?%7)DlPle|W#Z#rWL!JFuxXtCwWD*dyKbx4_oO!GfY+(Y)YEjE^GoV9
z7`*0>A#0z$TUyaUWxw0<nBt0m#m}7+Gg_SrEz@_^-vhcd)-3dBsaaUN?DaLyzsgE=
zY-?-#x7<PX=uzOul?%4bw%oA0li@~hE32a#-Tbi+!jC3+`)yfvdebq_0I%_nE&SlN
z-H^dLpH&uDyRTkhQ>$spgZ|}w7FikU84V*VQ1&Z38QqK-z4beCl@|`VMD*Me;qKdh
z`qK#u)3=?ooU>$EmU^>~g>UfI7s)kV&Ykm5=*{E^S(>%W$a4<Q?9X<!Y}aUtle*iL
zBN^KsD<e-iuT(s0wZ$bk#8Vd>()@Jnqvl%|TKQKlnYeGsdU!wL_OM^qUr3EOUn;#~
z|Lf<cgekTrW^A}yV#K@Jmlr$rcyQ;-&6K)XS${Q3PJ0`y$=&1LB;(Gg3U-|%S_HkZ
zt!39MHM(5Y%_nynpZl-Qj+oP;m6aiG!xrz@MxyS0D;4YgEULyi&4KArK@J0+G_bH7
zdn@YqQNK))d};K)K~3%6V$z|~M$&4A7M4|h8>dZ}H=$!*DP_$Tq5DHC_l;7&71e5*
zSgYL3z=XiHYgCoA4zHx;-*=hkv`uj{&};dQZB2Ful&6+$ki4=!ba=%qNwpqNjuv~b
zpEOzhpum+c_V!#QrQxhQs|$O3u1i7d&ivbRVF3)Uwzap{5A?N>lUFmt`m-8t6&0*M
zbMMYA>IyWj;h3*L!;q%eOn1>mhD3*oC=K<!73k^Nk^AxL+%Fd5hsE!<AJNchx@g2K
zr~3V_R4ns0!Ka^9wsa!gohyU8b2r7@8*un-jJxXaq2y`1KX%_*DM+9CRx(+&v7P^o
zeyK+cYbIN~ON>=Scl*8j)e{~gmZp97n$vL5#I4rvy=~tP-o1BpNB`ZW^iO)){_#k8
z=;>cO#g=<ZB~4g6qxMJj{WZpuIluh2X3pd(x~lhdvpy+ypR5qnZNQ;k-ItF&8e=gu
zWTWVqe0|WMKYA5U{n9J@Ld%`6A8mP+rkJ=sY}eX#M>Kic+WA-3Q+GxUnz%doj|TdA
zQ;+!GQ@m_+a>b&$C*d_+*BnCXsx$33Xok1@!w^4iXhYk?lgEE;^C*7E(0U*L(a!Io
zdcIuu+T~95T|q5BeOX?o?%L2{C8}JRvb-RHQvcvJxZe?=0#{U}u%Y39^mgO|Rtkyi
zo39iS`QeEa=UQ85sYoivC1iK8Gu+)QM-sqSxFDKb3JhQ6@Rg~cfXkhkuS$_r!PHg3
zSEf`gk`f{U2+nZ5w35`YfaOKgThrC-ZjsiliDE$mde?>6%Qdi{P8$v7E)jC22>y?d
zxI`%6GG9^!x)Hk>^jZ&Hw6ECB(OKL>H!vD11cc}u=nohA!@jrKkoo%4V^EY%><0DW
z9|LX_k;-Vm-E~HNj6th20yy;jzFl=eVF9T0Xibz-sjWr@Z+w?2<T9B=B~oe33wn#&
zM@H(SjlLH2<<}zm<<BDenqd)rwJ_XKj3|ldZ6>gXh5khrcSS0Ku85|zh^*y8O|pCo
z_iK}yG$+CK;4cfBY$6(5k(%yBP4}WESc%lcnuyeNFB-ZR4cZfTk%opvLntfK(6GP@
z=gBj=7Y*sfLPPhWp?i^n^}{-FbvXG1A?#q#$3y|!Jj6W=aQ}D|l2$uN?BD@!r;iQO
z>fAfni(N#~h8W!+e~2Bxm;&XEA~HTlGB|SaAFxR(qY;<NXv|^n($Aqonsd-W+UW!P
zSpZ%BMRbZrdcsf+tWsp@zYi>{B2pPGdqox<DG@y`0?5pNAAzD#TS_F13oWYGzYnd6
z+!Uj^GDdS{KdHG=Vi&jw;Q;?7LbOGa%4j=PWI3V;K{$v&RQF#XQZzZDSSQH(QVMO(
zzfbleLQ8nVr7be;|66E@ig2JMI`Z#Bo3Ep^C`&2Ya~D~pY17I@<UjVSw3LdZ6ysNk
zkh<e57>XuGv|r{T^xt^ae9kadlcKGrl-P)$L5S~t<^PTMEgJb@pEX2#9P-Qm8&_*0
zzl4s<q!LC!q_i_DvOLN8-dOS9kUt+GMlqzc6Du+z3O;8P|Ba>>O^y`&_?XNX|3d>y
z2Q5XnLkhmyD*t1-k<vl4RLV?T=&({Gl`;w<{mEcR$(JYPf2-;64j-IX()k6LUNY#y
ztE%YfChZvE%{t6)Ca5KI7nqLHbAqDt7v76yZs??BO3g^9gFXhb1u{JNVK744fSzZI
zy9B@wiq>SalmmHg)>b0!5f&Y;Ywhgh>@1PUU>Z$HBoaA%s$|R`ys}8?2;ZSxC5P`C
z_=CDiCwvaM4@aFb+LwSS_VV_DDZi~8G7B18phRy|LW52Oh`T{*1i%zT>ZHUBFog*x
zLRlIoDV-j$Fb5hSCO|VlDFI;otzdx#;Mp=c0uO*A5+-B-S)~J0)*e0)dA2R-^D9Wo
zF@qsM(aoTXHF1K*m(FHzyp@!sK+N#vF#>S{I86*eW<VL@VS<mr6MrMVN~l8^gRnEt
zkcot0z&#dk@(I658+*F0N+ZNkgN&3b<hG#694ra%SVj_QH$x0d%n-wzFcD5V(Ze#5
zsC5C1M5GaUltLCEWEh-#U=dLPax5`OJ!CL44eKC*pgsi%BJ%iLg};H3NKlky(m(tr
z#KFFRU?zrR9kwleSE=bXN(Yuew4o!SPADW4b(%tq9MICs$N@1PTyhbbn33x%a)2ZO
zaJcfoD&e<CL!Ke3*d9p==qi9LsNnEbg8E=aDkKMz9Y2{iL|&jil8%)te!ql#NGfQD
z<KP%3_>eV7V$?Z!#@1n3NXh_4S^EM=jD}UI*4P3WIWkDZj*&q+acD+Vl&v2jDoY#y
zng!}>N+ttCfdG?w0JMqtXg~mY888V6fZvHx!B2*8NJu0Ed5*HmVGI(7{D%50;eT9t
zIkJg_lPi=35{?#4S|7~_$H_C$uH`Gz2!tYBMnWKh@WW(5k@Fx4_`E=*3TT6tix9<R
zjhOb>7Z8a&V=OlLj^!wkEU}@`BvnX2e2#E2#8v^vOctMk?b{M+l0@SD^OaqxlJoqU
znX(JaA+h{sqNp;NL)vB1zM9Tn^UNVb6@--N7h;CgW6JqDNH9jKAodKFM0c?rG(^f3
zsQ*w-Od^UWw!=@f3-}5C5Zjs5f)R6~9ypGo07{VvKqisf0&O@-O9DbzDIxBW<3-@T
zg!~wX<o(UaW(o)BwE)(O5P}y#HUOP9m4Lkod?X(M9R-FlORN?Wl(8-f3!|AzdlP!J
z$-w}JSba*OFh`H}@w82X-US#T_GTFIR12BPLd|{xGzx?i8OZuS4l_;m0*xy|j?Xyu
z#bl$v{vZ=cKfqujC@>ydpZHZ66a606lcT*t>TvxjJdr|Mwha3=*(bDv&|U>nBt^kN
zSa3YFl>ig=%Z@?dz~9&gg%#_VqDVT4LDY>HehgvrC5T=PV$D9$Of&0+B|k!9fCa(9
zFvBF@tWW^h1P%CykV_!<^mC$LC@esBLSAGeqRuz(_?#g<KL2@rqZ3#rQVF6EhFFZL
zr*)5sLWu5}Q4ULfgmMg)3KTfR7O~?~j)(ErEDvdq!hk}GLWER80R)QwpHNaJ)7XL}
z3B-<}B<&CwN|NBtjFMRLBa{RxA(r2iL7+Ap`m*-i<k=X?v#KkQJLtS%`DG0oPmU;w
z(%iwB%Mr(HOX-zYGwjhw{s{JrmMIuRL$nYBA^2@F$2>VQ867ktXtdD4FjOR3h(<+a
z!j5prq$P5>;#=79*$KoeBtlRV*+^V90>%U@X08}nfxsa<A<)741Yi(;(|3-Ez_6Ss
z0xA}?F_{>sjL)zQ23~|{*e?<T`-VP9f7l-TLxS?lS@VVpjL(?gg%=-e#}b)dxXTZc
z;4&6lNRMzdh$KrG*G~%+M{H>SZzeXZx2NcI3zN{GbFDmY&#>NPiqKHAzJ)6m43)nf
z_R*A+Gh&6Ni1<jL5K<KIBA*5OM_P%AIHDPYu}z#Y%^m4geL^V`B*8upUVzRGlFUO2
zzSX8_V@5V!NP*}BC}x2WY75{}V6+bPxju?mbQCZwXS9+PV1gb)7V^AM<fX#{6gVWO
z9NHi|@DG2RLLC%rc*bfv+dq<%wF+_+Y^IJ0K4crC7!*9`_K$sI8w&8iu}t9<C=UJ>
zveYEpw8=9CemEJ0$lWB|wDh{Ofgh1{GvUS(GcK_S5lUh<10b9)K)8{E03v~s6>d~*
z<On<?*dT`(4j=~!cc2Wa5h}_sipS^hXQCQX9oiErV>wa}O%1k#zOgMa3s?@%i7+E|
zoxesIIfTSuK?Rf{j+517;yA&{08zNhH#9BG$n+IqMp6JstWYD9&B%a)!C14x=sJn^
z8Koek1hSZ{w`p?2Y{x<&z_=95uPscKIhfK0jzNxa(o6=h<VTQ0B!T{D=1CHa;XA7l
zgjdK5{6iii|2c>gUI9|@*u-xWQVcIS89y>vG5JV-BuUY!ZrXY?GHZt1_rh)fj&O`s
zb9DCTuMjB|Vg#NMJXWY#HRdBm5J$uq#J?I;0#%45#xan)*gtX>z9Yd1v6wRQo2`#^
zLAtOEiN{)hmbhkt1`rbK2~7u6&Wwls5v9U02;Qs$ku^*Ae80(0F0iJBQ6Qmd5rpkZ
zCb>Y-%Mpy<q_aXi)51_fj@)2O3Ck6NJwl7r_zDFHb(lIt%#fN4hJ<U_Cr3AbB(lKq
zzdk`?sYez_Y3k8S4ieb=$Wcmqp~Rh)Tasg7th8Y36HPBO4Q1C<C<#6DXVz2-N?Ri-
zxh4r1&uXAauo-gWZ!m>qD$V*kA&F@}iDclCP!4ovwHSRFnOai?kb@*Blu8xPPjO;*
zie9xdQ{(T&?p!PjiS75)_v=iiRmem|fe;peH5z7xTxk}0vU)%pW_nGIi!^tKVSx!x
zKGMJwWDBeFM7N<1t2xL@HblXg+k^mW2iiGC3<QLMa$=vb9<m*@hk{8k$u`4)U(-aA
zZN|wm+8RdNh^C?TK}W=XVS9Fbu2upQmF#jCgO{l-A-IXi`HOobE2E@%l0{Fl7&Aqy
z3qx^!W{)E4p=OH4^YeU)17?M#IKdXFhtMN60BbXg&2f?FI*UX#Xov6!D2HPqMbX<a
z97HbTILKL2#&8Lxf|U$>237L8hf;!E!oHZX(6|r|VtckP)^0PZf&CMyV!RScA<}@A
z0DS&Ebt~AwAnb)SSWYI1$q$-|#K_eJswFKk1*qls)*)CS0jv-))8r3{$BOz_RE^9E
zfUsl*42TKUNFQGfC7>>02(C>4Q3;`;4G}JU1|8&2g_#2frr837sb*<n3O4CO<jXoG
zT5%X%5%_oFw+o{yj7*rU60?kgpdy$AWccT6R)nobWDaGGksI<GWe!j@U&CVgOg5Wv
zA{eM>=7Y`A6*?W_h|MrGxm|ky2pho=s_`NiW;TutG-(rqG5ecfhMIyH!4LdRG#>>8
z8HdjhJH}!FKTSdPw{k0jXa@V^SQkP$>>u4UJi~FnDq!%?1Ovi?0!*l00F~*b6)7)A
z$84@(46vD>7o@ZZUCl_&Gr&kz5CYQ#3*8H%f?zW8j_44QadeFsG6q#*Sdkp?oHb;m
z4@OXte55~M3(5NefpBr5;B;4hG?Z`PnEGF3V}6^jve9I$_(DvndH#(K7uncRFm)w6
zoC-rxARAH+1%XU@z?!hafr3X|7El|h&(DJAV-EG86B7GDT_Uj1miwH1|Bf&c0b|_?
zwnu@(HmE4_0tAo5lv0KHt{#e^3}eUX+!bTZh!mQ|T3AvTGBH9@(DofJnncKul#B=D
zGMdyg&ECn5F^-jzQ@j+8IT}I+qY`}!a^M0o))de)R)w`fTsxZYDmYNlS}p%ZE|8%#
zho1BiF$OBrQ68g(Sa4>{LToxT26&KDV|Y*u_oQ_W3o`nONRTEXL7s@P4U!yC4|cB+
zmjvhK=wBqV6EPc&nGMtwF)$+L>;`jciB6Y@$PQw65k1Wn(epJ6vK`c2L_10mt$QMx
z76=g?g;Np^rep^m7g4fjRqPQH7>(!Vx`ajc7u)L%K{^9D6bES;cQ~)-tCB*@K~XaB
zzZ7g@l8Y#r+LnS7aqQ8j_S)z$eIy(Y>*?--f6YRpqoa&=VsWT0Jj&Lnj|{;6ZMFIc
zu|XH5j|hl_6M6<p9AgZN46%t0)!D?rJ7R6Z;NX}cI6$it$3%te1A_1&w29J3;(0P_
zK!l46M+pei3Wo~?lQ|`g0L*bDkY=M4;A#J_k>TjY4<JJrBbDPS8{z_|J7Gd0>rL+?
z{F+v9X~>zW{_wC$xvi8PRt39bgu@a`$C?Pvu;k2S5yeodQs-j}XEaUN=BM7w3@mq8
z)Xt&~tC5+o#SIH4Y<a`79*;XLCj|ddB16<?!j__7Er=y@{;+0o40l+xI7P&kqNsdq
zW%93L3qFGcsoY`F_!V_nnKB<+kZKm&uT2HG!*cS%KTKqWG#^`~!dA%;nKLYR>ct(E
zld%2aQE?>J1c6W&fb7>sEt=({t+-l}kE@0<ahCQarp&dHNlb8Y{RtCAY2+rx!r|(C
zT=T^kab<H(+);nRLdhf=6Rt8!nvZM#sAl;+&ai?TCJN_V2#ICjC|P?f1Bo^<Hh);N
zEGu`|pRiCe@X4$_mVrxSE!5Xi<J@6?!a~UuR6e#K(k!-g#9|UCb}58A>Q5Lb8F+CM
zvMSiq%BbvDR+qS={)By!sipb2f=IKtaz>?H9<zMM9rh>elT4#DAuE@t3qqEbV`e>-
zJM2#wC`jv=u$6;Mo3PE#VG=oJSKhh9{)B~+Q;K|SaZ#UTEs3r3mw4E%5!_*a!bHi*
zUL`t;l7mdM*wRtCNsifVFWgao!bIVj09KCW%KRYeD_e;;qjI;q|ETMcEAwM0xbP+)
zS9;pXuFbOBx45JJgn^Q)^Ft^(2rSE39<Bvg3UXAXh%tp+lOI7TK%z~2MVm*@WQm(4
z`y;uS{)BZ>Nb|!d1(hE@(I*=@BFyZ3<qrE3<_T_aHz}+F#F<5vo^+C7>0puBPs|<m
zC(M&Vo*zCb6fzTEIm6QCiP`YY9rh>8lS0A9Pn1Xj0&T*U%(U|rmf5(^9rY)ylLGcD
zunMby>=rA;yyF7wIScNnKVh5{>iqag0RmkBu7tz|>CR7BCxs?IfWixMSY-1Z02!4%
z*u+5=vXw=j1}LTZ0hAJCn#DGMSR%&snK83Lf5JK`sr>K>Qi=uON(XJsX*{!Ge<FO6
zLKvYE$zZD}WLO|x{a<8NNO}cxClLX$x=0(NE;<^18O4#hfiXs#2#PIWo=1hpgoH)%
zvMW-uRprNRE+vPA3gW@eY#{FbUnE!lH#il|xJq%xA_B}H^CgFADdfMDVDbu+G71Tc
z4vh&Ui7zLQ_HHg>oiQLP%%)#JY=BL;E+hahQ8MVlbpb}5Q5+o*!aSyIA^xzH2v|}y
zBP|7!C5P*(C=fI`tm?y&Qb4Fsf))`QiTOHXShU_Sh+q+5hz^4cU9?zl2(i`21sJ1j
z2}(5N0*H%d-zf#aM?(phgy9MeF>Hk)xKS5i(1zL)$+ra<#dJa20c{BV1pxkpE1)1s
z1l5J0TLA)5NQ&ai>kI+m`8iR9F$%JwMn(|WglLcsQlNt(pt@~nbVRrS@SpG|6oh;#
z5p0QtOBD+z2PBQlk!6$uZ8*RjqKniS0?@qJ1lUCC;%q{qLTvi$28jjm7R?O-U1=y8
zb0UN3PvOnUPeIJx(DDNTHU(}%14(>btX9DEMIpj`fV?oW`wiL98;yogn~<2WAYFmt
zz}*Y-1HeiFOaKt#7%8#ZY7x#gA^-LL%zj*4oGqHMAidT$OfNP@gA`~BwhCgjXHr`U
zJ{1$2L0b!POmtYd*fp@9GZ+*!Fa-%ZS?T_9KSXC@ARhtp11=kpg#3765u*(of*TeY
zq#I}(6&fXW2#D5&0F-vFz1n-Y_35UIGlqj_)fxDr&fRP91H8bLhKvT26?Tjb{u_{s
z=om>@iZf>bT!u@%aytJ1y7)u{goQ`z?Pxa`Wzge&kTyZO*mfq83&>eCuSW!c22Bdy
z8g82`5@@(CW&8$kMRRa+i42Scfr#NXx;e$ScwHdjz6V{=yqgpfY8Z_w(S(s@CAa|N
zhvOZhCSouXHY}ULm+1^qhA^WJVp464AuM{34Mal%h8NAXN#XK4g_IayxB^1~;e4U&
z7{^C^FG3RlS~Q;q7g2&e!by%)B!g2_lt@WIj^bO)XO~ldFuEbP-~G7lq(d&a1`EK1
zNfs_E0?36jp5I>Y<r9!xxb@@k!K9NC$rNe;j{?epZ3ks96nNl9%_A=XL`9p*Ny*#*
zLqVL&5kp9?5q{kevMl{RNJUFTN#$r_;EG?6GMKdBt+$1fvF|H{EmRQ@u4o>FSZM{U
z9>Wd8;H)9D0!zAuVkHC|+Wz`j*e?*Sk0Vo)0WolU4s1g(is2BXR3np$<3a<XZNiLX
zgFzrXv<Zj|vM~k(<JY)=K{nBPn+TmDL<g}epkxyWciU=1aTfxV!@WO3*G^KEKQ6E|
zmWUZ+?coK}g$rZ<Z?G(yQ^R>C&MAo5P~nX?GRZex8mj_Dl(?cgH-u6Kn-?G?prKU3
zT2f)GZxP`vqB{enfDi#p3S2${7eXt*tUw~{`v#?mP!`dbk<<t#o?!wZCs}V;hJ-xf
zH{k3a1sj9<Ls+FVfco0T1j5BzF{r_On?i20{c&xh(=`~lz&;;X+6US}==W{f5tyR%
zdYG8^H{t}A2F_?3sS}tw!NsA4TN|dqBB>XcWg%M&oz$SS839oN+E5)yYLJPbQ5+E#
z873y*ZQwp`!=NZMe+AB>$fcn_PD*09C|JROKmfM6Q81q^lyUyXOg2t$=#S}wILM6I
zM1@4z7{fwfdsvJ?XC#m}3W9uCG@4{%OdxVXAQeUPhXfTF>}A1(0*MkKlUFEYB4fj&
zVgf-F!i>?jA^KP`e!&v4N0d$*77*?h6Br(*h50Y~o^CE4J#0PPY+(nejY8!XEi*`M
zqk@73SQO1)%2bd`fT%G)!75Y2w!ClZ8?zPf-$A2@lQRV@+2Dmr7%YL)r`I6AVKW#U
zie}r$CDK1G{EQs|k)gm-;I>EHpHisoQ)Fxyz1tCTr_n|+%CZ(-Jzxxu3Fkx_s0I;w
zkauw-CJD@hAUghDM@V7tmQx@b5fH8qA+I`sR~pbe5G=&5QMyQaGo~+DE*Ft?u*jJ3
za1r@O0{cQ;W1_>uBFT#okbCeVhb{q;A<bZ=pr?m5cZVfxILjZ^!JrF(Bn@-BAuNN@
z+s>Jd*Yvh_*z62%ZwQLf>eza6+)<3@XK<r6{9!$E&KURg;vYUEJM`&&zcMHzTjnLu
z7a0<i$`LXz%^dCE><p|*K-N_Tv8>ESB5x{@G)28)Z_6HN&;?saU``;lfGxz#e<CGV
ze}yPmM9L`GK8W{E;(ww@x(vS~eeu8iGD?j{0k~x_35GN8=4Ak_22Wsf>)|09yh)8)
z25n&>+Pn<vDKWdntp`+sg(&kfXsg7RP4MeMP|qvVX!v75TQ$C-!>lbV&I$09f{5|@
zgAxg<j(J<y8py*<0&f>l@ajQZO3tGn*2A}6nD+<U^Lh24Ei6+A>*2-OW^LgFHC}wr
zErYfoYUX9Ip<Iqv>2m8yDA<O^g9X~E@J0<@J+hQ(UZzmtJ2|*z&{l)*1>u%SD1}-e
z8<ZM+zj-}SGpT^Tlv*yJvkYEoA#5w-;{oSQWO&u987wln1dpq5%V1muUKYwNlR!PR
zCFW&tScO*xZB@cClqx<ypffdpTrA^{A(hCLe0jz)e4h#z7AYQ3<Ix#l(cq3^emy=c
zV9zyp*SL8-l?JzYa?3!#rT97*ZkZG|S@U@bwG?=T8n+&_g_MqY8Prqa-Nf8_QjkeL
z-=M8R#={NjfyLyvl_~gk2->P}zqk1qAO?K;Q3@qrx4@oi@Df#STMG6|;;tKBnM`0`
zz#ij14_-YbpU%*q3b&Z@>Z$QXIlMBBa9kO=``5f4tg7(nLdhV!6W}3(Y!-hE$Q=n_
zk*V;49Nrjez7E0|8r<1vUJtJ8;OnJKPF|_Rs|S&%psgH_%<$?d@ZB}MG9|u@iC3oL
z%P9pEz^io4>wyUI<d2fU9wh-RuvbYiE;vtNe?r-nfzK0;0WVY%z@o;JEj;)%Lfn)R
zA#O^k5I2Y(1Y;;+4<UaHrIN2(luW6{lQibAsNguOpbV5jPzDQ1f-;3tFs@2fKz|xx
ze`<+P?$xl2$R9%u3>K8Z4F!TSHNL0895*$*(2ifGkqYUef#c1BdStted4C!R=LGfC
zLYOrgL3{x22zQv6^(TjGq4;!`!@at~GJ&6=U|+02w_pP+-zHLWNNWrFgYcP8KRLYn
zj8A7!X@T#NOEtLmYK{lQse&=UTnYN4<U;!gPKBo*pr}fIY$26Pm3(`JWfV^rpiGVL
z>EOZ#Z-5i}6u27)PotUDgFS?NJpvD<5%_7?04RVNrb>99zIlHN2y}R5@WM5I3<8N@
zIiIFbrsUI43KIyv>_Qnh2HqHOB9kxAQYhowIw*sUCxW(MU<74qe6yPwZYqU}Z`Xj6
z@IOI44L=qI&n>XKP$uWwY`BF*sp8oeEW@|AnZcrl@PH4qS_#bL*Ha2%#?YH5yBLlO
z+G^m21Ac#inIO*5fWYu*0O1-;o6KRsGQR9W8Jsy3)Kd%kgFq2??{aBCN#O`Czb%vr
z#sHNT_*xJI4Np!nyb{<0@bCh^g~2=@77Uh!We|4pV1`7Sz~@nvQef}Ff(hoA82s>Q
z3J#7RivmG4_*y|TT0!ELKkorh6nLi^uO3Jizf1wt5|k+fv<J=N>jFh7G=kWS0{s<?
z3rfwCdsz3A2>VmPVH7?rsF;E>!90(GJyHC*29y<mhgvZ20d_zVgFl8whVOecryqp2
zd^}_zE_~Sl(<F=uL4*WtrBZ=@$k5{R#+8Au;L}u23498O0VGHA+rmDzuyCCL-*4y<
zHdu#w6|uWskFUc3DZspuOJuMfiow>9UydSQQELZ#dkwf^Cm0g038W<LDF>;<Q7!{_
zKsh-&!<Bd6uY#wS9rap=P@T5FF(yJJMyXIKoSo&45b;81P6|f{g|xj)<K*P%Xm3wp
Y)(V!&4ACS7gz~JUEE+d<a&@-&e~bWgZU6uP

literal 0
HcmV?d00001


From bf46a4e7f72d2780168500a76adc2e81792feb8d Mon Sep 17 00:00:00 2001
From: Matt Seil <xeno6696@users.noreply.github.com>
Date: Sun, 4 Apr 2021 12:08:08 -0700
Subject: [PATCH 755/812] public signing history for Matt Seil (#618)

* Signed key history for MATT SEIL begins here.

* Signed key history for MATT SEIL begins here.  Fixed email typo.

* Revert "Signed key history for MATT SEIL begins here.  Fixed email typo."

This reverts commit 87c4c4e6eda85b914f0676eac0f24034f85d9303.

Co-authored-by: Matt Seil <xeno6696[at]gmail.com>

From 08152d58eeb5a58249f8c35c11992dc6eeb5f10f Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 4 Apr 2021 15:31:33 -0400
Subject: [PATCH 756/812] Update docs to change 'master' to 'main'.

---
 CONTRIBUTING-TO-ESAPI.txt             |   8 ++++----
 README.md                             |   2 +-
 documentation/ESAPI-release-steps.odt | Bin 166122 -> 168476 bytes
 documentation/ESAPI-release-steps.pdf | Bin 247591 -> 247566 bytes
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/CONTRIBUTING-TO-ESAPI.txt b/CONTRIBUTING-TO-ESAPI.txt
index 0adaaa747..9d24cc91d 100644
--- a/CONTRIBUTING-TO-ESAPI.txt
+++ b/CONTRIBUTING-TO-ESAPI.txt
@@ -31,9 +31,9 @@ Overview:
     We are following the branching model described in
         https://nvie.com/posts/a-successful-git-branching-model
     If you are unfamiliar with it, you would be advised to give it a
-    quick perusal. The major point is that the 'master' branch is reserved for
-    official releases (which will be tagged), the 'develop' branch is used for
-    ongoing development work and is the default branch, and we generally work
+    quick perusal. The major point is that the 'main' (formerly 'master') branch
+    is reserved for official releases (which will be tagged), the 'develop' branch is
+    used for ongoing development work and is the default branch, and we generally work
     off 'issue' branches named 'issue-#' where # is the GitHub issue number.
     (The last is not an absolute requirement, but rather a suggested
     approach.)
@@ -74,7 +74,7 @@ Steps to work with ESAPI:
 
     But the basic high level steps are:
     1. Fork https://github.com/ESAPI/esapi-java-legacy to your own GitHub
-       repository.
+       repository using the GitHub web site.
     2. On your local laptop, clone your own GitHub ESAPI repo (i.e, the
        forked repo created in previous step)
     3. Create a new branch to work on an issue. I usually name the branch
diff --git a/README.md b/README.md
index 5a2454ed7..338e697a0 100644
--- a/README.md
+++ b/README.md
@@ -22,7 +22,7 @@ You can find the OWASP ESAPI wiki pages at [https://owasp.org/www-project-enterp
 You will find that GitHub repository at [https://github.com/ESAPI/esapi-java-legacy](https://github.com/ESAPI/esapi-java-legacy).
 
 <b>IMPORTANT NOTES:</b>
-The default branch for ESAPI legacy is now the 'develop' branch (rather than the 'master' branch), where future development, bug fixes, etc. will now be done. The 'master' branch is now marked as "protected"; it reflects the latest stable ESAPI release (2.1.0.1 as of this date). Note that this change of making the 'develop' branch the default may affect any pull requests that you were intending to make.
+The default branch for ESAPI legacy is now the 'develop' branch (rather than the 'main' (formerly 'master') branch), where future development, bug fixes, etc. will now be done. The 'main' branch is now marked as "protected"; it reflects the latest stable ESAPI release (2.1.0.1 as of this date). Note that this change of making the 'develop' branch the default may affect any pull requests that you were intending to make.
 
 Also, the <i>minimal</i> baseline Java version to use ESAPI is Java 7. (This was changed from Java 6 during the 2.2.0.0 release.)
 
diff --git a/documentation/ESAPI-release-steps.odt b/documentation/ESAPI-release-steps.odt
index a3b8bf3f2da8fe578dde00f0bcc09f6a1b94e4be..0e55259ae15648e8fd4a4ed565711c9db7e95806 100644
GIT binary patch
delta 50970
zcmaI7b8uk6w=NpnHYRp5F(&3r%!zH=*_m)++qP}nwryK)e)pd9-nmt`UjMUuukO`*
zRrS|h3;R2bflJSaLzMpo4uJsz0s{h4mlhC%_!H^hL(ziHvIdg}1O$^O##jgp93-Y#
z6I3k@0yF^J$2Tx843tzQBrq@}JT%b%Z*WL>NI+Ovm|sv#KxkZGL`rBxOh`mpWOPJO
zbZSIQe0W@HRB~EO(4V+4|JaDol!$<o$iFd>(ecs2aWN4|$r0(%foXB!Nl8heNpYZH
zSfJ@~IA9#0rEzj#>bNZp?d|QURXrIs1BLb7B@Mlm&E3WA)Ab#3JzzXPhDOGR2m8iG
z`iF;y`zIFrCYMJiW~SyR`)Ah2X67d5*Jek1mnZucXGYg%``6~j=H}+67guJMH`i9?
zSL1lW32}BdSC6;m_jcB=_7^V>H}6kZ4-O7?4^QIkzzM*v&f_A%@c|GJkgu;Vv6caS
z5D<=ODN!M1x77=8M7#Y(Z{5}UxW<x<Msva!^2m)jsd$2-9v^}&(40{Z1Ng&Gn^^v2
z68m{t(j4uBAoeZTY(<_TZB1>K3Khcv3L#q=DEa|C0Ub*7O50Nz@nEY|=f`<1bY5bc
za>>hJRvTK)M9&h|S71G*6B(p!Kf`DzHvA$U1Ph*zPwxin>g%)Xi>lM`I?3QQa?gZ-
zbFUe9XoAaT(4I9i&3--n|0;Svuo3UNnT027o4R?pYK>5X@)yu<D}2NjxLZwdJF1H)
z`?B0obWXFenK}LXQ1btz1Kt7Xot~|)iI_Q}xB2bv4Q~dLDg+HCV8*(0zNky+lOXNJ
z^6K~2r)SsoOu-Z*o|@V%aO(-&bzvpx;J$bJKdq~L|2neHV)r>STwQR!pv$y(zAn2?
z>52NdVA^;*(>PP2n^K03%3qXw-{$@LjC~MuL;WGp^|6nPy!l3V^#v5fzNqIJmVZnZ
zG4^a}(0tzN+37!?T)oe4+wM$~nNFL2u04IuM{PWOwso3b=e~b*u~C0qG9mdqAa|JR
zrl)uvOwEU5Kkx#tk7KsDS<gAd?#GnR4FcXn0&gWxU$fiLvYpnS6;1QDZ=EAbrxyZ1
z*sX3S>)ZBrZ$C1k4{-0Fq6FyT#@RrBxm`#37+*KS3p{*ueMAyJS9~&fzqAQ__W5tc
z4EY=}H2D*I-0shIaRYP2S<jnaH<LX8&)v<_`unIQK=|HI?0+M-fhhYvyf)-wi-+K2
zdT!}Y^|gu(^~J#YIJ&*}^*r^=rpRh)v&CKWe#~q8rM~wF=)TM~@u%Xw_4OdX@4S_}
zroVNpZJP4fzVtj{0M|KbGpznin48?sHDAw_uAO7;&)&!%8M;J#FOlokU!m-KS+X*l
zT3mM>1;j+{kKR`=x>VDF(17<%p~Tcyt=FOT*Bdd?=TS(AZu3h*k1MI8_9WxRJn_`$
z`*uMZ)YlupYg$FWk@10je6Y54XY^%T{xOmj!IAmq-vh7va_T6z`7plSV)_qB9xuOi
za{`&V?$7V0I$qDW9jm-f0*^Xhq5Z1_e&FzZC743#dY=rK>UzH>FwLZ3@%?yyT{zP5
zxNIoW^|@Rq$^t%V8CrSVK3Bfp8hVZ@eLhaZ>fM0rbG_>YQ=9?sOUEpHug{dFOhT^*
zbB(K$9?Pt^^?z#K4=n<(yUTS`+6B;GTH>YHRX%lt+1OoPeA}Dd_rq1~qD9yTR6ef@
zWlTtw{4eM5RS5H2Z5Ml8e9v<w5=7}QtMK4rM^pDp`B|zx6es9%`JI?)H)KjpQc>?i
z*g)4=hW}NPLzd)*BV9VddR{t+E)GI|Ncertjc%vmt|e24o%8kXkg3ws`{EF>*UfyB
z5i7s@Z47!<yW8!@*UsS!ovr6_rY6A3>UL|Z`<!{y#pm{AE#S74arKF<_-L8c@E@=?
zGG%x?En4e-o{l7SLZ;oQf3bEwiuf-9JXIV(*XQi#0)OZ0NzamN*46vJEuZ>2n&O`u
z${PGgQXkN5V)A)Z>aqb&V?R=CWuzN`hqbK!DAY@P)=mXh9gh%3KtF3q$0vc&>Fi)B
zc044_9ugYo=|*=tIGX?D0fy2$-RRPr$DEa)je}#MrviP$AKm-aGT*<AQxnK{IxEp`
z+@ONGyoc?m72?^s5hY$sC+Ywp&3`Hs=-5oipE%y~*7SU*JmR$lwavgCi+)J6(fCAy
z2bNYtedc5mnl||!)Tm_B+mHG+;edlh%_0~}xnL)APafMxk*l!Gfh_SW8M&T={*2QP
z)6b2NF5b69iLKkkrVKu@O~CW8BhI$xqHE^frt3_5+w-#JqHRbnTqeE6`^9rUZ3^PP
z^Ej&gMZDiT<VPguRw$9wI~(Jc<KP=~lTqgz)=U3*2y4beO&Z7M=1K9_cHv7?*N1NB
zp2XC8taqE!l=jv4F3nbUG0ET$m^QjcSljyufp>GK<vq#ia1wh~AE50EKk4KhU+!a2
zNlv@-U71U}Q#fqk$=GGTWGw6Q>Ex;C#N=yE?KP_~i_W|8A%g!NLL+11{H%nN^8t8D
z{_y7I-1~P7FpIF!kefM9@+PD2o^66JP&-eNSFmtXB-An8``qgnIV%aLGE?et|AZsY
zmYI{Oe3t{urZ!gx1#pvf^2jJJt9Slhr`Src;{Wm3A-P91>6v|AIj4UwJS3VsrLYoj
zRY+D=rm*a;LB^xOoR(5jIc~P)LPWOJy0W|A!R+dB7H7Jzesq|XJy1ONf3hQd<F~;+
zlOcY?@tlCN(XY8?$g+-zf37gwiVBlRg!)3Gdd*uh4>{}C1U@Bq>~8QwTHFM|X8SsP
zeU6b`J^UKj*OH(4&oG<C1j3z_4u@Pk15__q_eJFL$^<cpHK^lrm-N$;Aqdn^eG<8{
zGUxP%aNTyh=->u~8X-nl5}+FeXvf%%R`x+h>ZevBBN}44^VDHh2M23Kme}jZQd~u=
z+DpjxJrRWufaXMEz4Y`L)U|ytfm|p1j%Z6_?yPtr#nt0ew?k9Y?OPm*2S{yIJ&i%T
zTOz3#3f#j-jA(q%_sCiIS@=JYs4^rs{lR}ka4;pz0*TKZ<$H;OL0Wfce#nj)^cwAZ
zoO^9azOq@YUh-?vE}6*8>M*1k<C7Y!6&K^$)j)7;1G)A{-&}j_(={5z)nxe+awASl
zS$P&pt*q}V7+N`2E=`>5@>f-r<+MChv@$a~W5441>t_%H(**g>d_Ot4{_+YnjeWk$
za^1qa2t!zg{1*C6b&5);nt_VXJAV?_yj7ib(%%vN*CHOpL!@yQ)|R}bedk)gco7Ae
zS9mmj79d!K<+(>WX?aiXTOIJ6mdrX0MA(s!`bLltmWhT2f<<-b{~Lx>8VeSnH)1J=
z+8XkdN~;mL+wm4umA>=ot7eyHgZV!EeHImB`d-gnm4(C)YWxWkBFvIQzsV`Ndqm-t
zU%HLl1IPOY8{zAvdGi`HB)EzHqak3zY=Yy49AH!?OwLrzKe=a9p!lw>k^DP3`tr^<
zGd1zZ*zL(LeCViPfOiRp_d3nV=m>t}{)O@ItuH|jy&dj=lz%OoU997|Ue&*jWZkUZ
z&ECs|fdyxUQ)|gguYPB-Jk)xjTxXzHbHSlQxnTo*A4^W91JRZ42WGR4xrjR%zm~VR
z383R`D1NzsTzBKlN`u`sI}i{0h?8S)($8x-t?#GP?F`FLCis(V!`G2@lIDa!)DLe9
z-cz1wn~(yg4gL@stcKV*`Iv7eBzFtJpa5n|R(dxHq1~2kZIHI0Nw0Epq(%<xE|!AJ
zVoE>Ht7$waVHb)lVlk60h=ZT79P;LP3Lqt;n(d2qWy2$&?L*+`PYMY}=&ZBpOsvLj
zzJ~3(4taB3$BkB;RkvG(Qri1YL^q1wgmpxo{T>I)Dp)2CosVhiav1M;HgPhC%bWrQ
z|0h(C$1)~4eT4n%1z%e0kC@*X5uKUT%OFp2r4jQi7G}24!^Wt&Sgr4hic*X6E3gk4
zT{m^+yWO}WT>KLfzI%QHBz*?coVx)Mi`45%JFPO={Htm@Ql|i;=ESBYvF#+1U=<-L
zl`e6jv`xhXGR?q#7te{YOjmN0^Z6Nd8nk#~ki@y62gR0To92)ggE^FmBYv6;Q9~oP
zhKsE9)-)qE`0;flA*;DB!R#Ft8W7c!l^x;&%TABltF{f^NQ(7LGAya)-y708z!l{M
z4M`%&ZYz%#t>X$qm;76;&QjJth;XZH5Kwlx7{B3N(FKX^{aQ^?raE+A!ntbBgJuxT
zbf)6WS(I4R=mNIIWLTy$6lvQ)fX(|XBCzx9Y^!6*<)*E<c5BJoKnQ-t4cw!+5N7$j
zC5!f+rR8Avpv)K;Fn{j~dw>cuIy9{*9S!veCS6%+XIp?;efCcxR}N}qOHffIf;isR
zNk9TSX`rGkpqHOl_P7wyQ(t|=V4&MLJDAS@Mh6$|Ya@A50AJ$da)VSq4I{+xGI%;A
z*@P1xpI=|Y$P2k*KikIc4$KU1m}014Qr`wyL5evWyeV?%&ekrdg9BC-%xkJN8I}XO
ze9T)FU`Cc2dGT2R6F^aR%Sgn7I`|~hMiuqk3EK4jYb)$gkJV&71RPfL)3h?)Mvb_I
z%CET)RL0BckiDNAkxJ#ru4I>@#NT(S>&M*jz#GHcMEiS4Y5Rr@faVLBL<zpJvM`TL
zn}C{1P7HJh<!!v&nthn1!E&;>g7xiN#LHUz0*Ij<n$=P`(KVzlTwDHPIG-Wg7`>zq
zP-iIhr?cGPVAth7(%k}0LMT0C^j=bR8no_bQd@SG!r3NER^rMDD{Kb*-j!K;X0Bm|
zBgZ;!@?Uot$CC>+Kqo?W&TyS_Dp&-ujJXG4LQFYnv(l*2B`6}{w*jpr8XR#%&~Xv&
zg!aj~=ExIDA3RniDV7DHP8H4WhCo^UiJ%p!gZR`$*yv#g9R;cdVM@-z<kvy;A|Eel
z&;ds(4E3a&z<5UVtND)trBS0IFc1h0#<2YN-aIN$LEJ1bV3Fga-iwF5zo_R()qkp7
zxD1yNf6_~=CGH9%Hr8#-j<Au9rL=AHv{kHNINM~V3sQL_v0=}nSV#=qb4o0;OR1r~
zqoVLi;~_h7h|+jr!+R|wdgEj0!`Zx~p(*6&FM=8m=PI3|bI+-Vm&W8gGMi?uK12L^
z3%6lQl{h*#AV8sf4KWD(TiuYnY=5S`8jOSA4P?yus4~}YJ+;M~7BJH8KiTVob|Bxs
zA)zw%#JbU?dWu+4!!=|4ij8yoWoa|PL07kc#6eugEF|Q%rbTO=mUJsK8fnMZ?6wAq
zT1p)k0r4*Gx61M1psnF|n-1}J?4F2ARZCyk;KG!?9@r%<JRsAhA9&=8kLPF&BqW}P
zuM6cMizu3P2VqvmJUEvw%}~X<jEU#%22(A%j3=>*5P8Uf&M&kn#?@d*BTTzR;Zi4R
zV}ILeIma-LaL7JPc~wrzUwMi5C?kmB#6|O@pAm<v+!@CFRa2U%EcakGD3q<SJP49M
zq$Ca{4BY;K%m&GBplD6(Cd6GufJ}Z$w*{v$#r!_8ZpHBf*53+C`A4=9A_(Ooqpx(N
z@V=k`qHp=!+@;gp_C39^apd##1J>56(@(#lK<TJjJ{Dg46BAS~Qf@W`F1Ngl3}(BP
zJ~2=Yrj++EI);;ceW+^~wJJwv$$$VBfjIMt6d+Q$n2)B`mPtQ6xRmooAB6c_fso%(
zZ}_1Yf&4on&5=Y%&d!0IAo7D`yWtQRMbRv(dSn1dBrcO@M&$Nd&TJm*D2}iUR+p&R
z`1yVC;&QWE%<miAGdUdNNA$F(AI7ePsX<CiwrkHbtQ=wuF8-6#{coycx7t~`T5P&1
z_&}*gqd$h?({<#QFmI=(j&3fdr3#QhV~v}IB;JCLDtszQ_Dc4XPIi)9HSd;;#iyLU
zGqzr7qvJwIDFNeUqv&kY{Qhw;FdVKJqWJ32DLR2-IdPgtbkEf|LAr<mnl6sKXlMNr
zoEmZvM7jv879<$!9Tk;NSwBWn68q5fJMhZfZ18>2W<WYC<{6P>y%k)BFp*q+>oFRR
z(E~-HyK<!s2DgsFx+G(Q41E4h%&*#pYq+=+{~$bST?^JCh}Lqziz1-Jq&W9S?mR<;
z{QUzZTd2c|vTURsH*(%b&CkF(K{H)-U6_DX@pn_9?k{tCQ9lsp<Y=rO-Ad5&0KiWE
zeIq?j6b!0th&>?VxQoh<Mqfvqs|&uMRI>f&WkGiY15R+dnwAq+YE$Yi5mz7YykY+Y
zY=jlnDUQT^CVBs!-_t|ztG0c}q&z2PCawm&Uw>^gXH7@e2__{~L~g~(fC_jD2<e1F
zd#Flg9aUoL?$BFucq|iX-ZA^`EYQ~j6Q>Z0^ooj4ObFUv_t!~@+$j7!UgPzPd_k#X
z4F@VvN+Kql2Gft`2V&7x%BXn~xs>;N<cSjbK3c%Gq-*y+&_f4NrT=AtvTFQWh7oWc
z;8!aRbQn5j=UR|}gX)}$aLE<6WBhj$ma(@eSQ?nF$ddWTFbkVCRLh{;0ui-!7Of&B
zjsbfb=brwoM+!Ife6`lZ6vp<q!<B^UR>znX8eR_?o}Aph7p%}FjQEXD&3K74zx`w$
znOJ^aIGogzWuH*n>oKk)P0$6TIe3U*&_Pgrdo~py0@;PjjT)ehTPF2ghw1&{iwK}L
zVZ9ko7)<vXZ{!bUGHyAr0O8x>5UTAmm3XYz2KfYc-ZvMaOtdI@CQdXQ4KgM%5$*(O
z;IeofIgrec(0T<8j#4YS#PX}hGiezq33Y}jCPT7?qzY76^Hx8#<%Q@nas*i_wt3}@
zFKSqd)$$Prno2%1#G&L#xP9n;o6&jLoX7tx5R6v5)G9lo<_q|#0m$@l4EvSPM=Q#J
z+6<%ojm~lMOs1IqQwkEBYHk6-T|_%MV$zeMf?bEN&JAtUn}Lbbn_z!Q-yu+pTAj`g
znoK{dneZS@>1+NYE#)^j>o54_Uznx`Kk;bM@sx|eRuL#56<hwLw3ejgK+I2G5w57W
z;6n<dlf!g#n%VU{@PJ6qW|r75xeVDgqw&hMgRh)wWeB09pCK3tj7KRg{)<Hjb!5ZA
zQ6(8jZCJV9#Zd?*dd$);CnSCe1a#le#l#Vyg6YAvJY%(9+*9rv6}|+K{_yCBy^?9*
z_M|`%p9c@O5#x6odgeD<w(iz<cLjahL>Y?w{ZO?bby<*Y<q0S?3)^2Bbsm=6sN|fX
z3^h>E@wyPQpJyaqq!p;t8AG8bHmETDp;$U46*N{oZ^KbpOVrk=^<JyvlNi1b!T%mI
z(c00s+=Q;^3@vf^o8TvjmnlV!cV3kZG;?=#4rfg)6f-1^UV&&#0_BN^`YdC%5@tw<
z|Cdfyr@-9Hzw__GYt~5OzFjFe0!?Qb^#`Nb|C_dqtUsk=>%dJ!1k#iQn{}SDw<Hv5
z>2ZiDx&UHXqCK2aClyn!fsf8iI7K*7CcB=LDk8cDvGbvxy=<LRs9Vm8W|qr7BwyWj
zc5dDx;kFx0B3nf<V|U8{r;$%plvP#Etuw=k@0;>8Iu;;xXx=wtu6FNTSWSrP@23Od
z@$z?SrgQ=kFI@sIjLOxVa%Y(b1JaW$TuI*ZzAFk3R_YjaB3j>I)h*PYj8tjv%_T72
z|7@JOZyg)VCWL36!mdNx)OpqUuyKOIj-&g!CWmNqk~8`Gfi|Ld17EP2h@|113cd>_
z%pDxVS{|rhC9%d*^XJ6^wQBd2`6*<TOlP9N3Xb2?0{Co2WiCvYLMtXJSeHC;yUaC8
zxsxV~4A$=)BRNI9;y3MATbRyA1q&c*OO1Zo*+dAQm#zi2mTx*@%d=Y00<adP^*E9)
z>SAcow>%1kMMb0mJsV-G=^k5w<5QAZUf+@cU0|^HHPRLC46n0#aj~|=esq*70e9u6
z%?DXcZh_h)<<ia~M~)I}DuW?-w((nfNVLe1!cX9L(QH{DofF7lk@ec{r|5x2#jZ!?
z4jap=OZWviqB?uiwS0w{O9q?+wdf?ib6+W3+NsG(h5eq@LTGrUN=@!_G8XT>;gXxe
z1fY$G*c55n5v%nV(LDOzHGq*O-iSL5Ubvu~38Nkq7B&SQD~7f>c*EB&n;?j1TBr$M
zWg7~=^7BBE`AKX0do>DAfDhMpKT!zr#=Z_5s2CE`2`@w*;^!Mb`fuElTKg}(wuwLD
z?h?PXQfesMT_<nt2@Jj&@v5$)niNM)Ujm}ab^*D;o6jG4s~9|2ydeXW)faR|Uy)&f
zrFqmKBkI(9xDd)>9KMB{Z#j@4vYepGg=ff2e_rMU!C!Mh86ORr@mgdCo+uy|MK-;b
za7%L0uSp*nD>=xhOaRtI<VUz!*%`K?I=sLJ^$J5@dor02e2ht5`PwTGnc~y$?!dPF
z$<PqS3HhkBwC!tW*It{CchTith)>H6t=7`X`K*Oi$(?Z&gJ-8im&@~zG4xse--YnP
z3<m>3o2?t|wn%TZc|3-!HqZrLO<v8|kQDW{KN}W8t;bEJ{5GgVPZ_Ok2aOy-UFuI&
ztnN37XI(pN4sQFx3<51lU{@_*lE55j)c_8D;NAw&(kpYSjcDUj^l{7b$isAae48=|
zR-aKhZTI>pdO+wAKe6Oq;IBljCf^p5@Cj`n1117@a0d~e<~IjhF&nHj@s%1!nl2rP
zUvDPc>Ib0_rx=H$73%f=9L?J_@hLe7GDx0NLqx3*Q68)44)v<%VY~(|p+KdSsjCB|
zP6ukhTG>ATd$PgLSZ>fB7onLsJy)@y+y42D*w$<<ztOkLgcN;(sM>X#bH1&fm@)=V
z0_2QSsr>-_)>B8lNRc!9ujnVA^3h)H;v}@V=2i{x$R8WsaEtH@yBet^d46n)i&n|(
zsP+0pXVUfj-^>?F6Z-TTH2`#^77-x8LPl^?21!o>gDa1yg$1qgn`Q*`Pg7gL;9qX8
z2oOoPr8T7BNfkOMuvr5as15qZ+-tDB5Lg_jvxqz~mz3v<`M-EXzSc!3>m%i%^mo4S
zU3-y;d*VE4m;qX}=X=VhV~R7YoVYEN%O^%Es6{`$D4({NC^)6fd*Fj-la!GPrxKeS
zqtnxQCioFQ#t$QS#w12Y#4C6vCA}*=nZ1Q|3-MX$!c?H9(xyuK8@>#<vUExkd7T^5
z=f1Fr7@jI9z2$P|9QM(LIhmYqV>)NF{?VVA#ydJ12<#q$#yc|~!!EcxjMNf$Yo8{g
zzTRFdF;@EeW-CN*D<D{(CwUtcewZ41$Q!#kE~MpoJeBiT`+*cqT5JLXqRy<c-Q6nq
zRsY?soDW)W%e@o2NHHz?-oc${i|%59l(v1&=6GQQAD2|q-_%Kya_4we-*zQsRhzTE
ztoQ__Ic7xDy6I%X)++X@8)HkIslJF&NU5|L4y`q_^SOqLWuUR6B_wQ;TiL0}#d7jn
z<w{xu#q63B-I3M)RqXdtRq9-4=_c{>+ACF*HHXCwM_%iA3C7;aUpX~v9L0Y%#0M=_
zXh}m|$}mQ4nvq<2^Vir9t(sfZD-=M+wUB9gH@2@`{0X134apz-jQM_Mx0A$^s#h5^
z*W<6yd-kS}L;#;!mMd2wv_JH_Vfw2_AI_aloW5B~NCafn+9%sf4Pv&%e2}o!+RF~J
z8*34Yf?dX>CHGe;|6OvjA379IQJIWTP`OtXaBA3aA@f1yvY8rGMPaY9Vr|I~+gKLf
zKt<9Q4(_vQ>XT6yF?AvGoC}HIK^?H0(}VHWEPHb?a0LuPtzC0y%N&r7M_1r$4cxnD
zPdee|l#3@!h&{*)Fcq0?$Ma9QETQ&Xeom!|<M|a(P4YyG6@d~;JG_vG!k!{4c$nFT
zmRFK$OHfY0%)^;5Wmi=-dnmHXNWC^;CmIEfU5)>|-gMSmKg)@y6=Bba=>ovRX%=Fg
z(F7kl34rXU3|V~@zm<D8iiUInPZDf7%kRdK7&vMjJg!Un*R`^yt$m!$o|8x!FC5TW
zJ`oEB1v97`Gp45J7c~skwb9K=4b6{TmsfSXX4^lop&1<mE!y5LjWlgkXk7DoJG*qZ
zdX45NBE<bSk$#l?scD)kZMr7<G3Z^?42|iSYypT(Dy{zrwXu_+>5@X;L+QWmRXvsr
z>_b!SI^eBLQ~ujAPE>jANu@Q9@y$4D4ZCe4y5T|cI2EO3=P_`OQ6NlZs7L>r3h5yz
zGiYDlZD^X+;5T&;Hsd;_M6=p`*qghepQ@oQ-GMhSIn;P~rPP19bOC2q)1>0+X*^m@
zX9ukHIiD{!f_H7Ms&Cjrja9?N=tswzD3TV}Y}x&Y8%5;BSwpN}y0&oX*sR=p;A0zW
ztw`Y!Z8JgTJpPJUTQ$V;e!cHy46)|&QeK{_qC(Q;i)J)frjees;I=b`qX&TmXSOes
zHX%338Ug!xUQ(D_ETHLkKm$^{2O?cI2n&o%Xt=dj6uWC%Vo_phAncb1kV6(?&_c--
z8naJ~bBvx)Vulrsp^Uh^+SpNk!~~O!8y6wTDt>ZtRQxn=##*!E%29eu;?k>3)UJ^F
z9A#8Zm|F=a#fQpVbQ<_Zl9Bb9Eo*CI0%vuGqUE*B9FM&2S_D?EEF^Vs(;nnF9RSo;
zo>wZf!`<b8b@N3hoM;p(S&dU;Ac4H3r*CFR$kTbtFBINm{wshORou%dGdnYrO@Tza
z|7QL9L^L?5IqP8Hyp}*Bd)GYxxv64ab>-qtfTMKa1U_R6-m85hX<adoQ7H3GOPhNL
zj$Z#dCtjt})r}FxMC-D`a(NBOOb7@@M?YW=VCku}v-*2(8mzCvRFiTDC)Uh}{GNXv
zS!N4sU-S2iypk?pX;?xI#kPC@w})zQxLJ&6&$Q$gI^_y!Epku^>1)jS@F!#r-iat}
z_Hf$NP>7+y+a9*%smmXCvXU2daDM|LaPWL%2+nm}m>AWW)Pe#7AO5KO`&FPe{E!|w
zlQqY@y>p5ic5lW*!oc`7r;C|V|5zscKtiDs-XcUMnQoRttT|BbRFW19H&!Y+&sQ}^
zn$PsIsE7_^Sr4B^`cIij(IB1aR+7dnU2Mjb#!|$(86xLL-q5><S)v4em?Rr2<gOuV
zZBR}e7sA1Ju_|%Hv0_s46nucOQki}=X|zBYb75?O!{LsobaDKlAvH{1ihJ0KY)FJ%
zfNsfL!TD}@pT}$GRXq%P>hH=93kSmJB1baq(njuj`*^4pk?7uaF`KHSTB{}1(hgi0
zf>=@Ib=ZaDUfcA_cke<$J5VZnlWQ0*tXmi+p3`gwE%X$g#IOhjS2W-aVbnnw#ivb_
z>*l-OI3f|>Hw4zk)b*w7pDiaxHMS3$1GF8Hw%_kH#=<f$pgWc|AM@JkLpEipZtGDD
zj!{itraP`Rl*G>!NG*1zn?eHq!1if4nXBvU773wV`slYY?7g{SXqOb#)u#5c*4@F$
zM?)Ba52J%j`IpBh5Vr&WE*u%(=gcaJ)n_vg?C-n3mix#&Hss+<3A7;EC0;W+k$*%J
z>{M0`SEkui(o^%iR>M7n@ClXXPw)K9O~#^L@uK1tN_lyINzFI?9!7S8TnSrgq}OoR
zxgrWz6(^-H5P=r=oWN1o-FR@zRf`o^MUN`%8SF=;ae0*5x@879al>u)fI7bBFLUBW
zy>l4~-|zgX?#qYqAuC<Q!L1BhL4VK7!y#@vo*<tp@NLV1wno7-XvR&%Kft{S8@6lQ
zxKLaqK)U1elZBD$Lso+gbTHp<>UN~H>y5&w{}B`Q=S>TuM!+EozWe;U7Mtv)RSu`6
zgQ2#~GDo^@MdKNO6sG+9?w&%cV5<9}Y`I4Tn&r>1=|{68_1DPX!^4Q(q26iVGnLT1
z>D`1Rxk}s{MTj%{<?@_Z#h=i((on<M&VRrb?qA@G=FCMjWNY|n;fy1Nd-^G?3Gf2*
z$mOcgvG86sAoTg(9>gJK57)_9G<s^&o$_yM%OJNg_MvD1VcI|cyje(|pZ`n^<<tIx
z$)#2vJLu64<uQIgYm1&9hpY0N-iSQYCX;(n;0zq5Q6t!I;6&!73BWWnUqHj&wv-bl
zX+cU7OLfle>~*dbqjLzO=vZa^foG={6pVlVCNEBy14%H_a0eA+_gyrkN{!5+LN?Rn
z%%KSXb!8T?FA&q*b5uxp?i+Iz2a*=x;~b{#1D|NS{P%vdcx0VRufs&HzV@~i;YXb1
zjYvj}IcbJCHfbj^R{CGO1O?GzK%}}4h$7Y2z)343PO8LQaIKX#g4REdNKBelTPLcK
zI)q`ZPVM#jSuU#*C$rb>XD{fjl<<sc(zG3K0#`uZFDOE;OK#iW?5;I_*Kk_Glic`+
zVF_=W+aWck2cxVZ=6U27ucwXB<pk0By~-SMbCg&ZU`1E52TbO!MGmpbY7ri&7}RpQ
zegdwlepfORw6VF;wp&rZH%W8HB}*ZS94@3(#!3ps4_0P9i6AF?CBCa8rpNxFJ(Ix&
z=-B~4bz<cD(sShOCFZZPGpN&j{&`hc`uF>q$OmMsyJ{{@_1d5D{V~>OWl5^m-VuSI
zlU0*U%NHqfXl>f+9M&5_aOLI^4;AhFEs~)xv){aF4_sF155vk1Feid6<>)P(r#NQb
zx$DxK=&*m7^@SQ^TU)#AyxK_Bz?%M|VIT*Vb{sfgZ7{@pjc}E*DG?LzgGUMw5*=a$
z{)QxLa;~ToR(|B6(Nr7-ZJv$SNd1)*+7HEmu|^pTuBFt%&!P_s-#5XVGFxODDpI4?
z&KFQ@<qA&=Yxnc$XdQb{5zj(r5m(UN<V;=H{u2Ndw#mFV`XK!(Ebz0^_U1}##Y++x
zlg(r(C%@v4W|I2(nZFLfO4SnpF{daNyH>($dL^&83Ne11QV%zn5R5dd_x?U*T#L)h
zpO7GUv!ANFoVf%uU)_okx@nu-ZO5j+_mC-$qkOD{CO692zOJ#8qX<_}mqIyDI=)X+
z9Z1vW?cv2<m#(OUZdzw9n5Mul7hDC@Y-F`@hEWQ#P)MP0{KQqua3KC&EcI9_86Z!1
zC_^n#f<aG;?XU+~C4WGJ?bh(!ztL;0WLCxnboBGS-={h010{>)FRnbvs+GO&g-fQ-
zap>-f2{@-laDaKGIU;q}HsnCYa>v`0>8<@0l-5PdIj(?p&6G-gPV!KlKWYxpj9ru2
z5sd{NlmIqKV%X%*6(UTZ^%%hS>&OPhu50iZM6L*hx#f3ycwo&T)Vtl1DgGPY&Gxqh
ztw+x2GqkEmI=xj_gvza|B`-QXbyTGNl~u6Y^1<-HzH{-6X^VAIGQlU9eZm5N`A3Sp
zzt7h+>vug17BBdAjosCpcULvQw*n`rNt5c#(`QAj{6Fy{1@kFNO3$F=xJU53amYrs
zu2Y+yV^LYiB0dHJ0s0oz^3#8NhETt(V+JDBV1qj2lKWAeq&;!F_hU>lEf#)%3-qd~
zh5-$LITEb1#6V=IBE!UyS4UiQoOZv4RTsKFM=$g$YIllvO!*e~JHc}fP|eGj@q%5P
zaf?qrN)W!+)GP>>JGPrUhH{{}7bYV!{5|g2$r?Uz;q>kH7;61T2GN06lxT1+;~en_
zg!pa-SFTcZ46`myh?E^pC+-pH-s%E=^ryiEeNUgf0rAkJc@8Q6<*`o{F>fie%>pT@
z<(X&)jf=!zc0tnSfez|^Af!J?Kp!l8(xlbSrK5kMIoiU_ce;R_>6=la^Z*Aq#V>nC
z4pr2IIBF}e>6)57J)_3EfmjnOJlRd-ciwrX0U_aF(Nz)H{^1xWtd8GUNFVV$WU5ri
zB+(d3?gPOd)l2@Ow$Bz=79}V2<S0SUE;_M|OeddYrgpMt*o|2bK*>vulq6|2ToaiA
zAsX#l6L0StHO|P5YqDuDf1f>Ln9p&cXs+oznS92tpS#ehd(;V~vs}K57Ut&ek^E@V
zHx)G=<`I?Q##;V`#=NXqb`A@T#><j)_(3}sF;6j)ADs6Bp~5p95@H%>DA9xzkBS(6
z90-CB7*t=kh}8n1fC(f9Lhm&8r3Ude2Kc&XcTcYssn<bZs3^{%$S;$kVB{MR0<p4t
zDGYO-**ib|EIcVLe3smO;d6?47;45Qu&y03mjnmrzdY&^_6DpnO!rEs=u~iO<fMO^
z6v)VJlZf>hrI%ew?b#&Ak3zM4QN^C}_!7K|F;c5u6Ep73f%4%9Z$XRK$MN1~cJpq?
zfckXhO&=?~Z)RoOh&KLn-~AwZa@B)Q>3gZ=NcZ=>e7NNfsPa|7H)b7grQv8bQs5+F
zO~!lG!w+M^=k9#bW^(E?^P(V;<I0ETBi}N^k779tfdjt88xNu?Up7pcFkDDU?gyhg
zzXA;3*aF2<Km%zrOBE0OJJ_j|n8L(2KXvsO63IR*S^?YKk<iCWF){7}aPat9!`k$;
zd2h^onjp2IKLZud_BQd<BB8?tetBNBIj$g2;L%Ju``m6`OLiHK6W(yy=b=}>&&q7X
z$d=dh;4d&JA4@$u#R5}SR}(WzFBODW)^r~%@QsIDfD5RC?A6G+gSN}jky7mej)C)q
z4??w?438<tv%hbe&zGA-cV#G+JXcGWIZXpT-doNooGe-9DM?TEx6By549x4-c!PtG
zev$#Qoc%@XsP@Uw(T;`$OFJ>DfBpuc_m5)M{m?JN)GrnqCgl0XK+SL>3M<^w<3H!3
z+wCt$1xPf@$dR3mUXJ=d%~y2%^qyK99+A$p8>6#S9V?~DFaEvh;yc=Wu0cF%^}F+^
zwNZcZlzoY>c-7Nc>+u3=)RWnk^Y7l8XQa~2ScJpIW*HkldEMCdXQxV;?ZQ*R`6DgI
zI_={L>w|WYlvHu&5$6ZiEidU+x0(&Yj)C(VC~$y8hIsg$NBW>v?@gaK;!<)0nF1H3
zxEPH@E}db+6CP|koc0WEbTiREl#kF&`S*K2D2PU5b9H7Z_}xeeuF`jP7^>9vfy7Cv
zzrv>398wBkVQ~$O9>EZ)D3j;Ht*vxL+gSbRmc-ze$%{MRJ|fHzaeHOBB`cEjH|6(h
zrGYE^O=&|pNRUZce30S%Vp6l%MuQS`_G0tcoPFZS0tB<<BflZV()DZQf!PEKTMxs{
z{?Zs$j!Bt0A!)^VZfM$3jPLn{h9J$wY0V%e*mg6~BY9Uev@KGi^X;s*i?a+6E>iKO
z|BBd>fOMFMFe`<t+J&cOJPgqqrjUN_69BD1Iiceo<LVr9*QmCJK10L8V(+(YBeaZ)
zi)i-Zk!eR^Nwv*lu`aJ@@hEjXwRCo&nS<<a=lrX(&p4MUZ(P-%F4^M`(|C0iF_Q}$
z&rNIN$ILnP51YZFW~t*ab({+`-y!)I3K;*~jea?QIB850z-WZQ*ZOLIyrY;LAHZ*A
zJ;E`GRg=*w8|8+B3BIWlVZ--(UcT(n+;SBnt$}qMfNZ6g8P7eB6{nnSGzwQbP0n4f
z5b}5)mbUxn?j*ZAJL-Lx&LFuz&|<?6YIej<pjOY5d=z;DOP3=Enq5e;7=A1b;#Q+d
zP)+!wnI^pKK!l81${q{1BPkq^0~EbaL)Fpr&su`oJglz!=4C$a*fy8eIf=j|)e`Rb
z_Bl0?hrWCG%Q|y$-B*(qVxIx8!TANKhO$Yf`r97S)N?Mj$||wxw)NQf)@c++Mg14o
z?U_Pj`d!V&?#-7_X$<qfT_jho75XffP0EC9OH~IvmssjV>wP6yb&=Vdfeew5Wp@NR
zWG!wZY@;KadNhet?P&bUPVMEu7IR#jJDOx$xqP<P#9t>Z<M*NEN5n~>lZOjlKZ;6N
z9WAMovPP8Yxva;;^rY$Rb+(9bC!S}y%Zq;Ovr7fJt43<9;)KuzDl4KrsZLf+#bW+a
zz3jC7mZnhPm0c}4%R$W$2^?V6t_05J8$Dn&`C-r`uoJr%L)f&vi5~C`|A~Ve9_60!
z+yJ4!LfmWCVG4k!vtY5$Pgy8ULA2tWKlRvf_o{20t9bF8l-<%s)JoJ_V^@c!CBs%g
z(7tNGTXs&FVsz4yNb)LDEZTOCl4xIWKVBn3PTHGsVnmM2%d)l|0;;a2V><|a!u8i*
z`O7Bc4Dj*w*9kh1Zf!|Ovr&HIA{~&Ldhc-d|3Ijb%yM7|d=lF|%fa;jyYDMRqJ<2;
zj@T!iS5HGv88KAsko6`%F_6gk2HUF#f$!`typDg}_h4c#W9j9D&yEKZykmuv7gMdz
zH$ID1Rl39?7yZnD3<wuS9`i+V^w}GTJo+H)L}N(&%fM{1PHD-dBfDy^m|Uw8Nf^#r
zJ(6c~FM#UN|A4C9Hab{j-Q<#&rPI?Wl{~d}cSguRnTd~W?S$n+poK>rWKL4zbAwgU
z68MQZ6B0`kgMtR<O78Y`(jQ~etp&P(ne7`Ar$qaWWMdv44-i|y%@)?v28qpREHNr8
zq`k^dR`us$BY`Mb`sLi~zRn!w$8C^BaPVgbE3_qt{WMrJHZD>*spTBIRIfD$+2mMb
zZfCNz4<mKGBe-J}RF{}b{1RTju{y70HFrsTdpotgj2uCMET@vcC93rr98T%SbQm|E
zPV1G!;VGxPDxk@E%Ek|yo_YN%yjd6pKgUb<7vYoSW1M8gTvUA92Pr-|*&zhI)ek-f
zgI&qGD9JWtX_?8D!E|jl#QMK;)Vk|pJk0W#C$GEo-^WQb`NGC?TWZs5krc(<NkLY`
z@<N^0s(&_WMVG0AN2z_+L&Gni_+1|g(+VYr<UtL&ngf)l<c$o9JHkJ_5=mzM+M!A!
ze)T=?wz5%FC?+q}FFuWX*3<uHY*ZIVqBM@dKa-}){=kOG102$~J3YOGyn(@NCDpcj
zVI><j+#yT1a7-(a82A3tz$;be$#=-IidjB6OU;K}%Gh0Hc4rLiHnU;3Z}6MF7jPOi
ziSkLesRpdbpkKrXa!3O1RgdFFcx6W_ZFVhY>{%#e4Er1jHF}&a92XrndkQWx{mbsH
z>NVyOvkH`o17R_nFA~yp2ZAF(@$vC5_wX6NbTAXusn}+1godPL@wN5q@AHz9|L#P;
zpgX1D&Y8xVna&%?1zn!@ws7nl#gyYaxm#G-OadXgMe}{2QM_jkP$RXq5WD3zNx`*`
zVze)U{cRM;lm{&sT3uM~V@YCA7@1{Da2d#MEle6acm6h8TRk$bdx*A4N@X%rw(RX5
z!>H{UcFQ3Z2_KT?_#M^4!vISM!jHR}IKHG_xaEx`e`M(mbKjHpRIs*JZf->5g>i#|
zcwjLbRJJS*WK;$ulwRS|1re-;nHT)_VaT`EiJ3D-G5nn`+EH-iiVw~R24Nt3`KgEG
zZ|!R+O0CW_9EhKxxI|FUbPl*}HPh6vl=&VQ-xXamjH00GuR6{V#Ec>(>e1UjTHIxY
zRFj*N7}Drj0oQ+GjrNJpg@$i87{_N(4}kK;HeKSh*^}vP*-p!!XMpHfuhnWimfCp<
zPTM7n@2{sOq@-$5_y_%p4CW<a_;o?XK#R4y6trfQhmZ0Tl&o0XFz>s+Yxmwm*5$t}
zW&89aVan>UE?>%>vO3HMD`tS$S(~zv`l^CJ6KGzaywk?xCFeNmYY3FSH=iFcw!quN
zK1@>420|}Mst$(L;5k!=q&)>ji%_~@LWvnqj;5ZO^#w!*HCEBoLT`t@4FrGu_aVqk
zK2i@%akYKt{=9~Ox?V(>nxy(dXnbSq3C>aH8>}qx?zne`+9h`8CDe1rFXPrBMa9?f
zq`8TY1`Yrj<;UVE=lh}y$`QzqUBHkx)`C=&Py`6F+;Wuk*qrq+U<!nezgT>?5ps!#
zJ)t5>ur*#OcO{;z{`Zp|EN-Kc9x1e93j!Y(gC#U4T?sF7yP#T~;*L<lx8avKU%#RG
zHY%!1!~}(W$6@fKfEDy+Lt!(sOMAMa>8J30JtR;m;yz)6fHtJ@Z_D0#vq0ff27pmb
z0@_DAo4~T7+HJ)P56T>#?(~QT0)J5hmwX$By{`@d$4i&e@|IAZzt3hUoMYy82Q$ww
zgf&K8_i(&6kv`<k1L=uD6NZPdvnj|3d0E)K`|EGh#7MxA#5R*4>8`bL{zNUUeB{8!
zRRHH7w=eKP6G3rI?u;DWW#I3V@R2;dNqUa|b^8hV&%u$*e76WahXDL=qqn}9w&7%u
z{tw$gCNPR)9i~a;MKT5180Icq{#UpFOTsH*WV=p(L)|2<_i%(cr}bpA*dn&Y9vgMx
z#t<)7Y930P6wR{g_h)lU%mtGR58|gh2p_T)8+(|aRe3q2OKu|n;_vV01hod@NZ30)
zJ`mfU#(L6J5xw;LiyHKXqpc7RY{l673G5paw1R%O%>`g8JiMt5pi#S*zs~}Ye}r3h
z<n#rjw0?8S&8N}tCgyD3iOKJ>hCwg-#T`w^)`3qVS7*)US`%-YSM?{EMcsL)95m(u
zQR!8Iwo|sifxIm>tp<SOauE&9U-=zcfml_YyRwS-yd(bdDb7~MRnG@S_H&i_0~8<0
zjcGe^r1_fX6|#rhF5Z&L#f~(16Bo@?DP(Rs4&SZdU$yNz+#-v_OZj1Z^U$}-z6(i-
zJbIbw2+?^lw+vwdB!_-2Bw#V;N!S!;qQTZf_15i%(sKYidKN&bc7-^B@+~T>S=i^9
zf#(`MzBbXpl@;H-MmdziFD*n0>_Y|y77`Nj>t~ky{9IgwmF9w6H2hor$n!^cGbs9=
zlIMSCf-hBsHKhe`qpe?WP*_zCUh(d*2j5{;4U3GN64+l}OY86zfPK026SbXYHVc|7
z28Vpu;d_UMt^&NBOJ?;hIP(v97=JmM{UHG2T(>dlFe;Jj0TVi}F@&j<?lb1#Q1N7<
zo$2v+DvfV{gp+wmdAfBJ$YQCtnR|r&KX4wO(*K43Ok#6mRiWIBZYR@|zm}9S?kwBU
zs@yhK^X7)lXN)6>fCppyjQojbj<o+l;R62ew65nz+rc^is;<X%R)1_A&&!h@_^tgk
zqpq)aH672xhJR7rp5hzpTo$KhR?6o`m}Zvx$6@2{mxlk=)2}I?PSuSs;a(FycXxY_
zzP9kfGdW#?=B@pr9VDdJ!>o7In^&oZAf}JOZ8}}R=V5fag$Y0v*zkBsTMa$BS*X%=
z_qlezO`!Ygihch7<D30YR$Awe!Y^nywHO5gOi8eRoH`IGF<H?{VLiY9O+bW!f%y*s
zQSm<`|J@M&b*$npSx`X@V!u-ZaXtu!@4hVmaxC|H2)g3Ms40Tt^wQes(oR^>3h@0l
zvw}1}P$(#SdU}#5dV0UVO?BHTV3g{UN=JY!JEwaIs-3bhpJSWondt|Wu7I=N!$t4F
z)typE-*ZNzf@45}$p3<d8JhSoj{5gmC{U1p@Bf1tsW?_w{GIX}_&*!{XOx>}ltH~R
zq5sS1q|ZB0<^PN%h2MdaCJ_aKA;A9+)ujGAP*&*wVp#s~DceC{5J`5yU@-s3yw7`3
z*8g6H{eN}-Nl24YgTUaDI_^PX{y)(_eYpQaRplO(<Nr0s>H(Ahh)QF|2z>g${5y&D
zPJ&VmL#CplQliwLsMOFlT=S!!VR<+?`sIne3V}66jDjQmO*_kxiL$F}KEV~MFhS$O
z3qyDdJ=C00rR5H|6o4!Nblb-s_VSGU>?T?@sPX4}6{i|X6Qv6>ws6JRtc`zRREYhe
zCu>EuFekN44Hu6C97^(E+wSBRIUsyHulo4m8fZXAYZ1a1AP>$**)vMSLs>~^S-9#!
z0%7RSqptxG#B-k5#a9cqZKdNGB#~y&xi{gYpu5uwPy&3=q-YJi^n&B9w@toJi=Abr
z#0w;rP%i`}I0}S@RSe`?v;HPj5Gj~GYn+WAk_*~MU32?Dv{gH%omu!NSu!Nb;`OBn
z6&;Z%x0|!UB(8mm=pRyX(Di21C<8xMv;zIu9ENa(aK~yrrEfh2&Pm_4Gk6D#nL3Av
zwbxARKSF_VBF^zK)yIC?87%5Z-5W>!Tzs+wOg=7tOx=EU+AHje(iVLc&7K}U#L*yg
z=FPpo;oyM)i=RU4iq)+1R{*l6o_ILE`dj(_$ganc=2?(Mh0$iQrboGGw^Pyi<j^Pi
zXlf#7E<X~nvBFL{hvlt0TRmGnH$wuo%%NfxqV7C|_}I?*zD6?UVGB6bik7kl<cE~T
z3`ab76F!#2%_6iIl8%<p_2QMzJNSPvtX~XM^@#Bg!1NIR4dVX-YE#k^C?Dwmg3;nL
zC^4|5cG`;O(**>EEw!y<$v0IuW-fq<VMK3{Fjdwg%1gy%k~eJY0#uOeM34s<4wpQg
z*=#9Nl&o7`tR-EazajSbAsu&EJu*f<nZHvdw~pVP-1E#`trV%H2-tkyg~?EMhJ_J1
z=7A`=(^khbi>7xw(T0`{Ev5XO`zF$hEe3>w(TC15)S}Ey)bGB{42Z6rra|7Eyz{We
zeW%aN7_fgQoBY!A@<?RBfHNJLn~+bM2@%*(Td=tIR0*%)6tn2HU<s*B*H6!?_?%2H
z$9|b)YZ;#yL`u8Zde@-)?VbLL20h9_byl@7TgjST`@FmNJYkVyefP;@3bH2?sQ^R;
zrc9u>And^EJEgXa97en^OzE0t9h@_@MN&DG+3hj6h-}5xRruWr06JQPl<!z?b1RR=
zN3{Y>wI}(mru3J3$OMQ<CVypXp0j)O!}Ua2Ib$WbG9vLBxWXW9n31ny`GrK!89vzr
zcS_`bw0Ccs8d^Wq8X@&V>t34PrUFm;CBhE6xSHHfj2{Y@_Z{>EyJ8+KZF>i|qmmsu
zJG>CY0$OM_9^d#-H&$?IX;GMvW35?e)T_M@uv@J74{#%K;XO#s@|GrWlAuAA2pQDL
ze}#*Je&DPR#oDlN2xvF~jbRa5BhQZwrV;UFRUwR&%L&VM++I2QCzQ_m5y0}<PN0{s
z7Y`{yFA%zJ3}>v_>4j|GMpUKX@CG6|_C|HPfQ>4FX4bPca?H>zvm#7-$YCmkJ$7uk
zPTaQ~f`!kJnl<GRv2N-Kchalpca>bnib>Quj%E4{V(IMuv{mIecB?0pWH(Cc*6dbg
zydK8kCL9$R2>;kC5%N981E}Rv*i+iW0`95Cc<ks{?hnfUm<9ZW)Uv4rxBe?oP@Pq2
zq#p*W8+dZVnfO}<)emd753>k^WbUygdeny9mx<Q09v2cxHurZNnO-Mma&&jnQKB5G
zF4$d|?U$#?_$rwpi=(5zF((dA-jc?8HT;yU&CPDCaNW(iF4ue-8*mh{^jPN35<2m<
zCdbQb_N3dVvBk(nBq6gqDYCnwHYUE3%6ACYJF+F?(V@{e!x3D#!hF|Nv?%Sl9z4}D
z$1!0ef6c41=60SMhSrd1=B6Jm(IC9kNZC>P!9%pM5hal!wYL&3(Q+83#6T|*RAcpc
zK0Ky#uv#_YkS9%90AzzWLdQVYPFJHeKrM#-;vE|zW%(&|H&B7L+ldGN(59q4-fq#w
zjAXTQ`1&+CtrO`;j;D4Z(4jDA7oT2>x-?d37QgGpUQ|t>23@0;frU49;rY}^GnmI>
zuSZbs$&bX-4?ld@+%yvtK9!>%SMPD?z12v2p#{3g$tCx=1|VG#SQ!6kgKf0XZIl4-
z3#oYAn<o1pXd!s&g*w+<>1C@(UEzS6@EN#_3ZKl@RbLiqn?A=SY(vw;v^DC{Fp;5J
zB1N9s>4r7h-|wK#7z0ZqqsC}P3vf{H4X8(v7(yO&)`w{k6{ZE{YZ=Na9(#jXA?tgD
z^dZ^g*~i2A4%C&AO;pYwiz3e5(ZVl-i{(egJO#$yKVAuy{+^4$1mqloX)qp7f0BJn
zi=fdJF7^pYZo49qFr5zf<hR?Xn=gw=JnID4MCJCJ#fCoDM$4$9CE-BMB-8nP->3G<
zMxJEN*F+4iDwYZ!c*42bAA^>{CPWxI>k=gG{8@)L3FL(7T<a}Jd1X`d21N3}`)!!;
zJ^w#keN%WKO%raC-PqaKw#|*Xv2EK<CbqM&xv|ZSv9WF2#>w}et8=cVyQ{jUx~FHJ
zs;-*1eJJy?;~2(~QcOvgsl{RdN<S)?;l#wtkl|pP)H)i$atNL8Wz*k7^Jb`sP7H5i
zttBx0X`E0gz)P!SDi$}5Mr@U5=5tTSlhB^$&1yp>%KCLfiDP(QQr&l2N*&z-(OnOp
z@N=VK$oGT*Fuo2QEpcaTL8-OrngLe2IdLiA#IzU0fxt&-{{2wP{X}UWvXo4@<Z=Ja
z&Qt2MOR4qPO{t0b^W5y-=JRrO_vY9;X|ajbk)w0rTRIUQZH+RgrPK)cUl78W@rF1A
z7Pt|VxZf%9bMj~|`w9Bf#wNUi$kVm{F#1gTg?|=+YM6>Z&vbSJ38|#|bXo!2H)Y|C
zx;UO3N2qa9l`_-jF7FO{d^eo^gQk0B$ogv@+8oD_>pkY)CnXZM_@e7s6DmDs7&*uT
zGyQjY6uTE|&pK8lc#{z^M|12q%odL%M#xSyLzr*Q%DY8jPDtGjX7|e`$ZoSdE;4Jv
z$2Kqk$hoSB4pv_EN*1K!M^N!^btFexWiqEbt2SFdD5^a921d+asp0gLl$S}+CRD<<
z-E6N|;U#+8NSA~<o+2A-Q8^cMo${FavQU{5jqid`0%7Ia+Cu%&!ztNGx;9xv)q(Lt
zl#)((Eou|sDGA6!FcF~D{oibS4vfUFX?8+^Vt3f2@y^4zK6%?j6UUyib9VTNu`C+u
zJYnHw3~HC3(&VGAUR&>=?r__M%tytM@wovZD2eocyLEU6GgZ)UG7k0)j{iwlMX0Wm
z$(ObCpt`dEU?cn|w7FmC`7S&Qo^(QMdrqC5qo=c1t=P3UFW_hj8d6rq+dBMO#*pp{
zT*EUNuPK#Q48<dk7SsHlwMSxunG@B_MYy%Y#yWmXL^9FI>pn;u^_qW8iXb3kXg?#&
zVzF;i(uax?fgwi7_dbz9mg#RT+qsPVl_K0<f2Ffp#<LqC+oiLABET%J6F^!tUhGr!
z=QD+raTrv-*HS)r#w@He`LfKqQcw^DAYU)?gKP^RD{bAp!jnpFElZ3$tF_~a3^kS(
zryd1G6}FZLO?xXk?6m_4J7^C(+eLr`m2=!IgDZhuNQm5JVA;#VmfAAUJU)u2*s)6_
zugjNeW7k(4H5U4C<LFmhU_Is7DSmQW-Mh@NIE3{v%h{OcU%l6Z<M{lap#uD4-=Vho
zLLPx+`u_}-|Hlo0`Lf5IoIR{foao(ctj~2c5?9$#d^h!a6scd0V<b*6B~R0o7gV^)
ztj*l`mKRY)gisbydx%Tp_w;fGCF8zRN|CJYj`x?63UT;}?VgHpAROEyhT81#0y`aH
zlAat_b{+nKvvDF0ZCyBTA6JPyIB)i!&5Op35yBl|5-qDc4bG7_saw7NqZYMW{p~&U
zav0yy9BL(|(J>;Kwd3Ia)XfMT>ef`bLt9nYxeQh;(qHGDX{FsPoaCE)W@FXs@{CS*
z*_n*Oa?h7nOKgsY5<95%!;i2F114*6J8}KTL+w4qwDkk_Et{8i4+S_0)uA8WKM9!2
zP&k#nm+9p&)ld-}0xZl1rn;{~6Wk(y&8htyEsy+t(ex|xQ5BwA!Ado9$i+^Cw~DR|
znuGE(8h%haXG38Q@Dz{Nb&DL0Hjy>$a}zNBbboB>73w-)#n`Vbr5@X@03I2+nssxK
z@<oc!TKt(EzD?pFKHEimZH{zJ?xGxGdo7LN=aVX9Q)ng5_)QXkg+>xkNt3zBLfY7P
zFpoKi-6%rWom}P$@c1)V%e2az9f+1DxMYdP$D{RQ!S~F899<YiJ#NBVX4iXx9YjOx
z+a4*S4HmwZPQY|=6!MN*1Nu_bf6}XyR`ud_U;_P$geZ{+m@|id2cf9iC|C)KYY5Ss
zD^{Rs!m>eP?}})aU?<dK39Z>|4^n|78pBq)j%%R~l(5Qd_5mTk4`$}Sy%ijZYq19Q
zbZQf+eODbqgQ>;YW~92%bDAuU!28I6@!)uZFZ{4yqlXrN>PX#N0R~5E1uL-gY|H)<
z9`?|2x-6}aFmQVGo8S^3@@*Ihiv!|VR38dvyC&7RDlenYOtA_#qg3*mE#OD4E@iuJ
zq@qMj&co2vnQojiTY7d9nsMLJs&O|?aq9jVWd`DUQ4J;+77phID)|so7v}xas8TCJ
zb&FQQgl#D?B)}Lb1rFGzD<Z7JH<!<oML6ZGXf?D$YTPS!zQxEw-?4`TC#S`J(`2K{
z_&2rn`WEnRo)$(RCo3Y`G`w_4k|lDo@Zx-~H^%|l^W$aV?hO>KXwqB03;*`oczWq5
z@ZX#xtyG6ky6((+k3j+bE-DYdn|X21vN%WQ9?pt(1LYxCG=M7}q-LHHCN17XOR957
zx!S)ia1*g<3sDY>hQmz4-IhN#A`Vw;Aw-DzVau8=JLSGLRfMjZL#pt5Rlf^H?VFh>
zx|jJVnZ}4}^6!?r<`P9~d65Tt3D}QKzBTv`oXwnP2g^c&)jJe0ZHybxGetd^<*;@l
zkGJqCwgjiwU4Z^VoV#i2FD#MrrK?s)v1)MJ56p?5^c?h)*Q%6Mtc50&;?lQloh&H(
zZqrqJk%Q}mF^t<4lq2jCu3u@62bh8%-xJY7P2hzcunn;BXM)r)G^B{Z{q<q>h3WzV
z#^^H)|MWJBY@lHdrq5vQo$?NerPZ^wqm&)!f-+XrgaQ15d6#BnG{5BAHuBg|w|}Dr
zA(<p`3G6%~TAsB8nGe51$?D=L)>B~QoBXz%C?KBwNtX6Vi;bT3YvoULAruwq_V}x-
z8*A*ZtDcQKLq^xquMp>QDe?P@ul%^u_~>hDSNf751)ShvhEY=w)$O%y0I|A^4mm8#
zDe1<b)Ekg(KJIFve&HTCNB5V~V2#n^&o(Xci5Sz8ixkhbEqPMWbY}DlvCiEkgyco?
zztIWZtCz;>vOehYJPyX>UAhRRWCDp?aJph^HEV2IIYx+V6H8mh9&Y)kkmZCu)K^r^
ztzA%Z=uw!6l|Qa$2gaL6xKh}vPsqDtbR*a)IBfulXyuvmkY^}vC&6D+;@{%m%30zP
zAuXgqcl-x3?-0i{IXHFgq#|NQ9@Dic_MX8DB<j7&IpuTNt#od`!mVrEecw>uklg`V
zN#_n@b*<lla$rej)`B^*X&I$ZzZ8?5Gltr)O-aOdJ$#_ZzkP1x6}FC*Ss3RDj0%DN
zKAQ$=Irj@#A?IMmifCTm96V-Eqw8l*nx!2a%k6r+EIMdUSMyCJt0DAn^9SQ8hvuzl
zBVKo=OVBHJ6>uMrRczB^N}Gw&qrj7wXa&W`GjX%tP>nj55Gu(zyWwBbw|>0MYlU&s
zV*#NIQs#+#72P3=TVJ3df$He410LU~oScE;Z%MK@k_f-?ysm|@l7~@UU@|m3Om~;F
zEc;@?i9L5s8X$tI;%)>D*SNm15znUQu28EDT2xgX<@;|az0vHshSJE|kFA_$ZqdjL
zs32u0c$c5QEe$dRlGf3rxkLLF#;-{d-ZqejFFIG|wL{nSe4a-z>*DEPg9k`GA`t>7
zF(G?#cZI=ldXG$dm~U!kb&je>BApR-4@&`k*9@RyIz^RRW#Kp(mN~d?;LY_`K{_ru
zmmZsl(oAfz1N6|dC-`Jn=?9g9tJ2EFlfx;wghyh6SNHNr+Mp0>&|TfMFmI(@RcE5j
z@Otx(-m?(g?tGF>^Hr+J$H7-vE`5O6-Tf9z8<=;%--w)%J+5u>i^5p(yI8J$ZVbio
zvjc63tRzYEIBYjz%eQ+%Hec?-x96pc#B7S<;<IY>V$E7}v&_{PBL@G$LLBVGYRKrx
z4wX9@qP|O^ka+b?vaat~v$n?4dU4m*aSo=VYhZ900UK1e8h)N(ziiyjtb_rwwcIFO
zvW^MW#iec^F@fpXY|}H%UtUrD)aP6@w(m7s$)DXUwE6R9%sn!4xiWdz5_jnsh3U3t
zhW0!mPxt+xmhX4lzcUwkOj4b>1XdZ_5KJ?~5h+3)_enxVxY%DW@u-&ll^w$8HQA|`
zEBCX-Qnpki$E{ci))!<L4j%v`Vi&D4{+tKhhBS+TGn5$f_+K(|j_cS8I*2EKmVo`#
zjY4sga1w06={^W2q#`G7?p2KJaM_}V=|j<>qBq^+k=+>@9U7aqs)MSWi-MD82b-9a
zH?7vXVi{FQ43yQkWCiDQ=LQd_#fw~eC0CVAZlnPNEUEqai4|R+TznvIWex{M^uf5#
zSS@PY;>J5Iu&I91;3fKvLTG6><&fw1LeYS!KWaQGQ+F^o%Ia{yd8&T{QL!BrYp7v4
zZ>Pn)$-j_dMVW+&)kMBn8}LlZH|$5_lcU6_i66GJtYr`U5Y}|n2T3Zwv)dtji@)jZ
z4!$Lj;{B}g(%R5&?xF(hN-8nc-#;K<u$gJi0GJ;bcpvjIi8-+76U}brBN6%E1rS?M
zJVZpy)#q}rUspJC#)prC6PnG#6JuJHdCx~G&IMieY`gf=f-K#FnJxrcxw_#dhV<e{
zV`yn#IrAq4mWza0LXS$@1idEq!LR;OnPM0}k?19&lcp5ZXO;tyh#%=5da8&h^5d(m
zp`*Pgi%v=jJF0a1)NuEx(eu2!6KVmaDw#!NW~llAOV8bHY>JoBK~6jAcJip6vnH6~
z!~v^2{kPN)?}qTo4Y^-7`n9a`LsD)G3I8@y6kXly{wx^-5pn?Ms?#Rw75>hJ4A_Lx
z8ov8A97A>wL?!S@3xg5ro;4xp;QA73p!OFekMjJ$M!W%pc0x<5WNP{eFoGg@7E8xZ
zU1~=`!$r$g_c}+;9WxKwVcS5dCDQ|>3&o*;Yr+Gw55vabJbVT%4T$g=dtt%}vt|Em
z9KI?H$h4Hd0D%=34A6*<Cm3=vrC3<{J9&FpB^vEK6mUFqpk3ei&M@l^O0E~*ra$V3
zlh6po#RpgxIn4i3(N(gxZYYgDp_5^09G<Oe>IHUx3kJsHMMAq~r{6j;>&?de<H%{m
zX}-H@FImaN%pzsx#wbEwg&w>ar5%rW8rOdDhf}JDN1tY=(T*o2@=7h;kJsx9os(4x
zRbbCu0YcW5i2NmqK3L|$UZe*O=ZA(X5GP3Z=ypxi{(RPXV&@e6nP!=r#i*|tiTqbe
zWBigI*Cu4EhpMPHd?rfd5<I4dIuo|r(H$ptLaHM}Mdct!@~G0W5k97ctnHv&M_gFg
z-L7i=p^`5C`|OB<RwS=Ny=9(A3?f{qQkHtw3`l9B;O7?~TGbQE6k`W9s`sn&D2tZ@
zQ{q_Y<Nn|ycwdRq;mc2wg1-}yoZ4X>TXy?-tXR$L;UO1$0{ho7Xt^ArTv@@ZZ}bjI
zZojf(lsgu*az|O~s<t|?fxlb+)O+a(H}OgG))tdyFF!&5pUoy;rrTD*&)$~dNKP<O
zFQ8t96JN%9xq;lKbJO}1QI^t9lvC82e9U%lz*JSUv#Lq9-W*R~xh*bp<`M_yZ(_%o
zf_9Uw!SeyEaI~TC-4RYKz7JpECEK~99{Jr7!H-Z7Po%M8u@@Ayq@Nu)cH9Iiibqk;
zwjLFj<Gk7{FB?(?;Pzp6?Zu6J;921o9Y7$xVmJZ<J2BJce3onANMYE9kd3cYXgjA{
zBtqk~YL3niIPheOwlapv_W5FYUofZ;xE4b+%vtlFER1<*?<X<wLv0Qr#4o)m?bsK7
z?j8ugf|00Gz4gwGRYIe(edh<Qg&hCloTGY{SP7!DV}h4DTp$ou8yt4jKOM}Hvjau*
zASW{o;`4oZ-#6QYE%*eJeipfw9t~7>v?ST}S7Lsd2;(FSFLX|`7niTddlLagFvd%v
zwf#XQ=uM<_90_VAL_}{+8u`B=7$5r<h2PD{{$AgVibpwecP;3bl~mw`K=-1fNr_8k
z<i}Z-`R1;)oRv(56Q%CFVB|TIe*?}7+T6)(bzmT<oBDCycbX<f$b}q6IQg!?Htz?o
z9s~I`zTXa*yE^f}le5^NOG7?xxI+PuT@v=@GSg_r(tQs=-LyR(jD|yiF#f>?e6LP+
zy)oUDNFerSXJ3XNErU&LqFB?T@qU=+@8b{BZt@>Itd@8G{#nw&SQ_Ce@#{27^07_Y
zNk~oV+3&ecILq&oP-wwaEzBHQ(nVJ<%<Ngx$$VYT=QY!HDvO@yHOpMh&t%}of7+UV
zbmy;qLjSkh{($cZZifH@qGIy@`LNCSNMKX{ceDK(8H@_(Xr{}j7$*G7SEslfpTMlt
z+z?Hyylmp~kChN4fzlrY79=pjyG8YL%9Lf@be`ds5%E^zp3Di|jg}PZZ!36_va4FL
z2*`zROnZ*c^ZH|sX}0TSP(04lX4dieLfXNTs($;&UVHtc8$UaQ*(U$<rY}a+P}RQn
zs()iDm+u;U4H$pOr{z^6fzIvhWlAv$m<I56VU0a>ds<$;@3^eplp)C3IuqKrjm9T~
zZcTPMj*%yBx4e+F%f+eTT*Prt^L#P(^)LHrpIiN}8;tt+9}8m9SQ%FB*z0nZIbp9O
z5OeBEEEPWNNBeINP3JGGt4;Nr6Jzde267N;)mudGr}O{rXoKq8oVMG!lr{2rs^L?7
ze}JI@Y0W7`)eOQMuDxTYs>i3v#~RRsff~p&TYT>@8|Ivk?$U{Yv0-8C-ul|tyL<b?
z8=QCDot_?6GFfS9U1zG@YxeJy?C+>7M7F(R676bvEQr0Ff@3W|dxF-P6B=c9)0&^#
zc9ot_NE^<3)eN}KX<A<FudyGi>fa7%#Yg@Di2e5a0!SJaFG0GaGvhOecME7;iP}b-
z#8mN!6wn0Nkgx=PARA;zN8af?d6BWwu|L}<qT~4Pb!!IV0^Cf*hLN2YuSo|a1gLSz
zp|I<r5RkNg>-%Osb59cVF8}fD+unydyFLk{3F?i=chz>rzu3^(u7{`-*9S2yj#AeL
zGWp_}L1tr*sGkks>I96eHD&u;X&F3kc#8K&Cb2*97T?#GaX|JS4A^0|;=tCE?Z&k)
z4fYMVp->Kn{euBZk+-`t?}Qw@%Z+fIe{;G#uz&RP0ro?|JDU%-k8{OezMXTnLW_6w
zjl*{ZV&9MO)nwkNuViQ_Q{xD<Evs>X&A?Ay_&3U{u_MJ@jU0%`DHkF2Aw_y4^d~{q
zQ0TG)R)=_SrP0m$oSnqM{%cTl!qMrO==`#6mS3x3!;SkXvOKWX6n9S5W9v&`u3WDC
zT(0v0x^0A-Q{eL;<)Xs}Y!w}DPr>WfOJNzK(NKYD8l0DWw!|nC+)Aff<Kv-#erPL;
zdslFzq8a~HC-!UY?F^Ks5l;iJNG;1MJj2IMqL}<p)ulOqlD_HwICo2FV^_Hhspgw4
zy&<Qkz!^5HtWf*$CYSkzy#!yHTt!Z6+grrPLh83qL4iz(jt*y=-@#tvRj{F%NtClr
z6o1uCO*uiSB9hb7S}n20GkSvoKa?#x(~nWlr=fe3@Xg!uUGcnKHdTDL_VbJGlInU)
zBlv&U9rGr=a?7GIfv52nKAAz3v0Ij4Q-8W@k8@bOxjAeWX0*mtz4W(Et}_T56mD<6
z@vo<j30#b2a#CRiJJEnzWDce={!C;sz&(@3b+6y7qVuv1IUr>{RC)#hd<9mK-ivzl
z)&l~JGYs0ee>18H+(-j;e!;$O2Ul24`qvInEFImIvFpuNkk^!_vnbKW*g+;pAA-~M
z5W9KtJ_!|twKuXpM=Lo$oPD$i8fn3gxO32)V=S6OVWwR8DUKkr;!PS*b5DI_r<Ob8
z=TE2v76I#{1p~$kL901H&ClR!iE%io*{j$hdNl6~h$+<8oq8(VXZdpDxH1uR5<luL
z;*@Md0p!x55ax~NSmf7Gmh|rBgqXh>M)s0{*&Km#ruub^9|>NQfmqe?zn(>cg2`T|
zpWzs&aSsytvO0w>Ls`C?RY-pQJVU}OB$Dzj@e4ROI$P~U5-j2X1mQ)hgcoT~1^vv6
zSht-kO+VYUZ0!vzer&YrX(}ZjmW8~36P2GE^NxPIRZ|p<EA4-(Oz#V#T|tl(Y#x{R
zxpC(kuHw7iN38F<q5kE;(x~ObebiLhy5@mFj}uQpgC*_t=W9~w_t=dm?PVr(cA8^R
zIl~$(z$t)<Nkr#UB-tMvS;}15Rj5{T(R#uIzrtTXN<qa0;|IDTeCpqinEPN7*BMA`
zb8=ay&r^%5@|_z9bkc`ubuLv(qISOcWyL0r5GrF#RQ-l7Dg7Rg9K{R`>sDROv=Or1
z#X&n};|0zPs&(>^Bmbu!bm1&}G__XBe<bk~0T@3_9#1Xku*7&4=b?)SZZz?@&HoKB
zY7Q{xKUq4b?)%wYKfT6nTk4*|LqU==2daDV+2sc~AB%#!dvQ)FWUgUcy~caaxEwGE
zNFWoLDOeloLI77OqNwe=p<;V4KQLXff<V@n?((Jk4}YfCZmXLH3sG$@V~EL#O`T+r
ztd_)y?D4#UeHiyM`mCKcm80VMe(9Eo4D_LTJHl*bMPV)ws8{;VPw#&Xz{{D*Ix?da
zWTODq{1s&9s}FL1^Cn~0#R!xpv8Qu4a`C!2N)dAo=&Pg9<UL+CSbxl4r*rt~Fia=u
zsimust)NVzP(T$bLteid%pw#q>L@!Z$%^r;;SPr8e{+)f1&!$s38y)L32g9TU0X7;
z!j}uxpnuKm*BY4D=fscpRN0#5`A;u*GK7t6#KVy=H5dh7m@U3G_ad;3VXQ|wvXMRG
z?+i|Bi$f~yU(aMuE;DM2&HP?7i+b?y{{*qq#=q8XzQt{fNYE|R%v-5(R-a|BUs%_b
z_U9docc`O%=WWvl>XD_v2@yy-jf0Fnh}ER?U_^rV3B<UUZJuA@JI?XMgqCr_q#Vje
z{}PD#F7sc7LbYDtiM1{BTtPzTo#2T*aBYpN#t57ch<z+0i&#kI8PsG7arQ+J@dVSE
zEcVwxDMjG=oO>AlLbjvSzh^XD+^`!L6taB@MIL=XcoQTBRKJSD4{{8M$dfbtqJkId
zKmUH1Q9w}h7`#x>L!d8x6VP*Ap(gYt@7)j_8-AY@S>g%9s|I#@bz$CeH>+!=slV}a
zN;291G3q9AE?Vr{LPMMLCa+r?#*aNW2)<YAsArhVEG%q330<$?Q@1hVt!R-_{j=V5
zvm(6lLn{~fS@B|+bRXJ7A{k%t*3#WeqLVYk7MF#E(w!)=U9Cny4wW|qbL39i${ZMD
zKxchcXkgR3UxS(?%qIOaB+irc+~^8(<~X^g6k-_>Uzm0srD-B}Q}Ox&F^1G-l(}=&
z{2!i`a*_t&hJxR#1elpkixnheBi?LP*mc~cwQ&aUilC2;FB#y2YMpMncor2CK28GN
z={0mPb*51OGaKW5=)T08klEp8y+C#1?rn`P$+>}@k%5LVi_7JibV0vS8im4HCB@8}
z0Ot!*@pvC^q?~D}v35RJ<4fxC4x&zwCi|xhA<z5pzXq8dBy~6E_R&J3O)j<y0?8pR
zC}4rAtWI`sf5hN@uA!PQ<MQhRHgH^O<x0khb}*615`I#tq;@40xAKjyni$aPaxyN=
zF3T1tDHNcI+tFDk%#dIr$#rB=4vcu{$oW%dVcVVK(m%}L#xJL`$am&zTY&D3|LReu
zdH3+@K{@?+yELgZKk2qK`Hd<rXUI3Z3^?e%_od#`@d^LpVh_f9NK71lNHBkRK0h?5
zKsz=6DbJJFhY4Y6%wNI^&K;HCsiRTPhtV*LICoRR%J>)mafO<T>&0IaE-Bljor7Hk
ztmyt*;~iB?L`Q=U!zW{c`!jLUtJAr7hjdC^D@@M5{;en1NwUdP-F09V9mxSIAmzQ^
zBFFwxqlE9Xq!5wzC0NC*x)kfh-*fk@5!>H47lET_8(Ov9u9WWPNqXgsJGqEd61QYk
znu@&kBn5>WaZbjxIt}r~zij~39TcvBrNpuFiii3iKRQlTqxVBoDeb2O1k(?+2BRZ0
znD#gD6Enz@u&-p<(k-J8u;yFfDIwOxZ7@RnK>vOK#*mcbV(Mdc48NiZlkO6~I*#D*
z;(O;WNLM)i9g<CCw}|_5_ID>$SAu$Kfdrww{#-5AEo}8%xeC3$b2|!xWJjaa?Womf
zsJK28>SIXDUk!LiCvFyU@Zs!KnJg@sExvtDgEf_vri&&CbiN24?OHp4TCe}<Y77Ig
z*HcSvMe<l9#H7Ph*<P&q@S40{sSmS*hqiVpuKCgH0Hk)cdRg8y@UPK4h;g3t{ordJ
zh3_o$X}#lfse0+X{3n<ma_nVUeqXfvfwZ4=$9MnsGUM<GHBrRZNb@@5RxGBN<}MEY
z_&N>NZNEl9%B8cZ1ls~I;66fH$o;u2<zL5$@d_@%0$;l<<=emrel7TZmBM1HFmzO3
z-*i#By@lbDiGU08r;g{3De=<Kh4Qu@IKN&#ch|r(uLQv8BL|Pl?{$V>INaLx=Oa3Y
z&lOQo^y?O{!;=K<xKM3}`qO+a)x2D1#ipt7KZn-Kglwrj3bp_}d8a3WC7q5x^f`ZA
z;1(X<YRjN_r3PQKJ+pl+wAva?pI2prSE>fi@T@l>3+@e2mk{;N!ae(G??~d}&(kk`
zA#n7JSd^!nrQbhT8ar{xpA6;3JsyLf8Hn!;2|&@kPN?5p^kUFa>i>w1P{{PTQto;a
z-ndBL4w{8I&mIA4;5}h(%5lEZ<wGPSokxU-A+qy=szb+2GEjeHE@Q_nVoQ$!rc{1f
zhIJ*gt7@-0F16VcP0Qy#FH5rzob^QRw0o_!#7(~qZI1OT=X|s#E4WW~XU5xqQAR^z
zyNKBS`k@^lA6_y9?W*VsuIBXBLsf@8WKg_|KYsy|eda*>6R;!cN2SkHA!gV3;nfD}
zwd8$mg*&$Biv#X}J2u5w)XZ(;JqV&v({r^Md|Xs&u~U3g$Ghl;tz?iFX@F%a@<3O>
zW*$iuVE;21{^epUx0_yvN1Yr{;)@%gAne(~M2xkW<<=Tss9DE|!~~6Z5PGTQh-F)W
zInO|UF94j)V@j@0|7;hl^h~IZ-e+;$;CB3yyKZ=PXvn#+rW@0wh5Ct=9-?CKC;8I&
z;2)Vt)94RkElcS5&dP>eBO@DLY!%LsJs$Di71fh-diGb<O-xk1kpOY8{JPiT9BQZy
zsm1q*txZMM=i>6N&8X`Q)wa*Y#3wE8@cnyuZal!q>2ZoLXW_%(MAoK2176IhUTCg1
z^c%HBjbN3k?A7U|DIhTyLHXJH%O@v{OWIcl;9vttjt0#@UTi;(qjQ_PT|KD=A4wX$
zHd6AJHl-BamYEb9#f!V%v*b1QRU?*lRXrL!|GihvmH70vU`RC0s3A0Jweg)b(zuq-
zVgZdjQe+;lT9Un?n{@Z7Z#}AtGuuSRu`3f2RGscMN&QMtBjo4CsN4rbgHUvn2nhVk
z?0a_R)XWb(s?0JFE#tV}u|b|SNl&#YD(J!Zcha+EP$?LfC4XDc{_&$mg^r*ToKd4Y
z<9G6|>GK#>;dq71nV5=|(Co7DOSRq@YXF>^hU`N8;l8Lqk3P+|Fm{JS-@W2*Qo>Xc
zOrq54cR~tiVh-1D0-CWT^#fXnPN^}p{NWK`X7J~jPbrrZXCUi-G?Pern^|lu?!(f6
zO4HJcIZeEC%ozhJzuB5!uR|*lSZ;sJfE~jQNVEvZA1fYEVSUeA3&XB725%bORG>vC
znvD13!W!levaHJlnI!HHGk6`E<qi|5_A@!``oAI9d`o51%PYvOWlM$8Uq?YO=5Tjm
z@r*V-w6j4In^rsOD6(S)Vwc6)do~Zw|DqU6{dDeJZLGl7bTusmKXZ|2C$5UN55nlG
zb3S)}S;xu_gtrSTic6LPRQ<eUWC3}R2Fvo)cD7=j;3HzI63jeVd^G;el{)+8LBD1V
zJ3-y*X}i_;0-?IW(8q5h=5wd9=l@kmAHRj$7`4nQ5NYgctqRmxc5D6nQ5BF+Jl=vi
z%>0_ANqn=Oj!-QXB(|Vm!MyF+PCbC763ygx%2%jthI=Y2*OP1Cyn$2(I1i55R;9%*
zzNwx5`>`$&v!l?aWk=G;Kh;z#e6xTH?aBt>X}&ZbGffZcu*`5~Irg+wLvTM<UVACr
zw_&?H7_s>3S5waP7T8CB0*wdh%7&Z=_u%6JD(Y2H;Q4g1z++9tJk>OPis+1%BrhYO
z&ZW)g&_YdGf7W_jnVCTi)Y1YK?B1P~(oGwoR&rBz54%42?g~w)*3l`l0P7iN4y>+g
zBWVMqjrh26fwh!69imDHa<D&tt0pe7qm5-qw7FFA!(itzoxTEH68tjS?r3qi=M@1W
zh)HBW0#2&3J74_x>O{!3I!|L(R(`_YM$d0v?$VrdL1At7aP6IdZgF4l_O`lRYXbpi
zi`F6X_LA&yNkAX|y;o-)QbT87ZI-+|w77-=6PzfUW~CC5`DvER7xI;@wWn?PvCHnQ
zaqA9zF!<$OcpNNsoYC2I2|p)2B@Y)BdmyvppijArw!G_&;xKrrMnCLd`T8(BeErka
zhQ!DMTzGKr)OI((TNO$%QGz{LSRvKH?A!Mr5a4R1*eR2QZhWd52C8h?+T5qQH8lkU
z1%`ZOMWvSuRtuMIe1jl;6=)0f1;V+OeAYqo>XR{IFA?`8kho{&oYm^Fme-N(_baPB
z6^GXYCHL4fuaIU=rKv_>Wn!O6lktXf-CxuWFM&6bWei~9-}nW@Ki^)a%Y}dK`1TqZ
zk)JfQ?l~Qj%SH_f9jJV8F>aX;BPdn{f=HERQS0w%DNd-DtiQrGE7dUgF3?c0x?x~9
z{<PGL2XH~j81z8?reJ^d3&t#V#Eq280Lz8^%_>VR@6=hh`x9hbxqhVTUjE+vV!?{&
zLPb}xi{cb;0YSTW+pd&PRgm#s3bbw0?UC^qR2Whi?rqaz_$=Zk*<=XDn&%wFXFa=j
zR4!w2gw*+}n|n@2ktj)8=~delavPaV*_AS`++(wsu{?0|C55=Vow`UUn<+O2S1f+W
zXE`jfLsDyQdyc@*V~wje{}I|>pwTIrC@I^oSOh%fvlMEz?$<qCAO^77L)hf=%TJTg
z|Lgp#a*<CytJVxLlp56a^d9=_y@7j)iGZuor4w)wQ=u96RP8>ADsUZA%yT?lek@~I
zA?Z_1cTh{8#XGHR8r9H|vs1fiwkx2ytbnfmQ*PII5dG?6Y~JL=r6x@BYJ-cBe%>(w
zuswvxJ;diN(=}PMu=)%&teRYFLi(FFFV(+itjB=VIi{{;!)*xfx75-7@~5Pg<Px#|
zXUYQeOEKm_u_|eAX+2wLJgYsASy)-tvEIu_DUWq_T|RBIl)-{=1})-o4L&I?`6R*9
zsGz(s5g~~yHi2aa8Mjy1<f0x;1jhjYl+}|wW>sqzTpI4j<87k&%Q>sIeKmBD6<?Cq
zRkk@jPq(z?t$&ZEBTPUfjWc>$O?orlF89zBo;m(OIPHK4-k#Fp`||pzWq#|+K$;!+
ztX`C;D4XMDW<0LuUX`4$XD>ew;=(7fou?6DNKDyyEveML9ar+POavIZ_Ni6_mBjO>
zm4Wrd?Ym1MC^U++%8pU)-+T@g$vb1#FUrv5mgjqyP7$J;BDAY$7BHz&XU^0~*!nL{
z7LT}e#77RQX;kNy0(%Q+(Ca93M_-ndVUDNKPQ_8BE$&{W5VUn_t@{S+?x>Y6PS%dx
zZ2na5yv(BgB0Ur4RIC0~V?tj8jHbJi$-VbLkun!ixsl1`*A|TaZcm_asWeMLb+a^9
z(;LI^p&zgoN4j+z@ty1wBgj+_|Ea^&(<wm&BB&M)P@9(8-Px5$x6+K`Ig2G@e=3i?
z)2BL4onuiaYwIw{wCj%&UCEI#SEnlIu#&mZDyJ!GT+;8+CO3*t<fj$_+I}JN)0dPE
z=mW+(VDKu<t04)fWvO==&-YiZ`9Ait_tv@|nQ>FG^9PCx6>0~bXWE21Ow&yu0b_>l
zQ*E88Xi8i#oRxg|Mxu%DzjI3sXa2-(<<Xc@+0jz`VcxHLlUNTcP7T&(+;3SYphPwt
z5ZMiQ`8_Bf?@oDuVn-W}UHZjzHu!yfL;=MNl_dbS7}t44hfFQpa3-aS3JeP%qeQFM
zhb?B!lGO|6ry?)6HAeZG&D5}$q))t<&+~LAuiVaOo1(On_TsnfLHOr@N3$W`t%CE|
zdG^7+X*)Z>Rod(4%Eyvv`~2!$_A~584qknST1Ncg^ygAk2WBAk(Xz@CTG54a@tVp~
zqh<(~JaYtfu`-7ANN1W#@fz^e=vnEjB^kNIWwU~Pf9{`vQkKd=XE)8aLCw$LJl!r5
zI(S9$^CqjlBED?>U}eBc?apkd-OX^3xp8r#S7UO`&efzFjAGC=YzYm)c8wdkQd~=A
zs$S=0#w<FUc)`e-J48_;-mvP$0O|3+U0Ze0rJ7}+<F-MkZQd*#NPf>O&>0tR`toZm
zJ51GLEZsr|C8$hI4<kTMu3dOizSnq}{-X0UIZOx1r*8OKJC4fpg9D8FRfAUhy)rKo
zCZKb|L};gAB|n()&5-kMXPN^|NL*y{o9ZQW^CkmDqin~L*az>z)-tY9`=3Twi?n@5
zeyyFloo6+$*q?R-R%=VH(G43FlsIWK!u!rHTI=zuA=nZ%wCXqMiJS%~WE$HvdXAym
zup4ggqBUVR?%mb5stD~F8>qw2M?pV{#LtWyo7(H36_@iX869Ie?#mK}Qzm_7G-V@o
z;t;dDHmX0QPi200%g{`4Olj&k-8i3ARdIXV<(sc-m7FgFGA^dKr6Z8u=WC+L$6R%<
zPNqv!*V<;<SAvc)>^f6>!FZY<F@0<hB79l19aRAcyZqNU3PLOW6sPQ=UT-)cF+pH4
z=8XJWJ|J5d4Qx3Od9O5nB;8{iR+GGRAKnKcM24hEpS*4#>l#Pu*B<}w85-BR=_gou
zSW^}^3=dxLietwc9b%6-Iui4+2GVkbh9=%@P`G1qo?pY@@l&j6!AJm!hjz841GeJs
zNt=&0o!9j$EkEybU9l^Y3c_Xh>&N?bdutAMaoyhMeaM>Pfw2@O=BptHWKs1;jf3WJ
zs+VOm)pqt-YC?(FDn1SrNJ_}DU+=W90f%cm*_>tt!H~4FyP;1!mBAnBd|~`kRs>NC
zp{t?Glvl*p2*8Fw<SyW5_W88>nJAE+Mj4nj&nB^51iC5=7G}Jh%@r_Id?@>dRW}=8
zpr(s#G#k77_Y3yJh(oN#;tAS%P{Y*miN=p$tiD&N{`95v46HXR@O8$V4gOi*G~~x(
z=<-mlH~)IBko&d;)&kl?|B|QN$K~fE%SK|?N%3858_jv8+dlC5^7(UBXF91#g#W<T
z**Eg{FF7VXr(aKx1?N(a%@Xa-qQ3bADLHq(iNAj(<s6A0P`qyvzcc@C>gPQ0h5O?F
zC%;cI82>zS^~DS)>T8IblB2H^v`KiZXhJ#Yiz#*BfOo$6RQ3+cfAIJ5J(s=bY*cyA
zf5=($cUgW?0If87ji0ltiPbBg$LFJJ=b!x#yX6l+Li>%%D}Rs7Gi}4?!&hth!zb3o
z$XDUcb^nWO_<H?C9?|)qxa|ML*{S^}u8H7FTH;#Lmo#YG(NgnIwM;ILXcuL(uf&x%
zkPs9^G5`0tH*kKlVa7-%m_Y|4AchLHV2X)fj5wUh1ILMgNrx!YB!mERfq1mAcf0R-
z&C7gA_WLjzPj75>zhFdWH$5&v)4#6(5cNwuhDrPM8ViB(iLr1dlSluPedkq&C~7D<
znGxzlF5?m&x#ihUm^X(*!R+9JnR^OnF?J)HF5lISlR(`zi{eX2CL(cCU_N4--@8RJ
z+xsc^(d#8NrV0`AMSrOW4tce$X$!Sq@M-UHqVv?MJ2m^Uy?ku)DZ*xO;zvOdB2J}l
z0b2))=HmH=3*;VI0nb^ZKH1j^P!Bxx5<j?7o1xXdUm#>gP;`Ipr)=t=@l$_uAf(f<
zzka{xpnQKES)ZF0X_79K0oF(6`Z5KF7C^EgA*)*<IPgEtd9I9b|86!Q<+^OW>}o7X
z|I-XAzMq=Yh3FAqLKu%~4AsvIZ>`SmVBUSoX*h*#m8`*THMkvfk+#?AvMg|U*kgA+
zP_S)j6vXzUOgir<%U1a}uKvP~8{6`+%IKQg>BKt}h1)18T_oAC2uvt?1#<e=7rgu5
z_RW#Q{U*n?noJVw?(}#Sf+sG}`1IL58~Jk}e7m^g)bdPxydDv03^$n_g^!A~%%6x_
zASojJI<)zr!=l*;Y5uJWuJb#>XtCAzU5H`~@-ZHs5Q(MT>R!T-Zo?I#!@cSRuNH|F
zC44F=$6eJ!kb@Q|Iv|u^H*a;O%AePHKVCm_#0VAcXL#**Gual}&VGh|Te$k63AiPZ
zvx+{7lt|+FNrd?aFvDh;C;_eMxQtw9N-7@yYZwVpUH>!BJ6_5!?7=JKEw;XZaZmrt
z?G%RXq9A3HZU|5Zd>(^olDE7oH=@Fk?>1#ANW}MYiO({|>;SDdJM1Bu#<1R)*nray
zd4cdB2s-`~cyYSM50k{}ltP}+D_s{uwyz4tSCbdwucyAaF8mR2AItAY-s`ai7vk}y
z{Ottm)zXHa5)5_wX7L-Z5qIw-ox{pGqMn~LGmo)%#9rR$$AMp&&HOWwW9J%$h~30K
zU(5}E4(BQt0JVmcf=+?Mjoc;MH+{Ttp;Ob~N6U7^Xd8ZOyH^9VRmApH-=$yYi{P&{
z4kXW&YroH0hTjCxqa9Z#$!QR=WcFM!QU`vY(cDs;h9oP_x)7tJu2AsK?lg(etJd-S
z=#~+#5PBRBMZC<c?LQ1fbn`Dl^g2hx>pODM%$oSh@uWOt;N<UiBjIp88$5W-K3b7M
zr89M^OQt|QJqaiJ%VM?s!!5MR3+V{%Jo?hy?P6?Nw+85WPpa6Dg|hf$jAM5>r+P8R
z9iOZC>&oifpLe-aaC;Rtg@E|I(jUX|Ocp(_pp*F$?=xrI1IY)+;`6kOi=~Q~BE|qq
z;dXZHA0V*FM}8Nwv4{xHci{@g|5A}%P$0OYkIa=9k~34_eq!G2Z@074IF$yu7#kMf
zC(qO$7N7kIJnYyV8Zf%@9p+G6H>dA%?Olpn^MWKU+jGQ3!1}n?%uX+C(2Hf`$Y3pT
zeGCYxH&RZmsn<&r_+;BlS=$^B&h9xI+fVZ_1M~<^^efoUDi*tVv+0&y^?T*{STZ-6
zJ;8(&`y>Irm<x*#DA(w=?O6GnAA(vC+e2`1@4FkX{vU#Nk1OX@8!IevAO}2-8&-tN
zlNk0Refq^*Ik;B-xPEDY53$|vp_KU8@4I%NrQ@9g{r8QM`koqjX7<L0?loC*;dz`J
zKsrIc?C+YuuRyQ6F)FSYwh(GV<D*jst2IdK<r{Bmo`8LTIcHRAkonPYq8~5fuFe>A
z&*u>%B0}E>(gD3#K+7)V${y+kT!rW9@L&9}?jF%@aCC%B_{eD^#vcJ=j$32S!O9iU
zLbIW6$x0ZXG8Oz@P<5>Gi?L%L2*RM;fc<Od-@>OVktd&XZ%q-utmQYY9*pe#>*297
zs22q`QckQ;128<}Pa&9o5`&Oh9`;JkQR46F28Erio!|&k29=Z)Z@41;9FyB$nH75G
zk5wZrqdO%&#<+M#QGd@puyP4OIMW8NdE2_$VDd|_px;;n?H%t^?FmBYoFxEnVE2%%
zuZU&lYF0eR%^fp&is(E}a$5-zp^YEe85tRg+>9UA<FF(SXE4vTt@6F+PCG8}N|vOh
z6oOQ=uN2Fl8>-*FE36n7xjmi}e^Fb%0nv%DZ6&tK&J!BqKuE54X&O%J_l*HMsJIG3
zwCf@#99Z3g&{VWYA$^&cUqH?p@N_tEgq(-(iU95c)7$}@;o?_tdB2^@z9sewJ9~@I
zN&~(bKGwP_V3Y=eA8m3JP1H`T6MCRGCNIpRiOw+8h}RI>8Ms}PwPQlmKOo{gu`PH7
z+aGegnvU~JsT?gR@5lHz0<{XZ@nK?TB4o1N3|?LDKR0fbX`&|%Hi%-c03(bfMvSJ|
zx$o`2@pG*n+vE#zHDNQmyHtGwv6YJ%$(OJ><r{>tRrM!ytn7La0+oLd_a}@2qH;^<
z8qs_I^b5rKQV&&REi5JTehQkq%VaSBSTU3HerhD-*k;WeiFAu~eSj;NeF0(i`7=v!
zckh$Ur@vF3X}@ERd5Jub4zRJkLu+zO-@u}x!xK=Bg20D#hZ}|SU!__9B$iqUoi_Fo
zaLrk@%~a=PDz{<E_!T(ybK<lI{gbl!Qh&-k-fp76;>ulQlM!K0{RlLrKplot1zjGa
zMV8CS-$A*6`hW}n`&bu*5*Lx_x|qt8iIE?tYAI)v1q;3{OZ4&4HqZd2=7V+6nM_RD
zg$>>_l!kS%^ZB%UqMuKyz?uW&dv8p~N|^?(q@Z%BKPLSvMucBOYI+v5=pn#-|3v|p
zUL=5FlrYr}%B%UQP{-m@ultF^#yH;&hs@=NpnjkmBgFNYp7&!Sx(wbEv8JDQKocTM
zx+P(;cT}-V<!?-buO!w;b*BPt!@^@x!F#t3BxObs=Igl*aSsJbh+<J65Q}jI5Sr}P
zE*=)XXl}$d)1yJevx=OS>!PQV1YHUv8KqZ}C@vO)sd_mkD|<-_*{BcSryrgGD0E2y
zuTLs%ZRGB&-qmLK9Yh}rdC-$s2kJ&mpoued2kAj@LFF)_A&~i9quPjrO$>_20Ddsm
zw`Q*RioX!EMrjwkOjFwmbTMIl<Y3VIB$~od-Bb5YRi*6-=^=Qk351FmbG^NX_y*td
zumT}O;KBpvQ2i^2sc?ym1H=C|P;0oRP7y&$lANz$Xv?pcQ<;t}rNwr(?961T*>e^F
z(PbF@!En$C4SY8YpgOyfA~K1}nmRne)#Y+{`}P@PXWCuX(}v7vNkeCFL*}GCMYrW6
z5tmi3&wfh5yc<uslqh4@cW3u|Fhm%Meto!gE_oJ`Sl3-{=gR-A-ruy3?&cQd?eVn>
z-Ar!y?U+wnHI8mf-0j)Z%#QtUoDOoj+`v5Y0vXReHIVB@<+PS4&z5T<5Fm;=Lk2;f
zW*qac<Ch&_?Z})3(k_Qujr<tP>+62nx=?m&+Rh<D2%Iq8`zVNk8=0)jxiwYo);!sv
zhCR^&gc#Gpik4wzj-HTcR2ho1j|phOj_FY!OhR$9fT<5+UB8?iK%6}|Md=Ww^7j;w
zso#Z90Q3%rMG6~Wz!OTEu@2mtIaWLbc5)Y5x1^{v1e8P0?9-CdW{Bm9HOJ;m^Gd`Y
z)tZ!gw4lC!gaD#>j2NF1zhx~X)2C118jz7Bi&VzJyte5C_F6OA?jNJcmD3@&1WWr|
z2M>C8pB6Ph>Jaet5@@ElC4<DEJcgr4O(38lfFMBO$53>}idF8wKPt^;vtmSZmky?d
z$~xXz(G5nurzRY6%DGmB%$f+11eqqVhTUMZUDT|Fn$V?4`qRL9KCb{8QGc!m@I~+U
zod;QHrjahu@)_^_z3G6_@mvix3$Y@}x@O#~;=2Br2oPZquD=-)CXCoGCOy*k;EJCc
zKn8=D!ffcbsm$+>YEO`F`zNj!`r-I6lC@9$I@?ujcAM;wm8u1+08X=TCs*@OELru5
z7<KgpIFgG4dh@POIQ~?n^HZINKfi;}PX_03BWKAlJxRPfJl18_MuK1!{5=PlC~>JU
zO*7tsZ-=b}r`36G4<i1cI|&+n#v4goz^>3WZ)nkYmc8W!NvTw2r*mnm5wXhGLCF&A
zB2bhohzF8TZ*XDRu%RxZ6p{4G>S$MM1p3<24SpWP@})912sc;W*y+SkF@0ykkNCl$
znVAjl$`a;!%yuLRDY;<s!OWO9%(X%-KcimJH@>Ujxp-~{eIcde<}r@|AV=?Zz>4wD
zX>9nVFC;=0Hd==wMFk9~(OWrk-IvobeF?^;v7+l7@UE-L)Nt|ceZ~<v#~k*GzglB&
z(RLhm<`!v)z51=p0m6_zvyU~X3e4vlcj&UhQ#G80XI&_ncWqjEDExh~6Tl6I9ndy)
zXZok~v1>jX;udl=YJMU|7vymoSY3(D3*1)Qbq}}PiUqBa%cn?Lf!)-cw`Z3PLHT}D
z!xV!aK3#R}8s~)oh)E`SlR7gB54j?P{uRaBJH0pSb%Isu^euRIyuDZ-KW*pNmFk1=
z4hZ^gdodQRV2;UWp50o(<6f#xZ|_;TYzwuB;nMecYYD?~e6s84F`xMaM7F{mp}gev
z%IYMpq&Yp*LjpDtH16%;3>S<TTj%$Yi~KrPwBoak)tOL_$oE^2g?y@KU^=xJM3Bxs
zu0gQf7uf7e9u^k%e=WxD_d!Z~DaJ=+%{O>|Ud^u$0{`gUkR+zRY|-@B=_12$k!Z;h
zw)ZDZWSO_GqYWNUMp}IV!O?FUgfl@w@;<e*xr4zE(r_<p8L5Qim#o?up*-R-rQltU
zHLEAwa5w0E@9}kK=KNc!K=rW;KkADHsmwA7g|4A>{suF5P_c*!VNWsp^-C}UI9wD=
z7#^wFj@LP^ia%`S16VB~jb>Nk^cD>HO3+ETsDa~~0J-D$PzfsFSTa1qId(gvu}6Dd
zjMcrN;nG~1$9~EE(mVYd(YmXI^u<srQ;s6dz-&1MFC?Oj@%W<kZ63Rjl$nMlctKz7
zQ%laanP}f67=QMK*;{D-H32S51>f7{wiTzTGrIgvkkTp`ReqDm&Fk2iJ)$mXEQ{yL
zIB!s*)sbd7u#OLCyK%3qs;%6bxw(k@ATxc-$K-^qp6Q!Eg{{0OqxSgOW;*;}<tTO=
zX+~+&qHco2057@jr-rbboR3)N=t^CCF6^y=L4M=4?RJSfJFDB5_$zK*{TDGcAB&D$
zd+j+A9(*ddA7(Dh(rPwZ#pLxQp!5B@nV+YMz%T;gqh}hJ$myBM>Dd&F?#wMbD0Me@
zsb)ta%B^-qipgLHx4l7n?d9{2<=3`qZL4zeH|9-?qA>no6mweE?nV0K?lC)pE#paD
z^0PW;H)0nZ_$5NUXeJdv5l`{$;r#vl)-4)i@}b7%d8hes0Cr!7c5vXM`HCv??Xa5R
z2sLn{$2<t&|Jj{;?jM}h-TGwyQ#<RE00S1o);>4jmjlOU@d=%_oPvki-g4mH5z^+k
zeNDN_z0E#_;&om3Z<;?vZ8Q~k5XR7jn4qSh=>=Q(_VKe@ItLLYC>phoATQH;7y?u_
zO<`^MA)H9^n_#H|)>Q*B?fX1)Xu+cjY9cgnGw5}|a_Y3WD>TI4fD63AUD{lb5Tpf=
z1_9V@8$u;g3Q($)AbZr*yezi6ty3b(Y!UV%z3_8VL#V2DQhumj@?vmNbzD3naQ#-1
zp9PRe?xxd4gpcMF+xlwB8rr<N$j^rdxdJ_fGUtc-$7?(WhNa<|Xt0UGf%A=&m^gGW
zAqk>D&(d_h{+Xe|kw4}M>Bg9GB2qNd3ALe|7-H=YG6%F3QYdR<Px5to3K3nU)8t-f
zR7sTF$uv}PPMX8LLnv=5i<z|6y#ld8PhN|Z6=K(Yg;JiBb1{N~NM#mLNH9-c@Jz<%
zW^Z5e+`nR{p*0u0BO2gqey)CxpwVC8C>^PQKrkM^x^(f))na0n7up>vx!7YUCU?71
zx(8wdDxx?`Qb@2jVuY9}EF}~q1~gO&ES>1|W_~xTKe8<6ace!HwCxkW#UYyOB0Gp5
zg`NIYXv0H=M{Tz4;;OmG)8=(fb<4z#CWq$y@CFS}g(<hOPuH9^MS6R!K7(o0{4FQI
z;hyBCjS?AQpo4r%hP67dw#g7{Zl1V`KF&2P=cqt(5Cyg|k#$h$QCe%m1Yrr;-jV9`
zhLx$Jj%*l@<n9kQe0|-RX7qwwO}0;+fX3WDBf)ZAFc8J<J{(ArBelTEPC`n=_&Wzv
zX7-889~Q2aB+`FwROWRfIyELx0yzR`;e!bSk%Ga*+s!rpKLAfau)k8Il`Z&<bHsBH
znxTuqH|Vkf#KadG7Ezqzi)gz-zL{S<8CV51)83>ZL~^~8K=?sN7#t})^OgI8%saOu
zOS7IexcZcp-fxuW{jnR)(lAIFHYAhsNUJNqWI6&6d?a8&v|~p;e$V=0%x1s8U}WD)
z(0@=}XG*V=dH|@~5*JcJPe3ijy$TEHgmc)jBF}#$i`alP06Xv03D6?IXAh)mfQFoD
zc$0;<j*3$TF#J^Ec5YL!g=;rZK*4)Cg?q6D%FE2dHHT=F{8MuXm{j6E(e|)(CtCX6
zT~+J~Z0_L3xak_5A9EMXXz9I1%V@OPHGfyJaP75K=xHHPic4S7JlB1uRa)on9zx)q
zx5#>Bi6uO~7-Djzz5VGet2H80Dq4*2G+oM4B>0G~afNQMaq4#I%KH7yI~hhM+LEt&
zgVr;>_v|_D&Y;m6HgsM4)9uqg*O<NEFSh)3TfO0p(QZHMc5hnGpZ}ouJ2%}QpMSOo
zhJN$(S<8@9)|{f~6bxXRKWPgeBdq;DW4#;mY4|XYwL8b0p-o#KXbtUl0SW`~Dd4HU
zC-U%J>r=P$?Af#Su+7H;w#>Bf!+&+{(EZdLhc%DHpoO6@<){Tf`-7XdkwfkCI+(39
zdbcxZ12TuX(Qhi^E8uGWS&=9WDt}IYyDF{(dmFvZPMSn)fO1^PrctEHQIQHd+(}d<
zV5r#-k)*TR0%`Ly!pq3Cy<+*GVxNnT%}AsRz_<K|Z%MT$y9$@tV~&=KV!6cc=FUnf
zN;|L?N&MMmw!vBn9!WeC!dG?*44rm7N8}yXg$xIbl7%3AiIcGI>F65uvwxUmbde>(
z(sOlYC^h;D^%kIl4dm*L`DETeLT<*3(21JUc;<b>P&UklfboFQQioV>8V6MiwRHqZ
zs)0J;JQp;RtycJ~O6nP&J;5Maj)k&CmW*`70qH%*+v2mWACA`|{Oclcv2Kc#wBY?q
zz5y3WzO(7MX0)Zmi6uG-Fn<g^@q&@*kr$&WV8Ugwr5OIyATg^!(=||tEVLmPM|!vS
z8|gi)l~blzwpS@2e02qt;qJLA>4nJXY=ex|%D-8tw=C9M9}nx3*9eT)yO~TV(?+wt
zXrY-@vRL0CQRxC1nHh<)y8sM`6yzF~1CW9OR}UY%Ha!CQkiie4D1Q_wXJqjdes2;9
zl>|Y(Lg_?OpI={{LEHMefM*ETE`!1Vz+bQU@4JqQrvcx?u{cL627!(y$UfS2nz;xx
z+-0oP^|C3Q1uoB@ux`F-#ah}=mP*Q*Xr?8>6S%G;yitneQtuSV-?%FDzL}oPfFz?c
zT3;xRJ)1iU$B>f~cOjXK1358}u8v?^x+_=PYzuv;cC0Jzii|2;xzDnSc9JNU0Yw57
zf7GqRQRViAWF+;1;Y##aJri25upVLbg`WmIZ=lVWf|Lu;6e+4aTp7fiCe5UnNG{W~
zBRNY(bAEVu#_@ePB=%~h^%gwa`OfcW^$B55`pEAC7Z`{NM?T>?rPRI$BE*~b@3hx9
zuW~(-3Ch)x_OP(jg<rk4F0bvw+jlSie{gg6{KM~`|MA1yo7>yBKfk-VEne-)@H><C
ztu{t}s&WCV)F$)-{g~waCtD^{E0Pp2nNmTrDIg=TT(T*UJh!f7oxd2T27T%+K$2l1
z*(S*tq?j|G0J=3PH-HSzo}dx<5;dZX96>G)+jjBV0H@E_5db+7_&z#NKn2Gne;tbD
za4Zuc;>7SkI#C$ZOyscizNCfV#%>sidT*o>p0n*z1gK)@2)>Ix2pLp*!JyB~*qS;~
zF``v<L%qta((PB+p)l=J?2+f-CIyQ);neFVK4F54F&FJcb67chy*N3L21_$wa)Cg$
zL*m_9atxf5Bshdbv$UoJOmmNgf4g1BZeD0N9vURzEA*8;)Nj*1gnP4~C>2Zc_rzB`
zV{f07vq&tQd#2@NO8UWiuna0icW_!xp1n3m;&bDNR0qOg$Tf*4j4csDx@GX$CoN}<
zFp`IViX1<3DWc!?*>8dxlk1nNT%5mUJ26Pj6aXYDY}f%I^pY%c1?XB;f5j`YnDH{K
z4_DvZHKPJ0=G=taK(?dF!nK{~3KK*5&kcbstT>5gqsK}CM4-1{b-|6UR|yFnC?s(w
zB@eLF0XmZ593r(_gmhYX%gI+*s{+EFbNN^83OjX~Q8DanW6<cMPb#saP()uOdjZId
z`6jGM7~*5?94|55%IJa?e}A9vAwX8mOMDX}A0pvym!Sfp^2iD*Fu~i*MJptc6ByrT
zra{b^00nr0%mkFvBpZO$sAQ=NTKio^)gk1aIUlfqb&RPoH19wD_II{%{^M`|m8W5`
zNS8qSCz@5cIO-a773OtJMNZOFfiI7-P!4kBktd=TguO>lE)h17e@GE*JVq-0keKwF
zs?|{R@~TpJP%sel{kxZGf0QiJF`cfKeW0V@2>3V$3NsG^uNi%e2rizj3AE~v7X7k$
zl}MI4v>(wEiIX)KqlF(Y(EWUHP>Uv2f^$$2tCkDnsC7=tN9^}x48}kH_V14rgwfqS
z2&21u5JvYTf-rige-nh!>!;y4$<5U^U1_}0c!og2wCngnH{q*R@MQTV8M1Ey69^OD
zhs#QtUtGn?;9LVw%<bbke<aOMRxhczC~&$$M{0+;anrR_)p)`|GSyXuYkx{BIlr;u
z1=rY$DYgq8*C2(EIx@y?W%MG*6TamwZ0T|gLU%%~30}Rpf6IWzsR+-IC;kGuC$gob
z88Jq)#s0|iNUr#J8OXYS&DF@>;%Zsly;jRwwRx)b;ZqV0x3I2O`IUujH7!)gx*@Gp
zSOU@vO|f!Hd8ZAaolgpZ3q7r=J*Pld3Ga-G0gTY?EDa4tQ*XAKhL|9+&|q`RR<k93
zF25&m)!;j6f5*t#7|OrwW8J$qusf*huLNVI%YgMY-aXaDQbcOUl6nlGI1BHBNGSma
z8QR9qBThu(Wg_3=As7KtG^`+rJmn&HgGdodv76Yq%_uQeh&mpWGQ}}Wkuaai5H#(Z
zDsqQGEpF3k(*4x_?X3wK3M~FgjC~~rf~Dt|2V`CrVp%>1Rd7*BS79QMUvoPF^E7T>
z-@Lv3`OO{TW)2tXqDq>^SWh}as?@o{G1_7)<M#-W0Qx%)B7oiIKTzru-Z}B${oRj^
z0sry)+Sbfg;!U8sm@u6miSbb7F4DN)zIk<*Z%P6h6urEKA!cR+?SdG}FTao6>xiDb
z440is0yPy2_Sl4zW&j*#-Xxzi+sM<$yUrw=m*+|XB7cwy2K$Q{3NLWx$DMCD(v2I@
zjDouT{GBQgVqutH9i%=Y8LX&Oel@pYtAUxX9ETRHnG;SZ@d9*rX}@~=4h{dY>lJn1
zL<{rGv>nc_bFpe`Vka&zW>yGixVBt%L1a!`#3@&R8N{z3#FPxOGr;o8k4Dc}7x@sX
zWYDxCm47fR`=UV3DzqRhNEE^2*;=!LT4`&Q@o~}sp3KVIDrDzz82rl3ao3w9Xuq(`
zifQIPW{&0xH&dcTHk88kYbd`-t@CO}#hy&h{=Mr^)nO1=;^+#)5Xn$CUU-d(8#fqO
zj9?_{dG(Dzlz8Ao1r~~zpq0NgM~;Wa2ED{Sv48SnMX*e^_}q?*-r5jdPDlWRTax`P
zn9i@rO+kT@%diXjBARt11r}I{tnJl7gOfO=wZFkN<lE5*-yM*eTnwJ9<)a$>tGB8u
z#&$P2u|=4thnC)54)|%80PpJiDFI%+6GkO1{6+YB$svsgusn+s&kh`p$Q^n461_5o
z?|<Q9m8t?AEkD97lq<NUU}iuhx?B?w2B4?-i%X}{^*QLCl==z{p$!_%55mi>dbzsl
zmn*5{$Z2a~Qe`&N`H5A0*H5|}po;}w#m4L8WDkJnF3pFCnK3?6TzL<0iv51JSoS&E
zNSzS2mwE=FV;B&BA=fV!2Dgo312QB`3V$ftXn~<`e@fLzSqWX9j6W-TD|($$dNFmZ
zkLb2<j1qw&zi&H<3u!4)lG?}+RnD{qXHOgyV?aTy-#4MBuav_bEhaGACr8LpWD;4-
zlWrF1Gh(YDIf;0G*d%t2g%LnBxsW1k<pnG_<{5cc*d0QQNcE+B#3C#ErnqA)ZGUd1
z!j2d6#*2bWG>xFtBpX$&xVdEZtGU{vJu{j1Cv@tAED<dK%ybN$iYuZwjRt56outbn
z`T&wan-|)jYVVScK~th$p~6Q1^tJXZP$>zE`TlPd>Nn#Y**=zH?*w5N2tnCZWT&76
zlGInhD5Mz$mEhSDBKYN+nJEc;l7IU^2`1(Qe<M#O&S3|aJRzqz66KwT!N_xF5fKYa
zO_tSm;WbQy$5bcosSqtD6RsqedWI!$T9MO%P~qVgS02x+@Yc#Dt-i^;HGRLSn)Fs7
z3K|uRAJwnd=z<~(c;bi`AZPR?8Dz#mMogJyH&Q0kb8j(exPAh0?wxCH-G3|J#dq@0
zZD;NUvbJ!9MrbA+OKf-zM`YpW?dJil2g7Z+`~y`s^Aw8oqthF2T>THQi;RgIIY~nk
zR(NK{ypNW1q;s`dyIv@CR4yq)6w$Uz{r2Dws)B`%>{*GMtMKxnWad<V2o+Mtv@bQ$
zU4)YVM`@y=R9xv8h>PnaMt_S`xt)oguubj!r8~w`YkiE^DDKXj@(6^Z#Nn*8^>{1V
zS5wmzAbDH(P|6#H6q11Q%xld3covXF1yN4rSbPVySdg4KfROu#atYg<AbqKEO%Mm;
zJ7q1Qw6UQmWsJY3)_$yO<XU8<7-0#oS#U2uU9+|aA=)f1F2x$~J%70XKfo$89NI$$
z99!o7p^+q;u!{F1sYeWJjcb)`Hp+uIjm_nC%I^)(;~PMA!Ug0}78H*qm^A1W!NjgR
ziI>G*^R9{zMDEFx-<`^(s1gZ7okXS6s0Pv+<=$!o<AFphr5Rsp6#c6?KG_bXU?EHz
zf;~vY)DiCowZ!{8Hh)T?DUWVKXwc7XT6h{*VL){<?N?SWkZ^-@c*{JTf&KxczIMB-
zw}{-l1FZ>N;#~WLEJV&H$6C<sXUPDrpR6u{H*a2HrUf*E*Z@}-HO+z!D=O(btE;W!
zU^a$WG#^25R&FGNL(58Q)~rH@A`i%kA>)Mt0|+<V@XrLj?0?}`2aN_~RtNDCE$$2I
zyB%fQWsyA{{z!T_j2tC&l;emgI`3M$$@WsoMHx`D^Gsy&)S*!(CIvOvsWlIXEJK#m
z0D+GdGoZJZn;>+3p~$!qb5|*NEqsr<xbbI=_xQoN`O&<jzcv`ohU~K%k<t!K1djAQ
zsDl_fewRZzU4JX?6dA=~;7`1VRQRrCXRn|cI$pD<I15gP8UvEeY&8^yw_d&90TCeT
z-I&3=IYPn!<HCj)jGR||IEP(^k&~I?lEop{zYjhFy>}xZ3J(qbx*?Aa9?NFEQrMMM
zFM1ToR$r^bfUnuTuQe1tfhpcAP9br3U5o-%HK~IB(tpXwlbkHMk!R)u?DGfM+YfSe
zAA<1*P+fpJIlkpO5hg2^ov-Y>wYG1lbjY&9E1op!KP6C|4D*mbalfqtw~htnLpR9U
z>ToM8(-%%xG;Cln`aF})l+Kti36KCBGfY~;VoEkzK>;0@H3iH;8X3f|X!xX`1gU08
z6YU*>{(p!Vd+mRi_og;Lp2P+aDw-`Ly(rh`oDOiXOzYoaIYJ9bH^;uGHF$ZnzBJ0n
zPGa;cI+suu!OSxf$4Cwj7e0ktie;nYg6-=`xhW^Zmf<avh6HZnj>k?2@&K&Pf<J@{
z#zDmfV}U8=WfautU{I7)dKm27-Qfb|Gc1#fW`73~02oHuWY^K0FvN5@RFx*;6O&rZ
z1)~_vCB&0s;&&r+M0TtwDSnbxW3ZhuNUcr-Xd5g6<{>tyg~YnK-l0Hi6ktm?%29xA
zr6Ti04%9>Kjf!yT9jGC<N^l+f!|35dnoL<m7?aOXElfYFMRBSU>WC&Chl(nYoDN4Q
zB!BFUVJ@b)^&@=080x!<4>eoP;Yt$}cb8qOp2Jq}ytzV}sCNvdEm%YiGf<y1Ac)pU
zL&MUM-OaH*B+Bx*M6%d(NRZ%AWO~I~FVvU(=bP6*J%9P;r%U{PwXCVM$)%&L-~d=w
zL_sS^1<S35aEzY4xuqu>-`bq%gX`4@OMhoG{v>mMDbrJ=5#t(x%8Lf+w1&B9^OeOu
zE26FuHca<z_>9`l<1v9*LttY}D9(XK;E&OTHVI9O+oLzJ%fYmkF{xVjzYQ+aELfzC
z1jKpXZG=T4Pyk39!NV{7mkW`oor{*>|K_Y=0!4{ItVt?ZGU2K-i}x%wKcV5SUVpnM
z@>FMM<}iW|g%N-j>okmJ`R)THTQfB^WCRT@4EKC@^mlq9`|Vn~i-`Fb9$#ku{1e>}
zZ7qoUQhWFG8|gYq$`8wZ6baqqu~f$4<&3Q})zjB+4LP0Gas)O&RC?Y9oJoh7`mj3@
z%ZRR+MQk>u@dKkvvX^<q!q?$O(SO28O!J5?j}p!SDV9^{VHXCG2W)2xu$q3XT@i2~
z*2dF^3R`7+<uIk~81ZI4AjgISP0m@2hz~e*+w#mP!cF6s$k<%?Mh1{fkMwj<HXD=t
z8o_d@$U)@deZy@|00NOxcnp)c{M73hP_+V#)Az`(PK*MCW9#D*yFo}{(|`4_Br;0f
zQZlCudvs36Y>>xF=|VyR@{Dyw;Yv=Z1VF^Tcl3=dr-3$gyg8YV1+Mr>v>0LQKe9Sw
z-qYB%aPe>7MFPxQN7%yfI26#3f}6}SxNDbF5@c@aERye(?Z6e(vnsMnv_yn6L-Jpq
zhhQ;5?t@sB+SDsZA}Y6*w|@(*<<+yWm0C3(WmsmgM$S>ShqThI2yFS>jAE@Z6U7iK
z;eVZRWu$^rE(<9a>diR=|8vWQ>MdC5esFVCIkcY_0pF99oKa^J1M=R4&i*z+XW7-o
zfcxjR8)qGdm#c0M?G+mnxVVUrgs^yvpy!!bgT#9%=}r>Dn$Ie@)PK@|!O|O?^~ty~
z3!Gvq;M@7^Dij(>tjtOWMOjwJ?rRf~F6D`_xQa>k(pQ=V_;muX>BYf>eGRVQ>26X0
z!B6AiWMGscjp=VlkbrxB@6O~7@*5lxUV7C5z29hW(kwVus>kMi5MufziT&tWCeFFP
zr3!K=S6eG&wPKStRDT>?rGIc5>Tf&<X+JDx^Mn$@E@pka+>57Kf4n}1iu~6K*pIGF
z4+{(Zt%TQYPqNAj%@!6BA0*irvY?1q32I)jpLH8FY(5Y;SR>MMp<gL`yv@U&V|%sx
z&h^UMt?AuC#gWGH2GlxE#D)pAKp{^R1{md~B`!r(`PE9AH-93b@|)F8?`rE*tK5!X
z{PgxGg%7Yo0@u}2n?;r-$bMB_&IP~RD*v=wVHD03&`(Zv`<SO%?{=!fZgLCD^ghg&
zJX`o)V148Zo^(FUoSV9f$jydjf3LN|E|cnICbq&!ZaG+cqk-NC(W&_oo6g9>5tm6U
zvr?4}y*n&FB7YbcDC0k|u?TFCFZADeFmGVLC@w<BmDgftts<SM#FY6E{beSG2yo|t
zI!16<1(#V%nk~9MMyybhpXfU#EP^72fnvM?Su99B#av`hMl53d1G%LvGjdWHl-eoC
z`g&$80*$ysBwG*>5VV>`swJ{3u#Al!s8zd&VNT;y7=LXIbSju5k7Q8#1<q!jiE-fP
zzAU`Q8**I><yA|D=TClcsPFGIEh?BbZi;GZj86>b%T%evXKC>Ld~+YuO!-3X97b&j
z1Kb6fU&bqb9JFr}dZd8_klNs1a1&|jOdnc@J#&pw@QJfP|9-QG1N0?vJYzytK<1_k
zx12gY34gZ2B0GcAK*7T<mMf^`O|QIgdQvMAjyvK>B(?^=HUs@Abbm!i2|0KnQ{3h1
zdVO@9Ichj)xZ)HiQ7t>3VsAeVjmPexvxk*oWVlWsO5ni@Z)MTOSEdix47GFl%dI(f
zE-usKib-`;cP`}#XmqlLF&i+9lgS>vzt8pPEq}n^F(uc*N~ya)<crWTuiGkyO;uuT
zSE(l`5WGmLW~Sy!Sqdc0wq}1MaC6WRlTv!p^ozV3V-U!q7*IsE7$qsdCx)OmF#sV+
zheZLButNR@QDp~9-%#pSS`ri6+B!mKl^F-BL8{n#RLUdw3g)^2*S!#l8kv;->TeOl
znSaa%I@+v-Cy;Cj1-3LfHVm{!52CUkMO#occ?xVSsE#PR`-xM*V_=#MHCUva`4M1)
zt6|Dg0sNDU9uY+uMFzeoT$quTIBOtZ#YP-DGjmXrHj_wK91ooiwvES?s^3z4uv|3X
z0-Vkb3nt8VYo>B)+W8w<O+RCXGCg2Qwtqks7m!{0xpC&E8zzI{LouKxta6E)1OvcD
z+e)P3c+m)IKj6>^)63RT=FAAZL<o=|pt%B=qChWKPvOzIs3b*Os#j-hmnRxk6Cn;{
z%hc+`3z{yMIkM_48K$?S{z1<qqu|Y?Y%-aiMXri)LdM{4HA)!WYhozf=bVmID}TqU
z0;0YsOPjNjF=sFT5JsjIal=>@^%SOzM3o3^9+>+w-POu5Mkq36^7OdFyW^~`rk3>D
z7R3yIc>dFi*VNMR_Qg-HZ|>f|dtSGiVLHh3*Uz>a0)^-l0|a0N9tPaqOk|OR5cTfI
zr&?z)XyqtBwq~Qgwc{*XEWIAB;(zNQ3zvyd^|XvD(#_O&xx^6cI#O!8ypVmnUH|H*
zoLgQ|lUjvKVIX%|Wxjpd%uC!{QNyi{ow&5@gODLq?`yj}<%;k@S?U-L2tp8rmf*gM
z#ELZDf;<>lNs^Sx9r|w$Hd{_ele|rKgHjQ07rxf&Yd7-{4Fp3?H?ED|b$=Ird8Ivn
zb|<z>SQfH|g_=vDIe!WQJ97*O)}xzGDtD@gG-19`oED7E${<ToBwr-M6KRWO(_moc
zaHK9pje^|nryW*tU+eXK0Yp*^>NQCTDIx<<pA-kM63Jubn${pQh@}##Gsn|+*o#gD
z7sN2C7q8yFd3Sg7`c8ZO=6~*au1buSZF?bA9}Gxg|IEf@{}nHQ@I_>VKsn$fplA-d
zs+ks-wBbq3?j+;CUI*`XxgEdVts!;&h~*(rY|UtF#TB<iIA9VJhoQ|})tf2KVqR5C
z2&My>)x)M98KqFQT2J5DWN5}f)Y28`I;C~5SlYkQNIWWcNA@rSI)7jPF{U%JoMr+F
z(Ml37;L<-!WA!Pp`Jd`+XL(j><#uBH!mEtRE;VVm{$rC2C;#KUk9-Sr_nQ<pB%;Yz
z;(21=lumq=$#7uP7B(^rV``EhgoHF&eidM*GjxUS7algUrQjtO!#mGYdjtByoiNey
zfoP6Ey@H{nE1Q-@?SDI#&PW@Dpq)_A6BEw$X?cwly$PS$R2g`61(^sf3Lj>EISS3t
zbwoNJx1Xno^QV7!9#K))rNi|<NR~)r5b^=xnZlxYtwYBSWRCNS!o@+hsP2jjG^c2@
zW=^bogAsF?ci3P&0p6Iz*J3mnE1F4$|E82*bTL<ngsLgLLx1)hXWwV@XXQ*gRTQXc
zB5jukJGOfjcM3aLGi%@zdoM&FS2QFXn_;pMV<x4^X5@&)d=XXDVMMydO=rkLB%?9T
z7xO5FA!irD28t&<a;Z!}QeHxth88&Mc1mC#R1v3P0o6`tWbCY+hA*Xn+R)ff0kx_*
z>e~XbIAhUGuYYxPN^ev}P*>&S3X!FQB@!^+wKk|Yrb0b5Y!whq^NhYyJiuik!4;xl
zju@H~W|LIsUuY{A&3s=hI{!B>UrL!UszcibmBgzw^78AQ+s~c*pNbbqZx;lF;ibZp
zk`ItreJi!3PypRG*+X=l_B%*+_aA@z_XeIOB~REs`+tcW`e3z#0Ek!ClyxD&>S`#F
zI$p5V0)hFOpdvSvGlw#9VbK<DHuYWvoeH{E8Bt|mF7Og0)0~l(O5{|2$jHooSP`w>
zFQ|W9(_*-j(3ab=s=|9HqfmOZ5U)TwUd&JiCdDRkCl(gG26_z=C>Q>t;uUDP7kSEZ
zyjbS&xPO#tOJ07F)2y6WiTk@EJE@=NI=MTo@?%yJ4}fv6fBMr+jEOy<hg`GbJ9Q^h
z5BpePijL^^&dt#%M_iOI89gM<Gt!V|0hX2iM47l;>5Ocmn2?OM_5Kiepx`)87=8c!
z_jMpEx9@cHjTTB42Vi$`Y4gCv$RISPydY~E9Df5^q$^5?p{_#fzXxqky4E5JT`*%T
z3L6V$G@D3=#8jMJ922!^ju5da@Een79FKmIwF_TJ*BcDRzC{?)amnqQAK8<-bdY~C
zc7RUGN4~5NO3iU{sfnO}&qNTn9VAIbs1%l;K!Y-jX{iy>WL~TZ15z2XG$%k@S5=o_
z`F~l&qHnis$$p{D_&g@X+@v3NZ5t?43VZ8Fe5APJJnM-c2;xxZ(A8MujSZT;y_j8V
zH(WWCZ2%^A0U~pQiMG2C<6!ETWvgzeo<yeCm&1S$1IYpDa_j-=LLuj`3+%}f_|a9j
z*V2b={R*S#8*bEq1K7Yq0}VL4jmRA1AAgtTLn96vWIAY=ncCzHjEHM+P2I;5<4}e@
zDxk$u;9kyBQnlQ6BWn?fED+dQ*E6vVbG#4<#j>S<xZ_UJxR^LS#VPJ4G+kVZfJ7f#
z*CG{ku-GY+5spcz=Va&}hwteqdPub;B?4Q_m6e|FL<$T=O+O1#$^*aGAs-p=*?;a<
zz8;L)*-q!qOhj`1_TblG#MtS`<H)|$H)W!+IGYd(N0_=EV`bb5u={BSwZ<7!4i%)4
z#b`un##_AI+8c4bF$pUc!GO7%xyrFAoeKZ+kn`(bP~EbRSgu<1t6G{NnW10Q;G~hc
zL^&XDHYkw^h_lgAX2<4ExA~G>bAKWiH_I2B%_jMQLH?PV^K9m^>+h;|O--A7eRBm4
zTT~73C_0L*9GDMZ;g12aE}wGCA+d>#H7EiLBcBMPMbA(g8#z<#jte5IE)%TIF+>$)
zgA3{wEQ{`3QrMJVrx|AM4x(dE$+iFxRbyKDuHxCH8!Fq-!J$Im0GHsyV}J3z_JYdV
zj~p-7ZeBkFH76o(1$H-lgVh2-43_Rcl*SUd5~XG<PThMV)^~SKh?&nf{sS=MOBwon
zpQ#c;rLQ<9PDE}5Bwcw__$L^LtgB0*OO|PhxVHC|tU&<7(5V!$aBv#3(X5Ur;lzbM
z@u{dJh@pQWh!~VF-_*{z+kc<DKcX}-24l#g<k?f7v)i+=K3UB?ARLR}4XW0KHHL8L
zh=TUU;-~#tM1%)WI+sa6X1})f_8kX^khz2_ve*GAY8TZi`JYv5kax<x)YuW`RW<j-
zdWxx0C-G<rzHpf*ycOn;Lfkbq=20AhT)7r&E#Xbnp(m+o?73E4<$qF!QO+f&z0{_`
zoGZt$KZ#;TW&dn=D+!CA(TN{X6^IK8AVKvP-^sp`x+lE{<wV|&f>eX$wYC##YMhI=
zl}<B6BHkFmgzASV;)f#d0uI7@WGNmZzPxoT@l|dMG!%cey6@BKu3(2GrCOc0rqLM1
zopuNN?X<gEKcO6=vwtV==U!mitA6*SN5gC9(*kQe&F0^VV#QB^rG=)aY7Q@0TD3VG
zknpGKNSs#~9g>uwbhDsjo6=QCPT0L2Luu14Wmv}s#p>LB&K5+z6yAbqCc)^&kKJ2y
zmK1$hH8bkXZgcSGm4kCsPfBrZxlKw5kfdDPHD)nHA`ehB<bRB+Ic0~mBR*49Gy2W#
zt@bXBK=?VJ=D*r`E@<WU_TA6b<6cnGJRQ#UyR77|Q7?GcU8(FXQZwrrJ*Y+^2AgqP
zk{aKXtDs$=Pwzy<Q^Avx!KGG%v4m_$4i|prt&DLfk@UEs6-l+Av9E0T$QhI69<a`>
z&4G6!CCRq1q<;-WS`v$fFR{s8K;bIX(g3Q;Oj0yvcGEff5=$^KFgKj@^UU#G$Ckln
z2pgr!m==g%{#uQ`d(w2V5IGr>15VxHgdoxvF+$$87HDk~4UCiIf^_QlzPUi9!~Hcg
za}v!fazs-#2}vs^ZVIis@<t);zRmgSlCC;wJ{)Ks9DmM6;Qp_x=FGT?94gBdC57KF
zYE>63FOQX&W<>r}+A0U8!|q*W3*ZCE!LF$WDjM<BHX$arX{8xZE#RJT#u62V-EOu$
z-C={0%JE===q3nlL<KK1EH2Zz=mltwsj_Vc98reu4{Ddj(WLCcT5WDr-aIMS?}+X{
zbtNLlk$>fx?o1XObkT@s^J+3{5rr#PD+wNz)2#>`FM~<;X4RLKgD7f7;(k$|?*od(
z8|PdRYLyt<Hj-DVQdLQqK`kOMchXUgiT6@?kk3?YjDqHY!zskr^-=9usautaVkQo4
zdFVzAur<ox;hbwPFkV5L#20fc;}{ZYg-h)_VSiJhaI&oAiKR!lC!H&+zOp73JLW8t
z)Jp-#l$!5GX*!jtE^dX6%^jp8+40S0TH}x130l<(m;@*4Q#Eum^f1s{#uwB_Vh7`k
z>sQ9YK-8znnv%)^GTuDJh0F>|G$ypsDOF#?_&X7VGID@Ik^CmBrOKLt3L7@aR%^(M
zHGgqtcP?eC08z1$JqRKx3Isak3Yukl?%^sVtQ6mR<0rdOAwL-_E(6><yj7Ifp-y7e
zi-75sl0f-316O=1Z~d*1tP_<Aa|q7g)4lnD#Q3+cy8(4NLwb=@X_MAoQa;BcjHW@V
zos(4d5TY(0`*YEh4GF-7q%+y?g<==Mjeo^Bz2K8}9tT*27PZAW6Qlh|p7pUrC69xp
z$SFBbBEdNL=0fF;^<=r%ytzT#FyHaGJL@H2>)xGEp*N0Fe9HBZL6#bE##Z?}D4Mz}
z`$ZvlRbNR9clJx!AP+A-nel~UgVhUG>U1~{94yCP5v-|D-XI&N{9{_`Wz40CWPh2^
z94+~aSy5|^f%bCQRTVj5gMvuJc`(D`28+<bR2?)I0x_*I3=o2-FfP2pRx%)ucYry~
zXh5%hmQZbPno%xdlPlO0b8$=znyQ*uxj9F<)x6iLx>q0+{E1b*Uz|*}BisbG8D^|I
zvP6%8gd(YLg&)as|5Sf(2T2i&P=BXV8Jdcb2F-Y0<I#eS2IyDy=IRn6ep%Y3_n16(
zxLPiVr(U&eimGN_fCnM9wPd(~I$K?vx<&|fdHN$-47o#)B+W<>nPdwV;W+@=l<i)&
zbD7H43{(-Xl}+T6l2R3p!xq+E&9P+=887msHJEc&50n%jrgqP0ozLf&CVw#+PK76t
zM#Bunhq<sqQSa#NV8HD&Rzj?0M>0ZF%h3MvIWW64srO0UowDO&7HIYN80_Xx@(coz
z4(lPwyK;bYQIO9p=pZ1Xcb8Q60iX<ghmD{dQX<~7S1b0pNkxTBCnk}iZC|irluPCF
z>p+^+K}z|mT~sA?lr2voO@Fl2!;=t@v+k1(*U5GOS+yb8k=Z)sp&M06e$+6N4VOt~
zaDA7ouJ@4<dz#*oWlU0>nB09KB9#j3&53>imzfgg+-Kn3QzOm8e<7+SiD(vz#`f*a
za<6J4rH;`oGHEB7zX_t!P9JB)3iSaRLS))$71=>{T1|7FIO4YZcz-us2sv^$Tx15R
zxf<kFZ@AkD$C#3xB%C4r5o~G9RnEjoUptDV2u49#a$>gdVt4MzqLb(vy-0mN6*mhb
zR<hbu%JZe&IHUWG7IBPW$ZU8@jW~tMD(FL`S#m5&_WHP7s0?IsyUHnowf-@-xiR+K
zdDK*(8EsC`cJt1lOMflLO3^=IJ|wj`tT5oBt|3x`iR_RYnHJ^fV}Mlkq`(OCd~D&n
zXrrs~X|ie2QfRSlje61pl_L$8mNvxzAgX*|VU;NA_|4H~)SWKYX0Gki4rP~NFG%sP
zv54Gf=ylR&K~QJ;!V$sYnYhDB`vpAY9O!qv;Iu_eoD$)M$A2oK>>i0ey7RfHu#y~&
z#4|F3Q;Gqo7&0vC;t`jJF{lF$rXXE6ltYD6_6O>9tbLk!*RK8D8UCeX^!vJDbo5q%
zR`N1QPr_Flpmxkk^RRSQy3vR?3w&;3P|5fa_l0Bv+bdB$wX8rEn=wd7C=L)Kg;R5n
zy@T+&3JV8FjDJKE$ZY9rH~b0=*l1vt9%|Z@BJHXWyxQP`iU8bunxi9GlEYqUOE!T-
z<(ck80)ZSr5GTRG-@j;<EHVAzV0J33=a$qJs&AV|lw9XF>_yV_tAdobk(6VIONu@a
zo^w|)S6Y=kk`A>e6NUVIEyoKgPTc@Ek6SF{Bv;;ta)0E&TFco--aaN+iJEnB?WPVo
zowflwQQ<{3)Glh}_P01mwf@d`Xy@_v=i-xykV^&?W-d$Sk|Z8rER)0N=Ta*kGwON1
zD9RzO16Gv&Q3%|iWIl5u;F)vQga1<mSp@Tlib0W*Lar6kNdKNI>n}xg%EuHLy>$AM
zOppI!KYw;K4}3eR{#xANq_pB@d17fVk<-$_$$jGkCrW%nkx7gSD?UY{F)S!4GuK~W
z11i*YuukS;UPE;YQb$K7P)|BAhzT-h1y+aYw;+bQ9t8m4BRg37sOjZRtlV=L3*$?>
zy%>h0GN@3Mp@H@pa>Zfp1|?{&^d_-lltv*`<$v{%J}&cmC<itGHY}z|`yf*#J447f
z6!nl~<};wdM_5U`#8i?Vu5KU}ny`R>B7IM84$9^2X6sUB-ckS#ND$Z@;6;(!dQ&rq
zGVL7~WqPv!maa?0r8|>s_6~+m-lygaqu<CI%|Cqq*YD_>JeK8?z^}PRb?YdN&b=N-
znSWftt0zV$J)IJ}=58?vvwJ@!on%>-#)K;Xr5V84nKwz*<GAFLz_{w7x7>o#9J(V$
z`WVKF_w^5=Yq@Yppl?$az2e(HrR*-a@fb(X5ePd)H?J?DhNXH~&QeI*F5d(ZnZf5b
z;-Igzmfm)ti*oYBb!9=^_wQbQrc_Fe27j4VYG+5N-Bd$W1Z{w9vG6d<i_7g|ByECh
zVYbcCBC5=U1sHP1$0R>i13?Hk2fpBv%JK|LsYhCq+Q}SLr9#$^fH#TVfPU}z$vTwH
zk#zLz&|F@RLv;7kAG5EFL;Z|@75g;<&L|yim{S#m4L%oG1!5AK^XZuu-A}HUu74d*
zzdP$Tdq&rAeg1Lkpnw6_zd7g++W0FC{c8hc3Fp&yXDzuJ7pKV`vA3>;^=P9jy#@am
zE&5NZ{q!0A*BJiTZap`K&z|Z(>cc^+^X$jw+@GA4oLofucV`aBg|_?&=;i|U^}Dmc
ze+fd<8Eij-IRl|W07>h*!jbXjr+<j6gY03ss5}^!Cy)&EJtmMCMtjBMMulCIv&J!^
z>@yqZq$!lP%kK{QxeMw+su0=L#jOz8BeI-!*C=c%h}}5<<DJw={xeNtRt9!$hB_Rj
zyspm>U`1~|CgIE4C{||OVZpkSBx%g-O)3$a8s*<}3OcJ2QkRpFe5TaqFn``7H-gA3
zNJAyiW|dTyuA__%%ZmpNyZH*X!iUBI2ckEUPy_{#iQXiXnRyskfFQSCY5L4^j_8+f
z4?BfNP_q49d-1M~U*`Z~XXQ-9ld7Olo$GfcwZ0<=4GODC1qd0cyBeX(?v}*j5t?Jv
zvoqy&sqPq?V`QwFu;z$JgnwE`u{`<#_a|d_c_-Vxy0J&|1K&oIV6IYzcJ6$dV_#wR
zF^G#pJkeV*q+FsK%0dkcN26jWm4-d6IZ@l})xjp0&KOCLY?Zu1w=nwRKSZEg`U7oW
z`d8jZ_&YbF|CXg)I+zbDWkOUXr&fhf-!jr2uv4>F6488~n8QZG>wlL*ccCpQ_`BLB
zywboS3q<_}fmJbJoy4NM)<L}}`mjPe*pL8Tu>e8TE$-T<Tm-%v$et287<s`cpAbNW
z92^jd0Yxk~iC-k$y-A*Y_+aS3^bLL3>GTJE9m}rT)-`eHAbgUBW`l&8{*14n9qx(I
zGW15P-7va$hH>3Bu78bIv(p9{xIO3%=o5PFcPzX{RJ{WPY?p%ZpZxxpUw(I0{HO$d
zgGv<@`_giCb?Wvaa_?B|5V}p2vBw7FV4y-L4^)ok{K1JY5(P>S#-d`4P3;#dp%34}
zr3pT=D!gE7#x=Q80>CHj6aIjz*QNLhD}80YO6RytEAx+0j(;I1q3m-Y?4UWjGQ+_M
zQmmGVY8n)+#g=MOK$7$|yr$lRDCv{7ZCE+SS8J!KDv$<_uYjWbRFXWPa5AgfuAe=*
zlBo+c0^gMm-4zQYtj1v}1I*tLd(oi1XvUw4N(7YC23=GRP5T;9#}~f#6^k|s7v0E7
z#~290Lt<P<Y=63bB>2METzIjdrMXW;U@&{bI7%V+{7Ob5(zi`4-+`4i@i5*CqZrJa
z{TUfx5&&{AFframfJ$Z#Y`MA8{1L7SstU9MD%>=BsNi(CLD&-p|My3fxn85K;%B&9
z)ShRxF<~9<U9MQ@t=`#_q}Prq|K~q&CmxIZE4SFx6n}l>H`o@I+>@7?(v;3jIGtC?
z9;Qew9nWLa5I~$*ha#t54s0hW)O`?%`zkgkS7}sJyIJHJeMA|2eSN7dyUyPCGo=+x
zpvZBI-ZB##a)exw_C==5QLWCpt@3)#daIK}BjZ!blVRq7@ub+c6xh(6Inh#y7H({F
z(yVnJaDVg)E1t1##cS8M;<cMy5NKDec&)^?m$%~Sb**^vAGqKxVa{v)Fzi12q19>k
zjeghYv`@~8r?<*AuU(%Ht7-#vGLhg|S+0SG8A*38L9?SG;KK9Bx+t8j+8njNsR-ug
z<#18Pq|{kXpdxFzpSbl``d{G~TuwnmGGrAYnSTT-tFOqGtqvt>Vj4e3ucxJ7E;G&U
zaA-T#0S~UAY^6hP?xR=71W?t_p_568Q#k@4>)%o#F|=K%;y^q9MVS9W2d=uG>?%UX
z8NeK0BnAApqUc6Oxu<?dvw(z3EH}7=|8c*TxbBLj?3L*=o3K)oTtzrmR|X8DFe6|_
z34dl?l+spn<F+s@t6TQ;a>=MWAk#9dL`h(9p=ip%ry>xEY|(Hn0WR$Aj`2QB2RJ!0
z$w#QHhtd@l+|s&@Y}pcqXA$=gY%DF)NytM&WLA|M#=+BNXFpHmc3B6$NLr6;&cM_W
z<A^yHRkol2aouK8#?=MIfSF}1oyy>7VSj7OMat23)xvA!2v~9%mRy53F{T$D;N-~G
znCRRQZK%Dpc!?{MY9p?&xpc@jKpk5zrKS#Z(6J#EKMvA@MXW->V^nbvnHKdJj2sRU
zfn|iIu*$A#OuXnM$eJA<z(3RC+4vPg$Gb%oI^ksO%g}Bx7-}rEx@3EWrBTlA#(&sK
zZcedb*il>rvcd9fmw{fW*wQdI8c&D<Zv))Z3N9(**X7o5qP1Mi?aPxh$V;7I`$Zd&
zg~8QmZsbLy$wus$P>J{x&y0}N$I}#{yfw22w9IhRbB%~?lu0Em-V<q7aaZ;j7Cdr3
z`XKj2iJe+teMULgjyV%Rr3TUowtx8JF2tI2j@gdqj+~Gq%Q4i9x~1b~Vfo1+(uDKp
zEvp-@KsNEC#x0O1pDs0u{9^9R0fIHiAkUot4W+$MVuWXf?E+nzgDBI|KO0R8RM%Ka
zZOeSDZWJUwyd>mmw!-SF!OOIU$j_hV)`)mSy2W@oQdS@~pa#tfL_szg`+tdhEto^j
zWsqYAHN>lKxk`s(;*VU<D#QG7<ImAuf#GT<mUD8kl>pb@%AEI9epRR>S7Sv2U;I?G
z?<$wts8BvGyJ5Y$2Li^uJQamztl7SD7wUftD<}|t@*;(zWL<$N-OwvUXY`*jp{otY
za0eXVbWDv!RqK(HmcAc7uz#b`TEG!cV|`?44iPHU#LTk`RTZShkrE|lfUdLNW@cMw
zUy9H%%2=a=Or*+<EbO~MN1c0m*F4|b9$;!IK_^CQG$vj!GCll*L!oV9Q>+-4vVZ(Y
zwvCl_f(o*avKcJm#j_l_73}R;G{LBY(uD5+H|iMQXaI-}(BR<wHGdlDhw~a#8%c>o
ztbty+44BLeXMom5!**iRnl^}6sP@q757yBz05mijK&R&zd7dMCRa;nc&5JGKDI5Kt
zJFNDAi`3MvXD#~#zMpC_F;^Bt0}<<onIk0>Ms(+qlic(;A0Wh(h8cP(QS>aXbQJ)B
zapoEZQ)Y`8q2B>3V1Lc0p^2gXnev#7#*BKJWP}%Kv$70=%q(weRO5fkZRB>EUZgcV
zdFK8lH{HL~8F)jV&PKRwgbn<EP1imym-N4Or`79gH}g<4bol@4)*ye_vw6#F$70`$
zDI!Ikemk=~-PpXm4W_cf8&_|CN)53cwsfErY|B6mbWf8fSbs|5QKck|8L-QIbLSez
ztj?&p$hI`fCt4A9tA-j<*+Gsb`xMInl`?VpsKIZ&4JNmA4@&Tfq>bC|$%=k?MS+NO
z4WmVeH4UO4GTv?t@oP#(9^5*Sc)cyE%Nb`+ehP9OQdff=5d)O2MeASqNjb2z8cM#j
z<bOQ3-B_4d$bUBB#!c;9NP?Ehx++KGklrS9!g9$3=!~f-=S973xA6etqQrBB*rWD_
zF4pDuqoY#9Q}4F1O-H0r)T@~kfYzcI2}w3ARkn6k^%@xECB1Z`vYa-qQFtS<M7L&g
zt3nxYlh4s~guC*by)Xoi$35$Xw}lw7H0#?O`C^Vh0e`r-l!t_@Wg_y8!~yB^yoph&
z6E;WCbnMWah+cNsihvAH)SF0DvB2E(kc@<~0C^KviRV|e%T(B^Zm!COnRS_|ZTM<Q
zy6SmXSVHv_0!4{K3(xVd>l|AkqxRTaobIY6G}SO+TF9_Oqze%!?DfVn06s|NG|Xp(
z<3XE^2Y*A8_2-j=Ty(TX)U!&SE<R5DCF%D;m^oVVJgJn;?e@~VR^g$P@nTWp<f3(_
zM_Q0plUK-Mgdv>>K@!=W_i<o#BD!kaN-f4a>n*UL1%}7|6a*7sV^61HzzyVl?N#tA
z&>U0y5imFoKCw*w$5*fZ(A0iNOUcZ*yOf(>`+q<F_ID0yW_@040Va$qS0FSh9O4GX
zDr5Eu_A+wENeLWERVc+h)>oF1sZTL-8RPS^%R@Y`m`l>AUz8~^*!D705R*!9<pQ|x
zlGV&Zr;%||Qtb((j8w>m;|fhbZRnNk+AN=;K;I!jbuqk){^r=Vf=ucl@@}nML!pZm
zxPSSZQ0_SvLBTAv#8l2z&}8qyi4ZP`#<DPQxi-anj*VOkaevIh@J4&3G5h;8fb-2S
zH@9zvb$sc5bjdxf-ur!RiaNOyAWQyiiuMm2l`4e<kwcEv1S-?%Tcn=I^d1qLD(bij
zzz8O}NenT;D*99SqF;{OHLmW5a-3kLwtsNlCr#_pz!P-l13^s;mK6CKz>d#kg(`X_
zkt;>f7;#!qycDTNAoAg9L19s*P4YO@gq?gHX5>;7?n9EVis?rnU^!_KiL_HkriEU5
zWM#->L;?w_52?Rz5s5Bnbjla=w06WiP!`TQRe{o|ZV7uOLa?viUbMSc%jL2m%6~UE
z$R08e-N<P~B2uyOh<WSXVWFg7d)>vU>(x6lD9^ftOG~NM?W_x*7$J)5@^-O*He8F&
zT&pFc>p%+z-M+3D6_ZKGSiNF0ZB)$1L33uO(_R&RUwgdR9DP8A>VxBy51al_j=U<|
zK1TtEC<5jifz&JToK+o=0F8kT`hQkZJv*OXT`M7~dMz95M?w=KD*zA{fpUt#%v49g
zbRFq|-RM+BdNdU7KQ70Eq0o*fyqC!z5JU>|?F%7J&mqw}P~KTzPeNOga0yx06l12E
zb<DUm5cMJ<)S2^gS;3F=vnPZ#!o(`-p5}d5*HUN8<fc(<bn+m<6-EH~Sby<W^g4Ha
z%Uj6qQyRXM2DK9tS*`p-SpnMli`hH~W0Y=vlGWegkt=*T<#I*oCuoS~+z?3|Oq&BE
zG*Fv?31MZ0%z|TT)e|k?ORO}@!nUZ}hsdEXv6QUm%s5D&8hRoZ2KI}dc;QWkt0H(U
zIxNV)49lISrD_4lA4EjKI)6+Q7lk5|;Ld!60YDBO$mQ=+$VWCJD_=K)u`QzbDO~ff
z3peC9M>4##d7<5S$RH@T;!=v57_^}+r9WWRqv=K~rleeTB2`{oanSV^NKiL6*ZdV-
zpHne`bShJ0|3g+braU{)j)W|^o(h*KNR`MK)V>>#z0#3g#>b`-XnzuSPJ2K;6Pkw?
zMAaR~pcrOqCb>xm5HiYPNf5U3<-f~281d01=c0h7GkXA)XN=<3&u}n-D*xb_{zu1;
zrtVzL^t)&Ay}N4q{a9UV6SL`Z;UzLdvGS{2hfv>#8){Ks=Pi^1^#+5zDx+Ri{vsx%
zKDiOg#;eGuvc4SyQ-5CGW4xTgC%P!lq&CYl=U#D+ndy3b`Jy;dnXO9&)P!y1C!o6X
zDBpXsuE>omh=Xf3d`VH2!VCYEt1N*I{b(hjT1imxhLsfy&y`~;?rZT$*b=wEcuxVd
zy;aQS*0l{@VMHt?g!RQ;ppFk0isu<AJeIk}hFNOYNJQtTO@F6k+D7v*V@L6V-vOIK
zd*;}Y?FP+ENh`HusGgIKOF-+LES=Z{iRS@(Q%Z80Goic$Vvn(zFI@_?3{;H8xV}uN
zaHfK!iRB?Pm3GJm7sM<FnHW-QP1i%ebc+ANf3;a0pj7I}gi{3%@&AymqZ3_kwk|GN
z8UenKWhO!?0DmB5WzZA=p|Xc0`+?e`h5+2#AjZPkYV(bhK7ff*KWEm#&7eLFe4mWk
zc+Mh^%;`<-*4fP>vs^Bl33a%le7NR(I=^}f0@nol1<>RlUMEu?A+u6>O$jBda*FHN
zPZcihB4l%+6T<}pW$VWCGUqszq!P6sj=Ia8LD;mY&3~O>?#WuV(iD)WDcjwDR(!<H
zv->}ns=k`0a!IwL&5Ul&%_2a*b2%z0flw_S>8;)$?zj2-N)5ud+|iX*D*$D+Re&f<
z5(tB8W#|}QlUxKzqT!T&iUy{f`(=x2MC-t<2+zf}(Kf`KY^iv3TKN(Pubgm_SZFxG
zQdkM9JbzSrzq6iCDZGD$#Vyp8jn&20Q8vnRym|(9WuY`uVIL_pgj4`-u)r}R+)-%`
z*B6kx>h)XNso5MoW@!G%*So0sH7`ef&+5#Ac)PLfkU9?e4`MDf6MC){3)?akX~q(f
zk#MnHuDBvN)>|C1Buu1UT>xEznK3dvrUJj(kAJuf?E|zHqn%v}w`fjU%!<k;Z>0W7
zR9x+Ea8`vF|K2)rtR6n{%{kWjT>nbRsG#25xm#6uwkm^|s#v{#bN5_r52#mQ{TLKP
zl7d=-{!_mQn`L_-5>{O$>w!+kNk!}&a4@Cf94aan&cJNFzE;*#%;`_(P=rKs29=2-
zmw$yl%-<!STY#1F#z_o@V7molDivy{LndQ0au!=9{cVtIe>!r?Dpd)A%Po}`Hy8tv
zj^Dd8NepXI|AcMVVpg3@G(YAFh{_|FD<DkR`0G{X=emoi%G*OZ5q$tuTq_AW65WYG
zL6hxk>F!~?Jt@1Oo5&bmY_A|gCWH?GJ%9S?mm+GMIBV4eQacvPF}+Tko2{gwEUzGX
z*RWcN6<SCxQ{(pa&D-0b-`s7r7Z{l~lCeja?TN0lq;p0xHo7X%H&m-lb2&@F@P`$j
zO8pbu@8<K4(B}?g)gK^tre#tXEut|K#ja+7?T#PN;vvP1aUf2`+yh-TjfrlGGJjSI
zH?W-Bo;~?Sd*_IvxYSe-gs8Otx?@TJ9zNgX`m3ntug*JNu3pt&$x1!fX8Nu7+W6*G
z_H5Un?AmQ@$NsMAh<+^W?0W04sF>*0V8?HUN8kSIy8V*xcVgmEQHu-8XAXynTZOl;
zQ7lPXbYGsea9Sa^@7v{Pj8-|_p3wg1Orv7Gy>85o$t(Of8hl6=$grQGSX!9b^{D*T
z?2GYrCYCNg^bfi}k1lEw;||T5W^?oMCEj%#>}UP{A6~9&$$Qx0i<VBJp=ob~i&GMF
zkhZ|0tRsvIw%&0{a{syFiA;>d`5%)xv@R{_y|pgtc#zTK=kwo~=ZoFmoMo`PDM5E}
z)bBky*Xj*dua#cgrDAt0lx<tq;-zxE`L=lmA6zv~ib(I$nJ&M|=(qV^{@XKRp2b_t
zlybB1On#!3&2lSIYu}bB+e@N+Lt{nj(jI^KwZJ{=q5jdIJFVN^oZ<ZYdtL0JietGm
z4+mVntKL}ExhU=4*Of*O1**2Zcq+TC^~jrhAI00A1*S(HuaEQf30n5aCc5#!dYP^I
z?Yw%4?8U!>I5gYiRyzvo1$wspxGX-AcVhjcsiCz88m`z*JSg&cF<bd0i}f4JLVoxk
zmiE}kIFake6H#l{hF#Hj<(JRi=J;gkn%V^)n3wKRo5Vl&h1u~NHLJd#yzkt*?2IH+
zm0!!!?T=;JuI=CU{rGy{`ri{oKF4*=Y-6~$S|xOn-ZZ_hcE=sdx0+{NN#A?>M)pLW
zc`sCbKj<VZ{Vr1}w&9qX+uEuytIG)weXUtl_+Or%@ZweFwI}8^d`fW-u1tvj^iW5S
z_0)Ra9-Y6A^_q<$Pp)yOUDWbm`hMWr@|3HR3U^Mg7h5vd!*bf|OS_}ON>9dW>`0oD
zu(1Ap9RujXMb8LR{Z)kw4Cdy{Kt3ar2!jX%0|x`c=GiUNi<_B@`GAa|EbZ)#qE-wH
zqE^$lG&5N!fW(fU{hQj)z`(%9$iTn@q!D0-)pVW~CMjl+5t=Pb(oBig)7@H_oWTM;
zAc3CP$qz!zr$1<6;$Y|C-~d~8vXx1ing0*tbiOZ)8q@jPn0UbI--Fbr{h7|w%A^4n
zs0XTJn)he=oK_|^c9=`Ss&4$5ey)v4Y<fXE6CYe=V;j&|fxkdwzcNZsH)v<#f*Z^1
z1{9w2nNgM()!QH~Om%;!ceF97ffa)Vw)_Q|4iS(8sd)8wx^)|qrY+P1L5V9k)_(&A
zh7Joj01@HAp#G1MAvd)oQLiF52NuRKZ|`nrlCBSCU}DHk%*#wmEiTb3N=ZXg6m;6`
zkyb7+QrHdA!+H`U6GL%oNl9j2dNCH`gOKmj<U(>11A`?OP-jVHPHM5<^w16_enn8E
z`U&d%n*j8~FIHe=qbPqM!8Bb@02sQnJD7OD2>?0eaHFW*EH(Xj2a_z@v>qm)H~`{I
B;1&P?

delta 48610
zcmagFV{{-<*Cia=wv&!++qP}nNyWC&F*~+xo1JvnNjkRC)6YBa%$je0d~^R)ojT{D
zs`k2T-+TA@UJ7@X42P&J2M&P&0s;d9qJrm}j3|rr@1p92I^rqM0s<n>l58OY2KJd;
zsRyc^3IQ4h4g^J{#)6V+M1_Y($Hjz)Mny))Mu)}5#)d>BhsC6Z$7jdJCr8KUCM3m2
zB;~{>r^Th_BxdC%MFgkDhNdLMWXFePCqyMDB&8%prY6T{X2pL`3eQcA%goG-$w&nS
z!vf7s#R204{gJ8!ri0tn+SAjMQ$Lv3I9lE^P}MqE*D+Apv(VC$Ita!qJT@^pHZe0X
zHas;sGBGhRGP^cBw=p%lIKMJCvba6HxIDMIy)-qnF*m%nIJLDjvb8+Dyu7lowz;^m
zv%R^tmC6lHh;y*B`Db_KaDV&y_uA$0&coTyqobq!<Fix;a00Na^VC>yd|;MSJ^}=U
z5l%*2MBV%6WdL&8_Lz^6Zo7w`mZwqb21c2mCXK4pm@DGNfg{YzN^Al7P<Icz3zQ)J
zAbQ$%F#H)&E<PGJPla-K%Fdag-RK62R88AH=GHRgM(^Y_F&2~V`>Aocj>AMtjU7({
z8eQ75WL@gQTET(`ZOlO*5)kyOSKv;OBB7X~f(yhG6d`D|J<F+Y_t{GDL;Cz${54sD
zm2+}~!YnoJ|M%w0G1cW~?~CpH@$1cfBK@;!^<z7m7UAd8I%C15Bmarv%XH(BX><+I
zx5&Tq6?(I4MxQd>cZq)iy?GlY{$IK+$4u`#Wtx}qnKfslRIiBF4ityag1mZf*!{16
zM%)gU!f9ULcVE5%#ftj20Ur}Pey&qS7v73*XV_uz%|p-jr=sU{H~Qzze=mS*Zicn|
zd|oYk0m*sC&k;f)&Z1rjrQ^A4I)VGsHKl-8w*FML{M56hne_s|Fv2KLwSUEykT76B
zK&kzUrcS60Kj3m6c(^a<Jz;ycx9Ob=yztWP6nd*&)B2hTynReAlH(E|J3pv1>N}rd
z_zW%h$cAnoSpRw|5qf@||4=+X+!E}$4sFl$@;A5U1J<3k=RTjGS)_EOpoKQyHs>#Q
zp3MA-1NdInYXRW#Xe}}^@XPG)VF~fyv*z|Z6QP??rS`tQ?(6gRZAih_nYL&no}Q!n
zwy!^byGkC7Jb_!ac7v`D<Uytn%s+rH^2Qrm`_t!Iq;75fbMKn(F|mL3<H=;7TrJbr
zIle#M!^Bm$qJ5t4M?&{kiTiq{;on=GuIqVS;=j#)t%-nQpxJnDjLY;l!Lq=E!L5bP
zwa8|#7Qy#!;{L;LX{p3MHwD0t$C<W=1OPkf)+r*=>F?<;p`3U3^E)ZQ$IO7cMe=^3
zzN6dWcH*C(`~6>;wf!5sFS+dow!OqO&Gc-IWt;OKlIM>Mwf%v+e>S59W|)e&uHIJI
zW&!^Dv3THi>{ZC2_pMjU(Em6eTW{B=arNy9fA^Jf^L1<#+eq;5acu1gQ^3jUef@{c
zIW&{LZSO~~Tdfx3*Df|wzw;@dIh@kxVE8@uywTTj_;ruZ)lnvFVy}PW<J~K9&zkSo
z>N=CY|JTy%^l#Jp@9^ALuO|gg0r%TS*n0In&PBi~?|RqA$9;W1pV#Y0d;hQJgI6t?
zqpc;i-mkOnRp{Qpz~<p!!af(%*fKtO0cVq3Og%eYH#4#IhPJo68@HoOtzVumjpXF@
zy+02|;7R*c`e#Bd&L%5Tt|eFlExn;1H?I4>zW8*BOP2cOFMH9ETAy6?K=-L_nPmcs
z{>lM-&_>-aXW?t3ObJVV{U3BvhPz++6o>0=0&R~==UamJ1x{ODPs0VfekWR|Yi#WV
zp9^%m4gr?q->x=2o|#l;?B-9u=^1U_=3RPi@%6n=wZ&eGu;#n<J^2;b8`Smt+$Bz9
zV>5n#V&dQO4fr~$FydW*I|c%-wrxJ>1qlJq-2MW;w}<8adj3z$PrGXc`BrBWbUeqD
zTd#t+SnSCULp{?}7p!+2u3JBQn=#5m?Dw~bb8i>B<(;1+hN1Ld4mp|KZr$hMTWCoA
z0W>v!kysy*E|b<*n~f{|qu#rhd!gh3GESb;4nlv)@d5!CILFPDzk3d10N{My)(hwX
z{=2*9{chYZ6?llOyAMb97m}@3&%l}A-wlSu-Mhg=`>m_bl`B85T~(tuDUI{Gf)Ci6
zqFz41h5lBj`KxZEfT-Q3t!KPz`CBugcs4(;EulcIJMi{qJ*l><y7?!EAND`iUm1vr
zdOhU!OA3Ak@VU{oKIeCr3khEqp9Aq;RU?6T^IY@!U!j)lc|2~%o0j*;b034*%fIh0
zvX6CG^GGp&$EI2R3mEn){~j2q_VLM_dVBWzZ0f_|8CiWu#k)F^_rubM4*z=1oX%zP
zMh8gFHlg6HxPS;cM5BimrezW1)!H8D!w!f{eNJG&d~EG7r`V>Sz9k?p1KtF`A)?@c
z;2isCx9l`wblKSvS$nR>wf8A1dCZ3=AoZiRtLQ)s@5Sg1CWJQXdj7(DZ8N}LcV@2t
z(lzs3-`+Lwm}t@T@SD}Sw;zw*s{Cp|<;*Sg{*4`4UkI6O=aX<~a$&-?L6Kg4?0gr}
zxzANs^~jt4`-7t@)Dyin8Ax5{-f|krIN+ofm};V$vU?#Z`;*#L<j0)oEh46z8B+<e
zSQ@Nff2)|m-+_`Ew~UggF11&bSblS`0h$qxa6VYns~)4!z}!0!?7n*&___SWCo8Ft
z@Xl@t=>@9zTft^qFK3d@hmf@9TsobCntTq00#;-+Bfc7*mCx=c9?<%Fm1Bw({|L{z
z)&ZAt*z}^ad*5T(uvb{b>E9F|(7z8^D>(4A|CP?^(VGa_PZ<($KK*iwdSwG%P-Sf2
z^)f}w72;4K>#4Kvd7Eda-hq}G7oHr6B^)3tg1h8TQ8<MovqK7j3Q=qc$CI5p(Uq2h
z&mVHe?klx|$cCx)0jx^05Djgrg0d!+Xj{VEr)5sXBPJlK-no!0@#mWC=d-je_9qhU
zax7y(CG*1^7oK<xmvvY3dD+@tX=u<@r&m8`Hx5pOxX+~M$H}gJ&sgVh>rz>0(3#0}
zljzkK%joL0M(><Lc+Uu@ucNa*>2mdU4DfOEJcBz*N3Y}V2jF3jHRrg}H|PUn_Na!`
zzu>N4NzJ6RtAc+8ZA}Wf#}FKvISEK!@9XySc_cnMwxM-XXkeF~rIbQiSxqIgKQmX^
zn0#BkIT0Pn9aliEmdM*ys%1T?-CjF*P%uuAN}qNqGHLs5Uck@nB*r{IiNjnNx^F;#
zrM5XJ$k7b%3<yn9dpA*=B<&&CnEUO|ZJ~k7fY6Yb5g{Tl|5QM^sk-^>I6%gz2zqZ|
zo&yKH^SWoxT(EJ-R=Q(vzBJ*iCEkI?>!8v>xl5}8&DsVZa7;EsaRAc^67rbemSveq
z_i(t%q1<gY)YljU=op7QoL5Pi7vO^!Jzugx=AbgffgW)zu5Emf&W4N!O7mF{nG!QQ
z4gcks-Ho8zX4JMop@BS9eafXR_%NRdLhh94!Mdb(vOXBdFPdTw-yK@PMDoke$Fe~G
zu<7~S?H&eiP6Dr}E-@QR+*HPS16h=GC~zL84DZa7`{D7EfbmJQTFo)Yiai_&`@PU-
z+yskj09_w^9&Wi@&3z^&%mEy`Cr2WIRH_Sq4>9b(v!g-+I~A960(u@@z_~)4)H1}B
z1?7sjNxq1G<vkKN@C-&c*391&gqbZ?3<J_TtI#SCm7rLb^BeO@0H^pc|2UX1s7stI
zfgrCi+acc~PQota3$mMwk68vsQ;iA5_9m$gAiG;%#g9y)CvVd?6}rSqPVTaoMd8=X
zwz*h_vF}#-wMN#(2bsh;V5=A*>Jhv?Qe@VwEGzeH#lx6B0UFFOPs<E1SyWtu>^Per
zuR+aI@D^ylb5o4gGVlA#j`v3VCXt<dm44%L^<2T97L9yA-?9Uni;PY3Q+>R6Kiqi(
z$ZwlA5B+XGzpljb>9J|@d5{<Hw0A3wk9-`0zs)yR&8^4<W-Ny{rrNm7&1@JqP)B@L
z6}Sx7S6e98FnzfN^LQ}e8qY<+WlvuBqK6@OJRx>0Ewk!QBx~(1OgP%9!o+l6!f*N`
z0EFzv#jqHNWk(u`G|k=@Jwud5nv}9Ia1gz{K?+kuQI5jJGF_Y&w~dbloNi<!kE+-w
zFl3t<dP*XTIK~7MN%=&YGjgQOQ7wN8Phu1lmkJ_Prt0x%ntztGO!z8Y;7tA+L|%ml
zff1HQCX*%d^T*#?DMg3Na<1!Wt^QVFwW`C@al+1qpE(-s&l%Dgqta=L>ody?SUDS#
z&qCm6Dv&#?4VJE+W5RDHsIAbp9r0#pI%ctI+FyqC7ix#<Z?Y1)t($<gD}OcE=y>wv
z#Qx%#uBy4Xnv+ystZVOj%utJC`1$~ujkv3?tuYlcoi6l1Uwax}ZD7R+BGep5rKTE3
zOWwUXHze^dS?(S42-U5BKYF|Zq8Pqxv#S`?txOvC>6DTpgG9BAawmH!Ep(_92y30I
z0%~U4`j(=y3eq;wNE7(mBNEMpYM6FWoHp=9IyjW)5}HcL)rInsKnIebx4%$*X$Ipj
z%R2IE_HKu}sj2C&!akBiTj-|z(VVkP-Xa_zD)o2sz}avuqm-Cy=BN1q5aCklj>O})
z4aDMIcl*v;?<HYlDm`5=l0_vs85kE&4CgSXOln4y$<Ila88_igKW|uNn@i)S93l%e
z`Ui9j>YpIYU?8DvQX*(*Q5Uh`APom3kXdH1%p|qsPceBidODYRL?F8{3}4QbYmire
zK*rJJE4%i8HlY=7EsQAunuSscaORYChe5bt7z7uvT;Oyn)GkBhQ9G^dU8P}>^^kb5
zGjXy(B3tN&I+SYu*p`*<Q27Ur-~*(IP;nOqvz3I{;#v+4ZHNPeYfertT;^7BiO!v`
zIwF%<-{3M5th`QYS=U&Gc-8URG?xjc2f<wx>7l5-gd_<Vw>D@1CWRD3E+@r5907G5
zC~$9v!SOC7(M~}zI<Kns{oa!iyh<(?zuY&W{%Af^=i!xNlFY@H7Byq&mt&w8fBE4s
zZq}6b{2={~_b7FYOoI0itR9kqt9%)N;c)(esJwrRFWhmYV?rQGIXIkBE2>Nxl^bbK
zC6t)N{^rDn&Mn*t?1k0%!X#dBC7EC3E!upu8q}9n_R&;68p4Fyv{|Np(sm?ftaG^N
zy<?x<<{o-1`Mb!}(pf*7P_$Tq+oUi-8O%*epoeU#h9P9GrjOh~(gadZdHLZT@eBVT
zp3U%&%xQedjc;Iv_4Z;SG_?54<tyFH4oo+`zgXN&+s2OzU~mcSrm2QR!4_9xm7)|R
z45HQ;yG2xz_`7rWbClLC%azSvCpJt(wp%Wi$pL>@^k^>j*>9y7O5#~rK|gwj$wQP>
zdK%eU^S15x6658g;_LJ{-O0UwdDMFi#p8efnB2&crO&Cc(+m(>wK3pT7e^Dd=6y$z
ztjwUn(H+Ss0^DaY*EM-hd{^d)bZYR|X$9`KSA6SKbDbRGMn4yn@jv<l3s*T1nVQbu
z1ZH=-bK>itX1LZ48grSxu!_#(xNHw+dkP_MhR6t0h;`RPIPO5Vu-Yf^<<9Ksm|I@a
z@-MW<ZI31htR!;9NhL4gUr0xER84cFW;USmsi@IA0C7i8^E8V$67#n<%BVN4jsoIR
z(BLMHh(evDy&J}urGIR91We)^Xkl)5DMcaaML&Answ&xTd!Cg<Q^6L8nhd%(Oecg8
za|;60APP8j7hY_fJu74EJlN=l4bE1Tj@TaReKkTZR1J2agD?u?_`yS9zJf>*sJbL5
z|2s%0pyArzqSOTzA*{#D%CgpQ3N5(_2H7b>Itm}}?#x-Z{5~on3@*q6QyJafaH)R@
zE`XvJQ$R@&bY7vDcXtj!?EC2Z3;r{^qpvh<=hbrjC+>g%L1k#^-GcY;Gm?)(iHO31
z7W8~+O=S?bWQ;<~XlgA%#}}?#uDP%{-zp*);1pAmQhq_Ct|K-DtY<xerB{^O&w+s%
zjh--331wsxKE#P}h+)g#EQ2mrnG=q!9CVh9lRkhNATtti+;MT2^6}RFK@%^cz-JhU
zBd@I+N@6fQggGrWO36^5<u29E;rBM>SQE@eMUafL6)~NO*AQGpr^zx7BAtqLjrwo>
zSrjqxtvCWea$r&p=KV9Y5?uQ1M&E_04qnO^=d+oc;}gREmk)Lca|1$qmC{MS<sF%g
zX)F*gM+Se><b*pdnfCgSbtx>8h$!7S;fOLV$7f|in1kG!Or%E~Hd_Jr0tf2|<n+!0
z948irOeO30xUnVw?r`}!R$w(w0A}VqkTAN&MaF*~shL05k1Fwv-OoQaS&ZCOD#Z+Z
za*5(C9lN2vKciylehngbee&YA1OrTDb-)34y+M@v{Lpo;9QON4X;Xw&JF<Qq<P*NW
zTMuT5Q^nb3w5qiu!hX(7y~RlpZMCq(_bP_quwun`zHw0Z>--|9!f!O<(NolYK!UNQ
z?Sa)Zy!9AV3l&lI?Q<^Nng^56v6ZW;EUU3dL+KqN52pm9V;Y#^JPNAgec1*7^mQ*Z
z%AnMApzmKI-|dPA{zPiwNfbAKT1e6nzcI+*{=e3)894wg!*1?MgZEH*1NB}Bn;cl`
zl@%$@ft2=Tgg@Xz)rYwLT@Diw_@O&Z04}|1ao3KIgBfipgM%xBw}v=B0Iq8Y-)J9L
zr`=#L$EqKffLYcA?(vJ-l9*j%lnX9~6qhz-Dn+wJK9-(tXRVsQ*`U65$K$u>c4OPx
zPn1}x(LuwB)gtMH-`ZPh%g+A&CE!rKB7X)+T!j`srFkq`Tcw0nyn2--fCo)T=32Wx
z0~6nCs1~7uAeE3Q1!Qu%3w>J=qu=d19*r#+PsXq4Di0ESHK!Ag(p|MQMNaDYaZW1r
z!70N&v3yFFu~73aksHD6=VhqlpqgM{z%Ek)D6=wTl3aSCVo(6MFvvTVI*K;7(?(Kr
z-3xv+BH|_LEGT9)Z}KVzFaZOx#u}0d`KcPh%r!wI2$z)@QZ;d3<8`C;qu~0m(t(;M
zi}#q@qCymFoXki|fsU{CPlNTT{FAIlMe(*<5&COzhk(YiGktFeVZ9^w@B9$eI=u{^
z_6S07bjh}w0QJ>D3G8)#S81HTdUQV(E7I~fres@>dMr+VTy-v_0Qf?(q<gi(T8Lt3
z&b5~|(e~59;e}?C7Za~Rn=%1<?@o0V=+@BplA!GZR8aNJ?wVl6D6+~ITzCR1zwx7n
zDPh{PEvjubrtp1pJQXXAht>r2rm@}C*QR;((33)A;w8sLG2e{3lfHghd}h6^j$J0C
zMo8Se-=aFQ9c6!r0i4RzvbbS|?j-3lK|bl>7kf8EF}w2&VhOlrpLF&ui{PDgBn#9V
zorJMV(XozOH@$7wMJEu{$EM`^hHSzjN}XBb2Yto7sW+~!M6ia2!ek{Rm14NDG@=u<
z2)0;a?sz)3-Nv48vIx0)kj9~I#bq6?u)S)_y?uzvmgJn<zyt(7O`+!xLSdp2ZM)<b
zcns}U|L}luy=1+Y95P3T_qz6{$<m^+1XXUr2;Dc#rEP~MlrTPQI1;V{Bf5v#gGyqU
zVx)%E*H-7z_KfX_-kc%DnxUy8mQkpLL}%=*Z&sa4i=+}#VjzUY=@zmo-}b@H80*ce
z_@$2^Yvjb)fTjJNckwXGAZKdi<Wl$`b@{V6Zkni?>glekO$i8w#*t|-+MkEE37E-+
z)8UKENh}e>SlVKZWiJzP490Td7-G%aE~KsWH+yZ_p<XBv-h~w9>bx3{BoqUgl^tSx
z>;7LLu}~t8<1CsZr(q<_eA8q(`{+q2R;bY8g+I120D}PWUB<^|b_vhhux?Y#sIr&j
zf(*vaHgzgtjdj?Khi~yRrMlxM3gABFoL>Ihb~D*yrHr^aw(7k-rW@8x_7h{bT_yz0
zu45fG-H^?3F|9HR9_H&UFuaCYQW2!5RmJ=)$+>g&xOSB~c9*RQVq!mqD+8$KM7JEG
zQimwh0LkEcvO80DJUSPdV6IZaklzJWehS;LFfg+`0xYsc&@26-1rGXbjFY<ySsNi%
zS|>dbM8#WVo|A+no`uQilaZq-tFHpP4g9~>ix>5NPxKr_QrT~d$4jGmjZTfRkTY`o
z>a%9Rw&g|g%TXnPnn~#>HU}exI%FkL4uD*u0=g4R&iZ&o(^)DXfq7J55_m!48;RMb
zDOS)t#do~{!;l1PXosT11dqfCiVZ<08wQ~m1i6q)0i4CJ7{60tpRSA`0}9>Mx1dOv
zQoHlKX+_NPL*$G5g^5$7uz9j^!^x)6jO{m$b|!UuJAGMer>Z8;epGKDW#PsCs<bV7
z1o|)NQCe(F^cx$5PSzAVIHq|R=@EI{g2T-xU14w78@a4}>dt>!jFW?f5?roKF&a8!
z!R&bwV)NDMxrK(;JUDjI*@=`LK0s+FE3}`8S4b+m>thL_`%;qYRkt5ZAjr>MGDCzY
z_cC7%=pDHr5^@(w(1my`{=x5$bgAF42lN|Tk;WsFcm!i(SHoF^prd_Bf18g_a%*Gf
z#cWahP0okLv?pfLQTRpk9v(o6zg71r4$Eh8@dvZr1x8m{lk$6Hj93+z0C;j2+?Y=s
zf&Hd$XUOyyeaKXaxUnrc%Ita730lCY9$Nka{Woj4>M((#Um3F-oZAv-6cMw@CIEHm
zAR}HJC=xhxNBk(c`d)zvh>2&{luJ);<SXd_>t~R{?NY6J_F{%{yxin_m~F<<TWXLx
z)xSNTWe`oN2;3oN{z4v*V+o{Yo+$0`{XxgGWawyiiwNxYGLmIzA6ihWx;>W;48MWz
zlk&MM(La0&4xzG2M`Y0yVaY09A%NV9LKqMnRFLH3Jqk2R$KB6v?!rZAZr!nW2qr|8
z7|hPsA7)?`YBXeLlmo5{+wmG)vxBJ21Bys08mNt;ioYR6zN5*NND)uP-x|NHOKqTn
zq`=5_zH1Jf=BmE-M>Bm5wf%BIJEZ=gx>@#4eiuv%4&0i-&jK2F?k8k=$bd((ZwO<$
z6_0+eu2~2rSCB=W&0uYb$(O#=s7jC-yC7}{z8JAB5f<Uj#{N6b{$OV0oV9xs$Yzj^
z<v|q;bf&!9(cKPqjlp_j?V8<ozU1Y+F7UsS%$U-SxFPmQ7n6T<8yd;ULWO=e1%LcX
zwKRUEhoPpFOMzD3#3z7+bp+5dW>8_0l~JlXVKp+$izR0Z(^3}gqcBh>o%RhcJ$-i0
z79tXKs%w$zLY+5tP_#Z2R4DycrsrbS+_4%KLN6v{$QE8miD+Y^(?EleWTVVXCNe)E
z_YHMX;rZ^LS#r9ucx!8Gc(vB+1V?o$$SlT)B3v!!rsS?%Y>-H0c>v4(kRp@msgpls
zv?s9~=95^oIa4((R-|c%SgDli4U6B08#JxUd(rao_N|mnP(kEK?3u9{$iGiSSU_bM
zxPolvwfibI&oB<nYU4NTqm|;_H1(T@qe>O+bKdN}JCqb&d%3UOD8ZA`ExtJuN@Wyj
zWFTF%ixCwUSze;ri2!@5QHA&p2!t?83j-*5$9{CP%nct0FZB823F@OciK`^HK_$@f
z>)+#k_AU>PCeCq1oAd5J;yC<t07g+fKG(J}g_!zcMs0OJ^x+`(e{O!Wt6|FDlc@Vn
zq8d9^48em$LfdfI6bcd>R0P#YE~Vq~Zv4Aqgv+w`a_~V5zZtN*Ad5<Lu5hcd_;!<q
zAg+F(?V|jIssz!HQwoxW^BZT=3@V!W@3u)QTB?lC<pZ?ckxGXqS-1x)4LyajJ(f^+
zSe_Zg99oNRJa1yoIaB&=w6Sq^Y8_hK5!7d*L{f^=A$o$|`Kh6;)}w0c&Ni%~x2=0{
zej38BI5<VWAP3-?O?P6}o<y1{O-UuGcRg@>5rtKV-M~ZiRxDdF$!Wf!Z2+fRbx0VB
z$<|p!x^dkQd8S1~Gs0R&CVRmqw@8L-1_I3><Rac-Sb)#fHN#^zt@@;}RHwB`WCcmD
zd34x2VdCD@0SSMDnTqZk{rK&N@=J<^7=cTk2zDF6E-PTVtU*6#w&<br7gZPHLOP|8
z@0kSzePzD{JUUFAly}lK>`1M_?r|rn;L-OT0^#0X|G95g-YPiR;#Y)h7+2)L$ygJ?
zjl81V;2n7sCg^YTfu<gk&v#M`$ltTIsX|3up`uA*CZQs5oZ-U$VScnQf<uqWdGKJT
zx!etRkg7mJ(8BSB|F8R!U>bbl77Q*~6Y$NUGXo_F$n}W;zQtxQ-i<ba;uh>6Pd;y_
zqlI)mXFlTd*6i~aE>pQ%HgylIG^7p`TnGqS*2ts?_Ze_V%tl@DE|avS5Xi8yJgH5S
z4)*MIk|uQnPYQqIi;fy}NO;_-VTsb$RLSI)G*G~xb>y8WTltq%#1l~lyBpFejFN~1
zWks2}$J3WxBR3yfE|=>{&v2%F;cZZHlbAfKK#x`2y|FDa1Jm`cSOrbhjMWq^cM?c9
zW=Dq*=ye$z!RW0$P3!;(owt6@0S)zl#gH(6J<O*u$uoRn=xO7)jU>pHPBFZdJ{AzX
z!v)L?W5AnV>(V<$x%^@mWW8G$B_sM(F@-W{QhEdvOI{kgESJMLXReMM4MnhQM}Dtu
zL@Q6*RS8dG26t65ZV^rRtd2WbReqESg@Gy4#hK2s7Z-25x#muxNSl~&`kKnQ!WM30
zAb~5>2X($Byc>ncg*WRu1s~x1MYAh*qyf;&kXQ*U@rJHiCPt2(BS^!#RT<MkGzQ<D
zq)v16I=UyWN1-*mbZC|7wu{{yB2%@NRb{h;Bo%MVxWfA?X=7dmYScInB(5O*a_`8s
zAIZ@F_mhZD*E}5^=^^^d$E7-WJiqp|6Apem{Gi?Q3W1=cqK-GU1Mh}_TNomdPXH*;
z`Pb(KI<i1MBe6l#e_vxz!&UMTyRN8e-WWq&_s;8a<XD!7L?lD<V*;hwdHFn*nAB;;
zDH>UX$AdV9Am%L=T|my<BFW$daUlru+kK?W^D5Wh^Jf-oXW=p$IHcJVVN|4CwPC6<
z%v$C4*zz0l-5vB!mYVcUxb%MODFEFXzZNeKbGlrdvkmS1Wna5dnuQ9aS=S9LtCJ#?
z;Z7wM!{P+)sPmXRuvQ1&tMY#1M{nK_jHo|9qtNh2_atRhf97%@I0&^&i|1Hl??8e^
zEDnNNKW>#c6o+}_DfOog%w3mST7R>-*}8?hBt`qh){}pWj*kK~i*m@9k^tzlql`+7
z1os!LjLto37-H{%o9^uT&InG)gd9?fYB_wx;VR3hLmjU6Yk1($bwYtf%Pw)F#5R_0
zWhBX>m~JaU(r&On(QWD_DM3b6Wu))PIKqf0RF?KbDZQDqaR_>^Jzt%*0{YO-J;BiG
z@b90-m};Vg1U+ktW{Wz*_<-ptTTg<Jv?ymhWBMN{6e8g#Pa=+8EYqU*6KeFa+NU&>
zt!$t0=j9(cj)^p#aCf%nQC-E+$Gj?Vd4o2dV2zD#?H&Xf$-vM(%yw<T8UM{3bBiKb
zqXsx*fWL!y>^d&gi{|T45286dU-$9R_l2R0T9dDVy4}_zb|*>eEnp1gO66y3u+%XD
z-#_7o7PrA|Cn(0=mW{YBd~m$fOo$Z@4$X8^4mJgy*%Z9$<1xgaa1}VU$&Rck%|v$N
zVfdvoZhmkHJXYqRcDW%UU*f@bIdVtG_W9|T;3YDp>uyX@k_LYNKb8Wpu53McS|1E>
z<&&5(-@9R8rSrJcL;x5c>GiVHqwF5`T18WITAyFi^Z2I+s-$Lx^7#$@lz+5Ni*q{b
zWUCGMNcW~lIj!tTNR8R`sbZ*aN=yz_9=74|Q)t1Z%oIK+AkNo&aX7=Y35fIsIAfW}
zu`}_t@98#%9R8{lZQyUM3`ou!cx$di<7#Eo^HuR8?K@*sgaI>%rKlqoa*6Nk<=R6B
zh-&olAHNy%H1=^sMRTSy?KA!;`^I1!!y+_L9~GtXCKDe}h9%RBPRQPo;vSPsVKi2X
z2}0UT!1}ntQA&eh@V6j0ayKFmsBY&E96M7n;=-#%3SiAo?O>3k;8)5ZDcc0<Jys48
zLIi<=%#`j2LjZb&=BRt^ZUjo|{1Xi}a3K)pe_T{VYDoR<!EVxESV33<=yQqC2#F}d
zpnksxAM@H-$hy$kSt+~NWf|m0ZB;6sCX~(LHgy|o)c7y5z(qJ>Ld1E%lUEpHVA^BT
zC0wn#yB&MyGiruVBqeBa*7g)-dXP!_H``+nZi#wfsQ{hjrx6<Z+%Dh6Bs*0ar)5!O
z789zdx6;!aVtATL@N-ZJ(V_Ix95$mJh7p^?Yo&LY@fnZ^xf~qrrk|;YK<XQ;L7cbD
z96mfJMDcAUsC|Y@>bWqYFkbv1oicI(;|M0ZHkG=K@uiED!<Az=<QePMA%YuqMe+vh
zBbS{eBw#5+lN89!SCPLHPs>4FIZf}0HP@T4u5;q{4R<g2cBj}^qXqXuqPJp;=eSZn
zdv|+B#-W|#SgF~l@`HN}Hd0yxi_ZdD%a%^Zi;LNifL|Pi@pxLtGcye&n<6>L1}cqc
z4Sh<HmruO05R@k$Y)5Ul^W9Mj<N`{JY=VVP5{U5OJlX<B@OE`Uxv*OKY<9=Bjva~;
zr3pHKdMMiRuyy4twnn|tP%0bXrf0n6`w^VVobE~bTPlJZX}!?vI@Ab+Evw#<Aa3KM
zMFu~L?nHuTxX~vAb5M|SUmzI|A|xpV#8^N>*m+3rm_2YIEJRpln_G6d<bXQIo}Xo)
z8R&PY;8rll%oU=d5o8(+7)Pm(jUtQM4C3dDqc|%S;bqWK|DeZ77toOPNd(Ro7Esjr
z4LK=B<yTO$uG^}YZ;MPm)wwBF&i6K`>bBTK>X^J{rGHum@(&bV7CuGjIC{=gY_zjo
z(8CC8(|YQ4(?FjNlR1@PhjV#%+WO&m0VD+2E%@w#2Tvq9Irx*-`aihDjAnoCc-4<*
zpu>7z^Deo*m}mqcb-7%ce1|lY%8r@Er=r6Kd7lVNhotn|nh2mCmyNJCM<6@t!GBb*
zDY-E?q~)9#OH^$LnotcbiONQ~F&3>T4aB+|CP>c#_?pP{Ieg+Zbng6A*=jy;fSD0R
zN_W}s%*l?}l$2^uaIFVLHU_LPVYAaaaH73ng>$tWmMvV^LyzFwbFaOV$@HA{_8|KQ
z%q!HY=39dhCLl|Ct%O25dkc@?&Yv7~hbP17)pERb5GBIk%tQ@FwK!RN3Fk*74oMQF
zOQgfoa!9TYT=gp<!UoMzgxBRi0EORNW{K>4Q(X`{P(>X{kSW|CM`aL{Wxpvo$IVkN
zFz95*wS#c8GpB8WiIXjrb%|uK*t5ujaHMIj9OlpMnss>F5WUWBE^zXfv>oRKLgiB`
zLXu1QIr<=64+BnFB5<b>Rdhp};i5|Zgxzg~B8L+CwP7KJvTsN#(`Ta50(r?A=^j$H
z>Fb0g7DfTA$4iar8|9kKQOBj-{w`~*3Ao46UHj??<ISxRN9u(3G+9AE`J0jsc`e8c
zqcofMv>m&w@yU)b?&tI=X%#!0y0|s1X1j{ZP5JV2=49x;ZB;e}hXn~<A>ch07nUlo
zMBomCRd&%{uE+RMU7&!?0}4tRjgO<T?UMZaZw4chk~uOO_?pBF$=_Hv6?Y}!bh~Ix
zZmKv+T+pXOSn>bO!Sq@~h2II!qykoOnh_K2omdN*7BkH|9Kr?HuAsL;puPVc*lbxW
zNU4jf!vD#&vLQ!i@h~QNGFB}tBsu4RhH6K=p8$`xrQ(|kCO`y%0G8E)me74!NlKj~
z>8HRjmc>`0oaWDo)&lKDTxhYkBK)YNp>e{u)|B$9)`z*bp`OkRlfbwdw%#t?Y2q#U
za5L8xi+l`JVAuIx%r!QwKf;1U48_{{@R|avY@n{a2NdWKRGh0w5n6dcJ&+u6ib|QD
z6P(<-<&Qk*`M6dp0Z!(n3)HDuI5AuUG)xU_*F)}L^Hm8lWfj!ugN~pmsu5{0RdtIq
zlv;+R6v1O~D)tNOs))M_(6$M4XMhw|TPPHx()R3ke5qQ4$iF2JGJ)?+g^rl<k{Ca9
zSXhvWEWuE$S!l}$vlxFZRkISO>c`guNZ3vE=g?jLaOm?pfU=XPZl4V*+wb#Is4Ph$
z2d*1D4F>L0OsFct3+WVECxm=#*4)9Qk*L+EA`Gh_p=)S^<1=di66tPEB1J1tuK0wf
z_Iq+7B6&F$ic@`fXo7jA$pKe&FpDl{=pl_i-mNSmIM!!Wc)1FrTrDg1jwUSDWcJbi
zOyrLPPCh<8pgZp}2!=>0==2>fJJVQT{(Mp?eoJh+;V?3gpg)hIC{LK}_lGrtZW22e
zg4x~H!4mSJ(|Mlvwx=Q_!RWPQ?!WW!d&4Nlo$$8!jol!NQrzFF18sKs_Tz8Iy%AgG
z!`B)~_ut4Gw-aU`e?=tL8Z+~FUXUz<Ia-TMu}|kG0{ZQUeu1H+ejCnl8!*^2ObziD
z&ix35Bg@8y-_3C+?%+as@=~NIm<O5(%&S2vlTJEPU_rZ;_8uURBaZt(w9BZ#un<Tw
zK@7n{9$}>8qtQV0u?T#s>pToFH;s&?OuL^e_DrDnLP@+C@Kf3v>R_ldP}MUG%;DdC
zcpLxL0RsagGh*J%QZjeRP+<ooluiC%*7=C$MWhMJ7Z?IVRFT{RoJ6Q-Q^Kae-;Sz8
z9ZaiU8x6RKyQ(U@r~<itd6&tx&_Tn5eR|fIeV#S_B(E-0zwySytPDQ6Sq%NA-NEHS
zyLsm<*FpD5kx~O4sHY5s^?`5FYTSJTydtRsK)J+Rjfr1?zoAaL*?!F7!^<^0AO4*Y
zj?2OyUxSh;a)Rh9Poy+!dmTQP@^xHlJVYW&1cPypZP?YsJs0Ps^;}_67|ZJ!6(mTe
zoDU69q(RWeOZ90mkq$>9EIZXcg1(w>IJAmiZdyZ<3<!ia{R5F7)7%Ddk_i#@4?5Hl
z026doa(s?BQF5zkz!+WKTf4MhhhYlje0~&hnR61|>d5Ow(je&B*Z3x1Cn(4<u_6@D
zXJ9}Op>8>7vOjx4SS)zW&58p-@A-sELb>FR3sl3sppJl`689Wg<el~mM6mjvIdWMS
zm$K8k_o^Z4K~eMH!JEMyBEHSSDuW+`fC*vH;5#w&APFcKm9|WZHgVA65d^7phGgaE
zG)Nr7Bj!Lu36X^qawD`N35dpk^7e$YWzvI1P9rVs72F&{j_!N6H{?#<xk4H9`sAby
zY8bvyrs$s{1hF}#%~9z*`0=z=rB~E)N@*_{cpXalf=!};C2Qz2>P6`mj<<P7fUfIj
zT$d^F-I})-S^{zDdbH||m_B~^pZx|Ouad+N`$)p;V~w$&o_!Z~xV&Z=h!ha+R)hZe
zqSA{FqiTqdd|f{VKU{c)^621vd6p(`<Hz%joF>6(JiF5Deapu({ki3$MZwaL8`Rjy
zM<J%wPKyHLsRLHNP;`FDmpxV`0WvI@d<Iiwc7-cFiS{Dv$$LlUOYd;BqRJ=S@Nj72
zKOd=!e(G5_Ih9S+m5nOGcA@M>Y_TzR-H&0_qgSsg;$W%4_gd<8kJ-U<F=x56NZY9(
z7@jRC!rUUY<v+FvS%7zLjo4})E(OUVfD$>^aKr8i-~OT$`>m|M!_Dxb1DN0l3zEVL
z2a$0}#8>Fp<^6^pol4h1`6-3bo$yA7#LTx&ow2Ui=KPqAj9f9g;nLyQEUB!r*=V3o
z1ML*sST(N1U7bq2!aIrVYea%R!|{z5O6zAd`uA!>@k4hzO{1n>o%3U3=dK@^ak>}w
zCQgQNQ}~&aQVq9~9VfF~J3!p=layDNw}sFBfk)=t(a-fW{hQfpCT|`_Tp@Fd|A*>1
z@MY4w=yB-i{v`0`Bll#!)i5B_iS^|(v)}7=`{>?fQrnO>T2ag4bAn4T2VniYQoRLQ
z)`<B!vHNYXu=_Am<ABkV<AO!Qm&?q);$G(_i{5FaVOxfL&Az`5^MZuywlBw<S_J{O
zTQ48Yy8*EMK}<c>>OFBxAA1+mnTB_Leoue3uy+5S>g@k0xDO*sK7{n<U*LTSbTdHy
z6&VRd@j4Vy<B<O;(}#h9`HxILwTzb>)GT$9ml{A1KrkN}T=@!O2{So+Fh($vtc;K+
zA;&7OgQenypQwa1<+3Tn5CVsZa$#nsfMI5)Pqs4dpoUv*Kq;35xe!$pER=i1!Fhsb
zV{Ty<TfGRz^@W^p4%c}^qk79lJun4PmV<^V!Jtb?`ZpRlP>_H2|B)}C+U&&ljST$X
zkV3N!+OrKn{qv#!JCz{w=mV5AGwlNu<3H~IX}N#?w^jWC$_D-4FOx~|0jmCAG0&f%
zod3J};OD>Uh)G~@@c&1Dng5=${a5UNxq-z0%l)rU7T~|zRsGNR`(Nc>dIN}qg}Vu(
zw}X9rs+`jbGe-FHM+~+5`Af1CI$f$P3@Js7uqn!gB+=F^4jP~9cbWI=Nw*x&E@PgP
z!0{9P@zh;`wREqHHVw&Ze*%)-)ExXG_s)CZN+@`xpKj;qcwfXtCVbz3p%nmcb)Uhn
z=_<RoKJn628`fP_oweOm9sgldYRKR&w@hQLNkmun_v$0n4Kcjo`n?bt+)OU2nLc#c
zT>`S-S;4A08jWB|HUXAl1T=z<kMm<!mAt#wJgyTW{zcz6h8#x1`Kx!S471qRE;tx*
ze<6tnYEJg)I>1Q>aN8eYS_8HS?J!=|%hPmqkK-7wRu`w7&_Pl`AlpT}-Rj++y<hUE
zA}Q`T2Z|bx6MrL-sh8v;=T$+#xV@Z>=sWYer$CB8fMbB6UCT(j$PQCS9c-mhxS*Xl
zj~+{^QgiXck#y~+75Uu?e07Z9TE+E8oF-EKhVwl=QtC-@2tNFS*$*ICb~VcK(G1-F
zcp;mY_3PKxV2GHt2M@I%{0@o%Dq8MgD%(UdMlD}LE!+NuOI#nU$73+bX+=Jdnklv0
zW%6T<=1QT<Y+M%1k@wP5@YYIYwWbGc*5!k?ItHtCGiAQmqRe8}CNIpUDbCkyw2F#a
zpYVfSyCd~!Q>1CNB%TxMQ-)`gGY;8Ciyn7AQUb}SN91MgZ|@8Af1oU9_>182AB-6w
z{uh-08!oNJVEmx}1+4;5Fk(PY>y8(_?{8pu?3UB3?#+$vTD4!g80wLK2ENu$sLE0q
zuN2*zbs!b2&k@oByQ#mmSHy-jRo?R0$5IveY=oJZgg+j#dZ0@EG%;6X_Q*b2K2<2+
zZC0vh1Gc|Tuyf`8u}=h!B|*#Y)QxFOqPT-k)qiUxI<cZw_(X&;-2oVo+P}+ktw_sr
zZC;;C?xUMlx!@0$UllB=EV6|7Vh>-W{J%nPPj%MVXPbYYT2@Z~87a7`w&i&1r5)SI
zCF3w@%@Ws{V`iMw1gsR-V*Rah^p8EwB4?kRfLhENLB)V*aEsj3$8}p9E?nho;MV2C
zvUR4-2gqX!y2To=1jdJEj-&M>Zo-&(XSebC=LBOnjO-DWN|8Fnc2k>cL*{|6o*qH@
z7s98C=F90h3&7BFS>}39dwY=R1&47CCC~I$By<>OFv`-AGSQirP(yc*9;;)Hzeny3
z0=2RIWf>&ALh$hh%&#E6_19nu4+@@tXTfCkPGlL}WPpV|a5UZdAl142T<5k~{b1@P
zF*W))AKRiDevRV)p)E5)B+!KZBQKA%7>v2q2YnNgiW1&)bT>R(@g=LV5V}~9cPq}t
zM_I6{h%(kZIhneU*z8Sv2|jK%5o@L3(v)0_wJ+dOhy3WQx;Pfrlk&+P$;eu}OTs{#
z{K?mwG&iUaKp!GGtC%n-S8h9+e$KXEKlE_j76b|M2L2cZpt?{5!+a1TIEi$nF<_WF
zx?#CD#tBM(u*BtAH!c?6zS6J5zS}F28sNy^2)KEY?G;ViyHJTb_bS$x>xDDE64p?Y
zenrJgrPiC4OC-fw#d*J&T@WiFhJ@7xpQdStPQFV6(m+!UXc?NA(cD>-WE4iw(5#0!
z{(%zBMFpMChUt)&iSI`|rKXyCVfcgc2u*mJ&AYy|MLTUN6K!=1DkPF(v34rCaUTZ@
zX>dIwoS=k1Y#3AD`*k*pU1Hqm%q(KYFJt34!)ljboCSH?2cwjhC12Y{+$*{4$B*kz
z)gC-ROzqz-B|bjuXQN@;UC#5w5-67w(%Xx3i(d6C{$u(5@4HIAy|!&TZ4nt7?Q?)q
zt?p9?a)DcggU+vk2R_U#?+e{nG6wp^n<bpYD$8|7d0)(T5B@FyCy_Vxtr;`XH6FXd
zlu;_8(f;9LV%qTJXMMbCuQ=7{Kv-w!1h@`hZ7o?VvOijucXXJ9Gg^3ipb6t*6d(Tf
z>j%B1VVP3`xL!x+S14Oc<{?4!80NduzZso?vci0%HHGqQl-qEYCG&8K<cU_T`D;7S
z`5MoZ9}gXRY_RL(uu!Zgh(FN}pK$Vp0FP6;+DhQzQnWLV%_JZ+*1Z3+;gkD8T1X10
z8|!UA@>73r>l&Wk!1wTF-nE{)tkLRhs}Wtb#kVXmYI`RyVf&Mb{j|V|FHmBZc__Mx
zk7>-%9FcmSbnM3M42H{dVwg5(5j=~E0jG~7+DUIJsvA{u2z}T^1VNt+LYbsQbo1@(
zPEhnoc%yGX;h<KmE&(*#fRMRcwS*0@)6Um293Y}5<B02FN-J##kPA%}q%=PS29e|{
zx2xeL--;qBH05g}Lz4!s@ltv!Nug7hx@5{sunG752*(6tpz1?o_CL<1X3A@}W8*@s
zXE23uT`@RqmVKZ)R-IpBa@@5)f^HT2{FB@l2c3Jq;M4Z#vR0ju3?4$Dt9JmCR4iC@
z-ZOd_&)nO+=b|uQ(LQc5ecfd9Y8;-gB4I_9Xnvko$0+@c2+D4>7TX1hLOg{#W_4Z(
zaRd3UWW-Z4XUc?wQj*oy=*Krd`ptMS1H`T!eVt^Z04zI6RZu^~81B12W(U!SqDNPK
z^cQot0u!9HSxN99zTTN_5q|)7FzM~Zicxlls>HOfmDw=R1Hrd6jpqWR0kr~JA!&vp
z`Cg`ze;WgD&v{c0{kcu)uTDbMPVc}jQKr%fo&MI+#IFZkWa|j`h5^+h6**Z(5=7y#
z#%!!5lW<ZUQK}<K3J!G%gH8%<c5PTCWpQ`=LWE8n*V2l$dbpZU-yDF`L|Qgn2N8<|
zDX<E(9d05|i6_hwEWK*87CCW!^w6<nd#5$u)|fLe@knisIbUBA2dFw>Y-SJaqRq!f
zygwE8hgw6Xye*$Ehb{}Yrj}bv6<gjLADE>J<M~sIqQ)aE#bFr74SkF6rCDHr<-*mg
zrZozlwv!Q5`YWcAjvRQ<=)M=8D_BS)gBMK*uQE>vR9HtuA(g<0!GbDLhOPARDEmub
zEC*W5SJ(c`9d>!pru~hkTkYqV=7YM`V(S@qweLo;VK4~{D2z+^sD$`-l>e#D>FOHJ
z9WRbgTnhVou%8KIM_L@W<`0~^bnB%xD?v|;ezHL8=yv7JZ9f2s2jPfQhYGvqr{nV8
z%ywrn8ZUdAe^FsGPd4?|W%4!h#5jr~oCude90i><HOnd3$JVIXjE)a!zl|Xgl#!;Z
zM#~vvu<9scc|&t{C72G@8{@atE#e%;N_8t2JFVM;58h|C%V`)73M<HoqAFS?#=E|=
z*m5I(0|eY>j5Oep`%YxjJ^hBAKs+7HBN<XT@|7z-?%`b~s;O?l=wAM)_bgs^G%+R9
zz%ywMm-`nDGlV2rIvG;2|Cs`+!boTF!F8-$rr1dHjlotG-(iempTW`Dgn2?2gp6#i
z!n>@}UnWrI0T5~v4r=8aT+{laZn#<wYU!cUZj2jYtp<RC<5@2-GR30qjDo`NVr%Yz
zH0o4Zf+xr{3h}fdrT;<y1(BrWm67bdV^}2mTc?u-)JpnVO6(yM>YXy8gfsh``@;nK
zt(OeCjtZp#egm}yE9u{Ed{dgmz)#6-jK7Y#9|3Ha{zcap%UiEj-Cs`oPr!fZ3C0_$
zw#7fP3cND^U;O0%LucXs(OEZlAA1Y8{}9?s1BcYDHq@^jqaqcmPxE}~vm^JaYt|oD
zOXg#qKYyOCBZ!Nl*~RQ7t;kH(Uo-B&q>xCQn!j&<7f2P~fNap_@7@@NzkiDy<|N`@
zqEFOz6?y<1xA%jnK;cWw1B5;<50&QpUxtT`44YSJ;r@`B4?4=F4o$|I$=`#jE8c~Z
z>>zvTG#OJQ-bskIu^V9whLo|Zq+?M%hj>xSdYc7QyID4SiXcnuPEF|jkjwb=JD#z;
zWF~*_OHamjx79Ri>`O=Xxv0rPZ*Y)}siYbuO-KQho`)4wN@EwT`*(LQ#<}SA5_`J4
zyHP7_gTZGrubQ&l!Uv<qF!-jWcH+5Id-QaZ`tC^UX;hoG7;V<{I7&(4b!Lgzdr@yY
z990w=NOhd-osZ8R5{AE)`H*J2^i=J2kIe;rp~b%vy`1Fe&A0jjNS!1!M6k+wBWXHj
z-{Jrk23k!NsDG@(z>5{FAMq;S+q+;aTn_Gq$TvUX17W-G4i2*5f=&<wNCDzmv{wkw
zzkc4ir!A&ggkzbn?urC^`a2lrn&P+TVyj}F^TLbK(M7Ql1^)nD$QzHk>c`jQw|a)y
zUZo1^E>hFrPCc#QrSram@oCu{NJ~@X(6a;D`%Swcpg`rq)ky?O*<+K$O${AXYzD=3
zW*Dti>o6tZF`@AmwRI|qQd)7xzB^or!-Axi!IyZB>ivH0Xi(T42NIKx_s&4SRG!S}
zbG~jwYLn=ost;ozR$y&VPLS)vt(Hf@Z}G!>h`-=e0dB`k1QG~Cc^8M07j5#4_(C9e
zie|#c*;Rzl!|RSMp4bKz()=d>s<N!4KPBx5sBVgG(gHVlv%N9HN`6@-`6hGqyKrmu
zN5XDn7{ts{5lIhTPl*h|U*F-B@1qm|2TE_BNjH5l?nI-OslCq79R@G=>NgQm27@Zs
zW?I$n916ztd&PGFX(tsqT;g^b=3>CdoMStEsgA0NObJ=gs2L`qwYO|xJ1Tw4wm(#%
zMs8C$0!QCG(?%i#`t9Ll^u$Jn_ItpHjClK6h23>=A0$lvLVM8(vN3hQG5D+R%y_EA
zVaYR-+B6H(pC=n%8P7;iVh>bG_nSnd*%j{hKjoSJC7jp{(-Mj$W2j4*o1*~hvI>Ko
z%sQ?NmkP6b&s}@!&{>G7m}OYWbZlHeF-q<jLdgF0Sn6h)d<3|@t;u7wnL_8|wdSBL
zw|3(wQI4y&?oB$S3DQ@F#vLN;<_@UM;9tJT_aeVTA2%l1ng_E~L*bxvVL@TShq9!2
zZu|@hfLWg$vYqSnAaJA+5(_YdDe`UK+G}m4T_qfLeo|?45l?6*b8#eLpv2wJssEFg
znzT#WElQ8~JWO3G-;l!n3uP5F(=1yB>=j*J69WSiK|)5Fg?}V$9YaT^7$Vph-gsz<
zKxB<E*HUU9kL=nN&P>4>YLu6$LB-sEmNC4lLkk3fX{JP|aN&L_Boi2=(7B$#i?JSp
z2a9ToK_I!^f)?=96=whK5BALo;m1xY_#&$e!ih>sqml%cz;uMgNzBu@q)I79%*}B?
zGvCaisjv05GMjey%8G*ewR&oxj}ZOI57VOnc_XEZ2K0!+`&pJ>3t{ix->67y%8@d|
zb3F(g$Qc5aTFSdAs6ByV5qEfISsX6;9UE@CFkTY~&phLASF<fG>@%ASST2kG#ADfN
z^m2TDgXimG)v({HA`OSNCEF=vy#ot_j=8dy4ElaF@(<#OXV`QMX5|Q@;#<mPkUpX6
z?j3?svB<cIU#jtWvbNQGAW?GAeTdtfVc09gB3?-srRSY(TqpyD&)^&K(oN1AX9z3*
zgR83w%cF_aXmKs>E$;5tQe2C>Q{3glS**AecXx-P<-^_G-QC?e{O8=AtIcFG?~_d~
zb|#x-cD@tD1-KcoQolks&Y?ukr9n-yzOMZ_4ipep#v}l()1hJ=jB51@#lu7{n>@h7
zwm+Yp%ixeO<Ig3UY{Y%rrPZG>V?Q&M?ux~RwY_fQKJyx}_*#Y5VY0E#k2#;DDHth$
zCFw@<ZA*}MugEKY)0e;x_~$5=CCpUi*(#+~_r$23zH*>_rANSA_GF`2o0|k}ew{lP
zW8Ob&#gO{EHF<!e)t|?^B%#u5L8NT=qYfX5p~gZsDu@?F_DVV8)`;JlvlFb{UWFjk
zso(m$c>AMn_#qcB?ZogEyX9$r<dm?hwwiv7P%<Tkow(RBR>3hFcv+Ak8oCgrs#1Cw
zDP<>YTrHV<NoLODRt(}KbN(HVhPge4UyS~5j-tN8(IWlsD3yuuK(M#{o2_fp7K}to
z>li}Yl!^}QCc<z--<ZPkgX*6i5G*cpVKm-g2Fzbct1a_LE0i;;;!p43;c#;oXBI@5
zgtIT-IEYb($quC)0qnLj@&VSKsxgz@@(G02FthuGSmO;{sEAT&!cNtXf6Jxbjw`$C
zV^tU+RqwWAAK|**nXfot3fVFbto4etMo1fe#WW#meSfHSLfE(YAASHVo(|>1+h3Xs
z)4k@uNvm^Ss@<2PmIvs!SpO<O|Nf3J1&%in3T;=xWnE%#0Nc+M4=M6lpM7TJpG+cv
zQ`-4|e@e}`_eGA%WxIT5@(GpVs^Cfnr@!p3$}M?MUH8mHyjvKQVuXYG{*Ch7VVcW=
zb68(JCLTt##n!RdT9`~ULT7ciWd5)oi}#(t;*WpAH!B=L>A0Xh$Y9HYEsj<+Jc;tQ
zDTX18-BRs32CQA=T9(aVu-H#a`YRLa`lT7BGi$fz(7?Yg-}$@Qw7jW4>)gZiVQEE+
zR=IyKJp&cuG#ZEMD-dO?DUiw!y0<C^StLPQ6N=AwTE8A_?)<Fu>R}P=H+`=+h86xZ
z#9XtK7%A;z^{;5M*I6~&J@UM-QFVGa@O43QHSuV56!2hPTB-Z$gCNmBliwGoQzSAo
zAMiwbmxbS(c9TzI9)f{I!nF`U6X#^`*LySNK*f^OThCdC?kpiwfT?w=eyaJn^!zDB
zsMLe7aa1t_pjV%@j#Hg1=&|t`rfYWK(`x^>e3s3m4AN|OAxq8sMN=@&XXSZI?(waz
zgd1M$4KV38RZqA1x&O!pXJeMteM9)D5OLYhJnl*pDHDDRMfr7@+yTjjp)rPXnHAOo
zI?Rq1Ie1FV9W-4$oP_eDAc!KPk=m1FS(@j|i{-sZ>49=Y0QE{?iRvkUyr7|XN?*nx
z=!)_p3)eOm`A8Yg?`3e`(9&w_qP(W0&3^Ip3ZUJfnAD}eTFB}+KdAG{`!H$ntgmUy
zsp0fOcyuI;kc$KvDn?SBS*?3<k@q7}+6~6`5j&N*r^ab61{@8n3fS?X+?*krt@t^z
zJK*a?2%9-zHB_JEp=bGB$pnK?7nR)u?$U>mHvB#hF%N`Dv~e-gRQe4%R+8vEu)DUG
z10-14M~zNs1;16R_Nf?hBDI!OHI6I@s@(fBs*-b6(+ft-unYk9&YSD#Bv0eLb1)B1
zBAuRd15A&<&Cl(B$Oe1YlY9*x!i+Z1GBVJr<<9rHO-s*HLuY5FSZPNJ*C}Xbo@Z%L
zYtT!rQe<xB%h1f3o4xFH-;V{OyLP|m0Yy#|=^1Z^GuSNOXu?)oPD5~fe_b>%svMZV
z2xA0B8<CG9%PxUqu|M&BvpB7n@MY_V@2zO1+>&W~Odg0pf7|&!BHR-``zgqy#d;T?
zLdqW{fG5ig&eZm%NsmZH59-~!e1~RhR?7_rf9QuyO5s<=f}A|U;WV_}hi#3OH2{WL
z*%Pu*FNV)x$d@pY3m!jHm~*P>s-U!(mYXYeM(Z}H@SoO<g}U-)JK|7v-#~OP1z2*l
zmp8@CydNWNyf0F_<%Owij=GOxFk<YB)PSphNi$oxW=vB`IO#w&r?zp7&2<-cxN$>p
ziWW&Pr<dd@vWvzqXv^hlPr9B)TA;@>h+s0S<e}vWZ~69%TYS-O%gfPCmYPDG(+!7D
zkjIk|4wttBuj=m+JuD^Ffzxo2QpA*Yn*7o~VBFs`TRis)`7v~ZD#~4msm42PVRQT`
z?pFTf(b8%W*biW<UL5@bcZy3?VZ$#-s=X_;Xsk+->2xlb2}1k}nNKf7Q6KxiKn{du
zn1~ao(mh4;0+<F{EwtmFd#@2I_S2)7ig?S8&y-T(v1Hrpk39u?W>-g<Bu7Xcj)9Bx
zXl2fdPTfOy@Cy4CEkk_a5EWM{+E<rV0UW~ZKM%cBo{8dKLfyF|upJe}%!h5(y#>xY
zB!EDNm|aEqFwlOP0b6FnFJL;TZq{eIf?FV`1^YABzZ8~sMcg!Zi^t|>m(*X!5P4mG
zJ6P>@G?3$ezmh9XHvQgRWJaD1>z&Lq6ZE(lL2jF`EAvk2=xyghMQ~ov8ZW=09F+0?
z`1GCF>PQ>1nSys~OzN)TEy_IU>v1~1Y`MzOdm>VOo_B-OEyN@y@&ZI1*M|8|apI)l
z*F-7+X^AEtGa1x`$;2$(IAmT`>gHzV`Bu)tpWaaLLC8&8*gVq@wzh^}>0geb5{g{5
zBLW|~)SC!4eMQ|rebj#pW%=lznIr^9RJzah*@{?p5N>06m{@+tp2MRo0iB_eRT=EJ
z)IK~-QwbI9LX=K%NC30lIS=a}Md||IRfP&1OAdM~TAC8<dMY#sJ=_?-GQTALv$?;2
z#d9<pRQkmB(yier;*6x7h(*{-Ka0+O`Hw*}405FV;CA3e6Vbk<<tio?xqlu{7C(Wr
zn?-6NR_9pKN*O1&uoSMeemH6`UBjO?2f&vuqMHyp3Rl0HD*#Ns)nKn(gfCN3XTgsa
zY&oyr3icE8zun{s>$zR`x;e6EJbb>ty94og+4qwJd{=@g8wPTV*e0@hd%)EsJh8N<
zg)B72-WpnfZsMiMsOztQPw(B|I3P9kriiG;8_=vd|J?pL+@xs#@>!Up^p<{zj#1ju
zhIm>yQc93>+)iD?f1jD-hR<w?`8p<!@loB%!mB=!>f_;2pJ=LXb$DmVI9fF~wK}Us
z=W4!`MzH9;GVlh7xj&HpcZ^-@YAka=g@91~_5V(>ji-1}6aN=x?;wDp1x}W6CO?~?
zZ;)szf%5Z5RFWDLMb$u>t86Inz7*1A9Z((FUr8%xh3gh&8#V8T1xC8P)Vv4Ndx?<{
zpzLkG)2iNs68s@nUWr_VpRd5@LZbqwYY61r7g_0tqjM>H4{8SBx1GVoaaUoEPiE_a
zuj@Xz5&f0BI?I0b$-F)*DAiEHLGQC0R>IADMG8qSgixA*mm^o?_T%mBtm8jxrsYwx
zbe+TQ&5N*1Dx`+k`@QgqyhiKep-ZB4hUTfXrvxw8y&lum+fDEy<zx8b0D@IsU&Ls=
zZsZwty+Y5c3AAN-3I3cA;f<q@=Q8N^)Mk0n&dgL`wVFDhZ2scU+wpDL4MSjUv(qM+
zS4A_2zX~NujtB}H7+D^knor6h<Tu=NDZ6nQzA1;<?ktD5xXAQ@wc|+l6et|*ln@mq
z6k@4-aJX_bu_Jm~*K2RCFB}_@)d!X7+cx=NrTK)VpmQ6N=dYGcq`(=blbPyd8Fbm=
z4=xp6jx2kvUY2;dU@n0+%c|4wuywqf+#)^aHGP~C^LBOtIHM*<vJeI}ZxQBSho*;c
z9><95QkASkG4TVzae-)&0l(3{L7Zd4I}43wO!P_=N@VHoiw|UaFfSNMc7oZ+ci@|k
z-C~U>$gojA!$fMrz`-*~v$T(SW$dGEo+!6&UO2+sxw-UUix`S2@-y+Fxt>>DXhJWN
zvp}#ai!-nQW0}(UzK0Ud2`?<4G_zT`7>f+~6LAG!iKnl2%p%|WT!eW&k$hK#M#LeB
zl(LtvDpHOG%LQcNzIPGvR$nMYhGgj_C|t#DukzPer7RJeZDPsZDC`M@w2ij+wd-0A
zRwXUT9i*-m;H3D>gg~rrmxk)YwOPQze!dEjIj!FYJTHXDp@b0y*qdkE=FB?3I%lBI
z)x-}c!}_3)8v2*=%ITPN#$Vl^6g}j#I(YfQhB($a=M`H%j7)KTb+mabm>z>#MtEJJ
zcj9jF)s0$Jh|;akR%Z&qasJNPVTtkA9fkg!*vF8YkZY^Zk-W>m6lcscIxQryc5LQJ
z&FT6JuwZzGoN2e2JF|%9Rn_Nn(!$}twt&irrg$;}>JD#z$j6weIp$xArcBm!uSK=B
ztT?y)9E#JP7LFH1f)4%^88>13bWX(K%9EctLOnOGqw6CEaPD;g=;+j#%*?ukzc%%1
zkGsB@Q4Za#Ah0B+;LCpt%PlZ9t<(~~F0}swWW%_Hr?meid2{gA+`4}`dQd!Yi%jTW
zwFN(qA00FFX>>aZ*tw)!D1&0QH#|(VNU6UJkvFA6+?3c^KaJxHWu$Rg9afl@39{JV
zKFFaj6}vzBW!cJ_lDV47r(;EQ{Y&uWkl&WY%Nk5!K?PBvwk)2{B?@x?aKcQzF7bi@
zgtKiz-pnu58?(t4O_M88DMzsX2ux=&800975eaqUFbJU<24&eD8{e-keHR#dsuMMC
z{$z+B2>iS$?{qUa$)cdQC~r|FZNA%w(OsXDV3dJu9y5c@FkU*%fpT6QM`-?TW`fTM
zd*Bg`vdV`X#AzP+gvfG3O8DvD6=<9Ts8Hl}-pY8IK#_;#t6_d#1#b?1GeZ;i=sm?e
zp9z+?6GU~p;HE{9>CceerZ&s#s6|3Msb)VyqeCrsljw*+U1lMlzuDb5j-D(&=gsOt
zLX`9*(k$SbYTlM_w^Nsd-^$qjavB3u+$?z<8Og*_sFa^V4vp?An=crvqlRk%c;~Hi
zgR!q7+=?{7c+vghWiGPunGr0--<GjD`0*{OS2?xCVYzY6X?*Vwwz3i30%9i5omD#c
ziKS|6(7+zOXP5kl8yOMB3nWpV6?7L5#IP46x@ru6;Nk8T)MEA`C1T-+eJ4g0$5j*`
zJ_Zxg(Q$%G<hy-?$>~emidBf}F53UQW_2&=oD51B@KJybkx0T<OFr?zcX);=2(|6!
zaKSFfdp(#EH9hpG68VMop^Gb<qqwWN3qviGfR6-Zi$oGT=I6N82L5fwi=O}ViGndg
z^E^e2)M&|rSR0fi%V@ArS#17qO0XG538H6Va#{LYdPI5-Kd5oOgvb9S3d${-$t+(S
zcvkGURmZ=3%!u5ZbCBtMU0RFwimhaih7<`483{G|+&%vo(9V#%KrGDhbv~=3dYBC6
zpsx`37u5FM_gIvEHu@RF$FWS7C3oi-nwpU`^5x<UiK`56NPsOjUg*qaS#^u4{Xd;T
zln^uVVK3yx<B!nF)!L5^uKw4K08N2CJ9dYsv!W&GH-YAkI?Tbkb@QUJ5BaYHw&Q+o
z(G=3ZgrM(s12d2L1z<yn{q~m#^)Pap@cP>}Q92QLW8mK_HU!iS+Mz6hU87y)`$#zP
zKw2KZD}J=(q0_swb*T$p_<k=-76nt2>!Ab{8mhw2ZGAXRUc7|>xjzs1aEXA&he_iw
zs(Lz?uQvtoFQvcC$$Z!tw@RghkaxSS;A@Jrg7^hnzqhwez2|?Hqb7Gl(P~vI3S+(a
zcnM<hi=hGH7cr&`S74BPwOf)B%m}o{*tB*_Qh7ov(z3|nKXeZ;KEu7CvqpX}IX&Ut
z$XF3uy9Wf|T7bnNrnfc2olN5I@mh2!0SK*|$WC*vVMqg&p@tY*r9|GR?zx3w+*s8f
zcn((QjeBH5r)!3RHLcJ9dXoJ)OYYL!;qDirzE)+dov2;CLvN5#_Fr!>uw`W6R|;Di
zGOY%A$&PV{YLs&fP<5?+m!)|9jC-fF0r%?j`%#AY0f@tbcICSx%!Tq0j6nMNebnsh
zaOBD50*M;lTo3=V$f%UGM;TM)=u*HeS6_EnnTgAi4Skj1PKFNbQFm#Yj3#g(9E&wL
z6#YyuFm>y$1HG8?<&r-X>&@fV&>!8S+&4-hmY)3pZ?3CPo?wnj2USLqSEYN$7`{Ye
zO6XJc7a+qHA<Yu&c!RZPiqY^G`H2y`|8PT6sfYpVUu45djkszK_`_XI(G>P`L12)z
z<TC3i;{87_GxFsXSL=ZdNz9WxgJ}-1shP8^HHp;0DnD1S={SLEGH8dtzk4rcXQ$P;
zR(`T>+xS|t>vC>krQAMwZ(y>_+4WLBCkiJRC?sWdmQa)WBoW(*=6l;F<QNgA%uq(1
zK`<9hQAG-IOg??6g8dYGo{l#cEHOoa>gOWSSSCwwm7(1I6yuy8V2}YdcLY<PK{Tfz
z_q<g5DBt3wlb+dZs_w6BcqYIbcW^Ot3&u>p`!-lM5Rq_Bgj-Zpx;qI^JAxSKrcONo
zP>GDd7q1}A{>go{-7hIkS++AH#=i<*9aEllYFr=t5h|6{3(72oYV8J*NX|bnG+eW!
zKJq1^De>sp5sUX$U<8-_9q2X>q*errelRZSTof0#^|UGZbUsFLw1UGRJL}TGlf#Pc
z;!m*ZF-Z;QyQJcX%=-C`^g*u!iNK)}SJF}qQI^NS6|VN&(xCWX=Z1*YpT*lT#zKoc
z$@1<*vJ$i&KR&=HR;>P1ukl4>*UrcPXmv5a)7_w{UGkQ(h=H^8RXTz@<V!4|kRmGH
zl%%DqsS75ciXOL4Ft)#i=A5Bnk;E4_`}u2U+f^kIVBpfRdbGY*)qIPI01R`vFE?k|
zf9t+o&9J|I8|5K!;Kyzu*53e;=wH>GjA_IS6P5d`e6JhpBVGa|Y622;b9WV|O@+r+
z5j>JmPw;%O7`-3mYuZ)|-_sLT`@0N4)Sp&!{YH07fQuu}l{e6pA+6xghRuj&cm17B
zqrF?`Tj@nq=UZ@H5fg11fF*xcw{nrrYHbysMqDHu+_K7eNx#`~Ytx@3e6^wBQ4!;*
zk&|4RF{c~n^W;5zrp5w$8HIRuPtFKzHVMmy*9p30E|Q*MBavm@Wrp4%?gr`2;vhd|
z5}bN%-tUsVez_5Jfqa^B0767apE9+uybqfInEk2DW_s^Ker0l?^?OU6|MRQ4pFYnS
zS}aw`d5Q6?#bz5Kn2s^+J`c-B?}4_I+#%%Y;3?C?!TWAOP}X%<upa99q{j1)Qt(qI
zUyS$L!Y*ElVE^Pv3C7Z(A$P)0?qp+E`qjU*%&MI?e`VT6*BB2yE%98n`VDNxN$F?z
zS*Mh4PE&VQAyI_^yb83u4xa}UyW`HS=jfVC?UIG8&c68tWNZ#%Wx_XEm(6ZBOw<)(
zMeJ++KvF}}HGjcdjhAL-iR<%|64o85>1yIqW8xsM(-PfX+;HdV19f-j9)3DW;X>?<
zm>50hKX5;aj>yWkZ<3qeEvBE1otBJCm-UhN&_-mU582-UxwB9U7sh&%WI;~QYvh?!
z21gC!*`S)oHF%=aSCc)8m~a%?+}8K?66#^y>S>|=@5WNjzZMd3W>Q_MoR3r<TJytu
zPaFifnXyLXn&oRWR;1^G$E6j~$h;3BtOL==1WaxtpN&@^gl5OgCV*R*Bz_ad-Z`Ah
z)TC^P6lMtEn~El4<#C#a)B4*BalRf5rhEsObon)?fD)22xl2N*0Am4y2DxKvPVH`x
zK7$cV|02R+|C+#@Iend-)(vUF4=2$CePI;bC@4_Fah0c8lmOiM6uW?p57B8+iw9Cb
zYd8VXjICT+1~ab28eKHGT}f|@-F(CSf=1cu<sG1*u`KPm+RL|cL>RC|uX$mvpaNRI
zQHJf*wkXxdc+r;bTXdeiPcyI8JwB+SzHD^H9G>ptBQ|z=j`q%)>pz64{M)t4026vZ
zx~uP2a9)dXXDAZvYJJm+;k?Zb@oMm|HrRLkEV4XN31-2sInWL=OXE3nlmBP<1>;6-
zPz9g|?qWB(KLHiV|8vDgCMrZ9lIL=QEJDNzE{Xp;D(Ds1k^=4WB7}a^Z0uUYIJuTB
zEDM_i{oM`?E`Ge4`@l6Wf{ShaZr*>b_u<VZk$$ak7nXdZN2ZRb?Dp~UPWiji6XyMO
zIK2i#L0hY2P}aJSPw2lG{gQ6-jKa61WGSE-lnRQJNWk<!q1A)E*Eh;MTyv=UcB*Rs
zPHCER7V^9byH8-FJ*4VA34XgK&ujPdU2djiLu05eIT=byu6$000kwl`6LR*b`+ElH
zZ~obyqbh3ds_jL#mS36ciau$VygUavF#oYGI3clYboN}ZQa@2EVz+dSCy={oR01H-
z+O>~%u|8?jk_HFo3tRG&Q!4sYC(!7_4^r8(BNAU58wdJzqM`~fa^1U{(>*!EX%7zJ
zZ*ZlJ-Afk3X@?qkYW`A0RT}502$P1}BF4sR#5A|;bYtkXs-~Ym7x0kV?gZ6;U0IO%
zx@2Y=7$fZ#9zA7Dt%)<%m>kI>tqTZC*WDS=FNy>aZU-F~&`5n_kzf&F(SQCfk11+<
z^2xW3MCNF#BA8cJ;;+ZnQ$THyqRB&l96NspMMQ#GNENl&C^8A#w0;6(1J{x?ObWS~
zRY(@Q6y8@GlUt53*(}Uo!RwzQ;eOme$j^hIf;w*YrYYQP+b$~H47Wg>i5I}b;3Aeh
zdHT@|Ka$m#ppe?2$^`2*wm{uG>PSt4?gtX<*#qm-5FJ(PsXiH2?_>qy^@t3{uNiQZ
zM$7ZWuP>k*Te+QZUYRl`CxVEIC~3_RFehudbC)bnMWrh^QMH@r4?e<;Cw0CqM&M71
zMC`V|&ZllqJILdmLEJq`1J=OzcQs#6xoTz6I?MhcFehyp;-r|VGOGyjXDZ?Kr5CqG
zDkYoRHGcvR@pha0XvD!(lX_A~@jN}iniM;hv&M{2QcdpMD&eFwyO<_W9oZzsLZ?Dy
zZ8a4u&%;Gx&Y+xalORqt{pakCbK}~If=ge`*$vhRmFscFleF20^&XIF<;@ss<n5jt
zXK*${L|3tC+uFYV_HDUuX-M0NVqtb+CC8APUmVOZ?$};k=CBgb?K8t()z^xK;tBpm
zNME837pNP#PD%t)ym;cNE|Y@)ReerBpi$Sb%J7Y-!_}v8%|;={uOU(o$SxZxrlKe(
zs?6lk!S>g@Te(pilLHb|5{1<W+t$=5wC!jbsSmh4>4ni+ibGYw8wJy(DEwpl{<xee
z<r_YzOHrvAKjbin@c2w#ueKtKqt>tvr<K{QMU}63IL_qkAj2(7tOqLb)Ek6n0^Z#q
zXb34l3mp`uC!$<-{Ga=bPiH`;VbW0ZM<^$oteZbSe?97AJpt}KQjFdue2w`h^D$Ai
zN$ZDTz~0?8YuV<^_6vDFRqBbG4X!*5pAqRcX@;pg(k1d{`LO*P)~Y0WV-NcZ_xD^Q
z-e}dqm+pUcE`z%K6MBPlVQ~jo@62aNiE!gH1TfOR<A3a-XZe_D_<3n}{AZB2U=51#
zd$`f6Z*7(ay8*?hASj`cjC&z^m=Y-p!ZKm{k)~Qme}sUp2umHIfR)=2JJ_m10tKcF
z7g7xk=Kl8i+u}QUuy&P7`}!>&G%}UC#&{H}U+HZ%hKQjcKfxjWT;5s1`lP*H4auxl
zyX!G!jjP7^cDUm4Z2mpk*xt}WKa5J`8+{geug{9>F)$0<`#wngWiFpTT182G6)jk+
z!0i^?_{-&5q@r;l<R168-#pKaHr1NsoaZ!-@{FGp1nlh+_41F#&x3CrOZr<y?hIzQ
z6UN4bdVep)n2D4sF0O8kDns1(Iu1y|B2^|WuE1rdAnq>Kla%&7ta|jyirp&XEn}Om
za7xN+0`*!|bR`1Y#oILb(yJBf4k{Tj<F#E8;3ugB?4Db?;8OMmxo(vu3C>)7j_m;z
zCBFHx$C9xH{2OgLFQeAXjH8HF`SG7Lnr@AH4stHys;WM%RLMsX-3`1y6)oq=)Jn$8
z8=3{N=^FJGB|oOWc(-OoA4OPKswO+Ar%rPM<$jpDy3EeGe0imszgk0rk0Jy;c~nBt
zw3%gd__hruTvcSzkHx4|%v3np%9Ff)W;o28Y0#<IwsHg<McfTkCz!4z>^b*)lvOyY
z%_9-e{0nbXyalQ4%*o(d*Y8C>yO@|aT&t=7AO~-g;HIAHEOOojDcr^6ERLn=qR6cS
ztfwH&rpfQwi(@(7JY|y@-_$^Q=Yx7+JyC<AQ11ETpBk}_J&TDIIoOH$L;?-Jh-H5}
z3;YTyPS5*w-&ZK|nh(xlYgg8vGRUV_S@=gt$IduQdD|zhE=5gD=R`uO{Y3u29z3*S
zMjyhp^;TR>cU@RvP;pFs^l?(9DLHZn{0$|$U;j3L&A(v;mvuP=!I}9RWnm>c+fx-=
z2jZWlAeajAyGcdpGR+tgS9u(7M0iac)vG*Zbf=<@4L&!lDwcn;w^v)U3uwq|aP{2V
zCA>ybnX5Ci)gcpVJT+9OWvr_=tNd3}lrr?OAowK8n2^p(((crf|HS14q<#u$omvW<
zxCD!9i$Tn3gSF5+P5TK-ByFC?>P0=|=M~v1kHdOJ@3J)y!o-9SX|jd55=4ZZdzT1c
zl?h(kVvAJN87veHa+Ob75tPr48V_7;imJAZr?HWEPQD|~VINajXR(+5Ez})U23VjD
zB`k*iqYUbw=(^e}HFyosfT!P;nekavll58^iT;wK2Rylw70DX<P=wz0Mz`b6y$o+(
zHwgo!Dc?$xdD<sqve|YkIb0|3H7#G1S-V>dhQ2qN6(`HO^m1JK(*}14Ck(V0iMvk5
z7aEr6O8%Pu{>7}OT+k7xSM&&qBO<~_BD9ufPXO0Epm~)mKL2Mg5wJZ{72G&@65v!?
zL@~S_80b^ZH9t4|qemw?gFUyb2(e1!k0vsjR-<c-(EtEhgw0rer(BvJCY2@f)weQv
zs-@;6c_<!yMeY(XJEqyy?En`3N!|kvdnja8p&$w4?IM(+E|vX94`%)D<QU(B-z&TB
zPYag;QZF$rGh(xw1md^-DjJf&(%pO2^CYETK<XB59C!`HoHVWlLb-8`AJ|HyofImC
zE36W?^zZyc@5`L}_uo9Pm!&0UTt_*CA_=cx&&Q)^=Ova&%WNWo^VZkiPLd6M>RxL`
zL1pt#r>EmlCFh54GaUG&A6Z$(KVb#Ih~Qj`)DL7tuo^JT0w*o5*gJFPPs@MWP++30
zF8h}$`S1KuV?tfXhY2ba*GXt-bHZpRuW(kkE3U3Za9d@Z&5?z-$k%y?2}+i1DjmQe
zF~G6KlN!XR?77X5ej9&dsy<imYIH&p!q~XcSMhn$qfQl4Fzj(zAI2k0BYN@>PkNI-
z%;F&UJFs%x!Chg1ZP;!4emOP`($vbL)Vgzu0&$Wq2C>`HU#4a_y`GLu;L-MuoTQ&r
zkqkFDHMFm?Yg<Ax@E1LYA9d0xpA9LhKEHIug9)k<kX{bL@ZXPAe)nsN9!TAs8Z1h_
z1{QlT#Ht@$8(`!qI26D#3x3r%7JyChV3QjR0ramh?@M$&sZTAJpGXNBFLd&pxanho
z!VWp!m}Rw?yo4M+bOxlvmc1G|8juvz%}~+`(v1JTE`Y(1E3kHc+>+3JR>%$OD8!ee
zFo40YS>aJ>?LXsXP9L$dEr$|BakX2k9|syV!rcilv%4!BnezB7XFVNutsAX2pDvIA
zG?$ghle98u-Q(~%gOoECy)3UF_4!?6etATlIHlopISb6=<9hu`&y&ODa5qfaD{MBJ
z{ZplKOh5Z1UEiiuAyJ^UZ69f_IDX0j7Z)Ahfd<@=w_{M|%X$5^ZD{Flhp?x>vKI|_
zTs(q?5MCD670CRQ^Gxqc-d<;bAg^)pz3$;Ug)k^2M&<X-%41yZM9tQ9;<3KvzxQUI
z>5~Z^J<srz<1`^I;eNr~^$YnRQ!FzdL}LEyc?xGD;p_Vlo5CbDPAGDKhRb^y8C&$o
zp{cOw+$pWycHXD)7>7(BoP_ZLPcI4j@zUBx7<JmWHz32){sJ*qm;A^!g8H^dmJ5F@
zH2lKF3VG|hcVanjss#&kI9b0hz6G)C>t2xcOaCI>v;XtHb=`$;uf+>GP*gvWwHWXq
z*m~D#?%m{_90|pYd42)xqd02`@IF7Uzh%Kpjfmo(lvjR7WJXya!Td%sd^dt2z$NIq
zHU1|92N`@7hL`3;1eb}+Kn!N}m+MwAU>{?P>&}AkVHrnM7_B@m`ilhbih3rKH_NdT
z@DV`QAvGoKzj}2JK-~OY^h-m1;j{6v;A8vy`na3IQ)$|i@KGgD*SMDOe*FGy?JB0e
zg!!8MJo(6|#3b13HOjcT9^F8{y8iWa3i~nCN5^OCSx$*b)hCxUCF=$VzZw3ygt?vk
z%=+*l|05v_PhyX{`$L!w>oL?p$H#w`%O@aTCLss!*^nls-=z-NF1veIeSSy2-zmET
zJiu3~&%!mYz(eV4)=s6@?3;p}LYw7#Q6s&6{rl(T=&Gf6sk0&V({~u|-P(z_<qz%$
z%dCm|gP2}U_@F~i`#+{BTzCJ2^ZXC4Rrm1&ZNcY1G)MIhH0mbWqTE+~hqimpM5D}<
z8mmiaJZS+u*t;KBa6V&y3~`JBtcdMCB4rx!9AlpdQB312u00{6W)YrYWMR~Dv3RN9
z-ND!Y?kB1<;Q!Er0!j5l1F(1jT^=Fpq*Dz&l^b&AAyD2wGogW*!5|*vtB}i0k3;ux
z8dN#yKAQCJhSmJCGYj5W5Bp;Q0%)TJ#|j4#)_qG}uMMr!aIMbMvg>Gokw_E`ELqU|
z#U_>e)n>rj`5`G^vk=iifFT^asP*xZzcM=9=JY!MePz|Fk;mG3C7bXzeFHwfLS&+l
zb)84#+{Ku=ZlmWs@t>rKv+8;OgbC`KrSqmj)g6O1Djkd_etWvix3?sHA6M0vV&opb
zI+M=c`}y_kTv&zk!YC@>@2{^mNAiUvd&qnZpDqM=+(tQ@E-%*GpoRM&UkZLhR6x&@
zj{h~)n)}L85nOopUn3@vxoNo|43gZ4_w7wRe*b&6uKs|W|Lg!tnpvf>|8bZq+IZ$#
z-<ZG<N+XvfG<w0`4E5Ps%YXR8Yg`aD4yTO{C*M5J-J<Y$E#r~_={R${^nyDa2PiX%
zXXyRl5;;5?Ii5K^nn)kd>$3s^QSsV07<)5ePSVtNoUHCq+>+U{Cdp4Lb&~;5Uk$%~
zXH6C5sB3>eUFXbG_4MW17@CmT$hK}4XR$T#FzjlnH4X_Be4|4)diXqz%1aF-taOV_
zWnM}u#u7I2!LjrMV&=Rrmx!y0Ae5aP`e+z!S&}@13#kZ79;dEfhm<~FK*q^}Akz*i
zBQs*5e>zwtK90o#Wawa31DK_-pcR;cA5x2tq3Yl0t`JS;^Y*`QVi@{HLsa48SkK9L
zp|yL#GE?T$J#)f`TrVJmlWd~>Zb$keM`f<u8i-y3q>k7DUuz9FYc+Y82SwhDxacy|
ze4(V%?GF&0&wOvb)&e+(;uuph6L&7cpylYV0RTvNN&kMk_*v29V*E^E|JaAfML10M
zb@BDU=NIO)ghvdcaQMxddj2`-p;+M)!_>2WOdF7oySQB|N$Mr`^cJIMVmtoT`vLp#
zLpVoJun4fN|EM4(I)&xC|I`cGhC7zT(&DCXQD62pw|+MCTt?$x_E}iH>(;YuXIco3
zBpkHcEi~yD+k^XS9>46vrRhFk{<RU@!BA+TpCYWwT^FBP`8lRzMrbnyr;*aJCU!OD
z!G^#HyV*|2%k4aZQb^dV35mgb!3sFQ6R(;+at4CLM0tVE$H!K}e>KM3T<!NN^R~I>
ztZ8xe0y!G$3Mi17n!}k*{LZTZ-^|SIyd}U+W>I&suSjQACX9fn<a4lJU5VBBgv7Ra
zp($)bUJf~`H!f*LutXrpjm#XS<&UxJUwGovdiV2(cayPzgJsEQef7~42W(yk<l&Ii
zEWlLn)6*Gi4);x)56yu?<L8G-vs)-)6im4A0R+yMc#>Xa2{4M+XWXjaV**V+q7g(v
zVPC`}ZeHHwZ~=a_fSP08caG5ZS)%bTfUwavWb#N5*g-|-pgSNVs^QL-^=id@sAKFB
z4asme_nVXPD4X|<dlzj@eF33D+;mK*7;rw&#53~G+-gU?AktOVs`POzwkph&W6<dn
zu77%bH2jmHhCZQW4}a6CX^77=oDF^;Df_p(XwP%FC%D#Ct46Sg)%Z84<nuxIDnAop
z{SHdBfRsHi$8uOl2vgLh_4hl{TsQNZ`}Wr&u6vx%^Yc`GhrfPjcE*Hmc7lW`gMckJ
zD<5=z#V%AX(zneRMSDC8c*Ti1pUmZaL+B2#{ryg4SpUzW-G)6BqCX@uVRqc{&W+^Z
z-z0+F?eXq{SzK8$KW<8zpenLAGnmzu_;mN}1%>H}vD$vaS|fraAO+nd5!%cYi~q~J
zHsS9=G&{y3rZ;ZZ_Y>9urSH1JY|wxJGRi^6>pfK5*A~pn`^akx3`if-Ydcsox1c?8
z_A-hCiP@M9YoZ_&=bsShj$|Z=>=COq7QKo%UpkP<Pft%7FMc9gi%D%3k$oL=M{RF^
zKNJDG%Jr$@NSu;yAAB=|IU6s75QFR(<cQjzyq#4=7aNt_D8dhnE9(z@W{CiDeh}<v
z3s(^`WyAz!34Lwp?q>OodKfH=nB{Ii@fw;P9^%Ww`>Z*@FY$YY1+{+K<`k`P-=8AT
zm7r73g^ZR+eiR-{ge>S<jAJ)>A+qPP=@WFGcQW+ktdG6-v<wRiZYrjDwCO@_JbEoW
zPpOA_9k|aB{ZBovKZwG}MUfYP!g@LA6J`{ThQF<LqA6Bx+SOeshb8i^LW8S^<X+NG
z&b-goq<xS#8C(67It+7R&h!I7*2FpF<9Ig;BG8)p>&9Don=N=kjLdwB#f<cYi3-XY
z70q9tj7xTXZbgGYyMhck!<^)y$*96Y947}UlqO|;=W>fbq1|efK`9!r@@82IR+MVC
zpJ5BTU)Hy^T}J@bItw=wG<)Xt!#uN0fs*8>B=QSmT@Cj7x*7*=(qSKpJ-CY1gE1I9
zx|#<pDfB-PdLMNPR5?l;%OKt&h;&;m#itph3*K(d`=10(2U0Pw2`(+NN5~&T58PzP
z0~7Q2?svYS?VzsEJVT&I0?TS{=7!pQU38iGrv{gIHVd>0-Wv|wXJA8l(MvSH4lQr^
z&iA6NdX=Zf(a3b!h$~4v$2)x?fbmW7Y`rsk^6PrK#Pr7HK${`az`qG-A&E;Y`%;E%
zX8R1sPte=NL8>Dz0`SS+D20w9BQ24o*~5L14lPO!Uel%mE2co|^klaMM&%RRj3=X<
zq!%Zme>6M$NH4@y|16}K)L(NU;+LaCEw`U+NQHT&W1Yz<iA14#f8%qDyrs`!H-~QX
zcyvN2^y5WX_R;TbFQvd!K0eo1>vb`qZ#MC>axi{!Yn^y7b->-Kf)<C%Mz}d7CZd+`
zh<T}B_7!U?S3RI)#3A7M#5T7=lSF9Yq4@I=pBWk(IYwT9^ITC6E6mSAk@}mK16GHJ
zS>^edtU}&eKqY?jB{cY$+SZG<tvP>wP-A-L4c>Tc1n%Zkd4@n|GW2s^Kk3`=H~nvr
zM>OLkR5B;q57*2O>!CNFx-m%tAH-X*)~W-3IU}S~?EMDvDhAMu(qS~KjJY}c;5H3V
z`l5ZRX9_O>NoIqrJ|va;rX{FKN^taOB>pVncz5<q9da;sI_w~tp$(*nC`+?zfY^@U
zjJ#HFyk||g6T=32bMalsYar>{mImut*=Mm>B$+{mnue^ZaWy%_f)auT>t;O83ImWB
zw0@1qJ1%g&26M#HNd$5$_`~4uwd3TDT9wZB<_C0h*Xqx1EQgTPCnVZG#PTv7U|tAO
z42<Ekq}{ToTuNe{3>I3UOt-5N5Tbr>awgwb(v~L;aopq#?S^9;|CEZ7G%${Iv3~lf
zmM%!SU372%(LmUlINRyb(d?Yl_m3_*fkN*nMgu^}e@mNfN9(i{_meZ*<eQHe))eI@
zsuYum;T9P?vXa3W3-oPn^*=vHn4h0_lU7B1{>7~9NBxcvVSF9%O{fSgsmx%YJOejx
z3EVS^E_Kj|YkA7#-(JfU!z-%#S5`4-$FCy^j+QPsf6>aQEfNmEyW9qohUTzxNWU0i
zUpxW&(<g3zJM+9>F=#79{K$?zb-%pbiSwgLV$Sg4>d;Ukg$(_%shna{)`AK95uUQd
zfOT{5HY85xhUC|=exVQ#=d>9udJvzOk6$tNjSw<YMQfI!8g~t9Cj(rf4Xm4s6u3i>
z#PeF4Su+Ws0vWJmhZ~oaB~Ws4qUM2t!R3G?rs*I3Z)doa4l7M1t&mDB>A4o3rcb_V
z{e;Ggbi?erCMegx?Z6I!m>Gn<2t|@T3nuj6SoPev<R>jqJVRO!{t9W>!`T<mFa|el
zq}b`Lt<ip=T5L2|jjc)-(E3@AUw241TFfDJmk7P4lDMFTp$|_6=l1y!N&H7ULvjhw
z#&fjpdEHB6`D71~8n^L=`0m%PvpPmxKJnv{1}CeDex-iz6ug%`Yw7%az6C1g-oJaO
z$ye1?D41=9$YmPY0_o69LN_O%>T@w)P|FYO|7LQCc!R&BKlE=4m`g3Z3t$-x;E;E?
zltfV6jVN;45V$vf<#Zm;q+|J}!&U|)jeyzAbj&mMtLy%KmLGMez%HpzV&eSBdl?b~
zBZdaSL&83H3LyApK~6etR#%#vO#VhJgED;-j0ktfVNrm2sw)}&PL!$eL%C<dA>R97
zEsw=FE)FsJ2>w)N&qnkL6AOaw=cgZfRG;AIgB{j8)3S^5M9$Nytw#OHRjBTPfS%_Y
z()vNKTuy@OWt8|bOT10#f?Ot@aNI1}mYeyM&OZj#zh$-oB(KeOR*Yz$VZ+$09U&VH
zzsBT8!gbrVi77VHz)r_sFu|x#h3AH}xkgK^hm7e#*@h01gWi-phYbxPls-YE8Se+o
zYp-rOhokb!=iX(4NPB4Ucx4%YFc{)2ud$v~1kSjs?-DbigA~djOH_fWKB=v~bi+Cw
znG$}-(3pr3Gf#K=lx&^oEh3hVSMtChDC+bply5lS!2I!e;66^F$F<t??%wNj8n-LZ
z5^sv~0E2+AvXVlWH^JgDA>gFxdZARKvvH$UyNX`PTpIMgKZ|8MHQNvDUX}7*;yU4v
zQqKJNozYBH!M=ZJcK^DBrG5eWtiNK&)UlkFWarZ|rx8_XrO%6TMqb*9Ch1we0NZTD
zEE2Wne+rN5v&w1Bayd1%;X9ptJPfJyTOl<rW1_{~YoiPt`5yIpO7<tW)h3kVK2N3|
zGn63ir`6MC{nylon%~X9`RugQtA9LP%lCW)gq$a%qVJJNr~mM7esi;a|ETn7;zDzc
zB2q^3IyY>bb-~+V40<M~T%7djV11XLKK7xxsg+!+k&tic=@4!G<qR(uI`qw7&SvWt
zi5L+N4;!6da;(R7iMJFASL+nkNKlQ#lRB>xTec2i_H%gG&V%0xunmtIqcjzViG4_7
z%xx9$uQ}2j*TO=<T$bN{!SUQH75d96Nb+Xfpd(o!C1LAuRyi{unCkDIRm0;?!Y>82
z4E6q#n;Kp#;}^BLn`VBb3is@9KPDg0qVVTP-tI3riP-s&KJLXSvGK!F)c*SDZ3=3F
ztMco|7d$m3=^Es81}bLTZP6<EiBDIpPJ6Gx&3SDR$&iW=>A%$vH;+bttGTKs2#^x9
zn>=yy<~;5?#dGN}{EbWs%D3&H@3)tkgwy2pj9<9>(pHZ2nYZ-<d>?gaVYe|zIbd5(
ziII?*QdzXR01C1FG(z|d`6uLw%{XG>{zFkalmEkV7STK!D<BN_zG=QcZg@DpY4_8Z
znWo5{PA~Z_97PoVpo}<hyHHLsO`xaEUSVS!ZC<Og+)9@WUx8{HAw@W1Qim&vrKer?
z0^h^`2$hO!Lkm2bET?#hX*hJ761yR_GvMp}{CL;<+&8@MxzOx&x_rI$`-%!@+vr{U
zAwul!nj6<S4ETO-z|keFuQPGi(KWWN=fy!<IrbhM{u_y#=Vxa@Q`))GEly<-O$+_h
z$#+NRkaJU>h1t@lhO5sdZj1Uu3DZievpk+2(0^f+B0gH0j4IlrH4Ru?Fgb~-gqAOO
zLcAVSA!WyNX^ZMAiV(pU+d;~bam^d`>*hKBGKZAV#Q-W;B((=jjm1e9zu-Y2HM`<P
z*ZLaaifBMjKrse3`pL$m!{qB=b}1SJf#xOxs)DoKFc;%}C>!EJzBHZ0zL3GEC4a^;
zv~fnp^4-OJj3D{8ks_Alzmk^`NUp1C>Tu~Mwv(9_00kSzRiEWw;B+1sT0rHf#vqG|
zqBfsvU=7sK;7Q}a8cT%x*My6Ghhv?QN>3T2`a)nlquP@hL1IKL?N3)Hg}yLwBipPi
zAJS4d$N2k@CW7KyG&^mSz1rB|IL3q0R6e`YphRTEt=kk+z1Yc6o{}rma-@(rZi#6a
zD$I==B9Gyf-Q$bwH^0a^G{aT**jmIU$Ww@OXaazn0o9e&50T%eI$3sivx=HOX&NIH
zZ<W;O;6&bHPjEs>fM`^O0Ov}Oh9HG88=gpqf-IY<4od_Gf1834=h@8PAM<DVxA~r(
zp}wFS3;~hZ;@3$!wN$&;>(QLiHW_l!z74c(@r7HhnyZp~R-II*9{#y~RI1G|KkM^v
zO$JzT#<zPmRM#A&80dmr#72@#3~-%*c7fa+Ia_UxeKO%e*vMq|Fc80MYTRByUqdfm
zG4aWj(O9RMy_%s|h?vL*EE`#W|Ga6`p+rk!e3_)$z=<^ZXiqc_yXD3gv?wn+&F$o`
zy$&?Otf_^aPEfdbb`m(yB?)PFt%R(^a6rsgtnZ#!=#cSPEPQ?62lFNAwJ!+wL-xry
ze&8D0P5gom31#Le&*ACEodo^%VsCe2t46deY?Xr!+3}$Ey9kJ4VN!D2qrZnuakZ65
zG!?Y6zon&bU8fm;Hs($*VEw~pDQUVBqo$65<OcymilBjhx)2k+Uh9KbyLirwHxD#o
zva8IeOcCdkKv*{PxWrF<{wd>7)dj`3Ndzh%xF#JW;37lm7~^-@s)fH;gf1b-{$lpD
zYO-08w-pbGEUem;5sYQMxrBoC^FmL4Q_tG(itXBd^a}yydkHU$ES*D^xu;v@<kbCJ
zsge4VnF1VlpWOVx%O9|TxXd}HmN<|%Tlp{Sw^dbzh{Cb2lH^m^-oG>UiYY$Vd-R5n
zFw)oK1nk6%2cwX|guAnT*Ydd#$r5wcu4!l5<3AhZ&3)L-oqZ+4w;OG3?$q4_qS{xg
zb`u_z_nGY-tN0vR-9eRBK(qJVKHr&I>%!H%&2133IQX??xz(c8?Xq?4d<Ad@+~!E|
zo<?i;8Gp!YI)&vb`^H!UQ#e9F>d!!*BllkIg&~QRYZUK~v<9IGf~8X^tWO)t9m;^h
z&Zg9{a^v;O<MmzjXg^fLNZmy@;BY$eIztr987-P6VmPFT<a-ClZ9^Wsgj>&|ZG2;E
zHu1>>)hTaXrANJE_NDf#B5>q7tN{F)$cBt-8<bBKwf1$?87x%HA5@G%gx3xYgF)te
z{u1j9(k8Rf6L-T;X;5b%g`fQQun-|y3E?&T{*b8R`M1nIL2%FfA5Egni|tvtN^Tvr
zRZLHouIY1G!bVIF`xmcYMI9X${Z67&4!Q&O9W<KoT}eC$$C*)M)qoFFTm;i!(Vrfb
z1IW8#`Z;S*D%E~Et*luigpvcJZWw%uP6XpEc6dWUi|8yQELunC!*bi%mN^YkWKxtr
zsnd7-P5;h9Wnn)G@DbS|=k99IXy*?|N)Y{7b82A}T7KGeW9({Yg2D|il$1hRYu_QX
zkD=gC%d`^LmQL5mi31?ICq6UdrI5I@rb1Ea;An?!>Z4%R5^(53|Ndyr>*$d0>e(K%
z)~$7D5~k{z0M(_g{uBQ!lRj22Bw~zfK!fom?YGCUR_pC$wUB#cha0kh>{Yfb;pkIt
zfT>cSk$13Y3X+M5DMjfS6bqTsA1e*iZ-|IGf?g*}H}E?@J_!RMxj%Q(VtSPyTBRsd
zFkx=xc`G_*!d{+^kS+0!p)$YdfRPcQAppJ0b#PQz5#)Mz4bKm{PkvEU142tKssG?P
zR(_RZZKq9X`o_K>4DY3>l^2|vlw_udnrdMR_#N|g5f(@?-GYkTR1dt_1ykN6#m(y4
zeiC_d*<eL|F{1*`*zn;TjmUI~I~$zUD;pMZo_?NcsIMeMh0y8z8~+;uilrKSL$EsP
zicCPmZDZVNxjCkJc8?sX=vLgl3o@a&_1KiY(GWz?s=7D_u_!X2xUGFlV}_;0&8AgS
zac^P^;gw63VvW(svygC1jM(#fzewMHwwJV?l|E*4Yq$n7*2j-NcV*Vativ&}pkqgQ
zb-75Fc;kwOGzz!RudTF<)k{**s7ow$cPZie+%EC8G@zZYwZC+au7;zv1DE}1=eD+X
z>#sL&dkt>&^xfyOON~o-k0nE}*6Jp_pup3V-b#~U6HBpJC@N(-NiJ9um_!*a*x3EK
zg!1d8?HM3jp#oNtO_pMr0zUxDY47v5MylOU=o1r@@Lr(=isDgZxWP7HHyhvS{cw0+
zA_Ol|Vw!A!<5<*QN1nt`bO$XrvJ4tzODabV5B(`Rdt>eh(Hd?ggz-fXEtCqYGt9ae
zX&^FPtHFesskK~2G2UcpbIw|cJ&p4cHi$;{84K{-;cb%Y{3_3L`xL5>OlCYH<~d2E
zHm1ickDA{(g`BKI_UH7ETVo;-G&Lmx>X%6dMjFWJ72{Rg`I<D`rO4n<2oH$fztBFi
zBGD%7<rV1?cg{nrl8;3!l*Yc+*q@~&#+B^D9d{BGW36^t@VehEk%f*&k}46y2Y;ET
z$YcQ;MBxt;JI%7{(mA^%N#1B3Uj_<7eCEyC5iDgZ^-CQc-V#rH$T*cD{?Jqz!Uayq
z{2jo~wo=8e>M`mYt`^eqcAAeUjZ1d=Yzw^@MTImE%B7b@-UYZ}8md<)QX@$!40_4x
zJxZ#YH^k@Z{byJMdool6I;7zaB!iqnW^4hBDT_@;YJI~BD0t7YUHy9clNl57-s;-O
z?|H#OB|T9h7~V0~uw?9eY1LGQA<^|tEj`Zkc}Q9>-fh1jG&z|s<s!U70>QdLh#}47
z^u--8cI>zne?;XCys}b0v6?|)Z6L6H{wW`44WX77Tfk&~>WYmW{Ks|As{?9|wXhGE
zXaU}rfttwcbKv=003}?k8D>d%vV15(aX!1u9-(n8Gn4wTq$8<cg9?uKYT)xEQr8+e
zO%i;XWIj9>33-B#r0kR2tQL)j`*&Ia8oZFl>t}Tf&v=F@){M%;g#vmWD4{XGu91Ka
zD{)eC|8O%as0zM(v36@c%Gd(bQwiWkbjxJ4*L<@d$yu0`XeL)GVdF%-r*yZA$1)@C
z3gcO7>F^_ndLE4x$hsm3Z`|aG-gklJ&*D)rjnH*)XyGRB=u|JKPGHB8`Q;DGDPP-!
z+(Rk0fToYsrxWcCn6AM4&A&=}xau`*=zn~v_wF1rgk$%p%aT;w1|gGj$m@abm8L^2
zItmj43S|w|rn{oL*lR+1J^Rp#WFzo|1Bw!S3AwSgnmDt+z^3+ES0YnCnKSiF(#GvD
z7}-2M?1IRBi#gl#tF~4uhB1fsVYEQ>PFQr3AH&nUPUHzAQ{wEZRZY2ST9FpvM`v$)
zq+`njea!{6X}aI#gj3SLDanA*2`u`ec-JL}rN?~4ritm)B_za;CO2cncpdPoV^b3b
z9Ji)r79j|jNGNv=AGw@c`&XV&>L_h-posLyoR?t|wN_6ga6t2$G>cj@vWEWlE4wa(
zSU%`~3VX|-N`kFh5QoOyY24kdad&rjch`eA4hPr9-L-LdcZbH^-5KtkdGWqCF%eUL
zs%lkc?cA9a8I`ivqATk~j%>JQ2v0(FjL);P<=qt})2Fzl{~3frB-Vcm98qC#<_t#%
z<e|4m#H>f7ntYQ02vMux_oM%~D}xuB?<ynlz+Twp$fnp-xcIk~o}1URTQjhtVN9gy
z?e8UcXy$j|q6mqV?217F_QL)bjY(neadNVKJ!fl+*#6KlkD<KK3SIRCrcC(=cDQs(
zedr3A1oR#aktAUA5TJO9w#9w3ebi1UjSK#H<k3`>?!7CQTb{<0O&D>bc)&2%@~_j+
zZ!xc7dOX*mT0qSHv;6>-%Q~}*Nt^!T^gnTJp~U9q;1@yIV~pK#8)xBvI$%?SRlwLW
zWFA*S63s#IEw;#V*w#nphuf#fcvB};z(@cwuuyMNIIxV4hr^o=TrhK-`Dl<$uP=<{
zg5jY?{%-NF;ik3uG%t%AVO3D(UC#L0wdV3%c>{1Wn?)a|n?7vs!_^uKzG(Cltn=<%
z?NfspRT0@OJ!x9RSvzaai;zHWCzKN12Q%dEAY>JmktvXIMgd&xye67kV%5=HD=`3#
zk@}-pV3wMtkY+qp&^I+VKV;L~63yOTA?UC4<iBboQ+rI$$v%74PZBf!M(G&y6Mhr;
zlWKOwqEWU~p=ZmA{)sF{i?NY>>3=?amh&?DiE0OCF~W!w^6WdVanU&KnQF0nB^T~a
z@dBxCdLm%y&}#%~0cNrINHGZB5q<#UgTY9{blaO&0<6v^;<o!=IJt2D63!iZUH!%E
zVPTVW1NCOGX3I#aYkP!E?P?I){ti%AeIQg5|BDiTz6@B{H@-HdCtTb%=v2da?<}(p
zfVsP$nQI>h6}SM~hWX%!4bZp>Q9@x7DO*0*7cv7wGW5cv{6oNn59GbQCHDrH!T#$X
zq)~(9(Vj{Sqtb8`=$#0VbZw;|f)`Y{!Ag}cI&+!fqkh1^1;hM&*Y|8yW7LrNaBfO$
z7qhZ4Qa0n5e~eJ`T~^S>&y9lAAM85YH$@6KVwn6Lp3cm_W_)nIuxY$wTx9&iv4#qk
zNTjlmDnAAjd;hUS)hLO4`Tz&;+)!_j&r4MVuQL1^j`%u6g+g%4+n8t=kBLD35-lr#
zaQ>q@I2a7BH0a@tlqkA&oK;)auvsBCK5gW=E{#%-c7}K0QOFtk=Ck(Z3}1#Q0NI&1
zbaAXg-7%Lnp{kZC1l#9SMk+j1<x$wlM00IJdJ*58xBDi48#RWAif|O*uS$zZpMGRr
z&0#VvTm123^NENZVqAcAQ21#lGG49#G((uu>M(ri({$!A^s!{ET@*L6R95qg6yjCe
z=VxgW1r+hoq)w>xB$q_9UeOA#P#>hQqBMpV6_pKHvMSS-rT7l1XLCrcU#q#Iv~bow
zzamWpckjOuiwKvMUUCJ%$Y`{v$&nG$ZI+hk09azYnVy~}0@@aHSwtqKXw+zk%}^1)
z;b^Ej*)37wr`hh<o)?C{R%_uRXL?le6{p(#I!#CyO)CaQ73Z-niH^svGZv8r8!3+b
z(2l5VpxL|<#juM5vsH^fnA2sp&E*X3zd?`NX*-Kc$ofdfkVA6-1-{I=4T6N}&Jq0q
zXcaWLP0I}UBGVoE*v;QS;C4*K7pSrb8mDst6mg~Fa5OQY-M-|Jbwi(eo~Kf4A-s|(
zEkn~{FrbuWH-(4vr=+~>L9k+utL&RHTBi_|2O#P2hjeG+qxyz8WgT~6+llPGi=FjR
z%?9&Nu``na4m%IPVG=YlK6$ix5$!PVtapa?9}t4|K1k)Qqk?PwR4l8Wg_t8y98u&0
zRk=YA#UGHpse4~7Pm~(DlcT+<xT*J!Outl8z@&9hBc%tPZLBMY>qV=@#KTb3w=*E0
zZs*xeypZ!pcXpL4LH{MfU4zr1_5-<10d;0;Ki9bGUy8qZA`_kaYL{Bn2h9q8xqyk}
zjvo*=4uZ;~;WA8D=4#LZ3VX|7kT`~=I*1=Luv9}}ozJq~Ic(7$f77aVzO?adN|h+Z
z1hbE2PeO&=g)2(3b}dkOYPk5ad`MXdX_7%qraqVN1^q)#=pt!2s#AiM^KwKL4z{<R
z?-S|M2C)tXST)pnI|bnRw(Atn!rvo#w=dg!JYWJdpK@XIBr;`E;{%6Z_BG+!J|-@A
zUPpJ4J?{<=j17=5q3S_&^;FT}a0^RK|5a8u#{#hB^cZ0vEDrKnxEd=P_a|svsfGit
zu~_s+Y7|;_%>5{+bdb7vO79ZY@J+?p(ilrE+>`78?qY|I&y;1eOwLI&N{Haa+if-%
z6zj0$SY(1RW2}LLD!;|k)6f$QONO|J>fyDN`@s3NCjz$g?Sp0>Lfv=8C-jQgny&e*
zdxvt^{fCgICgTptKUNL7@ajcqVm$(dS@2JMW^R~n-xz*7x2bRJF-P|I<ai>LiRz8Z
z>SGK7LiyJ$xZvb}TZ1Ui+cKkt{nc;X;y@ufZBOg%;1=!!+3O3#iq2X#=YrG|4@|t+
zNf;zv?ndGV!*e7hf<;33Y$J|C{5fu3CB2j_1X(f%T=*!E&V=6vYw$6!q4EuiDMBxa
zZ)s-`4=led&~Ssmt4tW7YXw>yf}h_(udE{hoZSe6ZlGr*0(iK)4tP)waZ|Eu&fA+1
zwIojB&3<eAvRdGm&gH>5BnIsI>p<HRz>WR3Ph;=dQP(VH^ewim>e0OQqQIlhW;Q}4
z0_8GKYjhiowm$bpJnku^G(?<pCh`}vq4*$^WQWVO96-L82pO^Yvfj#E1Mx!DVJ|%d
zG{G<At7g0K^z^dO8~k2`peNhJZ~K!nb1?flH%EdOI9qd!C#(g5HY|xx%Kc0C8J(Fr
zCB`3`BaU)0KMP(b?5`{?YD)y~PhR2?@LC?YPZS1hXbe2~0qtv+NGVsQVksIvc=yXo
zN52~!^;R(*upc1s1-9{Lmh#xf&3NU~0JNJ3DT3V~rDzW1-BIS7b|5#&o@&wpgH#mt
z$`p2?dI@MFLJG(oGTwr)@uqIIVlF#uEh%0Rc2Bc%j3){7De%@?tT&mUl-PsEk>IWW
zct<1yPD>0saaxgHR-i(RG=?TJSbD^%v=nUA$|*poZwvd-I8w*Qq#OUVJrao>pfj~Y
z1Bd<;rbp}FUwq!tD!i8M5gkIWDT=_V7>9-(z9jY5KL^Ynt!pP8yKNC=>30#0+g3DH
z7*wWTP<b!O<P_-ge0Us|dG~LkDQg@pDyZBB(Nq^@rj&#nuL|32D4G7ZHHQ}CU^hk5
zcVHg!QjY^jC~HqDrLGTfiV-{jh`G3E_ir@5j2UO5E2Y3>X1{UxiX-gZr1ex1*D_O}
z9|@9P4<8F>h7=E0O=hkX8fuTHsaC!HgG#kRrJWN8+x>L~*N2Nl1yU%tv4i!wC%mt9
z6!aYl>9WKWm_I<YM210^?zkv2=#!#dG~=jIql4xh;LPfRF8DhiL@>$?fGghM`(zZr
zuA(9W)icxQIPD=JFq8@Nq5T{X{(|+>!2I(aZ4=p!9_m%u=j$Br1WCFadfX5FWo55U
zb!g`xx{7sie%S%RD`83aol{WNd+Rj|=6A$nEicM=cy*eXEr;0-c!5kpoY!Dq;Ewog
zpOoxfI78g+ASiW;$}tBP0160wE)G|l;a{nT;z+bKH2*sixnOC`NV=VRchXld76Cfr
zS2gy`PshWigLI{k%ppc#UF&rWJW)F0(Mhf?2gM6}(1CJH(8%Ch*m@QS1WA!2IEB$e
z87*_JF*vsQ6;Ll58xm%CX_%bDCBCot%t*{6sjbLV{>SaHQ|u}cATD$&Gz4NFXFRAc
zIZF`=Fo5Xh>PcS`$l=z(t(6Q}{VdgpZFI!XB5txax6<TzbG0P_HlZW2(s#{;J`*35
zIYHcLld6JhdO1Spe3W$2gR#&cy?f#Wj>yGI_I2O|vjn!!5vG<d#Wi6qXxZAdLDiU|
zG2N$bEk^gSW(H*g*vD7%k)+*>>`9rPq*}sdRT{5F{p7?!lAz%_NC<ZZuHoN)3H;Ti
z!Z2JzvX7<t{dh;RJxxY#v9LN2(7~D4&>b_Q<?SX!?_<>NwB+R3dipq{-@qJb6AU8-
zV^ag;{pSafWXJD>OEQ$wm%;!U`j{u$&R(sYXuO6V>SC}iK(<1xa9-fRSf#6C5?SbZ
zSJzwgT!*IaAimcL?IhSc1?bBCu3=vnl*Y9yXPLoviI6?ZnpE<TEmbu1)B9HTD8W7_
zS8n@#dGOLx%p-@Ku}P7)?G`k#xkAE9T(#M5)|*Z_(QoIbCK7pCjxwFN&t9w2?wgeu
zZ{|$OBxHAHz}f48I?v?mo*VP$UbjY%zpI_Mre=u)xw*Yhf|@>Mvt<Lcc!DhPSzvf_
z?jhux*5B^FL-4?0b`pB5>E!z1^<U@Q%^K}?x_`@AG)s0RpVss5GGU%kt%dxAprEl2
zipZ<U)Ls^)Q#eTSZZj9fFRag0X**&K-k&ceLXoy50TK0@)(s=&V5>Fd6?NOGIz@5r
zH07bqzt2kA{3cZ7$gjpt^qk?w8yO}v=yaa-4gL1v{;)AjWM#HRjZB8A`P4M^Q2<ZX
zNSgbk?72003IexaW-VV(eTGKbkW!@r>Xm`;ohnKo`SXbpL5L5Kfe5#upS(zi2)0iH
z?E5W_Cfetf7)fZMNi2l<-4g@Ip!WER7Rj}+)d?y0(yo5dntAwqvmCOT5MuD)koMs9
zn(^LYW#4N6ngh?!&N5o&`-Lo2ZX)pqHxrr=xK6<m%|s+bmh3UAw7MFGI3|y!^KCG)
zsk4UPR3TVhm6^kM&U#1(YS7>VaaRP^>%4L{VCFHI`PjI7X#FoNViY%8xJm;5Hp19c
z{1kbAE8+ElcnBS)-b4~YU#y4xv?2m6<aox~5Y6D37hf`()-^%*-6fm)YSS73eNEu{
z!<<J$<T4+sBTtY6p<@L6)|AT)H^izyShy?J*a0-<BzcGI#d@N8l?B#J3JSn(8lWf(
zBkGT!d$iW;5)xR%;v(W!bBRcOi$#>IWW?=l*1a5^8<}C_RHKE%x?lJ4YPsAroq%(Q
zT<Cr}+r(x^jo-Hz%i|}<$asO_X4@J~K*8^s)(>7@xzM}AF?q_4y45O|T_U~UI!~N6
zM*@sgk~P=WPJh5cFec`wmbEIY-%2JHtrGs&z;_)eME%3|L2@;O4N*@8g$|?_mpVO)
zAU>9Z7nH2mQVJlejPDjgAMG7uPl`)cZycy@jGfUk!ws~Kr&0XYJ89KmT7GD?4ISwk
zG2PbytShiil0BI)BnsD)qptw>SD0pg@&Us8e9`TM2Dhne>vCK2Y^NyYA>#sDSr-U_
z%3Bfv2n^=btRF9wID915G?5VAN*+w4^iE5HT`)0RuI7ii6nZ4UYObF=1h#l_v=}u-
z&xWm*U65Sac$l(jcFnSjGmUqD>#_ZZ;LW^yl57KMs=wOqUG^sAIAx*we;W(RX#x&V
zIe!d=MpY+D4&LOWEco~2p%kam2T!D<ct#)-2?@G9(2Du#G5GftxX4LHHmfpLuP`XI
zS5XM#S7%c<MPRY%F}Rp6>aa*UNPPrv$s{UWn=41AO|+6|h;b2{T>r&23%q1sPrP)I
zmncteQ3C~@@5MJHFk3Kk_V#Lj4|F%K)WrA(o9*&Pz#l)y{n9V353otm(^*D6HgY$e
z)HPIOyf4DFL;iI?-yGnbN_xKC4s&vP2y_FK{$d;Pj6`ux|HT7?GcU#_0-?R0IXE;W
z`GFr&`Xumco+ns{R^p|u0k<iez+%;SwWqWeOAkrQLpG$mL`@TDU)(kRy{FD_8K}H|
zkREzGTI2JeGDTlgDwW+;#1!9N$)d-9F-UG-P1UPDEU#<bhQShY>Svc)qT94eT;@d)
z1|Ebgnn&JJLsCZ)^Opz-3NwhT$ocnU`bV$$_z$auzoYhwG<_F+%i4b5>$mxVhNUM%
zO|$KneT+3tSkqSnDL=-AmudluF4SyCaVuB+d{7W)vy+s`ylSEuO#i6l&-g6N;)_b1
z7+E$V8VBo-7@1tSlvDGs1?`{ap~_ln9@d(BR*SF~Y!XnFMWJ%}sSypy6Nbmwt3=GB
zmCIO%=RH=U%B!KV#UE}T+W%f%*>7!FIc#lpj$nAr*6Yz0o(6+bpXUHp(|WsiA(6Yn
zqmikgvmnqXg*4db^Ab3IQMYCn-YnbnY%;{{TWMt6FrOmX@aL{%%&tVjnMXMGkWnCt
zWVTXqs$>mz<f9|YL$g%;=Hq6O&a<w|)^|wE!vR;4(a1GvcZ8>yw)^13jgUB~SHzpo
zxI4fz;UOKjqR2(ABHICgF?`&yspo)Ye&tQMr|7KE{zXH%<0+_@k;AS2S|RHn?fyI`
z{nr=rP7#U_VR@VE`3IY;2+hEZ1%IV6)DNaV%^M$vm^dcI05a_aUN7%0^tYcSwdd&I
z_0-+MRzQ~{rL3zjQ3k1EjUm;^Sh1PXQ%n)-oH(&1CHnn9h>IUUTc1?Sq0fQ?<55pf
zh(b83?{~UEtT3x90dQ(~bB}uWeU(sORCV6%#8C+;fqV`-#8=R>n1M?FY^Dx8eXk?m
z(J7w3ynPpJl6tK&9qnw(ctH1%fCF10fRo~;2^(Q3(mbKLn;H#UZ$gbE&l>hBfNyy9
zY4u%;d)_-eAj2In?cTcDpqK2wsW6f63x5@=yBA3jXu>L6%WM9cX2>N0dKguj&tZ(T
zy)VvW`UoV(Jc{x{?~iYQGg=ui!D~%=%RvuPq=^3Dvmk%^jS-HI{`@|NgTrfcbSy({
z9oBPIP^z_v|A64D$y9gzy2Qg%#997Jx#HDn&~Kp*9}Egmw*-YTtXirBg${~n^2bNx
z)>ju(S&8`H0aX^a(UwHhQz)$S?8H-f{vF`%G#ULqpQq7I(ToNUJzT)xYNP9F<4d(e
zuuaKuMWhT}L7M;6=%H!>Ur@>EpDEI;+gdQu>gInoeB*g$ByH%to!{6U2QQX?60vHj
zs5?Sbpz#CbjBj38d`Kb^ReV`Mb!Ra@nI1B}FpTIf{FCG5q}pYWiCvad%gt0?h)Jp5
zjMOw=9Qi6cime><+Q#fe)acv)$jW0nBaakE;YjBes*_E1^jXgeY6^YsX?v^kfK48f
z$Y{o5jl<)nqUwzfGq6M^&*O?UWL3r|26uJPtA+wl^-yS+E9S;v5&^ICa?z`7MDGR-
z&D?I3Do8#8hWgRR@lyzcRLnXH@Hl*AKWUX^%t2F(KSfV!bXlX}foYJ@YNwybp1EpV
z^4NY)n;zww=V}n1W<+}Is4RD3^h2Rj;8?*fGk<Op;J;<%Ek~<Mw?a?Bgj|qdQ}6A?
z(D?v{Lz?RBn6HK$sR&XzTs>SAG>!O$Mk?p*hc#S3Kgevrx{|gSv7<MAm<sn2j@Sk2
zDHm6XzD&<S)Dq)-wLB8n#`o*Ng&_Y#a9Q(8-g+xC(hA@}k-y9-lji4kXre(CN*h{f
zcC|E=>$l!EM7b^7uco~#XWpF1o|Z{z9IpX56zfslOMuUkPQztWXadOSyX_y9H$zYd
zYx)z_O?cHKqt-1Eey);xoU^`|##GV-<Ccpt_GOK1X!S6Ta=E-jaIt*322=^}Zh?Ao
zU;=HYkJ_)bRR%^xKK(Jcjv#nxXa52k*25>5KV7W&*>-b<)_nRWRG;h(6}5xQRto?>
z^g30Kd0=w~S=RNZl$D>>-AQdwB1GX=w3k`yfKDCA+@1AQ-7S0abFZnMT%oYlQCwK5
zBvaGFVbzkW_;m1Ng@Gb`r>mDfyiAQ<PAOF2CuSJ`EDk1kfuO=d{nNqsOZ``F)%ND;
zw(c|~?szO)3lt<jxR8`%TtM+x?zsS(^lpFCEWaiWx%z;){2iLTO<+l~%C$pMf{2Tn
zzy~$are2*6`ZXOVJ*FBe%p1Gbwd&Iy%mYZC@LFh1LA01K!n(@(<J?9zk^0K6%HDJm
zmk3|>8n)DH&0TcY{S}SB?z{}6!DPzf4IKrmwh8U1rXgkA(-b3Z{y-9Dc00f&>f|7y
zEwJ`d$q?~uH!V^R(HM^G!?&4I!h|BFC)ctJ+f^hUi%*2wbYHfvh6cvIZQ_D^_*il~
z0&BrSeaWY_Fr1)U9&d2tMIt950jknbq4t7#3vo3Go&#NOQg;^N?-lO_c``pCw|?bj
zhZmx=kLZxYx!V(F)O4UEWhX$2N{fsIRXRXD%R5T+`1n$lfONy*9ompCl_lYkU&S?u
zhT17S83qDIQu(?xR+b4-s~`z1r1BNb>EnnteGajIMhY!Yt+s!4TT((5VwWf3Srxsw
zU$P!~g}lgsv&rT1gJQb1)HSNhPpgH;C&2~NgaeJTA{{!!1O-lTFb7a;ihxL<^v$aJ
zu38-hM+v+aNB|kGR=C*oi6tfy%Z_qi0WHPAT3nmTQL|CdxNjUD%de^6mW`Vy*2w-D
zG^Ky|LyM?dOvQv}DzGGZPshefKEIgD>7(vQ+bNk6MVvcz<5)Qp%7p>D?<X`YPLf{S
zP8HdAoIRzB=;#*~Iwv522CFO4kNiQ}3u){n^ZREyc5K^yqGL$EyTZM~b(MhxTkvCq
z?cMQ%r}8I4m$_SIlUlEbrR=+P`euoldqJe)e3SmhgKO=->XM4l>w|=m)%l#(y4OfF
z_Okr1p_j&<Aijo|zxlW4tcFy1CuJG3a4G6`ERbaHWjvL;>}`P8MDHMb%p}`jrUqj&
z@P^YS*<mU==^!w(%UJV@b$!^VTed`c=e^;}DsCB;XAJ~(?}l~!cdvtO{KX)BT`Jo|
zF2siYAWLR4K2#~ad~Rb^t%8ub%Kh|wupS2oho+~pqnDBZ+&b%{R+y0W^(O(fI3FRL
z8CS05h^z!TgHC`qj(NYuI9t@OcJFfcFIiDUr@e68e@Vj*#wmk7N?pp18K#b9l!k`b
znPmN;IbO6T=8~o?_S~W@<j3W-I{eN<rYKOAE}2%_;gVAI7Z6t9z?6Y}atT{!3Go)#
zru{1#aLzwdsjG5FiaeDi{XH9wV8brM9t1k#h{U!@Plf<(BGnfg$mL5Z!h!NR(-e3v
zq~Hc#N$`G0i)HQHO>wqFIg-KoGQi^`WaRs0O?rCbj4bdvm4;eUn;A~w_)jt?Z1Tu@
zmH_36PXYyJ;Kp>F6vX9MoAp$5#Yi5mjFR%;TfTZ(%WV*Kgpx2>f8nI8A<ub@YBLCb
zJbr81DFBeKCT-WR=A5a%*0cb2NnMhom^^)9zCKUDK_!BXL=kQhG$XFs$<)8g(rKn2
zw3Slc=H3GowUjIgQ^&_0nTlV0WIedBb0)Al{#5yg?JT7E=VZ$CfeUL=gQJF`0aGco
zR{ZFx->D5Fa8HeCbgT09*5N;44I7N7t-gXv9)P_p+Mse&lXdZ1ngh1v5S%R{CXYGZ
z*oY@(&uIOJAu3BWt}J0&jBRE0N4ZF3GhyWj5uKkrg<$6{HwKPVO{vG9DMQ<X_%^qp
zqS`ykZ<ao#e0&!N1W_%-9tbXGKNOa#jfb<$SlFmDl5Q(EsU~Akit?*w>RK}$$b6hv
zWdSztb-Y5E>Y$0+l{PeXc40roFQmKO{K!tR>9o5iP?FcBmXZns$G3OTu~-HvXVYec
zi&dp<0^E$#h~n^b70J3s=ThrIviib|e##`^Ct%s^PF(7awO!@E6Rl5)g~7qNjvXM6
z-*5C6wb!UBd!JFZD-jDIs7GJ7cz9M&NdgSA2g)^E=V)KI)YAC`@BAnnKC0p?(UM`o
z`=$ZKK6iW(H&=!p;MO{!_ar5A6c?F=zOfS62>z-t<ka&-qI&#~NBRAjr~z<N7WMz&
z1{s3zqHeT$DKCB@*5*@LN4ZdlzX5-pnM9l}L&*S%9REOII$;lo_7U{+jyLh%9Ri@7
z`hAD@KGRbJs(d_z)!MmuE^x5^LTXtLoNyj^c){eCwbvV<r>H$7H;P$wCv8q$?<V%@
zQE{Y2b}75|dTp=JK1vw|`Fb@NXWhnGZN@S$rvupuT^jcp&DD13z}Ci###G6l(M2mJ
zgK^Bu8HM5Q7-k?~1{#N$1Yz>~JOSIVI#M~louCw@`C1*1TBki8a;#%w4^G_9#tg9$
zJDh50v>w`2aeQa$kfexh77AYjH2)aoi(L`y!Penfmk6{R1_gzI=(K%trWfus#m&Km
z;TWMRW$=^TlELP`YHlo3P8ht|J6qdA!VOX$mG~&)2&$L-cgi&AGxJ50u>jjbl6Les
z_PJB)%f;0w<~n(8h8z_0Rzev-5|&X+x;__>dg}E~+as3bDx6XhecB#Ag;Q{~7Mikf
z^H}=e5l>)EVoz3scWz+@9s9o6nJ>Q<Q-rA_&3iB#ZgD2xL?}jN+nYHwxP49?s<9DE
z0!oH<*rUb-C?zlTmSmN8Jz&p7+Th^{o8v&?79I?Uct$+h?i}Evq&G=N1<klCn3^<z
zqzKj3FRq9<hkUhKaj?8W#>YReF0sG9hE<7upxpA#6Hg&#r`%<YmE3`EW`iJ!X7_MS
z2C-lHX4>yoe}S)VH{xd6EbpZ)ua<&O9?-DEB6U}JWx434S}N!`3(%>j5Q{`hlsS<o
zR5rR{QhNVjQHjfl8tMj^7fLNMiv7Sxkr8(4?CR9IRFlh{ual3FU6MR>2r6xyAI7N@
z_6rC@PIuQ9bC1tfpU<L<ZMopzLckJ^-9W%f7qYH~YF*T^*Xu<|G^PAuAqjxc!F3s>
zahh9>C7}*dieExX0~l$%wo=l<<lEenJiMrG(8Uu~R&pfY`dV>L9s3uE;hPB3;{8!3
zmCvh(eMPoP!8c0i<Y&;x220<lc8<(7LMSlBGnvkokb}$+62mQ(6JNq{Ej!Spex;oF
zU05500i~PADr(IHypSiI&kwPIH!J^xj&1ZOj@}o`&Xt{C4!}XL4NKo#r4;Ox>s+`q
zH&=|kBw}@rnev`jJ%xWJRyAa7ceuuXq3DkD7=-?X8#Uq=rcY^y3E`H)h>wDQ9nM=>
zZ=gAGjDPIWvF*w(mxa0$I-C%H{xgEV?XHz76^I`*z{(P=5=oqmO-CD<g_8Q4xitGn
zakDO`YH|hq8vy))XNiBZ!)DpvISkM<rXw!l;I<B_Jz7Cl3T<E)u*OVVz;f*OS-`YA
z36?`Ur@`Vs;76R^qtC61PfHs=XbwMz5(z#axwEigLW<o{-PZ?-N;(U{qVu|j&<zI8
zfvf2p%5z;P*-isd!_ksU0`m0d@K`cszgA-{f#5^Y3sB4p6eNO19*}ap&N1MSNlE*3
zWa7p6b5tlP>$m=kV$0x&<J@enx2*4zTU0rgn1T9L&~r+!S2tVsR+4AIMq1VEt_h#9
zw566{<5zWRPNJ?C;TRBnh1P=5>n+WY+<IxSDRb@8)#u|e*Wo_OzC6!erQ)1AOwzlu
z`<ola8_@CD3PPU0pCA&NzMjxZ9s!3P^@r)R)iG>1%ll7Fm{a(hU=<?(nS`@6eL5Sa
z<uHqV=L_8kv-em28h>GNyi2I-+}D_zRjM%0!D9rv63>@ZN<W~1k~agoD;xce?ovZ(
zYq}wyn_6Adm-a1s^k($;9yqTwz9>*?1J>qQ6p+72X-UJnY+xuutm;{NyJM^`0)SI?
zkf6|3@MaE2WATCX|J|BR6xIGy40M~6SM#;>^5CL!Lkv?UTV}5lJ4}SN^gcc>5Ej=N
zLF@906sE?Ny3Rc*j70VD-JR8nK1mq|gb{PTFx#$-Bb_(|AJ$J&xdmrto3xTl-#APh
z382A=3@7*8BM?7F$q5~L=icB(jmAw43q1fs_w-pm;?Y^w0Z509i(={20+CrJ-<`{r
z;_!h!qr6ga2_tsgPdFs(dOJgFqmDECB)hh$R@xMmE^v9`Zxe|CZXFkvs2DGA&?6hU
zUzO}9PK?jxJ3{8NfphWRQJnbTJNlwx12pvRQ*;zFgxv=m3HvpjdOwBk^Dy;)xH^tS
zO8CB&B(Xtq{siCWhBqofK6)TuVA4RMfj#+KPD6Z>Z$pvuFPyY{?$mNUkO4LXZ7-Qz
z9^n6V%37ps%{EfGz!!Qcr^YO{4;79DhlEzu5<n9+Pceeoybe#FU;is@I;TO90&tRt
zJ0je|eGQ2<nrxv7%Rg7RAb*&f4_%KB>fVNA37WD;d8XJbH8<NJ;^M`JID4e<HPOX_
z_`v$9cD@YHRdC;I1gnb7@vLj86ewjmRbrv-D$uIm=KjmidCBfEx_amJeQ!Ys6ucVX
zGDFySqk;Rn3^jr}RYGY&--?S>0vIKz^QaER5HFzZg#2RGz89!^Y&g2_9=iVReiq8?
z`ziY+M2M)JeI&qk^toTTzfUrklf_MhyLL;Nn+dnFOlcAL1shV#y5bMv0wo*@lCb0!
zO1d|xfT97t8tfePlB@SejAiC2P0Sek0^=`U@~P|;E_7u5o^4iQvEnvEH-Oi2hOYFw
zMA%dV>#wkB+=%m<UO}xK{-efw+><i>%QPFOCeBI|&Z%S4tu+n!Hr8?dFutpnb^ll;
zFP)}Gf=~2lla!s7O2NI$RFAouaJdUh)^rjq0hHgqIPxf@RR;uab%J(p(`j<DMr?ml
z)$$7miPb{ju{)`&5U6QBC*X%!nD;bq3tr?ncfLy(-#PkEq0vW=i|RHG|7`H^=4jcK
z#PVFl>;Vt*rY=$#1lS5GNEn=&cHH7|{?vhElnj%F23AOwvJ{L=Q`4S|+T(D?5N(ON
z4MpaWO#Q8K@jv$Gv+q5BXBpCH(etu-a}HOiQwR`tcaatD)orO$j{#Bjis1dTrCkz5
zZb;*-3rJ~w&7o7+QgOEa?ZSVVAoc`A8+Bg6?F?QiuSnk~F9y5KtWpsV`=yiN#YU|(
z8Rn6Es6Q_jE|VeHb0{BcfsXG*wR)B^kzdsua5d=r(?N>uJ33|`6APv7ODOGBAa%Zr
zo6X(`+lXr*;e|RIp#ZtoQV;fcK5}EG+n`xBzgz_L+0vyTa1vG`-~r7|RN*-1Xd)6J
zJV6MU2%$UAhmZj!&So10;?EF;`DeR$!TE2wlg4>IcI~h&%O*VWrzxiD_U~y<YxgxG
z(!bE1pnk$NAF-k9;jp#=AeYJmpY#8|ZpW{xBMFm<JQb_@P5~AQt$#Qko{)cd)1|;{
zQjVqBg5L@&`T?QK&z(QF2e2Z7$YCs$0(*)d;V|TWJM3sf5^AaGGd1nKUnU7&YrTgE
z<XXE^clGrtr`ODJGt6tBn<Tl6BvR3?GtTiJ(>gk0VpQ1Wb3ui=)-mg#)06ojGS)v4
z(QFllzG}$7E&|r9zQ;ZIkfN<|OG9L<LOV(7?3?^P-fCOtpS7+KhYsO>Rx@2}dkSK1
zU}Mx$2CCJv6>BQpNEE0Tk+ZpuvoTp@F+kE^WKcl^#b**hQPGp3Sa4&RZ=#~84R6u?
zxX#lxrpF|H>jN}DHFr^v4m+80dplNhfLatNq|o4K-~dyIQd894uqfK9ukE#5Z6Vs+
zHK~H%uw7JdGdo`&C<hIkmdnpSE^*i`wCrRwOvZf<ym_5=3+E%Lzor4({B)Qv#`bkZ
z<UETGwbWEEtc<K`DB0=P$~6gs6J^>we}>J;0=VkP#N;~*SM`O{kw~%)1`qeYIe4u(
zbxO!<Y5+BiO+L%L`pxAzKNh%SXB*6odBfsm3c4m#naU4L&XZHKa32$o&3q-j*e58N
zKGA*D!6e%Hi?1WD;jo&yt(LeExjaKVr#1gRHJz=$txZ;MX*WDIq0$;|ZIvuHJ&k@H
z>)lwqX`Q_pJ-s|t$+tV)w~LqfIX`w84f0<-wgAdG6e-czW8F4!ExUnaN2ut6G&J=1
zNtN}7`vtNuwOJ6NhYkWxi#3f@eWR_CK`;s<ryMLzDod(BJ$3@=?ty*ZSSba#HeK^q
z;LePD`2vCN(TX^=tcc)J)(Cr7HO<t&(fwA?pVr?3!epg~SZgGzO1arzBokhF;8=4C
z8~}{Gy+(aR+yt-}UL`5gf=U&M3@yPRLiOwQ-kcVLacz&m+lRIL^dz0Kh$<3Y^;D%E
zDo2<!r7=w`kH*E2zx1+$rzt$0za&f6$yJyun4}sV@}5Ufibz_*ZO0vHK^e}wVu*jq
zLUHXeOR<#FInP}<Y8z<70_oNIzGG-#0s*Uqi*!G{B!5q|3~is(H{?*(H_@T#lPL|e
zTNv(!_x9o&()b_+NZPTI?+FJO_e`*)$eRr`)Mg*_{j+Sh-eGr!plfZE`X+hB9)?45
zbT+k-b-fH1@731^4kV}7qhM9(@)VA%C``(fY4zi~+J+wt2x*6gFXDSfTf>md=K~lV
zf&D^+wb3)^>Pu=>VOZIs@(tkN*m~MJINid>o`1uIDWjwP(AE&3IAcN&lWl8i@yAv-
zu`~T9sh8k<zIA=sH2++%%)nusX}0&T3c^+**qO8h$w=?HwR)vmeqy);pX|fmDpRfy
zO+%R)4Y1)Nd(B!JqwrEJV15p;k^;ycZrH@A945~}$sz4!s!-};SYGl5eMlyWF2{cM
z2T4px5JDtT)$zhrPE!HbzBehCF6?vnQrK=#swYk{tlw+^(VSbj!eW&KY&z)Zj=4lL
z96vj%T>CLb%v}~*AaD2Qi^N-XC$hN(YoTyj((g+0G%=;4uPbZya<80qO##}|76q>g
z2Y{lP<_YL+WfxcTT`8DF+t5X|;M5cR_#6SbG?bfA*Qguk!b(9~L4*v9a2gwyEVL(W
zrr%j`M8ojb;ToIHIn+}h;8<m2On{AN7gqtp=ky5n4Bbk$X|X1jBR&iRjIsXj*~A_!
z0gTSHF)Ns4h(R;X%H=1)9ze@_e*Q!>!+UbOVoqc)ENn<lhh!d=riNi8EN=>fwPo(l
zs}R@)&z04m&|Cy6CQ4M^`-RCH5=iG<jhK!D^DEy2K#`D7Hs<VeVKwkFr$W(9?A)`;
z=JeIWp;Qv|=((9=BD6ARQn+=N8KtA@arWt_X6Upww3&!m+?WWgXn-uz*N$ST_6j;}
zSkXD5K!Tk~YgTU1d4Vldl;_JY342H%UQ9Wr(_FT^w=YS)PCNvVI#68vtZs2|J{$dD
z*q_wEaP}G6RM5oq9r&3w%N2QB?Rlsh*u^kQKNA83OGYa;QM|ifs}*Z~2{!t+P4cV9
zUmHeE(7J`i?tC_@lz{6G)u@P8UF@~rngSE})Ok$#Z!sHN#ltrr#Klw-GZo?a7EUka
zATZIa%S>D>I_WTe;F?R;{0MUJo6`#&rflX5^JJ6ll9|a(2&QeGDh2f~I`*Vb;`by~
zJEN>m)2%0;ty4W0yMcH+^(Y+IUp8%zPOXJsHXhoYUGA*k8+}B6e*rde_mO-!aJ()w
z&wZH13QOl5EK*AFGE@Kds;YbLon9zdNlpaN6Hq~}v)qGie)lKI37)E}mQeHBsW0-K
z?6F$eN-jWas|EQ+l5_PRvwG#^BeO<1#yHN(6byvyX;puF_fsx~e((buoisSKiWzID
zke#ZH8jov>g#h;=L(^5n{&J%u!8(-n)qllCxmp4QpjzEiD|(~CL8ZI%9~j>YhcvWz
z$qX281@u?!>163lGaXHAllW6cbqgz;eGyLVScYj+@dFqVBXRY-+dH#U5wXbs(2AlN
z9qFl!cWv2~sU9xWxh}WjSfLMEQ>bM(QHcvDAh0I;c>~lw#=XV7!}YZyF_x)x!!$i~
zSX&db;p0b3^mzJ8Jg4NbgNFB@_WM?aqct-g>|#}!C2~P@b;m@6msn87#diZ-Ww!>X
z7Jp=tTJpGC%8OR8o-+!DQCdHdN~;(Odr685YpHcaR1DnFwo%iZSN@^ZGcxznvBvAt
zwy5^r!T_Ww@`Va2?N0Z(yr1z5V~&*aaqzUG2Uckdt015ihr-K<79a=qEt%1QZwIT&
z_rI%h{cK$IWMb1&<>wv|lduuB%iTZO-5W4S@FxsOFCd>zl&0UX*FMoj9wF<ZmCn*_
zyu6o$o3p-!)rw{+L?f0YX}aS_q~jLVh~bSL^aNORLaLYbI4%<g8-m%Mud>0n5N6bL
zBKkvSm{<#dKn?d&rj&g>zdjIVtUX!zrQvYeI^WrReN%u%1t)3cVCe)%ZI78jK16zA
z6POq<XF{waw(b>HBNY8i+TA)Xsw<vmLdDrTsUH{lRg)$&N2Q-c&FuTgqH>UMYJC7!
ze+5WboDeAiIw>m){V0r9%?{fGkrTK8CZDg-<v0ocBNlRFhKTxfKGzN;azpm|s~(&;
zGYGr!Zb$WmPn&6|u4PPfG-qC)yd?^QC2FFD-J+YhYY}Uv3#SE`u)Y%aDI$HEw(2?f
zzqvxrp65P}6MVEgPoCD$*~vKA9zRS0k$({J#b`nyfM~IcpyhLWb+@C8Ru;M_GBlA5
zustvoty1vJy)+r}&-p)MH`p0ge>-Ox7BxF=Qu=Mr!JxPvf(yyPr=XYN_QXz`u2OrG
z18K#`v7NLPJJ8ESiEekSgp8Dmg>JbPN;7>4%=eWS&P5Ucktd==hTK+q;f)^v@nTv%
zZ&Nc(V^Odl<w#}S4k!^}X0Bscca8W1zZ5a2*3?4J+dc;LBaqK4eqdc({zq3QJYxc(
z{`Z6kr!y`voWk~(@lT$<&hfS=m026hmjh9k5w*-F_oYyUXyidRul5xIylOGUYOHYP
zS3$%z@J<y~A_`)YCfI>{NoGO-^kjOrypP(m-^Gow%RMMYIZ~_&zwN6C_ief38yF;h
zK1`YbgmO)fi@KX27#kGNv5u6~xo?{*!KJ1NJ>I#5Fd7Lh2r_1%Gi>67DsL|Y{z>5G
zv8tFi8~UXHLtXIBSZrx=YQz(kDD2%49I^Z~@hq?6mX?8nuug*G53Nc7x=C?{+e8aH
z@&gO;Li(MvR&U(4KiU!uT1BZ(%9Ea+Og4R@jrh&@XfT8ZHt4nqj?OIX`UAZKv5vIW
zvofxyysT+c8j{$h%@L!;9Z|GW+k=!kAWowC`XFf>qbMquIKzdT%!$bkF?vSO4vHcq
z8I=Vtw(Lv3F@UkomktiFo{vpP^1Ex`we}C|o}l+>XM`^H3ZwUKC?`&J<aX0>EzuVX
zokzw}4kS@G77FAUlaelaq-+rH9SRf(w<l3*oD4DHYIvnD0nAWycw>p>WH-Y`{6GBB
z<Eg_?_dVj^+?B}hg=piMu;!%C0JXScysESW=f$w30$N%`@1t|TNzA01ub9KWsx(pZ
z*uu(3JVp$)6Jio6v2^uOvzfFkISCYd0hDgdJ$&kHT^UG5NZ34P{CLRW4y4lH5c6?p
zI;!M1H$kwiv*u24jPJ|U?WdTp>*xtd?(xJ=!9ARU#s{=48KSX&KE+?NHw9(98V&E4
zTHaUH+WrFS%hL;hz|n(z8PhSN0}b;>+JC>{td&ak>0N{9GoVr=98^{;y&!r)@D%RK
zZ%A(QDjfzbdnrDmXPqBRFro6764uD3vwfPV&5O@&CZl#G%~*mX^M16C#0febDRrfr
z>N(+QAVV+P-X|E-gkpZeX~=?oyv&aA5~mf>(qd-O4y$eemUe?{$?XGA{(zaUSENl=
z+2D2L*RdC_EU!S$Jv-)k{sDHFY+9cO6uCx;8pf{KN~_zk1+zFWR6h|oQZ<^!60Gvg
zOrV!2^M;JQ9JGM3t&ie{%OSh{ter0`EaYAvr6sz<PI?(D!X6hKl#U)BAAqrt7Rt~(
zVpd`K9qk|lm;j59sB2tu<vWxq>0x}Y;eZ26y2DR*EZipk6fiwL=3CCJijqkY3D`5~
z3|Fl8C#!(Z03$m063;`r$6$xpUV>sy=~d5kD7*)iP2%Bd_+tn4ptb#GIyq#5>18V6
zVEuQ>zBujRd#ORPAET&({b>GWkrla#Lh~bs;_I3MkbVne6*p!hJ))Vs+#I*5v@^vZ
z+>FM<tV=XgZ~u$YB~}H8X7*{Pw0+|!*e-Hy<HzA2I$2sfkO=?!%?FDZiSu7?A1+?|
z6))7Osz25ys17z>LD6|r`+=x1i?{JxCm%chI;}P6XuiWAT2@V9ic1=h;q~qTwT0?K
z(L3y;fY4a7Ho21$KU=%_5BsQk;j^Bq@X0~3DGrEC+cIZY?QfPOD8Y1n-W{^KO~=^6
zTEhJV($PG1MQ`Jh^XiAirEtuX<nQ1opB4N#7rs!t!WkH4e;gm--82+;b>^M&Ws_cG
zqCU&mPZl=+eOl#(_YACoin0f@Oj`(IcBorIz`&E`^PR4>vjQSt<F+Bnuq4+cgGLq{
zekVPm1nRRAEnfFOpv?3N!cP@S13NrjH=&VvQZaQlWO{S4&=}593qPDg^|!=8Wm3IH
z_iEJ6(;d=(Sti6&o7Gpi3>7sFC4I6p<>k}@13b14SNc>JAP;vHgvvow%8Kk^n@zrh
zfKvkGmy+rrArLdaW<?sg0~%NKVrtbSimU)FH$T3LPy}NZ2w5{sc15x(jdV(9t)PBe
z-P>G9&0+g2QB@dqt#9!m95)^lmN^oO05#>YwpPR<(vnK~r1<;|Wn#x*J0z>;PTs_j
zTEv6lOQebLvyRQtVq3%gZmP#X;8)*wpjEfNnSXVAcsboK^v{`mg`%niWRh7y>_&!F
zqm;{^;?s#xaIn9lM+Og}SwMt6A!Y<}{Hcw5A}ZA7h}87+ZsyJ!TUWs_$8MqXJrF9A
zHS<FEZyD_WZFIDMoLp>j_yp$FACclng|ucK!^mjskeL)5f%5S+@ldDA1ZQ7n0HO*%
ze_U3XqU1pn3@NvOseL#tQ6fj#PKdsgX&JWfL9@9?qL|``tFS%^3dxb?X6Dzb`g=7Y
zNpkD(`@F_HZlN65l}Ql6=veVS(Ch+1QF$4)YYh!z>v9G=MRw{%17$;&c;=hR6KLD3
znqo*#n)#6+%D5<Dm!Czy!~C5>0b=A=s_}lZbsgQiPHp{<>Y6r?h)*!AwTngbi^OM=
zB?RUrra)vAIJt}A36}DpwKZ_~n1c9tLM(<2g@txa$7f=g#;eKr*E%*aE1rvsV@82A
zeEj#+?Seb{7l9~pCU%uSwn`^Z8Y`C*O_6UVx<BlL6>5&lp8ZhTx76C&0EcXUyy6Z=
z1S`#%9%|s%zk4Zs7#n6Ue5$i&z>lArOW^5tqgA5<#6}02jx>=dkVX`Ph`eW$Sf77Q
ztBWPdoBXy;z5s3-4Vg^v!3LpwT$(3iMJ0M+Y=u^9qD{~%M6mOgDov`T({)&XE-0)Z
z!)Jscvxvm<bKbZG<oMT>0FJYKO_r1%?;DpQ?&`spU(3|IEWHCyQ(?hC+N1lQ!xt>4
zta{MGh7P?&Ao#Fh+?zL8O+5wF8S?s*xXO7^BnE-`?YfJp1?sz-h>mZO(1hRybO@l{
zK<Wczql0@Yj^3M^dX|@;ROk<~<}E3HGVG()%j~%28&x}S%B_&e0P5%D<QB-Fwt~y)
zL<M)5mn-X{bU2hh&X6`sPuH<_-(*@AEybUB<(vnYFxzP`GQanJwk;{0f4oF>l-x*e
zQ`*dh_gG|`@*E@<LF*oAo(@?w4Dp{$P}Gp)cm}CtBzRFtTX2`rZU6qsY?h5x6bc0g
zeSw+QQOGA!ALXK}XIyqoAAJxO7S=a{D6mwNKVSpSI&Ltc&j1M-3QDXj3@K&FnD&oV
z+zlH3seZh_QI1mnqWGaIRc*eWvKpPRrFXgn@E^&<J&5Zv2`3Pc0ZwobMHx^qbP#k9
z5Eu{;C0y^+qG&Ky#P17b2b2MKS!NIrS?1KkXfQ6K|6m2^v<dMbARw@yARzGH=l^|7
zGpF*$fZ>Aw=M_3JV0d8ZEQx-+oT)W2VDSG1yZ!?XsHU#RfC-TOKgN{*cYY8M-2Zt4
zB5{|R7z;-AU#tJ~!T*^GaF^N;2S)XO8;Jcj@b@ltJr;}t8U_aDzupl42fVpU<&Onp
z|8FYm_-{b+KJ|Az7&Y|&@>wzN8w|ZqeTxI5_;0HJ0`2#yLh=6-xVcZY`%dxyQzpuX
z|762V<&6VF<okchp)8}niU06jY4i~Pt?2*Zk-;}?XXa|e;Av<3zuMw|mHy(pu;7tT
zps8>`FdXgwGywW5il*6jOT94tzZ+om85G3D%+=M(-ooYo<6X-CQzjGkf7k~Bu>?)^
t2ZCY$*YR}VcTJ!mr#1t@NdN2S|NK<o{*P??D5)<%FajvkV6boe{{kFYh*1Cl

diff --git a/documentation/ESAPI-release-steps.pdf b/documentation/ESAPI-release-steps.pdf
index e08824860ebdd09ecb104ed2653c8054bc2b1e14..1b2a03d06a282e8d2a7e3390dcdc6ed16c233a3e 100644
GIT binary patch
delta 35355
zcmV)CK*GPLjt`EG50FcLNpI^m5WeSE_*}rQxJZ-$Lx9&qZx0C2L(y9opoao|m;U{d
z94;eiNXc#zDzOn@BFhrj@8b-IL%Q0r&A%`IY%2ZNFuqY8-+cf5<>wzZf4jTY=KG&7
z$Jdum?3#_L<gVSk{<it?$~LUoy#DdazGD5B?<?MGAu4G<)cvo2uRpz9USGbAQei^v
zIGs$>Z-q-n*+d$1+1g7{b&&j_s<nhi5Aej%J#p&&J7*&<L0q+9RljZEQoq;rTUNot
z3`#GU&A5gqZ2nBdQb2(&kb};f$zHmOv)anWO6AMIT4qYj4)E^?|4yl9;k?le(zNwX
zgl3VpS=hPP*&R)PwrtNXJu_v!>S8vwfMO5d@QRsAg-@=M`wHJ>E|pfl%sFehNR>x%
zjf<w{yKdA=9Qya5i)H@1UV;7?G!ox)+c5gB^i2s6!5@-1fdYtXC!qj*!<a`KGcRv-
z`wNqV)PHpkb+p+r3mRz(r^Ug1J{lpDn3PgulFaO66MD*jr+g>L#Jc|_C{qhb5XOwW
zuYaZK%xXWLM24LsoiA2eu3p1kJ#aHeWgs~EiuL|^`+a1+9?Y2;bo@tYZ-fW7aa>3Z
z30*}Ow>V&)^3f^zHsqavdyc#no2o}kUTC<embF17ojqj9in)i#%i&UADN9Cem003$
z72MWp-Ey~o3ktmRbhoBX<K8|%CP^xDrnKQo7QZ;up7QI-#SEMva)yC*+a%N{<b578
zFj~G0zK?7&=5ipY=Nnk`pgAu<RQvK(6Vay1jV9(+=R$&z!Wr&vEn}}hbvZD>9c7IP
z4sUV}@3Q3lgDauuLu8GMckpMIYtT&ZuHUB6+3VSVZjN1A=JZ=y)h#7jcnO};Z-p;`
zUlJzG945BhdncsjV83m>om>Nzu049+(~QTN@O+LyQm&B2EnNv>ouc+;$4X%xy&b4|
z_|E3R+f>&G&Fe&47w5%S;Yf}ZlZKyTMXly_4!T@w07m=I0I>7$aW5T4T(T26^Cmw;
z=t0td;VTUKW6aOv-_aDKU&Hw@BI#S&or1SJPB&n2cz+G~QKXr4;T&nC$f**3jL2`m
z396BO8h9)!sYm5F%2G%*jiCJ9(d$e_brFE-(S3*>7vwg9XBE&AmGCrB4g=lO#uD;#
zKS&OA3VgLdpQI?%Fhe1#Ig5jDUGV)dE=>A=V$UyGF6dEkJpN$<)NYMOVk1J%m@Pr6
zFol2?J%<{N0O_<*WopVtDva~KbC(*L@L$4UkCa)^IDllChA(f;Di_rP<-zxqrM1cg
z7IREuaxx48lc4BvRstX&S?0i(Cd~02>7r5O6a<Xq==LG$BUds}tn!`sluvmx*>h}v
zouGWruQ|5Lu1n}W#MUu!MHO_*1&pbIHuHQ1BMkVfMxU*=vgyXTRG1t^?a4W0qwu?f
zc~0Id=*nxHf$p};PEJ<c1xLkKL4(%8Dd@6|)^6t<33wSVxp*%+V<S?{T^?O)kV_Fh
zZNa_B&T?d1&+8+&ywx?3x3;1O;OK#Wf>V%)1H(DLq#RzMeD;O6HUULtT9s<5^2m5(
z`S$kQw2${fX8EJ4g&G3QmxOgVtKKb_(o3tfTX%LMqyn3oz6pE?D>Z%$zrmU8xE0Ce
znH5Rqr+W9XOR}9J8?rpY9!JhoW70u$)To<<szo%nsg|j8ckIb>t|=bOle9K}xzj5k
z&AKmD#qwSGlpjx=clR_*p*BZ9jnIXfNkq-0de4Q%g$9S2$T4Sp<rz69WHMf_+qGoD
z%XjlrehvzibF6c-z(j)AP)#IP(}At}?VPfVlP_!ijaO={3*B=KmXW}-&JJ!3Nn&4N
zP?A$7vulOii_w{IMJq|z0eKvMJMeAM;4>^@;WaQQHySt4N>tu3ol(;)=Uh-K(Zc1S
z|G7w#hd$N7R?DzF^ckN}23dq?vLu32n>+2|*YStgzA^koL?<10fDEJ&hdv-M=R|`T
zqEXxe;z=e*u2W<alt<hn$ikGN`rT6IoTZHD+6mQwGElM6D$;yx0&UfQ8RUjh812hA
z`7e#@8SYD3#Vp~W){QW!i<;^Z6<uw2{8=gnzdCYqNF4oum%(D_gg6FYwxk1E;jxq3
z_=d9Pkf}{UoRKoR_zfyq4|}2uWlQ(q`yo0DLb50ZK|EOl0AVW<<2IBfnk?et`-@mB
zpitws|H;Anh~(B@v9XkYE>zidstZW=Q85{$xd#zYIveVk)KI)Ov368d%a2`;Cf8sA
zz3uo<;%W)?nl3y3lVQ$!Xp`7v`Tudl(VB+<GwccoKD*>z>3Ua_6)6w2r~G16&XbVB
z;1Uwna$f(TOE<j+54S)z$<P{MnqXayqExhg&JarOsH+l{C=ZW+r(A<v2RkW%T8CPb
zXQ!MV1cBIzS7VLOd%V|tye>=b9!U7Y?}}iZ_ishh*xw$<cDrduu&ZNOk&J~LEt5%X
zc)yd2L-H=sBWr-)2V$9O0jp{9N4N++J;MMm+Fa43D#lv@^yZ;8fXl*wQyd-^rog9>
z?zt@thzv1s|C6qNUEc9sOSVt>;q$Y|HPGg*2u1<H66}&E7@M9e00e_py8l=N8(fJZ
zLLCJ(?D5!cqANiYOlc*n$T*u1__Lf#FU1RCc6d<LDv!5EmTO?p2hx$k-vT=FZhB(C
zgpPMGQ{G~+Er=)G+6<dJf`{5fEz2YHDc3w6Wa&l%Y6;zc+UZ9A1l^D$<800@jQdP$
zWO+LOhFOGR-Z)gVN^=m75R6h-+J`qnP=PcvCk9*2XD3eFC{*``JEdsuoQIUD>)Szw
zz3+n%1(cvGNirg#+0|sbmxttMR8)CdP|a*<k?bF!MKj&>PtyW96K<ph%+41DH%tR{
z{x_I?P)`DX&N05HjU+`eN8wB%C`iZ;O(7-nP{x#KXUZvNDs_q}O0kshBDK9fJF(Qy
zWHC@rcdh3QazAh-4F51R+4bqT_?^TstIfe@R5{8I5>NS<veZCMk-)lw^X@Y)h|>$u
zK#l?x?%bGT?wZwADSC5Gv+%xN-ni(MZSG(wyqIc#N4kSM-4yM%j5`_fv5s7|i5i!O
z&11?nT0|5)mJo>(hZjU54b7miEN~bc7Ztq4%be24l#2UA>tIf()TvR~Z97yw$^+#o
zKNSh{45JWc8I~NmfngPK;J_u&YVJ&sC2{mue?)Is<3qs+Ha!%8FdyzupUOte<&yz+
z&9L5oV*DEc41SOzsql=`gKD?D+V$@CJNK;Cb{wH{Espi|Dy0wPAJsDp_{TcpIE2e+
z&W|*lK?@Eg9UR3gg8mvDY%n;f4Xx+Lc;suGA<mx!Vkes9o}Iy&9i!PY9Qu(R33NSh
z3T7xsj|Iv85VhGhOtouy7JLo4oE2m*EMY}|OB`~5Sb;XDN&Blg0fq?cb0-tPgA#|Z
z#ocVf--byBj!$>ACD%u*U5)E?tJcxuzaZNs1i{AeSr@$?>z_7HJ7buW$rgv%I^`NP
z(c7vnviFyev>}dLh$O|6v-FR#jLGLFSm^BDu|YT!=FOBDa;UPE$Ier(U#@|!w~&`_
z0=iL;GuyveO&rz`X^GYmPL6NGDIa!*q<<kzD5La<tjhQEQ+{^225!D9wJF{#ptdqU
zOE`){HwLl|Mu&Zj<IiAFC-)@Qm5Cmhq-)-w&x5HMH^2HhEl3PFbmL0WV1_oJk{CC^
zx6Ob4RXfI$kvS6#GaxV^Z(?c+GB-Ffvr!8<3JFMkflz5xzo~wcmlY`l<zBY$laV<S
z3^pJzAa7!73Nkh^Fq7jIL4V6`>^2hJ`zv}Kz#SGzkrH4uAoXK0y8s5V7-W~Z1I%K8
z+)aLe&Z&|pN@}TnC$V9<#Yfet2aAVncb3ziZ-1N|ev|l9?)>TdzutcR>Ga<>cWx7Y
zPV4{Q|NWNz$+yipo?>cGF~oC&S*LG5u|r&YZndNB&S`G{u?YsrQDE8d`Ih6kJ7pdB
z`TObTN5rJl=eG|RTy(*=&b!tn*GZD>GFp8IAxbMv5SK!9t;Z0wIP_(A<*X2WcF8x>
z9PML!<2+l@C(_~RFQ5N;yMMm@@(fh!nsfd;LE(Az-CvUe7kht)XvtV%3(@|;z{x7)
zl2srB`#2Qn;zr<vPBQ~SJ-x{s@ttNCp2!b}&xy$0Lk6K`B?=-kgkBhS0x=nCA=CW`
zPSeRbtl(Vd)HOho!=OMYa+A1fGtvW~BxocL73OxM@D4ZLATmLfF2t>B$+W2`DRv&J
zO3m57Sh7*0m$82^VFl|5++19TmQDzyELs3+X?^gz#xy)3G4%n^zi@TqH*oy=R|W{Y
zR|*Lw(RR36D+_$(Tm)of!=bv+VI$gA7alH0r=KcywQzNK)`ZIh!jydBaGzeQR0n@e
zrDc5kLaBsTDzOH>s4@s6&#1pp>fB4$c3)NMI^BZOvC4ngCOj8PvCXMyTO4y9q6IZd
z(zr4Qu1S>d?ofOVd*au~tvEzmBwUkR3O9^M;|k@LgiMauu;m)AcnYhPyG7eEvOmn+
znB1C__^2*JT+CLiS(1!owb$%)9q5N{QZFn8Rm#swx<(^e{qe+mWtq@IAA_lHoH;mY
zl8j};3Zj3MG9gvr@LaVIR&PdFTN?U}l@9M$!k<jjLbK3$Xoi=y8Bmmz3C-&7PO}1^
zdT!EqBe=*>e4`nQ%^Vw#WF3FgC9ff$({+x(m|=2ETR_Nm_=Jx!qOwsei5dI=ayPZ8
zC;BjY0>nW3xi{dQRN+DM>bcTJ#_c-7O+hOsdLMt>CS3vtj7LBN=v}kjmdtnXj`@xd
z$ukY4$4=?^<fvov6F}cq;up@A+SwD$H8o5`(XD|>ur|Up53LOYd8inKZbdhi(Wf%G
z8!4JN^;EJf#&{pN*&;Y#(TB=F@t%^U6+6}yHm6bq@q_>Gu3^p}CsY8{+o|_RsNL9T
z9sGX*D=o=>BnU4P47|^80?~5m0gUE5i`TqJ0XVw*B2?NMT6do_XN2B+7I{iT5p;dT
z7*wQ@oJn&83`}YbY^NOF$eYNS5V*pjtSGYhi-p!mN>_7aJ7vv`a-S!8@CT3bKh_K!
zWWguC{S)WEi~n%(^4=ocm-qqd^NxncMLvJrz(;#|M{CEfzBIC1(35SFc)a^7dpJh!
zIv_%nglYsnQC8*<edqa+Z(f^J^VIPu!cBLDaG3Or*i34?bYp`F(rL&rYYKcBY^cm8
zMitZWp~L4MSZ5YY3e3EwR=dTfhM1_X*k!umi^-tkT)-;;D)V*jjKW<nzkU8=KdO`V
z8kG)`^G#t>TFsY_%OWqn=Chd_=>a$)u@H+E=GD8qvFgcQxr0k_7~jbK@WT#{M!1(f
z0a9_hsnYN1^qF6`JrO~yp(@S4oc;%3;OqyJkvS8S%pD5>H<Q>MbSLrHvLsS`e0+G!
z1%^Lf{y!N0dB7n|IQ;&vm!H2G{`X=oqvt<E|C4hbFaiIQq#kGiUy}_VD*@lLIUnN!
ze_v;~FoVD~BB!c6wn#MzQoK1Mh23;m62<Llnm8?PO~*dFh*4_<sa9Kbt>~!T`oqMN
zI)pEB2^+{SZmQs>1G6ptt@aE36ba_m{8qI>RAmfd>Kr9tVLfp>)+-gy13t0))7L3A
z%}P)FhM(Xm)vyHwsnB`tD9_B}nfl|ke__OuER=qOWkZ%~n@0?@70e>+@n~d-w+=jJ
z<2xQdCF4T2vT|Pc_kO2j7zbTPCh{6PD=19^0K4GBQq!V<)SzH-U6401e03;o3p{8a
z$xORPjyJ!<4evBFF@XC4w`k~q-N>YQg6Na?h}Y%x%#07%ZL&mzIQbp11%7`=e-dj*
z`bJ!&Q-upcYzU#bnVC^;B9|o1h8M(Il6CO=XrktEUJDZths9QwPg$DCigQ5Jp%5j{
zW(cW$#-q}k0y1aY+tKy;wY#?Et4cMR)Rq#AsC=pxk_{{ga+nAjUhpj4uP_1?Q9RQv
z^KgS#xp`89;aLR9>8Hzyeg!nzf8e14vrxj}2gLhGT+jZOD`kb7w<7H>YfQ1>1N5|v
zCUD~B9s}D3z-(`T3|?p#z7OJ6HrO%ym|euXEc=*w@(*d@vY6<|XA^0{4Uj3nVz-}}
z$W1^17FcW`PHgyTwxb=1?TRcwgois2zh6WY{GMzOckfv}Wd+9#dK@@De=U4n*d0e{
zPNOk_?mYUGMlwr^Kpd1})Q}D<NVD49ij*YMAUlP?zpMzc3me<m0t~$N)V0|+dptot
zuYK@I4GAI#`LQ%uW`Yy;DSd2V4P9o9yc|tpj%6U=Q0JAyD+~`f;3T;<l2AQF@W>f*
z^3#D1AL`hUqJGFmkQdDze;N|&`hLXSh#WdT#obsML!aR;N;2A<Sdu;Aj_vQ%$kDkh
zmYNe*5bRsnXYI79R$7Ne6|f<bCR&TCd#b1&spdRdPm;p!F|7*6&-8gzKcQk()B4iQ
z7M(gq&?>!#gr~ZJssNfGlCChVJG#eYn+Dg~_J?PK{7+p%t)=#Ee``$lZ$7B3KFayK
zHtiW|GgjoBx9fK2TA;5Px}KmiITgI;*6diK-P|O+c;uivA$@y88ABWJo9578=|i4%
z>-vVptFAq(e79Z5-B!(+ebuIr7WOBlvTuG-CEFN%aRw&e=p6mVDRsT1N<L{i;<zSD
z<;u+Mf0{}HwyEjzla(bVf2~XnlInzZeCy8W`VDcZiXT-SD<YtK(bA#$tW2ivT4CVG
zY_x76Y8M8j(SQ8LQOys3G<yH>yB9OON_XowPUlCCa`EB6!%zEw08`i)$4S?!Zy2i#
zGQDfQ0%hb-{*{|E%1igY)zDTkZ91Djj8q>}6#&#sU#IOMC(C~0e`p#KRt`Vkq^$}o
zdHLGL>N?|_@H8KEMvowOW0zDLV6`htWyM)2fYEM3!9k~`QNOnS&IJobA4a;;uRn`-
zyE3j&GbtE7Z`-lP_xd|hD5w8T!I}6ILhkl(J&T-~Pg37Xt}Zz?C%dLArc)`+$>VzG
zYL|!aA@+#mzmB-|K0k?gqO(LVl*GK|d4eL=7hvq4)3;qX{1R?Fr?i`WWruw}9OuA(
zkCB}M`-mnAj_hr*erGQ0ei;4)9G%9KF$)xv4JQl%Gm{!8M1QN}HWc39Uy=1dQXNT_
zYzToki5J}sT<D^7*O@{Wh0dmbzvrRHv1L2Cmm$neB1`A3?|f3moZ#@^+rI~cuK@NC
z2YdMO?d`WOhkt1FWP^>qdH?a(+xY$#EiR5GoZ{jA&%-a1J%B&FfB*e#?&fwm0=?VI
zAMd}uJ>K8GK7SQAbf<1r9CR0ybv5H9oIwN+I0A#|AY6|2Y$nu$!*IX&Ggx@w08gIy
zsh6kL&^HS#;D(QlEWW29kE?qA)E6CQL@i#tvGx+v8gO&BeEFv$6Jn1JWmjy9Oww*=
zA7Nh{n0`YZhK5|Yk~brVfaMKr<iH9#9u8*WZx$cRoPTQ?rxELIXPgZH^jK#4%Q4D)
z5kc`$OC-P?ShFeoa_p0cp0q@sRp+8oo~UKfL>SF-YH>gw@G{%a!p1Kh{{X6#faB$(
zSSN8||BjxL8fbu>?0JO8(IoVu&wtb)e)JL%d=}H1fyP+&m}L8NdUUPJ$E;ogWMv)}
zCva_gDlQ3MYO{`tvLsI_9C<5<?Kc{>wiIb`<W}a(=v3@MQJyjb$+4yTvU{}KHYuBm
zlL;v!f84DHA5V5s4={;6-uPraM`DsliWQ(DE@|gUDveG|D%MDhuXz$&(>};g*o7+<
zbgWr8rZh+_{C06CG=Smc#2YW(oZVy*J|Vb3f4#Z9|Gl%`bo1558tW#A)_Mb-jW$An
z-c8QS*sip0FnO=d<(Zq<WTFKJ2CXs(`4%wVldCBT2m2ahKzv-&le{S|e~q988)7gI
zeDypM@ICPO75_#vfdRlZSFkh&4xiq5w!>oCu|_<>`tBFj^zs6XE_A3Pur$Pa978>9
zA4UnEMzMu71M9=@H^~y(HLx!?@{DIXAgKZ0uOjccb<XAP)mRtNl88ERGqTnWM%>H0
zS;OkLYuU#-`e6QzKMl)$f8_j2JBeY%$8HHKjOA)Cr|o}y89Ng~E38gDM*uNV6qlyb
zB739x4+XK(&IFr?8svsFGl@aA;BBl%H<<Q<LAh^;>an!V>ff^E6bO788O*BcD=*n{
zdx4{Q-@VGw?yqpPHF?6(n83_f4ig%a=#8zUXb_Hr3$B{cb>#6ee=WmG5nd&fOg+G0
z^!ejhb)o!jh4?WW(JYaLdQmqhA<QU+rwz$e5_m1ju*UY9uLs{YU+Jvl3Kvm@L722i
zvTUWqm^jnNO~&+7DU%PclfzhRH<6R2yaiuau!7H!0_?821ynF2YJ*USt=-wDZPoSR
z^fQTp!|bmDHG(vPe>mEN1c2VL9mQv|y10bu+^V%a^bv8;5rE^Uxj731T0T&lGl9YV
z$=rP_ygP;U*7F&kY(wKRjiIbj%f@$<MYQReELh20l17vSSrs?=VTEE5kO96>9&QFq
znFBgKbpwrCEQufA4&T45ba$HVs_NX^;SLWBDJsOESnI6ce=yy~0rfPdb0>dh^lA{y
zDid9VA#nr@GO`%@ypY>?>CIgB(ofsjfPbUy(c6K~)A$$eJZ=Hu58tmi13z!Z0<ED~
zwjRu)@yzx%Cbr+;%FchH%xr8JbCvWIW_U5iCmU3{ft$*CNpS_3<jDS@FRnurbf%od
z9HXM6K6YpNf8_c4f>1h>BYoUXeWM&Wh2uEIq`J&O)*x7&na6Tmo^_>qWcK1n6g}!-
zJxRYP(7$s0-MuN0zQ$6A!gq92t4-x9%ErrZF2`94;*C2UHBL~c+;M&@qVEKlh?R(x
z7%4~gI={6AwM(v*uk%}n)z}t(daFnMdUKMdm4mo$fAmrD#5OQ|wXscCA>Vh*u4az2
z$n(;e>BNj4#C+3{-IG{GN{1rL{&7hKl-c{JOub!}4zDneVc~VrD-(5rmrBVOU7(`3
zc1=?`Qqm1onJrbQZl?URasbzC{TwT?r6!HbJg#gX33c|0&pzp<NhUA$G1<)kQOg--
zyz^Rle`4M1=}1;L=uF@qjQGU?r9`%_Y-)e1md!SM(%jq<Rmhn%wM>Vll-x;Xl!8|P
zP_0N|Ru^xH3|qCR##lk1WG%b4mvtEWJrK}>YvI+w4HVB8gxLspuc)wtFx9&hrl^d_
z*PWl}J7)j>5yH^KK#oAN%{M$%Wz>RkovY8^e`{r8hjQpCc$GGG4H7jj`ey6lB|jiR
zbmI!)!xt3$dv8|Yz9Oorm#m9!lTV83R(*Nes!%cy%}RJnQ(1uQTKC;eZ`U=z_G)N1
z{Zbt%rbVL!MnUivPf#)8E&f>I%_~H~jpd5zUec~{N;f@qfL~lQshwB{S3qPAHK|q#
ze*u``<4`HVP%P_9Sr;%k=Dn)eff7^shI%BoX2rFZAMI8G9u}I79+$sn<b>9(-DalV
zCgk6#YS~mC(e#X2)k)eahiGmqM!mN*X-b4;R-ct?Al~^VwW@pS-$NdmiDb5=AZ*5Y
zs?V?A@T5(%e!t^Eh+O$4O6?NmORfD6fBbs3TLU(<G-oy3OR!eZsHk=m{tX-~B0hl^
zbt5iGkSdJ*vQm3{$y%R^_sW02B(<vT&C@(P6NI+8um39B5bY16JwUU^KkyswX1z8=
zShBWSgtyvdH_p$cfv7`>lCnsc{<XFAUrhC8!HIlTfX$ty0@3XM3;QRw*Ts%hHMvlt
zx%|$7Ui?=ICAKqkv)RZ!Teopj(SbdMHA7T==XSZJlh3|uBFI*!ZgamL{s+2-nLU${
zITW*~FSH2?^TTES8CU<Tg~F3(IVJ>)_h}20kvSg$F_W=5M1PAUxe>niuc-4vmlcvy
z%7mt%o(A96Zt!98$=)>>ufcQKzweMjkI*x-m+>@{Rh6Ywgd)CpN+r&4`t9w%CxL$k
z<jHRG^zG-jzy5IgPq-^i-~Rb_`+Nhj;#dpfY)_y6IQ`+JPXMRSUp|DSKlM@oi<H7B
zsb9i?krpg0!hdQ300M6AKaSGlahK13y*)qQe(cgVn>p(dZK1&69Cx9mmJ%s0VDKKk
z;@2Rp&>#d-l7R25<D!0IPJ5Mj9nhA5Gi|sAd?y#!XugtKf6SbwvFCLtYcr6XKp6r4
z;Y_e8oWK};UQSk?%?TvF`}Xtcmmg|^ICAR|ge!{h8h@217Wo7X*8$to7@WT|i&y%H
z;qKBGg)@y*t(^$Pio#W3g%zmF1)PArT07qkXj!LIBNa-<lafU0rw^en@<ZG%5H44D
zS>i{W^>uj%gDhS22S|5cUf%VG#@o_;?Z(6E?!VHPaCd`^8$oy71+;%zgum^_5wTl(
zPOSKxw14!(yCtFu++>LYJn2PU;`7!GRWyOW%DWrj$rH!45}KG8%(qug{XLL(-$S?&
zp13i|5S54HU~|kVx|9qsc`(VwDe;o!6L{U+05>6Vwj~iTc5j#WHQc=WsTO+PaQ4}x
zIP`Cye;Ok~Y|+*eBBVh?DB<|ffm$R)3!ycnm47$Viz~;Q5BJV9icauOg1l_u79xUV
z%Ov3^d<7LC0}Kcx8l40nvW9B_5-RUmN}gFuFEY`=??8n|)GY#v6w9&Z3275YrzJB6
zu58gdDkb6nci}4zjBJEiGC+dy5gi*L#(_@+UJU0mFf5yH+(VWY2Y6T61KcE=<}3}?
zoPQU`Snt~@J?iCc6N@srEIXR<I`=l;1+l>W0Irgu#eKVH@U4I$KHU|-VGrpcKSh99
zS_CYmGp~`wJ?dA?dEZM%D^4D>MO_tat~t)&bpNLak{Qxy63|GYHT)N?U1vCRAIdFE
zXAd8jMvF?{M;BGPf-MK>j+CY<U!aKq%ztP!O&8X*kbPz5Sp;W}IXy1dg7#S${D-f~
z{lnL_$b=SU8uZaRRt9@Z#5Om%TPWl!$>K@$UrATNQ3@9&!@%S%;{shOl{BcquQvE`
z>pco-kOy6-4I0S|*-u7y9f-y#;<_V>*~-hD$`c~)^rOUA-}!{erXZ#TaqWOd27jj0
zOc#Iu6?1HJ`mL+FKmYMfoZbZ{)4!e+Iu1)8{(bt(0BORu>Rnv+xz@Imvm}&$wMMrJ
z9*b$2Z22g;>_>TqIrJbYc5t_*ITv?k1OZFrj)!x;MplQF5|%AY7%}VjWukGVB32E0
zkjE=n@wuKT;kDydlRLb7bUsq_qkrTmjYzf~f}PZ;BT|&B6?~WnGL{#!dIs2gjtI$8
zNKESCX|Ge4q_IL96rcj|Kh`?12`LvZDJu-pucUQe1Z*aH7i$rmompYUGIc}Kw{pd*
zP1DS<io4v9&;pAByuZRzKEy-15vkA>i>t$w!B5Bs@}PVzhR@L~jH6^(jDHVrS*x=w
z#x7YDoRzaE;c7MiVQ5j>sI#nK(8Q!pos!bnTQZ$VvYInILQdg4wV#<lSBI}`O^HA+
zOAT*tgbl*dkrd)krH8S905zpH^j1uSybqudXik?{6%6cfH3J2tJVJ9DV-;Cd+U7Jf
z=9r3=7~BwR3u9rr@O#nrqJM2pZB2JPiF=xA*lW(0a<vqJptnm@lFim$Bza>u2+M}}
zXXL-+260TE^;bu3xypd-why?gGQ!MUYS72EBr$TFspez~q^61pcio6JSEUQ-Bf-Ak
zzUZ!UOIi$R=6e@fbxDzvQjcN!csqtDRa-<=$)-}PWq2AmK?**7YJa%7c9=!aGH9}C
z*Qjfm3gMEFob{KOX}UAy-I7-+%Kwxs<ni8!nM*qWqPfhA$||8Ydq>M5`+F0eBaM^N
zF39F{cv*8LvOvb!J=1fuy9931Oqk*eOzfBDg2h&O@sm|23-^U2MKepE7vkz3@|7ts
zqKO{;Oa*fa<2tpj34ibIh(+SHj5Ijzi0ku&mF)zcyyU3eWNKyWsYtLVy~SLk6wYI0
zpT;%T8E3$H%;4OgOH33^hi^&aie|=(ARb0(vy|OcS4iYt)4T{2?2DsdE)mO9e3lY<
zAhGrYOJQz|jaL<hZM+cNQgO;nW!9Xk+MctVhnp3%&ULOhLVwh<HqkWXds`VU>wblE
zaxl*uhe;Tw*J#X)_Ls5%v?@%fyPW3~>Oh}K%be1t41lLo3<_+bU>+sjx}B&JLO0g@
z4URKujih_ekSJRDqpszCKk}YQ1g*N1ga&KRZQ+uO&UV?V*u#-lO+P6}n~8r*_~4FN
z=D^llJ?|K&E`MS_w?Mx;?pU&<iM1_5DMPIFl4{<j*zyc*>M%Bhqjk*!q?cEz=De>|
zv;wscSt+ZWY)pw-D80S61AY1ti77B-Yo?>ju=a*rZuYY6x1*<fEjyZy!eE+?xj@9>
z0&V9kgej~lEnjO2f>OAk=ey~CdU5kO4Sh>JX^O~Aoqu&-emQFC&?}}jjA~xYoosg|
zN*<nG*rL}K<d5dIp#S5IK<Og%un$NzcaQ$Q)lS^ser|oN({W^5uG8Y5q8@a+!TLy<
zHt}4#*nabJRQAo<J5}?IsPwl7i{4F}$sE|MhP|ZT8D3un(F0Dl<+}CENUNiQd{7lt
z-TS@^=zo%8Q57JQ?LlV-61i<{Cu5B%$v~_vSSL^zHfVU|<ikno<gs*zcX@jyWD)l=
zX!Ayydd0;ILS)DCYEPi^%t<1;qqm~1p<_`{<{V`*aHL9V5|6L;PWOD&6d&u-?$H&S
zqr=3oume+UBU2M&XTO_uGYj{#W0<?fQ#66T!+$bJudLv5Fo?Tqe2sZ+RloI4dDK)7
zi)r+bt8U&nYKo*{$I7<^uccttz*DjEeF!&B^T;WS<ON`+M0n(tJnKpZUYB*h?7&g)
zTcnyx;IyEqpsEkLcRY*v`PVKFGH)C6u$?ncHbG=}3IYxNj(Kewhk0YCm$HmJqHc~O
zh<_~$?zX}<IP-*^dOyVkmMZ1LO^qq$Q-5g#AhKN@Oks`U49PNhCS6@8V5=(2`q&V!
z0BpAYq8bQ>Q{*oL_31@%?Wug+K`e>duvMXb^Qou(wv;U0UzSlq#}r`F*6=!5Hh$mz
zgrl17WNWFY3I|o@O(5r1WnT8z_ThxvO@D7i_O%931-3!9TS1tkbGT`N-kbAxaMMC7
zIIle*IImmegPOD59NS?HJEvIwq|aA(8wNT%1~=stwg63EzG;Z2q}FYq^L!u%m$h6-
zbtbL@wT@HV4T;$a?k3LlQC^;jG-tAE&Z)agfHJ(}vLv;z6rnth>YH@x8NDR14Sy7V
z$kbx-$hz9PX<gTqUrZldx>N0LoTZUgH?K^`U{}_F*Q8@&{KIW{9G`Am5G>v4{4Qx^
z6$OZuOEg|w4BoiL0|SD#5gvpold9<{Ox=E<uFp&qy%SxkW>(TB>=ea(=>qxbv7B$P
zTD$H2Th>e*BrCoAyV@xD4(BinSAW9})NQ_6^Y5D>WaF$X>z!yHlnpsy@L7H=OY#Qn
zAT*8o%lp9=(9>>pJnyH&{4jWEA=Vule?Bi6u&J{8Ef?bDc~2-*ajOepD9!~w51kmM
z3F%iF;W(nJI;dJnrxEC$&k17dkA9&6txDLB463zLW3&LmUbfx+mBZ02=YN(^QtV=P
zZK?3zQy_qC{6g<!dDSSc_JI1(VF!?RV;>Jzm6&A~a5l0|GR!w4sPg0nnh4pQ!{Ao8
zTg;BEGA`Qrz5V(#RocTuZxL?mzM1z!z6N>F0`8|=9Y#96gAq+>(ZG9CI9?UYX?{HY
z4+bU(;tFMMWOH<KWnpa!Ws{vb2a}CO3jr~cnMF{4pP~d92K+h&vP*k_E{g8jv<R94
z%_e`p<UBY-N|u%80zul~;`*2}IULU8n}=vlcKGq|@4@7Mqjf`?-SETT4uAS;_}9Ul
z=Fy~S=>Puk_rn-ZZU`Zr;_&?;hVeAf=$`|P>~xy*2q!iJoOk%g;oGl}jt?>a%ye+X
zbi7S}C(ldU0nSr&Z1AU4>EMXzSR3<6X=yvad5X^e;JHx2rl{`rc}Ol#OJ+We!{=Xz
z-+h#o!{@huJ{x~=XX`Jad>q5sIQYC??AhMwLH?M^SC{fr^HDxv7EOS;M1h9xQNGRP
z<5qs1FGo8Pser_g4p0nXl$~OEQWnv)d5yJyo*$bDIK6AgkB^B+0ySBNE2jKW_bs0R
z$-%r>k2F;>?vA_h7%1TMTl)(?tTS(lDsW0$-kAT)ISYU$d@u+2&4HZi9!F${$>Gl+
z=>(^!2m8zC*N5ll;hQyc80V19PMgEoeq27kTU`*ceW?Y37hJ9J#u_u{zqc2Qtuv>8
zu)dwSzuFKu978tv)?lqcvG;1I!WYv(u}t})Ry0}de6gN|%_ix@FmEVur7~srN}tGs
zTbrhA1IJ4z%1aaa59(3rK2@H`^j@oaQ_0b0jB0dd9R0KTe+D8u8|R{(%;=(-Y&7@s
zWS3@f3s<)gEh%B7>P!v~wu%eRnL7%9_cEX9Yan@(^{YXugmI&5H=cPr4L0{iQrRT=
zzdB5u%O@Yk!C_o>WmujGTm5yDoHf%6dft$5GAaAKOoiS0pg;it1f1#!W_E;gxN^c#
z#>a@$Y~jX^G<z&!iiOx%WQv<4O$0Z)<=;X6XIx+(nUO3q;0c$R8~yCg-h%Oe(GPjE
zAZ%aN-168vhPa3v7x;F>ciwUo7MMIS0+ccjbxGK??U+i`YYoqZOb*UX$5tk=0uetq
zn%PHnN)S%t@OdId2%G=}!{s<JgbQ885o3jL$b4rd1m311*L-P^CKTysWW$42*FzvH
z{Dfk`G+V`84LwgJ+61ParxxUYl$etmcfc#qB~ev9tTM7UE1_=F07jD&p3VRsEte~q
zg0(76F9Wj56eJ@_oHHy?g%zsfIj0z{#UbSyy&Ex(#poSxvM^S?6f8UzPcFHe8;k$g
z@{4z!ff>nY3VlS?>>L<Lz%JU57*x(-?xH$>FDpFTS|b3bV<%*jsSRp>aG=I}UL7sm
zYm|8IGk}~C_XrR?U<n*1^(ms#)~Y!wJ{26`QWbwCHSL4EY}jgp&_FF;u-4fOG9dBI
z5(gW}MEC#}H!<lAeDqjYr^X925KXqFCUsup<%@t7tAp@%(-gd2#{x0y5>#+E^f*ow
zGGl>jlWRSu_D*#`ZO9^jFezJ<0|ku@t1$<J6d<<xcmWS)*g=;=EneY|7P(rOKgV|<
zg)=il6=<pQQZ*0G4q&$ap-^&e?YK|7C|odZF@k{wX*!U&_aW_l&^?9@H#UtRm(@KU
zG$4@dwTFOZ-X2N@I<?-XbWSl!!E6wVMXMn7cjac6fcDIXX=3JoZMEQH6%J_nLIz}b
zB^iRaK&C}9XdO>rn5rMh2QM@Y2oR{lT>DYUI!ZK|F8iVtzsHA$cNj@hmUQH9TDzex
zZc=1d|I@Kk&Xz;+3&-Umug#<+o_`svhTky~_gT!cJ`W96@4`}XnZBK}0d=_0CV`%=
znw5O2Eko%*%Ajk1P>X1e%NTsrQe0B4hvkGNGNaraK~$=s8uWHrlCt#^g>lXN?XZnF
zFa25aiO|=UH_mQ11<aG)C3YKGJnM4%2;kL@IvC?Hmu5!kx!DT{47@J_eBfv-&(kH*
zk41#O@SQ)dsG@s;rkF>M?1yY<S2V-oGdU5=K58Mw8_)HBdCB%{s0$+OWIdkq3F~ac
zC{^~_gegCb+(rDAz!ci9N7rInzWRP0BI<llBD)j5e9{H}{{?(Ws5g?&+}MxQFae2L
zOg5!S+os!tY%7s^1=wr{Iq#aVJAiG0YdfqWre&*r6$IZjC3b+_esu^w{w(Nw4|?8>
zSqQ%v>^%#A;vp4sI$xGQ<$Jb(3Fq&|!S$26d0sR>y?D|_>#2?B+CZzxCaF<ZS`$*l
z^hG2lsM>Q%NiG(mI?J_N(%XPShnm6v1ViH#CcL+`t|Ctj{p$F&99i^39&IZpdzHh|
zlbXOa)q$dku=UA6x<kd&qPv}Romk64DgAU^yV_@e=vnDnBD#LSK0?<B->6mJy}Ao}
z^4mm|@miTz5Nw81_Z;L(9D5JQE{fha40eI2Vw$!;Jwc1G>itC@to9Qg7b`6<*ZE!0
zMfM{8?lOyH7M?F&svD;(0dDbTZ{l*<HC<ULs?)N{KB^)?`Gk(*i(1t}BXCQNmFk)v
zoxHez(l2G!gO_fx+^S_sZlgMot9#v*eB^zokmD|8EkCk4N9u)cy?0YsQC>DRJ!;kL
z64+f9PCLva_VNFv&j<Ampu)!jprxZJ?|@(Rw}{Sv^&SKpcdk8rr!-C@f=sb@Y3GRl
zQsYTNL+@%7m%uD>vQj|{s9^_a9h<sYMG1y~J!PG<FsveFa~0y1jJC07hjE0JSEgSe
zt6oWy!%DR3D+}~A684I9EnZK(ga(CODzVlX%UZ8k8H{c$O7}rWxnKfrt~zaRI(p0{
zGsS1B&H{*i7gl2*C^udfP~UW)-d*46>bt1|dZHAK-|EFtP<h-UD_S05tCOTcVojKT
znqVV-&F=|RTe)ehxP>9J#wD$78?vIjzU*DRB3VtLyNX!Fq~$AA%9>hRZ}VuO`Kkim
zp=axs{{2)zug3C?BA+|xTg@0ddEV$((u^U)Y`7x=PtHIB{)V;=%#>Wt-iYUb>xqNZ
z(sO*Jp&_-am1D<xKW-c>WOtbC-^s#%a&i$$<(k!%%SM2IR|-XJs$sou2w{L9U!sDe
zsiah#Y6DZWbpOHQj~IIt@kquT&-ThUKRoRK6T+o^c!jUcZh@b|0@!B4?X%GNKv`V%
zYb1rJ2Q@jm$$ml<7%mzL^~mU4o=jZMh7T=XMX97v81(w**a|fW@A7n=Hi>0_hq7a2
z&(X@Bi=2JUAkjRZpzr&oviYcveAT8<<f#}8l{dKLqt8jw3e8iL_f2&80mP}n!N@p*
z5qyZg`Cg*eR)9Om0y-0@7>^@{xzJ@0YlK<A!MlDvz>y2wum7dm-FUIj+*RjiM*9pu
zvEj40K3mTwDSd%(KNhUQ8yMYx7;8}biflAvwz~!0QZ29Fw~INhjBAX%iBg(`OQ(62
zMB&w|<|eNC!|y@eCJsO5(bt0=zAJZ>J=}f{!}m0><)ZT+$u^qF<&H*bZdj+S>GfuH
zkl8SLJs-E<N87_~>xua;_po1*Mtb^AciLW1Z*xyFA4Z$}Sbf%a^gY}x@*bK0a{t?H
z^RMrcr|kvx7WpXiVYJB)P~1!ZH@o@GZr<6=H^YAbeWb_ulaV<Slg&>G12!-)v)WGu
z3N)w2S?H{__o2(R*(kHZ0e<c1UiB6qP)b8M9WYYCfuNMFIhDW6LlVfVW`X3#)1L{C
zT?vzsITN!cT1*NvP=F>3n~vpg^YGN6M|LpgVq0|SlYnu(?+8Z5=6CfzUylSO9ZQqM
zqnP@q)Bge1xt|V`kvS8SxMYEUR<>kvIGm4XJ}7m8)30y8oD}^{fG0QO>C5+TfBWY2
zpY&9nzWn&Me7rfNp$_n3P9Og|{b@C)`SkI_yVA-ijb0%<!O@*VfLYyPQj<ar2#Dbu
zJk?z}`do}wh!15TJiWo9R((^bR=A<3dqi*27=uK?Ylk#a-O&;Kuma+L6P`o?l_$zG
z-5X7m^&KBX<6#z}0`Rzg{Pgzxc>8v^52Y?{XCG<-3zoP>UU9P{SYZOIL7_1Q)TAfo
z3h@pqToE*CnyYR^$H8nYaXwdCc@K&AC-J?8?~x9XRpCEUF_Y3kg5WgLQybPb%9x{_
zO%C$T@B~0x`};e<^=#gM;eIvm3i<1zZdZ6$HeBKpAHLqoy;{n>=X(s3jatK#^?G*c
z3IB+Wo&v_f=G{zb#<?3H$b~Bn#CN6{XY-;aafFo_qh_KDa~_k|3crOtKqVAs;NzMp
zn1c<)5iVaqhb@JrB2O%nJCVjTd@Dz>yD&pAQUt`*%=PTkePW}36(IA$+bgo`h-XD<
zu`|CN9JXDk|KsB?`(|R@1-E8Wx4)D{GwX#qYeL7%8FZ42jteId!>!J$RN=-X(eH5v
z$_LhrzWD5$%o-UAgg*-tJE#M@>zp>g4C0Q9q!n<!*rOGKtEs!j00Ln(S^@RMV;rmj
za$p9}E6(JZ<j&fE?yRWMUS_$X&npH$51?b|IuR)NJqq4l^oZx(HCe-Uo-b3J07b(t
z>5+_-Of|UUBiS)MHbHYXs{hRQ!H%ZnJtmEf!^{=m@wux=XGn#DgJNT?9~D3B@Tfux
z1&%G=WSq(f635-7mlQZ5((#Flv!?5mac8asCFVr`j?dSB3NAaqxnZ<0;I6ZTC5c!G
zTLu^^2y~b?o>r0Lg~MC2BG@{-;7=FSOW3j|G%7A$ww^gSz=Kbz@0_<+@9|#dIa26W
zmwpqkTF!-dhw%IYarc&r&QXahWjj)S?m*ch62yo1V^!IyQ<Y{q1)C%Lx(0+rswygG
zZ51UVtgl0VJB_e|REH{>GY5fI-goZ6?5;aupU4^!Ydha1Cz496`=1kMIRoJMErX{K
zLAEoI?CwwL;B3hE<mJ1`&3^QXx-(c4%LMeue-N@^J#nt+LS`7khoyg<z=J~<v*j3E
z=##?>WzQ=7syT<IJaR%yzfmsC!6#5b3Vk8uh56xssR_Y^b8d&0shJR}=({)bVZfl=
z-ft1&F~--SIrI+KnM<U!owdn{k`gd$Tws&0YPVY3GFkYR@cf*?%vJ9-<|s`eERwFa
z!pJT7FCa98k`%!tkCn`N^$pg<NHrG%Y)sH%nUW|2@`ojIvlyBY^2`mB^!Ugs&Fm?K
z*aiP0xa_T}Ch!(T6_@eVZ6n;Q0vaWFlmekVsa_Qyn0xWXmz$GQX(<70lYMC+0hg1X
zX&oLMWTc#UG5ts~dtHeALAJKzF;fFQqLOY3C|O#?F_YS9ASVaNt@NQ<GAeW~LqhS7
zaoH)gEYPJ@rdVGXX%{|N%i4u9Ce$*`f|DU?69l}U%gB>BYCC@}D%U3UALgAVX)gi0
z5ka94eeyM_re-_8VXdycBK0e3s9P4aENYq*{ZRcz^(A7Tu;oo<u+G6~TL48!SjIt4
zw*I!65w;<{#7YT-W!=`u232hFqb=qn&ETeTFzcR>G)%3Oa)uAL&;tUcX8K(A+Bg#u
z(vD<oRg(-f8P$IQH{OnTiTz?S&M_AT;9~Z;m|j(;2GrNImSJtHe}VUYqwOYvZ_#1X
zK^4^jD}LA1$K^(wyEMggsio^$UuDuR?^_w-yzKz@wMm^f?*Fha-?s=@1BGn2#Qd{H
zW5&Ur{iuMFN1aWKeP}}f4CN3`S59LS;UiPfv(5d;<C1?Or@eL81@*AiL$Y|aF$m4Q
z$FMi{;1>nB_Lv*nn*uzZtms%Yqs>Ke==5?K{TU~YOHA%Ezg{9l1FH1B>YC9Pt6-i=
zuN1~KsqUYN4%rfVZM2DWiQXOOd>Ta0J)ea=FpQXJEGR=}VyT)3f*eqmdj}dJbOUI6
zOhs@6%oBf{Bp?6$`AtzK@N2{FcYl6Ur!x?U{e03&U#58T@6%s<lyT<b#&Y@!F{`-)
zsZG%?JCr*{!98d}$`w+NU~<pwb)a^e+1$Y&a`OVJ2I0yaG<MsHtLg0S*V@UMn!Kq(
zLUE=bqmefyFpz0W6>--C-=4jdm>c_#g+z;lASr+AAaT09=zjZaBLVXwFd?DQ_RQ#i
zb;$wE|BFjTK7JpU9LmY=og>B5GW5`$ma$~>*_Yg7>)vtP4t4Z9)VV48Ao0xM#4Vlh
zO(e6KPyYtmw2D?{Zm>ywE=a7I?o%3$k>{X>-5M9}?GQq2VC9e;$HO7H5MJ>S@gcfS
z%sYRBsRuU%%smGFl~ADGgaK4M#Cupp78Qvt^ejbl_UNf(xZ(AKt9viY1P0LYEU`GV
zmB=d_FeNQ@XFh75iZLL#Jo$T=0?32Sv0H-8uZz@^j8eF9w$>amInm`>it~3le0x6h
zxqJ$C6KR+|F)3L6WGamqs^!rZxjlMZa7cf|trF=@us)g4mMYYiEU&2}3%UKyd_CoA
zn~cp*BAM6FwuPRe087mc8mdtw=SSiYso)EfQri;5um{9cxi(k8)XqpOu$l;U6K`t>
z8H!g!x>C~bAF%CI$-^9czdhDf3hfIl>BvP2EY@A3ao<<x=AfpF_zr%`$Mgl?4>Nz|
z&M$x?7SVL16g`ty7&{XVLO2Wi^8M+DZ$_E~gWW4AmdnX_rF5abFC-je)5fX2N|d5g
z40nU1tUhGNK>6a&Sw0+{){DH$)nlc;6;-rQjzglWR9%XWnsDUW$#~Xgp6qqh-sG4}
zZQO1_WZXa%4zoR#<E2q;Awz802p50oy8d&Kz3)==#$YhK-U2X@*}O0qblt0M-Qmcx
z-P_7mB;htRedCsO&V{8>t(y%S!yUDBIl?ANv9<=S!!$hwQL<5Q?_(9RdwNHS4GCvJ
zm!=%fBS}ufc~}r5i)4=khU#rZBCxE5B)&cU7t`(u)(T~AWOH<KWnpa!Wp0z6IR=yO
zZVUl2ll*Q&e@Ux6w-LX;Pcdi1OtiMT;W02hOCUEV4{|U$CAJ~tAFwa}`YBaOs?yTk
zgH3qQZ>C2}sp?m|)J30u`}pOg;BV6A6c%&(^~aCDe|P%thdya|`|Hmi0p6={F(>C2
zcxrPAFzEEtcWELHTEAc%tQORAnNDB-I{oPdL-pzFf2SWlmA#rzZLjWAId!}0Pd8o9
z+I}hnue5;|YQCOb{2rfigj(a{6(966#E<yP64zOqN#+4>O(>Jr>p7(Lbu)@Kbo9o(
zu4hAYj8SF2p71qpHI)%^*FuF};NcYx;!Wsx97<H-Px^_Q%hmBnUQndmb;+CHra0Y2
zmK6@+e|)`m{429`COfpuoy(>~(OmdS-wl6!;nBoNa6ej-D8{2{VBr#f`^VQ`KAvA6
z-&e?)mIxPT9iU<#In(0dStCaZ?0TM)MDI*#B#w|J1#;Gt1Q))Y3nJ<hHLxhV2oc~0
zJG)4TFqerrExG}YMHY<l7g5Nc3avA%1kJxEfB1p^BpkVFeJRikp%#o8;#x~KZA<+u
z#m?L)l1~&Sdfo(5I?1arNQZ<cUa{!$7+YbER>@8mdxWi7byi96`^jRaZSk=8Y@~|V
z1o6z~7b)*bq|a>G;AIi660E6Z3NpFVsA92r?Fw$8nqT16DEOKu1FDP8)-$SuXddNS
zf76vDQiF1E0wL^t=&~1qLT)Sc<bmWP5WxJBUa#rDW9G;;kQ<4v`vxvt^iy_GAo&Aa
zc-`T`c<@$+{S9M&7KTNzZO1`W7~YiwvHm4^JhBdB?kBty{QMqmE~gQSjK-DcuT0#L
z?i9;#c8zHOmy6pZmnUiB?Fxo<=IuTQf8D$R1fu{5#^{SX0)jCcVar^Z=Il$d3q<;i
zRC=6ruiddce$p&djoU!M@wfcZad?2-3Hp{CR9s`aPHA~F@*2b?+L@6Y8H~S}4W{`;
zW31;de!#SgS9+Nw>-=JS9TIWJ%z%rbjUn1JKSjht2Z2+P^q+!x$?F%Kk;2f+e?aFW
zVc?pAaW9E9sg)SP5FIuy_=JZ=(dzig#dmA|ng*6IQ=(6kC&jg0{AN0DOK-EKPXxL2
zx{6ZrSmlTr!b>{d&xoK!uX4|Ly0QkFro_ahCJ5)JkJ3=!CIub8AUYI0g~0#$?IZfs
z-zr%A_0J#bbXJ$;^erI>zx?O)f43H7VFF}9Y&cTP0mj18$A&weAsxR>6>is>GdUHg
z6m|31NW<Z=@l0E%b|D7CQ#|p$g}nt>RNwPI4!eR#mnfowfFRBGu1I%-ba#Uw-HV8H
z*V0|m4H6<q2pEK*qzH(#q@aNQFYow#eZ%j0{`)-a&c5!PGjrz5nVECB_pacMVbo)j
zKw5h6;p@%7A@(=0cKk0gjpG|VuO_@A5{tXXdt$zNLSk5+|LDz(x|iMlZSJA<1tX{~
zCEa|I>35$RpJ9EXoA8~t(JFG-43zJLw68&JnUIpw?&JDvT@$TrUTb1PS{X<hcw_6h
zRI30ZVcqP{**PS{ye~k3jV(lcv}(+E$D44@c0rc!B$nvv)u(tdHlf7Q>H)dxQaZ7H
zd6AC_-<!9kHE10i_S)t@iu(L>-*Hl>M{$ntTLr(gYnCl(t4|r8`GZX|Y+sw6Srl|~
z?b7%9hoAh2BV(r7uQBOl-o9k{_C0;l&PRwFzmq~{b^uF4R{mR%#-aKP#s+HwSAsdJ
z?vAY)yiA%co{{H6o~^XrTsoLg#|@ua=k+}4<62!s@B7HjD#vR=cp4(91}JxO$ASJw
z{q;xAP<$t6R`#cC4@Ro3e6cqtR8SM#7nOc0T+)1!<uN>b=L7TD3d?<Hoqp!r4gE_4
z6OG|`9-mp!1Rgz6{qXzOc6;~W!;uQw{d2lEJICLX)(P{Bq^MAXq16T;YstIZ;xu;6
zEuFod-TjIC-TGx@C)S5FMnbngT)btRFg$H*rTY5k(A?cCN~5Y81ERdx6{+ZE-cnlO
zkVr56raE2IVZmrW`=LV7o;D%whP(ORBeA*9dUeCanDs838lzHD-wNHYV%DCaVv^1c
z%5E^!PUI<-11nKo4i~*tiGK4*FK~)CUgkb|gj2;X@Ag==ZA+#O`(C(jWJ1@Qtpd)Y
z<of0ei%3R`{3ovYdlg+V*qwGi-y6l>gUo-JcjCpHljU=iM7-vBubMD-@yZ3gMBdk5
zN||b2cHGZdtdPv&W-@dmlWU`evQGX?y3<$fN5@8Mzod_Tob;1Ax<=NOGxN5tLv6NQ
zWfYT5t+H6XH^)h-ocirSy`k#eK)Q`P-SrWh3K4K}eG01ik9M#&d@igi#2M-|^R%#|
zV>S7S$%T4jJC!`GO;T$it*7@Cpmy;RMX!rF0-rwhi|~)GjVsWVForCP6$Vj#z85M)
zHOskR#LC7TR-nAV{etkysCvV7X;0*9$DYqHi8^`vtEm%r*Q_r{_<MjKvMmzN+IkAF
z6?>J0gt4$)E#vUpr=*y~UV82YTn45N7Uh$Ad)t2|?8-(#wJbklZ$x#E)U7p*Fb?@V
zj`)Ezt;ZFU@{3Gc$&8t0^z=eDBp+#-pE<ZDd#jR*N<0{(O`>cr)iZ5gzVH*>o>Vb5
zpt!`X_12rt?4wwv4VJh$`4vK|%Wc1%tH(-CVzBT+b8P~{_sqg4_podkOAEv`ZZ2AJ
zRBpv?gBDS&0wui<_Mzp`PoQ6;Uy7C;U89#nPyrW<6gM^zH12WK3=qu-MZ&kb_BWp0
z^L&>yF+Jq!cT{aM?tWQdgUz(JaW!i9Ta=F_pZk#M)NDF<Dt^0PNREN0HM-S+Ax-b)
z#kfu-<@cr9$q&^yP1doW3GC>}a`YhIO_ck6EGFuSzot36XX{R*u`+~3sLFhEaow0o
zIBq?PwDXX;huk3g$-vmQsFj?431#RjIoKw?DH|s#OAn~G=3x<!o`By~lnZy4j=M&0
zC1~cB%4>xNYXSRRnVgiuDoLvf(=8!e#O$g=I~Dit=f<gGYEJCOEt!cV?&6`2f((U{
zhz*0t(!7Uowe=4+?m?3K(~V2}WAVIS9<*z>aKo%QLLA7WQ-;2zC0*fNY83FWvyy+y
z$FmpPXLcB*&DSt~bCRCsr}I9;k4Z}pD-yDHldG!&0?A8xA1#f%&7YMzkweUr=JxL}
zKJYniOTDr~t(((|Jz{!Lc{7p6b9#hfqIvbnT#+GB%$v=efM6M2-ES|72;22C`5fR&
z=7QqM{o#d+a`bJb!Ke>6gNaJZH&nOP4EBkHB}com8XLzTaXn+x_Bg$WFSPuZdd$oh
zq@T~f@ou=8cvt#Pb<sD@o$%Mh^QJCScESo*@HQ99L1dL(_pq%D%J*^=m5?Nr;3p5h
z<up9f8CbITQJ~MhJn9%8_06KO`Gsz<Yd5Z<ajiQub))j_ljGR!;zPp>JrC7~Nzb~8
z2<|R*VG9`G+UoCiEgs}v-e5MmJVQH?PSA7^;b(BL%ak>{kW4Ow>-z4a&Erw3M>^RP
zKVV$(+sZ;hCD9SMyy5N^=gWI-137%(_sF0@ACcXBuDD#wn0&+i0AW8#%WiEmC{Qe_
zWmp$yMcE7}e2AOm5cbu@5~K!~xU0$=FWezn=gb|?s1Xmi#YnDFhCF0gmR0dge<7uX
zAJG=6npJz%(@p-GO<sPabp)Gy#a>yj!Ge~)Z63ZmqwD|{NjzU;F7Dr4dV5Rpo{r{(
z0*ADh2$aV9Wu1qOqcB2o5E(E(X*wxagcYdyQNhgHm$mRVq!qU@!6Few;I*W1%T;Nz
zKW}`tA*CjXqnPS~Guy2}%0ho;bZ9@g=E?d{3)lC#9l<bWk2VX-V!P*><Nn33WE^?c
zG}ezP#tR3S_RL(eq6yv(x7~EqlTYz%GO3qfoe1~2{VDs`#i97;_x?JAXy;7=g7MdR
zdS4?(UAWRW06plRbQwvUWm!uU^MvFu2<IbPcb$K}Hru=Y5`K~w^0_)qCzus9sQF$@
zIMe@Pw)q#|zxw$UL;^yg>(+z#h!LJfck9E)nYPyjwyZT<H;9NdzCWRD_kL3Z%RMTs
z;QHoXj{NxxuG!Qq>K3r}{Q562)~=x+N0ot3TW21#2-XWZQD14a+pe83o3e|tDDT7x
z3z~Q|E|VGe*v&jvPj;^QWQLEwW)eYw?NHD1tf=0!ox)f&XlR#j5eHFy_#%J(>Ff06
zWaR@_-QYP~hp<3ZC6;S`A1ngg`1qF;Qp7)ZUqkpI(8t{gP2CCjHAL7c;BiGqTFcj8
zkQ-6oenDyMwUO6eXpj?<SB&IPf%Bxv|MCyH?u_=8+1bp)(TUc3lYbTbM9QO7d*prC
zO0(q{TUwW}`rP;4@nPi=Z2IyH?i2aoZYQUw+trZKkAlA^+dImX$Y*wo>qf-hyz5|m
z@GgX+husXj%8-5RI({&L&FFzMj_GjUm)&^xzWl9oz~kl+0gtCaR35)2K5mgJB?><Y
z$!~q^%4?b$Bc9{zcEGnaK5RcKxLW5)z3EnX%=m1M5%&A|_{Jr-`;Tjjehwl=(-YVr
zQCDcxT{2^KxLM2h_@DLLRfsBm-(9{CMje^eh!eYOaoC~z)`_xC!Uii%t;yx_u4BRV
ziIvphTEF1V;@-T{kr%qmuGjg?B{}@`IMEe)_%#eM3B56~(jyZ7Kq}l1>lwf1t%&Ib
z(dd=_Wgd4~+Vy*JuQv@YYa=%A`m<g3!`n$;2X}b?e1GUt5ok4JOQPy@cYBt80zdO=
zG0loA^`{-sa1W8=9lb5=SH`Es%|adS-GWwcZxu>$P~&^qk+9n*5*gL4H|V<M3%Gq~
zUJ{#Z9=iK>3H*C@mvUmJzT+y%TK<y5eRc^G^@5C{3Uhuktx>oO19~t=EQ3Slm+^4m
zu>O?nL`gzpV?Y0gSJXa2Marq)*uvQEd*mq`4;8N?o5REolx?+%v2PP}Rko)deVBTx
z(&o#YG(h5l(5`1~e=5wr7ufZE+oIB!?n8f6k>@M%)cWdz%e9^yehz$_&h4LmykS|v
zQHwK$A)m7wwbd7NmUOk^u4>9M^|Ok~x_~oDPrh1?2wu<6RWG?HB>Z!p^~VYuhNJhg
zw+dy(=ZkZ$PRVz@HGHrW(f5r%@1inX<l1g*@_z1}qYaO9ThFDX*0R8KUlEZv%b}6y
zpkw@<*%^{P%hi{_Nz*40?JjRJGO)LJcNjNNsMH=iN_n}MfGK7?eA$a7|EuHG5(Ke<
zS`o{n?*L0k(qpc14s#o)YdtYhqo&^yD`rxqxg)uMrielu^t;g5j@WzKGsoFZ*&48s
zxO(SH8JkIhak<x4+}H#vi;aXByKR=ATdp4eN`Jf@Jr8%w78pC&nl?HfK2f390Z+md
zGtD+H#U<8q%cHsbP<i(xU=eD*mu|Z>-F~NYwGwi}p`~DmT@Pv}$D<n)vu9foIrLKh
z5;n)J^7Y_=vl99hmcYdK7xj8q_(yHyfZMko@3i#$Y2)T&`edS&oX3jRBcAO%qP8r5
z3a|V|RT0Zjewnz+DxjI|19f%6d-WxfSecOB0*y*pn}<mxH>gvqS<U;dZVCzH9nBl%
zw_6TVRK{KyDwk8&<r<LfGAa*1KxaxPXuYh0s4q2_T&xu%AHe!3m~P>hW&WBZT_m<H
z;?gp_+_PB5R>IBHvSzPY=dr}{IFv&|O<fKiplp8Uh&b%h{VVKop!6|sWB%~rfYCzC
zwSaG51TWr>9T|@6j#?2AOCzP<%_<Z%ZeLpGd#)4HcH`N_X%0-lc!uJeuE=s`C-ALi
z>5FkrEAI!nGom!Hv7!cV7wp+PtaTno_U)1knn~#<Um=hWn?~NFDl%1VKqlS@Ff6@X
z@x*j}o11Q858ipw*EdMO{gZakY|ormGdS&OQ&d>MMB2mH2Ju7<Kl)~M1CFoP@y5e9
zD3`Bc-uL9neb*t(r)^Q$v1CqtG1qVdZ3huoEV*ua*GM^=6&v?>BcLQhVn7a0R_a<a
z0XYU_dvS5^i`l`7!L8=nQVw@I5)Q(WrE-q@;5_;%TE^8C`{?$%OJqLvR<eTozppGt
z4JE>t`I5>z-K%5h(*|V2*fj&;{?%o@H_6_&6jiE*!3jZ%g*(x5GBZDZN?6L<c&AKp
zPPs>_s%O!^eubTmS2HoW-Qdo;-pru6sW_&;-tg#l$a7f=?Hk`=54Q>$xZM=}H!WMI
zuB{ilGh~j=h#uPuNs}(*`)iZMTbAzfByL`m@f3Lawz!DysH!1sr1F-7szh0v8&lXC
zF5%V9XthWFgT`{Ze0AZ-XwnDf#<X6eot|*!SsqPC8jm`x9(kqJ>Qcpq?4<(ZSy?ib
zv6@ex?2BU8H#@nhtSUYP4kgjn37cTBoO&crm}%FOTWc&Mbms((yl2vafX7x<WK*Zv
z0OKe7?Xb4iQtWL~8{7Mtxnli6ZLAdHim%(xMxh_@JHOJOidE+jro4km2Xs%n+E8!$
zAxL|S8be~SWd5GnhLOKk)*9X<Z!q8bm}vLfk7Ro&5HqNpFx~kP)8f0RB{b(;Tg3pn
zMjvtCdK%IEjy_rC$~}9xr~xH6(*)6rWMs*9_9kolt=9cdOzapaxPb>skb|Hp{gXEp
z9CNqLqhkYLu0x682G_dbZV{Uv9M3rt$S2Z77L*t=uq|UgP}OG~?|H-67-cuz4g1;~
zm3v5pG@@G{wdP+yyl-w1l#>}J)&GnaEAaFU>*pt|;Ts)KYmA;(e9jl!N06SxAhjs$
z?SdL;4!fwn3rSZdsu);W+%9wxL>?%lP`Mu{)KlsCuq|7AmoPLJ+pjK2zwh~Ot13_u
zW95=*x{Q4@dUsF+`NSW>#3l6`P89pv?`1h3qj1P)!)qF<>@8PZyT;pV6mkvOQ|F~A
zuX>ZyZ{cquc&lg`f)LI>R!PyGR0VbkjRXZuPk-FAcTA4heSdw-K+U)%zD~$^+cw^t
zER5Yr$NbZHvzp2rds$C&xxZNa^tVTWOfagK<RrV;XJHKAv{%!WCcY6)PB{<XLyK54
zMTL{Sd8;^^TtlT500~Q#Uww5L>F**1HX2R7*uQc7c%^MR6zs?u>-AiI5<XRAR6=OZ
z+i52B!H)GET-9Nryxv9L<NoIJG04QvhW8{P6Ja0BA@%M9UT?_CEScXRXKQE5kEQwh
zNYUy{*l1+^)gmIQgwL7YRWV1#Ia4m#ylEr}V8TX&R8tRjlhA9jU-ifoBdppNzZ<I7
zeOjAQ1{Dk)fdxG49G#yvan(<XMlQ&rID~3r%oU?f^be1ovIj=&T%$M0#C{jU6DDi%
zw^N(Z?AX0)=cjexWyk9Ka)$Y{_R^iN;up~u(|B(2OA3Q}hch2`2+9eQXtsl3cSnj2
z9CZ)a+CVbPCr#O(9~XDrmHx^YA0BFdTJ+(v3-L+uQBCEA_|^<qMaR8nGT?cSue~0n
zhR1VHiSWPp*nizykLkrtx^@RW;E|6r^1uCMhvQ3>*}aT%h<dj@xx))yg)qjqbbbMz
z_xSA2u}co$ZYdx3*U6VABi`RaS*3&7zkMf!3@xLoTHLzU`WSH?_x1_4HW@oQx?G#8
zjJNVMThc#2?C3f!g<}Q1r$1{rxDFqb`5~NsPxToY%?ca(^DKj#r?}Yz_#XwfT8eG4
ziY@s|u13FF$;@K5KwElu2&6qlh3GljsSz!t&V(&>E=MPpZzpE^i+PK8NJ7YrDvb}>
zMS|h&5nwuHE9Tk5m0Uaqe{YE=b6{41Q4i*_^^=zCRd2Z&46);_bIhdF62?n>_fi?Z
zeh}y1O@tY~Onmp^N+pSqOM$g%`o8V)+H1P!SOTrEw59C~&b4n*O5qY=<B?%MV)N^y
z?5!eNo|%S`uLR}1v)0SHw-%0-lds<{O>466N{?d1Y+UGq)@N(hk*yb8lWAgK6ydqy
zz2*LKZK;YTjb0eb<hJHCqavE-+n<~GnT&Q+-j85^6?;H&Jg~K}!0}1<`eIv4yTdIF
z-&(@JrJ*^*&zLWcKTSHP5(Km_@Kvz~1i!jBYQ~<b`;CT2F+PG&XX9dxYxHgEZV-vM
zc))%mZ7^j!RJ;B_uCc?M3~Ux+<#g5i#&_$bb?bh|)TQ`o5ED6$>LvbdZ0+smUnIBC
z#+iE(w-)K(^Ypl?+mf{kcLP&JlBK(gBq_s*;$G^z&~LSB$kzQLs3Ta?*`$e88GV!3
zX-%q#30w`W9x=bVkliyt)Ga&5eUq(P39nmjZ*^8OM}^hMWtER!HSh!k8l8ru4Jm)S
z>=R?WQIgIb?K{d7_@h6U14|zED!Dv2AH;Xis@*F+1Q9m7wLWyONJC?&(~jZG649*<
z_W_>U1M#j#Jil4IJ6W~3`Xaa+WQ55~VKzk$DRBtl6|?0#-i8l!OS^!FMAZ?11y{$W
zi;9>#$lEmMz6}XgYT}Vit?T3KL$~J`wu{-`UsvO=f=t!U*eCK>yJIiESVnjpyMqcC
zAHH$v4i4pPAP>Bd;w`0J)3t2nFF+X1(jnXLPDHoI>!Oyjix|}x7GZ<G>>R=9<>tcW
zllYl0v?lh@;UzsOUg3SS=*?Pa(Y+=C`K_1ik$me8<A=}-s=>L6=n~bQ``3`FmS)S*
zBh~={he>4Ca#G;<3rSe_?Imq@DtS%^$sRb21Szw@NOBx4GBz5xF>sly5JbQgKqsRe
z6j1rYgNCx-xTuCsn|A5u1w{gu>u#$%H}26-hGcTRwiXT8=*@d^w~jNmm&P-4y3v)4
z-k>-mja0_p?Qs_@^hvvG2{h@~{bnV+cNxh9T#t0L<E$G#blI!XVst8<BoY$)UxS`F
z>k(y9IX@8ogp=&S=fuy)IrZRcV&@frCv2+9q}TJQ2LCuB56|vZd0&$Mg!od}kcH0c
zMeTX5+kwHaSr@Nev`VOPPh>g%l(&%MOy-Y*lUmp^3O6;ZO%ONG7_7`O3;3}ne7*Ck
zhx1MP_>me<(CFdlGA&_n;jNXu2XEcT<z>ejttFOj4%IW`KbC&L7k<ZtUFQRqNg)N*
ze)lAAxNFLyg6ftHU*IF{qSB8sjsvCQaGqou6}$Hl4<V&<)5HxMl&K<LU6QAH2vw)~
z-h06Dn9>55V_us)Vz_Kfq+i@KSv|)tn8IW-WTMqB-kRc&8SM)z<I+dwCbB2+g|GWb
zJ)^$%-k~?|*+;|oBNh>jGhT@+Sl%LqYw`XPepkkoySL<qpdE+2ljK+4Kb;)LN|}9|
z+?bZgsl7NDQwy3Zc#vhPk>4iy0l_V?+t-QISD?#7>m}A~W(0W(;M_FFQWuIJHE0f^
z>^@#9K9Mbbr_vpD?I=5xz<re!U*m?x6*h>S<2S-Zo|aM;ZNk0pn%0HSZLv)(uDv${
zI}GQdj!4Z}_oc*r-yNh2)jeBLYs(Gn)F4J$oR~6btUbMfOnM*9KP|2BocR%(#h`{y
z)$-?>-=UT-U?I<La(3U;s>f+M&%9atZml(JA|CWgq{mUVWqM5e;uE4-p*^TRvW~l{
zVPYlu<H&wR&un>tNosEysE{2yB;u1}JCZQg+o@)weFDqBUf#=DY(<um{JNwv28%e_
zc7J1~JwjS0wz6&ZzNlo&L5<&5^riiFsBdS1We3XkJvq6T-Z0ZjD)IEeCrBfVh09%c
z(g!lr()^)BMNR2#0cBrGx761wGdDdVNmuboZhq-^zbd$9vnSVk?+Pap>s;3Ua`S=o
ztIK8yrd(=?#>dQQa0;13ngb7+UBytrFT9J%I?G-Wd_xY+sKNF&vP+Gs-4`<Hcg!eK
zuD*Oayw8Eh+d$9G*)DUhZpQCh-okWvVf&XJ>T#Nh&9#0uDGfSHp9*mOU0GbJCQ;0{
zkr2XRc(tF(&fWTgmoW400DL5_^A$b~R^giJ$nsWDHT5?S!G+A1pX;#Mm3vrKas*6-
zxgBl(g<<A{lvKiZ+o09f8=4?Gh!2QYifv!&h)RfOBg@bwbdm@Ef=_!UPl@LPiE(%1
zlgOH^V9lr(lZc#Ik;zs%aQ>KeBZGdXF~{sp{$PBa(4FrR@7hlkX8ntdVQ3?EYzr@~
zL60w_Wz$;EG2FMDMx)`aG_ex<JaGno3i{WAhoWXVK97H=V+es+^iaf6xv1Ss6R4=r
zZ}ItM34w6OlYIt`-twJi&$CRKw3QVf2*;VuwSacead7rk8Axt%bQKB3DpG#Hi0+q)
z(c>oNFIwV{PK09iaz1S1X|I(`V9`D!GTpmxotqZ!_uUN^8*U6@m-cIGvBwjB8{K62
zEF7(?bt6*IuVh>`U42Q-I6Cu&(u*Sf>f@9#)qBmQb{UM$g9qL}C!}X9UIrP##e}Em
z7d$gZx)Zu?CV!4==Dfv?QVpLhPqpn0)D_U($ZzItdc3ZhvsO>S9AP~%`Q5QU=gx(t
z>i(JZtQctMTlpEy!I6TuCM{@RE^#x2fz64KSCsD0?S+Ej$r$tc8tHD=-FyarJuYi!
z>nkn`+}GW%?oMa5Qi+R=PKQ1`4*3}M$f=0moO3U8T<DkL%Sf{FPI!*s?O^qa<yDsK
zj(Ig)=Kwy3LEK9sf|k<ScV;hQnWXRz^3%2+QMnQO=+UgoZXUQGAXC+W9F%b$*E}es
zpALT0*LHvRRWUqmnylrQcK+r~PU+kE#Ci*+=8tGXx`N1X4U%0S>X^xX?e7Se*n^b*
zs>$>Q@eQzFq>BslWmXmm!)9K@X)|f^KMuOeY6-(KPFb`LR4EZswzObmg$KTrR?TW!
zp-*<Us}gp8U!Sv?+1lHsV8kA8?!9x>$n^g;)%R<^CJ*aM;AW_7gcUqlvQfe-u3{7(
z4%FbfXQH7y(|PL!p<P=M_n{FvEvVAE$_V@W@cTY?`y{lw6)#Sb`KVYqzly}S^y?UQ
z&JB`%*qo-^@PlG#uO@)};P_w=A#8g*x!J-b80OJZQ@+Pk`T5`t*3&kNO;r<j=#^i1
zjAD5HM0!DPo6z{MnN{w~ZDtuR62s9qeH!sm(D07$B5OApBabG!daCc#-25P?;P6Dk
zx8KnMD{n_By}7!WFOl@1Vx@)S9t4$7cHw5!yvBlGyVWC49ZQHU5hLfc7afNr2hEx+
ztrW{zsP*QPUgICa*pmn3lwaRAK9Zr8^`(bwTpo?izK_>HI@YecY(Ic~mSH$(di9EU
z*TTtaF2NVB&Ax6CgW&gb_*cW$w@1BsMxNl=y~bv@exevLpy+e{@XaDD)Rii(K!t%d
z9C#iC(v_aYJdgXqBRPHYdA7#p?&NU_oWcBxSd#;AV`Dcf8Czm6&N`_rJ-D!0hBajt
zwRf2IeePZWU#fw4I(HeJuEdj%ABh=M@oh{Tze{M_N16B7k3N6Eoho=zZNcJ*2i~V=
zuqee|T)+<l&Sa!q@E{F-a{u~lC7pu&#X-4yUV}ThcAJTAuZbsIdW8&kIdkz{tPlfU
z-x>N!3!3!e6BKyC4}QB?i5hNk@Wn^%_$b65_wo8w#8uX|Hqa!j-=p!;d+qn;z$Uxp
zkU61=<~Vt4JuG_9UPS=;z2k;37awJTmjQ1omc?D9=Skirrm#+VBGtQZ<ny`a3%yuo
z<gO^-Nj@w6hL5477wQe4nQKF6n{0=ZCHt+tHVu1uomY##8;wU&86~fu_R?bK^2@jh
z^{K{$IXyFtWx>*Qx@7j}47nn=6WumQL+=<#EK%~MtbGrwhi|d>xX&WSome%#v@u=S
z-NQPI1S_ZBBX>Jo0;yb>$XGWP_0;YPdU1i36T0lUt=z&p)OIQ16HPIniDUO958)?c
z`S81*8ceEd5!-PymEQ|K`)&)3S)~a7cKW&9D#iF2gHjJY=+KD|H6)QO@%d?IS&gD>
zTZlD<4-2rHafFx#(1ari?e|l*<lJhLZ)adLjpsDY9WgbCs*zi3)hNxz=R8<*1D?56
zIH~t1=k>Sk&xB_~(VA;nkgi@{o<y?x_?!#3kRz=hw)311SOSN8l;pv;%bS%bFOoO+
zLtIR#NG>S|34z&q1-R!z5C!J98x>-yE`M4Vti9>-;z|BxX#vGnu7ZUV^L?no<xkYu
zP#4wR#7)c;tO%`|LRIw~kJUc&vZST<{V<+D)$Lz{svps=E7CT<at2}(6J%s{ec)3;
zxa9|hF3N_rcWUIMgYGCk!v8`q>sTPcyB1{Q%s;6e@zecH4tbSWVQ7PM*$;!mMQyfH
z#_yk#0wxK-UwTutbuE7`-J(le@f9iV#A-Lsx^$TZQIxopf`X92nnH6Mugje21X(BR
zJvax!+L{f&TXSx0-3V5u{~~8SHSchIT%|`MF$~XYUM^Dfw7RuVt<HxRJ0+3T-F#x^
zJ82UVi=peM!h2H`oe=aJcc?xV4Y{ADpX(GFuZb?VhbjeGIX{iOxH7`Qkbj&pgQawk
zl}Jr;2@tcnBE|Bi?7+-zb(Bu*xNXb8tn9N!i;}*h@nds2b7I((ki?*^kB3H2@E13y
zSEMS<W>^mGnY(pH=G7_v<+}&FbgU$`E^*As$h4D&?fIcNj~=V7TlO5cE5$jJ;>8{b
zF0v|y|4NK=U#|c3l!yZVbB+sRh5|M^>P6p1&kd0d=t=Nr(lM`rhtu}{{Dlt_y;_Ua
zM)p#+gu;*R6pFrrT2^FziMm!Rca$@fy;wO9EiQgmOp$b(x`gv$DJ+EfMyy#-?e7ot
zQIJX(s@j-d;A#9_G*=qY1-$tW)Ck@6GRj}%w-FR^QnM(b9l0^_?>pP8L+|{=^010c
zeT>r)PxwsrQ}Ur|yI~E~s?I?5TCI~0M^I=;Oom!&1gqYFV&8_aJJ?~FXj;e&;qDl3
ztvfAqLnHVh5je^(ZkMw*`GxIepMk#ZyK)EQp$W$1+%0%F+<8HS@rjc;OU0C4HhRW{
z1zAg4lz#cfloG*=Eav(q{YE-i>|Nq%f|IE{tRKP6k^Wj;RUf@~ha#<+54rEe?O$)r
zpKtwUADvk3fDh*=G^@+KZX7GUX&^)&VmADJVK<JQ*Y}wwP0gaFMkDhEO_;J3MHNY6
zBcF4SfZwyoIwuuTWsqQA%e7l~^o`1Hh$z(?NfJ%?^{0;2xy<LCFbk?@%3#&~{Rb-U
zkUD;NZyEp4wNQ9sme}!IP>X2{iy$A3B*i>_>oZN($5QGIZ^YfIiue+mxotG59r70F
za*&M&@uWHIJTItfIi`yxebUPpZ-wX6b5M9{<7upIkS(hIOlwF!?m~@!XHp<5zH;5e
z!q2@-V+H4s@Mv6~BK@^uVb3LO`p}S?&`VkBY)Ki?q+13EFt<C>u=?9?ii;eGJN2s(
z<=gzrAK=bxDMQ1%m8rl38CDe~Xy2)RQD_i(_RDepC;g4eq9d;Ez$wmXM2hQ($gs%a
z@T<MpX-mOeDvV;WP8(Afk<PHh2|ZF0ddXeKA4`%gH9FKkvd9sJS0w%vEC2jAlY#_$
zQ=#{r>jrp1Z}=cLx?}I~u9i>D)qP+}bh|?V4K^+jiz&Z5oBHNeV;i-X55kL;#`uEM
zuUP7#)eEDqRQl+xIZW6OD}Gc;NjbdYv)Pq!$q02S?5SXdAzJ-EQpc(_>gV>gJCiN1
z{}_3z{i9kd=)PbKy_D37v?SJHsD4FZVQSXpLXz%>`vjLrD-599z+KK}B}ooR*6qu4
zh13Cz&m$aqMilz-ki5szl-Azr5plWpw0S>iNN(Jus4>oU0p;C^CBP!m<`*|UQvOuD
z=>eIVE|`SAQP(3$?e}n>&lhQ>H*j0{xU?K_J-t4J0d48730<t9-WI`jG2i>J@luDj
zlDh;h^wJJ5?^0}9IdgZ1UU<HH=4i?ds$6PIhu{N)hKGxKSCPCoK2z`G$C%YjECN3a
zVZJUaKD!X<m>lrtz0XIw^`ff0&iW>id9NPrgRb9~>z9W2m!l>jWXgF-D(C@oid%sn
zf5eCRdK0`5O%e~etLiY%jjazC=T#}G|LUg}s%eHMsOWmuWx40pNQ}fi{n2J6L&jU}
zC1>dEIV{DHx6atHuym!?7-9WbV0Ih-)BBfLt<TxD0|8(=QOxi6OIU%+p3ZagH;g|1
z;6nQ5ky$me^!>sFImw7Qk*r*ZUfkvr_6ri9>rmJGapEZa-saNtqhf4=`^uWI5^zfm
zTdY7irMymU6JpFYz*`;WK`^<;{R8^6I9T%i3-YLXI()7SC50v?9Vd$m4PPE{C=eC}
z32jTMDTh%lMX6ok6gP4*8Ju1);I$X#pn^qOzeAQ32*g`{kQ?~+P<F2K`6YRi2Ksc?
zORuL!I10ZlNxZ2!(Rz_?nf1EgsxoawYGaDwqI$D~mB;(|IQj#VA`Lo@hqB`oZZ~My
zJwy7x#R+M$kV_QT@_Y<($H#|<KJZtgaGNx1<Wvs?xBR-SY&A*K7+{6+tx~46Vs+ZL
zL@-lLHG@)te_)f9K!1<@Rqtkv1Lq)-xUzA4aqM6;cN5vnJFUIDA|4X5w>9viKrKJ1
zm;~6t<|dwBx(P`IMB28$NmJhrzb{*wwKzZjeeeBaW{#b$LaHn1lkM&71gGDmuM!Lv
zR}Qd##|z5E*uJv)y`y)GQ(r@pHdVQjBQSoycK5#G?%`($VSoN2uFl%mu;<c$LTdC?
z!>ACu-_bE%x39H-dGqu5d<W-2=K~Jyg-j7vA+OzU3tDwqUoKmEi2nH6a7pVS&j!&m
zkAmMXzH;;4cwnWwf;6O%Up>0^A&x><|1+YGVI+ekee?EHEw7}6Bgz3RZ1W`v1!uT*
zoDG`<rN{P_;@3IFYp#i##W?HC;L>TZZvUM|GprHK=p!+vVAD?{rmk_zJAH;F%*8>+
zT|B#&wS3K^Zhc@VWo<hG?j0A-%4Yo3u-?s`aKycF;Yv*yNK3r&31Q5p2Tz_<Tj@(0
z+g%Eu@SUvN>IquWTa53*S>;gG%2g}z>{Wq>B&9FP39G(3bfVx?oMY?Xs6`8EYHo;4
zn8#xabb0jfe`+2U)!Dv+yS?X}Jcy{z@C(Fz=(_r*{^+}ELNGf_chOt$-D1?*{pELg
zG!%+GDVa~(E^>r2z;uf1E;K9s%FR(r{7vt#pmXOp6;;8Dr1f5&gCorpu-fFtA=^~F
zLxsJCwWE^Z-i7|zj~E+W6k76=dnfBeV<>Ryi&5Q9Lq6_?|8UO_@WlXVC+`+qTuObJ
z(nc0`Fo5Cav|=Wp^M5S2YN9S~YNd5a)Q8wE;l71Pn<Rw~!(d7)d0c7T1Z17<M(SdW
zOmY|L<X8P`H&MoU?_ROjMZK@nnGM6=go{4EKdWmZUZ?6#!D}?8RG1M-6-UikZSGA`
zfL;Ct%RNYVNVyZ0qfIV>|IYJm0CFIw_u)(RI`b{!Dq+twNe~qgH1y6JIki=_Nn8EM
zTXec*ZaME36x`8YRj8l5Ms7!sM(^gQ={>i-Kd4?}Yt4LrQ%yIuG0mO<_M%VMiL~jM
zh~FhtL>nz26?}irl!l}|`O!gg9>d_pmzh{*?)F#eFOzewjM9)j4xLJ%grt70nBLhN
zWcb0R^Wd#;R_1j6toYzctW49)7|5>HrMCXgQ}^Z-(_fst#)x><?x9>9qMb?ulf*wF
zdFa7!eL=LJH}`ul^FB<#K};$Xsgil*M*axN4>x`q*%RBhLzNr?+_W@vh*fGBiMWLo
zp-r}+3(p8u3E%k)m0;h!rqfkl(tadN<ies*SAY*|<}@+8qiF1LeMf%V&P^2GG0hpT
z@k_a<UTL!t-z$)$2=xPK+SpSDHFgQo&u+&2m!==v$3OgB5g+!N0ZAxsk#V=lmN}%%
z{0F%^F&-BJcU-ezIZh+^x*_Dd3GTNb_VJ5Mvsx=v4lORo;WQsn%wV*pQ<!H(%s{mb
z^-;Lsx?3FKUO4Hxp9<}i1=z?I_}|5W)W@gVpWClIKlaa0?@ZQtE2O?{KCN?mO8;bs
zRje;pYrDFle`^r=wK{jNGE*>c^(E*1d1Wh`!%^H~!ZO@Bm@c=-uV15;{$)?9DOMvB
zX|mcH8~jXmvAN32ba361!)SK=BjMubt3lG?UA1qgU8l!+CJ3EF^-EFlQ;K^*a%^~d
zn=X4V)oFr*Egq6DZ(QIaR$NLM8<1o3)j*EamPn9`h5l~UFXLpiExDE!9waDZ>GMjj
zmrAerevrhJyFJ!y|Az5U#Yd-c`nOmKPx7hxqIKHsXnwB58H->UqAz-Z9vYH;QY<!Q
zwWY67k5^*TYb)8@sZ&1K7Uf7~Z!$;Kdmkihv}A4cj8v{wuiYnTY8$A4rrvsH(W0Q}
zyhU{E^SoW%aAv#slIQZ`F2hRY>T!^=59;6>8(Yn@`>$*klkh$n+|19)dM(+AooC|Y
zVPAaKRrl=i_&{TH?Fxs0xbwJZPERg@JEgN;DB_YclLNBqV@0CDqP8CDmFcIG<RJ29
ztr*9xT!U@9RJ&5Y&4;NMxY=wCNj4gvKlR>oqK#VD02lRXghi%~MtG(8#PX1u*fjOo
zKV!rmQS!b%QFYpH>hKL6)zMEL#X7Q^P1k)ssw(dAIFue7ezA^wcW>ZL=92!X@GC*L
zolfXaOcd&Z@!E|Y;di)ao!G_eksYJvCvR$$bBR)lfk!B=Jt**XWK=5?n*4<tVz&CO
z5|#5ta(}-hv3O+IEUy3d&1as=_2n!?=~d54K+{hKrh}qhBs&Y!YN;ZJx?{1w>z=NH
zE)Jk`BX6!JJ+@x3rPmh5+O!i<?y(4HvW=hIb1^ciRe95z;;25(Z8vb4w~9L?^-!l{
zruwO!8}jkMtBfKIq3l<;DU_{rz^3wFyi@U`^W!Y~Uv7tfqt{pXu^cw9T=KXM11I<x
zWAQ%Wdy(ys1Rm?gTmptJsmGTbE5K}3h@st$suCccDVoyToqDBW(6g17O#6;!_l<4E
zM!Z{b%umsZVScmH+V9iUp4qu*LZ2_p)N2gcHne0*(z7JmIz<Atlnv|b{24=!X*kDY
z^}Nc|8tZAV+#VTz9RBNaS<++L%&N@kR@3(F7UJDS>ETRAZC0)fuQ*D*huA0Y3izGW
z73*8BTzo$BN~;c6y=l6@FA-H@PvW$<t8_<o*Z=VTg24l-YAPA8t6ks~eV;9=)h}o!
zlE>b_MS_`XVDvYM%@p0D*Im}0ueN<*@4p4zMfRqTL_TtbDs(2M`h+($GgX9ew2)qY
zSRylTWnDLNaj<B1pq?q-<U1M*)A(d#v)DIJ5_KFY@0^iMzhV2zW5<<M55dJo9qG_>
zKd+6X$E7~DQCaq$RbFy^>%&&R7YvSGe0|b}pX8MEB;{!J0;}+Konwv?w(r{IdW1M!
zuRDwj(2rWpn9D#guxxqt<5;Xw;6OtfG-B0thP~{Fz168B@ripr3@w3ec?z-0gR$v5
z>*c5tR_N^{*Wx)Y?xtRYztw0XmW=wExX{+jQstUA+4$nq+_K~h<;J3S)ik!7L#2=D
zr&Z7kNWIh4rUR`sk<eP_aFbrn<_!6U#Ku=e*JFt66#7K_hJW|#r*}s**~=5N>Ru`-
zD!$S#U0nVhTt`tzJ4eZZm9-J0`r%qI)w8fZ_4r8ZIfV)4^}d+hyFdk_!lu#I-~QkM
z<D^gb4<He^s)qJ^zwp1RvDr6<1DD4#fk!+j3LU6PRF<zZHxHF4>>Sx(b~y*QL}YUH
zova7T%dNw&kGntcBKM~c*yB!MW+E278wTwqT)A@8I>LQL<G>^PBlgq&G`6N=ius}^
z>l5dTE``WS;@~R-Vp!EaN6%3Q`Ssl{>Id^*oHTj9$L&1g-U64TR_o1W=oMa|bNFaR
zAV@kaBer(c=k;5Kj|`m>uE@BW26>Cj<EY5T`<zHQbjzE?o8wW+$xm`VPvf!&x5D5i
znufERR%LFfY4Xb%n`7AW_cP1z-%kg2m+*NfHr|S(Ygr1F1Wj+WDlf|zXWo{<Jd1)k
zQ^OSIZ&u2fBtHCI*gE3UD5J;C`)GAUlZo`|*V<kz4tV^w`|=Zm5J{sw>pXG|y=q&A
z+|8!aeqohgzrIm?T%XkZ@vaT2XA!CJuvSJ*tAo@s?79YeeVxb;%OysIDtka`)u87i
zGM#?8_gCL+aX^Hj_9t{pSFUWA!pnEb6NlQ%L$-8p@jB68N++G7<34^paG?leG?JQU
z!`$Ge>5LPt*cvz1PN(-wPrX%g3opq762_lh$K%`c$#?OXcwyvcLHxr?>aU>V$*c08
z*ouReml4pXH)`eC1F)zTrb$nGB1-(5uf|aJRwi_0znG+|26p*y2t(Bw4s5<~C)EfS
z;VK@@fOq|&b}6)A&I;k(TjBRh$(845Dl%ZL^N07hYr~7Oi=uvCyFCS;eRV?I?fS0N
zchPVryr+=OWeN3c8-HN1hl29pepdv<%hf;qWLvcLTA4Kcx{A6yXZBM^B@3D;WZD>0
zS-ZXRk&fL(>{Y}LahV6$z&<7o;TE>~siu=yur^^=Z!C}DZnd1pC-5gp+jeOe$7@V`
zGBRuW)skIx<yVD#J$~}hamjX{7WrgI=s#C%!ua_yO{4SpO&9qZ%1j)qhFzaEmNbcF
z?8`j3R;(q=s{2%AY8XAK$eA8x$DDXkFFW<;%WcQtq@>ipHVbc8@ku}k3~p)_U$p6k
z0Z8EvJ`6_|47!37-~e&p6oWxwxJ?caThnncC><YH$PMDh^@W1^aACY4{U)1Y5cx%V
zIQ-wMM^Px~>HTM?Klnoofg^CDMIaiS3I~W5*Hj4##$D9~Ix?#QQQ_lQ^ns2FszFLP
zGXtQb!U+)mO&n=3=+Xrg5{|@O3kJb(O9!B2+;}jEy(#|?6oHS!g#v91e}cMj(P1Ei
zrX^mGF(+;&A9RTT!jFc)ajW@2qYxcX9ImMV5G14v`ht%WE&}m4sp*3#@o{9ufF$1|
z&^P!s1m<6rVF(EF|8z$3|Dkg^KR660SOs*Y2LZ=`aIV!rSJ&X+I(*ztHP98q8a|N_
zPGRg+0R$QtuFe>sfH?;!9CvLTXhq8jiUZ;3KLV}BxIy*!IN1q6ZB8V(<tjb$Uj>j*
z%pdYm|H!9Q1{dRe4}nf*l)>8gINqPY&@EKK@i?X<K(bN|=obsljvsvK0tSM@;Jo<3
zFkIvqC>n==fZ3Wv#z7PKxK$XKzgYGo2p{(b0XA$}4+Cw}g8=4F`Jl_VBPB2g?nVJ9
z4cDX$w3sOXnd0LRs$hPcV-Y9|cc2PJ>LE~ok?!+JL75=Pe@GY;1aazl015}te@Fxq
z1oaOCk_iI;2SqVK(EpHVfZ;Eam`@4=aG-FZ_rW`4r@#4hpXu+unQ&feU|kAgG~_Sv
z@0Lusc>ughjQN`r^Oq1N4Eiq?3<j622^MO~QwOsXQ$zkf27&y25CZx8D30C;{0O&d
z0+wl-Hv;nmd+NU$;Z#ik__Hba3JC=Amu5^52<-1eP*ZS#IE0`7FCoAM(f@q@!^MC4
zi&poUApECJfBJcP>GbL6-zq}*|IvdV{kL`yGjIyv9~cNPtm&;i*aZIqKMWut55R;3
zgh&iOKT;Bx8w5;&oeQ{?`X8hT9t^&B0e2}9d=G~o0Y>8HqQC^WfJm?au(5v_3l_i~
z05nb_5-f;wi~^{()30Bm0Cw2vSN&*!Dn0%BJ{tIX>-4L94EQcC<&^3?r6^(m3Ka`b
zPfn?dQ|c%NU}la3-kf3qEcKLHiUnj)#RHUK9Ds$!1AJqr)UQ)YAs(Py6M&;#r_|ah
zg+6^VNd&%Dol+l9DYnx$l_a1=<|);i1jgWKl7OD?B?DC0DOH;czMGs39K3@Av;Soz
zoK-Sd4wsGt-}&2qxS7-M)F}XuF%EbOPXW6Ba7y6=kB-MFogVNwrFu@Oja1;MKq^3)
zr-3o}n7{2dnFdDV*wX-1IURV*P6L>F)4^#t+H}Co$r<1*Ttqs6Ifa8`afTUya_9(f
z5)PUPGy^7q5EqyY_QUOF{yiszIDs6nE3PmLjKVGDfW2{&*#L#h1-s*Zol+8c;Cx(V
z4nX}ifh_r851dIZ&~_*v=!HBFI1p3-w!kgt0U}uo!KS#heBfwXA=nzHSO6T=D*|J2
zD+K^nT?Ght$^-}Eo)iKHD2u@^IMyP7YAFWW;3kRy{W!A#4FZb+Y$^+E+r&}=9wog5
z=Z6DJ7K7l&{jLY!1tH)#fd()e_H;R(zL*{`5ubiSfwhVPT>13%F9x7!4B+nn#SjP-
z;QD`JKwJ3fdi@jQ=SLtg=lVk-A%FLW{htt^F%og6Lw<e~5_S&5V9>yt{8I?f77Yj1
z+n*ReuyXm&Dg!wk-k*Hf(-C8Uzdu2sAp{CNUD*Ha5RQTYLFG>jXbXj%QHCD~YshmL
z3UyXNpe-DRJtr82I!y_G3gHJ-IgO=%VnAc$X~g*xJLN;3RT@wab4CWx7KQpp2KIk*
z421!K?`($%)M=>wQwY!)gE-HJhMZFx4L{o-U{lDMDL%D78V)-<5*P$_&eTwT81k%O
zfbX2CVQ_xP*%3qe5oaBpAK-(*u>Tz$AOdw7*#9$PC_f4g1oc0$Q$FZ9rBP_e*?EVd
z(6BR82V@N7X{Gd6f7pMP-6?pQ|NayLq!h&eLm3R>jNnr~=)WEQuRj##?8*UB5(aT*
zAXq3A0yzspAaKlC=Yl{`2+SEFKwH>Z?+5shkTXIcfMcGGDL`8U6vhP1Kk)k32~Qc%
zIvfNF1HACRmH`^0;AfU1z=u4|(f{oafrOo%P8hIs{>O*?C+fkV{O5uS?9|u)+aVMN
zER!>W0Spd1Gj#xlIBQh^L!Pq&7YvFzXI2;#b6Si1IT9#fXdHekm<9_uJ8<9-6nVzt
z00u*!aT5SToQ-J!h6HBetSA)xe+K&3K0tSW*#elbe`gD5j6t0<2Au!w3_@XW=vkKl
zFhHHNg5mJ9p#|VWp#D^b56~3=k?3<X14o~hT>mv19D@^W1B?a)(6fhta{t`G5zzl;
zhf`4qI56Tf-69a@odEE(bK()Gzt`%2jD|q}XFz|A2Z1?19whW^`T{&04mmdvB=T(R
z1^CeaiB6}h3<^U5De>$`P(ao_hXG>FVTkjiL;W+lKRp77I_Ip4hG5UTGa8CK=Q?Qk
zf3*HfX*2?TzC#r9oa>;^g*GS*SVe#H{ZVDWFwpZO#+=KWKx5>2WdL_SCm4f){pp{l
zN&_DA-*o}l9{{1}oDitV&ec$Ge$=^D3g<_o&Q2X1!hbGB!cPO}nW+P^FamovngFHX
zxy%BGAkUc^4ir{r{R0k!%5y@X(DQA9@%}T#|En^9=!t@!Sth_FA<v~WAeKYV2tG~q
zh%;6IFzDI33c!%3yU^3uKcNcC4}idg{s#mwG#dK<z~E=*7y`ra!_I^o0E3;KcL0N*
zEp>rf5U9Y;R2iq>*+2(i@UsC4z|jA7B%m;bqk(e_X9j}6@c&;*`#WMo0PKIx`oAgz
zfq`Pqnh=3Gmw_NaCOzHW|6xLY2nvQeJrQsgJKd+B!Omp`ERe2|=Q~6IeV%EIf&8^`
z{!fPhcFxoo2#_StwuJ(ljdK_R@VC?W_djRghXBF$Y(P52&gLT^`~P(g<G*cz9n?7?
z7{E6F6%6GEcJ%+_`?tyfK<Jsd0~pWkAOH+?)-j>LcII4I22RJEop&J9qRuT(ECdN`
zn$Bo=I-zIg4k)XTkpF4@?}iYCI_v#VppyT;(fz{*VCTXzz<8P|jsG+ufWgmtFo2z}
zjiAtTjsyj2j&s=#NOw4@ZXnBJ&IL&*9D3G20qO8_J0d6?*twpu4-}{n&a43_6amMa
z$Nt$K{F&vUz^3=CA)!dvd7}Z@`%IjJLV+#FIb~2lMR!&~Apiaui2us+P!y1s&oTlb
z<6L84z<)LdW(bJksB`;FVCRoM>)TLZshr0!*wa&A|CwnRKj3)hFxc532`m8A`3e@o
ze|om>zx@Fr_N>doAc%jWJ<Gr09>}y%B>e1%;ZVT2aaz4#5iArTAt@>@Dg}{5OGrw=
zF`~eR2Us?uqDTxv6e=k$M11f6mxalIm`}pdOx)VS%+AHlfr(F2REi%hCV_^+C844a
vF>!tg2`ErCBY+?R2!e|f3keasxSBY-dQv%CSP}y|VqhrZ+qWf^rHKDONn?h_

delta 35395
zcmXuKLy#^^*R<Q-ZQHhO+qP|UH|{of+qP}nwr$%!&w0Q2ClwX3)}TgN*UGGli9slh
zL5Pz9$T$qPA@!VUyy^DUyv0!hhXM&8bkiZ`g%z~g!#pV(zBT}QNyB2}Ig5^Lk*On)
z42dU^b9YCv;KN*93_At%{WjS?YE67fA$mT)S5td`&0YmOTGzjSa#J5KCkf%V<=GzQ
zZuNhgKQFVdHCw&EUj<^|a9+RG?v!BWB|q~4c)#x-t*M)rlMIcjX^Ma3DHfx>_Y;)Z
z<7aeVUX)ouNdeZ{bo=utyiV>4y5hex%i%hR9(0;4H#}`iw{V9!Y<G-73ozy^_WMwo
z0x0#Uig`Fkd5`AKNi_#m%?*vp@62^M>Bx;JUp#}oGBsM9x2{31zTSxWT19r~?s#qh
zcZ)<io`%gaS*_cSv~0RO&H;`tqY~x)#LA=kevfpS;#CHhnZNYT$4a_~1vc+SY0t=E
zKYZuL>Ay7^c>?6oL$O=z|9WVARX{}V!f565fC{)IDS>vGPUc6ZCcU?R21tpX4S0m{
z?A)gU#WM!1oS1WG#m8vLi<i<!SvuDM!8s390+P)2*8r@ECSl}YCX(Arz@w{qHGu;0
zU`_lC2MwLZ?S2h@TY4cgBChYS_;1%Ye}g{4$rLR2Phk_s0O%(t{ZVLeetwh=9;3qh
zBGo(pkz8N5=uT+y#e4z=HhqPe9io&4f>wj^4bg*h+mgmaf|3qd%9}TMYqK_>bqg;L
zgn)Oux_q&{RUu9)Wg?5pt}S7>7QVUk%g>n&6h)MtvF^I_-$!s)tqO$rWNQCwyxfQ`
zJlL}jXcRu{DO|X<L5~gbhHCr#(AI^nB%*TLz;?IU6<!%V1$kRx6;uDd+|0gSN;bfe
z?8zs*%IO*Y=fW8#<9zU02Ra*2m~)-7R%|BKd#tvtT@aGGNA<1#hWtimv@m64JlX9b
ztPLOYxwAP=r+Cg^@X9ysnFYmg3Q2klt+lm~Ot?a2?ci>Yx-$P6kr8%li{CZt7CqNB
z)8yu+?}HJOq#4ipg-oN}T;(!%tPRSz0f6ui3XAnVXFW{F9!uwVrxFGrB)}UO&E=Z-
z;s3^zV18rIlwwKkF5aMa2{?8DR}Ox9kIfRxEriGv#TOJwzi|=wf>M-;znC4=TNdFb
zA5zK?Ewctbcv#f3pe>65RY<&2{nd@z1j|tqlu;d+6y=h2RUnWVt34#;nxnc~hW1S;
zR2+p3DLbix@3HHDU2FryJq^e2M(WNL?)iKTf>~~3#}0`H>oV#DDjPuq)BS~K!v<dP
zDx6qKnpMR-J=~*bW8Lo!?#HKU%yR-7XGSpC$yB4S0KW*jrLwU}21A#THD<<w2#`{I
z;-mqNo27NxlfgK7i*cQ&bcO~IcXs_udXA?_r&9lx_n9d5NxK4&wUAQ^Ja|V`J7Y5c
zMW}a^*PRF3b_O-EE|}&u=!XRTsaUtDthViNqDLc_Q1W($U#I-KG0jnVf$n&~w#e(e
zZb%%j=-exNqqdx5=LFYlncu+6A^~PNG{d+ZHnbJ3XumA9fpMlASVZTIJfM|$xo+SO
zoRrW5HM61l3p4}3r{n~W;AG5xl$qE^o3JqObU;yLEm12ksfhiTOS`+9BlG!2X&Nt3
zp;b;a=Od*V)`-3BOx4{a-RXuwAxvFYj?>u}R;PS8diN)5JVqy8H%BYp)UV=|-CfFE
z(NttbVr@2la!HcgG6LJKRk=C*hG{v0+v7Bc_B7+5pLZN!lgRNGyh!V{xI(j+Cimen
z;&DGG6xCYhX%SMdJY952*7`~JOxMyeEh0;1L?b=kMcDlCIaEXey~~e7;CMApk#Cfn
z14fqA6K+}5oegiTVwaw3lJmV`W!I;8q+^b6)esAc_wwp!C64q34T3D4Iei=FNIz+0
zBx+-o3*{DIsRqSEGV5Z|Lr3lt3QpIB58)<g0;!!$UGt_r$X;5jH9k3)`HiKjvU=L5
z&ZQ#Gvz(+}U&p+GrJx!3Pmomr85nqr3bof&AmlL!iGldzxNT5xFM=}~*qW>tD;REC
z7!45*+Q})1I5UsG!Y{B&7OP^H&a6gkB0OKA3?c~-5IKz=lQM{8DKbOI0o!UxGcpXY
z>Y8>mSkN|uLulp>_R>|AZ!O!@?i`<0W@=lAHxN1S|I_t=R!BC))mBS}HwYc8x24aK
z#1<xN2YnFPG&6lGMa8|$qDSf7@kaoDUJNloj0y5!9UBPJJ07bwpLSjviDTDb=m97M
zyY&#DAfF;i+DaY?m+Lw|UZbK1+kg;EML5kD?$5k-Hc}OOPz_aESfLHL`ml0_dHMN_
z`6aDcQLM#@JQToMuL@(2kV_FDpvH}M52qSz{AE-cvyZh$pwo)~5cHmK5I<&yqJpg<
zGNMU+Cg^Zwv39hEF-?@MMk;|~Pok6tKT8F`=3kL_kgG&|+<8vWjoH;Df|NbyyP3I9
zJYD@6lJ5et+1h%%K7K6LbRHBO`Tj1+TMkJsjj+0Mm>q22ZX#J*W=fD85uQ;WA!Y9p
z7#k*fk2{a2>$^p%mu>c6W<6HX0aJ*j>$_z2U@ea%QU~fbvy|IwU>-r02o9mTGb;gj
z<41iF6+&<QR-vRKe9a|Zs{r1<sGVV&ychzN1na;$lc7cy3c>sh=cFA3p!!Et3J4V?
zfZ@D(TQdEn=fJ3{O;NBc9)STVF6YOdL{la37241DFNw$Km`@R|MR%=%F+P$AP?BeF
z5atsSv@K{vMW4mbqqbd&x#ecQ!Tf;Zl+hsKZAroEe4X5z?b$gvF6Nq(wt=?hCb5*#
zM~5^q%#&!5<}y|aB*=cs5HTN5k|B6W78m2XNgt<!p=e<@hqj=Ilo<E1^o|}p)3qD^
z2r)sZjs(+L*)w>$^_yp+cQiD$baYh~9c|OkKbG^wpI=tmgcbuqP5$fe6?=eCR`yec
zp!Lxk(>>fl&kspuRCClAq`<)7uQ^m@VgxhU2=@|Q;}Yf4v_jO$cY0@@izpPCZ&@Tz
zyAGvp+qlmF8k4uM{P7xv(cxR#P%WDo?!pNrK%D19E|m@35h_#_P1_a!VIXH65Zn=^
z;(oNZ)0AFg2lcRJj5+$w>Lh>%qq~728$1L<<yz9i`A<dxT#D19Fjqx<CBMqyN8Nk6
za}+ufcr2Uf!H^etyrc>XB`r)AIfW>=!##H?D|7L|${c$d3blu#s#7VvTI`3Q*93#u
z0P`SauvVy<guS7rNEVYLOp`V@gy}GFz~7BIZ?=Qi_fbQzOnhiT%^1K%>EJ^|yAOL`
zP3DTu6ad}7-$Bt7EywAv;<dVZ=g#)eh+RcBo<x~$rHOB+^f}7A#PbyNPkjI<@IHIy
zBMF?vT%d>)Md@v1UN5-?mMpx5$mKf|{yV-!_+%JhE#ky9Q+{d&gAR9%XwguI^WMZr
zwhu;in2BhUp}^*eHw9q5`(gWLKBXyw*g&#^SVR%SDF`N{vsm;!owau>RA<1Q>OWF}
z;FkWyEXy9syFHttM{NgBSF>6OEm;X7)FKle79HP2AIG;M;7|@fB2JN5Jri#?LFagr
zEhYW@gPq_$WCRmm<e8K5OO?X)zNHJ3y~VQ%3WKyOn@$u)tpo7A;yr#jMnC(2^rFhc
zd2XwF&uku2f{RbFl-fUdW6%CJ>XrO?oeyS~jvcG;6A(DoNY&Xp2~*BIn1;5dc`OWW
zjB_<1)Csw2Vcpo(M_QbHhkLR!0f9<zoyK{xVx&7f;Sg9199k3Ms4;~zw*;k*@Iv`&
z_!OXE<F1A_vrlbG14e{pA!H<UFt&zf=HOy$6ouh}hU*&>cT=QftJgm<rut0`MWX_H
z7-{)Utxp3+fo1=H-Rw-Pi3?~#0GX&Oc9iYe+A}x94;85f)4}5Yn^EG<zP?t-bux}P
zF~aqu+tVy+os{bqZ~FwSk;Rq5izSg_l4hRC^V(JcdH7zbFDj3pr&9)p-`|_3&rF_H
zD1p-FUjcyc<j>LO39bTDb1CLQdw<p9>g^g)4PWcVy!$C@D_|2W=%~!r;LUULek;2n
z=JW0SsaImCXmNCvfxhi5&>`ESTBatEblt4!15r3hJ%f-w<V-u3$kOR-@@7Jd=;JEE
zp@eH=^ku}Wr9h!*aM6I@&$|=Q^?e7cdXeGs!yvTp^}OAi_<-&W5NtB7std9FHQX~r
za~`LT3-HB-c6B0g6fR8%&d=E~jd_!2fl)XL8$1;~x*-ahYd{7^!V+eH<q1fGZH_zl
z11mj0!c}*yak;=I95+%VL~WPSZN@qWRzzk^2!nR%RPqeNaX?JZlg2nuZ#LafO+w{C
zP%A#UGN4^Ao1fGKq}2twf!Wj7h{#ZYDWlT?H8=5l>X~5Y#HD=zof))s+~aWiebaz~
z?a+h-Cs^|6Rwsk^IMahLH|#6woz)>-SHK{o7A`6zcWAe9^V$rUffz~mIJPO&s#OFD
zlrAv$_~xq)&?IYu=Bi=^$6G8JP`cd|+jP!SyJg!8ooku_Y*BJxiq}q5o9JS=5at81
z$*gqKL03s9JUl4*!}#uPj?{4r=#Xoq=tFSCi=0B7WrWEkY}cIOG<ZXnC$<Z&G1m#q
z?Pcxdq<vIViRjH~R%oTf8#Zj*JK&#0ILa|n0;!KJ$n*;1tA0EWx*KFI^JDv$IA(CO
zSfxf9jKGxu(&=#(j-E9ee=0dhs_5XpN2J4EY4#OLtn#(acv%N0H()8HCxXqNJxa9#
z6!<u-x{!2_D0}Ar4V%YAOEkpvo+qrv&7N~h7)~*AmCzBI^7sslVk)gurVPRQ0kvmp
zFQNEi@&Oy?eQ)91$yeOvc|Ge|ksP|??U&>wqjVzx>=Wq&Ku1XOfS+pC?PX4QJV$*b
z!jIA+7EDTAeVmt=-l6gwXzpPwWUj9wPBO5`3(i&q$ux0{GQw6u19(+og<A`7CeKvT
zx1v$yvi?$Qp__CeY}q2=)}4u%<#{TMFGS*9LT9Q_1-|wFdaN>@#-dRBUtBMFlP=lY
zHo^M=f|65Acaeirp&)inIRY%(pMb<4vxjZ;i-2&qeUYf`;Ho=k(^-UX`J#A>^C3I<
zjbW)5Bxj1aKp@DQAzD=69ggIVWFd9;71dF-zJ`TuNQ*1E8nPSA#oK2SdEbI0-U)0V
z;2ZW(3;;v#w+Fp#o?Z?}H!@!!7mqQaqhdXPwt(1|hnSTZJzp!+);x+$(tFQWjTgs%
zTW*5Elu*l%J_S`%L?1JcB)eVg<tOEbO2L^o(EE(%SoP^kp64SFC`F5LMk}aq%xjA2
za{s7H_C>;G`RZn9(@@jA<f`4H<lvZ;^y(*F2Qd<bhTHu$fK*Q|x3EGw_5D8H`~)fz
zPq35WlOE-aRJ5m4V<(9j_)i-naL$1_azf^!Ql@bPLXSHWyPf}}9x(RA%S6mNu?}=!
zLB&OG$|d_Ll+J#2Tt`3}!>L*Q>_2hXOI~68PstLy@nC@2636jeDV#PNNR@qjd{on6
zU;$lU0LHI-e~~oDw{HUm0RYR_?Xa%+>~H8#qA5NjFd#7*-}1lp2cHJ`w~?CQ5Cl-m
zqMIhPhaIn?hObkU0Y<fx6+d9lO&f9W!YY@A-dbXkt2b1}7N}ZD*P-sZWdCh+AcZ%8
z(H;zUgu$WaxEQdW@}vG4;ui_#V&hk-O;o`g%IFq@TvwOVhIg49c?z7n_I-Ytlwn>>
z;Wwyomt?&L5~zCC<(_15axeRRzX4!0mO_{A?QbBGX`UttU57SDdhujs9@6=P-*}G~
zo15T7q@%@E`{|vl!u&6&h6KecIvXvi1lV8i&Zyi<Nzhucu8n>y6SIdqsRbOrDb}=P
zn`AU|cR$o4BOSBv+h2#(wa?ykfmi5h+<WNK`LFrNpDT8)0--FQm^F~zUJ^hA8>ue|
z{X+QwI1zjB+}6|-B}cqWg83kfG2J-#n=h-<BWG<0RQRAV&15O9oarzZ;e}#&f(1+P
z691vnxg2nM<Ms8~$Jd75=7U->ww$#Ll(;It8q7FE3K*9x7#xFV%8dqQKqO_(d5TwC
zf8`c$dH)@4;L+3Kv1l&{wjJP3F+huQ{|@xPm$b&>cQUzQU|J{MJ(aCw?GE^_wm1r>
zlS^!X9jIXohadz)6U^?Pdup7kG~X%u1HBaADc<*>CPyt<*Q3S=)_sVvB!l|RS=l3U
zLLeAgc0>yHFV@ZZm?3vDbi#o_yzpHHVrV}F_VCWvs+@+vLkK>2+*|;95B*h4A#3S;
znxF^1uQW+InHV9wG?TSt7+R5*oxPYevQ=ER@ScHs@LEW;oh>kgzW2q(RVH5!VeTsb
zTTv)je2|YOHZ4m()MpZZOI;{^qqu$yInyXJqGQ?Pe}iG@A6&<TEo`YWd}7ZdSg!YT
z!7v0jTS+AWQ<AZ$6L<hzgqyFxfxRd^UhaWCZFK&uBL*3kojmP$j^pTyhxO5!F1pM#
z6b<AH-BqLehAK_<U;*@6oD@p6*fO7*YOJaYel>-Z(QBG|$f3mtZ$++ReT9|pxp|a4
z9*JeLzQ};ewxAl29HNv)+6vybNrPOFjos&9qtH(&eg2BFcPoIc<dcIyRh{7YOE2>U
zwi%1Yd1lkC(}iws6;@9{F+B@<$Hm5-cHZ6|S)bQ=E<3KLJO5uk+?$-sS?v?iY=@ig
z;DOp|j#|$q{gHj;$yATEiX_ZuqVhUNZ&`xfzaCD|L<iRxzr&;sePyy-Ry-%&#A0W&
zlb7BMX^@uk^M}MxGID@kIyUJt)b-m+_WU!?P%*Wis#{gK|BaYT*hwREdWTI&07>I~
zM@X3-W|H{tJ&pvMz}NiQ_vo$u)E)J9^)6>N0oTNE*e|@mH7JOzkqIt^US*F_74z6r
z%{w|JN!UZ}R+f@}$EzNk9ok|^<9k&6g-Hd7f5!P`6W@{Px&r`LPGn$W|1`5n&4`S_
zU{h1i!UrYiBxvRg>B#;n!5Xy6-K@Nd69$}dLynU3tcmqvb!E5Ru>WjOQsd*<;@)0k
z1kIWpyztbHXXQ;FAOU^+WCJ}jl#A%x8g{95H06`<q3-N9UeC48rpJ^mZ6%Mt%A?WA
z>w{1)K`MafbSV@o$~&)BfFW(H|Jb$Gok7D0-IQmS3y156V$WOJl<B*BH9xD2d)nt0
z8=npG8BPuzb7fcWH><ny&G-dH4L;KSf13D34*Q=bLQ#kUqAuA{cV=tHI^t9%63B2u
z1+RvpZlFQ+l5YO$oE6M<p6}jzojKXA%bQc~%Oh)XJNTX^I!}Yk|Mq;lFuy??Dmc}Z
z-tO-Bz5l1V(fYP^^BlLkzdkquI|akT^T9H_zF&SHPAwF7rLh8jz8oGbdb5JJFCUwu
z3J$Tct+}~?NSqFtRx0=onu(6|d+Z${Fa%DJpmRdq*_Z99vOi(_e$Tgt`vIW5UMHpc
zIocw-v~~Va1UOng3L^L#&tK&X+*9G&U7jY_Y$a@aDfaIV3S#6#_;?dFYpCf(+w}Yc
z^_+~~F}$#F?T#c4;_$$eIBR18Xs*1tQ&YRN{3%?3R#thEmCYGW9H6uMsi#$!q<7-L
zgTfR^f37-njko753M4+O2;RyWv0`4O$$|*RjOV2Tf8IT_7K7ku1MVMSRVv`oNr`&-
zgMpuHJ~FmBAfEL{$k;-uGqK#?GNG?CGU7Md5;oB2`YWdKm)rCCYI=gkzff_>UYc2b
z&FAIxq(0@-+|&~Zyv2@3)r2hythRPk3kPGWCzEHoS3*iT%%J1-&7Te4O`GggnNf*v
zlq3M&sy_q_?rI2(QG7dZrhF2{DUy+BdBpTqr&83>^0L$`lK&jMkhd22#}w8=aL`<<
zv^YyyC27C>oG4iR_Ya0}7<Rfk*NJ_E9Rq&;x_rM~8g`$jR7SI{Oe0o5LvZ8R1p{?w
zW~bJRSZy0V=<7_dB(9kjfd7H0W`=x6XWU85po0E0iftn3v$c>|NktD3oeP9xO8e9E
z7a!^k-}5UJP?+8iw3mUSi47X2K#_A@rwLz$q)^xMnatMR1yl%wcL7NYSC2och_D%^
zG*GH!OElg0ara58CEN+|Vn#gcSpu4XefLfNkfU>|d!rxihC~-p2FgKVb8R@(?UTk<
z<=2_)TUDrVvimk!w<7_V>1|5HRQI`B$s5qDd2!zOIZdr+A!-`97;*taL=khcqNZy=
znFdgXC%coci7pXx6op8^Hh?>ruyyn|VZcuKim1jG+o}Jq(3J}AEshzgs~LEWr<{Yw
zocO*{OLX=Q%(omtNtl2%8gj{6$`)|6Boqj7!qc}|iLb_wo;CqsX~aB}6`7xbg62<S
zO_oC*I^hmRZABYJ(J#cd^MV-*QFGWyRiyT+DF?B6tb6c%Hhqd4V{mju(IAW#sK*<U
zkxdR{b3L#Yf2GrXJhO2}v^yiRs*bDQ1|rdXLQoAors?tmv6OIvg>A2A`0Xld5K?~=
zF*&Dx$Q4N>Nx}hza*{x2c$-Q-<dso2Wi!><lOhC2fAD}gV=~6IFy|fuHnN~#Zxl}O
zb@sQ(Y+G|`-%N3^Q>|dlqP5w33TX@EW=;FWPZC%QNXIJL#u0E(qx@m-LLMAh3@32s
z&dYHuw~VEHe%(I~!=i8G8}-z(y?M6w1Bk>zFi~x?pLqZ!o1A$$Bd#|`v;THr1J_Lp
zDj7**{Ds8PMRGNqaTvO_CiFk8cyR6<n)v?m+<9UD4rGtg5q|A|!ddK{ZfoYTp-!#@
ziLvIa?~Dw+@aV3;GbE))!<p11<P5+vjJ%l!Npm>5a4}HT05#&S6Fd#Og$K?gC8n9E
zx-O00$mRlg4Ga*aEu4#DH_IK8KuaBQOVd<SxyI1JDp?*iV<w|&RAZ;~aU%*O@Tx4%
zF~C1KVtT_kz!z3EFBIQm?5&&2w?x-H@pdMiQUW=hN()DzE|PfY9mJlpfl%s^<B>^@
z$COT6Tk_n;n;+b~F6*#12NX*GF4b~SSZQ;GUy1_=&=hPz2Q_d$UC|zVM-Qw|y25!G
zqSNJR&xEEp@YeYv%!*to8?FdeRRz<#V<(o*JKQ~kykKc+qx93uV7gSLd(J@6x~pw6
zCgKz9%O-5gh22<=bCW^a%r8$hBk0(ybWfa2J|)W<HGE#AIOLeUnq$Z9A;Pt1>h`i*
zCr|*F`U(;a9YPo&v4%sn@RVc?Ze}W<F3q;}>xm~PDP_VlRpn;fw8cj=%!R03ApX{3
z(2X6QGNx-4Vr(POAY?Y{&4pEia|8kY=(;eq@Hcs$J%m%@ZQf!bpuy!k#f)NRqCGcX
z!n;hPud#@s<Pgqa33fe)<<y1f|1NcXe|7-WC_G6b3jLK$^)_*3PV*c(2n_GQPz5*|
zkhwj1oIBo8Ag^dja^0qSZkayHs;w87i|Qc>W|r&&IvEqtrmY>fMt?hNfLk;~IxkZ%
zB$?>2$rzynUp)gOp&af<u^se@pzUcjWM329qg6W2%R#>`GNi7DxZ8k<Wy++Ql_3Fr
zAOvC3P@%?J1`{3r{am+d!|+LI6C6t<?QAqP&0lAA$ai&fwoh$8Y$Oy-_Sftz&+J6M
z@@kVM58)*iv=#CT>Rh5OI!qVc#ZoH7v{4^bx}f(n9OY`;D!=#-W3r@;bl^rXGb+A*
z-=P$C8P}h92*O7b3`*9ilm^z<fCIp4;~;ijelb_(zJ5@1ptx9b=H2a{A<{i~R~e3z
zT%f8EZff$zrp?NSYL~{(CtJCiokRM`a5`brwC|_JdZ;A;`x-cd?<Zo{(c`k2Y9OI`
znmEfkb(>2d6`}y1NP2?W=wo$d0l>7}2~P2#2F&h}0xjD3%W##urjNn%GtcHxHGkCC
zas0XrC{{G)5#h*;)=jAMRhbXy4yF@P^*wcOFHM~7(IFmFFSU08@PGdqy-An*9|tt1
zFf>EKh{Wt<1#({JJLGOBs&SEnr5jk`{I3kh#QFbRAXawf#9S^>K<wdvLF#MmomYUn
zCaIXT;GqAtJ@}YiB80Q%QPLFzWCL(R>h~vA!y6@kF}`dGQv;n!mGQEM!omS`>aM|$
zH`1Ghp#Bv(L+|(3!zuy&FO<jdaVwyQm)}6JigP8fZDaCOfF7{+48Hg9KA9Q!RO$|1
zCrR}$;V%Znza~Q?0FpWk5aONVuTv6!Y^U$f<?-R;@hH7rV|pe2JUTS&%sr~MHC6lp
z2*m9^jUU_sG@LLY8PwYhH~j_0Ns~szDzF_C=VGW$pNDfm^a)M*^XQZnwzpnb13TzA
zR1(r2!3<dD0Mx(v)nnu1WnIC8&RxHruLlu1L<xJoKt~BAz)s=A5V3&Zpl@FbE5zyT
z)Il=8aa-q;*uE@@nhk|;eSssIrV;psGcbi=?aE9msP@YFl4MB2eGzH=$GKctrVmOi
zPVnTmUdkJi#kNDOVO(*hAL#kb<YuMcqNh$r?Y5`p_BWp|lmf?E8<Oj)p5SMy*xRNb
zE|PcA=}_b>KuSiTOPjc&PcDVB?@xD`j?Yd<ekA#w#=Gl(h;)#qE{uW_^!_qY-V5<?
z;|<9%fPz4dRq$}bxrXZ!NlykUi!a;YB;95D4yMn+(I+RFWhVvpZ+rCG4UQw%uOcLe
zBg>ba3jTZZG<PH%QK#uS7}5$6Nt%=2H4hzXUf2>2V09e*bTDy$(&>GQB}VZ^Dzww$
z2!kZlV3u%)aw7yj1_TNcAx;4tUbT<yA3R}^l3=m25GCt+$D_E9^c?O_JnUTMCA={-
zZ#DiefJdh(Mq29am)vJKAU>K=211gNzrciKi1RL@Z^n@ybg<!kgwNE<$=@THuTQSQ
zYG%O@Fzw~^@3|*?p-_K^y`D00vY`;`*2Upb4-sYyVUHS1d#hCfViy|oU{Mb^>m?5V
zK?N+WSgcQ(`w?4ftI%&aE4JIU>EMV-XGyL9B<B!T{uK~Om`)T;4jhfDJ-BOi%{`d@
zsc3J+?furqs;&CL-%+-JX3Hh%QN*hD4k8BzFcdGe>ZmITxuRj2CFXRQI(KSEZ>k;G
z6Yx>HA?T?QBX6Qy%!^&AXI|4GZfPIi7A7)~LMIRfD0D!_D7R5!L6AFOVVo(K7YV`n
zHTTEr+$u>1@t$$p%}JV%`7w7~3bKkLt>P(7sq3Gp<{&zi?#lQ)XDg)HLK|x%uEKi)
zObxlGUGHBFm`2%CcRMRS9|;VGj@1mAzc0n|59^-xcT;;|<H&6*cZSV!ZR~isWQ5N(
zY+Nh%>eEujQ(_Y){gN!wL=X~;|9IGBxZInHBi4!DcygZdH*i-a)!7;iglqLOphVN4
z)mzU6@#^<S&OVDmeFo^r-Q1nezvmPH2*@O?L>sOVuZqO+;tO=E_Xc_6>aV6Quncp#
zh)HFLn94mAyt6w<qtQ0<fYAJZ>sJEgB-=fuw2b2X$f_@i4O!+pHKX>frl4t3%5gG!
zl4;cKGR#BOc#lJa(KS)`zR~!PIz3bEMX6nf4=xzZ?ob{Acqt8{_FY(E4k@(&=!b(k
zD;Km;^)l$-8ppKKZQ9cSOzkB03u+onR;F^5(jwNEcv*{tsuS4QI2BHXYYXzZ<$W3*
z72>%`<-yHAMnQG1<RP4D=SEiqf^y|>-DoI8x1f|@8H;4<;GjIZ(}KWMv2$A^nqun7
zEnL(8xJr!4AUK9L1~k*?zx0~`-IkduI*WJ;2RS9!FFB9Jx^!ZMXV>V-rj5-QQafvK
z0}Vt!Snmw&Lb!_-zPDp^8d!1LFHjz8;%VtJa35`{q~b9w%UQAkOR7lwH8}Mr6|O|S
zq-(F67~5+0Qc*<HKG(vP^i<Bu7fiAQ1gD6_)=_2D>#EkxunM3QlKrIs1vm~zJ_Xl9
zh*B)p4Mdxk!L{=^FT$9DGb#Uxm`P_=UmN&=ihL)P!Yact{Km^!c;f)r0E?2-3%FFB
z=}hhxX<-3PsyfF}ml9?D@VLT%z=qJYb%o+q>F9<)95r+o+&echnxy(Ntuco)Z~w)w
z)zyVcUgJszP^)ISrDNs*is&v~MAQyktRN>n+Yzk)Obkwg!v-L+#eJQH{DSm*;_xt~
z7-}<*<#pXL`_>Imd(=7in80>X+SyXApZ$QLzreHxo{a1-)F<nnL`}ugb4I;Yai7_F
z6{DOojBWXhE;^@?B%=Fnl}KXa%jzQ~9b9_}q-hjZga7`xXt5Fk#6M+-Fsh-mEmI$}
zYO^daEYlxHQSH5M2J-sIp-+?!syAP#h@K3ySN5P1S0p=TVIvA0_^pxfIev4}MdvD_
zepxlW?O`Z%n&KyW`jBE$j*wjx8>i+TL_?%Pn@dF-8vpL($kBEB5lZy(*dsK+hCD-x
zYztOBGi&aktUbU2sAjF7maqrbiH(65CiN@091c)@Ij%|6rT57@1q;xn9SSc+ReVH^
zp<%1#$&H#Bj+7f)uiGAZwpTdkTu{LmA6Z(Vj7t_+%Z1~V=__Su<bV~SG46aeHx%gc
z@eA{X$|$z~L=?B*jMI<O;AuAu{gyR>4RTc`gd#AQ&tG-}j{mrvPXFHPXS%YT)-8*h
z*~xsaDO1qja*FV;N^>^eE}!Qs#M7^ifF}&sv5TCme{T0H>9Jkrs&3O2EbIbkGDz%R
zoQ*j!<%>=_Y6H)n$v^eCD@==)m4<oB>?&S7ckeojG)ck7OugsQ1HoMJ$X3&WVS_h>
z-9UnkeuGv4()|8K;#e|{o+!;45a{vrBJ8&!<$Uz!h^Rd78lS+~7V^mRc-3fnpm>x1
z%#)OZzv&%iQfxgN8N3gQEUsgAHoB7Subi^rFf@$A^wkbGcy<(x=0^KI@KX<Su95hY
z9-0v6$;q1V5KfDcwM@0u))xF!E*Tg7k>UvLGw|U6vvFpcs7N@XU8l~}KrK*(;fYwH
zt+pwaFw6uD|8(SizS^V08a>0_>d_F0n7`Y^%eqe`;9}rvb|e4gB2$yMVZ38qG?PK@
zGwkbN@!M38DfT=a?Ee<C>I;Rmgz*&+MiGY4!9BE%V$<LI<$ZIBL1Ypi#`8xIALBcg
z^kQuR8m0W280?@8uvt<nuTV=B(hdBHgD!rVcD-Z2LF=gPlY(A<m9#vlb4d|p3fOFA
zEiaWf)F18EHMx6ebA$g;H8pL@Rra|xNPhKHe>DERIkGAbhqe$rp(98tPqfv4TV-z#
z-mJKZxVE9og|-jUZ3ST(J#|z7>h>7l$8ZM+H0giDIrg-UL9<!(aN!JMyU7oKN#!>B
zd808LFR*U9zL0m^i7lruX6<!!Tj$^m2{xuo8clBrt?a{ZH|amfrnb5!p;$ek4<sa>
zpsIHJFCA3hNix;XU{8SNDLnaIko=Vo-z1izJm;LtKJImU?5F`X*|nR@jy@1gVqLfZ
zoFp3ov5zMZ%RSRM{hYM$%_y|eaVmLm_cCFvi$NK)p}=8d1asUt#p=(Q5AYaG7JdAM
zHen>rNtk7%|Dfzxnywm?+oPKJTwr?u)#3VMwCvFdYN#dS6xa7uRk%U_1}{MXGdeg^
zXV(+>c$-ONdRe9V8K`v1I$-fruS#?RxH#OVHI43=8a2Xfvhukh6gxSs6``rWS$`vO
znhKnh1xyZmc?}^$tMOhGU`7^t5|qN9F9bgghC71HsS&I87l8t~&YnWoBS{KG`m2*&
z=>nSFt>e%IIVbu$1!y@lzj=|RBe&0M=+NMOpuxbS4bJdRYOqI^<rN9IucmGRMzBZo
z708WKAT#1CQt|I8U}}Y1f+$4Zjz8GnUNrGd9;%)rjTVKyMD8;(`SS=u(ks?}lC1x%
z=gBVnE2T={J>WC(_KSWnu_p>CY&qi5?!{oLQ|$o9jvMuvx&8eYFRtl2iLNLiiBmJ*
zQfhwq8ro5g0y;J)zKNfNQu=+k-)S|2lBM0O1ypqA_1#pswUO5&U!Ly-Z-=^0|6_Jo
zW~Tqg>|AV#24ac;17xy3M8o$r@CF%gfBMLqjV8zhkZE#2@1R$lh;&Nw3y9Fh-oZyW
zG8gX5VP=>qeaq+hQ|(M&Z+{29e9h;*L#cr8^7o@D{i5N)S~CFf^=Wm+Py-Vbv`ZlG
zi%Cxs+jHxA^lj#kBv%E&dixZ+*lK`;CxGcm>uO2r+T{UgP&9bR5*~axBs0ZkMaEu{
zyPK4`1fEvu`ijktK($GjNSRe}&AYZFUpsxQ-M-CXTzAji)xUQ6`MP;}<MmynhZIz#
zgKXF{kLFlOgZiOoK-aPGkDtDt`d$u=7$lNU?a_WXtz>KL&e-&c(KtMDY&PLzKlFju
zz}T;GJD&$Yaty}V54gNFdvxWPU)G}EbXGz&h38~iXg3$-8h(g|lJDCU)b;r>o}J6*
zMXN7bE+~(Lu%v^_kjNJfM}lo(<QPtO%Q^`!iIaj$d`_OO){1e$-szlAasF8B_qNW<
zkF@W^m^*f3**V;t&k#*7p!)$GS~e902UOf?$r=LwNXdByTk&rO%$`kU2lFUs^uW?O
zNK7aOr9mx<x0>^gyVHu99_dR#%PRj|4yNrRKN{iUkI?m*Yr_Xu_iT|_Ouq%@aM0os
znh`vvtxa=m{n78lQg9Pz;W^~e<=$5uIn60qABx8Fe2E)cqA(Uopt3_|L)x$nIHmlh
zp{oNB^g)KhdKH+N?~mSG&|wn@_)iNPeU_Y*Z0_7cA>%}tDEf5-(DtQ>7zvHBkVry#
zj>!zv*u5UQrehDf0FUjrzpqVzu@ee=KlAa>Y1w@A6P1zbwpOqBnU;#~tHL9o(4n{r
zqs6%5zqc1uaw1nz;zIA{1ru(X9%Y<BTL}Xa_z7|FSUd57wGJpqVNTYu&_%%c5QsmD
z3NZ|qc$W!Fhj5qMfOkOjOagA5StiHm_uiea^gzS;+H_2S2-s4iYZkfaOlpPo`KO4X
zRrX}UB8FP@3L`01Qv@E>O-!6b(^UZuL!6|A9u4CYn$OBjcl=%r3K}901erOWtC#>x
zD$rE&kKl?uTvVw!`inS9^;ySswbNUx5DcA4uszo+SzIB}@<43-vWFZE37A)0GW=0k
zAmw6o;6Mr5{=p&bdwCn1MO?I8Xn4!=$X=5a4V<IN&}Mc_xTOa)o9JmoP_iDa6GMu0
zNCi_TjKrNjiKq}SYXKP0ZeX2-m~O!MBnB{z(x1cY8Y)5dt_bkqDiy{2?Xg2rC7=<I
zdc+~E3|V<RMI2`&%m|Bd3PRJlwK^;pMM+?j%3F&k!vH*Iu7v}*U(5K)kUO3(P^t_l
zShGAbOUN2RuxWV9mLHM)Bh^i(On0X?#4Thn5ts#6Mkfc6jn6!9csTnj>;OP34R4ts
z;f4+j@MRZY5v*%fx59arNmAgtB5g`l;IaWKA@jP~4yVzMIgGseeq4!ysbVNc3Q;7C
zSq7=d%DrG{`$xZz<B64|zYyN(h6VX0=R9i1K~&2d-!^N*U|&K*6-le*b!b<cbiCfr
z>}bqhgAuMq42_t6wp6m`j~Sp2J6DC&z7aDSp0|;Snvy5Dc-YK7WZXkh0>)04Oz(qL
z$BdFd63Z3dnlJs38zQ$EbyfAzh|K6bMCl<QUWqEmdT!H7Dy5o$^dHWhM<08E!KceO
zg|LneeZuw)v?h7C%$0kC=lt;xQi4X<-hWYf$5OVGh5rVUSm@6xi9cY@Qu6f>_uUA&
zKp|^zHaf{wVQ*>h43t+%_F6nNtqVd~=uSCGYR7T<Ri(#5M1Ss3eq~XLpl#*_wRAzh
zQxNT6_nQHlV*K-8XZrl(#@AD#{h36S^&p^=(WS7@UXVKEE4gt?^m|gaf0D$hiE2*D
z92YT$o8nbF{_LCn@-qOombhyl$PM)|_de=AH6IhSO~$tpIwzo;n94%JBLKMHt<mfs
z8sAX^kQaQY`*3KUY=udJV{BT(qW3VTyJ0Ci&1M1L`=aa<6}<W80Q1D?V(D#5`6T8N
zIua_e<($OG2V<g&)~rvmYB);QF|My!Mph}~0dE}}>j%yG*%&}BOoE!kQK9{bzXlgI
ze>+@OA|7ofrVar}(XHB5i4>btan)S2F+H5jd#TOlw7$rs>>~O+8`v{)hWVR(_r^&k
zT>}{3yB#xicr`37s_TeKE3P1s`1c><)Zkkhh)l&KB{`kEoIJ5Kw%-Db6mMvPMmjr&
zRZso7kQZtY0%pL!dV_brdzEe8ZAhne<*LPsk(=n7sgwck8k*}yYSbi+GtQn04LWwv
z*QK;_`}6taRE>|}DfhPpyA(1V^>KSu3}=_x&IAQ<b}@PG<aRJ%H~1}tZSU8TIpS`|
zijSp=eKmg%JzhM<SWES``-RJ(zbJ9Qrr-<3wdrn84U>Rj*Pp^xqNN^}=X;!HDQct%
zRBr~k?1TO-KkEH_H})7g%QRLks{GI;N1&D&wdX405TM+K*>c9Jf?~)AG=F@-T+oww
zhc3=<ko0Hq3S9OBH66XU+WI<<Dx2qo3o=g1C*|?x8SNJCkqJXr@A@Y~*DM(Fxs!_B
zmy%ivU1)%cbIBEL`1<RB^={}ywg$u&A76>bShS9&WoHHWTckE?XeEZEkeN&6mZfia
zcT56w6qj8Ei2S{+mqFgfq*~B$wXBw_e!^zQf3C$UdT*r$S!RT*3PxpHlV9>gx{BSk
z8@rxmPel-d<;HMxn1Jfu<h@VnQmXuizRZYxp)KHv#%jFINPUYbAk35~ASb?>goP@%
z5#|xslFtRv=C3@zU6~}F_1PMehO3B$+y__$@(+&=CMhP-a%~<xB|Z~Sn<~AsO>~9(
zAZF0l8!85_f?4r`Do$|0@hu@QU(s1%_^a)Ick#{<4B{-$UNGY-hl8iqHTn@feV?89
z20kE|{tt-L@njBKf&CGf71bwN!I<NM;+O>a>4WXTv90Uk0tHn%DpZgGXtqs$=zw>7
zr(EW+v*7x?EtR*l^9xrL>7!3x&#jC3BMHxgT&8eBsWGGJ&YcN?uY8Jn*-b)MYQZ1{
z@+o^5;i13y9qq?Sc-+V^v}IU>|7<XI$squBQ1_e})n-U*tiQ8|Zy=ta*x^@(t@|8Q
zz(wObH{y!rYpP}TqH{djPa)9pFSvNJ1T*aErPE`78u4Z(@Rhw7huYNU?)LMFUMQXT
zjwqEJi11>Q6!HCqT2!L?_x@{{{i26J|Jmh?`)+Zp3ZLJDbti%69$yjrt_Q&Mvdpxk
zRO6}sqmKQCVJvrPgPB00_7nz2;@tads|DkydzVN7_4!Y?6F}%EtCiu=scABH_0(5l
z_t2t8|4o4aNa6GAGB)DyC-4ia{(ofzWnSrDj?edLznG0#j_qFHp+qgs|Dj*vh5|Gw
z8#7nqsRB4Ot4390sG;KdhrTWQM3tkz0Z)fU_wb*j1w{Ej|5P0bDa~x;j~O20z#b~J
z2;c9YD9~T^u>Q{!X3>^~W<mUbVzTGv|Eit_;GD(d{cB%C*ZUwf)V<{ijIV#!>z-XD
z5t15RAibw7`8j_A9L4A2|KA~oO#=Wcodx6jj{G_Ac}w8(y*=N~%1<o7Ia~iq8FqWW
zuQL|`3uWBC@Ar1^o-UFqczeTH{6B6Vi`Mdw=Z9e)#mP$8-NK%Mg%n{xjU9tU<RRFI
zh=YJTRgdGdTjM5SA4*W8Cx|HRXSsas{m`5oq;4q}SY+^8yaib|35ln{|E5F*Ph@b_
z9Lm`zTUMnN4<E$nFs*RtzQd3E#m&dV>&<<xq>i?1moji#%>!(&(dh`o5U47MkP%G9
z#GEvmA)d0kh&-i5Z8s8bcyp78$M%H@3&}2lh+DQVf^$SIG(QqF7AibaNO_Xzjk;Q;
z5!`HB=QxE>3Lx%{-Cf`si$?(bYo(XQ*f0Hsdx(eGpakyy{;rOfx{TM$*FU3rB^ykw
zT8mWiHyKw}XiSPs50+xIQ~N+d41O!(9+v603=XyklBy|8HWa<I$E+@mH~K7K>ijkk
zf>qgmTwKZ-$9GUyPUSV~hau*66f4=qR%g^w7#c7VF+tgB-C2G<3U+`tFf)Nq7jb8d
zr+N}P#pCAq{#wX~0RK;e1Nn-cqYe4<o6I_EqkdT<x$75akbJ_t(;=yG+p=0R^;R0`
z2j7g~dtb&pMy_w77Kuo}or#h0A2&mf>_vz)p)IHQCeRrS?<NsPHn&wwLBcC>p1d5-
zm>@Pm_^Caw(RAL#EiJ%iHXhr?B(2Aj*XZ6Uuq&;vJQ%cJY+x$}-+`Bh!b)BC=_D$K
z;C!9TUs4h>6}X!>Nq5;na?2U<=iGO$wfUs3(V}*zjP?T_eh;*B*m6ZjMcb<9!h<k8
zd^O4ZzWU+Je=1l)2VI#@2_O`r+%au!)*bR#9w*X@#_~_MoIL<_$93QtxWW)%k8Cnp
zsUhh#<~~KCyuq&fhDcln+?@op{*`@jKu4bbKnh#FlGDBO(^Nk&zK^u;sZZC(zt@JD
zc;VKLr%cafXZj(Y;8Tq7&Q>+o7->_g(f9|KKNINjgz!7DYG$SKY8mIKwlP<i*of%m
z6=iA7YDwXBJ@SBS)&Y2Byb8-1TrlnTt#;7H&YNIgVjIz_YoF9CN$UC>fPB_5tp8yv
zY>qhC`iy8pr$BK~BhhYR>Mc3P=RD2DjG-JY${fkB;8^JMP<sJPx)CHnik}k*0=(W-
ziiu->FRnhNxB9-$G#Be}Jc{;5jI$9ue*m=d84M9a6#}4;91LZq9Z$Q&T)3>@w>upH
z6yo^BFA6c1sRw>K-=l3tm$>-4LQXy@$zSUbB-2N&b9p0Wc%U`-^c2>-=5H;NgcY<=
zylXR>xP3nWIG-q~2$I~Z%5<gDp^jX<q8-uDBoKWvNfay2fHppJcrG%|!al8NpQMtt
zu@u!9<BRyPrL`iXPX|?PYeb_p+OZMZGHFi<I+$6xn;JgN`+hhzEYZ-43fMX^(uxSU
zHL=PH4<gI7D9e*2an=e0m@DzrijbdTtnevco0-~`UPSml)@hxpnRc#Ntz^vr(+Y!M
zb8;hunS6<PI&`>lqoc!<8Ec3W1q&iVE;b*#!zX8QDpAau2VhVAO8!i6l1*;K0NjZr
zl#l59V4*BG?d~_Iujegxp|PacN^7aL#7gy%{}Fv5GsJH+88%^<9W>tp6d70dFDT3Q
z+m40AR^)F)GBV_3Pjx(8#oB>{&XiO}zud9m3LlYGnl{xjEP;LgA28|ZCy#ZTLs>~l
zo`iZeIp#T2RluJuPo9Gio*P}gIi=AoOx9GZ*u--+H)}y(Id80$7EnUQT?f`3(tA2#
z+m5mVVZ-CwjL)_s%g5A`Jo;zX?aRukjbj%Yk*rp|y&nGZ%Mm`pm(x#laGSa~y419w
zmGCLewMGIoMd$Lyh<gM($iRHkf%A!STVfwm=)W!P6aX(>^`oWMoDM>QmcNqfwd@f2
z?Z22aBl=$jkgNDEF5W7^qnl`WFcwYijPTp~^u+>)V@^@ydMB$o!Qp~CXKJf)J(}Q;
zsvpISB~s15vaVw(b2f!?MKVt}oToTM*sneWFMW(A1?_pT=@G?|_>k^`S~moi!Vowy
z=;e?x{s6DQ#G}JpfnKT!2tT{E@0(eN3s(q`hFk@0t3V{bx7YJpz6nkjClfB;khJBk
zfTa@0RJ{qj!ae>b!ei)i3C4Dd7jDH)IJ=tzgmy1rwV*gN_>4}w<z-io*URf8S-Bfk
zqI^!3xcRY6WX!Rp;>fnkAcxys>8)tKG2sF+VL)7xTO6lv*O~vP4GHigF(Xm_{L9W6
zz-=6O`Zr2OoZpWi6?bC%W}9pnhvjK*JFVXI@jI2*<Z{Pp2j1<8XQ`d(gYe#wIMM!{
zJYju`!ynX6Ta1T=!&K6^6$aU+<dX(&bgWZx&^{XG)dP}<z0O%O=5Rkw7qa#({0&i$
z0&tSkzZ8T6a>5S^kfBs07yzRtJYcCJj*5JS_nuBtGMtXj?(T#QTgATc3qWz5l3|g~
zOMX#e_m|mVi9Ap*E8a)F82@B}8H<{#&kdZuja#~mR-ShHSlQy?n*Y#-#&(VH^|pFy
z2ZM2Mv`OP*qSE}1{K9S~z)$Eb8FdQ>1ME{L-WXpda@kYK+ev+8JT$~@I;^cu*0#K^
z`H($$!`Zc-QC&1FJ?52Tqoj-QC~XRx7&v>^>R`TvrU|c(z@%-kMGU8QaUuIU5{ch0
zNNSjVd{?$+e|V*(-*U`!eB}E!lj)6cB3YQQweU%+v}OiLGZgT@Q5o!EED22I0>Wm1
zaVNuTNW?DEjbs0Nl0zDt*}$-y>-T0}<jc6$ooC!W_b)d|a;Y^U7+{;h+ngAo>=SwK
z5LdG-^n#F73!Z(vcSdhuYFeYu{Ty9U5aFza%vW-u^0XN&u*yH$*z#dYQRGfPYHF?H
z5k+?RQsJ0>osH)ZZ5@SsFect61n{6>#905N_i})R7@TAPLP?*72@+cEep}JYrrm6;
zwiQEm6OrM>*E*%u!d~v+s$<%6kRg!p6dzw*$#c^TwauO{<D$QO(YoHbR+<nQz?v&2
z3%is|Saj3_@1srNL&m)5K#J&VKu>skc`|6@LzMXMuZ5|LtFxJr-T%K!?M(v)PyDur
z1!hcyb`Sx`RI;|iZSNY)Uk2Q~X(6<+x;~S{ZIfa&U^YlIgNpR@O_~4rnU1#{X{cEU
zw<)%EZXjrJr^J|6M)7~Y+)qmN?-os4=}(`p0{p(7I~RKeo}>mh4FDf$``sA~Cr4k<
z3U>4?tlZykdRO7mEew`_3a72RWlL)TSwDAyB_DvN=R<_t3H|BP7LC{PtPZ{B(##qQ
zJAvc?jg3B-X5CqOAB5RCVY~f%XoSC9VX<$M*dyx|@+ZI!(^))rtB<&&t7<eEbMrW_
z9XW8%Oyb8se+O1Mmy>kHv>H+WhJ<OXg;V73)>BD^2%J;M(@Tt!c@f1sud>MnCK`KS
zsHOneg1?_v&KO=7q^{c4ZxSfTB2ua}KJ4EPVN%J}10Uz(NSWy6f}mILHg|h|p6<Us
z-g*RQnjqRZFM-fL$I{giW|6rT3|AkK>Hb<s1vv)OTE#Wykha}jCm<=+lm&|Ah@}Bh
ztfh+y2RF-3l+VLCPPG{R>y;G#Nix&(lu-oydIu9+<%W}J{9}O2AXE)v64JFPFR5Ri
zUAU@>wtc5GN;;Jz98T_P2z<i5A0j#N-5Oo#0;@GGjp7?vDZs8Jefl<KS!`-s^LAEV
zw-xqOe~e<k6)#}8THiBcuR*S$vV&%CSE;<J_q+nJcbOL$tlZesxqvO3@ou?Nq7?<W
z&}eklSjHnKWurlwl!~3UL!vrs*DK&t@`C_xF<f8L{diR2azR*=Ot=y34TNx-X@I8)
z^o6X#(f<pxG~?W1Ji*x44Bl`D5e?Ya<B7X45FX{bom=%Ak{Ox3U7z-1GbSl?IsU<c
z@o4gBu;A>RU=ti0wlW?|WWIOB8sr9?yBh@AV*&M30tGUC9K`q=PWiXchS<p0lZFT;
z&5p^%X5W}`rcB22z_gB3H}>DRKFu@n30_Zqpo6MnnsmrJc`im_7m;P8$K#^@>rD$-
z_^OD%e2==Nygo?Qrzq#{-Ec>M+No#U18HU=%{(bJ<ZVLKB-8q(O2R1g8^HqDVgBV>
z{20UJEK%H&A(p$5Hf1CYg9GK?H=1wa_Ho|dPU#s5O*fZ*vWhI?Y=PO8MX@`#dw5bJ
z#4y01C2LlTNg^sJI(+{}NcT6<C3N|iX^l;ctfp9SO~5ZH283e#><xTAe~$|G=hcCL
zsN_ez?_d`2rC8e7QB~@IB=iP2HYn{~BFv-^M0XtA8M!jF)z`6aL%}+DxK!PDr(;W0
z4lpi+PmN~ArN>!i)o#uN#mZSS!anZ4NHhvW<pO=1+7Fzg*k<Vtm`3ug{{IU5>aeJ`
z?qQiBq$EUIr9pBU1_9{~=@O6*NeKyI1nDjrQ4r}AkPa2;?iN85K|)dxNq>i1@4dtK
zJm35=v(7rJ_S$>JK6B>G%tF@<@2F&M_ci9u%Vw(UiZ1U+Y~Oa-Zr=3%F4~N>B5jd*
z!)DuL+eG&<WJt<-ljb6ZGzxn|FL}}W`uy!E+2RlF9Mk+)!^4jRd7p`UgyA(%rS46D
zc)2{Ea{H{!+}17A_kQL)hlOl25`bQ%Bu$dOH<$^r+A&FeX--M<C7(5unV7&?o58wS
zv=~Mhs+F|uFl;*8%2XVK`dmv~^?MKAUmA4tQ4^x6rDRy>E2q~tj6OVEH0`>cZ*2#o
zb=Bl$1IoGL0|OGc+E&O{NQ2H}!^B|udU0~8)_1`Hpng?f;+qT{t@$AFLS4RiCqffE
zzR*oVt8__VqYB*3gzPn*>cd+jpN_vZk-G4Hb~JTdimxa1U{9@;D4v9)a^~*RftoSe
zHOK3d-rb}{0psqgn6F&qKSIAfED!l;l_Vf?6_MHzY4T|+&y-gF3O1!U5xmquFgOo0
zu`S~(*z8$x%kf9Q@5a||IOw^oE2fZF@ikJQ_O60mgHI+c@jzM%rHM-tqfr8n%7_K|
zr1+Ft+*^JdbL5SjC5?v%$wr&;t-O=<PXccF9h3@rIZLQ11YoA5QdWFf8~AI#UJQ@)
zxzl+dSh#%cg9PFI70&r1MM$<$^X>G)pU<M?*rKk;&wHoo47}EMNgo=4Ua!=a9@M+U
z-@_nB0BQ{Hk;_M5v!^!&`eUNFwUS%E+~F?T(9!N>c+ghbH7a6QVi(1~#WkX}^(0v&
z%6cy_$I<o4oJk6X9dhGSL(in!sm99`jT-9r%Cw?IMU9GOJobI2T0CLJp-3xzJs-_#
zZ<W*pF}LkVcL%(q)!@Lov9#M-*anWfQ<kLpB&HtSBrQb&OZSaGXsB;Tc4au*+t8?H
zJ>uBY#{)&!Cg@(y*ko%H<nyh|?kO_yTyV^3obQP!)Pqc6q+RZ+jHRS~t-7hZzprrh
zfVl<}Q%Az?y8y@UU+Y0eDlO@2bv<R*U4$XWU8r7DvbB6`g!p-FTbL2owlG}wXREsM
znZ;NY5>;1t$PkonqG%U`w(<8eo%`~Q6!H<tERfnRx>i6?-rR_{LF^M;%Qz==Xn$?h
zTsn&QgM+dMM%-2QX0tGbCEf#qj^zY3TXnzptO83*kW<#MV0%LAGJW$RtC*r3UOubY
zXo2=vSu&TEVf>dbh?2QW?x=gJ`13z2R*6Wl5>t$T2?!RYDYB+Z-W_-}og3v_csnYo
zjz9wY(VV<-wOmIMRXMFAJlVdV=bFJmMTAJ*?Q#F)gSq8w^bPNFubcRELvG=xaNcoL
zq=|U1mqTrK5=F6$VL#g6;BH03tAb43>_>7wZbcd`?=vJg^%yc2+7-Elf<8f(sf3qA
zokdSQ*3B(*OWgWz4sboSGGXsL-RG5b=eQ{n&otOi!(tn_GnTtFR66YJZr4xLoyv^Q
zUj6;<H+;-^(d`<yQ7A=~!9u|Wljm-25APUS33!|69y?!-WwO08+*~zKZJZB(n+Lt5
zfMHjnpTvLg^}eG{Y3_r8*KK>Gf#Fs5huoo0(@8oNAHEmy8bDaD=Ti_Peozg(iOPB)
z<=H3+CDjGKy1A_gYA<nG6kX>f+|2&ik)2d7ybKe<I6s`?%?z5>?5nqm2sv%<?+$8k
zrH}686;XhPjEeUMx@KU%dFotA=AtUgHh5z+ihlH>lkxkF%x=jjp0rt~%8d_$OUja|
zDIOjl!v>inXWq|TDxR@%E}m&^Q(JN((kEyL$lAS>y(YcKXxP}A{r%k$HBsY5j^f}J
zziBsr0n8)rA1!tke9KED5yp{3x#ZXKcjaGrR;RdX-;3znlGL1+u@dqOzl(XyTB@2x
zXzNq)o^{Q3+T=blxoPz`;V-B$dU@>?-?*Y|UT7q>g3nC9pK-0=%WZUke*VsTrODi6
zS%dUw2A7En&wR2E;2`9>AxB)75etFdgSMY54ev3oy|pmWx@$iiH<aAMM3oq5Emb-U
z%m!DftDa65SM<qiR~3r5ef8TAD1E!c6|?12<VIfaCf6U*h!*Fdxbn$8{$8oDGc12O
zQ!*^=7X~e`N>+qjtQZ?2DNPW1dP$9I02+7C<+t2knHS>`Yk-Ee@6SS14Q5EUxS;Mr
zrbz+jwMWMxCPg_|c7-}P8SEm(KWj{RXrb|m#pGh<wWc9txR&^(5zCozjV9Sq?NTUl
z+=cWT9yQv<JyX`1Gpe50>k_Y;f*PN;o|4WGa8dkxpUwSI!d6UC@=`eYSRVN)A(M^X
zMFyr80<s;LywCl%tySPRX~a_S_kzC!tB1=NF}CDpZUqsHQ~rn>#_Ke3Nao0HIk!Ne
zoo>-yNauG>!eO(Qa1ChQJ2BmK$B9B(I_3qPM4k2cJ!958Y}qGZ>IZ|P?sgYfsHWh#
zm)tKGq?g=ZpDkKxeEx=!l_j6HLNI}pSNic&wRoehO~*!?43h?fg!NeL*p`FQ8%a6?
zDxq2Pg-zwS&^_KeRLjvSi>saG8JDgMnl{n8WV5Q);SV#hg*&#(C2wl{#@p%X<@@t;
zqJu9f2!X78;LAuN+7_qqI9w}(zoyU8e{Sq)P>D9l=k`a=$I&0Y5A?3U<A&YIMt7sG
zg|<4_FeF~&H`XLQ@i@HtN^CLuPgyg;q#zM!<#MnP2~yILIo<HF*tA}N+0MFA?Nz+Y
zo_FzC`eoA|TpniCo{O`w<MN*}I#y|g3og0NVp}o50|KVc#L!gUjr$5VUea3WD!w~;
z&*|sXPa{i)ds~Yd8dK>4zF>oGqkWbqxgXc|4J6<DPFXa65_-aI%2(3(!AsrH=?X31
z8<2UM=K-|>?+>nq#ZmF}6xLshn}Y+zYo8*$PcCRJnq$kK;$0y_{`ECJ6as}mZc3_c
zO2T`65%U#6`40HC4nv{eiE^4^wqp7VXMEwi9GAi`3lYC&`B{O<sOT-_y{SG@$tU=7
z+-8S=vhf{nt?1gu!sw^;Ak1S_dWP!$XKemv)AFh61Ks`4wfT#C-Avw|^kF}y-kyGZ
z+xT3aVs@=;u!9%gbb9LH=YN=YX!U*2e<A7mi*<jD*Pz2QjU_{Y4|Yt0eU2~oE)aQY
zJlOcalfSVYv9rRE_SBn%qSKXV<<1x^BUE;gal>r>RnknpU&Y|6T*zch1ZFn~^YM6L
zZIWYbnyjO7+^jHlE?ppECF|+SXKN2f29;ZtDUzONO)!4-xD_WA&)-aMuW-ZTw*2wE
zJu)KXJxsC}hxsew{VzAA^u3pK-n?kZRvZxgT$K@K>n>nm>JtQgZ)0;?fiPVzc0~Hp
z(;)46Q1twmwZwtzb-^!e`wxfMZ!u)I3#v8`UhZa|Lq_P*mHx2(Fhs=C#3vD6{3BoR
zg>jPDV?E<==^>@vfxb)2Z3OAdFO!b-Xu<{My<2}_BAb47z4^Mg=*e;oO?s(NK)D%z
z_mx1}jv?E_{;0``BBoaRx(+1WNJq#7G3xr){e-Z-jnb2G1H<dcO~Z7`5W@st>DrNQ
zgqGSUzY`_@V-n&#mV+cYK6w?V$_h<xC#NLy(p1jvhhH^9HY;Q=7e2pn`POb>9l5i`
z(1{_r3Z@-hOmL;?y7$`*-u5**t-^N~^&iXK8)-Zwl@{W0%rHyop>ykZMl8xO^yGwu
z=<|HZ{aKw|$F~=N71qcxQznbx`0#7sowvQxW6h8ULg*3$76A?^B^7Y`)f22ug*bC%
zrfLxp^j620oW&JE^s5eX-`kWypNZx@E~bde=_+8R)s4(QM+pbHJG@EX5M1e?q=`)M
zT+O7R*7roW(MhUUW+kcIpw0M|-Wt|8SKL`yc)3$H)@uP`Z|!?O{kzJZ);H4?`>x1J
zl6ZxCa=ULdhoXd;#~2@%79ND7GJ3kG7Uv^9Nemf-<hL#9s-}pnXIyEiqFACNmTs$N
zU|pLrLRG2{YkzUi(v3%Z<h(Vd&R4M3xKbdmkiMe6x{|-Iu`1?qozyenXfbJ3eO1hJ
z^XBOOmYC`BuzxMAf}rZ#GtthENo*07C5j?!ox)jSa+TrQ4~aQRYpeSV=}Xa9*Bf#w
zY|Y?n4g!baao=rT^$oR}5My3?mbUb+-d7jl!Qh(*oYH=0i<~kre-x4+<v;sX;+4ua
zw`Gnjcdi5a$fES&%V6}T9%Jo(v|bl^4T;<sT=I^-1M!qOa{K_qQL&O%&5JA)FTI}$
zPEt~l_Uik5t&+V#=+qPCKzlMzqI99(VNCg+F53K<lf;01)ahA&`~w@F=J)Ml@mG{@
z&tWX7A5+M#M^8Gl=u5&)a(DDJRo|^9_E2Xv4miX8=p<kTY0~_1x$@vP+0Y7?_@^wM
zO4Q6#Srg#LhS7v+rTxPf9=dFzc>>2`V>z6qKQWBZbQ%2QCkM?Szj<%Z`qHfPh|jBc
z<5kf*uF{%YB?U5FWEB^U2v%_ys#HW7Nnr>*>!T|lA6x7(T8X_dlfCBtA?i(mta5Tq
zLPUI2dr@`f_Y1pqdR4SNuemD?Y~UmK``51v(UmW&2*yn(<r)w;<jtYDLFV_GrG_tQ
z>cv>kSF9>?e!EbPatxE4TroFc*6V)PbvId>PI*q6155v=25ie`Q$Rc}qyBAXC5Zz=
zQht?EH@?f8oTb~IsP;Xpg5>(6G>PMplS4Vqy6wChUR0#aU>)}w8hgCqXs1YuJ&$*7
zbM3+MVxko}>4(2bcjWDq8KbfCWzAj{aZJy8KDQ<D;l*7)&U>vuR9#wlPlqigP*VHO
zoF?(dbQcY)pUF01^{*=YJL$)PpTRMNV2qV{*-EOa1B0(qwDP{Oe-`EMaCarsWdy7j
zwxF6OX3wW$GCkPp_`vM($(VDtN&`{2S>LyC^M_*;&!vFxr(TCtoLnH@WEpQC8?*SW
z?PTF-r)W$w%$spDzHM(!$%>-0P`b$zvVGj^logZoh>3t+Zq5;QEhd~IYW!P7;|xZC
zd(wSv>D9UtnHFTz6<oDCwVC0Rm;8OBo1ekfX)<W+iB9FMMNUkf0ci*u4RcCkgiVyu
zJiFOp6_WUE*~?mgbHu3K&?m;zqlwzJ7ppPd(v6RzO18tgrEiYj*-9F%jqA>r+Ww?^
zMHwIY{$VPbnj<A|LCJe}96^Jbxh9Q){z~xoMIPpt)uN1lMg>!Am%iQ=Xp<pbDiKj5
zA^P_1`%bFa$)nztfLY3+E`xFDh0<n!!SdkxdGoS+hyWvQRJzB|(A~Ek*J|e8MWx)q
zulaevGNLT`mF4B5)U5U9-4sTR&lkzkG9TyZFpse06&iarsqCqxdvs0UGg5rGi`mfI
zbj<SAE-;}sK_`lRf1|G8l+jIhzbNeim_mWr#$aLfCr{w3)VdbDmmXSXifp7xv^N7P
zI|3GK<fBPO%gmQCRrS7ijoDxI&yy-lbux!&NqZV5Us3<&<+zc0k)3%X)gb@pPt~E}
z@8!<(rjdmj%$oW$#k%V+B~1G~i!w2_s%vaupGzkWl6o<x_LMI}j`9r6&;jbL;@5OF
zxqWFoddmDP`!nCE!^Y!SAiE$~Jow{1(>Z$R#d}|O`Wakz*c2yYYYD2@3Kzw`+oeSP
z7^5CHK|^G^r>~XEBJCSP+8FNWP1hnfbZCA#Rx@LZGvdpS#BWo2uv&aDr;@-3D=nlu
z_>UI;nw9i37JN=b)CI~xd*Pu7`-e@Yvm*AXbEexg?e=HwW2TPgm-xLShXUSm5(Vg*
z@3!8rZ;HrL1B*>UD$=%)BRqq8GvQJDt}B;pw`W8}jhmkPE*L!bvG&WHMIRw+OP}4S
zo(kgoS>2P-nnrT*b&z{iHRljUE;79(dClb3N??Su(A!1__#NV_Z5^Bn+fu8y@2Q$N
ziy{O}W!q0nH7kFtwZ?&~Dmt@odRMyK_o=#7HLVi8Fpat)QIY+1mXRQIOV~n^kse<2
zM(=sjkm-&2d?{h)`_E>U9%$OW+MGyrh>~@DYs>-arQUoviuWb3=A!Cw+>J+Gj^A3!
z;(rmf<O$#Hko>T>t#*AbSpUN1w@0hu54U#o>6VYd{g}wqKRQ0_i(EW1Ja}z!E}k6|
zrZ)<>{@OHXHvBDQ!ysS`92#2sY(>VI6zpeke}*GohQ+VD>3TQs%uc1v(h&=piT1i+
zZzBK6u4^IFoztV8jHs3-;$3Ugy~V+%rsJQzi=R3R8jcSJvFi)g6Tg<LMBfA)yB+ju
zn_bvE-9F;0YxF00OjkWJOBQ!@Wl2BR9<%Hgre8fQ_o?jX`1=!=>llBZ-`)q+FDW3i
zHuV>R31~hdF9&f`!S?yIGQ!j5>}hVaz8*R9&wAo}Pj$`7iNsv2^5(D@{cJ)a^2N@m
zkfO$NEl=L(-YaCk@w?*lY~5PEtcZMxQJ^50+8Sl&#V3mYuKFpWq+);VzL;pGqqiYu
zGbjq8L>ZXcv}F<S;uA%4pLVG?xrzkXtWHP-m5>$TG*P@A2RHt8d?inLtSa`Kjv>ay
zLyJSX%0{&>j5%H0;->MK6K~COy!yq%=$ggu%F<u?RdP(5MLxZ>Z>E1G^omlZWS&$!
zbGpktF4-W?O60II^tiUwR2buFXCo$wS)KUYkQszH7zx%2<-V;dw0C8!`1dTuuk_EK
zEt6dY)Sta+c<aQf%WMdia<|)JJn7sKJ}IAHw-+_Q7b@d^6xt;=y2X)dv>98&)h(A)
z@-xYxA%c^-4MZv<^JuSzCY16m%%Eytxu(gA9Bdh8>q_s-{L^mfyInW%bGyWkEO_cz
zs#ZKs%xg}GMY%1JyWA@g(p>^}ZE(TsDv?&H9{BJ;{<v_pC>9zjwy^po)ck|uM4J<^
z4QXHHM{btPkNwHbc4TVkpw;m55i9zIjP`+xZA$a}gqIDtFIaH;dTz4a=1DB8-^E7r
zGzZ`X+ON~AE$8n?zEvpq8dIZHc(+2^eEfBc1`{T0r7|(38HhbHaa>?ue%fhp@g{<z
zwunU3+a>!WGi%Ol!$++wex?2KpSQB;MCy&vrdEY=hxU}umEcaT(Ip3R*JTujf7~C{
zx*~6-`$B+zS+i_u=~?8l=$27nlgv?_5gx*^(w)GyyX~<{TgJ27?)=SfIvjhwDm80f
z`V?U<$d}bG)Lv#e3HN)!j*`_W^rYl?KL!VWY%G84$0+nR^MRUjjZFDV+tlYRX=SNP
zhj_3|2KAJIX%g~W!=hj+)~Q_nnhOQ|V)c!Pq_u?P6soez?Z+;LbB3WWADXgL%QA$b
zpi(isDI*Yt)R@eh%Gr3JFZ!sLHyFqjsdYYJ+Mip_$nh6eUAZ#a$3MkVeVz8#)xe^B
zf*IhqK*|IpdKU!Z%P-=Y{Mh7TNo-cN6e#EE6TkS3L|$ZdZ1JWytcv2M{?p;03o|it
zfu1(HEHT_$^z}|FjIf4=v}a_B0S_Lxz{5k{dKAE(oNCpnUl>eFA>a!%oJz2(o@{Z{
zMqf7EaFtC;?(PGH+&8}Xg6h6=(;Qa59gi2U66@BEr-%8hYC>$GsrbA~NHg@{=u%`x
z$L+CYS*9!0)S0~%PrF~YZ7SoFrz&-cUmD=DT<1~v)g;#`wa9qvY)9WSCK2F#Z?f{L
z19!tnvz*tVBG;g1e3Y({@cMqf(Z&4j{NWp9WGXTvE7NIf%qfXQPQ&4S;xFyxK!kB0
zO=&b+)GJCcQU(wgU(Z9i?3mhKBX;Q#Q+)7iHQm?OGm>?~?2P!iUrrRzE!gNZ*I#j%
zVTA<_eB-Y-Cd;ZbE7-IHNg@b_ucx*W3iH0FtW%GwHgDGOg-Er$Y%TQ-^McNZUOlkU
z)30-szM;YOiDvpJ`aUP3U?y75{q@_z++JFz#veSRm|4|S1jkAEp&;;G$>%38tpm1A
zs;)XO=Qt?*W{7!vuh#u?V9z!FTRkL>New=cCNVp-CX?k<{nv>)U7?2IUmP_%8r-SB
ztlyb1)U}OO0N;C+;xbWwS^X$UCnK{9;qV>9Mr$ys1S%3O5>&OAn3EvyGWO6_C?{K9
z&mL0tAII1$EJusuW8S`J8f55FTzwq+D{WKQf5~+;-&=;DRp-W3@?Mma&Z~T{DIKkw
zEw0z02a)*Ck_GhF-)4n%p0Yo~8)RPcEui$fGi++q?I~O~lWigwMoz^BzJlREFP3(Q
z^2l!e%*1}KNwuzj)vsRLmQv~>@Y9Bqycc15g=ZZj2~H2>%}*b<3CbTSKZIs;8N}!&
zy+GbIf@L>IoQ{9*oI#qIEAf?(<aWksKF?~YRckIFAg^p^-yu-%KXn`{xXSg_N$znD
z^h(|4ElWpRIlU6&54O<RhPugu+k)J-TH%(e7TG_ZJICFWC-l6a6IW4rResQy@oge>
zFeLIZ=Hu%3a=#B$_uHp(rg~^N>6^m2`sp}&LXNm|4p`e>+^4(W%fI`kooE^L@%f_Z
zTqynwk44ZN!;U+}Q~K7z;XUIEcO2mAI=%_sHjUrr<T~rGsQAr9ah7mb%uXiBL>KY*
z4HyyGc_s?NUr}EBluJRLWq<eR<yTKTr7+vBa6C-^2@i~mk(%L&6uu#;qf}bkElY$*
z43E7BJ!?tZk;$O9@aNs>TN?U@O$EeAxFp+K)vg}lhO(GwuJrMX;}33@;PYGT;opf?
zU5y!Fe`xf<-_J>U%$b;FYAxMSs@<Kvq6WNX8@-39a=@P`#oOZ=nXZ0H|4P1cc76k2
zW&0=Q5tOV;I=PmcasTJSo0Gb`@H$iO20<E=c3)`2hMloX<inE7y43@=B<fe)2$Jwz
znSXCLa`8<(qHUV5Z4H7dEVuhlysZ9g4U>}iE%Rkr_GYBZ$sW^<j*^|~cP}hh3>vv=
zGZdk&W_Ugx9Q_fZTB^&13u`Tp8~PJ>upzg`Fq8A^+6Uve?_vhn#g{$B@FqkZP;=t;
z9AA8F>u1~wEw9RC+8MVbWlNamJAx=|%W7@vBfYCjeW9qmOrx?7Ij{_n`}gmzpr!lG
zJCh}`U(AadIu2Bv4-7SK9d$K&KHZ9vU$(tz$y}!W%v)=!750#`RQY1BOmY_LUf#3U
zFEJCB*MDl>!FEdh<Qei5B}kB~a&$Vfx=jOe7x}s&Fjxi)A5fXq>mA7%==E?r)C=u!
zs2@4>-(jrYT_{VEzjrHfxPyUewBKxYtJ6p-Nv82B(`Jii7<6#Go(anFbxA&Y;Z~b7
zSui|=RXelH_~_TSPzEN0$M%wbN@Rsb!{Y=B5}0;PY;zCZ4b#-tiv$ft6@!-V<5}b%
zttcQrgV|SUe%5e}C4Jod=3r4{PNdDUgU-H17i^&Dkc82n-T#r6#r5EEDdv^t12bL)
z&TJCn9~M@Dm&00u$!n|SS|%&m$WQlnZq>+wO#f`rjC%1*FxHJX1+K~|a|<heCyZ?a
zy$)jFXk&psKRB8aoY4*70$((lP0P8ycwhXTuVMP<-QLb7^_~-BJdK&y{0z*mUkeZN
zF&)LLyFWfj#FoX8&t@|f{O~$FTw4*=a0iL_pZtoTE%`7{{Cs5f5+CS$dC0w<prh&_
z>G$O8duyB5KfS|9yxXKQ6_T_{=sH~)U0wratonFf_crO{mMC4)Uf%#C{P|y=i0_}=
zSBqn;{po8G|Dx^YtO3fGQuz1Lk_0nSA&IA0<=2~Gt&Qh<pN_N5b6vqh7~m$WV`{3L
zCj@2NOAEZ+gbX2OVfmgE6rm^IPqWOD4Jhu(<^5D;d-JshQ_+bG&)#e3QHbE3{qV&z
z$;ZOkmuX9kvAsC-=ui>lR-tM!Hh(L*=|`Uyi5AyHHczzt1l6z@EM{N_b9y*CB{{L@
z$ak5TjaZ1i<E_QVZEcd5$(apwr0Hs>LfBDbQ?gbI#h>0yqN72_SK`pn+gL%Q_XR>W
zg<n<bQ6A0Dfk!(HwyqPcl)^h7POe)M)7BG4afBENY3_nJYcqT4Rk^ypEENVXvN&2$
zsC;+x$N0pEnJm}DkhWu=<}};oe&#gdT+g$(!B2g$W1n37UAuV6z$2ju6Pf3I#WqH=
zAyZRuCMi5O^KU<84IE>v+8syVIrFEopO*WuyU-J^!ZCV1IutcT9Ho~If!m3)AMhuC
zaSf=xd*_3n-q&uQl*aFOdgTXx2u{4wZOD8~&1>oWM*dao35mfI*+$MFt6;LalfmYo
z+gmq;661FKR1>!r;tlR`=%8vZStK^Y6KkhuYdtc47Q$&$tFFcwgQnT9MmXLEF)g^X
z4t9`w+nZuBDqq6!cw~4OT{u|1iCLA0-sm*2nHC9udF9>go!zCsH*0(eKlEFT#RHMe
zC$GxA+X;WX^R$3=nqR^`C$nIFL@;R+bLZI#Y$ft@mt&;UjMSEZlkT#3!S^LB_dC8!
zN!Dbid(7cHX0l6^f=|~@BdQQv-0fa-$do0;B4wXI3e3{BwF`rw^?k2`liG2nNS5b`
zSNmu;un-9dUPL7Gq4BTFWu*7!LVB+!jACtE+CEg1ziUpRsaDWs(OipiOPF>3ne+Lf
z+tXDTaMz6pa05s##qW<Fbi-ReaVW{=hwzNC1JAyw6rLY`tpcrEPEUIMROWSH(v@|`
z@^(wmlO8LKfRaey%WryCE;n8y%SKomE!IlD`}-X#HW=L%7=_rqw!ZXjVD`F;EOW7E
zFa2}}t9bI&s`!@(>5`lWLJM+u`{F@(7Gb%8)TVd1!mnN^z2B!}5G)O1@8Et+ynU&1
zyLCysg4vibg^I>(UA+9-{r4f+R}^llHTLGTo-FUdR58|$+imp)KFZ$er_oS#E1R}r
zAu{Tp9Z?`Se_<DGs;2yJYg$xZyoAb+o4TPn%yP;jqCqqAe#EYP&Ei>BdKL+>7d4+b
z5+>WqzD=O6FS%UW-E3zousVZesK#6&k#i&{$$RiQ$uhMdfWDO!Z=BS(=L!6ERo_;B
zp#ab5T}e!K^X<Ah?G{UX!eq2ADp)j>mVV1?N%xW5J!;PnH<K6J_@h4jHpymPcpj?3
zuz25Yrq${AxXhSTc34L-%~PBEO?JHRb`c$6{0G@s*`^cAJ0I*Dx!`o&eHZ#mmy}w5
zt2`{S>!iP-R(e}RR!Qi)9;#a%ANJ~XG!gMia*SpGW&k2<Os#3Nz|5j88a%4F@8DLV
z>c1)-o<TP?zRzfyyV6#DX+kMaHV?A1URdo|6H?5E;xBtFWAUiv>O$^aPnVAY3C$K9
zm4us}0*bU&-~_f5y=N!Y+ZH5W)wWll!Q!024Pm)jIy?~ROCvdt@*VB9hXV51(iq!F
z$RE1GFw+k}bhTJdi^GsLeKKzCtNF}7Y<@hxv6tO9Bc7g?7Z$vq@R=P;DA7w_?VBR(
z(8ad?SQQiB7}=ZlBJYI+%?m|&-3tZk%#j|Fu~a*!X10iq5^~ut2}U}Tk0fz-rpOf4
z<W2I)$c)oU-m^Cm<nd5HPIsMq>dsO4*w2Paa~ET*7+kZ%UU|UP+PWXrlI7cI@p-_e
zDa*qO&kq_L9%ehA{EclGt2OHOJI?&&rK>MyYzsOzbg9*%m<qF7pm{bgUkltfm78ET
zcx93Euy0bcfq+Fl2wlGHxa{gmHI$GuMu@x>(&at_N|IVN4<Nu}B6!RKJEml9B~dx-
zIUL1E%@<EL^&d{^&$FiU7hkEa-3zCvI$}5qqBb04j)i%Bn!b9&eCF+NTXO7d=>13P
z*L)BMR`jt1pC|^2Ues+Z8mYA<8f#8RR%viZ#N2u#czg9-SKr3&;>ci&l#e*^8r8V&
zV9@d2t0}x3*(2TH_*rbSp*RyI-8x;wZEH47%=~e@u_pao>Fa)ug=Kk6Vw3gU9I@y0
zbw6KI!pMy_aA>^|N4mVu>;A$9;n5VOJ1IJR5vbue1O+ipnu+AgN~EsAB_#Xi!=~JP
z_Td#H(aA(&{ExEseuge;9zLt0b^FY8ukmtT!zgKNV}(THlOm7aiEhc5ky$QxU3<3{
zE(~HfdC)bn&6bKy#z#@V??Pq99-ZUS?^!8jdm5u^IXw*h?mb2{`1uf?Pi>p63+-MW
z@RLQJ`*~U~@BG$xJBj9V&O6|13p(P8MLzW&ksOx%rP=MF>|7grJ1#A6lwX}PAh^UX
z>vZ=yTdH?cUsKb8Mz;O3mHiHl+=bT6F;2`ZCSDCce#TP#Yn<SPmW>qpOBRYWbe<EQ
zTWDqWWKSLnSVPC{;A@7SZ{W`poP0QUep>7(3cja(e;}hO8Fg7zTw&ezWqt6~DVOdC
zP*{;nfckTyXA82yd;-p#shKm?t+Xy^pWcwYlCqb0`hM@m;Cd3@uc#KLb$YO8w`po(
zm~@;(wasVzBySgZ_Ugu$XTDP6G8KNM!c=5!%wZ%X>irsjK5Wy%I1`}_d$dRT`vtL%
zcu{-T?FmxN^@xy;Yxy;IGx6{=X}W@%=+)eIP!EE=l70x<q(7%I&P#PzXJtQ#RexwT
zS}L#KFH$2a%F@ZT_n9y@H3sY9!zcSO0aJc)(E7-gCWMrtCr0Bp<0Csz8&~ng?ah=g
z1(Spbc?H>m;OU~z{@PA`<stnxF$#6E{_htIN>B%L#5WlHzQjLxu^mHQp5UAB)NFIe
z%c!d0q$pOlyk<IYRx^QU*m$c6(%$DVx)kzO)ysh`oIHi>>nQI9F5OF4S7ocCDu*z<
zWc8AnBeDA?tVS`XG*vs_NQ#Fir+KF)W&0P!O&nYUXEpDSv__#mP+IT*y856to}gHY
zNo*^Y;#c0ajmDkd$-0Dk<+Nj~FFwp}>iWFUGibf4KUL2+fyvsltpRs#pz$$^(ypZ2
z__1HNg>L!(l9_L!F+MnPxix0LJ#{jQQ7YSByQPj<zSoiTTra$yAHDj_K}0fryiY9<
zC8qL@Y_-stYJ6LU{jJ>7E0?(Q8nOH(KKRx7fj7tq^Q`>8#1y@tX76Ll7t{%TH{Y^U
z-`RL)%1evQhQ2xDmA;ZYN56AO@~4HwXrdV|{*ZA8M`})pvr1?3yVT3Noj=VO=Ipkt
z)J5HO)r6HD%P#P^8xL+2aI(WU?DL+`b-O7|P*`8R%;i1$^+8@-e>iyfwc`(oz!wYN
z{6lo11-+jfrYviE^n<Q8Y+RwM2opCa^)_wXtS0^vj_*A1%9lf$N#9^;KOY0GA^E-d
zXUqG10=OzEf-RW9JG&|LJBoTP1Gp(v@_|kw|MU?3hZFiPK{!#xMMG<@!1$XG;JMmy
zIf=@gh845ji}#Oqx3hHy%dU-3(TSWKY&Rvj{wC{6O8>eN_xs`TR{u)Vc9F=*_FCu8
zfqAaqSmcU@dd6=F|D#0iN2A|_ZkggORlbX~4lR!Vye6_%Ty=`spL|$zTJ)|({NuA@
z{Y8l>0Rs0om&4n*T~7Uv9hNHJv@8qq{C<P_%v+j!m32RM_xi82_T1KWRleDdHFG8Z
zj0MphsVKfTOWrciEUiZ0a_sS!-FLk%ec;mJ@BLXyj!FR5AAIqP`stT=hFy>J*pZW6
z>Q|$;pZH1gF|>PqzlX69y?wFm_IG2WXhCX|(<xHjugURdb=L2`M8=gszxql&34VY%
zJl<G1IN0{@)#yXi4UTBIQa$H!MOvBJZ7l~(vN^OBi;88^{w~kw*))_!dM{r5y<MW1
z<-v5if;8Frs!NHHy7F{-e$SEiq0Hq>t^QL%Dp^L-O3EItB#v>6!!#+RrbReiSEjTu
zTW`3@EN7AVGJhRchh5(6e%v#JSn4R-<PV=5yR>|14DDm@QQc_6`W~pF)JOX6o9W!|
zJ+~+b(zA{Sw=BD)58}dE2ui;~oI^fMwlLEtRxdp7v+KQc(397M_JLA!_*q`bv7e=+
z@&81SWM#}ot>bnZ^Ga7h4!9vY{0EWO1?xw;U+nXu3x?EkIQu^q&zBdZ1=1L_k@FUY
zX_7~zn{nc=-zZU2enPxW%l;jb^4fJ)wkY<s<p(uU*o|um{J9LfgRecrHr~r-BxpD@
z724LmxeOMw3woIQrn&_+D?g2_dsCdQjAmeG<J7s^z00TwJ;o?VZ*niNj4?^QW)26v
z*nWoRpDY!#5L#%{Gk?VtvjvO7XQQ;D)NFW?H<G_QUPmv(zpJ+<nei=^*;Vi*2T7{`
z7sVmxNd;u>!||My%-iF6QHu3~_SP`u0ZQ*tT>U(~^8wY}4a&gsi(Y+Xx$i@$NZ+PJ
z?59*P6%)0lvk73{cIiG=f<&%Fgv!YN;E+|_@ZnQ?5rDq!lK5@uaACSo+=0nRJxsRY
zRVl4O(&MBja!S?D<>?k0>mJQ2CQ@pLy;$0n*IB&XqDc2S?(PsRK4(*~C}Y&fU`Z7*
z1M3G#&y9UF{)hKNkDkD2wXYQ`7+kgCq4N6i8@;D26na6^0HbHfL&7F~qbRJGCjH~R
z-pip%uUdagJq4cWeTCehS(kuG#vasol57@fR!mCbJ*oqSBvmds73~DPWl^EQQ>yE=
zo5&YbO{atg?*}$>4iQdsF0`m{UalABCkyQn^K{;my`<m$<LY;s3wjQM?UvkqCEN|h
z_goIc(ocN}0#h)S6}Fm%dVJ7dA6+i)&&2B8kMMrA|DoKRaxGSTs(}aWt425=!4vhW
zD6p1L=Kbv31TS8_U*AK7nou6_Y1p7)KCfx?%`&TwaUl&hRc7C-6mYdrGn=&8z!A+`
ze)!{Ix;bqb1EX8{F5N`K3|}36gBd3T^sm~G(JA!kdQJypayMlemjn}jyjuzp__0v<
z&?j|)K0e=)^4blOK~eWfx4h>S6klo3x-L28Ov}Vi?p#O_`?j24$VKK<(~i!pB`x7W
z)LZKD-Amolo#yGyqDEh2JuP#1Rpeig=`gCxQ6dF9l0h*jIHns>Q9BvFK6x@;`&g>B
zW!@2%7O}-xgK1Yo-}rLbe1fO3mn?y@2aCU1)Ds&cHKL`fo9aS1nu)U3R!ie3FBn&q
zib2oHG1~8~a#uE7TW?Ps_bhMFVFl7n;T@Z#kBB>=Txf6nQ}Iuxyk#4|M)Acwc6?+S
zibZdI?wxBtX^fEKFTHY~(TDT>18l9P2E`Jau@B{w6b$Lk$IsJZQulO?{l<6WAF~py
z$!E2zk*2YHeND+k{Z;k@v*~N&!iKK;nrrdx^+y84S6$2I-Zh8m^_N*^7EV-mT2n$&
z3w#8s;Qrcs^q+Yc4~hx-<BDk+`10wZAp0!F^erO;9gg)GO%E?(mrnWX4!_-!Xj|bI
z99`+{rr*an{yIHcF}r#??2dr^Ui7<`>lOyx-=!eYNVh2O3s7Gm$D8tPJdRticHFv-
zCR*4;7~ZN|*X99re9oHr+7O!D`TeQ<-tc}?5G}g0(E;B{u&7KSSL{jbwJ2r5?XLFL
zm)4i13?2^3U7hFEU1D{_uhBWmtcxrP<O)6R&n!~GF!L-tg87!~U&@MEv%Y(J{A!O)
zawzV*ck0v0qtvz2#9Rl7cCjJD%Ay+&>fTg-ENL4&+<Kq4F+P1wM}DcwcyTS_<IdLo
z6mpi7u~O`nc`sB&iTBi}FMgqv+7f<Qzrd^Wj$S5s6Em<?rJ6!Q1l0wlo4>3E<gDQt
zqp@AO_89f{k6U}PnKwOdR$-VJiW=$X#uC5O+g|%V@qyJ)<IwKf*at=%Ro%H43ZPDg
z$eFukA7w2t3w$va?~l7`9;NCw7+=fE+q*=@y*nQqiTtWHw^}72&@LC@5&hC4pxt+o
zMef_Z{GX);E^kU(0(P>W4hV}SA_v|mg=g2X*=R9hrq;NOMx)ZFoX3jM%2OV%-RQIA
zb!<Q%57CLrV|8;63%3R1E>6)Z`p~z4R}2)kuB|SLv5<!O4lt42%*S)Bk$v&hD6g-@
z-n(b}A$)8zN3<qJI7ggtq}zr#uWw4bq@BQCoPXGQIb248`c~`HClUro&w`O4#n6L=
zE*<}TOm4#UC?UiuT(CR9-==DfHEwK0v4&BPjDsHDu9NjfrQLEj-b+<U%r+~}YSzv<
zW2;7Ou6R3PQl{O$SSi9nWlLOAWn=xo>dk=s@@zjU*6>(Sazoxz&~@OM6Z_UlVlCXR
z78Eo`DMG&LA<kX=jl0<6){_`7OITfmhm2(gCSu^JYqwLNJVTZ94Wk~yH=2XC4nrdP
z+q^W@Z#C*o=pKB1qOLPT`-_kHZ2?hMy3yv7Z*g^`V{YN646LqXY9DL;Lcd&W-uHD~
zn-RD@=q!99`)dFB@-NH88n?sOqQ~J+v^{fP2^tiN*@mS*dlvs%w|n}xWVws-jrXit
zi6g-nuALRd+UK3aaYU14$MhrjrzT0W#YtiQPv$f>Pmjn8f^_F{HY{m`KHc;4IR*>n
zsX}TZHM;#+z#|$IxlYuix0gX|!9#k_zpmS(fAIG3Nh)UExo_87Qeqd$JmF>TbIFb2
z(Jp@y8w-h)XauYSZ{_(96Z^cVqHm2FX`8+qm``b&HC=eulrldw-?5J_4q6DQ88RE&
zW}5S`iEuZ4+M@P`d7!8rttAmp5CC@I_|B!}X8446dcLot>6s~LgP-zYh`7Ly``!A-
zYcnr|o_IFc>0Eboetmm;_$vRttIJWcp(2Z5@&N<6na<^a#l>~sjA~~?_nYY|P0y}K
zq)uRpVRXVFAK*7?5=PUfWJEgHbJg7~uX1bA-?^LqKoKp%&WH}DB6OqB&w=#R{T?w{
zA-J0(z@@L_Y0pPV7)@%q(4-Q7TGTj_$sl%t%YWGT=DKy>#GVN8dbv*PZ*rNE--3bb
z_A^C-jNg_n#w6TOXSRR#6RRYckUhXnzV@pY!zSlOx3=UpF<LDg>*p8lCRh<GG@nI>
zSCj5(J}F?Hqc)tf_KSJtqczO{akI!`!<stJlE~4;^|jO2VMB4XR1He%M1wTiyM#f?
zo8+M}8G&&b&mZw_T2PvQ8W@>{4>=w8+m1b;$4<~ak9L0|LN`Cz!R+@mjXEoPvMa|+
z5+js;fwB3trZW8^W%D(jF*;^<b5HWqNAhJyKZLMv&4%}GV6vMk*>m*C#=5zxj+VDy
zhgd5%54!HA86P#gST_18%#?{w);#Gq8P27_<}&|4J#q5pVM97nPhlojHE4c(-Re#^
z%qBpa{<@^^;!dcuB8gDP^4zrZ&oJV3^;dW1mhKXnYTZ+VdpZ=_&16sCsCd`+lRq9=
z`$Iw7IKh0+p;9<ny>&`hJ^r{{w`k`9o_NLMD3kFlro2k!2cN*V%pKk;_<gCWA7W>H
zMcPVBJXm2tzkRauo1shN<)7Vt;}<+q5LCFf>kD2j5p-PDT;t+U?>*K@+C9DS%4^+f
z3%jdfvV2$UZZaw~Dp^;$sRi%cU4v_5L{7<*ot_l_A%q<D&+VXS6cjtKiYHa;UjibM
zz#3l$k>Ddm5J;^3We^<Oz6y%Oa?*gfYCYFL2_Wp!6%eErwE?Qa!_Lxz?$qu{gUopu
z5Qu+nE){_y&VH+Q_QyaZPz2V+2~>|IzYg%LJA)SSu(B)wzojdP5)a$L0`Om2!&BqI
zUcUt*CV)a<A}}ofEkJA9Wl#im?-q!=R+R?y3=f+x1%hB{X+fRXRB4b&Z5IN(!$6Px
zTPX?!5&54^B-ZR2hzEP94t|E^aRwAOXn-y7uy9vEgsLX^1=igS(2J%6T_VE1%L9>s
zg@s|*zC1u{*fmfnHas6-fnNtv;bFy#02U7xkUEy71YmI`1D~?vp|CCxFfH)$hn7+Z
zI2Nn12C!H_!P9tH!VM54{~jEShh5zSndDz*1ziJ3S#E)7vGl~?8(6bjpcL#FF_^2C
zNfH!|ht(nlL$H%lpcX6*8Td}^pc`ltfpvy}iLsq|APQ^<1mO9d2RK6v3h<QXgW^Eg
zn{Y6s7I>mZB_8%30&H5VxCN@G$2O>gNx(2P3frj;hGT<B!Pl{OiNPM&WDS7vkQi)$
zhh^3TlmTZFv8$S3lrcgWm^3XRc^C^60s9k#vp|La0uccC7Xgw5iuwygu|Sc35eNg|
zUsw?qsK_5!5+QjsKn%nBX@PgJe%fF|3Ko&G=Z9&r{6&CW&;}dvu%OTW4oZs!{f7V&
z^x0#9fg|)EA5aM7uTLm8UJoo$o1_EgCZUF$tynD<DCAF8C=~t2SuBYeIFJN#wibYs
zP?0}bM$NzwJUrn)DWuK8fppM63<N07{<i9j@=p$Iq#0NV%WeUFgmu&gU&2;efT>yk
zunN%hr&&<QUv@$NvJ3i`T^yF+r^Ey>2vShEw%HMEjt7E@)N(n42?;I<!yyo11O$RY
z0-rE!Y%nkh2JYZSYMe8*4545#d~D-$a6C3X5-f~;oCZ$85=DW<v3il<n^;T~SPa`A
z2^Pifok22D0M0QQfEvyYzn(#`XaHv%13-mm(C`_=5(7XAu>gdP0eIh@LFBOj1djtw
z1jPbxMQ6~jGl(@FIO`GzoW;fidY8^1@&o`fi3iRGCje*1;sM;z8Kj&5K=%`Y6HRA_
zD`yZY5rFO{0dJ*ehZAQIXA%IZCIe7f62Q@N22m%2(OBUpfaLHq=+zSdcajXyai#!o
z?oYrxfCI5HDPR@s>Ju>cpPt3yV}WDyGl~c-z%X?N{XT;<uz+B%rvTJ`27P}DoDe-b
zyqgL@ub%?A@l-$=cPdx}Tl5TgyB!H8z&=j}i{Zhr=4WP6KLe74S{mT@g=gS&EK@od
zl~M*K#IEIlgRrCN0DdD6?1z2)0$|R}2is$j8367NF?#9X0PI2r81?5N#S5?}_U%jH
zu;B&3;hYK3Ic9*pu&h}CFXKya7WQoxVB4>k;0IXaY=AB|6YP&Y$Oh;Pv%uEavYfv~
z9b|zmu+F)_VL~?84ojB@kU(<47;N1cl$#5_k9Eig&Z^~s9coDmz@ucua2OH>hl(KJ
z*rh74C<rBtWvd2rVMKtCIeW1<vyhy9!hkSE1B>|V^*0W{qR&F=zc?fk4TSB#aR4vk
zEL{JMgFuj|v$*;%P8bCP0ta|u{!s!jqfkH;;SwUw;m~MYB>=Ao3Rek`BcQmvP#E+q
zgZxhi=4`}h2po5GP#Em&p@#n>1Ry9v7>Pp%@WK!{9z3HH{&RHy3=RSn7CB2!|CR^v
zA`loHfoFs;To=M12-ttD{=;Y#40oCUIwY>qFgOI)7(lTw8c1ztFU&u43@nbbq<Z%H
z9}X!j@)zOXIDi?A!W|t9DRORoz(nBxbv0l#3<AZO;xqq?AkMiO4u!*UM+}3&aYq6H
z=uo&Lh9e+QTvr1LSOnLr03BQygEL|{N*IDe2v{wAUI|JVcS_F8!&Q8SgX749LJ+8b
z7B%LtuscJZmDPW{9|}Pt&+5y+aey&sVVr3?qr)`@3K2%balCMbJ1fWkmWKhBIaC<O
zg+Spu7w-TS5{)Ae;DzI^et-@I#ZdwU7AEf00lY}K2n#U(!0YeD1rP$o@V^#9VQ?gF
zLIRkDQ9zOYFE6kZa6Je^q7XO{2CQ?m$Uk1i{FU|KXOaA0fiO4>elF1fSrmFsAPj};
zYJgYxtoQu4fdEcK7{_QB1`b1?R}6<jai#<Y2du&I41j|p{u#;N1A!w@=M01c%{s0z
zaA62A;6METxBCHsBDkRl;LwP3iV+YbZg|2Ge>8*t9Wju%aMuhRfjH}{{-VSDS#*G9
z1jls^Fp#r85=Wpg?qY=jJ`g!)%vn!`%Zr4<&KYwH2}7Jyj09HPIp*^#7!FiGY~~yA
zWz6{{ffRxNZ;*eD5s062<3T~rj|T-kKOPhuH^IW-D8ygm`BxEzqfkIp;W!N?f;=~a
z!Vtu{B_<360WPmFT;x12@@#APzlk|Z;&5T%|A#>Id4VF3^Xpv%s6GD{cqUH-nAUSR
z)Y&HEe~SO069Izg91?xrYBcn`XV7rmA_~Mj;=KFOK$DKE11<8m(f<@tfEj(RMF7eX
z1lK?W1cp-xAut34ajsw@fSm#Elpr7?I6;L0n1MadIVC_7bB-AbOcc&Y5Ws#7*VRBU
zpDR5GDEeGl0!lXojZ;Kn2q0CR69_|`OMY;mrr<;g5TYpD_5zB4qRw*Fzvul72m3qE
z{Zm8{K=X<#5D1cUB?SQodJ!CfNH`idJpdI7{ZFO-yHFzmcj4&302mY!XT(sTc;n^;
zC<>@~IPM2<2wb-UIN*8(j)A}>4BQ0_1)?1W$1S43#u9f`LjfFao&#_&+;#xK0htCz
zF^~d;aYhVGobdk=++RiX40&E4ko9m94N$w!C0zgqtaTj4B1n|*e-aJQg9Es;O9B5`
z3&17@eQu6LP{4%Z5Q?DwW%Zv0^Q;NS4aGCuIbJm4kAnFh#lX<cdL1epBpi)RXaUn;
zaMS~>8xZ#YH3`7MfEoPHcmSNpxyA!%5YPS@>ED`QP?X5I%mU#4*73iz1O)TB@(N7#
z*%g-m3jAkZ_D@R&bXvma%GOyUk88|XoBUrKkd}ZK9B1|c6yjXXgTYYevOSQz&TTNy
zS{_`lo)tozRRU;5i@<Ty5|Eev-uC>{@c_HGv+F|t@d6A1tS4L?67bhK9P*s|fr$Di
z1pZD-Fc=bjt|tR}M%+{dIN^LF2@{6=Bk=DnI!qXTeoD?F^1lWGy}j^18@>OHSmclE
zcmEwR&>-M2!+>TLch>{V2ynUTze)fcT=+chESLVbw+CthuuI2b2C~w>n!&&NBw!uk
z&L_|ipNkSWPy^1%11iP;rt`0s7y<Ydmk<FH7C~VpI>3?`8EI)C-jH$tCj=n^gGj+-
zpb%LE9LVS}Iazsm2@<jYFA0kYiIA*|rHq}m<vn*#Cl;Zz=@mxG%Ohlgh7}Mdhm@5;
qLZ#qnIXPKbX=xaVganDZhxvUEZ>sy&HY8_D69psT<doBpC;2}QTCNBH


From b994c1a358f2637baa8a96226a7c433f2817594c Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 4 Apr 2021 15:32:25 -0400
Subject: [PATCH 757/812] Some documentation notes from @jeremiahjstacey on the
 (relatively) new logging design.

---
 documentation/LoggerDesignAndTesting.md | 27 +++++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 documentation/LoggerDesignAndTesting.md

diff --git a/documentation/LoggerDesignAndTesting.md b/documentation/LoggerDesignAndTesting.md
new file mode 100644
index 000000000..259488a65
--- /dev/null
+++ b/documentation/LoggerDesignAndTesting.md
@@ -0,0 +1,27 @@
+(Gleaned from an email from Jeremiah J. Stacey to Kevin W. Wall on 2021-03-21.  Some minor alterations were made for contextual understanding by Kevin Wall because the original email thread was not included.)
+
+The testing (for SLF4J logging at least) is tested with Mockito and Powermock.  For the SLF4J logging, the tests are in Slf4JLoggerTest.  It uses mocks to assert that the slf4j logging implementation gets the data we expect in the calls we support.
+
+I was very deliberate in the breakout of the classes to isolate specific functionality to enable this type of testing.  At a high level, there are four classes that make up the logging structure.
+I tried to encapsulate a subset of functionality into each one:
+
+**LogFactory** - Constructs Loggers to be used by clients.  Responsible for building the LogBridge and the LevelHandler.
+
+**Logger** - The ESAPI interface implementation which uses the LogBridge and a delegate Logger to forward events to the underlying log implementation.
+
+**LogBridge** - Logical handler for determining the delegate handler for a known ESAPI log event, and forwarding the Log event to that handler.  Also responsible for prefixing the client/server info content and applying the newline replacement behavior.
+
+**LogLevelHander** - This is actually where the log event gets sent to SLF4J!  The Handler enumeration is assembled as part of a map in the static block of the LogFactory, and is used by the LogBridge to route a log event at a defined ESAPI log level to the correct API of the delegate Logger.
+
+
+The general workflow is:
+
+    LogFactory static block creates the LogPrefixAppender, LogScrubber, and LogBridge.
+
+    LogFactory.getLogger(...)  Creates Logger with the delegate slf4j logger implementation and the LogBridge.
+
+    Logger.info/warn/etc(message) -> forwards to LogBridgelog(logger, esapiLevel, type, message) -> forwards to LogHandler.log(...) -> forwards to slf4j Logger implementation with appropriate level and composed message.
+
+So each of the tests for each of the classes verifies data in -> data out based on the Logging API.  The structure for JUL, Log4J, and SLF4J are almost identical.  There are a few differences in the interaction with the underlying Logger interactions and expectations.  As a result, the tests are also almost full duplications (again accounting for differences in the underlying logging API).
+
+-J

From 774383db9e1b429bf4553c541f838ffa47b87d1c Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 4 Apr 2021 15:34:53 -0400
Subject: [PATCH 758/812] Assistance to create ESAPI release notes.

---
 scripts/createVarsFile.sh                     |  47 +++++
 ...esapi4java-core-TEMPLATE-release-notes.txt | 182 ++++++++++++++++++
 scripts/newReleaseNotes.sh                    |  39 ++++
 scripts/vars.2.2.3.0                          |  13 ++
 scripts/vars.template                         |  13 ++
 5 files changed, 294 insertions(+)
 create mode 100755 scripts/createVarsFile.sh
 create mode 100644 scripts/esapi4java-core-TEMPLATE-release-notes.txt
 create mode 100755 scripts/newReleaseNotes.sh
 create mode 100644 scripts/vars.2.2.3.0
 create mode 100644 scripts/vars.template

diff --git a/scripts/createVarsFile.sh b/scripts/createVarsFile.sh
new file mode 100755
index 000000000..ad19a5747
--- /dev/null
+++ b/scripts/createVarsFile.sh
@@ -0,0 +1,47 @@
+#!/bin/bash
+# Purpose: Answer some questions and provide a new 'vars.<version>' from 'vars.template' to use for creating release notes.
+
+prog="${0##*/}"
+
+function iprompt    # prompt_message
+{
+    typeset ANS
+    read -p "$@ (y|n): " ANS
+    case "$ANS" in
+    [Yy]|[Yy][Ee][Ss])  return 0    ;;
+    *)  return 1    ;;
+    esac
+}
+
+read -p "Enter release # for NEW ESAPI version you are doing release notes for: " VERSION
+if [[ -f "vars.$VERSION" ]]
+then
+    iprompt "File 'vars.$VERSION' already exists. Continuing will overwrite it.  Continue?" || exit 1
+fi
+
+
+read -p "Enter release # for the PREVIOUS ESAPI version: " PREV_VERSION
+read -p "Enter (planned) release date of NEW / current version you are preparing in YYYY-MM-DD format: " YYYY_MM_DD_RELEASE_DATE
+read -p "Enter release date of PREVIOUS ESAPI version in YYYY-MM-DD format: " PREV_RELEASE_DATE
+
+echo You entered:
+echo =================================================
+echo VERSION=$VERSION
+echo PREV_VERSION=$PREV_VERSION
+echo YYYY_MM_DD_RELEASE_DATE=$YYYY_MM_DD_RELEASE_DATE
+echo PREV_RELEASE_DATE=$PREV_RELEASE_DATE
+echo =================================================
+echo
+
+if iprompt "Are ALL your previous answers correct?"
+then
+    # Create the new    vars.${VERSION} file based on vars.template
+    sed -e "s/^VERSION/VERSION=$VERSION/" \
+        -e "s/^PREV_VERSION/PREV_VERSION=$PREV_VERSION/" \
+        -e "s/^YYYY_MM_DD_RELEASE_DATE/YYYY_MM_DD_RELEASE_DATE=$YYYY_MM_DD_RELEASE_DATE/" \
+        -e "s/^PREV_RELEASE_DATE/PREV_RELEASE_DATE=$PREV_RELEASE_DATE/" \
+                vars.template > "vars.$VERSION"
+else
+    echo "$prog: Aborting. Rerun the script to correct your answers." >&2
+    exit 1
+fi
diff --git a/scripts/esapi4java-core-TEMPLATE-release-notes.txt b/scripts/esapi4java-core-TEMPLATE-release-notes.txt
new file mode 100644
index 000000000..6205b9d68
--- /dev/null
+++ b/scripts/esapi4java-core-TEMPLATE-release-notes.txt
@@ -0,0 +1,182 @@
+@@@@ IMPORTANT: Be sure to 1) save in DOS text format, and 2) Delete this line and others starting with @@@@
+@@@             Edit with       :set tw=0
+@@@@            Meant to be used with   scripts/newReleaseNotes.sh and the 'vars.*' scripts there.
+Release notes for ESAPI ${VERSION}
+    Release date: ${YYYY_MM_DD_RELEASE_DATE}
+    Project leaders:
+        -Kevin W. Wall <kevin.w.wall@gmail.com>
+        -Matt Seil <matt.seil@owasp.org>
+
+Previous release: ESAPI ${PREV_VERSION}, ${PREV_RELEASE_DATE}
+
+
+Executive Summary: Important Things to Note for this Release
+------------------------------------------------------------
+@@@@ View previous release notes to see examples of what to put here. This is typical. YMMV.
+This is a patch release with the primary intent of updating some dependencies, some with known vulnerabilities. Details follow.
+
+For those of you using a Software Configuration Analysis (SCA) services such as Snyk, BlackDuck, Veracode SourceClear, OWASP Dependency Check, etc., you might notice that there is vulnerability in xerces:xercesImpl:2.12.0 that ESAPI uses (also a transitive dependency) that is similar to CVE-2020-14621. Unfortunately there is no official patch for this in the regular Maven Central repository. Further details are described in Security Bulletin #3, which is viewable here
+   https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin3.pdf 
+and associated with this release on GitHub. Manual workarounds possible. See the security bulletin for further details.
+
+
+=================================================================================================================
+
+Basic ESAPI facts
+-----------------
+
+ESAPI ${PREV_VERSION} release:
+@@@@ Look up the figures from the previous release notes.
+    #### Java source files
+    #### JUnit tests in #### Java test files
+
+ESAPI ${version} release:
+@@@@ Count them and run 'mvn test' to get the # of tests.
+    #### Java source files
+    #### JUnit tests in #### Java source files
+
+XXX GitHub Issues closed in this release, including those we've decided not to fix (marked '(wontfix)').
+(Reference: https://github.com/ESAPI/esapi-java-legacy/issues?q=is%3Aissue+state%3Aclosed+updated%3A%3E%3D${PREV_RELEASE_DATE})
+
+Issue #         GitHub Issue Title
+----------------------------------------------------------------------------------------------
+@@@@ Capture issue #s and 1 line desription from above GitHub url
+@@@@ Insert here and massage until it looks pretty. Recommend alignment with spaces instead of tabs.
+
+-----------------------------------------------------------------------------
+
+        Changes Requiring Special Attention
+
+-----------------------------------------------------------------------------
+@@@@ NOTE any special notes here. Probably leave this one, but I would suggest noting additions BEFORE this.
+[If you have already successfully been using ESAPI 2.2.1.0 or later, you probably can skip this section.]
+
+Since ESAPI 2.2.1.0, the new default ESAPI logger is JUL (java.util.logging packages) and we have deprecated the use of Log4J 1.x because we now support SLF4J and Log4J 1.x is way past its end-of-life. We did not want to make SLF4J the default logger (at least not yet) as we did not want to have the default ESAPI use require additional dependencies. However, SLF4J is likely to be the future choice, at least once we start on ESAPI 3.0. A special shout-out to Jeremiah Stacey for making this possible by re-factoring much of the ESAPI logger code. Note, the straw that broke the proverbial camel's back was the announcement of CVE-2019-17571 (rated Critical), for which there is no fix available and likely will never be.
+
+However, if you try to juse the new ESAPI 2.2.1.0 or later logging you will notice that you need to change ESAPI.Logger and also possibly provide some other properties as well to get the logging behavior that you desire.
+
+To use ESAPI logging in ESAPI 2.2.1.0 (and later), you will need to set the ESAPI.Logger property to
+
+    org.owasp.esapi.logging.java.JavaLogFactory     - To use the new default, java.util.logging (JUL)
+    org.owasp.esapi.logging.log4j.Log4JLogFactory   - To use the end-of-life Log4J 1.x logger
+    org.owasp.esapi.logging.slf4j.Slf4JLogFactory   - To use the new (to release 2.2.0.0) SLF4J logger
+
+In addition, if you wish to use JUL for logging, you *MUST* supply an "esapi-java-logging.properties" file in your classpath. This file is included in the 'esapi-2.2.2.0-configuration.jar' file provided under the 'Assets' section of the GitHub Release at
+    https://github.com/ESAPI/esapi-java-legacy/releases/esapi-2.2.2.0
+
+Unfortunately, there was a logic error in the static initializer of JavaLogFactory (now fixed in this release) that caused a NullPointerException to be thrown so that the message about the missing "esapi-java-logging.properties" file was never seen.
+
+If you are using JavaLogFactory, you will also want to ensure that you have the following ESAPI logging properties set:
+    # Set the application name if these logs are combined with other applications
+    Logger.ApplicationName=ExampleApplication
+    # If you use an HTML log viewer that does not properly HTML escape log data, you can set LogEncodingRequired to true
+    Logger.LogEncodingRequired=false
+    # Determines whether ESAPI should log the application name. This might be clutter in some single-server/single-app environments.
+    Logger.LogApplicationName=true
+    # Determines whether ESAPI should log the server IP and port. This might be clutter in some single-server environments.
+    Logger.LogServerIP=true
+    # LogFileName, the name of the logging file. Provide a full directory path (e.g., C:\\ESAPI\\ESAPI_logging_file) if you
+    # want to place it in a specific directory.
+    Logger.LogFileName=ESAPI_logging_file
+    # MaxLogFileSize, the max size (in bytes) of a single log file before it cuts over to a new one (default is 10,000,000)
+    Logger.MaxLogFileSize=10000000
+    # Determines whether ESAPI should log the user info.
+    Logger.UserInfo=true
+    # Determines whether ESAPI should log the session id and client IP.
+    Logger.ClientInfo=true
+
+See GitHub issue #560 for additional details.
+
+
+Related to that aforemented Log4J 1.x CVE and how it affects ESAPI, be sure to read
+   https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin2.pdf 
+which describes CVE-2019-17571, a deserialization vulnerability in Log4J 1.2.17. ESAPI is *NOT* affected by this (even if you chose to use Log4J 1 as you default ESAPI logger). This security bulletin describes why this CVE is not exploitable as used by ESAPI.
+
+
+Finally, while ESAPI still supports JDK 7 (even though that too is way past end-of-life), the next ESAPI release will move to JDK 8 as the minimal baseline. (We already use Java 8 for development but still to Java 7 source and runtime compatibility.) We need to do this out of necessity because some of our dependencies are no longer doing updates that support Java 7.
+
+-----------------------------------------------------------------------------
+
+        Remaining Known Issues / Problems
+
+-----------------------------------------------------------------------------
+If you use Java 7 (the minimal Java baseline supported by ESAPI) and try to run 'mvn test' there is one test that fails. This test passes with Java 8. The failing test is:
+
+        [ERROR] Tests run: 5, Failures: 1, Errors: 0, Skipped: 0, Time elapsed: 0.203 s
+        <<< FAILURE! - in org.owasp.esapi.crypto.SecurityProviderLoaderTest
+        [ERROR] org.owasp.esapi.crypto.SecurityProviderLoaderTest.testWithBouncyCastle
+        Time elapsed: 0.116 s <<< FAILURE!
+        java.lang.AssertionError: Encryption w/ Bouncy Castle failed with
+        EncryptionException for preferred cipher transformation; exception was:
+        org.owasp.esapi.errors.EncryptionException: Encryption failure (unavailable
+        cipher requested)
+        at
+        org.owasp.esapi.crypto.SecurityProviderLoaderTest.testWithBouncyCastle(Security
+        ProviderLoaderTest.java:133)
+
+I will spare you all the details and tell you that this has to do with Java 7 not being able to correctly parse the signed Bouncy Castle JCE provider jar. More details are available at:
+    https://www.bouncycastle.org/latest_releases.html
+and
+    https://github.com/bcgit/bc-java/issues/477
+I am sure that there are ways of making Bouncy Castle work with Java 7, but since ESAPI does not rely on Bouncy Castle (it can use any compliant JCE provider), this should not be a problem. (It works fine with the default SunJCE provider.) If it is important to get the BC provider working with the ESAPI Encryptor and Java 7, then open a GitHub issue and we will take a deeper look at it and see if we can suggest something.
+
+
+
+Another problem is if you run 'mvn test' from the 'cmd' prompt (and possibly PowerShell as well), you will get intermittent failures (generally between 10-25% of the time) at arbitrary spots. If you run it again without any changes it will work fine without any failures. We have discovered that it doesn't seem to fail if you run the tests from an IDE like Eclipse or if you redirect both stdout and stderr to a file; e.g.,
+
+    C:\code\esapi-java-legacy> mvn test >testoutput.txt 2>&1
+
+We believe these failures is because the maven-surefire-plugin is by default not forking a new JVM process for each test class. We are looking into this. For now, we have only have observed this behavior on Windows 10. If you see this error, please do NOT report it as a GitHub issue unless you know a fix for it. (And yes, we are aware of '<reuseForks>false</reuseForks>' in the pom for the maven-surefire-plugin, but that causes other tests to fail that we haven't had time to fix.)
+
+
+Lastly, some SCA services may continue to flag vulnerabilties in ESAPI ${VERSION} related to log4j 1.2.17 (e.g., CVE-2020-9488). We do not believe the way that ESAPI uses log4j in a manner that leads to any exploitable behavior.  See the security bulletins
+   https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin2.pdf 
+for additional details.
+
+-----------------------------------------------------------------------------
+
+        Other changes in this release, some of which not tracked via GitHub issues
+
+-----------------------------------------------------------------------------
+
+* Minor updates to README.md file
+
+-----------------------------------------------------------------------------
+
+Developer Activity Report (Changes between release ${PREV_VERSION} and ${VERSION}, i.e., between ${PREV_RELEASE_DATE} and ${YYYY_MM_DD_RELEASE_DATE})
+Generated manually (this time) -- all errors are the fault of kwwall and his inability to do simple arithmetic.
+
+Developer       Total       Total Number        # Merged
+(GitHub ID)     commits   of Files Changed        PRs
+========================================================
+jeremiahjstacey  8              6               1
+dependabot       1              1               1
+kwwall           7              8               0
+========================================================
+                                    Total PRs:  2
+
+There were also several snyk-bot PRs that were rejected for various reasons, mostly because 1) I was already making the proposed changes and preferred to do them in single commit or 2) there were other reasons for rejecting them (such as the dependency requiring Java 8). The proposed changes that were not outright rejected were included as part of commit a8a79bc5196653500ce664b7b063284e60bddaa0.
+
+-----------------------------------------------------------------------------
+
+CHANGELOG:      Create your own. May I suggest:
+
+        git log --stat --since=${PREV_RELEASE_DATE} --reverse --pretty=medium
+
+    which will show all the commits since just after the previous (${PREV_VERSION}) release.
+
+-----------------------------------------------------------------------------
+
+Direct and Transitive Runtime and Test Dependencies:
+
+        $ mvn dependency:tree
+@@@@ Include output from 'mvn dependency:tree' here
+
+-----------------------------------------------------------------------------
+
+Acknowledgments:
+    Another hat tip to Dave Wichers for promptly releasing AntiSamy 1.6.1.  And thanks to Matt Seil, Jeremiah Stacey, and all the ESAPI users who make this worthwhile. This is for you.
+
+A special thanks to the ESAPI community from the ESAPI project co-leaders:
+    Kevin W. Wall (kwwall) <== The irresponsible party for these release notes!
+    Matt Seil (xeno6696)
diff --git a/scripts/newReleaseNotes.sh b/scripts/newReleaseNotes.sh
new file mode 100755
index 000000000..7e93da5d7
--- /dev/null
+++ b/scripts/newReleaseNotes.sh
@@ -0,0 +1,39 @@
+#!/bin/bash
+# Purpose: Provide an assistance towards writing new ESAPI release notes. Still a lot of manual editing though.
+#
+# Usage: ./newReleaseNotes.sh new_esapi_vers_#
+#        Should be run from the 'scripts' directory.
+
+prog=${0##*/}
+template="esapi4java-core-TEMPLATE-release-notes.txt"
+
+newVers=${1?Missing new ESAPI version number}
+
+if [[ -r vars.${newVers} ]]
+then    source vars.${newVers}
+else    echo "$prog: Can't find vars.${newVers} to source. Did you forget to create it based on vars.template?" >&2
+        echo "      Execute './createVarsFile.sh' from the 'scripts' directory to create vars.${newVers}." >&2
+        exit 1
+fi
+
+hereDocBanner="__________@@@@@___@@@@@__________"
+tmpfile="/tmp/relNotes.$$"
+trap "rm $tmpfile" EXIT
+
+if [[ -r $template ]]
+then
+        echo "#!/bin/bash"  > $tmpfile
+        echo "source vars.${newVers}" >> $tmpfile
+        echo "cat >esapi4java-core-${VERSION}-release-notes.txt <<${hereDocBanner}" >> $tmpfile
+        cat $template >> $tmpfile
+        echo "${hereDocBanner}" >> $tmpfile
+        echo "ls -l esapi4java-core-${VERSION}-release-notes.txt" >> $tmpfile
+        bash $tmpfile
+else    echo "$prog: Can't find or read release notes template file $template" >&2
+        exit 1
+fi
+
+echo
+echo "Now move the file 'esapi4java-core-${VERSION}-release-notes.txt' to the 'documenation/' directory" 
+echo "and finish editing it there. Be sure to remove all the instructional lines starting with @@@"
+echo "before committing it to GitHub."
diff --git a/scripts/vars.2.2.3.0 b/scripts/vars.2.2.3.0
new file mode 100644
index 000000000..7c43cccef
--- /dev/null
+++ b/scripts/vars.2.2.3.0
@@ -0,0 +1,13 @@
+# Do NOT edit this file directly. It will be created by the new newReleaseNotes.sh script.
+
+# ESAPI (new / current) version
+VERSION=2.2.3.0
+
+# Previous ESAPI version
+PREV_VERSION=2.2.2.0
+
+# Release date of current version in yyyy-mm-dd format
+YYYY_MM_DD_RELEASE_DATE=2021-03-23
+
+# Previous ESAPI release date in same format
+PREV_RELEASE_DATE=2021-11-27
diff --git a/scripts/vars.template b/scripts/vars.template
new file mode 100644
index 000000000..adae0e835
--- /dev/null
+++ b/scripts/vars.template
@@ -0,0 +1,13 @@
+# Do NOT edit this file directly. It will be created by the new newReleaseNotes.sh script.
+
+# ESAPI (new / current) version
+VERSION
+
+# Previous ESAPI version
+PREV_VERSION
+
+# Release date of current version in yyyy-mm-dd format
+YYYY_MM_DD_RELEASE_DATE
+
+# Previous ESAPI release date in same format
+PREV_RELEASE_DATE

From e96c38713bd953c24eb44580f4e4c1fc7058ed52 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 4 Apr 2021 15:56:39 -0400
Subject: [PATCH 759/812] Change URL from /blob/master/ to /blob/main/.

---
 .../esapi4java-core-2.0-symmetric-crypto-user-guide.html        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html b/documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html
index 2d99ee870..b0c8bf945 100644
--- a/documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html
+++ b/documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html
@@ -801,7 +801,7 @@ <H2>Acknowledgments</H2>
 KDF more in line with NIST's recommendations for KDFs as described in
 NIST Special Publication 800-108 (and specifically section 5.1). You can
 read about Jeff's review at
-<a href="https://github.com/ESAPI/esapi-java-legacy/blob/master/documentation/Analysis-of-ESAPI-2.0-KDF.pdf">
+<a href="https://github.com/ESAPI/esapi-java-legacy/blob/main/documentation/Analysis-of-ESAPI-2.0-KDF.pdf">
 Analysis of ESAPI 2.0's Key Derivation Function
 </a>
 </p>

From ab07e076df95966b657d29cbd2212c4bc5b3fbe2 Mon Sep 17 00:00:00 2001
From: Matt Seil <xeno6696@users.noreply.github.com>
Date: Mon, 19 Apr 2021 16:15:16 -0700
Subject: [PATCH 760/812] Should have the rename of master to main, and a
 foo.txt file with "delete me" to be reverted shortly. (#621)

* Signed key history for MATT SEIL begins here.

* Signed key history for MATT SEIL begins here.  Fixed email typo.

* Revert "Signed key history for MATT SEIL begins here.  Fixed email typo."

This reverts commit 87c4c4e6eda85b914f0676eac0f24034f85d9303.

* created file on main.

* Deleted foo.txt

Co-authored-by: Matt Seil <xeno6696[at]gmail.com>

From cf464bff2f490e53f98e14a4d2dddf083634fe5a Mon Sep 17 00:00:00 2001
From: Snyk bot <snyk-bot@snyk.io>
Date: Sun, 2 May 2021 23:52:08 +0300
Subject: [PATCH 761/812] fix: upgrade org.owasp.antisamy:antisamy from 1.6.2
 to 1.6.3 (#622)

Snyk has created this PR to upgrade org.owasp.antisamy:antisamy from 1.6.2 to 1.6.3.

See this package in Maven Repository:
https://mvnrepository.com/artifact/org.owasp.antisamy/antisamy/

See this project in Snyk:
https://app.snyk.io/org/planetlevel/project/f53b118f-f068-49f2-98e2-0b5681787cd7?utm_source=github&utm_medium=upgrade-pr
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 13a79fed6..693280dee 100644
--- a/pom.xml
+++ b/pom.xml
@@ -237,7 +237,7 @@
         <dependency>
             <groupId>org.owasp.antisamy</groupId>
             <artifactId>antisamy</artifactId>
-            <version>1.6.2</version>
+            <version>1.6.3</version>
         </dependency>
         <dependency>
             <groupId>org.slf4j</groupId>

From dfff610d7ac86c1e24826f837398e7443e4362c5 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Thu, 6 May 2021 01:17:22 -0400
Subject: [PATCH 762/812] Change pom grab newer version of Apache Commons IO.
 Update OWASP Dependency Check to 6.1.6.

---
 pom.xml | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 693280dee..e23941e75 100644
--- a/pom.xml
+++ b/pom.xml
@@ -238,6 +238,13 @@
             <groupId>org.owasp.antisamy</groupId>
             <artifactId>antisamy</artifactId>
             <version>1.6.3</version>
+            <exclusions>
+                <!-- excluded because we pick up much newer version -->
+                <exclusion>
+                    <groupId>commons-io</groupId>
+                    <artifactId>commons-io</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>org.slf4j</groupId>
@@ -695,7 +702,7 @@
             <plugin>
                 <groupId>org.owasp</groupId>
                 <artifactId>dependency-check-maven</artifactId>
-                <version>6.1.3</version>
+                <version>6.1.6</version>
                 <configuration>
                     <failBuildOnCVSS>1.0</failBuildOnCVSS>
                     <suppressionFiles>./suppressions.xml</suppressionFiles>

From 28721a02a213f4fecfb98fce5f1b727b82d232f0 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Thu, 6 May 2021 22:41:16 -0400
Subject: [PATCH 763/812] Excluded older version of commons-io but forgot to
 then include later version. Moral: Don't do commits when you're tired.

---
 pom.xml | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index e23941e75..a994e4179 100644
--- a/pom.xml
+++ b/pom.xml
@@ -261,8 +261,14 @@
              FORCE SPECIFIC VERSIONS OF TRANSITIVE DEPENDENCIES EXCLUDED ABOVE.
              This is to force patched versions of these libraries with known CVEs against them.
         -->
+        <dependency>
+            <groupId>commons-io</groupId>
+            <artifactId>commons-io</artifactId>
+            <!-- Note: commons-io:2.7 and later require Java 8, so can't upgrade past 2.6 -->
+            <!-- This means still possible exposure to CVE-2021-29425. -->
+            <version>2.6</version>
+        </dependency>
 
-        <!-- No forced upgrades required currently -->
 
         <!-- SpotBugs dependencies -->
         <dependency>

From c2ebafbca26f716b3d2501a86dc7efc4a4f28c05 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Fri, 7 May 2021 20:21:10 -0400
Subject: [PATCH 764/812] Changed 'mvn dependency:tree' to 'mvn -B
 dependency:tree'.

---
 scripts/esapi4java-core-TEMPLATE-release-notes.txt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/esapi4java-core-TEMPLATE-release-notes.txt b/scripts/esapi4java-core-TEMPLATE-release-notes.txt
index 6205b9d68..af4f130bc 100644
--- a/scripts/esapi4java-core-TEMPLATE-release-notes.txt
+++ b/scripts/esapi4java-core-TEMPLATE-release-notes.txt
@@ -169,8 +169,8 @@ CHANGELOG:      Create your own. May I suggest:
 
 Direct and Transitive Runtime and Test Dependencies:
 
-        $ mvn dependency:tree
-@@@@ Include output from 'mvn dependency:tree' here
+        $ mvn -B dependency:tree
+@@@@ Include output from 'mvn -B dependency:tree' here
 
 -----------------------------------------------------------------------------
 

From 23ca08c880164608d45d969ae90a2231fa4612bc Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Fri, 7 May 2021 20:22:52 -0400
Subject: [PATCH 765/812] Release notes for ESAPI 2.2.3.1 patch release.

---
 .../esapi4java-core-2.2.3.1-release-notes.txt | 165 ++++++++++++++++++
 1 file changed, 165 insertions(+)
 create mode 100644 documentation/esapi4java-core-2.2.3.1-release-notes.txt

diff --git a/documentation/esapi4java-core-2.2.3.1-release-notes.txt b/documentation/esapi4java-core-2.2.3.1-release-notes.txt
new file mode 100644
index 000000000..b76e9c695
--- /dev/null
+++ b/documentation/esapi4java-core-2.2.3.1-release-notes.txt
@@ -0,0 +1,165 @@
+Release notes for ESAPI 2.2.3.1
+    Release date: 2021-05-07
+    Project leaders:
+        -Kevin W. Wall <kevin.w.wall@gmail.com>
+        -Matt Seil <matt.seil@owasp.org>
+
+Previous release: ESAPI 2.2.3.0, 2021-03-23
+
+
+Executive Summary: Important Things to Note for this Release
+------------------------------------------------------------
+This is a very small patch release with the primary intent of updating some dependencies.
+
+Major changes:
+    * Restores Apache Commons IO from 1.3.1 (what it was in 2.2.3.0) to 2.6 (what it was in 2.2.2.0).
+    * Updates AntiSamy from 1.6.2 to 1.6.3
+
+Unless you have already updated to ESAPI 2.2.3.0 and read those release notes, you should read those release notes for additional details. You can find it at:
+    https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.2.3.0-release-notes.txt
+
+That discusses things like security bulletins and other important details that I am not going into for this release.
+
+=================================================================================================================
+
+Basic ESAPI facts
+-----------------
+
+ESAPI 2.2.3.1 release (no change since last release):
+     212 Java source files
+    4316 JUnit tests in 136 Java source files
+
+3 GitHub Issues closed in this release, including those we've decided not to fix (marked '(wontfix)').
+(Reference: https://github.com/ESAPI/esapi-java-legacy/issues?q=is%3Aissue+state%3Aclosed+updated%3A%3E%3D2021-03-23)
+
+Issue #         GitHub Issue Title
+----------------------------------------------------------------------------------------------
+614             Potentlial XXE Injection vulnerability in loading XML version of ESAPI properties file
+617             Unresolved Reference for com.ibm.uvm.tools in an OSGI Bundle
+624             Update pom.xml to use AntiSamy 1.6.3 and Apache Commons IO 2.6
+
+-----------------------------------------------------------------------------
+
+        Changes Requiring Special Attention
+
+-----------------------------------------------------------------------------
+See this section from the previous release notes at: 
+    https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.2.3.0-release-notes.txt
+
+-----------------------------------------------------------------------------
+
+        Remaining Known Issues / Problems
+
+-----------------------------------------------------------------------------
+See this section from the previous release notes at: 
+    https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.2.3.0-release-notes.txt
+
+NEW since last release (ESAPI 2.2.3.0) - CVE-2021-29425
+    https://nvd.nist.gov/vuln/detail/CVE-2021-29425
+    
+
+-----------------------------------------------------------------------------
+
+        Other changes in this release, some of which not tracked via GitHub issues
+
+None known.
+-----------------------------------------------------------------------------
+
+Developer Activity Report (Changes between release 2.2.3.0 and 2.2.3.1, i.e., between 2021-03-23 and 2021-05-07)
+Generated manually (this time) -- all errors are the fault of kwwall and his inability to do simple arithmetic.
+
+Developer       Total       Total Number        # Merged
+(GitHub ID)     commits   of Files Changed        PRs
+========================================================
+jeremiahjstacey  8              6               1
+dependabot       1              1               1
+kwwall           7              8               0
+========================================================
+                                    Total PRs:  2
+
+There were also several snyk-bot PRs that were rejected for various reasons, mostly because 1) I was already making the proposed changes and preferred to do them in single commit or 2) there were other reasons for rejecting them (such as the dependency requiring Java 8). The proposed changes that were not outright rejected were included as part of commit a8a79bc5196653500ce664b7b063284e60bddaa0.
+
+-----------------------------------------------------------------------------
+
+CHANGELOG:      Create your own. May I suggest:
+
+        git log --stat --since=2021-03-23 --reverse --pretty=medium
+
+    which will show all the commits since just after the previous (2.2.3.0) release.
+
+-----------------------------------------------------------------------------
+
+Direct and Transitive Runtime and Test Dependencies:
+
+        $ mvn dependency:tree
+        [INFO] Scanning for projects...
+        [INFO] 
+        [INFO] -----------------------< org.owasp.esapi:esapi >------------------------
+        [INFO] Building ESAPI 2.2.3.1-SNAPSHOT
+        [INFO] --------------------------------[ jar ]---------------------------------
+        [INFO] 
+        [INFO] --- maven-dependency-plugin:3.1.2:tree (default-cli) @ esapi ---
+        [INFO] org.owasp.esapi:esapi:jar:2.2.3.1-SNAPSHOT
+        [INFO] +- javax.servlet:javax.servlet-api:jar:3.0.1:provided
+        [INFO] +- javax.servlet.jsp:javax.servlet.jsp-api:jar:2.3.3:provided
+        [INFO] +- com.io7m.xom:xom:jar:1.2.10:compile
+        [INFO] +- commons-beanutils:commons-beanutils:jar:1.9.4:compile
+        [INFO] |  +- commons-logging:commons-logging:jar:1.2:compile
+        [INFO] |  \- commons-collections:commons-collections:jar:3.2.2:compile
+        [INFO] +- commons-configuration:commons-configuration:jar:1.10:compile
+        [INFO] +- commons-lang:commons-lang:jar:2.6:compile
+        [INFO] +- commons-fileupload:commons-fileupload:jar:1.3.3:compile
+        [INFO] +- log4j:log4j:jar:1.2.17:compile
+        [INFO] +- org.apache.commons:commons-collections4:jar:4.2:compile
+        [INFO] +- org.apache-extras.beanshell:bsh:jar:2.0b6:compile
+        [INFO] +- org.owasp.antisamy:antisamy:jar:1.6.3:compile
+        [INFO] |  +- net.sourceforge.nekohtml:nekohtml:jar:1.9.22:compile
+        [INFO] |  +- org.apache.httpcomponents:httpclient:jar:4.5.13:compile
+        [INFO] |  +- org.apache.httpcomponents:httpcore:jar:4.4.14:compile
+        [INFO] |  +- org.apache.xmlgraphics:batik-css:jar:1.14:compile
+        [INFO] |  |  +- org.apache.xmlgraphics:batik-shared-resources:jar:1.14:compile
+        [INFO] |  |  +- org.apache.xmlgraphics:batik-util:jar:1.14:compile
+        [INFO] |  |  |  +- org.apache.xmlgraphics:batik-constants:jar:1.14:compile
+        [INFO] |  |  |  \- org.apache.xmlgraphics:batik-i18n:jar:1.14:compile
+        [INFO] |  |  \- org.apache.xmlgraphics:xmlgraphics-commons:jar:2.6:compile
+        [INFO] |  +- org.slf4j:slf4j-simple:jar:1.7.30:compile
+        [INFO] |  +- xerces:xercesImpl:jar:2.12.1:compile
+        [INFO] |  \- xml-apis:xml-apis-ext:jar:1.3.04:compile
+        [INFO] +- org.slf4j:slf4j-api:jar:1.7.30:compile
+        [INFO] +- xml-apis:xml-apis:jar:1.4.01:compile
+        [INFO] +- commons-io:commons-io:jar:2.6:compile
+        [INFO] +- com.github.spotbugs:spotbugs-annotations:jar:4.2.2:compile (optional) 
+        [INFO] |  \- com.google.code.findbugs:jsr305:jar:3.0.2:compile (optional) 
+        [INFO] +- commons-codec:commons-codec:jar:1.15:test
+        [INFO] +- junit:junit:jar:4.13.2:test
+        [INFO] +- org.bouncycastle:bcprov-jdk15on:jar:1.68:test
+        [INFO] +- org.hamcrest:hamcrest-core:jar:1.3:test
+        [INFO] +- org.powermock:powermock-api-mockito2:jar:2.0.7:test
+        [INFO] |  \- org.powermock:powermock-api-support:jar:2.0.7:test
+        [INFO] +- org.javassist:javassist:jar:3.25.0-GA:test
+        [INFO] +- org.mockito:mockito-core:jar:2.28.2:test
+        [INFO] |  +- net.bytebuddy:byte-buddy:jar:1.9.10:test
+        [INFO] |  +- net.bytebuddy:byte-buddy-agent:jar:1.9.10:test
+        [INFO] |  \- org.objenesis:objenesis:jar:2.6:test
+        [INFO] +- org.powermock:powermock-core:jar:2.0.7:test
+        [INFO] +- org.powermock:powermock-module-junit4:jar:2.0.7:test
+        [INFO] |  \- org.powermock:powermock-module-junit4-common:jar:2.0.7:test
+        [INFO] +- org.powermock:powermock-reflect:jar:2.0.7:test
+        [INFO] \- org.openjdk.jmh:jmh-core:jar:1.28:test
+        [INFO]    +- net.sf.jopt-simple:jopt-simple:jar:4.6:test
+        [INFO]    \- org.apache.commons:commons-math3:jar:3.2:test
+        [INFO] ------------------------------------------------------------------------
+        [INFO] BUILD SUCCESS
+        [INFO] ------------------------------------------------------------------------
+        [INFO] Total time:  0.759 s
+        [INFO] Finished at: 2021-05-07T01:13:27-04:00
+        [INFO] ------------------------------------------------------------------------
+
+-----------------------------------------------------------------------------
+
+Acknowledgments:
+    Another hat tip to Dave Wichers for promptly releasing AntiSamy 1.6.2 and for the PR to fix GitHub issue #614.  And thanks to Matt Seil, Jeremiah Stacey, and all the ESAPI users who make this worthwhile. This is for you.
+
+A special thanks to the ESAPI community from the ESAPI project co-leaders:
+    Kevin W. Wall (kwwall) <== The irresponsible party for these release notes!
+    Matt Seil (xeno6696)

From 4fda358fe63475681528c66b33180f03522519d6 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Fri, 7 May 2021 20:24:20 -0400
Subject: [PATCH 766/812] New file for 2.2.3.1

---
 scripts/vars.2.2.3.1 | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 scripts/vars.2.2.3.1

diff --git a/scripts/vars.2.2.3.1 b/scripts/vars.2.2.3.1
new file mode 100644
index 000000000..284e4f7fc
--- /dev/null
+++ b/scripts/vars.2.2.3.1
@@ -0,0 +1,13 @@
+# Do NOT edit this file directly. It will be created by the new newReleaseNotes.sh script.
+
+# ESAPI (new / current) version
+VERSION=2.2.3.1
+
+# Previous ESAPI version
+PREV_VERSION=2.2.3.0
+
+# Release date of current version in yyyy-mm-dd format
+YYYY_MM_DD_RELEASE_DATE=2021-05-07
+
+# Previous ESAPI release date in same format
+PREV_RELEASE_DATE=2021-03-23

From 2c5646f873ec77780867f3f305cc19aff0eb7a8f Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Fri, 7 May 2021 20:25:47 -0400
Subject: [PATCH 767/812] Changed snapshot release version #.

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index a994e4179..b4808c13c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,7 +3,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.owasp.esapi</groupId>
     <artifactId>esapi</artifactId>
-    <version>2.2.4.0-SNAPSHOT</version>
+    <version>2.2.3.1-SNAPSHOT</version>
     <packaging>jar</packaging>
 
     <distributionManagement>

From e58fbba154fbd2553a6edba4715d8a3ab93cf0e7 Mon Sep 17 00:00:00 2001
From: "Kevin W. Wall" <kevin.w.wall@gmail.com>
Date: Fri, 7 May 2021 22:59:59 -0400
Subject: [PATCH 768/812] Update pom.xml to prep for next snapshot release.

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index b4808c13c..a994e4179 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,7 +3,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.owasp.esapi</groupId>
     <artifactId>esapi</artifactId>
-    <version>2.2.3.1-SNAPSHOT</version>
+    <version>2.2.4.0-SNAPSHOT</version>
     <packaging>jar</packaging>
 
     <distributionManagement>

From 93c889b66318d6611e989ce2a33aed5cf2e9913e Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sat, 8 May 2021 18:21:38 -0400
Subject: [PATCH 769/812] Security Bulletin 5 to discuss why CVE-2021-29425 is
 not exploitable.

---
 documentation/ESAPI-security-bulletin5.odt | Bin 0 -> 30370 bytes
 documentation/ESAPI-security-bulletin5.pdf | Bin 0 -> 125950 bytes
 2 files changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 documentation/ESAPI-security-bulletin5.odt
 create mode 100644 documentation/ESAPI-security-bulletin5.pdf

diff --git a/documentation/ESAPI-security-bulletin5.odt b/documentation/ESAPI-security-bulletin5.odt
new file mode 100644
index 0000000000000000000000000000000000000000..4fa81a659bd5c8314ac269853089d4276112bac6
GIT binary patch
literal 30370
zcmagE1CS@dvo1Quj&0kvZQC<D=5K88*q$BRwr$(CZNL5B8z<u37w4W=85x;f-Ct%^
zR&{ho_opZW3Wf><1O)^nSYN8FKg<kE0R#l}AN|(_WNT?_>g-`}YGiM3V`*&UYzeSq
zaJ4g`2N*e7I?)5{P3=qo#xAy|cFy$9rtZ#)|3|O^KPas$Y9OHhDCWOlsunJ`zwL}H
zZJZdK|I4Mfw=)k{l$U_}h5hT_C2&%bqRRj5Fc1(h5ESS?Z|BdOBM=bCm!hny7y%I#
zJsAN786^b`D;*;z7c~hVD=jY<7d@9aE0++jhzy^UsyHv3lpwdV7`KTMpOX)eq`0)S
ztdg9vwu-c<vYe8Jx~8nAg@S>DinghufwQimxsHXqsivHXj=HsxrjwC^ySav$nT4sf
zleLqVi?ykzqqUo>D=pOzALkFZ@Q)DRkCttKfqj6PZLqCbf|Yxyqh*}4XOOJykDS_%
zmh_LN`j58BkD=a=sriqk%a4=wkB7&PS73xkXo}^ZGTZnLpV)k_)OO#jUeDkk@4S&e
zZa~2<7D3+b@!l4z0=$ddV(UuEYg*>p=C->gdV5aJ!S4RS?mycu!Mh&8DX~CVxj=>K
zK=l<sjSXDsf7L@nEW!djk|V5ALfq2hObau#@}u1gl1)nzeCkSNyLy2-dP)1rfreXw
z=GuUUJ2^%grH%vK$A*CWCa}h5(N@QSR%Qs+7l2k4F=mHpj#i-0m+3DKfG_rtpHG2a
zkCDFbfWGd?R%ax)7kpO_oSskAKkqf3?`%Rt!$PAHqvHQ2M1{r0q@*Q8{!RTGky;#)
z-jI@65TDbQm75in+mxPPmR8)9Q`=emH?klzr9LRMAu_QcBfKR&BR4y*Ijf)~KeIV6
zs<|Y+^k1uLsIIN4tZ!+kEN!f=Z*MN|?CkW<=?@S4iH!eAiug(W`x9O`__uN(qjo5*
zbs?kRyCCDIyk)4Yd%mS}pt$&_tm&t@?5CsSyQ{CKqIapIf3$66seE+5V`{H`_@{IB
zu)pf>V13qbOZh-&^K4J`Y)|cRZ2a-xg6ra}tD5@0p8lcMpR2aP(Y}u5k@kz#pxv47
z{hjK)xt@o?&ac<pk&%(%$%Tpem4(US)%l6l)zy*VpV5`0iN(*Q(Vvyg{gt(!?cL4k
z-P?`*)Af_bo4$$b{>9^!(SyyE`;n3RiP`7*@#mG5-N~Qbo!$M7pQo+EyX~K=-O1Da
z^_Rn$hm*CRudTDQv*XK$n}?f=`<KUy<EP7~*N2Pm@9$;?N4S4CW`&ffkgEIol@FZz
z=CFs^`{T8zWyU6(Wiq#GW`m7{+trbWs=>u#^bxy&LQ!MPCFgqs?S!nXfm4c$nh8zH
z_+j-}1WmOpi;U$$(6-erOD~nu)jFv~B81Ecne6!pghH|%5UngENGkOTbB7uflcr(t
zO&dZ-g5+0vqeZwpdN0V|K3IRZ?l<4#jK0f{-IL!Q25{p4KQf$D1SSMT1m+$l4fOf|
zEaL0G(pZ~7%E_R@h&5CWDX^WE?C(M?$7VO~$ozRGc?1T)2~pHj7!F7@pZ_H7{#=-c
zH4=TWlVtcbtUm}*Nb#$1xqHe9K%mw3mhnBQiSGFkAt1o=7LZAoa`Dbvrd+oQ$(Vf3
zm{MoXQRZY$*K{Ai>qLF_Ipq$QYMESVsrs^zmU-;$^Kkn-`0$$XU5)iEd3fRJcn%Wi
zdP3M~y+U~A^_nU9K6=Ud`J<DA@H2tnSKo2*bYigTWAbv-)BW+Zb9TA;H5}{935rQk
zy|(n)N7i%cy{mCAN1)$18h~K8#J~OBx3lY~*6MLM*xzKb*TmRvKL)9@eKYy9G-e}5
z(7soE>9YOl;iE8Vu+j0#?S3>sptafPviBKFr}?m@z*>aSUyaa&f!}#>8T$1Y`+f9~
z^ZsXJ$NlNyrPKL>@8>Og=WA=lZO8Q@8`1aWO+moz0s+ub^6)&f)Bdr1BJkDk=k*-R
z?=mwAOP!nz-^6=2nVG2OTnK2^0??P^tJH~$h3q7x8m*YK?mGzvjp=Ijk$8;lhI166
z1@-tK535+kV9HV<W}I^A1cUq$-r!=Gckwzw0Q}6^>gnZt7gT#?cU=W<&0KvC5NvNR
zExCMD%=nZ)sO0Q)orLCe+rHRlwOnocY&5jo@H2PNUiat){+3f-GF<$B$!Fle?TocN
zYUJMASRgSNCSLH+?>kk@hu;mkxH`Hej<4UApfC#gzcb4n$=Y9Wk{|S;$A?r>bm}lU
zl!^V08SO9wYMe8dK;DuMr(kB}$fgx0Z$?&QJ$}gJ!>*PyR=hdA--a)|5Vjt}75b}p
zyxV_2)3<%6oxTq?5k-9~*SH-d?1Vr9WI5gUV7f3o)4-EQc9IYatx-0B`CIYw5lDR}
zIw6*6+w6`RL;f`3%}qTlgm!z~lGwxaw?dG3Ax!50k}x(u!D#j4hE;ozR4!Y3KTgAA
zv+Z8#zVDv)UR{zc+}}EuTIUpEe383nL1EB;FhvMx_}oL0CH(eAd^o0ens?XjrxM<*
z8h4M?SGoM=@(kpIl1B#M`2L#N&ov?XfZ@yfVfJ>I4Ksc(e1i9U@9*%#t(*XC+M9n^
zfCN6EdjHILdk=P8_XX4SFx?rU5V-D>ILy~Ldlwy;_jDQx{bd1y*MlJ_7yRCsQ8j$6
zL>-7dF7o|4)59|m#H^tW%Itg%{}q**<B!n$r;7vD2)^rRh1?g%xTY#;zX@i&E91mA
zlmWKp%i)nG=kEz&)WyS1r83_tFad*)_xHqur@YF+J7fFtH(oWU>q0aW+kWA8(?dTB
z!4QhDA!@~R=U;4w5xUOQoS;9JkmxPOu3io|Bga1-vHiQzOggIbBvB<s_})DSAx3{+
z#)V%*D1K8<^E|z}zxn?Jysa=q9S7eXOhn&Aap*rDS7|{Rywz-f^iu;iK|1W(_tNI9
z6LcoR4=D~_I?0&?f_`cdeM35tQkQzVsF-jchWlRV)_=W^@aGRNzAp{JYjzOI`}x(p
z$h465%l_8)LK|k$e1$qFR^Vmwl-u7Km<q4Dy;IfPi^fYMgQ@-)nIT3BL>QR{4nyx^
zkwQ}kL%@$nOc<|$%0T?ITA&{{Ho@`(FL7*(bNj<7x64I2pxcr#<nk5a-=73z=beYC
znuDZDinz(UKjQXGQ(r}W8Ig@3)`>ni_IVET=A;WS8AyMx=qv5}o52`JS;=j7kVW8S
zL_#TM-l<vQ{(_4RKM)yO4IgDPUebLqo&uuu4nqz(%lw*#E`vvA!RTRj67P5QzA_(Q
zy<!kbB7nyQBC*{YmgCC*W2Hf1XriI<I*e1(jToY5v=X1=+~pATrU5xTvIr}cn9@AC
z8%rdX0t@`O(^pbRhTX532!G@8Es-_jc73+_a6YQwdgBY7{qdNs;rFO~f*<8|UBu^=
z{joAVy}@Gu#WRp&c)FCDO-G?q^9xr0Fub8c1XVnA_v1J)F0cM-M<^kRATSJz!P(U%
zhWABW<3wSbv;IS(h$H*Lv-zQIrGuM?$Bkg^;cdD)QP0cOt=qG(;$bxV#DLSWP=@)0
zG}6tb>wUgLPft(Nr(OTNJV?L)LF2`lZ)2$qa;AK*TI24Q9bl1E?f-b_49}oN;Tyl6
z0Es`2{KWZro?@NcWM98QKBbjxght2AC*tMcocqKo4S3(*WMjT3-skYHeNaGtf5&=#
zcYlrfx&IFGu{-30C@3h=xO&Ze@YD9<|M)#(Zt(fh<8?el5!yfVty|m5_m~~1Wa8vU
z)y)UXg}=bwmKD`P86})+bc8q=kn{P>xH>diJeh^f3Ws?=bbsyy8RCk?c#O!lI8mx9
z3HMS7mW-HWdh*#=O>vT^h-6>lV-Y1ZSW7uhhMwgV`KrlT<SF7-PE3C^BhAjUNJ*0q
zqEs)D7&$o$OZ>hF1Ol8~Mv9Z1lh2|>1uVg+pM*!vv9`EtYXuVastwW`l(4wLsiIE1
z21ZT|6~R(Et=S?6jk_72C$<KphoY)?dZHX5_R#2Yyx0l`5RJ$U{d0zDK&~4Jv`A7#
z-EBvzxHk)x3@K4xE()seNUR-zWRig<1jAyL^Sd_>zf;Vnf~}6HQE^?o2@xRFq#MaT
zd1JF;K}m%hg#cY(68ei((NcU_Hux9H;I6rRw2Wl=XdR5<A30Wn;1<i&$ad)L-#Q^z
z!SLU@TlS#jsl8NC9;0LYESHi_n@}{_h3;fLzQBB(icokmO?|*Cbpe59JX|O@GB`wv
zHa(>W9!V`u<ukX{juuo6($Or~_j>!f8$HAc)K;umPY-{p7Ts>s=#@hlU__U_QHWO<
z-hH>-V2tt#v0Uko)pi&fDvLv2Ljo>Fd@>y(auJ97M*Da)yQ4|(3UD3erjd0w>INJ)
z-=xwmA>Co5mK-e-t)vPw3>K5L;#8G>d9bgEN_p0fp=yivJAKZqdz34o4fBNcM)JqQ
zN@tXz$I&VYN;`rGtcvuJi0<|xN3&<6T6CD1uUnF5I0`1-gT%Kwv|)(rAUq`~)rFpX
z+;*9+7xIg#LJ7vesH4Bj#bC%Zkdz4?htCVt`<rMo@KHj+dsuObn6MZhh7__33vqJN
z#wUq41cq$JtEE%Tg|K0&YO7)yMNuk?CwS3@D>xt@3C{*8$~QxIXwtkA%h4P-hecqq
zAgCgF$O-ah=dEV5i8=)eONOBtF1sJpr%*Rdh+vfT$bC`yC@PsIA!Zg?(km#drDh_%
z40#!<QC<$yD$*5<NysUM(TjSNhD2@$dyQ_gBn<Gyo^3rG6wAR8V`SNE)1zh9Uu|^z
zg>aOXrx~7+Z<}peG*T9nM?<+{$puz%2`VmGLKw61fXNzzxG0foDkHEe;kf7}{0bo#
zOyf=$fpUo}s0_=SHp$K>a&b+giUCJYg_LqFqh9N*;(&2q@{mY47v-sCJ44Zdwj@V(
zfHKd?A8s96kWOgbry3ox4yB2J)(T9pLpj}rU)sL|DLz-AXsgdvj($+xMPQ>TorjN+
zq{0TdUN1vu%e%%^U?QSh5OHH9`R)aG5|0QulTaZMRbfkOewo{RcC%2)gPNiyXBr9;
zuS~F5FYyp*rU4(YIZlRMN&Q;QM(*XXomqL1^qZQ4lX2lg?S+p-!^m#nWn@cGYE93x
z#@d~jbj0OxRGbJv&I_SEt=3KIW6@hNCr@Cj$n8(EU2|dehILExB*7<P8>7{j?dOw$
zd+*~pjBZI*#SiR2yigM`qK1LbFxeIk*OS!LvP<5XnAVyL@HiINw%I}#e{?GzVjwCT
zpYm2$a7qvZYfCl@3u(?wuI0*dYOs_V#f)Q<#1>x&LY@!Q&S6J6y%{y}m<x(JCAHK>
zIfRwU6SrIxRU;O~vN@89q<$<2u^`qZEb4cNBC-{UJ10O_NtjPC#of_O7qgPJ@7ygL
zT(5?qmnfrM!;RCE#k;&q3`|wZ5PFyueUTNiONdepONj2zBeEh3HnKP)F^gQ!VF$-+
z!c<VaGX>js$2&|mtDV<$(#}rMTYM@I>2S@xgLYoDQ4)tkb+MGoT6zxg@5c!CV-kd+
zhV>R$0JXqqBda+q2vEIMl0dD~59Lo68S>^WhZV743U&qi%|8uh!7S#B)Q~KLxY~+7
z+YI7Ei4mBJaI0>FihwL)isG*W%jkxP{%NnS<7dufz{SaeJNR($5}YgT`NOKBKAe;}
zk&DK5n0m)Hp+YjVf9~jx-jizHMpw;~e>v_k(tL!NRNTkf%%wX7DaFAircPd{t`lRD
zZ+sD*2PSWs2`ZPOt?0e8EIYA?2SWp04?Mvchnn0O98BJ!ot?kDD8iL8OgZSJ1-e1Y
zKJKCprI&7v6@G6ApTXHMfMZHTmjZzHh&NNbkao@womWDW6XcxhXwW!sIa8G0mw+Na
z9sv(77{w4ofYa%at)`mVYa?oc!jEt$AL>!GA>GR}QXm3Jep3n@R}Jbz%7(YQG9xUW
zcUByQNytqdr#96lF-Xr^&Y`tf%-1aBDuigNBw9$A)C5n#v;2Fct72GRGWd)9&v9tE
z776)$k;&X%H!oXNuQFRdJh%9z0gw$3<Kb4Ab_8+<h{9i1IPf79SaK%PIy;#5-3fO&
z*g3@+=)@@g4D@TV46ExRXC3=Gio+V&iy4z84yf`TXtV74)&loO4Y0mJ`=@j?^^iY%
z9*UzHEMjU;?2w<T`stFia{ioa?B%xw)N8;6g>-P)aTKH?Ps`uWQ5BM%cdGaqS@yMh
zvkC3%!u`-{v(3uDZT=na`U8@=_;OShbHnS^Z3abn7Vskj?P>%%We0r7Kg7{N?8=Mc
z{xczvJfi#qvPSk`%uyy>hpS1-oy?1^r~p(&)1iUvz8ML5Mc6<PM<Ex%hMSxy`S!aw
z^B&Bjg5SK(+~z^8Zh_;c$N2^zo!6lnA=sUhhcI><hjv=arfMmsff7-9?$zTF)rN{H
zG#VxmLLn=R$QU*(l=-<1*u!Jk@oD8l9;|A}(?0$|2~UFFDiJS3DIxhr+)CjLdn6`l
zC5hp06S)xjtCr*S5}@n-sfuc*9asjtb$ugFrAVSAc0Z=&^q8tNa_LrB-0awn&^pgp
zE`l59N~n3<DAB?YXu#P0?UuRe6J_Az%maTcM@-^W>!k%3i%qa6L7eK+lG&V1HD;>C
zN7PyMA8lQ=zHqh}>uh=ETFIG7j~0V~utxDo$wyFpXE)=~+@*l$m5*mb7!u8PKO{!g
zeHDos*HjWrcp_cnD&y*dMR{f-LzT}e!_7>@fwNl_d2Rem-Dh`2;nQImtjTc_e<Aox
zwI`fWQQ*A!GWTCtQl%BQ5twf<RQQRARLo9O;-|xiW9e8@=GgQxa8(;C1hpUJ-vKq#
zsq*Xgvs(tJt@}3bGp($EkR}g}YpX-i4K(@CF`P)-O^*h}sn{$f+ExXnnC~E34Q1{}
zqsrD2G4rzed?r|9M4HJv*gtp+=(H;;Dd2>7N(<>OJJSEbV8G(F4kurbtxy)zf!wG{
z$fADF?hm9|#M}yajsu{6LBYX}utX~Jpw7b5)-$HIY=Qn62$)wuS&zw*w~;`P4m;99
zX+Yb!yfAXWk2;d!qBs#O?m<)NwFXmX^q#a!af3U$SMT;0L!errT&;%wlH|>q;Sy_s
zg0U&En8{tB)t+B1G<=B0X#~jQOp~&8;uD8(GxzmjNTu&Ga|UhRO1GDBWb88QlXKyc
zr37vEiCN16kJD93A-QK?5RhvJhFGf!EB3n&%9@~nz0Sc;qM8Hj&ZkIQX%+O(qy{<Q
z-0@#ELK3FJSs!uaqCtk)$kywM$P(fs?{B~jG4T)7(lkjGEa%b+#Ys<bS3AWWH=@}h
zhP6<x2)C4vn~+fXZFCVO{I&A9&ksXb%t)2T7_rhlRA<As3hp38uBpOe3Z?mSwFb}u
z{^H)>1T7hZjDN|FJ$NmKY4`}W$jYT*9S0BP#L<*+Ac`N<Ic=?KElcHR1dKn>q9)YM
zj_lI`j5K_8rQBF|QL@=+jri<3Bwq{z2%qv~OL_PSHZlq(iM%VWYDT*9MZ()*bZ~SM
z;33>zF$23tk(g>yMGEJM`=;j(X4WnjiO#GQ@>LcLF4pIh%M*2FsISi=v4G9j*Y}X8
zSdQI0YdE+I4!h0O+1c77hfTgl--Gv%XgCC;$%EuDcaPIYsm#l}P<e3d?zd}|1LTnR
z7LF>-I>!lvN>7U+a$fqK*VhA@=1L29i-DEp8qJ;Cl8e-uoks72`=bhMbsO#O-v{@h
z>b%{K10pmUyp4`a_t7-!l~$TDXX;g&O}+;ap*ubzU&!>qJ^J02N8@l49F>|)MsMRI
z8hnioZ|@_i95(N<IO^4!bG6<FAp&}BAUp1A1LHlKP2NipPybR>8FV|6<!g2u9o;`c
z86W-2Qmxr$G}NWhwDx!fmx1r+JrP2e(abtH5&{8x;Hx5n`)7$ZW~9n!VwesGhuvl^
z(8Usle6!Jr>w5n*gzm57Lb2LTD{=H{zsEeQBXwupUR{X9kCjuCuRwd-Uf_hW$~4p1
zG2IEp+UD&P!1o}dBn2SHmmSWB#)+r@@~_8ym>yhdEKVpNS!@o<C@`BiE!*9{&!9$I
zrN?#a{Nv&R|KpwG{Nm#L&gO~Z`~LgAhJRVn?Wesx^y2*d{NknpQ0i4#eH{R)4v1OU
zRoD2r^|`R`@o?JedRf`(d8=@Fx;Q6r-`xgmY8d=jd>wyWFwGf1y{s(pHJd%O%RM3R
zdJ5?Kyy{fkd@UEiUEteUxbMz2xn%UPs93p2M~h-Q*IRrQy$b!7Jd0Z1GeY`&Du4BO
z+16;Wdn))Bx!aA6|EK%kM|C;9uk$IFS811*>b92Z>+Vp3DlgXIhU<%1KEx5<3lx~{
z_T##b>xvOsOz+*gcTV%IftMw}vwzSoJC@_0<*p}}mnxkukEdgomt~)(@9q&qcb~77
z3moiod|QiN-in^@th5Jl)M1iG@7piNun5hu2*lW^k7tABk(;_g<zbf#Ux3S3duwSA
z>PWSora@@lPGnw|KK0nYB2{HBSCxrGZ0h{<-VBwg*XZc=v}3o}0h5<ibo3-x=y^+g
zsx>U~)fQIUO(nE@#e46hkx3QxwQvADoF9&R-YX<<*nK|CHN5}R-T%`CQ29#5uQ1Si
zxn22wS!xucpV$gnba!|8TA$hxgnuQ_z!*N_6i|CLFwp*5TDsV${%E?Hbg{~{ETzHF
zJSu!w__>+9SAaCh%GV1`!HcHjVZD*3SVYBY0mZ1Lr-<&Q;<!#Zc#=)OW})f$8%<5~
zX?i!jD3(9qnGl)e&1CFP31zxuX2{ikU@BYWCqZRSzSBiM79~4C*h)y&W01BIf(kXm
zcC{|_hR#Gfn?R%^5zGTMlBkhn)4xmo{m0FEuH<N!C@@P!IIFghXQ<DKosBj^&IdhB
zHJ)>}EUkd9lYuGmNK_<0vw-Sxt006K&nnXbk{DS^O68i6;|zF(-g&^#v$~!}0j^S2
z)y#A|9<3NlH_zF~$^<Q=EnuP}+{|E_Q$t;uDwW7yLB-gdR}1M-dz6Tb&G~CI-PYtb
zhKAPuNh?t`ilcLn^puw5(4GCI)PX5AFq^kPh&n<z(WMNF2Hy%wE~`yrw|;qI5vR@G
zu@FdBnefCP)omUVCGZA>Wx6`AO=@M+gu|&2DDl9-xEB@U(<)`NsKUi`zadjEJ!PBI
z9(sGUypg$@w@yy(xClLAUldpp$MF?;*&??1(K-E3DO{&&cP6Vch*Ym=;4RtAD0wUD
zUg;t^QWevqqzVlyv?^3RUm0nDKah#)t`z$Yv8Z=soRka|MZ9#dmKx_MN}E>PdV0~Z
zNx|R8^%Cnnbm^3Br)*d?qeiZwhuk7Eemv6+DH$A!<7Q!YG7wVPDyE5=D=5y<Mz3Je
zZh?WaAXZ^ND;xokNUeggSn~P8;F%_hP>D8Kgu=fqG|6_;uV9~|h8#m*@&)2J81d{e
z7;jmXN-BL;s4QR^0Nk-g4_)OWm1gd(XNdTW^mG*I$Zbr7vg|@}7xtTT)a~TAB6~iq
zG`SjPFp5&E_<92=%oz|Ag^w#prA)Hy+g~k-LZ*lEnWXoBloh)SRHt;qZbIAShfm5{
z&(zZf#~r=dDkqhKm4qrsi^bp&U}|#|bSxV=w6~}h!y@{Ft#pj)r8~Ndf=(8XTWL@<
zMe#W3kvYZ(g0#+F9Cxms#dYnJHk0TE7PpI``J*$1v`<eJlP;wqWI_<&7NUf3pqcyJ
z#{q}PU(wQWL}SB`xkl$vchHc?R^ycBnoc-WW|(olPcrBdQrsKqi&Do~QxA?FSJ5bq
zkPr)N=+sX!&Gwmt$-}|R-K;a=S|&)@D1$bB62p>Y8)Ed@Ku6$1WTT)`G78e83!@{R
zBvJH9>8RO_Err+(?Qyt{J7QM4tN<u&-qs`4tKosMU!nfV)sEtbhC|hp(T7xMF=1&1
zs6lAi<@OT6)^RwDrm}apTlo+MSUQNY<fr^A1=W0HR*<Ypk&uL?_rOOVkN%%soUeRZ
zANbV5Vm$VOeKy*abZA#z=P%S()OU~$!zGObyhY)V@PqG(UxLF)3Qu2C2!o(^m_aI6
zRRp6Y+B!QMPf3pAD|0<u3K)qK_oX?n52g~3&pS`pms?)$J9`0LANn|}JulM*AJ5xt
z_TFpVT}mFiIWJuhA2E1%?zTJIEfC$Xv9O)b>%Q)X*T!z$&&ydOH=Pf+%&P*m0EVQW
z%hSDpFSl!g*ZsK`2z@UT!<&qeXHZyL9Gq1@_gzlfkNv$auMr6No1Ks2?E$ZmXZXvV
z&^ne1Rh7k^v0WQ4oBeo!4UXE!>w_bn)UKzK(4J0bL&KZ-jvIWP_n{)t8lSgm33>c(
zYr|bTOw3gQ|Ga=MDC3=8J+HlZ(~%e7yZ8>o+f^W1Jk9r+TEN-7&j)16Zz)>5R_nFz
zA~y*)e7;`*K4$xqdWmlD$HDpzc!mz^pVXcA`}qO4tFDWtjubi{ut@V__-x8G<s_#K
z80rJ35P@LqxjSQu*p%4VzSX+A@GsDjk$jE`V`F29*sdq?PBsVB`~qW%5ySnd1Hf-m
z2*b;%M7Nxvy05vtI%9hqSb)FA2r=e>;M;3mUERP4)74#_@tkrLkMHZ@KW8t|{?fwZ
za_V%|fww!H!gwSm7LQ@3)tC_Zy~SZGB3sreeP5v|hUSHOCJd)QOOBny3bC)m15VCi
zL;3RGyKl#bg~v{Ymx0&SZ3dv*e9M+QQ`7Z@WTN(c$LB@QfEP<o3^TRh8<p~A%g_5}
z@88n)ysdv9NSt(bR8ePFWEGm5G%c6r%^SX|*o!P7UIaB@vz&x5bWy)YEjL{A@pTEA
zWTcNngWA|dq+Eq?HONK|DL8l1-VcOl>EJa!GDwYa>6XQD)Qg%$@Y3Hpmit&CB`v^W
zLhq0)wpt)%YA(8mkw?9Nu^mdcTwno&ETxfTF`>&}$GrlvONUsXnX0%x16eyA3oLWg
z!1}y`Ieyb+6C2Fe;Q@qIh;Q`sp^h2Z+=mrK-5TuF%%aL<`T3Tl9j_<fnen=i1ecP5
zm5vOiYRAxLo{<BPRn7IFtH0TO+%_yHmi@etT#r)E;0)zhF;JBi-&JKyH}dV3cj-|h
zS+9GUj`<@C3bhmL@~5<w@#XJvq5Gu*HoRd3JZ0qND4lYK;th*!X~bjNL#mncc;7rU
z4iyy`Cp@-lcR)eh-o+SG!K-!8x=J7Aa!j=-W-`Z<8KkQB$7iV7ioKaJvVN*`)@ob>
zTG1%(3*Bnhw~+j*k&~yNvBXO*0P@wF)wt^7vKTYh*Z~uGp*(Yyaar7L0}$33Jr$s*
z)p*|QeXd)3z2W%%GO}S3g*bPzP!M+#p&;V!Nw!n$$*9H9Tth&S$LV>32WRzio~3Lg
z<6Ff=nyQM<*fGuf@U&>}_n3{z{4tv3X0;ajR+)9ZU6gF%UV@}Bl~v9A(1h==)TDBc
zkKr-Q{khJ8kILMf{fT!;gfxuYsD2iFcB2s~WF!f*3KFcle4WImA$eoy2W`@wwnSvn
z+J&=G*)OttvyAD&gm==?4P;j3T+GN+Yj#t++r_2k`vXg;Gf5MJU{Yz4Cqm66WD;6j
z22g)GFT_174n*rk4h8G<C{-3*HXXN3(Hqo8&hKi?&<+U^n)M^hN#{k@sBm^q?<$33
zsvvR?Ymb@H7}A^1$Hk6uUrY_?O8Jc&)XKK?mBsqnXr0)aI4uIJ-sqX8i^LZt9gFeS
zh4TJBUyV*5;8>@VLb?9MvtbBGHf#n!3h|c3>5O`LQ0u(8iKxj}C}*7l%_lh`7yH1o
zjZ2G`&W@0IfrPiGJq!6jah{@>WZNI$QG&PKW$QLeOcytY7gd%OwGt|yE#*OAlTaCz
zc&czY#8iu06^4m<(e)9-&y_C1gu9oc(&5@F$h;$V*Kl%+et5c4ff-~My=CFLLv&ds
zTeWv0`SpIYn}y?WYE&re=_+e6gQ}mV_|&52r1Zj6EiBZl?+v1ys(J0s&?YdciJ=qu
zsfRS6dnv=MJM_BDj2}!U6yBrGb}SHwm;9V7jIfLfr7Wl=j<r)mvx`Od3YW7=@n9N(
zTR}%17bF!xt4kfAk(WoA(u$};Kgkd(O9{$RJ)b7@%9cOA0M)oz2af-mXDI~=#+675
z_EecV#8hLYQ!p=5wq&|dp#43Se}e-q_JA}zxLk-TZ5usG6cFT9+Ymt+g%F;`n!Fy;
zFc}l%f9_0Lp?t1XotDx-E^*+;ni4c;G_F7k!rV?rN`-ChihU^x=c$Mv=;){^>yVUz
zD9I8n87ujPZ>dh5jIB}bpFD-DPObNRgna6Hio!J$6{rm~!VCo7WZI52uGi3esod5P
zG#ocYJpAb{Pc+QSQ^QkzlHBX?l^|nM$yZMLkrE)Dc-2Q!6;t&=>#HKuvX#HbIKZN3
z)}f@72F*tQp7&%4^WtCm8|rGuPEWnvwEX-IV<|${LAQcA8@H4*=0GX)PGTNgUx}@V
z`@UrUjjAG9CY?4ixu&jdoMOFBj?Ox8dy7tkf4<tg4zFasyyfq2jfVwQKUmU)9Qw3l
z6P?U}75IeZ`OKc$8Y6nz1#D(4)1Z5~KWBRnk^beh^|Q>4V6imP1EH{#x4>+`MdM&p
zdR&;PERwN(dHRTC%}a~{h^#!G#C^|V0?CLOLe2}vnfd>=m}~B!U31`#$=cbT7*n@n
zB(ra5%TiF5CEox#XXv$mcU9i77PMuC%p#X~G-ZZ-l~xkb8b1G8tBKOE!!dTGLM#WA
z<#g#Ip&B@K6XTvL&)+FL%!RxV1M1XqBd$jgf)-B2wPeyAgwMp+$WKQ3J&EK~PAx=$
zh8>-p$nJcmW!c@L;_5SNm3u;|iuHJJmR+W!RYpp<mris^G<TNCz0J92Z{uyC?v$}I
z*S2w#5|_Fg3-9`ZvY!&mgr|)5SD`~T)B<>9Vl!32)Z3_8TNR>Fr12QLf}sU;2;{=5
zNiliTnJNm$0tC_)@Na{Q--+l&tSnQ$*&(TH7&EM;dHsViySu~&Rx@nb=I;?j{)I49
zJsE<{U7d75AaNFp%gs(ymZS;bj`@FXeFp!|Pic{p*vEnD%h<}??IR*l5$*R8ed~oF
zanPVD`kb>ob#}&Iy2CfK?Q4k$%g}*!f+lFk$sJP}r5)RX!u8Z&%IAs8KY0@&K>jky
z!<=cqWIjg!+BfAoT5~RCGIjj3zi}Z(uzj2n>Xz4Gue})7%w?gA4x6r`B|H^;f)1?y
z3z#aO1cNrPQjxOGgm)_@k7h9?(}@Ue9!S8VXP+?++fzpPbZ47XiiEd@Ehm*@;sF`U
zmO=_%tDuvHMRa~J!hA=#*@A86K^X~C!S^MiW$1wG`Z5y<D|<hL9_Nx1A>?8`2J?jr
zj+=WmVg?ruM~bopjw9jANe>FV8WG}qDR(%y>-e%Cji2*Fr<#U&(#kU-V#bUA0j|rU
ze*e(GHFGRO6((j%-0KPVC(715+Cgs3iUci8nf9ZsGr7f^W`?&QV$=?LLbPo^Svpvf
z&>ICQ8l9(rUCx)<9by=}z|Tt^$A*1HQe-_J-68Hk00j})Sr{I^NJ`y`0H6R}R;hy2
zp@eM2st;#1E3}Z`)@j15-@N7_7N?Y!xer5LlXiuT#5MCfu%RJ{@o&;hIrafwJXVTg
z)(Fc;M>nhUk~>MO$@W7?ioqQJ@tG906i`OSX&X?KQVf-6q_QNBsTxhaziCLN_jN*|
zi1sfhXZmk^=Inr;T#ySKBNP#Rnn>9)Q7zsgk_l=p;9<AgQY=gu)`i+yOPgfPG-&p2
zXL)G&GTIXu#KuGEg`$upY#Fa>5HUgFMR?kS$Y1z%Mr@N3n~O;H7@Cymk%4To4KiY#
zMYwh7LI?RGq**l0cfVc_MB>wwRWb$ErD@^8+DeszwOHpRN{fQyN_uA__BhF#-n#!{
zr_lq#Li8;70mH?dH(&txXU#%MI80W@#RF3nRfer>YUdB_aJ*X+3IJ0J;bByQo;o3i
zY#N^SrC=WAY-{gTU@C^D(DX+2RXneX4~86@0ed7ivv%F?L$Q|Yy_uh-c5;O4h%Y0Z
zt9#a!os3$Hw5hlVn`>pAomloTp}ZCs;m8AaHZ~S^$MNHNQfTr=ol1f1!3KVqz;HG9
zzBAW1M8|&KMRn^oHGfycja>3jOXwZGo)zQ&O?-un+|50;BI;VG>j%yS#=w(}Cc1el
zW?KHNUL2txJnX6}NF5=mNod_QVysnlW0J!$-1cZ=yk|UC$;Ygy8YfZF=4l%Fm1i-@
zH?~$zh5=*Qu`5M6T8nF<j4;X6B_)yEvnvr<w=gw@OT~aj9#yfMs&oFmjQ;AwR-?@W
zSZFWSD$D6Q^}fU-Wj_K!eaYw$vlSc@hF<O!?b4<YFePxBh^mjuSjmiB<1u~uNkPE(
zTTC$Sey`IDHOGfRx8uFLgXhk~(FP|$lt7Biq-xFGY9ZZo=|%qpjj~6I<rvA9K|NQ(
z!}ocPN4R_S*c{5v+-ZKM;sswLg3>?uRH};2U|t4DKEcIBhrJ2=&i-YJoC!zx3N$d0
zQv0LyKgt~p$iWY&xHz@Ul7OG_KN>5Ll$g9|wXk8}|E9=7K|%d5zU_a`{8xkh=hzr|
z09>5ujE#&fOpQ$pO(<tg4Gp1oO$-gG0-4DDF*{*lky!#@UBydJ(Fq}e6lEZxeigYn
zll+4+{nP)GfBRp7|6{TLsR+Q%%+lP&@qf{HotPP%0RS6&BRf+YhW|V6KfK-lFYX`R
z*X6g7<NtvA@3J{L8#%i;{m(eu|0bKgBf#9z)am~RN$}qwEp3g=O`RBoEuC$R?4ACH
z;r@4%G_wI1Ih+1Zll<>c|0(JJJjMU6H1+^{7yJKI^?w-Se^(kKV`Ebr(|_v;_^)yP
zcl!$FUuld1cFzAHX}jCnT={Io97wwEe)xiG*m9J+CMHR4Evc*}x@6FI*p*IJH}5e)
z5HXY1B@(Z77Ak`dP(}&#^;Tol8hq|Tf)4Xvg81I8EPDI<^__@<QArnyhS-%=j;E*L
zhDS}b4Ydu0&(?JJWO0wf!3l3T<t#c^DXElNd!}5)<ShDjdX_y~?d1Hl7<d%K+s+3Z
zrQId9$6I;Yf&J770yuDQTNJDucHw!E*Y|qKRIuTRop#?A<vii)s~~OYze%Hx<&Ul_
z9h%)l0R`n*byvy;%$58s)|pqf;3n!#EY0BgW*xDe<yim`2|N$Mr!oa%FYpMR5!afW
zMRKJ>g!890o8qbTbd0DA&z_x{h8C(`v-Rm%(9ov(Np2TPdGuu$xf%-F5>{fhy@6(}
zxJ`HNLLt-nxUj=k?CmHTnZYS{ILk?BXzB?F>(0sTVzsO;IhqYO>HIP5?8kG!F4@P!
z@slumpyg6q?G<v_WbZRg!I+NuhgWuLU<BSPi0LkNw0OmIkGb{?J9`eetLPtDCnsa4
zL{2kl2Y|LHt3}C5Ua&MkQC6i-LO95p8`I^R+ZI>bI`lh|qlRG$Ix9iUxTCYqs>4Wh
z6WkQUq+eTh<H`SBAF(J1OHJc%FC9s+EwWtJ(*)iQx!g#ADH=PteY%V0d+qHaPR4Y1
z8J*?*6v&(b5>zqzM0>5cR##iypY2lP3}>uAVYEr!jPh5rqmg=oAU3Ilgk4XTh6gnJ
zwRV4skm{9h+;w27Y&6V*$b#)uDCRJ!q=N_Cv$^4f{0;NmzX=z-*7(5|HmnBr_HQfa
z&ckRT`e6smR7nvu2+m*S#U7v_1SgXmV4~JN_Cf8xkd_x9Np8Uxk(kP?lop_8{DxdS
z-Zl4jkgh43-26w6yty9*C4~SKRmIIL1|DsgU}#Q~z_&VVhk%O=inhmnAbdS!4%KZ)
z{XW?p<Q<qE9m^4dY$^f8lMwM{sp+K1Uh?TQWMLRKu)x^yVqbAwFU(cXzRdk4WUJ3C
z?qYgacu(fcH6u-KNPpXckST@uZY_bK#RiLAdbYc(Q7~(^dO(>P`<v4{%NwRsde`0N
z)1aR1XbwJd;|e<`p3RwEh)vPf9`Jyca8B;{WI&RS8zT^UeoM3>#C8(uw2z3PN3K3Y
zmhUg8xc;+54#-UY0YK6)wPU~)_2|%aZqX)#GUk$~F~X)1v7t>x{jrf~Ne58e9I9HQ
z6nOU~aB*(~U3I5E@(334gD0QOTeC#KovGj%cD|`T9&+H%XRP1H%+IUeIKj{D&(CY9
z-_OB667atRzZK=O+^g+URfCg=uoKc4!(@LcjWy1)*#2*NBj;cd_Jubvh<>jlgc8Kc
zdBLZ#zvcZq{*1lE0ctYCrdMhNyiC}l>~LZ;X|_hHt4#|}<B&*m%)(kK?kT|N+nBsH
zRM5lEfzg=SYuB1$PPc`}U{<Uqr{=X(B61y+qVOOV6xr=Gn75%GqJvHWv3YEJJ0NBL
z+~?9TT`N{U2vUmCzv)#A>y}S3ZG$Wi;W*LMLSuTvRdKWnHgr7DJiZgPjo;R0BZ;FV
z)(*(3cLhI;!ySN9{1<k_P)&(E+TA4AwR>97C_R}d12}X7K(h}6{(^ws4F#<qK-+ia
zv4OkQP(20g7-P%Li&0F~vh}7dI;fX{#oq63?Q%d#FPUU*AeN~><S5WicK@=pg%UU0
z0fUx)(~xn@<kdwsap!*ofl&fj*a|2M&j4RM$^H3CED^o=Rw2$JREUu+aITK7T5YU8
znZF!xUgtynEbH#N++sPS7H`Z4wy^HHhNklPB6QW*5pOz&oV}N;YQUr1uzKsFbo9Xx
z^IaSoWR*5O+&-zjml7NXzN3H{Vd?eZeKxJakO36X4qH09BL+2t3$j1X*{_l|O=dU~
zyA;W}>^k}G1o#8kz0{2xvE1j1xo_KM_Y`|uLiJP_{{5pbgZIAZ?Zxn41z@F60ssCW
zB<z<q&O4BGj})1yvl3H1*;N;!!l}DAQbS%JMEj#L(&|JS&b)qgJh~dCQ?hdHY~p`&
z4gLyFIKf+CweltoSE1D!{ri@UsbZKKS9}oK6xDiqgHOu4HpjSwHQM)4{6K-M_HqY6
zOQTcME#H2Hd@-~k`FDGGMW{1I=%WjHfni+|5g-sV5st)AM^9^fCVn~vuCiZiq`5&!
zXg5kDI6sT@X^nu}14zHzN#N3I7)z5yS?>v5Y2TB;Rm3)GXBH!3;R3{fo)AzJGkW+|
z9yJi$+zgWD8oo8YZ@Ctjyxp=R4{pT1c)Sl@G<lk4cUX`JbyjumyZ{dc%NRy$^{`;~
zbb#!dZobOb0Fo_~=EOk~t1?Z3aG5YYmpfHaG0ljTek*fmFXDdUhQ{-y|3P;gVSI)K
z(e&Vu5lCOKZtkc;#)Gi77cI)&iCyU+I6HI2E@UVQcsV%OPQJVuaoa+8<jY5p3zyyV
zG8ULFkOiZsBN)z0l=(*nk2XGvgWa;2Phgd8VX;Y!fqj&aAwK(R)=HU1v}MGSn!IrE
ze~K@^l}|euH;V7One`}k{$i^lr|Uylhpn3Pz2lKhC<p2hH#d2dzCExd%@v5cI#M`5
z)CJjS>P#D#;X&aZX(Sw!nut{w#^Hmu4daO!!^Bt80F$f30SCH|O%+3$&_6Ol+a&Eu
zr7F>873@uf!1exS?j!V&SRnotAbk&lq@9I0!^`>T+T?F#y4<L?*LkLcTsfWD-QF38
zlw-^#P^Dk7K?@Dy$yZ@Men=C&m6;RN?%KM!+vFP?SRo=>JZxvTmMXYnXD!LIg{%?K
z62EHKezG=PZs8m6(HEUCODa;9m2#|+z=<;V>Pzx`jFHAUVG=J_{^FcIb6vf0Dtk|?
ztgqO|Zr*pXSQWPkX?sm!#mOK0*ql_pp>S*eJ72RlW~zIeGF(p-2YUaC!j-Gv_o0}O
z3I~`BvR$1x7oz>12Rz8SATfl%_80MO6PU=g9B^*{=DZD7Ry}QAm~`ww+=o)1y<mu{
zG%#*F(M!SVZv|MbHRooM{ng{;^vadxP&jCQCXk4hvBiwHzc<<47@(4>D_7VR4)}HO
z&1px#*~tV^HX~Z75!*!#Dr?rT6odT}q?og5Ryu_KC!sLo=y^(6mmR|~UKAaa82ZIt
z%2c#k_1#%H&F#TB;-r#o^+u2!SLPk)E-3aM9F;xlsrvNqxI);?P<0!6^UNmbw@Sj7
z9mz2!U-&ZIq@{jIn0$P{8soop4BLXe$FFgkV~~k<u!5T@Rku&7^)JE#+RRR~p3_~b
z&ZfTQ@i*eBnY1OMh7{uT=XDgSs)UcCpUg|LFRX0QqP_*8vy+8wqUTZYXohOV`bOGs
z`&Q|^DX+UlUTf8IU*{icId2r7ywx;hk;~PfPRa@PCUUkmRK2w_-=`TZQdPJ$-X?w>
z8c|6m-0xR*38nR{{w7dFAKc>+N^>%%78=uNkJoWcBb(A!4<#|bE!xvGVC^A*aw2y{
zKqQCcc?LC_E>-(u-xWfy(%)gZR`KZqq0_5VZZ%#@xh6#;?&#-btHGtx5dX`%NLM)d
z#L>8(B|*H04r$T=O}BuM$GBrB6>6sXUP8yjoE2_8kvVST%!_DhY%IscvE$i?+9f|2
z>|eNVQ~wnVI9!xux+)1O>P4#zoW?OC#kKj#q&($D6b}nk*Ln#Y#kn$}7+OP~v~svo
z)JtDHY&0$}6})8ESk_PpF*3hEV}(*@o#k<+**^vKdfrWe(no~C*&2@e^Y6gTPYL%W
zvZQeBrS%Dam8NqsvR+RgUD7%t@6Fjv%yH+NiQ-Rs#&fdcvgVj^LZUK~1nvmAj4Rlz
z5UFsBrWE-jzosl$nQ!lz;)^ok1c&HYJH<~!IGH9%#K5?mlu0M$j2r2Xx&el6aEi#G
zx0t=h){QrrYj2)bT4o4Sdlq^=r`-WtYEu!~=LbMEc#dTDyWk!q;h+~9Z-JU)Wf2Ji
zU-F^jtD)X)=huRxDFB0`34T*F&OA7o{o=|BZ@mK1W4RrAj=wufqX14x!`h1ORK6sy
z<QnJ1DL=_=Qn%!q)`TIY`^*Kk?$y!+-OZB>Bhs*jE%GrR@@f7?o$lKsYtjs7X)Xh}
z2et&cXVE>i?#Uzg(dJjQEHuxvjX4@no>pI0LopajoR(cfRV9AYDXeQ3i7GOS?uwuJ
zEA~nK66vxd-_A|%st9jMC#YK2XUp~}t5m&9m|Z=+{PPyHOUT{lYW(Czeybboa_NnY
z=FE)#9J|id-&0ahYZo*Tu64_qZmZAw;ZG8T@UF&#YC6+BT&P_fYf!F{U+Lug5YFER
zbis6BHZYtpHR$MU!5b7*-JET4PP;KJ@C2I4#>trruf63wCdrvKZ~xn-e*G`2d*~pV
zQ@6u33R+QLnGo4VT}%CE*66y5h7#1T)xk~)j1D6aKPT_VC0XKx{G&Cm@pyG}dZ5{7
zOId>6*#6{RQL)>n<-Qg^cOee)Ea7{4`Ux~agVeyqm2M${@7-%@tw~nKB#z8%vq`qX
zx*1z8jqhc8TFX(Nn~td<6STWIMg8}%9?NQ%T?JFZ*r}_lyig6-X#^h&hb#Tm`1O@8
ztNkgQ%OE$waEu5^aL?dLuB6o`4WL)TeLQ^+Yj)zz`IIZqVxXhqbezA;=lgMnia0Ht
z`Lwcs*DEht0H_A}Hen4=L(%gl8KU|reunyR20l>Die%gnN;2cniPf}7G>g$8YN9zI
zo4x56Kb^y8IHMVtnWBNCeK&*s@C-wbx(@^3P|^#e7+&Um+xc;f^_WjKm3}GJwX~Z`
z{&}i-Nug;+m3cJ2FL+|JqW2Mci=f?`i5*UUUMcNxmh#FcSjl$omYyQBR(K@YNW5Mt
z?SZ9A!5lf1xUpW;4XNZ~im_36Hz>GfCcO%G(De$$_~jj3F0-7A`N2e)wxX8rcR=*+
z7xsNaq=29Qvv4pj^62;b(>?54A%O;A?&s|8kmy~2ubNl%hhjK3^z?_c?H=(fhfqbH
z?7ilJ8Q68>BT2M*%%E3se`vPh_zdH6nrVQ#au!FdJhn-Az(3(a5!I-u>W-EQp9;1(
zZBHT_D>Tiz?5^mB$7v~_2vNhHw5$2=1jH9vF@5bselZF<-=UzE>nV>(wWq^i%mWmb
zjA#_h3e8CP043pQ_&ydXL<g~mIb0@lLGMTwqz8Un+Eq+i6siiG5ngT2ub<35U=rnL
z+79@kjG}5y0EWU=Q&m%>2`NW5yd~j!sFk3PG_jS@qmBVS^Q{?;li~;xI4!99cBQxz
zfr6VDa6TpF(FxnghwIhnmI6lVO)^F*#*IOqH<h2bT^M0_Y@=41xdBT{LTawo=H~}Z
zm#eST6lZNgTY^25w%s+@;K}%`E6qzlcoKlRh284ps%TiE5LL-eD7ywSzaZM>58Is$
z^6XsVI%&kGy<*Lb8Ou~g{On4np)La>R*g_em$*xmI*F9%_G+%Z5EH<nHJ-EP*3%_b
zhZw9pb3g;7-2Tlg{OCh=3{{ciBh7}~gRe!gUSU~<>)`?RW3W~~D9`{eD(^(^k7>uW
z6+L4-%#{W&6YT{-XWIQHXoJ31BTv(VIe|f`_`s}M!4C6!vR7b`dJcr47aKT$c%S>k
ziwmS{WrIu<;A(y1Cl9dEc#~4`C9Xa1cFDiF-%YM5rmD*t#nC-5T$j!0)9k@N5Se-`
zHjNxFZ7+@LiopGC0Bir&PL1=jarX-^wT*4eZQ?UuEZ;;uin;vF{TDGmMuD6(ZB5<s
zJ+^Yn$}GM5m6cX#33!ORkF^gPE-TPQz?}7lRw#a@_ASb=J|n>>R>9Z6yuy?6-Z&i-
zfji{DTScXR+c-GouUe#;&a*`)k)tIZ(=Y)T5wzRenWP-@MKzn3;SPx2Bq(foOV&Hu
zqoS+X7RJ-q_^Tjn0Slv_Y-$#sbV^1JT32*%L34o^)R?uj{nZuKx98N=$nJ_2wkrO6
z-tQ|};E^!D&np1iRZAKMr?ud~YIsr_1`j&WXm&7TSN~|J?Y?4wJ$Ym3v~EBdz(yDS
z7n2;e@a_>62@ofkg{FpYL-6l4U^bH7i!^31LOlj$aR(qckYLy@oO0gZ2abZcUJ+Iy
zegQ~83ij&&3q<6TyR_f2tE1!=V415yr9%EN@lxoJ{zG8WA|@ce(r*JW(bEgp`1)M#
zhZ}xlK3!`_y)loD`M7FP<_LW8-4;6|y2||unkA%OyG9p9#}v$PGU121)OG(U0^ME}
zZL=r&NRU0Dq%ykv&_|>)KA-pJ97oUq=>OU6U_7}=V<@3YO^Vboo2T?QH~bW&WZbT`
z5VcQMe=ffXuGDL#cW)$by4KxHC$mcZymv}d0IuY~w*Csu8fN$8Y+ko052?mAiztrM
zB{~dE0}cB$hDv|q$mW1(IpPSw_#neyA!l$ykOg%+oij737)f+*Uq@(S5`oVe<1S;^
zpK!<u8Ej!{cxKV0MQfBsT%LNrncN8$d7AflOI-oqcAT!$yJ7G<oT)W!Ub#?qYsF4`
z4mpyicV*KgNQGJQQA?Wvv077dR}Btt(>roKhrJ!e@U>)npAxUxu)t6=ugbgzNz1eo
z90L;h!Qpu)!l#}|djhSY8z<IaRV)e!&`iDld_NoBLr1u-k<^V6uU(9xLAKUyhQY+#
zvc&mf0+3dQ=WW@!W<;r9WwxdW|LVAy{ffV!iaCktbBFSa(2kum%JHfLi3j4eJgqPB
z)vy}p_j?z}yGH`Si4;t_4SrL|2>%sv%jJgCpt;lbmo=m5p#`ycPG{%NCcBp~FDiBG
zY;n4eLjG^oP|U}C3SPQH*zZBTQwBoX4aqpwP<n8|ntsOOaSpc`d&I$(r%04NA%G06
zGvWrqV&7JAmy)xNX1cAe@O5gOo%{1bBoBrnd`LT&SL|L^9<S%e`Ms4QU+m7j7IDtW
zoWAjUc<`siX4rkUD2h#}7D&E#E>s!xeG#uhg7*0T)7V!9$FXeLiqT@Sn3<WGnVBt%
z8Qo%LW@cuVEM{hAX0RA7@RMiWc|P~fJri$te^f=}UJ;d5m7SSu_1gKip_hSMhSCRA
zlB(CH(dD4EgQT0EwG+RtujEV>9ABZ>q*FwTEFR8ci!wK?hs##_#>JhYNpr%q!BsE%
zc-t1f@4+6RC7CW0r$c<}1iBMzEpO!P07s=-efSCTWbX={1xiD|F6m9;F+HINWpbLH
zmPOjX$IEzAsuwi&rR4Q6y3^&BTzopxowN1)Fq*FMIbZr(eJitzJ$+?mxK`O!N=QMa
z2;-a*zY`R>BzjFt+4T-$_ZOg5bGAv(acDnu8^YUs*EQ6w?#L4pp)WqC6<%ejaWPr)
z977VwguCRPj$J%{+o8(NID9s%uOhr?vFjJk7phZY$Crz=BGR3rueGA(6S3GnE|vNo
zI06(;R#&a>@1Pz(uhCvxa9%Zr$e*6ST)D`%tXZJRUOq=7S#fSR4dD3cjTKhi-xi;s
zRi-jUv-(so3aD-sX^@<m)@!Df6c4NL*VKZktDu(kH;0ezJ~WcYmX^vm{u<4n5W`Y)
zPe2Q6V7U;5>55Ym>Fth2;|^H1Kvi%n68O49Mff6{#cV7V41*56MixDcTw!m@55ptg
z<BkCxU@#LPGMb=cbRt-wfb2Ik`S8`(Y0pQdc$?-67`y+bN>AAj0dS70`uyNDKUI&h
z`}~tnKt%K^LDL8jy)A6=XbL`dV6sX%));tm+T0NuBmJ}E)b+^ZcR5COpioF8@Gq{Q
zfb0Onic)D)AXKP|BO_}!vbh=;N=#!y;vxl+J9SRGdF>ot^g!Asky1SL9;AZ<?&)&q
zLc;SXVwP_e3HW&z4E-H&YS%<HqCY#zx|GFgEs0p6u*4_%=6oN(Z`HNkYwl#CLc~5J
zEo1Fp+uVpXc5qd2jWPFebsoUQH#-BuMY(OX8kj?iCUJjYG2MVfKr=zxG!@gLp^vD~
z>~wpqIQW6i3CX0V<k?Y<qe2FLu15+^grKBJ_IrUk$1WdDMP7O^3LbMFb(0ke;c5qB
zr;T>I<0#GERoF(rDV$@3lG$y|f<2p(gyA7^q!-h?C!-?)qtbs$RHW2^5f$-NX{sYx
zQQu+WB^K&i(a1#xwytGa--QXZg#QfNtQ-<YnWz~N+$RA0WJ}Um)z;{^K8Q5JaID=y
zZIDf!7@Gz_1<X0wj!vg(fsXb21pC63(dWRI=>1HYBh3KREBNxe!bl3X4_fM7F1w6A
zd?PUE$eQrt&2z-)_aFeD*jmhXMX$Wo1+6uum&j$xo*|perkKN4SIjms;}y`l#6}7@
zs@Ci9e7>kATnuXTKhyfm>m(~A8?P(Cq>N{0*7$_4rbS)C*+M=T!f)V>MuVp}C(TQc
zBX6{3c<N*>i<8ZC($%HpMdo|6WIO>c8Q=E>A?PHi_4JEzX(vjwHHJUQgu$4M>(?2i
z&`b$d+?U!L%fRqq!&*AjF<=HGJ3wwpMR(08-Xh{L_yD|u_7)<$(e89}{Wj%Afk1kk
z->Yu!d$vW88Bj28+=)kwm%!|a79=1{J;guYPC((EOj2WM3Yh9@p9SyShY44CqHqcC
zXSn|zXmDjU<`5*^9!H*S#GE@_Kjw~)r?b`5__n3FwXAIxmPZQs-gF~Nhja4uh8%9l
zr?*h+Ab&zY`cfHYkYD{!kPOJMoe)Tf2*@bu9iBi$Pv3?xB{3vG$Tw#=3wgea)^~N$
z{bB>O9dC5pR5hTzm&fG-YPB$f52#au^b-?4r({ptGWw|34;(m~!I}%`X1BtVHnb3@
z6UwpDJVMc8w#cP~^O*?d(3o0v?rh*8a;p*rwj1f*yJDH{Y+b$40(^th2K>DJc!J#p
zVtD8p9Hme17_cq-D3q^|xcdYfek4G1sO=0jAxR*$?Ij0+-L7jqnAA+o`I0>Q3kN*l
zNxI);l-D&^%acn3=^-7%?=WNtaIcc+qV)!x)zmCPrr$_NRZzyGR#Jqr_iFiV0Y>ij
zA<zJ06K?n^@isjX*G^K}9pfq5(!P}-J#O!pi!v^NCuJ(+R{+<9VQ}xwNwcig+O6Kq
zOE)%`QyEWjF6Oe=p_~s~y4a;*J1k1OI{LYI7Kc+(ln)m&?7GIxop$fs*67f3PrT)q
z^e4{HVZ<{cypFf0S4RF-^Fd(#h*V4%W{$eC&5l}@C3s@%^No31gH<m6M>Tyu2XA%h
zuDNx<6aPkEuNCXW;$HQEc)6xa8aT<_ZLxQSp6QYnCvJNStIRJukEehr1n>7d`M9*M
zzI8l4j*12SFIaU4Lr#=7QR9R*#%+{@Mg$&Tw34%vx1affL6Bj}*2ldlK(jYNM4zh)
z_D3m{%AFC}{Ir>J<m%SSkZcGHB)=X?bU%)wttD=+!C*EZqD@QPBJztMW&T9k8g=Z$
zgyX=j9a}iN%<@K*Ph|qh1!n`i4nr}m4lW?<Ic&w03%TfknDCa@0kl1=ZAfG=s2iuI
z-x-x5Zb3rkNhpx7jC%pSrc<rfP~=-<Jyz%}@QE<))>gOS&{lQ7`l2AN{n4Nkn-Q6K
zvK>#9=kRu_l0FFb#4lWU7wTK|Q*xX3)b@*9a90E|r-Y=y5k~eM{c%_x(DpO=GLS&Z
zx1&k7pY&S0U2@Qd3oLKa?7q=8377_q0BWJy-I@*fDgb0MbW%7EWmd3U+t>_<WsgAX
zEm(#ex3sHM+3!7fuh02I+rlJCeka`ClV~*%czEI|yeP8E<1*u%Gj{&)Yp*N87^B2x
zk&VoxAuQ{t24J~3+IEz|64o^!cylW<S2cQq^G;ByvRu4!4IaSQA}A*vt5h>DXx)Rd
zR6>%^r>GEMjX2H7VAZci8e34&usBDoYA&^~aQ)y|44`nc%^ba%oCJZ{sRlGel5~kO
zp#Jc1EC(~(7s;U53g=eIiAg!Cn4Ae{LIn!;{L`@Lk=>X1zL^)_svE%WA*k3j%A|l*
z5p*?;#DZwR&m{-~TZ6PROvk^+g}4^2kM_C=$?_RCQ3pvlnME@aJhYfbOhBz-8#bz+
zv#!E_(aZL|qd*mbPBJ;1PhrSeEmB5V<GO1fYz(WPwBo*{=8#5#B^qbq(p(XC!s$Vl
z-Z;0uF(jlC&NYB3u!0@bqxykJjm4tA?WOOq`XL&D5;H_X?)M`cptz2xw7f$SM6{pt
z94(B6n=0*&N~ot%KhFbfEISRlG3f*6$jc}3^i}Y7;h`-0U18$s^0fgzeZBcUSmBRj
z#Fzl5NAxJ`%DZwa>e*8dEh;$j<z*gt#T9SQh{wpI$OFt?d}1K_FaQWt%g1zE(^pza
z3NDL9Gs{n`Xi%4xMxuTrB{hH%T|Z|T)bG0@ox&hFQ78N{eJ!qCHe8`U!8K1Oh;Is_
zP+glCdmmUF<OYG9i1>uES5(gn)&xe(*N!2-1KLWFF)0b)EPT(JDarM;nYEzBIV_oT
zYH?nI_SeS%Vk)CcEyQqe0p78ot135opUfA%PK=#U{Au2?pNcS7GAA%gsY*UjJKI8i
z;=r+?p0LrZH={zEK=NO1A3f;lzW(^UluN!iB+{N%Q%pGpxVs#8buw#XTc$8+VU+h-
zjZRH(NC~+=6XKtqGP>ZaDFGYT)Jb3)Kj4#^K@As96B5ujkye}*Cm7FTva^p_&*SS4
zUmt$PYe>l-L^W5ym{(Qe2JPP-i6M-pLl-`$q#cDo4dmtr73}Gb2<5Csz_r!DD2%vA
zpr^~~a?O>kY#U7>5LG7FSI%9|bd6kx+)l{y>F6#85+Lf4$~_F-2srnngh8+S0y{k`
zr8Q(?2KRv9LV6np8FAbhZX8V1V~n3kz=QOO%j-fFA5Dg#s{v>nwi_YNdW4bzNV;qp
z-ZaCtht+W405((?SrKO@uu4OvJrUWK>5HLcZ93zE>1$Y!;V~!UT(dF*nKT<MDXl&}
zwlF-D2*%xI-S~9Ins7scS@Cz_kePUMrR*b+8XRrqth#X^=CtwYTOA<+qUu_5tFe?k
zVZ4C$1eP7n2t2oQKHyy9+Qt|VHBsGyN0tM6U>1}O1sM}l=rH3z&iru#DpCQhJ6_c0
zC$dKa0*57{JOLl_`D=vOxOYmlLKr<OW=)~=YYTsStx^7!+!}Up>BzYR(}ig#8WC(w
zllnZ_`PYg#JY0#Z=LE!`0Wf-LRSahcQAo_D!VO$wbhSkxs$F<FbitsW8h+5?WX^#|
zPy!g^7|bnrS&9-FMW_rX3u;Y!b0?1U+>yQ~w1Q(qLS1NefrdQbkbs3)ZGtz5vxV<i
zS#C9>fc8j?a>yEr8ZU<HQq508{YcHWs5Pcd!XULb@P3EV-61{6NfB9;0O{FTKW))S
zO6;xl-3zbK@F>R|1AG2Z6iV(pB6DS~PxAbSK$>9%b&abl-H`S8O%lF0Bo>LZ5FPvQ
z_IRb+eqDa*&+&dgv@%uKXmeKca-xj+HOhKMCmPUHaDma<BF_^82`UrlcGuhv?@I+_
zK%fdkFzrjwbLjZ_(aZ)UpKv5@gsUaReO$XoXF)t3d5~!Q4|hz>(JwbHUC|kme)5?Z
z`Xw9MR~3}BxUs)<DhTL?)c^XXs=5hIa~6=UI`Tt*Y{|_$tgK2C^;@d|ybz|a3j3V)
zT<D6dS#gltrCCWf)}h<pbcrpShI>~1)Qv%&(ACu(G^%vO4aWGo63Q>*t7f7!{k+4n
z?21z<oL09|-4%@+1>~ra7RJb3cgfEwg*#%ZG3jdq`~w8d+5-gm9`-x^p<Pafn&z>O
zJLC}24^X3^*C^VY(Qz_UMzPZUx-@GI$?%NgXM$Y7vEA8E-REIMv((fpg~|}PeQ%i^
zKh#EoHs7=y#Z%1)*M@q|`Z3qvc0bd!Z?+v>@R4)nxu-IezdPHXfh~TSwCsGev`5Na
z=k>==+T%4^hOUs<;BXngUJO6p4v*l12wFT44gTy%0<I98-Kx$_-->+(WSF=tu(eTc
z>!J9?Ga<C!YjDG|(o?Q~_l|zNH{(-2RYhN1Ht(7={5Bw=%QV*3eQ&C{34KVgpiC{^
z0=J?8CNY#Zi{pylp2b>DQx@(b_~y~P2fLPLB@8PdCi7$;&4{IR)6keQ&+9M(BQ=Do
zEYimx(+Jbpa^&kx8_*cyB#xuxgJ(yq(s_T~Y4R)*v-3pzLo$9!4`?o946Ipb5?@ZI
zu#5{uCK}4koO*keUV=1qZ~du~A}*~(paw5hR<fYP9zlVh#(9YGXZczU7|1#eV|k^h
zVR&&80HaO`$}A=~T>mKK0B@v5x~kLI?%wWg!f_I<9FWF2j;9vTh+=Br_Q$S`KLJD5
z=&Fn;D7_2f?)CE=Kg^-m#|%h-PE)gQ3?zw)V8ARquYu_6bEtU1o-N21!dhn5?@v$?
zd^d4@N`#4g{uJ;(&5ZbX^ct`h$Twvgc^1^bBP>AjTYVHKdQ04h(W0|zd)bbMwo0?K
zm)hREX6W~Rl<#vrlWJ;b5Dre@^uRe(B~~L>B=6n3r}pxyO+oGUoEo<5yVpmGc7q?}
zUut*kmMO-R!H(4pM1ow_hVV`Hc3k72`n(dlEa8mzkP6RI30D-0I3*0!W}#-rMmoZx
z4N1NJu*bRL8k%4MWh5hxfRB?K$sLk`HcnCi+zrC*?dJ@<pR0HEf`hrUr4F8=VWOED
zrjgv1d!A!0EFZ1fyaA{9&52Yf#b^5u5ZjbL!dq((c!YwVpjA&CJDiQf3<y&0D!R{y
z<bL+kFC?_-x&IC_xo)FZWiM)Meh4JzYVPX5hi8=<PG0N!I!b>nu#!<<Z+gBC))t?#
z0zor;KU>dcI6f(BaKc$@1Ep3Imd~8#fVnf#UHd(rr&35YdoEqnu>B`7cLcfDRPryD
z3MNvvHXvYcRprj@W|HA{3%bd#8aX+%VyuvG5*B0ec^2&^1f1mGik?_f5cy@shL+T~
z9g7ae&YwHr*x9(VcypCITkB1CW>L~AZgglCf>v$s-K51?<3U|ll+O0mfV{AoHql~V
zaWve-9o@=^)-Ql=o1_nfm9}+6b+OF>4%u{Gu>mBk&9E>_1Gd)Nj|0uQrV|)jG*c0Z
zlUELWJf8sX`oATJeJ3%n@?=0je(b>iSAzJTbZGzOCu;0u_*;b5sH$z7&VcH*RV|>W
z4~!iLQ4wHa$ttV$Z6>YCy&T6e4#3RDOlJQ6Hcp$bShz7S-Z|E?GBi$)2XpeHTScfG
zoCsJ9kD|&kmkrjb&0~-Jn8=-R>8x>Ez;WUXB;g*mX53LtbtXzHXO*H%la#7V0~oC_
z;}m(`AlHc18pV0oANBMF#JZB!{PV@*ivd35s+CY&k@<3+Kg*H0t|s<MnFF3*0GTja
zoKJv%Q|Xm_xJAQWT*JrIBC?&jRTjgL2fFQ2u!GT+F59Bpd~aHHnCA8y$OC=sQZqjm
zAfV2$RTguloi+&DV3E?pG>E2`<iY+l{v@uziK+1OR3EuhraFZoc)Zt`d3=X|royJ~
z_68%R`&Ow*mLpZ_>bw;wCdID@6TGP0ApX!L2<#r+n^~xDyg$o`clVZ~ub7Bf<S3*3
zNTSH<&Df-Wa*5rL4Ggp2+t-mmlO8$kPO_46$j&;g7U8hMwpfZ-dw6Xlm(ir&`^sMp
z?Y6W1n6H!Hw~*X@RCaLu!cE1s2Z5T>G-g@LbXCh+eZ|w=LlZJp6<CIU(M5Ljc!Xk0
z@|`~N9b!G`Gse@oGws)lA<sO0BymUob$wjCiN}Pq{vp<iit@TTKX+Q26)C?d=gM=C
zff7*B9e6t+dxTR}<z-5(sDwFUljXr02X4dw5#GinGX6Y!t~0|<XLOsMPdaJiaaqb2
zWf#r8LaIy`4w+K%k|GMr&6?^_!-lk|`yCs!*B~8KWAqy!xe+oT5z%K1F0W+6g>+Iy
z@D$X#6qPBjFNo@CTR_#3HNl-7xbdt{4+>l^w5;_MFTt~$TwUgy9j6Xw=!iGudDRU`
z-RnS$GHO?koK@*p%?C>QExK+&PwW|z-&tBcqLwcfeX!rX1DX^PW}Pn@e_^bqQtxyh
zYT7b>qqi*9AgJW)i^ihjW>C{Oxk6Y)m4Rq!8tArytH3B}>E6j_=k+-KmHGzu`<<w0
zuxr``0Rr-b{7aVmpWcbznqO-}8*>xm4^g|rSCfhO2^)U~#DGhlK;y|}0eWz72a3@a
zi|lUJAPsQ(n>6Ij&Zu}b#e%Za?D@SaG3KqPhV&nXIK$y}B|R!EMwFzZ5@wAj)Ld<J
zErn}btIJK)_-VKw6RyH+s@88dRGj)rfwb(OtfuPoC;(}<Jo4>CJqsN65}yVeqM)Gh
zB8ANF_dT#UCwHMu)D@l1a$;N`33$UdxJq;CU<{j-I)a-BVtoZ7p=Cw`ocwWG<)jCg
zlWr9`dvbs54jFXJ`RDN%Tv10&EpLW=Dmu{H?x?xY@!#@DG;_N!a&w*=xZWa8FvwuK
zkUwqXcKvnqPB--nbGN#|MZ`*AGT-!P%u&M)zN&cj@9t}OG@Atn1_JW`@BsebCDV?^
zPEO`FrjEadl>x0S_0v{lFMjX9@TInORF#H`N_VuH5T$+g;c#keP?gyNa!K&lv&#aX
zwesylREKDKC|Q%Zk#Y7dnV+{yL?q<ZDd9ddXEGPTv79~gMqUEsOR0KGd>x~&t<PuV
z*wLT}7@mg%ghe+h29$;&9KI(isOr(x%#6jNK_UcUsDT=&h3a3Ciqg#oqVvN;>lWx?
zk*8OjO{k1j#!ZfHpQE2w5C+LtGR)If_D@VohK@hv?&TJ&Kl7;um)nR~4I5KLG&dP0
z>&q`w<L`<1Q^>MgR+bIx-_o-!!ONrP1a=ix4!^$DYpps%sG#eE@_09EnXI+{%A5<n
zMjt8}%Nsuo)e*Z2VBi{A--kKkuh$Per~e)`<WT-~kD<lCJ9)0sk3Qlyyu2@9YsY|T
zqx0P3;)W<$&dqf6(E8jzdFKXo1{yt^<$DBDgxR6k&FA7d#eCAqLlExqp|*l(BqaB6
zemF%ZECqb}nqLbVYq~V4pgldwFRAT^-dbfbJPLzqn;G)n3EZCa>ffm{3X|KYHDHpH
zlS}(V!RUI1qLV}_f{x|(o4y5w!u0kE)=A4qp<jduGAG|WiA4nJBHpj;6h(~rGn7Up
z(Igp*?Z$XTof%2eGqQ1O8F)8_NAiq3Jv1IgB$QW&!jmn>FE?|(<`|x!-y1|OU+xBa
z1n_W?eIoMqYd3~5*7kZ0F=@lA26lJ>k{Eg+zgj?G6h}Vp<{#OY^^sW-K{{kJHG~{{
zavaD1;MUNwX|eRD9N<=0cmtgb7<wMZ7h=HGo3>>{wq1YN=q3}gQ8|s+8V$f+AKd|1
zo~gd3fw=-kL!$YE->>Hhx*g$$bPVChE{zENuj}9|q&|UgIwM9RQ38jjp8#Pa%TSyb
z6Kl?YB~nl<8}UZNFeBonu@?en{NV#zdaed~mscl-ZGXH=62i&}a;R+&4XwjL4~}|m
zd`OnH^+s+fqb+R2cz^R|On#2t*Sxx3JAuL81-K7cvD0&dP5!wzIPPlMp^4Gga$o({
z=<ud?Nn3VrHRp=O7Q!ALVyjP^DP{hez#i!C!hhjn$ysa+M>AGC=_OyO`A`Cx&D?CP
znK}JwRdo$;su9jaOFOgO`x(yCWQZ=ZP4&f^rQQ28+?vtRKpMhrq<XUjU2ssXmD7*q
zDcu8Y+sH6w!aWDG-gU2Ye;O8sJ(I4x)0u}GbAbqlWx#z|0Kj%o=<QMsL%C~}Sv;4v
z-Q%(ccX>=Pt3SW&t(o8Ib5)!&<KcZ6X~vC5XPOb6_`>^owVcdR;r;doYrh!>5nY78
z^OTrj`V*lmrZYQN+_fu<S&Ye&+wn@_n%ZW-{ryz@TT`C4w+0Aiyb!&7fx0fDRic(W
zXm<BwZwWSMjjb{47}Y{Wk|CR0vx}`+!%N3nAaBit*pk^=qN_Qr>8jnW_01D9tN6~G
zGuJn8B5?(hE9=iA#+WFxA~?AGh)V|q`$*8{U^V-|-iEaJ`9{(Et0+&gPiJ<H3?#<3
z<bF7aQ`D?nNPRbNYvAX;L`p-$zr-ZnUcM2^R-_JxwUWE`A;Wy@k|jJ*eIUY@tl-eX
z2uAY##k$>ALW~hV+A3MNW4B6lwHD!t4kwqalGrjfmf-B3s)!ibl1By_l_&o5xKp5L
z!R{d}v0>#EcrR1tncyTZatGkAPSK@~sn*BoG);X`?G_x}Ad@n!Xed~*77^TqKst+Z
zeL%T88%C-<Fno;wP9VAiaJb2Ya;<@rb|Eoa$O#v~P3vZu=P(xGm3gPfp6wT-#+ith
zQdz=V9J{Rh%1m`&F@1kA687-kV*tr<V??8>RW1B1mIWf?VZScY(nbl}<_L=4EjECB
zL*R+GnO8~76-r2WVK)0E4gJKZ&^vfukKDNV(>0K%@9LX73MmhC$xYNevQ6o)AFsmN
zGTuB@K9g!dt%d5}&5v*u?3!!4l|(B@NinwVw%6F^;x;NMh@?X_^#qkbUoM78d-8gy
z01;pEj6j<a?-3(AwYrFIAR8yFdSen`aItAba9&kFg_2^})9s)pz!FsXRq=1C!xJ{d
zT3RgmmU^sS@y3qY4SC!n7~aqK=^dQjbttkE;clP1Wq|IGrK)A=#pU^Y5{hU}NP>%c
zqJ6>CpdDwp_tZb<<eyRxW%xfue*EDHKD;G)v($1ISc*p)$c)|SbmX(=k`i}}4jFXq
zcyEYNF2(JPtsfU5Q9%UJOuqpt6`>_M%+D#{CRC!<J#^=2;bl6TaOb$6bcNPdq5)2I
zFRJRwXnN@P(qMv60wLu(I%56dBh6Wfde)hQU6HX<6q1g64eFEN$#INBFk!&e{lwN@
z2S(!8)W{-90EEPeg;k$E1)F$dhu~sRjW`t`)58hW#Od5zWT-?g{2?RbHr}guAf6yQ
zB}^w}I`Wd7+>~6{D_ewU2GeHP=U}oG!;>+oDq=P3PYPw<d%#@S&{zq^gtov_+<FA&
zNJA_Pt^L`V)j9at$DM?5Ns38*6ja|yzlm<$Z_QS3Ab}2gCXTe?fah4%^>X9VqXOH<
zl1>M;G{Fmhc&UKDrx{aisnTCix+JvA*7`fh^&H6g;xiyq`*4I@m8v7L%p8`5b=qpZ
z1c#W;1V2caj-sV{bkWTF8dX^|k_S!{$>tSLB^1yP11WS{DCESM2E3VUm+Djs3L=wb
z7WzQ8`jM7?-<rXNNlGn?i#f03cd3CNNv=`}0EG%#R)D8|E;`aGMF>F$gd95u-xp@p
zWz(rh+mLt3Mh9C^_-ES}<)fvCbV<7<hLNAF`iN4-L*H&~z)5RPS8RPx+uq`h_qHj@
zq>nJ}Y6s2QxOaJ-@CN=p9myQSB2)cX!06NeZ_|<A6$~7mT&;}%Ycldfcf(<?39a)|
z*)Bn{Iw?s)v#DS(-8}xHfVpi%uEU&;84+4?TnS8CDJgMm-<7Mw%+xKuc?EKq`ffWK
zOfV+zt7MW@F|#Bb4iMzgQ6DD|l;`!q8&SiBT^s~S>j?)&M^qqj^phY<+lj}ook-qu
zkLRBV`Y|UgS69pAn-0GD<8t-RA<D2=;wLHUn@&lREMydLv-Sb#9Jr>NDg7LAk%LtC
zDR2YQ8m89i%wHOvgD&fvA}Os)Y110;Q<2Im-@qzY*@_wnlpCKD8mv9CgB}u=@ihA>
zU|Hxc`Urjk=2A^Hc`jVk%NGX9yanSlmoOv6bk)+C&kvlgnV>NfFP-f}P7KVKTI^cm
zTzr}5llY~|>riPiP%;|O;YJli%TG2c8b#M9EJXGu6lYi2KHF<{cy@KTy>za+_|~~b
z$^~tFQy6)_zpyrh9m)Hlk<dg!MGw8ZIJZA<;VvXGNoC!Qn^1f9;FhfW-YnE%L84D8
z7=#kIZb|Z}aD0GF4jVu1GkF3M7<pNeDs>tl*V=R>$lk*!S(g!O?(PF}^1a1<qFz+v
zQm;WRZW4KmJr0EXjqW?v=T=XQ?FG|JWCu2Cg91vQp6Md82#JBxK?u2OX>*5W;6&7%
zv~h>!>^Nhvc%MQcD8#KH4rntp7|nY7Qpkl-p*rE@FO>>z6u@Ra!Y8@U2@xBJU+9%S
z3}YE2dDOI$r-@`=QYAg{-!}`L*>rh<@CP_X^G;m!#?Tz344gBF5Z3q}dhhNra8_=<
zg#VIFZ9nmV)Y+=SKmj2GqaZ6q7yQ0R6)s01Q~3F*y;)gr%^Gh%i3WwDRaDWULq5c?
zfIly#z<c%>utR-@jkCE!b2Ux<K{NaGs;j}Ey1>k4+F<>pMumtcvHN5cRyI2i$mH!q
za)K|3t@2~p;DD&XRcJ4Tk6oHas3qW&%R`pL`HE-o$nt&Yy{M;akU!U(re%CHwnXnc
z7a=__iKQ*5hF_`?t7Fj&ZWbe#6c#az8CueOt3RVc$|jvyY7972lxJ`^FU6@1ju)^I
z!QNHfp-&(6&!WZUK{^Uu*fs!zWy^!C&&(vtLk_M9$VF95qa1TP016aFsX;Iv-E9R_
z9va#MUe8wHvs}z$ZB{eY4@H1SynzleOW|n@&g=VHm)EZ!{ENl<?=L6GzdV25FUfbk
zwy8-$taeD2YGZ_jIApbrwLAgBl5&TSji>yUH2rp6x1C8UpVp!X!+Isrw-YAlCy;ND
zgyGSVC4Taq>FdEw8xQ3Xl8R^=rYz~S<(IPm&`@U56I5plWkwei?Jx2UCp*D;{%ZX3
zgLJg~$ey_wxc4cOfN8P1{2r6Ufo;EIxyT1tvzeD%@`^dPmY~>$F1_UPc%287wg9H`
zrE)sW4Q&_RkgJ>^ea(a3D6Chdw&^ozh-4?pH#N}{>xOX-rcEahd=$B`UO-kgNkp`y
z-;8)o?k5>a>J<gV=aeErCnIrVO$Q=O-vW^FfPPBWI=4*+hf$rt1LH8mDx?L1Xww$!
zuOoF4=c`(9WPM?C+olvQ85~B&gkdJqEdE3|wIB#Lp)|nxPw#BmypseM&HO^+IWkiC
zV?phRqJ`i&1UdOqAbd^7TA%38?5dP|f-5M#Q$iHDqZ4*65$a>J7BfYqFXf5gb5^&$
zITkBujBKnK2vqIJ<@5R-ADscBh|!sr32z9+>M`lZyZQ`}_RpJH)&Q8UD{<c>u7Mqx
zQ`nE~>UE`+8{dF%c=G)3=pX{eW@KSb6Ic@3PXa<SWnqHd8Q0?(br!1Z=zu4dk=q3X
z`<aZ)?QH@n^okrK_ks0#9@S9|KGj+<dXxi%kWazp2Z8Q;^n_50=RNSbYBFOI**Fr+
zE}oF~mM4clnL4&&NN-rrb)WitxdqA?5)a)f6$LL}$JaC&rxx}QC(k@%6ETNb_cyif
zj|G?N9`SXyd(!Lf5KfSlNSfgl(hz(h)*5&W;9=l;x<n5AIXj>edBZ%^W0j?7gyS(O
z#R(DELzB1c8@DdvtyQGSpu47`Ot6ebq4*<`#79AqO4bSuh@gPX-!iCs4|Liqem!_w
zi~AUvCs7jXds2e4U|j`$(bX{rC0Wdzb@m3DwPkUp^1S?OMvfb(fv10LwFp!r037_8
zv&ed|HN-7f>IxXf%gLQzE~JZ(<wBQ3UEQDS>J0A1zv*}=2{=hdgr-Gc2c~jPRwExs
z(zs6oGNJDW#tDHVrfK8nFPr%#{_z`+R1c8MgDd-Z3k~KoVaEbcf-N>bBE_PiXE{VH
z2a0JLKa^_j=L7}ptuEifh1NGebfiz{4k^0*_1t=aPW?$x_C#cBT50-(O=nI#?x5GC
zX3}@bP`?Q7Oq+F|bU!s!$0u2S9=j<MtM(F|7Fb4$#iP%sCGedh;JH1`om|L?f>oWz
z!pe@(WfjPERdek~QMc@S)!yHG*-JI<4zgq!<Hejdr*c_~i6bgC((4BcJUAD2Ppqjg
zbi3`L1SE3-01T^_OT9B{_9b<=J$=)<L@G%tVfjJjJx=>7Il`P$l_p&;97e1VMRiuB
z=+Ds5Z&YQ_)6Dqjtik1NI9RxJItOzJ3x^|Fh7dZ;6B$0T4W2+aUq|htePGfqh1GE9
z)?D48y>&xG(l)X$WmWUG^rA0&28N5jL$}M-f5FjAv$N><-XBk+l9%5jAe6Z5eb6CJ
z(rZzAtV?gwaTX|gnXj0kNeNA8{d(@e<wWL1o#9XgTw3;SZ<XOty-$bBuQ_}V_T}t8
zaWD2Zn3`|lc8HiQx{^s0tGK<|YASgbP0B>o3?9j$sUH&<2tz9-m$2Il9>PK9%R5$$
zk?jorQDRoYa^dK!KxZcUCV9%{jM%mj-vY!$-$a-KC2it4VJo7-lnvP>=+T-8fZLk<
z#yu3f8RgN5Rxx_T4K6)&VJv<^p_#V1&KY;APR~vcBM!4TMp!&t(u|||p5^AD5oLtZ
zqDTo$ucML;ozhBa>t|RR$qPmIzJA2`tog&X4()?elU!Ewq?qn)fic_Z1(W`d*L^}$
zf-16lU3fu`6#lOm6+fDicra|_c1Di^8YEvLB={|un>Sf!V&HQrr}q&MIEc&d+bSQp
z7V5tth-=zQcAZ>#POYUja&6`e2A`b35so^^BZX2mzuke15J`f1dDd5NR*Wt(PByM?
zEI(-3j(p)0&4R&>{06@k`pXhtweWN5`!xiMr3>av9#k@IB3oCIaBbyULo@7d2m^MC
zcdR*<w2~&3q<M(jtyzX<IBFy0FPY*NI*J|S-mL(As1GxTnd$!Kps#38ck$vb6T>ou
zVpJDZ4UbrNQ`rxcQ4pfFaM%!bx4W(W5P1pxN@vjpdC9r~A77($q7q2FiK-ZU51t_I
zcB}U;tM}}?L;ejD_i!=}D-N!4^RnRJLJxC%#dDj8rLU>rdx<=b$_#hO#-DE#LcF(h
z;@cgWr1Q;5Ghs+d@RiR>rhf{baeb>g$vGdG$d@SlS?hppg=dYDibG$l%uj4<ircIy
z^mKZ)B+64fMVWFxbV8GPY;f4YKXj1Y%Wk_7HgzDI-n5o_xMv-*m~wk!<CXRPZZgoX
z5k$*ASeEpFTYX{{U<D}~bBm+fwg-IDIw23AAdK#E?a#hY@7*Z1zsVNnf!=2Hj07U;
z*hwqAHNoIq9vjlBxswn;sA;&BRq^~LD6x)a|Jl`lwbi^CHROdTrcU4|JqRW2{*5Ss
zvF|56FeUWig>ZpUkQOf_2~C1N4BrHBCO4!I^pyLoSdmfHvXrp$p+bsBZ6Qa>d*&nu
zx_jE%%^P|-r&tCHdk$56=;ATTfGzgSaAsvcCcwLapgoJ4PB4|OSe-jYm5aPo2j7BH
zEi2Qe5a@;DboYG|)px!!_@DCnkdtaKc2SgXW2OXeLX)&;-DA;3{ymP<Jxx>`We`<a
z{t!(%kQv0)pi3WZFFx8vQ@-sm$GkV4`MB>p8{FYI)l|YnmH9frysD_y90+Y+m=Y?K
zX&0>Vzh3=t*uf!7cahWlc9cy;+^Dcwtu3DQWOYJ0{9Zz-^#aDpkzjWZd&zNwKx#LH
z`<*-nsbMNS8zK#db=fNWiVu{A(;;MzZ^3iaY?gmw{K4En^4E9t4L)a22r~!QH0U$s
z!MKkXQ&ApEE=wxz^dh4m>q<>Xq>l5YeKE(UlM|cwG|r9g8(I23z&vSB5$RQ@N{eme
z8r4O7@*v109;bTTq1~-v{7U8kpzBz^J5$%roVYhlGqjUmXk$t>6ssAPFFrOisT37u
zuY5C8S9zPT6Q~)6A)dG=4dVO?24e+M+$5f7&Y&GOwR8ic%>&9zN|NuL&f0VGEWfdl
zYZrPVOy91+CW8jtZx$qN%@KT;E4!Ng`on~4=K*JTxY~$;fq8iXj=2{cvdGY4t7(TH
zc{nQ$OP5k!Ii;W2jj~@Lk^0ncSo+FOvnS`NL6grz^Z=agJK0zTAcUO0%<Ikk=QX|}
z=?5PGlp)amM0~u=r+tr+A?5$AaSMRzJ*%#1P~~en2D2&7O6&dTRV-dHP%j4Q`c(Qr
zTKu{+HzbJ#<XX*+1D_#Toj;G7Va8I)58?G_*hYUVtMe>e{cvj}>V06p7dW?KAa@SF
zuKE5n$uM=KVSb&i-WWvh201ip6$h4sOhVv8qUq;XadTDF1TzA;5)mHn@KFwAMp?z`
z0RCnJp<4WxX&xfbbQhDVoPt(}2$5?dji%fpcxq}8^Qb;_)d_GCUfrx$ojmCmBHI!S
zd<hnXnrEm1&~~`>+|(5op}QUDx8Pom(=}Kp{j^G!?->LGH#1cp6?&IiwG_{=;S9zM
zG>bk+_u|5!NNIKcpeV9Gq?Lz@kGp4*jhN`=4ZzW4S_X{VPW{z*7p5loNXU7HLip~-
z-;c|bVgj*pOJ?=x!BFT|<nBd<J3pc6BnFq%X&Jbo^@|RG6uM$Odx#MJkaX|JeT~SV
zLIb_Bd*~O!88dDL@@my<?;O}f_5fI4lXLqGV_iWY>Wql$Ja-|kiw0!@nd*1x%k_5e
zNxv)+5#;SxD+UcMayK*uRns&daplo1?x*}JmFbGfA*0Zw*~8Sl_Wr$a)_mY#21Wn^
zLJR%h7S3oN3ujqT6+v1_IWhYG$A^4u=vOAl+Vl}120n5I4m2?}XsUkLG$gwD-2s6i
zz$1SO$)@P^tVJWQDwAkRzy$<dcDO=a!mC@B!3LDzvhDkK#=|JIsu?ZCWbb`@lZ1bn
zn1q>!`La8gM|H%o*$g)V+=8Mg9@Q(fFX?autW91IF7s;3kDqwamg-B}k{juN)(?l9
zEih_qB}%oyPWaso%8dfLFH=biBpXSr@U6%#BB#N(wITT3P{7#8f_}Dz@VvBI9BSG^
zv3OHhIN(uiYzDE-KziuYv4>My7+minfFrA(H+Pz>j)k^#=pq!-S`^Z%q*{qF?;GcW
z(l9ek%0+=<fLCUJvT$J=j+oGTT_E9LM8i7aMA|5)VJ3hxE$9{YB=o|L*@~iiS4(2|
zetL}^ORJHfaQ41Qi&#kNz;GxzJ-U>=2DQ!T*E`wEf047Cck-qDA52OJ*zY?441x;u
z&*dIJZo}W=ui}sYp7rl_9si`rejNT&mB+tO{-VMD?pyPl2Ky6s)c<OP^H=6yMJoTa
z{BK{IKj#x4ng8xq^V^c;FPEEtz4||SK>t;r^3ORq&Hu#t<9hSYD8J2J{si}bK>521
z&OhV)HhcLKj{gDYUtMwj8R@q#&Y!6K4@m#RCFh^Pemma$iPQf8_Qy5n{}+XT_J4Nu
z?_2iYE;|2=@~>U3_8(CG?yB?8IRDz!QU3wwUtM<o8|kly`0vVx-#$BkV)z5;Z>~Fk
zJ;Q$`{+%BFEsXdR3MwCz@c)%b{Cn2lS<z2_Qa+Bps{bpI{O_56-@yFW%zTZHP0PP=
zsQ;e%_YwT}2Irq(GW`2?=fCIuecbsyzW)hJyMGw%6{Nu-em6t@_+)<!S3m53pZy=v
C+UZUJ

literal 0
HcmV?d00001

diff --git a/documentation/ESAPI-security-bulletin5.pdf b/documentation/ESAPI-security-bulletin5.pdf
new file mode 100644
index 0000000000000000000000000000000000000000..52fb78801f93427ec85967be5743ab4926b9faaa
GIT binary patch
literal 125950
zcma&tW0Po0lqTS^ZQHg^*|u%lwr$(CZJx4i+pd~>J7#(&qI+WI%g&6<{R5tN<yxfj
z!lJZ{bSzM$L&ZbgL#;!3P)r021a^j&P~6<~(k8ZM&gKNn|C}h&i&|Jan>f;oS{pc<
z2%8w$8JqC(LOD4*ni$wXxo6j4O~hV~-t+1eGyziT^dx|Q0AkSsdOLCZ!wbkp;P#J0
z@44OIcCFlyWgVSy4(L;`YE;+ySal%d`1*Zb@7>V{@xdhVd4IoOm)*ksE_dDBJ@4Ax
z;@eRYo$Zw_+P}T6?$gV00O0WYzJIO{9AnJR=nbxeqSOCeEgXkONxOwYXCIr+Z5DB-
zZ>6N&K1JVdZRPmmdw=@AkBz<B#l^MZqdB|Zwn6OM<UVn641@4n4Z{C84qLSsGYgko
zr_cI>Fk<YnGDGMgiV>L$lGwoslJqd^_U9OACW1@qrf-3H*oV9d=G%9ZbG9cisEhuE
zSOjn@jXP34n*w8PW(iPSUU;0Pw}a#JT@~~Dyv+K81Bma($^W-Z0_~UcYYj3dB@dYZ
zhWQwNC+i`AgQGE!c;VJ2<9woDkJy1Dv3^?^Ky7JKfhG1AUK@}$cW(=}U*v8ax4yQ&
zIaxq@LMMO`&>)c7@0ns9)+xY1IJGHk(Y!b)J{Cx}T3OgW4BS9yIl4W>O*jYqCpF#Q
z{RNNk&QTf!vGwUTOt?^UeRfPr`zFi_<Ri~609_m2EKg(hA$~VL3?L&0Y%p_F3yO{9
zM&t01a>7vNaGZ$u=AGkn|KZ+h|0{SH29s}SPic5IdF)E7N+Jjy1h6f86Gm5J+R@;g
zq$PVWH9pvRQ8xnf9S`&U8MfjzEctPNN=q`xmp=L_pD_s+qrUp3|2sGu-Cp<FKPgQH
zR9n?+kCSc9qy-#LbK{>c+>i1xQ5CK|pJ}(nUgHL^m?d@9Kg*asE;UD;Yrnx{nSB4h
zKN|^kRkIBcuR|D}f(qCXg6GMTg3(p+yd_h3V|7=f-Py3fg1`Vi8`hR!S}*yJ&Es%r
zx<dhrxng{AEtov4YP<=oT<Znt0&H=Oq~xDwafA^j2ho^^2VL!w@*AY%x+p<0BOFa7
z9e5P8XQXG*eCbGpH2H~t!3$RuuSdjhpTWJ6`+|rS)PQJgBPfW)MA)N)pdiplBf*U5
zU{HmKCwEJ}p2YwJzLT!M6(qrm9v~Tkx<I7*$D?f1i7R4ZsiQ%G4VoR}Y{bvx6QWvx
z7(kz^@{ky!lJY-IHT7E}5;mS0rQB0+jt`5-0hx%I>V^w!NsA!jD|etrN(vGc0<CN1
zr@b9ef<B6>l*A_G0d(3Suws2EE|F1~3Ny$yKO1YwU9W(QK;_!VG+O>0fU%YL38u-;
z)E*9guFa4%>f{j}Mvi=dw1al*i?%U9Xw(c-6mu68#dyT<rPN(2!Dy+BR1t6%cg!0m
z(@n6>F5MYGcO^~<z1wtOBrqM5h3`Pry1x^EFc}<rM$+n|;18@v$5mv^aHm0tPs(Bg
zN&y)3c;vV&^`4a@k$Uk=h0EX|Lc?d~wk9lBVtZ-q!(5SK!cn3ZBK)%57z{7=4sna(
zD7Qxi(lU9bVz^ZeB9I-LTeC)mRkCixu4+iIL6wcnVHtHrR#F1ZM~Kz2|2viFSn*}e
z=yU^c={vX;3iTGLAC_{}bWk^vjRvO$GZ(piO4D4xnVe2u-MBm;-K?d1VNj*Bw}fLf
zc*QF>y|0_d02y+X;MBB=5vf;~#S;!e662m@ltMPTk<I^2p7>F#a))S|k^V<LKB|eE
z?wnjo7A`wU!hC<g(BK^w39;MOfWASZzI+&c{UI3Db&eQYRQ2H~pgS5qY#o+Ri#QD;
z6wA*`Dj@+s>5km;z`aX@cx;*m*;~yrapPIpom4XiaT7&~1ZnsA2>QLwT&0qR9>_QY
z;<+-BgTA{Nc-iys+idACk>Lf>1YSj-n3Rtqi2h2Em8)g50;<7Z(3@aOQVKWh8YMR>
zB>9wz0}u(;f?tJ<W%oCiA&N}r6ChEn7yt^acTw{w^Z6=LckC2pv!Kw)eM3#(a$>2>
zhrG^)DV>n*jfExztkkPE*Ub;sm$foVSvX_z1As1}ag6isvhDhHEO<RX-miykt|kV9
z(*}wU6DY^kjBy^pj96}tV42enK90#z>R#dzWtszvzY8O0w3gwPByf>5Ditt9d%e%W
za_w&S{4q0T*=~~@MocXdf?*ljDGXtZ+4*Czpl*WIR*`7%2#1)HG!lPLBGtw0AYCVH
z0fS2KHxRI54CxvmXOx-a3~LRP^YVeT4DaO&c{=T`PmAR-t`{``QV>n*%}EITZG;j~
z4vflK7)6jOF<OTYJ4Ed3u`xNK86VOp5+r&)eQY|HB)!dY#XTRdxgC~W2Zhz-cpHig
znerG~WP(2))Rz&}p(0>7YLj#tuHs{gi+L)Wgjz!`e6nVnh2&ULY^R^BF&hT?k(*jF
z{6qAi*JLhKvv#5z9f)Sc%qHlmDARLRBm%hq?ou?{2b;HrTIyS}umH7k2dHw<IK`A$
z>s?m7?|Fu}7Ms1XZCqkQTg@MF7NqQ%RnK%u1W}N=j*2C)!?8}Y*}g^y4x=btF##T;
zc(o!04*f3JbQ$(b@<&i6`oCJyxIH3_G5JC;gPzmY+E5eL$?t0s6?<+=son@E%WEx@
z7~v_fq(64hwzK5)s8_LCaBuNe2@3}I>c(dZiA0uI$)J*zTx7^xYgu-N{+JMU>5N5c
z>dt=cM>9@Z>u07FXv(S1Hf63h&iW#vdOMvN5mK_6?xvbOURX00<7_i5Kn7$H$!nJc
z1#zhP)8i`guzH=HtCo+MdUL-P0}^%VZ~`<b@pAGVvC*#*_dImYXp$IQoM%2cIJ&yC
z-!vMU$HKJDGN+Yg2*6!sDhYeUxWQ)*KWYFa5Um3LT}q@rf&eRR%(cl365Z^d0gUr-
z4Sy(nDtHnT`55=(grDvdIasWy7jN#_=kR;*Bl5c<dN$JI3u;@agoG;bid}{F#)|$<
z?z|uZsonob+Tj!sy2ZQKA;(7hn+E*dTc=KH3CfDR9I9O-_-X;8bUUc1!r_wp#>q<Q
ze9RwK%tFT=c`i+3B_@c*KG;4B{U{?1E&OIZ`vPzna?cSHS`VBTb7aj1Vp3`|B$e^!
z;hIafb0uMGk5R;CI&i93QZM>8O5)raCogM$Z%W8{VP6r24s*sgTyoJVqwqpL6g=&|
zbq^As``QPa_eKWqP{u5-EiL?|f_%gJgn|*7#dL>+Nece678A~NapA-{(l=!O3`V2%
zG4*AQ(mlsyPzh{?`hwgmSYJ#t4^tI*9k*NB<wytKr?piFqTWeEJ#=P$mi$TF03KLc
z3Eg)<cH#s%zZ4B})g$fALfPKp5TU8W`Nasn((F3)XU`}vfzd{ozQVZ}3rkNNk0H3W
z%Tml-CIY&NrNxtM(O@jqj&o<E^ChJ59l6^<9b||3n|G9lO-lj-vn$Uo5qk@ie3Z`C
zXtKHRNFjtCR!Ql_7CR!32zRPZ9;jUhWCm%PqQSzZrS&vpvb2t(jM`Jg?}+bCRh7Q%
z>ZmO~q{%=xs6O)tr3{zU%+jIWaC3Pn@)+a$K)~ThwevbEbKb|MY$}+gHskg;X+GAN
zaq^V6D2MVky%;3k#Hz;m1|44T;4<sI%5!O42bJ%2RTIE-N^|wh*wVE`c*I3FAZefq
zXV5;z==QSefje4CxmP4GOJP-DswTakZz%d(VpQFXmV41^hQw1T94hhjFmz$QW20BH
ztP8Vf=x82k1)@{;q{PQ6m2|us*VaEa!4#apG!294#wFbNYU`Y#**IPB0zQlnAlCsm
z0?NeJ_<y4JpWVMshWeMs|8AJrIa&U_{*Ob}|DtHN{|`kUYfZ&owj*x8s=4F#!$lPf
zLz-jUG4s17vBZnStLXB_L&jU5yb3j{!%HU9bbZbo5n)8v+9Zs4W^<_&uAKmM<?a0R
zFyHs#UC~9mzUKAye($Sw`IYFwqY*sa>!Dkp9`@<*Jvj{T?#|%b<-{cgox>Zv-luKX
z-P(ftzTUU-^=8>O-;UzH-gDvXZ%3aPcYZx*->e<-{<u%9Uf#>$_xW`Bbbre?1JL&1
zPaE)`yMo7;Y)&<JwUI>xF-8UvLIy56?2d>`pP!wVdA~Y4-|9b8$*(9-f4z^fBTv6o
zY`t&W?fkWczkiAAn#1M#`kLLo)sRwZ2Kj^cQJOj0#T;zj!-N0nwrKX~qwIT|x$#HY
z7r&)%4AO&Yrcns%bdlrBU8-nqLWD+gz-~?qo`aPcUQA__L)mMjr>lG}orIzQud_O~
zry-sqGuobv%2K1G@eCJL0Pwtag}_2M$$|5*QP^vm$X*~>4W>oILYYTq3~?g7&|)RO
znrkG!f&t~jJqJWA`*mDL!%YLm4#wDI0lBeG+(0i{&_LqyYa({+JD!F%eoc$b0)OF_
zE+aL}Ye1@d-N_ySskb~w2u0qYE<w;i=sT21U@xfewI#N_yNYpa>NJGbm(lisjCijV
zCj&<>)oCU_Pk;4;cHnY<k9?qN04aA!QWp~;_-3Yo06F!H*h%Vom1S#p;ktW^^`{9u
z&X&Msr66BvMxZ&kNH%tm!9<Ya9hlU>S)A&M!ib3}RiWvZ)1V2@WL8Aj+&3Pj#%U%e
zHudo&Lb?~#ku(Bg=>U@tM=VAb6hAw#w5{TT^a-`m57P>lQfZ-<fu5|w9aP6bWsb<V
zi~&_caC?$yFiUZaa&T-jZ_m`M%ph-F2c+Pqb~4#o^|#i&3`7*6LIZong>iqcRGB&Q
zueCAMT`*())5!=ac4c}|mQu^e!)|RW-DWm8iagB7EA~4`PUz30EE9NCBH6^>jZ8rC
zq)3%?Y8C^K9530jwGNtYLhhR8$?0)^xJc7rD2sGWndl0Va>XBk?ymXKm6}*~6%dOx
zh64)iKgRGnz*|e*ftYYcPM`v=`-*eH3&ZL-L^9$5>JPusYRP6a#vG_i>JiOOe~A)F
zW|}rDF$<R2tTt6YPReDkBG9qT%#^0Kp5|!&#9yQW&C3<ky?F^rD}YTZe&yF^t;0gr
zRr65#CAgzfGevue-gE5<hR15z3fE=Uqc(hM-!VZmP=UTpqEX34W|}<cPQS2PDP2h7
zD;yOC<SHq2_(j~{-^bdjWlgK|F)AX7ws1<8Uy>+ot?SIeG@<D>p=j2+WujoiX~R3+
z!Yx*|p52#lND@1!#i>O;l6{YE5mPI83P;<9$92O;IP|apb!%elS?09_)$f;7Rw}Br
zCHFLsa-Cpabvo^3_0S1VCw4tu?Wy8(;Apbda${YT^^LO#7-ea<<0)L4ej+zDtAY&4
zVM@_HZYU|@rVXZ(Vo9HD%~Qu$u?ab`wbZJZ?UO517?vLz7dU#=Xg`zwHB?eX1k&8=
zh5~)$$&=fY;(31(X<FvUa%f#HV0Yj^#OLuzmwM9r;xi>nr?xT4DD``C>apBRS;^#9
zxfU(g$?ONOJdErzderOJ{cWcekk=rGJqPaIT&%46o||73MAsssIpLS3t27ZSmI`}O
zl$of-e7B-vu!timmQl!h5k5RlrE|;mmS`IwQ7co)4`w2!>WVQd+n-y6La>+2<T<i}
zY+cTq`J#;I4=4{PgQoK;k)!xhZ3Gb9SfokSpvcj9M+BqEZ;du6YP2=iEw6!XR*jV7
zhc`*8Ib_`S^ahe|8o6(nfZH^<#ib9>x=%=HA=lLeLRqs6Bw4?tR9=bb2|%58BcW1@
z)t-f;PgBwA4Cp)}x7J8G`*Wd?`ydNv;v%5ka^t;k<7INUHQtuW7{%WLGns4PCpb&a
z*c6=Kt<^pq-`b`(bK|ZNQ|N_wc&w0}m|0O8;ow!)Y=2$_tnE*DA1<d#3t-FI2adz*
zh7HT8aSpu?-C#AB{i`yaH&WmcBC|r$iCAv%4MR8gu4vo9BoQ*e^=iyxI14hFlPx(e
zmd!7EDu5HS$(T*1A|fT3oG2Q~p+>zo0V2JLJv{@fO_6deidFoLQz;+ac08(o)49AB
zyz2NudNI>S`rBOLb<K9Ht-0GUWoDg1)R9uFy{q8&?U5hnBaKDcpl3-eMW2xeiiwaE
z%jB2Xs_2ru{sbLofN+>D_5Dm%^#s9>GBAB?Ji_ePId0f;a!0V(waT>Z0<vm0kOJgu
zC<i)2Qa*1Sy1{DVoLLjL>B+)cg*-UhCjyn<lJn#@2&Q)483r|@p1=C3a|-6E@R5xV
z+)?jHO-`#s1QGCjq)o!>M&gK4+3B!x?4BQ-gp@7~ns^AN**`aAd|y<p7gI_xch{1P
ze&RxPJXUc_+m+kl({y`H-F&z9N-NDgzh6e}A;(?41)S=z#DvhdDgs~qG*m{#LSoHF
z&Azxkg=wD%qo2gUYlb5<h`s<oeQZesaHjI`t3V^nldS{9udOQLudLLt*LI=8B!Bs&
z&9rvEi7+1p*dC6_o*8|Eu^w`!w!W($mS&TZz>_-<Hzu*Wtd@jUzRTwQZPC2BpCW60
zVYyzpuC2M5TPB*SZD%#hO#65>`G~qwa2PQ1sLUw&y6sdyvg|RV<3Ge#n?|#y+t$aT
zG`K3i?1ss!cf8ac{7VCP7P^jiqXx3qWx_-$IBv1^r;4p(+9{cDH~Q?Wji7Vl`qB-N
zLjP29s=nt&J|Ar`0jP!438%ZB_?v@(6sV8FrH8wVLF-z*d&#54#B1<bFNO0?M%>mh
z<75Vm9>wk6NC!Ig(c^P2w>|dfTy#qiDt=9dQlHzVcWP$ZdU4ctjXhvxbYf!xA@tps
z`qo|l!url=J@ba+?ZLHStZo9odsDdwXKzy@`$}TRoW&M5LY&wh=trg?h8;Wjx%#T>
zPB*$M>cl<2j7*Wey0R3us>Si^#8&nS#(P~VQ^|=x&#dG+V*f?I2-}m-FXVBFNo8s6
z*czg>vz5+rlv!5PVZ0`j_>=8o`2>yL!xynz{>M~6DsreZPQzyhf}Q9v^lXpOMqAll
znIA#Gysf)^c^0MR7s^_dcyquy>uccCD*|He1jxG^#rx=K1?rI&NXIEYiVh`3@peQ<
z1eIudBDB~bk`zSVArX!ut^i6hU(+9;sfJrP4bAN3E}n6YE2<JFVYcvPv8nu=#M1gv
z=wppL3`;Xs8t(0F%+b0g&qmX$T*0lXNwAO(oD^Y<$|}PO)bgEOB;yMPS~x7<pw4s^
zUTuw<BA5{u%O%XMuwQn`EM8ta*XRb;YL~O?D8rj`%p2VhRyhD7W|iF5!BxD>P168H
zCm5+Tj6K|L{1GV*oClbn*oa;JV${-Bh0)KxnB;98aW>uC+urh;-r~+UlU``af{OF7
z<fqqvW_;ivLy3I@BPvz!Tv&7d;A2T|V{d<Pf^p3e?b^7z>!Cu0?KJbZ`rfei{x_@q
zW9X)D?y*PdzX9#PQvDCmvaz%OCulkT3urn2KS0}~B@su{2HQJZcjn}OZceR&I%lr$
z$-I}91n9`%7?}egfJ4yxcAG^+nV?zOIVKwzwz{YkCG7D2mavds#Pjv=k{1-<H{Utb
z-8nSN*ZX}8ALdt9C1!SwvtO3Cjk0%&k_I97b$I>o&Iao4!FJDq&+EtWb-xeKhQs^&
z^F6UO`(j-B*!3r43X>OaMcwM_-G@uVEfn7Gh1|-9qi-lk%40*8Z6l+1K5O++kMAGe
z`t|yZ31abhXiqy7Ol%KmW^dKr<;I-y<Bty1*#^MdEn2_$`i5!6u|!1Kk7P^xbJFrm
z>~4dG#JyqeO>_P-oz6Q*<H4>5&@X`EP)!@yVBP!9Fb}G?JE!rcKBfBgYZ-(%>>73O
zl*A3#$J%m+sRc<$JyW3T1ey^+OCIbmvTLyOi7Flns$rN?5ib^B)I6cCW{Zw2zd=ui
zJ1u7YT*REwqO}xcc8dq$J13z7M}dum`e4r@@>*g4$_BOn>DAyaO6zX~S(zPUKpDt?
z=7+WzhR+7}277X3Wq<Rd?+duis%r5Bn{qmv|9x4^3gG_;vHL#HVs~<Hvp*~wy4VNz
z{axLk%}LA-E60h#5a%2zJvu35du=H32&bO=GUn&zIicj9$@`_D$I*G8t&>5BeYT1X
zOnidpZ6GrMl1QdO-3Ha6mXM+vS-V?VOcRTYKDy!v?pmPV%V|ck@AzDwm(rJtLtkZC
zW7TQ60p#m8;0uy71MqvurkKYSX=2ABCTY5F35I{?`4g27pvOELo3<DQsl%mrgBtAl
zynlub>JjF|l_qozq96(gA^G4Pv8~AyISCl=8xF?rhCJ3;l=4<#KJrhj2C<jYgwiND
z8z{07Pb&W<h?G6KC!bgEJO-?j5Fn6zU_dH3n?*a0;>bUgze=|KI7;K~3CGuGmD0PR
zG|I;*KFk<vQqqL3<KRI$Tgk-Jd_=gUZmoybF1I1XQ<>#5az$Y0cQee(T1Vks;KE#o
z@nF=O<}K`Q!%uh;H$~(NI<=jw=4}+ixR>SMI94ts&E`ygoBZ2<E6edG_CVD&aP)-z
z0ZZymqQ4{Ck>#krMWLqa@1MnD`jG$!s3s0L-WdTg0Zg@{a+T8h;$c6itE1FLARp?+
zX!q%wkvw_&qgfo;^~f^>{h<)<FQR(}RG)Ym2_FqMzX=4umxGXeb_tp_oOtV55=L%8
zq=Ai<D=1P!J^8EVVKhHZI*V#84gYDZm0p+WT#?GIN2ZpAB2Qh~QUbC!u%JRzVZ2en
z`M(4>$;+8%hGN76hAEWp75d{qG7yC+ReLmt@s9jFZjciw(+)NgX0kfiFo`O-f1ub2
zDM=HHA*bWNRD`Oc@!a>a3Vr#nmZCBewmDUC-)Wt?lAp2}4#kJteej&bO5-(r>x|Jd
zvv$c1g(nGhe*~`3VZn_+YLaO9$kYo<opToOd{sfvB!1Y`Ou;N0yEF(JKEdD=jzLZo
zDKyj-`N0}oOh>r|w4_iH&yd8tMG^Pk<w?X2<B7~8;P<B|{|cq$Bhb_(dZf5nH0nx6
zACLJjhju%wzh+<mQ%z+@1?J;d?b#!$AI6kW_b^i9z1ket((h@BDOE=ODwV$&ETnGT
z%Jk8;kb2K$uv+LsA@KBpY&7Hn-+q}ahV+m~YetK`SI~)UDGG2S6Dv_Ch`Ei9dwd0r
z$LqPbHr7lAN0@|A_l6_Q9nFa<{tRtupkD{&OeRw4pa@kSSW#X14C$&2R3^=iA%@#y
zAHY|#QrA&43jtRdj*Te;0v4e#R}j%JY84hzH6#={3bcbVnNHnNVOb^kl9n(4DT>Ct
zqI6!(yJQ1;fumX#_n(p5N;f#7NId9P6l!X8^x1`Y+(Iecr8aZT9(B3tuUjLLmkJY;
z^vxgf03i!OO2@4cgr}ee`D9tC7>z;ag9S<eu1lhzg`+*WPia$zSQf#FMKRUD>X5}}
zuugTs{<%mF897GgMIlT3<DUsX&8a{YU{93)w$a9#N5Iyr*mCOxw8|-V+}B+?y)$ji
zR(xoJzGo^>L3)7R7Y}{TrU6A~YqGu8W4U`Tb!}I%yv~)aM-cVlB%4UL!Z-*cwjO-K
zKUAzZcwVcGTU~UMsQD}FHW8u>XxEwsgfi}1K2iW&C9dkQOIhgln%3xhXLFJN?kMPJ
z$qP6M2#I38DH+Ha<ou>Agx9cv8?RtPD}cG_50d~yBUv{NnWryA3dQ&mI8J5L7_Y(>
z!#TggwE%0MffXPqDDM))toQVeMJte$?IXoi=c)f|2BDVu!z8#`qMD`3>_xlEii%)z
z&Dj~|uHEdLT8J;zn=AVAce-ra;N%=5%(7OhHJ8r6zVx|C0KbC(WyP_7Yy=_LsH*SH
zN*!~Sl(JRX33|-Rk8z5zRYLTS4f`J#DTehk?&+U+VmAzfX|z%OHT2XXZ~4HcvtDOl
z$+N3M6cKtaPIe+KjUk={02%<^cBM=D3exd}#2~24sFFERZ10F`ZG7vIZmW=+L!;G5
z-)Emo;ftk|1+8Njqz%@y7JYSLu~ur<bXz8hB8i5EO@4y0-BZS`V9!d%4GL<SzN*{c
z<!|`KNoqr`F1z7&*XsoBgE6vAaim0+EFmj>0T;KRJ45ukLVoUHQ>(vLuKv{Y`#TGA
znFH_vdoKsPRw1l}=+Jt#sFlLWFK(8kmH7&=jC_=lpnIP*So=-a1>FGFSgx1;%PwCr
z!74Rn4?nc5^EVxr+zNU2T{7uvGCMToG7*vBn!}XkZsHs@>)RYow<>*0c|(e!qk8R;
z8%D9%GVQH0!rWs>I0Ujv(M&^qlnjcHT1*qYCf^(E8d#cTihVO;*QGuM;hiBopa$<H
z3pjW_;s(g1mKXYUapcxHvgLp4JTaYUg@~JycBG{CEl5Xz#Tc7+RelBwA+$P0R5n&=
zTc(jATYR>cTna8!-?gb9HOjabJ(3A%ax~dh8URNFJMUfQmbE>=jYD&QVHvmhbF#i9
zN5@?@DYSxHEJUlEsTWsl+9zG_s<0ZZ&8{{VTFYoKLV7R=t5DTOpb6Q~MOZN-1<$GE
z&$dEY#MP`d&#cuq{K~V(sk?EX4BZ|ZSva4_Q0J?xrKm&dnoX6-K?OLODG0+r*Dtwb
z)XvwyRg(ohS{d>YeR+1hfq8vwT8;B?Gn^I|a5I|Pmm}7RuqJt-&-G{BwC#Cjpy`iH
zo87;Ee6=l9UPmJ4;w;Ay*+amx44&bJZ`TAo4^%sr@2(io5Mo`MXwOIA6ef2lj@w`m
zSC$BrQq`Yw3AwgXA*Z_yhU(l#v$Z~=2}Z28A0{#)YjxK?;_x0lDKe-Z5t5U0jBO#8
zpS6}~G+|<U*VE!a?E~${D!WQr%f0*fG%p^>z3{q%n=aoWRaI~U6kR-YlrDt%I2z_L
zXFl+LLI|7sdsny3ADb(DP*Co8;dEaYGH5NTtH`q2R|>fD0V7lFZZn9G^wcTleJYid
zJKYxQ*DsjfN)Dc53YgqfZ*s*Ju$2YgNtNt^p!-|m-SNK_N>_Ycbv|a^NX`<xz#Ckh
zuNl*~R;+<xd3-jYWdQ5&_J`WPv(6x#A`m*HySQOpaM=q7QzU?Kr4>0vduma7o5dBh
zYpaJPkP&O_vS`tg<s0O*6OWxJGSp6;C~#LQ(2j+k6j|~2?scZ<Y_vPo&4c5+LIEz$
zDiH#j@uy@LUFX-L%dw4VF;$OaxxV{961<8QeBzUrU))1-IHzMTl5c{cpeoJJ+b>Hc
z^VOHnH_j!O%Z7K@HMF~2-R@Xd7fpDdRafb|;%pCNJ<qz%OElf96hYmeE6UWQI>@L0
zU<<B_y`FQ^$)Q}*PQ>(OnCqOkH4{xQuiFRt_qK!?Wx`a=_(0;MUlA4g&~K|CpXlKS
z&~NH`)D_8=C;mLm=gzP{DfIpd))`f;_t`17xyn3$hi<q^DZ4^G4-CV}wRY8Lfrj2*
zxaU0{X7^OTBZr_hLj>vqcPr%WODK!lBs1_=d(1_z@%^Y5c{*({2F*i*wJNRJk4@vz
zl{=xM7DWWzPvmWr)X^s}U%0x*_#JC2EV|&`aKirBQ>^U#%>AvhEKvl!$KhT_BPMMR
zqbRtvN_N5(V!_S{y+<l2wG1^Q@wDyrm^0D45Yo*Qets6(6FbO1RAC)(n%R*C^mU2H
z7X$K1Rx+*Bdy*V2xG1p5WV-R;_YY@JKHiF7KVIk#|JdGF6K;f^`EQcUzY*o%B*V<e
z!StU=hLQ2VL>b0^n_m8(EiRf<vD6)~{}kt!JOTa`=BoHB_;1^SkJ~1KH9|B>ngW4z
z06MZieioFADNsq6yyCK4wO$G+9uaz!H*yR;ZEpUO1^A&I9iegh{2pJ|@yYzgh>bjb
z>)Ex<vKQSelBYIh@&0mt?-P>ypFghl=>!8cRYqm2c?67k4!*`c7k`_1CAjhoh?o}y
z4?j+RJSu)XLJd-S=xvM4K^8pL>}TmbhuFf1Me8;>`$27aI+FP0EIPCeitG%2A4rCo
z)<K~8-J;ThM%Z~Gx;KqP&BYeuH}@r~BEiR_^>HU+D;o#(XW`!z7`4+)PbWnoU0M(V
z&y#3ncin>)(LRw@Z%zq@S$ydK&AfteOKO@3y7$qLW8Ufh`F@nM!_TwhYXdSvR|<)t
z&1wd(I=Rw^iPA&Yi5FB61@G}X+uEQA7Y)$KR6WPu!5ca;ffD)%qIFgWqJRO-92OQr
z>5cdvYhw?P|EA4-d&J)zb_U{pw`qLT2$}uO_-S-XQ-+hfr4`E8R*EiC0|`K<g{~(H
ze=?L&hZHD-7!40YU<xk_-q%1ZCa-JaCd#+`GNgy$(i!&W8noh9gm8oXT<B%oFb&|P
z`9|kP4NhdjMfUF|1J?G8=fd=R&<SjBN+YYEh$9fE`^$Qi0&=aa4R+igR-?fG6xQc&
z-FwK#B(!UUF!ycj9KL@-*8mzupt#Y3I%SO(b*p->9zI0dnh>|;wslA0fkR?7<El2b
zIB5)n!0gsUwU${;(4Ti?;PQDNnUreY=6k=kQgxafpf#tIwYF@ljUT;TG~!XQrL;#|
z;$Y7!@|(|q<n7vy15ElhO!_;vGI0TWSx&(pb}*ieqh-7;IW^pRjy8pp<DXIj$ekpq
zb$?1p+Q|vJaXL5Tl^<KDhwuo+zkXTaI|AkD?_x3AXv=E3Oe@zw1pB%{$jJbx&c+@j
zuiDi1+A;1gdm-rgPE~rX8JhfFpy26o*uU73xWOgX*a%x-vTe{2e~+9pu5YdL46VI4
zAf2svxj88&>aH)L<$Kh~Sp7^z6LX(kgaDlF#`EV?W?~&`a>Cn?!1eKn8?AW(v1hcN
z9*U7vqjDt9*_qf$!IX@Dsaj)E`lmS!=YxcSEGjHff?@i7km4!`9j!y<WXT&cwJk6Z
zjg^wMd-_RT>f%Qj9mR%r&j^FRY3)%PeG4xA5^6S!^zs0j*xVI3>7=}d3#OoUnnGRi
z5mM}SR+LJ9mW(vhBZrs>Ei|r?Iw#?VE9y5TN%YXq$c!4g%_8Xbh>bM>&X)MXd+JLg
zpZLu0%{5A3EWUg3(+3Bm<0{fD&qG8J%NrrmP#r_;+P-=N8C<nkZ(Kw*Y7~d|uenRJ
zo5!Ml@*i>GD7{mKLLCwzSkvavV>7FCQx#H|5Ce08+eoseKnPG3^M>Vf^YIxzZq_ze
zi2-y{KtgOz3UR0?>#9cvwqcy~L>i0^1Q9~ZKmtC4d2e(#Z=WMOc!UGoJ#%;Sf>+Kv
zpy+uo5Z%$x(1gXQ#;Vk3qBUEv0tYLyed5ax+8N}!vPkij2c*1(?h4{mjuq&GA5k4*
z<bNnCXeUKIKZY@m%)p-zJ%KHfW0zWen&8X9W1d#^(0ce#UY16n+cerCbKSh@zYB~j
z2@I#9a1^%_{#T3+wnORl<5ca0TU2Pvbz<cr>5k2ef@!j64h{?x^tuOfq!sHXJ9HQq
zTdnchfuM%tvQw~<8|H3+P+gn(7o^r(&Y9eZ20qs=+b6Ze2V0<3f`L@EhjNX~{#hTK
zGX)6^lXd&eZBP_hv1|Q^f;oBJhOo*;ML`Nzu!}LM@?a06Z8?+s8a%jkd$qY_kK@nR
zb^z7-*_7-0coq_a$GK2=g}JNOi0FhTGM$-6kz)fQ85*FgtCKFC+7N-v51xFx1BQvt
zjxYY$@m0Nvf%g%@P3zP`tBC}Go0iBnZ4^HSs+cDpsHFqz{AP?`+~oHImvfQk$r5=g
zBna075y7v7CzL*S;CT|N?B8)m-rsF>j(@5m^bb_F!ci~_L?KB7e|-BQ!54@C$D{Aw
zhLVT@3;;Gk&OTxbJjul-70zJgY4)1wa7d7$T&}G`C8wE`FXmj>l?&`qUCF8V66a(z
z7>F&N>Ol2YV=);vOL2WUQ(R3~VR!a%b9}{q4>b3IzwLy(f#Z_hfI@e~0K0?kV8Z|8
zG@<YiXc)2Y7jxJv_oCYW)n*_j-0FqsRyxR;DdS=ry6uzh`%$L+hx!3e!_pj-g)Qw!
z!)t4@q++hI)*^MXP-Dv`jVstynWG0PxU8^N@YW&HLtd?L*CPSA0kK5==e=(Cjj^>p
zTz`JkK~Aw9Spo;?50**LUc%5xQ6l-7!4&*+YjrcuXs(|F3DHwH#?=r)r;+UNON98<
zrDEVmqA-%0Ff=z&G)OdBz>3H%o-vt)VO9{FwbJmAuARMl4u6*BtN@NBw!=i^t(@g-
z<l3`}?%K;+o!Q-rPc3PD7FEhC1hvo+n#3c)J?|@94e@EwzP<>ubo96<(cTqWGkZN!
zo+!D;YiYHNAKI{0hD2VtZ$5LC-v(`oVHrV(Rn8O-$ZCEu;N<-t2w2`!4A7{$!7}ge
z+}wK32@6k}1{MtB@+%%g{rV)|uko6fMrzNY^V>j=XwW@I!e=Q=L+{SXzCU%iMOP$(
zG@rde^f_N+sx)1MAjP#iaGZnlL8LQf^d^vyc<*e-6GE-mleox}YR;l^yvW%37i8FK
z;;!L^YfCJSoYc{}b>SU3-n7SaXW`A0W2nF?+Sg)3YfmfIa5eEZ6@=^uphR`~nt42X
z3W_dWXh0-x!pSk_5x4e$c~pjl#h1$^4^?^q_82yhY4acfb)Sg|`+a?IfOePkU;@B-
zXXvO@n*|yIJS6(g-=WN)G(|O}Fl;O^{rzMe!Ck=XETL`hM{BA6@HK#J&a;REmgQ*#
zUW)9cpvX(0!l>ixE<+CyfHwOWqPj1~fdid}9P+;v9E|Y43EM-}xryNdWb;S{4+Y1w
zSw1!?_B}{!&bKuz!{6Vmr+ahHswYg7UKa(Hh-i6)H9TDQO{$k9%roH(gO_5iv&k&T
z#vmmmP|c`<UT0GDSrvYf`$_H>L(bUs5KQrun&^*cz@7F2AXLp1>C~G63T}uVll2!B
z)aWs$L_0p4d#W_jwr?e1tuzZA>ddNqYepog##f29B$Ab--g~5DCW0t3RL9RL*oz~<
z;o^%Ars2ww?2q3EkaQop!~0w}UKeec4+DGv|GK+MQ;AB)pE*d4P$LIVWQry?m07ea
z9Afd6rnix!72#8bkYk*u`L}wfrs1nbeymDvi`hVhc`mbz^F4*DZaoqomE{eE>LFbF
ziaF8dt{oq5eLK}YVMk9d<(2&c*Qyom|2MMy4>A5nk(`y4?SIpf<-gMM-%gPKH!UTm
zh{a%fKGmK$^~+j!`dQX&|HN;SgyMu|Hwuh{Fr~eJDoC`5t1R1?5lVkv%9JcTJQc@s
zo!?CD*U1j}1+i^&WZgW{hvD~L{J^NGyuP;$J$szta&uL_v$)RYb=BdQE_QnTeB4{(
zNAYG|GG#B<<4kLC8l@Kfx%>nQ1J^CYJ`8lL`vJMdYLC4g1a*hp<(!=I1UY}|UH)lw
z)UIb{-olw_Cc#a)zf^ax*SlJmhNjGCtw2))gcK@RkFMKzt8bh_QF*upy(dX)E-0Fx
zikr2Ae?8q7nz9^X$kR4pE$UubwZ?5NC=ccv`DVT>9aGibx#h8d7&9j(43XYz7Sg#N
z-gQQ66EXz1L+?vfnR0-Gu5xlr^-HV{<`Zyg4ORD@!a+M2v-dJbg)Mwq2;#5jgt}Y!
zBn_D<4Y1*pjF=c~x!#+cY%xLfS1oWC7y?r(TU}FX|J6tA`#nSCW_06Pj|1mO)d+?o
z@Yn%z-#eIp(RZd@QH{+WC*ryOz+eM89h<*&yQj<jx_P<+)%%iJGm9(eJ)g=4xUrS|
z*bk&RC)o4$kI?{`N=vshmR7zPVCFie5PxL~^tuyhmij9$=@Seh&pAH*iJBER6QyeW
zMxqpr6FD)E1Q@a@wQ!|kon)0mg{zgHB0fb-aZC}R6Pk3^3iT#FhC(9R74ZWRDr)0#
zh6RgW=Wlq@ienQwgJazqepyd21R$9o3{c+C54@E6gO?->g>>RJ_%!)qV8uDNjk7gH
z>@E|bZuX?R^On9YneD@#`C|+%wvth*-rCQ_^&zE!7eLb<((tvL?xi2Z7|0<N>_48|
zMfq6>i=@lwt^bbjBOMCuIzu^HCDF+l4Bg(EaUC-VpxdTv!(s(DWmCTH+W1fBc5Y}H
z!wwtsQb;`8qht1XahL7#1q+Jp^)>d{jcFWv4HJ#q1)ekZgQGZrxe=0B)hm?&5te-(
z&y$j0=9K!CQMy(xI3)oD4YR1yFeX~dCsr?Dq<!rC=kB0GycIVTk2(ifo_()rm?Lf6
z1ENJXVkBs(sz31(U!ce~5P7S*v%Qo#$TWKXLL64PqyX?OA$If5UcHLI;YIT0d3`Qh
z7BpOl1NBc*R4ek1v~Me@QFX`M`167QbM2yB9vl?KT$=r5mmOT?AItXdip4d<y$Ss7
z*A&v2mU!6doOew#!|btx%z)C-BQ+8(LwS@8B}z1LL<U<ldHQjKs5o%^u#Yz&5bHdO
zCU%qJzlf4SG>K7s0o+CGU$)%$z}GyFO6Vctu0z=7L3eXKlzR<znXahiomFyh5y|X(
zuXE3DQsR6O5uQj;)GyVDo^9NSM?<5c>*D)5V-g<Wpj5rFz@nv;(N3d+e@KTCCa1&a
zTFYl?1SqRk>Q#*!>4SpQ_epsO9~*BDCduHe?rLYZxYbxg7%7?lBu)?-hxdo8ZZstZ
zrH_USHlKPyvxpnXd<ymj+QrvpoHjCQ08pOuk~7$A8{67GW^LcN=K8a?T1yF_B*IU-
zK6`6#FG2m@Ol8yaOI6!?BE$OQ10&S4n(|Al4+RZ8zP?}=c@ukaD>ZO58{9ySp5krA
zQSMQalBG2P*>9?|@?@Ys(wNkAZc?d0=vea)NvIeHdtIy9iYX+-YdUzMI=M0*C7_Ge
zFlQmbB5pf3)<7fEpC2X7d*bY^#+JI>ZNe|=2Zt2AfEKspxHf>9<8$XHJUD9*1Goe4
zi}b(g<efJR-gxGY1rf1+-V9`=M9b%HnRZURAA@NiXiPB6vSb_tzk*HQ81${_gW1Xm
z>bf2tf2>3G$UeqZ<^Tt6_uworxBA-JfdBR`CRZqNqBLS$c6Z-j1W4+;z;U2(AVg`b
zEU5-59;wH<E|Tjg$2#BzI>3264do)D1~s%{kaMSC2jPjoYYZO_XKZ9%N@EewCS?<&
zd@C(iM2fP3aZ+wzh&C`a>#@&Oxn^$MNf3SbTCfNXRFmYokYE_3E|#ze0?Q;hC{~XL
zM#apd)RTb84=ZIOn$f9Bmv2;L`x_g9SR4j}{qw?JZ)7>Huy6XXAum`nWuV^tT;OB$
zWm9g}v#%*ZqHR1eBqbL6vc$fK?53nbJ>a|+v*n_Ix^0J0oh7T(VQFoPodm^*U|7SG
z2PmFxL{*m&T0&1!H(I~(_#|Aqt}aHRTSUDLvA*EElv+Y);hQIvA{DoSuW1QTzAjaC
z=@o{haT%9II3Uh@sLe8IUHm>O@9Ni^_Xx<YiEK+GQ%H^m906i1sooc!n0Q!rB1V*e
z_$mHb!nHuQ{W+A2&YH9Dinb`|uF9wrKBO~tG3r(}{_F#@Z0rYX*8jMDamkk|#P0AQ
zfz@!I@y2k>hV=AH*2aj&A^ucRCx<9fG05k;e2qme=$JmNLfPw1k^1r2_f^|+%cJ5K
zR%PZ(s4UNNct8GX;*xcAnlZ}GJ&71>@<q_J%^rUI>rkfei492Z0)+(*rK#6rnMp=>
z=LIbU=cix?hayplOO0WqcYYpExT1Y!Tow*|FU47Eqp=?i7ZJUpxnJ`jR0AI=fl|{z
zRnhA!L%(p_yJ|kBK)QK7Q@jA<%h1PJQT%H#xU8)|`B=k4LDqXbNNiVh|C08wo^7pE
zASG!T%6O{}QsS$}&nnRgaCNdmWMlTs$~DcCSc%`+2k6VCOY`3W;(v9BGBGf6{3jro
z{#V87|CqjF_`d++e~xD{5->AyaI*cM!&ukeknSidt-n1kRh3m$ud;40C5?zcgb|Q{
zKoB|nKmiDb5Qz43ED~WL6NYFA@dnrs5Ks_+BEjYU{^8*;WRZVr$7z6=hmiA%3eTjC
z-5)W~#Up<^+B%cq@(;_Kx^F+r&TlHU+&EvW`<yB>M?c8mnF>e33Dh)Nx^AXdmY*RC
z+z<v|8aZPo=k_Mm_TJ*|RH-jaRcCXuRAUhWoSxqPu0K*OwUB-z9IO(sq}M&QPyK#Q
zH3%VKwZhfHR|bcQwupkC+6{VWo46e2Y!dO-1w6u~+f80=FuhiHMl~UHI<RQ(>RtCX
z#U8Fa*!v>Rq+q$Vl${@c00oP3AYlC%=-3DyvNRt-2|o6fu3ld7xS*oHEke*jh>Dj7
zv%%1Rm<0<Z<T?eT3+EK4!HOoW8@8+i<IMEu@5Rs6--VA;kaCf+(e=s+?hgBYCxMZa
z74O8S@-i6B?Ga`Og~9eY42!F&zLd{%b{LJG#9-&~73dr8%ZMaJk{A67`EdZZ6d2uk
zVqS}A-P3VY`JepBFG=|mo?1j^?tzLwRMieR*9xt}Po8ha%q9Br01+p2J{LJ>5g>%_
zz{mySWNZjNvlPL70R1N9jkr6ScNiD+hW&QvO}Xp8I6*8JQ4hV7al|?kyCbMj4(sQS
zHP>|Hlqef}SLDI`;g3V^HBVj-HIBWa9_5-3${z*1S}3vwR12ZGgAiLpdsi89Id;$H
z4OH%hMlV!0_Z@sXT4?iza&?LEfkaC@vPCpE<y;GN<_CPj1$Wq%4~7R>Rv)cg%hwF}
zT)zVIf++w7QMPsoqzOWeUW99ybv8FLNR@2Vbyw9cwB@fk5Bb3C2<`z-e`@r;{iWWl
zdI&%%Vr6hc>m02fa5}JaZUvZ=lQorg&~xV0tIQ63;u~`VvBEu!IuJ`Whv+_wT2o(U
z;LfQ5n!Hejc-C%<lLvHY0Jbf-#wyrC0z4g91ZvL56%H0JV@~^b_=Oq{tv5J9>mA-;
z*6N;TEA5N}GX_Zk)DO=+rr(&2@F`jr#eL8qxmX?E{@&vlT$^1+VJ91lhv2+YX{1sK
zE`JcX)I)MJg*rs(jltjoknjs2A`R~Dz5(BNa|9loB!)h_5a(<X^E!vM%$cQGCKD*^
z2`00E$Bd;*6rG1)c&M*?0a#L_#If!9X05<Yi$@3?U{gM%GolW`)t`N#Kt3&@FM4=N
z9SO~WTaweW@es_IXWgNZn6)3xCMvE~MD4D;DInOzx6pPWqwmM6CmrJD7ws+3V35+7
zUxF@dX^>~2h_tbscz+Oq2TrVeeq%iW?AMl`a%gr?;9@`!d2|tY!C=8zi^hAj_nGZ=
z*RF3H^|95y(u!Kmw}S6gRE@0UHkKOyQHH<>7)tO^8_=)|w*`Ci$|~^LbxLOV<}YOE
z1id2HtnO8PuAIwAER2RfT6mOmRI$j1$OF+3&>_(x(Ie3m(IwF)keAhX2m*F)tdVdT
zF$0f{{AfQfq{X<YNCV?jlGR%K?R_fj=Zj6d|MkT?^l#A*=;k>1>5k{+mYH4e{k!V3
zOpDOBpbsz$6M(ZL1gpDpV0`*O8WHhN6SZ7A4V0(GtX%4|aiev7$3!|ahVgu9l5=1T
zI*G*CI)qv94x4?}dSgFgLOwcd;yl46sf-5<mvLh*jvqfAo?pMJ_tYD(>jxq~AIwOb
zv_+VSj!@~rJ$UrofN)lg=3`1)sI(6`MUrDDF)b|xGitM-8EWsG2I;NV+4~Ay*{J?1
zY5?>RPzVO6(9GdOu=YCX?%+0&bSm^QR;_4x{Ha4!yT>3=L57!qm);r${(dY(-@y(+
z9~u#eteo%;!FZwoyq+jIx**WIJfSqy;vX1UBkstt25q2-lfw`UMp1Nn(zC-ObD?U+
zB$xwmiHuQYCpz}jqX#-(E&B+%94V|CeA+m+_P=yakW>St+Jt^d@+4^IP$d!{h8~Rt
zFeygx>{0G-8iO<rskNfFY=2o+GPC57bH`{&+#aAq-VcZzdTkSKWG!-i6MO@>$Li<S
z{??$ZWU?1cyA!tsSRdn~+@RmC@(^?=vSGGmxdp&)3|te$J;p(M4fAx4mEew&Pxl?=
z63sr&LfU+wPm6V^P5k-V9PB=aSYn4+^y66ZH<H@m{XTjs%WJN<&H2ge%RQ0$!=9k=
z<kOL2eUT07DQ$BEuofO{O|gC~O#4CFK0@W7iU~<r%7RjRdM%w~lW_<B5Hz$DR060^
zzLr`mza1SLXSy4KVb>ncY@hs5;3+*lx_K|qEm5Nkt<o0n=s^cJI>7-6eyzw}6}6mK
zwU^ZG+6-|u9xy1MLk-8-;2YAcXn!*x*oDZ4zGZ92Tnh>B<d~==c*xmBN}iqIv}8KF
z6n$C!%-v0w8y2dpb}$~^8NL#}E36%kAX=E<PQt#x$s{elP$EwGLDGS?e4tsoqJdqS
z=L>$-kBJ*Gum<*Lnj`g^kO%fW(ZM>p{1Dv*j|I=qbOoDv($}fW6H%JF;gPu7>d>`z
zYr*!!Hs@s!8yNiNHZ3?zAJf`4`QvAPI_$-+$W_hj*ysW5iV`r#36>p`v&leFxw!b$
z`JuSHeB62+0dwTfJXCk2TeW>Hlx^Gn^}S6is}He>ka9X4YKVks&QbWpxz#l{l<W=7
zRrGys2hy|MX^r0>yVs2PcW5p7(pVqa7|w7ce!AKVd(JHcTj@|(a?Hf&p{JoEgHQv}
zpg<IyvFDUetPjv)4#n(mpij}47)fQMqC+IracUUqXliNK3r-H%WD#ISBxFWp=!QfD
zB*{T>4*UW+aS5CZcddiM;gN_-BrRlm60o4j?SPzUi@nZ5dlFZ!;k9&LNX+QAy>UhU
zJ4|5kk}}Z5Wzep&8ckNC!||d&eIG;3YG!KPH@cmpkL{QDpTBQakwRbN-#(vc=v@zm
z)8BaNEzkDWSJ0T4N_JR!7<Lg>8l5(JB*0AN`;%jWK*E;@EaRw_o@?EDwhjAX^S-^L
z<~=qt<#fZrinuHC7u!8>>79G@vt@XV!6G3J$~P0b9%7%+d|b5h;^iD|Pf&{V`qZLQ
zvnqc-4$v=<FTA^f<TUR?7!H?g+A8hJ{p97U?6y2NBN~hZ#>@^RyM17arX(B4*Al~X
z9Z2uk1W>|Zvnjq0Ahl1eF^a4Q56KfCc2FRJRy5@BOl%v7uRD1WjWsD0GG_RT@iB+u
z5K9w6j4|gU#K$DMb)5~t(V=u}@GpWs?IXMk5$LHF5RzjTJNCcq4eB}2j`wir;%1RY
z!<7^w)CW}VRR+CTz-RYQ?jM8692%VYHfYEK35py#@wma+YcHRX-&lU?+`4uUWOd*U
z`1+RgqRPH3(c}h{!fClz15?FmzmOaKpAl4g0H2TMi=6qQPb<KS)P-YQ1*2DX>=J-=
z3Rof?_1t0+WUp16UR`~<)9&kV`~YseF^9c34VqI984qgAb_@!5Q)CrpLR@?XX*UHv
z17G*X0^ov+Y-&LO?nyYd$nM6;AiP_j4K_uUs*HHx$I&!Q;HLHkREb2@|BT_=3+h7^
z2TTkAAr}Nd-VIC9Gx`A;=1(rrLheI*6KqXdLw7BZJ(3DW*z)q}r6aH46asHy4~78&
zK-md94VTV^){owmn2U@r%#|2O4Y?I<8?fnHa3kb0LcrnylFfy2rA8y_qj9f6j3e~F
zOy#`8zU4Z<29K$3xgN~Clb3mi;&QeHm!rSlZ2v*8!`JNLw7V(2Qn=lUe_5yI+tffW
z_{n&mHoeQTGWbRD8wUC@Zz)ne^o-;iq)i~%!gNLb>1WKIwv>}=+N{>5*KhE=6oMb<
z3&ZP-e!fskqp#94=#ekSQ`-%Ab&wBr=0+%MtAxFPYS92yyyxb|-xV^sBOKSqItz-{
zrZZ!+IPOq2h=6OkD53ag=9R)aUwuFk#(NY6-5KZl>h9r<<dD(+IX*<)-S%V8JS!eC
zPZm{p<ZubR{?vxM)@e+)*T8ynO{(mrk%vBjhkYnFNC7AFAaYqGWDk|1SY>CTtxzRE
zp=RYd!0Nzd|9=qn4#1T~P1|UkiS3DP+nU(+#I~J@otfCSZTrNwbCQW|{+aj3_uabx
zt$V80IlI?hy}P?=b=TQ@uk}2;v!H*dC@412F_HKJ&R<)vsPD71Gr#fS-bf$G7&3<R
zpkGS^XQ?*zUr}EFy0PFZ5Ke3)^MhoHz>i^vcQP{+Bbjx}-Z~K;+T(v7!i>)ZHGG!p
z4==?r^>N%&-zU6Pc?^!7uWR)4meW@waTt07rfUzTbM}OWd(Thk|7;wZ6M8<i{Uz`N
zYPD02<~`&0iXx`XplU#HprDZqCdPydFVp<27mJHwfyE-<vS`lEV~PT${aN;>`~t8m
z!8>Q8>O7qdVPg8ogYrSIxZP4Z_rRL#XF-=9Sw5rd!Z`=I_pw9$k|5j)qQEB4mb3%A
z5&SpdU<G2Vd}NkvGx;LA=!i2YoF;4${(hmXrQHr=k5`algm>P(qN?>y&8%i!h~PlT
z8=`#?V?6A{hPDzVuZl;a!Zj(vT3klf+J%=SsJ{-rTevy$&yu`s%(S_;dOK*1pJtg~
z0KRryc1gd{9FM(PoYkJuM^HL~6Hh6Xmk1nt>7$gShV@)xp$wNif7!>uk_K%_m&+@f
zeb4)#91@lav~$i-e)i}5XQ{tRqA_P7!B+ddgD&9@!6(*E&?8E!XPi4S2^FyHmv7c}
zNB|aBxgiFX@*Pyz5M{%vT0LaTP>?iGAjA%)ApvqB1K6G~eEQ)D>DqlCCfSdp%;Cdt
zA&nvUFm)%tCrPA?^5p8#L!o8z+Un?TkIv3!I;XC7%^6vQ=V~utC1Yr#E24C;mSJnK
z_65Q_P)ov6#UBZeAo?t%kNkgMm|#5*W~L+yJd1ey&adg6-#cHfE^Z0j^mabSC8)Vi
zKCesY3GO%ZcixBK>rHMnOAz>6&sLjtyL?XIxD%V{OqY|tA+7{r@SS|q(6r!X;a!6)
zo9u)VREQN@ISXYL=8JFL_$KX@eyAlRFHttCtoJfEI`pUNkAF1q`tHdtve$`A2yDfi
zgNSuwW=r6%4DvFUR%1)+3Y`;J_j=(S-R<svj&;y=V0Rz>!rmF%dYu!O#p@2gh3g9^
zv<wB}%MvLe(Yr5!6L@FVNGWN<xt@rjG#%P90u~I*l23$cGba;DMZ)d$0#bFE3E^Z5
z-%h~qU5AE#>UsjfVw<*rv{3k?@JI2FBAT+<GG<aVU6g7`jYJto@eU(cQdm;B0@$Sf
zqyE(X;P&7Hl*vDnN|VygcQ>i7FjX*Es3g9kzCk|V(xfs4(n)hi?W66bJVgv%j=;Ur
zp|QQAont?otr(A5dXAv>Gy(MQ;;&(0LKh)O5A<cexm{JZz&}Z^v95Z<8^#$jNLb$b
zsSiC^t#^@-thn-o(i4~3^)3DHH>A@&CI*c>+@AI#B9w~~y$itaS2PeYE+L>(x_}Ig
zRP`}*bEqbz029u<y4dd^lIFf3fO7r9T9!rA+F-2#%&;mrYXr1TA%FxExHPkVuGka?
zpX$@yX^o)XlVV?R)_ljp_AaPq=G(WNx*Gq_xH!VkR{zf~N5|YoGn)}n<FqaWDB%ya
zl~Ax5WQ}mG-*hHO^}D3X4K^Sy@L#YU8P51iQ@awo2I-vZGv9U1PWmXb=>Fzb_o8sY
z^M2i_{yOI1!(voSiL>|kcvgvH<AhsZ&{%S7s-{_~f7h#ap(n^Q{DI3z_-o})fZxRs
zP`3~((V0K@JL%tn*qA<gj&4ZXXoKw_fN{Ub1h@-vY-;xss{}8Px8Y3#ysoxE%l$A=
zosg<U$cXLTLDfilZ%~Zo-Kum#!T>I5zmz%7*5hw;mcsNV`)9#+#bw1`vv<?$z}Oec
zST=jDtJ!s~BYU+^@-q+HtK1>yF+L^YcLhR$_mPFfZ6L7v&2v&usSjM=>+Qb5w{-J~
zi5fcjHj)<ZDaPa1Un=>2j<nIyVd2g{t{~ZBYo#qHTKQN+V8_}PZzy;1@+L{7T|{_3
z9<EQT3HT4Pg1NwyHfy4#lp#XZX!Kq)o!XFwBf5A<Ibml-eC?n+9y&*o+1p=S!L)rU
zts<nkmKX9M#qNK+{1^&HCq2kpRy+hBK~@K$EkPsAn#s}!og@}+bvxU4&=_tvlk{4u
z_{dW`L`FYk-mghqVQz8IYqkcQ)<M`7FyKAu<?PSZwZKe+&fE%Pidzt?U`>qIjYc7&
zdvOlFA9qeZ7pna9tj4t7E1<U9e>K*j+sfT)FdgSVL4G?ljb5ZpS!@YOtTxzQ?%eCv
zBkXznkkIQed`I~92Rzpq;wo}vQIJ8I@y1CEB<?#cn7THxmhgCMxMG6-&Vi&2EYiUM
z@lJt29_TgO9G)dQ?9Zo0w9<S5TC_&_DD1yIg;3t#(}j+&c0FI7Z+t>z<HBa}k>M^(
z$Sz_y!9ne{dof+j&ITt(V!Iypep}A7%%@CdKQ+ECrI<JSGP$iKCPGM|t6|h^?`dhX
zu<tM76)yo}dE&W&N$1ZM($dN-BAElwFMGvIQM=tetuNAS)3d9MbR!j7tMR=kf!PaD
zV29!nQ0hU+xGSCHL^)+weq;SArhmSvCBJ_Ee#qU0K6;PwA|2Ew+%IGapF$fQPvOkk
z#=W6yh*Om+iPr{Q<eZ7-A~_RfNG3)ZaCj0ZWsujiqQDtWNCuC}>QXjLx3}lqh#Tt&
zMSVaUlGffPlI6&*MZZB?y;#L=M~oDKbc~o_aH3CIbL^+!SMnO|Gv!b5CiNESL+?XM
zA=d+bqx<cREB%D10^V-GM*|y1t>;X-<i1aBW23q*i_p2}qFwlwn=|l(eouy&u=7m%
z$_d&T?42YtTuj>nt${mGzp#uXjM#tHa*>_zBUdrvkZzN`u_uAfXt~R{O=|;8vOwJ-
zs_lLQQ9d8;xNkIbG(uF0Y8(2>fJ6$2K@D!YlV?JeLvxU?n<;Vgq-$7t6mMZ`O_Mf;
zC5=%ErtycyuUL^fSz4|Xg^>vEiNdhE^*jAY#VCzmQmx2FFvsrX2Bwpse^0H}20b4I
z!EgO|f#21Vq?-JZ#ff#C-I4Y~E#2iGXQ&2iTCxv%cBULJEKF9}M?YP+J{TIFz&_D=
z`e8Kpl&T@}0@Tc>-INO&PxM|ye9OA!8EZ-C#c}EwTlxqMyxP=Ud@hEJe7Fa@LB4Jl
zMDD^<>sD-<n{eVrQxg<HhoIUffYiaDoKW9F`>I8YrVMy3ZFjtS%RA4jJG38~TFeDE
z?`}>v5Mhg&?F$rPi4sfR7;7&qdILIoDWW}o(JFjfw5rOh&kml`wmy0+ZxZm#(moZ`
zW#bQ@SP1-}amw!n{4A)~yPzEeMDhjV5yK~{9QfD;{-*B$mgQ2nz_A`Er=5)J^^+LZ
zbw*gDkhn-rOF>-c2S6wi;4>0Sl}LE$C&!F_m(J`|fo0a7ge9b>%FkCR)b!2#Zm&2I
z>B+^JXmWKdQqCrsV~H(gU7D-2&t>K>(wtf~o~#=$BdDGIv(R;cS~r4iQPZM&#|)KI
zP?QQo#<fVfty`CYb3)wt3hY9jCB+{7Fyhw5xrpajexGEY<QBF%trB8Wr@CjocBwOM
z+s<#!CrV*Cwf)%f?8yB}G4q-EovXT9d2x9`Lv?q-l-EDIoADm2GKGPO*B43Pfi!6e
zKN~b9T2zq<2#Wha2+#Ad6@gX``|jn!eu&eUHh?;Ie({$@tBYDB%Rv~K9TM^Y9e;a9
zC-aD{UCkqI8?yUnU<F}I(iMcgcxs8k&!^tws{G#w*`TDq&M*n*4H3Wg=kk=7qMPcT
zT}9?RCJ4BudQC;J)?RHL)Oa4p!+N<0>($tCMf-QaeJ+_J>HIRoQFPvGc|9SuXqeU-
zsP^JLZP-4ktfH&m9(HE&IDueLI$}(6Ad)Hr<-1e1OLC}b{IyPIlT2`Mwjk;Zbv5NH
z1*Y)s?0+?sRJhO@Ne3;p1+MP_w_3R_Lx6^Osz3iO|A^5h)V;@emA7!KJOURO19|Gx
zoE7!yyzF=J0H<f)7!^B3^X9lbRPC#4v;5k~kZ-rRNz4}rPes_&Iu{rt)<Zdn^Wy=i
z168c^P;`NFwt>}RepL!{3{EPlWYB?abB4DjSZ|-*<=@loDa9#Yn+@t=uGX=zThjnc
zaQXx)t=$a)maA&A6oP!h_LSH@0=iRwSe{daJu-Zow8@b`tL}uT%mHCsMqb|`R?+j4
z5mptJ?i&S@jH|u;Kzzd9K=_;o3j!Id&&`^lj2*W9<IHm={EJU~OPGWZ4=rUTY#jUR
zt=qR9VnT?O*+__sxh{A5R`bm_PwTd$U8Jdv$5%l<0q4`&rpNQ|$K|RD_?lNr$D#`C
zsv3qPqB7lOnazs)zWyC+%^ug0NrDD}QQ3kK_6AITB&kE@x}$3n?i(Fue-T~Jf;;WE
zd~WBS-c0qRcc2wE{R$mcPv|s4UdB^eD*V&cw0v*nnl94DF&PFurwNDmF&V73wt4pF
zAx}6@?8Vfl!}y$VI~bR+Vw{IUu}SY9FhGBuW6o_+Hq-BhcW>VKScv5yli`enyLH4T
zNJed7_4U+2R0WwPo=^`zFANmDV?J7+O9WW@QJefuI_;a_WWls*q8}5v8J$Xw;dQsO
zSzRqIPuY02Yq!*yWkfP1=seZP%Iax9{b`2hzMo+})%iS}#_F#ws4N&4?!!~IeapC|
z%mKau(Z@%?Q($9n@11pY!e}Q>qFGssafV?#^c}MWmSkkt2DkZ7@8xjZuhu;eF$6ac
z3C5s%?ed3WL>?k=l>~l-dKJ$<x?GjTXUZyw`&Pgv4Hm>FbI~$}uy4%0W<-;R9PcPu
zbb)wNO)746sUCIvM*w#VSD>O{?*j;KTjO9pr48gCM<q`w9m1gK*VO}1z%KCjrrTLa
zbr5nR%@~C602L8qq!OJ+lXar}-W`X@A6qCK;;2<KVa$X{3z55Vn?ND6Mq%u64xBr6
z6XbNjt=Rxd#i~i-J#rTroISIquRAn(s202cvS=KRANQC;^SupjSHYmul|7tQKbEj1
z`m8SUAEF2^BiO_sS#_04>VZT`g+w^n`MY_bmQ#aeon;UJ(NUfe7owogrWV4G()^%G
z<o6j9S9IQ?q6}E%fMaGqtw{cY1|j1J&R#T3vEQK|<`4(Aq9RnvSP85sP&ib0n7CNh
zxtM%0IYf75s11a>z0>`({+{~=TP2%&daoX%Amd7I!$f%$3zmG(L@&an;ls?c-mu=W
z+_SuBM*SCUt909#t|@gB{qGC5ZA-0?izP-*I?igADwdjhzFd3eM(mc<7EL#7H*7*q
zK|AiBuTAIR>lhi(d#OK%-yNY!A0;RDa9Z+y?(5;1{lzMgs2E@)QhPppqc_$-zlF@g
z1K3pk0GoyH85?1t!$8!u!a2HR=~WJv=-bqcOm4AMEZ8~jk3eH<yso1;8J0(;1)J&J
zTCu#nuTu#_;>D+1baM6wn!NIkO1Ze$7R<mL6+b%5zb@A6oRx}Kn1*T2Nrlf#Td!t)
zG}&BM@jS`Sj5VAkkYy@$FmXGFnwgmQ=3c65l-G!E*bm<Z`!vbDi@mGb4j4O9Ar2V3
zm$sCyTZm&`_Ok9YsZ<2%J*RGi@-gK)XcrNk|A^}5Uuhej!))e;SUoomjLAno(SVeh
z)m=LM+ow~9yP~!Q`-;(zO0^E4>`vEM?&43X%{xEWjcnN)!gyZn8*>L|$1VbKG+<qo
zbq#@2w@G{mZ^g0Yh>|d25DIhg5@ykYe@4{qHGv6Uewf&79vP#N&=Ql$i{sUtE>WV4
zLh8s2nNp{umjhWuNmbW0vNR1DCciiZH$`)Zd|7`0hkg)b<RPG{q|;eX6Y=Y4-f0{8
zRlS+Zy2f9_qEY*E|Jz8ec=JqTGV(7kRkA=8pTDK*fwvtk`Q&tsMDQpoVY*B>HsIe(
zQRW38JLzCBSVHRhWt~9qkzLWZ#d$%&#V#orU431^D)f%~%i?8Zf<H!e;+pq0Ku2Jx
z22IJ<XILE8&?h2@DiiJmlqpqwQSlsh2V=>_PXzAC&u+GYvY|SgtXLiw1(s9Sugv<(
zvyE-sMCBnm3i`p+!fLLLDV<+NB||x}e>p+DjCkHi>a5R{T=2L->T$a*tLWJW+__&u
zArOVN>GT}0=v@pKFcUHItyS^(nkt<8>Cj!N$D!)EUA}XCz)1C;nPpV|Vw)^HuHuO5
z`&8FC(=pN3z}HxD-Lch%Ana(du4QyrFn6AE7C#}vAIe0i{n3m#H$zDdQq9AVNmzJ0
zwY{1bfuJi<O!&=YhcS}juQdK3!fedJ@KJdy?52@CbX)N^&*E>-g&wTgBwh|lTnf6e
zmzX+Nn2sHNV}+7wL-7_i2ORinj4qQru%mpDpI6HM9|Pk`LVty?U?PM{5ZZKqp_;Q2
z<qdWIh)Z56a`60yD53R`t<1k@R}&<8D^Lbvg^y8-2}YW?qJ#!XSKbyGH1g2%GWKD7
z0=<JIpd^Sa@5=Fuwo^#m{X>?&-~;h-z%fxng$T0;x=tyMz$rvJ-A)uLh5lSvVw6Cb
z1p8Vu(YM7knhqGTrWXSuojQ79Rp{y3vyXe=ZaV*0=f%Oel`re(Z@SQ*s1)}p=mSLY
z)J3=!Zvew<^F$ZcG@4B_s-YrXNa_Qb5S%%Z0i%J0P^KESnT}|#7etl{+8o}6w%@!9
z2fH%v?%gehoDn5{wt`1b=*d{TGfWyDaqb4B`=qfPq)%>Pc_5uW)d}UE#i7grS>1Q7
zOV6lsao{$78+XYy*M29!91Cl_d)4`I`#pnw^EN%bi}Q7ZmA<dVkL@-2XJD&xmL4%@
z2Lk4gIxbY}rYKj89*tsqkl(JpGb%Z*Md8FkEjcE}WSN)BG6p^r8Ksan@qXGb_LMHy
zd5H33RBw(Cony$mX6?PqbKXK8NpraWu43;!5Xw`X7KI^M-EgZVMl_6fVpAEg)Br#@
zNyx9Q-?Pg;$+5S)F^nGMktZTE;C*Jbf%R&fn<mV*4I(5$Q{Q#7KjBis3X3!7XfnXY
zgV7`E$4lnY9fr-FxZ}DmsJn96Y?-Ev5}4R>K=&X&C3-dx;G;N<T`9~@RovyJ+*+0~
z3?$Vq)w&u+4OCYCygZ0F><aVb=LyxEj<eQq-5JdBXwUMxvtL`cTnv6wzde}dlfvf}
z7`38;Ug&Xx6XRvc>tl%W5QM-<Kt$;X2QzU)ia%~XbAOaC_VVM9bH-d4H=_59SVYCN
z>x(QJPj0cZT5Z*8^e>O)a+k+{0OVYs`oDn?o(J5!^?EhgbWx><ODxYDn$+Hcq6XfF
z8l0tZ67kPmxHz=02tP#s`r2GjZ>n;7V>&M89mew(Bv>x``3B>6zQO$#StC#VV>TV$
zYnJ_Y8bei&XB4BCR-A2p<#cl2z0|@p4n&t&g+o2|RNU`A@N_n$QnjB)w&ABKKYOv3
z>e6Lk@(yhIDS5fW7=$hc?q{jn1?owV7EDLgHuN^YHu*f6TU1+A^+zCYR)oMDup@?~
z$Uqg3h4?ZPB~|VTER+3W*%W#pwneqCf(HBObmP*>M_5X@K^O<4t^$@9#77pycer`U
zZ|;jeL{usFW{Z%zrj>o<o1Jcj%&WrM_>Y{!2dHbj(<BLth(vj|frnKEzBRgFS%q$8
zLD7?R^;AK6$VR$>Cj6eww{%hKKLg=4`QpehD~NHfhfY8W<3!XQ4wQJb3o7RAmrqO3
z5Ppb7y&1Gm5uWlO2_MZ-=k;hX@Kq7QQEiznB*RgPqA2XMiL09Pem&_^)yuPE)|$9o
z15cYeYS}vU+xE<Gh!j8wm{q?rM+m@q&F9fzae^A9y;Gu13{WpAQ|l3iw^!pBtj1dA
zB9w!NM-m!DLEVz53q_Mi)R!%cE&j{Us4pWUKPRyfn40ZctHYDS0zQ8sXq?i`H-~?q
zK33q#_RiB{%U0`m4^ChLe34k(F3s6|8Lr&ptT6B>@csKSK)+7V<v#~^k6<tNj*fRp
zeyt?2-1WKq^rT@gx!(AIMc;9_#7-A}>MW_`=Y3T@;ycY#73%vVS2iUum}x_#Uz_Z8
zp!t0Y^VZ8!jx4O-7X0~c2RVp6{^WFZs$g@PuZ&WwjARQl3&j@Ab6Z8;=lAEW!du0O
z;nY^4-&(mqKF99j)6#2gb#t|Ilb8NG81&EA^A3gG`;K-@x%6nl-o;iZK_-sJ$Cjk>
z9%cWE?urkZ?7c(U%QEsx4l^N4wlxg99hcF!K&53mzPMQIoO)?>;Y^GEc$5QeEea=&
z`HKVBFm<y$Nd1g)bqm_2#nncz8qvEOHQGCYm+=j}@*Axt_sL8BwUe(M`LEpb+lcIe
z?xn9n%k({B-b{NQw7yWsWKYE5k)8WDgbTjb%Pa<dMQARU-#aK9XBQt&()o_q=trd+
zDLxBFkBM#qF^=vgV9&PSQ!(Sq;IJ7S5E1L87}O+_oVZ5`AyZt?+!GuUfV+NuwmX%-
zxDv$xjSzy^NW=`D6xC$z@jRX#vV^@vm0mDz13AO%S3xBm4Bvx#n?ov&-mEn!9-%hD
z4Ik!rea%#a3v}y<OU0L3R#J8_pChO;g!jNi@*zwRk<dl@6Yi-trX;L6+vHjBr_cNZ
z;FLLKqTO`VRJJdIo-Ev^B}ZKNIdJWJ3kZFW@+1~XTR(^IPdUq>Vg=nTul4A87vWMm
z1opR1ym~zE(+_k*c=DS+V%zl?`I}Bq!ko@NI6q~^^@6){@f<BGX>*Ze)S_qmiX{PN
z(ak(J``$)d4(WLTN4gwcfaZ~@5RQVKNu$K~@IH|O{dAr;A6zm1EAfxAF*Q&H3C5WX
z@s-nYJx$>H=i3LkDU9zGXV(q30mH4(c6XAgwmd8R6EBiO4rrXy0W3PfEl2<9QA#g(
zJP}9i02JO`qOBJ)Z$2biID;47AZ9ov-y!*3ey?X7mlWH}7)kPlQ=Xh?lpiFjk~ijg
zDg9A-hKUB2M0MAxbI-)B6V+wn>nP_9=V-!nhN}t?))O&%dU}?9?D0zG0Q%|t&1}>6
zhQ||YYd{cixxi1;GPcXI3n|QqClaCJa3YEjQ5c6@b7`(9E9yvrLkGVw%i~v09S4Nv
zesP3Kv83tZ9h4*Igd^Wm)r(Ng&#|InTTH(gjFLs#i)kOZM%)CQuaP56txi=wqSuMV
z+}F~}X4J4B@m8pqE}zaGR;aiyaU_uk%5(@EdEvB_8Mis==6XTv%e-$1=kIMdV56L|
z2r;yXjUR}e;?O67SB7ZOgn6cq!<1ZT7z~p(@r-hWzY6!m{iIeZU2qjm1!X^d`qqVP
zw3i+PMklYMYT}`3fqdj1u=(Ru;|{UqVLx1vTT_)tZ&A#_iHnNtoi82A)1Z9ZtQTtP
zCtK=wpHljTi}3hfmwc&4PzmV5`GAqFI?%H$l*uih-!Fd5v4naN`{ml^d&DOL;vT^-
zKTS_%@4M2FzW#gf&Kcc9>Z%DRS3pZOoD8q4J!0PPfS<s3#&i?*Lh686dgUxKKxIP+
zWxpiSf|pX%TNH#y;Y}yl{E?9F=heB3#hgb4@3k@lUq@ntbCUdKk9YigAcn6($AzHC
zuD6&waQ7~`g@1ml0-e%>P|rcUUgz-^yfy%W&VgjM?ll~d0U6c!1;UqaIgBja*TuI`
zz>C}onPBi>Pq$jxVlN}O4U~2$iRXpPd%*>hBM8h$isfQjs9a=I=CR7vNnt4vWkjKe
z%kDnQd~4X=XrZmrI?2mGX54q<Pp_+>2JLme9BaEeOo`uPn0NL8g<F=rezOhtBHAdm
z1O32ZkRHni<WHD%*{fwK3Z72weU|5o`ARfx$UnknlEjT~zn+&D1L)Noyj1C)s+Fpr
zev(?rA?uJrH?A#9R7-iVv9Dk+Gj8Bu+0BOW4v<K-lJn3dE!M@kF-`nlMO*I$fCXH=
zYDsin!o(3g;-W!c(Dc^m_g3k*IR9;T?QkpSO{td9_;>|(eUE=7Q0sX)p}nubH(qAc
zX*V30Gd*ovZf4`O_jC}yO-4P~*(>qC%_zYlR5j8!@P28Smap-}@4!o8unp#n^3GU*
zeW=U;WvKxH4|AdK2W=drk~AuQEMe-(_U5hNU+=&1e|XCPn9{H%r7xv7XRO@Xs~gz(
zou2O#Dqy$eLj|lt-Pd3}+IfYn?)cqsmzh0S3&B)_pxDkQkpJkS3q9&h%15?o%s%${
z3*-$@@>|T>A2JKTfjL8C%rlE=nNhfTM)N3qxj{R-U2D5H$p}B%Xh%k2Wi&L=@Ao?F
z+}@bb8nk8rzn`GbG*Zj;-E7Lec*Q#7<}!G%nXIQcd;U#|Qu)FOwR-NiNVM(jP-Afa
zeS@9Tt22bytAG--<jG1%S5(2&!a_&K9i!H|$3Uyp=aSRFsyk+>RWn8d>4-Z(C)8#A
z$<zXCkPtNNib~V$D)M=>p>Y_R8;$m%zI+*`-BdvRoTus>OGSSVO+YZJ8Rf)Wm}keF
zx8uDsN2oJ@=4LNj7xQK?SC{U(UMaq^b2F1r(zrc&c#dw#g!ydtcG99j&VO)lR<XMN
zEQy?bRs##47%|uFJ}tYQv@3#!?nuq^?r_eCvN9(eD%Y}lCvhY9Ls`%|RR#9EL_#Sa
z9jh$vI3Z^PoH4d|c3M7J6FNkE=pv$F*Nkl^#7{wM_E1P~<InGKix(y{ZQLqSE#A3G
zeErJZA@m?<gbVp{-_d~@O&X92%f7_G=!^k0*ksV1)L#6;tAQw?Z@^6u0k%qJZa$)4
zd&ma37wg|2+gdIHT6NYb@Y^XbImWMg@~9%-V{ZqK18aPGjv*>yXU@S8LCnsd^C(5y
zt=RiNOL8>c(HnyWV`+%AJBR!OFOW3~Q0>?qSWu>TXYhUeRcUQR5c>H{FeZ-ZFN{?g
zAoAp{>_Q*IuJpm|*P3HqalB;Q;rVH~W*XkO8v|;D+<$AbVNYcodwf7laHHBH|LA{2
zaUo5K(8oMG(%SrM!B+W9z>kHLH~&U@q_rZ%8r>0;o#4nsc<zs^m-{~ClMB7H;}@m;
zb90l)4exy1Uf3Qc>&g!aA2>gYe$<h3CQ;MJCAJ+Htt^So19FMK$DIqB=k&2poAN|~
zjTYP-d0hHyyz_=2uG&S&yQCI*EhP_K(;K_e5!qsuq7sszuwXg&)9S)pgF|>>U18hB
zSJN2pZe3w{7C-ML+(?nw3xY6kS^PrXh+=+p9f)dwuzY<9TR%h9Nn0F2ZiJURWZNz%
z<y(aRg8dHvUIWCr5f^PWjCB0%m{~X1I)HBX1+kQN$wF9fQ^#lhJjb)qKIb)uX@zH^
zW3_HB@nG|6_nHHi7_bqr3d#uKa~$s2$b-l`#alIH!1alYjh%|_VZT!%Od6=<U~;ud
z9QzxExI^><+X@k%pq=7Q@u<V_p|(hWl1dn@H^X8S5J`}mKFHf9^i<q4f-pqde*gEw
zPOpE5@bZzsdFE2-lKI!eNaqOOcfvaYxY6+JM}jCxD6#_ldHBQN#}yFn3$4pKzz6cf
zd*FIB6qL;^fzBV|9lgssglo{tfymTlaN#mgLa#VxSeLcVk?--DFk8l8=hR!q1hLMY
zBRkKTEgo^=KnD(wICAuTn+F2C8O6T@mvz*BrMJeHbvSB>QC9>yN;|a&TgG_tq5NFs
z&35{}ixXo%itM%W<CD|Vt0z)ROf=Xz*p|FE7Nw;1<+SSK*}a>U#k|?6#IvCk-oGn&
z*85D(2)kI+dCT8duBE3*H+S6VK*c^xIHj;rn<ibPr)5J8>0K(7TP3y^<1|!^CEl!A
zxvRz0Oq03GiMrXIpZk^gg^_2!gqE-2lGAhh)-Ihb=jAs;soMt2sd8{EA;?Klhdpr1
z0T7zx?oG2J*Iv@Hfw&6B45vRVb32Z<TIX8&_La;$%$BF*WYxQ&hX7-#tG6dKc!}jF
z?Q1VT6xx)P40NhY7QGKWq^_&_xE2Z>NBwcMF0}C74%OM_+E?k2o~8t!wSW28Ytd*_
z=`Ip=Bn^AHx0S5v`FAMmINsCM>mHTWR9pQ#tFcm~;lC%)v^MMNfNIW$@D8)>W7@&K
z;+C?kRNG*`P2@qwhA+*U{r0^A46`+fg-AOzJ0^*MFlTJcs^T=4_k2bZrU5*KpB<sM
z3wt;|RV=kq*O8NLAz7`>kiV_7xw33cW&X&n@J>~A5{me~h_xPctZ*%IxUKgiRqTgU
zS4nkub7$GaKrwYqV2s+Nh1H!RE>IslUTDI!A!Cf1+_?gm);a_CSLzAPrHD(2S4<L<
ztqS;E$-0zsIls#?i^}iNF|r=^_@i{{rhDliXdp;eMS$w%LydMiD)ju4(htrt+|v~i
zXIkO9Y8;^<#aUGYa5%4(-W%<rJPs*Ki*)93l_g1?qYoM@^Pu`!grvo#M2%TrHu$6i
zqtq$>0=L+(bD?>XA3`mt3kw{9*tm`AG)e6Q2s72x2uT;K4F@;`jLQM=wW#hjzDr91
z`U|v+P50TSb~=`s8h^_i21Ee3N?kST9e;l{^<LeSN79sAT&%|AdO3h3w2zOkPO&d3
zfx9k)>&Z22-m~bHZp<sPH-!FSR%uYf7Gqz~gGykVK@sr6t=5l_ryc-{HoRC}&gtbH
zmXMgX5z?PL^OR1?NgsFNy(f6-39aqE%l*X?KQ?4eKrq9tz>mk)(%juC9C6${fZg7F
z8Tegvk|VSZo-E<ADFuh1mW;<5Z8YG<MBY}7(=eMCug?hGT@ODs#e3KWsVny!->ewg
zDNd1QGe)|o1Jvwp;cgFRv7O+YK_lI2tPA4tHx27vBfejXDxQ_ON`;wGfrt}rL)jyU
z&b4c$bIRsLHVhs(Z)I6hS^0;t^rAJjgQifvxf>+8l}&6sZ(Xit8XI%V(_v-)cXIo9
zWlgp^GJBUP3vvo;)XWhwYR<nHaamk#n!gCdwIGL7k|Nrq)%#RUef0Z|$jHs54V9(}
zrEUgE$n8Z8{qzwV4=|#~a`<>^en!V5?88!E(ms2l-9#GB?M2v>x|ermO1ad-aEliV
z_gkvF>HFzlFOYF_*0h2gLhMB*(iJgPlyccG0N*M}iX5Djb_b=nnMN#9n~7?OTE3|R
z(td+y1VsFhqs!Dz<TSH!M1`jb9VTmQrLuOJ3a-q*mV%Y#Kxx)3tYrWQkx%3S6KDDo
zhRqKC(yn?AB}7I!)l<xLC-NG@Qpk_~ai)}Kz|K<3<g60{O#P}dG5!13qOni?$AS5Q
zoTTy(bGcDm(UyIkV7K|^`2oZ<MC=5W-zteoIfb$`6F5l{NC9!4;@kz1S_(V-4kS5$
zc&&{33Nte(M8WTFzgFpO^KpdHgW`<_`WIlE+Pp&6>hUOC59aULDcenDBqkJ^U>wNh
zqXOvDzX6p!<tI#WnQ)$@LNs=YQpUoY^(ydZqGBKH99-np1!TD*;z1FdYPxgvxZRUI
zPjJiZykm5nV<uv(x>+MEs}3QALPiz>cCBpBko!?JF{60W-A`dw*uGO*R;RQf&De#D
zrJvI0?1Lh$2<b`LcInDw0XE8^%#M-4Dy*AQOW0b?2aK2^wNXwXyXW}vLfKssR>yNq
z445h_Y66L!Pb+Zy(x@&dEUIeKFA)arx0r_9a_`Ops^|8<v%Q@1Be)_Ll^=STP0NIK
z-?Jq%OP5=LRH%8kOs!}vaV<b&;3lQn+}y1Fz(LllCmDx#e788d^Q}8m2nsSmfTk9N
zfClh$Nk0GLlI+HW_RR9Z$tdf?Vyy;O^ahD~Gp>!_8<4*7hf<Gc=YE^7jjzNxi|d!Z
zQ3y{05>ytx300Ck_CpGS&;qtYlM*lEl1v0Ef%e^9JE()s4yb|{y765OQqM{bQWxS3
z<9Pm7qh!kqG=jJ+06}V#_^#hl&%3{+x^Y>)ykG$=hscfzf~5iXD&t}HDU|CQhChg0
z$R5w$Msi74!(tN&gJMnmT?*g6It{S!sRg0%l}yh~sWy8hKGb&#-oU?p?RE-$kakE}
zcjobU-+YDUk4`U*a)sqXYk-%Px<wOJ?OilQuzaIg0M{f}YJE;OwFCGVk)~3_NzwaK
z*h#UZQWWY^MjFwGtE^Dv-6TW_*4(hb`aA_vs{nWY8zRo~A5t^vVOF{REZ<G@R<D#5
zl^%5w&L+UO39wnA1;+DA-uTt=7rLyNE7_oz@;_aFBHR_bv>HwbHt$(*r9<vZE27;|
z1$EnTWQ4^yG~iP+$sqVF3FqK2*<;+P{Pdx(yf9m?&NfHQC<3J_4_Q9ncDjG5B9HEe
zN^ME5N{4bOF6is>GVl+D<q%o7F3>=Axr`BdR!jt|akBs9o)N@(S?qV`KN}txUTW~A
z9QaOvop8#T5r-t8rAzDR6?3yR0Ne*<Sj=ymNs-<!*=5eMgx5`j_N7@JrD;_kIkGdk
zDg0h)PFe~zqxDyJD5>Icwm?*_%jIa@P1N7TtE<bJ#d+Y5;Bxh%84kh|3gff4)~JGg
z%5sYPbaur~<U}m47TjXJ)$r+hUKJ+U)uTloFRjU~TEnVWV^8F)Dxli4^EDlyUUn_b
z51@6I(_XVmkF|Ws96TyFovSh2KkdXUu2O_+;P7&-9IJq|;|LqJT;(+<E!ea2r7?al
zC9rCEHOuW{Ut`yMVDescVH{SFF-ip<tvEew_8!p$G22~!n3zGD=H@NhB>!+58p(m>
zN<VKZ?A~O1s1$mKE$TtJ)0p>bH$qadkil<Achby@j(Jd0nR1&Mb+LugwKdUbVh3Jo
z5(BI!O@*}3GQ{@*y2ap06Q^um+$xi6Z|=Z#QD4TYg;HB1KG~ZDME+{Cn*|g4SI^&2
z*jab<uaYNQ=CHR!uo+qn(6$#ej2hlDpB?V!`<Xv%^;&*#vb1|OR+~#W;|P}bEW-*|
zm;Ti6814{_+m1XqOQ`-c*iB7oCLG7Yk+U>HDOf(z(3L$&na9%X#$C`lCUdN4mNle*
zvcY6be+$pga`h<A|GjkyZ9(YsM-4mM-N|V~5<%?qE6ArK?0Q3n5(De@hR!mZokiW?
zJN`|jsgnHlSa-Vb<5S!vY19wQ2n(Q#w|nA7l*%@H@{LJ0XR}3xO11_Q?s!)^TgI`a
zuY1%F>I2KRoQe0QDJ<blIudo}9OjHHz$Pz^d7`rC;*+DXSxsws74SCCu9!dl;$^8d
zT@b<FT|t1x^b*mFZDP{o?w$ImYijYWmB3a?-*eh*zr1@WV|;V2%-nBj@=bcWvpYG|
zF6M4^d~tSQ|K6FP8E#wJd9`|M^(pmqa3J-<*MMIn)VkXOZ@<JeeG+JZVPMAOU2|X1
z1h9q{;7<eBsHh%bMru#EZX31+xL(cWr(}4lDm;GkZ?k55)drqwOOxMT!M@sE%^ex0
z-`RTY-MTK{ZXVE~E-<yd-ky5tCcSh0WgH;1sz8{qelc>5YkH=OAPHODTq)S%&3}w`
zl`XIjn@-b@u)O|lm9%lL_L-J_vhL14U`-mc<)Jw{Syo3CR>g{f(Tk&JPLlccIvG>~
zv(DOcrWhoaHjtLwfdf}tg0;=0j`q$AzF|0HH+6~&Mb6CG(i#10*`qg2<4hZdoBZ^!
z=qFfeRP3a%$_g$w(>htM4axWUHcBCD0iVAfud^rxxuz_c^ZU%<`HHq(VAyICHes;^
zjTVWRqTbWxU1ej&v@cW{Am-vspPHA8bg8^?lM=@YMo-}cSRTg<TpELBC4Bj;^V|}k
z;?HN%&GMm_B1fDN*Q`<JS_RDk=fqgm*4_X^bc^^IDqP6zkXnv&W~d_?Gu>QT3~z4=
zX70K7XtVv}@_jAFnED8P>iPX_t@y6ag`?az#$$a?)OCM>PW0waBMWM?dO+Z_@9m3=
zIef;iIeJz*S+m!1BcIe!^-;5TDlBTj+Ya{XQ3aX;?4HsMs)K@6X{~6|gz65oZJUp|
zwrsc2P1<O~*KxzlG4n1;P(tTie|`6;;y6#6nu5;GrNf0g{rLzV!HZZU@51;l81>2P
z6IIN8y-Phs?#+p#%heEyUv!s$sRXm{C3|{l^$7WgY!3EL9S+RQqPQzHFca<z?eGAm
z54?Rc&p<nb(`(R#t{3jQjQXv&`_(@++mF}yYr5S{-ZBns^CdovAqnkmdH272jP)no
z4}^4SjXmX!TedIo+uoIok#O%vvZVaFmk41j^gZBDb$r!&veoHz=8V)8s`ukIt5XbL
z>x~h{Ulr|<US@n+lF^<Ewwywz+2L1aVx+Bb5G&7rP&ltHW~b`^t;$+>7`r_hv%`E%
zXkWhhS_9t3rh9B=@vC~t0pHHgJ2<`u0Dr34xvZWx9*fsC8hlX$SWju5?xDeZSoE(>
z`sJjD^Yq}v58Rpl^rE=rv1d>l;*z~KsdwM<0*;S+d5Cc5E-seW#Cyd(%&vy!S5&|z
zLbJY8F`9QK|4}a}upXN*c(&60{3xGS&`Wt&D2E1god|1?*7)o5OLp7wOFm;Q2LUhD
zkWONN<8KxxWv)+Nem$@!Ur1gzJyq3(x+)s+pZ<D)n(74=!>1lCjd*YI6@LRgsc!k^
zha5$X_!=FJlhxUt;%YK~iLM=kui>+T+8QTqr*|q#NnU4F?s~`T`IjvkDUENsqNtyi
zi{v=>)eL$)?bkJB41n!Ey`i|E&s8;wwBwZ~i$eng)A-Mz3fUVqwc>2uM+2=d(Jo2q
zIYliE=$|`Q_%>fI%d!vpuC>keqiXn^uJxm)0w1uP^xRY7MrNSGtNdZxMEa~_Ey2&8
z>+g3i`2lSuvCV!d*y0Aft=uM1s;+t(70lh+Hz<0hrWLq}D}U0>Xn3!Uj62h~ey(mG
zP*BRV>@@SkIw@ltwZZpFek09plQ#5e!{4HgZgvVykH_(=3Toc6IP1vaHtx|{@{{>=
zW<${XTN9&m*6yT5p7I@-;c?@N`)q~wJSY2693MsVyzOzL!TOvd2NdCZ9^cgJH&Au*
zLwhztJ8l*G@QHYnBF{l0&oNDKrg>(I@o{pCzXDJ=Ve({Wi3xmAi9bD|K2wGGl*S8|
z1B2LZwh?bWD4c$fU#<fD>B&lRNc|N7m$|Q(nDHu<Bi~9e;}eWWBisjq(P%t5qu<oY
zdz1h*YB#h=-?zoKxG||a3*wFc0MFTOlBM+x?9lX)C~F|&3urvm$ZJZ0rb(TJ@mOj%
zfzsI;0F)%Yl6Z65LSOODnd<mv^K7&=)tiak<9^oZKjxUXVg5Lb-?J~;MG!ll42Ba#
zX*|8qxJ%<pRGoy#70ONgxjp-3ANUCv&uA&*E}P)uMiRQ*>Y>B8oFmTE0md||Me$i~
z^`hi)0!Ekwa-?yofPsTTjP^!5l6AHEbK-(pIdUW%z!J1*aMb~@k6wMZ54nCwn&3C!
zoo2NYKxU&3pg^<yB}|_&I*eduXlzj5CwtK$wp8OSuUQlCYFz?%noW9&d24+cgS8}2
zX|4Cxbqyp)s?^G&t5gD<m^g9T++NVtTNMdw9uUzY6yo5fj{{(L79u_BH-7l##hc35
z_Om3>HT@x{(W;CWr*YJKe(n$HpH{1PAa1M3q@!|!h1&!8Bu%IQvdmbPB@agnrO0Da
zBnQZq{UbIUBNoaE)ydgu((vW%Gyrru%}my)Wy(?qA}na~G^%?_Qf<;>sw|@97kPzu
zsBMdq#T7uzBv}=}0(CvpJ!%?BLI${KaK^l3gfzv#SVDtTU4m@Cx}h=?wbSp6VaRWs
zWrZ_B6y=3K1J$S$0T8qR4S+{0i$3}OO=W*8NIaGy>P@9dWkj@+)CEO+LqxPXfXXg_
z>5D(mFV-Z6k|8Nt6%dYh-v14{&9POybyhwUi4|r*PlL`RH3D8us#rP{-tC(x!=JvO
z%Ko3wIEjYHP+C%<zu=?Ejw#~Zf`lbi00>a==|;%Pa%4k7@z6&hCbT%Ylv0+3{yiRf
z{@lkY7FaJs31Ym*8OV%xlO!<Lg$kX*Uo>*pP^cyGnn{D2l5A(JYx0RssIC!W{g@=<
zQo#|y;LrnVsBRI#W(mk#FiKJm+%RDBkY!}ZP>`X>CDPw%U=$<pc~;bng1Xk~BV38=
z644r@Wrv0O3Q<Y#IG|92q)ljNE5rir;-y^>Ns`eB7;bVw<-w}N$iHVggMVvAEkxZ2
z9Z%T~di^wb68*FT>%L{&`vfI4>96^}fH1KB!&dl*;>66s!SP?@U9A5NAyn1V!Ibfb
zy`77gsk5<@rGtz87YFW_C~s(M$|x%Q??WqQYGtVIs$yv84Ev8C*W8(i?d#xckcf!A
zhYme66AKd&JsSrL5i=+E*B1*biyotti=mCBv9O)FjVTcmETgcqv8kO45jP7LEaN{*
z{{(s#R(4oMQ9}nwQ%iFTm;WfjGOD<k+Nu+Aed+wO@Wsk&%0l!X*a&6VFARwP%|FKa
z57G2rWd8*u!NJ7z|3l)dmpB=_CWIV(=?6>58J5J~0|i4|S1bAbrl8gn#29H%xt87-
zvD3G>oq~7_RF%N}(PxqM!pM6C|HY1>TTav&-r4Ws#SOM)SAd;ZFhpkAT>7u=^2D*!
zM}{@OnfL_1fSq$I!OLx}w&~F0(*=h@+?(k<V#yUXZMVE_YWqig&)W*Y{_V9uY)?P?
zowL5#sq0p#bLDLtLC?anqU6$PUQA8L^EIwYHYi~nGf+DlLn%EEp{35QU-dENch#6v
zR?Wk!E9T2Xk2~B*;(Xh)mIAZt&`f<}l<R_a<F+W?tQw@P_$lfd^OlJBFz-?1HI!E$
z_N>h8l&F0x!?k^7ThLY{2d<X{y?2)i?GgVyi<O#kkno@F++vcRB<vgS1r1=0qROA`
zf@0~n9n}Z}tN3jI&vVsa!nPFt4c?vfpY3kpgq}bHaX&^r;Nzu|^$qWxdV;~Y*U2Yl
z`r8k-Xa1AZ1%IZaK}Oe6`$EKL+B=nm9<U&ao>ifQ?fnhcy)Y~}KgPBQLVcGL!3P%L
z@=sRa<57mxyF@2(4`dv1&j1e2jmA$VV2w%E8}2LajrCQki@!;Y+@2Ia`!Ql)P#!e>
z>D^Dq2PguUGKb_)g72F2{F)0*$B4wk6i8Q=^Y~yDas<65$9;y3GDw&k&0aTo&>UId
zPiOJp<3$Oz9}1u;p8-K<S>51(18&XTl?KFCJt>5oSOS_26$vD$$03~I+}H*M0f77G
zReg!$&q6@J?61`abFza;-}F7Mcu*?mZ)l~b1KT*<h@|zvM?8B}j{5&w-u-XRysz2$
ze-eyQ#ns5=U$&__xtji`SH#fS^xq`^zvh{xle3Gcg`v~G?2$G6U&mZu38P_Y;$q>f
z^EKUxIN6zrIKJ?HxtKYLSic%4C)1bAPQ?C|kR04xL>ydfL>yn)&dTv6vvU0R2K&Ed
z7H&2oZq9$>zS<Y;8#@~}5$jhP|406(&%{c^{#8gg*uSpJ%}m6?$@z7T6_%Te>pwRC
z$y}_QMC_d0M9fTIPW@B-*TMGX*gpl<{}^T^;^g|L$VSA<{_o-(U!cYRQ)cI6C*ow|
zBI5jVl%3_DBdkPh>|aiN>HSCdEBjfwnf}wbzKRU{KO4+Uu<Y#r^f|tQX8Vs*|EvEi
z=&wM(ocoXMFB|`S;rI%Y<v&4kd=(QmBK9v#ny>ah{rP9-pD$l_xH&k8^!{h%`LBBT
zb@m@b4J@Ooy_%inKW6YRNSgoj{P%+N|Axk6{r`f-`#;Dw%-pOjO#csL8$LJ(oyDZb
z;}fliCOUuA5f~Ui%=fTVDz}s05WIAMjK-T$SDnaK>xkuV==fKq@1pK(M)HXB66X@#
zsLA*1wc7LOWvJKdiO(DJTsn@E<#|O}8+3lQ$ns{nVVadR{4#BxF>JW1|GV{=E%34H
zV`#pNB=zWg@tos4&C5h}tc0UA%N+cN6+J~+W^m3Zc!m)fwOqs)R_}eI3_aQ(I!BX?
z{k!0&-5KXML&jb{w(l9?d<+Zf18*ANB69Hm6gjNsWN(Hm0t8mJ*}&jN7GLR@{NWEP
ze(a6qy~-*uhJ0a}$QuKGH~u)|82IjxU*76MbuTr4j(up~@E(kwf_G`>flRFYYbM85
zikx*!ufH`?5xPJ@#gdymPr|*AFZA~+tTh<l8Pc!_N=8Pl7F~Vr=YYRR)lB$Qe#*|R
z@g4k2+Ohc&Od}3~;L9I}jYdSbY!RgVWihlD1}|L;Oib9x+E=I9{(P8g&}++;Z3J^(
z&~fV{C81HKEO80B$5byxh<91OIQjkr;HiB9;kU;EjalO(auv!Kw01)1*@3G}F&tJ@
z1B`FVa@Mm6(Wrdi5c>X_b;|oB3ECGF91)<4DPU&NYg2VjwE0OtML2-IgL?SkTn<C;
z4(=aW?t(g3JzF|cdTH)sU5X-QTwuwkKVJVO2$tPHa=aDTP0J5CDv8$6JO-5~Jqo+R
zk@%uj><541a&SZ17xKZ#YO&$uw9?gz-H9PW3Y=~@g4YhC+~rFtq6#G76c1R+2}rnY
zMOXxHh8KZDNf%q(rbV4xAtQpW;<7Ej4OZZFf0)lfs?`0P%2I@Z>4kfr$&it2&Zu{C
z%*luWEgv;5zu&$$f7rgZJ>C5L>KcpB|9*GpzG2Iw{@Bf-33oT}d-5mF(x&aHkS@9s
z<s{0rRJaXXJHV1%Ff1|~Epmt>0f)W&X)Ht`H&TP4)5-8Xa4adwm6lfH$HdV)y#C7v
z-bvxm!<K(>)CuTFw#=uMAM%}61eFtSMR}J+SqqS9t<9-!QrmRkAqnF$lRG4&?~9p6
zMqVpU`%$|^dol?A@$^!+)Wf>Vfx;9EDvR8HJ*Sqi$-XHATKx4Srp0#6r=&K|Qt4hK
zVTj@z9G0y``I^W2iMBV2tlW^G??4Ot-4vkb^YNle^s*F9;?nygE~nicXgxKI!1;Nd
z5+-=`I#Jg$#h=^Va>_aqoI>zgKl8FhN?ADbKv;Kl8O-+u))tuU>V~1yOGJWcxJd>J
zMuTR1z@cnKQx|#A45?Nel60j*oSd?*UD=8XL%tOfHhxKuHa2EkTHLQ4EN5ie<{%^Y
zT-B_`$t-N!zjIpS<8D8>ggd_zGIp4LICeNzeyET;%qz4uX7;3m)Lg3?Zm&JaNo$>c
zZ_lwT$UX`Fa9L&0?s|-s61X&Vrb7b{Yc5}BuiLRBFRTF;&8g{vfRQF~>HqP8TJL`u
z;s5m@Yjt^Q$@SgpZE#seR>7}!{Vr*E>SQN7$L}^sV)9j9<~7H|Bq=A1Z$79D#fPxq
zd<r)q90gNMa-QCz1rSUuzO<`mw&_x%k-5*JJ9>kd1Nw?XSqjgE{;TD(c#vS0jmjoK
zm&H&0oicptv%U97m#5|-&4A-l^q^mE%B{XRG53Z<h8a_4iA2>-M<;e{d`Wv8`L!<T
zkFt@Tj<&S+n6wOyVwnd7VN=qUj*=NYIl1^ZtduB>gTu&34Yy1Nm<ujjgsraq#u#6<
z+M2PQ&G%{2+al){q%$r(3=?Bur|%Ay+GMWLp}pJ$MAD=hH=Zi`DWM#NS)>s~+7LuM
zH)+K<M@mylOj2}0UHx<-zqYz=uvp%Ts*O%?dB{-nqD4~en5w-sgC)ge^ZGbHIl-LP
zk|mzRet+w+B7m4hoyRPzRxZ)M`YA7dA2?r>(@enlT4{?a2b)kV<&=LH>{@@eB+N#&
z7TnZ-h#;5I4C^rfHnaCS((MKOgYnv7R5f||4uqzdkCXT~=mqTTf*(#^3Wi)7)nzo~
zKo(`T9MWl$X-{A(v1QQH7bCCPcDIy{8ez(T=?9%mB&!WglwulQiI=1Xido?L{JnRc
zY)|O^@cR{UE2r0wZX}g-Mte-%_tRXa$`stJS>OF3xuFNj`E$4E(=YH@4FL!aaoq&v
zyWO^^Zbs7*=_2k3)0eF52&p$)?=uvyd<tuYS?*4ELw~KFhaWh7rsvygW&VCMN3I^3
zq6N`7p>Bs_eVUdh^&3Zpl`XX~ISng*uFW|~jU8E@?~A@OP0aU^UbB=f+IoK&xDD>s
z*A_}b!=}#3P+oJ)cue_T^uF|Q@J=gzs>HuxI@#~msD~{CF2am0TFdqg*?1Ao8nX&H
z8Ez47vgu*5#YP`-w%KyuHl`TrTfZ8zr<v;Mv-URW_EVVCcyhyIseLE&)!qut^H2xD
z+o3&{&HMjg>>Yzdhu=2MwrzKxwr$(CZQHhO+qP}n?$fs2XZycZGw;mqTeJHqsZ@o(
zC#g!V+|Tt@7ToC9^|^IYGgqsDd;x32oK?wMT+GzhRQIu9la(Ccqct4a8Nsvne(X4W
ziMW*8#FC{o<TZ8cj$T84()KV_=hA1fJ+Fxp&>~aL?q)N@gQ8|P+ciF9E-)~nYaRMI
z{ROs3q*@@W#B{;@?{3j!Nr*o-W~~s*zoBSI95pj|52}x4$I??_2wGX)*36GoIUsxA
z2x3dxq#mvXqf???sjd*gQ<`s}SIU6&tc?2X@&f}{ZSKs7Df*u*ew2LBcM&hGpvoEB
zM?1z%V%w7gMJJ}t;+Tnw9%Aab5q77|z~cu7(nuiNvja&ZwL3gH)CrQl`FEhyhdO^$
zCH8Xz<VNMr2S(A#3ZRd5=zTCR+QQ+5(nmW)P32E7FRkdyh2G_n;<Dm*055Hol}57$
z{?`0>YS2eJ5Y6U8CU329E6u-!Olg_oq9GzE9puU~naef1d?93KE#(Pv3ynywaxz5A
z{95(s4@~9IkK^cUyrdym<IM$`D|30Qs9QPG&~sJ`<J2IV2j2?2<WSM#;ri?XMa|L$
z5SbXbk-|S%vZE#DgZ_}>5z+9g@UfE~RL(CYyc{_Zq{z(`21BMcS=Y5x+z1k+{(nIK
zVk;yoOBoqqtd5CdGfpfxi^mc#4LJ%4s%~;%7{x)RuR!V~C75s$k0l;G!#d*)GSA1Z
z3tJKk72PW{){GlqNst{ar=*TKtHNMudlY3pJWL=Y7QrD&DjU&Q0XEvs@-gnHKC&|9
z2y$fpK~h;%RF9Q92WH01hzyCx<G_tGZO1Ic<RmOJ$!Ez<MIz_~HU@9l$1sO^y2_VK
zl#GDP1R5F$_!|#|6%`0Yj0IE*$xlhtSWqTUjwuJo4lFMUz-6u>Ys~NET8rexLjbKr
zkt7jXh%`@hU~JAzONJt0@FiTxK);9;nt-1lU@VLY{=9X`L3ZbxDjO;$#3+Uw8>qif
zpdez(9Ulk`NAE<=ie;J|EtZn-w;X7CxQO$Q=%1Pjr1@A=fZT|qe1{APnf4%KQ5+9u
zoM=-cMj0l?b-?_h{z}>(l*MQc{w%{t)$meIS#xg?9IH)0)6j8qPCyV7U;6CgjN%|u
z(Xf}PKOr^r?}QT=?AXZU$<o0^(y`Lee+2l+U`fV|X#-9~vIDA-i4&pH{}k0QRuwzq
z<zFvMhoeL#{Lxs$ss~gcL><qN_SY-6;Lb=jL&>5<rr;n1EC7qC7~E-R23!Cd8(I)g
z=Ey`*>VMV;5HGP$m#VFZ1uaho>lHOp%%m4I;6TQewPy`&Q4bNC7Aip?n5ahv<IAW>
z#*hR8X&)?JpN4p10>kI9?$;$`6)5tsl}%^2$Y4Qcr^Yr;C(O`^zKb6?{mab9oGTs1
zw456w#8qTtjlc!1#ifR+K3X+46%UgzTpt?<n=U(=xIk_6@CTGIRI&mkIE@)4X(N=B
zOWzbYk!do#cpi}g7~@ztKsJ5txSLB_4A~&(0H-RLsZ4@BO@(O!Bg)d2)s#45RQ<(Y
zodG~e@ywqYCQtx}G%>j2;+R7PkV0I&zYr&izLayPd1no`7*Nm4K5go@G#B9d{_}&|
z=7!bM4OHLOZC)o=zpRc;9B}aV0uD}IkITgcejYdXh85i9_4REh0O0<;qO5A{(qSmG
ztZQX!>*V|<e`{a6jZVBLmsSoT9?a*fJa+O3j^0?u*3XJeT4#$}SI)j)V3TLSwjXl(
zy&~$R{Yya3s&4JLjHl-ZPp==AeG|Z@t*mPYUU^%`76AyM<--%~D>rsF9~chQU_l_z
zS1qe+>Ui%U-+vmM@RI`E0)Q6q_h=f10%X(Hq}n_J1M>H-FAVFYxo~%SY1u4ZpIzHJ
z0`c_Nc22+)w70r#W7rT%RxTf$In1-Frd9@q8N%u5WwNt5A-LubZd^ZgbirYt+O>GB
z0X(1Hc4`FRAUnZj+&Q{xdT;!_%;=~AvIPbOTwOXjAQAdO|1~?#w!iHV&<-I#y$5Ni
zx_SWFg1fx)0GcMa_Q9{4ygaoy!JmQpFdn&FelcP<w4Cn({!0F6^|Q8)L4yHD!KmYb
z)bD6t3*xgC)9o$?YDz?NMO(Jd_jRjC0PPQAK|pF-N5kxC1dQ*s#HMUJptE$w;Aoy7
zo&a}Y*%DGchm07F`(dO=CYU7}jT!M~?!?2W=yR8ExHA(B`C()m$PeY?sY)<#ri?eJ
zA;=B2Lo1w7Vx!B7poozvV+JibJ=Oa{mp)iVNb)%#F;cW0=ilU}GElY^7Z^BL7Xa!l
zT+<w63n9x_4m;1Zeg2e;kfWk-PA7yVK?OwC1|SVm)mG8woM@fsW^sm_yCC!=a)$rC
zAn*)vLCDYrKbPPgW-y87G71G^QLB%ysz@nUph}1ns}W}A(r(j?FbDKfX+i1;Z9$q?
zk$i%(B2kn_*A}P|Hmyqe4H}Rns!<(>*$H%jymAmnSgFt=_GlNXsn8|>xxRZHwa{jW
z6H3%|8WXNH8xwj?2-kHR6DmoOdXkVJXEYcWrYSKd<X6>Mb;UJYUvw8<g#RV(%e)B3
zSV8Rho%~f3dy1?iVl;9Qt}Ep<oYh1i-xv&=)_j|vBKIEO4uQ`RI}ma|P*Ugeb{8nZ
zxRcdojt6_QNN;jlVaMY^u!$A~<5-Tzl3=;8u=Z4fZ7C#{EPzZFRbY-5jSnQ(3=%BI
z^Ua#~bZ6~1hae!|1fz$V>?eycCN5xi?5_kT0q6x3r9}w}BlJU43!O85OF5Xv@D2k^
zoDRAurCuSB#{$;;Jdg&;$HYg<?%<BJq2Gi*{g@}`4+c;@TsQU=JVa9HPxQY<>4yQ_
zCGS^Y&jYzY+RKV0>u)fQmkZ;AsCuBLe~QfiXve`!C*!b_A(#Pc?$~d3aNWs9A;bwP
z{Ug$bzmyL2(3&smKFIln(a#2;jpVzO51f%F<7C4E0Eao-d}_edY^HACnODzaikP9L
z0*04lj-#IeTNh)3Q3|)70g#U9%LwH~G21rS<8MJQBS+t7pgvY=Zc>TEF^5fa*S%5v
z=Wd#~%Tx$b^j$Lx4;X~n{TMz&O<U*FJa=Q4BcrHZ=uP~9YI^EWdktKl1`_R!UN_yC
z2S+d4Xi7vV`H^|>)mW$2K$fIHYo}mKrzurb=8<704>!AxxXm{(PwpJCOhFt-Rphmy
z{00<h>{mT?#*R8WqU;Cdz<v^j<q8ZOwCcX*t#NW+^`6T!Cv~;$cx9db&y-#74?EHM
z10o*ipSyYXvBEoCAwEQmktcD@q+<rLfMeXzKA@i}55A)GB}gra`*KL&5ClFOd*l-&
z^6j-yeYJxwELcWx&@jB2Kl|3nMhni2vp)L4X1F42(%E&#QpV%)w0Dv*TMD&8V!1Bs
z?6cPu8<~Gi;$gB~rwPM|sLY7w2$GFf4+VyBS6Vd9zdK4;nadoqCOw-6-zPnEWD6Z?
z<KDW-F%}RGG`I?+$WIku9_>Vj2K+KeUx0<fkCyadJ{kC8&ogG~<-?cYoMMYO%V@Yc
zgE-xg^rauB<C_G0X(ui8JxRp@x(mgGN&!~GQ?f@NocMn@CQVY=PlHcS1of7h3wB5r
zabBb!v|=w>;~w|4f70V<P<)XavXmA{EXn7WwaqeQNuRnzie{bh4!A>I<RTsTWX#l<
zWiw=lJXq&mIgh|n-eNG0IfzEhh^Z9PohGkR#+OFz2YM<M7#+)pd&C}ff<~3Ujd_(x
zgQN<j;veZFw#<KUP!=;P<1*Zx&R$~gofb42IVLp8W*)1DA0^@H8WJZwixKIR?BF%#
zoEXyv^O<K$pdKGzFmHssRBtNCAg(amYIx?Rn$z!PJM==`yU8BiaaWG|?~)kSV`lRi
zFmVq(WzQ0_1I4;}h;tQ=uOhs=thlkMj7P;W4={5d_M&Htrg<z_`4}8`q&v8#?E*pC
zyn1_07bz!}w0mLem{pm$t+3o&Xg8z94O4`uwY-X-kwY+)wu|8VU+Zldu6d1hMH)4p
zJxwb&O0X7<gcojy#8s7Y#%Ipo<k_Y%aPg-D&C!<=e0xs=SfE_8@m)XkSHY@mwrOd5
zhhDC^vD^mI4W0^gW2J@;!t6r502E@g9yqeD0p4u;M`k+}_{t8ztO56@!Hq(@pjCVB
zE>{oMBUIJTLpZSA2vkEXpE?he<Hz8*#@rX!VFx{9E&r(D$u8_yL!0{c?^WD(0<?u4
z8GUiN`wWlnaOP#6eBp2{Ar4L3w*raj@)}k3+-(8d1J=r+r)eCuW=+k*eP&YI&IXu5
z#uTZ(T?1~y6av3NInvNe3g9jdT#x^?I6B2#!Nrk0nl97Ih;dTKa@Mi*rvH95p#X3H
z(sd_K<Ab0Qu*F8-XS>7dT^eAZ?}c0wrAwO|dEP%lX?0*P6)BaoTRr;nP_;PzFmyG_
zZgY^Ntxf2UPQ+M$s9{QSi>D5Oqs_~*nw%;C&KG0r_iCid<nwH=uIa30$<Exf;ysvI
zvZYE(&~PP_ce&&}KJ27Q4&1OnKjk9}F$GNf*~u(x%6{&0xy1Sc;W*xh(cBm@T9_%&
z-d+u`j&6Q@yI$nDo$*ws1%JBuIiGS=E!QK8g=v5P3kRDf&@~@uvz^z?85U5@$_&8>
zu1n+Aai9x*|B6GB)dp>M^Hs^97IU(e6Wgtwr3Y!Q(H=B3TGoH8+R{dHJv-TR`FG8h
zsmB1@ZcLNLPPwP!LTGAdlj}D#f_?Jbp$cr;s3MWL7BKNke`ejB+&m?3bBLjLA2CcK
z_P%4OX^v<o4;C*ZBh;XyHBG^6W_^VcEbKxleD|!BN8i;KsE|qb%HgI~;pIHASwHxe
zZ1~NZ1O7}&rwH}_EN$;neCtq7vP@r0fZ^I<Vcwc><j}*K`?S2FRGoIm8CVG@bwNpk
z4|!yVb<{#GdOAmw9=uPUIru#3lv(Y}e6v3Xi3{+VTOPZ7e+U?l`XclUd=oI%`N|uR
z;7=Y=tX<L*oURGvR1697HufUrtf~?I+f$poq&nt=`N#DsS-c<mefA+~9NN|rC!`lK
zy{<MX;cWD~Al7#v=9~)Axx=SqyU(RF)u%+e8}%i{w9Cirme%6-RFmZ1;gS|nd0i*7
zqszglQ_2|bdXXE}x4TO^_;dZq@?_L4V|=WAO1RWH!|}G0t#L}2w|Pp~PCYF`Tl6<l
z(MF4Wz<CB-y~WX%*{W0TcjPH%ESlw~+(X1z<0j14xQm$4;+A{~sPk_Zu_JnSLEF8~
z?sj~<x@nJmiHr9y6esVyPNvny{U5cJ`;4DiR})<P#I^g3s#|*+PUcDGFWKZvW(3)=
z8LZmFz7EU3o*V#qqO)4RK2+FlUzq_-0~Xf2e~PdM!L&Wld0q=TOy7Cxvzf6RbUbB;
zOD=DAS$9oIZ(FQiHPJF(s>nassC-IceHKG<YX^4Hhh?;feZAp%%J*wpcWcUDE2Lk;
z75;C-#JnrVNOGWedMpQZ)WdOdhke9v#gYFCq4-=u{N6#iD-MwX91bCTl}GeEi-o=x
z5x>O2e-4MFM(8Tv4ocqURK7q_{d7m*E8d*O(xUQ|?(dJ^nq=MtQ2jg+d-X>06z_c~
zc}owAD0|gL#9Wsn#0KAzD0|D0@N?Y-xT_B%gn|x-q1_MD-{;+P+|3d29W%!+@6sd1
z$QqDFF|lRwtC5!syy;a)@T!L@D6>IY6VV+8JtRgPP{)+L^$~aRZ4h6>98k=KweG~-
zD%cw_;Ki&D?U7^G>v2X6*wJ!_|DeK4s5*#`B%<DKbqQ~yk9xf-hkK>%^PsxN@9(&!
zMRcinyJ7Z1%WktofPdH=_G4|^4Rz5T_U@t&^P;|jfsgE>+ut%c(aV#8fji7wz%3i}
zMY_E(hjXcHFZuiQ2iyI*p&ilbS4o5RIvA@u#NDDA!F6%>B6%rqZz@u}Qg#p{u~lo(
z8nL0Y-EkGRR=IB_S}!p?73qE^?0qEcHCkf5heNe{=dcY>kOE+<nnmgThS-H!k~wiX
zEVXejinLR@4@KK{MyzW)6h*C5Y7iQ+GVr=4yQ@KM$5RV`ZgHP+^q#WJa+kuWYdzo$
z2zQZjPjP8zzksMk)f(1B-7+xs1FQpiOOayGQJ`FOl%CV&Jmt2~RftSW+dr0loI!QR
z^ry=jmLj{Ck-8Yp8g!pHq;!zL)zuEMLR*Poq3te*Q>$_>h(y;OR!NZ>rbJZ(TAd_m
z7aTdJYy||{BBlinG!d(BS*FxPKT@P3rKAn5Ih4=_*%zTi6M$*}%`!064RZix1w1Mp
zQ72Hh&s<=n&PE-C_ZCq1^7%LKGV0gi$Mz3ik2tLNzoUTvLxI4`!v0?hgkRe9Kgsp~
zWP|?&oBj*FOZ-3KJB^&7wS|L=$^U@xtiLS%f2Huh;E#rhg`R-ncYnVqj+O0yr|>jP
z|9?6B@2dYjhySH_{{dnDEB0dhud|Uhu{CoxCtze@{r}?d@pHCA1Tdqw+@NDO@&b!B
z3&rG$DYc4lpG78K06?;#%K(Ib<J<7lZIfI9zN7o*Mon$pZld9?X0$eh@{3p}hYZ!|
z0^sN^gd!6uX@+P9wPptq(R#jHLDIRHHakhLcurFH**du>xcYGo>U0CvObff_TH_r0
zINd@prSr3yVO8iyIp+p@!Z9&AUveTXa9e$vzaV*8!JCKM$Mq6a2M&Wl=%zu6Pr3`9
zj~5Z>FZ60BV-1q^2E|MeQ?l`kT2D+)%7(+HZ4SNuUNGDPJ5C_uH-YU{RdeXiX+1CV
z)SQ}8QmWk^3AYR3kiZtee${Shq-neN0)nM_1^suG!v0@Z@qgCD|A80(pGxDu<;K6`
z`M+S}{~+W4P}cvT+y6mH|L^%<Z2aHQ&;Jzc|4u*uGwA<&8T`M!9?burUJpiwUu65g
z($5`lXl)gh%~wsY>z=ukA&xLE2%O)PI0QuDAqgA=d8EGo+CyM=P<;O%T1rmRSR+gQ
zW%c+p%o&U7Y*JjNBIkJ&s;+1bNtrf=J!@0y#$C}G2KAmfO)q>~jhS1YzT4NI-ngR;
zv+I^M&(+7Tyvt25H658AXiNnn!f^#f4ecD<<DmUp*x>pWW09O0sihBWbHCvDcy-O5
z>c*`YQ$pfQgXyIyN-W8}v*|CS*|<N(|3osX);-QYz>N?)X8_m6QU%1=YZm+8DcSLL
zRW;f!j{M1<?0cbSZ>#LnP{562bA#u{53af!-Bq5+-b5g0^Fp1pR2)h!7kzXv?cu)G
zYgM|eF46Lz_x>b%1?tq*I;hxPxtAc%2Jp#1JQ=*z^ARzdxY8mhB(iAc?CL);dSub4
z;_LDK^Z$?9!=S+6pf!BF{NUv*9kHP;CK?+xFP@!~!b5s;-Qh@yOgfwS{e@YK^TY4E
z4!38v@AF>hPHWPO74kBE{?$UPY`?RAtmSC!9_@>;`LzI#-Iia^fX4$gE=U!8I)_Y@
z-wt|n#H=;GugKF8CP&O{{&W6=OO}KlJx>hrjZl7Tu@CCpze&knTZnU<8z+`(;ph!B
zza4DVxyS|R3ksC~UFII=sW*akzzo|Hr=wtoeGA~rFC4Cj)ESnCQd<Bz|C^8#_DkMa
zakXFP3`~BLP8v<pVA~?U75KUzTOPd<6>)WFTuL#G9;qBpbQ&nFP)9NCiF^pyx2u@$
z07|gHvFoZT0*C^`_VbQ`TXS6K)Zhn8S@?$VHU9NpltEHkqBb85FoERE)>-u;(MKVQ
z6sl#sq+LLJ@Hc+zJt*k_xf@ptFjMjun>`L-*3}^bk&_xl+(Qv>TpP-#>#aeAW771A
zv;(r8k64~tW}4K(-XtbH3Qxq#z!ZicC_byW|H8IebhFZX-uEp!u{BXOe{P|FV$ir*
zihM+-{~DHmNrrKOU7bj|Gm`aisGn`ITBJo0U9k7eBZfLcxSxF1l$U(nDH|NuZMvz4
zlh06jJ6<VE!-y-~6!*!pzQyl#r`p3XocUiq^A$mZ6@27NxfGxC{bG4LX4A>WrUSof
zsU)kF1gSIHY!E3|knP#r<lnXR-%ll6UsD>6^QwxbU3=bs%fX*BwU9;przXuR)Jb?@
zXC(p$WAWhv7{o?<MCw#F2*Szp9tB>^jCyCi^Eqcm5%udt)QBd87ZoIbc=F~|W6rbc
zEdQ#XkYTt8;c$VNW6WEOf!O%VQcWb1@~4vM03bF4V$mQL185+H6M!KQ8k-kL$QI^!
zYCy+Na8gfYkWZQSuI}U*LyF_ZAd$N0!HLU&3^1FXJH=>xc7Xjv<ay1Wh~X_-((9g)
z$Ai|a>Omv}wNMOVSX8rWk)vLOpe8DaHE$9i5r9bwIM$QOa|I5I6EP!C2s>maS7Mgs
z$T~7V9=~TE7i&|eO|iflrz{h&nTOH{L;EDsuxo@B)sG^r>;&-rgv*XRA?b9M2)$fu
z1kEjg_G}1_dS;dmOW$X=gJ3p{B$xmoK6CPnm$RLTNGwYvk_UZZQSc`>YsLV$V;GnN
zFq)nLg3u%^NCd5#&tEo2K4UPGAHaeJS|xGPP(o0GeNAmHVwzX!ox|iG)Qp)I6m8@q
z!yb_1gh34$r(+PqE`^*0!5)m7qr@16m{X|6t_WKkMOO@}Q>e(U5L=O9HZ^l}S`RrN
z;aqd?Xb*WCRmjUqjyRs%=1kQKs?*dg{z$7CVI0@MBMnNhBfzeOU5Y^wm28D<{dzSl
zKHfjNLL4ik`$W~nu!da@Eziw9Tt50k+zUuJK$`s6C;f|Jvo{~Bddgzwv%vFsoaMC_
zn-s^-t_ieycZiZ-ZuIG)$b)-{Z{jTnVn_2W$IcLm!oa~1k`&MxLvbMHap^S;L-8>%
z5nT13#*;DVJc1D?h<p_4)w&nh42vC<y(8a)ZgORra+WQ6EgMP)`RMm&p{uK!svaxf
zEiEe-VgDiF>c%J*ZI@d-Sv=W1CEW{hlX6ljzC1q5$zok1rx*?@BrH%EjgpeRgBRCJ
zjT?$0N*IlS_M>Jw8a^Y-#7w2t>GgSg7(E8Pz=Fo*@cmn_{tU(UJ_GwkkQ-ZVK&^<d
zup*t$asHzlLYC7-AzZ!J;q*P{c2oS%zRbke<!W7RBWcOiW&ZgI^n+XH`m&9J9N`}(
z+tKG;-dRjsf3IwS&xpU>dp<*~{zP=lCK02pD3{EGM9+Sa0H?&u1M6ERo%F?3#&SmT
zr1YtyqFmd%Wg-g;3*u*hd;$9)-5`=lgm{ELQUt@Pr0L<avkuqwAW@#D>dTJrSYu*p
zE{J0-N!>T52)b48r+PNH!#X^ykVdTeU%C2Ti8hrNzQAKsx-UifCb_V+7kNS$rpqsr
zWTt7$Tr?=W?WG;aJI23sdY8S{V9PUWwLpKPQy@Th9DMO0l9H-3-2pUL!yi3)d4Hz6
zkyDP#Zi@F7U+b@@+WKtK@i)8gEt=}h1HQhhj+FB7IgrW>@vVp9KGv4J@;KX}?<k6#
zhM)KSRGY^Vj#2d=3~9{~oJG+rr~y@tS-{=15I-Bzd!%)D0ZEh8LN~^sGn{8KmC%+X
z@S`@ir0N8)s#Y_NCLaL*aC)FH>dAJl+DOQ>z{LuG>%MWoC=D&RQ$dRj6ncbc%xgBU
z5*Wp+HB)SQb(4%G8s*%Ugw+R{#N;y^B(R4B^b<-mY9R2n5HtS#bm7%@AJtYc|3jG_
zQIb1o{5X2bg7om<LUW1q;DJwqBAI2>f&k2U%V!tMpA|*`)KTY*CVN(oUvQ?&u^xW`
zeG&Mk_V)+!7XZLhuEStsPW-kV(_b<ihj!a*>aFPUc}i;O^O9s=<kDeZeCdDeyWAnB
z^>CD!AnDa5sXh&TCS0(?VF*yQ%PAKq_|rH#w{A^@`-d!O8q4^8bvF5tnyKe86m%A5
zHj+^<%VA!f`6$2SY}SJ=fB#lCI&Y7u0(?5K%V>~z-x5jKgFajtZ3jmQc|@2(L3Wwg
z64@o<Ls%%&Pm^C$UsGPwUQ>LtzInd6UUZSXa<<ZDndJf-mga{BkS2gefM$T^56zIK
zpw?hve?W)6fV+RaPzf4d9Ccpr#J92JOLc@?sqCDD&tXJ(VzV}S2Pe%XPS1LmqWV9N
z>r6S%HOR}pYSX^MM3SV%#tc4d5WjFBY8Y}f6%JcqFUVF*;2xGU@%+*atOa8(yiM-z
zp-!H8Xz)k@(jM#S=7`3<>ox|bi*s3^gp9A8w7O^QOH<nc0(l_?b3^w+8U{iJNBGU4
zR|u~sFBq@ySCA{nZRBRM^=5?EkrD@rBkJ!03qo0iY_bq&bcE25*onArQ<ssVxqWoq
z^f&9H+ugU9JiVjORvJzRv-1THnKCl5t>C|2l{zb@deJl2I(>5;ZzVlqa-q9x^sdrg
z($WF~i>x=FZ%{bAh(_)<2#0q_FNI|zJ&nOaBE=#6OF1Bc&U%-!!xJ!?QYgKPz<!1>
zJYq`c8Y8Nw2eu6X7zz-PuIdc}Poks_atQ7f1{jPZFifw`jTePxiy=3}prF%*g2vL$
z(*zm&z>ZO{Oqvhq+edck9n>6tR<gTv&`Q}$F}^O)O>GEAOvqy-mm}f*5f*dOSeN*;
z=VLOV&r*F;{?dD(j3AsaK%3Nu^u)o432MysPc5^;sp;ZEVsk4;ifet82C~R!?##=L
z0_3}hI8W4^fA>VYb6M~h+s-v7Ui9;biLhwMz_J8#b|n3cD!YH(-n)6oU%+4K0D&Xc
zCQ!&?bK72I%W!4(Sa3Z~x6|jJr`b1G+&s4x*~#nb+mTfcsJnRBUapNny&`+XeuZ`%
zq>pc1pzax?*E9ek9NvFTsVrF;KNmH6m?BngU-<E?QCX+ekQ>HC2{cBCHE2u)3<Sxo
zeD4NMYT$X>pC{MYczYa=z&hS`w{&j%_MTt7y3X>>{Q&Gv@5$FygAd&0w%Y`I8HBdw
zf}?}HgR*3LXEv`(;kuD8D2SnzXjFr+E|c0R?BS@n7m2H0D#mZ)c&Gy;Cjwty-mYiY
z>byTPt-zmmyB&;_mPTW;CO8Zx`#RguW=D`4@LTsCoGK2kUwPZ-pMSi<FYk>U(9Vca
zWE_P-K!xz2Y_VCz=?wk|7>F{jl1a!y0<SzdJ1!|E3(?(45<H7BgTRP|H{H1Vfc8jp
zH2{avdU~$nexm2``g|Qz)ULbT$FeY)9<pAUMoMCOxthZ9KwEMObqx~T34ONL!U<$g
zgG@V*LsOH9dx2nbJ##HcXs{C|Y6GX1Xfq4dF$COd-`r#j2RgYe9^=)rl2?5b&}k9c
zH|n8S5AF@5@TjyW>JA=UU(1t{G&je?7)+vuj)19)QGH__{xcWLmss>nA{q~rvy3}y
z0mEIsYTU5I(uQ;vLYye1QG%@k^!_Gmj3nR;Sph;@-@Gb`LR-n}adzdS0xi~CN}}oU
z@@;kA>Rk&Vp?PyvcY?0wfc+W=@V%<CLH;2qobl8U8Z2Jmw672*dJM(GLn3YHBtncl
zg)jxPkKTOfMELx;?78ixb$Px)%4QRTs(UJ}?0|W~BBaGioNB$immr!lTKZFPuU#5{
zl97JQh)+<nuAEmPl4q%>`~CQ-=Wg(%^veBB?3+l!lsXw4YWK>kan)VC%tY7V8G5VG
zt^+;@R<NP9cGb4iMPzJ-(5P7khGoLRp0(kUn8**l{_MXQUxqo-S7`J_@RP7QgMHie
z@8^@%_U4=2*6iHsU;9I+lb5$wSNz?J*R7k*+dhwh$^bWgI^CJs)6@1~jrCTz0{R_M
zkl$FoXV}mbc{&W>fq`aD{sMS#NSH}*DCh;O!9gLu<sg~x9%&zPzzkZ$#;(BzFQKv>
z1pGq&7s5tzQGyRqlPEtka6WC*;FOYQ#`$yA$)#EiAb0!2$H?#{s&6)aL<cf`M*8LF
z`=oSsGX3-pi$M68<h9i9^qx|?>x|Bv++JhL=Uj-`jjn68`LoYji$<5<`>qxAOGHK3
z(a|k=HUrNjO1IT@Z;^rmE(Hb2BeocH>7C6b9v8wu!>vD74TP}?1IY$MHC?H5dh3zW
zUt{v&qzdjv82&x)cSroMmtL6KLtb%wDn0jrkd(fEM=gujZ&Nanw5&GQJVcjTP^XJ&
z=Vbuj869t(m2kFx>k)K`k_Nzk!KV<L#Sj<*m;0TN{<7GkUZFVm=s{!Sf$Q)<@gjgS
zm}7JfAx4F67<gf0phyD=Ue%Ay&}-%1Sw7mJDrEUjdjeh#0TIp^yOS5U=iVTbC3lu#
z!@O-`=W-^l#VnozN<0!>Pk)aUI<y&)NK!_~frRi^gkOf3d0xaF_M@1+w2pG=)#$!R
z-hZys?{V~6{rmYYbNITh+Im>yjb}KHS&&fsY5yy%^Rbt1&Fy!zK#=tgu}QTrPm0}U
zp8NY7^JtMr;VAc9H1LLKeg#36To%6a`)Bv&-#gN+UIQD2ng`duGQ)2lgnL-1DAurq
zaeF--cj|GlL7g+zi@!I$(hy$N!nU%9{7#XolDh>!NY|}8PfeFoySl0$4~srwa6Fwx
zVoSAQH(7fMt9N7Bul3C#!DHPI<9WPMc)p}2(wD1wc6)7|jjl7{h;*CQzrnlE9eW^1
z4V_fzuSf2P=UDv*t(+E`>2<VqtX7|PJ@s&$071f@A;Q5hp<<xa88se`$H5ihu`Nh)
zKr#qOVgc!Rq`x3Cfvf^)`EvBd1<cu`#R<#|GLlJ4%odx>I+?sP@o^6hz43K(Y}BGr
z_l5=yz6}O!n=x+CT@$trZOvM{H5)ZMHCr`%Hthaz`@n;Mj{MvNxbg7jaOUu5aA)us
zu|-F3?e^I?=y6hG$48k*n@62TA4j2A_=ci7k<@7DQc=evnIoGcoUM28h*-Vx*Jc_2
zC}XdSOu0^Yfun%G?x!1$%#O=q^BNqil$KV(Gc)nt4nLmhdfQ!P+Bt1ks~wIW9Yb{F
z)3Xce7TW9y@uJ2KhIyP(uhjfx)edIfbi3i~ZlX?I@9qhb_aRtWJ#y%aO7oF_W`?(`
zFZD-~P+KoI1`sN^Taq$#jSw%;DmIj^BVW$@DD!!qe5}U~ak(BGTWP+&qr~!bAIv=|
ztwG0(^xmTTXl_cLAn|)#UKWS9F!8<m)t(*MjStPk;@}X!5sxe!g$Wsl(S>T^9PQoa
zuqAD;&QBVA<YiG-cR2p#Q1$u5_D0biuIBA@T@Fe-)PWDoa-MlO00!G)l9LgX5vgz)
zvM&yUMY`^RIQhf3vcdWhcneFV+a=8bw~wG8nxY*aY_daQ{zbsI2!>_MCZ+yurGzwt
z4n*n#PAq_{f71aonttb~NamK4W=B2}DFVB>J{TkzJpuxEe2Xk{$lz1~01ZETq?lN6
zXy!kn?hdd95mxp4%j{a?$0W3@wx?;u<8z{#9+%&C#N#X4jIZ@--jCyPdc4G=c#hLS
zqtlz3;d3F!texDxf};1;!4?z9m*!i-sva(j&r1dh+Sg|SBw-KH*WXxNzeS4oO~`iD
zL0&CUS~2S7fJAZ-eE~y05XY8iV1z^_kU&{MXJVk#VVvZW0DHXr?S%GYJS^5(2B0n{
zlfY}XRiqkn$v_>1es7=k7Ys3uxFhOppX^m{xE6UtkB=>$eCYDdVXu7B1w!b?f{EC2
zg5}cRrybi7>o@)&O=!M7ehtANrS!gJX6t6S5DjFaWX2FNYLQQF!}~;)2<hRadNKR9
zg*$q*sCyng9P97rBt7q!DcDQ=(xv;TJntrhp;odp*bll)n(Xs$`<YceTSUq8>lLe8
zha0c=4w}A~XTGk}=O%=(TQFWWe>rt|UgbM1;J;XlrWf-$%V#E-7B%tq$rmS@uOV#f
zzVr(QY(z|~TGr#CHmSlO_nX<~4g}!2hOX+S1sd+D9;qXp2voL<eNC_kY|`2}k57o>
zA!BUDwHQ)ZhjyP+*gdBsB)4_i=p5P;9%koi#w6?YU?CjcBSa66gNRSrs)NRiTWinG
zKy(00EV%%f#}M9VeDB9;C>N!ve$UPJT<pM%6Ww^tT;5ND*qha;Tl#kFvB4Je>^X>E
zQZ(QilTwmT1}0^ihq-@}&Z*d2PElk_>cn+E`*hm;`r36H>PYjmV4Ypc7a633K&i*E
zID~+~T-2#1)QQxG7qFlum$ST3#*W=03MN&qB)Nxr_2mH5cfup!5P(=31e;B}O>6g2
zZdR9}t5`nxIk3hiH`v8;qtXr-HKuN!MeAjtaSAi@KYmV@-NG&9By{#jqwIEZD0<&*
z81KN|m9xh@u;Dzdku#PL@d4TweghZ`p0-*!lcgAzo^j);<y6BvzX<AL2NLwom(#}Y
zmR%QqMX0)aDyfM;vc)5bwNLf-I)HqFT~)TR6vXk*=c{Y3J1pY18Gn}bMzhgpsmzv}
zHRnGUyW5yLuYCQEKqq_pZ)~63)}_7!f@~qRCDHJutb5Y!Ul9#1H2@a^w<~|_{wawm
zxOpRWxIVa~zv>l$AR$##1pleed&$-3jGmUULIZHCS}q*paK0Wp>Ep)=UMX7ri#@r%
z$8+R&?z0bJ{Y+q<h+MeMiz>P9Q1T%QC-DmNrdkqK20Kvd1&(4j<w)@9O`B$W=E~%A
zysAE>soPaQb+~B%)$V4zqpSUQg1^Q%&g{j8m0M4JxryE}k=ws_knhs6ufc~+wyD<J
zI=}M68l&~g!)!Q<+bm=<o9?n=YD)X3yu8Z~^W}0kN5;153S9$e$+Pvx3%}8N9>yF}
z%@r?!B^(BU(fW7{+y>V7x690-udE)4$GceiTO}gdT{Pri<0It_%b0Z6EXCp`T&CsL
zoJko1Cv@od3ZYjF-d;hze@P*L*cblE#*O+*A2RUG*1ByK-xqsMuc)*;Ovec`4soik
zz8@B5B36Q3@t!X^ZnL>QuRI?H@Yk4Vj>NpSw*uFjB5nte7=hHe^kxG>leuRioMGt$
zaNPugF>b+<5SLjkZx9S_nXZXRn@Xxds`HS$h1P<qzI$a&N<A%8Y;}?jwD&c|b=Ax6
z2rPxc9#1H}KUa3=WzhOlw^F<o@2&64?>bh;d%6m@umv@SLG4J662U`Im>@(E+(iHI
zy76KVjF_i$)+wpoh%Z3+vI9p#bIrsD+R#TJ9*}qh<apv<Z-%`3#G*{_h$H6q_pFQ!
zg2ORtBzAn7y%p(+SmmPMUI-}&=x__7UKT{=j9mN9nBUy-;;b6r{8q+VY!30C)E6Dt
z<WyZdb8>tpiuM)`yfUlLXpr#EY7k>ztBrSad-`6FzM*Da^S_zr(c<xVF2u!L*RB26
zT_u+L)mnwnRyHDZq4liSka-%R!x4PI2s2r|<E>XEIBP^t;L%+a19$a*_$Mlp_+fKr
zay*qZ-`Vm<Ze^_?`nYPucFRF|2?xLgh(#635?WplXn>%D(}nM_4H1bY$u9>#&+%)I
zm`*D_e<K!2g`Of0(=!R~L^{8MQ}va{ugf4&P9TRY%$9Rjtr^c60z!%jt8UPc^F*JN
z<SOp@uF+hgLqG~NR)9nC@Xq$*r4zmDO-ZNwgDmy@J)h5WD@DQEjW9Ob?bh3)SH7>f
zT{6_Hj)D_#o-TNSbl>6`EOk|Ek}$;bFW7i@&J-IjB)w@og9OE^32C<VV6u6$yXv*O
z^<1^rsOOIBB|Fz^HOE8W@Q~+5)L-T00nM!-my9l!a5W>;a+4;5gaiwLBw;EjpPm)J
za&tW6C}-@l-FCgfQEqD(zHL%X+WBywk09CCH6`!!g2?s;tn)2UCj(w5mZ(|~tR@P%
zCM<tj8COM~ZDZfcoZ7r_OiO7r;+;<R30^*}R@ZrPRN7hbjo*G6UvIRY>eV-1{i}_B
z83UZ&Q##yj0^Slr5dw9g!KQwXwQ=m^EkgzD^Q>I5<Jc+24^hqo@yzhpunn^lpViga
z*z)I=H9l&1Xj7ylGTw42ydBe}AK4-4lmGh3p5?A>9E{L{ZUUAE#tURy)3x&4@eg)E
z9y#J4#HzNnH(y+ks76Rh2fjNrl8*G3{%K@7vYWb(sna#yVjjH%@++=ygO7ucFnnFV
zy_1>61N3W#C&KS8CywurJiP_%c09gdwWFGY9#lHspSLK#w{Ir!j2{pxSX9ox^5sx9
zb4E|Uf-8ZIt4y!meL3FX*s|k!yM9%0ZlQy@B``jr4UbDR@|`yCP{a2KGxA2e+oP{P
zk^ZZIwHw@P@M6fg3A~J!kN<KuswUq2J7^Sbu~)G=c5aA}aqudjnMA=E)aisW&!m3X
z*6|_=E;jgpgM-PyszOdd=|_#TQvTpz(xBArwZiUiIY$(DaRwB8&h;7IQ+@pTram<&
zSOM0#Me|1&+b1}6tnPcsQy04}v+ayn4Q0xe+Hk_htLv5zCBpGSqzf0*MTmpRWF<#u
zyR27;8*DDTvca)se0|d1k8@ThnbKSZWWn^}tQkTi&L9D^4IUK1irR~KdrDE8eX>my
z^x`G5dm-kNbu&11D9uCbw?e7Lg;K?!uoMj1VooJ}1n#xbr6%;US-XM{(ud)~_aSBs
z3v0-t&bi3l4MGp0E*Um0CH;FE1%?WIg*U8mplNqH-r?}C-}K{tjY{rx=h^Tcc@Ed-
zFcx=%+Lh1vrBsdYx>Rq|+Kx1ax7}^-PZzHH6sR`qAl|rtuA_7kP(D8@aCo@^Um^qv
z6(j<PHH3e{2S5&96Mm3x(aIT6v!+a_E|H-E^e2&k4J3zVM$a<<Qn?+Ewk*`!fLV;t
ziwxG!FrRdoi3|npT6I4x7UspDnCjOhIfSt@^l+yq&2_Q!U~=40zxo^`bOkos+rYuQ
z5ZZ0o9lL#X93tBDZ!tSA--uGkrC|O}9KOQ0iTqQtbUr@B`TbL}D_BTtvenq!xeZ_x
z59}`dCcvk(v1=ZvmkA}D7k(nksD!OS(H0G@q1G|(6by45U#;}LJ9;~vbUkrm$j4X+
zIS>|CC!U8)!JZQ1lejBzo{f618>ttY`9i`lp}0B!Qy9UGQkyvI?e1&DkIj#;-e23f
z8hnl2j?DS-)Kk|E6E?OgTdmg8JbAY5@0<Iz&5RZvO(c8w&3uPb*eY&pxVy`%RT>{}
z(<zK@=f$p<T8*vp3#mJH53zR$a{O>TL7#w^3E`nUF%$Lf9f$)T(s7X8Q}(VxAoA?u
zvwKcp5vp}*&>AWom+9G+CvdSx%xb@H@~iPWkFeqCvwve=EAoIp3`QiFP^bWvK%r>Z
zA4&@rq$`V&2uGmIa<jG_x>xO&ZtBO|tQq#+9lTqTh){kCusDJS#b$$CgOquK8fJ|3
zF8y6iyP7(L>KOkI<Kk6YaYR$-$CgJJ+5%O2FV>Uo;=;RZw|nO7S6Z1d^u3b4;^*4~
zD@C>2EI~&*(K%EDp<7KPf9~6H05DPKi3CW-%O_5SIwF5i>qh{njal7<2CBO8^%OPZ
zD`4FOjxV9Q@u#mlD#pnw2CQQlOayNEG0A+9E7Vkbo~|KQ#W~xXm^C^CH1SXXp=Nt*
z^8;3kVAtYV+i=!W2xRd{c7e?DoP2B}3@d6u5%&Q4xM|c=akoh~OQ>cimq!@rn5kxy
zQLsiq>-idbVFAozkJFHPH(lAbE53iuQ|D1*dVbgJR}@SV#&h6?V>1cHCUa=9QT63M
z&)XA8=w5Q2v4bfnE<ZcnbRT+x#RZ2Pn1PL%eJELinUYwX`!XWje`iFfbA?Q<YN%0w
z-fdx<<q9O55%mHt0($n^KtCiG{xk>lXoTwu>XZX>Efm@NKyO0uc)ejq$u`69#mo)H
z_CdP#Kf42d)e6u7#dydAZXS36-;TKrY={m(HLU{9poJ%tm;>*QUgiE1DH^+X_7<QY
zV*TPVB#Db8Wl*R_yG7qij8;r&mh+T*Nx^-fd=ECQE>&2n?5IR-k==pN3As`5A@D{!
zhd;N&3dJnN)P%(avuwunyC!kpxjBB?ymA>vG0iml2szI`2d>vDd!6fs&yqROeuRtK
zKr*vv!D)?c$yG+2<flN$OOD)*Ze<cK=~xHSr4h{IV|_koZ--ZcAwsXR0UYgEVGa1v
zY@reK3ffHVA8o6!!OWPqZJD`I{?@g@CTMdhx1rl%ed^t0EnxVd%#RjvovIP)Q?oHL
zW};Tu0$Rkv`p*VtEVY7Pk}R<clMhr{Xo?I%<Ca^|M6f)UTLES0Lo00P^30F8TWkbP
z4qjy))Yz7j>8PrjV#p&}NJvOYw^CWx87D6-FD-w2-#N5qS0=h^d5VP8_{UVXptf7;
zuuy5wy8Dz~-W+l~w<b0oR+`jmYB|JAsp^_k)#_;~=o&h8QbkQwaT`HJRax3F?Wo+q
zw0XVH_ZFNwX|uE(-%x5PdOxrqV|6j>8&`BeVN?LWOkP}6k`WWL7x;<zc-M6GmJX|2
z)M}hW);X@2JQ_sPkZR_Mw<5OCrrA_f4fZgy?!MSTAl9wD%7L9k+CUxio;?-$KFQVn
zyA86&Zgk|RH?OLqaP6dwvP#|BE)l9Ydv4NZNjYx85x~$nsdO07oU)9py3n3w*Rp_x
zfM4R*_otXuJ#9r*V_B~RbV}dX)dUAhQ=<t|k@UA<ZLFOxA=K4YJglt_J+S82!ITG&
z*H&o(uqO^9W<(3;uo-D-xk-F5REI~PuBdZXSwUT6@RgjR0ysj9Cd|{Pa!y;V0huN;
z;vi$Gy})W~>Kz`LV4o7Ge<*o&p`9Jdhjhp<NsRO)J2E!$(8=iPg-frXRzo*DvO*yb
zu=b&eHai^Npw!W}tliseYzMR&ZeT&)W@*(#KLZp^1Fouk6G}Cm2Hda&bIyUn)iXEA
z=z91>PREkGw5rq>K+ijK-m=_rXx;oMaqE)2P>&0A08J-GE+5u8rZ#h2mYu(h+E=_+
ze1$?!<8L6G<<CP@?zrTKZIPr~l62_<C10~{F&QCPR!och&1Z?~a*NBlp{|R>)GX>8
zb(XBRc7|H2Sujwe)X}rNS(-Qi7wMh5rlzGb2~pLS11|-EA<(#TcKn5Mp6-jZ@~``d
zJpBDMw4|cdTOHZdP+eHiS)D3lh^DCxBy70>1JBnYq^3wcTLGY|&EVgUKzP9oPxp-y
zFj5%_ru9ys1fF22eZ^O^Z=_L_8ZhB}<ba62o+E{*U(z+IVHI`tI3nKKdKyTR*kMZ?
z2HTue^)ao8?v7lf3Gb;dSZ$y7%5b8o0<LRBRa*;&PNl1PV2F<L9`JxLl8m~xF&SwU
zP*`P2Pg}3u7s6%ptRkCoFh1ZwqL^?u#;kQ&tDifgGKQjJU8Ro*@-@O#-`Q^LanFbV
z<J~a1gU<KkGlbQQ0z#v|prSCDo|$SgH9JSuh<aj%J|jan-gu0%X^Q%HZen73vRR}Q
zebB==+s0OQq4{e=gcU;}K39!-FE!6bYA(wzD<LTj(`+h}t%{(kem+%Ce=386ij55V
z!||c?@9gaKM3&{0zlX=WNb7cX28RfLGkKnzio~%oDx)D&6I7{m(9%<M_I7sRyF=?$
zb|JSY6Lxs%mT3t(%CU4tPL{5I7E71Ds;>ds{5VLX2ZzT7Xuag>G&KScgv>-9OCN#R
zMROs0x-v+PLu+B+({y#lIVjU1M%X)nV?Ydi1UPL#D2)|dmNq*L58GO5f|9bja(oJJ
zQjE!&^vqP=1bt>sT83_NQl8n=IFQ03lVcOgE`Ksb$2kYnk#)v7(^8o!>I>aqXvN{v
z&;Y6Q%;XfM_*_gA>g;4@;t-a<k*vUKG9fQgJvgx=N0-vWBUIB(IxH^zY!e8%u_l@x
z5Qun~pAx&7_7^uo+5*KS9r?v?qaRrV)ohv`g0lFAc%69oD@LC|7}6u_{v--Ix#P6+
z@MoVrPJNWD8mRP)lw4>KXiV%qZ0OaLmdarjoiS@I7h4kU2l>k3Id<C?Ndy4oTuso}
zs;7I>btZSTIc~||OE=oo#G~cAsX=gcHe(`^FHW^~0;ttSd7z&I(}CanmFCr1JSfGM
z<#q*4t>2Ko$_{0C>JTbjb!+TIKkR{c_#)FWy|J;h8!j-SrXA1IYErGLqFq!*MTkVd
z3g)<PR7DFmqtZL1s_+lq=xV+9D93NVYsV@@)SMwTMYaKCp-by2b_X&DI1!C*nSVvk
znuC)M$H$Pz2t}$RYH2ED<pD@C0g~NVEcsZ<v8e+;rEnYb5Xymu2W*fegJhVRQU<}W
z7e9{ey3l)Ae+5VCkt2h4ag;%ijtWv@Dff+pKz*7m-!q_nb?D7NadPMt;}{EE*yPiL
zE)0YrqiMh>r{2V|n=yT`<tqY>SfVwcoPYZg!k%;)>=^pmkmm@>hA5;%7FF(N0qU`7
z{v;jwUVPxp`q5NhoN$u_piG!==X>O8w3TX1dZ7wmC_iBcx)AJvB=_$I%a7Ih-`~^E
z!uGKcG)2wT9GndU!=g`5;PKA{rHWbYts!-dGVdQ|Is>NKHY1HP=6vTZfGkz~q*76h
zqY7CO%<Z*t@?bslz16S$W21gwHGiGbt}Qe_T8rw4rQ)cZDwu=K{HFNLD>bqANXpji
zfuU}id}T_dSYhgwL~5lcEm0h+>G)JpV5wG9#6BLM;HcieuT<txQMCtH=2RXy+M-5M
zlTa?=Wx8ZX4Y2CM6iK#+C|51>psbsRxQ!%gZ(E^2$KvRdBxpNX*Czd2b?lYYmu;ZT
zGYlfpPf5v^#O*sAC_~Xit;CHxJ8JL)Jvoj3$9V@jGP@D^onD`7$=+#@;yG)^$0kcF
zfZNtmV&4+0_gsBHL^WK|s|=LA;zS8WO4R|I?2uQdlu+^42bknxz7Eqk1*+{CXQ&-;
z)8JaNRxYmg^ScerbnM$7$HB*u^se3LC>hmH-aM_U9B%a|PU>1f_Mo+MuJAHcU8hf&
ziUTj@-zpTI9r-aslVr*~i@pdMUn9%m8=cUhEr!D2IfW6}rb7r82@e+KffX0W*fC`p
za=RN^MN?!zVU}2^FD^{9$Tx&HA5y)yLYb$~b$$b$-np2yJ`4u?+^7kyDoaZ<ovoL(
zjDS$Y-x0n-Ikq_lR+ZP3uQop4FRspV;E5`aT}oAwNc`aCxEYgl=BInTiJrRb&qlIB
zhTY5M^0FuLY)0uEU}xU>3-0%*n!<e*c;(1<?l@uDS&AjK6#(Yc0d`WEj7>Erf>1Q4
zO9kt-rcrrsOFzZZ0EStP@xjQBSlf|-xL<E=PeJ>3<QTikEvmQfdz|ny77I`ZyI)Gs
znWv}aC-u@1n^04@RE%4#0G9ehiQ~h2Lfd#$f{!D7&cLWwqwQY+D<y9-H}PDJ$?shr
z|25AQeC|wjK(#5mfOP1ZLw2<aJRMkkk|@;2@r#Qr2Kj$bb9^@pCfti#Z+114MNwMI
z@LN%YJ2i&vU7B-Zu%d6O<(psxZ1Q3Mbn<GB7nYKmK6_@56siNu&#DA0mobAVRGp%9
z;l@lVN0YnNM;dT7{l50X)%mDb6j#J9mb=wA!<LzoN7g39JnTnTC&HQtnb9vMfP87d
zKdj~FQ2SFj>{B6oGPLQ=zo5GCCVCubn=wbcnX{G@%~ARj7INWvqFZC~nwl`_dEw0)
zIyB7j^oXF#Q6CaOvtOjoW<vI;U2w7(Ks`-|IIQGEs<Bj7r-C#@w%yjbN23NU5T9P_
zIMb_edJDsvGVE0Wp2{lJmI7Si%EsQ}j>H>Wb@B5yD9g@qh(t3MvVm}pADC9Tuzk%2
z+680HIMXx^SmUPRVb@SK8ri`kNl{`;`){e$vtrVryipx!*Cj<R#@T8AB#|Y}nN`j1
z_duDwSEg!o<w<r&mJEUq`N{50hG_q2zpb}_iOeevyClIq@i_CeGNmY`Z<vWSb$FlS
zgn9Q0g7uBc8@r#p#86}8r%>R~m9mX`km^z75GlG#NpLTNS)Hn`9%vX)rqM+arA&#T
z1I234^On_#HH_iVUZS9Cg_Ih;M#}t!<9CBfOR#u>Q)iKCsc??n(WgLxH~4y$DljL|
z;gQAk*XVnBRKAuyUvlAXYrHLDO#3uM!%vxY(OC}@WPRPspge5?S5Fs<Yx=*Kd&lU?
zqIF$2wr$(CDz<H>V%ttCwpFpsialeeV%v6dvUY2y?Y+)g=bnA;{c~HJ^Vh&^qmSO_
zkN$nn^Qyf~T<zH~brT5QM!&fmhYOE4J{rQCJ9&?(anqfP?3JF-)YHP=YC~^bEj$ce
z^ksM(KKwOEL8ubkgBV;5ObI{<ExoNz5gC4XqPfumXnlC+2C}bLv!q$1RW00qEY_C3
zDjK&oaN=lw@Ob9bECe<CszoLWuKT6{r2U!&OKJb~NedWn`_-n_R!XYZPGL#Qlru(o
zHutJmc7bOKrWS-<B2{{JYp81h)?BU3`u8g}MjAdBMcjtiMcmW`i$UY)1VjDdm))B?
zN@<Ru8ogNbi*<te-WvU6u|UQ)s>g`6uUZAfZ9#Cf!&%@`;kVbzt#sQ}hL;w;5HD-V
z9XitnI0NsF_frh`YWph->>b3)J7EL6|6tM!wLW|Q_&MkoPM}X!j5y#|hK|g|ar>o!
z6xxC)sGWcwi?PXZSID^vEP-n8jsI#>k!&}j|C2r&I{`lyA{k7AzqE9(uxS)b0^WYy
zCwg#=<chLWVw?Xja~_Jc)Rp#}2%t52U6$mFN4i@}rn`HV&Q}hwOgV_Vd?dq}35XHD
zd2RlA^6KNXL98D|@%2vg<Ml}HRt@AuLAtwWKZ?w0G0kUFx+8GNPP${Qhxh1N{@sS=
z<^Gq-Yg3A@W1_#}?Nd*vq<`tYJ@G!OGy@|gp~@|x1fV!Bs7QtrAn{}0nD&L1oKX3;
z@6B%xGP(0gV$+)Z>T^iJD=o3dhF#MChV-h6++Kl5&tZ-|P&a@7J?~-8Q~I-t@`%ba
zDzWiNr>JpYH18ddmE1Wit#98TQ>$`|LvFE@s6p)+nwUn--8CR{TC|TwPD$+<nTRTM
z6~f4EM~3guN8_q^J7NM`EJ#4^Z-W+x-z+nNk!XT&Q<l>y34pCG>LS<k%1tD_cHXD(
zMEHqcvadzSy-()Pln|`$6p(09R+#pln^;Qyl9O^?x?fHyH>V=CFNNx9oG0dG47OrH
z+~ez$e81Mbf1|X|nS5Tn&n*3Tj*$4s1-LZGD&F|9zifU>%fBK9kk>S&B<JlMeU#WM
zzDVZ7QCKznXi=Yg9aSn%NtEbqA>fuKutX#Dn_=MZjORN?YE`<GktPVb3y)2NyeI<i
z{V7F>7|?|HoLCJp2Zui?KL?i2z5@8bXb4T5Ot$&G-yMT-A|TD7J<3S6A_SPG$DW&p
z1$as0Xe78k)ub#bIbCTta74dHC$dvCWG1F0SLGLVPf;y;C%w8w<6T9%iYvPdS2ZVU
zhii%e_>)ytc57&o*Q<*voI+I9Bxxk#VWd+j6aG+BE0CCR0vZa7l2I_p<)x)l!=%WQ
z>BP(}EwQLeOrgo6sI{7Uza^6iq4G}4mHYBs?el4LOh|Rdp53Ml<jzzX_$XwP@+4x(
zXv)e$0DNlzo%F4*6ahKw4V5JYdAkH48rjrKKA+7O50GJ;;sgR{suHrqAy?V4sYo&%
z(0Wu#M3-bKAa%yeNHj_)(F7#B_3g|=VxMd(hlQFp!9q>V;Zsm=WEHjUp*kE&vPvVM
zIyUWzbIGut7O{~^S&txut90fh0($%RvrJLQQ6=J`lZ!xl%jH@8T<X~TAh0C>f0erD
zG^Lfz<C!D-=F+jru>BILrGf&blB2`M3xlPMnWO^Lg^41UUu1410A*Z+mdT9Riwt#U
zdlMMcQ{jWmZaPB=tt-U|$?FiL_KiuJMnPyY04Ql=s>nwQw=XzAu2`6N5|uPbS68v5
zG>J`NQAG0~$FGoSBBMGdEb@Y6I8d8#B@_^CXlRnYWH2QZNhu&js8Nbfze2JvxZNY`
z)OT@Y1J;{BM}h7^n7is^O(7>42<8D8b695Dzn)pqiLIPB>UFH1C*(;9>1gMjK)j6n
zHz4N-QR4W_ENeKFI8?L2WM0xPpQ6?jIMSv>^eQATC?Nd_S)u_5Mj(B?Km=m(8QX5>
z>uu<9?_WoVANH)*g72_mU*P(mn703hqxlc!<Uf3;EL?2=iCnS$cYUYg|0{AOXK!c!
zKXI#X_2PfhR{xL>(zAXW1v!~HzF8}l|An>sZ<AIm|2xv^A3)7NAvSFPYCL6U;`~36
zR>^X4SxiV_SMM-{t>Ne%HijC%NX(LAl0^g;Z2W<MDaEXSkex<*YPUQ$)K7_L2bfF*
z39xQ2jNGwa$-g+_E|}>K*AX}H?Dl-^g1JLw1Wnatms@2z=Dr?RWwi*b<Kos(YQlH;
zYSgtp`8WU2-wp8DcHE!|n7u5w!#WG<PRxJbLZ9$z{+?EMpe~(6r&bPg$}wkp^1iq|
zOt&%@QLl4@G44q7mT_l~8JyJ1wtOyDuT4%4_t3m8#6}Ixx^eYtSqrP<>r#zeM*is0
zf^|d{S0(DVmyQI+K?ek{nLz-*GmV23Lm&E`K_C0x)i&lW!n<_Kc1*)sz?Np^i;me!
zu>1OQ;Feb94gZQn3%K*PWs)GC&Fymb{ufAzKfFcOJ9zeceOj@9%$@ct>^uEO&f&bl
zw#~^^Q|hO@^@)Kc--~_UJ!Tv92l$Kd7fu)YtM@tieQnB#!7euR2mci9{nIt_tG8bG
zCxI{OYZ_P7OixJGOph>P=qGw^)XY|&*722#@2mIyO!4Pl2G2jvDD0W%`T+lMzsKa_
zeTALcJ-*sLSN^K6mAQ&rD*3dw_41z)NqemoxUXf;`z)?WdS}mljcY6Qk8D%;Y(|jD
zgo%bfe4XaXd=!{=M00(1g<$smK>G9}EO8W0`Sb%NQ3W0PcZ=iyQcC*2TMYjeFyr{I
zV$yHFC)5AyFU<dkYya`P|G&BZUrD<E_#gTwlI}ki^*=B3fAxs6{hvLe%&eR&|COXW
z(DrsvUG@}o@9}=n>{6FB41~vn9&}DH>@!45vPw`lCbiT!uL0sVe6zYraWiti^19Lk
zqZoYt(Tga&HbGTm&CB6>UD=$%=C}}VlwChBWwCqWVe>h9AGb8$l+zMz-Fi7FGFrUF
z{j}*zTsLA%nRCMM=ZUX-<jOm@5hq$#pZsAT40sM#VSGjXhYPZ>-;anoBEP@+XXe3i
zd(T(bccZ3mH2fQTDp0`h@fxMd5|m#yeT-A6-_h(}ks&m+XM&y{w8V4sZ9VLPu;Y`m
z>{DAKFJq#sT(>O_@`Ep>T<)b!ZST%T_z0Dv917zS4T#WJz*9;D1=!rx1V4ZB1>MDj
zG__i=Z?r}6dBnsoGPmSSmao+E|5=N124!Z-0O?+-BnVftxdgfWdL_5PP=~68wiv}7
zH0u#W6E+p(hVT#Ot-NW(5@a{+(PXS5y4sEvYtEC6irS%UYt7)3rf`@ZL|n^pAd7t9
z%0)ig0rklxW9;R<X4-lgbzORhJ)?6pVw&1{H@d}nVdhrIB@-lW+(#`y)!0Je36<N|
zD!?uF3rXJSC-0-Tp+vn#h$LEd-Uq*Bg*$@9lF%cYBfrIX3Fwp%NM?{yNOXSom3oa>
zr>vXM(q`9K)b0YIpC3hUkkAa+5+wgRS2h&nqdzCXtfbIWXx~J+I=C_!y(zHnIZHpI
zz76!Ky@q*Nt59EfV)Fd;^XDSSErJbdIG}W2@3MdKXCJM@AD3Y-(o3A%To*udFrEn&
z@{rasC2xE~&b#YFdxdzxpI6`$k^LoTOY(g}e^ov5$bhM9<>{(Q*0PDm%S{P?fz9qd
z9p>U(D;^nf3*6YbcI##Fr^r_6y~a7)#u+VETDO|#ZSgEZn`?xa%fd!`h*#V4K<_t4
z`VPc!o3QaVg5x7^*^{b;$giNMsX31zfkRK5?@kVaW(&|CI;e-y>GAr#v5Io3_e)Wj
zQj1~*;+YPSMQ;~RjP@kCPmDeOo+dKR-p&@@&fdag8m?^*r-JFMi!phh-ZfVAOWSNq
zdjio~^pTI7>hx`38fva;7VPSU%A{)0i#2Myx2I~R<!jClw~OPGYpwPq8}6TDt-f#K
zgSr>UU%z~ZdAt3kkwQSb9thGDb($5q$oaI%35X!ISHV@Mx=TXw`<;V+exo*Poiuu{
zlRCSxv}Z&3-y!N|*UdeccUU<*POw_DYsx8lk_~bhq3tcJkKp6^U4E{(8nKV>r%B_v
zh@3F^YLmHQS-v`1{FPvcmZe1*{(n%O$WfjSP$IVk$QEFTB8017tiRDIox9~-L0_BC
z@E5=cA?$<jz(|RVhY*)70W%>RAxj)o=`5mq0b$83;(C%=O;s6EBwL{3p6Ay^rG4RS
zp6;Wq?s&DOox2{pzhy33+U^m5pIK&STKi>gR86<0yTW|VmsINVb%@VZT7f^UI+wUL
zPBogOT>UY0xqOz4%$ksy4$>Ambo88G7?J_LXy5C*OqMd4?cmU|-k^wAhN*|1X5@@k
zGd&6p?CmA>C`SA(f%myE&m;k;R)nizj2K>C%LvNjvBkL~x+O8=+8)kav|c~XazgRn
zgepgoi`LPezkA{hL%w+Au*URL3>`fdap1ydY~JT2?5-9U%<-<STP-6bvHn(Z<a6pz
zwU2GTswyD8zfsfE<<&i&ITb<EI9zS@#k{7G7_$2JMFDzmwzO<%EEhQ+`Ul(fwhVc^
zV&0@MyM0yei{d`n&Zt)vY8)d~o|v+ZOx`LQy-UA`{7%ZaMM{ej)toWz6be?htUO8b
zJ=NJcCzib#(SvAtiKgfl6&dOj>-(@M?}hB#1(t>7X3s3K-p7^4FqB*=`rtM=(JZED
z8wK~)ptJBhy^hrBp+zZr&SEz+Rg-`u=H!XFpiq~XnhF<TIm>zLKgUOP<>MC&ETqC2
z+KI5aF7|CF;}@U10;TAgNl*zm+*(TWPM1iF6tu-{8--R3IScK$2|NXdstfEXNvvTN
z9w(*<F%leXSR4DrVd4i9N||CKq`@3U`F(&1G^<F`pW>Ees%v{rd^N?5l2cI8VA2wl
z<=FW6>wS82^%$Yls!Oi)xyed|UQD?PmDnO2Sh)aG7~jq?seL%M3OStl<Ga{qJZSw`
zr_98-O5Ny0(Sbx%Pmu$xF|1CkVh@^HCbD@c(t-ncuq64_Us%3VPUOEP&m^ZOZswZC
zst<1#Q8&Lazmi6saV5PWE+SWyg4IKfGV^Ukn^f-AI=vBeIm)K{2RJ&oq!(QX^oney
z*|HkX^4vVGvSIiZ;}@<_Y5?3XYix4B`Hc7aC6*lkb=4?E$IuKJQc*G}+T0M!#X3cd
zTxSBvI_?x2J0?@nww4%9)~S6$o<7(!q0o}Pbjq58J=T0t3LD*3D}T&={#J=Xu$meG
zAd_L^HZwfk0SX=a)lc85J8~*BMO@<}J>@9&tAetW1rI`hrV%=axgIWMk4n@64}qXd
zIVr{Q*8vl^8cDuz#N?47wX|qN#)48Nos26Rb!o#IU#S^r4tLVfFf}szoqRJ~`jXQx
zd0v?2zkM#exJ}>H2S|5Zaf`n-8PMpJky4W;c<IRD&8EQVUW2_A1x_4M<P-`;sx3w<
zaf!4bN%8QR@vg~b=3^g0r@ydkW_-l!f!&jzQV_=bv&7U#KBH15MMgl#=h4oHG#L?$
z)ME(~OJ|s>#Lkc8zn<SC)k<KpFoacAlHe9<fbgNhjoEMrA}$^zK-jQ~3lpw$4gK@;
z+@1@$uCC|0`u^5jYetiZ4HEu}nZE{l2p>LCWLmf?4)iTd5Mq-aK*qtt#z%l~pvOAJ
zB{)M2gE*1jhYdAx;o?GxE|}3wZ(RKy6i9{2ff8|l(O>Rw;lPE3`!pA5NH=JTkgq6+
z{~%%9*IjSq9}*iYCO$9=G<GaeUtsu?C`cQG6qpSJ{2^3ggtV_ukC~BW$YEB-1lix;
zaF7uDmL<f9ja!&o3iG!pHd|ddvxNIgc=*YbAstQ>*gI)-s;31L8iA1j4(!95NuNW+
zC0suBXU+gHEN<o;=Q(1mhh>ldpdeNRMhX+lTJ~>VtN}wJw20^ME;b&VW7r1ZS7t2e
z`ynp!R|0<KiJiw#k=fo$W?dm332+Egjetra(D&!sIMTht@EKhSN{rY+7{y13LSV)R
zi6A8iBO(;>HoDx=J{vp{|Ay^Qn@&1$n~T?TA(~-Z+`oj^h=sjW!H)R!<{I0Qx|29`
ztrxp3tEBeD>R<P_Rn3_|CD(=!u*=$eA`=!>bbhy*_%)ik=aP@B7irCi6Lx$tRgaZ;
z>h-XvRVjwPKdUliDP8qXJm5;$-`3|3&}c+zK+qp$xI=BcfXzLBa6=k%q=}}U=+5<;
z3m@>+940=kNjOdkRM5~HYSY{tsq#lrs@>LQ@~nn7al7R@k^$iKTjyF%)_oldM@|YL
za(4UC+3*<6^cH;Q-?X1xZWSANBflFUH8>J3T5!ov2BJJu@yNLo$yA<Edx?^(h#ea+
z@&p=?x3V1B0@0GsMR7nGuOO5wMJX(IhZczdM824@?_{C&zXX@@wRrN%pH&l%nEYrZ
zPbfaPcp^|9<N1^a6V%12Rk9Oz(*dPa<iT57MHxcvQbmQMwFUYaS88LCPSmpfP|9Z4
zji`du`!94nui#Wq4p}auza6s$nrv8C)G7LQ+}k+Ug{H~2THnq7cAI^&&b$)L#n=y(
z2u9!QNtW)gh7%}p+sD4uz?zkfvMQ2H-V~$GpP7t4YWk=WSfI~ZK8rZe#~pvkW@`>^
z+*!5wQ0<kW-92!hh)?_8aL#}J8NGYy(re<j^iH_-%^2aD?DB$IW{W<zFfvMwaq_fe
zs7{YbJqO!TvHerhmI^n`6gr-<|HtY_7P=8_RwrKCFtRz9|I(C)OmLVoJa4~LE_y1x
z<Jx?zY;Ymfv?F%;E}uw4i;DzEVN0D(M$zqSJxg05nGBD|K2~ji9?uB61i?zn^jII4
zxml(R^K<N8o)lj3IiJ2tujWFpRo)I~9Yz(O1x}QJ5v|tylA=uR9^G%HHgJgPX6SYH
z=bFO3VVq7k`XOYkT$y?wmPu!#KI_do{-i_eVhrwEXEQC!f=OpWFPYy1!<GaJluJXe
ziwSGqpuC;nynj5m3UnLP5L3^KE*5W(x7MvjoH15yhznzWRncm*O@1VN>f&TurSJ2z
zn&_0J{#1SDoZmT6IE)OIL_WHu%beqrU(uV3RLnk8=h`ibX$se{m^e&S`aR4m!VFQ|
zRdyVB#tY2L4fhA<o<+M<{TBi41#q!X@*3S*LMGL{E#)$uy=IPXw-g_{->@R@qva>v
zW85?<EGYf-t+PxE{VC1e!lXxrLM+C0spkW^Cp|BIj1lK~jYYMlWQIaYVtSf+j<X*#
zeQM7wmDr(AtQd^M*lr5-%`n;=vo*@2c1=<E7@v35x~q%otHhUVmb7=aa;gza+^i3j
zU2KuAL9xN%z;W|l?ye6Y%jF?^BTzM#QIBF-YZf-+WI^tL`uFOGJbhFzTdVZWJN{jE
z6h8PLT5hZ^=To<2(=0XK0raB@uv+hGFzd}4NJ^A&M^5gz5ml#<H*OOR7mTeXYKpt5
z3JfmkJ$s{W&ml68($e?xH7vDUCC(|#@s1ZSuC+<$3Ma(rBQ@>a_BkxS+04a@H^ydq
z$BL<PDz{)s^h+Y{tU_JmREvA!_uK|j^PH%qkIviAo1WQvJDbH2J<>2=26+s=<|weX
zTqfw9=o9EYI`PL{UzYx-pf>Rv0nEM}ey+2TMLz;e!7ZaV{7#&w-E=9qBxZ*3MC3ku
z3U54(bepjw8;+2B;^ZL@P*cKXWFbo>dF-7A2?tlKJm9QY$NQZztf>``_`0>SV#W|%
zW_{l1IHUUbVTZ1=W<0fcYnS+#ZMvXa_mw|>$@u%XSbmI8Xt?1pT#z<JewU;a8Gv&U
z(E*=f^^t4tUoJ|Q3WBXG!nnH}aNFHxG6AG@Bu2!i14mS+=4inYw8KhFa?DwC<MgJF
z_s)JLt`W7`qy28lD{WN8<B!Fm!7u&_Kb(`-1f%W8F5-5iqeq70Zt>gYFX5b^NkjQ?
z_8wo_3Hx;i<hw^YN8h=1^P`hRi{sv+hGK}XjxyiZNoPIj9g9*VEV|Df*x;PrK-N_T
zvUz^_!4dh^)fpd{#ILPdye%bK9(1Lk4v=qN>~S=VUW!)(^OnA^yC0})qW528R@aei
zxAweA`>03zjmFv;5HA_!nk{>qG1d+NmEPWIO2F!4Z9niDlM>Pbm?&dS-2B2|N5?+S
z77|3BJiWrn$7l5j`uuVg1~~eE_TlEyFQ4iG^DXbbKgB8?uN_djpIp>?(9(DLd&zj&
zp2+o{_6KKk=>5>pZGLTZHAnZqOWxc$<ZaJ304(Knd%U^Y5vpIc_~E8(`l0(Nv|a{z
z?Wh~)5Nhw3vrM{2S#&&DGfh%U`(K^t)|zQ;9+oAWZ7`bo=@_owdv<y@qE_5u8mHzx
zrKVa6aGYmBH!|AKH$1%2`k^1u_^J7-!{O-&jDK+xTvdH!(E#`-E|c_H*6|$u^3Z+z
z`3yf?Y4wmFj31dT`HOA|#=fm*LAv#%b|1yjCoW%{pWRE7AHGn68+e8N_I`Tr7`a2u
zx47hAf{5>~7iW)OHDw-??eh0Hm~w3nz<xf!pSv*c$1t5Y13yk;V6O*$JO?6v`apDF
z1z%A!@q*U&ERl5iLFrou3fcy0$ax$bK%At|UORzy-tVH$$xw9Ompt#jIGzkqZV#dE
zzFgHLPQ?wp=->RQ+y+Pe9E3c==)aqWm!8hLeqV2P_pXhc_8np5=Y-n28EBk-F0w%E
zV-@gN4H4`HQP2w%WZ40LUth?lTL#-_T!&M<2SWGQ_iHVZ=I|qI@y*ltIwNO$_LJsV
zhEnofKku`gI1=)yBgW-+6Y*R1pQu0<&0}ugL*FcL@)WB;ZmZTl$H;TNNG7>BG4suV
zAx`&-Q1C_E65RJiLTVSG!tl+27~}=+!T8X_j419h6RyXBJ-u!J#Kr3iC54gAa`+1-
zVjq7GF}kr#ejwXc3)|3^#gCwkYdVKn6b*f{08H%*JV!aG+MpthAD~+6ag2mF2<U^2
zKkr(ChTfN=VhW9;2B%P(-)B+e&re6<H0lR?;aa!u-+(#)vZ`#_3aM@B*Au|nsuRL7
z0DHse({B)3weBY%jLtxcT9RT$6g?wq@J>L>2;3+nuzVuHdJy^>G7~`(YHlbRXoMOj
z`z&22_BsX!renB_j@1bQIzl|NMFJix;tzY@9N2^GHw|fE7l!Z7A<Zk>b|>RHmlJbc
z%yYcr7q!3&x^`8T)UpM#rV!!2(1+i(+fr>i*J4|T-e+qYyw=(z)r#1cI$1sU-TJr=
z(=BJ4s1PXE)>RJA;nw=VkjU{U;*RUGqrA-WciT3VgDwExxn^@yd-hMa)GbG_`;?eN
zi=SR$Q#bU|G_?J$jb4h5_A=DjVF+rM_fWG)T?w>0VqZmy?Oa95Ok~^?v1VkA)(Qlz
zcEMhYdien4g-g`Jr&)fRd~5Hmj!yA`j3Kr_YDOKJRO;(?i+Y=@RFn&?fTr!jFBuF@
z85wQE$WTj1xum8xYz$Ue@1gHA%%Cs|+QeAv9B`ZLf-#IT7M#E_p7U4sk}_)pAl>-|
zep;<lvg3z~XR}`hL!iyq!JVFE7QLD&E`!<W)|S_#S!L!AH`L+KSJi}DnHyDWk}pcD
z*_CCYdij4dS45N0Meg-fQ$TGvWSU`HMEP(=*zw>*6VPJ-*8bP8dB$7bg|7P^AP$!}
zt$(*K{695y?96PO|2Y1S0tyV<e^*l{`R{5b^uqQwrvJ8Z!uEY*de-j<CeH7;C1xfz
z=6{yd{kIDzY|Q^&QOEW#iaNG`qo`wL`#%*<6#v)_5+R+x{Gw+Zf<FJ_f}!k!DZ_B9
znC$};)*Orms=e3mPuQC#Dh-@DI~8r7X3$}MWV2tp?;3|Jeg?O*t1$-!D!)`;0b%0W
zS$}(`1wNeAx|JH?d?dcb7Tr_4f?^pw5PSo=$^0n{0qB56AWRdu@q^!iwQxZOOG1H*
zr9P4hwO}V@tTC~e`#XG*PUj!=L{GF3s^N`(0nhNmlI(!OGzJMJvn2&C=Y^B^BGzaj
z?^j}jv^4Ql9LtW^i0yD`(A6~gUdfcD=SE&?zQ*r`y7eN}@#3n1twwOdhRRO+6GA7J
ze>WfgFJ*N9j}zeE77JMai;eD|>jeL1&-`EPbN}%^|9Q{+U+r_>8pQAV*}r+o|CznT
z!Oi~9d*)uS9;%D&$E%HxxlgQj(i9mJx!54k(9p6GlA<ic8S#>m!YqcyVi~3srni|!
z<|tV76cOsc^v#F_0*Wdy!b;_8RtJi8#a8ysx(YXs9_KpeU0ar8w%*mHY7OmQ+TPRq
z#8&oKU0W}g?u~%+hv(%lziR06K}j&nS+4%kEmpK&h_zQ&;!s_&NJ;aonY&K}AN&&;
z1_M_+o6m;@oSzMEM^HQ7K<3kjeJ)qAwVltbA)2JZ9JU5zXrJ4lp6tT0Ab)#m5HTu3
zz0sHu`+fAc6s^`iI^K4wOmHXmg6ne?O`^VAUccZE7exweZxA#5Fbdv1nU2CmL=y5Y
z@jnG7&XAoT_v%egF`D*hglQ4tKRifKdfW|;XwrKkkT@Z%;rR9?U`4ny#+k+e=+Y_L
zg^MTf;wrH##?33vcX%(yUvY%kiOlYa3LYE<h*+ej5|$m^z;1SC9Y$`1K9^!y>AV@B
zKx;vEVw}IdXY-7FA^ES2-FlsacHao9d=&8dUZHz~6p?Iy@Xi2B@2Neix1@C?U6^%b
z@J|qEzJRZoVD_ni)bVaV$^RwQZwW3BECqY`?WGz-VR!)gSD`Q*oBavG@RL|2<TXGZ
z_MO0dKN`iuGir9+3%ia{x*-IXG9k_zwg~5kCD#*%?<dq9leDuvfW84ys7Cy6Qe)PP
zcfdEc&|j7ztxNqzn{6AIq9;mo$d$O`cYPptO_#60e+t1T0Ynl*km5Q{vjPtG>(-Cd
z3o_@o&(rU4!_C;(d4-VL{JdS763l1H4#1wiI4&9|vt4^`xngu+P5gSK+o)Fp>~bNQ
zFouitRK4bKKFg+uvibs=z=^>!pl9hoUzNjR3>W=fYQar8?a-jptGPO9@~A`J37pa~
z;g(Ei|6`KU_S0NxC9_5Tb3ZH43)<RHg}=(xr9Xb+JDLmhAu7V)9_H<@{w0$s7`W4O
z^Eo(KPcKzFF?JNqltH#`P&6hbqdWsg)_Ms^D_~>%H?35*{{g>Ip77VQAmu(eQt*?W
zZ<;j(Z88&#f6Ovz){&bfdniLjlDlP7W+)E*mAUN%@Fhc2uUoHU8vD@{_)Tc1_?a8c
z1-H5uf^ufH%pv#WXq`vF&Bt95CZik<BQ9f>Q|bVsgTu+kod!irEmRW4+wBlhcz@X!
zC>;8I<M<sOjahok=i5Q3Q(C`D6~hvmb(HJStFZ>N!8yYtns?>mVy2aCbB(saMa5y|
z#$v9OeQAfveEG$K>nX2Zj!)^I`S}xkMZ}*FO`sjX9|6_@gbs)v5S=57BkUv1Bd#M4
zBYGn*dzX8;dz-AMteLE<tR1YctTn9f*iYEg*!GjVb1id}(h8{!xU<7%C1b)RbMAVJ
zb1&$!+$zm3xoab<a+^-WX9+s=9GEJjn)Fp`tXDJXcLq}eEX+Q;%U66ObcPGO8SkJb
zQ+JF$uKrtb{vUY?u(i<kep=72r1KvO3A2OrJ9B2sJ+HfrUtLwQTo2cqlU=wXGHLW5
zFXKHQU2&!ZFm(e2Zop$AN<GWw`)t~GNz#AZgyUjq_9nolY@6!Ewa~3*)Ucy7&+vzz
zC>gu_PsV=9$S4kxbyE7~yZpWznlA8Bq;5Pc;%Pf9qIhnfVjT^97wQkh)0oz?*LL$=
zzVp6QI2`9-DUq)HBaP@ZS<B*CxlR!kGYT*A`0)|cd3gP3?|%ezw^K0{n2UcNM0;`K
z+Y0Ib8dk-||B#{qfskXkNqhp0#7R_S6N051EpS!4gKv&c%P97@Op{4zmrXz`77@MO
znI1=;S;=X^TBU%mu|vt)9-yLb8RKLvlRJBEsXK}rb)+^~t7q)<m55l>!6o&Hy#uTO
zf~-;1=Cg8%s;*06eE2slnDxbVRAcAvjpJpvyGwvOq7!ApyivJ;Mo#7k)mhIPBvG51
z>TODnGI7gur+2~Egwt((iId}D@bB2;+K%tHW@KVZU4Yr=2~7SeoS~EZL7ivP=h|vZ
z#323kZUVVR`f9DMAbijm={#HrQeHKh;F^&-J5E<TD>rMpjpF_;Pj!`m^J;8Ta8Q<N
z&uikWtEzgAp^}D8i2o7i0>=P4CPymoDiMp9=$1B(0k#$@t>|Zv|2433T04fij#U+V
z3y!y(-S?c4IP0$uJyo_2t?m~n!Jm&g8G$pYVfLHgKb*BOHOKZmapepUMAf6}RLcj+
zHLDOUh4|Cx3kl{q5V=z;_%^#B;~xD)>D;>h`HC?NC<_sJdc3c-wM85!$j+4A!nE;z
zJlpcCF(1j{eCj;9(anB6&<ReE^iaGH#U*0o3?^`z_3}q<$VjGP9l)lLT~BHe;aLnh
zDHHEfrLGhm?!YTn(kZT;1dUR7?Opv2XG~*!14H`jL0}4=&^O8;5n4Drd)l_ad`Kid
z1-3g9z0xVRxs?6-?Z|<DqclCAv-jIv98!l7)ZDsxh3&6iP`5A!rP;nY_3n3iv_P^3
zKUVnEfq%k+FB7UvIw{zo9vx3vxuO;VZ}G0;NMFso;0T^IY#FVZ6fZO?n6yl`uG@@2
z%hcoAvg;d;?948FrndM|vtiDD1}_~xcbrTb-k^NR#2tf446pJdVp^CZJ4C4YEjoyd
zAR+!x^b*l6ufOa)_?dR<xbzm0OhOy0X}0IrJoUrh=!w5UbbrSV8$8`|W^I}@tJQT9
z+DDbmY8tBQYDe`FTKnrs{KbBV*oo+ew+}QByNl=-0C!MFJjdWYgn+BLW$syFg;C9n
zr=Q4hv^;<AC)!rFZg+I7wip-Ikx@rQGr!UzvUt0{I~J{(e~>pmmMrp%*{JdGH%o9N
zhQS3C==`{KD?8_=BAgVt_%yEeTzC_MBsfR}pP+KmoY2<K-E(a)|D!R4iLI%sYxp?E
zCl){Gljc(-`GXlKMzJUFzV9>za1f=?e%Lx0H$5^jEIm8JXWcxCZu~f89L50tlnRkG
zl{-Wl9SPvRo3sC<@{#cn{p-0qnzXgr{&XJ2n6r{)z9rZ5yx~pQtZBggKJGu<wdTIg
z|C(^uyQhGM@`16NwgK&TCM3{<zv6C`W0|Jz3N>=~kfIIQP?h|48@LfwJKy1TGWJ4y
z)E6C<$BGtj3M+k(0Ek!@Sc{eh&ZakUpZfanM`3`jWtPdv{%bF>JNyU5;M;R}8Hn#y
z^0LsH@e&=T#4-en3G;2!xoh_Snh(9P&Bz|(Cv6qtf3E3CcrKGJ?~y20miIP|-A{xd
zPyJzP`4{@dqh=_=3^lWmThfdjx5=s<5QcNHEhC!(y(~P-rO<fhl$1lUDCHntHkIbP
zvO6)mOXpc|><d9#J`=Ub5j<JqvZ5KYVz{IQhY_P@Myq&Ge#a)?IDX#LM)#tgwrJ^m
zps~NapH+~U%Jh3f_IHva9K4peQAP5HgB2v8eq!Ea!dnoHf%Pa+CA<aJ{>g`U(z8_$
zVB%IZPbk|3*Zw#qzk|uv12f((P!|WAQjpw($5RDT8%WJ<BaSLx?3NbvKrqF-&o?Gu
z7R#utMgvp%3=)i7o!+BtbVpADc<^OzN7<8;pG)26ld2w1i&C36$X7k8h+1Snpi?G6
zujHVKp^3`WxUKNCLZ2)wIuzND*yxKHJR~r79_4pKibJ-J))Zdh3{49)xc{<tiZYsx
z9eASW!TPFZ8rt3(Mr1Jlq@dyu3;$z>{mZU@T6g9Ctfy^5xap~0V;=u3oh2;z(sQRH
z_HC|zfDzyGvFk~mz!Tc+6c+Z@Iv$_?Hfxrl+DBuG*p?5owrMk8+w%G#$i18Kl|s|y
zhT0@o&|ZZAOd;WlCrN2{lEI7mBRMC+|1y<c$F9pY>e?VQt)Oe#1aCrm=U|)LiIexO
zfyl=nRt4sqDjj9VqJJv{F|@VeAvY_(nc;%bSrd(iH<*&^E$LL`h1+XF)<Gg>)Fr7s
zU&*eF1=kgxuEJ?FreRf>d2<UBme)~8d!g}ScUNWfK$rnS<^tA*A+*VvS~OJo$f=^g
zdD(R?l$E;A>mqYYD0^JtEv?+!9c&3P<f>#S^PaINeZ1l_O5jnhFKg<w1<_b8YQ1d5
zV2~(DWs<<H3{eM$^4W1Cg#41r)Ip6qX0)t!u3E9G>5WfxZN^RN1Jki=JOkofHO777
zttw4YiG6^&O%{KO3x0=igr&RJ<q8vx6(5|3@lZnv04-m1m32Zekz#wF8qvl{e1$_S
zv%de7F5cWuc63U7WOcB#ju$+oUBE)ecG5{B+0GId%%*Wf{3#Y1b@JG76+GVk1%fc2
zN;pk8oj27YFxpbJ48J<as$%oDmHyJd=8w+sb)s<dhtSi*BHMIHu=91*9}~`U<&T2k
zeX+fAPNH86u!|LNPR--Avkte4-Hwsjr4c_{<K9nULJfj3fI+#IQL37j+zf=Cg6e7E
z<&9&CfW}@ZSyMCxs<Gp5VdY_=!e}hV-@gsOi|Kig{L^+q;x=OlHOWRZ5bduBPfu}9
zdvZ)u%OQD|pzWav`<xTNu;<_A5|XaEp6H-iPL~_<fTwAi2J=Ys6k{8I3J<Fi7lLRw
zHe0P`Dtn8}>7FmQv7u+mWp-sI;UN5`TZ<jFLXaJb_$r<cDLOVdmqB8LIp!kqi^C&r
zMwX+Bi92)CN|v~082KJWOSXcPu>%^<n2jT{OrmD-=tC*e6ObXhzN-~gF7;=RolxON
zIv!fVO0G)2N}kH@0EX`-WCkk6GKR8dGA$)nF6=4#lmcn)v&lh$8msmT=jsOcl3xNn
zyf0$o33HXl?)^pA9J+2UicxqCQ~m;O`;go^DS|Ik_~n?ftoo9!ioZh$iD!@Y5re0x
z6VUaprsrwIAEelE)Tps4fxi{eJZj9hR(u>zf;S0=7B4PJ2Ji2UkBx5FN~w$^rpbMa
z3N+`*tShMApBESYFCV$(&KA>SV29%qjz(QbGQrEW<{+{s;o*^`(0l!UJJ$VJ^%|7N
zuE@vDA<Qq|aCyd$KU0&H3oOOv_*aLl?#rdzYx4+pm^}5p_2XV7M@U^g9VyzS6Z)2+
z^55Q=oFf}Ch&&H}{=D{{%p%xx^tRd0OO~!*x_2;V%a*D*&ElZTW;x=F;qtaVRrfb@
zjm2%EYQGs~lP$+x$Y0Mof$h^OWHyRV=G;y??)7RIy2m#TPHrD7Ul%_z{cL+`47RRL
zkKQ&ua{aFC7VRGFChaclHtas^{93(REn1)QPxD{%5Az@MFY`Z%{AYY;oM*gcU1fb`
zoxdfX?y~;Tf`<Z!+=qJg2`|s|j~!!LT~d!2y#DhTAKm!DfRf|1o|{EMKaVvX-j*`A
z7{uXse8jGo5C^qqm1#yjS-{eTHO@PH?C->2cR}BY1B^{V9E7S4yW-}u(^>v$|3=04
zPa0G~oa-3e_x9&D8jF6X1xbc_>wTWKiwt<R674K32~5gj$ye?ea_>;zB;VSPB79?j
zY(}U)qHs1~cu{a@xp~;Q`fPVXp1QYfyF(KWBU})t;DdjXw;!Sg*he_3^Ji2KThh2I
zDg+{#v*bxQoWx5l_wJpp3^Lg*x*h-IS;yIt**qe(oN|&-O;!e8GPTs*PpQoCLn(4V
zEepmXS`0eB&Y+!X6>Ec%Qi*_BLyBgxDS1XT8D3^m4T6FzVLZEdaki-Qr%MY8&itIO
zH(=5IMr9r27|iaD_hP0zA6i|!QA(GAH`7`*9ShxJ@Yw4ZT3z;4zsDoj6a}h}HZA(7
zU<EaF7A#U||140KMu}l;5^ZIvbM0>U_FB9RT{Ux^qE+qH%22D=BkuiX0FiZL0%Yf+
z!RkwTWmz>Y$NNa>T{g2_iYp}-XGNuFCzaCe{1xE<{T6%^>_s>@^^G1zIagINcj4B!
zIBkin`WU|3CiWT^u49O&r$(+-3UfK;3~eRI^dSgD3R?JRDnT{=b5shgU$-kdehh?-
z?s)6HbypZlREwB&zJDCNx?X>z?cNK2A6JBUfz-D^J}zEtZ_Y|HR;|L+3Uj0$_5lZ5
z+&mb@xsaloBr;*>AL4DCX65&>X~W3`ofu4mG@hd;jrgc<cK=2DsWpRkMv~U0D4|AU
z{ML-4OTvKCdd7W}<2c1BLpdw_7K?UD<FN8PQ@3lDBQK*?C;thjs|0AC$hx=kAqJv{
ze$?gEZmD(U_NQ~T@w%}IJZK76Vh=S`KkGGAe^|KbQC`5>8%;@orD^9hvmp2AlFvO0
zq{a>{Xw_%o);8&H!AR~8?is@NF5ktiGNsBo^^<-&^)^imM%9Kgphob*%n$v$GIq<k
z`a+2IAPes7Qc;cx>rVNq<*{}?-}=<NGz(@7%%5G{^R2v+Ip0GE%Tz`iu7CIQ?1(fb
z+#$oKmf06R)sAR?&Kk&;zg7tg&cT-6^xPbZKzAycWggSti;!-NjnYPL89(atA>XhI
z56ZUfW*rSg0h)y_>8r5ZmzVHw&sShhL#u1+CY_BmtDuMB#RB8pVE88A(=qHN=(qMY
z?%4|d`LveEKY@ndz(|Dq6q?*CdqXXr6G3X?H(!MXO+t-ou@V-%+NcftqHwXk<0s#J
z;L*t<NG3H>q@U&9ct!$CHd}A@XvWK@ZM{`J&LB!-eG)NnYC?sw^y0II<3Xm74rw9s
z=k2iS!>35N-`mt{B!>LPT=sfBt?$7I+rh?L^;P<0#3#L&+geoSbvfado#qYZzVaO7
zr~j+l_}A#WXQ0nnK|_EGoU-}XA<z*TFZfY(k1&(-Cyi2Xcc53h#;ospR+(@+`nLm<
zYLr2QvreL>oAL{Ib?_4gyq&+!4`>s2`$^7`&SI9rL&K1L;)04Q`0>Z5M8H-c&k4?o
zHv)a%mPl5zMvZ<d;g76q3}ev!A3Y|g85*XX0D_^1XQ=Lp*akue+O`2FGW!HU@}9D?
zFbmz4vi0iD-&PtMg}J4E(xho^j6yO<sh_`%!G>s&jAb%%h}d6P!E_xPST=K0(gM94
z|FES3uLrOVkA@h}rH9_Mu^j?^5?j(i(!@!bkoWS@$FLh-UrCwdoYEfSTUJTPEDp^5
zjc7WBwzLthdd1Ekt)sc+#C>p{!(wTqV2Cl3EN?f!G1;H>k-}+Yn(B21@>jwcN3P9C
z9+uvpwJNTMP_rH{uAkyFSfh-2D4Tu|v$PRyuR$!Tho<)Q)uYRm7v+2^e%{SR*=+T2
zB;U$8)DTkvsFI-I(ClS}d5^uU_WkJ25h8zilw?W7iU}ECd`S452}ABKWn}B*PTUuX
zgd)U0+#}rxo+S{#!-WwGXJx`q5N&c-vti<Mo-%MY5+O^79uD&~@H}8~OuD4c1YXC*
zg%DTn)i<C)udOMA8hAaH^km^kJdV5{M#&;Q7)VeB1t+yZo^2qx83IU#T*bl-x1=WD
z`G+GNSUubu88Qw=r8icnFupDjHop>Tun2}bp=s``L@IKzph?4B*Kf9KE}XVV8dGH!
z@qit7OOk*zaZm~mluNcnU&#erJHUZKu&3OVV-e!W-#O0k;6=EW3T+=>o9EAg%A$^{
z8i>w$l$BC)pg}r-#Gitm=NFASprD->(A*>gH82rMQ<(72BF%upKSsleg{c&v?UZuz
zK=Ck8V4VPWlP+bg!tgvLE6SrJc#vQaoJ1<J?NC8sTo6c!Q6V-WBnPH=K}ht6BvsF<
z8rYD5Pr!+h3xf#|SA56*k^$#Ns0<^Dl`SlE1G*cq*~XwIe`y9Oi1#7@;e)G_-yFqL
zOaQNPDY-~1<C8ZvGjiPDfDXcSkwzL3VHH3QFbiPQ?j@0Kd?e(eX(7AvK`}^yokqfk
z7mCK3Hf!UDR4cmMunChRbw#kmy9VuO!c4@YX+)~+&Jz$_-T=Chpce5HnjmZflETda
z*tifqlGh^jqWhV~cjYd8bGRVF2P7(u?%~3gLH<-2v5(@Bg`p5C+g?mSMFkG&(hL=`
zgBn!8J~41%D9MUkiP3fhB{nt$vLkPa`$#u4iiku~iKyRDlQVTB0VW1I22OUMAp**Y
zZdjUSbnou9VP@QvlPeN6GVvF9P=Df&M5?5}6sRP~*MB0YdY3dwviJE{H1CmCGvGHx
zgqKAYA(kvtjZ1hzW<~2_1Mnk|3hRHS){nNJiNX{98X+DO-Uvo+ARa?ZKf)?uOx}GH
zmg>dA&aK8I;=I@~@-yY4V?NKw(ct?Xl4rg`wr>z&W5r`!h9oG-0yQWD!9;M14P^__
zM}!e>vhsfO#JfbN9N!c$G-}9bRKeWK+0+8|61x<(J=uH#++7}QZ*9LZqe@tI#NUk1
z^pt$V$qA0Dvkd7O@Uzwy+U=$q-p5u3v!|rIxH}rrrKK5?hv#|8t=rO8$5{nvDO3A2
zb9tGwx$01(uRV2%XluQxg&ImSxca^<q=I_pM|?GW(=vO1lbf1~vr1iMwEa(*7Nl(W
zfTmRYN?SyZ#cKN++oQFm*4Ab>Fdzy3d|OK^%b$=mfz80*S-^|UEw0U+)pl^HeFa2x
zsW*L(tKWM-tB>qvAp`12?K!1H2fgIm+n~6kJF&y7hvt52Ds`lP3Ci?j3?tptTbpXg
zd9=5b4RCF&Y<D!kg_2j*CV>;a<A7`0TP$s{4GjLYxVh$=WI_Qa4Q8lAa@X<9pnN|w
z!yfM{h^w3_ke7`W;sQ7|*)ajztn5m)we1O1l@1~-P#Q5Xge9CJ3Xu@~du3s^(v6Og
zZV=_)Rf35ICubFj{ODR+`%@x1wx(8)KZCgrL8EO1_fpZzBsVfPqDumo_&{RvG9XKk
zR$0JCkVbnZb=!J@w)_bmzn)vr){VW2%2g-w%oePN$bc9+y|6$ubPGkUEh6Z&JqO`9
z@pX&H(xgt(iV&~u%EXOd;p4=KU@4?%0-qxiOdHrUixLpb9H=N3yG(x~Mf8=^q3w^)
z5aG#~uVmvZW&~j=i0+IoiL!wMLJ(tmtw_AWRezx>muJ!f7qFy#iIQQ5OQYk*z?F;x
zbNo2PJ|N?PyI6`R<54qEsNhKwQF%B2#RnH8qM|-kDcEdK`4<O2LS2+t!j?AfX^6H+
zl)E)l)ODt7L<xsn5zSWImnzglHQGxNy3_Y3GhYf5$yehqiAo@f(8TL3A!IaRkuo^-
ztQn@>w1F}V`2K;yN4gra9I<WuK-R)*YzRsAif|=C!@mLIK))dkMFPxNL-&njukQlP
zumtvi=HWdGfkp;iux8+AyV^Z?s8Xm-!R1XHNZupg-oHQwAv#h+7O@USAW>9*n>EVI
z=jq%-r+c4RDv?r4d5elr$JgSh^`fS3O8|G{Z5v<92TUM)ar|gjLEs{BC^3R)iEd$0
ze``w_C8!q)(PjZzADU4QAm?}!G=Vl&d0?lGT7~WVNij|M#KZpclF%RO;R{NkyQQVn
zELK{3|HLn1)g!{n6==ygG0zu=QM7^MmwkkB)}sirJK;u@q?2ulYFK%AD0QxW2QEMv
zm7dN^1^a+joExv?XfLrg3e7lxom`7cx=T2@SYplv!s3?`^V*0A(4q)G8H3TZA<+!U
z)o)5MLw;({I*YJ0kFtZ&6((OwY6E@;3NirYt0AJt0n$+7Z(i(=`~IJbw|l#Ear0=B
zO{kwLNU*>2P=C$y5Ysw7M+2uIj~%gb8qxgt^{UNzUUF;~HcY8Pm1JBF$%R{>DVk$b
zEHEQsB0z3w9#J!yOcgB1JWeZSC-I$CX|5R_9bU%I+L9Z)MV8I*2F5+s;G{m&IiNCO
z%oovCn5b@{^EF>Q^;3SIBlqEW0k1YI^(XD($jp`)F)Dl)n+1XlinzHV+`NKtVRW~|
z@mF|EfM_}0gsdPza)arxFn_XJx)WXsS9QrOcCvgZkV&+8m?iGSgxEaJvj+th#B(wl
zJV2{1Lo;LP?*tyx9iD<2f>i41)Zs;RZR9EvtLL%GId&m?SelKX=+^wp-c`LA3|ZWK
z2YMnIO<r-i0<Vlq;?%96Xd$Dt33t*g)D<=LStKn<sc7jAHb>rxYsRZsS;Q+2FdeZM
z1F2HFlk_<|p9pRiaIEA!Wi`3^{tVIs!K^zg+u<qYO9sp2gyW7D0mg5R4h+b=DS(Za
z^MeyT!8q9;#5w0#1;8mZHK-VszewY?xq713^u*xgIt@y~t)6Krc#Cp*|9$5Xj_Yhv
ziuWZnNM3nIF7_tHu>4&%&%E5807vjLGBp89Dpu&mF*_T^kF~Pg@ZyNr0aEpPq{*s;
z^T>=xOwZ5zh?ByM+|sL}L6Z=#1<JQ5s*PqRt`+<O#YT1?`s!O&HqQC5ub&eX#h+<u
zWB^e;ir<ou%;^_DQ05|6u=W-TA-A0yO_}Q%5L7m%E(AaAO{)}AD|CJ(B&%Y2H)dLi
z0!x>oH}^)*ScYmLZNPn)@@`lMu@k(uyZv1OYV^{qE_Ev}<~7|CDZDYqLXEEe$v;H?
zt-MwU`i`}QvdjG*5%}I#AO<In03PZXAj7l#_zScrZB5%SccCCs%2Pu#{t18wJIO|w
zWG%QnxaE1ga|mX_JW-W`O3tJjYH|9G4gJI_uzz8b4s2T%l|a8g_97Z~tLckPJXduw
z4@o-o6wh{9#?<Jkmq#nGF65#GeTvq8OX%1P(A#f1;IY7;&<TY+--m2L>T#Z7lo_Ck
z^TD*l$;oaP=I=sIaXM(6mT0sxqD$+OWjfGah+enii`Rb~*oTFe-a;CYOWLZyKC^nT
zb~k1kYi2zZKB#tUSA?re8=-HIYLmU%ObNG4*Gc0qV%FpCbml5o6yuz<m5^cEG*&y)
zUyUki${oNe%CV~)Bg~ipZD%#m{ubm=(mEsC_{AmGgX#O*GtBL*EPAlvEWk?Wwp_d7
z&x&#cvhZ_Ws&JD~^}QCSh{gPpeL|H^TC*$dLqnYPfjLeTFpQdv?MA|)FlfwHGs@AK
zg@@*F>>2r&&7>2DPEQ8cSnmgayU1Wl0smUi!$MvrIRbCP>a$I!@g<Cq-dVv@jw*-!
zbj>>JpOKRq7xOPI4$|eRbFe|W&dh#<$-pdq^t(pQ#*!;OR_``zwVDZft@D%8KU=a-
z#D{h_c5IDr@bdzC=io^zHKJ97^)?m_DVOrgE;k%pqQvH#Pl?GjR4WlK#taPgJ#e#j
zfr>KvB3XIr1&5nRdrg~Bsx5Pl(x<W!KBOpgT0JIH)m+R+>JM5RqocQ4uL_FZBgMRG
z$yVw2Ne3vKU}NjkC9cA3M1FtR*+x$1Hzn%S3fq0DX8R7Yv%|@wqPCKeGf%%_u9j)a
zx*@k)gKn`(atydH`uFNM{uI7f*%Q~_f5}`5x8_^FcT(X#8FUbB=T-IDLp{5)e<l$0
z91hgx4%cQ63%(=eZH4zRZl{6!T%KE9uDkiTv43tF`<U~7Qo;++Z>NF1>jC%t>@8h*
z2B-D&6ZmYw@n4%3c%p~={s_EO1@me}<hgEJ5G*@R(+wyLoLO=T)Wi9!1jiAwI*#~0
zr$ZCsTIA7;NDwmY$HF|1ayqq<%D>0p`8=N$ukXx1pHWjjJt*@5*GA4i11Ry<lR*6X
z0|}RRMB;J|5ul&zB{-epa)#q#8sh|%2l+dY1y3yqfo<Z@cES-e+rnXQ1{n4Ek9x)k
z*mgj*eR`)a-FJO)-kW`&D|y~i_}&k~``6RJ-;v@ysG@tCGzNSDK~GlK`hssmkgn^P
z^v^%={S4zWy?eu-%5Ll^H(kHn?9u|R!cm{>M+|1Ry<u<onc7Ff-8XFy-C&+C=^-xd
zSP2N{9rr*8=69F{y)lK>$+s`^+#T1z-#szA?_%fIb3nRDyAuBFv2~kd%h}WJ&fz+)
zPTSG;>!j@{aWV4*NNls;63cTtD)&P7W+Po=fNru(4VxV3>h{(<@zHG)10&+xe8<Dq
z4*P;^Rt;x;*wo@mwCvRdd>}r;ZC}oFHR0Q%T-$PVDw%9^z&txstS_GIcVO(uQ+9t#
zgnv5J4fKIO?I1wfxo^ALa@gtp56a##N|J3|7w)d=vTfV8ZQHhOciDDTmu=g&ZQItZ
zz3x5tJL}u)jC0SA$c%`LnIm(|caHHyybs{4=P+8BF{}es%CMTsskYS{_Zp<wt*w4)
zpP8gX0cqaBw*xmWJzq;zd(Szq=l4aHEokmJx2s2D0I*l~1Oq;(Q~&AvIYaoMuGvJM
zT(%aha<Hr3l~uM8^|4gK+J*f#w33D)(VRBtO4P1w-OmCLiXm|whGE}=#P%F?ig_8N
zso9}9p>(u;VD9-r59spY+zu&C!?10%ckV>)nVDUoo;Id*(I+9Hv_7k;Sz>RW_*Pvd
zIP~(XT`(HOf@yu1Uz4utcbRI?*oJv!J1h-3gI)OJ4n3=aaj%hgqhcV+q>4R6X0u?h
z#JlAU0D?+842^FC5OI6=)TGKTKChf3`V>Q3iyP501WlDMm+y2POq(0gk+Q)P>lg*y
zm5EmMnR>{_6iOPhUEsp<$so|0T_+NUC+k$OgC2)Ux3dPA2~Ib2%8Gb(qJqOBzvak)
zv25*1q{Fu5q_ZVJtYmmKT)hEe_0LC0AXS_GS36~p-V^SAb*RNxwaA}kKNY>u%Q93;
zXdOo9RP_e!c`2H7r6bvR#&$8I8VsB>1|t0W*ihfp&>{>0#_1R)@wtq(4SS!shZ8=#
zUIISz&{96_a=*a16@9?|f&cXvb?RRnKsH8ZhX2b4Wcq*gP!RkZAJE9&%=m9)K*s;<
zqQJ`VugF@~Zz3Qo69X<C9V63!$p&Qj4!iwVO0JQ$<F}^=!?)aAK+jgx$jrpl@vnjZ
z1sm|+Y!sOO-9~|dk^UcuV*goAtra(B9Y6~!^yC?se1Z>vfF1ce1|FUe*{j%$$9GvE
zOfkY}*uSgFB&bmy<&VMJ<ni!cwYhZU$<g&f<S9Viv3nkt<lY7utV;6(aZJs0N7@q7
z$HMd~?tMeDQJS8qBnz?-Z0AdznRECu=DllRFs`Q^x~7e_{+*oG`>TD^BLpyQU5I}z
zB0BrlQAxwp#Sc6sD~yZiH@B77xUTLueZKzsr1D&0sCX-+=EZef(%fQ1A+6+}s2^99
zlP&wJB~yzp#rHF$;w}Y8DXcQFF8wQDY<fw<WG4Fi5pK~L2qg7i!)~W7CfxWqDGvJt
z4w0I4*|9R?V7I9o`1@&3HC+)Y6o!ve(`vOo5pE-&V2`oq*?G~1Uyzvxr!sDjQ)E-0
zU`ES4LM9`hWNhW1Xj-@K>8=~k*xrMr^BZhD{O*j592x31+fQ06Gx|tgTMAF5V*gZm
z|3im@|GL!vk#_hmuZ{ndg3Cfr|4l+=`6i)$$0aj=vkIB$nQ@s|>2O)U1^3Lf-{;uA
z$%$-ixXjGVe_i;meU|Ta@cj<X!18_mJIa}XkrkJf`FkugJ?>xUzOP|qru*K$znG4m
z0hg8G`+(t}a&`Y&QGas-_^USm#%yHzcQ*j0|JDtFfsXNSvAP$^Z#Eh#SYOy(vjtk%
z6>9~z*h6g_i?L^%84bDejcQ^UgLc@JnTksU@EtWamQ9ZxmkpUra0mjsbezS%8GB$6
z(#T<PQ8Rwypmrhk5E9FQ6~ck_6MFBVJVN;E5SzYa?4^rHeEzcBa^T*Ydg;7sIchy=
zq+}Paipz!%OjCnl5Pp7-3c;c&XL%VdN$1<{@*gW-kZ6FJvi^!3X7L{*S7KQ_{Cut;
z2?4Ot{~$3Mqueyt4uuCQ!p)`$5Z&m&@_%O=HW_U=j7&f8__5!Fhf~51q);^G+k>MI
zx-gFM5dS$8!z;^s*r--_$ra~?b$eCgS$N5qrq}8oeSFMw;J(pt3K;O^8hosZdJ9V}
zOzx#9NSVL?<+J(6W?JP0OMHfEbdHuwgni%yTnj(4(9}Qop29u)leeqzY9{$4{W~ZU
zx<ks}n-}br(<`<^sOW>E2PJ?fck0(0(22iv{y-6ZP>R+R#H=<ZY!2VvOZ%?&$Q=w2
z2OT3Ug5;48@({2=Z&6X5u>6>aL2s1`aI>gkM6u|;0sbF}xnkrEM((in5s^P8?<BW&
z+_^$Rw$re4XKoEKQ++zJKCTA^DWE4BGPO&vnO%*w@NmCav|bm{guXM{30`l!z4cg$
zv1eZ>=!b2#gCM>X$RfkL=j#0Fh1bl}HT`8oa%VjAEAlNx;(oSqtUL(4=3cuh9^n+*
zN1b@8Izm;VX6VcpPL!>04=hAMlsr{OL`=6&&@>iFRZOg<fftD#;s2DHCjpDC&i|2)
zjdb#o>1WE=>#}MJ7$HAwyfQ{rI`8fjdF9%}WS#F2TdeDr7wIpruCaHasKHRcHzX)c
zH$!66XScsW0}-?R3<y+zke{kjg;_3`mNhLW_(oA{RVP%jLF77!8ofR!uKLABq^hs)
zU$AwN2T&qMPJ>}Tj=oA>yF`qilEUmaNm4t=Y?nqUX~{523#JWQR3YMGkU0;edJiNZ
zd8v-`Nc<AkW0WDO#aKUJ>gw4>G5u!eNrCu2_T0DyBC6pn213-af#iO;wYMgDYw$7i
zS(N)RLx$7k5!B(<gsJ(tKcwKtK`8TE?XmMJ?2F(uXQ*auCXC~mZia&rfMfR<>%H-H
z88<SbmL%Klb=~1;Xg4~89qkglCiz?<*?Og+<)wwu!$)tkW=lPz>C6G*G(nBy<Kor!
z;nl=r=u1cjQx0bHLjQ{fnmeQvJ;S58;x3kCW9d@5u7)cSWQrpD>WcB;4PgSnB}%-|
zeeUe#n(uLjOzbVy<@I4&#^s}$<<XP=G^n4mjQUXv=B>wPtMBJ_wi~Nx$9Xa~wBHvM
zquMqeYK9SxYl<A}b!f2HJi_@+b#`x$2p8rL>>Jw{?4k6W0D*0lDden!o7h+g&ZXKH
z&w_3C$VlP2QYP0?YDg!V3Bo!t?uL}{o4^60EJpbjqRkpKtb@7=^MTqI{}ywmHingb
zLwoSBy&9B9D*Lhc_>ukj&I$d7TJ0K5ZUg1AsCw}UlEe{t=EPKqTj-sV=o_~>waOHz
zVit7e2IEy{mkv!i;1m%Tq^TRnm2!0<?mfoyNb6{>=&(vPPOBuzHoJ=14zrf1NvyS5
zw>zUh#w!iJOBqSwHMP*|#p~U=6&j6`72+l9^DSDjz)Kp+d1`jNP3O4>%-~TFjob4q
z>rrVIiR8x_7Dxr+MA$f7MGkY+N=Ehc&rC*gPRvwoh8M)#y)^95j?ejfi&#quc*ti-
znQO%r><i^e=1Nj7*~=oyv4D;*$D*E~+K(v5lu-dDH~B+mzqTNF+00`j-LlA49Y%71
zt+vhMgqX%LZHO@_1m>kA7zM;ecXwSsQRt3*k$sbBNk)9FrFR1Cgl`U9h1C^>ASHw}
zaO0Kz(y!Cxuu1Hs+^~npglRC*2}H)G6I$ips#(LyM_a@8`Lp=)$vY>t%Ms0`utRF|
zn;|F29{&t}Yz`?VOFonJwUxLt<Q)R*E6q?LG^~WktDwKZvELqlxpIOe45p1w=jPs$
zyxHtQJM#ST*lZJ7`a@PBNnYX#MT=x=Q|gYDA%K|&C6-Ivac)O%fnph~1GwhD-czfC
z)%nx2PasL(ib!o+;(A&!4$6$B*Xg-t-n*o@IWC@~wD{KS53tBUVtc>S{Nd)2RAo}P
z<6}k{d(Bya|LI<-LR{=al46xJ#p!VsRtVnJec@<ZKD(0-iij^Yf8Wjfc4m>~nK|QA
zsp>BRul*P+D2@d`XXOJjmm08*K1S$0Y7ejD=L7O!)~rHl>R`2J4x3;PB5<6?;2SOH
zD+zzE%-LPh!Dan(V{Z%fPXu_c=XjJ!fc7*W$S+mph;~pI_z#r2dVAr2!W93ZZlPmg
z`AhBam%4@N|5e>0^uN)pjIEKif}54TjpcucTK<M(>Aukb6$2gpH<n<f$7Q2u{;yyx
zGuyZJ;s1lNbbo`f-{bxn#r}l?{*DX&LDND{_urw|7(SVAO-ta_dl=g#HgkPOI<fHt
zG1oDA8INyoecZC2<VnugCYiDnC-1H6RRGJe#nZCf@M~b+8C@UhFax!nQ84W`qUZv!
zr|pZZkxQMFIK-Nb#9&Jv9dqPt)h<;k3oF+%>$chnhsQoILdIrQ$FaB634%#JWTLso
zHR~vs3^Ugnno|ySCJM*?1^%$kwv_~E;qhx*SU7gFAy#bxn394L6=Rb|S<E}n6>iXs
zmuiwBm6!sWLhaCr^o7Ak{m&+PiFkUCl4>4oP@gW6fqDfaub<xGR&M_^@&7{^%RkNZ
zKf=gw;nDv=kqpdCxD4NT?B7)@f7RFDvE9FB?C*2<@2VB%|6aAiNXy9jpKnbLJiJsj
zmQs&eo;p+jz<v|{LWSG`06tgu1*`#M#2Lm7Fz>_%1B}X46-6P$@DhaA-L>0gt|>`x
zW}JYGx7#R>7c)COska_<N?~<cAIz+u%Qqu-Ub9?vYK<SSZ_DEJa*pGyEAi^MVtWz?
zJ!f@eudDMZN8Iq>-n{dE-;8#E7K^(9OWlw0`X!pqa~{rAUXlcgM}yF-_7N{ua@ceP
zqyI+r&c%a{0nv5)xn2e8M<9APz5IM%>@rrh2#a4%-0w<A`UXJ3^St!%dp~pF1&R;z
zIpbE1>ybv!M~OCL{bQ>?9stjn++e|V{;G^})oRci<RaLs&46d$8)6woUnlIj*Zu)2
z^GW~f?zbYV!Hl3i1xo>}{od5ECnfceH=Dx?PR*Cc{Eimp-n9e|+w%MjH;jMroQV-e
z1Y1iXC&SCvMW2$L(z7})PtO+JJ5>zYr?-6?$1qp0!QDQ5RJ*ix?@^2_pYaIXIUZ7_
z1+Gm@(aI{<zPC4w+V;ji8NIkRoOa)g$}pri&Oj`wo9}yC1};qO(6F*6kBE0j2BJPb
zXM8K~=3e>;$nYMj55-DfbZ$c5KJC*FHW_#TxG4wV{7<MZWVcLQ##-V2yIliC8P9AK
z9~oiWpcwj__Q}GkU2T)aafc}fDNmZy!-K~@=4O#%_`+=$!=x%-EJG4EB~BUR2PH#g
zmQg7Pj%62^J?=7%>6K?PJrEa36N0V)pS~mPTLEJNJQCNYWs1k#$UIT6-&`gQM--fX
zFf*$nu7PLp%sm&ZjUvawZQ1>a4b|8+xX){$U0l0(58=f)1WvnnDFUC6K>gdwx5bm=
z(YH7;q>eGh`#Qv(5|0ifvM9M*67av5hs82Ue@wx(8FEjmv;hpQU82T$Giu72=qx6V
zyPvS0@MLjNQE9f!@(`9I21kb%4CSz&HOp!}q(`T{OJ#aFe8o7vFHJ&6mN|%kM7af3
zi+Qj{>`g|o`*%W;JMhbTf>Q)$CDb2)+Q4t5YbGrZLFDh8w}i96-?fAvQCE&NDXNxI
zP$Kd9X^MA`N?egTxX*QcR5e>e9Uj865lTWR2#S!emgo8ohSC<K&pU9EA%fo@N}yn9
z#LRf0gsU$a-2tt;OQ&?+Q`vs)_{;v>Qkf*B;U42+o5EYiWbqfr8YBgpomTEn_xoWo
zI6E(n&v{Ff@^a{4lRkyp6%>9pP28dOj`E68xu5nY%;SBQD!CaraFAZcdLR%5?#(hz
z!ry8FcqYYQ9Ld2xLJfb&!5xmR@z8T5#wiAK_67v1&R_Retf9$?6T3pCp8(B)s4&7P
zhs$MoL&1RhynYRR4+_Rso2fU8f@csql59?uY2|R$b{cJ^NQ+L!VXsj#zLDlL*g=;=
z9fT7^Z<GX7U0rpo%@>xG@wg~{dx)K7j{509`8j2|P4`*<Ii-R%^gddR9&BA*ow}1d
z0W8F`6i6-1NhEMC0_Cgax81^6n0lwBRSlxt$ENqyZcAMf^0%~A;6}$**rQZ^(LpJZ
zolEh6<-}$$4ILu<cb=2NhRjEFnihl&Ww|vE&s?f1)SUAh2aT4u!t%}G<y&bPY9WEj
zryMHMBYq*1p@s$#o2of#Ia+1f2$h#Ai-IezN+lJ+3U1;eDz6UZ$wULCx4OFG!g%rO
zn(;x03tUHIoUU_qM06Y}%0V9NL=>`!L@q^M!3=$$vo(hcM$=~@dMTj^zm~<~mZ6n#
z8uGH^D>#CRE`_D}`ZVN_WA9O%hqwL_2|o{d+x6N82Nw@Ck4sOC!wFR8<#nDw)xe90
zigKz84(rYG!ApY$&HFp335?Ck>m)>?eU)SUMGj5Vx};Y(lR<fVAqB~cp@&95S}r>m
z+}*g_OYTa>lK8FTVZfr=Mh|89g7B^VZQXrL-q>RL1RL{ROWh%Z$)u`=Y0RGjDoRmm
zt$tzS2wVVA&bjxwjI7l995x(*K%CjL;49CL_l2&{AiOuH1530g>?hR);Igu_;SZRE
z$ECh5@6dq}v55G&Ug+_<srm)}K;IJOo*R5Gy?R(I6~2(lL=bz?dA)brT;BUb2bwav
znUoxfq{qD2n5~2<COajPY_@T)YnNo0uJE3fpHp8uq_3?IUS1sE&hRB9T{d@0q6aJq
zp@{|hS)mE#`7%*s1IazZCPyKKoC=+ZO=`B?l!phY>JGJHW(_6%aZ=DphEvPtz-2r-
zY;}jeQq(<a9!@9X4%W~!8sg@>DwR!V_d-yVim(OvP`!0FT`r--X)jvn<H~7XWB98X
zXv=6*JEJC1i}ve}jZojA%VpXsb)Ao-Y@=8Q(Y<mzrjs-4RTZr2p7s03qwQ|%_J=QS
zDJX{yhYs1)Sv09SFBj^2&b66+!xBO(7o3Vr7IMv{xg~5^X(u83GLl3~&dozXpZ6$C
zYBU#GF|CurpSx=1j%qmj*Y92k8rosXkzcycEh-Mrg`8)jT-4ED>sys4o$o6zZTnR|
zJLg~ROl!ti&2=Rwf>sv_(V~2fBM3CFZ4fs!cskY&7^YhAKwMOEm^(sI1jOiBuE751
znll+Hx?{oo6wH*Ax(*ff&gjPA&?zvftnqBo<<<MAekc{jm7aksNlkIc%n@>7jp|F*
zJ?Dbg+_jdJP=@7L7-=k~yp+iBzXVLv)KYey+b;s1cob?(b|!$#?wUlf*)8{Fv_B!g
z%5{&+I}EN{ifE=lIkFxjId9ocs2Pui>X~r4rNhL^D<Tn85UX(Y?QXyc7&MXz!Wse6
zagh<1)va=Cen7|JU&h?%TFdE)-Gl*PB#BX;0^kz256J5edQ#?=h~8ayXiREbwzDHK
zkTX*)+eWsJgV<9%36|I|B}gxEyqd2BR{1bdc!;y<j8=3=d1}7&oFC+|Fd|uNewjMf
zHs|?m(T!~kn(reXPH;3|sfsea=xa0$WPlu(0i++60%+WTcjkj`1<wERv@HMD^Oeu{
zFXCG;r<ROnk;Rrl@AD|e*iekmsaXlN`qQURswxX8>|3QlA*-7dyV=Y^j?l_HEGu0~
zxKR<5F3?hs4xQU*tLwkmKw%Yk+4U83+S+bJvIIvHAtx*$E3<bZKaX8Ka<F{u%XsPp
zK?DS7Y>Az(H947HXYaMaq&z=<dELagjPY>tj44IPTw)7iR+5e)<AvO$N3)JMJ}6gx
z|6U^GLX1%&(lS`TB+_lFMNe9USP*P3s1<x@Fvm(ILZe1Bi51DkpW)+PaL^03OiGSA
zlyvAnW4pI2MA|gUEp^;H*r3NK`s38;G}R)510DNs-Hm-5z~f61#WkHA{mL{*J08;g
zNU~4X>R%2#0E4|fhWuJFY_KtmmiwW#K5Hgv&#+%tO4JT2hW9%*D|h^?zC5Qso@}tt
z-8ni<cqaA;P+^{Mp%3;88)w`3?iM}iRXZCTfp1Ohp?xV6)5WxF=wwKCg!x&Ztnv)s
z_TR25%d}53@H<*vXsrFV9KF2GG`{N3CNEGPVWysxY&>0Y?a!0aZFrtvu(oa(7b;&S
zsy-tqaBiZ@wLEH_`mU?r9=4OQTP~dEDg4|kL^>8@bQ--@6UL4XLXhA$OL=V&3&2Yj
zQV5hl0}W%=$Ppott*NqVz!@4q%5RGZ4TPjivIq)ZIXk=;ic~ka9e~3{gD$TWHg1OV
zU;Fy2S<D*Tgy4eL&Y{zx2s)>gzn^Izm_wLDXox}_;Zs-U{mHXUfpqA5zfOY%v%}-A
zH%^munDeZ~Rb%Z4+GK#f3tkc}XuS2m?M)PF5X5iD=x0J?M64t^YmuHEkwQM0QTPq6
z>{n4-ozeCa4gq#_^$-JAlv1mK3Cb0=H!Z3f{H%<<Yt`X;$|tkvDovE!ro&^%&gVgE
z>*n0&wR~avbH$AMtRjabFbTm4DsN5L8rjw2CCh57LsrSj{o}R7>NEXUwemRz$Kzhu
z!I54o0)kx1F7X3<r!4M0r{~zfy&J0!mk3P1tJGT`kZs?S47tk$g$vi%#^`1HyB5S(
zeZ|+1%hARyH`$cFOV`rY@rTzb_Avc97H7jXA%xHB0qhmJUIFD^D{42SroC6chinYw
zOdWGp>=rJ8>nodBt8JGXoJF#KQ|_--UQwbbq3bt5YoI6GCx^}cFGTk36j>Th0@7W&
zn<7aO2(xL!yMD>lYivGUzcUhiINS0V2D2s?{!8Ts0~v-#R;xs88)b8hVQ~7A1|Ulx
zIg4=Dr|hLwc6rgPnN>B?4-xe>(a~w-hRpO2(#_HN#?W;`){qP~JPeN_sI9qG%-9Hz
zdS)5P!75WL+_Q+S=~aNn?-zWv*!YSDr~WL3oQ674BkAZx=D5X-;>F2{su8gpx>((p
zvWuBzM@~j$N%67|i~K>SZyStQGcyCyRM9~ron`74{7?50I&SI~G9`ZdF)%i6GLTa!
ztXt`=B(M>jd!fPo-}~WX@}&3!#KMCD-ej;)Z~U={kwYkAqFghg^)Mt?sWHhg5;zQ<
zLQy3AGa>V;Tl3|!vhd<^O^yeqjQ;Gza(BA)Xcktcpxe*;f?oLSa8F}-GtViSII;2R
zsAvl*>Y0to>X|V{W`fw!(iJ7i+<smUz<s;=inAmo8FR(xr<HGXsGqLy1x9fK#kmO)
zZvghoC|g8ABFPSPsILdEtO>fJ_)fA>W26?8m*Ip5zFO#!c{k0FP{Jwa^7P~{_;d1*
zHA6r%v4rTDVG%iqJmgYj@qB6m>qk!_eRPCHzeaHFMPl|v0e)5*#wb?u8UGwf78U%!
z!x<I$^?{(r7I#ln!kw36*YC=7FpMmkb!=)6PFJPb#~3<R<H|_8lZ=+m3kn4hDM@Hl
z*cS)nd>`lIiO<WF3QiO-6G}*q0Bz<^>ZKV7zamW-la*$W+)H1V_QC>JZ!%o1kP0=^
zoDeeuBZ|eZ#B`S&S~!Zgh6==9!Z-9w3Mg-<3`LeDLb{)TRMr>*P>u|)K_WCXHnWyT
zOhhqah>oy?@6(hJHrJU@9SWF6`b9W5p1zJZ62Fj_9Tb0tuoW*SO1`QenSeJl9-a>e
zoeAHfI0qedzmv#Wm;e>Ujtnz$Y>81rTzY6<4hOtcB~hIn<55cCbH@~y5k1%M5JN`)
zSPwAu72v0F3pmyUjSl8R8tT(P>L1?>&`6;abc4OQ8eM<tT)5Lag7{xrv9lyKnsMlM
zKaps+T!90OB<r2Xw2;|y!(wmD$m$8_XY!jRzx2mV%?S8<@;k)}LL%%)%77(>_WXV;
zrcMrslXEcPDb3DT7*^-Fv^IQ4U(ltKE`i+xGU?N!i&GF^N$W3)cB(=ujI+>F&w(v?
z@3)WB@#)Bezrqj8MNtj_4NwWY@}`CSVhp56UQ85U=sj~|hQlgKozN7)I*1=M1M2Y<
zgB$ex)as;Tgmi!_b1(JwyzN%U2M<RsC5?`jFKEq}E$q~;+CN#_$8v1Wj2k0(XnSjH
zX3xNqFX#*S5N~5VzIA?pawW>Q<#6xlliwm9`F@IR<^15hOmrmMwRUnN>SaB$Ft>GK
zznfCl)Zy``Z()ths^6)@OS@!kVeb}S!3Ia8w8ox|D?u%KZeuf0Ye-n7X^g`%nYpFC
zBjJeH@HFNX%etz}>(AOw(ksaNhZi=<?J;j-N9CrJb;9nsT`t^kaYvQU^2O=-?W$cY
z3dlv=(#5guBkOwlg<>B!;|djBoclbyo9HB!V@=W6%m$T}qZ^lY)7*@J85w(KhZh%O
zp5G>P@Y2E(g_UD2SybePv=R$rLC4z8X^jL{6t+mwTpj7}II}~_UOp5@c8^SJktVI%
zdyX}&dOz0I^+{)%Ji&9gQ0qc#51pzZx1k@<xLV@B*z?Cm1poYmelN;28yvq9av;O8
z$zDrWHkv-LTO|r!JIEoow13KJozHIeUuE@ml|Ongf0f6XsVU0?EIBrx=!P!J!$5N{
zMpv29cVu&UJ5Y`LW}>f~yBQWJR%AOPH<-h9!(K+{?v@&qhu%b_4me{s^imO{Y{Xrt
zzZ4t*=3%%HG`s^78<qQmsf*L{<kqK12EtR$*<nD6G<ebMV2J27lS>6Y%(6s{!J9E9
z6DyhvL<|Tt8<Jy->(j-0BCw*vY?N6I*jbgSTmMX~)%<GC2-%TFN=q0jI*VnNeqtyT
zBlRDus5WK~n98=4TA0pf983Y3w&hG%kO(@<T0$@6Z{vr;E0=3KGw4wbP$m`Qz@9ZQ
zOzRg5iP(9-3w5bn=#Neo31y6Pdba9a1eF&xB$y?<fsYk5Pkk0mS+@H&p#kG58A=L>
z*i*s3WUTsiHu9WgH$lh^C~Ag_wY(aN*%$+se@##U(-J`^4z`xi^;;AFIRbA2^cD&)
z^Y>XE>C(_)(%lU$b%FqlywLShQAIn*(Lr=U(r4zqMoJ>sxk&0^q^SjhnRYM90MS6+
zWh=c1T4I=id|$?HnxLZkjsK#rYw>-&s7|z_oaYc6S!zWjgXCFkaD)Z3k*$PY#_hvG
zXMw}K4gFnL1iSDE;;g*P*LN6_u>Ve4oD!ke^631_sVWn$x6gaB_?Hjd*OIWu%wbGW
zZvUaz_>f-EDK%zzt_hDcin$uk9*XfgvVr^omZ3wf@e*o0ydE5~uBY%yc}7y9yJ{pc
z#~j5dV?^}>9o3~0nB0EaJSV2UT+Zt5QjGMCBt2EqU^7g~J0-t9`V%6Ec*SX@aNKyU
zXyo>21Zjz3R-Ogmd8V%Wi(RBlolGPjkFZgSomg!uB6r?0`qHkellqVlSUt4tM|=u|
zd4@u0c*=AvDt8{Kk^f0cv6Qb`jA0G4f1Ma}dfd$n{JA>yi(DPppwNI}*Z^<Lfv3Cx
z@%SJ;mH16GO{loi8dy*cS06_`mhq?Li#weULi6e;ob&RWGjnw-0o|lIcX7J_dZ|Q*
zk5`$(aLMZ6EL^50vQs#+6dh-8wkSV2hOpX1gemeU8a&{+n9=e|I(`iT*?UB`cs$zB
zo_eCB+whbjNXj6d)SPlsrnXfg44bf;k?K94F_pUD_Nh4UQ*?e3R47q>iKdz$WgW0#
zWqis6_k;q$No!^p6B1NI+*{?|6zQ4);lz{Pqjot?c0Y<(J?G#fRkpF*2Yh~IQ<6S?
z<|5B{Els~Yo6=12rC7yj2|;Ng;v8?#6hj_$gO3~;xi-S^z|dj=B{;2ANf$nvX#^ft
z195TW0E2mPv`{p98yVWzjhJV-R4Nm7HDRykxX9A%_G=ntViRVv#fj<CJNM*bV5P#s
zo;pxms`n0&rvgE!qhaB#@e4J+#e=l=t{<7Pl5a&-`(USPYNN*sxOn!e69q%A)I{c`
z(c3ua*qdokC4xG4J||shU5*7Var_44QApAZ-Fs<UO0<$PTL=E!SLx)^R0?j{J-i1A
zBbE`e91a#usnb&Fj-#``9F@?sda*d#u+i&v^u)@qvaAv=54tmXG$9$-y%PpeO^uoa
zg9xE}YR@P$Y=tMGhw{$%_Zy!)eXn{Y0`(}u1}{6tNJSJodN!|o6c0sdoX2)U*r|AH
z=A&LZuqg-Yj1~V5Xv_;;Z@X$VcAb%0JJ_`Z0~|Enc13J!Px;M0LH%~3#iEW0(XH_I
zV|5ZVefo^yi9XVe2p5<r=e@O(nHi)DR(fBr)l0&A#?sNV0VVAu4o9p7p@sSIy>R(t
z^8<Z&g|r9VsmS-XdNq(+XF6|19}a=AMvpmn>sdx8+6YpU(K;-qQ)4c6cHb-S{5x7s
ztZ`$dHErWQ;tUllJ9;QZnPT*Yy*3;pg)r&Is=4zt!YW}i6J&W0_GNc+Ck6~9rn9+r
z$+d9JQzl9!F49kp**LE8PwRK_ac`O^*HjzKVV(gNB#z7o0U7ov;1n<DAOW2C>evZ6
zM6#?6GjW$7l~pwDc^kz$XyTC`*c;8cIK-xc%@$?Hd_qV1w+zS<YvBt%%uLZM@#x~4
zWBtZPi{(<zg=Q6lTn@kuXJdkgb1c$@l7WN(y{36^CV}G5aOGlbThpmW$Z_P3tunVJ
zu8T8nWFwV4`eFN-kz&m8r7TA9bk)yC(=-@ELDkXdZ#Lm$0h30U4SBS@V|KoCal3qN
zvU_#FfI?GY4oT$T(4CS+GQtxRPumsYoRi1NWTu<DCTF5?7S9D*1M?l>ALSisVGM2I
zCf3qL6Q?Ql_B+F@oyrD>0_%~}RPUSnbat=e28|93qbzU0^Nh+YAcPZz&{iM8Ig)rX
z=C<advZfx|yy5mMq7==AS}>~td+pPg*&%5NMfF{DQ*E1Ib#H-)nh)(n`hiuk3q$^k
z^l8(R=Z-P!fg7Wy(&#(B(WK};p2>Htxl2X7AX+Y&MGMb8LMI-L{@?h2KAkAq$IrrN
zL|Pi+4vu8QdQ^iBe@^V3>Wmgk_I2%DSwKNvX+2x$vI8%VRApuM8n8Cr3yyrYf!ZH<
zy>Ey#YM*_9sBS+saNQOHd@1>{lwV5#dFOOb!SuNSO=cb=PF(~pmF?i5?=-MIrvg-w
zUn?NA=XQ^QzYF?xscaJgeOlAJ%lg%Uw=aY8umWvuL6~T}s&eLar!w?H6a^2UU<aW*
zf)#bC5M*Ho%~|z6nQy-+K<(b)^p*g-O8a$L{RYC|<NzT-dZr$Ir|v|qY+rO1Vx0l=
zxs&95PiJ!_{;?&u{oJGyHiY#2DE^!T;L`!oS<<bO>2I(_iX80)x<wjPbhLe@oT9RA
zA%hg6qp)29@I1!mdK(IGBL<X(${Z$x*gey6t)sqUch0#9uA{U)tOB_U2h^$W+Xwz0
z2oP;m6B3=+n~l<&0pP<7;#1n4=Wu;MvmX{sdQAjmEaEVr2Gm*HjR%CSyp5OPChAAC
z-`j&1?0PNm><K*%sT|JmlePLQ!IjtV1I8NVDck?!?KcQcF*43NG)yBHjAGvr;`2G?
zd7sb|g)L6!rGjo1fDgPc*U#pqUvpL}kG<AFg@`GNy8M2Iy@bRVczXWLNSC2%{T|8!
z;{b9%_~5^hP`8vQqd;_*r0bf?P@U8841NCq7!+TdQb#m`+5gc_Kmwf)z!`Ws()}fe
zO7>$bN+DOq56i^{#U;ZZ>+N^j)pwBhCbUZvm<w6;w?b!m%NhK#JgA~szYHoUlJ++<
zG@CB$4tjYI6*8)9cbV^y6&x3MGnH*Hzz6s}*|fz9>7)A}5x>ig>K6u&feCO=W142k
zX(o_Na7WVV%I-m7+j=WRtn@z@kL)#81nb@!Ye;pj9$4$fK^jQSLVhw7)2q918b^N)
z4j1&pL9Df*CcrIabw7e_=g3Uu|H%1aAgLDd_NnJB>-xX`nEwDhU#?lxt$^b$=tjpV
zSN@}1j9_u}N7&C?p+<EBv<$IW{*SyLct%MxT)sVNR}Wzl$Tl!SLLz#9tuQGQuUUF^
zZ9j1(Wgt8TVt9rA4Q4rMDY6QwY=ROgvXVd!01)`{cuaKN3%KfxXBhypp~VX5A=|Kk
zpBs2eH)UEFo{AqPP=u&O24Dcd$}o|JUpfCYgjLz8U<Uv`HIfEjHxNITFWR&Gb_n0T
z@(;QnP2E6`IJ=9VB;Lb5h1FlfGH7^TAYPTm&i~LG{j1OTuSPfvJuTzEKL4vJ{!Lq>
z#r@YFCnt@fo2}7baaaFpR@<A|I@;L(bttW8Wke(LH;Sj8wZp$+vZ!SAEzRtljQ*oR
z&dm0`XJhTi&u`<ZLB;qT2=u@6vcAc6Y;6C(xGXA$|3}})?~(sSi~Qe+p5KJL|NCzw
zjjT-^O>ybjnE$&LdF+IBFD>NIm0K9*%1<UL*&szFeV}~o$DBkiUNKE&GpRgA%-6?o
zt41*n!q=Cp=zeGUh2YgkJh!_%Yuw?=roleO&30fnKMNb7G_koe+ot11fippPhjce^
z+WAI|aDKw885SU(v4PD96j#`hGL~%*kHqlk(okmyhf4_HYCdwgq*-2+GtQ>V0xaB|
zawDtUHkdp5!tanO6A*d=j)SV>neKgcsLloz*g*LLO6ekbU#2flvq`dKX`e>!ph7yu
z5+x<!$&fmN+b}h}s?a;E+aT9;yrXiPn5J>XqgVs`eXQ?Xn5@)O9=mb$7X8fUZuSlj
zL$5$jeJnPm_ag!(*Q;L|16uD9vZv`!cAoXLX&BPwP1kJ-EbQaCcTkiiF_ZsPQU62g
z=6_d0|J-^1=12Tr0_We2Bmak?QGbO*{d?Q~uNCmOw*6mK^tZM>^S@Ivzi9yfjoBnU
zGad8aIhmedo`?${&mMQi#x7gfD^j&!Vxsh5zXkZ=dyQBP0og!*6B7UA`&Bn$ElN9L
zU59~>4`9Vb!BbBPfQ_jx7={{4j!#Z*h18%6RIwyev8*0>T;*fV6twf@Wn)~I4ojMK
z@%8j#l9I}D^}M;{VS!<3b%zh39tvu|z|{6p^=^Em{CipgbmzF0h;M+=`idv#1Dl`U
zsl!L^jtnO)FoqTQ@LY4gzMlIcAZcv}V=!JHquqKcStnv#fb@YdBHF??3ZP-YHzp2j
zD*z)cK;?7PZK>~C>*v;4x~J16-I$F<@KyA7TltDtfe#cK4PJsXo+ky>rLoOy(ZJn~
z2Q`1ZmA4MAE19|zdQKpe<@(m?!_=1I8qgLCu3<CIE3M}F6o6E!7ldGfVZe;w1acYG
z=w(P$sMFv8jHsw2dP+uIX?_9Bw_x}a<!i^C6MZS~<Je|8E21%%Ixg&2^Jz|Uhs&<{
zJlI|XtwW+KRb`M%ohuH!u4mvgy)W#wsbaV{Kn3ItcRS9708a0zl4}E_R%^n<VF+qD
zP5#mKk$hH6@L|}*uAyC1v-mm`!)m{~9nz_<N!E3kYjU$BCndFj1Da8D!bSviJ=|1x
zz_hR)0d+T6Gp{QeSKmptKg(|DZ1`;WF)Diyh3=vBJhkk*$Gb~L<k9X%^(n+XkaS>G
zO|Pmaz!ws!cC<F015p@rE)y$y=VM;7-zCh<mK^V|V$(=RNmM*6fvKFQnX~EWX?@CW
zhSZ3JsGbM5)hOfu!_6UoN69Fr{LqKq<YI&`$z@{CP!PSJm8KcsvznsX$QJ!u;ViwR
zq9BsijAGxhm2PP1cvyWHeqm1s?(K+&H5O>wCx}@Hj{wm!IWE35-PD@IlnBhZF4xrU
zFr>oA>g^Kcbn{_irg`mh8R62jD}PjeC-Y$=X<~QrcEyO~&<LV=NsHS>HfM@K8i`K%
zV&tP456_rlW$8Vmed}{w>mdhvk0DUSrc6=B=|@LQGg%YX0qY@pZ)4W4<?m}_M9gQj
z-qpjOavMx(z;S=@1#ue35XFL`8j(Lj<K^|w?X<d9-oCfj$EJF5Ben6J@FHO?7L0Dr
z6;T|9iOse{o9Tj#&^m{p1#I%HZNCvPm?)1cJ?`oS0<kamrU4w6r$I<P0&Ps|sCEyb
zE<%$5ekRU4k~%?+N<F3nOEr&NX41x~wYEx^Ctn7Dn(&sq#fAj?q8f7U%ULE^BMK&X
zU7H?}8uF~V)iaO`#vTrfI^-{e7jy8&welz~p;_vDb|_(2uDE`j!0fwMLotMjv{a(H
zsW7e@wNSW!{FoaqzA?;q=>Os2V!{IG@@`o4As96l0l#Z-4z>cO08iNdqX=Sh`FN&f
z#$X6kkPn(ed{0LHyVFpI1;g`p{v9A*rGhd4a0=`Mw~5=C<Lu&{>uhinFHO1Yx{$Y7
zS*gJFOx=#E<9DSG9YsuFs0oo|*)vgzW?$Q58WSfpV#+veXG|`hYnDM6dT0j#cg%`F
zBnTT9s_S<$0!zYBObDC$$7EbMJT)yM&3FRXumLA?MXxk#g|F;r>YTPNxWN5$eduSw
zS+5(-z)>XsN<6!R!`|Ju&IGvazNE)`-sWVkbL(!l=8T9x(_bqj@jNcmSQe-ftQS$w
zpHT>1%3<67#v-R$)_$&|x33<sQc&zq+=wZ?nDGic2_)`~zW+YsU>f{HXi`ouExjTp
zu@Ndwwc*+z*q&%*3dO-NTM(u}r5WTk&ww(2SpSK9j#-e~Pjz1!Bx<6%ffe}zO|xP~
zZSyoMZQUC@oJTOKd_GHB*GQ;B3e)hGnccejc;~&uLZU+oDi+jArcF~f$z>62q$hD0
zjO^O+U%GT=#N(egLx%4NprD{2+sL-zt!h-VUm{#3$f84?-qIQ4mz8k2S7#bb9J#uF
z0(>UGrX|!U;z>jTwUiQ!E22bd^fiq!l<<&Ebg3b~iPMWo;~>d%wS?^&D19p-<3LHJ
z=;_v?FQtiGd-$X%hN7K?&(vocaz4&xz`hL0)!2NE=h*7ADtRfc!S}!wVm1X?W{P&$
zA(z_bv8^yo#T$HmrNRmXDdWB)d88ahIPIbwL)UrHduotJn38bSgR0=y@{I=noCx2r
zpRn&m7DDZ^pE&Oc&*cpcNzvqP?QVh7pl304TDk*v1nD4b(qb}nnvEK>ixHTm=m=7>
zH(b~|wa{XAkwU5@XRk)FwEw<1J({hlgyRpA9YH`>_jm;~BYfVLb?iC=7#6Dm#GKEF
zBWJ&H$h~X%*@n4W8PSG$7F;0fU>^6Ah-g_K3hbos+{VQ}564mPs3-gK&uQ=@4Aza?
zG{~2|=ECO=D-9bB5e<{fw-pS5QxJVJwP+`$k=`l)!EF5ipw~zzqK<jMu7dik|KT4Z
z(+>6r^MliRr$Y`(mqJU)4vCeN#)<Zc+KE;IH<8h(d92Z>dOe8l3oJEP+1B%jNQnWm
zWi*Py0vPPm5CoB<C=3o`QRc~BgCR)iF{A;MWUqDGxv8Uuji&{ig{FCxFNu%4G^S<G
z2d1TouARpxXak_NBt5y+LTpSQJ+py)Gr(DUoz<_YFEkcpl%&a0Y6@~Gv9WLWSQnnD
zZRSQCyc6MSx-k7|Qk4v&<eqkj3g!V-sAW?evb0FMkbeH=QLfdKX~Q_LxPk7C;ZQo&
zCVYBv5VqNB0RqQqZ#^LC!MyptQ;^bDfGYOGu2b?Z$MgB2><sn=BJKk1&GQ>ZJFK79
zH(uRV!fchQH@@!)wm&MEvHz&jqk(QW*tUbf08CEC+a7S5Hz})rDEGp0xL1DY&zC6c
z&6Gg(dg*i#VJU3M@dSAUzeYs~q(HKQj(S3J5$OJ)SZy<L7UY|*4Hi%$>5C1(X^@~U
z;m61P^llf|>M0NFK?7g0Yruq%Z(U}Zrq&C$3y)yQ@vyojPz<5N4G^nUhsYbRd2BLq
zR{hx=3CO~*9naoIg2jnC5$M9%gu(Ak?YXa;Tt8bqOG?=-J?%lixQw=s%H=%XJY)E9
zB~G%V`2ce|xY4HLE*14*=*hQYHs6studDdDEFkIP&@&j!pV@soE;`JhkvoGthL>bg
zD4ZBqG8yW1JD#^^P)LY41e>Ivl4%AWE=kwRa50wL)THI*gwd>?^ZNU>@^$NUuQ`SC
z?IDS(%a}#@^v;|_b7~L5j#3lF{Id~Ze-5mkb=p-Wqt7@FDg={u%b3H^y`R^Jf_^nG
zb=jblk92SjggV2enjtxKZ~x{p0Qyo@mBEMj*O8E`qqQdI$+&im*WAUau%^!Q@a-`~
zQ0zJDQC}DP0@dQV)eZbI!1i3(f_tS7!>G$Z3XmZyE?2m+24P;ro}o3r$?>bMN&Vs4
z#&~|}Yz1{SMWrKbKd$w#<V#gCO|n$0Jz7e)_k)c&3AW>gOf0p_O;b085ZbZz5)d&O
zQGVJC&K}HIx}^x_=yxzY^g82lj6nwwR2T_hIdPerJ$cQbG$z0)t1J9$j(|h{9!VP?
zjSt(+Kqx0yV}dbEX1SzvI=y2OJ%yEDEp7#n|1i@ili6nu3k6HjM#XyO<DXmI)%ekP
zv&r>@jCnJ%%K6fSu=&=6v~TlX<-$s-79uB$(Zl%-GOUtEAUOA|2nI|u11sDeJj$>L
z<ES)h3`|^8A;iX4ANnu-E2(C=4ujV$rMAs(Io6MbvrmfawiUl<e_2|Mo8$rpaN~_t
z&i7Y^vc?4(SGzNtC+G~Vti(Vpz<8d$SD8T8INU{Cw2o7B@jvyjfrg}EE8(E@it@4|
z!)O3}SNw<myL|AmJ>HH}#HysnWF-tuTjYKPf67)Sd!Uo?_d%)kqGV~x5v}2vA+TPZ
zepC|Jb_`Wb?TE+d%IFg*I_9Es#t?=HOzU#`L!u1j(6L7Ehq4XgEB=-c4OKO0m+!>h
z;;l@!j#=VkYWK5*wMk|kT^q@JwxefF7_d_(w`AP4!_>}4F1yf|azTmh+Kk|5#*>Rx
zni4Zjqkv-j`YlC+7A>Am`TX!RJr_o85k}G;T(}4c33RbI6tD+T`j#`#?Z~dp{r2~V
zp!Q_e`99eQfazpv5`Z+Vbvs}J@~y1cT$*58cJ-#yoeZ~DC%;w>wj53`gB?5b?#L<C
z1rroc14Q0gRg1B@-)brYcr=iI-p#Lvm4=70HFZWEqel*8Q>h<1Qi3!)dAS!vXL79r
zc-EmHbyAFy4Y|vqp^ujVEjimg#cxBQ8C=OE6{7I?4oWug4txDIL>6O98$MsHryQCK
zFxmjz^?*}7D-J$X(#l(t6K=<sZ8)P?1)Yg$VM7KantKXNY0LrdhSk}>7-td@g<u=o
zkvs^!JFs}*sUS#+M^8zS%ZIau50b_XfNSpe?XnW>ALj`x3?2E5E+Ya@*{HL=X@L;L
zX$v-kQ2rBeDj5elp=S$`C|`vyD=0VEdPP2+uV#x67h(ZH=j*tTU+#B{t3V{MTW0up
z=(}8NFpw@Q`!3T2yB+?&EAVSEE;iy_@AcV6j7n)2Qr-&_iRm(uoar&oku5qmDThjJ
z9I)eYg*Qny0NL_a5>4YH<P5_BdGy!)i)Sq1CGivHW*SeILt>cf`g*WuI9*p<so78`
zi9k4H0I)cNT7V__6!e!L(*#%YFp>CyN^BQFnfm*~NTd}l*9A>|zv>Y8V1@Uxi!G>I
zEvsH{XM$a>k}l=4xgzHyYHx~W`b2ItWdCUQn@P)t=bKJTAYvb-Aty%U>L%;fz-!Pq
zJL|AS`>Smq%AqlnFB1u}pluNz!+9i3SklvHgFs(c_VJdnNicjz2Kn1_KK)*g|04?;
zWU@iie}opnNw|&z4Mv^Ae+|yJ!ww4GbW>eTf=`LL(AWC|E<J>h@0m_?ko7zvqjru~
z6`c}>IYP+bCeSd0b27$cESy|0&=oip4_Q3$7Qcr=hlIC+d`q{Z$2quKTAjqE+Pc~b
z#W@CR7qAf|*E`@TzC%B_B!Jt>d;PWf!fi+BEW8mVR~vyF@z$L`7%IBkpa;Kb`&S4a
z0bl#W>Gdwj73X=j4wB43nu74oSk(}h-5UvlF?}#Dms2VneW^dWCfdyLO>xow5Q0iN
zHV!TUV5oGBU@9<Ss4Q85>TZU!fF^+095@r{0{?-zcCoYnzCQoS<Nf)4m?N#?xWX6c
zc?cL&eVPMn3Mj>iAv~AQPVdXmC#EGt<A+*`_XE`F+Nnj6GMGY-&EDC_YFMorN*Ra@
zkonoVwNpt9?eofl4?8*5noqNvKr#082gw1QBaNWGVQ{MiMP0X1KKckvMS^4U&L#ek
z_ri*Tgzp4ZK&f%L#Sd1@LK`6*JM3B>{XSU0Ff3(@gv>-{T}n?9geU+o3Itb2af~xm
z21C;=fBrD#C5?;86Ij3$7wvb`u{s)14(W-T9S$2SF-*q$9;l*CSc}U&INt$Z9o|uN
zYAzt}^f2RA;hxR+WWYTrI=MrgLRP6?6?Uo$3UMIBM9?A8;i1mHnHp5pJG0VU@CT{`
z-ilj4ai+M~L#+ZDOrVL)=<>wU7$Ua<^q;wyBeyK`1QzFY^WLynoJ*sTcm2#oCODW*
zlbNm-i+%d$!slV^jG!uIyC{2wPso(@$|#~rNVHW{c971!u|#nC%A_x3WoXql0qvB2
zaEJ@XYn|lcy*&130>7~jUDR+uwN>;Am^L_hfs2W-az_>7dxU*l1jyzs%N*-{(VX%~
zFE8xLru84oE5<M&^C6<0PUDv+#ctxtWU0ro(SVGTihM-A9)?vVX+0#p9e#TSSFUdT
zB6<n-X;595lK#}<q9aE!K|$JBZrl%oBS7=29!f;M<GM5rskH>e^`{ujfgmy<RWwbk
z?;mrt=8O4Ze{G#ihG|oxn8%Kbva0s-<&@gYVJV^;;B|4l`FT-%r?VEjr?Wg0)PTnk
zXCPy>1Sz(5)DFs-HVvAbXOc~z*Ey22N*r7_(8PKOUbnSw5k6PfqqhcU<>7GZUOhF&
z+r+#*6$P9Np(S>sF%6e)5boIDyy*<OC83X(16tW%au_<IzPL{o?iT*RntywnkcJp3
z#wAh<3B4X0ql_0BXVuK7#be;IruP6L2?K(&g09-iINj<<wn8)hQR-l^VbuH!p;;W+
zv8&qa?(pIq`i9c0$E|ZU(Gqn?ntx~nn62*z(Kdsy*dVZ8f+=dj&D2xUs+?RF_RE0G
z3Kxx+OTy1Qph`ML;lpn$PR$6DVTWtZmfm(ymSLttuV=ZHBwRvtYItD`@!$46Mk!R9
z=EW%JP=`R0AsIa5&JJzA71zs^v)pyGD6r0i@lVn5a;-0ZWGq#|2FIe&I3dj#GSH{T
zMH2UGBQi78(yi#m3>Yf66GI3Z)4-J?{yKrlgN&DqA>DN;@oTC!>^7Dd_RhOU#2$6=
zlySX2<`X$~J%5)O+WdWQT^p|$&tEH*H$phaC~sa$n4D@Z7Ei`oNne3aF=9T4K8JOT
zY!A^Q&^cB=QlH9cc#3=OzS>_2xc`IAlHHP>KPtvW>MCuM;3{@XGCTD%l$+!$K_=Zk
zR2Pm)nBU;H-!88Kq*MbmvTz7NM8FBEUM}klYtW%8#P8HyNrRscYE=RhflRxRx9EG~
z?jWsN%cRyZEa*!!ZwJsjW;bRAAY8bZ$S{4KpH7Z~t}5^G@0B;89~AB~&yw$=pX1Ni
zAK+eiGQNsnq4c5I@u_$QpW0TvW8CkcGyzY}5383|^A>?4y|_*=)LajjB__5N?l4tz
z^K7&H!${*G#I13C+_uAw*k3GeglOkm16)0m?YPNrtsl=foz^ik@x&<@ygjH0HA2X_
zso7KCt$0+0hwwftk4p$j4dfpx%kJjUl6ZQ>(IrLO?v_8%zPbygU~FlAtakID`1_<W
zeI+!hMhWInO+Ls4$6aFC68cF-Izv^bl!wA47~x#)+p+jpi@HSou_;CXB@THZfUTqS
zZ$^t)?xIIWrRuE#y)|zdtx4;k3F6|V8nz;JUpuH(|CR2hDQ*t_g(L}o(mX$(0C~|K
zarLdSvB$=$9>KF7Wkuv>C=)NOA3!IcHGwjCTg}TH^2kp62)IDa6=<}2Lmb!g@l(N=
zK&7#zVoa5sH)PfrS5`=1B%O&fm8ypd8D%t1tu;+z8;di-s@z8-Nh6*OJp@YvTTCrP
za}06|GHPwun6=(8SvOe~c}jg!dsJhvtewzhSe0ZpXNqo;M)Q8Lt+<E6DGjxIm!-mY
zG7C1}!#xhY@mr#<s!Bh}@;Atm?^0~@%%<+z{m|XpjXNaE#$sL3dLlm8;hq{n<8l^E
zT46N3tHN1fFokW5Mq|LEAz3q*TzM_q;7~}>bip-T2DG2xjjY@en>39#<qfk$g?&h}
zH-u$NxE=0B1q_R9M6I~JSGBmmpC`1a^$JnG6|fXFuF3I$=V%<6V`hv0)0yg+k@#Xe
zP$$nr?qoVS9hUQ%LlL}5f1i^R1e9VzL?R=T6X}&Ez>sG9KyXRn+WR$*=fpKAWc0wz
zr*&1TxgR_gRMMr5xGvSm#F+iOJ&&o^>ZGgxhP1|#>8_CStxX2GJY<?VVDg@@*8W*E
z*2fdjI(dV-3N42<a6j)vY0%LN5B!<hig_pvqDCkn*|44c_%fjv@tEF+`hT{Ry3fOF
z>#i=g>gHFk_w{QO5~X8Rz48Qs@D~_}<T>J2|J#j#Unt+}aF*g8G!X0eJz8Wmf<9iA
zu!Qppv~I3c4dW!|F9FwtpfMCwkrd!`2FexY#%y0%GN~96)IkiIddV6jh*g>YMcF$>
zSN64Q-WA)nZ95fX$F^;o6;!Mp+qP{d726dX6}#U2Pmj^v&pA)Or~AViYt1?4nqT%k
z$Jk?C_w~Erheu9Ryi8-cN4a-Y?Q$&IH`SRI!<&_3bWO@wye(te<!+)t#+lv_{7vFt
zr&jjy4s!7v*!3(vL(O6?Irp<ubZj?5pvE}=fShWKK*?_W;-in-8$FbaiPP~9LjsEK
z!QHa#BHVU7m)z(7aVY6c``+^F_${8CP~XcnJC<qVFF7H|li3;G**w)#rOa@~l|5+=
zYUouh7h1l~VQ&H)+!NyG@3rhyNx4@j0LQKB%Nd>-QK&zcV7E2{YfWf;Py)-l39Dtd
zmR#(+SNqJ&l;}{ZQa60-A2oI@!qBpNd~Le!;72$nAx!%)53F?sVoqtgS>0QYCY2N3
zZtV(5m*PLvYSt1i!=-uMcy^dMB7EbO)G)7T2jH4eJF~qi+rj=MTai}@>)$wi+0y0(
zUDLbpwg*8*1W$r>d=VKqr-k{T#cQ$of9cO5AB?iyNDeFw2)6M?Wa|Pr6I+M5of?az
zWQxEVl%|s%IAytPx!$LxV&q0XM&jhON@V0VXbK!MnV1c%aBSPB8V0=+r(clS;k(2)
zlvWd>qyew0Qo*gzei3yuh~pN1aaGI*(GT7_fnHB%cA&^tD;ss`5^<+?Fj}+M4=vFJ
zvz6YNmxO<-TBne8KjXGrBz9shy*GZ24Dpw>UXJ14^=!Knvy`AQ8>37RXQAD-Z;wz<
zm!H^y;AHRLa|%b^k#;kP_~dV=%ziuO@Ya!_nRfHu2%pdPxo^RdbL=T;t;RvyyZG7=
zmvVY`!yTQ=sr75a{h{O1mv<Q*JS-0IWFxo1WL@ZKz@@U8wFxt_?L$W<TQV@EgPx+d
zT)Nz}5fo6&_1jKw@4<AAEhW}OrgBRr1M5v2lSX9=!9q*(x86n0LdhaWn+~QISY+o?
zC3_3?XUlrY2=DN|jXPIM$dPKh4ycNsTu!(`aql(H_Oei6t@!v9u7EzCi6|La$?}_a
zU^wy3A~O6dm8peKUVyZYdf&>j_Hp%7Gvlp!vuCilFD_XG%MuxsnP%U)nsv8a&*QGv
zgcoysF*+B+0~dJGh<R@<$H@crLv@ciMekCl7!^fGFkF=!nkG3eU~u(^Kx;w5GMO9i
zZC1d&>_=9sb+TX@9@t_vxXu=#Lu2Oy?6AfT7Hl!b_VUrlw-sR%A*-7fZ;+J&bq~0@
z9GEUJojQ1ONatzQAi?3S2Gu{o%Z5K{IiXQ)z){+gd5JRyei;UHk(YMx8Z;7>G{W>l
z1|ljywtx$HpX!pI4uYgfIzfT<bVzXhE+jP2(`js_I6-9fKEultk{-ks>k%ryU4q&W
zem@=Lp{UjmsGM0)KRz_%kLlAivD2BIw9M<qG!4o)&sgV=20o4$2G=q`53zHdg=7Cz
zmrMHA!tm`5hc6w_nCc|g{sSDBmCVtUHEXR$o#HoyK;MM~v6@9MlC=bW-~*emsQiAx
ze)u|GU){83-=gBq@;WGVw{QMvDY$PsAg|iJzLjyz8#~~khmx6dL@~Q|cwy`rS~jl<
zx3AsCPo^siY$}o)L_lJ84=xB7RGVob^1Cg_dK#*wBNxY<b}b_ZF<95oR+NGP+^Trx
z{DsZK<75k}?%C6FCx}vtgzEL2`IGVurskDZm4oTeBYW7OQ(>^c4gtdHc1qr(yesv*
z%Ifhg01jy!*KAu^Xkxw8otowl{h}U}5U8zqc#e>PEIc^`xUS(<$tTE(jfiVVK8P2C
zoJ{fvG+SwOwmQ=r(w}GDWoTw$*6xtaK{(E1yThn;zv`So;P!slDZGbeU<q5R+%YNG
zRMOd}@;QWpvEqghlq{u;Z;U{QS1o+dD7Aer(dMMy#(^0a?)A5H4ogiMgsZ&y--zGD
z9Auc%nJeLRS|zP){+xh^Nf&2v#|*kyaeV8?>&mE%p&74cuRj6lLCrYvSkc?n2ao<i
z)bdQtw&Y;0+N~(u2a4J)_Yhrn8VXSI(rQ*#(^vJA_BYE{RxVamO_`ygp{7@yzpMPs
zC!o?^ROIdba$yZ&u6mTJHls2TmGs`=HSr7B5F}gdXfJMNq=vyzs|qkzOG-f(F_2zs
znqPyUFdLpw)znbeuTDz&MOzM;w{+-Rj#yDt7YUN7rpaT+>wBcYK*La;lPVnrsF?gl
ziL6n6K!@>?yhO2Jo_eG~i_u6&H&F=-A^{S}Ku1GY0Zt#<2>S!(8+&z^vA&t~pZhae
zO;v>K^rjBh-aJQj|HEIh5P`{HlgY5TKnPV(_+m#y9bFEA-X_&_ZDl<*J*~9wQB!8~
zG>mk)YEn@X7O5Bq8mURCG%9dElHbdVLvii;CYt8ofm-PR;m@jf;}Lmin9P!TG)yQn
zxJbB3Sh_nIw&aS)0V|3s5NG;w`YiP+i=Yc()Z(m7t3xxjP^_7sh-p|N3DQjI`eRDp
zz+P?~a7&{b4InRAxt9);mjsG*m6g@f$`3SBR9Rxs)l$IPWpfY3H$lyV`O|MFT)op{
zHFwgNK^j-Bv-^Vv-j%;;4vz&QuG=tbYV0Pv=?BEGwOnm#TOJsxMrEgOS~nAaqtx95
zjjeq6Ls>*|L!aZ;bb=|rN>5;6ou3+pRA)aXrhW22|3?HIzD{w^rdSYDb{!9FbAbec
z^Q|eX6ns-I5MG^yX|Iu3y(805D=+MqKBBnj`0UO)w9L8=UNEvOx(D8U3#Wc@>8`qf
zoD*UaGZefGH@D?|t2dbcm~xCvmz+$ap*`KCSr%{vvur8DZMpsVEC@}cSVU24=!cK5
zFf4{%iU>_@TaU}BYftgzlM0klHKKBl9D&%NTl_7<IkC4nK@rpoFCq={1kML~*=|s%
zf2y`L%o5=Kd!c$k2BCkQc7!$JTedaDtH3gVU6+n#r$N1-`z**oiEgfO2{7@p0$?vt
zk96J9KSVunfkxfYXcv2MmVS{xM7<Pe+~M-yp+K|yL$lLvTCig?F7^PFetD!oyVPN&
z*(otC_(+kR;G#*lbo<QGVw=EOds*mJa}yiP3P?Q*|5-tH*r_VX-oUHe^ELTa9h-Em
zOu%Atc}Oh~iX>pOTj(1+5SG(<qcmN3lizi7s>k<!9z=<qalI!FHWj3?%%f1#uz^==
z`O7{8+Sx3nw?DT!tX>ex$`bdM<hypHwi20k2(BVBjU{%4=-_U4l=E*~glg@y{Je7J
zFFulED=Cw6p?MNaH$@r5k%cfF5l4S<-UOj0$md~bE7mgok5VY}`MW;e8YmkMLv7GD
z%)t!Iw5b!v!3>9=_20CkjJEI>A=%ChYcfUezG5n-6F?QUf1if&G=FPFIijiChFab7
ztzyceMWpzK{$kj3OkX(R6*sf13iT~DP6Y_p6eqFoQw>**>xEhN;9E@@kyk@SnNEDe
z0b(|IICsqS<3)>k2I^Y<_tNA_i*vat2s~32O=KV@P+3aFVjT?61o-59>Ggw`$U3ZD
zR%0g)61&J4TMO0&_jy7B`_82!Sa(AfwAvS<5ed>wnyCE#kj&P|uABbCc2lwKbzg5G
z2TwaenQvj4=HzO_;J)kq`0Z)^^MT-~9YuoL0m2KZvB8}2oGxz$3inx~iFulqyUQGr
z;Q}fqs{~T;Xz4|JsJ`h$duH*W#!6<eWG&5nCOwOhXvH7S;CjVRZtyo)nef&Kt{a`B
z3wB0PIU?Iw`H78!n=fIbD1tXMXlC_X&00gMPmQ_HDT+F9nqzd?`<burv?7?pKKuJb
zcOD{rQ@SY3Z9=^7S^iRy&wL#r?jW{imC-#^zdy&h1@<7Tk%0dd2VtM$s76@XA4kNX
z&1GvN_AyBg{Cj+CRyT(lu!(hUbUDh)O-NkNMVPZMbAw+3eyFGArCBm=vz_kGbd+_Y
zOY<59xfOQOAaFysBdzDLi(R%%N#sz`<#*xWtumSB*2kGCHz{Y_=1;;XMCXnHb*!VZ
z?8(BHF6NM~{2a+k%xqBya0#RUR{Zq$De`)3^F=4m^{n{MGcUwBQXMH#H~iKxmCZ60
z-XA^|&GOlJ#IK&F(C5Ugn4uJo=H!+?UWB*sK)a8A`clx>k6|OX%kT1c@*F0O9&NXj
zNQ+KVT)CVqj5cN!ocE;n4*uEqbwxQy4>yx<omNt3lFqhaNE}xdXti8T|8>q2L%0RZ
zXv=PSythnZP4^~sCA4zOhd(>QsZSV<ru-E5;l6bQr1xl(7S)$&=r1vc8kc42#F=-J
z;QJk-J*V=AmKE_r8Ns=@5M+Oc=>Bt`EE&*bcJ^w&caA%QI%O5-uI-iOcGrgb6YmV>
zUek2U;ME+dmhiYMD+;;9eL6X;R^gh8sO0Hp%L5{`Ua>_ku8wue0`PW_s(p3c1FgN`
z`W<?092MK{Lef~@l_J$8>T2A-t?A<M2xV!bkyQB_cPgK7y|$G72D<jfL#T9alHt_W
z9W~PJW7r;P2Ao0nI^p(Ap@Ln+If3`Rr3ZJG&O!W`{J@Sx!8ln|Md5O;qV@z~Zie9%
z){}9bqvTN3T&;<!;xj(s>_T_xOb~VP&d4vWsH9LNwiG|PA8Swr(O~HWwTz7JMHA+p
zMsZYaU=076HgFrXCe>GPU}T}4OCQt@vL1ixsE!>w`Np*FSQsg|`o`gr1MMgkgubN(
zdFqfG7DO9EQ613^(g*WCWuQ|rcT`<AIA`r<YJE6dEg!dsRa0%sFRa?6$udb@GyvPi
zp#s1?f^63KyAt)c!iwY_h&xQ!=*i5%!<X6c)YTeTc`%zEjcp3)f~%-H(W`lF>#5P#
zMawwjJKZQ@hjW|{J;I?6%L9=?$sSqK-wEp2h%+pt!I26&s9HVq>%iOe9sTA3{#;g2
zrm#wPh1Di3-}JO$@x<^pcOkev^3DJ@b>OA;XO4AErf(oo5MD#JG2)LoxpsDQm(SaF
z{0W|)<-UZ8q=^<*al>j7mS(uASPOWCU4bSO$Ef9Jsfox<QkVA@1Wiz)EXTF+G8IWP
zHK0701Mk2b!YM)-?%D-cEgNQz&K27Nc9D(+?l{>-EU;yft&-dJ3vZYHdsmp!@4rGz
ze)xXyFo>8NU8bI{Bh0Bxv1mMzCCjuiVcu%J=&q;<d@*D{JW}LeE(qb^Mg!M6{8FA2
zmvwqbzQa!O<*w%U!|q;H_k-Fi6!V6v3Cz!$&${$28EcRnH1qb%z&s9JZm07#Si@@+
zCb(Ici&e!`fj3d>{yOG-O2@ida+lGbhP`$pwQ2oyU(MgDSDy^4*miu#AGWtsK-YTk
z_VlY+3jC2%F*JHEWT0R+KP@@PvsIg${p@{thi%R^^N}vlCels~FH=dk)unB?3i=^+
zcYza`Q_psP=UZ!Jb$pqppU(Wbe&1g8w?eRUclKo_omcU7NjN<9lQvB1rPbN*?V($h
zES0&Es?oKrn!1SzZZbq#h)=`js_@~<`C^HtxT69=87z*H<kMC~Ge3QTEkCiZb`pKQ
z6L5C#m%IK+l?^qge=O`rS4(uoAO7e=SoA)2EPUTJ9qg@f>xRM}I>Rf%HggT$+>3_!
z>cFR=Jk709@b|AS&7Lle@4(I9qjuEGWTU@+$AG5Xt@VI`ui=v}&9AvQmm0AdC;glK
zEIOroxtZjFUS7Z4V}Mb>xnGTI%Z1P50)<^bjT-7-t5O;C2SL5FzpneEJbDGk@inL<
z{eLf1C@1VLepw%lem5)l+g~c%G()4}S^H*^!#Wq>HBt0#St@&vm&Ho+eU%37kTnfV
z(ZbQ1!|HhOInKjf>}~0#_xvI}$H~3uePcTIL~AB?z(VNz`x?pzq=n>h(A!`RK`80@
z8rwuVmEgTj*0Wg7yl?K;BVYD&R=dTUJCz{&-q5k`G2+fBjNA?UGb6g7RUSUl+r%s4
z-zhcD)JY6S3zv2NF6)WChf1PXZw-^<Pp0|!&)!6d(purv0{_q30LH2z(fCN{X(2>U
z#1Si@#t^7N#%J7+z2E6IPsMj$RdRI$qbhS~H?knI;8b^WKd3=+q^TitBD$!4e22QR
z;13x2Q;If9iYMfD%d||%{j;_3g$;IN))_l)&*1B244v7jS&KtIb=PkZt3gx9Y~+F>
z%x`}evFdSD*uh^{p?{RZy=o%$Q})b{<wBb7Dzu1f`$?uG5e1t~rw-+k=8AJmf?oH(
zN9dNOCN5y1s8MVgSOB(YUw9K;%MU7<qKa!%5}BgLzjuyd(Y}NM<SP#T@(X{~0RJkD
zAJe|jhh`~`mu9QJs#0VpxpoXG2$sxKwI7%OK9|J>J2>QDr6>X}Ndrzvi3Uc)XnAUY
zNUFCM$z8R;C)L{;z-MPv*WKf{QvxI}pKo3^E|K>sVO=j0Kkv=4yvTyzPm|$K74!}s
zR*Z{R_Qz~SFXnCP57M&n{g&tn)W#~!Zza?Ij56NB_61M`<F`+d65xm-{v}c8<qvt^
zJ+wSUsy{fiyhVlYO_J4*rU=vb6yYrbV&xbRci(_}85KWwo!?)x6&+*6AM5R1vyEM=
z-s&Lnct+{*mI03;ffj1F(Evn#0b$-*@f?3<X>V^(ud{Kn({kP01OKplQ_{7+Vo6Oq
z!a1uJ2|3}UZ}bOFLXT~L$BF|MDlhhocL@p~)!T4@`)Fbqnv^8I7xZubMRE6j8x1Tk
z<fHFtV(tSr$IiDl$rsongo@+t$(yx6JK7fvil_2}?P|_b{bbwbgla}7IB07btTlKU
z&eC|foApKUE0CjW9H}eyaXk+~lC5GO9~Wc%m2c2yyYglmrRaKFpsi~Jo@xVOl}R_?
zYK-*UaJK_}#mbqFzFUu^RclQ9M4K=19aX<qb-bE5OlN<L!M%Yp_{(IcUU^`i{4PSl
zRem6myy@uo(=`}SGef*mexRNF&Y${jOYl+-P%k$%1Jx29=b+W90amItR7L47iKkQ)
z`Hgdy>ru$GB(xX;7nj9@q{(N+wNn#w%Z9EelYG;Qilf*)5=t1ILjjnTMM@M1ZkXjH
zsr1UyevE&-%MR2c!cgO6sw#_>vqKk^_iCH~S8hd+d_}la?ODK3TCF_b<nK4u<X^q)
z(iyctnceewa#jTjm(DQ?+H|m;ngthCRvn5Znj+d1RsAetHTQ%lqu+br%1SxJYOV>l
ztYNA-LKFC=>aaA~ICROp<G*kat<34um5dY3xuqgvWUonw#p{*p6VZo(1B}YdQ<NBD
z309n}9N$GV*2Ql@%>5yq<RXB&wCT<Xav7-Nj139niB<Cl+^pjOO7Ai7<bz=#oEod(
z&uF|%>X=DllhGl73EKE7*dDfZ^2iX7g>HDR9n;E{9_JF(g~3#Hn$s!?;QY;hniFV8
zqQzordIWA|iZ$+PE|rcp294C-C;GF}G%XQ6#zRU}W$dfpqA0#USm+xWWNExGA~3c}
z*&9nbiqwixDT1Orsi-La;0KJdGb9c+1{s1ZG1!yHuQoN=2H;Rgy7Hbg@S7BxIS_<4
z!Xuu$4|7F4YxejTaXlgGKJgr_Q(vnng*#G2!&-3}HmaLY(^`aGv1KTV4OaaDDqEd-
zEZI>qX*22>svIp##ZVrqRspaIH3D^<B2q8JGyGd6I7UIL+5lou75MdVj*Z4X%3r?E
z+1|`Rq8lch4}-eaL&$&Eg#JHSe=Ho_-2cnh@P7;Y6Zy}+hW|6UnuVG33;D;+!a>Z!
z!^QrE`sHH(KQaG!SpR>~)m&dBK^0dsJ9T32FB8N+jtL1XTeGk3_J8`!|F!e{ze4}m
zxc^&615oB4bhXe^*1)7I$`6Fqh>&<?pcMV9k`<DWp;SVo@K5?SKLIu?IyaPi{+t;V
zej_D9nGL4hO1w;1%(;gaH|995mB6;X=GGso1(%tJ{sj(fiz>*k>(<#=*no`~EzA&y
zPka4MTFx-{u0B!Zo;FNfhuSZ6wd$wtR>|p?ry(jlh#!l=wP!{}Kwt$dM75bgCt!=|
zd^z=<qN^4S`imM(JGDB%zl6}Xu1_*nK#jHbk_BbB5#Uk33zS*$U7jul<l>4)C`^-z
zXW<^C?W6MSdPZllN{(e{qTo$`;jDl890=4ek3pGdJV@E1JNLgp9grQ*ZlWD4UZ(G_
z8c6&)AzRx~%=+M%PQGwJHGSklxA+Tw40v3DV0}ABV|}ALoB3pUu=tzg-O#&Dvhy*g
zvi(65_JMXb{t0=9@rL)lgZ^f7uXN$ySYsUECuSZH>WBV@CmQDyAnt3vIhgx^GBw51
z%iC1d#MZ{p9lGO}GXhh2@`S+P)!+8-%Jlz{O!$8+%YSQ<VEb3fHTM_JorQ&&jhKt;
z>tbal=3@IIRew>dIl0-sh}EoLaOyAGH8&SAJJ0_ZbAFXG=RcHdE^b(kF9J3f3(ME~
zuXS8s?|jX3{X@F`8virT&Bpab!~W;}|1th&Pp+>s!Tm+X=49u9{pb0gi{onz3p4xI
zMqi*zo-Zo)zp-BYb4dTydhuU~iC;(VKU;dZ{(E8~4;Lr<|4vN2<cD#^A5LDn>y%VJ
z#T~zmsRl+z$BY6K>IoubOsvS`C}fP;1;Md5Gfopmmhpc@lfyCFI1=yPqlSY(p^EgK
z%gH)wreI5HuEu{OkxxO;7Xc;bADi5W8JN74B~;4m?ycxNo;C6{T5YW~@2IT!O340r
z{n$;2MzSmlw51ZleK+FZR7r4wA^A=wM*Dz7xpuWf;UBucvwQtwSjFXg6YR4?3{EJL
zrsMq<77S%=r+`e#L?UK&zOX3tW?-)?FSX6_?C(Xy=&RMs2z4B{|Ng7T(fOQgmKW<-
zDlu!0=%I3jy7Aj_n9~(>rH%=oT?{J;dO(QyVx9WK&C~SYOL~ZI9T}z^Ia9(<R}t;U
z+o$?A%(vg49>@Fd;s?DDE970z1|W!+zV={R^@)Ec1Lpb5C13$E#l$ZlFADX}AUL6S
zW2CwW06|t#Ju16IqzU0ur~{f?AKhO0b+g`I`lVez(>Ue>-xGY}yX3FPp$@ig!+nLU
zMY}i~Hd=J7f#v|Ymf(5&Q~pD<Lo?@ad?4?*VAoGubSEyUIO)4FgE505=PZUshQ_Is
zPhtj&r+5v+V0<zA>%<V*B++@qhJ_X>9x;EhZOYnRUXn}-yzS#Y<3nWq07{>6b5@b<
z6x#_BA1(P%{3bss30ogqqJp2CU4UX|YO2&hVXwsZAYZhz&{xB6^r6n05l@rc;A?W*
zEl|ZqA-gL}V@5-dWE&tG!nc%wI9<EcwVIYoN(aDBat;vSbO?Fc`M7lpc}uvG)<xQM
ziN3xqVxMq%Ff&VO2Ydn^Bewv&5Jl@qEt<QNE`aLC7l9aU-W*;L7s=tbSxzKkHGYU|
zp{VP&8}v5u!Si+1v71l=2ZGL}u7UW(Fd`Gs>8~Mr3H_8PR4x~-YF?mkc#PY9`WH2t
z7x-*uvG^^yu2)R>=1{Ttr<=qx>K#vX78hX^n;*_gU9D6;FOS9+Hph@He?6`!6DxdF
z&}!W5`bctjS!+5oG0}|4g#A+SRS5^86GY89(8nB5-gJ~}oa^N%Ic9o!oe`b7cyG_f
zfHV{s6lxe07{ckkNr7ubANo7VD)+l@PH!Sb^{-=m03PiCM4qTBYfYh}Z7Ph-ga8G5
zhx+?wHXn-%`t7Dbsm8mR3>&aw;@$%4fEHy{?Y2HA&x567Nx&JPWF<Lid5NUb11YZS
zd={zq*t6C?B1uKbJXf33&g$|O!!Y%@o-H-I(|7omEp>T9W%5D|3otpI{k?WRr|<yN
z_ddyPG?wnK`&}f#>nPV*;VWNi&2{nwk)Pzm%nA|s>H)%*SIU&WMXo*46BozX-{zvD
z53bg~9){-}*F?Ir1Pobvt6pBD5=CTh%-6b%4x}#!j=@w4C0>vCJ~dg1Case^?(xD2
zW;ovh(o$_3$c@Y=sb0LC?FmU<9=zO%8|d}KU2dIG@b$8E@(zx%xc!$qdRJFEdWSr$
z&Od41Q$`(LdStlxrElZ--$Lz28!dxeq^4f3m*s19f?_9}4nAo{^V51aoo228<@tI)
z_PTDnAc|ly*Rc+>!5Hdz9r!MO(dF^5dvx%trCS>aVUAg>VI9#=2=E2)XhAXzF*J`&
zJ*ISFt^<3;{~SLahMvfK@nttB*#1hSEs?_Tgen(#t^dqO+6>P81Gz=%C){h+`x))u
zd<nY2|KU`AxxeH8p0!vQKyW$hen8-b^!f?k(6k#}zz2JspO5Ms<{F2e(cEadkR?(c
zejrO?7V3f@)?O>e72xU_^5zu*zJ$s<=j@U|zNt&Q$uGC9(t5T$BDvG?qP-KGgRvE7
zP!Ukpi*^Ph(}-BLMQ4!LTVM1Tw?ouc^N9b!b$A%?`XC3aewvWtnQ%pc<TS^KK0QQO
zu!TjAN9R8}8^^@+4rQiJA_&`Y<Daw>G+y1PbMrVfIgBK?6Z@bms#`4W{rXJL^mYzC
z--T<!|D&EIv1`8098g|eB}T*OOg%g-{-stqp-i=6+`xG2CnWPLdWI9zC>wlJmS#z~
z?NMqeSL~=rll4HyG<02+DcXAxS6;f;iq-HEYq}~mS8cjt`rRtxPq)Vf)r)bL37xOZ
z7R&5ia(9B`^{@r(ICU%5&GfKAx<d%n&@0i$)_*tJ99F0@!WL*TZE14i?C6qW&1NnJ
zrB%-(qdngD?=%Zr^f40_Zlrtd+w?Dga{IW7ob<=-^l+%TZ?oGORakbD?=AD%>27KK
zeC!iFD}lPsSdkA;N79#gJ5F?Vwh^r)-M9!`2DV8@MvY+CwprS@+sT7)8T<9)^Q})1
zW{8TIWgcD7Zz^9<gHzLt(V2^TVJyJmDBzUYWv?=lr7_}P8=dt9(A%|_q|=&jchXf_
zr{ZaWxh0q6C8|W$v?&gRHzI7lhj)BVzSYM2rzeS=e00)v#W}p};@PO{y}l7dID86!
zZ>zs{n1O0tMO@>2cRT3Mi3#`|b_)Yr(eG8lAJToAM0$UW3-}ns7(NaVns6D8_?TST
z*lCo%CVRWr8(<Z3UXbJ^;W6@)A0Z(kR%t-|z~`?I2BcM~V-l`WeHUG~or#Z18Xa4j
zP%-7`sU_zE$gb0GnelD3NRB0lVj^euHKRaT_3<QFtkK5P)ef6WV`U^`^e;rFnZSIw
z#qqQlO+7HUz?(vPE#gmd`}gD1LEq`P*itQw5luNU(j-((Fy#K~S6RWvO4(*wO4}!O
zzDmkXH-Q>wYBZ%LfiQa+Qv$LS17s#jGEE|6GuMq{?Mz1&V~()LfaPFEnj?P(k2HnT
zM2}YGvsC_?#=1x!Hl-hN=PoMn&ER9HFDW#hpeOX)5ps+ovR?Yi{6uBle;<ySTXp1L
z+(<Qrdxz7y1X9Ro%`ofW04RY@atM6sRC~4NHJ|=Rhl(&qOQ_nuig2n6PGyrk6$%9K
z4zUv6Yk+14)FDc{#t!?ym$yZ!+7v@;U6Xw1D1`g_uy=Z7gv$JIh=pPaRJy_skmVmt
zwfM8FDQoprwF`S+iLwLMm8mt%hTLPuh`<<}XbHs;@`}w=*^x6FYtS}9ZpG|y#Gwyu
zX58zg3Nq~mtw5)U_GucndI%Uf69Mf2S4$%fKFE&>Et$WLRZRUNyPE7di=gz_aX-`P
zY7jCCH2FgWpx}MX8}iww2%1&XNwg<uT>mKjJ@I@ZXgprSp3VnX(_*cGY^uZE87Szl
zSEasO+}l+YX(LTC^wZWA)$exV2&&*y@=%4Fn>DtyppubD$Hg&caU~=b^8s4cBWDPi
z`J-o$nl>mjUL5?xIs-rcHZE8ctG-MM)1+U_EPW_Kj%jF3it-SqdLRj=^jAnTihPMY
zl?wYzl8WIsIt1u>BxItf<>y4G2<m%ulq49Kzg#>_h+@6sjF9p^>nuGuRma-ScjVtd
z_)wtV+z)bCG{p31?yxo^06Aa0kY`P7Vkk!q2L=f6#Kru^(K&}>j$6j^1S$kEzpUid
zMAKzA-ZmPKR~lgfMncpNTXP?|4KE1n4>ao{xH0hrsuGn9{Jrh+yL8XM1DwPg%W9j*
zKfJR&Z}Kym2NIrUD&8^}glKA1(4rt>RJj5?)DhYz06hW72w%#H%G;Y&oVhl_aGzd*
z`6*6}q3)0tH|`3hY9>XPiMFD+#L`d2HHX17<||Awq>vyILQCraR8b@-DOCjUkfWcc
z&yZ^S)GI>0xTRT2LNX!VWFpb}Cbgufaf(ZEVyO6oKq{6LG%D$YAIxd%-&sJ=MuB8<
z2*XkLNR5gTX(~1Hy88l9Ad^rq_EJ|^Ha?cvF50@p2w$u-@JiXsLBRBew=msHOEo&B
z=uA`kTe0L|_E0%u9#WeeWMO`i;rcT96?Vypaa;Fdj(<!qv#aEUuh4@0sY+s%f*i3p
z1JDeO(CzdDvF?XdA38S!Eye&2F5y%qOwLgPj0c_vaN^bLv9H@0WJL8ZW-}JXpdWUG
zGGWCima0}2vr&Gyc0fE_^TbpJ-@0E_W#L-u_Msb_0@nGxd(|C#d!}Y_CERhce9QK}
z&QksIDDuF$^^;p;tof1kwRv^UBPErK!^wR|XNP52s@Jk>i`Qn`k(Gn3&c=b2gApA{
zZTH~lI=>CSAo<xjav3E}TxS%T&i*53%|N+Lap~0lx%<3%TrGiBfusJBaW-S^%tBks
z)S+3nO?Nhdo_*0=i0OvF<&^%xp8mcBMZBVkq($q>Lc_$d7&#FmZ~4r*wR5eLmrgc(
zgj?Q(KBZ8F5}>Gm^PJmxg;qlcPv`WH+e?@I3NGSg^}_si{fJy9-*O9AyKhdcd&_)G
zMVop{JHnb`@(5?DMNA?``*NFh8!sjrqIp>&C)6P{!<BpM%F>akUiOs)5>Xz3fWAke
zf>6Qb9IBnj=1A-#<I}K>6UZ(-rhJEgvQC{4gzmFKVZ3bFPVAX8Zx3QE6UBtLLh8o2
zuD$}+lT>3X*zn=!g(W6R9p>eD_KN+)q~FlWh$NJVldVcWWosn@jJp$y;}7$GW7qc9
z*Je%NXiIy0%p&!CSpr`+sdWr_Aju|be~e941PP%`TjNl<iD~QokEuA5(gbhu*S?dH
z#4)MvAHoQ1hC!u3%Pa{mRvcK0A^A}<W_*rm{uITx1RUc(dgOV`8WkVmDN+&X&G}_+
z*du!+VmOguz%<!3-oVN~vuZ~y_*`)``5-bjeeFew!6X5?GD9~>un5*4gG<nO#}?`F
z<mmm{47L@Fzm64_b&5rR53qYbEP=-28dKC57%S4L@}t@>IT^g+xNgXN3B2JY=fv(o
zZpZ`%Q0da!Ow<%rY$idV9C~%LiRH;@YIJimlGS1e-+ir{Q8_p-q`w*v(7*Z(^yuo*
zs*)|$^&CN)QM0SmjYswA=AyM}T;9x+Wju3CfZS?_s2r0N?#hR#Q>YrgTsddJ2#JD=
zA{k0=fDEN|itNRZ3?*-isWFu@>l};>r8_?b+C%$t^%p*R*u9!J|17+O<9qs9xb_kX
z-`CAtUGgHNf{fS5ZAiX^cdtLASxGq*DZA;$XjJKWwh&A30vncy7B=@{eK!#<qX=S$
zI1*AjChn}zy~g^dh>i#c$uDA^N)x|&T(%gwc?+@_a)7aE+86Kb9w-PTkESQ~Z$Qp%
zHiglbaas&Uj;<0*BbWZoB+p&|WOmxC2opo@!Ifm3kHaF{Mz0P@vwB`cwm`lH2`L)w
zbMuO<MB+gpt(^)-6Siawi{u_1t%s4!L~$U%5rY0cP!W_t$*h`>B1((WHHusUb@~%I
zmc$>uy>f3$lUFYY07?-_>ibQDSN0d(pKeYVc0RM4^N<vnEXmM==CX6;2GXclaWkjL
zi8)V52#Ud2>4nM78tEp0KzTo%;Q$h;FUNrR9~?;;D^M;*TkRNj_93h3ugI9y+q-AW
zz3a9e_FW$YvuGem$YG8k$LD^M_RSRYz&*?_<en&)_C!+kHi$jYU`eb}UhWZElLx8M
zV<B~4`4WU-8`3QVg9`46ruFA+k-0=F|2dO&zf%7hg^TN^X%b)2VQLz6&!o`M>ek=d
z=mIy=4USX15Z!foDccw%Br3U{rRm-eu#6}R=kg2JKU?ALC8BZuT%bFPhdz;kemB43
z4;Do)r<}ruOION+#r;`aF3m<$gpH@*4>Gzxn`f`|d-msr1ig(h5njDUItoSdfD1ks
zaSjYgDv^__%6D4#A4FvA^kwA3c$0#{_z#(UR>FW0cBq_)ws+}h1F~11(I&ZPfb2!a
zmrDZ9Rwg5GmYBx48fu4fSSJ`t02ZpW{R`T<7MN$eYAQ7(lsm>Ny})WzpHiMsEXq$u
zi(my6f{=}~y}Ms`Q@U%Dksyp3ewihPWC57LO%P7Yv%P={b{}i9Zh4BUX*S~#UDu>7
zNEE4YT`cCnMSX-OLW8p50vBJ7O~bXu!3W!$_TnB+)G=lgd4>=G8@V-5%%YYsZ{$C~
z>H-tli>I;bUd<L%;l-el5I2{4BWA-YW?&XX6GIlXy80=GS=FpDk2(1ZB;8Z?qzZPt
zd~9m1-duB#TV}EFnT=MS$NW{0KIin^iM~fFGBG?itD;=VEu}d2=cFC0Z4LvZhy7h%
zJd2@(a&P#8r}c1r(gu6{?%l7lMtMcGtZ<S9w%6h45_VW<>Gm&J-15m3uLgp=I-;8R
zJ$Aj#A8ec4A*wS|X=yoxd6W`ZB7#ovHQ$kS6VkP;lHNB6eM_LNyvlY&6n|x87qG;p
znp_#h>N2&yG|c>nN6ym72^Uox0^I)){Mg70a9xj$zN1xYXC{$^<5Oby>t&wo(T81h
z8N`K1(}^|QK@?3>mP{u!o9swFcGoORzhbOR8<y;=c783xW;>SNN5Ibvu^CO2MM!1P
z%U9`gDP19kClZss=UCN7Q~}uNQ%?ucwkji3IchU-CRgp2<@b_B11cWFGqKmuO-Kt`
ze|N9kr#TVcmKBs&y;_-9j5nXLJW0*-BL&mQRFm5Gmj*ZON8g?HrN>o`^3Kz3dpX7!
z5gZS5ojWdvRLTu7G5-14TZ`W5BoNCpjM$()%WCQQXWGgGjna~h<+xEj#6eOUe?^WH
zn$W&zITYyjJ8eNfxYF*~HPaEl5Jh8oFDp(5x>f|i|1$g#%_nT%Nef=uuPx^&gCSYc
zv58zKn2l-Pz^uoO#4avx^w1;nH9T%Zjt61V3&PEwOg??VRxDzDD7v<0*n(=n4aTP<
zWcp{*rAU~$ufxe6CMtFgGr9GU1=Z~lG6Qw0g60pG+w^$(UCA1S#J*!)9f%|nt*}!w
zL3x$(uP+T_{g=Ir!|gIBJ3q0|Uf&#tseJcEUNQCP+_k|W7`ZT(HR<kMVEA025$PcC
zTS;3jbZGawaP+OvANTzCfm|^1j7AAHFdX$|X5JPBCwVl83?koK>r^uXuSEDdP_`4b
zS@!10T<zHH>}J{bw!<S@;LkZ>3EC}~Bx>y0N^}R@*R&nKS7Y6lHZ$}8X1$KV;gs>|
z-MX)#h*NNUlrv0zFlOq2NRoN(plg=Q82;2V0rYTU7@gwREl1D9CYi21Ha{jnc+j^G
z=9&GOel$!BFXdDjs7d00hxSJAkhpT*Z$HA?;Tc!mo)&Cps~mCV$k6iOWplPOr!X|#
z#RS141WVQD=t+rYqx+~%)asPG54H0nz-#VOdnl<yBJ;r85ldHd5L!HzKuD8Pqfk<U
zl2Az=kN3<JTre@eCeL`t9_6XryYMLS)Ur^@NKw+LDA4}BiHfG_a*Gxj`^Fj_aku@O
zm3&0Hk#+YKA+65$qk_d?Q2nn(7t(5oV4Z7vne$jvfbKJ&xxY+kNT`>9mfd^|+Ic6v
z9hyBzVJ#-%{)6kill6nCt;UayJTB4Oz&Z{JiMZIiB2oh_fts0~bJq%=p4?J@<f${L
znCdRUZhz$LI-((Ym+#?(D&MI)fln4=Nmp)~@uSPa*=2(w-y3^S@m9W?33fClPUwpH
z;Q#Wy0ocz&J}zDXu0gfUGol6&@~avE8&~gFz&-Ux(87X7!GY%+;56XemG<lQk+P+c
zadDsB)oJRRi<dlfT-_-q?e1Z<cQtZ)$~af3nQEqabGKzyKsqv_!B*NkDfWF-kCL}!
zGU;<!AX|^}HA0WleZ52Wp1VW#Lgk!Q$tc)O%B?wmxvm9nC%0!CC42TbSM54H_MD)8
zrpiN%>XM+?M=00-I-F4Q`oz-p`_^_svKG~Mr4bL`6Bt)t)=u`)hJ8_mihZ`v%*!EO
zLH5FZm!_V<@{?Ke(K!d=Q+Y59-{-1V^3TjlT%%Nm=Sq|Y2(cwqhO-sy8Z!-((Wjk8
z6yk$1sOQcUUDmn3hlhc7K7$FZuAYtH+i8%!FK*qpcm)1>NVQPEH53MIc;82Lx!KY5
zmv&Qm-#Za&Pi`D|-}jEiCzxEHy->Q|7wje`dEZ^}y6*R?CuDfL?yKJS;I<~BS_h&w
z4zc`M4ZQO4^ey89Sc&|r2JZ@Q$Ot~&&~xYlk6R{Z&Tg0rZ+>w;?}pxh5#)H!m-817
zCdzZ?4L;>sD)sat<XHX)APgOKd!{1z%0>2381yF~%!b=p+D-6N^%4v7Lx1EL+j-$s
z>rsK*DY=O&tZVhjXwV1?zz!8CykV9nT;3%i==s7S7v4-knN#n;_kpqf#`AMYb^!l<
zjv#qetK1_9`=rtD2kpB<?Q7?ee%owS_og4#&<TI#)+gX`O!vgx#z*At*9=(WfHe^B
zt5xsU^GKobm<r?TRj%07f;6BB<#YUq<+*t>tGjzFP0r@s^xu#;d@S94yu7t*Ri|mS
z3)#Ru(5d{5NnnrICx?eWA;;_c0{=W8^DvPru{&~LdpP3Vwj0%$glD}Q#Ro`YnhqjZ
z!J^{>{C+)$O*)U-?Eqbkm2Ek{@!-|v!)Qq!;NaD*9#rFnR|u<SGqS{mC(Z6x!tNXG
zqb5fY<iSIIma+|QL)4fKOZ&0|k@AMnu;ZVu7)>6LnnfXIMj5&U<BKeWNaQ22ydH@#
z33^MCcxwGX<p*OY0R1dY4n+LSiHZDcb>oogv#dcQfR|q?tnRkzD&E{69Y$BN>nzsg
z%V;Y$6a&vl7bxSjJFngbPLz5w8*}EN5R8DRX#jEVs#zJV5XMN*#j9H-Y9X0C-wwxH
zk+%h6<7&B(uNJmc_!}ow&8x0L*xvnGDZ|b2`bWvg8eoB%efsAJq?g$@b<VLGyV<-!
zaV*|sxNOIM>a5y9FW$v-MGyNQ${KJ6vqs_!^ac{ihX|6cni57@!M<0@6<IppWM~%8
z9AkA0vKkRm7JsRyfagJ4a5Uy?hYc70)@4_5Y8fEa)nP}Q9vNM$u5%PlXmEt2|BBp$
zi~LOwdq<$?W}cv|24{iU-vtO`t%av0P*l<_R*eQtEE}-S_k~R28gn^TG_z;<mG3A)
zm^DW{!&t3hejTI*%}e)<%`FWj@RV0J6INw1GO3(GQ5{?b*?fYLT0Cvu`zu)ehcmY;
z^@yYs2KsJc83wF{&=15H-dX;NS-p5kl3L+u90;Fp=-^6c!uDwp;@ptbpm+eYOb}Fv
za$(8^VP0Yg`!+f4dz_DinaDropP8bcP^Ves&i_VM{0}MYAABDtHwVZ66u-ItZ=rrN
z|5p6|&rrWFDf@px{k}wS&VTZo{}I7?{v+>}`Cmow|7)(_S5)qo`2BBX@c#n#`_e4`
zvkJ({!TjHW{S+td2Z@op?l630kx*I^+XOVF5(=dR@AEr8zQNmI(Ljd$=?^d<w4!_X
zma&$-hGo|&Q<_}rFda@P5DkzCi_*##!gf^7NWze!c+W02__c|O+x5}nnZ+lNQ9^Pr
zaDaKuxtd*!bMs?XgKCaOp#Q4z66{*T#(}%=Q4x7WXb=00-{oz<qG-JN+Ej|J_cHiU
z;ig_Ig!T_>9BK5>u=9`Da~NqAboh+(WR%5QgPQ4BBXomJ2s4}{aiv_%KDB{31r#FZ
zcjP}T`<#0!%jAC9`=g7;`Yi6zR4;4bLub0Hq+1LzL{J*I0SY!TF*Wx+AS0<>=>M)x
z{vT0&|6O7HTNV0$C-pJ^qb2{N2Y>0n|4TdmM;HFDGVp(t>%Yjr|M7GGOCQ9SK>eQ!
zfa|{{@bU0){|kWcklV^rWhMEzr*yc%)~5bY?)Ov34JK2AS)a@|xQzxU+Z%Zb^+{kf
zcnbyjnotJ3`MhjdL}HWlf^RVcj9e-S+}Bsd2KJ&vPQ9P-MRw~}8SLb8i6t;J22{*!
z(hO7W8Z#q`8U8!IcMdu4+X8O_8v@?y^sHB5>}lYH_}fYft0@}PpnW*sjPK=#h74r!
zt0bTKzj+vPclq7Z?QFfH1d@Ks6KwZ0y}rr+>rIJ9Y=<ILLHhgYnK7GB2_#<5t_qrX
z*I>^;o$N})*UFH+<(P7*lZ(_JZZ9?=euWI@JUaY))H6_NCg;ZL^PGRLjVRnCN2&ME
z6wm<lfVjes9Y1o!Up$06QV{U68~(lObv6Ls>0U!Als$;ZyO^Y`fP0iKiPkNWQY|wj
zCqMYFN9t|#E&OK1CKBc9WR8YjB;;7o*0%^G)X~$#`4hI!^yj|6#aJ}AfXE1t?GSL5
zgkdp+>;9+R;~RD<$H&NCF|l^%h7i?wcuzdRAgo<Kks4MH^utHA3%sUB8z4mC4P+Pm
z_YkVD@KFNK<BI3<O%TsC$0C@VAn8qy6t8*cUJ@NClJ$%br!>j{;q@aP24%ThDM%&c
zJGViexNbM1tgtsJxGW8c7k*EC{oU<Qrn|RYo0C7i1KyNRw_Ot0@&hb5>rhaCC-zXh
zvU~QPY%#D=Q+K)fqc}mDOAH<LKS{qa>6+}f^9XgP?DPwaJ2gI$-a@R#wuZgqD%`O5
z9<9gh=X(Z%AoaoBSX^OvhMWiMv^Q#08KtJFrUiV;&AJc;Gk(I|jt&L%(M;@i=VdQZ
zFj5?<zF~Cs7d>;FmlBOU8R;7YeMdvoC-I7Hk;B`n`SIDaopV+5aL&tTZ*8!#d}eE9
zuf1=n+iiUqgYe+iOqZgeu|`WbArlz|o2s3v8L~+qte=`tBezskrUrnRL7~Q?U_D8C
z7MYtptLLrGX~sA#VB?xqR=R3xK?D>?COImhYpv9nkylEhLW!3{W6glx<{b!)@7j<P
zNK21)k<UfZ8BuHv&;pp6HHTG9P2%8oPcbWXk{Fpi34$@i;iV;qjD-=7Fdo!h0o7<f
zXpV_rrOcbkr<TnFti^eL6<MP!l9DHD4zd-Qau|Kn*t1RBC8o%>k4oSb5G?N;J+x)f
zp}&f}b*C9zAJClrB@3u9m!6W16h7m{N4J>B&F#2LBK!$CIq$2UYtbmPCs4*W%vV}+
z6%TKwT;42B+x>E>8@<VttfP~qjMKb6$JeVcn#>SUM8BvrTrLy1tI6c+$T3W&q8j=t
zBP1MQlOk0+DZ=DJcjRqdu|(S<k09?QPeB=0Rj|#=k(k1X;cncKzY$6)Pmv>NnWBB|
zD)ZX^&B}2yzxB~wDqSE`7gb}G7Ls48zgMENc-ofb*QD!T22Mk5W}Y;osL+z#-!xG0
zB&2eWZNN5Y(WCv}b;<1%_VLa+x%+95)E3UMY_)=x!|U$%?Iq;mMx8TfL(xR{Qi-Cg
zdVH2fRo*oF4Qs~PthhtonVI8}Cu*Hc)PM<6SyXEV)xMs5S{3h~rn>TsSijnY6Z)x_
zb>`rk_nUa34tpbn7;%wV=4>W`F|*e|d<JN4e&^vVHZ{)08+haXAcm?m;1q63LzUd!
zQn5WxupeUyX{EH*6e_&88N>LI=`p}n9-)O?FR!Iapr$mB(#hXE-BM5qY_e}lB(yQJ
zeljvkg>k2j96rO(^XjK~>KZA}rlwKr(xJyf%OHGm4p-xmW2645huggtpEqa6nW-cY
z-dbMiq-!L4$xJ?@A2LZ9Rz(cU;%JMyOfqOSGO*c-LXg7E2zJ|Bmb-9%#7>*0!?9>a
zx)4vf{N%oM%o)9Rq72xga<|T7LmOF;ebj6owE^s+o!~Kzx*aJ?5J~KCj}0|}#i3cv
zowC7+IATrZ>^^CDt+uxjO2Xe_#Kn_Cnrz5|PjP8i|Ijdk1BP0G!ZjQtXULW}|LS6H
zSH>GWo@-vI+c;j`Q;lpcbcn=loqz-pa7YbosVkf|G;a(fw4|HXSBjI&AUG+<2@57X
z68eg5v3ru!defy#XP-{gnc`aLj-D0fea)nuaBAY1(j5Phg9F7g+dB7<M7VQ^c;6Z8
z5@JJW>pVj*o^wuvvV)A1T&M~t3YS8$F2_nhr*!b20AU_)gOxCBdqM}1kV!8@xyjiB
zvims~lC~s(aUW0v@kg_oK&@z`*U1a(Z6GZt@XG;`k)r!j`|~_^@cBjiQeL>d6dd64
zMG3CPIl|TY5`yBC7VL;F%EqV^_|iy7@VaZ>hK1*1xOuofdlGW@1McGphV_4JhG||c
z3pe)=Wf3|~je@_j<vvj&G&M}pt19PE)H0H+AGoBoZP1Fjl)X)WH3hC5E!5+bWr7jS
z*D27KUm<>Qgwia3sg7tqAhc<?5R+*>uD|~1|L$yUfZV}biU;AtuWZ7vRW3pC%~mNb
zd*~9$C(BCNIFetmR!QQo{Z=TdFyI}eprjzAz<4&!BfwKlrRUuMQLE=Eo;PQ2Q&rx&
zl!TKvB4iEEG4kpy8UvE+-kIOi(=joyAEwC~0f<pd5Yga!yMp_p@gm#sGU(ZDwZ$~n
zZ%zg?M5K82*E4sIFZOK@<u;g)IUOP5DVf%He=3v|+o|ej5d5~`#55;%^y$d3gnTV?
z3VMa=FvS`r7|mE?k#@&se1GZLOBW+o?xl0*5Gt#d$N)uAX9#asB|PpVaVv@*9UFGO
zU~B!HA^GB3hMi99EJXH<a2y<4xSRCct=R|$hq3&WwQ{D_uA22^!@BXCwf##2={YKf
z#l#+Clb_4AhP-^w8v-Z-fRUj(H%;)@{Ls#l-zwU9^?HY!XTW5zj;;kEkKBlSZ`x9K
z2L8(s{`S_1w9EF#wSbRA>0YWwcPx{$;qa(=bmHiQt=nRG5&$AhT#0%$3Mg;1SHJbP
z8Dc1f#c`1JlfR7Q$ud0rqnu=v-BelB7ME1R6blY5>c{TVDiCCuJh-xkv>B75-%`q-
zW}Gg&`<V^+<T8A*)|h(}`BOoE$c~eo(HSe*EgmWu(I-Pb(}dkxtxLOb_vPJ{t*4Xc
zo-$h=hBl^RGP`8%2TY>8%g4`j*^D_To>30^!6t-Tmj|Y`dX{MVxsg{~KAVIyS_(NQ
zyOQRXk`@WQ!j@ZF6?ONRZuM$XAA6oWqMq8DvE$;3Tx|nbOFIhV($zvDBCCx)Gk&bN
z?_6*C*~JZ{ALF_iy(2?VkzwfP#01^?r*-D#Y|IHS=G8ru)k|~@otv;{zj@eDrVa|y
zT~)X|rZ_}#rWCugvgzd$=-=mYeOjE;-J~H|PHiqKBlhwgh77zOm!6H3?=Rj`_iJ;a
zHs`z;eRZIo#@3!);(7y)s7!~+dc7{cKk2Sx<ZeA69--J&q)Fsr_6HVjrUCQEXRSHP
z>nu@nGc!8d0t4rZF5ENk*Y6jjqg@FaWWU&x&<{~L)K$8EWHJR8#Fd6}x2C)K6T0>I
zABB>%F5=Y`GQ}f;;-zxXe>Qc{UXY%NrgFl2?-=|zr6*Ny2^6Bg-z3972-aMu%zq$V
z=Lifuxe4U8fB*jbZBKREvfmc{E-lilO06mkwk%kOK;BGm3js5#o|uYjB}YAeS@Ey$
z;0vVuicphpHbAAk_QFj^Ob@Z(72hv*#CH13Df1!Ya20vD+deCY{Ty2^rdn2>eR1V@
z-PUvY08CQ>dE1zo5k3xsbPZSi1)GtfDmj=T$wYNQpXRq^qbV}sq2_T_*`dRq7;3c-
zB!$fvyZ7Fv-%VCK%Tqs}1DIYGqAYrIH&TGfxwVYQZ1$@+%L#w@Ix^l6(^THFLyrRP
zecxJ2drA*l8M19XV4pVs4l{ja2N2aTA0L(eITQ89@K3h8a=2XYCDYP)se0r~aS6HM
zR>62CVyNEcq43g=xSlsvmL34mv+&fCd(e&N0Z)>|qCDAH$#hz6w;FD$IHz;x&MI(?
zNz_S!UC($EY(z|jf5V;X(4QRlH|0ZRPh69%m(pp{%gbqS<x-?a?<lLiGw~$dt*wtZ
zJ!o@{@p0UEWQWWFgd?WgE_P<NoOsa>|6g%$0ajJBHIAc5r<8O`*Ezr`N+hL3Qb44;
z;}C+<4H6Qf2uO<3paKHYDM(2vA>ESF@!JP|->bauz2Cj}`+v`0pTpT_?U_BRX6-dI
zYi8j+4IL)W;o)F~rwa1!kRwZV_QpRn5&LkahE9OVd=e<5h(DxD#d%FJaPOx1Y;^6-
zR?wd&uReTW@4<dN^mHzumdcBbRG2oq1DT+e{PdMtUYUUMB4&2DpyQZ*fPV5T_1;T#
zg0Xg`7M+mf(XZb(Ju0TOdlLo+FAt6&?!PFTDhtU!*{dR&rIy!q3(q(%?0PHgEwQ`T
zJ_4`x?4GADIC+smwJB;Tk>)JnyBei=vDGYBT}_FK4cyHvQFNzxfxyPqpV4tq;d&4C
z!wAnY*$1_sU(87q+>Wr;&%9;xrh~p5DuPh3N}l^@MiN^pFy~Y=*<qLva{J@x?bbfi
zOp2k>B0LC{mct0rp+7rnBK7|4l$i9^-iO)`$G*F6MB{HmtF<)BOopyaAomj8yHi=;
zOdJdlRhL*Sxe<<uhwW#V;2ZKFOT+f)?0V*{x2avcJ<T6~i7A}d<XUjfD`geL=`Vr8
z_H7CyA#?gn^n|PyPj-3a+N&jBRF1yC9J}DwB4<#w?wWB@zdPO$T3c|u^s#0D5sgv)
zWtymFfBH&WFqR5K7vjO1VDGGtbQ&hf6|xuP1n@7xbOe~fU;6szE$-ACmkqWhtA(nS
z-Dow}bHgkUBa3mtn5n-=!p8`o<D-a~IYhTnJqYq!Y~r6-CKQp377?4+++7df@AbV(
zxKQkM)xv*fx;Vlou(5C}jFQGJJb0v4+^g|~#jCQw=U(K)suX%!_jH+2q17?kPP?EC
zbX=#;1y=+F2VNn4k3==~Rh{0|Sy=FYb9yn)|FNj8)w`{GaO<U*efH-pK8-DF@v5pM
zc(}YK_;N(p`=n>wY-(V6lGp}9k3fC+>D%Hx%P&9<Ipxr8n-K41vLOn?<bEk_J$aCT
zE~_hRa9CW_3>onW(MHp3+EMy8sk(<P^7h1b^!tr=uhX6WQ5AeCbpC`<q2rlj)8lFO
zwS&ICsGPwZvo{#zA*Yk|nf<$bZiV9}oL6|WiO@ufkg0Wvtx?-{{RP!cIPDXg-qk0B
zt)pvFVFpuo9w#eTR5BbSrFy#F7Zd7Mzdv+zko)3V50_8;UiOrGPu)O3f(R}Rv3=8*
zSD}(znFE=fnA#ou=C5VlP6;s`yNtB-9D^y_vG0)>EJZsOITdZd*1;#5&1%gTSlJJY
zLOiL_BczF-!;z$Iox9T_;<FSn;H1L`P67GX(}bHs^RqE(@wZ}#jHtAHsd7xU!yMWs
z;*H2tYe)t1gOevC@n1+#SS1({n8rL5c&6Zgm9bG*yQxO>l-rHf{d#b}5yByH62EP}
zs+TmQhjE9aRw@{WjHA>nDZsW_fNIX@$rKxvRvm8hwYFjs3eKAy#kecsF2IwcLGJQ!
z425`L79TxA14H0h$Fb4?@a)|Ftae9g+riguj>0QFq8yD>#XOKVtQBIEc;hR(Vd5&C
zES^%6HL+iJB$RkI62o_1Epe6bl6@ARx{@pv>&P(`h9PB=@Um+te56@lsAQ0o`^uNr
z>V%YfCLcAem90pbWJwnB60tcd9M2)?niFu^HD;~QA?&*W;dt@TJr-4k^4nUPnxBiX
z)hcnh9+TZMWTGS&Gv=Av*q0NFO)<9Ivp#JK_3;8xZ^^|_(vo6v9db3>t8`wYAQdwa
zFY(bYvGIT}d>70ZVhFo;3r>dj{7|HYr9PK`A-hV3dp=V)Ci{JoPXmA9R+I6GrDc9Q
zX>(0a86@_rWv<>R9kwU>l)Z|^_I_sls!1E|XKwuh7UrRVlE{ZaY&|o9wY10dQG1zw
zUx(em3UOrL<@_5<aljPoO_np6C)!sRzDGu`G<!w`tGZ(2RftgH^^A$J$Z^N%8|nsw
z%Zwd`XmON5yIdLLp%d4F4?XUurhmNw3Wi=x4Q-8RZ-~UGQBB0}^rPH~)P%RPq!%-!
z94XzIC%=y5e$r-XY1+VG)@R~f%ddbp*+?vR3kODz6Xe!+D_H6>vil022G6=XT!=zy
zAZB4>A7rki(Iz6UpcqIM)rFYfkd<u1i}o<KG!xRL3T<v6fPVQlR>dvmtXZucukhOT
zP)Og_VVM6hvt&VJ6w-LM)pDRk$I6QM!D@=}ZOX0w@Q-1o5|!|ww1I?yO^T!zLpVi2
zB&HmfRP5^8!oi!CevG!QBEh>|@S6LKQ>)iU17fa7!kc#_1LZMdxFm7Z6rJ8kk!wuz
zO429<#a#10V7|FY+z~R;-?$QNh|je_SGK>VTgLK<+p8qe>M_fws001iJz<_wZFeni
z2Z}efFybnQMuWQC=8mxyJd6mOt8)c|X<u<poia{Mlx#2RZ8)sF_Op_npIu#WBKPLH
z{4TW_;YGf+L!n#sp6L49YXwS?PL@iU6|#oxeUhM~m;0ouAG=@C$wZ|YiJK>Urk4m4
zXB+4evifLjTMlL$@JXSoa%?r4EAsKndOVU-a+NoPn6PbR;=*+PiE4b7r%Q>9(|m2=
zz;~~g(f45WJ9@1PWYGfpq*JPhLer0f#mBOjGb@K5ruIBQ$KNTwe~<)SZ3pYPU{`4z
zeR?3RGsH4vhJTGIUfEOLwPW@^QJF>jsz|U`D0a82T6{B=sq3AEpf-UyqkWaZ`(%}1
zwq-Lhfd<j6c^9&+xKY;|;(k>l_Xs;%qc#&+^Gk0#$F3wARa(f%60p!3zwb6H^4APJ
zShLVqZEKusB({z$e(=cqlD3M6w#>0}kV)s4N}m0h+}sc&*_UYS%b3FCN6u{50{XMI
z-ciJj=nluKy4ka7j~5Qpn~Wb&@(QKta6y>Y;v+o*l?zg~G^xz*CU&Mq>*Vdx?9-W7
zhP77(C&`H)U0r^*l1sc4RrZQiMYS}<#3unk^ugiAARbG|w}fr8_>^$8<tmWSSDKdu
zHJND&gAee!!*7doCX{x+J$*y}ox4+@VqHUe?g5nygUGDlHK@;E%av!JD;2gUXBJJ>
znR#|q@}40!sPVS*^+c}aIn^%NWZZBwA>N?eV()O)X*V8@I^r8mC!M&;v~hX7d7ZoB
z;~R5dp^Hr4K@wUYY)G9XD6mZl3NIGIBnhk}Jn0JCLP9q7FOSofG;*mud}jUW^`veP
z{O$*N&a1b|$QEIY`u^L-dJ$&T*c+01cxIytiJ*N}0sY|ndg;lz8^@z9sjZ<6PAmwR
z;>~W7V;-CblC)_t?TVN9h+7Y5Qp#l}cO8mI#)Tb7#zkutJWK|b(QEHE69K1U6}c3V
zde^;`Rdn_}sZK>_9w)5cZ`!)r$~41k{otVr_BC%NCXE`2R2xBD75DwX7nr0CFXKie
z7pRQQJ<UU&gif#?us5;Os;mdFH?p&<Y`&ZR66GRzq%cX=?tGQL9Ivl8&`_k;BV+lJ
z&o0gsTvg*U7i}4xji}pRlB9biJj%?poZkDHXs~fK?Oi_FRX&pU-nrU)pVK8L^E?{U
z>!n6#(j!7D8tHJZyQeuayg000zxQq2D?E_jJN-t*;Ya34zG~P02BC60VWAoaVQ|61
zQ?{tZ&SzR<DKk6JD#tx&sgDqolJPB4OCQ=b%5l|dJ1?4Dx7Atqpi4}nIi!+y7?R@c
zbZvR<bhn1q(YZACcQ`odSXr>|-7<1azB?S8S8f*@1KS=aW+$XlF36VpF10FkGzcv#
zHdB`zu6`*y{K?#X8&{_Z9%BU~<N(j&id-X}3X5`>soEp1jlMm;#<sh{c=y4V1Gt=l
z{Jp%)B10T;0hc@OJKk@14f!Yf-`rSe5h==h9pU1RQB|RS_3)A~;zS5szuGjT-RN4x
zPE;5-C{`O~FqFuOG_I!enE1qo9p=^-b-h4_>~kCQR#uE1jDRxKUczCB!10m@UU6=d
z<LI-Hh;dcFyyrHb?D|*xIg!H2g^E}D#tOWo9{0SYiQQqRW4PFdVJeW!(a!1It>j~%
zqtnXino%yL=I-#Q?ZV6AXmL6*8rFdeIG9j-=PqLB$A>$MR+hS>Oe2SSeP4~;LuRDv
zuKUSf+K#X&O>d`rC}T2hwkcz5W>z8~!9npbQRZ?4Gwnl?XTeILAak;y4oVhzDPs*N
zF)#WnIA7Vzuq=tl27DPC%c#XirIcl`o8O;kQyGbRrfZXRQ0Q&aSDvEtt8`KS-D=4n
zdrE-}KCpkRs{OlLN|k=Bswr6+n>iaHtsLytfpl4C+e+n;Mz&Taz;c?ck%bGegYMUb
zH6a)bl`RX(2o{6@e?S6=f3dCxg5dI_vUHi*BN=%Gz+hZ{DI>=lW>yxK$g`?{zpi$+
zi1Pcg%3rsa3LyT+b+y<JsO_aPyC=B({W4A5S04h~OG&O$Jjl&rK--bvB{!k6sGk@T
zym{v(UeA*!UUECG8jyKe?khDTI<LR(J%9bWxD&?hy9?s#dK9n7I$D!an<U)Gyk<Al
zT>ojoh!2;d=5S<cr31!}*j=y7xXoS9CAQfmH*oN-hH49g)Uwq?D^aiE>#nH#Ty`=e
z^U&K^@BGns-xIIZyF%*JU&T3+ffcot*z4RpFKIP7wMV?;qq5w0NSvwfBbq8J(|_t=
zMZ5N>&qbkng2}=!x=myX{rgr=QS7cCe_Kf1>v^za(EY17O=d`)ZXS`j<+N$`%(u<g
zQEjqX<{DsqTu|HXpZ*RyO&hML&{<~5l*`Bmv1U*1(skMP$V|Z2WTPzpPNV+A?VtaK
z3jOU892n4xpV_itz$Q?b0I;VR3}O@jbW2cB@a!7(8v<w;3WoYXf%RNLIN}V3g8#ga
z`#0-!f7z}HR6n<08QAN2ew_~fKX2C*f(gKX-L5(2dGEfu+2H!tsFzC_)TTd2*~%XK
z?sG4x5ou39D8&agU0eceJ4<zH+vJ`sTVXW`jE+~&BmI3vm=(eW$Yk;tmP65(Dk8U{
z@FKr-Rx`rw1-WV-bZ^bPB|{#0*RJgze`l@PO|=l27q#&ESgD*<Fcyu>MK8IL@30Y6
zJ?+eWS@Ol@hPi|6%jqQvF6j3OndTN-dNL9ZqsO;-B}buw@!fpZ`oN*X_r5{`k*wIP
zX*QdO)cPU_Fjjh`k*|pcDRN~=tWN5X&63E*I*jKuc`}CjGhL6pHR0f)aN4_dwAZIM
zKl8qyP0!Zjjkslw@j6J$AYuZRSwsApDeyJ7WWA#)g~DTEX9LFRbg0k5RMgrMG4)HS
z8zm$Mp!@AupOe__f@jI9)v^aIU7b7wdQIOp-618hlW*UNXL?CkkN5=P;T2<X*$d5I
zc{W;o<S)5>Iwa?$>qLDls~Vo48#P{Z;5dCtR5$n*LoEB~p|we|klfR)Q{dErl?@)x
z3v?2PJvL}#Ohg58<>_*&-J1Od(l2`AEJ=l<+|s)&XMCi+@YhEb(&=({uBo>ksuJ_c
zMWc<q@m;(38qM99Vjvw`_u)G~H;kd?8Xjet`3<9O0j<nCjubBZ>yG>f5*rrZYSNgh
zX;$T6jmI3L?y-b(Hb|J@g*O7xrP-F~E5%VyaL4%3R~Hv9ixTmo5#ga-!G4~T=a^jv
z%Wz$w@coPx%`vF=P4e@52ft|oOKwLJ3B?{!4Nf8k^E$;I^T7*M_o(U8AJ7~QZK@PA
z&A~I5YKX=#Cal)&BnUhppCfh@mHX^p<2{~Id#!x%evQF0J0t!{F!I3_^4gjs0&5xd
zUdfs3KBwJ%@%thV@gJ)nzBl)l^yIr>mE|sBvl)^S5?Lcv|1@#;0qcOgCaATJm4jZB
zR;xNv>$$EsWGHZ|^4hHkFF9QduOqaTDMSnni9-@>=#IKr-YaMG=E%kVoWu!u_6nwo
zRr`!QY4a4$P;{;R=rA}_j+}gEes<2(!aVB*feV4Fu<Zt0=5>Y_1Hj6ketikP?1&`U
zP=f4;Q2oqCrNZ6!rO#~BKMiU;io3hC`AG&NjW`JF@i#8+%)5LB8o8tyi|gwION9~P
zpt6mpPmFDI;2=_(pbbk=rb&_v3k5w%SgJ@F=GQJ(z9Qn|M-BZPo!R}ev_j8rYG1Ep
z9>vX8?e5F@*eCq;vbz-|?rz-i(`UAyvU@M)VsJcN#C4tQ#7VlSWWHFzhxu{}TW8qn
zWf7AuxGd*&(>J82OX&;g?}a47fo$sWs@~2T@~XHO8iYS{AkB7>_Dj%=AXlAtn70Gg
za-MQ52fRtKwX&Fhm&?g5JgP}T_kL55W@VJ2%Pk>ZwhVi4v*UvB?Cl#<xy)S)B*L{)
z#dJfDuM~dUXcxQxbVEeCjzbU;&TaE-#$?wwUqnQVufAVrXmR=5vi1T=WZ_4?ltMub
z+$mXdh;K&KTIIu?T#GoEb-qo*boJ(-Si-F8ht7KtRkkh`q5bDrC*gNLg56$N8QyI6
zp_XN&ASS#qym-}kc$haMs3+8|Ge7JN#_Jw$%CLJn;~eU8vYrQW`2(g|nLeh5_fqhX
zcl0&;sb>3fgenxSPtiQ+jS4cn8xdx#*OGhURn<RW1;sJhszw%~=_y-bW2?#tW8-KM
z=%cwwB_gS<q)s2KY-H16XC-$wXkU5G<e_jk+jVoIkBx?rSfa;F2P~DONlLDWM*N_(
zMWJeQ%P^>jkc@&Oy(4n2QnJ@$DC@#1$y)_<O$aiqnuq!tB7A9SR<pNSZRxh8mBn58
zNDTiEkg_>S=iQWLYG9GgNs4hdF{T|SuD+vBQN)ItIx|Yx3w`fy<}DL<Ss8xI;pJBw
zUST7Cfx&5I>eK6Lcb;gf>(6qfA<E4oJ8#(fKA-MWD7rrVs-(5Y_kygZ6<2z2Ntu3<
zWguZay01;2M}=I16<0+hqvK~qeD^+&bj&ZRr?!SH!g?IvAGdAYIONL0HNF}5;h<zA
z3&(@)@kolk#Y$XUS6wk9X)rk#^QY1iCTw-k^NWYi^kl0-dF+}Nf~X%)%(_BwR7)~~
zS009jDCkgNCRFC<>D+#UiG$Y^_zW~U!PpS#S-KJsL{sDU7VD|m5WdPH1BI|=;pVHG
z{-dlc(slds9L#JyQQ#3P9!A1d|6y**`s|ld?rvesPIEa<m%?lmq+aB`G8auD*qDLs
zBm^c>B}{MX#5tETy;fdwp8PIYC0+gA+P(|SGIM{~Vu02hBv@(xsN9A!a)6ffYtQo<
z{6*H3ET$ODdJP-`@)U<_Y|Njo%OO5r|MGo|vR7Qwhe7uHm{NW>B}@EGoUl;8%Y0Dg
zo$k5kD&)({&mU~}2ZgptKa|u6vsP_w0`KrCy(5(Bc8SS+1@@E;nJ%uu)6(qwW<T1S
zO|e=+MF*0KbgFoNfV;R<3F%%S=E-zt6bidvr)R7D+!n5-5QJ&WQSO;6yj<Nha_eF)
z=7}R&6`Su<JyPGx`d0=jj^Z+OhpzS+C>=zY9E&dA_79u7g#STAVwYT1iN{d?A*r6)
z4RNzIA#Zu1*`VirR!5>(Np~<_oLJ8>Yg|@{=UVc}GQFIq#(je%)tzlEvOTgj3R0>3
z&HsLRyOnVY+dNmI4sX5MoN>_;tJo>|3{0w#<5AjgXj8qe8Ffs-axv8=O-_*+Nkp4@
z9*I}F1_e?fzL%d@?|-Y#-?!fyUfvr0cKs@k%<!w0LF~iD+1BC8PFIU{sa-{PMfWi|
zHOQxtU5v+<_7yKuhqr`Dk?b?wD1xnH4uK*xqctRhZs!S<wv+2Ou{}3-rzmZ<Z$>BM
zh!qlZBQR5vwJ?$dvU<OpCcRr(f!)epfhR})P|2NOb_4^1sKDd+l78*f<i+57iPzdT
zYJBdx&5tDyj+NQ(_xtG*mpr6`cun3sT31PAm!)FXso0;sR=w4HSX6!C{&=su-<D%P
zlaz|AV3RG4q*Jv(yRm9Z$qpIKtM$*e)S11ylMrf%ZO|@{Pnd<UN9PuGgWLGge&8Zc
z9M!`&v-RlgYU3s(;Z6u))$xFlyOvO$ja&MQrt4W)Fy7Az)$E5yjaRZ5KBk@ODpa|Y
z`*SMRpB{|Sj9Vef$D{g7sBB844y1)`8XXwk5k0<KDbCV0$>v1Pak;XG(&@%4`E0c>
zG1LT#WuLjL+458^ZjDe`1U)u6nAOFPzVOmt&kvmGVj0X`Z|(d<*1STUD$na8=A1T{
z3is^O<g2`=?{(|xCW(x0){}ob=*nYHyHn{lpW;65(yCx?xwbs^O6<|?dV0#{%4Iu0
z-Ni@Si|qUl);GM0-ruxaq004oBvA;BXJ;c}i&ZATNaqw!&0B9le{9VW7mgQk-K|Y5
zw95bf3(gkVYc65mRKH1nO|ZibbQnA2@j>fQ4kkF-dWqiI`@NiDWT5Ivfu~U*v)4+b
zV0YR|7y4%#i5DimZUWXM>eDfg=6N?b##2d34NbwiOFT@9A=#}Bc{+;j2GJbD>K}M0
zlDn`wZW=<!^+TK!obw)OhJ&7Kl*(o-@aXim5qK8f1^I+^mUX^v4)tx9Hshm@VO&UY
zB9O5GZLO~HWo=W6Bz_xtf9yBMn?vgKL0@O%E`zaJ2|bb6YpHAe>m67OX*#1Bd0ur9
z7`jU7^3Uf9UOUrrf9|pt%N(Lq)_vGws@#(|fScLkOZHXNO+)E!t0;6WoUAJzd~2&G
zlDR=1++zPM22TCWGcsgMJ1JGf#N@pWb#H*?R(#_|E@>a-T0|f1s<8Ls(nY?a-M22l
zCiwjqx4Y9S*z_aG>5e!2Z-ek{zJfv`(r0vK^z9@%eI?={wZxJwZ+eZ9vDBj!8O?g3
z6lvo=41`mIhuIhwp~?;k))g9sv<OxDr<~?aJjqtnPjj_Il%kF<RxybeG$d0xe6qOh
z0rBKk)AGRJOEZB-t<YN%G!c5z&|WjvhYN|BAi0LiU$(h6lQKPvq=kGYFsJCgV_L-?
z$7X2Wd(zK2mct4=PUiIR+|QFUK-A1^&}ub{wbw3JyRQZ(d^0!rZXK=BUn%_ZKHK|m
zGa1cEL6jz~pMCjV^XxzQeJJuiKpf5~GSqmu&8LTd&ICX3CO9#~NPe9$X<VH;pP*nP
znK5o`#8pF)Ian7Us5gyQx9`i4Wl`Zbi4$1`iY*JKroaDP$Ez>y373q~*y<bQhbuLS
zMQM-Wb3rd1KDh@=`Z1I8K7Prdbm6IPD8&=w>L){fxOVc^QbD)vOqp_Gd$?PRxTPO<
zO1yr@#i+Eu_@VYRZ+C4%|GrV<gQ~Z7U*5Xo#o_AvP!OT#DKyFVo!&60KK+(9aqlqT
zTD^Dl1v{)^2esN$lVs%-TbNG4*VDm3cpfg5_sD4pC&lQjVYlh6g6u0#96vOC(VFm*
zCPX8p*LT`ewbyf){YKvVKxuDNy@ZnZ>4fXkeG{cQ;xKqVN6>LJxw=Org7qqi^&7q@
zbxzGU`q@tgnC*C<NpQ>!qgS`tE7N_k3Nrb$#N&UsykfaXE_$-bDXQ-&qx$afg@fDL
z+!P1z5jpk|`ZJ6Q5*Y%#KyvK0r*flA!7)vcavUF5dJFlr3l3UIeaf?fw>z8LY<tS8
zCGluW6z)7yc#`#+z09*l>q)$+Iwyg-UDXaDZ>FZ9G*2@@+CCfX-rSQyx8tUg<3yDk
z?}qVNmyO3L%3MEL0&zYuaOaEYXou5_1tx+!r;`hl`ycT?yn8%|9mbUs^<8e`u*hNM
zn1OgXps$vFg(hfM(dA;-OBWjpcJP}|Il>Y}%k??I{zcHxX=i--c5_YHV8*L7!$%ig
z=9G#?@)f~XG2%Y5-BnmpRI?n(%8HK<#B~T)oqx5?)uU7-ncf%Mh?B9D@EjMMU_0AE
z#l_87;P^TL>v%WW4{V2A8NF?ulrp0is&WIpsD_^VJH9p-jCVxGS*lSqHEsBfdAIn{
zQc!bjw(`^IN{?on7qZ(Y+4gd?VcF%0o&g;(U}D{py{|PM@BORn?L4#|;t+YgSL`TA
zYM(&*us%!M|DKRQ&=f@<B1ROj7ax@q!4hBH_~=;{db5rPA4`9_q9JLp#MPUGtb)2w
z1fu>%6fqoX=`GPnGD4$#x#fiC`g0MMUU^?-GyH&0<}<l|0hiuR*S*AttuQ!LZ@hOY
znuUp!c&8g2>?XckOAUXYaunmXU%K|nUUz4GP(crQnm#~7S7sr~`SHe650hf+LlgJ>
zaQ-T%`MuIha&y}|+M>g_(D{&ON)M-cJbKdy7C~T*pz-Ge8u#AZz)06Llc2@p>(Iq|
zmT^r&59g&-sT3JPFnm;Nj$v=`1IxNepW<Hfkp7oaGrZ(?v#Y78Nknh`R;nf9WH>Vj
zX|D`_C9@?VrjK7DpJ8tp`P4!|_x{MddTKO!lgcAwje7^HnP)vgHREo&mf*%laG-P?
z;pVeT<dFdoqr_%RX3My$i6E?xW{)!7@!C(-2xT>`<hCKF>MCa8T$&n(-|p{)wbFZr
zidA5+D;n4?KI}{qMoN7Prt2K1JiZxo6R~bDWe-MNFiAC<dh`gw1`i1xl~BOJMQ4jW
zd>m?mJ<7<WldhF<ON`z>MJs1UXHl-Rc6+F_RW6IZ%SKnvx4R6Bzx$&2qmQ(a>SNhG
zv(T;~+jP<Ri`lNk>_V1VN%-U4g4P5dEGbj8x+q`W)4N#7(ICXunPwmg$BJP=!yfdL
z$E-V=6tiks*0!Kt?5Nv#QP<j>@ogu&Q(nP>riZF1DMGDIAo!{jMZSt^%kp$cR!cJw
zb5lH&)zr>`SivyD$4z`&%`Fl&Kqo`GzJOCPAtkT-#PH#Kf@eNbx17BCp2u3w$Edem
zPGcKaRNez=Bt<5Mmrcj59QG|gyqb3L|KL;Bg#5ZI*1JCcfnfwPYu|At3^rRgg#B9M
zSrWL@cCIWWD~D^p$*8f-Dls9&2>L|XsOW-d1SDB!K8EQg`}(3r=~D4+4SRKgnH};h
z7X@fo&Wd8;B{~wPgA^A>NjZDQ>s#6*av^4sHyt1Ovs|&5WPZeYWE(Q5(V1XyGNbZ<
zW24e&xY&EBdhC5mP+7Uwc!}GH+gR+LPs;t>qf`Qs=&85!H`7Gz4>sPC&qm0u(SJcU
zPML8B9K5(Ge!5p`iEAN@?=^nmoi_e_Vyfw$lQ6waag-TlfNFb)ylL<H*9wnfz8f6b
zd`~&#C}0)r-Id|EArILI*U`kEvZd6zU};6&$3OgL?Day<E&t`I)zaOod@<#tot!c_
z1>AC>6ftC1Z#x>BcyQ1swblntiB`5yVP9gTf@^C}o!%9(Evoh;aWIcQ@i_YQa`+yc
zuC{r+B@oTxQLYpZ7W<IPxM(E!Qyds};gZZv?$nPn)8#v>EE_K`Bge4c4f?lAy*JL<
zSCGumHCWbk$<H4ApzF<Pa6QH>`NqjZ?M(GhGd{h{?INF3H2aqCCwO@`<%<-HRx8&g
z={iaKn5?kun_SkF^w`C?=nV5~=Cg~k@rEh3_D!<vFQi4w?He<<YV&MR+f@%fB`zxA
zVse;@mkrEqjH~l@)x=0=)5mEJj|ses4(Tjmv4*Z+^Qgb9Tg`D(k-KPFl%-&`Ynfl)
zckbfzk&EJmtg1TMKytgJY3;08a@=6EH}Bxtn47i<4RtNnZ0=K<Ew~om`HpHPkEyE`
z84g3YGqxM#t8e3;(pyYlevt+82KE6dB-zUHcQr=ucz-#Bj;y6f9I|<`nMUB0OiN^D
zV_i5HxemIqd;2EZ+%wwa?x|hI9hYA1(N`g}1TpNU&()kPC1o)stwUG_(83H~3A<E8
zl%XxnTnfP8x-OSb7N|$O`NXF0`c#npRPgQFL187~2{TQfPL<FvTJT_yHdCpr@2+?D
z<Sas5c$CbGJ*}os{KMjMz$z0yirp+VM2|e3G`**f-UT<i5S?7sxNv;98^BeEIoX(k
zIicP_rNbK4BfzsqU3BXu{8DPG6J`yGpl;4!UcdGHE5}M)Db^<EHYIX&FlA{8cWmz^
zO*tMiDP?mu=$dIteuQP4?}aI$lo|_YwSV?$%f$C@g9+c79K?eh;s!YseD0@;JlZIn
zX`blw*=ZVA_jMR%!sC>VXfA=;0I9qAnuUe<_(ICfeP2|_`O_p(qAwd#Wj5sWW<9(?
zb9pBxyM!$+K-v*{ZG{!QzI2;{cz=`_ecph)y(r9Q(J}lXAM*%KtUFgC`gp>DL@_=e
zx#+c{)wuU!<$;4(1_o7=NEZvsuEOY{f_G+8^94yRtK-$)Lm#Wk9U8f-PPcbl@}jj7
zhyCe6ht}0zM~bO8zvkcFtNQxr?ci61mnQp55ABwr?vIWqa1Yb2n@BOY873y-A(9YU
zy;=C+;o|zaVz3jmH)iIBaej<Tsr4JC6-{oP<!&fJm9n@?cHj#yI+5H>C&^jCTwH|!
z%GR#E$z+H3HK7OIdz%Y$A@o%?hwp1dvYu{rHum-R@##fdOzwLWZWnJ;(ua?TUwy#%
zfa}=zyO;Og1>;FuD?%^4J#AWQE@~lNUa|^9CC>m%CpQEEwMHRzS6CrZlKPc;Fqm!u
z(Yv+B!k@N)s7uP`&whk=Wqs?G{nPc{BEB1OR`~^JN2|wsZ>R~9UXn2Rrya8%MfO2D
zfZUt6)Sr&*$a#6{kJO$fq&{Xap31IOgz4?E1Do=V=)5P>4CK{c@*Bi#$@0F_r}c+0
zs#8Q^LHeADlPR+?xl1~p`+nxyk$qv1bDNp$0qcdg(FtF3Z(+ouxt1e$SG&a{u6f8k
z^`EGl;EDGS?|=M2=~?_x6{#iPg$Mi?57-%NwQU8c(+%G;rSSCzZ_A3A+!Fbu^h}b$
zU>Wjcn|5mJUaZAsgZj1U%p=4Jcj{1yXpvT#BT~C3fy4x-tNpO+?vAn!ut}9*nyfD3
znSYS^SA6<i(@&>u!!^4%Lb4gMx~XUib>CcD^^;K%$CYbmUF-|4VpB+7H`Z%L%HJh@
zoS$&@Yl>+IJ5#Xbt@Na(4tbi)-lb3YA~B^;isVN)*n^x~5@X=jLZ-Ga^b_J=6fbae
zbheP*<W%4<dUo6=W-~0}*CHih!c<^4ADYPslg*dSl+Ne7c_E=dD)xmTz9YBRCoU~c
zLe7s|@q}6zSUKmcYm#KFb3MC;4w@d-ukkN(&uA~=4N0wh99J@TcR<JczHM*y?f8+G
zdw$L^z9(0Xr*pclQ{<!hkR;czFy9B-Pp@Npxnc%177sbLIkxv$e1+uK*Xb6-r0H0B
zQ>eLdJn?H<v34u;wn8|5lB&D}ZV`R@zJsa#4QPS4`BEpj;)KuP!de+&)YAJ?PPQ%6
znV@c;1H6-kga>(pqh1cJpIrN&T*+?Da;0$}$%JnlR`TYqbyl4|s=!hat8rRR@4K^*
zN}=k-eh?u=50-inI!#5sK*(K8-@!t6Wv9U?-(_JFd7TamNPIKT<in9uG&x5k-bgZb
zn;f0eFppYfggtfD&cuHI*vTq6t8rq=m?I?|R>I9+G|_PL8*lBS-NX#0T-i?fQXQVb
zJ&yzdKELV%_a^qBnvD&&D)7piFNnMW%*`1@Ti;}o!V<p-7PIIBvwNDz#}gM@`@^4h
zsCz#yM8@vY@x0Wo*vwA*c2HClH1V*e_}-}r&5Kbj+Afon8h3mvpM!0cy}g$5Ml6Q6
zCr+n#%fGeLbsg>V0a>B9ZoK_)xz3%I>vDfW%r)i$trtDl!zyv66DYA5F=j^IaE%r=
zJaqJ64qCzfisM+dw8D-c$O);Uc@ejJ-By0B_92$IdE{Kc=u|+$V|Ty`elE2mxU)OG
z^}Kvogt9I327NM<u7}ozCk49MU){RYDGv-<pXZTMZE6KSta*Y^ndmCUJO~b6F(X=G
z#oCc{X5lt9R^TN{g6L*xa9$r2l|qWcjllg^#3-NW$(CU_v+&7vz)!}8Y6#u9cl8{U
z*JScd?^BlAW4bE1RG5B~JvfbJ?iFu(+O~w$%^QSt@@RN`pSx5*$11fG6iKYUc<1Q)
z39;bI>uaF9Ilaeg(2eH-N#KI_wZ5ucgd1}39Lw&4qBO(tJGIjv$+?H@C)&mq3Y70=
z(|jLM$z1O}h8;SQycNjw?5;UH?6<fke0-(!)N%r2hrif|Wu^gIqa&|!CvF67zrxQ9
z@+OO-1Ye-suW#!Wj3!8)Qo8<Rc9m2m)lJO7e)mLGIH<NU`e?%;#EVu@1oZ4vl}RP6
ztM=pr6`j5f<tg2C=yB@en|5x7+RX^c80!6kfx74v<K;be&o!FuGOGJs-IgHt;G;Es
zndcd`=wj#-5KEHRZ!?N62nXw9eJIHw+=g$zPA3KBku6OUzDC#c7Pbzg!edkkj-=3<
z2)CHVg<pOwf%L$(3)b%Sqxb*rWvEGJjvugQi$oIyIbfZnQgsUnGL%8xpoe#M2zK!7
zN!<0AIOez#x!;jr+pIiNIJsl?*7>bKmS}$UbL#Y`1;Y7{K9#?`_Gv+A8lnhUv%a_b
z@Uz96iDfR=FUYZX{8KGWK?{Uq>t?DvxHPKt?{NCEO!9FK+AO*3>0%mJE<7<b^`%I>
z%^7PDtP>yk6o}_TxOWs^wC?dTO~Tp(f(0`YautI$Ip{6gi>Vi#O7LwQDOKW(comF1
zF})#4AMSHBI^~8Av=!5{mNf@@-6SXo$iE#7RtVxC382cF*AwW>h}HAMcLBBXH{!-O
z6eJkkAgrtr$d{gQ?*34WYsN(gJU5$T{IL<iR?rj;)nEqr)oG#;-8*@^N0ac^+GEU(
zo<eHJ-tva3j3nBN4#d>=FQ?sNz%Q`G<FO9Me)7FBr~x=}bTZh`QMJq<2}oFs@#TK3
zL^0&H;QnW;AW7Ee99uG_L7WBOE7j5Qj!P;VUK`pJ_toasj0{1+dTS1L>*Y9z1_)`P
z)yJLkARN7<<g~Oq9%k!LU-}h)C1tjIkLeRpv}(>Y>;WN_O!iS_q}?dLZt+|*_hUf^
zIoJKmJ~q<pZ=l#^m=qr^ZSg-HT3OW8@=gV`*WVyrudJxyCAP=@L~1=bdSM4EEQ4#x
zVChQEKJ#TC_^@#M6-?c_kr_iTc+XNdMIr=aDLK&WeR0oMA}oqG4eJf$4Fh?XD8JX+
z>)r`ays)UIJvirJyA_gru^=L_xCp`%cx>k<OBF<HwJFm!e&;Cmtwc>x<vont0@h24
zSNu~GF_@JDz3-sGQ@$CvF_x#%5Z_|K*1~=r_}O2PGZQg+0IjVhU)ZO<kB8pnhyB%h
z^UeO!bz8<Ni3dsH7+Fk#_X`l&t9JD<3`r?2ji0zl{c4hKG}g~$pMX-vmUdx*VG7iS
zd0oZW*f6XBSR5||^NVj+@D25kjPGdz3NC9?liepED0U~-E`DDV#DQl@w`lS4_5?*>
z$*nT}i`u#kmCCU<EcNuqOU*twKPdHHx-M4fi&z_KVdj?f)?u}~q^P*1QS7IcQS0`~
zv^4A$r+N?-Q%p2g66p-ih-B?OiW!Qws}hlZx2`^;ArzX&{6aC?wXP(?%7JzPik2>n
zcA+(zItJ}A(PwerB~{{}9$f4ZQ!UbMTn<vtkj66N+02U-myqb4xD6hH`B!>OeZLrz
zR~~YVGg`}35_htnGL(>C)ZlbcmA!3&E`%{SgdY5|*q$kpu!Z}%)izbuGDW)E*9I&>
zwhU1IM&k|iyG+k%E4=9%i=sc~uuS@$NPgvDcwdQj+}B~yN{yy;F~KP?ikR;X$2?5R
zfH<njATAJX>qx`Fh;pM}3%yyv@pfY*mvEkc;Z?QJTh;~0!F+?~aC8o6!-40k#*-)C
z$zUZxlyi)A%B7-L0`k9bU=bkio{l$2?9ca|n&stYjPhm+z3BDsBkV7c?;-qf7~UTF
z)$#?kWso;>v{@ZN`k1s4LxL50vjk7RrhW~v?ae(+UH|Gq_T`)eYx|d-i)v4(W1U%Q
zLO92?o-?7XWL8mdluI)|9CBp3^>RO#(Ad+#uNOPz4$*Pf`duckJ9upzvaabXDj#y)
zp#&>w`QhzIVbRBk5H)23-sB_<NC$;tE=jc=Qsws5r&4dEccx$Hk+jLx_%P*L<{(Y(
zLsUgJRCy203gkF;kJW5q+~qApEL8}zJXYh)L#J5D<|Oiy4k9Q``e<ykr3Jg<C)OE9
z3*x_Ee!fB*BlKi|M?HMC;z>(ZGS=%)H+cEkx-i3e=dZO@#dfeUs}rb2QGccB_v&o$
zFMgY14W82hS4ABuIg4{mJg?@HHc^+J%MS8XAbrzFOpUc@M(-&1zVZ__)}czxiddyU
z_r24hWo!c`uKIfYK4_gH-a1?}3cUdRWJtU%?hvAi(QC=|kd|r0TeNg0&;~?2Q3>^=
zK&$b$al2gBg7%svJ`I#$#y8f;Oqq6pET_eJQ9FCe|JDv(TG(O*u2EZLo>TVGvxgSx
z9y4_V>&QA6OlPSv)rT({;vx;A3tOir5%hD>0rRdsY~9SFn~ovq%AL(Dmp?tYbs>)X
zitK1E{uRmGRbP={?!h}~%bV##Xzuv8^I=4ulVO)ChUzgOl%p89FP**_MZT(X`Z&4V
z&T>fgX&zfyXp%%iq7cW|P=GP%Qn$Qw73F8rCYgcUD?Ybl7xzBLE$+Rr2%P3ti8Wbn
zuDL>V*EHbqTYY2w>cHK*4N;139{WGmMqaP3v;63FK<jhJGq%xeF(e{>$}?cJhflP>
zO&Z;}jze*6<0|~b^W(I~#%S{V$5fMMmv5@6F7(OM@F+RbVyXpQ>9Oy&-$$0Oy*k-D
zAj<2N7QBfT)n*p7O6M;UY^S4&p@+|WTG2dwRjcGdRP=htKtl*QgWG+|;~2sFp%bO=
z=-%*S8R&l(IGmC{Qj>Ydg1m^wzNxbP%utG5_$DZLI%-;Jd}C_5emW#7O{@^Uqw!8^
z;p1B20->urlDn;_L+u@JqgYF(HeA=~^|a+S$B@%i&p@!K`cY@L#jrgsyEz?)3sSmV
z=85HN_5-c>E)k9Up(DE*+nhP`FUwPnHwh^iOn1b?ya=mZeV<T<5abds8!=#ildZT^
zp*<X=`g$sS%(Y6YYUJ>nvis3s+_$y~&Tpo^Ar{}1Z)_0jf7)GAPQ`MMbYDr%ZOOJ2
z9Udmw><>_E?!;^r+Yt{jYE7r(|7O@sCxt6I6?I8u6p0ya<TbuCwVL<V;Bz5JG{lu7
z6j;q0twD@A-PTN-UV%QVB@lT#YiHvBMa#~lM{8Qkh+EM|t9&4F>hjwe2P1Ra!ZF&>
z&N+vMVC5*~d&$~PalKRE_n~i!@pwBzB375{KR1T?&r@D#!ZoS3n0|_E4W?-o87!(A
zFZs5!5hdcV;<8eMPUCRJzPmQ1%OK)*LH!i<n~$WJ$Cv6WbSD*B-Y#7&FVI~y&%4)S
zOBXrN;F`Zit3~gY<;B4$%)^<A;qrkNb`O_!>nq|)YNDjen~P-wdQ5nUg~G-RYoOvi
zV88g=Mj65q8v3v&srLDo`_YWdg2tSz%qNs&pXms-uzXbduwAX=*L|~DT}+C0HdR1Q
z2KF`rZ{y+fXwEuqDm_@8Yg<6KC*Qp!LZX{ZgG+&uHg9lfUOfy7w#F1C2=K`srlBR2
zDoGzK?x>@}zZXmu{M;ySGC#fhIZyC=MNDWY<BhKmaJ2oZHr^KMXzJ+9j&;26*vx%r
ztWQ=Houe6B1$VKJH(-z%aG4)K8dW!Ywa#@}_Qh;k8fhxOwht{A{fy>&!<P^(QtBN^
z&s7IFNz`kLW^rxIMh<Rn5<hmkp34=tv`(?&FhAnTF&kB4X-RND8o0TpGwFCLDR2et
zk}28)$_!4PaMK|0GpTi7%|MR)mdnzQgC+-6NI<;U7U>v9pY_lb(WKxlAJ81|8o)Oj
zkI5EWgL_Ud`V31%{!Q51S?Cw)coGEkm*Yv`|L*Z53g-hUl^yII{)nCgBHjLRDv1#A
zOyJ-VAmR;3H~^gb@O$VaaLmZ{AF+~fL4jWaCxHsT22KL?{z=^AU(O=|avz)za}yH!
zAJcNgDMx<>5eKjBlZ)FE<uy&mtSE4h;6*g0GjM%jASRJwNw_L7Syx*$ac@j(>B9DK
zD%CZ5<;_(icghgfQ;M8#3s+p|Tg3OiAc<07>^@X2o#Bfi_VV1vYlW-NX2H9A6}%^&
zl->QFDYFyPBX&4MTdx;i#GS^^8c3}*g7iE4qgTO&(YyCfW{bS_lwu(d7mpEx`=cKX
zKIe5qmiK#Fr;YB3w#NHhV2B=}>3x%}0Q-IdEl(j@_1GAB$3a~-zLwk>ee7eA=g;}V
zWw(p~{0Rt(i^&M%>9EIh>(IpEYv*29s2to2KV19zbfu0z@*YNQX-<nRrFy^wCCgXd
z-QBNryWb1lXVsQh7Q=+!8saZ$AKa!;I;AFr?z0T_8Qhv+^Qr#8c8aTXs{7=G&>p&P
zqkJGz6LFHE<TK*8Xs~p5yGXxoyQp6B6!$^mOtfCQPuNpQpBEe3?hBPY2FSD%f0)A3
zDNWJ|>$9K}?rOyagN$<EekE`}tY^YXY3Z6L-?n>lThs~RvHNz><jSK{SuB2KN?GEG
zwzOX8m{=fu@PKJi)Z|e}@9FX2oRw_ii8p%1@z<Mwr`-SHnJWKGoBuYD69TB>&p=Kn
zpw|D35AOe>E~?%CPwW3RsPxPj{C4=uS>O6CN*Vsk;V-g4mJ(Djts1{9aIOqW1i+Ob
zBjo3m5F_O0T?mln<i}kgruF9)kn!Z_T{sZ)in<FJ5d@IB<VQguG8Rafa`r?Z(Ft&V
z4XOYTmuhBjiZWujz@bNf_Ii}<VLU?&c*ZSf2NQKO<Q@K7(z5&-W**49zg9bM?rs@b
znDO5-az+Jj3;e)G&CJEY)!D?%h4HKnHGX9?Q!67$2ah|b;8`db%!h!1p%6ickf0z4
z#t1|F4!FyI-QL~->2e1bd={h22tEtUWfVX)t;PsM0i(VE=F2%dxH^i8@~iV}I0HfH
zjwmEd?(s{h1JUGeRwia@a+3V=j7Vo!GjVZ#DS$)(M;FGk>c8;e7jbCZb41bde@M`o
z?PUa#*ql-FgRcLYlCvX&exc--@b~|FO3p;h2xP+fUkT&vDZh{aDD9t0`F~D>zz_BM
zulWyjD}eZ4u}5(O)wuwr{J+QkEWH+^z?l~O_uT<}_LyIYfTOtblL#pXSCnA@jwW+<
z0lv@lm0!sSxJH~+`_(X<-Tkc|h+o4BX=^4bD<dll0zm)=1qkB@L8X6wz`$<-;DZo9
z^J0*9&e+MXt)t5bL0LWsAJA3r{$X3r&{E^S3D_e>_<6NC1N@7&g@AT|tpFe>fCE$#
z_`rU&4F&Kz!$}5!3H^b`8EJpu0RtoWfL?nZk6X@WZhtW32To^Q`&T}q0RI9ffE8!-
zqi}$t@RI^QKluav1PKZK_zgqhjN%=t3<CH@)kEC_uFvYq{DJom@%-f9zr_28oj$`G
zab}Bt!TSvGFYp#ZwF}4)g~uN}h5gC9-*6Cs0haxr@$QUYKjeux-;vG$zu^G>se{1z
zYe1j-se@<NxW8)|fYzB*QQSgF`lputy`;~~joKfghCtwaKo9;~QU74mPjt_W-mfe}
zA@Uo#zpK6wO7&18`zf~H#rFeAl=x9%|5Ghcs(=zbiU8pHd>xqJA7Tfeq4OsZLQp<H
z2!9gsSKj_&q<-}8-;qW2(=)vS5c+Gwf8QuDT;KzA>d!`hcGj~_@&kdNoI7u9&dkWa
z;2Z=cMieIi-wpMB)(KF*Q5_bAC<^vZI3WOq{&R7j7vY)f@)MCiO}7g!|9M{q_aDv-
zAoDYC2Iat@?60DgsmmS4A5O{{os4Il0ocNZQdwXp+}RgU@CVl+zbMd|qw{O)XC4s0
zx~nk~<&r2_+1v0-Iyjq}IiI;u0Hf8+Optd3U_t<eP%wf~NI(d%mQX=Kz<K)P<#XKx
zwOtSJjx^QeQ6COFBP&~^gRl+Y9NF`^^SK+@+DcfUfP5wncANk@zhZ>K{XfSD*n0(F
z1OvhNz<?JE12pl>4*e^vERje@7h!&WcXxL_2X`YEM?ME<3;y%ype)vZjt&@#LPrP!
z0?-jcu?Z@`2kb=r=PddI84D|<rK>TDFZ@Q1MkbbK{2q3;7S2YFmR2S%yvD#rNSpH*
z{$lRW6zJa*As8&k2b?}CgaE`R2onSt1_p41{@>tu=6C)VTm->U;si{fpa7T;NUjJH
z;)DH97y=RnxM$~J@51+kgJ)uObarqwbN=HFuayJ9UMo`v6BmAz(0{V}XFY!4E-I6#
zy^)=nCeq5*h0hXcXM2wAXM=+Of+Rr@z;;1k<RJhs97U862*`i>Zzu+8%;Cak;ox9l
zYxYAw`2V4`7W`%|071L}nbtrD<#ly2b9Ui3;Wscba53gpx0Tg7uQq3+ng0fVA;91Q
zI0HK!1yCvu1`P23FZloRHu+D~UJ%L$jAQ|YhX7*;loX(FIG@13LxH`UDWAQS3lfll
z8^4>Ytv$b~84@sJ{8CynyaFHrFs}eYNC0wPPf!;5Kj$+<5MZu=pb$z~1VBLV6cB>(
z{YxYJhXwgB(fnml{-3Z@0EH(63I~|_16v3jfc!h`G_`UuadiPS+S$ky&}dXQMDklY
zxbvDi@LKVjd6?L`nws&tIGUMQnOm9gB2go4E2Nd18Lz3CBQTc$47sh$TzDPKd0iar
z%#fB=_7*_BANP2H*AEzmK!DE+<Ch`Ee?lcdAMm<E2mswx0GRPOd(HeiH2z}EWz?_V
zlK<IDt&QA_cx}xrjDSf4V_OGfK#|<cY#ki=)nu+qE6ecNnV!e{zk4a3DbbmJ15N-4
zAOQvf|2t^^!>$1D#y@QeFo|L2?C5Oe0!YQo#MRjfd5;&cIp^P)K*HMJ6<*2+*st$k
zaW=mJ%z~T^0dV<M02%&p6n+f97|;Ajdskaq#<M>lz+X{uMFI!AqNa1s2F$pC_ib;%
zVP?;(sm}SU&w%(vtk+$UmJZH8hkimRM;zs;p}aWM@B#4N&U{_KSr_=_`fNCX8U{%L
zZl;v8nGy2OM?iq0e~y6u7#Rrw#emr=Q&$tSKbt~TM>PRF{|{$T2sOe&HT_5PKOILD
z3W5L(g@PdHk0t@1N!kc$#vv_?GA4jO4hN(DBX~hV>>v<3N+tf7Li2DoGsgunB4D_{
zlYagKQVat#Ta4z6XD~1rjt~Gm1Jpl8`yVjWHQ<Y&zJ7rTz)|yWzrw&^1Q<21_bUuQ
z76Aez`#TH*Os4$~1L_J20e<KCa;QTSeun}00b2bl45*8u;5Qfu1V^A|8-Fba0)ru_
zJ@dc9fVwc$jKr@nR5`?XdclH#lzuM<761!^&$R)-giv|Je|;VRg96ir=V35Za^-X7
z5U4rT-(kQ5|MENmK_K1p`En3c7dclKic;}&FgR*H_IH>d2uMYJ9)>!e;2aF#7BF)B
zwJr!O2m_yo34(;qw*ly@5UMx+R#y-NMNL5e4g(J0_$v&RQ~O*wIOH#K1J1=4I)^hz
z5Dq)9Yal@cFo|>id4O7-rvoA&a9(a8048`I7l?q+d7V6)Jvt{h049W*!uyS02ps6;
ze}$o@;m?)(OMe4F5Mb0q((mOEg20gyzr&z#1Zu$cTR8ysm%a-9oBj(V8~+RMp$NFZ
zdD?&p^1t8=1H%A^@Ar0LfPp!W3rqlvnvDAmKN#Q^oTm+jfC`?M8vuiz*B2N94n6-o
zI0)!8=h}b+dV0Pb0_bn&c@My#=WPU#Q~hsXaFl!h8yyHiu;4i!023s@o8|X%C>Y`#
zy#P!Q^j8@4FZ~=acIVp#1JhmSZ6^wLp7#LkZ`y!CQL8+^(gBo1fX>kd1_OEC&+!xm
zJI@yY20yRkz<UOD+RpE709tTfCxLSCzt92XzCaB_e!~xy592(}0wCZZpL6AacjS3}
z1~Op?{Y6FsAjtWC1e8N9aR1(}00@Dak^T)A)LZzRzJLLB7CNW901Wc$y8>`kfzhKg
zYBFBk%F_&ZP4lZcH~>@Ez_U<mW%Bms4vc3$3+jh7;~hp(V8##(mW3juV89zoMn)C^
z1xvxf0#I3)3`|lQ1o#{Oa}m^3khFt|l%<)8jf<-tBfr3PsEm}L6ch##kOU^JV1klR
nNrW_12n?2%xegToqg*H#q>(f7%$)$JfCC32v9ijj$m0G#{t|TT

literal 0
HcmV?d00001


From 4766aee9a9269847cc7a8ebaf7a9a753da1d1f47 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sat, 8 May 2021 18:44:54 -0400
Subject: [PATCH 770/812] Update link to ESAPI Dev Google Group.in security
 bulletin.

---
 documentation/ESAPI-security-bulletin5.odt | Bin 30370 -> 30754 bytes
 documentation/ESAPI-security-bulletin5.pdf | Bin 125950 -> 125552 bytes
 2 files changed, 0 insertions(+), 0 deletions(-)

diff --git a/documentation/ESAPI-security-bulletin5.odt b/documentation/ESAPI-security-bulletin5.odt
index 4fa81a659bd5c8314ac269853089d4276112bac6..9edbd72d19dea31245625dc22fc7c00863c2943a 100644
GIT binary patch
delta 28690
zcmafaW00mXw{7>dd)l_`p0;h<wr#xAwr$(CZQHi(JKs4M=ikk))XGj)W#>nd%2Rti
z`B%XCx4<y+QXrrxKtPZ{Kw(XBFj9zNO{I$RnvK>OG(bTAsTc{ej@WSl8gV;<09RL6
z8p<CY_8(5c9|4{p4I4i_dp`ra0895!XU{-s=^q)D9}USLb=4nD;~#yUA5-%mOXnXa
z>mPTwA20uKkC0@GfHIr74xgBOuatJ*tX|KcAMd=8AQ$sMZ}&KF^Ho0XMNW}bF{u?P
z<xMr!H4U?EQ;RJNmmNo+U1ObHN(+m92b+CY_dw5|ZI_^3yT7|0L3@DM5I^r^KiiaG
zxBMvgl6aqEKlcQdUqs+}S&_L-83{VSXaSWC)wMO1buA5*rH$3~Ep?Thot=Mk`a?s1
zBI14$B7c&Tf5Hj}Q!58DYKPKV7cvXJ^D}?STZYQI=UX}lN=kkz8h#opep*|<yZU-6
zdY3x-N83i0%18G*ruN#0emZ9l`>Rq1>$8Sh%KMrd`#T!@y4uIP8pgWXW_zk<djPdZ
zVG#$RNf*iCrzxq&sRdVs*|+5xmn9|VB@I`N?e}d}cb(0BJ^h32KbNgTx7~fCeH}|9
z?YlGG`*Yn7gPj8d1N}qegQLTPqmyI9{iFYZ!HJ29;mL)G`IUvq;nn$x)z#IJk)P3(
zqw&SB#j&52&Ha_NpY7ev>D^nv#{TKr$<s~W#C8AT(aPw-=JNf>$o<6Z^ZfYp%F6EK
z&+g9d;l|I?*5Tdu&(-ea>Hhl5;mpIy+Wx`8-tqa#>B-^Q<=N5x)!E_I)z$IE)6K)p
z(cRPW-P`5e<K@Hq#oOn@#qs0C>+|i=<K5N!-QoM=<=5-=<KyGQ)B6M9_2KF5<L&9;
z{qf@;e1Csyh82YZ0a0p52n#5?uV4AVI%ALcn7vnbF?W%feUxV!jc`ohx9i@B*gov7
zDrPLsoLil<+ZeTkWg7_vLV^to{8?8QWm%n(G&~4h^#9cWgQ})p%em$_BTGCaH7w-^
zUb{+qx#W0;pqMCm91qBq_*>6E2fSC5-2byhQwo1Rkx!$Mk2U#gbLevN^81<ZXC@2N
z7xY`GFlJHz|7V%9Nkr;s>PeKH4bVVEMAN{(q1n+5m6rZ2b2L>hXpEhmSL+`%FOu-q
zqjs#<!UmNw0j#>XzE$;}^exNZ`!+hB7ukDXJ4(ho_cD1Etgjg)e_!9ze(Ss(Z}4$B
z7yR^Xbi?55-S1`%AN-Jh)M2B+xqX|?lXkrM4GH2F-TTd!Y2Iw@%5=cOqYHjj548Z&
za)(>C+^G|a(dkjtc%RGOQ#(*O(P_R;Vw$o&>Y{$A0iR-f;sHLl5qg(xFHW!-cwhb4
z0F<}QlZ+ByzyS6IG0&71>*dyM2oJWWFCUKX&-*a!^QHmJc4zf9@`SI_*Xa$$6B|#f
zaDZH8sE_Fb;Dg-*#6xXocYkDdUn>`IS1<R<TTJ_zwLk*1Y5$Scr!^JyyV=KV&&URT
z8+yYI@O~KZM2$xO`Ivw7b8_u@W2o+Cr1X48pW{*2()~CA(S6(Yp||tZTcE}FbNb``
z1@HUw^rZLdJrH*QnDy2>IAPoTFhBUxd*6SbVF6f7;M=~>cf~yG2$mpy9r*i6Ys>{?
zx`Ps&qWXaI4L%@X=R}|Q4A4}5)c=KsMDS<_sK!nb281aQG9h2sy<b~0TzG(y9$2H5
zi7PVW)k|=7EVDmoYT>Qc?|nzTh!VZ{P~M*wdktV?tpFSbzT&FlKD@AcX5DW<F0k1)
z-FDtTShqTS2hiEJdVFt^Ozspuh`^*f$jU4k{-^nN8K6wt<7FmJpaN!SO^=E*4N0j}
zCf1gAUhVqs<brW4tcL3_T&RvS3p%5ub`#n%or;|eGAas>pyf+hS&y`_xHuWII-D_D
zUiw-93|s}D3M)DhGjvazwADdZ>@N#zJI-yxwMD)w_Zh=E9S6;<N6{U13g34(DpT7g
zEj(J?Q!W!Ik3YjP!2mS6jy2y;)s$el&$XCoH>Qa46um>s{wS}!`!JQ;?GYU|GCmEB
z?#pGVkU1-!<~HvY!Jhq_Pvti}m;=+ywdFQ@gL3B=ot-l7*3p=ochQqPx>^W6mbbBl
zMlXg2eQzMWntLx+?w3Pp-5)c+v&L%!zA75eYA|4n_4!p14p7d}yydVGF47`RtJNF}
zu$${&x?Sui9k-+H^WC|^v^wvbYLz~j4|?`u>pS@VcL{q>kPf`!x6r(A;eQUi?6N*A
zziX}6<tXU_-M%*DoH5ybJsa-8zJXCn-}cFIiu827ZDc_FEaY>IB%yR4WW;>oeL@R;
zhp6oKV#uH|0-_X)z_NFA8f+ULK3nL)gM92&P=}p%I9vn1+&8Y$=BEh20cJ=m0q0%Y
zz7zRm57l55w@MzBS6wmNJ_+9vrJJVSwX#pIrmxaFX4mevz`mh3ds^LJVlAlTcD~k8
z)qa{c+;`Yn+dQ{rV9$pDH%~dpcRNbKB&-?QrV566fB-C>b$^zQPwmyh@1KV%*AZMe
zFbKOWzdIV5zc=5z&)wtxR}oLx5I=0T56Q?WZk=P;_xL>r%|ka^#sY6-sg)mpI}Ns*
zKO1hZw5DP@K^Wc?UbbF(+qtea7kc!M!l6<=WJB0&U1@Pbe%dj>`Hmg;%v9d0xO9RC
zu(R+r0QLQ7d|zX&LRCAiRlqM>ZtK%g89fd$7vjB5xo0GiGwcl4ogZ9$9cxb;_9<3i
z-oppZ<y<;>z4sz+pATwONgHqna8KJ)40Vqn;#AlX`0SBE0V<W9I!Vgy#P;{Z(d_jE
zcB|whNysd~qv!1pi88Qe`VuB*qHvO)O_Bm507bKWDpN^U(h_X_w4pRB{a~!Vw3e4W
z>O)-MkfOXJ=PZAVNPS?iAR}2u?_ViSg(scM*nI^oPig@Q0gQYG>P2Nrd)gI1vY9Q4
zGzN24Di3nPRx{A+vNAfaD@}fT&xe5qGA0W+iC+M+8gNKwZ;ssiEXWFJCAb?N3=Vf=
zfL&q92(Nps9sT7MM=RUCYAXj4)JBJwCsD_Umu`$TW=?pd*mF1H+1Ul1E;dHaG013)
z_vpeMajDqEA0S+*xD-t?LyU<pr583k7`71X0oaa@ZS@`lYUb^oTCam;dm)m|)m9fF
zp@Y8T+pj&^gS|VpW>(hAZ7e*Onr<=%0A%>B)kQjmCjp3@$#ruALtUYd%xo6H9|qdu
z=0M`T?&0iXTD!+fot`^!IU{2wCnLGmHpb81?O+I^IJXS!l@Pa^sK6IiX11StdYq&a
z(g-nEyRE36IK0lig6y<`EiLQ}#_r+Jgp17Z%V=wt@T)3`a;(VzYk+^vA9)5%rLG@f
zed(V&_^2C`?4|EBuPVO7oG)D^JIjaFgp42N1=lPEA>aF)?u565`5f-GXL6mLpM&Ka
zHlDWu6(60SRj;hR)y?%`yKki{e6<$eppS1g-`g*M=QD(y=`QsOM+ANjp~7*yf82#H
z?c9^5q9gCpm(|!cpn9c!zsALdyaVaZqYe{2q))SC;qj8VFP$wc3ncP)TvP@h4~44(
z#(dCu_yYvEUO_M<>d6+dbB=dNx!R9x?RuMuO9BhQ1y0!jd42l<1MWbKgCUK^HD?2q
zSxy!Q1^Sc5R3h{+=1?^Z3mHdn1NC)cFPs!5VNj_7C){W=ARlL-wv58BCzGO1+aX=_
z?_Wcf^eVM8_PqH&Kqf+Ipcwm``<jZ;4i>7xB!)%d;=>kYTKg>E0w-AbNdrY9$;Tq~
zJcmc~jRIaZ6#oL$`*aTIiNWQ?#(=I16XNY$lSsr#(#yC#S6dmL8i5w5j8a7o2+&vG
z$;NIB5A}HfM%MN)em%`YKjRJyiN)CSFIe}eoswo-hR=^sMF0JU*@{_q7GR!P09H-p
z2u|gv+z(eY(p;!-hNd$7t;n6FNbdCN7Y&^zEQw2HY1v&GR<DV;Ru`U33M;=FcipOq
z#9R=`g*T99L^WuQV1w2Yzx!m=N~r?YOk{kk+r&}~fGg&h!U?m;#bZ(qnrR5OgdXDg
z3?VAJ$45FTCsq?tlvy5=;IwnDG<DPz0buhn5s*pnk>jXdg?p~zP@a15a225!IPh2)
zOw%7qA|dUIl$NTxg4PFTW7C}`>nhXw7;93W<wlk&X%xt-E(1|y$+YL64aGkQCd$r-
z(4zhY>={Yo|J_|y=Hi>ISMz5(cTRWl!Z?&$q?XCHfeZ?jn1uT^wFbfsO;`-iNEv^>
z8y)Q*3NnnF9~P~OBrRN-M<_G&g)*)vqrfsN{Pv65D=+I0yB_o6OtZkxxid8u0eifD
zt+(NtC$G4@Jjd{!R!yyOhcwb+s*4B->MYDYU_InUpwAe4OCTOAzmXt(99Uxv0aC=K
zeSsjBZ5&L(4=>myGev0QodKwCq#?FAq^&e2UXx3FJR+Z&36AldLg$8jdFU&)B;VKZ
z@ARxPKhs}R#64!<;z^S!V^Mi=xV-(y%Pa`ZPA}1oQS@%ZWM41q<m*&dQK+nCaW%;Z
z0QDWzWVnX7vL4)7JJYl{kJ8(eVkl=~B=Y&i&eYultG8m?(X@gS>Sp}6K$AOI9S16=
zBx6O=qCcl1yF}EVso#GJMKJlIfY%ZRtw)W*pe_zQ6;YY_)t8{|l--yq2Ji?a=F@3J
zkYV8QBukFMLkN|AK_NGinTLjstGl^s0pe5h56D8S2HF!tE_su4VfEFMjxm##h3RpR
zWUfFY%KN5fukJH!13Q7iEkG6J<c$b~W|xTIhS)hhtv&2i7)4^{e_2YXoJO;Fr}vVZ
zSK`M0{t7=lGpCpVnL9gb|9gFE#BDu?#4U|Xdk9kDfpJSB!8h?~T^5*R^oU_v3P2*?
zy$8wWCAs}2WdxjGS<gqo5(rd6kfu(UKNxr7TbO+at6IgIT8PCKL(;^}wa+b#Bx)iv
z(=d>$CJf8P(rIg|FL;4<6h2*N%+IFQ56w`8_T-$RW0>H@tV4fBbPQijQ{=3&xMqOH
zR&e1VF+>{B+Bv;XtP*+QasTH@6u`-n0aBA6<TcEm@-SJ~Di}ZBD8Pw-A+X+dSR*dO
z*_Ri+iOE$WV%DtG!aHz-ypE}sEt_RYaSUVo2lg!7>JEw?5#@`JGm4#47(!keQeeF(
zcrX_4kx82Xj3Nwy!dF;nbi^QTS7>(n4MD(!fZxJ)ojP6{$fFVZUKlD{006pDm(I_d
zjaC<0B}N!=kM<!1St3nJfH69<yN)E_9-$VCB}7PMd{1!|g?Nl*o%u%-a+b4lO7p>X
z{_$3Kl@&+uSw9%%{LFY4GTEAh0<+zSG|$ftTk>7A<-<f%cnCVGX=e_|kJ*W7{km!4
zdq8Q|D|ku5`tTWCVi3je8juoz)9lWL!8f6&U>QqHI*LY3OsYkX!>c_Cp-EV?VX8oX
z%wjDA8(@<9T8H*KC_Y$*j$NB(FI%OSW(j<}S4>1cB1q8y<33%bmUd}vTobC+#M;jS
zXCY#Za)L9HTH4AU<8jYWgjT&-lS0>EJ9WtW^;)*s7A<@_%)*Qt3&8sKf&9KI-sKv!
zuT!c1uS-5lM^*nu!$e~7^zO_2BI;38cp)JTB&?3g8f7jBR8OVs=_Lk(VFthCCPIU#
ziBzSYq(23!aDgtQ1*%;9%Gzcv)wqR*@&YAi6zp=KSWY#$IWc00q_kV-AP>~E;X$m~
z@5*9OC7R-lLUN9VQo#IK?<(^%@4m(Nxcq?{Nj}*%Ww811h;i*5>uh)y8y=T9!|L-E
zYrakq6JGGClQIz_zat^m1DJk^e4#PbF6^8uv&e_|!kn|Z!2GXg;JB?dF5zJFWYc%V
zY6%1QI3g}pecN1aUuz#M9HDTZ1nw+^^U^wM!KgnGOV<9&^MJC(Kn;dChJ7eeS3ziG
ztc46^=``s<>1hQ9U`-PbM#lI+^%wQ@Gm}VjDvdaIzgW&D6q340)WQOZ$~r0M_!Fc%
zV{dt~uiSbvT5^mqY+waakv}tz5^<D<LOO&-pQy{&C+DTV)4Wb3h?9Ot=9P;NtK5B$
z*E>7v)<pFr5dtVdgwn#DAf`?If~wdj=ab4F-IH3f9M_PcCx1a*3>!TV$eO$(5*vJ>
z4OSxw#joyZ!Gcu8;Y%xueG?E@+uGfq;Run$1#e9kKubW|`n}}U5oT{T`<u#KzG;7y
z61u9(v`0g<`#0(IZqUtf!?5mgU7YNQhF;1kC{y#ud;k>aIDZM-cOr8Y`V~sMJ_-;-
z`;#mPEISOW@CHYy<YZy{5xE9QrYAMfY=QeUa^}8W8CtZLZg?V!IxUD|Qn%tzlo|4x
zSw%mOZg>=!pN-rT7gY$s`kNFz*ivioj@Q#N@-F+UC!=a4+Zw!Kkk@HPZlOAT*DrC;
zSpbv6p#zSDqlv%<N8B@`+%re&XkVQZxjTG<jm1y?7HipK(@a6h>O`Y*Bo8%d`1AT0
zo&Moe`Q59OhLKV5dzA`jq?~G%C`j607D{<Edbms(<^uqnXE|fUSI9eD(jk1wOhK2#
zf~0^Mm_$bFNNk9{kOX`Ch^HwfZVA0u*l%`rs02up?IA1an*!tbefMN*Jh2ui8zaO(
zT7RLrvSdMpO`M9z;?Z5(D@M0{BfF2S*+#W0yIcTMaH-KR&?}lH4u=?e8k^xy(r5qI
zyJ%^)>I>S#&-_M+It&g@L@iC5M-vrb2Maxq7v$_fF-U<2U=SkU>IL?jr{G_4G3MMr
z@B`%X+Jc+7Wn~D}!eS5lH50nw-qEYGg!}d##S}9M+<RBg{8#Khu+1>u+Nu}^M`3$`
zFk~gMZ;Uc4k9iJ^1s7Yg3{2;%N=d0Omigx&Wtr8b9CQ7Jk`Ktgh$6xgt1}pd<lmi1
zQ86Hbl-?Aq4?3B~VeKaPBb6)~=&1t$;6;fR^`hUQ)yL8rh<~6fOdbaMh*KnBQ*kZQ
zoXRJkx8ZVl8_n_w8=$k_9xjcupmQgquuRm%lnkYx4x!23))#3kA8Y!a<$04PQuc!a
zO~=WWK-btqIm${g!n-R9+|q4Ibo$dvn7#9^wNsK9NaO^Mls&Yp+}s$WrqJR5-ePmL
zQuyY2QPcv<MlNa<759Vfk%lCZmFW|HVsa)b+T~qik}(M3*$YldB9@lQ-TI@K+Lnna
zD`4sVqhijb5eRmf#ldUgr4Df<=0Re<hO~lNn3J#@Ur#myYLF%Y*V|_%6FX2YbUJhi
z4135R#>fJQSKvsSk6bZLM1fHNQDn;MU8F!8vF$ZNy$+=>JR<Sjt2@$G$a=_M3@vS4
zbbQt^D=Tr3RaJWXw+KPO^cZODDOd{*N<{lK=c1a-i3_qyM)4>@xk!wKi$&UpJ+Wcl
z$ig>i{DyjLaq-~h`8D%Nbi*GkL$^iaC{u;XXDrrI@idBBU_?u#Ww9avEJQO!0uoPT
zWoW}un6HO&5>hvpk~jeprLDQeXH|V9BZcg}KB$?|F$yseF99T>vw{@<sF#DNG+FLN
zxAEtS>R?9?i+!3MI*+*}5;{3W0k&~ckl;jAt)Yre`yr8mv48Y$)kD#5!b38_@BOAg
z2am<n+&Uiu5(`tg@N+=@2^$Nfbzi2NlM_+QR1sPx4zU?o!_luGzQrg~x`E<;qDWk&
zrcPrwbb&c(ZF$D}vIK6b!uL8KWyD4tV=3}>ZAw=`L0QgwI%=J=GNwzDTTvJ)GCz3(
ztwz)|$ghd@I_`T2ZG@}SWRSG+`b2WxTF1c?IN<Y_Koq$MJ1Ri#L#RH&o`M9th6Xj+
zCkoM!FW<}Fz%IS@Uh-D3U6o=<VC=b0MuB3xolUP(Bfx_Eo=2-}1*HW(j@pR?6k}TE
zHDOgz`u&%c!Ys19e3tedR4HxfGI-Kb%Ed3q6p<*4DtY_ugk$Sbbg9+mG4$W9E0NN2
zm}sYMa|ULlbk=~6M8{+W#w-ubwKBmuEY<VyX&hy0D~+PPc*fosJyc8MnYdz;Do?>P
zzW^mM(|R~OjvrFp92ai{{ZH=CzYQ@tg7t3C-@6(^p0b&|t43T99mHbgm`(-YLtyd{
z`-me@kS+;Z+5EXGL*&7lD<N#x+lvTrFPA>l^Ehy9!dL*dt|w0+r-O@HlYwh{IgAoo
zSOdr&JUBL1X1u7&ZIm^nXy#xqEZ2km1G}IWR%X^nwta9SZ0rnpTNtrt(P1`LyRhBJ
zVEcoMi;<nv2<yv@)y>sf7rTRHz5QUKS0bK_;T_A~s-6vNA>+^2%~D2XwUALb+EcMn
zA?I9_pie+QykqpnU`WOQL<U=+n;j=cSm#_PWhZGp;r)BC=qFbvVWi#bT-Dy~dv?HH
zfWe9Ci>-}1e&5H_OUO!3x4}SiH(n&^W-S|z!>o-C{@QErbybuP_Q0MVD_h8l7;9J4
z*{-eG`oeqmEjBjMUKirWcXt$a#!Aojttd%nw+CRMV+u&?dEM!5i1GL8G(Y<Wl{Bj8
ztpJ=fx#uo>og+zo5yz)F`zFpBO7!LqLRjFPD**Io`?Y9m`pyS-I>xj__{kUp;Kp|F
zm3;eNn}BT53BR&xzrPqP)4EzPE!}G`#6rA3DeRQKic~#)u#V&qztF1+LxQBy)7^IR
zstq6_{`?SDDK7rTJr>%h7gD^tU0$}gw&v|^<+kix!l{l9ZLcot>+6GsMbai;Bv6mz
zx;Z}9%0yT{gYg_zESUMTnU6zlj}EyuWu0OQwJ$Z4so5dhV$V@*FmVP1E(>E5dOb^0
za`ej~7sJtCiS%^YC>=BL&BiJ`{PO!&J08Gs8nv)>T<PL2yX;fmzDcTxD6t5!G8-7f
z8QzPYtNpc!L?oPhrQJ(gVEMU=)vuq2w7XcSp7^<C+ci-?V;56o!7+AwGxlq2mSDbK
z&?^j)jFKFcN+O|DZ8skukEO6p-l!G|AppbLD1=j}?e68urU5d!!;^-$h4Gv@g&81`
zbr>%gJ{^_y1!?L|9O@y^;w<RmCDxYf>Oz|2Oxfw+C&n;<9S%>a?Q`7RZ9=UuGG9Ss
zPj5EdoA%lsb|_ziUFaUG94c(Otq{=b|Muy55Shc69K~q0mW;7MRNwj9?YS>$mx8GX
zWWw#iDej(*j{=*TNFn6tKWPywJ_UdV;xtPrDI7donKVH{svJXIaAm6*F!wIbN=r&r
zLT~k}XIfWR7@<?J%Z#8OMFyR1+|_Iwv0>mngkmJgZNjUnw~i6RyKVeXfUIoN_l$&c
z+ms?kPqh_(OuNgaJ`^BK*PI~8v)vSak`v^?B(2i7>W#AIS08_ntzEl~GXeCAfqzPO
z9pAeT2XJQ<Bb*Ro=7ij}Ur@BHF_Rkwx`;X!iG;*Z510+NzISCK0Q=_<euf0d^fmeV
z%WES%DzdgF(7FipH?;}(E6JEHn>0c!+e0o1czr<|R@O^vlOli7@!cazCUms$p_m8p
zr?gKWynqMCWw}LFJYj&}H2_}M<tbZPh2@0_G|&$SbVfjHsh)^XZsDt39|FaWPK>b(
zEeV>tw=ed+4YRbA%+i9<q%{_zt4FyaHgFp%%Pb}|4zVM4Tj0@)i?dSL(GoL>v7u4T
zw(L?ht~VUfI_twns9L|Bfin~2Db!_w456a~k{~Wx!8Cqf<~JNKEdmzrto1vMIWCNG
z8<0e^Te6x49F&&#=I%HYjcTi-&B;G40BDF6Pa2C9N23o<&B!9{nF9)D)-z?wI>U0i
z$PVI(7*+4$ix#lKiXtZ#XZXc=bW`d|Nxu>=4bNIxBCrAi(Vf8W=f2Y7JC<Z<Z@x6>
zamDAZ5lsDoXF|yjEdezL;lPL04{n!nLnLxEH$g}7<SdA>ow~-H1F!3ECT9p&FAzeu
zbNK3Ceu8~<6S2xfsm|2SuK~R2mKQHUf-sD%{MFmXq~b)i^KeLnoj2ytmv^lhkoldX
z+3Lo01Khi^lD6PWHN3(6l>y&gsh-jNnKKQ4DB^d%<L(F*0sw#>^G;YpJ1{rrQk?8^
zWwnCL=IFiboM*KwYH}0>|9oUeCJyog^|`cMV~yuYehl(oCyy`TI`!eLhJCyS>)sf)
z3s9s7Fl6itHb~h9`IX{zugbqw<LYka8J};m_cWew%JEC`Ln~^%U9|mfUoLmV>Iz7C
zADo?WQN7ZA-T|0?;T)byhB>aHT--uDU(8Gs@W|Pwa-XjqE;E^~@%aFN>uUGW{bq3=
zA7KB4OV{_br1oJ*&Fy;QZvHpl&fP&4{MVzNo~Qdro?Un2!|UNRo7*>v?)uB|w3_a^
zhyKV;FEW?!=eX4EAlnPy<ARSK&*Q8R-#6Ol23*Om8er#hEE*s1M9$UyJnn~EbG>@E
z-~B}o(s?@t!lmc?^cHr8tGChObdrb5_jVWY;o4pQ&^vvi_q~D}!s{;lwKZV2jO%$g
zqv!d3A%~Ox8DaOmUs3ZtwW7EBwm$&)i0Z5Hx!Ob5^*GEU-~MU|$=SI}x$XZ=f8&0b
zC#LI;2pIUs)9Z>fz*&83BL99L3VFtL$Lp>;r~$zJ-0b!E?2XI-4wg>be7}N1dfxVT
zc>laD<=lkmao>OHd0$}5eR|*8;eEH@!uLE@>3tpzeBf=r-BQEfxW9&__<D}T#no?^
z)rPB`ydZ>Yr;_#;!++&>+U@rOv)BIg&dPNITuysCYVbJicW1l5K3-JdaNHl<J@9#f
z|E*&^1|V}YaP*wi^G)};p9JOo>-i?c;^cDHf!+SI*RNjbd`U>?0}h9?w&xSJw?sE<
z8<6`s-ckEAHTLyU{DQyU1Gpy-c}{}A<Z|Af&6A3bOdS2WfV<P4ydnpsV~fCAI645R
zqi24GAdQ?1MlINrM(9AZP=(UOlBJO;I;Ja`DID~!>|}bMEujPM7kp~2x!_h9bYwH3
zD_-n;j7Hepxc?=UbKFm@MkZD)7UliNvgqNjHeZgV=x@A^j>g#jJ?+Zv47E&y+GK5Q
z>6(Ary&kYjbku^cvY3gTc$3bA6<q<+9ac?64yN6(o$$6)^VoxABut^}^Y(E@ou3vm
zMJZuyeWM9IQ}~(`g?yPIire19GBOG^u@l%`|B{%~vwaK(>Xnnk`DDo-`0pFoOJw!8
zu2-X5W<Hxyjjz&VSW+Anx8ZnY$roH|$$E%HsUL<sbD2EB{Lxr}w@Zv8Z`1||j}i|k
zNd+%mC@CVwH%4p?Nld$n-iOY6OE}%J72~qOdYPb2;&3#eXSzdjfsOQ5vpb<zT79N@
z!Mqgu>9)4=x%^vaey~Xjn-mgNi;Yvel(q&IpA8mWaqZp&+R);snFHGR#3$Y`bt~9_
zNZ@SQnk5p9#|`28je-X{+YdlP+dsUVN?S4SsdY8U{LhH&9<@cJ#5l4jO_46dV(N!f
z&>M|?#e;;VdN<adMH$w_G&=TqH0)G3`wfiM`?=kwN%syr^;G&FHV@lJJHx_#_Ip&^
zpR8J0O!g$qa?S;nabh#q>3fM5e#G)A8I-IUX>GkOV+j|51^dy7yb=IOqjJ#TxOXgw
z<rWr-GwF{(8C*aWB%?)rgv6|a=<FF!>1<9~GJ?PnXpJnBj2Ecpo?@&iN=;Ug4M8bM
z)hpsqvwlcV0IUNM&vu(8NpWsQhz<CfjFAGSphcQ$CzK|i6AR&8ed*i|G>T@TZk{6<
z)FcK0G#5!ez}{&L&k|5{Cb1|wi|YeAcSEWH_s(RJUI3xUj1HTx8;o*hfCiax@)zn^
zuxlJN-e!`2i#^~xKZJvm0IL|MKPeUh!~X@6O319$_eVYKx1=F<yD%C6-*PuwfBX_O
zo^bpq4!lx#KaqmZ!uTpa@8Za{r?_jxQeYa%1eVNPgXIxwAQpfk5p!|&dddh}Z#@R2
zLa{HK9~z?3v}kg%rM<k&(qvNJPuY4R$!%<-a^&)CqcG7k)lF-nC5kkklrK6V0yY{J
zwi5J4V9$7oQ8s*!6+crvY>ca@G_CByb3#p#Y`M#YW(XruKBO<UfI*_|z(OyF{`=To
zfQ@A#v_8z>c^v?`dCp1P=NWSyztrGv6rUk1jV#pqMufWbO9s~vT(CCE7>bW)7R9kx
zt%a&j_0Oq>L=>1w9j~*se@P80%Q)Vj-W`rTPAN6DvbbU`)IWaABnZ-4Lna`w8!?Y;
zgp!lHAEfV0zZTwcVqQyW-=O41Sxw$G6^y1m2hw_d5gPy`UdkP&oelyLN%~3)ca@`2
zfBTPu7)Q|;$agqqO4-bSyVBThOB!*V#&PHloZ8M3P^SZaj8(@FjV)c$@-0eaO+;HP
z)k3iXa6<EQ;O^Clnm%@*1Qy}qiRj&&h-PLTQLF-6MVy`{v7lTor2VBuqw3Yr#Z9CM
zT5Zc!4nY8t=u^a;eBdZk_T0z?2SkLoj){ZIe1y$|;<{L&)xf4Cg@O6r{(UkK3l8bX
z>cpP^@-~jovx;LAIMX9Cbew`99Lgt#+kNj5{-+A%aMWfjqlkz6!O)%sDCe;CnjFSK
z>l(zP3yl&9R%c<k(z8UqaLj8t24Q`qVnSck+X4VQPEVB3(kEqXA=g^WRQngjYy_EO
ziGF0-T-EUG&;+$`HWXV)s<H5fSzxYyGy&xinf4)ZXA_UgzC@H|TVf~;dN-4hqsqc)
znZ`(EX8C<mN{iEDJRwOF6`^@&CN}VLUdCb~)usk+Vz?5eR<-i>E}y1i*BECGIVReD
ze=mS@N%VHr8EHTliX{SiDA~xSH;eqGH|~a-^R|&=r8uW4eKVIx_q%Dr(D5DJvIqLu
z^yD~N#mOyV^|<QqJxyBKx#VPw0S*D1bxfskRV&Csryva5A;$8o{tkPGkz=&AG|Kg9
zR<_@2yZfl%m?@P*Cn@y2tDunxpVOn-1^Ix7c^kvN`#5AbSNA9<58`ps2`KAA5^<))
z0#9610vgfkSt^5kx8o$_58n85GaG)!FjNOr1T6C_J0JQ)mQuu+i2Hud0s0vxOJ(H<
zmwxLtL|hk@%LE54G&1kaUPY%MYrZ3NADswh6DVu9sNZ>kQtAdozS#-|DC!p)&4U1R
zm}WvYUdT-K9l7>t_kzez-^yxE3tnMl;OuOTDK}mb*b}5(%1rT)iX6eaL%Vl-gYH5O
zNNu7rNyR^DhY8cNGQ~%Q@%<T>10fb=zjNYmi}ww6Bo*Tm*ri;d_Y+>drk81pP_((R
z<j68j#hcT!c9#wzc2Xk-R>4Sf0w)0`=7qd2(bI?$q=T((zBLNNr>d){=)Luv399Z%
zm^Y8uhT(AqR8>=+e%QB$)NZf{8>&0B3moe?u_}bZ=tB7Q??wjZQA=&cB<qEXYi1RE
zmX{d!W<13EmXPs9NoWK>YFW4H$k4MsCdnk=Y{dS8cN+9Xl6{Qg!~}uwNq7MNaRPsS
z(1kccUhl5BV}2}?sOxH{&0-4y>{A)8-w6Vq+*4+>f*_*f^^TjySDpG4j?xPgmAn&s
z@~?9(LAs%72d2@uh$dYfQZs0dW$-$RQ=0d*ZoEdu%jVc#WN`PsPIy#sCY4sXY-FnC
zNGZz5ts_!&x@nvnVIrYK3y%OUL&;d3XHG?2srFZAZOJekR>{Z)LX)p)nlP)qhzMPD
zTK5Zy;ur$Z8;-@^tqcKErP(gi^uM3&`rw3#&jrxiHV+eKVr5j2;G1%~AePFY8eu6)
zWOmUPTeulBP?V+Z)k=?ypRZA=S)}j}<pdQDBC3k1w4&2^B#}|04ikV@w8h$)^Y;_R
z#VRJxpCw-{UN+0wHf`SQ7%7e>E;mn?4y8qVx3l*2b30_zVhI(WI{`nfyy!z9hqn0*
zJX)K=5M&NY^c)YIayv_+UOf=YM0VjtVybH;5bdusHKLNzI&Qj3Xkjkzdm~}8_CYb1
zz|bPsSWv_~*|ivi1!I6C-aPVRd9>P^&!JlBwWfT)MJ#e*e8CY(UzyH{Jn^Vh2X|l^
zk$Rg1zw)RwiA0qz&VaZg`2HZ8q*#1ru~@~r5aA;trxUHa(YxSY^TJu?+;^GB2zGC5
zENoiU36$@12#M@tT(MrpVPK}Q1TTvP#SL}HymkvAQhh%v?gfBgLda1oCpBeiX$v(C
zGvYpZ?e`c#2-i_BR@o((M19NHoiQ_5me?y)m=Y}%%JlhRM<O>=^9ZIAGn-|hkovls
z;7J}hmElo}Zbk`vCw#6xeY&<&94fj6&7W3g4#Ls_GTRhtDPBbqTClgI%$Qw$X9A|Q
z``heUbAY)Er!t@~CZuSsnpr3ENd&nc1EztXu1z>J5p?Gk@(44V+K!<!`N>r2ByU(=
z{M!0Tl!FrtmokY}C|}y8>-oFS+*ch(;+Cw!fLMl2NV1$l&K`9L(xpP=62@3eVqKNm
zlG6<9F`LF}wA~U(G(KlmLxZZ$k&dcpu~L^n@hskwqF+6ZLm|M`P;+`c(5#Co+9OjO
z`zG>bhm_+c<4v9AeMrZcG&>oi8fAmUDjOFY*{t88PKRhhf+>Q4a{;;V+&^@QXekIe
zi(pfF(#CX7`1?@U?tY)4dO<lsfEqPHo*EQzX9az*c<MRIF}D`a$?}kMSb6@du0YMX
zQ?qED{dDOCYB`LJ)B{#FILwK>U{uz4()oKQhu37?$?vWrDP3^z)xBr1fsT%+X=?#R
z4oTRJg5p*f`d1z`lo3H=CA|hdQ6Y26F*lV+X(&YD>w<QduoV{fDBV=NqG$QQ7I-ee
zvqhwBFx@7tt+$lI<%zIH#9GJ)Wv&|<bXtz!SDS?>;W{M6TX8i(<Toc_z%uUvc^s;?
zzogqlXd&>Cj~^+_!3s1&rO=|IE2=dyJ9hJ!w7<|$G)EuMTxzW7LBUvNmXa{ueSa#^
ziDSW?;5^QRpQ8vwNa6^UgwW7bO8X+6vF?n-vN&A5w?dMP4i4sU7FCK&c$NIVm`P|+
zaR+qcTwJ>`S`Iq$S1}-qR3$+k6g5E)6r4&FRup!)1}gFgzS{#x6f|Wv66jx%5RnzG
z7S#9uZ)q?jB;-G7aDq3r)~|oCMopAp=L7@&|3t$H02=oHi~wke5;|#-!2erHoPhYx
zm34;xpTz&_qDA@-xs8VF|ID`T43iK`3;EwJ>wf@|h5`J4M_r^P1|+X`^blp*u+?9Z
zkSeYy%c;mM+q5sc2$`rpVR1zWgu+N%7K*dbmo4fWpqTRY{p|vG)%)Cq013vo?xp`=
zVZpEM*>xiFM<G=t63S0ZQ&D0{NRSvl%0wog=JD@&yK_B{$3_c`zTx3zd_0CS$UfSL
zX7lyFzdJ8l{`WOH2IzT@;=|%V!(Q!1l}kgnNWKxd{Q>p#+T-u^@kWB!?k&kfhU4Zm
z*(0b2|Bm#Ks1ay>`a46K9XQutwVA~>{T#h&quj*QtaBz6vSfA~)zEeIce=uLxS4;^
z`Xx@U>A~jIk{G{~H*0QGBVd2orSoEhJb@w|7AxxQUtUJ59e^K+J^c3O5zr$8+&u5v
zz;5qBy<y3avS(~CFdHR0?>bJTiOOr80X7y<B7~+)1{-B=t1^(`U=rPmX-5#nk|$uY
zy&I*L(qf{fx1F4I#Z@$CJdpl~ZMRGMb9ej{kM3`=)K+^1T~^tfrXs4;IQ{(M!v}`S
z6$(4v$C5GS3K06tvf$ZS_r_yK{QYODs%nb%T$6I>%K~vOH*4-M8diq@s|+SS6r$~^
zKI`B`ql38}&U?*HXLlo+wPZ?E*8On$K@j3oaw3#HBCFxL1*r8ggo0$Mf{Pzig-LO(
zOnzC1N5{cN;Te1FRev#%Yz43uK5Mq?LG7CxId!}@7eFYph7lA!!bHctpmK9_z0aJr
zR;E45Pb6887o)_}{BQ)10JvQWDRygGeRr4o{N6So39(-L=A8?M(nZZQ5Y_LRfh`V$
zQZi`ZwVM^z&riSLwLzfxrQ8>?xMeALU}|rp;0bXBGzc}gsx%b8nwR-DEBG7{<!>gX
z5n3v_8~_QMe>A2xju*p^HaDtth&e;U_VtiWFu5cq>=k?O-%f!;Xw#Ms;bov4y((N<
zbU?SFPYKA?hr<N&tq9t;G5R1$@x|#akU9@K^w~w9eB{Y`+k>~d8XRD{M|QGPKU9B=
z)CPrfnGuJiZA5_NrOJ56bjdQ<O$BorSEDWs1GufHdN8n$j@e%a8l2$(H3uNE@`=2g
zKA<S=nEJKM8y^d!nODR)O<dNG>2c+*y?qnddD}7BtgMHHgn(L0Z0kVczba|6zrcc_
z@vo_HexV%a1}%`=!Lj=UZ;no@B!g|Js3&7l42;=bwv(b63>JR?-DZ9X@(pdA#ak%(
z0mxW-QC_2INoJ(Z+l4H3?1E``o+%i*VK6rM8z(D-1aIkoK6}28a(>|79&)~Ka(*6v
zzCT|8KPP-&H&Mz|=33ZESQ*M$-m(Xfu27{gQ85YU{NGMs1=Kk8Nz>$vvCDDp>|kc0
zVC#|5X=G2BscEdRmkGw&+qxNk#byGBfLi(IOfFVWTpseR8bgG$D8fW?VfVV)yW!lm
z5@rmp2@~N3+)QOyk-GzAw%L3_F}?s9Ov`r>LdV_Qw!1~G0e<dDVxk-=Z|N?upJZ{c
z$)#mYj4#)d9ZG*ov>HJXtc$7YHGx#oZ+>|Nr!~k(l&Uf|udgPxI6g1$d2Jt7z+(aA
z7w)&aiHd#hd-5Q6Z~R|{H6augLJv(Y65OxO9%KqpMhZVZy#SExL%-DiU;7bIPQ%FR
zPsQ8u6<$-TFw0((`4a7CiRjiK_GnI9E>wL5-0p0z=<Gb2^)tA)pqL?cqBfD&61Fzu
zL6hB3NQw6~s;}%Gt^K37-lq_(fc))6u7=RS?%(Sd9b`WxvSHr?CBmEn**IyUXWCj?
zcmEEj(OSq^BMZW3Ssm9655qN;Xk-4b)6=hQ9;EwWfye5)2y+%Vf+H<YH#T|Kr28gF
zM<aXz-^HmxQc07;?UUN{xxdjMoEbE*Ge8f*pYRq#-H$$zzsU!Rb(Uj?0T{|em9)nq
z6ZXUO4j3E-L1@3o7|wC@0p5S|ZBy@v-ESuUTJSp|1i~@fv3`6-Gg@aGZ_^NJSSe)@
zaA?&-3*4LfP~Hxkvs=$y^-i!Z`OUNuL;UJqI^UR@bKNz`IPYzV0rNInZHPqL75V46
z!NGU~ho0ChG^6le;(-bSR!=rlvZWq8PCK3@5SPGORpiIpZw=L>g5jPHcb6Eial;BG
zWlLE8v>Ys7xwY${?m8Xc=lyNr>~b~Zy6uv68dP2!f2(_TYysG&h|lS^NX&3ian^an
z<fho5<nBlm;X}UjvIHmlgMDtZH-6Kurjc>oP%FHuTP`zCqEXKQl)J8Lg*vEa@nvSP
zPH-!v_a|7*dlfG{arCFrc%bm5*C=vzDfAWkZf48bkFJup3`t)FGV*xJ(R&6??|yxz
zZ^f<A_sKOX{QXwvY}>MX(Ih3a?6G^HMa{BaEJ$SIkX9*x&)4=-yWSFIbYa;gidcCo
z;#F1&JXcr@5rzB!v_+516I9Jve`}$ZRO3bYnwghVH|a*eB~8jS;5F=R$5T9&&A_fx
zGrE~zgY7RFHEnwBODL7;I*nJ3WVV|PN_`q;dp{GwOoAz$XBYZ0R)2}qnWuxr2KTwq
ze%lQpZp*_bNh5Ot0#|}LB0zI#`X`;j1x+32a3H4nWHVm@hi`Sway(>bJO_XMuNHVA
z<l2otLRp~)D@L}veg-f8DUcY&)<pf>pD-3)vfcmuRkDj6sT@h}F&mr+HHg6U2{;-$
zD8?{DlB9lmmL$pqtGQDSoUlz2$~_*qRlm0~c20!(gt#72-X2+Qo1?iKGr<n3oEx}}
zW{sybBP|*NELbfoAXgQ1{lZ;qv!6BI2+v#5E6zynQB{u(*^9un70|S4&_dHlo@+Uv
z86CL2fomm563i0Q{x{0B+(=-hn}MvbQs<g%TyL3w&*|`Myk%^0V})^t$A=z5Uj59+
zN2pG;Gr-7X1!$%SRy6v8F2eMBeznY+B^cTApic$>=UjXb3AsDdPihh|TPpjU)j9qG
zJP-;VMP&NZXZ^hg4SB0?J-RI0y{npdLjktAKE^0CiWrb*M-QjEp@JIVvz5H=)>XNw
zbu?3GE?4L2%*JMrb!i|RQ2J|W!8h8Bi5^(Zc|cLz=IE$?1~E`!jgAsp@zH!kd9Sd*
zJ=hH}fgASDj^;+O_=r2yBwcaeG7o^Daod$!a*TXd@b2O&n1v&CbU~A9j5%#RE1tWu
zUR`OQ<J_4rV2?kV<;~Y~fj=wKMwsW7W=wL&3Lz*r7<qG&+02f;3{0(RRktcRUf~ue
zmVi>U!&zYDHq4f09o9tw8pWq)BLj!merg0ni|m`4!lm2YDn=D$q!A={8kKFvW027!
z%w(ET?T|v&fFyEOSBTB5<Z8C}h}aj|S=7R5yr19a12sQZ1<Lx-$EbpmyGl=WoU4=m
zyW`SbE&PfM-|W458rA!GWLwvFo9_P3qg)YQJWHNZty9dp@a5cE<z5ItL$1RUySV~V
z)z8sH+(Ikm!^RaNim0rDrrDBCD>e!hCTutFB>5s?_I1!YUAuKxZV5y+%*a=6$wlv4
z{|qNh%`*jBiA0KU)X03yY|>k)Z2Fv3E~$LiwrXnfySP-}tL<86)VAhQ2K?}j(AC_h
z5S0xm>MKEWb+S@8WqZ-eqZzBc`2PW%jHvi4T9Yu1ET!QN=&6PfpTtoP)U_qI;z2s;
zs=*?VJzYQXr}hAqAO&WC>8C|*D1{z<`s?h{qOzE%CoYPi5o<8?Mx!RGy)E>H*K0T7
ze3$QT;|*b2JaiVsl5~vcw5w#-Ir&z{KDUnN<f&xM{n5}n%Fg|4Q$uy7`?CjVi0rug
znr8h}`6jra1G1|I<0GTuDvwcAPTi_&4owistuM%?6e^-fv^Q6NRutEgXH1odnbh|>
zE5D!ZMN}BeQK^DTlFexj9uX0diBl0PT4`R19>K*)+QO-1QKs@jJhv(`C9}cPS7V|C
zgexiJO$;zWGnG?5=KrQ@KM4kmKY70uxRx`)X^beB=CqCH$SGybHK!McrzP?&7O@+3
z@K`F6;v_A}^Ok*XnKS>n^OeCA$(ZFIm}l;!ya{e+oGcIqWpPm)oTPPXEK4jh)qfaq
zL-CV==`R54sIfDGtJ*VP!0c%E+ghQG7dSik*9mmJk>&cJZe3e*c@1Eiki1^tVXqyJ
zR{sT|Yr>_-9^;)<BcPU9P7&&|ef0;GC50Y;2On~2U`Xu^+CIoVyH0D6F$a9q3<`x|
zRV}P^yU-!2rdb8HoI;n~GpR;bWk{h;bB{`IP9uyS@16w*dT@>Q={`10DWq~t&A~Uq
zSSecRBm$;Kq`qvqP6u#QfqnDWdZH%7h6-J^Kn>iLVNkudf^(i#w~rJnBis<0%9{;!
zooZHlt&oyZyLzO4GKIOE6Qiqm=|;7zu^MW(%O+j7Vm&B_1vr!5L&=4iYNdV!^mZHW
zzIk?l5NLZvf|s+`ON^=|hyV`wwtM=14tSeQwtcCC5486qSOX9Pcl)(ymeuu?R?fJz
zrbbA~^;?G}iYVKbXS^xT-Q&Zr%F^QtmUNs8KW$yTsnT;*!f)FW`cD3F+jRF{PR+)g
zh|i0pdsTf^u)jI5;r0RZ{&D~MZn`F#e(^H;;A)_UM#Z*lk*1nBeDa}M;-_ADtw^zf
zg_=eMJdYEON)12-!}qSSZ<K?osxHr>_4)c+Q`h`0C1H<a)s^1(yu6LmZ5kd7Y|Cu|
zJ_D#7|1($naA&J!TkOgEQ^n1WT;VP{tKxcFHXpKq3P*IUgKWf-O$!>Ip!56+n=P?v
z5t`{5`!!*x=^yIs&s(vHQ2|G7Z@W<Cmx>w;ryH6<1O5>{<AJq<Fkg~5{^XW19BltF
z8@MyPOlwmzG*R_!7_9f3uuY{tdSY<ZK|{Pl$_Wr;M+Ag}8wQqiV&Y|Y{d=2tV~?}u
zcLdXo9VF1_{CI_no94rCUNB64&W7RaEKs;}rS2Jxy_BEDj@?wqG190rTxue7umafc
zbyji!Oj_8#eCnixL&(#{60Cq1-Wu5A??}a~(HGL&+gx=yy#m%8QK9dGS~g0nYsrqM
zt?u=HMnH5Evd{A$quZ&fveb@xK4&00sDkI?F-Ejwo?9r|B1w;^>B8K78&%G{BkCvQ
z7s-bmo+Mr}61B_U2ifa+&wL{8CzLgj9#Ss=b3bULDP`qylf)MZ4|WQ!Y2ojK+||5&
z9hBVyb4BIylb$G&$4!sl*hKQZ^rPAHqjiJ7F(kWt?I;TY`fh%h!wW(H6bq)vcQ_Ey
z8X-(sIV~d*dev*tg~?muo$!IlD~nf0RwwlIDM5m2?YPH&hCb}el~j*fZPtd(+S5D$
z(70=VniP6EzE~%nz`c6Ep?{lhn=Otg@K6#(wtzt`HK#LMZ`mJcQO9T8Ll6FwXtrZ+
zMQN5mmtFwUofkO7qxf6HC2yjgYP;bvNwz1p)&=^QxGpztJ%2NN)88qKsMM%!J0q9T
z-kh4LK5ez&T5xWKDv=1x<T7F4d<sec%Y;<)%T@yUjc<3Wx16rFZYLn<Q{+2*TV5g_
zbKcY@yWRAfgkGTD{q05Vcq~E6bjS~xR=i$t*3qlvc?_8l2Dio$KQ+`_t&N4o&aCJT
zky2!g_V(e4-_@A`#F;2Z<`=7{_n)wQ4R&+p<A=8E84LD>Fa1pldCVGt;x18uL!>4#
zl<+n?fxQ5OokeRBd(CYHL-wpNr1BfIo(u-!=L^zr#@1NMT-#^2_N>FGP0=ylHR+>C
zmKYbqRSH1^RouwD8@&M2j%i6c`8cUFHEu@hi=0mmkLv)<n#uL91o9c)uGz_A3-e=-
zjZ5WgC>%{6tiM-FD3xL2qnY@CCCI=WPO7!MuLSZRzb$sWHw|(=rB#=mjyZUb+i|yr
zL{8g7_-Y3RpXwQd%AM%DJlnU0dKnYdEoIXxnvhj=5bf@o@!>DuPSKI2rS!uN6FLx?
zz{zw)@Hj_IIlm!v$3}^;V-_|`T_uT!^!K55UD}J=Mt(#)Tbs&&0BC&x6T?~2WB7U>
zdx*{N;Qm#3G!PaWWj==DILYGvl`5p`E1;CF@%mITI)3H9$?nH;CEe)pYB!?@Jw3ya
ztFLB<Cr}Te2V1WzK$u~<dx;{*J7n~@DP2JVe4^3V=lSNtZ^Xn-<mm{h*v(uoAh{1T
z(V_fTk*(7##5+G&A9L`4sNiZg(Qf*0PGWtmFg?JJm(GvRG1xR#ErToZpBJMQaG<va
zgkthc-&Ha=D0b#NCTDce;%*0fBLqtg8qk#qa$+EMP;+-Rg+e)Na(z|M-(I4@K!qn_
z#wZZ81O(2fI}DEFBdC8{r%}M7UO_~GxcjVo3<Sit#LNaU@8W0yu~6)FV7>vM=-vr5
za6l1YiQqe+!px{34m8dpLtgl9<JddV2CH7Ra^q}*(GLyS0p4$)IR-A05PN34y;0z%
zW3DZI9sK0$n*aWRn4l|!kmuZu5*iCa=SXpG=huZgSet|=`eTasyHv`z-SYuUeJ6n9
zXY`6AOZ!isewsu904Uq<7icqo&VVW6kdNkCy)VY5>z;@HvgTyBSFn|>8T<PMy$KGK
zYs%WDx$q@hbC{9URP^#?0*K5UawT=!Cxg@9k2glpy-%(k{D7<bj@}qEQqvVyrIuh3
z5Tg%guKJ}cNt)!Gp!Zbb5Hynj)@0e^);>W_Cx*`F-xRd4fI&$F*2>|Mx2uK-y_)Y`
zbNt`Z$C)l2Yv$i1*#;BVH7iA|4lI9`f{%1vU0KxelbDtQlG0{=nQ|$(D~E+4>N;|{
zK&Zb50U9GsdsZx7+C|d(o2cmZ$Is9**9qKxPlWk~gzhsh_-Z%vX&gmBRIo4-?}}Pl
zecN4Hj{+bj0m$eDh}O*q|EsXCfXS=b+C_@HyF10*-L1I0ySr^D?(S}Vad#;0P~4$7
zl;RFWZ@=^3lbmz&CwG#)v)ANVBYP&9Su$&GhNzp)A*7^A)<tusNMyrIPueyVX`0+_
zLVdZ4!hRwh2cG;Hy8q64jAEn4`hu2yjv!3EgA!B}9`0xBSGImO`RfBa`OD7MDyDx}
z-H-5fB@JiV0)!3Ln1`S2@b=GbJ2ed(S*QHu$)e&|YF#jt(1ScW=M0_$Kw)d%Y_#|R
zg^4tPw6&%gjr&6)vGz%{Zh*z|psUNsb#~H;0O!#h>$%Gm-1G#}jrCfcK+-GxkdQm+
zQDcZG|Lt{enpb_G$YG`sTty)zw<o~Ehf`UmJ4>LFS<JSM6@54WSaeS92F-oiFli4;
zMnM#92^t)`rR<SZ>IJa_!mr?Z$yJoLRQZCH$P!hn99t)59`ZxT$j=H<$iimGVYw4m
zKgxuokIH*8@M^(jW$&Y<Ny=`*wFvrvcK?sxP(ES9_|s!1{drE{3kq)f8+i<1-)Z3<
zI2pzcsa8?y`&k+S=@sYBTO+~M?S4z8qbJzvj)SD|*d~i^I!Mg`GbUQ;xta<haZVg_
z+QYAiWl&tU+B-Str#1)6DFS6=WAu|Kw(#+n!BEi$@mu5|r_A%Ah4bpx+gkpU;;}<i
zCq@C0Iho|0jBA!|5_6}Jsf7(Ax)vkK{LKC0ovzIbO$eA;#!2L1p@=m+#<$nc+T=`S
zLN5E4wNbi9-t^djadQ_$7r4yo$S?@}DRc(9j^I+b&xypSKVh<e6k4c%n;F{44*pQH
z%GKBDPEvN>k>Wykmkh2|_ha4rhU0rMjoM2C_|5%5`H4-8#Z{nC0VvonyowKjuzE7h
zA{;-DSF**`<B*muEZv4FDA#diamQamr&i|l(6IC>rC9+$hYpm;MfI;%>08AEM;W9b
z>t*^AJGGW*d{}P=H^b16pYo=%)Agxtsc<J+5(7Vp?)!*sXe0~%*WKxqW|2-85s(@S
z-dswKxRX?UD*r54{OQ?oky3rLQ%gBV9=HhR(&P@rfC$gZLj?phYJ8zAeDi+4ndfOJ
zT3xYrmX8CVc@i$<j_3$R7Cp3^(boSmM6|Cc$OTgvWb%fGU2SEGob#xv!x=NDl=75D
zBvS&pXQp$yN4t25N9sfC^9PyIPRz!+cORCMxb70>k{^+EsXxY;vQ?&6E6&Rt(+^uU
zq&N_B(yC*&$N1gW52ZDq3U!W-24Xv8;8JnRI({1nGO&8lT<vQsHo0j9cWQ_ql|S{S
zo?HB0!az>L+?Pq3vUBwGELW4{YeR(0&{{*v!=M|viy^<v7MA5(geu5=a$`$2U`C&*
zz5`r~<<Z^e>YTy%C}kLG85if5Pbhx=rbI$Tr2zrot<RAcFK(<db1S$CII3P3;fAnI
zn6d!vNvP%ijM`GA#vYhyRBCIgDU{>n-o8p@p>Fl&R1oW?-`g2KMJE!nU>|AHjxSC#
zj1HO<LcMaUuCM%EGBX#FL|KpZzJE3@sLE5x_Qrf#;83wRVf-GIW>y~_3|Y)<%oJ((
zATvvq`*fSwmmm<9O1fpt<7EC-Q?>yzQ11#DzxRLNK-2T?JA$OLeplPia%u`6BN-#?
zp$r?Tk&5X22v=|tC>H!N>l@UpDN%~_aIoF&`*QPh`>QaL9%Nh1qK&mrXs4lMhq;uB
zT@BX9Aink2J^4)WTnNbb6l0ysaKr5N%`ax7ho-h+E4IPHZ;#vuIQWUZjCS8(JJ@0Y
zQX8jC5TlM{PRI4?_3YV-;xzZcq9p}>SCVDNG{ub``B)92-fksQ5PZnVC#IhU?XsFS
zDm@MLl!UABxY<15a!CXy781<sgj@o{GQ!Pt6~xSB1HCJ3?m;%WiAp#jcQ~ctMP9)-
z-mLh?G%a%<OmIP5`F#?`7{>$l;Q{=BW#?#ZK(he!Z)Vd@x1ZG(J+T_W;TZA9e#W8U
zknf<=zDxg!)~&g?WwdWYeG!@UH3a9`G~Icf#+x(L@mR>=#w_}Fnz(Yw%Pd&~-MgXC
z#w5@R)ek?xf;HDgsWo-L7@oehzrsKtJW>VmNNw}OBIeLczt+l@7{aeO27pxqL*(G;
zWgqNguk@%eNX0BJ2;Iu5eR#5ZNSh8YoVphGzss4J0vb;$knv957xgLERIk~gVz6X*
zBMvjKio`Sq*{{*_UBi7neJb|e`W9`3C2XWZWGEX9@QrQK3190n6ey_4_p*68WxPn?
z`Z%C05Fpm6cjU$<#OgP^JQjR_A5|ENdquRKSj66*YFBwaR)&v0-#FR`r--_pGDVh5
zu(p{uyZz+i@2+_PP17{E&Q0WzLu~KvF_JBwKtfaXgejsGEK#Pbpe*OTd2-SBO-(-N
zXx^K)%i78|Cwdn)QVM_f3=+Zdm%9z@k|VIYmp+nCd%66kS@>L?qq}P$UFOcOa3&0j
z8vW6o+=$pgR$62{Vu`(*;g%7LmGg$q^V&aFL0AxkMr1m2e|HZ0l`w?H_8EDosBTL6
zn7h)^@^WNZkS6x70a$1cwjtPaS2VkKzBF(+b_7mY_c>VN$ym}E|NN|;obV^GzdF1X
z)@0uMU7aVkxrNX3%sdKUUe2)&{}r2LRq`L(St+0+zCYVdiS@j-GYm(bLgZ2q7bE?F
z7;w@*iH^2MJ9EY(6;(d4OlBbT_e8+Nsz4sjQ=!x(=(ES%?<Q4h?8t^KN!E5utKfZ4
z(!W*)MQT{iim8jxGm5=ZMX$PJN4*B&OzV)Qqjl+jf8YHB^CuNRpfJ|ehBm@1+ZW?+
ze=*TFxrS32J8dvoZlcdwLG^PZF!3!<dSzb(^wavg!N{9v8$Z3W?%I)C&fuHDf?!e2
zXd&<;O2xnmq!)PysYNXUpGDLiY1FrZ$61=(c+Jw;2b4Pyat^T?^hr{TQ6>%5xJTs_
z>Y27kg4I#*kc<IBy)mlmJguIvPp7O*kj5&v1De%%-FL=o!J2(3`Bd;q-@~S=rs#fM
zn__$4J9a$P@AI<zjJd2<H8LHW#>0x1Z$Ucan1=2%+z1&7eS{p&V1p9+!euz1GQ66?
zQ2Y3_y&+8A6}WcU-MDZh2Frz8|5TwckI^lRKI6fW6Ac2OTv7#N1nNW73MAdWUu-$-
z#D6<ctbJoY|67Ip5FuTZOQi+0LEei28y6+Q((tD=P=t&+6>PX`kVln!z7V3zI|SXp
zvNp&wh<v5DPk+*^Fbfj<iQnk4?1d&X9zpw+tyW2C8?K3<JXZhETYxA|&g_6KUqG=4
z-7=qqfdB~B8HJ$vkyO+2={FQQr}nsc2xUZVH!F>JI)oBsl9<YXeFLSw*L);FzF5?N
zr>LmlZY3S`qswvZTudI^AWn{oI*lq_U4@xC(qg9&<Pj+%50t0j(PGqM!gEQsy}JsE
zR{#5mo0Cu*<`6wKpD4X9M^57}$4^RBooyaHKj;A{VT3<HF`<o-?M=zx>3*2zDm!o5
zu3`$*yoc+?H4xrjWa7P-v6t%2&q0qY+}v1*V-Yy&J2Waj`g9M8C60t#zXUrTV2&5W
z?yPXnu(VFWU*tdU+}*4VQ;?=Gn;S!F<JeIX*1v?d&`l`iGcP30P$T+K#GI?)tRDKr
zCR_vNdw7375ym&lsNY0L_;<bFt;!jjr>cs7;?@KiCzT=WBb;gyG9QTr#`5YOxQn1-
zIHFtllM5aNz2Wl**AFD})1uGd<RC}FDUtPpocR@uX~ej%UT5!a#+g}H)k=oZldA=_
z>q|6-O?3j`^1<GCAmehpi}7UbPXfM=uk`?pB#^67brTW_k|7>_UGPD^t&qri_iJFD
zCW=2^VP{~1+I6s^<btf&HpLX^!O644S>kY^w5jvgypiQFNu!{>ebu^gbg~lL_N$Nu
zS>uSKic5Nw^5KBLhCyKFnowC@AE)G3!a#yuX7f?d<Ef}H>bRK+s<SX8hqgZE)+8Xw
zE;pB&Bc3HDVpJ=XG$-9R)fi;$^R#Hmegzh0nDb}WG#Fhi{IejcmTWXpB-sFg_%1U;
zL^+-RI85rFH>04!LZgvIU5@ZtVf(RY&`1Oh&dhfAEa<^tSR}ES4)ugg{%rbOr04;v
zjHZzJ>WRgf(wZ(+pdlmCfC;|emm9DLSIsUxWcs#s@S(E7Ru_s83Ei>jIfnlAaqgm@
zB9wF=C-7cH6e=cUy3i0TaK~OxF=*F=o1T-GXMYo=mab0J!1WA1W-pT1eRzE^FFI#E
zS6kcX*h2k2i)UF7F@XE%#uI+RToP1PiuGbvg%KQCdUtuPJtKB3zL;7L3I&iN-xDnw
zvaT)~Y}IJKbkxnHQET0i^P$QZ*`CS&WV5smfhj8IkzXd1LJ0``q%$F7&)5-!qlY~%
znD;6T_CstEV{k#|tLeRp5}jM599-gZIPxJ<;rN=5#Dy*&8theQN0a!cEI>)8;w##Q
zQtRx)7|h9XT4XYYT!32r(kDPsG8a)}G`YoPoX~J1EV%$@vltwXiv+F+CGdWx0Il||
zpJngFK2q0eiE=q=^F9as1deAmybM?DKws<F9n8JolsDy<8J(LcM_CY^Uow%21W4&~
zS6MkvDSMk#8cQt5c)NDPMm~4TI4L2qQH_Kv$vN?Q`Vh>UxGE1lB@6Jg$lYMs785bx
zWkNa_sZ>|g_pGCGUX>U58j^~gl84sKXkmd+V>UQEI#pmg-!*j1HAI9paD`?*9^V~X
zl^RD55z5P=DNte`Wx1Tx{}f6Ql1e_MLj^ZWUqObI597G=d88MTTDR24=d~3Vo1L*}
zy~r>MhQ+(NZ~8|whB{yXht->UoEAq~qY<*ZA$4>g5S$6UgC8u+T&VlC^ZB($<a0v*
zk%%gZuedk(5IXj$gTR^EhJ?4+*;SK!wA&Hq3<UaIxf%AfcNWz&)?xGVrA;jYl(@os
z9cNrOf;TE$lk7N@NEP?XvBUz`Srq?I5*V^rIy>pLn!}M-wo>3F-1oz}e4BeJ?x;v*
zySC0Yom`Q4Iho26rhrMbL4pPtj?t^!?Tx>$i9A}N?ZAK3bf<dIFHx_vzo(MxQ7l$y
z_F&n7%PiZH(nw@)Izw??*+gW^X2WUC!)77zAN1%C=Nsse%C(q3;E1XaNLJyW!r@JC
za;;=pN1PYb{u{jRVnhTcDJi~%XF33yi0Jw|(yr!s9&(FA#5&hiKiS2hIGlWoPRX#V
zv&3^4S~#b^?ZPyS^e78^@_h|SL%$ZC9?Z8b3`s;<os`g%U65m*03Ba40Cq?QdGj(^
z`_RC{gn_=B?Iftwh=M+<jB%f>?BI4<6hDm~c|XKYO$e~yU?xYg=eJ)8>mYX-3or(e
z5nl@_j;n0cx+@^8W~{`=2w=-6BMY=Mxq(@ct24Rr>%qY_{&iY;m>9vp!LvVwF(p@X
z%#f&iMWgfV_J-}X?^CD=E0;#~@YD7rh71n!rDcTRa;q3l=(+j?D!;~T5n>yqkp02F
z)o3bi$q#tP6HY#$&ho%!QDQM4An(&zdOMTmSkWY7(lM{f&F+=6aGSdsrjDs)-$cVH
z&|(>&UYEDq5=g!@(vKg3JmyQQMJ&KWfIqJ&$vxUH9RYfGSIU{@@qc$TDop1YGasK0
zRF%|12)-w$rIj$U+enT@ciNWjUqaYYG_ZSsKLM~ZOg)d$?nqg#Wlh!Gi=(FA-4xWe
z3a=fOFWDusxGkTg9N<dQ!&Gji@v+-)><RBME;+XCaKGQW?FU(q{<SC&`lx~n&Nq*V
zGykN_yu#oeRcK5CX$SLrM;o&A2yg3VC@0PZZrfndG+w)>IPl-B&ihrLMl~5b$=mJ^
zCj%s=PU1DB7r5D$Qmn%<$B7nYCehPl{T*fg`x?^IJlF+=j2)ar2UJ8w!Ab6N^i}LO
z+YCkZ__GN6r4Lm?X-l=v6BU*elwQbnwnT{V$y1{+Pf#q^3b0*2IDMd?;sur%qR$&n
zJPiiVUxP)elPWy9F7-=4e15}6N(fAc+yE@86p{PBH_yaIk=tjFPV(cFe`TQLz8lkw
z14LwNHk2=Zun5|Om=eqSSGL-Q<HO8qd)eT2u&>R}%&|UHIM{>AFX5)}hS;~i57-7i
z$C>(M>1Io><TvG5RK!0dWx)JBixlOwiTcV$d4clE7wKCj$;}ASB>KFbOUq;%p$@3f
zXb^g<($P%`Qm|ty95X1KYH($|Mskj?+((ueaU%=wvYMzhcr^{T*~s!Rdn6GwROGe2
zyrr#Ql|u07y(SSdpto`Cx-=bh-rQZ3H^+Wv5Qc1Ez6E5Wndsqm7G(lteo11H$=?4;
z9vHV;yS_X$+S5B5H)?en9@Fz)gCf%;6#ny}EDr-KqG~!VL=6TeN&*h{U%qkr>Qum%
zAvl2yq^4L)OEz^)m$hQsca3;n*>1cXyakSrz@zlJ@_EM-itWSPOG10?-0h6{E=V<m
zn)Jv|xITsLOrh&cb3aa63W{%E*TkH-zCto`ILRq5GxxL2=x8YV*+$`)lv}oxSC~>Q
zF1l8JRxSxsT57giq<B;<zm#uoYAps#+P5!50tl^}kYv*>Oh)79zmj-pn3;p<y<ySU
zkv(J}(Bs#+b_>F7TNY$=Pt8g+w<0dqC2?s?J_IV;zR@0-LGm~dc7{%|eJJ(4^WKDC
z(;y@$3puvMB{6rhY=Si@?eeo9piws@uop~eQkIOzns&pI%-tIng<>f@6M+E5ckGMM
zo1RZwIMjzb{7Ve*N>pka;SOXlhuiwh19XcwH20mR80}7mc)RhViG1Wj@o%to<YN1=
zd$cn9v{}-(K70q6V;k5Q+f$>zqf0qtX=Otgs6(d~bmm)f5fQ=&Bpd<)chFA+h!6^P
zP=+PVI%^I|#t-QSF87|EhdcrGyAeiOmY=CwrVcyek39oTU@*6&fi6_)ZomttV3(kL
zchpWR+cSYPfvNr;P8~iOf-o`uTP4pL0p|Pjm2odfpIOLoaJ@6N1#9!vd2$)uzm~uv
zgH}qAR_+l(8Wp9`u&rNd&bBz0h;^_vT%#+AloG%EJJ&E;T+<)0+dQDj8Nu?P(LEnI
z*Hzl17X$kw+GXWbJ)0U$beF|ajlVc3PFWez(<>_D*g_-Vf*Ex}7Twst8(D4CDO&%y
z(exzfW+H7qdc2p}rQ#3g)d;K~?nsweBltEk{itK9CHCP5>UrF4&O?`$(b*<c=w8x^
zT@4jWTM$wT=W9ShRV(nS*fO7S!6Yd9W;ac#k82<(>ELDC$M_*Er$_twH}zxZ2g3P}
z7H8uZol6!kCIXN)d5uti0<<kZo2K^ftH<?J1?aHW!?80&`}A_bzTFTf->20N_7Av!
zCVo)lM(7p<7+3%d*nds@a@Bv_MgNtW{IuA>|8d@|(<TKRv`#wF-vfcLm^!ZxMvoWO
z<>e-LZ3!PBgSoaDNm(`}pAze8Wm^_JLAw8k&3H$k%7!_0)|9~QRB7+KcKE>omKz$2
zZ_4Bciz`j0?-a`M9rem3FKDGh*zw~wMv*!=0zv3@4^_>FzCM*jBDc?-9{zNNyCZV}
zLYy2GDjE=DfS><d54&*QJTN*JCb9NBp8Ux@FeOJ84{LfFJ7zdx_z%hm$jWE3aXPte
zqlma9#n`vJ^8PrX64&f9dNK6g6y4&R$*X|gM*;sD!%c|I)aLmz^2Yi0`#P=m2Okn8
za+-q@SHjY~qibQ~75>g}*OF`3(ObYY*vJN92{91ky20&=)lV>R%;9Bs^ux%?D2$M)
zJ)FiBWKNN@X|gl9rqqu!G81!ZKXB>7l6P*{n$_Dm21?n=YmkI_*|BKn5O<Frra@vd
z`$Uo5l_oIq+g;rzsVS__<7hu%o+dIfWVj%lmJg{sA!GH!w)!Vi`c&}FPSv1-;k_`U
zh73SVYxdb`dI#_exSU{PkNk=ASxal#N4J998BQp$n$nbW$dkOSiCab;*3dH9z+AP_
zd8V;uG8Gz+9s5CK(aI}_m5H596{$v>K|Xef?2T|~G}+MHKCrp|-4+MNC;9rP-3$Sp
zmJybLLOo5xrL%XT$#1TE<G9t!-7<SI>^uM!+C^A$i$1K82u0X*t!IV6ds7fB`Fi)a
z-y7+X3<Ta2jZZgJ5S<?Fz~(N)nJFF+|HllMe{QePV*gafk@V$Egv<a};R@1?^PsPV
zkp~0K+YqF+U=djZZ*aq}-5~bL%S)`-1D}O0N}SKSw?9(^2ynt)=?}7I=!A?%Xai%$
zjg{aa^g)s7lgN=s%;3Qv9zjTO-!LB*(im)6(aLF;4tk>zniGlRdCGz^mHNWeJ*yym
zRdmYYc-&pkhq4L5Z}ZwiKlQxoAkywtZ93R*e>_fQwn&e-9%Y4Sa1-K|w4D@RXfxM#
z_}@n^mG|CdFx}I{`MlM<SsKM+KL8)+pgfZ17blgLOYM7*N{IJu<kR$hr6H42zJh%F
zFO(F+y6n2P^CE{8ho(277F+&(q1XJbt7-yWQP3Xl7Xv??;$bX&L)?9pr4znk*}A>%
zIBArGeHANJpaF-X>H0*odTESBGcF(F<&Ry{+cNFSq`4|QV<vxOKw?<9Ca{T*X(YI=
zBZw5G0#8t97>0WJL%Xu~=Y;E#*7Gutd#Kd|$<LxD{2WSRtz6+Zl|kpU+{T9TGzS%C
zM(k7GWm|nbhS!P3%HC#@?=RuF2_r*cF7+3Gc+OCTDVg`TG^N?LBnF{v?$1Vh)Vl3*
zu&bS}*w>u+ZH18n=DEiY+X0*<lLXss&tHM{&L#?Of!8PD#@|er90@c_fM0jgQdYCQ
zdVJ!ews*1dYKEAXuPSKEtaj~|5gbOv%RK&_vcD=t_F$tw^&n7m(3^<qMwaZu?0!QH
zB_t;c1B(~fV~#yEGbc>ceu3bQ>V<3J3lBXzmrOux=+-R3V6@-v)dL2IX~{WbU!77*
z+W-{Rq42P38^2_B`y!Udjk_d63*nojq3D8pXI!)=J;>G=d{<UFr*$=aWDo^J@8GJ{
z+>X04jsE+TkwIBCy?pFf>nSWoJXcIkn}vX2hN|5&EQ;Ut!xSTaI<C~ei$iw3L$qkW
zudHbd^19D`Ca&%ZR|Is)6^_emNtcO6278gI<}t3z@b>28sq{w2u2G;!C3n4DZ+^o1
z)FbJ6Qdut*#)u$g_pvN;Q%MLayr&`Am=;^aW6NSy+M(neK594OrMYq*`#zdW`T%D2
zi1C}TWpbySv_Hqxf})t?b7&vi%uKu-cOX~GwZ(`_XU=}C;RD4BxafQN4-DUIl7uv$
zA7#$H)I29pQD$+<1-qG5h8BY8FJ%~a<Da*uXVwj$&t0J0d!YZG&Kz*~%q-sUvmZhp
ztD!YjKWH%6iC;n9v#BJqn$*$<PZsH{>$BFU80gRYaM4lmNSmUI;vCPmZ_#5`wpqNP
zWOP`3T-uR5PZa=kC<D2Z&>?Cz9Bq|hrO?4PCf!S%tKYV7ZSdL?WctiE69K<imUn$_
z<{S5Ge;qz%yk)l$1+Y7GxjF|D=`TV-soxlMz91`xkU+v!qaGD|jnuJ-NH1wc^TJ%~
zd1>}`F&r8Cf@-6sX|L_U3x7se(3ssB@H0|$D4?50g`okXVk$=^+Ylb&5;Aa-#bN!l
z>SD{?-HQNneHrSU;3EizaKO=pzdB{ni_T%6mb^6OXB~fb<yB*a5hbh`n3(?I9y+<9
zLeG8movj_>AEH=)DcS6eZy~Ns?WwW6n#zdYRN2k<X$eHbbuy@HdxGk%E4Jdu;vM3e
z<8OJ$#<GAacy1QAmbzF(xGSmpiM<l_geS~S0JK23vnrmu9urM@VNqt0{FM_*0;`pm
z{GS|Zoz^=G8ZER_E@)bfO=EceoGAK4i=xXL`2hXG-w+Zl^`8AX9)T_af%!LsVSLF=
z<RaztAIW~jm(NbWR}68)M*`BueF>oo?K?;Ki3$L8aF-;>+3=25WO1<+52*KW3;J!1
zf-^eLRDaoq2-oSpL#1F67WB_SV-in`R<PODZjzGQ+%<0udpdVTg7bMUlGNMG@E$vv
zRl4W0CQS}0$G_RBej~7fVb<egmLK4m^kR9_YuPC$hRS+T?S$1D%hF$Xxkr4psI8==
z^g9FEh^iU>%%?>=gY~28O_<Pp{O-`i2P=jmCinem;#L7V10gIWZ;U%Fm}w$WU9nHQ
zH=ANyKg!mrUQ-$n)YDn8nY_Prnb09*|5(vfd)1mbD9Ew795uBv>UkI1cr<uD|M<HN
zfq{+b)1J}z8@OJF`M<X%DMBWq;A1I4Cb)oXVzIeSx_ueDED|9Y%&%XAykM{a*N1Q9
z^%u^$sQ6p%xiN;L14YsS=+lmT+km$j3jg0q265c^sECPQ7WJ5%GuLH1k)2IN_gU~_
zCUU0PkVi48DDfh!gHv2i;%q|2m#nMR68<O`hk7ly^3p8pfu4jMHZte1*NbIek^tU@
zt@VVtN(VD31h%D|FE$$^kFv&JD$eI5LseDx_Jl}xM{}kH6iZy%x^!!pG~W>LXF8{?
zIZkfYV@;S#V$xmuD*WqWAg7?^JEy}IG@21|i(6k=b@R%cJ2H3LTdb9%>2(z^ENd9|
z95pHMo#OYFTl=G8PR?J>mo^^nTLFaBX*+kevz`#S_c|{pH@!$4hf&jJC>0;pDBUk=
z%BSaaWq4K9!OqIlwHv1fp2OSt_mxThSSgsJ_#G=U7e#%Olu9_%Mc{c0Q1ArXtn3<#
ztU2xuGa-(#6!;)KiiHO-sCgIm$81nc;nsKU8uGm19w$mD&u0T?P8Ro<cwlGADi6Yy
z>$9=CDp*93q9RXHyjmPmu3^TUxg#X~xF~17MZIv@Bq}wyd>AHaPlB_8HWs{hlS>iI
z&k2Z5@eJ3RSzlT(+Wz31S$nw=N7@#gC`B<A1^l>{WvFJE<Um{1?TB74oxC5KD1Fkr
z@vYXKc`LSIxvJVkps~T$1mHWV&s&&CYxOERz)tPNw++71b~+sT6%IU_t`Z7vxon~v
z16mCZTIljzV$m}PrlV{UH`-ApQ~T1)7Wa1oZSi=4oO|(A+C38Tg|nQ%-Ndt-g7Vdb
zT+o1$Naup0I1mQG78PZOtEP$djr!ya54p%qB+gti*?b?jkITec4Im<~svt2H4Iqqw
zN{%cgHhxUqGy@iPoZzb6HhpWnII1%oqLeU&sLeXOz0mv>aK?BZh#)YG#~NLppkjk#
z2dlEB2@Ns0*?)1_nz%DAHo}ZMU-Nf$4)Mue?~x(;#{ps=+FX;8B{pO!f>)Sodk6<U
zAzzKZb|>6-YuKO+0Q)((`}jpR8VTe5m%VSNkK6BN0ndlM1%ZFIK}Nva-DIy_nR(&Q
zoYYPa`8)=kj-u?C1duh}SgguDgHPTtZ8k<-iS^;O=cg);cr^$->KvowkvocTT;ak*
zb^qnwZv4W@_+c?@?cos8st!+SHK+B4Z|>b+YwhvN{KJqdfFJMaipjh;zbBv_O^8}9
zo%p^ZjN<W8axB+X-P2LRa~)``Dv=+EYFf?MC<K0ESVmo(w!pY2%E_@R3{!6Q=*7}i
zt5e+sSFn<t?_hL2q=QHQu}+Rj!Sv_rrVmz0+Z<b&Jt~Xno*BK23hEDb%wPTrrm>_b
zP!?#+jH{?{0l?INeXC1hQ#FrDtjH|9rC3QQo{pds9<N#LzzthJ%Sxh+@{s%h*SvQW
zf<oG|EDN4tZel^vs!MTd1{7^B;~ZkN^B96aq}Bp%?B2_U{R2-}`}{lXX$x1yjW*W-
z5iJ7)7%w=123ll;#fq!9Mg)7FoRGTYw4xB{WE7;o5fJ`5UyhgNvRREie3;Z!xgqT3
z8iuv`9SPbT|AJ$kA~LWi{)p#bvW1A0WRD`}cHoVl6d}1`d)~gp;<!wHj%*Mn^37zc
zaPWs`jl$9c9FO-H^lt-1*9<dR7B@NUk)Q5gSCwcw2J?^}tr4}_KIh67n%lD)lA_;C
z$?N3mkpa=^<J}TBV0EZ}x}amhml>t(C6%nFa)Z`z3x!tYgNj45F2!M5%{u9kkg2G=
zUL#%1LGIxTyc?%x7p*qN0U}wsUvHmiANX6!jj>)zCR6<^f-YA}*?&UQ$_DveRmbr(
zim>wV)*~ZtQw;E%uZ4c2+X(rJ)hukPVLH<fSptN7FsUdTcD7fs1|DTj9nrCm^#AHs
zH&zz0BpXD=w4#1qV3QqpcVJfxHr6VX_|A<FDHayR)_?^rBBKDkf*2eDQ}{-miPGQV
zIZNe3pUmN0LwowwT%+L2?zoGp5^2eXP}k(fvJ!tudBGE%=sk4bGc<)!465xlJba@Y
z+XfKpL3S&aw*!g!di)TWs|>uYwtMaB8z7zZ)p4JptQV6QL3_KR-5fwbeQs9bGKqtx
zO#2&UqflVWP!Z3ZsiYZOe98~g!@2RraQNMLgePaJB%6y-7flddjHOo3uVl_l1|7<}
z=1*#wmhg}n3Q_2t)XIgUO60~%_jk-~F=U`A#@lnWDkyFhoh*LHTu=V?^N?2_vXv8Q
z53WPhJNzz5==&>I7|-di7e3jB@TTfoh`ST5P;}TXws{PTYADJpx=<@a!Nm@$atyJw
zmhcg2b1fug>wFDO=3h(eEFaj<Pw&o_vQN%&mK`*Zd`iQP1gdP59#b)yrS-W1)^z~7
zXREps7Z2p67z_%E)XSSL&pJKwQY(c7Zl`?cM2eixqBCb^d@j7Z^=RhOnHR~goRL2D
zw3-8Q;i6z8NlrN5qru`MXO9f=l2HV$VGfNJpGKNY@D&AiiX99G60j6?f(tn1qJx)2
z4e7Io6~h4|9P%W~M;t%3wBxoF3_rjb?FP>gqHckML^^HcYp1^cjx3h#+?;V?q1;7p
z^p-fj>38)9L#Cte83?yq(j~Ml==dV*Piu$n#|p2SJcs&_sv2+mvpk1}6$X4RjfubE
zhL%t5MkzojTBent1ZjU_J&R}tB_E@;eCDCgu~U_^0#ajZ=vI_q`l(-I(IJ4dU&f?^
zloxfOBz}|cpX$y^hnUnYVQ$WwuY^X<kXax|ZnL<wi5)dVm27^Sqs)bc`Uc*5knn6%
z4{X@*tLTq!wCA;h2z(ARYgX#Bw7+w&B6@7NR_U%>SD#S*@*vA{fyZ-i&Xj=r)tWE0
z+~Y}(C;3DDrmw1PX@opP@kkFaVof>7m{xor9<OHmL7ZDPoIkxhe!IL@zL6W(*)`SX
z9(a?;j@m}qWPmLCDO1=Sr~14#oe#%RX*c>;XtnH1Y`OoUrQ>(I;v&N0Qjrv4ft}du
z<;&Lf)5V!BLBel;sII;ZJ_<TnEuVOY;FEj<ai`iY2ue{_Za#d*p~bcV#D?yF^aM81
z8%Xmk*m{|5oVv;r-`d<Pu3C4ytt!15A(Yb(jh!WM7wR-kj$!+>+y8D}YatAG`1$R-
z0jhN5pT4~q;RWsJiFsLg@x>hJ{VCnja=|Anz8~)Wuo<ZDBYR@BpF?BAsd_jmKkqet
zIeFrwU=Jgt>+PD~vYQnKfOQZLKISmDJx||{+f!sJR13;<Lx2=3&kJq33pQd^au!7(
z+klM!$s68_$LYO*`y;{kw!oq3yCeo72O*Iq$I{@SSWj~Ttta=0UE@^lwOoD&9q#ia
z8>|E^Wluqk>=sm(MzIZ59z5kS$!WSu(S1a>$A$ia=v+*Ww2JyYU}nL!DzHw?#%U-8
z0={id^EobLMlbEw#aK@Zt#F@ynbol<mS(?v<E?#K?DRR+42*YJZ~i&WQQ#=vJd&H>
zb$k2t$o-jmgx$V{RkNk}QbG|VG3GT(*)cXJ?<GKL&^A0C>^U~T92oiS@XV+#xuY#k
ztYGv)J0P@gR^NUSsQ1EC_?a$azTNFC7ZOxk@APGP@12zLBAX|+Th!ravmX4AAVMi^
z;=2y1WUzidlq%-f4ntzGNbNKP9sI%bKcC@N!I)5Nd<dnOnfHc?644r+nKxCVVYH8W
z6Rvb`?CGXV_lzxD(acH{<hzSE&Xq#wO6h8_y-s{MG~a+v4p(RWUtg^mdXY8SW6d9#
zHs=ND-k#OvhnL5^5s=!MMIl!<DtDd>`HqDFA|5@uKHkzhW}~1xH{Le&AX?!}WN2nl
zn7@cZ{B~bB{8d*XXXI{V{lD1uzgWT2y9j2H=Z#v(i{O>uIr-WCR(hUt=xDktH;w*u
zgy1fqAWWpnG0E}cYOrlG?3QP(*=?$m|4kk5ci2hbPrkbYEBP7G2N=b<b(*n*hETnp
zt9bE`hEEsmkdLrzUmtv~Z$(l<pmWYKws3-|V31wbL7g*riqE52YeFatze$#hH$b(_
zV2Vr$>?Q%z+O9s$yeBGy<8HF5Kl4%+DYoPQSR1}y1uOWNv)ooCFb1k$4yVmi2$_Gl
z3ebKnn9!J{<|Q7y7^~QvwNKtp(}~yml8%>OPFQE>s3D+}?p5qcn0?6O-?(@#amd3q
z>2hbzyDmF1$Lc62q|@q=&DPB#f4x`eDnO$g@ujej+S$~PBR6?XHLxdLWAz3vldg;o
zc-g3i6J-uOxj=@JpCa}}3#&9Kh9ebY*SDtNF-LJ|d|z~eY=Ue1g&Gk^6f!hr%*{T9
z`in3#ydq#j>Q#mmkh66!6I3)oPdKB(fmExlrYOR>B{8uw(R{FJ@_mXPN3eHR%&>V!
z{i3P<_PlVnFWe}{l{Ne+SET2O;`fsfpm&dx3m@Vo-+N8_VP4nRrypfi1wSXv$p}0K
zf~2bto1_wMuGG%umDcLq681yEeCoIfk#lA1N|p|CQ>}FY#Mg^KPotxp_L~U9^IxOc
z@6r2G2%x6^+$V(grnBojlk}PE`B&~bTO^|g<oL984(dX5O0u94n^+lLAMYlh8NLE$
zEjA{_6X?7v234<45G{6*7$&^UNRWXS0v46Ig_Jl^VmI_U-MQ6nZ0vEy>fPx23y=(g
z?i$bILV1xf-9?6hq;n$uzbLR!uDF~dEG<(|8zNRFg)ym>w+#zl2JF-NEk40%CU{zy
z-TSU&OI8?Zhth?ZTtnxU3*!U$k+Z2Jgqha1M%iLQ;xNHI5Gj&Ah@Z>NCw`DDERZyx
z{0?+{AmiNSl{%}idY9J9_)5=!Hc>f$8fLr)wNc?M@dD$x6rJ{^a7@udllN8Y+E9~0
zIoTsg(Ez(KUk*hO(<pZV%DRuXKVQFzqNVtk-6uU=!);S1xQm|Fp;KZb%4X<d@F5f1
z?<?=jL%~HwG(iU|ml-KR-sJF4x+6-lubgt%tG*G-%U5ZK5Bk!}l2p8wfbGHzl{R`R
zy=GBD<&*F~l5RLX+QI=c7+7J%e@nVeUd~_trFDOC;XwZHo7++ZU3mol$$~HQa;NyK
zqi6m5ApVcC{{Oy-8NtBpO?;d@+!@VG%&aYx<-s8^!Tx<2TuOs0A-G>kusg=zfDhOt
z{}lC~+=Ty0fHnOK*XD-%|G}OA3)jtvoWkM({qIl_#O{O;G)yT1?$rMn5dNY5hEbkz
z#ZJj|NBt*f&W#Wvg(>CIjqxAqZ?hm~nNr5wY5z^ZGXF*Yi~5IGggJ$bfe`qguKZ6J
ziE`EdG~FTmSIa&BDi6$@9NjG(-I=@{?En1_{>}KGrjNg>hW|+C8em`!7Vakh8&~sV
zN}UHT0Iu^FV&Z6HY2oJ1<Z5pD{}%qA3XK0A8WCMEFgFW#cN<45xBsnz|C|u;|IsKg
zuo=_8obEpM7H&)_Ql2QJ|BM^&-Ioesa4@jQPhenJ|AjtvN%8Qcfp&2FC-?sV9_)4S

delta 28238
zcmZs>b9CT8)IL~aY8zAAoZ7bCPHh{Xwo}`k+MU|AZQHhu{l33<_w4?$xygBMZjyV?
zxyc_n$&-HrnturjuP6f!fer!!0|Fvg7Y{FkB3M_V+z-HLUDAMn{7=J9oN~sC|Dy%&
z><bdVAuQzX=0->T&ByiqOZZ!e?_0|@z`!BE%r@B8EWyen)X6f=#Vbfw_FGQvTTA*|
zQ~g`p<l9j1+tmEq()HWf`rFepQ416w_~Q-|>}nC@;}P#;u_C~`@Jnn>NqJSve9PQ+
z$3$<}*(KP+KiK1Y%Qbk%GdLv{Br6xBFdd|>9HgP1JN>VEXoy8vfM;@qRZ56^dYoxt
zhE{&GM?tdbzXadf64}lkkoF$3-ZGG(7LeIikf9FF;RdOr0FTi@(B5&Ju^EgNt}&41
zX`;1xkmUuenIYQ4W!SSNhVy;U^Ig=Z6Ofl9l&@Qm&s*}9Y00g5zm<LGr(^YxJB_DX
zo5Ued5~$p)sNBZ%#4AvGpt8QIrn;i8xxS*Lp{lN}sjQ=;!#}4lJnTC%{yQn+JN55(
zc;Ud`ivEn6!L*k7jDoL%jPJ7M!P2g|=8pd2;_uSN@21l4_V%yN-tO|A#rD3D*5Spn
zk-hfG-L|3cj+ukL%D)43Swqcb{T)p+-BmN)HAk`WM}G^hinA`Ofx6!AzQLC7%hrLB
z-u9*8w)2&so$0Q<?W*0`?)!m`&zIcc;o+f)`SH2s`H7*Gx$%{imEoc9k>$hjg^$IN
z@8ylX<<;-4osFrToAteuwd05D-tnuxg`?$>{f*_j;o-aSnWwq2r{(3HiSM25oxSz%
z$IXM=t?$d7iIcrG;Q3(s{&@BKbMy4{^yuRL`u_U-?)l;T=<(w5<^KHZ>#K>;2>}Fz
zvRq13NY!KQ(ig#FW60C&?cvJHGGl|?GWnNVX1$Gs`{kjhs=@g}^dX0ULQzA^1=m|W
z-MFl*fpdzhnh9;n*g@531Z|ZptBmD*(3aH=YY(;3<r<j<Um}#uFuCm6FqA^F9SEH)
zG*~LlGE2J}46~+T@O3LvdxGR=dV@u{JZ2Br-(Gls_pVpJqm15*_nqV4o(74xbZ80m
z5dT{NafG3yA_yUnpAa5l(jYJQpdx<$%MCRNWL%6YOgMvO&;na&$^Nc1a_n|vPAng%
zl7|rXcp-{<3PS;j=5rrpT_5vv@J6Edc9M)AhIRWP3MoLj>+NGs01}<HkBr}Ob#(W)
z2oVvEkAO_Nl&eqP64jbjNXEod#-ut+jxra(lCJ5|Ptbw><a_cfT&j6uxw-PwLR#jb
zr`OZ{WB=WI+HWP+@8A71Py17lK<6XUcFQHw6R-F5zpumRobNw6IY{5*NI+ft`Qx#{
zim%D@b$8eM<M!#r#^+G19~U?_W!389OD}o%h0l)0og9&V$4CH@-6H?iSMT-?pw<F-
z9t`v~n(Q_*wK<GJ>ug<5d@qjL$Pu;e7GJn-eR%pROc<=Uzx?tz>?hLNXmH*Ah^5!O
z-&9~L!s@F+YQ!S!*uMz<e2D!zyw7?2v%c-|c>mnta?bbt8om9wx$M5}cAkyw_x!3L
z;C_x|-~R9ZX?nZued$=>vk&loisc7fr$^vvlCu#Td2c5&6V+S_?VGgh8OjJ%YQ@Du
zwi8l~md)AroCSkMb+vj)Jx6!KISVm@x_wcHRIFmKWvP)fPPlb~!Tt!Zb2HAldLJX%
zf6v<L>E(PCRC#B2UIuSYUw-uyZEY<sy1tiB`<C6S<ZO2yhvszIKHFwBUv2@u>-Ejo
z{4DKsSKWGnzvYw{4Hy1D@)6j7Gi@!89=ZEE8b|_xO%Ocz`&JeE{&#&YzK-rcr<X5F
za5#nh-<f4j<ZUl_$@luOV}mLwI<?rG$|S%MlO1+IwM*tA*lY5^B;2$d`IN%M_3%op
z=Ql-s*yU2jvJb%J^E!0yjkNg?uFzMt?bG)AiJ|o??c{Bs@n_VRa<%(@!gdI>y)2i<
zE?g&;R~lsU@OBb%p*7k%D1Qq<J`$PVcn8!HU8~&@Q^=o2g4xOY`Oq%!8&U_jz7{A_
zZ=|Ul`y{N54+uK_xFOYU6qSqSp7)dR*lfEO`mfu^-50<$*}~(seX(U$A;u52YX%$+
z^BY@)h?dVI6jcJ)9rop%+HTrebC^tcwQAToQeWW)X7dc>gOZ2)5%~U^Im|X9`$7=P
z0@yw6W<yM0^B<7iUwhm92+POzHf>GctRMpKFg<^!eS8MmuX=;&yP0o|(1_gjNFC>@
zU3`l6&4KO?L!rN{Ac%T!L}h|s>(i=+FBRzhu}4LIpQm~R27=htbU~RNFX2C;Qgi%~
zdj52B!W$uW9xhY(;Tcy~ChaxCt#xJ`+lDg2SARM_(B}L-CXPD4zphZ`TLC3v^!51~
zzxR??*?(hdJNhE10(YB_W@g_j+-kh<Ln9hQ69x>?%cna2;xZ1?cckV7{jr3`Y&LfD
zcDx=w`fiWy+lgk@QJo`=`e#Jw)4d;J^!Is8_*sPVH_a5!<BP|u|98OaGGo+H@a_J1
z^mP=c{=-qF7L37b_11eIjr|5#yItFE+N^bg&Up9%<^FRA1+zfVcMY;%NC!&lVs|Gs
zGd^%X)cZ`o_Tz1sKYwW9ZE*lmvz=HT0IHv5n#uZPf9rc=46$my!0Z<*@G^VJ?QQo@
zhF9L)s%q{=6Qq&DRlN^Slb{454NrlFVRo`gVW>kO5k@2?j8(&AAb(iRGmIIV-~f>S
zoLb}D|8U9ea8vc`HYW_aen$BBC4t!a<N?^KIVh@R$Q!(S!|qSCb(J(15!py$9hd{7
zA7^l{&bsy{{poMzy(PVWGnfLYDt?*mXAyZDky447cWD0ec*e&>?2insLX0vQ``5KU
zmI9{q21fxs!}5}bDMLVR!Q^Rn91mQ+EziYQEgOWA3J`FENo@6m<+$;GTWL@lngALa
zFGG0MUC1GNM$7RzE}f1+uNu%p!wc|Ii78DJJF!2-Qs6-!wtN2-lH>MiCL&&Yeo16a
zyI-Ad+@FmoxLy0fX1_mVYXA?*$AnSdS4Di@+3(9!Q|mkiFg*P^h9`@u+4Ph;)j#0%
z55nuqMbO1VcixWz<MQe*w}ld-h=9N_97Y#6*BIVsagAezEv~wEi6YMIbFZfR*5&qJ
zJUs41tM{){Rf&4uZth)Ph2{4n*~bQ4PK7co$7GT2uAOgl<$8L0n!auNXJtY9efJvA
zE_~~Yt<ckDyHy&uKkV!m$kY(T|35M`jS)p?{BjH;{xJL<2LN6tILFu7SFg~IY5&$k
zqhsb033Bkxd}EdReeSNavELH!a(GwYDWSi<V!gk*K1TtM-$A~12YgTk1^+ZIUo!6j
zZEybf-^1nxAMf4XM}w51ebZmMH7$G(*?~$X&H!~6A3QhVJV$F*R5MkSaIVoI@<c$+
z#}m`a;7IWVkcG>JfPFW3cjgQo;)cU?gv`D$UZN_A@LU0rjGSb8{LxTFd7P(+;_%Pc
zB1&kWhH8u)Gs`*hMU$(@OT@j5gyC>nnuBM7iZ&lisZJs>a$*La<ZS^23^civ3@<q+
zpH+(*RDwxAiGYT4bz#TW3M}kJ8>}ZNVPTz1MV)RHfS{m(iC`_6(rlK4#ovg}6I%t*
zLsQi|IaZDkyKnG3T4;f=7mdgb{d0<LK%pB6vOro%(`84dxH|)r3@uStCJL_aM4}yl
zVv>O&1jlNX^SdXHutUtIoV}K(L2*sI5!qg-Q8$uf;@W1}f{GeH3JJErB=iTHqNVtf
zZ14{>U|`2wK3YbyY@`;>@Q)lDQE;<mYGfO1_HUh#%V5MW-AxB@iqsxz7|)SWe%1>~
z=M5Oz>_QK69zRe%E=3punZ{nw<=TKiGahcVYZ<(siZ<OP`<_Y7&Sld#RZbSv_0rL-
zxOaMcy6fE}2{cx0IFI*#Di_>u(ioIO7~w>h03S4xWyUwZEq6Ghyh0o|h9k9Y#`=ol
zke85v^I_ji$B10yq27^R9?h<3vfBcDC%Gw9-Sygjr;S&sv<qktIH^S^i$p7_!VH6j
zB&|4Ar5~OgtD;g~HKXX-qJ7RE(`%k(N*F^tVLg%j@$k|arI>MaN`lf(U;-;5y`-W$
zKo4p(M>e`eyP5f#B}ImlVB#HEe2Zf%mbebmV}ep`=<)kar|DWDznChFU<{l(=9^p$
zmP|cqso+ugoIstwi6$c-6%3-M6_<z!tMNfdA&0OK7Z+W8l6ZY!$VR+cI`wP_JGQE}
zDvnVUm9lt(H(j`bBkG~>Opu~{6KuOCK>I=>N4xJ57J<Wxq>ADxC&-(fx01~+>KrI6
z8HQoF<gs6uLen@dg7vRk?vvVAQOPt3IkU);K|xt9H527|(A!Xr>SBmak-lJ5LQW}+
zLDaJ(Byua*dt`$(p`S1Ibn||{SPp>%E6Zk!0VA{Sa=i-(;VdajGd!i(GTX2K8mJ1&
zqG8-{<N_<X1r--9p^VvhAY_ffT$RW)m66z#@Lcs0euPj6ru|A6fpLv1s0hoOGRe;W
z>FSn79RrD(3N7VUO0(Kg$qDDN=qZtKCdyO8eu}08Ye|9X2xFd;Kh!chFP+e`M?ErZ
z9ZDMks}-1Fhjy}qxVU!<R(z%aP`1|PDo5X|?jW(#mdqi>NK)g1U9FX3vgcjlD=`10
zpBHgwBK_)tbQX^YIh9Z$6;)wRYkHpDcyhN;$%C1sp<o^i60b<GSo`NG(nJf{Z*!Ck
zznuEHl8xHKX*<1qF9}S}BFMP%q4yw0Vqj(0^D?m~D7B>LS>x=CPdMQNJWh(^0jPN)
zbSG81NxiIk%jOgb?B%(ANw%x5Y(DVrX<np+r0k<~8Z&)-G6-+IJO|Ou$*P2b?a1e9
z0!B1&h#4kZ!r^+7np$?r+v8JOvjLt*;@UQwnBoua#e<ALOUEXC)D@f)#2{Le&B8*O
zGLvh#vz+TKrADyh*d=iR@%bRsxj^k44z!c&5fjhZpr{ivOKr3Rc&R*b%LP$25>XtR
zL#arbhk_6b5?$h=KF6q^wjyz7M3^cGa|x#S+q&suR<aHqJEa3_Rd5UvrF5(KaeA@@
z7q^LlsY)3__cNl;vO;zVQL14H(S3P8t;mCoEKW(yBG+;_APE`)Yz4(zQ;0nef`eqU
znmJ8p?d$}-g~tMscDLMHSeFGGC2<6FS4+99#itPeKCEDXSrCo}-bY{_+ybkWy!xOZ
zK=npR0=-s0ls{c$(1*7SUc`bq*bU-0{}hA;i<loueX<PlN(<&p6PPa*R$wa9jk*y!
z5~_$Pn!gS_lRGki`Qf0h1DG=#aC5QZ58UrR2j@zAeY2^k4<%)e=VGuQq~5ZRtB_9b
zojG}6cBh)R(pT~1UyOMUHyt7;75B0=aqA93OL4M`sZ$iH>%^Gk8=pt#LC9NXg3G07
zEBb6N$&N1&z|q3ifsS*<p(l3)2UE0bXXh_1h;XM2Q4IjjTHxz+9AmEPFna0MIN^78
zh#6e<{dlH7=~L`sJ>$(3&!t`RL+6w*<OI29+v_#Xnokv__atB_j)ozF3r4U6kq~s+
zWvi$scUylp!VpF{mJN0*+K}z$87ce(OMX=f98(SIMaf3AyEG#%o^w$gflJ6u9iuVT
zCN)UUTFL?FEEe)L3%LuS8Y_OzCroHUrVv>EJ=9e(tot|cgW}IoXqgr%#axle>~0q?
zdu5L@dmrL2@e2bG8y=>E%`oi<)OIk1zibGQgJ|#+%w)B8aBVx|9&+%riqo)(QT!R0
zSL7L1S4A#54z-jA)w1W)CX1XfW!<o5*>x=i9uFD-MDKvZV>*U<$e&$L#SslwF||hy
z=nqx>bV)inf38)IvYP^$RnUS$dW7saN-~khrLU)`a><TcRl<xchZ?<^gtj%|K3KJx
zCS}l8|MoZie#u-yIckg9p|z@3gCYV8#NqxnH6oqTeLmE0lIS1~<ppv7=@4ihQT~2e
zBL@h8CCY^RU?oYpgJq!w-5y=hbg)0WcUnST5k3&iNyt^O{yHa0zU?;7yc_$l;5V<!
zFY}-l_rS4}qkIFfj;m0O5ZsQ5130_&13RrHQ?(S+K#8b4kE*eVDnmsTS`Cv3p^#-J
zR4f}-s{C9>+@Vq2__VS?Pc}8wDPRAfghxTZM<wEUFeN14=$BGB<1VR5+P}o`*YR8^
z{T0ixItlQ#zEnju({>z#o!Z`E=MofAQoC={G6rl_TDf#9oL?NcPOv&pIIe>0XG-XK
zztEzEp)f#k``RpX)5l98$5{IRSPq-Ssn$sgE)<*KPJlVrrX{nxm}*Q{i4Uu@=|9*4
zZd#vsn@qK~JhLqnEM$iZK_ECIgk%)MXnr#r@faRbpmWMcGa-zLW;^c^BkF#NKO0t6
z5=?j^-Qp_Z>VidirXxd@Pb<RBOvFL6n-zI&08@{d9Z|$|ct&dqyu=?!zLRYUr__{q
zuYN3j=a$rI#jQl<>x|`qh)DU&6cr(m4kwPIV@Z``)62+RWvmd?wx53s(nPPyuiM9A
z8KAc2*R;pHybMN`JUFJU4nyDH=u6LdENwS65)`LmvzTaG8I)qajchfTxfhKtTl15J
zm(BMh!5S;lOy1Gq-bX;EO;Je!FT_h)NO#GJ;SUxg4zG1M#k_2}vX~C^dSwETMe~;3
z7f8K;y&3QnXOI2~g8)Cw8mY{KJ_Aoz$CTQ<3I3-)U`_#TEhbCeMglWB>`)7>9%KFD
z+{lqI>QIK8@>sCA8$+ST8bY1PXTmPU9pUg!y~|$=iF%o8r3&^_k~e3XTdWxd&ZfX(
zI(ME<dv2xB@ID%^!CoG3ii{oTAS4O-#nRi0C6&Iz!WFb}Bi&ZYnX$v7Pr;2(o)Wat
zD`qVVI!0e1h2oKYPDG&{7-Fp^tk~x<AZvmK@iL1zfo^VZcQ#4ZLZ_gADmB1~;6eDJ
z5t1+&&h~&O7Y#PVPQF%KM4k{Id3OzIh)uY!mZnLjU^$ysC{A{QztRDSJFQ2vM+|A9
zT@r69A2p(&^V{emOZaQ${W?1cVKpOD9%aHw_f(w;+bp<+61k!diz$@m%hl?~wD%YH
z`66o07-0HKe&oq(F+|HptVLcX4evB?ASaHYga=i8ug+y_RbyEqKP_PVjuADkZg%L9
zZqG!^S6lK6=Qc_<8>0ar<j^7gWb8-!kSAZvBTTT7Q7}p5U3OD5(v>d~-U_2fpqGFQ
z`Q;tczjGLgttM5ZaF)1ddgf?m?RuW*!d5O{X~F1feKxT)UR#R(@+1;#zwz?&7V;R&
zxpQlcfN;)fx3MxaQ*-FJ!Pnro{}vLBfMhhWpB(1ldGa8Yd2tJb%0uFIy<Vy8qlUaS
zb5?5BI*l7tcv%cm@G@+_yzJ99Rakgf^e-<}Yi{5CJ5R0NZt&T^J1oalx6$tUy?+;~
z&fDeGFG8!q+u*c#7fq{PVWk;!s$Qwt=(iscy6r3SiOLY%t>0yNIEFCJS)tiz^g1@I
z!PnsU`Zk=(Y4Zle;;C0@&er(shY0Akf^B=K^^bLHHu@|^JpLD>(xA(UJYTcR=<x0l
z#`y5RFjbnZMuVLijjIor2pNQc&v*!ZMibk>a0nFqzMqN+{+~s<nBhvJ@gaIVJPw=H
zKvzpRij4*%?yJ3%5c<DP^Tlf0EhNz^eV%h{PBb00yFhJ-#J81mqn|)q>u%t<vC0(l
z=n?%f<?6=Gq`lvM#=jJMIlk<0J`64b{pbHI=0gmSN~3W?`KV&EFh+sdBx%_m{=Ej(
z+A7^{n`iIm=Y;QXoM-3fXSX(woL_feZ`J%uitgWSZK3C9XJ_Zv<@P1s6;)RO(CYRv
z^E>Jq!1s;sxkI<7^JeGs@@DsIx$EQk8Ii}%mi>l?!MDZd(fc{`tnuUX@*-c8*?pVb
zBNDHdfWGgGPWkocQUSs_p`C@t&TOM=MmMX9l}B{6D7H(T#b?or&~M4psHI&al#j=<
z7tiM{jb^*Yg8w{sxwG?scm4M!E~oc-HtG5TNV`5)wKi8>b%hdDdb17HU!BMDArJeV
zqrr8x9o4>Hl@H5e`|Q-dahY%SKQ98O|E=w`V?Fv_>U?y4uGH!Dd^~b}Uh-}H>KaD&
z@cmpq$HP4%w6*BrE${xyO1l?FA0mD5x%p%Yi_jd6K#q-ie==AazOF4)9&$bRvv&nP
z+geJx(TA(_Gz~)Ywj=Yh^l3)_%Ts0MQe~+~#D>my&-GxbdbN&TcN=cA9VkU<d3$$)
zg`SVZhg$stUrk|^-DE<Wcf8Mb8o5+aZ!@R8r_23O_glFH9*6I{xrWdGnESpv?NvTg
z3Cj)io^O`Fo);U$7{)h47Cb!ui@!FxEr|F+q=7Yb$R(imVql>Cxwv?~NAuozJ>hDV
zYgs~zrFmHRrtp0|ai;)nl9jI)nnDmw&%<^tPq~1O(+rMP!$29`L(O@Wvi~TXe#J`L
z{x_P2_QUjcXhAH$-zy<9$%on4p9;ow(aey$ZQoS32#}yQr`YbK7>$wz`iWbJ$-52G
zmP62Crr9sogkCY3$z~FM>PQ6hzzip9B-!-s(0u)Ix1RlXxbrhGOGP-VrjTc_*O`Nz
zE<(;1Gfg#~Yo;`<fWCu~Iq^_bBtNr&`eCymgoVH=(*l|VRZ2?bikR~hbeX}W-_Wb7
zj#dGoLRHnwbSoaC7)Lh`a51tn!N_P07;g_ZGnnGiP*<i-{pp~fVr<T<g>s-h@{^q1
z<#Qz6*5oFJmd@c(D^WFyvtyU+gpTyUgX6ixkvTOmo3}uSCPFyTwG@Yz&<aK_t5svC
zZfSf0uhqe+5JXm)_}CxaeGVHf@EVMDsw%HlYI(zi)432Nao^Dx=t0N&uu9n|Dt9&A
ztIyO+Pub#ffZZA?YhbD3t(B8ID#A?I69tvTb9zBtvWP8ya7q7Dg3zJbmC2?ICe<Sv
zctbutLeYZ0Te3ibQpx-vsY1&Js|r)cS4tM(4`QOaBgL^zBI*+vCnZBo8802IrN%Xa
z)~Xe^mR@vZQt<ZySo>$aiz%J5<(v(#X4Jqvc%NHD&QD;vE+vCUdDJA#K@LVHTgg0L
zeF?)g(%>B|+9l9m8pI|HSm6nPMQRm{#!}1`22VFqhDx-`A{G8^rcJh+dV%;5HRK%p
zlrIp+!;0sK!FtWAP*Ul&LT81@u*V;5@YGd4RB8IP`2-aYWTdB~Nk?vBBb8<sio0@L
zpP_FhzZN<0X{E_kvp`UmSjE>FNMTQdp((syLMvsGXW#s2P82ddkk2H$`=hMbX`ni(
z8+IMqDnE2w+H$I%HZbPo!(K6=6s#mvF;XmsfCN{Qqo8Biz^T1Sy$}}B7i^_tR43iu
zRTOl*aMVHzplON{a5A8Bj`as=ojyBlUp|TJ+9_=$(f2QG6~ppJX9{VboG2z;NJYqm
zAR)|03E{!A^m>fhAE16lOUL~j9eT($I*Yo6g+{d+qcYcY#-ldFj`Mqz!IY5twVu8p
zb(A%E@8o$Ijn)7SHNT2U^BB|QkU5Y%6ui{MHXW`7n4n~%4cGt@Lz3j{Vhq|KhmeEh
zBj8dp3eqF<Bg0;#Q4C4x=-Ca;g}C)?arjQ#Vph6r_AuJKEr+U?L;a&aLj9AgoWzk0
z2dgHc52!I>!qN)RgD|qo93+CR<M5bFWp8gb^PvoIbdX~yPWYD#s`$vQpxKlnp@~cG
zKo8%62mg;wt`|P7cS0IrF&+oOUK{NSdW=i&vuB!1np<ecp??iTyhY*Ahy!nlpMpb4
z3Xh+YNCV)v*g-0nl|&=|v~{-EACsKKmuI`V6|fS=?@DrB?oB12pSB-yFE+hBws!+M
z-}UiUx}T>C-k-ME9eh^1I+Z+ka-KV(-eU*=0uS5mt!Ah$_*nRkr!_y1gDYeAuBWA}
z;p>k38<rJ;8hgg1?~9Y&fKT@;qL;ndW+;7c6T|C_;U{o-Iy}4;z+;Dt?tO2!(|Z^S
z@p}9HXsh3Q_zCf1JG7RyTvcUZdvwRf+h#9bV4bt(;cEYoC$;nOIJCRN#nAA2uKgMy
z)Oi~$0<ZRcosy6z?6Nl8vBSn*5%A9o=!7xe?$Pt!jW->B_PdR5N4{ABp(D_Io361x
zo%4N%PWdfGN6=!u`c>pE;ZDf+!=8`D;kZts%jaRBt{suF-TFIq`|WP7-~F=lys<rn
z-WMX$ycjW?YE?POc^!^s-#J7e7<U%9HKvSBiH+@DsjUtF1RoyG=NvaSHkOF(e5B}L
zcSO%GFqRlL+?(9D|4jyEcrlsio)c92IlEhH>|g_L@2@dTg559p`chk4+ds^Fd0T5d
zs~pAS_j2%`vYY5|Vc~f(d9vcj+Z9e}JRB2Cz&PDvOpN;0?6?_`E$f`VrvNm@&_2^l
zhv5}y$#IZcA@~0CM38e_SHAe~M%?~x;kljRZQy-*lVRUwzG?d_Q`7C4biC$m+xJ<|
zfEPzk3_G>p3!UnE6Y#m-{cn4_U)R3&C5}7VD`~RJvkJ{k8kb7)<_up{97Gn8&x7i5
zS&u^)J89mcmg=wg_&SA5GJy0kSa2J=h?L6^?t0nCK?Ro%y1V}HEFFS|2S%w;Zr##2
z&N@-E2wsL8r!rqFl%#ohY}jqmg%%5xOw9$4Fp8*W2=)W%=5ri-Axmi#S!~#{moe`^
z+>$|7SmsLZk3hB#rvl3yHHcpCV9ww4*(3&YwFLIUDkRtX`7lRJ?10CRqNsblotjxx
zsVqO=qO{Z1#2X7iCyL-=GN{s_!DP)S=JXS40II6F9&FVYhp+p(<@gfdjpBBgdWv8u
z$A*QjtoWuXW4fO2puEF?9?5pq!+gXaSx~5*V3$9stxPC?hY#B)6|n9DC*UO`FGuB^
zGZ=4JY)dO1(-u<20_5?&dTJafDlm<EZq{srgSo$nF{MIQ>7I6$JjmskYEe#SjwLfn
zRqc&U)36u&uwZ3<SL&=*y9KmhP~H`~*Q{-#09B~TQ%^YJ|IY2@t2V0e)x~A8rmt`V
z#tA}sW-H>dezo>PS!Z;YgP&9p_;B>PZSMAj6ZXl-hDj9S0k^U+P`47HVB#K0wv!ym
z=*6(ygCLPd>3M?tr*(2(CG4bQo5e+%s){bSF-?1jbQo`U*bT}2F`5)+H5U3-nYBHg
zRP5s3f@E+Nl}&rF#BVP&WO5G=;V~?Ixh{bZ%D=e!5^s};X_<bZ0~UOCBM~X&qzN+$
z5^Ots9VDh9K;9_keyenc?N9P(?ZTO;>}T2C8K!h$;#+CydUC5WZWdJPRlCWZt>O~%
zz5Ye?>7?-i2&pv5W1%KeatSSN1DHP@=i*-F`=WIs2ZFVFR4VhX8%|rMnDuJIXSX$G
z7ze~iP5Ke$WOE{`)Ob55w-v%Ml~B0{HAgHMjOk5hz?j$({<En8eF?vDy;|v(zOq<v
zE1ffYBbP;B<tqd8RFU|Cq*F1$no!=~r^}J4eLU-QG8nhN1U8HT$%ak#&_cYWaXKU3
zo-{hI?jmaP<;qznAahAhsKvgB>|@fRB{Re1-eBQvX-`7FFkB~SCfN@A1XPf%x7oT)
z5>v%ZKzLC_X;BNY^66q86fP;X(LXO0ZpWA^ajU{GF>m@_62#e(1-NjJGIV-;TLqan
z<gRM2U!w0`ZqyJ4*+s8e_#RN5R>@Xv9VkH07l&Cm9+yVBvYxK877MugNs4a`dQM6Y
zT;=?Ho%-$o+KHO?&NN*Dvzi#@Pe47S9@ASHKv;9^ah)F9pGYXYL!W7%Ckg-eeWozX
zIwF)Zua-F4Mgz+s7TqIU#wNvsZ3Jlr8+BBWQ~;|kwU0qj7G+8&q6+&cL#!+%C`bKt
zlF%bt_V5f+?QR`7_G6B<1SA+=A}!cUW%2-9jg4Nxyhz!S`C5VQ_hkMx9;Dbk%Fw_P
zP>3#V8$I$fAjrF>K7uL=DLjoWc`c-VA|}ZH%!RC6`An%QEv249Vjo~j37Rz;Q=kK5
zX`?5j#<h0Cy%0t4QX~v?a?+G_Ov*r(WQ~@LmHZ^MRHsSC)hP2%p2SzD(R(^XJ#jlh
z<DQNR)CL)50fB5ZZ9^H;tM9o`Zfy?&hT<kkhCV#xe-82TRP$6FC-*phCdimn@RgCh
zrv!*6UiQ*f##Fx3`Kib>Z|3hZ^|R`kwJRy5!Ll>F<vm)$J^NSuhPm9f(^GFVEjzo#
zT8z+j)GcSp#xLQD*;mTEm6*fTS7I;vb@y-XmAX7xCY>%axw^J>jB>43j@~*D*xIDm
z;Ge7VsU`R~SJwRZx5oXvDgaNGki(F6WTKN9u#A|nG?&?3Q*FdRH;>DLV;XcP_vdu?
zKGMI8u5N~<0V0-Gx<3@2>IRe@v}g>1T8|q$l~ppfH%}j#ylIgs0GW-)i=_8SOduIK
zL&#<RC^P@RW9F7SVAm9QZL)d_?20jWIYqMgg*Gn+Wm)p|V{(OF`FB<34QatzX2>jX
zi$_ys$X9A5{ahvFUu`i_8ge|sjZ}!`gt43|c_3DUq-kW@Rpt3RNq{|{7h*t@I%dTE
zAVSp4rMQ|*wvF_W_!9ZSB)=<>e8Q!LY_DNQFDJ4ymuXpgyP&x8#8&A6B$TLFkM(5P
zWja}9q=b9xME{Ham1S~gbLQ34a1*FIX{^k>WgMl%t?tgsyEd;3D6x)v$!LETI%dPn
zLq;YxQ5Q_Uj+nJpA{#{-k8&s&TEK=t&##yiQ#78cqH)ecp=^TwHaP#Ch*`wOI_Z}k
zlFE)X%~q1vHxRS4Lt<bBOtWX3zeN=J7s63@X9zZRcF==>#aS#YH91pTk|jVo<^Q?y
z9r!ypsYOBR5C^U=V=HsJhm1n~bFcU3mtF`8CoQ_7?-}c3M@RgH2VxWZo|cHP3_U~#
zc!GAE+!3`=+L0|dLU-MTe4e=cqt8zy=pROT*wbwnEJv81d#2onz^Y3Lv#Hacz4dc3
zqOGHhQ1`rc2knKhCT<H|O!#yaE#b-FV@y!>AE4Cvq*!!;6^c}~CcK+5d9({Dna)2k
z=0F52y7!pkaJ^)NPqw$nq)2(I*>h4k$L~>bY$>G>wF)|DSw-gtBFwjin=II;@0C%o
z75ttfng{o}uP!oC0G#Z-5C*&pE~Jq2wHWMYZiHXIRwAbH5%8p_{vmKCd^+pFKvp3`
zeJ$n=1$Q1@^kMLGz3WubvP@WcB}7bn^WP(MTGZ_w7`SDQW~jo&Op1Fy;(tfknnydz
zty+;{gelX#mv$sK`_NAF7DSBL!H$cz?j=hHOA`B_p+sZy00kU!el#9XL%0Qiw>q8;
z$FiizT0W*@+`a%BGN_9%B4Ux0x)qVV0&Ho83QD^Ysu7z$g4K-Be12<(35$Nys;5|-
zQd;I797T27B`ym0^zXp>`XHviNz-Mx`vmbgDT-Octi$bHY%Yr)q%9^}_aP|;v;0S=
zQZ!N^85t+707#Tl47FFJvLuhG8f~4wX-I|7RYIbO_77(lhA%>v?11iEuyZ^kG!cE;
zNZC?RE#4y1aT+bqA@`aR9BeqY`I;I_n`F&2SdK0id050!x??!xh6CyOqL4*g8Sg7F
zF+t%4M7sURAB43=>=P0j3n&g)npBvPf$XyNGGZM?0Ddi|(0;xMSr%>6?T?pzk@z%a
zl}v#(X*xuR))J*)Ew(v{lA_?ae?2o1yId5FuU&s}(-`c-Li8;7?T3oFt|9CZpEL_4
z5wO{u7WPe5R2et3X<Xj5!wGIoDD9b>i4UR@^wfztWzz_>F9h?bW?FhK15>dyg{Ic4
zF5`Js0ADOQb_0$`To&!xo%>=fw>vYyQad@qZP<^A-pwQH(oRM#M%q+dgx#&8)=n&Y
zh*(~Wn|SyhHyalRxBckhEGabky;h|_c7L5POkk+$*PaXa7gYOR-g#Ba77c%A#I;=V
zU~}j#p`I1f|DOQ=WAqa;@-X+(il}X-sp~%z7==tW8t>vMpKkuMa(;-pf4`%uAa#hM
zCZToPfVEoLg-wCLc+;(o^_KBaDIc?}YMew(m#1k2lw~o?H?&ktgn{DNaVSMOS&M6;
z4KvHsCMA*HaVY(?Zf0%_mx=+8Jgnp}Rp<J95&hYV3#ifM*;{BY)F{j8I`=%sqhvqW
zhx(DzBWEi(B@8~_DcYq?B4JD5HU6wREM+4%a*N0I?IQz&+-o+$y8XSzAk-8e2HQsP
z<^h>I9Y+_O1oaPEWI9!A_C^ckj$1GKJ7|O>QY^<vwiM>60uiy-Yb?UUyW8eKcKTNH
zBb6ZdiUb*);oi4GRcspjB0%yHAuc-XRoHLlFLUH{IMQdJfr*q_VlFLCVl^!k#Vs7z
z{x`U|IE~Dr0ALLAUy%}%7p)RD4E$d<DGUtEe{9l38hRbD|6qfGBvIcD{>T5zGfk9b
zWP<u%%IW_ZEu}~QpNZY{T>k?(3_Sk>vWz5&e6Bwd4H#hlpKc@r>i?)43>^Oh-Si}h
zcnqje|97-NMpD3S=iLud!<MtmEip-Qb5UhA(KUmi-L7P!s%e)Q>L&|XZ6e8PN1-x!
zKUI`KZ%-9gjlstbH24tz1(@IM@`8^)(0eQjK`mV<8e&&kF_xZ&A09Q{I@mfGK2zP*
zo%L%B0YP}(IcLG8Qc0!6+AHNUCTGE~!>jbkYCGq<*#Ph?h_{^!I83`uYKyn>vV-`p
z7PRNYziC#ma@;}WMP1wNAy>ggByrw(U6AuasH=pwVfZ48I+8!Us&H&_7qu@a%c{Lp
zHejjXXSL3}w1qTLZ)9zP%r|R~?I_E#7m*<F6nrdIAn}Hb&>42C&RL*PIzT#mT(v2l
zOi#y(ItRSEx2x-$se8=UreeWE8|x;1xl+kvF1gB8Q`-JxBT?J!Z_<j}@c30IWI7iY
zcF=;m6-6sEFzJC{IROhxGY)0lF|k#wmenaoyY4QXKZ=|EaAv<l{(gV-D2y3sx!78B
ziCQ|*^F&)Ps$>4{ot+vOLGS`*x`P`nUOv@rt_@6caO6O`iT;swb~biS<T8_XwAU78
zv-r217c6bBD67&dAsl4=3)}VUmo2`wb?8?lXEoy_Y*vDpaeGItRlAYs2BayNNuRdt
z`lJ7wK5|hIj+(~b9(vMXTU5EM$8myf3c29`Qw$DBhjdrXx0;&;yo{-?QhLj~Nw8T1
z6d0fwbG)raT&uIS_Rm&{afS=dpD?;4A13+BnUP36K`@(CV&cw6OT&HIy&AheMJRR3
z*B(0X)HWJsLFB=9DwMO>)Y8HI9@)PTg!~QjJidtMy;u1m=GU$IclT~8X3xTCBl_U`
z%~Z*dG>Fb#<i+k`padt99O0tYJomsIK2d<Bd1%rb$ORPUQY)o-*lA$U)$>hrcN^u3
zveDgt<k08WgP^34J!NHa6RUw|D>ej%vn1$^4*P-qc?M<c!yX8s9xA8m7PNk^>^AB)
zT(^$pFi|$OfZ}n8c$3srQe+RsR2r%<96Ll{>{zj%IKDUbidS#u-Xf~iN7k=m26zC`
zizRc_Nb?u8zimOtq(Xd`mcZaby~Pd#`|afjgf)AeeW@D9tMeP{E4Fib=k3PhfS&D0
z4k2p8G6xrd&8c08P0{8qXup<lPVU%5K$5RJ69{I0bF?DVRucM@uZW>%u0CUy-w)@w
zzSBfb=uG~8`=lWnr+`bEk-@3lq78si8GBLG7-_?Z#L%X^?#M{=Upq+LEV^2Q6lB*0
zXmL+HeN~4(>M#!Ky%(R&Ym-F4t*PKCZoa8L0czm)M=bC@{rv)r5q;l$f4_tR-~0bD
zNB`>p%gUv>ms=&O2FDR$$7C^v$^KFrt6ZhAeP0YlF2N!k^REz4ecp#iz(3@QIl;%#
zzh!;f{!Be20ctWsrk83&yv(?w90+35X|_hHD~<DyW6&tGEW%nU9x0%hTiCqS)UZQO
zfzjC7t5=$0&Nqce5LRp^C+0QOB696iqKIG?l-X^x*f*h`q65wWv3cyf+hC>szs{uL
zI+v}!k)#x(e>12S)-Ii31GYhy2MAmkYN0Vb;i`Dr1?xJV7@l8=+QzS|Gm#`w607^<
zRXc+3#^H`2DgN`@V(6wnJ=@$R*R;EvF{r$lsRB540>HBm0{()5-wp<??ZY~B=CMP%
zS5rR*Y#Zas&52P?*0A@aEjX%|Ld4$fZ0>NvNH3aXts|GJK;<aV0TW$6ENx-L&9)(6
zrC&8<oHBWJQB6GfAHd+0>@92sl!d23&mZOfd?x-Az5Y@m$s$&Wku7kkimqH~s5+jz
z=yzG;L;fi3>b%%wJ*5$E$OpBs?!1Df_WUGv)7TboJcFLOldG&Jpjx+j?WA(@#S-&d
z7#v`eHa*xnuDO#E1cpFwDdC1$dwhAHOe?Wu><j3IES)@%gPI@(IUZ&mR>&GBGF(Vp
zi{xB)oc*=~{Ovis)r}i)JZ6i3-L%f^D)uyo>ZvgP_kUZ8=yTrFgXO<skCQ?T`um-j
zxKG+RZ(r6UQe?W;N=)^5M_q^-ulCMJ4Rvh*<B!I0i!)g`3$S*1G_n$<^Kbde#l-*m
z3i1V#c$~M~YWY<hp<Jsa`u7bxbNLVrzW4yFDZ2I4I-itJO^$IpTeRPU_`U*p&BeAo
z9j#7vmwekL>iOWh<ln8KWucB3q4!SIdB!zKWP5>_@o*HzS_V4fQ}L5YNR_=BBh7Ux
zV!IJq!MPcf55O7;zuP|jVmpCbt9~?17HzFNbh&L;0$&l=sEtMJCo8vo4EQk-WigYd
zU&UcP(e?EJS+3!0!`r4?fywI)2kO9j?6c?Fz<HyWX?D8>sZd8{$M!SmV6co~v{pAO
zZg)G_j_JmWe6@YDh0?4zSYl<SNf16Ww%1aJDmu0q383^_nNxcK{{ufXo-h3mrqeLf
z6FiuvC#Q@+`n+{hdnGCXl(mCsQSNr^ay!xKsT*z~V^P5K{{B|-#r3fJCej06K9XFx
z?5?-5z*K=O1Oq+MP+p?Ue=Oo?<HI=kO^dk%HrZxYo5UFS2MHOH)6XWYlqqCeCLF1W
zb4UNjc%bY?K5c)@D8Bc4#<SSvlf9CHz87f?zH-*@mPa<B45VA!+~h&}X5W@9S0L*0
zP+=cg7i_(;BW+BE2kqBz1Mz^=c&xfG9v`f27*EV7HldORgj_8iB*<NCsu;?+{-F`Z
z23cn+^*?Pk!Jb4Ye4j6tUSdy)d6FLi(sy7e+CUcaG%weKTcf{~=~9E*ZpWz(YQ<D$
zS6fFMN{%tNK&5{9Ivp&S7hk#g*a2<yW@b)Mn_J7qPNQFJV7Z8B@sOR}YO3I}owX#-
zCaOk2bNq^3+wtm9nT21xXK!@E44Fu2R?3k^0vFosiy!IJ5mp-4xJkTR*|SUf^i|dR
z2_Sn%qO7mj%VFMozEByr0d0FlX~o4K`_PnBwytpF@H=0#CT6m0iz-}C6c2XqlG2U4
z&+opNm>Lh19J)=NBp0gfjt4Txx*#!x$o2=xO(TTJl^keK0QQ^>PF5XVUYK-jf84uL
zuY+KSsx&Bm{LkltmEQ{RTB|Niq<bqzOF(+X@=_=QEI%_?MDyrE#_Qkf>@F;DN!8^`
z+;T_4TEwQbL(uGGq9~hTE%b=3qI#88Yk10mzHu__nKUaMV*le%xG~H;rL2qgp%`z<
zb}B6WVsB+?I<2~{temE{U_5a$$<{g}XwFOXc1%|^2T#t5ZuL}shBtg6+$NaXbwF>9
z#RT(4N%*2YImYCZQ05m|36O-%$M>Tl{!7QOHP~nD3a=>!_2)KDa1)j4)^U~od00TJ
z*-6$@x@+a><d;0*dOQuYwnWsRLY)4bjzVRn@L}|$`M>OQD_e}HFG1MsWMP}=IWz*=
z!5XpN;kKLJ6?z}4t1gk38nxV)IpDsA>ss;AM@>T(wM-4>xQu9bJZE!V)kiDyZHmbv
zRppn)>-diYBWlTnyS<7|p|tLm-$aU-1G_vzY0kzpLZcdO@j7m4<dgd9p`_+FMZ1~?
zY~4gK&J=D)$P~~#PvAyVC2D^hIzt##`r0j5%RgM9bb55ktj21nR;6ggodCewR)brm
zKK_Swk*;v^v6FEfYl3(;J<5auhHe2dk8%5UD$I1%orI2wIUB-SB1_!*srS#x(a{`N
zr}igb8rS?_i2wY3nffndA>gAW(^pDR(=1qJ;5Cf?R9u~#NXk=gK=ZUvb*q!WQ=Bao
zilH;)Nh?DrLBH@Lz{TM922===-D257CB(>qKx2gx7oDXs=9xbQb$ULHfzpS>!r2;5
z`g3ofO^*q8|76J!+DhsY{whu7Vr9LYJh-N{N8XvUo0#LzHT{e~?jFm@j?0>5!3&AX
zND{au<~A;8w?d}IFPc>3kNljpU}L$tV~#J%h!Y&7XX_9@3E^U%07%6kxSf^BCghA8
z7!JGa4c!qGQA2OAdycFdt}|C(y{xp%kS2F6^n6dc0yfnqBec)<L1+n_$Q^bdJxRmC
z&oy2HHAhP$5(GZwL&sJ^eOk}11V>Wr4GzcoO)<Fg5M=g>E6RQJ3Pg|Owi!78ZYz!0
zb4eQ3ly{}_C3z=T11^b^faDgLdvbM4!l2S!=Db?hN=bt5#&L!bSy=rh#i%dE6n}$G
z*Uh0dS%!-=w*kUEdxG4P=&oAV#3ABH(+frxhS%x(EG;-siyxbz7@Q?u^Nyja62Ivr
z&Xub~CAmdc`S;u<$Atbr>C!{Ljt!s62p>sjm>Rby%eF}?AXV=IZbwfq|Ew9~0($4E
ziZHo>-|8B-OnQC2DKn!l$F5`L_oNie>N#zMTkTS&`^uAk_@e|dqMPx6n$A==H+m=M
zDvVp?XFA0ml*`vXeK0+Q4ICF-H6|u|@H!=R7guYX^G-}NB9UgYadPJTOHUb(NpfcO
z>;GaZ@cDlf-2+F_oZ4;X5%BW5iiF5kni`rvGe%dHv{c|gi=&+q1U*(FVNTwmYqG>K
z#d}L$!_msdRDYB2rm_TsvBUA5qGFeC^IZ*M?tC2dX~Ngk)FXI;2AP4Y8~uC&-<$X1
zYNM=-NgTP^Mx$)GbrY^!8sGEOl$MkJFMyu8AQQZ+DMkJFkRIzwr(HR7!sv;co4imp
z_elgFE2kU7<k;1vE}O#%g6qI9qM;ZO(%|la<6KFr4_f;k36HV#U7VTmSC<p+Jd6JJ
z@{=+CQs1wKX=;+RaF&ybz8&wpXaSIF)SHA=`)bPWSIH375Ajp<`%}pNDmE13dLWc^
z+OY$tapC6-R=cQ)=D2M3hEx1h4xiz)W?W{92A=lqH17Qq90U3uoIR(KULfVr67TEw
zw^OX=T(YV3bBV5{-DL9jWA$?iZ5z7GgYjL#BfAxYuh44*-R^YkQ1a7qNxO@bcRtZ_
zwo8}vB)PT11L=C=)pAKUJar28FmNDoZM~oyQo+X@W25k9P;kXUb{X!d>m7*o!zZ{*
zW+@l@otY|aSuG#f|M>=leO>=lAk6=s-yais0DgaXgncO_&?3!#pWYt)d=ucS;uZa-
z9EuG+`6g?<L;lPmR*@%vtG;Iebz6T=5^Wka=uzAooT)!L#k!bc?x(4k0r14iVjG3~
z{S(d=(T$2KZ|SHBso{&$b|tcLLes2EZ;P&ZoEP(dB5OF1bvFGShx#NhW~dp@FGj=U
zI}p@zJK-^@@^T!Axrf1#5siXdrX3FNry?E+-@_q;Y9|pfN62I;=o!v}_9To;yNpST
zLRUdBBB<&9@txTVN~-)s2ecy&W)xLv+G8nfHdZ!9nvij3BU%!#g<1*vN|RU_J?Iz^
zvfP-_Ix7yNK+=J$Z&ipp6Dhchf#y?D9Uij}zq?(2Y${--UMFLvVqF{L`A`Gmc45Tf
zu?<>j<_4_I38}eS8z1kqoo;?olUy|gtqBe=+ICkE1IJ@CZnVz<KzNcpO*4np@nzAF
zL?OD8oltf)bbdj!>mT-88`PQE#5J;r4+q8SX*1TzjQE-54nti=CY)-af1Tp4QR<{p
zqFXDu4noZK7A^5y)i++QsX8POWtsgNXk`ws-r<MuvZLsVobPEi6rOy|iggN0D%|(?
z@b3dP`ayvP1W|d%fZiX|_9-g{rg*qZ4PIutbE1y4yAAMqeXRzb#(Q%jgA(!n8MT6K
zmbGN>z##P;C_`^{NPCjKU&r3uV4chB<f8U&*2jRny^Y4Jl!_lo%~_Xg{`K8Xa&<9v
zZPo~$?!MugY(}qUH{rg><U_G(<XA~tNmOS9{%-?#hu1b50PlJI_6I>~EBmPX_(#52
zzKMDiOWCW(4-$T?0y$~A>e{6{T;-JI83y%BE3MFfkRcwv*1j0{Y#`?Wv)1ccp@bFM
zH)uopOhh9%1)u$M3XjUWWAw~K9?<=-<rV&|V~|uoYEY&-P8Xa-4i|Y$!vx?&Fm7(9
zlX55))NG!IfOe>!Bp6(IOSW6O!=lTXW~P(a_{$(%0Slw=Y#LUcbSfrJIyX#6L34o^
z^qAGOy_IFv*QeB#$gc8b_DcRc-mgnp(BUxP<I<k}vN;Wl%UZC1B|Iq&iw6^ABs-X?
zvu`BSc26<DfubRFN;ja?-bNSm2eTZm@XjGMDF_z?V4<nuS0DU)6_lNH=RA!Cf>@7H
zS=<o>0W2846R(W-_r8-LzITLG2oQh*qTsM*Z-I<@e4F+=c4dUZ0wQxIs6@ygE?x=~
z+J6v2TEqnGNBT_wHfDO^DqpYb-BA5+?8hq&saKYfQC~MLsvLn&zMEnfWH-4VK{LcO
zt5=w!04BCzhO-Gj%!RJUcM<s3ifF3?>3f3gF%`AZ#k)Q-wei`UKi3$NhQ0ouopz?<
z>omrH)Tv348fJ4;{^o`sf>cafH5Q@{$?8vK*TEHfEeswF6pdH98|ma$sULUFX$qhf
zoVeDXp;<#5UR+IU7G)t-_+}Bsak@VbLes$iOPn!G`YUHPCsgwxX8_haIpHz|qdSr;
zxckYhnMwI@qDR{rQX{hnV%F%dQpUY;$E=WnX6E`QR!usL25ID_$+zo??O>6|InUSB
zWyme3sam~jM&Mw&#<XeqT-m(^H|;6pP@ch!U6UvkZqZjQZ5qsKRmnp&IJ{Nw(CrK!
zxEaCnvt)mp6t7;lz)~}>%)A0i%d`_51rhni<9Yi@NHd-G2wqJ;Mxw!{SQHSTnR@l{
zb~?0+iF8#hsT(C;vk*gzYOUJ@hmE~yiTBBDPgW70w`u2=5v6{a*^(msqy2p5Gya@9
z<~XL;0|toDj-55i@va4n2jQ|jsr%;#XjqN$18)L(cPL<Zk%CD#!LJG#;Xfj7xZUyU
zHMd*;vSl>hHzOC%>TKWIWcLu~MWt?@E==`O%Kyz8jCr3+AxL)&`#qp{!bnWFE*Ym9
z$^a=?-N#fs#_2xofIQIr7>TwkWG_SKg1nBj(7RdOspO)gnQp5qe3cq!=kYWTMDk!M
zB8Iead&ll(<?(vGpWRt0^2Kh?X_4d{&*~e$g$I9FY=qrqi=x?tYJuhZ<ieD~-WBmG
zBxsKn*oR*SZyU)R(nzV@n#Y!d*A9_yVe2HDY^>%^7oOap*=110iY^_^;fb*}Y(&ac
z1|%e$VaRa*Xh*1C@(1jTzV_jOLyQ#j719hS_b!kJ@wW0t?oLQ_nzg4luop*9*lch*
z#tkWe%x7j&AI9t~BR!jZV4siqu2er{{CCO6QEZpnJ*C7<v^RI##ZfFn<7<J;t;Tj%
zH)qD`>PW4Mr?jx5YBAOYHBlEhYDw(6wu<Ki)ZVv8o7P;DzVq-w_zn~RSnhd-d(|EL
z;vn@W=C&cKE;lZvN?l+{ftc}>JTh=fB<?s>IhaPyW%pM^7B6*w<Nu~PBXxeiN-rkg
zEjFnYE1!(V^Z&ovdJCXBnk8)b;1=Bd;O_1Y!7a$aCAe!2dT@7#;O;KLg1bWq?h-7x
z2Fb^JzyDU<_pfhicdKTqyJu!+wzlW#o*vH{V_y<+`bYcAj<+`$-#=HlFYP2Rx+8Rt
zPiB{%s_kpGxXKq#@tF1k+pR++K}HiLwRbmV$GA0+OwM?ofV!XJT3e;M)TdTWpsez;
z(NALa4X`?&a4HAeqQ`gdTj&xiDwN#*ju%bI5^4LS;6^obpUWWkBxy_c_r~K2g)H0R
zsCk!)f8JrFcvjBkvXBi&#zR`8jUUCTcCive7MAPt!AA-)nG2B~Pcbk*mMB)k3L2Td
z{~YKJ*$YrA+h#U{<qO{Y)K~di9FD)XsVF=vNXvKPuITs!fRgP~*ep7He><-#u3CUI
ztg=SF13uY;zEF(r*x>vmQxg{5ZN9lP3?e2q+Oro7I4{Jsx<b(kfP+~5%iO`6cA?&r
zfzX12s#Hz-R!6}3hkm{YUMNeebOjk+ALhXUL}<1Osf6Mzj*9zBbqaamIs0HYs`eFS
zz09BP${tPG20Ka~L?XFq(S^W!xEmdPpZZ&+xCmJS%w?keE5~cumTtjn!3nMb!S4sC
z$!#9sXc-|#y=Jb+(rMD)M4Z>qF-V+9j;&=ZxOihab347hE3QE>3zAA-GYXv<CUFo#
zAp}jB;i>Qp%;`bTh-buA<C$1X_vYaf9^>B1k`aPk06vy@?_2(gyj`_zbdr(<4n(Eh
zj$D+}8F^%3YBx4n&>bx+H7uj?W2!oXF0zcY->23_>J^<GP7x}}ffd~XEGUNt?)6>d
zP&+gNls3(XB!*N_O!$B}%A*r?OKoQh#BF^TbBz5+znjS<k0~`V3ycF^aCaJ?&C-LJ
z7z_vxM6G1YM=Lk_ld(XP4Q^5k6!Susm*^U{GrCyz9KZhpH0jQr@)s#|!yoho!cA@c
z%=5ylxiN%kuwwgIz?nBkJDo?rK&+#lXK5`Wu6IF<8S<;nsN3)9ypG~$SWECJM2|qk
zU0G5&*-)HQlg!z=<&j)lkEvXsoo+Zn%mjkVOlGv8C<4q^HD5D5ako(>$>Tik>Cy0~
z4ZL2mm_n0J9xy`>I}YnOF|(-njveoSA51-EGNI)4c@8r&=OYj4bHlY=X!NLQ11ru1
z6uY@IxS+hcw|<=LC&m%n5Sp4kWDA4Oe0R33X`A7^So~{J(2HTgTb^y0H6WZc>DV{H
zUwr;p4*?vdlM!6xEUxxOE3dmW1I2i`&rNm~z)7k(RkB3(Cp!2RCcLJOa0G#MkH63<
zX2FMbkZ>o!&%^$4a@)?vLD?yn$TtISZ?=WI+arB;LxnWr!)v5NSTF?`@^z__Ff6EP
zBuoi<)L9ZbLK=FU=9Wx6rf*<Fih&9NEE$+Tnv3<Lhb3_Jr_cEYOc&Ysq?J}kSHH05
zIpS(bwkY8HN16|u<O1@2oy&OR{=Z339f#}Bk=ndVjyrK9+>aS1DherN%6Ma!QqJaL
zxFQo8bcFJtM(FIz)p)NJA^o>yO1*i8M&rfgCMV70h5O0C-9;)iq<RvK4{!J=?fcja
zF9@Xjz>OekzyeMedwoP2bVFD9L1?ennlK>~XIqiH@c!a~FkG797bVSg&}vnBMJOAB
zTl6iy5|H#VjWynA$U|G(He&Xbn&uPsWZX)IWZqtbm=oCC$0Y&@0=BReLYtB6G?MoE
zPQ$WeF~d?Zuo7k@1bIHM6a@P*WFmY93r?Aa_g^2kDci5z7|lKR5(~Ol3YQfSF8d#<
z1fYJEy)f-U!S2$*JCn=hcTbB85X3@R*PXl7?_by&A6f28wln+sC=fY{aY{+n{rdRA
zA+~BW3?&wmNr=n^;cuMS>~7#*LZfmx+xX#RvMMO{plvMb3ei#QSy%@@ifs(^+w)BQ
z+^ai~s{(mu!BOAdltHSEtd{fyNW0p3l>R#VK8D1hL*8yxld^gS*2zTqs~3&Uh#C(@
z+!-9>CMg^(IvFU;fxc#X>3QkfPom+_Sjd&@lm7HDd7ID>nWx&~{c(DYDh~|aAbrk!
zmBzJ7Oh=%J{O7}uy$|EKYpL67$b`)pxU&j37-G_xIe##>#@z-8QTd4*CKgXGav>P1
znVirCaJ=A`QAEzw;YIX4*R6yqNlyc4OOdKZu)eQ@BefDfQ_IZk8;2(R4Rpj0YI>|o
zi+*sw)l3J(0g-NNqR$?W8!Z*t$HD$48p*!#??4><RWL46Y8wWpaGu+-<^tJHZQ8r>
zHPuXz>|AGyZAN9&g~{coAnGMB;e>()D#qNUdoYQ}7s+L=NC^R;c{84N^TDX2*E1h?
zwAk)C%lQjytGHFj7`Oqk%e&1)v>HsS#Hv7YUuh3P5!@zb$EbV&thW=H^53wm&g8xI
z-M%~(jciL%rv)7gL8fu*;mOG4GDNVImnW4b1?HTC(bis8!tuwcDq~x?Xd<}RaZF$f
zNc5c<!aq9HLz6A6C|%YYN&Ij}%v2T>QEB#tB9_KJ?p|e_d&cb@R%Voxe>%Z|hixHg
z!-9p>y_oB6A;zPS{NmB}Y(POBgd<{yL7i{o@6QnchUR6OFjLC2rYgY%qoHyi%n6;R
z!w{>T*{7$b<!ccNq~J;xtGS5HqTt2$UK9o9oPVinhP{Jl<kPKGfYL%Y1ewc*F~gmG
z1cr8m>1A6@eoKn*DqSD%_m)%^HEm@I`{)j_j^_a0w_C+bA+8dew&<MktfHA2<pti-
z<47Z=Sswn#V9#GI)x=&CyzLrpiE5g*7rJ5MSHwo4oa7V)tw_0(^kFG(oH<;ZQZPyt
zm>?J1qYN7{{>ES;;?~*rH+Efp_bNb?HO0gl45ApKzly1`yTz2ia9QvhFG)n5spy5o
zr8F_?oE3sMmfeTFIgO$6RaMi32dYJS$gqC~T@sQRigtoOe7^oRTpdhe&XIy@MERiX
zC9-lO<JZ@OBqK3q_WT2C#fxmuT-e;V)ECx8ZfYq0Fa!Xj7htsw3RKikK+WX_<p#-?
z4jb|?e{9;w$PD4YGtOUz3Hqkasx}Ovqx_C`#MVISoQGNx47?Kl4jq_*A=%g|%Qpa<
zgs=frk(Qg%^pER%CYr)e_}o1bbih(0J)!UsDwo`^enx&hYi=#<=K_(^8Izm{u<PX^
zgo@GpLJuPvPF!Rn?6TIIEg<LF=sW&SB>Ak!#2<C!OQmDvrA&<g#GP%)0XZm0Vx%8R
zJkRyG<R(DX?B>CjjrH?yf~5kwpCi&;S@mTMGvM2cNiTQnPTpmD%XSXcfYtcSugw_|
zcc+qKvoq%BqV?sllOTf>-pK<|g*lvPsVqrxV@pN#SvlZjA*ZuT!g`_TVD$Rv6IpXc
z(J+pU8vYM04I!Ap?Xd)kcvd`!)ENWII6O|MkQj_aUvEsLKpi@%lP-Qq%pE!#Yi^HM
zfpSgfcm_~L6S%Kgu$<!+yN<A(k{i(7TLloO>{BQ>jNAx03t~XVYcxZdombEsv9w0L
zCvT^@i9(1u`W|f&PT6Nco&yxd{2=Imu0@Wk#NN{km_+GCPjVPzU<W`HE0@u%vc39v
zOot9oA`P+BN#;Upbw72bVmWb|naVeO<yf?Oi3&4465v>9(`2Vr<Yl2@F(xOLLPM0s
zzrARjoXuX7YEH2(`z94Jmu#bv_Y1n7L|-$vaT36lH931@APJ<bYoN2A$S9N|3+YPX
z-Vul)^F9-WDxhj;Nq~lE%NQ0va38Qiabs_&DOp+}MOlOj6iosdX~gwzMR3|4X&+30
zu1l1K;sJC&uFw;c-WYI8kd5rQK$2gtY=d3&#>G|&>iOUlV;54a7H8d=rHMh7O@+!o
zUaFJGNIzaarC|ICK{m>&Wj{ra!{oA(Y8ISeZ77Y<>LJT#4TpjF=>{Rm(RzepB8uZr
z;&Zi=<*I+oF2!L#Ues>gTR3)O6N(KyW|5enl<dK63^f&oLjW%(>H}ZlPZz%t<$BkT
zgS%q!s}Snx>;2iUDnK7b1~J>5aO$mErJx(G(Si;Ydn5YN(_(TNz>4$pLHaVW48&Vs
zchCJJqvPE2O<W*ik=P7Ex0E)Tf*(}H4gsL3;>MQMm0pA<^45=m*VMMDEb!g?Xf9+G
z+d(}+I#0<#zx8so)>!ga3-jYF#B?kB#;2NbKaoP=cE+Bih5~C+Sa;XF5AQ0(m7ozz
zA_!f|@$y;4#Bi;L<R3{sUQ5-<%LRD#j?Y8;J_utn2OmOqtZeWuHZHvI*wg-qTABu>
zo4V8%m$!TKJ%3jdH;icd`$bD@6OQ>b<g3=$Z{vw2Z=0yfS`f~c4skR|La9%D3;GL@
zE6UboVcr+k<#|Mh-g~p<PQ1E4xlJ?ICWVrhmkUTZiZR#tlj|DTe=RQCD6@<U4=eMk
zPZUTxyekYLE4tTeSaD<R9I?AT@&p+rJF;2{U)P4jhJbDQLqKw0mz}}L9(PlaP2$52
z9en&f;yBC|w!T1olG2QMqT-+-^ICH{8i(AegdkL6Z{B0?Srp|w6VpnGCOqlDYfkrX
z?Xj@US3NhmOlyj@k-pPG!u8i(0_LvG&R^%Ebb^HtpG@|uHxHLn*q>(8cHbZDTrdmP
zMS{uG_C(B=k*Ys#@Ow^P{fs`^j*bz85Bqr_6Heep4W|~K*P$cC)<Jv<Fil++-`c2h
z@>MtUONkuxAKtL5@lzSxy=9y1&;C%vSUr%GC$gr9whd0{u}XCE*_&x=#T$_*uGCJp
zC9Q6TAg4x(<nmvNxo|tEfRs_s!>=D~`iL8tSE7hQ5^|3Bam~3aHcc%U3jGgb@G~PA
zD`NwK3C#&D?8ZJ{cLF9brb*o7@BO+HHO>YbPtxZxxjd%2?$gOL`d|t;5>Tuo(?s*X
zODTEM=ip*rFX(jD8l@;A^*5bpsFSkThU$ty7<1DlKJEdFgLKa#EC^H^bdeDnbuCmi
z;zrTrsKFct<=FFtLa2k|2ty*Vx?i>2CwBLCZ&HrZSX2PIXC!`lfHC#Vf$eu>Cm6_{
zJHDzU1H<Ntv3vEjAclPC|E?2>vw}ba6VPdlz#;4C!e+|PPmyxPdrr`16b)QF-yR`|
zA4RW|1~e#AMT6<l{#cuf3L7;OEz)f&wFob2!^PM_7j*=vPxY63Q{l$vHuUozjcirq
z>MwP^`p>cL{jS;<e4+vAXHyJMk@TUu)~42BRj2RW`DFHsXwM+-_MMov@B1{x%Jjk=
z6kX_d?^dcORH95Y4#h%WG(?C__jg0CNN@sPC_I-)Ci`fl<{71`%cR{?h8l8lauQ?R
zP;f^SUVgifTndg%al>%XQpKPpsf-njC?Q#-sex~YQTO)qhu+R~divpDeRwm6PjCrw
ztxU71Z>s#xh!&TBtvbF!WdtoqS8F8a1rJd<Rz09O=nwfu!X4w*O&z(OP9j5wBp7zp
zeSSm~5Cj>QP&oG8eS@A}cQmSXk+HBj1gLn~c)5y_*=I)6HF&*@vt5a=WH&Wgovp)m
zCTFa`GmqZQH}RTIPAi)n3p6+)YS%{<ab>v@?o9PId`lLtk<`jt_$p)C^@mC*hR%N`
z{V#VlCk<~W01Bd|`F*>MdbA5-%R2p8H$R_6mInd#qwPd;p>3BXP=M}B=_7XrhM3aC
z$db;sTj{~X*;6+vAFoiZNP*_}jwY*}dF-s}YXj!RuvMo!Z$&wtWEig%jnjQ?fIl(k
zCT`*jiLSStn|CGU`Z?gHRq;SdW7|N+kk|(7n#by&7(&g{hJw5_<mAA){V>#4U^Rum
z#XJ+EK7HvbD*OTbW~`=&fH-iRfTBtZ00i+t0siGA_oPJwF*1fCPJ*uvv9;q-*84J-
zRqInl;+6#F;^m^Xd3&8?DN--l_#yXwqJ3p#l8p@c_;>Fo$tpNXC|NT4TDJmT6!%Ww
zJ-Q=GAC9HdmThsjsZ;2bJCyoKH*KxCIKBK;`brQDW2G(>ZcFwF)(?{ca~=n5kI`V9
zlV@m$8WtM@$oa#w2|2>5y<}3U&2nQf_b)j^5b;W-D_KwotrTujKuB<F#ieSrZS!7I
z^Sde$+r`wOjBhH8)OjJ%&EdtGXWMJDH>)+ueDekRo-J{yO^gT}(rDVDOt{j;5=LzD
zlfl<2jJcos-sL3uIH}m3vxHz~fX+Qfhu#z}*?+<YlH47fqqb?dy}`lYvsGc4>&BS5
z`okWEkpAzzC0SfSm{{ZzJaM1l^*rJikw2AGyL-#=mz<Q`DhzQ!)N!;;*1U>;1ZA&j
zherACTpFp7XnwixPV><4E6=;HmXh$GwA)EL`1)^SRWfJZ1*%?->~`_~{?VwqZ!5q1
zpy}#n1`%Qu+=Iu-Xq~WY;Jj=Qsk;>J?PHFZsST|pKkuRa_3#VZiTWE`>>K=g7y<s{
znFq_~^AW#7V@x@>;B{kCvZ;rZ)4>s*>guY-#vmUS#}$R38IPJX=%I2LnH@A|fD8JG
zmgX{pUR=romF4nqy{iyLh_pz{60KOFi{Pp0cZdg`W8VjZtjVNY&GX9hwth)1&U4os
zg=BeYwdFRDPTZ&|3(kJ`2Fn$6H{%4`26RD;5_C-bDZA$j?Pv+BLMa+OlOcUg#>+E?
zPSzHnF19}WdpBt^&*QzCpeGAY6a91e{H9=!&1UzB>nR?_HC<s{b6W2@;HQ%I<%2-&
zSIA}CfrfFrp?BCLU$*==?hfC$<@28b#BY$0R<)FQkMowl_^X*rJH3Y>Cyp;{c4fN2
z8qtAxB1R#0ZQbKb^i>=s`1aPJUVGGP{POnRogzLF-;=+Yudx42{OV@s)=g*tzz+fN
zuZdr-@sHo=e^L_xh!g5RKAw6&$d=AY2bRAWBs6-da~<bXb9IdmZheHtKHq3GlLO4B
z`C>YGxR=w5;()cP?L!>bcs4|3%cQYMzAdFcH%pY%baffg0duEH=i!M0eLu|o#p#wZ
zjg~~a$6q?0PU(o_VbJmY4u>d8uRobEm`3mi9)H5oiLc}0D3b}321en8LUeITbUtI2
zezh5jFN%(ATx3JRnqBd*WVHA+Y5D8sDgJ2%eVA?~+a_ye|Jbs8<mlafx5}31PZ8tr
zawjE^X-kGQXp?=qsp=v#`HoU7gEp^yW!bdp^=qCTTvhyn_^#T@;pf*Ty;TqRPk6>K
z!jLvS%eAh*ISb)ecq8Q#g^<a^NCVl+5O%?_^?l@DVok=OXKdf%MqH~t@3FTB_ogq@
z1hK{3L{|-jZ0(qEZhSxUJ-?<*SMjzQKXf<?PT#r4nM1<M<Ng+d8Do7YdreTbpk72X
zeF!ZyInr4ikBR9MErzP@PNYW8R{wWVcg>JF6Q-{({W-Ji5TaL^APi9(*51rkg`^1i
zvFUtc%q~gqWYR@WPfxEHkb!0G8;MVot`0j=*>C+47Kz;7FVU!|q=0uGA;Fb?{U{p~
zYKU>SvQru}5zJl@m&TlCA-kL4A9rdl&&I(kq-O$YiH;Q>d%SP?6_Zj`7l}r@oV?s7
z@RDzOjCW@eyL_=5>I(@G7Nq?^2?^@5K(^5Le~GZ{B&&mReFl6Sd8WHuMCXvhI_ec0
z+gA=yT9L*)<h3$In0R!XB!9OP;SsYC8PB+)uC9oLx|^`~Jxnep!0EJZD@kvA{dP1=
zr{HCDA9FGvLb>{N3+8@e{G0{r1s;!x7Yl#8`T^{9Lme?NMTO8_m{SB_HKJ83e1I14
zz=*|UfQtTl3?Rl*qCYF60{!?*sis~z2EoO*rW9dzk%Z#-9e`4CrVVpj*eFZva<oew
z!6N{DsPBS=WWdh`hjV3dNSnL$N@u5}FJ;bgcl~NXcSbzWwz}Rhh0oUmzKd9KHu6SE
z|Fbtd>1Edq!iNmB-_^agxV~y%uvFgJFL)90M({;PI2p6#DA>HD@P+z#ik*Af36xo&
zGEX#2`>WP~?#mJKxY{g0IkO*DwbsBVy3w30EOXoa1gLhFBdoEVTF(yLT@V7)HS=FX
zS?D*hI&HSB;b9H-?!T933=j03Vxu%E_FS#|*Zt3enIYWldzL-7Cv*4LHsUd^%iz1p
z5U|s*<m-htzGlxVms|l$m+wU%>GFhn?qE^nYnzxoL2Z&I$KhQRP4>0#_bhW(xy85j
zIu)f~C3o8!JcHK!l&mqq9y7A0Umq#F2tD`&ldinDtrIMlypL8&*0eW6?(SxiUt0_H
zA-d3n$q-34)nXk(4Et0)RhYcqhyHS6fqEwklnKVg>NHbc?>0{->*nX~wNR1zDcL3K
zwNx(~7OPd~8;9#hEFQU?1rNb5aFlXt)RztfV-|$i^U@@wVi-#Yz<o?48`%1ND2OQw
zd69Yi{wnrk;^V2a8#}dy6I~Dq#tajWAm+gJD`XAsERa%TWc07By!Z1L3gzm|(WnkO
zuK_INFFnc>$6EK4<nq=0didd(fq!|nJIkr?lgB&cOLm-BDKFPz{P0j!(m$oPPfVnE
z_++YM#I_gG!o(HI{W<zBUb^UfAC=m?@&dJ&qx1wkE{xp)2kX%H=n!fT2)NHOo!5DX
z$3vQxGG^6HC92nA!h6tZ=CQ917<T8QX!M6huh8LuGCN?`>l{R{dQ?SEYU{=PXmQf4
zUiKgS7SbY0Z*0W#gR)E{Q^^XSmdJiiTr_^>Vmz>&y*nR^x_|34LEyhOXV%iIlX{ZP
zg;w%)S(k3_WI*Y3gCXyg9m2W>`jKrG)<CEPBPl4(t>?|M@Q%$(AmKlZ=q%bkTmk$7
zS6_XwX@rr=uj77TIad7r{UW8W1QD(cnAQe#l<0i3`9-Sc+}6;mAyZ95gTL*(y~ewc
zv{6k@sTct=lF)#8J|Cs&E9_$g$CwqG!?a=CVZ?sd>!G|xXqmF_Pe?%~C1#c;d4YU_
zkxWbA`|6B11)HKJrbT{T7oD;p+um*`y3}X?LN@WM%T(AWhW+hqpUu_%&44~H74_z+
zR|#;7rBJ8LCZ{SIkW$KgOdVd@7as_#jpQ~bw5LOmUv$DWk{$dQ`@WY0ExJ8@v%+o{
zN<ml=V9jTKGDhIHq#=}GK#SBc*$;^@FQC7fa|#lqpe&A|oEtR3VWhCbL;f=Z)rv#e
zv4`goFSX3-810ethqc7PUM9r7@mWhp6W0juP7ziDQ9Po`z(95|daNxs)yN@-q9-<S
zhF;!nuUTgrE<K531UU+-Zjj2s|G-@CiU~_P4UC>TwYVBEpyrrt;Tm2BqYFv;1h6`s
z!bzPiD8NEY6(k=qx9AkPd;<uFIcpHQYqHXn=NDuYpj<kk$Fp0tp*)4tu9zNADAZDE
zJA6>9{MHBS$&1SaoRHjt%kb_KU!aMwHFXH)<I>?5<C}DsB&9B+2~g8|qxmAUb+<KN
zw}A;W?3X&$K?0X=-`Foi$_BxKa!I6_4Qp>jlX?#%0r!?=!MLTxcFy3L(xu!G?5fgt
zpb|*Vj>QzfA8}csgULO2SQ+)*N$)v4!fG!3{-f16Zl-S!^N&FDTH6-7(5X`8!m^o^
zVzyC$TCc5Iev(zltL1iuL5+k27Hv*R076F)O~tpZIa1`b%*v#Mvqp%RXFb|jdhMqW
z7{st;H8iHD(qDQN=n;6}h$D~iyOP|-Jl0Q&j&wcB@!_`g!FevFMYvxhdKA4=qv(!T
z17sMIk#4p&P!&P5)mz`Pwzou*A&#XvY%vx+T`;*Dcb+d(5U79DlAH-5TCMk>=f-UR
zR!frC%p{;DlS$19AQB0MpXJl+%edrGNdO4Hehml!5dE$WUMZW;os;0HJC6DByW>Ks
z;vXfrJCA+;?!=0m`9A$YH%>U_zPwzf+jI>qnpA1>h|okKk~_}O*>q2n=cc7cop%Yr
z<0rM+%oyZPiXCRW%Rn7c)U|T>%4OE#5q8nk8q45N!IITX4#~u<s(FR2S>-Kl25PoE
zr8GPE=7rs-ER%r-=~1{@&j)~izzdmHAmMXQovOv5N{B=fXo)aZ)=>K^*V%#l6(<s5
z>V=0(#IcFZQoD0Ul4l^-k2Eobszw|ZeC+IIJk)VDnX2QB>K2*xDO>5iDfRhPUIG_T
zw_i`U_w)Bvh-YA<SFB3d#uv4*x4Ux(Q<Sm7-?}NS)QoIMyFVB9f7tp+ew=1>=p{{Q
zIKB5yH+*Z8?6##grjZE44qdmSeo#9)z@kG*o(-5jh7OIrD9=<l2~p{2{UyQI$06UC
zooM3|0Db(e-Dj#vM)$&~SvzSOYl|-lTIiMa8xcW=9|V7U(JBYam6yq+m?5BVwv;yJ
z<50ygyh@#-jcXfJDo%dZr0a5Ck_BvXK#3$G#?}Zwk~J<esL7=QVR2ltQ7YZ6M$MZZ
z$~r*mxZo)zW&^{FP2)ZMCA++^wqE)yrSfy8ydU}7W{C%{p$LF{h=08B*wbhN*Hyv9
zBbyR^4I+Bqe|v{dvT|(}{Z~1&>)02;V5=4%8=4lDp0)x{;@eNgXcc;;5`xFBHcg{7
z2eSP%W^DQn8Fkxk)d<sKvBHdE$ovs_hv}4<WOIl4a+c}c&Kc0Jqm7K?i9Da<Nc4vZ
z2R@nF`Ga{><@^tDj>rI}J6d^SZ4mbcKYTr@8l<ZNEph1wdIL~Yr4UP=<TIJc1NXO)
zx6;0zVX*=TbNl3GV!6>bK?*hzYC9(w-Jnc!9=Fmt(p(Nf1tKbBYuvOS9l;!G8Jn!K
znF(;5aem>wBJ?MYB>qt5z`e`H!+-&%KczpHhgs<jQ98lwcJ24d0dv#b_xYrj(C4)Y
zEf5v1E-)etvPQE+GM@Jej4Be6FPf2)8i7i}Lql#G<8O7aZ?cI26?e%=0?EtUT95zV
z-(o+@jNhJ*)BpPYxm!~0dFj+vfM4yFuh7Sjig3;CoM?XpN2L{v9$Cx;ErEh|y|z85
zYaZ9)D5Co1@wQW@*ru?qF{RM(us;3~J%tz>q0U;26jIPggG@7)3_6P{_<rkZavDkK
z@J4dsNyrSALZWGpNuEAiy#GypEkE$(Y=-WA$N_TxtgE^sq;}=q?_MqqfC9CN(8*tN
z6*K_LJXyb%UmUFq!>|-1*F4wEW_jc8qL~U-0l%*KvYAKqe`;tYpox(GPW?q&<{0A8
zJju_w=?+bftrFD_&aI=4iI)$WldCWIpv1tmqK5I5Q7YkXE@uI9r6de2hMo)=WZ-G^
z-gI>xHwZnjh%&9kTm;5jwL5$sYm7Nt)kCEnh+5dTqW8?^H@BdOvQ*>_rX*>AM!$|^
zhAMh|<INM92A;QxNlxY~DUeTubwMy>O5pN=`9%uQqOC`IAJ|TvYc>1AtLeWnz!&@A
zQG8#bFec_H<Ba>dR47d@P}lM5R;H#qwy|a+Ub~}GBocJ=>l7SEg~z!}aZMrHM94PT
zGhl+bf7Zsm1}5}cN&52f3d)r$gYU?>$xu<V<rP38To`=I3LiQ#r;L1(!VO93Iu41<
zQAQ5;;aE@RFj%a0W`&ws#_AH6800j!ad8Z#H!5|D-G?&jd(go#`Osj?;adfk#5#ff
zF$}otGm^w9`{7G2Sf7)S%FCZ(eg25Kw>&-i!OE=zUva}>q4y-f>;{lMA{V(;Ap=*n
zP7bo1WRmigqsuwvm9{}%4~AGd3?{-U^o|93I6oToc1xuwe@vSbk<^uVrqUaF2oYu%
ze7wL4{WCvg5PQuv(r2HmZcgGmtsnp&+Q(eD9GJ8&4bdwFu^X;^(gZH!(yRZDr4CS2
zXH>Sw1ptd_gYCk4_h4rIlh?zy^@NVFgj3~-zNMvjNHkWnm0lk4GeBq)798?6a2@Q*
zax{OazGUZn!<hI5C)P<Lwt(T_o&-uAhC3p>3luJ)kp10##8e`BM7hrm`E_)H1usug
zpMzVEM$(|t45XRc#dnZv7L;|10P+?C9}!Xpe&Zhl-3YB(2+TH%%7c?P9vJTtxQ18u
z$rhV!=Aw?o5hdCke?wwr<B{h1rR|2wm|Na`r+m(U#e5x}U!o<~H{Tr`AMso>3<sNp
zj6&T9(-2)KY1j0!j44`A-GzN%u4t?kZ_^R~0&lI_3?B_YwALl3*%3@!SIXA;%gl-|
z<0g`^6|n#VXMn;tCk4}s`Ee*(KZuC(5)6673%s<wx-)d_1|To``+LuOnHIfacH9#p
zgtIn`o@)t7lojSigRr3oXHq_?^-U$-H+>A?bU`qfef46ge@@$_ypgnTVAhcGQ`)Df
zqOhty_x(@#QUVG!mOan><~;DFjrKHnPe@3wjFm{UT;zB>;Z>a^M5L?+2MZ~Shhw>>
z@CIB{*#XMUeh>i3=W*xw0OYI-DQ(h)H7_3|h+%|u)<)iivR2`iQT#>U&}i8=q%M^v
zGZIjivu*dc!DQx7g++bhlBvs(gKjzMe%p#8LpICq(@>d<BK2$#0}_S9%bBa7JFP!c
zwred^Mdh1|eYR`eJ}aphX!H)&?DQ^mFYzXvNp$gM1VY6dU&ARwRMu5zKa;+Tt6-^R
zjfUykI!Fiwz}HJCpy>5SgLhRjdn2khcbX&rm71HfTr&P5{yhh8lP+U(PIlW|bP;}P
zU@A(DfhF~fq60&1#*y{{=GU4uSjd6y+9#5@4g0~JMLmAS8})1C;zaV4S{qASqX+3s
zqmi=_J|u~-EI~>xTHcz!?T-8Uz6E=X!M0Qb)~LIN7mvYSW9v^;7WFfI@4j)&<h;%O
zwgJn%d#g%r+qA6VO|b><$vLO-@0WcFD_|{clOdV}e}>p+{OaGWX~Ou9Dm&x9LYn2D
zV?K)6a<y&p%q5@|FwE|wqw`Z$-F4R73obT&L5IkJT;zL>Fa2iLGFt>U^M}Kak5MVc
z-BmFo8QWfOp~ooYVf_7?>Ncy#e{xK>tZppd>p6{?iOS?66UTl*TZ{Z_ho)6Rkok56
z&u!;PI9G_6&XUU8lP1+rv)0^(vKzrpoB>I+AyU);G0NLSc;8rOgQ9U-5dJEawX@Ri
zU_tt~LW~jLcbw174z`7T#(lg^mh+q%Ricn(Jg;qjAiAB&yJv`lmuWyHhIhW%?Ffc1
zOc~TTjV~@tHw<~d%+Dyx5y+-$6Ucpq!-Tr*-+Jud@@@~sHY|OjY5DE>1t)DP!^2B_
zZOGNn9AlO~XTt5J3cG2t-=<p-T&qPuAX^5>U2dF;MK&}!$kgTJny2Nnf22+YztkS*
zpAAhFeXRV`;7V*y=760^!d9j!M&)Eh+6Iz*Jh@zw5iXly$haFhX3jY>IqVi2Imqkh
zbJ~cSIZ*!Ex|Vsk=MeET<L21WKlkm;a%fODjD>HwGVPwU?$|oS9zi+bhQzRQ4+3@E
zF{O%@B8BI970kET1Zh#&-{g(*#p^VG!i1J_`_3Y@HO1~xl^F3Iw38A-0W#gnt$uoy
z__&ViLf{p=+F{d%6Y)%$&?x?g4VnRE|5^rU5%|FfRs(NzF<N{ay4@f1BM3NvAD9Bi
z>5UnImvNVyC_S!KnGsbrQbPZr50P|ZxZ_H5WxZo**t}*_aZhBob>Y_{M=G0O2-)Jx
ziRRJ_;sn2$NVsro8-z0&$~OAo*Ltcdbc-%(H1Ke4O2VAG&Gz24GJX@SMEj#^j4-W@
z>>S7NI$;HTm7He5?VX4(4eoQB?Q3P^uY|A74Tf(uK**-5gIRi~J=aEtIL9-*?r<f%
zwVnp}?0cBplDOB`Ajee(x+1@P(yBj@+&;IWP^;80UK4w{{O!6!Li^QI1@z@t9wSwY
z+Gd@;T<)X&F~jIvIfLFatN?$C^Bu|s|1~;|^9boTx&+MTndm(DEE1k&`@Bn07-j+2
zhy~F_zj5n%v8l;>8x#4zkZ*V!q8@(m)~;SzNT-^^N$(%1x+;-Mu0qnud3JH`rM9GW
zqrh|5&-{Sz0>mOGN#3kqXus}*ZPNDCF<%U7^?1jwa6ILv55g>yN$MtDyS$qxFO?3!
zhHh26bB$eGse7}`BRfSUj#i8#iJ-V5xrw=Hjkq`$&Fi_wnwyjzNGK=@UoLe|5!&Mg
z7TF%UtW~bihFw2uX6YJPUl@jqhPnvym8b9cNp)kRz&Y|*imgkHR|ywt&^k=ffj|7V
zKzTLq<+r8a&OOQQXq`DbJJ<3QDpx-oLaC|kR_l%!)@W`Lks*VsX2u|uH^ZQKD$_~O
zsN!W1s4xGq86@fpkvV|l{YE=c4UV8=tMq@h`Ey0CPV){@1G2@t9;uF&MfLCSvlW8B
zv}}QKAoDsPliEP53FJ*V9u~-hf0<nMP?Icz*JH&!P1(!R!iYQ(z^jgr1T9;>uIL9&
zwl#N+7`*?3X(!u_vcZ#7-TjTZ4CKINFLYtWMCA-_9rOlyoMxZ-rE7EbRi`D4%^P84
z+&&35AB!3oKn)5Cs=mG~ZABhKSc!>Fc6~qiU{3Rs{Q=tb26~;`U#mh4z-$kvmWrBQ
zgfyjBDl<ssCtPM`7}vNlQtdHR8d>AKf1@gm8KqM>KKVy(wfZN-A($@I^@7Y5Zpqsn
zkJs>i{*yHbio0=E4fnTf;L!D4t#7r_g<b>w6G}9@1v~T40L(i%DHzPG#$Xt1<=={$
zqh&|EbLr-sY^o-3xJvCq=H4g4+9HcHQ=-&#!Xpu)cav{Nl^O}5L<QyZMr^RyY%3~v
zGE(0^;2NZcmpAH}c;gPr3_+K8;XnCGQ~Z|q=`MJI#AGw#!dyDv4@#0uSabmVJB+%%
z4{c)kf*r2tgn~wiF5xi@#$*hhdN9^y!g2vt#y!R={k?mN&r6iR!u>k+u#ula&8=Z|
z%x%8}3t4~eXZ)>D>Pg6_r3W$Z5rVED|15(+_xxN?=l}q2<iD4}@92Ef9~a1fP<bCW
zZnS@&3YOgM#xML&5pu~FcdB;`pX2@h@PEPl|L^I{1OV8ZdO3NxvzVKjTU)3pLP6sI
z{(I0^GKV_}^b}LFiw9n^ndg6kI-q)xK*KR78?cci*L%YMH#)>WbVAI@s_yjv*ay7c
zb8gJZGc3Rl|B{yZ&RfHrT*pe4yy}7c59L47PMDLKJZS%$1G2o=_MhB8GPPNf&sfR+
zE#+N0R9y15J00ZzMwECz2kn21b}0Yq-Y5$IVD9ATZsF+83U;vnZ}0xg_`gPvcaY(K
zlG-N#z`?@Z^#8@x{9ru~2L%8m^L)XAeAam<G<CGGw0MvI;`-V0|6j%b0vP{(^+mb>
zfSZN8yN#oj+yASY{~dGW|7jWkz-ju<>F#B3;l`Rg`~@BO&kzgTs#b`-H!1@5eU|)-
R+Ri!o?h76KZ<l{c{||o>ldS*%

diff --git a/documentation/ESAPI-security-bulletin5.pdf b/documentation/ESAPI-security-bulletin5.pdf
index 52fb78801f93427ec85967be5743ab4926b9faaa..b3a215f05063799f9b59101a008ebab70ba43bb4 100644
GIT binary patch
delta 32041
zcmV(_K-9nf*9Y*_2arsEiYv+SuCLJ9AUPw~Di8v-7Q@`eZt!97$r}uQ2G3=F-?3(9
zt*tjUO_!8aQIWB4DR+kBuZRB}9sXtT$1?ikFMmJ$`FF>E>s@#J<)4R-&qIm`THJUp
z$IrhVfB%9b!141RKV2MLPx0dXHC$Y9@#-%wT~D~kbf;Y5A~%D7-X7$^=x)6Hpl5vN
z?j8jE<lB$yUp{|0JU<UV&gk&oZxO=Vyy$gshzWq!gdhC%gx7FQ7l=yRDPI5yVlcpK
zW)Qw2jzrLeNZu?$B)v0S!ChdSlLty(7~KYWaD$IZpm4k=Ik=NBSVqhU(*O^qkK|P8
z%LY|?nn0=Q>G|t_w}ZovU-i)+|8Q`}6X4@-M~L}6%Hm(gKP`mL%FhW9hMDq5?@jqY
z9GqCe5$X4~%=D!2*GL==By2Ylzzwx>5{={k6IVcs7dUqZa1lIm2dpbFEoBf>ayMX1
zK$zghUp-28!(5;Y$a3~@9*lGl(ow*Pm5K-+@FZ-gngO?e@Q$eSz~2%R5HH>%1YS;w
zAi|dZeMuy$mHm9Y#`%7@N1*@d7I?vRx%kX_mWTX?JOs#WG!WJ_-czulanBkb&Pf()
z8b=oK@sf{=FW1kXE9Yk<reypK#ixj$DG%BAR+EYs1Od04+6-Pv&2nMsB(<E%mXL&W
z(_V=g`2iV!`T2m<`(w)a`0bEV(eIU!C1}iK2L>#wJ#arF;}x7&JK*GHV+EJh9(ax&
zc3JI#hn{v>?SX?oH@V1a2iy-CZyLC)_P~+a#;UCLz%g9M2F|M;a2WGBRB&1Cfyda<
zE~`!ONH)UQc|p)y$iXL6iGj;%4?ZOdp9U|h8GIjqO#=Z#K)sl2X$BiK;BhnujuxK6
zz=<6OzYcU6{cRF{kahdlpceqQPH`pZ`7X|32<0FP8sZ@P4+&5hW(VDr!VCoY@}hVi
z=}ji)E(`xqQsLsC68{5HDrt5kWOup){)HdGQE00{RyRb{QDY)J1OWvE3zGyxaTiLX
z5Q&n1SLq(T5kN4%B^zHBvcX7PW2~SK!4eRXqT2;YN~MEkp<p0<HO`?A=?ofDl|~S@
zkZ#pOB34lXM87->tQHX>i#|3P50ZmST=XPRc4X#-7{tv~RPjNRd!?u*BqA!1y#;!S
zFP>5`Z`4%kIQa>n`wmf~q0dEaf?`Gl<49Y7kGA#LZ%t6F;K|k`tIizE;EL)aWZ~50
zA||YN%~U$mU1CH$p(>y7_Hd8u&=&?Ft92-KgePQ#F^}Pw;#FOWQLCz06-0+5_fc%(
z9m&RVTsrv7Zlux>emid}Vs`BGkUOze4=+L}6CQ5Y*!x8V5`;_9Ar+&E#{vO4xoIPR
zPzfNMcaO7f%J=+8vShDk>5z#dV(~G<!xn-%Wn-`Vn_;~r!yzqYD1<*uTNsg)ukc|J
z2NkYDV5@9i1?Jsq5X5OHoy|7UFvTXjp&1+5R^_DHNoQ<#F*Q{H3gNT}j(J{E&Xu1n
zW=<Vo-A|a?&;Z{NY+1=ZEB;!|Y38th)c~#7eN93ennR6w!YW%GOhmior5?801y0Q|
zCd}^B)Epi)36oIB9yvFAjiLDUw%LP-K+=HMDOPD>tj!73e<G<LS_PkAl8L#41-UrO
z<C1=|<mA9PnS>UeEEbkuk%-`R3ww!8f<-01$d)Ipu!El1FtU;-59DQhSSB}rglvsm
zA{c7??JY${eoVq2sfpw5CXF07vrO<qsYz<rW95}-bw+GgERjh3q9>ope?_ZOWqA=G
z%S5PGmBeY`r5&i&W5$0r{Z|oFmq_+V{XJUhiy{EC9$mLnr;VlvV=izf)G9%_+i9J;
zQ;~qGOcf_cnhE`n%528NuNy{x(WEmMFw$rQK+(u|LYqa4rCNfwQAu+)=%_4L)ACat
zS<;mM(v4kSRM@>Oy(*z$&VFyVU-~tS*iFm|d6{fHbk6Yrux}AKERC0`jXTP)EB+t_
zQmia@rsiVw770Y$65B*Rswf5#aNk?^K1U0|T`=)=U4J+4fRGS&P1It4gQC7tr#Ygy
zTNuLNEyc}=t6<QzJ{v63FytD$@JLnbAO;f#wMr^+B^s6*Z_$BTM<uCxuuo?pOooKP
z;(<6JYf_O^;$vtuF+~zA7`8^lss1?J3=E80@?b1P4fkvWktbgqKVq(%uZ(<pCF~6O
zFhMRyd@xac82e&fR3AHk)wdlR^v;e0UN?t|Smkf*c%K>D#H~Z2vC>-OY;nq>T9@C{
z>^AK_GAV<z3=x$S4B_jfKrYiaDlP1C{npTIK;tIONiCS7A(eSRw!G$B(J`IwuF#J3
zl<%Xxz0ty>7@uUA5gSDOjHUY5CJmyPIIKn6IJ8{UdBztC5&KGiaS>V>r$hkDvm8(7
zp0&uBRws$uOP1O%MBLp&jI~D(69wrlE&v-L?@-};BBaFIi~jCOR8a5HWi0OFJIwjg
zS0$Ps-YjUkTo>+NrRxx3nN%e)t4OiFYth`K)I75*5NqMn(Lb;Dwu?Pc%loM`T;f=5
zV4T)!T68tfv%=7S62yL`5qx(tVj(GYX5ZH^(-LMj$s1f5XpHX0h<MzYrt5L40AJgP
zcC_@=BcRaEmiP?oMN>9*yLw7wM`3cv#=TH(=U(-79Y{z{(<3NpcI1HVVcccK(4DJo
zANtLY{DPcnbw_RT8t)!7&*qB+B1NvJe5of_$Po-oWjg?WGzX2gfgP5e^5mr9P3c2z
zBC7O}|9WVcb&JGDI6TGNH5}*9{x{^0U8H_k7Np><`sso~Z878R`gNV_$8??t_z<|v
zS{{c^2`WqXh#%ViTQHwbz27Uo*HAN2eaO{9ai2ykMiwqCRfSXMiC<Hb!lE2lAgO1c
zcZ%suENe%9LKathxX&9yKuiln_+-z1%Kyd;ndT?hrcUNoHb8+o__Yb24CnZEo4MTD
z+^Tp?QCkDkI?mA-<Hu~AIGI`JZhrRmq?vR$7lliPb2(|G5wnaMb#lSey?CGTgb!Z!
zzD?-%#&hwm1G@WLMEkTP+HB?|F%vXq-X$_iQ~05O84e~R#qJ1)eyY&v3|Y2AiT-RR
zcpdn`OQy0b>L+`IVCOzx8CD0mIGq^VT)3T#Y;8Le;KF5L9y%w#G0?gD9tIf4Mfe3f
zN}7&Ix>_XMrj6W}QNg8+lfItP$uA<Pp0ykLtB8F@hO`mAq|%XUXm}%eKnaWPs-H7;
zB`!>V($wm~#R7YFiy0`^wQrQoU*L^p7I-i5fgS#Hvz3I9vHSThxxqtlV(g-ps0|cq
z9#!}{km$<ZZ6onxq_gW4N&qm#KR8Qt^R}+F)!LrN9-F?RoUZ5<{gMB`TUk9HMU&q`
z7S77F24OY*CQcWWT&Tstifva@E0$yQiwDJj$gOnW7j^UP)=t+kVq7!d|0kmhlEo-r
z`;0D3dB-FrfXrKKrE|Y{5E9?t%-__b2JWi(xxcjn&|B8JMJI!;8zm~P^D3N7GUcR#
zYaDxDUzO)!n4|JN65Ncs4q9%-1pcjJT#oyPHf!OrTQ|60ngV-ypw?+JZm1odYwfEw
zbh?`{I*cAIVU3{Mbz0i@W|^;X`vd@Vj5IkVFuTN%@n}ONV+ZKOux6M_>W|0&0`<f3
zgp)A~9Re~nlTZsme@Tz)xDmehukbm59TrK663{T<H9&5YG>}7(Q#K&T1V}FP_d~K+
z3nfaH-Th|r5Ij8DmbldN)mKG|Z4R*e>FwV;6aV#KcVV=<|NQms55L;|E8RU<fY8TJ
z7i{O_XV(vXZ1MNE^T%7~W9MM{L)d-%W%uj5+kxMG{OynLe<mF5yYa_;ybecrH={Y3
zF8@5IC-%6HH!t~mJ^tzAw{N$Pw;zfWphxdVa~N=Ry93Ch+sm<gw<Zk-V;l~KG!UGQ
z`z}suPDf9-^3&7Ny@S=WK$%C)@aG@jOjP5i^5l2Fc{95`#K%AGLU-u!`#*QTXDLmQ
z66|>Bn_?R8f6fr1_V#@2-%X#@_fh!0YfA4>_<fZA9y{c&*vk&7olouX>n*iHBbQ-u
z6#NB!w187Rb8{4Bj7_yw+`EecjcEimsE00#V{bf29GaAHCJJg<q%!Fp1;GK*Q!PP~
zh&tnR#^n+1H4lLk;&??-n}tTvQ+I5UlqiyB3CgTfe+-!lL!pn?iF3qwkIa>2m&x$K
zKw2g_A=`=s_C+ZiEJ>Ze+3~m^lBNX`d&?^AL%Q#hYPq==yu^n+I|m`*i`dyk0R{FN
zDdablZzv-OeDHo>%ZSsv8go2-p4j3K<0fV@0&dHm$^PYW&KdL*>{`FYc|9Eb#CbJX
z!gE;3e=`Gu(B0V=q{0$?WNxYLnwtAtdYq@b#*aOCGy{pV4h0=@4x%RPbutvXDHB48
zA1DE%T~c93DU*@0jGFz=37d5<drl%k^MizF9dqt<v>Z22MDneWD~*UiEtc{AIBIk%
z_+S@Qy-igwp|6nr%UJ73m=bn{c`-=EDrkzUe}WeAJGrThCDg4nBD^VaoFaUD{0VM$
zcIx(--en+^-&K*4)#~3B?-a)fA~kEnx-2Ff+>~lY88a)H96VtROucz>iH6GOXy%k{
zG5xo*t;;&+1_cyDvHeCqL8GDlypzbmq@+nQv$kdclB8l4<_b+1LC2ocA$BekZ*Wg5
zf2?vbGLV6y8lgfOhE@|}DhR5Of8g(Kw6S!n{Y@D`3O4jO4z3Ndhpqu`Dqg`1hp{<>
zAiHoWXhLaXEH;rMq(Cg$f5t1yG8QtN3Tmu)+Bs$s2@>boY*mlYDx0-#D|K@eC)UJ^
zg|oA%WNun$79B`+OOEKL&{zCDA*MJ6e~zX2L18zu8xmfbdy@Vl@hVni8260gb-;xX
z4Yyo~UNvDWV)r@WWfovm3h<RKl$;bbOXt1n?Q7Pi(3Lu(jE@R>4n<}DCAxpaJGxwL
z7GwQHNeLKL=BPnkCz0aL?t*HVHTRk&*K)qoq}VXvx|@4<m}a#_i!b?63W>W~e_koh
zo75X~i>!F*5iz<UE_ojk<9ccYcr`b^R6c71VZlpTRfVc9DSIi6wa+uyb>+Yhd!2}y
zDR*h@;8qtL4mBHBmWF!u7nvq#Y?BGsJ!;)-e_|HaiePw^u~agzt&(cL6viyxU^3^5
zUV&Vd8Je@Hbge22Kk-WCL+vLEf0fy5;i?~D=9@B$5YPhWRVbM6`FsLjYUR@x$yWVr
z#@SYf-o)WRe6;#7muR>6-(TbBmA0}>(>{7#ugZ2MwI)xMyAf)aCh&psxZ>_u{1>p-
zH@5`{3hSgGeSmj+S~ayFI$AAsu_VG|4rJsaS~f(wbf_=olx&)jf2IVJfA&a1+7z{E
zPc&X`>2l}Jm-HA+GIg2-iYqgsve~$IY7RZk00FzC-b20?XIuU4%-_-w*bpV~birw_
z^bH5Ul_-Fa_B4xT7D{DSZo+^G)Rs1^RF)0Z3$?a^=1TqvXrZjKb=;;~_fG&Sw%9*5
z>0vvpz2hZtDL%5W_QX?*e}e*RO^_sgJ-Ny{(KoQ5`H6Vt%AV`l;N`NaOE*xJ{Ddy6
zBl?bNl&7qdU0GcaSFI;s_}E?<JU6nfWy~T_ErYUW*q_kyX_#3+P~0s%W=PxHFQ<3B
zta{PCi1D%%r=Vu4X=2>oDJ)$2=>R8SNIc?`RSkek&F=w+&pk#(e@qtoLij@L8dT?h
zRq|(XXkKBHwGrJ2RIq*q7ifG*x0snE!(g6!G9R&J0>w@aCFCOxAfw|Tw#Mxk4wEXQ
zB_T>mBSoC61@NQ-hV6}d=K?O2%yJ_M(tZwQD8}1zVK6t{s&B$;G5ZpA=X=RMZR%co
zOfi?{cWm+*TP06!f2AwecT``09_V8qgGP<mFO`v{mdtBG2E?SI%-^J}R25}b{laY+
z#MtIi|Gdd8JpvGi;No&J<C(u*WU^Xvco6B`Ymx3cg6p&3N)A7<r2<D1)Mzq8ZJN?L
z_14X8-I|Kk3E}5^kpgILC-tAO!Bwj6p@K6e==FNnxq)7ke?Di&Kqjor%0bJN2tr^z
z85fDq9f=%;s%{*1*&jH<Ne!4(1scZ<G=ZVTWU-^nU$rJLQ1i8r7v^;;<j1M)Et{UX
zeY5TDE41*~_AN{^(c!l%Sx+pi%mbEj)KU<C*GUho)WfIBH8j|MmTsoKmm}aL5x^>;
zf6my3244sRf6SDtz5t+C$^S>b5b>~gaR6~y<pB~+`GVi7SHVD~({sUK$8SSKFFN2N
zYTT$Znqy=WqFrTwgAHD`RYtaWMmroQbyr_?TA+U0u=S_WZiiPYv8kzLt7da*ZCjoS
zSu(w?Ezh*fy(`OCSci@q7Ryt{DAjk*&K6VWK6e2Qf8ShBS+G5Ce`%zIuc4~%(tW;)
zsd)<jSsc&}vpw9eaKLxVWRirC)3|n4WpbP6D1N>f(fMydbd$%|@4`{Q#+8y`d)^^O
zEx02&YD?recwtBSu|tXneo^Xrxp!f<+OT-3<7&(HgzLX5a^Rbg+~hKioefqf=Hg{t
z3zqYKfBVqxxQ_nmM%+RO(6F0Az<Anxmz|s0rj6aOZvw52leMWK4D<a~-toZD*<i=A
zHQllE<?UjRKa)Lpx2bwLz>o8AvL|_?*0^;fLmGh-@I8e#-fR%ov$F5Pdok`VlH-A%
znn>NSDw<ZTmdf#)yE(Bl@MSM)PR#*ro`tq2e}>zGjc(}u{1whq(^Ot#ld~dN>e@P~
z8P7Nw#UQt;kL=s1SDRa`<oQMLLi(FIEeQ_mHfHg8BizUsH$(@wY2%`TqXL2qgnG-1
zTfL^J?N?y4>e&uv+vE@4--}1UHYecYrQjo{w`Q1c5$K$QTy!C?lzcDdDxwf+PBtVB
ze^V?WfRd9`K)DTNPy*Eg1ek4Q5nW20+2SE%pmi2i86uxW?Wbo^(@E4==7;pPc@8zS
z44Dk@@sDNST0h&g_E4klR!4<+T@Fehj#bn$*9z3~Jw=(kh6SQS(6Cp%>%|q;3JPIN
zhekc&ohYyq@fjrKm*<#!!`yd{E?JW=f5({bLd=265ux$=#4Yv?>GV#^jUtOs!u0S4
z@eNsC{PCb>0BA()21?zS&8<r24~~=sKRe<XgO3kRt^Fkpo=o!ro2b)Na>h&jeF2@3
zgT*taZnV)CErHUBv?9gzslT+r!>5yDu;nb;$#{3=Q>&~F<Ueb?m}~rh6H$NI2K^W0
z<h@XnF$)v36&5-Ke-|cHc2o~b&Th$HHMGj;fd{@R>IcM5y_gx<onzIJ-!ivLNzVy0
zjzo;x=P`F=3Yq2iN@k(C`F$crq#WYqAH;sqa4<&DI?3{5f+cE7*D3AcXGLI<<Zp9j
zW}qg!n-vnfZ{QGBPGByDk_8ONAhyoTm?vm!i9!-x;)u^Ee<C~|isWb<QUopWA-q|c
zdFT=pg5^~*uktQU){BX;{1~v>ke3eYp0nMZQ0=B-;0MU67hD9EI3o!wZ|us4eH(cT
zthcri#M1oRLa7UjuGn&G_Hm^x<$J=cN$*mC==CMYiuD|H+bfeM<Rx9wS~$i>bt%@4
z2Hu%0m12Q3f4(z5&fgb6di2J#k!evLKqw<%@i~-u8h0*|?i<d=zGN5VP>NLLq8L&I
zTU%N07w)PGQk8HvjyQnd1b<AeVRc=d6&_R(J2svQ3>2ZDMHPXK+7b;}iG>uA3%)6o
zHCuXD(OiS@GbM$20Hcf<>?w5DpX)XP_6{o7NPx~ylgt}Z0Tz=V9A19{QyW@stYd^3
zj<N~Ofrd$?gwtKQI#@^DCAI#Y?ve|s0^V#d1t^gHP>VwcR*|gYzEec+?k{Ei;M>$e
z^W}u()O-Sz0}?3Ewv_~P2I=srhCE`mJ0PRlT7ojR0U06%Sd?Co6F$L)N)%%31(8+S
zWFf0;8grtpb)*~MGBtk!g@mB$24}wL^EFz6COP|-bYAtq{?8DuH2r0Su1l>pt!DOG
zu4^hF%Gz^u5AnEY{VYX4mV7;p?3tTSo5Rf0F%H#Smux*<0AWq*XM;X+K`5-{CZ`NR
zIJWwWzlN3ZT#{l-HMelQ_7}4pW1D2O({{5{w*-@o&eQA<IdXr85!P&B42FGSIm!nm
zIE(H}H=u;hE=p1KvX^rsvXwR56A8cq;DbB0{*qdP94R@du)bIdZM4Cc*v|FAR?NFr
z=srGnt>{<Zw@#!^T`9d)UMHblgI)`UMRa7lQiJIxgEE>F8@mkza{PTB!%e8C8l#P}
z!t%TNPFUUlFs*;QBBrzZMvQCM9?2zsY_g3cAxX12v<4PbcQ*(xcJV3-#6xVh#=K?+
zxbhP2E&Ze!{16CkFYdEeSQB!w@a0;eN<?XYr&gj08r2Z<lcHDvzR#i&KHDD33&5sf
zw+>ic$KOa;)p{!L-%=Cpp1aNy^$EAzgn8BE&4SvLsCa*%MVx|qhlJCb-HkK%UiC};
zIV@#p{DrHiJ?6O4glpSG#B(gc0pc{pC^P(<0wa~MC6nx1)~|h&rJ;2y_3M1pZrT@$
zs9V^R7nWZt&Ee696gE+!rVjS{c*54{gv$J?moe8eG%`Esy|fgbR#H506hr%6<u5FX
zu%%m6rG0<hQrkR{P}|o{T^FiumCv;@pLNPJoks~m=+wHYiVZLp)Qzu$uI9=+AT#V7
zXo%qk>fGd4GDfc3M%f~)O*2}hTbZ_Q!&SC}U)7LhJ7eFLwmoIRDD1@uS*^G#UI?+d
zD5}X&6iQctLgzN5LAqkoLTAI${zK(NUg7Pa7rTF(m!-*}H>rqTWm{S)e5Ey`Iw=Us
znL!CTEXZEhX}U_sKCq$`%Cm(5jqvOF<{R+oYqKT$?8uy(mhQ-$#jQ@v7ST}lSx5(a
zzT<-Hab9>KH>1Vt_xIyUtGX{vgnm>zjv<UU!|EM~-?4-A#I16x;n`s<ARO&xThfj3
zqm+NWQOa)_BCM%FrYy1OJwtT3Efbn~!-ik)j5)XT89|EIy5*BI6<xis^&dUv^-wZb
z<{>C4JIUM<s_VC?S+p1&eX}ng3*ZFdj#YO{ZBhAtf3(!+Pxd@^31`>y6RfH_0;THm
zx~9~LesE%=Go1B3{0l>7fqk#L(dKDW`zU`X;C&pt?xizZ(pXnbHgT;(bwC3YE8pHT
zMI^qkP@?-(r>J!Aq+zqwW$;VI>l;I5?yTHBkEA!Kg7QnI-Ub(dYa#JI`lC#({p`B*
zo$*P~Bliws?daNLFuASS1{!+$w1?%2D&W;4d>FTX6CGhL5h9mqm#3kw<3?1tGHHLH
zgGnmKsMnRkmli3C%axTlX(FQaZL`IK5-RqIOR{_pCG+Zh4yD67)uMceUaIB;Jicq$
zrHxA$3ylzR*APG*T@@mb_G8&;+AbQK5p{#CCBv%RQKuhRKXPwWx(|}F+8(d4GpE^6
zozk69K|vKQ9e3SS2^6b3T{~T=`jmgz`zDKP*X|C!=6br!r{3!NW%to-+))pGH@#E~
zZ&j)QuRitkYAN@md1piD`shBL$K{D)y(PKvHxsQZ{gzgwxjGA1EHJd@a7>e7)wwT$
z1Cw23wC|<6YQp^MBk*P0EAMsG302acKHAgyhCa&oU+8sgHT(BX>ejBQzTbaP+ir=<
zE}=e{*x|``w{@$)@Le76bAFt&mo<N)(1I30&})D<>N7lv%BYPJ28cBeni2cQA8S-^
zPCI5WdcnYU>Kg92*~0~O?xJEeaWFplvzz4gC2~gH4zKaAoGWU&&ci*Y!5<FA+S?zR
zc~z}cDj=SNC);AA1osdnbbVHha;{^DW~0+EULw>~&G3vw&&@Xvy6j7R$V-!`zJ5T?
zr?92R!X{^LrU1V>$d4m|KFTRG)h~J_<52a`G))=zJ|IBE8_II1_Rghw5%s&nuL{-;
zijy%56O-Q}3IaDblj|Zwe@l<!HVnScukd++q@rH7fWSa9nH1=4+W~qgdg==(x&^wI
z{{2$ai;`t|X1iD<<5-sXiI0z@yy6Vgzfb>60{>Z%)9mE*`M0MZKTLneyJGtM$J6cg
z$!L6Z7VbPxufI;;Jmds0z5f2wMJO<<y2xdf7kI2E{C-(a+F#p?f3)ifE<y_>B#tZV
z$EEb+3c`@Quk%IFfY5nr_+?jpp^4#+QEOh^55c^iW?Fq+(*1dbi@b&T;!3v`F9@8U
zdqt!m@k={_lPx}kIFfwO{z=+Nyg^d@_GsN8A_D>sKg^+fxG&A&NvFhmas&_|*=p>@
zH;h>5N7%Pt3l*m6f5PZB;Rv%y*`&ev?bg$Rlh>bLzk7OlefroloOPx#8{0NX52%)`
zU^I*07d?<nRa*zOd#KzN6hu&9T^E(U;q+)WzosxGKVYHT5<sCT5E5G&;^Jl5Up_qv
zbk%?3!1v!iiRlD5_-V4sS%vGrrXM!yl4{1`Ei!bJYqD|Fe~KXIMP$LP$wl^TO}-M0
zP8N(74<=+To&ttPMOZy)oy8G3s>UDo!dz$9V?Z7GYw)CC?$+&Vd}D801nRKXU(i%o
zl!WOR0Hie;+-1+DPR0*DOAvSV(d2CMB`hQzQw?b)xppF#0Uda=bqGYi_y-8{9sdvv
z4bcdwegYkAe^}HdigCzAYFvdZGc0D`!g$QYVT$d<Bi9`V9#<Y4$(pm>aCzF9j0R$G
z3#x!Mp&*Ap$wPMg|BREiXiL6$l>KU*BCr@erHKu9<Njc*9xcwUQBUP>DU5^i$@&Mx
zNba-o%dw*boy<x9F?BM&VHp({(19G8l4FW&Q)wO8e>P3AOwq})@@fEY38g~*Jfy^K
zOo8?>^za&J?dvzhv;t7)dg8Chpa;G#?OC>|My<N1DMr$8Zxxaa6CBItWDsaIYkM1u
z%+X0)2rtiKdR}XjGCg#tmnRM!&P;0C7|Ftlht|BqVj=ra6e0uImh~&Yz?->nN~y2V
zNA~bge<hXp$h0x!dKI?D>YO7J1DrQGJI763vsEQ0(}^}Qn<wQlqt%MoOAK35h#|>B
zEnd>yQq09Qa{)xjnkCJoPkYIxPYcFiLGi{UH_h?FO4tV{7Fn1%C0}yOTUCNqoRkt?
zfgZV}%}?||mDYlP3=L?UJufZc?l^PH@H|<ve=P1;fo6*{Y3{X6h9R%(R}?I$d55F7
zqp=iddz0FmInPlc7MhPbE1j|2oh|-Vvosq28oO9osZAUFCbg*vbWj_W&bM4Y3seOC
z4Zm*D=xCB>`o511Bi)8P_babhlm;CHQVbj8UOQ~7wuJ*D>375;<Dzkm7J9VS+MBrP
ze^itkmxzepUq^{PNd^vPWetnZUNg;DC1r)7X+dvDlcAu3f*4v9o{m5^`r)Bj(j^&R
z)CCA(<W51WFw6Eb537cl0#lF$kd8_eDoxPIPe_{2;*Ot}{ObWiJOdmx4?XXFoAUyU
zz4yp@Sv54YoOW)*mhC3kX$E;?NhaZve`Wn%%@dy|MkKVH;!~J+WkiZ&xgefzv>cfV
zW*#o|<$8fW_JQ01160A7v{CVVm$KgO>4)8eo--?#6PHKZy@cg8OPr-^r_%=f9m=89
z;1G%`esn2hUNSZ0Oud&szogG&Wyo9}DXBg!-me*|h??J#4h9hg{j&+hjvDT~e+-Ey
zHgjEVj}2+XS+@+Sax=gihk&@P{F8I#IZ>UgVtMd*<JD(P?WF}NonQ*A_E4~2z_pDX
z<WNe!$V$^ve<$DQy40pOIf@KrHb=;+>?%rWO=wGH&@c|RafNGgw;wz-oxY|cg_&1}
zU)@n9Ykk=%8);L54lWRFD!SQTf3a4wJ%r0q-eE4*!bB2aqeXeST@8&i>3dMZjm;=q
zdiy$x%h6$LVtiy1ZjQ^+v1MIAZjOp}k1RsLsJN%+R-j$3E%Y|6(4$emybjf<+>-Ky
zn?Rr<F9PyENpAs+_h7oRVipTlIj?{2FSwY&f_}-XxKUYTuq;y889d|ff2(+4StI}}
zBfS6c#SwrofN27BJ7Xw*mLuV~=nZgLz;0d4kRVjz`p*o78aEU=qv~!bLg6m#W~uy2
zLU-4K1&c=iarn9Jz<|Yearo^t(iyHBJi{|8{f_#@y}}FX--tK^@6<B^P4BG$UO_kl
z;!b0htOvB#SWVa|4iuHAe*(6d4kHr6bSH48#F?`Xbxekzf17^)&<Jp1M}YK&nV6-B
zXmKa#V`H33j&P2!qE;t`?W&us^<Y&OEIzd(ri1nXE95eK59<&wHtgu=xCG34U%U9&
zj;w7s&;B(D_BW(xbPB(T_Xe@B|9ewH;SvaAU<KHdwMP>>TYEoYe@LfN4e})(hRG7A
zkHR5%SWk>M#XEgWE@FtbyJQt)%^r-Nq}6AP5HZ+8kZtGml4v8_%N^&Zj$8v?t{g;X
zkZbfnZX{0W^P|E$jbrTEZV?&4z%Lik2jCUU?3CX*v*)X~&LY2cR?{ahlCHu#=N6fh
z5t*Dv#O36kZhVT8e+oaC7^I=3jxG=qinvMZFT)K=CEi~Q{!|z+3ZH?lCH?GOZF*~}
z<!ms@?U5Jhd^W#NDE?#yk<Kx}d9LzUKrYhBD_VTPWfllmH|f9c;xR%e4NBF^k*mpN
zA6%1FJ3>I>&fTE~z@#>E>(B3wB5>}klio*L6LMGTUOD*QfBexwhsBUWFI^6F0*g!k
zOJLV4zHTb$V4W3WK*R@{gxMZq-SX257S+Zd=e?byFn$xL0Y~9eeNa0b#h?FDj*>=3
zWLPB)pc&bRCaH|Z&Npz7;`}72q*cD8RsPBkDYQMzzAi>yI}Sv!;w<05MPSu=)T0br
z2gb6U(td<aR?jFEOZX!{Gh%@5IOF#I&tB(<e<^+R==E9XtJC{wTc0rHBQ(*zL)$$7
zQkcI~7m#noBZ_-I*nIQpV0f>!dAoD1&XMwVz@NUPHv<Lg$LT+vIjYx_F$)t7F)|=9
zAa7!73NkV@Ig>^$Lw`rBBu5Os&#&mSVaAm@!O$?#;M>{{d{}&P0^>D!FZ=hck}60Q
zdY%JjdtN7%O5xKdwbe-vUk-l_3jUk48RpdtpMN?0@YV2VxT=QFza6e`hta{KvszE{
z@b>fY_0tSm4{yJIJlp4{&*r*KXEkj{b5_on?dZ<>vBBYqmw)KSyy4xeKf${OuH(CK
z0bas)j`FgeK{~x}wZE(!7wpUmH>Wc#Nk?V;Iu;%rH+weAMha+6s>M}6!c=Is;;S}3
ztn9W#mHc}_Jjo?(=xFrz<J-4~$J^mU%WBiKo?KxyqrBGFY#p|tsDwYo{WI&P$L_ei
z-+R&!j?qR!3T2tVX@|PviNEPAZimE9-Y$MEtG44B7FOrvEdL}~34em-Yz?t|&m0!w
z$8dXS6%C^FHiAH~ISTO7$1R0U*T8n1rNm_6+IDc|&b4I`fL5V+LBj@Dr`On1xc^`g
zzyIhFJTVWG?JgsK+3R=lE?)fZ^y&p){7u;Bh@sx~Wl#Wjw<P^=L6&q7a6Z81EP~}r
z%r`P7D)r<UopKbUdl|t!_#oOPW+bIPLIS89<mUZ~%}3`&D>8hNDMk*(<lxDG!tEt#
z_A0i?wN90eEznA&<q?!}l*BH>NpxEUe57Lv5~H1?KZ2ouQCl9mM#IG`pqROBN1LKE
z2b(S8IxNUAfD$Mn0BS7o0JWvR=OmGWg!!E?y|R7SS`Ku#2KVv^zNbX2GkPy?e9ZI`
zXWxxxJlVpLb*3qnEwGM`{!*4lAPa6`EdMv=9@t=xAkGpYATs4{%D!lWgjWn7SU!Y5
zli`A$bBghQYLaeF;R3F0R(qo`fY+^88_k--vJW+VCkr@v>1lWh<E@*aE`+pMx8p)4
z-F2&0r>Su3Xx@SDZuNN6D#LQ8?n$>D#bp4}n8eZQqe_^F2Ha;4<1(JsQt2^<x#f9~
z0)oIYV>CsaVNtuU;X6PP&M|ubTR2W~jc1_;3&-Gp6VBJ{RIcSwJ|c}XLb1Tq3UGw_
zN3f_{;KUY-4sHpJp!ot+##sYZDQMs$WP{cn4qFv8u1>k04(n;tU2rOlTk)S<w4Lx~
z^0O@%W6gzTu9ps)ah-npbWlKnzJy!feREL5QN!&|gT@vEPyQIbuPkY-g=}c<%-1>-
z<2)9B*9<f@Cch%l5rd-0oJz4kihyyefO<g=TYNnDIMl}%AYjKtnY}3^WsXo9WRYC_
z3FH~Q;dkSSA87BHpSmbSvK!t&8-#}*O##n+)wHWX)m?pZNTj?0zlW~JUqbpxOw^N5
zSaD>H(0j`hK|XA3mW>qNb)1xkSfJwTIACOdn!-3|EVN599I4!l2yKh{%o3Ec>K@jL
zO!j4P5G%Z-CuCmMU0m73VGZ8(nOoPYrZ6T&W=AqPg$xlG(Mo$(auCxPQHb_@-vSNN
zSku1HuizWxYv#FZOcp>&y3Yv=oHv=9eSWjs-L4C;#+Gd<h(hwA*{+_CtDCyRzsI(J
z<_pjgtDEkk0q|o00=C8qhzV<WFnIgD{l+Zc$R5vBEDmj$dxG(~2lrzNcuI-M<*WeQ
zHdjqgX2m>9S*z}Pr3#^o4QM#2ii~it{mShqDiTsFPOoClc0(R{VbnUaDbWzoO()yB
zF!7R3J{hg&34ZNtMhCy+v`j`=7;0aCKw3L!7i)m_!2=p8PnR_UfHx3c1dQMHnVu``
zuIG6?C{nZUp1fJf2<6Fbrkk8!cF2OrN}h3|$rLBNH)wVb`^5$`ur~>L*^QU$XDhfd
z%|EJk4h;72a!AkE`Z?VW{(Yw@Q>St$WHHuxdE?asmB8v8a42vf7PG9Wtp=rk$g!U7
zrcb)49OFC%<DBy7hdm=I24inAPIxLe20f7StBA*iGqroJGiiXdEpm=f^iNf%DjL}s
z<fLe07{$uae%(N?+GT0OCy5x{)@X!+SxG$WNHD@Ir%P#s2AU@0q*##!7aOA`U`Y(1
zh^IIs&RndRP_<Jz0ZC^BY2$={26$lVu<y-LVK;egD52KnFf7{o(7rMLHr2D<aIGW~
zF0$n5r6Xs18k^~fyQ!*`U^?tZ?z*Uo?l%b5EvKbiH8!`6Nre~)vDTi?03^;amG7B`
zr7t9}#<1G+^hBoFSVtsYqbu!%Y-u`b%hHfEzt5q{rAO-zEj0kt?4{9v^}UB0S?iD8
zkYFUAaV{EVHqyK^l--~2=X}78)`Xi#ljw=XKq3K|64o!Gq~!Ri`H@Iu#6Hq~sgATs
z_x`ZwMNMb8oyD{eo>fd2;&9ioy7Ap9a(y2|HQB$1v!@4HU;nWjI>*T;X~f27;=`2d
zB<TN5ZeuKPkQh^6pCXEXQiXr~s@pYAgyb-Zt5SUNP%QP=fB9W&-+QY54p-0oLa3l<
z#^aIi%j&ks&ohm0c$6au%lJX2-#3Wm|8b{aMjHVqbqX2>3R+*iYMLf4@OukG4u4U1
z2Z|)s&J~QYuk>`t5Nj@Wu}j2(_@x}vwybbQheSqe-QlhBL#+>AibWKyxhko?el0K3
z@3Gft$5AEQ?arjqOnxxmomA5QFyU%0u;lsH9uyPbax*>hZZz(HDPPUWHWj+0q-GfN
z9*m&W9}B1^Nf&_K+*+jVXkVk#+#{*_VfY)9rCrmLF$)uudNm9IGn0okKC>I>86}hd
zb_oPIG&VDn4R<n^a}5EFlgD=@w<Qh%i2;*$dN7yX4*|ZDMtoYgv!wypC6j%Y2?RMd
zH8qopmNJ*h%K?a!PnRXPcgz9t0h6bgFt?b_0Tuz1M44H)^$-CK2b1s13IjJcGL!ww
zGM7OZ0fm#f%q6$$7y%FglMK%=mn#|pO|y>BjTg5HiUBwn4K*+zFd%PYY6><nHaC|+
z4FNKjfuaGKmJR_Ww?Cr+RRNc-4*@Wj#H0b0mz)p*S+kv)QZfQHHIwnn6_*$o0V$I&
z%!-%B7y%`--pnonm-`t3Fta?*QURBE8Ub0ih&lmhEdel>@Mi%Qmo7H}D3>m10gadG
zHvuKL;AjE10heky0WX)uY60e#FggKPw*zbe=^B^rX8{QWHaImkm;7e|GM6id0hpJ(
zXaOX*=Z66;0hg6(0Wg<Di2-ews%rsRlf^YGe<+<m0)Y@>2oZ45G)ad9$zm2TAj38g
z5EKv+6cM5V0wN+hm?-YJBF+NL3{QNHilQ^f@a8ctkQD!OZ*?afK*v#MdEfV^?e6NT
zyPW;}&Z&xx^-UgRM2itYuCi)(-J9*J>k&flAcXB@a~qZ6!IiJT@gL!>R@BX^o;NS8
ze;gqKztLl}<}_ERYfA<o#IHeUC|~Jum;d*d<AxzLVjWx`QVAy-)fyfAeiMGjRaQ6N
zu{GlJ8u)z{)|)z~w#@x-y;z0N^<&`rzH0X!bsV>rhu;_Aw^HM-_B6d*Ux3gJ4unR2
zSXbN7I2|pyjL`hA>GisLPhG`%{v<*Re}WMbD&ZW47yW01Ly`XG2rq~_NiQ3WCbPwA
zvj;ewfkD9`p<&?>kx@!?Ol(|yzl8pY0|q7yN=`|=E-ig<#*m@IGKY^CdHoHeTv^$p
z$K>RW9hWzLLjJ^pNrg8SO)j2-{tx}b8K?stf!E7u588rv!mkQAeLI|K=MJFdf2ax0
zyo!(DRooyrw-cR5$6#a&IzsmF2#-hUa2BDH0*5Z(V)Qhuk%=8RQz!C>FW{f%i}()y
z41W~V-@qT`OZf(zP97FYgq`rtB(HIH^cIRj9ry#(fSx6vlXP;3AH$o`2jnQ(gFb;>
zK;N*(TC^Q409qWl7A@iya7A$De+}U%+6=E+xPBCG#m9iUXYn$00^LV=ZXDW*PXJ#>
z(3fZ#DdrY|U8ZvtK>r)C)=`+h88z@oIDuuPas%NUP!D^}WS<dakZ^*%&Z9-Jb1~X3
zc8CsLEbKxhwiCaK&x#vRJ32;wMs6qX;pKcRzl$G-)@l+UrD!dzy_wDte=Be^@J?R~
z=<3`&z7+34pYx@<nXvY2lq1;lX|4!3sz8U}Jx{a(Pb2VhvI;1rS0m6--FQ9)=EDlQ
zg}^mJwIl=0hNA^&A3A^rkv6mzR$}~$LxnG4<`(`#;CU^+oBI+SC1X$`s^HIotP!|O
z8$!?MM1dz9MoEfwKNp`@f4<*!<5cC%Y0-m{uK1}~b;^EJxZl*QbX>k%IF%0*rtKHP
z_mg;OKOZ0a;kRA<a8S~O!l}ys?wm2+RdY(mz`4m&;gJ4<({Mg#47)}*-7mz$e|e?*
zm9k3ZF6&*f!|$?sh7SU<p$fH)uMoCFG}56^myy4O#7kHb7I8dEe>r^o>~+X`{Os|w
zsR6cVTYR)Fx`Ibt4J54V6SYle{`#-=Vj}qeTM!FI2q%yMCAl0@EB82$mdK)xgbTy;
zI2`dtYuDK{`0qNDGV(MWq#h_VVLT%s9TrWu#lmOoTW@p!{r214F>ebey0>uU7YA~0
zbZ1ifZom97-vl}~f1n^V-W4Er+EJ&m!@ee1Z@1h??9QBESo{K|^Yn$Y)^n+@*ij)1
z&;oIhZjrP|zerwWSYTXaT4Y{iS!7*gTVQVwIUi!fGjNRPbOffS4apeXFCh)ttSB~y
zesT>P_deFTVej4z=doQqcm99WzhE2r;LKZZo%!s|H$LB@f4-@nRliW*0E-L&n;b?R
z9+e;@X7HuRi2v-$6Q+oQUe@zdWIdT88)R+@<_rc|wCN<BVB-Zz(s4Gz8DX>y!e+KC
za6}~NMT2BC$a+aL9)k{<tj8zpmy0Ltw-w(!VZWVz1kevd@y$~^VO!U*X?VhZBMdOn
z(^l>D<(Gy{e|sk=lS=w*T3S$MDp-ZiDtw`{O5V57`>h>Li@~nT0vE^y3NdnqoX6z}
zxw1>XnY&q-A{WXvT#Zm6H*<@)W?_-g!rjl^Cv21tafgI=xi`qKgb0Dt6OlIvvSiT1
zm(j_EkU&0E2$RC}4ujJekK%DGmq4QVcp*lN(Zx#%fBHB%+7N5ZBt!TiQl>H0oXd?P
zxx9<d7F?oB=aR<g$H-$0F0;#Af=X}+SIFNe6p2N;LTR$TSe{}iL*>}R%_bgxwlG_q
zt*g<y4YQ23<|fpHo4JML4t}99UtA>4*DccBAvNn4=@-az4GWDe+)81sc@x@%H*y=u
z7XAU@e?IX(-Tjg)rOmj_yc1&3c5XX)jDJknE$-GmCT%x9Vg4oeBzc~HPUz6TXg<un
zO5Wk$7Mf=uFyAmt|HH8c99z=y=_e;Y{iH*E@8tjd^(0@~)kbF1_oa5y)-@aKnEJ?m
z@DT~wP_oO3TJ=kCt5xExG7>^eX((LJ+nFWXe=^}8=noE450nOgpI}?MLTxiTKAL?e
zV!Yu3&cIRXhw2eE8*jr0aGP4G7OHL`<<dMHjFWK^4%(@1QWvW~S0N^O{b&*RkpqRH
zI#(QWV*LtfrQqC+g-#=WF1XX)VO$d)=Hw)&geGuyOHMc==djJ5sX5na>p6H`I0q+E
ze_e^ABI+XABYqumK0+9UM&VK1DCej!AxW1arRbC7T2zZ`xmss!n106Xz=1P55`(i1
zb((Q3;~_l_>5_45jHu%mbsaDseP;F>Gs}K`n|c9UE3xY%tn1)*tlZpb=5Cq(!W)AJ
z?;DVWhhZ6fZnXOT;Z0BP+e-be_VUN%e+}R%0iAJ;G#NRwVRBTYq~~<<<fy2~Y}pVQ
z#XHdoyoz_MaIOmOwDFzs9kw<7BV|KWm<|<%NoJkoh{@@1?K%uW?lf@5WY0p0`nPk|
zzn!!DT*&-|EhtmRKBvVTKnb81S9Q1?ZU{Ff1H(y%B;yGE2zi8IgwdcN1;=syf93v$
z0RbtF6z71z{*nEo5|za0xP%q*3d0KH3X`2i4vrIL(LjvEM9joOtR#elk}wj^N9Yq$
z5=SN8nz$%&apJnf_Qdmv!C-Q?V<!_DgsvzYiJcBHHl|-f29qrWvJ_B!#^538X@O*Q
z!LI46R?XZv>hO-Q{xJR3ITf$Ff0wTDJmz}rzCXTO@iaebU;qBa#jd<)^MLzTZ8;bl
z`$9&>v>PWB##`cAmu}q~$$$)Mxcsq@0NFYO4RM8<9y0HfTW$Cuw2yBMT5nqustYlp
zREIT`Mt5%jrXl#tbE!{T!lJ@Bs`q5CzN7t>ADtE`BvhPPdKszbu@$4Ge`hLYfAI_T
zadkdkfhVu{LYR5t)?3s!)IX>v)i-Xr_1L&^VB@oJCEhlc(PgFB6MRWT&$tqJn;;6r
z20@g5@dU1OHjGg=;qenlglLKc0qd;C53{g%Htm`*5p-H8QJv02WB?h<j}@kqg=87g
ziAcvuyk2x-2Nw!aZ2;<rfBSKXe4-F9D$+2Nj?=l3{77M_I1c6D94?Q~6UK_uP>EQ<
zRq<8Ad^8u&<(m0sp-EgU-G?@biJ-`6oUVt+!Hw^J{TM!p|LeEiZwMzY1@WI>9H`|}
zel^Rd5Glk~o@+%*q*nfMS-^V8s@{Zp{P1DQ50iQ7fhd+yqn(hWf3^2pWPf)k&7$1b
zT{j3P_Ncjgx<B5-<X4VAfN;JHa=z^#+QRV|@zzuCuvDK)mni4Lx<BETZKq=)dhp}H
z2Ex%+R|0@|5*%(5cw`d<KHK_`ZKJ8(v7QHHi>xw-<?tXY5hJW!6ZShHF$L1Z<Y0-3
z(8L6I;-!~ZJOMROe`D#<gzyF4A8uv7g<WY=_!6N+H=my`%nfS^(E;ua;X?rcg*T$P
zVpC{CSY!B7v?63_=+dyI;k(eTFdK+89th7Ef`;AzF3^t#mW&&~EqL$|&>?{Bm%H*C
z@ZIU|iI1+h_1GQrk5By!J92IgQ7`P-vu7S&KfHQV-n_Q#f6?z;m-g8!Kig3kq5hf0
z%@&B8Yk_}?KVkuYwA)d;aXrN!;g(1e?hLyEf8ZF-X0@lM*=<&?53pFh<-rHxzXu<@
zg!SrImoBMaVZBhO9#!9g_fas0bUYZRx2p~63bjQAQgJh$kME{B_z-k39qd6yE|)W#
zwDVlMutbO2fAvz77*0?WHc+f!DF!)XiVMyj?mFw0@o^?&km}PGV&S<NL!)g%MtnLo
z5EYMC@5i3E@%XOod-#TN9pf&Z*u!{U0z9_>&%r1TO?AcUqC)Tr6w)s5;M>uvz^HcX
z`oJ~uy72JmfJhV*6K)EN2N?kSJ}G=kW2crU0uP70e-ipq*h}FrMZ6MuI7+w2e#rj0
zoy@>9hO)3_4}hQ$gE9sqZ;p%UhgmGsqTGl1TPD1D%rgAIoIk3Uu=OKMuuXkZ{Um=2
zzG3CIZ7bm&)e+YZo3Op)XV~)RPjMg<;5PN<NN&@!4?pzWa}PcIEaeGmXns4$kV7W4
z#1(-}f5e0cF=ZoS(6tMgEYV}5jKW2UH=3=dD9mEO3Pft8rh9zk;j?KrYPqM61G2Jv
zg9!f?nD1NEXa^Y305lFwLse)Vx(n$7@j!?a1IZ9vfF~IznM!a4Zo>1)a%=)))#GTA
zZcBH@QuLcaM3uv8hI-<}Tiv$^@m(L2qh0B{f7Etd`YQ9+t)P!`pgjWJ;)>-%b+#4O
zh|qSOqusj7#I>U(rZu|lkwM{DhS(rm#Yk%xrq1W{Ju79vYado>AK-`9!{?~7n6}PY
z)x(;)Sp1-FgPabkir&;h9qN4&(%qgkHR&RbQ;(~Ex#iW$=`Y>(_}gzke&a*MG{D?z
zf3c|N{`5cU-xTG@b*TrpY&jU$kI@hD3~vDX2}*tjJ;BkEfTuCSTI@rz%v@8k%akg(
zghHWISSxH3L|P$0WdJn+ghf~f6se1Vd>@0RyZVWCeXs?I5jv-_B|;$`VTVGjI%Km*
zl2~YyEQR60QfO{0t30~8&T3I-<jB((f0!a^T6YDc#udiZ#jT5Lhu4d7AH-db(?iap
z{0BNgF`5zjAEZ0kMLsd-rKL~2&{^NKc4ue(yt{XHc8=QLJpVDW>dv`;`>6Y8+}4M-
zys*8yh1>e@11~<(-NKjdn>F)J#C+>nwS?aeJXj&3-rx!g?L=lrryzBh*Wl;Lf1wDQ
z-7q$YM-rDCK}k>3A`9s0FjZNqOJ5qfII=zRkC8l{5#K`*cn$|h0Q=kqbcP!`JBL5H
z;2m`N@;eKj<c2+Z@4b)G_pa`JqP(ZvtsYXphSwoC{_~MDXO6&Iqi+G&+904$M)Bwn
zMEod2klu`T2Z^0#o3bM6+3?O-e}GUyMifMXO?t@?MI=W~KcMxU<3O&BLD$2lFLZ%n
zy-tHbrY)1kftu8a)X3DRR3$Y!HD*+TE5a4&igGEgXje>OL}6rMRH0HBT^LiCP?xYg
zq9w8=szqsuULLb9p*`VzLZol1Z<239X=G_ssZttU7g-lor_@C+j$9nIe^^-@9X!LY
z!n+<1wZ&%8Fw>8MqiFy15Ximo!QLgc_jh)5j5@S(?~(3Hn0s_n>A_;p3)BDiJeOXv
zU}nR~rxWwLm+Yx<zx?p?FWDEZPEOvFkkCc#5im751F{N1qg-KtGgtEF6{eLk#hF1J
z6d>76Xq+Pl0Mcn6K(eYAe<-X>br~#S*09B4>%!W@1TRqX5zK&6j29@8GX)P8KK1(R
zPZd5`FmcC>ZuNI~5EiFA%xCN!IPl}6M?W4oa8Fzu7_AxG@$gvYZ$m+me-*Z(05r@M
zViqI|*^O-Ykkld@03CyMS?%UrhqY_uVfZi2TWx3oE;IGO6HZohf6!3i2poZ(RBj-^
zbQ_+B7pTi8G(7+OiHBQSgsti;YrET56>Q%2Tds61zCpu`G+#apxg!Dn+>6P%NG~Yo
zdO?M}1yo$i(l(q4k_3<7o?yXe1{>Vng9Z-}++8;W0*Bz1!GZ*LcZc8}+}+(m@NaVO
zeee4o&cD{*Yq56o(ACvXbyfA=!=8eP4+fGD`)OHuGRzP(H{nNj`G1akvMo#kzAeng
zO4;A>>rsH(nt9Dn;74nDrOrM6JQCuk6!bPI`bAF&1CRzG_hMHGOCRJdTK=Zx!pm;6
zc@yqk+*F(#e+%zGADj^I&M`jy6u!_Y1ms__7+hP31TrRTZ3Lkax}Gfc2xMj5aMQZ1
z4_O?9ppl*ZG%QXzkhtv(l!6^4scUOe*!)1}m9TqJ)gvm-fprpEfOJIlGuoXvlG+^v
zi71NQ0LX<{wnZmkKheut1Jxyx`MoESx1Yq^(7Ry%xXSyD^d<7~lqGtVE#5b=veaBt
z<~$LL2;D$xc`A2)oIqP@S9*0*WVV5MP|KOT^3agqi&~W8H9X?O)dN~9&xo(7rp7Yg
zr5If#`MNst(fOAlKz-TuL@X_`gUi!t7dr~w41n1H?6)#ruW3c>6HxytttfN7aGqX9
z-%@cttZd|DBF)LyGK48Ww&hup(xB3y);9$%6tzwBS{nX@6%KETs*V-Ro%ux0#X_uh
z8{IaIMo%d(Ey?Y>@kS<wgZay2k3(Rr5&hSq56(0;hs2{|S8b%#*XOTUB#@7~OJD0}
z;sRfAD?);wvTvj4hW*GoQsgIj!M}q~grfj$jQp7PC_tg!hn}b$(z;U-Vs{|3QzEha
zihz`Vsvw1BNWDA6RdOCwiX$(++~f+yIm$xuR5Iz5pR-@<wqU_Z<mZEWO(#hy)Y`bY
zsdYVB%~Ft)iV#&&J-!-9&ZHiNSl3#=mje#AMB>|Zr@uDmWl&MS`2n*pVX;9gCp@?g
z&TkgoCHW?oZ{P4WmgyM@<<_%CI(^+3(+}*XnZ5(Fk56jR4ow(&+3|uD4QnS`4U$J?
ze6@kJX0{mO*BD<r?Q7di&Coc56Z-~UejN!5s)+Ou<Zg$x1|T;QhzmPD)+l0*JHrQ1
zzaTjxp8eWzz#?$-{@2X>61&R;CQ-^w%5j;Av}1(o(c^7=EAQvuuYNp9{hfM1ahZ9*
zev)u-vF1`Y)V+CQ(w6e0xO=jV^TW@O*|fpWKf=><G0O&*)cRclBNfm44jgC5wL1oO
z$tKUi7x@Rf6>$!HQ;V;gUhTBX6d@M_j;yr9ENwxO8KH=mVcu+sy{ES)*unocp>w*7
zjTUP<@N-n;ny2Hn^E@;xae&DOVvbTBr!{1?NmUm~mee1V#1-Rza{K6>I!aVG5~7Go
zCLeH`tIXWn;YJlcgxeX!9Q3OyE7Hs}O~seq7B_dr<XP;8+%bQm<Huz_HZL}UfxZ#@
zhA#yx>dzQ{aEt|T+9mdQ-FUUp*ujr-YV_Qtt_15C=Uc9nDl$SE?^Hd}o7Pp&P4F*&
z7JVqYQ06%ufeR@PeD^zdds5fGf_@Xdg+r?!BvJb!<MG5dzIm~4Kl5C+(a$rlxEos%
zDqb1?Xqp4v|Nben|9#bg1#h*F@&Z6fr7XhvF7YFz1FyWW-Bq$P$sdi5quZESffB<X
zEXa!C%%`(+6C3>twFsr4m*=3N+{wno<kvenmgYgLY(?`~HMGn}!fw6ykFUc(7&R|F
z+y26@Iq_F4oFt;(m7?3P4Dc@2-F-Q^Re9GgH;U9P%ePhhnieeygP(qO{Z1H2D(L34
z<$UV5t^!L*q%-Pcb|cd0wQ6ImRmu8gpIsuU!B}lqDD0254GW^seHHPjGkuksYWqxb
zsITmKyhu>Ai!`NpzUFc|ikOPymsk1W(W{tWG{NC(0nr%zI+C#gTTsk&Q*2yI3*N39
zg>JlZr|Bpe`|Ymom!TEm+_4NmWELU%0PY;)%7zJA=7-!O75Yhd-+F+XDYI_NywJvR
zsBrmIK_czAlnVhqA%48NEt3)T)Pnu3PC(^`+zrR+%Z)^@s?L77aKo+!zrfZ0@a--o
zr`Wuvtfud1w9M0&4rg9=srrqs$(P$6N2S=g6^BO{{zfF9KBZv|m)t7?C8ZZ(r0-M-
zCN1*8L#c8kUlpx~xZpiIOwV`xPe0`l(h+2D{SH`I5v3hrYV){}{|n`%4pI%1Kdmcz
z8}IGot|wA9&p%uKg+cJl2>v?<%YiN|d|XK+lWw(5v-rwQV1LvncQc6#3H?y#Dgn-%
zr!TQNe!dgn_nVXF*v9j&1VAzU3Sy`A_9)=@=eYdDZadDYk#aYoZ)F^RtCk#1sZ47d
z)Fzngk0d9JiIWDm&-eGpz|>AGk#hGhAALGNNWpzU`;0eq2#FF;JxY0%zKn#;jZ<`a
zz$n@p+f9Wl$3yOdXI_1c_wtLtP~gvQ86*}u4!nlbX?f<mq512YSzyqmdE_m3UEWdG
zJbvAUed+w+XwzSHVlMSZtdLaCu^nl2ju*EFI3@(s-)snztfv#}JaQat<_^-*X|u4y
zFvM>6Ka`XLTP@vpZohnyt~RN41V-G^mcFU(t4TBseo>&mT@BpMWeIDx_S)Ab8sm8t
z{{7kYc?X+}1t+Y*MF=o8zUEDEy`;vu6?Lr*m=3^7-1w=5_8m<bO&nLy&EM<7g`#tb
z>~{(t0kYy(>V1E2J2so(q)`KGw6(V<ST8Q8;%fZ8wLA5%hbbRnUsAM$sZrVDAJ#gw
z&hKt;7O#Jo;AgcsJiI@eDqwmuu~2UqldsHI3baaOV)IWc>U;)Bv6(Nk?5~8+*Sx-&
zcdc|VsNH!!V|KseYO-qems-M0v7@vgpY|R~Ae|kzdwJUAb~+IJ@&xY0;7iWyHk;OF
zoL{buyThWlkacI~Y<w=qIZ<cAq*a5n$p_$s>(%5K>s|LN;O8vnG~;OsknePF?=@)v
zh>tvpKZFd=sv`r)&hI5nny142MXu!gPSc*>3P%``FwE>r%fGg=*Yo+^iB?fw@LffL
zwI`d5k+j5B@cPkX;Zp`mzXENRk4?!zin~@y&!YleDy-*94Gnk0uv8nj7Ccr%wSv7b
z9XEV=7Wa4DF9wm~N$1XOlDW?}h_mHyHE$(vd0(I8W`Kr(W><%4*{3g&PhEfam+^Vs
zIz?He)}RC}mA2s>saK#lXw1F-izKkzY)1TXGr9oU&X?8aPE(O4*IWgY?<zSlhe3pK
zb$e37-+F`BZiLv4vlHxb)ZY|0M;%iL5KBA3M7u#8NM>M{E$nTh=WVt{-@XK||3Ejv
zCI<qYC6bvjfGIpdC|phBEUS<L!cWg))|akmCs5Bz0ZZbwswQ<yyM9Df_yr;~%!;-Z
z{NWY4?mkgrG*=_0rct7hc=v}Y&4>;oXadeHB#|PL&?=&{Ob)dXm(U;Yq+!~&+nj^Y
zn9qo%r%ek(ZE;>G$N<j|`^T_hfF2e!$%^lr_#s^>Ky))3m2f1cNF>I#DMlsvJvr|2
zIz{yOD~n#%^`7Xp$D@w7j&4<RAKqKe=$DBkj|QW*nz9lz3QhHBy5-|g@nB#X=D^0H
zd{%5pvX8z*(49|q_1Oh*8GbVJaq|%?#YA}()0%mb+s5klm%(3lac@VH%%m!fDe;}{
zm<7X_4}tk+ORq5Ai5Qc?@*2yIEpg8`oS$Evd=?Jk5>tOYpV2Ip{2}f`(#PbFZ!1)n
z(2A6cAnKaZR_GZ#{Vp16Y4vA)n0=x7vibe_j2F9Fn1!7K8v|eW1NJ++`olGU&3YSO
zw>VF4`0~=k9SbIbHu%uWJv*)Frd&4zV3!@+BRjxTOi9%y7;svH+u<oRDGrg?jTGc)
zFFq;7kok=C^*!pZdW@1+%SyJ`U%&5LC5+Lzaszt=a#o%NU))Pxu6=pLR>R^v<7l<#
zI1%^_E5^LCR=~dOmUNAZyRKS!3)yk>8b*8TK3(WMmUmtz!njTK!z{CLkNIA=>Ozgw
zlg1R-*Zd{*LOypsE{R)=q3qq#uuBfZ_$1|F_0mU5y?sRiB>`2QBQBCJ?MF5HI|Dmv
zGm#y$$Fi>b!&mxnfsJZE3=Fy?=eLsCBi|1(oQp~w{jJc1oUf<!)9F56IkhTRM4Vs2
z{!%M=;w)Ct<{essOz(UWRJ=LvrC>vA>1sj?z*qKN?ZmvjN=|eHF~#2s&P~d4j%qJ|
z!X?g}e{C(4*uO#<k3LNKO*cXoPo&9@gH;o>e9q?(epp)7Yw&eMd21DG!oiHKd&Q60
zB&~d2O6#Sd6LJ>mSB)9XG`FB@cVJpH>HA%l!~LDtP;l5aIz!)tb7sV10h8+iIMo6l
zm<n+o%J0WzoZ@N&n?^EKq*IHgKF1Bhd9?^Ds9d@^C^SVuw|XklIYx=kh-&#LjnQx>
zTR4U~O*o5HK2Gdc`tA3ym3mWJeV;9zwakO?FoQ}S9WEt%yC7B^x9bt-8~P<K(C3;E
zBZl{=LW!SX&tsgD79@5)WGQ?=8YG`>0x~4$^PBv27CeSWg{su#Hk%eUi5#9Rh-yqa
z6bx8*2kE=0Xng11weY;!PU43|Ez61PC;8sFCG*aWfNy$u!nMWW;d7Tp7sRQzI`u7&
zyM+$E+6*4hyR3o<BJjyp)xI@VWji-B;Th#i1ToiNcoW~(Q0Y6D%S{L-Z2UY^0}?xy
zfPAK3OpwO<FowN_dk(8l;j^QBW9s$U<?M+%k=%3=U=yT*$U;BJ*|TRp`C;grfm;o`
zF5kw-P}AOwVk1M2@WrYfGO?Bewma<%om90yTZ6Ox-oNwbe&_G5-0(~Rm#;?J5)Zyw
z|3j@obM9jagh|<;^fi%IZB_fuC2%ku2#S|DCf6nD23+5wZSg(=Q$F9SpoB9hu2`Z{
zRU}Mqjl8IT#f;s)OxL$Co0mPYkBMWpK#SW_kp6f=_yg4|9`igOxk^R5rS2wmy=fQG
z+ea&{v^!7Qf{JLKe%|caDN4!B9$Q=nafS7o)32>uP;l;y_!TKim0RU3l>wRaTR789
zlE`n!g3Au8LLxJHmFn}K3qE@}trN;tyr0t8`&(!F?DDJkoCdQ3Edf<9Wt_hh5_Jcw
zzmaq<Y64)daYx8BFPbG)O(bpiR$WN?QrRG@qPt}3$e*%*7x#?$O<2>n{)55I<b(I!
zeDnLuGA>Sy)du)M*>+asQ@;TfHGH1or|PaYj(TraMZ&P&{BRCTd-UD2C_2F{D*!B*
z)O1oaaruHN9LduA=UG+pF+b57`QaA9t<h+o&5GW#N$t1!1FKoxsX?Ziv8L+pd%V+P
zX0D-o%lsx6T8?zH#?OyfTq{IZP$Z8?Sd^S*f(gS=N9<HWbh2~gS$xic%nxwt%IrIv
z$>yBNQcsaLxJC2r9sAGa9aEN2e{u$+Y}s?T`0TTHuM4J)4T?N_Jw3;9M2Te(WzY4l
z-AsK8*<3<?X7rYw@wXg%ojX&``m!t?r8dVMj|GZg!Av_|x<wFi4u<lUm&IS~@~=L9
z(XJ}deno}yo}_^)Qc$xW8)5%LHlm!u9ZCHKV|cf<krnt!GtTb}w`elb7q-3K3ZsL$
zXK8Q;vs~u(^^#vDP6om41qB9&u|ar^60UE!1GI<24^^CSevkus(c)(|+&pHJ{x{;m
z>qERkNId*4?sV7V&GzV`Jdm_B=3rNHD#B>2=k<R*Hgd*}ny%V&0WRdToV~f_(DB%M
zKNPwKjicdNw|>d&`&wOHX+1|ZBcN)-<seRa+>>&=3*0;+=SRP`3cNL+_EusJ4m-$h
z@7CW$qC&n7Z5Xb%7IaUY-(GSo71<;7tKBa#ve3FdG42z+)^u8X0;mMuU%tGViHH8i
z)k{$h`OZgp_T7Tj0nnKNPC4|>%E)GoG*g&FwxUgspikX{oR^KjNzFn5PfdTmPMz>g
ztEMcP|KzKo(dEue?O#=Wp0u|{QunBqd{QBM>#FAquLhh_-Oj}x-ErXLgLSTTZbKOQ
zTB$Gc66=fLXvxQ^KU-a?-bQ9^^Zm5E)y~yyMqZSAe~k2_l^4(skI(HYONBjU`4N1S
zIyojLF(!rstEW0S@9-5?!Cx8az-}B;_LQ%(9ndeI@SC$fgRL#cOg0K<geylF=-Ai~
z>~2l<;kVM{>g}X{fCe-6>EmY*z$rAtQx3QXPB>~Pkno1y1g)FXiF?*^KiW=@z!i3j
z3H!CRb2fW+MF@!cJs){}4?l2_s2dV`QRga5ur-dZaNYIziwj}pep`?2k5OK^=i}Su
zxy)X9MT*sNj2mwIzOp7~i2rOiAJ(aI38kP?n6m#UAIE@peo_c^?s!71<nd{W43;zB
z#BVRx_9nNrvj((0SYsQ^KSzis)y6bpkXta}-#>8hNI4PU?!(DECy^uY4%h9xK4=^6
zVw=(-qHAtVdwgThUF|*}M!Gw(KbLl(QAeh8cZfZ9E_2`|db^WfJXTy4uGMV09e^nV
zFWl6fo%>mK>5I#hC=-JeoN{$uobujNFv!hozh{V_r}mfAp0##e#q$NeA$FzY*NRy(
zLc#>r)CPq>)Gg&Kze&DZV+Bo=$Z}Pyr@QT6twd5*r;d}$$(xB|s|8HYZGs2?stRg2
z45H!hzSpF^Q$43Ju~8PVQYTkSJTmv}Yt&HJnyh@!m+kF~RB~ITLwj`fZ9bSrq4i?b
zT-)!E9DaSRB{S|aj<^X{T@1}8xIFPNf41vK7=aQB*nKAEB84>Tk5xV$N*C#*EsRpd
zp^Yyw60KEJb4nVlxadv5{l)AzzEOrdBW>lxQ5e6AQ~8Nj#A1j4q;GCF??ltYW#CYE
zW~E7Q?;aLC^0egJ$L=0f-kDei#jUp4r^V@dkFk}Kr&5_Yr}Q%{NBiQu35||C8!>Ol
zJim1{0RFnKxDKDw28rwSm~We{PgTess5g9>aS#r)5>lUQsVTE<ta}5b^q<<(9mZVu
zOrB2my!)N#_--A|jX8N}Xq>&*<y2<<`qJu#X1?)++l_W%K%n(-nD2FU-!fzwMTmu1
zIOv`2jtFK@MhZ?bxxS)oyB!T7J;uZcnMK~)a9|A$c6E#jHzV4ga~SQGQ;e4POQ;YP
z7*I6LW1siMk0)y(b_!qKue;6Ci|1$6;m91GH6yW#DNBB<SF{jtk))EMn!*>9qP(lH
zBAV0<cLs)UAqR?GcB{35=gtjPHsOJM3`_Zu+>91&$=I-0t@IhCiVT;O9~a9X7wa7t
z04=HmtSqis10@<sEA2hnA}sD?3nL@%-Z~wg`VFpoG+jn@l$V<$A1Yo5$CTW>*zf#n
zweT#yVl@K(i268822i{x(vflCF(}<CxVThDS&_7SY94!D_=~zm)tk5XV?>Ql1RW^8
z9qDt#kr5wS_36kAX8S4|)U+iGWJ~AA1b}Cl%tO<Y{eGL?3%&^DTmpyl{$6^sL&<Bq
zdUZ~$iqw@-Tl0Hxf^_FnW<JHv#;JL+%zePVNVqYr>h4$FHx|Cy9fLsowI<GcnS7+r
zd`lj7rb!H`<P6s#BduAIJs(4=xKCC+j@u>Q?}KKU6BmqTtu}?V6pv`Yz24pWX~5Ih
za-?p|m^jEkobJmG(T-Bn@l8qT_KwGWF~s&fych4v{JnoC^0TKEGdDB?_q~upeqKS9
z8xOo)KONMZp0B3t@uqy4u|_`etPDM@3Ko#%A6`3st}zosQ)rhwlCGeNSD&SICO;D@
z28V?Yqf^opQPZ`oREUWM1b#;KwFHp%IA#LByW~|0*guW+6GQ2hAJ7R8M>ZH9YB$pl
z&1Fsm5p(&C=-VHqRVmiLk$zk$7Hx_Yh9#LD6x?WtG{y5Kq4AR9{PqKhK-P;c)yko^
z_OZY(N0>WEvHRs?7a#dla+?BVg2(Y~RZ%pH$S9cdh;81@Cypas<U^0uu9^UHd`r|H
zTV5M=1V%3&-JNDIAmz}MnWkfk6AwjOMoP%H@o1fgsg1rsYBBtPRFBSvZZG-NhIl=q
zJ(PD>KoElTvcgQ9D{7&x%4FucVhs84&C?=DXLN7xM|crFDDqU?&H}@&D8jxnDgNP`
zSCPo2DMcw`3dN#Wts*trNqwpSnw)1eD~o<+jj}|FWca5z-#2!Of{ap~NQ6@=Ic67g
zuW4OOm}-`{dhol7n^wnWf6Il`eRV2UKD4rGg!8<rIoLF()*a(0_lUJ!aRF+sHLaB|
zYQGxyeI2dAsst4o6L{pvbT&Vd6%2lSM<mv&Sv+1N+jPye>+dXNG>k6|fC{nnYd@gt
z`=fSe-zt4$AcP^U;a=t7N(<JHjukCZ1XME+f0zumND8My4R}Ja^7PqZwnlr<8)+7r
zpI#m*Dx(&KeXD2S-xTE5TmxiEhAcCmJD9!PGI)9mV<b*xCDr+7mIrLqd6A{X3jxvF
z%ByK6n|@~R@~h9B+%9`Oz*OCN<TVZA4Wy%q3Wd^RvKQn|uJhMGXgF|QS5Z~jY&s7s
zE;10(ZqCMC=X`SD8PZwLQTd6l>!VK|eM<|aPJRhF6BsQjZu=Gr=O3#0Hj%7lP|4>}
zHLwQ3O^}wekeij=o94)8!EZkQH4;u6_Ff4o)xz&;65V4)*TB0L2=|oFi&r34{KOzA
zs&#G@q{I?T$t~GIhfG|UUAF+c!_tp(@z|-J!mwrX^;)4G8$bSdCB+Yrge&WLCwb{M
zRwY~FKG)I0fBgXu7Q$$+q44cgD-k8al_?~3q4M*~g7)&s$xVY>$_esuq!Wy#uaxs@
z-h?yHehaox@}hku1hft8w%PW>g&JFlG7AhHLzsKI^5$tP&sj5Z$xk~tDq@GHQ0GJ}
zcXxuUyfHj9$IW{exN*!2QneY6%ao!D8s?M8B@JuT9{)reHUjTWoHCh4%K_a#MurQ^
zdc$#%N7Om?C=}A=&*K-8NgF|L8Mj6&Pbbno;P0jUg_^cq1T4kOrTYGSWD)lcjWkt4
z>H91E-0*F9%3Pv6R`$pcvsw)5XR(fhu<~U*wyn<~h4&*_f;w|)5r3IpQ5e1_+Hchu
z%F-NicL?ST#2|%KWK*0Q6E%ycKl+|EAfBLNjix}Sf%@#@YZsp^Vw+A%#d6`Y5&OQF
zBOl}h7f<Sfa2RmlK(pAVL$L^DEVgkxZ$6nu&(YZmbqV74IQH+}c7;D050f9tBfWMJ
z2n#nNl9oVA^6Ohtu2rE_?OoSSlChQIwC6<QlqNgCpF<ra`b$JAMwYyi;7j0hI4`<-
z6p!S$2DvQknHSD*qMA*GmBQb?(es<(f=e^~s*bmnJkfwh`>c!L924ntZ1!23%8(o4
zFHuvAc4R!7N3n-C+^wf?9C?I-TVxK&-Ct+qtG&6oKRf**fWovK{vE9wVso65I@>Xx
z<FAD|5%IKn==<!YZ;qO&2&OQ!4DI6?-UXN*|C1tdgVxe5Wdpn=F?qK47Naqf=TkB+
z$(H6F#`_jPJ#|)!kqE6>Ys>SFpa6zug(Kd2LFvc`57Nck+tQrhG{xAvB)ete50yW`
zPB-!O#fx*{xs~f|cXzx2IVOkUpZbzb`CVg5`+B*w&J{W`HWM~dJGNf)Ir=C_yffJ2
zFT-v`J;m`the%T@nF=&i2b=hy`uARjv*@iQ>dON-@0qgFQJGIqJW3{?R*}_ts%bo(
z{F?S^YW2}@nW_dlL{g%-^*7Vp5OcLq)ttm)$(<TOdH6vZkH50MP6_OlAKFO!Z!=e&
zC2Pu$5QMRrPt?3g@3n;Rh(0fVG5ZiS1;Xu7n@`EO`|0cz;+=J;<Cf*wienvTPV#}o
zrhpBw=KP!}AFs2)GoYZwp_N?eX+~<MW5#EVUWr-CRJmXI#-qv$eyaeI7PM|j^1*-H
z<oJVYhV%*PW|G>b=VrZcXN!y9Yd_Q{h0nN2`%xy50n!&Qf8w23OR8`A41XW48@@G=
zo>DG0j!6x|dCvaBSnT4R%*r=y3eVBzF3b*2;B0Ehi?7O`l6!HJZ$p3X&4S_MP4aWH
zQ(Mm#4@QbN?h77_uL*G?oMn|Rz=x%vorTc_!{}R~y=!!9C=p4?xQC@!fX||PxYb|S
zuH?=?8pxhXWBwlY2vJHM-Qe4ZSd%>>d&!lu!nd)^)#ZUPGV4};p&^Q8;&-7T3?9Tg
z1WG}eE(gEJ5?2Cw1P~Xc^}n7Tmg1s>X&mrXQJVcgO1Ice*v<c_%0YkI_ae4pY|PR4
zV|kR$_|&k*p`AMITQ_#&9_fiBnDlef@zhstM7-w?eCs_Ys_z1ab2|=d$IC4&KE9nk
z=(UOG>V(ef{LF|^t+V*(M)b<1Q6e`_3D`;aIG9WSuGb=eUX{HG96isDIbB&<eR+Gv
z!+1Q#sWLu6XV$YVQaS34L~m}PKPj&Ny{xp<+ErQ_mXtCZGp9JKqPLNoQ<$<YRdmd@
zQDzW>+AD^=Dt(U{E)l;S|Bi<Rta(ZHik87}lWkI!gHCnasq#ED**^1oQ`P&PJm8}L
zJZfduPbx<$I^v$AY_6Wic0-Nrr~3~^?5jcGWE|~sp-!b}sy0u^nIZK2z+R!U{*EKF
zYNc1zsCM|Bp3Zp7554hJ755#!lF0&h7tE4m<OU=yR!k~XdwFFd3tShua^)vze$OhQ
z#6llbDIQlVql)&imX-cojee)8X$3fuVq_x`F&H>Slx1guGVt3)Uqn9*j%7Fq2$(6O
z=iH-(Pkv=r^)M%z4~<Fwk_Su8xN{Wa5Q^8<8sWnJK_1;rmwPcbKKYe1)@=&1uG*q8
z-k&9oohftxrF=G~&5@m(qzoy}D=n+aeg0Q&(TTOFOU|U|vpx>?7S~?+C}m(jO}npO
zkcd9|=9lDmkF2o?228SHq>!S=%8h$^rR>yLUklSeS;w%Cl!k7oelpNu_svWDp4)`V
zaaIzvUMVeN74>tN&7ms0ATl}aMs;iuWSEW-J3bMkuEb9i&}R>3+)UQwnQZ48F8J&D
zupu&gWoT*u>OSMRv`#UK>0}HLAbpVpJCO}nHy1>84XVdZsbts3KbLm0YTQh)WC$H_
zN=D<fj460Neqml&PuPHx1y@&9Q4(<&GD9BqL(&-2(H-QP6qO(y)4_IRAF!M3b4<5a
z5E(BZ67OUjP&ar{spvw;_*2m2_m)|WJ#AeE1~IE|?WVQ|=#Ye*v@st5xv@JW#L^2u
z;ct1)$*urQ1H)}0BwVWT;2}O<eTQUs4l`XVFE_szqpN{nN1H_ySU{Z>#!Es|n#Elf
zDBqHl<2cPQD7I&ACXcL**M;p<7u`V}w=K&>Ka9*>Xq8kg>xq4_GW~q0bY?wB?QHBU
z@>yk_?k=->f_ZNv@&yn@4_#ryYL>~ztaQjxhgK?4*T%xw+<l6FqfXTJSvw3p?rg!f
zFgG^OyN^>kpGJF(7qJ!pPAG^7p1vkePp3ws(96{HHlI$SC$Zoao*aD-aWqsss3!rV
z*)S?5@#IUFT!L~z%U|CMKCPJbW@uCA>nA`ci}hurqM(%}bSA)wk(+X46lW=`0LzoX
zb=;7_6bMbRenAxGDH;tf!=>BH(=P@iD^iwuF1Za!J&vV8FtPNm)}eyEhMR^JGbwv(
zT{}?0vmdx`HKh&Il<XF^-d<{oNiWBIZ<C64&<_QdSPJP1SwG*4f`XsK`Fs{vpifeZ
z;dIuvdm&375G@7R+bK=NB?W1Uy^MOLVfms&JEMfMN07Q8Z7pWFC%VgceUo9@ts^=(
z*uISBXQ>LeAv%p*f20Gg+*^WZ)g;bb!Ja{oT3Okt1KW&G?8v32+so(}u;$D1PGx7$
z#9;#>p2n4kZU0gj3QSD%QmS{YEosE<?9p1BdJMEKE)*G<_M<u>tWBrIl^v|LLre0p
zYhsF8OYB@PVe;{1{B6UQ9#X3JXz!=f7g}80iwOI73u{SK)cJHaka0=t5h@D!j)O9D
zxzAe)g}jExER8A>XLI8dp!6+E7C%G#vJ->Wo)`=+$_qmDiC71T`0S#{nX1X!%Hi&|
z96X-rxN&np=#i|eB_>yqa~P@c`^Q5cG$n$q8=oa+tx_?al^ua5FykfB8`mB9a6rVS
zbh(9a3p3Vu_3;*7Qe}Oo!mp<>s23zt7$22bKBQBq)or#^1du_lxnlNY0-VlOS&enQ
zRNo-K?3hP3+0EbZ7`1KWlmlbM=wfX#H?|6;H!q9=icd82%!^Fq9Uviv*|i}`%Bn~j
zg)@EJFZDE6ZOK(kRX&z>^jQ!a3p)0EVTArTPfr`Y=qMAw#EN1k$+*EGp}JV1SbwrY
zacNGnhIwLanTe`5Sc59KkHUBo-YWeCo1y2PP(y0s>`0+qx@@CF0F9wXfKn~WqcrLS
zsWfU1c!GcPsDKI}R#R>gP>Z@PiE6(7<tr00L@9ZrVk`Blje1?8mAV$Yw!r!(moi%W
zUH*+}H`RScgw!u#n)N^tnoH?!#4@_6^j<>V-aj>p3NDwX2}=>}86>*!8;+doy9^hS
zD8nXwD}YMcbGIdVDYPZoM8mD@jluoBbEZoPaQ6wnDQuCre1f>nBd%mE5+7T#S)6}g
z`(%x9E_4X`C1L3GEKb)-$E!POsY>IDM({-K((fua80>u+BqRzoS0XhRKhHrM5RT1x
z{x(N|UL@$~TY&O%ES3b+!2eU3f$SS|9~Zt83eG%nDO(Qg@s{64T)n~$OPQ(PlPdwD
zDHd!`5B)*y-;9BgCl^yrl0!uuC8OF?!FR<-7W!<N?U)XCrKDXgBbIUMpAz&%2}7L9
z$9XLS674ct=-H1npBR2@t5ao__r0tvsZZ3YxBu2-8H<{lgQr{V)i-XD!esD@qouCW
za*{0-N{YD;y_#WADIp{(4%L-YTp$K~PnPLWbk`S-9Sl4nA^D#V-IqGsHzuG>(FT~<
z{XOSe1GG<4n2RR38pVxw4X%!TV$4T)31ljdN4w*S*zk(j+T)}-%F&9(!F9y({JF?G
z(-`I;$MITq$#rRdcdMM-a7-^^&a-g&;*R<(C@0CK%)YtB*O656<EUnM;0<u*?Ple5
zaiWc)Zsa`HJ*dc#|FNtIb8!3<>Kz$VOu2BCF1uFY<W)X_T<l&#SKlOKl}xDmu9R-0
z#mrCVQA^qKO)7D9rcrOqM7_;(R;$4G8kHj!hN`*@w&m<>Qhf{T#Duu&Gw%qACH55&
zFMd8IEgUJDE(^TO|L6hsR(k=ovq@}zEk8sRS10VZ^SF$T$B*&-tX8f{G>x0$Nxx(o
zHW__&F+5d|6v_~DCtjjAaJ3!Q2uU;9iJOdR$1=983Qw@_6nax$8E;z|sWbj7qS-Kz
zs+bcFGM2N%m7_V0!&E8D8QqGNW#`!(iVP3D;#bR6n*CuEx0X%nt~~&p<!-<K6-<H2
z%CoKYTXJU^`dJL;b78@yUzKyLdY)J1{k--yRko7Wq~S<tNRe*-?z$;iw8Z(vOzS2l
zE~ELRE9~s|zQ!Q`Hks63qVxxj5IVzMGegg-bZ6c!;%QGJdP5I5^h<t243^1)=3eF?
zCc{Ko_i#Say~Y@WZ~hxV2s6ay%w0qzrIcT9J2no$I7-Q8O`Z?2kMG!Ms>+fQ>7zb4
z95!L<v;U%gF}_#N>Fr6b!&W9M3eBGFQ?e(Q@|x79kN#+5J>r}VDb{EE>cM1&RX%!^
z3?<4`$y)d3zNqHbLv<<-(dhWlN%BkPU^ypAN%~xMl{Qq<>m(1Tie?F@i$6E5+MQjM
zzGS=6N%mCf)x~mW>K|}CyM4P=KNNdXgJ&hB>osI>n%6{~(8o8EYhpJsup)g}*967n
z!`nWEGn5B*5pVK_pfAdw5~#0RdiS%R7|3ETst-miC$P+R{??4&fL^Mv!Q=ZEEpAP%
zPOf~1<Tu*J^DF?#e!l~K`=Voad(wuAz4edJ$48;<dWS><P0$l|zRV~w*Uw&@u4ZSf
zGFKct#~pPR9S8PbpP9!k+^#z@<@S0<olY)epO2&Bv3u3lP0o5Ii$=C5k?koRej9P=
z;QlyL-MYzG+*#o%StxxFly~1RdA_ebaCRk`&PlFzCTR|k^cq~t3ZonaA3&dZ<EAG*
zlE5pqaI=*Mk*Fi9OD|0laPb6eQwQs$O&Z2=E+BU~c1W3`X~}4%Kjq(^8C}BA(K2Y>
zE`G+^^l0L{gTt^&l>}A+2O(V|V&s01EeCm%L&NG;$cXJnw41Ch!{=gYGu|ky`Ei$6
z-z3aN=$L?j)5iK=ne^fNTj`dsZ|FarcexdRY@Knl<dX(ov`d`Tw8&)B)V{9bj(x5Z
zUj!qf>osZKntpqv^K_L4>h=+w%x;cOfL&{=vq~MPlxilNZp!9~-?rfRLnAdmPRjQ{
zWsfxe$C>0MVf)6Y4sD4Nk#Tgx`>d|Ud@2v)+z}yQUGHc4sZl4u-|(sv04KfuSl9FE
z+-vvB(u7gV_a_t7OxEDW7z~sBz++Tyr}9N5`H~M$eJwk7L{?YDCgucenaxNO*)zHJ
zqdKA4xyYE*ehABu5P-=lUs|3SMHpg*4DG_wrwz$gohsBPW)c$SEjS_%Y3D~mB=V+-
z4JHASVmV{*^!fUyooyO%fCWDRwX7i}{nltA|MqdQv)9?H@^8V#l(C6%EE^?CnzED8
z9-dV2%R^C?^>^-!1)Qj|$1|H5WW86tlbaGvc8j#mrWTjK4)R;U{mCbdujCIR12}~5
z!kj9nVv*bmL&jmDe0KFV8^0t%8%@W^U1)&Ij`sjns@QU=rR6#9s{4@nc+}T&cMDQr
z&$$q7R-M#BV<FJpV<Zr-zA~Yk{QN7_v&f(&fJ{ZX&sN_G8xr4D^lRgc+vYH%O5vM?
zi*xy0%2+v^1^>J#b6J{G1l_SZz(VqL78>KJYOK+9(pc5U>pZt5MibLabEx6&eFxx<
zmlWSSRAR+g?6h?CRYv$V-|WUW?KV`Z;6}4{ME5K>?M4<e@5Vlh^_fu5ZxY^ZoRCl_
z4lCNDS0wB|Nk`lhz88NV9(M4y+;x4|?)JJ~UcgE3mq0E#)y4J`ouGz0w_A$Kgj<Sr
zy*cctW_5uamME6f^xW#nW#Y?Q?i^rpr=<J7swv7|RZr^f-ix}qN!ccF`TnDx)Iqet
zy_XmDCDHf{Agm|V^ieMto({+%hJ|^zHfI%6r2`ekV;+;+*?SD<S6YirKdX%wZ4Q~u
z&T9jx?ndimAUm@<b<QrUdZRi~%_4PQQjqV<>t!M3rTHWM%}sq&_fK5nfi;FY*~ZF)
z<}$?Z^UTpFEW41NdqKF=Wwuki5e?FniPtJ&WkN;y(p7Vj3zgox&HJK-NKe&6$;;~V
zur-@~((_+FcbAQCF3Gn@y(a7K=N2Ma%Dg?qYwK3u-1~%u1MrRPz2Dsed8-ai1Han2
z`OEaWHtVmj1jGWfj`Pj|ot)}XigK^5;x+Q)epR&SKC2^ngNj(_SWN$s1!>Z5aA(tX
zJoFc5-^}9AdlET`$={Q$OwKw@8BxJlCvv=(+@YT1;!SMP&ADrzr0+PBZ^mWsvO|-?
zX@Ob>ncu<EgO!miGu_j{YeV=wDJmzIwkMh#u=FT}(QevoTJ#j4B65`V=*;NkSmJG4
z7k-b#+clBc8zpM;jL3WEh>O|ox3LW-wD*+}NuFUhLe$NE%gtJn@+9O8Ng9%2;nZE;
z#55%DdTiReZB$MyVsE6W5A)VciQP6OGmgTf!$hO1N4vG?-Mnh$T=|k3@FcPF*HmL0
zzDL1TPokuCReI0?dN*C_K$Vju>Ez1DLEK~EY-#RfH~B5a9_SO3r$f9F$(sG-H^vRN
zwgI~k*wzX_sF1AI^Ui9`M><)h$2*ocEy`<s%?>(!t<g|Yoy1$!#mtMR@N25an!^1;
ztW1VFJkKaw+IgzSIhOaNMAMZjl-H65J2u*x;OByPRjv`R>nCoIFHOc4#f0tuRI9fK
zDY38(iPES%c8(?bTBR&^fXY%?Dlw>{En|YC%+619YAVH&HQIwE>U=l(<wU;G{0w1R
z-DY=P$IXn#%I8XG_j`OmfwxwR+Cq&M-9n{|JAMwuav@est&r_$K8aDLZ$(ScSNpQZ
zRF$uj8LJ}!y&R)y<-`(MY8fk|AZfgOqey9OIM8I9cH|Jts4aQGNQ?gETiYjBh#vI-
zeQmq!24RnOJX>zY@oTdh$sLxcS(Yg7*s;6}acYO}Jy!JbR(*IM6=+oHbG0QuwuYm{
zx~eD_ML}ZwRf0UY-Zn~FgQE!PYc;7yRUuY+jI#BBWLEE5RtwH@7Mt?-sJA7jF_y}E
zRMDlXaU`-|NY*-!L2aS*Z`mTG=-<Yf;-aZQMx;+vA)q2z#h%~1`K<gtYhrQ!ybOdU
zuMJhBX2tDix(Q-KHc+3XvqbG}N=_iJDEH9C&e=BV)U*l}k()g)s*a9)Bikl9X^c*2
z@VZ?Uh{}yJ5Fu?V2{zio$!8rC3NRw@M?4=GQ24!(std}{F~Rw%V*kxIBa6Ua<)suj
zVok`Ma#|X7TS}RTkc&c>KtmptYUVTOm}*4+iuMQkZMmc{?>4>-&XuNQgYS=ADm7{_
z-V01m@!23{`R~k8lKPZoNuqI*T#~HX)CTxcfGNi_Uvf(NXUw!h6uA_!$ZZ)dI4dea
zBGe%I()LI7(v~gxOo<x!FJxfg{2xXbuVm@LZKj44;2hDa7md<X1T?v#n-m{l%ge8^
z@s_A;zvlS+EzVJVDn!mjc3C=EcUkql$G=MhI6;e-EGze*d~?LN|BbDU931V94Xn_N
z;g~_7r||s%&{GsJ2M0SF{4xLpi577A3*Ht8LKOUUfdBx9<kO(fVk;5kp9hc#JSe_?
zvLbX?+F#w-@uz#D=r%Whsyb9tzHi{NHS_kG<JUP@e!CX&?ZbtuYmKh6S1eX=f<z80
zzU}Cn$w_m`GT6oM8o6Wlt-)LKSfj;FmufT543@+!fer<!Urv@QQ_k?S^{!uB0_2D7
zM+~}#oSA@InQpcm?~oI}dOLiF2-@S$$9B5w?A|c=cE~5Z3+ElfPyn6N;*VLyal3*#
z8Cf;ACVBPiTkas8)5Ur*{oZZu`+`o`Sbv(^0sgM0)<_50Oc1k-Da*{pu<tQhoxZ0J
zGvQ$>e#rC2SEOiLn3L3Zq3kZhS|fwPhdIW@F6IDIW47+#%-Wbf>zYfBS@$7zzzxa{
z@d+H!*GtV(^0p;fhbOFIm&tpx9Is(32i{;cLe?&9hSyk@CnK71$WHJN%d6I~w+gA7
zW1aTz@e*$2*)Gw?s%HRJjdeKpnhQdN`pT?F?^A2kqE%{--qKv*NqaCgKv~<1&7uZe
zhc}X3GEI?OqMr?z-9JC<K5Sj>Cbtz2yP+mPJkDs+Hg`0I-Qe-cABOK$Dv|Byj`AR5
zhmjQ&jQVv=^SGAOwrX;_Kh-}!TT+_bB^4$uCR-ZaC4HPf$wLL+0lBn|iag5Ceu9nd
zeQYEqa1%wcbb4mcy0%Rz8Rj0*c+MjoL6Gc+AI7)q!?QMaL^y_YAX%dQ#KKkqtLOOM
z){GqK);|*i;~NG6X`B@xuKa$n%Z^L}^2iv=;BlqS4bPiEZ^5rO-bgmg9A$7ssT7g&
zY<F?c3mBM!1Ik9h&dN%`!Nr02;flWZpnL&^a!^3QoD>`o7zK<2frF!2<6pr`gAfHw
zQal$3F*(`)r|bzk7Z+UNJHlBTzDC1|(m^!kPH+ea9+LrLjh>9Nf@@}iw5msmK%yk@
z;66lE5>5y!8$7NLQI$lE6BG?s?nhKI!QujGf#9Zth^i#<Fwj?c(GZBu6pGNG%pwk<
z;QUVyN&)>(kBx%uKRtE|cCLSq<DlUB55`Hs_8*Lkg7aTJG!}6f1@u24_z%^8%YeZY
z>`=J$FsStz_+JnO7zR)K3F3z<kAOUJAb&_IQ$RTWec}A~pGba!JfA`SrHcZ>_6KV~
zkolKX(kKXc`llcaLJ0gXsM=r*w15iNm<M5?vawRIA-Gd6gQ($=^B{I~H5XSAAv+a4
zGbUAd!YoJvPOt#7{u|0a2NH(^iy%8V<vfTJPP+suhA;o=VJ?Gw;b{wqp1>@~94@(t
z=uIww?BPd$ddstj(k>HAh~DQpP*Qc+GUzu5nT-v~3jeYS;zDAFLg5{&AQ}LSAo!<I
zSW}?=xq`u5oNS0{dVkvgV63bVE`&Ecz}VTj*#3?oWMOO%FjiJ}4%P=cSXsHa*b&x4
zG~mBVz+e~{3j6zne+F_soDhr{`Cu^!1d4Fezb_CBhWy#lKkdInz)&db-{u1lj3KNr
z$OFa*QPw{m@_&U97zE)h4>2~@e`4&gf3y3qVuU0o2f`~J%m;(L`Ui*@30GMM(E@*8
z=$~~$IR3dN2p8uA;s`#R4-LeMApXaP|F3>l2txM%1B3mW_y6t;D+J2=AMn3~5Ewfm
ziXKb|<$UN8tWYTXKNKUdKjHbe#XzB)e**e{F~rWWLfIhf57;3v4#)$GvqCx89$Eo`
zu|M1y1jg}jXAl_dpNr-MvjGpCmJI^^hY~i(KenHh4Z^|tHzo)oY!DbL=l^B*2ZOS5
z{X+)~`X@*IX~2J-mJJ4d=sT=zFm}!dK8wH*QSd+s!Uh}<m2g18h>-Y~lK<*JV1M%2
zpY|UNVSf&U)BJNF7wjPu4mK$G;Wlxy!(e}lG{nq^5I`I#|5wQ$4B_zqz&JRez&}73
z;&l4EFc%aCdFV(8>`y_iKkdKlxY)q|upk#38`nR_Ar${d7Wkip$O>iyKVSkzV9*Dv
zMqnHd%@6()IuEu4fpI-_OfV~q?O`Yaf53-fhrl@hkrxoV34Oo>jL`C6KM|Roll>n=
z5ZJ@aju`jn1o#tw|7$`-Y6r7EFf{^01nA#QjlkIc9Jqg%h5aK3ATl;P*FR(t<o>(G
z!2g^_FfR6o=7%5{KU4xi_|`)!KoHsDf%hY_Bm2W+0fBKm%rjs@#MZGtNHmBTLEM_d
z!Mh+nKtx=KQ&dDq3<l){i*a&_u(JunAZ%hH9AaYPtYQ!$el*_y-ysw_Xe^>Oh9aiM
zh87M^RunA4;v!-k98egim?)btn3WyMCJg0*2#W}_azHpmVC-o8{Ado22KJ7w&+Uyr
Tq9NA9#>$CCO)aJ%j`sfm7Qok#

delta 32476
zcmV(<K-$0X)Cd082arsEj_bzpK3}1;0V!R*kpu(*8Z7~Qb3A|#K~9Msz{m^Wck%DL
z*6t>o<mfrUU???Ntgd})xf2|IfBWs=@GpZu43j^6{rT;u?+*XfyYBGy-*4|9Zz&?^
z;HJ}X`1sf1FHblC96o;e``N+e7|+gM!r28EFaGS(<%o++cZLgpoaJWF+oL>~+?AK_
z^o;M^+?{|QeEWX+$H(_?kB_$>7Ib*;w+P{Fp7c66!~{TV!Vms(#A~>uGeo8Bn9qO&
zF&N-AGYDT1M<QrKBySEvB)v0Uz@1@Qk_Sp&nA`?=aE13mpm4k=Ik=H9SVqhU(*Sp-
zkK|P7%LX;HG=Wlo)zb6NFK-S%e%D8T`|F!K904DHIY7*(Nf!S({MZSdm7fzJ3^U~q
z-kb7)I5@I`Bhv3}nd!;EUn6lilCa%G09Vw?Q8bSK4_pB)p5WXKz(w%L9k8yzw3I<i
z$z6dl0bznGfAuKY4Re8EM3%FM(`clFkd6XQtW-pBhX-MQL)DD9g?B`q2mY3rfOz&E
zA@Fic1QE9M?}tR9TG`LXOI+@Udj$HQZ-EzF4`-iQ&+?GpkcR-7jRwM+##;(DH11jB
z<0;8vP2<QSKJNKA`{DBOYvKHa#0(if!{AfI&y>gPTdPTf7X$&foZAduNzHO$=_IwB
z!j_PPbkkmci5dAG8Ts`MsrQGJ^Wn=|N`rncjP#%}lN}hatoFeDgp3z(UhROBmrVs+
zR(s$%HrQpg2Oe75Wwi$m{#4~6s~vDZX1r<Ovf2YjYAdU<+5^XM9V<AmcEDlEr%=FU
zwFe$!L%Xat!6VrSW9J1yZy^VtP$dQ~t3CLXD0~`!ysQ@RZ8Qx83<33GuB91l)PTp)
z95`Bd3Ij)W82mcYW%Acq_(9g~UxQu%+&aaTpy!)7har@MENF;>?B69oVVE6tQwlQ>
z<ja%dd89X)n42v8T}g$re@OffM5(0NiICms4)`a21V^E*1X<k>QAdr5a2Es=5G+g*
z48>i47%GKGl)Os!=#2n^`6b!-p_2_p;u2#8bqJP#kQCi6NKzUaSQZKf!e`|i+K|qm
zAr)x^VGHS2JtSfkB|!Acv%qQ*A+qRWmGLM!$iziY0%b>LUWh^5OhpkNRJj+5N<t!{
z0@+)jm-yl-1@lH#rH+%I0J?7wH5&R-)Fvo@W<)SfwDn|LPwmzO#R{HnO|ojt!3=It
zeS|EWnq0($^{$ypW4b*?#1o4032zH`zl?2R5VBf_Qb%|~Mi}!Lekoqmr5LrUid8{$
zNOGUVCSH+joTlEv7j`3+hVa{X(;#NYP7k>eTk-Hg2xY><^%7gZC_sX+7adYDnRqOJ
z5Rj9bHUgCZ!g=#J>!y6qPb5qBdX^5EI3gAwGdye|s8crfvcDPDOEMf&FGC^xZrZ|#
zq<n>Ui#Vuo6#`pj^(rv$R)Zi;!_e4l6%A8tvKy<hk!=-Dik&pZb`w)m1)va)U2x3H
zl5(m1Y%z200PB9j+=dGHieQJ8?6cy3uf?1e4qFV+irwcdw4pham?x~V)xk`(TVCp6
zt6kvK9Am=lK2OczUXm~gh3t`Yv)34kU$2`zhzKN&c%5UFCdS&FK>a6@`mR;*5oVc~
zJ6Mp5vpg>8CreHaoRdjt;lW~I`3({gyl!DHu}QF~#24A}gcWwsBO69m^5lVkyo?Wr
z*$p9EBbNw<8h?9Bk&z#h@F!~Gc)M96$IUDgd{=6c+Vxa;C0d;k+Z0PA65sXY3;C~T
zRjMp60%Vy8^{SFMFTAt^)q2eM&!+z(V(Jpf9;v@aOMOxVVAi8+c51Xy6=BQ;?u2S3
zD0dsJQ+Fy7P?f3T1W7fa|52HL)p+=I!zh|`<^o0<jQ}Vb`9^4qXwj=BcpH^eXM={y
z;bK~Ts3S|7@}Ih~%Uy-t+S0QS8kX$0cH8<j_SmN>P7Y)z;sCot$QbFor`@pG8V_H8
zKK%0CI<qig=dmdIWeRfFnaDjtnT|X-giYtUKRC+9E50MeR4n3Y%+kew=q+l9Y9tPd
zELEutBH+IDgipA4@j#8vXPkG+IAb!kNkWI2T$M0~F`S^s4Fz{XtZRxE4-n%S$}CCD
z=89NHZwYqEZUKX)@!Aj?jbbjb3C>hAk7BN2RG**%TVnB0qCL8A?dPOW812(p0F@DC
zuxKP9fNevO6yjs3G%-bg5~>)s#N)X|aIhO0IE*p!mne}*z59J_y3|U1XP!uU^X)uw
z)po)}S5H2%qhd0jFttsD`tn%S5m*X|3^=ZnU9s$tjijVKs<T73h3b8q&$L5NG?i}6
z^lTZi!ax(VwV8m0U<=qy>Q<ZHjIwbe&PQj-FDfaRoz_W#Jj~yJD70{dXt#!HU}`ip
z0=7JXRyr(mjiqc~>#6zRdWCkRXZSYS>l+Je(d0RymEdQr&bvv2C?<BsN0B!UHO)3|
z_lZKp6jSUn0pk>Vwi1HF|I%%{V!%p3i7AqR_iHS7^AN`}eh4!K=`F5pD<Q8?;aei4
zdfiJ_?m<*gTh%0gV;)g7nDe<UxHO%;SgSQ@JlsC3L_&nVUXYqYMT(_sO%*1k>X}XL
zTWY$7{$(M%UB`-AUeEmDj4{e=V49bqT2EHbvzphk&wddVd~@hyAt^Ox-<D_d>TEHj
z9NjR|34xm;P+X;hgE&`!FC9`nHGAmkR;b5jd_4E00V2D9T{!@=Q$9IA<TfwYBfavv
z&RQg4>gk&FadLKeH}0}xXpRiG&oh^&nL!Thno~r1jdu^4#PeAKks{Xv%+!)A<Ol|)
zvYu_4gGSrH&H;~kc8Kz#^r7@eMf%8pIS<XcMdH(`ut>DM;W&Tte<FYEBK2cmKZCc@
zstF3EdydzC3w#=k{gk@uA_T7C`jg%{K|}8z@m(hy7R;9e{l2eQC29pV6V--XtwQ%{
z3{&sIQdKy0p7=R6DRkvPhom$vH;U;@ENe$X7B|AU&kOTSObbN#Y|r)p<Aw1!jfSuT
zpN-^fHUwp+ZNp2MJM!&1PP*2S+~6@qZOwwqq)K0ZjPHv{>1-UIo6+FQLv+&NQWP#3
z&VGnW({q`k>QIIUm+`jX2_HP|eH%XRO&;S-XOFj+i1w)`+HB@1F%vXq-Xt<h5Bshe
z4rbHR=5&gFh0*8?S+?_*_Sh+Son^vP2F@$$CwqioM_Qj5Rs-1`yi9fET@QV>wp|FY
zb6Hq_hR)f~C-g{R4+Bh77k<G`$>tNFrWOg;d6)QURB&nI5VNIp_G1sKXYGdm;A5YW
zF>ORIsdS_o8ed2rFodqVYDZ{Ii3_tdwR$GgVaJwlIo`#(_Jy+f6TER)1l}|KKE^#Z
zTS*8RyPt288{7pa#x8DS%Cw^7QH3uJQ&aYTZX1c8A|1=GPy)DJ1kMu8D6wg6wYKM(
z%BHU<rz?6zf8;;#R#q>k?ButQg|lH^gRq+Z6sH{}XKHb<V%yc!iscyn;z4obR=Vwr
zn$dl2r^|#iu9@%ulhKZ3G0NvYqn#=5n4|=dWoxZ;?iUY2;_I9Ft9sPPT@^p~*IEF7
zddphZ=wxbkr9{PbUV)Rrs~o~`jbrcYtMWXIOH{r^f}2s-LCdX}z(2!`{Yl1HXDvL_
zYtAHkQ-}(Z=i`Rb(Ye~bN~gOSqr>FU64nU1Ugo8JYnCO*tQ~HEj*(^uAZC{sGVXPV
zWbEAOFtlWtLh28PKLDO_9f=BMZe(+pma72{lm7||0y#933kyMi%Z}@~5#9G!cpbnF
zi=;#eXc+J_Kz5TfkVTMHUO<oukZk7nL$X*8N|Y?S`_AMd7>urMk;QtPI#r_B<^a2&
z-u}Ha@xLDIE{t~fpTEBS;a9tVrC$#gAoTHH7i{O_zg<7{am3%>&L3}`kCTJx4`KK5
zm))=LZU=t%@wY#JzMF8g@5UeZ@j4vg-HhgBy8QK=?%3l#{&>mP>+w$?zkR!Xy!}wL
z04=>A&0#?4b_bB9+sm<gw<d{$F^YpB34+sc-^E4E>FDXFeD`#8?_l*RP}Wf^{Q1W>
z6V3Rk-1*&a-pp<f@%E3q&>cGb{LkI*SxZy21Unx3rkcioyEBAny*(fMchhI{eN=w$
zn%X;5ejl~J#|e2V&ay)q=hHa+cuS+u$we$m!Eew<4>&b54@XtTI8=MZy}PK;m?S8n
z9=fcKy|Iuenv8HJDr#A!vgjQZK>_Km)*xv_lW{rYvP65$B5*;JR}8gTX;eK;#}Ubh
zqG{HktUASikf|^f`golLN1XS_U0HWo3~vl%WzrL}uSj8Ej6z{a>-@=%$Ni8jEs)q-
zHfbNy?=G2^hkL<GyxDVb5E8zqokJ8*VXu)waYOxvB0=DTzxTC{xV)<|$IIu1Eq*a>
z;wB^Dwj7xpUzT&upr2sZ`Yplh;ov91tHBbU!%AL%84!f-&aog9mgpmMOYPS*+~3me
zyxcYZvj>lEAa&NEpi|C4w1lHhj>0fyLMZtIC1G?(D(om@GBTD?v;R3^vmRy7MMP+R
zkQA+R&Yg~y^X7?6z7=vMi3rr<89y9HjZOt0oPwsesp=*46|#RBYaJ<5(ylNsCaHJ@
zU2#=^&?0`PFcn!s-O3`un^MOq!pGa6;AUs1VV~Ju1fl+}%9LzY|E_qa1V#|4SsT`M
zG2!5*R5OaqY-9@XgfX!6=EWr&s+gmjQ?<qN->$YU+nfg!Pz=TQ8~FsChW_(TG6##2
zCdtg&ngK|YidC2^G+_jtdrqg=xh%XPJgu~U%FW0?4vJ=k3Tc>HO^m4|s8aqxyt~oH
z)~${=RRn3+Fybg&J7f=C1KiZSf*B5Da|J<m;Zo3q(!^LCB27qvSn~gjSCnTgWH=Sn
zSc$ZA%p#H`&a>O98KKoSYui@(=BQ5Wi5DAZXH(1E^w2Cjkm{BK(NCeT_<KT3Q3lF?
zQv9H>o7oKsudF>Of01|<D>96GM)5k}LWquAZbYw|uobcUT<|grFe(N3$`&e4ikfBe
zUd{G3Yg6h<A5r9^fu2)Qxqpf7AMuWESDVdPKQU4gMzuLgsOuzC+}T~w46_zqvlLpc
zcbXI%4qOj&?+(+dw&?MtI7%aNSC3bJit{G@#@r(-QF=s-ZitV(4~cQTGy=R@8((Ul
zwS%zXrK+k@RkxJAw8lE-8SJ`q;G4ZJM9q@B^z7hPA2=LZHm*Dx>ZiZRG(lsVT(}-l
z>t_2Cv$R$O!%rDYE%Vw_QXQAVm?aua=G@UMkgGOBb2hcERcGNRQK@36<7A<Ka(k^@
z^(D+=Q&tfITHw421@k?hPvA>E`SeAz)i|4Rw$-6GaX1klJ$;x<^jrKtW+s>`ZDpCJ
zfAn*`YTK38nmkqQMyOqyzz3@1io0X;U%+1fxGh0YStkwY1H9YQs;m9b(bGZ~TOusx
zKu#{IWk;k-hxSrU$*vjsYbr2*X^$kNO;MZnMC0X_E_a@MNw>iySEp5=gfb&4yNze3
z;n33x5O7MGJ>+W%w$-1`{3(gRfvAC}3od)5PbmCWvH(Kb(=3)*D4kjP5e6)vwv1t;
zvTkTzsI3jOR*FwR4`q|B<1yWOd;(Cj#qqJp4%=bx9WQ}f@sX9aCtg~A0u<P4f+X4N
zDOA>py@3_YcO)uTj$F?UFPBwYx`DdnCu~`j=sW6Bp7Kr(WpzPZweEc3ZF^<#+{m|<
zF^fR849cEie?reEF|&lAyj!@<khZs9&hB_wjiP%I<K<DDlA5WeiE(?Uv~cOG16+V1
z@rX}WEdXvczXu#XcN-0VF<I#g;R~^A(47BO&7Z}gd4)~ZB)So(Vf_p)(D_nsu`)@8
z!8-S3Jz~!U%AK4_$VZ$&M(05sjoUGtCRIgCN|cgDhB#L%;K>9`+Z)Z!4O}Rd<whE$
z{T!-LjJM^+VD7rr*o4<|_9g1hza{^)seA1<<y>0dvCC&{l_I%+m9AXhQGfk;ppSh_
z8YQt`Y9mW8nV$t25R;BFf0DLRb(Gok3y)zC<CshR^(L$I2tX9U&E;gpGk?0sVzuV*
zAk(|oGTn6q*Jr_%0)Apo1<oX>(PW0&HDz>~t%uusG&QRe!q2}&3ZS)}^nbzzSLwQk
z3eH%d*ZW=P26|C{`kWsFxv+98CoNMV2!ZwFTqHhsBytq0x^dd&c%X!n5|~T{lH&$i
zz|g~F@uRF?jixBj@U@f|=5;FN$EoivyPmmyv+wOIwD8#XEle}f;ioHkPdu#L1D0{r
zG7!JlMGvg>!>1}VBy2w`H`Ce68E}#eV3RODXB<Pq7t#QKE9Gh|0O(cn|4}SNJ)B(v
zKwMTufK*el;J4~kGEnRETr$}4+Yr%<0l0`6H=2y@7}<sBSJ~fShnH=Ykv*Q#4#!E~
z)mM`isNXhx{b{t@;gwEo>T21l*<4!No~K5ZTyJa7GcEJ%%JUW0q2qzY^HecP_uX@_
z#npMvU4X-XKdzT7*j~54G*iOYP}O%CK40b3yoCQO0qBO=9`08J;JalqDMH9;+&il_
zxy^HwKi`b#{I?*w$?fZR5h!5iO3Sdl?ogl>!jS^CC376Sup|9AASD97D0RI&yD(er
zSiIDEwPkz4^<R}a@J&c=a+&7N1}_wM@nc;Jmh*Xk`_P`aj{fOJ+(HVF*i9*5JZ-+q
z&dqGo#%|a*f!4;!+R_k)`F<<!cwp*m@MGDU?l}1JcCp8=$sfGiRJ|PF+gY6KN#1BQ
zZXJn8BX9!#O`(l98-(?&?7Q$@jJu2Gc%Y{yQa7xsrVXpLa{T6QPV5YP*-M&Jb3mVG
zrR|A-;r3vo8+t!~h4a)hRn*w!YzVfxwk~SMGfqZv$gP?q`!?#;<`yq`ei6J-{$@c-
zio?2(S$*CJHzMPP=-@GJTvTvWKoCJ_x4gL3&lI))3T##*+rey`{K5Nsi3r%{0(`s_
zeB|`j3iB-jU2~9&E)<ng@5Nn36(Y^ahNNMCiX{Y4agq)wkD&@mpjv<cv#mTtmlkLC
z@Q^XkI*Y0tk<X&`)3d1QBx-E)L;Bb}hZ<UrOb+<?$8v0~pKV%us8M&TvqGXS2PF{4
zDr=c*1#0;>MVb5z3q*&YVXtP_4_DYLD1<Q`8g++vqQFknXOK`_o@4F}Yu`D$<e7Yb
zImdh#VhvP*2#wb#ZgF-<r*~Rm6kUW8riV9(Z^-i!j|V*iKqF%}Q0m5NZdEaVaHJ&o
z*%8l}e0*?f?JsHYWSTES)M+X?<E8$-fX>Ll;+a!7+8B$LLg_?W(c=2lU)tc|)5$T|
zau)4myu0$LRW|3E|E%$1uJQkysQSYO?!VCUy;GNws{s?U&=ooae>Wj1C6c5G&5-<6
zL#vD)c;K6&en9Nhi<yz#IaVF{Epxk+^qer`NW{2(9&<;gkXe4OWEPs6-zQ>3${}9<
zLF^X|2V(@SlPo_bSfZwMozfnDRs<GF{x(-;25PdqSs}6e1`bi>1m;pGSy)m)2C;Q!
z#ymk=OB9mm5=VSSe-YvNP$Wm=kRoV_58=(q%tM!;5G=2fd6jo*vR+J#<;Q^4hP-rG
z_nhtSglabx13y4kz2G9S#2HCgd1F^T?Ayp&V7;}Crc@RDrcmm_qARxCntfbpOZlEK
zYtp+EAbNcXvSK|4-S*0)33*AEv=)x>QC*6)qk(rON2ORGe~s^qkMs8hkRHA9Y-C!L
z2N22#SbPp8p2nSvr2B@mu`k&LIg}z*xhRHI!PZvR`-Quzf>b4(jUx`=H^CoMYgk=Z
zXN3n<#Ey-p0s}=TXi-IAqqamtR$?JV<brPsWzCk}RW#Qi{7gw<1fz@@>?w5DpX)XP
z_6{o7NPx~ylZP8p0cMlh8(x1Pi~4g;k}lRU!VE{*gyulQq*B7^u3R0gqwbPg|4w(w
zg;W7=wwD4F$bP8Bp#!T(R&n1cqIdU~vVQPw>Y({@LUL+80m=ah6lmK@f;oe9_*6q4
zvDzJwQEe?j8QXvikpe7AugD3XU_&JeG4_JUDs8fmRW^+|(bhWB4RC*%8i7JWP<4Yd
zU-bDJEkTo<eM>s8dSL%&2v?f^GD6p-R-0Bcdo9;B6%b|ZIl6~<T(o|cq904Xo<{b}
z&8N*_=II!RYOYJRo-Tl}ruDNyAGshD)^fnd#SnyJtH1bbSQ*bHDYjH|3&(4JG0QQw
zNk%(uH#>DpFxlul&HjIoBX<~K%@)RB*cX<gd{Bb3=)QCVO6csO6h$w4IX5C(S;IY%
z04xALxKrydsU^sfl7kBCi>1&;8+?iFTpw)3ylaK-<73x~e)WCpMC#O)(p%+q652KB
zwP098N46_9m~JvCqe-!`+dv@4-{&#hgnFtm+9)e5zpL+r)%|}D)5<GiI=gSgxOVN4
zT;j(j+ei|UG@C<fU_o_vgYaS(ucAOa#Aa*EYj%JuFX7(OPny9Gf#CMyK5K<FAr}i@
zt`(|8l=gROC90rN4KY6{iUr{NEE?gn?V-E?Y#Mg!fYo*Ujf7RLr}F+SHPP<5>pW4P
zaJx;IS54k5s7-%~iU(T6DX4cyIIY>;ICJk+zto?@QijG~xQg0ijvGz5woODl#}XVM
zPE(9B!@nsoQVCl!$-ZU%+BaDmTBlOK&PVO0eW8fDg*^pf`K8hv9(_n*6D4ZuV6TrS
zY@JT1%&&SGb1g$7vy<LSOW|oH#REq%wBJ?!!lDRUx<!9g+Se_$%@YZ=ecjY`q3Txo
zTr2Zgr##bnlprjfS~pd(0mg#5@paJETzLm%hMfZqG2B3%oBT?~$aUK&TZFY~Myqry
z)7EXc%69Op8nSF>?Ay||rz{wSy%-^@6<5UzAvPC9H5rOR=_*j@+=etrS8Q77Y*^ZV
zsGP_vyd8h^Vt4bhG&%Gp7166~ODl!1v}RN%1wlD8C?SUh+3Pw@SLxUXR+K_{wlJU(
zem&oO13rCiwq&0jnRC<99htMZ)rr|68p=Kk>0r-yTyQ<k3oqnmw0Qmgeq3o)_r;0O
zk7~yeH-!e9Vf7Bg@7O_l;#RrU@a!-a5RP`UE$M&8_)*H<DCM^d5!TcoQ<hlto*_Ei
zmI=+gVZ*O?#++OFj3C8p-SWwqimqPR`i~y-dMKGI^AMDjon&qa)%9D{ELseXzS)<L
z1#p6J$Ev%fwy1o+KU(VZCwm^dgtP1U3074dfl_sOT~q2rKRB_`8P571{)Hj4z`obr
zX!C!xseKd_@IDS+_tKdyX{@Uzo4D4YI-miHm2dBvA`)L%DA9eYQ&hTl(y-a;GWez9
z^^Ku2cUJD6N75TqLHQ+9Z-WcKwUBrp{ZXdYes*2@&iEwgk$VTRc69AAnB3NE0}VZW
z+6zqquO8vUxc!^x2y=-LxlFq}4RswiqQZZbNdp~BQaMJwt`xqsNKss_ti(wZ5v^~V
zEf$neu}@r*<#Q;RSLbsm9oDH9<wNvRH6P&dUCS<QT)J3jgpj+20P5(f5P`HG%TCjF
z(b$Zr8)PjRR^^U5{lNN>d!y2Qkd)Q-c!ixg&5r7n?t}^os%YuB>!wPeSk>v;=}Ldq
zr^MbjSzNnzckngW(`7#OR@X1Pk8b0Rdg#09rCNBaQU!SRsi#*<xhKs#8$#Dd_vt(?
zPZaAd$&J66XkF>Iv?9&b*>Hn^zO{#AnhdMXeF+?x>>{ImFWprW=3gIyFWX*uucJ<=
zlK%A3p3XP)QNI5|uVbs(zi(2vc1?fv{f63hOH_6V^})mrPqw?QTLp&i>Uf{?<D9*$
z`4fc}v<QM;1H4h6;Yn0RZIm!Tta;Fk*gyVQqk41NF@w<y2DVezaL3IaE~s-C6{CrR
z@yVavB(E=#GwODDjeq4_QPXuE?l}$qa46Q^{?N>;YNb*E@f<wa79%CNhbUX2>uZ#A
z9YZu5orduep{8nvXC!)VzIo7PU+P0%nnd;WL*Pf^pyO3F!E?^uOaXp%kRL|^eUwvX
zs$cX<#-Zw=X__+beL#SSH<abvklE$ZyombU;a5bm4bGR5s{s=XIUq0~Z(?c+Gch<a
zlc6F*f6I<5xeeX-SJZj{JEERdfKh<mZU@M2k_NH}vPxzG1i1lnH}m_Us7FyMNoDsP
zH0-wPK~m%)d8o2D!}QzR|0aQd7Ubj>Ieq`-?XN#g|BXk*^!;CNx6e1D@lq$2vztEu
zIsM@wCxGem*S}qa0<)@%oL6~)$9lr|kM*See`kA<c0IvGXrY9}^UC`3Qu^}>!YO%Q
z-9^v|q4TZbn_cyVZVX3^UbA$63fy{fBz>LJaks)n-opLjN{42z2o`_u6)gpcZ+a1U
zv&D<hj-(&7zmirG50DnWJdzt!WP`w)AMT-JxGv4jlZz7TX(0pABwL)j@dcwT^d+p@
zf6GFLY5HKyn(PR7le5W#@qJlOGv2)Z{qs+6AD?eOw*qGuQ-zH!o3sb3=Ime$i(eOA
zkU~{P2fcgf+}bFJMuA<LR_Pnw9>eBk3PbvXEp%7{C=3Of#6&|BzKQ+Ew>N=M{VksO
z^B>>DbOJp2ZL;%Oh0p(){<3qIR1Qz?e=S3xTvLprR|J6<Eeo(Fi1cDjSP4O=2*!wq
z5Hg6TgyC5cq$jVlJR+cK{9-Q*I$gwoI>Ku}QV4eq`_jHK+Gc@1Ed3We6@-#99TR}O
zCIei0kUANE@?C<svzI2Y$&VmNF3dILl?3fnTn6R9hpkaS^oPHIY`)_^GDF{Ee-P09
zWORt(<}R@XhaghgwH3>37K`sz@mPq%Ew+)5+;`mYD0v(tYtD98%hSqa3=lJSvntq{
ztRTRj<Y9ID@rsj{Xt#dx*w(A(l!05&Q=8b;Zd@OX-J`{MsoYcGEv0dAK1KhaFcN%r
zxEuo|_{1gu$JWW}4eO{VK!@VUf1Dg!WZg>3#J1@c%N(76m8AhZlS*6h=P4z+IR)D1
z(8GJ6j;~)3^9n%O>#2Ul3VMKbY0t85HEPu@Pq88m_u3&jFacOLH-k`Cv$yxT$be4j
zLVEcsrtMmWl=-1idU@l()47t`I!Cgy4WVV-VY!g;6P3tdY+dyWT;Rb>f1Fb5+sa2q
zcwk9ee&n(-to14^jq#kL5CfcdJv--3$=M3Z$$VlUcJt&s7PQh4y~eOF3Na;Fs>P3V
zbR%<7W+p(?tXb1c{<N1I`Xn$Wi-(d)FwObGDC~n57P(dC)O-n+w}OHeH7PZ`&GcAH
z>i$F*6m2cwV;DfQ*z;T$f7}k3>k7}CCF|k~BWQL5ljf+cIt-z%%_vw>^9e`q&qgXx
z&n6|Bd7UF77KV?qE1i+<I*b36lSbozV`nQ1w`qg#<Tf>d4sIjre9Qb<pd;vi_;!my
z$B?|!`+Xc3x$KH(pLs=68hj9nVpteQ?QpEx69-nLU&uvPi^d!+f6Qogw0C*aV3a#Z
zM2lbNQKDTWLk(uMhUI5#m}XTab%kMQLGOwtvw{c(RcNu*>1fE#KRh+Jc1gh(B>^ED
zIVea9i)^d&FgC;-n360Qxe!GmYJwm?VbOdScYJ;1Zx0aS9pGqqXrcEx@B)m{djwv_
zhK7;T%d)GM^&;4Ae+Hp(YbN0%>-sIu6R)R=NY?TapVGXkBbGSU3*!DpT_Y1==IKIj
zODoaG7|0VaK#`2e8%3ROmaONIemFg7m#gx&<MODdmmprV#<@-HwA+B+106~O4p~v;
zkKTyPM=lMyQ}_DkSLQrML)>=B*6Ne+HfJa@%DvDI1{nqIf4vFCwi@o7hQu8kSF-JK
zAgws-x<aZv4Di7rSX?vz1g?BfbSGmh51wzFeU_zt8$q^7FeO&KDcB}(^<W1%l@b;i
zHQo4k!bTHPyV>L@GnCnFA**dwQA-^{yD@{R;@}v!)tWr*2ZW~G*R-YJI6M5^fhyVP
z%XZnwn-Va2f9XSrsc3e4#YV|`6E0_YqjIqkCKds9c5_}HSHmDp{vJ@caTsM?-hLm)
z<?OI!VSMBe?zYR)wq;2mcUwi>EsH=H6-Rm=1!{3M(c6tekIMb>I&`C2=F}&a2?RRw
zA|U@sdJ14Xg6WeLPRz)1KL6bpIGce$FY+pGM2ig4e<FpG!8?AxiU-mn0mzK-_`{PU
z0AT>z1nByXp?W7r%2DVIP%PlIE*vBi3U%#khDyycRO--mH&mf;6?P{oKa$W*Sui7M
z^sfb9*Nz!5+om0UIhA&1*A3p`9i4th|KeKV1O0DAyaSJvcLIjqM*+Np@C=AMowF1@
zAX#HKf8nG!a8$k(aLimVBO%<r2)t9`ozAB^HpB0~OuznADOf~Df%L>oI4PpFxDv$J
z*iI!!c8+XCuTBcb)n&5Q8>^be;#D0r4Qmf<g-pYHwhryZfgOR4BEadsck!~0u6;T?
z|Cj{l8*(&)!Y|_0Bo_9E7bO&mKr;qWfS#^if0^hk?e&5o7nL~3R}hBH5^o=+LqJ$d
zjSt0(7?ZOYTH6#^Bw4ivqbF(g88bu-)(~`CmmU)BbbGzy{?yQG0Od*Dhec3pbWd$h
zxSON!xTv;tH+Q7xYAk)zRj8>#TNe<sNQwt~@v63BA1xOA{2-fMUp&ed`BAo-zIm1O
ze<?i3t}R<+^0ymR!$tNy?)#op_`+@@4KW48Rp?UUCawP%4p4vcAT;<@VHPU92Ac5j
zcXz$%A)@B9!O~%mpsDkQf4@rk?H;t$#jfcKptl9&EEjpjh|efyhVbbo{rg=!M%GD#
zTJ?McU^(}Vt6FtK2}oSI9CU=B1WcMue_zQG5<c*5$dQI@*^@daldb5BoqHxXK+;V%
zt&i;wM6RW2<a1aSyj~A-IQU%1p3e_xl#MC|skqpVhOXzS*d1CP+fhSs!3suRKeRo1
zy`iJ)bu0u)?uaKC(GlF>13gv5L`c=BO5;_%0N^m%6D^+!0bcbZA;5lp90K3ee_srN
z2R_a&Dps^Xv4MF>zv=l3X9`+ISxXpgX&HcjPI3oz2d`=iZt=#hDmy>11l!RxNCBsx
zS%T|D;FT0mNfiuOA70f9!ypB;ePR`O)sF`P=Y``y_@Uy(K=?#(3a@uZ9RQp?N`%9N
zkTz=bvr@nEN!!u4vDFXp?%9}pe>~4vk<BITqk^SHTX~1E^6S6KSf!ECG91JQrWx5b
zP0~({5|NQA&Q=BOnkc_(qWmX+O5vml&TqXS%RQ!LV8vMu=e__CtInfcux9~6+D7Fj
zz@wq9Uon-8a`k9>RkAI(+>sjAv_s=v&sF_eiIY~4t46hwCa0G1d6*fJe*{u6tdP)A
za7Ypk9Un--mmN<e;mGlUB)sH!4}I;j?W5Xg!~psO|9EyxDn?9@=y6NMD-(ptnnskf
zr)juR;~GDvn71buqaP}TCm89MfVO;=mmgM&`qxU`M{Np+det<@KlF%J-18&kr=P=y
zUl8qnM{_Nn*yZKi{d2DL3>%Ei)SsvS1Fl!2;g^xC0TYwFD+&WOH8zvUD?@)t%Ogh&
zz57@6Ibf%@-oP~2Zaa|MB!(P@oU%d41TvTT`%y`?NLAHsXCX}c>rJK7^7N#RI_d7q
z;jd1?e}gvNIGgVCFNYt#>i!H@RrmR~!}WRS9XvX!`80OVpS!OgrqjB6{`&E3AB#Sl
z>oT0xupG@<Ib)WiJL~%bhX;RNq8sCacdz~g?;5y{@4^Lm3Ew%&%X$Rq^uE>pvT|Io
zGc(*A&a@;QmGSFXc(7mW*-Q&5pf#x$R{;q_q1lYD+W4@t%M?}e?*;KBm$ady(aVp|
zZx8q9;X})6!!Vy*VKt+?*4JzuwxOtmKgIns>!!z6T;A_JX$Z$?BOzvmOyIObUGc=<
zbQZTmVh3**zm`?YaSjWsb8?n{lB|S3L36f-SbobK7UIWnduSC6qV&>(K(ILq@Y4Gw
zh0dmdZ9hth$-=em;L6IiWf6c@p?E>V23M!o*i*RwU=hFn=n*_Icav`|BY)BBckwQs
z{O<JZ1z-G4*k_NSzUj-L0Pb!|`r(2s=^)^IfQ?xM%a@pMWK2}*!81DLC`k7*f_v~m
zv`frLN_~U`P&vrW`xTpy&Wl!L_#{(|9E!=olL3X>OVaFBY?Eu9Dji#(l}O7YDCH=L
zU51nBwhH)2#}p(+yNUh?hJQwFdFUDq7q5U~=C&Mdiq0HtwutMnAj1Gkpo9RZvA_e=
zmi``-L<$n-cf$0__F-!|(A^x|%OiMAiCAa!Uf%ea*-D&!H=6!r3rE(OrdYPXIy(AG
zSssBbxP`I&-<W$~gE4|QON4;Pl)EYWq74#WF??Y85dKVt3wF*a#(%3xx;cakxVD+?
zjluw4w_a^DYYxk8sM&V1fRmS=hNm#zHZ#<PkT&yjoXDiRZq@2E6mIS98|dz4k2kF{
zEO+W2bQ|(=NC0SK5=X1|Dq$iTaGyQ&Q-7MvSnOk%Tb>6gAP6ioMpMKY7Pb2tz5$AG
zj?w$y!f}vmJPJKnIDZD8aK2`TaxIVY5ow$eiUp=tfFsmDf<@f|C$?C0a7$<e%@?53
zj~b{-K?Cn08?@fwuvJ0h>Xhs0u%0%X3l4>GEB=#<wiDh=ezpZ;thvz0_0mBzuG3GS
z4hksHmvHO5Zw{(EYPkKW)7WC*$sgVKl_ia}kPXe9`C4aUoPWpSnt`Uq<X0p*Vo(&B
zQz;fm5io8RP%p?~i;o8%hx+&e1Z<xuvo~d=%n?e1ERu^qfjpx({BAt)1MNNYQx}Cu
zcEcNJgYeM3Dd4fMnsybax~oqPiIg|s_t5qDOGrP7iFy(WEB34rdbd0g<io~B*+}7C
z$4PmJ1uDLd1Aj)QDU5T*LOUhHk;=`8(6*@0EI}!&*05G&vM+;!Sm7l-A@j2C;>sot
zYw)hm+&ot`g)u2IJCeyEWQf3sR@$?YgP6vMLbT_53p7Y$P5VN>f^U$ondh=GSpX^N
zJ|{46Tx4!;^PAo7cAkJWwrop56p|0kcJ+K*-P8*I?tjaiFF;GIZh8|9fFA=8ur+2t
zOjyH%!Sna_8>4(9dpuLIIJ9Bz3C8Ch+>a^XDJ3SCvjTA2ST#MF74s}*t-9MPRR~>d
zK*LE@WQ2R|S8hj9k&s$(dKGhaGvtvMMy)fO5)BdEbh51r6EErHlhJw{;Mb0(cktT}
z(_n;!p?~%Tq_v%Pu?A=#JfM;CbXg++cmv@@!1!IC>9NA@dY;FFA~pN&!JCzgP@ddo
zy2<(F23ZhU$umwgnc{@^2F>nazt~^~ZcRd7cH`yx*$TZ*^N*^X1B2bY9MUtker|0C
z|Gv|dsZ%)=vKZ^Uyz%ORN?>&kI21S#i&@sxR)2$1<XDe((<fb2j&UA>aSnO(!=4cp
zgR!?5Cp?uKgC0ovS;XVSncAA`Od239lbj<I{ZrMcibggDIVsv0MzJ!qUpLUJcADDo
zNh11wX*5E?tR$XwBp6|q)1@>*15J~0Qmn{=i;d9~up|ah#8aFRXD(JusM@KVfMjC?
zX@BE{26$lVuw!b-QQ>Ct+E7BR%VAiw^`U)Z{B5Xbz2RC(BwS?4!%Ihw_S84i6L(Wp
zE5UTwjofun72R(TteZ|#xoT`~8<Pq#5Mr%8p8-gmV=AwihNUkgug0+2^Ylcf*;q#;
zUZX4B2-(tf)Rv_oX?~wWl}nG-A6jYvsDIf@qw9Nz8d>X)n<2qSKI2?8%50?h#!z;D
zzMt~}H(C>JB2A(v76XX{WJ*}Sh?0`yr{+f@krDey`=vV4Cf)nPo)<Np;dU0&LU>j&
zU5LY7$Lhv+r^xkv4Ao?R4QIgf-RkQ<mP0pj@<|%8@tOEA<u(%Z|0cIF7C1=ssei9e
z5k;xOKYrEi8Ye<>n8Z~nzIZ5>`t!g1uC?zyRey)8XMQ16P&DK5$oFM+o8;%2#y335
z5rk#@AhX>!h~@urr(k*;0Vj0|8V3qmU%hIYCNA)M3quZnQEv_uNva(y7-L`Q>5w7T
zT<m10hy(FUIi_t{;fxN6jMiG=tz+^-tq+Px6s@r;slI+qFVgS6*J#I4CEM-Jq|yw2
zFuyser2k>U)m&i8^Q}E7CcfpuBX6Ve_LuV6oNQB}OG;{nG4EgmrG8&PHA%Vv?B>=Y
zZD;j0I?X+jsvo+)0e(7OESHh10TYw>GYkPZlLa(Bm-b2lEPn`{KmvgfVh9m%&@@Sh
z1j%9+5RhRT2nY%Y0Y!wUfPjdI3?_;@uE;C`Gs6>~qoU|cWO(x!7f6c#xwpEL4xr<x
zv%K&7r|IshTX#A4tiN-rn#TGj4>F>~h#*&4wY%=k*46b0p?46%_OdyR%Fy7-SK#=M
z@K!78W>(Lgn}1f05P@^__{`b!D%7<l{Se~UAT*e-^tj9a`^&LI5E`})t`Dk&hDNnU
z2j_3Xd0b_6<DJ_gKCglE4w!Gs?AkK-th$S{5V~<RT;E^qzO#<w*79(E5zdtwceSVK
z<@y4IMmP`}{$X8hL*q2G<O)Lbzoysg>OFN87x>c%Eq@3`NT`H13@`d;ghP>@bA%T}
zouroyMw8iMwb=t4&cLAHkkGL3h{z}<Iwm$QzE48m#D4vg1|+AX-jJ3)Fk{f*A(=ym
z4Zm^3NLN<&sL?sOW5(u<8=pU+U}E7-MU#prqyIyHI0LnzWAJ(z?L}MhE;y@z<~yLJ
zl{<)*qkkr7c@-bStGEHswhLWAC!l9DI!5;L2#-VQ(2CG$fkPK@F**cuWMT)-)QLRe
z3;08P5#Pq2<Bx;*8~EdVDc^w8$s<CEunXRq<TcKY-a=8R4S#?d(6i)ol1`5Bqj@v>
zfE*`#(I>D9$Q#yJi*}#|K#K#{qD9;St_WJ*5Py!NE%2&^>&Njnd;+L@7B54m(EWtx
z#-eTb6zuC5`VuW8#oQv$%XF>+=zjy|Iu7HvpavcZr?8Avu0ON^^|00q_8CD22&dTV
z0$Kzs7o#0wo9NKR!YY(wyYQ>HL)?H`(FyW1atC=2FXv<V-TYXzR^tFEMQdU1Ep&`n
zfq&=0-sx)rot>M@m*TzXbG}qJ1Ll5>?g-XA#1+AgD$o&l&lRn(r(t+GSp}5Rs}bn9
zZXBNi<6#EfLfADzwIl=0f};g!KRSp8kWFYU%*6I94i>(Ikz4r>Vb5#vJ=~Y*I2nx+
zQ3Zb<c#XhhHX-zkP84{;VU(m;4{-5$<$niUH%(FAoEkkK>8ex3s#6Z2!ULvxO52qy
zg;V%2Vd?=P`~ZoU4)F1@AAZ}#4+kWTFPx$r=*k)Goi(R)G_*~c0*CYrnxQ>sG`mI@
zJs`xxzr4}|N?E0HxApGWp?6z7Lk9rcP=&gQuMl>CH`1X{myy4W#LHL`7I8dEIe&Vx
z;|63s*>SQXHNX~ai;uQNSMaE_frNE_qHfZezy52zm<aa&7Wjf;!YO1xNiK)f!ac#G
zC9<d^;ldC-4oAGv+S!o?|877j!_UG&>cK)2#?u4RVbXM4EPTek^)~n4Z@=9Y^R{rR
zYb#fNsXzBdS0<(Jjw>JYO(0_f3V%Z5TmfRc9km<V>}!JccFRq~?#u~>$uCkm&tB}X
zo=<hfjtp6V7Kn><i=;*RMe-uU0^=gnBJ(24BI_dC0()!7g%BH_j$=fpBQQN}P{zPM
z32De?MX@pTlWW+x@9~xm`}S?PfbHt}3;(131>496=iYkj+-GmT@%dKuO@FmR{X%^M
zG%^5matJkeRDzJ0!IvT<{<AAjm@Eo<S<g?F^<=Vakh#g2GZ<virjvAnjTa<I$Jq#H
zgx)rAo7u9!5s{!54U*9y>m^Nj3_4`8o*aKbE*^itR(#9&19timKtBw{w@hh=WnDw2
z;_(NJ(7{BTty=SymxfGzCx0lDa=IfeEhsY;v_fYUzR+1E?_22k)()q}VAmCa3*-WY
z7&$}E<MM=D*(Kk?-6Bku3*{QFMyQbIaf`Tl!XlxWdw{!N*eD<2jtIZv-XOmgA_PuP
zMBX6Cl0gq&Mkg0S0{KuOObXLG3{GP_ipQ~B0*U71g%~kL7cV8~<A3C6L##2A4B`h#
znZ{IeE;p9s@-9AGaEUIROB$^oEsr+1%r0{YD#0aOA%BxlBo^rkrAhi?d9tAlm17S#
zi+K21!Ypx?u14=R%rw@Tn@|&;$1Nmx@(YFe;v#XrZjtUzX`X(Oet|s4u+Z4dtrXUp
zH>1sXBe#KU<sTI87k}^9Js`PKHW{~@cYzPu!R;WA^N$OA#67ylr5(m6&A;THBG2>B
z32pip%}2Rc$vgbp!o2AS)He*%e>m2FV@ujT{p9qgpR}p(o&KM{p5{wCH<4NNeYurv
z>YN37Ol{-<*ocH|DB0yiE&3(6#VT=D83`e#G!(Aq?M#zxnSbyH@`J<FgQWprC)k#*
zP~D7<k7nPA7;m_UGjNppp?XZs#@q2hyh*K83stv}a(ONe#>qGd2klZftBcj2tKgHo
zcC-lW$brI8ohuGGv3`ZLQgH6ULc0+^7u;@dGp-2_b8?bXLgP8RB`2JbbJS+f)Qsz_
z^*p>To`;51SAXKjh`NZ@h~Gq9h!94ik$5CG(m66rNYbT9Df%S27S-ZfuGU!_rk{QX
z?7$fviNV+gJIy$j?IAr4>5_45jHu%mbsjVxe`eMjGs=E*yLu5!E3xw<tZU<TuH4dY
z=5C$#!W#nz?(dg`hhQ0OZj}1|(aneUZ=-fsd*x&D27l}+0iAOVHyJszVNz72q~~<<
zq^PLKY}pVQ#XHdoyoz_MaIOk&xAE=qZMHRiBV|KWm<|<%NoJkoh{@?|?K}!j?kwz#
z@t(O7^>62`e>-pYnUMJlTTrHseNK%zh!Q|9uIg|(+z@U|h7Bhfl8nRj!{lLxVMc?3
z6dcF(m4Evh`URvoQk?w)`$qPSN>mb~;}TZLD-0`)D@=CkIXF&~MFTMs6EPDDv62uH
zO2SAuAE8f3NgSDYTjHX`#fj?@TN5uN27}7oft`$L;JTu4Bz8K)*qA;E8H~5!$WlP?
z83PBUrv;ML1-qxMS~X+i$fG;I`opwWXIH%LUVpmA^SJBr`~Uc>ibMR!{eAlu7rXMJ
z&HWx&we@gp><bwgQ*Rny7;lMdS-NdsBm*+2;mXHC0z~T&G{_Zddf2>QZn5Eq(SE)q
zXuWMss4m2WQXSS%>fOB#n7ZIE&!--;ghhpMRPM=Mc}M#TKRPW?NT@is^a@fhU@JyT
z&wo|S`r;Sr6Y6}t0#91;g)rmPZMUj#sDDsTt8d(T+ljGbLC0s}O1ymxqsvOMC)kpR
zo^d7cHbE4K4V)<b;t5>mY#5_#!s92A2;LM40@hhi9%XK^Bkj6A5oB5@QJKy_q#qf>
zj}fMkg=87giAcvuyk2x-2Nw!ntsm-x`+snWe4-F9D$)>?j?=l}{BU8gI2PsL94?Q~
z6UK;BQHfZ=Rq<8Ad^88o;pXx4geGyZbU)fGCW0WNak?Hn2RE+k^%M9s{;zkt-Vjb*
z4&pz*)L)CI{Aw0Y!BdDWJlBGjNG<#mvVipvRlNcA<k6#aKaA(82cuX-jdnte)_>k_
zkpo?!G>URxca9KF?NxL4c742;@vj_z0PcJl#C+Rfw3XvA;;m=iVWB>iPEpQ<b$!Au
z+d=z+_u$8Y4uqp^t^@$_BsknA@W>_ze75yr+eTBXV?7VZ7FlHu%i%#*B1Tv{#~*M)
zU<#yx$-x2>p@9kT#7i$Re*$8l%74-=3E>NTAl%Aq3%k-L^Cd!wZazO>m=o3<q66F;
z!iNF?3U5Sn#HP@Ou*UGEXhq1<(4}EZ!*`?IVK!iCJP@8S2n`+qCeVjEmW&Z#7ChJp
z$PmEx%bocR_?~q4gvVCgcH++YC#QUd9XYpzs2BI{-8&brA6mURZ|<h-QGf5;koMUt
zKigRsq5hfq&1UeMYhnKsf5Za*XtkqO<9doe!Yz>`+!=Ni{=hMu&1z3iv)im(FJQ5H
z>q8I0zlR>WjP>eQmoKYdVZBhO9#`Li_i<2$bUYBJx2g^53bk1UQt>=IAKyb|@FB=x
z8t8+JTrOueY2~?AVTlg4>VKsuF`S?%Y@k@dQVe{?6c=<H?d<UK_$1>oaP^RdSa@#w
z;AoqW5uZ*KM8)IO2e9XDJg#%cUcO;$+t^E|_Od-Mfju|Fo`X>wn&OJpMTOuMD5O>1
z$+x0afl;m2^?_^Rb>ZRB0g)&sCfpPj4?KYF`?&Ba^_^Or2s|3{N`L4}VK0Th6!A*r
z(J0+s`w{!+b}}7LAI#jAJpi0S49XaYyfH4O4`#kh^Ku{NZyo>U3Cqxfv;U}G#@3H8
z!8Y|N^^^Rqc*M%>+gHLnsx7V$Heq|o&#>jspW;Bq!0qZSk=*8IA9?t>=N^9KS-L04
zq4^!aLk^kH5?2H^5q}dR#FUMQLDwo^vP6%KG71+Z-e|U-p)iX9D`2USs_x0*M?2DN
zRCCXs1Y~9RIuZUYP~W$x()Kf;erPP3imK3DbT`rk;{M<%`jbJp08cbdG?m~A+=S<o
z<=6zus>jhJ-Inf*rRX<<h$@HG4E5Bhx4Lc>;yXVk$2-$^tADMy^i^iB+dv-WKzjtb
z)fLN!>TD~l5uvR*N2_&}iEBkmOlx#IB7?%Q48B3Oijme%OpVWHdseyuuYOpmet;cX
zkDjN(V$wQqRgY@oV*Z1g4RSiDD0)H*HK_MVNLOppl%z{IPCcpq<<?g#r@eIh6K}u$
z#7z$uQwMXO#ebrn|I`1de^ZoWH>4iky7h2eA4Wg;GrR%lCn)(D^dv`90-pK^Yq1Z>
zGIdSGE>o)D5(<S<VXd%T5NU=0nE~Vk;1*#X5Tq^w;(ZL7=ISHb^}!Y-M(CWz<_Lwf
zg&hg8>X6MMNn)W*vJ{2~OQE^3Ec58>?9jZ<@Zo1KGJiqRu<i;-jVp|+i(41h3a=OA
zK8U*#r-ztD_aEp4!Dve8e~|8E7x~1TmzF;HLVJDF+FkASbMM*J-ahicy!nrlRd>z#
z+eckL<F-A#^@SZ>&D^#}9(?i9u4cY;|I8V8A!b|8swMmm*n<^3>Ihd@Xge}H+6Af2
zyaqo{j(<eh?1nKxJd(KF2ugaI=2<{aN2$nCUHa0<#gVO%e~jeu^!RRyz;ZZ10@!CZ
zAT!+1-ahoH1@E9MSKe9h6gT9t`|f*;zIS)+7v;U>ZuN-zHN1|v@t=>KJ9iA;8hr~u
z*9HK6GKxn>z~e_5g7jvzCrE5J+msbi&xW_h0)K=GGNK?7Y|=}HC?Yv>`T(u(oCI=h
z47wgYd$AJ~>vie`GHsdE57eYaq(-Jjr7Ee>sWBrHToJBFSCmU}MZ01OBMKu6qY9P6
z=)#!7gt~;~5zUd!QO!zo^zxW>39Shi5+Z#=eS>@hN+V07N|n;+y2!eyI;AdpapdBt
z#ed4;=-}yo8QzU}uq`%&x|u!{97X$whd}Oy5B4poeW1OqZRC-a`;K*8#@u6@OAi-&
zUYPd37r69_1v45>A4<&cTC%so{qiHvzhqyuIyrf7LP96iN5ItN9PlaxjdX<p&Rofx
zSD04H6lVstQGjGOp|Oq}07z$j0LiLeq<^q7)n%}RS;H2GtqW@n6TCplM=%3QF<ziV
z&J{dV`1I?qKVA4x!GxXDyVT#|0a%>;2%oX9fB%n<AOE<2|GjZ>ptNRe$3tV8y$uFI
z{#Dq90?-gwh*^*<WDm08BT}<$0CWu6Wwo1g9oEj_N8w+ZH`~x0TxROQC!H+kg}nt-
zo6Gh-+@OVGg%&N+;vPas2=3P6?!{e-ds=9rcuSz6P@LlK?hZwY6{kpxyX%+Ud+z<;
z!}+cCWv#3X&%5{RnP<x+WZp?Cyr|_NKb|1!bL^XSh!7dK3NqTs>*icN8Vr3fGp0S^
zQCY<HqwLzS$c>XG%|wQhoA%9*kFNuEI#&!b$zolFQ=icPZjXv=<%Be0Iz$*R1ofJ=
zNerO7J&lTQn&6cc6!0}UD91C<Gp;`FTG66qsTMN@Ups4<DlBzKfv#<H-~+P858{?{
zc%mJ=epe+a56$u2W-R3I=Kr?5w%8Ahx?qk1JL&F?%<!){Y2Gq!c{%K*cDnWnsXo0{
zrWLvF9*bRASt+{m{${A!if-g{bzJVBGj|4L#r|{{#{S?e((BD{7Ns`G=boM}@rIA?
z_mZWibE+Terjya3t?OA|J%k^{D4EC6H_}o0dAXlWA*fGYh^DR}YwhSJke##|5sz9d
z^-JEBuW`g+DvG<RQ0oO932?l6Hgfoe|1Eo~dW{5qs?Cnly)4g<J^@^rJ>R?-tABWj
zp5B}4z_tN|SynM5bhyZl9U3&$Es}5@&czv47YZ@P*Gu%=Jip$5=8gkDq<B<3-|jMV
z4?Ol5&zn=xX<JJd%_3;aBQr9qnxGKZ+-%0Q2P2||V)e;-!?*KH^_Sj7q;^Xgtd7f<
zX8IiSsq^I){lXhWSHCPG#@UhM)$d}9j29*wmYNJ{n@?|K4eL#=@$Y{`Pj$uE3+o;i
z<x=B5aFMzf{e&G&OYf;JT)e;Ly$Zr;aaGP9mvFWH>0*XR8ekv%oyz7B?#r_ZlALrA
zc9IIEaPr^HnOMG062#W`etKV=ANaj{5gjs2P4r;LoM9&tiVkqnYaw;F-0Jw&9o2ZU
z^ucBnG>ZI|d{%KefwZdf2YO7$#$w1n(tKRJu%xR8;#;1e%9>b-f(yjJR^qnL^A!}-
zKoVctu`iagfZ;!znrki;z(XTb6&&69x>GSN4+E3O!qI+7hhk|3eWLu)z(|*pyBE;c
zrf%`^zUHUPCr^IC8Xxr>KfX{1sugb&v%y2MN5n9>^47v;4NNEs<K?JovA?>0A#sx%
z4mV+tVt)N=BT(Krtr`A98Ty`<0gss1Ew_tfY00&MGU^o;>ni)Z&vmsDNw4^HIcM36
z#tZozpAv==t`i`PH;m|u*8`LTvM(e22H{Ls@>gMgoPP97ip}T;2KTS{6E^7b@f_Rz
zw8?Qao3|9Qk6SfoXNyXcXkD9k>ckIW(7+qcrRPs+8@3eoT(IG;XxGoayqD6mCMkyn
z8fE4_3wa73u^H#1y-8IG{lziISJ8~%Fr92PtJR%FlgrR@4zE3)B~VI#u-@A9r6*KU
zo@D`h&-j`A%41e^i^Vi^mK3(tbb~Ll2WJK*1#2<Z4t8vx`^Xd?=b&kSWDCerVg00_
znDdaE?!g(8NmI=eIA?c$4_iQ7iNx$%$j@)Hq%NZH<`UgmP9Y|m4@NN}AByDYb%evR
zVoRY-VNRXZO?fw4#KzOQFHQ^{Eg%;lpl$NnOZWL3uJSXq+eZRzI66zJMHp$XHLZp`
z)G{hI3@;@7bDNa7OP+B`Q<QR7x6&H>)M~o<?R1*@!8)4m!BL+gB#z$4m;SJ?s-%eS
ziASgaI<aa8R#@Kxpjh{VTZ<&W4jK#EI4t_K<TY#;)$5&9R$GbA9UW}W65xKVa>`J_
zrHjqJ;x5^-Zh2kb!W7~4hF$soxNTutS@PTOdUk84d6gpGNqU>224La$17m?VY%b|7
zy)QG$40qT&df{P0fmBcNV%1mu90Naa*01EIvQ|IfT~+(M(QnxH%%rp-)b8OkH@P8s
zjQ#Z27%DW>+)w4RWqpi3MfN;V_|l+`%cJ)VmzI+yJzYIh$N$R{CzXLPZ+>X3`QExj
z9#}5LhFsn*Cslu$-x4lS6<^r@$sp#rs9y5RO!qNXgHSMhT*ta-(UKS{D#`Nrx%*eO
z+9m@o=zz5A9@>r)2<i0bSLmUe>sNtwrR8VK&kk{mJ{Mrj=@&K6luR^yUT_Tf?ia2+
z8DF>lYHQ7NPvy%w&ozHhk=pp=n6}2xF$+O>aufG4Spkv@DCkcpazY<BL7fahMo6jv
zR{)eJw0HvWllf4RJlty^H@;sK6`$LQ`?hy}gLE5NC6b)QiTE%vS07O?4C{Yc1J`MK
zMK54By$sB!t&ZEnaFUMCHhy{5vR;_}0Y4c)|7MGncGQFbb;FlHUd|&6gRQ-=lv9L=
zd%VwJC~wK${A#iHdJL|Qo48@IBYy<E{=w~p6`}qcxFv;(>r(aQ2EBFpkZyaCkKktc
z!bU+MN7+J`E68gDgG+UdJI<L-J{KT#q~;jsTwL*HhQa<5&Fa>eq$}3mpuaqt^0g~`
zuQM)ltR{>DTYeth$m_vW!OU|S5`s;m(QBpC$F*WjOWb>DV~1+p4+0}GH~p%T!f#zC
z19naxzzv-$!lMS+u3k-c7Wo_4PhM7Vr8|z#JrxSXW1+3A`5qW4)y&*MA#<{#kCml=
z@^yz|YnH6qYA*+89i3iM)wrJAev4{aw9F~F5#HS7Ee};HNd|aXY1WVZEG}O`xZJL&
zP9JslP8Jp?DF^w5EUAKTUN^<d*laU}oO0d&2DeX<B`IpaC`h@-JxMgP_*C7{=ef9s
zxI$|Wnp||r?hU~i`7HkJC|c0HzOvM$VdkhVhmWoTTjFnor02z-(Nd8hheP_wQQw-~
zUwlf7@na+mW9NILCufb-+?BUo?b=Vm!P(PGQ6Ul6&63K~?I-Jb8p_l<d#dY_%6uBy
zCf#t!=S{g^s#Jvi;q}v1Ui)EjqQ-&Y$)cf7#=wAQ@tsx%J=3zDv-Ot03Ea2dHaN}u
z9ezK%vM^Lw#8#dQ$aJ3C;Lv_|(T}XohbL(2`X4G*?tJbi<?8SrqU~BH<+7b$5Lh0?
z+<<O4Nofs*2)R(!b5D>(x^@PW(;uBY2E2i9lYXCPuHyXpzG?2j&sr*lh=HQ}y+?fv
zLN0ukthKomqcF%Kc7wI+e60QJHR-9{w(M)009Nx4aht6JP!OqYC1;<+LC@f)NI_3W
z`>Cm{Jml=9W1Wru2sfbxO~a;kQc`o>=1WT|&*em`!G`m$&%AIgQ8m%%_kIGo3y0kB
zc{K?7EJmvkjX;LIlap`K+6K3y^fR4;lE+(*9Xg+oR^vYF{%KEH^|58QEBZ~%l9v>|
zhnFmO(6L_LNfv<s9lAO~7{5&2`=bGWLDrU<I>EB-N~Jc4;LJ)gmn-BxPm3kpw_lL!
zhe;fPRD+f39;NYKrORu*p4RRwDkd!_@OzZC6&>l!_Lv`Esd~%n(*{LcPOSoZf3AF(
z^VoV<6hu_P)`ub9&O*l>rpn<}X&0-sbObT~=zvA>G<?cZoD}iRTH>hRK2XfELY%xG
zLUE*JPL$AlXxaWSf66@en5dEAffJ98zb7_hur8hmkz_PQ0Ibis>e!yLF{8s}5AO89
zwv9~O=Fx}&(MP&aA5+}epch)|1+49{%*wG3UW^`%uIRdy+mzY_^%A^N;-<vNXtgiF
zFk!Y@EtL4M1>}!N`=#<6Ev)_3mo|2Z^f7H(?rw^u2%M~dUjd|@5ONh2EM#9cuH=e%
zuz1(gtQW3XjN_l)8T{z1y$7pn@VteW9m5XD)staEOJ$EU6898m&DDCya2c1(4MW|^
zZ!EpbOv+y6dFOo{)_TKUqfpytV8L3+`C$jVV59qPXM!8b0WAU*f{M$8Qk{4z$gAV4
zbv(#D$Z4UXj<A=PmD}huj}x(%;$L=MzrxBnl^a;1s7`yiY)EDKn=D&4za0#x(>(um
z#c8Jf=nylBs@J|y25khdxvv|<@t8ozmSSxe)S~uQwslS?>{GRkO2*=PTPO**V!xDa
zqf3d19c{Q}{)f%sajAL;p&&KKxQi=%#r#sRN8ZiNA!8V4E$h@(>2kbGe=A2i-y%fk
zyZrl61-q%Fn@aoLLV>dv!+quOEd;|C)p{VzHQ3VJswH(-Lp!fna@MKq@U35^;<ePZ
zhC{pAD;9!wGtZproEd9r(%lx`#Y*-3Aj9+c1%MDR)miT=-L_14lkkt)uJ5E(FpQ~f
zv%tvoM;qFh&qoX<Hh;J3ms0-FoX5R<+(yhY)63kHpgq|r99NRIy=@Q%uU_hWd_LaV
z=ZVfo{`KA~W8SG3?(ZIG*~gx|uc2^&gv*+9iG{fNh=X+T&I$Bd%yHgMo(#-Yb@#E!
z>PkINix$)w%2s6#C#?VSZcvMvQ}N#T!+0$nQyYtSU5q=M=oTc-VHYze=-4Ns+yXQ#
z1swV_pCtn7s}^g!-xSTI^1`Qui$U5YFPHCkr%G21hkYV?<D<b4sP6YWM=S8KzB-+e
zqk<0ap?Zh`kis7QzQw~)5zGb-oX4PdrEM=<?okuDKU$C$1fWapGI6{6yP@S9uD9jJ
zJb(W7rbj=zYFQi5jl<Gm!7wuna-M!P5K32oI1*7~R`(~Sa{k#7#V8Hm5IJVtI+zbi
z#%idv1)YwIOvcabS+?aRo7sCvDq+-Tw4rH+6z{DwyI%Cj1w+Z-xL{p$dmqT@&kSep
z2zX!`!aOF`4V_*edG2E2(}mRPH?RLN-08~Tq2m^sE)?*$P~HyE=h)MVCN}igy@uT2
z$hT}+CKkK_f6H7igoMLeZ?*Kd^v(6OskMK&FFNR9(AHPmm2i71Te%LpN^j6ncYeVy
zk*Om1KFrK`uSkIF3vK4%;KEc|D87Mg7VUlWMeZ=J-wM<n_#=_4U2AzYxO1jT*tJ>r
zy|eD0XL|7_Kl5>p<5xC_+9lQBBYjoh+LtN!xiiMveicHk$?f(HE`Zx36n49(2ES?V
zR~7p$zK0VkmW^L)@P^ommoBZdK_>dskFU<&_X%WmPm<My#~q7<<PJr0@7Yp6E+Ivu
zPy3-tg2|Cr8y3`k(tOc(W43|4NGPHzN~GitdBffyrsa9_LOA1w;I#c!thPEGX)|`I
zYBY_@JB0*CNh~DiHe6h`herGv`Myr9f3-yf$4cn5VdOo9_?{ixOmFw*Wy)1gi_zcu
z7tUriLP;+_a0I_3W;#YbYNv}~{Yq(l)oZeE73;?PnQhLJrSq!+ChO|+cNE{BwVSph
zf`P@F!}SsT7X+Yu_7uUf+7E(bt3RK6dNx&?Ktr<w97Na79({t72@V6by`nvh>6huF
zAoOP*A!+v-{E85H-dVvsualaNY9`K!6{FGZ17?pt74HXZtfW}mQ5|cH_B$;ZFI&|b
z8t!b*82@NR?K7+^PTxYCQnc}k+*%c}I@Nb$nX!1d$L&=iwS;+p?+Lf+tLboxD6ENB
zv5`quIWM>aPrjPMk&Kmsw@%~DIg_PclEROR=K4FgA1k>hEnSR44>8viAf6uz`C3-R
z(lmx7ah^@hdXzjRFo|&itGC-|_hPunDoxKE^SwAz<g4@G>RC-=j3wftx=pG@Yti1e
zK#bIO;KyRK9yRfuQ8MF-OLOV#aN)+FaS|BC$fa`p3i-YP_oQ?m({ksxpSM8v(3m?w
zu$zg_V!g|0s2@7_?J18A<{zaY4{dU}+T%(lO59Dt+Y1U_?yiRZY7Frf76{fEinh~s
zU+hTns!Q@Ya+;p88Gn1Fb+|etBu_0U(qqelJ=W~<KuQpl*2)#`C5l0TAb42+9?jf?
zFlN1K%kxwTp5+q&QFJ98>o?`}4jm^Zb!-j$+W)EA(RQjvw*sCQ#qX&^ebSq<zX`v(
zN4x#{*rUa#(!P-eDJ?rWYGPh;2p|qT4mRHU45bqu-f?rT`yqZ3@dmZ4zsy2?^T48C
z$~Q#dDo8X>^7aZRV0#vJ6;`aoDl?LR=QG0h;WJkuyxBXP+ebIrp{!u&Q|qz(*f|A8
zqg1|g8TnxJhgS3iFkz17%Qc7ho5+_fWD}(c&vDXL9fX+$VIf>%JMG6KtaTz~&j`mX
zdNgMZXVK<_ym_iMsx^$dF%N!-p*fR>cFHpVRMy3WzQoF@AJf=;3Wx$LH)AYF>g@$}
zv~n0k!$0SBgR)`wxI4o4UQdomcaKRg!UP!)j=$bWXfQ90d?jogQu9-)ayb;UDh#O=
zUUPll&RXpIS&sHAout6R%CEu<|6&8Qq)d<8poniAWh_C4M5YFT=EB}phaBNEF9Y#(
zgrXTp^Pf`ecW&IvjF!-HUR4#)%g7&fn%vAL!H3I8g<l!h4bpB35Q?vTXH9F?<`OET
zeZVqrG4|;Jv*bhNWw5k{l_2Urf*OWtjy$>phtuev2iL0Se+4XfCpw3T;J+Tx+Oxuc
zO>vnnpbc`t>R~@pWsiNWm7S~EERN@-3F#;zo8+fe#KR*L>v%{!FIyT+A{%S;A~P!M
zH&+GR==pP{@3OOj@yYHb`T{8+^wAwrGh~y{cj{HGz6@{hwLrB4xFp~hoyL6SLUw#1
zCuQ!Ut6&M5Z|s%f|NEw$bB3l7{{6u*zLVnhBdT4-eO1}X#@orWGi@iinTiuK&iY>y
zd>rpLUFB2*eD{jF{f7h!gZ*VvUmyeD0%s-QZF&rs?N!%<q=!B>iVPub4(R7ci$p<u
zF&mpxgBf!}Lb=SkxzFZFlO8&dcrU0c`F*%ORKCjJFd3ZB44BRnNr(I#KbyELDXJ=R
zt@JUvM#Fx2xm~aP^SHi_R52lfwq?8qOB4t>J*|$*YgU8jH|5{3B`^JA-_2z#fLMyb
zNx{>P9T(ktt^!pjIfSC4$WzJ`w8Xzyx5YeM)zf8ifsF2~x`$|4rePW-_G?+QSB_6r
zpcP9V9cZ#2iCpy0Qso`!R(gKhHJaW)-86m)8(kpa3-rvn6r1F1mhuHId9nLrtuvfG
zeIM4ad_X(qZ#M}t4){vqw)>=>xng7-e!7t$v<BwvQK(?L&FopHI|zKdb~J#ywQwCz
z8k75goXeSjpiG`iQ!dU0)<cVlbR+RZI3rem2DCaX7QEq)mFlg)5G5yk%H_>e#NZht
z;9dWMwuP?12gjp5rE6v{D7&8PNl;7GyZp5)J8h;@tT}X(lhL34mg?de2BlAP;L;P-
zKah*0=b<c#;!9`}=@{k&gpVZJ5XUUDgR*weS|t$m&{lxR12yRL2oHTt^@W|FGi#3_
zxo$UM2&Gd?2Ce^En(R1z&2885CNvK#O4QS4-;h&q`~k9FWO;tWr`h{BVb$QBKzh|p
zRGlHWaOK9s5SOhR=<V}<!?%s8aH?0<1?;JW&ov`PTC?POEhDM~4wijQ=baPMUauKI
z8hfj{2j4+57QdOsUcYaZ$S_I}xbmZv65f-($?ekwD9dsW&r1K;>^Ia|nYq2XLASv1
z--9+DkQ;LyiY+w7S?DS8;++W+I;Q}lT~=`)(HuhBHrJ3X=rMGVsCFzW_))Bb50PLx
zCdqp)AF2-0_sl}S7?09hyrcQ$!54kcKJB=qDN2S1U=pkPl5Xd4uH_|~Ym><qHEy~#
z4;;F%?8aX9Ko6iji1S2u^%Y!ig5;s05x&0Dz2~dgXWLhnbN&Yc-emLbqP@Fg!fe%j
zKS4h+#kr{@Le-r&B=JKt;n76JyH+YMBwsO6aNv!N2n6J@Mz7$)E?!|FZP*$GI}{nA
z4;Ys;3_~^2Q*2ql;|V(*;V%f6BI~;M3FZK!#fr4?Me%BDocd9u%esci+}cjvzRLMS
zc|*xv%K69HubwHbJg*m7^P#BDHLHDPkm`eN^!$2WJbh`Qoc!Sy2(?wDTB?6lYLkL9
z4!z)=E?bCqLO)LSj<#_ZeWgGT<o%_1+k=;^sySoslJNk(&9nQBM5ap#L1-LG`Woh5
zI@UyMp0DR*Hnooks!x{RtH5+L=nTiDoL%@?7_Nm9u)K})`Yl_q248~XpZMi)j_tgU
zX>m)JuK>tmXO6z^o`;tLwvrxxoA>*05x^5gYZ$tmr)RbFbfaC`>+Qu$i_I6ujh_io
zZ^?gtH$BEQ&=miak1b!m(KVxaN_xDAzJb>e*+kodsejMLCuN)qD;Yy9`68AbJ%_2x
zI^&%@)eyq|qpVV!p#D)5=_oOJi>)d83?cY|i`;!Ds`U@;kwW=!eK(q~jxAZRz@JB-
zs)a}A^B*yL(Hc5Sm+7A#qL;kJ;BbC6QhNEGfQyLO>;l7IXflN1y}z4(ric%t3lUAn
z>XJc`n)OoR+gbp7XPm$VgYTFdDI^HZR35Z5B$g*J_x!Zb-9>pK@L{)dGr!|;lGS{d
zlj&G(fnA)B@$-Iv`0U3PcTsKj{d7g%IxU>+fYT7)<W(k*BqyUPd)PQh534h0`>!BF
z&<*BGoP-y9lk!Xg4SLI<^PSNG5<Se1;+AqxE3V$0PmaIl)GGJU;5aK%EjoKiZ>vb8
zPmf(OJt<ox?*-=jK|aYnOF`y15+d0COumLufFo|aG};3=0RJ#WGSkwF_ImG9SGHjn
zCz|Gzk_3B)t)<wgrO>F_^>>|ny+@uPvPf3@<`UigI_8o_v-x6!{Wzc6Y?52Q&ZPaj
z#b)hf6&UK|?JRxxiFkE!DI0#6m`z5jVQOUTdr>~5RP0Y(Ple=icnb~pO&r5LDM$o>
zitnL^xN)`t;1wM#a;90Q*}%qRU%`CgnYIJ?$yH*n1sganVIrX_@yDT)ma%=n=JqnJ
zGI?z}*6S&(<6^Q?N1u07ivb6)T+0(XF`S}%4;@Akj53WJ!D}sX=|uJw$?JZ<R|H?H
z28<^ycUr!tz}X_<PP2@x9#%d$C-KU>I3U?NoUT1KhbO*Yo2?^y$jfbFZq(-Ut6^bw
zK)1t=3;lS2^NXows{dSN>dqzE7L4Ecy7*fe)7JS1`iBJ<P^_u#fN{D7SLb5m<0rFx
zP@jf(Pkl0&Nwd#v#SA2sEv&8e^*tY#*fksL=J@SGjcuDECu(#ewF%c?ul0l7X3i|E
z$vS8OA@DsG9m~D2^PcjGE^HVH`$<{eBu<@$h}O11;WnAN(GrP>Xn57b4J&bhMJvJj
z>w*-qhV<csrDOxrgN{@Kj{P##n1Y76FSK%Ib)UMvb4-}?Y>ga#vo2SJcXW)X6qRko
zG4hRQlTkk<NcA}WoLooW7|O=6rs;k3>$@p)K??jmR;o?WV(e_{jhd)kygKf7wybLU
zBeLA+bwtW6I(Jmo$dJ+}9qf0~ojalBKP|zF?*f!{M}CPJ&VKyx-ueP)sYh8zuPgYy
zfZC|wXXm3JZ2TRiJpZ2dVjZ@7`8KVwff0%AB)Fddi}5YgnS1TwV)s|(?umd4cwj<w
zZ<dJQ#*{lVPflyAcV5@%&oEKfG4De9_nOmKLa(C^JJth>{hHS?@}q{g(FpEYZl9+y
zOVru&wcTc?XkS07cq<ykMyJ=%2@l*M(#{}u<Z}i+926X;_JeD%+e_fL37J10SmWF=
z)8N8LQ`~b5J`LG3LUWp~ioB%odG3iP%+5ayFTa9Sye<~={GbCSA52{Ly1^KL5jzmc
zw4FY5qeq4sk#4Q&&i%Fq7o5`wlM$wkUeT}V{t)Ahs1Hg;yaLj0!-))2uRHxxu_qP-
z!qr~R%>g~Aw)>sLop6%&0tl&BMn@j4)u(L97Ps<CEd)lW$vqOdw@bYQO9iC4+$^)h
zk!MWgByX$2)^pzUHyqGJ7rBY~W|t66Bhwz~_>vdABC?)hD!`=4%$Q8QwcWAOhKP^N
zC@;AA>zGj;%_vWfP^VqIH&uD+gFzcODZQg*$~4+DvqJ2&I=R1#TQ<znz@8P#XiAmZ
z=};#s@Bfwhg8Ulqx_E`+Kw7fKB<$4(_^U6a-)q_*ISQD0eBK4omf4pI*`0qEn63Nn
z^PSX|%3R-e#!B|Y{?hR>1ugdV?CU82H-_K(`&ShL1cHNtg@eZYw?yRR@sGTm7PH0a
z167^P_vW5PeR%k^Uh;<AmVlb3j_F8ct={CM<g3v)7IBi6MC+d3Fq+ha4#8Tnvn+UX
zH-0C5-SO`mN5i&7+TBwc*Wq2&U7j~5-3{GBPiT*59`w9VKBWnl!(zyw9>x3h_VmX+
z*pBXQY3~iu$#vjN1QwS4A&vgWr;CQWrTF`R-S)8fNp$gC0Ig3n53bvEL-&)IFF5mN
zXxpswW;9W*4c&|9U#h*LrB|FGUeS#3N6YpnG*rVXziD<$Sp#wo&2~#EGzr4@X!KPV
zOIGL2sA7VJ`SYqAjr_+4`eeR3>88hgN=PUgh|f0H=7WGId}qhy6^s;h%VPL^tJI`?
z`B<crv6Qc$D0`RreH#{cvo7^jIxd(__^eP>f1r;Qbu!?B1hZPi?Ie6o#zLKry{npM
z8(Wt}QJ&uydoXS5sTo;3#NeqY>EW=w9grOm!kBy!oHtF$$O-c=nb?|4ORvJxa(Jt#
z0f9{5E6THmoWK-&@hcUNEt12gFFq%)P%4{oZOYiB*00Uie6Ma@R<-o9oE%hqq1A-l
z+1nRCb-2Ms6`QwFH+><aT&t!EH`XsSANT#`CBI+T%0HI*ss~P?yQ53(@k<N*y>5zw
z@N7`@T<?valP;Tfp}{y^eO#B1XKnVhA-rBq|J5-^nZa6aagpuItzughHsNC$9Xrd$
zdaSBs4BrrkR^TG}9!%b*Ky#MwFjjzw94{wn<o=U<G}4+l5S?Cda%3D0oHnJe&o+NE
zRd9P)2d5kzDa?o8(n#JF6E78CVDJhG9{Z$OYa(3RP*spStv<Tun0ch3@eS+g@mJn5
zKwsu`SXXV!O}vzhd}DS|Q&mImKzkNzabTq8H*4D?70MMO^cb-Li}J)iRz}x+N_M+M
z$~W;FY`YR}?|dTTfDY>D@T2S*d9^%Yw@Hxthu}VjX1<uU1lG!9g&^#edyV<8HFi&m
z^%97&M<-Nepna5^KO|h)#Y>AQ#5z?*G>p+7`21)&(EFMOk+-o<;OSSNkkengVY9Ug
zDjUI%8=r{P9`Og`#jTpg4+>{^M1^dNjXskRt0o>Bg9MUOR%o%s!Ru)7hl^P8<94RX
zS1D+?Ctu^05PKH;PfWZv8e<=?JWk$p)VKMf{X5sWU80v#wXs;M{`Z^8mc4_#Ft$AF
zovFxFALo0By8iyDLB0u9boWVgL&fsBV~}Ca?5GM~dGJRb^>R&eDZVj7EChJ?p@<J<
zkx{4;Ydczm$<EYd3cN+IOICKsUd-s*mbXG&N<zPz;4#fbb8t!1QR*8|OkbxJ4b3o2
zS(pl3UDebe9=cxDPF`2F8~8->8zi_Cj{&h;iKL(@VGyt*>3Mx%uH>KzHAxnvYBhc2
zX-FN9^zE`IY)svzw#>qIiB@5oi&Xep53oEMJ6ggSucO)Kf@>$(_BCRheqiHWs-O-)
zYEao)spngoW=OcOm*<||)8BV5a7E7TB;!z_3l`+Y<>uX(DU92(I_rp~TX|qI+S*6O
z2$rVmd<OGWpZzLGf5PY#qoxBcWpHvEv}R<oBmUCOzzY5SI68^HR_6_kv@T|+dR%C&
zf>x`Bg`ZLD8k~XAO2I^RFjM}Z;~Arqgh_xALB;Chh`tmdf#R1DG5E{4Or-4R-XsTM
zCf}Dr?Q=Zy8otQ8mEpjoGrHPrv^<OgjP}PEV9?^4d%rN2!eTkT0`qhDoyJzK3Z8v+
zc2WJ=ArAv~TgO+?71LGU*XsTJ0X^|`sEi`V7rj`hr9J!=F&<lR7ej3gi=Erx+k*6c
zdE6I}hgAldC0xB?j00&avBRy1F3Z*5>{H&Ih_G;%GN$3CSV1#fCZ(Q_uFOhY<Vl)e
zprvBHgKrAWEq?#Du4vVgS+!bKlv9(jQtY9WtX|fC>oHn2+D`D9fE=OzK|MAuCG!Q_
z07aZE;p=F)w=^sxOjmhP*!fw?M?qWD*32)7Op@qFhp1hD3qp_(P5@O;AUuQI!u}Go
z#85zazaxFgQO$8MF&2?&{&-a}ow%1X;r@!6x6*(GC6MAw{+;&XS7hJ&D#Lv0;qa&v
zM`t%BEs+=ep)mk_m*S>WLzw3$?+waaN8d<&*T?~Qq-_&#s7>K746%3JW3PYOI&2ZO
z5$lkK3nX}M;`{(VVYVqk))EdozL!ea<V;xx5dIJ|ly_(}c%IZdn}=n&PK1_kR~erT
zuCZ!21%~N8+{A49E=(27=Z2W-Pc=6N7UUNPK6Ty9r)>SqvcqIuSe&qn-+nv~?DR-I
z+In3C|GxYLe6cBv?@shJ@0XY5(DUG?WAG;)g*@AP`I^4fgFmz<_{XpxQ^tL^KRB3{
zp&&9Wd)ANl>e_nk$iH+;IVi{+ADdMa1G`t4U+(-3zg!b3ws(>rMPhC%8E+A~itoMf
zE3=ZArFMk_IF?onAM9$hB&L93E4oeLK>2;#3Y?}O^Gd9M;j|4?^d5WfLU3H{ZgiZv
zXu*n8Q{y6WhpRKO=wpMJMrZkRRcHAfX|8@MxNQ%^<QSVMC8$@F)jX#0gZ%l=5Ascv
zAk;8Gy_4@=^ogQ<URf%L!C7WfD=Y81p>tz6-MZ>drJo9kilq&TGKafmUZFr^GHO=1
zC>FJ<#kK{@T#M|D)?&sLI_lMNF~g5=k)C&PluGc*Uu<-3bJsLgTq(GCWw*fK>p)>$
zBimP8p`N5(_c(V}BdCYwDqf^SWe&kN$>SW{Z&GnN4_R}#*(5{vl7iKK#u3Q!riKKT
zr76?fzV;M8po8Yg$PXuk*rvikPb}bRQ+sMEs;36{TLb6|G~~S4BK>LESHfD<V~w^v
z1z_xn^jr6r_(xf8H6{b1RZG_V37E?YDkMiNK~0X3#E?kma%xuKb9}!E@e~T6)8ixc
zmwucDJC>70$yUUPUjZz6?<ThwT#hda86(=T;;TOuCSbW`WwbW>7{h~cArkNzy9{k&
zx7|pwbCp=MVi%`d*sv(Y#dw>i@K#rQ*F?ELbNdq-a>OPyF`7_B*MR+%PvpTw`^qwa
zYdpPn7^$$F{gWrj2G8I#wm;ic4_l2^_nM>mLFSVjEBYL)Vcp*bopJf6BN>v4jc#i*
z9+Gf3pT<TzkZb!#(aEB5OA0vt*+cGgU)>&MC*&m3b0|4~F>D};Quo1lnQhnROj;o+
z!``WNnjpLRp=SA%PepUsh(>Rbcf(~uuU789f^aXpr=s4pZ9<gI#g~q?Jd5weCd-=*
zq*;Y356U4v?gf4Mn2wN;E}JPqEBcHjTYomQ>l_-}@=MFqM!so2!xK2rcifG;OZmBJ
z{L0!7my@}cHMSrg$K4xqOH7N@v~l}SG9I1XDY*Oz+m)G3bKsK#v1{C~%@2>XM+53i
z36-s%Q<o>W=%htNo~Wu1dJOltIbaz$m}^(^t?cSN?X~-6A*M@`D81ZkkcA#MunG2o
zsehZk@?4pb^ye-d%W;643cWZ$5C|7p9*miDUV4APB2PNvyp-FRx57Q7!%fsJ$9C9Z
z<JR_lep~Okz5GSS!LV8e3aay|D6*1ur4Y?)p2QWg%Xw*3-&HRey%4s#g(&*i(ZtGZ
zDIN`iq)c=(i{^EgHzt2$P6JhWz%pw3p0BG|CUqKZ%mU3g5Aoo_puJOR;U_f{Bx7Q?
zGR1u0qm9k-IGU*Q%X_!4aA(RBRk?T<X7wk*j@G3e*VG3E7OG17eN74er)SZ-^x-n3
zq1G#IzMiqO;pz)~pAO8Ep;gxT>dD$b%KpX#aN@d+zh}4%>#9v{%D{EyAes0a$1^RS
z6rRMS-Z?=wt5~?2_xRZ>Gt1(dyuy{kG{-FAgq@3tngmgNxTmrRo5e1H4|w34`O!7&
zTI1mORSk`Uypi{i<#JwAXJY@{_gt%hiEmd5Lk&%zf*m7|ruxT6+Lw=AX{sJ9D7a1)
z^-Z0{Z+5iD@Aw-FO9b0BSyL@%TO@p2F@9`p3G^*K&Zva<+F^?be@55NFKXu@tV8VA
zcG>m1?|n~4CVFcqpWcVp+JP_iRyOq%7!UVwFCF*3ubCtqIruCcx=$X?t#S~L0c$T0
zH+>A^uK9m+x6|6@;}6(fn7T(-o^ymg3z?exkufirej4HaBEu<U=(AC%&He}5xY=#Z
z+t0}xGoF0#c02mWc`u!jZ@Hx`A%(mTAGc5#T0Q%M`YswEOIm8@J)Ctfian5>(HTOi
zC(B!FUdn#tgIC^__%nWx|DmF#tBva;)J{rYwu<4}#~w;UU6QwG@!?V5#MOUL!hkaj
zsrJvFjMg%X*@^i5_PQK-n2~A$`ZBuA^FCe0p%IN-6Fy)c5|vS59ZM?dJCxU$+h@jp
z!IF5-N*Z{pvpdcaFBttzc3s)@>^%*c*ZLU0c86uQP&)4@Oco%0z7<iW6uc|31`XZk
z4d2$ysCvEql&r|kx7Xy6b<8jeCFa7r638|W)*73oK`Q%WUtcC3*!SxQ%jNaFWnJ#b
zvQQ(|QTTGQZcJmt*jnlp_qvfc@eEv~;ZfDCsWq!*S#RLE|KWw36<*?-@0`4jFDx(n
zP5t6~w0bPBS;$yL59|4gdX(8R$eVL!SynTq6m%o#5k>VR3-&kPYm+^C=GY@lF8fWs
z^jS4B187}S;YOa}S<&A1#Tg9^6Tilej7CHKMBzJ8roNdmjW}B0_BS+0mkoCfRbX=i
zYr9kLnBH*g{$>$PK9*~4VK<}|?zCTB+H_vEv<!z8Xp<t2GaadVElvbmpP#Qd;&1K)
z5RDhG(!{d)tK+GU#S5qV)YAq{mA=oN!K2xJ-0u)|wQ0v6n$3*9d9I2Xu$y@+nN=_B
zP{V7lRm}(~kGqrP1DYmiajcEJ@HX}RHJg*QIQ74qYAF{jN6!@@O)ksK@cS=SoCq(5
z{i;8aoM+6t1P}4y{TPl^u%#d<*p^{(of=P$H~L+eG<MQ=xYp-LdWoo;Jm^eMt_2&c
zTUx&<nsBCe4Dfv$Q{0QUsnam2^|?QasuAAvcBi;^23a-K%tm!G4ljy(<6=m0cH$zu
zvN&|>!?Y{l#HHEE|6<>~%yZsnrN7_DO9GZUKAu+`;}d-{G8LSjpN|`h&3nzlZPoDU
zqgF<SUEhH5xvjzNP2Q-oA@W)|54*Q<LtLA_7;Ypi*W@THcTP4Lw6d#7xDmP1e+9SR
z$aO#S324UMKpnkx&|FxQX`rqha|<`@EiM{UH#uw8)sFF%{sA{Oly6e1I!RH{jw#mH
z-k2I`&MIPn%Qh|=qr^u<^|Uu?H;>dO;(WFWJq_1q(s!%1krh`4lEk+*<BSx?MO=o>
zb^FD+T)hjehMmztw^N!-pVxm>!mWQ98(YNO2Iapv(A3OIHaIobMg8d*Cx4FA{Ja8B
z?aRCx&3ge_23+ed@XHi-ZFAJz6z5a-PR5-#=X)?1s|%{#I8@S~>)Xi+^QFQAw&iZH
zZDkkuc15c_Rt^gmXjF>|&w4~tmzIscp0l!x97N}x86=ipmxM)cY44xIi|X2yRnu%5
zECa|ka=|_J)IOiC=#y&|O#Eu8=UF4FT!Ir~C;|$Ds^+b?>Qi85&AJl-&u?A9_=dlW
zBlWlHTyz<cPgWAW4%{ivZAs3*zqrYY31>TB@H)`uJx@_wkq|oXpVMtK)^G_RIX5L)
zuaUa(3%!zOOd(`Uu|T-O+0Ma{el8v{d%a99qyouFQX)4j(r0JH=Pd91a$-dDR)W9>
z3j_x@OfE8vyHmYzPKN9hdbmpOZtCSOX^c8^_x)_r7=&3*sAv0I5;kvW#FZ9fvuba#
z<^g-$lLe`H7%6K*MvU3Vm2L3BCj}#8M-n4K=3>m43^s2~#^N0KibY&QW(=9;L7+mi
zcJISDq3jqdhfIIzhT)=^Dyw9YX^n${pX+VBLm#b34@2M-+)t8s>Ldv2&y2eel5E~S
zB(R*AYz-GNM&&$nILy24#fdNt_ZB;I^ls&Y=x#)#M;Z3}dDqY_tzI*>sjo3f9%Yh@
z(ITd#G>Y`m@xATv)y&6r6^_qlG|RT1W|Sy05>oU|U`xI&TwQ79)cV;<RMx3L^P%^e
zZK|P{!CtGEiNxlOIA>x{7rv#5nQ>X`i=BF@iDF+Ro#GgGyX*&>$@H6~hjzP>WD`ov
zc7|7t`zthY1-eNb1**Lp<}OhC!yS$?+ppp}t90!6nG}=>@cv%h#j!B2vRRpcv>1!$
z4sD<~j>?aWY`O(8(rm8`&(GW5wGC;OIX|t<|H8rIf%{;o*Dr2By*J4cG%5G1CsUp=
z5-Hcts0I(6eHA*Eo2kXf$M%_8(NVjXL%#}WN1UrBzbXMDQDW0rQkAb&=+gj6GVY{h
z9ue1$%Vp)Sz)9m?sP~SsmI056KR-hxqD#I_9F+@IU~2C}l*^YQUbJbMr~z4BJ|uQw
z-iPL94vR76Wxfp5WKrqGVDHuL^{N3GF)kkzwAI{;Au}O9C@?PwjZl@}VTvgajnL|4
zaeNI#{ajT*lzAjGS6qZf?|Z84w)@z%uWF=gMwEgHdEq$ihT0tF@u7H{@>vSOcpmp9
zxjwcA6|}v?rie8m!qSxweuEdmu+9|Y5hO0B-iwbFlVD1urpVAK7K6R^&YYbhm08{<
z6W;8V28XR9t;sGr5mJKdiA3B--=5*@XDT;{qkgeyAB#9UMklUAM-IHjJFOJ!LhK$Y
z)kgZPUmpH8^esAeyC$(m=vzw!5kHQqyfX|3O$jrXfd~sTm?&G}2^)?|D7C;3P1B&p
z>9SDwr=_tZ<q9vl#9A|n>5m{-#6b$?>?8S7fsQc>ZUoOhk<f4*qym)C3Z)pId~rp;
zUqzfrJR97PTnM_nH9nKPbwq1A<X*Z3(3-au<60meM*too40LfYc_0u77-6FeLRv-u
z-XmD_7?C8A01&(x3+HKRiQJQej1upAW`rGTC7fmi4gOhmOi%j&8Z@4#e&f75roKO@
zFC4j=6eV5pTmyD4JaDUjits%ZefNCQO5wM|<iNW8O`@H!rSyQXh@)!_&BbAfo<-;B
z*$zZG`pROIAbXFMy-CR-zV0Tb`RWJF^5MQnRC62Ok*g8ha?^c2*tOuWmZo`ZQblfJ
zGcB^X{(PTOJsCh7&9kDH{8%+14Zph7u}$L?`Ju4SC8_x2(w+3;q}lU9ckF2Gxvnyg
zM(1!@MY#KzUd4hW)rcmhgY+ixG|#+*Z<pX&*glp|EBVOtkwHnP8m@h(g4&?@FbJiO
zET?ayI{O-2_!wlXsTL&uaUnJ9S#uouf$y01O0kOi$Aye6g{wu4P-EMeg<gU4!VbiO
zJoN$9k;2D?CUHb_ps{oSx6sPzuBzRE;E@)>xZh{vmNel?27E5Ou{j0@u61y`_c&z|
zoU<RPBbw2In3|`=5DUw*?n@zLiUHiUp|nPB8=~+N(8}aX-j&m}MEPskhNsP#(NCM(
zDJTxKUjkQ(&6BPuFDVb~_Tt^(=EaIj^1^)U1g$}7*qob3FJGNt(YWP0e+s5~qQfby
zGgi4y@U)AGaL;Cx8ZBRurp0`{)r9*wA?a+D&p{eCBnka&E9OazB(2^_1~&6~Z_rj!
z6MC=0Dop3+k8*+<LwWp^C>pj|by-5J(@u)6)TnZ0kzUW+y|V0AFEe{zkGz>Wv0_;L
z=AW>{9|K@<y-$*}*}gylBcLx^Ii+$UhLrvL{ErEJVD(@$Kn6ez1kyoxP)~jc>d8;X
z2jf99eFQuuf$)OqczIFxTJb>XARrhW3<5!v8aPyUe+0}?kn!^Ub%rd2kDvd~FC6_j
zPZpOKxho4`K`!S55QxSg#_GfZ051SB`VNS^DFiqmC_;40**erf2zV4O28bWbkBEo@
zAsSA?5R%c1<#wlBXb7(l!1CU6H9-0Che)z=NiYQ?J|FNeQ!p@u7t!4ULL}-&B4Sz@
z%N6xP0SLTyAOg#v2{F>HTkaBqkB#s<!9|2d;UN$wtca$lcL<qN#&YXuA^_s^IS`Ta
zK@mZ9saxGq1dw@x5BX2mP!JG|Tw?)%kn;Ti1Tvcyz*r3!0O$jdZ`c7qWW+bXC*&s%
zfNr_lr4=Xsf9B4^gPJ^YRTia2$qI->7RjO123P@A03<*Gz>O?r2mC@ND*$w=cR2v-
zlw{EVn1k^1@%@)HC}O0A1xY3ch)3>502r!A<p7)jWO6jhE>HpBfOPnXvKyGgPmT}$
zk6{Q81d1%p2Y?XgEuWDd1pub<npO<}a<C8pL<qIVA?=C)`sK8SlZ<5i|FH>!{Etok
zKQ<A3LGO{X{Q$=DrJ#KP(%>5aSdJb{3P3&^1c0siQLL+R%YaZp@b4Bc9p7IqFdg4t
zSNZ6`e_^QT`Ktw`1OIiEpN{umEnIFH7#;s#mr=0>{ZEsJ4$6;g8U(argLwWJp+gRj
z0K|}8LjXS<o<FA)tI>gg$mhd=Rveyx^+X5aMZO;bh#=KR0098VzuQFL0r30ae@pZI
z3#uOf4w%P6ddvZAk+5k1KeA;WMdZaaO2cdckc3Q|0YHg(fn0oayf7Xv5FHPMhYO5s
zodOs=Fg7!GHRV*dm(jIDdd>o5k*}r!j(<bB=TIp5Jm3}b=Nzg-;0&r2IuC#%f6M@i
zk(>*tR?{rtP1Pdc41mGI&jUkV{RHr%!$2@3bP2!&=SL0o&x6j94)@P14-bsz4^Mv{
z|G|Jj5DbX&_TMo+$R7{<FNV_P1*1ItzZek62Z7$P0R-~HK+u25!T)OnrOfvykN>XB
z5BuZ3zhS62hyGjne|4dtySgYj7|LsZ*X4!4{x(26)QmwqsH3O<E{MXwkUOJBVG!V5
z!yq0g<c<-P9PCe&{;y#k5UNAu&N6@*4*G{F5CjJKhdBSA0RDRyyg=ALG0;D_0HK%!
z{aqKx!wcp4H}?Ms2l4_@CG3tM3PY9NzZpi!LHJP#@xOxs^78QV{S)K=Qyu><$Ith7
z$G}mSdHMOkcZft`(7WLT<b?sDcgRIyAn4uM@qs{h9RoyRymtq~2LglOcMbFL0)clt
z4dmkmgYL4x#}D~ap#L^I6vqFL!SM6n%_$&i8AB~*|I&s3H>vnwypX#_Ap9_%{{#C+
zLPGwJB!$5E{y{$k#t-`Y<WT%WdHy+SC=c`>EI@hq?*=9i3gY3v%ODiQ`;R1r!XUhN
zU5COTJn%adLSg)nyB+caL3a}f$d3xvyK*p8Qr)E=g+cCC0vL$*zZm?lItPS-`2Upo
zzxfk}3hTeq1>`{qK<~KZ4+guN#;C9c{u6`TO?Nm-`5%UPfKcGwBKZfqOFs(xKa4;j
zkbfA4!hm-s$AhX=sO9lb{{6qo{s;UoHUC`!p!|0uori~?_a7{vBH?aeqU8AhF%cdZ
z4D??&!T-C=z@T?W4MMT~U%|iRKtRylsOCYvJ^F{6K&W-*uA5L*0eqJQaS#y3bJxcp
z9w6VHpy5FUHTX^hqcGI=0%XQIKo|~@KrNLr5SSzswaQ3K%fKK!lKea%hzwL3Dj@{~
ziQo$T|BBEV;&MwlnMqn(nAy3yJJ4~1#39m>ypj+oA4mcS;f3-_KqO#N5HJsql(aYm
i#Dgm$g6ryL;^OA@(8a<M7d0M!ARjIxqqMRN?*9kcsnF8^


From b6020d585585b39cd8be51aab518163663795b43 Mon Sep 17 00:00:00 2001
From: jeremiahjstacey <jeremiah.j.stacey@gmail.com>
Date: Mon, 9 Aug 2021 21:51:56 -0500
Subject: [PATCH 771/812] Snyk 629 (#637)

* Antisamy & SLF4J version updates

Updating versions of libraries as recommended by snyk in PRs 636 and
628.

* Adding SNYK ignore file

Adding configuration file for the snyk service to allow certain
dependency updates to be ignored. Currently, the only listed dependency
cannot be updated in ESAPI without also updating the library to Java 8,
which will require a 6 month notification to the community before
implementing.
---
 .snyk   | 7 +++++++
 pom.xml | 4 ++--
 2 files changed, 9 insertions(+), 2 deletions(-)
 create mode 100644 .snyk

diff --git a/.snyk b/.snyk
new file mode 100644
index 000000000..3d8444e95
--- /dev/null
+++ b/.snyk
@@ -0,0 +1,7 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.14.0
+ignore:
+   SNYK-JAVA-COMMONSIO-1277109:
+     - commons-io:commons-io:
+       reason: ESAPI cannot upgrade past the current commons-io version and still maintain Java 7 compatibility
+       expires: '2025-12-30T00:00:00.000Z'
diff --git a/pom.xml b/pom.xml
index a994e4179..f4ef78600 100644
--- a/pom.xml
+++ b/pom.xml
@@ -237,7 +237,7 @@
         <dependency>
             <groupId>org.owasp.antisamy</groupId>
             <artifactId>antisamy</artifactId>
-            <version>1.6.3</version>
+            <version>1.6.4</version>
             <exclusions>
                 <!-- excluded because we pick up much newer version -->
                 <exclusion>
@@ -249,7 +249,7 @@
         <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-api</artifactId>
-            <version>1.7.30</version>
+            <version>1.7.31</version>
         </dependency>
         <dependency>
             <groupId>xml-apis</groupId>

From fef39630052c76dc449a3da82b116c0c87928b2b Mon Sep 17 00:00:00 2001
From: jeremiahjstacey <jeremiah.j.stacey@gmail.com>
Date: Sun, 15 Aug 2021 16:57:00 -0500
Subject: [PATCH 772/812] SLF4J Dependency Updates (#641)

Exluding from Antisamy as transitive
Updating to 1.7.32
---
 pom.xml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index f4ef78600..239d92d5a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -244,12 +244,16 @@
                     <groupId>commons-io</groupId>
                     <artifactId>commons-io</artifactId>
                 </exclusion>
+                <exclusion>
+                    <groupId>org.slf4j</groupId>
+                    <artifactId>slf4j-api</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
         <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-api</artifactId>
-            <version>1.7.31</version>
+            <version>1.7.32</version>
         </dependency>
         <dependency>
             <groupId>xml-apis</groupId>

From a4f06ffabfc7e2dfde10a7ab15efd9622ce1ab5f Mon Sep 17 00:00:00 2001
From: jeremiahjstacey <jeremiah.j.stacey@gmail.com>
Date: Sun, 15 Aug 2021 21:13:28 -0500
Subject: [PATCH 773/812] Logger Level Logic Updates (#638)

* Test Updates

Updating Logger tests to reflect the desired system behavior.

* Logger updates

Correcting log level comparison logic in Logger implementations.
---
 .../java/org/owasp/esapi/logging/java/JavaLogger.java | 11 +++++------
 .../org/owasp/esapi/logging/log4j/Log4JLogger.java    | 11 +++++------
 .../org/owasp/esapi/logging/slf4j/Slf4JLogger.java    | 11 +++++------
 .../org/owasp/esapi/logging/java/JavaLoggerTest.java  | 10 +++++-----
 .../owasp/esapi/logging/log4j/Log4JLoggerTest.java    | 10 +++++-----
 .../owasp/esapi/logging/slf4j/Slf4JLoggerTest.java    | 10 +++++-----
 6 files changed, 30 insertions(+), 33 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/logging/java/JavaLogger.java b/src/main/java/org/owasp/esapi/logging/java/JavaLogger.java
index 889d5f0bb..6e57c39e0 100644
--- a/src/main/java/org/owasp/esapi/logging/java/JavaLogger.java
+++ b/src/main/java/org/owasp/esapi/logging/java/JavaLogger.java
@@ -24,7 +24,7 @@ public class JavaLogger implements org.owasp.esapi.Logger {
     /** Handler for translating events from ESAPI context for Java processing.*/
     private final JavaLogBridge logBridge;
     /** Maximum log level that will be forwarded to Java from the ESAPI context.*/
-    private int maxLogLevel;
+    private int loggingLevel;
 
     /**
      * Constructs a new instance. 
@@ -35,7 +35,7 @@ public class JavaLogger implements org.owasp.esapi.Logger {
     public JavaLogger(java.util.logging.Logger JavaLogger, JavaLogBridge bridge, int defaultEsapiLevel) {
         delegate = JavaLogger;
         this.logBridge = bridge;
-        maxLogLevel = defaultEsapiLevel;
+        loggingLevel = defaultEsapiLevel;
     }
 
     private void log(int esapiLevel, EventType type, String message) {
@@ -52,8 +52,7 @@ private void log(int esapiLevel, EventType type, String message, Throwable throw
 
 
     private boolean isEnabled(int esapiLevel) {
-        //Are Logger.OFF and Logger.ALL reversed?  This should be simply the less than or equal to check...
-        return (esapiLevel <= maxLogLevel && maxLogLevel != Logger.OFF) || maxLogLevel == Logger.ALL;
+        return esapiLevel >= loggingLevel;
     }
 
     @Override
@@ -128,7 +127,7 @@ public void fatal(EventType type, String message, Throwable throwable) {
 
     @Override
     public int getESAPILevel() {
-        return maxLogLevel;
+        return loggingLevel;
     }
 
     @Override
@@ -162,7 +161,7 @@ public boolean isFatalEnabled() {
 
     @Override
     public void setLevel(int level) {
-        maxLogLevel = level;
+        loggingLevel = level;
     }
 
 }
diff --git a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogger.java b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogger.java
index b24a7448c..cbbda2140 100644
--- a/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogger.java
+++ b/src/main/java/org/owasp/esapi/logging/log4j/Log4JLogger.java
@@ -25,7 +25,7 @@ public class Log4JLogger implements org.owasp.esapi.Logger {
     /** Handler for translating events from ESAPI context for SLF4J processing.*/
     private final Log4JLogBridge logBridge;
     /** Maximum log level that will be forwarded to SLF4J from the ESAPI context.*/
-    private int maxLogLevel;
+    private int loggingLevel;
 
     /**
      * Constructs a new instance. 
@@ -36,7 +36,7 @@ public class Log4JLogger implements org.owasp.esapi.Logger {
     public Log4JLogger(org.apache.log4j.Logger slf4JLogger, Log4JLogBridge bridge, int defaultEsapiLevel) {
         delegate = slf4JLogger;
         this.logBridge = bridge;
-        maxLogLevel = defaultEsapiLevel;
+        loggingLevel = defaultEsapiLevel;
     }
 
     private void log(int esapiLevel, EventType type, String message) {
@@ -53,8 +53,7 @@ private void log(int esapiLevel, EventType type, String message, Throwable throw
 
 
     private boolean isEnabled(int esapiLevel) {
-        //Are Logger.OFF and Logger.ALL reversed?  This should be simply the less than or equal to check...
-        return (esapiLevel <= maxLogLevel && maxLogLevel != Logger.OFF) || maxLogLevel == Logger.ALL;
+        return esapiLevel >= loggingLevel;
     }
 
     @Override
@@ -129,7 +128,7 @@ public void fatal(EventType type, String message, Throwable throwable) {
 
     @Override
     public int getESAPILevel() {
-        return maxLogLevel;
+        return loggingLevel;
     }
 
     @Override
@@ -163,7 +162,7 @@ public boolean isFatalEnabled() {
 
     @Override
     public void setLevel(int level) {
-        maxLogLevel = level;
+        loggingLevel = level;
     }
 
 }
diff --git a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogger.java b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogger.java
index 9a08ef3b4..62fead5d1 100644
--- a/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogger.java
+++ b/src/main/java/org/owasp/esapi/logging/slf4j/Slf4JLogger.java
@@ -24,7 +24,7 @@ public class Slf4JLogger implements org.owasp.esapi.Logger {
     /** Handler for translating events from ESAPI context for SLF4J processing.*/
     private final Slf4JLogBridge logBridge;
     /** Maximum log level that will be forwarded to SLF4J from the ESAPI context.*/
-    private int maxLogLevel;
+    private int loggingLevel;
     
     /**
      * Constructs a new instance. 
@@ -35,7 +35,7 @@ public class Slf4JLogger implements org.owasp.esapi.Logger {
     public Slf4JLogger(org.slf4j.Logger slf4JLogger, Slf4JLogBridge bridge, int defaultEsapiLevel) {
         delegate = slf4JLogger;
         this.logBridge = bridge;
-        maxLogLevel = defaultEsapiLevel;
+        loggingLevel = defaultEsapiLevel;
     }
     
     private void log(int esapiLevel, EventType type, String message) {
@@ -52,8 +52,7 @@ private void log(int esapiLevel, EventType type, String message, Throwable throw
     
 
     private boolean isEnabled(int esapiLevel) {
-        //Are Logger.OFF and Logger.ALL reversed?  This should be simply the less than or equal to check...
-        return (esapiLevel <= maxLogLevel && maxLogLevel != Logger.OFF) || maxLogLevel == Logger.ALL;
+       return esapiLevel >= loggingLevel;
     }
     
     @Override
@@ -128,7 +127,7 @@ public void fatal(EventType type, String message, Throwable throwable) {
     
     @Override
     public int getESAPILevel() {
-        return maxLogLevel;
+        return loggingLevel;
     }
     
     @Override
@@ -162,7 +161,7 @@ public boolean isFatalEnabled() {
 
     @Override
     public void setLevel(int level) {
-       maxLogLevel = level;
+       loggingLevel = level;
     }
     
 }
diff --git a/src/test/java/org/owasp/esapi/logging/java/JavaLoggerTest.java b/src/test/java/org/owasp/esapi/logging/java/JavaLoggerTest.java
index 2d9c24347..c7258a8ba 100644
--- a/src/test/java/org/owasp/esapi/logging/java/JavaLoggerTest.java
+++ b/src/test/java/org/owasp/esapi/logging/java/JavaLoggerTest.java
@@ -46,12 +46,12 @@ public void setup() {
     public void testLevelEnablement() {
         testLogger.setLevel(Logger.INFO);
 
-        Assert.assertFalse(testLogger.isFatalEnabled());
-        Assert.assertFalse(testLogger.isErrorEnabled());
-        Assert.assertFalse(testLogger.isWarningEnabled());
+        Assert.assertTrue(testLogger.isFatalEnabled());
+        Assert.assertTrue(testLogger.isErrorEnabled());
+        Assert.assertTrue(testLogger.isWarningEnabled());
         Assert.assertTrue(testLogger.isInfoEnabled());
-        Assert.assertTrue(testLogger.isDebugEnabled());
-        Assert.assertTrue(testLogger.isTraceEnabled());
+        Assert.assertFalse(testLogger.isDebugEnabled());
+        Assert.assertFalse(testLogger.isTraceEnabled());
 
         Assert.assertEquals(Logger.INFO, testLogger.getESAPILevel());
     }
diff --git a/src/test/java/org/owasp/esapi/logging/log4j/Log4JLoggerTest.java b/src/test/java/org/owasp/esapi/logging/log4j/Log4JLoggerTest.java
index ebea57ac2..16834f288 100644
--- a/src/test/java/org/owasp/esapi/logging/log4j/Log4JLoggerTest.java
+++ b/src/test/java/org/owasp/esapi/logging/log4j/Log4JLoggerTest.java
@@ -36,12 +36,12 @@ public class Log4JLoggerTest {
     public void testLevelEnablement() {
         testLogger.setLevel(Logger.INFO);
 
-        Assert.assertFalse(testLogger.isFatalEnabled());
-        Assert.assertFalse(testLogger.isErrorEnabled());
-        Assert.assertFalse(testLogger.isWarningEnabled());
+        Assert.assertTrue(testLogger.isFatalEnabled());
+        Assert.assertTrue(testLogger.isErrorEnabled());
+        Assert.assertTrue(testLogger.isWarningEnabled());
         Assert.assertTrue(testLogger.isInfoEnabled());
-        Assert.assertTrue(testLogger.isDebugEnabled());
-        Assert.assertTrue(testLogger.isTraceEnabled());
+        Assert.assertFalse(testLogger.isDebugEnabled());
+        Assert.assertFalse(testLogger.isTraceEnabled());
 
         Assert.assertEquals(Logger.INFO, testLogger.getESAPILevel());
     }
diff --git a/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLoggerTest.java b/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLoggerTest.java
index e2d7a5a2f..70687f4f2 100644
--- a/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLoggerTest.java
+++ b/src/test/java/org/owasp/esapi/logging/slf4j/Slf4JLoggerTest.java
@@ -34,12 +34,12 @@ public class Slf4JLoggerTest {
     public void testLevelEnablement() {
         testLogger.setLevel(Logger.INFO);
         
-        Assert.assertFalse(testLogger.isFatalEnabled());
-        Assert.assertFalse(testLogger.isErrorEnabled());
-        Assert.assertFalse(testLogger.isWarningEnabled());
+        Assert.assertTrue(testLogger.isFatalEnabled());
+        Assert.assertTrue(testLogger.isErrorEnabled());
+        Assert.assertTrue(testLogger.isWarningEnabled());
         Assert.assertTrue(testLogger.isInfoEnabled());
-        Assert.assertTrue(testLogger.isDebugEnabled());
-        Assert.assertTrue(testLogger.isTraceEnabled());
+        Assert.assertFalse(testLogger.isDebugEnabled());
+        Assert.assertFalse(testLogger.isTraceEnabled());
         
         Assert.assertEquals(Logger.INFO, testLogger.getESAPILevel());
     }

From a9f3acc81692572aacfa38c1f292017d70164544 Mon Sep 17 00:00:00 2001
From: Snyk bot <snyk-bot@snyk.io>
Date: Mon, 16 Aug 2021 04:16:44 +0200
Subject: [PATCH 774/812] fix: upgrade com.github.spotbugs:spotbugs-annotations
 from 4.2.2 to 4.2.3 (#625)

Snyk has created this PR to upgrade com.github.spotbugs:spotbugs-annotations from 4.2.2 to 4.2.3.

See this package in Maven Repository:
https://mvnrepository.com/artifact/com.github.spotbugs/spotbugs-annotations/

See this project in Snyk:
https://app.snyk.io/org/planetlevel/project/f53b118f-f068-49f2-98e2-0b5681787cd7?utm_source=github&utm_medium=upgrade-pr
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 239d92d5a..58d52dbe5 100644
--- a/pom.xml
+++ b/pom.xml
@@ -135,7 +135,7 @@
         <version.jmh>1.28</version.jmh>
         <!-- Note: powermock v2.0.8 doesn't exist. v2.0.9+ requires mockito-core v3+, which requires Java 8 -->
         <version.powermock>2.0.7</version.powermock>
-        <version.spotbugs>4.2.2</version.spotbugs>
+        <version.spotbugs>4.2.3</version.spotbugs>
         <version.spotbugs.maven>4.2.2</version.spotbugs.maven>
         <version.surefire>3.0.0-M5</version.surefire>
     </properties>

From eb71272726e39ba6615fb8de3293a6d5247fe4e3 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sat, 18 Dec 2021 16:15:44 -0500
Subject: [PATCH 775/812] New security bulletin for Log4J CVE-2021-4104

---
 documentation/ESAPI-security-bulletin6.odt | Bin 0 -> 32772 bytes
 documentation/ESAPI-security-bulletin6.pdf | Bin 0 -> 113158 bytes
 2 files changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 documentation/ESAPI-security-bulletin6.odt
 create mode 100644 documentation/ESAPI-security-bulletin6.pdf

diff --git a/documentation/ESAPI-security-bulletin6.odt b/documentation/ESAPI-security-bulletin6.odt
new file mode 100644
index 0000000000000000000000000000000000000000..ff2ab1bde96b57e43ad765316531a3e2b9117f51
GIT binary patch
literal 32772
zcmb4q1CVA-vu4|x#<V?c+qP}nwx?~|w%yaVZQHiH-<@xF?{3^1|NS?%A}UHJ^U2Dn
z$f$EpKJrqaV5mSqP(VO&<q1l<!;ElbKtMqM)W1_eHWoG}&K~wA2KM&W7Dfin7IwCD
zuC~Usb_PxsPPBIRCbq_QMlLocw$8N9ChpGi|4ErnXRlHj9T3nz72~fmWpfuBLt6t2
zYbQGA|LD@%+nR;T%ZkCnV8Q%-1YSa1Sn+Q=3<LxW1O@uHw-fm02m}Q3B`>Wkf=@_6
zg@a5)N<~7=PQ%E>L{7-X!O6xY$SWkt&rT=B&#oxWBPuE-Dy1T&ps6G+t{|hRsVJqP
zrY5OjE~n?9tYs>%=d7u3rf%Y5p($gmrEIS!YoMoZuCL`}Am?JLZf0s`Y~^C@;O1;)
zVsB^f?r7=e>Pk%k;9&=F3IYUp0D2m^8aDoV_P_Nt@+{rM+-)N~tP)+lgN%JkWaR)d
zDgX^hfTkKi#SEaY128oQSh@flEdg%s0H1(xw~!R8pbGPdM(g+v&!}Si=my{T3b&*-
z*UWy8K!A7NP@t{0znx*In|YA8M}nVSoUi@5qUyS)$&SAEmYLnIf%=}abBJe9h$mpr
zBcP=f^iK<GW~zEbsAYJ7XL6)@N~mjkym3yxd~ud~VT?y{s$pq@Pi3)GWr1RIr9@M)
zQb&W}Vkgi*2i;&h=WwIMNubwwFYNdP_UZ)C!ZiNUI?UQ4#^?am;yC&0Fzdz~(a{dV
z=_cCa4$ko+$-@T8=|1f1Ipp&Z%J&`6<DTmGlWKTaSXfkIWPDm;RA@p>TzW!OT54K&
zN>M~+V`_F`d{$F-UUp1=Q&vG)dPz%hN@!tLYGY1#UQT{lK~_tCbZc2!PiIU|S8iEZ
zS!q>cZC!O$Lu*4-X;W=oTSHY>S66r#AR+;f6a`320|b|h#?;THR}E%2jAZ;-%q;pY
zhz1m90t#ve%3Fs^I_6tC2O4_jO3MHhO@M|<Ku5=SS8sQ1?@VRyLP!7DpONK?vHjNR
z{f<FE=iFgmRqAj<&R}cBKxfNQMD$5U(RFF&Wp({v2jJ?@;Anrx(rEkUZ1>V`+1^z9
z;avCQK<meA*~rMq(B#78?BvA!>cZsk?9A-y{P@c1>d46V*y{1<;@8qBV0rUkWfic!
zw>7hSGr4=ezJI!Y@_5}pbv>|nv@*88xqLr5bT_g1JU{xhx^l3+d$108SUtJh23+k<
zp6;(doUEPvEf-H$w-=Z9FAtX|FPCpG_ZQ#a-^4B>JU~FyrV_#e%I@n|KG5!)%RXkU
zQ|)RQtmE%a2q%r%tDDCk87``8tkJj<5?LJzSL?ZkON=xcs^a0;8yhxPMG}qmjo`8V
z+&OS8&p{iZ2f$6~>?$HyMebl##=&van1`IY`alTm&rp~2=@uxaLU5*d5CA*;5L6i*
zR+90CBocZipl$Ha+iigN$S2mPq;*dVj1k%}Wt0j=CB3RaRlj<0{lAzPQw0{x>rSi#
zktdNaMt{TrF)zvq%1R0E#5$zTnhylueUnnkPG}U3nSoq9Emh@<(~K7GiL}rSFNn>h
zin5<#2@lz^z<=w9oao8@+|SS&SNmn>qqmoVed7C2y)xbTngU16^!5k4nKcVn#-aB3
z{mZ>KjRDPqbD*gQbdBS+AMzyaLOAp4f}RU3p5X`BO_%FsHL;Z4^CKj0yRBte>2oCC
z*XZJu-~Hk?7vM3O5AS_c?0Mz;w!E)YH+_9)K_=(>p!~WVvC8X@S4HUuj($=t_v6{l
z*6Yuc2r5%UtM0aL`R)QGKe_veoyl$$cYyTUaJBgq1o?K`o!i<@!!|&x)^y{+OGj<%
zR&1%#E}F-+)m>`EP9=b<##~zWW$@-Ie8+wuq;lux``d`V-gF=*1pcpm6PW;uT_=Fa
z*2D;}+eu$+)kiFy-!5WlJK#|+ho~9x5^$QmCAalBR|;wOZT^yb+2gU5?Pd3Un$2`F
zTh{aolZs$wy#0(fkbl&XHFIpk1I-y3OQ4@2|KcaS%8#(xWr(6+r1XUHLh0$}cpuzZ
z5S$|A;Dlgm1(s1SQ-UV5erJQTE(pFCIi6gv_mcel*e!17lkH51ju#id$8r})M1<<h
z^Y7JNnOv=x$KEOYi*Ab>nF|Qsb~l}uJ6Ngx?F$kpS+bmd%2Lh$d@w!%V1<&+U$;d_
zel3okjQfdsIiAaI7naJ#YRXiwWZwabD%AoQIx_&}pW}QJKi@qvCS#Fjja*u=c*L7M
zed%k`{Xcx&70=Y@**4uRD}>Y-R@iu9_cq4u3@|GA(RWttadFzOw;&^KI`#r*pE|Oi
zl$`+IK-S(;z@#<a04AW;Zeq%-aVDOTe1-RgCxjCC?dBE(EZ;|Lu<gd@u57OyT)mHH
z&=W|bcGnri$Q50#_k$bhPSEA)o!1Odloeeo2>2B~1U+l_tP)QumYL&i=ukW=J&*p|
z4^VZX<L@$GkkD==M9bHGzLlMcT$xZS{irX*2m0-fJId#;>?0QV8_@E-b;-B)ka(+_
zOVHPABSMNE8p^ATMMU$KeXbs9AwVafQ@`_MJ!I!?54~hUEo8;#jnYTR7!kz#4e}=a
zZu{*Bd#yEP$8-)mxey)prlK=5$?qTpA|boz#u3!#8|ogV<AVNE`bhp}`I{5Y(z>dg
zHED+f@!;w(d}P;BbI@l7;&i6liOOedCpxNMsApvsLPxEZBB>U(Ho#4%!}M@sraxb6
zx<`TML)TN!{pO>+<~p}FnhwXE4Z8OIL3but@sbnk8B$@M_BdPKk2Q$D;OhEH!3HM+
ziy+vb^nOMAW8+4<D!RV4>t#jk*a{Tk3#g_<BKNh=YwE`L9d-fry^(prEjQgxzxC2%
z<4J8&TPTns%Gm(C>8|j?_7%bUtMHE=F`0ScMf(e%lJ-Co#6|i=ftSvhwp730ODxhH
zMAzP6En7=}zFW7K^Zv?8YryxjTiH{8ON`)q>&morRk-<qu#GnSPBFdtFw5c0a?eNo
z9Tle2CuPQWhn<mT<qDIP=rR(<hKv<`K)u;}Cx^-*VtyylFL^gB_uz97s)9?49F)0H
zL7VOI2W__g^NwK7(gHHxsjF!eY2~2ITsm8S3GgO)N!h;5=pS5Ev#5K5<%3kSRkq+n
zKh@3DnHk##k3>hSBYOUckF*9DzpAD>ObT-?2e-_j${P#7YcCT9!mCB6eV>kd&CPt)
zW>Sr{Lg+mzMcxoLmQqJ6=!htjd8~HbP2!YwIoMgiNBlUPaAM@X_Fre|AfFN8ugQc)
zVsW`eOLXzDey<~Sd77A84wrRu&~LLeK$0YeldYlW24cJ$A`k>CX0<8E@j|w`CUCv*
z@zB?`n)%JlPEu`cK^p9|=NQT1<D6pRthzZBmzJKOe?Tt7!}apskN4%|7(qgQR%hG6
z!08?)zSaDgM0dIst^t<D@H?L1sNXtv;&*nk|9gcp-Ko$2s)b9qE~TQo!CvQTv$F*3
z_HJMI`Ikb3T7JB^AR@@hz~kJk^#IW65GAKcB=&`bghoPQaB(8Ko%vXqMGzksQ1&*k
zb!NW^;ETnu-tPZv)POs{eE6dWj)DJu`B*wN!<qXkz4P+k{Zc*+dd#$t``$N#_<741
z7|+HFP`^%Gn&JN5BwI4$<9+`c!TUJbVwxs1rDeh>JeKx-#5c>m;+r*#`R?VO-2rIt
zIA4AAApgpt(^jQ7mf?7aF_!5Pc0GDBC^H+V)Zwhv_4C0n^U-{o_pjH)?%{0yA)CW7
z><Y{XBwKfyPoV)zCc8`d6eDmGBs4y@P^57GF7n039Z#3HIa@N~852GiJp0z<1ZybO
z`iZtITJ{S$0SA4R8aXZmEb%FlgL;U?00TD7WCUDR;sAyqX*#$w@GS{*VenU|Otnpw
z-eEWyS%*CLl$?-eQGV4xoFjMq{p+uOiRlZZ+<3Ss8KeS5_aGA`>2sKVQe=HY&PWvo
z1?1$p<mHfnX8udG;6Dny**a9xhQE1!8nS3WA*Jp{jtaK1>y%(fkSlZ1gV+jA8}Ra5
z3>eV+iv~IHJxj-Rs-`ZSEhHoEI+W^Z%1xvU$B%y?D+u(XFbPmia26nqsAwN+p{3EY
zi1CX{70xkroii<lkWaoF<||XY<)g?hS46&6_%^FvK2`22*MqW_i$2{P`sA|vQryfS
zhrR~=Mt7;3d{-HPq|+l&*-3W^Q!1tzMTCNfw~~ja(y;$rvlOoYzO%vqv`h-R=6|6i
zB!rF^kqn;A7xDCfB7H!ZQztk$PS<@pYi3{rQKY(Ikk-R7FfRCE2CP@@h!c}YQAX|3
zN!xT`&v-z0cE`)0&UW6cIj@D9@b)WGXUpvLUKbALCrXGENTDp1heoqMeeNQT@xpNc
z+`McSxOcOEW{h9a2m4!TPI=$>?&6&QBfE<=E@l~=;ypGO!B}vVD$vGllE!jk<-PHG
zgN;}mu4H?N5jJnV3J-$6LSKMQdrWR<l<9gR3HV{a1y&6MbkMfrJd1aR&fOxA*<sXP
z5sj1^DZJo>tolS?eNlgt_ao_~$Y0!?SRR*7v(w{DFH4?}mu(LEHou$goSZ)YoUnRn
zDKMjHU|(CI-^oqX3(I&gf{F<&G4hT`%+m8`IEd5gxzsQjA%+XT>#57Deu<iSuipKN
znkiZ>A}lfynYC6(Mw=Rvpx`G(k4G)dH(}gd*;Q`t5=zcD`hYM;dz7xmW@mN(Jj(Yk
z)x*rfEV^uBH%g4kPmk+mq@8U|%VoBnh~pT5+D9@J8^|F_2Z3BOSgK<{@H`{N6dgvg
zUORbc`pM5oD9=7NIe+<GWFVfBKZNVw$ONGp)e9m+Z#jYDSKC)!0&&5+8YrX$DkSuA
zVY}9@_q@BPXvndZuYFI~{p!U-p{wbBIOZ{idYJMnKcGTcBTRF%(}PqWOA2%<s%O^c
zAjdmZ?IC2D0&zDBL#DBRojfyuyq?l(p|EdV8G?~NIOz8R40<YkKS&q_)iS!15sbdV
z#6y^oNIBw$tn^SqUOd6H5syWt`gxqB1YR?+{!f872ZbhlGbKh<bqNNc!`rYCkbV9E
zRm~qBpi*e%LWytjs1?;stRQFxvDw2%3P~n^3^OO^$oLDn`9i9Vr6oOm2rLr9+Z+-D
zUHi-!t3gWc<r021sts$>C5b6@7Tysjp<5O!Kobf|Xa#am4R54Wkw`_%4sj?u7u36l
z+o2IeXE)9FS#fObyJxr3FT<XUm&*>EyenJ(QCVO8^4{&}zEPCeRVL-6tU}@p8dlb!
zga*xp>7E5f`~*QWmfek0Y}QOJFhI;#8e2B!(Dje27!)1As^B*-h<hbeZ<^u+^X|zg
zh5pi5PcZl1{f)w@La8gYtMmtIpcXNZFEf5c^h!{J^?W(MQ=fSJaWIc>z;h7m=#2(O
zCFFuEqe|p1f)_tuEZ4xL4bNn>y<oh-w*XE>w_&aU&c=dYxk5A%4sl|Du?LR$*}9nl
z&R+s8PJ%D$qM3lBc0-k*&f9G{9ge9PPL3sf4Q$n4qEm1TSjNG-6xp~UzCt1U7b_-q
z_Qfw>e()+9<zcaoeMXf<#$@Y0w}Gho`e<X2$dj);)eK<Jtbou4rnzcngaBi43%MEP
z6q=zK$$erGm%?;owtF!0nHBF{4Stm*$vUG~pqbL{Md&cxNT!nBItO3sftCgkfN^jF
zWvM|8)%59C4nG=B7=?!Nsd*#`5=91XF#Gy?2qpJSVZ~h9;V-a*1*7z!e%Go}OW>|#
zvRPA*cjhLlO~<R~I-5>DDN_x;MVR#UgfPecymyZTab)N;&WA!o@^s{6dl8#fi_rpb
zMei7{$2Jno5bc79W&!Xt2XaWxaRM#+L2Zt5S#F`^nJV*&c78n%a`R(R0af!V!_$bI
zYo_rI1ETVL2~@KASLxnYgv$0ueky@U?1|>@{%9Mo_xUh1XWk!d*@=}DNw8+dpm-b)
z9!;2~>KbHjuZauBVlDR-jK+)88}Cfo>1xGA@vLx{Tv8ae-8ns3uz_bD7HXm%V<7%`
z=M9t@q^x|=!(|hF9wM!(_+|2ijtey(?ZP0Doh7u=pw~p}`&g)n(%zSzPO>(a?#JDT
zB^)J;E62Yk4Fz|i<;nAgo2@gJ-i*B*g^Bp~)e*38W6XvoZR2I=DNq_%57?erx9fmk
znIm6*DI}Q1Jr0_G|J9hpngFsKG>#)!Ki!n2lly#P>rjT8(t?-g?5;;!Es0kMJ*KW3
zuOASpls{dprBqHGh%8}{wZ1IC#iA;bQc+={D(NsLYxybZl@mA*UJLJ#BZE!G8=2FN
zAXAJg?xvx@JpQ55HGLL(7OV}Rz4xX>M?wP~cxVWSAKDt2^H2_xWtxZ0PND9`XSrNH
zG`RB=h@PjhOAS4%RwZTY%@aMULb3Sm8a)m!39KuO;^H`qvwpwD9~~szRyL4b2Txo8
z6$M+oS0jx{D1yL)`AZyTbhRm$zyL%Y;t+ZO*{N<$|6cc^Ee;h3?LhD+rbEJX1yQqe
zQBYt!OqD4agQ7FET+bbSlUishU48zAHmmU$`}{k>k=d}L(U*T>S&@3$>a9`IDfn{h
zM!US1S#scD+C1Sf6HL*TFmmx*OH-mPi~rJ`KeHrJQEU~`aDz5X68HQjm>H2Z7Lgq+
z>%NjCFEaT-aD&=pPzx*y0#C?+@0$NCY~>mO&J3y#;&Fum3pLk~by{@@k}2p+Wy&yi
z<x&Cue6QsijTwLtbkF0)?4YD{Mf6W|^vOte5)w*6=eKbURr>5lWzxjg*N*qohMwP}
z)=rI`9^k!orp?D??5!}C`~E8UFqRtnd$`~2&hYLvx|qc0VNVSI`&j6u_0wje_1f<=
zJ``}hC)V@61DLtDBF0+Ng0?CW=I)U!>&NworTnXWrl+&nVkE{ZGgIsO{dkAB)9IsY
z1K)i6n~i2eQ}g=$8I<d~$L*vG(XOY}L+ye1WoM_s=Og9{@v5`u%!;ek&d%1;d_?WW
z#^Sruj*X3l?dG*Id!zL;mWJ!v?)?H+uj7S^Cf3?+`|b8QB}GTe)u;LHB9?b^{&S_{
zdTVa}QG6lB?#kVKVuyvN&c<t@Ce-!osm1Q<wHDy@*6g5~{=f%lC_nSB-D<X3`Ev6!
zI$6Q%cGG%T>F)PF+V*PkzPh$!zFEIdM%?P@vXF8zT42k-x7=>N`mWt>cG}qDa@+1P
zF%p_s?r7Qa0qE>(&Tn>J_}4PC*?H+}J*c&AFRVJQbWI`JZOnb1c5P&0x!JzGKihd%
zTTIj(4`<8lY_8wW>cnn7O@-pwc;+4Dc)5939?jKqzbAuZoWrmuBlrP!GF-1V8;*pu
zGFmU!Te^;f;JLJ}E!LJl^Gl9traHcr7Fa!>a@km~*5@}JXFxYHT$`Eg*1An#tEt~F
zH!^P4Jl&)oo=G$8r4~Z5TADT&nyM`}VnVWIX!Hs&U76Wty*FCfwtA{P#FV$EZL~C9
zd1n_J8cj~7JKVOnHs>Gt7eL);m@7;choKw8$D2LEnd}J8U<$tn0G<o2_3w?<!k;?y
zdoBut_|^0>;aMfZPEp0Ysu^tjFpFZhV#M~53%?A1qhakEP^jsV3X~v|Q7sOjDz4ZI
zVL=HsAB^bb=!x#V-f5ax+L@fXqiR$Nm=JIZ9_dGyfG{$n;+C9h*jNTDc5Xs4I1oz?
zdx%QDCzE(g5bwXP56jm07-=a=SHf2-^QnmBoCnj9ezeq>WV=dgWbD?5iA6su+r_ct
z4dr{?%<gXgy=8Uvu=BF4`dI7V@Xz>SV4eE@IVsQY`{xCw1j5s^#4`s=`(@D=10%0*
z>%%lewX7@@8rX~jlEi^?qU|5l>TpHJDj6g+frWY1{vxbe#${N}9Tu6TsHS9O$v7De
zVs*v&09Zq5SC6EizCN{(=jY46Ur&a1?@}SXLJ(wmSlmBXyYcemc$u5*Zn{%TJwu-7
z7yA7B4nF+u9B01!)O2BoB~hPHJSIxbh1Vr2B0ns5FAaD5%JcKfbIfrrzWV}43Vh1Q
z919Vi9^vqCI9XS5JyZ()tCX0J>hq083gD92hOOu6Dru#C1)gfL;eH(O<exKzM5zRw
zi;APhntysnVWfIQp<zyRQk!Sttbw`Y$SjOTgn<>?T9R{WGE*6gCc9J5B9r*vI|=B8
zm7Fj}w0(MqB)Za!(-4U)tBu;fsB<G?ZVWYq!-g2&hg1jDT#f<SrVOj>zl6CRI~?_~
zk@RzOlQ7AlIrZ*fSX+KoSSa$KbZFBY7R#O@siQp~s*^(VN=429nTfMl2L~`yl(XI#
zCDyK)mKYm_Hd<3l#adNNB`qFpV8be5$@Zz)Zpj$z8cSLd7o;B}&8$Ho^~-<8*fknP
zZCyDM99a#)>z9Iw93qKF4bJd$t=rsZ^b&^C!I+zFMmz~oE1i$F3>m?IjGvD#p9oH(
zFY$t%@eUd=o3=>8oZ{3HQq6_Vu3q2M6W<o>v}&t08E>^OGltoaF$LR0!{tsYX42V%
ztbtVTV#Zv|yCt&dK)H*xXk*m=#x|U2l>CK3i>j@uMzZE+m4~u5W>&qHu&0Vksm;6s
zsmU}>oe$2rd)Ix#uHObc_aHwHTVusGeX8pJlb1?LkTssJoVKh*BcU<)$Q6#BdL~l*
z@`W6BDpy#|EXx=>ryf3sx2LEDLo|hy{XsaXuCD2qBi<Hsj!{|2NC$T@@PI~t`S?1-
z{z=zZ0Ajv?vtF@kTdf)+gpV2lOaVW$k~B|^T6se)g=?Rywq+hy%wA*n5Anj^jUF2y
zCCX3~47(bY#$cTF7i)A)W``_?A)#jrj^fgi&5Zl<lsr5P*|LXkWFASso8lzU(^{M}
zz_FKx8>}mT%Qvi&67X$}x#d4SLlyl&O~tU9MG&TC!^;PgjNuz8B>xb(U|t{`J<hYz
zJaGog;Z7JcMAjE+h>{R8<R1t*RZqf#TVD((t4vt(X9D9&5cpFuu%>*~P<}oSGYr-|
zQP^!Pt7Wy5$^<8*d82*0&Q8eobMZmVjr2SyF1?INFq{*US)~-Yzs!xNNE5xC{%1SU
zahC$L$ifM(PCUMq?}ffeI%ECYV!5hAH4zoWMnzYSo#h#At+Xwem@Z8J`W#Tdd1den
zV27UDv*>3~sL*>j=_troaqe%?0Vz6uRE++)zd`Nwq;K!`cJCe*h>!2{!IOLu0q{xo
zaJ1MXR+x)5B`C$GT?yGm=u1h-X4`RfdOXz%_|<t8llr}XdMp#lhRfT2*5bF}JaUEj
z{TQ=x{X2Kd_wbq6{`GWk!`Jac&wAY()pqA`{&?Va_c)amaQL?2=edCkXvf^uW9zZs
zzzwzYBJ4bPPL0`geT?zjc>Ij-dBvo0Unt=^*D!xPhQ#M?KZ_ZlYGRv)Ik>%|v*!K$
zgxw1ii?Q|njv1K2-<Gb`D`?$$e3;6N>6OZi#aV-!vEzK-jfX_U_q`2XFOg~H@`XX<
zeeFLcMw}m%=XC`070taJorCm)$-I7Dn}f7~4!v<VSbz<+@YGyXSZ#VU%Z#=5^?i`D
z<NNH7Pkt-c^@`gL@TLPawZIv|#b)(@xIf=Fn@Bp8)l%=7%ASQJ;0!^M4Jt#>ksqe#
zDduqe$^9;p{+>q~xP#ZLF)3eV<<SP_xyfDRKJVVO#{2XP(Qkuj5h6kTeUK$)6SNr{
zq*^W`Io?^uN%pqa<nGI@A;}s80+V}~8<o2Jv(%58fF)VDx*-g15xrzz5psfy+B7c1
z#-u@-8H&GPTp1yN9g8XoEn!qnKY`RY4sOG&KW%MKNP6~QKZmy>ZwTf{l{Ec|-r$p?
zY#4a|2@PSoi&c<yiVSzK<$hHEL8^LVE9QrplA@UdDyQU~a#l0;u%pQ02-zB{ioR|X
zm3HrtQW}~JNpPZU2CtkJME&piPN5|Yl;SAXgs_<sMKJ#b+c%vB6lmHlNNL9A9J*&A
z${50;jQo&$k`Q+amfQ4-T=6VKn^%<z@OPCS(Et+S-X`-wO=fqRs3hW@+T|i$f&(VP
zR~7~OeP)YZO@)cuIyvkXxqw+jiys2u;w<y&7T1>YH@Rd_M|eD*=w%{&y(m~es%4N^
zs5636B)A2+J@Z=OC{Kj2YlrYIrTX5rFiY<fnv$KHIitF?j7oNdF{mn||A2ad#S9sK
zn0rCyzR<0#=TQoG0WYY^fjC;MK+suXgl9#W^u^60!$()g%7#00R#d_xUerF@=D3u?
z6cP4(pTMo}Slvu0!Vj>wED&Gv5$M^mq~<f}7VvI5-VhGTG#XVWmZ5hcz%|spo4K=k
zHF^F_4#?`u>gwgG*H}WVTI*%I_cSQ4R@^2?R+b}C78&JiM<eex;GQ$3=zb^S6NFK=
z<+LS;{+-QsuK_!6-Dl6nX}Qb*6QaUs1}_IbV;^0SuzcTuk2zYP-H5xLms0N)51~aa
zZ@NN8!ko{DBM!5#L?lFyw<C|eQ}IBIyP*6@WGncIjx?m2E)Zwgx`E0YvL0c>%tFM#
zJn28h0HsnylqnR(>Y$9e3~K>gypl7~7JmdU+&@sW|3hykaK#{=M6@apuJ7(41G;6L
zoWvR$b3-W^?#9@Z^SH#{QX!2JH-kbW116n5uv$WkLFiK2)OtX*0fapupWRW_)qP@|
zoSqhGY+PSyLVX&%CK`!{f^f=U1J!+>a)NJyie1DS?CpVI={EXdPZTu%m(XopFpYhc
zni!;>V9lw?AJlVMV3Fh}6x-h(*V~k0*L!dNkuIsdw*{%3j+o~6orneBUKto^as|tY
zb2k#-Aa6LuAthCV#rzh;n9;sLYx`x&K&g}^>U9i1phZOwkDLrzuoSf-&s%>TmJvlV
z+>y+LFK-m6HU0*zI8f|DqlC4z<$pTmzE$ptE<u}86~tc%tH+E51BrnN($I7VCeKGk
zR5?ZCiD05?7@{cEoEiQ>0dqx6E!ljaYp!O!eRXPM_9INN0ynw<nkr@=#XCk*9Ow8B
zuVm_givp#eb6#{P+9qn?aH1ef+KF3S3qNypl{H0*-&-1uU-}k0_r#-qLOT<#ttrj)
zod=;9rJxIs1WG)(ptljJ+P{VR&ySL%-Vp<X&5CzmO-eRp2x3K1#oCgK{y}G-Nyp6}
z^!lU2E?GzRoVDWxJt>-aAhN=RF2zyS;~KMy4OWz+ai|i(q6t3-f1&<irFojvrUhRW
zH5J!tFdt7_n)fgUMvjQs4Gn9s+z?2CL#ck8u7E3kd}OTVD~Yy1bA~v<BpsuDHlUm+
z>D^t#v><b8wjWZuNimD0$|xI0wu%j-GzImmXO(sTvxNK_Ng|@-9}o7NGC7c==SzDo
zjtEbs3H*TEz(#Hp<sK#?k)3=#5UvDMxBmWtz&ziwjI@&oi|Iy;?S>lFj_iZ+_g9oo
z&Oy)M<*-E%7ac)Vax^AIt3_F$l%<sjvh}ZGb^P0*wxC(2sxSplPHAWx&rJ~rU!0dn
zA0(+LvF-aUtWdBieQn3^MF=n!WXVGQ*#J2LtY9Rc0s(jfpESWHID^A{5~DehFFWl1
zH$V&&ovqES8Fmn6p=*L}YbuePr;olF^SoZ{B%Y1$su?pZziMcxO0}&v=KbfXoF}ig
zTRx&*-rGLa55M~hauH((&K<+kv%sIJt{vHa#9BF<;`%i@Y?zgv6{vFh{_zbqKL^=)
zRN@kTi^M!6SDlSvQWc)m(`sqvZ?U4u)%><$M)nb1l#z(1nNcZICO@Sva$jQL;$9oE
zt9x33q-dHmqXwX^zup0_CYsYUb6WNm>?7Ksxc@+=fFTLi0#;Z*j;9;`6Aphcs%Q=b
zX~eWxHQPX}p6DSFYqgjq95;(`7(R1*0zaVsvvfY`PVmtTYr5RBxX7{_Ngh**ML(xV
zIu3rDau1G$XR=JpT2YKv)n#K>vKutxoPShKbMe=h8HrdLOI;ys-W@n7wuXq>&g!~)
zcY+^u2kN4e{QXYVlsdw|64Hc4m_RA{+hnKM+2I`d!*to(mvC=FeMF>ch-RzYBIkt8
zq+2(fn&^Z<n?OSn&Opc4iXV7tOK!zNs%sCspzO@WQKdX1CBF*~nX_g5@~ILP8+q@L
z%c<o=L39GzyT3L&{IGUy<Z${gU^+s}FO)7_I(PUWNf2evo#Nw&67fm{UtJ6_V(ye)
z^5^#h?7E}$7NVF~0%Rgc7SwqpIV-C#sT$UPj3se!=tyE^X^DWtL%CVeG3W;ql7yLG
zLX}il_4|RWI@5ZGqRmz7P_=GBbkP0m86}Dyh5dA=0;zFSo*qqmCf++R6)GbyKCu<Q
zzKbD@G$Pumb1}-1aiiY}GuEZ(WcPLl9#EW8W6XOnJ|fUuV%e0jDe%UXiZ^8iF(CEh
z)u5_o{gEk?J{3)tc`VkuVxWqk^gD>mOmz-}(D}<X!e!CI`QF8$EJjaMJmEA8>tpKb
zWwhuhC|uhoC%W)Lk?WHhgES(g!OO0uV@WpV!({aP^-wX+t&Xw}NS}Nwh9zNeGFan;
zIB~*Aij9A+wf($hJnD_8F!Bpe6&8xgZTQ_7UiDC2p@T*nAzPds`Q#Qe?PPTS*>#Fu
z!TM9r|FTWi1^H5P%*4Oj6S*#l9b|$o38wVrdm#cg?v3<Rxi%HOo?37*&!~+OQbYG0
zJ*QZ)f%nUYx+ZIVBf&)Cw<cYCL5--@ZJ9{0TfB=YMg}3a4*3jmk{Ew^fRZ}l#8PRG
zSD8H)+~NCtrUJIp*Y9}}<J<8yJ%3QU;}-69aVll6BNgf_j#_oH+&>mjM8lkL{yaU8
ziLwUha#{)tKg$GidQPLypDYUJlJ@I^q7&*D5sR7`TmyD`O~LWv`sMQ6^$Pn;*MzMu
zJ<aftEBs44F`Ef#kb|@N2B^%HhuD4GY5$0w$}ms|J46}}l?YtyDv{TSQ(x3ch#()M
z?{GA2P%*39f!G9vj}13-$LPeq8#>@6G9B?$Yu*hNMVmNOAdM)U3uDJNOLFqod!121
z)yLC~NfI0ddi$`1QZMRSg^_Marp=@(XO-TAGJ{Kk7$18^GNB~X>t>CiegH`!siPz_
zX!?7D&!dfB^E31oI_~sB6tfc3gL(LVRX(I(yBeHPArWUwqIMeR;C0lTaAB_d8rJ@i
zr&Y;!&k{lS86e0C-RmEvpt9SkSjk+i|7eKNsfcZ58B4a1q!Y<q>d^Z@@{R|~sHo%P
zIVs8{KhI^9<00GhgU7yUS=2p&iesEBM!MXob6^N+P#1m!%0&IT*@b7!QMg8vzvfi=
zVU+BwU@4we#NVCRZ2}=tkz*tm8&}Sgm_Rn_y)#9b8TM|eU`-!&GfD4K4pw96iL8Vq
zI19EE1{|;07AY|*GJ$%cTDdeMTJ?oWrGO+(a_(Fdflwaak`Ox3`zr||uGil@zRQwX
zb0HMDT-9pOt?!PCnXftiL187r%Qg$f?MWiyxGo}1JX$ifGWVSN+y9{oK3w{6ILxsO
z9i-S?M_3j-1b=FvLYn|Xg=UQNXLEz3&DrKq6@0d4>6m;Q{j}WFiX+yvqeWv8Dji;w
zxwF<h;z4Pjdia{Ne`q+ZT<Lg%W!xPVI?`}v!5-}gn)Z6ud34>-4%o#_LTJ4r-%>4*
zjka#I<j0b^^70xd!rlGwlwMG5mWK~U>e>Iv3`!+|V``-@r}KkYk?D5))BEatJ&>#o
ze7`WvcPu_Ve&o2MJwz$}@dxJ+&+ody|L&3urVyX4M~$BEDeLYlHZwQvyYA_2hCO%6
z?|1={cg|z2x9zBR#H$Bj@ZiO9^pMNQ=QrUm7ZUsA2e`xcoqxN$o}1x*o=Js;>ru?#
z!6HnK;QQDtE#uIt1nMeNp?pl$rlpr%r(|ivX<_Oui#LaEJC)<NoLfwlR7Ss*!a|M<
zE`|V6#IMl-<$F8<==j#hd?q493PnK6oUX`%&CuEn&Qz9vzEeO?1B+Ih+271=`%Avm
z`%BI&%<?Qc)h+9sc~}A!g^v_^IHJW$iTKne5Ky9IOPJHg^|dGT8Lgdw)6`PMCGhkO
zIWF}HPSQ#T3>T{>;ez9$^Rwmau(B-u1QOIm!4Zl>O}lt-uQrruNEiYW6q*C?SPDwW
zqhO`I4KcPrFd7YrrkV(<_p>}b_WuIqfed|i!w)KrRr7@KdUlh82f9}VE`944?kU^4
zKT;@RITf^7n7y`7qqEEFB^3puricc4EmuEL?=hv|o=L3cFgH^da01`0hbd?Egj%MA
ztLanUTLum569=LTc4|FtGtVIQnXSu@msx*$s#ec#29p(b8v8{z#E{EV$BmI(+7a6R
z0{@J2q06?)#NvE%;<@~UbD57{7rxi-FWs9HB;9iU5rZ?u8!x@{bl;-H4{>L9)hVP`
zpq=cqu>|wBrpT)R3)}b0T^3k-3UVVrBlbH*I{SB(+dIjU8=<`58ryx19hjvnRu=Uf
z%$%W$Xg>x@*v)!OJe&5&Ehr#bRdl+4u;L`qLV{a^u=L){iYzfx2*fO$@N(G<B-@<}
zwxqaY6`sNGp0g_;asr~gQ3{45p3mt!i&9?)VyKbSwD>VB09eBUA%D?aT97*ZAgyS~
z6r*S!!_>QVeQ87ehmyH+Y~wh_040Ij;Q)ecWFvy9#-Y0n6k#cj+B~@p!QeWaWL`XT
z<~Y5z*?52`FAtM{PEu}P)KnP(sXQkI6V647dW?(uQKvx=#byOzs?_~KXL5=5h|FMp
z2#o<;D>7njvZ#l}#r1j)XdK>5@fxe}Z6pU_^LKYQv#J)w+xwAfqDhhLX8tYGcsM(v
zE{=l{@_Df`mQ^E7OsX|6?NJkZn1utUw%1qWg14sB@qjZj3$tc5X7@R{`XSa5n)uym
z4-Zr_JmD*miElDJXLUk598{$WCD<u=0fR~zT_yiH71oM*K%QnUhH`PaH}WzU;>Dc_
zOGI#!CS6d_W5jHeGLlN6iD<yPcR`(Ipk}k^4Vp<l;Uhn79BPmE6@2Z_*Fk(Xs>jrZ
z8B3Bf(f)N)781=l!3fiSNnt^VsA%`ctMz<*kUMgg4V>iVxd;Y>CP6s<<tR&%i$nrV
zM5BH%>5GJt-<HYaZQMy5xw@)U`8Tr}m4a2fYK1+_l_J4GMVwNR5wrw(Gx9*y`?;WS
ztYZ=341>f>8>=ZOD9S)qb4@(VD-^cYfoX;hZ|ZhYBEmS>Kh%lV;UVy3h6?%k`OgF+
ziUlL09%2X5NWH_)>I?<BgBRe4pM;1+n8L+pms_cHq-)%bz}Hu#E=2sLm@a(83F@1H
zs0|~vqasT`F*40XtRvX4H`Jj83<Y;n;0vS3*$jWAm<XWEg$1#Tkk=<FPkN+eu@VMn
zGb?()A)6N$<pcG5nX-mRfJH10j}c0i>0(Q#QP;oyP)H_^jhJYev>-BpAxF?;D7~eg
zIZK-yqCrB7pBiSN!J_|VMe&|>B}Zux;KxXts?cAA$Z(w|o-9S(hq>rS+Z4}H+UzQu
z3b&Rxa%Oe144TOiD_u+RJ$kmEl7%cd{i|-w>Y{Q2b?3<<cB#00>`(8kcCgD)0_U)N
z_ceB-C3%N`B?bf2?Zk4O79bU4%?(G(6?1^KaLvI}V1nztO)(DF#d@%X#)vVmz>1rq
zV7x7lENy%fVq>1lMCBQ_CLU5RMG`^=nOvAEx~+yTRr*#L3t6#Prp6MXg&E8XY@oK?
zF@KO#k~N(HXG^o@6-Au^4@!K1bO({u@HA1JWO3#J#byvi%tJPdogPo^hKqm{hc@Gx
zGY51~(Ll%8!&TI7#Z=g{Z$r7^)Ikg<n!)I9P&#jxU($V_$wJq-&vvK!r6By|IBxL|
znOHLz1I6$9CE=o^YeXeczbLtKiC%L!j>m0r=4bN4c+NgL^pHd}xc7>?Dk}qW11)ms
z#)R}%_*VD;X#+*aSIMw!bC1zZV^iyoZa-iNgGJ^WV;q5>Tk%mP#@2H7d0}wd4U(cm
zg!zT#nB*`G`DkT6@k5rXqxXX&Ie9b2GLU9qVJY1tPJ+CHw5&E#s=d=tjqHgttL%Ze
zB!%UP>1dIBH<P>-6`ZxBG$Tb+@sXt8vS*2$2YT!AQo0eTTJ;4Qgp4+_Xz;T};JTC;
z8U02g{Sf;!63O=C?TZFMg2Ivh{chqE#|%hAcUq64PBh7e<i#Xp2w_%ey8F<71`U4e
zITHDW;+M_o?Y%*)f<xkr%>0Zy3s&K~m}MX7Sv1J<f!$NwQvG22?{jqjZx*jM%mx5-
z)B$S!G3yW3-wb>p2@zT08bSSl|CQYj1qJm#sRIA3{6~TN+p#wAuyb*yF)}bRH!(8S
zHzuby($|ODHP+Xs@Mownh+;(wO!XHqB#o;_A#Dd61p<<nf`l5mmCYylE6n+~{%7*Q
zf2jVa{l^L+J6lr=GZ)AI$w6>pq;s~jv$i*|HL<4q@8$j>9sF0hzgz_uLj%WuBlWM)
z{;~mF?Eew{H*z@t0?pph&dkxo$?4xC{wqlXBO?=QlfT=w`~S7o$=Sf!<^O^BuRQaQ
zNB_N@`2S*u7B&WECQfvM7S1*X_D=uCJ^u>Q)Y{I#+2lVq_^(bD>|aPDJ6q>}7$)vE
z)>l4bjyPf|yFT4S)FwI*Erh9In}k0s<4{S;C?ZJt_a7yWG569jg^h((sm1f;8qVb~
z8qX{nb0%=!XHAWq(ik$O{G!i6-_ehG^bE(;d6?pXG>ntQ3Hnn{Zg~7Uyu6>Dw#Mgd
z%kfupK01rtJZYlaOU%};_dPC7E>^B2E-oGb_sMLz8>Bpq+)SDZY}T1M*!?|NkFJ4C
z-_IUY_ghS{V6OJZ325-sf)A5gN@~xXQmwp3PIqJi?l;WW(^#cmp^voI>zEs+?+F?Y
z=^6*lb`xZoCE4{f1T0%V*DP1w=<HX2Al3D%CCu#v98OlRryiCW;a1GHu1y=ytlx2G
z^qim0oYzh4jDAnGZE@b?E{`*IEatOo%r0?xs<r6M#W4pXZj=Z(7A{4-M=J;kCKOuQ
zcbHH9XpKZ(Oq1GYJBD9om)h=L%Ifr?+Hw==H-VNR-NN4``M3yWgQk0}EO9c}fUA(+
z(Ph&mwadP~@z8~%blt^H^0#{Q45S6{EO{!ec^_;LJ}FI2jUSUbOkx~tS3p_J%H9Y@
zvUZ8EMq}dt_>tsH-~Q>c$zCTJ`d!P{`G+ypStMcD)#sq)3WCr9W%5-#Xg(RCgICAP
z7lYVzTU#HbISQl2q|I@>m8&~h2EE$^jTPMfU1#;Z?ry!6b<2BhT>RcLB+Zrq3?<S<
zN4>CVv+6SMrG1rjd$^Y<JnjX(9xuZy9yStaiv&shW_hvo4$VQmwQ&;4qQ<QgHw3kv
zibYT~Z(}hYnOIkGk3MHb7rd9hPNDNjqry#<@3peSbYSoJw(9LUOe>%tF2GlP5OIai
z<xU5CiI^OSL1~<tUh`xgV)vf-bQtkiAGYaau*fDdL)QKqE%oTmC>juB&u8}q1^cI6
zZ;D%AF>a$_Y25X?RhKj{PalCC$ae+db;I`QmzwV3Kq1vW#5&gwRoWS%@fEn9ZSw)5
zT=Pwtla$cLuhR8kJCqY;*gO#~prDzH5?>L%I6WfXL&O{{-WOM)Z{|kZ?fkAh+DSM;
z=Oc|pHzt{7SMz|J^bNPg3ec-)c+PYOR~BQfD?Gfq)WLeQZXF=``x0-*9j*BOKX%Ya
zh{dv3k5p-asIqiB+`Eqy&csa2gs?4E{3)RNA^Cbc@r->wNb^g)Kt-$)iP4KdWRSnd
zUaTW;HdY25Ob0tDLTPrM$?3bFDQE;V&zFP*Z*u{6J>L&}-?7iBd|x{~pJ#xtqulQ^
zI=}awVs%P$FM4X1iKHZV*#ab2Xs8cXY_etD%bUrF8i!F|?p$^MI;+<Kv^IuCyV|jU
zmS9p4&^e;+rG$fq=PQ;|^Yc(vc;T67oBSU7mV>Wx$REC_f@||_0BCGGU``K_&*1F1
zAJMk<bQ|Omxve-oxYMimN|ohWnkNPJ4!fEhbK_f@z<z0ZVeYicM$YfIWEx3w+0Ux5
zK8zUO)kI~Y41aSD+7_@eg@P=uvmK~ga5*6#3brmDhZC#S@>_kk&rNctI_ZVwf_bLp
z!67+uB%&Y*pwj}4v<oPI(IFs=)iGsXf<@@UMcml5?EWV6AW-G!_pUE`HiTBbad{7D
zXG^N_--gAaJ&-Atu0!6HK4;%h4-oUXwY_7rS6g??-Pj#afY`}U$4EulTt^9#?zuZk
zxUXgOrp7nLz|5K9-svxX;T&)&1J40nzlg;9D2xdo8;K2f58&ohjNbo4sa0>GGgEvP
zde;QW{|f8lw*4{MR_UG(kJekqgvm!pSj!i-z2x?z`W;mK&DX36o4iBvEfC7l2VcN<
zacc0F<iSwaM75=icf;+NXF5g>uc`YgU9l>47wiI6%s_~luf7(Lv0Uzqsn5J*S2&ra
zU9$y(_w=<F!ESV)voz^aZzSuK|I8l*MDR`y9K;Zo-iN<qd>rUkUq8dA<Nvjcj|cm@
zXKj7{zZY>~U+0W1m#o$2N;qy0$iTh*EGw*6v%Wm_cVYRn5a1@1fgIim2m)LU_7b9R
z<4kjmnj`9_`)nGDoRdNjH%R?uv>Dn0zRz(ZiyzNstF&<J3W2`r7jN_#F<z_=%gp~7
zJ=&q1h6crqNY3KR03(Ke{ZWAbGH1kzPI~>$XR!y4g2<LtF6#277NM$h(}&}WDoO5V
zt^@qYxESWNCYh;&%((rIV6V>FOrC*7(npZdY!oogOga?7DB3)VE7EIF32${gSFG2W
z{T&_S!j8~Ih0Euw$2;JP0*;I~v27mUXT+O>EjhmT3K41>4WU#lb5H+M3@z%w*N+~j
z(mi~H@yGDMT-EeBstsx$UrP9_a9GR;59k&{6dTfm>7J1T9E2}7z~dtF&D*vt=z1Fy
z(S{#~A08u=0R>sSp*_!{H-6=3J>y0PJ&`PzI!Yqi(R4UUnXq@%fI0$V7s2JpDsA)w
zqi5|48|4Id)ZLx=#HI*+LOPZe{&2rX19?RAx-!{822`4P;qT6Y)t_>B9{uNhRc87)
z!%ZHBqlwR)m23_JQG_$=A-oQtx@)*(-$nPAjeM9NtwrwjgMs$uVMC;M$SqxA+1Zhy
zYrLThIJp>*sMfiC&fJ$v*7)0^gf8|Nk<a0Tbj_H`iM==Pq4f#5+@i{cAjC?w(a>S6
z6!}UQ%QsiaFNj7@d^(!x%DJb^a+M8je<o*>75&|+^85{FI{^-_%pb5jWBQ7zJbxV(
z_Y(ghClk+xhwzaopu-&4tiZobcAb2s&xA{vHV>e>JI4DpzU=31S5x>x`W2F&Q_{w0
zdTgz$_R+UNzH3Q#a>XTCXM3hr_)=Muz<r?bFd(}8!Nq|etvXB4WfVGCKjo-ITYQp9
zW`3AQnUbX$P~si3CDYd@8#Bq3TYw_dyVD$pwZb1bQe%yIdH7qo#+c855f>g2n+@;M
zxaA<i-h^qUy;cXaFq^!BrF=p*`T-BWfS~E*rMKZ4WO&=XyLkX6#{7AB{u5f_ea@M=
z0On})211O%<sjpoy4_fy%6(j3zvHLNkq|HY&xaN!I_!gMAlHFi^5@G!1M%V@5nQ(q
z%&LNLBgi!fJLSnpNCr~K56r}3SSDWdWN!b0gg)Otk+@|Y=oY9yRSnQ8p(`XAmKNiw
zA5mJXg9v{4s#AQqTOs+EY0bU2l#QtIXFW0UPV~fRqbSqkmD<_uK0Pcav;i#;5n}W*
zK2ZGW)9~4-;=WJhL;_KMUKS7xAwpHXyg2&ul+Zy|H1Rs&^fN3Tm#2+UO}Un7jyrJq
z4!h1b;L!Gd<n*i1!d<=py`C?h!8DB}Fs2d|kCH`EKBdbVN^Ax~F`$6Q#|0O}A#?zQ
zG~W4YKrpER2l>11_s;WgdOy$BA3>Y1<YBnR)c*4?8*`z@x5r6qw6`g_XB_*I_hL8*
zji`GFcrFwj<we!S%xG;~)ODh@sI`FK8DxG%1;_%$0ZIm<EGBC7#Ah<0A>&b&5tZh{
zd(NDS=?XF;XjANrqA+GdH4mYX%4W>)oC+KexwS58YnmcCs-Bfe-8*Zs?bE5PHz4+X
z282FUnP?r~gee6j){=#8Fvm?9vg8#Ur`S#;pt>^7sj3|0lWn!s%vBUB5?6XBR$XXj
zmluWQHI92i-56RfqC*2SD{t-QOPFYK)OsfqQ7UFQGn0MFCZa4F>huRu2=HiXTzaz=
zoP{ROaA+R6ba~2I4zrN)g$1n-Dxnoj2**4H0ZZO0x#v*_-T4W3ZPP0yOBBWT^YH20
z8pu7k)Ed`qK2ljw#|nhb-Rf3s3Vt~HFUe;6NCOVPx71K$rqUTsaiP_Z2t?bRoofn+
z?uY0jl#)LTVfe{2L!bD=4y<7KFKLX?W)}5MsECx!e!V+a5iLI?!;Uk}=M)<v9a2G~
z7U;a&{uuBsA<q?8RPVF>vClK_6rCE(=er2qa^bzyCq&%J-S@l_^z5_$3Mu%p3S?mT
z>5}iGcVjLdA{ly9^Kb;6%vADo0&-N(0x){k?k%c|8Eok`qJ5%t6v0%Hlh%oMZG~Q@
zTjR#FNuvs2!1q<=pSC5P6!XtoMDESb=dJV(+h_xa%v_vn&HP%#@$t?g&%27g(%deY
zdWVe)@fC)h#q{gfhmH2+!NT3AC2IJ+yolBmxj7r^^5yLU)NFn#iht8a^T@Qe?lGj$
zT>GcXkRnD&&xKr}!?WP$k>n8<7W#S^$pm`a?G>~UaPC)(P&p@U2Ai+c=T-WFni@J~
zXPe!qA@ee{f`d)y$1twwLH9h5)5?HPbkv+X@4Skj+klTy-8gXIUbpJ+RTCJdYa8%c
z!n4XEG_em&;Qn6KG>4tj-{&qeD}|sz`q&e~;B|P+a34rOH&iPz2)Esacl4Huz`H)h
z6;-@^SiN4bCJth&b3of_C9$Cgyc8XEmxO-@B+A=$&p<%2$&nK=pv&8qVt2;xPwqRG
zpht)O?t0OTIj0By5mJ2HTwG!$f#nejtlL~eqE&CwL&8`$s+S)?H6$0;B82ZVcV{n)
zRL5$eQmc}YCd)mvR;b&xk?U1my$EZe9A18fcSgt{pik2_H+xxH5ZL2DpS<=6=FPK$
z4syQxATx67wud4DKOb6UG)-=`mK6z3Lf)^JWguAk?IYpDp4!%8KL&?muNv@w-R6|g
z=v1c$J$S@?fh4jk<55b&Unq@~JOm&xa3x<Yw)yJ^2~!^yqq~aZ0#At3yZSO%?9OVP
zk0u&kKKNnzh0hoO(|lK&_lmktWQ143yuLUYW%MCk5r8njl3x_z-#eYM=b<K-pDBSj
zVKY*AuY)}UaT$>y3dUoi?VR_|Afv-~ED1+V;Z5_5+_5fN&hSs`r^ZccmX96vRV3Xm
zL{9g$cxCU$ew?MtA)(cvZL7`+_)89(Q4T3fp3cR|f4<F`F9D=0gH$VuI4O%Eaw(GK
zEvqCe?i4IoKBcK7sD#4hhZ)M5-=&MwBr80}*&A}O{7O^=sZ<nklNA$Zk|fEC%Sxk&
zFUrr%G$k~jlA)IPNRw~HAI%t{8Otdvz70@S&Rr7ALKLu;(nMl}2B>{tM?V5sCT3Hb
z_qI0D9Nf3xzghurbI1*)Wka4`77Q`0;2Eex^ci!9xqvI;lJJ7=^Q+R@q;f^nYID(K
z!1oP4jY<sqnNo?Eg7ki3s`g0C8HG|Y`TOnIM9qQdO_GHos@3Zw$x8fz^SCla1f}==
z{e}Av4iit*Ap~BJF_+8LOh%Q60<hf9OHSJ)nRL=%27fs{XIzdv(y@e>?~YFQNFBB=
zqI{csbowNBf3@C`9(}iN#;PKiPLEYxqiU!Q0~VxUWe2OMdHw2?9!Yq<mq~JQw1eG=
zr}aN}TFgL)FcE{PC63#9eo<wxhYe+CU?PYd@+r7gxQ=uat?L0Jzy3#K-xyt4o2?t$
zc2cozRg8*l+qUggY$p}lwr$(maV4qnR-JSEeqZ<LKI6{)XRR^Te8ygQ=Xj@{8Rc-?
z?wmyl<>P8$eG3N@q?4Gg1X40id2_HG)Oj}sVb=}##(Yv6TANeX!}j5134a=2Z+7NG
zxozBT=pfzbD5d2_e<;CwNV*PblUq#%T^6!!$H7zdds}{-7fUh@Goy}QPFXNO<82TD
zqIA)D=+0r2{rUW{f1dp~wKUWrb;tnla+Cu5wj7>W<$=I<FVYP*wtu{%cTsguV=2~+
zzioxNT!ruc(e)Tog#J)=g<y<jf<x#aD$)Vk-NA*5Z$rCn8DS<x2wRh4(26kKzBOgK
zaLZ1r?#AmkM~4Kk6L{<ttQ-3}+K&swY`q)pDmw7(P<vmTLc5v?snqkEHbdF)uS2#J
zU}gh(|E-6aBAlZwJmHeuBqOe$DgnaPwOWnAE>4W5Ic}ghr{r`70?A~G<?j0i7jHav
zg<W?7@9d@kg^RZ%hMmTkVf^8$`<(n1NKd=j)|ot)Z9HQ2;UgHh;JB#xnkD-PLY*>T
z2%I;*t|lFTkGPkde$YoBbkAgvTF<TOpsUdJB?RP!H8(ES#Wlurt&wL%`@0$ImLJ=N
z!lA6T4^!_?ty<g7ue8lKX+M^kcj)c|C_g-<W(p2tRcmpthRi2$Oe~YAm4qeJak8Uq
zR5VuhL<4N;?5ga7g4zr4u)3NuiJA28yTG=3fRf#ci(3&8rTwsA>x9%V9-c?_`vb7I
zaHMUV0KmQG<QaQFD6}dYt9y!Co`R)Smq5~bPGx<rJwW*&<tH&MSl*OK;#25V2Xr?)
zkof%&#_P*{f*qbCrwL6q9;UNHC7l88&|ZzN?}%!c7i>e0Z_~`$T;M{)Ex8jzgA8xj
z&C*YvN(|sg->K9WTX+y==c-eiBg=tb?ExXX)@wxWS8NMWcv2*%y}%wIjWeYXIZ!|M
zy57Gtnbck3cS2ZNgu6dOhRd=dA=3K-!$90wAaOklLKoG`sWC#r*($_r_vLX)m(=}C
z;ULS|5B=zCAjW#EYiR&p2DL4@X4857y~K-=t27%xL3htUaSvTHh%ij7PcxoyTANeY
zJ1_}Ej?5uycO`3!$v1wELV_eA#2H3cBK6z42@rtwC(ZtjP62W7E(poN7W`bl7xsVE
z17$ABSY7P-eEiDKW*Ywmc)wkj(hc3KANT#`LiFu;MNho2ug0@yC-*VzoqzU;W`dW+
z=Z1h!FGI%vvZlRkWEJd@l#gSUc`>G$zinCEtlgJA&6zx?PoEhZF02yP>Jk0xEf(Y2
zLbDDoxRCwF)Af$u5}mJ#!Ig}a$QIVJ{rf=$;Y{ys1C|uhn{`ZKzWq|~jVa0j1}!w2
zX>Shg;9<b^G>#JMcUBa0mTx*XfP6e^qd2^r8RR--IFlob*-$d-*?g~$=MEqB7|Xj6
zL^}O|;un9mn(aM4EJUpGMdmH52V`q_V-<iwC?V)g3p?;w!~L@~7y%p+zU%l*o_3QR
zpB*sDv(`@3GMkuRa^X@qe)#~kKtQ79B`e4Hjr1P(Dedb1Z0=ctEegDbvjtEJ_OR7g
zc^2!SoZFzQ6+J(n_kHxYcL`T@P&D8K#QOfO&JNQeZ`B!T!YTxxGo=ZHAo0|`a5KU1
z4D;F69d5s5ELDco#ZIoJ>P@d_9vQqv|8g%n`{N+Qx*b$ngDOP8^rB3cRo)F1^Tv=j
z0?+epI{eftES5&vl>3@LV^PesPK*P;Ez>k{$d=2g@4lzLQwOZPL_b=|GRsts)st=!
z@(mctn<LZp&8yufioaRwBUSs;BqA85ZYujLg;}kdq3VbaexM3YQR@5Y<UFL?Wff-N
zOqVNfCge%4^)#n5J|HqM$_~;LjY!I00e;%AB%p3COvPz?Zx2`S7pqdQ{jT4``Vu{5
zUJHjU?mO!h(li^e9ugLsjV~zQs4OBLXjp>3E5A$1e1P-L`kvbyZBX(AQF!U&(1Fu3
z6xYO$B^1b?I@~z+<x>Unu>L!~1y1Ki%<TSpG7r_V4be|Yhr`Bdq<wdO1z3Pu1hLv|
z18kx`R>a2y22x+5hMG>Ceh3t0CDhPx?Jx-71xVaL6T%$Rj$%}eO_q}Z+>8^ecg_c=
zu*{T*pv~w$CDJEd_On+z0v|gV&hn5etT^UN?Deq<Z~Lbc&eqq+;G)rx=Tgas366EL
z6wCnSf{z0wE86-lE$q$jxI=1c`l|l%5t;8ISeZ-nqG7)8vgFkdmjaC*`73nf*wne5
zi&BZHT+yn>#4byRKdO^D7n7kX3H^IpmL4uoPRqK0CS*F8`91|K68KaDUhL=Rni8)s
zhw3xtT(_OX$s&j#{H*qobE+%XS|d&S5(QssS>8qJ-eVr>ts#fDRhlL^fsLr8Qt-!D
z3G^KnmbsoabAck#qF=zXU}yZSiyplot1xkJyj{$Q^g1wmvbq4eoxHEruU8b$XD3q6
z7w4BJ^!#nXpY+q+8+`dlYJDz<ng>tQr`Ig|)uK`i`&I}_E>bQuYO<cBd!JLLs9_&e
z3GRRmb#nU7Ja&x@QL_9nn3>{p-vfzCSH-HvzAD58T9nifU(|sbGL?>N`dkawJY<_I
zCC_pXt8+`>*Q}AU=6n`-*tNPB$e5nhr-3LcA4I1vmfYv3U5*5Kt$17<bJtP@6n~ZJ
z^CVyw*xX80eZGR+wt#JQl-hh>+}&2m?*#f=uv_I0v1YYQ@)1K1yK}t)oN7On`N5%1
zT+@JTI&RXo*MMm(#-=;jXdFNgxnEjpi2_HVc}JReyDBS8WOUkr^ZZ%5*vMOO2R9r;
z>edz@w(bdas0&RtMiJ~oTAGvT55s|nJ@da6V>M3$<l&G<!4Iui8>i-n%d63v*Iwwj
zOXzRlHIQzeHC#scB}JWtd1!bZJmN8z@m&lcR8xQsPtRYT6((Adv`&3M@ys-}F`tak
zste`4qzY%{yln;#aP5%MppG&$8M4493>&Qo!3YtC53HC|>}siD3Y{nj=>pIkr1dgA
z_7aeDMQ=g-G}a;A=OctR&PLU*#!!NsfhZcEm`qRZ`M?T&KJPQltTA*4M#Lh8`SAhs
zG5089B`asy!%KXv=Q`K|NsAQNB_pKwOPMP{*KUQ`&3#n{eW91;HNb>z-jih*0dTt<
zFU+*}j9OW~lCzPo`0PLtSx7Cfo4O*t{kqUUHR|Bv=wZyMS;K@IcCg-K^#XpOU;wxt
zB$f5+t1?5(IL;k2B9%j=b&RQo&iW%Me1_qU6Ix-r+v0?3JM<9)AT;YEC$X2b5#8t)
zQYvZ33&>N4B@x+YBh}H2o8XapGZ|H*sBA#>6VanBJZXxj+0!<R%0Y*Rp3?x9e$nQ=
z<E%|jd2;NoP^^jPs62blXCg#;De6c9fUxN<v10)sfY<p#vP=q2DP!WcQ#WK&D+pVs
zP`rQqVKRR0;XbdU4E>C}U!V6FDd!I~;v2)`hC9Vm7+JKy=wpH!7TFhj+0^~$oy6c_
zAvDHC|6{m8*}X+%PEiq%eq?d5c$)ZuFk!S1sm%;M%i0yjV|e|+QL~Oif<!&eW4KAU
z<{G7@Y4t3wLMUYFZz%*0$a+>FFUVLmfT@jG_;vIavxFpcogyp-=$urotu$_gPNk&n
zvc|gIX%WTnK+bWcA(?T0lPL=x`1t6TOay2UTe$a+joeRqNkotU?sYf)*?<Qgx>0J9
zFU$J8>65{zS$c!hxXt2mx)_&jNOP_XC45V&Xyzt;hysUgGWf7#hdcK7q>#ud>>IIS
zHu2-FC1BD0WOZ?zX`JBn=q}+-8<37;Hr*Np-l9ZGqS<w6BV(e!Dqyk7hfj)Jx`_#4
zmW<OEv0J9ei1v%?P)%dA?=<S7QMR*Tlmj@=+&pJQnmFIS3i4yo(lp*FxISBh(qC$2
zBoegJzKlT8ytY*WV+XE`56n7k#-@y@F9{zW$Zd{~OiZ(xR$IECyg|euRPsX@N0dqy
zG^p1lfj|IR;Po}<I`Gz>YeRom*|1bwxzD~1_-vooo$Gx7xSYG|gdn~kaO<WOpRhDB
z1h*we`xp6mdALlSKBm~0mA#{I(f>3-gJI!hIgCtf>FM+wc0qcEaIf<-r8G^Vvh;ph
zK5yMcalzQOdBP|L7siVsYESnbHnMQ46r%rDY3#y<)AL1U<!6$jk$h?c;o~eNgT3we
z`b9b_p@giiWWXbj^|+RxWEfz0TnX#)IV4Vi=tD@pk%N)=o6{8s>cZe)l|C`Q%&_Jm
zf%7IRTEYW%la-xKCWAHR+6|rmbR&uv)N;ba!cz@2#QN1j74tyh+uoA!89FHEE`Gl1
za<|{>If^kA3r}$EiJ8PV#JFA9!0}~QC<#{-+7PxRc^`eO#MnoS*HG<wgI~cX%nQNj
z&OaEZXH&U4iPYklCs20fQ2j93<i=YsjK8z(trFd(y$`}pvK4RKJ}Wf>y;z9J5xO?!
zruU*k=r!s-n@ja}dZU3hp{rx($pA5w$_Y*@-5`R*yO>$QHgb*HLBO3hYT@ch?G%6_
z6c!BmOJ>o?X?~NnMss}0+wLAAMv4XopQH}XWoO5NFB4*dZ$zPtTk?^mHquGJv_CAj
zIU;VF<uiM$1p!25C5t2*R<Nr;{A9D|VXbXLPt(Mp2QND1Teq&oKDETJ*Ad>-4`Lkw
z!MJpMKb}zg8d1{k{m_~n-h@1g#2!gA?ph-Mrp--^nZu6EF*)?P(xNM)F^m+=kj0>q
zQ6~~SfVdIKcx(!c)KdmZHB_gX5TXCMPlmm|HO@7_fV0Q&KIhDx5j*TT*JP}f`w0Zy
zSgv_q%3AspF@0P(cBr+J*0mtvyurD&$NZ&u_bo`I@L>XrTgi5MR~WLk?#Lk*h~&nN
z_lm`g(5xPxvC|!$tkjaQ25pG1Uxw6p(X3J?Ale}7=(d$0bocN+&#BZ!S6{Fc?Pc^{
zXk*t+zx7xjBj{uwyHDVzg^-6y3m8&+2pS8aev@Vxb%(Qd1Jny5kS&I!v-Ie9YY{pf
zm52P%w*O0)a|r9E{}LE^4?gn&)Ki$zj(jk5@=8jgIu<{dNf+2?qoiPwg4?7Im=-qx
zoL_PBNHW_K|F`KwFSMYA?!)7!e^yu`87VkW!Ly~sg}?OUJq_hSjT@3{WCox04u{s7
z({&bY2WE?)LP*xvPno~MvKaSmyYN*9*D(#^qyME}2N#JC6;_?nkB;W!D;1Fkbq;2M
zSV)1Gnc>r5Z4&n7=`tRIW;Q%ensxA*3F__uF45=fjRs*NqZ%!2m`x3pF9#!N8go^%
zcm<hqJnR<dHx;Kgc%BpADLCybrHNJft1KbScxoFx#_x)n^c4qKB{p8)BAP{fVqnaJ
zn9%n1pBtPhZLxw+U5&p>8kL74M{DJ*|A2ku&l%jIUp^EtcQ20rB^P_LC1N$}1s}U(
zMUi^v?<WX<nqmb_l)vz$23j8>0P;LuT)fRs-%vV$VNk&9)wu?Lg{akkd&>x>o0e46
zO!Y#92+mQ+c9cqZ1DzntvlwS_$a{dJWl@GFPs=++y<&3`4X54{GswAF$>JdV^@0)d
zYckP5PT!*-{2LgRXZCL&$jtY-&f^mPlB4rc{JEkn)9Sp}#_Rx_F#P+Twzgxh&IcuB
zXUJI%)li80I?qr@&`p+c9E$7YZbG_wI!5}hLDvlovdJ+>rAaWZ!&OSEc~LalnqUK?
zhuqmHlNBs^<f)(RfnhB|-^#U2dZojmSb&M*4QLl4)SE{Tiu^()ZNbvR6k2hRF}&Em
zkrRX7treNIu1*w<05fw=hA@l7MVp;6k8D_Cry{FLl81cbI6w7tJeIV;>D$j!PAVc`
z2`78H>kR}zU{&sI!s3%~l)WKMW>Izb=iwudiAOVsgOM&XuGQ+@`XU)T#xW+7OM@_#
z<JNs0zE9}O2*Z?c*Gw+1p5_IqcbH0Nb_#5foW}u&<RynmVD|YD95IlZ&B6PlON9%0
z1d(In6$hyVD|f?~(_GlYo(g@U93NDHRB;X@9B#LnX2z+&rn7)Z`b7P0Dm-P;3uw^7
zRb649yi6tc?v$>AefBth#@Jn3x_MZuV|8U%qgzX}pEfr_keWR@L=C@R_eU@pYk4YL
z_%-!9d7vafi#f`!Xnp;tp0QZa7Uu~n>hd1YTaJ)c-e+Yp8=OKQgp@ADYO1>tVavPJ
zoODzsCVc+|CAd?$M^H9S^f0|0<rVxEaQ8dH9sogF#01W&RX(z^06WMFY4#n*vfv<z
z$|Nyg7`0J+YEGz=BN9w-@LWMYK_dsYoOO~+2k9LLl|QW`E5G6^=rxU#1mHI*&xP5$
z_+-3-EA<kBhkINYOcUAVI(iC9xV;BAL(C>>TPuyNO}hc#4?@qQDPdKG`+2P~n(8Ll
zbY;#qPmh399RmgON$_%Q)IfIq`$*4?H#X!m^ltlJfEPMhi};(6PvFNEA=KovNuI;^
zce1ooUzr!6x;~kgOEkDSX`FC|v4vI)|J)DbGv7L6?|Kk)=0e&Kv#4lnW?~$r8xo~G
zf9d)>=|;8w;GcK1Q}?2=H=ynXk8k_|q}jR&)1Kq}^6YR@3y5F$_>{{Ea5d_w0(Z=Z
zLq@45%Xe=E(J|QN+JNK@_;)*X_7cX(ZJ(JyudFDt=tX&3n9u>^-~vcf>Nk<_#MQ-p
ztLWkR;7r#YEF+mNAs>K`hpC|o!tS%mN=R0c1Fi&T-tQ6m_5KH-@bHzs`$tg{C!@)u
z@k4^@sxfqoXvDC?tg86XpA~Zm1FBhufm09%iPp#jo}`u2EGp^5(ho|y+nu*>xc#!|
z#xQxP8AIHPS<Y&YH%v85W{GW7*v{jHIxO;X$OnDs#R&_U=&7|j&?ODIqUi+mR9e0R
z&q-lUfsE6SMKX5XKMjKl=()HC70Kf)X}!rzLI^PrBMv?I=cW_3JI@)8mdzz-;9Bd5
zUs(x2(Uv!aLN%`1giqLL1KiBB-#Enw1`ziLbugeulNDhY$<3|ngNmC3cry$R2%x^F
zw8zG?tnrD1EyOR@3EBmsdyJQVVX^@fGD8n=uA|<eMZl!dW+9AUG<*D9WG_{`Dp5#f
z+Ttb)n|NaWu|0xYAHc<C>?JiE(}hd?C@_r}uA$0UN{J+b?0|CZ)xE^Qw!AE{nVC?R
zY<ybXY=wl9JJ#V|GYpQD9x02RFEw*Vi)==bfJEhMm?34!J-y?Cp?92c=cz$NAp--N
zJ~eRuYhx048t(a0nYo?(V6xLRf8Bd_&RgA>XkfCF65TTeeJxMbG#;Sde`g#P!1%ab
zL<*PvzM>B9sc9Tq^x%xmHxh`h*meWAs*Qh#1BR^YLX5LQ!-1F8QJWqx<lR(_x-l5I
z(xOsOPh8Oj;oIL0y*I?8#z|z-s^dkYtGzpMVQic(MjP1Kc=i$S?7(H+y#HgKyOOI*
zBLV*aUgphOFLkI1wbYW{gaM?#q|;SrRWUu?HPDhY&yWL4R}(7Xgkf-mI?X2BuA^*4
z4%`sU4{Lo_o-EHa_ba-&+o&n!53O5r@}%b<*egLYVDovOHx1F{^&^m(;9yg-YOA(0
z{a7{8gWm^T5QCV47*e()iX`RhH^sGH4$Y<fENLJiZv#?u=0PSUtnzU94XlmPWdh?g
z!5_}9Vy+Um@Dvf<tjN@Uz^f}IDMJnk2-T$`bM}u0&+Ol-doj?wCJuO~zmzaEk*z-8
zOJH1v&(Md<W}B^hJ^0j0VetrJBc3XQ$-CDl@5yc6k0>RZ%Qo~<TnvsgFm27w$qq)q
zB4ao6VjLP^GrWz1PQ-3ofmw-wvAUz(q^CF=p?Wbx4IIo?hJxyFqyvmW+wT;G2~-77
zNF%gKbNr_w1r#9{GxK>+?Gmu!&bH<w+@mkGa@7$4=EU9p+o=2?ezC8$;bZ>Pkd8wt
zRoUQ#1X95LSMwW<bTu|D;L$eFMmzy^*`e`d?mtiw-k&>~Ph5ZAI+uUdpLG+wl}DXW
z4D%f%E|@<dJCPY>HcefJ5sL`4{KYyI27+bxLl_84d`}QLz7wk6>{3Go#+rc8Es3*g
zydH47X05?C6NJVt7jJk>*&=+KV%pceRL#hlEplk&u}IYrnqgveExjA|3m^&BLAvq9
zN^TxkT@|Aib=N!Q?%9o5*V{+X`-<1;R3~(r*B2IIV~Y4Hh(d^I%wQ%Ra^`M{eui_u
z5tiDK!c`*<%avsYbJbAaqg7~IK9D1EG=y)%uqOMfUntX)sTrp@@7n0^Ua#PhQltWb
z=w7+QTjACl5>$&bMAu?R>HSQ~^j4<=S<8ZTlHG9B&NGdq>)S;8S2Sui3Cdd%i!FoC
zIfQ`y`X2vZZlzPfIe7{5_zYVB9{jko{SLMa45!`E-r96PTYjmjyc7(z(V%ZrL5d6(
zfQcqs7C_5~NfYByY4uv`%|}vnGM(jy$dSW&OOQ)aiBIPOv|VyX4Cc$8GinDIeIV~f
z`O<bxqMkbU)r2E>B-~_3%)y-n{8&}l>y?-9D+6Iqw4DO-LS#9H?`igRC4T}#Tv+~^
z4?Kd@&l-H7%p-5%xEMjm>j7}Mka<nRAZTyN%wa)XB81VBB-nG{g(53oOUCI8mdkO)
zwTe_sP5pXzWBG=dIRx}aux%9sbm<%%x}0mY?`!m9+~EUfN5AS5Ch{GKcYC!wUi-eC
z?~n?kq!!dh>pk|G7JHTu(IvH+2bB=|Yz%e<|F9?<XHgx*HQW7#j~EHgb^WrSIOc0G
zc9GQRwtt%X$PL5f^=rCMvn&eRx&IEX`$B~NL0G#_*&|1fGAQ92hxA;2wue#XC1aKT
z7hi=)(KUG4N-+x_%j~b2T&HpmW20EnQPZZw2G3$)U?cD%mGac7;>y${T~DRoz>jxi
z%FF?9q1#X!;pW#2zMfvc9yioq9FQ~k52!CGnsI?dPv=MV97-V1eEPl6s3>@9hM&_V
z=t<f@zD+}!(R1x#zSJTzGx7yE4n5KW2CrtP%Q~+q$kt-a!nn#cpU@R~>E5xlS2Ow7
z-!X&_`?r;|Ve3vXFjZSdHk314u3Dy<^r&X6c<v?`%PO^t6C{mq_badyfr2;@LmVJ1
za8YM%wlmJ4^8@`p0W)_=FgZ{9YN#J;T25bL<v<v^7_c%a)Tqa5F!lK^ng!{kyhXY4
zzy!0XhLxb*tzp<WDTje-s`UvQC2T=gY59ERnWV2oY8#foq;2k(K(aE4yQ}gH&x0y9
z@oJ0SLoD3~ssToN(pd-SzMGNG&&jZP=Tcw0Ynx~iA-&pVERG`QDZlZ2vdJ#W#cL_z
zj9FJc6Cknr)wU~2!O+a@8$*n24ws2KTV2GV6}N3kCoAIVS;|8PxTfpA0jt14C6m?u
ziZ{VvwK8m$9%r)JZrvWvUj~_qAg5fqczAIijcQn{Yg8I8&7qy(5nbG8I%A{3i9$4D
zjArr?K5UjeDC#4|{hb4?D}F1LPW(9{nwvWxB5oOnQ4tFfg6Fc11;2GygQ=1!@obRr
zA;7~G3*tAq8l3YITLja~vzqOBTS7z=q5Xuu!xtW12~#{#7yg!}y6%igd~LcclS>r;
zb9*lQ%^hJcR%Cl9sFJAuZJF&O=Z*co^7W8of`z0JX?<TT_x=;{Pr-OUY_QEc4G<6w
z9q|7x82@)w!~aEHZ{lq5r)0QEMayo15zY5RO~kZD(z?V7w*o%!OYmT8xJ&QGA$Lht
zUtQ2a<weg(TXLmzV1WCi8`lXBg=@XLt6J$UhBaA?E-{J$nm-14s%MADN`=}U9^XU`
z?W8FQc<p9*I}o5B1P`%OMXj<hrL;K%TX!tdLRVlYOTQS5PkmK=YF!N9v83puS%l~0
z8^*}%JO4UGeBDM`kp)i6CDGK7g4(ibQ@QqFUf!Af5GnC(o(;-}MX4B1tZ_6KyXB$I
zX*2$iJBr&(kf+tXHXp113VEH}C_bVc*=24)9-&{OePq2shfK8fTqrU|>wV;G=9j`W
z(l4^Yj@`smnOQ8+n75$q(=<)a2^F<R(No*KRf~Nml+TmN=RPGFqV#F|o?7>G#(4u5
z6{5VMI3Gp2TGn80Q&KeVx2H-<DEp*E?xN6AilG*)a;L^(W(^*>Mx=I{Zx6^g3BMwx
zvGb$%!;8{#4m3QsoAKab+XzMMgdLDz%B@o#Lga2<_dA;b%k_vfLV6T-XG;+ml&9WW
zv-%rf7>?HaUmsnD7NEo%D7iY4+Pgb`G3RbeQ}jvLD{0=N2S+i{->gMxmh<B6zgKc<
z;vVk3*xPlLXjAZS_mBTdN=_s;cNkfL5i+m@q)-atQ^J0JKp;KkX>jz(&N&uk5im`(
zq@;EPNLb8V#!NxRO`ho^@mwPzT*i}FFbB_l6kWN^3#vHodA%151y9Ov&S<FRj2V!y
z9d_;L?UQ-xrsTH61~W59F!Jk$)g5q%(n~8i`Uq&8NnuYd9Y}Su?!$=K{NQ=G-*QwD
zK1KLp#xZUmR^Jo;xc+K$zg0o+`T-*JA@H+_38q!AH?#tVVCSHo%1@_yQpzv&L-?Jh
z4_#Yb>ErwQ$Ev^H$JZoR`J{0<g2qqG<#d{}zT<{%!w>ys-8vC5zu;>&Wn29$=kbH<
zXu8%&$Aid#HH}qT1t<RlubqeI{7<t-&_7FpAOGcc3j_$r2l5|16#s5X{Atm!F|f5T
zHF0vLcQiJgN}RF{VnhnQ<_$5KUKL;f2X~|#Z?nwpWeZgYXSmBi+3t=_R8=S{KhIq}
zs1{?{iEYdT7~qXY)tB}uvl>y6jZ2s}ozZZ2(6{~A;9g&CrXkG0zqJhdkxSj~W=qYb
zml8t90cSnaP(bOPanCE)N!+)@=^z0&+!zZ5O%Nkw@$=9dhiiHt+Eh)!`64gQ<B5nb
zYKyxpuO7yrS+OgunJ7L$AO>1`JlHu1uU%GZh$ZD-fvYbcus@>TwGdRmtA9fiJF~hS
z4p)4nyW3TJr5&{6oow!TW#s9yFm$^^lBA!-d?k0@!Q=6H@<BiIiM?Ob=qh3@FkNW&
z5_i&gN2nrR^XKt3KAF#h0|NmC{hl`QzjwGenK(OJ*qS;0u_{BFT2A}iD84&-@%t_`
zL0?iM$|PmeqoARmyxb+nnt>oS?&1%z?k-wPh!SOp2AIq_7{F*<q^hoJdTf8K=uP-%
zbs5roi`lWX5sDqdDW!VwXK$H8_`JT6->+=-_|}~*x;gY2*`n!F&w!_(god-E$%-1h
zKeMAcXzEKm7YHc$iwd@bV;Ht)t3GqK$5Cp1)|2w<Y?>Y`hK5+P#~u*g4j~Sktz}tc
ztR0@YmQI{5=Hi!I^1T#N53hC*vl(=yiD+yy(l=aOr#DOye@!FLZQEEk=y>nY!v(+i
z?xeRbuy$;H-=Mi}1EGwe>x0*$Mb}`p?Kgwn?;d5eXl7vg`nx5_T?i}N<SJTkt%eu@
zQ)@)2O!#W_>Cn66x6e=!m3a`nW8}xa({-8Ukv;JvaXYi2HHz<sNjrmtdtg5iB8({z
zd1_OV;CGRpW#gy@t$mP(d+q}j@xK1;2{6oz&-otNV>gafOAwh85$p3gW8zAuoD_P(
z>-g$;>iyYw$C~S-U9|7^@jm%?_vd%qRmyujV7dJ2D0LKw01-<!yXaD=H;<%C;=}~-
zSCCo81?XHxj0eF*GrLR{`tKk`+?sU~DOeF8FI=T^WL=}H`^F0IOZ4oHWCtB9w#C}s
zG7pS>)q^=xdyw!nEv2whgSvzaCa}z>NsQqy*p6ycNr2~Dk_3QPC-BG?C=oJYPW#GN
z5j;sEkWbRE7GQc4+>o@5EO0*B!Wm#c7$XWz>qcu|z6p4JGeorcpgyp#jN-x&+8co^
z$bly=uP!>FtL3v~JyGZ+gSkovV}})S7O02&TqFb^c)v=Nf`F#k@SM`w(!IljA4)2?
z8L64>jyeO(gC&r$HiaNpk^ICAzVeOrv!ixLD$0CRgbU!F8HBUIgj>97OPI9a<Y6YW
ztw)1EQV3R#Av5koNJ;EoOccl=>jCdXU4Le?9cS0oWp(`8E60S3xz(bxT|JIU)az~^
zv}V_ZkP7o$I4-zd_GqXcuKVftdT|(<-KV9FyJ~u1u}OMGOq%1<V3`!PP|``26%}UD
zqc_3Ey*yfvvpjTN#x{`yx9ha$Ok07O=G$V4E5~Q0Q80v#ql2C3Fm<^$WYJ^UBQuQn
zJ<-8!-Mwz#q5Idl^3>8Qqv}*QzDHZ8_eqt8ZPHjHS{kDpmIo1R%w#DaZFhTPhbInl
zAsVaR7WJ2_%sS;yo~5JB3WP~XeOQjK?#^P5mI)MdMV6m{n9R_^!=#v2-DZ(Ow2=$0
zV@pN+VO<wfc3tl8S3XM8!>Iecoa#@8D9#a>ajBAi6(rcX;)UcEPgNrUI+f0M<dt^r
z>6b02t~p`^*oR|3iwN2EzgzC8+Bu_p9oP~c<5q=a-<NZws8nj;4_G5mKk8dMhXsw#
z6Repw*f|5fX;-=*5LcRPJKyQddqRiF5|NzrN6oj<+H(a81<(jms*y=c;5s<J=x-(k
z#YvGCq4Xw-zlF4UN5_GpTng-B+_HaJ>5WU<>Y{WMk*--f6@j0)r<Pg;6)lR5e~L+X
zc)S)aU#*R2^OAE6BSU-i%@mujzzZfwP`_>DM-T$}wCZ(N5Jw<Cl8O2@u;(0d?SlPE
zi<5;w-FPvvIg?9u@rY7LgySSCCx#b7x9+G*v|-8VH6-0m>pSSqpvC{K{nU_C_Y?j6
z+9hSl9)a&6GVEg7ASwk4mAjla+$HmN_bETvlen8zTw62V_yUXTJs+ru5>HOH8<QBb
z*<dUOtO~~&xl|MtE0nt=xHM|)(^$CuSu4GelS=&e9H52|eks>N$7%?j>*~tZ8vdvz
z;<7tWd`r%|L!<qO1=I0&9gWrO122De>a;l6U-!=hHu!TIVAu|FsTd25@`P0HUPTC=
zR6M5Pucxrf1lxI(`{{DYZbd2b`P(h`-vKP|x2@jo>LjPJzI(+#Qtx0$%Gx{B^~;Et
z6B1zUId5z-EhOz!u@cY+X&Fe$0(_qiBlYKuO?X9-=jsArMEFDsOO|WW-W0l6G8svK
z2#t`#B0+v#^8X!-q&LMAVgWW;QeFys%cM5xQMkI=m~mmm_3ORkvcsC8CyD;bai_+G
z^HndE{#)oTZ)0*GU+AWl=KMkmLV<5eDb}Q6#eLrcz*V80W_ga(u<{BoX+*Pvo~w8&
zW(cBMGq=lr*ArOsN&%U-kerW0`K+k%B<PSs*9`{78Rc`{kJ$xz0uvVn3(XDdqfvjc
z($%~83c0H2f0|>p2#R3P(u%(<3DcR>T!)T4FL}LEC8Oe@u}Fgg_66umwW9+xG6(UF
zr>bX@OK2y(7(pTFRMUbW7pC?%F+3Vdh)xu`^^frp*?qM^M7mo7>W$YX<golr@`^)Z
zImlYlGN9>69ZKqaVc|7QYM16>C6f-&n-3`7P<useXDtSb(!Bh%e5o5dOgTog<R5Rs
zsh6z}CS-0X7yJ;EDx3NcJeg5AaVGiK7}8zFd1vGzKWkn4He{~MwkP$9P}c<<b-|!i
zj`SQ29&|wI-`8;s2U|;+HF8M^lctv4OAca)iRkO0))_yA`?7Q;g%VxBKSE8YcT}zc
zRIW*#3Uy(Q(|t$N0fdYwRQ{ZiH)T)AtaHcZk==HluOs1Rdtr|fcGKwT-aSl<0Y<Us
zO%x$h%`ycgGf71Zqd@Y#mhyQCX5n4U*X7z(f`TaIUCI8C?SW)vtvhr0FexGB330zW
zAzW)?$5LaJgF&G}R}~RxeifhST0n&#cZ8q1giTfD)aTMGOI1_!$b28MqzuS)C@w_L
z4DXTiOpc^DTlW{GN`$`O*@2hRn6=jJ$k^NAOZ2lX?y`$9>FET?*?Mw(+w%Lp1A&A}
z<lOR9|Lwx){+^rlpLZmG#$`D<dsv(N*M0<`vt@h0j?ukS!l><BQ@)yTKswD%*A76?
z)GwxUT?d#5N;Ou+(ppkc#d>l1<P7Ovf_N>oq(h$4T<+zHNG1vK#2QiL0GsOH#qsif
zC7k&}b+#~bouY7!vA{}tE3?Cg`{>2_D2X(DpZW3qYo}xNORnEziQJeq#>+D|k#F~)
z!*S6XcfSQ9&d6C)Y3JDqYd1M1{K5qmor7oguNBh1I!os&CB6H65$Nm5W-f|lEwg9(
z2AfH98k@OAUt`(I76eMoHFncRBBich(W~s;QY2<#c)7HwNg-_XR|Sl|ZVP(G8jgHe
zm8umDOQ+GZzk0K!$w76s7%wrMC1puu(Vs!_4A|AV?PoRv3Uv12*6v2kT~hYFxrP=s
zSt*6#tBPBktfE@8Tf&F+h%9Yzvs%ly74&Pi74lki3asY}5-a*}OAkLgJ#^MVbk<{s
z%xMblEYj5Fl;ke}&|knSDg*50r>i;eau5gYVmy~5y9*3L%fznS5?(3qU?UQLNSX_r
zAo%z9wM<H*vza8?0z7#0IKQycV5P5tqDhR<Y+A+B6}mndHbpwi2K7q7Tt-9eTI!!p
z+k~qT{-haQtMZqW0mcixvg(g;&N{c=MSzShw#Sv1gf4g1?fr;8WReC+fuR!cPSwY$
zr$)OqT}dWzrimKG&>3$My2uB~`x2WJhM~mlDjeP*oy`a_Kswg6+#ZNw!96a0{<?P!
zs(Mnp1bU+oTS%9o`^nNIG!0c5%W`N$(d(P!`&cH>T+mA4%R+AVvID$gw=zKmj0%FL
zq&&f>xk5c5izWR7>$%fOQGw@_;E-;N3av}jVf{4+WkAAD3|jJ2u@E&R_n~`uj&53r
z&}aTNFqHD8C>10mG0@rU3H}}Z1N@x?Q>Xij!|SSxkb-7<i}~)P0~`rx5v`=Zh4vT8
z{z=Hi><~B3*6&R#Un=D{uiCjP=J@!H^a?1m=4X55H5T|e$)t?&UNHjhu*f%g-cW`G
zhWAvaNDyiwGO>eVG_kTnG+l|X>3!X#riw0D2PVQ8^SB~nNHj)`A$b*0Ao}g}@+mWj
zKXrKQWY)WGo+Ax6iCL@8nYf-0p8Vc#U;R7@w?Cf-UO#=F0WFBvpIg*qpn&NjR&%W)
z<F?WBMQspXVGmL#zNLmk7g>dRsQ2!I<eqG>Wi{yrBu8QP9@fG`{LoWg;y46vR_-3G
z!h7HE;JCFPVhRdQXELTAl{=a77wFDMaij-UR?>KnTI`aTlteU;ts&^MZ5?NbGult%
z@J2@O?Haj);nxCU!P%^W{D(%<fwMPi{RLoxfE+i4o%*(45SmcLRj)R)8J@}evHIK<
zj9Q$;6WRHcOO<qjXbxj)htm~UT|sxzwSv8113;*Pkp;#Id7LLk-<Sg7P?FGJG=@U^
zIeTdZOsRUN>-R;NK=#Pfpd}SejRBqLhtX{i6CRNU)l3U{;m*M}#;hag#g-SOX>bg(
z1A6(ZE{V~pqLeu&<_Myk$Kd=T8Q9>3&$l*AURi=7r=3ARH8YicXd#&)(9|&e6Z~V!
zp$1p$t++bN2SQ}Y2+Io&i}B)28j!mygnexm1IIaS6{5_24hzl!nD2@P=x!~2{z3!q
zvR+_w49jC6Bi?PU#ApKEhxWRye&Tz~w5u(w8>HXgX)*Dcz5Pq^kKwsHcdC=ixCNmQ
z2pR-K%?{>|)L+K45<(m}-ov@q8l77c_Xwi*&Rs)bp%<fL_Q_z3a#*OM?r}sUbLcHe
z5pQ7PJ*;}M47Lmh$@i1wkHIE~fqwSs5+@Z+dJ}Tj3Xheub0#fr-r^5OB*t@1V_2ug
zwr%);UVx4_qGVABu%5OQ2-U0;j<H-NBX^r5(mUhkvw~msHCzqFlNIb9_HuK+F`{jM
znJ6ZmSiM57%qxVhK<NPI$HIThEiCPJc2F~VqqXPMGoHj6A-q=%5LDp&j_pdMnRd$H
zkrC3+G{6cTs1tzla~ldgI8w>PumTC_3mdjJ2iO&%ziXyGKiJA;p46Q(+1ak9LNoYS
zd3RQS;z3cCfMAP<t6H;7wyWSA|E*ErxfjrdRWt~lkogb|C8caD9?SC3B&<syVcxEp
z-Sd4C*u}_j7t7PW;U<LdK*iiD#``mKZ(>v$1tz6tzKbW}vbn(gYGoPd_yJ&PQSg{|
zOp|G_Q+y7BV&hun62UaOfr_`>YN0>!G#)9?!3Gc`_8oeGRLE+o#MASqFt6*5;HbUh
znGI%$`@na=k7pdmG@HQ&K3!335vgEKq{OC_<J9nLZotg8fH#^=_y^1$VerQrK``f!
zlUHtwrqG5;gxfFxjSze=ANE-U^D+p^Gh9DQ5B_;4&LVXFxTf#{Xnh3&CF@LiY3hAF
z`=s4I&<<dRR+wMAMB{4IA3>=uGc*ZKQs<tSoXYcxzHtSLhi*v=Zo0Q)zHcCCZmtwP
zmOWCq2>^v0YKxkGSENY5rX6jD+5(Kf&Sc8+x;6Bxn2Axvgr;p&P7;k(K_)QgS8XYe
z_SW(2>21FXlZ=W@&Ly&GFWmwy)UyZxbeC}<)C)wp^cTPJ5_CsPQ{v4^kVMhO`_Q&B
z$qPQh5P^0eNN8s71ue~p!VhKnl_(nCG9fx{obTw$WAAEnUebn@spH!hL!D2a25Yaz
z3C3MXB5~}#&ioyYB?0KNZK?jsGM}p)vL2Y0sj^wLXr3T-@Z#&YqqhUeY3H{G$hjk8
z>BLb=-FDV9YWwJ7%T}|zVxtxjEGR(JmV#pNz^+b=^7<%GD{+Kg6CYqTmqmkR${3J$
zuA0v|hOS<i0pG!;acL1bXoN~G&x{f0LV`Vg&0H`!?NIk@nzAXY54Sq9TMKbLex}*1
z)}^m@a;(C;WI9%8w%k^plbzUnNq2w&cUG4!2zA1hD>UEXjt?v_p*GoN+cY<d?<2pj
zVn~;~yVxiH+&Avxo<hi)FqAVpIP^HMUc8tV>#{l4;`!<^iXE<&xW*nv1Tslj4{O>{
z^<z4uL#g$g>x-3PF7nd%^~tIhY1VEO?o!&1%MqH>b!+l^QEbQu=k@(=V5Rjus|6U4
zF|7N5Az_K)Iy4nIiZZx4+xTpjhVZVi8#8t#Q2TzoWfyAO_BtV`C3TS<p?Vn5$0Wp_
zuLi|&B*|fSkCwupZziexr}AhsB3y>_<4&76n#>6~x;+%=+4F@;o{irhBzDFCt|5lv
zPgI+GjTIj2OT4E#GR=NBI5G~44&;inta75%0s30%%a(Q!@HQjvQqS7V+faGeu%RCr
z;_*-+gCst58WBVnOXihD3;tm5zxueT)xT=39#7NZD|fYep@}Z>s~QAt6>f<a57V4J
zP*4CW4{XFD)bT%>r7<p{e|t?}IyJHn=Eq$;Bj|E|uGf-d6e2Pm3YqE03xJ2lwEMlQ
zbG(n?n5GDyi56Dlq$TJea1#oY{$B4M5gU3|@i*DU2diLjOreA*{M2<Wk1PiKy4P|W
z<@*7rxyJ6)LbZ6-Lp2ozyc<^Fil|NNJ*1WKHKns+TPxCfJ6%o^1rb$F`(i5xNE%@!
znLDxVyk?vA6p&k4kTMu!XA}t)q7#Y$WpHMG=pyR4s6>HskT%{whZTPg)3d-7VJAZw
zB#4)&b)=7ePFZTps0&nmg^`acmb`9iZPLSpE=duO0mR#9%n;4@oaN%DqcrwKg>^4I
zza%G&hai}_A1_^HoT|ywqHho%z_adlfx&CrmIqFBo$Eimx$N2&0lDSQfAs^NXE?Gh
z15)Vbz>n4oL||9x(`B>2MPaSo<KDgUz;E^b;J#s3^ly<n)9V5{vuj6i_tJ$VXAp$U
zEZ48WDJ|}uQ31!L2ivyA0I6Ch-ugHzvAh5A%DL9)HQLVep^SYNa!$R&{diPJI3xJz
zB{O%4dU#V8tmS8b85=Z$(s~io1v(0KdB1-WK<)+44nW<;^e6K|aJW?3I*BGP9GJAu
zg-nTlw3>S?yMPr)ydRKO&t*x;BD9Y6oVCBxPEfYHApPmzf?}9J_iR)O0UkZMcB-4Y
zXw=5CMmFNqfcF%+JL0%hFBKbB%i~DP!P;@?Zjf>?lxPwvPCYV_qJ=J(a)e)oS2O9@
z=~=%BkT~LGnsB%?=2}-6pJTKA#;?)rlEuu+B6VwB<H$=U|0?&J56=GlnKUQlUYnmv
zO_}o!oQ*|@`EjEXT9APs(>1C9uVLjeTxf}L2`ny;tGY2_>A)7@Le2-f$-R3jQWy`?
z1}@YT0y4y4xb?7?Rr(?`axiT9`NEwXb6ty3dOyA^$xweh*~Q>e=>ysl!xUXkp&}KM
z$s+*1S~4g38j3nH12H3mKaaS=IFSp!5Bl&mlN5i)%*q$Mg!wt|F`M^SViyp^G0sbD
zxw*ZD<n#{d#JrDIasQ4!7sED_lgc4VXXBfxOvS9pb>8CS7gn%6Vhi73Q?w9`gCP$#
zFl7d1W{^Txx0XjSevP_#>ctDXw=b_&1#!b1?Tjk23Yw83`4WlI#|ti!rp3t7kuBcM
z4?wje-Tpei4pU?YMYk0g7*5>eZ+=M(1zE*((XcdFM6X6AUJ$+@hab?+>6kQ+@4^J4
zQGAoJtlYa%Y@qxZ!kWg6g<;nlA(lu3ikxvPV}&Yn0h=t}+g(P=tG63KS>nH)Kvm<7
zo$|3=od03S+JIOF&A@0_V|nxyq8+WV-&Fj^@0lA~s<aB44+_!buo`krYEa60m?ig>
zeSwe3)0$7^>Q#v4`=5Wj#Vxv<qDOcjpn-t@&09qO?JdfPDhtv{%8D`kzdXS2Kz3D<
zjO_psQpgim$WSwLqlOBlEJm_t-~$jCA_59rcrInPPaQf%b-6@y625!rb(aU!HG-N|
zIc#t#KKo%%cOr~@yQ<MjT<(F}yClNv)HKW@jN$%50rd&vb_@I%a2u+Ecx=DWp`_yp
zuoguFxb&OdSHk40j`RS!w)~i&i$Qq&T!C>DYf<VgjxVjAP@a^~1KEn2Ai2n5Ki-Qy
zqw^XA+8e_@3<OM!EE(q8zFd~oh(pa<DwJ#s3kN@mP0S&6=u3^joq9WGM8fwkyL09=
z@a4~v*R#@<ja)@Q+K570m)0mU6}WLNDUPzxrd<^&1p8(WrV9V)z!MYNtPlAz9NoD2
zWh!Hw%OKmGD<kv`_AKJcp2eE7W?xfc|L5!m2aaYF(U19`&6*@a-;NAMQZv7oanz!9
z7=3<_zv}&Y16&VsWnX`15W>O!ya8YkG@$=HQ2Y05_?!G=y!O9p{p;lHzf@#?AO5E~
z+W$cLNBZaQ<XV5yKYs}g<3ICt{X_E~W5EBq^1sQq{yLBRtttG!P;ve9-T$Tc-xI+9
zI`98CIDb)d{b!W_A|(5NFwg%6<?mEo{~6~G<<?)q$n-z&>Yu5*{(q4y{|(YVQ+fSo
zq<_A*qJM+*cWSTyjPr+S>o3{-H#mP$ef?*YKV)Bj2@3Q7d_w<&`s+V~{qtXv`!`^J
zQGxw8%0E8hzbE|vkb(UrA-_?K{-Or^$2a^B#lNRT|I`EgB^|oIQ=$L2I^bWm{+<o|
z=QT5J@Xra<f7SeZ)b5`(;f;Pr>i(8H{8!DtTkt<oy}u;a>hCeWf7ScD-T7nR|B@+>
Z|6uLqrNANnT!!-dm;2jX$$9-b`#+%Vxt#z2

literal 0
HcmV?d00001

diff --git a/documentation/ESAPI-security-bulletin6.pdf b/documentation/ESAPI-security-bulletin6.pdf
new file mode 100644
index 0000000000000000000000000000000000000000..c8e0aafa5897dddb335b4246947a2cbe1678ce9f
GIT binary patch
literal 113158
zcma&NQ;=xgmTsH2z0$UA+qP}nwr$&)D{b4hZ5!v`bx&2@h}sc#-bRcWV?Onmy|vlD
zK_V|KO2a_Q3`H_nJlHkZGMER&h)<7iXJ`q<%}pn5Vr%AXj?eVZjv}3?g|)MZBb}(V
zfwPIQiIJVL2`?{{le43Vfen;<cDJTf+))c+&urb<-+<gZ8Ax-8^qX9`y{sfqM|wxe
zD*#bee((ETxo&YZ5s7UpkP*WsnF`^RC_NtXM_akx?(bLQJ-x=8WHYyq=d#vbAGeRV
zEtWF9-)GnF2Q=V#Q>Nb2#WcU%pQm~<D>*&ipL@eAM>zCDG(U!&;9(tU?HPJ;cQU${
z0k-a~+_!#fUUT<hGv`y&8}ToR*4xS5Uhm(R_v7m@RJ@sX9#QiQ@E%*(DPx*g2j9z7
zChcz|I#vj~QxNL)HewA0^97(r<{3&3gnV*W%}0|EI=(ENo-1oUN;B$<go!KEW`62;
zkeAT3@U4VEei&0W)XJ=raVWLSJU?$Arn_Cchch}qU#7CZA)|V7ti`Vx;J>`zE_19J
zJR;D{#K~M7YSp$1flL~#0Kc^`$h_lEO!>i!j-gmgNZ$U6v(}bxpUlJ;z`k4inAHvJ
zRGNXq!Bzm{^FdSK>0oxoOJFjPM~}H_Yuo{S<Lj>#^tKre^&-TdgCJ@v*FGF_^}!~5
z?sIkGFu_qw{D5gpT`1Yxe|shoQJWiboz4`#J?lfudTk-w`q=ff@lTJ#p1^pT;IYO`
zs<#_kPxME3Vy}3*#c-|Hx!B?3#5ibaY4v<75_`F<oC1G+Tp9X)8Dz#S@**_2M+OtS
zNBfrPj*;ZK6uwF$hp7Q~+f<1KdcXyIJ%Dd;rmp4mb`7T<I-wc`ESbm)krvPVxu;%u
zR2*?}63QUhs5oL`$AZFql*cWch2gejW3olTk8rhnre}(X9?q7oxH$>kBq$Qa#E!ta
z8xsFHymdUn@xzPXyciuzJ;c310)K{gdq%?yaDk(FNjRn#?$IQNLlkIQaH1eqgNRat
z4eY77E{{}88o=Ra5G~aPt^b&3k<~XFoObmQ4}6fy7r<#35CZ`OCofiS04PTzd%|%r
z7Y{hTzfAO`gNnj%G=*dd5J<Sap9V^0vB!&n2ADSC+#}Bg<Oz}2J~JR(e+YO8@X21?
zj@5S&BV>TaSqRW$7sYa1ThoQ_aTdVkw3I%nC|-!><Yvky-_);{=fzGt@nkS`4_<u+
zI~|8uOKsUKc%Ad4y4(=3=otc>J;M}ca=m3W2@FA0ZbKg>07LSc&fkW$8HWP7;TS#G
zlL-QZgk=*hrhzi`@)CPHV=T~;sP_b&xNzsxkWf8I1)3hjt&k<AoJyCOoMSPJ8q@7J
zPp7xRHUqQq2*)A_<F3}7*p9TG)pVqCrO6Yr!@tZTLteqJ#6!(?ro&8BNtuZVjAFH|
zBcF<3174zMm6CI6Dt=rXLV%YU;yJuAs+%}GXDTfP2fAUOg@TY};W_~m@Gh@!J60rP
zhnBRzF?(?{r3^X_ekH-kOdQ`2Y@3h!CqA_=nX{lPA`u$ixX1}m7k}dTG)FyKjm><e
zkwl#^sohh8kZjA0Y%IM2O0~Q?g%a6t-po_2E^-k%NzoGo4t@sW^t9zCfl>c;ckgyl
zt_d>eu6F|=Xl4)_f8v?5Z0yK3F|T0(16a)=s)VBbBjHGXcWM}VL2;)`LPR+k_Bg8e
zCswkV-?-YPq3n{Vg!+chU678yFIr2BBaE#YwdOtrJ<KI(>u!}y7O!zcTS29EDym24
zu#F>LyhpEHeTruU)PAxY#=B`JxL-fTu!$48s+QoQ*%H#g!3&Hzwd=+%nPO|`=gI~T
zI>WP0^A+x)wkCtEWhiGVX`XwTZ|vpA2~mnF4&5qJ4GHoyX)#vuJ@D<5H*8(~1U6-a
zf{Pq$$&BIm`?+j!cGt#=&ERKkeel#W&cK!$#NC$9?2Tt?=OG3nVxRppuJL@V;(g#I
zR?{iT?=8&S0Hr;CJxr3+4JAy(BrN48;7zb|l<!R@t|90KWo&@wQJ#a+E>rBimk<ae
z&Os26o(p-`VoFGK#hq}kXj{68XUVmGAJ28<{Sp)jH$0?&sj`t92>!AYlm^cVjr}aC
z9!Dk5*yQo-n`#Hdn0_#oZJMhy>z*`LAoUV_MWhl?%GFG}vW^?@yCy@ZW=zSUJPnwr
zKBY6fUv50KAIM*PM~KOUAN_euiuBZyefzp4Be<=x|7+1_kdGtX(c8WL)uyAV!l7bF
z!&eVdoFYVcI7}D!6?tpda)#n1F4GCp$ElY?tahJ~d#7(@PnGoztnAKr3M6?WS{aE>
z#Bl^ra$0Bp%{S72ncS3)SNxpeLwG!bnW)ZwpBZ_ja<4g~Odl6igTdI6GP{a+;5=HO
z?$@$1F;hPMnwuelsia{`+EGas#y5X}e_l~2jMfB)F;^%GM9*3s`DBTp?V-Vi3s{f7
zdt*X$p!=6XWd0N^1R8esriSf-nB_5k7_KI@yhTu3a`kvc+uTU4OO8}-ZIjulKKy0v
z0j66aUlQ`t_E)Flp{My1Z%r1=4XLR-=F^e79~>9IK_mzRtmK8$<vR&v%#o5G9MyYG
zp+t&X$Ze#-0pPDRP=_GlDX9Y8L{g<tf@|@BP{$qhF$&PBrS_e%q_$Wfr`y$8)(aOk
zIjbarLsc5`PXUVeax-*sGL#hKO=t0x8+rfH5E00FQlRj2@}Qb@zGhF*c+5kTBp2oF
z-t7+z>z8quphy`^4W??BgsFSi^a67*#6-UfkfGMc$)YR&Em@2M2#3<UWxb|U2S1c2
z(u}vGP&mv2d`&6Ug$>0`YszuIW7M!wr)Zzv#D3{gqvY5^kwc|u$)5hFwp2<qOYBLC
z-bkej3H*st;UjTA;q3j{`5KgO_b+p2)-vC1NSP~yExA)9j%FnNn|DNI7{#C@#e%&g
z&B}ariN~UK@goE(p7Iib%z;G}2tg6e!c-$vuXCFkV_IXYl+d7qTN5oH_2z-xKx$wS
z7;r`Vc|oZys3^$pAXBpaqksD-EU9#~C-(Yt<Z6r(cWTpiN#-(RDN{^x`{<7K=ro-e
zT^>^AfYYpx36kgsy#h!dn4UG57HVB{m}0eTd-yAAcq?mj^X1*%ZFBo5rSvqg7GG_v
zh<1%Y%8xBur1BX)ah*Xs*Yc^k7x$=fm}1O}ExP+{70y|0_fGEmxXj`lD=x=%kAV3%
z%{$z_dNlnFO0$3dB2~l8J97&{(!#LHXfP}SSMGLA0NO-4dSx-$-whYMTO=Tt%-0U|
zl|zAsAme?LnsusK$a)jW@|w@E7yr4{krc2(9dH3M*R1R}EIM$m6-iPo$qw<oj$R(&
zE(~y`0ofwIqr-1Anx2vCzcSRaH-C$@AENEh?DjzJ#&`#iAA=2MAzr%-yz`BqblzFr
zi~%I7kW*p(zWpNG4c`VN?i=EFqPMSk@Qj<(TV;bM2bDw&=B6zfR_RQS0XQ5kpa_8Z
zk_7RF-Y)QtwU`J^fZ(F8$AjBRc^FG9usHCb6vrQ=n0kYATqg5?pC0$MQeaC9(TiKz
z75dUpbrCm51g=^vGs1)W7G>Jk<-V>42{(B~t@6+uBt#%s6HcbWmcG<x4CNo$I^gio
zHf&w-!st<X%e~3W#->$De*lbgQf!^Sm!QC9da*x6A15*>R5lHhI8}rSG1}O7_jX#d
zF`*4|sERd#E38G*7z(14M>)1B)xhbGi_BRnP(}hCGl4)vAf)^LxP+=YkJD(KOk+1y
zRwSE@EJl~WERQ19;zUAR`n3PjC?rx}vChov$_6ZZOi?x%ef1Z)?8X{U*hx<-H|NP4
zw4y?a5Z8)W1KOQB=SqSG(H;zT@bO!@f`%OxbsS;9xeLw`(b;+BRZY5q_xhHQ{^g8J
ztyG;Ag52J4D>;20awm<cxt-B?Xnl`NCf~xUH{v=i2i?9*Atrq*K0ZsLp|YtRm}#Io
zqbZYhP^KmSZt!{z-*8?fJ@*!a9K^%A@|=E;bIuZ?nhn!wcuwuSc-gwd(m;Q!ygN<v
z>9Y&W6bNk*vXHhVSiW`aA(L4ut3_L$mvSLudn#5(RnvK0=^@jq@aB+D(2`Kzl4&UF
z&EFgC#mjtjS7n9TVFB@JRT8hQ%_2>;z^$-SPhtMH|G;}n^t*yGu{Hj`l>g7_Ut$3D
zFCX~Vf{C7q<zJ8gW0U27Xanp2gErJ?NmN~RAnxSp&0q58nLmKU6pZq_O28Q-Hco&L
z(8afU`0**iDy9&3`q&N}zgTQGDj%u^EuAdp`o6!-jt}`2xs+Krl;!=t+>h$z{K&XX
zpP%}9Z}sqoB817BzGuto`SE;z9Luic_Wb;mNww7u4)d=3?Mz4H4RWaJY@^a$GiXM4
z(;Izo*Yv1{wQ6%u>*-+FX?}girhS`e$~}GZ#ROtHAbg{T9WjyiB$D;OUEE_&@wT*M
zFVb50ZaW#%3&JxvLpg6BD73dhwsF<{9v+DZV~>6FZ`R-0(>-sH!)tv57u{zZ(?HO^
z%Yp6KWALG&UWo#-`iTr$?08B)k|6Z&2V8-?94ZWkyl?5vsQ-DtY{i?ci`#u(;-VEQ
z(LNM#Vpdxa?&9st+^61oDz6WAhFH{J2S(N~vrjllcTd-k)1@O7qQjRe2kob*g-eV>
zs%mc@s>w>_?PQYvkRE{&HL$(pKze1C<Ll(0wOR0FmEAR8LPe~f=wq4d2q4BLvK=BY
zGQ{0MdYwo2mzkq+JmY}@NHyqib4|JtM^r}=H29_C^GQFO@0|<U{XH4Xo?+$vIzIw?
z<v1MfmGv_h4hLh(lG7WX<7u=Cj4Tx8Bo1G7vv|YSLRvE|0}<sx`kL-3{HRGKUdy$g
z7WJmS<5zT3s=xGT2N1Ld4)z#XzA;WcvNJwCvDM=hu3FCn^pWHMU1QJyQHNbuTcO^F
zd!Q6%HV)^1-Rh_EgXE<#0@no}R!E9F5Vz`YZtoI`W3Z@V3?&QKs>T5&#6HLkvC-qf
z;9A6hG)kD47(!ma5r&Mw)l`%~W9^Qz1q|TNhiT-fg_RFT-oCJ$1IqXSPnTeH?{$U+
zaJhz3hJ*+Skw>LBx@N0u6J@2xOOzn`im$T^rIAYo|HV7^YwYvchCOkr=)X&cd@)=`
zyV2zGgWDdChm99#BM~6J;c6o=TLX>-fz9eO82mc_;08b3+zZ}F286;Pwgibt>DtVq
zuZVezRZuFC;My=oiR{48fD~|dhZIbfD0sEczfmuNNH<R?EjE}8UA#7v_*^+2CBKzi
zhzV$kD3qp>m+gZY3y?QbpH(80aBjU4W9;O{<wOkbh1@{&Ul&w<DAWfzSAd-6TD_%g
z_)J9iZ#)hzM>6C4T$eK{Bb*d11u1QxvM05rjPLmKYH*M9s#9uCw|T?0hVkHq{lufl
z-(wuaOg4eWI&Nl@$hcm+sLVS4mx|S57gLUJMdHXjzC0Mt0=59C#L(J25y#4_W@UWM
zL@%5ULnr>j$B)%W8kTE5P?#hiqLCse&mQe}%!sQ!I^O$U)2EY?zmb5H!$wW51@6)Z
zvSM%NV!&~rm@-fCL<5w8gIRpK7+UGis;zjMltBFWi}nRPzVxvO_!0*-t*>gXvU1=<
zt5uC)Ks&2YW$YhvW<AF7CsK3$B9Zv#(6=c6CSnIg9#unh6!q7@yT*^JvR8@#PgWlY
zI;lWTp39HqxgM(F2E#5R0j~S*BY&}e6TQ5}r#~0M+JG}l!&wtSA`jBX2rR~u;DVgB
zXE9@3=9B~cdp0vN^4KL`2pV0QHF^FGP=8@f9|yilmd;UyfcTxj6vT%lpk0+KyG1F<
zX=wi}`HEynxnEeTfHl`m&$IBf)~pp;OJwMmm1lc43TTu=Fs`JlzPFjX7NCfH1~@2i
z+N6rztk?5FsZEW!&pEI%l^0Dnw74m5VW&tbAZ<cHRy!V%@6|4>`ZR}f21@!-v`0j0
z*?5`pS@<GDdnMGwPS6}dOD~)&!7pU-cjsI%u5|`JFCct8%ec$?s-cwJWf9%_&_t{^
zsQ1+I+-B7#3Bw5HQV5Ynh@paTz7%Cgom9z}2Y=R9)$1vi3znQhI?P{PEd_fdH^^(D
zO2zBEPgUc`5;5XS$;vq5;bK(>a<u_^5Yf2Nh^Vxt)1Xy#=`;`vE%g{)Z!tG`E?}0_
z_pDd^t<ymoIM{p{Q;w{MftD{QFWv7C6|7tG_zPJWxh;vzVj3RYZExd9O$WQuTJ<8O
z&4@T(!&EZ4MnNKI!H5P1;#lDm9&?~!Wv-d&E9%ZkSB22PBQIbkWC%lnq7^;8qyNP@
zX`FZMrlzJsJFcaB8-AWDJ`fqjR7lOiqU5D(2hFN*bXET4NA4KCnqs#8>Qywu(3BHQ
z3O7L`ye>+<v2@3b)5x9H>6J)Dz%1V<h(%HCyS&wQej<vi1<rP6A0=6_6D9SOgoqC7
zJsH`aN-N0_y?=FMRFTG6fSE;~P$p3<uqDQ`mug_KfiytKG^k>Y1f^givPd$mdE*>n
z%R!Q~e`9|-etJHl8{3C8di4eI@S@#8%)74YWZ+V(phS}47}T8PIKjLV=0;Na$LNCC
z8PyR;WLU`ZPkwjtGWgtATb&0VGfs3-qu9Z?BQhxCJ_+C(<evJ;U&7Ns_AUa#n1ppN
z5Kxae2dr*mJ&xce<fl8S^#kj_)-Dd@n#`N)E*#W0d2B-usxGk*2NpZsQc=5bCd&*y
zR#@nSrH<HJP!L8si@+c(I@PXLVax;_5-cMWkmoD8<%M?@V<}ZWlMTEFbIKFKahvA6
z&L23G+RiUFtOi3Tu<8nO6@_)R;uPLp3Wa|%eM8D^=IrbV37Qg#RCPoYj#0FW-q~A}
zw^5shTU2*sxHAJ)hjG?x%mL!hFhq2zp#YbE)~7qO4fTc%bQrujt;!gFo|CWyzqq0w
z&x(=0#C?zCSn=C<lMKNr8xBS%F|A;+^&*4euJF;OO=pU(^+(BR-$Lzn+@5a-w_KCT
zv>DNU8aK40*mR25H^LY^Ts=akQdSJ<x>KM+gxK3Y0apO)HR}=a?5t#*-wP9HP{WN@
ztI|<g<eC6mzXcL~G?cqafWn7?5#3|W3;Z)?h@M)NFM-__hEZK_F4sPJ@_!IRuJW`M
z!yx|Y_pjn-SLpg)`?k3Eze%-*%UE@vqtHWJT%Spg7{Asxa-63|Jo6;=9Ck#6Fv)L^
zsaxntN4BL<T68}hzTZmtLO*hKunf}+bsWm8RO=N5O8^Ln2vNK+nHxlwDRhd%0%ABx
zJBl7~<C;%v%9&+$a-1;n)Mt=kK7{J-9mu;<u{;WvX*XM4Q7iC&?~(Q_AnyHhjE@0;
zDoA8R2oYHBtq+d5Ixs#`2CZ)IWrG{JM&zXP%}ST|W5J3&XLzpwoIJu7M?=J9lgM;)
z&9u=!H2+vvMHKV5s?X~>zDJWpaXE~uAxOnvG)BTQxQ0p+-QePZk!-MAAdbq*U?}iQ
z+8x+Zo$Qoj3XGKI+Tbg2UX2w4Din!CXzo=^CLE#fv)C|~oTC#%Wo+%=g`1ZNDBqK7
zLU;RSzX(LPr$~cVbO45|PobB>=Wz;G1)KI8djy{6qwcZT<6`6#09Lnq)n7lI&XCdZ
zOCP}~$Vhlc_<1APYWS5?>JQ2QDq@fxV`zwha8d*Hsps!5v^l;MMqQ}~O0U&_C<srC
z;fog9*Gj`Im{YJxOBLuFwxN`z6XwLq9c?Hh5WfW14W%@;`mgSH<LeFp!dMH9NCjpA
zJHk8K^*b<3K8oQ4+D9oB$tFV{GU2Ty5>~p@(-CnHr7K5?jM9V31%v_+mZ0mqCkt^g
z8A(8nBP3jhD2=_{CGhTH9gM>+(45`%JQO|c-y%q<ayLqPRt3}3|5<dPcTF-sObl4W
z=Dkc%(;sAO+yP|>PUc0=Gl60?_!}(RrThj@&%nTYq#=O5=QI!(k0vtL;&*|es!d87
z^f$7I?<~Sz_TGQ42K87V!aq1z0Yz(kAV{UwkhrZH{|HJ)tj;?gIBqXUX!;Xh%|go4
zkOeXkvB@2X4803Wh69oi85|N4k>8{k$0g0-G+bn}B-Vdm5ed(LR4!2ciQGM9*}P_k
zD3L-G4ChG5+zNXFdt{-$a!6)hek7pQokkzdH2jZ(cdFRA+e6cv0A~3Ex&zUg81W3$
zBJs!mTIb|U_VgK+MQDy`1J^4UGX`X>`m+6u!5?Cg%2N=tac^5tWzg+4pv6c_;98&e
zP1|o%@LlH#n!yXz{urrPnc>eGA@wXQk(`=Zb?_+kc7GM08Eq&dv5LPuRaynQUkCo@
z=s9_IcwV6=N!IiyqGZl>`p9R$y9kYTtxeT>nWQkUr%E&mtgjc_aUIWvaVA%4OQcIV
zjB*wl9Fl{dXoX~jv9n8`VGq?gto7GIq&Y>zu#b%q)NlZ)tWg^*>Hw+6ojT2mw^nv|
zPx7;y9dk{Pg<>*%C-N~)%s7?iiPz^y1_1|KWoNw;d5o1s@g}gGG8A8IF8T7Q7i4zb
zf9dem-|k0&Kh+El%IjJ9ZhUQV!w)t$#gZX(k!)Hx#T}25ORm4rR5ARVm>U(1n;|zZ
z>0Uc?3O$HlRkLF9D6y)vB%Hbruj>K`QLfD?9OQ>)wWxvK+>udH6@#Iiq0PqU%14ZU
z)#y2VfJtn4j|gVJo&5kFWD5Q|XjBP-<<6dgW}%%vcw;OG``x;g{Q?c*qNM#BP5YOB
z{fDM8(=+{-rm_DIP2>1~(6nwXi72XZ#Gco>xpjPw)`?0W0&^EBu-y^cJA?EjGi!R>
zpi@S_-Go2w-tCg#9|pK}X^JMM#?^Y%G_ntOpOb#@fj=4*aF?}kz26THt$f%&$hnb&
zcE8^3zFp!C^PN>|a+mvur-OL67x>5fhj?ZVNw1Tmy}Gt|bbL!z$=9{-_trP)9%vVZ
zGnzWF7u3;9=sv2cxe$|b17uV@iFRp49FuOZ{27x99iY%Q1v|8?H1eIlL%*acpBXPn
z=Mn95Xg4UmiFh9*fh&<}et|Ak#e9xVc2FOJSkSKpWNg{KYHYvce!{1BW?w7{*4sgO
zygysVai<mAsgXr?@a&p(XZK0$hqTwXUNP7Y+<kKKMHvLP?@*l$>WqHpvUL`5caf*S
zPOejQ9;>1g&<@;P11Rroz%;8(5HmA|Mm?pVvK^vKHBTq=FLJ$Cr{esIFsQBy_8zZG
zN(dM&53xe;4a}+z3n|=hm;>9>x5mUe%SkiYRT$D8v6-`+c(qnQb%djVC@5LOW0bLD
z%ra80txbiLU9w*9R-{2vtU^*ZvO@z^%ot&2n2ogZ4SFk6QmJ6OY!G9+v{GC;Ykt`5
z$kL-qEgz`eOg6lY$#_h+KYb@tj*TVDe;&s!GFkY*Z1D-eoR|IXdp$dq-X{{c1abyh
zx;Z>(<3fhEIuAlLJmPKI>g^Mn+xsuy^h5r3KxGww;$D;g`PlB1cKGCN`R;paV!wu$
zo_z;59l}%&|C2HRn3<-TQ!>K?(OF;L*F8gcNCgUyv7{{G6HJ~8auxU4*eN(8QYNCf
z5ixTa?h)nCh5S-%>4HW<E-W+o1EMkmkt4%t-ov#j{=%FeEh_fxE0>!ej(l}k=&&Y;
zgi#Xc0|}c2KB4`FD{SZYr9gYdk>r*+Qb$KgTVK%rz!Zr{!r^MD>pw{<#{$PMmw^Kx
zZfD*&Ri@jNG=CJ$Rp)l076^h(I_Tg&x9jJF7>w%&kN15nM|WVK?EI+*UsYOv>G$)x
zUk4kN%-mEfW;1&!YCfd7mj`lQpJiKg;b6l$G2iA~)dHi4XwV$sAcFzGzC74dGfQu<
zo#HJvo5$u*oUpEbS8cPxO0GK@&Pg@9fk<i1m{74Hp)HhQyAjbu5DXI%ej9e9<D3Sv
zAvNjVC%6(!Dg#(yfDM;0EPS}KCkS0E9|&G&zTVk&iXu)bmeem|)+=r<*5eBefz(w;
zhQjDCJ`|bCr3xohUOpE~V#=UM9*HDMJpdKyWLV_a=}sez+6?S=f6>5lQ6Rz762g1O
z_qt?sZ=PR;2YjtxLhPmlK2VP1pIylxZNP0FWel(P7L1FXR|>Qn56NfWYjv$e*%cjo
z`Ir9Ii@&Sj56TD!d`K`@mi!w9c5W1KLiH@bHEZ|zAZg5mfx=ed22<(QubYMNn>V%M
zDrJKB#6r<goBNlX?0d}5?h_a*18QNi@wQ5}?&9_M-U>ieLq0OmJ(7?@f&5bx`8Ro>
zF}ba<0Bycgp8XXv^&2^n^D-Hp)51?~0L(;nQdL<6jR?bT23xildEfq1<+U!GmF7QP
za8h*`j8W{Pyr@xl;!F)!y=q<ULlbg?Zi#eMx0UHg8CFkcu57B7N>@FbwqLZ{IPIr<
zNXvLU-~a~uYv-(Qvu%2JKRO>sgt+3+HAY_81yJ0g^M_fikzBQ<=m;X<q$BsPT8lM{
zGlNsDz9d<*nB|eu4o>XNtg}wBdj#7%y$JzxPDgNom(rT3HjOA_Ez7;^m#r-PYftuf
zXDG`TSw}yLOgjGBR?aoCMqOmCM2xheEv;PA6C-IdRR;UJUyh82zK4(=eWj5VKV$L2
z>ip?6<dyMn%lfYI^M|DAx3B|;n&hSYONKD*kM^owEnue$Bd6ak!-Qpw*e;Z`TmnC5
zjMRN>w-75vHS7`gbA=*H)Y_8E1)+(5hX5_j^6>f#+E8K_@g&tdd~a*J4y$w5l+PIE
zaJ^<p@!v?{PC#q^BL&%gHl4NDlvYhLpI4&Acit_J6rI{Rw8{6$O3ET#(i;rNE5}RA
z6R5R&9BDV2Ilub{dLkl?teu*cEp~tZ3Q9#@1?yY)LGQOI^x9;5SfBkyamN&v?^A=w
z*~*%hQpiOq>d1Ibp^M^Lo_e@*wdf->KfC69^f;>J^CdMQ&y3xmAP!oAKQXi6HPXQY
zE(sJNThTiJSI&kE8x@kz;~l}gcgyNLQ7&cC#8P`YE_afH?i1}2+bw2apnwj_*SoQN
z&^I`a91|NO1!O4~y<*l`Zna-D&n+xCaoW`YYKRJgn<F-!{Ou3xD43PfJfI`s-&2g1
z-KuF~Dy(-Dcq1ywy5oZ<%qF@gsX{34(m7c-qSQAG9~GRhWZop$%ymw3T_x)<K3heu
z@;vEPtCkz3^7}w5;b*z_fZ2{5xS;C*EHgt%YP1`~xbg4Sz0^~dz@wu-ZWAU^I~4dm
z0lu&V{Wm6w>+$=cz*fe0qaX~r8pGgR78bJ5H^z&yiLiHPhtX0D(VLtpxKF{nHaZE#
zQh6za1b7`JQC6>F?5=Iqiktx+r0^|dla#ICHkiqyL0TAZ0fx!@>a&dc$B5aoGf8;n
zmyK*DeAtF(v9JaX5Px0D6Wn=%WO4HMVcv#~_>zr6d(Ckc+dU+A%)MBd3gnN_YeCiH
zz5-txt`|RuXRH8M9)mjYfkY~RSeKq73lll0j|{)PXjP0hIQQ~<CrcW;{4RU}*aKnU
zE<(En>cjfgD!`0aP)iDtS@|*F?Wt=67pCf>jBM92=jj+>+qabjIn8A~1#vxu!>aZ!
z7(u}%qq!a3?}*=m{mu||%t|MPlL)LO8~75oEj!!r)7@rt74BizlU<y*r)+Nf?1c2l
zwOcLtZ=BTY4*f`jLX+uL(@WB)yeNI6nnC;H;hiHr;Vs|5FiUKpsoqI^`?*T7r+hx;
z%7Q$RBX&*8fvzah3OLiK$kIvKYC80lC>ZKjxJT7f1slhQy{3vwT$c@}wE3*Cuxl_*
z78Xm9P?F0h+|v-R==V}ysXiBrC?af`>ZHFMOLYu`fB*{>LB+#dRVxIUQzXOy%)%$k
zC-h4ok1ox#9ccGmtnQhILKUX0QJ_ain)?T|Im9EZpfLcIibN1A#%~)6^%vs_kF1=C
zE{;>v)x!)8ctFxt4bmu4RcT&QxpU`9Q;2X)fwv#%oF7zPW*u^^X_c!s3ko%cVs8-R
z*9J>{X=nD=M#{Z`ykDIN+jUM^ZJ;^e&4A{({ArSzNKYn)vg~N^9SQb7(MeTW$&{hy
zt!XBjAW0i;Y4-OdB-%AUYSo%CK6=)sD-D$rII}+RVY50HK^`1yP5GJIFKy84NSGdu
zcHl~aIdD@h={T-2!Kj0yp-4N6W^GAP2-anBi!#*29Uh=FJg%LRB2f=#WLoXEN;~I^
zI@QRxrHa9rV1(XUJ2{Brg92Uv%6^Fep%~)#PPNL5?XQg|*Tx;Kqe{}|xTa(d_2=j%
zRpF3SSh~6!r3SdAbaJHlZ={68iJM1WE&^JjQPwR=H)vyLRozK0bs1)g+}i(|IFA5?
zCFwrrqbstZ7hX%ZoNXZp<tw^iDkiQSfRqnWskC~phPNUkm{kn2Hr)BocY`iFjV_Q2
z{vb#D%2S>YAq0UMI!+TH<ZG#NGwG+9-~u%J)lRN=oa<rKA4!`jgASzhsvVQhzq*75
zJm^L1Tbb8f>g{;GqiG#<??k=835#RPiLlJS7XE#ZjsfqpRU0I~>HWz5O)X-q3X600
z2%VS->uvZ%7?M-dnY5M0UGu`2FR?8nizYAYZ~(9$*ARA*Zj)tB!r?veK-AaYXwC@K
z1X<mCi-YGUVt@rKwQJ5A_c@%KtT+MHCRj&X1j-#i8?q-V7jMc3+x$$zkA}lMA*s44
z4A4}QJ+FeI$Ixl~q<r8$7B=C^W0Z`n3fMS$FU(DW6nO%FvEFe61;+|toxM}LD<0;{
z!By-3t1DOfGCeK-QlF}ZLZhfjkI5%7_}ePAeia17^D4C>M>SG>$BSBJUTO7Lxe{Cc
z>fr$z#|q@@A3z6R+WW2gH&*d4UHJcoKdh|(Wfcqz|3fPn{*@#9-%?{Wni6qW%n1La
z#>W0sV5MEJMKDJ$Q6aU06FKl_?*#+{M7VkQ<vr-?F7gD4E=qAWSk={4PQ}vu_`JIr
zzLojQc^)sO&Hgi-VER6+YdoLCqdRR)(>SQftP$hs{$};@Iz{e#dik8KQ?xrsskrXb
z17vkK@g9^jYqJJ_hf;IOnY{Mr6ED3d>%Xq?UOYM8!`qwSX0Zd0dA(0+C(#+DTBXsp
zx7vR9;hHj?#!A9xJAY+CX*1zq0&yQO6-xg;qjkb@b-)@jbLdYZ(avD$Lx6#1gqX4;
zyXqbbhLWm@<uJ&z&%&2Tqp{DMH>;b{=j8;<$OGDyev1m#_H}?K;*oJ2szM>33mWih
z(c9_qYwzy%wxp1$aVlUW)&L)8*U%tngHFXac%fHj4<x+SXD_idI=LBwTt#XbwDed<
zn+5*<MjAFsT~=+^l{V!;scXVB?JSb6!iwzb>jrBbG^8fFH%xQdEGO5mOwFgX%(_LU
zcL$UL6Pu5(cY-pLNF86lB1zxg)#=gl5=tCf*h80_{P}o=7E1fP@O#_uL}$eTX#RLD
zM(Y~&{jvIJQ0!K|bg-2VMdAV<=BN;d7`fDOa`nZR*Qiv^W$|xlr-3=Agqc|nm@imu
zf1No(CJ@CZQOKLY56X0h!Q~})cT9SQi7sv05He_4iH`<FN!3F{zipUxu$%b{?Y*Mv
z`EqnH3VL%T`BTyrmQOKYnR>OCsCw`w;GwBVPcUE~H#V^Jhal$mLS|Y_<!oB1*vOfm
zfuOzZdHG{+*-4tP*=TFT$^wQ)<bty@PRNECG1=c}x?6OZ+^-+QzMe)3-nXEC<K{$J
zL^zB1%;hR5sQDATaAg!YP5~A=Dy+*vW;Yn7HXQ}wK?F79{+V~B&UmzWt}ez=mo5cj
z*fzLHu-1BLqVEi(yOPn04)vdQs=^4%Et1-zka&gYXp*7il&7+fxNJYyhFR>r%_5Qs
zDoQ@Iqaxg5-pm;>LZjS1pzflL<5AIpc0y5<7N>@u$7(e7_icboKC2w7Eyx$LCr@8+
z4pjK{RW+G{=kD^%kr;DN4RnuTFCWS(<TychkG2>VK~-|)n`sh1J-JbAU2e!_&5K$Q
zmIcP1n#l#8$U{;R+}=W`lv{Q!;@)f)7BjKy4`n#~Rt&lpzEC&Gd8(;RuN@S0PH>tu
zzM*tthflqI#fbO4>K_233gk{><yLrjlR#(lygAGv$tPJ<dga}&%0oq<8bb3$YnkqN
zf4UTcE#;2-sf!qxkkm38*@DgxNC-f{<WF(?jVGhri-~eF?q<NJkrb^Ir;kKYy3)YZ
zc{y!K4lPU5znhj3bE2fJH<m~UYHX-v73(iHoWRBunJw~<J%BXWdeC##;Ie_7s14T2
z^NwFV^6S!228fTyR8wEW7pcXDc2dL(31mE>1YnymIkYBvElql8Tim*r5#j)&Ut-26
zE^!~Ab<VcYqvIdOJzQS(y`6E;TAf(r8FuklLb}vqM)DfolhFkb&C?LecTM0)2R$4V
zKFKDW5}Fi%^|KnCu;5cA?GSO;{8ZlPnX^c{X3gZe3InHe3`of0V&fN2$P<Pwgj`{7
z*H?o)>MjSDE>l!mROmDIHqfD_6+0qiig?0$vY|6bw4UU*tebkja_x&!hrt9Xg7K>z
zl!)arhXs*;mz!=zYqzwl^vx?C^@ebZglr~UYJm+N_{)^kB<_^S=QzhXq?H|8Q|(wc
zF}rva=dymYD9(^YRXxz;{>-PiT2*H1++3zk3&!!Nk&Rxf)z)YWrj2uEcx17Tly%5)
ztsD(hVl06JcbA~W><3XF6ZOvbZ|2p2t7h==6TTlJ(x;Z8keK$>Qwj*)rPh251d`*$
zaTl^mP!MV#Jl(%WscVTi!=`Al_o#FwWG*HqT`ZkJdHj_!>&DC}#I!ChkM?18%4@i6
zP$_TE#P=?jNn(Svd7az!jgbCW(G{|ifsocbNUhbfPAR>C)*G>&U<}u&dl8H}+oBbz
zUu)J8dfgi+GB@y(@5`{*5Uq4kh6SOZ-=Dz0*-u4Ibx9sJxCuv+yDy9}PIGR^8V6N!
z{uOQI3{|A6McITPEIrn71Wc*TmQcxf4Z8@H9t`Rz2|fwu&qc;%n_Ehu6yMtx{fZG=
zf3~(dfn~@@+3cTNCsb1r>S=O_v{u@vwzmdW7k)REd5>$29@gbsoD!e#Whvel09{mF
zrHl=^d%Ss}=al;qWh{%zblaDtY0ZYcE0%F8%n{T@M^h-Ard2MISBMdnRwy@C5rO`V
zo{O7QA=YNo+^Pdn;bpEziK^sUHsL$fRNs;1AAy>!VVCQxp3Oeo9o}PIjL}Ey-@k-`
zVZ(k)PA}-p*0=+~21$Q8oT>$Q%Q$2Sxy7u?0j;Cjf}m3TYQp!{o+Jy+g2p*oT=yNm
zMxnMJfHnOxPNQbE-eKBGoxE?cX9b%@(^jtcYF1Cr2)wEWLr;!>?>+df5rWEhXtEF}
zbtNBL2ZV4jipqH-*VpKrND1)rHc8Tl=B<daA)NSn@c8)7LJDr20Yfi_pN?W$YAQq8
z4Rd~Q`7_T^h>9^fYUZs?AyjRS6y@g9Vj<rtbcr;t6SqRpjqd;%E0rJfR1($d@=}Qn
zFM)nF1W0g_Bs;?LOHVbCohsmlHHPcy<&xc|e`Y~;@`%}Z(phbx`t~;V)Xl=u!tlgv
zC8r2mVME(~DK8kTA=O;2ad&Rqmr)(cCTKTV#l4O>durxMSZY3MxHZwiWWTdg_&t&J
z{bK#ZI<w@ZL(gecQz_s9+x-oI{unFG(iJ|}KrX1%ExuMZC`=g1y1Ugva6gi@-lzba
znr*6FK8jghza%r<)dGXOEFag?n;f0q#N<IKraPS)voHPD5x&HR^4cs}XsM2~2@h+&
z%0a(+!mS|asb{Q=A=BsN?IwtzN$KQ;>3jo&3T5LJipPEn)N#YSqNLh!*v>5z|3T<X
zA3uZV5pd4DAKxmby$R<gUAG;1<PZ>jlBQ9NF$+!5B4)xHU)(I{_}Jldcv&S2+(V=2
z2qsTz8U^H3F1LKfmYEpNs>8VIH2Amj<exu|+%m+3iMo!(UpRw;b?GRd;l>4C`TbL(
z+a94g6BxqVMqambIh}isdpT!?N;&L~Ae&!_GvK_WCMvS~j+`Tkw#RMEs)()8^sOc<
z!@We$22CI;S5~ZinNg*(E9wbdm?6QusQfqoWJ!c`oG2K&jjH>&Hpd0)n}m{aYKgy-
z)2DRA(offGaZN5(AlHQF_duxE4$roU>cP%xP}NA6VfwZ-*(P(R#J$Q=Jb4n_TKct=
zs&D8iWXg_0vfpTkj3Ff9VS8$A?^0s^Zm`ehz)TeoJL(ATot*a<6j8fS)kkG^ki9J4
z3p=uV`mJrqn{6x5&MIq4*T*?q`R{TSpFI&2XKBYR*ctuMkmt$-Rfn#_9nD=l@H!l^
zRlY7h;mzC*fBYLR{SV&!7nm}#GO+(Qm@@xQF#T6j>3;*$W=*NO%a(uTlJ;EyJG~{E
z0EGN)#z8xzy!>e+s~1T5<5A36-#?GL#t1~lPg}@oYvW85j<|c?P1%#%*A{Q_et9#V
z?3!*+$lN}z^YHvW2ha7ssyM!17Do>sjUX({nHNcNd4C-~4kvS}d3=7}UbC1UIkuv+
zwx>fl21eI+u8@73C%s)CCMQAg2HCwZt;5!LrXYZ&`=DQgp)VI9I{uiWxs?gf9t7>o
zmqeToxa&gV)*HZaL(660vd5hV=0*Iyjz}%_EfM(+tfFC}6^$y?B>FMDdD{w~=-YUK
zN+f*-SHBVHnA7k2o(e4(7T?pynesneLeMQv+~7`{-}}w{q3cKEidlDTem5{|=v}z~
zoaOVY&coY%_U4ooI#e(*VWfhp_7zWjf1g-L0-y#9M?MNwGAz7dh7d8*$n%iRB`u{W
z4JOPajNeQ)7-c4_NXg|K#dSv0MHH?k2sy+;VE`KGakO+4DB?%1FU`KhT?b}v9)s2+
z6V$*<tbIc&P}8>14WA^Qhnjgk9Dz>}AGPhtjIzV&J{1|D`@qdn=}d2O2v_qfYtT1<
z`=dO<_c0f(V|u4V@;R)5HTtwF#uohKhEZ2k)pWl)DZcTR1X~;fO68AL%@A9JA``-w
zdD`HUy(yp7YSUy9X4d!7`M{z9bQ=IW)=L|t7q%RV$H=cKS)3q^w;Upx4E8BR4EO5M
zwvKw6Ul!h58(d{1Nrljw0k&2_sf$mn@<gemK3^KX7{Xp_y3#~Ama8n}a&`b)Io&KH
z)`#2Gqg2rCpRDu@>}@y_o}4uXR~{FBxq3yexH4llD_d+|je``SF#%HZlv?7pLkwUy
z3|}wV7OJoNp)d)bHtPHKJV@O4GsE`tPzLYBxoMoJCub2|blaQ#)6tNHHGRCH@u!fU
z!U!eA5^B-bj1Kjn5?Mt^3Mw^Pa~G47j{O*mQtAQ2K7|qv>Tjl28dk#g%a?qCdHPo<
z*0N(1QUVqF1o5bR-6H6T5e$)*6y4oIW{Q92tQsU}Db6^F%#T8Hp!zGNi>n8rjsS!5
zlH`T_vcdupI*H0w*S%ESvbHQnJCMIzBu_Z^i<at;vIa#&aQK?Bu?l*ZgZ<QbAv=c5
zL558dc4SX`D3R6nB;`~{`we{xu}$C8;jpQ-ZSxrcnMzwGYQ+q>NU5?wbi9IB6QkAG
zLp)bOA-yhHdZo8*>UL>G2h{M#`m)D7w@{x-ZUpk)FBVzM4`Z`+Zd8vE(1Ez+T0zYL
zMU8c^-TLKaliIWv<;@PEcUWW*ezkwFf4tVStUvd+$o6?bC;la`8&iiIT;A+rOb+kO
zoAyBMkS^&Z-JN;5;)w;4CP2{#q~cYsb^5P`zSge4dt?;zEy{*c{N=J)vzapLBAASw
zS-GUaQ_=?Q91S^6>VtM%k0$ex^QyJE*U2dvBT+i;y9-rs=Hp~fbu_zcDSX=WjJ=)N
zQX(U{QcLp;%hE<-5^*zUzC6wpZAj;sPfoX<Mr(Ca_XfL5-Z}$0o@Hp_^n-6qa8Y@i
zDK)g>hl$W8rn>^Uq4rG^TV*lUL~X}XYfMyJw?)}xsq&4%0hV^QH9{05xs3NTm=9fZ
z1GtmHqR{evFd3*@T9_(YQ@dzo77zoUY{YI75#^>76=@Qa)Y?dI<q^uC>)S23^V>Bq
zQ}H|*>QwBx#$s1J<>q_!+oMO^8RZo_{bmYgJkNTlX}H<-7#?RbQ5XIeh7VJ_%q#@e
z28MAh)C-x^nn=UI+6;R*?P+d(uhHj;3AGAZ@zpvuTBxM<;1!YV>(h!I?#>M{a!d{h
zuTooZXGBfHd`T;kzj!OhoPX2iW%MS{bbD@9{VLt3&lQOf$!@PUg24`W#o>ZXH-(G{
z*{>L}KN;Y%co9$~N{q?9zAF*lMsQUd`D&baG{|tO_f3skLGp56SRZWiNg%Is+t|J{
zVA{ciG8ClpaxwLiD;HKlUz3soT0%XJ$Mx2jfv1fDWZY?__A8msL3HA|=_Zs*Gy7~%
z-k^n&NLzZORhcm<^s*n5gyw^NTkQ?|-c2NT_?&eo98IA2izC33?M4Kt*eMRiZPi2Q
zEjfq`#R-z>=k#A^TGJGRFvfx;c>KjA)yhYZbr35;2lcoO#>VU5I<+Da==J-d`ebwI
z(9q349;oxO`GZS0k;B9?q=g3q(SxWjfo81?7TmH)QDesl&DyVBud#F*>+-sk5s}x?
z=|A6{ZUctGmVt)}s4Cd?2UocA3&e-xiN?jzZiVx@Ni$>m+Phf>0GMDfs;Txn7G)M^
zZ=V*ipBA}&E?pO4nqoZ(iFdivqvv?w_~Y;<23_$nM|B1wZ@}fjsC`6Zao;c0F2G0#
zO~nN(qM2Yo_uzt<w;NJnE6Se$KK`7>QUtJ;0MGLcnDim|(?MlfSd?Qx{tWVVBH<b;
zUtOf@Kzkd(DruxKQ(NipuscbwiR4;<eY0I`@NZJgi<iC_#gY>EXVPMqaMP_4KnpT6
zPIE9`5BO3KN@UB_-|Y3Wo|~)KMK!#FsOUYImGD8EKo4XUBFK3gwDGYqUs!S^C28*%
z7pkIk6sy7tx25!vPoWOeby_C1f6K`6FS(KRV6;EC^>b5F%5Y~ytw5e-e33s=dH5ax
zJSBYAx8;;k=+-~7vwCAJfn_vYz4u{8<)5oYUFoX#CzP}|M-_(keP^VnXzU$Q;N^a3
z)fu_UuG1O2w&>}fKJ@*@<#1V<yMplyI`_@Ief^Hi;2<(`Et29tjw~=bTc0nBS6?-N
zlVAt>2_XpLe7p{W*(xePT+gdc0O3m8>434!m-@Un4JVAr#5#@EvwYMC8CW@i27y9`
zvp%EjN+6h*x(sssOtk5lsRcHMM=(&O`W;;ip9-1hB?YP5B{~aB#H->;y_p7Zd<<5m
zXOvgf#D)(Ao}MjwuvAw*U_m*pg)|ei(#I%=Y!|?9u~dpueCEp*>xr-P9JI(=GyjPd
z*q$TXpI&GamP~4_m*+3o%Qmb~eP^sMSPb#<sT`1UB{drPS_vltH+^$(M93^wG{R#d
zrWYM6*e_CvK_RQ_?30Bwq+1=?_D&$D8^s%RoR8q-PGE@oP!ag6)Z9K*&Uq~mmz%OY
zF1>(rx*)sb>P?5N-ZDdw9AA9_aEnMl1Xmzw%fb9IS325?jYJ|n45MMPlYE~*YtyG_
zp*~O_7&WqQ%B8GEqbR$=MJy%4wT)WmQNyv?BiR>zOZA?Gn=5xZLl7obPs!eV``#j5
zBY2dR1wF&L4ta`hOx>h7mDqA1^l1tM4Br8;r7#TF&#%*!Omyt~JB-QvxIeQcYokOm
zv}K(bx^&-3DRjO~^5;<s_X9wn8%H#3Qrk#pzgu{@v$WIks*%Gvo|l!S&iW>|0xjNo
zuVoaV(t?a^N8LrO4k>j9v3b0>tg^F0rLNZIH|4MXc6RC`sf%b_RqgRtu$DuUAJ@~`
z^0Qu~`{%-@?c)5#2CqP;{7%mJ^>k^4_X@I|oKy#yehKPVEm@n#W3hl5ESn3i(lgE_
z>xY_Fi{AB`;&+<YLr&<?rxQNc$aNNiZS6nb+|*r3julv*i2`1dmsimO%psZ=3Z&gN
zVF|axiuM=frw37FtBuF%m@o=%l{(Elzd2}x?Zw&?(6u0R68l8bOeV#V4_G|49pB=j
zKc-}Km&cEPJVwo&lIKG_Tm<#V>pgO0d%Z6o<T*%IcYbc3@bczn;Qt+5|7W_Nk)470
zzu}tgf5P>@@+JQpTpugTSZ&cGbbqRyVb^mpVNRl92y}N+KBcb23!PW!$!7|Bjql!0
ziBEfCnYG5hphS~MJ$~;D&J}c8`Lf58;kOece!f?<w>$1Ww-5~xjNO1=XuR-73vl-^
zKQ25`_X7vp+E0qT5_*MQrOw`xZjodnIONH*o+(v{t(BmWVO%3|bnEG|g_X3|E<5C~
z2%n84reGJEl;j+rv+STXdIv2P&YR_x<Z@1-Ec<)H{WF^%t`asej3VmJAhCQYb^y6h
zcYM=!<Y!NP8ecUYUNrk7;$tYNp{JR_(d-+Db9KzKq?B66bM)M$PNqBkvEKp+_)x34
z(`DJ$On#yz_PsXj_;#|h0}MvyAA)~Lq5qTbqczD2l)tAC`rNN+29hz+*HD7tVu=%>
zQRHr%`ezM3jv=%lZKjp8O<ZH&aJfi0`-Pm@@jwziGHlOQ-G~9Jp~$hQD14qg3CX5B
zd%i)~AQ%qKZe+d1)2>T0kbb#mN@Q{oUyy_H9KPOH?<jB?ZP6-vMghm@6t65(s5jv8
z$VjuNHiIJt%xLsi1hYGgXS6qdL==2h1{1W3X@NdEmplfXT`v)A=eO&(oB65EO#>4P
zhg--3Le;F;0E0&X6W(4|>Tu&5$PBA#{@>Nlf5wiO*%|(;e3<_;p!DB2&6)pIQU9)d
z{_j<E27D$)b~eWU|Hbp`E@*9KlOMhx?o*D_sSGA`)6hRRX@fGth!DaeGT<mEBE-T<
zlZL?p^akNkp(mbNB8!Sjb5qHZGBs1xEaaV=%hsDJZmTstHYOTb8N0qWs!*f9ryesf
zFqSr2*T<ip-+#<bv~wT1^FB|%-?N!mmsmOy5NSj~I3_D~nx8?dE)fLn2!d@)oUoD$
z2vX?!U-b5BRF`HdbJ^&+u?c`a&-OK(GASqMw!Q!azc7Qre6-G8Q^0?Ht`LGlzcFXv
zD}#YuEMwqa;QM{OO<V?Tpb0lk2YGYq%wx-@nw>vRBp`IMz)oLPJ8i3u+qgW|{NP_w
zFx8qn?}s}C*KUQ)-@=-6KSIyV$4P=u7N1i#INfZ9Iev%*q4m|ugW+N5KFoq;5^kJ=
z(S>u0(_lrDIQk5mK{s#&`UwgQ_7M{l<|U=AwY>%NhI%BvKgi(4C1g5Dd5rW=^81Av
zL*cM|ufr2&uCf)1oE}G_r}5Z&^ab~a3NItc3VxOR*pZuyi0(WQuSK-(Y1gX!2U`ac
zSZ@F{V=?!~Cf^`*hhhDVI_Ef?VMJMrh>Ypt?%0z7#Sl3u?9aGq1>^>>HP&MPIupjd
z3I0g*q}!d!J&Mii_vG?Tq&+;d2XW&|Bf9o;MRg6V&tZ{cHXp*v^LS=@%QB7;_%hpx
z;>8yk(|v%b0{RSMTFt}B8*w!n!D|lD>_zU6Sq&&Of$HM2`=Qtkj{0|$-7`7^*^qLx
zq1g<Q`PUJh-J1WQ*hdS{F||kK|FxoDRcP~tt~^b!2bvT={upG)$6d)B=Or2k*az{-
z5sK13MrsnWM!)W0R}Yc2M)&=bhsc)C>Kwf#ZcB1|aO{oUn}rv(Vu^%bVoo#F9imI5
zx<|T~(}Om*-tOT|u@l96D&@jtaHB>pR)3PD&0wz_0N3x8YYvzjx_@kpDla)JT3FQK
z;7zFw&vb?cv<l%NPMQg;1wF^>3;>H?^Uphn-cZ4z{lchPAMpNx#QU7B-FXE@Op*eq
zAL=p8bwo>%Gm0GYyWl}`jfSgJq=(5@uDYzsE?yc_{s)uJNRhHDF_BLh8OhHQDG{Z2
zdxH&M0z*ED_?JgW2Rz^1ad>dzIJ(TrtJ?{j>l~KW|HIZf1&I<Y>w0W^W{qvzwr$(C
ztu?l7+qP}nHqY8S;>0}<x1+kNDx$M1x}P%pul&-P89S31mGvAKJM^%<aGj&$%$ET0
z=Q#C7ZGtkHi`s1nwtMgZmlI$plyXV6M{o^rUOa3dOZ0~jiOx_$edwP2`R<-+6@T)c
zX>_&-RMV&ml3^tc3fE;N@oq+LNj3X@v-Wa``0ket9}Nas79UvBb)y*VMgf;5UIZrs
zA@s}v<lt}04Ac4DEmjie7m9Te4mqO%HxWHB>2%#lzuDFwJICM0lT4j@J1DY_7RO`s
z52soe6NL}k?k9#_2u{{KedZZVa@RHau=?#5QeivjwwN{Sb^`i$56RQ=M>A@(#ViLR
zA@n@Z1Hx@Wi+JDouCcnlwy~zME^_^NlX#baYMLkQGSu0=`hr2+q<CI(C;i+ZXXEC)
zHuaD3WjpVq{S??(?uLErmU6S%@7fR4mIQd&-usdBSzW*D$LfpA3(RM!XO_A#{<?93
zrTux7;34TA6wG_{8E=CI@-q`2K8=;c@dkktQllCDIFU-(1xQuhIAR<#k}O0~EduM4
zF(5JFz#KMl(V(hS=0k?FxN%4CFW+|KFJG&1*u&S&Gco*c`lK!TX5bVTxb)D`TeblJ
zWFG5zI6Y5;v8L9*#<HT>qEc|P;sBL1>VZ_ws3RX}p52X;CiSZ>VtWDYI0P!QiFfUu
zI5Mu|KW%@4#~tIf2bUpG9g$nZt&q?lr?+^vObrUX!?}pN{)uP4RKieMIpJLbaU?;w
zJ<)KqNg($If^8@@t$(mbK$83q+k}w@$sp<tt7ruzmqsTULfMVbFo)n18lo*uxNWJ&
z53{{v_E54pOPMwKG;wY0GqO)8%%O4yQ14eEhYjm%#50QM;>rF@$aA<lHAZCS(oCV5
zU0OcT4pJA6ZiQnxAh*VCjnJW-L`4m~cZhUs7Lk4vegk>b806QdYf)6O*a>FdiP{3M
zPwY}zqp@Ay#AlUPk6fSVAOyMEbBzst4G!Qs#NHTKgxxbd+O>_2H-0e*cK&!g8r+yX
zp#7H2F#`v@hZ=prk7C+yCB4Y;alD_CU0-yP{k~o%dRv%LrOWK1Z;D%;TGts}5PkNG
z5gUt8$bwtW)AiG!MKq3yL$DMVLh#rbrC3h~^3CB{m*9}Yg7EdPz=Uj=N(;h#$_}^>
zdSpcuF2gSqS;Fna!0)LxE7B<H2wn_(u!EHD8Dn=zZ5Pq1`V|XGKYYv+-Vt#@i8ar-
zAN75pE=cy*gG1wpeo2dmRd2VE5^nWNz(M{!wFYcQjLsTV)k-<hE~Pfxcln{l7Iz~3
z8(sC+I?9{uLA!_^>F*Fxdwfj%zF-5bisUlcB<@i^?#$s`@TJ)n6gInI0X_Ssei-H`
z11{r2JT2(xa3rU%!YSb4e5q+KYvWb6*3#pirbITLfeu%z({TzMliT9csqP<kd%a#`
zZji}6r^2OIcsozWUDgY?94WlSRsT|9=M9c6<D;oiiFt*DoW=3Pg2F;aV<BbcTYjoL
z%AKBpddi}~2{+;<t<|T$39$3~oXXg==`IO8tgW@hkMtnzN`07#JkTT;yEB?Ut}7=_
z1dpjJd(=3eS!iAWB!RkF%ZQG_1OsV6Fl2uc{tiA39vOrhhz13sV9!1$e`0-rmTV~D
zd<TArKL3?fOfWn^RvV*&p^B!GX2s%QmrW7@{-@<JBmx)`<P%2+CqnQl=B8yZGoGIm
ziAY2xu8=g7WJ^H-CU&B7rOn|xiyV?))kQhf`yer;TNA_;2Ocni!%c|86IMdI$>}v)
zo{YqYx%obpp3}{iyDv98|NS&L9nAcFa2-zk8uRh_Oi5yYG@AOp(P)0w*WPkUPhYJ0
zqnCt$u-o9gNu&TXmiHlr2OSYtEi{jBmUiy@$lE>~c`Nq$ma_M}!eY=Nk1W}!HDK=i
z3Z{=0`0LAhJ??*ZW*>9GGhBI#;deY*1P&R2TAHdWc)?-aZ+?Crxvux4>7$$-tF|XW
z)q`T1)AmmK%<?REA@SUtY0Jy%O1<_*tsT)CYv8Ow{sN+hG_N!xyh9ldR4<57tj8Vj
zn1yPTB;@{ufkco&DA30_c|S-^og>j}DGid1CZSx)gm^ACa%U8LZcLyd>P)!cfK-c)
zvo;eVpnMtjvB#^8luJw;9?1-1vIk?!&Zmt*9V61to;rE@7{YMC%q&v1SMf$^z?%_u
z>L}x#I7d#K!dfU}h(yi^W_Cv4Xn)wD%M&Vh!1vp8$+AB*tpD=}{oU+6QEU2+LKw0(
z;6!5{u{6L(39SyVv79L%i^nVdZonwVg)q%%84c{%^x_+IbqiIfk@VT(6l`x;o6*{O
zdDt!Od;A6raXN{Ass&$AjU9_<=W$Dua<O=Za;)vXO19O2<4i3K?~A?053+G04T2yi
zNLU3FTNT)Ms(#aI%iO%a`si;RFLF|cjc83^SXAuv<qJ++f}fFgMa_Vikp>{wbq5qh
zmIr1@y`6#3GxSMBJ=I#r<ip4(l2(v8JBxl2$`*D3@EZDH0N_uEHK$$AP{rFtU`U~f
z*uiXV@wO1YZSK~FDx3ijYz8M7B<2tOlpjFi1kwfy&kMu}Qul3WCcx9fG{~}_kIIJE
zY4dYmo@?NB1Dk*G-tF}|Gk6)MYB!O)n!$8YZMDGXbv}~a9DjjMZObaOr49Y1^o0oi
zRyZBH5q(MV6Alqhh!}G>c?TYIT!p43+A(dp?+F;StaaN7|FiA3D^jJ_+wQLL4R#qq
z_+0jZ))gDbV7wQ=UMN$ordBph85fy(=j~0l+#i+~bgmE2=*Wq~QS|q8BbbD9sU)>v
z7$UHsKEN=<A1RKhq-}3%e}+jH6VHqhteh8<AIRNyWDlb<E<H{FR(SYu$*b;DhP%dT
zRJX_1`g0AM?1eEWf9J@p&l8(5pJYbdnvhgDoB|v%s79vGI0E;N2?~K^*SxhytRNDY
zpuPu@%H#ch*ldwjd5RnkIEvvTC-yH`*#~UJo-f!E{9lnpdDM)s8~zUbExfJ@KFna~
zd*MUjMHKCTKlk1Z*qQwGp4dW+RhTjCktj?NWsd68%5qumg_ooR`Hx19O-x3u8=+Eq
zrY*2NL2LlmAjRAvxQFClN98=4lHO$z5u~tOG8TbK<Vcbs%>%9iMdm2-<a=`V0%@lf
zWe|h}twROpGrR>dcu4+3;@N|1*yV9AcS8ASI1OOp3F^klK#_!kMRi^5p^jW!v*u{L
z-f!iP(g@5U?7)i$Q3qCstHZ7Rm+x=z2Xw=i1iXsKu#NymQ^sC4#_VenycDk?#j!lA
z3af3dYGT`6Ty8G^JkVX{UxS8=mv+C;vP)6h&2O#T&H3di8?U{cQ@kt76RFqf3=b|t
zPjAiafm;Av>b-8FtbGHVG3#4|BG*T(FKP}Hi)PFbkVo-@2SSST^9<BnPM4oM%t-_O
zg^z`@VFeonzlekT=wRE(zBG<8PIaOr19R=&d4{KZP`iAo)E&(`cDAGZ&RgH`9yhmZ
z<m2vR+UK|rnl8BZJ9IJGTwWl%zdfLPTEPCim?U{Z2s#C@{hmx4$keWB)f16tr9_+u
z_&VT!6zCxt&Pjxr<FDF%{8w6IfZJ8U65(<=cOhe5DfN-9Qdpu46Em8|n#!8am`P|z
zX<Us9m=-XPqg^RyFwCqKj1`m>oZ}Tylu)#i)HB<-8#pRBIy5X|G;lj<>uK(_4U=va
zcSU-jB?~1BrIHuYHp({6G>chH9hMHxh9?fv;xK)ehnn5%SZI+Sw5{<n!i~O!6cApw
zz+<WJw-)Djcpv5_#A2LvhPH$<CE-)rax;H^XB;q5p-oqEy&22%tj2esR-@p#KLc&%
zFOrhFBO<bwZ~=Sc7x63QnHMnO(o9M0bPY5ql%$cjWE1PBgGV-;2rzRWNQ|O9a|F|v
zO9}9|kb2m?b=<Yu_GBh_12q(5o=Hs{JMMZ4$aH<4BMLsD$gZ;Hi+=#&`wou4-=@Sq
zUVq=t=3_r!cmLqQi&~Aaax=%gZ|ch*tq!oFgom;VO$Vazzu;5x60=N#@f+&vpk;E*
z+MZ+kV*C{U%N<6;Z&-liKGA<mDWUe7qrb{?1O_x!zvu4a*WvB?SvQm8p4+0fR?^el
zTyCkbpM2SMDz>_ZfX$s-`vMp`5q_eg`#CJ=0*Jc=^vB@1X|;o~sDGd_HyZfB{X+kP
zYl)i&-8}lz+~xKrZASOy772(sS-G<FHhTc<4+t<|h8-;{DU*>VY^n`6`Ibgypuz2O
zQvYnX-SrsZ(Rt$cB=+p{{B%`|M#rx7dX|4e1I_D+4E|evF*^{W1_rOm-8zMXv+;Y>
zpXetc<wM41cU)^}8w-bdH!xV6b0PFS66VK#mzA2ej&C;v%`N7{*fJq3stR||Tooit
zvk>G-6;I*`MA%jnGGZq{cP_kAJO|y-ANDsim(zD7<v2CzyFwV2{+)6JI5Ix4I12!~
z5A+PE2!I)NTBO+=cHy#aC_;D^d|%!cDrW)}6R_Q(6%e8$d+Gi$58G;ls(pCmp95W#
z48H=zU0om!6LAPvZq^Rs(od$na;xUL-SrTxe*;DGN&7S!wM0T~DsSyfR#^x%FK-61
zB;S<OpkWLd4NF-buc|4z-W(H@TtD1^&mKUu!LZ=ac*qdeXGvL-*%piuiTL)jh84zE
z=4QL@Sjq{~>x*dgydd%{L(qKL>h_Oa;I%q>+w-fiYOC%CENINPhAnVEc7271SB&n#
z!5Am@f*L?Y0}wsWNXs}?gznA(l}R}81|gnSCa10sG@T@x5dwsXb^%ghJ~aVUxyU%O
z-m4VG0~OYHcGpk(?d{PcXiCg~0UaG=&xrIo!Ybfz1JsA^VtUm#Ef&-D@D+Ey*vObN
zo&FYlS%PlX>__kVv9u&Cfue$1yL+I^X`*=|vnpLV{>O#fYD{VqT2&@JAp`RQgLf{K
zEo2?W$ou$;N<q51(K39)N`oVz4>1sTF$(BJB!W~m2u!GY$2DkH#huS+zr0>N7;AFd
z749)h7wX^x%BQ%03*R7*Idl?PR3fomV@umMr!HFcbV2k+_ni3@;1AN1Av@$Uq<(t`
z!h+fv-OD2E0XSsPkhD$)LniyXcD0^<mW1THq(O>pj=Yt&j4HHSgq4fcU#&5p1D}qd
zBesrz4rK>l0^b=gQSM_dq#tT8!7kKp#5j{}NCp%VUravhScm*3{VuBPz*4W9$(-&I
zrLFGj+DvTwuB%SraF$j7588dPyqC5!sb_HzM}RM)tT3U?MK}kx!0ci}@SuOPizeA<
z7#}%t$y-~e-XlB|@>Q1=HCv_@K%5U~Yns;V^&W9Y9B$SWpo=#K<l!fPuOy*F7okak
zG<Oor@nR8oQrM#eZ!TFhYBth!p)}Fr8(}$+${wZS@GKJLuwpqP%O0pP;4b+TdTQaZ
zJF3QTEs|<@bs4JNK}+29m#INwo0hxy7F{>K557)<Xx$Dtjov|x59V&Lou@|kJ&@jp
zh9GYH+KBg)2!e8=xf##!k8I-`_Afi<5TyEnLJml|zYCC@i(+ZhS@s8^PkE0jU0o=?
z2&MyF%OIYfXT405-_5Y0H^)&Af0>X_1TG>ITITeM>mdQA6B1?78h&g$cL+Vg2tYsm
z+Ou)_VJn<wm@ce(a_g?I*CY`R4u>3b&l_cHkYM@sCV3JN#4+tJ)CvwPhCTXQFe07(
z3ABNx9-Z_`BK^iH^rwPP_vk-(!e{9pXYjam&$(4XGN>#VUdqj*9>K1vF`_oa0e%h{
z+C5STjs~S1uoTBAdMVoE^6o8KY9zGDYV9b5av@Jy!f<p@V*mRycSs3No`uH-YvB|6
zgFPI@vUx+*Hw*zp)NI1x^TT71AVbxu!S;OO#94%eB7qO;LGg`R;7zPihF@gIA#9zP
zqok~l`3Df9>vfsq67j`okrOCeG>3bp5XE|BHOl16$z#Vs?y@j+`__05@1Qwi*7FmI
z<^`J(kr9y-RBa{=$d*=Zzc7Pp59HqMue5it+-e4=#lyCFyZwCjOQR15Wu4-R+A_Lw
zd5+Du#wVZrUj26anD_I}yL$NYrV$?~K}I+c0(o%rH9z{bwa(F)a?0q-`sKCKIZ`+&
z@>;K~MdSMvh~@zffh8D}Xr(4Ux6m2~q;2A^$=g76`u_FUO-c8_R>G-8I(zT9Csl>9
zfHD7ge%C1YbNaA@cXk{W<w(Yv-1~~$*F|2~G|!m;ruw^^VLOlWKqyydS)E#2_He&e
z=--)Bc&z|aOnIk;*U<|h^F%szV72a`=ki<F6||IfyAuvfLKnhR;-}OS`#gzqT*4<s
z+hqIHrT{BcRtb1VR;+vuVBymq;`q}0cD|tlNkvO-k(40P+hFpp5bK3&5_m{(m)f(R
zywA`qqTRdGH+n1&i#^cckpMT|?S2yP`R3TpW9?NdoPzE~D8DV2o=Zg9noA$eph_*5
zRw#IWSY3b3taAd<f?ebb2r@4yATU!9?t~Vzy2JQ4o**%qF$@gU(2tEF1f$)$9|fOB
zoA1x(X}KQPz+)bNH?(FcoS%x27rOGNSiF+39`2ut<K)J3`CEDJ$dTLC)H&*EmZfeS
zw~c;xG?}(1pm1NHt}LOdpfG8t3t*^1XeDSdG(nGGpI0ROkv-eDTwD|w`4p1tA>Mmt
zyQr)|TWGigiU&Bf_qMgSAztkh{>?oB0Qh(Pz8ExOd-R(QpZ@I26SnGO!_Zx>%Xq$@
z^L-7iu<CBFQ*pCmPs889Sjk(juAUC4&0DPpo#UsFi}7h3%g=*hD%BrLNLt?)_8yb|
zw}?HoT!(xsye)^-jBKu@dgO;*ukUB*L+BJ23IRNB-^u&}lgh?y)C)V^t(qSfSCi-G
zRS)gP6dLXD$6TK9Q5x-~u3DRuQs|}IB{$&}u24=#&Q9<}^uJCcAy`DuEvNwkIDkck
za@t-81U_PYjRx^Pg7L=KL>tzUw*QoioUpeMs3xYW0%bY+@lqV>>((|sEj}Q@M=F9K
z8f|#fo|Fjr%R+g?1aQ|D>#cStqsbXpmF_*yqmIiK)ZdfwD&W@M?e+JUYw(7Rb}K!<
z+wN68uiI|ArP!reqQV^Uo7byHwxsD`dI9>_uo>#j%}qTr&d(^VcnDl7YfwKCErzh+
z>cBAv_OKEg;=9g!p}ZP*T!k<k-;&fpPaYMoMF5<%i1NuCknQp=@fjRtCAac&a0ix$
z4=POXhsFZtQk`IIeU>;=r_P@^Su_He)Ah18by;q|le_y?^PunXg1+kjW+#gf5xEU0
z(!+ws#8zGq)YrvHU?sw_MApmr(+)WPg$i<H5ZFTh9&%C0zRK)EXQa~B0)TbPI7BFV
zEns>7aZ6@`4--}aLMBauzsG4Xp8xU<rjIll_v41G87Dl)bQJ;c^y}Vkge71aF}(3Z
zZJE9t)Ap?=%bh)61DE%9Q<sA2f)*(XILHVEke-K7h`}?dOW2i4DD-m3(KAXeOD7wT
zO&1Lp!4hE~vUHgtM1$555TbFiLRumE8@Bb?LemF<kQBIMPEm9b6N-91Ksa^~?4+5W
znO>pgtAYSQO&l$}Gw6kJjWLX|4JR1QK#MdQ<B_>I$neEVUuBhIc-3%?CfH8F*{ey;
zIK6S$(oyb322dOtY$Kh!e>^=J3>q9VJT&>^n}O8qlO2=WDf5;(_&cV(wfZQX!+hHf
z+8vTDl08)Vcs|gCq8y?;r260n;SL8+!hm12{H(tFJjX9Wxk=L;{IVcVc#s;sM{LNq
z+&@D(KuIteF6d#!ReE^+Cf86&ybVr88O1K+`B?|)9vxt$L;zAW!CpFH>QMF-#Mx2`
zs+BXA$ld?p7BOUOyt6iZcFj1Cpf-R5p|)3nHH~aXGa)X2qU$$c+T*LD#<5?bYXP0*
zFMknKX*@Quushw5kMM5CfUmEG@Or<;NSx2du4CQ0U*@*mZg+fMx8dW1wq$m**L7|N
z3K@*?xi^YAy|3}26$9Gr0&4h~r!fiC>l8MK4osWIsc{q9`EeG`LB~<_$?FzRaDZoZ
zJDJ=zajYn?P3O6jcT`)lWJ&?S@SHg#v2EZqQ-D3<(_GOH%+&%$jBhr-O_1#?K00H*
zKVNyMHf|{@sI@lJC4F04?$W~qbjzD|VVybT$thhm2Os6@P*C(wNg_bT4Fxc+jf)mT
zXfEveA!Rd#U+|?GIgZ-%MyE5M&f@%)!u&FPRg2jsXG(yFx>0t}dT6~J+Co_Lnl`s}
zEkivhhVs~awZkfa3vhi3f)w9$#K1-Rj@+<p<ak6OhrvDX=o7d5cHG?;m+$W|@o;(N
zE1tE!=IfsE@(kv8n*R<M-1<Oj5<!voTNJU8xMK^10+j?8p9z)%FrF_ui*yVdGt64C
zz2Pv(D}UENn(l*K(>kT@sFc!oneYReH!%(LoyWa%6xL|Cqv0^}+Qw4{vd;&T5KT1F
zU-Bjo-|*!aY`diJ=b6`WR*S4CT2-r1VO<rRsHbb*-|g8w)Ra@|qYh>8b=57q#IC(M
zVWHDCSD;q0S@Uzu@B@cA(+v1F4MD_{PkyEe*7Dv{RHH9R*o`;%){k3IGA3uNWVB?e
z_pTjiz5Zp3_2o7=ip0`)4ElI}@2;kMx3px)Sb;zDIOP|F2GykUga$1msZ&XL=4gl^
z@}I&>gbCCwKrN&ey(2Ql9|LiGW?@jDyt+6B@^8^p#giszLM=Qs1~*#;o$zVn<rG;3
zuLut4kZzCc%+|`YN<ep#a*;ZA(ME`cB}NEKWY3aDA_#;V8id?)?bgbu&ZS~GPu=5^
zfbL0MqW~)fWmJa-wzAs;bSKaa2Jb4M<^0#Ev(A#nTK&5Vxe#M%y~m7w0IiRm_H@9*
z`>8EQ4u}!QD8y3^OF8B0d!#+FOlQ8S6XK9Tz{U}<GxIC?i(*C5toI9CnnbIX?N%?%
z5T=ujgnue)8pS$hpvYcy*$JLX9c=N2+RLj%n+gqP!f|WWi4KKcT#4R-x8)&r;!pGP
zX{9Dx;~Kn+3r6pOXi$OsiJJCSa2`MQe3m$HZS3%#-4CN`4|fkr+jVqmt~YZx`)S(N
zUc^P#IT|uAyeN;}-3V?k=6z=9$0rbDD0sv+g5ctL0)^=h>d8NC(=jwSQ7y;|#S?9n
zI)m;EuYG~?w6-<L@WXgZ=fnOC9$$h4q3A;p>?`_7Fu)LMC}sqlv}mVnib|{|S}aV5
zDr!%t#3}YDr%})_QnPZKLYQqh&*h~>7}=6Ec0#q0aiKfPxwgMAY-iuvuE`*g(+%?b
z$@E15#yXxrs`}S-CEsy=klgvFgrn9a^g|JuRO*gAP2vMLdQz>itue>u4|wBNsMtg$
z3KznQf;bOaRgwbo@e^3SLc(hW(OFUIz>(HmC0M6;=)xW1IO4r){$P19`gPk@XcNp1
zKfbqjfW6E5mV3kZX73htYUz^Q4tTwdzGZiSAG2}@l6C<!cLP@F_vgbi5y$fi2KM9%
zFbJeefI$PhG~LKB9Vc=VsPWD0G0PNgqu64#<Ju1}_dzN>Ey9S9#-6iwjXBfplzCy?
z&Rw&8uRH~uCr~7}uybg3HE^cTsoC{=$yLZz%H<BpmAQ~PAjuv`b@HBhBDPi<wL56X
zc~a?CZkK*%Ss!QMziPobdd;137fq`X5W9HVEhZ3T*E-2uHhJ;r|8l8on|S0nV*o$l
z5X7(mUhiiL#!s`74v|Y5__}#^dHgKvdhGm`#OzMz2t(0~k@b9X>bN~`U1M&{_ZNFE
za;jaq)s}j*$p_8*K3mxam<y3IuVLcbhJx5F5EvpW<W1e+Fm|T0;OV>3n^?k@F3i&7
z<y9G0n@27}k=XV}7Eh+MHve-gh&Omu#Iks+;XaR`zb^E6`@&}XJom!8Uaa}knS|%O
z5hf0>^I>TSfU3dbApC!5YGZZw4WDXQhKO*Y!~lf6@5fkCDM64(jUkOfG>rK+=q|c)
zP{NE{6VW?(IYXCgVD^WSpry=(3qCdhyZ(LC`56G5W1X=0{t<9V2zNZ+p0LrrX#C8<
znezj%bw+SUF8}V7m6qell!z9li#zzA0=Vx3<gbbI#W#|YOP?br#p#DSKoU-1ktP|r
z6pZHvj0#|Mk^D7tkJ`uTLpzP7L%YQW6L#1phx7nUVf|e9@p>Go$a}O830^;xSY<u$
zBp+Rl)*NeO#B42eN}!XWe25cXV5MHS6}uZ4@CayW{alRaDVi*IVIM#)JcC^Q;mUqd
zwMMUV2meM<4rIaTG8zTzD6BbCExcyZ`~D^bBkx`aF>hgi-T_2h5kertfkky1$drkj
zyJvmCNsWx;Z`?zvyKR&F)~|IP4Dwn)W6%!+72D^IY_8Sn&1R+Tc4wZBCqBHg%hav!
zypL(N-Ll;)j85P61=v3+v|6*>4aMyqligGqt<nl`)V>GVZaM1S{1HAb*W<IiT<tF^
zSC;A>O@KSnqu{hY)WiY*BE55%1olcmNSYHC&!!<#kuf0vRpU)heNdK1rfjngt72*}
zwL;)k!Fn-_gnJWQ=z>{K9QKCW<J1=%1wMH`6+Q(%f8kAtyB}<gZI8l_oDc9V_|eat
z#eB!V!Wy!mko#>R!L8ygpVgn(G$+ps8RT#x>fjHU1o>c6D8neFobYaZwS~B5)v+K}
z(x%ZWM?P}@{-ONL-rUhuf^%pUepqCF_-}-(9cJE)aLU=7T0U2OkiZSKXu0P0UAno@
zWH4jy230!1_Ly1k;Mvit?5g^e{^<H}1&l-KOzgwec|8JWxuSq+1Va;rAK7mL;@CqZ
zE)8mEX8WWoneMU6ZfrhZ>+TP^H5G+olB4k)`sBz0YDGee&@}W6w}7;c#foadBB5ho
z(cn7?$01<F7l<LU@``p+IA;-3()2f&nE{}I4_USnurQtPh=<>^m0)xM#`@m%eBvs@
z@BjQ+t=%odV*hyx8E$R8Ql8bh`iS-_y!<{{wn}kAy?~J0u5Rwsb@yHdc0C?DS^b6S
zvg<S+q$5K8qFk~d-kf8M_fUcuo*CU;DCpBa5jZWoEX$a!<CIu~j%UXG>jL&-U=q(j
zI)p-^@s|P3OF&SLhcQc4C{L|a#jfF|-oap++&B@#hRYZt4^^Ur^UIo3nRu_}$7J4Q
zI6NjN&n2O5RgJ8^!g#mw^Cgw!rGNLiBHi0%k;ms#HD&$-@++Y1Etc9hm>st76zQ*A
zya=pJt7cnY7aAdJCEY>1X4e+feLn708(oD<3BFifmmprZAf&ZZ+Q!qLp>S3cp)F5`
zzlZ%rdExxRSNVuOC{iHxVwc0j7e)dkJ*9u2G_?-ceX<zW(3xbj>%Au;8CAsq@>WyD
z+6#0fJz!!@wU1k>(Kq#8=n*m7e*~U!o*OfDGj$$3pZ{%WxY}~7GuaHvB;!$2`yFYL
ztG}mBK=5(j{?sEQ?(&xLyxh=hy~<G2>c#JwO^kf#1a9S%K73^@gANQi?Tai_D1Xeb
z2ew?fkM|^48e#zl2V<|AS3ul1=-2lOV5Pbqp6hJh5IQz+3@_vVSlFAt-_LXY@L<Pj
z@XT1W>;s$8XHL8FPGgxejZNvRG7^sl9OYjF4{3DM#`iKCsbj;d>d^~C7F9cVt7y@1
z5BKzAz|G&$T4$B=aa;LLzMyJr683>pQ;9pi09>f*xN}`@7U8jv<wUkCy!Eo*N9)>l
zgGXe<-`gcMOPZ1V&IB68Cb!S)`j;1SNcbkeS!Qiq-7x+T*hSrI%4{Vl_Q#wjkv05J
z!Jo;$^C}Lg9m83&Lr)xC^bGK)QLBgL1%K2cWDXp?!`1>@!#82kQsONd1GlGw4)UMt
zJZr32mC4Zy-{I+=PWiepu6@v2LC#=6s-D`Ikc*^@=Or@(RCCBU2xGB>-I~s>X-Y`I
zbP*y@55(d$;)H}eF2y^s4URBl0*63OOqK)3?L9NsQ%o+Ge~`Ljq1g-9t{>h5)cJwX
z*yGREy1BT}g#$f4f}Md@!-yk&oPCOTJxMGPaEFffxoZ^7kN$*s1W*kpbAA*#KEaq)
z^anT)gT9(ggM@^Z-E6KO&0K*J#pHPVZe48dcp>-3D4aIbs9bE*(6~8;1+IKcRu4sK
znz>dZ$$st2x$#cRTybu8S+6?|9W0J|bBqxqZ68G+4mz)(ri|6GW_M3FObh|KGFH!D
zheO5mF)rCRhy*hSe)G&6gzZsRMRLe`iC+a2JWky&4QA}to1tK~IIk(tg%$d~@Iqc&
zO66pD1CCaXF4x+6wmW`6w{m}+WX9^c`9b=G-{1HHJYVVks(oh`V7HTA@2ymWAAZtH
zH-Vhlg{~n2#XD9o$)e*#s^!hGdXVjgs)CBNYOH`)OU#J~4}pm0udP8Su?x#W5qr;0
zcuVHKF6Y?5abkZcu0ik933nm9D=zJuZ|iOnY@V_*0?%ShnKy$rn3*zy6W%(l%M*NH
z05Cro^sn64;z470>d)vcMXfy`lCD+o*7z#cp~kAW`+Q2ei?xov_LEv?IugOX9VlTB
z;eKq^>>v!=czy(Y=6am`fajEO&v*GQ+^!Fz{jr?S;eml2!_SA4f^Z`0HG}VtRUI@d
z5XJf=j<_w?N$YyW^{LqB;YQglsZrKb(NoBDNR-cO0d9Fywiz{Yz<?Vyaw}si+azak
z2hV}5&F;|!!yEPH8n<}lO`PDPgiPa!qqJg6Z7N9Sjlt5t^TTGjfo1HjOrg5i_$5_2
zSnJja^4e9?pDlg2OnLEV*`E!?jWkA`#3<AG>PYN4UDWNqdT*k#?Q{Q=`~)VAE&KdT
z-2Raxdp!5@ax+nEm8+N8;C<`nXU010$a>j*@vpc{oK~pw=9`H*`cgX(+_6IVl%_Iu
zZFa%8Sl@jW<YdDeL&okKd-G)xT`F+P$f$Qaq74x<8<1w$*4ldZpKpK;^o+(W_j2ST
zzl{CtzcW3ld~Wyz5j)N)XHMX;5m_;AP>5sYi;c2T*I{^GqKvRIgP=1r{~~|wj5yL`
z2iX}4_TtO7%iv35wpS}#U^B=817gjRSWK7^p>U;~5UO#TBGnz*#V}^bP9f;~aK4Dv
zeJ?rJY%apAvyA~2XW#AQ;qH>-SG6(SD}y(?I;D|bFknHTQl1<ODg(And{28AVz1(T
z=J%W48srU-_-5LAaDDw%$Qr)P#!@}#XA^te6!&#<3A7zkT8M%*ajWG8*=mZuI<Z-{
zLK)R>0%S3Q_zBLYs(Mr>k3x(K`=xx|<wdFzHlGmC?v7#cOZ2GhI$tC#{}L`C#mB%;
zsc-6iIEt!VT#+b6?<C$9IRQy{X|60;J}!+%c6M$~Te&V&wnD(!XRob5R?zbU_z=;N
zxiGQCMT@`s9ErC77}?gk)~xPxdp9HX@cr*BZJ_i58%HJj*B{|S1111lr1s$C(T{{2
z5C7t1e|FeLnHUJ^BKMh9%NK@GpPFqyb!dm?<Y9a)wZr^1=4$^68gc6=hz$!1rkY3{
zyn51pjLKMuzfjTm4D-}=fvq_UIfa+p%fRhfFGOb$yc0MiV(&x)h=`060pzx#w|Yhv
zvkMMGse~PVjD6R4qH<MqZLI)=S9QRx-r=CnTVj@}o@nU%cY$8x^m<=M8Tca=dX;)Q
zd_vzBQF6<@4d4|786JL{0A1Tlyq!hAMr`0PzkecA*6i3~v#GyEUb$wZsxMHsY3Hcl
zRAytj5EoP`<A3;GyRJ@iNxl@60U-`xe~_Ik+puKzRf9r^`+qQ<sdn)^f>o92m<giv
zMeXeI3LObBng=>Dckl)}vpNyG^SJ_Z(5}ubewa1;)bg|>u(4o1r=K`~Fs4|LY!E~T
zUJ0COQbTl6tj{dAPtBRDo@uwybA`#?!RHqF-I=uAsJ6)t|8X~d064{B9eRbz17Ymi
zQtUu98)&;Hx82KCxM3fCz0ZNLcSp_g%I&A=aRIaW;Uh#p14g#*x`E{<c|StGmj^n}
z{L=z13~Y(1gWFXLZ3Y;VpmxFczEsuyGUp<85LO1bFj|80Y03GYztGl7o3Qye^{;r<
zTN5YwYvntf!~9$Ho6wB0q9W&j-z40#Pi+ZJ8MC`2Xz$Q`aelo7&?rM#1~eRk-L*^4
zY!|*YGAM0U9zUiX`P$WcCh14(*6OD3%#7;CO*5=G^*<`#aUR?K_W`MZf2<)JVCtuu
zuNq0UCaXKGMK?EFlmaXQk^?@0eyvllg05^{VzGm;**J5YyO5XI$m!0`_jvmsh2G*G
z;#!5S^N9p+p?EMnxvk~ZE!4HzNWNTaS(5S~5%!sH>+`(Ip6}pjA$rblZ3pkdZ8O)m
zZ1^y~tQy@igB;*JTOqOi#yY15UjT1g{G-n_Zd<~Q$7VKIt3zWwT4DW<Wj$JDT0ZM;
zQ#VYR>FqP!HUnV-dS7j|5b@r4tHM2a5R%Z|^4<Ov;)gAFP7{pBpKX)cbN?F-y4JY;
zX~;YT`}e@B7|+|5U_+eg9UEY*i?zdTRuUK&@2hRr!U==;9UEvUtd^}#8<B-NFEJ0x
z%!>+B6;^Ve$%Le*rY0B@)5HX&W%*tCQ&$x-s&^I>3dxr&4oL<am0Fa}%WW5@?PH1u
z)Ks{F)ReXp)!CP&DMd%^<XxwI^H=NDB+=rk1r?@Ao!YjGElHKXiks|CvMT9{H|4G>
z%Wosnj>}7@?%b_!*B>^r4y(&*9+pW@Nzwfq2EBl&Iaun=fN5pc=4Ch;8JcjTr>rGQ
zURakCTc|l58aGK;ZbG<!L@n~PotbK$s@*!1({DI(JR~S4V)NKVFqulrTN-rBD{7vX
zSlT9&BRS=o6Ld~<E=h)4!4l;QNeO;UjN8pz_NI!>i(H~KaPNZr9+IKn=R1^Xwc0Cm
zT`6E)Y8>5~D{s(-l^ouw8?=vVDr+jt4r(jZD7Rf~)vZ*sE5X#|z;*&?+F*#m9A#Cp
zxFah|B+5ZU`ayHjVe#uJ5dx$rfD248*5%J%#>=awlysm6&;3Is({PHeYRbXShZ*CC
zNc)YCBP)A$lvIxcpN|~nG>n=%OZu1j&&$g)fF&=a%#6{=6S+}gANjxPC887l?Mcrr
z?W&)eE}^Ie8mTa4Wo@H?b*zO>5STV`!kVNYd91*q<oOHBFYS`-M$jRcO)8nzQja^L
z<eHFd$#$%13Z|%+e$^_<sKd0ZRJznD08ifmCH~ytx4w|Xp4O5A)giDVJc^c~1{vxy
z45|!^`qzb}E-zC@{YK$}XI#?faBBUg0n9V_L2W-BctjMF@^L9iO@a3!Y{C&z`ZVJ_
z{n8ZMTy+TIj5QET4!A5|mrJr)anlHJgQK`-fyFF_d+|CMD-KZi;9|J66zr-%w)|zO
zy>_ByVNUt7#=c*W0!yKLR<$#uPiybtp(2vf(!7QPR^PJ@FtKA|67w|UtSqSG!oOyO
zqlPn`R{5r;HbZ4_EUoyRQd^j2Nd+u%X_3nNX-TgKDO)iVG_6nDsfIV;6$=lCrxDPD
z#VI3+l8-5sg3HDBqc^Co-nlRbD&b#>7_My{hZ|0(c}{6fmu|%M%b<Ek%WW{W)HZ8M
z1Prs%-g9cY?Hw_v715dhgmF!2MJD~L4eTC6WMvE5)+CElOlHoUdszB;=vHBpq*{>T
zc|{oJHcPj$V0F!C$7J$Ih9g}+Ptim)``<yl1<P(TxM#}})(YZO#xPO%JJj7iO|^BJ
z8jU`TH-o=oB_$uTm@2i!`1*hmHyo%*W%ccnJ3|9VCJRGd373sgPRU;qk_z`j6z_#j
zVpR3(iTZr38tuHj##ck*Bv8@hGqlv{CDKz$4bY_&hmX)=WK``+QISq$G6`g8RPV@<
zP!CS~>c0DBf#Zdb(4*uW_B#7RNX7Vmg1(T_nvC%}7ul42Zb;eIg0}Z%^>vxqiF$E*
zj5HcElXMip906^HBw7>`w6x=REbaK6>J%B;+RP4$v{MXNB{WlXQ&gcUj$}tb$n^7N
z5h9C`kE78v5}{F&d-@I9idj6IZi24&Z^odcnGn?IRMz59@{msC?Mi3Ei6f@yDC8XP
zB#DxdPK{)9^~#(^P-L=W$&aM6wAk4?34HbP<Kv*J4Ng#wEF1pG3ZU!n$O*~w>&OkG
z@~+-da|T#kJO^>-phk|+PEn1}3CR*7?S&8LU}Fru>~6}Ce;^ycB~a)c#bl_nlDxK!
z*#Qo{rHCh2W2a4|0D#x;>`)4$>-8Y67Ca<L(Ndig9esX^wv0(S+5M1~#dYt6@l!9H
z3~?L%$MNMVx&-OEmBpUcl2-r=&z5z;#7<4o`+^h6G41(pSkS7dURxO5Y=E0>YMrd|
z<3ki^TuGTKmjeOP?$WUAwXZQYgPTBdh8tqgwmp$pWk$y}&rJ4#tNt*?qj^rAb`Suq
zEXp60C-N|-O;uKy<-k$YZ4@4J7w@ouqXku#q1P)QQ0X}BHGJ4IdT}IONrg7MsMwEp
zbyR>skVaM_#;mAJzn1KC+GQAGlk;HDsdxqkiTY)C_MkN=FKfSMm7ri~i8)~w7FB@N
zX*Q?2koGi$=JS@#<xLqTrg~u+^E*>SQZo%bH|8(K4mb3|z$LI?7k!~%6Tj}^ACn#6
zze{2t!9JK+mw4*Uv_bJ-15!WC_De>>Q;q-Ps7tIo-O&w7Hk{P)K~s(Q;;SZj)g?S2
z*C%X2qkn-^5&Pk(D*AG(CVbZ=^nShsO2y3*h<_>COS}w_9Gmr%w4=9I*?tuhBx)Zj
z__7)&_$iDLdl4i)ED|Joa~Lc7LK!F2LZv79fiaGgtSga5XNr%{;C?2~#cvJ1&kBe&
zz~fNxf#Zz-oQc0noQd~Paw_`5aTbhh{Nor0#C~=6iM^Bg$9@g|>k<3JO#4dNT;E3h
zOZwS%#`%M?fb=N%*4ibr)m)@hEK!ByHWe+YtdzP9t{P@Au|l}Z&{*<0l|xMPC71kB
zme7;)iQi<!Ebb=!tJCQP1vuzS0G9_l;o9S&RSJ#SGh!|Ey`ij43OVi+<sDwNpRH$M
zcWv8DX}wbh#oxuMILo}2k<=|{t3-aI`miu$&h7hIezzhE4XjwT*+5wa!Wl6x4IA6n
zQE5lwff|?k%xI$1As<!y*+FYw`z~l*Zyr2I>oqO{2;sYI-*Xz(_&7rp)ZrgJ*DB8W
z&A_m>te%$5%JkLDyI9>>1U&2jCc+Ao-IKjWXG88O=x2a;UHblJ>S&F=$p&z2*~{eY
zTJv(eIXe`OoO4iWu`R~_DLN8()Tdq^p(8TlT*P2s1TmsqPgb$7Ntxg7dy*iLAFatl
z<2TFpN>`>mEgTKS@>-vJbrABq^J3Xy$!^!5)U#C6Y>Wo`icbA1<UUG$ovgg<3_GP{
zCu*z)a}CziU`c$Yv7Z9QdJ}7spNU-aUbb$*y{t84R%vjurPFI%qh!&oCi8l(v5?Y|
zX=IqrNyOB_E&0ZB^{HMRY(nLxw+dPvspwMOGjuXfNa=QBrKhBAEoEel*~n+@v;*VR
zEYxW<VS7}Yelh&6B2KZ0(bbyixx~~lvHv?cnLE{$2SeSIF}?6F0r^M?P|K++XQ?%F
zBnQ=8JO7Ez|J!m!PVFill1Fi}s{~t>+(_-SjKU0?nO-Xs((KQgh7IgHxT^SzrxT|9
z%9!cAF=OmHKS>lPtnRpSqtOrcyL;KCNitURU+K_s-;MmuW$E0E8k1fKMR+x`e@x`@
zZSRr>h=RIw7QeZZng_||))&7ttK1`IORG+rj)3`PBNra*X`_d-9|fwnuKYleYb?4j
z+g{Ykbut~IbRQ*&sZc}{YhIgZIlrZtQ+J|FIUy74Ye!Ls<kW@yDK4q5rFMN$_$U}2
z&bwF<9;7x#q@}($uv)gISFFp&WZa1NQGnk|l##|L1=_~7t<4o?3-k7&XW);gI_gq)
z7rp5ouY=Lpc@f}AVP>a}F6`o`ge7<#DU*exX_}1-<rCEC5yx7RX#-cyRUhHPq=}|2
zxziuj)5$#A6vRsPskFhDBion>%wlCd7T<-mWvW_Bs&~V(D2-Ut&K?%pRJm`yqj9m~
ztK+=U0c~k9zMR0FOKsZN%K4P5<yUN1o#j_yr*<ta7wVY~b?x)?Rkxy^O+ud^M~@eK
zufwcNhkY#z+{2129XzjOZ;Z|9*JHIY`<YZ5qwgx|$MnF-he_#^TU<WPKi$52jfw5{
zEf<tXPKBFkSyo*++R$_~UhV3_E^d1JwQhe+cM;z!auml2y9RnLyO}%ENqlm%-wd~x
z4c#~<L0F`3e;ztAluh`?-!Jb<KP-8oGJ3SP4{dnm3dRg%*<Q*Xb?3cCG)?DQ`%bBA
zN1D9Ft0iw@Dt;%#pTD)IpFYHc*zi=Hr7Wo@OfIE`L+Zp<(;>V_&OH0#hp)7Gv6TQu
zQ3um0>e#SiVoW{9P0h~U)ldGe4zgxD5N1rBES!*s%5lCjvkRW8uJLaFfj@*cp!Kw&
z&6rpj3t1-xG(k4VoZ$hCLF;p?al`I5M8Qsn`E>SzDIizYszs=wH0TkkEo?GRO6j}L
zQSnkro>hHPU<G`MH2A6CX<Vmw<IRj+$ep@F+@^h6D3_>7o0c^ZHY;(80g8lL!{y<`
z?1|FfA|{=+9%&S{Avh#}pRwvXVuWIrF-Q3ucuT0B8G`}roJ>zKmn_*ul$ef7!B@Ec
z?7Vz$og}(0T$^(4I!jHVt6}LZ|1Ni~>w$FG3!n>i*b5SqM89o3_|@a#)4~)w&3~Sf
z&P>Ym(~yo$+JNe~#!e|hIU8sjMfI{cK~73n!6x}`-lE8wI962Yc#t`*$EDT?*X|X<
z5Z$Xy`VXq>i8RK5K62`YH-E*Dd(SyRWo08feZ!JTewTPdK0>s7<x*!^vs%)Se&y*T
z@a)V}*c%2d1H8U7tKiFcIq#dV*2(KBxi&$f7C-Skh3>RoW?gbAvCW$>`sEgw`Y^tY
zwt@^y>UHg8$Y#=geECSU+lGhC)zt27^}4cWZYl?=3q|H4CG>~jx35d{Y9gddb>t!|
z^rmf_%jvUl1ef_DmMihwu$m8PuHX)XwdJG1fk&*_Qeskrr#XhtwNo?Xx-y1^`c|l$
z=S(PSTT|vJ)^ie*ca>h>hmG={9{cQEl=N|JJts@|@;ckybJ@e$1by;*eB0{XQDIga
ztHzn3iC?X<H<G!RPiS0CIkcI2*Q#>LXcJb~Sn%EIDW-VzR8JN5^Mg<Ag1@~2&bvz+
zmg8-*H|D%^MN3MB0aA%O{UEy)?){<xH(egm+^6|svT4W2$GIi{?4brIxu2SEVlutT
zr0DtVEQ2vhtp|72ujlef>eb{o^FzR~)_3lB>{4$PKB0C4Uh!x88~<JGImnafosloY
z(-WsBp06gzvl%Yx3-6MOLhUK}=(o4_XjSdvoc?R~ifX)@@yf5JmRPS?^V9B(YFzD_
z>e>G3_MB>*Z;tNm^(oo-Y4#=A^M>;~!KWD4?{Zu1qvz`Ldz+-1cQtOvPs>e0w7XME
z?bi0ot3&DmUR>=yanH{!Rl=0jl_cZ+)h+$#_kcFhTO+l+bmiO4HT}qM%|!9XMu+r0
z_l%L^w}Ccs%9tM16lb(-xhNa<^w+1G=)HpTSME9Hh{{uJ!mrAW*w5~^tQ7pI_7-RS
zSNQfU?Bsj(CB{4c`IBiP83*s3%-Q>^leyP;RP09sCzr~qCHJ2&@Xg7~x8(Ll!pRJ)
zHgzk^lMR+$E%d7BJHn(^E=}9o$CW&<IwP+HHCWqhU&V&?xo<YJW|z{uJNpYIBc}Fl
zb&AGCr=vU$%Johg;GHSkV?pA_me^Z<)Ft_&2lT!n{nMJ9C55lI9Z%z3oX}W(G^y%%
z0`z_W^j;~+izmrDNl>ctV8Qu*v_!n0sOks>mXjgO`$Mks_6GD$p6p$g&|7vC<ov+r
z`ru3DAxCn%F_w#-kT@I1SAGOf{{;^{9&u<Cj0`<~&v3MMI~Za_`R>F1o-MhfFm9*v
z&>|VrlF%9>3~5(>B#z?2l--q|pq8o?qDC}EC2&+HsjE6JMd_hHLRWU=k<4A1V5Z_I
zPBL3|WI=VV9*^%_R`gwN7VMhL?P4E#x5RW*KK#|cOAG;S#!eR>B>Te#c_fj{JueAY
zcI1$Jr8fT0*HDwiWl0pnl|{g%AcMbchJ+`J>t<~L58rVLxKbS#qFgUd$YyO2B7x`C
zN5hpSgHId(J}!a{ZE8-qrd)T;Rah%Y_>4Bb?9Lxpadf;zi?X*PUpFLp9W!o}WNpp}
zmZ7v@iAQTID^9lF(nn)`A^9_PbOUYt-C-8|OsUc88d`UQ*<j1i`%(j9a1GP2GQOM4
zf1^B}u}m?5m0TrD;0BQCW}K)(1v@~=rD1_TZJ*bkRRthXEsj4~eY8rc(XvEItu(Gk
zrBRSDOsP?XbXu%OqfP!LNdk?YusJy%h!j?bA26jRktk`)l;|PKs7Csi(xQ$3f-bHD
z`e+5ZNR<RPd8y1;7N%W<q_LV~;7X!Mk|Y^=oO-QXK0=G+n36(iTspZeG+_byh?FQj
zKjDuuqYlYp$;3btv~h)W4LlTTjU1VhG9#vHPL_})wlPu*M53U0eYQ3mt$dp-i3k{@
z0!aumwP3y^sk(T8<j7$9JtbzU9pVUR!k2hroE?FYjB&K&gQkQn6=rpU!WMwR5@^CB
z%s8%G7A0nR0^;gMFrusD^&P;z<{wPnDPkBmT`2rPY2z}<24zO$Ivoth02o|jM6k{A
zJn10%F+oOHV||oy`uHa+7{Lz78iu$g<)AoI!g8<#Mt-^?^)Ub*30bo5PZEglNr_(K
z%sILM;&t)eA&`7KRtaf*A0!yTTz~|9{Cmm>B?)VQ2tZyVYhenqd314<Is_G2LK$Kp
zVvPKRJ7{9+u;2mNGD*P+33_o#brJ!41$lCZvZ0y;{^T`%e;E?hz2yucYG?_54u;Ah
zV;Cf9N`?V*BLs#r;TD8$Nn#Ara$z$vLyrA@VtBMYeEX!b;2<AcfPS<<<-kpc_XjSA
z-(P6IGd`I<_#crUKQPnrs{aq3;lJ30|FH8ISXnv#51`?HsSW=C4ay$&CUl~9w$8#P
zPDYLv_Re;W|DDPj*qG1>3H;}v5;n0kP<2r<uyul>6SX!lbHZo-H~42GC}`)dMZ-YP
zNRLm$%*u$*z{c_K!pOv^Lnq;EU~OR}U~6V=f=>@cC*WjcV(X00!N?9p_n(#iGofMp
zS7ww>$iQCQ#KO$n`M-uxbV|-9HmdmS|7`xVf~bYH2_yc0i4uxX|L_q1Ta}dge{t3S
zk1@f*!ASS-c4w1+FJNupY$9x8WM^#he~}V8Ns}>|{0Jhi-k_7?h9KX@q7BsV6dv(m
z2jk%S=3L?o_|fP;pHJ1B5rx#I&H)t{PL&%f)^M9byVJw17UnSqGqXCoviq!CrKCrt
z_U9kc=Uvws96aN{Cz`Puh)%Jwo7gpBKit%48uvWDozsg%ej3e#6#oR`TBScFHN8i4
ze5|8y-d(YWwf3;zS*h!e>8<<Nm)<p_bk8g(3D2J9ho`o_T_Z_meWOM&?I~s=Nv7t5
zHdUGQ%iko%Q4QKBQQyAlAwA!>o0$d^=UZP@r5F{4<{BHVCQF)4yF!2FRX}Y-E|E4E
zb_BgfxXvQ)!9M;n6zqy{!FL~cMd&r2pm`E)n4i%!XEhh9&Usm8RZ6aSgpu}&;fVY|
zwMTy8{^#V5{7POT=uLb*YDJRsC36|Gn?p{1Tb(<q-II#ng@%9shRgVZ<550Zb*~-2
zWt%%<D^U7X&`aD66d?0mnm=Mw4EsX;C{g<D&l|T>ojZEHs~o@WuUeHLv(4t-!!`G;
z8xV%qwVV$MVYL7|>&yoaW0KAQG__v9NpSZpli%$NqDB3%UBC$h7lPL`OaOOheah>%
zQ2igy-Z47XX50IYvtrw}ZQEI~ZQHh;6(=jUZQHhOtQc?Zdq3ywy~o+-ea3h`)ab6O
zd(Nurt~p2dsNeOU6QCLDKcR%$gc78D$e<6J70D(6>KnrGjy3Kq7aCqy(H=%Iv;FI7
zc+l-MrvxI4z$4StJnR(N+yO#mp2W`zJc+S01C#4d^7?QZPF?-l^<0ho*recKow0e$
z+#JtFVeqbW@yv%}?!#z?4aBhksDQXGrq4z*-k1j)i6UhmVOV9BL%ZAUutkkVw{5Fq
z8Sei>ys^;#Q#j|p1B>pbvw_oJQKsbJZ2b3CL48N#zc%-Oj4yKsM<*dOeTToIMq2;>
zJZEQuq*FCFax!z&WTmIaXJcW&XZ_Y@XJ=r;XZmhzZ1mrK7JQcPKxE}$$7f|{#%E>v
z7FA*W?lZCeYlCFuV8-WQ`|I`Z_ARc-@*PS{-(mZA|1UdwCVUpAZ#$N6e;f?>jBIS*
zuQB0su(SU)7UW-jb|yA_7B&ui2Kw*G{AKvp1?KMw{bj)P_khg!Of26{89DwoW?^Cb
z+tK&nknG=yf|cPfyYGP*ng6z7`9FS`IQ}u=zaCi_*#B;SEr9KNF>K$H{`L*Y%Fg=t
zqFMhjp>IE|e~-_`{Jrq+#r@ZU+1US@B+GaIZ@YikFwlQ5;QKw_^WtFr#|NYRk4*E=
z{D=ST=v%D@l1|B1*~a{@B!d5Uy7{*R^!*L|Lofed643vqjQ`&vH{Yp|o%vrg(x$to
z*H7i8lda>-Ok$aI(?njybR<E%IaeWpni(OyycM9l!nqp@p~N}8^#RhuLRe6R+&e`C
zC3JhQNH|%6(BENUI^ZbIqQleIKAZuuw^PvMK3!tw9?M%CG@y7-Pwm}r%Q7BQ>YkUK
z%bt~;vPhR#5co7_BGibQT;986HtQRa@SMT$tc_J+kk;CnP&-UN7~~p*Q=PXQ-DcT-
z*mJ=v@^)4jI<IR^p2fn?sSp^w=ke^^=Wxg8#LA0e%=}t`4dV%Xb4M4`=dS8xYAe&^
zNejHyrgw1-((wLM&s!0Ai@|vHPzfp4qE0RNh>Z@V-8JQBD=P;PWeGo50UJs<>rPG;
zGV`1|>ea#p|7mdCOhf;POfZPqqyL-`i^`uJg^}{}MlzXGAYW$T^e>g0Q3DxS37PuB
z*wGp&*oUtdF?&gS$jy=xQPc&&>r}563UY`_VY3r#445n|i<th}m)e&vx<dIuJh}Yi
zSsy1nPKcSwy9Lq*t_OHdpV2$Cner3+22dOk&lwfwUDZ)sKu$J!Gct=$=c{K0WWn;8
zz@8`4+$U^}fH(R`4SD2BA>f|%{y&a%gJ(19UhthkizgnL;}<{}E_qKVU!$FGOaaaL
zVzZ5Qe9%ukAiZ9}Hl{^+v_}L@nATu0n&@E`4~RF}(YOOpvxp-#_~QNm7TrNAsGclq
zVO8KIrVmjDAHhBa7_VT&TTxAc!~#w@8ewOLr-9H$5Nl&=0vW|KOvtY1H#(mTtP|MA
zN`bEV>pNUfT|NiH=QF$yW)(b5XqUZ<Etr>K-fRzY4WbH@6M}1bbjYsS&zR16oDImW
zvwS|A>2+Skai4-iGpZAE;=}3+f)_Y9>F@ezg#9~eVMWS9x<eWUFg2pn>L_p&u#`H2
z<qAyQF_vNy8|Tb>Tj7<UINPBuZm1U_0~k<fZW)-zEDO_rCenDys~*qNSeP~zm6K8C
z2k*>(j#s5KzKlsANkv9NLfzdv)YUT%a}0A{P)LXd>ZF!P$d@N|1Q=pO-GM+fD@j=u
z={db+F3Rf4_+-mx&FLiPs9riXiwDTX?erRRSXz*eohAmM3XBDW+9J1!AnF^h8&eHF
zOWGTeu>LSEiK?-KoWoL<)d!&awGMK#L|LpF$6I_u4e6-v6!!x-6xc<+G^|0e@jz#G
zOLY^7anDCau&|ynE-okZ6^R+Z0wBR5bJr)63FfEYXleG`G`=#SK2*BO+k1kk%}?j#
z$=#cy<H;naDN4>@N(zba>ZGKk0(j!z`I^C>9sAyzV9;jfQdLXW4{xX}5*2WdkF|^5
z-dH4tRZhY6l5GZ)#T2>j{9}$P%2KUC7S<m>a@HcLYYRr0*@L@m5lZ&o-!}@;bE0;c
zV73W?B&7?3&NHwN3>^b2-(ELldpDQoj<L|sw9k;Cr@DM9o9MJ)jzqIbzw__IMJ4NK
z=O7h^#@a1%bwyiymkQ&w_6jjWnoZs&IQlb{D`!;$M--7IcQ<Qv549e4O-;YRgx$Gc
zSV|xNS=Kr-9+X+>B|ajQV<+Ogph*nev>N89^!3fe$RjG*b5m1ZsoWl;>1)=a-mRv$
z;<aK})!_hxY+%9L)REm|T2$YGAe}aqpAyrDfPkWrf4tuE2@E`&kyMU9tkd=&Ue3Co
zK*}t!v<nc1VDXyzCgE45nH(Sx5PBOa8}5($bmCe_fLSunini_&c$a659{pa*GwIS9
zjFf~-6rwE>17&cm^b=I~j3gzByc8ApR3$Z;d&!b3%hHHQelw0^Rvdw<Jf;sMkaYqy
zWCvRmb*suC^6|1O%e!WYN7M|wyDAy8Iu7DlDBMTR3?Lmu7ri{HsTDIjH}i@K%Q9=b
zr77(hr$TCRuYkCH#&SBMeXF{`QGNi)GU?=*ffY46YGwdIJK&uP^1$|j38h|RfWV*B
z5E~JUc@XO}Hx}?hZGt7RN~7l^&xpSv5oMEE`WM_7K{%6HSVNZ)z7CEV=xIix^g|=i
z8%^9G$B?B<@Oh~$$s<-6gF!lH4xrgPr(6UOd1Qpy3~()sSJ4-a>Z*^l88MBi>5&|I
z9&Y^5e>xnmiDIdy3k(zWr;itz!pcE;Q<_=};SpRVK@i4y6$Od^h*ZV2Za|F-auK{l
zfsUJF&U<?mi6?e^Llzw1nBP9OGNa5d&&%F0(-d+`lc%Z5QjO06FRc8%9nLm+iFR8Q
z0xBa0J#%lJzU&m&D{U+l-0X`z!GeRZGn1<pq6d)x4Z?_@bf%yC``lVgILPCaS`5Ky
zgVPUTur$OTy%Cn)K9gXIJdzO+0hme4OB7pY5>OUp_>Us?#{-c8BZB}znQ&u?F(QU0
zA8ARTpF66D5{qbP13SX{tG+6a2;9z=Por66^+_;_fmWYPG@3datr=&5NKN#XzXIqB
ze@j6_VEwLIDe611yv<G1Q=^+i9RXDf*k?^p)_jl5lsW#7>SV-Be@Kb_3jAk>0J_+H
z_W)JFFaxTP%g!Co*dPfIYAXkRNl5eRwO8mIBsurIk_U{>Y`DJ4;Ge!Y_n;jj<O(4r
zhw%v_6_S<sGH$zA!M5l!Zg)oc<0q7~4j4G1OZrX~#%azBD`Q>^W(J&w5(UwM)<VZE
ztb;%W{<17$(u_A614Nc}8p{{Tjuow|<LL_Sw2~ClI3fsGagNlCm~rJGwP2y&*rgT;
zX%)@m2i#Z8M_6m`b?w>Wie+u$)7D3i>{0EC|BCEJ$nkz_3(2Fr6`vsnH`W`a3vBU>
z3M>u~24!w{Ek1agB6ecc%qe0eIYP8EX`x5Q5U~)UWKE4rtZJ`@LTjY>PuN%l|0r5Y
zq<!p+OX<DjsqjKSDaAI@HV_xV6h~@XiMlpPQU{c3zOP9j(NXR}zDawi?jfw4&d(w)
zHtUs6dln|vNArt%|KBc`1H&!ThFhnRvas2l_h)Z-pNEaz1I8EOlcweTqQDQ=NP|v>
zh`;2<EooE|YkMsPJ+g+&m+LKJQyWJg+XhSqEFy@vI9RFLlSULRoRT=}q_k0+&L%V+
zaVNH&y=`@=M;5ZV(>^!W&4*|V*(!{_hMSsW@yI%C!QNV0S9>^MCK2v?EW$e&7p+uC
z>zW>r4{nPJh|!@@W0&>B^?0`C-`%rM4;iM(;2lwDb*RS!NQ;pX;}eYIOQ=fCNlDIY
z9I26>@@E5v?<BzksXl9rSF;;D@27a}XdkcZO}itEx9U`T7Yg>Tzn+U+RX$;`>`+<t
zVVZ_{W3ps>ZSh*LmgCs^{@`CH<J)3dpfP>BKAw~yA5Fn!H8f)Vr8%MRSpCwHrdogG
zpSS;8Z@h#d<EJ8YZdkI+joal|<JhI73PoR#;wWYqVrw1Z2q-5row`?+m4-SDQ@Ds_
zT^&Gd3zkzr82>rL{UqLWAs*X9Rm)Qhm(O<Xq#L#U;dpsBj-WKy(rzud%NZ(|uFqFL
zTZ*fNrqA^tkhj0Ua7dTYSLH8o1`dS=iUkW&3JF^oRto~$O3GiMdIQvve}q}{Bga_w
zu3Cf(X_<_&2la{Pr0d|fQ!!&NbLt?a807M=Q^0XOpFiJL$(nW>R!rBy@*U5HY-m?H
z5?9fVyJ5FbEO$Q`Ko`SQs01k}3s>WQmCUF8Txn2}&7b|bZtgsUSubh4SkGxBct~<s
zH5!Z$Q#&TYH_qySPL^b-Gs?MIVO2kC?vz$JdWarmglDKe`?+%zDpTM3#>;0wAwAA@
zhj6~Fw(DEZ;KK50*xOv|N_(NKG@Kv>N4pa6^=IGF9s>`MFLvKT0X3Z_M)l6cQKJmC
zkdSHG_;{sJWr=fWU&MTuS+u{XP#tEVaYq(2aUiWq@P-Ixe3TDLGMyrku||qKD=wL*
z3LsVX7yF*xO*M`w{YHy#*UOP-jQ0_itKsGx|3#>^v#+<Z2iK*~WLfeyE49W;&!dNy
z$F#q5^ICP<eG5C8^Xp<>2p4XbyS3uvV*9v7#bf3w&+Wz)C=aVZM~q1D2%YTca&b|b
z(&}nJT#;#HgbascCut(9b`GW_PnHL-Gr4k}{?DKD^Od-^Z35>(;{1-Ckin8t%)pDZ
zV3a4O%rdyij&(k14%|ju5^LY5b&O=mbAp8vtQ?XRs6Wys63pEwRnE}mQ!<i|O44_A
zNABm}mbX3ed=5A6P9h$I@<HAHjH(X9eX5R6y&6*4lstwc=?l?!c)TFB-xz?pF3QBa
z%ZPGcwSKDko6>flWP8vJBR4KBzlBe&8_H;bJx>90PNO(-q)alz$f%TGih3&4%H$-S
z-jb4GIJx86222Gc;a2yc*h3E!klT_3Gh=8IHODg^Cj{b+Z&5L%aMG!uTGm<i4M@=9
zKI~6A=#xek>6@(P7teu5Ez`XEQ}|dcQibaBI&TuaR77}Yew7<8%VaFKaC$|bZ`2lb
zIhQs%-YS!&&<s;!r?OT+yfQXfl3jJ*jFI`8ZhPF?(q(RW_sn~-<K`$h!LjA6!-20U
z|L!3O5$jM4Mi^#@aNr%NK2+CXR=03dfrEji)RHcX8fSL5$Qx%lt6@qth{V+VeL;qX
zYl23v+UbAYP3Gcx(bR5!@c`pJRM^+57krXN7$b2sjGrYteV(;Hfr_IDfm<zVtT&I3
zAUaj`49L1>0*_Faj6EQ}dhjgiA~-W#?#Ru$LNfSN?Q@B~)$r<X5aOQh8?X<~r{O++
zsmZ$4YQOli*Q7=alIb?Ru>BU8FAXoFB=%@822R)axc*7UCo!|O_C*WySYUKSVrm6C
zU$RhEz=D}}-XJjDgu(0&CD#58f7JUD#<?F6>fXG0X58hN9(9%Z4)1(nsFl^CYc%8)
z#wWlLvesxemM+KbMS6zIw!?T9TebcWY!_>88ygt-%V&6IISa`OHW%L8!9Lpd*UhG?
zPChReh%+6E0|O{Z#Hg@%((muTQGxd<_il;&k}OF^C63Jfv>ZBl9SRH~!BQ^q5&8^u
zpLz!&-g5VE4E>B&H{CfK)7V=LyJ<XunyVql!&G;q)9(ANNP)pU?LbxyX`i7sb!JSZ
z&QY|zdJDwF=rk%>8kO|KC-Feo6nHoA6v1dD^s{|(gnT|dsfHJQO9v8m%lh0`X9*Pn
z9L=a{2K%vwi-LzJZhN&W$y;a!_bga1DCZHaeZAXRqbCM3e4P%DE5@~4>J4ziwAFg(
zD%1L~srm2?e$<4wP%yez1|t&7hw)scN-zW<@$CSFPl=vaLj)Vna#o{QL7%F6rcf)Z
z0afscPTbW>8Wp3Q^=YL~=`ff)aH3rkL%Hi=-t~3b@Wu1!suGN*5N}^MWAjZ5!;VT3
z2`Mm>m(~}w_o~x_>_;zcY?^O<yLzPzI;Il3^hj<N_>g(a%(FU7B+8XfZi`^3uV@K`
zeAg^#@lyv0{24Fv$6wDrH+b7#x9>;oPZuk-hTE*9z`swKalujLhDvLF2YEfOtG`~R
z)~~<7Pdq`~)_a>v`|X2&DlV9_<_`kd8`qL*D2acK+XqMA5+@}lV9>6KZnQqQp1bf6
zfiE?HtKfNsWiYCByEZ!EA+_EZaX0lvzR5B8hA$I^*}?XwRRQJ{-J?57x}_<UH-=|Q
zmRdYg%2a@vr{^i=-tC4E(nfmO%~%L?LbgcmeqwS_JTlU@-%!#<c2<;Zz0EIsJ~@OZ
zp?xAkfAUU&YK$5HK}DhbxK<YzB$16fh#U{==8kkUybiEJRb%A8tmmih87Ww<?GOY;
ztQ|{IN@i3xmojwbjAmp(;Y8?^n9pxj?>9q6j~BP^HLaZ$$qpWpnkRI>yD8;Y<6O0x
z^KF?R9UqV|ne&tWH3ZP}>1OeEa3QA4=Vez*wBB($_(!l#vfLOL(dW8R6Z{L*<U{Bp
z)ci?iAa>{ooQn~aSvPTvdH&ZLtOI!NXW6cIo^*p{gNAgH^2tMb5Lh)>>CTDbDZ+3-
zhWdDzerVvuUVJhI7Ry!&)7Jo-7J4jROlMd(ue-x~leLv-2Ns#nMTpuRkQ{1Zq=p@D
zSTDtjk{)+i1sWQO(3NX_Avj$}asm5&{)Xz~Y}Xa?0$b`Ylfhr6zXlc>K!`Hyg>B;I
z%4Q4`yt@~a48(ck<ZVKz3ozz(8CLZ5%d$hz=spKyEpRb%>|1KQ-5GetdF}OaA5u$g
zx#LUPWb$atbTezB$K+u$Sp%w(W<VHVxJQ`IKvE?18ZcS%Z4c~GI=JwqKib^vUrsQ|
zJQ0xV4Hb8PEpJCpy2DsTBW13#pDN!Zs&UTL2XF|yTmbMI-`J$VW@99R+0wK*87I)1
zON$!(p8W-Xi<!(0Qz+7*7o`B0qv)ov|NLfo%FJz!iF*|{5^vbp<CzUhg_D9aXp6Ja
zTv*-gX}QNgheo#bu~)Ted*w)f{owRzy}p)zFH~;RG1c-VH(WTft;*A4dUUBoJ9oVp
zptU~>Y47pKo)|ujl^CCQkT@JoghIhaw{FCYL8QaeU|lgfz&R9U&(1F!nxHJ!@!KIZ
zfuNag7e!>WXil}_oR-y_7%&8DeU^@*fed`YsI?m>m1pz}KhzU&YOt^X>NPDS1$tsp
z=lPj0ME<URzs6@i`&<9sTB>?g$M;@_>UxGZ@!=!9JG;~M{;I#_ZS^Nv45sh<=GmHY
z;-johPOaBrdfe40(lk$<qU3QDxWIANPUNAyr_;fM+`=6@prv}qELM_NkkcUqH!&>k
zCDh#59I`};R4mk7;BjUl$v$a3TE_N%e_CyQ^Togz1f1cv^~KJ`$<&`pzQs*Z>kg1-
zXTd0Qah0-#GZ2y^c2sk>-~fH~XjX+Zfa711d8YfvtyC|Fh60;mcxM(DN``13hImn(
z@SdL_TWFE*5XZZ>)kEJmPkAw`3?4AFtq8u)?63veB5gGTT#Gc29)vHsafr{%2>SV`
z{1A=kIf3lSjIaM<_Ca&VNo<<^W}lYQEk-hg4^ZnHBZRXRN-<EWYG5U!QX<_12r9KT
zOJK}7N`x`9hbf4Y35ZeKwa{WyjFw3tq5(s2=X-e{AN1H9KXPJ*Tm~ARv9w?hi@l)Q
zkNS$Ntq%2Qes?!A{xB{tH<)~_v&HayckN0{w#03HmO^l10M7jwiS=8+3-h(Qxl-UG
z+a34O>D$1Xk#7+AS`4%iJ)dQ81NH{_lkf`JDUP=Tmj~(B70^m_!osdgO}`Aov>12X
z39l>Fb2Uz0Y0qy8;2mme2;n=bL=RUF<jLiwd!*O`Ys2?cC@4=Yzft&1x7BlegY|6q
z4n78L+<B*?95I%^R^*}LERbSHO-cBwSP66UO*;`h{;&)hlQLnlTMolrjyeh2#qSmk
z!6*<0#4u67Jd4wZUD_b*ha3s#GX4er42Yrfo25iIM4237YL2}^l+&zx&kiVNN1d@k
z;B?|PUbi3W7n~70LUJ7hV}+2p6-Rvb&;ApLC8~aO;~qeqP>h28OvZ`d5L&g+jy0tC
z{g6pho5cOxJ#R*8;a$7giTWsG3fOV_ERw1nWc?5mrV-V~YJpWsA95H=zeOzap~-$9
zp2=b?<w2Z1l?99k%<iQ7>E68k=FMY4*4f0-TEazf(5Qx&jEIN~!pNJci}91kID-vs
z^Pbf!DaX&dyE7&c<cTY}6}b;e)2;+{?k)6x*3efep;E$ATbkcJ&&D-}ae4vX6zsBF
z4Hyqu25BP#p`{?Fq$F=;cVC^;6TX3%waMX|IX&-E`O&CN88m~Vh8iUdyy*w+0uc=g
z0~#=l2IC|Gs++3&i>=OHR#UTvg+IR1|EdHIHT3r-{_$P*mEHiJ70Cu6DA8Ulqlgf5
z4I%!-ok+gFcu9F58lVoox^W2^;sxXZ1l4+A<z=6wuJ8>wVXv_^eWz2S-6<`giFdAy
zs;U_%yf)x^8?g1Jzqn_OWg7ggvq+G5F4qcaBK+^mF7nw<CiqL(rdLi*mB4k*{u*bB
zXLDovHQ8rZaDlm1|KvBQkU~J<Mt}WaJ<}Ghh5*QPJo8IfkT$=Z>1$2Qiyxx?D(%(l
z%aA6(>!6xM3)Ffr1Q+LH)mNvm!NB+z?-<T#XaR2aiK2oyR6q!AZB+0#VqsG6xfbA7
zKtnirGmXN9P4aAEr?E}Pu?g)o3n;;r1ii;kfmeDp@|JRB_NXhI-wF)Xja(p(yRf>*
zB~GG{Yx%P`Nqv3ERH~@YMqdp9o{)YHyS9@es-eJjQf&~)Q!$)j{<M4DxMxPch5IKs
z^<~j7_Q7^R+y%1fv9kw32N|L04e7C?k%a?rK=ZDQgB>@VOCUk>tibXb!18uL;_x8s
zUi2=2OHj7%`^;F7HR{T6YJkQ7FHml%{rA+MQ~gYO%HStldwc+ufi_^;M>fSyL*&sY
z{S3?RzQij*ay`@|Fx$A`a?@(MQOFm1y9(*K(yRPTW=+GcG{J_&z$aYtPsxEif#~;(
zxj>TOmTiANU#?o7NE?CZ0wJRGHUs49uDz@)1@cSevc}9|5E_#uziada@BDb9k@`_X
z%m0Dup9X;QLZK|!j-bLkqm0{@s74^!>O8A_@8iFZy|V)LrdbLXs@kNuMvS_bBm~er
z{-_1pbXA1-eA=bIN!aspy!3TgVwO8snagdez>Ohxq6Hd7RHtK~fq==g0Icmt_NWFi
z2fuZR{HT!eN&$+fuYGq_2=CZudxv<?$-By?z2Hb?B%wO85th7u!Xx<N0tg4FhqtJa
zJBJwApiLUgUwM?z8}`<TWRmY>O|`?d)2=bqBwM49d9KKjqcV44g*TgX5wY&X%B}ic
zoKH^IBEt=&aTGzS1+i^YsW=jKvRH@k6{I8y<Zkvt7m|yUe7i;Kl3CVkVH|MvT!HeV
zX7Rl)CCK%c!CfB9c^-Fv674QMo`uLJonn-xty2=>w3EC$QNEe0g82tB8fGoC`XYg2
zgyn{S<y<3?jzxYvT60m3;`kSeXS2e(uyGXuWjtP&efKaCHHfEY3EF-dO6>W`H1%=*
zBh2VqUjwU%u{x)DQNuhtbUww54r+kYfhK>xz0+sI*y>OGajj?H&e#!@B2?@wl1-vI
zr+_GD2b>ek(e7-8H13OVuo6+{28W=-XZ!IKB-(s_hvU05b?Em9x_Ls}XaRJwQf>r`
zaiFq(#$P$W*k^m4PVX}P5QP_Lyz}*Tz<o0qY<nIr?l9S*32``Vee<x>93#P|z+JG}
zMn0735#u}RVCTg>_mt>~rWDzBHOnzYXgd%i0BAzhK)>wsFtvaRo6xS%tJs^+A5j2R
z;9Q|qu{D3Fxe)?h(b)BJfo_08mfH6UL}7y4efE|f#Jm20S?!;XZh`y}XNd`40s@3`
zQxP|ONS{qgYbhM~tSJ}sLFF3r(Y?8UsoN%Xx!%3<H0V#aGV^kIoQ5{F|2Ad#_HuNe
zcTdepmTibQ)fRg3bv{r1W||}0`1LUl-TwKL`zSGX)8%7W?R~|%(bs9n+IM$C(^NJ`
ze~_sv{EF!c`As1+s7N2_h9z>X)N22<)YtOe?hHKItPMg_fY3pmzZ2MQI5!2<ea8U)
zMGSFBwALS|?hD3uhTLoCCHD#V6j=5P@Uwo<*w%;QVQwvT1x<DbjYs|QhJhNJiqqvC
z9gBC#GinyE5ziPhHU$p`hsW;WL18eStp1{pf7Z_wpL>QY7r&dg2<}(49Tu$NZq2dX
zwf-sn@>|pcbUvSw&&fN13jkR}>zn08=NxQ!e8K))4oTAu{|n$z7g-@$+P>W9i$u{)
z_#N3V@7VqQx37+zwCu1yB_QYga3HS0T0mOVX8Q0nEA`FBwr+HuPgT@!+E>(`vo`i@
zz>L^y#xkx*>I>~oqEC1(DXZ5RRYQv<&<0i^?@s#`48ykF^Q=b8*W5Mt!C4h8j?%T7
z8|IC@GUcx4*W?}f?=g+8ncYHpzNnT8KP*N3TfHq)KAJ)Z-cE5^%)pzj$v1j~Tq-tu
zb1y?K`&?2!ojQ3)HfgM=)`lil*E(1ll4;fg{%BrkLN?dzp$4v6y8&AAL%~o6MB;G9
zuz)9mJ|O^w;R+?ZE&Wk{oK#I+WwXw-*lx+2@EKnedh}*9><7~qngwe*A?<MCL0v9y
zy!!D>2GY9-s){LVF6~^%OsQ=}1ea~?-)hnl1D(}77Whcb1}fanvDs-P5bYh`zS0Gs
z4YgxV%fLcOzdn*&1AkifO~APDM8@tYWjfR>(8Bf*aSZeLAq`05t6kTwPEX^ckB2!*
zRXasGGC6M8y5F2~Y8~SmRy!}R@Bpun(hjNy@|gtavDi)eo%><sxa7Dpb=qV`(L^sH
zO64P*W5JNTih?o12>BGQzq_<|X>C{NmLEU73VvXFi+5}LYVZ}PrT|}cWWx}UBR=y|
zsq6rD<ooIf+1OnAIh1s%D0-qwx+Ny9@?Y(3fFgEF2u4Gpvi>pbnDo3~sw^>(u2h<v
zA#RMiU6S+x5C(bx(nFuO6+zh&XGXjnjrOg97L~WLVTP3B%w@96+t`I81<u3@7bRi@
zbLk;ZUl+P=jUTxYtwRL>vGVf*DWkB8I1;7L6uR-#4x+diQV?zy*<qbPB&P{K_)UVq
zsRg9zCrC^?9%dy)XfHw3k9|r8n)d}GMo0SopID2(PTT)to7gzm{#h54h3TKi^8Za>
z{PSr4pJ<clKhP#=a|2@seJ68U8yQ<0+yBCwzOkf#;!WSBZSZNB{-Q3J8NMk9`u~k>
zVrOFf7q;o!;9uFMZ@d4DHvP>J{5x6jKTDf3u`&GL(53_#n?QPa(WlJ5aVG?SnBMT9
zIK>2U>eu`^T)$rgB9velbvuuLCT3L52xsd*CU2<a)RKzlTpXXzz<%~puT8PS7VTa^
zhf!^CVu_QaPfeUhe9Gv?3Y=J$8>i>deJgRO!*{*Zo4Z7=U}x+?!U;U@VcKPNhEIwq
zyf{1K4bz?UP7y-hX)({d^2+^r)_Q_hTx_y>w`Zf%)V)J<(-nn}SV~ZynCW3&0@Jd#
zg*Q@2io9?b1+JOwu4g|=u(ag0JkFmJ%O}6xrB)m$6^u!X9f7!qbsxqiDjwhzSlT!a
z>Nxfu!~O;}V<#|Q;?+b(K<%~gbJ&G=rZ++v(YE+JQxLB4;#T>JydRfO=u~|>QjL70
zKNCKX%8Y$Q8ZWA6W$Jt-F&<SHO#jHmuj(RIe?DkG#@=2fd>D4L8~JuVRjlw0zLhQV
z<qd1-g66;+pP6C@wQ?Pc`G>@s0O)qt-*DyZ(;J|CbOF*Wv}F9J9r<6ywEh*V`~RVT
z{<kgo9|<6)e<y(cqJaJ%8|43^-G7bu-}e6#ocTNY{tcXA`D-)(`}Y2y)uF!Op#MvC
zD8_G)=ijSCd3{%hQvQ7Ac-n9@J(>u_(BtRd3D`3f;a8HL#6}iI_6LxmiuA_-0X9j&
zU}l<cx@=vaUSs`P{zt(wwvq5&)kH<*%4T|zwes>$y^m%4rRb9FmyKr7^4C+QXD9}|
zw&&HSZw_Co=XLAxt#|iSFQlu}YdlP)0Ej#0dPnaio9%W4yaxsW_I3+(g+_$S2k_c8
z0r4UWXlervT(0|%Q6#;oN0Lga^a$MSx*uKo+=p!@-OEoeriNrhNwd)VB9k)=LY8d3
zPbSZ}TN|idO3tyJP+d>GPcoJMqSx1gO{_tT=R2OV8BcRN8jSvZY&q3Up6l=Cc&XX|
z+nxyNM?b&>ckgGD$>7^=0Px^ko&(XWEKdBd<q#M*fxXdbKMezm`npL7e-0Wo(U(tN
zg*mqEAt7!`j0!0#&W9A48kMQ9_RoBs;cWyB?~^uwe}Jyd&!{X2F~)<aB0bzaxoCy9
z>30B{=uqfJpYLpvZbuWN>(X=s;S+P?vgG0kQi*k8T?@3&g4euCdJ$#GOdr>S62hJ{
zy<&eR$)=Fz2RmeN%WM(oQe69CWH}^yk(>n_8=We@z`7T9=<0-{I*i$Yc5~pE5oHI4
z=0(qmY6bkX3x9z05S`(}u^sq%D)m6(^aH1Fk=~I@gO=f4^PMd-7Htow=8Wk9V=AaR
zd`{R4`3r+wCsv09isGAm)WC+*^_-#Ne*!<TB_{?}YDmFN7@83};dtQn0DeW#h#+w*
zO00c=*UI_rIja~q@uv1WG)eep$_BA_OxvyU9P6ngH?)-9;J$R+k;nl`tIlVo7f)1x
zQ_sOrqBJ9LHrgG=1N_zxrH*RmT@?CQT`EAi=7-D%C^s+2PAD%xms3IW!UlxSNW6h|
ze}kZ^A-J(WMPM8-)=I2nP_qiOSPx|nkR$mTBl~10WMk|PX%)G05};M7*N2Eg91j?F
zfz<QZB)FCRj?$`tWMR^RR0@PqU497OqTPBa>Jnn-2k{4J{O!b*5hF0w{MF)#62NUj
zTFpD!C#Vfj!SH_gM7T^8N~DOQt!4F6V-!!$?o-+&yxruMR#$#<i{^^$^3JK=!ENUQ
z;b*}PnA!^>p)T>*j;WbU7au=iy7*XKZT<*4qv0xR82Hgt()mxV1<xGl&cJ*Wk{Co8
zUjF8|(bU;4WMwU9W4A?TJp?QE9aFP8UE^#G--1Dy3SxZ1$A|@BAa@(cUy-g(HA?Ef
z)_Y<<;9l{rX~*wPJ{%i$FlHGoVH2M7;G0=W!_N7xXOB_2?lvFJM=7I+rIHi{$pbMK
zczYtSj&pk+sx~wvLuj~Z7{cz^?#a<YG~AXY2F0zCl#sb2Jt~)$EqH5?Nz;n7Ka4gc
zmx+&n(wa#w#Vzr3xqjM(=l!A{Zr`Ls$8u@O603p4E%3c)Y5gO9De^G3tu`u=CC8<_
zN%nr1>qgNFqAQS#Jv}7u1+~Tq%jSMUVNS*bNhY;))yhCbh4kmDqHw7dO+wf}1a%a=
zgd|x4Oi{5==7hcyA*8^x+9WGg{V(T94VjTEZuaJJMYiV1MQ!@#@iDxnHYikHSaKdy
z8V?TlJN6`B7gv4#y91z^h*1eXR*uOb89v<SPI4?y9nuLJjzZzH0@;*)rIv5$=t2r7
zPMm4Tox8Ae!c)RC<Mx73bu_I~C4&WnCbbgfS`rB%@w!aG%_Cu{GL}VFMNARVv3#?b
z7w{%8v3Mn6$U{MmT;yMn6TvAEJzq{@9BCxeMTIFGOM_+%yt<q@6RF4Zn1w@1hP>O1
z+ifeT{D9bTYZCPvR(Ba0G^sT%mXS1inzAVwbdA*YIu`9yPK_@f>xOeScO@N>yjDJA
ztZ05DM(XrmD6!_xq44nVu)Q?9F4pxbzdvGKq^a^kyS!wxhpw|39CpStoVg72{D}li
zNzKf0;l69;QfMoXOR+JP$wS#noig^?Wz2_5tF;A>GLGsqddyI7mx$+5AteJAiV&zA
z_u{01&}|i49**>0xd~B)us&?_W`)UBC9nvo@oM&@uUIr-R<l+&1+BtZA$ej}ec0ic
zOu605OBKO@SSeT^-cf6qWLv9?qmDwIxJxpb0}gBaURdulBk7X9DxjLwAOCa5@_>2&
zCk5t?)1%xy|4`w6KP7dh`nI|-ReCyIx3(i(XSiC*HXSx?yY9d-%P5|jnwD^yv+L5p
zI++=>n>cz&1*aR$)(wNJQSLM^n?W%~i3kz1?Qj6^RPClW{sea#4xfw!)}FyqwCG}J
zdi3fzg!?1`Z=$uo(MJia-lQl^UL%5NHYtH;>_wK1{gqes-RPMCTj{Om#h=QZ@uAn&
zznGRCQ%*J~lYzsrj+4w#_6XaVKr_=ve@G+^t@PNG1_x6d&Ip7tW6^Id8>K14TL0}Z
zEwwz=w6cE7q@Bmm@CfH@sKR>5y2<+SZT@<?h40?y&u4`~WbdW6yPI0mo~-oP0LDrd
zxv4Q6-l=55FdC{%COskE@oqR$h$+h0ofOsAnpb};n)BAj;B{kj<MOA_+jXO5?VmfU
zs@9!0&F%GA<qNfN<2IRfw$qA;vwBn5QA#iOX}-^5GeX+RU#hAc<%C4#J5OA&zUf3(
zR&at39yJUhh%@YR36}zie*~QJNqTMiOpeu7Eo23W5&D#Odu>u_6W<NF!LImiqI%nu
z(|&SJBnNAA=Jh{{m)mpV7GExZmYA2{CWi*3YNHl}#(e$B-yiloC~k;c_v%u~BkG~)
zhHI%T=}9ENR?bd%{Eao~iBW`#1lYmq@4C&~v+5096(E-NXyG{{%Wj~$-6$5rwM9U~
z(IwFKHr{+naH)M+ZMR+BX}J?u1PB}8fG0F9j@~miwbiO^58seEE5A5tkGvz6wIEbZ
zfpGJ*L)EyrQO2GbABSVBgeV|+>=D9A(UjIq?uOJhp2yu+0D{D*Ub3l!X)5E?#ne0w
z+k*qtk_^n({(T1M{k9i;6NCIHI6@Z`3v`iZDQ!71XK(@5S!|e<rC)W6M1~wq#`amX
zXQfs0A-mpUI6PiW6^<uES<3D2!ItO|MTzGbc5Xwk@+@A0<d%&A<!&Oyy=LGUf1HM4
zk75+!dFID`e^L;1N?{BURE%z8+SX_AGwNaDPPshARmaDjtVN^rF~~*jjqcK3OY~bO
zd^|<>7K`Z8y%MYH_*R`Ap{m}=cOCXyu|Px1EP-tFu!fve_))|6%5C;8ES$o{$Ysc}
zmTbXaeuC^VyU|S7l>lwHmZ<YhtFN}k=2Pp(mE+BGUxCqFRyX@sh-PDSOX)+r@+}{_
z$X((F+}E93wN`ierkoy>pWH?X3&e+pLM>S@CBeMTD|Oqf=p>}9Vh}`D!MXS5ZJX_r
zL*kKSvu96L(3}8#e-MG=VRu=lqWfbZRWHb+neS}dZH=W*5OnK!H<%8_n1HK?kDh|O
zWD&{-uX}ghsC`diSLVyyj7-0dQ)P3W{-{ydra`mpIPv2^DG@);TZ{mw(`k&;fg0V(
zp_~{W7w2ji4ay5qap`<rQEX=M)VM|k?UY3*zC*Bwh>G2T++vQ&X6aViAHP@rrNpyD
z^{c+9fQdAW?1{Cgvx%Xo*NJkbC8Mnb`=3WkQIlz0jBSirk%kZ4Fvl%*q@4VHL~h6!
z(>N@e46Xb#Wz^O%pEm)HA8b3Qmrbi&)m}F;*rD~h?MHlq-D!BQ^w6O7IKDaz#YS6`
z*7?;uK8H<3gLKv(f2#8C%kS=LEX`iY1i#YY#S{-b3UZgZi6D|t>ylta7<>^V{3RjJ
zevpU}p3oc7lH-;{NlyiGvGod$ic4$;2dY4DgKAH?!pgQNmGa+-LluykM>{1psGl)b
zb=u+ho%7gxL#jds^Mq&7uSO%@$R|+7^7r4OGiuNZBHb7<s?*X>3)b6lP^6wurcy5N
zosTp=a2n$%^<#~Iy{NP)w5D=L;F0wcsbiZO_lXi=knNIaq%~<(U0)K6rDiA$kdi05
z|H%w7@u-V?gIl?)d%^#{6W11c75VG8^~VfzvyscXLby?E1}C!g?ynK1HdkDGi{Ti~
zSXtVYv>aX@ZJ^24dd41z2+~%5a|F1;wk7g&?>?VlIp62ovc)xvOTS0>?8y3B47qt5
z4V~?GqGIN*(+Db)6thjx{TpF?c3ipH?9M`SWz+Vn@(mv{ph}9J^3oGyFL{>^E54DY
zmIInmy{6J443{K!mc`ZfYI;O&c4uEcjhg$thVLIzR#j(m2KouyweKlq&QBZlRadNX
zo508ZaGSAcJMY2W3B~5u$f(>-$60VFG4oqf69b7gSXB~foH7{#K9DPNkm+X<kwib%
zw`95FI<~^`!c~cr;7whVC0q`qQ5>j{9Rk%nF2Y76LAlQ7m+abd8C}T)|70dn2eHM2
zBW<3s?VF75N>YwPRrSiO4LN?*U#_O!$eMfJ0A22PSf&=kVAXmDGQW;bYGR?{i5L`z
z7r2EzdGXP&?aOb8#E!U1Ag>!AFmriMqs~Si6UP>=DcVA4EU6usX{=4z-)L5SIn*bV
zbP~Bq2co;PeSjXsvC5SNrtgoSqWKJTfHKrC5~>@K7w_XZhcggZ+N4JE?TOqtglW~$
zrAs|J;{kIDL*GNE#T1d<T(X2a4z-pQS}0ytrJjWcqsax73>1{k0DK)&43R_+^DQi8
zJMPk6CI`Y@uL$_&@puB6b0jCq=7z%UHRtj3h|OgFp8S2Ao64?rkcN>Ov!|D;SC1sd
z+49KG78|I(b7ao}OUglEkTGG4@DRo{rQi6gbs9KSwo6~nIiRprJDfp)L)}eqmqDH!
zr2pp?S^`<d1R?PT4h#ftsm7g@{wd}UNIo=ueN$;QcC(;h0>&nINrLxZB^(g#rJD8`
zA@jRqcJso_2st7VNrdx8!v`&jN)g9#91avT$|>SLhnNr+%7>h9&N1r+&Q4i%y<NTb
z)lPh^x?R)ux*NWGJVvP-#-|2ynt088S8h5Uqn`=;!7a;$a0R2@dHw#wJK=iq^Y)Mf
zakcncq}EQWiOtt=I`SD42e11kr}uP`*)4zaDIA$ZxLe`hdjTJhg@tC-vl|X*PW<{C
zgK_DrT|2_A3B&cM6UdxHoGsd}5c;qQGF-S~{W4UH7fgS!MX&HZ$%>Z>)6E7QCs?C5
z#W}h-T`lwWTlqf6SLUHmeV=5h#PQ7a(X}<R>V%Cm_?LUxUqe0FY<baj2g^_gKhFZ(
z8WMX9@7Jyqhc=QEF$rbnDx{$po0uG&G&Y6NgwwUd!LA-8upM@wS2kPDTjcIkO=Yu1
z91jF;ioL3C_#V%a^43{8c|jjG-)bav_FDyy%{#^q8t9{zFPb!J?w!;qX_oOUG7!@)
zXPS;0x-W5SW_vequ5vFjCd)L+*2>gQH-1Bw6^>T*m*dvsm+h17H0`T4=Qis$o-so9
zzpzb02YWA;Bpy%m>2NFCWg75P6NLqM4GN^-sN(}VegsjHh3a&-l-gIha>}|%zG<C9
zcy*j5JoVE^jjtE^);+1&?rXxo@zRi^^Vv&hFEU!)SL3d7SfRVf{-QT_5a`;>to@V9
z)nsay^#!7MVD^eU5H8KU%tRZ!mjffiN;07Co3h&k->_snJt2;lp2A7YK|!zu>SNs8
z3ns^BETN33d@Nu%>|JoPv+A{8$p=M0Dv2&vx1qj=n}UB8uD*AKMOD{?o6&jgQLE|M
zfDE_TcD7x)%v;T;Rs8`von7edXL)Ad`1nF?RU~&Cp`+<7&h;ANLZUNy&1Uyb;B|QW
z#)8168n_9YFP4Xk1-nYZ1ZXX%*aX*DS-*X@k?lP^^M`{~$^vp!LR>~-3Ol?1e4c13
z|1D_Cox$nBdBneVu`~|^srpAe*KEm8f?09A=iTDb>)~<Qu4a!no#UuzG%vrO4cmTT
zTZ`GfSuIYZ^>c5k7<_Y78c!<>a@QDavRscx#cTRrJT|>J&$uWT7>}z?r7Nbfq2kkQ
z1dKs}#7?LzVtvUvlRs;fcTiZY0{E-AxKqp~OdE6@1$bTVXhu?#?_$KYrQLBQM3H!e
z@ZI$uUETqoBB$E1(eKpL#%*F9?-+4_a@eWDO&XF|DB7UpoMg}$7&Wllh3%#H8~?Zz
zd$JxdWt&fVH+-z36}-jL{n&wNZYYMudg%$-x1|gpzD7BnSh4H`;ntWzk1e;Y7O7n^
zWAM%=SwUQ<wrpfEyKJ63TQ|C;iSHWZ^sx@&3j+my@iemgjCptb-1rLWUbl_8AzR+A
ztS`P7<3oDazLH==xlLRq94t8am3!bdB#mN~Ff>|Z&sl9iSB@tm!)g%q&d^QJHjqZI
zago-8Y$T&F)o1J$QwKn&SXL=zSFdQh8I7lmO`%wJif!Ies#TW2UGy^dQbbxhXrw&>
zN@_rR)IJPeD7{g%i0!M}9*lb?!gz*3l&|yAqrET={}hi>eKTQjs$$ewkU<mHjc%2V
z?ASJ1Fml?VCYu`8r^~1$@?(xhlmj&wUwtSvO`?IGMZcWJpxj<`6n?bY0IuzNhgbE0
z{c1vPe=ESDZ;v<)HTghuD6yV~Ng}u~M9a(^zcK~Bb;5x}UC5@PqH!a{hLA0OJ&B7t
zgF0hWD22AKx|rsDP3ke>BjqCn_yB;zisQS2V}}@Tt(U<I_-oR;5Qjbmae_=!8iZ6_
z$e7S11ob?x7A8?F1Dq*RLFt{+J&1}PUHs9Q<0J{SUN=}}{L<JmmF1-6iuH+#d47k$
zs+rF4l|oxV@nP|#wpDe5?w0M=_!d8SLH`|IQvVU~#q<f!DbkD3A=16)1=K?tBPb9z
z@e#8<t!Xgyhh`;8_4|%c2jbR~h3b<}o;Hn4Vu(4H{orl?a857G8lA9q2~94Vf9HJ%
z_hKUM<TxGY(*74=Y=MyMW7x&TL0YT)O6UDZyniW2@$`Z_cOVc80qKdv?Z(mZ#l=Q!
z+T-fyRF-R~N)@z#$CigzabM3#<8Z^i9Z%CQ={DQ>qBmiaAqE!9A;S~el@I*li;Klr
z)?DerKg{CG^7+yzBxMQDBF$aCtFZQOgld+H=P<^Rm;BgkdpdYe25Z_vumy1#x7h@&
zkvuFR<?lqBVgsKnV@g);2>t8gZ1}`s%V<3#W9UOicA{Ssr^jC6p$2M}D`muIU3Zl5
z>=?SBUah!7PXVU+LA+h;RMmHaV7i5s0j>22jD>-^t2eP=nT~QZ)2(DTj#m)xnVx+V
z)2(oD9#fOv=j-fypNSczR==6!QEM3Oe|a-l8keV)s8ML?b$gzcUjPJ_CHwRxBo+vl
zJnfbKv<Ld-CPgS!7t^yt=+tlre2+eEXBk7Y-D|04hsG(AW{_^gJI=bPKzcg7W_+~T
zBx2;>(c|S`IMp`dQkySPmWpN8sc2iq_NLa^_!DxB08=TTD3@a*KxGA*ijP&-wsq(g
zX<cJ@da`-l#=$D_ifH}d?SyXfNxez^y192r&3)m$<&w<}&t1VsfP=VGVk>U@H{P!=
zgO|iV)lE>sml>p5(rznOUc1?3x9BZ&3tI~++^u4ofSM;dgm|fiTXbwlrK(82smZi!
z&eO_^!*nrRZ`b7W)P0ARwkkg8FPewpSdHpOnmx?)jACDY5E{1gbB13996NHE{fDaZ
zi9pRSEX*<(q3GVQn}XXSo&{+5h;*T@aBD)jMTO<Ff_H2U+Gia0MAm{(r^HDT>obBc
z6lT}_8HL3&E_axcfuG22SlZ-#p(&JHvvMbsW-ON=EnG7$u(93AI5)U3=dQrqYQx(>
zd8#tJHpONjkb4}@LZ=SqY+9QG5>sRuqg)ON9cg7w7@Ot4k_8Woi&l%Ak1&qfC(}vL
zSkqnAwhT?xkt$)9SeCZcV^<zAHeki_<BZ;u7sI)=I3Eltptcwv3j2I$2^0T#-}UZX
zpGP-=++Q)Sf#7c#Ht5fX;4-Ztug=&;HwEm?Sc<MkX`OUOH=z{fe;GDh-ntqT&${G7
zK)|6}lhu)S*fwa3%btKmsf9d*LLu_9tf7;%D(BM>)VGhAAr-VuGpsQ-&@rwd!`SQU
zH=rc#>X<f6lCO8pn`zD>Kb?!NXETwEnm6E-xSwI?UkXe7bVavDW0dpuF~M*7oo_7R
zsD`u1u0azdsAH{`H)RG9+K1y~t68P7we_nQwYjN`#Y;uJ@;3AxXZ*d3+huN!u&ZIJ
zy~5f&*E^iEf88r0nB=o?3pC5Zu)f(loUg!x>)k@C9rMD<%-USZ+n?1|%F{@;vYCgO
zXyz>PMG5>(XXpAyBgoofU&n3Y0|PHJtBJ+WT%52Uz;ctjc6O3JU2w0d&PTyOSvb+3
zMf}5vzB=uE+)~o}#P&t62e~njFCP|x-7Ga;PT3w{&<CZ)l~e(f1dW9>=qEqkye)o;
z<;u`}mj_@H58r_YI$r=qjSQ(JchQ?JKP&hnkrmBz3CE?*XIi1*3~-bJe_yr>TRpvf
zblD;d!weJDr`Fh=Ur9pjG=r#^@qy#h(^$~I4qI^yblrnW4IJ*D>9}ae|EH;1J}{R>
z4c_cW;D81{h)yFym<c`8#zpK%X)VJHYS5{dU<*cWVA97WL7Yw#yu_m!z|qgnJo(((
zL8#|nbTccfN49XD{h8TCDJt@F<gg0V@|M6dyNCFn7qbBgu)Z}!JLgspQ1o4>dKHCv
zOc%$@H9k-d0+Z2|S-i5NcPVy`xlGUl4UOnw>>;q)NdQeuAom<xtri(Mj*~(DLFtZ$
zb_WibFaEGB2jDzC7pVA)dcFV_ve<qw4gx~BNWYQ7QrH6Zvl{%$^GfUUao}GE1$Fsh
zKpht4P5Tvn4Szk^eWn9d>RDyx4e_^E2j3&4_o?Cd-LrzEynuqYp+Eq=M&<IrgRulX
z=u{=^EdV_*uq<3yTN}gp2wCuhxrI05<@meQM8Y=G%<SSNS+jHyp4i?2{pQXp`OLT8
zLfN6I*;t-i=!2PD#{`=X1Oxc<>J{Lq?X)4#iNmjITHYLJFU;#(Vl2^)Zy0`6UK6HS
z(v092^c?YnC(r*EyExd7pq`G(Kw$bM;gc{y;JY<V)e;&8lPPvC9G_3Pt^uvBANB$c
zox&UaaIDAI@R2FtoL&Sh?bC4e99JU%<3~0bG{Ru%rS$KGy>QtBc`gC4Ez&8V8m~X@
zbuqzW6*_zITT+|z7N^0Twg4GzYf2Q;JM|k^v4FxpAAJ~iRnQu3a@JO_n0~}0jDgs5
zh8E9T{0LxkYm~=QO;EKyoCWqGVPrV5?igqXK?mluf}^)7)154N%?t1YC4SY+U{|P@
zT2xm~cDArytZ2KBu#{Z9(`alfvJh~WFb_}H)`HqzZ9Q{8bgnNyS}vu}FKVf?iPvC}
zqN&m<n4+ns9#xh?Q&~=0TB<9<Z1mD`7ICL|NLHPy_@%3;qh2)S=bWtUY$5W}amNXu
zp-Pg1nL8$B$x-88$iigWZ+aVb7jf4n(rTsRu1(SdvS+bi(Ad^eRONN_9<hhn=;0&d
ztZYruLk?Jz{9S&}0zm4tLs1V1V6vi2N9m^yYdb9(>Y{)tZFxBbEk%~9789E)sGf3<
zLo{X40bnwK5RG;Z+VT`_Rf)W5((>ZcViM}~zGJJ?7-jiUa-F*JJ(X0%`B*vSB1U14
z<ZV=hViv2Ov5AQNONUltft!v!hACM<klg%gctqeWsBvL(A<H02tA(}m>4d`;07uGl
z(o_W!lfWZ>IHbVUMA_Kdoa3<&_(Wvxi1G0xEeg4xzrk}B1v%1%Do{JNthTa@HXg-s
z@^Z>i*&xedqZU!UMVX&g)pVJ9AJ9=Cck3M`j7MvX+xF-ZVEwa2U~j_Q9wdO;_^2Q3
zk}a*8>S<y0r{1sirriw>Gh}_G*sRt*i$C}Pq*_a`G38I;qy;25)bY*_C#W(j+&IT)
zd8$EhH8vx{9w&cj?u9_0Z{-nB^Z;?CQ<{T<iiIGppiVgCVB9qUF)H?Sh)o149-8{<
z<nhuzup>kg^lS1#Q>d@aAcW`@I<schXC2bwL%5=tN!aD{vF)g5cXH>qci}(@q#CL3
zo2y0wTXDEkAtW`{@>DFD)X?@Uq2<DpAoZQY0j{8eFqE9!DGh(`y$%)5r=>J)%i;_?
zaEgC$I>SdU37jog{C||abC4wOo44DxZQHi3Y1_8lJ#E{bwr$(CF>Sl2?LIx<jXh`g
z-QT{u=Z}i4eCl~JDx&U+s?5CZ>l3&-<`Rc^fDKwGPhtk6m@5X2_V~k+lvR<s&No&w
z{M7S#+LE-G`+~hZd9_8Iy3V|+&}T|B{GkH6TdZnOR)xCEOqaSYO_Orj`z`q&p{JMD
zArkXA=>vAMbR~Y9;r6pls!SzsuFrl#xOW99GP4xf!+ENVwf<P4PgX)WtR_>LUXih(
z%MkR@RN0;}`pl>15@Mv|=Z|t?w6d5*J4M{O)ia5Y??LQFF2x>6m%-?!oPv8)zKf*b
z*jH32eAm~0ao)iG(D42e-^-gB=nQ+~ZgCV?8hBlg65h6Py)8#cX&-2jIO)59sXi~_
zC|C{&VP*vY&^f3@f6ZB>#i)J>(E@p5EZA!yWq=iTbJkuM)G0qs1C)Rc;FoyxrabKv
zTJcK;et6BHQdBzBrTadpaC-jEk6Keq9&d)kEWqV_zDgHA3(Or&D64e?wvqv8t8T1e
zBy-we7if9%N%NpKUBD@NRd-NvDgld7GlU}+fZu3oCH=1e`cDyc{`QujNeJ>NelOih
zQRQYl-2(EsK-z$Ul7zE-ct6fs=;|#mD0A7uo7zeGL$X_q`+HYVlHgNk(t2Qyj{7<R
zI=TJSdek=v3lqQ@-fK-&VH(4dh%&g=@SZVJJN3+G;1@w>9n&UU9xl!OgsB4KQ5i}!
zDy{wNa&x(98mCBS303XicH~oG<HiN}^3j&pX8L7^U<0ifwp=bfzAsudCE8^9Uv+;D
zO^^C^d)MG<Z!2VL=?8_Ys^8mFTOrqXgS-Oe`umDOA6IJjS|QKo`^*xVTcR2H1lEuO
zNq6KuXbWGrH#=LmN1r}sQlCIUT((3$2o9_`!vOkWu~}CR)dJP{<w<8?G7JPn_&+XE
z964|==7|&BtZ`ko)4l~CpEalA8j-FEIeAsdbqWVmi>dFkJ{$EzWAzDbfF#vogpZa$
zYF34iN1qiiM);3l$@*eksI~aSFj66JA*1N-1H(icx&&e6>=4jcR{@F*7%GqS$p#Xx
z+#HGJRw@b1nbd2q3N(aq83;4k<kP1VK)~aER4SG<D~&R+i*a{ulHHe`XAFIZ`BYBx
zg5tM%dmTkW<U@_N^Pkje!IV9&e4e(&NXVA3t(wgl2&yff<>Szz-<oq1!yww3BPn!j
z?#$u`&XH&1h*!HiNzw#kMgwK@k>~f2#S7n$qRq({^j;#Pv|uF3B5rAz$sdD;0U~1N
zbA?5VDnMr9K&~73tlosk_p~AEg-g+}feltGfzId(aw6BY^;DhC&pL%avAn{B(Uf4d
z+aX_@zjGk#1c{REr7u|7C#}dSmS|0w)c23la=FsokqH*e)E255l;C>vausP8cVlFY
zXzGvzdWwo!BQh4Kc-8U6cm*g{*F0ia(43~KxyZz0oS`lkY}kT~2)qP+QpzDxrS}Og
z_IC=2o5>3L@&F$)V%W5WbZZT@rznXyEth1$A)0j&Rg3J3c?x->Vg5<=UmLI+<m}lY
z3b1I~87E&hgHM2Oczecc4d_!R*)SbZPrqVD1-_LIym=CUsmcn$7r8LTjB17<V&rdE
z9&OvaIUvyXe7ubaJG<6GtZ>UZl7PovRLT$yQXAqno;^WNai-!9A8hY4Y>_h#_%?y4
zd%%*Zpb@vJ<NE06!D1%2SlT1~X$~X*GoIH}^LWCbdLN2`g60j$lZt`0a7WlewT!OP
zGa=z(S&apQ4~hL!TPCO2pitJU6il@nxnCAg!{v;(7|&{0iSw#lx^Jm(4Cs|CU>80s
zU5Bx|zt)dE6UY{-9()9?&J~5_?zkG68#<sm#Qv25eMb$5rl%Ew28B}uP=!WO5x^G8
z3-3w2qhmR_Pi-nR<Mn)W$uw9YkE=&oS&rO2u;QTUEOnmCAJN3GatLG;RPS-40(@hJ
zT`&aDq20TGe;n}|)<O--<ubMeaiT4T!xYMiOi_-Y*XhRBSz(}C6=znrqfyeVc*6ia
z?4m0L3ffNQ9AVnufn|S(X(FJO6$dn;Y&JQG>Ur><6!w5~uFWW2QaL`$WG9|?fLXtI
zx^t^H8``FNqX(Eu^;{E}&6W4d&=21qyDp0f(0^enh~)_SGa?wL93%wO5HFP|)l4*J
zXlc;gq&N<J1-qnEM4t)`sSGzM5u#E362=s_5?(lcr$$+#TxhZylryFO{k9u#6K?{v
zh8b4loWZ4I#U`IfteqJ&R=eRCXjyTfI3oDs)v52nIXjnsJh<B5aG#S|%v9l04QoAm
zR*C$(GleMmE{HxQLSsm1rOBI*N&5MkC-C;g8x1WQ@DBE^@~oh;$BWnpCEbmzPB;{`
zZ&NRjv_G2)2FmKKFmFb`#J^&sT5;4W+As(CDstn4+0A+hqe{%^eEN5qI<^+%i9)N)
zqzyI${d&c9%6%s4=K0{VZQx}safeY?O006%+?jCf=4&=Z^VviAt9A{bu(yh&z@oo@
z_qcHzM)c8ru7fMmNz2TBS{KpN@#Aj9K|TddSM_~_rN0q0EYXyb8HMZoGy}zLSBy!U
zd1&-_(A|o~<l#pu>?*AIw6E;4KUXOnQ74Ql=iqpc@Cmp1MUiGukOyzNS?{Glytjrj
znKsaCo8|^Um3URG@UH-{Y$|(9n((~e<i=BRK4K#dOo%l^X4+q`N+ou0i;vr<JYf&q
z@L1{|-fqW&*0Xm64?p?f4b8r5xhKIcDv#2088O|%l)N-BtG3p6tu4WGz76T^>sX5M
zSZWSA<cobKS-l75t%h68Fz{me6L&g!HTPIbA*MUWiPSaYF5voDJ3Oz(vl`{2Vxh&O
z8s(wo^H{26yt{-?Xa4Efll0HEYx|)5*FsUB9D8@p0;wz3X*na(`xBpuVgImfwQ2X4
z64|4j*Z3e<CX?t>`}Q#<@>@xX%-NIc_+WQGW#VgA784_3ASi%KOs;CGD`S+eubH^D
zeAZXRbj+%xnfO`H#YI@w?FEG=*!^Y>Ze5MNt20;Y_T`!aNqsg~L8jN<K=*LC+y&)S
zi^uoVx$v2>pUpLHdjp2DUb1diH#V8GL2?1tf^&&rWH&c8opv{N)wjXgbpG6Wvq#7(
zO4+4)fwL<;Slk~y68m4?4WHWydj8Ymf$u0^>Y9P#1h9yif!a4XF%5pE5upWm&sZS|
zJLxv}CXpVUKWeFlndgviCIMtXN+Rd-C_u9<D1fue^2tScLc`4J-O0jBu*r$Q1zaNO
zx5zjI8~2Bp;kak1Fk+GQz8B+e%*y4>(7j%m(<juyY7v^sGYT<$`L;}~MqpwAdV2-+
zE&zLXhU!PETcF7y*N2nq<z2MW#-fqyi{6M1DWNrl?MNW;s`JDj4^lbq;pAHsK22z^
zSH#mhNydtGKX*p?)J1sdiha%r^DT^SvpUKUe;q^KvPZwiit#Otl4Bl}it$~U-Wx?b
zGtXbf^S@FT;G-t=Fx{r&-R@3F-U~;+w}rl!g?a(t<C`CZiG7yFe=U!`VR^_AhqB)4
z@g8ith0MBnA7l|8Tux!$+u(bgPvN|(!h0}>zV9yKyoTc44xfkLN0Z#X5|VrK#^X39
z1lDMr3MO}&lJ<mR_FNOz0KKa@jr!+oocJ3Ue_bP;ej*;Y)eJ6dlP0L`jZHATJ92qY
z#&<sVBj1Zgciy}kzV;&@1hd}WWh3`Y<;~EO&HOyrK8o8mKUm?bza}H!EQvo3Nibu*
zjS_q0;|;#LB$VTi6U)gK%JyVR=2MZ#{=J_sSDe5rH#o;jcROf{?M)PO(HuVlxVDeA
zRun(-`(V!fHV131EMA<Yo;aN+Q>Z=RJMi#05AT+s6Yqi$zV{t`e$>_7Mo-kIDE>`6
z?v2H<M(k>Clr8!_A-;pvaYYrpOPW{<*SJD_3n*ZHUYKnlVG7e2xs&Z7P7mO&2Se&=
zaTK?OU+{W%^b#9=VIzm2r6!)edMXbaJuw>3BT#HP(4}%^)W*XYmqt5vms8L-xTvN4
z;F!%3+If>H^&Li+e_?crAoN$_=nvU?w$S%bG26vaIo4a`=-;{V=d6yKO`P{!(b~U+
ztLH|SuwEPp+bnTk;>D^LM>A0BGvcXP>ZOQNt&C0J+bTmVXGd>MHclL)X*R^T1}qvI
zLW340N<*D1iTD>K7~-UX+X}lv8z179@f^d&QY;HaiKn93*0m*4%nQrnp1q@9S@(<v
zkK?hiF>D&+!NfWrY|nJW&*~zVJI02hv<u^hu-Xv1=@&;qk4xsDSseMivU0@GEQ}4{
zIpv6<cQ%|1{l$)~3h4qD$r3W0l+1s?bE1Py{~%map=@jqRaR*?SAi;Xj`zSUG_)nE
zvQKPt(ss5bN>{qdb<!^UEok}_SFaJ?IQherG+`c3k!e9tdT&$)JY6AE*z7*e&`%>%
zm}g<XRGfHW#$oo<;Q$9b-L*MOR+`9cV@w%8JwJXd{D3A}Mv6cbS;;~HE}ergURH(_
z`Dq+EElXB{1bKOMAKJ#*iwN^N9@@rOyN``amKYSEM<08vCB74ciOmfPcSG25las{_
z3Ui;B|0aG83-geSI8n#h7z{HnArpql3j;!b@&<-!QnWrk>-+6iawHtaFNq|KNr-_-
z;%5jgIE~J>f^e|}!)$^w?wfK>$to%x%`d8ufW{S1k_xjVTo6h6(Uyg_=FMaYBYBhb
ziSDuP1=yvEW%3~%+t0UxAhoEua)cX2TZbb4gs($IqOLXlLA1=u)PQ^xPm9H9HCTuk
z%v5e3#3aO9|64dLR-#sFp1^aB(iPE|+#UT<$D0`Mu4f<oqXP07&Ub$93zTuxN%LPZ
z*MHIBe+;LLOsuSbC;Z)kV*TG5PKEwY!zrzhowf15_W}GLno~B;Z_VkqW|8r)Kar7<
zo#nr41^B;fPQMraH@yIV(dhpSOaE8RDKk6k|JVyK@wXS?TXPzmdP>xv7K#i>SVR)9
zexFzT0bm${QifqX8qiZ?7SgPU9v(B|c0tTzpn*%hF|}KPJqc<$=i2PR0PAKZpuM}i
zMxdB~I@wu$vVH%65!C%uFT;GFY!k`@-_PE|K4pveOPE=Emk>fv8@RfGz3zpA-p9Kw
zb|3v--;6LY9|5-UGqc3gtNJHInUxl+Psgv+D!UixPI_Vp(etqX&<t>(h(^Sp6A55_
zXGbsFcDSA~v;Ja!P@qW0mnkipX?c)#j_BC`fWc{!GKyJ8w45my?>71KfY%{~5I^m-
zTHLTIPI?+YE;cjor(9;<7W2xVcL}Bfxxvqjvx}VFF2uKUko1plnuEW9>&=QQ^aGXg
zZN%Mf@RRaT?F*ObjXcTV>mq3K6Y|fQoX6wJbJgOR9#MmD$hKfzPrq){tCi>AL(>hX
z!<NsmNLq)JkBB*i1)Dt;7j%ykHyp9++%>i&Y!}?WsLgNr=D*eE|FR$8zpcf8-4O8I
zr1Bq>pd8=sQAWmZcPBgh_v70G%FfJ0!2DN<$-zv(%>M1rW&T!Sek(CqIR9;*?XL#&
zuSfK|d*)l6OThlE?__5Ap2z;Z=6js|uTPYd^&hn++xM1@<KO1|J>K8B9Dg;REUbU$
zLH%9#cRusC6O@yQnc!b^2K*PLChOnQ{!hiu_Ft8n->T66sWX6?h3!8nH7~uOos|#U
zPI{hto_HQ*j*>@6f<~rE{6)y%Jw$<6krN0ZW$;K6;|Tm^Ov%Rd6EIE5AR%w%Etl4n
z4o-?v3?;Rs<C`OrM2&c>eit-9lvXqeY1#3%G!40|J1L!W7MW>4{d)WO+Dc591R~0R
zsQk%1eew0urT4aA!oqVP?%9ZLaBu_XE>u+&-2{=RhG0muwOiVHb4pBz@deiX!JD_`
zul6<nMJBWgYKC`liGS&FJR2X)@I@+gdd1f>l6sq(y@4=ZKkymBr_MpLSryU-f8^l}
zJcmoX9$~}KgMZZhnY+@^{&?In;DvNF0mj2E^i=DDk;h3iIV3pa*K-iF_oja(aH3Qp
z)F<JL%uGbs_=m0@AL>mQ@19|2+Z}^Y7TyZRYZN~U6E(ddZC}MQT6OkR2}Ue&Eg>T%
z+h9uM>-wFsO$IVUfPUb~H-G;`{33RigDOyt`4#XEKnsLhe9rp>He0l0*1(iBakw&Q
zb4A6XT;Wsq6XU`zq@xMo5cZw{fFzD=7SEM@Bgk_$_E~L?@EPRvwd3UHB%d=JZ-lO?
z)tqmh_iFUxz%fFEeHi};goGh_!3ZSTGr=P4wnu9izc~MOKCd~sW5I|DayiS9i`0X{
zk%uYL2cWqRuHEp)?y!M#R9ouAVT?nQd5;YJmC)Oo_atF;q>n4nU`+0SHoB8`a)>TT
zW4{!#{CeOgWH<4NiYclSy$=Azh9t$#OrF}(c`H&n)dO88&a>c+H&T{}=rh6ZlFm}k
zS%YS9`ww*aTdHcYU;x?xc`PAtg;xvI8G{r-*E#2ashYbiduwxa-{0{{#yM=LKP>-%
zSaQWPQORnz%`Z-y+~JZxw~^a-AAzLiye%)WZBy0P*jb{>d5vgP3Anhb3}{Mo!;HbC
z7;I|jfL!F`of51J@WW+Sfq~CE$q_FtM1|Ctaw^~UuZ?NNpI#iSjm;}N#c=YEWG)Qk
zNh4-@pW2+}uHS6=hNuMZNFzWmq7uvu$+QzEq*yZkdUhtRk(<MQPD1GtgT=YioE(r$
zF~dk2ni>1{4VWx2zg%!aA2sapxKAH8G#n?HVLhb%N{wVltahPA8L4+OD`L=aIx^La
z0^{QbZD^xX9zAh7HYxcI4?!z??!Vyla9s#a6hC6fqR)gfaWiSiGQ*`*gBsbrlQ*cX
zt&?Bk<n(x4RBF>{vpz2LAoZd-!2ebbI8sw-biKX@FC|J(E+;Q17ZH#(g?|-fd=XD3
z>oKWyLn>jouF9sMG0GfUh%2ZmltQ?1Db}ETw4b!)J3R9!qtIAVS<=kAGI6j!xSGDy
z2e+{$d#<~ey}Fv7CcsdC{E$;BlYad1yK3&4&HKm<+Ew-<P~q*v_`V|i_XEA?FdlQ;
zm&>tmti|dGy`5=K=ksIKkM7iNM-TqD!}o|v?swx+7v8na4t5@|l{s-ItZ=J_QSU>y
z#Vyg<S?$nRiqX*$On0!;`^q?=8Ex!eslYS+TB`v=A__bs<qS0xm0pZ=0-Ru0vhsR6
ziYC=9S29i}v1M#0=|jyp6@<Ym$IRw@%Vv9CPFL?<fy-hl`6gWCGuf4C@bJut4^q#d
z4n6jt{YB7;#cnd!>Z+Qfw=C(ukVJECq=Rfs<Vy<NU5?HwhbOt2u1D8X+Gwq4oM_Jb
zCc*2SrJ2f^a8%vI5|>ivOrlMLD&LqMHC?h`N)ONbTWz)ZvzfA)ZLw!QJhz?=X$7P_
zQqL$sJj*E*8ATLKz{pmb?O*CUg^I1E<V=*-{WUx_hv!MD$2nH2AvZ#DF4n$u!syCi
zkklW0yMJsyg?sa#eWw!#t&sV=iPgUC*xj!3re5=1-SIv2LLb{L6&Aa=M@GidYu;Cl
zIB~hgURgYS?4c~pCDW8e(*|-F3!vRc6wFU*MWG?vv1pdQ=_jWg!jAUdKwys7g|OBF
zG5w70r<=lS+-T)onoNrlDql8UJZVe;B9>zHM-P%mw-ka?hRRTL$>!D5*0$zyvaB(v
zNx4+c1bF{>%QF{pf#{$^vf&vT?SO(6EtWWE-AKbg$3V+KUz>y>Ekk;QB%N9}v1oEt
z4-ze?G>g+%=)%?bQ!%hiO9@-4P1clBwPF#>lu=1+aF|Brm?;?fYy2P;&HLvnXHVf*
z4Cv&1cs^wHxn0hFPDNQcZ>NQ}$_=<-i&n4gHE;(j@P}+D>1J@f&N^cwA^AdX3q~z%
zs5&N@>d`FT-1VH@lG;g|EK&o7bkXEk9BfjJ_X?ZshEYYWLl%$1Wked620<j@dLxA=
z8$;#MPzyG7CpsMOlP?xkJH14~&nus!nWu}ZxAFqx(@y>`>kG#Xv&U|yBi+-k=$y5Q
z&i51awDKo7p1nWSZ-5E=1bm{W-iz`1$Z-+O6-}m9WHW~C0DY1hppL$W%A>!HO}T07
z**Wg1var(YCK!r0tLOmRXS#)S_C!3CI*ej6R?Jy(W(-klmI_Za0^zcOYL+Zbp%r%s
zqsw3z-M}3g;Fb;SF>uL3*W%Zc$}f35NKk1y)6&u0Z~WVug5i78Te5=E+Ea<|CXRO(
z#1?9Dy55O`kmPbSg~x$M&$OQP9K_?Hmbh&VIv7IJ=?3i&`j|Q+#C52;aq_`};CM>0
z<e6!tj^`JPr4yyY;&sxL4XME&3l+L?<SR`U(hp(2Dtfv`Ea;?qPdnxTPj?q4t;Ew;
zAaqMfTb;Dgcf9B8An1<(h73av$ABBC3JuYS3#rT)*I`8jbPqWT*|Kzeh0b+-iH5vK
zUXeX-jR^S3ZjD^G=RRSC)TVzg|AB%PKTajV@Qz}ll4g}Nw%G35nz%Bl%UIHv52Xs6
zIi6TO^un#)_gur{8y9;fT=KpEeiq!C59dl(D#{3Du{JxKS2m?ge7m`eZAhQd+j_!V
zaVbNSd$-Z9I|tS$*K9=KJsK4jB=q*y3|vd5{9WXD7-eFsPI7SC2!TC6?_irv$iC4W
zrtZns<h<G8!9T^F(85|n6nmXnD41-_Xn1@4V;&TuqKI4=RDg587F;0?vR?3a4WwnD
zkUaV%^bt6^58Fe7g`UiZVTOb6*=OU&=^Ha#5uTJ1;=Ek-ti12H7NyT!P!y2kS{dTN
z2__2ZWl<`uQ6^aQ9c=i`jqj!b)%~T&i0bNBsN1`jQ}xq>KmWVUiunM&nD0$Ww)dbh
zbFBC0hWI0W<1aif=b`!qP|zNq2g+h|cb$b7<{>~!Bh@%)pf;4;Yc48+DvXEDR)BKH
z%H==MgP@0Z=*Fk_&>}ICdO34xhxNG+GQ`K49HwjX9D1om=zp|X1COwxEcsgER{a3j
z^c5E2rDjN_LJf~5F%w?Z#)XK>Bwi=D3(>+v`GFtE12dg4#QnoWib=Xi3TD@<ZP3?U
zE?*yCE}@-+<-;pQsMB4{aTol#Fks_zGhWp^GgyrPnejn}{R`2Or@%R@)VnK#Xu%wg
z{3kh*w4Rolfw!N{3OttvWlt|#xOFk6?|N!ayU9P@EQgM-3=}^vW9*zz<<L;vwYnxa
zm+M&$IA5@}w%}8$!d#uJ_I|t+Xm#H;ypV_qO&UlO*u}llf@F^wQDhTH3k=FTS>7Pa
z>P&mincB8U6@^Ij3sB7*FM41ZDp*ov;CMkq05{+Dzc8}^Bc!&nq^E)JN$wO1OKS`L
z5Yk9Qb4$>#){SsVM}*jkB=9Sp|GZ&JYsG=KxR?g&sY;dZbq7uB$BqIM9I<@poQtzG
zSeU#aS(}!x9x)v>*Re1f-lUX?nDeV7>w;?NTpOjS$FgHQm?8|qPMf|nle1}3Rk!$I
zmR!N5IN^^i@SdrlJV|j7W-FI!s%Ffe1dDlKjLv~BtYht2S3D?L>u77f&HUEb-&_^@
z&SQ2wh>iU6(1YV~V5O-U!K<qH>uT$E4>=Y8s9n~*IU0Y|N^D`zw7{qiY7aw1wi|kn
z?95PIY-y-MJ%y4y58AR?&{UwxaDh_<==f}`u(wP^=A{DAq>#=`;v`6|J`$;<|2jKG
zDn^R5Bpooq4L?nQ{mUfoi*V#pvm7AV&m(fF|5jBR&5PNiVoA}qZ(W(p{D*i)Q-`yK
zQ$14^=4lyPm+Wl7A|^2t)^VC{+&~!vs-(+ePSjwIj9Ddh*#S9yr4L}l3CUOmGWDTM
zMuxM7wW+1uk@>JW8vIp4poO}|P^r`5VrGU`Gm8u5@TOA{Ffo;i_xTfAru#cJ)zav$
zhhC@mo|5*;=fr;V9*X!&Ue}ZQgyU-U$K>Ta|3rN;8+dnIaCY|8ks+B`Yx|T<_R!Jo
z_R0~NSxZ})5Zm05Y>Fwf<fH2uA%l=>`<mbq%fiJLf;f3vLU?@Bmz8+^=Ew8NVW^5l
zD!d)0JWQ-)81y;Lvb!>c_%97KW{AUm9$Ctq>0i^MSTfF@dlx)KN#Ig)!OvuPVL?G)
z-E>`GF`p}vueNn!mixLO{Ca*7a~9$q(PO07h@wN4Iwbk*ztkfU(e5cLrv(;k0mz(=
z>(=hZY}*`s=!|N$7SCC^&{Lu5QC-o&L90Zy{a8-H_Ps)cgTaz)sR;{<g&PyLNhYZ+
z(zy5~1D-hBT%#lT>F!Bp<h<ffs7N7i7u`>{6p1|14rPK*p~yJ9G$!mTISOB9`n#UB
z)9(}R)n?{2wH^v=<hqj0%6(0qpYI0Tmc4r1-s*%L?zVQ@<x*QUukpOkwh7PaQ+&uj
ze74@NSM5BmxUU|k?7E&wiy8JT;hcFXU#@)%y)-uPuU;>RCrboUUi5pOZja;q6lY^`
zEAD}ioGH0LdOCGSO4CquL2Hhv#HK2gW!m5@IC8Q@tyCyIn?e@Oa>)WXat$%7`kWsx
zUYJQr#z?0%+`F14?PWACIzg!E1v7|)6BHR0(AmjUWVXdasLccnZlD5iTD}40bNhqj
za}3(nbwg)prBZ6~7Dj3p>U-W-1(w1d{LKpfAh@$1B&2jhaiqQNPUDR-a9eb|Zgj`m
zOVUfJEj0ZmsXsBo`Q0o|87(qTJ@Fb+eZ;L>F2}E*Ki)g^m1tu)$(+WES%zcte;0e$
zSYV4F8;SL68~;GeD=qdRN9Qlx`+9+w#_R_n#ScTHoQvy0&6fjn!XOoQV)Q<m^Ar;?
zm4Ajx`1SG;tkbjl@Z<D0WeK&W=bj)?Oj_)dhpda#+t<uEO5<gr%kFOTm`4kbfB6gF
zsOG)1U|&u;m9d2plRW)##&<UlONgID;8SO|0Lpv4E^c4aKuXH})~^-+XW1}L1Db>W
zPn;QnvDfY;3bO0&B8_q_c|bR8wLmN7%im%u^l<h*OBC$mv87kXF$LtSMyvV#7On8U
zVEq1s!>&gRjVLBDQs}<VU_Y;>r1f@ZbUFu}(9wZuO#~_c8qefI_f=tQgt=H_opHPf
zor!eXERjcSg{)YAwT9*TR|;&4X~6CZrB<=)aC}8@rT~;enTq)`RO5u*ji;^!$sK4<
zTN>$&w`nhrbf-F<D!sSu&#&*N`nqX*9Pb|s{+0r@<2bV)yCjU{WVVuJGs}V|PVqOy
z&o1i>X33yALIJK|zcr0)`yE!9FKy?t3;W8rU^>yc$db4gHc#_%#1c5(95;x7T9vn?
zH6`X0jOmt5t^-M$NpaoRFciO*fmqUkcB#YC4Y6nT+2|K9m0ze$B`4|(9JsOaF)?j4
z10TBVT~qRPF3O!9ulw`p_WDV51Fzdg<)M3YIB;SjYlNq}#n(BB63fE+^saW(H_KQS
z=h<=s?CF;qpL=Ut_u-E?E)O?#@%>BB5$!uqCE*Ba*s~q5X;wR$Biy)N>#;4tir>)J
z2-mf(W)3h#wkmp6!^g{qH81!-F2z+FZC?5bSJ=6oer2CLKXi1sw)?)NhY0_^T_`GQ
zsrmhU-O+s`;qd1)GgI&DK$6V2w2TwozITK8iQ?Ij>@{Iv+I|OmS%wYRVF&h*Y7pb2
z7_N)HDf*AWq$!393>%?r#n?_gK@j3=72~CLT!VGKqwzjbFl22~FpeJ`w27dK5U?^}
z(2Pu)*?K(hLXCgx;I(|T>6!a*e_;h$SqfuSR4Qh%OGiqYIVN+%ZlIj@)>wDaPe`ih
znyr?P&%UajFXvC4o=eYNIfKWhi5?EuOdaNX=MuBZ_S=ybx|dVr-JIFq(5{^(d;Fh8
zPuN<~6<+~p=H{Uv5A0Z<80XE2wz2I%m6@U$?$CII4}L84d6d_{^b+qAd%B{$XQ>Lb
zPj;hI)tw1LUD3@uE~P2n2)Y4sdF-veLhw$B=Flw|8f(d=DJ{90^)XI!d`!hw7Ur;a
zqA%})i{D>Zhb_NxeH-W%;N<e;c_ZPkvCdw$T5-at!d<d=UR&BH?5*jX9dZ@ka>=IB
z&pgwtqgFHvtEL_lso?#jV;W_k_fcGNWC~%}!w~-;fMGb5QwFwbpH<L8u~dpgJzQyw
z<Fu@=8BD{yFAgS?ea~;>Y2u#uN+y*;X!pfT%LL4x;+W^NJkFw+CF*!aM^r|@nklbQ
zOl*WYXZXo=m}N@az)>(IpaD`!H55i*CWWaKMrfGxS>qT5!Kbw2X@P%AnT`}pUlG3#
z=yAHOGK^&`{guqLoOgRaG0s8S!&4xGi7mffemTAx#H8Al7d16ndnTvSH*3x@yMc}h
z-5I=>Fh5^p_*B|Th7c_>;4|Z=Q;B_#7Mc9<VaUvhiumgT(bs+Tni|biTSu_Eop%6u
zBOtJA4@+)ag--RY#bZ50#4g9Ib_E}i*PsUj14USP^8>Kv1RBmAD6o#1HoH%PxY7>)
zmb@}dP0#W!l-PeKx3$pSBE9p6Yh(ibJqWmeF2&6XdUVLRw3JsZACEE)BwTRUXSROp
ziXP8NY<1BHghx;xWqKGWVvpX%;}f_zROHaPezAJxDL(9j=wPn^1xC!Px1rp3zL09j
z#{d-NcXPJ8aQzL^9E1=KxBUsC$$T*j0gBF@Tv}PhxoQIktP=r|`=I&i{vEt~zgt9K
z_NhEb-WWa}gh(kC5Mtd7{v&YpR;?L=dJFJ3t*iZ)*1a@j`Mzr`K7>F4M+eeTKu`w|
z)=TW^Zw@Fc_V&)m>Cx5akAOoCp6?BSTX=yV<#%tbOwud_aD>boFENXK1HjjZeh&xx
z3|^2;kyk=K3ok`QfN%<0N4koP3;1UPijvg8mjdS=*5d;uiXI>ev^_N6M<_7Pxew0r
z@e%$7f|S_bT+f~YY7hnlMFd1x9gWlvH=@_0KSl@V2Duv4k|3V%ClDNWp9T_4BqIL_
zpe(qba`1;mDWn4cn+OOls_~qH2(h=mIx`&t>pe^`IAC6m?mg&`#4MdyNPEjmmqNYJ
z^Eu>WU>#yeXP=;+-wh%qItaVpoiljoM-uQ_1O=dy7z0LB02a|L)tnTCE#Pf7#_8St
z6ZEE!=s%z?dHBo@!K$b_4n)XDLp`mSxbP<)JONcoxYQQzO;kWjuZvzTxd6=60zT+M
zARxfQvsco0&dZ=6uR*R=={7PN1W^t@(g|*%@%?x=RBBkTXD0xOknP|}xXg%%0F<8}
z)Z_v`H^8B6RLpnem0hi`G7L#to4_jM+nBGHz)XT*5JbWW=@Fh!EvIjqE*4~nH{u-I
zVJKSwcQfH?*v5M4r~otFkY4-8jwHw#!inFgF$YE((PR%X6dtjs5TQN2oLf(h^=K!s
zF%!a`)ajkb5T6_f!7F&8u}~$Q?Ixdt`E1Ge=c|%CIEJGuT@kO(|HrbNEuSQIRW2X=
zS?WT6biZq10XoVb9}W!EupED~G(ldl7YOO&gEy#Dv!u1Tu8+2vrP{@=(%Ln`h1O8X
z$w*75sX?<*rMdUFDLVUdn-#X!CQ+t&wY9xlShUs9cnF+>w~la=j&n0RE4P+r(6DJ;
zb@!OcaZpox2$h<Zi;i$~E7%n)OS`C=j&~NeUpw}x3aD~cLoh&v8=Klvf1~4%tcvMP
z1N7zPHf#VggcTaqh#$#QSMBAhY9<Y<i|fA^SNA|LmH?Xbsts(I^&OVE{UHIAmsS_&
zwAGZ(n+HhQY1TpAoJ^V;y6Zi<bU^f@dmS4jVo`v<>0IaL_zBvkWV+PW;_1yjTUXWP
z#0C*AR@mr=?-)WOD`A(Sj_Nu=?R^kcs+HDECYxTV<cj+0Ejm@TWwm7lS3`+W#`LUK
z4iLw@;k6y>YUj0~6f!dvTueWl^NcJNTTdio_yl_e#|kWL%}i`fgKu-N{AzG?lWYVK
zMrn|5IfY5m2bg|puLC<<M~TFm`pRBoWb%{?tq8HzFKmD9{F&jVMIcSVY!MGws4fw4
zW1C`^UP?zTgW7eCQy@RuAQ*Logy{emPB-_DJc>G-p|-<WiGfla?#o5X!@peaH;_$T
zGe`KB%gt~(I6;$JCBfY|oRuB`S7$dS;=F$i`9J_9CP@Mr5Q+myj28&<<SOj-&&|9W
z3@gEp>!aNhy+;|8lH=Eol!;G2kQbuC4Cx1KWkP}zAxsO)CRB$7A5LPyQJqIQ6o_&X
zs2vOpl<{4~hZIbKf_ZxrkKDCRJ7AKM)JL#v0t|Mc;<IbyQKb?Y(uMks9t9;ohZ-3m
zKwS;5!=+=F{?qA<K(IP+5W6fe$Q_qtOCOhHvNAA<;JPS|s4kOH+8>KvJqTWjI=oI(
z^4WM%Dxfknwo(<zIP^olDZw7uij+{7I-Fgd8dB1w4|Y+if60>c&+GSSo~o4dcA+EW
zEhk9$FBLjSsWuXyQb$P%qSS8ot&0Rn444S~c4H)4%P|rP(nR-t(nN+XV<fvmV<c1B
z^g(z<CdjMt=2w^Kpo{T!?DCi(j$`~{E+oUH_-BK1V!}EuB)d{BB-5&xL3kxxM57;$
zNoD=wt(LpQK7QX@*Ii;=@m=ECe)2X~_pbmlEbi-E(ZKJssy!>$YAG=wH!vw61VLAn
z&{rW+DU4rh%EBrXVM698!3qEm`Ftp%L{tL0$`CW8r6_#T28*!dB8_0vA_^eg1_$DJ
zEPfZYnxSC3UW`#x3jAIoi#(vzLS{bhue;L>@2@+B_PFY5G6pWd#Rk1iuvaks7DA!m
zS6&QJOAPB^PwTS?nK%6!@WDqV>^w=th`BKRb`aCfz`p@9k#~I%YJZ+=IdjmWNP)0Y
zec$aV|DrM*#O7KOdkO31k+9GL`b{HhBH3c(7Fivh7b+A-ilTBaPJ#yNGob+K<u(3d
zz@Z0o9B=~@2=jh#n<iC(q5r%)y$)i|csj(wu^>B&Hy4&;xdhJwHV2VO%GJr4K^SML
zZ-z2`Klcl86<VRaU=b<|r2ihQ4jahDJwv(p4zZ;(k7S|)iyg?zbYEvV4_qu<@z*IZ
zkonCpf4|Gi($v$@+5_$}Cjd7PuIMRLT|FSxIky2V1eQC$CWP4!lr4Z@w5Je&qO#bl
z7u0S~$`nD-b63&p`etM6`slGo>k?<svPbaKkGMStrVs*wXeu@|`O02lgV6*ulr#mY
zA?KgB^G<_sCMS##2aPfv))PKwJ@uDsNR@+Ptm0R%C(J^pxBa-W{W$_%z0hb}0(l~*
zvNC+U3}<RQW%?1r9AHRp5FZM)dTXzc!>ux-QemFa@C@#!ml&*k<AO=+n(P;1r`1uy
ztzcjsdsDi()?q^NCQL#$xv^qdr9|m~?J1)QQK9w;D&vcA3YhE2jl#pg$~pDb!9fs6
z{u_@KHwHO-4MAcE@j@vdf+4u_g&CC}R!+EynKCx!<M{<i)vZfIoLG6c7_D?LjCLn^
z3P0s{XLJ1K#C;**xV@1itpkyDq2&0G7x3%$eMswvSPqI>y_5F*ge*88WLt!?zzM)C
zjKj_e7}17E8JLk^`d>=-VB-rL81=%XX&Ao)<B%z5@TA%VjGXGL#^&Rk!jG|DVdiPb
zsoL>#XWZXg@pMEi$cWMx3hb3LNy@A?NtrNJ93!K$Mmt02Pn2lNa@H-}Ek%oyMi*0a
z??fshP2}OH!T_<DUr%My_D01iNnf#K;>7F}b(0x~3`;{bW34+FaTX4dJ@m2-m7$=(
z9iZ>zadr4X$J~o2jM&yMBD&vByLwgf+Zc+n7@`~Su+;YKji}=(Bcom>?k{%L_A+xE
z5eHa=+HU9Gnl*0oY$C2t*+Et#O|-NElE?V=Gg9>0%X+|(&2bgq2~5ccYO&Kq4SgB|
z$35i#93XfdTpZ>hF7dk%D_k>8)u9@w%AFP<>K4v~2^HjM&M#e%pq-mWZt`V7f|YF{
zAF}>Z4h9(`J-ZR}W)&(hrBNH{qCJu<bUeu^=j|VlHVz}SoOA29tI22N#7C+?D$YL>
z$1JO!R%zKIRv^WHl#wh)<D|?MTLfSZC_yx}ZA3g9HEmY|w<20}n5ta>Yp_(WD)uZZ
z<Tl<G>vABDf*cfElrk7&$k<Koy%Hb_rk&?ZuL`|`1&I9ZlJ6QZ06DAaS1*Qvy!udk
z7Eq$ZDQ>IWCq+Fu)(RF+r98X>(DHlHZIo9iQl<=hd0#!Tth@ljC~0Y+5_4yTsv{Yo
zBc`ADe#63BWEd7ItNtK^(wT@DD8085C_>v=OjT=l4dhs}l!uyfhN%fQDYU7U{%)@j
zWi%s>vOK^Hd54VL(vOZk8L00-Rd&4$50ZcBp0BSxJ3E2WO1V*H*nwgwg2sd^?0ut{
zp+){v=lj3gm#w;k(&qPx3C8cV%SCyJAX|T_g5+B@$?qRJ#>%|oFqCi}9VN7t%-m!u
zD*AkOArICeWl7R`CTem<^YHcbDXt(&7}g|y^5mq*Y+FE1u3fLq#R%(Im!uUc(Pbu?
zwJVcf_M{Rm5w{X79e}l5sK3e!>!ptZPArIv_@{#_{iP0Ds02+NF4-y8qv!UE(>5C<
zOo$&u$$3>IT{f8xiLJ`MmZ_6kWHr=zz#6F@*EmEq>b;D7P`KTA>x4s42eK;rEG^~e
zg8Ne_Ek?<Mta_7;Qju>nQoD~uO7>hGk7O&c_Ls~JH!bACn!=O)aDuH)*8DAw_bP5T
z5;7b1uDQaSHmvPd>spN3QesuQ{+tQNY~FG!7%rU`JhW*8ixrnA5L5vNDkYCWY(^j7
z$IWv?l64&;PU2;}T`IL2wo$-IS5xygY7(pxHAvi@VM?X_F~!J#(H&+I8c`@>B7BFX
zG#h(eZEV?9|1v9v8`N+?*f(h&Csg<}D8G)or9;g{B6~2d17eRdyf$%2M}QplZt}O#
zjMc*TSB)ulLk)xRM5cIB(14b>nnTP4idL(`TiNb8cW&rt%PI7Ui(7=x(Dm?k{va?|
z_KACDd<qOYKLaOKyWIlG*z1Z}9XmhIonAIT{IvBZbr92&eE#w-3hGwu9JtwTs39RS
zS?$r&lT16bxlEi@Lo&Uj9^!m;f0gQIeFepr(~}gyZ>&N2YLR7cs6lyZIq05Ws=r?9
zkiLCu)0Xs_Z<hv=x}uxf+I)6zm+ogRq$ZQNN!&C+Dvh41H0ArGOT2-+VuD;~m-*wi
z8QU;H(rK3}`M%mN(+_^a6ppWvDw)e<4qSRp(Ny0^ZSb{!jtkjv_I|y@jbwTsGuWeb
zEzxRuO|b?1dh%2JdkL-%^p*GqcZBG2g;`QMF8(eU7hkwe#;>(Mh<wT;W=Gr`(Jo#=
zK`}E;uW;-I!pK>G+x~l5VE%iA4SVo^wzZSx+kQiCBT4;=RsAv4=mXoQ>B#EJ`&ES1
z525n{?d4YRqv0b*i+r^!hFVVgS%lBW64K|E;IkRfm)dZrrwPPYsek0|4>Fh+4ZiR9
z?Kn?F-wz@m?S4J#5xwLawUnJd#I*0<VGf1e3H<W`J)I!@DIxIqgL+6egpj^-0r;E2
zJvTIb6uaU(gTx&-14y4Ez^w25SN-6YH^OfXFQFuz{Mf#_{a*yTGm_7OkiL)pFYjig
z@4a4LUr1g#LHt?%Pm<4gklVDoT}WHRyPHT`O?)}qhXZbs?j@M9(R>rJlJ3sp<ovHR
zc$*WK7-Pq7&U?6Uwj}uQ((We&F|YQ6eghkKFSYP?@EXsTFC4~wf&|p=i11w167B;1
zA4uKIz;@6{cN<<D031Mvtu=xpPbPa?c);5oAWs;z+o9g}Q*H=9Nq=9?-EAU0o;a*5
z({xXSw%9WM(Q3FsL%u?}IpS7)o<iy-2DJ;o{sp%e;|jd3;I{$mzAyTF`ITmyY**Ed
zeEXHgc5|Xl>(;}K+?BgE#p^fCF6@t?cQ8nH)O|66d`4LI6MJ5H6}@ns8+%Fj4=&~&
zKKvTyeJ;qA<+K+~$d$A|nvmS2+O)gntR2r(kTq+;)T9@!VbpYc8}xfi)XO&&q@8CY
ztvF(bwC+U*5W5?$yG&`-I}y*QRyU52^ocj~j-3ZYbW8h4km!=Dbh|^fUC*jsk&x(y
z$a-m!&`0~C(6H}B_`2r3FHyb6^nD($GJJOE(}xo;+K?Oira#e+dtWlGY3OGE<ReBR
zt4(vjIY2wRccaa?+26^y)8XX&L@>i2bgI97;pEFqw%BdBbtneaV!rjTBAp%`IYp99
zv_BKIW;FYQ2KfuHoD=#NiFHyfAOQy49*RI(J@mPYr*2NTizkhQI<QtopgQP?3eu53
zbT^I@!+rz<n*kbx88aiX{%~JjTUxrl*V89(!*juhFh1iu{44wQ7ZB8!7u3Jv)&AY6
z%*o2g{P*>LP)fG{tx;L@zo3+IhSnAiE++p@Q?h+$zyE()Wk!Z?V2qaeFSf?^jcYP8
zu(AJVobubb{J+eN|6cm9fy#e~vj5DO{R_D=GxPrlRQ@AZ4u0bM2dD%SLi!6-{+nDG
z;Nn}ZJj`U=cX|G&uxb(X1pAHm&0<(VBgcxFX0GCwGBETtcmeL@!W88Wt~U69@#I5p
z%1_i!OKaN5&K8Yh(BbuarR;{2sq3jot(T+15;#2d`#qM{KJAyI0&B0$-<2N$h?D)G
z)KJxVPscn>k8QYwP}Me7ACI+_T6QnUoi%9gIF^zMi-iWwRX{5l)V11S0mmvT3=FT^
zx|s<@=SybioywkN2y1OOILOimLC-;%NNS@Uy>A$t&^XWs-aCaNd~syLd<kx$Uil9o
zFY(K<qojX8Uu2F!y5smnt0kOnXh0daNUvX>Mw9pjy9(baw@4|!;O->Ga}4n$Um9{t
z-Zf^GK1twUJKdnP!W%v@5!Kj_-`)EIA)NZcVZeO0qq1n)`=4O*d<y;*!prvmQ=9yM
ztFwPeN-}-pw*P^Y{3rbUJNW#cVDoQ~@o#SV-w^eGLe0PP%l|z{{ojMn|BnA#Ksxh3
z;phJZrT>K=|3lFF-?6_z>VLDx|113X&sXR_X_49fix&AijQszFMP*EE&794@$;|%=
zeq>~3V);+-<Dn+Bz0yiL-*NU&6OCq*v6Nts)$SBVeS~^MgaBaW{*>rF@`Op^U_Tli
zEugMAW9!sefkYO<pfu}Z+YB4?{-aG62c?9BxG55B*N$|yDO0KDUwmYwCL6XZMHbTE
z)*QOG9H$yQSBNoVw-W9Kq=e~xU!Sl2%yYsloCJABE<XrIko-@P{R>Y-!h7BzdkuX%
zO>LfCKA8QSzT;*8L4D`eH9V29UT|-31|}~17wR!qh(BOKjdH;xzBk4E-OjK=L-c*0
ztc2>N@kXEwJpgwvdFGx6TvL>Ic?nW!T10>Rd{aMxZc-}q?n-@09O!*gd%egfhtl||
zZ0P4=d*1<snwrAhsl0)?+%X9^2AuihlaSbPH%bFvENXXw)dy~hYYZ_gPcn%+b17%h
z&LSeD?~6{pHlgW9T%IkwKzL(09=!3~3T({rUl=cFf@Z9r&F9#<F;?=}^~LknLqcBG
z4oFwEV&L+8RugxH-QJiJo((Z#?}iR&-nT;V$n4^@R;S;7V?2Sehj2g)JEUy~WQ)<~
z|0O0#S^VjCJk`BnSN2U#Fl<4}u7OR6eX!4OEEnar1n_DfIXp4GukPI$gc(JM_ivoA
zI-`96WT9`NT?vouzS-=0H-ZbZ<xx#ZMwjKn@kACxnj_N%UaQUZI0)89d!gD1&|87E
zzO}79XI*r`b4)vJw0i&kIHBo5<`3UmN)y<oJ@G*SuNj}kHb&hJ=M%7Fgg_4fmrF?Q
zM?8dewVHzuYH4dS$8SQa#2~IRr<GsMXNQilx^J!9G2P{{FF{};ypOa)HwVcEz)+oI
z=v(RtM2?Bp8ub0G*|ErFM1=)42)W3uz(keZ>DA^2&9An~ML7A3;9(uIyZh=w+$LMc
z^73SpNVap&Ql+TfwYfjT4I1Y3F9W$W{#ZH>nTPk;<|Z5FALm}OJKcW74Xb#k2+|#L
z;J`=11B06f@GalGqbHu4P^Z3k;<4oMHg&{g%1q~BUQ@QMWL;jtvJ&RWkcw|p`l5<O
zKjDA&R$KsJedbu)e?Vv;YFuTM{xy38NmnXu4woCi6<`S!tjJTd%D`%oqv>ReY01Ox
zVK8ssT?QB^@i3+LeM-scbINwboT_{H2x&K=bUSf_3AzSO|CPB7Qc5oZIl|=x%0AJE
zK)aZV6=fnM$r)79jf3W{^UzoBZetj8rEkzlk{3QDNvEl9D|81N9C`H1YzbphWw3sf
z!Nt?j@;0;1nzggH&Ivt@)R)UHv#A|&mYU&2FEsD9VJX1I{V?KX;_^sC47<9)oJ!^h
zOFNoc#;eMtPsoT>*S5#>Fai|1?){2!^2_VyZ9Zm!+l{=dWy@<%@+J26djC4)@skA!
z_w@2$_*EA7?WzXL=5|JNo$aA|qqWlFBNos5dNY~&hAD@<wn?-+zpfM%ha5m0?sS$N
zcg6pyv)2hokKhJNaHlTjL_Zcmhj7lqKrvQA5W+Vb1UgvA#y`YFCyzl*O~bf#mND<a
zRpx|ktM(8y?x@xE{D9`B&0(soY>a71Yxe=@*=)9ZI^;}Q1MnDkS#jN<jqLXzD=Lcx
zGy>hBd;Y%Ko@sTPei2)+-5%Ty;}r<s&}mD-W!j>lJF>e|-hg|`I~3gh&qKH7F=6)6
z>znPidw?}32gohrSOvY<z#0ULLeay~v$SAjup|nY6bsHkILIbaRxxEwj+w!F)A>@6
z%0EC;BG$_KH5E0e9$1lFMzlWO_t|-QKM%5=rQJ#Cl6}d2*}<rMsr0t_xz@k><UZez
zbF>W)qvw=zTe1%=vj!yOfq>n^fnY~cE#s?K?T;G0&l+)^f2`BXtZS^BZOO$eyo9zI
zoVot)?Fshqu(WLB3HCVACqVCkIxfWHLJ|x)o?{4gv6q>@wE&6q$L@*fII!Do^@4xq
zqqEx!&11%#<!M}32s}CgMNUVa|0T38{7TXtic`gu5qZ(zZhVwcP5}l0^kdcO*t}l|
zXrQOq(^6%KYqX!Kz`vq_rWXKeLJ<I>hvExlrX^asCi7+2%@$+eBOaIAunw1-XoN0n
z@dWSbX<|Fkmoz8w%YyrJ^G_mq>_F%)@CW7}_COo5#T|yzABFOvG9<=4%3jK9isoXX
zr~q>$pb#>gPV1vIeU&^=_pL-$2_9&^P78h2m!as&DHHs|57ODVx`~>CDe6_zF3?1E
z(n{~sC2k=VM}!&BAM*PSvl>CBg39Bpc~B@+yvp&FG%TrWVQsB>NDT4_`c=SYok1+U
zV2!_HqQI2R1hpx6n2@$unH*0kvOj*^xi`O0-1Wr!O2%~Fj1tq&#(LqT?ls+7#S!!*
z>J3<(j)Av7G5a3p%Zlqbh=!jslw(jchRjk>wskNmyN8h+tE7EL*xF@VEwfAlYmwz8
zQY_10`8aIZXAc#QDcqa>`9*4Xwq5D&R9)Mp8+$HdiNRWvpW+g!A|e=ZjmOcT_DNc(
z^pNufoT^7P_~a|f)%6BUmmDV+p-QV8mAco~3R9D~9ZwIl{Th5Uvt#e+zKu7!%`s?}
zZVyv#nqHtdYb8B~!L(Pf&Y0C)ijdK~CSS~sIbF%g+jP{Jr84#1BZ$CQN=T8l9-&z<
z_RSOeIcr!{>S$OUWDl`VfNy%6eX%@LzT;J+#f<s7J<h+t9j}G@4E{0u!_^A`mBOFT
z83v^Q>HHjFnB@wCyJT<Fjv^OPt0B-1^!HMTVsN7?%(fj>$(Vr4;ylzd<w^vx5>Cvx
znFDNfs_*1=CYSpoja!ucZK9=(5KW2z4O+f9j+Jx-r?<k7rsg>6S(O##74$QA9R(NI
zSZcUmV${N7UKr80d9T952l;3H`5A4X=9}6LJ}Ule#u^?=s&+KLmM@n~zb^7Mqnf!>
z!XyUo+Q4jt4Faq4O7mLt3I*+G?O0e<)u&+Zu*$K@u`RI%MVs!>Rjo(To$^8oMgofI
zzSPZ)M@CrXp$;~qXRJ@*Kb_*Q`{+O3Go8uKd_RW!ba2Jl_<X)<W-gw!d@fBI4G+((
zeqIhX?t~X?Ka1($idAH+RCc>Y7g_iH;f~2E1+<=?Zx8Aw&6N^o^luJsRrI0DD9Jk=
zm0c=6to)HR1l?w^d--LZRHAM(ru7W_?o(PNI(n(jV&>|gvKtUw$e^s^(`vnlLq(d`
zE({%;vZb_CtIx)SzA?dKT9*e{m|g4*UdvtOoW-9t<BXRf`BF8UJC+q{#aP%C%#1Z|
z4zI2ueU`A%a=F%E^Al<1OYrlu8F`~i&ik>rOZp1W{jlpvcZ;(dWX0)xB!~OY;hQYa
z|HIik2S@g(-M<r?6HjcTW81cqiEZ1qZQGtC6Wg|JPMn)_?u*|!=li?oeeWM#ySuvf
z?&{i4RX^2ht<NIkCHUNFaX8vR&Tu*|p4qgv9Kf&+TiV>lRJ;XwYrEO^R$Yk3DYEzo
zHE%rceGG7E_sQr05;V#3l^PJs=s+P-LQJZ-tr=mgnRwGA2W?3Wum#2wmF1_y3*lKt
z__M{f|DhPV>3TBe?>@u3&Fl(#Sw?5CVa@I0`--k0vO0`;%hN5MWXT8T%c-9=;fp<w
zd<&b65LeKm%D8Cq@Z~%A_p=Y-IP|5hj)p4t^(X=y>UoB6plzoe0XbFr>0AeLED{o}
zw<p;lmHYqb0?<<YLVwr5Ih%pr@Q#gq7D(-^d@be}6r&EWFn~9U7@TL|kBI21jCRB5
zE{`Vo9`T`#V=?WopC8>ctgxON9U<pn7s5eHp)2Q^!Le8%H?gF-8#ZI;N}q^^4u&P<
zp*Uw>=cA;BCsQ&jK7!X2eyR4Gl!FLqMzBmFUsOVTq*GzK*dodKnH8?bY7y^8qC!3|
zMc7ViD#mF{Ac#Ia?n8(HCRPn^GIGam-P4OJF`I+*+wg$20su97NT|c=nKH=ta_*wY
zjSJ)kV>t=jLh!^fzpah|^2{T|vg}C?fDhN75D-s8TC|3N*%a@d{vfB77*AZM8{QxC
z!*ZAGdZc*nAhk!JyHsqFuuRi^Aw}lT2?M%`DSSYfKF0}yguIV^3kF^)g>cDPQv8f<
zcn{<}0R@F$bx$F0a<adQ9X`|~$PYGHdi4QEt@|O70nl#<us0t}Y}nCo{>k4kq$%bI
z#D&-KAo~lT@Jm2X5XB&33)P^%HPeex!{JktzbKZu;-5o!`TqP#PB}39!PI1ej|~)w
zE*}=je?JH@+vnR><fk5=h&<wIOa2uZ>!D{uyTp@_91k{wRS8wV2cQ%t!-mY|J;`B3
zh6O7NC-Ri>LFtDm@X2n}h0BMzP3&estKT`Ql}!%1DoBYVLgc~+l$F0SDk<*qS^5KK
zspJ`i2MgXDhhUmwfCtBa5qKE}e`-k$ROy?S`lO(U&7p$rK^77_kt4={_07j9HOL$V
z(D?Xx*7S49)rVrnO8cvE!Rd)nR4`G7X@Qe_=u_@Pl)R9jGSh>^uk%h!xx(HOQi$w{
zpM+aSoXi9=Z9@pN43wU9$bXV2;YC68f#{{1eu!ZyAb{h~<G})^P>)T$o)dm9$@S+L
zhWjf}a$y)4!-|M}&qFcF$2>*wjYT;aUQS3a6CY{K1y1FSC;J(Um_%nFDMOfw5fK@_
zV^#)FOG5Ip#2_LGK><w~C0#5;Jj^L>_meFfwpd8A8I4BC#aOU$dbWvv8J{D|eBxeG
zPFm>{vEPrQjum$ji!`b*&s@ld5QyaPDn`sv@CJ`~3Q}q~2Tkw;MJ!Q&&JM__4Hh9>
zurAlU*2rDAjvQBqrk>)sTW*Egkx9;*L4Xr-UNV?|2jTn?!QVhGVtR`4eJ_D*kx6;F
z@wX5KfG=uw8+pyW-7CMPWTIu|#4gObX8G)7W#8JVDIBc?{Sd99b>(7hdhY1EU+>=e
zqZO*hs*uSamAbx-4Rcg&O?PhE8rAcg(97ygnHHGE^$nUVud2&SXFKj|r$0~qGA=1=
z5CUG@k;<qC&TeJ3v?(P<AW~Up8(G#{DizCzk4}ndR`~N2j~v`QE|R(>b3~7iZtfnx
zXk%xf^*c5;tZ=7yPwoA_<ChkdxKs>nboH2kk>XKn2<Hr~oSxddb5zdv;@Ykd0g!*F
zK>>u8NJq~%w$IN|mO8w2a)u7h^BYmJ9xt<L!{v2dD&~$ZPtcY+exn|}$fW51Xq}xs
zadc51P%%kq*f^M=$TKYGWM?B6?5J2fuyfWBwyCKYkcRLrSlctdVUYNZ8+&Yc*nIEk
zq5b3aC(to~5+DDEmJ}G<cAyW<IN;EmwN>)q$(^gKk|JY6Cq>!OeO<>~Afp6gyyylL
z{?q_(TRdQ?YE{xeXo)8ihflao8A4NgQU>w3$k;O!t$vIdITqP0ea+mC>LRX5p~y!=
zeUVc7n?fr$cu+-U9l<`M5*nvlB76!Jtvj*i!lUFGgduCDh{P-0Wl}Cou_=|`OX!?2
z09&R`BE*0mOLeL<kr#N>mr4@seHIU>S!r?n1T2Xi@%spUEi74|nJH<$52Q-M&QzJG
zodS2cu{&SWcq1=G50O1S&L)+xh!tN(;Spv7F?PV2ijq@S54squiMy!=wqb9;Hk;O{
zW&UOPpQgc`>q}b$4EOm^8YBs(@+jn{-veBJBJ#*VGx%J9!Z^qnWuVsUh~en;?M`fw
zcRqsr2fl>hF%PU#l6_Hm!yskWaG*{&5g8P}mQXHrbqbb*ZB^jx&TAY{2^{mF8QR!d
zC^#VDZ>I0~MzQkY^u@QrvB&{epwssO>-5uMzwsbCy_;DTqf^B5klTGJ!E+w2!@f-o
z&4lIn+kd~K088#q%W}T9WY=Jp76|6;>%1qrhpqJjt7#0U8K8sPWGxVJg;0L!<g)>3
zXL}<BLJGSf#dKzgB><Au%x;8DPD}M>3wDed6xFv&{@u=o1+IZL^O?pr6M9x%s@^k=
zP~e%to0-7DcRANx_Sh|yt&4e)Ii-gx9Cz`m9$5gpuu+Q^GVGm6GvA;?N;g_~P%j^c
zqwf)ax`aQ6Y=DVoXb-+zow!geq&7lI)j%~#9m((!n0^x;%qAvXfdt=BDd!1QDrRC>
zoQ68*u#TVvluQ7n>@EUaq++QG5Z8YwFsvn^lcc7$Ph=hTRvfSXcKxLMnTQR`ry`P;
z$h0=H&G@Y#G<_(dp5>5fdbQ-SBo8f-s|3p-bvg;ubBKQov4PP<I@T@LxNQ-k!>l=D
z=4J+~(wqkDcRc~AaF1c?0bl5Xr-m@;=;AH+=&-EJn8d&;L2w>39fu>f(am^2hiW&)
zcC&XN-eP4=ROMBuRJ{U1_<3#k>HV?p#u==AcvG0ANQsG|_GE!xu;~4FvtgyaZ)a%?
z3xX7~2C-g>I4X~lam!#RK%}yHBU5{!t0as_(DWN$GM!peW14b_?7?k7Kie5>8^->h
zd~9I6OVIm$v5JM*bdij*By9a>Zu}fsL!Q?Ku?Le^XVN7UrbL;`ZV9fv^GKwHWziLz
zY9G&dwZfh|P|lXOa?xfpG3}@neL#8>?`S#QxH<dWOzDML(-{R-coE9nPo43*23iMi
zc^YUPLHvQKCjc&3S`m{@9TyY0U$pyog{62m?)j;D(UFbF=(MLop2d<kT=dLjJ#VxE
zDs@{Y$>Ot&u(2e|#&WwD`mSr`c6WsfKI8^E4ryy+lB9`osf}?iVdADO@i{{J@n6sY
z?=jR#Vadg-H0(qkhf|H)dg-#PNz5ZD-ilY(>?%QXZbQO4bmu-*J}Chr*rQa987Nn(
zlGGe06^gMqJfDHX3RS64C-=DbVx=D>$?|wvbm1<lr#p@=q4LtAPZFi!Zo>yd*K>=O
z5}lvn<z#8)V@fEU{6h6Ev4x`y+WP)R_tsCiN<_t(5u@*(hwpnn1qNP?s_*7eg$oXL
z_!0Bq`}*$ga;)Q}*|@3C)5fi`?#tOf7KK`;+<uyTAJ@=pN*Wj#aX#(}Qr<JhPz>WP
zjTuoebluJv-Gru6Y92mxTm-t`z>m0XpGGV01DpL7IooIG(qm5c)~>`cIs;7QMPIV#
zEM!v<-etXgTeq6$Igd7=fLD3cDAO`J!DLK*=AQ<!ZzJcDg}*kjFaKHvOTlqDxw=xU
zacYPmKcZv|qc%Tc?AV0h?cp~$cI^nrLAB^eL$Io?dD_)SBaf4#Huu}onU<zl?V-hM
z@Hf9LOH?@|cqmD_QLMtTRIaNOjRN2t6)r1LqjHjeWYnj3j(^IyMvVL5RX(X%X5#Y_
zu_ka{NC~L2#Jr^X$OH=_%++RJ$fHnXXQ@lb>L_Vo=rCE&->MXkj3D0V%p^oMp3Jl<
zI2$rGGJa~omdS`*fMIL%T}@V#KOY-+HJ2_^0+N2I+UGMOY@i(yMV*UGpDH+vj?`vc
z1}PBCe`KOdfM%Y$Na7l|9lKP_Sd9#}hZwDd$ghl>&kU4iQZH^&Lt9mPcPNd$-U6t<
z5AiVbdekRN53wqWVz$f9a-yhXZp;xakKUFkHce*;@9iB>c8-A^Y4~zq6*hQzyo_Y|
zc#LmI++F1?{?f_t`7YOP%UKXLnLAcR`L531U_Zt6?9xh=rIl7<cp#J0@osF5Cvl~c
z9d&Ed&F?I$dg)(wUM0lNyStJxLccbVbuv2lGf{q@_o^sWXP|)~$)K3}!286c1+1LL
z35==6Szy9bK&tjmX9h4nX!c+%@cu)=?BwOhm<yH6giF~=3l`AjiTxptb`|&{g=!2r
z_gW~Olp&OM)PPNj0(4NLIfE%bWrUZs7-_sINC6(;mJG2FO65aQz~S^6)m_63_~p`9
z61Re3$jbYpBZ%y$)k{?Tdk(~7`<t6%U(!d+o%p3M(R;m=Oco(sHX)rB@m7~uwokRT
z>j#Qkbyj9=f=yI{$;EyKKY&3d+pS&8)tJ?-J(EjWri(U#EQcH^`<GZYIYA7sbINtA
z6s}K@&-qMMuYpV45d3uvPd%TjBbD2H4{yCM7j;5+UBVvfejdbHP>A8}^vIYEJMA5U
z_XGvkvP{<@@epn;%#d>e#QA;&;Q1_K|080b3eZ*)>DiVYsT%KLbgK$z6D1Wj0+3<`
z*1hjv5|Qp$GqT&K@U!U?x?m3P_?hq2X05AB!Ee|}un{M4T5r*=+l8;&`F6iYJoH|y
zja<NgL_F*_Yf1*K87F8;j?nDw!vNSJZ{b%*{4&OZK=|z)*q`6nR`7^f-9~s~Tc>1r
zAV6~(5@sX-z%WGo0P2KJfOv^Spc0h$WgV1w+Id|Z=sD?Qf-6awuq+fqnh?=i&@lxv
z_ixeO2LVIQFt(?SjuG0_a}MF&=&=W4P_8_D%)p!;e9UjsAPYi(*jy=Kz)4D&5AO;^
z!jAyMH52JxmNd^rA?w<ND#@|HD&zVADV73&UV{|Nig=Ec=O$r~3H~PG?uscI*Pfw4
z4gaz!X(#wBQNm?)?liYdyMLh~DGs1*Q=3+cS7!aduupi_JFfA9ta{PDrzxi~IU!kM
zcRpcid4z*Vy+eeqGHE3JEIg3e-Ci5XOov<26ql@`h6Y(>im(FVdI>Gg0_UyVf-*?C
zVwm~oI&+fYLAZpT5rlf(I&ozw@tAafSEWKN#0X$nM@2jxiweg$uPlj41^EZ{O8JOF
zg}j=ENOJZ*cC^4|d!bS-R@eh^$j@fOIvq6yiR8@wn%|anB4pHy2?Jy|Ktsk|c>&av
zBru%A{?AFh{?CQD-lv?yp1#K3BxQ_9V_XS8>k>5Vg5)})Lu+ZP@tGZ@1tzc+;CL4R
zWx(;2oM|S64o8VF4m%->A_Tl9&GM;=GKb_W6N|~v4N-<HO=gU`W`qqKp_u(?L*fIJ
z`WnKcc1?2LafvHoGe6NI(Zhh8;hYu9w+It2$=p*<T4IqA6&0kzBP4=$%@vd+9BZp-
z$k7^$geqLszTu*wBmkf45!4_-gGEJ~%IFV4>5vomibrBMxOrzHRtw=TTuajr|6Tx1
zLh?k0u;KJidCT$6>(0F_{{*&h$-4O~9r!<)IxMX8|J|(1@;^oDi2bt;{I_P^f57Ve
zW4$gD%a;ty&h!N>VgFKrnHc_21^ypvz)TGP7Y+DdpgLa|pMRFx0PIZvP6Lkn52(%u
zG~JwVKT#|bvVeqm>=#rg-uv4!NRv{eQ6`v=?i8C<5v^rbTH6wCOhGw2t47=L#AH6$
zSE)l$kWrU9(611Av*fQJ(9R{&h5jk*mjtYh4xv~O(nhX!e`yiXK(&>*zupHDp;HA~
zaX-w8r+l{eXgrQCm5URju5J$%z<bojNVfrs)YcqzZ*;I&)$#^aT>+G>kQu1bPp!w0
z^=<70NeyX;gzmK6F!!KaBOXGMH*{*!-E6nWF7u%1D3NW8;7Wjpe^P))WK!@W^cR^7
z-7v&1h#4+O$*}0ISCl8TlnXbQbg)(sSC$*R+vyJSWqIsbF8g%B<;LEf?FX;H-mY;K
z9;O%a1awIu)7wWu8eF@n7s!E0w8dY{66^nxf%E@4Jb$U~e&J{STipeGmDK+Ken9_)
za{DjXn!gXvKUfM_{}o&Fh1>Zz*qSed)IVWsxS$+07m}{dK5WRQBn^k0(Z0W~gas&~
ztg&etBumtxiuV7gug8Gg*L<lzP=krLB%7WNMA3N6YczwL1_nzvqW}$_MOlT1HS-f_
zmr5|BkQ|H6W}m}??}OsT?t2^ey85gcuoGYbb}*(c{7inm^uFr&>?Od&n-$|(5%6Vu
z*JEZ8j3Yx5&><C~d_*8yndBw=@ZICxbFracMBn`LkyV2PjDSBb?G=#WFZ*Gu!$4pU
zLLi~pT?`KW*<}qykkB3a8u4nkQ}ME>mC5UO$Ns*vKlr*MiOMFLxnJ2+s_P{f1~Q4T
zvyQ96I%wU%JQgVThKwfPr!f%_lNEBu9;j7IgC<Q(7boH<py6`!uBH{y=`+>S#^wWb
zV)L6Biudj7?@V@2YY_Djg3pxC!WD&1lteT!{@d@jIr;~{0Pv$Y2U}+H=i$;u<yGpd
zgn(JuVa0vA)-L7MYzOs8g@Zq?^*UJbyzzhHREKd4V}2>(CjAk!a;=U!Z@fs<D8y8V
zu*zvv<dAg}cMHSDhbW}IrS}%GM475i!c8$w=uYUCOk&eC)HI|@`4H6LbB^8W)nE^u
z-z0)cBZnxo+Gkl~9|gL_c1w7}U4p`lwS3})Ii!NPzN1|c1|KGOQ>>?eu$Qo}*w4KH
z0hoIXKLSaZ_Q}>MK_%_mFO$`z<fPc}waMW+`hv+pja~l%!1FuDvpV?Ck_PVNRK)d`
zUa+s>uJPP**vBYYrL0spUl7+w#)!#^AFu6moWx~j-D=#zr=-5Ah^>(nc80AJAH}-l
zNo&wu5l#_WM%_}k|5UydW*;!@aFoAf`E81?nt(n+8%92bg%_Bb$QWTM3UAdsk<2p8
zW0qh=(e}fAWMd!R3}HnOIWQ4X;l(hTFhH6R-gwKZ;s(^2lTK$$=eR8W3WL??QL8z_
z@q%`_{}G#Ky-9^u)!muO<RUm-yyGB!#Rk{vZsIvQN!w!OlD9)ss`B!IrggCsEyOc;
zto715O*S+N^x?u@&g~nc2yNQQc*+(&yNy^vVuTf-Y^%fPUQ2(Ax80{v&s<(vURqgR
zS&kHsB=@bL`*_U(hS!xYn-RgFasOKLcA@mWVFYBd2<*AJm#eK_f7VcwHi?RoD&15^
zxQIGwU8mi^T^FfMdzIkN!n#UhSF^v$VbYOA;ktb4Yul;D>qk;Yna#mvS(l{hW%hZ8
z<3)`4!;T5hR=|FaTXCr?#RmZ^1cH~N>3ntfr_4=b5gfT<b?5a(zL})MfQ@X^ekG(d
zZZ3!$2r5Vth-EIN%lrHT$(iI*itrI!3T(<@HPIPyX@arpQDSnUvIMGvS(uhG_n-4J
z)LH+*fe5t8s+7}0VVEN&=HwAoI_P)f4ZdEtwzDMBd)*TovdxWOYF^xKM(dci+;_f8
zv<IXg#JahkO?Er+V5klfw`bN{FY6T!hhmJ$EHpZ7CCyCTkC#7kK8#3SA}_8>yEHKQ
zaHL6+3_BXU1|8SN&7hYhisAua(|ER8Tnj2fC_k3%9V`=2v|^uSzNe`dCjK6mlNUEd
zE|+e{tJa@0ghBysD8KbxNquh$_==Jw(`J#PI9}sZ9^)usd>ELDxpAr@N!0&9$Se^N
zu!vz*5}$3yDitv4MtqP{(TGpb43$Wyg5t(ZkIR-l<}7?x@Jad;2FL4F<uy>`vy$8@
zYrpYS>T{v$tZVn_!y6}vcdY&AvZe(WTFc>rL(Tr_U`zn-63%+t+j(ZEB~c>L2hDv1
z+JvU8RdckP+h(Y+i(*#W;iY(s#mI{$ZuD-ly4Ei~M^!mhwHgHteSQ@o>T)Zho*-i#
zED$6TxA81wv#z_Lk$<#`lHpksnElq0#bl;;KoV_AeVV)glo>sr;3&VyAxZohkK1Ui
z`C=5oMyp=>^Xlw@;k`<7>0Uf3ri<j@;N%ZT<)7e7wzcF2CKC-A*V-cWPYc0!j~bij
zn%{$TT`e`uWEyfh(@t)L!CjldT_1>}c4+F`Tou=k{y0pAPmZRfSSBidN@DgU@$vrZ
zkAj(3QaRlBGJ>lQpkt-_llFB#+oZfrPr@@Y@Vxd0Ej<5tB;Rw{m3{bqsFbo&PpmhX
zqra?Jz(x7I&P*>3Iy|USQEh$f!Npfyjf#<+KEjm#9M2~VUgEHDNYr9il{aKxD*grp
zg;PXv#ABcIt0&n&uzQ3AKqN;G#m?n;jd{uRP!J*#RDqGL=QYDXNmgLMg_}iPl~CU5
zvF#E(|5@%$CL;c+@Sbt|f^aoKF{4XFn1UETNA;A-e`$Ysbb$UX4vLDLCfy9og#h7_
z;;kg~6Xh<ajBqi+weo7i=lCGtap^HzGV_r_QP38TX5@s3ktI<}Sx(94qet*4W_1b=
z$I4PJQ#qcn@XKuRwQ&D>6K`YBl~O4M2vg8DQ3)3bw>blGQDWmku;C@)Ql*@Gv|+?X
zIH&fCDn7eB&Vxx#-yJZ}E<~HYPpP)Ugm2%fK4fhz+&Q0cI&&|!uIbz@@!F~vvHNJw
zu0QW|)_xGZNfhptg$xLfJJ~*G_bhGUw(E~RUnPu+?+$)!P~lvuwXjYB7YCCT)i?^+
z_q|j`O7i%s6W-CG+nndVVN=Lwb8wXhjtJjQiDg`v?8C5IX&n`&a}m%aI*WZ;XIOZM
zUB^k9he>BPA#vL6W)3r2DT^g7=`$9=OpJzaTM3WX3EkR~rj^`|xQsKzp6tszQ13mt
zIaK10=ZxFIQxN$u4kd`i87f=58KP~r54Pq$;g)S;qsIp+>aq+u$E)h!$O+v_-p1w=
z%MKO=$D19h5gHX$9WIL$r&Kcz@nK1XjMqi(K}^*7(?fh+&@QpdDw-_rv>x-2Eruy6
z%Oo1cJbjd!E2!}Em*_-YR$`XT*9D7nc)QuL)=&^09>~<Id~hu+P1Sz8v(_2q84_YH
z&DRFF5q@wSVqqKVz$g9Gp~)KvY2w4--aXd$o-ct9fyj^JX_mU+9qmE0;?w5te|tAC
zl$E4suC9{{90+!Y5cEb14PKDz_dih~3NxDN`F7SnK^4*%Y2?gxR?*~2h!Ryh*bXKM
zivbVF2{6oo6(JfnKo-7~B{h(KcmUGE!!4H-3fc9h!HD`}=7dDkrsZoF-8N3aT(=rn
zT&H72&jF~3#tHFss&ukdtmN$x*imE3o(HDJhzU-ks)oy`RAUO{34!%8j?ZI~#wk)t
z>(Lk`cl==ZJdQi$v>t1)OB94EuQ$|!Gu316@)Hi&tCL$T8tBUlq!%Xdd1-15ZhYA_
z2Nib7Jts%Q6^zQu#-YYEGB^Alk#}>=*T@=%1(OG@bSPR(Awc@dEGg^l!-Oqp3m<zf
zdR}To6VG>{43nfZC1?m#Oo}Y;BPQ(5g!q6E)Fh@LZSU=$$IqldGeizwdud9~?tfa7
zO~%%<)auGazrO^U&Ibtw^8io6JP9(vvCYT$3K0UFnGh#e&&!c0WZX-TfLMaasuX4#
zf($t|U{_l^SXA80kNh4Div=&!z=LH11$W^)O<=fy;)88AiJc#1CrnnB$H8w}h=+3)
z3bGE{ljjNwWxo3pe-v3BLK5}?-t_C&W#<;GAmG?i3*Uzc8Pbj&Svv6rF>Cb)&SD^F
zFgg^tf(&99=?pBCL6Rm(^5Zvy7?PKT9{$yeGz~!(dWm^z_5!5)2sRkez12YdhW+AH
zG^IGXtRAIDYqgEQ8UG=Wyq}?*=^Uv-OMO6u${;`lZFwBHx#rl<SXfGXiQl13!{l^@
zYG+LPDRFmk%U_Vh{c~!c#3M`k<rRqWQHtSZB7buk+{6tAp9_Pt*2x8DDALMk?Quf@
zjX^+Fi&>*naWUPq)6l|43GMlTR>%zKF_&0bO`GF3F9;Z!rm-;UxHCr*M>|1U{dNLi
z!xdr7v5+$8r(#9uxt4VXU~SPGijI5o&54|-CRFN5<BQP57k$5UGP{DW%@g}=$TmTV
zI*y5qJ5~;reHaJH`hzuo6x{9cw_4pdgL0pM)ewI@Y?1uLj?*x9Wi$#Ywc&ggjD4vp
z+lGTI9G=CEw)K|511CmV*0WpZ>c_@bO|_<qA4d!D&4YWIGi{?oh`nd0*AKOm2jdGf
zeJbu88rb8V&0}Ymm&I8+hh|sicdd34b2IDB<pXmwqscpM(K2`zca0vNq4P@=(dngJ
zm)6mh8y8kOeu_%~*^Hs3z1%VGF8KbiaksPxr?y`_vUlYyDJf1>x6V$^9Y~@u`4`uY
z)PD$3T{?aQ@d-_2X>;qyo<Zk;AUxa7@O$Z~Ms#c(XrKHHt^6+h2mn$D(ISLD)R{nV
zsj+Qpsx!jXZJ9cAZgNno&RUF~bY|7wY%4DqIJk3kt~Iho8EC4Uu(}S;XKHEVx`1EY
zHFs&Ux1%P+9!Dgrf*(a_Z0B6pQOyW&a%s!p_VjhXcioua0Sapum2QM`&fw&1-$1YF
z1q*BtV>?bqwdMx~v)$pH@Mk3Oh6o?KdE)5oLZPzY+OURjaO2)sCmid{8m4VAIkMjY
zs*uZBcf}#?UKjDa5WC_d_g+P*9k?(T4BW_s)5=w^J=VUA@}^1N@3I1KiNg}cVzw_4
zbgha5oet6@!e|{#$JlKOj3cqeA?hfiv-HN{jGU*Mg>Yxx6cRawgSAKn`p%Ukw8u1>
zFd{}yK!{WG+jhS7PE7zuNZ&PFG|snIs|<d(PAGh$(l>w62qPlodRUArvEQ(Fo<J)q
zq#97O)9NM-1*N6|EJKoo4g0aDK^WYkWUBUKT`8p2&N~H4MgXaDp||*0!0W>>L79?R
zJ%<lBl$1in(J4|v-Y(1j#PL_s)k#@EsXRnoLRo-mJG?%bI>Zdo89w94D_C)$lZljE
zZZQm+J7p7cgE`5|N@-H5UWja^O1{YNY=tTzS%WH}xh7=J5sfh81u!yss+ocXiSs85
zl5}}0qhK4Aw!lB^q+xT)wDJvF`Xx%VGt|xl9(yOWX{N-ZGHr(WB~6C;#v}bQU55F4
zlBCW6lJ8lyhWca*0QnpXr&r;uOsl2vgz{)pja$XC=u%~zy03$&u~WZHIY<6?71490
za-z#hb-#E@&trKQJZIn_1a9Y@zUYGMy!`8tY8;-fTyc$S8F{8@4$pa<1_xzc<W<CS
z1U>K-HT1KXg$%QEaxa!yseED)mN+)3IG$PA_`o=gU9!9D6)~*qhHs*skUhhIK=F7`
z?>!+RN~rG;)$U@TJ71_C!hk2e{*2xvL`JwAtZdA|t#1Oed%5jw!V4jZ!EuY<vcvG1
zjsyo7$wcbFL_u7wnK1<*d3(!&Ge~7h1qg%H2%mlkrt0+n5MT>FDiG5~_1L>{grSDo
zCl9{{(mG+1)d_oDmCs!<3(%!0l-lN^WU~=cM~@{@ccrGjQ&fu<W+bP_beBq3IdqrK
zS4kJ+_68<>qwifJ&_c<vn@=R291M~<LktNvNjCY};Apw>EM~Lov2LAS+ZoIyG6LCa
zFPVe;YA03I+5n~ZGBAR8IRLsPzC)!2VrS>?fj-2+B}27$AohABm+XTpjTN2~X2@z;
zwo9&PAu0kbESdclf~$I;^^uyhylIvu*eW<cPNCA85)@R;x~+jib8Yv_cBCD&tM+$t
zba?D`neMq+v6h#=M1Ny@Ut@<JO+fmNK`<{TsII);dng+oBhgeYqHv}7+>k&qdMR*7
zo|*Zs6g2JNYl7}?J6@(*O$@fio{pWd^iYGoKjn<S3N_TCbKpWv1g;N;7|SW}Q02Ep
z5#V5`#p?`C$U+PF8RN|rxr!;SrTU*`^FOgRrznb@dR6ra&4I;w=wvk4K?6a>cPu(v
zGf+Cf;oM=N;ThB4hgV{M>mM5mJ@Iu9bBHT4>eVGv#E}ScjZwi_hXlgoU@q?L)z+5i
zS)|ADBfGBJp|E39u%8Ko>j5_)A%I`TmMvJG;c1#nI)Jy-C5n=P>6+C@N-`1NBk|Be
zt1y8IFGi;#n`5GY?551whLSDye-n5D;{h40*Ogl*7cp+2-bZf)@!yLbF-r)Q$r;HC
z$0#6VEVPPEi<re?1AG@k<S`QwB!pQEPih<lIPe{^lNzdk9VzV}TIw=3>aCNUGMr<g
zwqP?_;h{}Aez4(c5)VlC+sG^=meNWp4snb*)sOtrggw<d;_or|eP77GQ*tvO-b1lu
zhTnIXrem^^Ti%K!NN55ZjwvmUf|zOVAq;4oNpY&dO02{#hrVL)T*_zA;SGyP8rh9c
zM=s=+LS^CbhOa+~TpAMk#V+N65blsyVCaxuFQc`uuDqYbq+>x6cPmDvGq{DDo_54U
z5F~6SB!-H3R6*8?P@!la!^>|s)oxY6_-i~gt=aC6WKHNFQ}7x=V{A2VKx9WA6jO0r
zl)w}cW4yr=gEgJ9p%RS~;oK$o)FN~iy~2xdu*q&3z1w^s8P0@kr53CFC46WGKH+(G
zSxs1@1S3<5Szkibf>3$7>O`cGPzI{_FMABB1zfv3A(p|^>tnd5H4}~TR)jXy86}l>
zV#bA;qEluAVzbSVp2T7m#FpGSaSq$T6UW_g(Z!!QC#W8{S_W!EZgwWjlNz>7!pj3B
z&QIP=p@Yn9hZvkAlzwBscLsE$J3{FFGQ!w%s)U~4`v<1lM>P2RqL$m^8f35?)-PID
zgJoNwhGd!cMkzDz?5K8>OZjU+WS@o3uN^Yc0~GP9OUjHL4v<i2CRgnah2N;gwb6GU
zAw4sFLP}$vTKo3rrZZK49&zlZvQHZCmr9R6ol<%_6KJ(emq-p<+O828sztvBQ(O1=
z=|Ke)7=OKG1wRw+`5cJGMv?<{g6O<|+ZcM6c`5;9WV>jlkrp$jb}FTf<!Sp~BO`x_
zcH6QO0`=_Gy8FG^j=&qH=76&b800A9OK3#CZ41QZ01Gk#j<$$9YoIx>+k~xPg7LEJ
zu$$BbB}thU`x6+iwhX9ZjB}Yr2~r`*(KIcW=5r~)-GICjufq5^MyhAYXlJp-^0s*r
z(hPRa2#Q><M<-HlIZ>p|>#(F~&02)~m{Y(&vrX%sz~qqB?Cxu<9*B{Zdz8*iVkSh}
z03Ic=+{g-#J0SF4lb%#9;-bz1QAzt)N!z8?>{h{6w;f90gw;a3u!L!b^f6~-KbJA<
z^UWRlZLv?wx@qBklbs-SaB-f&*<dcET9D>cLPWG=tO6{8W{q0AV`qD!yk|Ai+Aw>?
zk=C>(WV5`uRwqBEsch5!LT}%4Ba^89050TZJ?|T)q>PN}^pi<BEi!cDJ`0!8gKVbq
z50{KOs!KPK@K}4qY-?n@0_p;ANpdP*hG=)*F_KL%gWc8-C6RtMGZj*;E`smLHM-1~
zR?DZK*k&Lsd2rO~q~+Lv2R!u0=(H;Zf;>GP*~K*1y?%E($+NFe@o`1akUIB;7q;ei
z%q`_@j^nXyE__Gnu$h8Arm|sGm6)@+D~_zo>?@NpJfVgc{ynN1*=jr?vU7+!#&v}J
zp#_A|>iu_2t|AW{wEY_=IkMB*Y1yip{^(<>na?XKqx+;;oZ!zaFOqbpK5us~5{{m=
zRg=7$uM1EWk#I12k+?^C_oSUr$=m0972S6`ab$TFIsP*GlN9azird*?_$%i}Qol)6
zhmg3li`nkwVA=`ojDcy2k?D2AhEaa+P;{m7q-RQ)cW{T4qgD#Vd$k8?ht$16htzqb
zQ`#|<W7;y=qEWs8L<Q2Bu)n6@8tpo-LnjeO-UM&eCK7kPOFvK3*YPWky8-gD?;&~*
z>MlCe`#SO%T{-T4|Kngd8i6}3TGlw_(9zlRn8L|3+S7!yEgE6s_zAn>%9ewJX@uyS
zQ@nkS4-AK=f-~szuw3WZ2*mpg%mzrFc_HkDIoM)lVL9ymk0mH1`x}pU4MB?3y^q_9
z!P+j@TQGbLdXI(C^(kIPqN>xA!S`RtzPwy;-Ag-Ll-s{ymuvd29G_Hiyes-_9G@O)
zpp$gZt}6swPf{|HQXHQSj9qVnGLq1pTyHR+gN{5B(XE5gn}?@9^{a0^5xA}reHhTa
ztNS(?TxCLhFau2Pc2;O^89CnWFy1T~-|hvT!r*1!m-D!a`eJZuMMLnoSIXZ^8M#)V
zd9ee?9G}Q=aF=%KO7vRbV^n?<alCEomA~<YgivsuCw6~wmwR?2b&2la4gFM=O{<p-
zxr*))G`Pl>!JXd$!s#mLdpEG%>YPh@1-AYA3eG-3w-?_$$K0N>u?{p1Y-Qorqkg-@
z^k{QRCU%VeJj!x5GJ#q*3&GhMS9GR-GRC$16p5<$g6;D2-758~*^<xq^rBtAY0^K4
zMt;&@SdTtynez7`_gk~}(rA+o(X>%7S$|<#Zx`-5IK(<gcCw97>}mtIp4}PzwqCnf
zy`I~rI^|!ZwN>b81Y0eeOtr+?<D{EirnLmAyQxy>=|*bV;T&FH1zEk3UZcec)_mB9
zMqDo(LU&>-O<_qJOm}MA1h0BhYldZ+2}EQ>AL$xA^b-<K&>&Xm$&j7+I&K-(4yQU3
zh5;v^L&y<Q(H0kXUayZYubw}|PXNPqlt4+^6!zst$Or6xr@#i*Kjna`r-5&dVB1Fn
z>UjG~yW}Yc{1dIsMLKG>1KvHWzP#^+>NN3zLrWeaWv^$9>L(7a*3fpnXDbRitu|E3
z_8u~hyWCqgK+PhAnfVLlqRjE+c)ZwC(Ko>1=(I?#y_VMi&T&3nEtmmM<<x2l%Vkij
z52&;q9os;l7<01a1*MrdkQl>YN)c>O)Isw#l38iO%;fOg5eTu*1EIwTxN~BY4I#xz
zrX5#JX6Ze0Qk#X0K$kbFyQ_tdAg8t;g+Z4y(&M4doi6QbvyZdCG&U`zQ^f+7i)nbV
zFP+o-z+jt9%VSgNWp8z!gnh#1;b}oWTtK6|D;B(1Q7WSeY@ir#5}e2sC@MxeMCm;@
z?*MdwmS4y*7m1W%fso1vF$)|xmO752Hk2wbfEmlPSpYH*62~Gk5^pc)zw?`b{|tto
z1EH4=saGJUp-_^D$Sp)HCLEu?kc*@rkd`Y9z<I7cqX)xNG|xrE3!=*V$+3SHTLO|L
zh1!los+fA7=rDv&_6^#fTpFL#M1UX~2)ZX&Yo$0qh~IwH5KGLX@V8To*pa7%&;A^t
zXZxpd+$Ydk8Lz@$DTRO2%>I@*W?^Gz`LFcxSDD3sX|+mjwnl#s5DOVO7}%THI@;L(
z{pA-U%7{+%pH=6-E6)EWf&3M^q+w+HTcHa(>z5T8K>v^0^Zz`7{B`PItIvNI2metn
z{MQ6BfSLZ^sn4-f=Kc7HgI7F3Ll=58h8+|^_=(zR_RGyo7a$l}g#rco;{-Na@+~y?
zxo<qiUC%=@8*L4w^-J4I2yxMar{5wp1AsYx8&a2<mq&%OCi#5*NrmD5Y86KB;_PT8
zx%^`=8H1(WW7gW2vscGI_~*Hh3tkDXQ@8sk7~`@SJCeUSM%|?HiwQf(ShZIPgXM0s
z=$LNr>!IJGx~dV%0TZ<jCFHCOpT;DZ6&*VN?^B<;Vzyv;uTkGLRAc)OTf|`}z3ivh
zHg?i3x=e@YAiVFaK^ggVOI7Bl>65n&aLN{tt>RtUIs|Yw)Nk2KoH<(0ULdZ>ZZm&1
zC;!X1@V^_3zZ8{O{tr!={_iy?f2%k7s!I8K{<m6{uey`3DwTiLi~l~Z|B&?kYFYWG
zniJN4P5QF_+oUfe0~0+D543}$y^)?3v}@*t%Bzj0D$XZv_iT|iZq-`RE$&dq#$wzV
zS7uYbLbJMf=Aa#Jb(Yc+5prjpjb+PY=VenCGtzg#T?VewK&BqV@9C6?_!yaico^NN
zJ;bE)P{l}4{lwmT=#Mb|x}>JhnR^+ck{_U!TMj&1Q_o#jZAa}V&D0zsHSsyfLFwuU
zj3Q5O(V;kWm8{RBWf}b2-Tq^h3zAI;Q`VnR!>s;el*+7&haXQ>WTC(|`tM{$W7M1G
zI$_9QCHOgX0b(1SIR0<!!zQCmhfx{lo!|Cb2=K}{z!Xcye0%WpAs5DfJS2P!#q!DV
z9X6{sTyn>I;oM%;c@|$XrR%l3#~dH?9=LBboq_~>x`rI9Vca6picoqf2~ijBfBJ0Z
z+DxmS;7H8SjLy+>i*gK{Kx-356`T6!-&48AeDHM_U(KYPWZZ+jz;{afd-FlPaCyab
z3YWZd_Mivw=1+mXf}Qxw6b_UCf>X7pU}kl&5%c)>o`3D?jNBoBaWXI=ewRA(K^p=$
z=q)K}5K$NtHR!ET1#cBIj4Tz~Hz3TFoGV4!VB!g19}&$pc_X{E<H;8mww*?tJ9BG_
zo$Aw-^Km^WN`*Ypl&xPv%<68gM@9l=)qYvT6ef8rC3?B>_SRz~#hrbo0u0-12g7_S
zQba}ko@?+2h^(1sX!*;E=FfN*Rux)`#shV5t~?08<X^ig9pRPQN1u4AIl@(AWa`cr
zPgJaL4=hB(l>MoVjGX>8LDyU&T{W?m4qYOCL<l53PX-lNTlg&l7xm;h%g>al*Jafd
zBvN76cx8;HeBRwD>dLi;*}BjnuJor{L6pCOhUVUdk|tvj|B#Rj!wi{CpWXfj9Zc-@
z69`!2L1CI|4R)nadiJ!u&?{BFRfBNV28rt+M$G!4gxV)NiJHE?f6>-O0dSc-CEXAE
zajaF!`Xy4r)KnI~NwWGu7Q1w6DNDvldMF*lk}6RbgRFTlwR<o@sY?yKN7Co;9-~Yt
zZKlQnQ&-Ops_9odPb!qRv8U!O2r*4>aR`#m4OI8Tt-Up=TZ8wRkCOcN84A2^kKj(X
z7HqAL{UJp^PGZ?W^~bKO@K2)CyrH_WnQ+c0h8a$3V9woRoVVteW&Ehfda@k1mvx7u
zq1~8F4$MpFx|DOt6zi3yw&yk`4<EhFx-E^&mNN&K(?oU7_lp<XhZhr%p-*91Y<Yyu
z3;j<zc%IO5tW1y6s=GL{jipPOhC1#fh$*U^t1G61*Y6X+F3}Rj?sI3)*Zhw&6ymRG
zE-w$$vM%qntdE|6)8Kxt3ff0)gx4OQtv;ab95*(x&hr#pc)w2?CiQIsj7%du*Hn47
z>#z{7`S0g9wK=^#qTJZuaBpm5afdSU0tB~Jr_izwZsOu#xR&alJ&U$EqM}6R%9&k9
zX<?n{CWsrvd74tkZ-NF$vY8axNH*&*aSj@)%m?b9{oBl$I~Z5?4eg=B_v+9eY3#=m
z5=QptyC(FT>UHY0cnnl3q8lY9$dX1BSd!8tZ{c^!Vs6|T)T>kBN?EZ~nv7SST{^Yo
z!Ba(DP^WGjS1L7xdG?sjqpV}NW5TP|xvY|<I_#=uJI&gnCvnzh-R_KXjaQm{mok$h
z>gwUwOV@w@tkP_rtdb~OpKsHS17FfqDNwiLYdOz9V1bT?Y2Kb^U5`$;NTNK>v_LJA
zAi>4sE^(NnRW@n_JTV)|JF(Do7+#R_^wM#_J3bZeE#fRC5}=(WXRVc1aV%6Sn=4DZ
z<SdJ(#DO?IAB%ZH>O7(!Q%47w+!PL(fo{R@v75(5xn)zTIgI3iTWy=i3p0;n+mQaC
z5}cQoWD*n~-Q9KlKxa7eMe|LjCmZp#me~og6S+BX712-<hLsf7#7|K1%eYRL$0f6q
zcEcT_5TV1yA`%^&PHb0rt!0a#9BmKZ7s%!>r0km1sYEfC#tp46Y=xbmc+4Gq-yBj(
zk$R%&>nL+)EI0($SDvBy-n0^`po;a1#BqE4>B<F>IG8>@ou7Y8_G+^S@5r0$vDqQI
zluJ=1MOo$wM~`Z1Q|^wFDTrMFC!SB*d2R==K(`Fh{o?7a_tfj+bOCwx2`1}Xk*IG=
zUQa8<!<n)6Iz83RdzY2A#wT!=m)@G?ej#X+e)T)eA8sB=S112=e9Wxis5>k2Kiw-=
zjE{RrR;qEPIz6tz2_?9?FCOhE<Z$vq7xkqT=(~B_&ML7yGiUl!t_DivwI6E*$GPC=
zta3o%QU|rs#{|De>*00$bU+!xmR&4E8>0TiX%pf>0*&_=a-;2hCF$>#HM=V|xU7F}
z>}{d(@g3RgDFJ;F_*c3Q?5CPa<S$4B<ahLjMthOJS^@skpvb_=3i$6;@qcPil=y#F
zMOj-TYehFJeH+XF1l0Uv-QQQ284cqXCxn6itNDx_!19l~;eY!QS=bq&>HfBo8d*Ey
z(*XYFM-$Yu6*Dq3F?IagdH<Ki@Lz0+U!V71tL}dgKmY)Sf4dm+%YH3}L050#?3cJK
zjhPvw#uKF6$5<7-zP*j{%YITPd7qmUD$-nhx2{(Ktj89AmgR?Ef(p(U`Y?tWY3+<c
z=(kbC7Qj7ipXH2P8l)v))@&pP+X@(1qGoG$Y0_BPxS!az)lWD*_W8bNZq{@jdrO~u
zHz|ZoGS|Fj8|9W|;a<aZ%A?If=iI*_9M;{ol7uWie(4C0z)dm4sV{<3R#c{8YSFBS
zedE2t51#Q-OE#ntSHx7TA3Bk_FnDhSY5_<l06fZSd2u0qy2%C_6^*=ryd$jK{^G{7
z{V&~we|4w-a^L&%j{XNBhVctW!^q71SG(Q6cme-@$NpitXZu$#;Mef{J1-z33lrP_
zx!iqGTpSgRvOlf6Jl5j7%tj@lTTWnzrSrfjAxX><n*CU4#76~%#S$_Ovtrj9xhfZz
zo`7$JQ8Vr2*efF#t#M3Jp-b7qtIy~=qKBMJ2G!H-a3>vBxKGJf*WP`$I^9r(Vj4V*
zr&e^*J!3xa{`h!qUGPVefGYWlAc}yi4r5-Not+3lz9SMCw_C{V^Sb7bK<qVKzxtAK
zAadO8NMGRx3g@<2;J41*MfE{QBI@gLRLxPbZTP&HP5}a;!y*rK)Y!;3Qep0pQdK<!
zccZV$7v1!{F%B<(_8)j!ZkDG(q8{{knhm!RwSzPT)aEPGAN5Vf+HP-5dgyt>2_)5-
z64UAoz=}gMzrn1;3<jEdM7JUy9wF{l2Qh==-YS0U!v?78C6A3vWE4-*kyBIBQe^2A
zQ{*r>puK$F_La(Gmrb*|<7Bhy%?G`ia<;?a_}|pbShs%=W{BddJwu6_ZVBy;3*;)s
zg_wO~puFcAHuLY)1?hx143XpA;EkD@KEmfIz!IQbhbhn*wS$b>qf$r9iSwaYIx}VF
zh>nhDZ~>13&VuWNlcf^VjgZODp=T}V8`m_&xDd9BS1$FJcd+rJ@t&XR6wYxt#wt&%
zd~R#8XUZKx@XiK32{~{wCNSt*s|{HJ#Vt=QX#K8YBkb+`gUjijLH^SaPpNz(SN8@z
zOJ2J`V|bB4lpkTn4tyU^xS~e~L2VVPn^K?m1BWA!U~1a(Qn-=D#YzS!A%QazySC#8
zD+7cB<unUZBo2NLw1r1plG~3)d^nEezB;u5d>masad}<q5bPQ2&1Y*{y$-9<Xv+Sr
zL8(inEg3Hl`$|VxXXF~!-~>(|vzvjX^a34^%^mtfyHjVzQ{B=ysc^Yl2Grtt#!oTh
zTG%sVMeeW!Q7j|wb-m+na%DzENkz;_MM=15UT8xpUXK=LOfAQIpWz48#0**IAslPa
zH*$F=v6@M#X4d-KBUP5xy-BSUDPd*hHlLNU4vdRDJ^LFaX-`3i!>3`~Q#gyIlu9+8
z8aqe8M}J=5rAnAC$=cDSx`sX=3Du&}_#pJk(<4$Tt+X%dizde8755_3jFcx@-Ja`<
zoSKwZGuJciC&n?QqsCSkXJdw*o2D+kpI4cSBvZdasJwEhuI0ZZ6vye-9R4^&Fgg6V
z+H~L&y&J)cX>H-*vYlG(x*NZ(vR)AQEU9^|w5Zl0$$W47xl!-_YSAAI^rSZ286tt$
z2v!_qW}eAjpp~H6FDLlBOrkbF-YjErEw{T8TlTE&5g@&zh;_2vU~mwbvR2J%c69yx
z3|E!Z@cbsr&dY;|9~6?GaJ56#c2NpUsyrcW<SS=QBJ(o6o@k$x_M!G{5NrZBu6!^X
zml5GGw#s>t-cg>@`X^)TNg#HxGASC2wE6z{IexXP>W_DofxJxu(hSzxx2Fq#En5C0
z$OT`eaMT(;W=1FyS?*E(@_Y!HGbV==@lSAF)G?9G7)NwEy_Zxx(f05ZG1=zN57o_w
zwMAm@KU6j~bFsEKkl0L`B*izrIi8Xxrh@#hxm$SOvbI&f^OLfIVGdBD(s)kYFu?6q
zU1B3dW135Tb#Bk@aWavtW)X>2>~1eQ^wid_&MmUugzFyQ(brU;a($%@Q_oYN-ZUoC
z3C2Qo*`ej;GExFa^Mhs(A;*%bt7Z=mx3L#qTe`TL+eo(VXMTJaRmJrYBFai!e7k#)
zU9>*oZu;~y3KG@9vOhP~=wXZD*1A#8$eDRRvnWZ`Rf*&we_!GAviF@;jt!9mViw|p
z`U=4?Fdmt~?cKe$6%gx^Z3Vq;!9M4N7$>}u`7Ws_3!oz6W0~w9)+#r`lBWK8C!;)s
zyGr57zP8Bz+<&%TK$!e!Y!-Q$Q9oJuZNpq1gXeYpJMXT*8y;-a<7U2w)cdl;c|0)F
z4W>3ITXPYV!P1-<smki-J?xXL-((dbRsWU!MC9{0EPJD;c1X_q*wDgqqm66-q_XFI
zR!Pj#t2)6AL^kuL?a;=Ud3LKXG*2Is@;JM*B?qt1M!frm^IoRgADorz52+}lZQGMy
z&lf36td2~y&vvGJq{snLhygWZ776(Nihh&)%B!pG>y)HP6J@20YdN$go<zxea+x$m
zl7)C(zdX8=@k~Y~pAI}8Ni7<{uQMU}?c5)$&N%5hn-{zS-C7_h=ibL$0<$etL_bf!
z5*zh?Y%`!Q#D3RaT!bA+5Y$q60o8>@LxSPstu}V7d>j?+N6l7mp;^94T1TQPY`wsC
zSW9CCp83<|><MOIh+Dp(vxZ!)(eM#GK?4DdkkL+-S~QEN;{tWnsPktZp@<hX0DyJ2
zgui$IsXPKSxS!I<al4T?Hut-}2E&;y)zl84@Nj9>Q9-hB?PDsYR&>=xfSMUAAtR+l
zH{^`)bc?7d`pW-ZeAls|pjT0C*JUUsVZGw=&3oHSP}}TDjJ*Msvc!IAI6<Qs9{H(|
zm#`Ac^h~h|QtBL!zG~4q+mlo|L-m`EZHd0Eayv?eLJ&tlr+yjURC@R2qrvJ^t5)8b
z&a!fMls36nA%(Vvyo<f1J}mE*2Q4zWz)0pNqU~@{0Ze&-=$vwrvc%{eWQ80Fqi1HB
zzVrE8#Qo%rVf$KY21d#XvEB(d?_3cyAj`g4GGMk~mOwo5%rl|Uj~n7qri4A&gP&u;
z=mDMm!WQ*T#jP$=+9-wjV#C3cSDZb&a6LI0ndG3~PPv4Rs-O#<Ek4b5+8kq*_m$5F
zb%d5>#rSw8pdwj@+a>)5B5QUZ<0L&wYU{NZMwJeZTHEdJWA0&EQ8Xl)iNPY;JA_4=
zX@uHLjXH~pa=C8ydTr~;a&0km32uzXMS^Nsm7gpoIhNedbr-deN&130G85IQsc?gt
zZmKFt6Wh^2zZWam>%r+AB&O@^hi=VU@W9Scvt?P91$#Eenx`<lrs2nR6vE`Cfj`}b
z&*!ava#p7ysJV3CqL=&S)XmQ7s!Qiub=&DZ&!5FSr_F_|X?O&{IF80F_)?8^+xo{U
zMNa0Q^EJe)UZu?=m6^(vJM9JekGGKWf(RFvcw2BD8g9A`;k$i<?G7Mo6G|m$?<8ph
z-;&Duw798G(uJNcVzy<@vXZy;K%iRmMNOtL<!I3#l}v-lJ@%Y;k<lAQW`egKlT+V&
z##piqf+{&}xFdUt@-d#21Ns?4;_u<w0D<wJo9=AI%#==lc7xl}(@U5lk5b-VWu0|g
z2J)+1n-`s(TqhHWG*>a69A9_7CnfP_Xm2X0cfX3XMPJiwM_^619*zR4+ls@=#y3<a
zYd<NxJm4L!Wlm&aH7`wkUS=nJxVj~)ZEBxa?Jg5q$Xd{9UJxgy3jSQN`slxV-O|c%
z?eYXhmw#2Qz;Fn(5tI?`jb4fvsjEJ%P_J{fsgh~0dp7blA;4`Lqx?U-y#-iRS@#Ew
zG$<hrN`umIxt9iMB&0z?noD;}cSuSrr646B(kUe=-Q9>Z2+|1Ox#-O6%=pgVneTf)
zp67DU*>|6Fek=A`JJwknIwy3iinlCEAVT)-ih}Tss*BFjO{nReek&vSjEL#k&QhUL
zl!nm5kH`A_<W>eQ2y-68od?YxE6aCZ&kUwc%Pz7$_tl&i*wtE{d#2H?nLDfKs-uXX
zTku-o_0DTAe;M2B^<+`+lSLp?t+SnE*@Ar%5%W<g6SN&datfT}#*e>b*<uc5)IFsv
zQxy*NAZQF%tg=@SA~xLhs0A78dxU{jd@h8cDG2Wt?Vu?r)t?2RDOjEd_|Qk(TV7w%
zKrA9MBmN(%5b<-P7?zacG6j)Ih@DBg(;lX)wB2|f-ylPruONKk32a0&c`g~petju1
zo*m^&!^1Y7+!~>*@crnD7iz?xGUJg_KUBRfsF=S4eH2i)pRUkmd$ueSXGhO4Pgo|N
z!Dm>1t*C?5mU;OWA*=P`naf_GAUjJNqRIVst!5Shn;XcFZ@ql7&q>MBf{awDV}*0x
zi-9)#(J2TefO{t#t&X)@68EccdYFr(h@39Blp&#kV3fFHv)l^$Wwp$$0QG4?wEc+F
zY~#nt+oLAzu2lML_YpbXWe{mk^v?$!GzAEfNwqxkyNh!R`-{G?WsXq`|DwSMh?npq
z>|-xVB4W+lPYnSaZsoi^H;{QBYuKZUIDMt{9$qiP<h&<diY2?;nl!{5kWvgs{#iCY
zL+uE?IGR;X5z)K|8&_ydsGFDosWS4YrSY*ILh!Xaq^uIICa!nMk*0kq2U-2z*YCoa
z+W8IyD1AXkUzAH^#CZbGLy7&4f>a2n*$z%!hH`)fQQvx&I7;%7;N4XOMD5UMY=Ts(
z;`XKM@NL&a#6AEUJdxR<vW>C4N@xi%Wm=T0LS$&$LTLB+il+F2(};bQLi&wf^8+U0
zz0leFB8Y|}g5oz{Ms+Iqjf>r04dvq%q){j`^H|c+4#FfIn7|JGY<F!DZdi~_)z15g
zxxwv_2%Hz<NW8C2J8q$AcL+7lOSLq=P<Ro(jY=N1dhD7p$66&;LS=Y6AdUvJno7Si
z>iDK^o*JKC*918+UM`9~fg*yE6n10?c2HHFbOz1?6Q8>F_IGl&uXPm^5I870Q#HIK
znxhHX1@S`B2%VA%T_ljAaPiilnI$fwy{Teebc=_NJ!l3}gl}G@hgox0?t`x0_vA6u
zdq}k!t|)FzxqS;&nFHC6FLRb#pNe?h(KniV;r=9U`fI6P?#dfU97&XVPp|`7&15uz
z^e~v)%bprQdYD$ky}KgPGRSuDcS0YOh#_|H2|Mf2;W)HEwt7uaF6LtIKNd4Mq6DOe
z(U$J{a$Vtpm^u8SPzq7_u~HBkAFxT#EOCTLD9@Qc{6zFulul*%C8sBKW5g(-BHXtK
z6%u=GxzbT<@%_suJjEH^UGqBHsD+g#z>YKua)S4Hf$T6bZ0n9lDG2jK!v@?j>*TtE
z#U(1jL-4qPFM^3i%vPq{3ovJAhqlK}%bq<BOWi3yuzZ`;eMiTl?ERzsB`(d|sREvu
zWOSAi`Gy>GL%p{OlTVxo@}=67xeg|~o%!YrmzZbXX%lc1XcSm!d)^5v_qRb3w21QG
zDRI=gO))$ms)4UaP@0Om!8tX_t8Z>u?x=A)*~z1}Ri73#C7k<o2Qqm(p`xB8Gh%0}
z^x$y3hvGe=K_P)fEk;>VZO=R+s`<v+jAf~#Bd=rQvX40F&RgOKE7qA-sgdgA2rN^s
z(itd>!pJtWLP=YxZEslWM;71mSsEL1y`)`rRCljIlkilF9nfDZ-YYb=Z5^M4CRian
zoU92?uqL$uIp5;zJ}ko#$*zhG@@I2QDl|?mmT8}I@3A5P!QE!&bV&ABf<N>TBZO2I
zwwrSm?f4_Tka_Ln<M=!e-L?_+axxb>?8#Uqv&`*g85u`^i`ls}l53L5*+8VW5T%<I
zNDQ+GOAO;@qPj`TPGv!8jG}PUx>Y!KVjKy6t0nxpDP?Up-y;zfn(9Kl%4sq)#`v?G
zNaMn3M2bMZW`(Lf5>gRCQRqOd<hJeFB9&x`oLR#wPa)^`W;B($M=#*C+2l0Qh9v{Q
zv6Q+gYP`4oUxwIkx26g!AU~pKSWUFOg^tytY-~)ZvL_VY=Ftek+YjxRbv1!kGpyJC
zpm<w3@^u~=HnZ|p6xwIH6qR~m$|_~7GIskkMHvtMD(gVJF?tVR3aBLb$vGVUHgfxd
zQue2j#JVELjT88KWb!Y$q^G%DlP|y@t{27RVu&l?ZHcijiz0M{iMdW``#dtG^x(>9
z-32%0lGC{kql2lQytlc5))6XlA0?jv57|v1Je&>{E6S2y!;TksUJEWw_}CF4i{zQ!
zG78!)1$eqgLK}$m2yrpN>`(jr<JdeTe6z`yPkka$E>KsU2H)k`Z>of0J#M^nQw^Hd
zm$}dYKZ0CC7Hk(VIf^<9e!0T54Yv783wF&#B&Jjpj-|Nc*TATVz;7Msg}r(pMCiLi
z)Nzx}COjhxg&2Of%;dgIMq>D4pdz(94HbMu0o<W@KX!i%(M6wFP>Z^!Vh_kqjtDyG
zp-=Go+Pk6)>@DxG?t1P?vvg1NC;T%mgG9k}udk_x^?THoF}IZJFtCbcWjQD&Y-PFo
zEsnvB;A9i8WZUyQKD=)hOU+~w8##&pk|2oQTcy)QLlp7V6X^g?Fr$&~BlJP3XH?}>
zeC?@1A2Wz?RA1et#WtUC=7~jAk76V)=;^>=j<~(xG_=EA-i5?3*Lsf!MLRm4l0p0x
zpOgnb8#=?|Itr+vCPJQ@K?7<z#V4MDq_%(pu>}rzO`PH0GKlrM?|p|ta%b_H<l)aJ
zB#zR|)r}>H@l=K&F^5JO3muhcw1INjsF*!NAYYGG@(ZGMP=;t5B}t!A!O+1i6ziE!
z$1i10CWOu~<!QSPD7p^mbB!f02X*c~jV+AG25F|mIGIHS(UHAm&7#!6Ae-cP|0Gx>
zNP_Dt4X@*uWQqk8bi(+%Lq;oh3TrW)sMWdFT;=0A>NPQHIid^pel4h5H`a)Z4l}^;
zgwB3!{bACOmQvH$@)!xGQWT@T&%-7;IC&Q;b8;)s!-J+fQxii>0@B#)aL%y5${j_q
z;$FYWA2sOEmFN1ZPh?%G4ly>B{!Fy&)B{K+KpHX5!k{g$^OTu3sfNQK?U_^OewgXg
z&(c14cR$LwEoUdhxCV0c6T$H=Mm*FAgMLxC+e60V63d&th<hoL4suW7V|<?imLM#h
zA51XXNPg1QYB@}AhovMqM_c12yCwu*&KgI{RgEJLH7>EvPNVW0+zBW^y`fk%9jEL5
z)Il+M&z%9~rF>e=WVmIlMUKS>o+0@S!5DoDk-T6d8f5)3mzyn!W&Vq|)fjluqdcDQ
zn3>=!-G25t(W>6D)zvKL)0)epV#OE42PY>~?k>e-a?ZGM47V1-UVbp4NF;t=q*-b=
zDG+PoT(cg7FK&(9G)zj9ZEGYGJ{XSK_{j%{{p8UNWy_q|dly{1qo3SIiiSgSQ^L~l
zlu|on557<^c837TV0ii^s^lkE(~w48tNJGNOc1(d-<oIGu@91#6lIN6-E0#xz*^5N
zF(T$XrYYfikN&i02-vs;!Huzls?NA9be+u~%$HTBI5G2f5^2sjFw(ZHNtztkwglnn
zRBk~Z`XfwDzJRE4Dy?;&gR)V}d?ppc!4m7F2_dhX5(~r$0*0vZqRjhGiy=^xT7$f&
z24Xb0&#d$m2~(er2p(@E@$$6}-S<o=ELS3*)Ym<1m1T~mrqmino_qHqS;5gq8`B(V
zU|E6AX;^eIDs&IGaAWngrA8DE6eK4zz^MMg8T*{;6?iJ|QhRrI*c+vQ+tf0g;vPNM
zGd@xk5f_H2(_C+fC!$y*{nAIMPZ0aw;AJsWGg#rV;&2&Mhnj<w#5M^JXy}>wcnP~A
zUj<>Vr$3__5zpK5$s}H7&co*+XC5BoMAFj8PC2rdbA-N_lJKN?s*R=DBP~Zv?>wQ?
zfiJQt?@lS%nCnpi)k}!1R}Hn+Vi*+wcd>{;sSCw9vOt6CQ_6H@L#JD6Ogmj2Z;fuB
z#hq_TX(UA0ltjij>Snuil*H7OQk!O+3}>mE%D?>FYX5N-8syL;KIhV+GS@3u&0!O@
zre(JBRXK6Mg2M*ho^bm`*-LuIHPz~ST_$R$sdx7=U5aBFPZF5s)`lwQmbXN=XZC6p
zSGL9;?5yo+v!&I<cYKnhapEA(s9odG_PTXL@k#g5JMIxi_XGv*><=+JiF<QFAr;5s
z{dL1=kOK^M={|RjE^N}U4?O|Li3+Bjr*G(OT8rszRCV$EU$N>2c!#&~y{=O}p=(|i
z%zL=prm**wDFRJc=wd_7RC;)5Lh@CinDWj`M1S8KT{F@x9~<Isrmi<E?pR>p?ZBOL
zD%_g+vXYZixl307oug~$)}`&dd?^%5-n?_L%Ha4k-EJggVKX1cE9*wOSM_tgt+pJD
z&90H-ERl16!i_5Os?T9g$HN5Y&1{0tqU4vCmio-AmLiS;%Vg6sm$=K0<}KgccmJ3V
z$IGq2-~E)IY@-p_JR>LQb0zJ0A=UZv0Q|NThM=a;W&O>23vJ$9Smf3%QTJ9>$P#xA
zt<P6YZyuRq2$qTVkiKr3dlXDg-!#|1R5T|TbygEVE~wrt@W>Y{VIBbs-ww7zhtQG2
zO|OndLDX<8^Id=HP1BoXkhf<Ry9kv`D`e5TUytJLj>hKCwwaf=8Q&j8a3H@2AI`cD
zPrnO1p0z_JX4(`m_voW{)-_6+a)F=oG!%4kp|786+zuR=jd$(SzFQ@LQ@_#6Jgt3q
zSDSh>)n(Y$#k$FbWSp<@4WIe$R%N_>W#9YCDETyyY)NJOqL%PMp|wYsfye$0k0H8x
zc3^&UW;!Im1~tK!tGjIsi_mV2YjJ_fV`kf6y9QKOOSD7M$|v&~6GBF^T>Wz2m5n{|
z*0P-e3xTgxO7Id+q?D_BS@aakf+=Mr$#@4FX0T?JEnKjsEt^6kl8miw00!Q?kMDuM
z^yTBt{j_-xoI^~@g}S?MT>?mVhiwtGc7Y#<^{#~k?2m7?y|JHW)z1m2v>I`kqN!7j
zDvIAFK+`S7)D;LXirF>Bouyfbz?rp$Kav{XZsWwznG11ue^NcGKdl^IC?U$Y{h{4r
zW;~;3i7B(H^rp)^&YR2|mGbSz@y|K>+OjJ^y?BjQg|v^fh^-+j4u!Pirb%tY`^EYs
zoY=RwHlHg_H;+0n&$u2iU{t!1>NsUR*UD<jzp)u_UT5FxX#J6(Zt;ndb*rO?IK4GX
zOBZdOWnPfhorSCi&}k(MYjYKc2hb|JPVgJWh+7|znVtm^a&<2fB-{Ger&uHf-jXXm
zeQYkL8+kx&`4!Cd@ZJ-rFmQ@BsSctX)8M=~@}WK3S9>m<Dn0hf{t!YR{p$ovyvMI&
zZMUQ!DRYPAPx$5MXFH5IKSHup9kPq}9a&kB_9A##jkLcn!{bG;B44~OJaMkX?;Vhu
z)3$%ZQXD@`E1WgI&B2&;Wo7)cWi+oldm8P+vloup0VZ+t_7OphSb7gMh;s(?B7B({
z-w*j(pQ1fN-%XINLadk8v|}IF<$n^US9HHQkm7|c0Sovo5>9WhRQ<veI5mU_HzIk5
zrMhV)7I}XM89U6ej*mACF^{Vxy8YNH$ov)JNjRLtX}ZHXwzZBxVHbTDFB;0PC7$OA
ztu|bPD&hG3Yzgl_VSW&v-`8%re>Kcc>JMRlP<u0DW+_K~OEbgY)^Pv0$p|+GY!Mg8
zFvHFX<^Ur6*m(Z9iu(^D{MdMYzL0yh<oCx#z`sWLad7;f5q>e>^UHVyCT>x|Blt>)
z+^0vw2@_PA#G*KirouNQE}7ric=i&u$4K{5<QwDLYCU=E?{VsDq{`ohc(F}3@z12d
z+xc$j!4qE>$c2Wj7Pa*vzZ|RBsB0Wg@?v;G;jv%-*e<_{Z+#8^Nci|_kCE0H$&u5l
zcN%9%)JfuE!W!rp@6z{&Cq7vRM61+FobA0W;A1_paMfiFNiyhEgY7Yr3P1LY5m6j3
zJ|lMn1ebX^vKU93sN?C}TPZz9BA&-2(B7i)B!!JUT6r;L&%Jl7gLt2q$0VBvs~dmM
zmpd{#s>OX#GVK|~!)bEr^rWK>lfwkcvFWJC#O#I*)90C7ofi%%tX!Aex+RxPlE#<x
zZn2y9D7RKFL%J_;rLIqN2IjYDU8da6O?J58|3b0K;`+3yaVNPrRvh1R&ICP^{%0!p
z4<iQuPRD+_di<viMz}yg3K}pQu&D?S1(*%kPz08e1`KQv!ozu02HR|e6G#yQ?6PxJ
z4+7hCga>vEMh62ShTO1gfa@WgY**i$z-}S1jYT-vf%BhkFmly={t$Ku>}va`utV;@
zh8+SSjQ`itG#8lr4{?Vd-LAW;j8v~qmL8@Zad5<TT7cY*?*o6$0U<zdE(R?$fQIH8
z4n8#IS#+mG&@(ALmFE=dNGh+b9_QuKBfZRxdtGjiZJIZ!%si%CSJ*x(*fP6gp&YrD
zm8MLad{$I`L=ziQk#jV=<8f3wVRYzrzTw?48sO^49a3g`Lw|XT?2Dwc)#io>>bp?v
z*iiwTPcGyq2;I+g-|xIk>j-M9yeQcxL|xc|E46qpl<_IY<#L}mK%H8IxNY{uz1`34
zd(r{+uHy|a2?-KVr|{W!d`?nkn~qm>wv=^!PXyTJ__4PSFY8J-Ig^0%LE+1lj=SA(
zVbPwH-6xcndb>Hb!Sz`C&H*V~Pi>jJ7$@B@gwiR`o|>}R&!t5|*}M@bt?@>QTsxu&
zg6u(w`U$a&aSY`W`9rtDv%#gU&#k*Ux<B+5XI_$f8QpK2ejvD@5hZ9Go{L4hdP*{0
zox0{X@pZTQR-wtZ@!>T~+#1rE@NH4=po79Mb^a6ReRfZFRMj7=-flXzYxGm#n+&PQ
z@QiEQ*xa(ja_0gzJ7KR)(tf)qQ_|iWoP(`b*}OCJR<h2LQ5i{|a$UGQ7dztphxWJW
zLMTL#BLck(%Gh8xUpd@!GK1xC9M{Le16^)JZ&{xd2VCcS8s(1iibMj9`v}uh(C;xE
zZI#P1!9+X7LxIiCiGx+q#`>F9M#Hi^EQw!HQmp*qNyQjeh+-B5cRwENc4x^mufy{P
zU!(FROLXe|Fj0;8WY3Gk4eOoQ$+mD*V;w$eW;&{__`OzqS*%@o$JowPQ473EHo59F
zdev~hH__9P6(8K95ymozfDO%KQVfg3g<I=B2QU>;+BVm|_V>;l;%RUljpJfC#?Ad0
zz|z#<v85@4lHB8zHg7LC&;JpPv+rwi-_&`}`650u>3L|SXE~1A+^MFz#fA^%vnEi%
znfWK&hSi&gZw00)J5bT%K8}<SMxVoHE+a#k7zDiS46cE6QmVKWjX8N9JeG?s4HkcB
z$bGgR+)NgDaqr@GJfX;qS??``H#Z9uI_T<DtrIOHhhB~>^BOtNz8o-LF)OQ!ePD8E
zrz_$xbOiP6eC~WS-NCPu=`<N%0nTT_pzj$)a@aIBqDwZZv-etD%tBj&E<u$i4UVs2
zvS{;oJ2f9aXVWiXW<lV=llV%mpZg*`^-XMUi2mqf^5{<=NYNkq)(9!TVD86Xy?z_X
z!?(0ib^eXYLvx1m_!?=?tjw4qN3|M;8Pavk2f-DhV=s4X9d}84F&_rk>dq9cjU8^B
z9(;}Ts-K(KS$82<CLg*zL^eb^MDB2VDT*hmI<i_mU*1B_LViPTL!M7=KPNRuJ7-1}
zD$Xn}kDp3sF!s_ZO!i~7Z1tz0CxItfvS`Z1wvj{cCuO&B+O}e}nAb4xBo=F`=UDVM
zDW3K9@pB3~o{#OM8m)lVtz-}D70*rx8!9S~+8Zuxass#lD#`J^wEG+d99(JKEMAxn
zL=-igUo;RBUS}m8fA`WP)q5c$uz~w%>YnR;P9`M2O@mJvvUqznLlG$w7G9cWLy;Q;
zH=zN<?ZgLb1&V6E>yG%ynJaBfOYxyH4_UOe?ai(+r1~5Mpv1{J>Nw*-{iUDb-yPm!
zlrx>Q+2D>Si6*>n^s>Oh#0Jb<Q@kHIGjX>Bx<RB|J)-dvrFxH1b{jpXGe&MXh|(Qe
zL{Y?B_K|OHrro2YAhW@pk?+Xd!k{m8>z=2KT3piky2V$ND2|<{Ul2n!u$4wdZzQ~Q
zuT%9%&}jb<hRw;a5=l52A)h$!|G4)?Sdel!A(>rHzCyN!c2PM5%D`AAQC&_yWa>Q9
zw-kZoz_6E3NL2J_&qsyuZpS@p{&^{i#TeQ|)+zqxm@cty@RWh=og&P~(gHetZt^Xq
zQ`9I=6a6Lz3srLMhnhVM-fTP&Qes4c&eeW&-K=HZPOkI*vQok4CV4lVM0?WhZXNk}
zZQ{wsU{26BX?v*PWnksqIVqZ?DBT^;<*rz7InsqEEon{`HBw9!{$H_I8za&C{b!M?
zPdfBv#~e<=4IianmVv%X?MH@h`gd1>GTQ5Ad$JR!jPR?GbK9*mA1u+oD&|=D{0PSo
zMa*k!5V`<ah{1cXizO(uZqQyQEfZhP@a}_JykdMccmCtqReq<Z<=}V2oUchoBGx4_
zG9wkehI!Tp3k;2k9xq^U`QF3Trklop0iOnC5X(WXEq!-}_;}{?OB?>nwPi+^h=W!T
z=j_RfL|boefd7%x5fEE~(Lwe+<^J^C?A|$7y+eul#*9VnJ;!Pmx%$gqAvPi+Y|n)|
z9bFMGf^U>fCI=5bkdA-0aAWDt_SzSJ-jS-c5Q%pR^o){i&%s%WS}%)w5yRwN8z&_e
zKP0lcBVv!ck{KaAZR&_D7%X^Quu{NRDp4BpG}iZ+*pSmYt`gkV;9*^2y;BvgeO%~%
zJJqs!*MG#yrk-wE&dP~*x(J@E$diuA*c-Vx!T)0U-OSq=Qz0JBR9UP-B{}1u?g{~v
zkFRVhv)_Z?4J25zk#rM0D<3cgcgs}X`bbj1MHOg_(p#bN){dWJ3)QPFEmmKq^7#QW
zG-1#*F_Q^e&EI9jr4s;_MWPhEK4A+FKeED(9^)z|@*KDN-XuSI=3dld5qD<#hkG%%
z&Gh?ucR+GE!-gCn!|Nq_jLA*Lla3Ol0|w=qL;Ky26VM$3p`lh%Z86=n8Zsq`%frxN
zXvH&N6EM)I(F)0nWWNyIc18IlE&WWMH&66K;Ag_0)f;6(v04Z$b?R@94Xae*5d|W#
zYuLsO=z4}sygSHTc;mQn*8M>%!R1pierU@w3jh%W7i5jpsr9lX=cOeWrQGd$*~-nM
z_ZqGNVISG3>ADO?_x8Y*sgS8@2Eo3@48Pl@S}Py?X;!M2DaFyBTr&+g{ThIxRwT#7
z;@<gmE{43by}QPKpr7BOyaV6hu+<=l1^y@jd803->3w*p6yMhmHi9_y%=~vO`Mi$T
zY;2}HS3W+J+mU-qPNQ=%>lvk0P(<o>scYMpP<RySVLo@Xtc)Vw5O@r&^qn)Nj2a8F
z<a^s&CYsM1LOpS6Z$(hT6z^W*I}>IzSmU;~ev<#GDI9tigNJ6qPwBA{h$`o<K$a4m
zN!Ym6iTAO|Ld-65X|&Y!OJ{C_bEPj9THBKo4XS<M`Y)t+(g)b2v-M{A7iP{X-+kWk
zu3@X-d8S<bX_+7wWo~~Imt2+pU`mzYW0_>O6pNXH0kK#@5NTo*R6Sgs^9@f-kcwKV
zaDGDapyE3WkI+1}1#>!*PiD^AmL&tPc(3)Mj+~U3yykW&<Cf8(b4zcMW^jDQI}@Gu
z#_?4tNoi9-DG?J%K7)W{d|vPHcn@aj%;H-kEmAf28tPhbEyL7}__FAmTgEu4;fAIi
zAav#G&EQxqsYqxVDOB+MrR_7GTgm)Y;;xlvU1+`UPR#F=LY^MG?%iIVtmO;P9Xw}X
zT5)R<#8e4ioW)svYd?*gy&Fv&F%>^aiazQ|xBucR>RC7sNLTeuN8!A~4T&-u?>wp*
zj&zzaMgx1=w&bK2%$<*8GznP=^0T=l^LiBsbMvLuUx_iOS*ehy5<rTURUL*Io=Zyg
z1b5u5^-m7%(Qa9ZcDJM;qaGzH4k)p?{wYBB@T-MorvBKd=uzJs`AH#L=lq<+VV}tb
z1KntF5U&mCjl%XmZSBjA2JTdm+)trnxK{Z|20{MYk7r+3oZ&Y6KE%9txe$C8v%xRs
zAQ0&U(h;=c-eVf9R!_b4f-}Z9QPW0=8R80R<SPoPM<ZZ%?@U_jd6bUU6#J>V$tcdX
zG*n0W9<-gha;C;^X{*u(?;_Y1bMj2~PM8Kmip4#dZDW&OwB{o&ka%OHA3dJeopaS=
zF;|n<vkpsTqqKFc8U%s8ZS!`$hh?XF&d<p>mZon~gJukR^Ac|{bOXEKgfWyXOK3Q~
zA=-J^(kyp7n&2SMxp<Ry*_HyuKkE>QH}TPA^>W6eJcq}5!^Kl}&AzepO>SSG>q@3{
z$($v2o>iQx9iePzwLbsC`YNf5VH-=}GjmgF(x4S<%X0!A#Z0a!;XAd@1>&*<jXFs`
zwL2~)+#eP8&uq39lkg0*4mHT@S)!T@s*qW42ocqm<J4nSt(KhWs}04&r<ZG@-LM@r
zL%rlq`GS;fQS{=z6W(fFl5QZ)UGB81dm{o#`N?a{H|=ahXCWd9RjnJK2vd&xy(6N%
zBOeNh&5%>eRiH^GgVn0h_Ru#>gO5^!j|uTvvZuPzqFCK8__$?doN3&d+<B+mD5grR
z@0#M~WRH(FfKHlgFDV~g45d>Y2|DX(1sILqtG{S#Knn`k^fw_t`B0fFCv{H?g}2;C
zF46rHcVP-W^-(lvDVps01UvXm6dhJJly!uOy^EpXj;X&j4a0%L(Q$#ayjnFS8goWx
zfO<-9bR2s>9koPC?&_GZ+5VBZpdR<a5Ej+h%60pdSiUo4K0cJQZJKA$y`~D)X1?Z}
z-A6RSZC~o_k6VJt1?Bz1Ps=w=8cWfcce6X&;|-Ze64~)PavSj<l|Qe@9-fT`ch!*u
zXRDOzlxjJMycdppP)=R)+A~&v(K{58lKzzN480``o;UKv7;XD~E3qZ%rPvx$f{*%j
z)Eh5o4Y;27D}6MGulul4jQb#3lUiaw;HjgpLFK$tVIOIaC+J9o#T_~IX}V&HVwz&A
zqOK6(G9eye9H9!~ux3m_F7M`zPjMd<s#Bcq8j?Q*&)8{|ZoccRb9ZhdtGLZl6XbPQ
z7Imi?Dv44~Co}q)RTArx!YX#}?%X@Zi$(S}j66)~xLs<R)0A_#;}jf?frwezLIW{!
z<;<J$e#Io%$%)y@_!O0G@p9XD$p+7v(pc7^to$~7hOsxHj|XKXh#!4@)hx#oD^R|1
zv~zKeRePr|jfWaHN%EOtvpHo7T#;_?aZ-jn=1qCrwt#odV}XhWMVS2?9{m=ShI^x{
zP9T5h_}GVeQ0X3q+0MH=Z~E-l`i$-P`af4|@D;QVVGf?<E9aGWS$<So6^ri~<vBDq
z+6_4x+wVNfm#S&h3B0wn!!nfL;Z*ciCsiU#(E@C%J!<yFes#D_A}o!GS2^IiYT&xa
zgW?MHhq(<+TMjO-c}G&8%UR{TQJz~{UFJ(oeIw_R{#t$}XKm<k?evRhq+osD#HV$K
z9hEJWo#D;l?cuHAon;qZmm24qqx{4CBa1_eqm9Fjqy4kgGwrh(Nma=aNr+^*q?6=<
z<Vj|4=9|oI+Kr^XSpyro^nqmA8H4>Xo8g@aUTh0gfzzHM&o7;%JC-xKlkA+>hZO>Q
zhsw>61^JmBzNF>{T57|OH%j)<kLJ!c6@!(lK-|k(&hM2hbXu2cb&l2E9Dh{>d4cC|
zaXsePWmlc7`WW)`k-@_bC)+8GTMV)zYX-NqQ=+NX2*C-KSrrErGZna;A+#J&0yhCv
zJ7b177xX2sd2U<l;OkdNU27{ZLJ!urTOHD$oExg6E?8J^yj#{0!RZzjQ~ij`+Ey48
z9Ou<<8*u5SW)x{i=_gj-l9%&X+hr*w?~AB(>@ZFAhA{|*R%Y<FX3WY99wn*0*Wr&<
zA7?)9`&7I^WFgJ@L1r|^r~)THu7K^?(*Xa{!I77pZ#+v*qvK*td((T>L_9@mY*?!f
zuXzPcp{6#H>eOQJ;)8oXm~w`8KqW!p=(w4S;Y2g20!=Y!eaVD<v9j=#t_Lxn`N8fP
zY|ovkuut45{H5c3K{4VLJo~-f1G06P)<_@k<aC<F*ORELu*_0>d(6WPwRYprGQau4
z67Q*f&@ypE*4{^(q!o~e6Z^i_d~Eu3c$9Q5t4^f8af4FVwBMjeT=+vQ`iEFeofnQn
z&tKucYvPEfu0!^JBl~Hje06k#s)jw);5CKD%nKnUzy66*8hjeTa@;^542Swv2^_}t
z(|1SCDc61Jx}Zjyt~@UwqZ>rQIz|2-h8=-!ulh#TZkCwd*2L&4mX4R*n&);-)1iLf
zVX2^R-SSGcg{_1L!!1=UQ|*cF32}j$eg5agWTj6YP_*iftg@c5+J>w*Lez!*PbF&9
zn7b0PHndMkG*asyR7e!Xb;V7}#&xRORe-dhLq@9+YbUbx)^BF59Fsj{QwuOz$Hs2e
zt!>E$TNl>T3dC}bF|^Thj<P9)QlCuuQShTgQ4~BDbH1RjddF&LpXAo&8FSL<Rk1$g
zaQjhU(P8PSythAA*ac1P;mzeQ68-7dtZlK}9%k``o4p{3^*4k>n&A^WK-CixETrG7
z8~1lPR;y>z%IpumHEzjOwo4*zVn_1p7A)jW)rjmKGOtCHuH|O;+)$NejFe%Bd=pbH
zM_5I!%wi08gG-RngJ>t_@x=qRi``c{1GRTqEqOXYgkFjB*1?O>dIYG1IH1bSJDqp&
zG^>`h`p;&kz*Ee|2hQ=6H;N=8NT!uWI@nN;W33+2;deW?(8Z%WP(M;}(#(`f7|k6r
z`}Az&hT3yS`zpnz_=6A$Gxi+fP$Pyc5l1w+^hKP9m&z=ZZUI5AVp+o4uXI}Us+BU8
za(N;&lVA2oT5lSEBL4IYohdBo)-J}T!IphlN?sGhGIft&OS4REB#+js(MaZ@Yb7!R
zgw&YBvMYUVyp_L9oZI0e7x}q{D}<%isq3U`bGkFxC_?X2ZNj&c40XI^nP;NQVEc~K
zSDItE>L%|VEi4g(!a-k+0^7GtX*ouUn8pqgVE37on-<-#3?*;aBlX#HD~ArU7uih}
z>o9%-9Uy6X$z`{yM`t?aJeb>k>5(QNQ;&G<>#Ko$L90uFS0{KZu{#w?DI#@&F|2|&
zUZfL((fx%hFxTUIZoKi4Nun}7?IJ%-71AjYhUW9`JijbDL)w6*d-wF1+`VZO<{Shq
z@dj6$O!>PX306Hge6xL6-h7I<?~n3O?gAvd*D+;6?mbYw^D_7_+CvrTWc{JS`};Ww
zMfWAm*6nEBVrHJk@*oFxXYgm3e0ciiewHE;27ZSnL{+r1V)^`W)%BE|F&WcbVVcv{
z)Vs`Cmg8nI<<#zbeB&V1XCy5+j3ud*Qk?Xv)hcg37g2q{uTOB3pg#Xt*!kfd3f9Hp
zyOE^_DK&ZQ6;6_i>rrMCwL4RDkmQ?R-JfqpCiZy_AD;1H$Xxi{mOgDyPp_Z)axd1~
zfNIVokBNfRKTg@(#n0i1mB{+sc#?+qvk%ZY5rOHARj+L;mDke&>s3m_y(}VJ#lgS;
z@ba2w-vxTPL#>`CdEHp!&eWoMZ^pqcORIU(ltS$d&HE>ka1HoQ{g4tD9OlNNjDrvP
zV=P^aZ#-!(;bwye-0Gf=!&mq3Bx$ZdCYVdw?U)6_Sxc!m+oy51qi=U6FZXq@GB7L<
zD~~d|FciJkRGk`e7{;>LgS3}POT|1YgVSGQwUl7<gQu(rnLs9?@J{e!+=;7mk?ZUg
zy0py!CtQ2f0B-9DXdX-o{G0?{fxEbA#)QHkf8UU{k)JUFqIdo<t61(p^-CIfG&69W
z(#%p!^PmdMNvZbrwt|s5ez%TldR&`A9t5~dRJsRYkcc{Qg%P-!9Znj;aoC`Gq-#$A
zSdA)C4Y*mZk``5j(~5^x5pXk|_V<J1A)wpjGKRQHd#BHBX>MXztw!u4%>>rv6cnWF
zNbh!ud{*Zt`GQ5Tk0Clk>v7NsHz)nVz{7%#AUqNgfp&dT570HXxtR^}N$l{?7pBoz
z7@wamyzy1wB1gqK6&00As?Y-umoo8V-%s5i(^kg~ZxdOdoK;q;zd!xTeP7wfy;-#J
z{_XLNh<57utgLJ5<isqYfx($GO=-4{qHm4ph>9}x0+^{L<L-M1GZ8J<`XMYl2&6rq
zqZA9(6!0V(-`}TNp&!Zn<h>B3`8A61S-Ln6BGcaI+<Vx!zet{)*!Ed6nLEj_@e(~z
zB!zdhVIx7*yp?hB(v?l2`$$aKl^Yq}|M`;>*Q6sX+GA8xQp|wbMG9L}Qv`)I<ZLvf
zIxaf1>A4wFvT!)=YavJQ&I(Glbjaw=it$zG*ED>N+6@-Aqsdo&k!yod{6+1&Q+9`N
zN#IBcvBST>%@J&e+Q6sQqSN0U(4!&2yy1dE59Am{yzYe2?jILSjPj&OdIsVBwdT%j
zg*q<&+bG7!qBxZB<oK#+roo1A@-6f$DE=zu=5y*ccIXiXBBkKl9}R`yA_xWhs7jq{
zyh3yE;S|9mO;nLYvs%Z%@;ZcL7wxlkL`6kjYZ6L|3Jg0Lw|%JlmQPMij1<d92FJJN
zy{IqtQ);z5waWJi4UGIauW&+i#E6sZ{a)GvsUmS7hN@Bxkx^`aF4nn+I)WcphHU8*
zduGx>Oa|W&vgf~Gx?5wg|5=P?d<jK_mP(n!1?4N6pEuiW)PsPK%oCKwc{et=R~JG)
z(k!ndTN3Y~dthK4XT~W|5M8$-%CNK~x-aHtxQzW-!JCUB^eL{Cmq96gC>bF({tEeh
zVYcg`jx3#BU<o}tQ;Mcw<0{?|JdBu298vvF3W+!=%h(%FDUP)j@br|qNkTrq$y0Z{
zIoXLZD=so7K7u@I7H5#nh&mwl7So?J1e<!HAJ4F<$1a3qmONA_<fIna&qy?moUIQe
zTXe7Y=+w}Mog1voDr7zR9^rgfLC9bn!ckNuhStzg!rsw<Ju&RqqTuD_V}u=&NTb&>
zH?uPb=O@gB8JM%zKDVRJabI{4p1>bLARy0;Tz71GxVI8AR$f$SeefB>%0tFt|9Oz6
zF7wW7Yyax}B;Bcgow>T2RFsg>_3T5r`s&Cc>-FV_VDJdRetl$uny%KZx#<sF1(s%(
zyG@#+$`6*-Cxfy-o`bl@hNpYEI14OIQC@BJe8~-X-83c<UHGMZbohOln}(>NsJjWf
z?pXh<nC<AbLG${on(}uqjhzgg80SiA%Co9_P`J&nSt*MuYcnc*F8tz)?US2bomE<{
z|Jc)={kC~<t3my{@|w}gk{Ty*_Jy~^V%8t&@1xnGal6iu*jE+S*Aze19qpeTon6n@
zk<trwPT+zR(eP@{sA$d1_D{F4?)%b>bdh*c*-%J7Fm!tV!Jxjv4SHa&I|aT81m<!S
zV%qCf7j=$l&Zu`+mLHpwbijQX?_bY1%ZYyB-Y-TCt<0{@>!~z{Fu^^FK_q%LD=Fmz
zH?mt4WG~Tb18;|xcDOQnNUt`^S$6W|WPLP<vspyjg5#~sCfePQ@O<I)7S{(j4J{Hz
zTcxwt6qd_q^a_h=Zemy5<P=1>KKpTMnl!v6)JCR>Ia~6%bnCf>>^n7C`1$6pU<%t-
z2rr^{P)A0*WVh{5len~fah#XbDcnwwIZgIl<9+NBy>OseM6pTTNfu!zSyMnpd9O4R
zc7ozVl=9rq&tr|;$FP{5(*#+ighC>NlDmYS<cTO~;p_XiBp5Ta@r$`CuZ?Ada=TaV
zk%WuCPzsdrLkPw3iHLEN;6cL>u7%Kr%8iVX7Rj#kb2s=>VfoDW$Hniivu=(_a|ND?
zW>I!1Cd*L0d#XgQ*lSIxh~c<%GfqemPvn*Y>l11+{1?_Ls5V#({yDcLmc1uGn-Vv+
zDBkeOqzgGW#m0Ycjz9u`j6<ZFdCk>zm^YA7!bI2=WuY6@0~t;!!d!nCg=qAJzRxPM
z`aQh~A<D-@xaa(O#D0CKjgHr5u^T_z3f^%1>S)86#wkr3;N~;LmV)ZBEqIykqb@pT
z@RlU|+*QcWzRa|(bIoD@9*P5&0JAv_i&>N@9p;{DhLS5h&N*shBHSaQS;c6c`+X95
z&eCv_*uBG9dNSsWX61dFp_@0aBj(ZiH)<1E!K)jTUUDQ*aH{GimgEZD3s-u4Q81P#
z>~MK3ntS=sb?=~DfZ5^xAeH>l*WosQmHe-72@=jX!(1t2$`w5P@uteipH#W8=_tfl
zAY_5W1ek<Af9ao@$Ab(sXK>*w*Eh$#r*spfI;pu&c|(0ECQx*kQB0$T_Q74dHhMx1
z&uJ`$nPE{XoI@I9c;-D8Hzn**!x)rWrMebzX31XURX&N6^&k!}DZv4h+9pO6`ULJ7
zsr4Kb34|DOLfOyU4}8V=7VcpdQ=Ia=<SxW5!SU^5Qy|XvkaNI&fzy&#<kV!HvVF(Q
zLom>QKB309RR4+iaOa(Mgm>VTr5I!6HO<#zQs)E2I`sB@vQFwL2BaXeSBJ8bZoFQG
zwl&8N%XDcmrEx2yX$AyK!Y!mRWxPYDx=c<=4pfy->7ye1_G-*RITbx`TxjFP4D^dS
ztVGl3vjrOXc;S$=ei4wp^mfFic_QER>h!Zu9BnMYdUhE?+){Ll8Er(b^BQ0WgUpPR
zDum5ho{u(~a5P~zwr81!^!Pkz`%u=V<RG-pllEaVk!b`HUm06}$6T~~`GWPWNzy2h
zPRUmaPx((#4ebPW(flGC3A!=4MnT#2t4sq@22U=9Njxb@x;n!pT%%+(<R9JSq2<MR
zHO@b>5pxixaPt6iL;d{ABc%+uk8$G`bmF&e!A0I5Vk{I_w$DumlFZafk(3_bo+X2_
zR;n6rVC^g4(vI?HT`{`zZo;jaEUGnT24%InpU~(aH_q2DuAzz8HI}iMzE8HTXOjUZ
zZcp1b2#HfM5B^Kt2Cvfqg!X6?7g12dNt=H5PMh3P0q>Cbl3+^n##=lrDVgv_>s4No
z>lr;jmT)C8$@!c4N$JL;^TVMkXJP!_b}e59W&4I)WEa`*3#{*d6_49?<4M`XRL*@y
zQlF-Fg4dHZxl0}~ku-d{7emvTD<groMuD8|7M<&8aHkFRVAbn*nnFXiAWT%Hvh*zK
z@)q&Ne%5-70S(JYYa0E75o+?Rq44K=606|%1*C<6UM2C{kVX=$ua6iv3w$-03r3Y{
zRfb4Qb}|O42-*-0IW!;Gg>q{y#LjOA;QJ-#IDoXS?LP1cOF4LnDg7R0e3H(HvGpB}
z+O37H*!hl75_Js>2arzWeJ+MU3qR#8uyY4bb6AHNUxB=GYNskfR?@O1ZMWt%?{{Td
z7*)6E1e?9tNAQTb9(>lgYp40ZNsJ9Q1=6TU4Frjf>{?%|;(Xm_&QRK6g&Y48^H5yF
zBMxBzhe{Fx{4|MZz_U9dS4|N&N!ww-K>0K$A?>cp!+zDLrN*5fjQAt6#0IlEPzEla
z(|@p1xsY&mW$@-JC{vzNLAaoqeYL}sL!>5mGGNZ23mFmR$a)*TeUll-lT%K(B3nHx
zXgzE^!d6FyUR61wO#5LBO~td(>NFP`dZwJcliX|)ddFL<11P%~%8VKJI2AN3Xl9;p
zi#HH@X0VIbLR2ISCRBw+?w+VXMrLH`TTm&_<z*-}Uud2dNDWMs9VF9ijLJ^bJad~c
zDKANA%ZL(DRo1F}VD>VyZAUtEe}tYap=`;#^ImcecXHmG(QVp=i?nIVMd`sbvnI`T
z`3Rg~E9J@KDc9ENkN!2I4|e!I=hX?6+UGb&4QZR1UuvYpSSa&dW53Rt^VYv~KKo(o
zIn!vt8lSv5mdm>j@pZIe0$&}Ek~algrkQ6WlxpYTwuV}D*f>YxLk_6<N1j<`)DA(k
z>o72tLWa+D!UyqbZzafex6vLZdQCE8n-_1G?uRi9Z{9Kp7<GU8;SO)4Oe)$_8+AY0
z4VRu8d`Xj;*B1#GF(v2BUnTS2Q4gjvh(TmeJ8{r#@Mw2ThIlDSup4GbQlJNBJJjP0
z1Dk?zt9qj7pRRQ-E^<KwvQNF2&dQZu?|2<EXYnJOetIZUyNg=Tvq^V3S{bc=+Hgl#
zq%vdUypHMCzD^Cre0o8n4chSo$i-8#hJ~i0^yZ?}=6mOe>2v-Ktn&`=g6_sVF3#5l
zOK&%52FcqrUA}6{K|Fur({Oh_5#yK^;x+I@x1)VdacReOB6hBKu|73Wo<F@cwWGDq
zWZ_fVuw5T>b6@j@#$CaBRBsvoC{l=BJO6Pm8ab(9I(?HQ=CZvcqQ`Nv*|a|2g)xcX
zmk6rue){u>s?;-yn`FUb$Mol4lr^S@;Jp~G-^+WClFr>qinog!RkW1G9hgpJNbb!P
z<?cc1HQgnMJWkg29_28(3ZeSAv1_c?t*H3yfonR!&VGsemTMHUw<p%cb4+gt?!D9d
zKJF@wQE;J>@W+g`km-j^z?{L(VF}i~S4(6S^TCeCP1@$$!dSCeZG2m<?Fd>`r0`yF
za{O<RyfyrHx>~37OJ@8lXDn7K(2i##khgU>$Zn0;8N!o|EGV*`(fS<6_*70W%~zlv
zlcCg~y-}W?fv;yQj;!6ltG5V$VA;EbvtirZW!?KenPA~2H~U~z@B-u<Epp0Ewo$S1
zHvX;z!Yp^2L^JIpvBm`)ewumVYgj~fm*~?uZSUY`U$ot-vy8$;shs!md57h6wDd-K
zyaB0*aF=w=HMOm=5O>$=&h&)-C*Ds>n0z`LO%~v)cg$fHbN*8$wiX0BBQd>&AKo*&
zQIEw$CNGRwzJI{zP?gQ>3iXfFdglMoZ9+m6bF2!k$Y%?m%;S2&TnQ4_s_j>M$ioIC
z)`v^H>5=*Sdb))P`)hCI!BT|;V@zH1=7;l8;;PB~Pp>QWb}$%v^V?_HE7n&;-mK&4
zpciFr?DhyPu87nvXWy`vBB{><Mby$GJY-RGh&OXBCYh`1Xq>4+V)YveyWu)O<nE6?
zHxFebFt){a-)*MCuVh0=%-?);LbgdiY)5vDwSNgz7{u7sn&p6AJt$t)lD8sl|M}bi
zm&+TAC5WT-&ZA9en2M`TeN3`Rdm!(lRp|AV=T&|Jt}F#TkcDa;PTkObIPqC}{`Sq~
z6+8p3x@malYa(N0o6GSj$`PrCOhqkqiB64g49O1bqb;8IeN;23#r<U2G@+LAvFRCE
z%C#wC_=+q-`wFiV%+fC+mLG>xAcR_=x5ROl&Wm8~<O-x@A(|l%OT;ZABugIwQOwa>
z#a`hfzP2^;Z`J(Eb<_+S&EZtjn;H1j7`jvT@YIruZ})#-PEt1P?JD7pFtkb{HDouO
zw<T%QQA4JF2ItTnUVK05S>m%sPb_xvOPh-qm*&XX-kYo5*ZALkF8x{b-fzi%c(_53
z{{)QwYO)`(zXpto*jO6<7B2dSlt0`Y5LiA)U>ibi2rOC@4EbZUC>uJf@V7KSJRICV
z=KSIKL(U)Ah5sd1^e;(&fQS7#=?@3w|4jPxL#*f;6+A9kL_jnS4h?~4uGu}GanUEh
zUW6Tf4MiqF6-tCJ49|L3JC@#>%SEhx+64kE;7eECGD&5ZX6UgWRvp}lF7AK#d<_5V
zNdF|om-0mDbA3};E&_4v`jb*K=dkhHUt9x&DLm{*9@$tM>?>-YpW0U*UPopt4e=|%
zBjKI<lvm!j1xKlBb!#i??D52DOhe<DfpAM%LP3TEMywTn)#x+@T}CdRxOU<-qOUtl
zvksl*%ISssiffsQaof^;>~?8XJ0YdG_RUOBm3v!&Xi+kryK<(NPxpr%`aHx0**<kh
zu8>q42m-;PxXT>1;vJA3LvLdChaH>gFH4OsiS}c@;%-t;+><2lyddW78cE;VOjl0(
ziu>WM_mf`Ww>p&03!be~Z)xj%Z;8Z)Sy1G)xz0Y<z#6_!k}^@D#!rSeG0y9`_%sVL
zc5XRx7a{ya1$q8q+M)lhb3YFs1tN>TXCLBZV*~cV1hPwlfPAEE5N;s;lZyfZ;-r88
zVaD8GAO$5GPzI!+<mBO@-~`f_!Yaa!xgf9@QXX^;AScmPtSA_WBjp6H<pk1I!peX;
zU`}@6bCu|ngMy0-0#sn5;N}1dIoN)Z?}+;^`HrrX^$(%WK;-K0>MH>tfH6vmRRV}@
z{eHwjam75K42WTc#o+=+5DFl_($x`w|N9Xa#nn!cz^?%At1_U4@&KW*u!`tFawMp=
z5iB_@Izan>o@fJP+`57Q#J(!n+ZZZC9ko~$#3Wc%pstSEKVJ3&&Z{)C3i>8cRt0@~
zSk5khtuQo7PzM_)dqb!LkhJTn-~rUgOkc#tRSO1!lbxM~hl`yP!T|vT(cA!Do<A07
zvkF^V+c-LCp#x#R!2KvdSJ){)utzIV04YPSzF>jwz}Z!JE{y4t_BKwo{QRuStSa{U
z)(*BXNQRGDMU{b+V$NoUP$fwbRw)Wcdnc%%Agd@qFo4*B;_7BUaOH=H^Zz+{99L1p
z6dYITK>-BVUlH_;SnxMu|217#lK6qH-)uj?p#MEx->`Fh6BNfcL2-N&6yO+OR06@*
zu&;kj-WAJ!AP)%W{#}{>=kx*F>t50DO;Z1w2KFm9{Yb>0-`)6Mwk^OE!iWH@-qqJP
z9sKvSTuJvwT7C$U|KAJbo2G%jX&UI8rh&d`+P^31iZefu1iV=AyN-$4I05#K9riAY
zy#ru6uO7)Ns}CHrvt7aX(Pm!#3^Tew>-%;k8>@<$qa~DILR><EjSa%V#>NF<W8)P2
z{$U5sLBNMc@Tzm<sCA_(tm+z?6cE_!4<HtRV(s6|?iDa4Ryn{_Q}Fz`;a?T}&9lM4
zb2x$LaRL}PMSu_2w`X$#xUMjX17+Z!;s9(o3jplTI27!m&cAWw8>TB&`;n7BD92Cv
z!S){voG^T%z~?)EfKxUw_}e)b3^R;(usS@zH|#ptZ@@7OKd1O_xWCEgJO4PixPHdJ
zZ@91c_nnu2(SRSU=+AJ2Vb29*2*dFkPq}{Q-PPTGlOYJi#scWc&v|#nukRTCZ0UGl
z1%D$?2=MSL*}-@MljnC``Y-alvSGi0f^cxN0JiPtpuWNXCeSMb_@h8!1%C$$CMcLd
z071f(>gPfN-r@ml(QjZlA?z#wtv?5I#g%Uy0_cNX_5+%4C4U144AXa*o_yDpKf(dZ
zVZQ@VVY&vO{l-t2p25g~$r#4l?>Y&q0|t7VzmawI4f`Fq@b~Lsbz%1e+7j#@SJ%MK
zVfDVZGZ==eau_BUi-7xH={0bC)i#0pzvG0pNua`2eb~KWtOd?FVAl$NE9YSUP51xE
zRxtQ)l>bVuzp?c%?g@CC>Tjj|Pucnx@?d0t7s(Y#SM2&Z86Xhnf3-aTr>+#~N>|x|
zcgFs#9<Y-COFdwshBY4;t6?I7HLLF;zfv36Im}$c!~??#;O64^IaYQKp1;BR&9r~V
zdes8{pvth4zrhNDsSpeUpn_Lw^V>NLH;e`tPyd7Kn`QZK2f5gJ{%dppE8DI*_urBH
z?$I64|I*t>XZ^jq4?w@_@58$Iu)dy*nURAQ#TCI6-<<T7Q2|^gP)~{Co1y}5m|mR$
z^}pFz&L8>lgQ2+saWzz6RdzCPgzae|Yi4c1Dq>@A1hu~!YXH_m32Nx51>yn&)|M0Y
z8X*V_*nUn94q%k=TVGh%(9z7s8W=dJDoMdUbXNLimX0>O7Qnc{n#G01Mc>j=$OKl%
zVrXMU55V~W(beGON4ESLB4Ba^K*Yty1!x9@gNp?i2EnB9cc@Gq9c>+WSy^3NTv%*e
z^c`$jZ0t=~{|x7cHu?`3#LfW*j4c>&=)lGd92~G?E^ZbeQ}cgk(r<7~VB;<a784sA
z6H6$JL9F_$|AA-13U$!8HDk85w=oAK!R+J!wRd2>ckiBxh#2ty&**<>ng0YmCm2v<
zPIfTBOc)KoNFFc`zr;)vGe=V=gDcqL%EAg#-{G3;JL@xBLQV965u}-egA>$&6)@m`
zM*BnC{O4!^U;B;Y09wG+{Ti=-9W5KrpV7iv+&@=T;C*ixZ#g+wAiwdJi<9MVo6ql>
z@ylo-9N<5rh4sV!Ia&w@tetan18tmxodedY*w}wXiLITDSgg$)904_UW_5P5v}QGe
zIsy%zRa8x!8N>!+X9k?xUoigAjr~XR=V5`pgUkv12eE-EfJu=5AEf_7*Y%%c1<W@L
zDVPnI$NdG1@XK=lNt^nid;1S?f<Qb#YvN>suz)E*oa}(E0(~o%UlRSVTY#Tv>A!PF
z>>!w$va@r;&;phh*f$BVxxa+g$jrge$pJ98_WDMExrKQEM^;lC7iJ?HW;14}tD&Wn
z5tP}%7HVi_Y-Y&p2%8Esb2M{?G8;jGH2p@voR}HZf!W5G*}=vN>S$_aZ30~P?Kft?
z39@tX@UZ`>EdrC8|E4VhJtCMKfWa!DIb3W&le}_w{~u|Pfu)TB&`6!3mNvGmO5(y|
z55!rljQ))L-+4oztplEfgB!4O6ku+cXXM}kx^TaO+|tIx1mG!)zOBBY={NZRMPPGQ
zb`}sT;0TRu3>{cuQu|hc_1lluP)Anj2g<^>S0b`!F?F=E{4**4&NYGoi^vJglCl9p
zfIvVnf*`=C{eMRaFth4lV+s9RQvR*qgur|d7p$d&0DlCK#RIgRUm@ie%sUta;{G$s
z|DDGKgJGRb2!Ie^IS1g`DIh>!>X&*WFzo=^w7%i@o)oMb0)?`2!8C^zcH+uvZsou#
zZvg8{J%Bnm0F&=ORhIu3-t!x9K<fb-{y)a8Vq<G&_*1<9(vt#e4Xn(-Py(w1FxwAg
z0Ab<!6^;1cwbOs;XgOfr0a#Z6Q0}WS3I`Za_g^997nJ+2eV406hkx6@0vs2xv<tZ!
zNBvsY<=?UUS8U0@^uX+}As4V)2%zQc!2hcr?*GN??_)0qOJlJ4&&FOrrkQ`^C%^Ss
zfjLPoV3iKg;VX~%e_??Q1PxuFELLW~Ms`<VjPxD#0f%U8W)1jzzzDOl12q1`kzB1T
z{d38KfK~={t*^W}1Ogko{IWOympK2O!@J@ptUCn=7HCZ{@d7hNzrxP{3|fH^_U{8$
zV3iPRZ)<Pn0Q9P$hEDcoj*ppP*7#4p0!WJWZ)DE_^jKl;8OB>M7YKF?^j?1n?tjz}
z)`xH~g<4wvRNVj0iNSaWEH49Vcp%t%EwJqHO9Rw@*Uo>T`vX|8KQUMo(0AZ*z#@nV
zu+sc(=^33Bwing6`J8WSCKOlG$<|JmmK0b2*nnvzc_&9pGi%uLG)!o~inpx3wFw>6
znpstu{>P~uAa3A4&lGlYG_|q+zF-4}%?!e3)?l-4unA#cwhcBJ3!8ig{c!x-L^7u+
zFf%9$>^KSRwEEkc4^Z{@bqm;}C+v10pc=6JZscSL{jDAtHtG0%&iS_qQ!s447xw7i
z9{+u!4+en)D1$-ZVEgTnfH4r$cZAZ3@xlhO>>ze-c20H>7{tu>{}gsLt#QOK^uE7h
zE+NPGb8JB=%+7Y8r$T$|sf1k`nq*<yLg}yXd((!Dq=oKn-b$7|wq=j?u<C6Hw;aeX
zoPb}K<7pRg9yjh#)W08&ClIS2PQ!}fV31dCt^W<re=$BVR?punhLm4;e_IT?o$;tG
zhMHoAT5QDUo5m1Ui;S3RUEJv9Flo5@OUXeuGybe~1)n+w!)qbSVk-w-Y~nN)&@$vR
zQ*t3zd?aWLx{U$vZF!I@WHJ~`$lusvB(0Fip|LUWbktz6I=f>o9;*zH8r>23dM(zO
zYgfxPyak6PkT<Mc_U&lZ*QGV4{4zF#ycUgNsJg!F+1C#=Ggn@3e*AS|5JTIL)wdWd
zc^gu$U|_Sj^3XVk2_2NO5ks_d2G=SkJGU?n8i^uXU5p{Y6?huUsWC;ak^^S@H{>Lw
z<!Cu1Yje5<>^mcek0hSeD_vk@dKj#bSYWVj`!W=qf?3^KDt*1u1?I}DSTC)OTBCh`
zp+eBUD>&P07-Or-E=WqQE+d@0wL9WQLNos0%p0y7)a3!=?SaZhOG1K}#&X8)+G5qt
zna~4iX<7~#?<`d1bx;W$26yT)60(dg`pAw0aNT(2p|+7pkFyxUk`5zNPRj}6YqmUK
z)}IDURo5SagwD1d5=rS(HZa}rq3AHImJaJ4OBnc84#~!yKgHRjX$RH-vFjTgj%x?7
zm|XoZja)kl!p*iWh1s-CdrPxxBW!fuaLM1xIt~AVSgOOy6|CC%0e|Iv;<|9XmWLC_
zhsWcE)R#{WzmMEo+<iQs$&*2^argE9`E<q;#@PCF7(Negib&7Pd;m|dN10mKFF8zM
z%6ZvOB8RuT|BEo<csSqBUyt|SzW;n0?&7jcLH4odxtF}8Q0F-=Wh!Y}+R~9ajCsMo
UTz;(EAT+Kg+1=c{`>^c(0J}H}KmY&$

literal 0
HcmV?d00001


From 29248f441e19996e3af232a2c85e7bfb9c83c09e Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sat, 18 Dec 2021 16:32:41 -0500
Subject: [PATCH 776/812] Update with link to Google groups email.

---
 documentation/ESAPI-security-bulletin6.odt | Bin 32772 -> 32225 bytes
 documentation/ESAPI-security-bulletin6.pdf | Bin 113158 -> 113530 bytes
 2 files changed, 0 insertions(+), 0 deletions(-)

diff --git a/documentation/ESAPI-security-bulletin6.odt b/documentation/ESAPI-security-bulletin6.odt
index ff2ab1bde96b57e43ad765316531a3e2b9117f51..d49bdce4d8289308c865427f75def04118b4ea4d 100644
GIT binary patch
delta 26712
zcma(2Q;;T16E%wVwB0>z+qR}{+nTm*KW*E#F>TwnZQJf=zu)=KIkE5dt`!+snURq<
zRTq^jRt5Wm?tlJ*SCjz*M*{(Y1_8ONN`RO7eOHyJQWT-ggTn{{@;}2$s`JK82qFVK
zDaxvf5fW3AQqoh>bJ4T#a?_A<b8@n93I7q6;g!)+5MY%Q<WUmkF;U`^5SNygQI%HG
zR+AA`mQ&JJmex?$l+v<N`0J>qW2*SqMccqa)6~^iP0CzX)$p%@rJ=U7p@N&a7Qj*8
z!ra2t+SSI%%h}q@%gM^k&7F=K$j1c$@(2Tk_<&lr0Xm+=RvzK*J|Px>B3W6WoGMUD
z8mOrb)G-Dc=mSm7fR?U6XG@@m2hb-l!XrG>D!9rry2&=F(=)2nIi}7pq1HXQ%`I!d
zD-`IRKNMuA8{qIaz}_g-%`(WxBN1S~%qO}o%D1H?yP>MJp<}jVsJ~-o0obu}+I9BX
zGu7R*G~csvJaDo;aQ6rV1O#~jcin>bJp&^Gy;B41(nH+}V?0X}eNO^BBErJMqLZQ%
z)03jZ65`_16JyfT(!*0rBQhIPvx^c_+hPh^vkS{J%34a(!i#d!8*(G^^9l-bd&>&5
zTMD9E$}-B!%gd@8{?+}f1~jxaRF~J)*8S(YySpR8fzgS;<Vaw8IxwVcJfnIbr(ra;
zbt${}r!X5>(K=Grwb<M>R9+6OY63P^0XsT=diuL7`<FWh#@a_$D#i}lruRFBf$eig
z12yR*4Y|Xul>;qJgPlzS-R<K&jpIG-^F4LPVWEeiNf*hHCrN;e!??oJtm2dGx~t;c
zyQ<ua;<Ag1=Ih4xhnC9wj+VjRfuRoILND;DZE&o=bGff(d8}i9rt^5A=c&JGbaZrN
zYH@OIc5-2TacX34c5ZE9Vs&+OWaMXj^>}>gYk3^FvVFL^2He@(p4`8k+JD?QIA1?`
zxfz(g9bG(L9S0n4tvrs8-cPN(%uhcpukK9&kJf<q3;Xvwz_Wvmr<2u#|JKRH$@%H=
z`Q^p&{?+-><>l4M#p})8^~v4y$^F~a{nORs$K~7C)79zA)!WP6$<zJS$Nka!<JI@a
z_2Yl*`Sa=R>G}QZ<N5LZ@$2*b`RC^c1Ox;K1lj_!^BX}xX!oT=g;YH@u6=!dHcx!b
z?YsZAUb<-=`aMXknAKbkwO%va)L1UAS!TJd?%+JzU9RZr&_<<Fkg4_W!)EOl_}wvN
zxmq#ji=tPjh>|R~>DlWf4&NxYgGolm+k_J=A<eT*gDNFRQb35Lm<a`)Jnr)4o9IYi
ziM9anMsI${OM=Y8-3{M<zw(0YLIUVhTU`xY{vVL7r_JG#Id`u<N-d<>IRCpz!wC;s
zCB+T@l)WaqF>GOa(X|pXSld`^m4U9ts#(+1(9E(56c^#FCdv*hr>McBbcXq9mkXe0
zJI!Q;YZqzvC1@~t<F0)>a=YO`>9g9>$${PZBl45e+vsR_z`3}cq0bDEVd=9l3g=zC
z(CF<Xy<}wy0QcObzwHe=ps8{9_5E^2QkJc~n*2!SmnAOny2gLC)pX_a1~R>j)_V-`
zxn5p>+J8Ej0Qm^HUq*undtB@8p#a{o&!d!3VIO6mK#vB%1Cnw5Pm%X)n{^no_qMV7
z&w1&t*W1Q!LA~|OM(LpY`#Ww??<e88`vPHlM)z@TKmF?97rovsY%go$eU5q7^LN>+
zJ%wEzhaHx$!=Wz}KLG4&{!eYY<LavY&))RZNLFBLSFPJMV%z8TJg&W;3E+5K|7~qn
z;4uNop3m!IWiYS(ITz^j6!&A$05m3y{W7|bgS01XbDgz)9cuAAS^3d{vM2no{}gcB
z<YUF`Q<d79rrGLJM2{#BUW<U1-p|%d79CP@Es>mhysQ5++RwXgbk=w^Fo$9104t)6
zy;Ds1!J~RwLYFa4QyF?X0D#=>nD<xTU>7nzZa>g5_HMc9rYE=sp6&4^Y#M!oeG^{q
z@}R`o=it4K{cQ3t60SRc+J3hV+g;xF(l;~%J{BT9_G4%?Yl#6>bMvbBSpRnb1^NYl
z2P|q{3!`7HsyoB}!!%yP2@&qs+mIl9EdR#a(9s0k6qpT`p2{sN{<29;{S>IBH6t>w
z-cw6|<e~GxRBmEK9Qicg)9CGf5d6mP$!h7^SoOa8xQRJz6@2qv+3fT+J^I*Qa+V_p
z_GA(AHk_a6?A`o#6~>9buKyUU{xRE2xU}1V+Sj`k3X|7$|99y@w?7PRfBQ1q?XI)x
z`1S^{SKSj?we30nk)Y`K$LFBL<OghX-fdObYWh8UfXcblnja6H^9BYLYqM3Z%DIac
z%xOO||J=RVxsAKEj%&8-%yaj-Sn=7jy|Guwg2~@f>w89gB~m_!{nmbXc9GZj@716S
zs;Bpo=c+V^lEY@_DAsOAlfiC_t_Rpb73c^EI-Jr!-2Q$IBM9v*eBNyrxEPoPd>$Cs
zY<=m(`4|)W)ZX{+T#nufE(tQ-?7r?`Uxt3#!}K<`2?-@<JloNAF?s<>8|`~N7iqO1
z2ELwe@(AqpE(f;%%x!=3=t^$B|M7E?$m+VKZ{_G}YWMg?Vc*g7JnLV1E|03^R|W^<
zeSYZ03BMsQW@diJOlSRF|L#E;xq<?C@@=_J$GGnRp?$t$U766W0LJela&g_aeJHp-
zdwt%tl>a_2eN%r;_u%qcc?i8<A*_;k<s%4^pfL`9qD&*)7>6(K-Q*}DTy}EkerAQP
z?(3;g{=@A)83CkOyt);At_|M#mhS^Zkao*`4i|xgTnLAu<dB`ttL(VD%+A0;O5zUq
z0Zk})Ymr$Bk6plc@AdIw!~GhR{YDxfZ}#u?i>-EI4ARD3t9<}vyiGpq_r<RL1NJ+D
zB*#t*{hoC1D?$DCdcq%~``Bq#)YaWK`*)V#Dz+}Y_mY<*>#d(0U0>Y5TRs4nV>jb{
z(WRIIhtKwh_-^w-sK(w|?0=_05Un@LsI1a1`Q3-3%*zhd<DssCe#&=kICv0c>-b93
zX9dwhM|z4shFuDm!+nMoZqzJnC)LkIt~rHGuW5Z*_D(LR7TBCr$JTi+29--kq^B;@
zF{L6&ub{F#N3GbcUU70R1O-svrrorgy17j6MT|y_ro{?vH0jPU4LLgYw2s-xu(@ea
zY2Ntrh|+wz?QL!FWRz*3?&KpK;QIBLk%JrxLri4}(gkX`5-yi^c>Lhv<AlO6gO?M!
zC{dOd*NcoBJ!*WjKR*7pKQUh<5d95GkQ=K|q|Ms!z0&vgZ86IbFa-F8;bchI2B%el
zycQBfFFRIahqiwm<PBw1FG=U*VOHNO010Imhqv=55OIhEjMSS1Y%vH-Ck#^m{e7%H
zLGtKM(x$-uR0lN3glXaD3tlX?{jQ*5dKms|zDG}bZMJ^QA@*FP-owVsfQ8_Xn@b14
z;^?ez|GPe5e9eGvMF4>RE=$*g7579)z{7)|5e+|*n@4ceG=ffba5J{gb&#F#w!o<^
zF~_O>oBN<%(i;`s8@-E$bd)Ev60GR|594j77wWhloIVTRvqtf!ggA5l`|~r-qTR2h
z8L)|-LwEkKd$2fN)1|o-px@aa!aU&7jD&#anNA)++UHW?=j0F4j7460`-A}*3hN8$
ze1$|$jgO2JZ?z9)0v9qn&Zi%}sBT_+rNJG`Ea8EQus2^YN4G7(cZg^0*~FU;SoGum
zac#CvF9Ftr8idFXd)Wv&xQISxbcfRo3j65*TQJU44!@CEDrZw6c~hKrStBPmy-tAs
zvzsH}vr(Ua8}Yh|LHB|(i)&k}b4_<8`B2<WPnLWTRT%5=jR}D)ks^_-%E0-ZIu$N<
z9z}u0kYo_F?;h3!BsCy<KoJF75;V~y*@h9Bs?vzuG4m5g0xsU5>m+kF7a>#xBLWPO
zvPK^QjAWE1o+6zEoJe5-o&g4xOf2y(Ji!zo=AR*0usW_v3C^KbEEzdXNfo~>Y^n+E
zZYt;zO&LXoj^~|G(4S5(XoaRqq;_R$8l+r8ol3(j#k4%hQ)3s8Rn+sz0yjzrh)tD*
zogpxwWD9uAL0hYjpn{M#ri9=cIf<cJNs|peV^UF$iO&nOqNq?oBSlrhAkapI@52PR
zj4;{C)SjzNGvrWHrAXKC+9v07&sxye1WP;F$urVtFP*S=|HGso#0{*tD9<leYqlDu
zNzPXO{j9tY8Ey=_JknL+eaQBlcw+Hby4@tBb}Ck~mnzNPZGyp83)ZApu}&}LA;p@B
zbJ4$GC^ue`W0J4L2yJa#xlX0p=`aZh3nJ<dpcbTeWa@x8w&dDQcfq8ky~xwvsBg$X
zvB@1zqc?ZV`WNOaX4}a}wL?QMBYlbYKEt|PrEm6T(#d%`<)6gK(9BV4^@~Sp4rh$%
zhb;bjlwdg(4&!x~-`5)GVtV^?{#M^Ve!h0FH*XAfujy$4$zzbaR|6k+Q=kkuqNk&0
z4Cj_zR(a$t%VJ1o=T53J6N3p;n>RsCv@4ySfDv11h@>vWIL@xT=b@u0vJ#)p7b(<5
zR^v{Zl6*|hK0GBOYo?}W3t=#Q3p5c?Q=j-^(v23g+hxU%0N7m4P3`or@zodfYaXph
z%t6tV5~Z9%c=d=;-v3<y9U%jhX>u?=kWErZSx~=&!Rs9Lqd_z)F=6BuuIUNAf;;;k
zi$y;Uexb?9#j}|Jqzt(zy{AWyw*7MsWK+%56iY2CvhxZ@wp=%2M8a|Ioxbh_Z5|xR
zP&RS?@N)UG5fFwCn;n=zpii1<%U{q(Pd7j&p*3-nQ;!Fhk7@l{(TV~5UM?nCM4OVX
zu2wWsC*H5-C9kTUs1g=3IHsv75>60nCS(3nG$AEqW~qjp<diA0y+$v6_jIp)HFBwW
zKfX5RM8bg)hZO7azW%l^<wB>g|J&uf7G_ZO6}I7E^6g?W?VWLFw7MRaW5bSEeCnT-
zIlZB(`ZgiEUY-s|Sk)|`Fb5cF1(zao5Isf1Hdqpv9@%3mOKusP9yoTy94r{hElxhj
zG@Rh8G<6k4f*bzCo1b3aL-nWNHG)op5_g$t;mdF-cUTo8V_>_S4|0!grV*Y1K7;Iz
za$OeH0!^^nla<f{0~(~fiMqkp7?jc|xm&-qGSWZixai6T)PxzpLWtZJK|S_MkiQ=v
z#Mi|MR>Ew$EPjd0=#$^Ahx58@G;$5?k93Jt0DjrN4T-3wlrmXT_HbbqGe3l<+f*}J
zEZ%foVm1h!i0Oq1Omu@+UR)?@n`C&m4ND^tNHHi28!h_QGmF|k#XvVZf=u!L@|g^0
z_8L$bIOob*yh3Y0ruEEVl9!UVqaguyeI_J*n?JnaxQ~+ilXArbaqSto$ut|Kd9t*6
zh4O?EYpzsC4eV6mHV&KZ;)+chlLmWygzvoIzvO+iDxM{q#X5KiXPIVgQ+g(<A717(
z`}9+Y2z!a3Fy%89ZGDx*GxU<TML3?ZBGN7gFK4V2gs2L@{;`uPJNZLl@XKb2kN02U
z<<030LTdY2>-witb_qQxpU>o@j&kO#04uSaS_t#9%zkpIW<#Y`7nRArt1e+r{=u6=
zO9^@%FQGrwFxulwGUp3;bZRo^W*gXibFi1gC|?Z24KJcb*?rp``5RhA<*Vq;w0p%-
z8^13Eo9B}O38>lZnE_X_=wZlOxitFb7Ud=}%@J<}tH1AqY5e#DZZ{GY1ov8sJtYm}
z>x8JH`Rw-mLHXeWM+b#c!M6?L;meo>uuByoOmLFu9s*ipC=IZdgWxMbi#Yp&ziW@s
zWs#Eju+qz@j<75Fc$>l6*uB{BV?!gRiy*;~F)WV&=fs5g%7#`onU&b-$PF#nbW3!^
z*VSl_vf@@?_I2-IHT(*<EmSBJ2_6$pJ7*YV8K?#DCM>5SG-5Lo(a>y4@)2=zLNHX4
zuaaA;a7A%fL5IoE3osG(k_=8+DGWT+<$+`q;UW<((wo1su)tV|)`~~Xt$I9b6qYJ`
zSUS7_T6e1PO&D@&x3C6EAc0GwCnt3tBbhKVEp(Pmp6AUl`HflA8d`#$&F?B2NNqf|
z_4r!e@2cg5??>ENBARgQ7f$k^2UrXNcw#d-+#$hu4(p^dS4+xICsv5yELj0I=q4Lx
zmuP_o#JJ1CoP)f^>sfUOV3tJ7cN6~IF0S-|rjxD))F+5cPfL6fhQ2R(cw;+1HpZ7Z
z{#_^-mf}GM2$hHZdwjC>Lcv)I;T;y~{jR(tnj#}EXm>GctK?!P6gXpF*s01M?xhy@
zB)$>k07XzZMa}f}lsU#Z?B6SfKV&90=VTI_0;K)&(R+>jqTvJ)2q@#ZVDzvN^u)@5
zUfAaZE=GswteDV&e;1Tr3c=I@5nbvq!z;`B7+1z1NTY2I4jLp^=900S>=4!?C8dzf
z)mvd{3t{F{p=U{HQzLhGObfeT4F|8){dHxZo>DfanB6S;APWsr@$dYJFn2qSO;JN0
z6`++0Te2@UA}jvul2H|K+MZVUvh45x9hQa?wPB&agqrlsQ^=O(HcEc>9l`9pAZlX*
zjEhN{zJ$}XZ>d^sr5@GXn-ASVv)mz}h(!?u^Cu7HD=xz`I1v~7>AKHD{7i+`FLHl8
zViv|d8ip|1U<!&~aH@R^f;J&4G&6}^*`vdpgd+uytR`?-qk|MT$d40eOBPFj>_Pnj
zCNfmCMb@M^40fQM;HMKCd<=~!QZ5Ej0vs5HzmHzx9WA{LC?1hu`k45*>wsonsgtU4
zfvW2D6W-KCDX7jl=mVs+TSaB3>+l!}Wo=tBwxwn4NeRM&n_BI8V^8#{qB?7=3VWqj
zZp$i+v2Er=WmiWcCT)REzT6<d$+-P4<e^=Gx!dRy0vdCc7%7GIJsJJEEKNpTt*SZ<
zCt5I`CIk<Od03IACbU9PSftf}W1eu++XG;77j}P+c@R|JFUgDHy-)SQ3mZm~RA0nw
z54$Xghln3De2}pAv{%fTf>4w6NqJabFkxh4LPU`DR7#8=ThPak5;Y4L!cE|+WaH-c
zzj)E`;}814zO#}YH6ATx%)}W3gMXto6GoaRgH}=I8U&G*M&s=y9)UETjT0qV{ARs>
zJCda1aCu`*k|6y=8l9+@yt?Zf<0B0M%gdmXpaBD`H<magP5621n==898okQC-bN^p
zg4Dn5uO0az0lEMd_CUbVSf2|S%IE%=fz9QSAUDVN;BObO4+*2ummws=m>LNVyjH6;
ztJoZ8MTa9cS19HVy$8Dh7B()lD4Uq!7bG!~F#Ao^IElHA<t+EsSJLb2xI(#L#BU_8
z5U_-A$J@m23a{_qw~{tzMc?-|I!bz?h_{+HCf4xiLm%Ct`YC`l!Rl^NL<y2(&cR6U
zua2{hGF~@(55V>4_5ALZDFN1hr>%{b-9s4*O<>uFg%b0&$9JE1%gv4zg`e5c#T4w?
z7r$p@L-8^&S{k?W2*>4M1r#J*A&j`f&kRUFou`e(d3d+)XG;ux`}qm*8@eXkCfvl?
z?1Z}K;_)bV8U`pGc2S4$qaCz%i|M}!07#p{vdI}0nCR#cczauhiGQ|6HB{RK%N#sQ
zR>*NR){#%JuDRrkMywlDw5Q|!ExGD8EO=%}=<Z{6tci991287#JXsg#iI2eIoyl9*
z?>MqzU$@|q4r9hKV@aArJ?y<Y9)wMf)}Gjuoy%}iQ~-?d99^7IvNLoX2a>nLhvg5C
ztTEz;r?srKMhIYFVO@qe!rNDaL1-g;ArI14AaI*qs9@bXb$8(SJ9ua0+!^4=eWV^w
zJ@m;7K|ZUz83>7J$K8RV8&mUW1i{{<3C5qVM9wVVybWH9I+UcO%;7fUb9+B+<|?5F
z-V*<jP5|TYv0y<HmiTqN@c$;jrA(uHrs)-jh#@V8<HiZvig{dR$8IPn-khl<veeS`
z;yZ8za;sNI9OxoYp{yHFF_^1ErC4R6pnIz9QDP^K($`ms+*<*hxU^UKn+$9myln9c
zBb<yrq1l-jc;dL>M;*oCx7ov>`vT)yC=nlHEWn^W74G@+Xi~3cdn;Z{DGsgvL4c+y
ziys%u`SiZ{jHI`^JDDFA{-p$_pNC1gz>VBp?C2)>HAD*gidc*YW`6Z<rI>EgKuVf(
z?PS8O)4!ECVFzL<?}Vl!vE`?8ynjQBU+dRyPMFOHDl$@=XtR-JkKM)t3mD2P)tDnu
z`T+jc?m}ayKiyH0mY(OI+1AQ}djBN$3j?<y#Rh~6Xj0KE`D<{TW|Z?YU?S!yjWfK6
z2+_dL5R@^b+1C?d=pe0~5@|GSWpXvx#ahs0Dkfr5yXMr0&&X`UCWxa$Fk(SJ@Q$2V
zR8NUWXHA<S*2Ta7n3XCv&6V0wn>kTh#R4ianxX3HJ6&Q`UAq5BvgngQIT&e@N`jQ5
zA^hrZtCQJ3qwEk8q$m&@{19IqvcQQqOdkeant~z0L-rR<1V2USO^!2>M0tUsNO;-z
z1!+Ux-kDVp0*MV*0&y4nr7dnMAT-DvfCGh%1CkA=X+#K(GJK|e4VkvS+^Eo?h7RCl
zrFCw5$5xXX>@sL5oiSU8j!$i5lU=BU6Ct6LL^N(flY}m%#_^P&UywpM;pVXwG0I&q
zNkSpl)>ABR$H|ZqiJfMtrk_0f(M+$2WHCXX1hL3VK-aopFL!|~%#ShhzbT@WY~LY3
z9Wz@o;WSx$Fg)^rJ}nd*nrcsZ+X6WA*ZJ9{9OM?|Hagt_mS?O}LmG{`6a!Wwf6X_0
zwWTtYHS**bJ2y#R(k>0!Tp*^?9wiG;+fB6COvG4~#4j%<+C|12s%>GZr7J3{ifYP;
zPe*5JDXNMrE^n=#9D}C$%c^slj+*04*S5zqvzD$Ux@yf>VsahZ@ZF2UY6FbVtbQ4k
zfBk}!5{Jf;h*gOm1Az@D7Sc&RgF`lOp@E|*!np=Bq~ONO4;Tb5-|j1mL?&_sojN%x
zLXJS)7>T%tw}MxEl)2uQKGj%RenOj)P;p6RrsGeTX-J`=l{V5&9c}4%R5wmiIn$oT
zj;hqGPDJx{As8Rhq>zfWECxu+38kPWZntEr5tR-;xvw9!kgQcqOsrvCFPu80r2sY~
z2>7jk`{-+@-im~Zyj1rmdfr_ScgI0=q21KgW#@{qn>-<SI9j&V@l}R#1n-N0vj}K<
z>msSayeH|gvEUbg052MItoe+`SByDD*S^l3qmcRCFP;(r;@-2oQ2>tI;F>ahmEL!>
zuhEyyJHHo`?+kMtg~2?2_9&Xwyh;X*w{wL&J>vFRI$wcCj}K$t*bWE3_4Mz&%{<?|
z9RUE2A23Q`=X)!y6#zW%1itL$eIM=h_ip`cZ9}y(&e#FGK2`4Q^Mvw{w!WvjUk9LC
z1m4|ugOIj9w=i>m0H*@L)>@zUy;q{I(ayZjA57rSq(A^v?-L;J>tJyc;B-gWHS=@s
z4b>{({ED;(29>wvcSp4GldJK5VAvIFGqv;CoBMr`)+zwk+we`;b7%keZK0p?cKb(T
z6Zj7I_iYl&??D6jc{2?7T6paNioJbbE8u?}{N4I|-4$U1Ao4$BDtI&fyufX?0`~&U
z^ZvY{eXYL``W)X}Zvp~&-aiR#c7KM=TLI_iy&hhl{k<O(FO+#5xPHLBegTPa#Gl1H
z-}l>G{V<y@MD{(SZ&lxV{jh1PZY=>#32%#DEit%i&Z;^!y=sO5jLHKwo_grZ=V2)M
zey?UNJ>CF-n}PN3?>w&M$^n3gth-UY=YeXszC?{8#F9{>mPAUo3fnv-&+rG^a(bYL
zD`GqM`LgY$ac1Uwin{r!Q`yww$byd@H&gk>>D?iw`V=k?`7vGlc$zA{wzMrBSYzaH
zp0?Je^L67#Mc_ti%@UsIOL?fa^@f;YkvPBn=b9j3MS)dtMIABIcF~&^wJqY1YR@{v
zVkGaGJ(#e_pBfMHr;8Aa7!QSiW;B5p(noOY18YM9)sO4f01;S~VIMYyQ#`EUNUkER
z{MdO;#Vd6W_nJ%`RE7w@JKYhh85lqBrHUdOJbvLX$F+y8e{iMZ_;5;X;wb#t+0bXS
z8#6b6v664i@Xd9Qx>fjtg4*#cgp*OCiQxKp;8>1;x&wS*?e8lpDOh5T>VRA{LP;?A
zSY|)DU|$$y8kgCS!FI)RP+ed5r48RNXn7RSr(ZU>%kUzRFl};zEU0bsPv;?yU8;BM
z>Rdj|4g1|egY;bFqgqWlDYo?9hV>`i+oJ)1kauMf1YvXa;2ThrLR2Bm5Jb|xVH7$O
z)_;pM+$GvDGwAsC`9*W049mh5mPIpF=;1v|qa}f?PzvbX8p!qX%P$W|(~0g|j=VoK
zYf<ImjdKo_FC~o!GPX4`d@9#+6F9J^_B!OInafl$EaxOyo^XcMaX5_;`muxM4z*YS
zqrgb-X5}LFh9P08g%a-h1m{N$Humx*<*Qw{<u!C{4Z??SQG1UbzI$5o;vr5?y%+hv
zortyL>^336bjagf2AE8y2r$*OEMZY3hi7(z(@!@Km!S0nH`$BNuG+TC%i5Wuez6`+
z9t6LgW`587^VCv#XiO<?$V_ip&<*_!P$ze9tryczvQ-PxqAy8#3oH+13YvwHpz0S3
zMNx55V}MoDV^OpaH3&_<To9E>fTvbDmYWxTl@y-_Cn3FmM0r5Q>M8hd5;|RIm&vm8
z?)Gd8uvK-F!4PweM+Lz)`a&F*4F;-x(8L{RfC&fo$N6JJa|v7)8I)@vK${Q(3`X4V
z$cEQ^O(I>?67#<hPj}eGK!*;96zq#&aFBJzWMmLvIM5eomUTxf`_wDD0yispn5f&!
z<H+-A+@dJ5FcyGD=gECX3#@BW*iJ5~BJvW-`)pFd=h~r@CJn-Fxyy@{Vw1wDZgLwY
zYQ$LyRD3z9_$l6=bU7!<j;_*x&f+D(Sh|OsyJC48u)6{Tm}_1WujQ<~D#)(8v>Y}@
z<)Ky47#^8<!<51Vg^8rt^Pb<WdIc30%&uN5_TG_qcTS?aVI*F}%`{zv`tn-dL4cj)
zJ-03Z4`aNxT1Cw*61{nQ8V}bJ!6)v?@Tvk?Hfb}+3i*MnDYxbXJ(MsY(Ez5!bZkJH
zJ?YWyB6l(+jzpuuv4zg}Ce~SoRbZ1)zwe08#o+{vDNPUOq&f9ejU#EKBRj#6s}n{6
zB^2h&4t~=9avSE;BGy$4;}YT~0V;zb7knKavLmTM`7wcxuip3-gXA~t0&;^gzhn?W
zFXJieL!^HK-LB+I;yME$d#+P28q6qac&u2k!3M*h0q^5up#5J?BiFU@fbi-}kCXM5
zMTp>E>{#*D6P%Vd+0U8gzx<i{mYioX#s)MB3s~b7LUyn(<J`heuaGhz+I&JZ*btqp
zY*NV_oxSk!AX#fdb%zmpBoUyAiah<lWI@S<2D73J@eF1}4R99$ouoi2NbFcNA_Hpi
zQbk$}Br2w01*(84I{8p>SCaGsgB=aKkRY;Z^6_S+q8)sL4mVjFL(x2eD;=uZy%tCx
zm_mVDR|EOU5cvwVpgCLmb!Vs*`NBYz*pM3x<u&=s;@6_zl$*1u`Jhdw`T1}w7Ekjo
z8{5l@hsUo`&3n`U3(on}!*}qr&f}cnO|J8NRxS>n@Q*uv>6R9v)KX{+|DED+@_WJO
zW7doPCpMKHyQa02MI7E1yPCZ(qkj$AQsv_rrk0*?c&;u;x-OkpsoPH4v<tR{Az=>j
zuqQ}@M>dXJLy3AyG-y|59F0das6DzG@$ujoSBMf?IHAx08VMy;%pC+_L$g!z;QAib
zCmW)O*F=v>+AND_EN;j!Rf1I*I)CPBviN7@YmM+G&h{KBUW{i0MG$6hifEO@t(-<i
zPWBmd9^0~IBeb(vT!QwE+=>{k*7I+N$kF{Vx<3eI0nirC=y9#xwxh1{#3SwujO_o>
zV=LwMmh#a6hYzic7lPhoAA!y>na14N=r*q^pATxB^M&d!9toq`%DReS=&!b1c$!*l
zERX>v^Lh_RCnJ0lu3r>#*>;xX-4)!Kh1@pU%j~!&liF&|`vX3b<Eh6XTkfpf-H^*B
zW`;YU@kLDocvO}Q-t$Z=PqK8%pYZFHF1<9)nSm03QX(QR(_V_owIN4?dC4IpWX-?+
z6d&o}VtZ&Mu%cM9!NUZ<*Bg<Sv2uPDFfTx>NV!6(osHZPfiq=aP}C?Uw_9LYd+B#U
zobj$}453}CEtUV;muy;vHOY_06e&~)(B+quud~#Zt`tX!7p_!*AR`_3XGz8oE6opq
zE|)F@glA&~s`<-?5DQTo3&|IPKTMm@oP%b6Jy+yK+0)gE>_=*(gsb?#f(y|s$syLN
zJM&wH(42&6D3CmjFsjH1jVyp;`3*nDoMJ^CttRzpXARUGP%!xl9affx!kfEeJY*FI
zH$twrIT_~DltMZ$@2@Hs;a~{nK3FRvkcp@OjNiavF0=N&SwX67JF1yhK339>sTs&8
zHBC7Y`{w=6XTve%j!{uF{wCnGtiR3of`V|&{&kd9D;o{0EcZeReu*z7IxjJ`YDyH=
zdn1pCZZk-r9F$IdA|YWYfUWg107e>AYX1$qTU-K97n&Dl#MLdGMkm9yHmXb=iAt;n
zXqA>1glMGxeQ;=Ak9kQ7mGN`+j-7OZtaLXGym&&r6^<l4A>V)aSMki(6YhdV9z`RV
zSkQV^7%6gl{>tBwTw!*BolY53nA<!(Q0b$Jvi9H8rNJsgA?u@D6O|z;yjOl~cn#Sf
zt&XZ*Oi8Twm5%2Mww$jG85UbinphSG5G)aN6gg^*waZ8Z3sIrOE9lQei4T%CX_qYk
z!a;2+96t!59^4sM)uw*AY)HuPn}oU^JqmTyglLSS1e>;^AVpZRy@K%(<yfNz-aA9o
z=la)ONJrz2jIZ`xjcFw-!B-@cXb^>tmXb^CZx$0(?QFkw_GMfZus0tpgJiv50J_d;
zxdqhG3Vk}!uw>+wQQN}5zQZVWH3oY%4&utf9VteqDhKTqLUU*m$grV?JS$^i<vAdO
z3!Bg((8@HHU0!pN!%Zlt-B(K%z4X!8lu}^fr)db!^f^2Y6s48MK8~ocg-JioDna*q
z?A3?Um1PNU>S}5ml~Tfjmk(8@0L>D^Yvsui@_AK0Skx<0RoGj&+rt)Qcp;^IUp9ze
z3i#u1_XOPKkmLHhav3GMybj&ElgFhacMEUgIub4F@{4~&Vh9rYKkMkwcgU~c-a-1A
zO`LW$;s%rB5ae8w@Gzzzr7%4EZBM`J@y!gKPZ|cfz^x5S%;EOhrni+Q08r%<?Iwrp
zCZ>#KHr3OE#{-7UxQbGxvLVIzRpkXI6U*5PiKmxt^SIHK8arpnYWnlqEVYy6#`*zj
zI1FoDTJ;mI^OZ*!XjJ!h+f20Fh}^!2vg~X}u9i5}G-iWGrWPr3oMjJgGPOAEQ8OwP
zBhu@8PoOYfDLxK85dN~ofbr4S-vgJx6RhLx;s$>|>SD}OSu}G;JDST`m}pZw8641{
zQzXGf_)xPE$-wON1?YfW5C*Y~$~<~!p}}PMf1+ahff39NZEjctTCCk4qgi}DMbd_x
zcF#ELL}X*g!{mN+SKv#R%0cz`FpZcF=B=*}BA6`y1ew_K_p9fM094(+%7y1M;(3ZJ
znhfABY5O32FDz31U2CMcj3HZBXk}(+D;0kiw7R<7N*^GnJtB}Oi$r-KL<4n8Dw>?8
z8O~~&uD`**dIhKF<vO1_m@dLt<VwQRrS<1jwEs<*xguDVD$!$A>au8eOz4mgD(m8B
zhG#gridEfrm@y=)0frOM786*s($T8}_0ji26pQ2u?_ZUQSarkmr6PR?tIsl1SKfX8
zaWaNgwLiwbBwEjGa(Algm4!{R`$?Um=N1^MjVb7H$c6k<&kYmvE$CXod&cdfI%W!-
z@pqViLRCpi!a4k7h_G}ngKAIqm#qjRl^mPgeZ0J$V%@@WA0Uk2d?q6j(<roP$_~i2
z;VQ8jq4~RTcI)(qbO2WzpaB7YJ{>X4$f@F5KA#Z7DWdYtqewc4l=la0O4{gRLi2qJ
zcd$)5?SJBd|Dg&c)HcsAbRRE?{kjTrBxm=1j#eImCuJZ{6{qETjibY()9?>EF3%sr
zZfye}o)198NPq%mPen36wi^FuK?U&RT0yK=%y0B_y1hby*W<a5>xbB7__Ifg!RJ6_
zfK!0)@ji)g)<@mr2(^9oNA4g=1A$!|#&kk0IfL5xrf;bzB5s!4kNMTY*pa3{pmNHD
zfc+naRkd!W3S<{fDx7j#4CjnvSBJ3m^2zza0tA3UH5K65?Mci8X|zcCeLs<FT>r2G
zy@g8{*(oAHn$VVI{_@*N&83P+R+=PdH^YRso9l_XQuwU$-$Vl`TxEeNk;JNr&dfCC
z5*qRqUUs;AFqkDoX^AJJRBslB+U;;(T}lIali`G&oW+A#Nj?s>OmLmuMSF4x_MCE)
ziyVL>-9<eKE?pPd*~!$FNgvC{&%~aLWk~=#>ng7QC*eFG<3|!e2RYgR1&smrF@!dH
z?Qxb6uR!|5fa6B(Unu`(fjkjK2DZQtA_oc<Z9oo!RpvtX>(fUUYjPghA08Y_wlXm8
z3Ic(PS?r(>sxP5}ckk)nAstpuzyGgGJ$?WoLp+)6dmT(dDHRAtpF9oB68%L$bH9b?
zf8-$L>rm<I4R-Xj?5l*)w+Lzdn#&aXqKo!qgIkV~HJf>r7|v9I4o>2trJ6CTWnlK|
z0yQ_aV9J7I(Bf!tQ-+$?w%17V<oXqw>S*!`76SXE0lHLt4$YjmsFb7*D+Gl^i57sI
zPew*~#h=W4o|{NGqhE5ew)mJiL+n58Ys(Y+fQR47`#H-;I(1s!U;VQAk1yN@r~NHF
zznxRstW(P-E2h=J>G$Udk8!(depA~Xea!@UT`!G6OCeo?1sbj@rEzPt!xFcUW%uDO
z4>`566HRhz>vLubG8z_DF?HDnQBXj+Am1G;PrJykolCT2wkN)NQc~)kL@DJ$8pRz2
zCYXQG=k)4IVp0hz!pfXr#%GPv)J2xkrNPCr1sk9e0iadCXuy0aDptt@A}08g7P8oi
z%8MsxrhIY^$RWlsk-*5lN$S7_rH<eOh8m<nX{1u9#Y<2c(IQ|IUtu!hLHYr4aj5$s
z5dTql7;nN{Bh>pWV*OgZl5gZFPjhIzLP>qzjQCQf!?To%i~7VuO681oq;eEel6(oo
z`_tV+j<CEvtSXcibE|S&0ezK9(vY0y3^?MfA*v;%CG6eWQ&+h{Jd9P?aB$dF6lv1z
zlUTW&bnS|WYWbEuHWeAwdd&d1kZR>RSQ6z_ibNsqG8(fHmK0E%X>)e`8At>;k{Br*
zxCYb9kOARlGECS?#Ky-&1oj#W%sKV;5Vn6>=^D>?E+=s7vO>LVC%0cGHzjcOS(Cy#
zU0>>5Gu{u|yq|waXvkY{{}br>46~>*pPI4Kn&1w&+|bct^3kd-s;2>J-?o!pjxwzN
zbx8|I9<O$<K)ebY1Y5u(C!ZWjEmB_Zb)}Iz?fBD;K?U!CTop-JdY?<JDWYI{(-Ljc
zn~IW&p>5(qV%K^$I0X;rrG&q{f4ZbXg9P55+}AB$^QqzvNsiAZWY3NT`66S_GbkHK
zbS8ZoAfZc(6GKwmF(ClH1mS+sfs70qb};%g7k6es4rCfmK?eC6MoWEC8CK7FQ~Jc?
zr1^Hl7?}7g1f*BqVu1Rt@h<OCSZuIP|IJx{L&5Nek1`~)k~jTURPLZX9Jk2p%O?O`
z;vyo)2_uf3I6_Z^eHTp6pYUXW{RF>TF3$tKdUKRy27j%s<KzY8_K(Ns)idP@vM6&1
zJx3<5e@}2pBwCk=j~nKgz^EIZ7st3+#X47hXBt6u#2OE3@0(N{w`|yhIsFyRBj$?Z
zmqD~)Q!;Iu7oA!WW;YzK;U;fom*=Td3uN>}0xgWyRh_kK-a@efre&67UN=eG&enr>
zzrqT&x+x3CRPIQkhU~Bw#9rrM=K|n+lCaPF&i-FRbMgTQlCP_FMC|>Ym_*2g0eV-J
z#K}Y|TxV=x0KI2w5KjfkqKQ?IElp&OFI$Q}b_X%;0ID`+;Ln2b3mZgH1_~NvYd?VY
zKPj^CfA)Wu>?iRulO&}x|9?92GIRZ}aUC<q|8XQq6wGM<+s-ht{r@s;O#j~uNfImz
z%Kx$iEPwt_4M~#k|H&k<5CS%x4#iXVKK&qsW6u?B!!i9im2MIxTpN$6)2!**yB?Pk
zz!S-&iTcDr3)vK6a~0OYGj_ta(|p&$V$##Yw!?ihY8?T6Ujw;Gn7YvZf{AD)l?<~@
z^q`*Ho-^alvqQJN?K&PK^avTaZ?kbzZm(ncJ@{Pz1iby89-p&T&H?kBr@-^qewT}l
zrzw~#525dJQz$=hAbWo6?99;Ssf6QM9z<~a)f6S%#0<$Nou=~NXP(Ix{zK;oO1h3$
z9QV_h#%@wCO!n(&TW8<#;`ga8$Cg&qM7714HH`SoYkq`Gw;p4CYaEajOc|7RYsD?k
ze}Km?3j(ppMtSpQZ9ua|w;S>d&xr@`&0Q-@pWA{Rb{K*E@f!YxQg*cKRLi=OEhZa@
z-2PyTR{WO-bAh4pQhYdC`GlQ$4EKSXdH{~M{J=<8Kkn)HrgLUe>#4~ngCtvR{<!5S
zl*c&md2llsb3kmdz0MX<&Fzc<mr<o@<^?H`=ok8*aD<8eW<bZbpTyTplfJD@5A1e$
zXvWFQ$O*^&75HI)A-v_>%#~miMz<J;92Vj4ei|N4{CghDsqBdY;3SfL?G?9Pd{e#7
zZrkw(9f@CL26BXA`+^W<@gz|+%8+apoNRt-N*_lY#(%1|(bmdyI+yH)QV{uCFdae;
z{mYe-s@hnmM1T*gNc1XJVAOC2Lzj}eo!ymz+n+Ux^^rc3ig+aR2!c$=dZZ|jZSvoe
zx2bF{_vrT?t&LmITK`@H=|ht{Xjz5j^E;PRP)N0u&zXegw3!Tu)~Na)=obIf5)KUO
zHSRk&gU`754zUXvvaUo;yzPIKA@*1oc!5I@nNOrctN`ZQ8-4|U8RYyYbFv9oNnUF@
zR@^i`?Zs^1^|T4!g?@c3A~Yn{c#V<*k%e{AY1VGr`QDgxK}MU32HkU~r`U1hP;f#Y
zBIfNN;b+|m6B?K8C7ty5?Ou`R<z?<E+M$op&C15YERg9!4HAmN01H;QEcFu;NJOf~
zdI;;Q%>{UO7kFgqw4TjnDiNAN5_dr3;e51H$Z$3Y&B|{7xmXH#S%Juz;`U}WvA!lC
zs7o7irYz6_Rs1ORdSKFwUud_7K}IT(zkY&C4@#D=-TCh=f$c)d%0>*=Vl9};XAoMn
zyOqdtl`G~_4+oMVw_rlb-ZxHQ01LMI`|}0iz6$_TZ(nIh+rkGOZ7(cM8=va=9FP1p
z+6%k{e0>6$e;&$!pJ@W$y}e(H0^i39K=p`{#1`*C<uYlh@l&!`gEap-`+G-}>tSGy
z&OAHfy39!uZM<8IM;i!dXlM<2#(e6Mr~wfVnM>?aTbHjj3{Pfgf=tF$yA%Esrnp_h
zU%)WYLYy#F9Q;0DU?eL*UO(R9q|`*T2zP4|Bl6%>LVqoi!sk6>d5ONpSE+-`p{C1Y
zzqUq@mySV{Kkc%9gYS(}PgSyeMH}w1N#JcZGhh2y)gt`R&D{b4xzy5uqHgWs3~ee(
zy>%Nu=U;bZ;PGRT-OoB%ILVXh+aaEs10er9VaN+4(Vv@Zfc!%E!RR&~e&cYlMv!?@
z2qtJ52k)*JdI%IcobhBSXFA|w+f70FHFSY|&Re|5v*El6M*UZ|9G^YD%w0M34*d_P
zdr8SlI~+gW@g03ckR$hajh@ulRhA-s#T(7&=!Icy!u~rMG`_A^E1#w~BpmOYKH#tG
zyTC^}*Y^{1f~=ybM5z+X>WI3Jw!od`iy_N30rJnlR_-f5^9{{k3lRt=i@ey}_;^l2
z(c8?;aP`Mu#XhxsTZqZFC13jB?d?%S0%v9iC?)p?JDBRtWW*UECfo`Lv&gKxUlJwg
zGPi|Skx6y?T4TCU{#Tic<HZuOECBn&2yJWIOt8Oop9IhzRRRPFi_?9R9Mb`eZHPz^
zU3^&2Q0#qC|HZe2&~N&;OXu>OV2qn=P<{?ndr(OUwksfv8~;TfRC{4%#${%M6aSSG
z@=@=38|#=4VqC5Af&B$NXtU>Tfeb%{`t`dB4k@j=IE)R3_p}`T5_AhdAu}OvIaEhK
zpnEXc&;F$Gsz_%V3+1+bAo}0W5Tp{n&$4f&TJhKk4xBkcX&^^{pWvBAF~oO2+MU5%
zmUdPFVJ>2*2z?L00zntFNNlu>XJLmoxiDpIlQoo3e38a*Vha#_Qra9HyI{TsCimtb
z)KwI?r8X;rY=C5=-6#Z5&5Aw}!%E&lk2m@Ipf=uWbs=4^x8NTa>&ivYU4<v$`Im3d
z3l#x{U}DE25Ma%dsjWS+e+L<M4*zLfBlp0BF-n0Y(X9_)TDV6+G9`(I9F)pgrrxv=
z1W=(CL?GkGbYOHCW7!kEOw$b=V8MTZ?>`pRmM&J5pmuoM^ECl})kCoxT#w315|3X7
zmj04Z(ixhxxh+ihpl>1LV4TQ7i8~kdss7ePMCvBGI&J5ddtfnZ{p94C+={!ux0tl)
zu$``#5@+AXUl#}S{H*uQ<$WlY>ipZdx)Ha0KNMdUt)wrzFTqWl(i$Utz^c@eZPJ`<
zc6JYN8qpIo)eix9Ud=<(QYVsEXN~FT%pf)Tz8JUjF(Xo~^MBu4%+;*(7sfz7ycjF<
zGas391lff?`q~RXUL}o&#}58!n$`}}Xc>pj(av)<Pit%?bpAeHm?%A|kcw)mgoUko
zQXxkd9YtW9i-vxEIaK9khE0CA{$A`@O1CKr=u#NmT*n4@7WL=5Z`3+3d*UJ-`5xph
zgSFv(Mxs6aNO!eE!4N+a>}FYKZ7=E%a*3<xYN2|w)X>@>+p;+{r#!yklWQhFLREc2
zsZg?#2@iZC;J&sv@#ECw3*8LFgr9CKm+Feoa?bLX3%Sy9cVCG-!~aPS)Zu2i6^WE*
z`vq7PveE^BArN%h6!oTnH8_%Y!X({0)a~Y50B9TWHG*lgz-N4~C%CRnhRfxA{m8VR
z-mn_Sa(2KbKUlH6(Sv6&Xu0y&vm_rW$<D(L_v5XWHhOLehnD1EM;_0VmvbMeB?2!0
zENLJO?`c+SOmy2sck-<vd<U&H#)T5+e8Br|U7G>wCMa?z9}spf(lL>YWMAA_DQGdx
zd@IsDK+#dZx1BI`6x}HoEa<LSk;c=OrQ##hOFMyDkUN}(W85XA2xxkkv;H;>Gm|34
zDWF1(GoE_9PaXD}FPO>Q47o`wP%S)>t&GVSS2^N}u-zu;#jfINcWKl6RBMPE4ysVs
zFJJ(}e&{u@U>fXRLTI>18zkh^yG=x7jM+hsKt)Yn@?TNe?@I4}d`I(mJAqznkUJMD
zEKs^q_j7%IsU*I0K@6sUQkq(lOF`YEAXd&&9-eQN9?_7fZA2AI_LkC>6xLIwBs&fR
zN?40>4`{L+nFx?v&6ZS@Oj!|Y3P#SWE{y=(JvY%UVhXN^shCxxt}W^r-f7!3DYva|
zJO82}4mUw`oxVo!GG0RUfXFiQDjX@qA_&gf3Y5v{JWtgXslRF|J7{HS+03@oFtlgV
zFP2bsF{{eh&95>B>nof?gzLMs+{LF4hgOHBjkmGcXF>jAPCC1q<H^}Lyt11uC4~UU
zS>@0A7RJnVF|Daw&0Vhkm5|;>g@k3YzIYQkxjebm*D1J<{4~k9)M?WxEao^aHM%U&
ztqwa?^OUISF%}w$IHR<zWm8t`v<^iX65tDCMrE@l5Q$ia{c_Xr<Y=H&@AW1!XePy6
zN13aLU82Wmwvbo5-mw5Fuq9amBc26lT7uM96)*9<`RY~M%;hAcA11^W)2S0#%u05~
z#>UdCgIj>dPhAH(3`Z+46BpM9UXu*{DPG56gadvRqnfS`Uj&4S+qo8A)xunN2A{nK
zza&5m41HV*fBs{b@rQ3hoY%vggy)z^*Q&<K_qhEaHSdeeaJ5Cd&~tFoll25x&y;&V
z+;^l4t;Eb*?tr-StuZ75sR@mi1ZUhRrYHllr%?KG3W#f=B{$y4p^~5GTXVjb@O+K3
z)8|(vo^uSA55CF8i<nBu&tz}b|B4i8#fitgHKtGHvp<tx8wtP~>IwY47NXZKT^@|m
zl=+tJaZ}=JSYOrsTaPlDp@0NXE!SgJi?S-Yz?YkVI8I!K(|!90j_{ua*yJnYr%h*d
zk?(&@jaOB{;p=a)n=s>L1fR9F1nC_j4k{^JvNT=x{}Uf^V8hSknXl{r=csz^-*2En
zD|o{agYDh|dglM+!r~gFR|8^cV69qog@ZrWt#am7UZd?EAAw_VoxKP6Emb}EtE)<P
zGj3%b#N*VVnr?z0tM8ADnkVB@Kgf<6RUBjyK}ARL1@V7DsePB)<^MM1XSvZm1UJ<v
zE<p!HIcftH+!vQ^g++QQ)}$;qajwx3^Zyq7M6=IDC7R>hX0p{(b&Y4I>I1f_zouk1
z`ifeYRLIZ1yd^_D01>nO1Og}mreOR7e|BUE?9mC)WM#du3WtqA&}1LnUJAH6!@(+#
zO-pC#obVe=`*go(bfWqw#08=&<Ama2QV1FQZ`o22I#)zvrwQf3X5rMAEagBh*T_Mg
z`B}NYz>C2rP5k`3uC7$8HW`2$2^pUhBInxs*AzS!isK)`fRbQoYCaqkX<h-W8n3?=
zDGSnRs!%1WK)4cR=@=I&b{?u4$iEgP7N(ZJCwRzGLjRU0D@ti7XhE&06frhQTb9UF
z1}R@W{jc2eg8H)0%jzpcJyM;IUicYNikx@;B}6t+wj;8#l~63jbDONvP)(ejqW*NA
zN?{k}p=S>;?bLK^EBcBd4wFat{c;KXGJ#oNUNYLwX-XH&f|Q#u!kV^tU<6*GmPVBJ
zT-=n_HdQEN)L4k80DgA!=+qD~&lgK2v}6w&({#gP&n;C-=sxb&C;ttK-!@q)V_3g^
zk*@|Ex@@RYN74AaJX|{b=C<`p9!BK%9(O%k%i;j2O%#IXbzkw=B+F${lrRU({&m6U
z$}b&Le){=S_!aP1se>rNItr61*(YEXl2V|qQxh8_xX}QoIaO1d7lyjsuz`TrGDZo9
zjusv>W4|l_zj2D)^UbOK=|%_9)L&OB;mA+5ANMJa`8hxrv6)Z(MG@q<&E`DeQyp2N
zYe^sQkZ#1>ubY;O*+@ku8S#M42H8o0S_>+lqqH}h1LcXHm~uJG6_;#`V90j}<QUq`
zV9%GB$TNK{@JYIiB>#IqP;0Z@qevPNpJX$uO{}Mkq6F2wEAKbPq**g9#HWC9l6}8X
zukO+tOzm&iCK^#;s^ru~NSFhBn;c&DK70l&4}Z!WF&=t5$&g8>hG#W<zOX-5c)=tN
zGxqdy#Ld)}<A>R~*z0n&GQbUZAJU4^o;9}r`A_m@?bC<;`w;Q%=0w)b<=&w$!G{Cs
z{ONt3H!}6AdQq!J{n|imtpPu{Q9i-~0M~FzA1UV;(Q5%R<`BTDjf-O^Izz6ndIJZD
z2@qUXIq;H4=%=)=i%ozFLb);nQe-LZP&2u_NU^7~Y9!q_hvYPn(`5xQ!vx~a336(|
zfK}3^C?BID#m@A?sgG2FEZG~c5D?__e%*DLvfnWA@Z4&fRoT0J#(X}-&18vyPqyj$
z2Oz^RKg19)+!y}f807cw&g-ml`dI>Sdy&`jdmjsHqxP2VyC599skl1(`!}jyU`IYS
zvH5K_`wQ)WT5_*>%^EjD%V}V`|5saI8B|xZtPLA?3GTryXmEGixVyW%vvBu~YX~7g
zaCi40K@!~EEkT2P$vOAEbxz%Hey#56>6+;^Kc236db$VhWcYc_0WHbbZZdAojT{%N
zX5kmJ{J9Tw$Cgndca7?2trCu=#<cPu-8$Ooo}@-;hx5nt`~19ROkYCSlbY43@f^A{
zKm4}-a6R=42UvIsIl6iCRtx#0EYd%U79V}}klVyg+Xe$_xON5=A=#vS_-n%cu%Jmw
zoeN=B_w8!%SrD{1oW{2mllfO2%ETNdJ=UxcZ#Mfk!W0Y5Wa!K6D_T*^hIF;M2!*lm
z*EFXyQ+FZ;hRm5b--??LX8M`1up^!g-q8w2TQ72~oB)npIHH19CNmr7yrL_u1s(if
z;LAEtDP5WkFa_@-Ne2teF+Dbe1yRp9?SkpVC44Sk%*AyD@sNyQJW(YDpAe#zP%$xt
z*I&?JBGQJ8U~$A4qdcJ9dpFU!4oOjC2O5d>ou$;b8JrHuL3EL(<o*KsA1Yi00-dvl
zoqJxi!vKO@E&+ljpY|VcZTU3O5`4suw_VWHRp#LH5`;R}_b9s$?D}fC7k;}iNb<z8
z?BZI{CN2IH7+LRW;`NC*HY2U2aR``=Si;yqt*-)9>UN`w&nq>rJMQKgC>sa@E1#!|
ze=770D^meaJ|0e<x$-#c0h~!5rh*NYTFcx534kyxdZXTc`IYDZOwwvQtdIA})dTG^
zu_!I?y-1i3cQ;xn;pvw10EN+fRsyl&jVp}T;%R)abx<dvz~m2pvI_nB+jv&=ciZSk
zpI&}dN)R4;#oq^h^7;;v!>vzTGhG09UIsQ^c{^)gw^AB?Ip3c-rVBhEO_~I1ebXqc
zd=CT>s*NNp7LRWmvA&g5G%$q~|E2lmqw!REpu3sD!`<ZtvupGPLA!sV@7&ACV5pV5
z&WQx^u&25+v72A)gco~$KTA-6m4w6<NIC<afb1!aHv30+1^drld(kP%k~PJ{pi=~s
zt_MyP@N8M}6z4!b(VdtB<|TvKlhen;%N3yJH6bLa4wZpFcC{GFdRk+C<G||Cakw((
zH$P?dNd0(_ht(0Z!9^%yXG;lwE9HcQ&N`P3u{KVgROS-9L<Soz&g!TaOmQ*7Ech}J
z5mxrAbv7unp<Sz`X(=1}VTrV<(g@ER@gOx=8yYosJu0GGwgW|}Tn4H5>|1^bxE6@+
z@hraBmP2RCj34@be|*JfADp*0H;IjKV>n+U$WH5O!M52_c$gNMHE(`7H{9DVS8!F3
zy2`tTCnq{kNdGwb+nt~#vLp(Y6SSyMly(o^yOK0ogTr?CO#9*8t<YD31q7y0IM|S_
z$7Xziv<o%%PD|LL8HG?p?^fG3UV30+w1BeByIv0PeLnP8@2}H6L|0ClLNFZX4bnt?
z^O6^iWSkP6)`nU5K1R5co25<#?h`f|d7&Pob8805Q=@8tC!7@=L3Zm>Qb}E#ZhO{r
z&BD}BX2DquH|s?E&?gDpITI^OqRQZz1l@P)JZM&SC4Jy`pj>~7%QGv#TV&wZd!yhz
zD}yDm*3#hL=oO-YKFiz*I~S`<0i4B-T?gp$*m9^>^TPuar0LH+v2>?n6oJ!Zz~{xF
zs!rwwi8}A5B}>@n4(W_{$REi}T%qvq^$MY5TH_y~rlc^1`PJ<Ef99mq!KhcBqwd-t
zY!57TObv}UT<~82p*=y};Q(Nm|Ge5qmwDL}*KpCS%uIcwk>8~i*VW?J5#Q?gFdnx%
z+yjOKuYGNTklP}gH0jZ70kPCZkt}#53an*P8BV&cTiyK)*~qih*!CpOTFWN!(z<wZ
z$f(A2m&CTu2fxRyBgawAz!LJx@g{PCVOI*H%JI1Q1UlFWp42u^G(b0bkdq*)APj3Z
z?UvAe0yPKTZY0M*0;)WL&R*v>t_lyzm>Kju)nhi(VZzuRE}A~nh@zKABrc9el^%C?
z-;gLxhGm!x49u26ZfPp-SNurtDGB6Y<u!W4xDyF`zXJ{<&J+Y2G=l9qDE`QnTBT54
z^N<7nOCwyT>(9b}*anrowSCwqzlg)P)TEzhN*VQ<6CEO%Iz96p<U~P)S_KXkv3)ab
z#A9!>LL0Nrc(mN{Pr^7B_fb3#(;j<yETnsP4m?2})c9w(j;yQnID6tceX}8i28HDE
zCZuyDLUv-9W++|G!8;SOjFmz0#g-(57d9jj<uwUD0mKtJF@Q>SIZ?lEZEt@oy4dBG
z31#<Zvxkh3l%R^hQnJYq969ht7VJ#kn?jkZY>T%$RD!l6DJM;u%y&MCV*J5xmZJz7
zP=?4tXS!b>&NzkR%HVgXXx<h!yB^W`B2}z8dMl^$V;S5uqf*2*%*D@{r#>8?<-Xjl
z%uMNQ&AXULGy@4d!Aau6`-9P@4d2A{C-+IlDJL>M8LKsJ2SuTYnz8nu342<*X4PxU
zKO?~%p?-=ZoDAQ0v3ZG`ySQu$U^SfyktvjXN50YS>(g9Z{h=JJS@vD3KrNJ|6P0y$
z!sJ_w$eUag2G|aiTg<W?zM8XKl>rQw12;#)$+qOCi1&b!|78f?U=c-yVKCIXWQ^WK
z87@>Vvk6#0$EB;Of0ay|l#OM0#9-sz98Ac1&lv<ASno#lAzQ6*5vg>X7Bp198wz#I
zc72Y<0S6-3m`i3c;NTI}UixKpDRkHaSGENg3mZ?(YA_6mn_Fy&5R`a^`&k0nOp}l9
zjguQi!3Bz#cvTTOa{ND<ah*}|8pd$C?w}K)u<w*X4^8bVVSP{Gm68PYW68j#R3uYH
zO5jMjujUvN*DkQ_qnS{T9(3%IL5z9#VJA?#YdAF<boP0Q5V08L3&^gpj1@qSSOhh=
zVEqD=W!x6)oV0YqG=dt$0&V@ZEPks#B>4;QGN9vT&Bzdqp>P20560zTpdk5rJfww3
ziF?x`)Sp%B7xeq)8<6`MAw<-1M}X~6^f5opB0U9Dp*GdQsb6l2)%*Z=gG!ba;npDB
zrbBzKfB*%#(QOlh;`)0@L6`-ybGWZsFk+mA;kOUfV9Ql?kn~m_uPg~T50tq~xx(%#
z0Z?Qv?^p1B)rM8uR=!Fx@y;^9Q+o_9n!JZ44-ga1_%g;=&dJZO9Xu*fk=VxPMQH{1
zv~+nc`4M?gu4XNe_9SuZRed+CuU?di+)`$gXLF*f1nwwg{38%wCv7lFl>AoM?Etn4
z&W7AY3k~z(KC|}vYJeNQ<uh7mP+){K0x(|(s<-$~{X@6YL>>kv_<e{8&jcTtPETdT
zh~kQ!{=&~dg5cM7HX~K5sB;c?75gxZM>2k+MK4UZCf0~HNMi7(KyP2q$)npu#B$q!
zXraPLM&t;>JS4ZFs}78s0whw{Zs>K_LgH9r%N(MO9?xard*L%(mzA~%+dj+@N+4Q^
zrSM8;nMA>29Gl74Fmc#fvcXd*{rlnFu@y<Ns?qkU#*k}!TLX-&lB!(Dt$@Q<eL1<L
zi{XTur_N+!c?wJbi+-7y0IQ_!GB?K2d|QhnC5zVj9Wn<05fZZ8L;SF3t;ZRDb&|t9
zy6Aykj0mj#82-_39#|O1yCto*EkN}p`nc#c7MkQTQH6<kqsQM9sXi^2RBbVC4l!K@
z>k>}P^2868TENuZ7Oh0%LVw<N#V0C|>g`c&0Oe(yZ9hso2f@MNczRz2uEj(>&OPM&
zhSVg4{e1ZWhJ%+oTF^;EOqrTw;mjwQwgCDWwZa~KdH9>brd$}S(Uf>24Pau#9viWY
zT!}hO8;t+Gl;VKl9sz8%_OP7A4)-t_0-f)5vTeVo-`HpRy^(+|#vPYlVN4-jT#Wqt
z%AF2uC_BY)mH55=Ug%6R0}iJsQwT_R75@{*JPjO}Lfe@svpiyo?;r}!#(1~#{g*VI
zrfiNf=irs15T?rBSRZApCZJUuv--~FYadxroaG?To2w;cUFZ`%mro}x#yyX6!s%L;
z6caMc*`mU(s<Eowwk1Lo;j|nFa&H*EABgW8s;F17Ly5p1jB7Ydq@Z7pv<HE+3_#S?
zp`svU3oUB;d*BKWe#dDme@lk$a-^J(BwnV}(tD&b&=52@Yc?lt3P8UmR|w#Y%Eyjl
z<1<zXjl(~V@6Tjsnk)EPlGqc{mA=-Y#Tor<NeWrt&X0ZsKiriWU`(*6N+8AZ4^}X^
zMj^r=E&U>NR;M)Og@L2|5(UkBlh<_DG=;*9ph-!ttACsW<<&e*ylR9PAZR~KO&k@2
z(tzjGt4R{J^dYtj8xV|nhW5{IdxKe_OR^O~{*5EG+(GUrOmPa0eon#oYd`KH*yOSU
zizmT_*ykKgDoe$)sx7*t5AtSRArzdOCZWeQ5_bh-aG*<mnL^2;eEiD-SeSzZtEYr+
zo)=*LE;~#ypE+a1;MPij*AG>7>Z5?fLQ*KHrhTH{8qX+s08;JHTruyG(oJ+SW~UHs
zzXGeC!Yn#b`X)&V!aB@RW+?qvY`X61OV}-jvauhOROZ<puWHL5Mmq4EaFBY)Y-^#0
z5RO+x<H<uQM3mTm+=XS`up?0k!^S(-Fa&WjB4lw_&C68KXk^2z@k(oY9}TLk``4$D
zHN~RhDlu5#0_F3!a7^^Yd)NGl?#u0kX?6<V7s`UQ2*lo!!HY0OVMmIEE6KdHzN59{
z?F$dFHFz{R+le{9QB#Bt51}J&yW559Q|yH8TG%9LaSbR(kImEwuI9^t!fq!yZsqev
z0I4KVax-?q5K|$Wy~Wd8p%XZ3g)f5pbw;Lsx%ZYq0BF;r1DPh9yGbbVE>~YJe&<|E
zX0akR+E5cY397!*wW~tr{F78nb`Z3P(b|%rIFs&UT4QTWL#oK<dRg6yzdfwf0C*$h
zxiag$K?5h|pIY=<p-a$LwS;r7Qo;!)hG;mqE=MYVaToS{hQ;5uJ%GhWr{qXwraEoy
zE4iL#1Q<AwVoq8}<Xht~K4+o1jk>F<S=iI~Xd#6SABq$;*hTq_<izj6GmQ<{L({BP
z%^uK7#`{7gkFsT)4GAvnaO@SD#uAI+iQyDUe;Vp0q@l`wy*Hb6H#oJJ-GSmG!K1|E
zkfgnKZyRuIiXTU+pn*_U<?4btg|0qvC0Mws0E~KSNyLM({!%7=H-y6$uy^7ki^?a$
z)SL(MHEb3#7ROk{s2tDHCGsq%+EJ1kIYQK5sgdSH<Ikl}(XJY)^<ytVF-qJt<va(Z
z&`YiR1}S`f`bf43p#nnunR~Kr-SYj^edD+KDbq$3xw0RlDjovSqRmkUs@zB#KT@`)
z0Wp?85<}=yV{DKl(Onj_OZjHFjZ`o{t200EODa?dL2WY&Fw<Yn4cf^{on|Z$5zO)K
zatJce=x?7XKf#;`u2eCb7EBIO;F1sbG5s{DQR|;0%+36veBP-`7pl0X&mrf;t+%rG
zh556X7114H(n;J|uRVI}7ib=*5ZcCTOhCus+f0`4&gb^4K^^rBI{1XsC|QhH@n?8K
zF|wqCWBGIZ!4}rUd$SLO$;m@F(+<_-hTm8)8%RQh?8;(}77X6zB9ktE5aRYGO`O5B
zV&4BjPd}E|i=at_tHu%?6ox`RVW2eqqcHd`UEt%bBHF^u^$V5ND7^^eSejChUL1%R
zCh<B0p&(gk2<E0spT`8Q;<m6DUKM=B=tBOCRa5Hwr~Y4aY&ha8DT#4cXRiXJmio;;
zNYhDHZ2Z2ne!1C4PBKPIM_Ie`vX?jjw^Um`;KN(7mJ4rKsD~WF{uBTy!(Rs?C`yf_
zAR@v!B7%=i@W$&oixv*FElXbmoeX64(xFT<zxn#puNqwZ7WkL|2e?h5^F~U!#Pnd%
z3Ob>$g{sh^i-d+9D_y9|*7MQr4OmaWJNjc`T(I;)%PTl(^nFGRDkj8#Tj5e64$k|o
z-AdU2YLFQU{^=K}z>?XD9fcZRlke7!ebqnwy^+ZpN=$I8k4ZSXGY{Ten*xZm8tlFR
zcbd$mJhuFtJBia4>2zYvLwHXG;hVMSjE*s>7u|$GL#qtL9*UElUeq2{EfLcZN_fYH
z^YQBtsu3~Lt9CKzqirk_H*vi3HO(I?-X-HVuwm@`8D&Y=pNxpkh$8CAOn{PY#-Xh5
zl;O(2Nat{x^1ijjbWF6Dq9`CVl!t(yB|CL4Z_w{Ynm6{EA?4TlDc}n2Kpkt!R5kT%
zEN9&;i3VQE5WPMr0!;D4=UyHuf{kGWQvTB{C%?2)YSMVPialA2z-6cDm#!cO&iu)2
zxc+$r)d3fC$Xx}=E3ec5m4)0kOA_p^JPjQ0oA=yHVt=T02xn!k7~#OksKE(c)~OLi
z=!xuc+XtS$Si!BP<g9#j)oe*s?6VljSV;shnG(XD=SruS9jOM*W<%L{w$oW`@t#1o
zS`RgGeFz`droX~aLKrdSooFA1td15(88e0?mTTUrf87sluK9V<^_<j(bdAI6W~MmV
z(LKX@ZOC<$flz7ev?XBen-SY!E)|U`;yPLKK7aFqKaSOV$+L@D1@hT4WOaY*$J4uW
zr~~)_ua5+4Dy~+lIkihlY%@w(dlUl`oy<6X8Td;dv}o&2_-3znWkT3)*FRC9=0Ef3
z!1$?IIa~blz!i#0#pP(bBv}+EjU|F5G`ca%(O}{sF=(xA3)uq#nyTMy45ltDXnt&_
ztQb$alX+SJiPgK8z^Fy6Sk__=!4<WGrPFPxDd|UZ&dKGna0d2K^tq*(?53QwEJh?H
zh(%uKw_ML~zT}K|jRzx^ml<R>YdC$b`amRKc263ai5`j*&iOC{<3zl@qO^ab9zrlg
z9?1=>!BF;apbQ5rzpE$IJJRZmLZS(>9QJg66Y~C0=!rQ@acQS(5)^7x5$CXAy%n!5
zwJo#V9@UpcgQsv|F&q9T1DnYR@~bToX-W?ZyYE%_W&`c?iAx2oke&NFmR3r(3iKFo
zCw(yHgkBOQ(3EO#PG8$Wj1veqq$Ev|5%)xJ?IWnQUeOM`{GvCmemSx?N9TTduLUP?
z{TQ@V{ycFH7f61JO{1hT1;d{Ljg#WAcMoZKiqW9SnG?Jm6S%ro0P{2^nES4aM+WBy
zBl!9Zqx9hQHWc5%_Yq+sp^?D`SbbW%9}Ge6j}GRn*%Dn)v=n#<?rxt|3D=zFlcT~f
zr`x=yOr8L)epww>BQ_rNt01#8p6K)SAm#@WV~-R&N<@-Qm-owT?jtSWVNH~I1!%8t
zEEmLV)rnIaPlRcXBk4IQ^e?KhHLDTm>k{~`Yd`EyD|gz%1&xp-jO@b<hg#z(^Iz?H
z;tUI_d@(R}TMyTx3Yx3hEzEMn(=Q!Dgtl&Tuz&&vm?*U<A^6O|WdVLgZvnDv@fcO5
zAW|X8qSnwaO0TWh2?p9UWMcdprwoHGLYGUa81P)IiG~xJ=Xm6Ln-8Y<0ZPc(D!f)Y
z+|yHwPCWlpz89E<RaPngAhEMzT9@Lyce6uxIPg-Co|bQw;cnBndl{clCeKUS@_eug
z85<aI!g~N|qgSG9m;IKzG{SDGwYCpvys>U%+h0G0Jy4-0Zo33UUt;2l5AGsv3l{K(
zq5y6w8PAvIv?Jk`c`fhBy_J5*8GeM}tn~TTz`XJ1VAG31!!B6`8)23|Y`vHiddL!h
z`{}G24l5)^V<}+tc*4U^F-OB=|Nh;6Zwe4%>i*kBO11DqMw-TO^s|{5X{O7vxfXx!
zayEjn7Ezqe!lUYgpY-TdzQ7q-707p8h)+sKKyUxvU-kzV;<kmLYT>x*kzxRigxkhQ
zElY)W{{@0F=6GB}>ZKL@L{r)AqphE-p0IEBY7u2=y5_s>(T+u3A!>4UnW6_rG%`T>
zhE)hE_aJ~u<)Jd6WeXHZY5DG|kGeZeai^$W8FWqfE)=xUe56K#4xZg1>G+~?d%PFX
z=RlTZ!L`!5p?Hn!qaLBo;cL}s(fvlyLV!*oBYdvnrzNho#ExWdNXzkgScF=mZ6q~=
z)D~gSlk23xjgp)mz4v6KtVm>af<J(yFvpQ@-5Jd@)*DAm_8!G;{Z5IA=66Ifi#o^p
zc(L(tE^q(oo<D|t2@CBs(m3Z}HKc7iNe*sqc<xD!P(!2LG!`B0EAhg<j4cgHjJ+Dk
z*9+%uF8LGHlYT6)`!sR9Ojw=fpXUN;P4A_nV586^D>WE15i}SFW?8GrmCFB62Ui$y
zi_-_D^=*l<b~57%*A2UWbEgD}hg*GXmH!=c0WXTx{{EQm+#_R+?xRe$n_HY6I4=f=
zLyi8!FM5~r*f*~E7_THS3vcMPS9{qL*SH-E%T|IoQrG;N3yZ&a8aE6|%p~<itX&na
zInBthoF?A1Vft6QZtdT875~fxCiTO7`T|P$YtG6q`Yr0++T>}ohZI<>z%Z!Sf;hv3
zX^vpg7C41!x=+Y2XA2?~>Wn_?VaDM50~3aDUSU%)FJl*OWmXNf4VGTNdCxGt^!u-F
zqHv*t>hY!6my0-dE-LZIOgGH#hX5DGpx6+77gpb-_8XU`cUmYe)nD%cFBn`-@^hU1
z;NnwOjRB@0Tk?+(r7Mt#sg&P#Kb*=<dZCfdO8QY4>DuQ?Hz`{j>#ipvy5rKt8v2A?
zZY?(y#2gVFL)%Xg={BxzVdlr%-#OZwykwE*R)ebL8Ddzu%ECoECYWC_>7;|cU@vZu
za$w|evFl5xXH`Y38!qwyLABRqoDxjMNS`P9#RTdlC%Hwcy!sz_RDSr;MY{?Lb?r7;
zj1i(G%2r24FDvS5aOwC{-O7tF%vltTk**icdCK@DXH+D@N04xBknOb~Y6BfM<_m96
zsa+Nmb_VD#W#Sb#<y$~H#ydM2x$<Z7F$U_l^(ZMRntdL8I4R_+bMgXfk)tcwo~6pk
zqgHn&l0kw|E((;+J7P{0ZZbjHP(W!9ZHRl}iyKHlTKxl!^Dn;F*S|zrN@UC)Ge#(=
zaBArPA<7~mBK~>X8Zu(U2%ON^arV)^k8#C1BXEYC<Tb;OpeN2%zmgryTb5v>HjV^j
zx_7&q(apt0f&KK^BBt#kWrI@?Vox;6Zcx`))*sA0QaW>vf5^K;t51%jrrmJXPPl7n
z4x({Ml&IEOMbMiKanPHMo9BleGrJm-E+i1`iXq>aM{>{ayAqsx0UajzaLbhv9NFOh
zoU>01B8S(rqk8GrnA94ivB|L1r;VEZJ!qP?zf&6LqomV2kqldk2{8Ki+th0mbH1v>
z@H*nOhfi<-OeS|kzGwGc5$b6kD^+IHbNr}0y_M?sQ>aKo)Yn&obO$ILF$f3j!*iG6
z)mO+gl_s+_e2%GiKrQaq4wOy-TFVoGd9XT}!smG!eF@Olo_ys2VT~)9n`1MfR@(yN
ztwfpJ9BgtK;UN_HZ5wQJqIfEPf|(hc)&0Y<3cMs?@jwovWK$Bpik}HnQCOeTzQ6My
z5I=@jwJ*GA3#TMRTke;+S9jIR@v|R0fGb)E!|>o0sVBur09?_K!9sfpIz;yxJvA-_
zn<hAt);!|r7<U`P1HZR=Pms>ti+f;N-VPHA`|BfTKdP=A)|ojwCqIrqL!Qap6YgEm
zP)^kFv|MV2-|5R=wy~t=7a?+e7+pm<6<rPW(}fd|{#oGW(~GK4oZ-xGCa!N)s<<3t
z0TzJS;6-RL0nkaZC5tmO&dbiZ`^8f@&;6c14~1jnG`nX+n5*d^!P%a8xA;V^?>;Q-
z!xx34g5ojmiZ1RYQWWy{z-Owd9cp^)4^P<IIp0Dur56JQHZsPr13JEucBJO$raehC
z+8^-zh^lE_Z6!uLiaA!OqG4+Z#)ZHM_KYZMzHl2K0!-f7Mju}CIFT}?4_H-KNQqs>
zUz29>>J8e*x*ieU@a&88);?A*WC>)Is81wo8E;x6MVt{ZReIdZIC9X2X{=P5bHi(K
zYLISTj>!lK-oPjZLH|AU%Uw=*8z3mCAcTL|;r~ALsp@~|;{Q8P8;(p_p#PG+3C$@0
zL+#^E>~4{s{-HBnCuGKz`sVHmxLA6M4GNy>Ml=;UNVgp0W{n60<dhVe+mh_wDQ3e7
z0b3RLTBRBT?<CxAW7`l3y2f^c2(mfBLi-3FevqTPyq_l%#x1XpL$r|I0jWY?*XVLV
zd>wfosk}ZH#@Le)p6skSN(o9#saQaqId+z*9&zrhc6+2HE~fs5RRMeYLD7oVQe(mj
zKW->#Xb5AtbScj^XKDB7Rx@cvj!j78$KzSj7XtH(*zdtN7TA`)1FaL)J=Rm)kSCLz
zfPF9fsIzNlz!9fXWC|um!ZNpE@|&F<521=~0NUmDnq9Wx&Wry9)OriAv=D%2*{r<F
z7)lpDW4k|ppZ?6a?Na9{n8Lq{4r4s!h1|_-U}!*2_k@lxw{&iMP|b>xdGyKK+F_<o
z_@01e5;NcIN-k`ipfB3Wi6+UFpOnkay&1E$FQ8NT5f;m}_WmcP)B*I(74~oAgr=3g
zRCY|F0MD#3`<K#k<S`gahdp5Y;g^2f!d>;G!P~CIz?9Um+HQF!Em)SmQj84A(=iEw
zl;tI2Dn<}MMzdn2R`22rW%TKduod%ZNZGe_ZgT@NI9bm|vpQyW?5JPvDuwdxlZ#Il
zs?R@I(66a?Iu4vZ=LINwu=f=Vb`NYJpmDa8A*c@qVX*E|Sxh6DV%`AiyH#rRD_1)*
z)GK#BFo_+;!IA+!$40N1?$jZOPY{xIP;1&d9Mf|bJg>TV5rij(_<S4J>G}sxR-WK|
zAr)DCBij3dwm)~h%XoP)h=Mh96(<~nS`jP{q?H73U-F2QX^kVmaTFNe2(GRUMn&?8
zU|p(BbH^*kb_1C$*mQv(A*wN^6xL{x=8_I3F7Biz5}^zcHy$)`dSF;ad9H^VO3=Gc
zQE!zPC_cY&d7Hjw7i^?4Z^Mahm<L-&E7Kc5$MQA=CDTh3%NTk?fAv|weqx!*obTs#
zm?jSiL2=9S$E_?@r=W*ptcE3@BUZy><(!|x`oAaJiQZMdt{4jdJT`Y5AN4laiIt0K
zulBL7@=r929h3{MKfAD=({&lWTd>iW7`M~G?}?gcwqA|;*0$1I>0|?+|HWL;v&u4N
zndyBe$8d4ZlIN*h&2eXf%pJy#s`ac-9bR$3&mUDe6)C2bIYM-|?h6mM`VFh}5IKhT
zrl%CQVt7P3uJ$H9fL~*S9}#vj4!3a^<J<MzI*r$kAA1uux09}ih^!lcOVpHI9^F;z
z@zYsSPGrSyT7p!ULyWX-olX+F_Rg`%mUgMtPRaA;8rP7|ds>!Ggr5aT1L#*0*Bs}L
zp41lyGqrMhLMKHRi|JnL;SXpmkelXW|IB5+4cpMF<%nAwz@!zW<N5tBIT2;#9i#8T
zo=o~W8HNqZkxQrAc`u`fsE_F-oE{Ta-wt`xBMh%(xF;;<J${m2-(#b#stlh;ke9ma
zZo0urfwcQ&tL3wj@wN|t^|dk}yv>xAr3t3PxJPk+Ab5*Fz1ZEGG`JCN03%^`d;4(|
zi@i&$_zf5H22jIniiVTIFa5$JKfBU{P;NFLJ%1`RMw+3r_}h_4uBM*+LDp<&&W|@9
z@u>!SM~bv9D~;zJBU<hpR>+3wX@iXmf7vv0W?P|%`urJ<wAlOo*aB3(ShAzy-=HO}
zfpsRUS<^U#_`CYO;!kntk!NT|MK4Cyx@f<rrD}X?&jAwQS!`2rnRK|ib2hS<^)y-K
z!Az@Y1*QxKQmWDooM4=Yov|rzs@*;g=B4xxnqe%UCL7Rz%0U|D4ckK@vn)Qq<lZRz
zRn;(VaiV7=^+#D=h1fy|6VrLcH?yQV4c{(wE)rj4wyPmq&b^mv=E^Cw08wIG@MzeR
zZ$MIWB5?RVGQPD`A<kB>EGhj(NbUDp8Y$->%r7{53}=-^A0m}K(sCM&ve&bF^WR`#
zwK{le0kOT<xYhP(FR`p$K*yw<ay~T`#fA6MG0IlXSqmoxcaWKtsyrmfdoR{x#==ri
zjD4mq7+F$CvbbiyChJMHi!+Lix<q`076l7I1o#o0%zeGDj$V`<TyOW~SmH%7y?%qf
z#k=Z&KPzFw{2`Ag-Z}|uxRCgvg2Ye|Uml-kAV8So4OCC~vi-{R3<QIsgh7EjRdH@}
zq!&~X-gcOO&4fCwdYf)GCH6F*|HC?SXjS3jJJ%HyR{;%FqdxnMMSS;31?d<IBwWYL
z6d0^i$$Qu>6<fo^QWH<HF=azePv$~_d;SfjfQ+@~9`Dyndy3aGz%Lh)Im?|$Db9cN
z+}>2q$Qt*^Ertog+-Ahj#Jn=QuCgxC*0&zLFxlmlpCu6>O>^%nv6!d}HS1-%lGQhU
zSd@E;g-xMZm$3Bj=H9(z^d4p88=Zq@2ILrng?{eG${$Xvpoh!nCqZKB*Pwj>STYIT
za@6*!%r_d-DihN*_bpK)Sq)#+UWydF3?A!KIb%G@VbU0#*do#=CDBIfr@fIsvk=<w
zBdH2i8eV$ke=|0I0sDp&h3rniBWms$yP5nlgkgDJB{myvt>Ms3Duzl^T<|H~0i>}o
z@omGnCtg+9O0`p`Eeu0?OtZgw|L77LN=zlj^`}2TH8>}^ho-6nMHeF$wkLgv;nvpt
z6*#vdA}tsv+$ht|Sv|V@JEjPo#9gySh{2)R5nCwmGj*UCd@x8W43sWNb=m?_-m^nP
zPGvi)h83K~WtJOyPCQqsozP4V2P~4F>%u(2-5w>BB%*AC8E!gbJVFQZFrtmU5|T9n
z4oWv^&mKj3Zh{Yveu7#ONKf&cq*aTOPlmG<8iH~QAZGb&aMtUKlg`&a?3XjUSl|x)
z(w2R@PBb3W1}a$d=6ksn`HM{ii9dB{{b?^_^rxB3zbn`Ng-xI<8Y=9W(f^>4h9%$7
zf1wgX|MzJB)qVz2;Lj)cSM#6MZ>ax^Xa0WV|MBWz>g(+3@y^`T+{RKx0UCq@^-n_^
z$WZ_Z2*d_a4P^Wad;Us-Y!EOz1?qoU75&kBu|ay-$^MTXx*F0Q!0>mn{vV@#Hpn^~
z$^S6|k+4J91L*&;()cUkLC`tiA+LeRf3+w<B%oM!2nz=l1RV4)&0lXL>=1hn62^Zo
z<sZQIpZN>Qe{J=d9nu*@$on@Q|B3hhg!Vs1mH`x$qos!_i;ttjKe70q1PBcv0aY18
zm;j=G#q>Y_%YVo8)C3C3-O|Iu*2&ua|Klg*kDmZrNFhM*cWZ5bq%Yo(1%M8o+4t{4
F{vSzUY+(QZ

delta 27381
zcmZ_#b9CTO4>*k0))rfP>uzn^wr#gt>r>lqx3;aVZQHhOyx-^k-g9;CopW+#l1!5M
zV@@VB$?U#^2Kj*@C`f}tpo4(GfPlo6#Un`nh$~A_*6rv~E~N(n`5#~<Mtk7K2mS&+
z6=YOI35ls_@K8y}X~<|felu}1QxbD?a<Ov@@d--_aL`K&a41Reiit^!NvldLYAMS|
zD9S2nDM@Rpt4nEG$m=_*XqzeMJ8K!3YnZxNYRQ^tt2pS(8R{EY7-;`7ly@=HFgG(d
zv39X>baS>gb+C7Ecd~MGb)}{H=H&psxrDw2dB62Fb2M%J^&R{SG;^)o!`$s6JggI4
zy@O1Ai{<3MWmUg5rM|V)zg5k@4RpWFEWWK=zMZVT-Q2%@0>a%wQmli@Eg~9h;@dr=
ziX5WredEjBl3HE=_IU(;d*==Y+UfY)8-==A1bKTT0QPad4r@wkYg(q;20Fl|x&4lz
z#;&t-h-XlU=l8BhKywTDzh<_-sTvWXR^b7j$&nT*p|0uiCfRukMVT4}F&;&!MkNV8
z6-Ck&`ASU{l8r^m?e#(n9U%Sf^aE{NLk*J0fnH-h@MGh+E8`&ZQ-q6aaH|VgBmFcB
zW0WgHZ0oZmhucUe8yFAUct^kj+5I}%$sYX68T8X3+Se_}!>-!bqgr@aSXfkIWPDm;
zRA@p>TzW!OT54K&N@2v`hSaQr_{_$v+^m?q#?1WE^y22Cl+c3A)Q0Tv-0Zy4{LJRO
z=$6v7?v9x5&YaTH(vr%Cn%b($`j-02lE#|a*80lM&d%_#?}&u&q$uD!E$utFcqFE7
zHobBntA04+-@@O*ul(rmg1_JSHT`8RL&fcL%^m&q-Loa7-{p<p^%dXk?O&ZeT{S(^
z6+QFqeWU+|m&!-?TBi2e2fjOI4|*$8hw8HjTFU!7nhztQk24CdO8#C{)eW?NU;Y~y
z>1$scY1^3TTHGn!oooXRX1gBxTi#zvhlhs;C*~(+CdTJh<|l?`re{{>#+FxBhKIjK
zSB^#&J{L#6mp1m7SH8D)H>Y>5CwA`E_D<H0AFlc)ulg4bmq+(DmhMIdZ^sv&=0+Y@
zmiM=I_Se4eSB`JDzAtwsPWIOBk5`ZXYv+%bH|H03&-WL{&%nj&^WFK^*B7bFFfRxQ
zt(l~Vpo;t2r4Ow8#*&YD%Ve8+2HV)%AEe`ktd)(U_Y4=cRkmn+Ny*H1#mluEqeZ6Q
znraf^xa;e-mxYoIbq$cQ{yf<TtWQDfq5GhX=^Uz}IEC&Il_tS)wAcq+dIlg!98WM8
z4C$6=X2J+&1OU{xJz)sCtS%ebSbY*112f1L<j2j{xA*V|&WDsucQc$Z#t?OsDpm!9
znqg(1MsVH#55lM#s8DWKVl9{gnL-if0~VM?VRlevN_Yp(0d3}7Amq-gv~pHLgILTo
z^ukGr8h@Ntv`BZPrCxY`ERaJJ<uJ(_9<pso_}T|O-ktNYm!UnT{>$D+e>Vg7*!R9_
zd8*?j1%Z_L^&f5%TPD7&W6jaqr+ZHtBZehce`7cJD(6cd^l{p`$luFz25yLW#vc&Z
zovs&Eq|)|J572yVc2=b&Pm%neBMXzj-NF|4_d_y2!P|)V)AH9%8PHpzm%g?=FPr_f
zUv^c7T<P`CtGwhL&mgIW=izjF^X2Dp1dW-IbysVbLRY>rAb%IJJ<+A={w?!5RAn&<
zMY+{_>$bXGzxAzMW43<prK`SqBfeN+AI<C9;x4^xuNpv8Z6TxgJaBy(zU|N-Qn7vg
z^<~UZXV#w`g81J8f$_iJmOFpGO*hAf`P`0sV=Lcd>46>OlD6*$`D~IV<csf<tWEjN
zhuIQn`!9><oQrOc%`7kbuahk1<C)UNU)VH6(_?L?e1QTZPHcZi*F7+tQE>$O81v45
zBC7rft67373`R*$C@YYedW!eKp8>-wR0&Q9rd4De@iHT71kC%K4Np6v_@Cu@bG+V)
z^YUUhd7O{8{zA1sy8sVmF3`wGRe#UER(51_w4Wb(CJE2GEU#tHq4?U|bf0hGrT4bZ
z$zbFtviqn@wEjOg$HzBBfmGAyO(6=<?BvO`mzbOFx#V_krDCG4LIY3n6`-VAB?w^Y
zPJgTX9OEDV`R0)^5sNxw?9z<GE79cX%TS%}|L*IqbgIt4zTs|FF09VD%+3eDyFO-b
zh*d6txxMUwkJom!2_13Wz8g66*q-&M^5^>t#Kv11l)T#en;E2~i<J6ujG1>hPw{R3
z5vdq)tEt%#$M*pjVyoe)Gs`O*UmtjX0zZZ}ZgZVRj$GE`e%rs6=>T7v+J4CZM_bmj
zhC*ECN7A=(&n)(&VVyqOf(<30(f8=Pc?Z`JKKd&41q<y`Mz(s{<6qt$&yfwaHi-H}
zzGv8KzomZq%sOO6yaq4ZU6Xo!3yHU`z5su@GA5?#{!M+Ev4CvRyvN-wBMf|Ze0Lah
z9Iu6JzwTldkE@3)`@B;72%8{-dA~wmr{8Y99^$UHq->kb;wBeh!e5tn{7nM(L!c6}
z3a_2OeZFAs(Av)#K4cCRu9v>J5Ugw}%h-~(Ig$4-55k9cth5GvrlC%zyZ+GlY;H$K
z^$B+`&p_#_*H9(Zz}E!0=>qL$2jkOydD>ImioEZ7p8D?B?`_prIW^Jrc<$`5HE;KN
z)4@s?TsTkAigR>FSqcDKkU;+B)uo~>UIY$NuwlvFvd;VZwN7PpT}$WlviOlTIMOFb
zb+Kg5ORv}DweK7JJo;M$%e-4oy1hZmg~$4%`h<>fAXSvJA!Ori0dQ{jf@Jeq@K2wV
z!lK~3?U`R$r@s;EJpDZ1OLtU9x(|4cMVW=_+#RT4Z|=);>+*8mTV8Gn_<C|Hee7$F
z5qfJ`o|35yx7Zi4)j`}YVz3xuJ(ynVey_Ww!T$3>o$=LfZ>&|Z%xo>Tgo3p$Yt0Z)
zXa3f~sd|8%*Fo}20dTW+4?Y8<$-l77Mw=ZGvfUcH*J1BFYY*ls$*16(yqrRlQ3?8+
zLvQCV3E8M1CD*$V{ezok27OnkY=CB_(hid3r-r!(3sdXBq1Z@OMECzZC7mJGugb}G
z(}EnUflUjTvW9%fnu~<~@G7w>-^ZgK3v-{<=~NT#5C)G5K=c)9eKB>UoSuX_nb&&9
z-84=`kCTHHav0$JgBK(Jx%V<d5B-FUcts&R9E;B*R;)*W<F|&=>1k?VHB{Qc$*{#*
z4^5UBPO*xa6NvR@ghUjql-a5%&j;P&n!x?c&&yETVh&8tOwep@LK|+kWgE*A;+<gQ
zt+@RuDk(VzFyEn<5D|L#?#6nvvyGvlKdQ3q;Slr=5?`x-Okn=G5vc~1!2*uPIqNo$
z{s=h#ariH)GTW}p`>a7oxGJHczs6nTZnd}i-s#!8>h&*y3blHFc0opxlSRb4UhV$I
zq(_#TB9q(`78V{3iNVK<=yK*~V-ZDum`B@P$JLzyK8X;E#BpBl{=eM^!anx>KYd6n
z!mo>mlF4bVoEMqx=eMrsvMKN*=J}kr-eKgA8>YZ`cD`?otHi}=p05pxMRR_>x6fgM
z_v20GDGD<>W~_oE8Q%v&^PEfm8S|L09-f))Z=G%D%lB^7U)l6JY78cTEa!cUiEO8c
z>*1qesd;~eE?12n;DcrEqxCrFU#ErJ&DHcnE}L`66_g1?uJ$C4N)w(!Zio6YM({dF
zcx-gOQ1R|f^pl+@o<4VDrg+#hCVVz{=C$z;ypeRv2gZ_E=`Yj-Jj@kZ)VL6c#K%ZZ
z+Cf%BEci6jVMsa2eK;Z@X)3rQ@HGj0e&AQAY?W=L{y{heMY{seq`a_JVP0i_oD)y{
z-OH~&$*FUcoOpyNS(JPw_aIYcnKQUPa#RB&u1HlzMbzZk<fV{+CV>l#;D3sIS-Lbb
zMt;0MjaW5dP*QgyM}%5Abc?YhDOI=`!0d#k4EY2s`wbcV#ey6G{wJBZ4z<+z)A?lN
z9mf)VE&1`3q4=?PR7Jr)G-g4XajtxnVO5<YZHzPqR&fCd>4I72&NJqP5Xy-+qdXO=
z*E}@2rSiy^a^EJki^qx`l{#>?GO@?&1D_lYU#jbA)X<k8KTMa}i8s|@XnK7z)$Meb
zFy*4(Bgim_h}H@KB8{fQ$EuY?Iq0n|;fGaH(3QY5H8C-4yr@+0OrEHx2MqZ=(yRv2
z{!zN#<7pEkJD3v9HKU9^o}o$p4|7ocDkr>{M5<C+mkzqda|fn<`qNuJMh*6}CapPb
z^n}-6k-D4aCwF=Xa6i#Pq`?a0XgoBV{26i<@J!~90ubf^xlBm!CjY-NK;b*bYe{xl
z@7T`5tsoPJiw!<@DT2}+E;rF=aFiOz`c0DNQewrO$y&XwcpSb|TZl0(U!5v1lD}ea
zfNfh$PH2?bS|S<bLBKgqH6v`$meU-ocZTlm0*LuR)NbK#X*Y62p>a8l@xZ#mzDDl{
z@(I!Z>}CV8ye=K)Cr5w1ta#s_w>TMEf$Od8>|X!uusRuO2;(VGUpryH<VM>0B?34h
zr3BU(1t%01nYmLu<SC6DTDXi5qj|qN+Oo=DV&>i}x4)vM3s(w>3r$65Y!s6*CI=;{
z1jsSt(M$47nKqVpRGK=4lk<$<p)4>SWU6pE*xZ4S!#w{Iee6u^!iz=@<HV@E^tc`-
zx|x==92T4LIL>~UJrpDH{%n$TFz8jo#ac!r&r?!tu^|+j)#Lldp8`z83LK*oa~EHQ
zh7u`xgZTap%us4kJz%m7R^w<uO>bE-)H&Zups+Hyu<-l2-D;cu)6RmD5$9%}&K-T%
zix<F4rKjb7FzPXievtAjFQ8mSGfZov!-L!aM;d%Gs(Z#~KifN1{XS%g3VA0JOSYkJ
zjq+~*WgWHkd_nJ;3KWw-aFE|T9A+v*A6OU_%@XDxV>koF@%u1i(K6(9IhnzP+<2lX
zV_wU@8fS4*k_1hl20sN~9Tgi1&6SzdG$a8=;e(s7VX!@cel@Kh9^ld#Wx|QC@#y7M
zjci~ThOt>ghl)w2|BU`l%u)yx@bHIJnaD_a`Vd(rgts~-2D<i|GgW~V-^nNZYEU22
zqE8Z6?kKn=O~SM)QiLTIlGG05q#0UIsU(w*m>J|$an7%E54Xo4iq2}B>$T?G+;a!A
zS{Rn#kH^a7`j6jKZ2qaPt$cd#w0B)AN$#kSb5U2Ka0Lyi=u*Ri=fHK%fFgf@VVKD6
z#3?mtCFdI==P8daS#aw4$CVF=_2ZNaSmejO5Nk9}azS`^XOzHxYOW<%c<=b3aj8=4
zN$)8CgXyn94&?tEzbtksq{()+l-B_mkd8eJ<ns4>4&WTV{)STxIj6{|6uph$Bg_-e
zF?4AqFdb>jAFKDxM^M$PpRGr*wG>b(7fVDy9`9%BMj(B%X<|h1m&AyZ<c~UUBI2xB
zS0k$Rc3VnEU~WQ?XANJ4Sn-$a5E=!Qb@VPlH7SoTSIqjwhK-wb{>xVYvhp{eG9=!<
z$E3Qzlx)-M)*n?@7i|I-dHk8HmH`T$84y~}JX^(r6ksA@DL<`}@_TSvYL8UZr6Ape
z{SJb1df9tNQ$RIIs@C`gWV)nl0X7UjlDW92*3p-?zqual+ax%Fy2P-WX6ocKTL1$u
zj7n4G#3GUmg(?F-m}6}%gqjDKE-0T(JNN~$KX05K)aP1RVg=fnOfh2y_Qujkv*C0Z
zU2EIHFKwpDzW|rMmJsIDm;2_CAb|>-#&utSOqq_F>>z5}VmXozspK8Q{m@E=9io#T
z(Ig0&=12+6HAbY(FrdR(CdVV3JY8u~-X@^$L1}R$Ca7jnX><~ieZ>rnwHuO@<w>Gb
z%)Q9;ydYJyJqXYUPT-C=ef34#dcDnsVL0>sV9!ddph|)_HvuQ$y!U9tF454WaC=Fd
zHxX~XD`zrUm|A~h)=5_{DvW1CxZsw?vg^w3&V&y<^{`YI^B4v5CpfF8&LC&wj~*%=
z@AVLEQ6nr>C~%sues2Rrz#=<}>14pKNY?gn&=Y06FFgOq*<QFGbs-mX7Bej${hBZm
z+KyJB%pGd7$yj_f@p2L&;os9h!oiO*ADpm@mt~+rt7qG1e`4FJ1$|+OeEy}FU>^4{
zVDa^z#w4}`u%)0eJfXU&#!TIur(-+EQuLH&f?Q{JeYz?sf&u_`R6{S`ARtmXZ>mUJ
zxr{atRnjnXZAp-uRZTRdyxdYv%5hZA>O;yaJ8%xN2GKEF7MFrAGP?~)wg_FqO;eF&
z>|M2U>NNB;Sm&GW&YKz&1p~bQzCIv+aI=5bLnTa(c@91+g|>^3^<wG3@YYi>dhWM<
zYUpW|8aaDUt{8AwiDv2N8a)On1*#{4=HfJiw|2KF5FI4aTH2pgi%6Oe69r$iTP=f4
zEQ-X7{YwIFWTi2O$Pi2e>HxMM^-t}r!JXcDYaBWV#=g)`Y{!JDa*`(J!l1x-xJok$
zMkQxh`R-eWM)lBC`ntSx9X69sj=49YL-Qdg<4^y@(n3HZZRN%|=>&4AWxY+o%RD)7
zAZ?C#h#9VMQv|i>wYf3Tj@5s0)}KX+q%gJ;WvE^UE{SJu1Hzod28YBRo^4NAiVu}?
zKe%3fBB&W24T(2o-*?r22EJmI2yYtQ2l=Snkd>DE&?c=a1jP(|x*}x=w_-7$aIVK{
z^|$#qF*va6ac#a|T(T_ouPOR?I4cPSEurJfq?#su=Di|m{PT0$`*B?#c+lRiw%7lD
zYng8KaT$Frh~>Gv3_ggZh5Z`pbGtRVeTgn2^SR#@C;U1Res1}&9dEe;PU1tquXe?|
z-?qP}@2p92R<&WR3q^RkrAqtoJz}Z<Q$F3@0W?_-$9Vnyt9|u$w9VJ?=e={C&|>S0
z{r9?-*45h+IQLbz+i@qdeRqq8`aS9M_IAC`d(0*BWk>g^HFt}>y`87Uu==&F<yVD0
zJ3A};^-D$8ddo-bZ|*Dmw{v{`_Gg;ku{QQwuQyLADZ1LOK25jhv3whIAIt4mo3nEd
z62N?n{iVCb_%<tVt*zI5b*Ss-W3&C`OU<{}Ym=i|`aS=5ec7ph&1RGB@~0bMe7sE1
z<)(eV+|}oOxaHOCeR*Zia=mt!jJ(<1X(|23c%D6j&}ysc@~dX6>CgHmx7${?sj=|*
zQhW2J&$sUO#@t57xql4{yS<lz_Pu(`7BIi!wA?v~Y`;GHaniZ|7st)+_3g>tyUKFB
z`e-Oic6(#(ZbmnD<8d;Sz}7SOFx$(`yW()RhUYCA66*|(BN++!-p+8n+^9bk*3M|T
zSZnS)6h`FMzOr0h`p7Fj`aRkHr998(`Iy7bcDXjU;WQ1tp5fZWV!zsD3SUM023)LX
zT(5e%N#8$_XE;dDhvGChZp=4US+2)~WXb;4&&PIUVW06{Z(-l;uJRC9*_yJ|)^g>W
zS*UL?J)UZJ+uGcidk~lhcl*s!Zn`i8+Ymn1<PpwnPjm`b@YVnAIp0$E)=(w#q06xA
zqBuZU#ULA=SuFA=s)$c5gIxe_0T90tCv}LN|7GNdfwN~wrLIpdSd2<Rv(S&OwCo^^
z10&qDKdhgvFSh$~t7U3sZ+ha6u2~^yO2j2}Xb@ct#>9e-UwoozYZa{2u>sBKNGdht
zAtv>fOy)68y7#g+Bv<WYtgR$dfmo%&uPT~-7EDk6-dt^(<tn9_u~Qc&4n#kw*vD}Y
z4CZ-V&+Kgd7kG7cbMUdQ_}Ca+3rzcB;hgyXJ1)!X{omE57|PSL*fSeP=Xt>w3oEyG
z^W7{&t+X^07Sx;*n#_@Fy!C%(tHPC>DrHeH1n1|}`U-Jsn3mwVwpnEtqZ*S@rQ&2Y
zNi~$_0^p5gTs@M4dV2x&kf*1M{~lNdcWzUmy+V-Wcv;;)R=Nms<@s0|?XSC1OFToK
z=H`3-d-vagTc_!-UUfbAAu04nG>`ET3z0R+^2m3qoeQI#-m<*BvTO^y^RM2(;e4M`
z3a0|3#|H!gJTA5sd=J$E|4L<+!@4}<;e3Q-_92@&`U*N3UqRrp1{dMSK5yO`b4ZkG
z(3zM7daT8VcNA8tM-&G3cn7UTCf+K9OSbI%NJJP!k)0JKmlg|+iCD5b?F=fJ|J@%!
z{jlO=rij)L?~p{--($Z?M3>Y@9G*3Jkg?YX>%-wgOzuLe0;(@Yzgs7bDjhyWc%0gu
z3~*5la&nTeDPaLF{aZM;=3nKOO1x<8I=>H!<W5jDFrE%H$YJ@UBd0;kC0K2O16Zia
z*shHeYgWyQO^ibuY-pupt;;8q77o{O;gxaZde!YVWes;sq^wBu(~nT5S7A{46h30?
z8;qhhFP(@Etp^beN+3iJP$Z%TrUkgyZ0|C9h{NgOEX;t7h(}>s<+G9IL1Q?uv9pn-
zW1$JmMLvjAz5zoPvt}u{6TBK?n%U5qm8&}j(wqG479I6Qlg+jzrZ8Iy=3oa{gq#Vb
zzw{1Zt6)_-*fHmGZi%eAFz({bI#@M+xJKg*Qope1&~>!b$yVL0bI~?O&8t=ucGd8y
zby$|6wf;N*Y4aetc5b__ISg7sXYUo};H$0Kr%u%TfAY~t3$ex1m(i6rYbG=VAG#ti
z&`w86Ts%|4Pv(fIn`fHfX4fHR^K}<CV~M4ZbKHw0)z&utaw6Dd$u=$x8E)q(0`1rA
zD;ryb+B@zX4M5Hlbk;9YYpqddg7Q%(g3A|RQI-LCtJTZuYp7g%U3IK-xnp)4x_(F$
z_%(Q}gB7d5P%-XkR+vC=)t#@>H<}-?9)yIR&O1rSNHsC-DNytBGG@sgyi#~1`8CE#
zVx~1aXF%dE4%ORK_$kz{kQ4E5j=JSNKEV|JLr=xBo<S0!V<*Uikc#0SE}(oDJ!hFG
z9ytPXt+kGwA+mWAMvYJnMC+p@g^dLILryf3a1hoO!YL{e7X6taxDy2bmG`fzT-KMJ
z&A|;pG>sQ@naF8dZ>KUN2y0#IoUCyWv;SPUS9c>n3yMoGWfltO!e&t|LG3Gb<1N&}
zY-9M@Msn1t2rD{&jISF{XzhD$V4BWU_qqU-sX11W&_J!1cV^pLozm6F*g=Tv!S$`p
zg7jHb1W$i&Gw^s8{tOBgehVib0sAb<@e}KprWZiR>YM$~y}caw?%v$&-ob<L^MBlX
zQZ68Ue^A^XE_90*<lsySN%QMeKz9=RQd6_rwO^hbO}2dh>bQ(a{n|S@k_~0Y=W7E_
zn}K!b;Y;MNhnV#%zno3qgC|mlmy_LfU#E9{n>BBAyX}X$qyC$nqg1x<gV%Mya~=P?
z4SPqQz1v|OKh)lfxMTk*HD<&0AqH4~_=xX*!T#+&U(9``Y4LCbO~})B8q-hH$UX(P
ze{)H1!}sw4zZ)nXW9R!7(?3nPB?Hvx=eKM>+)w_E>5={$i?@m}ZO`?#6Az6{=z9~q
zRxI1Z?F)y@_tJMniaa-<z~=<vE0%LJG7AmB{k?iworSi94ZU_ZoQDs!^we5VTxonY
z{~K%L>w7P6&;QXEpZr>;=M}dV;7$MC*o<I=5S!Tz=KgfoWGdxYT0^^QCI_5`B;XA~
zQw*p;(Ni9z=PG4${>%9)l=+%N>AywPuQn}PVdK>S<-N{X;5qBsu_5^I3^8bhY8EC#
z_uJ1Dw+-5e4N@zUl^W|P<)V1qZFKkL(Uf9~0fWmq$cai_`dI?d60s(WRMm$eEMOMz
zDM62O)0)L)*qYYMu)ql9j{z!30US6qQ5Xp$@&*ayzHtca=6z|ayTURv`+M1Z<++1!
zhic^Mmkfp<oTWpcdyg1MQ=M!=Y?BoD1I>3M2KUlc>zgq@%$1eQ9nra@ZdEdyaEF{k
z7ltWT(NzufqG)t_29?t=WXXaP<udr>wV~?#<~oEIHPMQq*b>5~ivcAF|9QJt-FY-v
zx=m;qrlxHACt>Os;=+u)kUO#vcPiGK^zs~uOk~>^)pE!;)o!r>GSZ$#ivcYb_uo-T
zq}w%1g?dE$%)~FOiVS-!mOWaE<2SYPxXtnbGsu=d1R*6@=h7{&tQ4+uC>{?9cs(&o
zMfrQsaDG(DqOj6t1OX|MJVHF4xh)9P$HKTZg9I1Sy>HssC3gvp$<9q&QJvbx#oHoS
zG!@bRz`Y=1294e=yr6TQ>6h1XsYN<L=hfuFoGh22=&iBBGows<<7QA1qpM=&!kxLw
zD-e;-Yo6?~T}t2ziMzj!5!SY?ug8@T`#GBDNiX<`^zB(w^8jYOe7+5*YvKXf2IH#4
zQp`>yg!<Yyb9XkcM$ezg0hzs-ojtsDnv2Mlt3B*@o`z*rN?Sz9D)MA1q9a^w7?fRx
zJhNt0U2i1(LU1Z}Ty{j!ep&2yn(%Wry$<YLR!fX<A*xK~i1Lur4$<WaOLz5z*dzHm
z4ftERDRo})P=Ge2g4r?!8A~1$o&?;UGKnw)!L|bKcKJOi{=CWuiJi~~Cd!~%x?r4D
z%Q`w=$XbLg3o8jD%Y^?VBaCVx$zS0xHb)ioC3s8FqUG%I*7!q2k-q-wy&wA1fy;*R
zWMY+p2)(!W8L-V`lw>xr*z3y42-hZNTt~(JR*GrV_&^4gW(Hh3LtvGpHly%`jG0Zp
zT0Iy?KpuyanydTx7$pN8%IKJZ^0>wnWOXzOFBS2m;X1ne9`!i?I1PuW4aDm`(c(??
z{jL~z{4e2~+Th;~mFnWq`a;zwrvK2-<UmD}AJOdmJg&B=#jkc>{Ucpcdv5Ymxty>q
z?mCe3zW}cctTg%jrNr55$uF>1yrPie%7G#QOH%A;-=NjKQWcO?>SB#r#via^Vh4wR
z44ZM3v?I@2ejSvOL^9rzO@}Y7=c_mPftT+qbz)G%TiFRbp77kLbVnCsOsWYH&WF`u
z$3lR`zy)b)xr0*Xp(3lEVDLsT)6@@Am1s>5{Q#)oE=g&nn)dZ9)NQsdPi)P9gb9`7
zN9V)R#O$GY$7o659o-TXPwsP5q4jaii48{EM)e<z=V!|N;gQfL{JXNkmLe_SErTH-
za|4@m>`^za^B1ADG0p6a7pVv>zmtFrMj|-BrvatPznS*mkK&}BVMD`>@;6W|YIYSU
zQYAo4siye6Z@}4S!fE3NgTcs<OXi^iSIt;{cZwDPn4Cy~OHq`~nC6U9y*2en9J*w%
zSi;YNU+DkXem_p=&_S+<nMr8ZTa2YG&Uu)CqDDmQgof2ytqZ0gpjACgl_L~AJTO)9
z7e`xSI71y{laJCp8B&iI_v|cSTT=XKau@`ZuT#t;X);R3P_1LbsLjBEIyO1?e~YLu
zkz}H}{_zk`DHHwK`o45$63B=&TA=r+_3V_kQSM=)l3B@T{o%@RwQFzhNGx;BODNlk
z@YrsoxNhiCZKyt2|K+cAv-i6PE`}_Fxao<alB2PyS}aQgrLC+*QEh$|X%OBFwgv$+
z%#~q^o?J4pww@cJj=p%$kv=HWQQ}*7n>e8mlLk6Y;R{d@tf*220y6>fL^#1HKKX)(
zhCXRRjR=MZd1S`3qM!D-eXrj!F!Xk|H|DrO*afZ$dM&9W@}52h<}7piu@eNgzANS|
z@B(U~p{iAOI@os~C-R<rI&OK$`nkaC9?cKn?wnH8#F1;;=;So;XR2#^7C@?<y&+*x
zt;>#G;aQF@Z{QzaZ~JqAgI6^!!A~^iKDqLA6q}~txQ<R+D{qqxL%!P2mIc*EY(Z8s
z{`a(MsS4!@ZK3-jBR9|Luzl_0GBj1=tU2vB`r6Aa=t`o+?<Ov*p8P#zTQtD^2PzdD
zS+F*!;@VL>{m{Q~#QhN^3lL~y=7q|cdQy!<56M{Tg-nsS8LWfw>6>H3evO|cb4j;C
z59T;iWmZLnR$V9x*wU;9*@ZH3h+EXV2&}vlrQ$Y9;&f^*>pN0i;2CEEBl21czedf;
z#M4-73*d8aA;EDqMb)=g)--^w1OT=jec_M7-FD@q22%eb%D82iU<u{xM2Gn4!7Szd
zRO#!dNKZmtM5J1XR*U=s*SPM4TNi@5*tlV<V0{u^fBWY$0GZmHQ$C;S+RY&(H+_Cs
zp}<5f;KEDcY!$zBqD;e1*)!;JVl|#0oq+M?ufu^jq*D_)l>Q5po*1zDMC;U}cSj78
z0#otaE;@=RmZ&iF)x#1e<w@zGe0tl*tvyU{CW(n9LM4G_MV~{Fx3>P2u4e1QT9kl<
zjU-i(kqkIEke?A7g}pZ=OPKy8TtS0Vw-?B!JEeah)>OF$Q{xsy58KC)QLN-q&_{nF
zm>Ngp>Cw1r>b(tDt_lo4`^1+2`YM7l){JPQ&A}=|#gBd?&RCPCm)qUxzeoF%8e`Fo
z^&WxY63ecFOGPlIT(lu4gavI7uMSf=<Bv+6^r2+B#A~_M83R)YW6(}wZl-$>geg#_
z87_wr&i^I>V>xoH>WQFLP#05MC#y|QMdjKyG2TfKidvV{5CmvO%0QN0PQ{X~&xOev
z^y#Bxomn4d?UO(HmJdn6;bpMJ33K6vkrkQzTy6b%!*tjaQEm)`r-}&2<kb5$gje2I
zmFr^AMaUIpMLxR4O#Lyw`{+EuENA<v?|;!M=Yo16HEQbL<%wFG!~r%=p9EL({52l|
zANNXrqEeHJSqIPxE#w-vQbTL%y<uh-Db@3R`p{NquB|7SO8RNhx8+xhS>Ke32D`<(
zm|<lQ<LXjQlO~A^lm#ej5RWgGbbFOL;2<2l&HYux{qyNJM`m&}wyN(BZhzFwvnD~K
z;&rG>o5@+DL6P&%5{6`m3&Eea`yo-z5K~@TasFqiU^dWw5`Fe)SumTlR~HnWP`7|w
z*u>}>u-#(@Nf6g3pX;t)&}+6TVtwIhPJmkOU($iyMEn~yIE%lZ#zJL~!^fTOpZJL^
zBW<u_q{(2h;Q5X+WwiwDd99=<>JjEPXX82zi-tXzZBY2=P!ms#ZtR<pBS9kbA#at|
z?O<WFsUuL1GOT<if*ac;#l=_WbxH$M7f(MbMRXYG?ZX;MyP#(sM!qSPHl3=HS#k%?
z0x1P%a^xAwjF!xxmpO|54kC@BftJju<?jtShcR{~z}QpZwA}+$#74>h;o<vPai4<g
zYIsV6LYgIo-eHnW&|ZDajlJe;RP#@PPBqUxQxrh@86d<4+v6XlsJhdkRKZeZ@L+`0
zp@eH~6-zOnq#Mao;@ERf_C^5Dq@?TPIU&ZZFvo42?IG9rgV&*PNz6TghI5QNMyBjf
zNB<zqfF9yHjH$*|lMC;tlSs9eK=p~r{RqWr{$f0vsJ}a@+c;9966bIZF21}cDUn>%
zTL+M$!UBK0n7?X(zLBJVArG%P_()Mq7MuxR0tZP@WQUR%6`4RgUZql!5v}%2qnb|^
zCpCK}hD5A@XhjSg=>3@l71!f$5#MRWqBS3iTBc?_;MRLf!@}Pbf3LV4;boTz=k_QW
zaa0?TCJ`-_T9I=``{jRMi5M<(FcjugiV1)fS?G$$L52`c_Lu7rVX6Ke<@(uFFJ*hW
zF<6P1rByPj(8@3+Ke_CLGv#F2P>4=X5M|-4J%_ws(yI}^>g*pHPA6Y7mS7ckOM{6r
z^f!N(?j1vCE%Pk8c5oZw{5m1DPKkf92E<lJFIwt-(L!Zul?&<iZfH_JC^pl>2Mb6&
z{ePAirIH~qw=k5^15nGdT~7acUYxJ`lXXDv=7;!?B&Nm=ofdTlsb${(;T;eFSM~n4
z7Zh*>gzVkw4E&Fox1X_pbJD(QA77_AawdVJd1$^_kJX;m!=7QU?r+0;FV4gJ943BX
z++RK<_7V8LCG?$py||hMrg@&GQ{fT1mGZW6h?67u-#1E1IkhW5I!jflA5wMb806Nd
zSzGa%nR`m(Enr(u<OQr|7gD8EFmI%BP~(D&pum&}t98NoACA9ued}UA5|JW>BVc7u
zmgOL(>FfulE6P6Js9>i+#j4C5u4lIVrJn2jrKaa+co+WEF6o{E9#$ZQ;ll+UP8hM$
zqCPbVMAT?mk`@ecy=@7-#;eDWziVjX5_o$DofdnACg@}WhKe+j@FDRr1=#a+*;p5U
zf(YrM;R(l~r=8!sR~bpxCk#Re3C}{dF9s##QnAt9gqT<&8IJ@+(~Jkz0ahnR{-5By
z(4kLmgh3^->Yh-5*OQw(BFLQzXvu4zNO$Sx-JxPJ>xq!<{LGa@8ohmP54jiwEmbtw
zOPR*8Mz<Li&varHr-iwO;2+4HI=C`6PnacYgz8?6-6im_UI`HT;6E)#tri)iJ~Op>
z@v>`=k5w93O%QS-e@1`N4>IQP*79H_m$ZkrJtIEho$Ij!E6l9U$H$&ak9Ze(gtg(j
zZT>Pn*+DYRXYVn1lYH?q+mCn6$^uZg=9eA9`uRG^KI@Bcud7OYitzBgzue_Obta+L
z12kj5Qe?9HD&5}57Tt&ygjU(_s_h}HTyZjKXW?dzRK@zR(88|QV&d6#hHt>Xqt(Qw
z`Uc966D=hH9!=tsJ9BG_#J|E|=HbK_OXgr%?%eRjMeQqyjKCdNXF%jQR9k~I9A`ZL
zpRY`616`=W26D5ahp+%pO-rP_1q&G=+VuUj!a*~v!Z|E6@0PX2b&Vg&7Amm~V_5yv
zL~aNDNOF-4NM@P`?zS+*C3xy{l(s|zYY0-g@hpFVF$Np+u>dhXUS|L7q@3QU$x<S6
z1uiOPyz>-|7#EGh4#Oa-jdJ2t>AU@o<YJv+*@3!{--ZY+sK_<RVjh;~S8LheaRk#v
zt85}Sk(|U$UtL`+YT8t<Z-;7$riF4Fc{eCy;T*_%c#g)XXGJPF)(yX7Qf>I?4jVbb
zEFHN39k0*Gd2cQ0qkd;pRu-))?5;CPjRTxT42j#5ZeEyVMB*0`Q{Q9;uBwDK1egj{
zYKRlad`8t$`U-(F8k}W|fLyH{ER~`%Z`37j<nvoo)`;LnE&8CKhlrU*6%^G1Q?Y<I
z@BCV=K&>XRYYfvo;s*h`IP`AsOT?O=F9U=CJIzCC{j?QXsaW5d87rCAtWbnmpOlCY
zR8+M4!{u5YA=oV?>pEWY(rg5yVWSX&z*3YI*?A(77P4_4gv@zDv7c4)SSwEwXO5m4
zP2TlPMukx2j(R~iOND4~P$8FeWCR^i?z93()m{!b0^4XrIO6~*^ZH5(8k!1-^=u=+
z%d$*mXA_uabpNVhA0;Y+hx<c=WDOCDKz6WzUqIkgD56LxBI-W2KaJcw{Iu3ch$na+
zf%H+BM3gyPVrHp@MpvfV-57FhS^8YmUz+*cM}nxX353=tQYR|1<OA!kg{VygJMOv$
zte}z5P6}c{6eYXSj}%iuwArvA4pB;=E>UH|BPElKI5>+%$pZn^qNp$rq|eKYEkqI`
zVqs{MSgKSHS0;_N?)8UaGG%PUc=LoMi76Z<k``mh4ej)4+Qi^*6pZ-EA=ckG48N?Y
z-ZC%csSN`FCc0F`zCvWit2BvZY1&@w1%R$Gp0lLMRW21_HF5aV`gjTaFJ~+uQ$zJN
za=Mq2i7GVpt9I1-ykZ=E`_VFXv8ZhHU(bwAu*+cr*N{Tj6>ftSWxIa`79;b`_)@L*
zcPiGZ8=kf+c0XIes-vgiIQLttQXIaE%|P>SW2W4EYaXinvDRFQw6P7S^*I_-)hGDs
zcxe3;DJWS~N)ejq)@u4xnHv=V2UV#^w%Q7*nFYcNqQ9oiDQ|#FiY=WHZ&R!K1x<sI
z07jypd>fg~=p<2sY+?Ey&2|7y+(RytgMmQ(nwy9mk1pehD;s=3$xzqC!&S_F*-XT<
zcU`6a#8DhCn$h@nKqhxaK+1iO*;3D>*KWJ&IY0dPC~n~&g?JMLBb6Uew<uDWbcL)e
z21Lo1N%mMEa6W8Fusl%~#B=r1V}>MRAiR~|R$3cU8fsI*HYB9CAhsX|$QUX)y-0;+
zS$K?en3&nTcLAW1h6^m$CU}BBH{+v<O>E>Ha>Ed|>ZQa6iSr7|uqol{^Ds(%;s>qN
zM(zfNvva3SWTDL=!cu@PvOhw619WV*(rP_ZFby1u(<>Z-_+$lTiRl=T{MQqF<>g#8
zBfp0WY2qWvzvNC6x%Tzf;-&Q>Qnl;yHHn#Q<uDLuj3M=?u`>FMMf;%keoH1hjI}Ko
z1__Bo`uDj>P#rO%4Bl!#i2eDUY(!Z^Mu8M&jiI*(`)|O|Pv1$M1PCQ8oz>rcg<64x
z#v7jg8Fw12%6~q?G2FdinCSz*tF)>1&i?<u_V@o)9jpVl{tZ6j2($K(`41;Cp8h9T
zTv=inJt+@^v4H{1j){Q*l|N&-VH6umV5+~M5qVr48hIPU2ndLRG&Iccja(iX2nYz*
zfAIhQcObEifh19i5&eI<3>Zlg(HT+yH*8~I`(KCjAJdBA|6vG;f#d%$ND>Pf{_p85
z|D&WZa{sUUpYY@V5r$<V1V)|k#8Y;Bx=3hEb)lMxQ^Pihe^|w#la*3MkPGZRNFHJD
zrelkkh^Wy@<jU8d$zwH~S~X;k<Gsz88UIOR{3{JapMk$&9`WiMjcV{R$Af5^BufzW
zr5<1N0_|SjkB^&Uvvy^KE7|WIMQ)zIquYwjSFiRw&X3QRFD1{<f&1^fWcHkOa^40W
zW-Uc_o4?t(ecd<@u7S*7PaZUPo6NBgt`0{D7>H9s_Y>O6>Q7wKEqum*ZYc!auUW39
za7w&FALwk>u-DDr5;X7AHTRwE$0`06XVv{CV%_w)V!ian<hc9?t)X8fX<;wuc)W5o
zdB4Pjux!40W!7+N1H9o+>pMT5I<J}98~aVRZgSn>FO4y^FXVA(&Mb0!syFM-#<2t=
zuNMnC6)Z-*MJoymB@|dWv|CL4Xo*B!NR!@UKSEsMklyNA%<S-?*>n@_Gli8U-z3~2
zdp{3lhoyh1DE?!(j!-VMt;eoMZl85^?V*Q2?Ye`T<Zu1p2?Wx8^DcTSuX^vV6F(|X
zPL3UsJ5FHjZ<WJX&d6O0MY45@vPEMP{`isP%+U7XvcXX+75Y`f-|>$r)mb!Q$kk`R
z`4WoQ5pCi{B4{odshv;P%NL8(Y)i)gtSJhs*|gPZtcANPSr)U)6oU=Y;Z1ktt@d`U
zg>BP&c1+^V3J6KFV}wA9bkWr)Xxym0$bD{GA>SJ6AqkIr#;haA@QR0z1lc4*k+@!3
zXt~93)M#m#fU&H0>%b2|Z=+!q63bm*h({&WQ`%+7Ue<%`5vWz{c+@O+Q{#WBXgBNM
zJ-VrUeG1bK=tBtb)fhlt=6AW(#a$$&1YuMjqh-)K2Iio4?nqCDkdF-D8;=JHZ6h<}
z9KJA84{wd5zhfNu?LT4Q|F!8)@)#(^t=BJ(xn8yCkq71)AW?$&E+f6H+dckL*E{Gh
zpxJ|3<KCu8J4H6Rgw(fd+DDdex-R`AExi7#WG&bp?N|jqSCkthX!^X^SCl_apM>uK
zIa{0W8E_T;Vrj73%InOfn?Mk9KGa-rW0qZVwFt;gUw2z52fvI)<VtsRWi`>hBp|3w
z9jG(!(gjhtEB1EU){gJ{XAg^lTqJk-K$8}TE=Rx3v-3dZOv=nc4Bu=mkOFQHlBd5N
z&(!OKGPlSFQphHm7`*^O0qr;XY!i9CzC7S)1`Kpih5p`tqGafLqWUeUb+#xhbd&Ra
z+x>OV{}ua`%Ky3D{c-yJd6@HcN)Nnk7imyicrnnrj3*_z%jKiE!os|>;ZiK=U0hE@
zR6CCN^5kgv*IK{yW3)0Z*w>5(GzXJ|fzOh3Ehg;OKV7n(Se%8jA&N{#+vasMH1B_o
z0nk5u(S=s$TEAg&?LoObL_dPF;(kQiInb|DM&z{Mb>mO1+$mR-X=@$lJ2>uWan6oy
zYJmc2`eE*LOUBM`Hx!yl@>x%6@IFjfUsWWfVvPS~uUqGFv4w*yud*CzoAJ4z@AEg$
zABGaE)bm<=x6Vv+COa5J<b!#q6d<9w06fVkXd>9OKx3VJ>R<FoNTapPSr-rydI%BM
zw#_?!6dpus0s`K3g-=GXD%UP=0d4F_)&5)XICT56B{H?BJ2Gb+>ly*#9yfNk><;Q{
zPC4s4{fbcA85&rrXd7#2K{DO9hY5EzOy0DFW?0zS(>&XKMbBLQE~Sv!;A`iR0Kt1f
zO!(+<Y`A*>50_H(-al&XI!oQ@qSMgZMreT-cptZ|_mS2L_dG<5o?2#Xeq!Pp{;;h@
zw;xq+;1aLC=8d?N?NYCSFit*%g1!rr1HYv92Rp~BtYp3GZ$>@Sv9kHh+*jy})Mz{5
z=V@a4L(F{*v_VYdbEeIF=A=5q0SYVoCQBsmsVgs{o#<X?8S=%RNVZA;>3>MbkR6<O
z$RVsf_y6I9c(5<NfYIa8|6vmnz`yL;*qr^}Onms4Sre;88;#jw&YOJ-NN>QZ+-4>7
z)6-xFULX?*VO#~o@r{Tmz}0X!A^IlHEZev#qIRm+w!RQ>P6|O@C-;}tVQdZfI>V1F
zdN`e_)W)+f0Qsz2xHe$IdbU0&wfG<QV2^eZ8Wb}uHA5&1iX8g+PZ9Ccf(b7=>E$br
z)d4gLDoakKu+x`Tl&03r0D(WMIJu9d_WMW1`4E>4*>o**#?4m*M^)xV@-#e(0g|j%
zgP_TO75oRHScMyhafSNzs^Kk8XG(RtGk(!AE*wamH2D0!`h5MaXppD`<69O1fH7Y-
zuGHA>3sk6GG?a3Y>>a~Tag3;aUw{Fx!aaPL>Bmt2Y~|D$x-EJxe@gg_NLb7;FZd>7
z6g$ej*{-o80+cV$x5s(ptG8Wg(A5?;vaJA~0Dy=U%7}(4QQwwp*%QC~vyN%Koq<G-
zTLUc-<8Ue*tyIK2s$T;Mxs&MPc!e(dp2@T3nVou^C+harVthlCAt4>dnsBJkqn<LN
zX-$P<KLaMsqQI}Cf90n<fk)pNf2Fwr-cX~5(MaMGR|UIce-!cbS_q#bxZWy0#aH3o
z1<=5c{oYdOUN;cvU=cP*ev8`N8J3k58M?|B%7~YP1&wZ#)9cK0v1miMB}VMxfED=^
zPE6l~t&-St{T5o6ki#RUVgyF2ToVl&#zvK=e7<yjnf#1w{K&7Xm9CO=!XjT$-}-N2
zCRxeftuoi&Xr|-a@rC6betXnFDU}!97C?`Cj(?Yzjb|r7dQTM8WeIFj6xgD;O1?B;
z#-~o3`=+@)BKS471bEw57d(@HhU8@zw=$U>+32ai_pVd!SWz5ba!b|PovIf+S5znP
z>?_{)i!Hr#a}q|Y%@B1OhYr+DIw{i?9si}UILM_=$<zuc_72&U?d_F|nc&XJ2he1D
zwwvN`mIVTbt8K6^4*XQAP52F&@DY)5*$FO8n)f3dOqr+KYILy+vM9@0%f{uR?+FO=
zi5iced+M*ihPK?hn)=~lES`quK42x^W}R8`;SNWxp~M+o_A}mS+e`#2-NzIR+JCwn
z3iEONyl-Zv$KAgIaqZuse7Yzw1SE=rMDg9;u`Bb#jiFbe>{TWrp&7}c-?0;m;F<X_
zlX?8}6MB9BMdFvXV_KsBR5Qe=fGw9|TwI8!eL!oe3L^UDt3mbYZjIt!sy+MGTso{S
zkom~OH{KnigQmhjP-1Vt^LW3M&<Zk7LX6eJbWioKSJP*`lIJdw3k6K&30M*o3L!yP
zyEs4m^pw;^RWkKD<^qh0#uVsc)Kacwo8tCezQV5Z3^{eYAGm;WZTyuxzqLGt4CW~u
z!BN$qc(hEavPnI*P*QU+s(wWRer|*yPT_qJl(CK%L!t>y1ZclnzwIYK2EeoBN6^L#
zWf;B*t^eHf`fTXY%~8@SKzEapbIQ3VbtjI8)PTN=MBqZzURGFD#DdYvO<OBggI@FP
zmq7s(=A#N01t=Sev6`wgke<qhhKxm7MO0V}?K*QQr7OycVoY){iNTo<R^Nw0tC+JO
zaw&2`<<z*SuWE^At9e!=b#1T4woRqBT!T6E8WQ_d{>5njB2LK%ifyC{+~AHHGvp}C
zIZtr^kb&#TI;W~}Qckqi(6UrgsY+hzA6s`~m|vV1lvO+J3U^^?yNC_;PcOf=SuA2>
z$kXZ{k4LGR<4sTWs+fwgYHBd-M<F3%sB`PjlyeoBJ|SRu<k07;WIE13#~0+c+^dF`
zGb0`G<_9c#tLB^mQTtta3Ae3N%f*XSMR#+E>06qp-T1VcSFJwMnJ`C+#LitB*6fM^
zp22gn`5sEYqu-`Fddy@x;|V^j#vzedo3nFuKFQr6LxghjyAhlK<=@apfv|mRIDw1b
zCK%HT`o}aRD(1i5oGVF|?vvrinCG&Kj8G0}VA1n+-|T(>{ocitITA`5y>>tLc<25^
zrv~%;F2FXQdoT71leX~mJ}n15`Ru(w3%##^7#e-J<oW1dTS$aRg<e<RAHpUx7ylfG
z9?`e_9yx9E7SqEHwsITRIaWT5U@p&2>mazY#w^vVcH`ant@h1G=&K?yWk)_C?w`4U
z+LM*XSK%E7thYi!|6Q1E`TMzm=i{A8nR^+1skK!+`34^q;wu6_gAMc<z(;%X;^6Pm
zk<|MwEnqZ8Zp?(be0sZpG+CU85ni|ceqdf*^B7cYs`=MxL=~f~??S2A?wSAdQ0kBy
z2XifqY#g)o<`UKzH0Lu$xQvS~gWXs9<1&3;T^*Ae=xDVcF=APQRdloseILRX+wYp=
z{j=Qf6CE|{&Nrtj<ks&aTssCDxZ9=Xw_*y%d}RwcLws6Mh#~&21=`o6mgcy9;&<jE
zyIcSsWPm#^0$EGIg7A(4a!s=wgLKnnbjx6+1iIr>R9?x)kJIA?Z|W$%G7GY$UK|^`
z&qvh`)Lsz(hmoml)jolM#3o0M$AB+wS&848ygj;aTY(=Q^ttOtGi9Ib`$tIgZ*g;r
z7YCL_D6(yF4~kX3$_$F&T&rEYgH)59Ux^aGP2ZkAFVGyRhf1$VMVc;k(^;c$)kLmU
zcJ?5xhH`oV1-HhiVBn8aw%5Cv+EBP-ARhpq1CmA4jF6+e?;hB+{F>c?sNm207FjLR
z8|@_}qT`Uat0h?|);@<w1o6k#)!6req1elM!e2Mp#lLl{QiJY2Vm`qVIaCO!r4Y}R
zhl}q6kQlj>FBe+<4T3~y4~j5dCGbJVB^X?N87+5aw9iHojV|s193Xt!5cKy~g$2+f
z=02VgUIF*={Kq(>7v+)&j1ivlypZtj&k08^dUDyRGT0wnCMxeWh$j$kV=`o+cx;UA
zv%YCmOvLs@k*G<6Dc<2*wgszcfhmL3xCyPY(Zk;Iq?`H3sorL<ti9Ox({y<hjB1Q6
zwOK)bsUdUfK^3W!**Jxd*IA3jZyBH>NUgk(i@FFZhbmdYs#2=_R?(96Lxx6@MmSty
zh_Q_2O{OSKs@!voqdpr4C{`7sQB}fER!W>slA<gsEr}vMFFQ5YlGJ)khFRn%Pri|O
zFlT~gDx)s{GDKHBb4e@>QN&qH6O9q>r}cp!c@JP6pGj%j-CR#|bl-aWYyrMsXHn}*
zN(Vi?EE!|iAT!Vh88T)Ma=tG~i^KD~&Mr%8lFF3Ot1QHlzrU^tf2+n|o+=lME6VI8
zrs@pGoKh(lQNG=bj#uxCT_;&8p<BN^kS)jWJCCVQMNoU+-JQGt;579_A4KBw7<IW=
z`OBmlkq?p6alvJmB%4ki%n10)>pSCf=8}&lJb$%!xJT-;car4U-eEE%x%;d440jv2
zbum>I!gYA8=oweRv>URb1gkh&N6i^jrF2Un@;^^dN?`2oj6bgZv)5(;Ie?28NG*2S
z$_1iI;ScIdPa#B+ITcdyEAgG^$6M9{hJQsm9<@1VQo{JSTH4$qzyX1}iRsE<C1aE~
z`&)q>ccW1DU6)c!$F(7~*>&CjS7Bcnl~=Q@`Qq;O;skeh*ARjRf_rdxmyJ6K?he7-
z-QC?Cf;$8VI{D6>Gwa-$Su_2wwQ6^*-s`FAsxGcKCrgy0*jlq=AKFdh)^84S^^UUI
zZp{0i1otUd;cT)i=@3eSH|=-?3jU(?gPiXaqli-)#HF-(eGJ});gBk)?fdRLHkt2_
zZ@VX%_Y(^PZL<3;=U$Go(4QB>(knbr0j^ugPUw-{gDw5jidzQDkDbJuR(OjQ#O`k$
z_rV1?cO@67#$XcyQU@u?HmJ@vJ}hDz#!bs`Gg(rkswBf^)XCP33Ddc2Zb}U|L12an
z{oGFUzFn+lL}a*^5X5f19px(3_jzAuSDHqrk`2As^Ro_1$>5)Tt|SO{LnXfr;BKmb
z;MWF`L{WBv5#MiBe~HR!?fM`WCsxxeHz<N5Y9>R`L@MP{_g%x&7XiEcjvLWeZqxHG
zr!T))w(6q?i3clgvvQl@Jng2Nr*d32iO4kue<30V#YDzdE!c;X>Xtyj61)g?H0YlD
zNP8(71itkkbd3k9cU`OXyNX|)0kCkV*8GIv(@WgPY9r6G)>kvm4S?(P%f5n+4_o(d
z?P}X~5yr-=l%I?2TTHk9v~QlWQ+fN})v5_E2F%9@Oe_=VRU~9m2{I#XR5h1&r2K7}
z>?-U616%Wmz#R?g<ZK4F9nc$HphUOA!e&%7IRK1QBd&3J_c(0O>yN(y5Xjj$okMh+
zQ>X2KFd0?XmUoo3J;jPE&OmbdP9;6AU7%dZ(!=N`us1Eb^aM`D9@CWo9C0tK@#<oa
zSexh2QCx$Khw1b{QM<o8f>-_XE1EjqDc6AG%OtxFAB;G8Q})<EKg$b#quhh13JVPS
z4?2zcCIQsxnabqGh*AjP+5S9u+j@n}{eo*Ql1P@~s2joqvVN)<HVgjuPRHvHHj|nQ
z;&xa|i!k>`xG)7ybTnpP2t?Q$3v|9mF@%CzMRis<WZN&%n>{(aaz!=2lX$4Ic0=BJ
z>d3+OHBEI8i%_;jmt4BfuTAfT7!_J|P*B^)P=x!gX=J!2)<<c;13`0R5_cOOiR3SH
z*y?SW>O$(Z-@|Z_38*pOqRP>GZQVpkpnDUh|JtxXJc4uLib#3CS8pZ!p7o*Fi_(_o
zyWa0bgt<&(KS1oZ>e0I4c=Zy#KAlRv94zTe=l4{3c5P+fhrS9=KQN35a`;@42<fNE
z`<+#_mJBUJ-%|<!Jk#v+(T&0_i_&JTzT7F!)PX$)?D)u`<w#cdI3m|z)|I(NT|yXf
z`?rV7EntDkSJm)B-b!)<ylDTrS4KM3eO(8ZMSro5&d;@9=)N+=+{0x=z&7p9V(j1d
zznmmc;rzjgY0mLk*XBHzh~6lMC~FF%1_RmTm&J4l75y}j>-F~7=A#j9c{7B@WZ+-;
z<i}ODxg!Kd1DDRTZ&=-7Sfd!Lo*RacLR~d+LyXkjKFUFpAd?Zhj!xz1G}sB*L0~>=
zZ$&P0eFPHo7s7~3`{+ge<1NoPc}B0~cKDANmv^VLkK=4HQ8b+`KuP$6Rw7Cq)`3~q
zffq~qfDiDxi}UjO$yEai8zK&^wzs3b&9uN<ZAy-`0@deOWehb?I=LszOe`$Te7bpy
zA4mkNu_Vv8^DR`adp!!s6V3aTdNJ7_1ftb!VKEw3pq)?7%Xe7iT+y+w4S1spJYJ`w
zOgtljHB%<sSNvEDq9=8u9fWP!Cdq?0T#kHqJplu!HYBA_z1T&I91~eq4|)X{SI`tM
zj%=4#&vx&aerC=0bgd8LXwZ0i$=uI0X4UH7)P{VB15^nLl3$O;XW`t=D)0iPI$Q<Q
z;SRg4CwZNT&m#gN?chwY$z=V$piBZq{xvh9s!p3bJA`6?I90msw}HFW1!mfuCLUYD
zSAg>ZeUb}8A03Qs;|nD;tbj%Y6&mN~D(sRp>+ig^y5ly(7??Ol7FK*eu;;W0&o}mS
z0Tb@GE<b^N=|r9qlHZnZp3{jDJGY;{{9UC&UDQLu{-CisWzP+e2R^Sx{aBr8h)>qT
ziFO~yLg`CZSJh6?3yb+x1uG;>ClnT94uB&JFd@w{Z7ammT<19KBTPHAdgZ-y3QbQ6
z4_uGxQK5X$<34`2Bk{3A<Sh-p0LQSO;jfOAdD}l6@-{z51QiSiKNic}jq$8fCE@vh
z&3oHZv0|+4(8gc?K{%kUZlLBD8=n3u2~J;_l?wHJRiLiCI}@$<$X#Nh#;4D22j*qt
zllh|54#-^=_J39;w9hBPmy`N+H!a+q9Uhf*fX3w8*oEFjE#idK{GaS+XBy%!&jxDK
zW?VO&q^ZKmU;(RLjI7G?mF5W3o_MjRYK~XQn%C&NT5Gt0P1S}mUI-(4*(Bo8WfB92
zxkbK5t!z+uO4Jif2GSH@U2yLOz*XQ85O}+ok?FVLb!Bv%>$M9$S3Y0RJRTp)KAxVO
z9Wo2I1idp)cCHEKqO13~plR(rOdefw>{d$2vg}%+s<_CyFsLhdQtrG@m|}&#(Z#u+
zuW3*-x94zcu1Qhlh9XWCp7`#4DtA?`sPCyjn`6XG4)(?BtD;hEyJXG=EL?LiY%Wwh
zOFgVkEFqpVhDsW9IZ%*RYM$VtyOtmNBI$h4oH{tNA0M`P;*_*w2?@+yi@#v{sZO3G
zK)4`fm#Y~F<z=_{Z)#vx=lT+EH_QAWG1x%bD0TR5R?VgqK5(}^(=E!Y{`;#i4E&*M
z3dpAIDrIv8g27^BvYm?oaDYVPe`=~G3m8Ta9BSO|C@(XS*KLK!@#E;=qHZGWUvmtu
zS($^~xFyx4&o@~cMzs%aYD{F_4}%!=%>7&lZk#+<LdF<|*|*}XpO_sit;B9zd1B%(
zV!lGrM8A5}bQuzsk#dp{U=X<Th{anZb}@uiO9Jg5ojg5$8EZxdw2yqCh|IKf@E(k?
zEAy4SWb>yLy>0sU2<<Si;eVxRv1GuEeXF-3g(gKE+_Pd&va6;?%y*(8W%9>%kke21
z*oni)mb!-O(OiXdpA8pZJ08}!7{Ls52GP_%u$dm-3PI=lyx*pqS>x*U4SkG|5GFpK
zjlRYFShRGUIk+GMG@t0=izdv|;1>;1-Y%ps1zx)4XEyd!81{smnO8xOws?=1;QAwP
z^E|OL-m+?E_{vO2JQH(+!ZXmDp4asxeS7r~erwhs$1o$B({qMO)NO%Zzw7(|!Nfi1
zyOa59P+O56Y{qlqm=^IhSWefNZs52#g2rbM`5>+tsk0>p5U*}CK=X&ys*M=OU(i8w
zW1dSYXB^F=P9Bs&<DQPtz&36`LGMmyRg0vvfij54iL&ryD4gU@Su-ky8XR~`IkyC&
z%)3W98y<2Lxn1Eo<4>>zcASqT$@G&n&_&NfCp$hKh=R_&PUaHjlL(4g<2Ri;;ToDD
zx!T2J{bKilMB?iGT|q~A<|!qh$9sg5_a`>_)whGX8|5QJ1?+&R1ClBZg(rK3<lU&P
z_@F^?Y}R?d1LS^%op}siDM`p)3~A_ChS<JP3G86m^)!9U>Lu0#6odX@v$lPbczxaj
z<Z<N2DwT#wjSRkgcntc_NhA&!`c{xn7~rb&iM8(l$|_EiSzH2+ZULADAuCyXBZVKe
zT_s_&q`qc*Qc^iAfOk}7Kz>x%WWquKB{u3Q9Tfr67WwsUE&H8W1`X1mf7Q)k+W$^~
zX_%hk!=iy;>Ua=VhJODfVWV`69`0ES`iv_}k<fw~wz)|Un&^IuJTcP9{+9hMB^*W)
z_h0%SZDL28i=d-=scK?)Q+Q#Raa_Wj*5DjRY&tdbyrsxgq%vz#hDN0Rlp%pj2M-He
zI>|{97mQQq@tY>8$aV{BuuQ*a-e}fDVQyw3e)Z=)cJrK)Y~Xzn5fcV8GSuIEaecIg
zVm{MOizjJjd>Vphcy1|&zz<j&?VEO5|DFU4X)H+W?<ua24vkH6nO0i5AHKjwqm~Q9
z8iyCl<ke}^BtXJ~EQop<vmFGhPjnD|sIFP6FWqKd`oFi%>dkcDox7a4>jtAeq4Mjc
z6drOkumrUvM)?)^czL)?9Nj0`mz2C>@-hE5!A9iZ<=BsiZ|Z9I9CSf{gmte0Olbkr
z1UgIahsBfTZA=&3O`8YYLKq36NV3*c??EFAr*d)T&*jE0d<0z|<d=RYC>tpy*OA^&
z)3Vsxj;@}jVv&AQ(3A1M7qA}H7Ly4*9~@NypFIZ0h?2dDE7kL`l7Du(;K7>f@2@Z*
z7nUE?+9z>d$HI=g!*8&%vq@*M##;fdnEWQ|F}>gy<HqJ5st{mTFXk%P`|@9Q79@^w
zpm?{5bJZ3*f#(xUV>%9jpz1@jPoL3Zwvhrx7hT~$xneQ~b0sMG7=Yuy-{U@q=*$}a
z2|8q-3&L^!$vQcm%-2q)9>YF{xvhu=;BhIAHlG^*;M!RxyGeQNM;hlUT)PGyRq8=c
z79SN!UF)+`yRl&P>-8SZWxLzGv7s7pH1KoeK`h0JVv{OYXppfkW>!e`e8YCI$Vc_s
zg!-~uc~GeNc>{hj84QYApB1dJ9iMVGJBP^8qaa|$>4UPlxxpwU;%q4On6xnqJ___k
zx^Z~+`=vI&$Q!1G%wDP?&m)11M9IW&W!$Q;zq#xMIICN5QnYZHVG53fR;{b?k1UC6
zbtTpf0y&2uanBrI5609*!i##n@0v5i8Zd^@xg!`xU5k`nboj~fvbZsL#s}V)n)Ku~
z2hpQgGFVj8Y9xdD(AFYY4@@D@yGo$w25Qve!VTVcsqj}fM)~?!2zCIL*BNL2wC{tS
zGY!Vt+3z5P`ckcvV$R~<XsM$T-v^r88C~<@PU@VCyUd>ow_gG!^Y6yM{3^DS+Y)fq
zHNPCPK@?YRf)^ZSq-M3mtnKbNRK=F0RoDYUz4DaC^JeAp{!xY*zpk4}LbmsBbDWA@
z^bEv`v7d%-#n-mo44Q!h1KhyFUHl%=t0qzbHf;zvodE<eYVA71Al4Rd^%|5HYyej@
zMSJnDztJo>OmrSfzc&4zI-G+!*Zmftsk?~T_uwBwjkc765E7S?;x)j+d?p>x!}T&^
z1z+68eW11Z&tZg>$A8IWdJ_Nr3F72iFe3C22{S)_S)dro+fxOIY#9kr&H%xq5CN>1
z0mXWDm}&1Y1nn6;XQ@^Qu5dckL<57Q*$c46sBg=uuLg{+X`m4EAA=g?2x9oq%A{T#
zY#(3Q@ErIPXbZG_8npB@pE_%k&<_u1v9Ju&VL5V~{f}($H+#tOJ|b6|r17lkj7Xt2
zRdl{QtWYWJ6^(#&8P(TVqz&HBs!lB^0*Ag6$T}A)W6Mex8RA;8^fvmeKa{nY%l5!U
zHeR2@8zp_B5zPbHuy+j}>zrwA!9ho^#y@0?N<%QBw6j)!BHasT^=~mR?u(kc7smck
z{C>D0X*KPI@_oySCi%t>5JNdivO*xso%>LQV1VimcM=OoOSb?9-{kyR`bE8-ovVnK
z$eR5&H;fQF87ZaA)J`SIkR8Qshv_8Na7Z#d3kl{2y!&{X=H&%)w7ruw%GSrR32Hs@
z0-YOGEcU{lPg&ta63P0qdhW$gUZCkbGyiHwX1<R#9%m?LJni?=k7X_CRwvyyW_$Rg
zVLx_sbR2<h-8Wj=_Tb|xx`AN#Re^!vz^e@77);mk?YLC)RNT}*{jO`cRO2IXD&x?6
z`^&U+vr^cMRY8VEciGdCCQD!?jEUde0ijLepG&n(y5+*)IUvYl4H@UcH5!Ld3xE(A
zTj<o#FU<rPxL#bJsmY;kRtn6Tm&Xc*AlP}wgV_Pem?*O&_MtUP{A3I@8S3EAJSRt<
zjt4Rp1U<VsUlR&QIKrqNZn^``VZr4)>qx{DJS8va;~8|Fy*b1fBhpdqVbGL|tSi;}
z*S_e6_c5%A)N+t)rGzyigST-#X`y(Z+_e%5D<=gZYaJ$1*_{HKWM&Cq-~_1=<Jf(E
z289EC$(cNYKRZ<UFow{0#-0h#i@@1y#=Pbd9`<xNW2MAUUnrGlAj6Qi8yTjY@@(4k
z$m9++UM9kl=Dk4u7Oom!cBxBLvu}==%DATwVyBGVb>tccwcD1L1~ogiwR#z|!^P;i
zqk`3md-Z+>QE`?gbA?^fuTlrdoNKd3+7$q+tG{Yl3&m^+9^fO-ZqK_*QBz8LtW2hZ
zl1RkSQ)M|#_13~|1s56<ewBQbxcz_`)c&<gOd&>UKeZL}8Rq)@=C48CAC|I!4Te*@
zbZBV~sb3Jz><58m-d+NoNqnvZR=xDZjCeaw1hiQH$rq(K%`Bu+&T%ST^j88b;gmKY
zBezTh>XO0f)A`@$VouForN?8xxY946dbr1gA~sN+t>PqMhS_`YvqZ0BwKOx>+O!%9
z{Ur7LH6fw)<#twkgrTwlDfKIFi>HTwvaaD5>T#G-9jpLugWCwtwHGdoW1LR=?sG33
zswU|dai4&<4N~~=N0S_fAFos?N51k;0H~%%{^<-Gc}9*PjAdl58P_lS&G^{2#@M?S
z5{EsXG1x3J3ZI>vK;?=;WyephHb<^ry*KFh&Gf{r)b}eW_q_WTVSma@y|_uwQDG%+
zWZ5}1ksYD0C3%FJwR8bn=7Yh*^y8)5SN%A++=?wAB}3uucHN!05o+5<HmD0LfF^@k
zO0bCy=X?}K6n#SDDguSPvan|vCoC6+?XrzyDBUIa?fmU-VxWw)^SHbmj+0`KFV0!;
zN4P<)-yReSO1bauugFh_!->PO17aF#(M+t^<Vb^@YQzZdWizOKY8l@GCSdpCtuaVE
zDa$80R8z_2?o{+P+pk{;dlhhu0mK}vv;ltQ3}^NGE4C^&v-lP|eCN@8T@EEhjJ+P5
z!nnC~oaAa<grd4^sZ<hXI&I&+$AnO)0M^O-0(ra6-`@iBnECknm8oMa8NI1Yf=TiA
z!}mReXC~t|+fP`2Et-E~KyI!ff952C!d_ex57E46kvQaH^mjAQeBqVu1NzW*`*m><
zh7*+$S*gvfYXb`#L<Q3f_ekJ>B(;8z<yaAthMtR^uMx8g!0{L@{lI2(p3jcZ$GeJk
zgB^~T!kB?NdfMpmd!D;k`J(7cGTR0}Rp{6Q`_IiG!dibmE@Lm*!RQV`@_W%qv@lII
z)?!+8Nel<fORvra9<Ig3Pr!P5Tuq|!QDvhQI%f7rn|swD40>vW0)DRS)D0ts8BH8I
zo$t3aSxf%OEf-w<gSZ<{O)?sJM5xq>zLP&|;}Da`k7r-mTdDWP+f8#<y{BiqHH^vn
z#@lIeJd<!%a@0&?&oz2)j6?ld?>7r5kuzVHG+;cnj6(|UobiQ*0stK4mMi3C9pW1T
zXbe3Ua)KoW9-@r4>Qw&$?}kdOwf=ymCe^%J^0E$C-`-AyodE%LUNVzrT`vYbo$awx
zW8>71i~;TS$8Y|R4t&;)yFX|7%lSGq<B0cA<X^1ylLs2GiY=K<SRi|g+Ff;*l~Yq)
z11u?XzVU$dwBX|oS%Cf_`V^ZmyS9=gMVN2c0C;s<i7Ll5TLj14ZP=9dr}i~9b;9FM
z{G~v7=-Hh2tGcMt+99}f80ZNF^<~?sUT{@Z|Brqbv_Q5%mZZ(_0vV;+b!qLVeREmB
zk^v6x+CMpK7IOTPRSto$p|vrNd_asA%-!)t^hNvzkusW_6+or_6GcNM;VayLsCZ2>
z25;|h(A4g=h8GLNb9|q7>QfO*1J&~5?I+x`uqoy+g-o+muREV=S+IZ@KHAY&XeIaB
z#2v-;+aZ-ibA`HYn$!MK7PgJ)8HN6EBn<pULEL>qe3q9{sIl*xR?t?G(46krSE)(P
zMp$0#@O^vJ<v<9OE>G&YF;we~vIL2m*db-O4rP|#M1-g^+<bbj0G3@GIOcd`Hrzex
zOgmcx_1v7i({B??7!vsYTpc#zM-S&Xpjwd$LrNkG(R(qwR?k#r(*zS`gJ2}!Uy~UU
zOXdC(3-$G}t?|(H_qB7Wh{3d**tHVYm~yCZKY8BlAwYE~Kg@2Lyo&fSJizh~=R_zZ
z*zTtU2rRuLh7sEiUu$-zsfuV#Lh6>lTQORDe!XI?$u$*-&8-;w?SQsP;yTH+r*ol_
zl{Zsz-^gR0t}Z0a#OP9PJM_=F40Idi+6ODeSwamp+-j_C@93LHH+DU5A2II>L8l|#
zkV!#bBmj18g8U+oMx1TLa4HpU>Slp?ig&jjiQbXMRWk<c$}xqv{LR3lS$tC|fG2)9
zSZM8ARi+3K!uDWl#w#tjGW<8fC}^k{Jx?^MTXFwdqWOvf%i<W#wa`&+H=Q=M*(p!K
zGH;b)I}EG+STo`BI^O;no1W_v?KOqPhT;1RD&W6c+vWGit#~3RD<^K2m}TQ!fH>xO
zw~Z?e*J*pWyE^r}CAZjANfwdbsNc6CFG(JJ&c=|baLy=%#}MsNZuMO4EksdpIGN#w
z#*@W+O_EJfPR!&2+AO*uhxX;p8n!zhzN7BM{Lpeqp^-czV!{(N6lOB;(ZQVq=0NSM
z7w{}7B*H@46=nAYV=kf;*Y_y%vRpWhB_=d?#Rmmd_IDLADE*hWL`<|8++`mOa`3Fy
zw?G7Mne;(1LNe6hq6DN9h`9nQUrW}>G>)@T<(0BzJS~G-cVnfx=owU;d+1G7Lmas*
z0;a4>>>n%4Bm7}~$G`s6#*O7VkZ*TudjQWppHH?ZB`}los-yJpyG;u{i^!M~TFe8B
zNPX7&JA!^%l#Fty^%I(H{~<<;fZ@A*no}O}H5@rjsCU~vO1|euWb^tn*`rkwiSOKd
zgWP#4$$TfF)AQ9MOP@9{?lX_vOm3!!QTiEcg~12kFA-8JC<^5tEd(qxMbi0>6z_nM
zVQ^IBr0JmH<Hu0wAr#4SCHiFPuk;ih55=Eh4z}b=%+HZSHsRO8%r9AdJ-z<iuW39v
zV5AA}(Vx*Y5`v_TW{341ir|iYdcCmeXauSTA5%XuQ?x*So`g4J=G(!0szzgH74ml+
zxMw`?znGpZX}_eQT8TCb<tx>Cz)=PSnO?y<%jv?auecKXy_;V%k!lWc@zk1z*1o1U
zT{KOy>C;VF3EYgamXzxh#>p68@0Q`mg93Tcf*oKj2(hMZHq(v~asz<(^QoHz#H<Gc
zb*#4)ZKn_46(LzVSitEt>hvR3cm_hJjbco)-co!y&|(>MgDME_)`(oZw1WVss?vb8
z{*x`#GNX{M5}VwGWOdyFw4BZD0%S%yd1pn=x0ArKb)xEm*I-NczRGhWeYuQ19N+Z_
z=f^~(oD*4*&guq+csQ?Cd5d2Wv$UTD-nkU!6=SuP2}Z2TA4$+Tf$COeSwx1JU1Qjx
z^}!M;XRFf~?824}xkP0meM>+I!QVAi?*&2?89tG!`cJG0E~nMEM!8WotIg)k!Q4g2
ziEwJ#h10ty_u<I8m702$!Qw2&F#)OhUAAK`27*X5Bi1N3ABp`&nZ1G@a>Bp2r!|Ey
z#d7h#horKzXM?3JV{ps9!v+(%tb$QCZmRH9(?2~L#=VIO@O_5_#+QMhtf%h<h}{Cq
znV#20WDMat4>(&wVNvCXg<~~gFDYuP&UoaPri=2~WU;?DXTo0GQFp#eZVm*NlhwW~
za=m4}aNm|c@AHgtP}HNZ?taX^eMkGpjky;o$mW#+1Y%%<_@8df@bK_|pFodO`RmvG
zzY07kzFvm_up%r&3HT7y-yG)By|&L^RMArtxL1DKHPn(=E*IeMKJLbMC_v*{>+Y&v
zyp3y36|F~(X^8EIOP%c5Cb?9mzC$E5mc=-3N&!>79@Yvv?}a2nYgbh-&rd3DOvBe3
ziLlTU9mp^!gcj0R)|goRNbFct@YX0PaQGQ_==oI`Sfz=rSxYIfAZR)xn;7__zNpqv
zs?(p7bF4H#Nq(JUgZXAr{88Y$aTFi7<-YDwBk_PcrrT7Yr`4^F5U1Y~b&cXMF`6CK
zS$19yDNt`8QES*HA7wogf`Qw78!?^!AwPxkgMx%(Cpleu21gX$HB{>)LxXc%S@o}|
ziOuc`V7}*&_HjJ%#HT1tiaBN1Q~Q?5IH&KlOiD0>;H^MU+Zx(!LYCq6`bb3ubC<Hf
zT?#=~ImCif@yPh2S)E6=5v85h%N+(m+@A<J{M@MBu!5AVJx$NeMj{lX7E(z&2?un<
zQtPC<V8yHF-S)=w#ac85aeW%Q<Av~3+9PjmVA^2q1Iw?~-sgLlfjM~TI$FNAgx1cs
zKkV6?ax^`k>{YaGae^Y*n6FkMwMqqvc3;bRwFvijp6u;9igaj%H+x6_BqYX@n>!3G
zA&MJXo+r_Y5z`{QzrmtE<Y@BrD9kt(WRS3pH6<mt`G2yQI*Xowiy1#QKo__~M?H(B
z04&&pX5I=e+-Aj89e2E5^9F*(mDZ;;)w4znDY*7Kw)A(YJoS>YTakj;*~3|d^+Id*
zc%+!+zBu}bY97ntPb}=owsY<xO4|GsxVznORFybF{b|NCY9CtL6?VV+Y;(I&#_akA
zDgGw<yMYa{S-(4^43T7Oua*wbtsIvHfaEucSB4%O9SxPYAFFT6e)?}B39d>BqlzT;
z?|6%;497hOb(`Pb3>NijBtHT{mt0?M4KkcZ_b#KDnj;+dBK%i0ml?k}`R#da-96^M
zo83eGa|DEmpRP9`K_DNve|z%(-;Mw>2vj$!&j|64YyP7F8KCX7%a7^1r60TN!Vvf&
zIlM$hAvF>K;layYW~31Wr+E{*5575VG9inXC+lM~=V5_nbdjyNsOqx)v!p-fm(lT!
z+54j%M+@o417wwC58=!WQ&^wp7wX%kjV|As<9RoS9wS?91NteLB+QU7juZtc!`DY{
zEC(%vPmg(`UjRQTu~rz|Z>^bXkG!ohwA$~rl)}2}rU%L)!Pea0_eie?&<4#`GAz<o
z_K#hQ$ByQ+iAybop7QAjm)pp>3_DUJH8)wA>rO9I>n6xWQmC_A)>aMMUfc8uVNQQI
z>F<iJ99ZAhX|3A8e#O=EA?ng*s<YYzrto{+BaP<G3<1+;$x3l|ad4)|MU?(Z6*(%N
z_K-@6#KrK#zIV}I#9J1bz8AD*1aNP4oMm`qj{S_^Os{K>6uM&5Nu%KJ+l_|}WedQV
zSeGIB>zQU*Kdi}UAL!wpeMd*WYjAxCfjH%JvO{&>Nnq6!NaaMv`FO$_ztpZMixc-e
zx;&bE3mpG&th)TQjs3$u)+hJo_T+}Y;_Hq8bhfYtW(^J6xum6=T~smri$}s4d3+qq
zGvqYu96~lL?w#1YnO!;u^AE@Zeyy5MN#JnEC%$4us*d61UE?pW3(VY(RC{epwuL(0
z@^`E~mHk;0J8&orO~pvE{d%M<CP?f@39MmH_<*B2UBda}HAURHS3AVe1{4_vX;$l!
zh$N8=8RR=<XcGjp31M)`S_X^|WBwEbfM`UcWnFLWD>Q~;V1|Z08`uLa!YVBRtFsos
zfe~=%^6a7;vRpb%)fI_D(VwldH?m(AV}Z55%SS=-M)aphB@i^pMdXyqmFgW9bXQcy
z53tg+-TZ3zHxK%R0bUn}TSf;y8j1*w^m1c$Mkvd_m4%5C9vg;nAck2y>wGe4BFMo@
z<XVk_grgBFAHiVV3YYz~eL9w>h@lU$6?yrd$#sxfQ<Ks5XQvboIr>_g$#(f5GG4#4
zwcnas4^}qRbM7GTdeNh<a<Jw%@O-)-0%Z1RYY;A*?pdr;UXW8}`P5k^M9vkp(`7`4
zT6F1;aq%w>*AgraT$XT+Wg%}n?Km@*;idRCSrRG=S!w1C;1KBI$2&}%tqfRnS$4?}
zqWy?>a9ee+*>&jrbMkd!VVPBJqLbL8CEfe5Len;3q#iqk)eY=Hh7>(sEX3H^3e>lG
z5@6(GbLwx<f4E4m`T8!f@N2ycbzH^(iATiU`QyE19L-FD<@<SbdPx3$LUglUqhvnz
z&?(=6r84oLo{K5B9{-OE9~HSltle&2jfZcT&f$15$udA01%9@4KDEU|#gM;lx$_Nm
zxt)9JSre9P)<+Wj{gK}Vq}&ESEP*XGJ7*lPJzLTP!iwO`+ftq+)pAYZK5JC^djo6d
z(7@4Ik`>cBJLmJyI_2(r<mD!t&NsTVo(Q1|WE6+Jk+Us~_Iv^2{tRNY>Qr){2pycC
z4Av6@V`M1{FuUWWUxHh_qhg>i&qTLzuem=gb;qP^bkI6V%2h2KNurG1(gU)~P*Mfo
zV;`d9?(Q!oN|&o+xx5q|L#eRuebYbAmJtP!#A#gD3!{odzFT#>f00I|{v{vzxo^ig
z_|gUcnUNp^mA?LTY<()5?(`lrpNzmsO7SC6Fw?4|9@&~Duh)QFE2D3}JBzmP=hmZd
zyn63ACzmcs3-+i&cM+kdlZHTK5<C`vDPx#R`t|lhZjdK=C#STIR;=+UnC~?gR6t9l
zsL+W=j@M{7k_BBs;EYi$g#`}bFA6G-9C<gEXnoX9&F7_)cCq<Z_a-dsn(tT%t9w~l
z-drUd*+5=$<4J7Ed$Vt}8$M?``l_qBoVn-a$4#FSgY@V2k;I00MiYR>cTh~movT+O
zrF-=%K=q^(Fb#V?LRuu*%%R;)RZMg%NK(q(Y`Xn%&hdKP?A@wCarE7Hr|@U;4I)KJ
zYnz5a3Hf4N9Fjfnl});ZjGY=d4yT`yg`&jY_hCQ6V8+-)PzqzF#vf5qNHV`@u`1=|
zO9w|fE9Fn|A!;OaI1ymM@2_o**_23}1HxqC>q6*DI=xBPmy3(FDHm2kp!<f;4m`z7
z5hcQNqs~VlqMywCIpmMGF*V2+p<$^pH=l-7^s`EmHDzdF&kuhXH3X+=fnVz2ocuEe
zsf@tK3W2gIlE~)t&62;j=9Yr8AoC`QlTmn|C3S%~U224y{s17xD3|wk#4gYig1jI|
zd}h!9oBo59p8lx_+_JLYQI^#_6sloUGx4GfVtYbk4GzYv%;i#rysC%hJOd{52hfK~
zM+XE99`Y?uHO~f@kap&eB>9vR4Rd0Acsidy5;4%iwqr7_zKsqk?5g*pF<q0;uRS+l
zgyybOm+g})!c_y5C7{W1U0V8F35gXvdY8sR6_Ylot2cPT5PM~OXKfam;+))+T-hr-
zJVjQs#Gfw`$!E=XCRA>ir^2wbs_O=@0_l+iF($c}xN;rFImgtJzpGt)*5ohDHple~
zuvSGK^`PNZf9X3K-swUyzpfH~>u)Y%*UY9MO_*48FWLj5$;p^&;a6GTC3-USWW?iL
zVBSJZ=(kia&*@wf+P~C<I!^Zdn)D}S#iaA&jkqd#z~G!YD2?c}^L!o(GusKh|716b
zlj_~YHt%or{iJ~=c%o50uV^ZvfMpn@)NQGh6K59I(Rf*^Qz0gXN!^j?2iF=vRnojQ
zLyVXdTp9<&oYjfAR(~H!{{A%x3O;068I|Er;h~-deAq!-*pW-<L`7C@HuG26N}4YD
zA48V3{@D(N`8ereU5cKG5j4lEeo}Pt2)A2XD6*Q<)_QGeJ6l5WfNf!iU9?G8J7m_z
zgX7Bv@UKY2c-{?9jlX$`^!{cc`madCzxV{|FGjBmvtUI1i%04j-2(oFOZYuFQT|)r
zqIfS4KEZ!l{xe$fFOvC>!oUgwSsQxTxi~W!85)_JD9J)VVuSvj2`PTulL#UrKGzc~
zKEex^^nce2!2huj2-F+T=0)=lKKf_U<G&`oc>XKa@yde;l9er9!;}7>?tf~QZ1Jf7
zRr@;_vVbi<&y)85v;2B|*MBX4<V6ID$sP~u%|!P9W=N4eUd5Xl_-D|6>N!aNjq6}`
z5Xi{R*4f0?nc3aO`rqIGZw&aK=<u%){-d<%fj~AU&W8WDS@jR*voH`KP#_ct6#wXr
zsxfK!cd((Yg{g^?Gqa=dUqi`%ZS%j${HKuryMR!PKp-a*XJ-prGpGNPRQz9T2AORY
n@9hKr*JkkDDVB)*B^(9~0^$4zvmnrfM|`~x4XmQqKdt`*CwlW5

diff --git a/documentation/ESAPI-security-bulletin6.pdf b/documentation/ESAPI-security-bulletin6.pdf
index c8e0aafa5897dddb335b4246947a2cbe1678ce9f..1655acbb69873583895f72a542a45692ed5bb107 100644
GIT binary patch
delta 38559
zcmV)SK(fDv^alF&29QaAwOY%{>&Ow_`zgE**y+0@Falo#vzz3HEQYLdgCQr7+05&w
zZr!R@w`9*D;qdENQn|WrUG-J9&DkD*J^bfr;9s)tI85&N%ij-w{@wB4^3)uE`RC#G
zb%+5-2Q!_A<JaGgzkk`Iwa2f2{B$vPK81^Mv%eT`!t5?4&L_BkN%&-#?S&tDc|6Xi
zNnTF#crjOcdYey4p5Dy^zx1T%kNGcOKOCN4haXq+IOnzmqUB!rb!&i=wRnGni*@q}
zuAW|nMM!TWzJMiDrb%;HL~{!@NNGVQbFt%EGAok#$!thwCwncjF*C4U>>CePy5UMJ
z25DjMcwu4DNTLdVi7aGyEtVC*v`Bybb};bYukz}Te>j-q$-?VzM;p?4;+uaR|J0bA
zLLfy8G^Ce1I+sJhq7o-^a{v`wzD@XMppOAvZ_(>0ESS}jui@{B?gyn`@aX~9V2wqV
zs2C}U?h>^F=o!#I_+~(J5Lfudv=u6L7(wCW?0L+BTNWID+`&R3hZ|e>0n1bD*;o1G
zF~psL*K{$#*)8w8A)=K!i#dleRj&nWc=}td;JgbIy8MEu>4kk^D2^O5*7lsOCD?Gb
zBWI82z&AZ-2j|bRqsPU?`RnJR`Po@JB>3MCE(Z8NrZG7kFmaG@@vvkaE^zg8z65eb
z6o(YOSSApE92bkE$q%5(&j%3S0ds%+c8GD1&qb3CsU5%)g_!Pk$irmMsgU#C9(i<%
zJKyb*d)jfC+*ez!LvG?i44-#MeM*Wm-|dkHvk=4QJyPpo=NDqS+aY(8J1@@RyFGG{
z)Gg$6w?hs=2hp3!`EHXuU~G^ubc57e%&m(M@R^){@Al|p#FUxo`EEt8Gbq|D28^Y=
zr=(_$OQwss8xrmV$N?wXDey7jWpH)Xfo1Zaq&kQs4=apqs-x^-A*EVm<|TtTS&SZ@
zB5lI~3(u&t9_OD)Dh}kMNKcr>gYr?J8+T<UHWa2lQ@b12-OPe1;EP_$n!7V6cjtmQ
z2webwv1vJeVCP{G1BqGWlDr4597R?nk)_;&rNrC{RTw@!xAM4H(uX#WzhEVAh&Pru
zwcuh+`yg`_D|GU-USTIs4-?m99f51NLlVZE))5wqm`CW~?#hN@GRJw?7iU00VqZ1&
zXkgb^cC&Z<bV4>JH1(13jJy=b@WQ-I00tC)gV`^Ot$@y7bnvXip?mN9acI*z5I@>3
z&NO!O4sAgacvm8k#Uf$DqA7(F$5bXD&Fc;0+3*<vEC%<k-fWe@wV6l?F@5&a!-d++
zbgRB)ZRO$O!ea8N2;~Ff@#3M{xc0RLuQ;h0v%o@0YPd&o`kH6~2LRid90>5Z0nw&^
z_KX?eT61*|7OJGj7i>uKHK51fBZZ?UMd!eT8cg2B&P4|D(;zoY1fLVdQx;ra(i39q
z23U#_E@Dv8hG~Q6C>Xj}m6{R~*AMjFvSj8hB1+p4xGJ#3avd;}ZCe5M{2l(Dex$I#
z@O!YP`_>LqfZA4Do2n5c=CoLgGvBIzRIw_NV{un)4t=R;{I$DuklDo0t_0@o2yGJ;
zn_Il->cW^8_E%=;B?GvX)XHFR9WL5B{Mg^#1bRpaAy!5jis)i##{wrEGdf7#1%4PY
zp|3E4G)wbzk$$NuUQ5S=Ic|fAeAnO67h(b4G1x+q<F<Nk??Cq++fH;p$lz*!caXn>
ze-^(gXH@%<NSNGd$M0LL@yo>zx>KoYdjtg5^CUtL$8pUUCz%&>m4Eq{$lD5+$?Qv^
zwha}jiPO2szsLjrC9NIy(d?5YLqJ?&u3o?($LlNqulJ#6Xjk$b`rKwli|~McLX~-F
z&oOPuZq{Db8`iV@{?&&yi*a{<W(__}kZhV+Lk+(|j4f0q2`Hmq17>-L@f>Ip5&{Pz
zN*Cfb=wiM*(gA`Ww+A84jPRxv4ieWY;_B4l@oPQc&!)wy!|6eGWt>awy$SvvXPm>N
z@2G1c(vtJ}4aGwczyLX7$ef1!N-A%)KvQzcl+0ku))V~g9^{W)3OUJtzaWy)V6V>h
zSSNlX-@i+FNL6ixT{cz{V4%UP-cU_xus2jou@~rdWZ2N)9E#*HEJaLh(T`%nnLL23
zd4e_t0ew=95qAo%cG=+jB_83258ZHRzzm8oPfd#XSc+3u3@<<krSO9)$`umOg}*9N
zp8yV96?B9wZ~OsRc8!pKLCX@u0ruWfQL?2ZF`O&`OO=yb=(6n;NQ@)e&&D3wEo*4J
z*(lh7P<h)i@-DBfT_Dy;37YbQeSqahJ#v&>rZQQa^PogS`Oc0wgU%z4B+V3nk2&L{
zGE_eCfOyk-NdLfayym%YJ|p1s1PCcf7-is2D9_7b1t@LFW(Ea+)^mOu*C(mBNyhnf
z&z$q%(+dZEKG8Wuajwv-^NzA2F{}<VmZK01kRT81lY@K&!x8|qxTp#rNlEtxhjrbz
zmn=G+j6~I^nEiWW+T?VS+ap2Pj|E{rpoij5_b}zoQZkV`ov50SDnqsX6ZK})pTXbb
zUDohvoih|x(2%l!pv4R^_cs|}mvwO<*sYO=g*7<k_|z}vHP7JM1ZRp^OG?d_2-o?2
zCxke0T^hrU=a<EE*|gu=Pa}3=9VO|L{z2KZ$b9F?N~-!x9d7G}kC|v*OCfKnT*g;E
zm4H^e0MCl{UEqAvnkk99o%?4EsdrO@#1}W@eI&uI?ZQQWdlxONEW<9~Eww}=O<b~z
zYRtA222*7R@~RW3)Y~P8BuTd_ywZA!BRLZCG=euiR&5QM4G-qTnnMYe#vVI%lKc}g
z#-NqL_L(Mo#il0N?oWmg5Un%FR>A+&F+8cHkQEYzFjdjkqbP2bcZ1nY?aqhZ1S-HY
zSFP|iZa-pw!YMvHDEk9m#4%`8URw<@)Xao5<$Lc-9`5h$Rb}7-iHb7ft%iy{kHpm)
zG&R@^5;o&#o3va`;t^I}<wRhYNt&8IjdFYGBa>D|rCepVx4s%;Gk@$zD)qSc%Yl6z
ze7jlHPZA_OeNyS1YbJn8zOFi|RRY`RYTLOQ^e!KNbVv5B#CB??V_~8h@z%t`g0+UD
zi}7=t*&FkOy!Fg=w(K2}QRvI?OV!Qo;BWxaT~`u+=jC|E+KggDhKrP8x3`C=7@GVL
z_#Xv$`$H5i-hAkyFoVyBH10bUT*(3X$i9NvcaJyigjb}en(GCn>ZW%INlqV0y0kI^
zsbltkf2w06?}g#;zLs`q2DO_(D5+vSF%dy`PXk3po78G<m4)QUH!*UBqA|_%OQ9!^
zZ#|y|8#)1Gf*a4F%BxY}mZykK@@hnzhdXD<>RVVRtbnD4V=C(~89nVS@rmNbHHy=(
z1~MnD20TMdVONab{TRslQb(4b12I6Rx;K)4@yu1q?~S1h+Wt=0=I4O6;tue4U8Q(1
z%+;Q;Cx^>epLnd1X=mQ2me`vd?@s$H!RVfxG^c9uB8VTm(lesF&J~2vm1pULrCO+F
zCg^&#kGWTaB*>;b09HKd{GVF+t8ghhkgo{DIrr$^EQ6vU<5exh(m&CcJ%7%9s6OC-
z$oZ`#uDaj<O{J1NY}#X?--d+M;m!)(aT>y7anJLO0v^-itujz3{HU{$p|mK*<;UhE
z?sQ`<PEnnFSPu!rD!Ta)T)JfR&>R<qT1Z~r)^S(njMV|IU)!p4E}NY!@k79F9lxUI
zz6U4Y4!%19bNVb|mS%-JbK4AbwsMF!+7sHWj*=)XcPl$5i}NlN^tRJyIN7Ti`{=<)
znY}BIY=q9+s8K<~z4QMuY8EH|c>FK*8tE#NVW$%eGaxV^Z(?c+GB`CclR*qWf3;gl
zZ|t}czWZ17Ie;B*q9mZvKyMC^+av~Z2y)5>1epMt%l!QmYaxq^)bb?3gJnyi$XdTz
z$Y(z6>F2k9pA7tq)}7|noqqc3+aG>)`WHVnr=R}*cKdpp0t}ta`Z1rr{&M>Dr#o4D
z`uf`+&n{lv*~H7cJKO1E`QE|Bf88$l?0r6)VCFI`T*BGA^d}Cs_se_WkLSz#0;Ay(
zJbC0vVZQg6W{H=0_JO{@De*PWfa6`byxTN|zxcCt=?1Rz*%=%|BNGKQpnQ%r(;PJO
z=jDA(YhKgfh!f%SC4C38P4LoPaXhjciAMLC-s9vq_=UspmM9=W2tP$Ce<X?<-OzLT
z4F1NkbQ9!zS8?Q4;#$!I5{@Dhe7nbRxcuqsw{Op{w;x7&kL%QGz2_Tdip-1gKnYPq
z8oymuVbheQNjdhChZTi`@OKHC&4+JD3LtBL)>H(dk4Oz<V0XNc_Xmv<K2EQdz*<um
z)xKL)H*!{9gCQh?)*=ywe|a>lw8a0!&WdBm4fzj08PSzJsW*yx)%3()X)N0FRm)N-
zmRyjo%9H7Vzr8ZHY5ItbZjC3!DfeYf)+~cm=d*Glb`GMXScV9H<X@GNu6a5I48k!9
zAr#kAC?wc~*ypb;!<HF#^SZ_H0!!N`&UHl&Z^^vP(>(p+7FgY+e<hRibXs+a15z9L
z2AMbcSAxWRk5q<R;vWIl)h4dci+J=N2kha=z+klyEQ>)4;Lkt483->w^Q+(e=FObm
zExi8m<R<sA(9J(jzwg9Ib`#9U+QQT$dnkp4c|?Tze3u5Gu_HlDcTSOUM1sHBPcQ*n
z3v*@P5C`ofsASI9e>p@1iT5E&U}$*4Qg;b`4{hn@Za;n4oq=%Xo)>4A!e49=5>4N&
z0tEt?0jLo-3Uyn^^5?K%jGa|9ByqGHkT}wEcyC@tEEhjqYYb21TrCeWQ7&;W!iMm(
zoVO9JOE&zR#;e%EO2nukP*Oo@Etir*Daavq)hj_Qoe@<Ke}?k)59A|RzF&vNKx%gd
zxD=k^N@2+}whr`(Ymlu$BK9dj1PfUEDqBich(C|?ldN%HiPnC!iN_IhL^$hX*A@s{
zyTCG|#fT4-LHJB_B<=?QqG#Ackc1JN2x7wmCOhOg7~h8~(q^AiB%Khoig!sY>2@6M
z#S3-Pw53jPf89vwvDQVEWR-x#X%+d9gzbS@s-zz+68(=qPJw;odAs(uYhBYCA*M8v
z?hJI0HL4_o#Du&sou=emUDAjJ5obXv)7%Q9)(*}1y8zB$9CP*~A-cj5A_zXQwlF$!
zesW~={-G8(5TiiKmK%~%76;cZ70S^>Wnn7sCbkr+f4R(ZMVz?6Rt`X`?|AS!gNtr^
z@MNJX8L`m$B!R2Kc9SE8(p?l#6|;P{W*N0r>bzB%Wvs38h5b}PZx$u$WU>XL5<Rpz
zgcg^I!8vVj%CDN}Re}pc`o25I`6G;i1v{?-BBLv2aF4m9^p8Atkk%+H5T`}DiZa?_
zq*TDze{t9?wqCnqBcEOqR#GRubXE4Lb#vXWv@)uZcgxZOg*n0;EAU@w6B7Qm)1)*)
z;<sF06%8uHwR?Rb7F>2f^0JL?L8Vj%qxF*OG99-}m<+>v_ROYBrE~mb;LpAx;dNoq
z=4K;jQi^w~Os@C_>#?qw4~6>e=w33wBe-(Fe?5I0Yd6yC8fqE`R;e==MUo6%i)G0K
zB_-B#lAVCSjED)pm$Zb0QECvC!Aoy)FZt5_Ic4~{8B^-@h93o;8CHr3)1(DBu$PfF
zi@b9lR??@Jb!FS)QU<lJO6R-g+fH4oOsNO3quG2FI${H7l{9qMi$tiBCvo-4Wij@u
zf0?o~YCjYMdF3+L|J$sZjyB2qysx;p^hYWCwwX2^QAa?&uT!&hEhz0TB`0~2o$lw$
zFTx<fu-DmZ9g&B4uhQ=(Z5jc(3eqns+yT-n=EjB1WI3%Xs;a=7g`{otU=ZI`Us!$D
zc+zm8+JqT5`{bim8@XB0MI8n!(eC#Xf9y_KkV=WFL>bn2!&WXoz)hyIpQF0-%qgR`
zYq*hpsjf(%J}dJ#^L<9l(6qfrb!;)&%HuUmX=~Wm?7Vi3tRv$3R>$teZcBh`*BY5i
z`IT`&dIFU}AL=L6?V()e>?fa9saqN&Yy(XyUmS9<2cR3RuU6eKWH1w3!c5MMf3{XF
z4Gx8Nsv4RH?Y(^^`L%0jOwReL3Q;=+4Ssesh9#w^#%6CYzDe{WYW!$OR6*bc6{Db#
zP1xFgCl|AqYUk@^p{A;vy<+$q<xOm|HxO6eg{>>jeKoqN?;i9qQ1_rz>!2vHMyC0Y
z#gPNsg`<$Ew)IsKzVcQ|ad@2pe;^`jVX5&|c*FL#8&o#h=Glag+D>i3xkDLsU?3D1
zUyrI_YRp4wh_t5yaYVMTRq1%hF|Fwu6UsI-*G+)ZM+0QbLjqydCM`+rlyuhQUbn0m
z9rccPp8RlQW9VY`d=P;5v%bv^cPuql)xXfW{2-4}IlT`rYgH4Wwoxhze>t7vQX(}E
z$aIpNCZr+m8h~G?y;C#$3P9>Pm?sKy>@WF)pEtM1u~oPspBgc<8!5ZX-tBd^Yc5su
zOr@w{O>x_=Wy7;ix9cqOK>wlJ-EOPms5r~JVtMacSGJVzhq99(r)~Bf*e@+0*JoQ)
zxIfVL8g#Mj$n0szWXe8$e+6<XDgvLja;l75s>{VR^!0LOP;EI^_m*9aK2^Tic04*m
zYr1e7@KKbjt15o03V)5n?uZU!?0Ocez#*5RiImVX@V0$LRqGT$<N5S9a@}G1?p{vc
z1g@fvZdvre$8>PP`HK(3*?J?Zvi!Pg_;A+F5q|sGO#yySafz-{e}W6rWbh{&2v(m-
zwG+~fiNmKg)*3v|q{VD4S<aG&+sQ_d8U96|-uF$wEPYFP&ebEc2$C(T-!|PEXtwrY
zOrBnMt6XU@4t4>wQt?O*ZGoVPAgC5-q}SW0aB^v5vCv-Ybd*;tc13-Z+K4+FX4#iT
z)kl5w@-v+(S~*sxe<KMSyQ=L0JniO(w+-CdWm^B8I=*p=z^DDEo`AlML=A?!dBD#z
zWtH>*%3gRhK3|aM-r1X6BK+Fin}jqPYWM+p-KiT@Ltu@+Y)O1IN#b#7fc5OJm#=>)
zSja#8*#vcJ{h1?Gr43SV7!eT=5w7@R$jBa`QMpNhj*mT(f65jt&@oE`cTL54`s*p1
z)``7OfQj-^awY8S-Mj;HPqXBy(YFZKvFIdo#Qw%aiC|E)@J#CCJNXnjlB0X?=?Q?>
zoua1CgcI3U!G8O&6HeqE%?+zYPKd3nooADrv_|As^r*4Psg9D%=PO0NFbSl{ur@!z
z=z(kSDmFl*e+-QZz?m1OMq~<;7CB5=b~qWhdls87T1avw<*4O16^e8QmZ76QT^a<c
zEZVCjo%-h3L$=AZHHYteEc%0@^-&e?Bw8zzKQLdD>5!Zol9r8V6~gGPBS=EX0s{%p
zEKKqNi-rt0iRW-*2*!4A!x#I^#^m{Y1qz7m-*Ty>e}xx5MLO&N$O?5>8|viCUFwcV
z)R|76-%>a>peVkuH#;y?cBo7t6~(_Ce*_QIK$6W>C?NtZyva+EP#`R-hEwF-N}DqO
z#Fz#b(8!v7MVvId9T1_vr*VR6(f}ilkBQ#sJq0IatIQ8-L<twiW&l%=$Ug3a*c71J
z0Qf5Se@1*D_7EHBr6o@>1yW-^7>|zxcHDh1e}<JDj4cLZdzQozxO$`u{`Hi8ZXmp&
z%Uv%1j&Xz=32<da7I9ccuqwnH5V>7u)x%|bS97pRvvk=J%%$3$4(BjqMo}EOn9UGO
zZRo>e9TM08l^-OnrFIi~p*R<jQqi;Ru2nQ6e{*Ixl8Bchz%TJkJfe6&=Cf60K?#Qp
zjwwmaHk#wqgOx39WfiOx4cBa~*$q=`1X*Pc)^iRx`|)n1B9Y?UO`?Qa3#U#pN?t-h
zCAeJB8#nh*W2Cs8i5xQL>i;#cXp65UX2OGg2{#EmmOX7EmGcR9aAbicN}&eRC5)}%
ze^RAx6&Mv5*iI28H!Of6@H9y@#X0Fxp{=hdFQx*dS<Q`8DV_LmHXwnuBhvM&+LhY_
zi@A9Jl?oY2K&$|yN`+j_87C=<Yzn8hPD5?jO~>f{ZMR;7s=n)uQ>nXsAg$~Fa3}ve
zC$F}*h@`1k{=*t~5!J_0m+I0$&BgEbe-W&@_nA8Dx>+QA=&sMVPdrx#V(EW6WO6N+
z@c)-)(2K%+?f>IwZpoM3>2}Yf?Y5NgZI2bxCa8`|*%i~<P}OFIZmVx@A~uKZl(B7}
zG8s@FY60X1a#4HJU#WDva+zq$o=;8X#(rq8tshSR0bzQ?$O>g{WOH<KWnpa!lYG|+
zlie8z0x~(1=NUqOON%SJ5#G<Q@H*g$Uajs1V;Flpf$VNFki{XZyddNTayR$yr=-%O
zN-D|rnUgRaAKTrnM?Js#R93J0@axNe4hsIfHivaLhhP5o@~7V%{++&6hhP5ja`}8&
z9NfC9{dGNj{`K(N4|CA^@cH*|r$wEQ`ee=dXimz<*Y#|FPI@`(lfIsh?xalk{2nj4
z_`SKFeZIJ!k3M{F&o<o@-x?LJniU7jx0-Ti96r3@oLYy^CM*TN&BMkIhCKLQmZ&T~
zYdm~#@OFortUs@5H}LFnWlK)`b2iLo-r=!Dt0jErV1>)QIg~SR@k&?^d{b7a!tnV5
zJ_lDdtlZ&$z4({|afFXa*e=auvbdEy|M~OxFSpN^pCs-1eQ9)ua!pc?>!7P`l$kE=
zLB=pQc~lZny3gmKQLFeA>Ncyh>K1e`SpTlV`d9U8n;qCUcY$%E46+J)u_S%I!}`+P
zb#K{H8rh;kaM72tDSA&*Dc*vX7hhopmnG}M+iI_W+#RBR<1NHP%q8gCRi7fd7|XsG
zP+lmpv#^}B>u6q<K8`cNAiAjNJ;|yJ7gu1mk#4lwf^yvQ>X~v*>ZU)=pZ^q}F<yM;
z+sPG&4ckW%#dttWGU+pihHfv(7^ysV@aklYsH8evqa-3~75wilT=h}CalS3wsL<Pq
zSkvTxALspKZt>gxD!i_zM*4H18uhw2LcQJ-YWIvNRA%3>=q#xy4SJD^mRVuz4CqBw
z&}f5kkaSO!M{>!T==6t0gG@I)=p=JTvuh5!MxH*;O${WDV94I1D_nSV9EaVc5#?V^
zqY>NziABywzjku0cN??+Hp5aM&ym-ZygBrLjw&#_!*lJDc=jYdSG?*Y=r-nm>LDZ+
z!ks?Pzc*qOvtia*O(ZM<rVXVGAHNZ%Eb)t4qtB@o{AcQP%cfs>qCC0%j??wed`rTh
zdvBo&evA%B;8Otx9q6$><(GkqP<R)*VT+zY#73XvL9+ES3a`i)E76o_tXaG7*@KFI
zhkan!RJR}F(sQ?4yno&9xm}10D2f%#XYKNKf}shFW`q&_O$;6^a0Q>{crqG+DgK!O
zNY)TlFo^U^Q7TJ~fgKBmY%f!kxHto^jVY^&YF!0Z)O?Bq+Ztw**(0=L&g-^p*9@yg
zxJ~dAxJ3>GRRs)WXU|ghyiqexOAG0L`zYpbi)+Y9E61vN()yy&&LHZ8R*~Fs7{XA6
zdVO_bG{QJp!%k5kVgkuysi4|fb#^!x!k;wlS5gF-OsDDSM1T4DML{+CYr6D@-@T~A
zQN#9sKCBiJZhZf*!yh{t8SUUXX|;XO#iGuY^crQy>IN~NwgV07tY+K3Vk;qkGuF(D
zg-pCv%J5xua_O-Pk@c`jZZ)PRdPi$hrbF?uKqhgigjGSOWRQtU%?{UxD&1_*Xtxk>
z6j;2RxOXK!lGe^@St7nJ7nbDQ12h_puf=$h9ieC28s8X1;HV*5SdA=|UBIfXMm?#3
zAr{*Mwp94>ayT<E1@r5=ik0SnnXzFwsO*?!EV+Eq%0P;6YEfQ6hEp5-?dpxGDO&~|
zC7Q<8nT7?^*cP}D-%F;k*ia9NwlT1bXpnAQyEK?BgJPy84VPG5LbXmLQq083Uiy$x
z?-_AD%*J$OHDF9Vhy#zrULH;uJm)mSa}e)Gz`LO<P~V&;Lg!7N2p`3N;JWOCy4_PC
zTPSS=+*COkR$b9(!MVAfulm2}BZFsFvbOsv<|1Q>0RAB;U*X@)ZX``k)#%oac1AcG
zm!5p?R(&oijk33}kd|eJ4~j=qij!OFEkvwpbq_@M7~GGKnfSmM@s0}_J^3_Jo{@JJ
zm?#uFN+#gv<m!oF#rnm6ciZ(8>59BTCEC~kx~6(oUlxO_k!4!6p{8w1@ZxyZ5zUfn
zssq>|;X_3yYL-0QYW7IPq4i^#d#2ouxIj%*<PgWEG^UWb6T+)=pb0Q!*=FtzqVV-Q
zQd~+jX~|=(BCA2LA%XPw#ALm7EPl(z_CRaKCR_uIh~Mqup0`|odJn4=?_mYfI?6C%
zV{sgHIUhmjSM?76Zt2qp{9V=6UX=)F>G%^wyZafUHITY?agku&QJbb%VAyOgAI$kh
z!Jcs$fe4tY$?mp8#;KU5WyC$U{eN0d>!*q25y$yZ{gywp%u9;ULK#=iosKOR$x26Z
zuz2HuUg=<PG|feSC#@lhk^&XzKf+C;me;L2EXd>F5-VenS)~{fI4j%j17uPksY)y1
zBaXcodc;VM(XPq!1}ir@pgOX2M?e8c1`3Ke?1It2L?;f~4{y;>--lzbdLS0`{Vy{>
zIx~1hK5k1%xwFj_;>m0!cvI|O?w)cq4ixU>oo)5NfaFYn(=3Nq4=W4O+_;69NN1nL
z#C1m8EQ^Mi)NkQ5Eb`IFz3a|jq}qbz)n~zaMMpAi-W!6Dk{jcZ_|*h<>x~(z`DCH&
z;62VkYo`o^Il;uzF6X<hayphyy$d*+AA2{{S#HiKFp?L!!l7LYdG3TbxA#Xgaf1YO
zu+v|LYI5>_OflY9>i|2*Xm~`^{{Y7L&XE;v(YWrUgK!lDv<0LfoZ5CLKh*&EQG3_T
zLz_3|1P1M6cx!gfiH3R==SmF9J-Xu#!#ycV?-SfmD?-eX<opE5@=%;46U_;3JC2iX
z3jt4BtxOxtjZ3TkJm^c_kL)Pvc%sO#M614u$5ZBiF*>Dnbb5N^UFxNdkQ*D=5EJZC
zCshs=Zv?moc++Qy@fOW!*v4eFgIGjH@?|8A9vBvAW0Bz^<x@&iJ6WLh8Z<2~&}&t&
zPuOQrSePJ4BOGt&pe`Nhhr!_BSA1|{Ov1TBjtPS(FzsAmae(-FerT$tXsl*mI>N7u
zU`^P6pp+0P(+Lm6yt$@Kp(*Z>L$-Rn+2(RQG=)&KJy@4O3X0F=N9xRkR1lgb`jCW$
zEdllTMN4#Dh>MeIkI@v2zm(})vZn`hx~ZQ18y)K+8CGY=2OqUId!qmAUfwm!)&a|g
zOfo0hRxoJ5sFRoT;jW^(vt!cVb|J++J%ZDJ5-iOijKH9~(J&ALWb3+Q1&@L}#@v8Q
zh+%yg4LvAU6rv-@H5=XIrLFY~3`qvA@zA6lYJ8i*HhO3*6>q~hsKPPRV6~5-JR$mw
z+6!$c6dSa{n(({~Sh#&U+e2Sk1xP(zQ{LVYSlJ$3(XfPfM3%AU@p$eR`ZUU1Vvj9<
ztzVw-RgsAj%H&F2%z7SDlM(}_GhL<Tap8ba_ifcvotdr2n3Y89k2VBlOm%2oN*3fm
zlJZpFmG^WLLkNv9KJ9E`9OvXM))IuWY!M)}tbplO=4*24&bla?;{e({)F)KLEL};l
z=GjR#{eWX?*JEmuBJSi)B7rPCo8mZsWs4@62F)Zligp|l$M-8$E$>dm6+GGMM=5?B
z<<hk`77dhVr6M6V*O7_<1rb*KNJSu%z~n67)JUEC$);-6``)({P4jjPhtl!sy<)dg
zbj9~{^+ZOa7$!z+8L4M>{3P<xK3YekM0ScgPPQZWQP=-{RAN1|e3GSHAJ|5J9(u0S
z&Gqop7XXC;nd8J)qxI_Hf4iE+!T*cjykUd7bgE<FExLa&3owU3BfyHn{<d>8nd#z8
z-=&f|d(4@3UFLFZ{&R-fInKhH(4@)AZ_>5cVt=i_R;#xWxY`-*duFG9!$Z3peEx_G
zm=)@(Q6s|;5ALDkh$z6(lY+>91&lPO)IfDlAEs(8G`NhzE#|qbmUNI<nbhRZq^XSe
z6E%e1-Z-S&GE?)NKNUc!3%y97wBF;eP?CzgQhF7dm)6@2bg72NI(zJ{cl3(BA8^?8
zRiltTcfoL~$X)1gu_dz+NwV_>EEz?(K<N9@*yNk!N`G`{RredP2;XUcnin9*G@f*J
zkbi{HlFlV3Q6S3jSZahRfx$9bqsF;=n6oN6f$C_nw(sDaYHJ%b4%E#wagjzksST+9
zROHT&U%_W1=GltG?M^5I(g4JMW7*n={TTHY4|$&CV}e;lc{zJtPWo0;FxteHa87NW
zns$BD<A*f|cH(=aQLj%4-aj4w3$)1Y`;%d(6AU>ZFd%PYY6>$jHZhYvCPjZMxedPe
zukd*QJEEj2RRM+puK{wKq=6iQoRXOUK_)=nW&VCBQVX?|Z1;O;bayQhMREN|l{&!g
z_mBVW6#mShcW%|YZ@+x}^{3r`!&9~U_OFl2=f`Ams8j2~?LPmx`@=);0Cu0h{_SY*
zCwtWDw6{kvCvybr@AYY~k7|GNe+^xW$96vL*Q2s9pWG2{{*iX^m9lC*;nbNP&v==s
zDvh^#J?$a9pUep_-Dy8FIsd|s;U#%CO{CFk@dKDuenO;am|xi3ks4fSCzB@(r@aZZ
z3=t>xc%~mfwBdoz3{Hzu2n*QEGVhV6F!@^$%p6&>yrSl<XzL}zLoa`Egmz+Yv}WQy
zEFfqjg*}PJ4?X?;^G_f5&ySybI-S?4(kQW_uSr07zjrMI0DeEj18QKwC&nu@u{$R<
zPRcVw+hrcbyP(drf7%+oF&1=I7<1yK%p0sF=4!=D27`QvSDVd;287G3BAh4$iQJIY
z&6VlJH3ZxG?xzLuc*%bYjq5X;`MYKzsl_p~-^5U*i#nJ}sp?F#$&7)>EnYAv+lhCa
zH{6vaiIMbCXoYzqKM1B0HzT+B7_&P~hq;a_SEMGjMAR-F6SpLs5M%^{S#8OFNeB5k
zKDnLZ119#+4;F~J7n&kV(oOi7*nZ~d`7SQP^uttI9Ob_)er128#F<v`i^8W$!>lc7
zve`;VBVpgloE90^*tLnJzDby)U1C%nYtE{}T4_!?Nf24~_Ggx&tW;iYV%kvvHX$~N
z7gs5t5cL8@@=X)mc$#8L2(u|9h_Fp66gyzgqc!FvT}}p7{E{B@CCNgNtW|*C+Y>E2
z1=FTIa(-3bLim5_gDe$!60{*umvsN}+lRtT{(E@!=Rba^-5yY*zhUq=Xukf>?k|nn
z?YthQE^{ciOHvxkhLWnc-{76n9yfJ3HaI;aca_2AOcg~Nn9wJHDp(}d%|+l3=8-}k
zQQ?G@t!UGDz%+(i*)8Wsww1#C>tM$Gl|Txb{5Xu|>WY7m<R*TtO><N3PS7ESmLd(N
zz#@TEojvQ!{X)0^IMiT6B)Ehe9=MXZkvrZ_G6f5qM{n%IzfM8B4e-OLo2(>?U&1b-
z6>r9cdGSq*+6)bJi6@2h0x2&o_0;-{2=@JfNXGk^LvG3TP0*bc;*Xi*{WLx;^I@r>
zqz`#PEggRuK8=^8r(_~ffUj6a)UebO4uWwhy{in(V%E;7)&;CsL$}w!nv|_@(vD$o
zS)<GfBS<1fi2#>ux5lQeJB;<`H2$sh*MmTH{thwgnzN_`8!nVbHTsA*bFX5EI^cXk
zJ2<}wPG7^O6k0biHu=*?A@DGkqC+l)3VRUHv<QE;FI8Aki?2kfp<X9<u(e({fYOH9
zb7r@piYs@M0^1Yg@5qtrB{J$9_Ni2qJ|ZE#$Wgegljh#$IY>JxVvT@&F+Pw>(M>SU
zh#6~raOC=OS(z+8iT`=doUCqIE_Jw;Sz3CYsLE4mVcQBu+L9NeahRd3@y(AEx_gK~
zu#taSI@AVv(^X%tBavhW>y2x;Ff^=9&$r}lK}m7j<SbNzU5FVE0o6)OI4_d>CNT?0
zsH;6IY_~G(xh$VD8sjkfHPAfiIxW{JvvLx<q|iGjvk9w0Z7@k)8S~2?nsgUZs>r^<
zh+;-7@&=o*Fje*+)eD>DdPQhsq_!m<0~&wJi6oz-apgOKtZVHFu$0gKp3Q*X^W~z}
zP4csq<Vy>XMY5|yTdYwE3t)FHI!@jARJfRX!^0?Ij!g+n(^(S9tcJcJVLk6RU?MH0
zc+dcD#{b6Y$>RTMUS=&>u?}L_$n3x}D=Vugmd0wu{p{1-C4_q*jpE<iaI<!r8s~p4
z0Id)|C!4ma(p7D+iH2UvxZU>Gk0^1TL)TeE9^r>2;A{#v<6iF8G;lD)e7-YJHab?M
zt#NJ9$vr3aP{kkoMN~%YE4kZVCry$e*LEEV^@^~eGlUY}|K5EGUm)Y=_(G`3tg>4@
zs+5g;-D{12EJ=T4@4Ym#*~l#0v~GX1OFP!2o}2iy4FI-CEe`!!kP30%tKjqBy$P!=
zCx}S?x*St6D)FHx1UgPBlA@NU0*qBvK3GtX(|Tk)?bA{MxKb*4#MP`mO*i4I!OERL
z&@tvzX9AQ*U<{*sT`pI2bY$rT-gAmtGWi{*2m+a73jt^j6TaH05#cCFWUhaYvZ9gq
z!)g};i>^5Fbr&w3+An$;?$a!D+aG=;Ic9)P#0q@Ab<Xph=s~}5YM_-rnG(Faq$7yp
zP=<RIIv}uIYAi&2P50;gkW%|KJ={#}M$IJyo&L3KUyFn#JVRD{{U+N*l$phWUfGmk
zkvFMtv#4<Tu)HlkzsQ~I7K(oq^v6F8^4l`ANq0r%iTA@K8>Z7ui@vsaS@q<U+C#W6
z;f^2FLpIMkoW{DQe+{Aq+km(=wU3K~yC2)bl71(WD%V{P!vz>yB1L_HCC;@dtD3{V
zYBPOAd!kGkwP!jtOnKthnE$vP%;8c*@XeNY0Wim!HM;Fx*L|K_C9QvF5n8R$bEX|A
z@|;Whxq4jZI~0l#9{!y`;gSQ-((61R=t-VIg8|=|oYV~fuQfiK@xQ}TXu;?H{1huz
zyjl=ouJw%J@{5Tw+E{+Y<z`smj0;S7MI@^QyJLpSIyGJvF5d3df<%paG{oYuD%cHb
za779E-y8nkH&_7-gMEKqa8pk>D7Q1YSXB15lcoaJysKRm@bp#TOpijHx6gy!efwqi
z>rXXIRT~Rjkv}vrtx(f}OZ-3P)7lZABVIviobKCS^X!>5U1o9A#xfmlpYUoD=G)?R
z$S>HP)(etA8`+jF4%=9(aXe(*sIvwHp6@ytEZ@Bq@SoG5yA6M24_j+(IB~V1_nlZx
zF>`*&n$T9Jq3H)}>MY~=ebb&`)kAK(B%e7HxHTTbG(<hYx6=Viy*bx0F7)lg@wX|v
zr71^W%8%HJ+gywlX}UOt8+I?Ax5dg6x3Xr!eOqx1Q$WSDJjp1&+3B1niq8h~&WnRZ
zxL{5EbnCu1iDQ57G%SM8xd-ObhZ-eHjU$I>0ZiL$+%7i1v$jm-V0$8!+Y4C--F8m=
zg21LDCGMWBPfDZq=sKPR_MqL?=XBk@XI4aKOdKL6TL@l(RS?h#nX?x^KA(VYpVLA|
z<zdhIInKmHP@~M^@Rj!_7R(k}eP|>0CAC|BY|7^!lYVHy#qGkD{<<vKi8f9(i+C|U
zKO`ZFuN37mrK}aQySE*kSYve$A1j$w9cG>D!^U25g`qxGryseB&mrnhA46BUE&ubE
z?l&15({UJI=8wVOKSB)Z$zian!=8QUAdBOlcmD^fy+z2AVW$(5$}kE8H8L}k*DykV
zTT8F&wh`W+U*UBDpYkQj0t^AimK`9wv<K*-$f_@(XbLo&{QZ*i;0!5>J~wR;++$m!
z$l=U4-#o;acYFHf?LQ}z{)^U~=Ea?U{@dH1es}seT{Wkl|M7PFe49cVI-BKvK7Ic6
z^!ukfS$q2Y`=762TJ6=i)m^<?&o+I34>qjfYW?c3c3aObU&%k5S<m5W<}@^oKgV?4
z#C+f56X||{N!-;fX{syUO{4N7*2yJY;GU;*w-tV$r@Ty-#l?I@tqxDaV7O0TZ#;Wi
zYvy@*jY!XGIq(WE9ay><cY<=KU$(4(GX$6+_(vrgPD~oX>7Pk{lW%>HTyxQXs?!U&
zqL=QRcr!#3)*nB=e|vns{m?UIT&Bj5v~FG#<s#|w1>;${_oSP$a}lLo%hFob9V`|q
z#qykLGq`xrx<pGB8>2?hAYxdMw~SX}SrSY{`pZvmCgJ%Py77na-puK2)6JhwHX;3j
zKmK+4<4%Rn`}bwHtz^UX^Pk6mDxb}}Z@uT1_KG5dA4PT{Qudjl40kmMieh5Hn11Lk
zz7~@8z^Ykk&Xqagx5Ai$yn(0Ii}o9wIIR)^x?6fKJo5}s_eA%@3Biz)$%E3ok^NNe
zu~Z*0HOyvVN0+=&gL9dCa)|tI%m32vvV*h^U_<Feurt~9e91%Z1<bI24?@~a4b3jn
z_}JKErs+L4=7X)MwTQjYeHQZkSonpA(8t#K$#y7j&()7itDP2=qnOXls0@2s7p)|P
zpW-cmI-H02C)sCg9v|2}(<5`uSO{W488f+Hs&Gu`^5qMCB*-N_ZZO5x(F8`9gB=X5
z98B`;hOC4LQM~kb?ns?~DcsK;mu@Xc$UV<UaN&saam!u@F9?)(%@TVhb*Q1%7ieb>
zouS1m-{~PpVj+gnG|*P0%x2M27dL-oH_tAqxrUAX75xv5>f*a=T~`qwXx0&9@r8_5
zG>(pjOg?bKX(=)Gm)rRf6!y+j8lGx~tmDku3A4<j+=UVjlw}8hpN&1LgQ*5ape~wI
z?QBQva*1*{Wn0Lza6?3LA}BN6E1%ss-ViEF;4qJDc_7MS0C5hIXl!9?-`gCcYd*;#
z3JodS;zno(A2`-aPKMd)jY15g(prJ#+3vkBG38PT|L&}vWBT;7n?m}W;w3u0ohjz@
z1GeK&HsE$_Rs*DeyT&+jQqUD#H20x`rpfPk&D));X^R)E`VWmt$<F+ZDN2$?aUjzn
zhyoEI0>~&!OvCFs!f8-xsF(ab`1PEAKj0ST-$-E>0@sk$1m?DoK$VuO1Vfxxsl&2(
zs-hSGouVRd&g1p5>HM-|uc|O{;@)-D5_Qqy=9HeEmyGOx*{YmG7ZaKSY<e86iTO%x
zms$AbMG4@%NqJLm6X7GR6SlCJXD?CL4-QiGG|CM!^=OhO^;XYrNhKGflkFO72#CSh
zORA{VFsA}(DGpn8mj&C}QzJ{NXoW#ZD)-Uq$PzW0Qu)&|Wm~Y5c$C9nNEt)Ejve>|
z9Lj3ZOVDnAcU3$~XRjPpnn<LJc(_o*aL*T-fONK_5_ZZ=zQG*5^qJZRM201=Md!ny
z;pdb9>vD@HQxPgkmfzOgEa=$6rUVbMFlfay^Cnd*GN+7AWrb22q5->E*;k##>*uO+
zK!^7ft+mTwz9G3LCj?!PRtgQJH-iYusRhUoD}&sBS-NW3eXwda4SBS#^5#qjVS!cd
zi45|;v3<farN0fIt8B`wePsg1C~s^Ws9Ol`rEhub%O<SScgb(Mi>P*v55;ak27tDQ
zE(kP`icZI3NO{_CA9%62_)%l>eO_2q>0|R<%zJ1f*^(9N^WPVJ4ID|(=PV#d<1?;D
zHGsl@TQ5ng8f5`;0^KKJmx<kKTV=&yBh{V5Tbwy;Yd9pX9TrNIYpU8#6M&g7z97DC
z23S$PlxH$vY|l9Dn%e#PsBM7$+QwStO|TV+EkaxvNQ&=t)|GY08hfMa22sW5IO$DI
zA+b!CZPe*Amx5#lN<Up_+XIA|qoy{~*<1yG*t=?-b<8`q<g}wzRgJ4I*iiwzQ}nOY
z0EUudBSmea5J^vx#v`B<)E$lH;H}-Mmc<r#u3DhYQw4p6mPx|a`#FD$;`IfSrrT>C
zvftQzKJNPCivL@d)CT12N;(L-u9rftAxQ<SU6y&%W0i0Acy5;?z3SO(>K&D*x*?%|
zd*^k6ZtDPBcclQkX339%Y0NE`%ap1-vP<BFloX^(&sR2bcHac&ST8XLB~xw7S8eY-
zu&Z`9@*x-JRc1X-$yHdF(M@k^-})Y8yTz39s!_?ZFVvU?xE0^W$k=Q2yT$sgW4F`b
zsnIYtq=~zJ5Wj`xq(LhEIu-b~UY3u4GuPgilXcw7Li{4S^Iwnr&fg|n6}Revf|Dv1
zgBF6jh+F*Yu>*!=oxW~qXl`hjXPNd1owK~H42~$1U1Sw#S<{pYFr8f|o){LT`LgyG
z^!ts_iBnrIv&n8E#*EDKOQulTg2nz|%(ezK!<xzVBg^^8s`9~cCodDep-_^4HwN<p
zn(U5K=tU!CNZ?ao4e+#FwA1a)PI<3$hUvo3cr5NA<HW57>SO_Ua*8vPBjS1v9X4-Q
zecu4FlRO&nwMll*bQ857%2YnH>`XF{P<bBS%}j!^JouTWN+}~O!MEI@c4wEh>!>-h
zpl&k)`tNiXqlb$r9=N{=`nBGFW!9T94Jz6q*~(^)UY^gn(%3H%fGtAE3VR@+d+)i+
z(+ABnmz!rUu>gGUHqVSt5qU2_Qtyok2yEjr)ZvdZ?p$n}J|EDe&0q|9M7WX9@K^tU
zT$Ny$^AkMKfuLrSyW7f0nK8J$0((KWBND(0)CS~yK-&bU&tEvXad(1$`E*R9Xn%82
zH0p>(39lqMBa&C^Es|(rxhhAn8$X8bmqNzns)m2tp3~*LX}Eb;z5wx&$$)*HG_6>|
zVW{)`I}~qAvLJyhYvq*|n+yB|N~Gu`E$^>K@UIl?7N?q71iyRU?UO$q@Bv!g2sS9(
zMq)v-?@$WInP?iWH?PHiO_p<|z$}}ijd2_oU^<8w4Jr?JUv$q+bx&{5ooExDt=7mP
zXu4A4ZWg5Ac3s&Ag6CcUKs4%SdNY;dH;M8L#7txT&rwy!1n@(V-4pUR)HJ0$V5YD@
zUxrBij-=($lJLi4U+Xy}XEzznJ{LN2Gp1+tz;8#;y+t%d=Zyw`b4=0r{QpSOJt2gq
zu?o;6vUS;7quQ{`FqPyX%%AK+7=J>`7R)93`ep<5sl<(rcq~PQOGSVV%Y@9T`QVAQ
z?8nKBZVX_r-**szEkW3=$`RYmABK&`j(&XBFDT-%I?dxGpinP1A})0z1FS$P3r7#9
zxCtfspm&H-e7T5!%v3Nr#nwn-Rhq<f7A};0ak%v)%j8rZI0=*3tz>u(o^G<US2SWT
zs%c7As3YJgq#ZH1-Dq)@!6LG2wWz>kacm-~MQK<DOeJZV(SE+14fq<w;S><&<0^^3
z`6W5VAZxIGbQ*~jd1~~C^WF+(QDktIq56$etrf=yU~=JqR9sO-r6!6bBIGQez`5zs
zlK~zT9n^WxL00EVxGX65aQWQU1blmjdU+277Oy3<JM}!inkco5Xch7x0|Pw`^=vQt
zppoMq<bX@G2jLrBD?WacIxHoQ;(r8@eWn(=&R%drUMsm~u`BwKj1XFoomcq?d<Lv@
z)!35tQ~HH}Kb58{n2~Uq2c(w#<_3cefeYetSjK*UWLql8r}mf(IehL0P-7K31rxUN
zQmBOc;o3iBg9-4cK)3F)Kk9HVeJAcdHs@BH99sb_Or;H7oqUJpasO00yc*&_FU`py
zC)KJ`w0!nNcP6bI+fjX>(k+H&8aKn+vwU&}sCmVIp*l#|Fyq#$ZmL!<UVDu|Jm{~w
z)cn>-y{Ly(AFAg|O}Sy3i#D^qe=6eT5x5se0(5^<_0iS&nfi_R!70)9L|^wcm^6i7
zok9Bl{67!)mTh3OUh`Jo#|*o-oB_f*2Yt!cM<JHW{v?E3s~6~`N<}(9oc;^2soir5
zWo~4XWv34fF*P7CAa7!73NtV?H<L6xLx0PP+b|T}`zy3A#JyLNB@2uow&Ox~(;B)M
zy6Ou`r_gTZ_j@0T>%_@qF|!*2vZDJw=SWbad93~zpkF|1VzTD%x9Zay^P5j=ix>la
zU9^p-Zxh-;9zUvnt{P9l5kei!{MEdjoI!8q@An<<^Uih9X6zurkazU$v+c0wbAJRx
z7-0{N?6eg-#_T)v`Sbj~I?UBwX$jV)LV~*0Qq~|!DLYbLu(Vh&btVk_wUm_%fmaKZ
zo0gsLd;kv)2i{|o7e7wmEN|tMoyZcp;^{eocuInpm(*d|;wT46rWtq|TeeHB$az<_
zv?mP#uL;Cln$VKyGJ)1>74R<PSbs{c3sXG%QE$7zp**wJww4B2kl=%e(+SYGSq?tY
zddBj=og$SN8XM`Q&?(%LZ9^!YWOc5#=Y$Rm3%Ur30=aG7<R%>#`-1fGzl<tw8a5R@
z2%J5I^=r&E$W4^w2&RS!)(V?Ax`{^NJc)_k6R02}hJhqJz@hw`Xg9(Ms()DKT}}Gs
zp#r)rkHzxgT?J-`WPUKVY3rnaewmL~^bc*_oWbP|`9x!Y+>egxLJ=0IFsv?WJj%)M
zDawyN(G1?jYkXm7sPju5+$2ni*xb2wkHjKhF(nJhg<#){e<+UwowrO4k3vRmUXF#a
z)m39gkZK<!Uhj@x4WUXdMsK+d+L*Y=4UZ&~|2o=&B?ps&b&2XVNKbK{QthsD?L%_`
z=+31)|GfG(Hm%#djW47P52J_M+PKug>(hpSbzK_@((|;j1^SjYn&t6+d2R5!cUv15
zI(UuRAh4d$hJf@;ZES#EYva!R13aS~vy)+`6Dct`ATS_rVrmLDGBXNgZe(v_Y6=Q8
zHy|(|Z(?c+JUlN<Wo~D5XdpC`Q9Kxv;MfU&Gcz$WGCn>Eb98cLVQmU{ob9{`cobFE
zKYVZ9s_N?Mz0;k2sceKmNMb^O0755_kU$7A1OyaKlXOUsEM@@%GHe3@K>;xV5g{rd
zAR?lJiQ<m9AT#3tGsCE_qoU{-k$3*gsE`!jxwpEr06LC3%lkZEn(nUUF6W$kmftyl
zx0?Fe1`jf#C5RwbNu|5yjn*}_2%)zT!uFDR^~&(T@>k&a&+t~uYGzl?pPy2S5P@^_
z*zCEDWgpE_8xi8yA~f`TxyN1lKYz~|hS116;r@_vxKOWF>EQfnIFBi>tiR*k(2jaI
z|09eyZEkgm`;7*3HA173;r{+g_Z>BV9Jh{#b2`3K<*xKJyj+`)&}cXv`C(0UUHuHS
z^fE#V&(QldwVs-?^ZaRq?u0%<Ib6f=qJKs>6zMrfctO-jdf8w!nJreE-Ou6l4+snj
z4hanlk5D3`qGMwF#r2OLFfd_IVp8&TDXD|gh728+K77Q;>qm`tWn_*So0UC(E+=>V
zguIFQlL~GqoLn>o{U7?nX{ZeygV)PwFWQQC!C4txz8$W#atF~0)Bsmr#mDe!ZV+7C
zh0dcB(6R{~BYSy-$D>rZiqL6+Ll<xndK$(^#}1sX6M4kv^H1}Id>en3KaPg-b^LL@
zn6JaB<Y8f|unXSl<TcKY-b4|9s11LB>d>>~bCOC9^J954`hXlKd(kH_3#=W?u@3D(
z3xO5~u11Twg<K(Ad0jY;w!o_z?jOh7@Cl&qS-c#bLYoQC<)Cf&6!3Kn{T(eQMciW0
z%T%rm=zkr?Iu8A}pgJB2r?8AvZXjF(>S3-~>@$oE5>Bz#d9)a2E<!th#5U2Pi-uXK
z#CG9Vafi4OwW1T`W^y}u7q8%>`Q3aDTBk{X6r*)8_7>VlEW?e!JAEyrqjU55V!Ri9
z&KK)u!Pu`+j$qEGxkBKm3>}8|e9;O#jle6&YM_+f4MWFu<M|}$4<qOn0oMpslQc93
zjuxW*=pY(ITF^QeiSa9c4i)|mJ-6~70?+I4-Q3^NaWWRg0Cqr$zoRn#9LO3u5Nbi_
z8J#Hbgu^I7u^!-Jb4w4nZkVRLF+Fln!WE~ARi_+41qV!xO55ej1=IKtVfq0f^Z<#K
z4)C$jAAZ-(4+kYoD43=k=*k-F9W|?XEL@vB4G!rUT!!meW7$1A=>Z`YfBxkbA5col
zmAkBWMGwEr>KQ%=#D>b$7QRf_0p3W5f?Y=b5)v<ANm$JBDCx+_j_Z*1WXH*lWItP^
zEjH2?S;nKzIug?PiQ1wwfAiN`F&^yyP4ERHgj2|X5?l_cnR}c^OJz|<LWN;^9Ey0O
zwX-7y{#}QXMxKF#<bwq!e~f4PrNW@8wrKc_e)BEvf8KhlE9x!bRM%Fn^x{D7^{#YE
z-|d$_<{My*4JZJOcln9!cGPZcv#$-*+buT`yE7{g2ERb*JaeJLdM?=&JvwM1S|~2o
zEtVGR7t4zc3yq6Si_MEIi>-@o3+=5z=Ywo`CXN!F4*%4YA!&pAf5oLBn-xVz(NC`K
zzI~51Z``+U<9TdX&z=8Y^($;6ADn&j&9k4q@%ram)i=}*^-J}2&`3Yf$zjys(Nu)Q
zG`<)a@fWUKVTvf|Wj#Md){`l+LFT4l&R~#5n@-XRHeQe<9cLq)5n9{8ZDz^>M?`{N
zG)P8+td}(9G3b!Ve|mDl0l8?x0b9{c6Aswvhadeg6x}qf9j0{+n~o<OFhT<py=>Jk
zUw&!W^tS`jsiZqnQUcPGK`V4t;Y*!W^1g+hZ|!h;6n0$}IDgJxh?3LfTrOA0mR<5q
z+)ct1xj?Sss)RDRkz33)3X6p%?tX5waG!jbJ1qQ~d!777e+UyeJrQ|>AWH^4d>Nfw
z5b@`Og%Bx3?=U!xu_zWtb8#e+j}@ZCC|#@+r;m{%4bjGQGK3!@r5lsY*<23E=3RWI
z;1XRrmo!#CRvv3`nO)|oXeyq{74SC*g<_$uK$@&ClBXC-P$~9sbBKqZBg_%!=&JN?
z!)#-<xdAoce@1Q*xr1LMED#rq3v`QhcSw!;#rlQvJi{Vm6SqoOXWoQ1;rqCaWGnxG
zuvy%!yI*o8wHUXXcYzPu!R;WA@sA06#67ylq#ed5%)jEEB+v8D32pip%}2Ob$=m!}
zLgP#X>KlUTKOAkq(No(#{p9qgpR}p(p8nszp5}`?e_O~L`o7dkS~}-|9#b1R05&2a
z8%lIJQL}z2ZnjFCRYpRPDFub<c{|f&TRQx~`oUrH!D2tK6KqRWsBT8aMzZgCj5l7u
zX*fdtP(7w*;_dh#Zc)qC0@W=fU7C*raUxE@0lU;q>Js%AD)=O?9W4esa-a}Y<BCB}
ztY0aue-fN~u+VPA&jq&I+l*^NL!6xCl+XmuZpjK|<Q%ct(>3EdV?7723+LcMvMYXc
zSWQ@K*l)wmhY6$6Xgr!5?HnB<B<PZ)Bz=NhjjC}qSM970(a*dcIB-UWV=%U%PBV^X
zJfx-|T_TQ-5_SCI&V$C|&&+v!R>^N~Q!jvNf5mrxgmrD)&Q)95&D<?BUU+@*;Qa#<
z@GvZc&5cptKeFlR{oAPBRbT#?ybe6Yp|h@$CL?DyOpXYb^qfwf91#(oDI3Bgcqdwk
zSM!dQ&eehKHoiT!&9=6GxNL|B(V@Z+$*hwcQCa=1okzgQodM36?3pW3|8~y$w{v!%
ze+iktv<0N=*yr@9gD4Kx#Z?(9hZ;hSiNJ7zA;CC8KSCa17-2LhNWn2&f4RS5fM1d$
z$vMEke|Z0hcqKkECT^v?(y-FF(qyNegX2V5G!P>(5i_w6D+waOB!q<WVfwhF_|fsV
z#xIUv62CsaHU4~jAgJ8!*vW(jt}6nEe`BXZjE?FTm&RlZjw}flK5g)j)D(ZRCV%&g
z)vIUSH~PrVum3pX)wyLy-OJW`9&<gm`Om*Ddzv4;zkmOtB3EvtdBFXvw;qa)ejzPw
z`VA8bVl6Sv%eL(cXFvwkUH({zgJ>OuhPZ-F51IGN%{KfH+Rrx!Y_P2j)&-eRf3m|G
zOuf6;0aF+J_jAclTS6j2IJ)kM-t~^`z4(zS{z6>Y*=3iJdLCObT6VT<&X>PbA6FOP
zm3Z>XFNImBZoNf)UHzkaT7CVNTTkTVfR4|`<#_uzMwgXhPp~BsJ>!bwZGtEe8#qz=
z#S^&C*)T?#gvU=H5xgl91gx{3e>}q6Vn@m~eIl%BfkfAI79s=4IDVWkgDfJ;iB3d1
zPU7{V6FazI@M;54KirRt=i`M~QIUqBRGi9<<VOla#T=A{v$$M7R~RQwM^nWzu7a-+
z7NB`}9@oe>3Ju~CX*1d+#=}BJ;#56&4sLwc(G&PI{?qTeUKdVX3gAD#e>hN!r~Dcg
zPr*}&%{<qPmP*b1<FbJD5LLYa_2iKwlpiMZ<bx3`qDDF)Mr-dk$$_q58b!HpI!6ho
z_Nv)?yFT8_<X4J60C&C|V!rJV+RE`5@z(d=W}!Zr4pGX5bbZ1t-$C1g_u$8a4uqm@
zt~dbkBrwz_@W>_ze5Umwf7^YgR>uY&kS(&x9F{`^tV9g6c1}3pguvua1CxUVCPD)f
z;E9)BV*Uh{fhtS)N(f)#1EE%CTiBH{g`X-+)h*x`2=hXkf^>j;gZN+oK%w<$p4bpv
z7g8U(46O`W7Q8HES?F%GJH!SejRnHfhM=LNzy$hH$C5S*%z_6Se}Odwu>EppULC$W
z)jjdimA9U_W5LO3pJ7MVO+o5~y?gi0#~X%MZpxkCk~!w>>ry^@<>s9=Vd@vmZ#IG7
zTnGG9{1FZKqt%XDjT<Qb2(^ThP-n;$_yb3AHmf}~#cs25eSpQ9tq(p3{~mns64t9<
zU%I4zjrBr-dR%=Qf8NJI8B+0JoZ70^sVmhc6-dR6cmckfuEB?}1~Wh(WaM%=Gf6AY
zwF*mhs8ugTh@k{UU<1VpmLiZdrnsQvNN0yv#wVGKL8?z%h=u274vn-4X|btPK~y|m
zy&rqt!s9!4?B(ln+Hx+Q+RJ!`e3Rb+^Kr<8mb${QiI@-}f2K@C47yeUlcjoWlu@WC
z@kX=tJqk$}2!ZL1beT_%JkpV3qpN)8B%lzx*Wma!VX5Dw3p~Jp2A~`?9aW(D=q{x5
z#{<Et29hB-A5St)GEK#0xB)L9E3gR`R*xe|sx8$SO_5?65mgSWY3iv{Z+6`x#CCp6
zj(4W+R$FoLf2&Nl!FKRQpq-$^XV4QIg`YgtM{AJ}H8Ig7W0xsea0vxMv9M0qE{GJ3
z0tyBE2_^{RJPR2?7{rz+G{e<TwCe*cNDR|CjZI++X$v_VWYr;?MUun<n`9{n4U~ej
zqZ!KW?Cj7qeB{V87nmSu2yyu(#}vfW#H^2Lh1ZKQe;>qLj?sgEq$=v~1jd-k_Blv(
zvYUK-)=SHtc%i+vVco9w+WB|yYHuHXpmD)tWc8i%{`OJV&D^$!w!W~VtBKq8@B=SC
z($&Nl@1H%376V}Qo>iyvJAel(SnnuTNN_tcJK6=Q&Ab*rPY#FK?1pgxJd(KVFiLug
zrp0H@e_S}yVLbv!T3;N#B)m2J&*40t8QV<}C^H992Wx~f42|pB+lN27@NIPY^4kla
z<c2+Z@4b)G_wKI!qP(}%tsYjtf!AR-{^Ho#v&Z1A(YFw6YY@;UqgZqpyi0^3KyOBS
z0>pN+O<5W7Y-oElgzEq!3Lt?dy<~_Wk|V1hf6)5&Ng&t8VA7E@7dpZ4jsiBZrQ6ae
zHmOPuOAb$tNLG>~lcPq*xx!rGt_YXnigZO4gcXDrL=-3mkp)o&aW!!(!kWUHBAS$@
z$Q4oR<67g+$A$a4`a1bK6o(f_6f4D%HQ_Z8HA+q7lJF%FOOz#%firt$6W8ORw&*m7
ze{)g&XdsU4?TY-l7e3gxwEF(`wzkoSSM592bqRBiZYn-h<auGn|2xm6mMxrBclzo0
zyso8t%iJ$N{QOJy#cL81_r}F_QhfycM$Uq)g3xGJ2w<93ym_T*l}s^BKpPFlb`#2R
zWI-@K;|s=C^#X-3$u5H>#2T_BWPM0$e~91>%07ZwP>%8jWpXzE!Gfob9(}6d!TgCk
zXLhN-$Ahpq<zYT;-@t(%A3y%_z=3;XVnAul*p7!sGkY5f3;9=J8}dWLTtQ|*vXDK<
zh7U_kvH_47XqVM)&URQkM;?KHDPCl&If(S+gHJdazNI0{;XeX9soX$-sWv<xe=k&5
zOsISQ`BM)!H3{3)SJrj4uFl`G{dZjPIy_3lC)77T48A!I{lbg?xNt83<az)gM$U&E
z_XRfF_-1rp?1mov7Znm@9;6F$MD@46cci1U5B@vDfQ<F1tuOww`T(E>K={l<5%Ed!
zlj6zDD`6QQc{MDHp~jq3_x7zjf1jGaYr#i<P~TV2&iQJ|!j9U<4>xUD_|aQ9;BOUw
z5_Y^cbjXr<C7y_&fu|3h{&RBDZ?m#j{i5p5h`>QFJ$Cd=KWaBV{KJ9eyyD6Lc_Uun
zIU19(O(rt3ap13I9RzBTUew!&EYTa_!FA2le+zm^C$cJqUXTqwY&7!Bf5{Gedat0|
zD@)V>lP_aDs2C|&%Cuk$XVF<C3z~-Jp&GOn>2+A*M55>YaS%5ZPvZ)VfZVt{00iAh
zYWew)jy2&`+!Etv?taq32WSqSW>F-PM01DLb6l*t@DncmcdNQ?U3E$@cLkCC7YE|S
z>Qd%2C^ovA<xzfUxGNBHe<+$t*{!k!$_AO#Xd6wX99qS}#@J#}5RAYX;T-L})%k=|
zU^x|Ao9Ng`iV^sM*cOd9s&{YMa<@7Rzi|m;_3|b4Eg`AvH}^KJym!~f@4o+0*KU}9
zBSPc==o~>Y$m1Fq6RsC|In0koj+K6^tN@JBaxN^`q!)NO9GgOefB8@dn5bW{Uo4H3
zMjD0u7#8XTs;JLO2d&d0#<{;!gFOzHK<V(IM*RYLfkI}+Lg@3026r+V_r*5;fNd;b
zi#juQ;-+KAUVCxaj2Y>v%jZsd%6-erv)ew%nK3OXP7*~`#T&MGmQ9_WcFT3stFp%&
zP9OHl_Po_orzWKZe>q1E_Qg$M4#OB<x%x{KQ|oLRqV{T5rX+BLpeOXAfO%1(fz_bF
zP@A{h;4>Azm$L9wStLT0<z5Gec}_3+bNz+>(ok-QFjyMLWea1ZDco#s9yecDPP23A
zKJEeOEawCr67*sS3DOCmxw=5oUl=G3&<){-2t&j)U9vHQf4KN8tzKZ9MT+@yVYY6*
zP-9#})(H2A>vZdkTgZdrgStcHSGw28Yq~#>-|IdjpYxvye-XbX-w5A|2{UhpoC*Rz
zj-)!ss!-c7-xWfF)xUS8(puDNZhluz=f~V{x~|iF&h?;wi}_;6JubQ8ywbs(K)(nl
zB9Rt##7vH$e-~+5!ePM5I<1o9!ygn9Q+(WAulWaw33lC+!_DCq0%TvwE#WqBJ2;6>
zqz5B&LLMJXg86=cpW;b8uSjVq4G$;7`D7^@W#e3u%V!HYqD!K6l<8zTUm%sCGF(9_
z_}N0aSS&T5dc2S<<Qs$q;tI3^uO_Sc)xt`#1-0N!f7}+bncpmI5_b!aiU*{Zqz|Oa
z(kNE@py^BW^{?Vv@GY;ZH(%t7JB!G^ORdaCUj{)niVjv&9OyEOFYr&I!<>L69%V}q
z3RorZOeZx;tKOwA&=>1#^a3jgQj`(>avS{d#g|$|$LC%w#+O3u^MgDzi0Bb9W3kC>
zYcn2}e=#Sae2NXSnaNWK18xiu41--y7dwCBq<QGIfK_SRop(0xYj4kds^R6M+ztw*
zwr`_Q3LuoH^edQmEMUN0U=v2X(3L9$YjwR~Sx<s#T`%|t)%BjZMqTfpF3=rBW@<ry
z6**DhWUx`$F83E=WJMmujS>dS$#NbyQOJ~CfAVzDl-q>aa<NSH<xXL-utaX*nuRbO
z(sL3)yeJ?6lt;%)NYd$%o|k1KG6xeU@05a!R<puK3W})c6e(ICBgYyPvtk~}4JT=Q
zs*o%V(We_m(|R4~)_9KDpO7hL>M|vl<kF9oCmLzZZW=dLnr<vGmvOU+o1Y~Vi^aNP
zf2mYoDwi7OLq5EayMxT<>xD+KQ8!<zk?t@qHZC@=<eJDT(7hG<yA12hoA~YKC(Jkb
zbd9N-9!HOT8xP0nAJdQH>S|SeO?^d$%-PPLqwk9Y1?$E0%ue5hkNrrcIqoyyl5r3U
zggijQ{zE~>-aT<bRiRyvu0}nBHgQ-&f7#vbTqdhGMW_+Z3!<i=pq!%P+YUO%X>^P5
zF24(W!9>>pZY$vl-ik0!zrgT8(pyC#6FdV(0@*D-s>2+L;iGj_Q7Ou}(BWNvzSrtg
zhpFeBI1LN$UiyZYE~=nM=hY4B#zXj>UHBcJJ!}P<WkAjG-|edpqfI_%4P5ngf7WNd
z(^*?tWWSZ?Wbo8+T)Z$)n##dSN_F6&mvO6wd!&tAi?B(0gtJo*%^AQu_a|{Y_0I#r
z7nhS_<7%=3R`PD}!du8D-Cpvja7g!>?)SQ{$$9cMf1VGfo|igaSlDQ=&S%@X*e|;F
zbGM!Edc9qAbXMSxyDoI?<D$FXf2TRPx>a|(@G#`yd8pZy5@;m)JweV8vM0|nIMuQ*
zdCySizL-5j$4pEe93G7N+r>a*|KNe){d4UD2lUTPxPGGbJ%D#swM!j&)Jp4@RQe~6
z&`V#QJZgRITngkn6px|_2lPcWN^1pmZ^fNfFrG&fFTVt$p9nA4Fx${!f74xhOMXOt
zQvT?CNRO~@F9CcE?uP#<{s91GS<sH_7enK=$T=PM0Dqn$?*NgHj*5xv$E6Ln4;=#V
zkPiUtXhi~d@t!*u-o1W7<2o*K<O8$!{o#*~&E7g<-Mu?UyUNv52Nr%*{NR&yl@-|W
z;L>l)XDm`rZ*EuHmMmGhf9e-YapChP@oftyOaim`j0;-#$c}r~?%bi~Ow9fEjW;e%
z$Xni}_<!)^ZHEh%ugP$gslR%8yZV<o<&`(yQ0<<*e9<DD`}`q1e$nEl{jIY;U8sJm
z{#InQW5^?CusxXmXuK;r$QY)#uk`b8w~+RJ(QR>u_3f7DgTwj-e<8^@PPE&Vtaw^b
zy#W4=C1@Qiqf}2Z$tNEw9<XFU>i_~m>y<(VSh*g|d_5DPR!5;CBoFUwzHjHw`<i#Q
zsp>`dz8h}XR`{!@(+}SH>(0(!-+3^-jl2Gh_uhNs_4nTULj6enJS_aFgaOaLcvHzN
za1#Xcc=)W6y?yO<f0ApUxD|<DvBFlcSF{y#SllXz9EUS$*hT`s8$Sxm6~iNHup>MA
z7_8S)wKsLpercGR>}gm#l^4nRLu%44HR%wpL|%I(<3WBll<abd5Cd!m(qwMaAJ)kt
zxZ!L&6&H(%7dnode47^7pDys*?nfh+mRR(JtpGAUA~#{{f1{9bKfA&&F_b)Qw;g+-
z>mUTJvJyeiFbb>}#V8iM#x+JKae5oF$TowFki~4XAdAUnG$HzBHbEdW+8~T&nhbg?
zG6+rNd9&fL)oe1#dWc?<g|`^2zMUwEVHSfA#L#1gUyd-GZ9S7hcQ05D{#`*$_%a}c
zBAW9e5+qSie@y;zfXQl#Hl>+z<w<hBX@-7=JV$OaEir90*&)v9MT1~8m<^Ty?BuMx
zRS1wB28S`&9Bhe0F*t@(ctwbp`s-um7(<LP&NRS0z@pfO0t!mwlKEs|m^{QV#5l~9
zZceu(+cJ;~yEqphN0)b}DN~;%k2B?(b1g1g5xN22f51&41$==pRh*)mD&45RQJ!L$
zVw`TCZYi*p;WDmVt}s_vifs#}JIr@jR-?Q0D-0`)t4*uTt1b8In+?szE#@tj9flpo
z$IOpe4%mKU`@nYD=7BgSnDIcI2I@T;vv|gB%)jr>jdSygQX|z78jvb~W5Jf3l|_7h
z=Y3?Ze^w)bXog?qqZyV81uV53^mjR6DZ-<`ZY)JhsWhlj@O1vf2^!k?XtjIaX9mOy
zS_6U%-B$xzYi`4v2&?{#v)K(<VXTVD47S5p06L`Ae+bK#yk!lJ?cMnI_IKprwzlC<
z-g)dYx_s=;C%ayM^xk`S@4olmN68`XmTx<Df0w%PSPT&ek9Dg~U-<{4Bp~h^pvw<U
zcZCX8Y?SthxCw1Ci-%>-Plt4RK{8nkc@A2<W8m4Vcjj)rV<m+n%$q0CZDs4Z6zX8`
zA(ykj+3KWeIgl5IX>}o*Ru!mE=Ds;lG7%@K@3bE{u>X0{aeqO1$-2%Y^3J;a=N<!j
ze<jg+H_+uoL8#DW3&}<SlE1~lOA_&y#k^oz$w;9STh)<(5?pqP>_OHhbKnd9PntLB
z(P056jr=s_oJu##&ZPjvy&TdSvOZ)<h?NyzwC!#$H6y$fVpunRe7mXxq8@*$ol^L1
zdpkwI<Q<K+XP%&h;)6YSn8|K%Up&0&f7*Ds!-t0t7HjpE-e}nN574ma=-Ni%uy<dA
z=7<7{bs6cV1dl_>aKMx>6`kk|Kqh^%u0XehEa7==gWnkmN!1@ZZxv3_>N0ovU3DtM
zTLxr7V_l&JPKV4d7<Em;^XRbgNvmWP#7QPB8Bw;CY4@3Qw*T0{s_QI(K+<4yf7uFb
z#kLxomNYm-&9Kt6<l&KDWnWj3$1;euzkg|~`+l+i=hQD=Zc)ovZP<V^U48}*>6(QD
zXsHoAQM&grg+6uSGg>XElWxhfda=o6DliqB)|s}OSiRWloA=GPj(<FH^vWt=a-;g!
z3wv8$@#WNF1kE4Ni>|?hCJHoHfAl5_kV{~jEbB969Y+9}KOq?ey+kucSq$Yz$v}_^
z<mxM8u#(xe(**!+H7q}vN@yuY&&f{Cq4Sgbas70Pt{-FxgLP?g1$QU6P}e9g;g;!^
z$?G|P9vg@s4k6Jvfy99a9gIg3!0mdEG)F&AYSb^qcavuP0C7+ZP7`F%e-;MT-o%6O
zBD@$6dQDw?OkI3LIMpeUZvcBobRr&I{E*4|BIwHJz`G6*gIUy+#YIAqOOUK5&vc$)
zb(xf8%#8baBq0|F41ysTHbYl_NFRZ$*vdudXpUH;->%osB$_Eliu_ky=Z<xq6He{D
zcuE*Z{oH==bJJLk=s+V}f1y2Au~x>19c@Oi35OvctRve=U0u2sZy{v)QpIZLOEgvV
z1B=j{Ter{ahxb$Cc)YD`%##f-zkz>)pXGLSxwmhBVF$PHQtQ65lJjIYUGHfS=ii06
zt49yIf+ZVAIJW4S(jIh}>=7h_5syXLw`F2v;Z&rqj3P~XO!W@je~YdA34re9)+zy+
z^f`@w+&C^*Cm1A)A&`Vf10}^UgrrN!1{&M4SZo_3-AJZOw;GCZF;_;4`C?&~wAir3
z@Pr|Rt)`PY#WWmwJDJm!$35M-h<m!r!x!)Fe0Sq+5=(g*0qfTYycqBpSGHgS=*rs&
zucKcA4`_+l04o`6f6!94>19m63^FjQw}F0xPV*Qt%oibB)s8qxH2PqKr5j$`Gzs(q
z6r#3Ic*GWPMN#QWFmZL2WV6ikaxm|d`^ney*U3}(8+Fs<GI<_ez|Ygw%Xjn3<oo&U
z{3hMK@_Km}-orn^@6<gax5}Y1;RVR;4Uh#3PJOT;p7ax9fAs?liV4z8GE^9>qj_(#
zDVJmmS^Dt?muWh!rf}2AjerxT15TK#pKd5HRh#a>i%k#U`*e@t9l8Ui-<UoyT{b1r
z5+_HKSC+@}rRr^X?`ic}_1V+-DYf=Aj>qwQan}c3FXJ{fha1oNtGDBI+CJ^)WGmMQ
zvEO=#+k-yme<5rh1(($6-KHhOI^W<L*K2z{p#M9VUuAKgv>Pq@_CV)aOIygMAY`|X
z3p9#SaIc*nZ=65cC(ifY)akX^6Gx#1`NX%c({)eJZqM-cb}q>q*15u7dp)JQff|es
zsDI@aigsi|LtPeeGX!{(4iUSE{A9Lw$n;*;Y=G@xf67!F&ZKlO8=$OWEoq9@5+!co
z%4N$}w6-+gw@I{rs*XB)Rvq!l7x?I(Kfp&iU_LNJUVAp6#1$xLHVA2PrqGI(5`ks|
zNCZItw%5k4GBLVq4gN^S{1LzqpFgrsgA9QL3+Y0RFq<4e2SlCMlA>|sZt_ysM<=k_
zl`5Q?e|m8#^+<I6b^!0yjQ0qaMMrtpVPvrLei8!SM_%aR(J$5C?sRav=ppvB!Q2jD
zueqgl#q#B%y+a-O!JpOPUwndJJ9`$t!q$2}`J7a;IBY<1E<X`%)03q}y(|Xlz(i3H
zHd^27eEa0vR`uksY1%T9I@;(ozf>ZyPrUTRe~zVvcnkd`pFfUAt1my!KCd2IPqvAO
zj;#w40dwLY1Y>u=(C?k=HFm0#MEk|EPmFrT7EbL`U&5|^>=U$j4e00^wwE3aIBSe6
zHqeM#<HXkRL9O-;;cMd_Ne(o|3<!0`gj)2W&X8~tYKaU<X1OG2D%;`f!2;HEG%ELc
ze~d5Ix64Ae{MjxHq}Kql{CZ(kZq53gJJ+w@wNu@>Yy-OdKOd+Ymfrh_`t{det6%TP
z*|2=s#*NFCZ{S|r($uu&ft5{LrYZ-QJoVe(KDFea5_NRl>CZkpz3wP>*DqUE4{x@{
z2QPmt#DlzS$mQ~vIGX_p&E~awwA3zzf6BuER%F<FU<Fn4j?RwmTq&Kw)d;_Jkn9nL
zWPFjwis-Xm2aoN4^_Bg{)DP58)lbw9Aka1dygyIYbl$AKr~V!fz%jn(bf{dzP`XP&
zLI`dqA<dHgA=`duvw4HGHk?DDw!wUAV35HYPBF!q&LiE=>!>GL=_A$_nHFgie|g^%
zI($IyXLtBl)kB=ULH)E<eOPV4Yw#`iVqJAj=Nk2#`X%<m_S<%!!W(vVEuK6D-;XPC
z6}~?w`wzDktG`y?QGciYI+n=_UC!hVvc361E(Z#RD8dC3L^8SUfDSl>Nz##YEziEf
zC{uAXC++R}X0LGS+e$4jS_-<<e*`=Sq8K#I6|IX1!YffwtGttMMXUWITCE%W*T(8X
zLnHmdQB+i@DI^vc2abJvqo2~}yR>K7{Eq~^68uugOQA1?y%K&TLbum`*#5a4(ubKt
zSv|t;$M#6m1|#otcz_6e3I*EtVcymWZ=A3UKREZ#>LqOb2or2mpHx4|f7^;jt=hhQ
z6}%(bV)|hdwoknoTfX=d`?H5UwyQUVbDN%h_@U>Xd+6b3DQ4<W!+3|f59DL{721Ol
z$6M($J}1EkLbT=`m;R{kTenW*zfS!|IL&M+4Dyr#;HNFvXfm3y$z;s5gd4?XJ8BNx
zU|(wrH-%V?L?0BAN`jo)fBI9^qlG~05oSt#GImJO=~FmS-lz27(+@|-bw9dAKRFWj
zp4x@Ud+*V0ve8(+@P1^pReeou!i{(Y9**yLN61s#KxIEw+i(sJ#vwT8;&0UVzXHs#
z6T9&&yi>hN-KKV`_b^^Se^2*%#)guvJ!2DOVMGTqqI*4K(?eWbe-Bxx4_WU~I@DF_
zQH`#v3EII(fK|XdfFK}=$#os*RSTnq>QxLlSJO)HQvPCVsQ*rDt8sPIhS0UK#wdMg
zP`F<xiHu;11%`A++c)mi9+T8G%W(`H!^gSf<T!s!I40_LgdYs&X7+vhSlc`12n)AP
z2kL%Aj@#kY9<0xMe;^MuY{bFaKE#50{v)+ZJ%<Z$NZtcvgin9CM$j?!uj*Gf&Q!np
z;#2i6>;WR+N_&>?awo*avuxk=K3D%M_pJbT(@hJB?pr+}aymeefYfz*hScrf|JWRo
zY3eaj;2c~Um&_##$x=4w;#`7Dx`DevxIyx8zvMP@R(~8!e<EbMO*Iq`BQAM1E+==8
z8hN`+AMzor!VlP<KaIEH2TpgLKPH^&+QOA}{<SNedtHmC+b-Mjt4M{|6y!3JZD_g3
zB2pmDKTp1`Mbe=x3Z19nN7dpEt2GFF0gc3<9G71|R$4Gd2AaYpn=#Vr$cydC=||Fv
z0+^i3rZ?I4f7rR;CKR|yjIbXzSZG$CqK-V50$DwTyxygSD-wDgy+LaY!d_pkfo1ml
zpWlC=B(5L+wol!`S9`d>fB*6lT7!U?LR9<*7J~y_2H<n4#;3?4ujU`Mkc)XO%x+d+
z#-lYEZ3X?U1O4rfYFvrP=_jw$N32x*TAij={YEjge^uESy+K^-d?emK)DICyP-s8J
z8cG}ydNH2HDgPqh6MK5Cw0Dv|k{sZRyJx_0p6gL??9!KpyCd96X(W$kUgOaRZ+?8m
z19@chhDX%js-NBR`kbOSDqncLedqo|&D$Q?Jo$y%x;LkPijDV>*oY(R-~VfD?5o$M
zw5<DOfAg;SHFXPP`aP{E?;O1IF>0sVAh!+>UI1Sifr?$%g&0tijt|odK_;##z|Z2e
zMTCcj1P1^Z@Uz=!J(E81p#3l-SPm2wfPh+xadIRqI{iG70?0VoWiwy{XD}K}4nEix
zY<EORV6TxR(tslYI>CaoceEdSr$w?iAE3Tpe}rSlmgAU;*4cQN`cNSrr9M#JI$M2r
z_Cw|BYq+>beF0aLkrnDe(xkfacGbN_J$S!53vZ+E`*Hpjyxq4C4=56H$VOMV&PHP-
zO};X9)HEeQ#5yjNAEFCIyzKMjTB4NRYeR=^<U|;#VI~jZhUs#+ak>hwOt*y7iI_gi
ze;O=i<6QAZJWcfA3b9dKf$tKV@fLBr!OBoAE%>nwaY(>hj;QCm=0KKzDT4p-;z0hx
zOA+4Z*^7WqKgc(pbftlGi7eV^LEXmlBva&(lkm=Fy`$N*)W8cOvFTB$zgdujf_U3#
zha76;SuO(L4%Ex0J@Y=2KB{3)w_g#Ef3!z#T;c4IlLdZQKmryxk?7d|w}bO10X+Sc
zK`hsg#EJcM{iJ?+C42}T!e!%Zu3Tu~8-)3OtHf10`m}$<Os1*<e$gZm4`c;7g<{6;
zM?%Qm84E`pKmFqPHFv!C7JdVx&gEUJ)q9(p@8u5rum6Qwju*Gg>RK(F`u!j8e}0ym
z)OD_D`SKN-fBKj&1(}4QTU^n6u+Fy98W!BDbF^Aln>ffnOlu(m1cYLlgd*80LMX<)
zEza623$n6Gz)4z%We??DV1}n2(d>>r=j#g?eGHD;+504@t2JR-!bKdTo>afO<<;^T
zFWvU|TW>vn!$U>%LEw8W7WLd;fBskfo1z@MF8R>bt%qXzf$t!!zSrUXje-LBJUR$9
z%lc;fQrs**9$_;`oL^9cfXt!(LQrTTtf!ri)E=}s$$Uh5_w&f<$p<Y_+M`_>S=|S*
zk-Y(WB;JU}KJws$kEn<7!233AxKA~3{Mn03?rh$vp1;)f8TV$_`%P=sf3D!l)KS&7
zx7X}?>B-d(JCtLa-}sZa9vRJSCEjKCJ}1pTE(w@DBrR(jo?0P=J|b-~^nOG-`b{#U
ztA;D+I`9@1O3vP{p?&wd*fW#9Ji5)YHstxB!(l9o9tZh!uZp?vnaQJ9JTrOKrl7ZY
zPB#Ukagwi2&eio)&xg0Qe|2ZmUHf~L&P(@x`*(&<SPW$Q0eTec^5d2x-8OzX+9m6N
z?;sup%B*b4;=~zR6NlWAZ49uec!I_YK3eTM?Td|&@8J`^ScA3^8fzefgjmzr9cy|e
zjox%oi#4y2y||j;`JpZu{}P0c1WtS0)?UOmPeGG8mh^Z>a+!Slf9dOmRzYN?Xj~1j
zzUve>kd4_>e;?|y1Y~20myMES<?ZG?e;TK?(mSoZn=FPsdcFy5vgr?-I2xW+R&i&A
z%E&7V|J-;EwX4tc)c)xvzOb-Q^&e^Vf3Xwhk4J;h3|C-McECVsfHlM^1rN}p2vLd&
z*GKisOYDIRM^fl#e<#}v2ndOY-V<ZPO=!>y1D>>^P5!!=!$Dz@^kLwX6q@r{J5sD2
zUi{$22}6er?cNCRp^07_76L3E-L#;<;l|Lo{N(^5CUOTUr0}8&@@;!N016F1ObPXi
zqu9c?b>L%;`&?Ty;PIBWB<uN_TP-91h9V^Po7EGi^S}1}e}46HiyEfe1rh)}*z==S
zgmjf^Snr>?Uh%Wnsr+$N244S7{u6Y&xCTw-)_^4A;k*Og&JRS@LJO)B8j)2nqc^#a
zQK=AsTHxIT?+@W!%H53K)Ez_53J&xve-<s|%h2s48V!Z>Cfbib0b`9u8->yEeHdNO
zrK6VxJ9<|4e>oZpbG=K?#i!9}{$cbi5Z(m+Zl~vDJd8)%A4KQrHSQghB*^fFzI+4F
zl79JJ?&ixa;#nB?<I5M}`hGqYO@lrocm#9;JtP7h02+70_YR0O`{^6b*9h;TgJLSG
zgRv2ugZ^Lc5c5zSeZ%=W7_Sp(+a@eWN$`CTu5AUHf3^vo=uKfAyaV8P5zM;<jwx*i
z(KcwepG!rrQ5toJsXn48RDd4FPs8g1cMCC-8RRW;k+<^e`QHh$P%f+$&WWSMlR8Cr
zi|$X-G-<P**Kd{w$c6GfhPj3%hHZvF84FEz(>&8b(_hTLHJ`VPw5+oH$?9(%W}Ro<
zZ%eS1f7*80jrL#L&-f+#mHX}Y`;$X*3~{tNK5`Cm-t0W;e9u4Af0h4*fT;ns0dEC-
z7I<^u8$qE#yMo2wTY^^w|1kuGgoosWtP1(Ys~J<#MDPk)rfNm^Q%&NXoIiZi-yR3!
zQQi8pxm%Yo_}tCjV-DIq;yosC{Za2R561_+f5!qcqUXKGB9b8*XvZ{qo$wyh?D&lL
z*kpeY`+lu%MuYvfd5^8g;P*T4u?_Kl@579k*8@Sxejj>|G4glXyvH1poN?Y`0@stg
z$2=Tod5^)HI&bnGi^$=u^Bzkm%Gu;SHlX3oJ>Fwe>~QDD-eWT=9}(s~wj%!#E4;@x
ze<Y1~U`%yQV{OIk@_MCzNxYJhoSdr6YE&{S>g(!jJ?_c`CAX?1QOTG)S1F{e>XbrH
zou_u5r!-N%s_PKiwa7iMa!z&CY$elO{v931dgi#NHYg?K?yA|II>lY<Q7WpGnub|(
zD@v5o>PmM-m9NcYcU4_xb@gq%PJ10rfA!SXRa93gDT%2=wadL4lvP*3to6V|d3}A&
z@T8<txIV8Tv97wIw!~9bT|3*8SmmkDX3Z!Kl#6c0mHu@ek21?Mw|ahjqVfYMPE^Lt
zZLBG;Qz|NJs%z^#rAk?Cb)}L~>zU^z#Wx3&P=h9+-qXl(&+NdNThU1C7PCC)e|!Jr
zs~6-4ucdOu%oTOATdA*gmwGDQwYMqNWmk?O%LSg=%8EKB{)#%K+*9j;xn|e8tAO<c
z;2qe4ZXhv`bAnP|t+=Zil^R$u=ukbY9wb%)B5*4uK(q`k>&rbpIhB-DSJpst+MvE1
zMh7W-s_H;`QA{LJ@i17a;;yT!e=ezT!+dgSbxA{|r>fpvPw6SEm<x;4pN_~nD3hzp
z>gR*_qv9DQwVs;V>e7Z14;!Ym0vM~9)ll!DG{}8AB)~G4%xx&8l+3TFFRyN>2VyEK
zyc5wGYBf>9unl$4p0bmmRC*}aGE<Pc@`PS<B+xmNs%w=x53B>Ut^iWKf9zi|H6;#)
zt)YUhmo?F`iRPDsVqMjNE<;&EZ52%DVI51WmAdK#rLJMt98XC-y+ZjbtDXzWMj0xp
zt}3mdeAEq><sul)J*#@2hjE~35hI{m3972=VHxVQt8`UrdNe@0r_`0Z=gyU9dAw2s
zGQdjQefX@d0==kJDywTff7fJNsc)?Dl(}J|M2)DvcPrhEU@g$Sw4$tnDw=z4J*XZW
zz@YBZQpUL^I%=TqTA-_8uDe#I6P0@EDrQ$PGG=SG3Z1Bix=Ub?I@-fWPu-O>(II7+
zfC<b!_u2z^`}pYS84bv*n%k&U^ip$~vQz7!|3eCEOAqR(AnCgJf6T)JI_Ifno#t29
zmewgz-F6s7=l0!@qo~<NF_FQ_<azC7mIo|}j@kfgKxHzox}uvf&mHw(F^apU2F%Mn
zYp#dh(0GTD>4Ds{DCO>YrQBTyBYLX($b@QLk9L<T4OOLHf_q4n8F3ni-?yrD)pMy;
zvt^@;<W}ZV?*X>re`{FdF1gJ;8yEvStg4o&s{V6I)n_VjSU{p@ZW$#iCrinmlwYJw
zo|Ij5V@6??k~>)`D4aAkcWl;JB`RYwoJS=nH|7@QOqx=pK#RhR{G#c~q--T4f4VXu
zH-Bt`k~OWMFl+K;c~YU0JFy@yHw&)i=8wsnGB!7VoRSIsfAS|4DS5dQbBkcmqDic)
zcc|Q~$#k%ZS%qVA;4~vMH!rtndV-vtTa*uD0&#^(hEkAGSd=?vN?t~xQZS{kVAA9)
z7-K99o1dGXT?n&eP0Ru&V4yLR3Z@t4j>{=ZfKEklF+naW%ov+BF{5xof&zn00+tIE
z)+7<AgfWz?f2p+d<eZGWJS8)?XmU|uR>nlymP%(_{-lXna`vPt`C~JRawp|0nOVR}
zMrK}?MjNm)CNCp*VuCU@V`9cQ%8qXm+Dv1oM;tQkFfJ=Ut1u%kL77~TH71uHfE;rR
zv&Iy$mLPkOL>?n|%%uFuSvO393((FtMS^@|P8OR2e;CMse`6SBjQxCImyT03sj#S<
zlpAv=XC){Zg}IaIiewi~0&?kkPReE)Fa_jE7cbvSFI^*g?P~3SR<yU5!LeBxc`)E)
zN(Nkz`?Lk^%DSV(Q&UfM+iTpKYh-Rz^PLGyYc(eTDm<<V3|G6x4k0XoWwEHEdAFW`
zO~Y}5f986b`vC2RNTj*m(s>^6fOXWBRM*PY)S1k$sAHB6A+WMqi+M_&doD}{y{Hwj
zR^Th$bD>*ZH<^75O7;cAn%WBJGQYN>9-N8dZh)(`6$`v!xYiq{7zauZ2XvMm=b+JF
z>#3`OC{;1fGq*7j+Sbxo#we+%0<2c)Wu1wyf24l64=U6vv)SOK)%7wUx<o~m8RGiM
z(CLR_*`Ego$r=t)ehdzhdvK8QBXN*?H4gGR`4To#oiAow1EBT*7Wt=OCB=u8<o^z=
zBx~#NFT+Z*X0SgAE6G12R+4+LlJX<5lH3Ou{0OWhe-~C#emGW=dts&C=GzA@K|BX1
zfAMp{CD{v?l%E8b<UZuGyz%FTOmbDV@{=Kx{IfzP*$bJJ9}k)2D<PBeV<3}!O~|DD
zGmuFx%9uKF{3J?tM$V5yM{*D6KLs7hK6Iq~6m%r_Mn}qzLPzp7(UI~~&=FPEK8Df_
zeB|#0KFU7<eB|#3KFSXOJ~9J7eX+woe+D%5zV<E#8stRyO8nl+Rnq*5+bWVOz=Pb8
zSW{k;<aJ|LRL;;CRE=s-BdSFeXf`TG^+-YeQ3;BN?-Y~_uT(gi1uYbm32o|89lUFi
z2f0xtN`R}ms0!LA!chjA3oiu~c8^uZ&OGq#fj;x#vlLp&KVa4&-Ln?KO!HtafBN4f
zRzYh@ha39*b2E;GqdCxTDr$fhCD7K*M)R;9ZpM)Uqg26X4YZjB<5oaB1^QRR>~41N
z%5f&MQR;xAYIxoD9e1yNbt<E<4#ur!v!(!@sc2}Q*4G}PjP=lXt@o}3<-Hy#AC8jX
zRqAa&585X}yK4BZ1#Ud7Z!P0He-Xy;K%eYhqxt0ETZ^k#oZh3d^|1BvfRw7yd}vEo
z<L8kv9cdigX@oZAtY-z>t6_B4v-PABsAWB<2GCLGT_Ke#`RLK1hCVv<UEI(gJztA=
zZOz<p)LUv-YqN|7{e+kNgDm9dx65m<cMs1Ma7SiG_3R4OvPvfF+u&L?f2_biqJ?r+
zz{aa&qxEQi1*55)-Sc?)n$2dZ@~(P<cipws(q_|iOw;ECMprdk{VLYK#%p2P4An4d
zy;sL7yjtL9V`!3=y<^rhDz4P064s9Dp*Fg21ln4oUDIU`vsX>`qIzjb6k9pkx0HR?
zF}g~ikK4<i%&edUG_;b9e^Srx_~cUtM{~WF)W4g?o*AfLq4d{-{%YD!XY7#)y;8%h
zrW9r<VZD9Slrj$LnXb)(yY=j@Hi!H@GbDJexdbR{V54X<na^~foOzvkuVgCOwcZ^0
zc&P28l^V4TOoj=)R)-!}vh~!~TJGgR>Y#VRckq$W&1VwxAPO5<f3pW|><X_``>y`?
zbM2FyMr}>EM%OdCdbF;Gqxno8l|N_(pEZ;*uU+Nk(9>(iQuaybNMPSo5_6zM2^&vq
z<6A$f$8)`&&9_1&Z0=G<afO%C;mkUVywtg2#A@alde)$~FY1xN)t;aV+Shxnp{`F`
zpRM#rthW#7-A`dWf4dpwGV{%Sbxo6o7E9dUv!2x~$|>HpuVmjn{^N(NMLml|G;+GV
z93}RV)c5tJGHLY27HxJa^D;(bsaKQcGCi&BzM@e|Wm?*6&3kK|FM_&RM66&wV=g<B
zyE!Ull+yL8>LrcYed4M%lh22`nf7S9>zm_B`PBVGo_tiwe_jrHG|bJ`=!a9#cb+Td
zaV^>syz4!e^{e;}Z!UMQPA&7ZZsu2d#`RsP>()r0y<8bRJYGNNVO;oTn$Nf@W&NYB
z5f7uf`M$D;4EKD|HmaAFX*QF0MSPjX?7g}dtqoo~@af4sxLa`ziFwc+OwLtaORj;J
z7QNieqk6h~fAn5=jb`5!`I?qe&OE%rzU#a+dYC4Cm!9~1-L-soDT@SEY~6dy>snHk
zdr7YM8va;Ytz%x(7pr@$&1XpzIn3?G9<|;ceMhWe8hsml&i1aD77wXb$=zP{U+Jm7
zo2yw~8>#ok!?JEk<)AD!&m@!&XLO!Pa8`tF1RPn&f9~bNH3e{7A>5e?XJg^&Shg-1
z><+yj#jNp0IHn^`LQ~jS+8BlKNynZJSLoOZJEvz8pnX1!Mf+x<X>5)x7;Q38HVKaD
z*c0Ju9(-qc+tD6l;K~#@r^n+EMWNb!`OvF~*$(YTY0)Sxg6loA_N6M9&FG_SBAgY%
z_&MIYe;F`#E*p>1pTO`DJ<j*isY$MojZS4mN2X(r0gCe28NE6Mz6+q;WG2rH#<NCk
zKI0)9?rXecF$%Pm&?p)M-vux?Z7~k$Dq>QgGZlGTCa`s+{ETJ&>8ul2D~+;A-c_c@
zJ)<OgWvS6Y<v+E1=E;ozJa{RL|01|j#MUMQf5!KX>(iZaYy?WT%%m}e@t48mFp15O
z$=XpVQhDZeYg}QkRT;zNMc0i|K9<dt!6Y*Inw<DX>%BVH(hj+MhH;F)EGDTu)_O9?
zF$>z~c3;u-F_-Z=#w%-WOik}KoyhAY-7$<uy0SOGtXW>2%3!kV%LQGh8yWpQTxcth
zf8qTc(@SPOtDo;(T^~I~Z04eCNaaRmi&?By23zaN-8PcV?02G<@+sXK*5d=Fc=dBq
zH)Vb0>$4+YyC32^w6T11_g%rUOrP?+6i)7zhSoy<o^dtbl?8FFgylK)-F~}o<nE0c
zd(dca+?mkJ*Y-vNnin3&+E!lCuIH+je=TV-t0&j#joq%5Vf(UU4a@sbZx8y=e7BYp
z^+vs=44-Qlu&x`GR5Kh{-HlA<v%5Vpy~bNRsqT~K(V5*W_9t}D<%>l<V`;e3&Cmj!
zt?nAq{O$-PUzHiwuz0V{GM^pSdyxs{uff}vUSDuUHtehaT)hU$HP^t$%e9b0e{cEM
zvh}X<=28_*!W2&?ddICrzPzkQCR74iU9IwpRqxS0I@)k_WmSR7V0JIcOPQ=?q}Ax?
zoHFxQz8cqmzUuUI*Jb~k>Opd!deD`~>t9z7lCN10QvS{LAo&N?gZd)*l3q0R)H-}E
ze^>?eS``-gKUP;#uBt1^|9@Sne^*_pr^4`mv#uofiLn2<x{`d2Z0*0Ht|VWxuGGWP
zzo)Jwe^0&O-&0qT(LY;P>e+SrIqOP2_SUzq^j*>SyQ@oDey$;j|F-IqjQUoWu3g>u
z_f(hU?~$(3OM?I1RVJC~*wtv}-(O{t|BI_k@)cF4o?Q3eS!I&{VU<bwf45bc<bR^d
zr2NaOOfr)J{aN35My)3847mUAs~ySLT=V}_?MS|=cBK5rYDe;S){c5=K>zyMk^E28
zj=pc)e{Jo^=UKlyqFi0^k$*(Rr+1a+=dAe1KdIt#b<XzVDn4?riqH4e9e$1qP5o8l
zyHHQ1L1y#Nv&5h9%vBPTf6Hy~PGYo`GSrmF@M{fR>x;&||CuxPn`P~{^uIte&^7+r
zxFxR3msE1mLB5S8-=vVQTgczd<ZmjuppyR=Oa5vm|Jy>&$C9t^$`HO%$+;HtWee%J
zNWQp8{-To4hm+4T$yt?rnnFG~Gg<hgg`9zgXC{-6KS~llzDPbwe<B~M<j*SkAcg#o
zgS_8D-c!lDcJil1<n(jok1F{+H2?h~a_Zzb;nX5>avVAFyAa`oN`4nY-ciYKRq`8^
z{8}Z)TgcnT!iBe0ax9#@l|tTB$<Y-y;b<s%&7T}m$*U@PMI|q*<Rz87sFD{{^1Mn8
ztK>PAJZmHED`SOrf0eX7^PJG8l4lOh6rOpGJhOy9^s89m&`j55a>&L1DwaI0lBZh8
zL6tnIk^?GvLM8i4$>V0S@3B~6UnzNPuU&X7mh82YJwWuHi)6P-9#zRMmF%>W9V&U`
zVYBc^3VGN}9x5fR(4@76Y*)#)2aUoul{{!9TOSA#ww96yf3{eK2ZG2JE4g1Ln^m%@
z#UyM}NsEazL#O5za^FU?a9@A2(M;~WNH(m0PS~K5_3LH|>z^a*m+<TEi51q(B<o!K
zJ+b6&m8@NpD6Cb<nnZFJuz6PoS-r|2tagx92GRr<no7w^kkrapvcg7wsgmW(Y{GJt
zEVGfNDp{hEf5j?sUH-+QMZzysvS<;xvy?0>ataG$$pV!$s^ktcnQtWXWYVCL`irFQ
zBB{MdZof!sR8p;yDwWKQB)6$#jxAG|GnrJVq<j&X4JTzP@u;L!B_%4Er4sjWQhbrz
zVk9$Fa+6ACsAT#yS(tv2Oq0ot{z1ZxDP*cjrohZoe=<ptlT5}|VR9fTbdVdy`w2Iw
zq`*KXsU&}*RmfM#L@UWt$ppAFK_%mJt-^Rek{f0ca;+rCM8>HkyM<)6kg+Nm!wnL~
zTqK##k&Fq%rIOJq8Fjr~808?>kF*Ha+sVigCSj!OvW1K=k>M&ySIMxU4q@0uGIWSl
z80sKHf6@%X5GzSDkip?3)kIRRGYBavxz0e6lMF(#i6j|F;vl_{XeER6Bq4<i91trE
zEF}Zt?ZSXq5^pE{<6?#W86+;2^ounJ{VXKbKw?x9t&%7Ui3C0)?L;Xh5f@1~un=BK
z!b~I-Bp9lakc%WZlLWy@kV*neNdQPHKqdarVaY#;I91|MiJwaB(7>(|8}Mq&B-Ta5
zQcBD!F&X^@lS+)x+UQRVDv_;3uM!EGNh;Afh*(N^xXFVCI0;-OD&gRq8$_^`AeG=Y
zT)N_JJn;X*ANo%d@V$Rw{~sly9(|KxrxO`8I3O?}Z(?c+F*Z0fHVS2KWN%_>3JNqi
zlL6HylSY7vCO053AW{lGJ_==SWN%_>3JNtaATS_rVrmLJJTFXTZfA68AT}_Ukz)ZN
zlNNywf5anMmi!n?UgV*8@&Opy4pIyV<Awh|ed~7OD2o|gnyTX5s&*CI!|u>`bMb8&
znq!#rbJw?1xDEHI3Hd2px;|4nZ@XqrPx8OH)?-%0+~eamhwGs~56fj%e2?#L^YqAH
z*6nZ#pR(fX)P||+FZs)l?J+(d@8kF@Tth$Se`U5><!v~}I-l$DOMMN6WW65R__~`P
zuQBBr@bMT!uH{(~r5W0A8|x-ab$<!jvMg8ma=%|?p>O|tw{T23otvNa6hl=EElayt
zMXg2qJ+u*hT?=qj)fw&&70U7mc|g(t;Ua`OAe(dUz2^miHspmo1XH0cR)K~@(Mp(2
zXpkza;-gj(;z|xAAOr~SmlJHNRFQUS!BIh{R;FXcp@`_TR%vZZ8?pbno6YXtE8Ur7
zcK`eR=luWoKh8Nfle@RhJw5M8xNXFrCmgx`SE~=^)osmvBJ+!}f4t`+J5{*qH!YJc
z9=KzBTjTF99caAsn&^wWUTK_ra$?=-^Z(kt{ltP%-)lNM8h=(-HXVCv;`zqNjjP6g
zcD}Ld(XKv|Z+a}+d)AfEOF5Tc{B+&fW2LdPZIAxEEC0imu2ubKtr|V?^O2vk%M<b%
z&Q*@UkIPRiXsbinfR?V>fwNX+9Bb(+cx`2@;oKii_WtC7oqfm8{Kxz4L!*<we@CqL
z{+EWWT=wrrZg5_HV%7_#S+g^Sd^~K$>Gr8-@zbXZFP6-hdFgAX9w~6;>n+bObcWrz
zXj<d6$jQGw^g!3Vk9T}?VRLg=A9nXSU4LoPyS-a$tq;$Oi<>_fu<86$3s(Pb-l=D%
zzx&|5S^AUA;#=M*dHllg>n|+%=y+Q$|6<Vl$ET0Yh&)q!|9_q=7<c%EhPBHYH(h9a
z6Q9eJe`WK1mmYZM`RIy!GS2;aS}W}9ee|!VroY<yU-!4m$Mm1`&%u1oJC7cl6d7Kz
z_~hBTr;B+zCTI>&OvLQ<FT=3d&eh|9b-cN{KMZxa#R##46y6WV&zzFjdk<ZEr^HKw
zg}CEd4vHNrEL*r1x0R(hw{8s;Rn#qQD66Tjjx1T$P#3XW^SJn`P|?kGbC)iuu3KD#
zLkCjc4x~JDVog)5j#Inyug^<-Jujs;W63&k(e&rCjcR)Ru#S^&AB9-U?g6p>Z};<j
zJMzw-&`7@>=E+6rs=)`wu*3snI!{lAfqnB>PeBV|CvEZSSr0FVhjUn<qB-e&t{g@|
zFMM8pH`}^TCCpMRzzq*@!-L%LI5*7?&m1|BC&&>>$XLdgL(u0Du~F?m%kdP`+~cg{
z#r94#gD1?0?b!8}<N;=QfEgZShW9X2SqrPj=J5nGO4`XN@i;U6*1(#6-XO*z9W8(%
zok!NdM(8DyoZPn-UQs;2i3o5af}9AClg<kO^YRCZ1Swn)shcK&$BO>xa9G>V)Afva
zvlxxIZUig>=pjV^vH;e~V6KP&BO=I%=wW2*NXQ<Rn;?Wsm2CYYPRM5yVMBHxQzYr!
zGzq3aFPUT|G#Qr404Xv+iVTt><B9UonHhz7GQo*rH2H`mX^QAuvHB~q98W(jUnJ|u
z|FQ{<Nzn7Ul!0840cNmk#J^5E`Pe1d!_59l_#}Tok{PD-mNhU$AN>&=4)UQ$=c;OW
z5_+j5AH_A$krm)W=@aXqU_P}NH&tC!VOxyG-#M1(e&<@)zPzi<!e-^Y<Cg5cip{QD
zCN1U3u$d|Bd<GcOU#^GTzNWcZ%GQ5b2PIi?bX84#-SS9vO}(WY{p}{G%C)_oWVwd%
zD$DgKvs|Xzn&7UhC`~SK3@25V<9TMeUU)6no7-}2qdP@+J_Qr5Hh`WOgVDVl5l1%1
zAbd4sFNelK^Ph&ItATQDFF7qcZWgw8&pHy<9J~JiX~zAw<9^#-epoh-YhGRtS-QL#
zGWGCg2xWU0i)JpWZ?Gtd=azo18OH0y&F~#9H5BXjo1r+9*<l>@)}lF!A~hxguKqwn
zrEbu$Fw+rXG&1$tk_~w6`VBBXi!vU@Xrx}evH_;)XE(s4ELXaI&Br&w4Z3_IxPzG~
zm{h%UEpU(idJDXk<p>!@TT?IYX@%LEw8HH;qwt$LcN0w4e{Y3S{l+FJ80ooLG$&H?
z6ZF|jm7*JKR`d{{?>z*0`teOLhj8w9+e9Iu>d~CCadf%PY=UfEuo(t{(>Y-?9EEHW
zW|(@8WfO_Mx}1fjzNsAw^|f2T8CYFZfAb8r;HKHUr1}T?wk=SZ;}}jnoW(rWT_Lr#
z560?ITfp^c4A=@YGZ}J>li<(-t51a;GeM<3ycNEoZ`+RHeswDpXD~@I65S|_Ujmb_
zSF{0dZiBvq2n(xj1gBCzy9Xydy9LJS{yWgE;oE@g!w2A+Ozz<SDB{+`!3nwRgk9aX
z3n%Qi4N)hy;as+BQo_cBvN?@A?AepAmu<&Eu581}Y#Yrn5ZuOu?H+TwO)l609P3!&
zFbuDAZy<(@&=mLj8pE=5?{*MFsqJ9cxw0`cY~+wxf{3s_-iB1K-2uz>ONh!LCLG+6
z2z3QP132^8x?4ZC6E9N|rk3Mb7SBz`VaBpCx@afN*EjD%<B#oxK7$;=afo<)92K7h
zAzYJP2<}2$F2#6YRH%uH%^h^XMcO>7ZqdKkjR@CujU5UjhE7sMFp9y~um@)7r+34(
zx^_=D<%8oWtQUkPKsB1~MWbC};%<bNjkCEHvxP~RAL@a7(U>!Pfe)o|4iz=**e*Jb
zUmoPKGhc7n2f~YM1``TRrVLxRLQIe6o?D~!`2B_=DooTdo0Uaf^PAgx<USa!`|pQQ
z`mO!l77vQEEYalz$zyaYj-Xc_0G@4Q31hghFc>q1!MTX%n+Lh>V0@H5gKZNqio`ki
z8zUUI>Ei>~jE@`8Z3m(6V8>%x*oI>?sT;KMAY7+In_;ki`5An7`5>&*UmODblh+~0
zLDfBnzy(*ocL+w}rz?lxjA_hg4nu(@LZs(~Mly$4wU#Hth9PZN4}BKKL~Ui32lKL)
zCayY!VS7oH5n?N|6-<|L$HvtwRYr+po1Ipwj1b)C<2sNoQ?9_(fJ9N6GO??$ANhdh
z5RopUHc`Qex#_iOy40rTk&fvy{MvyOnVFxU)l&IA#tbt1XrHn&JA+giC7d`u9LlKK
z1^93dH6G(D=`fEn8lWHdo4BI+fYPHYO&MVUU16K0GF?|VW+UR0F|+3<WMQf`LST;g
zfr<pImeg!8(g&1|?W3O($uP_Ic0gfN`r}H8B0-N79?kp%E7zQs(kH`Q4C3&>5Wp#O
zS|DUhikFm7$4>_qgc5qt^H4aBn;l2`Y)mSD`cj7Y<3}JnN`0}%0#J^R34)IaHCv$6
zVNoVjK<1(yKAek@^07@&)?JO!o@7Fy43wygt6X3}&iy$@aG@|qrZfXl=Fc0%`Krv+
zkBj{HNF%7~&n3cy9Vlg#nT>AR#7ww&L%=VS{xl%C8DLSrGMB_0MbidEnc1@YWcF9c
zaJdcOlsPx0=?W&y5yrftiCQLt;mm#@C&V9P!5wpYG_RyCXUac`beK6zrQxK*&Hgq;
zhWtxM(sUupT#ENrQh`Q>z1b&Ij`}K@x!sa72_d*h_$w1-xavg%Kxz9b0t-%<b5iPn
zMkamCpiBkZgzbEV3|F)6@uEG8mM#1ljAsEF?4&M@cfKV3h_lUcGu=Sf^(QdmxW9#C
z{ktOAhFwMcJ%%ux#y<&j{7HxwV;u)@m|Z>@wpZ-9-ul&(NEF*@YO`pFEL!s8nn(!G
z(BECMvIb8IqNu8_&YTjEKyyRwhNZQ2_z5TUK9yOwSjD9kszgvRl`6+}amWf)J{7Ck
z5v;;hqO5dEC<$47HH^85S5{YDdPhz5UG>ZFwu(qad0A-*W{s$rYKziRDND-mexS|D
hD{v!L#?0O8`i4c3h82;T+7QK;q@lvX^4S%k{{gkQQDFc8

delta 38274
zcmV)LK)JvA_6COZ29QaAy;@6;<hBvM&#&mSfu8V931|qI?w$_do0A1{Fmg)l07f=I
zeDU8;y+{^CN!@D%#$vQhsYKR`Up*-EZco3x{r6<xU$X9$XLtJbr?<a-clwXqHK$+y
z^>+R876XuGGr#B4mw%rA^spyuPhWoi@nY<94j1DVe=**K#a&E)T+T2^cqcFR!Z*F#
zp7_CRK4^HwXLRRg?nwMex9`i}zkL7p`Q`106(7#IJw|Am2fl6%%w#Q&aenKTGhF==
zFE$8o=L9U-xFlIoXwm|*G|nnH5TGb_TJvRvFF%_dzU*v2DrYR}k;?29wLmP81onoP
zh}@BaKn!L#6{?$m=E(|InxB7seKYXiZ}R9be||HkvxUcBPd23YnFs$q{dLebSv^Gy
zG$fQeIajQ1QGzpBHUR&w3==-d^fRD@({hFzGZK7&QqOE^`1>>@>H~h<;To*5I4fF$
z#e{1B$<c$%2bczLWYh*t3FPyhm)Jakz{%P7sW5Jtaj->yB>TezSJv%)IZv>JWj}b(
zuSg7pi!(q0movN+oZYj&%Mlf|v7U42QT=+bhNr)73An&GUtA#P<%jeJJ+u!S$YreE
zvbW}7$KH<YJ-tUBY}q?F506JVE-o%#eyNhbJ8N@-|9y5b!2dB#$!VX7Sv<zWlD)^k
z)i31|P&-k7{HBV<ECJuRRwO~b2SI*$1MVHn?N49dV$AZp3bH|JGbo}G)98Ra%=SH1
zavmL#rwBJIIgO6UgNJ=o$!T;%4%|+SoJI%a9$dc7&Z8sp=+x{yIwE&TDUwG=<OaR5
zlGEsb+~vkO{yreJ(~OQR#5~$159lB7=q)q=>K$5t>mtZsh<UV69V3Efq2^IXtq~Nh
z90Ph%*-#R$CV@GBVT?<-3t;n~X`8^$gqQ64kOShDKY==LfsF_P4p2w1VF6DqPUbn{
z(2xPi;ngGbT@@5D<jfLk0D>aj;g<y~Y2ZE>76F&abiPnK0(uCaxz55wu;T&a0Q)$s
zxf{TL>WxET7CNE;zHf^)<*u!~AbIG4J9E^S%Th?97ISxIH&C>}U!Qw8F3R*_#PJ8L
z=nc(}5w0w1wL<Nk^j6iefzx`01Dwt?hh^>DYs&)&BdBdKi$M$}_n1Jq8{3Z*3EFau
z!@imX0umc-h(}oz%=Y$<@6KdFwvu1;3zE`*@N=<|tjj9}n1eh~n@3cZFPfB{X~h+d
zy?@a!U)nd$4BGP!H9`z{SG|(C64{%y<W=liJ%!#t)iq5hsX$XbEH~&~G$X1inh^sO
zYu#N?mJn?RrC)26o#$pq<)nonADV@F#oEVSlEu(wOiK<0+Hji`5SwXs$_#<|P+)F<
z$fHef7L(!H&+6{XR0YWg>`5{-B#^-aZlE3+ke0xdI-$IYk_!)HqjLdXAj;+EomiY#
zH)z(fC0HVpxq3+=C){Tz$e6JTR;a9%DidPSXL?t!iqi{|QhEdq56%eZ=eGWlGGO=L
z;P2B<v<ZXozuFLk&chra%Jn*@$mDK+lAp2C7z0;vi=`>K`jO;N-^|4e(o){MNkvqY
z4dsiZ{*FquKxC|Sv8U@Jr7Z40ctS5gz>Hg4Ifpl_6|M1=7l(C|-0;^YP9L(yTv1i7
z%!|HV<G4AHNWNdWSj;`f1#ru#41BcSgu!5yVzfF7tF9sHwQ31raeD?dmb~tNZ<HzA
z#QyAU9}Ag!uUhvG@~*9!H@3u`%#+bP)j!Dg{&NvaD~}gzidPZ|`;*g-Qu%`T`#y)+
zSmq6t#wj}}8`Nhp|NZr+)6d^+Yd2y3*xAG9YL8)VEChINKWF$o%--^i2#Mi1`;W5e
z$f^0l?v7e>lYjV!Xkiq&klBZSN+x#{hec(FmHvVFLc7O5_)U+ogYFc_!aeg)IVx|O
zNBO@Z0vL~RLIE&46W?jfLq^tkBH*LlOtd}JcCg_ecE<VZ1ri>Jg~8OSvOEG0>$?Rl
zA8Qsk=##J=Ri9*K^XUC6-UMVY!<IMAJG-0lCXPXt>j&0FssT%OXI!d(uRH<$t(ilu
z$Ww8smjffPmAi<+PsxVC0)R-~Lo;PS7xl<XCg*B6-R-uSgt)T7{L_8IKRK9ke0Z?;
zZMw9najC>veqRYlDTPGEhh84{6Wrfw&MEefnsW(#bH6!9uHiB~-oV!2RyOzsr|^Ev
z1eDs0R1z;ma>fBl&0W!d_<o9j)hK2!K1k^?`b5czG$XHY;WQK0s^GPmr(hlhSutd4
zDx9k%!s(1bum5VQlA2JM?L0AwGo`WIOmb6B41S=(K+#e|hc0CuGM+<=1Yc}e6Xw(*
zxbm@eI|E-Zz1qq~!oB|~MbYO5g$oVO?yWcSBsKGp#SX2OsJ23XTuRsF)?8>~SG-Rq
zPuSZubFhf^*zyd$QJ_i*>u&#Dy7IoY`ybd&26qy)sEzw_EWrmJAhAV*7zU;GI(7Y%
z1juqKKnE3k*iofRJVSTJv2g&iOai(>BIhPiFUpguLy>l*!b7_7Eaeme=W1N=WJ+8|
zf;xBX=$rOCEGRaAN+EHpmlOV>6nxdS3#60^OET`eq|A3H!Q{jv1lf~<MD>)zS4^N<
zzJtk)@{3A4D(~R${tPz!WQRgUrwpwcR=i1Oc)ZQhG=vDs!F2*+Tl(hHc0lhZjd27y
zQ~7GJT1&b>3VIUGd~!pG4AKv+rYq`gDekwG<-u}`#bdjFM!;Xn;ilBGO32cqajHh8
z;9&b)OO=c@j^>qL#;SEC59U*%^CX}m&++K#*b08V|1`Us)j#irr*;T#D07M(T8c3E
ze2J=uDZ@%B(r`*G*3qn`dDCp9^9U6mRMa6&;%Tb{A)_tQ%(4o<bhuYCm$J7@L&I@*
zv@QWG+u~1u!j^)g1_P<N>7k}>1x5tl!!wj{^MJX>4JJ&CdK}sHir0-(JeIWGrJB_;
zrZbI{xyRmY$IUNCFP{>c!gJ4kWfDgEFi`}+248FjTNSUhhf=Igxrp}_h_^Piwd?TU
z@3pzdDoo7-TR*P1MO>{xmHuuwid5(zB(Gt)JJsiZXnQ=zWQS6X_HGw=@2ef?uD#x#
z*~v}Q&^8`9?Y=>1{Vn+p;aH3??i96vpwla{&iOR95R=lyRmX%45IdgTt$`NGm=~&~
zC$rjhAMX+Zb(;6O7uMrJv4dpcWv$sO&k3+)N~o>-hxUNb*T$6wqFo0;Cw7~h_!}<=
zJJw2nCL2n+NZ`7^Jw&`12UEgMqkrV%{bwz{#_h9BEKcsTq+IfhZx(Oh1n|f{!V~j^
zVb2KnykUHxV+vjQHg{wINvji<4S)TAin(I=!b$P5klu{l?L8l4v{<)Jgv-NIMPbm*
zYBAR@X5|1maq0>o13!~OAH?|TALUy!B4q-94vX!{gt;a?GNox7IUfpA$?{7xzl5E2
z%bx@E^Wj^S4W^<Oq_;Rxz?T(X5!=Q=?6zu|h=jn?O}W`m{OrRb+df8XpB8aRMF=*L
z=FErG{8!FmQ1dss4j&fUZgwAsFcm(id?#nf%~huU0A!t&Zgl<B3I|QU9Q#J|%9$yD
zRoh~dI#olW7`Qm!;NG{K8Vg~aE2LTjscc1;F`<i8$2r|9R|hcVqi8j$6vlz`ngRqx
z2u#2kb%s`S$t_#v%^b9<sgz~L(~PAI)yER99f}C+eYyWFQIag|HqOyrPJz{V%qp>C
z{K2Dj-;QA^Z%oZpwVzO7w-pIRB(6n&YyofQbe>8DgD&F3x<5c`b_Ivzqq^i64tPS(
zBQI}zpR3Dv2fu!$CbK$<ma10ILkZp5cctg`#CRr+t?$lR^0)bllqlRAuwy&ts0H2Y
zl_Vzkq~++7Eh}xV!p^ZP=q;yCaa1lS{jq!Xh}v}5Ch2@f3Bw;7?0U`lk93=VLo3gR
zU9t6+yXyAb>l;}Y_^R;dmwmu*f|@~wwnJ%5ZXwn0a=s@`)Tgc%)zM3JBRBM<SQS@Y
z_tw5ATd90GP?1|nRNPImqrafw$G;z%^LSP^3f?sYeYaCcuCALVmT4ZTYgm;u{c!pp
z^pbz<3T19&b98cLVQmU!Ze(whP(B2ceG3Q#GcYqXlZgvIf2~_dtL(ZF-k)F5>p-7q
z@&t{c$3S*T4rCFs$^;=Vkhgh%KT-`+l_a};Zo=jEY1^_?<5z>!=F^^j`S{Pt#DAl8
zr)hDgpa1sp$6uZPO?S=d=YM?MzCMN!hfZesoK9bVJ^lLSPS&2j{{E*+xUR#+KGw6l
zm=QjMajUzye=A<tVYL@`U&r!zT6wGuYq)rqzPd5qwfFTLF8Io{p6B#_8Ui!oBKR;3
z#$`-;BTji9)8IIjd}?nvqg&GbxaP=TgCAk&6zRFbqHt{!ZFXM$#m0$;IF9&$wP4=h
zUg@z<AGi1iM&UBZSrA<CoejF+F?}s8){6pb{)&Usf4cOT<Vhlc!2#9@>%^jj3GueS
znXvx(>$e}zuaDpL)H^OirCj4db2L}dM7%z`n&B+o^r*0ebO_U6*#i?<XK<0`n0T0A
zk6te(LoXmps0G0(t`3rq605nj#I2i_KD#qa`b@?OMqzI2ITH6YPd~dkE^X3!HcsDY
z)D;o1f6Bl$(7J&n93yVTA!A}5-V*oG7l2LBEpq5R3;>p4x_5Sy?nn_>5<+4BFF$>l
z=+VE>gWvz=!<^1GKK$wA2KPDR#lKE}XhetxGn-Fe$<RHrYl4cRMmi*j*LP|799t6D
zW~T&3JrexQzM}fAmL%AoaLq=1Ebu^5cT=$Ie|fn8LTm$sdB)Z5WR~P_Was8?Up_>u
z*`EP@N;w7CF<Asy4cS-LEZUFqDnvA7h(Pz;!7G0WJ}qMhUI)cdlaJy^Yr(a-yhD#M
zX{$1ZCx~0D9R(sB;+}<VUp*K*(-;Y3k<m%S6Ve?-35gzBQb`szy^C%Efk2=PvN^5|
ze^7yx-Rf%40-5>;m`O5tzjO@%b?pjN2?&LSP!%v^?KiKuMm8`Xl1U@{kgsosEl-vQ
z{~zgpvcP@a4d!#H!SI*~_F~l*?piy44&B9&4Uj>&B|#+aJGdcd*aMCP4V%DW!~E&`
zJO|_3;Dp+g0SX-?Y6OXuyxW^Fsg3xKe^FDVNjutP6pFeSSqVXScnLz3Nul>}pzc_u
z2$*P*rleuZhSTk5N&D92$0+Yg(v5+(iK0v^P)@)M$bnE}SkF@@Np!dDM>4xS9y$?(
zzX{qAfZ0M+@}gh_=}`&IJJ;_jvHOx2fU@O;s1j#C``J%pry|QnrUa(B%y1@de=3l=
z8TVoF9rs<PXfNCDJJ=ZVdmQvVQb4|BgES|~7B<OeZIUwCuG3UD$+IgqY2O-8Kh{a)
zXppFc4rvXc0;OVXXp$Xkd#%>V*kxacFBn~r`h9;kV@wS@(Sk%Jpa`-lou6<P|HxxI
zxr~r}@mhVmDnPO!COK_aSGEr8e|-t5;NI%Oa>Ar4pHk*o1u;1^NX?`RQyJH8NS8}N
zkjeI3>JK1H<wXb7IV>)IR-RN;g7UX(twMphHbbh887MSgGRgENXkep7koAW6i-5Ew
zaZ){2Viy!x_k!@U`s}CoDS>)6eF!g0f;v6x`jpVVE5)&5ykkK-@xA1Le@DS(U!T+T
z8R|q_0nXILo63Vl@=WCrHDpQ$LOQPKjmSG_D#AeEZO%<l9HsmaS-e`UpMbFnvkhkR
z!u+Mw=@ml)KywCBNW@7Cc2ugpMk**RE*aE*MVU)@>TFd8wXe<5H9fbj*rIGnnP8`=
zoO-fBS*Qpy)|giLxM+5ve-uUgfpJkfZI(yw*|0wfSIo$G&~Y|1sH4rXws%t89F<E^
z659$1ta9Wi;I7iweYJ)<f=YiWxrvHfZF^@wX?_z6dy%b<$}QvzOw#F757L`Jy`AbZ
z*t>%D(h&OfO?Xg#R}`i2n<MXiEs5E&SiY}4@0+fZL<~ZnDMKfTe@7JrI`*TSi{`6P
zsD%5jtFT{Es6wUZ331Wv?9_yLl(A4-6-$s^`OK^!jw3Q4OHNI4A08X5f;+eYc_S@%
zEk#wgm@O8oyj`&*L)5-v?c6l6deR!Du)f);v#(te!s6TZ$W)533=2@9sHWk;hC;8@
zd9w+kirq>RHD-u}f4y*Rax5<m*0-znOI$J$(XBJ3%h)L;LTNG<1_W}ceTa?XS!-xo
zntn!jIxnjbu{}^hXG3BPDHL0b&E8=AI?H6A?RQsKRW8X}UhjzMmPo>ii!-7uIW<#z
zUT+IFQRM8X{C_BNjMtTC+4p;+&M~x|geDHkEkxNyDB9HUe>5GkJeRwBk}DxJP{2YP
zDWrbY+_>rHMjl%SH|TJSN~zw9OZ1Zw7Y%&Nin*39N->P#?CxW!mpY*un=p~5Nu)vC
zM?K({VQJbD!Xh)nRcsOpQDsHbCCysybcJp?C6nRqaOcVA>Be4;z!Jyo{0Q>)T)HGa
z*;aF5b*@oUe<hi6gSC@#$~4}GcO|MBW9lSy6><Va#Y1WtpuMEk2hjYuuX#T-9gL&0
zN8-tH69qEiB?0&e;8^CfBIklQydffuk=c6$1$mEg8@*&-IfS$m^zcjB;%u{Qb#W+K
zG~3yAIV^3TH^lN*b&d$)Y2Lj{i{B1q)iHf*8y6y`e{vk$3J7Ce(*p!GU95I%hcqF&
zNj1hP3F+3JsG{(x$d#*o%dtM<&{WDqkK1TIbow1CTy*wrHetl(4Omf6siLp0NGW{0
zQKA`|eub!Q&~I=eA+(YsR$WC=<rG|_`8c*z-4(ROwpQLvJeq=5#U0tLXaJDt7)4$z
z3IWyrf7#8uoMK<aVO=qNI%}sf{`Hd^Li{_7^XQ}!{78P}Pc|U9K9gbxDzW0n%NlD9
z9AAor4(uQn&1TM{?O?|!F8GFT-gouy!`yb0r(7}?{<7LzOE+Dl+1iIOd3Je*%$3$+
zFTIrtg+n;F`vKMguv)MYA8%_-boru@Eft7kf7h#+6t+*a0k{1@l6_fJyrlw&#RCy|
zj%cBPna(5hw^Zu`chbcbcJAxg`#qrk5ryoZTvCS!d}?p^Na*YrV0+<i9`XN^u42_2
zulvUf#N0dklk*t=Z0=7w=VLw5C9pYfBO(lx`16+B7n9^}rV3jx{<?nsQy@eBPp=Iz
zf6dabIaJpx*{Pw_01y!ni#`mR+9PU}FH*%pM;(*iQh5%^TJ+ddnx}71It-93=n02?
zB3O936W>dYJyB|x?%ceK)(^As65weF@qnFV<p2VyB~3*l5H;~^;^jNK82XjNYwz(+
zgt9xvPfVa^rq$t&2Bdn<KI{N<d56=-e}zX*lP6xDXIvNhS{ZDsiKIZcSkYc``HUrt
zJ8{WZ5KEBivWg8cc7{qL?j9coCE7S?5ywzX7*Rk<Z{lt%=H93pLB^(@Z6HxP?8u}6
zQKLnPTHvY6k>nTQHElGd=@%plncU&<h-jxlRPiWU3%!1v_Cbufl}rVxx&ejRf6N!A
z51%?jtAu93WO;(=pcUXXa2^<)p#iM9d$8^F=gucDKuqKeQB6sFiGO?$Zdre*DqzD+
z0a6$y<rrB<1Uf7Nz*wN)(ztT=qKoWUf=t-3`cXv6$RI|daIQ=Y(r76+OiQ6)Vz?Bi
zm?E8yPvqKE5G3}5uf&zIw}98-f4v}H!T}6yL&i&jn*(wWa&N(LG0XEu9fEL+Q=?9l
z3F9*#*pecub+9iZIU|@<i$%vU1y6y703xLqV0e^6J2PWR3CR$V?S)gw`0$ZF;2Yw}
z4bm;>@V@e+^x^LiOIAFxN_wk=FfbX@aWHn1XycNB(;PnQkyl{DH?rOZe=&rVJ{O;5
z3N~T0ghsqn_zy5KF+Sv3K^Ne2!jF&^MbNf?>KImBCMJWkilaa1iEvKwfY7ZK<w1#n
zgoIHPTgk$MRjy(rxU3-L3SCF9e2@c=;DbZW`yf|oOL}5836c@CcmgLEyc<n92_h2*
z2?-HEWuzT-mvQHaMcbv0e}KZ%5+7kEPl8zVD0r3CXsym8k|{<89ppo3YaGfP#?r8=
z#7*H)#(}PQEnp62h#66QmPhG#^0fFt8mRIYaU<AAB+d%cB>LglyUWg;&FC9xhMi`y
zJNE`O7zwUe)o{*X86-uj=LBcTd~O9)1>M*J(~4>Xu6_C2ZvAElf8TV<EyL<o!Hr9f
zO~w1ILs**|MV+m#SO<$2xqwxD&Rhy(N2#+tt6QO7{NjM=7oDGPAA5%8lWZ{NMkjQy
zU=!&7-w?8Ix3sKZnkEeQ=Tj|FHuvh?kGl1uk7evv)F#xOGEZq)IZDI(7NRGjj?dKl
zhw`kQHn8nOCY_@se+~1pi7XBPmNtvpHCO<aWV>CpQtxYTAM{Yq+q%%S38F_$Kju)4
zb2J^QXp-&e5@CVj+^6Wj%AYc-qmX3{I!!73H+7&;mg*;Oy|XVMSorbB1N&ED;;67S
zKkj~R9*E-G+eefLUJ`A#I!JQll%?(b7FHO4b2PG2WVH#~W9u*XyPcwWB==UEjh`wT
zt6NEPz2oh#fg%*`Xen_}#LrtS0{D0n6%|s13Umu+$<V0AWdBz%Ieh~qZ9e27&;4|N
z0P;<tvvFCgLk6DD=mnb==kk0Q(nNpncc=dX!yXiulR-Wc3pOAyAa7!73Nth?lff85
ze@Tlg$q~Nyuh7{bIk(EH0wHL1O9tP@Zt!84lV@x&9)ssHf8UWAxqP`w{rX`Zua{C~
zW@M~iEG<s*@cYYu4}$(#sSfL|4!`~K^0z-6{u7>x!*Bn5xqiGzvC+G$*iY-><LAR4
z@9H4s;o~1?ag+DU$G=`~A1^=DYn1J-fBErj?iYC$>Y~nCU5@H3jMNu>R+gR!%TK~5
zD?O5Lm!mn$clSV<%Tc-o3vHp^E;cPtyZ^-hCYAe{_LJ#}xzHBw6u*)m`Xz$aidTPv
zb*rR5a&vDA`a&BE_n{{@oPJj~|0sV%=kRCzHBoHcgP%VB+~tqwsoj=}qi+v5e_F5T
z@sl{?F75AojU4hkz)z5)nIUfZ3cImbGJok#uW66)isu7!cFZq%*G9?<aXh@j6!|v;
zE!VUN&dy?EzNQ6Ex<)gt^ybm_PrvNvNI+5y6?Rc@dH2*)5E!=djzjseG*)ral|1+w
z!rjg9WF%eHlg^y07)-j3n$J2Pf39l+uOi2S6cn4q$SRJ=G)+r(x3r=vyiR-hYbJwB
zHbYD9PQ=2iG#H0x8nP}>v0v8AOO^)THwehzE=xOI*nb>26HLcbw)z#lGi^Sylpizi
z{=nwUa<Zk>8S}{Mnl(QLZXh8Bbk%?Hzk0h<`O1+yL7l@jy*YU<kA=kCf4ky^S$U9c
zxUg`MwYkCT_+W*zx(b`5`yTBm8T#G3OmX`@w*A2Lv^eb#OwaiTX2cp)h#8f_0h*Uu
zou$q_2)nSbz`f2Q<0}OZ7}QineS|2M1niIdvb#dgMW;nl+KJBVh<S@~yc71MYIPPV
zC`3)m{sdLd2%SwjXudnwe@ON;po~UG^?pyDpokOf<DzlcLJ}CIf_(`Mn+M8V_#Q-W
zfBaD{>^YNnn#Qj$DlV|0x$-lL5hXcxVqSpDCQmgEKu?(+4~TDQvdpJmw3E@~j61J)
z>Q{mU945nYc+lT}eG!Bne-9u1<xel-aFlfWUk|IMu<L*R_u;P%e~Xkfw5~^O&+A5L
z#9H8=1nIDwZlmgPZ8pl$xOA(w3{nwcwSjR>7yvlc!@jN0Fk#)5d`HipH*utq*;w$b
zZPqp@UdxC&E6>^yDr_>5soF_gLz!;ciL@bv426jAhwfc;mjv2N%Xq*-)`TWa0jXge
z4w1z~<JRCp3#3qje+RE<*}J^w6i6mVlfgx2zes3DzJ3b`61=Y`6f%HF#EO<XRt`g`
zsL+ljW-(GIiV{XF!U~FWVxxb%cr8Q~wF7tY>ajKIp-DZqg+A~<_tazYXrQYf1MOg?
zBzIE>!l)g9oT@;KVLWJyWDj5XgdQB9rUKuP2|sYZYwc4if4q#2>$5QLdqBLQ85G7j
z4~2vVn^5>E9G;5<k*v=E?KZvX!zPW&VNu+o+B2ry|95Fb_<Sr<*D8@n%F?6cxOn_e
zPWg@g-}DAHF%_beWZhM)UeoQ#;MM?(v7i$p@e)H(p-}XTDE%mcWGHS#K`x+kpK$CG
zEchrRbk!#xe{<6Qo`DR?tdpy!sVzk@-<da@dnmx+^s4P%H)~q2e2~jl#Rf7*`lzF_
zM9Sz_9$2f{SNd8B+Aq{5$6mKH<Wvn`UC^h@t}9+xoG!sey=0gEy~JB&$${bw9Q@ws
zz}vXZ-{Fj)0!1XL<93ZuM0Ej3X}kV3N3tkZwxi?-e}U$@p75+&Hk&$`I#;lzlv<=U
z^D1u+NBC#EuTs6n9DJCx5E{^3Lef4eY$L9hBbnHnc&Gn2r-=OEPXFG-n|>2rV2dYA
zknL_yc9N}FMbM>3CaJiWs7iVmlgpM(9R0yhCp|E}A}|-$vNj-@)9P#K^yh{5GPAbX
z-(>are@bTkL~%J+O6ySenM5xBT-RT&0lRfFI)C3W%4&^A-wI4mkw7|)OYx4qLpB(!
z4dfj4sZuqI*wl6EB4vQOK`t%T#o6{2#FD%u%PaX0zqh$vHgvqqeaITcuv(?0vx-E!
z0c=3zQBL7EUD%G5w^}EC_aoE!KHPbgU9Qj;f6MvHsw$&iChiz=>~iaB<_g&H9ZYvE
z(0}prFe4*bo8GOq+&F-MsVY)FQEcyc!+iM67p|0W4SnIVNOF}m{pVqd&#JAqrU}za
zEQ*jiL+YfiJ+KbxSB&Hqe{Z#*7mq8|>C{(4dYRvYgE=li8I8|~txSZ%b&)BB+>G7;
zf9!N(G1{q0^~t(~KJe98J&Sdxj3i6oU3KtE!+6TMN!_+*`~?AVRPEo6KMU?1ayiP{
z#-S&b>c2;9n|H4KE%mlF9gkeB09O%FLfgh|dO*4I*%TV8Og#n02mQ=4YQ0vMM^!fP
zDIdmFlwQfh<}_tq=9WVg`AnUg?nW%`e=+*0I`=1hB^)%bb5Fdb*$jQ$qjpd|n5)-n
z+NMz90@jG=o^S!2aycFa*#I@p#FJMp+9V#3`E0)|%xVM2$NqQ9WsBY^AijZq4I#nq
zWs=#D;f4ciWbnrXF<x242RmtLP7Cg2(@v5N@aW@=OEHYwI+Y&ugg$Luk)%tXf0ZI3
zAG#%rYxhSucDSrkI)Qm654I=EDz^u18kEO_TNwC(VwB-n&oW@;5u8rWlOJg7vNvTv
z9AfB>4PkKzvvsJEcs+wo9iZV1_{C#Clw*d!XdTnJc}m`Bdp0wnP~;b`1z3;#g7>lQ
z)A}UNYXR2tgSsFBMX3Td)b)y@f08*Y<YN7ME>&aNI^dwc%cZisf9ie!ID!lg>V~~R
zu!q4{sRm@$6{VsRHb5Hra4fEZ(#)@mV{X|R(JwL$x!qGjI%rOMLLPZUhpXV~G6e?9
zj68C9@Fe(zf9MfiXQs<UlOb$Mu|JXBYP+}~n0L-zQSlAgly!97%x&+$e{VxyC|tK`
zK<;x`uj79vgNBqaR+y!j%zG++i?s#8kPmc<dJk&&1{$Sp3oH30e!)AY9L#<DPp5-=
z6N%qur~>RMm!UeBD<_yHH?6v0Qz<d9);z~pmO`@0#e2-8rFPX~%v?Wf8yu||=F-!q
z5)_oE%6OL%>@eV!_bdC;f1@dhZZoe;{BovUVuJz!qEZD&hjvz}LNt|0M*wGt%4o`9
zr3vKgXq<5_;dN{AG{lBc%xn}3#wE4E!dy8>iE9fO0aK$z5vj@Vv7%tpkRs%3b0g~I
zmY7(FVqrZ5m)BvJDiu~O_Le-J(I%B69%cjG@-KAqRrb$uo@_2uf2-S}qFKa_?h%mK
z!=`>N&f(a`sC)u^_j4k-UFSA!3po#G0?<2vEtE4R=E}sIZ!I8lA>sQMCRMj5R0`2-
zEy}bBCb91=;owP0xmx<JSG5@WzSzyGVpEYioBALPo4eBl@^Y?bKs34QZ5OX4GxFr#
z4yA-S9+m4aIqez-e=LNI3MRXw&u%6ZA=yqIqnTGoaq<h9dF^wPiWTF|O}B5{rn}Lj
zyH_aPOQZ%f3`6+0yE!9}gMsz{r~e}X3Neu2=Ub?xaP4Hv*vWEii=~&)JIqbvV9+p1
zRt^$XHN3sDOTs)$U7brn?n^^RB(=u&>VdY56xnH}+AfaIe^z)U>s~R=qj$NpWpu^>
zhm&6Qpchg%7ozP<w&>gtL!eT18d8$j;smI~D^<6A*NC?h5ND~wHnH%4(Y*!LbH~ys
zLjDtseo!jrBM^fHVsgzP5TILDJTqXIWgY;vf3C~fy6ImSu;ff<R0YD7zgOib(f4(R
zf%0FBU~6ctf9qe~difSx;=SIB_6|fy98X0x(f6XW@=T2fz;0K=DDJ=dod1@iGOLG=
zba{r#&WFFT`w+xWS6$0)Odi;K7}2F}rzeakr@C<faLHLjbxgQUG?N`Z;&~BZVA{2r
zf?5RE;P{UZKqD~?0j6)Yo5_9S(95aj1zaK77SjTrf5H~Ta3iQlw4est`;#Dy4jSeq
ztL~zKT31f#s|qj}U9$Ts@;v24WjmiTN{Xw2+T{77o|Oqj^au8A-f{&88-X^@@K^Ap
z#Xp@MSHZJhPp0<G%~1BRmRA%lQd%$?KS{&?w@caVg91JGOV&>-#-#8*6{~2fYqM0U
z98m1?4)O~fYXtm19R3H?;Qy<WK|T`<IUq0~Z(?c+GcYzblM^LHf9y06zR$178L1nW
z?bwMliqtC-w+AC}K%C%#gaC<md4HesUS88ZgGSR!I<af7ud2+BFnxXbcVhUbfKPhm
z)0fXLKYcU(<FB&m%O5Z2x0hMst(vVzJ-z)leS7B<!1VU}&#zK%;+3iGz+VA2cx8OU
zPiMGn2l)zDbDhiWe}F$ortv4i?X7&%=H=iY;L1ETZwHO{@sqhFUB@feEnIMG-T8ex
z%x29SlOQ+g_cau_WjQkhc*15wnEmK3a~*bZ8^mXE!ILFinKi%=3=1*{%x@>`y~u<L
zORbJMVV`iDAW4@kaG%j<ugqXRIsuuV0^dydi-uf&aStOse@$}4s}v~EgTi~ZU*5id
zxxKx7YAH>vbD=UMSqI5DSy>^t3zi^Z_Apd9f+Fo;IHhW1=I+D^*AlkFYI)ff&jbDa
z62)Vd)mFJ)OlCb4ue2X#yQ5628;ZQZy#}|#Vk{%^VwZE<s3>5nmY^zXo9`1acmYcW
zN70b5a|&lkf0oJF>?N4p-(9|2dqa}Q(%=_Q%l`WJ3qzOt>VNp*yB9Vc0JZw}q!zr#
ze*SCvu~NNM>v3*Sh7vmm#W|@+2*&GOb9R0pP+6)}o;856xh)LoDh$rqfzhGYx%bZG
z6Cp+*B~hQwAcLBC3?4oxcyg2V42-6<+CyQs){u+^e-xHq5f|^V&v9?gvkQFIR(kg2
z;>QK<>`MNnyoaDE!fKZ6;F4D2_(6GEQZOOHaF58s)EOa-@9Is>M^)&}Q>0^bKrtb?
zxb@Zg;MH?XBDG`O#%pN|Ek)`&s*gi$G!c}5W6ixr#VCKl7;vyHOAmgb!P@TTR7FIa
zB<OYQe}jXy`v;=d#{-X14GW8hym3w6gbc2j6cF-76`Aq%KGv^f$F<O}jdETul?cUd
zgtS7gY{bgI=mfp0GHWjt9n-m0G7UUMmbOun>=ANhnNxG0RpAlUaL~9Kq<q~qMVbXh
zD8$}XM7C(PI*G<DRJp=fbzB{Jsk#>CDWjK<e^(cuHe<}Q_`)Ypo2VPOgMJCVpI}1J
z1w{AvR+K3{@ayPuBpTpX1>iB@pbBe+<&j?CE~E_*R!Y|WGs_^Dl(I+JPsDZDdn{57
zH4JbpGj$Imc}hwLaA{qpJWkk&@n_Es8j`#jDu@r<jTc)WL%k*GmS%0gZwd>YgqKVp
ze_~9Mx_z*4sm6TqRv7?esS~?oRJRWgWrB2QpU@h_O7u<@FjU{Xs^d}uts-dCY)!q8
zfG?FH+*G=-%<7E{g_fsnPNBPn2?zlJl>10<+Vo?d>dL4mJhcJz#+6%@bNZ4-FQ$T)
z(NA1TIa_LGv)gKk&_*V=?rIVcS2q<Wf2rB_Z8`&FDVnxW^S%Ks9A692tOrhlIu)^O
zRMB$$zEIgr3SklR6D!R8#p;%%VsA?%(vc@Uh9L&q44p1zU$(Sg7Ti2u>xoDJ$NWcR
z6m^gK1+R2&jK|6PWWGClu)n*H3tPJzD4B1N8$(_!M`KV~e9MfX2(`@!)$p_jf0N?A
zIVpXVWjaY(DFLw0S-TAf%%!;qj~qZNd>5L}65nUFD4tQm=g=_{6G%tN>hu%JVzweX
zhxqO6!#!Aa;_G$HD_biU&TwrDhGwbWMJG}pL|;yZ&Jr$qDDO7gU;j_J(@W!oA(cXq
z*SabZs7>RcinG<U?#Hg&TWerwf2s3d#2%wVZOV1717Y$&r&Cu+@Kh+!I>|XqRC2eL
zZ#LT+yggFToBx|B=o3a(c@|F@(Uo><s+wKy>z2(zk3Cl>$L&|Htz1Hv$vT;Nn>NO$
zx=%aS<ie^L)CU8-r526hgDmAEztO?lpREU0nLj`x`Qs5VmZuaYX27s2e?da<maY22
zf+!!4Jfb#9DI#3r^zrwLSX)JO4V7CszE!-Dn$wb#>eT28d9zDry&9dO8f>JfjD0q9
zpRwz)Rj9d|AbhAzlQ#)%_t4*diA?&|UPEh52uxbymabcDm8R|sU&d_8GKg8P_Cky3
z+%841*tK0l_u#^#XkmX)f54e(+D58%R1E|vFyYD|?%|dbmUWcHVeW_$Pw}FSWS4ZY
zo5=-JbpJ-TI)+j!t`yq{BBteCasidDoJm!g_lN3+Ov8h^rG(~)K%NsGH_+6TDoEhn
zM*NLO+4XE|<_$5KmD|D4*&<g}L%y_eifmKbtZ-}tSVZ|`P5F<ve~iUmKhw-e%6>JZ
z;Xwt{R@W+yh4Az4_Aok6{zfvVi<)=gN-ejX4e+E*bE2I>UKbWoqRlQ;qfk+eModwt
zWK~5A|BTR&%T**?H(K1U1XVsXuoR1`JJn@B=UQ0aPC&*A&#gF5z^u=l<KM;LHq(t@
z7Qx}`3=B6M_>`ETf4iJn@B|zLnD*n$t^oL%<28lv8mpZJuPfXLD^mQlAbecQCx)8~
z9puy5e#Pw+EO5dNX8dHAEH-T3Gu)QT@wRX_2G15;RIq!sSeTiD?5qYCl#uzq;{UBf
z3ZQYcX+frTD9G6X2z6tNo%kqVS-Z-WfqQ&qlVA%zsf}$Sf6DywdHVgE5`?nO1{b6c
z&5JYCw5Jl^hjj9F8PPeS6&T0IXM9{KL#${Li+6RlX;8aE>k`pjkJcf*AaMzfOQ4PP
zrHi+9_Np8YNf+$I0U_p-PR2F=Fe}QOmO*zL$R2uob)2|h=xHbB^BS_|yR2ze`1r{5
zy)`wqG4wube@{{ksckN~>rg_3SxdF3S@7v(z?rOuH$rdAt325n&*x`)BBp4^V%*BQ
zGjQJ4qW#L7{q}71HqO+0T`)Rht*SwJ4ZZyU7xRuxHN1$>u_!`Qy-3)n!$cyAHs9Q~
zA@RnW*|JdsmYil(sK*+pu+&Y(ytWJz)liSVzm$xaf3!1sDo0+;mW|;|__~PHHx&1^
zN}_659or8LXxBL~*XBG?LV90hR2WUbb9{F~5Lzm8dm41^3>6A(dxjr4?*h8+G}cpA
zy5qS#O_2H`bTE+4A9;c4G~tl9M_k(ucTBI{isW&DjOLeFq!`Z&A+|?lK9HofLUQxE
zedFt^e@+9wEmCp@P$p)J0&}QO)#x{xl8824GS_p%v#REg=cznRBqEYta-{qn!$Pl^
z6#Ix|p?jdg%tqaLhMme7MBQV1@6esQ;Bw%d=%Q1dIC2Er{F2TGJ|<;VPT_Jo#!_zO
zxHMJ~w~R2iW!A;NBlTgl1Xb*7Hb0t+rcTyaf04Wzg@is8K<=91EJU4iDKWictiU_l
z$wIKSLzEq^B>j|_%w0#A=h?0vW$M-m*hJCb1T5I&=-nf*2I#F7S0>dAz}#9l%bv_g
zd#9CpJ&|{|!CO<T?l37$r{sm4_$?!32ucqPzOHWYm5sC7IM1C7%%LQ5T|(gI>A|6+
zNGx?Lu#1|yC-&3vL~=NKf7sekXWdaQ&s17Wu#a?WfZsc$==33^n_Q35Z)5%~D4tD&
ztcKYR<k0H!K5^tXs`u0MAI|T^`jbIE6bv#TFd%PYY6>zoF*uV=FG7D>ORwv;5#FC)
z;dKGKd`YwbLx63`1-eUnfG&!x(k4KV6lga2`{lgIAw|jOwkR&Hk7ZHhJihs6IFz~A
z)9)YuKAH4ywC)rqclzz0AAkG9>0kV-IsNw2$K&&32x(|E(<Poh|8e@`%blz}eg63O
zn=|t{+>D#u&4oF_$Ju}0>=S;q%Y1h7%gY2G!#H~yY=_z2%m@Qazzg?;3+vMex*2E|
zcc(!v;)CANrHSdncwPw}uwf273s0FIIFIRqpNX^WiI%2*rA7UMt1UAwMvJ0aBmQFU
z_}qxfz}of-k|y;BSnff(&|tj%%!Z-GNZ?={%z)$65MHE`+B|=g(cu4@{x886JB`_L
zwfSLUvA@#s`_Dgrte+p>^?W)`L*r3pWil%YtbRz6`T5GylK?CRh!f<7Q(~g-Gzdjw
zS)X}Mo+hR#ri3DzB9PmZVaGHlsg<5O#~ySRUJ*pBA%)``6fpwEzH(}EL8Cwuu%?{r
z9@zslwa5!!CqjQ&ACj*45}{XIX<mrSB+&}a_v6M7l}N{KzM6|~9lhs8!Y}$BomIP-
zv~h@6f2XlvVGbEo#y|Sdj9q5%QziSwSsTan*GD&m^miDqqpP&>*UL!S_>&E!jRh-!
z8>}&oqZCbrKbq&UeVp4+o40MWX@_UP`n&QqSpx5Y4ak4LE`wi()rKE3Kw3(qkxU=e
zg+`PH`$HrS_j$P474M*@h`+9ct7A$l5Vx5I*r_UBAS6}vDpOd|rijypIId>av?9o!
zR6}*>;ti_JwM|FB9=yI&p}l~VQ}qLUV#bJ+o5&8RkBIBn>?l&!&S%d~q;RYq5{X&L
z1g-RzrFVbcBmi&453owOhG1U$QOggP$A0+r!z94|&Nu$@rw?;F+hmeoPic&!@4uY>
zy0M!Z&E?uz8KN*LV-$sI3e#?9FBRgd6IDY?3YLso-x@kEIOQ8EOY#_Sl`0Mjvzl9%
z8<E}i{7|82nEZwt)pCmxkt-L<B*##%(*@>Z3?qMAOE2)!nw5Z>&sPZrrX9&8P5x1o
zf>`$|b#{3oT|qHa)Jp15)lt$T7bR8Pyzxtq)m%;(xdMPsiam%t_FGoOR9PvBgoxN=
zWK|cuad6D(qBs~$;+bue9E!fVh9hg;%PP!;x$ZEPByGU-<HcrdZnfwkCsnwb6{*fB
zMW%mLL5z@5d$clZ$nuaop`tKeCzz^yZkFAqsk#cq`q|Za(L6)IRi23x;Qt#Zjs7yV
zY@Un0V*=txYS^Kz;wi0cgm2mF>$F$RTPp6}B7BF6qadt+gn*D+^-h31{YBmBp}QdK
zK6f*^PY$2Y(~X@z?)Y57uEbs@>o4$Vm{Nb{X%bohqxuO_?4E3x|7l=b-+*|Ei!|>P
z+EbA0)n~P5R29<(O>bwYN@4Vq+Ah#7C>@saT#vq5G~{&GY-oGt=O;2Fm>&6cE5Dla
z%f76PICiEFm(9*_Z)en!GAL8Fwazuv+LDtbwK||s9n3C;yU2Z=y<b_ktdqUkICX!Y
z*)b>|YKD@{@_vnkqo}xMEDKWlWkcH<cu^=~T<)|ts-zpruDaB>jf;=HX{XDkRPJHo
z8(f@h5Q_;YO?=G;eJ{1K2XkT5L)GzwCk1zxhgKG}xkjp+0x>^MiQkhWD%(pdCX+Ku
z*v7xA<P;h0@7xaQ@7Q~0NS{qCmK=Z3vZQujRJHL~@8t6y&Q#WKV6`bUA9}C~%?{7m
zjXiWHMs+~8G5Th2nwt<-u`$V873xivt%_oTu9<KST+KXSd&l+4%2%l_NY}47E((*m
zgw{oz?dPf9JiFRQC>l9Qd!}v&bP-x2ph{~cvme&wI<uG2O<&3uUcT>Ef2x0Y&FNAj
z5hw5L+Jpw;K1dFOX4^w!A~@_a9Q!d2n?4W~Nu^{cd;O{q_{JVqvOleJJy|Cmtl?&4
zw*;S__BQfupd|_Hp13#tnGCrGLzz)apPm|Dl&aF#1^1JafwqQu<;h>zGy~0K08Mx;
zOW~?C=>%PnJTJ;rrkcQQ6!?D&Lz5=9zD!m$8Yy3#^OHl-gnqYhV!-)jO5Q(oUdnQ1
z3*n@R2b6EdLMu2a;>m7Ug)nM4BVtG)lrYd>_s+MMQiB-CgGoJrM@m<y#uHr;sfNQ}
zJYmSmuMWFgiIFg1!3w}mo-Y;`X!`OjpPWF1rrQ&TN104S!-5xsEbD&)&ud}Qcbp~_
zj>sZsx$SoC8(p%mpS)BN6WJFq`}uS4fy9T^1H~aLsW@Q6);pk~NX3vN$w(IOM4!DT
znvKA@y*0uBGYlB4E8)7+P1Dcs^wS*l(>#6acGC>Bj(Q>_-#nO%&^-=7j~~jzb|4zZ
zUBZg)2T%qqeMXKR`RadH>INkuW=KM*j57=c;0}W{-LaMpsi^b-`WferDS<Yn1JOUi
zWxx=CFAAG!X{Z<p{=+`I5*}hy?CO|Z3w&b@Q(2cZENfuiICD(cMV@H}{Wt2`K-($N
zNT&8<jwT_1nl2orJTKQF3qmw9%{emd!hS5nNt{iv?%=;R>1cmdZ;P?_1XW-1XQe+2
zWedWaq7YAfVYojxH0o+OlapNDWTI9Sx};VOM7Wi}D9jbbFS}}!x&2K~K-709z8Jan
zxWPOsDos3@i`EI~nfxg8D|vq60Q8aju(+M4DPFMiI5vD3)CQTc?D@bNi=gRNi|k%l
z!I7o8wTq&M!2N%jn3Y-J<0&7W`dhDKc23zZWOlY+VCV9{|BszJYiM=`J;QXs&iMTQ
z#?BoPGCR{IAoIr3GIVU|)kv)Du?Hm_f`3C0LLK_|#RhItQ3&nPR>}e%OmAHVHPNPh
z`LxB6$W4xO$FMc}u!CW1a|MG135YiJ6yHe@Xr^_;IsSjjxL;>ig0hH-F)NmT<m$!e
zLuj9qgII5pbVNyzRvt_EW`Q~S!>X8>sH?4xh{S^D=+k*Mtg7-G3Uk<nwIR1KjZ}r*
zp%2_OszxdMpiZP;NZCE&woq&|8ID2S&?n)|(zrxQld`Z-K%wBAVyRa7GO(f3g?oLf
z!b^50W5$2{)`%kqX83V(5SpY?V;?glFh<Cs;iFZJ6eq8{z)lHbFW1K1e32+G#~;IT
z(TO@dkui(<RY9{;wYkiwI_*J^o|V<fOwt|a(oWuXd@mDNw$34xkgVze?-3y*4xvhJ
zIW+drrpLD&5+zK<3|VE~l<|=+ZNO4#Si-P^i^hN9W;;|@EmBU_J0wd*JKYtpd969u
zzDmG|?<@J69-dF<&LM|KuqrsU@A<Y&twQ9Rn+wi5*$L+tWGu8&%#ya^L;Ge70}r|Y
z+)>32!9ZQSlq2PS|HT?K^Wo0iPHj^q#N2F>hSc%9DnserB^mQe9{K=5y&Xn}%Uok!
z;k|!E)w`y<a_q7>bdWwaHLq;$o~ag)bl|qf0IF#xC*D|fSFaM5-VwFQq^GL8sa3D8
zZU2?CVBMUS^CophkE^cb{DfO^w0}GF*wyu4ig^3d+iug*+S)!ryHMVp$?eUiseING
zZ%<3QCt#%&{H`asdGn+}R}D9H9#i!l>o$M-S6jAU?buTNmwWP^hUEKmAUnqGn-FfU
z4$s+^-%2^w4L!=CJ|*_|Mxh$SE%qrA-`GS+cjKwK_EhxpMiXn=^Q?`BDLhrLTAzQ=
z3lQDYuI2^UgBK-mk|vrnQpWlXA6MRfq@x*TCok*e^BH-^XLFR%g?V*CUnsD7olX(I
zeCzU1IVIQL{_gZ2pU}<^lR-Wd3^gDyAa7!73Nkn`G?SA%Lw`+c+%OQm`&Z~3usbsv
z%N7_xy}K&(me!C%>8W2(nnHWY-|x&w&3YSWw~+P}j3rC+{ocdSp}T8-IFKhGxgnDK
z`Kh_Na^Ll~Bg7%d?g#2w_CAb3JiavZ()29B1B7mH%SZPjdxz|n&+jJOC7KX%pHMdF
zQ>#bVr4}a`?SB$Ey<c88ho!l$)p4CQMCitnl^mjFrJd#JHQpAoe1p`Y(Py8fo;u7F
z)qr{q+DpsDt3+jDizB_6C2IDhaRlmEa`;?wKsc84$=77X(`Ok)ePTjcUs{<twSIyf
z?BzYwQ<kqi<n_E*Ctl6^;kE$*@~&FmylTL;DCS#7{eRfSa`@)n-U9|FfQ2CIDPaDf
zeOt>m0-)eghV{W(X9Stbz_Fzmb!r`nS)+JlmKoR&k1>X!m(I63xJX&yV%4KWoc1U*
za^gxCiihBCSYt68v7>UMqlnQclM-#HoYApFVT2AAZ^qfSdT+c+f-u#-%tg!7AVN7R
z=?}1eUtr{d)fUrhjLuOVW9J{InnS;V^W<Y%zOI=$l?G$S|3w<Thdsx?kj6#_&rKQy
zt25FtjGics2RL7n2HyX?|GhNyuXkA*8y!4DX$V$lq+u96Q5p|$UQ6TJ{Q_qjw9%76
zJ{$uyI5C%?odFdIOl59obZ8(nH<K|X7nhK70SSLIGB`IfK0XR_baG{3Z3=jt?Ys+I
zRAv4@{ygV7=ggTi7iNYT?w7+&L=gx?MNJ136h$ONQ_Et6K`>#6i-zWUTSe1SQ_#$m
zN=>cItTiaR+tqB_Rd?5|zHMb$o0;E!?p6xN|L1wm3=C>*TkYlhdi@z^=3JihJfHjL
z{rP{KGd9#Ux{(nrMg%#_s$I491*_{2LT@32ZDn&Cl%XM&FTwU-;H_5F&Z?d_FTETg
z0{iIUS#z2y$}imf07Cp4ga&<E>2{R||9$KbgogbZ&JU`D19fVR4)zbhetczh!)*&9
z+h)T)ov&z)r_8l<`sPUpU7H5y_g1@ZtL1;VJ9*fD5B8NBSGBwG#kxY+??h<$hqa#i
zhUsX@C4}bF^_AK>cWuQv{v<*RU{|Pw4-7B*XM|0W?sJ3}M4hCU4MvkWz+$xp+8sf`
zA)#U65s^{RN=$5Ad_teZzDfQ1Cl5$TO}i#NV_@c>!9%i!4jX>$h>_0hoKd55^TvOS
z%^x?uU_#-<qU(w$q5o5VI1{y_Bk+0=?L}MhF4(Jp!?(hbHtqmgjvC>}%lHUh#SMUC
zyU;mw3`RDiBV;d+@HmtKM-e(HaOgZPK~KUQS=f%VbRv)VLjFm<m~ZD#^GDHOzMenI
zm-6*EgFGNi5q7~li@d_w&>JWkwc~#eP(6B@d`>dRA$~M(Mjw!)WH0&zRsns(8f(!G
zP-8o?V-H%yE#Qjb$ZNt;v;|%sIDZsx!^eQSr|~j$0&ONdHx_NfCxEXb=<jG5Dd84@
zU1o3<K>uqn*HO5B3##Xla01In<@&=hpdQwm$vz{=0O16CokNRY<r1_*Y!`p+x;R*c
zN^BQ?8J`h1pf+@j+(>RE@8acr9KV|%i`HrqAf;$6%)NzPBUa!h;GMn}(Al|pd@0_G
zKIcnyGhyymC`Yj7lUy-yRDlk`d!A?ko`&J&WED_K&qku7x^a9eTn{to76R7@c}OOj
z4O<J)K6C&LAgyRE%*6N=2Md3Hhby=89|F&7@c?Z=lE0nY-_cPr8YQ6${w&BE*%4|*
z=qa5j@PxxCS+VTr67tLUJFlCnygn^vK=Ng~ibbdFM@9QhO-lQvOGQ)paADehA!0vC
zkoNNlaUXu)$qxr4k1v|4?C;7Q?VUBZbTk~BG!-`K9vp__xue-Ry6Ao(0siHGm+n`}
zDwR7dcf<|7!{Qz~0K|qW)K<Pi*a6W<hr*mj{vr}DVo6xU@hJ81@iW&T%keYE&!h!f
zW2^}=)|d(&b=H&c&QH`<o%!3Z>%=7R|2H5O3=>Wu14?$<r55f{9xahY9f=Tz=y3$%
zjh4<c>G1CwlsfzrY@{71GGRP_BQOId&9KJ7XWScaa{u$@n_aPQ3Maa@a^)BLbFXz}
zQTlGZ^fBKEIyRtSG|m|)cGysdvE8;NL~jeYj@TTzAu#!QO6RHbXDnyaoN*&V7oY{=
zBHbcsk$#c9$gse;$h643C}5Fgk#&KsE%aQd70<x2qQf4Pkv=GMV4uW)bY!)lxLEqh
z)o*;{;g$`LJhI^&wy9^&{jd5JwvrD{zwyTD&t8A+^R4RZ>KXM*^);}_K(NUn)Zx(-
zgv3m~6dCas&U|6ADClK9KUvn3$+AJ_CS%TEkVUIb(g{{xkR%;vC7cmPTOn-b$O1=1
zf}S@>MuV)EG~+SokjZj?eEfd7Wc+?>$qnQ8+vrCi{V<f=Ftr1gbq<+^$L}}7024iI
z(GFjFVaT+%g0rZk&!ndZXQhEv=q$pQI*a6e3q9Z3=CoMsyd-czT#yheXUh3pzK|z7
z<r}yggvoM|T*K7}6><}|h-(rS3C-L++-6~;e26<Fyv@Bvek(+O3Y?yZyg`s9gC4$&
z4la}g@nJ%^6t1@$9L5BcfaADC62m75v0|()K}yue%Q1#HV-^|250bKsY34j`EXm`Y
ze2(B0ojRv9T0dGIZE%{M<|$|jp28LJ*9pa9v93s(q%V;t8_G~Qc5}0do1ZPr7H8{f
z^e)3JqsQEc8gUbUw~*Y%FBImBi^Tc5MY`LhCjBD)0(q`sp|P1;DXcYbLYweLZUfoM
z-z#huH|y?^oT;tG?dDw&gLZH`$iw`@!X9yt?qO+%@iFsnxW~z}{4+wk{(19Z?q%{8
z|EAD11A+O5WBL!r8F1W`_D?@K`ROO^>bocZ_v@2<X=f{cnN8mp+emBYY_MbMBm2Qe
zBxFS?P6ukyFTpJqiL=N^2sNdn2t99OmTb*}KhPg+rX45^1V6#n429ZeOhOF%PQrM@
zd7O!()eqGpY7X9x58zg{QY}(lLh8kNI0UEQWE{Lp-J~v7f2Bf9^7_#t@FP14N43s)
z<iPqB(n`U9u?GtsM*K`jhppYXCL-LyNe&5(=WGGF5saL}R$G?lT&FB&;dTBj97uB}
zjf|{~Y>Rv+@?4}a5{<+oxsi^M;X<-5RZ7(-%O2#x9?s+NgzIPA3LH3MqA)nyV22sU
zF&;9~kuC+t#fmz9QRe~U(Whp=HnZ%VTh#O5T1lOMA7NcPw{zu|4l{St^ygk1IB;LT
zWIP1R;B%wY_YZG+a^E)Ucb-chlh=T!M0DCY++^g;hDp&;lAhDalcJ-ea%4kPH19ww
z@G9QE!m%o(!^(Fgv|HEojgk$~;W|_tE}3<bJvO(mrSmWZxl_OylRXP1>fg><{&v>p
zb0PD8m)77c9s8UXdjKVZUYykta)cqmm;wwZ8<LH~^uy#~hG9m7f)pIj^_BY?`UR%i
zQyu++`bPDQPEwL$;uBZMD-0`)D@-;TIXF&~MFTMs6ETwjVj-a<jD(X2K2o2Unlv)$
z=A=bQi<8zRwI!WP3IUV56+4*FAaq6JDD1F*i*d1i5;K`>A&{kl;xh*h%193)s|$Be
zU$tuH#*v42e)Fg4FVCrX)wOhu`(fw9oB#55#gqKVeSQ0ulsNNa%>C|Jwe?_J+;f?k
z)2<s|ln@Z#vUJ-cQ4GkS`b!@RiIA;B(I97->3;J*xy6d_NBj7e;PuuuVY*NgO0!#k
z!f15&24EV3|9&>@$$;?aaE|Id#jEcaf91!d2MLK4r<Yzr>N#w|XzA&S*<b!zeN>%~
zSKvu2z7%GjxcMgaHT6&GN%ggxZay}4EZF!gT#2`jVRTt2_5@!N(NoSu-YSR!u|g1~
zUp#^HoE2k~LwNic5+Rx*LBKl8@xv^CES^cfYD@&37D-g6GZE=W#_(f=>0}{UMsy<5
zaT2c=9oWu=K~(F9`rtlX5}za_h>A1>W#9~MI6qt%ERIFFIG4-k^Mx_uG&Du5;Hvm4
zVLqCR=W<Palh7zGmNuhJViG7a250CYa&Y6iUOk3S;y?es>owuT#bEyP3;nf!e9Et8
z`4l3B*urxyXo=LqKPn4Y4_VclP>&xzO!;9lPdgCJGHQ$ia<uk-gY54Lqgj;uwsVAV
zVy~LFx9j7*On&9~0|@8KAm>{TqOBZ{5pQ|#Etcxj=oIB#c-JS~vK@3RL=S!(*gyo@
z=1c?-PeLNB0*|bMz~@-*w{A3lwb|G6fNYUP=CB+QY$0N#rE~m#2PCE-nwab?F%g=W
z08hN|0*fc025Kzbnh?Ik`y(vOx3DvPGCxI_qMOgp7v_dHhw1?LhVo$mfFc^uT(L2%
zKD;4fDOwS_G;C@3(umz?ceoWqngE1n4nl)RfD81YfhBVUxCIYB0y+eLu>E3ZK|Q`R
z!!_Zd6*nKdZT|78pJ99M4Wa7!y?gi0!|R7uZ_1z7nltLHYtlb^>BgP4k?I#LZZ<>Q
zTnqeD{1FHEqs@lejO!`>hzN)x5svW7@CT0NtQK2Fy3K0gdI5{oTkpFM{@r)qMXXo9
zxp-0i2J3|)^{Dz5ypMu^F=XI@IHOIiS68UbDv*ks@O*qH)xn3LgXv%oGIBZ{Ii!u}
z+Jq%K)TWoB#R!6;v4LWRfD({1rnunD;m$K&86Rgd2B|(7KmvGf#^4yMkeQG{4MfG`
z)O)b|O+2o1$6mgEZ2Q;?C-yR)q2A<oz<L}qp(V~pY$7H^h$#nu5reKxz+{OY8)XzB
zO1#l*d5=O820~zYBUSV9;fK$pTd9^$9S0O*^Ew>=2B`WCs^ESG)DMkC(@+(fhwebS
zAlx6ksy`Wo3-LtbMAH;pfgACBvK*U0v3eXsGOQVnIEoZAiKuc|%~VgEc%$nkA))hQ
za<nsJx7vnFUuL#{4Zedn0PO^&JcS<PDE#E9Jz7e9sELUt4LeO~f>S6GN`<w;c0r_Q
z6i_JOPjEq)=V_=2A|bcLqUp{)qD>zXfW%0h!`K|DkoNFHp%xvo21t@vWR(JnB0{9F
zyf}t(J3G&47CwCVsq;(_G=(?=)8dQbYvb3&x54ZA_z&WLFU9L2K2j46asXq@WP5F7
zIM_)(Dffk?k3H8>*SL09N8P+TcXf1(+}||+VY2G>xqthp>qc(d{ac^g(bddtd*I&Z
zAM9%8OZUy1c{^fyd|I8t?*JYw;JqW9;b9%fZ0``HcJmtiEIAZuwHd|)^GM?IA}Q(V
zniZcqb^h>w8Ovcn()!Y<#Zhfhe~IGpjD&8Az?eD6I#?r=VQ5_6(J}P#1#h8Cm)=_N
zI5*^>yYGI8zIS)+6Xm_-F7=T5ExZo7@E1o;pFRR_jlKooTLXYT86}`Y5M81T!Fn^=
z6D)R^t;&k%rz1MzAYBI=Q7{QH=_Nxnk?gsBfY!Hvjsv+?29pk-I^PM7_bOl$YnC;O
zVw0M*$h4@m=rkoQCM|YkqBGJN<&1VJ&KPHGQDjk6QFM_~6jKyilvta%JhC~eIl5VC
zj#(bNF0n1~Tw;{(Qr|_s3reF(qf3?2nA)h?=vt*VW^vTw=*7z7n2;HM)x@=Uur)3d
z@?30xADW0`{6kR?_uL1MEb-ja(cV7t(8@=SbX~;ULz_wumbjmr{{PN#85Ij=)}MSb
zsi14g-U`=?4?O#VZPDtKl)Z_Gozxxyzmd}*t57u384j3cC2w9~S}9XZ6WmUdvCV|W
z+H)ZppYkPRi+Y|ym^7y$AlwqZIDB1rTe#qVP0BukSyGPmCS`KE@V=raUVZh6qWcOb
z?3~f1{s9lb;^YVT%t!k7|M=+9kNfxE8y^owYsNM_G>-Y(U{K`O!Zs9$hB!mbf)qgZ
zAS*s3HOmG-Vqjesn>o*J=^TC-{-t}7trj4%(hfZ4VEC4%EPK!}?4WW30cKe7JiI`E
zT|U14*=J8Y(A+F+Q(s!!)wZf|%l6-MrEBpB4WH21`~bw}MD!~!{^O#&0FdhefEYRM
zw{Hw-vGOfwW5W6#{1+P@Y962qwa50gym$CaXD|GBiUAqRtJdE5&*B4s0RX~h9E?s%
zO`4cQW?T--_?RnUSv+;-vGs4=yz_~FdAsI+^hfo5_4Mqo7B4tc_voSKEek$+69@mT
z>d(TCR|XGSJh#jp9oqlo!IOVUOMNFdZ{@FQZjTNb@WR8dp6WyW#)p46@SK;N*&uJk
z3p_`2GPcS@Mph2uwXB0gEz*N}E0HC70wTDsg~o3|FX=?qrO*qq!H128pE`bj#+K!m
zl>Mqi4KVpC#si9xf~A}Q9KZ$W0;B*m70pGpXbsZqu*8W(&j;a9ZVH~t6&V4!akl{o
zx}DVV^Pn7S#w)qS#?9P4q?HfW0z9pvNDPVN4yk9k1a-kDT-NVbcHO-4gkbIpCHpS)
z$BWb@EM`z_bSJB$0?|-s2-Hx2w3M=0WC@H7DyflHT1wfqj)Rr4#j+qcfg{>6(s8rn
zF^9lvDyEybgcynu`2N@$hc~EqZrO6DIt0Id5o7hzMfFV~wd=QcH?O#R*T?U^|54X&
zSbqaTWIxy(LGj4#>>nSc7kN1{kVp0vfh#QljL|YKGR&kGcsUB2BEtB82uPTyPgr0A
z&6Gx(g#sBC>IAB2%*q0*(=x`{zf*@j3Wvbx@WCeie0jb?W+XuB3ygzsG7|U3HbH=G
z0>Bq_X6(StM~=Mm{E+F>voe;=nfQe3rWa?me=v6X)YL>t6jc?k-{M|6Wm@J<*G#L)
z8+9ma$V=M`R!y0bni=YU7(URKH-*^@V|?Z8D^X0XvucRiYgsvxz!8ET(~AP;MTsU>
zg9byb-gbk}Rd_#R;i<7mgc{4;b`JBLUJBy+3Vo%)+#q3~G=|F)MoE*oS=?N1p0JEo
z=h8;*Ug<RF02>nYVmJxa31GRp5YkuZFZR<7;s*(X#7te9F`GDl`CP4EV4O)x`AT7y
zZk|wUTuoLBcZq9tYmHmTed2w(gXA~5SI8^6KaxM_J|my=p9y~zzaifW--*dHZiSi(
z5<iZiHpseA+c4i1PQui`cV*CC)GBUX*VxXFx!-nOqs5$S!TuKUrBHiZbS8SGgE@hI
z5l%!RZR&_Q96`^2)3SuafR%MxC&!0BC?ux%xVvBT4+<0PylX5sn_B>oeFe9eThHy_
zB)X6uoXi1rd>9Gi`v87QB1ya=Wui<xlnmw5q&$>|^GQCRCyW)H678c*Bh&aIsRC8t
zDpJMI5-P<~sS!2c1!Mu=D9jg^qvd!NS;emsR*0>r6>s8ywvf&IW?_@KTX;y^FTEgr
zAYGD1u-*qPU*fKP8Q+9&dRe{k0$<u$LLRx;#(eZe5LA<BXFbLKPP6zN|2R6t30UG$
zo&>3YbplUyQm3@&o%$kuslHY(u!bN-8F4SR!yjLIu}!pp?!{t!Ipn@Ts6#`E9uYGZ
zo6XjC;~^P;a}p|~*dUL&JcTe2#sI-E*!5(o<F^i4hh7a>mABu1d&?so9XU@lzW6G)
zgF>n8+bEO*2<0yS3f3JB7;qQ(gb^=r<_lq3UoTA7lQ7!X3;R)hy~nQ7*ZZd%bO(@`
zdeGM*CkmVlJ}TSfzCygL$RoHB!azAqF5o5zIkHoKo(7h3i!e(rm8relE-Vrj%dK3C
z5UE3YP9lgG1tfs+=y(Z9Iz7_!vTQ`=Fyi1HQmD~lR`?h}5fz;x#p&ba1cPE$%)_~%
zB$Lk&(xgH9EW=3JuLIi}$1(pCa>N{6j^vb_`qA<PBkkEu<)%o}j78=OZWeLzGlf#I
zR97m0mFvspa>G2RhZk_Sk$HTB&?GkL=1H~EZN^2$MdlS;Gg%3?w_JaRVXb)+zuo+p
z`39e@F>}-7xY2Lnp*ZVf`f*fUrK+!}FR4&D+xWBeeWAZ#xp0p8>AUc;52>`qeF{P{
z4n-kQ2WZ%TFxc3;$BwBgjO(%0*r(7Y4ofJ1uX~)+Wbu{=wZb_;)C?4iQ?!3~hOTiE
z-6Xur?}At`!P$@7N_c{|BFxh-aD0&TR#C`-$bgYRc8d?`Fo)v#I2|=qiZafh@v5Kq
z(>@KDdd`6}vGDH2Z+Yp03U+i(U9WC9h<~>W|IX(RTY+X7P;=7v$Ld39lP_2USG|LO
z^{MX-))to8Z{|4}B6T8{B=nc2aG*)49wPKoZk2GCw1I0CHc1b1HX5Nh14QS(B$21_
zxj)3>N>XZEMV5mm?}RA4g>2I8B@YP)b+73Dp!<fLBj51n_%IrIY2XFL#({S}-N7Y%
z(Y24e<y_Zm9iqLn3V+;nzUvV#uIqh&T7#=wb+-x+Kn-4iTAb-2Mxx&n>If%$3IYaZ
z1U!<qXRzau_&tM1O~@D+6^8oS#1LcOu>Mhf^KJe6_03Pdc7o+SfOi(POCA2Ih4wG0
z^p78=hrT@is^yil=}_-bJc`Ee*O$;Ntu@rW9e3Kncot2#^a6-}0=%3<tb>PtOmpf3
z3Zn~C3r7}0d4zrU5+KIlZup-b6bw+7CGEsM@icFXoWpJl4&o{D4i@>i*!aXgT;@RA
z;6VTn`C!0~79?;N?z(-!o$KZ|t>t2d-#hD(KmO_ASzCv#y?f_KXQg^#|ALQ7?|Zzy
zx(eIxTk>7y^o8ol%^hm{;>9a}R{m-UE`IhnzGcDqiQpEWaiMD;+;P{MojcUA6Y{@%
z{q+mu3zl^$K_5JR%b}uWtFxUI>Th1$uKsm)W%c#fd0exWEnJB6pFN1jEnL*RuWjb1
z3)Jt_cSP1ZhB|UOy9d)3jdR9@8YA_#6@ft=0i>f(TzldneMi8vVUc}*LXl(~Bid|A
zZW3*%o`?9x3bZq<qEt^X$)_DG?YFpJTR#Fq^D7~PEnE*~zLtql>!VN+k_UFSY}~nX
zW6REVRlVSP<htv&760bRtOK{d-P!r}?FX{jxocm4@4eSwd+)t3)Q{B9Bcq;3?)U8T
zH<ZnUFhMYnht4e9+uL7%Cp!C!TagGJD{KXSMO!h4#jS$KaX5#jZ6xr!@k5}lcpg!Q
z9e$>l!+Jecd(!|Nn2D*&o&?>gyhzR+R8x1UsRwa2^7<<o2lBI`G^bsJ9AGt&W^=p#
zkWLmM4CmRXxL8g+f9CM<w`ha?$)dpRfi!bzg+))=3MS*C^OLuKJ_Hr_)5`->BFK|A
z>yhWW4nWeXC=&z?qkz6BMhU>HouhOTr?;X2*=mpx3NTv(P=Lv5G$HzBHbEjYS|N?)
zm<)OgG6>D&S+n7g#cVRlddOZ<03Tqm`0hkW46_(~Ack%;{BoG#Y|E*1diR3W;NO?j
zgfD~BDWW+iB0&;=^~4k;2b(OWI8&x6U!Euznx^Zg%d_QX(_+&GlMV8mUNi_sgV_)e
zj2)bXw+O+q-C#F{nZp7SQ9O?46kZXMq`vwDIo=R&Of>Z~_X|+0g8>C)a%p^;Fhm|?
z7-Sq`$}(pKq*=3(6FWI4AV;V7PE(FPR~}=^H|Ga9ttIGxI(!{BnH2Fw!W40`Zi;lh
z{(5<`VX|?Wd0Ie`wE|agm2#E2DxlQ5K)TI*Tfi!Ghkm(Xxp9?gm3dXbJ^B_yi*bv2
zOTZ4p4&%e-hXeLoe{21~ddcdBJSLcNf1C;CJrc8g#%(Cvc>9Jq1tl3V>M#vRRlYud
z%h(kqd|~H*Mlwh1kw7-XFY|E>OGN;dS_byJ46qd8QAjtIqODY#)F^m5ckCEVZG4>C
zecxv~<O<pYf(qT&16pHl$D0W2{*1BO47ri4i^&}JjIRN7Q0xB?RxNqk8XUWK6XYN7
z$OG-|Lm$8W$R%{?$nB4Jz4p-EckkYP_uUVXgWOGj-<{cA?!u!nWFS1+r8<1=AB<9g
zxNm{3Ks3!6Ay}|c+9Tp-w8<<UlDR+~(&+`s6ksT@)8-um&tAJTciSCnDI8|eJeA&7
zwwz6;0R|s*I*J@^4qBE2d6AfQ7vgAFfyQL++x=w|aH{&dj{W=hJuBMpDXJ`6+nGv!
zx3=(qnTJ7MskGk>bU9EcDt21K^H8u96kz8ii3G`FK^X01q|=2h>To~_PMbvbAWO43
z<hh{7&71V-kbqN%f0}+)r8mpYrUS&i6y6rTE_`vgg*9Ka+udGjhIuK(pf`S8hpGdj
z9(|&NQutj*2Svc-cN%R^Jw^$|2YT=@lik37-gtP^)$#BdA09qXs`Xp^(XjO&pkdM8
zwT;4I?|lhcBMK<NX{0wLcpO270;Yte=t8FeGU?NFMY_dgG0$r^_#H7&RQ<8@X5j?w
zE_0XORi`k#Wk3OFv@^oM>5%z3qpn$a79BD^Zjmg4IMIY9Bg(Td>pqpm?mwPk-F23K
zK%i)_I;}<4QfsYMD;n&g=2)3p@$lep@~){WU=_rgKfJKjb&uHha~c;fwW<}YH*7#T
z&Oif)bS=Vuw8RLJD9ihpLa#pYDXkaONpH!rezD1EDl(Ot)|$4PSijifTlbAOkA6I1
z<cb<#a)bKy`Ms?#`D$u0n${2KdFMcXLJI|2D|!nBs3ovfmi0NZjw67~ACnA%UZNGF
zEJpAnWFW`{a`iPaSj+6{<pO}VT2>!SA+!~v=VS+G*9FRbxIQ{X*9WSEfx1k&io2a#
zplgyBb4ztg<#k*Tj}0Uchm$y*OcEi24#dL=;C8)RnysHJHR+e&J4p+^m)I$P2B!rw
zSPKJdZ{PuVAzp+ByrM2TqAoftoamIuw}8E)I}wjAe8^;d0c_=S;9UoZ!7OUV;v^Bs
zDM*&%r#eruzD#-=X3qUAl8_Sw2FVZ{o1v>fq>n}xY~iAHv_`DeZ`bQ*5Y3fiME<L;
zvq!ql3McknI3e_>ac&>Pxv8vwMzo`0&WIkbSR>;@_I4xqgxydG-jU~^p)O0yw~(@Y
zrJ~320xcB-!6UTb)*bWu;C<9N9&K+Q^?2ipujAk1r@38SuI<~O+rcfk*!D<8**UVC
z>U%2W`FA1j>d}49Fv-dhjwwAy+Jg>}J%U6q;;|_EZkZTaIu&Usqezo~Zd1F1@M7(L
z0-#&nS|=cfKBv)#8^h)61cMY{2qEE8e@QV6B3V+Jf#$YcmfJ>2*OO_|&4yB3%2kk3
zzEqegEix=NJZ1=I+H}yMn2BR<C9}H<xF<Uoa!+=-`O@8;?{3&l5-2ajKz~iZivf>v
z<_T7SuDq4-I{GE>fR>1V6|j=Q3L|B!UdHsxAOo{{E7&*KG>@Ued>*P*ZHtpcqYp*|
zbi-?_CILS{A!_#t4_kvTYbsq1Ca&y~Y?gUm4&xniANgAT8hJ8*y>6;pA<xD0`MJ6V
z`A&YRd=I~!-=w=+UMKIud-%urow^6*HaS8jya2Vm0jglZp${{EB#}Nsg1(<YF+rJ0
z1`7jqwC+ta<&!)iS3l0+G)<%36mA;19&o}mzzI|I(+ou>kLfnN$aF8>sCyXi(Cs(<
z*7Sktk|~w8I5}FpvO1P8S8u_4PpVI=PoKn3sC6fC5>DbvyFTc85x1*jxp7>OdMjS5
z-KYJWY~`9D_gfBsa(mF{JfzK6AtZHrZ_|<?ov(9E>$H14VE;Q<TxEHlbQlBl9U+c2
z0qx<NLXpijCd4R8VSaadym|iBUU}aCrjFmuo<s^Q$S1!0I$d}5-0d0K(ZQv9(>hn|
zcdw^>H&BDoe)Vf^foMY}G}sv+ZiWPJ(jj6KQJ~E39WuLrmo*<?cQ9pY4X4u2Fdv|-
zVy$S3(+VYS!HT8JmbbOGY}_Q;K2=AYKCKS><O}@jUp~Nx&%k=%h`jb}K$$Z{(0mZe
z;vAt3Eg=G}29OAV{w=SMUEyN%t~JCX9g9Z*LwxbbHWexa5+-B`V})5{KiV(qyq*+?
zV|J4lx;{F8hSjbN;lz{+OK3!*`r84#dl>K0&Hx?dU5Amu#s^9WcprYghsVH-Ae+O^
z>EZ_2G6!-yfW4O1w&lx~iMBK9@DKi?4*lX2{L1Om_$8+6edKde&GN7TB{~B|v`tTz
z81=Fkssk5Aq1b47uk)?rZ&}piZ_~16I1RLMnSmL9L|~tI$*~<vit!fuNj`rRk5pfL
zlzm<~x1MYh5uIBXDgx%jp$O(a15>|u)^F|%2Z;+zV4oQE%q^UFM127}A7P(h#jC+a
zSF?NRae%W%ITJ#Rs4Y=!iyF{oTOYM1@xinZV|>2|M|?zpKEe?mMIr)X!qZqS36{$4
z@bzGS0n1sMmHi&$OYq%gp|||mT^J~@0b~XGVO4JRx}7`Mt=qLz-MMr<y7WIEsOy*9
z{h<2IH{Yn=>=?U#+0qRgmM&Y*y|SgbdCR>knzu|*4lI7+op+vCd_akPb?wQ|K0CSg
zRqSe5y0ih_OveW<eJmt_ysXIS43apj0SPUC<~4e>#3n_^LjYD}+j?LHHS;r_XS!>p
zECyGj1J^>aM;MavWgZKn&w3p=vhU@W_8n0_P(M{aQ9po0+X(Rf99i9Yqxzou2iy<G
z`<~OGa*ae;P6Y|!xP^qbNVfZ}`y4Ii_0pOs4n<f8@);qa21^vh6sI~5cR#PA9%rq8
zj|6K>W{g$jeNX7{!T!(g@Gq+eIa{OpX`A|h+K5-<o9@OsPi^OF^{o0O4#c)wcAvoO
zcXchAG#TH6t8op!XKdadZ!T5eR)44dUVS@($qHS{;SR8S^8=iA6b4y@3nPf+aN7YL
za0rvs!&zFLeVJ2c;5bg&+x6{U;ly`;w4{a^C>A~AeV$GMTZ#)sEwaAFwgk7xk49S!
z5*HX6Eg*A5kPsS?qDK)nK1RDKbetk8Ey1#9X8;xl#A>%8H8bhnNQm(_rWm{dkACpJ
z`yNye;r<)fuivN|IR5m7#kaTYRL@=P`iy&{>;2}{YnF2r>IhHWt+l&eczo4=19s)e
z=GXrWyl=Z?!!IKh{3_IGB-_w3k$F=H#m>jy(xSj%=0WGE>!_N~usTWD3z0M)jdce0
zVP%mqCd3paS&cCkdqF}^Ju;kDL!eiuRd2HHv2kI|C}fiuZ98NLpcP5FI{a)pR3zZ8
z{$<f+#fXlcpmmb4*H<U8s$}1Pv-|d!CHBGJ^{SbCb<;h4`&O3G`U(7jsQ8a8euOv;
zz~>T;Pmx6pO}AROz`PbBHmfh<ky^am3h|*H?6@zgb*3Okpu9pKy+R3WbC}xn8^nk<
zWkcM0agF1_q@ajEMC_pveH2Rsu}AC0B<f>9CBCPP^jcfuIDMQl*cUT@PMxuQ%8D{p
zM*yJLmq)pxT}pWjk7iuuwyhW2U-mE&8M*#J^&R!In_in;@_O}iuXXI)cd%vKgPSKk
zS6BbWv`?||E|L&^c-{M7CnUUlO?vCvU$^X<S6jazzR#12^1B1KKTPBIHmD1Nh3CME
zqfx2zns5VZ*71>gA=JcwH3tU<IIPi85#eFMV0(c!EA7S5yS3Uw<zaG&s6hJC;L-8n
zpmh3qI32Qjn$v2)2F_qKnCyI*HOyv@mcXoINQ?o;K-dR`vv*t|duPV5Hy^CNUxE`x
zSK|1pwpn<HdVet<q262BHcNeX*8P?0E4Z{oeGXSukmc$D(yY3F@OIU;MLlqjIumcB
z?|X3J7QEee4-qmT;NK=^l+H^1n*zriC~%;>5k#!xBKSc%sBC1dvdQv-yez+FG;2af
z8)!X~Hi#Rd8_SK+RdE%%#hgyW^f|mRF%Rd9*W;<88&`=<;&Ob4*n+o++YJ_$k!iDn
z-OPjHq4ltOu4^`bR45mt`42Dj=Rdp{?R^%v1n3L|tn|1u6QoOI(Mp?vR-Pw0B99z|
zceLp3Ev6*~UJ!{D;zy8KkV8Xx>qxsCVdNQ(g2V*oWz~YoaC)2BmSyYJ{t~>83pk_L
z?eh77SU>_6IFabsy*oP>M1pzxgmePeha`%9bbX{gdL?Rq5FW(k;XJNVXyhA(d4Vg%
zl{)&Qa`X&ls=<MABn9_p%>;#psP5a@<j(8`BaWVYe%$KY-g^_jj#1~bu2t&YEiHF*
zhl1AqO0C3;T4#2x5>EW#Pj^1eP3$_`ylmNW#NyM(d^yM@65ZsC<HK~;6_&`bHl4lA
zvdY8(b~3Gh(d~!|j=(b1aI!^&G=lv-&f<sQEUbz-PJ2k~fui%w@zleb-?3*D8MbuT
zQ7?z1e)c{I?P^P&ntTDrtH;%^ZhE<L`U|%_`sSODUUz>9eTebyfB^OEU;kJAo1z@K
zChg$Xtq0@#Fif-r=x>JD5dx8NsxwX(9g0_=&^CF0C*Ouv1x2@6)(5Rg&_zVV1V*9Q
z*a%ZNL{17Me9y{!N}u=Do^1{~9Qsn&3*j$Byb$?P)Zu8|UfUtt=Qc6}&lt>TwFR<g
zW-<pN?{nEuA^I2qH1c7=*72_&3mAG}&R^7v*zyr3*s4CRep0X%k65{V`$~96x5xLv
zCTyF3aw87-;!_;N9{Ss^-VnuYdisI;pLyo~2cD)p(Y$`r@7co^8*0&>Jq!)VAfXOR
z2y-L9XAixPR>NnaMjHDhiSMahn7sEMeX8L-JQUxiu2f%DUs0QJlTe_x1Ge~7ZO3DA
z7!Jo{cc?e0+bA`72c8M9oxWZMAIE$<$!YU{K9kBnDhZf9kSc38m$aglK8_k-@P8aN
z?hP`%tClP3+W#h1;@G`igL~gsV9%%dYL@nZHQ~>O9*SfY%NVF#{JN9A=hI%j?D@1S
zZoqgOmGlNo98UH1B)R&YPUX<{_U_81YoA}6vV8A%e`hwuayIL|>QRC-kXwdy+xTUF
zXcyGE0uJR-h|F44EU%rS{YSv@tO?7q_%WK__&Bxeq%W5Pw#LVNxe;w6G&cfThuqlN
zog4iCx)++W+<2)I<bRssosG`Emp^wPA&K5}mgsW_kBOX)cM1{6snfGgi|vOWdqy%1
zO~VDw&Si3GT$+$3<#A5VDLAF;xa)*}>m)b#Yi<K)3Bq9{TBeT~48}u<Q=Ww@$!(-o
z-Y(OJGzq&y3-O3QiMQc<Pj;O<BAn>j!c}yB-Ic|?rseln$X@JW_;0XN#=iywLIS5f
zo@py#H`^e3a111SrQtOB?!T@R+60lcF0lt-VAlz*Kby0sUkmkRa2}R;*(gbW7T#tq
z2%^|XYt_<Dttr5;N6$B-O;-IO6GtJD$~v^Hu@!T9qZsON)S*7r(<`PoeT4<Ry2VKA
z7mJ;+ei9mhraMDY^Md<J{Vd@QDXgC!MT=5=ls>jkK}ruyJDg5GJ6ZEMI6OLTPrMa3
zqXEzLd)$IH1?l1sg+|8Ehey+Y(`k)hIg@TV<Hc-VY&Lk%;O@q;55f60xCJml+T^BS
z?fQts!es#5CU6HRjPoKn@?A#<fH)1aO^ygmq<GHPYW6Y5eXiYqSPOBrmBk<$SL31B
zG_8QDEl6yO2-<0BGp>qVAF(FE7^{y6jS7q)G0`lrg14U1o}=qL)dRVIoc1H=2tLXk
zB}e%q!VwWN%7G|uM(<x^Y0uJe#Frwve=@-B@J3IpFSxe=BJ8jOw|s~N_1s5lmwFZ#
z;qZcc$uM91<eDJHs$Z*LT|Yzp>Wfd+zp@9aA)0xA+W@@X)IPhU|6?}?4F4O7me_AM
zkDV<1#`inUORee@-7e67EcjK=k2?|4RjZNyKli-s=bt6~QB(m4;tl>2bgQ@;P2pC9
zg(SiL8FVY(A9;jUR4+6ki(p1?a37;`AsDs7yBXde!n>Ti5xt>1f}R%a=xP2mTEJJJ
zTS*)m4ExRWI{p~UH4<$QM#A?YbS;;KUKDKTY2D{&G_3V5-4~yKL?`(N(9=M8GhBBo
z-6!K<K05vYI!BLjzeA~l3~#uWZv<MhF1^d$c&Sx94fB3{=>i<z$7i6aaLq6t0i8e(
ziAMW@#@+C}15nF8`iA}0!n^2zn1SkHZX_&(xmKfX!ZMT!-v{9QR#<<V(23p<*1|g&
zwu7NAC_wf67TBkMv>ZU&VC+6vx0B02uTZ*lhk&+Vv=(F<i;B<#_(^!3=WZfqGM&6h
zF7Ot99shel7Al1`!dY>IcwDFGZqof(nksG9^ZLzlKe<@G%P_~V*s#s;XJfI+W}0g{
zVEU{19rL+>;Q=cH{%i@d46)3$?6W3Y%dNX?M%&xAQ-NuJft7*#0{?86?1SuW_KzHc
z95*_ibi5PPHz+UY>EJ%W^F#QM@{qSf?V%$=?+QH_dOU1USZP>WxF!5{uQimQ2@v5l
z@3EkJsP*s;E(pHq?{35Jh;EzN+-*M?{A;s!n}cx=dbbH2f5^Md!}bC1wt$T2S?{)p
zWXR6iHm!z#k9oHZfaOkkw@tSDu<w`JW;8Hxn|IrS41vG*Zd(x__&%(Nc|8!67Wkoe
z8>1kH)w|6h$&u*YCU88}yUoLPu6G-<o8t!WwutPGdhfP`Vja!iZ37zW*yG(cB@A_Z
z?A<n_%3+b-Z3_w-w%ogIMbfZ)M|o<S>Z)c{HYk06%aWAzw6qLmW|NXr)llD1=XO;m
zEBQ5LDN6R7IZ81dRj(Ag>)my8-Q_9r6_*a8mzKEZR?qg-%u;e(mEUvWX!mT_lt!hj
z(p59dU9Y(6+)7oAQrkFlPF0yw?x}WF)%eCta@Ex5cs#fG?fPv_ao5#Xd1{pOl#IdJ
zVZQ-?6`mScwE>u@Y-p$*nwnY;$LBVt)O#B1%G?#6x>@d&8h1k;8%AlMTy!(8^sRTh
zm6`52o_R?r%8#HpMHw@vskX9Ssj9B^)HS%vm5Mq~wUS-up6eyWw+53?qb4E$Wn{T$
zb>PgUXry(ESsw6%fAW<I`O&&mE?c>(UUn&e4Rx+^ceShT7R6I>`7E+r<gTl(s%PS_
zs#hxAb#7Q|R-LN`SWgDtfi1WUBnEO$RvJ8ttENe*1%<%{o|z3Gu__ROODO}QWf<8|
z>GsK~tjtqg3&ZJvhDw+nr0lM#2kFH!k;Ep!WaWyhzTQ(-<%0F(a!*-fwY#Rl)j;Wg
zsi>L*O6p5zWEUutJQWS|K>V>ujFLKcZJnpQvCPe;DX#*?s%ADexG4>CuM3hv&1G{M
z%PA%Esv0UijSWCdb(MD^x<Z{MN|?5>9>!C4l9g&V<yvM2QeT<uw?;BuGu2b4)Vo0s
zFuDpz^|F82(v&!uww4OILDoda7MfRo35IpW1yl_cjdeA!pqpJ-?osMJ$x40W%-Qa;
z26}|@SK*lh#zq+`^VF1AQ9kO2%5n)z=bGu6>t-BiR>TPCHi8;Y1E`^1J4&@u+hYOR
zIi<eRHD``I)9sZSkO5xe>cyw02JE6vsrJ;lugbR4&{XTLaKS<;8d1H^R=b*iz+2$*
z@~Vm|YG|%G4Pbh(0h7AQ%NggI=%|Cb>VU4sIj%aHE>!NWubNfE$e5-1DqKV@)KvzP
z)YB_`^weLz5}i_p1(?8GbFMyt_ZlA^J+lFMHFKJjDnB!qDLZv;`oDv)v2>%J3X<x@
z=N@jbId>hqXr8C8yk3dz_QP0zy0-6x9829cmWd2BQ{eTNnQrhTI%^~7fXZa9r>dJU
z_iYW}F^a3U7Tn7<bB>#y(0GTL>4w~+luB2FQt7IP8QnF#WJ0a3$GXdv#+q_3!9AqP
zj5v+MAJS^QXAbphrZ%c1mokS&5AYS=z*<+?Ev{L>82Dk0N2aFw&ly#JucaVh0g3K8
z6_lv4xk}!|!V+cD#JrO0vx{?;{7Fht@x&?lqjN_qvDuSgKQ>vpKEGt_#K|QJj3~}7
zESaWE%u})przzv}3r8m_xl@aZb0<xbCl)LD6N(D*bKzKi;i!Viqw@>LC^>Ll;lvW9
zAb&!B2~1itkzMMYDnECB5}j;9Zt<wGu$!HeUyxriEm_XXFDZmMfw*ENTPeyeF3BG?
zxgfh(DVkhdG;vZc%rP3KEzB>>D~45aC*%SXFwv-qMbnD&$BZpWhKowzV6t3NoIN^s
zLU!@^WCbRh2rL&XY)A@F33Dj9Q|QH$#%323C^`8hlS+znvnSAhu~a%^3MWp;mGdS}
zE*za*l0UIf$;ky)vU3V@HQIocQ3cug6OxtD*%PwIP<DKa&|w-oJ>rn*1!HmxbBnVJ
zl9fqCxuf#w2FNkLICoSD8ws)pNfa=0M@=l8lzZJ|H~`~(OC-zJkIiLE00Y_ZZxo}9
zv0n)6(s@cI7MFB?lX89jq}*gByEuOm)kt3PL?D;yb7CH|fXN_Fs=Puky;Mi^*p=1+
zqv+LM21n;+7r=y*C>d}-?ll&yEBCfCcWnc;ZLf1{p^=4AEp{d|tJQ)4nDCeya9r&e
z+k~_Pp2f0`7TtOhHciLLTIglr1FRb|krsN(=ei*R*3(db;;EB8G?>h*s%M@KDX`k3
z<vgX{H3t@htEd;TQ4lL#bKtW2ZZdm0l<Z4}wRKf+$-KI%1_&mKs}YXYRn7ON;W}@c
zVjL(v9MDyIf`dkXox8pkvQ*Vv_nf8_7+Xhk8Kb1C2C!PSmvtt-vWB5PsL-IyVw0D9
z8e~9pDT*wAGsN|?q0^7WvcC)tk~JKp{1hA{_uwGqC*mOaN*v@3@?~tMdSA}C3P9}v
zEb`C6N{SCF$^RW#N!Il6FT+Z*=CD5tE6KkgR+4+LlJXO=lH3ay`~<8de;-y-emqu^
z{jie1`}TrMkk27V{8Dg9_QECQXTc@87rCr%{G}m(lU(Cbel}#1e^JOJdm)qZ(;<_5
zIb>3P3S^S63YnCD1~SPd*;6Krn@Gvd9{ZEfk=(=i&p}7B4;?8#2OY`&=t%iV=t#aQ
zI#PZPI-<tf%Tc<4kNmyBNBJj!kNm^HNBI%JM`pmMH+J~PfTqDW-pN3NoC04dKiIiS
zomX{#OI2zWM3CE3YAb6~y<zOK&KVkoJg62mp*mEBW}!;dfE3ghm7yf~PDg3*%7Cqz
zFhW5&Fs1?3!@CZ-kqcF$WH_3SYG8Z{Y-OW4@KR85_gwXC&kf&hxMnVVmcvN-N31%i
zd({$HX)dfq|BJvH7)|ML!8QNfilbp`He5G<1vSEmG8pS(v$@$7F2<1pv(&(6EsU87
z^H#w)1+MqN>MnNf@_8n)S?Ylz54>*qp0ig!I)zbK5A%B1s_8&y1{&OJ^wnpmU{`3o
zHh48bd2ay9hoV$?m3zm}h4Cpc&I8|dz>S+-TgUiLfjQi8O`hLuJ~{YwaizxTIVxL!
zH`9+Bq~t;KU@X<fFC$|*(-=6@1Y;`Ml~r)AmeJk7^hqU9$F86jKxdtMnN%+4qsN9C
zd)d(UaYKLbdo|uQow;DkUusucvy2A(jF<eQJmi=6%d6|VhvzCdBeSgrc7$44HIwx%
zaLfZ5_(!x*&WhN4)oivN>#t%oRkCw`ZZBW6*eW$%ttWf+u4zkKO|vo0o|73}9;W>o
zc73ha!?YDVFl&R?#;Uwl;9_%Vl9s)5HZUqKx2G~Tj@qF%yKe?MTBBXFWjFIz&Gusb
ztR$9cj$T{NzUvuXWpItl%b(1=pbRXun$6O{&iLe00b6stp47LS#-0^uT%q)TH-P<W
z)=yXLkqJFg%e<x>Rw!dv`=}{r95gUnn+azd*ja52`3F`=_Ih&}P}az1(PT1@*+3<W
zIt^aQRI_9L9Qk;t>t&T1wT(=M$$r|Q+to~;nyzKP2vQGMCw~tg$=!UWvIwHEnKggV
z=C1NewYT<vm}{TpG-_+RExLh!(bZ#hJsizr@~Hk%EBL&jf<^5bFNbcw70cNtT_c%&
zQ%TH*5oK&XZH!NU)Q;zPBb!e{Wo+$oMsbyw(xJ>dOT5&%U`7v%3_UvVk3~HaxH1yd
z!1xBQH`MnU>+_W!iTTF>|LYXSvx`wKv)J6*)--8oxy1DY`t-0Yr+9ULU(LRI;>VBC
zMFY!3G;_MV9HsP<)DK-tWzyu$E!yf-<`s;_a<3)LVRl;AeMF;_%Cy{1=l)jb%b+fn
z5vy3tn8WtuZjQ<srBq)ve$trLE3axR`C_PxS&wGBzBMkFPyIjS$w#H^<)FvHTuetl
zo`T-%TrQ8R(U$Dh_Z)VAUDfwQbGchPbu7-hSX}9u*LS48+ai7ba(VV}d*hs&ap7BO
z9^<N<T_1aud>Gr!_vKf}aL$))WBsg5^O=In^2<!-?;bx|8@+zuvy-`Sw(2SpbEDgs
zoNK(ETnjHPd%0Ldb$4IkuXl}R-x2w$o>Ivoyu!Zgy)?R+C4HZNo%mwi)na!!%LFw{
z@BZ?-np9;!$@%N>r}}C=i<-V%-Q#UOPol_SPB-?b^Ip+=##(04x4`Etug0`|NUcil
zj;jC4NcH_(&Gh<6gEt>mbW3V1%4O?JM1`<N*O>@=CFpv<k;Uv>J{(g3#}&hwDX=#h
zj*ez}$!2Hh`B>(Ejn~6AopB<X%;wVOD27iu_cS;{=T_K0-5U?%3t=vLZ7!P1*2sm~
zCIMv=VVll90ge{HcdmCFy<!v`nGE}Mdkmr|R9mkQt}0=^L$9N>Xq1+~@t#$CQ<cwF
z^iehe_KIQtvEH-UFn2zikJ6va@DbfE^wOzGu9(eEWkhFxrgM%0iVD~sJvte_i(uR&
zCeLifvqo(p;~@{uYrNz#3N%e<6pe!KB3PS_7z1>bFe%WLO1vYJnI0)WquKRz)$weU
zM%hHKmg#oSEGb@DYIIQfPw8HH663!BUJB#C1dfz2-DJc3zIlDNGltDT>6V!^CNuuB
znH(mv6>`{rI4VUd&w_4?EB4dMC?+qeH%j?vwo*2e$fT=s;+xH1J6E#~xqF2%jK5qa
zsRA~7638(Z#^-k*(d;pw@jA*YYi&-=?lqez@RRN+#v|42b+Br#*QT<W?0R!S^>jU>
zzlRG=1KHlsQGPP((SD&<yFPkK*vchWk;?VV7jxNvsBEU|N!>n@$NYDKm-5No7S<C3
zCVTC3VmD>I<?Hh!-?$$WJG8lcYxmaRXl73ZUJ565OG6tW|G>Oj?8=3_R>ta_hVHoC
zJ9GP^#vU~4k2{n7Vy!<C(4z1dHn#e*aXm-1YDvpkJ++QMcDq`I?W>M8Ebl|TJ?KM=
z-C9k5<d1sG89vuAV0||#@h}|d=|(2=*x8<(UhD0hczV@&bY&OI{mI>H`EpUuTpF%)
zF|<HetG|jgzdu9CS5$_zEZ=LZ%wyXPUSvY~YxIt#$LC*G4g2~(SL#5yst$a-Tn#z+
z%fF84yVhGvRWS)uJelI1w+{L0vL2aG321$Pwd%{X-eY}qwxQ_qt^$?8EI-Q2nXF}`
z_2}rDGK*Kf9@l@q>-0<aW&fM{L2|Et(B;VMU)K+kui6h%{>}X$`A7AGdL#KVKbm@a
z9lnu2u7i5D4vYLB>nkZ&^p)iQzpv!iSL*37{NL;=$-Oe{f3B}2U!_|6Z|Ez@SM4i*
z^>Fm>=_|=U&@cG+^p#}v&-Rsi?mGRFeWf0M>)luSzU=$`-6gF)*O0`2TX#uDy}L_S
z?{55ix=Zp8NLTTb;D2|QNoF>7C7Sv7cbVk>;x3bXS(mA&*8O*OndE=iWm5iaT_*XT
z=rSq)vM!U%WH1G09mlBEq@4}t|9!oGBl)U2|4;Rf<STkd%73hPB!6%3sHX??ukRhn
z|3vTThvxm)_Ktj!_4_l*l^q}XCv<%LyEMOK$4CBI9iJ;}wx8DVk^MS8Kh$^lB|0<>
zSIqB3J)H)btwZ-xe#SFbsZ1`nz&n-ER?bjU3d66paI7~P`{8HK*l(7#-_QSl3Qb2>
z`D^DEJ1<>S$pt(4E`fZTPQGa+e>aoAspPy${$B$5+D!hpm7Gf;U)_-{e5I1Jt>nvA
za^?d0;sW`rN<JS-KFcAeRq|;%`Q+3j;geQ!3I?8<L_Yo~RrvS<`6!iqsFJ^^<b!nb
zKX&qdD|t^P@7l<p7m}0DkUyz^<PR|X4-3hO<70#q3(4^@<k;`Sg<~rDeK`4@O5Rb)
zZ&mWPN{+UYw~j;!Z>i)+6nQh9yrGg;ms^EbBgiX3<giL!R>?~$c~K=VsN{K-Jg1Up
zRdPrr&#2^SE9qE~Aatmt{i$b!c9lGJaE9>IGvuko{K4NO2nT04FOh?PPX0Fu<Vlr0
z(Mk@e<Z+ekSIJ{4*;h^;HIqjkP7od`ClBwn2@fZby*9E3h~9I7>{iJ`D%quyoi?&V
zB@aGe79LC|517gQ<)jUUw6&7$D%p0QQP`%E`;27ky`jR^a&qq$i*Ro!*<vC0$Yirh
zHnp0BO)6<Mkrue9rIl=d++Y?q_9Yw4<n9Y({kms_^(tAnc80L-8M1CMzxJ*KVeJgE
z*2&+MK<-q@n$;=78kMY0A$I_qcVv@QD-FUbJ6UNU&2XT(oU8yztw<ott>o7#S+>+F
zEK|u+D_NqF#VT2(66d8~EnF!4N+k;ylH1G4f)a<YAc4$RNs~%{ZZng4Mlx3>jVful
zK<Y1$x(npi3#3*h9+lLnWKImZMJ2PXIl}Boq)H`~3&||lsZfbqCFLq9Q^`z~xQ3F_
z3*;svnW2&!R5D#9)27P8v<qaaOs)?K6|PSwQ&ch;R-T+gN*rVowg{6#NU@z<H!e`P
zP9;SKGEpUk6D&f1p-LuLNP$Ym!<q3a8JBMn#s!l6NRyCnA!AKsj7suaNp33{t&&mP
z0AbVxlJgA79#5Pq8L5&H*V=>;c5?0T0O49289vM;40m1%Aj3>#s7kU_GGwq_7;=FO
z9%K;)+sU9zgD}WKG7V&46v;4=^lJ=4x=OAwkhD~TkY*x(sRoiVKrf_N$N)V_PAC2Q
zB?$e?NxvkU&@X``*+}2S1fg#>NlYMp5)4A00Fq!J@hXW^No)X#0X}1FL@6iH7f2Ma
z5LHehO(X&&7@?Bz3nVOugu+g!N<zv>Fi0v`B|&geP$+Sz#IBM+mDpf_O(j;~)tW;r
z3rRpZF{{KyWDF8aDlx)nV-PW@M79vUN+cL2sYGWdVmaaABo7wgAaInZgoAx<0Kpc5
zRD#=a`SLq)|Njer=s!)s5B^2|e+FjBtdl`L6B#r&ATS_rVrmL8Ha0mi3T19&Z(?c+
z3N$#AV6rEZ&VY$0HXtw{QVKpk3T19&Z(?c+3N$$&Fd%PYY6?6&FHB`_XLM*FH90bq
zLB1f9o`Da4WJa<q`6+pkhvLZxU}!r?F(8Z={`>T;+liwrW^{q7>T|2wRcsF1L*LEC
zw`pjOVb0H8-%jB++@~hwr*P@|OzFJsnmIkm|K?hcSrK!OkJ}ushyFY)7FqE<e!I=n
zBY#=7!zp~qimy`}rmnx_FF!WN_<X#N<F9ZH{hXJ7*>ah;;T-FHuE#I+H58KddT8V4
zZhpMRlxM)lV+^^LXGN4|Xv1x+n=sY=C1i`TT;_}Yewl^7{qNhGVan;;{H&)Ks$yta
z+P7uYTD0Fo8_`t-ZAI%6+A-cjd&WEHitz^ejWMF%MLQ3@;(Li-v*s3hBid-_Ew!Ar
zqgK#=dup7kO4fOYCcj4=Mg9u8iu@kAiu@itiu{$-A-|LN<hK$}ekXOvZ_pE!_}9?n
zui#6O-wO}<{SKP^4n0)l*LbhV?>EroH=<MjQD2kaf<Y&K)Y0TOQiuG7U3-j_)fM+(
z%9a5ZcG;E93hZYAK_0W;eczid;IcTdqC)V|iqVR=1VnczprR%YPq8tg?g)2zSssG&
z&_xH>M8eBN4N<g`#z&JDQcYB1)KpVbOl{Bo=CSjAAGGtw<ePKPIrrS(`JMZnJK6oF
z_QLL)|8sKNsq}4s`uxZ5_MQ6n<o=IaN40NlIyY?oqX*ucGT^TJKFq9IBNz1k^2qjz
zwd{sXFz@~|Lpzo|`tr=PCsrkEFSMT-y0W5W!0dZEDwfF~ww+vX+k3y*eEZFPTi$5t
znEv>vexG;G8g=@z+`&IId@=hU3;%rZ!l#3OI930`irn}Kb&KwJzxk=%6;Eya?W2ok
zsYfnbd*hGO&cFEBh#^~6t<QbA{mr2Vzj}E2k;!*IeD88KeL&@dLnh2$w&eV&{te&!
zu3^F3>%M<-{5$tdyYjNJy?*`m2j@?1{)xYJX!uh%{j<Nk@#D3}k1QIJy7$!Cbk{TF
zdq>Rd{1yGOvyYF+%GG0l<>svJ3%#_=u3Yo0Ynb$uR-RD8lZ<-|KQp2{N&Ey=+>_LJ
zMoJvZo?KI_bU@$6Thh0-FPNLYx6R{@z9B*jQmBD4LTCMvb?#XwiQLE&(;MnU@llb=
zC|#-q!GbF3I{Rcz;3Mpn=cb?QhF(HsXC6;x>EF*7!J@$k9t)=Ut4L+R^gMYbmwcjr
zTwSSV2^FFz8dtN22F2=CnB3^x5$GlTAdo?a{u&2G#6Xd8P-GF5KHXbdVfx5ASwzJM
z!b))<@VIx_tJ9FJ3A}`0k-YnK8lHn}>$!gRzTd+~M#fN)F;p<0`QM7_K}D8O>Dzs<
zKipDZCyTg9<@Y2>YU_=L!!?16a44qx{AgGR5CCJ5XwPUF<BN<zqvFu0A~cEa2gXA6
zl|b$C6x2c<ilZs$9OR5b(<|ORe=1A_`{if|xNbk12JJeA268%T8An5v(CCw!cDR2<
zohpJsl%l2FsQkYE{LwWvDn=A#a^sI(g>~lecudDxqGC|!I277J(T%0^WBuSFKcp6>
z6obx#^48Okjf0|j_ri6s4uc5F#$NL*<l>O%7$iCli7r8s$ldkX%B$;e)5w#^XxdXY
zI)KDBB;e_qz)L7e+H{{tz)r9W))kVJ?FVmPsbe(JMQrSM&p_?1DdI`r<*hMAJyEz~
zo+(`6HszkGg`>g~g)7|F3RlWg1wHNQK$d7s8Bg19o`qq()9p(=L+tA3pt(A4Fsp4z
z`oYC>+m?8S+M^vX!Pay@?Lh9}pXKp@Q6A^^+74KF36qJv9XPW*d!Yk{*y}pL*xRx&
z{*u}On>~9b3&Zo;;(173LVJRJd_7FF-~SJdfiz&FNApoo?P8s1-&zlimvVXq%`cDU
zmq!Cic+^hnfJwG<15^XE`!+!RpkSc!hB-@?dc@CHmwjOa47Eo)q0(M%;o7P|+IUmj
zGDJ3j)PAx7#@dX9rg|xoxY#=zXU<vN=8(_p&RpE~kZraY<DgEsyGp4fMpLF_-?K2)
zzS{|7t10!9XjDG9x)TRyY=ow2!E_RtQ$G01jR@8k8-Z0zL6S(c^1-beq1C>-8GO5Q
z6TDZ=d2He_o8S@q(`NKdsf>hfS8RqEwsQ-HJ!T73RxuM*Xx#$W+eurY$$qv4sv3G0
zi`WHtmp6jK?%N7i0qs7$6^=kH$6z_ar9HuzyH+|W?YVt0!XE!4@II3!O}b_B6nx*X
z4W?cpIWAlhjuAK`yn$o5Ca?bOc0|8@J5<{<+n}jRB1n1HsD+pmoTAnQyL`J-kSr;R
zZj?;2lAAI1ogFa9j@tp!4%`X7`)iGvVuay@%C~3t!EF2K4p6m3nxtzaB)(JMwH1DN
zo}JLtml+Zaa$l5YC<Hq0MVz5>7xW$=eUaoIK2sV)lGL{!?t-f=###vF6I84vlp!Yw
z(N2?b)Fg~K&CT|ST_CHt?>lQlahxkZN$u%f=m5P8w?FSjfA{YORYQCPk7-=5$F)PB
z8IzxG-2u4W4u1)BjbOMS&V6(w1a+E1lys#1+kW);^-G`z6HEePs0{j{h$mVZ49u-_
zs=a;>)Y!u>gB;8`M<)Um&>_QIU?YYU&cpG+9%ScTdk~35`yCQa2?Im@kj^Ok>Rza~
zb$e0q=e<xd(2aVOINXFGNtO2&EaIKLps!#qD=s4#8s#p59D{XQvu$=?A+?o=rtt{2
zY7*&J;0XFCEYj?EStiOcjcbgF;5#x<24wMU`W3j!_Ijn@tUp$?^0b2uvtVHlV*c+}
zK-p(eql#j{tdJfdkevDSpuz)oU>EeR!~k#t4A@O0^LSt1g=P1bS8;-4T~JXO#K0AG
zKueNW`BxW=woi7U%5M%p2XK4-01N|R`@9Amx3h__L4*D30Q9x<UxW915o-18FwBz)
zzx2ZT5KMUUyg-IED;2d5y$&NX44XwS(DT|$quOnE?p2ieKEr^cGKoA6%Wx+p1oy?T
zt&}__Gs-m*ex_^^G-lYjM~sa!xD$pP63X2jvs{L@NV~Ai$E6Y6oyzrmBCr~IWNv;R
zjTNF3Rpd10P#AYJcCR8b#24D#mcugXlL%VGm&CQx5xop^2akwQxSLl*CJo*LBQot;
z&ag}&4lx<^W44Or7lP~WS&0(yV3cz0U1SpD+LW+N6W1e0WGo(_M*Pe4EF6ORjPYX&
zF$8zph(AN){tUl}Oh!3KeB@gU1Y>xxj&cwP{;F|#fEWV7dQlM`VcHSGaDd1yV<Kty
z8C9-RF9*iSLfH&R$fz-qNw6NII|_!4Imt)elR2MLN+KL|G8Xm6DR-?@$RDRV6HT4Z
z@s1ZY7F<MA;-f6)P~h$rokR!{MbH<hm`5v9;-D{uUl4|5Cc-V$W3gbQP*I|zo^dC&
z(26lUca-drIs8%R+Wa12ATzF`56c*Hr~ZgcM2p1NzK9`+GIvA?*=k>zOiYNIXk5l(
ztJ9dKNG19xb0?bcB#gxaWOyFV>t%{t02-rt#Mt<;((zGNzKaI4Va3K$VhF#8Ou9pN
zS%4YbfeH2kA)%8=<aoKFlj*pOBK@O!RJf+TY!bA^<|~2>?)-+!OjHs3tO)$L8xa}{
z5UVM?5}br{cft!#%<-Ghm`s&!imjzPFW2r=8#Wf$u*YQlA~IpLJ$492UXFJpyY~$k
zl97$G(rI_T!PVfm42`Yr^V0YUDHD8};@#mjabq+~wM<dCffLiL{K+YX|5V@1SPK6<
z#7vo(`2Q;2or%UN>A5ZQ+vYA@^56qrBT1#2eIq6l%~~{PDe8-s7Lwx4oHnOaN?+%`
cIbO1K&f=xZ7Prky;0~*)NsJtM-HcS?zg38=1^@s6


From 8b8c600bb93aac483b75872102a29a468d5e7486 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sat, 18 Dec 2021 22:42:45 -0500
Subject: [PATCH 777/812] 1. Add section about ESAPI & Log4J vulnerabilities.
 2. Changed latest (current) release from 2.2.3.0 to 2.2.3.1. 3. CII Best
 Practices now called OpenSSF Best Practices.

---
 README.md | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 338e697a0..5af5acfa5 100644
--- a/README.md
+++ b/README.md
@@ -4,7 +4,7 @@ Enterprise Security API for Java (Legacy)
 [![Build Status](https://travis-ci.org/bkimminich/esapi-java-legacy.svg?branch=master)](https://travis-ci.org/bkimminich/esapi-java-legacy)
 [![Coverage Status](https://coveralls.io/repos/github/bkimminich/esapi-java-legacy/badge.svg?branch=develop)](https://coveralls.io/github/bkimminich/esapi-java-legacy?branch=develop)
 [![Coverity Status](https://scan.coverity.com/projects/8517/badge.svg)](https://scan.coverity.com/projects/bkimminich-esapi-java-legacy)
-[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/137/badge)](https://bestpractices.coreinfrastructure.org/projects/137)
+[![OpenSSF Best Practices](https://bestpractices.coreinfrastructure.org/projects/137/badge)](https://bestpractices.coreinfrastructure.org/projects/137)
 
 <table border=0>
 <tr>
@@ -14,6 +14,11 @@ OWASP® ESAPI (The OWASP Enterprise Security API) is a free, open source, web ap
 </tr>
 </table>
 
+# A word about ESAPI and Log4J vulnerabilities
+This is way too detailed to litter the README file with, but several of you have
+been asking about this, so I wrote up something on it and posted it to the ESAPI
+Users Google group. You can find it at [A word about Log4J vulnerabilities in ESAPI - the TL;DR version](https://groups.google.com/a/owasp.org/g/esapi-project-users/c/_CR8d-dpvMU).
+
 # Where is the OWASP ESAPI wiki page?
 You can find the OWASP ESAPI wiki pages at [https://owasp.org/www-project-enterprise-security-api/](https://owasp.org/www-project-enterprise-security-api/). The ESAPI legacy GitHub repo also has a few useful wiki pages.
 
@@ -37,7 +42,7 @@ The ESAPI release notes may be found in ESAPI's "documentation" directory. They
 Starting with ESAPI 2.2.3.0, ESAPI is using a version of AntiSamy that by default includes 'slf4j-simple' and does XML schema validation on the AntiSamy policy files. Please **READ** the release notes for the 2.2.3.0 release (at least the beginning portion) for some important notes that likely will affect your use of ESAPI! You have been warned!!!
 
 # Locating ESAPI Jar files
-The [latest ESAPI release](https://github.com/ESAPI/esapi-java-legacy/releases/latest) is 2.2.3.0. The default configuration jar and its GPG signature can be found at [esapi-2.2.3.0-configuration.jar](https://github.com/ESAPI/esapi-java-legacy/releases/download/esapi-2.2.3.0/esapi-2.2.3.0-configuration.jar) and [esapi-2.2.3.0-configuration.jar.asc](https://github.com/ESAPI/esapi-java-legacy/releases/download/esapi-2.2.3.0/esapi-2.2.3.0-configuration.jar.asc) respectively.
+The [latest ESAPI release](https://github.com/ESAPI/esapi-java-legacy/releases/latest) is 2.2.3.1. The default configuration jar and its GPG signature can be found at [esapi-2.2.3.1-configuration.jar](https://github.com/ESAPI/esapi-java-legacy/releases/download/esapi-2.2.3.1/esapi-2.2.3.1-configuration.jar) and [esapi-2.2.3.1-configuration.jar.asc](https://github.com/ESAPI/esapi-java-legacy/releases/download/esapi-2.2.3.1/esapi-2.2.3.0-configuration.jar.asc) respectively.
 
 The latest *regular* ESAPI jars can are available from Maven Central.
 

From 34dd7c84b7e814e8bfdcf365773297da3319433f Mon Sep 17 00:00:00 2001
From: Snyk bot <snyk-bot@snyk.io>
Date: Thu, 23 Dec 2021 18:06:07 +0000
Subject: [PATCH 778/812] fix: upgrade com.github.spotbugs:spotbugs-annotations
 from 4.2.3 to 4.3.0 (#642)

Snyk has created this PR to upgrade com.github.spotbugs:spotbugs-annotations from 4.2.3 to 4.3.0.

See this package in Maven Repository:
https://mvnrepository.com/artifact/com.github.spotbugs/spotbugs-annotations/

See this project in Snyk:
https://app.snyk.io/org/planetlevel/project/f53b118f-f068-49f2-98e2-0b5681787cd7?utm_source=github&utm_medium=upgrade-pr
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 58d52dbe5..23dc1f6e3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -135,7 +135,7 @@
         <version.jmh>1.28</version.jmh>
         <!-- Note: powermock v2.0.8 doesn't exist. v2.0.9+ requires mockito-core v3+, which requires Java 8 -->
         <version.powermock>2.0.7</version.powermock>
-        <version.spotbugs>4.2.3</version.spotbugs>
+        <version.spotbugs>4.3.0</version.spotbugs>
         <version.spotbugs.maven>4.2.2</version.spotbugs.maven>
         <version.surefire>3.0.0-M5</version.surefire>
     </properties>

From 0cba12ec976560f23f83bfc73ddb1c15755e6475 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Thu, 23 Dec 2021 22:27:41 +0000
Subject: [PATCH 779/812] fix: upgrade com.github.spotbugs:spotbugs-annotations
 from 4.3.0 to 4.5.0

Snyk has created this PR to upgrade com.github.spotbugs:spotbugs-annotations from 4.3.0 to 4.5.0.

See this package in Maven Repository:
https://mvnrepository.com/artifact/com.github.spotbugs/spotbugs-annotations/

See this project in Snyk:
https://app.snyk.io/org/planetlevel/project/f53b118f-f068-49f2-98e2-0b5681787cd7?utm_source=github&utm_medium=referral&page=upgrade-pr
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 23dc1f6e3..02e59210a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -135,7 +135,7 @@
         <version.jmh>1.28</version.jmh>
         <!-- Note: powermock v2.0.8 doesn't exist. v2.0.9+ requires mockito-core v3+, which requires Java 8 -->
         <version.powermock>2.0.7</version.powermock>
-        <version.spotbugs>4.3.0</version.spotbugs>
+        <version.spotbugs>4.5.0</version.spotbugs>
         <version.spotbugs.maven>4.2.2</version.spotbugs.maven>
         <version.surefire>3.0.0-M5</version.surefire>
     </properties>

From b59fea18a24c9f1bf187c5d1f2cdf27e71a86bae Mon Sep 17 00:00:00 2001
From: "Kevin W. Wall" <kevin.w.wall@gmail.com>
Date: Thu, 23 Dec 2021 18:49:48 -0500
Subject: [PATCH 780/812] Update SECURITY.md to refer to later releases.

---
 SECURITY.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/SECURITY.md b/SECURITY.md
index f23c9566e..2d71144fc 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -4,8 +4,8 @@
 
 | Version | Supported          |
 | ------- | ------------------ |
-| 2.2.0.0  | :white_check_mark: |
-| 2.1.0.1  | :x:, upgrade to 2.2.0.0|
+| 2.2.3.1  | :white_check_mark: |
+| 2.1.0.1-2.2.3.0  | :x:, upgrade to 2.2.0.0|
 | <= 1.4.x  | :x:, no longer supported AT ALL |
 
 ## Reporting a Vulnerability

From bfb78b6632a3cad12673e684b66fcfabf82cc4ad Mon Sep 17 00:00:00 2001
From: "Kevin W. Wall" <kevin.w.wall@gmail.com>
Date: Thu, 23 Dec 2021 18:50:50 -0500
Subject: [PATCH 781/812] More minor updates in table.

---
 SECURITY.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/SECURITY.md b/SECURITY.md
index 2d71144fc..afed85464 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -4,8 +4,8 @@
 
 | Version | Supported          |
 | ------- | ------------------ |
-| 2.2.3.1  | :white_check_mark: |
-| 2.1.0.1-2.2.3.0  | :x:, upgrade to 2.2.0.0|
+| 2.2.3.1 (latest) | :white_check_mark: |
+| 2.1.0.1-2.2.3.0  | :x:, upgrade to latest release |
 | <= 1.4.x  | :x:, no longer supported AT ALL |
 
 ## Reporting a Vulnerability

From c4b7d0223ca99d8cdb70dac735ed47d9b4bd6408 Mon Sep 17 00:00:00 2001
From: jeremiahjstacey <jeremiah.j.stacey@gmail.com>
Date: Fri, 24 Dec 2021 08:26:16 -0600
Subject: [PATCH 782/812] Update superlinter.yml

Updating to v4 to mitigate current break in v3.17.1
---
 .github/workflows/superlinter.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/superlinter.yml b/.github/workflows/superlinter.yml
index 723666891..b263fddf9 100644
--- a/.github/workflows/superlinter.yml
+++ b/.github/workflows/superlinter.yml
@@ -19,7 +19,7 @@ jobs:
 
       # Runs the Super-Linter action and ignore errors
       - name: Run Super-Linter
-        uses: github/super-linter@v3
+        uses: github/super-linter@v4
         env:
           DEFAULT_BRANCH: develop
           DISABLE_ERRORS: true

From 07dd60a8cc9edf0c872d68ae8ae84c70f008d3d8 Mon Sep 17 00:00:00 2001
From: Snyk bot <snyk-bot@snyk.io>
Date: Thu, 6 Jan 2022 19:40:25 +0000
Subject: [PATCH 783/812] fix: upgrade com.github.spotbugs:spotbugs-annotations
 from 4.5.0 to 4.5.2 (#647)

Snyk has created this PR to upgrade com.github.spotbugs:spotbugs-annotations from 4.5.0 to 4.5.2.

See this package in Maven Repository:
https://mvnrepository.com/artifact/com.github.spotbugs/spotbugs-annotations/

See this project in Snyk:
https://app.snyk.io/org/planetlevel/project/f53b118f-f068-49f2-98e2-0b5681787cd7?utm_source=github&utm_medium=referral&page=upgrade-pr
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 02e59210a..9e4443655 100644
--- a/pom.xml
+++ b/pom.xml
@@ -135,7 +135,7 @@
         <version.jmh>1.28</version.jmh>
         <!-- Note: powermock v2.0.8 doesn't exist. v2.0.9+ requires mockito-core v3+, which requires Java 8 -->
         <version.powermock>2.0.7</version.powermock>
-        <version.spotbugs>4.5.0</version.spotbugs>
+        <version.spotbugs>4.5.2</version.spotbugs>
         <version.spotbugs.maven>4.2.2</version.spotbugs.maven>
         <version.surefire>3.0.0-M5</version.surefire>
     </properties>

From 1274be9e9f3175249a1e96dc23b4b565c7414b2a Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Wed, 26 Jan 2022 10:27:01 -0500
Subject: [PATCH 784/812] For new Log4J 1 vulnerability, CVE-2022-23305

---
 documentation/ESAPI-security-bulletin7.odt | Bin 0 -> 33382 bytes
 documentation/ESAPI-security-bulletin7.pdf | Bin 0 -> 117417 bytes
 2 files changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 documentation/ESAPI-security-bulletin7.odt
 create mode 100644 documentation/ESAPI-security-bulletin7.pdf

diff --git a/documentation/ESAPI-security-bulletin7.odt b/documentation/ESAPI-security-bulletin7.odt
new file mode 100644
index 0000000000000000000000000000000000000000..433ac51773af4a24607ebea96905b46ae718f058
GIT binary patch
literal 33382
zcmbTd1CS=cw=ej$ZQIkfZQHhO+n%;DZQJIwyQgj2cK39DJO8(FW8-ezcpGmk;>0<5
zG7l;;t17cHe@e1o;OGDVGypK=&7)>8$^uUb0090&|5N~bYkPAyZzpqOCnq~=Q)4%4
zM+Zg^2QvmoV^?ce21h4z2Qx=gcYAXOHwHIzFE^$C=8ORcF+Yq60Qe7K|8u5h<!*1{
zU~FyY%INlAB7>8IWwerlBmyih?7t=m(o$k7|M(~X00Mvp`zP&&zPkVbU;rgKHE|*m
zYO)`6l(cO0OkCVFWPIG*4BQgzJR*FeGW^nN;{4pwLOd$s+-A!BQW7$9a>{bbx~j4g
zD)P#@%2FB{TC&=9iiXZ=I_64-ZhA(Rx>jD68Zsujnl?r{uEvU<mRgn;mgY9Dc5c2N
zwq{<=HXiOCbksn8E+CHxP?#U6Z69pt6m0AmYU>?k@1N}H8)6k$EGGw)R|jg#0JSuL
z+Gao_eV~OU(8dkuY76xC2Kt3Wdq<|*g;!ZbH`yh2`Ti_+if{5t@Al3c_6`Gvdsv70
zc_#T;tq4eLhzqPqD{N|LZRnUyx%qCJT5nss?Ku1HTj=dsn(jHcAG$jncz6Z{goJwo
zcN~It-NW|0!(u{w(}Nu{B0P)Yy~>mQXM=oC!+awnA|vBce<mixC1)kaMW*~r%uJ5U
z%*c$+D2vT$PR}jQ%<RuC%*`pP%q(sB)zDLt5nG&_(UccekY89?l-phu-&T=RQBhG|
z(_Gh3UDMRjTvOgy-_YJz)6>%v6$Ok<0j9(Pvoe8UrK6cOzw;VLGCP-Ziobs~0E=>f
zmG#3_Z6jsf3vE5a<>kQY7GQG?u(R{Kcc7<cV5xg(ymNe|a{Qq4&wkekuy_7wE;?o|
zCS@@_eKEUms5Wz`F>kFn>vvn#P+RLzcgs+3*JNMwWM9W}NySP{%W_BUdUNwpSkysy
z>SbEYd1l&4R_S#~_C;ysd3noiQ~h;I$74s;eRtbH|G;|p@b50*RoD1c&)oP>_sUr3
z{-2)Xg}$fX?PFtOqtlCj=BB3>))uEn*Z#4EskODW@iE}|+R5b7_wpogW$SQt6}Y><
z`)B`g<KS%l<oRNB;&yE1cy;1nYvplr<o?gb>+<B&^2**caDQj-XdU>la(uT1yxN;N
zKiGIWT|YcLJUBi-IXgKzzq~j(xH><&yu3WUc)h&4zI=Flx;lHl`gplJe!9PYzd!nT
zy83#%eR_I&eExiTdwPEV`|<Sf@%;7q{`~#@{qI2l0)gh>;FbUYy`Z$1u$tG#wLg;I
z=8FHRL$^V9>*~wOmbr9_Vy<9cfP?3{LwlR_wcV6^bi1z4ABNi8C7TVn=dqCCq;zfP
zfH%qU{f$Z<2=sH2l!d7aR%yrW+<tpZMa^+)A!5HGQRg`UlT~qTaN$B|TsJESHmjc5
zQ$nisbb`$!(lKWbAL9GdeSU!9-+<fK)34##!a&UZ(-q^IVXeqUL{oxMo;Y{xOQ!!p
zk&93lZilz-K;USHR;V+=ACVX@habD3!5aV7ruVX55$De%uPzF`lA*tG&(J}K-%f)z
zljqa>K0M`I{`1zDKrrP5<JPUTNd~*s)&XJbVgApUW3TxO+Musv2cEy(V=o?M|9$KT
zQlOux_0=%WuO`vVPX6UVAri6tiRYEEFPrX_krbmz&rf+zRg|f(wPGko|5Ou?D0}T+
zTjJw@%3oc+K*r<r-K)mg-vXa`^Sys;e*yo#5%l9+``)?M|IHZO{d;Bf#p-K#E+2<9
z>Pz|ZJ?eG)W@*y6Q=D+^u7PO!vLU$h-e@m~B=}UQvPyZoohwOXkLHN|#z|BvsIbe!
z?fbbpaJ^bsx!LYVcW3PNDEX)Fbi3bcu|BeHl~d34ZXN*%Y1fzkqdLLwp=^7%>-l7p
z6psVkvD0B+m3RJCkXh*~;dJZjnb)xQ)V06!{OpV$>8IbzU|`@A>o4vN-!aSLm3tu5
zTln|vP4D60S{bk4?&ta-?_obm@8eG>O3gtvlLo?hD*cI*VKCA%$2CSs_`)7Vp`upe
zG%#2EkHc=&0<o?jfgHFwAFbGNcx|-~>W`f6M4Rg=00nI|juNz$-r=Y;Tb^^wU9K<1
zP4w;d(;7kaZ>$?RzBNxtKgX8WM_*0~)M#IcPr=o|G5+59Uc)z$TY^SjAK%-v%_UxE
z@7Rv}pD;TL0rvVTwf}w0d<TXY=O6O1(UTv7uJqY2^_sD7GG$|?Uf0U!Ht?L9YxfNC
z3Dn`N9WqUe%T`->Nmh6$r{H~3`9NgN#B%S{HWr8Cj$RmVu|@ZNZy%$;5nc2=zdWj5
zukUR--K`>jw0y$}5Cv$xuB<5P_&W4CQ~6HWw-?jb_FuhY?Avp?b@#2<)`a%qc^2ky
z7-|AXpZoX(?tK;Y&Wt%Y9Q)@bZ~N<9DP08H(0ZR``xMOtqIKH!`hBpuKlg7H?AMr{
z7K$YU%=cHB<7}Oe?vfDjjxI(w3EgkEv41Om!Q7U9Hx&aXulifD_(j|tZx&bJ`+j{+
zz3nA<vLBW?2><Khl<_s!?g0LejXO?`#|oIkff>AwHa$!Gb&tcjq0vo`!fiYb%fKB=
z@AmdwU!pPV(VLCEo@eQ&c;dd^fa?omyS2CZ+np!R=G8uL*HwgrZR}BYX#c}aPPvQK
zz(c`sL6trU55Ch$*^lS3{_pK|!w&o6G<D=j1J4JvGkJXA7?<LE#Dq&($W~57(vDAW
zcr>Tek;l`Fqj@JiZw^ym|KeB2WBh)OORKFu^Ia0npHl~`o$r%)u#ei+E3y6zUoB@r
zw@vmtov~hJUr#yr#UtI-B0R@+*Wq7zWux&c(YF0B*CHSo-94P&&I#R?b-+~C&s)A5
zkUvZAm|dgU@9Hh54AXm@CyBV@-LHsVntoo;g=niLBHp~s{R?4@r<-SxPx5|5ui1^8
zaKAF2>%6xYu5%Qe-!nM2oIZ7bwIG*`=Mdc1+3^MJoot4jUH0=lx@JyO3LJG`uWsG$
z`dzk{JKVLZb9(yxJj=iI!^3~7ca&@<dU?O=b^#vK3tWG4?sD<HFmkkW|LR+z^j-Rh
zs_*VH-=vf^-i=S_YIo@S1KVoA+8~7hKRn3f(CKOUg1g)A;`r=dfCrOM>2RM^Xs=th
zn^5T?3d0H-@N2nyC%nXkPgsS)*xRJDw5()-kNa?BEh2m})})v^NY2l&SLtptx^7<{
zM;4>ksNh{>ke0~;<dhDNGRbytnqkKpdo254ypbQqY}GOQH|6AyK7sTI_5}CIYy*);
zNS>1knxpOhFug~bRXpDs_viNiynmNrhU=DR)lN5l44Jn^$oU;@%)FIWZGLoST|CDU
z^$Ifaz>u+LFh0<n(t!sm4vtD%UEL^Yc)`G%-dF$rK@%-wPRcBB)1#4<DTa24R!{L$
z5(+K4BP|n~0H<{{;b7YblxSZqMdkP__})4gFla=Kjy**}+Cy=wEj%!5mjue)&aSn~
z_NEos!-yOEQ=xBRlQ-mpQyeWJeyk|E@2qUXswMD%w^6>a1EbjhCt5;M(&Q28*2mCD
z2_E9X*DE_~qHw!2UI9{_ljsUE4>d&;K{{p(wQ=IRIP_i<RpZt)?fzTLkd%io;dR6Z
zt+6*W`Y`%?=k1I(dQFUt<L$zXuTn2wd`mixfq^Vq%*4#ijE_104pE{g+KLqO(POOF
zD;K<85>0ZIV)?&)sw}W~lYhNg0*1e4`*VOre@Fg020HI4LVh3h-{7YAr*(gB_Ot)p
zM#5%)c(@hF{v>#e?T!eP^!nQ#@%<E=@V#D~^1hq@H)s$WcjZAekmrj_kdGKCQ1`pJ
zuy8-P-`4Lk)Zn)wyENN-aLAxEe#XgSWalvcF9SV9&Q<>0#6B5J2M8vH2+a;31OJaa
zW2x%#&wy}$+k(-)YN*kD_5m)x=YhSI0X2M`j;PssO#D<~XrAy9Q!fKau~j3i&k%DK
z%LB}Z*qjB3`ZYNN{hE?L#CbE-HKh6vIGS<@FnN1m!O*LsU?_9M5LQ{4ITMX2fytPi
z4rP=z4S=vLSd)<`e5yiDU!x$oW}L*rC?lD<Xc7*Qa(p(tk`y6$p7WGKqx9{OAH&>Y
zN{hVcA|pTmS)yNtSTl(753Otnf(mHjXet}^r9B3Pcr?Bo2GwnJUUsqY=1nPz5Ty)I
z&<S$wG9kqWt+0}_N_-PC@odSq98hw!qGgc0!*wa@v_fqLam~3aC)7CU1hRPmO2ka#
zk`^KawoTkAnJH-Al4t-4%gXS*DySf495f)y5j+?~=$M5WgC=WPRdu^8+K2*FQKa79
z9CxtCIzOybqz_WI%VGt;B)!1&0$1gfsy3;$458U%V=jVXF)o#5oP7pYO#5g^WQBuX
z)xMrssbWZ`5|Xy;TqA~}82ofv2gDHC5R089EnJNu$C&|1H4i5K$0H|Rkj+dwC6<nQ
z2extXBhPuhKt+B)46FRs$-;)cLn{rBdA#D%7_Aj3Fx_xS#~-C1T(vV<tpc-yn;MQH
zGtF5>{boT=SrkPJG_j1?xukArpSvh=Ma_VP9D?#`^HEP?0RqLwfZ?d^M69!CRs}<Z
zr4zPDDM>IZ{duP9@ndi2e(b~NknFHNpe~s!TT1Kx-v}q=$iyZh>bFa_k@%s#J+>&v
z-U8<&vfvY|kZhIyLz#YP0eVk_%BAEFm`6<x#aK%N5z{ex!V+H=`b$uo3DTYy+wpDT
zXc#)AeCdDyA#+qVC@uymAYwj}u&12!qF`s|Op5JeqpYv*-)y5^@-|w6phZWzba)Y5
z5bM{>$1?e>?E*}ex>~k)R4IkpiM86%k(w0DV}(>B&1`wIo55r@Dy=MgmV22@)1<f+
z#W0Qb3W_Ygumu+hg)GjvHPu9OobabT$9WG&M|)sPyJHa}N;TgK@7ksy3U791)EHW$
zn8~u7Isz_46@iLKi6l5_snngEfg*E9xoV%Y!|2B3Ch7hrJwc6xSt>TZVjQ_dHhcg5
z;63)vPha&O1B%<<Hd!_vt88lrzdB_>1CR@U=(?Uf^sKWgR`aOW>q@PVd8TQo*b$=X
zwqg#F_BNHkD{~M_X%*3j7qwP=-L0c7G~HZO9r_@gH!oz}KqElsjj*0pO{cM@)nV&+
z{IsqXX~xttVS+jDu#2*eI0b<ol#)!|8BS(1F+&#PQ93V+;7Qybk;Imvz{!RbD(OWe
zMJEM7fU8{>0*t_gDBcr)sr!qkCu{5FHj%GTP59%-ixHVwCo8lyD>SO!5F2qxNz+v?
z@C_!qZxa<h*k-6%wNJBHZ<z2{Z<K;Ur6QjpD?K0pl;p{TlE8n+Sh&))hsw}a4XHqJ
z#k2EcUuiW+Em?XRqvx(DP}DLhs>($W?Bt13)ANco5=&ohM{N|FSdoKykV^cnY7l}F
z3MWw&=GI0$RlG~3F@${PyiI*nU*y(^_(5}&fR(WB19J%vR^ODyNtWU>%3`luZaYVv
zJy&DHKBk)VgXNl=EMcca)_f-1T#MTpQ+Bz?{!i!+O-y?J1oevO6F4m*%-U>yiPjMP
z%vr3{DhSuXkRKZHh#~4;+{?RA14F&&s`93+Ltzy`wJ~5WgHJwga<(>=R**Evc&Nu}
zgtm`S7Lj4lijw$8eRQy096vJObq42f=jgFPz*a2Jlh+%R26H1-w>#c2O1z^Ag3l+1
zWYz{CS&Egi^93KcCNt->_X_nHjC9MgB@+#JRnG%RH-*Ej2Q3z*-7S$06c&P{Rd8om
zlIloec!Z!rmx84^qh;ZwOb%nvT}^UQZ%LCy5@A5>pqfdqr#)ERCbRE9gJ}>@_S>W}
z@e9+4W6(i}*IC4ij+li?JuA3Ve<vFcLQ%&UlMq8gCfiz8(Il#%k6;St!$z?sCUqrP
zEaG1}?W6lMMbbOKP$e~ZpyEBExCrVm2*;E`y91m|q7@tQ(YX>~Y$^Yi+>8y$TUfpu
zg_+{#=j~4rqrP4jNdE}04N0A*1W77YW<hJfgieME6N3UNe>gHXs!|WzDD^F_JpJV%
z{+<lWY8^9q%(8^Vu4^g{cMdCN{_#b1U~5Xl&j_P6mA8lT@|wwKfgMIl#3y|m@eWO#
zi<V$I#la;WinyR^Pt-vJVaJ4_M#r7pL{qJw4F=Ly`fyieMicW`CCGSZJ7ybvxPafD
zu-VRtdK3md;(G4i)6wFT+ph3yCOJUY{XCqZ$Ify6!=(S@mkyfhj0uXZd7Mq8+G=Pl
zXnDv<VLl^Gmd&UNHCJSnugikp=mJTYL-s6gmI^zoWr25dZln6+K!fa2Jd2DnoprQJ
zN2L4CL1|3Yc>|5CE|1Mak4qRX%OzY0?Q-+GiBew82Z~Hm#g!w|HdXP7=BV1=5n4gZ
zeqXaQ18(dMNIJbAdd`R-g0Q;8=+O8^k<>2j31WLf1?8$g{Q3FS$kD9Gtn3&~{3Qs?
zCYaXf5DNhu9w=Ze#Qnvll1RrrCCE(BJTSR&L)ObHY^`Wq?6`ROenyeE1rZI~rHcmC
zzdzT+`tDfskwnGf+ZsVyRi5zF^D-``s){Uq$p?Z9W|%cvx2qkTad2&`$f>1OEAwJf
z%g{?g;3wYF$Qh+aqJ*TCP{aAT$w9JItfMD7Nj^#)Ns>~9G%&5nxhc<5w<amQuexQE
zCu8^Hz&(o~Q9zL2>~HqWYPW;Jz-L}ma5G?~Z3GTsD;gV0$=Hw~L1e<(Axi&ts?RfM
zb{U~mGh8l~>SoX-U3Btq<hFZ<u1{)bD0R(^homWsGQ^|~Ku{!FT7%`6N~o`EN^&f?
zvhydjdqB>Bj?+ZtLBw2nx4%%^m1*AL<aTH^q41a&cU=-3LI~z&zrGB;QH%RBuT)dE
zR+lvMNK@2R+R3?_9@-VNkhR>rd7MfJ-Be6(A%HEQ4_=c~g9}~OM-KCj0rp^!8xiOD
z$zkuw(M(tZkfE=jsiCXvC1|(3b@60Az~s23AS(%kPjZH<3Fx~?ZS-1<jXX5P;^xwD
zV3Eo9ng#Ag<?zhDg#5g)u?C<Kyfkj*_7P@(<k20MCvBkoh*D~cCk1eGglX5)Vq95(
zHl@J6k#$=m$IaQn`Uc%KsfHdj+!?AsZuJdYQg95ioBp=Y#npffq1^8c^HQ|pXmS3$
z!=#16hiP!RUjpBGhLM8`%v6-s8rxf(`J3-!%%Ozmd7$4AJgSM+(F}X0BHKI@rvs+y
zTtT89qoeJTgF!4lqI)@cj_Y^jZ(3hAnMGknN0&Aqp{AozUMTxaYZ+I<XsjxqR4~Sq
z2=;6W<!Vu2Oq5B!fx=lvv!B~7ZZkXE5<f4D8%!;jg&@VRfejlZ2NDxxhjjZAWy1t&
zWlclX^U4$!i^sxVw6w^2+z!L)YV-zh#C#DHMt-jB{s|5S#-Kdjat)HVz2=5Qu(z3I
z6d?&fB?kPPVC{2^JQINr1D?W~xA%J6D;b32CCb$5QVa9w3rzxWv8GJ=sz^NRjIn5_
zbb~O^aNMs7G#}ZcVzlnM=JGjhBQBb+&S9&BH|uQF?JWud#48H>YjGD3?Q^jR#nV0(
zCSv6?8+(#bDH|E?#<@P0&UNwY>1H*#>$wMXWY+<DQGB4}LG~IE$yV$D5mDrful2$m
zuUjiaHbPz=XFdV!SV^?6#?=G~C{sygzgsIiKFkD!(c)0505-x{2~!OdwsfiAsEu!4
zZupe#HEU9An5`eCp~cZwhDE6Hl&F%I^Mhi19Qgwo1h=gQd2(X3^Ml`KZ(?ls7r(nL
zXzY00-IPi)krF%Xl1=$x(cq&K@U*mMAMU;UOqez}acjv@>*JnA4x@MGi+xRt{nNgw
z0=AN%BtJ}g4>A4{W6!_+mTKXgCnCDt4kPm|zMoKzqr&uO&p(s((mw2cjeAXy6Dz*g
zlz=>ZCI6^d`+X)=BRJ1XNVJ<1CI2IrU8#6~iKaEe9`E^`d$SELK19F4HlJMMAoSjA
zx6F$!!cg<z=f8ywRX~w^Cg6VTM(*jbn70RU_P#?hJ#4je6D-p6z(3l`ku4YvUgGv_
znA`O2_?6<Lw<AgZURZ9qmrJonkon>{YxHQy32k2M_(7IN(S3y$qkQMccFOctbw`i&
z&9Z<NZ-und%gxWJ$g{<>M9`*i&593K@WbdJtq<n!Pu5}0JjMVR8~g<MQG<S06O)wi
zkIVVKRj5~q;++<*dF}72P-hq$IlG5R5w;Cp?AYyjtPx4y;^-Y;)URasWoC?U`L1Kk
z{d2?Yft6pDEBm2>AH@`(Ke3QvV>eyX+jYHZn?E%=oQ&kl_Ms|`0dOT(Chj(6O#T4|
z>U9`2AAZ}Hi6LsnSrGx9IPPWFJK?gL+=~XD;aRY>mp3#<&<tk@Zz@NA=Gr^d`Sc+L
z^{$2t$6(N@jmua7aZ+@25rUByKoEZcf;kMJ<PJb;28n*ml;r!X;@%=bjsQN!4GF@i
z+k)P4a|>fq0x|?@1Y`~pnPfqq4Ta}yHw7*w;Lb@`1v(-KOy^6|C(NOwEtI)deFyS%
z2MN2wPED3$fuK2LMzwgKZdTWSnBRH{_ouNbO&Wq39{fu(omtLWVr@_Gq&wI${M0Cn
zQfHVvz-fWw`ZcujcOapCVCt!^YivFjX2})~WykhoO-fC}Q9<n0x{vxr%Vj{>f(LW_
z0IapZNIpv1MDr>2_w|<wmZIxZX^B0op-a4bhm~S}S)xN`WNeI9lDK?WS6qyXl!QQZ
zBGyJ3biRZM63t~=wo+OPU9j6bu|BmfgtbCQG8_G6a#me;(ME)bTTE*oHx4Pb<gKtn
zVGybK1PXhG2D|!vX$)+sk8&0R7P;tx8+Xn|S~!G=x`tT1#q9V71h$S4rC&gd2s(5q
z2P<Hh9AJj)yR#p4=#WJA6znlal49U*du?G!BeocHAzZ{LE}st_&f`UV01vM;VRRg|
zz#Z20Mw;k1NC4n6V832<fevE!2GE5;0SX2{DiP+WhE$<I;P*16A{pMK26}|+EAnB<
z;>UH{s6XkXpR2Qbr)8+q$+<&g{E{%PQj?>hv*5{<vo#2g*hysBC0tpl=mv^PFvwg4
zQhp?9YTA+*Nf?z$O_Jv1Wn{@@O&%$Qg~QuQqfT-?h9zZyr>45cCvC%%S&~<(7PG*r
zc&C|!sOU<V9HY6ZC<$}47x~b@bmkGDj|4>(zzK2etXudgh6HF7O|N22tFPj^NX=T7
z#Qm{}8+BsQlZdw|E9Uku(|ot#dTa~kr}N#3h|s4cNup2A&Q=Vii!WuMfo+xPT<|K^
ztIrypD6!|#s-~2u%R-rJg{&Y$biKi6u`}PPN@MV?CGm8I^GyFRWPlKg%EqnpKtwh+
zypckDV}q@}_CPOd&WskOLdPL|<b~?I(I5groZAc;G{HLGy?qpqK!!#wFty9ce1rvC
zUPL1veIphPa@sVnA5LTVhPCJ<L7z0%KsdFa!j09lO)tSFk#;p=HPMm+!A<<5ra)Ok
zHv(3O78OnmUoPaSMXG89Ek2}HQHzfmxvc=<EQkD779#xfGziJS!KMMiYac?WhX&Pa
z8NR$Yhc-fs=Wb=E?5q@G$A<d+90B@Z$;Fx3v;@rK-pesi5@cv-63YdGDbCu|XT$3g
zw578DuPvATU!#oy<Bf4V#XdVZ;5!oR;^=GK(Cfpf+fHo$=vah>)#3=SmLKLm|6X&~
z_kDs0{nt{y-@|b~$G0L#`N!azA;%)_ZVpEa@cn^Jf$imJH@{EyrC;zo&-SJ|@bgsG
zcTw?sZ@Rg`)<!A+>nj~gC%@|!;*}Pu_w5)<2a*3vWQuhYxOYpm{w*{m81S4_TW-<+
zFr0omzsPvtK9ym()kna;@UYdaSeSk-=(`t=b^949*l{~jK3ABY9_VuG>vO3Z*!(=^
z*t+%F{E756sHmGS*z!fGdn@?ed@Z=~eWj_Bzy7gosgoagF;{5$s}tB6*(SL7aPYN>
zlD+*g6sv1!^**d>dsUh!(H!}`iPY{G_%R0eO5k(fN5t<2T%2{>-C1~8Wb{7|PVWa^
zfYHbIuYW8pz806a1MlX(kh~Hi2)Unzf%k#TnSp*6-}Nng&qAh{rZ(O;V`oXH`Mtm_
zM&Q@bm*K}mMn3RCk?`$eh4JfXPV|g2GJiARtgt-r>552T`{C-#(5K{Mz@L%O=PXGw
zKd|a}WOPVX_g6PC{1Y)x$CMGGh7%XA91}MlatJs&n=iO51Xq4%&^oVmSENuFKI-hZ
zARB^4zqc!Lh-{$Qt2Zt?Hytx~;GG))LeHkkpr%|L<6om1%W3tu<@gt7&tG-55$1Bn
zot|wSUurLRgxNkX8|~_2K{|(D;&1QyuP+L<5?i@EDf>$oEOqgfPU}|dK4+cv-=<Ru
z0UckR*RyuO^TPD<?A-6;)3)!YLQ(onB!Z9f>QSXJ>6m<#k<nCTu2+n|SJk?@20gdo
z=~#ptA1R;t{kM{aI{_8PS%FTsn;%c2f)3X2ldP}6fWt^lICz+4pCK2qEovClv~;+s
zM<2e8BQ-`N3H>8=#)l=7B;ok#()<`vIC4>NbB?Rx@y3GAo_Y8`GdbnckSz(t7s=~w
zO5EEGfj+*7FxSV-KBdNM-fE)?^~&Lx*=@F`OF3-WDelKfy_tnZzO0VksvsJ)w-J>p
z4J27vaVFTvHd6+JHAo)?7r#ip0C?i?vx&>`;@1?xD%d>BtY~JjOUN=GYUy%)AmlO!
zvE&Nmk{gL)l_e1k6A*j(eu_w-g(_C4=Dw48DR9zK)@xm}50!HOnfb!McDlTk&EA?6
z&WLJc$god6aAjRoq8EeQYnT@@?bg^5Y4Az>mGMxns$vXV1ON~W-ay#snSO>gQ#tIj
zBIsCac^P}qXd+$_;VVU|px`|-<S1~{U<i`r_Sd5_(C(nCm!La~i>Om>WrfhPHLyWG
z(CoZqJoh~{;o0L<H3UQ%rww|w#9$Q{4Y<!FXQp<gq#7lrPHz%J_6AkWX*CMsJhtj&
z5=Bcn@#Pp65A)OOn4ENX@9b*yM=Jvl=B$)8b#V_1ovIEoLW?rIH8PEp-tW{1+B95g
ztCHiYL5(<*?`@{#(#d6))0Lb%mqt0w42xB^`AyVXy0r{L6@50x_(+i>bK`tg?$GMu
zSH_z7N{a{{oJpt>29Orj_g9qBjm)a5O1{)LJ8%^iTPsa=_zM$%g^iqE-R!~3F;ab}
zH!s(q&Nl-_+6sqZOyXfnZtVs0aw#26^UqOOKWC5`L?#rP)6H!SfUuML%6^%q2m&WQ
zCPi?5DTw0TRHZV4jK?6IQ8DNYUU)K`ex~sTWvqm849-g!J=4EkXQl<&MGbF63SsjP
zt!fRbS&XZ5Zt$7Epkf>~$NHJcY-e(&aBML5%Uatk@~#+6VXZh9IlP%mCoK)@2_h^Y
zL;9Y_I48u|D(z9|^2f-eLq{lyqGFR+cGp6MD{%?n`n(%W0xSShCrK>vBJ|E;f+L((
z$pX;KC84AC_hDf`n{q}5E~?GAwrb_N$Giw!<-{>Z+LbEE90oC2(nAtW&Iva)Ef`J7
zL&~NbLU<5%I-#d3x)L^s^Rd6sz6zfqL=0z9(y_5(?;6^^x=xIgaF$@MFp30N6Z9GX
z6>`t?QbqVC>7bfG4^F}MDzy0NkQvWyoqFd<P4?K#Yn`2uXdal~S~a7pQg(Zx>$7wf
zhEixU11j`+6%4I)StBDVSNF6fy`$o4I%?@Sox1WP3Qsc~!4qPY%66MNDi#x2{}n72
zJPz;Xv?q_WhHgL`q@B54lk-h+O$E$jQSwE4z8V)N+SQgg@_Kw;w-V(qQpF~^dBj|P
zuxWcf96#z+L_cZkGkKzd^~SvYc<`Aw>o6@8K={VN@K4PEi9HxUObXsmRlG0bGuJ37
zC8sP7mLXL-ymJ+fk6rjVvDvlJLgs-RG2S7N&gZ)2G=xU(+(B2q9P_pYJ(YP*PUA2S
z@njn(AX-K2Y()4^kA8&2E^k5lWa5%JwX^v6KO(xwE%Db|!$c*)LO4+*LdpfuBythm
z^XV)o@F-_eWBPKZf3hf{DTe@r-q7T*E#iHZ$TG`{CRo`^Vvb?nTzY#j#_r~!lC3Lk
z=<*oU5>oSWn^`aZ3CVS<%sciT35G6cdM!_`+2uLK4W~Ki_7cDBMh8ar*UK?`Q?fa0
zZ0})b;9u4UH{BV<3G!Y{)AO9?Z7P-FR5q<(?e-rwtytz77^y0&3@8#i$>XPDo#7}J
z7w;@7TvGC<C|n2m@>-)P3cMYjht1Q}-sH0*>N30RXnE*{s@x+g-6ji!3}Ws`pqms^
zgL}B)8)gVAjPgPCv`nRf${?Ls>`5}qd}54%o++96Qpd6A^0FTS$+xKmY>Uic;RtDk
zelf@gWRt!{oWEnS?royZ6WgdZy=Weo>f<H=Osc;X!bJvPiFz)B7F;<8Jj_LRt(M;y
zCXsZk?eWAR6IZLlGI<L^NMda4vT|_%2CBBu$e5xk)=J(970%4qZATSpq$iOo?4~+Y
zs<So-vd>)6tVfmcDONO5O(MlcS#{beCnssyMW!)DO;=SGqm$U_-1>LLHf1cdIVa8&
zPZop|Hpj0axagiqH+uF(tChQ#RSk|4{zHT-0)CkWPes{>5HB!AoL)i)h(rRpFA_!4
z__NAe2UMYK^V1${m-PcK){b@}u6{$CSTyqbllGvr%n}T!FNHQiP~8-BkjfqOct<EX
z2f^b_<_tv2)_JQcGCmGh4l)=8fB5o4>|}xp25xYY#keVoS#q||ZxWkxv!-KB@@ti>
zrjQkKEwm+5wZjvw=!l7RWoV@ZCrcU@r?ct$ummx$Kr(7!9+`Zsv6+pEeX!7ncqf+>
z9KnBBJdh<(0$>_~`?}-H=VZUTd8}>Vt<*TSB!pEE+T{-x(Ze%IX^EF-&-(WIZg8?m
zrCY=;JQC5}#Rj=?B%oHb5CM&3bO13BRP*5$A<{fz8sd%*$YY2Q3SIGa%AC^_>WNF4
zsyKOxv^sGbgE-JahL1<5Y{ExV8zah!-zGNXaG9jkFb{r7Q{zghBm%?PJ0+x_6R0^r
zI2ac$W-_6)G0g@QF5x88yl}N2=P2qzb5ltnxMDQ6D#A$~8k;?Wyg>w!@y9bUoh&T$
zY~n8V;TW1H<_%7oOY5MeUh0SX1p|*0;BPE!ceaz5M(Wg-$nZra#7*Wxe~#wjNQqJk
zx$8elvsKcnS?KR?=ikf&5X5suB_o`*iA5@Ne*v;0J%1t?=K-eapuY&nPUh5%qF_Hm
z2KK0(0OLIfxE@En=LOyAe=w6J<I(q)O$-vnsJCiGYg)Ba&55mY?oTbxCfGzLlHdnW
zm6y#{bBa&>izQTzeD!1QUH<GHyo{iX=bu=`07t%mQ!|D<`ZO9Jqad2Z|N9fwlQf<C
zTSgXaoWYS`3-$?eCDB^oP(sSS)U4~l7((t?y`4k?{#}+<ol4WZ))@B^q047#?GKz1
zSrV5IjewT$VYEyS>Mwl7g6Ixb9)Vz_TCL-%qS3xs*{W3uB|emRdAS0utLLO>6!e^d
zSwWOmAJh7g&z}bBOI%m}hE~o#V&%jWQ&|^YZ1)@d(Q74(yPUWL{jNp*w@X&_X=ix1
z@=pn4l65pTUOI@#@KH)adpe=;69a!2qGeof7;dK!ipgRPt?z!k;_CC{cT`mbFAv`Y
z2PM4Nm`X#on7GzIfuySC+MD>A>M)<27OZ~BX4T<jRGIq-4$0``l*ExwB*y@g+p8G}
zDhz6kBOYn4d%TfYy!KgTm9s{|d3#;|3{|`6jK&}XS>G~FX7%p%fvX&IxT-1X<5Ikw
z$Fqz=@5dgNgQo@b_B^$);wwA{tK?bA$%!FTVUAvsBiAiT<Y`E<)I4I{M;Hru89{?;
zdH`Z&nG`B9%}x7yvZ{KruV;{CDTNJc+-U(ss)*DKcGu84>6TrQC6FevErg0xcbu|r
z?O;X*y(%6PlFBos(rP=x%JfOaP2vRqU!>L0JdPRK@@c9N9f^7h@ze(Gq_C)EwI;#V
zwCK}QMhMXV_I1M*=vLl)hpDDnOPI?t{C*tzmyMF<Fp<}n(G(?5zTrpw(P$FT9y!)S
zPflF^6DZ~cnkbWmg`qrXPByb{(0)iOg0SikVEo*ZP?PTs5d?~&gb&EujuJWM-^Ygr
z#Q;D7oPyN;c&Z3<6DKAq<O@heS_@IAe%Il5pe||M5kY>W>z5Kdgd2i{g@X=n6w#e5
zDkQN(WU4iZXegU&$y%RkPF>V6YmU2A)zBEMXSOYd4^O5QjM{mMKBtlTr8_Zvz*bq>
zE~D^xyO?{nKTnxK)Cb{y_PqNjz#gamfW-=c&>wnoQ_japZ%PU#g&+5caSX)(1KFu4
z?W(OQOJC}YBVk-Qc7=1ZP|)l#ICs&Ywn#LS(JZjLyM2SzDP1ZK1~U=z&h#O5*EE{N
z7T@+~kt0J1A~TADFNd^%gl?kkq4F4v1}K*K2U)%~tnx8@=pOI+Dk7lJgQr?sr6P3F
z$%51Ip7w_%61(V^FsRO~Ls7d(B%k?Zgd3X$L8B)X!xGn4JRNvusM8cnky`06$>o&%
zQN_vbM_qElSy@E`(I=58ro!aH@_}%)HJqq9dZ}_5nT&|iOIL*PX`i&DLCx82{fi-&
zgvto{o@MkMmdHUa2`i)?nz3Xdo<1RePZxLhbLzh0LQ=(fHMLA*XN#MiTHd`IUGtav
z(&RVsOb{$=+S_`;u(Q-IyG3+rSlN$}F7$nx9gP4_b1*bgUBhqKpm2Z%ekjHr2lx<o
z)rNmS`}E^8q>FSJv<tlMN>hiOq=E~4#eAv(dC;ipo)qHwNM1LDH6;$BEwYkbwlh^z
zCIwYIl;1vM%Qzki2*y~5n6Lo>JA5(StmOh^YFu-(j!(UiWh$8{Av{bxg1L6y5iy0{
zhLp^N6L5eJJTaI8o9!y73VDB@A51;Z@i>*hIA875B4X5I1~zIE@%$<C7nb=zdU-^f
zlPgn+JOV%&Oi9_5`i~9*yA5AK6cZVgQPeGN!Or}ePo$BSM{nW!G56T$w`MVbAFS|%
zttZQFi>ImDwN1bNL>~^%aI6NGW`<;VuuplLEm66$(0d9`B#w3Yp_&%&DYIrlJ3g3Y
z<haz6t&M@;M0q(|Qlc|tOXZrSvVS=>9#XIH-1i)r83~b@!Wc<=aiVbxBUO!xw3xJ>
zb^%s?S2nVQodfyLK%0l{3ekkVv`s~KgPZe2=adLSYmJR|U*_0KRFSQwildlS#itvH
zKBi3%mNAC;p?%(RT@fQhZE403R0=Nb!^mo7qe8s9jo(}aNM~$I-~wr2E8Sh5v7gZJ
z|8tzgYu6~#DSWW6%GhiGHq_ajRlPZ6g@4mdt@3bgtNPcun`e(p8P9#ka<2Fq?+cAn
zP4wYU_sJpY%W@|UMp**&8dbFMZkf_=T!n9)FE5DtUc1=#;5K~+gUvi$d^#pa9LjQn
zZIO5tjQSQG<7Fn1d|>u=4J_4&w3`fG{PURUeUg_sX;PG;SDwV3g2~+(mrZ~=(>H<b
z-?ZOic7FIkwECAHJ=8Ihobm-;e|a14qZzfRzCVoUPUJcHLY$KO=GVk(Jk8ivc!TGz
z=#x3as;UWjkf$3`cvus`L8}YS8DiAlt?NY{8u8S#qIR|E<F*YTBr0MZU4=S&BgKmA
z#m1nD8^2L#lg@5$pDp&Ued(D|`9E}80!bUsmwPcBWp*?_P``Gg69UF^?7f%_ZV7M_
zo?rTWX06yf*mwwU6XIX^F=ge%68cbMuj3WOK27KE*YK$DFYd?yTIk$~uPE=0YLc|b
zexg*lpht-G<d#hEfgGF0fOQ=T_{Bq{&Cehr%T5feeNBPPGx^`W))9wZocVVmJ)Ha3
z-Z^5fGzTMS_oa(mPx(88138q%jsN7Ltf`!aso$Otqd8i2raa?z_`KFcuF9P%u2XH%
z@8@1KVjdF#k;d5>s2%J*H5_caS-rnO%FWkd&2+BaWIjdaZ*?5aSRtfgm|IAM&D-M5
zgByVJDf*=2i~0jJu#2G6vwRyeReb=Go2m{W<W@EdSMZV$J@VY_#Bdc5nXKUmvy!t2
zwJZqKU+~aEcLHx=v!%TW`fg<|TZ1IjfkQ-z&50F}I6OHS4U1%1sB{HIA_H;;AyqXZ
zFZzQ<DFpBngwt<SO7o$f;xS^*(8@?if;B;3DOYQMzy?2L0}SU#hJOzl9fMaQg?S6D
zM@ipb2RSzt5)%!UrXhFzHSX-jJt>cn7s7=3TSJ3T#YWt{#$(dA0>+!hF<7e2AwCyH
zpy~l#A}TJHe+PwP-VBdNjKi}vYPo|E*V#nUUpQ>)ntamnV=3k#BpQA@1To;$+|__X
zsg|XlWY{V8FP@c*vaD-iPw*qg(R-Y!1q)O0%x&4s`*beP>bMsXN>(lUaZOxLBlUW6
zB`qXN48}RO+G!#W=PmV;w-zln3(Is>VT`Di0rkvq2s6<=)~+$+((4Mgw(RMRdH8RS
z9s6}HPK4F}&qK%p#QQ*y$Ot5KuITNMe}}38(&7qYbs|O~|2J|08XEe4!65!q^IsSI
zKf%t}+tJ;P-qhIC%G}h<$c(DN#K;JG&&<e(8kE@!2b-KGC~ibfY5qs%6M5#79`PXp
z@;}6aEEKdDfrAD0KL-N;=)Z#_{>%M;IQ~Bpb#$<>wsd#-Ul<El7Di)JQ*%4>e?><Z
z#{V-*Cl^Oc7jsuv6XXA#CGP(a)78z`&Hev}os*-JyVE}qi2MI0)BgZK{@?fbACv#{
zEZrO(?VOAq%<cXUqy5M3e;<wLf5_3=-q_OIl~Kgn&ED9__5U!Wg`K0ZoB4lr!~Zn8
z;Qoa)b#!q14}!+a-tO9eD)~?%dC$KeG^fdWN>5e*(5G6vVAflrk|D!Bsb>ATgb5x(
zP9q!?4@ge)Pk#0r%DjHcoY8w}h-BB@9Ijh8II&$KV(M?WxgQ7xK!Z=1S*T}N=*WQH
z-#NYBd4dOgK1Y^XZY?Bs1_PI)*KhK%m)gO`o=*+){<?iNu?xI^Oay+|Gv#!0^g4m^
z8mI``tOpYf1|pnYH^be(RHtw~F@g^1dF-c9m}4dRqtsN?`{<kL8s2sOM#J3pj_-aP
zUEe|ZLT0~?vv>8MXnCLRac*lzOLkxUvxb?NeJuc&?eRU(vqA@`Vbmmd;VgLD>-?V4
zq>QD~(RbsyeD3PKX$^JSVWv!xj_j8Qw551db3J*{j@>9F9GKOZw$1#s=`KOBh9zp7
z2{{^@qDH_gju0ymQup9>oJMJXgk4&LL*+O@*x^##$zROv;iug6lr9p7kRQ#v-KPMq
zzSgT6KxfFG4z+QstrvFN^vKQgYzjh$fU8{*b5KF8UU+;G-19E_^tQh9xRK#nWN+%`
zZ2oRWi-VeCDG}yv2BX(`!dz!F_7elIJ~MLveObcnN)!2AzuVu}gykl^FzVocn10zD
z^+s(WLN0PF1C^Ip7s4ci%xcTP6s)5Gx=E_zv%E>LTUGWr=PZ*0%GHZ#=fCDvtD8~R
z&ov?aa1GDA{%>Ow^RnwsLc6oGHFW*jD8~#BEVe{MAeYj|3iG!B9jIG|81Yv_QDJO-
z)L6Ivk;J%5FV+=P$&!8+iVNs=X?`;HM6ygIOvp+y2-u(mj0RTLj`tTbgCH9oBB$iu
zG>7CCGCGH8Z$%tYUEtMTH)fTj62PS_PTMGtPnjbqk*FqxFEf~aE*mAM4d2H1YQiy`
zPLUArfOF_;c><{+vAX-14e$e^vsQ;*|JLEqoCg}#LIUItiT=lqN1Nh9oR=AH7X@nt
zCp(xPgfnzPUDRw`yRj0>oZ~o+k)cBi8q#dMW2L7o+3JteQS&p@+byHHqLCnz=B~<L
zi?2uebP<0A?y66B?5OfjkSTduPL?9Ggkc%MA|nFoCMM(Ul+;*X!Q3x|e6K@PPIXOr
z&G4>oh?okhbfq2N%X}V~w2~J(9bu4>Ml`OUWHUok73z1k4xez`$XMA(;M#13(!q=(
zig&k?SgwAGyLBP~vg8-c$k+!aK#X9)R#84*DDHcx8y%~RY1{Z=;}}I{XcN=D-G3qf
z9qR|y1K(bOrhlJjfv@#}-+_T&V}XA!e*rxy(q%RX;brq^=qZ1taE0iD4)u+UNiPur
zJsreXxy%@|6zha=B@Xsc{}SW2X_zVKs-OjjpC`_7D<3|*)M8M1<4Q1?H=S;{&+TJ(
zP6S|tN=d>O@-c^j!QnX~%J@qUb><|a)Oy@0>Qcq@^V|<<upLj$)|5F|Ur#NJ1UsIL
z$Of8192h&3Jap<MEZ+<Yo)?K+v~uWV9)9ojTZP!9sTPv_+}ti?7s|943?DF=DrRj^
z)Y<m%WZUt=fT*rl=z6zYB#xO|-cN8<8w^I2M7<=G0)07x&ZvN!SPT_qu~Ho64K_&+
zMTNXX;M$W$iK0M8Hl(ZIH3TeoU+0(HAe7P;yyi;8nk`zR)qry4`0V^h-&02E(fteY
ztsr~tij^xgxvz@?1?HQq+nt=a&RM9Va<Bd~VR;yzZ1~X{nWy8)!M7m>9@DF!x9{vB
z@QIoE`;9qCPDxC%OqpeMMZ-@=@Xq?hnB^J-`Fm+A?^S^1hQ`oJ6oSbrK{7#VJm<B@
zb4FjR+8arwZ<X){a<We4n>b`^OEQtjoz*#d!OPhZu39H4aay!VrzFBMikkGhcp;{g
zsOTytrQ=Y1Tn{SfD!ci-MN)yqF*#ZX&psQ>u;KFt#;aNoC+Xf}&phX30820O6Lg0#
z?jsa;PyAo`H38huk%?ga<o~Wl`U&yZiO<=_%b?8~@$a27$ZpOW51(L{<({li?i2mk
z3ZT)bln`7Dd5-U(AzfjV?JhTkr3TI^hmIQW40*T>+BKRH%CYZYqLFJd7yhcNHJStW
zquQ7J?DO!uf^!qG*RB}kt8vK@?F=gHr-aTNkvtF)vNx-h;A7v53IC#@*LxSX16(3j
zVU%ZRr-z8Yx&*})2tFfki;-6{+W?iFw4dxn2{Bljj}^_<0>x2l%)I=AtP2^Eq63_K
zJ;P7^p*Fiq<tB}7uh^71T2fH$=dYgneB<V5NSNEr4XVcCJmbKkR*aj?3aTNli|3Ef
zB*eH^dtUNHgos6+Vac}npl>D%aaid9PEG{fC{!qe>sOMP=v5P1lgEt#ocql5T`%nF
z{XVR)FTT}sX}8rY51_)>FkhVaz0uT`xoL7`I$<lK>9C(1mCLAGNqEsPwoC%1c=SP5
zrkNU=O`<(pq9-=*^*os(Ze%1oaqTd6VgkJPB-L@Wzu=^Hb&owd>aS?rE%IR#C<EjG
z_XqI=U<&I4P1SFjX|n{0%w@&&25XvIJK^2g7w)*P_ctz~c~ws1rxl*K*3UEMqQh<k
z`{otT6nnR=`rcm3OC}BAVQHHDOrvycOBF0~l~n)*hS(TA+gu!?4pHQ3Q~w9S>)3V|
zJ@JMW@h#bFa`xwR=uU^>DeEH#E=-f+*6W7w^`jVLqvHt)p{*4)2}{ll9X-a{=WqWu
z-}vJv!krx3oNecNW1({Dx|&M<yyfF)aXbXQ>!TijS(p{Bzk?UwgG<tA(-N%JKL*J+
zt!j)Yk*ellal`hvqrB?$?I+Ej{2qn6aMi|=7vV}YXB)by*ET1Tyzx|?z+gJ;5LFIw
zt?uTi|L!Otj<2L$QOf-o9yBf<?#-L_&_k)S!{zd9r9Es(f$-vZen(NCKlGm__4I(E
zyPP$?a!2Ojt=Xfpa8yyqri`zGNKt%O(cdlX^Pz$q<7v~lDeaqcOw?Z1O#IaDZHhi^
z@(W$%>Dn`33k(#DZE-PPIhDI68((^PWsUJHxG^Z1*IM&mwMI9_f2FgnI=p&LP)Fn@
z)KXO;yEnr_I7`q#TF2vcSB|+i;+S)3`5dE(!cVZ8#aR(z+^`Y~Om(^mwZ0I&swIO|
zMw@*?@vi-V{=|#+{`t9Lr>Ck<ziCD6NO^f{jw}{{tW03NkfR{E$g}XsF@xlbuIO#&
ziak~Ql4g-$aQ4;ZRr5U8fX|@lq|XOai)0tg&vtR2y<bdUTriH*6zA+|Wnoh1>nb5^
z%o(D>g`zRo@@MV&uemE1Y?UV7&kLtFV`93BJ}{vQ8g@i5<9n^EZ{#Y!>3>S-Cky0*
z%>|``#LwkHsrvxd%nFiWIEN1gfF_Xy&xwl1qGYQqjzWYe5C4sdhpHu>taT076P8x7
z*5qoS(6TCDVgrV7TC%FC1i!r|3)#5>B<{}#_eNX;-_b#{qJ2UGEZfaiOMD&Ccu|Md
z5gGSw9Q)Xx?mq{xs;AuBG_;u*y47iRZ}Dxq88i}ZL7gU;DP7GrbUnWK=}NUo>ZI+r
zb1&Q*_jEiZx-Dl~@KN~Z^|f0|m=F7!=3IWLm8+e0X;D{mo6h1Z$Ps8ZYh_jP7DGeY
zOn21NE%Dp<>(}fq<~g&qexl{!JewI$#HsQ$u&IQvj*v2L;}CS)o{xW;n5Uk^eGx|C
z6ZGoSVK3x03SOcT)L>TIxmn^r(^WMS#kSJ8%T#uu%Z}V&lG`;x)I(TrqcTQ#w?Nkt
z{2X5a%(|J0Hui|PR@sp0fk9sfiSQ#Aqu4Rf%U#hnyCno0V#Ol3S(2Zam9+kPP1E)l
z>Hhii2i3_R_5=JAhsGik%+5@+6|KRaeQ!6FpQBSlf`S)EpYF_({=4I~3VlHOLjU%L
zFX4HCCZSBNKwYcd)phK|;1%J4OOv00mvLDmF(5IonSxGzm6<QA5`{bNl&d3bT_<r}
z<(&1g-d5XE$tUqPt0PDDWZrkoM8B8DyRI#U{HDj(lc(sO1K*Oxe1J*<b4Hxam#izY
z4F;vAl-DGJtQ&YaU;AcDn+_Z~Iu?&coKrW&1%?(dLWsBzHn}D7hAwrghG$n6h1X#M
z$6{D>8Gga$VD=}LZS^IaeLr@b%utKa_;9Z96w^mIa9M9`LlGpK3oFqu@UQGc&m&48
zKR1lht)D9tO3WG@?JT6AO3G6j@o)Y$XUH9m`y5SizeVaMw5cvE*5VxQMbjtE^5hG8
zO|x|o#7Ele9VzP2e((a^(yE*P{`?P5O}JKpe@#0-+_7TIB1GBqR}bNNcA*QB^tDCb
zu9>lNjA!AH^v~0pu-b(`j*|O8BhWQ#sc)L=?Y!}6sc*^9)ioXUA8GZN09qM(SNn<`
z__VYSEb$e1@NeiIAe5~L!BzW^%JRkI*w^as!mQBW1XF<0lpPyXb}!RXeDnQq^%C<x
zKOGG~2c;6!XXmpELZfzMetaHo5oS;|E<-HI*6l5x&}M=O^9e4nQ^<VFeZM7en9hEc
z<2;q$Np^BQIa*#WRmkhgml6~ZX0QL_mHTuWc;l)()`(*zdvZnS0Mbc#TYWP2`^E;Q
z>Aue<zz(S<UqQ>fr#_o#^XD?HGSV8Ws}MgYZNEN={ocIpMJ1Zg-|CbIujtueQ-$A(
z>p=;35u7RQJ5jd+lyXp_En4tFpfj86kq0tp_)7GQto{~BIf=EPCkO40y5Lt@al9(e
z6Z9;l4`|MB+}BOUoY~`z@59=A-h<gZwbVug-C|}w$yxXTpeiBiEP_G?9xv_7_8Eby
z3)BAZRc^I+9(V+76=wcrDk7z+ga|Mc`9$#=y|XPc)}^vl#VS?6EEVcfiLMe{f;5fL
z*%p<SrWR;(f)ttISv8r8lIrprvdhYOOP$h|1&U>5YW8or%2btXpGlsk{A|Cnv?6uI
zSfyT56&Oa$H@P3uKlH_ydE<&EdmK=g8)%Ag7uO!GQp+7-ynj7daBn<t6#2rTng3fE
zeoO@dtzg!dmrS;MTQY@mAmt}buxG3uW`T!fWzl7Q7dPegEtM*mwN?^oz!yP5ohp3B
zg>w0Xrp(`zjGaFT78lE8w4e4<GW5sdcdQpn=vMB||F6cr0Z5Z>*|u%lw(V)#wl!^g
z8q>CI+qP}np0=$wbMHIv|IfMS+<5uL7f}^aYei{i?Y%SiN~tR1;gdfgmFI)Q<r^Z0
zwR?(iT+iFMvz1zQ>#_t9NM83<=M9Q<HW^7HpzN++Tn_v)v4y`rT!mkNyA6Lx5G|w8
z>r=b{b(6)t_gos9sHYD2X)I_O)Q+<h90ZN_6%??FnqO1!w@kqBL7%6XROt^TmnXU|
zJ5T^0NQRN1Yd~-1_(YV#A2^g;)Yb(9Q4E_<M{hLxaqNkWl0;LYAx}Jv-5H_<f>0{(
z`VZ+Z8=tE5lrlrTw>}X}3)Q)Na304xR1j96zi$UUbJv62i@(&L^Cs9j=+uJI>b@pc
zt|wcNAUecdXiyhWOA?*tJgtwyV}hMUa+VyA_GLip@@|G*sxpAiz$Q~LHd0AOHSfoh
z^SyhzKP<V~JHI@l-X`DRwvr-|QV&cH@dT&27wGyK--KUPPsWq0Ekp^iw=vUYY9)j2
zX5Iwmq28}<b^6>ICs=w8pd#)AUvEwZp8qm@SPk`Tf;c%Zj~79yToEa**R5XfO{-Di
zhB(edn*GEwp0-3u-&@zs10?7NoiejFZ$ag(zJ3$wn!$ij{zh7bzJTC)izM~Z%0SU;
z^JrU#dzc9%^gUbIh|}@ngHUaSQme0w6JwsB1rXLLK9M13Op#KB_vZRww7GZ94e#fx
z^~74w_vx)pGYy?_3yn@)*O`{%odbzGbATo_shQW<7+AeCLI}Pwm3pCeayf4?Tb=Fa
zR_k|Z{pF9L@GcrZweIw!frq@EJuq;~>UB$uv#aCh8f)<JHW?GvP30v44LCJDIJ=Lo
zGVCYzJ6N8h(nboGaW8)PjxG5til}|kn&(U$YlVEmN=aCAb93=>uh!D9Q!XA_g_On0
zNf|qNKxN=~&mKV~?iA#erkt7MoMF2AhS^=;6KCX6<;S(tWxK1Hy*^*9IWXx9sKgvX
z?Vf86*gi-9%94vdD1GRSOl)riOh#{s>7Hmy8cHk5C%Fa2s?Xg<z$Fa`(KpPB6@quj
zaDeQMPW3o!T*$B;JwG$x%15r0r|sl>tE&D^eYmLM4w>hl+Oa=4%!aMBaO)g0drWaX
zsjx<puQE$FUoKzfzbBWY4vyojg`1ruLX`Vym!hd%4KQ1!UOcqvV!;ZifA^hD=H~Fj
zd$Bc|F3v^311vtK{`%G!8@;BPz*2=?1$QG*Tj>X}G9*&Od`|F)<Da8c)(ilYRqiDu
z6m&fguU{d$5aNX{56|IrOEVU6lG)3L6S@Jr9*8mPCk)0P1p_i^tJBwd!`;82Db=pM
zz+Tsimml-aYiEe@m@85Mnn5~h@Y_M~`HrmGXaXL%O$~s$Od$>AdWyX~;zF?HFxmOq
zH8w?=`l7q1p+<%=uknY)0<tNA)Qtmg8P4%A+xQ|HoMjL)*SR%9^+D`>s)?E|#1Ne>
z>wR7*86`<=g9i^3P4(YNxwc1;`gr=>4xF-Wu64Y)-~qB|nT}U9pg&=GLExA*PSo1V
z_4i*2`abPh9N)Z<apAD}dh#*Wn07(>ah~tm_7UhVrtGb6;Fk}9R|lH~FzIu<q+wIK
zf%purId*Z}GjSEfgW(<Fj`b+^&QMtFpoy2oIG@9{e{LSYe_i)q&wYLXYmiOOIMt|J
z9{ynUf2hbR<<&HQrzwcSt_@Bej1NFy1x#VoKgMQ%Wy`{vZY?5HvJ(h_UrP6Jy&E+j
zUxmT=LYx8rpvTZyqj4)y)?`$D6N)qm2x^|bc!;|sbK-jdW^jAw9C0uQS2&)q`#z+D
zfK5^`*L#5L{c)(50!XGQZXMBxy}=IbFZbe<jq%ZJgcfp}Av*A&?y?F$O|zrX<trn>
zSJBafI!o5)RB@v4br8yuipxb@i|#vrJiXzLgGRJ!y&opXoV>~?bi`DIg46GU90}i*
z0w6koLIQ8H3LRA6rrO-N84qCAo}aWh?iWa{i^y=|yJ(M##szdyg{T;fB)Xo><(T%3
zwAfMIeNbIGk{&NZ><8IxiJav#g684A&O8Sb#`Su%lc<n1FVpj=5W%tg&<|-OvyL-S
zu-Ok{k>Urtt+lBd=@@-cfFG0zL;<B%`6Hk0{C*b;AnurNcqS2+Nvyq0!2q6)>*2T-
z1neV|V-#jod!wrf<X?d7^ytumsjEgLZ@NLd)AV?r(UKfZ(A%>+2cvF=8K1A?-DEcx
z>?~0~JukC`Bd|j}0@E=dUi;!}zg0!>5B8*BJp4eTNj59U_zbE5dNiSHqQuMm_>D?*
z2f}BK-R@-2H86l1VaMX-=&a20=H2RcUh5hsvLm$R#>lzk*dRJRK(2cF1(R&*(&%^+
z9sjMWs;31=Atdio8S84@qyloic6lnWWl9+Q-J|{2&*Yg2BEHf~Uv%1aVwm!xx#^DY
zTfVTN*f*hAY+o$%iVF@ZbY;<as3|4{L{2Z#67Ot6^z*PF)jFLoA6J^&I$iBnou9ku
zpRPSXUY0A}ayILbSpk&mL!?SvQ-Ct2c0(6ww3c=@&kKjAmy_k?miv?K$3gf3Lr>LJ
zKAwPkjM|Nnpn&vI28h@rvW9k#`Ys4_E|FWf4n9A_-X#KBvq@W-&p`pRulUqP7hv;>
z;902ssh)<E>TMhggiz}bO--6QYJ{4}x@9)4T1yjY*&9KE+yQ*;+jV&Fp>KQLpgv>l
z10$R;P#cD+X2x)uW%lp2T)Q~h@iD!X<HQX^n%VF`&Ps@K%iYHCK<D0eOy3WvM{h%k
zJ_4bFTJS99%P(SaF^v7WxEF-Ii<Fr|AK=d42|Ud<H2wXP%3*10+n{5bGRIxfZMl-C
z>AEgDJ`g`&Pf*{_PWOu8c-=w2+B=?Io+dODHC8#zHh*b3c1(w~FHJ}k98rI9%Vm)@
z8-B4>7L^NyG_l7QbuFDa$35<eP?XOMB16udTgE18sd{-*Ff%I|W?@7Row!W$a=9a!
zaFUnud&l<J7J%;A>SY>G!ZMl?79N8=Uv%|8tGP`@vSwnrnf5gX0%r$ko%cld^)O%O
zsUU4Z`YR^HwZ;lS0<$M24*;JY5o*wxR8C`g7%2><1=0T8C*$U_#8#)tq%W2;wPRc-
zkkQ3}I9}sb5eMu`#V+J;=dES~B1iQfe@SIGCB=izF>-^3CJMnpbE^WrQh{W*J)LI-
z0ENM>U`UxISjcoZfL|q0!z+hLb~xi&rSJm6T(Yz-<Xw5TAqm!pnlt1KuhngNBnnpT
zk`JCLfrk-18hF5@4_GDtVN-4X<3u#K<g$OS5^iGW_1z8WEam8zK=~7b7RD+N2VDe-
z)q@aD<(?U{N1&T0?u16Dd{yanzebJUNDG|6^{zfqP$iQsnq0c(1^nqOka(=|PJ}rE
zEys=fRHOtN(^h}H3r?%9)}fRvItBzdN3K_h{f)d88pcI?wr=)~hVTs;J|$#vQ>2=A
zoJhmkrppr#Wk8?G)fm8S3fP_L$CJu1OO)tQ`7-_6_Jt_7QKVMCFYGFtE)Xx&>bxUy
z&}0`tBa5CLO}M;E9F5GZW~#(~h-@ieAwiI@6JvgA4LjVVkNxXKJ-sV+rx#c_9M3BS
zl<mvXWPd%jGpLLSmwX}kT>_HR?qU()cQ8aIdz3(Z*IqmzmHHjjTBWeVm1nNddX5FO
zIgX27a80COzX}&XAU9;vSNeQa0IRwH#tZ%5QbJhFH|nDo+nB$*Hu~mFBw7y;`IKFZ
z-e9=(F2p(cbD10nelaqK;e}%&eUg0;L4?c%VK=z2Cv&9G!1u{AR|C2LnJpl=9m0&h
zm>GrRZtguakJg0y^2NQLCnOw&NHo`mW7Hl3BJ{o8eIx*BKf(ChM(z>I<%wiBh69rX
zCpg-AsEi$+Ai^Ygh#hLl@UBG>c99Iq=un9-XMvv1lEJL_VVVJPAVr>+TKg-Q;kZDF
z{cRtm54qu(3L%gz<f2^g5u1o|SbVXydMgfFa~$lai=0vG!s9MbSIaE6LCX2m?V^aj
zDZLPCu%Y4)1UEVs^;krcnbZ?&)US^T7I1`v2L@8!pV9lgys^;3qgY^X`*DI3-E<T%
zfKb)~&5s^|Wo*Ei@N^wvgF_zmh(=J5CuKZts4M0q0{Z|Yey4lDAyIN8wn_pL7CrY@
zWidusWV)mPj7RV<qQ-&8Kp$W}{5i3KFjDyV>ESDg?wjze6hZQgOP1V-z^iY@&D&e3
z6ZcfuRxgR-D^(2;tG1TufPJAo0rgzJyV)v?I+CK>{$mM^^!@sa^0qfjBQG)<i1dKl
z?s99+PrTP;mTw5d3k?VYBs_Y9Qv?}k4Lm~ySeW;d)XMXn=4Y=LBQT$QgQyfpc{88}
zQ(hbulP+0_uWu+7n|*)Ax&b)cV&8s~bz?c-D;rEtsSegOWxbGVVyXA)o^MxRRB{t;
zzy?|j(w2l6|D0h;_WT7bqT#$7`Lrv9Cog!udziNU>(S;Nb8bqHK~FXRVbESuS`p^;
zwMP5eZ9XkH8**?;HtHzau?qN9kaIEguvvNXGmpxJuX*;C1i2&v`41cjNSd&;YXBg1
zyCxYmM5U9<dmJ>^u3Iz%hZty3B?=HUcoX|CmoO}3HVpLJYqZy`J^B@UW(0sCEx&A!
z2fcXi9g|&6dP*bXEOQT=_s!c3`~rL15(cc0W-?dlh^cW#97@AyM*L^F$6r%%&zDr9
zxV^sps3y~=D}-tA1h(!Ik&xgU53|j2ia6>nfa&nT`%qlX7l9;jrCdk-ggy4`vQVS@
z)<~4M9Ed+@m2|Xu3~QBk9Q}jP9ms@V2nxKXTojGPVLN2%vWhR6Pb(rSSJ<)?Ym{3E
zK-bE(X;Z!`DXl8)A;WWmAkD``j<-XtQxenp=P)O^3=_rPS`rz<g{p4OQ$%tAm1hTO
zX%_|4eH%6Djvd6bYkT%NVz1?AtbnUqtPi3<^OT_X9paHyLl+L05E{B7jsbEEoF@g=
zpF_(b%-M&_-9wg=8+5k)FUfdvKwjAkHh=&p#d{|W>xe>-RhfADz*T!H!>bd+m%zHU
z=7&z7>NFG^)Hh6!%6DU-5oSXGNEm(2>*|n7w6WM_c9TeKZGTuRk=WS_<s1^LCX=}Y
zp8j;VsW01=G9r|w*L9c_3BkgMEeguOG$)fmF<(M+*;lMLle#WD1>)d_(&<f0a7)u~
z)dd|he2THvXdAVMbya^1bO^G)8ZhCxZ$OpDxI3mvpj&B6MKS@7pse|k<O*s8L~RI6
z*7W4kMZbX&BLuxfn~QLN^SR3cGDaDQCt7s<Xc^I}Gwv835(EQgx0v&EH8aj%+9?d{
zTetGvGJ#e7EJUYD&*$Y`>_ypw$JfrfCISu=aZF@|GPa}?$uM*t!t|Rhe^J(qx2<0q
zR2N{0g7+Rr<(?Kn)o!%RJS}1&5`ldvB9a6_6;bujSNIb+CVmoLwQ?_hr-1DowzEwA
zdDChnJ+bd(?M9O_f_eA!Vk5K@Dd}+Ne6}iyZIX!9R6aBPaB>*2U5APG_2(NK&5wRO
z4$!c0S3%Z^=ci~LcuydOe0WvkkY%cU-jYpD&&k$%K8I^ee1=d(<3$vv44TOSfO?NC
z)LN4e34AMLcxN@;2+=(%)E5D!gobwp?(p6mLo2i&7WMWj6bCTCRt_3Ox993-4&ki<
zoFN4Fi-V9#bVDBlKP6<Cy7G~ijttHcBAJg=k0x(~9Nd|&2!S2M^Ke*RcR6tKGKKc2
z^-lX(pXFgNz9HpKw<+icOADND9b({+Ce=7ib0%8}r%CSDITuc(SP20}iNR=NTkSGb
z=SM~YKSBsygtP)<BVu*6`lHE2q@;1HUEl4jhU4H-<-NDiIbz&Dc1{?~EVfMmMlah9
z!xQU_HiCt^DrI?=Vp-YU21vMrjfmurp}Pp*5%RN#LJQ(xI?beYR@x)atB>5>YKxZv
z2C^x-jT(#2cS4JX2#MUQWr-yiur#^fg9q@j8~S`4((mzD-sK>rpt%jlIZ;C`gIJqD
zuFO<!yslkIgxE`J;~?9ZPe|Gtyl6@OBFK7_{k20t1Wc|oz$z;E5~S#^hI*A9H1MDW
zN4f#~v(nUG^+_8qVsruQnj_e0vZdBC|AF5mg-Kn?X3~*iUjiLrALSwnpkk#iHn5N^
zLM~BBJinOgFczz1E_cGT2&4}Q`vN67N-R`}hsk$$eFRV@0t0YwpB^jddkacdN3Ru>
zO;oZ?n4>x0V5l1294W!r&I9oEcFYuH$=(35N^E?`+PsX_eXAF`Q3yVbK~LeuAdlT1
zlgXx`B(?-uhnFv6X>U{gfO-)dmGTDKYDQMTX9dQSO2ko+Ax%qI+@|mxovUf1%dlhA
z4AN2T(r<B=PI=EN*2o0d-=FjuMRaXf>Lzr>z6VUMe!q)cqw``=A_w$?uv&e0OQQMM
zUsa<CBugx<O*~EnE?l8Zq5TVAi<`aQydlymwJ|xlx05Efvcf@(_tPAkxO>B;%_9$^
zkHSl|#vWAiI749?^}=bMM14h&vNh;0o2KU18*Z1BIYT9$b6fy~qbH=3wRHpYRC}m|
zo^n7<e+@eL6_OGHSSO(-B|Mwwu?|>qF~HM{i|_SIR5*y#kp0xlurkK^p0z0~mkqza
z1DjqWN4Yy1agl&c!p>)n)Khdx%Vm5!R}+a_W$_)$xXj+?I;L|4N;}&A!wP)dq=y+o
zFuHa{HwQFD#pZY@DA3+!W~3|H$v`AQC*hr49OscicT6RFLr@${59eq&2Y-hwoS)#(
zFxbr0WjAFW!AeQUM0)<HY)6@Y04z~)e*<Vc+piq?P7y7^Ms~+vHwtRE$gv>2mlUap
zqZorG8?2ed_5SV*%jF!J+=x`EnPDyMR%zdcgb0A?su5xdBeFxOH`D4BYnAHJzI~(3
zY4S&zVi0u>UG<PV8qH$j*-&BFL6+{f_5tp}njEE7J;B#7&vcqGuPj~1M=ODg^t%jw
z_fy2TBln1C#vvb@4q#+xp_M%b8eohX<tI!I9s`*Ypjw5N8d5&&Va{X>^{~@dMwv43
z0Rd}Wf}Xh%jG%=g42w6T^D!q(2U1P*YjU-lpK3ckbg#|f!tvj~{AUpTUc6u=^<9z$
z<08+6`eoh(*7wf$Q(sA2;>`u3%5DylS|C_ONANeg%m~tl+#b*&4hwS5+A%z|Ivu^c
z=&KnMFq}kUaFP&FffdtLSXw*wH8X4xTp5ejg(;(?bENm1sDBb<-9qO)6Ws2RSFnQa
zvXMXPd_M)9k6QSZiLa;4`}HaE<76Y>ByA#=>|JC5`;G_*->gkPFtH?Ecq+sz5J%-_
zK;Zfc5Sy}MqUm*=^m8{>CbPIBXpNGAXI%BCP;?l23ff1rW9*t9_%7`3F`7f-GUX)F
zBz1MI8FsNbnnUCv$5{5k;6+bMLxhTdOtPrG*Ay`>m7yOXxGv;pvOcM{fm@z~lrX4h
z{UZ=GQ0mI<T?9;y0b1;G)vyv|wdncxJT*f`utNKjl0Nf&>z<Twt}7FqLH?L#yfmI<
zrF+Nha$MqXr%yql?(E)#Bb>#NOn%Cjb$e94lC^*}-D&o5ub8a%bXDSMe&&ddOf-yx
znW%Xq6zL+7WM5jU+C+9Qf>d;{#$?2C8eJXZ3DCIuFK)ExcaF$3aOOn){UkFv`-l&2
zpVh5O{!hi|<5V1>!X{=*^Q?B&tLm_R!whxt3=0eC7KJ>3di8}jQ@Qi_re;w=G^06(
zv*C&&){I@D>2KaWbwm*JEzm&5#+N*(ihHv9e(B;1j=feu$9oye6SvCHX-EnQ1LDN?
z31ZMw6agQ=>1R#uHLl32g=cq*+?es+XKd?>1D~9TrLgBGyxYyEMD;sCBOfZ)u<;iJ
z?#f`B@*~+~aas^(&XKK~$;+CDRwk&e<riZ_(v*M%p*Z4w3axE=sFzby4oOr6N+KaJ
zLiX!It2}=FXEff_%^_=(Rb(>bVy&a&(S8kX@+9m#tF3$Y1sjqJkXGn|XlW5IBy41(
zy*>8dkg^UF=`g_NR~~Rq+^>O++$yRiRtYZSlhvs`bxl2%ib>vpN1-n6u_ZZc0tJZ2
z0Otg|3o1HycZe!tvDK&4&J^!tXxzQ#OJ-RsC)2RCt81a|!upmR>xk9%T~KKlv7P8-
zS$7G^RTyJKatO{^JIM_cSu(4cR<U}^IG?GtX%i%tugl!pJniOoCGt?p(xxR601*}K
z2Lv?xTT@;9EGTmK*gLu$5DEw~#%+)7&hWNfn5yxi2Pi%n4oGt(1t$4?Xl5>BuqrUx
z1Xq6dJR8Oy_k79w()}-elDyqhKYhOg3e?ZDZl~AV4V4q!0NZbV=vR=VN%4)q;FPOh
z`qO%OHWczTC8lq_>3WDl+Ywj#T095T#;UPU3R<Af5ZdJ_Wq<8x72TOVMJP^ZYWg-U
zvQ%)gDT9mX3DhQAbM(ZBjLfrioa*7yNyz#gU7ifh15$H^znJgbr<2zyy-hr0>JXhH
zk#;FeF>)oxqQ)j4KRX6E64kAlncR(VTn$LAFu*24Ylor0%W2<$P<k5%lFwbi_|=L-
z!e$YFV`jT7f>w4C1tE3MMDcK<Vw?iMUsP!z+VJC*!kQ7s1xZHNG^ye-3%b-MkTf7D
zbt_F14>;_C4Bek?BJ79zrM#QJ1|mpzB{N+}9O3p|nLCTVdf#RmltJAT$r-J;?GS{v
znN)2-k=mk=+QLL_fEql39R6dVU3JHGV%FGj%jn!k*2^1^;po0U1w1WrUm6Rw@2H9=
zV%5c*jcN#)gWPl<0wV%37B%(3@P!-CEfd44k%2Rl*bw_<6M$&H5-zEg=qqY<xX*h?
zJI?s=;^+S2C(|mupjs>I0xh=3ah}-53q1*w!<*(}(X}P$fZ;+WkooXIRs;!tQoD`-
z=o*myCe-!;lVm_~1Y_ypR7*F0D9M1PL;`1GD-(NJ2vt8BdMm6N98H-SKgwvi9RqC+
znoCo!7`M+6V*c0U6ezr~Y1%l;Pl#z@LSgBs80F>Gj+rQ_w)5p6X2|SF<(Q5EG4s?k
zif4qoo0Rd`Py>5;hir>xFi2s0vub7l^lRU-Rl8Nap7&Q1s}*FH#UaGN$Z?^VlQ=2u
zv?P$-k@@#rNa?rLcPbze6PRoI<OO@k;%`X|#_`hO0MnRbzxAR)VICr4GPzxY1smWF
zXrV?W#@A+<lBoieb*cz2wFpk<ji@pstBnEZ)6Jv>*YmV#A%jeNHbQ)Dw`K`0^~H6`
zmLEpUO{$c%3kY0P;YWuT0DpLchYX(ys^TFQduV{Da#~{Z*~5s8h3xrDcv3123(XTi
zZhvopfb#T4((aIVM#X6_ll(YcE$p?z`=goL!Y)yV?FJa8#N=+;VBF={;p;A-N(0%Y
zcDzhw^Ew=QO_9*1U{s1?ohBzimF#wDzt3V)1yMl~p3vGQVj?KCJTw`w7@4{!qRXFs
z&_6gxnC7fwi|nh6a?yUAjZFcpv_z?bB6ZvUr0=uU@)$`0am+(fwQWz)O&yWkW)0Q~
zJxo5l)N|?@+^@TOGI}r|AFmYgk!Jg7k4TU>R!&Tnn7isFUkG$}RiqrD3MW*pa?^ct
zcNlG}+xbEk>n#{y3STVw7HSK|kLba5N`C2-v`LmHmg?XTZXul!i_D}*k#mn?d%1^W
zFNN~e2Dgk%p|;V(D7(pKon0<fP)ADgz4huc!Cr@$u0n?80WS!;JwA9(Q2Pd*p_>=o
za2l3wV+)VI$$AS*JaARUc}CNVo+iF;9QAjvPS0Wadr|ar9JMHZg84)>m%2SIA*-Fv
zF0%OadDD(|*4A8Mm+-!*$PdlMkYcqWJA{Sa1tQ*ix-|fn-BcpcKtzDHMBj8uUb_Um
z7d?6)ykDbP1Y>ISc7yZ?U{X5C_Md3HJKw>LG}O)RfL-VOghaZI*rka?e!<wLqqvli
z+b9DV<=$fRV83yB)fDe1E>2NQ?^$K!48guJK2lTJw<Z>aLAC$}4t9uY4u`W*H>;b{
z$<p?lVt>bEth_v?s*3AT@gIY3IG?zkCNe50r81zKioZ3}Ms6=wi_~}<f?vXOK6-cj
zCIe*+P^{+q3Hv>451c6RVillDv_P)=YjI%am4eTzzB8pR+dI5~u;j2TS3pBd#tWp|
zz3o-Wab1RhfRy84=)@l7UT6q!VnWT;8DOioie;QHtvzwX8NJ{_z?jDesA#k{<UK}p
z#SES3%CspGk1%%fayI1M4sJV2cxzB-L+~K#edKp)pwFl+>!_Zr{%}e64Hgg&<k!I$
z@Sm*t;Cq5wAX)%`pDcj?H*5airB44>eF76FgFkuGjVkL=>ud;KS85Pex|FdAwnSE-
zqjX^an++n%>-W|IN=E6lB4sFzx?f(U>E+JoX7L2kT#i!{sf59r-ClIg_aIfOOI8Sx
zkYPRIS`>~eIl&k3Zh>1z+m#pI)g;$_V?`kQ_K>>50u~lq!E7b=L0SssY1j&albr`m
zK+KZQ36t%D-)<`sUmX3Tw$ykeWQ&zNC5_JDASdf+PV$HwW6*UMIW}vdQhx?D31-fu
zkP$aKKl{iuZj_Q*UKGkpUCFo}Vi49BeBrHvtD(F$f&sD1_zCTTdMnz!;)w{o#rrZR
zM9*7WADm4^I1za2?+^rKAf_3{8E|dSMNA)M#5mtVRWDQJcOYT8GM?Sy?@FZpQo`{<
z(u8lboN9~FhITX?0CZq@-u2Fu&SmpXtd?T)ecMY^+Vy~`!W<+SjIhEyG#`QtSEEd)
zU3F;1@|6B%9jY+Qkefo=lwilTA2B!{QBdz5<3dV4DTs*02u?GtD3n=^_IptLPTFdw
z&EEKq?$K_7e>5H)v84w|pP}mk09<u;CwqbOzLBY37b4LSG0*Ng#xfn<U5yqUuE9dc
zqdN5oI7c3ka4`8MdID4|l<UJJO9l?Qm8mEF%(WCxAFlqkQ}-w-ihDUI3!K!%=<Tn#
z;9mwK#^GlSa8bqT5~+%OwCBfZZ<ogv<r@JP8}B>_5oDbSTf+kuc)vr(m^7<k)MxSy
zH!-*kiD}^#J=xeQDlT`r2rd@rag3kwS3jQZOncdD<u+l$yoU6M32{-_m$-w`xMT|R
zSb5ACRxTgkU}fSH0e11b`>!jBUtl$SYJ_des%{BBzK!q#S8K)9U7SI<0egw(+?K2%
z3_m+(SUtTX+u1&Z8XKDpGP?vme^9b)aA<jjZ|tt|V|=O=Jj$zbIpH~XV{C<6qV_zR
zT-DeyruVE6Sb7I`W0ibh+>D+5{4&;|bkbJWi;B(n{{U-5=WxHNAg}%qyz2)1(>B;F
zQ2md9ezy(qf2=6^cWvX(q7`cc8*@_=M<+T5W7Em_NgIC#gn%oaK$EEzetJ+)2a2&)
zi|iiOAazjs+cc!DuBdobg@Urv?1lX*QReNahV%;qoRRRll3ryNBTCXSakIt~YOZ#=
z*1~nJwUs7n{50Gf3;)7wsy0^}Do(wmKw5SftLgeY3b(X79=Q&p-bD_3ahRcoC<sWr
zNI~<515Yf@sXa(jH3g@$oEY~ff^XrQT%|d6PzFtkoxx26vA+C~kkVrTPX0J;vQmT0
zNp}jIy}1{A!}^``{&_t5*VIwdD_bEjzf*^HI%_Vq{kJ_6%{(rRJe=nTZ?=gO^fQ<)
z<xbnV-M@}M>88Ih_o^FQgsu3e^1r{v95>wJtB6(qxqS^!W^<r`0092KYm5BvYknL}
zoSe*UzB~SLFN2y|j(c24-rIVyd(PDU_H@Wf@fl3$$Vit@*Ku*yfN*sO#G`<>XU!%A
z@iGMcjArcgAT-WWm6z4sHZRM1<1rbXhIBxpw#=>gqDL@F(Jz3RTc)qyj^D}dmN&b-
zYez}0?Y6$_;uum*gC-#bg)pbcig<rKvmraCeHRBIl2Zr~(e-dgGib|9`r_cqrqKGT
zBLU3ZHZ@fgeX(+>Rex94e%JR*o76~3l*zIQ_K1-6JIO6u%I7OHjOe6RL|zJ)NJtH`
zPu206&ag&%>18oJvat-lc)aqqMycSN0uB{2Nw1%rwlHtTluz}6z24ijNY%Of{4oVE
zw2qUH7tXX!?tt2h-1m#cF`2nyV|rX~wb}tLS*IVlRjI{3W5Zx)d{wqLxivk#d_Q1&
zU!QBe^L%6aOo}@5{xX7=YXw}ae-JZIiH6tQ4wD#Tb|UkDQMNc=5;}txq>35;DxOzB
z7>DMQM|jqq->YNbQ_bk&vCbH709+5(^tSBFyj1X(A5)97A@!5u=~Z`%rHXEDd=s1A
zlrCASQx~xXB%4<osn&yt2XS*1n~Dk{I$lR#vCb~Kvf6ecp$U%}?U8@!dv!V^T{KV;
zmS(Lw8fK`_D`$%wX=l&MyYcMDA|2c<$$tBC7PDei7gbw|zMSFq?zMkV;rfC<t6_I=
zavkK0lORUG7m9m1%9zXhGveIix2>FmOTd^Uc)5c!e8VV`89$%6S*@Sxb%8_^xKn*}
zNjJwWe1Wydv~ZeiU0H`<t@YqgCw=;U_$lRts8!azsUbagT%BojLRKoj;<kIk@b{)U
zZ;fwNMj9Y)uOkrgec(RkO9cRaVMVnLU`g{12!h3{z?LLpfH|m&v4|D`DBDy4TZuCi
z)?`;1D};ygi<FXmsd(lD-pdbCf(|$V(G}Ebq0WSlQCSb<hQ|{u9YCa94Um#tKbR2a
zgjD~0roH^iWHr5rt<7*h(qDuHANp0<R>Hj$Zb_&2&5-q!{-aRpL&8Yc$Fh4>EkE$X
z=gsmM?BY{P`GQ;Z!+e2Yi-)MovA!%BDxQ2E>2k2YV7dJ0)cS|ny7SxK(?Z!r#M?Ee
z>w42BY-Ns;eME6pC(T?R6l`_GO^JnbW?zAt{nk)^@bFCub7}WVc<id1Gxd^%F-E!Q
zbm+%M<f^x2!YL^eWf0l~?f~zIpb)hUEL1h#MMYN707X!wTD4%vlPS&OmyHSM9krJw
z4p$%ZTlD3OMx+c<H1*W>XNf_Jr0l5rf@D((I(qm6jwNdq44Suz#iHI?^p=-UgqYD@
zABXyrCyq-9eq6G>Z8<TfZJvRDgU6%MHf6$k5$GAVHrboC*hO)!+$&it-cugexx&Tz
zC0sSyXUV+(i>Tw}!TVUGHF}xLdJWb`-8?>Kra*UxQ&806FHGFx4vK^i1;8aH%NEmM
z7QH-Q?6H;3>wPCWXyd3H@f`<@Q58hwIYFFEUJQ0;!UH78QjqHdL>~h>eBy(jAnWKY
z67Mo2i;N_uw)9~*i1U`LTnhb<AGb)4{D`Fn2R`{EogY79sMxHGWwzrt44?x$w~J!$
zsor9vNmO|%gZo2zzOWc{7h=LC%;#(7>^N`{pK*tH!@-LEJ$7H2p6<Sn5mk;*gbZoV
z#uJJu#ItRpk2GOT=`zN{Y4I3#B-7%P>Nqjr*j_`KJadg(a0JtN4Ej6c|IUODfW%cn
z8))lydw!EA`i7{NK}dI@UgsQ<@hK0Wh!RCkz8x6@zFuRZ=BEnV2C<L_2_uxLB)rgn
z;8RDa^IkbHOGGL5yZ%%CC!Ul`zC#t5&Q(=KOEqset5NB#2do9hEsFkL_`K=Z$A!j9
zCie4BHmZ~u@Rz%1Q)}2+a~Mo}xpuVq26=qyj~@k(?UY)kA>hBDm+-c7D0a;G6I~0E
z<cmI=@1if5KW<upxb%pBMFs6P6}t-mo|pxaLal8|(Ei!)Ys)Py<x!s>QbAzq4k-b9
z-%hOt5)MYa3mFy~1)D&4N{Hpv=skE4eVWM`KuC$o#iky@@mvZPKto{5dx($*Nl{)@
z#(S`>O!*e+;JWQm<-7U}oHSiz!1E)5;ZvKv+QI3@Q>TLhYw0dF72uh4L3ceUD$5gq
zQbwaL3nvYX4-8G6a6;rNLC@f4R9!WOBivr|Wd(0L&5^E0aaEXD$&D3Y&SqFCxzW9j
z-i5eJD#-v5G;vhm-UN9!+-Xoq3{jXcw7)`0K!v+k<rj{=6k*<vOC@-YfXzJ@b#lsU
z#kC;?VR7<Ky=FF*LldQLeuMykfR?dA5#f#$&ohma#U+eeZj6_RIF@Bu@I!4oN=(O!
z9E@v87V|S|eC|-aSc1C2A0<{-%Rx9n4#5?1;XJrKaRope%(hh}0dTN|{3Q#k8PW+C
za6NCt*BE^gCNtKZ899DIhCy__-QReIG7^(-;dScv=aMrwBr4u8a+K};DbKCQ%J`E4
zyR;Y{(tL~35f=N`Ky8!Ew>Gp3L0Y-u>VbY|)qll7=U-vjoh<933k`WCj(XsL=2*22
zapP8_0ouoc&IG;SLmk~qBBfPOU$fIFy;OOG%hl!|B!+!Ua0H`sg?s-Qs}4Az5FpnX
zofFEYrhM-;zs@Jh6VBTp*2Y{la_|<J3y0&VQvHq6s>vGZn^zHumjKvLAXR^$L>}Vv
zW+1sk3s|T)hLb7~o*7gciNTMkOZl1!mBaw!=#N@|XX!4dLLwY~hJhr9l~ML@Pm;j=
z4Lw4_)!bG#4+$Smxtb2&UaUQMRD}@VBbae3SA^fa=E{|MB$mOfBvYkRzCLZ#$F#fM
zFD$}*o}@opQy;rnlRj<*-CVZIZ(YCst6K-E#ni3)dqiVJ|G)K1{**{_baJ;c`LABd
z1@5@RKHF`VUalh552(sy6Rj<dQmZ;8iACwSH3_z16k$OmW|Uq~iSaS}+izMwRw~z|
zK23QEx@#iI1&|5|HIhiRm{pibb9`;?p*Lj^-tX_)O%_@QSzskR=W#P0+HrB-NFerK
zWS)lcb=}oAr}^IIi;dZ!y*zOd`1JNT?&hp;cN>8H_wO~GwwxTX^pF#RPMjl>I69}^
zE#r37VcXbpt2wD=`^X(}r+g=8F}udK!I@X))LEQ|Cw}h(icl~2{$BKD0hf)q-0Nz7
zFd1?jZ{k;1BRHsoGIV9r7EU8o^`mpq!np}66Oro*mMmT(`pLr23pV+HWl!FByC2bX
zWNvH6YDTF>DuYn%6{A8zF@wH1g{vOSq=ano-sQ65_o7g+rDtg2OlN=K<Uwwzjo<%?
zTB!tDEMteoAHbRK+3eNOIyq8m+AvK6RM|nHcTAuSoLLBY5+=X_z77t-AD`}W?`%10
zl{?f}rYTrE-qbD8M0$=HG}h9<EduZaJf7nV$^uGFzlKtWzl9+SGRuriYzhFn2Ca3V
ztuk4#(Jz(rAG1JI<nT|GfER&<U2X=sJt#CEaIS+gltTP$&wUHBBbb+Kgu}T10VA3Y
z8&Y6b=2W%$8F9c!1JndH%I}%1k5xy9a$~Suh$&4QK7yt+*4dYmd%!P*LkYboRVOPH
z(k$J{05(W6+Q`^;Ks)D@usZP6zx|_P+Nd4;SuAvTg(Y}%dI64;xQ2TwCb|>gP2qL5
zxUc@?DC&7Kq~pXJT)A6^z8FLqq9esmGibJLPD8qHLpjWMiklv_v(tq{FAqY-+^jdp
z<1%%Jc9fE(Q^bDlB@1a>*hdsn;!DvNIWpU+YiO2sN)X>`?!_;N;<X?iC?MI-&Gaev
z6Y9(FGd7%ZJEjHG6;-|=34<KW%@GIK^jbm+NgpejKaSz9*Lu2-8)rjo?F^xbqpIa1
zL1hOon<2(xg~E1qJ|ZKIv~I6Ugn;Kr`BJ1C1ZN~n_koAV!+%p6Q+uFq2WOxTc*^b(
zz9~VvO_sUC69O<Owgn>&Sk8qXnbd&b{1G)QkMee#bzU`i6FRb*VhC26xeYJgkI(yS
z8Nd6h_-^;Zhp*#nJ9yjs?fP>&QoF9_GD51eNJq9Qyg|N_w1+uCj7dY8SxWO5g*1HT
zic0-uT}t17hy|Lk)%Z+`S#rw&;))pPWk4+dE}W6;%0;~a2-^+iBx`)v_-MK<6SGyf
zR~b)&sf%-Xz^MB$#>p3`?)InVieP7Zy3LmrLkm_wZKIFQ)ii<FH9=vYZW;kT5|^!j
z*)z3)LC{aUjAnuDy2ckY^$@|#<I3JO)5P;Aea><QEjJ>WtXvA#23i3W`>EvTsdkKx
z;M)iWk{mySpP>LE3UxEO8S{*V7y?jGeNZ121wsZm`e+9AX}%J5dBTW5H&i8%5{gB}
zlMUu}qS}!MJcBh$DH8Gll7j3^Y5PbDiC##`LF~o5)iXR8B$&40@;uYCIB9kh*q#t7
z%utdy`&ykI83N)bo&Fzd>dL6e;FREDQrP@}JvCGSzFM-hv*o-MCR8W#xS*_{f=O^<
z&sC?l)atAWsMVJu4PhFtogaBx5EaIkbiDjhE$d~`J+FgY8apYr%enzTA<;at(9KsA
z+CgcaVvRDlE7J~)gm>@=kNs@|K~HCmiYoLFy*)-j1wL$a(ou)q6BHU4uJe&4$uiLX
z+?1ES6jh~a>W(>iRw(oe7<UCy<{LF&2?r;6K(_$p2&L`27{pc<5ha4MkS3x%PB0z3
zzoY`<5=yUx5Pu|8P>tjk8b)0)$aX|b*f;5$@S55@5wanUH6TTh^RxV7^9Yo6=Z*Wm
zK}GC2j#g=coy!7x+FN(|KrAKPJL2oa@a#=dA=D%zkyLw&e4djJd4_ZdhMxfUIjx|)
z+166Z=z+$OLC;hau^;VTel4KD5uJL)uU!6%-aRd_zHyiYG(yK0VR97$6dtu$a!{3!
zBVeJ(?t;$l3(l+=@<`}CE&VKxB~d`LL^Vc6pzf4D>H5H1k&eILI%^Zv2s^owFb&;X
zy6P1#_<>c_7m<+VmD+43dW5IFIy@CM4S<iof4cv3S_!EFfBh;GmX2;nW~$nU6|3EY
zuM772faquxG)&bjbL-d=Mof`<Nf~!+f6<~$_K0T`%PXW)boM~DsaoZHYEoS-pSG;h
zY!~ES9M4bT!YWcV9CDsS(6YaX%k)Wz#${VT+{b})gANMwk<aCL&vL||$zb~NlgbbS
z_uGJPNd+@|w{XX41D_Z0qe4UOlN#Qqz*aVX0YdbPyAC<+lU>{*<xlUsD0%xnA<UCd
zHZ~xnXP7?b?$t$D>MB_Vl}Al5{21NF7QweNr*7@!dP8qy@Mjwz3rq*6N{d!vP%i0S
z8!Sa8Ij$O8L!><BmB4!ogW`NQR)?bwDP$fV4BSYp%~?_V5``!PgI{cjRB}{@`9a|~
zR!k+WaQlp=-`+L{?_@0X%hpsK;<Mu@N`A1O+@HgTuk|ll<6(W%ZJ|mkZMz8n)(6vK
zkc#z_e&HJc95e7HvRh!-g^+4yjlUi@q)#wHXhV8;iOgc&wzuBG4iXAOH)O+99Z<AI
zAyC_zcAf+)*6gfXg?3^^ci5^Cl2N_Nl&<wry&87-DtSD~SpkV(!%hC(>Y_dt$4hB1
zsasi_*ZH~}EWL7~ERV*F15ne0*wB9LzN?yH>F`zbGZ)(!iblq*S0#^Lm>Pz9G1wgj
zVR3$TEZj~7lCd&Rj}0D-S@ysM>p^tqp{JkfW5EEm^C|ePjpB2bq02kEZzQNR77cte
zbYH-Eiava7pwq+q%o*K#hg3kb3a0|jXnS);OFpvuVoK$<qI5+zww0@Mx?;H~`)tK4
z>7fi^sx#!8GY3uH-Z7hQ5Z-nR0_<!}0@3xUt+KkYP5kOovNY+7yJNbSeT^)tDfrN#
z{QN41`xXZ_ZqxVte(NPIckkPn?*#o&(@pLWL>VtaW%^Ynv=7=X-vX)m$c=?InDb8a
z+1`H9B1ftP7&DH##93M?H7j#J+p+N4ZVpIcm#e{;ZU4Y8P111AsoZ)X{5+*LASzsm
z_${4;yk4muMbXy~1z8^L&yarFxQIeH70oC{qsvskt0<3)To90_;jXFnyXM@(?zB}A
zf?W@eu-u@4@DfBUi&P61zp6pc*52N*);R)_lD%o4j@7U1?(;ZYTED$Opsrlnu;KH>
z$p~MkiO+ALzY;pL>XyBXt4(t|H&L8=KPV@5m7RD|GvV8QO^k6@&!ULYMpv*%f8?rA
z%GyHZU_DF{<z7J8j@Ur;S-wnq_0H(sQ6S~UxS7-wnxp7vLPa3ETF~`+@->{IW^ChH
zGaUy(j;U@$i3qUn&vC6pUGOpl%Jrw(4z-yNuSX!&a=%-r(yU<bxx7HO$fEw5UHIV|
zM6EkzO^-Q-?q)sMH>rGg0%Z?->e(XF++SVJS-#TDBbKC~T8_OCQ<+sWxLFn_>^mAI
z-s?<d^ILkB;t{=o&~(9Uj2{~#+KkkkVoOun@z-TUH4XWTn~Y#$|0#(Nxkno+zb<?H
zPF|S;=PKf{lpGH|1779zKAxdj<ExpAMBO(Oa306L(?#H><S=x?6%m*wb7}$yn=KAv
z1z}Z=>mo~g3kD%2e_YkIoM!XYC>YEv3`NtCUjs2rLQ`@ul+4DShT^G&=;T2Om=5lL
zHr4)YGI25%Af-I$A&8CXkfnzK4<9P~*Tigix);Xj$4pt?WJx5F;%M?tSw;oSdxDKl
z%RHTr1n3hiFQcGnh}c7vJr*=LaE<Y>98#=+;n@=S?n=e<92OC^Y?Q-@PV0gBM}jb{
zkUvf90X#wTazpVqT*-j#ClmO~h}5V-YIlG@TD8E#Ja)iq^ZH=Iup{-@Wp8wQ0B&qM
z;bUC7<EM0hU|Lc6bxP)B0P(3ITD2g;xYi?LY{H#9%JF%n(}PFH%fQ2FxD01g5!WkZ
z+Gr1Vd1{<+UVB$lrv324;YD*SSDV=7_+1AAK4^az&=};>{pRkP><28{Ch`{gj?^R0
zUQ2P?^lEwp9CN)FUYBu$UZjhhj^0mpPQHnN2hO*+JO4=q__a))WD@5V=Qxj^!hjTG
z=+C_d5dh*JY;DW559(9WO*c0iQ^TDe*G8Nct3$&=B~duzkdth@x+^bkH^!;Ev9~vM
zyUK&{ChlTm!_?gP)mb#o+={%i=bjln8c{9@o;d2^adJu4xa9ED=h{5$)cA6c3!lgo
zk7b&tFC<xkciLS%CEPsjBGb~_ul?=s49I#jF&J2S{nSGB?HO3X3EN53;hGb~T{*7d
zc{ug$uEP0wG^`vMIh=Hnp^MZ(c<FLp)+zQ2nV=kS6F;KINKvSLzg504(oxjpns?ZU
zd;W;omS=5cu)(XX6`NA5@imV=hc?Q-oo=h=knP?txtuqA2O`yr=b^SSn3H*ULbl#U
ziPLcy$q3Rnxosnd9ENs(fEP-Pd7{dWO5j^9<gQtoc~TaO98-M!BGW+o%r&5VS6puG
zT0WK}r|xKcj!+_=KRhQ`m>^~WIU*|c4lqRt)VQD<4GULsjnMd3ZO_r-(4Ba`B93w@
ziP$~;xkgZM8%bxCsg!_5qhM18Cwh0%22kG*AvieL49ome&qObg-YaklWRJ%7B)RxY
zi{RO#V5hfXsGpj<);wZGXK&F~4>Ee6c2>u{QF51sKMa|aEU<jLn}tQviv=MGCTtMg
zE@$>&3@E^~gUZI=ykh_g^qkqK?>3MR;R2-zTw<Z71%Il8y4-dP)vTGYaR*fN{L%0;
z|GPu4S%sXk`j5>HlVPMn54cDfwz^cRWwr#{WM*@=4ZoY+wXyp$jSKj){jdKD$Fbz!
z8p8nqpa=eMV^h@MV^bLsWdT|VSyB4`7kl_Ud0v?yW7AK75ctFyIM~G0prJw`i<ao&
zcMkvp4~GO3l1<U&Rf|eqRVLn)fa?}?)#(m#1*c|N1|3j>%XZ-36%QrfrfRetlfCcy
zAp!R`IR&)<Ww<w=M|I4w)eJid*ov$m7S$(sAmMNfs6}26D*bNDho5-ap6W~6nj7hV
zHUNv8%|B*hB|^2yPT1lB;Xwh}pQ)$`l#M7__)+8$k<;MY))4$@z;9w?K|j|@cwSm9
z1~FryP`o816!0WEK8w(<FEtGF%hM?>47P8{jU%i6TkZ^59Sd#g@MS2twFtOXNwp$l
zo-5~~;s`TM%4LB<fOqCVvQS|=j;P>9T_E95M8gK*WZD>~L8cpLTF^W6N$8~=vlT`4
zo~HQT!^}E6mS!VC;oL)$Cb6L8p}}x+dUPp!4NAMw*C*MV-k&GHc`sMW_d9A40`lhx
z00N-^{O6MGzaPWj>>mZ({}uJGwb}oI$o$^?PnFvL!Saug)8FOI{)C+VGH}L!R!#c{
z@*jof|2p!&<<I`wxA=|xSD~<f7DM~z>;DV+uS^C1hUuTh(f%{jA9=LDZ0p}J{aq~W
z|Ca}i>3?3^-^J7ZGtVFSw7*RD-|+k;ruLs%{`sl`{te6D#nt{Z&p)3{$A94YZ?U!i
z%<@NW?Jv9iH!S}{eC<Dz{qrf&Gyl&U{g)Wqf3y7KCH{N1!5=xczs%$}%iqM={_zg~
z1Niq)?4M+Wzbr@pclh=HrY8I=>hBTAe{M4!M*keN{a57Q=Lr89`DXlkUhr@6%6~-$
z|ILH{nM3@`;;sKaqxi45zx$m({{1hb_xumuUS0|m?9X9Hzkk`k-BqpEpS}MB?5t|v

literal 0
HcmV?d00001

diff --git a/documentation/ESAPI-security-bulletin7.pdf b/documentation/ESAPI-security-bulletin7.pdf
new file mode 100644
index 0000000000000000000000000000000000000000..2ca233e3fc8e569ef061fe59e1c154ec577c59b3
GIT binary patch
literal 117417
zcma&tV~j9Lw<hfFe%iKe+qP}nw(+!W+qP}nwrzX%e!p)flbn;B`B$m>TS={}*1bsN
zg+*x?Xqh2N28#x}23rPmAsO-M@$C#PA-TEfq)lwioXzo>{@GEa6Sc5*HgTjAwKi}z
z5jHWhGdAJng>-UuG%>J&bkAzWl!$$7dFJgMI0eW_h|L5>2eO`|jnmoy^aS^`%tRIF
z0h%W9>$N*1R7k+d8`d{g@Fd*ri9cD)@%?<89pBSyvX>;v^8Fqi)$8H<*2>LTto{9J
z^YH<W%^Q!(J%4(BUBt_IF}^;(EXAW6ku~#Upl^?K7?HDQFyK7IUr1zLkK}g#aF0VP
zY=5{Dy?q<so&x^b8-09Qt-a;L)x+bfx&!#jBkZ0|=3@&pV@wlm;S05hQELl{c8SvJ
zB%EZOR!~z$?;xm2X$pc37>3MMb>9$?iZu<Z>)Ny$kRInb#OOstOAjgS-@Qlz?>dD~
zEHoF5aj|n?j8ci3+w1d5|Mr;K^RbA>H+61(|J<7ReD9RhPglz4wq;sAs*ey79)QH3
z(m?__L#+|}CWI^MnfSJX6g=oW0!9R=9bayS!1A*Tljz9?_mw%l=x#+lE!6-ocz+S^
zx<KG0vOgCn{Iw^6;JvkolnF}A5%7)8c%dpUW&ykckhMp;m0kMyS4w?8h-?=`v`?=O
zA6R$hEgr0s%un23y}2G2;C#uEM|<%8*ASv>k6ov)@nb^jCqQqb^tp<8#a5zgSYPa*
z4-t<y5W0o<rhor3Ck86${PI-rolHHG@TUW~|IjW>C`i>xP%+z~?MTt=?xMu|ekeOH
zLum{#3EobVik@JXh=9)z|K+b!=VEIte8LWzpr<@v9Eh<#29CejD+U#NY)oH&Yvbb?
z_!fIZ2lPzgAN$mcEoVPq$o<9#VNtL>`j{eUNZLZ8yQKq~LLz&;`;t#0dHORgNcvdV
zzUoF8LdFe{*CMPb6kPRIzIKri7!Ykyu{(me&8a&^&Hh&1B?NlnrDAJE%mz>w=Nm#@
z+JCOud+xgY9qR%~KjRht`MX{=4&y*JP{KL~mn$|ZPet)~mM{)(gcMK*r=xG{2uAoK
z2Fq3+66BXKuc{q{n#kh#ls(aIa17@?8h!NorAPYB%+9hKFWoWSH8m8lGvpEIsYTnF
z^#N-?6+ZHmy@gg?Q-?lz69>t0zMN?G-vDIp`DgaP$nHVyQ?3(EM|1jGw8VP+o1yLS
zU02zHF#XOEK?<1k!(_koDh?;mKl~F<t7n8rdrcCC<_3{&x&+*`LqLV#hd}$tAf?@H
zCpdX0c8a;g4*eV<h^Lv&l`;8yBdYtX0cxF70(Y2*J$fTGvbun0J)>!1+QM}<9EYpf
z2;2Iojp}0=>6c-Qz7n;fhJJBVvc%2s_3DRLhVzJ$cAAR~X(XBnp@muV;m5}P4?*<h
z^CmQ8&G4UR&{B(-^Ss6RX?>8Ii}NoeGg6vq&1DKKb4R*Q(cm}9=CS>xuFxqG+cb~B
zC(>E@pB!c~22!~#G8s7}CyFH`SV$SNMskvYVGQS?@l#ee+v3msQoCu_7|AtNEyy}1
z44JrkDQ~@lTzmr|j;sT_jCVy1{VH48<Q_N2Q`n{60U6g;S&mN8;zUF|PI-(K@a~%^
zqNd><nD-qSDjo?$IZzmCZlk}UWdvN(vWWgd8r5(&6@3_BDH9xG3c!-@s&zPOaPBMC
z#Deh>hUp6D#>4E9rt;0lbd!WZQZnVxHD5NJlrpvAJEhzu>T=6LvuZlOVHoNZd%c~V
zWLC*)UtXo%2Od#pN~zqZ%!3{>t-%&iqnr>3mX7Bx!W^hoMk@jA$8@)v2d1W6^qS*<
zt2;UUL6?+r>LolKZETGBivSfli>OogP*%xSj>*Fg+huTFKE+Qv`XOzGDwJbXz4?aP
zDB=`oEFLBxZRk}_{Int4I+8|iyL9H`Sk|-rKy$M^_LOdF=?y{hzSKS4DUc(&y&O(-
z)^xU{2$PXh8aX?1l-;6{DuNXj(1e^o)pxNTE8!;r>1Ie{na0B%e>q-K=tYh-ijROY
z7~(G<`oV@<#b^W9%@R{@<HS)u29)0USEf5I1HI45rS{0y4dO<4GoAI6S&w!NW5-PE
z7e>Cr*N!DbauPUu?S-tRpgWzNp$eb<{SnTip{tLt1%$@m6*izILlSf*oGVcYq3JIL
zCTe&Mkq>;+@!mKiNEuyMZLTi5z}AY%-w$0|p{D-Yc^;8R>QQbjc&J-8+o-t0Q>9XT
zlxc*Nm+e4p?`CLBm1R$;wsXR0g>Yqd`qQgrL&9ztE-lT{0B|%*zAFG(B;kH4u?^8~
zHG+RvhvbMd?HYs(9+BBhuZJwU4aTP-t(wFQPWWaOTIUGe$uM2O;9BV0A$Wj6na9_)
z+^=NzuP~q{*)lVfhX>7tbi01L9oisGlN<NKLzuc;YAb|IQ4bH5doE5DTcSjERYGls
zBHq7J4<<Yh2NPL4TW{;<!%ZdFa9j!=E8LE2n1lJRDl^b*XQ;jGDWN4uE;a&_lDUW~
z<ik|HVM}9{?OKXTTi&H^)cH~%OMf1C!Wph~1F5kQ<SZTd%J+|xDz_j#n1)*q;t!_)
z8=|k9!Uet(I%bV~p>+8WYS9OGkTX%c>b|rDJKuZlATLbEEdPYh$N;A)z}H`Z<&ng<
z`cIHT$kzs8lT?~+<7{lJD6DIesJEsH4j;Wjf~pv(Ly;N>D&H(uQ(-)au&OfZo~}Kp
z)L8(7PszKRbo4+`hid$Y`XEYKeCnd^ESueCSh~iyU(J6PYPcnuRz*JaEC~5Td9E}h
z9!10^;+kB(uvro+S<-%G>vagAcPzETd^Zc**hk(5DO_^>e#k!Y<t*{1DvL)+ambe|
z&A6nPvE5N}XXaP3ehYEVh&ZQrvpjzLG&8zHh?P$$!J29os+OcU9&&KtEDazu8Evru
zZ7_Q==*TE_yuq|?;m73&z@RpDyOD#S=S70U3~Y+Ld#R8@U-R}UBC?#HH}RfAgi6ds
z&}@K3uy}&q6k5m?N|sMYWrVGc%wv)LVStmNN~BCv5$xA0<3OXLuqH1qvrFYqvY9Vq
z^_sNQcqkoCOh}*aGCiiy4I{Kk;g|?u6|heF4*na%C6a|r>pfe8+f6sK0Gb(@Qfp#?
zI<OS+z6K<yM|4IyAQYJHSAAJe2iYM(%;|m?k7#D6o}MXdNRy?NtBi>SS3j}FnbkbC
z<i-<`xa*33Ifj%e?0pTMis_)U8B3Bw*OjKKXh^C7?Mm|)oVFn;ddXehDKf5W(R#b+
z$8)3L)!bs-vV6e)+5<{NVcbZ1NP9q_vUy|VtbH7gjnB~8O+3$z=GLPB>>gp;h&=;X
z<5UxMN7z~pWD%fgG~BI8hef<6y?b&=uY+Ae!PDoNXWFYk_=v|WDY|j6%ZDnQRabZo
z<QrIc;p$C96yL~6l`|5O-OB1{2b^)ZZgkd!JbB7i@rd>a+B#84d(v<7(QT^$DP962
zLxFz&LU!?C>t~=~v<Ok<k-I34ZsgDFH722a|G1)BtHhaX)3)Z)O7F>;SMMJVrU6@%
z5FrUdl^<TX+M@#L;VRt?_xjN4x_lt9gpy@Lty?+mCslj*n$Q{??%cIpuuUkVx|w2G
zS^`t&M=o=Q^HIgSNR@JJyVYdX$*FRlIik}D(qe$}D>Y)B_vNQAeL<C|!-FQ)W=l+|
z6Y5nisn{@WSf@QTG17fS@pv8rcAHg@Z&-3H#0xi(2mMzA$nA16)1MOMo%I$Nc)XZl
zI`m_n9M6N}+I&OpxH2Gw{~m0^0GIuF5oLz}YkM~1s>3oTEIf~h{lk71Zb6_o-zGIv
z$ZdrBcCS5p@|w2hx`_kdK@au~J4>#f)OPl~%h(_fEhk=9QGpWuVwqSYR2D}(lmAMx
z_Yd#fLz49bBQOtOoEebBG+cH}?CpfKsFHsd;;W-_jhdF=o4D4Kt_S@D&bYGfJ#iBh
zkn+3Ng?vu7w}EX)tTM)g^Dzf+7#bg=c-+aHDy+Q62nD}(DL@(ke?iWO2iFgmGnlPX
zoE%J+a67mP=oEpp*QC?|P2|{+cUv$Huo$(^EJEaNab&{8%u!9z1BH$6(ZilDmtpH6
z`b<ZfccLi;gp)vpLLlgJRUC1AC}uV5#a44gU6+x6MxOAjV$h~5EE`gLNbidrkFPCQ
zF{jz$2ZR+vE&>oBJPlcl!w<$01t0$kSw28l76v(T)Vnx1dD)mbIr{025#V6CcVK%R
z85Ea^p+Jk80m0HlFSQ28ZG$(7Ytcpkpx$$yvHR6YriLlUQ9`${xwkS0m-Z0Omqn6M
zpDVrN=VZ8THG_8wG+>4n$lL1Zb!RM|>@Uc`fP*EZiLLSfZ;yXg|8fQLU#0xJU}9ir
z`S<ugn=JnYGpzp)nCaG<v?c09*#4wyg2fN5y;1!W03g-y$Jh<&kA}8!G8+65s5tBE
ztB@*6WN57II8&g${^SLiMir;ag+Po)bEux)j}!g<uJyKo#`b=%pV#}M9qg~HnqGGE
zBsSmoK?yux={xf%+0VV>w|Barw+F-HrQ_Sz<$f#PkN)8P<1JtAw4;L=67A^Qr*pko
zV+I@3{Hj&QA?>L9y=d=kDxcra&++%;F<Jb;!P%pwt{is<m%3D8=%NYd<|}iS4AMFW
zjImtmAu<_@U1}WN{PyB-Zgsy#)zlxRuj5oSq}2P$t@puO-Kl-^!)ra*$tTYH-Cxcx
zg<@vHVwcNHZsbMaSJToqPdwVk^{J*W_+Y+|{HL5?KGE~rdl1j$T}LO+n4}TEodu;T
zV~iBBeLGfRm^LquMBLK*Ekrz#>bJ(&!x{@<bY^wA1NYj%q5Ma}Ef&ZNW#aUwnSeWh
zb6Uwb;t9G(=aI!Q-(muHL0mahOL22lp6(gBB9X8nV*jZP!!c!a&6BrI23dt2BA56p
z6UH8fOUlA5)^kY^*amW3Y6%&?_G3rx;$%qT7}->3?FE<26w%nufYi5zsu2TmV1!KR
zrn)}B_=M|`hiOJZe>gq3<|yv&YKGFq#i5v9^xd*?a!3s@X5MwR(RR|g*0tzM?*aEl
zADHNS%Q|YkK}d_MK!LN}B~%XxttWvk#mi*o?xIcRZ5Cf_8+{gIhnM`nw5Ka=h|Qj=
z$eH2b0#E5UpfZXEV5mZ4YogQlzYv)|RA4ZKmdDaue{wr@vOcEKxZg>SGQ^DYB22%Y
z8wfc8dA}g(e56%&gLnx(?M60|f)QGgPE5#XG!0a=0X5Ti8`F)c^KKdnqS%m6b-{D(
z{J_|}R@1umTA_y?J|~pSH6AhC#h{hoAzor4c9VyxYkkwKwx~kH7sHbB;qGP+6v+1+
zoFRtgqnSj}^P<I(*0ra&CgB7%lCk)y6R5Bp31;yLLAjBj`La%uH+`fL9w6qwx{W|T
z0W23U3`<su0CTLtW~k=#4ozj8Egf|!?b)YH`?|fSZ`=6yKul~N&gHS8Ry4~f&aJ6j
zTqir4_mE&da{#3J_U5ka?sr4EhR35DJgrp5UY4xKd9dBld;cI~4R~qt_Ac{dk4Yha
z#8}M7$$0j~FnTHX$y(l$qAkAAw$@U{S!n34rW8u!z!j>rOhEbisD+RpntC9t)<cVg
zG5iW4qR){uIylV9`fD5uJl&wmjJYA@YGqxg813TJ+aA#P6=&$X1tr{@j_wi14F}k3
zT1S$|4_kHRC5XFK9nbEkl+<Ics^e6@#U&Qso+z|snEq~nRHZM$IBmi?hi6i9>Egw$
zE98_nLcfA4h*+ytl&wH1qowRD2f(C<q-rEouqIwT04-SDC5@2wd9eWlY;K@*0AUt~
zuOTxV9<upHIFa{#u?S>9kgFwX^-n@QoSo+QA_BeIpvl(9;U)RU60k?8Yi(KCWSBBz
z&;>fvE5OF9^6kN38^p3BvRJ>899-IVov8Oe14dLs2uNZRYX${XR|Z&RU&j`3i_K7K
zY}A{Y5{Om9fsGjx3rGUn7W8}mm6U$@)0szVbQ!XEeJc5R_Rw<+-~w>HC?ZXxE@vIn
zS<<|LZ>}g(5fCJTKkCiv&IsWb-^7ztu5t)wG4w1kO|*)K>F|~SCb)i$BkOwo$y<uZ
z$1gtC?4i(SQKO8d(N-*fVY*d1?zZKoQ{ZRYd24J$^AEe%h@g(uCg&{mDv|t&L7pHJ
z(i~gMEklmxQKUD-_SVB(R7Uen3J^KrVe$!zOB(3~Hy!I?jnrz|IXdc|K7XtQSKSII
zgjM)OgsEM86PVsRdAY_+K(qT^9z+AfHlZ_FQfvl4)P+>+Z*3GjC7&}KHT0<>=I7*}
zi_5sySk_vEIAx!kH-7v%1}&~JrS%gQCM#sXv#ee>1PZvOYsP?F3IXo2DjZMpS$KX!
zL~Xy&|0)=aA_rXH_g^zy3riHxo%1s1gJ6G7VdwhPPKh~wOqNqJZ6w{6(;njk+-}-i
zD5V32v7wh!g6EvHW(=ed1U6^oX&4pWFRYupxej66LuMl5i`ku8ho-7QVy@}*ud^z0
zT0fQ3X^f`>t^7;}01P~rfYd1)6xO1<vg#btR9KdCMnj)%7qnOdnNPNEw7LI{?l~!+
zSn}u;*4Nq7-gs@rs`AI;v<_ZaDC>Al(CvRwT#T{yW+*fcHOr+K8=3p<uozr=&g(c(
z@gQ)s*qp|Q(ksNq^e!>xR$<1rv4IXqv}*V3jn@z~#k+<;>WN+tHfP4<i$d`N=7}Iy
zkvwH|uQ$y2B5L$lbjiwiC@Ao<SW@dunk_~eLm%LdR5aT$8_6nRNvDg(W>&gkQ1SFx
zDt9lkVm|Fdny{_1-8@f}ksq<`r9~B<<e}O*m>7?Fc`dhywCcRcT%6I_gk+=eDL)Ts
zb_R46fnL6-bbkrTdBJF&al^IVdRu;(PAN`uE*_dRIf2KOW66}<f6_N9rp(3~ZgJ_S
zpJc)umFj%iuR09Cc-b`x*gj%>m3kl|X<{oylu!Od)jX-;Vgxy@FY&()38Cjg7?gRH
zul5825hTZ9#CEd@?uT!g$Aw^`ZUY#ej=8fR{B?MLT}ltSrAUvey;NVj-DW$z`sfkX
zx-8(WED^3ZMZ3u1&so$ZsHuo{ue6?QbJUd3B5CayS}@yW7uoZFM83Y!P0-`lroJOV
zKAq@7A3m~=-}a&1OvF-PyPg!@PJSxo46L^st#g)v<u9Ub3zu?l%c~IE%&FA$m^13I
z=!nd}Ip<AT-9PC7;o#JKhJK9E?ijzVD7aW_Fm*8oY_$f%penih`6%-@I8n#-uMS`>
zDzX=c0Uwdd@FAR>{Y-haee9bi+K%kpX%-!h2`BICM!+$`f@+|N7{sEi;85%aV^E8M
zx2;EWEf4gNBiQ8HrpIAkt)P<=iL~|Vq6tR$^zf2t?GcMks~DO%b-`t?vnjOnVi#3m
z0ta&<z^&GY$;igLY7GZ&Yq{cSf>t{(wM7!#A95p*s(BRN#YsQ2GzR<Z*Gf0tJ}(Ox
z&I4)o<835<eHa7g8Ek>|x%gYi)???}S56rb#tlziZ5$>Oidd03V2L{eqHh~O7XJ~5
z@@XNqsaPZTV{lne%olGIQuUSz_mgt0rqEV{hKpzD);Mhw;TZPKla4A|?Wb;3olm5o
zutd=rX0n&{WWlx0K^gUPz-HG8Zf|hmwHTQaX%cMthI?r`#GKj5DJnMVWKq+EB6d!b
zkp%mErwh3sXx{wKm)%YaR*ok0Qb$=vt^J0I7c5NBr)ut5k2Iv63SdyIc-MV<kqVG0
z=QjOLo(<f6exlk{yPeVQ$>gp@%(s*LvOjPxVyG^F4R-PU9<}-u+3o#l$?nc!Z|6HY
zuF72ft1G9^*V@*(Gw;Wtc-PGqtT3A7m7Er)p3Fj9I;JiUnA7_gSzW--n3YnM!sROV
zq61-1P`x>mMJm!F0_ZrPQY~3A3ATt&oS7n5`rWYyG>1<sy}~4&FKdq;s9Z5*Haj~l
zcW`&<Mh+uS#`I#G(~UIAwKw|Do!W_$=PHuFdVJ_<mb!Dn4nNUiq0>WQY*GP+BG2ba
z#z-EY33%pkv>MPZ(~{wso}f^7bwZ-el|`^GGSxb$rtZ>UbOwq=`VB72z6!8nFgMA0
zqLH&b_kF`2^`WvA(=xQ@uo;)?%K=gC5Pf*!+|s##Y_n36+CRmE;;+GYdgD}qV3lU1
zv4P7%m!s_32AY{g1MrI{nHu(~nH;&-y?j+<gIt+v*7#0$JGDkBln^Z@7mIdT;dctB
zX%T&Sf9e5(hP(&Y-;5k}W7j;3h7?(+dQ&Cq#N$#bW6T#WHwBeU%2L@*dL@OH{hK*W
z)#T;y5M-ha{1GufZ4<qM!*`fuIVmZEDppbZd%oa|@v#^Y80wUJY#QPg$Tm}8(5m%{
z_X9)QtfxdOjF{q!X)CCo2%v?hB0R{N;q!j?DtfescVc^0AWD6`1c!`H4-9N+>O3nC
z(Pcn4O5klq*jg<us8&!~D(PwV*`SQo%i<DX-If+XqHeLs=@;oBN<WHWw5g3cA=7zO
z%UlEn<Rp47P+;-~DJY6MWV^q+Ow3CKE&ZR1@@{~fowRt)!1x|grsn=iPE`IrW3^xB
z!7SDZJ{4UFdNJo)3Z4Y-J?2f09PbG@VidZ8aw5b<(|sOs(s~1@h3;8@93Z%mt#akd
zIl5cE1Q?Av`lR;NEx0<#a!HbH!ImdjA}2+nsR1}zCS%3T({^oOhYnyIj$m?PClHNP
zi9rGxNAD(rw@c{aoS%D%@aK`j|B&q*5xu5d5brQa*5Ke3+Cj;Q$GE0$r@cethjLS~
zg9q`ECl>wYNKOalVT$S!I3&SJx(W;myFsx~7;~m8dU$xsu1-Q@ISV4*7&0U~Bu^!d
zK)Hp2KuV?7Kr7KDyyBB^8_J@qY%9il*{LJHNzD*)4;rNZ4wtg4B|^IfEF}&b%NaGC
zYRek0!@_?R_sKl}EbjZI)koz1H<J68X#bHMGZXv&ksSMfksQbWgXF5UB>s7u5O!W`
z?>P0vNY16_&_C9$`CaKO#t4m*Ap~{t?H+%8izp>jFk?SCwQY@Z3-eDtDu^qgvV46$
zZzbCOn9dd(&KK$Y{5}`$WPk7F=s3TBk8|xlS2s(xf<&rQkDs1f7wzyqj!1pJ4`*-b
zF)B|kF?NzcDxa3StX!6FKVSjenzd(Fx)nrcZ(z2zu+sDkFzkDC)Lvgab+?qVE>Zg#
z_F-s6A~z~Gfl>p-(i+;t@@hA^(7kQbkqg~Z(znPCb)^mHoF1FFmtfeQ<l;El+{#lH
zGI!Cy=07{V4tn8hN8EudVC1M2<>3C1h*R7j^?V&)zS`yL+3`IGbK89|rV74fU2r)T
z2FhpmQ9IbbI`5T&J%}8=_pWH4;y3ldJYXa@yoC#xxh-srBxZv)@4~T(T<4pM<0~90
zSdp*fOa<my@ZL}kGY+%0F@8f_unVE%YN#XLv;W>yOFN2I6*0((d!^GU5!h%4Uu%NV
z#%T(~Y?cy(qs%4&#G#n+7C8Orm%5}o-hqO6ZD1#Cm-^4w?->vnA^swGB|cxt*w=^i
z@V{J<&7X?kDTi}?(2ac1$>Qh&7(?De4Kc((_p*eww`CahXp>j_bZS0X;FxtXQ2MeW
zGqKB$Dcm1!Ycw=cCmGmrVO|Iqj&~3N>euS({1~-&=!%P&cG5b8Jrt@qW9r21i(T1j
z$;rFZsV8_J>P{4N3B2=_DLx_qM_Lik85Fe_ioE69!gp!i&Q8F9-7*NW?a1Ua-$}lj
zqRwYH$2LkZN+AM=v&0D{g+5!fsZjZDe?c>D=yzNo;hvxxM=PRUy)j5=`3o_UA{xeV
zYZ(f;W@p2>5?d{=#(VVD%oib7s$4}mV<rj4#j{0B*^(lu2y&(CLwk(?Oi^ofo8wrg
zEZgS^RqHL`d+OflA`RT<w-nfE$b2m0L1xt*nGSW#^J4rN>F0QS!+%N7J%gW3P`eQz
z5C@)@C4|_#tVDH?Y?F%660b+c3BpZ7o3R4-Chir5;0`IsZ8<iS+)sQ~NkQ>|p7%5r
zgE5!}V5CD9Cbl;w7`fS2kLoC=k*0Gb4An9?8`mHEz`SS1vP1C>aZu2Xk1Qf4KQM@z
z#Cwa9#(mc^IujxvML<d4K<fUBi!%5JQ<5HS-*rb{12cGO>~_7R5Coc~OR`7=lQd!K
zMxfZ##EG^)Sp~sZIL(pKp80CE@$kLm=H{2i=hON3<|6)B$W<yS06dOx&>fud^*X>T
z1b_+3?BZlJ%2cw4<Waz^V{8l?o2l6LrXIxX3J-^PzrChBLY01Hxl6l6P;I6>1@EzZ
zf-hib-6WgE(fwK9Y9=p^UzXUrVLjXunPy5z8kt~59Bl`|x9APOUX_*rv1;_3_Fei1
zgCJ=Bqs<S8@c1G)7>xs87(F|yDryicB6F&E!T<=i0bj&YU!<i$qk0b6uQe&Gq0Mgw
z$Pe}IX@>~!GEkznfEOG<lOYIJUS1qn2B#i`J}U_qBT8aS<@7A(j}a>=h(EPBEy92|
zpE&4;w~7FQHviG>IL|s7e-0x!Mzf+U&Xpr@$!d-+f3+^dg!YOwLk*}a#rLJ&G>50{
zjKjoNm;twCK*3*nQK~)(s_SKSvOo9;uk?&#$;wB`W(j4oluU_q4b|Qt@XHn$y`uYY
zCYGtw-_ynwF~*v+7UNA8+vH&HqLM6)y$f)R7_$V*@jC^x*+^H{6H^A8+nf240H++g
z=%1;B69h8}nX8?hPnZyKdFX2M0UpkQna~k!hH9ZjvFoZReD(bf;DM+KJKztr<y(xG
zvkjJLh?W@3QnO=s5f0q8zLt5EfMJ9dl1=GAFfDrY&*{sLjSZRLYv^BBwASLNCN7-T
zf6uzc`_4}Dtf4gPv~;}8lxe|)6@wk;cIrE(WDvZ<J0fi|;v<kd*Bd)pj<ivu0rT{~
z8dNkR6N}&&%c$W=QsFgnB_s<`)S;r}+r1{i+x1Y2V!75U*D?W{Y6V?o0qdm@0{)ii
zCi0N=v4aZ2VyHbA4N<l4&j^4|Ggg9F1rL-vyxoa_1q@FGM>Y{{xFg27bo$HXqn=3a
zLiT#1DkR0TQ+ZO&p%W~-vC*P{DjJw(Ry@QxI#fdA57_G<dp41#q+n6E1lHxRUDWdR
z{?oMcg|Yj&>tu7`4D|Ybw9wds`ue(E#Jfy0>f6sC?e1Aq*2czm-h>_<!mkC0XV8zN
zH?TvHK!c!unwo$_*sh?&Ms#e}Zkw?X-DrV@p3qj)hzHdbU4x*Ytu}_n4!N;bRY57D
z8vr9XKUxw2oVbs~5y1bAf(WT!x{7KZi)H2-<PcS5Q@il4_L0wG4pYop!*IKtVqP^V
z5pSb7LJN+J2+7RbPr#6(6Z{LJhSuWhgHym<5VU0rPnsnoE0R_g)7=DW*2Zy+ncs5_
z;8RW3s;4yIQW#IzO5a~~c8$wu0>!fVhmhg~q1*ptXkHHaZb7;jh4YlOvhjeE?!}X9
zx{8ZceaRdIY=%)pYSdT(Q2{OjSqB}mqfsInzF7V-jNOT!n57$YFQ;szt?6tDOfFrH
zjAxiBGzG_ps~n#;B|E2M;mtO4vF#%NLVk@(yyK2MWXQ(Qhgy?W`y`n)v6&&1LSzZx
zoL?pxTqf^mMF6&jS7Ut+DY_ENWt^*leuABxD9Av`Z)Z11zH-BUdHnHZ|MzMie#fV4
zztYR?T7wIF2eC=Z*pnxei!0~x%W4~5JrlJ%X_;)0#DkC&ES7<)!>4~GV}`*vQXQ=c
zJE?S%o-ceF?A$_28}z(z4Wi3X6Pr15@QU6Dz-qm^k+fABjA44}!K->5F)=U0(aAjT
z0>H&RYb`A%#26zj=5>;(gmJnUD66vrsFg*s!(eY-md#}IY!qu+WI(PQQBjZHiXP>=
z!L&0A-FkU9`iQ@xNE~k^y84U}rr4IkO;K;wao;_??yEE^W2ttF30mES@J*Ohs;jol
zZTY$rpRS^n+ab}-EN0^b=jvK_OVX;e`)k~i4JNg2;M+#1=XB%KDIAPRdyX@e=J9ax
z`@H_(gi;D8_))c-;V=0|A%gZJQ(mx-1e)mPxjacDIFzYQoNMQ-EJ{!+Rai>fFH+_h
z%avUA3^G>b7zD@Ay%QO&B1r&e*+$9&tffRuGgtaYj6?&2PG<&teRAruWp(%?OS&!f
zpZY!zBCH3&c_?8%=9Xa0`R>Igd4Vt~Q%>RwEE2|!-#g31gFKPEXU*r)HgrS*d{=`D
zrqT+k@n%~T;RvNw<s@wE9%D`D?<ZF0x`XPvk3f6ZIb?qU;~O`Tf-Ij{FDvkl8yfzM
z{n*Nkig!~y6W@YpLN}~dg)0TDVcQl%mo3ry%wC>d!)A{uz7`XDm)HAdFF?7W)DaP|
zK>>QM3yq%5uS;|%IY>_-DI*5^;J0%!Uc!!+eEut45T+SY()NWURiK9#CR7Bou4dSN
zVxDzV{@ipQsUC@4XiAhy00A8=+x_8vxUD{_DsF}`9Gme}v}VOpe-uM`vNPttS?tHj
zp``20Wv6pw)>_M)+#OQnwameBq~PFiUD@GQp3D346@@We{Rh+q)N2iaeWjZ6H8bL&
z;ayfSXO&3Dm?iVw0)R?q{%uiV%!Y&6+uXtT4cTe0>yL&VKK1rh%gd_M!vvyemuxeJ
z7oYvxR*Yhyfb^*=Ct0k|T){NpI8R(r{1lxxN6}D-9w1>p3Zfzf2F?IfQrm^@XI!S?
z4)AO#3SnlFFya8NE}ippzvg)a{8YZ~akjRr-NU}zS=!*@myXO)y@`My=z^@zcl7pt
zu10wo+R)YsAKHMw-B?q1<OT|^O6TcSFf9(n+D+~kDSB8D@od{)`?iNQHrv=t%mBBp
zX-y4jOPn3QA$%jMDk?y$U&bP<VeJP+zGZ3B(Bp~g^$nJK$cGxICRH3tdMLL;Q}rWL
zy5y(FOCe}$#(8C*b}*mjuat!e(uXB#Ay2@F(sMHIs<*!ViG1S|4W#}Flm>L$nbU-2
zc;qM-T*q?Tf(gUrLY)UgMQ=EwT5knp2`(>{dVFIk_E+@crR;aPs`VKzjV~`eFh3~4
z+zDZ&)r7U*crjlZg3#YC(Bo2^fmoLc%W6}h?Hr)O{%x?G$<Zf>V(AsdI=UTFh4u<%
zNj}b4bsfHFAc^_qYeNlzf!Tq+d7+$q&iYS79YQ2E&pe-XG7o;?AHJO5aA;YYDE|#(
z{`JZK*N|f4_&<zcVE8YNVfZ(3_dn+AG^J{(Ibe2j_2#XLc!wk?RY;mOFGe}UuRvpl
zfa(J<h==eQGT%ShT@krrD=sEMbh3N4Rl*P7-q*uDLKkc8et9vz(E4&tmUDdH@2};0
zIlifQeOdvW`hK^q$zp%y3?SGKZtY%cTgMNN)`MQ(|HB%-ZHTXb5_f!h`t2Q&4r*=u
z^go_0XpKX7kI!^^y?&o>o}UEO=FG))8Lz<<>qr1fkgH7EQQaGn-B@t3mA&j@$ldKa
zv%Jy#3n{4}PCRmND>W9RduDkUkI&e5Fx=;AMG#00!AWP`oq;r!>EiU$k9&msW}2#?
zvuIX?aMG6oSHcm@I|zR)_(_GK=-b)n-k-AG>Zb4}C>`q&Pn*P?dUF)=;2wv1M_rP^
z@ZN4Mcnhtgj4abXJZ6IKJ;bSxWUMI$Y9~7vGww8y93=4G*A?^A*__F>vqXwMQ|Q6I
ztf~9;8uKjv3Eh>g$K{Cndw3B+)Bzoa9^b>G400BLtt6&(XRmi97)NX$1%DA~NMPo}
z3{E=~heI2Ne^DDoRav%_{e={-tT`7r!BQE`AQ%kK445@`Sl55X*31dHudxu4MLNFK
zUB|a0tv;l#if?gim8F=XK`7xE4r(k?2(wlV@75s!b$_j<XuDKYT}+sQ4ugyDjNCo8
zL15zkrxCVtWl|=Q%PLHJ6$fPOCT%QVG)V%Ia0OkRh#iu$0<UiPv`NKP+<Yk3!2hGH
zH8r(0U;OT2*!Ntpw`u`%PZmz{rXD~tD(-t@4*iIpka%S^lNv{xp*56Xt|wErG=EFL
zz#!$0+Dl^E&|_@5f$2$iE66>r0TCzBOi^+2cPAq}*Iij0uz5Zyp*4bVcrygmv`f!$
zDj049_<s6Cpnb*(USF*BAUe3R-LnriYbjPMn@a4cHN|u%*7?}FkOESe8Xq-E-iY+t
zsZM-D+BHF?dq7$_vR2-NqH>QZy^M4VO}d%qA%j~d+}q+%s$Mzr+%#J86|rR;6o6!E
zNztAQ`MX_mEaBC{PUq^_ghHN#i2gyN{Z*;tq$xpz>R$TPMVj3S*VB&%ZXjyCP1P>3
zrpZkWQ1rBIyDT4E(L63r;$Ha_H#bncjU9iv97XD{0*82)D{y8S)UYj2;fBS_F>4-E
zp>8=3Y?(I=h#1bjll$2NLv4PVz5fd-0$&d^$1SI8DiI6jCvME1w29bNF{0Pg#~<*(
zb4xBQ6)e2Tq@nbC$@v&yafVddmcqd+8=s8R*XH$(-zWqnipc$Odn3qRks0L`gGf1g
zwq)Rcdie|_YVb5{1gb<HZDP4aHc-p!z?#<k#OtZ;V*35udyCsBEdi1d)zkBE0m;Sy
z4er37$n}aS@H%>z31Fn7P6_sq3GDnoRW*A%o8AkW7sPFe(M0F`!BZ72>&US}=Gy{W
z*n=v}>udrs8WXg{KBd%|N)RaG0=<#cf)KDA(vluwS_kR(qsnn^1$lp^=MyHLYKfjD
z`LuefikC0oDRDlIeK0$)sRCTbNhX;XC*}As%4#y0i4P*K^!$98!eIPl{!{!qasKJ~
zc}GTN#`*Y}UBu&h1hT5fM86La^a3w}!f=U$*u=&f9#90TOcuwbOP3MgU`6>$TE|}B
z+CgtSFB#K4LCFdOn8hmcmp9IItW;j2<(&12gN0a#<t*W%#SX`#!^tN<CVzr^Irp`-
zOLYXxg@zzp2kn?<&q~P|3Qk=OYq{C&i0wr4^g4?6d{~$yR``t;3wz0FVTd4Vr0eCq
zEUAb?u?_hkdjP3rq+Sx;g+ObArJLlI3U;N3O;JUD7bgJyfVmnl*a~5&xF_A5sx*K=
zILsvbH!L8rBvW)Oa0F$7*$B`7I)Km!u(ZBMRv0Bj*+SSL+R)$^EGh5WRxfeH4F(aU
zXE>w6lz$N`qoYJdRB-}UQRNH%WI;QpZ_KWWOTzJ|9wDW<U73@5zji4%KZH4ER|P~B
zM#phU#l_nK$UJe1A-}n#G=dmK9uuFkWl_1QWU8)|ueVAk(|Ar25j>Oo7Nm6jdj4;u
zM3dh4!SwSb-XO+~k*z9I*F~)oTj1eAR%aL9{M=h*>=thVCcCNVqnu6b+k+~vIjH@?
zfdf?~xb2o}I3MBllS@S6L!3z2Xz)UYFdKa)g}Q~}{0tBz9Wf^{w+uROO?uwO5)laS
z0&@yIYdlDef7GFjrV-$7Z8;tuqhF5pqG4DAhcQzLXG^+=C3Bw+APJn|W1?^E19M%%
zLLnTi32o$7(GGV5%laQ!(#2<FaQY*oWXi53GCVJnlQs&>@5*!aGhJziv!mn+eY=8+
zi^3DetiV~fCnH7{4g$|=_4P?i<_Xt4LQ!+Ndv=gL+_J0685u7h;Bf_;`lLEzTQd)x
zl4RN=(RWt%&iOmKR$)f=N!2GlTV?=eNGunqmnXzX`vJQI{py`W$VHS69@~uZ7w2{b
zXWyFXd;Y-{=j#N>Et_dr!2F;L7)w@>d5VT!29I>Ml$-5HDHgi!-t3xP(yH5KWOV%^
znI7MY5{2igL)n`{SV;8x#)={aLKB#OqEW;p>lZoZU#m9bK<E)Up(MUGq@>O^8K|mf
zK+;}bHPkL%<^D}24>iEMXw3NugrX)nu;1l}iXBCdRtN-mpk3Gq7a6}G!n?;U*@gD>
znsY$u><CP8=Kdq2q%3gYJs}a5Gj0^LFJR~w!0o(Tm@iGROyOGjmxE0f9rs9_pr;Gc
z^4^+goSE_R8kn3eFhoCs9V$YJH05Cxv#8_TnNlcNB*bhglCOF=xg{MwQo^v*mJ;LQ
zv;y#V88t1VWjOY_QyuO6ch5l03{!?soKwLUbp?zetY<NVOMQ#FHxGE}i`XBTTm{K3
z2npOuAA?w7P);q?D?B~XNAQFKURV|;-)l)qQyDkJ_qAS-@B9}-v!_402G?3gn0&E&
zw%hcLGPz}M4d@*RU(br5JM1W)#plgXs=AVA*jbck=$b{F%@0>LT&^}cuJShiiu#>}
z(Kl9$Z@lmkU?o<_HRrfzFR9vZ6J&};_7%;YU^Q?P)Rs!Z%u?N&|KuV~9LB@C;5M6l
zTQW;uT5j7L*>7CIoRXwi;VLhLc>UeBDRyf}uNzz$%(0-a`1dsuCFA)%&f1zAK0F8B
zRyGBIsZHuc!znADOaBzEWK<YQx09y#v+SZ@W%qRXv2#(bP$AE$7z83~%lA~+$ecfr
z;PZ5ax>a(%TvTb<-jsX&VW!=9?opXiTBZ4|arN=hEb7d!NKT);-mVN8M%k2d6Q~(X
z`pMIIY2`?-N#-6eR_;HY_GzfL0@V7uuhLcLqny6pLfVp#yqjMJ)<9ghm#~8w$y-#`
zLVrUmey@tF$musWIBk6cAK96I#41ay612!Rqa4rHAqnp0BmcGK7+>S(<18>Xi)u8}
z3OOelHbEj4rX!lkoAA|QZQUTGAhK~-H>Mh{Uu6~7T8aXBC<$~8e+^)WjG=PcbPY(T
z?vEpVeg-~|vu#m7m)#4}e?_BxXs88wVCUA6s?gz{J&}ja!?&HyRc0OXS`j`9(ve`|
zR)95veOig7)6dv(y@gDz;=(W>;6)zhlmfXKh%{yQPwE=;W5#`R)q~a54L;4lb=~X)
z3H<?s{Fgd^l_G=92g<ah!C|x%KMf}!{%CsZT-b^cPuzL<*3BDLpb!usa`y1sk=c+5
z&{Xj5I%@mar#+rs7k7LI5JITWj>(v`0%X+4HPz)uf8AWcO?zlxR#1#uFD@L+K*+K#
zP3}YM{<g&>swD_U_n_p3qpa14U^TArI;s3G$<2k@A8w!FX#Oq}Cb3UprnlqKMY&!J
z!18r<{GEcH!ZwA)bg8BgAKvMP(No;oGNdeq{U>-NBuVQb>X;36)4proS}Q<Lt*V;_
zsGlZ8x*fYoRIzBai!Rs$m~JfY{X;Dt>-yc!SPory0izuRF6*kM{hnuA*sa&lMLz(8
zr&z@Q1_l2q_WxA@BL~O-r2^*vs)B!`YyYzfBx0FcVY+8)&l>%2!V)b1V1h`~A>p%;
z{W*d^N*V%<V(0h1--Q!VL~Ks-<i+aO_pGE0zdR(WoC1;U?fHH+zOw`M(q#4eIM%cC
z`@VU?dtc7_*9R}}tRCDhfNj#Hvwk^0clB9)S-gI2nB>1Nv$;Dtxpup~{o~rKy%>8W
zeR~(C!;@%U118)zP9OW7mT26U`dCmq?rrHHHz$CoS?!tY))t*HO^+?G#n-eDFT(|w
zK@G2HFi@O_(?P#XJ{d3<Uxxh_F;Jj`djWo(8?QdyA1-{ImD#V4-owS%KSy7_Eo%0i
zodZpS%TrI^Be(a;ZP%MD-^R73{b+5sX0fKwczB-}_*ED^9B8sbbhn+oK)N7mc~C2L
zk?XTaxJ^*mR(RgD5`9*)Uy<13T!7#DKI(RYN_A&lz1wK*acrZJr<E-Gj2=4nv3Ysg
zC~WzG%^zJ9KCctVKHc}vgBslT;aV5V0?L&vG(~BP7N5I(zs^^RaH++P<(u*ry2&Df
zCU+)KFXgT>zD@i1m4Z1L_mJ@`U}hleS2lch#d!sebGX}>J4yE@P^^ttvKj4IG?Zd*
z)V#c@C23TCcMV78Z23|9WV5%FvR!SQ7JusSta3>5Nz_w=jmUt_Apz&#0;BbJznQXZ
zm4v6Fu@0M0i=SJ_tzTDZTbct&7#~)2Z{4Vf<8hKiH>!_#8CC_yMLF1gDC)15cZI?l
z1$t~@(TC$kAQI}I(!~)~&9oid+vylJQ2}v$q}UVHAg$D?u!5`(ZIc5(NT*X`H<#A@
zv7oylUJfjwVIio>GvaAUaYf`(bgad4H9A1y1|8nhh*u#><Pj#WBFhR3ga~pQs4;fa
z(+nucQsIGjg4@~*Dx#<vswYiqsP}h`#z>WkB?@wyXi7WA6^L&1({2qX6Am1bz+ZY6
z-6s5Z&5ql*3R8@%k9C7Hhey)Pd*Gv5k)7@i@W{LSg$Nq*1$qp>$=@bLuCGC)Wg@$+
zT}T`gXaP(j5=OOaA1w1PzVQ{=yqX9$%9!f|=y6!H-Zx6eH&xq7JJkgsb83%(;-x2_
zVsm$)Rgd+K=W>7FOl8gb2Kk7hH}AlG-e1q@qDiWq+<huF$hrO)vb{eWUMhc#JRrOL
zIh&)@NkGzt(x@^}Q8~bN2AQF^9K}X_^&$-lqCisd|4S+j0fHRQ0We&A!Ww}IDH^?2
zEMQ#lEA}?qCfV^Mfp;x`FS*olGMGiEQWDJsn$4r4%XK85F4&$x31Xomt)};Zk*Ytu
z5p?^;q*OXU3HcL7)OFHLv(4wmb1*~z8-DyzfZgiD4^7Al+evHYg3$VhOFs$_5kpLP
z?9QSXA%qh88|u=e8n9xoJ~C{bRJ-ra?w?_u6E3`s*yI%tG5FMkTC0*j)OnP-(kmg;
zbB5a5z3{@=aTQDorRJo_#WCgA<lRDyzWLGOFKV2yK9&Pk$&HXFV|A+j$ekgY7sxdc
z6^eHgfR(@`*DCT*{SOw?($*+mPpuUv7LsKAyTEeLaV?j(FEqOI8KUiobB}TvlablC
z>tJv+wUkJ7POoWxps!GrmVC&BFgVw%)#=IDo(xK1vTTaZo;!E#vS%8~pb%PY?5VV@
z`m@C*z3P8WM%-H0#t%Q4Ya3~r?xnDi+K}8=LOKq#;zrP^JS0mB@TPsN@xWl(+Fv<$
zJF?M#Dmt>JCIVm>^H-sN{)VC8+$e}?_|79NU*COo$f>z6AUq%wtxXJDLR)eS5e)t%
zJpnpsoY6Ib4BIev=pc~oZ0|%K9vga_j4TT&_NUuUN#dE*jxtf6HAJhCvxZnGGbeV=
z0E|XG*F<~NY&TvvA%Bf{(lV>lxuV#^GsuN|bXJN@zk~vt!k%sTW5|mI{kn6*c*F!L
z$&zI8dit&?9a~_ma#u9Kl+aks=(bU3%azF>IBhWqa<VZjF4#_Fmo#r|9T;!Yn<I=2
zJBVU}{a~`5Hz9ovT>Qi^)?~_2A0$tCfoW7*A=D9F8m4ArghtnvsbX1N@4-`6VMZ&|
z`!qLQG7z7}?|uvo{a)%-Sr<W3ktnUTIZ^f2zt(T7lX1?NIRtT0fDJhkJWYY918sox
zOaI)|EuQAv!yhrN8mW7Pzq))j=1sIXJr+VNcrsA9QN=q>Bowcuu7#EnAg;FAa$Hds
zJEUf<f;YX*ZIQ}lDEQ{LUsRk<MtZ>(f;V3HK`Pb?VJ%!+e|edwR#kaIpDptQKe|mw
z3XcsRnBgMU=lfG|Q!aGe#+ioE=DZlF&5P&Wbt801>T}g=VM97_f)RCLP2PCuF`}dv
zGv)|Rz=&wEG@e%qR5Q9DIZIBfR4QF7q#Ts?SAYe^8~phI^Z~u=!koR$W`(6!JN~Zk
zDbLP*kr*}z@nWavMEW)(|HZ&>X~*@;X0gdtQ>dAQD0OSXl8c{3O5&5aR#lc~#H9zP
zLRCK6^J+t#{Up*V;uxL6XF)y|{Afih!^W*3pS<0&q1Fx%nHJY;vF19g9Sv!B&#<XK
zL8edSz>4+Et9*usaH(|&_u-jy%Z9VL4xczgIR>;MpV)Hpl|MD*(bygp;_^$4Th@Pm
zFJ=$?XJqHkuJo`9OqqgWJKdh1;mGkLP<tX%@N;FIrTK|WZk1wVpwrx1Ay?V$@mVA+
zOEe*WKEtHe+*8BE#P$OE1#*XJA&WVi6BJEOU9#85%TO;^i-{50x{X!np5pCmwRM5b
zd9mY@&x=d|+Z((Q^C`c=nxhTggX5}xloWMMLFMrFl`E#kcBgzRb~1T(4GmDgBR1)w
znRSLn26Nh=#o$_OrQM0Z=&UNT@*b9%#)@1$gr1!KA+=RU#u{C)+UT~-7xR4y_Fc?9
z+HMPczcc$<GEu4?PHbPB_WmfCOH!uCLKOkckHBGLo)))1n)ah=6BS)Yu!Xp0s_}%B
zO}|6d7aWAFF1ofZwH33|G<zvkX%)n8%#K_Ai1pcT{-<?~6D#Z^&{-zOA1E4$dtjIv
z`>22=VMz)|63M2y?#X>IQvy<DL48#4vi0<k?0y8OM)r?k2k7;;%3=yMLqrnmI)Oei
zGCkat$A|Zg^xOO(=;6W4A~9X+2+^d}1nP6dn$-bx+f{&aB0g#)xJ{u;+I<Qks|A?t
z=xZ;PSh^H6>yj>fj-f_x^HzAGmwjOr_`^2xNumoU_g`-YwB6l9fxtByfXnQ{4!2q@
z9Y1=7MuUQrHzl_mQ*2fq9)vkIHb9~mOrCUnrQtJ!H1v^jIroH5A^DFunIDRFBtFmC
zMf_7kanOdTS@$D=RyPk&M1JV<JZJb1iWvz}HVG|GhA*Wy=_DZ5VBS)yfEUa`KTc7#
z2rzZC;2PCAme5<p5R0u;mMJg!ZFVWyJ|bPE>?f@ykXaa&C34zpM^+I4^8EqFai@DP
z)F1=nO(jzxp(?e~Ms}G7+#x@Uh2gUGlp)=)clwn)HnLq@Z7TL1<RJDDD5A&qaz(Yt
zaM_0PY2s>j7maF0_(1|Mxv^&9UhInL6IZovfN@E{T<U+mj}@6=?+-M)V##KUq(Jo6
zA2W&bd{Q~6S)RIvM$ZHYSh@cx@?uQLT5H0AZB`YHN7*3O78o~7=5rbIH5TY%?;K<4
zVlL1A3FigP=r0a#W^&syiJH0e|H5Q<dKo*D@_c(o&3J#`3ZCYGLu9wZh_~IBA$XSW
zyMSXOhN93456$%&-NQ7gjRBd>A{YjPDF-h1m$;h_6_p|pkkWii!P;flFAD5l#nlB5
z>4(JuW3<vy@=BC+pgL`Z4s~<4j7VrqWKjD_T@4p!&eNiVnvc+=5RnbNbqPm0u8I1S
ze3I41rRP_gia{Ix<lxFrySONJ8a+#m0m99P_z=-6!guDwwP?sl4uhEBd<zcW?6Zo-
zS3_kDIS1!pJN2EeV`pe_vQq%dqNJ2hr2gTK>Ifhd9B^_l)uKJ$N0|JPnkQ=}C?IBv
zK8!Q)r;tk6?&bT2GZlY#`|ot{zvoq$=;_)1J^xn<kPK}9RR{mZq5dZw9IMJ*ZnDF7
zpDMj|#Z`%7j<cc*S(62KyRg-THk5AL<TpWWO7;4l<{FbYJXl%Sk?gH4h<iTnWY%v3
zX3Tc}Vu|$v_gHxCdVjdRp3+VGv0h}z-MTKCta3rx=(w3@PV!CHn(fNJ9baemzcWD7
z_8r)7wFX+fGemo#dlzV>iPbXr=C||AApuQ*kAZ8t|3zRI$JNhIW1jHE_9sa4A;*6p
zWjJGfCIuxtq6q3s1R@bL=N9%q$<{TNvioZciW*xuga@Kf0A~Ka!0^&Fgrbd2lj`!0
z%O0{8j{wAd!!`1@dfd8w-r&_O;&|~*upQ^^BpK$678RQ8GOZ3lK2DjvxCRrveuh>!
zi~_1Da^fYc@kaqdQ|v6|RdiAm5sC;k+C7CC#lnR366IoxBdk~pu;q{JAuqH`TQ)I$
zxFn!Jk4AWzO6z%7v!`q_x1NK~9e_>2@7zb&6P{9PS3O?*dMtC<RVb+ZS||}&JG)^F
zbY1Ee8L#0?N+AK5ZjLN8$pn0x?bM^JDO<{*5F2^U-+zWL?)Ee$Bw7+Gg|0@}`y@g%
zRmDiIh7ce_%L^c8MUq#VsVl&<tp5TS-2X9|g9WU7X1sh>mYk5{Azh|4ck!qJAjNA!
zU$WqaSJpoVtnf2y8k0Bf=%TDrf%sp9eFacuJ-RKfjW_PzxVyW%Ln93w+}&LpcZbHI
zvBurq-QAsoyFC86Z|=<0{olL0Ds__VBzsroOU}y9%KCD-2M*8Ce@1p0n=;YkH$tZ2
zY@R&#FTiLDq`*M#&-GB}W%rkr4E>ql#l2}ZnIe3~9sj!dQwBsbR5K16BUh-F8Xlzb
zsasokyI_TUmgtIlqvZ;LcuuR#uas7ItPXYiCm9%L-;@Oqwze+PkjS>NzP0kah<2jc
z1)=TsYw4}^xYvD3wgGi>P14147_Y$A*ty_$>UZ7slEKwIM>SpEM;$eEd9J0V*M%Z9
zl_d-AHPphu+rA363@P48l{tIA^qFbM39RyrI`QjTS&{}<KC#ibk&ej`ttd+e=Q6>*
zo@#A4ETr(H5CdZUX$NDY2+YFry1ha}>mFW~m}MLb!E>g~F=p7M%^F&75HrVZ#)tD|
z4>Y8W1lYUErB+<(aR@`v=Es0#S1cxN^@J-sD3b}^)oAzQWe0Q{3T-wmuBLir#^e(k
z38=RdYB|h&b}a`K*SLJVeBf%@E6Xf{K-N)X6OCRsGkx>>oBiPt>1A!y$GgR0I^WdZ
z-~c6sCILUIuazef6~$V|<i%TJ`F(B9k)vhB{7h>+o4E1Q+Hw|{x69)$X}jNq4F^iw
zw=@f-9|h=(SW*M^{WlRYZkUzlYP3BoDMnkvYi}hta~0NlciRkYYYP<T>dZC_G#5=F
zGQzj*QPmDJ2wLodq3{|y+>3a82`xaXt=zdfpTI-n$E)l2A3DNL4>{ZdeK>ookh2<^
zM&R9(CJ6f{;cP+qz`6naNd_(OopsFlm>Tgd`o|hJcH~#D1%t|LO%cv#dCRq{?>f8A
zH;_ICky3v*NBxtD$;8OT^51h5>;IgiSpQ#h)c@5LVIpGUVC7`|cNLL+4|q4#`R1dQ
z+WYJW7M6rzOJ+|K$<M1NC`^<LEgm*Jh>Q#r6&(<t7CUSik|t%Knogt%sruX6y|jc1
zGPfl0cfA9$S?P)j-J(ic#oz*e-v-c9CHlNDTZKI1rK<jcEFr9+_+bO+_0YO(eDCpk
z>f5;x<mSW~R%iC*$KE-?t%Qs9*{Lv0dpL5!0w3z3E8!FPSekw>FgJTBq`UFG<^~gH
z`y8a!vR5$gu-NtE20KWTR2X|;<CnnY)!?;skb~P&XD%j2GR!JEBhc?DbEEt5K<`{d
z-~Wk^ag!JM;{Kzp_KZFCGd&~paWF(V1`-kLO+5BQ{9$le+#1?}bmJ0~c^+p+>qE2R
zfgqSe{1Ruz=&+d`4Pf*IC${;zfaNw6gAwAuobn?%fhLi<Uc77;H?oMewm;owbZBg3
zqB{SB(8pMEU`>vHTPud&B(emF{OB2HsX6O7VEOH`8Mngp!sH&*3atfyJ@P`tH{`D3
zwk>cOZqoiIP)*Za4X^vzzAHeHXC<s5&pUD8^z7UU$&+KX*NLe$Rrk-eOwHg#Xfd)u
zV-Ilsk3^dljS8d!@rh7<3362L$l#wGL1-+t2MmLE;)GBSe|fZ50>iyXR5$m~=}`}?
zKMX&sgW!4MVmzS>aKvFb9}vCy1KdH#n_TxWmIsM6_|Arx?~X*eI#8^Q=VZC)Q{JF6
ztpk$qMX3+4;<x!P_wO#p3Ki&1z<5JJN&E>?oQFr2n<0K)`>=Q*wTnJo2*q@@q2uT0
z!03w!^rOonT`D*w3}=a0er;rwZ_cJtiwvlYU5joQ@rVUq%)=7KxQ)*=s*V)uZ@UVj
zts=JTY5g7On?K9d>9&x_LH&qUvL8g>-RX6%Ed!k~?wq~lAiu@C56eFJmNB{dI{vzY
zPKW;*-soMAs=oQGt!a7cN1WEpT>fHlh}L<8a{q^Kjd%zKE^&Xp1~c{*EPoFQKugW%
zYi|h3te4rusbs>=CFd@mP#Y?yVZ`}z652x${4Vg0mxL+&WyALzyb`5cap+r{noWvT
z^la|@9=EZ}M((u5fq7k9f}H8Sy}q#H>;u4iINjx8ZHQMd-+3jefwhblfogmK((%m1
z_*;f)n}g5JP9f|rU>BgWV)zJ(NUzJ~>)i90&iJE-jvk!rtN0t?kCI<GS(OPTVLuk!
z31bgO@ZmK4TLe{p(M_Qr!Q(-C`PX)-ZB?pjSWwp|wMcsx=Eqk#skczC<DVePg*J#R
z<^t`UF7YQ2H9}kU*Q<^f?@yoa-lBavHkW}Xu7oOtvv{)vv-q=wj(EE<Trthj%?f1-
zmhzSgr}C!?Jn}ciS;e}=>uLZoIxz+GtZ#;kxy})?`^~b=hao?Mp9*DRRjTcxXM0y<
zFHi^0<8|nc5h+rtwKa<^C%TnhCMS8>`JG-Dfmy}}%qP~e_Z><vPnewzjSqvJ@3zH3
z96^nQ=svoWPJE7TWFD5k%%-ENI$z&AF)`s8@R!<iO|yKr^MX4$A65n2B-v>pdCm+E
z^JKqXx6DRmid*_<o6km{PNM*Vum`d4j?0zQ{ZE|Gq4Ey~Xm^vsWi;q@bsfw>sk8hZ
zf}j)So%CE#0fEwK=#+EkH1cLEwx^s?HL;kI#<}H|rnanfE!8){>&uiifKx1$=6S7L
z=;mu0*$cSh;duGI5Mob26;Ty;-9FFe`k+@$d48uS4bOvxrQu}Oxq!EfdSdG9iRBw~
z3=1&s79#8vS$RR^OLDGfo0?a$*5F74GCTD_H0DZ_LdsU4`^1-s5S2(w0{h}J#Ud@;
zs(Lm6HBFs(b3N6pnalj-ZWN>=^>rC0R@L`wKUGZ1Apug}Eh(a%c=8m6Ro<TXQPDBh
zRYN<9Dnxf_KD|i~g}&NVQs}spfaRGA)e?u<9xubnQ#nCp8c4uq>%QArE5k)boA2#G
z1CNIUWe$$+iU(yI;ZkeL)9Flc$OZmjIR8g*Bju(PS!#?v(0gw*!B-xC`)6Oavt^6a
zC!_KW`KT)zZYppCviWJ~hwP%`Q>4-NoR2!@H>sQG$g{w)Cg!}swvF+klvQK&W~h=u
zn|!%ls)A~k?W^yoM$n=@=QDt9w(a<@a+gT_f+vQ9ZPGGH_0;Vn>PbpT&75WK8%Mm(
zarLb2bL_wI=c7&}5b~pyeCD`LX3C9Bu-vy1IQ#|Bbib{k{{qVfP>U8rwbr)3K)A18
z<=XOo9PiP%M&0!@vu`{dh!0GZ1O+}gf3CP~5QYfSGbPtHH?ChfIvi^(PS-741)Q4c
z<vTtm1R1fgkiEAlhDM`)g?_19$q1d1lTJ$8{<2GPaeN!dJ>PU3Cf=?{MI$kg&RVFX
zlUp?b5uxDLwIaSVlEUB#fxP5KU<?`8JrrF&Q~taBpq!^xyf!Q@!T%B4h}|Z!k#(Tc
z%cjN#*c7SzSmBA6Wz~EcIB#v+@oi1s+L?Q;3XGu2`x~u^FI07M;QL<t`k!?(K`!kq
zS)>YOd6ST_20rNh0^7!-Ue@;MWE)1DF^shOX*1R_nMT}woN^A5U=!$x2CYB#ye#K1
zJ_FeaKV%xy@1Ow5GiE9Iw18&bQDY9hAXZsOVt)8#J20^M117k5H&Nkqv}S=7Uby`0
zn4K!l{G1Vics%nTQ`|si`QkYv7G@*(8Uvb)Zj%)!@!Dy_dhOYpG52IR$6!FXwbVfT
z7`c{AP0HRJU=Glbwn}TsykLBQ^D84DOn*>GAywx`K3C<>A7NnYk!c;q`2eIo3@g13
zl*KvK#;;hxkW5;3iPQStVax4z`P-FFr!Qk8I?1kw)#%}Ud-R{L$P5x<139ddTT`5C
z#R^^T0bh53^3bd078J41NcwHmaN+uzwK0orb&Z;TvMVnDuU6+^B#`W&d5>5O?kA{O
z(DPdmw0f01ExqS(+-5xC@ZeaB!}JudW&IGk;eEeh2tC+CGSum0W_NF7xD?OZh%G;A
z2OTek6_3y3v90Z@_rbn~JW&1*A(`I$hIfokc@@6LhrZopa>YZmm&NA8o(i;BXYeDS
z(SOr~IA$@#is#Qnok$sX80qq}gEdACZIWk=|9XV&OpC|y$y3>3cO-xkfs1T8K-t}x
znWUJKuTUApG-Ap6$@kH8JN^=?HdYG$!-doERr%IZ=VE2KQ*Dy9;})MHXPQyE$Y6ta
zd;O)c{R-&Y!q~u-rqX=4hfxB(d9#2<s77_Ssz$wECs8CtZ?0&FEt(vHpArMmjMQYW
z<cbebRj(B)OU{^4YDe%2FJ;`e_=a<6?xJf|GhM(9Isr5PRAc&^)3J_IM(>+PPPa6*
zQyTYrY<8tnK`l;gcX=%qElwFVpF~pW#N5(2V(t3QA7dSSb<Y;kR@PSP)h|hPu_)&z
zs9BLlW<$(yD$Qr12|7~IfNXpK|7)&Y8W(N`Z<Cl?<I5=QMEjEkMJ-$0quVv!-byP^
zkp9doHSK{%H$S3k<jw}_(I1C3sG`eQ?5NeG6@0h_?{7E1-e6uLxtR6UDu*hz9KVRy
zk@=RAth3~hEz%e|kPl>}{-PUpkJrXzz$h!?kSLu{#4IV3)+`XER<~BgQNv)X+Ea6!
zqfVEQ8V?;pX${N>AJ^?Wi1oB0A|PGBst&5Lg+C0^zkjo|%Kx#rAo4J|N%&O3IJ~tf
zem`mYPW^2mG=$q0|4YT-q^|DAX(wlvaLHl#BARtss$odrh5N?uh8MIRe+@)|kL^%O
z#Lj^DyI{yCwxN&%&vCO*^$ybWU+nSzDcZKmbZl<ST|8A`9k3X5p2Mlf<KJ^&yAuwZ
zyNwgwYQy!U1ptGjjq5G;yXTFzU*ALR5LaGgDI&C}Gc5&VE=)`(V0#`on8muH1E{|G
zP`s)=in^Kp-f-NlTOe=i*TM*%7}&C(xUYLQa7ia%*<C{+WnMR&C{4ko9uwEakD#vE
z6W4OC!~$yc^~mGJV%(LwRG*RW*%3hp7T!a0r+i;&-pl)5>gZlNSG{WA<DWp)?eUhb
zFOfMa^O7?B((tVQ0DV!|pMJ|wkUC0zfy8%3*PWF*W6jW)j=`mr&k-X;(VEVeSjcZY
zjDI-jw3{rsAQYJ2V<Rf=9c&YBSUSE-vJ%oDbJ7_mqASmCz@XMFu|C-v{uP}{zMK5i
zZpIwugER9MvdFUPm!$L8qqbE2U@}V1>?VPEzSOdeV>%RjTagVm;pC?NQ|2f$7RiZu
zk%{?{3T$(zta?>Is_9I#TCBt8hSkjXtk6eHbo!#z(d-xo&vzb9Ss52HPg+mzRS%-o
z8XHP8wBn+rg-+(Dp4JcI@9(oYBoF*920B5;3j!VQ1D&uTL1%%cgij-lCGt`NI?&wp
ze)1`vhny9eRHP5F%)7A!>B~&4l`-FtiU17rv`nMa<rHRtpBgrIiVu(F(hBO$#ISUE
z!$F#vC9#Q2Q{PC%GfR#Zh0Jdr#P|(3w`Y+^UJl?L4ib1?pm=zoUoObf0N33OYCSwX
z#h2g7ga&Tg93J~Z3HcQQBA@HeOuK5~=q`(f2a}9waZ;Gjhf2E8zt^WX6wPhKvW~Xl
zgchmR>ecEv3ik>n%GHzB{Ps@xvEv&KK}_|G`2yD$0mdEuYw?pjXf3)cy_?X2kFo!w
zjr8;vxgkgTl=8k|QrpNuHJV(kHmUecP@I#$VdIu_#U%c?H}iuqy(d&wT#izvQnpf-
zlD;739_ClfL`+r8IqmrJ67I7vhlwMK&6&=WMuZxy>-IXeXYIpno-P9f4S4h|AwHC{
zFu)#w1a$p3nT0C`38W7q>x65{&32mi9i{<<Qbg&*OH#7u%vX@dOjNDus14Z)Ls3GN
ze3YbsY8>Q@lp+;$qQ-$F`3p*dnOE9u`V#;HuPu*J0t&!=MphjA`&&VeJXZo={pkbn
z{S~Q|VltbH6fIRE&8WwMI1{8wf8sGUPXQ4{0c{|ty=O64$*>A>>eOq>lGx~a;mDae
z&?PBBqZA-LPQ5Wq39OuSIG!}I=b5@{*5WB2oJE{@DN`w}AGO+7KN3wEU*NhoF}@6Y
zSiBj2DU)jH(hJ5t2hz`$4LMi+(aRDqRI+5X(_JvXbvT+E5Rb^F<yHxTR|`H7maA^i
z)F|ofK6iBe%{`x$E^l32sj_)|w8xW`RVnY9^IKuP_;~jI`1#g5n!jUm`S8RMsCupn
zoI9Jlm^+^X?zwWiwz#xBl--v-Sl(McoZg>4+`MGH=)SB=s7cIAuu0TQI7{3~JmpX1
zSLR=kpQcW37}|czna+@1H@sQ2odYg&BU{4oJ&#v;-wxvgt=3CcnAnl;8~Cp8ReIRA
z71n_~sXcN!>T~X=HP>(tn=fZdp(;(xoO?Phy~>t){kyGtkLs0=Z)(gwtXsGo?ktx~
zYAa3qVR7FLHHMt+R#|YVW#^9#@pLm|NscjDldTFH?i$t`(AdMsSpXOwd@%MV)Rpg4
zHNUy=Z1m87G)RFC)K|fU{;)rq{jst++eTWxebPl)Hx$M05fR_~ox{dXh&eRTXUZ<<
z!$aLT+K4znw4<-I*j?9kH?#CsL^@%PEcVod8Jb*X22VTw;1`#&)b;O3cQyBX_sPTR
zQ!Gnq_7RzdV&ewXvcz)6w78(a+L`&>;Y#nC=h(yqvx%GubzyJe7F&j<dr+T{RhX<U
ze7#l#Zgkd(5i|DiA%FyPBph1)P9)Yk3}1IV>|_S!WP&UhvD;nz6)&r29%H%-3G$N%
zQJ{39KXbfT1J}*O*tBdLq7CFeMe(qCQU{KvD*Xnjuh$mHZ2uVg23_SXeUi8CUElHp
z!Qdo$s!mV}YC><T#p2rY+yee)VViJA*D0~S*_2_Gn9xW9+(?49-Y=)w^aAwuZk8m{
zHmJZ#*~9tzqlHtF7N#u2-$YvLzXX*7rj~2T(8>7g(SjKl=}8M}KoH=c+aFvq;r+jj
z0*tlYxPGxMoMMIQRRww(4F!7?OwJ#p)R^IEBaBu{C&`{~ak^ydk@gN*DgLnOD^TlW
ztieL?$WqT&|Ed3kU2g7BcD0kCeCP#$Z5}GD8((bgEUXkHt(b}vZ&9ZkO)fmuea6ws
z>X2&?uSy(ET#-#2*0gV6)&a~KA4MHM$#&ROZdf~Ic*$m!BQh*5;<g>1%ZA!ibdd8U
zurE>%P_ZvCDu$Cjtp*VBLdOu5yNkNKQ#G|S7&)YR40y*s4f`~l%sS$I53aheeOB-d
zM2dJPYrRL=yA_|x0kyG1^3W*ciZuU)lMrac7Hy7>?Fi6JPPUZp)ijwJb!yfuBA2<D
z`D4;oqGF$l-OU6UFvefOnWYsyHfzxeA>GQ!<bA3pOA{?a9bFk;FOS(os6uZ7@`Zz+
z#tRD=@BS{Q{(e~ioNlFLu;LnK#`H<qvI*UZ{oJ?0L}hL~qZp?As@=4!Gxf5u%DPHt
za_5q?@}){V3TI7ueuxp~F~M5n8~T__-?t<<N7C=A&f57>$qOa3=7(wXU)0l`9GaB6
zlkURA&6$d^!;Ps6g`HsKb9PWQK2+$5J%U2qL<@y<3-tO7nw9gFOSq!6GjhizY|cy$
zu@BSWXd_Z_FA>fR&mHPAOS{>uvaT`Cwd>U9OUZq@jAb<38lkA!@J(2(Msqfo`g!Zb
zI34#n2w%0_*yvlGN1sN|)`l~TqYOUOm;HwcV3zv!xRyr^FDRVf$R0tOyM4!Xkc15@
zX8g6v?f%ea7aJ=fnmCHHdafU!SdJAKNqljDoOIw+37=uAvR|#%qd8>0gVgqsFY4Ef
z&37)A+q}&6%I1^lfB=0fm@ebD{@^Qk`bwVwY*5Y=ZVQfQ;Q#U~2a^>pP^ba%Bx(Fh
zrJqbHiOKUQ;d7RtUX2i-j2oE#QS}0O3dr#tA2+2$F^+Hv0o3@iHk+;ndOq+s$=z38
z+}HO!L)-*HYskMd3tbPbniBd>Hv@A+?_<5xAfHY&6niC$ldB{p%unpeJ>u8n61bp(
z$MSgdOh@7>B@30X5YUIL*wjQC8}?q^o8U8x7iG*!gvg%zvnc5bt(MH=>q$MYd6t;f
z(s24vX=<{FrP!&|npG>Wsz^rAJCZ%bNniIXhDX|=k>2my=Xd2YTS}Q4oF#TnV$7FY
zfvcNr87Oa_>1WX?liqXpFFXjJ%Di~e&x1KR9jmtj3BHCTn_i`~MEHS;D!#4(jz6u1
zPd1lQwS3b?0Gq;mYo|v(7uKr3*Md%(l;<Ysg*mE2KNo->pxTq~aP^L@2Hu2ii(SCg
z9nFcnyG#0hi_}%c)-T$UPZA)V=+0AYHLj?1T~&E^BV~*9qcoM?WFH_Kq0=61aZ6y$
zQ@~X11GZ(lnn8Oy{z!&e(zC%e)QecW;f%e>AqHydZETeV8dvJ7-`Z-c^Nw>!me*{9
zb<$Gt-|Ikr95YynGX{VWH-s%i;Sl*I2hac$+g#;`Cj>w2idmCEzjv|@3<dSfqy}H5
zvL1lEqnOh|Q!7Xsk$3UZM6nsXY7|z>->KbZvo7QZpAef{iE7_9v9c4Zzu_qwYod?o
zspTXND3-E)RuhpP2cN+rO*x?XY|I`t8~ib1Ml;%NJcw1DBt`wRu@Yq+k|^f`FYBt$
z#`FezXO_a4@d#y%(3G#A)9uJm5Uh`)ZXnl#+ltG}Gl9~Vqrz93yg0W=7&iza>*QW{
zT_Bs%zYM)B88ITGA;8H`Rt!FEjd64RlyC((^6K3z775`hZoAT7k%JHh=~+ZXDz(9Y
zb*`3{7g;jvW>HrYEpkA3n|MP-xkGZT!1G4M&$CCQOA>GCG-{AEsjv`KlMtIeJUBFe
zy*t~^N#u|5H>|3BgCIJRl|)G|AzG}x)&THrxnT0wO=8h-Z9Z?TrJEa)1FHGbL*MNf
z?Y9`3v>Y)m2-@qb5&>kqTZxw^yGbir3uhTdZmge5_+U=9j5rY5xOwlnZj6d!528YD
zoKRqa=|7*`QXi1WA7RY!5rbNHi0sVFz!i_7ieQb~IKG*$ZLZ@JM1pXFhCP6}C@R~1
zgMxEWN@{`w)$)57G~B+3B|P$nY7K=B6tVZsyqrbD0l~*aj=Tlg#JC8z1<PuMqoSNP
zAj3iY;tEZbE(ikw?~E`Qm>7x;{j*zo9lRH`XShhQje{2t+5}1jl^Bc=T@BVO)CfeO
zkLmzAP}Ra>Q`6QSF3M22mKAT`Nazo^V5py()T>qjtfL>h@K^j4RS8(@69gomdk`j(
zNjoPP7^vfJ!PJ=Gh^Hkx4gEhn^6H}aNPaS?{w=*C{>X8p>ZR(9y~&+4yr>1JVS1w2
zsSW|Tc6ejRXd2;aB(nrW7gyDK0x<LFiFHs`ehDw8L)ZjhonhC3+h&(7hBsHDWJ|ly
z!sH|>EUwURumQe|crbTCVfjzcJ6j%%AO-J&e$w>6qx(_>;Jgr!9`h3wiLl_UvGS~}
zup~u2jP{VP6n!~}!sF1Sd<<);!U-^u(GLhEg&5((o#=;0S;Y<P&4{`~O`5pFz9Phb
zpo;t$CK6ASvP$?8NA#$x_|-s#6DRDdvQ*OvWn~y)Lri#4Y#wUCJkhX-24-6H4`LvG
z7&7Vh)K{bKar-cw4Z?82u%}k20ArCvLdHpE*(!mFhi4-{CQeor20@#ZUhvmTMM1+Q
zHkPU;QP|F*8m6I6<mEZ1K1ClNKV#&u6f%Rp&2``=NPrM6VsP>G;3iO$MN()63?mSn
zFR0XmP=9f4ZlaNGvA(Lp=I#o?+DpdrCOt%3pAPujCa}3IReyC#Z?ml>3p#A!r08D0
zqdB_D=44NUm31EDrXxC8U0(-xb8Up9+{)bQvRhk3MQ-<GC8TKom6>yKZf$~tz1+$S
zy5M~Lwj}6x_o8@g#cln<TyLF+mWYvvrzw;E;?#zy-2&*0MMq&veS5Bnvyn5+W=%_d
zVe>dNrv<3BiinCXjp9|stv|9~Nl|lQZT$~-Z%-yXi_m_<j`sSNg~pl|XECPjKiHx+
z`&5#!cCegon>Y?l6&)?rarz5W8w(pJWqMKu;V#J>Y*l33+Uu%1>l;&ReGE7L-{wbg
zyh&_{q~(m9dq)gA8ax1Z4*ILCC}0%fEER|j2F+E&i`wg&V~zEX7C1v7w@XteW#+}P
zzdWZzNdb*T&86dw7HqU2-{T>$3N|F9{6OX}t3n*a`)$GOVYBZK7VfFk7uf5bem<Qn
zgs}Gr>sqq>kvW5<42vui%IR~HL+$JnH$Jc309D+pBQvO|YC%D6Kw;+xhu_#=UBi#;
z3%8Z&rYn+2m+pVnl5JO)1>5Qw4JEScXXA$O4H?Qyk{Gj_?G}@Es7~~edIkZ8SdbNM
zc1a@F7({*!ix@^JiVR^UoMS~O=w9XZh$m=2tjzR)0Iy?0Kci|Yc2g+T8Y1yLV$K>W
zoS!1h+i$&pa1hqXlXgl}f1Ah%mW&+;;6#f3QVtdm01rp?i;DLU=YmBLYGwNtE<eAB
zUnP4m#o6gkg5<X~m6&vS!f>`I%@O=8Qb;_clp#aX9;ZyDG+{%mgx~~3NfcE2DvYbh
z@RO7P{g;g@j4cv%U@@Nfp6|+)8Fp8n(iflnZ(*-ypC|M_`OaXEs90+Gpl)t++`%;B
zrb2Ge+hZ_ZP$0@t7C+{ou@-*)@H>Li6fjs8BzDI_d*wC24w!`Lasu5z?z*z$|KjxK
zWXqn-E=?Zf;Wx{e3FCFa|B>UTDY9tz2dC)OO)$Wr&TL@#*zraH+7XG5&Vr2IJjU!B
z;<Z|yvKtucD@<1k$aky_rC2V>N%2w_X%GqIiMc`p84DWo`bq8ZGZc7;Qu4qqT`X%b
zO~cv`mSiG!HT{&D5<Y=QW%u{;#Zn>1k4KS`4-L2LyLvu4N68ryg@?Dffk4%=w?7!k
zuV)c%#PRitUV&d%>j-}~c^>O2##@3HGK=!j3SQk#t#5s0o9@ZuKv(JLN$e%|;3s)%
zktF`2xf>rWGDjn-)j}>uX+J=P$>P0+q_{pOLV|iv1_efUP4A(MykHa$-KyNyCq^eR
z0d>S9{&W(;;v>aB4c*#J15K68xh{253@r{GPlzdd#VO}6%CjwiSWWcImCIRyR)gw4
z$*723<R$Nj_6xPIw92{LCi8;A+>1ZhkSe*wzxKyZvAJQ26YzG{gWY%&sAKKlqEfHZ
z*m_hBJhIN3nTGhx1O@l9D<0fFMs_Waj(gv-<7*QS@Usmuc7^)z<LkI*pY>^-l^sbM
z<EUbyC$C$~!`YR*zr5>yjh~(paXg46`@tA&=;woq(|^k+`{C<^O!iZuyWsiCFOfU}
z<D{q#JaIR+&zwAJ!sYmL9t<%zNo^3apif`uGG*yT?iwsK3mf;78yKk@P<9kN;mRI4
zOQD@-OKME$ps)}b+k0pDW16~vrC0Mt<gIWR(>aJ?AImFznyepRVjNP`aYQ>UW%%<$
z2*;ZkXLLAH+$}~%OW`{T7dbaV!4mKMY5ZM;BFY`x7tPn(@5*@~`-w}I-^6fnL82vR
zX)45297=LLVvbs+aBA<+UNV>q51P8ZAl<0o>c#{z92iryFMBi-#Pr9nLmxFyVH)3+
zB>D#=c6MXCCD2q;P09|8pHZVGUhCS0K(Z^9g59>Aayw76kw2WFLGWui>r!n{49M@6
zbI*$H@@Mv({`ra|B@@|YbHt4UpEs^LDWWVYv4v8Wnq#uCH5ab>62a?h-*-DBJ2~qr
zyTc^OcXIP4mU!X8m3fA!Qj&(#k*)spb-Zxpk}zsHb?)Ojo@}^8M*QnB5mb>!Y>AU0
z#Q@CRk<a5Ak(O+EgotWm?MuuDF81k7;Yqw98U1{JHkI5wDPiGkWV(U)5o>Qbenqg)
zCp(0#3kT`#JIz_SzZPBjf^w_sEPf3zZ@LL%0K$kxTh2b5Q+qpM>mmp}AfwokSqJn|
z&MzYKE*DX{7kX*sn=ws)JE}VF_IbkAP&kgJ7J?(QUbG|!^^9eJ$~mjc5LZvckU3Ae
zf=bq~8hByqo)!6+HmGlVoen}1?l=A(U#9u5*c@_KT9o$Ma?YZRXqjwXN~BqF^YfQB
zpiS(*CoQOJhpf?(auM&vw7e3*r%_2H*gkKqKp1je&dWCwC9aSU8B!C+6(?s?s%lKB
z#nqY&j~Met6^hOj4na?Uq*IMptG<i7xl#M_l-H@Os)E0hZ4>}$i?P(@pQbIS_1We{
zSPK6{UZBvSdb7(5H56$UhMYt!McL`eP^qaz)#+-)lQpC*G-tb#QPCD(Ka~{WP&wfq
zO+#NIsL<pIuq$d=lCA&b6zjzF&SMg5Wm6S5TvijDr+iXnn_riu>VqMERgfXp{-ym~
zE;YSecb7qSx*)sUlIF2&T3?eqkQXDYrlQj*XPz590F(~DnWrL1uG_U37RV^(%qZP7
z#v|W;&t4<mk)Fvm@76w1h(ZmuR#|ymb?aZ-4{TYG1M*yzw(-?E6uZRC>Y7`8Xl2G*
zs_=j^!7~*939Q{J(&&GsT_`{1QLsRAZ68T$Bah&Fb9%@)<L_Ie+lW$b-TV|L?bl;u
zpHB+ABjue>v&w6oWz%g#KvWK!d(n%WK_|yemLD4+zfbX5p+mN)J~g|Epq@L!H4Iwt
zj2ofgj+V)SjkEnc)_m$Z-hwV+y8in;86m#rmF`WVw4HP&i&~UT_IVf;*7hqo&~%oY
z7zep?9VZiTXAUG?qMknEPdqXZfja~p-r3;*1Qk8|?!MG3{|5Rz(iQSTnH_2fw_d`O
zkDq<}SZIvZeD0*s7jDcueQl$~z0qqS+R7>KvW0z=V|$My=-lqE%IT@f>JfN_$k`0+
zWY}^9<M%Y-a&>{{uf^-s4pFe}{wU}!hIswy*GajRg78Sr<}>|Me`s)1X&30WoUl2u
z(~%Xdz?;*bHPk<8x_y{EXFo~TGud;hMaka*<0}&wgU@C^$op6VONeijL)9&TxaS}N
z;q{ndzV?IX-2{jKHj3n8it070DeFZXg&=hCk?QqUMQd#q%!e9YptKh{hqE95>m^!D
z)owOta1NFcp)YNWrx(7@+9*HN62WLM^nFGXc=Kb|=;DM&RrQOUTMh>BrpEK!Ee6Wh
z8|ghA(U%QP;91h|Q=&HpBwPaQk*1YxO@sFHn*s2?21%e`m!M%Q)akKX*WyA5X`^s}
z=iF@&T&D>i%m+lC_Yb76Rv>V+fAvSrdSK(a<v|1N<3<$Jg&qq5?!3Jb7{UCu62l9*
z-($RA<J#_41I!}<bjM4j%Gx?u2TgT!>*?1H%Sbt^iCxrFyPi>-iQWv1Z4^$XnV8UR
zwpZBbReRYkr7k@5OL6cG&H?cr^6#Qu+o-%`TSA~nSoR-qYsCZYU>m;%aNDe6(4ZT)
z{QTOHoF8^8RhBv-t1vI|kKM8cx+>5vttr-)e;jfj?jrK&opxKYHnr15SZ)Tc*4SBM
z=*`DZRE+e}d5|u~M`vu$TlLD(I5rj0xd8&Bb<zSgJeI{p5Eq+3s{GE;3B2ITH)|j{
zj_lqX*fcsJ88mjebE3;`4D>6KZ;t;cuu4^6EYgl{S=?^{u$xxO4u3Zq01>Ds$_6)>
z8cq&`D^I@a!BrKWUXBay90<4V6@9Uh!s#ewj%uX>*PvH-Ofq+?#@TEd>RNAtWC)mz
z_~JH=<rxUKxdouXFtJ1TyzC)CZ)5~dDLecAL~uqmXHNjiFty8E5kfQCU+4(eJR{cB
zS9&1raP?}4#^H-ZAHvd4@%;=Cq3WjB5uaf?7|i|s2mpVO-W0&+MqfV8w%x49t{;8_
zBDO)rJ9xHt@YRr`Z4Jx?RCtl#Y%eKOB`V8^wyLi!#ks4}h~T~>)-ru^U)``3?a-=w
zSv_;VJB=U{bQK${p%Bxd!6y^3_Ey+xe=d^^Q-}EvcA}Nb4l8Fy17wCE*{qip#5oqE
zl^>r7;sS29PvpG6U5mmW^}u>Pb)zl|5Vf2hY94j!vCQkQ>Z#RuQzLY#Dn=8dHJnjK
z)~WbLOh#LFI0Jg>P^4)fj$@J4k}+v1X<gn(Oky9l@4r4Qpo)CYj(kCR+plW>hRya5
zlG<M^TP{xKf62zP{!_c-(+QTUyB&Z*+}6fP6yRv&U~cDR>+p}H{10mYgQ(D77mX;u
z;)lAk3c$hKgihGj${6l1H(92RM692Y&zi!*wr)CfoGffabS#`)M4tlnEJRF9tZcdr
zQcgdt%#DO>OsxP!jBpG>jz$0*CnBy--9v`I9`{#*j+uoGjzQ#yog~2A)XeE072z0E
zoB-D9M4X>>{(8WtZ!Q2c(LXqN%5a~Ax_>f<*%<!^bC`vV>3?zMr5itL6Uc}x_TUwq
za!dk-Mi3Pgi;7By;ay@b;I}05Q#BGW6wp~^8q%PQ`OD~K;%I31kA-~H@!{ns!2+!I
z$Ri(Lc6Xf$S)=KWBDQ*}J$(`VZGLKn=(auukp9C=mIFf!x#OwU+$CZO@766il*r2-
z=ew<q;f<2+>$5}SJv<a+ZCF6fR~+um!_xZ6a}Z)RYuxjg7x(4o_|C2uL!rL9<nlam
zgam8!riC@4Z+RtO#dK3ZvEG2R8;-;EDmfK5O2_$1i5Jq7O!nC%z_400haTEEm5II~
z>>C0uN_n%7xSKi0NiR`;#={|r1Ds|<e$t#&v^|zqu^~2~kuNrr#?V<#ZmsbL)=m5y
z+8ODxfCS<2J2v;|e9rY*j!O0$+Q=W@pA(<=+MtKuxz1~SrESW5#Zx*rn4>{AhbP^F
zTX+s7WMaZie$JjDymoN#XqV>!ah*7;!2iYs+5Sxu=D&@NLB-k7=`YJub#Mm!BUku`
zBjB&T{{PsVxr3vVh}jQ^zf4K?$N!BpbHOoam>WBpIqI-8G7@nxGk*pSA|^&QP9pYC
zlVM|KCt~AdBI0CaBVuR#%;RGI3|vI)?Ck$2_*b0c^Bq5b;aE66^I6!5SU!ghC;Mkz
zc4ne~<b9T5WoP;fpA9oHvk-A`uzeO_B;sWG%w%CC()}+x{nrp8`o|DchGS5*RkJbw
z%bOh0KaBN1&G#>5oWBO=zkJbsj-0<IzW+C=l!b})KRBi5>MyoB8u%Xsoil~H1Qn}=
z*93#D>kDzGyqWcR$_-jlnFIC&m07Bbq^RxHwpNYz?HBb~Y$#|VJ50PKL9E@#XzA3*
zL|B<Ygjk*E-DDI>utg}aePlknnD_7j`V?kQnY$ShGVc&pn~waOlTRJM=EIib23l_M
zs`wn#;B+k{7V*c|=rDYSa*n5w(hQ-k&VbSKd6{~oNt=(TA&!7iYBi39gZIY@$}lin
z!#7I6DD8%YUN|abF;NafpyYZxe!wf&km*SMK~%<BJIG!mF<~h;q)PFqUpJv4%={Sc
zUBdfdte~RcL4#K91z)^3{xz`LtLTC?{YT5^GUG^K-($W01U&G=E%Zne>l&F}oZ4Ge
zl(t~+!*}DC?UcqbzVtNR$SfnD1b6>2oGwXJky$|AEsaOayI^M#a608U;}-H6v0W~}
zM-cXz*E_CVtoV(m8#7QKZxZ4K@;E@gpud<oBvp43ent-uIag@+sclDZ_y!4*hlv##
zP4>_iV-U)yr?|LQTzOQ&sHaK;s!7r~vP5#vh~$^dYzf9XEC0{6VToU+uawvJ{CQ$x
zc2mf+r|$K!lfC+izHa-4sW8Vn3N?$!S)C0vs3;H|y3Y&PV&wNFq|aAAK0i1q2xgvW
zn1^h)Lf}7CsG=geW@`hO#aAsdz6U5s<V|}OR1{cA#Dli-EZ>Pe=Uuv~9uk%~L?3%;
zIw4eIW$MorjhC%$_0LDcmp=T7jGSs4XJ{yvs~BHRhbxvkBmtG1qlAt7Qvi}dfPVax
z<!{E?<GNx79;rNJvOG%nd(Oi-3h36&W>er8S7P9v9~Gdit+RWss>4z!G$<<1G)-yS
zYrnV703W;c2o71dUy!Czg;y?`o;{@``a)A<T`N|xPVP2<6|*)Vt@*)4u4!l(P`G)X
z4_2x~&4BALhO<Ilvq(Xbn#%4!L0L1vZl6voYsE6b2&;!&Tp{6Vlr;ybc?&5bd!bEu
zPx17#8;~ih%UaiO=H}H(GxcKcMf3G_^s!+RT2jYH3Yxrq9o^$#b9Ytt+URZiy*Te}
znu@T~Go;<U5%2r^-k^#<51B%c)_n)?=LhLY?qK!k^iQ5grfD8pFrJ+w{MUx(C8DUv
z8p<5^=QYQ}!JU{)ZtM%V>Xb8?6r1Jx=BH*>Pv0LK)tlOxji-+ACy81-Z|Bc;ch9Dt
zgCAlFcuGhc=Y}5)i2Px{aWXwiDsJK^*B3A3YpeN^peJc^fI!y$7qoFO*J$Y?kJ;0w
zOQHK|Dyf$=*XO$_1=qJf9QR(#Cn0^jW%T#DNH5*Ko4uf0Iqsa2?Pn<ji2fgRtXf;d
zSeXDqw^Sw0%kWU|IkdB@KRG?!5`1_d1Xp&k1cMp5fg)QPlNj0iS8;Lhyo)tYUWHrS
zQBmTvzuDYI=)X8KjFZ($@z<x0T?O}(XR|6dlW$aG<L}p2SoGIC1vFc*wX!Vl89TuJ
z+^xpEr*jxhNEqIm>linzuhFai&Tph%7F{PjPMI{U%$}4cbB(xN8gu1dt5unbP{M(u
zUT?DE;@bXQ2`W{>6@Bu`X}MfmjDMH)EXpQ^FXm^Z7O!=(Y^#06OuKn=^aTFujQb7X
zm&tOy-(qHRM0E|~TFF|ML4{7kM1^$e+FY}49MqzYdcKyuVB=ZdK091Ae8bip$69o{
zWfJvKrX_lzG&unwU$NsXy&9m7`H>Bv<jhXjYJ5(?-^0L-==4~yyMVu#NQ`lsoV8j~
z!98EDW}znMnzJO45(n<|bR_8oqj!&aL>nDwdQ~uJ4zUR@$Yl{1<(^Hg={TGVWxZt)
zFUB^8XG?)gBQhr^!zv;*va{p%j>&ZBhvApZNIC3hBflMJFMhS}Ca$e2_C-cahbTea
zKjSi8iGb2x&YfV8N}K@?hg4#8DzQcR<qu~B^+?OlJ>hJj0_u(lz4EUXas**D1x;VZ
zsqTLbylo7srpP{0^|qFJu;d>=8LCawq17*kDQn=opm1LweYo*LCk~{KP37fXQ@+^l
zB035D^4w^ZSo}p*AxmBAhQNq!X8YR%KT`xRA3-XQqW#RC*%H$#R3CgbV6D4GAHM_C
zt5+o1(3)IpOXhM)H6Fp7qsRHNdd{b`q$xgu=Xc4q`7bDm{-m}(=edK8L%GW2E~op<
zGVbcr!hn<A-zxEOcgd<%E;J`cRrq1Vz}upc)&g#4UrY%<dg0!y*R8B#t5XZshu@kI
zq~3e6)(AZF{x0hKRIb&q>%FXqyY!ykN00l|p`6)8^7Nrvk36=ap5$<Z_n}w1E<l+8
z@2r^}$$=%qGZP<6?RPX(@5cnp39z<w-!C7U>XB_QNT_d^wRH~Se}^sp=@p5IgM;~B
zu<+mHCjJ|7{OiB@U+`A?zu>Kc9l%D#-P+LB>TiK9(<dsRWBF9JU}EHCCgNgd|9|0H
z_Rj+&|AuRs{sY&3*86){%k~!v_)lE$&tr1`!UfFC|0}GG6;kLULJkJL{^YtKV6V%}
zpfDMy;5))86Y%S)i(m4WJ<k2upi-CP6})x>267x(J}fB>JqPEXGWB8&vC!KCLK(Nd
zO3p)h**z%&Tx;c|;a6>C2AcDk*rR5ucIeVLIQbqqx3rFVJog0AGB>K)k9_2g(M$`z
zBw6TOa*psRu=A~AJLl48Ve;&qlMLx^S<Ao_9X+@Hj37uc#;+-aRZ~%;V{Ozai+vRU
z5`|2AYbG1hNvU9~)C?ZWpBuf^fi^PBBrtoH{t+O6@$IDSuTuedgZe~RyZ>Fs|5HT$
z-&ZjIA5i&sJ^i<ElIg$EBnvwm5epmJ-(WkozwGNjvE4t^O#WkO@;?s@eFD<|1=}&R
zvvYF(`+=czFZl1Oi_Ji7&+~RulSxK~jUA(2M!2}p?r(8RoZpDPf%W*AeQx-HQh=KD
zd?C^#3?H9uNH?-j&QMJ+T3BMOUNDlHrPxrp;g<5T{>@HV%tt9_d0{@0%hk-+(1}O7
z`chH<z{uh^z`N?`n__RWu;E!@>kR~U@;_o<oIVhvt%Sok)IYcdRK2|&W1<LG5e1!}
zga2^9KthE2@v7tI>I%W*srTmiV2eyL&uHpu`k*+tu|4x<_oe^?xH!LdZ-e!{Xd)ms
z#pKmrgXADkv6=0@gZXaidKc7K&i1zZqlq7Kk#ybPWpaRYK8BQa5q|NGFPpA=wb=x0
zG2f2v!NbEVm;-$ca#8RDo&y3r_Y#V?glJDLZ!*xk;}`U~4)o$8abLz3K?vrXKNH3=
zn}nOt+%ZD@bfQ6nruBVa!CvBA-7PjYi|Keasi_H9O_t+f?nkKaA8^b(rCa8<4@~X=
zy)8XK(h@AayCZBbq!c6t#N5^?T(HpS{Lo9(%%GI6*;&JQPO>#(ypTiOAJ*iG?%?O(
z0f{r;R=TbCPZXg&gxt{a{WSd6eUaX<fWoHJfk%K!)Hld;5}P_`J!r)+i5@Ll;^2%J
zf<m5d_*{0kNs^}?t$Poob3vUrTt4dPpHh#kyU)n)*aRX#kjdg<aR-`mHyHc@*Gt5A
zM*Z;nlGk|ky3o~Nq|1u4dURqNWWK(}9a2M7kLYVS*Au^4#9K5sq&$r)ghxaNB)f(r
z2ck@|suT6AU}}vPYh#q5z^yk3?vU$YAI(W)6rL%O@6cy=m|J^l${`N^+Azd+gKyuS
zg1%h_^?p-mAlT1T+sLo1AHR+`Wx2Vb&>d0F^7=ZDFNYN`!Jzxw@_;4iP9iu>B3#8c
z(Up6nWv#dI`bK?`ZB)WnQ?E#g&Xz9F6JeaOK*J9AA|+)%u&G33dD0aoM%egt>Pt%a
z2Pmqq-<>e_V1AE^=|H8}0*jI900!9#v-O0mjtO)OeTd{he`C@c_sxs%37R8uGPMxy
zs9?^GeGN@wqFJL>uyKTeG-FzD5JZ9=G%7q4NtdjA7gixW3$sZ<fy1!5@IWM2Etfln
z*W_1bW|PDME!m))eL)CH+~0>Iz1XX>Xm-z$X`c&otszOGOcBxMrM=XoIL1l;!*F4n
zfygu7(<dWn)2(Ec!9eT^?C+!48a;(;C~oKD2zv_$Kk1B&Orr&k&7AG%j2g%<Yi4~f
z<%1(Em9}RJ4<{J#X=)1TrF3gR<_c=zeCJ?&gDlSz^elm?GFX+9+zmv8yUA#kuM4jR
z{O0!LdLzCpAIq<QHI1~lxW9OStIcRnwh@M@%dr?oenJt2d1BKCAEB(gZ0ZnSLbJx^
zk)a1%w>xAww8CG9%s*&7K3dF=o@WRSA#7;*0Gw`w-mT^D;x^k(bTR<~9|~=wfZH9%
z-;;e3Vi2DeC|9^$?-9JNrUKLIS?jp=I&M7=fXtd^MWZqZ#whV)VB+Fvl;mBFq!FVN
zLBKW3rp%`~MX<?m(Wx)$%sG3%WF0L`x)N3BiYnyS(^a#WXe-&apS03S4<O_Z`^?yx
z3Q>y3nO4o&jhPa#>_(T;j7Cj*Q=)!*z<LF=C}i>YUcIK?>7KUUle>6$etvGO{vGpF
zFe2Yy(y#W1)!N*{dPUBhqi{3R#qrs0#qRl{&T}S8jEYA2d+9}Di>j@(r3EK>Y6}g(
z^mjF6pjHQI6qbZ6DJ*FksTOH8&^Ts{1EetMAvG(&pcwE(QWQeXZX~g=CbkGT+}VNU
zL08a(u8dDm#=xMXKPYRAGO2ibislmtIExR9>$872U%6DNTDub-y%9*!!+l%F^>29V
z{8R^s+;r(%ec$6Np3p5*kk#JQQ?xVQXd5IP|K90sCQ<uvw>u`DGLuA6iFF-|y*y1*
zshnZZxKt6)Z)mzLA_`8K8ix%JlO_|E&Ekk!Q?FBC{fuwc3NXq;(4kY#>$aH2MYzX<
zm#!233ZX>vTZFz2gqEQplS@NU(SXn0tJuBR-*P$tWXJOiuRa6^MM<ac<@uTRY@}Y3
zRy|_eFvlp(D9b3rh@tMQHoSH4y}C?U{rrLjk|x-KADw}Mg*~<l85Al9<pRYuog49V
zI5$gnOhoC*rEnJbVe~t^3;oc?yWrDV&qc<;R&f4PzSk+VK1Q}~bKZ3>0;%By&zvoX
z|K<jyk0to~sP6rqMWT{5mbfL$>=;FBnlV6`fpl*4dq`jre$jXlfTAP#fR<tg%!@V^
za)6^Ph3%6rW~qg-NuoGQADx;2-oRL2q+45y?f87SQK`G&^WIhap;TLb-o{+F+fe*|
zdVj7P(*%b(@m!^k7{jsNe6yb5`VCms>PYGH)D3<4^8whpIool9U2q`eka_j;i>CV<
zaa`l^7xqB@RU1B};o&Jb58r*aDRt9b?K2D3CfPitP^*F!UaO@_8i<a`wjSXfGb!C#
z%Mke~+}pM;6eY$ZG}+8$n9X<t#-m~xWn|*|@YI%8_~t(mj%m6WDf0kF@&$4n?Pz>i
z2qcEC1XQGETNA)V$ENY7w2JKfXznt3?GS9l-FWd}PN3?}@ysz5uix(usYf<nm~gYG
zQ=H1AONd62u~`O0_&h&tv0R86r~<?pn)@Th(D)~^th*ge6z7^7BW;`g?ws3|4CrWt
z@638Z!TP?J{8gR5{0e|n4^%JmTZ@R>i$@)P<d3ypG-oeCmIP^&y%;x4lv4~n;gWqf
zD5x@=0S(}2iW-mv$K|H#gltV3gmQM9b<ZW?KB>o{Nj^(!9Bcx?Q-ukORldQ6`Ho^t
z@`T%w$I6t7x(C+V7h5h4qJzh<sUor{nZitsk|iW+UX+W(LCvvK3>*FHA};Xv7;^zJ
z3{${)N4ju$v@7AWrH5LH=DM6Hphu2vyQY-50M_*DGyf$TczOhZ3n1Swv5mWQKs}4X
zTd8~kPhN*dVT2tAnTe7dO`>5rE{-k6!vpHZY1ebPbBI5+oy$|JVTySmp1Q(tZhulM
z=_Xbk6A%6X<ZvkoQxFty3#>qgkP)K5k0}=44(ebd!_9VP5v?=ZcsZeo(p=#>I}tn_
zI$m_-xw_v2gMq7a2zyv78N8b(4lG!fWq~<IUMB87yiRh1$ar$W)2BI=w#7|zuk&Fl
zS>M{JF6YAiFwk0rtqO_nCON!yGaZ2Ye)52Hk(Ob){<gJqD!;ea_H>fK>1&|2-kbpG
zb6`~Z3lqX)SV+KuF0jUs3HBOKa9`B)>%owtw8^9tNBY4Kue@HCa)zF@M43IEKA-DS
z2fJ$n(>hr~8h4~gIvsa+oQ$_17~vnw1L#jBoN3UpOkOFO4^%bty028eJ}HL&lJ_jN
zZp>wD(5()}WV=0kJ&9{`CL*<SR#xn6lQ!8#V~}Ju5Om#TQ`Bt)6@wnXh43S)_6p__
zx!l;lMMBGs(_|xfXty1;2v>s4r6F+d#^s;H6}@!4AYrT{<m)6gZtD435Usje^y<dE
zS?<&@Y(}HKpBDjdMze>8&26pp`yB6sg(j;vO#lLp>pPdv3%C$vj%Kq+zFZjxl0#hI
ziRTc0ZU!Kyfq`B^sDUwuL@x?uUbdiC;#==EM&uzf!-gnd>^U!coG5XF$k7wSZ24Jo
z`CgEffv}R%NB1xIo1t(XFi*u!O{=P#649}yonoLu69hr<BcX<+-cF2e?O4zoH}l}{
zxJ1E$=EE=wG3t!P$FZbBL~u<{kS}j#sPj06hc6+st5PE9G*E6qL|_+c%aLqDWI#^J
z)PFac$QHup*iCjcjkcB7O&(#?{r&UgTXG<y-zyiSsw}9(TmvPBG41H5Lk;vjO&SPH
z6JqvHHn%%!TPASxZjL_C>E__YH>uhAHcII*-500rV-*UjpMbtx*2UK2qWa3)>r`oS
zob&;(m@nmCyTGO&#0!<CViw#MuFVwMuP(I5`CV8A)1XpsEg!Afm|(iE*@>3k-U3_2
z`?MP?Jc3a!%Z{w|*CmNNFi6==l8V>gbE%`X3vwmMHsBqp$%d5?JPZ}(tkgwbvc9;N
zM@~|%K4mGK7zJ86VcMma-DoEAwr(zQPqcOT8@Ax-QUGl-_JWE9cM=72X<UCo@Ib<y
z@d;|tQ}vCE0%%zDY#TiWRdMx<vFzatD$i_)a>xuMOp0vJ%m{+!p`wgqUcTFp9bw@W
z6Y2+qpF8OTgp*v)M~$NPm$_Q{o%XlzUZ>etapeIJ8pHlsjl~$I4i%o4Q6mB+EhhZX
z)v?h&j9HUn-zU7>b5=Q{Cb<OW4hM=Jnqi4>PaOv_jJG&_c{(sNV>8ZN{L+hB)^V?=
zzR~01mp>lTUHLrh<X(9j&OC}_c(4xk{vXEfIZBqMT@ZbHH+I|DZQHhO+qP}@ZriqP
z+qP}n)9-g?&dhi3xo7Slu_B`?W93>^5mhTQo?kq4ZhDCnOlipCGr~~>Xm})}M@%n{
zQ||JOx|TEZx~OQyK(_9jqze!|gh-5`PKQk358v1ZCJ~3?h~HQPuULw{(k*HAH33-!
zcTg>ysbyQnhZiU<dg42Ojm?AEZ0Q_OlIha9scI*jbse&_n$>M8j{ew|jFcY%&a54>
ziDp|iO$>34G36gr@Q<0(8&W(H>S^@NEws|5bxfD7FqM6k%<bdzJmJo^`J#;M6a4&Z
z=9C@F9toyt2k(z-nA3&%3MhYHd^k*_P|%QlU$QBtDn04W$J-cbEO*e`9+&_(SA3Wq
zSB5woMsoZr>rzzRbX}i`|AtZW>ALecgsnIJroB!x@j0>HdRcPV?rF_EbN4w%48Oj5
zm#DIEKaP0bitYwzbM*h-!pjgs5a*?7v!)djr6)#%_k<)SK(X`3?VHscVCO@!3xhv(
zs}2)D*7p}HK86<V5sdjI2!lDX#9%U&S->O}#A>qRYLShQ^82C##6{bmUc@ghI7Rhm
zk8HSknb_AkF<LY%zL;}&joZg_tyLmnOJCXa=&Ih<Ap}P*ZGBD4Gg|0e@A=IWn0dg4
zZNow$J3K#fz^zO*%bwH&<-^tbR1=jBMdmIuY%=WYo^aczy}tf2aO+R>UFxr_H|zPr
zZ77ex=bmB=O@@k}T};JRLi#>})uhBMj3}D$%!tLMVgMEETNHX>g+997y#b5(X`lSe
zQt6-{H4NTVaS<(;(xO)w(s$9(S9^9M%&btJ4w|~UE<MIxiVDZ2yBjd`bNhO~F_gFD
zz1x@=|0aLvAFuPTt4$Y)z`A^A@2Yq=dVl&*cfjaGD@5%cRdd(45FO$`=G<Vf$O-D$
zPac9oN|FT@>%=@0gqZj3Lk<L7-vWV+yycoE%+z1|JKka>^y^Gl6H*KsduOhQeRRlR
z?S%yL-CBQvyZ_~oyucU3*E*2CL-WI0j|)Rb8VpH*n(pq+{G1%LfiR)bM0$a`_e<8_
zQ3BGAH0?ZB@6;6(&h-7u*@5STZxGhvcg&mv`3c5Nc$!OIGf!GvERV(@xpaT5T`L3$
zz|gyJ0Xvll;im1e4}D;I<m!(2EPv!`hx+V&G)Mz(5>1LMGUVeEm=!>_g#+yE2nV|D
z(E4Dz<;PA2Xsfp)<ZEsQ=O|i?O30c5zyi(-qnUgH-`xw)+am_XbqIeRnK1?Ku4JHl
z+R9*Xi<eW%%#B}?_xSrs!!<&ePL;6p3%j#K#Jy8H%}<{1J+TB*<&I*|i68Y02`s4n
z5#{J;g^xZA*fZmOex3F8A#%U6csj0M94Z<5EGycDv>D>)*6~u4V#0qT103FGM5(f=
z=Yo07=19S$FSOq_$M0IOS32FyS;Ie-K@B8*Q(2#{)V`6dF|C3LT7zZHgos$p3MIkN
zWi4((e@QcqM95is#;Qrpa@?}u5bLtTluUu+Tqc>K_~%x|G_%=ZYlO1|eo9P?E>;=n
zk(E}iaUzAW`fa!}#D^J9^Kn1w>iWROP2BCW^p@uWlI61fE4WT8*XbQKF#+evb=!Lv
zZVIQu>g3M$hi3#wZ#|3lt3TUVuYSsYrUh^NdiRjLX4iA3gfh27N&!v!#(+W70<;s9
z4m9wYfK)RQ5~uui?=_F9fl)KL3yr6b>miw*>Cn~DH%a1=c~7o&Hqp^NA&EDGA1M$*
zG2##I3(S3Jh3Npy_C8b@BRg~v{~mu?v_8C@wQ7bm$$p*HNpKm4g$ml|;dv|Jsd!pa
z?oB;JTbToE@|<WKBDEt9h`G$^me~oz7FN5-B5<f@02OH>Ad8h~>W40l$-E>TZAce&
zsw;JWT07Xih*VR9A)z;9zgQi~NV;@1WH4YyJF6+mlr$*mpE^ieN>Gp;E{J21p>ore
zBXzSQid=&meh@rK6%xT4(YZRY`B1kTg{0m5T&5{S<57Atzqw8R<w4;yx5^-&Al3{1
z{NfeOyukd?cDxm`ytMSqaJ72!-G3iV+KpCX=do^PpfySNL03}@*sApkH#-8rHUz*H
z%p4Sp7iaJiqg{Q78heB)5R8<p!_C;~yDRE&^inCMsde-+yGb)U@FT!GQtoD8o!NVv
z`Fq*V%c25&V*5kGv?a}yWqkV^Aza&uP_XnP(06wKiq`YZ`PMGkrKpPm(iO`OcwUSu
zV&n|7q$j7g{@l&Gr~;u>1p$eB9DFD-qRR@m+tC%HP1dFOjsB)x4rBx5m0_eu-3Gpq
zqj$9G`p#ZZfWjJi<|5zC2Jp7*Zo+S@Jsccvxq=mrYTCT3?5zJ;7yb%FRh1IuKcp4`
zs)U3K6b9!|jIH4lrw@=v_^Zm#jNvf!_h6LnSCf8+h!hAYil@ZEpVX9@i1Q<UvYz3c
z%T@<n+1GZcG4qcz4b^B&+m}uWQP%Pgb+>!9!<`w_kf1(Tu-nX*&&T8(ZcTs=H~+_#
zjFUeqmkF-#F}?(FR&Wme^~=VWBU{`o7FF}Ud3Y?(Ws&G+gtb|Htqj!tQ4N!3<8zc|
z9T<g_(qy!3&$)USuu^mf8#^5V_o5NwwDdMKg6C0gA4&rh9P}OC4icZs;z<dYSgOyB
zLU7g7)$V5J`_sQcls{V>ZelZLNT+ZPqb@y0v{c^Lw`h1|brim<SFUfn9`EoD84LEG
znr=x1A+WNaik0akyVscJo7U9hWitbn_c6NMmux}&_^=EI322wZ*uJTSbe*3WcO=du
zPpFqg_EgxCeJZP7clL^;V6jTRv?KDbY9DR7nyt#;U0jy1c2F}_Yj%c+&cD3YfuB*4
zGDapm?~i44O?<RE1tw_@fL_XdlYU4hA1@HsIXDqzsVz|SF46!5I{r9unI7b{6#FIb
zXVFQ)>!C!b2iN@`ami{iEU*>LjCaH$e)Bm-K-N5<6(yv<uS96_aR+}8j2kqV94u=T
zoLI=CuPkBD9~0?WgG4GNi+a>3<UwS7j4`3}`fvusAbpbccbJYdDWhiK5N%~7O(LC-
zCwOm-L&QYXDS6Gn_z{i|e&T$1t{w82-&jc8`KARXfCPq;c=*k-`nXp3Wwd;*XN39S
zW=n=#4rfRo9HVm)iC=XT#O%c%;u0is0FG2b<^FsLabon@mZC`+1EU<!(q?pO6Ew_}
zN#vrSI(j8B7-9t5rltvVrX1k5UGZLfsL~u;ZC*5A5T2V&BCPK%_6Y6RCfOIBZy@}8
zD!4f5w$T=etUATZ5ch6;)yrZ7q_;q@WU4ukK>#Ev41LR<eW|){o`I4?2!rz=RxD>`
z#r)M@;)^8$5RAT;)))hbR^2Ju*K-a+LZ$OS7pDNtv1PlxLh`M$#7yAUrHB<=xPgW1
zLG1;ZbKGXthRkp)>NFVhV&O3bGR#M@t#4QYRS8y_6JCBuP!W&I5>UIUic;i3N_*s5
ziCtr|WJ+i@_>+BLcAeG%U211Lo*gnb;o4duU5hh%7&}dIdUm2Lx>&TE1fFUgA}-0h
z(x=+{n?*J^u#nqu-MQ~+yS}$jNDgg~UBg}?FG-B}k@nN}!+{2Ka;{<?liP<dvHc$|
zK_Z32e@R+!AV?mD3vf~;Yl0gK)lAZKhY?92ZwX9n26WJsX3hu0-=SHntchG^o_`S-
z9_W{^sld~$-dY#<UT>a?M?W*o1(OT;9_dP*r#ci%`+I0%MYvEqw=Bew7l6XIl8WKF
z%X5hqDTw4t3;(f%R~t|mHpiFhC<UEo9ACOvSh_H@2v3cO%$oZ6wDL$Sk+}?3<(jm8
zEU_phM57W8(4`B%IXbzf03p2@Lg)>bdh-o!&W$v-Yd4IWfasu`9aA^7ZK}bIpgSc<
z1|)c_{drEAqzv_mJPlqZAUmhfXzp5dg1-R3>L(Mti8y*ZAZo8wN0Hhv!<}NP7dphJ
zp~uJ+H(wv+ZX+(%7lb}$G0pjSF^euj<&f>AB>CoE+3htw$bYw%m3Az``^6{Qr(A=`
zXQ4G(%atuYB9?>K7Z6!NQhfTjgXXq)&pkacK%mWlSh8XF^3Yg}9P~O+xSqgc$CUSn
zC`U3GG%QD=URpfI$u9+O^Y1EChI!}97*O7D(|L;<l)}ZRa-fSY#C>_W2(z{9mjJrL
zSD=amH0x=4%ggz;N|u}G>*C8cMYqx?42<i}?R75W1GEY@Ybt3$ksVoRNW3Eiu3*G;
z+tyG1qdsl^7Nm&KFyvb>FUV||)#RnZg^|+Zj<wu~MQ=gNus0QUMCLz*BA)cWV9?EM
zGm}E@<~-l<7HBNtL+1VhHSHVPWx4*b9=LS%ef)r4P#<(Xqlp-uy{+7kh>93Y-5_w;
zba%Nv;_)1P9o%lrdYk6HYP?;B#o0}I{>~X>&{TfgYZU5st++mxG#+_O7f!xf$?RCI
zdzdzj%KCJgI%P5cLVK0?^Oml^Nq=JxbDHnd1uU|QZKOPb^WcgHsqbU|q9PY^Wu!Rz
zjcM;7L0x!nlP_h6+yW*T>5A3a`weorKRiS1%`JYIlq22?6AS$u27H-k;7kKSg(@Gb
zuo9gXh{uSZB3Dc6Xoj<~J&+x2hoC-)<7>llhU#$oSP13$i}O6hj{NRUI)m^^Sf(cn
z{~2QqdON^ys&IV=J&_3N6C!)h9M^@Yw>;`2rFzGQ;s8P<h^|%uYksut__6#!WamTH
z?4`Cr9D@!8y`Ok=Ap@7Ff#^bt)j-?4R)d}Ld!2n=-M~w3-UNmmM60xzi2_aim!Iwt
zg02Ym)npHgxes*kOu!oCn^_=5Mde(sjfDY_I#*t#8``%bra+`n_skG}UH-PI0oTrg
zOJgnkB!6;)o&TpErvhgBtW%hbnE?eo@s}LtdJOfg*9!bSn64?`9+A~wIdS`3=A#(4
zR!vMqMwV7S%zIkwxgj8N3GR|ep@hs20;>uUwbAaSAz{Th&Z<bn3?j0@wUxhZ)-6hy
z8ggUMHl_xc^xHSt6hOVX+&(5Ms#9jui4iE2s-(@(qvM~uvMtlcr=#)Z?(0wob63`_
zSyPask6kg<Ha*8wF-4SGlF4mcz+5c9+&K;pv#Q1^DepHg%+8Y6+c`TkyJ9X*??=D1
z*;clfE^U%K{jj6ES?G&<=P}EI-kYD^^{+;fyB816p<aPI?d5v=^dITG(r~(S2xg#u
z2k~`P*|Mt2tDXeC1Al_%^7`nsR};)EpHiGW22rdqj$tF)@{`z0j~vIZdv5ymZUDWK
z2a?68IKzUr^VfBgpq)Uyci4;Q<cLsT-b0&K2tMhKovS3Gwnq{Qx%`6QsvBDi1TFZW
z_!3pHa#}P_BDuVP6~kuRIKF*z=k#hG@rxQ&BrKg;UfzeLV|Wp;Pp+Q+<>B<?=Fa!P
z8S`hr-zbM}#vuy}W+ZD1j}1IH0MxIE)^q}v{AT2`rvZeaU#lxLYi%8vi!Vi*B(U9=
z-E?&s6X?>2F46E1h_3nqA_(Zx8}@?aXBq92t81%<MDq3Y#w8%uo>Zub*Bab0@E6~w
zTI=6<Zk-yMolBc%I{F{Gcw}=9`%Vfgzv0hG>)_$ioor8k0_y_$*54x;t+O6_HB(%M
zF!B_l%Z*GTb9F0MN_2#qTh)=mb$5~#<j2i+0L;;2$x~An#$#qNh7|)XFBC$g<YbxO
zOKn?0233O2{`T&!CxD}I0zHz;n}u~|)4sZlUF1^Y`Nz-NmYH1EBWL-%*gjC4a1{E0
z)5;GJC!Y5af2b!A@d2z)H#o*US)B;&5#TWu>+H_aMZ$_(%AyBMFpNZcikId^D0>6(
z<X(!R2@4zYjh(Yb&TmZdV;*}NP7sRn`HkaaVU}}K&z1`fKrVWDoKQtc1bAWom*=C4
z#~Wc=>@w<|%M(2_`=V-)(1HNhB`=|%ir@=`)K*wrf-Z0ot<3WSNCOi*ciw_;=hhY8
zD$f290&?-R$Tw-)WMKfD5@DkRA*bh#Ll<|GDecTL^yp8TxD=u1D9)HV(-mX7L_edl
zMpv_YK0>*&PhH@$ct2ksf4c1?TEV{;5MX#6oK~CMZ@h_rNay{Kn8cGwC|%t6d1sd~
zixJP9<gTB_K0CD|cS*|;45Slp#Fe2z+sqUh>g5RB4y@C-aFy{91G1hpI5Tn42J~!r
z^QzuvGsvweL{)q8s@ntTmDH$J7M5BLgV!LR+veWvTg&*W%B!u)$SG*z>%}p5*ePVR
zRSv5vtQ^N_^Sc^`I<>1RV<aq=#>>mi$L<d9j@sVtg276gw5!w=RJ4>}p3BUY6<Ly$
z7Aq2x``gmgn>Do>i^iY@HybTWh0Dr1{17x0w7c^Vs3nqBlvG-mkHwIct}t>SCKksF
z?X}E0+s%axoXk2kmsNFC)@5NB$9yfNl%#~XF66t4umS=2Da_B8mQ^Y%9FKePSvDr(
zHy#U(4lTsbRgOn_D^LWhl2;Reb`VTQ4y7FJ1dPm_8aq11Hg~FMXtV^5<u5BLO0^WI
zl@^$n5)#|W%`FZN4{^m$@6PNKS>TL>oXi%}I9n?mrB21kr413;rI1O=V8W<X)wC6~
zb<{ISSQZkiOY(qc43xZHAz9KP+I~qXGC2Qye2fXzR)LtbG<8B*4OMj+R)9bWeci}^
z8Hl~1LnTgIEY3F(D=Ny(NvGo_&dV`Mgvie<{Itxc*C3AoBXeZTJ1`=3%n96W%3OLV
z+td+jDmof4z?o&4cY={vP&>*!CE97win=O6o6|7VFq9lju<zBGAbg>!FM@iMu50lU
zh(alqofa-os8$-Vj!R3E3t?}pO9ai&9${W^frCxSAs)m4(<H$@@lZ}>fjofBC*uXO
ztXF<3&ywob<Epr~>8Y9ePqz5R;SbWT9ET7Eczw|lBCgKEy1ak%tD|4dk0HhLMv3#f
zgc1Kr{N~mn1y>s5**V81_igoRNTQSe==5E5XPixaTk9u+FM&(qK)18Or3B2Qh#?BY
ztCIPhS%q@s&CV(+Zx{1nXB&ew$agn9z&EFeRY3IWEKG(}iarmpK&l(d4WS%IpepvZ
z-Xk7o9y0x#Ld?9!8^40kD_m79T%YLGK%a;V2G#R-1)&xU#i&YjVgXtO5@wg3EyNic
zVVDdQwHStG91px^+}?`O@sJEAy;vvUE204LsX~xs99Zf>G;C_YXpGnwYm8VL3jHV!
zD81O#ToF^bIoWz)A`a9aF}YD52=+Mq6VWfi6VY%Xk-K4jk-3I{HAC4gG;<^Ya8B!b
zM83d#MB3<YVyl5(M1Q{w7=*z7V%#0^L<NSH2lPbNtaVUgJ?S3QISKh)SBSfUOt~<(
zvQUJf?gvB~8Z3)*moL2#)F&#;R`Tbt&jnr`pgM@wJOG_u9mb)L6y%!wKmdCo;BLnn
z`7G!al$Km*^CnL26QmNZ{jRqecIkIdF{-h+O6~bxnAT>^Jivt$L&a&(Y62{5#j7bt
zQtyee>T=+lo-oJ6Bds}iQ(r$}oS!(2Czzfz=FDS1C;HMaT^Cpn=2U6md<6c+wGWNm
zs%v_OgJ`Dmuu*vbbAbIy@B+2a@O@>Gr6V1?5Ex;;MOoE)oJCc%11i3tn>+LSU%K9a
z6Hq-aI43>BOHXuG$N<nd6{VrMD6`rF{tBOg-1#WCbmecp!vGk8tqZ}~QAVVNi8qGe
zM~=0L-mWNyo*}8Ivd|B;$O|^4i+*D2sgxoM_iy{0*Y<OwH)+z&i^14vgXUJ|zeRO>
zqrc;-$g8+NO|!PP<WfIx1oiW2+XXr+LQdaMT2KL?Jke+r>wZF@L*yca1F~-y2D4rn
zTiI8sJJS~L8QaU3<XsfJBp;7Chg5vkx|1tm&Ebo$-~h_>CWk-LP+ifWmFDAw875j%
zE@Un(u^$Bz-2;I#EAOh_>Y@j$&pg!VwBrUTMV8%HT|#dcVJtY)JP{)Noo{Bag^4Dz
z1Rv%B^R21k?1^3fUh&?;9P<4BDtG7Eq$@*oCmG2bg5qeXUxc^rko2d$Z)A4GFqT>5
zDxkQCDHd|zuw9xiDPc!9<enL<lUALVgl$KqkP{5<Vy#wey)<E;h^U46^Gxee)|8}A
zFAA=FtR)=P0l@~P1{RBM#DuN5<}FozyVPB`06$r}0Y<{fKJgOnuBDjAR}`I9zJ`YY
z{fE-x*&N|b-}#|VrcDI<y(p~(-ME3l{VXH&vjoS*B9%%%*SV=V+3sSQl}c~+bgAVY
zU=U#Zw;blcQC<mHk+Hva3eHj<9uf-+0)<@U;F0f&6Mg(@KWnn8b<{JH5~exTt!8f)
zpz@*N<P+BgM;cGn5Q?61nCanzDFX6<*_pUSsdR9|THckk(^jwRgL&4%<VS<eUewsn
zjuI?GN446hr8(Hj@Sl_>j`b8~{P;Bc32Wsn!kC$MPD-0(aROWu9*WzM7j$Yoxv+_3
zeT4;LaF4XG^|Ol(aNW~}UXsHaS;p7aO;bLpmef+J#nFdqu;UbRZLu7=5Yc}J#t+VR
z=kGG2#o$-XV#E%O&g+XxL(~xMWwh~n>qQ$U!*A)CjLS$ClbKPj{m``E8(BkNMgce<
zW%B88*7_bc%7yIVw9OyyYW|+3tHN8jBp#3aF<TQo)koJh-o}d*!MQIOe-$HKmP&5#
ztU!36Zy!FhV6POXON(gS9gbXt8&8W>{}b6HN+@?Q!{x{I)_{DA6flu*<2Nlmsc+6z
zpiLxYxHwI(pru{LOeNf>&UKM8qew(<^1hIV(USMR(3gl=35=ySou$;vg>I|K#cAeW
zPT!(2bRj>MHFK;+iLu<9B3~gC`8P>CADf%(@=?^d!N^&vTDkuNBS&aCDc`tBgiY20
zV9H!i(yZFAeep)CYBHZfxhGS&rD#7fG*8y48$<QbxK?0UPFqoW)0U^rf>TAwav0pi
zVy6uIM8#Z2!p|8wU*vV#;3YK5f{|Nka*^RoQ6z!BuoZ~4%vj~Yn!t0pw*#zbTAsLm
z%nCX_7bvT|E`b3?QKAH^()XHuC4EX2!m~9M<wV-r${4$zAhGywWpR6zalPV{ITOXa
zU4pn@kwhYF*>_P`CT7aV;!RxYhjq)oaT6Kn8+;r5w%RDEY!^{cq%g4#*}MSNx*l7)
zNTcYZ8rQDfBb~BZ?}N~#FdK~lM<RVBqa=k`pn8Q<(LIcren_HZmwi#GIdePUgDT8@
zIq_A=m+GLQR_>{KVd-1v8R8<{npUr2L6R0!dy)mW(wHME4QS&$`;d<!<RVbv+Hp8q
zrck9$z8Xtkbo%8*mN3P+DrHi=TH(YJG$NgR@19HKklTJ>h>!zs{!w-#V#eS(3xY_j
zn@T)~qIzuSK9%awN2&ULjUGSd+3!<G$HfgL7^lk2Oou*1H;yj*;k+SIjL5-EH@a44
z6o?WvSEBTF1~cu4DtC2x3+0Cj#E8uz4m}a+Ve+KtoGsEfS%+qK;&7o(?ciyp-)L#P
zM1aA-z=$J;F<g;L4>?O55CfU_CsWwU@At${;R|`BRLCmsXzDrbK}EAihZG5nhlXf|
zkJ_6?F_HZk^tpGB77nMMyJE$=qTeQE&<AE#aIr@02XN)z+{V{A&PjI+&<dPtIkT4n
zu?}jAB#OZ1I+Z4Ii}_n3rHMJCTA*bCQ)pA2lFJD49*&MOVTa|S(dX6MPHzqEtv(W;
zxMWp0jOcD&&Y!quYu+&*Y|jA&<!8SJ30|Mjvhq5kMkdP7bEKE`V!zD2h}^_=#NNKW
z3RAk|8~Sf}>Z=I{l~%g7b;Qz+8lIYGRN{&*DTIjLJm19Ukl#SFWpu>&aT=?UJ}c*o
zS5?A?G(2@q?H8Z#Hi;fRtMJ3R8?WL5_u3`qU0ArYui_j*FUROGKGv`3#U_S}@=~X}
z#|b~7T~Z6gw2DsDp6@T{#c<Y);&_^=;~(JLB=1a?jN(#Y(tOXzhbqf1<z2sCAEOG)
ztiG1d{)j2Ki`?l{x)5qLxgcEvdOdX#oDw`lRS7=VU;YuIKR=`xTZoE&pkwE*)k>48
z-zV_Oi<(|wSRX!r5vBW+P4W1LI}%39719ee+!=$g3AU5`1;oceY2?8kssjq$MmsnS
z63rXBuhW&$naQU#7@R-(>-Y7gDRA16Ny7SR+XHYAmQx%_#0cX1==0>kZH$_0N2sR^
zo=C<49Ru41;r6Bsj27;8D=)UvNVCKU0pzPPJUZJ7?%xZNU&{%Qzc5EwB1Zbf4st&a
zFcH{tVyf3i1J*}?W#T^}TXBpxx+5<XMz%Mb<zL#Z4!RNzud{yZRr5a?##ECZP(Z%c
z@jFu-Y<U<%J(C|~tsY$A+b8pPCGb0w9XJPV6vbphuI9#ELasKgky+ly(U2RKNB;iV
zz2Y~8p{Ya!?E@qF+Nce>Bcz7<2ns6C2_Z1#>9$OtHUfQomqsRkcJc;B15`7+*o-t#
zkMa)CsgstxXf%Htvb_Xk>#7d^#s!i0O1}<&oB3aU6^zphTBuB+f__O)?Y$tQt<M52
zJS*(@nIgF8um)>sRP|27d*bpMwoJ>qIFvBU4l=%#l9+Ua5ir$SJs!1fOO&PK7-I%C
z7e7WOZYoByg4s=cMs6t#m%A&l;vH)|Yt-!>!beCo4Heu9B~dNFQcz;^c+tq%3c#wR
zggEn;GUbsoC1$<G_=>t%@*u^k28cvRH8TQaNHP`CRDNa3pM<WmBX?E>ig;B}hO40V
z`=E7>xAuCa{MN3q2|XnRew1>WeD<Hr^1qWKUOn}0?dwGGmdOnDAjsNyQBp*6`R|b9
ziep}HT)!F*FepZel<}7N?2Y5y947lXX;LkSr70n%@Z+q+5$l@aLuBz;k>WsA)MVl%
zQ?gU}4%meGn&8|X=ERl(y`y3$m}6F{y^|6r0#6y9<Ntmd3b!ew>=K=tIpb}L&0P>O
z4U!ck#UYW1DT~JOBhbLLQ)$&u41g(Goeq@2MetAX_I6|w_5?$$hmM*eNSY0p;>Ynn
z+=zB(htg^(h62cg69tA)aA(6&=zTlrVe}&OQe#gNx*~a8zd&YvuYToBr+kTgrat-r
z8uG?`{Z|p=|C!f;j){f!e_Mh7zZ6#J-zcn}wF8xmzNML+lhOY&1I$0D^&i0a9~zd9
zmhK-8`-A@In12Gl>1df*{+$g_G5jAOmj1s3u|Hk^KjgqaG3Ng!2YyK6|5Fq)(*9rN
zz`ujobQOFdQ8R3W2yVqSSX^4MSd0Lyx}EED4grl)sF_+W1Dt4*jl}mkXM>lsx1v0`
zOpbN-wnvxc81~u1dOzl}%QQRe+wRsS0l2pf^R`Gws>{}GOaGh6>P=ym(!r)nnFqK)
znku5@)d+RZ3v!;StNt4ymAd?J|2$c$%ujBa#~V!@vV#hv)we_Ij3n+unjJ3;QFLqz
zIkUGUYk|#}^2;E9DI{cb2Tl~g)u(Osj--V7*4K(m*hOx}@H(&ERd5Si$_`MHJ`vlo
z3{2Z0OMKfYtm__%u+biiQK?>y)ac%5`fjl6K-itmi+<0T7ZA^clthz15c`x|@5j2g
z(eTxSJiTh_9||v~w=z5VKMk+O7n2N%FS4sb6Q2#02%o<9P@k!v($~6|?NIe%a)J8=
zkrDYa%(~pOEr{{RvX{M2E&KsJJpDM_`ct179KGcS8&`Gjie&4cPDg)zm{BZlWZqK^
zN=<YIQlC+NKE2Msj_h4yc4-Y+{TE~Rho1iD*ZQBJ<-gGm|J_*qFVzFXzav^U7Dim=
zAMirY!tzu95Z9l=@RO#AmEmXYlkLaK{)}xVdfNYZpMl|DuQUAPY8e<H|J8@#r~i+m
zWoG;Fwyggg|MdA+{c}vq@Y80*W%?nsKj;5YTH60;|A<*8CKkwl`Z3Y{_}icB{c}x*
zA0P9tn(d$SnExw|@y`_gH;(bIY4Gn8<Nr-<ng6fUmj1^J|GTyIgz!{c?7U%n-taIv
znutp!jE@N<WbvyJ73Ig}V@{0;j0qwn2IK=|7?l*I9hGE2#K-ry($dIMrvNfnD`-Jt
z0#XuGR9tK0?S)itF7DE|un^S2X=Dx_f6sQfHYCQA)m*>+>}pN*nC2Sy*`7jYT$w!;
zLTLblKQOm+c-MJ7jH(3B4FKOg89L+}Oz1wop7Dmo%dHyiZn#W<ofHzy0C8}pw9=Y=
zXx6`mzJb{f`<2#dJ$;-Vne8uo#*8*?6C8!#xCwA=)Biql)U=ZrJ@m%|91m1`_DxwQ
z|NYbgqsssJ@kV>~sB6xLVl;W@Q@~YaZPRM2AX<W2fOIl+=6CuwD!6ud6<6d;oSx;z
z_U@xjQ)w>h7LDMDEzW~p%gQj2RB9)bV1i-5tl%U{In~%zXjGWf&>*aYs3b;KMqF7z
zVKiE*-xsWpEn-$^`V9AjiRm=2h8&HU5Rj(S%y<@u?VmHhTd)+jO4mPC0Ve4!&=9m;
z>YO0BAe`__IoEs?0vo~4xt%A#s$Nvu6qB*kM)hp?VCM{{ZXczLLMi?zp;mjp?TTG1
zTM&&M!=?5bOE9k#0#ydu2NU=7?1<ERNc)j5#!q-L?a;CPm?1Ik;H7(n`tTkoi+zZ<
zLW{*{Bxv#tPSC1?Q#oXld2elQbnKY5eO>y>re{o8k+<#wIX!{CAxO2Oweg?`!<q9m
zY#BQ)1wwqUU}tpXctJ`|P)<{5rP+hCM6UCfb8&KwRDC_@(P{n!oGUo;sDs71;XuvN
zu`R_AGeczOV}AhawcoH|`+>IP*^!GnK(G-mMRdd4_{+t>q-+Sri5vHN!KdT>>Bsa7
ze?BDc06MC*Alf;F&q93yh?dEB@ulgZrbJMN#GK`L(d$4Z6+U7As8O{sg^QmNcFS)8
z$keUls|F9@#a`6J=HcgwBgvT-ME4RWx9xQ0iANiY$pU2&Wk?vEHT^@)@BzTeXGpIe
zrmy!P^tZsI5y}|-(6B)oOUfIp0jjSoX5$9ZQ8a}gV`lTC?awt|b3PZTF8~PoV+&uB
zAii!w=}LRhUwN74^F7cpD5&`%6Bu`;3$Q{=B^M19QV;3uDs5b1F{t*!-A%&&6)NMu
zuHTjc*U{6I)!I21y$0bCjx~diLNjXZ0BIM{ZMoeoq0w{|oAO{EiAydNk&|PSPw66(
zovT-w>{)7UZPJ!;O?-h2ISXE*1Npqa>9HTtn8jHj@W;4q8%%)ea4y-_;t}^n9SjTD
z=F$WgP;te)a7xa9H%))9;YBZ6cAP%o91zz)GlYw@R-wJ_nm*JVUY$JlOYY|r$KOub
z^<Q{#dHvqFjpuqoWTR#f4~?!RF(jFgjJeUzpk_75Cpi*6mO=>i$8t^>x-KYv{~_@>
zURSLmb`09p%;o2c&}Z@;e4YZA=dYrd{d*!@ssp!WBAo(S#qKwouIODr+ml#Wle{CY
z9IADo&8=exKa&NQC?amwH0RZrTs)6VCr;3zix(u#CNB`2pB|o)mJ5B)5G)Y{AMv4L
z)s#*lUT(f()wkj)|8TRY?ao@=Ma``_b(7L5naUMNwvAfTmDYO<B!R1wgoVXh9L97|
zH<_DxCGt(>&GqKJ&+&p?v_zo>sy0rmZvJ;!50g>~nPj4|IHDPhCbc&ee3Gbjn}}<I
zbAKW!gd#n<6!9pf#$KQvp|)g9#*nH)9@{LvI+}oRgh9dYeb6LJjjk9O`$0`Iktw<Z
zGzY18-|y5Wd3ucu0_60uiHKQ!&r(~mRFbK9^8*Zl$Xoe&&U^g`*w-2vQ<6#j`d$l5
zW-Y$;Nh*}=!U#w7YDOv+9kbS1+ss?y@%=vSyOb6Y_l1{+LM-3Gf>he~{buwR4>&kD
zm>!j$%QNFf(NCMl0(HVa?|W``VDC>+h+aAyMXT_jP*~9H47?Ift+GG4o8yes@<xTp
zN8`d8gA8MJUohgsL{00$!tqCQ@ZDEPs}ezH68R7S3&n_y-)A#RL1?&h%nn~>vrM%p
z+L#-<y)$oAisG31O_?)g(of7AFshlWm_bh`9TC02s`_m^B`#-&c8e6Dz*h=X#RpgA
z!|bBW0M$sRlBr|U#h_T1<Xg881SxKn^otwj&=@xfwQ00$Iz}7#G)Xq~HcZ_oUII^z
z9w<I2c8&TSh6IXOW-MNqcA@*}_S1_ji{csMf?tIOR*Rc-s;Ur%_L75Y&&m{@_o08)
zYJDoQFL6kZz?r-93p8hc1u$ZJ+A_9HI{_XPtmwg*ON$|AzPQc4e$<5g+3QDl;aG|m
z%RO2k1Qr*s8N@)C8(!JI0u<rd3C#k++2mV<y})7JE9S-dIBYrlFt|-PAR|+dFD5l2
zGb%M218QS+lN*a$AQ~$)8xMYu^CIh7Fdi&!C<dM6lbCULI$IoDG&`SgQNI#jO>u9o
zqqAyvYd30t>^=CUfGz1I>qcuep>OLUf`T1O&0(-FZwKi-6mE7(Ai}XX5Z3zY7B6hH
zPnp4DW~g38+SPGKGs*I8t9RVw^C9ge;q}O~@ZENZV%hbUc23iN8}$rh0J^TMFSk~O
zo#Lq{^!U)HXV&`b`SY{;{@&JZaHDN(6`9P8t$Y3Tsu+D^=n0Q-6NFh<?swWwcs-{j
zEzjSjH2n%N%Z6yw$stxjeLT%W>`OaS`cdvt{T=Cp0kjGYc=SR7EVGqdcy|5l8Vr(s
zh%>!M*s?YZ9ghj0MJ4akmC|lc$1}z1mj-vY^x^q2Cy<uGXTWCk!xsI)&%60P?}nw8
zZ2eI~T;JusTWnSURuAdE#QT&@b*o1W2!V@}?x!%hV)nqoVrKC5E>{WmqOSZe&@R}r
z>l4;Mbl-rSiQ(CLAh4Re&gu>hNdF`*tTK1BD6EeZEqk#=gx#CxU5mxVi88c|*_c1e
zW3{-25nBD12u*0sBd&;T%f#1t{C@$_CF2&=v5cY`yS28gKzEp7HYR*!u20jwcX%05
zw{ADM!CzZ%;sUhhF#0j_YtT6Ou18f3Oacw`w+cSO3@@uGiuN@ho6m+aIbgephrJnF
zOYRuY)+NvA$~-^di`qeT_w#e5b={0P4^pXSO(PD8l1z++lw#DT%mVHv4B`!pi4z9k
zlJrwD%^)Kr>H6xm%9Wj*w7r~2TGVUb3f`*Tvd<7(0xLcSlc>6Nb^b1(E?~E4_n_{n
zwoos8Sp6C){$*;HGg`$OGD(ODw`%iMdPy`-4V+jxVj69%A6*KZizaj3ZM*B2rAZtW
zKl~2E+G3zL`H>2jfw~*kYIj>e;$inR=~9Aer*K=PG>iHdZ`E!}#K*f#reb^kil_#(
zr+B$cO0(NoaVMM(YNSTT9j3BTR2Y4DbR%$T=Fu<9bh7z9MU0_PLrYgh^AtA}ej_IJ
zPDc(_NxIvfD5Zz{aoQXf+wSu@mfGc3rH4WY{RDd%lo*|;AZ_+~4|Y7=QUq(PcOf~%
z2IDr)pc6DQl%&6cxZF*cymm+$6ZDML7GW+|z@cED<eitshx2wdjLhA#bOf7AAT^fR
z;X%{LdQIQRPMrfJ)*``T?jzr);)C@P`!K5^Bq3xjOFm27;i%}K0Hvr!-a?^F0aM{j
zp;|&M-rZxYvQ$HXx%f)*RJxHSYUciT#;)jiy<eb6Eh&90n|Yh1t#1yp+{)SamJzCl
z%@EaDrh~K2`wb>5WO29qrw@oX7tM_x9HcSDS4Uoj>6Mk0feowE<x|lhjm_s`*6w{-
zU0scV>m7;acPX3*!hkzrzKT{pL;^})%x@t&4>-PHamX`pHUZodtr1OGPEmaNmFTN2
z5GYVCqQ?UmHKH0MN2YbQm0kHjtX`rC)U-gRzREu1T#fFhekYKs=a)w^O$dYwv5LTO
zX{3OVctJZPjIiO@T7B-cz~UG({U|%;v`7iDQdOG{`7Xe1QR^7%gk?Ua4nIq{>lo&-
z=lJ0pL_<T;i2Vk|71M!z)(%A~x%Pp#E^U0DTJ#`G{yhBhta#a63TQT;XsKV3B85^Y
zA8$2MvovZ;url_L!o|qQ5KARy{k=%icbxfd$9C=RcY&V+2^pKKqYUw&GZ_q2pc%M6
zb-)QIcd}yhX@c)r4O^f4*Ipgwjcq?6E!_U&cI?c1=x3E$kCWTYP>AVOtwlAWm!qk^
z_r5!(oJw9-Pen?Zmuc1X?~}mlh&?KZvwWV44SyQ23pKFzl3Z!m1^X!}!ZVXhuQ_5c
zA+i6qb!U#Odb!P=5#rISKoiojNKa67cA9T`Jy({u&nrF85bX%S?!B^l^wJEVpRKpD
zMQ=Dv6SN{OG|Ma88eRli*p~^<8^>h-ev0=kYK_YS?@Madj~=LQ-q)I~^VQF*i28{$
zy9m>?Zq>AglaRqaRwFZU@tVUBMpZnTQZ32a-)p_OQ>C4)@Mf?^v5aboqx{C$D6sB$
zNw%8q{Obb6@sV7LW3oAu$f&;%1>Lto!)#-v>Irn4NsN$(w^jeyqna$`{p%9p8kx`%
zId;?ZI(;f1bzF>Ep|N!9fTfZyY`38yU{_bC_A6r2zT%Dfm<~e!fcexUMqo`djCmAI
zsEPH4dLKnF(l}lhAvYtcX>m|Eu;R}8SG&;tj?sSW0WWJZ)(IPg;|<yo1~cO1U%hn;
z1fytsMX1GsH8q+AL_~@#R=HZc`5eHnY5BhbDWToPTlTYgTxYrY(N`N}pORizjPeZR
zB-z5z*n>8Fe(vzaY<!tiLIK)&wq514<mf`Z)V=ydO@_9Yz1G;E^*xjM^p=V>5~0@g
zU1BrT9to3{^z_-kU@k5DdCyrT4mWGz`Pi~N_^-rdNkRJSuTb}j(f)E0T0(_@B+F8{
z2IbgtfdpmW)zom{Q(`Ul_tC<qhZ6F=(1{MQUL<7H&C|+bkVP{d<Z^oAjV9kiD_APz
zh0D=V6By~&DpJxQcicS!EtK6wE@4`^K%N&k-GQBht$+3f9Pr%&t^><;54?|H*RC%}
zWz+HKdG$T{-_$)Ctw+dJL*Rfbya|LrNB6tw#xmFe4aD5yZV@|Kjw-nPdD2nFlo@<e
z5Z=9~xy$a@&o4bJ<;<c4@~QFrT%EOb%%vdnhGN%uu#AmDTVB`hdyZ43Md?js9p|J{
zy9c+9ijnfT819uSmp@ZzNe{lrb|WcJ%u6)ga2R#|tua!UnHjP;P0NL~(a2PzFO*|2
z2w5kidJ~;h85v<qMr@l%edTfcHJN^GqGOFXj_b|H`+*j@<=k3<(rY{=BPO*=Vj3rU
zub`kn-=Lm8oU{@!mEX_IHXwyg6LfyLR)9g;Qa*nirN?$_I(_Sh{JgE&5C(IJVTB{`
zTFHY_bj_HSd*?_+mnykn$gDA;tdPKnKO1K%)c_qa#%P>cXPU$|9%uBYT#`<jK`MWK
zLV-%5^00_r-I%(5qSjfht->SHL+WQ&;(P6JZHr*3CUi^T^iko;qtT^Q0~(z2R;d<T
z)O}YzZu15KD9T)aPMkpUp<mkV9i_D!T!_P*mEKiPZ`|5WgYUgbMuk=kJgYu+)wfci
zUfD+nk`tK8M$C~b9}!yZB7b|H#NvyjM@O456q>#~kE4)^?s53Su_(Bp?eLKk+ldK9
zUr74*q3Ps~vI|(HKz=fe6%`S}%7|m3;GiO20(94@>jo5O))9`?hJTiH?Q>^&II^!h
zTRdY)&gm1!F`8g}M}_WgcQAe#VN%#ja51-S+ZhzUsnTIrIWKoBRC{ZGTX(*haGEr|
z0ald`FP<IO*UGu4DLtH>8JvYJFIwE1KY9HT!RcSla+l@mwcIBzIhEn%BF@)W=}5qZ
z<CDY{9Eri^vw(;Zr#<*=W@5*4fAU}(zvqAsG+VO74Vxp46EQ}F*ccwAzn02-UeJCd
z)_W+0n5$*!f*b7gg?bvEqwnI$0*6nt!WOjMXLZaq{2hc|37PB~HchVA197)<N*`pv
zlz67}>p<@3d84Ns+12mGdW4AYTheK!-~QZ1HbOXdU54Gu!FaHVtQAY792C`fy0;8b
zw#4G9@j0#9Sq5_@v%7gqy%FkU>RL999LK!a`sjOm!)w_da;`TEo;X{!9v*w4v#?gI
zkHJ_TXWm)C4_tHOJ^2uk4s37Fq6kNrgk@GStQwvkhE>czzu!$FpXmfmiL*_@#n#}r
zzqmP5y0rxET|Tn!k3UF0Hk~v=d1}4Whq8vUAJC7l%~k5~vNKbT#=+S70Sfo(g~f)z
z^!!aza&E_-bJk+#khqvbaq4MSq!R%12dl&sg^xg9`8EB=4_;k!HLbM6(+}P6wLelU
zCEyUCQ6Uha3;7dw=qC`VnHV9c!0z>lX|XBj)*rbj3-*{Bj~3p~F6U~w3G=q>@XzL9
z#@sTYZZT4CA(t)FEQO5~>ShC10{V(Xn29le*QHE^Zy5TGT;TCD1>j2QC+NjNAP9X>
zGu@yh{a&$zST#?`Iume<z5WA>#kB+eCqMI>Y%N_DEaif5u^`5BUXXrMQIuSg$uPFm
zuOSWSfPB8u5L(TmZP1aVEpbEqD&d;hir$JiI;9PwJ&Uf^f@f6*CLJa{Du&=dYrehc
zdBo!Yah{~8J6~pW`*6NU6JJ#@B6bE%uZ493O+cZNAjocybzhWSEQMH_K{}6Z2|rhp
zk_AOB`_a8YxJ9T#tZT3(cq{A*jyW9jAacm*fxA`1RoHWAMd}$UWU#;H+vm?8_$_1~
znr;hD{_nsoL~eMV1RlCBk#9fl_+ozD;J~zj>G=sb4DbA=y+j<(P?f%W@5i<-pOR$=
zhCui;YfZbeO@-+_ut$@QEQMnUiJmPr?#v@`nB)0m%kx{GIIYnb2`$d@H8tVMLuVTv
zZ%<qC$rBc*B>CK$zhNulP_q+9<IXPFLyDglw#Qdieu)&oG0M$ZYg7uf?vHklNSe_!
z#PK*Q4X1!va(051sdubxsLoU))NAhz1Q4V&h3=y?m9Y<Zamh*c7d-9_Uc)dYh)F%_
z^~xk88k8b=GbqPzCCPDDf1C;ZCc>Se>r*Pi;5ChKuGyxZGxdt_$Nj;#ggF55_$sIY
zgq4M9m50zi5%aTe@vtIvEA`5;%4eBjJdIF}DFCVL21g)>XTvLuJJ`nzBgvfE&k)q`
zpz(~|w;uvF>b2<Xi1F5%gj_?!(*+%EC^wCoYdpd3FK{e|iK&N+#opuFa(8s%4`j+@
z?1|9vu;};+qUHL2k=fK(S*=!&7eki07rO_!o4BxW$jEIE5v-<;p{9#@4U|Gwcjg>5
zhEee58Q{W3W5BG#ANRK8L!{@$^K}#@SF{UThIu3Y!ON!{F?V1~RJ&`a&F$ohzqYGH
z2%ry6WWqgyI-}9mKT1^HB2*3=JihG@wiV*Tk2Y))P;(aL3Zn{PcS+()eS&h*8TT6^
zYNt8hTH0@a8}t1>E6=u84TSRO?g5R!Xntl}=q~e-owN1y-WswJ+-kDkFS2r}SO;r*
zgrsEz{RVK{amCt%okbpeSVv(fR#Aly^~tI7Z*_p9Cls)(-?@f;i`0#K!t5pdpQWJw
zOZet0rW?NI<w@#;^G1Y3$uuj5<ZuSzOQ7elA+f5cV=Z~dAFWQuJqSBj_EsW$=7kjx
z#r)88lzJUdvVkmVC{;ucTwzZ26=<JzUeqC&Xnp9+2V8AV(XC9c?v{UCQX?$qlTcPa
z!$3{+DB?acIrVG;iYj?MEzrG|uPpf-`cW9RlEnqmn-2HYsJqwZw|w_2m}mZnz`j(`
z`6N%>hW>l$E%kV1(`6s9Vf%~kgTp>>(dE%Es_0#kgW<n2s@{>XG06j{hX#F^2Tr$A
zr@;H!Qa+5|gZAj#EQGhT!}%Ln9j4m~u2`O^r8XrLS!=~raOdxDp|0XcZ$17&+=<^s
zRFtdryKir2<M~D3(1jRoWA2ZUW3U3<_gUKIQ_Nd1*kQ4BANw?>ol;U!A8f8O)BX7a
z0wrR>)wfEF0$IK#51egU?!PV(wLxI7{Y_}rM09y@D}|v(bY@|4pC8mqA*f=A^A$^>
zso=7MpQIbqTrn<jtMdp?WMZE3g!b-DQ#&v}Mcbe^37vp8GEIL43}@X*yG8{)dH`Zq
z7|5K0U<@z8hilWhrgY}XjYN;%g!C=;X}7qCW@?Hv$2SkM+SM0`ju(E`$xS8tSf&`L
znq(Ml7<<keGAgB1F<$1^J}BG^9SP;Ytj?Lgb~W-Hdm>>(fP5~SbJ){~iQzz*-5}-C
zz&{P*y;fW&BL}~<YuiB4UTb$s0rYvfV={N2*mY9jLA^z8CCMSVE7@Si0)HlNG3OgT
z@VKvIc)>QETVbXl-N$S-5jae|yRZ8Vq+s`i3XzJ~N>3EKW9G9K=QV>GIv$-{`6C?*
zxoZSIA#_sZ>P=ZZH2sy&IDcq@FXV7Jw_->;^OUmDU?>_|eQbhelA)MicSd5dD&BI&
z-ETmJ^!h^nLnV<OFqSe@D^6`0nh=aUR*|HOyRz%lY(!po8L1}DXHhQSZw#7%Vbil-
zyKz36XF@q?B5}SkzMk~DmP}s1F=?WvdZ2ZbwOz`{+`gXd4jkUzU*6C_@ii5^lq5X3
zZ{g6~5OTE8whmnHS(z28VpQ_{x)sG6QLQyPnZ~MyX&|sqP{jPY<`;^4vw-#ct=QPa
zBge<hM7d{qb@s&S&WZBTxX~k^{*_S}!JteBW-P^bxt!5e!%NGcKH**$SAxt;Yu5&b
zl*-CmM`Y$)E{)yON}MmmrBzxS{1>WfF>#G3V?uB(u!pq}L8Z=_;|CkhgXCvMvw0$4
ziU!a^B?!j`woQ8bKIGssBN}Ak;#O2s62LN_1h3hXvn$~89E=M`O%_B4utv>qLNNO&
zMSt$W%`X1ifF)hOYCLcR3qbgmL}A>tz6srW7Q*5oVV!iGqI!s4V_z8gr>0-L?x&iB
zrv`v2B6h!kx`t3#cJi@x3{29SxlUl{-P6?7`NRy+1iN@kADKYgc|T4K*ogjU`-Du-
zubv$0a#HoEN(h+DjGN{FqZs<9VQO%2{f(<i(ygy%03T>*JPAb$hLK7DXkq}kN9RZt
zPfxa!YV`w2V<50Kq|aFGf+5-g<?6XW!BsNxfioAz@_l6B6Oi7|+YfC^>#dnm?OB*v
zSe=Cd@AS+aE(Y;T70;>HOKqkbaYyr!>Qbg<9+J(k-kk4y0hcUnfaz()^c?TZ0G<qI
z1^g7Axq|Y?08*!!59hH2TuVVPb#88&1FNQH!UgUa;PREx;aCw0nL9eaff;Q=(A<4y
zZUvM}5?<(;WqyXdK~cRjGc(r<KC*`PKjj1VZR5h8Y9(er%DIBcDX(AL<U_}gW|^sL
z$c(R5yjM~kpj_Al=LND93eD=#mHbTz3ZkidwUi5ZV!`him<#B3SxJ$Q1kO<WHxq{D
zJ;cG2+5#j6H&vVeY8N#9-uXsIs|!YkSM2(^-!Yhjk#|0Iy~rWf&zRiN$Lz+Rgsvnr
z2behiuq(;CuR{f_*8r(`8}{nZ+VrswFw(_$0)w$4!PrIC%=s5UUbC04WXfVt<$Atj
zlZT^!e}TMo#?WqS1BUMowD#oUP{M(-y4nMP4usT0J7%>l4d_r0?7CM%>RB>F8DI&n
zE@0T!60z_?hQ5)rl2N9-22=Z0oPU~rVS{pMRcV@zx}s)50qR1ZhkKE|nAv7VnVS>j
zL<w0*g+__uq%tHqD*0hyqEM>%t^Zlt-kQ3)QhvfzWfdt^aM#>eU$~o4VIt8OrK*aW
zQn6yf6jdc~j+2sSDNI>IOA=tZhNc4RFKsB}MCF7fs)>SniF0y5VmOt2B+^AtCa1!n
zdvZwggflm$MWx0;fPC;C<s{{)DnQCXhX_9i07X@$&YGeILuoBy%Aa^FNp%$kSw+s~
zoFYyIKwYIC`^dgxL%>7;0kW)Vl;tV1k`h_t#HGchMI_V-BZpK+aq{vbl=)Sqd-4d#
zGx2irM76;l@!pDX{YYlr!kWAsN9!VaMcU?^z*<E9z9O@Wz(KxM|G2%ey)^%D$-<_#
zmYM`6-l#&R!5}A3;t^~@x!zH#pA6zuU9Q-UJsoi2lJ27!`cXh=q`uw!(&#4L2rEXm
zXJzJRZ(^+l4Na^HWF=&kMi{AD3ZMt{Udoe4D73H#qX{ad^W%;KZ&M90DgT4AcMh&3
z{QrD|iEZ1?#LmQ=*ybde*mfqiGqG*k#))m6*yhdbR_)&1-*@Zo{iCZ<&(mF9)lZ+(
z-JjR{HK=w9kBNb$0@9-;4(T)v>e$;BUTt;v5;)Q13|tf@L(11Wo7h(?hX7^XiFdKn
zsf^(yVemJ*uE-Z_w(I+K%%u$1$>-(gEJ8UeTy55hMQY&p2UQ>HzSdxN0d+eIk)~#{
z_<)aM+Xlj<Cfpq*8=`i019lwj-2~B&8do~_BN|g<c3}oJ$RMwUH@7+efR-P@^~fUJ
zF(-)IK%=i$D8IWO?@A>3x8{YlZXARouLk2@Vnc&S<zi9&)Zh|!1}-f|z?c%^`W~E8
z$x$7;wEN(FqfGHFgLQWrPv~#w*c;UoV%)00#A*$w8P-!`{t-?GNq>bY?7SZcSoC+N
z^U~5KYI&c8ji?KESCtFWDvrz5s&q59HEMY~T2jy9ji>|)SYCg$!m=vWl%~4X@=zL;
z3SJSZQ;4%gVxNk}D9Tb~#+GPPjzAoqyROq2)6CoDpI0f+-o<4o%Ti>=)S1$bw&SIq
zX(`YM>P(cnWJg6$VGjWe<who06VK8MC<u-p&Shk{WzmV%$^<hbCzAg*64dc1b;&so
zL^}KB-(d;dRs4y$`HBwpxagDMj_C`z=`%ApzXHJhH8Agrz(QbyBh&=)wT@l<Zq1`;
zhaeqE(){@4+eA17Nl=h0yf5O@0Op*7*?`WTPpmYJJs&#M$BK2(!;Yebz$_wEZy<*Z
zvAyQsF%q?^KzWy(=aQNYQ3*B=n-cK*#Sr2t9V<&uqaOc)FjWcwZs{Yq$kWq+Z^sbG
ze$JdevlGm&k7$h2klfq$T!QwCtxtzD<f{&HJ%bD)r=foX$q^UC25v&xpcAR4{dw7d
zs}Wxsg!-n}3!o{UbW4~GC`ANeBq}DyGS3dBMAE?0V*j95NPp7$i7KQkFUumdZAm*8
zJf08GN4%{!$U@2@=qXRBKHpXv1;f_UVC4nVl9VR-nQ4J!6)Ckj-Ux&^@hX8kWYP6z
z#WjePHZXyhusEdCHkbe$BRW{Ke!VTjm=M68KL{*fNsX!b<BV8SQ*SS_gB$Mp)6>RW
zO!{0_yEv!4+GpnWCfjz?GGx&;6^MzQ+kvsqKQXr2Qc>+EKxDq1J=4cket5OY)lfs!
zVE6a$bE-Pfl4f|e%93AsslA8+A^n%}Uw$)(HZPsmbFWVQM|Oljq#Q_RJj<ENo=HRV
z_#&PO;$ov3e)b#p2}JfI5@@R?@%CTidKayK&kH3qq<EI_wNG~dAjRb<i!II{)Q<t;
zHPal36eAMCHx>bE<rh-MFBb5|2DQO6MBiQ)DzXjX$Aj*lT9@2FM9B0B@`n1kp&hg>
z{bq=X7VM@S4MyfWTT!S__Z8UEob2(;4;86OWQw95#T?LgbB+B}f6u!(;QSId4{2O$
z5n$Jy3x!7YTSzn8A*;^@SP=@LBWm74A-F^^F8HqsaxRgKTFk$^GVqKX!)oiM<})(J
zG~M<g-vm<<Hm*4%cA{YOzfIYh+)yP9u%yn6>{vJozgX^ai$++HAh0{E6Ux~~$Q`R(
zWIFRW+xQ*r#gSA5j%c7K_oT(;5FA1|+d{*q;@u?G43HZC*ys6kdv=(pOqdR}`j--c
zA*BV7D^CP)2(NnO_<$ddxt$S<H6u;t-r$kY1SfZ{YLum<yIapQG-I*dW%F>7`F-HB
zI<u9pIA(GZHtk-p@Q0-&-E07pkX7p$?;JSNPh<M>J0^B$7Svs}A3Z$R#)kjzd9WRP
zvix@T4SHVu34Rd6#H6#+2Ri%!s|KOSOmgXIds4L}w+vhH`|9zw{o>@FG`39%)wFFK
zi7!qDe}_lLtplTQY8#h2VV8h+s8{MH;BgxReMoqPgTHT#ExQyuQ6IOZ`<2xEeEyx-
zglgQd!4x{oeI`j~>b#BWb!WCNC0#<r_A^|v(~>R3<0v+3c7m*<FB>#doT<5>enpCU
z5dou}pAW6Uu~TBqlDc#jdQ|M>s{G~mkLnJL%!JtHKYU@Th?Vb+5+Pki#G-=DM|9g=
zDod%!NNK7wA0;o=;$`)Y3puZn3V@KG@9}>F!@09)RbXu4<uN)Ia%FO&D|U<vr;C3O
zsDqQ;?o>j1M6~F^K0)Kj12^4Z8gK?^*<$)<4d#0?d-b6C;hXxlR<yY%s=sMiS%25+
zu}24Q(8{TRU4?(pIjZzCs}+c;qz=k*znWU52vyC+?UL3|9rg~XG;T0YTom%fKK)T9
z%{_!{>bO%0xeb_+fCF)%2^l^D?BAnUs-HOhjxXPtPK(4gfviWSF59-Pa3$m`H`HTD
zF#`o^<~POPGUE-g>xFYe{H0_IhuzUcXjzFw%_)zT@i#1+GyCPh&*BsQ<PqGM0hpyO
zpKY92HKf*Tqi5$yeFHukR~@{m_Y~TFoaPiqpB8~^hinI16$gnJI4Ltmxo32PF^14a
z8)9Y;7mVy{&e+<2-6(1HZ;U*Q6S3@NA#_L^MI2BAFiSIYD*_*ksdwHm9HmsRRvL+i
zjZ*bjxAIqvX@HFiDUFcI^`4WIw4?>vBkm@DJF#mpPdQY3OgUrWii%~p-VGVq5YUev
z`=HbQH0qaHa*E0m4C`<PsW9$zX-t@5*y%1kypC91bUQka0q?anxF9Fy&g;vv>-=vJ
zo)yhEp9c^T)Sw@KAYj^imQB-CoTmhH1ZII(VYY{pRI}fB%hd?lAWf{tsT#N7Mpf{#
zk{MZ>P~?d1pb9iwPj}c=H)+p0sJT_6X|^LY_9LE0H);u}+y|E<F}PTI=8cps^`AOc
zLc-svQwZomy}ZyRFbd#K9s9hW4R9J{4>PyBUjWXAF~-CUHMDe(4;R4tF|mdJngJB<
zA~SQdfu0C5Shi62V?ozTr2x}+b%a%fkSX7(d4HAyMBxs2Rc_I-?!eQv>dQi{mLN_3
zw8H-LAGzL|8kDkNtF2mV#FZhHF+%C#klD1%IP_6D>;0xb<6Ojt?UV?sh0Sz6UzCe&
zU*;dSj`>0nxsY&mzEqGvA*YdB;sag*q&%QAAzMwnZDbCO*CNVacOR+}k<6ND-<8&Q
zhoM%~_fMcS3Q&3nE%=iYkaXk+|60wfo+om)_(3q0bQBAeHjM5{cck!$z74oM)CtRD
z@~lGtSU67SQ-^(B>v1fsH{GhwX0&*9tc-th<<-qI-#(t5F2>uMJVxaYaY}-Q`S8qU
zQM55OQ)AtFr$Kw?6fn&TluPUL+_=0+4EvZ<raa)~HO<rCO_X|GluM&d>Gkr{8Y*2V
z&;{As+E_s$Py&9I)suM)t;F3h@$%-G@$<rFgL=Q3N!-a~5M;t#G<&+BhgX;ZsLisT
zrmO9C(cGnPfBsu^-gP|8Ixo+Bnhr(FcFg4ULZf2qW!-L9cq;IB;5%bDwR}r2w_;48
z+fJXfxV<W)iCC)kIl|M3%6!!?sQv8He7zj27D~w@5r7axU))xd6#HgI47Dz?%a)_r
zN2bWs5%t5~PJZci_L*;yQe$VY^hm0u7=$t);rYle5#*6P5$sWPGok0Q|A{|qYwu|z
z%s37qhvym35)Hq9ZRU;ekF_~Qq{KDnBIR;8!_n}x*@3rO15wy=z$7v&xqvY9tM7Ki
zawH8dgtt{t&jy5dMTh~KzQw*Pc-<ARHpyiNs|;;uFAGp+*EJ46nnC9OXy7AJHCH}z
z91&U;-^IjID3Ih8C*`4f69bSb@U0-tPKoV)j0dRPa3*DZ#SHLCeU!z2s*M)YK9m2+
zP#7KNS9#H(;7`138Ho81E{t&))u(=TWO}}8;yM;ddMizNt4;9&VInHoZ;}4UiT_j@
zeWi7mr?@QJ7xWzEwM9zUypC-SiEHL4mb7&rNw+nTw0(%@WEr{CAC2|dlF{>JQ1jrA
z?r@o4?8KCbUKyQHpPW_v)A5_KI}oS)l%g8sO`T;VE?cXBjBI3QYe+goB5sQ?JlO|N
z22m^_klBkltpi_1&*NI^m?Ej;sn6(mkZLr-asW%G*f)WsvnI7;8`U>K$fq)1-+jbi
z`+OEOiBB+tuQ=XJweB;mboN8<W<o@2mQ{IlPM$(q9vENzz+F&`I@(2*U*L^+v#%F%
zXM(<BNg@wYN2O9HK@r0{YCN-_Lc3BKuS>gvBTx8~c*A}l#qU;<$sL;z=`lXU;6p^p
z1d7k4g0x#<G%$YzoVHb;;<41EUD`)(lp|@qeSvbLJid~nZh^uERLJ_6BHeKG5WNnD
zFx_Jm;P;%3K=oL%f6<<mc%e3`i-#rS$}e@HMP}1MA+p+%YULD$r&9Oza;j7MVuJM4
zV5bdz$-)7OzEgxmurYQm_w>Qx2F>kFl%m-m-zI{rd3BTlXJ1gIPK`oPZ8S#3p<dcX
zX*7z{M3S>?KN#MjQ@Tod6v=TEX)*4yd|xZ6LW;PYrd6DxT*aYLTJ0ge++!3r$%$c$
z(Ye&**=6>tY=p;CiaG3?htx3b4S&*;cUnACLc?QxliuvAOqIeYOHxBgLF)`DJ21YG
z)?$o84=JgG_F7@rJ}e4B<#$6Yr1bi|+-PU?ym5%iC3%W+ohU_wY8~_@R_T77OhUo9
ziUUoD?q5;NG7}-DR#A%EoegJ?F6qP40>(e{L-Btj&<g(QIedrL$@o!Lj#_Y{r=)ru
zTZSrG7&!5h1mmDq=}$sp3U|SchLYOvgfaYrdGW)$`1qAtrLcsFXo|tkf|6-U46!(2
zyfoEVlF1Va2#|W>z?NU)QjAFx9V3*Jk)&8FBaz2y7UKA6HWYJwCS}q^1MzUGEZo8S
zKnm$+9CBNwFMeF|<{=`XMD;Ja3}qz>)uC2FSglE(%tT`>4EI_g4DBfB6Ze`_(;t(;
z*y}Xq!s|}*xik_}If^~LeJ~`P^7!v^EIgYeQF0{t=<#vF;?W?Wk$7ps;#`tEb<)S3
z<P6~jU#Fg2pcEf393Mg@If`TArV`1<=MTRH{(X<*`=~T3+F0R$DmiE@WnzLMZJ28;
zR}bcrOvW^Dg1D9tb&q(4*1o4*gu(?WtZt>S1RJ$czhNcJI?DVHiX~I+J}PU?uV}JE
zcG5=F6V#uy-^&JaP&M=7D^SBwM=8QPgWN(v%D-XcrKt8H22^~z?9Dn|+_nGY6gblV
z+0*<aCH@J=#xjoopUTkxhi&0IJM;h4EpYtb>K26m3qtXKl!<-u5?|5<wy!$#@BfO?
zzklas`(N>i|66$CtK)x$C%)89|2sVKU$qOYT%7-(HnGVsn;5*`C7)RIMsC12Ni7%>
z=Y}MY<(Q!d5OmoPHZa(`o;9YX70Ppvm)+&jlmSC~Zapi`kZPL}nN+d0m7!j?bzOvA
z*ybrnrLdxMptI;_TlLVFP3(YWa$4Vt*F^KnCf54jY+`?RV3CBLc5&@8JHsX=6kqJ!
ziH4budZ$QXZ*<tEU!1ebu3Jw?3d+t4uje*8th`6{`(9ZB6xfn0l#mc)ja387&kzFW
z!yV!>0q!78&zx9zjIB-gW(QtnccqGnPy6&r1EoUI+>CK((ZeG&jzJY+7_~cZ=<dTE
z5}Rn2QC<c`orGag!i-#>eqQ_dtB(WRDxQa2RZL{R?&8jDsi!`0ACt~(QB58=(an5+
z+COkMAimNWJ;YoSlD`%wcE4Q4t_TWoj()rZO?<#ypU6L-*<Mx6pXd|UcMo|gly~a^
za-QIE`O&k5cG|)L2Jrk>FY!<F%MpSM<R|TpUEU>zrM5N3JaFCo{D@>~Gmi*hR(%2g
z={o)YDTnw!UYGxwmH47@{$Ii|u78Nn_b;e{lk;o(f+9Fszkr1=ffxrD>z6$2OI!El
z#pB@O{4#?5_jQhcaK%62*cXMw{sm2N{(~#n{^{+$`h0EY{0CQXfBD6}U<;0~ImefD
z<X@YA`};TN`Uh5g$;`gm!T#&_uRSN*fA9BCR>uA1C;P8Hvi~+n|5r%jzc?$t>}LN1
zGm$m5F>^BiI_SSq@*l>)|MZcuvj1;FGA|f6bk(NMPUrHn^72PHo>!$6m>_b>Z_qhT
zU@+f=LrE$S|56^u5^GNM(bge+`)2x6K{ON=IyCgi0IY?Kv1fwIj}`t2A44oVl#hs&
zmVEGYU3)_lgg_$mz<W#Zr|XhKiX-5K7pSJJu6!vj-T;EKPhVxH+P&~LqYa&F3~lIn
z9m!+*<Hw4n-5Zu$dEtUG-LENG8lli0Zjaw5cPoV<BDU7zq55G8FP)|~>Z88z)^5H*
zHVNB4TP!WiB9-&Kt!PvE<FqHg7~px`h%)-ITg*LFYw2o_yBeVp1mGVZRa<_kI<E5&
zk^t$s)M<4wE?(3vZ?@k^f*`#$bXB!EVHi4sr#n24-%oH|osTI#*fMN|C8+}~vGwi%
z&>^J!Kxn2=9w{cgNXq)b-}SFgJa2E{V1WT5!u@?op(7<nsmm>d*ZiIocXG1QT@)0J
z@>*Ly?{iS__)e$RftfgIBEi2*k?^uujZ7{|I%b}mu_9^kd2RS!1aCv;6ySJZtJP;1
z8(?fh>Xll&kaR2#A95*52&+1xV|EX8Y+ITLbcLyMOu>1iU9O>Hew5l_<j#SGFzyN8
z@kPc(d)v3k?W1H53j(mN7~b4JxK4(bZib&pyD*F6hyU33xwsW4aB}f_;Qh(Rd;={L
zgBk&nCw--&-u$`)<(6~Fl{dhQ<(#O6wH9;q$JE#PbLi;U3f6K{WQT7Zq>iyJ7|pqd
z_G1II13Oa~2_*|JnqyD7rYir)*8Dro{$ZeAkwf8+&vfQR`=f4@g&Rq(Kc)o^o!hty
zNRB@ZvvUiY?ZP`5bDx<VNmgl_Lc7|iQ~x+v@%j+xBQNFtate40Ul*C$rtm`V4kU_J
zv%n`7`}(Wh8TWu9b8V%;>pl4ugwFa*+5zW1g>_uivurz!(VGEqgs90=a)RDu6{D-L
zAl4I31~0s`q2{T=>!td7J{RIdQj1c+kP?~OHfLN7e8}A_fT;|KTlN_A>D$TyQhtbN
z+|s^*JaRf^z>8g%Bz8l0h<8D=liUT!p}X}NCgx~7I(+A*@XTzMSJ?cEJ;S@xraV}t
z{E+w7S+pWO-e~!Z_GDnVt4CtO6c+bz^Ieh1XKND4lPYo|JLk+AfO~?&UT#jUgU1Sr
zc#NYHe5xt3!q0Q8M*{hAfPStTKA!km`6z+VvUNf@jkg>uy+GNevJAT^84{2o{y~dc
zZ6uWnxTZe78ii{nJ{^UlVj_QCCbjyG(iEyh*tihC-6TIxnfbg{Z8_jp^V!^s1&=OA
z0xoU$A|16p$EQUd!GlVAx3q^mfLCdarL?`pKy5M2%_X^+V%z6dCr=Ci_jg19prm<g
z=i@Zfb(L%jMXu3ySGwwMchgF~_-@1T+_;O-#OlX~dC;7MRb#%IafG+2-=<A#<}!gM
zDD#u4G_Z9Xs{$(_Q!x-6nAf`Nwc%ya<<rHt#k|C|#kR$_#j?e-#j&)B??y8nOtmLD
zvvZpAcb2nK-bx3yPE%2Z{C)rT(xp$C{l>+{DWhS#$Mx)IiM}D;^Y+`CZT9C`C8yw4
zL06%kLbuA+x2QYN%rkie!YC0**}aHZ6yKc*l%endy~SH&Q+^yeJQExGLwHEdhGX(f
zgFOhTS$mE?oZLo)^<PEwcB14*rhz7GBOX%9gn@`@6;u)zNpKPujToEX9jY^Zo~DsR
zb_me447JQY!`$}u$k>=?#?{Vm8r5Iq`3|$?xV=dz1_k+X8idU-y5==00NO`yi-=U>
zMnHD|+r76SN$#IhI}SlsD>PfZ8zhlQw+GTyO4Lbaj<>BVeO|f#o~fRa8camHh%ns;
zo8;YS!Vq%uqMO7c@j^)Y;!s$UZ%@P|8nBD6xcEcZ=z;kyT&TUn&~ZiujN;*Q65}Yr
z)W$r=<Bv(RQKN@eHe92JnO;TP=$SmlY$}2(gum_nW**v`;}Z@a+&05O82K~m<K{CZ
z4&#O^!niojg{Egy%Ayq?)7~@os~9J>5-#kmtn;x%WK&I`03#foZk_83R$iW8T5sU{
z`HaDvWi?DU{W!Mo*Lmu~d_~<Py(AxN_GN#w*nGEzB5Fullg`@BMs*42b(WXXjsm3m
z_Vdf=?IXc5yrfKqv@VT){~$1YF!^?Z7kMm*Z`z}{rzP;de^;E{P+}(c30NwA&TFD%
ziR!B6NGNKu$Qhm&e+Y<@90^9vM4T_t55=oQHA{*^HkTG6@z|VVTS-RrB^Kn8-BjNP
zcL}gAg<Y5oO@)3Sh`DYX=Ryc6Cn}RzknMoD?Em>Y?QeBkP(eAXJ&4=@%(8ELn~-kK
zW^sW0&GL*_4VgZAWLf6Si2uDzp=p3I6{c3ylfjSj&cPNI^5tGBM3|`kv*Ze7@hQV}
zeqGio$Hj=NHZK%La^5|t5Va7FkPm@7r4nXrgrUIJ-ss+5;Q&S{=~=1~)vsV>d)4SN
zgZF(;1BmEQX855+fZ>p$6+$VEWJ+j0sThG^w{`aQ6WrWphSJ+>`@*<^*0nW}p)Opr
z^~#VMt1GY|W%F##OdjxUooL*^QDpuR$=1yW@awm$>XHDZZQtMBX?GxTLL4jJP*8}J
zha6Q53=-0KB7)&g2ROsvxcgRN^Z{rkM;Ck1U{jq$sueWSVs3!JXhnh-S-pqG8e(7q
zFBF||hgp^A`>EKeKGSL^rOC(aVRn^qHX7MuE>~<sJ*g<-_aJOE!(N!+Z+k!9f4Juu
z=FH>}Lr6IC?-K@R2}pHGMQ8c&_jv>j(_N#?*vlLg1{V$$Qu5y8<5P|0`D2HLrH1{{
zkRpa5?IjOFS{SAnM2haF^YM8Lcv`rgyiVB#|8a29i#Wt)r@O-i&+9c<GP2ylHl%H5
zB1QbvAmFX6{5BHaL6DHllwId@wPU^YW-)s@Clk|xS?MHr;B}JQ{nm8n?sJtz$PWvb
z$&GTDg~YVgAV_;s*w7Hx95WG9E6T~Z+QIvUO{jRD8<QaBITN3p!n5%I+9cy#y)rgO
z+B)hUYGRSZG8Z20S|mQ%;73et+wRtt_1Q$lC!A1hrSjM(m{EN~q45#cIer#fiuHie
z{;uWJ<+Pg8t(L6@+%9yRm}UAyQ+&~;?5+Hs;GyMxJJl`+PlU)LfRVDp(2uRF7S7+B
zEP5Bf8r=+&_rq#i^cYKiTfnRz+Z2^hFi`ZWND{eb%HxLFF#=1;<^)Zs=ovNX7+usO
z-tdjt5H(E#6D>2;DP!PN4C>(^pr`y^w3aJ50=V}FTQTk>UnOG<VHXPKePD+g&di?M
zE1Fq0BXlUNP={NeaYBgo3f_i8P`d;ROA;v;!H5r<1+4g_*U^q_H728{_&WP@`lIOU
zTdLsabCRAG-+_9K8*G-a)qbmZgTn9q>|}_FkdhOa5-KF3qEkaY`Aw`T(%(VgMhy=>
z>1WnRd5VdzP3Igt^Nj4C>aWA?*q_o@P}@^jA`{K$66suoWSbrj*l_owPNArbE$?VH
z*J`Vn9Z-T`PQ>4=U4}qIsX$3M{3SSqwplA<Ru<F$dM{o1S;eUy*5L2jQW%vqTJP&Y
zeWMh_P4&_=AZ23)&2l@yIF$bZucFCAPU02z7_5<IZD=;8;gi8E#~G4MHUVt|Jr8<;
zupbBl@@GC5$H-g3+D><bw1Le|aXN2XjD&YO+5oSH4H8=ZG~#6gk`h^lKxWn20F!SS
zdIY)Wq1?K)@yTChse~$J)7fY-BLPjIzf05gTUm<h`6@eFHI70piP<mZ!&u|y0<VYF
z>L%5YGJWRm6%ZdsjEd~t80sFPNtbym9g%B^P>RSPu7K)(BChy)&GS+km-M7lNP0CZ
zk2}Su$D@4pTD|wf6V-dX3ap!jy_4^5L{O%ZgWh((>$S=mRq<4aF#to3SKum;>3+dl
zIk`}77oz)DaVaPLDYOEUh|2Xonb@-x6%krwRZe^;msq=jp|%E+6-EdoT{|A%v%>qT
zr|BU06Tm`2`yvHzov@~K1zdYyj>Qhw(kzGNyroj<)(aCwugqC)S-eEmndab%Euc11
zWg)BGh2J}0Rx)kn=)B5z3pur$&sVlup2I?hI#iTj9|q)WuZ2+2eBAC|^@j&Kd}O5O
z%JeyHvNd&iIe8x3#oS%DI^}1aZGxSX{We4Lcrz8fVyBwsadGD>ZmpXbIqfISb1e#O
zEK_}<lY1de%CUc0_v@;g6_(?*E`8;6&<F(l(L&NM$jhzs7b^>CWM|>cO(Y9pI%(o+
zD|(bN@O1183ZmoE;xF}a2A-NG=(WBcyKcI_JPgB@l2kTo%tw5_3!dm>92_x>zH(Zx
z5)q7_!Jc7OgTKH?dx7%zD;|w2gKEHahMt3|dK=WzXxhO(3&+(+FO!C%!+?W9p1~a=
z?cw`bk)!Wwk^kL~#5jKefkPE>Ml=>F5!MPog3xjv`4vb0eT!1_Mg*)N=ZreIW^I+x
ze39LJx^+AdQD3rl=IY>1DtaoWDq4?V1HL*XUof-_vl41ccIgrb@-(ToaZbF@Yjbn0
zSxxV8Sh)E2MRiTv@|QqOXQT7g=89t$>G);l^-|2L@1V7h)trp>8eYp}jNr`;+Bt&P
zOjfC~c`nG=p&w857OZ7W0I+2e2Y)_%qN_4s-bgP@pFBj^+NGb_mrzQ_g_?q2te!Y_
z&XBgwq_~UPN=U<TS-;PXkGm+4l$jinlyDK+^od}psR_}|<>I^3`D$$|z~Mbxr~N_d
zWpk!WBGEOeWnSc@`HE-1PamJ(_k+5F{pB#A>K^jN1U(SZ-wclP>2%V(xO@3`6OBwi
zQc#09sLB;5sV}O*tW2;S>GQ8au*zXMuvQMp8N}@Nb;xk%AT7BzhRof(vHj`&n*A#i
z3T{$v2fGZ`d7MLdSK29PGZP<k9}OS3u6Uw2qBJ6Pf@bmtk_wUzA&XEA)K;D<?h7TI
z)aLT$gk}*%4Mn#&C3HmsH3Gd#6$yH1ZRD;Wn#d^3tumC3bQfk3(t+4`I5I*%MAhN$
z_w-&29{b8dw6(P$iL{zt&0kd~_*-+$eRE$6r9M5wWEe7e3m@)ouUpUIT$9@Lyx#`Z
z&u-PpDKEk!Ec0KWm*X;^^dRzjrwn?O$K7s~=2+5pX+AMwznxLCt#iWp^>8yG*OaBu
zcuBk9()TWIL-dvhrUybG5nrKBfCv>pA;;dj#~cc}?vFS=#~enja<uAtBRvl7E)PF9
zY;<~fd%ZmkcY2(MM?)5}8}kw(51v&LLEl&!vfc>2XZrsVs*BAW2}Y7ar~_3XHcwfw
znR;k!Lg0b_RN^c7yCUY{anogn53jAPzJ1Dx%uBuH=U>XfhXznhiLCIx9#oFuWP?s$
zSW;``WCE<U93bh;(0Zi@N15w<m3BJdw*dnATbYrb_IY}##G{A3mY~>HpTrvke*L6+
zh=fOEdt8Kg5r3%3;`hp}#CzZy{*ibeTFLv+;L%$Qf$BH<+P{~uD>0lfx+KzfF{Kq4
zG&7$XvP9T!x#q~)40t|@Ie9&Kw$Nut^~^my7D2!R`rIKtd|Ezd|EaXSJ8d@*ujS>d
zSvr0%{*2GKd#yM#eN^4VBb<IsDvr*GD0JBy)Wg@9vYdk7=G=wI%69`<Ga)6z3xSSv
z20<0|P_!kh6SXxV&9fXZ$<>>d;fYg~ybG|p+N~1;%IVb<yMlhxWl=$>aIatR4vzzC
zl!a@u!^{+`%YiY6EEA`T(+i=HBlp-uf^yiq`o_2gT@sfL0dl6N)DH+!sR3o$!^9@q
zC8Ye>A(#WnADx4PA4aUWPI6C*l|S_!B=gx{_t2i4i8^uaZvsftbL(o0eTEMoCp6&B
zK*HUI_j`*fvUe$`_pcMe<Xje?<I=BOH8dV?lZ~J<_!ez9Y%r`FZH5mv4s6gsLlY9A
z+JallyW+X`kHRBT_(Gwpj4Jfn%eu(O8$WHV`)3>11O;wCB+hvaKAfTBI&&PqiIFwe
zt2?FY?H?!*5k52CYyN^zh{klx6{76y88=);M;!=(PR&^+&c;5~)S~sH-tR~Lfu|tm
zt;S=XiTR!JBMSG-zU7;A$Rl785C^0-agZ$|8>50<A2nDfP=6L0Y4&3{nOOG6izf8m
zJNQVTEG%Zs5_sWW%B+^Nel~b2fRVC~r!J$_tDosKUms}TwN2AV<KI{C_*`n*XC&fe
zq+yu;UJ}D;13Twe&GIs~B9iB(XErz8AyLml;ZOFBKOYNXA_5hm0uljijjs@~y7Wpn
z@lWv>DM}f=r8oD4qsM5>Dal>zi@o<BfmvooZEVu0gCYmkmb5-2Eu7dz#~4W<H`GyV
z4pyL4jvUD30z@pKFjH-D71Ngb5na)7d=$>WsF_70>>j$(KnjeqGwYw<d$4uFZVEbu
z+NSH0gcw8%=TzM@okE+_?{OW)uaRC;zLamxPYBOyPja%UUP$|n$WQj)7KGG5*CL-E
z3{VR`D*2NZdy^em*Fu`TC*G^xF(-lRurHk1OaUFhGS;bnf(e+r2s=_#3n8hAeQ1xg
zB2j$EjH<aZNxe6rT-3osg2ue=1aw1SV1KK{x{f4PvIATT`?{K39@=s52>ytFpd>O8
z9F8Ji7!ZR7p>PM(1SFf@G~X&i#No-xu;nPx9Knn<Z3HM&Sc0CC;NVlHK#3`JUxEmr
zaD4VKjBfc-h>edr__WrjSPB1h18<Jw8xSP7LUx6g5BDroFF-1=oVBjF5LPZO(bgY!
z-R0F+_jUfm^qY>ny_$m+&l>}qUHi`TenL;K{t5Myo@W3?V^^{1Tdtof37}Cizu_eF
z#mhUcON*(-h+GUuvAU^;NZ+YZ^X`2;aPSE=)LS4H914}6^cOuxsx`xq2+JXPqC~9_
z2dg`*VNVojfMLz)GwJXpJ{wdQP7SR^>*MCoMrCChV4>S1XiYkIK6w&d8Z^iu#S7vV
z5dyx2z^X44$m1A9Tv>!oekz4rNdx&_@^_b&vy|qef3VkkM3&*mG7b$w4iYcv+yRM1
zOKpFxWi3d+p)O-Q3YEpQm=A^Rz{aplhg{jaRXvr7J~q8YoJ1w$E<+TV304y1VCEV%
z-pQi?Xu1+QAvDm-Tks=)q2dZ9fRvU;EPPgC{5#}eMJkj%xFl{iE%_IxejMD}pa$K>
z9$@@HWfGp&COb;QeJ^sLD6Ykn(G!(GiF-R)xURChTMR8`6jvolJCia(5u6qq0XX;-
zm*$nptesJrPNOPQA9)*fJ1Nr&SqJZA8}{MTPkRgL6Y-35OQ5G~d{Q*5C=#;+%Jpvi
zVy~lHRc2dKT^ifC_8f8NU6^9f=@7PZjPtY{sPb388-x)DDi34?ob7B2$?0q&46O|I
zoX45{2BN{gA9d`)9LT20Pb1uDCxy%o0daut-QE5J$Q5;gK6SO$ixuhcu+M>#wfz(N
z_6`o7h^tcyou!x6fIOC9H-Tp&*IYna0wXCeavY0q7uYVD%_GYX?6J_`a=h2pYs(8D
z)Kyw4Iepl3ZQgV3e5ipjPX=Wl_U*0~2;y+dWUnY|uNQdioLU_tebwco3M`J^+x??A
z%Y{fzvk(xXH^6{Jn7C;Fvk&qZW=f8q%?#vnJ#gT9Uhol2Uq?JVa(omub{~BE4`)0=
zo9@1pVfO{XhG(1Y2*nM8Zx~WuRtk?EvK6`p&|i)5FyeuKeIsRc%L>DLZR~pZJY~(*
zQStn8?oEHApk2ZZ|K?L?{zw*v8TEbYhXnIVn&olA@0HAs`fOv@yD1+L@xlifIAQ)X
zBfnY+h3XnY?gu@7&wcWBo-q&1?Mzi`btnSEQL2NF(f+&H6sj1Ft(H`<XT-sL^L;&U
zlBij&?_0{}#cAge=JSo}e)sv?2WPgYOTKx^wxe(WnK8T!sAH6e3uC{SUV<yZK>$$>
zJ>05&?F^euL`MJ8#pST_{yEc)V%&^<t&SFvXLlC}lDltDv>LgcI$?+F1$a4dLT^wE
z-oxbNLh$3bv@{*EN~_(vre2o6(e*+?EJi?ETQS<3NcTy1rNI5<I7Dk983HbuvE7!0
z(e0YN%kyGn#sD+h-oHF+`DJ^|T6<w9-=WL%w33d@5v!TbhltPfG52kdjwPe;#8z)3
z@8hwdF8sP#y|sujixUah(LxlH%Gqrwf14-|EZZvW#?suty%~|R`YeXR-HC){3qCoQ
z@qW`{C}8I(qqvCeTDUP%Ft;L(kL(w1*BuQn9$X*a-qHwg@i$F8p&5GKe;4D&y0f~F
z^0W8~<nyIl3QMy!rJw)JmH21>+B)jA*;;$6rBY0_y2WM7=k+jPi!ZzDa&xPx@%>@b
z`<P+9(l(R-burxx;FIf9;6sS}pd$>x((lT5gKdEcaOX3SzOK4>;8|UfSq~De(J(|?
zrdti-rnf;AjqXolvm*1~^3VQeFLoP>dzJ&Y0l#Qmx|+^op3Nrv^MP$d?m*1JqWf=y
z?$6a2y4Yd8QRwY#1PWenu~1MBa0}+<Bcx*!ly$qN%({rdfpILvY(DXFG63+^>N+=0
zMuwiJKUok5B`cxkSZbsNiT+v&o&>OFEusH=3reWGK?9jB66_`qdoVzqE98h=&Q=6-
z<yS09U8*&v$@i5=O405KN@x>tyr5dy1R+~7$Xx#pa}NBvzdyw_k!ED-t}p`^+Tkd_
zPZ(VVV0%<x)MHOIWy$37Qqe<wcI8ld9cK%pOj4l0#FtP}3a)IKu#2V5%5vYBa|76<
z1f{YlIa4uH7t_v=fp>XA%(xSf5rQsuYMZoA<6V&Y#<AQZs3CdwY{ggM$V~Us!y_}n
z=EfPN#jV9+wfErYi9-~(qr$$e)w$KR-835+Hd0Nd#8fU0azCQw0F3HI0y2cZ#=ZkJ
zGMa>)c)K$3WNyAv2s60UIOTAwiI`&8BiZHH<Qw+ar0r?cDO1wN8N`}eXX$V0#~qxy
zeZmaG>{~5b-CGX~z4LQtT4p+C>K1Aio)VvF#`V@Nt%#PZR@RY+zp*ZkxdeWXFk5fy
zxPPol&(coC%|)E|Q(4h=<UrKd8UZ#|Qq48u!iciI@emExs6ZQ(4(4=6fXbi{LO2=F
zXblw#MFkYgP{~bC4@r~~c*-RZt4-q~n;dQ8PD?w&ZT`@>H%pzg8G$v$Q2AAZ)d7+7
zuJs;L^94^YZZCJmef>yE5ZYScT%C1FROebsTzWUXPf{&aZPXf{uTqWrTufauo>ANH
z<YJQ|6P_p$Y~CP=doEPBw&oF}DF_yec|lt<r#po%i|v!8TNLe!EXZ6a{Y)%f&6H{F
z858(n&9azbk$Cu{wN(a-L2q__zQrfd{8Od#{LS5Yn@WG1%=a0DsH^AXuge?HHYg|r
zPm~F(7W|OBkUz9YCSOq$G(EYZK#H7|u13y<ntrd`wmxcQC-^5mH8KX5b??fE{!RVU
zO}yxv$#>3BH4Y_n>;5uCu=(u<8562Hj#O~H8_&fKp%_FME{o}68Z1?{^`D?4o(wJA
zZq8Q$26S{o=GvDHhoC5dsy_x4rjaDj1@lxF8ZS0p?;I;VBP4b%wX|tSDKDES;#}1a
zI<F@BpG^ndwty-_o<D}rumv8(z%xlQq1_83k)E5dL5W^*Z$N0wcuP{}*!95=PyURm
zMypfHK7f9=3^<Q<rQZ}WyqRNQ5Xq|ay=Qpi_3~TWyjZO}D6CvxFQ06eiC~H&m<N8P
zrMp6UMHBL$z{gwR??8(UrOnDYg`S}kLx}QWn$l_oVj2k*<x%QWTE?kHC?l@%xajd_
zgeF6n&c0u3*kGsRqrt}yBL4^|)QdMdl9??u0dG8||FtAiaBY(3l#&aLWnUPJg$biv
z@Ei;gYzE(p{!^Tbd84og<uTUcymkH7`nCnQw&67s-Nbt85{o?s(7M;&VOz6>hDdvC
z(By{W_#64liUo(2!BD(*CK?xfaasLupKLGY4>JGWQu1j-1n`R{MTkP;agS7Mai`nh
z?T@1i=>oGy3;}OD6`kQ^{P%syb<IYCgnBaz7$fFnrfwn>Q;3W;KeIi5<mq3Xbo*rt
zCsZfJzu^d@1MQdzeGXhtUiF2}R)cljU^k04b8Xbt=AroA`Q>jtKnJ;^oX{eMNlZZY
zL4VMRwE{s7PZFG;+aOFp0hUNXT%^P(AI59CeWi58F3u63716R<QJCJAe))rSEKh?y
zBDtXAim<rBXAg{e1KJV-4!Q)-kU9JI)acY=JLJ`u+rN4F$NZ8p8AtcHRv(@0sVLgJ
zUhyJawR=-kzU!l2G#r&M%@~^0+zOzA>9ZU;6a%iL?(2EIxOG+ZJ++8z=vpF%iVi6v
zup%DdPI8bw@(`bP(cXrhZ=cvX7?%Ye8J4?{{vN@jR4h}UquYbSGZDsf6A{cFLyVey
z-+!4!fK1-@G|F!!<EX0x8U}ME92s+NgHc2Gy=F#xNz?}>Bc=_`!Imt+6*z1uMaU~{
zLELWL<{ioW^iKNq2$g+v*dJLXuyMPCzzGOpazpUek5jWf|BJBpA;&@g(qvn7%zPvS
zGtr*3K=9K%mlZud6b8j;OmrZ}64P841<w?nRJvp4jNJ*1)rst2P^$7whT9%>H+hNq
zskxVVvj}r@&d(!n$DEW_f_3Iy5*Xr{tFaz&H|XxxVBcVY&p3GRhNv0vQ)?x*U^Y}j
z*Blo`6|vmnq*U3qd5dPC!CN-Ex$r_E-G1hj4N;FbKib$m3siGj!7S8&j^tKGTsQEF
zl*hztkyaDJz5zx?Jki=z@m{BGqn^`MNCwBew(qdvU@hEgfumAmhtA_+ry*|;t$Vbq
zkS|4*QLXE7jB=^pC<ahUsB5VtvyznvYRcmck3Y)}>p3G#Mx5gW$k*I>D4w!lH$RkG
z7DyVk7~{l9Q%h?~{aRVzy<EG*|8$$*E=)2gIi0U&y8NBzA(J|(f5ivP%OUYwR?M%k
zZD1ORx|!SI2po9+77RCnzf1KknEXUBG&5!zwuova%fw?ii=!lxLWyq1Qf<v18Ljsu
zhDYrpI=tufYMP4B`wr$F`J&Nh^6!0_{~kbJ)6RB}<9>GG0npOCwq>hP>j0x(wyCD-
zD1ZN;o~8TIQtfb;+x#K>SW4_;ZCYoDJ$S0Grll3Y`7J;nXNXTWMVA&yoO>1_-)STE
zq)rh-!Vu+opq*;r!vH9^;J3Jl2<XFbS}CSo0iEBrRQHR?1}Acky-yXJbmx(Rc7Tn)
z-*0VltZ2%Jk4(GnhCXu%um{V5GBv}=Lz)dCqib^5;n4z?E!xhUQlU-GlZk$mKSW5Z
zF~JtQ=yFrk@DKYlZ&`)rLh=oyF)S17?pp^f%`o|g!2en98OF1kR%$vnmF<RS`KH<V
zGeDB=)NMlM$khK9-#*^_PS{mOLfUeU)D{bw={EqvoVv@B<k17f*Vy!iBn@~#yh$=V
z)_l`EV*GsF2IEl52M*XVJ385idJ?<of5Y?%w5jaS+KhI+0bH#)$&XArgvz=JO^*i?
z?;_*B5R34IVHn-<BZOOk$WeW17I?HQr8y2_tw>}9`?lGB7GTKQkm4XMdyyL4+P{Pa
zdnqSbU}o8Re5+pK|I>W(@Yl!erN?P9QS=>L0#3ZbWgw-*bx*f=0sO>&?uonckS%)n
z+Dq{j>b!av)0vAi;8yvvx4Z;i;2Vytk+WU#T%6Qj_bN?|5|K#{8Xb5NYJ5Cu8648V
z2`wbc!94V)aS$u;CO%sd%&hcvrasDo!5X)+U6hml<#$BFnI>l}ecldJuBeKvC;H$y
zTr!W9l@K9HE%^s@wEH^3H4{ywx`R;BY1Vk5X_<yH`UsLYYZfk~gkWyA8O2Wz$DN;%
z>*|xgL-(LJs%9MP0&f?dM{0E{<YorP!q+8IC{r9C9UPtO4<Ob_H%Q&tfy2h&*S)>u
zuvD>JBXuv^LM9n(ikHbn$7YiC_i)$X1t@~TUO07NG4OvUVR>x#Hr)ubVm!NZrv%HU
z1nDz=CyX?!d%)~ihf1gm-0^|ma<2?bLdKYG0M13TZ;>5h+`!nqzXjjfdPbyo{%wSa
z9km4DVeo=~L(sng%cfz=|09~CDS%3%D0tW#!`UP85(~Cm61_qlWK$irO7-JVJ|M`+
zu!TA4Ow3a(6N*B7CzN16=^;kWppjpdi~V9u_;(?^Z2~|FqF)6P9e9T_^NU~8e16<0
z2XO)e!YKdVYOOY5xZ-4VYqqYJ_=G%f)=Md@N8nocuhDkYU4qvK8(~G)3)^dly%qlo
zJt<EUqrw2av41UzVQp6DvZ+;a^FWP!B+oFWTrK^t=HzkY2C%m?*kH?ikTrPwp>NoV
zjv34Ni|s32lvbweXrrJ*M_DA%N5~NZ11R|7!t^M;qZP^Eo5|-ju0x{Gh{&03e0_L(
z8wY3baB(vrW?pSS1Z)ORtk=}4H@kjrG?^o`J?ImaSYlRr3%?(x+s@lIA?nw=&9pg3
zU{>#JE-z2lT*nn6;0@EfV)8w{ZV5IUWTU#9EF1#_csoy^T^1O$RG@5&uwJXY=?B2O
ztqiJtP|aA0b7wk~VlY<=ky{0Wmf$_j+zO*FgxCH=Yl-m$8tn*_do?{FW6pH0!~_pL
z5^UVQSb9d65rHg!h`xg)wh+#q%9x0)RnOO-c(zbQKL~t@4sgR~GhtB!?8#tk63=2*
z9=LEPEenzi@nLK4ca*`w5VWH0s?P0(>pf1S)I1_V;n57y+%M<cJA9Xb4^K-A?-`wX
z?+u#XI+eq8SDBWzRb_3~e>@c5QC|&SH+bcC*w@y8F*p%KLl`Znf_!|hF|HV;-Ktxv
zpE(~K!Pl_5<NFV_X2u@8-ipYg=!~Jn@uSxMBSR#z@rcEi&Q+(8R2UNWvsDkat}w-2
z<<nLMBu7f%72F_V`7l$|x^BdJ;b7?p)?Tby7g(ECx_iwm;#jDtUq}HdnTTxf_ZmBm
z+Q*e3`Q!S`RmTdS5O94s4~nOxSao52I9~j!HB&*8&vnFUHwQsAq=wfTGxXUPVgPGP
zY?22CY{O;$`cJYg9z&cO+ZX-$^5qv4%H<+~a-aBin5`zO@nq90MBA|FK}sv4M>?zL
zUFEZ3!mHK1O_U*PuB#_wC?tW0C(!UY#**BQ>NdP5<7b4`FqC2K<6H0TrSB$@9hVD&
zrS0mKvy1YkK5gTy7HkyrSyFHfH73k{+=q;S0%uBZ`^;m)ljMuc!spC3S^m5OPfkh?
zZOz|MiF=i?M?z)8=9&<7=0*()nxcUsEDR9i4`}HkZ%vx%QR8GwK^2kT#ZN@Q`n`lD
zMY+%*skgY#HA9*lGh?#2y<_t7pSWBz@PRR~5@H*RHQt8n`xo-3mH=M6f!8OsVY0$?
zHKgHMfyX$V*s&gOSKm;G`&o(K?H(w=z3p|0ksnNe))iu`d&~Rs>x6~st|ygu+lL;4
z3Te-Wdo8@Dw_Et(D%Xb=pK1&{%nkE|BfV2r(&E4gqS!P!Ky2E32ob9o3&NkkZ&N8U
zd-1I%B${J~85zoU(#?*|aLqC{7fb6rQzs#Tk}a~$YOgyV12po3rY4xB$;~5dpd?o6
zu%v{(xVA$v88+QcDqIU)adg(NZTy*@Xzq@ZhFCeH=4|W7XyZ!a#-e^SvUNCQ6<w|0
zGw<_-*p$CHJFebQuF3IY&HI6Igzh|uK*CiL7nTGv7X5gEzUZ<XbJM++l(3z~S6V)p
zB+<mM07Q5`U=9!NUbY=1Y-Zf-5b}?OH?BJnDP9w4zQNexj{Is+C{GBZKQZqTg5ykG
z5}pt_DR-;+g_aIF{shP5{~nZ23S{VooX^=4xfjj}v%Gq&<+9o_B<U6UKqmG&<IplL
zlFv04oQH`A7lr6+4mOrU1pD<BLqX&Bl#s~*&S3|c-@88!wGwdFwS#(O{4I=m8ydQ}
z2l^rU#_+NM`r+_>;StV$VwweCcasm}QJsjcr@1sHkzHODAnRQr>kW>DQO2}$qf{rl
zA%UxcwVBt(QT9rxR=hoV_s%@E7TWBV9R>2u@6No5Rn{!uCn4ZgmOzzX3b{5KZs+v`
zBx-aMHWspAuHCAxcCyh9T(x7rOUHM^&L*`ggKmLg+ljOYzyTGu!X<$pLltVH!#IVR
zvi&+J-l4c|RKp@F98q&d0wGEL7qL8LwHWj(!*a^ktq|*TXTc6|i3jU1M>LY3<y-{n
z8b-f*L>UqVlqwn_gW4g8^4Joe69#7r9e`}j&en_t2X|jH(B~c)smF%{6X=mlPliU!
z>sidQ>8^?`<cB<fH;w_FyzT`<t?3C99nO-vI(Q2el=pQ;?H`Qi`mTmWH+Yg%)78S1
z5>?;IlABeH_3MQmE#>&ATCk6*epu(-J5Q4IVlX@pb`XUi<~SCL<#5yG?QWb*ZGz_&
z(FZQSY4Ch}p)o4TvQ@;V{8D-R>aB?8eEg5{<@>Qe`1;X91VRKBQ*NDS;8~w4{o%di
z*wYg7QEZPzOwcOa3M3H-cr++@j0^A2P5!L~;d<ga2bijW=_Q}=e300F3ze0x(9*=i
zhNEdC9}=o#4MoCHCvy>~bpx#)LRT(G1#ld6kuD+6BB%kWJZL#ykGqn~Jw(+%Fc*qM
zy*B%ka8J}lj@NSSz-Pw~3#p#79Y@Wzi3QlgyBWub+|zuZqHTiI`GStm>!#~be_g+8
z<D>C|l;yS+lTeINhQPW}!P*3q_!>zFx*c&0n2Fkpfs0S{Vp+U*!%qk`3_+pu%owFL
zc}q7`<%)25H*bhl*^+9IJGidA%6@ex&<?^9nI)=eZy4PUPM<uk#PDR^S8;74BV!{5
z`x*N*^UCj5*1O=KmidE?Lr_NNbe^Ks$7on6`1w?nA)2;zqNyHffj^VA;k~K*kDDs}
zi<-p&(F_cI8#@ew8+|M~046f4<E-qt0v*DA_le70XSd=tq`9|-Y&SpU^I#WHv}dPQ
zst(?+7Pq(M-QC)BBz&)i=bqjsguU?MNFse5VH*pZ^m+WQ=jmPsZ7n1_%f(L*MdQ7^
z!KhmRA)njfM6ZY$m-=3wezpGR>7Sps-LLvHPKVnOz5<R%JuA^qJ1f3Nz=kI?<FJ&d
zc$0(kLmfd}-iAu3wp)WbY?qT~$cEk`L6cqc5rvg#aG5dEDkc`;sR*qFES}TIyIe>^
zn`UXU*$2S^j#NRyd+~$}P^p!V&VsB(gAnw2<(NJ(8Xj39ob>c%oFT;GX#htP&Mpx?
zVI%8mFrLC?iid!u7~Y%HObD0=*-`%t4GnsrHdBEHlbg|BDwq2&YR{N#0Pl;>k$_N;
z(jqSGwephG*))Q-%5U*zn{X#3c&=*12*|*k8w!3Jm~jJc@LV%Szv}EURa{SDK91Zy
zUev+A(7~oGUxvtMOuY`hYVTV9{9R(hYX?#z4n&GXnN=;x)%A6VZ2SDV9h0wg)na>_
zo#Q!xVUFJn#)X3f#G2;!Vp5@C%hfXEsDu4=$MN``7UfM5tpjhn6J|5LRX?}cSz-pX
z7mHvUkl*S>(-tC{>tnb1<Mo=#prY42lNq}UDObDI>8{K`0?H{nKbLt4$AeKIM(#Ey
zAN+?K_+5KQRssq$p>;QsZr+k4*DBmOCmf4(z=!9P3Y*Y`Sfdxe$C{%r-6LbWE65S;
z&TMt&j*oMtRO;{r(Y9ch3&ao}^rHYe0GuJT(iF<=lm8B3m@bIbJUcb~x1roO;C5iO
zZjNKmHSN(BCB3-RkA8t1+xlt9y(+M*f`Ci8ev3D8u1%;n4gZHDjyzB5%r+4fCPnfw
ziI_d$j&oXjLh2~_4PtAb_VdCUQIOSFj(T(|@n(7b>BYQtJXitcF~4`w2Y;)q9s?2U
z8B2!=mnA%N6~{q(7N;)DV@)bUSTc9Ack-4N#wq%#c9W=fSLKS!1fc;_!)3kx&GAls
z4=|PK(sMxFdHq!5^eG|xXldBCeoO!D^-2Cl@az)^LSbOqGuU(16W_B1B?fg4^P*gX
zzfSd}-s>nlLE=ur<lbNchWqDR0SP6YN9u2k%k8)A^bblt=&i+E86@W;3`oJ}SYT?P
zi@aMjjE?WD<3#_p0HD?{@<<F&8)_0tx%#~lI{ONLZllsM%Q)fx;p{Dg<7n13TU*SM
z#S9iRGcz-@#b`0JEV39|%*@Qp%*@QpZ0WYYGw0m1XZD?mxj#BeRase?715QU=;y7q
z{wSXR(FYqZj-E1|szJl@`q<`dB-%XkPX2c1K}fN3Bs|3^=7W%Slq?)aJn1O2?GbmB
z9I{6<#V7(hgqLab?S;#dcL+JmiN!4n-rUcq=x7<0x%;N(XgOjOBG@CUV%T;Yd8!6p
z5|jW-NtL&)(92RYV>XXNPf}7&PPK4cjcM%6^2~C*G7OBgsFp)<B$-c_GP}YO0ODHF
zW*Xc^qS%>ZrN7!R&6;PZrFx)3I;Z-`ix<*b)H1k0Jz!EfT5_p1pt`3vN)0%DrJNfJ
z2gH@asJj<5O<<~<{4`Zv*wB@0!;NxWnom?$rJ@Wi`BOipi=CjR+FR~i{kyic_4KQx
zB&nUZn783iRd3mvw)#@jQtp~r-K2?BMeJiLF7(R#V&^sh<>iSg^BxL-K+ryy$@=yD
zv{tL2J-4;Aa8frnVNpeu0*mz$3ty?-kpW@B3ip&NlE!rsf!dK0+XBxz(eraV%PUX7
zr=A9IW=dBD(3R4SEbG_ZDQ(d%q3ZBK)tq!)Qb|~1dQ4iPGP%TNA7^bCRE3t7_iN~@
z&Bn2Vdrr@uSEZ~RU6Epig5y$=Edh-JfWqoXF(T0lkF_#2CCLvAsG==Qr?VAP2h8}7
zU5;vP>ya2q8uP%Z<u+Sdm4%JzGGyr}sp{zORF*p~D0)bZ6$Qk2On=jaG?7uY*pT_*
zYs{0EKd7s#tg57cZrYcS(APU!G{4kB3GdK^08Mzfd-6b<5SMb`Y@+($EFdG=V)mU&
zIC4-5v#}F>b?$(K0?nq?GKEs&r>0O6C-QN+q$;aa1<wALiZOqcsoScwRAk6LHD$4-
z5$v;N5#}+08k=K*0R=66WoVRE&7nA|f<`LAl8P**30)oWs_6%Snk=MA9xPR5DGg=O
zSuq~rSP(<HmDB<pyS9I!XoMdEX>oZeDC4}PdWlLYH>*Hf(R^Y{p?p$NGp`OPQ@51P
z#-gSww1;AzipoN>ZL4*GjY~t@JU9xerHFHv_D(ANBFKjHsPtG#ZcE{k|7p)xxKk=h
z1L`FWark*vP^SfX*M(uHTx8duFY{7jgFrw|4$6XpIwPEtw5QuiNrw*^S3VpHLvTys
zme&_~0(!iRysz$nIWy`5-FcnDu@d{a&laEv9<m`JR)tRQ&MsiG#Y&?nMU|DbLCQD;
zPi(fOgMDAZvN1NogfK-Xx<kf3fOJOjOb{Z0oVj$A8_IF26f|5>XJO%oUM1z+#(i+3
z3uX%baE1`2;{v5gr55Il?n)%N${ANfn@C9&%?;AJWa;?tIkjhDrHYDFxr)@#NSKiV
znW9Zl>w&fERaLJhD=Hee^Xgiu!qV4hO4X*4ZiBC(mnQ`Y#XFi(kH_soCgaEFy*F6k
zno^UPq+LJmo6~bNg#p76jCS}b*%4EexO^VgIUuw!Ot&!PRC#rPi1yIY;q>+#XsN}(
z_h03VM*B11Qj^8+>*+MjiSg_tuIJO~?FLe0_hUG^#rua5qm+Syu;O)<nK=%%gVQ}?
zCTMV22t`;aoGqL|C@A~q>AgIdD8H!{m=fM2e)Xmk896e;B)r#vzvK-W_h1SeEVrk(
zpMxZmTB)GZfIwg~arqhwPFC*(K~I+;(UA=Yfny2RiJ72A$SC}%o~hmk31XE5qcVUa
zwZgsNF?AEOsf<fe<|wQtq&7nRDc!<MV|!mr!|8dy+@6CK#F=-OFixW(C1z@qD2790
zB4HyoSqx@kK3E)K;KaEpY0mtUGvhqQBE&$`T@xIu1$s33y_|^i{>yW+atv#JOas^^
zD7gbxi?G;H<VdSGjgFtoCMELzO<&zIYPBESGkc)oU}6^JSiv4@6dlDmp^4XIayb}j
z9-$c=K*FWRoG@wB(TQ!&uclj`s+|Y1Lq+U<HFEW9g}Ln%NQkM)ey^Vq1(u!Q<sy1L
zwUt^;TWi#5<4`l}((romAva3$qNUsy6*mo1%u1I?JRuE`F+)Z1JDZHJX~BD76Aw&J
zUsvH{B^*0Qnb)_!T9r_jl*X17GpA_kjnUu<{SXD9-z8`*IVHn+C{i0%bgQ=(3OB7H
zFtuSNoWln%upUgCn9922ai9#SBC1=B9=Y|}MUu<ZpiyK{XV*D#K}LRHyZ&SqDY?bE
zJgGy;`3WCs5)pSR)oqEES-|{=wgi7I6vSmhh0~s2DhDBwR6NWitizAP^+$u|ZETxR
zvrlkTzDLl396`zFJ3^dozaT!j{<v7_!(c?(mwCDF@1MBk`EE6F?^*r;V_AexmU0p+
zh_|}xxOZ4X(iRkIO8#%uBO7)-^4(ImPX?q1Lq?=6uxh84og3T8{f>6XU8p*7ympc=
zns$<xVsv9Tz81qI>S~nyI7}m56vlD9F_JGQF_NA5OqBfKOe5?;GNb$;Df_(<_IY9v
zg~n!ZpOVKCmpU&~g5tFpc$EB*cq6(qvA6Nlv0lnf`R}++B7lap9H%b?FP{F<w}`-P
z2yjd67Y&5syPjV^eU;5<>WKG;;QZE!>|5;sV5xh*yv=vGCagm)8!L_Hu{m!Y#lrqo
zs=%5WX{o@O8aAqcr=)<W60y6(4NlrejTTiX01Iv+l*Xk3dxgC(MyKMBylsh48u%D$
zm*8L6CoKq$XS7hu%<k2eGX?id<DYmNo!nqMR35}I2bUcF@dN-&r_S#D;`>~V5Z*Dz
zzQ+kU%@Jj+cdnUPFAoW?knmTe+Nr}{mGQS9%gF%wQ})9Jqs{dXhtV=cgMcDh`{hSw
z8+#X5l%fXgo?4Bjvfrf2e3kZDTC~Ebhq+b7oy4!o4g?AUzqoDHT?>BDRdS&=s^?1o
zg=Wny?8ZwG%szPU+O~+pg8+4OcB%Buymn{imu7!yRdcfXg4t&iHyLqk2v<|#G^Rx$
z|45a&^(>i(64FuwvGl9cJl2x^!K<^=se(5<-fQQ=G(q5&^+oEqj@>-Kirum<!s9a{
z={=8TKdEUfZLH04;=oSaRNVO-W}y~l@T_e|3r%ACYDP#sacZ#aN1n5#FK1p!#D=5i
zA}e4*=_J<Um-uCBef<gx-rPN>|BUKDzW&Iox+jfHS`Lg@#oe(+i#V)~HC*Iet=Tx2
z*ucZ9%J`}x@4VPklz_HXy;bYE>0{}Mo-qb(sBv7LxAd|rZC)AXYctPTd<q(BK(Jc1
z;^{ITy|2`cdFxP|htu>jC+Gup!Uxy1zU<pcL<UcedTGi+LO0w%c~ep<a^o+qLM!EM
z8@#r%38K$#IB0w;I*8HJ6$)&5QzkqLBfX-@z7!ajinFkGtKySF0CvMeL<qEQzHl^k
zG7qcfm@bb5?Y-P{rZb6CIdiBxQcz_1N&uTnOGw#9!DnCDqk~*tW2<o98K!QA)>2Du
zN(2EKza>N!YXVc1?ulkj+gJqYdHiH-cPAxzp<uWnTjt^*HGk>Q9B<|Xb&esMD|BA-
zy70*t(~KbeQym6Fv^%&ArsLCaE>62V^5VcpXMC&Ti^WAN>I~eoQ_$8&<>ge}2#1uH
z!^_q}d*N`>N`e?Ov~Y(o@kg}twmIK-OwIWk2@&F=vAW!ToAlS5&IIy0-Wt)gjNA5v
z8I9eU{1X{@E3QiO1f|SGC!mS6;!aEfBmDQlxS5QZnZr<+6lQ^n9zeI5u|ZpB!Swc3
z0b>qd*0sY?XDVy8tBs5vP-_OBfqiJm^m>Eply&6cvmVh17TsP{=X0>NH*tV)GS9$&
zX6RGksB;BaMTop#9ebGRySQ<*X@t3wVO}Yf()b)s>+c(ma@OAx4))wM$5{~_V@Vt7
zpzD+|c+^`6TJ(s<b9*p`Sf}lR9$Gg?-*YS&0`hbUMCmc^iZ7$^bq^|M&O5$u%`1&2
zho~>RR)mPL&*fjup;T41rCiY&#Ae5hbWnHM463%k9<`2M7p+>--lcA8Y*_r%lg=GB
z@PK?QzPUf<Gi04RZrgDz6*tu4$=4!vbzAT)EPDM=mAzS($RNj0bg{GK7&W|$5OcQ^
zJHmoD3o_@~9tLrthpeRZ+k@Gj<lw-8Q4e8iF|Ovm_aUhpys?uJ$Bi7Ut*K{(*^ZCm
z{Z=_$gXSVPB_{O7gBkufA%wDwtI4p6nQhI2J69v#v!L@ld0U^y8{7@3v6G7qAqo>}
zc)871C#u6+jh@X_)Ph>#HoK5hMM#^GUZLQi_PYu3yfp1z=CtOK@&)M=zvq||E*fkB
zVdFaZhL;k>2}Ut$Vs?M3@jMygVuZ=hyqwBvdAE#RyVKd2NF(M?1|6A8be)0dIEUWn
zS1B|I&ZV4FWC9XTtUIN!m^H~2*Dy<ga}mqLdx=Xr(<dE?F#2ha#~f{NHWifAyQmMP
z4wGWd^uz0_S#JYtP%PVNECR=9<&_DOK&%dnNt1h2baZMRA(Hy|JAf!cU&SWjHpjXU
zZZMXST{qOVzH+uD#bp?e8P4cz%rJe_q+;j`L0z`D+z^^9f#b4Ph?`qQWXVZKAxevG
zGk0J`tkk1RGV55LGFF7^hPvPZOXkd03ydrXR^}9uuG=EzAD(EZj(gPF6j<9{z|A;%
zokkfP*%>1qTinFCYeL9v4IcL53Fx55y`vMP$;QiB1F>xz!5(*gO}nFO(zZgOd<#Cz
zkdvLT6>vRhPQ4oa)vPvto8F4hwZZG)DjJz#UQc}~bG&QS_WkPwETYj*>Po96ch#}P
z`s9U_Gp7L?_Oa@Ym73s#j^ZX1Z}U#=vC!7sP2^x8)LdiDU#b)nq5M>UjCo~aGFk7U
zBtyk{?CyA+4*d;<>+p6kcd~{>=fu$5e^Sj8#m2`sFwS-uu1vFi$uwmo>WpVNu(E1%
zE>SPbQJ3w!;&Yt>6o|IJt~@Xu&Y}LaN^URXZBgOeV;G1J&9t|QVW&Uahd%IAQ!i_l
zJIz=X7sv6dtfErDm$?vfhu&+5sK>_3P&WM-)!uu3QqS-?X+8H<;+42mLu|!&|8sXL
zcq@A*INH^WPx4vpq2NlQzaCULsTI<65M7qNS>F5obL~`W6yBNi<#P$pIuGEYhWlhc
zlX7T+db=v49$_C@{6IOC0$xKZgZg!89<WbPjPY)DD#i3F4m{K**JZ3*GPl{f1n8uH
z_3?F<9GhY#xye$~jZ=I&ot-Gd`Aj{Hdk0-tZMD1RZyP0H#%udF@qSh&bL(pdknF4+
zoliOYpa$-4RWMP0)>6g4BdVk%_-X+pO?faO^P+ytTdq&~y?wT>0{>%3`E0WkzlCog
zKG;&@j_Yc2nb!n;Jz9#|_sw>>7vB4Dv=Y~wdj0e5U@$ED9fgWdw~VFBctHF^6D<qJ
zu`x^SCbmt*%cuDAT3W^Y)CO}al#3dkDJ>+E^drKoG7eM!GT0S4uOcv~P$XEtY)8wL
z<*{!ny=IHXs;jIEQC5ik#cBtgqe@qG1Wo@|7w&~E$ZJmI!<5Wdb;JblZVUIaD)Uhk
zsuM<}zmY}cRS*|0yFW(eumkh53-e+N@Z$6HN|c-|+n+<d9cf|gC70dDW#M5D_Ig*0
zyS_oYRYZPKAoW!ofu!8;@)~)Q-7lA#Tpr0fik*WT$x^w+XYsYg=X7>RwzI_N<cvsv
z7Ou7vBK3tL1LA(3s9rLpe9GeXWcQb67<Q7SqJm>xm4?@-IBWaKaG{B8pJV%|+;vH-
zO7>L&?YVJDs<&}cdMYDC09=)kuQ(RE*u?dv`3FG(Lg7++%lw*dJB02AU%Nip8GAoQ
zCasLS;y-2K-1SJOSYy4Z+|@`uRc|At9us1UCXAny8GA30Z|CXSu2tYxOvt(Yk2BPV
z5db_TaTio8rsUeHxBYvjJE5qz%_%%;La8~Djwma+aTC$lK@(K&^Ac>l$Q0I8MA6pu
zFwtOfk!rWqGWbd(!DR8(f~2x!vrrk>X~VD1rUu@KwUaW7dPG)g1gML}#t)?<y{7@j
z4<J4Z0gSz+BgTMuUxr|w>^J~5au9$@Ggjg<#AGu|Fp-`aYRr3t3Dm+57M|3Y($3NX
zPScRMOKoIVl+B<<3Vmf*2tcDS;sxNS+F-ZMw9Aq@oFINmjA;o%FtCA3$%|W|N--g0
zjx-LIIaO714Vu>@VpSjJRhMXxDpgS`i97kWZv&92Gl7{KjBx-YOb{#Y<g1X{01}Gx
zHAt0JcCiJ*Dr2}KjccVY6-Gz^GU<e{C{;1gOjuVK6cO@7dn!!mrub=+FnGprjW9+a
z68`ip-ht6}ZBn=J#`RLSVwyobfQZ^S9Y91NH?b<y_aUl?Ya-4ZGNK`=;Iv@|fH8Y)
zIT@1*sc`dVZwxib9pMP3WI7dAdEA;!18mbvoHnFpp!S9Fv_L$=u=|7%MC$MtKz>=i
zFTZ}yC)#XPmFn@4^lKqjV5eG~DWP|-L}_ULx*?L1ibJ?R2{~4vF^VKpO#h|_(TtSG
znWPZR$pW+3v8s^A;95{7Bgv+mNB;m6FO!50TxcXCR1G?^5s-irsw9~oB+|`Ad@e#s
zw4*M8Nkdc~7?>&nWyc^w+M_O^Kn5KcF8}~bK=R#A=#qNRj@Ku&FYX6&+^A}VLEEIP
ztJSp0Y9@&jkqy;CM~=ypRSW|c#rO>sLaj+X020$ON}-cUzk$->G#+!mfNs@XWQ56<
zO)za}C1{%-Qfd6|jt~0x9AEaY{LdJ#pI^4jvatUhisZkn!|aSK|F3lz2)Fq!(#C%Y
zT}4bBjT|iOoNOKb@d(Qq{4}8#{-2RK|7jZrQf>abY#7KLp=ALgZ5Y{sL=i?NW~Tpt
zv>af^{|{Qu|DqZOYFq#77XA|!!ocxwNFjWDFpf?RCI&xY+|qRu#-h>$kVK!nz{f@m
z!Tx|m8*APg(YVKk?2bVGFz1$FB#glLc(XfG+ogcjPAV+rXew1*d93Dkx=8TGd3(hy
zx?gvhz_k72U2fzNmeeR6A)D5ic`x~KX2nXflJ4oXUg*Z_bmY?_Q+svSw#LFYo8&x~
zwOd5;#>HlD-6s8dYvh@p75!xJj8;{XHp`<~F-w+t#FbUHBkdfSV%&kB`r^#Zt9O)O
z);(nOy98h+oX~2!`?L6zLv4eUY>Y?0VC;_%puh6vY9rTp^hD>ge2{Z~JjeYKqfAqK
zW&nRRlup{5e)VwL{|3MHhnF86)>Sq}#J4|WT&UAlnbPmUtgh4AGm}DB#Ru9~^Gas&
zkvj2plQ=9du=9-j^s!dM`k3ao7{x}z`oFef_=h=PI{M@JCGc*!@B1k}AyVH-y|8XE
zdWAoB@lxNv^0MqVaWw7IH%{-n<~Dp5+m2lI`~VO*)4XKN6ZwXAYF_YT(!6Y7r@n)~
zYu##(uUdW{w2kT)LrNo(di*@eNzl4SnkFt{7U;|iQJOsI$&H%B$`+U7-CmR9^&2_C
z6Y?%%Myhay+D!LAl0_7BaE4G)zKUUp+1iuixL#ZTF(`M1^m^==8L)+8+3$JFJ%7KC
zcpO09m85g4y$&t!1KE}NE;tF$uiqrP@1gGMx6SlUa@BSi=Ju%GeoXft8t<6=(gBt3
z53aloNAnKpab1jc+_NJGKJ|KyJ`dU+v^(PO6L?ENw;Adldprn)MNhufmCnBMMct*w
z4N$y6r<GjnZf$VhgVydp;Z#g=i~O7CkNyABoc!;ew|`3k;`mnz5c^-C&tEvt|F9PS
zV>SK@@&P`W|J{Pj3{(^UV@Cc9@%fJr3=<~{;XlUZzt&`+b(s}tLjDh%GI0N|H5mvO
zVr2&QWBm&TV*D@bGA9SeUo-MQ#^ry^%s}`LBLl<V0a*T_2mRGH|Lws1&p<4|i!%J9
zQf6b~1fB!DC=&}IJMcz;+U0-x{L>E9E&px%JGs9q=f9I<<M=z-zmsG5=X!tJIDm@{
z>px?$!Ti-V|NZ<u&JI*PvjYi7|1l;|<qSLrIL1G1fBUoj$E5$6ANyZQ5+@7r23QDL
zfam>HLjUdeSNF^b#47!rCnwv#Q$GK*e*O#1=%3~2UzE>4^wR&lKmiF&{|A~8BQqNd
z$A4e34zysMlua@}Z8|;I;yNuxrD2**U`b?iz^R}}E#e#f*=Qw4g+(Re(+)FY*6Vr7
z7nhzvZbZ@2?G-r7!<lXH%#vY>Il?N>7}}zSoXrL`Q|$349anfyDOT71_-=K$qlrY<
zd74hG=%so^f8IU$dTm_@Mv#K3_=zEjL8uR7U7Verh(P^8A~J2YQrPEr%N>E-tGj;l
zBj-Zmy4#VxA`BGGZm}Y4p1X_egOo-xG~lY3qvqJ~eKntA3WN!bIMCDJpx8);z5AA|
z?kT(*byd3PZs3D?c=@CMz{`5GGzALnpvTK%xP`bCv>~86SC!$YZ!*Sidt=hmzz1Fk
zP-9L)r#Ap63B~#jyAnMZXzm%+jC6Q}v|Aa(3W0yC{G|_<N!=iEY-A#>aFU*ahKi0d
zL$8oBi_sDN_4Br`SP{2mn!^JxligrG=-r&V6&~-`P1TG|>&N#raeR#zXmRr`k-c%D
zY~|Pxi!Y2+_dLTEzdH0mJ0K536!<szqo<~i2>J4`g{anH^YljTp(6LFHPN$TeJPjD
z%vrgjqT(1`AtFIC;5*>usU`Ho<#Mwa*z@|vwaqavMD62Li+?FP+WOP_%ujWQW;q^X
zm!_1zv@|)eWRD>FWP+W995|a28TGAIhpd3%mnP>mqo~=6`ncfmINviWei{>~lx}3}
z-(X}Y>gH(;FEWY?BF@-D>=THV_2?mLtU`BD8S;PNaRm}hO<P}z*0Z_(l=~VV&mDnV
z-G;-?2<b>Q&BhXeN7w^n<rxcb$EhcT=Su9W(HJ1a(`PCyt!W;DJ7d53Y;LL5V>cO1
z+P^g_b}hFf=jY>GX$$R$SmPO-!0TgmH?o#ppy#u_!+2<Q?nryCSsEu3Ep<<WUOZ3x
zAz@k#cV?>08yYW;ZNj^5aQsD~#H0XFzzQe;;G=t^4<&g&T3N6(9q)aH9ng?4W}Js`
zt-;(V<ebE41ClLl47W!rtZjM$&6G)@C8f5X<?@cqi+nx%8$~J4L5IVqp}bRgi^Wtb
zRbE;<M<7Q}Z+~QpST4z1F=RT2KA^s9M4<~n8kDAnCsX~@y{Iji7*kZ<i%2n1ooIG{
zsV#7BP+d)5Pj{FY$C8a4TVbA!9(rk*y7YNjWi60SE+}&4S3q+sZI@CWr(bh?atvp2
z#JSpZ<PpCcA&72n;^VQKTJ5|Wzpb!Y5c({tdMmf8)FVy*)AD1Z*5l2pKltmj#&Ac7
z6jD8SVUUGoI%l3vymr5WaCeDRb#9zR+TvPvS2?cyS<54n?2a<_$#$L5K}6D8CA-DZ
z^~(!<1)%QbU7nMl4~sA;BsczQhq~pW7=%o9Le|7j!G=`sb$UI)0g&>c@nRHg20yNP
zFdLf|?l`u}eUaK$n$`T2HufwOGguCY0w-&{KYoc@?W}n6sW1YTdwiS0Ui<QV@k@tJ
z5CFB{rxJ!%CBVuIO)AejDp;BeDR;)=m?ZfLp^r8uwi)e&L2vMyOd#GGmLwtH`1zr}
z`LMP~;`2mpTQwJBhX;krqD@+O<Co<nZDuYk_?Epz@Fing9Yv6g9UN<b3XRrl>V^@1
zui_FHF$&94nmB}Yc8{BdbTxxmyli)S(XpqxdUbA*{U%KRfPkT@@|5Rhyg&Io3Hn`Y
zB9&<Dw>~F~!dzNX09kI(3=-5>B2C5Y;o&y!!dp`(Z(|GT*8L0)inuzyuLyBQ!s7eg
zgZ!e+32(!vze$j|9=5}|xmFKHG_TH$W?I(FpEIkXWPP;=K8imp0^SaOv#K#63SU`8
zc%a=#Lm8QmEa3O<-dgfV^vSn^-nZahvO-Mb-^u-!)KrDgkO;BO_7AI7>*2_f+y9VL
z9l~EF@nv3HWq$6zI4mGee$+RLz0PQ!EOgtlmPQkJA9v^6<@q3hZ+hO$SCRQ#7P*WE
zrn|#d2W4t6f-zcKl6<T9`Qsk$S>AuL;yZQ!mBU2D%Qzfoy_arC)}OJVh2?r%xBf|0
zultOm=%qJJq8rFe)=j&ijWNs2W>FZvJ{Hw+P8Vw~e&3Baj}4c-boVE`mFo|gNRw^5
zllGU3q$PGI7P=RE^F1=;fJmf(DsroM!e7e%lY*+NtF7x)WPpj1V&=6hIx{cg#65*{
z+5+i(g3fl&u0#T}QR(Lc&qp$=I*99ZC_#IV$BHv<`i{m0??Cq^NUFI%W3GXjR%+s(
zC*TS71~}V{7z;5dx{Hf&1M$K-YOi4WFzDZ41^6pXoys3a#rx4RHJfOcuK?@csPmgI
za2?lD*g<BVI$gZLjg0Y27xdPUE4AuAf+uJpK@ihg$&(9a3G`f{uj=)l_7MyC(E^yT
z&z1-m51>?m^|t#-^<1|b31f5JwN;od^vUM-OiB-zKikSk7p{HHB{T}II*HKIW2EF{
zbm)g%5T9?6w8h^9Q6zVr>hgM(HFjNxqT|=gF5i8&ErfL~o+UWz(5Q+WmWJcC8WE76
z^ZCD*W1F8TS3t>}6EIXPx@3Bhsivua(X%Tuv{P+GEmI2O3g|E_A(%?-x_mTReQwst
zIn!HK?TXZ;@Xn{y)lzhIur`F_zw)F*rVtuQ|3tDI4$6Zq4G^DG1*l4m-a(ZqkTQFv
zml(R7zlYyX-Wa#8C8uE~t&kX;K=98Mz%XSvG)f1|=FJjGCY*W2*ZcEAKFSqwCVC2T
zEtouDa9-G<-Kn|Pq|2Hlv0iLAdhttgX6COaCL)s_^xLZz(NpJjVsONz*iBnvuJXSL
z_@a%_v8|XM&jgeu%JI6U-aux|?qi;$M#^lx^}?#t!_(-x-+jzIOe>3rM6obhMfrrV
z$+C>lSZL5>P*W|}%wDf;JzK9W{$7F~<8zgwURD<*k4}uC@ORrq%V&|jV2wyeb8g7r
zV5Og`0BGYnIU4q22YWv_{{fBeJj2niS_>Z78EUjH$*|(g#9Z?dMbI|>xQ;}eyfpen
zzv26NYnYhPVGL#|+qdZLaXEFfv%2cqu~yk~de8T?nB%;;kTH#b$TW_pH4Cv+Wz(|$
zu}Ybh{&c>Ebk(b}d89T|o^+?Xp!o3~Qkoa;>KbPU!AHwWzae_JZ?xU^)y9lU1;z&;
zYvfl{UYim-)j_t<6M&*;owcmuV>1w_5p_|OZb~&;@T8V*G`Yu_^+#;<hMAS<y~pg-
z@18k^e1oV$K^OkWfwFXrFX@0`<~s>Wm@bph_>WBwjzU%{=cnD^mekZDmWZRI_cwVL
zJ=cNU3b)2Z7iYK01Y+$~%x9;!9TWh7KTUU2Nwe!stR?E2b~_w<viWe738>r+Eg9cX
zpRE3*^!7w>yp}tWhts|^^L?G2@a5@}uC%RwS+&26Zz69(uX;tAn96&)V)r%t<9$mf
z$Fs{97*#6degexS)IwD9eQ)$q%tTZDd4*=3r$wDycipRApaBtn+Z5GgO8}>tt3H}H
zQl|P)K@hI_W2Elf#GGvUr?Gr)<of1Foj@IASLoxxvjGpmPeWJGEwA~JhhDG4ee%+c
z*^G6WUHVjit!>_G?c=Q!&2g>bO+`07MKoZs1aIk8sZW5k9c(9lbYGef>)OEP2!0{o
zlvw0;bovVEuz;Kb8-c0&eSsaqTyA?TQN5~Qs26&7gkrOUf&iA$wO1RHsexBG)1lvo
zph-Gt$F99eI%LZYuSq(h_XC=V4#$PheI^r~kn}>pXfqgEaWvJQQbHad1U8ln_IRdx
zmdYSpDxgamt4u-g!+R7nZ}nX~ff05u3BU+>-=#jtS==g65OEjNn5~9&lm`IM7;UaD
zZ`>v`(Ftt7%TgG$d)t>zu&1Qj#;6y~<u>a4S~W~>N4t-ML2tAB=6YMf$4EB_W+pMD
z-Al)73kTtjlM{BwMnu;S0p6td6Zw4-9(wb@IT$jK<0=BWoqk*#<&R)ixU0C3oIZ!7
z5r!dOw5U_B+#$?oi!@H4#ySS{UF2(_se9Vxq8X#xcLN3qFy@Y2Ox=~~?cj%=Kt6oQ
zew|<B$T&#%27=Z_#{E3IhNG-Lf;vdgK17&UTE$0Qfy^EaToZ5*T<)3<Fhb6MNPXu|
zs}R`uMe7h{_6L&ZXam!0z7X8V0CLryU}|FM<rKjztB_CxmITJJ(7~Icp8C7pe}IO3
zCBvf^b2D=zCjejfCz_@I)z^9b#oXS1CQ#`f24+_-i5fW!gp&xVgAh*ux!3-ShBVO(
z9hia5CRVh#4j=h3D41?&3=(?A_nM(SSdc;3-y);kYsC2WPz+0S`HB63<}|x<&0ti6
z7obC4f1nk!*^C*F38gB3^vcp;-G**T2!R<1@ri!Ri5^k-wJd^r9LmkbN1{+=;kBoy
z8;pQAvw{?QWB+yc%RC>0s=aTRr6KO`NaSo$aIRAGVH{}PVS(Ol$^PDKh3tq+D1zwY
zXSduf`eu>Z??$+R2_y(D-wm3gpTFsssB!-oTOq(gErxVJR|Hj(M2h;26x`e{m5VHE
z=GQ(n)FEeAs;{5`%1k(tq3I*m8-u~fhZ+iv;hcuyDh3{nf_h?-SL-S~nIYmsvHR%m
zMKY5v_)Q5Bf^h!CMS05PSi+mr=!g3E;|N7j8=^}bC}n1dU)*_{90uR9PM!Q?ICdmf
zQL;)UCpntnl9`i<euN<f(OXDseNV<jxZL;FEJ2_f0J|j@l9Gn72O$fUtrY<q<`#7M
zL4oWz<o>f1y+Op)Az&$Pc0p;GkV{u;;vQB(R>TryS0EiT;#nyenp>n8dlM^CD3tRp
z0AwZR59Ek4$ewdp`w|vps1OGZhC<S$9eWm38(Kiainl1Wr(4PJAhDp*3X2nof*hX&
z7u39T9K)#-csl4d=DZ<C+$n)RUrnuw;2a1_P<9CBg2myQXF0;==G^77d3}m|c*a%3
zgLQTCIGLVReV<O*9=jH92Cp{)K83YdnGy5W+$2s#+KV%KndDF!`@`zE3-^}M9_>bl
zE;@6$X8BKDZ?f=)09$ZAtLT8MS|@E>!uc6tO*BRHx(ui@wzX9*154`$Cr#WmXRo#a
z15&0n!Q$8})>YiZ#!kAt$g7LGhsWg!!agv=3UsSB`1<6wiES__%d?XW>pCYVE~oB&
zKT*7^YAo49o4lVHQ5wsjbZc%>xscR?5Vo5F$rl-em2{m8yVcy*rbg^Jq{mJgo~_Vg
z-fHnP1}8PQ6{dCr%c~}dKS9-3TO$%}@NAh}aJa`G>yd>Do8yB67@U$TOw($lht@nN
zexfsd!KGz$Obbu~dGr&(U~Q@xvShEi3INZRF7@+sN-cr0>xTMVEjF3=rf!zr=kTzO
zN}$A{b*YPDU!`#|6l$x094Ea2L)bMU*p~cdrg~1w_}vP_6jI@v&46J1$}%{}MSldW
zIZ@j<w~mksNlOK4(>lHdHQ=o%%Cuq~j4+71SE2b98&8N&*kmSN{L=1Z_q%wloJCi@
zw}4BZ1xb_sQ}!2K201P0dGSD&cq09DH7?wMoZk+Y0~vw}5IU4p$4PcLFo^xirluGw
zw*nD^UfoQnccIfVZe}2AMxDB&inz*Ar6u@Cw8|IJ&^Hw6DxHEv&B}=Nj1HNK(q0D5
zHbJOMlwNf9Cbc19?_ba^A%=F83Xc|&+N)UMUO+k_2=0sVUW?gRvsp%AtKy2`MHNsl
zL>TvlL5IUd+}3pcbj*po*mDQ2S$c{IDBR{@SiXn#*}_2&hYCqRmZ76Uc<@F<P(UF@
zTT^P<bD?Z&f5{Ylb^<NHPWiD935}xwLZKsY21W^*5EsH2I~9<?;3ei?NU;Cv7X|qN
zb?iLbQQ~l}5{~HJP4-RABy%cnrwe2Oq7^^HK5%srYLg}Bkmi!b_75qGTQL|Gk)mKc
zA=$4kYDG{Un;;*g;|Bo@|0~SlZxpr>xdo6|AlLO~64JRz5xYT(#GWMIK_bh)Jc>>u
zO~+w=Oo;^dYj`V8F#VFlG+FgBKrj8;QT2gz;Tt~Q$+2pY<qZ?Yv*9|68A4I|RU>@b
ztF4~4zfO;eUZkMFQ8DqN!1LGc(w7C~Laf6=2OcMN35$4Q8ngJQRkR%RU`k(=5m!xN
zu>3HoKyMamV|^W%S;>^|4d1zkG6W8Cv5-~s$w`qcS6n#b!8D?&vC1cgk!d4wcbw<0
zI2y*ldE^H8IU#jp07O)x`P`CTJPa^Y?(KvoMp~dH9)?{|4TMLWGs%O2<sv)GAX>=t
zll81Nr~VR-6$CD#t!eW&FW62}v@PAWV1VyNOd^im(pGvZG0-y&GSP9jMw*(G+G*LC
zr%buRgGAU<#^rMlIFL3QN6$IZFDn9X2=b(34}@cnl*OjvpR;=8vGEm=KudXgoU=uA
zFa>@NeF2dsJpL+kUs#Axuo(Lv5-z9vG{PN77z_aUobjQ(!b#i+R7<f9d&6>(Mr)i}
zk?@YguYRZtxD!m{$6OW=43}RF)8SIA{dMN?4RK;Lb&$rlH}hsi$R!^tTXKh~5y9&t
z8A-p*0y7!gk>8O1$UQ~VqriUSiJo;FD{;%85;|3C2aC_3d=svJ^{P*d$BSI1qtcbv
zi=`z^Ze=#iOmQB$3pbCwk@7<&Kalp=FHDSc3u2ze{KB;xsjeAra<4!>fzRn0&sDgK
z@+p+X<eAP*-IvZHhEcaYn`nHN7B)6uJx^(msKmEL+Ug;5A^_4rpFqmqf-G-hT5D67
z`Tf`IRbV+3oMP2_g1%?0qhi{vClzFld}ixvgmt`Ck<}>YoctMIoPm{4Nr*8Cgu#;Q
zw|=ntfL&ZQDlV94uP{yvGc+aKl$)fVolXO87DY!Vt~xb}*;o%RFW)^~Yw+b<P!gzc
zcEWQ;%?OjQ`l__*>{of?&0Jbf<IqHHkb36vNDA$Yr6Xn|5W0{2kQrZe;FPV4Hu*o;
zxfYLru!s5I#p&Uhs7e{bG7tBJ)Z@Q1@sl~H#hT?;k2Ap+-I}LXewcxd%T!zD+B44L
z)m9ZOG=CcuF+@Dgt2M@AdnT!6?}Le*nBz>T0QI0A{@!j{A9~6Vz`|Wnueh>Ny$Zf%
z8Wd$$-y=mZKGF;tyH;F21*3zY#T^*E{9XIh@1cItx{OA}XtvfSc}2jdsMZQ>1)VB-
zxhhX0wuaTjtj(|_)=-25CFSQ2MU0Ht1-|D?a4znFISKE?iUuWuRRjIU0U6pDVj}H%
zh^>z7GzBL=T?9+;nSBKc=Xv4X=+Ik~inHTVYt3k66DB$78ETDD7o>Oge3rG6Pu=V5
zd0)tK4s+`WLVim26mC2fAy=yC*J59>Fk!@nX{jfuFtDjg)B;*!s-LLz$n1tKp_WWa
zBIg(nB$Tw=To_|f`N0UMSt;KaL`yFG^01C+OVBt8Xy=#Mz_m3C)1MsVoJ_LU#Jovj
zbrH2Dq~x$DT~_pl(S*+BJ&DA-i@h36ek4Y9s)pKVQ!VncjM0gh5LbvY7ck9gtSM8}
z&%Iu#(OiuUR~zHLCA^<YY9>b7)<(rS=@+^V*T%Kh5u4|}%ok{w%jet-I2>%61UpWM
zZn^fWY)$gDFxy6-Xj>fqQBIn%Vzvcwz_`q=&!KcWQElNLGgEubAiqO!t%;|8Nu=32
znQPkGzYxCMxNTEByjYUGI=R(l$ZQ1+ABmGVGh^kpoiOYA;J_({jX!m8EKqwUDsU8z
z#$6@dZUz5td={N<pND3BfM=AN^3)td!V4dr2z*XbFduoXq_iEVp|n-iM-9lQ*AMiK
z800Q(SAL=B-RCP&-yc-C{X-K8EhzADre-cRKer;DUm>D=l>-*w4>z_U)ql{H@GaxC
zYxl|u9`)+WJDUQ|#{FSYQPVX=xycqq*SJ3E$Y+i~JVEc(!!eapY?l4P@1659WS;`K
zET5KC?u)@9`17%a=K`Vk0F1L{g65lW=jVC!_g)6RlxX?=y}c>R=Do;g;L2p%zm;^&
z2<<E1J0<bVjqKx59^m=PgMZfjNw`xKeA7hwUh(~Xe+J}I5}r@X@3Zq8|IVN<J0gKi
ze>DH$A%4=ek<I(D`L`!?c)oh!3B1ytEu9bo%AT$1y{av~=(pBD0zQpiULAkL#BESS
zG<!(PYhi&Wg>OE?-F#3Hh?ds@#OLPU@L8+htgb<uXb$mXuKzp%?4Opl-!5tQFRA;U
zBAFrjSROY$=hr)eo;U3wuxQSCExo2FUG$BU*IYriyp8x=T`4=)x-WxfHUVx^y5!Bg
z$em}CwClR$*Sf^#8Lsnot~Ncc*vs7AmE4xs7fk?%rm4QBX!%Sgnc616uD0Mqg^kyk
zq1PRp*BnJBBk=dljrHGwwor+7?Bjz=h#2-u?7KVPy*4flFI$<~+c2-N2e_qg5LofC
z_gixA+!z>>aQ5vD>CpWp(?j-<qa@ut>tojFcFc*Qu$PA!5JI$??Y@L)*)b?|gG<}l
z1;V3l`}scvNPW7W-(_xlAwMEm@3fOwy9VN2&)b1&UjrNGe|-HNc(;5pSn04%Z%`E2
z^mD;+jig;Qx(aZO4y|8@pwAmo6?bilvPrTNiM(kC@+7%@ImiaDxAoi8GpuFPU|l()
zLQI(Ya&*XQV>x$Xk0!6V?wjj2a%CP|ll+h=AeDJ)u&|M761Dqh1*wiUmJREnV+HB5
zdGa9EU5x=Y8xrotd8*=i@1i5^hT8)be3J*Bo^wH}c0o@W+&RFq-C@AV<^a8YH%!T9
zz{yLL(uS^ojI`alBv_klr$E+ZT?yXCQpHi$q}hIirBX2x=ir$pB^ZN!d>1{<E}%2r
zDme&8uIAO<QcgeWf!O*F3%fdhm~%Kwx(%Klm>kXQwkX7-1H&H&cD?2wj7`(OG5ic*
z(f7EXOXKY>q=2H_@UoR(Wo3nq3obg~)~a*%0RM%<9Vs7l^%n5EJ84cI^h5cYJHeHA
zB_7|vjH1CiIBQX~OzjBzvOz~v`oqKJ8|xS@PsU8ros?{+!a%cxZHLHUYQ!J1npj0M
zKO+5Usr%;qZC;^uV6GFTn!!4ywCov|^?Aa=e^g2I1`%f4q0_NcgCkFdNOtaoeNh9A
z^uUyN+-qM~qLUABl(t7$8V0^~iSXPkHvWsD5kEiyfX(a@K{6h}e5w7!6#g;wk=@ns
zHR-)X;JE9ni4yX^^Q8O}huIoh!mx3$a{diZ|NadF4CDSQH~Zh#CP@BEZGwq|g(<D1
zlYzB`(SOz`uyOqNA_Wd+pwWk!g^iGrjfMHIGKKSBYZPdi8DQuI9gR$EoPZ7!VAsF(
z5Px@QnV4B&=!FgJBup&K%$@$}`tPe0{)znlH3a-OP9J85|5KGh+!)a5^S4SNDCy!m
z2&li9kOU<(ayXyLDk9-y%y%>+tlI6Xvy_~QdGO=$y{Jl4T(yZ3#y;fER>_9y-#!eh
zJv<xfAol)eKR~cxd5cZLkE;eJA##=)&)U0}lYOYd2)*ta-0jPnxld0(o`6apmgXLv
zferD6*X9n*H*n%)Q4v8+82FB?yZMzPo4^>AHnF$c>T+)S7b`b?+TY2BBWm;c28|gY
zODWV~qNsq};xnc%d7lfr38YDS-Y%0(Qd`)fB{aN4{hDFv3<NRCyXm){lS{)`cUYWe
zg`9}vXt(|xQ8Cf|p1b0iDTM0l1jJd%Ps3)9i9}25(e7A`MqTUgc|cQ-V>&(iCx?FR
zCylu2C#6UHIX}_G;pgx14-`q*b+(|ge(le6iQ+WJ51xC%V>-9kp6;u(ns`w(?=3T!
zJj#EU$NyiddH#3bv45M(GXV=@{+peLoe3Ccv;2*{Ie`%~Fr#PqyUzlQvH!-*z?>Zz
zHM0S~Hmr=m$QyXx-?*F&DCz;81M^qN!|}Jz-{XICd*GH0=+XHbb2I;qvVq(GRkZWZ
z<MXf4^#3B-0p{xe^@#nC+8N+j|EFl0k(1$HqUjBHPcLQF#_P?a^mG#0RI_+KrBoCl
zf@N1>!Rl$@wLnAIz(gTX5ZSZ@h&3`YN^r4|U-UHcfF4CmdoRROI~XohQIUJD)8}OQ
zp))UaaZKlSW(@GEyh)vclcvW>3(DtbpRTty-;I2;tA?e`vzjHVtGWI>Z^3*~(BGnl
z;?exI7p)DTP&rFTy@gTE_BnM)j$geXhz^%BVp(~ga61mA1DiLXD6@3tI&$t-+qVM0
z%`OrdQ=G!Qg3@PE(TP!TgYXo(el^@07Q`Qn?sbz=m-p(>eFy>>>?R1^*g^1ZcQGIp
zimx|b-_s`uwO6lWunDZ0KD&Z`#duKdZpI;+2$tYL*Z*~k42AX%7#Gj&8E)a#Zy;h(
z4T>=&-e&L`fqXW|jKE4%zLo-TiRQ^JoWP64b50n_P7ROOn#hj|e!lUCEumKB;Go(V
z3;wL{*zcPVvM46VnUNnczn_~~kmRVLsR7ox!m8GKBJ+kL<i1Uhec7Oq|0&8ZikK6h
zMB|Il@e5ygZN|PH@j_tEC+322+mScuF?)fZ29H0i*PPb_X@3*yJyWpkn$T1cCoFHm
z9Mjmdh3GO!gqSNFF%P2}`wtiflc!)v$1(2!L5pi=-!;NLMJxJh-t;9g)FG@BBs1g#
z6Jm{x6V7>cB+<8bkYT;w`2Ez=RKwLs=Kfz!TLabcJy~1P{(xn7hBAlIVg$#S-b+tE
zv(>}0K<AuI!_1S&6POZ8Pa`ZMw7sx;gzYv)&fInx5|7)9u{yA~;&sAq;|P3h$HEhc
zCTm50o8dbjw5jL5c{tvh77I$#^sCQ1LgnwecAXE$R^-0T?)s=^HTk0_{0hsNr_ZqU
z9nVaZGPJ43>NZ5zAC5SlD0MN~C(~S-r4O6eOqC~}qulN5Pl2+R2^|cnJs)x6%Zq-p
z<vmX%4EcbK7!KP32YsutxWmGMO;K137B(H;E}zUHU3G0{_3}*Sw$oBg=BjkYj@tI}
z`uyf%LVkMJFvr@y%ve*FW9O1o)CQ>$YL3L7Vu={LG;Kpi@VucbC+<HF1ERp+49hB;
zhcE8yC4cG1WbfUkKRlow+)E3k5grI0W%=2}i)gI4uShYrDB<dd!V965e*d2S>)s<n
z8FO$9qY0!vZ}J2se~O~ruU7{jFTb~Y=L<|J+Kif=bf&Xzz$M%CH$)31%Z!Gegx&8f
z3AtYtKx0(4Bj9#^aVCSv_<JrQ1*nvW(45a-AWCcwR9teU_3cp8rP80IJ3GNFC?z86
zQ&Un(6N#vZuLb7h#s{p0z!!H^DB##Zyf4*Dl@pjlYCdgmSH#sQq@I??7uvjYfV$u(
zgrz&%l*HKmG{;Vwvr{BVL~Vg6Vt7XTb-}^^cCQqnKX}~|T!r+Nv{0>AwgTa{#=Uzn
zAOOE;8_OE!9x)oBo*O*C(N3ZaFQU0;eRvIqCRjXc(=?uE%{wlq0(R<lMEi+_RpM}f
zT8oryiP-7oE2!^++z@~*#NI3NDWvdQGI#_ix(ml|tVa0oVmyf1?%l<G4S|csJ_#Dy
zdr29b6i!YyBMTyCP$TBO{hxBzKZPC7vilDv5ji$~-2C*h$i~aHqP35hBRuJB<V+7B
z%VVgU7hi(OUU(Ofh(UG#L6V&+@x@+P0s`JC`;BYG+Z6PxyI4HK9JDnQLDSp@*=NPs
z=obhO%+^i@EGTI$(i(&>GxVP0yeeuis2^;08pTmu%2du``7CA=&90$ZmkN&5q_HFU
z^;*yk&cnbO+O$K!HokS4bg6(FCq@&#aODiM@Eq9MHw;t<eLPL;iXe(HN5n=5E>h1l
z+Ar=)l=Z8)amS#DZ|N0+1kl{o)AP)1*tmSy)Y4iwsTuI$Nlki`)N$#A=gm4#Cf4Z{
zjU+fw0+N6-WGyV5vw$E70Vw=0>8z^LQlmO(JP-^V199CICCFMe@R1b|tobFsxHZVD
zi1(zEsU$cS7NhO=Mv$K87uRt4#BY^#`n&51VIg497%l%Sqb5)$D+qcmE-Item_R^#
z<Sbx0y{7B_BJt23+5GKZ3@|ZLNE_?aau_lHRnsjq{B_O<)KF$b**wi$#{wTO8u5%i
zEt8*(7OpfMej*^SMcMSXz}*Y-cOn`+i~1QY0pwNa26YAjskuOWTx8L>aosv7l%x0V
z?7EhQu*zT$hk&2Nu_i+B%?6UP_TLg3Q;EnoTiqo3wbPQC@R_?aY|r8r``}D1*DSq+
zm48$|B!3Bk7+?aEjxi>T`MNU?28yO@%T4y3MZk<REPF4?Ac8`UHMp<XC|PnBPEyca
zCFVC~@=hG{?y@C<T`7r;-|n#))VKIhN*G1bQc>FY(dA$UK|G-G*-l*5$Vntzx#lNS
zaVmueCL&yksJ6qvmvW?dY@44g6s;!iXWwW+m{xyfW8eDQjU0oR_0{a6gODgxJ~_iT
zzDU#(Q8z<;R0n1_cFRt3W<ym0l+t^!CHKmSo-Kb>$?dxTQWyGdNDXoO^}0j7mjpzu
zo{Nw)s9fDTAb9F`k(YuB1iUXL!~t7RNmmLdr0qAU1Y%3~eB*CrO4P%o?e`C}OOa$e
zj)gNOPJpDA2n6CY1}?Um@k6i}rXw*K8Ts##I`i9NE{IJL+`rwN02Fq=cfRRtGVXGS
zDNcmE$nuPZlS%VVof1JQoJgr#>_{b99G)vBS^a`?ByB9NA)WMb+A(n9bX+)l{_sS0
zC9&yB(^;6_J|@>8Th}i)XG$fNlR6?N%8;8n%TOLi$5VpV%MvsBQP<Abucg>fhGasL
zc4`l;B2kIJP0lP9kk^}fIST2d)mjIpzROZpX6SKH&vRs)sjKSq8LTe9U4es7VU|q(
zGQ{b#KlP_+z2?ti)<)~cQqIDUT{zR%*~hkP(5+NoR$T)6{tbfn%M1BU?;H5(yTciI
zPQ)f8n`2G$Sd9dK1*)oXmNY;~IW0G+yEhgVB}Bl$88fDmM%5LIZ>AZ9+xQ)&$i*yx
zI&?Nj3?(&15e84LsFj>HVctQkwH-3Ptk<}Hd!&7~XFFBjM!$~!Y%{kG(JS@2s?MxS
zVt=z%zh~ZT&-eWhe(TrnnQgE8av<w+<}-sm7igFBv5k)Wxd%y2MA=R|1s>-NU^gE(
zPpV*2z><Y@$?)zq0zE*js+JL<D%xo9Tnm1qS+%D!JGqCEbIYOuGh@)=r4n~=H#I<z
zGjVlJsNv8O`K-%E(N6v*grR7g>T%<Gwxo!C(`|{i>HYjLa(q8lJw)}1%nRmm+i7wk
z_M27)N7nOk-_h3Fc1Dt30iz4prYBQRC04PD47pS;9BVrg_S`H-6+L{tN}rXIvncB_
zLJOI>y51oJ*#f3A-3IH1>etp<e}(f`Q2ATP9p`uh;m?<T!NcRlw9HlZ+JK)vk1(P$
z<Dymkj+XhT#<pLx^q_0&6q1tT!xDIG<%BI7&wpbP*Y&KMMkPazlTWm#vLZ%jqJnG7
zb*!Yv8hkO+UO}yzs$9=sFE9ptm!SZZ`*XA^xUe|*XQ@|dxo4EumDjKM35+<IK;t(N
zK4;j=iD@(39oX_s@L6DLxL#$re&l)<-H2FzhU0W%i^?D@?u>*y9;*fFd0ho8Ej^mA
z`Rw$8c&7-lZXc~3r|rqim?{C^Y7FZsmXu`FD(7m@GLV=d1}BMzSDl+@oS^A27e!Hp
zTj$~IiZfS=tbx^@GZQH5a~oYib0-aN1f(FVr}vkljh48*hV}zGkC4Y$nr_e7k{k<&
z`FZ2##!@@IPtHTfP6uRW_|)j#!27B_5FDGa^;+0seSZo}_z9^r*Mdk59xND&6=2Vz
zmku}-qZ4d6vLozmdLozUku!Es&x{_}!4LaO%^23i7_ETp?K?HB+SDfj*6uA@^z=Pa
z1=aT-3XW+cP9C6ju!ih#S9pi9tMKYmH2C8*IXLNk#Sr?NYG&OTQF78{()jwo4H5^_
z4w}is4}X|W<W&J}ja6-jSu!tGOI=R)151^j`N^vG(Ko(!=N&hVk(D;SW2W-C&UTKb
zeTH5OC9GDAu&jf@tVF((bQkvl7<#YA^yg_)pC>JIu6VbVe5v<G7%_<Gza?Q)sR~cr
z^h)YA=A2EL=k}R#SUm9Kc4~FLObp!-(r<yoOd05)ourc@KOacTuQCx(D^OCc+GuSo
zj9jw%-pKqi%KYh-XT*REt%`ke#xxP|LZ}S7kSid=e4}M&AXcb#^-uy&GtZ*r0er_-
zvDhE0N-YUB@MX*AamhF0{b9^;YSZPZbED0bV0mO;U@>b@nXq)$-gK8AIjj9GgunC8
zqUR^f8!trd1yWav(MvQl)4V2I-T=spZB3z;ip1xim*~imT{;X;vMdkUs@dP3tG=!7
zSIQ1wlkd8N`w;Ex#8Mw^WBwn`-Z47TcHh?xI~}LfamO|)wrx8dRBWST+qP}nwvCQ$
zbexlSo^|HhbI*6}wa@zSj2ffHxS#s+zem+mzw3A17Y6$1nPQ9H!=pJ%$scj`>`H_P
zRO{6rDf%o?3`PE7{u&k1`$`fEW?8fSX3<8>>3rlV%e$?^rqbWn^n48FcRstX%1$CX
z!di~os9Fgw^4psq=Uaa+4;4zNU)eEUxwXEw&kmrVK~N!WHu>fY#uAj6(-OVEQqxMc
zgSV>dj?gzu+0{T0#pw*)z`&dIQ!)aSN2LmA!WNF1M#snD5)`aw?@X;0>9HV1h!wQ1
z)J+{?I_F(XPl~3n!`umHM-Hge$xZ=j)N{tk+D7Kj_3UsUXRKA{sVN^vmyx(S$HS~!
z&#!0%+64=>{Lo!5Cyg;5Aa(D6>nZj>(nC?Ci2<$liB&qOBjtq*%pjf{FbvF?cFg#b
zl#9kjDN0XIzR?B7W24fLVIHJ$ESg!ElUy0DJoZeAIeLtYb#)awKO6Z^@19XiYGiZd
zOh>jMl<)QB15za#?XKYxaH2IC`g;97hI+fBIf+~^sBWbZ>}d1V?Fr0{4GJQC#P-pE
z>?a41Dp#-TIW&JZgML0cSh{Pgj$R|TZ||#CVmvi9a!ZpfYF|DCBzzMjuhl!>{dFw?
z>AVn8LsB8awV#qB6ynU_HNh=y<C*Bl#0)8h%?<V|6YQP>kp`to?#9Vpr4S9<_@Lz#
ztZi{rgN&bKG8D*w#X>b^hA;XR`^TLp-x%`Bj}F4|*GWj9i*O|}P?iK<$V!&E!YDlA
zY8=i<y=DrpU%L^`I8fuP>j94EJ^j4SEbrT>#}(x-%%?A1W}Sr}KHAdFH<^NIO)E*X
zZc<wD?0-&dZZi<K+9@jDPufaPDjs|TJVxBAVfAUhIs=#`gq3r(^A_}xi(xW!;%3k0
z@KNJc5^!y)^U2LIWkYMgY-{olMxo`8hpQaale@N0>9l<CWVoU}-fzY@oiBj)PMwZ7
zKmb&pE+^hFP`<G^pdXT%4KfYdmrUz^bZmCpBD6Lkh^{@QknJ|Y{YxgsTlyQ_0P=9c
zajtZZ3Ztp1n|Z4|>>unhm;-`T`Z0ZOhWZ)i#NORQKud1xIBjf4eLnGS@vO_v@A7*!
z2^Y=RCa$Zppv$f-4|lRj3HMri;?82*8%vU=b3Fv&eMDbJEWST*d&qU=7`Je7sVNEi
z{`SGk@Z~_|BZiXoEi!Du?Juw+2n|R<Cs)L0)%1?Cq@6vlw_cTAd!gxh1={9g*Xj?~
zu#$XH<4bt5${Ur_i4GM~E8>nee)*a?GWpr2`e;DjsbWPn(tsJW`S8wwAx9f@;p9dC
z1gbK!P0&3UkiZ55J8)gkKQj6=WoqW>2jfGgReX_Q34I=?$%;yoR?&(DYLT@B08+yq
z8nvVfsks8_QE_QzEJb~uJY?gX@?^wth8#7cc%60In~pp?giHpgC`0lV6%88Gc7>n>
zgt3d8&%j`rhYe{Xh9lkSVxIHR({t$u6!!R<2e;R1%kg9F)$@-^M%>qPaf*ked&G-0
zFQ|pE`Lr+7r!e(0>1n(Jz@0GC{XO!hI|{{NQx&y%Yd~r^Ll!O|j5$SZC|?`_>gZUm
z_9R(W=|TmN|Abv>FToP0vr^Tj<{&nJDLEN}&N1r^Db2W#oe|61cY;rcP11~{8mrms
z>|`?1qtzFH_~D3Bz{?GJ+H|2=v$eI->7Y6{!TPXO;z4<iSM+Z4u(@`@5t=94<#f_~
zot9-~qQ+?OF<$9v{=ypQD4Xtf5aUUa#)uopeF^%rJiuO3)atQB1Gh+*W{lp=FE%P>
zG`3f8XD6f+zaYNQq*Y5@D>{?wu)I7O;78m|cQv!#zoPk|yI&tv^Wo$K)N`LojI{n?
zUBsdTdE<sZ$dpf6Jb!{ha=?aW>Js3qryjwgoC5ZTD?wn2^zy9oPBI+QSmtJ@a!`iZ
zX@>Wqr{6xrSauscWZByGTjx%K5FBrC6xm5Kp-7UN4<6Q&-5w3$3tF@Xe1*7hF0*>1
z0#iLw&Lv9jH6c?C7=!WNi9J>qctcQ})2v2Q;35a>o;2l6@RNox<y7%JTo|ev6p75(
zfO|DTg|=oXyg7TZKUU@tCUF7*u}Z5JdKJlWr6e*IINW6i!h@=8q)<xM>w}BFvp`r^
z|AO3mX;a+~I*W~w#YiS3oM+^*Wsc=EP^;^?0SlKu{9<F~G%9g5E5-tD8B0Y=b!N+X
z?h##gv?4&tSTZ5Q8xdl3t;UP-v@l%i&6hZz9-&}Um#6(R<IPckRhGLV?+e|?XjlpS
z^ibDZt64+m3DscctL4%DYDARQt0U+peIV){tH1&qOxzZ;$VKMWcZkk2GU)LRnRi6c
zO9;OsBbPBw-^Oe#jC0=~7ibP}9Wbl}uvmOiAf%x(-IT2JiJ-y9%D+#UgRzAbf48CZ
zFeA_n{JL6_LY<p%?>4HIT*<1luFmRyIkyeSR;yI2!ccMVOS<~;M3*2u+A!KN%3E5l
zM8ru+^pe-c)GfV-<-crD{!IoGkmmPm=w64T6ABJ}vH&oSPXaSa4|^H10T}N|)dZ@6
zKK)_DJOK6N3rsK}!iv>HmGI;IiL63|(+)$jje^|=3sm!~O^Ms>N=~G|9J8S;1u6p7
zf@+t|a=D8FXLieF0~tnr!hpy|(UJC}^kIdz`+way8;(kj#W@e|76dO^kK{S_mq?&;
zF`uni-~zekbtPO8eHQsUZ6B6H!O6#HHJWxF%cu>dM%hJ-9!_eZXA^BbDGH(`+!udu
z-V1b&-Wd3q>D0<*xoHOFVsa|F?*{>W=B<7LmTXwiqHou7%}vAw4>yLW0^h5P{|trs
zKXu@cMC3f^+ErBJum7-usXRV?5Ir2^@a^!?RU${D)wEf$F{Q^MvJn<nR~H``7#T|p
z)c5@vEc)i78^!BZfppQX1WkaY^*waJPo6K(Eg&)W0J-Nh3hLLcZx<^*H71$X{0ipD
zR|TLbJ=UMT9h-L8JFPWz_yMpS1VS1WK;=7xBGZuHsc$cs7Z+}Lz%TPxhG@vtg}@j6
zoK4-B=`GZgBjo2d1_Gq;fW^CBhnFwg3Y4HmZ`Em=n^zpVtq8-Phsl}HFQT4k6ZOA#
zFc6@H2XYvq3AB&lk^Q=a9?Z)@@N)k1#YR&WLTs%^_ASQ+Jq8cnrx4cf4N7vb9u(Zs
zS1&+LmKaM%6qP2@QOK`HC;AZaaZPX|hwbX*M)VCwm!(>}m`G#-Y!Qj@eN*50ClfZb
zZ|&FtvyRr+6B21GSm!F(!K0H+U3w%UTIg<-HlME$&Ov=ku{4f>dD%wzo621Lmy<Tu
z*kXOYyhz?1em%W79^C!vx~GrHcJGlU7zczK?`$^5AqfrxyD{no1#fR}B%Uk0IKMNI
ze``G(*k8lPWS_;7Z_mzcd}WxHd|eXFkYbtP>XKJO0ex}dW9QeABMuKRb`@`-1{=o+
z?KdE)k#iRRJm%3Mrs&&34pRIWQv4zkN;*CaJ}544_#230HhpL|yqx|>DQ!1QF-Wyy
zPL=nL8bXx!K~E|DxHEW%w;5<87^>-8yfwysE;1XT`A63}C5TyULvhi(FvtYdGs5rb
zuMX$*oH142Xwy7W$70);fh**xVfuXE{Zl{+kmMM+cqg}qjFV<lmf1SNm?-_Mq4~B%
zpLVqbyT!9vJ`0q&hKLKV8r=c%hfx{=-j4hyO&H@4$K-r1$eT3Pxha)53KIGOYzd2!
zsx(iyAz^&_WYf-ac##!n+3n)g#Oy(!7qRCpXcjmHSP<kJ%bWW6Pi>1I@5LsCs}*?w
zbU7}}p(8E$aD$u9SQa9#=VB-~P}#E?#8spfZIlPav@hgP$a)<BN6!BAtGrr>ltsFi
z!X!7VjPhd+b*vgYGD`y`E4pDMkcT;KSS3yUn8~qvq~e9wc_{I&KiwATmFFPttnRGC
zD~sSP5)zh4w<TFd#!HXy(8{xgusN5`QiYkF^DHA@PvVIZ#Yo)q9AwdHG^9F&9=_*m
zAP>vdb>Wb=maOONXfw&Y&X4i0oZ6PYB`<*8(1x6S9YE<zD32Nqm+KVj1r(!3Y>hFP
zc7(`FaLq~IM@awPkZgdL({fp#1u8dDQ?%?_X~b3H{81o_XwPQ`kJr3LTyBe7C8d>w
zSBwC=l78mK)YHp8&(o1I`rK-}TQ%uftE|*>!X}oXW36}7QpdTr82oj=-PB=LW2~Vg
z21B0a2#jSz%I%N6(jt#gbI{V0NoH)d-S~z?S`h9c4}Wg?OX1!MF)HPWXs{F7y}AI$
zpp$IzTkKu$si9o=KT|-=2m*|u5*`M#G33@DX8NwL#7v}@vm>mqWbw6^PvaAP6JPr#
znju+7-ab*N&B(K6NH@;AuxMC12zR18peIXeL|Jx~?|of%7tCOORsS3U;_}QoG8a7N
zZ@nW$Fh*LXD5~sv1ir9sas4r$O1Nq_69z7E3kuyFQLuW;t8Pxnda!``<~@25n!e`8
zD~nlF9R9qAVJ)Ic@GpBQ;BaO>{P1_oH_cds_WjH>CJ<ixG}T_)6xAO^hcGXPnG!FR
z_E3{J97BOqmmE`E&bV97xNB2YJa{})xv~SYDe-lg@-JOp>Bb*>yDJY}?&$`f&v#@V
zcR53qA4p+%ZsiZWS=Y;1oVN!lbH-}d;pVM};beWD*hM+)%Mf-GxlSx=c5V+@8a&Bw
zp0KIry;r$Hc(4|iNc9+vhWt7%7((x+0X6a#Mxy6ly_Zd2FMn;}x%_m?n(K=4vbJ4O
z?LzX@n}a>GFS@$j<odM-fhH55!RG24k&eOEa}>1}#aJ*@78MkQ$Km<hytDk>)k&|}
zVwn>g6Bk1z`saLY(1ap)V4fP=2{(t062~Y!7YX;kQIrxMyO%%CV2S>AkK2oPy{10#
zasJ(}5E^bJkKmR|=ws-Ez3*LKz7!tq&$b8M29J9^TX?{OLVfPiZjNOr-$jrp5JcEE
z`e3xPjjcxB+N_RW)|qdInOwhCw0E@Oj%<Kc%xi)U@|O#k++FL6hF#W`SZ(sC{mWb}
ze{`GFkg7k%Sw4@ZXRkkO;Vy4BR%j7jH)!C`TljV7oVcm(aahPXwN*0B8__@>-jLh9
zUPCnH`Rlg$?aoT8@yD8T(uGlP8|%5zG;JTP9=fEL!g@l?`8TJ;b0FHeS_e_PAI)0i
z{o47OWK-Rali!Mg3xc^WI+oHGL{2wkbA%$;Oalm{jzFfVMjF?LwaUs`>kh}px5c#5
zvnDNWGhQ1;mUZHFC8zJ2PDGpakYSqh8nSS&-vfW21dzcR*8^Jt8u7G^0Z>zoJ?myJ
zkrA0aqkRuth>${U>}z#qt{rb!vMnBvcVjuMs>vEC$(GxcYQYW*ij9<QnFB*Mq?2q~
zrszRAl5|&ayC@9k7%Z-q54T~W=!`o%qg32GJL_OmX*%w$-&oy9SAKBaJ6+N@hMYf|
zT@AU*mE&f*USZ$-p3A(&HR|@8t0@@J&@*Mw_Xx`o*y`mg)Elm{(CoHaQax2YWj$u^
z=v3+w!&|(Z&035)Nm%gatTOKV<jFdxLQ!2XE^#$xwbYjB%dsuZqUSeJkvA##S>jZ*
z+O>9?B#I56LKg|bou92XYrq$z%%Ukj!IMVu&My=o-eTUMAaHSk<;8>OVM99}0V9Zs
zJs6bK;X^q^;2hwHl-Mu2fbM`A7cNo*Z!nSTUY=F7L45;%APvaZevlUoB}M#D^g;S`
z!D&#`Z!q(0k>u)dsSGjQrpo0=6`?cRl=z?sHTkr=trejp%n=dd`B`xO?|6cQC4XCB
z|NjIMte<i7e=-{XxBdvR|CiB_GSxS<({nJjwvx8CvWB4(vCuQN$N!`%{?j4B#K!Q6
zXZ+RHW@5l+XQTgDIO9Lj47R@%5&uLpJ{SD2XvXKd|ANf;H-7}%zxyK?nOXl^GDG?=
zGDGA~dheLSH$6eH5dUZeWMZ^8c~eBbtN$P~9`47dRZa+xR^E+V^svzuS^#g@ovk$$
zdT83#^?s)9ZD{?dRvpkv#131Nr=gkW)64jG4flWvdZof2b<|(CURRjfge_#;+It0&
zI@#bWSy^kI$j!PcFBd&~K#b4;!}d8jw;q{TFY9nf3JZ<1@6B0B6?9Lq?R02DLgoXM
z=f!%p(y)~btX}~X_Av>DxZX1#llmhhOO<aH=~0w;34qv^!(cYrXoDSKP`kk<(PfC@
zC|SD~zf6k39=LJju;_(&%6DUhJ<&;_VaUs*VdKprXYF9;`68g~Sst-*b(H>x5J8<+
zD1zDjkjB9Kw+GcS-gml&XR_h5EaW<`a4WO>qRcbAxi*y#@SBsUE$JFBskaqg_8I&|
zx=5lP&Ra&anazw_gTgT3+kugXFP@i~I5a9Vmp`}zYJ&d;+W4G|f8q-NB!cJ^9rYbt
zZ4Bv@>>LgM@veZLz2RT;ME73}-QNNme^EdG3$VfRms8+>cES7)*Zt%3{s!duYmfa4
z$nlSn{TIB5?cW^(Z2uRI0RR)z|K=F5QCv#lIn4ZJsNQHek{IB++?mLri&Xm!$roIy
zH!)&|EOwkIz?)iI6RaZ|Xp!_O+F>H_PqrwuO0_iUJ=kEfRg8^|o*@3=)Rw|BVI<L*
z#zRVCxMsCfU@EyrZBF}=WnYEs^mPR2T*O(296Pz|<@vFjeoBym9V^Gc;r-PPBKKWr
z_ss1Z!5z21jk>P2h8EX058Q56&*7p^zpg{`3a(IaH<X75J%GdJiE4!T>-87^df5PC
zud71dP6v2_0lJ=dW&*Y17z0T9E|A-&922)ajtL6foLGruO~Pw$ucUXdtHko0+hQ+b
zTRP9AZg;Zrfn;7vOS+k;?pF|jhK3LqN)K=j7fgb+J_p{Icw|<bwPL>~)9P(-wZ5yu
zDt!#IqjaM7Y>H{Llh9DfyMm*S4OqG%$466l2<|Ahdk<XaJWCV2Cx$a>|0#<{lNpvy
zjHMh_UD2G?z`&=KJ(6Y3NQ4~E<+yD@=NHD<M}3T_+krjm*Udm&QtN2V<;j<Ij6Yvk
z1KGX~+9q%LW{S||iq3c(kudqt{&rLIfM41*Ji@SoD7geTB=Y=mdSx~*yUB-J{lMmi
z@y6|cs~2n#D%!ht#O#3f29klkiFP44wEbea?NJXU$dW@jAs$hZjldO_7iRLE*6&hv
zrpuPUHo_g%nvc%>OY=+1(qqP12O`^~{aUlf`r8q8*LU8K&4pyXEt(@w6sW4v=^sGU
ztq>kQYlg4rzEHBU3BBL;;hoH95dE848cgsSkjpWMDokkP7IRr)BhBxcYknJTbJ-Lj
z0SNBGtkF#%GC?p@X6Sns+WfvpMrihXt!uQ+a~M!!!SqAVbIJoKGuz!;oMCxYmpKT=
z)9~+Cp*uS-&O|LUwaw0tHV9?fcg&OvTAdnuQ=MVqj^PsZHWo%7if5s7aNk>;WrBU8
zU5d6RTMszl6>b$EIs^A?d5F2-aB@H<Y*B9Mh$hC=sP62!%(y&^>@Wf8DO`*zN>=5}
zi%VGMf?TN*F)fN8lu_tMypJ9Vb0Ex*Z1cPKNOgqu%M6lf(^t^6#gZln*}fdUW-tK?
zTvf~T%%)iy_Ewl?T&%8ovo@V2pnhWa6F+$!iP$}lSuPlpboL*ht;ZB^#;!0SSD@%V
z(zhUr>4cz%IP4)=KOc8!=993(4F$y6{mVMB(Ok6edrDm_^&>BI_1cMZLMFs%HPoyG
zZs7yM4$_PlFvgYpYlrC_-R#V6(rYZ3+q-M*(UVEMIIPnfTA`<@=#PE|<viCd_*%N`
zhdzy+AE=A`sH`)glsdrDilCBmuQ2QpFksfP>N467g@mnny<iysaKCz)jhy3jChKV0
zbl(wwin_Vny$pPKXF|p~KHnRBmce<ssKT<mnbKHgxvyMnE;oIP!u7b^NT9j`WRX=j
z2$$y86hmT@frug;PqX4I`TS|`wg>x(e}%>WyC(8THwsCcV8&EWAxez@t5+rjY=D5J
zPoSZ84!x?XI<R?~A?Myn>WF2tdLJ_SpxNnkkNT>`cA}+Z1hAmFeGm3%Jl#1Nc%q~Z
zdWf^Au&UQWy57%>%47<QM7!^jyQ{imRN10iz!G4+gYcW-0)l7YxGC>Ed0yY;yNi8J
zpG)E^48rcOedopzLDu2RtF4whkQIAd=uM(1`JYjKRY<1!!u!J~$pPQL#FN7%nzH*L
zKsS&uizsQZP4(9r%@#wHUxQ5uSt#jNl~tj-Vuf)S(0F>>W#;7k+RJ#9bRnTl@FMeK
z{X*$Q`E!exWA&p)_WkuROG|%0Vn#8$DRbW}qfbl@4BRCI41OrdET(eV=Aho=q#nmX
zdX-LURejZXQ#MBaDX3ZR#A&^|E5Oy&%&dhg!1YKMAH56aFdvr#nLqGwhCayAMr!uP
z6e7&$M^|Xup7nOKJK`e`t@Tb&4kP9?SN*EI-@y^&_muCmX#%T)&%~WU*cE`(u(LWB
z;6Z9B`4<o{>1F#vlU@O^zOF(yGvxt};a)(VPgxyxHwes_0?5}c@(+lqrU=QZ^rvlS
zD~!Ik7#vRh8XQi-A=-@jBiuiK#<t?TNV4KSOgY~-uH(p}`hvE>-!QLP{VYl6f72gJ
z=gS325d*oD+?7-nOhklHL1u^{ze=&&uMSi9lykw{H4~c0x}tg6&-GNE2cat^j`0rO
zOJ?He#A)y+s#Q!n!V=a<D!xt@IR}<~MhviTa=W(E>i$OjN~6p<FesGVN-^csOi3%j
zEzLQ|^m0hL72wA0{!HCp>enN~zbF~=YmsvSkT;nDcE{wIZ)vwKjjv<3T`^wbk?mK*
zM0C?p?$}8?4L9b|_+4>7`^=9=pj!VhdL8D<h-%vkhaA(FVo)&zPLor#v;mY{f{726
zljUoqtuxIRna062Nps@J7p1T~Z8vQ)2l7Yc?~Ja~NUTq`%3bU$t2=a}PKC@cn5%LV
z9mAA`_(Lyo+3Hl^N%9r%vp&F+ep2@T@e=0fcmbzPh!zP|q0tFX+G%NqtBTu-p@Z9c
z4mg<lZR6&$g*&{()^D6*16OL4lBY0jE;)h$*vVUE$Y?A^N^M+`D`dr-ENAC#IH=E1
zp4bauMq(%?AkSD0)yNxh$EoyoP&X~tRyW_v9AF)T+VC*`V7f1V#jQk(9Px5~n0-Px
zTnX~*zc#++=>7_m$eYU^3?mQi@EEF};RJ`XU}MmVA{$z*&esaYtt{@S5K!*~w`EOP
zG{WaNKMV6nu@p+Ah#fg<YztqR<TZYo&f)Sv?Hq1%6K7^AK%K}(jg~8lZ7vzg?jbMT
z&=^fMt-PePgnr_pE$;{)MTL+iLM15TjuCN_^DH>HmwVEio7w_tvY}PysqC`?RCira
zv8GO2JYO*SILp-tZ{$o27VE!l`C=)k=U16ioYS0>&u>j*&BUytHUWQ&Rf<*m!wjom
zxZxIE#bPMMJ|{45$hVO8L(K#@G{h_iv$qj3WpRx7ZXa{mL-+QY?m&9t^)}d}jU&p!
z<M~lFb@r&~d2U#*zkg!>>%71IcSzpWqlh++NLlJqd8boEfkn?XXJl3}sKw-LtA8g+
zwuC5yPh&u{f+uZiQO@zO%tGOQxpc+=Y>VFZ`G-Y(k(%X*<|F*8XK{t_@VOe3v6HRx
zwr@Z_y^^wLv&B3%B}q=JAZ%3Prs6`iE(-vCZH&pNCI>V>v(N*onzO<ogEwQ!0XJ3r
zsbVmDBqPY2A-^Ml5o^>0QB7U)BzCRoe5KCv7xK~v|ND94_q7gLkB7nz$qQVU{f<96
zo9vwsOZKNjS)AAVFEU(YyaXTHP4<V|$Z3v8g)^I076TYoAxoRTF%@sXUt6yCJXIGW
zaSF`egU#yCdLR6pTfNfSKn0C6yrl-j(%Mjnl#mk2ZmLEYt0rDG$swAO{cOPSL}mHu
z@Pc@j5&vwl?Y%1oZ@L_h`MS;U{$_T8xG15s)3D-p_I^QE5Lq3@yy58*Pq5&F_vX~k
znDEA)N4|l}M2yL6Qe|8;zP}t^_4Tm};yCc8t&D^&_5M`=IM8zs;z0YIatP{J?xS<%
z&#_2IwBDLv`>oXXM<;-mq8<HB1Lt%GX2UZ&{7E3Wqx_|iV^EAbw9Ej(G;DC5fj=y)
zvpmujqpLKM;CtA+HjeqUuYPW1!?417c4U~Gy=@Q&EyYhc_cV^hJh_P_&7F`LpbLFG
z8agDF&@aU~yBaSgEj*c`S@99PhR_SOZc+}SZ!>}=3b~>Z;v*dj(}m^<PEV}xJ(i1j
zKjIZ~c_~7+lanz{qWr=2>2dFa3^1{(coUJ^c4{7<U5MH2rC)~!q!j?DkwZdlmQR!c
z-WPM{1+HA+*BHwQU(5xM9dcW07`~qV3bH79lmp<y_s99g(vTLcVPH1Ix~1OBX~oA9
z*Zd6a5Bg!TLv}S%IJckNBhXbWHc42b>9&w0^XHfW-Pi=dFGQc?7*Rsr%dQCnFPTEP
z=rkdA#wN7q>pTGkg->NqK5t^8uZk@`^d$HXHaL3q0SB$SA&~(H5Jb4^cP2LMNO<2w
z5DaOGIRbIvb-b_rdC>Sp5XVSjP|^8nFd&WeV$|^X)a1{KB`)}9P#)g8y5y7tv+qm|
z#`xHv;pp-q;rw@lP_upBEd@U6vGK?wE;i(!4Tv6kHna;o3CZz5Q#h4i1$+QXej;4Z
zT+X8$R(MFDvT!_42_Lk6kOH6VMop-Ei0i~o8jSj_gIdYtpo@Z(I1*Ggf?rAL3!{?a
zE}w-jScXcDL1>`h^-&O}3C5SeSOz(AhCy8|seuZ8vtq9#6tOu}$lb5`#E#@hQILJ}
zQA%|(hki6(UhY->TynL+n9<U{YFzMoViaXelp$JQ$bacm?m-njlb|xwgU7D(PE5JL
z-4IfU?1~?UT7@0Y_%r>65@s1FK5mo$AWy)Hfa(L+OEq~H!}^B`01pl@g?eP-@f4@K
zB-ft>4E0r@<iap8f)f$>o`YhTi+O_R9gVU-yd0NWB0kcb4VKIsOQsu$lt5=7Df6iU
z2n!G0HvLoqkdQntF^EV)QNWN!NEZqb4|9s!>au0R6$(i<qR}XQ3hnEsXB+50RR9@g
z6L*qw(n=>t{XQHuthkd{q!IZ!W<p+spd<&EQDP2)*LcKJU!{h#&;;L6#NzemY(X7c
z;1ELvYqHI%4c&g$kmKsm)KVOE$*oX3Fv)o`2ylM700QZ^5zihFeGTNorl%O+cH_tv
znUtsNyM-tKd=aa^k=NW>J#w3hCYn}`Z9}Z8mQRmY_N*KmLeYxQ575e*SI*a_=MKO7
z^zNQLSfc(~6*B&#Qq#AwVTP)$>Bdc4rFwQ9d{Mb6(*(P?zCn}WQE_qMWXpZ!_~)@-
z#yM#XO2C6VTp4xW$+e`KHmS%ETq@&qBg1M-rEK}&!BH{A5`UiJfrFdJS@LJm9MQvr
ztJ|-3+UOY={kDw_OWf(56FZ;p_{E=+uCk$x&K_e(Qaox6;jE#RlM_2Pj`I0lT$>dl
z0P+ttXn@cX>FC+U@3S+Mr8W<ptfBq0+<KIZhl@<wQ2C$EWpjrY$7oA!-KdApGD-SB
znrCN^9h}t%RE(4AHufhda)70r>}=$MZDniwwoV$t)>UN#(oo)cYrAIG3=-YA(MQ08
z#yf{!+CN@&L5~2G`1n7xq#)UT`+L!h0}eb{n<e)j-MBi-DbhA{l9V0X)^*GT(u$zQ
z3qFMaCw~b6{FW+KB@Kj@c+zqBgj<xMG_@yXkd6wB+=J0-$C#0$kxf(A%xtO7V;U3+
zyfoAoDWyRanz_FOl$F;I>@g~#ak|DMBvH}25o<0yNUlKvS<^)%Uf?ehvSABNsC=G-
z=ZpZ@GBpxG2J~2}QyuZVV58ntl8|q+c%Y3+i{r<T3G7JUN9e2J$ofo8NOQfus>E$i
zm5ACZaF-gn@imOs^HTH>+2P}CQVEM#@}=b;V%8C3`<<#NIcD^ri?JHJnP^}Gd;Na1
zX^mRsUX=c67~H<Pura`Jn-8Y>Cc#u1f!xqNz~v(%j~p<A&jrYj`5L7R+I$r@9GUvN
z16$;ck0AG+FD`KG7gjOJo~S%9K$$fZv;$s52F0f-nCr87&Jy=q6)dyk3I{?0$1Grm
zHo6)b9#j~_<PG02T0WG%@J2Wq+3yl!`p$2iembNZ530knkySA=NjwL+)tmB5*8Noo
z$kfnGNS3eN_gf0c#Qu~Frz;C~4Q6S9K;FKNJEA+dY7fY&`cRqyI`~c2JP{Wt<>wAQ
zYw%XKS5nY#A=jjsPAt&`pt72o^>B$P$)0S14pD=m`nHMPt!!9dG_YnqQrKpKPb-Vn
zd!`Zd+|zi|<2d*(=DJEAx`Z-+VxFf@>7fe8oWH1t=fN#(RHFqAd#2OO*XfYbjppyy
z%E#d7|B5|X!k<Gnz(fPueOa!IUnmq(8zH5tqne}+XL$Edy$%gz6O%6chEP{7=MG&g
zW(+J$L7lT-M^pk$B!E_S69Fqwu}}qw>)+=At4Zi2sj2PaS%*Cp$16du9+f}hvEles
zL{j3J)<%9ag5(9K4u#dS9579<7CjW@pv7|)Vc927CqTFl@sA<ZF&axpyG9$eEF!j<
zHm1#7&tR3C(Li?B5|9e_0F(Fmf*0I1gh@viZ@5Q?Wo5=B2383IbC~Hk9Iy>P-EADI
zT@=3?J^k?(%d;ZNFN39O6%a$uszXoij(%>O!r6s3gjk3a83VN^^Yj8m@4lN3EA@e#
zrZ6lBQpg%adnn?lJV?eYL!y9^%I1tr?FO%sFn)uf-{3d0RcokEQ7)3*zwzs5JB4e(
z*!z=<4Tg6CaknQ{wh)~vl2(#{t^dT0pCt?Ad07y<H-2#<T|!}sm$~SY;MzS4|F*C!
zx?)}F<sPe+-*XGW+4Nc}+Gr}K9g(CDNNwO9Eu|YbW1pKTJ~wSRrJxEeK$+9k8NaQg
zwfB^#fzc7fADDUs;6kPpFzM8AF@5ogbo;Kb6zj@8KUFI_vJoDc@|e%FSoDgEo}Q@Z
ziIzvDZsRCfc$yY6mS9m|Y8yr0d8ORyrf|-OTt~+tZDmA~FflH*G0r7S+^{7+M@T>3
z4g>HUL!A_sT)a%dj_0vI(YUFVF3Fh0Je1-sdvVFE5H#Zk64szQ^{Mhn2@t^@CTq+<
zyHFJ+XE~}+jK$!24IGrIN(DQ*#k>_N{UAw{$IGA#byhvuc5n`smll1LC=PWU-XFS}
zTeOhq_y{c}ODP>wLh0Zas&$UeA7#+i_cgq;dc;*CDohU>eRDr}+x5yb@TgaPGmFSy
zu(!nzoBy(>@8%}QI$r!K2Y8w`YL<0d&it_`)I8;?Yy5p&L$4v>6H{<H>I_icHNsE~
z;VzCEQ2@I9P8;2Xp;BrbK5$qBz1zSKyJ?+9E9`@uZ4aOA13LGZk-fHlhGH{dR37w2
zyG}yZd7+(Fzi(<*bKK|A1{Cnh59?)`Mkknzs84-Up!TfgoHOv(CidiCD&QzME+$u3
z3N=oE81f@ZMzCu0BSsDlh@QWECdaNE09mN!Z7GPB)m4u>`e@`aa@1x%TRPLy6stY7
zcy+#JHzn~Z2L$&;3D=4hI2Ot^<)RS)oWuNOC2CYo^7pjb)Q<5F8JDneFTC<cHH&n7
zULw{w&T}aNRhFpdWG|UOLBzT0%yW4Zip&gk30WN_4GbM7tN9z1!jTcAYn_?6@cQGK
z76m6DQ$6E{7F>yp$T=joHs9rBCHd2lQD<ZEG9@6PUDYm^5pe_UfGFZjWcozGesrWd
z?IJ*dVE#QFT>>Kg#90#8sO8AHY{qhAur<hVB}jf{+-zo`IGuWNlN!dd+_Oz-?BxbP
z{e6gsnfF(1qVy1}q9|so>?|jWI_Ab4(emg`iDJWan(*%KK4r%k<e`Q)_ho*a$FJv+
z46k3~8xpsdS&QvDX<pyuT5UM<A||uPDk$I7+3W14xSpJwsWP-uih%nvS#57dR(KMZ
zDwz>C)?NHgvZ@!pC1({v?7TZGX(RM&6B);&bGq^Jd%Twg$vOjd1PKO()cc;t#!Zl=
zG>(u=RZapE?gCQPw>mR`@j=sjBZ0Rc3Z}=;helkeWX4>|9$IjKPIv5gakNYSXDL*p
zuX8W?(g|roDTj5~q$r^KRhl!H@>7O*35(%In}VO5zH1`XLNJvVMIMLaM?_Z@GoanM
zuP9~(1IWtzqb-0;*YY_c_ALwQq4m|(p)cV*>Q?;1o9L}pN+yGlE|ZW>i+HP3EYqt}
z+vOd_wK5~UI?g&G&iH&UjUT`ulj+*3<zmF@+M3R#EYnFFN0vqYEwf!Llbj%m*D2|$
zSqj%H!0T+LqSwGVW(eUbil>&(#evFozK6Hgn~OTGt0rz2buR~MEg%SZGd(h9%}#rZ
z=s7{bwJg(lKs<z74Ljr%2X(er26#FR+j|e&qXM*4g}b+8hO5T@GQ3d*w1|?58Ujc$
z{cGO#E{I6Ctr*$ulK9#537s*Aw|&gEt25Tsr4Tl3CD@4LIIXs5*KI@BZN0nR!tQ&|
z*GA3}-ox(q8Z{*Y){NpbB}Zs>_h13+UvCgrM|{%80>Jt0?Af1Q*;ep~SzSkXqMN5=
zc%UG%>f&Z30AR30`~d2>4uE)(gufEB_(cu0c*<E#48$4fL)@n%Q&<+7Aw`I2E#Qa(
znY&xG_g(<V8N&9s(KbSxe8wT%8##7Q48fIykLjP)gO3R!4Za`*h|ZP*0~{xXc=4`K
z#QpFCt{F@BvZS~#3RzXhRY;EcR~Xd}NU`Jr^y;KoR>ZTU+&2k(jPW-KcUDZ$xORaC
zRs72)q#a*oiQ+CQv!}UbT7B~sNpS!zo7%KmyfW+iz&_zw&zSmivdTrfo`$SXxl5wN
z&V1a|@(2f!dYcGcdBRBQX{bN5o1OMIQyp$e6I`;gDjH;!DZ(<ut0lA;bDY;wbIJha
zvSDW3b>;-%eyD_=A(VQ}I&pb1@tAafXSqT()Cgc%M@2jpiwegmrzC+%1^EZ{O6iC~
znY@~YNMhz5cBH^&Yrax7R>(bZkZvQeMn_FSA~C(cs@tMQgp7JIZh-6>bjYYP$B&wl
z1eSBy_bH**_bDIO^MrHQ-P_2Mq=fO?7+0KbO`L{pfLvQ-a5ZfuKC`{Fzy!7eJnsUa
z1T2=4GsT$D{xBZaemiJUgn-w$Q9fBw=75}KVlfe>E&|BXV9NN@l(3E?7_&cRNPK`&
zUqg7*wn5G_CVnMkMi)ICJp|MV-btZ!i!lCz%q{u2DH<6`Q9(L1Od?>%OhHM)p}LZW
z9Id`UsLVwT1Q!h@4(vpapz0e8WJIKijQ$X`4mokJcsO>Qt7ke=r4atYl{Ecu_X0%1
zH+N(xYfj&!*DTMRuI!7_4={7*jO)J(>Hf-{{!!*<rT@=^20r!S{~q1_mEQjE2Mvh+
zOPOEK%KopQm`1?b0{Hi7@n?^phVj!4&id)-W}s(c_^;yP|8tZ7bK&3T#s3J_{xxd*
z_a^_RoBY4ai(~$y$^Q;RHz(Xr6wQPzAR!*Dc9#?D39<~{pcHPH4(auCip{cs)*>UN
zWeGPbuauotqvdE~G8b|Ps-Pgiuu~nhJxJa(F<*;v`{LWV{s~-Idy_Uglww{`3%T0e
zg?U&V)mHl6dLMY0P6b5S-7qVj^6Bn_(KxzPHcphfx*fD1?_mog-3G+Bmd1!X!~MmI
zrdR07GSEzgbbpn8YCVPwkhSA)YTt%P=uTRJ+524@u~3q{!BdlNraJ|;>H7tT@oZZJ
zmjXQelL9;<lY;NT?PM}^!%#cmrnulm!=gJL5$-Tj&fJjFfm#8d=s$w%$u{yuY4m9}
z`*hyL#_p}nJFmg+j!^|3rU&u_Oi@15>w8`be5;8E_`Y$Z`QOdb|Ie2G|8aQ!HuYur
zWDowC`hHgO|ElHx&n}pMPj3G)^#7XN{#ynAQ%V2Njqx89{7*Cee^<e0XJz@9<o28k
z+Cg(6;qvs|nruoEIOK%({beP@PZ4E}P17Jzq6Ss8|3_^t#@9W~=h}TW*jNj)>1lry
zjfb3i)34KDkg28=5P`EOs|awWJ_4;$ai$cKW6_!Hb65y{(A?O4uj3w<A5{ak0xV$m
zM%4Kqi7ywPmu(-t1ekcUVmvDX-fVAr%q)U2WZwjINQEdL5Xn|1dCA_rcX@Z6t?3uh
zH~+k6RDA<O#2=UT@JsWReYeqJAg}``kkITZ`~vgQX$4IX*A@H{_F}tT_PnT-&g*l_
z{<gh0__8gD$|jn=SKd?n(?c)>d=hbc9an{Q(5jAk%wO&m8BM-VW5O>gBj}dhU#pr1
zO`4c4M#Mot!}<D6O)IR!YpSP(%?tF{x|<oA_x1DdOm=rGaP<*_kED<M6@?Czcr-Eo
zo9{PS`ukvjFNZPqHq7Kt!^QQ=tJIfqezUT}ihFd;oyx13_Ue-g`+r<&b+BT2WB<gc
z4&wl$+7)pV{)kz+R7RZDpT}$DV=9DMX4NZl$hwNVhG64E<<s8Kdx}_~OjRb}CK<(b
z#dS$0uxSD{fmBKFf*O2I(ObP5?7{P!M9?YZQ2Ca7ENkqepf}jAaj&>b(3sH{kDRav
zR8Uv9v@612hRIzOYbl`YB<#xevd_T*X1|6XKqXB2WNVb56ZY(u$*PjFlC1e!<ZvCl
zA?2XQuKoZJ_?==|?R{rS{kOBqVtR|u+1GH_cy2iCqLeI?Rw^6MiK`@|#AL;f*7i7#
zW70EjG;R=*l3!KC)=2U@Le_~7qn&f4HRvu0rwA<~Zm3&zl`n+Z2Y_u3@)s=KCitpx
z=p(ct<WpF9{>kx-VHTnYmW>mMEW<peah4P<Kioz(_7F@FR|Jv$<B=4efsurM(u4>`
zTb5<l5Kf$QI%7IVC8?JftcDL-jcE?&w9EYu*gWeEDzvI@PE^L{fvMtc`>89|xR$pQ
zPmu}Q<|`MxZJJW$7xy&Hiyde|?tx>?7gi~<!4VMm=XP?gAdDikDaYeUTlnnOVsY_d
zmVlD2Hm^G^{Vm>BuX;T*d1ZNNWqD;eQaqCE*SxNyHG5cI7rIPFM1%UhE6tmQ;<vgH
z@W}$mr^a5cmRkK;peAhs6(v=wiH>jqb;7z%tAX3kZ!OxZ1b-IRRq8t%eN_$;4khx}
z<&$4pPBdQL6WU6w_b*C1B~>pn&)OW$qr~sGjd`~G_Oe_Hi(M$*30R>JJseEtE4w~q
zuImfn$rUR*uFi8!CG7{SWgGU&ze?j~gS&#Gf+v7mWK%l7&EJ!pN-iY{AHpZWB^^`}
zoe~$v8L1w|C&nvFpemS#Xeo35IV(Y(^&K1tLz}EfI>{G?Jyc>&98sl%c{AGJ>ve58
zO%T2Nd2CI#xzVoX!R>0ej%mYv>#an)Px?;$Gy9{#b~_dl)n4M})N1Q_z0CeVj4_dg
zMu)Aak*Vw9;z!oIA<1+2`BibJ1|}blG)V%mt<Gc6VQt(LW?7;j763VoXQRcnpdy6w
zW7*E$A`V3>`bp+{ih6#0_qd$AxCwHpbSqw^{u~e*1+1?0#(O3Ct-<d_G%S%egA~Q#
z3ZL=_M+xKIz(mZIQ}vrf?GMECA`t=eC{`u$*;cG#0pl*DdpQ-2*f`B#iBu|RZp_q}
zOxYvO{3ivkgg+thydD)E0|j0yiOsTh8;`|a=c-OWZ9lwtV+8SzwEtXGHQ~Z&*`IT$
z**)%$3E*A8TmANQn%QoOmx%X5a~pv%rYULG9PQ$^9?I{enANs_F5F@<^q`3uy`8MA
z_KD3>RZdo|L_tHJUqy_#*b1v9NLz>W2M@=sKMmTf>8h*eAFZHdc+v!8zp-F3p6MNs
zM4M8dCeMRlM$aWU%q_4_5P!nsHe72wA4Rm*s+In@JiTXltB_o}6HkchB-!6T{sUhA
zC-8!8EwPTtSVP98x<LKIT=4BzmGx6q_aI$oQ&l6GhMdl{qbp%x=VoB%JJP5vn)+|9
zva1JQ946qSg9#~?v5Jq9m|an9tgrfmVEUz07WbWu;OafZSh4=3U5##wl&8sYXj&Sc
z$L^rH`=4KlcU-n5?>_G;#jMm5>vd-6&nxEe5neAd(~E=l_o`G>TkpH@u@#r2Vk9RI
zu*JILxrBjB9Om}%TI{OwK=!3V5Kw5G0*XT(yM*?hL<7OD5fT8A96dBUm%|n21=D?A
zkVrroMy8&}3<D)uo&gtb26aVTY4fk&&VlnErJiIW;vWicX*bV^mlG5-KZyvFkYeYk
z9+UYm><$k1(LrLMsmN(kO(C5L5HBcRi-JE;ZnH`V7sFi2FE_l7_Wd4~9x^4<A1D+B
zZSZJDj)@pq;<c3Jl)T=11P`NDr|@trE#%UbV+r#=VT;cn-0iR8E$rD+D#ZX{3fcxL
z;R4|nCr~a*Y&<A7yaZgTq_bZw7|~%)$-SbAPtFhXkdo84`wX-TktT0bs;#i0zi(9U
zGqx6PosK!3xEGt(bZ(b;ZPW|cy)<XnpSC-y--%u&@^?#u2872QZJsiFmbP$P^+%sB
z<3`1I2H!WRa4yxFSf{`W14#?290ct8p3B1}dA!vLZ|Tsj&$3^!DdaObxJvy;gm0$A
z($0<dVA(CT4)asF2x#J+#6GOj%zuep#YmckNT)Y^<FwsLA7->v7E4&tXDoo77!Cbx
zDLh^ybYnxBQgk!oJkAh(yeDr@z5D2DUyeVXHExSQLFC0a6ekt~RJL*jqHVSgHfKNL
zmTY39#|9|=WEpabRn@<i6S|SSiOwaK9V`fpH9b%xG%Tn%SQaTvs$?AE!;%OZuL<9U
znyB%mhx)vsZG5L?Bw5T!E#?7R6jMTmaU`r+>L@i=K>kO&=tNCMe1`Ss4GXh)yV$YT
zP!R9$$<!;naLp}D)VkeRYYcOMgqTb7)qbvo?;HnM*gzeG1YI4PoPnSQJ{<0yBYn^L
zB7`8Q+!&rlsdL`Z9yCinZSMZpH?w?MNqXkW8ae-gKsP8sPqg5`1-X9TV-=zh!<inC
z)BXvnp!#q_C$7`71{Xq<i0Z*sNJ%&h1VEM_FbhtEXxIQ*_(GP{K>Ge3R0|KcR8lBt
z$CCyl;*Y80H<}hLZ`;V0aSG;|RsX^o9ZPx+Kvg78kh^2Kqm5!YZ;!yX8dK&x7&S&z
zU<y?wd|J60lRr-ooQF|t4wE!afl^A3#wfYNJHy9O%mJs>Se<RWAarRhPz&BfkGa!F
z*l)K+Zna>bFUOx=n7rq?p*gVrdB+Sw*g5-*91T}6A}14v8q?4W_&qG=`iiffH3SPb
z2S({Yw2(r8^o3bc*3*j#ThIm}`b_k!*pMcc?_3!+L1{`52wF&rEbk>I?8bz2j~LJ(
zrXX$S>6^pPq(C!7j!=DJLeK7dQk6-@*0a>?!bHEf1d+=36%zIyfrNPye1hXQAL9#D
z5LkL#j9e`*N4$_xFF_nq5fZCXh)EFg*Qo*9>gvIQ!d`ylw@5fF1erP>EMsW+bMI*a
z-~x&lw&^5xZiKBcSxF8DzezqG&S^0CI$TeV3k0;;jxPQvvOJU|+&zNH=eNuD4P>6*
zk%bn%7ZdVVTXtmW_-CYy)gL&E{t$ua&|ef}kU~gj;Ghi>G)WR4Kn$Wto)>!fSIbf~
z1X<`M=Be59zTJhf!HVv#`s>&26(*x8#mHs!C_PxIZTQdl4uR+B26LuzBnvI|ff6c%
zgA%mlaNuT}VLxGEDecC8hcO9}`zcgCW86=PyMtT${7u|9tNKwqyr^GZffyg95J4uq
zo6F!jW-#zf_zP=|Twt0at&G+#Hx%d?6m+GS6*?6c(;YhvEkcCQt`9_+%zz$qk)`Fd
z8E)f(fT2kW3!{!3b2xFN<5$aWM*uc_0md8)DT978R+yekNrxZS7ClgO+?{Vu<XAPX
z{HHX&2u*Ck_X|hUON8niv2GyS1SRS?CNl0=DRkyR%vaVQtg)kCTpzmCYCsH1z5G^#
zeD$zJa^u@hLfDnjD5TVeb6GI<q$+Ic_A_vJ7B^bfn+EqC8D&{dZ=5P0>YFvy8p?hg
zE+8}x?rP4oj1D37o}OIYS5NMbFU<6*xN&G;k9RbVonBlNX6PK4UYgxD+fK~QtT&bp
z%*~7@Zns3r;F;gn|8ftWU!sUiE#|tgiY(tax76`bTms0Z4K3|vk8yV*^oNYQri3}R
zwDZW`ma-%zIab^_IXbm{6NSw^zjC1dLx}3!_9K8#Xd*+KTSxX3CJP+#$!3P%Lq|2N
zZDU{iSU0%*yYK@5R3S)<5aB>)0@1n3rlFz65cg-()TvX0y;^0)V&tR~tM+C~Y2Lv8
zt%Fmwp%uzNL-~Z|RbVbtQw!HQ!s3pZbAz2NH6ivm5?KYpC}Mpp=emw+nxCU{OB%Pk
zx7(e|#sm*&NUNxHJ+xCACui#hdQ~r^f1McHQ7WnxKNzIVHt&QlBY`JW=-BlmM@J_L
zl{wdj6_mXz_r^NmSVzV%ZIkh#-8N{MT-Le^4r$lAi2J$NB_FxxDoXXhxtXB<MmoG!
zwtDrE_C<szP2ygs<(H-yEMY8WyCOlCiWrFL08Ju{=D}2qod*9H5-S{{wgNf}PaMwh
zd8%0`H`YxdkrQ}0^JLKPTnR$EOrvolV&nvbI91&?^Ub$v0yskYE}^0^pO&W*gq<3p
z(1~*I+(ko-u%N49F|PQ2VDCJERzy%GplZ9>RT>&vO#@7ZBm*1neOH4put~{8?Z>)O
zP_?aR610rKxAKMF!Xp8XcVL_{C9!%IA8s%yg^Gh?xPrWGhTXA4d&1>$iC?iiR83ro
zpGhl%KAAey4ACh*<H!qSp}(WClw5WpESei-19F`i$@5BaLa|<uY`IFVNOz_}g^;X4
zh0t6BGUtd!h|vNhnLO1@-h#y0qd7^cJe6UfwMvWsA9m7^Ib~Y;IxYPoCE6Kkr-5I)
z$FwOX#G^7Tz}%t+V6M?fzf31EcUO|s2|)5aqZ+7BrT~!7GIx9t&Pcah3XLm`G|{+G
zEQu^u#;N&yF)?!Nmnr4Q{jMT<rc_FFQLgS2OX+?j4~ypn7J$g@wA~k(ca@WSHByPg
z)0r)<aU~<qG|k~Yk5gx_%!|B=REntgWkn7BG-@Hu^o-ntWmYPeScD~p4LXKrRyNi@
zMq`KU_G(28>#7b!wBu{fFu-3t7Q%B^h=>yUJ5;5c7{vCe%^soOqh5bnZvqk{d=^$F
z=HM2H!0c{zE1U2_P<&v_B1mQkKGUJ#03(@54WuZzixo4bz*pYhQm`~qnPLILKsCb0
zAA-p`{XYcQ0uS@Vv{8TUUOT{2L+_D?UV&;IGs)_NysXM+ubBG%q{)~1%|*#(Eu@Yf
zO``5XO?|7V7Aed~PLJs(m8x>!CY`I2D#q;zM*2$MyF{Rcl4Uy|PdYgmAajZo6lk1i
ztXt<`vGOElz4L3`Dz&;JkV|CbYp<PT7Ve9!R7G<gwBGZ;2-3v>#FqFrl@_?It?w`N
zAr3AXs@;9DmqWQkFI;J?(5w(3t3}BUxuUtK2#l~~=4%kH>RrZra@O*uX^LR8-~c&=
zN^?>`Kqc#M4HTLy+jg6gR*25(?!?H@=-(wj&rA!oJbWek>s$Nk+w^GsQnw8Pc{w3|
z%Im!av*9rkO=Tkqmy6F02^69ig9YW7n(auz&<?)D{p_~oWvbT1V5{$G+a5~|Ht73P
z%GjQ-p%$41A8agewLipIN`Z$e|63Fh9+q0X#^9JNIFFw()=ZJBkm5?J|4BCY18Z}N
zqR_EdRiDrdOst1aMspp)A3}WFyrVe{rR@v68ypM*W9r-RN_4mW5m4xnuWOh?T#-?)
zCXphBM38HY3f?Nn9{~q*aeKGAx=7DFHHIJAWz`mi9h-vvRQQV?Slu_oFBj1z3l^t%
znr4#rUz%#-Madw4npR0lG7;W=<DrF7VS*4|j7&y0!$bk!`BbC@lP&dw2s}dafDhLG
zlv^hkF{-29L$3$--HjeGjSH5^8p#O7$RlLTw~S5+o5f-Sd>2CEF%=Ocgk20xs2>E_
z^Bu600#zUnmG%xSelphUt&^NEoMECiVKZ9dp-nlwv*BtI4@mc0%Phnf(@H81af~_E
zj<jpSooF5M_ZW2F<@0YBUC)R9KgC@MTvNx^f0gP}YTa4|tzgi)6_eaOi&O;yR%J&(
z1(z5uArMH&0xp1Cfm#*odniTJiu+PQp(;wBidbpgm#X;Gy5g?5wMDD-J985-+)#_W
zukZ2u0l6o0@BGg)=ggd$J5%2Oj7Cs#J#U=)!txEJ9ld+1+kW2Ff7tsSmKdh`5Z@fn
zH5YZu`MUcC#~M8K%nE$m;MwyR{&3|Vi#x6Q*sn7qPj6RzYwnp!#kVrQsqH^E7Oadm
zE-ns;x;8rO+CpkveD4L1K5-wn|Dx;Syc?8ThL1+^N#_nXHuf!TzcJJ>f3RoL(VYn!
z$!`yRmbWeG*AYdZ{Tkb<$UCO{sB~g(SwS0W&4PJeM>~@LP}Smz;;`tELUYfP_gfu3
z?YI;RdFGR;zLJMc{_)ekE{6lZj*<l5Z}(Zgpy%CX>x*W8Gn}MyH5LDycS^Bgam3-d
ztRlbjux|~{ey3cM9xIsrUp~0`ZtXesm_w!QcSIZ?8UEr!^3?Iww`tXfnxC@DbJm1+
z*uMPaFu8vJEz^}lLr+g|xz%~9Ym{nK<>VwaePoP&t54N;y_0Lxw|=&tmR@%r_`^pt
z4(_@9-T3UXENn*pY}r?v6t(U4eRp){4`Vzl=2h)nP!iDHc>Z4LzcT~3x2X)It{(Vk
z$>SvV%VFz0iyQ)<D(*foE^(R_+M{so`WRz%$M=Ot{+)E)=ehf#u})WhX`Q-cTGqPx
zwWSr;P99qlG2w>%%9pYuG1u1lAF93mQEIYV)b?X*M|`i<pL2^ImHk`hfW-0{$~LoB
z#=utz?T&w*`t;K-(%xUSxz!>0+M{nid%WcK@V8j~Y0a3t`6ox+_8Z$RRsW(WAozZl
zN82xFwRxIWdgZ-sNp9)y6jcx0)WYFLK1?)rdbHzHS9!|}wncXQf;%O`>ZG6AZlvBx
zODan`68U!T++&~o`sqJLRS}!W1u4hg&j@$>Dl&G1|B#fGt`}O@4BO=V`^}EUO#V(r
z-z{BNtBA}@&d->8zSyZ(*!EkYqJlDQ|I($WTmODC#JP(;Z};J@@)41{E50fGZhm0U
zFaFCH(mlIeXmOyo_QKN77gYC5Kj(iWVztMBr4HeFzn{&!G9Yqyc=yrz%6|@Q8`b5W
z_ML65r^S)7y8)Vt>B}qk#9tFheu__jxa^;P)%Wh^4=joEi&&XwUfZkJnV9evzFiVK
zZ@!$QzZG^h;fK<a6E*U@t>+ZFs?+DT1RsnH)9rkQ8MZ$R$Qk`}D@9u3kJD$54C~a{
zJb?<!oBP>?Cre$)seO-s{i{d7=*}s-d-)vPIp;*_+?^qvPqkRP=*uDbLw6V4?5NAc
zlP-QR(s!R!6W%9km)m=bipJCT6RK{%?5=TO3f>(sy3dC0#LqpPe#y?O32`e>jte}U
zH|grWDdG`#K8@dVb7My3=#THEb&q_n>&383@|y=Qc?eAYvyZR5O0EAsB7FXxlQr_C
z_m|bE*Y{AAJoCKjUKCi^L(%u{-?xzG+pnlR)&4-?wHIAIR!?>5a_ylxsPFB~#{xGM
z?aRLDe*9&PJNsne375>5OVfHUHdmxiN$V{yKlg8SK@mK_eRXd+nbv#C-1PFiTkgSz
z6=|!V>^94nrmZ%8%l^7BJNY-)f0adl`_%^v_o+9PDTXDdXs+DfpLa`iTos$k#y%*y
zz^>R^nf-Olk<{GT>6vAIrl{QhFAAsjDf4@xD)YNL*PM5=jVZ6H?`d|0*WWjGyyG)7
z()*m~{9xn1ddUk858m`s$B$Q}>>IQd{>RnyyWsHb+SH*>-kvhFa_?_H{F43kp(#&3
zsQx~?{l~Mj17mWpo03y+_BW?yr>Y0;$Zmi5W^MP4HF~+6`k~i@fx~v59MaNd(8hro
zFRyPHcawEUztd9pRxo{P_A@#&{_Lr$*)M+8zTH~(d{BCkTdv=eX_L>Y&Ry|%p4qO*
zsXU&2aJxr-PK3Eu_1?FgrVsXbclVjg7eBhRr)^bHMUAO8!X<rUh0av_bCKi1@pm3<
z^qO=lH-BNSskS<1(!-4Wg-+&454%3ixG^=yDKXP&+xJIbPAq(s+TNokXBzI5URd!H
zJ}Dq;TGv_X$Cu9vACdCskDZ@u$>&eJYG=0#d{I^4vASZu%jTh3Jw86W;dw0San^Bg
z_gQ^SwS8S&&s^TJR=K_1{O~=!<j*fDH#{GbmDS(lZqDwPA8$zA-Er5@%RMS5L<Hs)
zkI1UYF85YF5CpjXc=;`tT`MbIsPq^Ab#mcvE%d-b^0bUc@N)gZ$+gS6RY$7yf$yH5
zw<l$O`PhLYa>@=&xUn>uRkt~>$#S`PC^Q+Xjd9h!^qp6n)^^v7=@-|{D7qNDA~j8P
z{^8b%)!ChD$KdC)?`%Ihb6UR{=MvM#?C{Tu)Qw(y{uy<Cr_ZkH>)omsne}r*ckO7E
zc;fQ@zn$NFy72t+iio2#i=r;BN@d#?1}<_xBPlnJU$#E#OzZJKg|AAT+(%oM{CV-F
z)`b@q7ex(hx$SyImk*15vc$La{{6M0Oz~~~)^-uMHfy?Rm%P=B#pX`Rtenughqvkr
zMQya~!v_nh+9tUaE_nxcSs_=LT8HXgU4K+o3@Iq~%$niltUus3(m%HCvxkalEuUOo
zscSnkx7xkDWXMUkOVh@*xp}E(?AqF|TD|PDBgKE-iL!Q6mKJZQc;<dP=Vy6T@ZWQ<
zmLGJV;Nlupd8s(H^nEAM*fzPBu6A;n67+l-F)BWbrZ<nt3X|8GZk{gRSn-|QWIo+*
z?74!HR`R>Y3cd5&xtmL4+j^)rPb9w9A2@iSegA`I{ouEShpUGlbf$8>OG3wWna&2B
z-P(1DJoU0ymZ88w<UH%KSsIwt$7PY|P{bl;?+x>)6Rqbs1+!ZoZ*DiI-vGmbcbtM)
z<)8t}kFBfNVOU_e9}~My9MP>s(EO5ThIJ>EzdK8h<P}K6_sU9>kF>4rK4{SPPS;O$
z`RMT)?|WxQt`~k<(*Mv_@54*HR<G%J{r$an<I0G#w>R7iqF4K_@8-}aID_`8Hmx%q
z=v=Zc1aBD=ER83YROcL=lb`eG9`>H6y48ftb|)P$|E%JWe!~7EhtFBQs>7O|hkm>l
zG#C5MKWNn~m#3TWU@d!u#x3vABg4I5g8bT@FV;FN_3OOTrBCRWcXN!Dg1&!qoY~J`
zFi`E~mi?Avd1lnvHM10+h6B;vKAE~|k9qqiH&TaByLPf?>du!j3tql;XZ_%i#%2oZ
zUQcGEvRAJsOPl(7vM+zunVWGAoT$|#nc2FD=Z4$J;~1O>EhMG10GG)muoRl$y{h~M
z`^Xc2@U}8HIoM$K8BWgTPZtvOpY9|7#nHHZf)4v@24z&<Qyz~l>z^UW8QaBBwT-&x
z;JkE|*UE{9+;kU%w+o*ve?BN?*VD>?3p+~s6rZ^?vi*YW{kQ)%CvsK``JU(j>*F@e
z`&_bc8YHQlr~H;M8%s$xC5)*0VE-a#X6MusiPHz}9XB&`!d*p5kF~Dm-BVt+B&$A=
zb(|UJyyZyPGqud&U}4%?Tzh5P(1YXm{&s!F>CqAF`_<HdaUZol5in%Tk(LQ!C(k{%
zr)^my%?wUEFg>qxjNx~EhwshGWwl@IkoDOmUSiD7=<%K;BY(w~Gn?XWFFx|9<lV6N
z)}_OCjUDIqu5Q5dWoHI{74<aDVN$2b#~ZN|*jBw>eoc9W_|FWZ(Me^-W=<Jx<xUGE
za0EL8TdUJDLO@akcM^Fc^Tl>=`f}=SXaF{E`uf72@MwlSMC=QXM4Z7VI8NRA2_2Mf
zq0s`4Z}=7+m~Np-;EZ_7C#gWf(ZJ4Su)#bcI>Kwgb>}d^F7)*xL$6iCp$J?Nagaf$
z3S~`^;vj{ucqBW?G}iVu^l-Ec#KS|(2|7rrX2n5D13F0o7HuG`A*@knHmF#mfU6@!
z?9WDPlwP_?k;uy77<-XSf-^KpQzVH=1QJ<8!dS6qVxrDujC6zz^x=5|IOCrC$KewY
z+zZeGf~!jaM?IkLV9R~(A2$z=cFiAZ(3$msF%;e(ht(!}1W+|u>>Ubw3nXh)Y{*bA
z@i2i2-Yp+ANbC*l1Ae1`tHDM_{M9XgC9?##JU~EN|5;dvBLO(RIF$;(!q8Q-+2f>R
z!=B9=g}+>vgoOpdqA0?mD3aT@q4^APva(?aPEGjlStlIN@E>Ud=Oki_-lj$V<@z8k
zwnSRm4{1>g`5(3)oO_HdOGrllEq6g!tO-_(A-#~6rbAlnuGwt{4)B1d*{}qQ(&}0A
z)|tWW;V4iWjNm~z@rnJE@EI1Zp&M;oC-=2g7?wLR@kotH%X;|w`1)cP4ZEF4XbfW%
z)?Xa13HX%_;<iLFMRL4|M~xmMpwSs4gb0*4w$A%<z(T|U;IRd8{0I-VjUpPWn}T{6
zsE+{*j2HY$EOj%0i^JptG^!2<$66f@2`&?X$oV*e3~X|pL@b!>B#8*GlLz(+1B38+
z!>?67aEVcr<ywL;BiW%cGWd_~L*Kz?grD(g6gMHEMBqRg$IZ#lDoehXks-osa8syW
z&>_N6CsRqi>^L74(j?(=0<(hPjM~-=5#co;XsDf29uf*tsMVMnS7<{}BqbGrUuax1
zoHQ(;;E_Btvrt|K3+W2!1ayh)s&PHRX*poNbuywD?2iqMlS>^OJC6#->%3M<6f${a
zDpqr82nXosdw`0}4bWO7icAf$fz*toYc)$$2B6ln#j%IJha2nfM`h77p*f*vaQC2V
zRL<Je5C)EpFd-4ab2-z7&s_6_^7S}TvxEX%dGu@~TDT_By`C02iPxEbL$MMx^M_i7
zDmV>r4Ht)%lMTIzh4LCTzo}g9_(ObKb;9w)$*Z0ZOY5}yL53kk&{7(;R-7{ct5d`=
z&a7-2k%jVSd>~z;7KCJtbc9-#Rp*@Dpljr^k$w<Pz%3yg$4X0>*I?zuTxZL6p_B_K
zufa+q8$uYs206Q_yGFPX4@jnegbRE)G?hP)Azy4<Ki`U^zN2DvwCnggzUujd0dZY_
z)Z0h>y%CydW2As<uL6!!0q5)>Y$8(=SS%Hea^tR`yd`Eawz{)%fE);J)KI@|l%FOs
zUhJhaM6(8N*a5tSuqsm|^7?T87CNtspdfxSBnbnKy3vfM3T<KrqlU1MVd%GCf>NV3
z>E!V+Xh;;Lh*FeV?GQC0id4FU{s6}Y5jRe;6-(0)ky05Tl3)_h08L83KDdbbI#jVH
zliny7i&IikM7k8EQ7_UN)M7py8{hW^0-{MkL&C@nCkYV^r<wtxreM+P)M`zlTBOt~
zRk17w2uM_%7#9&@rCt-QQyIkwrlo+`@@0_HWMU18e#*%@vq=<dO3?DTK#k(fg^FV|
zupy;E!zh;{V?=Nq;2*2GPM}6sWj1I`lSRhF$?+nMPMmDkf;j|?9w8j=8SW|c3mi%f
zhXVsCf}v<WQq)YEft18R%mg73G4PiLBOoYDL^TC%Vsf-7QDZcT)VgE~(rDHMwkh@w
z_Yo2pK>$(`v%`tn+neL0aFRpF2q+ni5R+1ov?(Z?XBctO6IJ5j3NLR@y&h5)tf5ik
zKppNkX9WiVO9UiXIubbne@TXEn#li3W^B6XZ_r*T5(j2z7|%fffPNB9G5>3=*!1h)
zfDz8|P*RDA5|F?N@PuI^qA9#IvmMxU<KF-#PBNU?NC77SvL~Ruk|KCP>Ce4OGjTRA
z(7`dNU=66%l8~6AL7w2Wnub%YF~yoEq6jDU3H1ybCT5M`z=d(jWTjBcs+EvP(-@6r
z)+mO)EYAya!|rA@Nef!Yep#{7Skt`A8(_s`e5}ojkXFeu1d^#mvJ&u!O|gKcqoqlT
zkG7eSkdcAC;t*LRkV&N=tjn4f(3_5xv6pN!V<CqX`mHDm0#*X2{tFh{ym&|uGDsg#
zfDmFKgQKnzP@3egnl9N!te}}8k3fC^k^=A-x-Wp1mNv;^qcujA*=Q804a#V(rCVnb
z$Ldmq(K?|<$WBse&C#sTsApB07>!D3LfLkWNt4V9qggI+C#p28QK*X%8g&V*DHghj
zaG&KnA#}BIiA;v`Exmb>kP9F*MT6VJVU_^S)D<-;6gEK}6ScaD;%GLR)#~)(5Fby4
zzmF&(nh*Owh<hX^1D)VBbXU=^q$$3nd0i2h>oDrH?CW|}+!Vx{yKsy6amLCAjbh{f
zmXBrzP8^NFtab#MFf@7A1WU3G$Bfz-Dz35N7&n#ET&Y5Qfzb>M3n1$YBiTRiYN%3J
zQG&)~u(a4{rAZ0q8>2~trU?ch#(~F123xQ-cXRsFgaqXa0hxfNVNd|C+EPsmG0jBT
zyg<m=CnJ?Yj}3=07aDRmsn_;ufDOZKq28d2gFJ!|<_lSa-k>pp^Ro^bh0saj55l?m
z$v4+J0*C?%gcb}*l!ClKlLlLAH17%CTBlQkw?;iUrT7&CYHLrfjtR4oH5kPzv2o-G
z+4$f<##1$#=hL`})#l(wxpfXT*aQK>rl3RDG;jR>%|Y`5CZvfVi~wlb((Z7`GD4;Z
z_BODchJo36lv;qynN1!Dau2*_<PGf)+%?S9s9{#zGEMF%4utq<NjO<1b_86)JJGDw
z3b;QQ<h=sTCaoqBO{H^LGDnzPN>uk_6NO=+{cUqkux#a3ot|b>tj=JaRiaSp5~co7
zS`ekIAsvX)#b|<nu=!k<>Snwlb?I$jm8SYfprZAYD|K0E0*b*>foQXet*;7YMXg!!
zx{NM`GSaB(y6UZ&NCbfd8iGJ#byb3MQYcMqKZP8nFEAWBRv1o^j1Z&yVpv~foOSCL
zCK=cmM+_2%5=VHH^+&+au&zK5Bj9Kt6bT8+K|g{-3k`in>k81%D;h~iKxeizxEJ2W
zZ%6~A1e#g1EeD)Qk-lwdfC&~4HKd_(Xw8CcISgg;c{I3}!eC^|F9&Opcr+4ccy++N
zG@6`hcrS^gRU!>(41v~_*wWx$DaLyqhBE|O!eLtu!zC2WD~Dq;8O5s?2i}m)+TIH^
z0!{hzXcU@u=Fu2CnF2rw4+}icPDeQWpcOC;pNErZ#}6Kjruck7SVZ%^ymC^${LrE>
z#tsY72yc+ev#W!k?eT&6*~x&Ap}qbaVga4=?FA<xd1Y6QZiEIKx7d}FO6=r9VW<Px
zuwIHliFqE4Li0jA8qIGXpdu-(l4?*6*$`g_7y(U{$1l(*yL$-<V^5QUFX7ceNJ*T>
z2RIs>-`)_-uFa4biI!;D@&@G?JIo{|MQd^zl!KrRi<<0cC@;b*C$Ym!LE_8qUXn&D
z8XDY7(_rNGG}L|Ll_MLWN$mKgVNn(zpM)eSzTSYw@avV3G`}r?3nT36l~AB`9zH3!
zFrJUVq|gTWx|HHFw0@`oZ&HG6ghun*3?@UG<J}81wA`w}^JEx}mX`5oGMX<J8H_FY
zI)`&<(BhMZ_ewFoe}SezpjCXla`yHtliJx8bSmKHhW8>G#j6+M7KC<wIfj(j(;%$d
zm1EH6Hn#Y140y9ECxvKXR}Mn99gXD651t1}4ZCs-V~0-)mS9&-#@Jzzk!WVLA!bmU
zJ&obFeH^DGe7gr)gE$Qd4ULvHp!JTSnkg*mZ-_&5I<&wCw1EzA8I~BMgDbEx?n)tu
z6nKzQA0Oxl(NZrj!b{;x_>ewQQUR^jmz4TSaj!v+e_jMllPYv7?^sq9Z!{+e#9k6c
ys_>P0VP4+gW<8~(l=OmWDAd{*h0NCr^#_e6rNP8?jd19^!qVp6y?p|G9sdsqbY<HB

literal 0
HcmV?d00001


From 19e8341d61befad7ee783bb9c3f45b73a72a5d02 Mon Sep 17 00:00:00 2001
From: Snyk bot <snyk-bot@snyk.io>
Date: Sat, 29 Jan 2022 14:13:10 +0000
Subject: [PATCH 785/812] fix: upgrade com.github.spotbugs:spotbugs-annotations
 from 4.5.2 to 4.5.3 (#654)

Snyk has created this PR to upgrade com.github.spotbugs:spotbugs-annotations from 4.5.2 to 4.5.3.

See this package in Maven Repository:
https://mvnrepository.com/artifact/com.github.spotbugs/spotbugs-annotations/

See this project in Snyk:
https://app.snyk.io/org/planetlevel/project/f53b118f-f068-49f2-98e2-0b5681787cd7?utm_source=github&utm_medium=referral&page=upgrade-pr
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 9e4443655..df70d62d1 100644
--- a/pom.xml
+++ b/pom.xml
@@ -135,7 +135,7 @@
         <version.jmh>1.28</version.jmh>
         <!-- Note: powermock v2.0.8 doesn't exist. v2.0.9+ requires mockito-core v3+, which requires Java 8 -->
         <version.powermock>2.0.7</version.powermock>
-        <version.spotbugs>4.5.2</version.spotbugs>
+        <version.spotbugs>4.5.3</version.spotbugs>
         <version.spotbugs.maven>4.2.2</version.spotbugs.maven>
         <version.surefire>3.0.0-M5</version.surefire>
     </properties>

From b383cadae9bc92e9c6a6eb7a9821e291ae9d7b47 Mon Sep 17 00:00:00 2001
From: jeremiahjstacey <jeremiah.j.stacey@gmail.com>
Date: Sat, 29 Jan 2022 19:26:02 -0600
Subject: [PATCH 786/812] Updating slf4j-api dependency (#655)

v.1.7.35 released jan 2022
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index df70d62d1..7aa5232b7 100644
--- a/pom.xml
+++ b/pom.xml
@@ -253,7 +253,7 @@
         <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-api</artifactId>
-            <version>1.7.32</version>
+            <version>1.7.35</version>
         </dependency>
         <dependency>
             <groupId>xml-apis</groupId>

From 36a6e5470bddb9b4e34ec083cedadf8b04d54806 Mon Sep 17 00:00:00 2001
From: Zac Spitzer <zac.spitzer@gmail.com>
Date: Wed, 23 Feb 2022 12:18:41 +0100
Subject: [PATCH 787/812] update antisamy to 1.6.5

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 7aa5232b7..8bca5ce50 100644
--- a/pom.xml
+++ b/pom.xml
@@ -237,7 +237,7 @@
         <dependency>
             <groupId>org.owasp.antisamy</groupId>
             <artifactId>antisamy</artifactId>
-            <version>1.6.4</version>
+            <version>1.6.5</version>
             <exclusions>
                 <!-- excluded because we pick up much newer version -->
                 <exclusion>

From 0f9ab8a0431032431e88fce454e735833f1ae698 Mon Sep 17 00:00:00 2001
From: Matt Seil <xeno6696@users.noreply.github.com>
Date: Fri, 25 Feb 2022 20:53:10 -0700
Subject: [PATCH 788/812] Housekeeping, OSGI start/stop, Parameterized some
 hardcoded values.   (#663)

* Signed key history for MATT SEIL begins here.

* Signed key history for MATT SEIL begins here.  Fixed email typo.

* Revert "Signed key history for MATT SEIL begins here.  Fixed email typo."

This reverts commit 87c4c4e6eda85b914f0676eac0f24034f85d9303.

* created file on main.

* Deleted foo.txt

* #661 Added ability to generate OSGi metadata with the command 'mvn org.apache.felix:maven-bundle-plugin:manifest'.

* Updated to AntiSamy 1.6.5.

* Revert "#661 Added ability to generate OSGi metadata with the command 'mvn org.apache.felix:maven-bundle-plugin:manifest'."

This reverts commit 9fa2a53c18451718655340d8dc8a57a1ba43e9f5.

* #656 -->  Parameterized cookie name length and value to correspond with the HTTP maxes defined in esapi.properties.

* Adjusted regex to allow for zero-length matches.

* Added per review comments for PR #663

Co-authored-by: Matt Seil <xeno6696[at]gmail.com>
---
 configuration/esapi/ESAPI.properties                         | 2 +-
 .../java/org/owasp/esapi/reference/DefaultHTTPUtilities.java | 5 +++--
 .../esapi/ESAPI-CommaValidatorFileChecker.properties         | 2 +-
 .../esapi/ESAPI-DualValidatorFileChecker.properties          | 2 +-
 .../esapi/ESAPI-QuotedValidatorFileChecker.properties        | 2 +-
 .../esapi/ESAPI-SingleValidatorFileChecker.properties        | 2 +-
 src/test/resources/esapi/ESAPI.properties                    | 2 +-
 7 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/configuration/esapi/ESAPI.properties b/configuration/esapi/ESAPI.properties
index 828144b45..a70ecbea3 100644
--- a/configuration/esapi/ESAPI.properties
+++ b/configuration/esapi/ESAPI.properties
@@ -469,7 +469,7 @@ Validator.Redirect=^\\/test.*$
 Validator.HTTPScheme=^(http|https)$
 Validator.HTTPServerName=^[a-zA-Z0-9_.\\-]*$
 Validator.HTTPCookieName=^[a-zA-Z0-9\\-_]{1,32}$
-Validator.HTTPCookieValue=^[a-zA-Z0-9\\-\\/+=_ ]*$
+Validator.HTTPCookieValue=^[a-zA-Z0-9\\-\\/+=_ ]{0,1024}$
 # Note that headerName and Value length is also configured in the HTTPUtilities section
 Validator.HTTPHeaderName=^[a-zA-Z0-9\\-_]{1,256}$
 Validator.HTTPHeaderValue=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java b/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java
index f690e26bd..2da6546d8 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java
@@ -189,8 +189,9 @@ public void addCookie(HttpServletResponse response, Cookie cookie) {
 
         // validate the name and value
         ValidationErrorList errors = new ValidationErrorList();
-        String cookieName = ESAPI.validator().getValidInput("cookie name", name, "HTTPCookieName", 50, false, errors);
-        String cookieValue = ESAPI.validator().getValidInput("cookie value", value, "HTTPCookieValue", 5000, false, errors);
+        SecurityConfiguration sc = ESAPI.securityConfiguration();
+        String cookieName = ESAPI.validator().getValidInput("cookie name", name, "HTTPCookieName", sc.getIntProp("HttpUtilities.MaxHeaderNameSize"), false, errors);
+        String cookieValue = ESAPI.validator().getValidInput("cookie value", value, "HTTPCookieValue", sc.getIntProp("HttpUtilities.MaxHeaderValueSize"), false, errors);
 
         // if there are no errors, then set the cookie either with a header or normally
         if (errors.size() == 0) {
diff --git a/src/test/resources/esapi/ESAPI-CommaValidatorFileChecker.properties b/src/test/resources/esapi/ESAPI-CommaValidatorFileChecker.properties
index 402ea806c..ddaa1b8e9 100644
--- a/src/test/resources/esapi/ESAPI-CommaValidatorFileChecker.properties
+++ b/src/test/resources/esapi/ESAPI-CommaValidatorFileChecker.properties
@@ -468,7 +468,7 @@ Validator.Redirect=^\\/test.*$
 Validator.HTTPScheme=^(http|https)$
 Validator.HTTPServerName=^[a-zA-Z0-9_.\\-]*$
 Validator.HTTPCookieName=^[a-zA-Z0-9\\-_]{1,32}$
-Validator.HTTPCookieValue=^[a-zA-Z0-9\\-\\/+=_ ]*$
+Validator.HTTPCookieValue=^[a-zA-Z0-9\\-\\/+=_ ]{0,1024}$
 Validator.HTTPHeaderName=^[a-zA-Z0-9\\-_]{1,32}$
 Validator.HTTPHeaderValue=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$
 Validator.HTTPServletPath=^[a-zA-Z0-9.\\-\\/_]*$
diff --git a/src/test/resources/esapi/ESAPI-DualValidatorFileChecker.properties b/src/test/resources/esapi/ESAPI-DualValidatorFileChecker.properties
index 322b0f5f4..88c10b6f9 100644
--- a/src/test/resources/esapi/ESAPI-DualValidatorFileChecker.properties
+++ b/src/test/resources/esapi/ESAPI-DualValidatorFileChecker.properties
@@ -469,7 +469,7 @@ Validator.Redirect=^\\/test.*$
 Validator.HTTPScheme=^(http|https)$
 Validator.HTTPServerName=^[a-zA-Z0-9_.\\-]*$
 Validator.HTTPCookieName=^[a-zA-Z0-9\\-_]{1,32}$
-Validator.HTTPCookieValue=^[a-zA-Z0-9\\-\\/+=_ ]*$
+Validator.HTTPCookieValue=^[a-zA-Z0-9\\-\\/+=_ ]{0,1024}$
 Validator.HTTPHeaderName=^[a-zA-Z0-9\\-_]{1,32}$
 Validator.HTTPHeaderValue=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$
 Validator.HTTPServletPath=^[a-zA-Z0-9.\\-\\/_]*$
diff --git a/src/test/resources/esapi/ESAPI-QuotedValidatorFileChecker.properties b/src/test/resources/esapi/ESAPI-QuotedValidatorFileChecker.properties
index 1a565c41c..7c9d37b7a 100644
--- a/src/test/resources/esapi/ESAPI-QuotedValidatorFileChecker.properties
+++ b/src/test/resources/esapi/ESAPI-QuotedValidatorFileChecker.properties
@@ -467,7 +467,7 @@ Validator.Redirect=^\\/test.*$
 Validator.HTTPScheme=^(http|https)$
 Validator.HTTPServerName=^[a-zA-Z0-9_.\\-]*$
 Validator.HTTPCookieName=^[a-zA-Z0-9\\-_]{1,32}$
-Validator.HTTPCookieValue=^[a-zA-Z0-9\\-\\/+=_ ]*$
+Validator.HTTPCookieValue=^[a-zA-Z0-9\\-\\/+=_ ]{0,1024}$
 Validator.HTTPHeaderName=^[a-zA-Z0-9\\-_]{1,32}$
 Validator.HTTPHeaderValue=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$
 Validator.HTTPServletPath=^[a-zA-Z0-9.\\-\\/_]*$
diff --git a/src/test/resources/esapi/ESAPI-SingleValidatorFileChecker.properties b/src/test/resources/esapi/ESAPI-SingleValidatorFileChecker.properties
index bbf49c6d3..a8cca0136 100644
--- a/src/test/resources/esapi/ESAPI-SingleValidatorFileChecker.properties
+++ b/src/test/resources/esapi/ESAPI-SingleValidatorFileChecker.properties
@@ -467,7 +467,7 @@ Validator.Redirect=^\\/test.*$
 Validator.HTTPScheme=^(http|https)$
 Validator.HTTPServerName=^[a-zA-Z0-9_.\\-]*$
 Validator.HTTPCookieName=^[a-zA-Z0-9\\-_]{1,32}$
-Validator.HTTPCookieValue=^[a-zA-Z0-9\\-\\/+=_ ]*$
+Validator.HTTPCookieValue=^[a-zA-Z0-9\\-\\/+=_ ]{0,1024}$
 Validator.HTTPHeaderName=^[a-zA-Z0-9\\-_]{1,32}$
 Validator.HTTPHeaderValue=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$
 Validator.HTTPServletPath=^[a-zA-Z0-9.\\-\\/_]*$
diff --git a/src/test/resources/esapi/ESAPI.properties b/src/test/resources/esapi/ESAPI.properties
index f3d7b46f1..e1634dc28 100644
--- a/src/test/resources/esapi/ESAPI.properties
+++ b/src/test/resources/esapi/ESAPI.properties
@@ -498,7 +498,7 @@ Validator.Redirect=^\\/test.*$
 Validator.HTTPScheme=^(http|https)$
 Validator.HTTPServerName=^[a-zA-Z0-9_.\\-]*$
 Validator.HTTPCookieName=^[a-zA-Z0-9\\-_]{1,32}$
-Validator.HTTPCookieValue=^[a-zA-Z0-9\\-\\/+=_ ]*$
+Validator.HTTPCookieValue=^[a-zA-Z0-9\\-\\/+=_ ]{0,1024}$
 # Note that headerName and Value length is also configured in the HTTPUtilities section
 Validator.HTTPHeaderName=^[a-zA-Z0-9\\-_]{1,256}$
 Validator.HTTPHeaderValue=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$

From 9eb1debb0cbd081bd61680ac1b4317ee1319f9b9 Mon Sep 17 00:00:00 2001
From: Dave Wichers <dwichers@gmail.com>
Date: Sun, 3 Apr 2022 16:13:51 -0400
Subject: [PATCH 789/812] Upgrade a bunch of dependencies and plugins and
 prepare a bit for the use of AntiSamy 1.6.6.1.

---
 pom.xml          | 115 ++++++++++++++++++++++++++++++++---------------
 suppressions.xml |  26 ++++++++++-
 2 files changed, 103 insertions(+), 38 deletions(-)

diff --git a/pom.xml b/pom.xml
index 8bca5ce50..c67a06024 100644
--- a/pom.xml
+++ b/pom.xml
@@ -132,11 +132,13 @@
 
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-        <version.jmh>1.28</version.jmh>
+        <project.java.target>1.7</project.java.target>
+        <version.findsecbugs>1.11.0</version.findsecbugs>
+        <version.jmh>1.35</version.jmh>
         <!-- Note: powermock v2.0.8 doesn't exist. v2.0.9+ requires mockito-core v3+, which requires Java 8 -->
         <version.powermock>2.0.7</version.powermock>
-        <version.spotbugs>4.5.3</version.spotbugs>
-        <version.spotbugs.maven>4.2.2</version.spotbugs.maven>
+        <version.spotbugs>4.6.0</version.spotbugs>
+        <version.spotbugs.maven>4.6.0.0</version.spotbugs.maven>
         <version.surefire>3.0.0-M5</version.surefire>
     </properties>
 
@@ -198,6 +200,10 @@
                     <groupId>commons-logging</groupId>
                     <artifactId>commons-logging</artifactId>
                 </exclusion>
+                <exclusion>
+                    <groupId>xml-apis</groupId>
+                    <artifactId>xml-apis</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
         <dependency>
@@ -237,23 +243,44 @@
         <dependency>
             <groupId>org.owasp.antisamy</groupId>
             <artifactId>antisamy</artifactId>
+            <!-- TODO: needs to be 1.6.6.1 before release -->
             <version>1.6.5</version>
             <exclusions>
-                <!-- excluded because we pick up much newer version -->
+                <!-- excluded because version from AntiSamy is too new (Requires Java 8) -->
                 <exclusion>
                     <groupId>commons-io</groupId>
                     <artifactId>commons-io</artifactId>
                 </exclusion>
+                <!-- TODO: This is only needed for AntiSamy 1.6.5, not 1.6.6.1.
+                     Remove this exclusion when AntiSamy 1.6.6.1 is included. -->
                 <exclusion>
                     <groupId>org.slf4j</groupId>
                     <artifactId>slf4j-api</artifactId>
                 </exclusion>
+                <!-- TODO: The neko-htmlunit exclusion here and inclusion next, is needed for AntiSamy 1.6.6.1.
+                     Remove this comment when AntiSamy 1.6.6.1 is included. -->
+                <exclusion>
+                    <groupId>net.sourceforge.htmlunit</groupId>
+                    <artifactId>neko-htmlunit</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>net.sourceforge.htmlunit</groupId>
+            <artifactId>neko-htmlunit</artifactId>
+            <version>2.24</version>
+            <exclusions>
+                <!-- excluded because this conflicts with the version imported by AntiSamy -->
+                <exclusion>
+                    <groupId>xerces</groupId>
+                    <artifactId>xercesImpl</artifactId>
+                </exclusion>
             </exclusions>
         </dependency>
         <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-api</artifactId>
-            <version>1.7.35</version>
+            <version>1.7.36</version>
         </dependency>
         <dependency>
             <groupId>xml-apis</groupId>
@@ -273,7 +300,6 @@
             <version>2.6</version>
         </dependency>
 
-
         <!-- SpotBugs dependencies -->
         <dependency>
             <groupId>com.github.spotbugs</groupId>
@@ -298,7 +324,7 @@
         <dependency>
             <groupId>org.bouncycastle</groupId>
             <artifactId>bcprov-jdk15on</artifactId>
-            <version>1.68</version>
+            <version>1.70</version>
             <scope>test</scope>
         </dependency>
         <dependency>
@@ -404,12 +430,12 @@
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
                     <artifactId>maven-dependency-plugin</artifactId>
-                    <version>3.1.2</version>
+                    <version>3.3.0</version>
                 </plugin>
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
                     <artifactId>maven-release-plugin</artifactId>
-                    <version>3.0.0-M1</version>
+                    <version>3.0.0-M5</version>
                 </plugin>
             </plugins>
         </pluginManagement>
@@ -430,6 +456,12 @@
                 </dependencies>
             </plugin>
 
+            <plugin>
+                <groupId>com.h3xstream.findsecbugs</groupId>
+                <artifactId>findsecbugs-plugin</artifactId>
+                <version>${version.findsecbugs}</version>
+            </plugin>
+
             <plugin>
                 <groupId>net.sourceforge.maven-taglib</groupId>
                 <artifactId>maven-taglib-plugin</artifactId>
@@ -451,12 +483,12 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-compiler-plugin</artifactId>
-                <version>3.8.1</version>
+                <version>3.10.1</version>
                 <configuration>
-                    <source>1.7</source>
-                    <target>1.7</target>
-                    <testSource>1.7</testSource>
-                    <testTarget>1.7</testTarget>
+                    <source>${project.java.target}</source>
+                    <target>${project.java.target}</target>
+                    <testSource>${project.java.target}</testSource>
+                    <testTarget>${project.java.target}</testTarget>
                     <debug>true</debug>
                     <showWarnings>true</showWarnings>
                     <showDeprecation>false</showDeprecation>
@@ -485,7 +517,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-deploy-plugin</artifactId>
-                <version>3.0.0-M1</version>
+                <version>3.0.0-M2</version>
             </plugin>
 
             <plugin>
@@ -500,18 +532,17 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-enforcer-plugin</artifactId>
-                <version>3.0.0-M3</version>
+                <version>3.0.0</version>
                 <dependencies>
                   <dependency>
                     <groupId>org.codehaus.mojo</groupId>
                     <artifactId>extra-enforcer-rules</artifactId>
-                    <version>1.3</version>
+                    <version>1.5.1</version>
                   </dependency>
                   <dependency>
                     <groupId>org.codehaus.mojo</groupId>
                     <artifactId>animal-sniffer-enforcer-rule</artifactId>
-                    <!-- Updating to 1.19 causes LOTS of errors in 'mvn site' and 1.18 requires Java 8 so leaving it at 1.17. -->
-                    <version>1.17</version>
+                    <version>1.21</version>
                   </dependency>
                 </dependencies>
                 <executions>
@@ -537,7 +568,7 @@
                         <rules>
                           <dependencyConvergence/>
                           <requireJavaVersion>
-                            <version>1.7</version>
+                            <version>${project.java.target}</version>
                             <message>
                                 ESAPI 2.x now uses the JDK1.7 for its baseline. Please make sure that your
                                 JAVA_HOME environment variable is pointed to a JDK1.7 or later distribution.
@@ -576,7 +607,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-gpg-plugin</artifactId>
-                <version>1.6</version>
+                <version>3.0.1</version>
                 <executions>
                   <execution>
                     <id>sign-artifacts</id>
@@ -595,7 +626,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-jar-plugin</artifactId>
-                <version>3.2.0</version>
+                <version>3.2.2</version>
                 <configuration>
                     <archive>
                         <manifest>
@@ -609,7 +640,7 @@
             <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-javadoc-plugin</artifactId>
-               <version>3.2.0</version>
+               <version>3.3.2</version>
                <configuration>
                  <source>7</source>
                  <doclint>none</doclint>
@@ -625,21 +656,32 @@
             </plugin>
 
             <plugin>
-              <groupId>org.apache.maven.plugins</groupId>
-              <artifactId>maven-jxr-plugin</artifactId>
-              <version>3.0.0</version>
+               <groupId>org.apache.maven.plugins</groupId>
+               <artifactId>maven-jxr-plugin</artifactId>
+               <version>3.1.1</version>
             </plugin>
 
             <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-pmd-plugin</artifactId>
-                <version>3.14.0</version>
+               <groupId>org.apache.maven.plugins</groupId>
+               <artifactId>maven-pmd-plugin</artifactId>
+               <version>3.16.0</version>
+               <dependencies>
+                   <!-- Without this, 3.15.0+ causes lots of warning like: [WARNING] Could not find class org.owasp.validator.html.util.ErrorMessageUtil,
+               due to: java.lang.IncompatibleClassChangeError: class net.sourceforge.pmd.lang.java.typeresolution.visitors.PMDASMVisitor
+               has interface org.objectweb.asm.ClassVisitor as super class.
+               However, these warnings don't adversely affect the PMD results, so we are keeping this upgrade. -->
+                   <dependency>
+                       <groupId>org.ow2.asm</groupId>
+                       <artifactId>asm</artifactId>
+                       <version>9.2</version>
+                   </dependency>
+               </dependencies>
             </plugin>
 
             <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-project-info-reports-plugin</artifactId>
-               <version>3.1.1</version>
+               <version>3.1.2</version>
             </plugin>
 
             <plugin>
@@ -651,7 +693,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-site-plugin</artifactId>
-                <version>3.9.1</version>
+                <version>3.11.0</version>
             </plugin>
 
             <plugin>
@@ -700,7 +742,7 @@
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>versions-maven-plugin</artifactId>
-                <version>2.8.1</version>
+                <version>2.10.0</version>
             </plugin>
 
             <plugin>
@@ -712,7 +754,7 @@
             <plugin>
                 <groupId>org.owasp</groupId>
                 <artifactId>dependency-check-maven</artifactId>
-                <version>6.1.6</version>
+                <version>7.0.4</version>
                 <configuration>
                     <failBuildOnCVSS>1.0</failBuildOnCVSS>
                     <suppressionFiles>./suppressions.xml</suppressionFiles>
@@ -781,6 +823,7 @@
                <reportSets>
                  <reportSet>
                    <reports>
+                     <report>index</report>
                      <report>dependency-convergence</report>
                    </reports>
                  </reportSet>
@@ -845,7 +888,7 @@
                         <plugin>
                             <groupId>com.h3xstream.findsecbugs</groupId>
                             <artifactId>findsecbugs-plugin</artifactId>
-                            <version>1.10.1</version>
+                            <version>${version.findsecbugs}</version>
                         </plugin>
                     </plugins>
                     <effort>Max</effort>
@@ -877,7 +920,6 @@
 
                     <plugin>
                         <artifactId>maven-jar-plugin</artifactId>
-
 <!--
                         <executions>
                             <execution>
@@ -891,7 +933,7 @@
                         <configuration>
 <!--
                             <keystore>codesign.keystore</keystore>
-                            <alias>owasp foundation, inc.'s godaddy.com, inc. id</alias>
+                            <alias>OWASP Foundation, Inc.'s GoDaddy.com ID</alias>
                             <verify>true</verify>
 -->
                             <archive>
@@ -934,7 +976,6 @@
                     <plugin>
                         <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-release-plugin</artifactId>
-                        <version>2.5.3</version>
                         <configuration>
                             <tagBase>https://github.com/ESAPI/esapi-java-legacy/tags</tagBase>
                         </configuration>
diff --git a/suppressions.xml b/suppressions.xml
index b99913788..4094cfce0 100644
--- a/suppressions.xml
+++ b/suppressions.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!-- OWASP Dependency Check suppression file for ESAPI. -->
-<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.2.xsd">
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
     <suppress>
         <notes><![CDATA[
             This suppresses CVE-2019-17571 for the log4j-1.2.17.jar dependency. ESAPI does
@@ -37,4 +37,28 @@
         <cpe>cpe:/a:apache:log4j</cpe>
         <cve>CVE-2020-9488</cve>
     </suppress>
+    <suppress>
+       <notes><![CDATA[file name: log4j-1.2.17.jar]]></notes>
+       <packageUrl regex="true">^pkg:maven/log4j/log4j@.*$</packageUrl>
+       <vulnerabilityName>CVE-2021-4104</vulnerabilityName>
+    </suppress>
+    <suppress>
+       <notes><![CDATA[
+           file name: neko-htmlunit-2.24.jar
+
+           CVE-2020-5529 is for net.sourceforge.htmlunit:htmlunit, not net.sourceforge.htmlunit:neko-htmlunit.
+           As such, this is a false positive.
+        ]]></notes>
+       <packageUrl regex="true">^pkg:maven/net\.sourceforge\.htmlunit/neko\-htmlunit@.*$</packageUrl>
+       <cve>CVE-2020-5529</cve>
+    </suppress>
+    <suppress>
+       <notes><![CDATA[
+           file name: commons-io-2.6.jar
+
+           TODO:FIXME: Not sure if you want this suppressed or not, but suppressing for now so mvn site can finish successfully.
+       ]]></notes>
+       <packageUrl regex="true">^pkg:maven/commons\-io/commons\-io@.*$</packageUrl>
+       <cve>CVE-2021-29425</cve>
+    </suppress>
 </suppressions>

From 94563c043ddac7e5107ddd35d93734a17e99ed6b Mon Sep 17 00:00:00 2001
From: Dave Wichers <dwichers@gmail.com>
Date: Thu, 7 Apr 2022 20:29:13 -0400
Subject: [PATCH 790/812] Upgrade to AntiSamy 1.6.6.1 and upgrade a few plugins
 too.

---
 pom.xml | 41 +++++++++++------------------------------
 1 file changed, 11 insertions(+), 30 deletions(-)

diff --git a/pom.xml b/pom.xml
index c67a06024..2d4d30fbd 100644
--- a/pom.xml
+++ b/pom.xml
@@ -133,13 +133,13 @@
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.java.target>1.7</project.java.target>
-        <version.findsecbugs>1.11.0</version.findsecbugs>
+        <version.findsecbugs>1.12.0</version.findsecbugs>
         <version.jmh>1.35</version.jmh>
         <!-- Note: powermock v2.0.8 doesn't exist. v2.0.9+ requires mockito-core v3+, which requires Java 8 -->
         <version.powermock>2.0.7</version.powermock>
         <version.spotbugs>4.6.0</version.spotbugs>
         <version.spotbugs.maven>4.6.0.0</version.spotbugs.maven>
-        <version.surefire>3.0.0-M5</version.surefire>
+        <version.surefire>3.0.0-M6</version.surefire>
     </properties>
 
     <dependencies>
@@ -243,22 +243,14 @@
         <dependency>
             <groupId>org.owasp.antisamy</groupId>
             <artifactId>antisamy</artifactId>
-            <!-- TODO: needs to be 1.6.6.1 before release -->
-            <version>1.6.5</version>
+            <version>1.6.6.1</version>
             <exclusions>
-                <!-- excluded because version from AntiSamy is too new (Requires Java 8) -->
+                <!-- excluded because version imported by AntiSamy Requires Java 8. We import
+                     the last Java 7 versions of these ourselves. -->
                 <exclusion>
                     <groupId>commons-io</groupId>
                     <artifactId>commons-io</artifactId>
                 </exclusion>
-                <!-- TODO: This is only needed for AntiSamy 1.6.5, not 1.6.6.1.
-                     Remove this exclusion when AntiSamy 1.6.6.1 is included. -->
-                <exclusion>
-                    <groupId>org.slf4j</groupId>
-                    <artifactId>slf4j-api</artifactId>
-                </exclusion>
-                <!-- TODO: The neko-htmlunit exclusion here and inclusion next, is needed for AntiSamy 1.6.6.1.
-                     Remove this comment when AntiSamy 1.6.6.1 is included. -->
                 <exclusion>
                     <groupId>net.sourceforge.htmlunit</groupId>
                     <artifactId>neko-htmlunit</artifactId>
@@ -477,7 +469,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-clean-plugin</artifactId>
-                <version>3.1.0</version>
+                <version>3.2.0</version>
             </plugin>
 
             <plugin>
@@ -658,30 +650,19 @@
             <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-jxr-plugin</artifactId>
-               <version>3.1.1</version>
+               <version>3.2.0</version>
             </plugin>
 
             <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-pmd-plugin</artifactId>
                <version>3.16.0</version>
-               <dependencies>
-                   <!-- Without this, 3.15.0+ causes lots of warning like: [WARNING] Could not find class org.owasp.validator.html.util.ErrorMessageUtil,
-               due to: java.lang.IncompatibleClassChangeError: class net.sourceforge.pmd.lang.java.typeresolution.visitors.PMDASMVisitor
-               has interface org.objectweb.asm.ClassVisitor as super class.
-               However, these warnings don't adversely affect the PMD results, so we are keeping this upgrade. -->
-                   <dependency>
-                       <groupId>org.ow2.asm</groupId>
-                       <artifactId>asm</artifactId>
-                       <version>9.2</version>
-                   </dependency>
-               </dependencies>
             </plugin>
 
             <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-project-info-reports-plugin</artifactId>
-               <version>3.1.2</version>
+               <version>3.2.2</version>
             </plugin>
 
             <plugin>
@@ -734,9 +715,9 @@
             </plugin>
 
             <plugin>
-                <groupId>org.codehaus.mojo</groupId>
+                <groupId>io.github.jiangxincode</groupId>
                 <artifactId>jdepend-maven-plugin</artifactId>
-                <version>2.0</version>
+                <version>2.1</version>
             </plugin>
 
             <plugin>
@@ -844,7 +825,7 @@
             <plugin>
                 <!--  Using this introduces these errors: Skipped "JDepend" report (jdepend-maven-plugin:2.0:generate), file "jdepend-report.html" already exists.
                       but don't know how to eliminate them, without disabling this plugin. -->
-                <groupId>org.codehaus.mojo</groupId>
+                <groupId>io.github.jiangxincode</groupId>
                 <artifactId>jdepend-maven-plugin</artifactId>
             </plugin>
             <!-- Check for available updates to dependencies and report on them. -->

From 5db31cf86bdb9f0e2bf85b46a95383677ea6e367 Mon Sep 17 00:00:00 2001
From: Matt Seil <xeno6696@users.noreply.github.com>
Date: Thu, 7 Apr 2022 19:33:28 -0700
Subject: [PATCH 791/812] Some of this appears to have been already covered in
 PR #663 (#670)

* Signed key history for MATT SEIL begins here.

* Signed key history for MATT SEIL begins here.  Fixed email typo.

* Revert "Signed key history for MATT SEIL begins here.  Fixed email typo."

This reverts commit 87c4c4e6eda85b914f0676eac0f24034f85d9303.

* created file on main.

* Deleted foo.txt

* Bump release to new patch version #.

* #661 Added ability to generate OSGi metadata with the command 'mvn org.apache.felix:maven-bundle-plugin:manifest'.

* Updated to AntiSamy 1.6.5.

* Revert "#661 Added ability to generate OSGi metadata with the command 'mvn org.apache.felix:maven-bundle-plugin:manifest'."

This reverts commit 9fa2a53c18451718655340d8dc8a57a1ba43e9f5.

* #656 -->  Parameterized cookie name length and value to correspond with the HTTP maxes defined in esapi.properties.

* Adjusted regex to allow for zero-length matches.

* Added per review comments for PR #663

* #656 Finished sweep looking for headername, headervalue, and header value sizes as well as the 'Cookie' versions of those statements.  Added unit tests.

* #663 Fixed a missed unit test.

* Antisamy 1.6.6, Antisamy regression test for analysis 1.  A handful of new regression tests for other purposes in validation and encoder tests.

* Attempting to fix classfile differences with antisamy dependencies.

* Fixed typo on exclusion.

* Added xerces exclusion to antisamy in the pom.xml

* Added test cases 2 & 3.

* Added test cases 2 & 3.  @Ignore on test case 3 from AntiSamy as the DOS is still present.

* Forced my version to match Wichers.

* Added a pair of unit tests for canoncialization to prove out an issue opened up on github.  One of which however reminded me that we need a codec to account for UTF-8 encoding/decoding.

Co-authored-by: Matt Seil <xeno6696[at]gmail.com>
Co-authored-by: kwwall <kevin.w.wall@gmail.com>
---
 .../reference/AbstractAuthenticator.java      |  3 +-
 .../esapi/reference/DefaultHTTPUtilities.java | 11 +++--
 .../owasp/esapi/reference/EncoderTest.java    | 21 ++++++++-
 .../esapi/reference/HTTPUtilitiesTest.java    | 22 ++++++++++
 .../owasp/esapi/reference/ValidatorTest.java  | 10 ++++-
 .../HTMLValidationRuleCleanTest.java          | 44 +++++++++++++++++++
 6 files changed, 103 insertions(+), 8 deletions(-)

diff --git a/src/main/java/org/owasp/esapi/reference/AbstractAuthenticator.java b/src/main/java/org/owasp/esapi/reference/AbstractAuthenticator.java
index d7de99f04..e6976c7ac 100644
--- a/src/main/java/org/owasp/esapi/reference/AbstractAuthenticator.java
+++ b/src/main/java/org/owasp/esapi/reference/AbstractAuthenticator.java
@@ -114,7 +114,8 @@ protected User getUserFromSession() {
      */
     protected DefaultUser getUserFromRememberToken() {
         try {
-            String token = ESAPI.httpUtilities().getCookie(ESAPI.currentRequest(), HTTPUtilities.REMEMBER_TOKEN_COOKIE_NAME);
+        	HTTPUtilities utils =ESAPI.httpUtilities();
+            String token = utils.getCookie(ESAPI.currentRequest(), HTTPUtilities.REMEMBER_TOKEN_COOKIE_NAME);
             if (token == null) return null;
             
             // See Google Issue 144 regarding first URLDecode the token and THEN unsealing.
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java b/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java
index 2da6546d8..ecce1a9ff 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultHTTPUtilities.java
@@ -235,11 +235,12 @@ public void addHeader(String name, String value) {
 	 * {@inheritDoc}
      */
     public void addHeader(HttpServletResponse response, String name, String value) {
+    	SecurityConfiguration sc = ESAPI.securityConfiguration();
         try {
             String strippedName = StringUtilities.replaceLinearWhiteSpace(name);
             String strippedValue = StringUtilities.replaceLinearWhiteSpace(value);
-            String safeName = ESAPI.validator().getValidInput("addHeader", strippedName, "HTTPHeaderName", 20, false);
-            String safeValue = ESAPI.validator().getValidInput("addHeader", strippedValue, "HTTPHeaderValue", 500, false);
+            String safeName = ESAPI.validator().getValidInput("addHeader", strippedName, "HTTPHeaderName", sc.getIntProp("HttpUtilities.MaxHeaderNameSize"), false);
+            String safeValue = ESAPI.validator().getValidInput("addHeader", strippedValue, "HTTPHeaderValue", sc.getIntProp("HttpUtilities.MaxHeaderValueSize"), false);
             response.addHeader(safeName, safeValue);
         } catch (ValidationException e) {
             logger.warning(Logger.SECURITY_FAILURE, "Attempt to add invalid header denied", e);
@@ -464,9 +465,10 @@ public void encryptStateInCookie( Map<String,String> cleartext ) throws Encrypti
 	 */
 	public String getCookie( HttpServletRequest request, String name ) throws ValidationException {
         Cookie c = getFirstCookie( request, name );
+        SecurityConfiguration sc = ESAPI.securityConfiguration();
         if ( c == null ) return null;
 		String value = c.getValue();
-		return ESAPI.validator().getValidInput("HTTP cookie value: " + value, value, "HTTPCookieValue", 1000, false);
+		return ESAPI.validator().getValidInput("HTTP cookie value: " + value, value, "HTTPCookieValue", sc.getIntProp("HttpUtilities.MaxHeaderValueSize"), false);
 	}
 
 	/**
@@ -656,8 +658,9 @@ private Cookie getFirstCookie(HttpServletRequest request, String name) {
 	 * {@inheritDoc}
 	 */
 	public String getHeader( HttpServletRequest request, String name ) throws ValidationException {
+		SecurityConfiguration sc = ESAPI.securityConfiguration();
         String value = request.getHeader(name);
-        return ESAPI.validator().getValidInput("HTTP header value: " + value, value, "HTTPHeaderValue", 150, false);
+        return ESAPI.validator().getValidInput("HTTP header value: " + value, value, "HTTPHeaderValue", sc.getIntProp("HttpUtilities.MaxHeaderValueSize"), false);
 	}
 
 
diff --git a/src/test/java/org/owasp/esapi/reference/EncoderTest.java b/src/test/java/org/owasp/esapi/reference/EncoderTest.java
index 8f345e199..ed04b6d5b 100644
--- a/src/test/java/org/owasp/esapi/reference/EncoderTest.java
+++ b/src/test/java/org/owasp/esapi/reference/EncoderTest.java
@@ -212,6 +212,8 @@ public void testCanonicalize() throws EncodingException {
         assertEquals( "<", instance.canonicalize("&lT;"));
         assertEquals( "<", instance.canonicalize("&Lt;"));
         assertEquals( "<", instance.canonicalize("&LT;"));
+        assertEquals( "&", instance.canonicalize("&amp"));
+        assertEquals( "〈", instance.canonicalize("&lang"));
         
         assertEquals( "<script>alert(\"hello\");</script>", instance.canonicalize("%3Cscript%3Ealert%28%22hello%22%29%3B%3C%2Fscript%3E") );
         assertEquals( "<script>alert(\"hello\");</script>", instance.canonicalize("%3Cscript&#x3E;alert%28%22hello&#34%29%3B%3C%2Fscript%3E", false) );
@@ -912,11 +914,28 @@ public void testHtmlEncodeStrSurrogatePair()
     
     public void testHtmlDecodeHexEntititesSurrogatePair()
     {
-    	HTMLEntityCodec htmlCodec = new HTMLEntityCodec();
+        HTMLEntityCodec htmlCodec = new HTMLEntityCodec();
         String expected = new String (new int[]{0x2f804}, 0, 1);
         assertEquals( expected, htmlCodec.decode("&#194564;") );
         assertEquals( expected, htmlCodec.decode("&#x2f804;") );
     }
     
+    public void testUnicodeCanonicalize() {
+        Encoder e = ESAPI.encoder();
+        String input = "测试";
+        String expected = "测试";
+        String output = e.canonicalize(input);
+        assertEquals(expected, output);
+    }
+    
+    public void testUnicodeCanonicalizePercentEncoding() {
+        //TODO:  We need to find a way to specify the encoding type for percent encoding.  
+        //I believe by default we're doing Latin-1 and we really should be doing UTF-8
+        Encoder e = ESAPI.encoder();
+        String input = "%E6%B5%8B%E8%AF%95";
+        String expected = "测试";
+        String output = e.canonicalize(input);
+        assertNotSame(expected, output);
+    }
 }
 
diff --git a/src/test/java/org/owasp/esapi/reference/HTTPUtilitiesTest.java b/src/test/java/org/owasp/esapi/reference/HTTPUtilitiesTest.java
index ba6715313..1f8701efd 100644
--- a/src/test/java/org/owasp/esapi/reference/HTTPUtilitiesTest.java
+++ b/src/test/java/org/owasp/esapi/reference/HTTPUtilitiesTest.java
@@ -45,6 +45,7 @@
 import org.owasp.esapi.http.MockHttpServletResponse;
 import org.owasp.esapi.http.MockHttpSession;
 import org.owasp.esapi.util.FileTestUtils;
+import org.owasp.esapi.util.TestUtils;
 
 import junit.framework.Test;
 import junit.framework.TestCase;
@@ -372,6 +373,27 @@ public void testSetCookie() {
 		instance.addCookie( response, new Cookie( "test3", "tes<t3" ) );
 		assertTrue(response.getHeaderNames().size() == 2);
 	}
+	
+	/**
+	 * Test of setCookie method, of class org.owasp.esapi.HTTPUtilities.
+	 * Validation failures should prevent cookies being added.  
+	 */
+	public void testSetCookieExceedingMaxValueAndName() {
+		HTTPUtilities instance = ESAPI.httpUtilities(); 
+		MockHttpServletResponse response = new MockHttpServletResponse();
+		assertTrue(response.getHeaderNames().isEmpty());
+		//request.addParameter(TestUtils.generateStringOfLength(32), "pass");
+		instance.addCookie( response, new Cookie( TestUtils.generateStringOfLength(32), "pass" ) );
+		assertTrue(response.getHeaderNames().size() == 1);
+
+		instance.addCookie( response, new Cookie( "pass", TestUtils.generateStringOfLength(32) ) );
+		assertTrue(response.getHeaderNames().size() == 2);
+		instance.addCookie( response, new Cookie( TestUtils.generateStringOfLength(5000), "fail" ) );
+		assertTrue(response.getHeaderNames().size() == 2);
+		instance.addCookie( response, new Cookie( "fail", TestUtils.generateStringOfLength(5001) ) );
+		assertTrue(response.getHeaderNames().size() == 2);
+	}
+
 
 	/**
 	 *
diff --git a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
index ef954107b..076fe1806 100644
--- a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
+++ b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
@@ -1040,7 +1040,6 @@ public void testHeaderLengthChecks(){
 
     @Test
     public void testGetHeaderNames() {
-//testing Validator.HTTPHeaderName
         MockHttpServletRequest request = new MockHttpServletRequest();
         SecurityWrapperRequest safeRequest = new SecurityWrapperRequest(request);
         request.addHeader("d-49653-p", "pass");
@@ -1048,7 +1047,6 @@ public void testGetHeaderNames() {
             // Note: Max length in ESAPI.properties as per
             // Validator.HTTPHeaderName regex is 256, but upper
             // bound is configurable by the property HttpUtilities.MaxHeaderNameSize
-        SecurityConfiguration sc = ESAPI.securityConfiguration();
         request.addHeader(TestUtils.generateStringOfLength(255), "pass");
         request.addHeader(TestUtils.generateStringOfLength(257), "fail");
         assertEquals(2, Collections.list(safeRequest.getHeaderNames()).size());
@@ -1130,5 +1128,13 @@ public void testavaloqLooseSafeString(){
     	boolean isValid = v.isValidInput("RegexString", "&quot;test&quot;", "avaloqLooseSafeString", 2147483647, true, true);
     	assertFalse(isValid);
     }
+    
+    @Test
+    public void testStandardHeader() {
+    	Validator v = ESAPI.validator();
+    	boolean expected = false;
+    	boolean result = v.isValidInput("HTTPHeaderValue ", "mary.poppins@gmail.com", "HTTPHeaderValue", 2147483647, true, true);
+    	assertEquals(expected, result);
+    }
 }
 
diff --git a/src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleCleanTest.java b/src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleCleanTest.java
index 2d489e793..ec0dceea8 100644
--- a/src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleCleanTest.java
+++ b/src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleCleanTest.java
@@ -22,12 +22,14 @@
 import org.owasp.esapi.ValidationErrorList;
 import org.owasp.esapi.ValidationRule;
 import org.owasp.esapi.Validator;
+import org.owasp.esapi.errors.IntrusionException;
 import org.owasp.esapi.errors.ValidationException;
 import org.owasp.esapi.filters.SecurityWrapperRequest;
 import org.owasp.esapi.reference.validation.HTMLValidationRule;
 
 import org.junit.Test;
 import org.junit.Before;
+import org.junit.Ignore;
 import org.junit.After;
 import org.junit.Rule;
 import org.junit.rules.ExpectedException;
@@ -153,4 +155,46 @@ public void testIsValidSafeHTML() {
         assertTrue(errors.size() == 0);
 
     }
+    
+    @Test
+    public void testAntiSamyRegressionCDATAWithJavascriptURL() throws Exception {
+        Validator instance = ESAPI.validator();
+        ValidationErrorList errors = new ValidationErrorList();
+        String input = "<style/>b<![cdata[</style><a href=javascript:alert(1)>test";
+		assertTrue(instance.isValidSafeHTML("test7", input, 100, false, errors));
+		String expected = "b&lt;/style&gt;&lt;a href=javascript:alert(1)&gt;test";
+		String output = instance.getValidSafeHTML("javascript Link", input, 250, false);
+		assertEquals(expected, output);
+		assertTrue(errors.size() == 0);
+
+    }
+    
+    @Test
+    public void testScriptTagAfterStyleClosing() throws Exception {
+        Validator instance = ESAPI.validator();
+        ValidationErrorList errors = new ValidationErrorList();
+        String input = "<select<style/>W<xmp<script>alert(1)</script>";
+		assertTrue(instance.isValidSafeHTML("test7", input, 100, false, errors));
+		String expected = "W&lt;script&gt;alert(1)&lt;/script&gt;";
+		String output = instance.getValidSafeHTML("escaping style tag attack", input, 250, false);
+		assertEquals(expected, output);
+		assertTrue(errors.size() == 0);
+
+    }
+    
+    @Test
+    @Ignore
+    public void testNekoDOSWithAnHTMLComment() throws Exception {
+    	/**
+    	 * FIXME:  This unit test needs to pass before the next ESAPI release.
+    	 */
+        Validator instance = ESAPI.validator();
+        ValidationErrorList errors = new ValidationErrorList();
+        String input = "<!--><?a/";
+		assertTrue(instance.isValidSafeHTML("test7", input, 100, false, errors));
+		String expected = "&#x3C;!--&#x3E;&#x3C;?a/";
+		String output = instance.getValidSafeHTML("escaping style tag attack", input, 250, false);
+		assertEquals(expected, output);
+		assertTrue(errors.size() == 0);
+    }
 }

From 6452cc9eb369a4b8068a1327632606a1343749d2 Mon Sep 17 00:00:00 2001
From: Olivier Jaquemet <olivier.jaquemet@gmail.com>
Date: Fri, 8 Apr 2022 05:12:02 +0200
Subject: [PATCH 792/812] Link to release note, Update latest version links
 (#643)

- Add direct link to release note of  2.2.3.0 for the AntiSamy warning
- Latest version is 2.2.3.1, not from 2.2.3.0 update accordingly

Co-authored-by: Kevin W. Wall <kevin.w.wall@gmail.com>
---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 5af5acfa5..71515ff56 100644
--- a/README.md
+++ b/README.md
@@ -39,10 +39,10 @@ Note however that work on ESAPI 3 has not yet become in earnest and is only in i
 # ESAPI release notes
 The ESAPI release notes may be found in ESAPI's "documentation" directory. They are generally named "esapi4java-core-*2.#.#.#*-release-notes.txt", where "*2.#.#.#*" refers to the ESAPI release number (which uses semantic versioning).
 ## IMPORTANT
-Starting with ESAPI 2.2.3.0, ESAPI is using a version of AntiSamy that by default includes 'slf4j-simple' and does XML schema validation on the AntiSamy policy files. Please **READ** the release notes for the 2.2.3.0 release (at least the beginning portion) for some important notes that likely will affect your use of ESAPI! You have been warned!!!
+Starting with ESAPI 2.2.3.0, ESAPI is using a version of AntiSamy that by default includes 'slf4j-simple' and does XML schema validation on the AntiSamy policy files. Please **READ** the [release notes for the 2.2.3.0 release](https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.2.3.0-release-notes.txt) (at least the beginning portion) for some important notes that likely will affect your use of ESAPI! You have been warned!!!
 
 # Locating ESAPI Jar files
-The [latest ESAPI release](https://github.com/ESAPI/esapi-java-legacy/releases/latest) is 2.2.3.1. The default configuration jar and its GPG signature can be found at [esapi-2.2.3.1-configuration.jar](https://github.com/ESAPI/esapi-java-legacy/releases/download/esapi-2.2.3.1/esapi-2.2.3.1-configuration.jar) and [esapi-2.2.3.1-configuration.jar.asc](https://github.com/ESAPI/esapi-java-legacy/releases/download/esapi-2.2.3.1/esapi-2.2.3.0-configuration.jar.asc) respectively.
+The [latest ESAPI release](https://github.com/ESAPI/esapi-java-legacy/releases/latest) is 2.2.3.1. The default configuration jar and its GPG signature can be found at [esapi-2.2.3.1-configuration.jar](https://github.com/ESAPI/esapi-java-legacy/releases/download/esapi-2.2.3.1/esapi-2.2.3.1-configuration.jar) and [esapi-2.2.3.1-configuration.jar.asc](https://github.com/ESAPI/esapi-java-legacy/releases/download/esapi-2.2.3.1/esapi-2.2.3.1-configuration.jar.asc) respectively.
 
 The latest *regular* ESAPI jars can are available from Maven Central.
 

From a9bdaab4d95fd7ef0961c8a2b10051bc20353140 Mon Sep 17 00:00:00 2001
From: "Kevin W. Wall" <kevin.w.wall@gmail.com>
Date: Mon, 11 Apr 2022 17:13:45 -0400
Subject: [PATCH 793/812] Changes to close issue #679 (#680)

* Changes to close issue #679

* Updated comment about support for fixed IVs in ESAPI.properties file.
---
 configuration/esapi/ESAPI.properties          |  49 ++++-----
 ...-core-2.0-symmetric-crypto-user-guide.html |   5 +-
 .../owasp/esapi/SecurityConfiguration.java    |  29 ++---
 .../org/owasp/esapi/crypto/CipherText.java    |  18 ++--
 .../DefaultSecurityConfiguration.java         |  59 ++++------
 .../esapi/reference/crypto/JavaEncryptor.java |  21 +---
 .../esapi/SecurityConfigurationWrapper.java   |   8 --
 .../owasp/esapi/crypto/CipherSpecTest.java    |   5 +-
 .../DefaultSecurityConfigurationTest.java     | 102 ++++++++----------
 ...ESAPI-CommaValidatorFileChecker.properties |  44 ++++----
 .../ESAPI-DualValidatorFileChecker.properties |  44 ++++----
 ...SAPI-QuotedValidatorFileChecker.properties |  44 ++++----
 ...SAPI-SingleValidatorFileChecker.properties |  44 ++++----
 src/test/resources/esapi/ESAPI.properties     |  50 ++++-----
 14 files changed, 200 insertions(+), 322 deletions(-)

diff --git a/configuration/esapi/ESAPI.properties b/configuration/esapi/ESAPI.properties
index a70ecbea3..bbb7531cd 100644
--- a/configuration/esapi/ESAPI.properties
+++ b/configuration/esapi/ESAPI.properties
@@ -194,9 +194,6 @@ Encryptor.cipher_modes.combined_modes=GCM,CCM,IAPM,EAX,OCB,CWC
 # Additional cipher modes allowed for ESAPI 2.0 encryption. These
 # cipher modes are in _addition_ to those specified by the property
 # 'Encryptor.cipher_modes.combined_modes'.
-# Note: We will add support for streaming modes like CFB & OFB once
-# we add support for 'specified' to the property 'Encryptor.ChooseIVMethod'
-# (probably in ESAPI 2.1).
 # DISCUSS: Better name?
 Encryptor.cipher_modes.additional_allowed=CBC
 
@@ -223,37 +220,27 @@ Encryptor.EncryptionKeyLength=128
 Encryptor.MinEncryptionKeyLength=128
 
 # Because 2.x uses CBC mode by default, it requires an initialization vector (IV).
-# (All cipher modes except ECB require an IV.) There are two choices: we can either
-# use a fixed IV known to both parties or allow ESAPI to choose a random IV. While
-# the IV does not need to be hidden from adversaries, it is important that the
-# adversary not be allowed to choose it. Also, random IVs are generally much more
-# secure than fixed IVs. (In fact, it is essential that feed-back cipher modes
-# such as CFB and OFB use a different IV for each encryption with a given key so
-# in such cases, random IVs are much preferred. By default, ESAPI 2.0 uses random
-# IVs. If you wish to use 'fixed' IVs, set 'Encryptor.ChooseIVMethod=fixed' and
-# uncomment the Encryptor.fixedIV.
-#
-# Valid values:		random|fixed|specified		'specified' not yet implemented; planned for 2.3
-#                                               'fixed' is deprecated as of 2.2
-#                                               and will be removed in 2.3.
+# (All cipher modes except ECB require an IV.) Previously there were two choices: we can either
+# use a fixed IV known to both parties or allow ESAPI to choose a random IV. The
+# former was deprecated in ESAPI 2.2 and removed in ESAPI 2.3. It was not secure
+# because the Encryptor (as are all the other major ESAPI components) is a
+# singleton and thus the same IV would get reused each time. It was not a
+# well-thought out plan. (To do it correctly means we need to add a setIV() method
+# and get rid of the Encryptor singleton, thus it will not happen until 3.0.)
+# However, while the IV does not need to be hidden from adversaries, it is important that the
+# adversary not be allowed to choose it. Thus for now, ESAPI just chooses a random IV.
+# Originally there was plans to allow a developer to provide a class and method
+# name to define a custom static method to generate an IV, but that is just
+# trouble waiting to happen. Thus in effect, the ONLY acceptable property value
+# for this property is "random". In the not too distant future (possibly the
+# next release), I will be removing it, but for now I am leaving this and
+# checking for it so a ConfigurationException can be thrown if anyone using
+# ESAPI ignored the deprecation warning message and still has it set to "fixed".
+#
+# Valid values:		random
 Encryptor.ChooseIVMethod=random
 
 
-# If you choose to use a fixed IV, then you must place a fixed IV here that
-# is known to all others who are sharing your secret key. The format should
-# be a hex string that is the same length as the cipher block size for the
-# cipher algorithm that you are using. The following is an *example* for AES
-# from an AES test vector for AES-128/CBC as described in:
-# NIST Special Publication 800-38A (2001 Edition)
-# "Recommendation for Block Cipher Modes of Operation".
-# (Note that the block size for AES is 16 bytes == 128 bits.)
-#
-#   @Deprecated -- fixed IVs are deprecated as of the 2.2 release and support
-#                  will be removed in the next release (tentatively, 2.3).
-#                  If you MUST use this, at least replace this IV with one
-#                  that your legacy application was using.
-Encryptor.fixedIV=0x000102030405060708090a0b0c0d0e0f
-
 # Whether or not CipherText should use a message authentication code (MAC) with it.
 # This prevents an adversary from altering the IV as well as allowing a more
 # fool-proof way of determining the decryption failed because of an incorrect
diff --git a/documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html b/documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html
index b0c8bf945..d0ecfb2f9 100644
--- a/documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html
+++ b/documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html
@@ -149,8 +149,9 @@ <H2>ESAPI.properties Properties Relevant to Symmetric Encryption</H2>
 			compatibility with legacy or third party software. If set to
 			“fixed”, then the property Encryptor.fixedIV must also be
 			set to hex-encoded specific IV that you need to use.
-            <B>NOTE:</B> "fixed" is deprecated and will be removed by
-            release 2.3.
+            <B>NOTE:</B> "fixed" had been deprecated since 2.2.0.0 and finally
+            was removed for release 2.3.0.0. Using it in versions 2.3.0.0 or
+            later will result in a <code>ConfigurationException</code> being thrown.
             </FONT></P><P><FONT SIZE=2>
             <B>CAUTION:</B> While it is not required that the IV be kept
             secret, encryption relying on fixed IVs can lead to a known
diff --git a/src/main/java/org/owasp/esapi/SecurityConfiguration.java b/src/main/java/org/owasp/esapi/SecurityConfiguration.java
index d21a7eba4..27c4af964 100644
--- a/src/main/java/org/owasp/esapi/SecurityConfiguration.java
+++ b/src/main/java/org/owasp/esapi/SecurityConfiguration.java
@@ -389,35 +389,22 @@ public interface SecurityConfiguration extends EsapiPropertyLoader {
      * fixed IVs, but the use of non-random IVs is inherently insecure,
      * especially for any supported cipher mode that is considered a streaming mode
      * (which is basically anything except CBC for modes that support require an IV).
-     * For this reason, 'fixed' is considered <b>deprecated</b> and will be
-     * removed during the next ESAPI point release (tentatively, 2.3).
-     * However, note that if a "fixed" IV is chosen, then the
-     * the value of this fixed IV must be specified as the property
-     * {@code Encryptor.fixedIV} and be of the appropriate length.
+     * For this reason, 'fixed' has now been removed (it was considered <b>deprecated</b>
+     * since release 2.2.0.0). An <b>ESAPI.properties</b> value of {@Code fixed} for the property
+     * {@Code Encryptor.ChooseIVMethod} will now result in a {@Code ConfigurationException}
+     * being thrown.
      * 
-     * @return A string specifying the IV type. Should be "random" or "fixed" (dereprected).
+     * @return A string specifying the IV type. Should be "random". Anything
+     * else should fail with a {@Code ConfigurationException} being thrown.
      * 
      * @see #getFixedIV()
      * @deprecated Use SecurityConfiguration.getStringProp("appropriate_esapi_prop_name") instead.
+     *             This method will be removed in a future release as it is now moot since
+     *             it can only legitimately have the single value of "random".
      */
 	@Deprecated
     String getIVType();
     
-    /**
-     * If a "fixed" (i.e., static) Initialization Vector (IV) is to be used,
-     * this will return the IV value as a hex-encoded string.
-     * @return The fixed IV as a hex-encoded string.
-     * @deprecated Short term: use SecurityConfiguration.getByteArrayProp("appropriate_esapi_prop_name")
-     *             instead. Longer term: There will be a more general method in JavaEncryptor
-     *             to explicitly set an IV. This whole concept of a single fixed IV has
-     *             always been a kludge at best, as a concession to those who have used
-     *             a single fixed IV in the past to support legacy applications. This method will be
-     *             killed off in the next ESAPI point release (likely 2.3). It's time to put it to death
-     *             as it was never intended for production in the first place.
-     */
-	@Deprecated
-    String getFixedIV();
-    
     /**
      * Return a {@code List} of strings of combined cipher modes that support
      * <b>both</b> confidentiality and authenticity. These would be preferred
diff --git a/src/main/java/org/owasp/esapi/crypto/CipherText.java b/src/main/java/org/owasp/esapi/crypto/CipherText.java
index 1047116fa..a23aaedc5 100644
--- a/src/main/java/org/owasp/esapi/crypto/CipherText.java
+++ b/src/main/java/org/owasp/esapi/crypto/CipherText.java
@@ -320,11 +320,10 @@ public int getRawCipherTextByteLength() {
      * base64-encoding is performed.
      * <p>
      * If there is a need to store an encrypted value, say in a database, this
-     * is <i>not</i> the method you should use unless you are using a <i>fixed</i>
-     * IV or are planning on retrieving the IV and storing it somewhere separately
-     * (e.g., a different database column). If you are <i>not</i> using a fixed IV
-     * (which is <strong>highly</strong> discouraged), you should normally use
-     * {@link #getEncodedIVCipherText()} instead.
+     * is <i>not</i> the method you should use unless you are using are storing the
+     * IV separately (i.e., in a separate DB column), which doesn't make a lot of sense.
+     * Normally, you should prefer the method {@link #getEncodedIVCipherText()} instead as
+     * it will return the IV prepended to the ciphertext.
      * </p>
      * @see #getEncodedIVCipherText()
      */
@@ -338,11 +337,6 @@ public String getBase64EncodedRawCipherText() {
      * base64-encoding. If an IV is not used, then this method returns the same
      * value as {@link #getBase64EncodedRawCipherText()}.
      * <p>
-     * Generally, this is the method that you should use unless you only
-     * are using a fixed IV and a storing that IV separately, in which case
-     * using {@link #getBase64EncodedRawCipherText()} can reduce the storage
-     * overhead.
-     * </p>
      * @return The base64-encoded ciphertext or base64-encoded IV + ciphertext.
      * @see #getBase64EncodedRawCipherText()
      */
@@ -591,8 +585,8 @@ public void setIVandCiphertext(byte[] iv, byte[] ciphertext)
 // TODO: FIXME: As per email from Jeff Walton to Kevin Wall dated 12/03/2013,
 //            this is not always true. E.g., for CCM, the IV length is supposed
 //            to be 7, 8,  7, 8, 9, 10, 11, 12, or 13 octets because of
-//            it's formatting function, the restof the octets used by the
-//            nonce/counter.
+//            it's formatting function, the rest of the octets are used by the
+//            nonce/counter. E.g., see RFCs 4309, 8750, and related RFCs.
                     throw new EncryptionException("Encryption failed -- bad parameters passed to encrypt",  // DISCUSS - also log? See below.
                                                   "IV length does not match cipher block size of " + getBlockSize());
             }
diff --git a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
index 5a96c76d8..3e80055d3 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultSecurityConfiguration.java
@@ -121,10 +121,9 @@ public static SecurityConfiguration getInstance() {
     public static final String CIPHER_TRANSFORMATION_IMPLEMENTATION = "Encryptor.CipherTransformation";
     public static final String CIPHERTEXT_USE_MAC = "Encryptor.CipherText.useMAC";
     public static final String PLAINTEXT_OVERWRITE = "Encryptor.PlainText.overwrite";
-    public static final String IV_TYPE = "Encryptor.ChooseIVMethod";
 
     @Deprecated
-    public static final String FIXED_IV = "Encryptor.fixedIV";
+    public static final String IV_TYPE = "Encryptor.ChooseIVMethod";    // Will be removed in future release.
 
     public static final String COMBINED_CIPHER_MODES = "Encryptor.cipher_modes.combined_modes";
     public static final String ADDITIONAL_ALLOWED_CIPHER_MODES = "Encryptor.cipher_modes.additional_allowed";
@@ -251,6 +250,13 @@ public static SecurityConfiguration getInstance() {
      */
     public DefaultSecurityConfiguration(Properties properties) {
     	resourceFile = DEFAULT_RESOURCE_FILE;
+    	try {
+            this.esapiPropertyManager = new EsapiPropertyManager();
+            // Do NOT call loadConfiguration() here!
+        } catch( IOException e ) {
+	        logSpecial("Failed to load security configuration", e );
+	        throw new ConfigurationException("Failed to load security configuration", e);
+        }
     	this.properties = properties; 
     	this.setCipherXProperties();
     }
@@ -265,7 +271,7 @@ private void setCipherXProperties() {
 		// TODO: FUTURE: Replace by future CryptoControls class???
 		// See SecurityConfiguration.setCipherTransformation() for
 		// explanation of this.
-        // (Propose this in 2.1 via future email to ESAPI-DEV list.)
+        // (Propose this in a future 2.x release via future email to ESAPI-DEV list.)
 		cipherXformFromESAPIProp =
 			getESAPIProperty(CIPHER_TRANSFORMATION_IMPLEMENTATION,
 							 "AES/CBC/PKCS5Padding");
@@ -832,49 +838,26 @@ public boolean overwritePlainText() {
     /**
 	 * {@inheritDoc}
 	 */
+    @Deprecated
     public String getIVType() {
     	String value = getESAPIProperty(IV_TYPE, "random");
     	if ( value.equalsIgnoreCase("random") ) {
             return value;
         } else if ( value.equalsIgnoreCase("fixed") ) {
-            logSpecial("WARNING: Property '" + IV_TYPE + "=fixed' is DEPRECATED. It was intended to support legacy applications, but is inherently insecure, especially with any streaming mode. Support for this will be completed dropped next ESAPI minor release (probably 2.3");
-    		return value;
+            logSpecial("WARNING: Property '" + IV_TYPE + "=fixed' is no longer supported AT ALL!!! It had been deprecated since 2.2.0.0 and back then, was announced it would be removed in release 2.3.0.0. It was originally intended to support legacy applications, but is inherently insecure, especially with any streaming mode.");
+    		throw new ConfigurationException("'" + IV_TYPE + "=fixed' is no longer supported AT ALL. It has been deprecated since release 2.2 and has been removed since 2.3.");
     	} else if ( value.equalsIgnoreCase("specified") ) {
-    		// This is planned for future implementation where setting
-    		// Encryptor.ChooseIVMethod=specified   will require setting some
-    		// other TBD property that will specify an implementation class that
-    		// will generate appropriate IVs. The intent of this would be to use
-    		// such a class with various feedback modes where it is imperative
-    		// that for a given key, any particular IV is *NEVER* reused. For
-    		// now, we will assume that generating a random IV is usually going
-    		// to be sufficient to prevent this.
-    		throw new ConfigurationException("'" + IV_TYPE + "=specified' is not yet implemented. Use 'random' for now.");
-    	} else {
-    		// TODO: Once 'specified' is legal, adjust exception msg, below.
-    		// DISCUSS: Could just log this and then silently return "random" instead.
-    		throw new ConfigurationException(value + " is illegal value for " + IV_TYPE +
-    										 ". Use 'random'.");
-    	}
-    }
-
-    /**
-	 * {@inheritDoc}
-	 */
-    @Deprecated
-    public String getFixedIV() {
-    	if ( getIVType().equalsIgnoreCase("fixed") ) {
-    		String ivAsHex = getESAPIProperty(FIXED_IV, ""); // No default
-    		if ( ivAsHex == null || ivAsHex.trim().equals("") ) {
-    			throw new ConfigurationException("Fixed IV requires property " +
-    						FIXED_IV + " to be set, but it is not.");
-    		}
-    		return ivAsHex;		// We do no further checks here as we have no context.
+    		// Originally, this was planned for future implementation where setting
+    		//      Encryptor.ChooseIVMethod=specified
+            // would have allowed a dev to write their own static method to be
+            // invoked in a future TBD property, but that is a recipe for
+            // disaster. So, it's not going to happen. Ever.
+    		throw new ConfigurationException("Contrary to previous internal comments, '" + IV_TYPE + "=specified' is not going to be supported -- ever.");
     	} else {
-    		// DISCUSS: Should we just log a warning here and return null instead?
-    		//			If so, may cause NullPointException somewhere later.
-    		throw new ConfigurationException("IV type not 'fixed' [which is DEPRECATED!] (set to '" +
-    										 getIVType() + "'), so no fixed IV applicable.");
+    		logSpecial("WARNING: '" + value + "' is illegal value for " + IV_TYPE +
+    										 ". Using 'random' for the IV type.");
     	}
+        return "random";
     }
 
     /**
diff --git a/src/main/java/org/owasp/esapi/reference/crypto/JavaEncryptor.java b/src/main/java/org/owasp/esapi/reference/crypto/JavaEncryptor.java
index 64d3e7561..63022925e 100644
--- a/src/main/java/org/owasp/esapi/reference/crypto/JavaEncryptor.java
+++ b/src/main/java/org/owasp/esapi/reference/crypto/JavaEncryptor.java
@@ -464,25 +464,10 @@ public CipherText encrypt(SecretKey key, PlainText plain)
                  IvParameterSpec ivSpec = null;
                  if ( ivType.equalsIgnoreCase("random") ) {
                      ivBytes = ESAPI.randomizer().getRandomBytes(encrypter.getBlockSize());
-                 } else if ( ivType.equalsIgnoreCase("fixed") ) {
-                     String fixedIVAsHex = ESAPI.securityConfiguration().getFixedIV();
-                     ivBytes = Hex.decode(fixedIVAsHex);
-                     /* FUTURE       } else if ( ivType.equalsIgnoreCase("specified")) {
-                            // FUTURE - TODO  - Create instance of specified class to use for IV generation and
-                            //                   use it to create the ivBytes. (The intent is to make sure that
-                            //                   1) IVs are never repeated for cipher modes like OFB and CFB, and
-                            //                   2) to screen for weak IVs for the particular cipher algorithm.
-                            //      In meantime, use 'random' for block cipher in feedback mode. Unlikely they will
-                            //      be repeated unless you are salting SecureRandom with same value each time. Anything
-                            //      monotonically increasing should be suitable, like a counter, but need to remember
-                            //      it across JVM restarts. Was thinking of using System.currentTimeMillis(). While
-                            //      it's not perfect it probably is good enough. Could even all (advanced) developers
-                            //      to define their own class to create a unique IV to allow them some choice, but
-                            //      definitely need to provide a safe, default implementation.
-                      */
                  } else {
-                     // TODO: Update to add 'specified' once that is supported and added above.
-                     throw new ConfigurationException("Property Encryptor.ChooseIVMethod must be set to 'random' or 'fixed'");
+                     // This really shouldn't happen here. Show catch it a few
+                     // lines above.
+                     throw new ConfigurationException("Property Encryptor.ChooseIVMethod must be set to 'random'.");
                  }
                  ivSpec = new IvParameterSpec(ivBytes);
                  cipherSpec.setIV(ivBytes);
diff --git a/src/test/java/org/owasp/esapi/SecurityConfigurationWrapper.java b/src/test/java/org/owasp/esapi/SecurityConfigurationWrapper.java
index 2c54a93f5..a051d6f39 100644
--- a/src/test/java/org/owasp/esapi/SecurityConfigurationWrapper.java
+++ b/src/test/java/org/owasp/esapi/SecurityConfigurationWrapper.java
@@ -291,14 +291,6 @@ public String getIVType()
 		return wrapped.getIVType();
 	}
 
-	/**
-	 * {@inheritDoc}
-	 */
-	// @Override
-	public String getFixedIV()
-	{
-		return wrapped.getFixedIV();
-	}
 
 	/**
 	 * {@inheritDoc}
diff --git a/src/test/java/org/owasp/esapi/crypto/CipherSpecTest.java b/src/test/java/org/owasp/esapi/crypto/CipherSpecTest.java
index 8f808880f..81cde6a52 100644
--- a/src/test/java/org/owasp/esapi/crypto/CipherSpecTest.java
+++ b/src/test/java/org/owasp/esapi/crypto/CipherSpecTest.java
@@ -29,10 +29,7 @@ public class CipherSpecTest extends TestCase {
 	private byte[] myIV = null;
 
 	@Before public void setUp() throws Exception {
-			// This will throw ConfigurationException if IV type is not set to
-			// 'fixed', which it's not. (We have it set to 'random'.)
-		// myIV = Hex.decode( ESAPI.securityConfiguration().getFixedIV() );
-		myIV = Hex.decode( "0x000102030405060708090a0b0c0d0e0f" );
+		myIV = Hex.decode( "0x000102030405060708090a0b0c0d0e0f" ); // Any IV to test w/ will do.
 
 		dfltAESCipher   = Cipher.getInstance("AES");
 		dfltECBCipher   = Cipher.getInstance("AES/ECB/NoPadding");
diff --git a/src/test/java/org/owasp/esapi/reference/DefaultSecurityConfigurationTest.java b/src/test/java/org/owasp/esapi/reference/DefaultSecurityConfigurationTest.java
index 161b5ab69..d0c3e6dc2 100644
--- a/src/test/java/org/owasp/esapi/reference/DefaultSecurityConfigurationTest.java
+++ b/src/test/java/org/owasp/esapi/reference/DefaultSecurityConfigurationTest.java
@@ -8,8 +8,10 @@
 import static org.junit.Assert.fail;
 
 import java.util.regex.Pattern;
+import java.util.Properties;
 
 import org.junit.Test;
+
 import org.owasp.esapi.ESAPI;
 import org.owasp.esapi.Logger;
 import org.owasp.esapi.SecurityConfiguration;
@@ -19,7 +21,7 @@
 public class DefaultSecurityConfigurationTest {
 
 	private DefaultSecurityConfiguration createWithProperty(String key, String val) {
-		java.util.Properties properties = new java.util.Properties();
+		Properties properties = new Properties();
 		properties.setProperty(key, val);
 		return new DefaultSecurityConfiguration(properties);
 	}
@@ -34,7 +36,7 @@ public void testGetApplicationName() {
 	@Test
 	public void testGetLogImplementation() {
 		//test the default
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
+		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new Properties());
 		assertEquals(DefaultSecurityConfiguration.DEFAULT_LOG_IMPLEMENTATION, secConf.getLogImplementation());
 		
 		final String expected = "TestLogger";
@@ -45,7 +47,7 @@ public void testGetLogImplementation() {
 	@Test
 	public void testAuthenticationImplementation() {
 		//test the default
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
+		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new Properties());
 		assertEquals(DefaultSecurityConfiguration.DEFAULT_AUTHENTICATION_IMPLEMENTATION, secConf.getAuthenticationImplementation());
 		
 		final String expected = "TestAuthentication";
@@ -56,7 +58,7 @@ public void testAuthenticationImplementation() {
 	@Test
 	public void testEncoderImplementation() {
 		//test the default
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
+		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new Properties());
 		assertEquals(DefaultSecurityConfiguration.DEFAULT_ENCODER_IMPLEMENTATION, secConf.getEncoderImplementation());
 		
 		final String expected = "TestEncoder";
@@ -67,7 +69,7 @@ public void testEncoderImplementation() {
 	@Test
 	public void testAccessControlImplementation() {
 		//test the default
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
+		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new Properties());
 		assertEquals(DefaultSecurityConfiguration.DEFAULT_ACCESS_CONTROL_IMPLEMENTATION, secConf.getAccessControlImplementation());
 		
 		final String expected = "TestAccessControl";
@@ -78,7 +80,7 @@ public void testAccessControlImplementation() {
 	@Test
 	public void testEncryptionImplementation() {
 		//test the default
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
+		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new Properties());
 		assertEquals(DefaultSecurityConfiguration.DEFAULT_ENCRYPTION_IMPLEMENTATION, secConf.getEncryptionImplementation());
 		
 		final String expected = "TestEncryption";
@@ -89,7 +91,7 @@ public void testEncryptionImplementation() {
 	@Test
 	public void testIntrusionDetectionImplementation() {
 		//test the default
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
+		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new Properties());
 		assertEquals(DefaultSecurityConfiguration.DEFAULT_INTRUSION_DETECTION_IMPLEMENTATION, secConf.getIntrusionDetectionImplementation());
 		
 		final String expected = "TestIntrusionDetection";
@@ -100,7 +102,7 @@ public void testIntrusionDetectionImplementation() {
 	@Test
 	public void testRandomizerImplementation() {
 		//test the default
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
+		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new Properties());
 		assertEquals(DefaultSecurityConfiguration.DEFAULT_RANDOMIZER_IMPLEMENTATION, secConf.getRandomizerImplementation());
 		
 		final String expected = "TestRandomizer";
@@ -111,7 +113,7 @@ public void testRandomizerImplementation() {
 	@Test
 	public void testExecutorImplementation() {
 		//test the default
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
+		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new Properties());
 		assertEquals(DefaultSecurityConfiguration.DEFAULT_EXECUTOR_IMPLEMENTATION, secConf.getExecutorImplementation());
 		
 		final String expected = "TestExecutor";
@@ -122,7 +124,7 @@ public void testExecutorImplementation() {
 	@Test
 	public void testHTTPUtilitiesImplementation() {
 		//test the default
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
+		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new Properties());
 		assertEquals(DefaultSecurityConfiguration.DEFAULT_HTTP_UTILITIES_IMPLEMENTATION, secConf.getHTTPUtilitiesImplementation());
 		
 		final String expected = "TestHTTPUtilities";
@@ -133,7 +135,7 @@ public void testHTTPUtilitiesImplementation() {
 	@Test
 	public void testValidationImplementation() {
 		//test the default
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
+		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new Properties());
 		assertEquals(DefaultSecurityConfiguration.DEFAULT_VALIDATOR_IMPLEMENTATION, secConf.getValidationImplementation());
 		
 		final String expected = "TestValidation";
@@ -144,7 +146,7 @@ public void testValidationImplementation() {
 	@Test
 	public void testGetEncryptionKeyLength() {
 		// test the default
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
+		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new Properties());
 		assertEquals(128, secConf.getEncryptionKeyLength());
 		
 		final int expected = 256;
@@ -155,7 +157,7 @@ public void testGetEncryptionKeyLength() {
 	@Test
 	public void testGetKDFPseudoRandomFunction() {
 		// test the default
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
+		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new Properties());
 		assertEquals("HmacSHA256", secConf.getKDFPseudoRandomFunction());
 		
 		final String expected = "HmacSHA1";
@@ -166,7 +168,7 @@ public void testGetKDFPseudoRandomFunction() {
 	@Test
 	public void testGetMasterSalt() {
 		try {
-			DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
+			DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new Properties());
 			secConf.getMasterSalt();
 			fail("Expected Exception not thrown");
 		}
@@ -176,7 +178,7 @@ public void testGetMasterSalt() {
 		
 		final String salt = "53081";
 		final String property = ESAPI.encoder().encodeForBase64(salt.getBytes(), false);
-		java.util.Properties properties = new java.util.Properties();
+		Properties properties = new Properties();
 		properties.setProperty(DefaultSecurityConfiguration.MASTER_SALT, property);
 		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(properties);
 		assertEquals(salt, new String(secConf.getMasterSalt()));
@@ -184,7 +186,7 @@ public void testGetMasterSalt() {
 	
 	@Test
 	public void testGetAllowedExecutables() {
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
+		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new Properties());
 		java.util.List<String> allowedExecutables = secConf.getAllowedExecutables();
 		
 		//is this really what should be returned? what about an empty list?
@@ -192,7 +194,7 @@ public void testGetAllowedExecutables() {
 		assertEquals("", allowedExecutables.get(0));
 		
 		
-		java.util.Properties properties = new java.util.Properties();
+		Properties properties = new Properties();
 		properties.setProperty(DefaultSecurityConfiguration.APPROVED_EXECUTABLES, String.valueOf("/bin/bzip2,/bin/diff, /bin/cvs"));
 		secConf = new DefaultSecurityConfiguration(properties);
 		allowedExecutables = secConf.getAllowedExecutables();
@@ -208,12 +210,12 @@ public void testGetAllowedExecutables() {
 	@Test
 	public void testGetAllowedFileExtensions() {
 		
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
+		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new Properties());
 		java.util.List<String> allowedFileExtensions = secConf.getAllowedFileExtensions();
 		assertFalse(allowedFileExtensions.isEmpty());
 		
 		
-		java.util.Properties properties = new java.util.Properties();
+		Properties properties = new Properties();
 		properties.setProperty(DefaultSecurityConfiguration.APPROVED_UPLOAD_EXTENSIONS, String.valueOf(".txt,.xml,.html,.png"));
 		secConf = new DefaultSecurityConfiguration(properties);
 		allowedFileExtensions = secConf.getAllowedFileExtensions();
@@ -223,7 +225,7 @@ public void testGetAllowedFileExtensions() {
 	
 	@Test
 	public void testGetAllowedFileUploadSize() {
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
+		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new Properties());
 		//assert that the default is of some reasonable size
 		assertTrue(secConf.getAllowedFileUploadSize() > (1024 * 100));
 		
@@ -235,11 +237,11 @@ public void testGetAllowedFileUploadSize() {
 	@Test
 	public void testGetParameterNames() {
 		//test the default
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
+		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new Properties());
 		assertEquals("password", secConf.getPasswordParameterName());
 		assertEquals("username", secConf.getUsernameParameterName());
 		
-		java.util.Properties properties = new java.util.Properties();
+		Properties properties = new Properties();
 		properties.setProperty(DefaultSecurityConfiguration.PASSWORD_PARAMETER_NAME, "j_password");
 		properties.setProperty(DefaultSecurityConfiguration.USERNAME_PARAMETER_NAME, "j_username");
 		secConf = new DefaultSecurityConfiguration(properties);
@@ -250,7 +252,7 @@ public void testGetParameterNames() {
 	@Test
 	public void testGetEncryptionAlgorithm() {
 		//test the default
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
+		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new Properties());
 		assertEquals("AES", secConf.getEncryptionAlgorithm());
 		
 		secConf = this.createWithProperty(DefaultSecurityConfiguration.ENCRYPTION_ALGORITHM, "3DES");
@@ -259,11 +261,11 @@ public void testGetEncryptionAlgorithm() {
 	
 	@Test
 	public void testGetCipherXProperties() {
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
+		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new Properties());
 		assertEquals("AES/CBC/PKCS5Padding", secConf.getCipherTransformation());
 		//assertEquals("AES/CBC/PKCS5Padding", secConf.getC);
 		
-		java.util.Properties properties = new java.util.Properties();
+		Properties properties = new Properties();
 		properties.setProperty(DefaultSecurityConfiguration.CIPHER_TRANSFORMATION_IMPLEMENTATION, "Blowfish/CFB/ISO10126Padding");
 		secConf = new DefaultSecurityConfiguration(properties);
 		assertEquals("Blowfish/CFB/ISO10126Padding", secConf.getCipherTransformation());
@@ -274,47 +276,35 @@ public void testGetCipherXProperties() {
 		secConf.setCipherTransformation(null);//sets it back to default
 		assertEquals("Blowfish/CFB/ISO10126Padding", secConf.getCipherTransformation());
 	}
-	
+
+	// NOTE: When SecurityConfiguration.getIVType() is finally removed, this test can be as well.
 	@Test
 	public void testIV() {
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
-		assertEquals("random", secConf.getIVType());
+		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new Properties());
+		assertEquals("random", secConf.getIVType());    // Ensure that 'random' is the default type for getIVType().
+
+        Properties props = new Properties();
+        String ivType = null;
+        props.setProperty(DefaultSecurityConfiguration.IV_TYPE, "fixed");  // No longer supported.
+
+        secConf = new DefaultSecurityConfiguration( props );
 		try {
-			secConf.getFixedIV();
-			fail();
+			ivType = secConf.getIVType();    // This should now throw a Configuration Exception.
+			fail("Expected ConfigurationException to be thrown for " + DefaultSecurityConfiguration.IV_TYPE + "=" + ivType);
 		}
 		catch (ConfigurationException ce) {
 			assertNotNull(ce.getMessage());
 		}
 		
-		java.util.Properties properties = new java.util.Properties();
-		properties.setProperty(DefaultSecurityConfiguration.IV_TYPE, "fixed");
-		properties.setProperty(DefaultSecurityConfiguration.FIXED_IV, "ivValue");
-		secConf = new DefaultSecurityConfiguration(properties);
-		assertEquals("fixed", secConf.getIVType());
-		assertEquals("ivValue", secConf.getFixedIV());
-		
-		properties.setProperty(DefaultSecurityConfiguration.IV_TYPE, "illegal");
-		secConf = new DefaultSecurityConfiguration(properties);
-		try {
-			secConf.getIVType();
-			fail();
-		}
-		catch (ConfigurationException ce) {
-			assertNotNull(ce.getMessage());
-		}
-		try {
-			secConf.getFixedIV();
-			fail();
-		}
-		catch (ConfigurationException ce) {
-			assertNotNull(ce.getMessage());
-		}
+		props.setProperty(DefaultSecurityConfiguration.IV_TYPE, "illegal");	// This will just result in a logSpecial message & "random" is returned.
+		secConf = new DefaultSecurityConfiguration(props);
+		ivType = secConf.getIVType();
+		assertEquals(ivType, "random");
 	}
 	
 	@Test
 	public void testGetAllowMultipleEncoding() {
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
+		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new Properties());
 		assertFalse(secConf.getAllowMultipleEncoding());
 		
 		secConf = this.createWithProperty(DefaultSecurityConfiguration.ALLOW_MULTIPLE_ENCODING, "yes");
@@ -329,7 +319,7 @@ public void testGetAllowMultipleEncoding() {
 	
 	@Test
 	public void testGetDefaultCanonicalizationCodecs() {
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
+		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new Properties());
 		assertFalse(secConf.getDefaultCanonicalizationCodecs().isEmpty());
 		
 		String property = "org.owasp.esapi.codecs.TestCodec1,org.owasp.esapi.codecs.TestCodec2";
@@ -339,7 +329,7 @@ public void testGetDefaultCanonicalizationCodecs() {
 	
 	@Test
 	public void testGetDisableIntrusionDetection() {
-		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new java.util.Properties());
+		DefaultSecurityConfiguration secConf = new DefaultSecurityConfiguration(new Properties());
 		assertFalse(secConf.getDisableIntrusionDetection());
 		
 		secConf = this.createWithProperty(DefaultSecurityConfiguration.DISABLE_INTRUSION_DETECTION, "TRUE");
diff --git a/src/test/resources/esapi/ESAPI-CommaValidatorFileChecker.properties b/src/test/resources/esapi/ESAPI-CommaValidatorFileChecker.properties
index ddaa1b8e9..5f10329c6 100644
--- a/src/test/resources/esapi/ESAPI-CommaValidatorFileChecker.properties
+++ b/src/test/resources/esapi/ESAPI-CommaValidatorFileChecker.properties
@@ -259,9 +259,6 @@ Encryptor.cipher_modes.combined_modes=GCM,CCM,IAPM,EAX,OCB,CWC
 # Additional cipher modes allowed for ESAPI 2.0 encryption. These
 # cipher modes are in _addition_ to those specified by the property
 # 'Encryptor.cipher_modes.combined_modes'.
-# Note: We will add support for streaming modes like CFB & OFB once
-# we add support for 'specified' to the property 'Encryptor.ChooseIVMethod'
-# (probably in ESAPI 2.1).
 #
 #	IMPORTANT NOTE:	In the official ESAPI.properties we do *NOT* include ECB
 #					here as this is an extremely weak mode. However, we *must*
@@ -284,29 +281,26 @@ Encryptor.EncryptionKeyLength=128
 # Min key length - to support testing with 2TDEA
 Encryptor.MinEncryptionKeyLength=112
 
-# Because 2.0 uses CBC mode by default, it requires an initialization vector (IV).
-# (All cipher modes except ECB require an IV.) There are two choices: we can either
-# use a fixed IV known to both parties or allow ESAPI to choose a random IV. While
-# the IV does not need to be hidden from adversaries, it is important that the
-# adversary not be allowed to choose it. Also, random IVs are generally much more
-# secure than fixed IVs. (In fact, it is essential that feed-back cipher modes
-# such as CFB and OFB use a different IV for each encryption with a given key so
-# in such cases, random IVs are much preferred. By default, ESAPI 2.0 uses random
-# IVs. If you wish to use 'fixed' IVs, set 'Encryptor.ChooseIVMethod=fixed' and
-# uncomment the Encryptor.fixedIV.
-#
-# Valid values:		random|fixed|specified		'specified' not yet implemented; planned for 2.1
+# Because 2.x uses CBC mode by default, it requires an initialization vector (IV).
+# (All cipher modes except ECB require an IV.) Previously there were two choices: we can either
+# use a fixed IV known to both parties or allow ESAPI to choose a random IV. The
+# former was deprecated in ESAPI 2.2 and removed in ESAPI 2.3. It was not secure
+# because the Encryptor (as are all the other major ESAPI components) is a
+# singleton and thus the same IV would get reused each time. It was not a
+# well-thought out plan. (To do it correctly means we need to add a setIV() method
+# and get rid of the Encryptor singleton, thus it will not happen until 3.0.)
+# However, while the IV does not need to be hidden from adversaries, it is important that the
+# adversary not be allowed to choose it. Thus for now, ESAPI just chooses a random IV.
+# Originally there was plans to allow a developer to provide a class and method
+# name to define a custom static method to generate an IV, but that is just
+# trouble waiting to happen. Thus in effect, the ONLY acceptable property value
+# for this property is "random". In the not too distant future (possibly the
+# next release), I will be removing it, but for now I am leaving this and
+# checking for it so a ConfigurationException can be thrown if anyone using
+# ESAPI ignored the deprecation warning message and still has it set to "fixed".
+#
+# Valid values:		random
 Encryptor.ChooseIVMethod=random
-# If you choose to use a fixed IV, then you must place a fixed IV here that
-# is known to all others who are sharing your secret key. The format should
-# be a hex string that is the same length as the cipher block size for the
-# cipher algorithm that you are using. The following is an example for AES
-# from an AES test vector for AES-128/CBC as described in:
-# NIST Special Publication 800-38A (2001 Edition)
-# "Recommendation for Block Cipher Modes of Operation".
-# (Note that the block size for AES is 16 bytes == 128 bits.)
-#
-Encryptor.fixedIV=0x000102030405060708090a0b0c0d0e0f
 
 # Whether or not CipherText should use a message authentication code (MAC) with it.
 # This prevents an adversary from altering the IV as well as allowing a more
diff --git a/src/test/resources/esapi/ESAPI-DualValidatorFileChecker.properties b/src/test/resources/esapi/ESAPI-DualValidatorFileChecker.properties
index 88c10b6f9..74e645a20 100644
--- a/src/test/resources/esapi/ESAPI-DualValidatorFileChecker.properties
+++ b/src/test/resources/esapi/ESAPI-DualValidatorFileChecker.properties
@@ -259,9 +259,6 @@ Encryptor.cipher_modes.combined_modes=GCM,CCM,IAPM,EAX,OCB,CWC
 # Additional cipher modes allowed for ESAPI 2.0 encryption. These
 # cipher modes are in _addition_ to those specified by the property
 # 'Encryptor.cipher_modes.combined_modes'.
-# Note: We will add support for streaming modes like CFB & OFB once
-# we add support for 'specified' to the property 'Encryptor.ChooseIVMethod'
-# (probably in ESAPI 2.1).
 #
 #	IMPORTANT NOTE:	In the official ESAPI.properties we do *NOT* include ECB
 #					here as this is an extremely weak mode. However, we *must*
@@ -285,29 +282,26 @@ Encryptor.EncryptionKeyLength=128
 # Min key length - to support testing with 2TDEA
 Encryptor.MinEncryptionKeyLength=112
 
-# Because 2.0 uses CBC mode by default, it requires an initialization vector (IV).
-# (All cipher modes except ECB require an IV.) There are two choices: we can either
-# use a fixed IV known to both parties or allow ESAPI to choose a random IV. While
-# the IV does not need to be hidden from adversaries, it is important that the
-# adversary not be allowed to choose it. Also, random IVs are generally much more
-# secure than fixed IVs. (In fact, it is essential that feed-back cipher modes
-# such as CFB and OFB use a different IV for each encryption with a given key so
-# in such cases, random IVs are much preferred. By default, ESAPI 2.0 uses random
-# IVs. If you wish to use 'fixed' IVs, set 'Encryptor.ChooseIVMethod=fixed' and
-# uncomment the Encryptor.fixedIV.
-#
-# Valid values:		random|fixed|specified		'specified' not yet implemented; planned for 2.1
+# Because 2.x uses CBC mode by default, it requires an initialization vector (IV).
+# (All cipher modes except ECB require an IV.) Previously there were two choices: we can either
+# use a fixed IV known to both parties or allow ESAPI to choose a random IV. The
+# former was deprecated in ESAPI 2.2 and removed in ESAPI 2.3. It was not secure
+# because the Encryptor (as are all the other major ESAPI components) is a
+# singleton and thus the same IV would get reused each time. It was not a
+# well-thought out plan. (To do it correctly means we need to add a setIV() method
+# and get rid of the Encryptor singleton, thus it will not happen until 3.0.)
+# However, while the IV does not need to be hidden from adversaries, it is important that the
+# adversary not be allowed to choose it. Thus for now, ESAPI just chooses a random IV.
+# Originally there was plans to allow a developer to provide a class and method
+# name to define a custom static method to generate an IV, but that is just
+# trouble waiting to happen. Thus in effect, the ONLY acceptable property value
+# for this property is "random". In the not too distant future (possibly the
+# next release), I will be removing it, but for now I am leaving this and
+# checking for it so a ConfigurationException can be thrown if anyone using
+# ESAPI ignored the deprecation warning message and still has it set to "fixed".
+#
+# Valid values:		random
 Encryptor.ChooseIVMethod=random
-# If you choose to use a fixed IV, then you must place a fixed IV here that
-# is known to all others who are sharing your secret key. The format should
-# be a hex string that is the same length as the cipher block size for the
-# cipher algorithm that you are using. The following is an example for AES
-# from an AES test vector for AES-128/CBC as described in:
-# NIST Special Publication 800-38A (2001 Edition)
-# "Recommendation for Block Cipher Modes of Operation".
-# (Note that the block size for AES is 16 bytes == 128 bits.)
-#
-Encryptor.fixedIV=0x000102030405060708090a0b0c0d0e0f
 
 # Whether or not CipherText should use a message authentication code (MAC) with it.
 # This prevents an adversary from altering the IV as well as allowing a more
diff --git a/src/test/resources/esapi/ESAPI-QuotedValidatorFileChecker.properties b/src/test/resources/esapi/ESAPI-QuotedValidatorFileChecker.properties
index 7c9d37b7a..4b0a8a33d 100644
--- a/src/test/resources/esapi/ESAPI-QuotedValidatorFileChecker.properties
+++ b/src/test/resources/esapi/ESAPI-QuotedValidatorFileChecker.properties
@@ -258,9 +258,6 @@ Encryptor.cipher_modes.combined_modes=GCM,CCM,IAPM,EAX,OCB,CWC
 # Additional cipher modes allowed for ESAPI 2.0 encryption. These
 # cipher modes are in _addition_ to those specified by the property
 # 'Encryptor.cipher_modes.combined_modes'.
-# Note: We will add support for streaming modes like CFB & OFB once
-# we add support for 'specified' to the property 'Encryptor.ChooseIVMethod'
-# (probably in ESAPI 2.1).
 #
 #	IMPORTANT NOTE:	In the official ESAPI.properties we do *NOT* include ECB
 #					here as this is an extremely weak mode. However, we *must*
@@ -283,29 +280,26 @@ Encryptor.EncryptionKeyLength=128
 # Min key length - to support testing with 2TDEA
 Encryptor.MinEncryptionKeyLength=112
 
-# Because 2.0 uses CBC mode by default, it requires an initialization vector (IV).
-# (All cipher modes except ECB require an IV.) There are two choices: we can either
-# use a fixed IV known to both parties or allow ESAPI to choose a random IV. While
-# the IV does not need to be hidden from adversaries, it is important that the
-# adversary not be allowed to choose it. Also, random IVs are generally much more
-# secure than fixed IVs. (In fact, it is essential that feed-back cipher modes
-# such as CFB and OFB use a different IV for each encryption with a given key so
-# in such cases, random IVs are much preferred. By default, ESAPI 2.0 uses random
-# IVs. If you wish to use 'fixed' IVs, set 'Encryptor.ChooseIVMethod=fixed' and
-# uncomment the Encryptor.fixedIV.
-#
-# Valid values:		random|fixed|specified		'specified' not yet implemented; planned for 2.1
+# Because 2.x uses CBC mode by default, it requires an initialization vector (IV).
+# (All cipher modes except ECB require an IV.) Previously there were two choices: we can either
+# use a fixed IV known to both parties or allow ESAPI to choose a random IV. The
+# former was deprecated in ESAPI 2.2 and removed in ESAPI 2.3. It was not secure
+# because the Encryptor (as are all the other major ESAPI components) is a
+# singleton and thus the same IV would get reused each time. It was not a
+# well-thought out plan. (To do it correctly means we need to add a setIV() method
+# and get rid of the Encryptor singleton, thus it will not happen until 3.0.)
+# However, while the IV does not need to be hidden from adversaries, it is important that the
+# adversary not be allowed to choose it. Thus for now, ESAPI just chooses a random IV.
+# Originally there was plans to allow a developer to provide a class and method
+# name to define a custom static method to generate an IV, but that is just
+# trouble waiting to happen. Thus in effect, the ONLY acceptable property value
+# for this property is "random". In the not too distant future (possibly the
+# next release), I will be removing it, but for now I am leaving this and
+# checking for it so a ConfigurationException can be thrown if anyone using
+# ESAPI ignored the deprecation warning message and still has it set to "fixed".
+#
+# Valid values:		random
 Encryptor.ChooseIVMethod=random
-# If you choose to use a fixed IV, then you must place a fixed IV here that
-# is known to all others who are sharing your secret key. The format should
-# be a hex string that is the same length as the cipher block size for the
-# cipher algorithm that you are using. The following is an example for AES
-# from an AES test vector for AES-128/CBC as described in:
-# NIST Special Publication 800-38A (2001 Edition)
-# "Recommendation for Block Cipher Modes of Operation".
-# (Note that the block size for AES is 16 bytes == 128 bits.)
-#
-Encryptor.fixedIV=0x000102030405060708090a0b0c0d0e0f
 
 # Whether or not CipherText should use a message authentication code (MAC) with it.
 # This prevents an adversary from altering the IV as well as allowing a more
diff --git a/src/test/resources/esapi/ESAPI-SingleValidatorFileChecker.properties b/src/test/resources/esapi/ESAPI-SingleValidatorFileChecker.properties
index a8cca0136..462d04721 100644
--- a/src/test/resources/esapi/ESAPI-SingleValidatorFileChecker.properties
+++ b/src/test/resources/esapi/ESAPI-SingleValidatorFileChecker.properties
@@ -258,9 +258,6 @@ Encryptor.cipher_modes.combined_modes=GCM,CCM,IAPM,EAX,OCB,CWC
 # Additional cipher modes allowed for ESAPI 2.0 encryption. These
 # cipher modes are in _addition_ to those specified by the property
 # 'Encryptor.cipher_modes.combined_modes'.
-# Note: We will add support for streaming modes like CFB & OFB once
-# we add support for 'specified' to the property 'Encryptor.ChooseIVMethod'
-# (probably in ESAPI 2.1).
 #
 #	IMPORTANT NOTE:	In the official ESAPI.properties we do *NOT* include ECB
 #					here as this is an extremely weak mode. However, we *must*
@@ -283,29 +280,26 @@ Encryptor.EncryptionKeyLength=128
 # Min key length - to support testing with 2TDEA
 Encryptor.MinEncryptionKeyLength=112
 
-# Because 2.0 uses CBC mode by default, it requires an initialization vector (IV).
-# (All cipher modes except ECB require an IV.) There are two choices: we can either
-# use a fixed IV known to both parties or allow ESAPI to choose a random IV. While
-# the IV does not need to be hidden from adversaries, it is important that the
-# adversary not be allowed to choose it. Also, random IVs are generally much more
-# secure than fixed IVs. (In fact, it is essential that feed-back cipher modes
-# such as CFB and OFB use a different IV for each encryption with a given key so
-# in such cases, random IVs are much preferred. By default, ESAPI 2.0 uses random
-# IVs. If you wish to use 'fixed' IVs, set 'Encryptor.ChooseIVMethod=fixed' and
-# uncomment the Encryptor.fixedIV.
-#
-# Valid values:		random|fixed|specified		'specified' not yet implemented; planned for 2.1
+# Because 2.x uses CBC mode by default, it requires an initialization vector (IV).
+# (All cipher modes except ECB require an IV.) Previously there were two choices: we can either
+# use a fixed IV known to both parties or allow ESAPI to choose a random IV. The
+# former was deprecated in ESAPI 2.2 and removed in ESAPI 2.3. It was not secure
+# because the Encryptor (as are all the other major ESAPI components) is a
+# singleton and thus the same IV would get reused each time. It was not a
+# well-thought out plan. (To do it correctly means we need to add a setIV() method
+# and get rid of the Encryptor singleton, thus it will not happen until 3.0.)
+# However, while the IV does not need to be hidden from adversaries, it is important that the
+# adversary not be allowed to choose it. Thus for now, ESAPI just chooses a random IV.
+# Originally there was plans to allow a developer to provide a class and method
+# name to define a custom static method to generate an IV, but that is just
+# trouble waiting to happen. Thus in effect, the ONLY acceptable property value
+# for this property is "random". In the not too distant future (possibly the
+# next release), I will be removing it, but for now I am leaving this and
+# checking for it so a ConfigurationException can be thrown if anyone using
+# ESAPI ignored the deprecation warning message and still has it set to "fixed".
+#
+# Valid values:		random
 Encryptor.ChooseIVMethod=random
-# If you choose to use a fixed IV, then you must place a fixed IV here that
-# is known to all others who are sharing your secret key. The format should
-# be a hex string that is the same length as the cipher block size for the
-# cipher algorithm that you are using. The following is an example for AES
-# from an AES test vector for AES-128/CBC as described in:
-# NIST Special Publication 800-38A (2001 Edition)
-# "Recommendation for Block Cipher Modes of Operation".
-# (Note that the block size for AES is 16 bytes == 128 bits.)
-#
-Encryptor.fixedIV=0x000102030405060708090a0b0c0d0e0f
 
 # Whether or not CipherText should use a message authentication code (MAC) with it.
 # This prevents an adversary from altering the IV as well as allowing a more
diff --git a/src/test/resources/esapi/ESAPI.properties b/src/test/resources/esapi/ESAPI.properties
index e1634dc28..29bc7b3dd 100644
--- a/src/test/resources/esapi/ESAPI.properties
+++ b/src/test/resources/esapi/ESAPI.properties
@@ -239,9 +239,6 @@ Encryptor.cipher_modes.combined_modes=GCM,CCM,IAPM,EAX,OCB,CWC
 # Additional cipher modes allowed for ESAPI 2.0 encryption. These
 # cipher modes are in _addition_ to those specified by the property
 # 'Encryptor.cipher_modes.combined_modes'.
-# Note: We will add support for streaming modes like CFB & OFB once
-# we add support for 'specified' to the property 'Encryptor.ChooseIVMethod'
-# (probably in ESAPI 2.1).
 #
 #	IMPORTANT NOTE:	In the official ESAPI.properties we do *NOT* include ECB
 #					here as this is an extremely weak mode. However, we *must*
@@ -275,37 +272,26 @@ Encryptor.EncryptionKeyLength=128
 Encryptor.MinEncryptionKeyLength=112
 
 # Because 2.x uses CBC mode by default, it requires an initialization vector (IV).
-# (All cipher modes except ECB require an IV.) There are two choices: we can either
-# use a fixed IV known to both parties or allow ESAPI to choose a random IV. While
-# the IV does not need to be hidden from adversaries, it is important that the
-# adversary not be allowed to choose it. Also, random IVs are generally much more
-# secure than fixed IVs. (In fact, it is essential that feed-back cipher modes
-# such as CFB and OFB use a different IV for each encryption with a given key so
-# in such cases, random IVs are much preferred. By default, ESAPI 2.0 uses random
-# IVs. If you wish to use 'fixed' IVs, set 'Encryptor.ChooseIVMethod=fixed' and
-# uncomment the Encryptor.fixedIV.
-#
-# Valid values:		random|fixed|specified		'specified' not yet implemented; planned for 2.3
-#                                               'fixed' is deprecated as of 2.2
-#                                               and will be removed in 2.3.
+# (All cipher modes except ECB require an IV.) Previously there were two choices: we can either
+# use a fixed IV known to both parties or allow ESAPI to choose a random IV. The
+# former was deprecated in ESAPI 2.2 and removed in ESAPI 2.3. It was not secure
+# because the Encryptor (as are all the other major ESAPI components) is a
+# singleton and thus the same IV would get reused each time. It was not a
+# well-thought out plan. (To do it correctly means we need to add a setIV() method
+# and get rid of the Encryptor singleton, thus it will not happen until 3.0.)
+# However, while the IV does not need to be hidden from adversaries, it is important that the
+# adversary not be allowed to choose it. Thus for now, ESAPI just chooses a random IV.
+# Originally there was plans to allow a developer to provide a class and method
+# name to define a custom static method to generate an IV, but that is just
+# trouble waiting to happen. Thus in effect, the ONLY acceptable property value
+# for this property is "random". In the not too distant future (possibly the
+# next release), I will be removing it, but for now I am leaving this and
+# checking for it so a ConfigurationException can be thrown if anyone using
+# ESAPI ignored the deprecation warning message and still has it set to "fixed".
+#
+# Valid values:		random
 Encryptor.ChooseIVMethod=random
 
-
-# If you choose to use a fixed IV, then you must place a fixed IV here that
-# is known to all others who are sharing your secret key. The format should
-# be a hex string that is the same length as the cipher block size for the
-# cipher algorithm that you are using. The following is an *example* for AES
-# from an AES test vector for AES-128/CBC as described in:
-# NIST Special Publication 800-38A (2001 Edition)
-# "Recommendation for Block Cipher Modes of Operation".
-# (Note that the block size for AES is 16 bytes == 128 bits.)
-#
-#   @Deprecated -- fixed IVs are deprecated as of the 2.2 release and support
-#                  will be removed in the next release (tentatively, 2.3).
-#                  If you MUST use this, at least replace this IV with one
-#                  that your legacy application was using.
-Encryptor.fixedIV=0x000102030405060708090a0b0c0d0e0f
-
 # Whether or not CipherText should use a message authentication code (MAC) with it.
 # This prevents an adversary from altering the IV as well as allowing a more
 # fool-proof way of determining the decryption failed because of an incorrect

From af9f630da898c41109109af06d3f35b41b578713 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Wed, 13 Apr 2022 23:17:03 -0400
Subject: [PATCH 794/812] Fixed initial explanatory comment.

---
 scripts/vars.template | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/scripts/vars.template b/scripts/vars.template
index adae0e835..7e127c7a3 100644
--- a/scripts/vars.template
+++ b/scripts/vars.template
@@ -1,4 +1,5 @@
-# Do NOT edit this file directly. It will be created by the new newReleaseNotes.sh script.
+# Do NOT edit this file directly. It will be created by the new createVarsFile.sh script,
+# which should be run prior to the newReleaseNotes.sh script.
 
 # ESAPI (new / current) version
 VERSION

From c155f703e1ae0740faac9e6e43240847227df635 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Wed, 13 Apr 2022 23:17:46 -0400
Subject: [PATCH 795/812] Added new scripts not previously in README file.

---
 scripts/README.txt | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/scripts/README.txt b/scripts/README.txt
index 94aeeeffe..61df78f20 100644
--- a/scripts/README.txt
+++ b/scripts/README.txt
@@ -6,3 +6,10 @@ README.txt          -- This readme file.
 esapi-release.sh    -- Obsolete script to create new ESAPI release. Will be replaced soon. Do not use for now.
 mvnQuietTest.bat    -- Run 'mvn test' from DOS cmd prompt with logSpecial output suppressed.
 mvnQuietTest.sh     -- Run 'mvn test' from bash with logSpecial output suppressed.
+createVarsFile.sh   -- Bash script to create a vars.2.x.y.z file that is 'sourced' by the 'newReleaseNotes.sh' script.
+esapi4java-core-TEMPLATE-release-notes.txt - Basic template used to create the new release notes file.
+newReleaseNotes.sh  -- Bash script to create the release notes boillerplate from the provided release argument and the TEMPLATE file.
+vars.2.2.3.0        -- File that is 'sourced' (as in "source ./filename") and used with newReleaseNotes.sh
+vars.2.2.3.1        -- File that is 'sourced' (as in "source ./filename") and used with newReleaseNotes.sh
+vars.2.3.0.0        -- File that is 'sourced' (as in "source ./filename") and used with newReleaseNotes.sh
+vars.template       -- Template to construct the release specific vars files

From 2637dc7f1818233b6928f34698d0fd0e72e7bbd0 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Wed, 13 Apr 2022 23:19:08 -0400
Subject: [PATCH 796/812] Minor fixes and better explanations.

---
 scripts/esapi4java-core-TEMPLATE-release-notes.txt | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/scripts/esapi4java-core-TEMPLATE-release-notes.txt b/scripts/esapi4java-core-TEMPLATE-release-notes.txt
index af4f130bc..5caad5c37 100644
--- a/scripts/esapi4java-core-TEMPLATE-release-notes.txt
+++ b/scripts/esapi4java-core-TEMPLATE-release-notes.txt
@@ -1,5 +1,5 @@
 @@@@ IMPORTANT: Be sure to 1) save in DOS text format, and 2) Delete this line and others starting with @@@@
-@@@             Edit with       :set tw=0
+@@@@             Edit this file in vim with       :set tw=0
 @@@@            Meant to be used with   scripts/newReleaseNotes.sh and the 'vars.*' scripts there.
 Release notes for ESAPI ${VERSION}
     Release date: ${YYYY_MM_DD_RELEASE_DATE}
@@ -30,12 +30,12 @@ ESAPI ${PREV_VERSION} release:
     #### Java source files
     #### JUnit tests in #### Java test files
 
-ESAPI ${version} release:
+ESAPI ${VERSION} release:
 @@@@ Count them and run 'mvn test' to get the # of tests.
     #### Java source files
     #### JUnit tests in #### Java source files
 
-XXX GitHub Issues closed in this release, including those we've decided not to fix (marked '(wontfix)').
+XXX GitHub Issues closed in this release, including those we've decided not to fix (marked 'wontfix' and 'falsepositive').
 (Reference: https://github.com/ESAPI/esapi-java-legacy/issues?q=is%3Aissue+state%3Aclosed+updated%3A%3E%3D${PREV_RELEASE_DATE})
 
 Issue #         GitHub Issue Title

From 2497bce3c816f865ca88f07a0d81f2e55aeac19b Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Wed, 13 Apr 2022 23:21:45 -0400
Subject: [PATCH 797/812] Minor clean-up of kludgy test.

---
 src/test/java/org/owasp/esapi/reference/ValidatorTest.java | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
index 076fe1806..50972652c 100644
--- a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
+++ b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
@@ -1132,9 +1132,8 @@ public void testavaloqLooseSafeString(){
     @Test
     public void testStandardHeader() {
     	Validator v = ESAPI.validator();
-    	boolean expected = false;
-    	boolean result = v.isValidInput("HTTPHeaderValue ", "mary.poppins@gmail.com", "HTTPHeaderValue", 2147483647, true, true);
-    	assertEquals(expected, result);
+    	boolean isValid = v.isValidInput("HTTPHeaderValue ", "mary.poppins@gmail.com", "HTTPHeaderValue", 2147483647, true, true);
+        assertFalse( isValid );
     }
 }
 

From bb54f410669e809c95276d2d48258b1c01683678 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Wed, 13 Apr 2022 23:23:19 -0400
Subject: [PATCH 798/812] Add some new tests and some general test clean-up.

---
 .../HTMLValidationRuleCleanTest.java          | 67 ++++++++++++++++---
 1 file changed, 59 insertions(+), 8 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleCleanTest.java b/src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleCleanTest.java
index ec0dceea8..d7e0686a7 100644
--- a/src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleCleanTest.java
+++ b/src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleCleanTest.java
@@ -127,6 +127,42 @@ public void testGetValidSafeHTML() throws Exception {
         // assertEquals("", result4);
     }
 
+    // FIXME: Update CVE once we have a number for this.
+    // Test to confirm that CVE-2022-xxxxx (TBD) is fixed. The cause of this was
+    // from a subtle botched regex for 'onsiteURL' in all the versions of
+    // antsamy-esapi.xml that had been there as far back as ESAPI 1.4!
+    @Test
+    public void testJavaScriptURL() throws Exception {
+        System.out.println("testJavaScriptURL");
+
+        String expectedSafeText = "This is safe from XSS. Trust us!";
+        String badVoodoo = "<a href=\"javascript:alert(1)\">" + expectedSafeText + "</a>";
+        Validator instance = ESAPI.validator();
+        ValidationErrorList errorList = new ValidationErrorList();
+        String result = instance.getValidSafeHTML("test", badVoodoo, 100, false, errorList);
+        assertEquals( expectedSafeText, result );
+    }
+
+    // To confirm fix for CVE-2021-35043 in AntiSamy 1.6.5 and later. Actually,
+    // it was never really "broken" in ESAPI's "default configuration" because it is
+    // triggers an Intrusion Detection when it is checking the canonicalization.
+    // This test assumes a standard default ESAPI.properties file. In
+    // particular, the Intrusion Detector must be enabled (the default) and
+    // Validator.HtmlValidationAction should be set to "throw" rather than "clean"
+    @Test(expected=IntrusionException.class)
+    public void testAntiSamyCVE_2021_35043Fixed() {
+        System.out.println("testAntiSamyCVE_2021_35043Fixed");
+
+        String expectedSafeText = "This is safe from XSS. Trust us!";
+
+            // Translates to '<a href="javascript:x=1,alert("boom")".
+        String badVoodoo = "<a href=\"javascript&#00058alert('boom')>" + expectedSafeText + "</a>";
+        String result = null;
+        Validator instance = ESAPI.validator();
+        ValidationErrorList errorList = new ValidationErrorList();
+        result = instance.getValidSafeHTML("test", badVoodoo, 200, false, errorList); // 
+        assertEquals( expectedSafeText, result );
+    }
 
     @Test
     public void testIsValidSafeHTML() {
@@ -161,37 +197,52 @@ public void testAntiSamyRegressionCDATAWithJavascriptURL() throws Exception {
         Validator instance = ESAPI.validator();
         ValidationErrorList errors = new ValidationErrorList();
         String input = "<style/>b<![cdata[</style><a href=javascript:alert(1)>test";
-		assertTrue(instance.isValidSafeHTML("test7", input, 100, false, errors));
+		assertTrue(instance.isValidSafeHTML("test8", input, 100, false, errors));
 		String expected = "b&lt;/style&gt;&lt;a href=javascript:alert(1)&gt;test";
 		String output = instance.getValidSafeHTML("javascript Link", input, 250, false);
 		assertEquals(expected, output);
 		assertTrue(errors.size() == 0);
-
     }
-    
+
     @Test
     public void testScriptTagAfterStyleClosing() throws Exception {
         Validator instance = ESAPI.validator();
         ValidationErrorList errors = new ValidationErrorList();
         String input = "<select<style/>W<xmp<script>alert(1)</script>";
-		assertTrue(instance.isValidSafeHTML("test7", input, 100, false, errors));
+		assertTrue(instance.isValidSafeHTML("test9", input, 100, false, errors));
 		String expected = "W&lt;script&gt;alert(1)&lt;/script&gt;";
-		String output = instance.getValidSafeHTML("escaping style tag attack", input, 250, false);
+		String output = instance.getValidSafeHTML("escaping style tag attack with script tag", input, 250, false);
 		assertEquals(expected, output);
 		assertTrue(errors.size() == 0);
+    }
 
+    @Test
+    public void testOnfocusAfterStyleClosing() throws Exception {
+        Validator instance = ESAPI.validator();
+        ValidationErrorList errors = new ValidationErrorList();
+        String input = "<select<style/>k<input<</>input/onfocus=alert(1)>";
+		assertTrue(instance.isValidSafeHTML("test10", input, 100, false, errors));
+		String expected = "k&lt;input/onfocus=alert(1)&gt;";	// Suspicious??? Doesn't agree w/ AntiSamy test. FIXME?
+		String output = instance.getValidSafeHTML("escaping style tag attack with onfocus attribute", input, 250, false);
+		assertEquals(expected, output);
+		assertTrue(errors.size() == 0);
     }
-    
+
+    // FIXME: This problem is a DoS issue that lies within Neko that is only available for Java 8 and later.
+    // However, the latest version that is available for Java 7 is Neko 2.24. It is fixed in later versions
+    // that are not available for JDK 7 though. The fix will just start using the one the latest Java 8 version
+    // of AntiSamy is using and remove our <exclusion> and specific 2.24 dependency from our pom.xml and use whatever
+    // AntiSamy provides. All we should need to do is that and remove the @Ignore annotation here.
     @Test
     @Ignore
     public void testNekoDOSWithAnHTMLComment() throws Exception {
     	/**
-    	 * FIXME:  This unit test needs to pass before the next ESAPI release.
+    	 * FIXME:  This unit test needs to pass before the next ESAPI release once ESAPI starts using JDK 8 as min JDK.
     	 */
         Validator instance = ESAPI.validator();
         ValidationErrorList errors = new ValidationErrorList();
         String input = "<!--><?a/";
-		assertTrue(instance.isValidSafeHTML("test7", input, 100, false, errors));
+		assertTrue(instance.isValidSafeHTML("test11", input, 100, false, errors));
 		String expected = "&#x3C;!--&#x3E;&#x3C;?a/";
 		String output = instance.getValidSafeHTML("escaping style tag attack", input, 250, false);
 		assertEquals(expected, output);

From fee7f846c9526a2fb1c6fad89fb7546cf92fb220 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Wed, 13 Apr 2022 23:24:04 -0400
Subject: [PATCH 799/812] Added 'set -o allexport' to fix problem with release
 date.

---
 scripts/newReleaseNotes.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/scripts/newReleaseNotes.sh b/scripts/newReleaseNotes.sh
index 7e93da5d7..c9f3d351a 100755
--- a/scripts/newReleaseNotes.sh
+++ b/scripts/newReleaseNotes.sh
@@ -24,6 +24,7 @@ if [[ -r $template ]]
 then
         echo "#!/bin/bash"  > $tmpfile
         echo "source vars.${newVers}" >> $tmpfile
+        echo "set -o allexport" >> $tmpfile
         echo "cat >esapi4java-core-${VERSION}-release-notes.txt <<${hereDocBanner}" >> $tmpfile
         cat $template >> $tmpfile
         echo "${hereDocBanner}" >> $tmpfile

From f613864907aaa1d8af4d3e0e672c1f5013b639a4 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Wed, 13 Apr 2022 23:24:53 -0400
Subject: [PATCH 800/812] 1) Change ESAPI version from 2.2.4.0-SNAPSHOT to
 2.3.0.0. 2) Update min Maven version from 3.2.5 to 3.3.9 to support all
 plugins. 3) Add CycloneDX plugin support to create SBOM. 4) Updated date for
 generation of target/site/changelog.html for 'mvn site'. 5) Update to
 AntiSamy 1.6.7.

---
 pom.xml | 29 ++++++++++++++++++++++++-----
 1 file changed, 24 insertions(+), 5 deletions(-)

diff --git a/pom.xml b/pom.xml
index 2d4d30fbd..c39586cc3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,7 +3,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.owasp.esapi</groupId>
     <artifactId>esapi</artifactId>
-    <version>2.2.4.0-SNAPSHOT</version>
+    <version>2.3.0.0</version>
     <packaging>jar</packaging>
 
     <distributionManagement>
@@ -140,6 +140,11 @@
         <version.spotbugs>4.6.0</version.spotbugs>
         <version.spotbugs.maven>4.6.0.0</version.spotbugs.maven>
         <version.surefire>3.0.0-M6</version.surefire>
+
+            <!-- TODO: Be sure to update. Should be date of previous official release -->
+            <!-- Exact date in the form 'yyyy-dd-yy 00:00:00' should be used. You can find the previous release date -->
+            <!-- n the previous release notes file under the 'documentation/' directory. -->
+        <date.prev_release>2021-05-07 00:00:00</date.prev_release>
     </properties>
 
     <dependencies>
@@ -243,7 +248,7 @@
         <dependency>
             <groupId>org.owasp.antisamy</groupId>
             <artifactId>antisamy</artifactId>
-            <version>1.6.6.1</version>
+            <version>1.6.7</version>
             <exclusions>
                 <!-- excluded because version imported by AntiSamy Requires Java 8. We import
                      the last Java 7 versions of these ourselves. -->
@@ -433,6 +438,18 @@
         </pluginManagement>
 
         <plugins>
+                <!-- Create SBOM -->
+            <plugin>
+                <groupId>org.cyclonedx</groupId>
+                <artifactId>cyclonedx-maven-plugin</artifactId>
+                <version>2.5.3</version>
+                <executions>
+                  <execution>
+                    <phase>package</phase>
+                    <goals><goal>makeBom</goal></goals>
+                  </execution>
+                </executions>
+            </plugin>
             <plugin>
                 <groupId>com.github.spotbugs</groupId>
                 <artifactId>spotbugs-maven-plugin</artifactId>
@@ -546,7 +563,7 @@
                         <configuration>
                           <rules>
                             <requireMavenVersion>
-                              <version>[3.2.5,)</version>
+                              <version>[3.3.9,)</version>
                               <message>Building ESAPI 2.x now requires Maven 3.2.5 or later.</message>
                             </requireMavenVersion>
                           </rules>
@@ -769,8 +786,9 @@
                     <issueLinkUrl>https://github.com/ESAPI/esapi-java-legacy/issues/%ISSUE%</issueLinkUrl>
                     <type>date</type>
                     <dates>
-                        <!-- Should be date of previous official release -->
-                        <date>2015-02-05 00:00:00</date>
+                        <!-- TODO: Be sure to update. Should be date of previous official release -->
+                        <!-- Exact date should be in previous release notes file under 'documentation/' directory. -->
+                        <date>2021-05-07 00:00:00</date>
                     </dates>
                 </configuration>
             </plugin>
@@ -780,6 +798,7 @@
                 <artifactId>maven-javadoc-plugin</artifactId>
                 <configuration>
                     <doclint>none</doclint>
+                    <!-- TODO: This needs to be updated to '8' when we support JDK 8 as minimal JDK. -->
                     <source>7</source>
                 </configuration>
             </plugin>

From 7e0a8cc7a59d8d89175c6d8231436baaf11bb9d1 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 17 Apr 2022 00:20:31 -0400
Subject: [PATCH 801/812] ESAPI 2.3.0.0 release notes.

---
 .../esapi4java-core-2.3.0.0-release-notes.txt | 199 ++++++++++++++++++
 1 file changed, 199 insertions(+)
 create mode 100644 documentation/esapi4java-core-2.3.0.0-release-notes.txt

diff --git a/documentation/esapi4java-core-2.3.0.0-release-notes.txt b/documentation/esapi4java-core-2.3.0.0-release-notes.txt
new file mode 100644
index 000000000..1765eb97a
--- /dev/null
+++ b/documentation/esapi4java-core-2.3.0.0-release-notes.txt
@@ -0,0 +1,199 @@
+Release notes for ESAPI 2.3.0.0
+    Release date: 2022-04-17
+    Project leaders:
+        -Kevin W. Wall <kevin.w.wall@gmail.com>
+        -Matt Seil <matt.seil@owasp.org>
+
+Previous release: ESAPI 2.2.3.1, 2021-05-07
+
+Important Announcement
+----------------------
+Do NOT:  Do NOT use GitHub Issues to ask questions about this of future releases. That is what the ESAPI Google groups are for. (See our GitHub README.md for further details.) If you can't do the ESAPI Google groups, then drop and email to either one or both of the project leaders (email addresses provided above). We will NOT respond to questions posted in GitHub Issues.
+
+
+Executive Summary: Important Things to Note for this Release
+------------------------------------------------------------
+This is a very importanT ESAPI release, as it remediates several potentially exploitable vulnerabilities. Part of the remediation may include reviewing and updating your antisamy-esapi.xml configuration file, so be sure to read through ALL the details thoroughly or you may not be fully protected even though you have installed the new ESAPI 2.3.0.0 jar. This will also certainly be the last ESAPI release to support Java 7, so you would do well to prepare to move to Java 8 or later if you have not already done so.
+
+The primary intent of this replease is to patch several potentially exploitable vulnerabilities in ESAPI. Many of these are related to AntiSamy and were introduced by vulnerable transitive dependencies. All but one them (a DoS vulnerability in an AntiSamy dependency) have been fixed with an update to use the new AntiSamy 1.6.7 release. There are also two vulnerabilities within ESAPI itself which have been remediated as part of this release, one of which dates back to at least ESAPI 1.4.
+
+In addition to these patches (discussed in a bit more detail later under the section 'Changes Requiring Special Attention'), there were other updates to dependencies made in this release done to simply to keep them as up-to-date as possible. We have also added the generation of an SBOM (Software Bill of Materials) generated via the cyclonedx:cyclonedx-maven-plugin.
+
+Lastly, support for the deprecated value of "fixed" for the ESAPI property "Encryptor.ChooseIVMethod" has been completely removed from this release. It had been deprecated since 2.2.0.0 and it's removal long scheduled for the 2.3.0.0 release. See the GitHub issue 679 for further details.
+
+=================================================================================================================
+
+Basic ESAPI facts
+-----------------
+
+ESAPI 2.2.3.1 release (previous release):
+     212 Java source files
+    4316 JUnit tests in 136 Java source files
+
+ESAPI 2.3.0.0 release (current / new release):
+     212 Java source files
+    4325 JUnit tests in 136 Java source files (1 test ignored)
+
+24 GitHub Issues closed in this release, including those we've decided not to fix (marked 'wontfix' and 'falsepositive').
+[Reference: https://github.com/ESAPI/esapi-java-legacy/issues?q=is%3Aissue+state%3Aclosed+updated%3A%3E%3D2021-05-07]
+
+Issue #         GitHub Issue Title
+----------------------------------------------------------------------------------------------
+163             Limit max size of entire cookies Component-Validator enhancement good first issue help wanted imported Priority-High 
+198             Uninitialized esapi logging assumes logging to System.out/System.err - Make configurable/extensible bug imported wontfix
+324             ClassCastException during web application redeploy due to the grift logging classes enhancement imported
+564             Create release notes for 2.2.1.1 patch release Component-Docs
+567             Release 2.2.1.1 Not Loading Properties in dependent JARs
+574             Multiple encoding issue for Google Chrome wontfix
+608             Move HTMLValidationRule static Classpath handling into DefaultSecurityConfiguration
+624             Update pom.xml to use AntiSamy 1.6.3 and Apache Commons IO 2.6 Build-Maven
+629             Define .snyk ignore content
+630             Incorrect result for isEnabled() in Slf4JLogger
+631             Create Default Logging level configuration for ESAPI library wontfix
+634             Removing \ from JSON string by ESAPI.encoder().canonicalize(value)
+640             Decouple from AntiSamy slf4j-api dependency & Update dependency
+648             Log4J CVE-2021-4104
+652             Fix code scanning alert - tracker 3 duplicate
+653             java.io.FileNotFoundException Error in Logs When ESAPI.properties and validation.properties are in resources.
+657             Need to update Xerces transitive dependency to fix CVE-2022-23437
+658             Vulnerability issue on dependency commons-io
+664             ValidationException exposing potentially sensitive user supplied input to log wontfix
+669             JavaEncryptor.java HARDCODED_CREDENTIALS
+671             Version 2.2.3.1 contains 5 vulnerabilities in ESAPI dependencies
+672             HTMLEntityCodec Bug Decoding "Left Angular Bracket" Symbol
+673             Validator.HTTPHeaderValue changed automatically
+679             Completely remove support for fixed IVs and throw a ConfigurationException if encountered
+
+-----------------------------------------------------------------------------
+
+        Changes Requiring Special Attention
+
+-----------------------------------------------------------------------------
+
+1) This likely will be the LAST ESAPI release supporting Java 7. There are just some vulnerabilities (notably a DoS one in Neko HtmlUnit that does not yet have an assigned CVE) that because they are transitive dependencies, that we simply cannot remediate without at least moving on to Java 8 as the minimally supported JDK. Please plan accordingly.  
+
+2) If you are not upgrading to ESAPI release 2.3.0.0 from 2.2.3.1 (the previous release), then you NEED to read at least the release notes in 2.2.3.1 and ideally, all the ones in all the previous ESAPI release notes from where you are updating to 2.3.0.0. In particular, if you were using ESAPI 2.2.1.0 or earlier, you need to see those ESAPI release notes in regards to changes in the ESAPI.Logger property.
+
+                                        !!!!! VULNERABILITY ALERTS !!!!!
+
+3) There is one VERY SERIOUS (as in easy to exploit) vulnerability in ESAPI's default antisamy-esapi.xml configuration file. This problem seems to date back to at least ESAPI release 1.4. If you do nothing else, you should update your antisamy-esapi.xml to the one provided in the esapi-2.3.0.0-configuration.jar that can be found on GitHub under "https://github.com/ESAPI/esapi-java-legacy/releases/tag/esapi-2.3.0.0". The ESAPI team will be submitting an official CVE for this, but the bottom line is that the default ESAPI antisamy-esapi.xml configuration file does not properly sanitize 'javascript:' URLs in most cases, but instead accepts the input as "safe". A few more details regarding the configuration is provided in the section "Important checks you take as a developer using ESAPI" given below.
+
+4) Several other vulnerabilities associated with AntiSamy have been patched via the AntiSamy 1.6.7 (or prior) release. See the AntiSamy release notes for 1.6.7, 1.6.6.1, 1.6.6, 1.6.5 and 1.6.4 at https://github.com/nahsra/antisamy/releases for further details on what has been remediated. Note that the default ESAPI.properties and ESAPI AntiSamy configuration did not really leave ESAPI vulnerable to CVE-2021-35043 which was fixed in AntiSamy 1.6.4, but that was a moot point because of #3, above.
+
+5) A vulnerability found by GitHub Security Lab that is an example of CWE-22 [Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')], was discovered by GHSL security researcher Jaroslav Lobačevski. You can find details of it under "documentation/GHSL-2022-008_The_OWASP_Enterprise_Security_API.md" or "documentation/GHSL-2022-008_The_OWASP_Enterprise_Security_API.pdf" on ESAPI's GitHub repo or from the ESAPI source zip or tarball files associated with this (or later) release. This currently does not have a CVE associated with it. We likely will leave it to GHSL to determine if they want to file a CVE for it or not.
+
+6) There remains one known unpatched, potentially exploitable vulnerability (a DoS vulnerability in the transitive dependency Neko HtmlUnit) in ESAPI 2.3.0.0. To our knowledge, that vulnerability has not yet been assigned a CVE, but it is fixed in certain versions of Neko HtmlUnit after release 2.24.0. However, release 2.24.0 is the last Neko HtmlUnit release that supports Java 7 and thus is the latest one that we can use. That vulnerability is patched only fixed in a version of Neko HtmlUnit that was compiled with Java 8. Since ESAPI (as of release 2.3.0.0) only supports Java 7, we are currently unable to patch to remediate this DoS vulnerability. (This is why we are currently committed for this 2.3.0.0 release to be last release at least to support Java 7). The ESAPI team plans to release a 2.4.0.0 release that will require Java 8 or later as the minimal JDK, and with that release, we will update to AntiSamy 1.7.0 (which requires Java 8) and which uses Neko HtmlUnit 2.60.0 (which also requires Java 8 or later) and that addresses the DoS vulnerability. For further information, see the JUnit test testNekoDOSWithAnHTMLComment in "src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleCleanTest.java". (Note that currently, this JUnit test is annotated as '@Ignore' since it would not pass under Java 7 and using Neko HtmlUnit 2.24.0.)
+
+
+NOTE: We plan on issuing an updated README.md and updated security bulletins on #3 and #4 soon, but we wanted to focus on getting the patches out rather than getting the documentation out. This probably will not be in a separate release, but we will announce in on the ESAPI Users and ESAPI Dev Google lists once we drop them on our GitHub repo under the "documentation" folder.
+
+
+FALSE POSITIVE ALERT ==> A final word on vulnerabilities -- CVE-2020-5529 is a False Positive
+
+Dependency Check picks up a false positive CVE in ESAPI 2.3.0.0. Other SCA tools may as well. Specifically, Dependency Check flags CVE-2020-5529 in a different (the original) Neko HtmlUnit then the one that AntiSamy is using. In Dependency Check, this is a False Positive caused by a mismatch of the CPE (i.e., Common Platform Enumeration) identifier. If you follow the "Hyperlinl" section referenced on https://nvd.nist.gov/vuln/detail/CVE-2020-5529 page, you will see that it ultimately references https://github.com/HtmlUnit/htmlunit/releases/tag/2.37.0, which is the old, unmaintained version of Neko that AntiSamy had been using up until recently. Dependency Check is incorrectly matching "net.sourceforge.htmlunit:htmlunit" rather than matching "net.sourceforge.htmlunit:neko-htmlunit", which it what if should be matching. This CPE matching confusion is a common problem with Dependency Check, but it's by design. Understandably, Jeremy Long and other Dependency Check contributors have deliberately tweaked Dependency Check to fall more on the side of False Positives so as to avoid False Negatives, because False Positives are a lot easier to vet and rule out, and one can--if so desired--create a suppressions.xml entry for it to ignore them. (I've decided against suppressing it in Dependency Check--at least for the time being--because there are likely other SCA tools that will also flag this as a False Positive.) For now, it's easier to just acknowledge it in the release notes. (Especially since we'll be releasing a 2.4.0.0 version soon after the 2.3.0.0 version that will support Java 8 as the minimal SDK so this problem will disappear.) Note however that Snyk does not flag ESAPI as being vulnerable to CVE-2020-5529.
+
+----------------------------------------------------------------------------e
+
+Important security checks you SHOULD take as a developer using ESAPI
+
+Simply upgrading to the esapi-2.3.0.0.jar may not be enough. This 2.3.0.0 release patches a bypass around some AntiSamy related sanitization that has been present since at least the ESAPI 1.4 release. It is specifically fixed in the esapi-2.3.0.0-configuration.jar, which you may download from https://github.com/ESAPI/esapi-java-legacy/releases/download/esapi-2.3.0.0/esapi-2.3.0.0-configuration.jar. From that, you will want to extract the configuration/esapi/antisamy-esapi.xml file and use it to replace your previous stock antisamy-esapi.xml file. However, if you have customized your antisamy-esapi.xml file, then to address the vulnerability, you MUST find the vulnerable configuration line where the "onsiteURL" attribute is defined and change the regular expression.
+
+    The original (vulnerable) line will look like:
+        <regexp name="onsiteURL" value="([\w\\/\.\?=&amp;;\#-~]+|\#(\w)+)"/>
+
+    The corrected line should look like:
+        <regexp name="onsiteURL" value="^(?!//)(?![\p{L}\p{N}\\\.\#@\$%\+&amp;;\-_~,\?=/!]*(&amp;colon))[\p{L}\p{N}\\\.\#@\$%\+&amp;;\-_~,\?=/!]*"/>
+
+
+-----------------------------------------------------------------------------
+
+Developer Activity Report (Changes between release 2.2.3.1 and 2.3.0.0, i.e., between 2021-05-07 and 2022-04-17)
+
+Normally, I write up lots of other details in the release notes, especially to credit those who have contributed PRs to address ESAPI issues. I apologize for not spending time on this right now, but I will try to update this set of release notes for 2.3.0.0 in the near future to add such things.
+
+
+-----------------------------------------------------------------------------
+
+CHANGELOG:      Create your own. May I suggest:
+
+        git log --stat --since=2021-05-07 --reverse --pretty=medium
+
+    or clone the ESAPI/esapi-java-legacy repo and then run
+
+        mvn site
+
+    and finally, point your browser at
+
+        target/site/changelog.html
+
+    Both approaches should show all the commits since just after the previous (2.2.3.1) release. [Note that the both approaches may include commits after the 2.3.0.0 release, but the first allows to to easily add an end date via '--until=2022-04-17'.]
+
+-----------------------------------------------------------------------------
+
+Direct and Transitive Runtime and Test Dependencies:
+
+        $ mvn -B dependency:tree
+        ...
+        [INFO] --- maven-dependency-plugin:3.3.0:tree (default-cli) @ esapi ---
+        [INFO] org.owasp.esapi:esapi:jar:2.3.0.0
+        [INFO] +- javax.servlet:javax.servlet-api:jar:3.0.1:provided
+        [INFO] +- javax.servlet.jsp:javax.servlet.jsp-api:jar:2.3.3:provided
+        [INFO] +- com.io7m.xom:xom:jar:1.2.10:compile
+        [INFO] +- commons-beanutils:commons-beanutils:jar:1.9.4:compile
+        [INFO] |  +- commons-logging:commons-logging:jar:1.2:compile
+        [INFO] |  \- commons-collections:commons-collections:jar:3.2.2:compile
+        [INFO] +- commons-configuration:commons-configuration:jar:1.10:compile
+        [INFO] +- commons-lang:commons-lang:jar:2.6:compile
+        [INFO] +- commons-fileupload:commons-fileupload:jar:1.3.3:compile
+        [INFO] +- log4j:log4j:jar:1.2.17:compile
+        [INFO] +- org.apache.commons:commons-collections4:jar:4.2:compile
+        [INFO] +- org.apache-extras.beanshell:bsh:jar:2.0b6:compile
+        [INFO] +- org.owasp.antisamy:antisamy:jar:1.6.7:compile
+        [INFO] |  +- org.apache.httpcomponents.client5:httpclient5:jar:5.1.3:compile
+        [INFO] |  |  \- org.apache.httpcomponents.core5:httpcore5-h2:jar:5.1.3:compile
+        [INFO] |  +- org.apache.httpcomponents.core5:httpcore5:jar:5.1.3:compile
+        [INFO] |  +- org.apache.xmlgraphics:batik-css:jar:1.14:compile
+        [INFO] |  |  +- org.apache.xmlgraphics:batik-shared-resources:jar:1.14:compile
+        [INFO] |  |  +- org.apache.xmlgraphics:batik-util:jar:1.14:compile
+        [INFO] |  |  |  +- org.apache.xmlgraphics:batik-constants:jar:1.14:compile
+        [INFO] |  |  |  \- org.apache.xmlgraphics:batik-i18n:jar:1.14:compile
+        [INFO] |  |  \- org.apache.xmlgraphics:xmlgraphics-commons:jar:2.6:compile
+        [INFO] |  +- xerces:xercesImpl:jar:2.12.2:compile
+        [INFO] |  \- xml-apis:xml-apis-ext:jar:1.3.04:compile
+        [INFO] +- net.sourceforge.htmlunit:neko-htmlunit:jar:2.24:compile
+        [INFO] +- org.slf4j:slf4j-api:jar:1.7.36:compile
+        [INFO] +- xml-apis:xml-apis:jar:1.4.01:compile
+        [INFO] +- commons-io:commons-io:jar:2.6:compile
+        [INFO] +- com.github.spotbugs:spotbugs-annotations:jar:4.6.0:compile
+        [INFO] |  \- com.google.code.findbugs:jsr305:jar:3.0.2:compile
+        [INFO] +- commons-codec:commons-codec:jar:1.15:test
+        [INFO] +- junit:junit:jar:4.13.2:test
+        [INFO] +- org.bouncycastle:bcprov-jdk15on:jar:1.70:test
+        [INFO] +- org.hamcrest:hamcrest-core:jar:1.3:test
+        [INFO] +- org.powermock:powermock-api-mockito2:jar:2.0.7:test
+        [INFO] |  \- org.powermock:powermock-api-support:jar:2.0.7:test
+        [INFO] +- org.javassist:javassist:jar:3.25.0-GA:test
+        [INFO] +- org.mockito:mockito-core:jar:2.28.2:test
+        [INFO] |  +- net.bytebuddy:byte-buddy:jar:1.9.10:test
+        [INFO] |  +- net.bytebuddy:byte-buddy-agent:jar:1.9.10:test
+        [INFO] |  \- org.objenesis:objenesis:jar:2.6:test
+        [INFO] +- org.powermock:powermock-core:jar:2.0.7:test
+        [INFO] +- org.powermock:powermock-module-junit4:jar:2.0.7:test
+        [INFO] |  \- org.powermock:powermock-module-junit4-common:jar:2.0.7:test
+        [INFO] +- org.powermock:powermock-reflect:jar:2.0.7:test
+        [INFO] \- org.openjdk.jmh:jmh-core:jar:1.35:test
+        [INFO]    +- net.sf.jopt-simple:jopt-simple:jar:5.0.4:test
+        [INFO]    \- org.apache.commons:commons-math3:jar:3.2:test
+        ...
+
+-----------------------------------------------------------------------------
+
+Acknowledgments:
+    * A special shout out to Jaroslav Lobačevski, a security researcher at GitHub Security Labs, who notified the ESAPI team via responsible disclosure and allowed us sufficient time to address GHSL-2022-008.
+    * A huge hat-tip to Dave Wichers and Sebastian Passaro for promptly addressing vulnerabilities in AntiSamy, many of which were caused by poorly maintained dependencies of AntiSamy.
+    * A special thanks to Matt Seil, Jeremiah Stacey, and all the ESAPI contributors whom I've undoubtedly forgotten.
+    * Finally, to all the ESAPI users who make our efforts worthwhile. This is for you.
+
+A special thanks to the ESAPI community from the ESAPI project co-leaders:
+    Kevin W. Wall (kwwall) <== The irresponsible party for these release notes!
+    Matt Seil (xeno6696)

From ae893568228b1a4e6119af8fdbd134386eaebbcb Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 17 Apr 2022 00:23:11 -0400
Subject: [PATCH 802/812] Define meta-data for 2.3.0.0 release to create intial
 release notes.

---
 scripts/vars.2.3.0.0 | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 scripts/vars.2.3.0.0

diff --git a/scripts/vars.2.3.0.0 b/scripts/vars.2.3.0.0
new file mode 100644
index 000000000..4695f1f6f
--- /dev/null
+++ b/scripts/vars.2.3.0.0
@@ -0,0 +1,14 @@
+# Do NOT edit this file directly. It will be created by the new createVarsFile.sh script,
+# which should be run prior to the newReleaseNotes.sh script.
+
+# ESAPI (new / current) version
+VERSION=2.3.0.0
+
+# Previous ESAPI version
+PREV_VERSION=2.2.3.1
+
+# Release date of current version in yyyy-mm-dd format
+YYYY_MM_DD_RELEASE_DATE=2022-04-16
+
+# Previous ESAPI release date in same format
+PREV_RELEASE_DATE=2021-05-07

From 6a70ae7420d218b177fe68f3dda09c06905c7199 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 17 Apr 2022 00:24:26 -0400
Subject: [PATCH 803/812] Write-up by GitHub Security Labs on ESAPI vuln
 GHSL-2022-008.

---
 ...2-008_The_OWASP_Enterprise_Security_API.md | 108 ++++++++++++++++++
 ...-008_The_OWASP_Enterprise_Security_API.pdf | Bin 0 -> 84066 bytes
 2 files changed, 108 insertions(+)
 create mode 100644 documentation/GHSL-2022-008_The_OWASP_Enterprise_Security_API.md
 create mode 100644 documentation/GHSL-2022-008_The_OWASP_Enterprise_Security_API.pdf

diff --git a/documentation/GHSL-2022-008_The_OWASP_Enterprise_Security_API.md b/documentation/GHSL-2022-008_The_OWASP_Enterprise_Security_API.md
new file mode 100644
index 000000000..bc4956ab0
--- /dev/null
+++ b/documentation/GHSL-2022-008_The_OWASP_Enterprise_Security_API.md
@@ -0,0 +1,108 @@
+# GitHub Security Lab (GHSL) Vulnerability Report: `GHSL-2022-008`
+
+The [GitHub Security Lab](https://securitylab.github.com) team has identified a potential security vulnerability in [The OWASP Enterprise Security API](https://github.com/ESAPI/esapi-java-legacy).
+
+We are committed to working with you to help resolve this issue. In this report you will find everything you need to effectively coordinate a resolution of this issue with the GHSL team.
+
+If at any point you have concerns or questions about this process, please do not hesitate to reach out to us at `securitylab@github.com` (please include `GHSL-2022-008` as a reference).
+
+If you are _NOT_ the correct point of contact for this report, please let us know!
+
+## Summary
+
+`getValidDirectoryPath` incorrectly treats sibling of a root directory as a child.
+
+## Product
+
+The OWASP Enterprise Security API
+
+## Tested Version
+
+v2.2.3.1 (The latest version of ["Legacy" 2.x branch](https://github.com/ESAPI/esapi-java-legacy#what-does-legacy-mean) as [ESAPI 3.x](https://github.com/ESAPI/esapi-java) is in early development and has no releases yet.)
+
+## Details
+
+### Issue: `getValidDirectoryPath` bypass (`GHSL-2022-008`)
+
+`parent` [1] - the third parameter in [`getValidDirectoryPath`](https://github.com/ESAPI/esapi-java-legacy/blob/07dd60a8cc9edf0c872d68ae8ae84c70f008d3d8/src/main/java/org/owasp/esapi/reference/DefaultValidator.java#L447-L483) is used to validate that the `input` [2] path is "inside specified parent" directory [3].
+
+```java
+public String getValidDirectoryPath(String context, String input /* [2] */, File parent /* [1] */, boolean allowNull) throws ValidationException, IntrusionException {
+    try {
+	if (isEmpty(input)) {
+		if (allowNull) return null;
+       	throw new ValidationException( context + ": Input directory path required", "Input directory path required: context=" + context + ", input=" + input, context );
+	}
+
+	File dir = new File( input );
+
+	// check dir exists and parent exists and dir is inside parent
+	if ( !dir.exists() ) {
+		throw new ValidationException( context + ": Invalid directory name", "Invalid directory, does not exist: context=" + context + ", input=" + input );
+	}
+	if ( !dir.isDirectory() ) {
+		throw new ValidationException( context + ": Invalid directory name", "Invalid directory, not a directory: context=" + context + ", input=" + input );
+	}
+	if ( !parent.exists() ) {
+		throw new ValidationException( context + ": Invalid directory name", "Invalid directory, specified parent does not exist: context=" + context + ", input=" + input + ", parent=" + parent );
+	}
+	if ( !parent.isDirectory() ) {
+		throw new ValidationException( context + ": Invalid directory name", "Invalid directory, specified parent is not a directory: context=" + context + ", input=" + input + ", parent=" + parent );
+	}
+	if ( !dir.getCanonicalPath().startsWith(parent.getCanonicalPath() ) ) { // <---------- [3]
+		throw new ValidationException( context + ": Invalid directory name", "Invalid directory, not inside specified parent: context=" + context + ", input=" + input + ", parent=" + parent );
+	}
+
+	// check canonical form matches input
+	String canonicalPath = dir.getCanonicalPath();
+	String canonical = fileValidator.getValidInput( context, canonicalPath, "DirectoryName", 255, false);
+	if ( !canonical.equals( input ) ) {
+		throw new ValidationException( context + ": Invalid directory name", "Invalid directory name does not match the canonical path: context=" + context + ", input=" + input + ", canonical=" + canonical, context );
+	}
+	return canonical;
+    } catch (Exception e) {
+	throw new ValidationException( context + ": Invalid directory name", "Failure to validate directory path: context=" + context + ", input=" + input, e, context );
+    }
+}
+```
+
+If the result of `parent.getCanonicalPath()` is not slash terminated it allows for partial path traversal.
+
+Consider `"/usr/outnot".startsWith("/usr/out")`. The check is bypassed although `outnot` is not under the `out` directory.
+The terminating slash may be removed in various places. On Linux `println(new File("/var/"))` returns `/var`, but `println(new File("/var", "/"))` - `/var/`, however `println(new File("/var", "/").getCanonicalPath())` - `/var`.
+
+PoC (based on a unittest):
+```java
+Validator instance = ESAPI.validator();
+ValidationErrorList errors = new ValidationErrorList();
+assertTrue(instance.isValidDirectoryPath("poc", "/tmp/test2", new File("/tmp/test/"), false, errors));
+assertEquals(0, errors.size());
+```
+
+#### Impact
+
+This issue allows to break out of expected directory.
+
+#### Remediation
+
+Consider using `getCanonicalFile().toPath().startsWith` to compare `Path`:
+
+```java
+if ( !dir.getCanonicalFile().toPath().startsWith(parent.getCanonicalFile().toPath() ) )
+```
+
+## GitHub Security Advisories
+
+We recommend you create a private [GitHub Security Advisory](https://help.github.com/en/github/managing-security-vulnerabilities/creating-a-security-advisory) for this finding. This also allows you to invite the GHSL team to collaborate and further discuss this finding in private before it is [published](https://help.github.com/en/github/managing-security-vulnerabilities/publishing-a-security-advisory).
+
+## Credit
+
+This issue was discovered and reported by GHSL team member [@JarLob (Jaroslav Lobačevski)](https://github.com/JarLob).
+
+## Contact
+
+You can contact the GHSL team at `securitylab@github.com`, please include a reference to `GHSL-2022-008` in any communication regarding this issue.
+
+## Disclosure Policy
+
+This report is subject to our [coordinated disclosure policy](https://securitylab.github.com/advisories#policy).
diff --git a/documentation/GHSL-2022-008_The_OWASP_Enterprise_Security_API.pdf b/documentation/GHSL-2022-008_The_OWASP_Enterprise_Security_API.pdf
new file mode 100644
index 0000000000000000000000000000000000000000..c77efef05587aef994a33dea552b3f40e5c3d5af
GIT binary patch
literal 84066
zcmd421ymgCnl9Y9yL;pAjk~+MyGx@%1C0kKcyIzig9Zr>!Gi}4Bv{bk5?uby-utX`
z&dl8TXU^Pv*X>pG*HpdL^}JHw>hG=Rq1Tj^XXoYsq0-MD>~ElQ1G#`;YiCqZQBD~z
zJ1ZZs7m!KD(F^S6<m<+a%BkrEw)M5KgYMLEakAoso(psn<bodf!`KPzE^Fmu2V{~J
z=HcSu;o|1y<_2+d^YO8AaWO(SsGS<v_CGff7e}>oxBU%)_wP__tbp98oYHDQPIa)C
zo0aR|jrjg<BqR0P=ucBs86X!br>gQF?*_m3tEmD(sGK@dKp!t(yZ`vRg#P|rx&a<`
zKu#%lcd!riBwuTvKmJ#Ba(6-Hl>hxj(qJ!JXc$bmpyzOzp>k^5+4ulW_<1-$LeLjK
zP=JezgPUJSND#=)2jURm0}611I6&Oc9Z+K_AT+#xUBbo(8a3!OfSh{TN~pizfJ}})
zJ|5n}oSfcvHojg?J^`*))*KE_K90WD95!G#PG)iF>u*uw{*B<TjQxwKK|CD4K|@jV
z3-WUC|ACqh3in?`{SQdxbfh$uIPJWxJe=5_tzKBMyV^Ne*#!Kv1OHHR|Dprj0zw>o
zKwcr9zrgbdaB=WJ6CnTuaq)8q{Wqij|Bs*6&(X?<-4<-;{g*@RZgy7g|Lhgd|2Qo?
zf_#7EMc^Mi<K+?fYv2E7&;A+wKiqo%VoG?p1UPv3fINZ%f92%w$a%TA{}1GZ)7lkm
z&B-NTYs=4NC1_(KWM^y7Wg{rSW6LjSW%qjn*$8mib8!jU^4bb=dVAS$x>-57bN((%
zPOz5)C)m%*+vCq#<@B<%xAU@dx3S}twX?VKb@kD=a&@x(JsWcTwx?AEfdtr9L4v&h
z95&G3b1v`X>I0o0IOScT6QZo04cHbs>8RSdJNP&PdHH$x#l?Z%KF|r)4b?yIi0o?;
zUF%U-&)Whx*@c$?Daig=LSY(P3f9s9W_UA<$TL=CDW<mXWrI#qSnr3GSv|H`0cP!Y
zS_=esMxclL65Q6WWO}O10k;o7ws+CQTg49s5zI0zo&s*~sWJ-z#~HDwX~=y(aI@p#
z&rf&XwK+p>H_j*g+;2A|BH0OAiEY?v?hAmVF$-wKfsa17JKs6&ZZE}vG*9E3smfoM
z>J3|i@6OH{YmU%@YmGaQ*G`PdFbV-wi`_C2ZC7CptDkP**ZlKW#6rxUI)m@72lp!8
z&o96O@Aj$Cw9hiay?vXaj9{jtb-Ce-a7`bt>P{&Tc0w@LsN=c01UmVHyEj`rz}TD~
zhj^YBS56iLeROuIqi=kz0P!%c3~>iaL;~E)c?3XJtI?v3r1PuvO@5uG>h$Igp?Rm0
z!yMy7ohR7mkZxi;f<WEN_^_}AL=VaO_&Bbp{Ap$%lmU}E{n_Kdw+L&KE#v_-qKFoW
z>knm^TJ$gkw`9@aFpwUM$gBI|!2I_X-Rtj$1;;#2AoGVm!jnrbCb7qFabZ7M&$J}Y
zu6}I_9{NhcMun5BH#)fKY0HdF3V#k1UP8P)c<)Pqn8onJRwmiAwvT!AM{nfDIx=Df
z-%UEbR~t6^8)U(+xHgqZvM<<^WMQ;xxh{tS&u(#5oEI%ljfEV7siLpB9Sz`FA~PT;
zvbc%#tYqxSqleUNf;TwUK(@j3O*$}}oRldECn$o8OPTOaCS{gBv(^c3+4jV`{yRhW
zv?8d0s71!G*)4z8^=bQ41db%CAu)5GB#L|rBQaBP35~eg3sT<{Lc$o!A~;%jMq<;U
zvX&|u2x+!$)p8XJiapo4;XXVZ2g|-YWjJh)yA_^3F$cb*bvx~~$K%~t)c0_t5BFT!
zFF;BKW~n3;1!L#+@hYPVZ1r)1wuTwxrrNvY(XJGj1}!uSSG!|9T#Q@qo`!X&>zJqD
z$9a1g!`JZoPGZ-eC2$_x%0nFAA?itCuLjf>6}hUv%{<DWUT898ztd!`3euxX>bqME
zDk!O2xif5SsMV}QutZ3*`^MxOyBEX`4su#~O(PZD!f@zph2qQTD3pzj#QzBr)!-(_
zGtRU2c@rD;&XtIO7e4WvdJ(-H<|+wTLqN<;lmai4eE05il5c%TOyjj%m8<|$FQVqR
z8PoUzKuhf!!fs2@L#Ll8(h(|rfrSnKI!OlmSFid9L2Ux`sp#5O^0${-0g1mjX~n0&
z1sPMa<AT_X;ba3#_cQ}>3BUx|>t=zsK|W=x62Ht*t=_%dy~`WAi*D`svMOqkpEe{0
z^kuTxJ@f&KTT43@>%}hJkqaSRm9UE!FUHb)1Ya@COIJAM=B>GDkG{v^tJHBk6!zfC
zA65u<@@bs9)9#C!FV;qsvN`t73Yw#0Ejvi><a~9%)Tz{()G?N7e?pt>w#b<`{y-KK
z5xTKUfwi1wS?8v{x=9v<eKIe&%$;0(rZ9zi@!ivp7PBtlDDA+|CPyuL_;`xqQa?5@
z>zW9Mgnc=1AeAz3z<%e=X;-bIN<Idu--MelRyJj$LNtxPQ{izFyPnUGVnZFP!`_fu
zxYm?9_q!4?89S+A)WMa{W4wr>J{5Y6OKj&N%r{|%josjZB?J2wG>O{8kz%uY19iS2
zb6&5W)6HTJow}HE;*B>G#6Cwx+)|{oliq<($Cong8@Cg$=w$Fex@>a|rL_9l$x}y+
zqsu2ZE6MXGo*<eEeMvWhodufLN+Yof4dscBQG7AT(i1tx4svGiHAZYC=|&4C0%nAD
z!Iq*0J19nKsvjH{>%c8|ZS3B@n+$V6{2uNBsXCt>Odr+s(s?(W_lxJc>~$c%LXxIL
zf=A9Lh{%y6SeTONtpiauW+kC1pF_TC)B=l1!0XH)ocVl<9`SVMycZ&Gtnq%$28vKm
zxRjEJ1Zq;+yeK>RT)uMH%YrmPrH3gRz^RfHi5JQ77WsXNEdx)hs<BuRJtnyTeT_rr
ziUO{B1lFo8tUsO-ve;A|zQe>&l6c&5Qpzvmimx1<1=(8U2{l_xGNn1xs!m^j)YvB`
zoR?-wb&iNO*keXoE%Yst3f9@b+5Hf!g(J+&_|e!Qo)-Mt7w(<S>-PO_llFHZ&Wx+S
zT25aV(7*MWqyAofr`@_~b9x;}{_7<(iJZxD>}id|&6)PlC?8MrCCRq2cQ!*XsK+<x
zLYAm=-xM<guZhZQX8pY~7q_zrI9PV4HmkyIjh;c#Z<@aLg>pC(5!2W=Jx`AkAjc7V
zA<kOE%OG=>#j?{AZ!=t5Wj2L`8j2g2AggM(pv2KsOV~y+nC@3}_sgkiHYhUHsliw}
zoP<pWvtyObsP|rdWBB?Otn_ReEYmy_*)yS)mP98ZN{vhOK{-L+Jg+<#-Z`@Gd`ElT
z_$lwpP;G*1nrl4Agj|0+D{<GFb9p(ZvJOt;hu$dvweJe@D0Q8<+9g2}t|gR@YMY~5
zX6!=lLa$JNAP{C_@PHLiWYapmU{c>~lTX*n>GhIzabk&9P<Ut&W|gshkQw7GswU>0
z;#ymfMU9@)EaN>()@`|$R#;P3BNWRTs*?}p7}r-v!crFXx5U(HD?tJ)VAU#MCA~VJ
zeSxJ#@ce#DNVGcDx`5t1X^AgJSv1gNWS;ijg47&*>sirGnfdLZ8pwLKwwl#Ai>BX1
zDo3|rh!h8<??~gcI|}nMN$Bfk*r}+kzQq(Kf6Qt4cIEW^*z0@BoX6>nwQH(NKl)rG
z&36=Hf~N;$yqJ{VfFX)MPW#|$F1vTSyiFzwzak9I5$#%=AkDUuzb{qpoVrQik*_M^
zdY@`~_1%R1q5i7mlk~~;piVNWKM7W2)V1|K5yG{pc3v4>7D4(G2U={%eG*OzQ|rw6
z+*bz<`xh3J_+sWdiHjB@CgCLzW3X94yA45VpDe%2?Q-XIOMdrmmuKg<<+GvQRl!b`
zLl*<HRd(1k{<k{BD|}i^&8)oq(lys2fjxq4?eE<?;w6?KX(<h;qiR<XF(g@q91JFQ
zXg;YbfY5SA3Dlxr95cmnnCHl-EcC*KR(dlGc<6Cj<1QZM2~kv$eVe(>CgS~vMR~3M
zpb?Q0V4#NxowNdJ3U}nj{Wki18Q2yjd^aS{pfVd|>EBx-OQ5>x2?*P6+XJ4$p;sA~
zj19yhaAcI*;72&bGs-mAfpT2&*qV76C_uWu>=2EaMlcxC)Zr}Er7R8mFnVFfPrH>D
zZx9^^NJTl=DEfGeYFVuyn&oCDaIfrtDpN=<h|OBED!DHej0>#fZ?Bw@h{lE=+xm*6
zVkBET9uG(!l+-x*z%xnSq`m=pq+(DqUr;l@64K0#&KX&P9OJ`|lpJuAjV$<UB0{EV
z{Oj2&^fN4ZG2X{`)p+*jlOpp`s$7>N%El-IjTg*STSjHzY8XlR<+j-a(k+L|(8V3!
z+pd&_pCd4vN4%>=$XS+@F|ptfC4xY{3ifa%0(8TWOyC6oa1rnZVpSIyn(HF7TMQIo
z%FImW1~L_^1D{dn(+rEP^%q5cP+q;sCeFk^RG!+icI$d4@`cvny`IM?yMH}eW??sJ
zjaBsz&0IbdQ3(Vi%4P$F&bee>mK1i&;t~u07ig6eDg9AcZ%YYORjW@rHAmM2sK;lI
z2`lg;H7T3T7Y*q;U?{cu`zm4&>kQ_5Y0yV?5k$9;2zeVQwJqSVjC{+o`XWryR>91%
zYe)0KElO9?iwx;O%B$7l4BIi-eaX_7C?OFluOn(Khv$>7*9krfF>IlvShyU84a4le
zG`%`{ikq7HVm|;GdS$(7M%~`UM*m?d=%)!NrQ6wxP3-!L9KA9f{DOSfiG)xyu3Fur
zdh@}ha%rGcRg83atDn3ZtE>VJmc&AtIJQt5FQ9WD(e-ZLA=b`J;&fQI8Sl+zji=^M
zaVGk4Q~{$<Q6uTtD*ml0t%?suN)8(rumyH3jC8><DrJLN=pQhzd5%X)4JPe0YqTlH
zj>zG+%LCB;myfv6Er&fyhkuN)|EPIlRbbs`Z1yIZIt$2R+KV(VcPMi^en+pPy~ueH
zWbx7UEf-?w<QYeOz@v#21Fw&tSn(@}s)5D6s`a-;g7@$*3VbZIIP%B?-{*zpzyb@6
z%#>PO&LoqFt4enKUQBxtOzpz<u1gKQr_$kI923i+I1soA;CjN4D%*6}_5D0dh{H4_
zqw`o4nE4aqX%OzHOEEUbnaY@R5^rv^eZyWzVIJp}+(^hOv9bQr1h~_Z`S6h(n`NFL
zlHB;`QRFX_Jen^mr&9fqSu5@;zl7+DI$19osu^2zy+iZK*}7h0uhyP3`itvc^BqS8
zGmdHo@%Qz(n+GGV?V0(MdGe3H$xsUHS;^n<zW2&c*T4TNS=XaU6A;Rj98)3SQ{_Bj
z69EHu7wIgCdn4S*u$C`QG@STk_tO`Pr8aeCCRMClFe$})asP9(M;5v~{vkY4uNP3;
zN)WlOBeSkCGHf$2YVnInjt={@Wh(*S`_O*4vzt3+)L%=xI**^DZBL%oWMNMDRNJZ8
zpVi-Z=RDk8dt^S*xv)Ry*C2?-3*3*<&S)p#$c?wZAcI}g7oPXOCKOf9@EOl?68}^*
z>*p+zcHzc0eSI$<ka);o_dGy|;Xn2r*Jqh&S)SeaHqaUYX+fvk-Ji>^oFl|WMozg0
zC!MJN`%&L;XN>vL^w?x#890YtVrD8l0-W2Pd{mw&p6EH7X^cv4m>m@~G`V(sH;DXk
z6{2N-B52C%Vrq9YLAl}W&o62^xa9sB_%qih{%QC-`?|&Q$s6RgsVAb->fDvzEuX&@
zjeoVsxcUE!D^5W{!GBtDnwfwPhHyd_>(;%)`VSvr@ey2yC%tpwE|Ky;%&3I`rDuuh
zH($rl<&;WYwQDi%WpVhH^Y14^I_L&xmQ+I{!b2_O&$xxe?DM@zyI)E?c=nzosyNr1
zZ*NS6Qas&eZTJ;+Xd&Ii4_KbVwC}?_KmI5$CV#kH*@!7TJY5NmH5q>~y-aL-#j1tR
z&yF;G`E;-m!zi$|aZuO$>T)(B(MEOorf+HE;JV);gU9c*-QY8#f2g)HtABw1*SllZ
zi3Or2U&Lhv|KT6H5<d=(!TpQR<V~n0+@Bq>q<fxtitr8S3{8y5_O`=nlA|J!m{&9X
zt^p@f9`3`Z$7zmmFCS&LcTvG`g?#4-iDq<elsyG6q82^pw8{s%r+ek#1Skg128f7+
za?<53i62vX`!lwsvs@j_(%Dlpx|Zfy#Byw$ihXZI9`1h>`4V%Ngp+|lpdlGpY11Kq
znIOv1E9S7^vDbT7gDmA0x7OmMBd4}rqr=<^d$iA3-*;p!t>%z%8-84SktdQBoK0_N
zDxZE0=O2xN>A_quQUe_{UMr#*y;)Wla@jn^2x3HbmvpyJ;J1xo_l`bfOocn>eO#Az
zNni&F&Y_67+>zcpAL3H*CuE;xI`$e%EfeEr@yuwVB<Eu=6RN1_E?TO9fMwGCk*r8-
znAF384++C1&CAX9H$wh)A1tGq4jbeZi>b?J;Nj#O0~Id_pCU;V<Ee+Z8U(gPKTXf5
z`y)DGr_(*e&{cblOw2AXPEI0%ja5y{GKobQtz(*SSH6@FJ>2#tzLvx!&SswJMKONG
zNGe#|KqKbci24$`M2m4;hhs-)Bqfjj*|JGf<h)lJzY@n9TjuG}FdK_#j6cIJDvR*)
zsF#`zl!wMOa2flhzvag+TseZk&ZSjZo};#CIUVaVZ`RQUepcpnLodfBb${(vAN|Y8
z{*;pb{*00l+WVD_HAB2Fnos@O(@B-D{Ml#<qt-uQ2NQ-TTOfyY!;<R;OQ9!BR%IYc
zX1&lRgGj13z2(Qoz|*SG0C{Ydf`Iyi-;zv8Uu|K-G_1Xfwvo$31Zo!omEmSmF^yys
z9E&0g(h=XjZGQ{GCtZjR)QyvQ1Xjz?dp>cCOzJXcd*|qFeRI(9Pgl$h5N+_gtGA&#
zzrml}2^-hifSH<MB?$Yp@)>T>EE9>Y2<bf&maGU1mMk2jzY!&*B6$pMrWfgpJKaPT
zoF+z68B-P94CL3qt|A=$VW}`S!5qP0aSB%$^T16dVN4)fJe&X_%A9|kD&8kK^%s0X
zz8!ot!%^QwiE}~+Quf{PZB%Yd5<XFqa2p4~2iVpPBmXTBSZ2r}<{e?&4<P^(`7~d^
zEL_tq2eO5=YE#MCw^+>B09A9G1Rh%SSCIqokk5iq9#c|OH!?IISA~>K^F?o#0d$Cs
z2#X&hU$H`HMPDJjC3BO_gHzg!yHx%ZR`8ve*Z(6Pcacznxxx&tVv4X)05kln0Fd!^
zrSuTXDeWd}ac7?!^|qp>fVVUoX7O=`qI*yQ?k8kq^wyyq^dcz@*fKRTU|+>7Lgb4<
zHAQTD6Jz~*2%?hoj-CJr^{)B0dWOqzq9$=@)!~VpsS;(lsd~J@VJxW;F%2_qw4xma
z&DO&Hjr<L6SIsDh`i|RKg*S>yPnsTrJjs<AXG+ZL^U3x+AYrvqwFLGj8fF|Pckiok
zUmSf>au9>ntYu*A2eDk~8We`DOqJq{Xk=P3W`TX@w`5`qLCgaXxV&Q1)H`C2jI(7`
zAAxnfL<DJLquAGvQr}r$cU}dr*Gd8?bZBPu5U05?n3{8iB_oQH?BbX7Cc<*$cX`Xy
zd2t*ymuLwmj$@T+&Dw{BaW40}3A#+sBU31AVui)(r9Iy;PV_n*H>Df*^q>wdqi=^A
z%HzPQF?Z6uWw$a^ZyznFkN6oi>$;-o-qEM|!78q|(i(!Ahk9UREaJfR1GSHd5d;3j
z2di%GwodZ_1ZH|}cZF!+$F%KLb|U$!6eEwTJAFIT;Cj8?p?q<QdYSanNBf;cXkh_D
zHnSx;JjTw5&$2hs1NnFpA4ipre!V)_L97K85)FUJ4sXV0oPRvR%Hra`y%-}CA)uT6
z`Rh0;7R1^)tg7LgwD*WM#1}%xPz6^7!;G>zYcsK|DZZPj+s^b>Ta5)ed4J$%XRcH`
zP;hgW-sBDjA0IQidmGvnF>QOrxu4&@m%^;ievz&2imj_b40A1q@=KFI(Hl-liIT6>
z(wSCnF|RV133cfyb~!9zQGphi5{b)_u_$gqsi)~)thn+6yZcL`psv;G&!?47U`y0i
zIbnK;L#X!35ZJsX5S^0_w;=sH9U&n#KSt*c;_DKD&)W%1UT<ZTws(f^S*V6hzbyn)
zZSFa%i5x-NPWdAoLt9fCxvr-II5jBOPohR;E)D~8FxCyS;&dFoaf~el2tax}{Q$_?
zX9y6@n4GvVnOnIcm@KQWl&sC4t|7du08stXOR4_x&I!qgdP}Nlpx!ffQ8C#irId`p
z6X~=E&%HT1X;ZRDSTu=by}{{6W)DR-Qvr)k7%xTNQMP_hvUO~$uNLtSPWKiF<mdk5
z0fUz~{h9R}*(-Kmzn&nG37?2rMra13l5u(H&L2RkV>=%y;UqOnloN$F1~0^iy>Y<+
zBE!RO4=ejsdk-nYdMwkFs!-&Q(-?ut9>uJo7^Z@6UUEjG4J~)Ahu39PwXo7Rb}Q@z
zl;w2gzC;BtBTO8Q=l;M@t};fjlg+{#i{_r*-oiUFnDYk@d}}4j9`$4^_+>Aa`gNeh
z|1Ab$-s?|{#K)?u?)Jiy-FM+<L_-rSOb#%g1BjT;L%Q7psL!>)uXgOAp_{y5FR7U(
zzgUHtP#Ub0^cDdl8%b(dm92RZzyAz|IfY^dfT5TH8c@u=X;93NMJQ%K9Tan~2oy7-
z|3c}r17s2Po5-@ox&OIr)=kc(J_IY{mEB0L55{``h4Q-{6)4hRA~5oe;W8PZo8uu7
zu;%nb06ti|H*O?`z4hcb67_qxHSQA%K%s8%#(Rs}vjNT(_?nNADP9E!%`MirJqNwX
z{>|(?nT)>o8v8AhJK|YkyZpjxeU3=)W-adk+!rv~snJXb7q4De)kZn-s#4UJloMeT
z1Yz${oi*pV_)|OQ*HCeG$C31kecK?&B?AZ=My&+ex41Mo2MgM)!Nz`AdinYWS|KSP
zp%p^M0j&_lPH2U^_J>voT?n*75(e^lgQ(AJw!T@W5{(iHNF52tEeAj9U4Nel<G=C0
zROss%4KRh7d-sdAEONS5uLH$(sKd1?XJbyztE1mu&%N5}EcdN_yA*tpOAe|bPIS|D
zvlp*>mffyP?eY2D+_pwtm|a4H2srk$@<tn;+@6Az1te#V!;@OojXxNdw`zT@g=i<j
zGD1boLrG76qdd>QZ=0W^kKdG4v(N8+(C33kANWx;QvDC3b}RHFpDew&S{XF_*vCaZ
zzFLGhq1-u#sy)my3=D5(sqEG4Y>X$D-(4ydqMea~hA$?5d0K?|-BtF#$+C#@I~5lU
z^UKt*n%1y%ON8lrnwfu@U#sQoxQiJ_SC0aYp=h2deyH!~KI8ex>6?={l&jni*Uirb
z%SbKb;54;-TBV1x`trqA2@kTfHcn~+nd-vFyU$k6BUMfx!AT9_)u;-qcg7Ult-h-w
zhg3>~$ydpl@c;`{dzE4w&#iFpC*j@$b(+l@$8FqjomFwF+@dwxlkmag4nJ;Q@P{rm
zt3L4{BJE#T4SqAwVhkcOyLGwZP`6);-#xb!SnUwpZe8^|ORdAxv_Pp?38*nuzvQ!y
zP;C{>9k~whWwdA;ZP-jb%29kVwt^SY^GnRrx~>?l=j&}>_ms!b@wVy8F(#6%3sGl1
zB5+IZYqPsvjDSdb(9An&R)FL;uXx*`qsGIgwWG-KjuYXioD{>yIeFURTIW)F)`%YX
z7Vdc$NsW*DojPZJWJUyMUp{6peV&1(|Iq91SBTeg>IJLkIIY3P%4AP+R1x^{{7!^J
z^yzN9p_3p);9?@ZCiP9g32atz`kS2}6E!LQvP%v0j`ANv+1AA(?AwpJ@#oy9J76aK
z8_NoK_dipeq;(#8u~xkD{o%Dqz(cFIC53jl#Ae}1vM@JxAm5H=4SK6Fn#E{6lg4gN
zk|hA&Pl)RNozhwc{BlUcRojo=-S3)#!PqFW@T}KVkd<%|&@n%TP}v(dj=p%fyHRJf
z-FUc9u^6j#%r;<%K|r5o_gbm>*L5m#cDKr}eX~f2S%Dic)PQx|ll<w6g~`Q+41?(e
zW*}tnWq>5Y%d1~ugvFxoKZ#}VU*<bK1_lnN17E{Ek^b0QelJREo_$I1-B4K~WmuxR
z>He3aTBuyyc!4m_1r>Tn<CaQVp}n)l9dLJVv*`G}X5Ox;ST_+SSOZ-vBc}G~rymFE
z)6tS%h=$%I#n@00c8z=5&2oY5z^C$Gg~3$ifm+axYgAI$y|dWp-K<k4nK@sv^E=k8
z7;B>+oo1wib1sTR8d0Pgyu0n8k>xwq)lqKrL-$JW>Mi`Xw@69mb`VH*#Rw|t#HtS1
zz{!X;Xq!g-{ttpv8oOh&_JM~H{>l?tNzI)_dmGn&>>4d`*;wuQOg0zl3OmMA2pP+I
zx8s4HO$)oX9w8hK!s(TtUmDA{p1=O!i!u_vBx4XnpHPX3W3OOd`Ky>9Bv4svD{zx)
za`(G6yG!8-q4V3SCZx&vuaTuy>bJ6q@9$>()J3f-cfiT*cDEd-vWrK&<7kES^Zt0r
zZWmPHCMN`hGknfoGq8F&3g)*HS=GBQ+#swL%$WgN;U7J;Tea)FZ`u~BvgTObX!2iw
zKED&iG~ZINXx_J!!N-CA7`I(&jwa4niH@n?R>Gf|`#hw7M^-+@!GUI4h)Qr(i`Hn`
z)pTNk<3ps@VQow5SHsU9Iof)!Hz`LVVNu;B@N#%Zwshsv&w$rZ@-4=gq%#q3C*37$
zm88d_URXRz<2HgdXWx3Q8w&CVehvQWm1KEe=DPPx3-6+R4bKQPNvVnrOjfMT$*sa1
zwTJY#8<ADDbQ}bHEgUBKJK~JK#J|DlDYPuOV*510OG6--cN>}>zwivhch~#<KUjDF
z&#59j+#n!y(fB7P1jx%H$RY42V}Vcb&nM>p4W5XjovX(`5=89WIsYUvKp%0tTRAwn
zJFx$aO2Yoa*VWz5%gWlx)yc=n&YRQbH_PX@h1K6}tZZL6d4s+FnWw??zk_JP_Xj@)
z%FFo8WBAR>0D=U#|HjpT@=*Su%=};S+{4$})ydoOzvTP>oTI|a3uU4}Ur;s&|6dt~
z`p)-P)_Db?9Grihr=o1-r3$wGCo%%h|D1rrEx_}e1H{AoH&PHUm*8Ld;{pAZzyC(A
z{#JtjhRyU>u|aE*)&uP7^l#WfJpVvN`A<0&JRt6W>TsE?xYG?|yezES+Xc829hggE
zOMY>F$TO4_x5N`cZbCeKkVuhPNaW*9weMU8a?u?f`g}N$rZkTm<TzR&xc!PA(z7z}
zcGX10LJuzNArBEd^*;FU)s)Nb{-`jf=h^8V!KX)OKqD0<lgy_iG4%PWU!ODN{`T|{
z%l-aVg2$M}owhL(>0XH`I(GpL)D<cm9C~T;wIJk^<R>aOjw9wYj9lN9*{uG;#0I~c
zZ)87cx|4@e`WV-LEc-cv7R4P8*q0fDFMQpvAKLE6t}ajD-h4E1VM9>8yG%}WIP*o^
zb#{q2hv|>jRY1<B|9E#qbxJWm@<_TyUCqBoM!D?Yo#f`JA<7|mrSvf%xE)=ts7dE-
z9wT9-7IKM}?jjmtU6P~sDz_!73F0TWk(<D*&B=CR0|)-&`P#{8cZ<BEx|_#elK6ft
z6?+2GGA?lF*nwYZ+f`|OL~`MiP3m-8Po{B~(ZRVTQDF`yRYJ$~#mP@p-zQ^<Kjly)
zXmPJ(y>Kf^cIdu3RDOd(cxc;tcCpu4qU_!6Up5FO>Ns?+h<op%f0rjoyxLmVDawHT
zQAaoRX=6p$#jIo_=i>*_nwRf1zS*K@=T<kVHn{ro<f^<2L)m9@jhZv&=`gWdEC1%`
z>T&e*f;w{!TySgem-OH`8cCeM>MU56fo)^VkVJpNZ!A^%VWesOv_#g*I4(9yn`c=2
zg+Eq66y_|`%6l%`R9<>Q41T<>_&$~zWQ^qt<sem;pEdb8tA$uqe8>rsZr|nYNF{+{
zVzU5gM;SfwN^Bd=Th~o43}VN&H<4pYnl8v%VUp2b%2I4eqs_S-NV6-X(T}(Y4&9X_
zq^;oy2`(tSUCeqy#F_eu6Ek3bac8`%9L-R}<S*aHbV^TTZ7b*X2~HnFC(ZyfcV-Y_
zPB4KfNb?FFZ%;XsPy(u-1@SLkP-wy;MihWI$naEQ>&aBeA)VAhj<<3Yz5Vckjvk}6
z#eMYF$TgT4sv;QBKQs)<<O$*G>0UZ{&Hf=!x4Cpg{5Bhi>j(tmVz+n2$eixgt#|Qt
z#LkI~4xE>k=`xa*p=bU<*3ZnVhsPR0$;Q%8^_Gc9i-*;MbWb&ljF@FD&ytmq(pYO!
zylL?*OtoJm;=(;HsiY-*IP{uu$mSYTO&_M$Bk<6D94$$?>Ww|hHhAh9`jDpbp*wJ+
zlSsYGxba*ZEm@X)h53=)1`xXs8j8(18>~S3gdjw{ma;MfeIerfp_M@``P!|5RW5+G
zIxj?b^&PfBh@el&gYTZl-4%w>Ck3V(WCW_>^<)avkj|FqhDR?5TL(KlE4q+X3TGUy
z%h;||xYb7rbICGSRhi{HDVaDsnXvgycgFZac33pLaG<0Rz>&-e%_EUKg{;^P9udYg
zZ0A&tWM?BPS=kbcGeiRc#gMjvROK7oyBSpYB^7R|L=5Av>=zYn^^*X>rTEQ7FZvOG
zb;B6bIQ_w_+C*LMKy#+-F~n7)L=@O^ANmjMnEKMM-<GN9)%P{6jAqcW$Jo|WaEey}
z0PM(_cns7HUJU77<<Xr}Tp1++Z=CZ?HGDPp)sG^N5{`y*^aH<3H(5)hed6WsVkQk{
zR%rNIpQ}3VCjClzhL=5@7fqxr9jG$GH!Ck`#Rwtz;hFLhb@vPZiu2bkQkFS3Bq>8k
zi9J6`QmWc@L}XE~i8x<@8jgP7iyFoj6dab6c{XEHT#;_vcQaqGjqdo35q565f<CoT
z2ksPc*&}nqtdCpypW*@$zgqtcTx`RPwNrT8qt*s%9ZLAMeJlUdOm)eu)4JWdK;Vm%
z`BND(G+G&OoShwlOcUPN9-+7I4F1fb`!9*4_`Lb|>1`9Qc{r!9Rq_|T>&M#+{NuSv
z#B-?5+J+ey?!&?U-OSyDDYqm!Ik-Q0og(fN?(<493?ARrj5cq%1+)9+BFUH<a^6m~
zF;Q&1FeT|RiJN!O7Mx;LpVy>}I$pf5-?IHekQ(2lOK<B$jBx8Cn^dDFBZIBHdvtRv
zTjm|}3v-N>^8*=SooR-@@&VX%vb5gSLhq6}p(31w$tIQca4QN0`yAWPdjW4mCGuM4
z&{-@<F@8M4?=j~MD}JJDX$v8t%p*Ge8QGhV{K!eRF1sD;A+rP(kL<aEdtn32YSxVV
zpSW->A_abX<K7ighAh9nuXsJb?KWL!GNt}0Z4yGF@0w4ny8d*4(NE3G*LgD)z?44N
z7@7s3EGA}Ndjl|hMXIcTW4~HnOg(nH5rj;H-FuKbP84;|(u$FXoU1qD=eq)V<)}gT
zaZ=~OU&j#o6zN6sjqo6i$oW?ld0~b&{RY(_qCs4qNF4^}y#R$H+}&Dz^Cxw|55_0X
zrvWkRhbahrjO1T*mCQ}UWtXc7^_KQVmlln%z0wzLYS>U}2bWP|Tev`Dl6eB%BcV(S
zG{?+mb{M@6WGDG#Wc?!98bxCJT5GZ<+WFH9VKEIYrZos#g^Et!c`CL0TmA9s@Z>)`
zppztkgE9vdXas9eGHB!LonWz+rtJOKCiUO%(r*r0*-*X6dv+}6Bi;z1SXROiZ>IJs
z*f5lUi8uY2`*I6E#_dR2<oj!r!r_IXmNY7-)%!9%Au%rtjpPI!nj_s<@X@V_Kbi{}
ziNKr=ooxJNmX`052<WW3(tfq9S9VjDw{?~=U~;T6auRMz2~0a7^`4pQ%KXT5T!ySI
zKMF_oJb38n;X5v?&Jd+j@`F7xs~=jX!$8){xT7YyhEW5KiE_g<mg}ER@7}9g4JBX9
zSKTi5kGD;Fv(L-#`m?JmnfomU8{GN4u@J=ejcy)Jdad6#Io`<H3*x<)O<%>bogzqS
zKUUM%7j@4_Ocu;%N)-Q2oR#^LG=P>`adFX-TzVFPf4Y96broLE3U20zL2<r@$n#Y{
zA3VAfb3>TxmEuFRKVfus1&ga!^?{4@^gJK+I8O$tkA4#&qWzi6xp2I#az&J3L}OK%
zZ+d|N>5`&LEXF|ixNA+rYsPw#_>y-ch&;p-^oV+Pa1Gt;lU3sk1I^<LitXcN?JVDR
z>68_6sNYSFc4|N1Uwm_(tajVt(F@WBRW-d^m1mAXNX;58S(i7pLf!IBj1hd9Kp5u0
z+@{qC7=F(u@KdhD$iKu0oHH+wgHUc1PL}ULp{~Y*=7}cp0k_=0@SPz2_WMCTK_B+o
z{<3P%A|YZgn@WuzMc@HuDn1oQ_=R{+6)8+x<b+qox^hY6i#jz#aAXkOP2&tQS+mU9
z?=c*6qB?G98ajh<p>80VFT5)4UE+S*;+qqs`BdAOMqB41huCA74|I?qvn4H~o9!e`
zCz0&~a8=(;Ls}-gBq!djzQS#f>4^))D;37B{8PuDWtXAjt&R>MJxTtm#Z;14M5utZ
zz_nh^=gCHOi_5mtkk2^>#i>)Rt`{|UU%y3b*m`Gv?x<_vtp8ABTX%LODwvR{Dq)tC
zf!>{#x7^qCawv7}I<jVaGnL@_QD&<DgYxNIcgYFW-KyN(-t7K%Q~u=m)u)pflNb76
z^YQ8T8bR1tg<c^lTmAh<x7<ga5Rr+u0G*wBF&ps}>=%TJZl9K~B9r&y6|?S|F>D+j
zC)BoLrLzvZCWO|p-<d%t-X@l#l=q1tcZ_&4ckbdl+hVd=lBFo0={d6V`HiGHo{J+l
z%S$At6F&=Xwoi1+iIBFnPV{`HIcKdVo}%1YcscnTWQLfhn8Cxz;x(%QzltgMjF#bZ
zv04fAuG6~{!pL|3#u+)S*}3}B&s4bE0N?0_ZtzHs@Cs>0Ik=C;b=K6pt=-n`F~CD7
z*Fi3$NP4oFawekT4WSPE&9yNclw;~*?UG%8hB+3JL*~08EuZ{$C*&mu&Cq^!mvzNG
z_oKfnTh_u;gS4xAQWcDd;1)f(9^=ZQp@HhLwh_~t+|T}_33APiNspzK%r+J}8jHj3
zG%8YCu0PW(y={6ArM4gASQgrzguOn0i~oM!SVs^QByAM9IgC;ukU2PRrzGg2)yX(m
z-1R|ZwY&aYi^=Go(Pc-lzea*3a#Kn0U0H?=8f+F1Awg>MY;w0l{B}_BWQ<36mcSR~
zrjDQfjjfXH<dg?vy~N9YPEFI|0<<idM}hAbstp8IDeKhn2Bxh7G>5wJT{VD54g99&
zLY%cNM4MN9l!ax(g|e5gQTA=?ndkNFaB)t0+IHSiba1{7@9$qZqsd*=FU``A_w6!B
z^}g4zXC5rvQ7PGa)~kj)Yinp1R>g@vKSDsLYT7wG>LaN4L*{@BuA%PODqTGWt<38C
zJKR{jIlTT4S_}Vf*`{gb0Huy=+j)b1y=?5fe@jQ8DjXXfJE-2|4*?FRuARRRkW<MG
zYAF5JDD&5-1YMuW`THp7`25!8Ku=ZR1^!-9X`^x~@Bx2|XSAVG5>9!ryU*{V^3a~d
zpGW1PVvxT+2>=ED`XmSx{PT?8=cw7)I$24B{r}X!@Cku9g!q1INCZLuK=1!8pz#Kp
z{BD<M1OJe!K!@LpY3T6VQ|Ryq94Jf~C<Z%ss5P`P0zCkg#6XogHa?nGP$E8bFI3L+
z=SLvVAIJYe0rL+Upg+|L|F4AX51r0`DNuiR{;#P2v-42>(*Mf&-?{lG`Op6=&O@t;
z8>)W#7b}MQ&yxA0>7)(h`LksH=xJ#GW3Bwr9{6{)!t=ij*B`a>@51H%yZU^gw*W6H
zr;3v;v|#_L%|C7sAom~jZ}#_!g9=;zP0(eme5|0$+TYi8fZn73wnTaUfv5AQ2!tER
z%f}}u2o2JIA{5~k66F4;uEt?kKrp`CouH}ScQLW+%Wn?$fjpz|JSmd6Ns@GU?g`(p
z@#s>qY2aZ|P>PtGHE|M%+G`iv<30!0aLC{SA*}Bk+s)BB%&R+4SqfM`x3d+Dc53Kp
zXfU+jKOWx?-#>}p-@E$#+%G?_DlgcrEU&6&M5c{=5Adg(D6lY`3*K5Z!TAJ(TvMGR
z`XO+#hV>cdNiAisC3^l>&B&`V8rv*jh+%)U?>Syf(i;2|PbA2N!`ZAm@Q~A#JF+vG
z)>e_N4h)tv$CqdF<1Wq06aaTR28K$pOV0>LGK{fi)^yu`UYaMDW);Ey;$#3?;JkOS
zn^(b>fd7(g4g=F-ZH8Zb<+eU$)DZZc-cQ_V86$*=s?NpTsiN?7BixIrhh($R)GSn~
z+P>SJNczC;bgY_eao$@bGVpZRDRg13&i&B;Z2O?M2kz&G=9Z>9m7S6moc6adWnecK
z*RGy}9~ynnEYd^L1D-3VFX(_Z9<7?_e0Ld)*GN7%4NeHw)2ET<qIZ4GmOFGLgJ~Wp
zb(d3vgPZW*2o#7PB=;&jQWm1~073&+fhgoLC_^K(!S;d)-3tt_37yg&6=Qrx#Y+_e
zA&9mBM_G9YgDtG1{dD*^fZi6y5#dIxk(yOfq!GpkC?d(&dy;}C1ZaPaSA?|Q$|daH
z`*H;BBh@Vck$7A>1R{m67!o0k{+S8Qk~j)rPfKD6zrM(X6a};M))k@!u_zYBhY^I|
z29U?S1zeCM6nAbJfzUBv1oQe})3NHY2LVZv{V+-JH(0unr~tweX$ZZe>^VB=;JPCS
zcb!-l-Ghxq>4_qPM-Vd+R<NLt2SmCq<cQvj;>gzPrJM7BJ2)c<A#fD!jjcdmr-Ovb
zq|FEc%8O6{<!{fooIn`z$Do`f7Qmz=9!$ZQC4CP3sVInKT@}Q4i;y$8?h3+KCkIii
zn}TR>g>r`1gMB!95h{2BP}ya9Vf4BE#d8qqNhj1pqMfJ7A@P6$X`-Sw2&eo7%)(m)
z0H>`7igES>Yn6;1;9%w!kOljI&sRhW8JnhoB<{gNh>8bCHKx4~4T_8*YI~oyh8^jv
z;DQMvCMqb`otyAKEfyg{*wI_w+Knbp8_yxvW3VGFO|A<!(cDrSC+7g%C0Sw2(NE!g
zP>c~gXpJ#WwVM#v?a<w&*#VpiHGn!vmo&zi4D=U8FCe)y!VrVvU!&JE^Nw)6F2vu$
zIn=vjYUQ#3-{SaTzeRH(_*1mA-E#bt%>|ezbHt=TA4bQ!%NhVWQOr<I?VCu}UqBeA
z+4oo=t#7Mgp5V>WM3dZYPRkw9dRJ!jA$~<}*g=fFKlV6$D0(}z9L^~&d40rsgQhV6
zp_A)fdkm24;#`<x$rYGYtW&p3Ks&;E#GXDxWJUw<1p7Vn0WA>u5p?Tt$<<D=PP>N*
zN#?mBZpT~aoG}AXDM-NGz(@2*Ujx2Hg<x`p9V2`sTQ{jd`;Jskb_7_8pj7ORy(&UV
z3zZHc`4;m6_E4?|@R3Rk{uB^_G(!t0luc$>lkAaCh6#@AliAAxV3iERJRyp~oH|{y
zLZ*t$Mi*yr(g8OnO(M6Xfth`~nnb;8#m8IKdjWHBrwC0*>+z19y;;-Z5Y7^FNRPrj
z45i&Eu`u8iYflLhD%+#p9c~VDqj1R*h`R2whuyn4v#~`rO@{u2B8G9Qc8T8GI*kJf
zwLj(DYXz*yPr(KwiDijKC-M5jiWQ2+t;%r%g0Z@gPhTQxyv+iHK+F+usPDvjlcyWD
zPG*MDL&Bc`r#hFzTVs25djya|ZhzD+)Kl-vz;pUbgh04;C&cIIC-_s9ONQQ_l2$;0
z)hX2;=P1#P(ItOx-Lwdx2k{2>4v_-shFuuuROFJQ_k`q7=7h0O;c<_ym+lU*9_oAd
zd@cM4e%=s%tb1-zf8Mg#yVM9Not1bZ5`HY9+P}nl#>fxhshM3t+`qhjj#3XTgpQ%5
zvuifOk6q~bPn5I!C*1i@=F#e**9yXq@U#1j+3FH!R28#p4-%!b7LRr6&(JM-cK><*
z#a(Ev`m+Ia@cq3>EbjN*_ehr0$}V-I!zPYXj~9qKT9K;TV1Mt2LE`=dvxTsWM=5VE
zt~?8Yr%6%wzY?IAC_B4U5|482Vvd3QDCkw|HHw*@y#Z}4BYc~I`>}^e;fFP{?FKX=
zo#yL-tIR=a1#Glhfg6!Pr;pQR_g1>!i}Gs$AzoHkdoiptgvSIU%?LZWuG9J6k_O*i
zO{vr(vHRxrkb=$vie!vE6&i&Dbj}yH)KelJznv_ZZo@s!0ZPu>P8m}YHd20+1Kozt
zYTCt$;-`>a))(FjIp%b<8B;Q5^}F`>9eQy$g&`f?@rbKhYX;KZAqSl@xZ|duTk^aX
zg{_1wqA-ArQ}&jef^Z25867?uwihL-6wP%=23~#oj>dCJ$d6i{CL(1KWVQMR=5b%D
zXE>(qse9saTap{50))SlLNZ-f4mnBQKz_n-!by;RjZMUXp#Gvap$Xggo@?s?J5;U~
za<6=B6yoefGu~|?xdv#K3S1o&H+|*sgM}x(DJ7_lKf5PJYV~zdVJ>9VPkR4kop@Cx
zVT<V+_^k3IqNe{GTS_8NhnlmyyC<*&FP7mc(v8}aw8oe=f_u(;PU%PX%=E0#KpFUw
z+VO}?Dn2;M&7Z9xp0k(rl%bPgE&SvY=MS438*M4V6um7pcZAl=dp-%A<J(}7&}NSs
zkFK2`Pd}e%A4B(^S&Y&<33n>hisHdx+-*dGEmXEQY9EtJuInKfOX#f${r=S5=*O(5
zi8nA0$RYUGlI+8$K{t30^iN1nNjw}g*b*pdt{-Vj6HQg!X|GdCJg8_3UxNh&vL*&U
zYMGK4^fyaZw|K2=toC<}-QSc1<L;T#edGAXC`$97?Qbkt!yRW3wsG<08tZENx@$K1
zuJza2>e~DoT+VkCn>{#|NXzI#v<pkIapx?E{4>JoE$b3;)5S)xC`=(zx>2~nX7deh
z(H7s0`vcm-mBj{Qm@;^svuJ_=*V2sxSTZ8ZLw1a&L~Eqdl4hcW6_6i17MmCL!9$&+
zFn4I)EAgAKJFTBc*1GxT>dxwqNw2m3{H<TXucmfNf)fgdI5!qAuFt8?s8Hggh@!AS
zffLRX%{k^1YXdWz@SaJ62JZ>Lgx7I(&Ib^YLYTyEPHzXI!gYRcosVLB4BF#CqbH*$
zVTD;mcHdNC^OPz3Rz|iz#%v*HIS!?r`4b9HD1<FcrQVMi@f767vYrJur6%Yq&kEiQ
zuWJoSM5v!>NUw!p(ObOb-eesiBBlNL=~cRPe$Tf2DfhA5C7~aA{KMnkR3~M}8S^=p
z0Mf_x#RvFe(x|qe>AH{2H(pIKs#1#2`B#YRKa6g;r_s<naGr8hXp+WZIY|3wgkBQd
z;yEtHTRnBdasJ5aCpSwF2vZM1F14<xmrtwn+}u^dTT?pxh=lW`wP(gW*_XF2xwvk8
z>^?!XrB*MHbRKw#c`exV#B@s_kS4)C-p?ut%Ynpd<>tk^%%pn}IxvP4Q?1FNv3sj#
zibEC6xI|Xuh8p&na@w}5B0Lv`nsPnw0>Vic9{rK*SVT(Wv{y<E_+vMM@Lufa3>&b^
zvCVR*$QOIl;;;~@WnPBMg%fFPN55Xx0^!~YFZ~92TtJ{i;WYDUtk)eie5*5J3a>1+
z<kQ@i#}}nlx{J}Hh+(3N{CF`gyqBmS#HH~fBP!BD;amsKw=lSNh5O7WqchnNOfKjy
z&%G<Gg#CyKuBT`^(sbJN_f9<Pv8dFe>nYh9?dydLWqYs@bUBAC6Yy@5r`N_bY2Rd-
z4)a|Jz)-j&vJ8Y7A4ol$4%cnh?exGL>=UNEDGcMgK&w}N!TnX?46Wt83)p03xzXPD
zqAEj;HPd45V^hoBLsb--{Z!SfEDgbO*N2Z^8f@e<@QD)1wG6p}4cS8XQaT;o)#*go
zV#1AJdZrFMJMu6)CRmKd8A_z;X5&c1c9G@#%Vf(IMq?e#!jt98G^o@cUk4&rOd(gO
zj9`O&J#r#Vhf_x*bcU$6<s=kI477)4nH%V`iW@ijx0rE+&d#@9eTyfWs6l)f8huSF
z<QccYOVXXc!O+`pH3HN)d!Nn5=#ei<&+XeEH_7aqR{Zfh;$!JZsr=)qm1FBFpaP~o
zQshfJSqGzKH1>76X9vocoFXk03)}PbNCBQVEx^8Q^-7D(Y~I$u&$gjZxk9iZtcLR|
zHnpOWfk^tH)FP$#Ig$3-(zf#>YE1%rfdSX`{rLiy%8pKE;~&`?--memhF8}W`x@G4
zo@_<le@QEV;ly{()$QWrU6}G!KLd@<t$c0MQ$Nf$$tNKzt1m<R4C$ovb2i)6t++!3
zT5kuFIMbRqSK;}i=`zn2Oq(-5x+JI;Q~R=RM{@9RH@@|@qd-rr;|<$!L-)H4K6|vZ
zzb_lfN2{XUkZqID){zjZUkMZ5bvwKovO8JN-spd!q90Y?F_DRH4YH$2+!u^)*ut;Q
zgDL{c*yF|l(TXD&JWZv-urEnfq<$FAedQud?bC~(Hn1j1P}GqYsI1i?Rp@tmicDdZ
z+nNjou0uvDrx0W2%B4YVUnH>Qm<vmdFgEo>apLLEFPP(BrCF*LC*oy?&YfD31uD^f
zVHrIIoEHm8uH5B#MoB(-WMiKG>hf&D7mZD7n~$@QS9vsJGAFK9N)aaYHca&7DCMSb
zRuv91gBNUzA$c<y$)EG|L6PG=o!|%V(k}^F0hY6j3)&2CBE2yk;REfa8dI*3@_}Tv
z;dk|sFSYr08JQDqgb2}8+XVBo1FI5I#EG6j36)vD;*8go389)pluGw@SeMI<)1Eh#
z0s%QY*2!V6mG%rngNXOTSm#*I1r2Eti2awwZI)UN<sq8n^*P!b33G6Ql<XClV`;dK
z)Qa{T55E|&lHb)16~2NSWtf5Q4OQ0sEW%VQ5w+MW*XDgwUs<##EK)ANRhjRb|Ep^>
z=^c(yoX;_%Mq0UuN%>r5!fdXnN0$WmuV~Vuc~nvNn|kEL{X^3hGS4<mwQoISytd<|
z2QIiDZ1`Red@-aWuXK;>KBSCE*g)`21JF8d9wV>v`}vWBb9*WRdm>Xh-K2bp`fRno
z59E9o!Zzr#h^`Ee!X;IPt5hhX)Qt@TnaPfQxxXI9`Dxi8ie~u~ZJuD5t&h=PQJlqO
zm8z|ku7{7*-&mYwV7=+=O!=uv*)S$GP?4pX(3+0a8_<^!VOZ*Qgg6!c^J9o=uxW5`
zFf22pBo65u0yPrw$UmW-aoy{14a08IrmyRx&GpU4PzhEia~3<K(o!pmeJ)2KwM;GS
zxpJT24M{9Qj;iAVNKr5%^`LB^mKs{(NIG>{HdA3CRW*O=<mcPoFp##yLfzD>Os66E
zB)Uvl4wTtd`YIZ-er#f;k)j&v8Fvu7=ImGIehQc>kggtUiu{HZ3{xe;OoOi40Tw_5
z-9IrU<4n&F@-xN9EvvG*S;`H6U$<HX^f0?z^a~{zCh9PmFZ9|GU+ZU#k#S{{x92X+
z`mhI0yndcDlK(^)sXlDemihwjI72yNJqpL$MmimOBxfG4V|O0bp@M8Nk*P#gBShwk
z2qiy!bbUi}eHk6OifPTE=d4%{c^cu@^`AuEomF9#2glvKV93O}s#Ods*GA%3b`N{Y
zP{gTf+aH_pB<rolmS0+M)rMyqL{4z($#wzy`O|XwP3E3sMGV8IVBQjHSeRXDh-sH@
zF)+VEq;h*s6YDEeh7KS7!T=%xiZDz>TzI&nA1;OWRy%1MrVnxf+Q8Kq3QWPdoTa$j
z&&t*8l1m3nrcnPmzsZ=+SD3jH)ZyYC72Vv@87|@H9nvqC<tdG0b_^I(dOq;Nio&an
z=cC3J-#AL+<x5eWE|SL2322WU(>O2ju`nQkvb16{cM5S)7A0|0#~e{2;iOEIrDPbJ
z$y^SsB~e_;Yjik{;KS-N_GYr8tAwXr8tF7LzG^Ps_aVt<OTFaNOi9(uQo)lBxgt_~
zpLA49;Eg1`WTB#}^xp0r4=oM1f*MVugyg~y?tmB}jnnQ~r<|)fB<$?~o|gk4;76|>
zv<YA8DCNAYc|KKS^!O9P{1sR#pAUen`R#7HdGqjXY)002ts;Z~4?U)H$@fIX8fmEC
z$PxyY?T5A<SczSUJg~P#+{dqLfhWMB{w_9^K|L>ej^!Q+Wtclo%33{3oXES_+cF*Y
z+}s}fUdDT^i2H2`8BDJ<5527M3R($Xysf=BxjaEv#ds3+sSIxOa!?sZ#ldmDARu6G
zNPm<$SZtjC0(Y{zJ-d6bnD=nFV)k;3zBC`roI*u|vuf`(;Qu4+9HT3Hx^*9?W81cE
zTOHfBjgFI!)3I&a&W>%{PCD%9rvK-h_dREvJMJB0eOSAyX018ruByHEsx^KO$BeKj
ziuX7EG9>R&T}K||=LFoj$Tz8|POWH%Uk(cW{TgA{{oo@g2~)`rNt3^(5+^TcL=OFB
zwm~tuh;87soq-KfExJ?M2DXR6@9}=U4Ai=aptYt{l2+tZJ0oiwEjrrMSRRhZ@+KhS
z3Jp>;3KKJIdlgWy%W!Mb_=ZE9XJd1LQ~{b6+y+LJPrN+`N3dT@Ya0S#0bSmYf}x<_
z@73;^6S+f^&WKDU6~>Zt(KQCIgx}yL8-jX1<=0Nu)|5+eBktXexpzIsG(7<Y5m}IW
zelMnL;)!qJiO@BImg5$duSh9ACF6?HUJ2KOrV^)kxa1qY8}u;_IEZe7@WL;W)4ow7
z!>t$s?T}z)uS%sAvfR$nfoo%9<IT|Eb!+2ABqS0$YZ?>Va4Nywi76tB@;Xts1?#UB
zUH#_U-2Ms}<N|wD{f4A@v>OWAwHcHNH4Gy#F}b4$OAq7%S9KaA!V!aA<R}JeCWS;J
zrmP^WbBrpOkpMl28|M4e2hWzHVX~}%U#yLV2;Q>fp+5Le*s$1Ig`y&HCag-519M{V
ziC8%R>*im!p|;7#lY#QA9wVr)o>R_U32!hLky(*lzuzhbRYM`X8=R9`rh4LaDpw6!
z7wT1=OFTO6JCEt^+K*fZa_G8U5~vFgu>QEghn7IMCFsvRxl+AZ|LKMw-e012@1Vzz
zNsO8?EKG0_RnH5PwG!67GbY>ZrrvyvTeM((-1AUKTC`!L3|}$<DeM?qi|N&i!pS4W
zQbfxm7h6+NDkR<14rzwW>BzoAaOq-qgC-QSUS?($gVyOlU+kC737;;znjO)j0upD%
zbPFvp06qpW2Q>%gNY=x|J)!!vODIU8xv*qU^B^G9o$Lh4M52jRWKXdvh>X;s&rl}*
zdTU#6fxaywQe3;pf>e8fR_9?X22S^!yxQmR<7@M%{&Q9?1K;;PLhg9!mpWtYw5N}h
z`;WV-kB<-Y>{e%j56@3L{mdbno3ZJPYH)l3_`pxRn^gP^sxa5{c|LWdE@`?#Vy_T%
z%lyFsRh<nJI!%DSlpVRd<;$>Vr3iL_12-@Zl%LRaX+_C?a4l@pBe}x8Br>C!{oQ<P
zQk}JbT}4_Q&3BrsqKQ%`+<pEW#qbPTG7!3P*>U7r+Cgw)4>(8%tgS#))jBmSB)0&G
zS?R+oB^$aTk{~N%ji2|!dA8hgI*2YSr3H=jElGiDb!*ZAd%NMP1xOOn_<Y5wKFi9t
zV}U$dG&;lj?1suG>hpRUAik8Kr|1DrLcfMhl;bJ0RGB?5+$M!l&?qaCh;oKqe}QSt
z5P_BDwp#`o#0^1!nuSAQTOtH?9S}B3UAv7FjY@~(1{R}sOXH|KGgBABqSKVzNFt#b
z{;Hm_Xh2dk)G@C^Zpub+44RZjhrnZvO5Ow)Qw}j?j0^GiK{sFcFmF;UD}I<=(=ffY
z+z+`;59%kH6uRZQ{0;0FS~t|%+d0-c;Zt_0^y=D7VN3ALf0Ofwg@E<AD)pVgk}Vwr
zgkOSiXCA^Qm#V27$Q)X_%f$T2hNk(^Xc~V_UKD33`lq6R<i-QmUbRAGN162Yl^-}N
z9h#?4oQ*j1ubY+D+4ho5S|YjwX$^clLN3Z+`>n~~Ms(EcRm{a6S#Co;YJo*{?>Vc2
zHz0$GHbOH9S6KX=n8cAGS3fF3Qz;>--zs;k$U@(nZWaQR4_$5G$^lKbgiS6Ma(;@e
z@dga)8}qVJ@F)p-64G8(MN3A6RJAJAEVy`}uxwuUrO0vG(WxBi&`tBeQ4l{mpWiX}
zrhIR%81UQ9>npDMUN7}Ocas|C3H<&90QxAhODU~6eE{(Y^jZ%I-rScG+i&+j&xW%%
z+N%6W9gI}(M7F>)F$c_9%%FmnQA+mDp$KKg$j!hI@UdqzXvJl|*ASe+LOk!x_%kk`
zGGX!QMcLGghI~gaNR+X-vmjc$Wx$xjS(P3iCrcg9Whu!{%5F-MmM{`qQ2f9oO4TW*
zDz=t;Lp^_4g7dS>uF%vv)i~0!Upr}CS~zW;`h-c?GGI;fL=y2$Wd_l$#UH#+iie6l
zW5UkrJO*0**=ZuC16hTV>q)*&*j;OS6GCT<UE9PEuWdr?U5Y!3x0fqxBu>smlCXkr
z>MVg;P>M=6bI$T=@p1CFo2|#&JpKyJ?>`)f<-lntISsoW_OPd|Jb}goSfMF;n;x{9
zcNW~1q82Y99kPb5C|a$MiQ|fsHz>d^kGatr6a8k)Z^Wv3-^=5jPM6&K9lzFhQbbNK
zmSV>Q7tH`yRYgNKt(;L!M+G|8h?^(Mady?;F^Q8rx*S%VOSTYEtiC{%FE6LM-Dw##
z1taIU7HiGBMt9XEsDR?_w1(c(a8Yc$dTs0T_Pj@GuY%9rR!*ns)Ni=!;MX`#b^8&v
z=d|;9M>1Vo3E}g32K>|KzK9js6y)n5jL)$+5^EqYPp>zh_yGd?_hL{v33PPSm42aU
zMp6qFa98m$qlLAV@yeuB@I*cqL)vny{BMzs9-P=x6wvZ=07bfCSUmb+%fivDN>K_H
zmrPK#QG<lAvqt5jBFk}e0_$*b+i-Eq5h*iZ#o&;lvl2spAA;%PfJUwK`B9bTga?=0
zA6BN{G3aI41YK2R&0?H(^Qy6`v1SpXbD|JkNNx^KoH~E%m*`qsuvByCo^|89?%_OJ
zH)X&rW7e>3p7@RasoXRZ6+&PZmg9kTfM9}j^kfVg528-Fu7YkRm^0K3iKdmPi(2@5
zz@~*aY40(Q1cQ@Anh+)H`N$~5OEiJ=mP73*P7*122M*{kXl`W{kdG;%9F`ub%6BMd
zHJX}lNM)`|@Rvv<qT!Nr%weg<Kn#wkX^l%leQn1HyehigiK+`e1|YhQIuZH8rU-c{
zT;Nl)98RFJmL4}*&{>?=<>~;V(DdjV<Mi9mW=Nr!F&9Z$pZ04|Wj#5va+i}9C9CEM
zAsV^Ej-VZ5#&N*ut**W8<_+XjYjr&geKgp2ul{&UE?TbEsyl3tOt#12Fn)cTjOBG)
zOhRz}$aAmWxLvx%!`NhUS&6q*AQ##}*nY$5Gyt%vGgz*8O+JmLt(yxhI4&B;`U@pr
z1SM%iI{+;in$1ZamJ`DmVipCQ-oCO{kAK5pcF+TOmp860%ve055(|$gm(gxhM*)qp
zLJTOEb(${-8mWNZ3g(LEU>nUAVTTQ&8qJit74V0Aqt0iknEWmxN@k*u#;z?mW@!3g
zssR0xPAB{g?FpN_O!f>60;ULQ&gl|bH>)vvot}?@w}Oi{D;ZWR4?;bjYYtjO_)o{}
zb#YIIYiB&it=UxWG88XDLaZ7|gu(f(R<vR;IKB!>3*&$?dNh1EF|NcwCTmoJX91|w
zX<%S3oE4`WgC)3F6`LP2MQR-A3Xriy_<9tx6>6KO^K-$QWA^%#aW}?(t6|J-t;fcQ
zEr$`wgADp@sbn=Ok0|lS;N2e_{Gl5?hnwR7%f;g)`797K+TU5!0-EGmfdcIsQ30;?
zO}zuzvhbBfMcPFq5)%?JHfV_ysZB{x18-xZ4p+ot;^?YRH|X*-_&^EZWIbvJdA7E;
z7e89xI=&tQ+L>&uR4x)vSmza_3VKJ3kEcm}t49hzvkHcBeq_X$oDavP`T#BSdrk2b
z==hX-Yw0L9gNz6P-IfO^JSvb!-dw&ibl-ZV?hpX+q-EDK<tp3AT`hbQs!~Hm8iovr
z@zR~~ZzNtsfFD&Orr()LdZ_<-;!Cb4F_)RJN1wGdqK11!oi(9`>|}-Im^=v&D@8}t
zeQ5|PgOo*&m#?Vy^&~gHlr5&mpB{UvbR1lRwzt3r-J&?nT)r4q++pUE`RA48vpb9y
z<L^gS7!X>{w7#%L#vL6;b(R7(>7<z~FzXd8`8LSs%<JnzqwSs{T@qZ6{GPX4zj+jw
zFhkcn62qPw=rI5S%i8lBd{4r{;Vw**o6WwH)AyAl^0wL`1M<v-W&-1A9*ZLb<QYTU
z$??em&0GPx2QDlxJ_=9tezXBDi6hS1*t@fD5{W<Q$?Ouf{5t`qfWb*wYa&}bPfi9I
zJbzkOpn4_H+?uhkU1`|BiB5yGhNAQ>9NX_wT09A7w`oe3tEjeQ;yPopr(9STFn$10
z>LT*z!sy#kpFx5f@J?WP<0$F2DGSQ-$-{zpomeWGC>?ZfOk|#m`fuGfL>y6|5bl^f
zl|X^*4w#1yK!{Z+=w3=`D#>QIZ<7l<ch~!STwI1Mv?8aHMmELHLbKgw(NktE8Jqs@
zY#D7r&B;ksu&4Ko)XU|&B&%E|DnIE;TEpGj03aaqK&dzKVbNihhEYj8v6bCzpDQr}
z58KQ0(Z_Eu{89GNSI`Wb>-C4HkpsppMo!~sB@}UY!;afOn;+kw`vtmU*1eOTw%GHV
zjE^>~&Fnj_B|n$(9*k?zJWMDiz*klLZd6P$#=tUn>Um^5=u79XX9(s|x&*_8D$p8(
zG=wtxptX|F9#t$&6&HHb6YGEo^@rdRAz3FLmuE~166|g)81WS3Y{Q^3!i5e&gT^2s
zLJ%HRu?`j@@X?=VN<XCt_aVsRwVHn{WV}hE4cF{fCvuLF(`Fo{p2=2``}sse(w^Td
z;bVr^DMVxe8R|8cL8yVOI}YX!a@OWX?iZWIh+v|osS(Q3k3%+U)S-!@=z#4^m5jD1
z2yB)h!Qb<VqWkhBxjan<Z{dRMZosl0-{3aW2rqm%QwtBG5^)Mr%a%diWw7?eM~Eo(
zmD;2@_!lPll|(_xr1w9m2`M)P+c~(z@`c&DxL~AEPVbT=9>?X4vHYswZ3rBj-&bZA
zzmrq?No#}Q21R(yIItPzmJ7BAV|d97i6>DKZ;(Lbz_X{}#C|`LfZZ^?!1Stv*U;c7
zm4?5X%GcYYw=Z>Fy&$ipv$+WDY+yUN)?D9xe<0kVeWC$7LA#ktB4w45p!7L2?~)C~
zy$$ay!at)a$dmRFgaz5EC8(7)m4C3yM=YhBsjL|*GY!1a!v~p(x6_n(wj8COIh%xP
z@2gQ!>QjD#R8sD~bkBOsY5ybr4QcK3iQ+_R9%5$49;Swv<!&Fm5+R8n#!V7FZ2R)*
zcjq7vtX)vfkA<$~x5_l<4n99(b3j$YWy7YUe$)3V9(^qfT_gPiy}h!#tm~dFUyS%p
zp_m46IPPOYPdBrX2IZvVF4d`0TBF;tC|d<2bfrYneC{}6-J$Q&KzEi1c+&A#@`}RY
zD)ebX7`}L#oa6bw*1wKlOV7!aMQ&aatVMq=RV4>nMFu1<;8<zpr_07r8D)|**$AC8
z8k^m!ezf#KNVk-%=I(dOzB=g)O;JE&+_IMhF;?-23j@SPw1j)_#o;_~@ZX8E|BPpU
zbcMw{5_lZAbDl>F7=I2a*uD6E;v9f?Vt>A!e(1j)dVI$4^$bL2pM92pQquQ**x5Ww
zeL^yNJ%M~a0Dq>%L1NU-!mw+pb4eDdoVE(K_x9mL2}Q0(ZQxs#6IR*I_`l6hhF?)@
zt9T=ZN@yykRWy2WgK0HeR~P-Rh@O)=Pw>V3@WD@zcKkY&)BEH;X@W{z%9)Ckf7tAK
zu)OG)-fPZjnMx`R<gIba{+y$7YFYiZ(NnVu+faz^&3u{Bhz^I*76dj#hT9AxuP)*_
zEBUO)e7}@7*|Oxb_387;?z5Wkw3N+pm;P}c3~HvmzqJVY`uYd|_y$g$zI)9wAAM%;
zK;lim4+OhUwbnHT?XWBntX!PsMh7iyu_Tc=O<l~#UnN+BTlsGPz7&(iK?DMSr1zZ~
zJ{^#N4V+J`A+#q_j@=5;ouxheyUnwpb*`7xF4RMBDRJf?v&{2%8@8k4(u+uSLk7u0
zVSYhU0dX5OvT8gp+Rxem6=WL8>IhL)(%7?|GE^L+h@&`MdItB#B2s29cj?`)mi3G+
ztF?2DV?OZ(vkkKjWv5ExhjV{2A2+Pq<Of`f<;SDvk~1ru?b$Z%+BUIdZ50s^By2xQ
z6)^B33ckTTtUl+*D=vK7Gr;bi{gIXP?5tb7+t;a+Nz)28RyQ_B!>NM-+s;Yexj<O1
zO3U%5)Radjq$F{jfFL`=m>nzFfsp28IRZPI1UoY$0nX6i?KSLmFVWH-;!5C9cp%Nv
zx_}5d`4(3vO#9ZYvagF1i31*C%<XkBq|qo~jhy_fKrR43vjV3PIDZ^bVzU<_oIWCS
zFHhw*ZPH}-`x*f`i-@n7q3bwtWrUu_<}wiWZfUgqPu3JUG%jr~fQ7ao**p)k>DAH{
zFVruvan9oFsq*wISl?mEmRYh?0tF?9P^Gc6;zSyN|56lgzzGk`Lw{N}CY$m5Yb^o7
zQ%5L_jWD*I19%#5JEv<GFtO%HGjI^tg@PEe^WBO##QLXmq++}Bu1l+KXNE1Lm0*fE
z#x)Dw%jO|n>|{=ZhtH4S8^wp}KA!7A+d4G3wY;|$dmnRk&y!~{GBxj4$I}m=@APk>
zjYmVjDVi0s>v{L8W1~H5>kc`_)AiPDx<861F(&Bg_1H|_vf<8Sn`>T!r60b{R6w45
zfV;80N)?=ODvGg|zmtB{JSK=Y<qUoT{6Ipe;s_aWjKWM^y9&Fs)spvLS((X0TuPw#
z`8ZAM{BSuK0p)U*iwvsPyL_r$el_Lue(ajWTKR6*x@n=Huzacc6xITTG;m@G@a%qG
zacZE}^xQ_c^SNRRuz{+(l<n-Kj~}$%4ciQ<*&ciAJ<4mINXQ&Om%Ilw(j64>Vp&dt
z48Si+sEiana?agiFH!MDI}k<RM=h~dI(FGCd88NJsGok9^Eyz2Jd}AY!itr)ul#yr
z1tmZfGQLwS9ZFo&klwxBE6<~}!n2C>lAg8LS(?qpvPgFgwM{R<&a$s+&bp4jTG+BA
zQi~mCam*VukXA>NSvij8k_krMH!-ZQn`;x)FzD=UlhrWOIn<%3WYIfn{3cJb@`t_l
zflgGW<kShU=FZZjqIDJv$)$%FE*?zw3*SWFoLQSzJZ#g<xqSmawt+))iH<N<Hb*=o
ziGM#bQ!6XVKo?xRG3b3OQVqw&3s=5m*lgi6P#!0jy<*lVo~%OTS0#Iv;<+O<dWDH7
zSURZ#{;1LHX`>d1?cIuv8qM6F4Z9qbyaDHUSk#Qj%$+^SUgxJV=Ao7IOThBApQs`w
z|MdiaPD#!5@#XJ{^f}HK5k@(xSgN?KdouJ*L?vCz)1@@<x~i0h_k03Ae~gy&ulrn}
zL_EbhS$`Uo<d-C<^ImeL6uE2QNePZvYLqs_6amDRoNf#(?V!Xgir<2wEll)-r#QBV
zAaTLXTBwnxBO=n&d*lUjG&4j4gJp7;ECB^IEd8x3S5C3`pa?j;7XZ${Q$LiUr$_zA
zja%Gp4L-LYe}-4%dv6eOPW7E@KLNb6mnT2;IB$Gk@C4qi;h*GlYCao!^tT7z&(_O)
zF5#T^8?W)fl5XvOpoFjKBZY+)tKl5p7ed|LB~Y()7(XOJVSe8GL)pSWDq-&tT-vvv
zQGd%wcuVC0C<yW^)r=JLcxol_cD0X|D<eflNKzYtn+PPuEbz1=|4u@;$s^{5Y!dG9
z(C#Jl0_g<K$jVQi;wAR3A*y%B%@^Hv55J!jzc^ISF-56!DQphsevDBwAI$3|eI<SJ
zdG&G6>Y93IxnsGqo0qpNnJ#7Xe4vp+X;IR!w_$Tl#b>^ny<EIz!qy$Kj=n~j%Iq4P
zGisab*K}a;q{YYUQ;Tw)sl2QW<^`saz^m7QwaASIw&3QmW6BLxLUGtoG96{IE*oPt
ze?7I#nJ}Sz@#MxDV;U4D)a!k7be3gm+bf#~=giK>#;?LOWCl~@!5BVWcj3*t41KYn
z^APVX!<Tj_Zyzr!ZSrUxOLJBkB&yRP%}=ZHyKe-F$J$Hm9lOXsSl1?txlh5Bs(4;&
zI>U-h9I}_eW8Or-1qT7Dvo$~Qj%0UL9@o;MT+9v@U~d@k(M#ZW$PGhlgG-E!eyUwY
z><p;(f$m6$GxEBw<$O>==s2Z?lfiSlBjF2~$3W0oy{csJdr<pSx6RRc8q^o==v1d)
zdt8~aR@(}0X??;2Xli_Nl4rPYUh6NuP0-W`_@bq{DF-;m4pbV6X%0@c{z%BaDb`W`
zX<09Yd5DR|nL|4>?L2`%OEDfSt{YT9@4$Iqev|%gdky)BfUDp7dG=0tE=q~z6e7%|
zpH?xUergS8i|`YibXa8vTS7dIdK7hDWjLz$<q!3|(>!E)tj_k{*HbJW!&7?AID+S)
zi2ErZ^Ba{D7FzG=-VA63CUHnr_CPkX>O~Ott>sUbdMtyMOlp~GQoIJEQS6o_O`b|0
zN_jD|K|OzMTbJY(rGZ#HwmPd)15G~Kn9CoE*|q6Z3L2-s(&|H0eL)TRN}KKMlU%dp
z4w*B?OxZ)mAJtZ!L|xg4rN`P*Z&kwv3-%nDsO}P9%_1`~O^7cH_i$B2GaO01GbsOH
zN_Yj4IWspGl?jbRjdsI=Yjre7t)?sKS6&p>=hGKVX^qJ<&n%BMeN$V)^>xKv=5Wqc
znvk@=Vd-WGM;~No8;i6pvPr|k2cHn96AxLh1gK@c^jq8P$J6L*_uMU3oZB&6TqO|b
z_v~WC>bQ-*FK>AdxFc+ZwN1654ZdBf7<r$DZ1cV@$w-_`Nt)gn^M7lfgTg&F!aau1
z^G~2XunN)I6c!<Ak+zs+!)}ysCzzCklk~v{)PtZNt!|-qyJkMzlGyHdl7ON$r*%j4
z>Z}`GcM5jdHr4Pu{5(QF)^u7TA;M@*-MHea=2owWbOxtgFTz8PC*2~Li97-Fj2ffX
zcCG_J;8;PqOetLE4xb1$%zyqCYPh0y-}w4p0@DB^H`WZzv-+FL7#)R9B_&1w7o%YU
zgXq(~Qvun18v`a47E(Xaa^JzzS>T{*W;O!p;@vMLin0q;r5McVQ3k~qG1G>`^oZed
zQLdm6kf;#UB6Nd^fo3HtnCMZT2BeDUI&~ZhBG{GFi?t}gCsn(v`>(R<wfgQR(+P|E
zvalk9JH7RzSaTwFG1p!j!YE0iuvw<U04O0RMSK=E8A)s+Bp!-WPjBh2(|6gfQ{}Ts
zwf2Mlwf@wm)>=2)&<N#67hI#%E;WE*dpwY=`)+_?&h=;EC(On3xb;d@&!@(AQ_*f{
zcgu**{z~~dJ6}Y_2EyYG;!!OU!s(BaPaLT&R|D{m)20M9UQxQ!s&9_>lL?>#H5Zv3
z1_qf|$X<T}vwi1iCk`bXm0Ll{v%$GGw~$+wtQxsFfk|Wp5%D0p9OFKi%pAfL7sYNn
zsg0}Y^?2J!%Lc++R{)8zH1aQU9Kk}6s$AS&M`L3#d^Z=U!Lh~jvuOOvLfnvtGI+X1
z*ehvZzGs3*t6djxC$tzmN{Y<wq`Tag#8uUJ)xk8Ud%A;p<z!)F4Dd+}xNT!conVtZ
zatKXh;eM~v4U_o`-E%FD9JT~|i|?Kh6+F_87(72ER;0sgO=oD28@aM4xEyU|H#7Bd
zcu;T(i<ORv%bY+qMd8#Qe+^eMMYfqm&&JAWMG}x$5!;C~d2vqnEaysi$=BXHk$9zp
z|H)1+FQ2=AtaB;`VAnBk7CLIRJnA@l4AfA2FV&<w8>czsUXN>AyKl|61aI^_)W2}(
zZn+~i&axYXGq)GSisq|7-aiQFK*Dt{LKOCAXj%B>)RE)$hQMa3J8CdsEubYvSg44C
zk?LCLhq5iC-2Uli*nfEMO^;ECrY|AJMneJ~wJ4+NBE|p5<n}q0deee?s=;;LmB$5Y
z({R&q(=sdEg-ExeTEtzS`XrdXY(C7zAonNlt_${+!JR{S@Ei3NbQEh~=(6>o4)E>M
zEzdL9k5qv^Yxv(Ko`D`|0ucP!CC*f)Z2Xf}yvA&L3K_jTlohusX-Xf*i;L_E(;FvL
z>$eS!0w%4^%x;w^E7YNj;E0PFwrL#{0vgU2`wxMk*?8t*U06J;5@<YJ24%K<e0*>E
zvH0&(qY^#dGP8K;loNVL)ghNMTM-vn`3!JtFL=FGSRQH+o1j>&0-#T(JDOPL+#vsX
zJ`|N@p$uU+)k}xPY1<PagVjn0+G4iz2-}oW24aiV$_C0&v_)yLs1B3c`hl8b$(VF-
zNAZ%-?!HMd(r?|bnbz9mBzk;1&K(m828wMCG^9V69zIQT8hf~R*~a4}MPHdX*|uJ_
zGRAT~IY7%%E(kZ_<^27lu702~F|0Cp)j`~Bz_PTzzC2?WG+BqC`tq?<`MOt;Tr7F7
zm|Ee=P2jO1{p~dUt&&`TZ_v7k?Iq3Vz5xv^_>rc3&A!m}&mta)fJzfa{9d@0l&I<q
zl9<pio@%^~53FH(D>0Euj9HLXKERYoj<ybtQfhO(WcWq-&$Bl<X}DGcd~s@8Fd=&u
zk-fYfLw6yMY!Ml|wIGVJr{d8MDw6M9jhs8z#_O=whD6G0Y7q5o3E7X0?JV1q8PV|G
z3x<t<>Lw3V7Mrao-emeB&&j$FT)3AodvWpVFfJ7EN}xd27Ap;lg%pueArH$#-Ro^-
zICw$;3%uHYOsL;pBk{G`c4KDH7&cxt+)ZwSm)5<?Q?gn-aS7f}E6HRk5H8l%QzZPh
zI!!hd+#ffE+UeU&rZ!vdyUNzU2m*CFZo($Wn_x1B<niOZik{kHFG|`P+~5?pvrRy^
z?GkUY=9s3T6y^rTwZc|+>jUKc+2|9tOxV*Qu^^6MM>$I1f&`Peh6gTy5E`IhC$JeA
zt$X8|Az)>(u<JFUn+4>C*Lo{~Z+;ZirUqz&LRit&hExP#;X=Uv2-U>r2E3M<?r>ca
zRb}I42OrmlJvkJvoGN)v7daKkG$HFuaB{92Hx=upd?*JAeu4(|rW+#OjCE6P_I>6B
zFpbk?O>Ru6$p*7bNMfP_FH@QE)waAGmOxa3r3{tNTR-Gy&r2$5w7k@b*~`@7@lDjB
z(}p&Ev`!Ve13NngM%N|g)~Z18)XCilbv8Z(JlHR93P{X79n_?6eJ~Pq880U;rHQ3H
zH6>UtS5~(^6m?VdS*@&X4~7M3+fat<8^6_0QNpE6#Z!}Y>&TCgk|MB)*GFWEX`(b}
z9bVSEWqN0R>O8f5U|)g{0j>ZaUj(Kha?2*~q|e&7h<)4X^=|b*3OtG+ii5(7h#MxV
zBV0giLh;?PbYvj{?2pN_6j(JDT0;;OvUU(NP-br$=3^ZDA>@?|{x+=AyCd9rV=02=
z<x`&f&WUF^GZ+J3`@4bGfO57jibHk1sPj|lQ1}YH_dgN}Y~>+Y2by7*fI<(0z6xdq
zt3#Zpulo=r?x<V0PEd*)%ZV@tu57p^&a9R+>;c(m!{Q;v_0E2qrbw#kIzHU=#MPA4
zE@O}?VRz@wJWFF<PUn|=3r4qt{RycudqUQSk2_T3jD<0bx&FBp$h0am3?5Nib|7a9
zkgkoJ#%@ChGBzL;+kGeQlN7dDUYeA;o6UCTjVhXEJngoRXVXYK`da?R-Cz3roz=eX
zKN4=vr`nwDCAVG-KHZmdII6FC?2gAJ^n5M>7+XM4D<I?B<^k4~8Ya9f-7_&{_!7^^
ze#injJ>mMp)-GyQ@)azrRop0hjVryOIH#^6Um!hp?Pg=1(T`nsY5zh2!#~Sv@5|+g
zKk!=2zSV_7-R8cCFkK`qKWYJLTjY4|reR+blrGbn6I_h(N@Y3H(<Va-k6Y3i1cWWO
zLapClO9LUh>`o5F%}*X=v#!ur>s;b`=n!NrsC#z$p-?DddS;Lg3Z81R_^)<5Ee~C7
zeQT8XbhF=5*Wp-k`ykVruH+S#srSGOjbKrNh_Hy`QvxJdZZ=?fDL`XQc2==GI6+h9
zp?#InaxO>kOL){dxJsxyn7k9N$T!)z5LSP1U06;PI=}K>Atepyxx@I?$03$|JLijR
zigb;9h=hxbj+CQmqH(2ppn;=_rjg^D&E|#il}ll9ahW3ajW*PDS&egzcjdz45}4gK
z?sOf&8}Q>cD)~^{5Ax&*bCLLg;|iw;S7C$pvs5xBqL$S~utAkHpO}mKmspQ}Be)EP
z<!`5GuPq9Rtj;{bafue+hOU8?p|q9_p7oBwj&bjWiaHOGE%a+g27<e-3$iVJP#ms+
zfz@p34WR@X&X}LUv4(-Q!K<18yReGj%O*)PYp5ac$cFR=Nwr?8yGE>uixL9tV%QIa
zeYdelpWI%=J45{#4!fsB)Y%I$6<bd}=)$$Z@oww;G1e0G;<nC<gS-@5pP3cttbCkN
za8P|e7xkZ9FW<Ma1yAdIG8HO{0S6V^3e3Ui2?{AhjfHPPXSwd`hp!si{hlvmu3}-4
zlAekZNL2Yal3XJN8dkDCCZ?Ez*Gj?7am23{B!>%TjTO>Ub&RSOhIn-&7c!9CRopA;
zh!?amA-0fOi3JOe)=6Zqoc#;pq$51cO%2K&ZbxZRt0-o_R?3<+ZJbO4tWQ7WLp|Li
z?7k15aOhgEV(8_Pt>Rezk<96Hq4{mcYwy8G%o!?H^-Hc^CX;-f^flft{A9S_0Z0ha
zW8f&9z*It3{PKGj0mA6~DI3#PtgsS#R$fv<3M}IQqd>FgZ?nX_=~JyLH$otqP~v{h
zal~jdG|HSFRLoBP9F|C1VlF@wN!rpLf#2&dj7b{80_l@uRRND<I1av2;ivTcL*3+a
z`gNDl(v2Km@8ye#x|f!Tp10-5N+@IR`Qjvc^}Nq?5qA|fKJS-Vj$5t(Rom!<>7O1>
zk!Cj8Y_|Jx-);Vwj`RISpT<FfGFg4#0-$A}Gqhj74GU=>lJ=0k^y`j9FV`;S^IEu?
zVY*N{17WZ@$U#(>9KYt1agRB3`MY=+zT2{%GKJ~<qBolj((T2fRbn3-D*nMNL{oCU
zzse|t<EXSCKPy*;q78s|>=+?YM0XE|`r7c5U8n^$DoZdjPsI(tr{na#F04#fl03Uu
zX^AR1wPd!E2O2tpj~|0ycjXmSBSygQdd;8U0t>}1zECcM%TF*LThVjX$I7a%0s!WI
zkCn`fNgHw;8&ULeg7Rf)qb{=<ca55`ox9rHEm>2-pkkn*70ZVmwkO$ITbroVxx!8`
zBhkFF2T6AS9!q9N=r~Hh;`6?!BkFs-P9SIH7sR&fHFExp=D2@1IbtNpGOrHxJOX={
zlk8MjCApui(kbZ(9&uCu8RGlX$~kfHf>XlU9jk8B)ZcOq`d$K1EkpyP9vXc#rUBgQ
z#Ajz!{<^~5JE;a_hf~D#3Xzc2>(aormeu^eIq~RT;tsND<9S-#-1GAn@99w3<_h1q
zgyx{wq~EqBf#t*H4VjM=fx`A9m8_vkT7Rhq{H99@vn}ULY_aJk(<T&NjWQgh?%Eev
zR_SbYiL@$x6^7gF>3l^z*Dl$8rd!sk<$4&R+emaKfPq0d3bNSDr_+R8Q}%wcQ=G=4
zZ{#@I&ty*PJv{yS<t3vpJ+h7kwf9Y}+2sJ19?m$(>47xl?uZy6HFpJi?#f8Q0O)v(
zqswhKsDVr*wy)jnY9nLlX=9$n_u)eE@?fd^3P(adgXi<ewlMMXG5Gb^DF+nedBi@g
z$?&%DNqOELZBZ;SLc`$nw~Cd-L6jHsWaUu0%3!K|&6=GV8dKRfyv&lh45qRwQEr#C
z>xhPXco_2?5WPq_<C&Fx_DGv>98;JK9J;Ok)N9+EW78b<d<3&{Cflp)X0X~2`IpOp
zIieWqae6)s4glRCF#?t%u_7V1D|^bQ@i@x?)^FK@=mNQd33p965gU<<d0n<<Z13oX
z(IpdmC%Xk3M%zZcv(|++z=CC0pIgv7_i)x930MVb$SO$OoHGHZw}Ax;-+f7lK=zJd
z8+n3#hgCRW0sAzYwxNE_&Qp0xh$1@Qugyw;QDP-~2EL<S*k-o%JWsDNlUC)BP7uB<
zT-PSVI6_b;x<81LKPm(~xMXfh;&mO6*j|iYJ)s?C3&7Uo=Ve^<ir4L67kXxN@$&;~
z#4Ig6js&JTP8-)yVSF!;>;-)zP>7^wto{~QIgI3rguvLX=L!cG{^^7i!+Z5x;xtK?
z5vId7)gdOtyRd}J*N+)A?}dmF7+)R*?O3A(HOkS~Bg5(5(eR)#&%uM?`}t{XFHWO5
zqZ!Va10L_;#IuIs#B`yAE5~H5hO8nLE2~o2yrw259c>m53Gjg8`?=qvj=l}cMziNw
zY<w4B;5@7u5=92EUCQQE7l2eh6Wr16IVL}iRhJevYRo_C0`G3LJgDA1B|UA#=7YuM
zzdjCQrA3_HDrhy|;<`JQ?6(>ND*s%$caSell=L79|IlvvddGmer#++FBWAuA;76_u
zH_sfaMoKFSBM(-h0GKnO4GaDF&M;_&hycTiZp?b(r_=onL&<Mhv`thkOn#V21#;1H
z*K#C$aR!%|ZiG-6h{1{Y)fXi}O5rn1&FqEuv*6Bk;#B$YyssjtgsQ;jHtg^>Evu_I
zaf465ag#%tiBw9B1O(r3f0S1dybQ#H20R_zc3}vR(73hc%P+w5{++8s8K8c=H*>bP
zj*-Lz4(o8<L@QlnoaXQxVys0=E>RXMMI7<N^rb)dt}1PzfXk)Q2M^4mu~S&NWAknQ
z&Tx*U^vixQ6HsVqh<=lvyZ#up_P`pJoy-7C6fe$jqWL0UlGqn!)5wZlZa`%<LAxDA
z+7KEdHABk6n^mTfK4AbP`5H$0eMFMgB9Y&FqZyXpuz)Orymi57Rg8*`s6%z2|Kx{Z
zfom&^6-PR7y5$Qz3#*tl>SU$akKXt`il}t0DscKH4Y$=)=d~u<38>%}A-sU7wMo{n
z5afQ-0H7?*abZQZnTMde2dyeF3?n&tUALnR1E+aL4v)*7z`rgCJ4+@a>Oq0rqgM@j
zk&kEpb)jf}bw?><lAgj@uO%kLv+uldUM?zNOG<5xN~?PtBFZ$*g?*{Pq4{Z>avP92
zU66PUS_5-7GDW#<HBPx53cIB8(l*=cpKp|+SmWMb#Gaw6cU1qzjh+my#{g@`THx+R
z5k*o&0L?|zYcW6non~x0h2=R;&j6uyH@|d@(1sM05|_2UmeB*$p!%r9$dZ|2a<>?6
z(ow{J)zBobG?(yKU)X(psw{si<(cw;@Wf$oG%YP;CsAnuA(~7=n<YE}oxoWTP~`fc
zu%e=3V!h%J_>d70ebed%G)qc~v6-Rg4x9*{7*^NsIb2}ra3bJuwO*67s9&#7vIb4B
zT4>S=wNjQd6OI|u3rzR--}Pmn6bq~s>9D5d9F61$V`hT`v-glihUPo&hnn7SbzS@-
z9S~DY0#?L#9{5d1Ys2aBJ2%GhE4j3hM{$-fB&OeL&83)We#{N#1B(IZF*KMR6j{~b
zaHe!dzwyA(0AD+tJPxYR$|cJ=A1DbY9tr!?tY?o~XlZh>2O*pux^n;iCoNHPVip?~
z6fiiDTg0UW%wLg;S;qL3*Ny)s>cw$AYDhnx&WZaw+BU90{`&t7dq77lEh9wL-(40;
z__uN$t0w=XqM)gj7BCpt-6nWcaU?_P-%LWk_y8Of8#Ul~!rD$zd}(dCJ*KI|P6EGN
zQWJDW4T{Q310W(&-=MLi(_5EL?1*@UfCB#kW)&MQH%v&)VB_oUHw$n_cIhDc@(FDg
z*SHK{lMx-HUkn(V``0^tDrepg^mNiZdv{;&vf#O%++w|^^eDnV9Xp@)40o92{yvZv
zdfj+*VD7j&Sgqv*#UZsXpOsM)GNt)FlyRpe`lbV{nh|O+(|K9nr}Luj?9?5@?fn~{
z%nr0CdK46%Xi_{#l!HI-_SO@w;qORTA;)r{tDOkp)*^BWj#(h+Cygy=;MDg|Q7r1g
z?@~mxoe3|_2oiD3NNdQvzhij;ADM$N%m1jrfwJ3WspTlmD}#rA&nYs|{GEPCwXs;e
z(+f=5k#GBuZg^K1Z96$|U}+m&5juLjSfi~xtJdR^`nKPC8ZEP)h#J@8{~g`DndbJE
zq0j+VZEP1+J}&KAdKWi+qDE@hM;sg2^SK<gI^ceO(ajizgFnQW)S*C`6PTuvF~pfN
zgQduUpCsBp3Riv?n-uv^4-w<^ECDx34ojwzB=I$)&Ora?h=aJ)9qT|7?6nc6tPg3p
zoy@K@0h-QfK_HE<%3td_32^m4l8(OO-mo@cHHNKBBpb4hE>HtxS{PcR4m>;TDw7Tp
z;$9Rq5>(qsNLQww!%Q2~a|bNEG$eAApwot@ps>^Ct!cXhSn^b{O<0%9W(%eh-#E&B
z%LHv5Y9y>@xK$KBDG=p%UJXZ<a}O=hgKdCXV14LztOF7&W;;r;-lBct2u9WK=AWH`
zl8cScH7~?xz#BW+;!-{&!q`2`iY;(e)&yart%YOzdDXz?_>fgPqR?~E;`GE>h|p|@
zxhcDnLS&6zw6F?ozrd)_gvB6ZmZ8VI-?ZUhmh;?>tb@%-3b%k9uw*Pja3b4J5$jQn
zux9~?+!>3t5NB%V+z3`H-wtcS>P;v+z{hMs#OQ*o16Xm0YP3=^ull~FBAGA_t88Pk
zMl}UJHlWRoeP<{_rYiuhk}l%I@S!109I6g;Yc6>evz#6LGxx@@?u=9r2Akl4a$lMj
zvczHqdsUz$FH>H^Tw%&L$X@%Qv@Q1i5nyv~G2+FZ9$k6iddidrY@5GeY4ozh_$S8v
z1xGVN{0~7HW>X3iWr<c{agwG7Pw@9YO~n$9xdg1)cS<M+HWJ_)n;Ujl%Ns-vuWg_k
z`$3#lbbt!#oF>6doH{6J4XE85lRE=3ZDrrz6X2@RwwH2r)(1@BB;pe`n)CH`#@73s
z=oHh|I^ErE-E#QM4P|*%MO}yat|H1pv>%FX7K0;9cY$cp_34V)3v)|rb80>C(zJ0j
z>3LDbhcrt~B8r#Mwm8@+Xd~n(s*BMW;|<z4%e1+kQx)4Q^?q3!8}*%KLUtCGn=9hK
zM;f1z08WYgL$C?QiyST0aV5(&mKK&8;CaW*l^P@p`aP9dON|C%${ib-np0wQws(WY
zMU!%HGw~|XamC=&N$c86Eo`h~jUpJ!Eo@`w%e2-u3Cpv76B>j$%L_BD#eaqBwpJ)P
zs`b`dZ8Z0p+ccq)QrMa~8rhoW;On`Q*{Un-t?U>Kyb6EL`j9(_qU|R<-fP4FUlqN5
zieTZV#4E&4ANHD0+K`&2qL?%5Sq9-!3&6h%l?S|iep<oJ|6m*X5iulq>f33u<u8}!
zd8t=h)ZYtNz%eSWNjV5;^<mr**6~Xrr&$<>JB{%Y9?m`p%}3e!#?eTVjJ7s?=%}f?
zFLJ9#KWFQVu1Ov0d>=F=3}Na|x8oMT0~RA8(@GdD15^XH3~YzdDzXz3FfT|GM5_j|
z406TqKw$x!0swD6h*OCl_9S9p!=lZ^@dc)biV1RS&r{<_hqHrf&FI^NlpmOzjYD@(
z599&6VvYRid{wO-nRj_reZE@YZR(8ldx>TX&@{2`>lb~O$))ZopPfgFQ$mWPnGc2`
ztCH<GkXS<3QX0hnP@F%2Mn46fRoE;^BPbg~2s2cBv)#v~2!gxIS{BD?em?aRebYUB
zAL;0uM&$T+O3%~*U2<#1kZjUX3<Ld;k>i6zWD$ASj4H7w)l8W!k&a$Gkm2~J9lw;$
z$ZApw%1PklpbmtuQ7h5s3oI`p-|LHe<=%VH7}ugm)av9Q)4K_Ih1kl_`}4roANd7_
zO%JQkgNsx61LQmLk5IdJtlW@J@D=R?I*T<LU1RCUM;21GRAJ#Zs=-SIB6f8}h8N>y
z4v~O@e8#z6MaVWA4RBQFRoym{fOlS9Q@K37JHHlOn9EX3Aw4lDhuTCS%7BEvNnmxz
zYP3v<+GSvGJXim9css~eFwPxje`L<IPM|9?hnfPUoxPnS|M_3Wy5Hp(xYp3JFv}g{
zw-b&H@bHNl61MA(WezkSed6De`EtU{5wjWM%sT>!R1Ez+z&uGkq;F`0Jp$f}d4|!Y
z)ig$la&^BM{EfAtj}F+Kg%gfTw7w%b#OC{m(0w5K(t*LzkN#|gJjh1MZf4Y2c@T(1
zs_+;dNJgNi(I+t}Uawc(ogzZ7`6_=!#I7TVUdnL2b}UBd{7D?30>XA1G6Pgm3_9Sb
zz>^Dbf8Z0cr>pT%nCP@F=y5c3C#LVGM!9nU!J<ec1^Qx+KcOYIubS$9{NFFGJZvod
zO80@TJdoWd2JjGeV#GHb!LL@Lc*Y!tLt05fc|cl8!g=;u_X+V~3Qu}(vxT<iS|Q!P
z0C?HGc$cjt5j;+g67W}Xx2YZsQ0|kIX0cQkv${ed@Y%<*K$pfuhPf7)9{jM}yNJC7
zJHI9{!bF{#f34sYPG4NTIRW$;t4qNLkFiFcVPOYYPB=O7Ax^Li3e0ok%yWTYdjF0K
zJcuXoR#Hy5!l}^E?TK9Qe^MyZs|$4n<AA-C$<T|m@XKnCeu;7Iq+eygJZOKE#bN%F
z8-sk;BN;W$XwK#82&ftC_QHT!a)=OP6ShvXX-Us!?KSE2yhc`1J&%MVKBMf6d|i1u
zqoW&mG5Y!<0v}eD^A?YC1oU`U2^G+GgB!V)_5&5#;<Nz_e1u_Fa{;Y1&?dS1q;>|_
zrnv1fv>PfD)))DN%-;`}6VprN>d;aBgzekQ;nqw=z`5`=#-kO{!Kej8=rC{^*(L!d
zj@KS|vI~po#wJ>OApc`1J%TJu6?AR5IN4sm+YNv&&vRBR@AUiDLGRr6PQ0-V9BKp|
zOloDN=zPz|P;o&NBj|L5Xgq9#B=JDRITY+Bhuu`YPGWx9PTfj$^T+}Kv12MGx`<Ko
z2?m~4hT2?ulX#V0#iCVXXR<~7l28wK#Oz_G$iQPfD{lzz0GY6%)pno(9k4Zt;W4$;
z;oHwvX2(`wRr(|p^J59GI=`#@V8pa=lxAs_HUlFgo6351*(sT*pQ_}8To@|XL(j$7
z-{j(KyD;fWuK-fmjR1wurbWNtI@j?p*dcEH;ZQpEfuk+uQ{p<ghD?e42SqMDILnrV
z7sRe63QCLmRLvFk!-}yciZ!wrtO7Z3jqF?S2TbMrvy6||*und={k@`c*B5J}CzClg
z)ER|*c|qlIk2)EC^w~ZRUgOxFHVfU%G97+&E%(=z9holuL6{5IJ@BaucjEZm;hD>)
zg0cC`mk1c(_9vC==7MPlr23LU;t4)`YqA*jN}{bS#la3hiK_SjktX1>Dz0!CP;no5
z;i$v_P@eXScqhN~PLOIYLg(h>_x#k~a@G^i@;Bjp5*4P8^roNm;+x9sp9^ETwLEq=
zTZSy&K9)5WbIV+1QyZzpi7BNfv`r$J!&2nRmo~@s{0xT$ucwb^n<kZsjY?;E2n#F|
z05X2FkHj5_V^8jZb$G4)?oM(-^!n$p`6o}FOMMZ;BN`8a0KNSzJ@L^wlBrCV8#B!c
z2_&U9_oU>`)RCrv#C?XTc6E2|$52Mhgn(1kxK6=owt+G%d%sS0n*_V!BV)?XHra{8
zRs3nOXO*0(2GG4{`@ju5>M<hO_1eXUtfAXu9R9E>yWiDKAw}bSim*9+^LT1uF>?mI
zm<3=2bcrzzv7AI~*OhkGG@CG|m>bisVVF|bC55Mc`7b1)5Y?oBz~gE0w;G7_@eA;1
z6k+m<z0Ke*zgNR-)ruWBN6Cx!8>)!c_v6?NPpBztmoX=({A;v7R&2l@z8}hlF9J|%
z9yG2Ubba873=NMaY614aX)96IFfcT4RpGvv2DDg8I)jMzJU#2M*tpKK2`Zh)O_ITr
zvB4sH`J|=;Mp&i*Wc=im`EN)2Briq0!7}`Ee!y-(Za|OF7fHO03R7%tMpjLr%F6I%
zYQEA<#O3yJ`e}Dr1piy=f%$&{_Wr^WMNOTJoh%((?4AAto+xi<Yf8u<<YZ}RBd79J
zWMgRVOvnn&AmnWPMK2`eVq~Ld=3rs{D*0>qw}_ePFD8+dk^L{|(9~9qkd=*|lZ%s;
z<%<a?V(1`gYH4oaLde0yPX9&SXXAoqkoqFbSsDx3ncJBDg(3d+Liiv2A{{$BD?J+<
zBL^oT9SbunJqIHPBMTujBO~J%agl}VKdQc<d4DawXmh5_g#X~^{(>L>Q$~{cFQo5(
zQ1Sk@{SS+OM@sllD!yQQ!iLVKe;fR_fR$a1Ts$4VQXnEF`nT#Yhw+QT_w`A|UP4M#
z&d}itNNMsFx222cKgG(P&R<bW*_qk@<xVP@np=J;TY3^w3Ypj&nNmSBC^(szI(<nq
z5K{h^*;k>mtAm4$sqNqNG5$qRs{dtAYICstRi<G4a*u<alZBa)MVIhP7gL+%OSXXV
zD=AF>uK4%aR}-$k@vyP6(=)L#v#@@tG7z#d60)=ZRcT=Us$^yU>iNHVB;;WJt4+c2
zrQYzbtNe4#f7}1{;NR{4-Ou0he}7_UV*K*)>udhUnv0c%o|Bb>on7~<38D7??2M6+
zjge9JYXlH}X)ye|isP#x^S`|LkH|Uy73#m+eVP9&Hb%mKC*!Nr{}#i4Z}YdWznA<P
zDx&KDB>2CE$A42h`G4UGSy=vu$f)kGX}cgs*r97)v6%Hd5M(7SD555nB+iT2p+_KA
zCcL?CijoMO?}2hWmhpl2&KEv8j(g?&i^Wg0e(nWUy$#hIYkjO+nILWf*7o^{ESoev
z$bO46Yn1SSNnTG(tNCa}MMm@=!SkaXX?%G19s$Rce$LoB_SF}s6;>b|9M(S!fc7<!
zlgQ?0LNfHUUf1AzjcC^wxHF&pwt~}pqNZ0t_D8<B#|5FI&Coj5)re?P8e}w6hDk`6
z@7F#GswwimE$|IuBl2Gwaxg^_q;(>DSW3yrm*J$dX{Ex*kfdoOrkN*Eq*6o_;F?I6
zvzuqe?(Pp3#Bz*uo4-0xEPp|l&@dyTkdjN1k;n<T5>t=_+9)y>@HboEcwB=9Ewqxl
zrYXfO6crLC9sAh&(=z<<@<fVdD$j5>41Bh6a2cQR0*y^EmFQ5Rd&PJ&t5N&kYt!FR
z^naPQ|C)?{XW`dU@qd}GVs^&%CV!{bzh)(!<bSPACWc?@#Md1Di^2Sd-uX2kRP0sl
zEWb=l37P)^bN+knVEH?2{?m#7LR&I_EoA>cv?c481kC>s?C^#9LR+pqDf>>$&a-Sf
zo06yDCcy5d$3Z~_fRVsTAbukxY=;Viz`PPUKt&n^uko+Q^~kMRuBYv2=fsT!W>_-S
z<ki@G=mxe2Gv(7H<=g(PG9B!Hb@tIc?Y{l=v?}sh(O%wOk=>A8o(<az)Eh)7<Y93+
z;!Fs06PRRB=5^&+ch_EG-vd=sanpVq_#twRvBcnuUt<p%haj8D<_BNO2-NFEwUi>O
z!zu9Q?6`66(FH6>mCkEERw?wZp9ZqC6}D_#5|zUNDU1j_VjFh(K*fTgu$6$80U8%;
zo-$YVQ!~Y@`u$Gczuo&Ln@E`=TEPdtVab^9VcVA){aNRc56C!n$F-xZ;Yi=Bk^h;i
zmow{Is^{(C?K!?i$n@AH1mU-aA${)QyUgE=y&jceH<ePqhY>D6XGA=7Lzl<RV{_O}
zPm&HRZn=LN)2BJ#cD|G$)qXQL!&&f~+K_U#`$PJJLN5ob7El)zAe`B!oH%955eUof
z*`*VJM#O^l37r5QD~FC-Pq-_AxEp1B;<?K>sO&K^jYE<;@0LRt98gp$58}!901JEp
zCE#LUKWs}?8^CAkkB2H6QUHn@PF-4t?hptw3$ArWYLQEFwj=HmMDYOU(HnMhcoGDZ
zPY_s!LTTL(WI_T#1j&Tsr2OfRJ0b!r#BW58N_Zs1>56-ohgb&`fjBTj|G<XoL>p){
z_^naG1`-c3GSB#o#sVP=kw?&cFa}Z17b+_ktd1p-Sez*N4~TRwY#oe?7;T8tAm%Xh
zN%9}uc40CjE*FVPfBf*xT<Qlb6=60b_miJ1pjL<#oN5EBWj!JaCm|l__u`cS{AI=t
z?Dt|9;O|J@B6LQ$x5_7=pop*iT;cBqghoFw6aRo&88Yqxm5T5}h7!UD=am&Oewz}*
zg&jaTHvrp193){x6(@!dQVc)te+eJh1sO!TX;>I$L_R~B4uTj|WaM_moC;$K$LQ4<
z%;^gWf564r$zPCQ#2zAv+2ut4Kg7LtP+Y;b@SB9-?gW?M4#VK?9-QFr?oM!b_uv}b
z-6gm?1a}$S`6lPwd(J)YzWVC@_iCngb@kr8dP(n|slEHRnxcp=&^}h69fg8K=W~J*
zkpP*DAU^Ue3Z-2p%q%K86WJ}FjQ{u01byH(Ml+5*&6s2d^z0wB{v#%Ad#EwtOjvlu
zi(WeQP>zh9fod3gBs#J7&me+ScxjXa`%L5%GKL?8rNY%H$s`Q^d!Z?$gn<K>j{Tz?
z41P(WDSaxT(p$%KAJw52iFH0Mk}`yxDBAWVO$9!HQx7$Nsub6P?ULw#R3qs`RO>@b
z?SirqX~$Y1)qw`D`U<3I{$h_=A*_YiRIu^mWJ|SQxBD!Vz1yQ74^=mW%?^57qZu7U
z(F_kVY39DgtqAZ$vGwyrwGDbku?^5I(g|AChuHRbz}zONMg_?|I3Hs^FfIkUVZT6u
zY?_Hcg#9U7Iu8Wf-ql|~DVN0CP)qS1us#F!WLBatY*xZ+fe)lFP%gx8ScF3DMCqtR
z0$v||pt(`m`xyG6x3=c4V*`g!n(Wr#V#sU))<ajfkW0IIF1BF%2`<I^L;lEzj)(dN
zWmRL_W1k9p;be<=ea@ERg^uZ+4UMt)!oMRs7xTh;`!Gq$_i>WsEpCVK!Sa~#lG2UP
zp0WMMgQ**;JyCn&3bK6fXsCP-ZK!--dFW)fWvQtif4koUcJyR#M(AXZW@+(OmE8xB
ztsM%;og?t!Q+t93oKB!Cs;>V%if-^ds;(chqI_@pCCRp>9S+F(0SAQG?|n&uFX{!)
zC+L;2^N}O@i4{Mvi;U2JQpt0RAo`*gJM^L_CG?_CEtII+z8@L&{WDPyY=7S+;`R`J
zjDWNSGXCBJYyk?tF#-r@n`rAoM&u=O=Rij2#ebxf@{hEM=u7xAN|%XC|Bj60>&Leq
z{7}l&@CQUk(rhCQ3-)>@g6Ti01~wv@Kh3auW<!SEXmYWO9LjofFVQV`$qq}+O<+u_
z&q(~f$3HPSuTukpzhq4fT|M?M88>3w6-WQR_gBJ6eNwmT=7g9cYT#59FNDja1^zUt
z6dKhsvYMD%nkhEY0TxCa6wZEe)A7gR-5P7D90#HKyuFfzxztf)Z3dDB03W%hijAW+
zr;$_1G<#+<m|e?myZDg)91yyt@D2vr&TB^z30OXmT^TYx?V(<sT%D+^#=I30KC5pO
zoz>xo{g$4l)Cul<WN9DesodrHq{ALjY*}MPfAvV%oWvVbH|%w@mLbPGh9;<)5p5k3
z8zX+whWxAn#riGVCYPXDw7cb4>gFuvMS!O3r1|4Pq^4dIC=~SNE?dCYr{xm!82X1&
zE9Ak70tbZLP#kiN9BXTyF|Wh1syTl%{eA2N&W|@M=n1k!pyAVH7k?}U4!WjE1D(t(
zPlM2#gpas~3>PUyfmLQ)rNGFBA77$_WvpgK=es#S!M{K65HXk>F&mMzspX0p_Qp#i
z+kMTx9}t+1_rx;es(L5Y`L5q^7r)-(Y;6S5j+<8#sQFmOaNBqCg`!Fl47&Aw*gnur
z!eMRIpBr`zK_pOQcbn>Vgt|FdrQB#+TxK)9t*AVn?x@uibziJiH&2N-JCGybu4lBt
zrlvu_-aXh0cBl>Tqx+kz?j(J*lnbM6+#-%#LGN3y|A=1K)5_7vsZW$7+YEnRNWyWo
zp|GLkWgr~cxt(Z5u5>GSDK<rqX37m>)#fKqS#SZlhe?9IWR3cJ1&S>pF5DtTp}`CG
z7aqR2Q;ynBro1i;i(j_gp7ETo$MEpNlDRnVh`lr~>~3BhadRPt?)t-YUlIeiZk>R|
zNGkdy%9udn=nDCLQwBWTPRm$s=F27TL8g!z3h#*Y^(tR9FHHg7#LxU}+^RvjX0o-0
z7|?l!(fo)8lKaneBkhv=MB&1G9q_GZ0`snyKY`4=iW#ZF__BcP?IY%d{GhEOyV+q6
zS4fk`pC|FpVsp0kRIjA36x8Y;+CMZ>A<@}?`^aZ7fmL*8z(ZEjz}p0)=Scd@16b4G
zDyG~i$7M!8it*~hy(mrJpF5woF8^RVy4!9tfiE&M1I|AJjhdYt86)3Yc9|T%E?b`A
zoH~W0f*#lZP;)D3&jVcgWMF?br!cbCx|Lr8)7D#OZ;{%+o&y2PsKw2;7PvUqh{`;Z
z6X>JiZg5;6rii|Pa}?uz=X1M=agIdJo4P=;K3#yG!O7^!{uMY6RUC9wTY8jkcSVSA
zld&Qsr0h?O)KLob@7U_ID846;>(>|<Y_R|44^P<%-j%k+tJg{Cez0l+{FXQ&Te*uy
z<mji@rJRppdQ#Zn5n%UdCv0rxXsbvifuppX)4Zf=Yvt(mr~psldCRNa)5-g6PU5T-
zDb8*zbii~&Q$2ModL~L%wgJ!&g2nIPG^*fW^QjH{mbm5iM81>n_9?#^p?c`y;SKR9
z&naNq32z>7XKO|U*o&4;SlG7Qosnn`%QmBzd&=|JBCJ?lFD$Sz^0t0QDdwZTDd&GS
zV{*c{cJ9-R_>Qs)7>Ev*A)L>`F2&Qg=$S(RM6)2On<eo8Wt$G<*NG6$hF*RQ{}?PP
z`WSclqiC=QG+w%gPO8s4Q!lELu|Ee4ZrNj{+iajo#IJ58DP@;4=2aLju!Rs?Anza>
zjCF$wERJT+61|YnS1FlVk2Pm~$x$gjLtrDk%|5M=<o7pJnkEbCg&6Jt<g3Au-_o!s
z;g3Atnn9ztOgIQUb08BDl1iiEg<BS9rI?^t7;5MbUqnfyYzxD|j|8i-4e5W<`I-__
z!d}(KL{g8rT|@P|GS0%q)Z*npY5Yn?_T(%IHBqJdy!~SOsPSoSH`=Xto_WIe+y;GQ
zJwJAEM@3RoMPqHl=hi?%;vg_qf|ES_yqw}o=oMZV<so^-jl@HXgklWEp3iNYFdL%&
zdenK8eukeyE$&U;q-eI$E_Y8c<#*Y5V+GEijC%~)2+I1#<yV208Mw16^T`!ApJP*>
z*6a20c>Q;S#_nw71F5`%+v@9!83+X$F=zmq2sRR}!$g$Y;v9e6gkO*Q4!x%|#4lx<
zfjmipSqSWR2R1)R<{FzhoqyKwxA5Y#u)!A2<4zl$9kt%|v3YS?JS3Il73H~5?qtRJ
z+mXAB{xVkfPM226t;bZ*4G2w~J<)7QHNUn#Ux?y5D;sw-7ozGvE>m44Qpv$b8Rz-k
z&PR!B;mLU!c`TS_As`pH9uQi}@va;sM=Sg|I8J&)CM}#Y?L}JMsY!aef~vWFx^gYH
zxP!3hT8xC!>7x9q>IeIZ`wX-)54pYN?!!R<Df&s3#xnFeeRM|1X;!HQ-Q{N4|JZ9+
z-G+SeFkpqyF&Rx{PF<o)HEvy2@Z3<q|6CC_mhM*65NHgnv*Kjj8Nwod+6l*R8aT68
zv4hK{j|^`#7-4|YGp&|2mcv@{ca7Q|7`J-F^5ijURF9_L-iN8;eOF#Qh^gEx`m`~K
z%6%*iUF*ro;>EFocE?Onnt;OGE*0#Ujlg!aTbY2U;9!0cN0b?CQCpa*&D~BfYnag4
z8fPdZxiAIEN$ih^ap}*N^a(M4viIhIl(5Q#FGd*NTb&wj%;b9V*Qulaih0gv)>9~J
zKjQ#n;g=a&2k{rHMwn!}(XTIn*`bvIkBnQOrrIj^oz%<ex5}Z()!(Z~*gg|dzS-YA
zOS>F`v+%TB7OU8_@d~Zy9dCS|1n>3k<>U)Z>kgXlxi0i|J8a9}wcf?QW53>P<?Owy
z<!F9<h;Hywt4q|R(<+$vf+fMzP3Czp9uG+DbO8NWvo*<F%l-0Oq`m(7&IzU(RX~H9
zQ6#HYNN!EvIPY^F-70zL*}d}6o#Bk9?_w>SYi?Wfly<X%*U2uDzWAt~`&L*{Mxp*g
z;905sl7>4kpJ2cSsG15+N=q@`@GB#_p1B_mI^^`@A57IE%|6whmCPr*j9HdB+=vMR
z*UO+5=<@PhR}2ULCtVL$dP4(|8?1(^(}j*ad~89i#$nH>;?8>coEZl1=iet?oFw1n
zBEwS@1*yLeF%B#S?X}y|ifr@A(tzI~?99}~(@DBald6lNdZ?W;nlcv{<MVA22nvzf
zELbCYI!3i`9QF|wCvY^cERk#dn5-4faZ_F(u%aR>K}!`4toB;!MS|e40?xC{6>*~=
zMI?sS9QK%D5cysf225p`;b2GA!ZbUp`VmKJSn>?CZd#qPxzxb=t5nx54@&h}aFk5a
z(ed;@<F}*Jl^U*A3wN7ypLfe3b6<S#KiO0g53$Di(4RHeFy2EKV$3mCqQ>qLZD@A3
zwz~3YyI4zOcrgyswj^{%{tVr=roMXRJj!2kfi!5Z3UNVtVX@;rPg)K|(LeADEig{#
zFm%1!f#iIGkP1+YWZTCg<*HYMlCa#Y4!|8>CW`WZQ<?BNcGarE0oA5^V$r!RUe=J!
z^+lZqR;#G{^X?8h`(-WKF~}k5SHQ3i8tfSC5Ca*)@3B;|;50Qi(88C(XpcHMOZ%)i
zco31=ClQl(aV}Sg0GQPK{gsS@Vmsb`!0;<zsYr$GW<_UV;p<aU@?GIUdj#B@e>=QZ
zEVe7xuc>}8Ve6>z9mPFJrd+Qk-;=gAc`JU3T!Yp#jF%=58|Vfdm8QJl4e~EN^OR)t
zY)f`lWw*fWu!KJftNYL|e5HDbzy^Bpx^RX|PTtkVW(?#}<G8pBw)>`Fl+xbWV?038
znoEk)*AFq@Tsy)UuI*74v)!BHOp8e>%Fv^+OfZzg_~4!D8uljSt8d(-BNU^PN9D{_
zTvKLsIw>Y%aiOc|J9@f7Fwx=EUw|nLA6P6`dCcLmKBhmrO;TEN5y-cdIpY>$)a6J+
zvBq)!QZ%}MgU`{Dn|mO85UJf^1<sP2Kq=p6&nW3leBN*G>fZw5`@Xp6wi?!$M~bI~
zy;xsD&mCgUIYzR-`}x}c1aHN?U1#zMs!DC7&ZUXD`lzv5wmt%wK}vgqw|k0Uj;+mM
zgAa;Raw`kP)0|LXSHvsf3!fu(j>|(z`i{BR5h&Hcr1%}x#g&#$=$I4KdOC?ckQGq5
z!e;uu&4#>4|Mq<>weAoN*z<7OSYGMrbhA=AKbR|+5>u(y6xsD0uhSRrxQd*KZ@OHb
zdKNL_8be3aVHFD6fEiiH_d#_BRPrifS;&7VOf>e}#fhl&h&NQO(!SwW|2Y5<w3H(t
zNh(TI)`&26OzQl47VTf4YfTXMK+uXMU2K3!qmAF8xS61-IWPYMTJe>ha&P<_l4;*W
zbET7>6el`Kf4x=F=p&B#09y#0u)_`#4sK*Q6CmREF%ubN%`j}<x(;(ePo?v1*u24Q
zER^hAzX70)1W^Gt{D!oL8Y?KGPZ&46r}T)hrKqU>SwI@qhYJcSc^~l<hZ~3cu(UFI
zz)8ly4=$9%{7DBRzBFmRN1ZNf`aU(S(pZ5D2lgt@o+(<C4mEE*pdOm0H9zRV8*^`+
z)|m<+Kg6&1iqJ=zE8<XCGC~xqi!lP%IYD(aK&SP5k%))o5=|S;O4=~OWJAx2DVtdb
z$Y7dMeOyKKk~M9xW_4pYS@*>X!}D}!v%T~6YPDF)?h&_fE1~$DzdtXa+`)I@s_g1?
zOM7f|5I1U&&#=pWe0UVPE@Vjr!2;<EYg7n7b2g^7IH8u?+2Ulo2$z7Z8SkOmFAhpx
zY(~NIrthiR;tO!VwrxG6Vrg`8mBiHFsSGUZMy=qK4IKQ|#gXB?f4)FV7N$Ee6l=#B
zg;?}GN=JFtLX{;q%c6gyvBU+8ld>!ql_DwFEoU7<VU3(B>ap-Ko|AG4$C5SgrM7)?
zwqD}^Acqck<bU)dT+6>0ncj>PyVs+J^~=SOfLT1<I9ut^?1B>9=*ZZz4nnQ@7Fi8f
zwbUuxZ-8k$S-Gll-m;~i`?}wT%!MDn?UnJ1&1CdMeuG$M?84KfV6SV~RXg<wWuON0
z#m-Z!TxE$^FF>>iGL>c}Oa#-NIDVTN=~79Mf9&~Hr>Ct*@X{Y*l@nhs!%;Rs_LKM*
z<^pzy8PqBIVdQoH{Q|}$=dn?M_-~zh+O(pun1>q<294=K+XBaFI9Eu@WGcu^VY;|_
zRmhh!GSS3eR2L+_I-g5G*gIk_*eADR^Czy})~BYBL>&%l<5Ua%+ZEZ?T$ZblgGf7}
z_PuVkal7v@zq`~l-kJti140E^aS4_d0e^ZI8;d^n;m7BRkR@4hD4Lhnao$2cewK+*
z2=qTvJ38qD5d-bH)?G;F<qB5l)eUr^=3qvd*h-k?&5vc!<r2kbmsN*^=6X30N_$1h
z4l9Y%;feIigQ_B#2iF<f`yJFLlL@Y#k~Iw5n5D5gTOjk@x~4uBh9-us#<4(;g}K%d
z^I}EHFNloNg?D2VjFJsgF%-!4qD+}9n03P;s^@;B9aT@~l98YK;U3OL$NI-19f#JS
z=EkhW5;_q>E&=ELakjX*V}PQ4<|<RqoRb70WpUF)#D*=gKAAv}el&R8o|{T0A@)M6
zYeMK14r&4LIRH3pmb6c02lJb{1Mc%nYu`sSdu39WnV<S!%62FL>QXzR>bv(La*JGw
z9F-nVM;a+b)MCstX~$|?rTb1Fo9ebBvAJb$*Kjf<#C4dX^JiPaU&C*?z3%tr-)wmL
zuDaIh`<F(MWSb*@nLse9w)+lOE>r#58D!oW@v%CyE~+S)Y_7l>f?k=DT%xN*G#=oo
z6-TAdBM616&Lq8oLx>DT*e980DwfT|LTiXE393hU9kGwk$y`w7bdj<;RHBM-2^JSK
zGwGHFc?R7q7bR!PW(3}|!*-daMI1Lssejn#`0g)0{e+}G_$`FV;ykK`ysN{X9BAFE
z0o6GdB81^cGZqeQ7B`k^A`a4^1EN|>-EfJd`7dhW<{%j92|z&s<ucK}YRhP17Ezk*
zt6-$eTH}UMQ->SMavCET<6j$ZLpQYvg?3&&E3CKaUQSR5N_@G1WOvb13qP4nuK6fV
z**9;`ozP5w39_2yY>O^jc8RQuQiPW0Un{!2=>~GkyAB0N^$2`#^oh8q8~2pqk64uy
za?l)=%;0Le*(mBDUL8QB?~xVK((&yjo(#MrdB-{n$V;HzdHf?7v)fQ&HZ+qqVO+}3
zYv#-Kp%_5eS61CM#`y5MjJuvYO#nX7V@kS<)CS+I^dnfZ^x?S{QO0Xh+7PH~9Kb^M
zxh<#%SO#}ipl9e;0ChNw+9%s>3H4j;d4?AZ9?e{enTOownio@PQt;X$t3cOOCxb6^
zDbDiGdZp;Ug+C&%;amW^dp}2&#=}|SDyv}d<Uy#2)yF5ROG;N1kS`Q^c=$<}^W=<W
zP)$4M{0`L+n`6mKrbnN->b`+zKo;B{O)%3;FcW6d&TqNKNy75S7#IBf$~eFpRI*=j
z^oq3;AWtM~<1;J)_ekFi;JzGV9hBT!Pd;<4(r+;@b0Je{nfgc=eP1!3isQ;Gt5=3U
z+_Zc(J!~zNO=c?_AZ#SneNOSTCX$nJXxTK^p{|$0OkuQ*0LQU?=FXsIC++wxp=HbI
z_xplT0PuPlI2$ZyWEGmIPQrqWHt@7@*et*~fK?NqwTn{D<n1<vaMPMha*II5jX)|j
zAQ4zc(($2(il=*xN8)0EkMwNAwW3-rr&WEH;;uW$mGN+OuN^XAMJ0LQN~5uT)pM{q
z-g&XELFFJBTH`!^aR}GetU{A3cY*dOt85}H?4SYP)^{TDp`A7^eV`P1py}HV?Ut>*
zuQoZJ)^8|`x;IX%A34tO+XYi;U!%>%Z8Deu85|BDP1ckx89`W*J(Zjf1t`J9xq3XI
zV~A3RUa@`JZ5j&zr`up5a?$<<QUfPc=2o-P#Zjq}iooCCgHdVLT7npsk*SL(vI*;1
zN=EQVHDGh>NPe^L0B$8~DTZ@5ikl!yG;GN2reqA;y+D)3i3-ykq^dtb#IS4Li874+
z>UFC`L&wl+wsOPZx~9YIF~aH0Z+mLrb8Nk%gX24p<2ly()3bQ%`ZyRU%lq7Zl0k`0
zUKD-O!roOe#cFFZ2|sZ(TlrcIkByj9z27?%E`9>BE|xuS=(edda3(I>>Gg1vG3es(
z03XYm^^I1A@PaOaTLd|Q9tTo=_}Lz^r({<ov+B^;E?4RFxnj&{nF7W0vq6kNBua7^
z02H344W&@OdRotrd*n$A6);`W<}9^GXZVz>SCN>3?QXT=`*S3CUuHhFdL)&qlMJ2`
z;rq|!sQ^Q-oXOzl?cZq78H_d3kipZpj;qSRIYFc)^CFIcx?IIC$x`~1A9Yl@)m_8J
zn^-KxYcXkIS)KulTh(xRR2-ocUc-_sC{jB%WhW9Qh1*d#)?B3D$TsCjf<^d*N%M&E
zo{&h<sZ~YMsHKS1<Tl8HEA!JwGcTM(Sg%YG`s@Z5MP)p?_6{eKcaZB&I>L=cO-`nE
z<dYYD9ff23z{@8G0F(P4)bZjVNERpwb<hkV9G8TMG!Kogl^eS!l40mD#9R(g9)@8~
zhn*O8;n7^HmC4VkQWdP~Q>!x~;C~`gYptMs^9t!i3I6oUT*&-9cxDZ88d1lnSZYlr
ztjz+2Q9<F3WHIhd05f-x8Kqbb5Y5vHS3vnSife?7almLCubK);0pvd21AQ8f1+&8h
zI7XTMfVdPwHXTYej)p?;!97}?a6)=mx4ww#z$xf4hQk_b+HWk{=LE-;u-~Ke#hlDv
z#=;t4@-pH!Pb-O)1G*xLs^R{wRz)|;d3x&kJ<TSe-~%lMNTSE*0EzGt(PEE%)$)X9
zNJ6;N{ilan6MVszxi`5vr@mslU3QS9%b?Np4u<hGL#!p%FdID9tiue5zYs)c!&B=>
z{ljFdTq**8A$A*XrZi^l3tm}~Kosyht;8>!aY^vj2h)euBPDK`w>7(AQVe}K&%1^6
zIWP?N&ZC9Lv3cjc4IG2sgABRhtKQCQ^utvKyOVTP!0PJH$$gPP&M~_^VOFgg<KCnI
z+jGta+}v2gKAv1SHFd`gkI^M#&g#QJ_#7ScQv<w*S=t>Ecs_!Z=1;uZCU)vyh0(1k
z#&fJ#U4<sS9E^jw6~7MyaV$5y611&OHNN@|-kXW-WL68o`6I*qX#&MzW$AO2g8wmy
zxIEaJ+r_qW;<pg)V>|AxIU_nG2Lll10L4Qsl|A_(4J@+VdwppnH&PU-Uwz|r*1gb>
zQRXYYjq2ztnO`R(@R=9_;X?SzI55BdDKphFi9(U}1k7$3FTe!FNjY+hFfuHVc|p*g
zHfqqPy&~BUK$#CZHoZqj8DUOdXt|!`EY&0GPG<4vZ`HP4n0H=SsG>x$xGxup?HsUU
zACVQ!X*<2cbwbBj7AahzPLUv=M~d6e7ify`Ut7L8BWfhG86p3&tUf_25h<6dFB2(m
zB~3;8;g5k+!sAVu9iY;q=O=pk%@LXH{+r{Z)cNxISD;`2VDlK9oM`A?v8aqWQoV<Z
zk$`<5#(?&8N8Z}bqIo%G-E;tJb`W9$&?*+o_olc>zWwQDOjo<+oZVI1v2Q=aHaVsq
zz-Ng6+AZ-#9zMXP*<iFye)GLQN1+Q>0iNO~*27lWL#jvIa)Xtu-4CK-_s)yzO2Of6
z={{#fAVKe8%?JFiLLondb9VHQXdLUm!=hz9!7Yo&@v$Y6Stkc5I2};!sn?G$Sb6X+
zHALp+86?sxy9C@|*hn>mEHz(tE=Em$pEg~TNqfG2_qdvFtJ1;Y4%zFN?WOt6j>!Ko
zb$5U(5iSu`P+aIH-Y!-56T`7Z2%dyf1b6I(p$o$Jc#6%Ads2(&mr-qL%g}7PC*4Mx
zrHx=L3<8>;ASqLGuh@dVV;oCDy|s1Fl4_1-&@g(WrbMVYIhKr&LV6xGpHgCcr(pW?
z2oay&<@R+H)g<Dmjr$+9^2#>fYn^>wi|VVWUgOPn$CEwec2IxvtEX()0J}mkp%#e$
z!E-!ZMAHm$eqamNOt3f%U0>Lxv0#~eZi|i{o=v0clPQQUy;0IjmA2yYssp&2$j+<l
zK8qfeqJ<5~pkqswf!de)Yd-GRw=hJSUoLYzwIQsZ-Veq1>c865#l<1{KlY|>|LLVe
ztL{p|BlHcq>xV0UFp<WlZh3RHtaLw_-;wdW8es?4STbb!=A?9Zy;ruJP*w|!7FR^r
zUj_WuU26bYq_5H{K%UpY98RaZ_(vlgN^+a~&^46S&X!hM+F1~O<i!^Dmt->(@Rcd~
z&A=UJOj&y>lI&d=uk#T!hj6_aL+kY`b1%lY#@>2i6mzd$EdV5S;)D28#N05SJq#}l
z^i2DLu`f<T`+(#k&|G|a3LQ=Gycd9cuA!nv8iUy3v3Q(NKJZx1zVTcg^3`Hjno9}*
zGjOS_rS_G=f&s&lyK)qmIn`3~Ak|VVoS#$+UQ$1<LOKBxpN2X0;=a-DjHsi1WojC>
zc{SxS<LId|=`KP@-g-t*z{G~AGz&gdO-c50QMby4R}OJyD&7FIxxd9NuW^oB#-)yT
zh&G#P)#wc0qx7EFKb;UNzW-*O@7h}*@&UEI8>C3W^ZC5w+v<1%{lqTI$(wjD%Pli}
z*lYLF{P1v>S2#UWpS>ySZ18-iuTFoZSo>U0-d}7AYk(gG@<j7>BR2JO!*TWbw)Vfc
zbkUfjm3DsG%&wL@qcNg;cjL*?>{M$|u*7R<RIpr?YSUwxlwh6wDU0DbwmKN$8-jk3
zwJc2?+3ZZZkaf4C-{j`iN12kBB@M4@m>;B1*XbxbN_JRV%&)H%xMD{Z&-UF1Gv5U<
zcz{eVjRQ(6eU?wqscbt?c{$B-M#|K~YT{-oQ?AK|=2Y;_K#(7%B-3-!t!sM#lu30o
zUtS=6u@Q%eXH;5Le{)(VE$xxTA?dsSwZH@S(F>pEcrVh8T~J_<s{?(Ag8+BaM`MwA
z-$Yj6?U;jVv?<jqs5kMZ8~nu}r(DHf;=o<jaWqRS)wlJ?X>2~*P+Dygu)3U$K|17a
zzVJiro85`d2Jj(nZUo6<#ndc-n&#m!4<KJzlIR_(2R><*RU1c^rnzM)+)Qk~Vok?O
ze>2)oc?~!DIIyKxPydHZYWpTwoxDk+&FZ)b2&48pzGXaVrKgw=TMfa{B?j%+A>$aL
zP(jB^WcA|$cNtVfs)e6miQ9{JesGav<D+qYDgm?CRa`>HazyY@K?tIlhsfcVAxYT>
zxh&vJ>zI2~T%D5?>_dh{XB`KQsCU0to-xK#<|jADA>t&&cy+$`2Ne3RaA~O#bwcfd
zIvYmJD)F!1Nk+c(|0HHC@nj2fe^a>^-)@=fk_J(Ed)rtX76pS3I!C!d_G;m=S{Nij
z6Kf9NOR4(h$fM!OPbD$?f`0#IaU_fqb0!ToL3g}{#5`0_@7Alx%X76wxF`A6(+A&f
zi0|vX1I&tQiz0ZU&i)M-%d8=0o$B&fp8@m&II>;&Ea(=mr?KCo;87zyo>{k5*_dPD
zem}ZctOrQjZB{~Jcl>}#pJw2LNSL(Gx#A2@261f;{H%Hln*?t(m9z6q$wztS&^ddM
zTK_b1MAw2XnfX3g^s83@sCRHHGH;vX=IqNAj~k6KO?c!Cl5klgL4cfWg&MB?!(%Z$
znK%;;#48+nkQ!PewwCJ{5T;t8E|gSN(r}ehOXV&Ephhfj)+kBEZ694&<*^I~d-={?
z1OTfzR^iDuncpTHqC19CL7)s*wu{#5^XCiXTK{|*J<-8u%1(d|CVS`0VRYB)Ud{TX
zLcOh1yu_k>#GP=OneGhTk=y%b#2v3GgXH_T*?avmEBaZJ)Tyq>v*#uk=s4$~UhJ9v
zWH+VBSG-={UX+qh4Q2ggJITasOvr$XV=zgZi^HW=dlL!wO&5B|FWhz-pZtB1g5^!s
z>_<e~<ohLRfZCf22_&T2+DrE!Ci{l16I$hRNRNHE^MIY+d#iDV?)!Bz<-3ta(Pika
zU^t$Oe>g)MM4Z*_D&T{t-O=t`PriESCwK)t5;!{AU*n~dI}9spd5AQ$9Y)oSQsdgP
z<#Vrldo>$rC{^?IZf^GyPW|;K;5`)Z@U}&_4|_ZAo4m+-u353$hBajd+_Z(M6MH*A
zR+gR=Cd|{7ENxllKYYl_W>I+iH>G}4tMDwGl<Y}&GWc2P-nByIL?eDr4MU0x)9!ah
z)UN&H7yU>JK;)|Yc~9l_PDYn9;!l_IQ4+#own}8(D?iEQyJnO6xGmYY;5$|Kelh7Y
zd+h0bnyXjOCe>mc?+e<2j>(G^Un%Q?i_?>n%5;|z*}?$Y>#MS0wVNEy0;Mia%aBc#
z%uF}K;^X*G_PPAVw+cV(#RkT8j-|~`mbDts15#bNn3d^{;IS`j(Ht1E1Xz`chBza-
zg#6OG8pqe}pOJrwVGbPEa@Y-YRrZ7nInAiCXHxNnoQ<h5(-z*CbR_!hd@Xd9ECA+u
zy3=8e2UY?=jSP};@HaGT<N0@lFG;kz5pZgE?ZXc|X=~k|`*4`@)Ue6Nqypj9a!LSi
zt*v_?>RZtlPc^C?VH{wK!r(gecbqr$EUoJFVP*L1h_Z_K@uPHE!_DX<K+*JIP0O?^
z%PVhM!rC9exaU6YUXp5%auQs{CpDFeG$_~Oh5~cTUrM9}YWWi8L7J4C{(=j+h%>t>
zkquouK1T$2=c@ya@L|aWgJhaED8VGwCH>p85*ZN5{aF$2#0{Y}L1;U8Lr5!D3B7?Y
zg(xj9MWl57<dpBf{rhO(d=wnN(L*XDO^sI>bC9!jppNMZg;IU#gwP_~)5R*^_v}hT
z9B#zx+MXSp^Nbp8Vx^v>q5f_rVu$wC3^tm_(~QwC5AUh)$Jc1i&%P0++PDT0URJrk
zlc}uu3{_kfgpElYtdKf4_H>E9%`AQzpuAa!AhK88I}v_6k8o(lSe5mx;Nv?nZVXp(
zcy=-_{=qW$8#BpqKqyx^(DvNH#S9-Z0_!rkyNm-+cy?!X;$n3oM<=4$WF&9hU(^*M
zq${~a2QpFQG(UYmyDs}0mVFPzk>|biCtVgf8>VNZs+FC}CKH3Tb*Z#cTUQKqCsWi`
zWau497~thn4p;OT($b3HWW*2kOmSQ0!Pcy(eT35_t%YpnV=-?)a7N{y8%q*WGuRKm
z{+-q+#FoVsYO0e?Xa4*H^+$I0_t4_{kEpKKjIW1*aN>$cT49D0vTgfVaDA_-sPr~f
zyLJ{xD49rt-R_YasXwtq!y=59zsUJ4CO3|Vx7mfqP>`iHFD&(o@x2wWi^p?c_$EfN
zHu80{k1{eVR-p$6AyS7fTSlFo(h4%4pG<{WQ)IV9dVxg4e0sK{o40S6?N}nZy$WE+
z0Zzr{g!*rTKk8MK*s{v~qM3zE=#96qwtp`n*Kvr<r!eE{4w}_wDjzA&isfgs;L2H_
zs4+0%N8e4PdOyuenrP4O%nf!t<V~9|w}H%zNA^0za2;L#z)3U><3>naj;rs$9>`{A
z<e)?)h}UoQ*pR*g7mSWzw}26FSi|d3dcu#V8@c(Q@KMOny;D=>bo;R?OtsG*Fijox
zS4r-8Ky_t9XuOvV&zlHBFXWj#xU-{_x>QW0ZuI7jn{5_p*dQlyX86`s;re({+HqT%
zwwk0}J9PzS(Q9Z9kvJb;xE_O=RO>O_v|gZU2Ba0xiV|XpUT*+O6<Q~>J#2tRlRkc)
zW=2i0!cC&qDCw;B#qjmlNteCEdn;~8373^f8>c$#YQ&Z6Wq0rm8S?2cL`AhGD^Iln
z@?6M(h54QzSsz3M?{(t)A&8f!n}kaRZ`ub6ITo%iXavH_P`LNZWfyZJU%e+7(aM4r
z`J1$r>PYgw-?&Kv{kx&tC2wn}@SGOhv<*_S6LzV9Qhl1QU+n(J#+rNvDx}?{r1BsF
zyd`bDKEe{@-Pm=CRqJ@8q)cGjI)kQB#(dn?uJ6qQA?F_y=X4<XBLX2YrU`rk^pcoh
zF9FgnCX0AOfPr|jnI3-@w2Ne|Bt!dhG*YjP(yvCMxJDumFMjZ|JR9P(qV7;=su3U$
zQxxnfN35Mn5+`!zFq+k$DNT1hHLGxKRg7)FqCbA;f;FX$?~q^<J$R3)31eSLG0i~X
z28~SaKdhC%t{wHe4C7<he#R>yL@=jsM;_33)iXPbwP%<jaQhixx1{|=?oB-AqDCB_
zl;L-%i;`YH#B#8|D9spFk#G+XgT4g-|4NSMt<n>Qn928TmdCCn{J1(VdpP`50aU&6
zt1Qo$<B^EBQykkqwC9K1><?<DD}4z_i?&&Fum&ho0*>WB+vv?cmSD-*=|j-NXAT>0
z*Bv`FX980q8lheoc&x(53tI_}V<c9Q|4NC={uZ541XMaT>T0$Tq%1KvfuBvSj#@qW
zRJB+(#rX3PFs034XBrT!MZwqRq~f~lG;ZOn0g+yL;u50m_@sRB-+~lm+*@?=)^|TH
zGfJT~XfKXqQ6N`GLBrlZTEqRasdKU;OW+|Pu9EOtSd(iqaXnEjA5H(&wr(S;;*_#^
z^n_~uoEx&EtCpYI3+a=$j)C)6j46E6s+B$$hSiR6Z`~&skIB!1$Zj=$j6^&)*JVor
z_ZB)$+qX+rt@MjKw;luxA>!~x^+)_3UNOAeDDZuo0}wGohX06**GKlxpIn^aJ}eVn
zy086VG~4rA-Stbk?zX(@E{A4&6)!joA>5n{*p`R|`$7+Zw*&y#<xHA3GG);;!tT0}
zaEsf|NYO4Lf9GTTOxm34Y^Qx~(o)xMk-TYhzts0uQ9)OHe&Z=*Gx<+<3=zg<PY?(X
z)68Swj6=Dw<GK-}FlnaBVXp4(K9VpJxd)BGLX&XQ!aHyYd>9W?9?m%%pKvgN#vG`s
zhc_`bwIo!VO1Zdw4XuBj+VONkUDr34<eRpEL&)N#B2>01=mmR4#VP?0NuU|UJt@c{
z4x*)pcvqAJuSLcSDexutCvD=6-Di9PN1<lr`y<ZpL2niR80yXM&TOszSG7!FS&?3;
zed4SpR7U?Wk~-8#Sb=*NGhOakYZ!S?KoG%UI&(O(_WF}Mr-x2unMwKdT6;TB(`FW)
z6*kOULi9T~@<mrAMUbi4&3yyT@DIk$H2dwU^yw$HqoV-7wX}`g)Q~C6$&c0Ak==}4
zCvm+_>QScUpQ^=w2B?2zH{haFqCgCB1!V>u#QOs48_!k=7Z5Lhtc`ee-au+mZNkP#
zls(dBUMaS3AjH4~xpg9GRc>c1bxnmSoCnRIU2AxtT}1R5l+t=z;#I{247H}Za53|v
z^O$Sg70&){G>qk8(pW*l8~8Ovb=J)a71f*cZRC2fTg(OFh&TC|I{VLKRI;l+S(3D5
z#n5v}RyFcP&S#|{0+fMPyaDVU@{53<4<B|zZGCglpN}5ik5HofcHfmZ3wB<7`9J7W
z22St)BK~uOmcRKSS^KxTmTW@T@Iz!YV6A^_S!w1m-rd9pV=p8!hrew%vn9bK@kW!!
z)kHF<rS8&UX222F<PUhEEI9<FY^o-U(MmhyyPT$%i{~A-#Kk2HpS>N|qyV;O(e<b1
z{&=Tsp9w+PgF>LS5e%Ge!8Mj0?8R)=H)+z1a=0o`yUZNCJg7Y=g@5omleX6+y9xB7
z%@b1-h$5ns=I+R2vVk9y#y(`Y4{kpON_|w?QCNu_>M5*=J(vgXG5qdx%3dsG#2LNT
z8S~U*ntWcVzrQ|6eKl#Ip4`7r-$4KYTX=F7i(~~eytp?u2ClW;vYSV&tOu<uue};%
zThhPy5~W7uKr-R&_qpK&9|-ZFyLmI~Xh%BN{UILfKao`IoKq=Fn24JYtFZY+FlmY1
z=l%j)2igEVq(zvoVkO9Vu9V`IWk7WaS~G^Q9Kxxj;)Ro=*Sr~|h8!4q+2A~ZxcBYw
zW5~g|Uht%9ijevADT>Hytl(q@THRkP(25eOZ-x3l+a7%m%7Lgc`m`Y9FRJdrz~_v{
zXNfT*(8BaSa5C`l0@;3$mYUHkjxl&`@Z<}7xgn#wwNR5H2)Vz~q;o4EIl~d!%ee%M
zd`0s;{DQ78)_SJbo*rJP-1cFJvnr`lL7gvZmgPDp+LYx$9Or5K_VdI@SbNvy7eM-C
z3x}+E>V548OG*b1RxO?WJu!0lW_(JJ>Ew{T%(mi}Kts}VnVtLb{TJSdP5!W^)IhYX
z?v|`SIC3#mv%s;@1N&vUz8a$fw{WDgoJn6>FN#K5%*6=Je(`}J&>Ho5?{e#}=y6#~
zbFn^#!A@*eN<MwAWM8NByR48xrArUA%ot^@Zt9H16;JZ3Hg2gi<#HxlQ;TVg-9ed+
z%_B9_#<z<Z{R8=@=Pps-SzAG3w#Ya699trekvg5#GeIE7+L#4PnoXLFI|cfvkrZoM
zyo}hmQGtxun34JmUbeJ7fFpbNfpe(Kk!KL36fMq4xc>k(w8+uf3v!Qs=H%-GQAf)=
ztPR;S4)NmW{AteE$;Tg$v)+0j9-7Bjvj=Z|K`=xU&C5}_+w8xCiJxMx_1pf_&=x+l
zgA?i?VM4S4j9sOOu2`5f(a_Lp*1RpzFx+nEC24Q`Xq}KW!{pn^CR3LkYHtN63@f8p
zDl<1N!0-;!(Q%*g^3kzaMm&`VQGZ5R*KB64oMB`nJH`2X*J<y7Teb?~bhevn6`neZ
zr-%oU0SgpUZS!~r4aa5b4cndf4?}gX#_^-dXm;t4CN8geZl$(D`KF-oGS7Sa?cVSn
z#F>LoWAm59n8!YAq>k281s6UYdP<}G#$T3dQ_uDb*wTOn=<^;W34*1!dpQL!K!h!K
zTTWWziG=xuH90dY;;y2H3s1Rs{nIOQzu8Mb{LJwKGzlG{%C~Q_z6-IpPG1!Xd>fPw
zj<3bwrsF~a%{Y$iR4<G^(I`rUHfAd4ZSqiw^Y^9mze$D;>cShTbwy*}L}dyaYd;FF
zg<M^g?=V7snkV9?5FyfxX|UQ`SjCj71SIU4IEZTX-5~MU4vC#Cjy$A7AbW3*mg%&K
z6?kdA_GYMf8)ac=2LP^ZZ)6Zm)a0{=ZN5{cA}(OMf|p}|oF=4If-E`XPKKLKsG^<D
zs=zK^4u=p)SkaiO#2q(1QS_pqU2jy3<O^xM_QdjqgqDYByr8D3jOO=)pkQ%12&D2h
zYdSC8ct?mbycd=y)y!TQx&~Dk4#)M42AVB@R%y6dz50pbZI?FUcff}1+n-OsrOMx1
z8GOPd5mQ^<2&8_QSet)*oL^*<oGwa|a>9(>`Aw_tbi_j4YE>v{lLITU9+*VuL7%<&
z#~m}9R#j>`M)l3Gkja|-q&hyx;~`-E^-Zd)I77GmvV70SQ?09TjB)Vg+wsM0Hlm61
zpO7spnAe{;c#*iX30XnuiUVam1Fdz0IHX+an3+MQ1ljUC)cTUHbVo>rml%Skydb_&
zRc4i`;#lf2zx&lxf{P|5+714I<;x?a{<_PGzH5CR@RW<kL$99yCjmn}sCbwTMC$eJ
z8L2Xwp#JxHW%#+qK}q@7GE7meGg1v7KU%GyJv$Y&E~}VX`f69H6?C1M<40aU>prl_
z*kaqV7q9c4eU)`BcNxglr~s-Y8eyjXY;4*E@BXUiM{$R>i8au+WsOoVAV`db!lvuT
zxQ{MOH~FQ0pX1e|`zX$9LOnET&Z+W9eYUemTUJ4~nWBqA8NC9u=w?w5PAXRj=8V#}
zF!R-Cl%SpSpC~$pXIihHC}{JX#|_+!YI!tL>XC_*x`JwS0ea?&&5db2B?V5_bw9$2
zHxHR_$LTW4s^HE<<b-M~L1ia+dDHDi{yrQo?mEJ?nJn!4Yy#S~ULq_QN6)`5#K(7j
zi0`+`^0gKkKCc)Ztbj)1R|enO9eh~p=Hx6*q|WL=p>c2HV<tN61`IR&uc0Oj2~y=2
z#rpP`4cm+BkIwg@j}^dtz3Y9(hlQz5Ub$;&hiUisvMqD=@ra3xoZM)KcEA^zJ25$5
z@e_KN?WfB)@00k(I5#Asgt4$c1AOg=(byIRjPLHV^q>5KeC(ZMyovZvAYoMlOxbxx
zL6KYE!%bncX|mC>NwevEY)F%s&?wP!DBrR<k{<x}0DBIQ*mgrdZP)?&Gy3G$Y$=|!
zrIe+Nr35$98g7u8fv17=c2ECtf0>BVc5DCd{_uXxFypYoFxarIFh5we?GT6Ux#`P`
zO|+;tqW7r#p8t(avNHc0S^SGg68{5@{x|6SPw@GlNVk%)sjab!B)IDTfpjx7v2!vo
zGcmJ)0q%b>-E2$@ob15ARsUqV*;pCCtnNQ5{s+^|#KgeN$;Qh3e`C7Y*jX6Z*;qN5
ziRl4gQk<EU1q?DXb8>PrF#V;KnOQhF7+6`sAn|{I-T#0w{|DI3%JTna>Hh+||KX7T
z0K5NX_P<!t{~y3^AQ*}Ni?#m^*I#Ivm4TCm4NSSSZ~z#X**Srn#H^ew3`~Eic`(ln
zb`J|ND-$!=ZGW3Evw`tdFg*{xj)MbyAtwXpKRoxZI&Cl_Pt3wX40bXD6Oe`NFWLI<
z7TUzDU;&(LYz%)DU?u*m3)A1Ifi(d#gCh?n_gRVA!QC;lGlM%|0~7vWOrP~HFbm`W
zGBB~SfgyBuCUCbvCQbktxd(&hf1?PN3r5UYS=s(_v;cM{Fs{!EmjBm6aJ<1v{#Aty
z$i%?J29^h|Wdlc=82|wH3?4EJe^0Xfw<Ew^u`n|*ak7F5aZXkM*cD*<{cjUC@Zezu
zrxE~{|Lu|gEdP`C=3rpw0C!2u#sOyM!39=g0Pw%^5`gPC7&w6JU>2SY%$supIKj?h
zWd@fxIKXE7kF!8Fa3+I)u<-yeCC>p?hULEt08VzW1Hl&lyNUzc!Qasgw&!0B!KQ+J
z@|Sb}mmdF?&kA5?0N+Aj%K_l*2CU3L05h0p|Cet65&{6<kWAo&2Vh_xtnYudVB-Mm
z`_~fy4lrvEHircqcQ$Zn|7GX@=G|HU`tZMy=Km}24){;rU2zo5yQ8#UWAYV+z^tOo
zNWf70k=h>$7ruU|PQfU}8I6VT)ve12QT{5xda|6g?wqP7YW$QIL}a7PHdb*G<-!z&
zUHqfL?p&7m>ug7Q6-<|fnH7qMeTNJyLekM7vFsOkes8Dr^<JPjZ{sCK;Dubk$#|M|
z=k?0YlffAyf}Y7>0G%N&SI$vGjqUgcI+5kZ8NQ9l(FIFF%1$hJ8B(lWu_#=MRVuqE
z@PbT-cOyFb*91ttn=Ut@vPLETC{6i@-kg0NE)&{#@;nZ4jJ;47Xd%WxxljYS5&`8r
zxyw(MI(6{&w0D<Sx#1U=l$_y@VG?B&IbmNZg-|4eMP!VGvLW4zGUE-H_Yz0wzr>@)
ziIbM@xyf5gN{M~nj+bD;IV+Wv+}#4wd__-(NLr736w!hfAgH?5y%_OsIo{6Pq}8F&
zI&A&D(f!)FJY89K`wF3CQMd8Gr*PoEBlPbX{BMGY|4KvgzsUE0O=$lg$@hQEoQnTJ
zzW-xb{Ljhtf8h83Cf~s$3_QP@TR9m!fPYu4^qq`FjQ@i3aE$-FhL{<^!N&R@<hvKF
zo3iMN%{-^K$Az5hjHK%f?2%kTU;%oq6IO5Xgp_(+$mdTcrj`=Kbe~9n661)7V4$L+
zOe=^SI(>j>{voENpb%(pg0GJ+A}(kr_<5#9SLGJ=W7hlIr0=`u!N#*pj?d)tyobeO
z*>O2n7I7rXOpmPp)KYsqDiw?$M0t;zwt9LjPi^%zn_Wh?wi16`BV?%pU-QLhSFP8V
zmgI}U_AZ<?ZdA0Z42_~OI(+pPR-u^-l$n0HQfq5L{o&wPzk)?sdwMGmixw9gp`Ht}
z#LM})!Ifa5MGd^3SD3(JSx98jkNmK?anIfBzQ<!Nu43+ax{&uosER(j7L{PAMAbIr
z1*-eHXtJWCPE?Kb8C}SDQqXI3Y_O#PLRY2~>VEYPLxu`>9cT_Zf9v~RE{r`Y{rE4(
zj;_30m?+oy2YN?bO*CP?z?Y##Vxtu(9~^4Q@sI5Vu>66azhVR7kzim<$8rQ@@#ASZ
zl9YSw(Xs<v+HP4J=L`fV2p?cl+8B36YAvG61>IJ$i%D)>{nL29fb0&2l|Dc<8~#Q!
z%6t3z`S#{pEXr3$(9y>6DxtD}`Zrn&VZ7<OLnXQ)Bp$3a+G&@1XadoTJZbgtzRT3r
z(R<xTfzsDp0CtD8XXSlA48Pl?dwJm?VX0l~P`B?;Z(x$dne}nYw)XLB1*O<ka8oO^
zWQK=<2ZOzwnW!#O{J=2LOC_9auhbUj*5^6e;03!A-&}RWT*PyMs41k`j|_94w4x|-
zM@l}*LM&RD#k835X@p|s4w%8F2Vs5Kj5-&*&wHM-uxs*1hSv^H4!EFk;@1cu6tJ8Q
zFe7+agE(t}GpGbTt|7Na50blA1ZqiyH}aV;<ReazWlZguv3h*s{d^wMbAWn7^}x4q
z(gn#YX}EFRwZ|XXg=rno=?!-#z@0mkBi!~gCv8(U2Ybq<9=jpn9qG6Z+8b{1`>yEX
zG~x|!D}qN}{~O2WdSe{Ih#|of*}`ASh`)gF<HF-pI=|}irKed+NJ>}HR-mNKGve;_
z3$>zEA2jsXtOGLWFPZ4yDX1W+7okcZsQGE1XXj$(FPa+2awl(s-*sMHZwB27El$J;
z=lt$+Ar8q)9tlg@ptYU_-yr7R+;t<`VMuJuFtJ?uqh7Ugsyn)1&qP9|^lw-^AjK3Z
zxnR&*B7Cay7;-XNqVw3h4`iJXI)XODhjItx18#sG$XNnJ`SK;ttT*gVsM^B1Kd+~d
zbA)p;g>`eQrkf7AFW(8Zg;J(55A*S+)Y$cQ<9)(Ivf+Z6@nJiXK%1=b?=fD$w}puE
zz6(dSwvO73?+AnM;9&{faNP2FMJ<Z(rk5^qZbqb3s+qzoMp=kP5zgd1Ae;69{b(~z
z$RhUhotEH^!uor~hmLC%^uuW^7U7=Lz)W=23F|D@wnFy>nZ?MX*&;b}3#*bg!>fYh
zF!VB-(NQVs@Cdje=STupkGWxg)JOLg&gJhDV_SW}NMACUsd(wx^!2>fev}NqHHO+H
z2v%LsmL$Tp$k23?{!q}$rtccujxMv8&a;Aq1oc~&L&mJ|5wh99yX|e_4q2DxPSZ6F
zIth&xtr~EBmoc@Ksi;E`72esQa|cE|yH$?Qgi&Is`L_cXRgLX+e_pB6NavLZLm-u7
zDym<}C^^#GXc>+;f^*BRB&#LBKQ@#nayDj)8GGSdsFevQ`|T3yS(*<)1RK)WL0myK
z^`VuJ#5iBaxi=u5=WYLP*Q%S>5PkiIG(Ji{Za-?KlWblvW)@Y*doHmGk;SE~W~j!#
zglkbwyY5B*)ney*Wkt2+*2OiFevzQ=@PeYmA)k99Ipd&lmAGyiycJ8g4T+*@UHxn1
z&&x*m&GloYlj}IKV;?b*uPUe36foGvpN#|1gkCFD6_eSr<dmV2?rXQD_8Wh4)j@Nj
zpQ_kY1_$D!3V#}v9A*JS1MX4dQmr&qgZEkd^Se5#reQGw3&oof4?@iY<Kpvk^YY|c
zt4k)M<Hl#Isz)yS{(mZN=h>=wnLlnXE(nkp#hFl5I#DiZtU+l4BR&vf%|Ope(VC;_
zvNVwlA>O4kCUKK6rX-HWFRCVt!bx1!VyY2}L}#;}QDZrVKotI@QABe6hU6rrtfOfx
zoWR{axc1>`*{BqtxjsQ-)=8sjY>0V8o-sk-2t{aGC|^+e)23+vi!331lyomyYGO<+
zZsQZOG~b%lvM`AN^txzPfp}er22IVEu<1Y4oj4+`<V1Ftah#A}Ln$R4;l>tdXrEu8
zMOmJIe-&xn^S+w#6SqxUa(pwNR<~08i6gCJXp{44Bfj(x?N7$0O-4%bmEL<j2@=Zn
z@5E4`I3|alm;kF1>?6^Hfv9l0q((8#Bt)m-@5++LVk_x)7l(?ghug48^-bOyiY^fm
zLC6LS?6pGGhkqOdps&wNYBWndKRe%Z!P~$SQbUo!BVd>00xXQq(gokBLH0n!na0Lo
zmws`yJz$d|4GgDc*;>#YO-9><O<jEa&``r@+=_;30z^JL5ru%J&#&>ky4|LEmpi(0
zOG{U-RgEi)BBbEB856waDHGaX_!dR;)TLSmIwDd#F=9K@#>=soA+@X4ZqD{?=v53^
z-`u}J1MiP(rI15fGSg4X?%q&T-KRcDf4bcZWdwaig13*&l<Foa28~1OcU4CQOO-%7
zFS;6tyzb@^iQQ)5U(eP+i%vsx_T*JvBvzvo<7j^JaoBH)93cD?K_7xb0LvMuXD$ec
z^<F_WcPLi0`<(?>oIYze^?!JKr{LP6hS4&%PK=Y}#I|kQwr!u-$&PJXC$??dw(ZVW
zU3LHe_U*pa4_*DXU*=vlYt31;_FQ|6Q8+LT${YHp8l(V$Wl7(O>p(-Wlk2w5HF*AS
z?2+<bWGkE@a<@sRkGvytm7M4ex9aU(1`BzP{A!+PEMKP(!1@ljlUWA5DgcdidXAs@
zuDZO;hDF7gS3n@Q^JdW28Yg-q(}q1!z1)?`CTi6-i6-O44EbC7h>qlo5fhdjO2{n1
zqNQpGLWv2GCuuxn{cuYxC1oZjr&09S@+z2wCaT7wFIc2y5PB#Z_8a_G6luZl8S1(2
zO;Zs;Syy6ij8JSztydh4DTthC6J|tUcO2O8V4m3+OfcVbrco0Itrv$h!9?YXlFP&V
zuz`{@z{OTs9|vx1`VKXJBoMiL?Zal&nKNLv2B0k>4s0S+lr%96C+n_`W<{KaEvai4
znEQqeJ0GWrxoQ0>pPnX1R0$GaDhgAyiV-H>_#&Ppda4Q+1h*??yvWZ83msQiPO0jC
zrg<0%G`-ZSBA;K%D|0FZR0S$PB%!g>4ih1nk4LhK>XwhZo<*M)FF2oRjC8Ri99<dw
z7+s|1A7c}nsxDhBl0+9ndqhRVq9)YdpE$F654kRAm4i5eYs^FZ7CHfGkegrLw9d1E
za(U};x9-id&|W1|{rU-3*?EwzTb!+J%%ef(7v87fU4IZaIL}(1g=1C%plFV&>rL+y
zLH0ZC@4u<l#4Z=7CU^XmHU4Emyg`Pn(PD9A(?*aF`>tKdw7#Ka>mqyUa)jdNfyoi8
zfhLc}xExR|&DO4yn`VeQN0iJOImNmnYRh~J6@YzGxMcu*hNvk9F<Iv+Wr9o2Wt^%v
zpS&#!SbEdctAEWt$TsOFk;25lOoU`4Ty&tLs#{Rju<TJE986NJz!D|;R|HM1rbVLx
z6QS-MK`Osr)D%_94zgY}c9GnxxTw5tUf-9#N6Lg`<*g_hZnyHsNh_mjQfAnOS2*ON
zU?g1#s*A=|%ZBL3bQLDEDL#KB<X~|gyD{Oxia8#&BeRZ-jZoah=~!V$MEYKc&D9Xp
zHQ7BGKMSFBL#)n2tni4&@=rMqZB($mZ3&LnJSc8J1stn3EJ7SP4jx!BJ?-g9qHZLE
z_hH@IEbfq5ja);bs9hW&IE?bkbbT|^0SPRAY(E}4X^(p_VJB{;Lw1IeNy5g#$t0=k
zD(_S*zR<L`U!CzL&nnFBZ==}WqKNl$v8CJ1Nqo4e`HH)+Y@d5!5Eam<r{_;=l6#7l
z+TV(EE40RuVng?e5nryxu_Zg?9MVxjlSHofu}J>=d-E}>LHsNZd~9i?EACswK#d!2
zSuaswEHueXIZ$P~6zvS=5o_|#WM?|<CFZ3^_pMLN*ZUiWPR{9_i`@Aa*s{x}i}#i9
zTlyE*GWsXv!`ZD|?y~1M{wSLK?e+P0x>Z!(E}x4Iq1w(&&!xbrJ&z2nQGfTz+L~9V
zTn+x|Mr15pp5FD#Qxexl$QJ<B(X-s;MaqeKR|yf<=Vd7UN-P-5k%;~9!W)?I+MaT^
z7;S>yZCsvRQZS}nZOtIXu0O_W?~^%;-6Thr3^A@VB7r~wh*S$6fGe97G;ck33IWE4
zN9YZhzN>fM`{xZxjN^bXcJXEP3~ArKlM`nTO!n93X+dN2(C7^iRBxBfosnqn3US7q
zp&iRg{NkVnMdv*MehL{2mkF~BM3!vrEI?Z<?KSd~0%g3!Um?KvGE_uc(t1RNpfO8W
z&Bq-rqX6Z|pjnLDi0K~{@E_na{F9Q-n3-U12iT)(C)t3LdP)S52y~tjsx>lYw_%va
zvy;Aa6(zL*p!<H?7pPjnVN5JfK_8uK#JBzU1#0%k>+_qpTG+aJ3~cRD<xanrew{`h
zU)wQQ<o!yVF<hK6WQ=V}SaN)$@(33s9N~cT`V%Q#F5ibPc@B5zuFJqrpfhX}2v0;7
zCs7Y35Ks%o=x6Fkd~(V*4~&+1ki#$%m)jl-2t@fEjWmCIKvL1x_Ae%Hky|p_6#FDV
zx~O|}(%H)O3o9DTi;+2faY)Mp#}(|Rqwwu9eABEP(QsOBF~>K$ze5k^2uIE#wEaHp
zOZi!QuN(D(9JMi))5Toq9o%KFnOhK(+}}Yj58di9OMPF#w4k3IC?DL&hARcO)B6lW
ze-6Ad(1%wfVy&7)f>T?QM51=OXaYebi#@j=Z46upjhj{+V$*9v7RUsUxJE6G*m)$5
zzz88KvP#(Sb7sCBmzg}}`+8t|-MlqVlJVufJwO9a#41zj<9wEjxJ9|nO-KP7Gt?^Q
zxo*`*<5ggEcjax8w|pMeB!D;>L<${<r&#bOar^;mm+kqKS>5PlfGbO~m0?FpBzd>v
zciXNYDb3rcgfiP=gdd$w1a<3fhm>p*eL{J*09CEVqblrP+1M#Ax`cXa{b^h^$ySX6
zgY3|4s8X?=8&4N<_n1vu$9r5b8g#(wd$HSfI?=t79hl&IS0K`L2xFN%357ztvV^2z
zkK+k{WwKA1y#B5ft&|5sJ>zU|0oS8Pif_o(T}GifFboB%j6cV&6h=z$kB+aOSn2m4
zRdRz|#Ey2ZRIcq$Jd7>xWGS=>oK7ZI&rl(bXd#X#ehyS~IErCjU4s3>tQU?F(c*(I
zQYgm1ve_hoj1TC$cNuNfaEd^D{_h#Eh9kEe7*R%J7v8L<(~Z3e&(6MM7VW<5Jy}T`
z=T(0j-jTTB3of!FKjZ|tBLpJLe6T9XPw2ORm-2tRaiA@&^e_PfE95a`tu)lcuEb}p
z*!e0q9pUG-7V?CJoO*+EdfnYI_-YcG@b6$@NQ8*DAz(xhj_PBFk0C66^rNMZuN|lA
z(4i|WRQu#w_qRHCvMiP_-|aOBpvHEyJKhhJaixb6v)Wi8ghfWqdiV~78j)@>a9nlG
z$Dql%ziDe7HpRsg%swep=-PDNFQUC7rzu7>+nv}#otVid^EjCdEAd<=^bw7eT81oj
zNqTh#Jhf?qbYA^JO?B=<fVNag{@|X5rB8N3vUreI9G0%+O16JZt=axm*68@?I5(w6
zi8P%q+}D!R+yr)m^j)0)G>Zw1e6Ua2oQ6KSn%9O)G+;~IMWPV`rs(&nl$SV|Ih^KH
zp)5PgBoyP%b)Oj-y%~f~;k%skmJO*@qEacHYW<TbB)l)KMQS#u0WMU}AS2bdH{FqQ
zqj^on{xyWiu3P80KZFCE!P@K8?SJe8F^wjVj1!3b0a*fKK#@XnYr)}s<iL2L3*w#p
zaK@x$Qi}Yo(QM1d21a^J61xpDa*cdYBH*IzRI4ptj*x(l{0CTbUaov}FR4S3c0B$_
ze=c=2EiD=VAc1xxNo92CTMeooeS<3=p(Z_xf~hwnO=I(pvuHQemBU7dJjpYm^S<nK
zTdF_40eIycqWo*{Dt2R(&SvY#airT<O?7B`d((&nl!|9MY@OUB;20N{us9~{W-3!6
zvcoEk+ZaVwh5IP>b6^a}gJrtRvU?AsYphrsTlWf*Nre;M%Q<5Ex}0q4RJgg@OI4Yv
z%=Vh$aok)iVZ5-2$ZfGKSz$~(rOVu3b=ACAu;vHTKTY+nNSQc!d7(=0>d@cqIjDs)
zGSi$PJqgY7h-F%O%L_PPyuJYSro+!G&G05Y;Ro17gbtnZnvj`X1>A}~68)iE!}i)5
z%&!2u<kJShwI9VIW{p*M#nhQC6A&;S=#8f_A*#Y3KJui16Q%IAoj6<8R4U$3KxcTn
z35W<bvJtXGr_<7AGM@Pe9IrHj9o8JSrFH)x$RVrFc<3qgcWjic<ytV5#Z5@$^b}Vd
z`!|<d%kj*NkW$`ocPTJb9I?P4l%N=rGVPCE>W3yEwtT_71`<Z}R)gd&&t-uw*AC|V
zy>e(&Xb3|MZd3SGh?6>$@FdqL>AXeq-XZlO6z^3-7q=nxkV)O+65E{l*ufN*aHAeg
zt@sbLFjKqF%zzfM7YLNZ$uIu&(?Qf8L}L&4hGbglG0GHqKd!`3z0H9iD0#udiOyrV
zGf*f(@?V+;HQSO$XX?ILf(OLYc0Al0LVaK~d=%J_E7_N2w=~u4X>Q#yqCS?k_-uI2
z$~NJ!W4JGwtqWzGFtYwk88P}{1&^=rSvHgS_Wh6UjAQ>n?e%m~GF-VLDQ*<6o^mE_
zIF%vnuYQ=IN(f1+Z1!UB9kh3LY%Uk<<G8+?BFo6T+a1HBX`x%J<sB=pCIp+99|Moy
z7BN=RvD*Nd^@m}f6GHbyRU{%@LSd}sK1vMlVKCP2P<amTz;Rp6)z&b6&}}m^^9T90
z2zsKQ>I^y*obt|%?8TFL<!siAPDu`-!Y6N2F4XT|zYHl5E(S7{3}(Ku6;a(p6#J4f
z^A87*jUuHnlnIIal?74qe71vWnDhLL7uw(m-t=?`MB-bhXvMFzOc~2gMV9x>%Mz<7
zEfB;kVP>5)&g`>Gy>qj>TOs_zQ79-pd=v-s`$p=0U(KgF?#w8w22sx9$#^$Xo1X70
zM}_)7AlV@iyz>oJ90WF2%KGuV^6D%_6E7tiXZ2We531{~7+$hs2QpXwEnv=%2;OPs
zUh?qWE(ayicNP4th^G9Y--3M$w+~e^ixsN~-m&c_6tNf}a|ABGYT+j%E@gHm##!@h
z+`-tmB#a9RlhY=~o``ehBzufLD>a`1($Gu~l$FxQ5U4WtWSx4o@{mHDDC1;yi23^f
z>w@;IJmdiw-Jh#$C5nXPEG9$9(nuc|P3iFX9tjgSNOZf+8=4F7LZqeC{&~qnU*=xQ
zwxSOxU*l)?vYJNxu>Hb@5mJ)S;r1C>3D>(5f4AVO?JHA13;q1?RYCLjr|>ExfeQ`R
z-j_mR!SJk_OIRR(EPzg=<xBdmp;b}9l-Y&Z7piW3iC@1^IN?n6Y!|>5_Of!jYGc6Y
z<SDq~T41z&ys1<H=YS<GY~bTCJiHl+)t}JOx$#^-$=xv{>cjnM10r5DtB3JOHlTP8
z_*IssKZR+EC@a}Qn4H<4DFkT~rB<IxDi4m$-Q)xl=0`WkF$&8R-qQ@srB%18a}#`+
zVGIzbi?s(oNcq)F%+RssfE3p|o}VgnG5NlJ9Sum_dNqrSU6t3gxc$vE6V-VNF??4Z
z4qU%kHL=^|6Rhf;*46qrdngX@;=;f`N#(=vg`<>vu*6%~Lk86P==V?Nvu0}ILRGov
z5^>W*T%@OD`uo@J4lhgm6GmSD78Z{?Qfj=2s1B;aHy$k5bikU3tnczSi4Vee6S#=|
zBGacXW65b-;9Ny3&0WFoq{>w`Wsx70L_~!|*Ah0i;2qqjbI^7>y25oxA}OFD;<QZ0
z*NkPb-lAP@z@5Z;_mGkmaveI@Q1`DFBZai_5iNdFs$>E?uHkMof1^4dtHbD0kDu2@
z#aCO1@AokaB{ntS0T6(u%XmrqZKe!cER`!;V!<dvS_V^5^0jK$z_moTP`xplFib?t
zD;Qdsvg<R<;?8Hi0sYpQh+u-S_pH)x*$X(8r&S~5aT^p-nneq-S-lwbWbMeU0Ri=X
zaxQ04F_U3641fK4vvVkE&fR>6nd;>#-tzv;JQ)8+b@jM;y1{jxGk7kurF!??GrDCN
z4*X^Tg&k-)V^;V;M?_;AXp0lMt|uv2&dzHAg*kR9JNfb@v2PSV6eAb0TQ$`G;++^7
zviF>+u%xNu$JYI)`+&#e`-5FKJLJxxi(5}OgZ1EGr|;}}E`m`mNOdMklC+F*;v)g-
zl*t+60iiC6#M5hO8wwcOSO6$;6KXsl8k>uu?E|Q$;*Xy0U3R3&^c^1eL7|nsf##!E
zbwmEl1PZM?NR~R&<;AZHXxGj_no)r+8eh~>PB^)OnV4=5h}dM_Sd43Hd3Dg*Ub8@9
z5i!eGpl#AWi)=2pRe8HuO3N|RnI_OsSRAP1Vsu$2m>oAWbs}^Vl2f?9kWCa3BjKT7
zl})5I^sv%!0(3S%h^QpZjvuX3_c~1*GZM>^dxOI%22TwL?-Ohi=7wl$TvOrmMt2oP
zGvg!eW%06|jt3e}I=C1`ryNV)*HNN0s)da*jl@yI%M$tAh4=_7^c0I-R`dmap;|TH
z?}m#6_Spyx4<cXj8UIehXckiI26u`G*TB8>p=2DcATY0)N2~~Rq1^S<k84s^0Ysd(
zd9TCOES7-;pI2{@J4=|>b6rp<=C2sbx}r1I{T$fd*<E7kS>q)0Ox2pjFc<&(M{K(<
zYx}yf<QJ5mxB2rL;X1KOf}{3}Znibxf<w0FMWLsIC(<Gp|4Ov?AEddPB^oAeS!Ir}
zgNQ0z$PrM<91yIMKk(-SMu6hyq7Okr`HX|9B0Y)*K^#SOi}4^ta-Ydg7WdmKIK_xY
z+!g5iWGD1`8d&UL({vtE*B(z4U;h)1?@&QVFo_rhgeYm~&*PrY$q>`|GAubgB?UDz
z2PHi{B?mJ#1!Zi*BXBBweqL3Q^|1p|Q{}b`IjZ<8<rh_IA~!QPrvFQwQYZ<f2ti5W
zEpndno|T9EhqT`K&kcv*tO6V@nUm^qH{It>B821+zj@hhWb?d4)pRgui$AONjp1nB
zcx@3MtS@HyF;c8lU;VMs=&UhGYA~5C`AdPD@0}jcyS^OD{k8zkaDvp{c=*<ocrey>
ze)f1i%0$M`Rcc@wE_Pow6`aO-t1A}<ff5lD#9~u3UpfmX9jhBo1Ji=6fQpV~NDD`?
z6vhd)pCW_FPPFR?!GN<mW(r8sbr?h!0n>KaOdlaGHaw<R^{z=XIH%$SNQ;f?)Ew(D
z@)c|${mRl`CB0`l{iK-<U%I3^B#@vGdc#ObgDB=S(%Y3KhHJEtu~5<2jBHh#cPeNI
zNrZmgjC{S;9VeG$l(i$>Uw-#+D`a2F-RkPp;ldCeO8-?hqOOD^^P3U9BEn_aM5HwK
zf>=CGBc}e$LIW)Asx4BKK#4b8NY%Rb<c&Ab_8q0J1sPLc&U#&mV~dg6%X$y*s~wlZ
zqxLO@v)#;T{CL_lFdEQsmK}*ql1Kw2LPUmRp?}m{w}?m$Tja=pQ{yAjR3SJz8A$6o
zb%^mnmFgC7SuRC>>NPdES=aKmrp`?lM_zw@H{sg(?~jtP+(c>`$9}q)y3tUJBec<V
z2isB)@5M;GhnRl~z6OKEWMPnjOoeD~b`*WBe5cF@3wb@TNZqf+JO#}I;qXL-Fil~9
zN0~&<LM^pITIIxbUW37DV<~v+!_lGD=I%egTnIL4(N+F=6E2Y@RAGBpspOM)n^hOz
zE{oQzu+iK`7xKuJiUt}uN4BQ3Z`QhUk#%2RqOD3cHfy$Aw^DR7sOk}^;w_w!Uxq{F
zB$25hQ_104>Z@kU6rAAyovabos3xz=ylA|8_-fYlKpLleNsk;vp(cA*_n6>Ds_Jkq
zm2aCKG4g`WNlK~RnQ;{B&z<x_Lv&TyV%oZbb_K`)GuiPQ4TVg;RGvS=qj7paG?uyF
zp1Q%RI@40N+bJ?KJb*~o)F()WXD$U^;<11Cw`66{H*&c|0D(e2!NQQM>R|}GkdaQ)
zz+4|k5|!4p2kAzY%%)By=t9M>&Iw2Pnq|m88XhK>6xwz*jIbIyYvgBqU+n<W-L^Gr
z|FCx&sy`cYA_jtcVoD}QB>&@}LvXubduDr93s}0io}rqzJ_r^6990PMwHNq4p?YIa
zD}wSAu%~P;dn#v7dMcORz}w)SWruzupNMwW2U~g5%I{?^fL39=R7t5ka6@1r7S20K
z6UDB@&$mm*@@I>|jQVu{vj5&CNjO7J*Cj98P^vwc@;k6Vanc$`E+Dh(b{Y}dmt-w8
zQ7Os*VM>=QM~|vC{9dT5^#5%53c2hhXiYQqa;{w68OgZ-*p!aUoMh93VOm3*I%!J-
zD2R!=;~OMMFJiWS?HRC^=XDm%$7-;PQzVQ=`8Xy>KSyeoQ3x+bg;aD*qq_Yrq3V-x
zY`CbG1vSCmq@!&_$;X~`Nr_|A?rf!U4EkO2WB<SqDVk%NclO*kUq|U=I=HG-L-3g1
z*H^FT=-1RjK89O<v(Pm^UO+Sw>UeGp?aZ_a$%$U0nF+PK-Ol^N9BqL?=u`%5k-MN-
z6er{#d?wg!HFGlPT|8G$=4GacOncvcl+W-sQK+iL%rO#t$MFE++H$_Ly+#;CM@t#)
zYj~c`lWf32A2(<5z)$up|Gar@fQ~z4Ls~ROY6q9A?8uy*z54>K2%vVvnx;yObf0j0
z`g@>!!{||~Oo>z^Co4PRYz&t^Fy*)co3TIoAf7JPIjcWDu{A7TRAPp+lI(pUY568s
z<8j<Q>ATG1GF-nw#0DoHAWkm8`Z=DuYyq7Q9<E%jT45|%Bv}+I^-s5EpXB%PamoBE
zQB_Fhy7_4>JVzaeP_*^PZPa|}T-oP?WVm!e9K}Jfq6R}~<fld2Xe+We*8x|zLs$`;
z3keG8F$b2tQ>t?(-bBLHV#7DJ8Or!d$|E1w%&5;x!lS_w%kc6w<$W_>$HAz3x5I}U
z8=SjY!nhWsj6$si3Ax<VSmTE79MS6x9>WYC<pb3sN=8Thv6UHLMpXR@{oD<5qoBlA
z1KODJoM3hes*yBv$OG*A9++5wkQ+5tSAi7evx9p1!KeOiK>+eq6LMvJ&7A9La%H@m
zN}d35vR@Glbhrq3u)P;GvRJe+H3Ax{eRERo_CcW_;}bU}xk~eJ{`|q^AX|8FC>;|x
z!(ZG3s&J0$&Wq1eYTZ+vckpDRuLd_X-7}r&n!TJ3w|%dU19wRH+a-A(*1SdKNaheA
zl)4ux{TkHY$SbQ(rhFG^ACYKTscvr+EIjNA0YzxQ5P_p5i_sGRfI!#%mH_W3y-P1#
z&%!&9Om*SuBW;oL{C>RtLI$XcJ7gC5sR1Tee__8OH<0YGG;Uu<yQ0~4b0;q`D?2#}
zb*-~<_2By7iF3>k8uP);XM8Qr#Qml_L37i7C`Q>P>tj6sw@Wao3-$#$e;A8TXX6G3
z5Y;hi#xIP#*g(pw{R6ddN^NmGVSd@l_ISSQe6lLdw4U$10C#bpMG+kBzeNU(#dFQr
zD`WWG4(U?YypuZTUqLv{LGK^Ci<{6l7m-^!8_=2X8L7S2j|}!3J}W4HF)x<GFE17E
z#P9mvF*U>xzzPs`dKHoP93)NyPb5MZ!fe<@U?Z>OXgMuKhk_pw=QVIywNw>X{sq5Z
zb5DV<W--)KIE>c%gBC~|2$8{2dH?m{UBOz;{hiZKi3#WW;%<5y?1bt1ERTn%_;fu`
z`z{n=OQlLmgW34GCM1r!!XJ$KsY}50ZNYGB^Im4vtz@0~i<kW8-+-?2EhIck#t|~#
zWRFN=Zv(Zl%whc*UbK$G-c8oDTrSX82mgkrA<&g8OZ1>C4{9$<!&d8{bsieJI`N@5
zj?dHr#QzNkN7$~_Hz&P3;SwCTR5c{8Z*)9A_1Lc4!9>&RLX+_Mhw_i^tH(h7mh%A#
z-Cs)@a2;G|F(-4C%p5K%q&mM&jHwrci$sJD$4587k#r}=LuRy3r3v65wC;xpi7gqu
z4gD~#M!O}C$PVuVaX}gv5D9<7B|{8AgB@Sj!A$#WXQov3ad4%h4gQ4`f)wf|<ni2l
z6$ja#=eB$U&W`qyPUe^3yjO}~15HU{ristLTejzHFG~ZxdYms{d<p;B!?yliY{Hho
z_MBlW+W-!+hCG=U{s{{DP6k6&qn99FGmUVOV~id+A@O;N*WO4Ll5KWFo*ivX(#IY8
zqBx;KP}jsi_}ds_?fSkTGWr?~`dig)w0;B6;IM|PXmN(uVau{hmffG(9LNSgDiaj;
zZ;m1>iVA;JF7JaI4DJH_;-A$S{6B>_aa%if2R@IS@usfSRu5Z?E(2OodOJbEDZVcT
zy{OlY*F80zCN+Ib#5aK6W<H~B-lR&9$&N#;fz5X~a{>+Lbl-A>{j?YNjfd#PD7)Xc
zw7+EC$J>2fy+8LG+e>~Aa&`Cl_PX^lmFtVe(Q$_wTMyli{CpQ{i69d1k<MI<LaW`M
zOp|M?#g3cWNH>DhVOpp&T+lr_kh@Ocmw@L#c)K?7CVV&N6!{Y9?g7QqDC`1D;Xh}x
z$fLuG7~c$CpU{e<!?b0v_xSDh+hnm$pfmLF+yv8JnAvj=e#}q6CyThT-;N`EFfzIO
z9Qk@=x|hr^V&E0vzL9T1lEH$!2(BXGE(A3q27${i7se^qnPd72WpXWlbnQomtMxG=
z+B7&E*`?JmEg!?X!2`l0r!=Ga9m6bRdzaRB>~F@!aJ@Omy$!QBdFwa_>Gk*CEDA#Y
zevX#t!QZl8UJoQm7%2%Yr^XKzYLjcZgzo#-Z-1cTtz2%pAe`AFoZTEva$dlOBfp8n
z`pmpnfJL4KY08|*Be>W<R`u6bkL$E0ba9rdkZB{uEahb`^}1N$f{b7RZJH)H_CE>8
z>AeYh=bD}>$dhDT{;m>aDeEIH?F$MmiNf~$N|2j|N6TK{_ULMc*ut%ZaqpA+1h7qI
z5fxaGrHpk07f4OZ+CC9vWrs!y1~Uo6H)RS}Jt4}!S*U=7s$?!8((1w+<z!>^Qf5<Q
z2e5-yip;T$j*^{bD1NUiax5C_LbcKmoDyjm`_b@+MFXTU+#&HTP+tmKx9*2r1h(qa
zR(5%^Lnn(}dRH>9y>sZ)?MK>S)qbZxuN-;Q?7&=CFQeNL)}s%%zd~?|jm*%qT1nin
zJ%C-|q|(P~6O2eQa6E8kdt@d*T~M@PqS%p5M<jb}u$gE8zeLVt8EE5f1SRQmeI@#3
zmXr5Hm!mEffH42MG?Swoq?(~e4I0m)Tn|$KKSd#n9sq~VYMHQ5S}PZm86bL%V7NX&
zKY&5IMv#@j&xBR`m&4UW&D^pHGB5kguyR)KDzT&^PFix{Npu3e>XWVMI1yJ_Vkb+N
zVIG$i$K1ccaNY7}xEJlZZGhV7bAxtd0eR!9Zsz{hD9x2YkIUF9R9gbRXl{$`>Y!8z
zxwN3WG`~iUop&q;j|==2vQ7qNeXR&CWhM|DYqMVx#Jfh@y)j@u2qJ`34Cg&YOEIb4
z*;J+Y(#37@Xf8er#nb1=-g@`KWqPw#|2osz8h<&H%T`+X@MbiDWp|VaCsSe7XB?57
zQ0SdR6yn^Z7^-p98oDPV(<B^N2)(=GBd^<rW>Tx}`9O}UqsDVPEL;N*E%<sU60hGs
zWlNi>>51ezNvGX+i?NQ}?INr(WA0j)vxag~?^l-+E>eabi-+NNI-`lYB(=G)$+So~
z`cp6PNCfhXw{sIiFTKwARN|5=W@7kI{|a0`J8~%JV=+`91q^Mk&uk6vMgGhQPP?>&
z3x@NBeor2klxo%!xe*zwmv-@ptoZK}WR&++y0(wA;D3>{BRy=n8VFC@d~%TyL!a(*
zrEwvDi15U>!K8lrvX^?yHqZGN2C#_K#24r<SMxrg^^!_X8N-9F*8xTJLw33K0|J>F
zYf;?|%jj1RSF7%5FId-IVZS4r8HyO^lf9>BS$2P3;qOP+8T?v(#tV+?hM_)k3P8J1
ze*0<=iU@!FDpvyc(n`|w6hNY{Jk7(s;{;!UBe-nw|3nU(FtqN;xqQp~q!f(RwHI){
z!zrHmq!s6{1R%x0#?y1PJ-eCz!|RbJ>)zpT+vm|f@E#9uwj26%y9ssWxjQ}|9|bh{
zf2EV*Y1n3$b$9To<5xBZx$V(qSz0ez_#}?R<z?6N&o>jP(mI+u0e(aMzUHZ&J%LNd
z*P*7Yo3Rz_LY|EZn{L6Ms*n2<49+goU}5r8AU_?NZz*&>(-#ug9Gsb3#9}Fkrp4*D
zwH)%>8#KXa8Pu{@7|nW2iXOOK{mE-JL}z3wKI<=@m`JH%<diU3O^bXnFA%}=44us)
z@?9(t6XT$~;h-P`K0UzAw>`~Lb>p(FJ*9HGmcyckRvt#iKdVv<&ky-17E;2lYV{Q6
znnMpDp$;bY7c{)D&zUq8tm<YTlBIHF=bmFaewy4?od*$BY9qdm6kv}eIWTzVpS>Br
zA)VK^W|ldxJ<al4Z|z`#%1bfFa>so3j+ZU%b0N)W3sq&mW7&NSdJAIU%O)eWUDcjI
zMSd9#N7u@1a`IF)_A2P51}&>{vvNsMZ09Sk*O4JgP)Rb?z~XCXvsRH38z*q`6GhUs
zJ2{URyL;@Nkj`o1nO7l#GXZ8fDjNlF3qgmFT9jv`L$lI>RD@>+XJ(-8O_Xp`?|a{s
z*S4O1`7*mi;4asS-onDSodkf9-kYS9$%@Q%94JDsbxqDbyD2w+pof1XMqr8+zI}w6
z;A~~%BqwBHWj2`#&(=YQd%5WzMmv9dPZ>|AJ9ZSfdQ~J~6vkI!yDWqaO^8fxB+G0)
z{yID#;aUbi*km^cPV;h{QD`!R>p71_5ZQsu8bgv%4@00O;RNUjgqzd*tXilXg;?x$
z%gDf^?m-3>ky;`{B8EZzuAGI6+lE*&+scd&Kw%t-lygM7C)FXA*4KZL9emgeI`nG9
z#wwPG`d)hEN`nyfIftplV0@QV=}xHUA=*z4r=sDZJUgO|wG@xIR@2I4prP^m?PKY2
z3l8i{;Wk^}$dsMUa?%BvJSmsf<RZGiucVYbg|k6VdDKr*ua*2To|(zwmE3LdvXH+a
zfmM96F?w2-a1XH)Fn5>)ib8c1)8aH8R%xTec&t{k9(i;yy~@i>-EGLJrpMBiPsr(Y
zllyOB>57c--pT1*tKJa?V&Ir0Jz(#izkY0nKD;|fh%#}~=RSbzHgZ5esg%VrtuCV<
zIdO-5D{BHSaQ|XMi6TWJag%lmI<FYabH<}%x~6j^28rZr3%tD(_U5zw#|iXDdN6}^
zSFDpMEa@Ne@SWMKzGY0|Kb=Sb#y@+NAw80eS|#IzF>13U>6Wv2g9$y8493k`E$ZWX
zHrKmFunljVjyHJuoOdtUTO1M+@te!rSmBd_Z8v-FkWb?j^Ej`t`NUNbSu+ARq9eAc
zi|XB`>5DJJJ8If+Da)t$Zc}1k{GPAo*uv8xY`a?ez|WLi-ftVDoWk%A8o%plkaY4y
z-d1dSlpBN{_CGi?a4VZ+Uu?X(JNs4Mec~H1In=-d-_u_>!`*z}YlsiCl0B|-F<o6b
z$MfN%yx*H$?vP<{sXO;IPqn3V#N6}8Vh^Oqv51%;E3Y-x$3J7fK5{<%ru4wH6PR}=
z{gNgS$Gtn=`D8!!Jax}~Y4M^##ot;gfRcG%FMu-7_rIQ3KA(@bbJlt3P1!MVBEGvm
zY->kVfmy?h5Lf2Otb2WznZEU2_`Sz{hV4x7UwsUB9p7(|m=Pu+-!lWN)IrulV?A4M
zBCo&AB3N&LfR=aCSq8}<8yP*=<LZwlGSSRNHQ0yI%&-_r97Hosq%Su#y02kxL2F<1
zIDc94)4dzR$!%XIa1<6TG06Q2zIqsq=XC%x7G&Yoko+91BQ5af#UkP;G-VX~_DmV&
zhT*r&p*}?s%l$4&9929+toozyGB#?gDoa}L$e5Ot@SoA@9BI<y8nf&rE}Hk$Qg1y2
z1GV#K$IQ*FY?HXwqZZkVYZv7<G!~hR(<)qI&b)RKveMYbr%_P1M-9x=Wm&Kqa1F+-
z+Q}UA#nM^pmTB`VYwTt|M*aLNV$As*|H@^ACe6|7a-Gd%gj<FJ<amOZh18iW1)XN~
zp(gWc!(w0;K~nh7D9rI(CSPSv?qdnD?j!{R`QL1!sk=E!gSV`DLz4{u1Q`=J7TW=T
zTigVdAuUPjMD-L7-0yAyF^FvPZ&97(@p7)bkJj1C<+<B(c@Xto`rQycbX84vf(sh>
zN?dKAhrNSQ9<ze-Ay`oV?v^v?E1=H$O$MWm8Y|bslfQ!&Y^%^h3$rY|tESLG3DX_c
zho<nNf$D=Cj4!easn9|VlOnw9rO-kSgCV@jrSPJP`b7Y<9oDy;Z?B8mg&gdZf8(a`
zqKNuM3S%a+3n2eX0ON}mJT0<Imw#iX@RC6OmlVbqHF!SXUJ{iTEjS_nCY<~)H4K^X
zE|J2EJSs0z@P7VH7kLL6%ymQ`SN=^Cc?Sv1u<)*o!U=LPoA9oS0y`y)nD8!(g1ZW;
z?yuk!k==jfzmbCj^Jjh<qv3tP3M+Il@4|UPKRV$VS{Pe}6)G6Ih(22dcL7w_@V@)}
zn@sW#0n}`?U^8KZ67mbA;1Xejc5-W!U@{SdNOEohm<*9!2Za@4n3(WBQ3ZEpRJ>oo
z@cB3Y$SW~|Lxl~p$hpa3tVHr;P_Hn87xVu~qF$i{C*}VWM7=@_KFt58jCzG0Op<S(
zLQahy9Gq`oLQaho{F+a%hN>xI5KYb;*+;FA`tzKlkV*hEFJh2RE{zsUkv~HW6O}*n
z2j($fo(!fjU!DlYEv(O2A(a?rF`r%mwOlw)5p^h1Fqk|sQZS7?F-)+Q95q}pj~sv!
zT$@iXi7FZ)*hOv}DVR*oE<&J$8WP@zq%eXMERY{d3uBQVO9?}fzk?KPtRRjYEUX}o
z6zq>HJR*5~B?P}AsospV!Qe*MqUv`})RKT^3vLN<0p3$Sx(Vu&a>4_A<punEBV``#
z*VP82cqghNMz1#(kTq`$7cdP_w$`4-2<7#`)syjK5dHzWlbZ*2-)G%kOS^tiCv3Je
z2Db^_MmJDwgPXvVn|)+YC)9?UJ*<Ex)ZFt%7SbJ3C)<2`^hWFJ%?J3+U)&9v4Ul7Q
zTZAbXyQBI(GY5^``Mr{4xo|s5JAfT|O-v0{jZ8I#T<K`#?v;49HXiS8BeeE-5EDvE
z#LL~?grhdPo@Ta2L`>qI&4U)Qp0+Nkp8A$z7z)g76Uc_5UkvKb5y%B~&+DznVe2i&
z;p(l%;gqaxve<5lZ>*C86Zh!uPPV`%k624FLNModLBBQ?>gwp^mAK?|=+0`kyp<2x
zu-BVNP~c(@lvf`F5P@V%Xk3Z{TLBKB+Dq_~e;M<0?1ZvF4^zkBfvF&e`v@!-AM3N{
zgt0&h&}HTvHw!Mh&G42y%ZKURe_|zijO9Ie^1Gm$=`DVCo0}leZ;Fw#{{&Xl*W`ht
zpqu`Useq5+4KRz3m1XK2F<SzVWqcbz;RZV~5+%d*9yk#a#i!?-I`J00X7Egz<pOM(
zKA;yE0k(`622bEcYnV94PM`{wF+0aj&_wB&I44e!3IYL~JjIpvccD#*2=r^y=J*8&
zqIja0fDOPC<68fTh-f=jXOB5X!7&!k@ChOy+vEYRAPbOf+7LLa1ZZMf8#1RVAj7gT
zcmOMy1mKx9gwGlQSQ$MNXNdr;^q#4+o}!2hn!_goqE=WuJ?8KQtT7H?GoJueCe6VU
zUQsHnDt%|V0xwJ&vj)JdqNp2_X5R^|Xe1VmVMFX}766?-ecBwapcSBrHEF<{p#WQ8
zDq4>@X?$SF{8O0{oyU|hVGdS6DG(Kf2b^IoGL)Mr_n#n$CSb`JDo>gd7C-~aF;zSR
z#{7qV4hxj0N&yNK1<0a<fCx-9M(km8>H-FUC=>ReIdK7qC=uo%)0k1>IC-c7YXP;W
ztY{h_gb91doV<Vl0Kqh-&pd*n4w*Pb9;HB8fGUb0r~gZyv4Hp}ZG_x^mS6N14^;Y;
zJvwd^1?fkkMIl8ov@dsb01U{-5@CoiUdV}yQUD{OB8n8tfkB-r#V??bp~WCij7w91
zD$o}t6%`c~0Dxd&VS>}&nH8E98XXLakBj$<U*6)t7aA5C7wQw65gQSk5Yxxg?_oIr
z=!p(4fJtva+JM=BmVuXnx<RTze1NrqKj2=VZ-{mvdrW#rdY=6v{b2pBfwn=ufL|bP
zSa!H~sCqbhwt@9Pz986P*+E}GZq#~?{knm^;9gL6n0oMmOMpv&axA6#<Un|V|H82Y
zzd+p(?11(-^t}5$16_k`0e8T=!`j2$kmkbPK<v2mDEK+e|7z)ma7Vj=*)i!c=ppD4
z;3wN5=>hKX>EY#v>;W}jUI=an_5$_-q62XS)tx~Nz6SBZyZOC?=w}8z4de=v4RHa)
z4Zeb~0<i+)j{Fb&1}ry0>(Y8oy`QZjqaPpA8iX5S1<D=u21*}v$DqfvN662`4^qWu
z*9sUB$eEyp#8?Ar8M%WxRf^su9Y*GF3qx<J#X&RHGd4%b?C<REcwg{&wG*iQQ28`(
z=aR}2;|48V=GiE<b|R_KO%3i|8l6kgLljcgCZi91v`@NqTb|e9(}hmQOHI^do;6%m
z&C}gxJH+v7>`Pry<C26i9$`_WqKJ=Ag-C<6U7~)hKw}M{t?K?P9x+a5hw#^)DJUIx
zVV_8RpGm};dE5D`#XGOY8jIHD27JrznLF9bn~T3*=NleX_ZLq~OR7$2P0dpo>ua1C
ztKZk(JH9T!U(bJYPqn-Wokz7#;E|4|vdnT|7jVD?E3TPRT8<RS!Z$3<zK3`!LiY_~
zdV%SI@*p-q|FaPOKVJqQvj1-vLC>!qD?c^h8X#SW-w?k+euFuK=z{zPx`4a@bq3=0
zbM?ddhjBxw&$a{JL)&xjcMRkU#0~2X@ek!6=nbkqmp;ypL=Sooir=K)FmMJ?3@|GQ
z9ymA13XnVIKfD_xecT;^9!-9n9iJY{9!j8#;9JQa7@&)wTgM*7o=razzxKKjZw7sW
z9oZfbpbO4hZGI|!gj_6oSbCHlkO?4ZNNG@MaA{y>U~FJ`KTm$#Ty%NR7EpRDdT4q0
zRH#xAWso6IN}xkOMt<mAOnESJFaRh38~_3UI{>W%)&L^=gF+8S4;BlI2__C%2&@Q9
z0R;I6D;7)~j2H+aKg4%(<n#JX`LhD{ru!}Leu=vs`V;Ya?uz(-1zdmV^Z&sh{}<u<
zfA1&|va@xvvo>)0UnK<`KcxCk&HO(x=Kn`W0qYM*{nH@-kF?;w90jaDd^H3652XIT
za}+Q${ovj|t>+&{0TVqVEhF;}>HdfHr<wkLe)^Fk{P5~b^vrDkv!mcY*zAADX#XEr
z-v1=1|7*Vg!SR2F{r8yle@**;V88$WOA1(jX3xURLCa3h%*ydI&;Plc&cya#ckzG6
z1T)kBPeiaz!nkE1KWfM`?;!QM$P5;fC4Z1G%1Ay&`V%l9yHF6<#1P%%J^DC@R9;{=
z!|D4NGx^=pu1zB7+SMF^Ib6w1Qz~WG5(im~(~UG%vO$N*W6y4W*$Am^r~i^sp_{FQ
zV8n@_57Des`iV4q>C(RN_|M;Zn$@Yy!Fe?g`@b#G`-qRmq`$yL2sAlcrRg4DG@pqD
z5wtF}%&v>q`v$qWdF_ax2dQUem>Qh1&O@wirce*!ykO$4H<ZAP*L+=zez|h9Y&V)b
zue6HAMZgr3%qs@C=Eh4%&Y%aePdX^p#1?^7rR~9+gK7p!y4wn9$qyz9|EZ=`f?s1W
z>B4g~Jy9Z}l}b~z8|U8&Ig6;Eio!|+p^zS6Dg}EqlsjQs`a}N9Oxh|Z;k*pKEt(4H
z4Iq`geV+MM_SI4pv`MI}F*Ji3io9>`3uQsVya<i&$?{<jT}@SysydR!AC<_Jl9qxF
zN=zLm`N1QxP1TmsY`S&zF3GB9waI!%*JH&_r*C%hl>+Ez7n{7M!_!|L`Cs?vf4i~&
zwLSlL0Q!He*8jHz`hWJt|Aj#R&sG2X*7=X%;s4TJXP~EN{As@b?^YWNBLm}q2hbPO
zz4#MV-iCATyO`+VK;fRpp*s5gkcIqmp;*tz;dJFe2e6&jO;J&ALIR45O>v5&u99t&
zSHD=7*OqM7J!f?W*KAg8E0QuyRtKv_)~M&}n%0(JudltP;5Y*o?}o2qwz;yW-!qT7
zr#Yrunf@>kMgTh(N;@n9O27m|4h5~+Ts3_R4g&_I;^+jnoOE7MpBbOeh(_#)=G>-r
zcWekyRFHyc#XPPqOl-znR?%SY5PwOyO<JV2>u*;OZ4oje5W!gGoZHwCz^;ZFav9iV
zbNLQtHqo}Gl2^mK*qT@B{o~FTeg#+f@Bk~cvc6f$85{9HK15i-U=#dh#EMHSDUi&F
zgV8_}V;3)<93TGo`9q|>vu)X>Irj^6gid2eXN#~KJzLs%mY{~(-2A@yuk#)5LF;E_
z@D@0H-YJ)F_y<IOtPV}2<~lRRrf{M{&!tu}bHi^~Ef?fh%7J@IX8_=@ajdZpZhPc|
z@r>OvhQ&2KtnWPXD_T0yASN+|Hr*+)PAaidj@cNq2to1gEdFVk>93Hic(6fGyN+Hm
zf$pqkIR9Hj-<h>$h$uMJ;zxN*EP(=j_TWHLMhgt`0K#7Jh`A{x)HDGmk-%Bhf~*3}
z2v8&Neez#`65>nhqjaXY_+Da3-~@}<Cww?NO7lEsd!(YkvO@E1MQn{;=P@9(v4t-g
z)n2$U5F2L9i9!N>bQ7!X8T~ex-+~<atgDSRr<7yhPUMIUN?lKAhl;@NEb!p>rAQMP
z)VT(0-R9)*kg#Q#)cL=5=qYEr3U`%Z(C5YN!8m%5dlj*Zyak9XnBC!{fN_~sxr7SL
zf3v5L^)eiQWbGU?CsXz~Fym1dK<jhJEbtOx$be9lBL9|4=!Iq$;gUf))wD-e@lR5Q
zmxYj<MJ)#|QKWIFk%6o@;ry3gz06yL?HD*;icndEwI-1+%hY>*BDVARU^GLcF2-h=
zGXr-Qzy$6qT;CXT3Q-Q}D-FLB#Vp1pfR_&ISq7a+!k&@d>zQ8SEeziPlqm$;+u8tS
zU5I{}vmhMVYpMw{RiJ9mOS8yZ2;KmvP2Lh_3!-HX-h%nzmpn76U!jjv1(GsndC5*w
zz_KILfUb?uB}a8awj<e_QHHB6a^AD(+`c4ZWzORcYXh`Ahr8zGO!eB6GedgA`bM!L
z%QwGO<g(-C%(V&a!Ltc&n@h8U``~nmdpEneBf17-oA1@&J0o|hdt>H|?@nd|c?}XX
zYubjtA=nM%E87irT@2aKY(aGibe*T?|2!vakHb^iDe^okwB!25;?Bnd_Z8q%&?)gP
z)ZU{vXV(jP;<kfu1OJBhiMJsU<BvGEzazAehg+lv%PZa9yFG(vkMY9!nfw$GGsAo1
zwgAlw(<Rzn^0{O50QSPpQ}&bM%Ld^BbDP)e;aLFx^8YIDl=Lku>Fs=gYl+DQ<?2;4
z=i@=-6@cs^JN@%Q<|)7>?OTk|TLShi7}`U7WAaAT3CAlF+G_@uQ>50=J@4cU_BUG>
z^jowh5b~tdH4I@6X9xCy^o6h!yi3^5if)$R4f4gUH{}%fhQ70+Q@lo=?S--v5if6l
z$LhiV38YgNKS1m>X9wru*9&RZ48ok&1H%hz7Ff(|$qru+=mSC)#CFki&ofy2Dd36C
zGp7qEX1=@O_!P7k@s#Q&=Yi$rmp5p3u3c|T@9_x=Cv0}1(@sf1$w|Nybr$*ufceI0
zsE28X=>a^Umk#`U(0NBqx`szauU`HJ#}w#$vaiQ3P2rvDGc-8REDf4_n6T%bTJk&}
zb^`7R%90v;0DRQ$S0Q_Bcr!u?{qj9>5FxVULy5iOeFi~UN*iJ3Y0T?2infhJ-<Q#4
zv=s4KD~wrXi=1cnjh19+!~C0`LJ+gSyYkP^1OfJ#uH#dWN;O8X_^F&n@P#V>XYRtm
zmD&2PlDdKyxDSO|J66a8ofR!q;_Vows^?aWV?VyS^?~=RNQSSQ`KW1xw^*LRLLZan
zeW4Zj>7By#Ag5MMUuj=BPPQowwl#Ge<M+Bh*N2Xo;ZzQ+H9;xgttx<D;dS79o#1UW
z?ES7YoflBHajcme?X)WBhW)x$A(zHJLq^Y+!dh15ct=c{V}<5v_G+6E_1?F>o6}#@
zSuIRgdDYo2Jk7a}o|(rLg?9gV!w8+9cdDxf;a317WTC8&aD!8CD0@0$ky$E@EGo;g
zY1$kXdqKBoCi_F2!vMU)7E@!3(XhSU{s@>*^n+uaEUW2OO0SWfN@=YS6$v>hTw@6d
zSxM=zn8>JbRxuIL)V?T#kQt;-*<{SaI%1ZxiA&2LR-U_jRMnP=s@&o%jpCJZP`$Fr
zyokK}>dY^xytx8Zt87T6m1{&pu_R>WJzZMmkorDFm0hluoK__z*tbby%af&j$fhwZ
zMw2#qxmQev!bz(NU1hAVJDj|)TSB);mqks$uJMHhMWx*FexVGP&OctV(nUW?OXhrX
zX;Ft_<a5PL$Gb0c?C%kRlA}heqyw%oXSE_X8<$c5+O>TBCDZ_%#DeH6W#qe}NiAh$
zPCzW3T|m1_inalq_Twb0nm3AQ!<LhU^z@6^Lir1-UKCdwR6bOjB9Hv#6%<?Y>KHaa
zK2}~nl;L-}eKkKC4ekVUI<x>|tEj8EaahmI;ElZwH%rA-6dqKQBLGLzkS@vDQYRxI
z63Vtyu~P32GA|^tEbr@2BI)9(ibcU(-1_1Af<>_gUVGV=>h))wR#GSZ$sdmKMfD1V
z^2&5zv~<BcX3D>9<KQm`6xE`Gq1?@neoc<NrzxlBI5^yY)97QWew!GWTs<z)Mq&px
zOGPzR{GyLkf6WtlYK>1v&3=4cqB=te!cn$793T`IJmF1&ugYUoyJzPmdBrG^sT>M_
zG<3|w>5OP|Rjv2E^k93e_N|z%Oz)~SbfxFJL5=p$t9)j@kIm@p$f!0QY_1h>c1bwF
zUaHu$q&*JjGJKqOcAvIy$F`}Kg3sSaI;iaGQmsh0K91(ii3~ld5_|ZHRj{Y<=^~?c
z4RIe+Hmh=1s7eKGIC)5323H0S#M+2TaUVNBtNii^EyGT4)Xgzd`r9!yL(MW}+r%4L
zS6$&mWwlZ57<tl3nbazlC0mynqOIYgFd47EKh9@!8>4W@tYy;Zi^lxar*yvEGdGwP
zYSE*+;7LB}2;~@D)wh4IvXTgsGkkoxuryUiVVY6XZ+zF-!X2^l3in3Fs<{v$<5Ipl
zKO$-v|LR#$TBdANVRm;~CXe0u)o%!x)HJLWU4C3s_EvMy&oLM@+PwEZV#*P;Ce0K_
zFABh?%VI~PE^iI8Qxay}jPj<}s?-3!h_NW$=yQwEPC2wpN5}kAIn)!dd#vliA1PU>
z+7-&`%4vblc(!KQ%vUo*J#OoGw9ep$r#rW(h0K?gQh7<!dU923P#sTM^4XJ)pgY}V
zt_4s`ryJ7y-TY{&M)US!6K+WkE$wEVrqv`4`~zKUGp;%O<ya7Iw?8lnP?|Gqq6oDq
zU#&hH-_Su9%QB1}x*gJI>YZ|fm!0iz3Iyb2p_-|t37J4^%dtxh#?g``=icn?DQNS`
z>AQftQP~48u<5qi{bN|4`SG^$at;l7y~MN6fsnbVf^SQqS8N+9W?_#`8?oFa0_`;>
zwxVV7u2d}w%4<s!<yfoSCPo_NP9axbEwu3*eyj+MYz!c)FXj50)9G1#f5PZRqWPQ`
zxBVz_7t;dq$opq2S7;iqddQR1LE6KbS>oId@9rWCR;=cIovEzo#=#e<#w2NNKQx;)
z4X&$(bMWn&!OX}WD6&_yq%lLxy9UzHYQ-|M`5RNvcEH>`y|k(wYMLq!o+E_!IjyaQ
zTtX9UQd#>ux1|fMOI@y$Q<aaf)RyDI8J~TEM<^PQmmNu_$+?A+;2JNJ;rh1fwj~-=
z6VHMK56s*ckvWBGqGvB;M{Ag#&xlW)eX^8J24b-2lWvJx;|wWKw~_P1z7;RN-<aUH
zO}zM~k;Cn1-p-VKGg%CmqZFcRMh%hpRC(Vz&auCIoD@VBU(f0OB3-deiL&(t@%R$|
zWg^vS_rZEYk}T%QgVUqFLp;RC)|5xJiJGbt)xuBS=IK^j^D>C{S=HFyY%9CT3d)Iy
zdU<8b0(hwdG>RFFLeSN1sO9hsBNK&8aHtF|91Um9J%p{}uBymr|I*^X5l{z>a&|tv
z_EUfV;VNOn?l;DrKNT#L!<(&QB`zio##WkF?4P!ox8rm3Rj(r<nJ8Rglx~9#yF<7P
z`ZD>nl`JM?ydK}Q2FPsxt|?$B8P3Gh?AaqMnh{@3jw6G|M`y}suP>#Sfx%5CTV)i?
zjfs&;h=7R{10+AvnX%io6z7^;Ca*o(ZD}?73{nr_S^IuwpKbmh&3$E5T-(;=1p>hd
z3GNB*QbiS3XmEG8;BJKz2m}cvxVt+9f(4fZch}$qcXzsS@B6MKuV25>f4Wcos&)20
z+txl+W3Rd9q};H(Im*J%TMuKc_+UP(*Rt6`kGP5!wKhw94ymwFF?6<=#lUh|bV-oa
zVlQ^?9CUqsLZ-QYD#NN#Z80}~t;^WE^O050bpwwdZO8!l5EzM)ThQc)K4yp6wv@us
ze#pjH$-aYJyuX~*nZ`<PvYtkadnM8Ytr2In`6~00lKTrrCc@pi!4m+furVqCeH_fh
zv_x!3QeGDM0Q--YQ((U;`1<Qt?vb1spn-lg{Sq-LHowB+J7hU14`>vqu-Gjj=TB@G
zMp95V(;sXf{i+|~EHrre<x*VjrtfuUhr^3+<NnjW*ECf2D?sI_mB-u3RNfeV_N6@t
z=dyB`m!=p}L<I*KLMfY;VXp`a%ChXU#@uVFe6MG%Q;<K~mvbmAw!P)PN>{X}A$HN*
zY!j|KxIHr)3iQNiKi4tU&Kg?YID0steVHZs9H~CLOb<+wPumhNwTZm$`yeX*0`Pqd
z`huIiME90DkYzz<MndWCHoytN(Xv?I#lgMevyI{YB{jy0W1kvRVmfbKp|i#QG&Nd=
zl}6Q?Cz|NI9HH5Zs|P(5)^N=35B-jMf^pqcW{->$M~!s_ClPx*q@v^y*Pakjk*>Gs
zj`tjf#-w3(^C;z{3QwZl&BG<`%=wdinTsMq;Mk6*LE#2UkQ3#Ak?%I&^q+-9e1(5~
z)OX)}Y2u@QThYSmt%*-{bF&i9de%WOj&G!(|0Od#S_V#2{OydmFzATTL>!?ajANSI
zA4crt3n7Ydj`>o9Jk!5pwg*ReR_XD)3-!(!*5dmB5_}+ygOJfv*4;`3j?Z9ZZr`0P
zYr(*@1w2QNvY>mi2t}+y;hIMSk<{j4N^fUnF)YEl<0lG&>u29s)?`NZkKgpqIiqol
zZ_*+fe;mR-p2$k8degtNTpU8^*SYuvcpsSIP3U)Rf?5GaoJsau?-=K09V_sCXhKyf
zN1*j%v3%Adt@{p#>Ed%rh!-X2h-A#rUi6NguIT#&{3{bW{c+l<p(NZ46V?Io*C&48
z@8jxmbQ1>)iHjLWaFP1d-x<8vcGn*V5MTE>-IX$0&@*SMX$gTd&whOEga0l&Jg^nr
z5OtO%c*P+Rzj3V{UuoGs<8t)+d)k$_IlGqaX8gnc!quF$-`yzV_O*L2?;7oQ@$Zmh
z?>b72dtZ>>_k#)@$$Z7_z37|fPwU^~H&`^C=8E5ny#nbzE?soQR!bHBN{_V&Xtv5d
z^+4=<&FljMW8w}gd^1Ir#Rf?$EQA0bdp7~*Uu*_+F1nCOb!H7-xlIXnxylhYx_yMR
zBirC8PrKZbomH1mzIuq>eBiQL*nt7PPG@&o2a2CEfy<=4zpHll*}~&h{dR&6cY;Tw
zvCiCRA}KXDT6-zvl<dnbD=1==lAGx;zY?=H=^ty-Gl?r<bpNGudHdZfBa6pTInEEu
z?~8YH2j$kk0gCz`2K(0!*gYLj?he|8ZXvyiY}0zzBPcWbe38lO+kA$;^&m)7mGX`w
zO`~~bEYD&+Lq1e1)VPeBWd@g%FAFLVP2i+ObrWzRc2n1NcFwAJ-0u`Mf93MZaf{t}
zsd2-tO+iue_-MRJX=9|leN;X@YFFMSe)r<J&0<lI>P7R=%2TP&)^P#1s@B3=g{3?<
z=^BVm%WIW@sfALcoAuJfEjpLLAvr0QR6z24Wh{8O$;?X4#e&wzQ(gM}r0c`^oi)&D
zSL{iuTdr9aozI1(O8@bBRp0s7RHlpY{wo^zHK71Va-{0E7m?7BLW2_1ZBtnviL%Eg
zHJQv*^V`j9w8#Ftz;vN9`Hzviq~X%%T~n7gu2c+STo3LNH3g2tc~w=Tyk0yFW%K5X
z?`Z6r0%p|9MrNj}-tTjZ4+-B^&L+M_81=|;miSz~vzuP^kgscLX%>flB-wFv^mWxJ
zutOZTBN=t|YhY&(PJ7?gQ4GESC^po1${<WygPvvJ6$oBkl8Z6ZDuN+W@8zhFGP*4L
z0FHWDVklLouuGrTwFV=g!v2z2gWy&~gYI@?`HRURdu!JlE%Z~W(R_)G2w{a+FJ;AM
z-%(XQ*`QGYx=9$HM--5F8h?Z^e8o$&crPU#t}>df<yh}T<;dog2dJcW63=7lC9y#T
z1SSg$W6)^kgR!G!-ijdQ26anrDIODCK{UPJEKv4*QKF0zR(`QE5DZhjt$pW(*5|y&
zRYCfeG%*Z4Xhp(FgG4gSP5c98FZMdJLpP?Q3ho34XI>P8RafCB^aG34@fV&Z`6c58
z0q0VjC6;*&Z$G6^2o*~a^AJuH)nlYS)nhjSnAY=Za<J-|&4k0fs2;7{&v$n5EYceC
zDXark%Q3Hg(JgdVDa2DN#+&2vT+CO^s0L3lIvZoT6mqkaCG8x?y!We-!&|Z3HWpKl
z#;=NX<#;P_;A_l?RqI+2siVDO=~wTs9qjd~8~<j2g}=ncqUFuCzv<^O(XGd1WDQ9<
zVQqBh%-hJTUo}+$AC)-ADO3kkl&!l-1oH?8qisk=9^iE%pPc@BZVLE8Y5T7u%fAjz
z|2pUYgPZst+{?_8P(y1AqyLF+fMCH4AtxgfTPVeU#lg(Z_AkC&;NJrr;D1lT%*_6S
zy%QFB5Eiy`qtIpsa)Mbnf2aLr<^aK1he2#GR$q1?j9(T2`a$OVzvE&4aWMP0gIeGZ
zw%uPw{YOiGjUC2P{G;06V;ujYE&X!}{vSp<wEv`I)};W#sFK0|Lw5ZaZ?P_nd6+_*
zlLJPD45Jlh|CL!6#@zeoJp88<Y8Zd;-w&vD6=bd2DV{XlFs|1^nAVM?S)Z3%Yj<ao
z1NX4(oug1gd)rBl4|waJ2VfTPEqbmxt>t>|ri4-~_Uw>RqE8ZjnPJVr{>Y_8+l%^P
z!a>A+DjHR|qE3I~o$>|}YZ8*6Hyf|G*0Me5KEzeHIZ~*?*8l5NuGu%%=eJA#EW*!c
z@z629ZHWe`b3X63=5+~lC!V78yvIqm5-i|gv9qWGb3M+Dj3HJ8BC4Ye0Mr?W6Mb&i
z>oKpj6_uv2N?1Z}l-2Am8Z7O!;x*OOuecyK+r;T<lB?4X8Tc>4(#_(W^4lku`6rh|
z9COdmh`78;e%&^IJLvyw*Zik&!_SWMUj`k1chr9d9e!W4zx(pvIK^d5Y|WtNKZwa;
zOx!Sc{tvXbT<mO|e_zu*9W*zUiE6!@{=^<W06>za?D?8Zpn@@SG%XcRYXpAyA@Xx`
zq?a5KC@5<tPX((OnjYn1m#A9cmTHw%56z`5mHL(9?qpl;*t}LP)jCu>f|Gcip>DE%
z4||~TF-3^}-o^aEiOitSq@L$q^`xHF-s?d^v0!XP4#Aw;x;{qB{7D&?C+y^rXZszh
z&L?!S!xlHcDXr)BH3huqufL*x!J9PhX8V05Z~!BoKh%XX^8B#=+yFnZFo|v;{N7>*
zbRiX=Ha7dgg*ei|!)faJ9MO5GjMj1f!}-<DTZrx&6*zLksC#bmvyF}1-EuGj0jej8
zv{uqA>$O7{X$12}s!>@>6vX5Ov%RLx2j(@isyC5Q<`R@V4TyV^%zI7vv5<^CK~Mbk
z;pxdb7P|SARCIU9^+ok#*6mS}>P8vppkh_-xq_X&!*|HVldFDnyB*}3p!50Iq##fy
zvHrpK?p7#MHuKAq`dTk_*8;0m0b0SSMyn^~eEQ{|nWrgjFr6=|TwMBl>66paDLGwT
zP8~%n9pi!~T?5sax)~3wt$Gvpc2Hg3&Z8~QbZ&MxKA%LUPBpjPvfT@aTiBP)Bq_|#
zb&}Szv+}g+x=z#N9%!o}V+#u0sQz42U7eMmQC?LAUH?F6LQM@o3z7sP*413c$&N-1
z4k&qliqZFQfxDN=3F-AHWNV=y=YN5q%M5X!Pv*&4pR9R;gETkmXi7{?!hfJ}V6E?p
z+_S&3|I%}05wq;XgZE^z`ccD_tE=sHR1BQ^h&iy#qO-AHdy4VSJ*2fHCAWz=bDxAh
zt-8QTx}f33I~0$W+HKBK{oLc4GPx`D&5QW6*^N-?k7d;3_074ibbT7*Z$r(ME%(e(
zb%Bie1vzx$mS`U_sx!~$6uEHQK62hNb*F1)ov)n*&Nj@(D3Q=`&|8`+g;jCN8AH@|
zW3I+LXQ!M~1IS{)K*QH=@*9Fj37Aat==i-Movv`gt6ZO;3C~PKSGg5=W`iC5U1jgN
zFzMj)D;H<knUJqm30aBfxJ={K70$UaKRko4eL@bu3Db%NAn6v^>b4Z}R^?^X7PwVe
zR6C_)T=;{6c*YY%I<}YxNo*Y0(9DdFRuo*#`VAzvwlMJU!mGH%90j^aglA{4ufN6M
z#eD$As&jQ(UV9mdIKA~7n`0!X0M`Nxu5iL4+cNJRggq3kM{vTTTm1-)h?vQ;U$sPx
zXgtj{Z0t~CW2ovtG)t1Ol?%4BlXj&8HdPua-)N5Eh&gTK?Hle*4t%|iJq|O2R=E_w
zTc#}yxb5SIxjcNpC;EI7TPLuPG(gU{O8qv#K9A5&8Gwng8Z(msdfz2+g<mm4QmM(e
za825`8DG&Ya(gu=x=gU%`Hj6fqK&n}2xpL_&-kd{kJSR;67C!5@F6bDqUyAdXr2h5
z#nWFfMEua0&5!<F_d}@Xw8-$%GmX<3E8DI~_r}C$w5y~zL}mui!cL60=wO<*4nDW6
zZ#s$|iXNt3_F|I9DOe$|Zph?oDD?2G?D;fJ7720IlM60n^0`mDxx-R#-Qw>}7VtZH
z^|_k$^o&F*07G7BBl&v{Mw&pTxK%Sr_xktIED)z~HK=oF$Snco>xGe6vehG3zsWGY
zMpFCc@Royh8w(rMLM3g_@`~e{mqD(Nc_$g4CB!O!0W<GIuuQ%otv76*JjRJd$2@dj
zMgKxQ@hshSjo4X*>tkt1|GK{J6H3YlF@$`vZ>+a*RXJ1p6L^_l37ag_a!j8~mf^~H
z2(^n355F@ya+G{Q?<aBtbtA0Yw8MWCtl@tVoHO6o!kz)t_!2~3e*TGH*n{Kc7h?*_
z;ew1{89_iIWq!ACaO=woF@8$MnKz&cguNJ?tC%P{#Do$9)Lb~y7_uvWC0v<obORm}
zc!0U^nh$++#T&UK<P^b~RwlPwc3CQXwq(aQPh~^AUb4VKf%uzwJ*|?b7zQk|!6`XC
zP`pE8ATCz`UnJHRQxZ~&)R-^Xu^4}bMGRJdHvAHl;gJV!fBs7Mjfx<3t8fw=Q&wW@
zD~8ZUacUK$6d^MNvnVW$A_KyKklX0NyqQ)fbIf6JCrVm#yjTP?Womm&Rk*uWR|^(Z
zggy(ha=&#1Mhl@eF4YlX1I~%xHb!17d1;Ywi=mm*+drRxw=yTR$3CQE&f{5nTJ)GD
z7q?Z52fy~i;QK}q=keck<lqb-r5_q)8O?DIb$H0#$aH_RR$vpfdSN#rg$l1u@5W#H
zzEQHc5XB8H;Eh!Qx1&Fi1%yqaw6z-bV>U)B%`AcYTj6m`>paXQkL^b_3hHa*<5KwW
zU<I%}<=Jm@=E`f%miYs%n25X<Xyxx~;8`Cvi_Jq(%EjCCu4(L_=@Pleg2qf*nX53|
zun%!(r5@lKHQJ;Lur6h1;TmH;z9Y%&+mu@RUiGXtw3(Fq<zklilFu;9lFKZ{Zgw%H
zPd;g@2o&-4<I`9uhCQt=+AT;I-#zhq%VSBk>T&J+W_<Txm$3_9^|8>_gJHcT&Q|=b
z2I#Xxt$IQ?(s}sCG~3YI(DPxN)`Jl&-^KhnU+}Pxm|h0)7Uq)PHTEG*{WCYf9oI46
z-5YQC#sF{B##nF6MvP06yNG)<H{QFam+7aBOQgUjSB!TOZM+ubhh0$oL)uoet$ZjL
z7OccN+^8bIM1uv-^r639O4s9GGG5EBSwwBQw!$G^jNG+0Y*HMyZ25L8pITi*4sAW2
zxM4xizhQYrVGdKadTuE$*=@2f*=-$l>u>U3Qy#jaF38LOh6Vp1gEgG)+mhe%8@bBi
za}SPVfm1dJhL?XD+`VraBEOVRD4$UHh*N9VmirR<7UEL+rd_1K$g|U@hdwyBfF|@?
zv^&VLxJMKwLVA|^8~L%~R<q6O?$uMKCd^yLJA_M;COEIOu$N@n_?xmzi<>q}?@uug
zsh6@(IY<%iQ^OFj=-m?JUfv6q4GZ{|jow6xZ*n5)=VQHj$iVWo8<t$cz9zV&IW+Wm
z&kxrun-0IIcu1ET!uPTZhffZBso?{h{BPtrJ{%Z_5X42Z7l#OWp|@%L#we}PGFZ3o
z2;YzcjMm_;^-bZuzx21tCn8=FR*GSc(wia#;(lP`jgVM!#ZI9Y%+nFw{gN`|xfJ4<
zCGHt>;$YUT!1ns`?j_Y=&~7B1*hj=>NgRGO&k{!glto^uP?rie0Y@3-pc^>Dhil;=
zJ&5SSC1=)6&X<LJmqq_rD6gYOj|FauflbNw`<V~{4M?#8Vt?tdQ)0L~(iR7ep>EgO
zsK$#i#e@ZsK&<Sn1rbbWL0GuroLzXPMp)&@S3C~zjX!^OboLrqSCGc@%1jT}S7miL
zykh|wiy}5XUqv;G{1T;%(A2)OmScHK@7<!Df8TV#a0yrxVu_R$W!e2gRbhpELCVW;
zq_+zy%X-kdz95&q98dWO$mG;%9Ta-`80!e7V#jtB7s~L(lyZH_Nbbea>pRYu9IzNz
zQ2aYlHzdXIZgx;Iv*|O63wW0gL2nwq9t60iSqeC78+)z^?>X#AucTK6CndL|@7{$|
zB+p^*sBb+IZ4L?cdF}P*=T<vx&yA*q%#MxsMN50~vSvLF--WuebFI+aJJ)#9%ariX
z?UtrSc(a`q4(g?Co^w9o!^cdVpBx)Moh{v+yzAu^yfBY{a;3g&u2s#Up#K@#vm(lg
zhTosAuB*sDC17^Ww8(81A3K<$sHCH!5pj^31|9&MmC!FHr118nu0~bRn#$Unn&#x^
z@+d_`?}DtdI;=T}PEmMD3$O`fjkX*;L`5c$xU;hqK@E)aAW0A__orz_<*2dmHPWIB
zf@uuYRuB&Asc!me41_gSjBcJGiAd@SnyK?Nw72-YxeS{99qFEi<&tSiQ%jC>_uC}9
zSOy<bG)I;kxlNwq`=AX6v;+thO4dyH9XN_{qZt?3EN$F(7v~x%6*B%-ViiH#ndIB5
zAxGBwwx<o-mc{U{2F^)LG*^Zm!Pr}s<}p66Vn`QuI$sBZxOE1O&04HxuP29eT%r-X
z4w<bV7OxJE7<y3>sJ1vs3wtE5GczIWo!B__ne?4A#`%kgkTK5V>^>qSnNCz!(QafU
zdUPVTq*itZBo!zI+lh7F6TiCcT{z!UJb%{U2JMa^jEaXMu_yad?HG_A5y%bYW7iH>
z?7)tKH9A~p;YrnQ6h+z`wHfl5Ed~pN*|vM#8=I<{5hGhiFyfG11g8)(dIZhqqFlW+
z1?7gPObK6Rre7RE)frl&X;rHw?#!KL#4;M9XkQbw6jG0O_xW?yGme-QnAeUv57W~w
zYf;ZZDiB}Az1MfOye=Nqre4@RXi<u?d)wg9#1cm52d!Pu{~pLmS3IjQsJucdldKeq
zmK3vgS%xZgTvJV)RgM1*x7bI$MHZ9}ea_pBCB}d-p#b8vU1G6AKDJP^iMTF9rB|NM
zmBBb;P_-#oqa}a0osUb<RFPTKq04Ff<k{oQ9#Zbf?@<6gF9RPRTvzt#M+ey~*+$(y
z%`_=wNIne4K24699@LM^H?h=^RN@%Qqp(&Xp|QSi7?WJz^`g|NTjn?9dVgept}b^p
zt%H?$V6ae?R3BI*mCxa+Szw;v%rx(g4wc=bNX`|>TlDNF3{@O(bRDQL$E|A5_{3lT
zCZMffL?u?eia&DS3m#hCQ2(i=WtLg>0(}1XLcFHbSsLW}@Mh-QqUr=4J!87B&w;93
zork($4QEYxWu&p5-Gnoz<8g&5A7nyFnyp^5-=RS&mBo{SM%lC8);TqEMe)Kb^=vNe
z3mD)+m9H}JIsR@MH>IL9hE>_EA`5QEAXTXn)!;Q#kRz==eUhN9>W(9)V1Zb*!DaJj
zneW2EeH~N7syBC4co^<;6@lj3S=EED*DgFF8pIZy*d|vs+B|DIJdlFG^^wJ=N#E0z
z$Bxdv*}2k6n&?sA_qxnck(YFl2(ZMS<yzK9GZF#igmNF{2P%tU)v%_gtScfNCm6)<
zey+=HsWnL!pHu^qK(FDW2Ez72g-n}+%7}Ked>jNiFBc@~L5Ww!alKdmO)4{^oEEv8
zBur$5MJ<Y@A1^Hm!Ef^7K5ZZoCKHc2iGAObwB`RQK(C!tue_mlQoRNhrN%>Ad)Z9h
z7c7qZre!b$38eu`ZHFTuq9_M1&05p4M5V^}4Ir&az_IpIl%1!2;(M-%3M4TR-p0vh
zw*Whl03R#$48#fMoBUTuN+|sd#ktKwp-P3yx}x7E;rU~i@7^kY==l(4D|=V2mZIk^
zVxQRnwcncpcTc1x6q$RbbrCM62xNH*l_Wnw>1lrR822JwX@iaIcqhD~JX~kHF=0{u
zksAM!DQ`T+<;>uBMq>LQMgarLD3?j_?z04i5e+he1poU$gr{VII3HW<QhJD=+9_bX
z?R@R07wJlN_{>JxLo^_>YHH6c=kS!BEZg}efNltn6R63)MhgddRn<ivjn_6N?mmZ;
z=7|0zy=AfBZ08QCMY9}v5Ux}6rnN2}n~-4M#1wCxq_u!2pefyknC&uEG1w;JP#p5D
z?p60`NGyhHBFa}B|4c`3if?mI4z)_Cr!}bM*Cg9lW0_3&*LOc3?P+1UUB;bbHDlFe
z$sjq-49;G1r?TdckC!_3GDQR-n@h-xN#*%V_?NhCLtl%g6K3;!cHOW&=HK`<H<LdS
z9+B_eOv#sp&B-`E6doL7r(OMd*N3e-+bneA;yL$O@9Iez|LI+be)>TPEHcqK^sy!|
zbce!90j54Yoci)rx(nb{gkYk#GW^)PoDoZm7w+j23@7})eJQl4$M1JpJU{mB*DIe~
z4DI9X^H(c0Tt(mSbWjgNANP}w><1vt%|i)|B>e){`wbV=QIB;A+QR$~jBq#cYje)|
zzH2X%pkAV-^f1j(=q4o~BZ6qyKs^?<{qkbTifk4idT5#!2+=ps62+8F*$hV6DBa($
zyX{J<#O<rHxHW1zwQcts1=vHK6(cV+lx8e#RRFrHE?*7fjpZeAo{~J{wCLAU>DGVt
zZT93#1D1)*1)eM)t5>?9pM%F;9AZ>iRky?Tq%O15ZCN>5ew-&juBl+2xVd)ycs&4f
zBw?f2(Spt^({8eN@i-w?G|XJ@37}hO=2X|Gn*TXOh;5St>PHU<ZHrSil1j#>h#sKQ
zsLCrbULQ8LsB9)5&f727V(y6}hVKCt)5p3<Fr^R8nG7@vA3)SP^BvGnDEgy9*m{tB
z9BU@5QjK&ib&d9_^lb0K&eVzxs{w*rijmysIUN45)R2iQ#9hCMs@d-h4m;ntqou9u
z>N@sQ{G$i~Ayf@DR6-jPlFSS#neNYTOKR_rAOdDWaUK^C0fvVz#NGWvr;Gj4qsR3h
zZ#v{%D+|Y*d`7+b^0{<Q6jVKW;|Nvb4^flDH4oHGb+^+u?WxduJmH0ldW=W3&mWzF
zqF-L!dfo%)T$qO*aXd{9@}Tb?3eZ=1MX7F>^tytVc6(T6U_UgR9HXVZH(`IOZ&J7M
zWRlp$x|z)tlzhoBR?&ES_!!M@zWO9DfbaNFXm^~9n%KmF6)0Egg!QGDBp5T=NWRs$
zGAecCyuE$*bkCy$t^L^q0Y;qTGGf*v2|D_`tS>+n5F<U=scGOep|^y!=kd~<jN5S}
z^^21L@&n!Z`a0h6TIY+@{%h|9Ts`JT0%Od!+czVe>Us_8XAEeOpOlG8&xfd(DSZ>G
zwMqkXKWW2T1YcKauW#&dE@EveKU20vrkY*fOpxo^RhN*wk`z`_5+m9HxMw?i^<xUI
zxrM;#RWG3(yN4t)PN;H?W%@^Yrmrp0Pg1|r%ullJKOD1BZ#j3k<VrriUB>##y01NM
zVd_d&^!hcnG(VxC@>g2@^s`YD{6j967n!V<;Sne|^Ef_59g*e}BlW609OmdmPU*%y
zpONwOJ_P95jmL8%UZHcU@?{r1u^X#5Zmw{$N=~+l4-n>D4oZ-3d@VcC7|XaZAn-7T
z_EL|P_Z>9oNo+9AalB$2vozaQLfgJXh1`>iM>NwM%KcmG5ML<q&WUo?f-Rl=r?cm;
z#X=#<iyL5L>A+_CD>A0zej^jFOmfDTFqV|{Pv*MMGee9-CFn)KAYwAKpx2w*jyRc@
zXk(Y~!=$JJUR_bu%R%0?Oa+(PY{S>WdwEmSPYv%g8I$B7bWHAs+FgYL@1WZA*Ea`P
z;6kS-Qw)jBhrEexhE++TjE$dX3&KAcS2oLYtPwv#5blW1_vlPj0=2jaEcw-fZV!jH
zL3ER>UTG6(CS9y(X<sn5&KLdFi=3f=l0>=yK5vcrXBjG_uW~90YovRwG#q;hC-;&z
zk9qR&B!!yQRwkAhsKik%3`W#c%s->-VZ+jSF~pu3axa?+>|C!OO>t<P_ptS0wm1Tx
zdh4w&Ht^oUpHx`uVe@`5gQe5k5X)vTJm7>zbC+l+PO6L)^#P6dQ3$Np_mn)m>m$<m
z72~N+C6l~DGnSvResBj=b&o2t)a_6AE9QaPQnQ0u%AXQveIdh(WwZ8J$6`(K*lrE{
zsA{8~hN@TbeVl*K$@2iU<pwjwM~Cj?oP9^QopJEgkxmLO_luO_!S>f4r7hz{J(C$}
zQCptAYsQ{_1{<D{BMA`&0BWkuW_*d(*WXq;7%DeqJgm~GD#SiX<Gehu)ElSUnOK<S
zx9Sp~$<6}DnX?<_NA0?}N-9czZ0cUF$u~%UDyMRQdC+ho=Q2oar=zFwYS5&3y3($x
zk>hq+d%60viReMWtpGC5qOlCu+p-}f9|hQ}KCB9br+P6VqSf<Lc|Xk^;U=C@`#T|?
zQF_!mTV<8cc-VjkMksBBTp5qFX_FrLgpDjP&DYlE0|C2)JWAkn%Nz|6I+6*4apgTD
zlvu(JSa7G7Jwh;H^Et8k!#?)gj5(Y!8vv0zt8k1pINf)@&8LKfy;}mQQgOltoIId7
zAGX#G7=~zgP$DIEo3j_zL^I=|(a*@qSEs@X9}}>53!4^;R;OB4AJf|TcPAPOAj}66
zL;_RnsNc^Q%?_5&?DeY9^(Ee#K*I@)v)ieXi{=tzVsIvyO}GaIFATOq35;p2LUgNB
zV^gAprD}AawZ!a?FW*vC<Wd#Z)8^6DW8Z&E!4_yCxFBF^!hWknM<2?#Rvi_c6elJ{
zEt|T_hcF*U!2U{sDAzczu!h#m_;`_$;&v=w4t8Vm#|@-hxo!m;`BXMvyA@=`W#|?<
z6f3UUifd7FYsQPgOHwvHA#|=pNz(0NbkUmuJ)Qp&x=QO)5%_qq^Og8p7X}~Jn+GT4
z#q|T1Rr1-2p?L0j--~_@?+HHflMXEV$+26*^Wv*#d&7|m^1SUE_RW|x(YN%ro5RK<
zno{k={^`+=(w`ol8d0+9!a?K-hq_7wE;=1K0*dV{cQndI$2_v2kbHbZPu{$N9ZZ`P
zwNKRzHnZRMU4SB~^CX}wLLFWkZ*!ZAD$!C%^59Fn`n#m*(sX~Ey;X*R?z|@TT*OhU
zi^8fvj%sj06@j=Fy>5eSu5*U=C2QqNj7}PuN>-Ib)VX!Qq@UgRdU2J+v#MU!x|gJv
zJT_TU?_<Ie9FxT5Sjp5arg761%^{bjM~bm{7Fm~ofX+_J9JHw-D3nE!hbNwnG*vnV
zZ*_B1C+l=r=YtoEaJrNci*U4Xa;yB)Z56E?$uH0VkdyWo<Jds&wvyrCM$~CD24*G9
zn`Gg+TC(#3DG{s&k<4g!nQ3N*(1dbE9G-xiuPjOymtTo+X5qY1i&ZQlX)1$JQ;WLi
zREUnD!kK_tzNVbfi2MfJS;BZqGo7%CS^=tJ;KRHw&~`>A?W3ASxAJFU`4#Rg(^#>v
z@+>Y$Y*)}NL+GUfP|ZCg4TWLg?6Bz7b?xQO>PlI7ay-AS-a41NQ%WN@3+uXuUYzo~
zhe>?85mc?;bo|wxRV%TD5m6%+msx%rCu<1H%tum0R>Ze?1WqH9=8&){dBd|(FrqY(
z;i*b8!D#xvvcstz)ge%W;krZfRj39C&knsw8b=PiK7)3DIBCA6Rps_TbAMwoOj_kE
zv#=R?a`nv|u<bi!;AT~IT8H}ZZR~XLZ8gQ&($|~1{A_L`(L?6xZxXbI7tGz^*69m!
zyF6;uRZ3{rptpTSH5TZDm+V+!=65)E0WtE3DyWw1wL8O8C_Aa|)L7kcGwKy(Q$y67
zEc^4b%~;mQ0<B2hc9un1#g5b@f~CP;sF_)HIf#s*=_hTP#VQ+k_VL12$o1QiZ7dy&
zqUGhd*I@d%xfmIzaH^El+l&2>MMdq=jDstcN0!G1Ry4B8w@cgye%4h)JUFB~5xxbx
z!c|(W-<y(`%!Za4x7+Mg*GFBne3D|_BviuAwNCAA6@ohtxy8<)MSxfw#^m7!xkNjr
zUTwA-?PY5}mFTAslv})j&jgw!>Xj`pNaw0&7zcljgnv10iE7q-PDYLgPIN4ecX-sC
z+U3)}m0`Z57%5D@MWni|>|%*ZWvBG@=L2`GzHZl5p5g~f&ep*+xZ)R+V>G6|u67-Y
z`DNR~<wapNfjM>7WEJDV?ws_Djl?JK2bv!NQhkdEOCg{aE~NBF2U_5`vZ?-uWX^2w
zJzUK%4=o(o;Ws^uWM4&Al#b|zS({h&4a;Llc~X)<%ZX-i@m_!l_Z~1H%?tH(o%zi<
zi=Z~GfsuHTlTp|A`NXDVC6Z^8cE15X!wWOh4=VJ9p#cCMN~|Bd?QJ@?Qmyb7Dazsm
zHc0UV{0ix$R)QOt&N&{ukM>^Y#Z(|fzFlc><#y^_@2_6M@E>t)zwo_cXfCe3T-T-1
zo=LgU;MP(D#oHP=-Qg{-hCdn#A~%PSdr^6ui(@XFMb7C477OfTuZ>rL!_E1`7oPCl
zgQG}II<U&W`{3|7b1@zmrK*H08>E)l=u>&F-j%#1urecFE(ogr6nX<pOY$5s-gWf(
zK9IFBNnD+lY=;8@&(pb`FBF`7tL@rExfeXWUE*nTx^vFjm_4wBEH=rl*4c(r&eh0i
z(e^ip9)2tDO1is)5Di_NBirwn3pmK{$5c37ly{w%U&zzY-KWVo#nDf_w3>mN?A5we
z=1g<F79E<qBN|ez^={DL*g62XH9K>kSU1R=>V%z)_C4i`KeNC|-6)YAqSK!1;^TGD
z3qA?qFEtZSAFOO*ZCg#*l1N{+kKu|6A)R~?R5xr$XTNz&N>uhXkGEnYX-4UI1!r1V
zO$4*Z<o%O*mYU%M6WV(V$i3~#h*2<cIAH9^DQt@5Vc<wU+)9>KEwy&LJ)gEcJ4xbv
z&5la$D$u!tW!~uxXXV+w@s5i83NW0rE0wFqCN&|I&P4mbM5rdt`D!Ym6x1+d08Dg7
z@u(CVPYOmcO{Ia%6(weC7IEib+vSQ-acRa;L!OVVl;>(jwd1^>>dCvxyUx3$xuLmo
z^op{}8rqV+;P#T_FCJPNy8`kbPvA`exC;X<xBI>u%jBB6*XgVk&Xh%NuL;YCS{LX}
zu(eK4z}cG^Zg`8GRn$7QypdMw=vBqI(L_2}Smt~4AzEjw*2uMWwI?e1l2xq61aVDR
zPA3{SgQ(6vaTglzDMkiCJ^iqRDU+x}EnkY-J61%*i0i9&WghF5RRj}yvsdr!D%Kh?
zj|p$cZc5`qw2r~>R**l4XyRIhD86GK-c@Ye+CuEzIwom1t{Q_NAd#id)*lmT>IYT2
z#HMVCtttXdGYnngjan`RR3{B`euW|c|E7-o7Z%|!6w4o|mVY96gzc=2VfOzU33Zrk
z^A7=MFz0`P-uaRD_!oBP?-J?&HWm;FCfN-`D*PWL)PX<X4S$C_{7vQeui^gD&|ib5
z_<dHC{vCAZkFo#%0^9*oXu}k=VOrlXL2(#d2SA|>f{BH50bs)6x-j8#7<vbm`OOAX
z9{(}yABx)Cu*_!g-z3jDfiT5!nCkrxFZl8KON{-G@7%Db|8XD02K=-3|44p=IM`q^
z=sz^Y|0oUMf=Q|W09E}PtkB;w;Qte_gaiB!T#0UEpJf2slfVo25Y03e%moPZI|V)*
zol{{OatfMkjB%>=lmNR$oss|~bg#jOheVmEk1gj)8WIa1ULj~D_^%<UI|I-S+chPk
zzPBP)@&=?bt3<aa2H8~Co;oV!So{{{s;*l)vvk@$@y?aXos%Rq0+7Pr&~{`$c1?^Q
zg9j6#Y;|yy98zf+MtqJ^<20nJJH5Bd=MxexOS$G-IgO!AqAp8F#9&4xyRC*c5UtHD
z)blV=yh%iRE*h%7k*b_;aW(A0P$Z~IR=|WXp_x-ql3h{%s6J*n2EzIvE09FLL*PT+
zBzl^66!YS~aUXkR&GWnxg7n3<vsTmpF|x?v6#mn2@Tin${Db#zuV~+w{kntM|F6+R
zfB5o$izWI!(f=P3+Q8qF`1$#N^yvp2&dt%p6cy%YAXK(LFA5MRCoI|Dl;TetJFM1^
zi^BF_Hg=f1!u;nSHa3{k!5aLB4Zz6(`ZwiZDf|B{$H@-hf^GYM)CGY7TreO1hYbt^
z{lVt$A2wLJH3*iL{gVv{{I%Q<-TI%)alrs{KiSyXfIp9ejUDhyIhYCdI{T?ECmU=>
z|I@|}dv(Hg+mGwd`Qzf?2K>?&ZdfZnm1E=P;QVE5FnOAvpU1`xV^#j8E*IC&b=hHW
z;GgH29SB>^pX$PFTtD{@0A%C(c`X4z0Nc;)0$}p$ztrV~!P9<f1IW$I_H+L@*<daI
zR1P-UAMd(<%pWH^C;QK91p9gUWsN`}5ZBLh1p;yZGJha2Ck$5l&o;muT)+4|7{CVl
zxqn~)fa7N$0t3L{pU1|<&JFsxFI*fPzsw&O2PfCxo(FX_w6HdDMCIdSRkrXj`LR`5
smF(=G6h9jMfmM~XHMOIFb?W!uOed(JBlP!8%?0Z!H!3x?sJz(!0{???ApigX

literal 0
HcmV?d00001


From 8d8bcfdb8c2623f155eb2a757eec688818c0e80f Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 17 Apr 2022 00:26:14 -0400
Subject: [PATCH 804/812] Add suppressions for Dependency Check for CVEs that
 were examined and not exploitable.

---
 suppressions.xml | 44 +++++++++++++++++++++++++++++---------------
 1 file changed, 29 insertions(+), 15 deletions(-)

diff --git a/suppressions.xml b/suppressions.xml
index 4094cfce0..c2e2b85f9 100644
--- a/suppressions.xml
+++ b/suppressions.xml
@@ -38,27 +38,41 @@
         <cve>CVE-2020-9488</cve>
     </suppress>
     <suppress>
-       <notes><![CDATA[file name: log4j-1.2.17.jar]]></notes>
-       <packageUrl regex="true">^pkg:maven/log4j/log4j@.*$</packageUrl>
-       <vulnerabilityName>CVE-2021-4104</vulnerabilityName>
+        <notes><![CDATA[
+            This suppresses CVE-2021-4104 for the log4j-1.2.17.jar dependency. ESAPI's
+            default configuration uses ConsoleAppender rathere than JMSAppender and
+            thus does not use Log4J 1 in a manner that makes it exploitable. ESAPI is unable to
+            eliminate the dependency completely because our our deprecation policy.
+
+            For further details, please see:
+                https://nvd.nist.gov/vuln/detail/CVE-2021-4104 and
+                the ESAPI security advisory #6, "documentation/ESAPI-security-bulletin6.pdf", which
+                provides a detailed analysis of this issue in ESAPI.
+        ]]></notes>
+        <gav regex="true">^log4j:log4j:1\.2\.17$</gav>
+        <cpe>cpe:/a:apache:log4j</cpe>
+        <cve>CVE-2021-4104</cve>
     </suppress>
     <suppress>
-       <notes><![CDATA[
-           file name: neko-htmlunit-2.24.jar
+        <notes><![CDATA[
+            FIXME: Once we switch to Java 8 as the minimal JDK, update commons-io to the latest and delete this.
+
+            This CVE is path traversal issue in FileNameUtils.normalize(). That class is not used directly or indirectly
+            by ESAPI. We are required to use an older version of Commons-IO because of a direct dependency on Antisamy.
 
-           CVE-2020-5529 is for net.sourceforge.htmlunit:htmlunit, not net.sourceforge.htmlunit:neko-htmlunit.
-           As such, this is a false positive.
+            file name: commons-io-2.6.jar
         ]]></notes>
-       <packageUrl regex="true">^pkg:maven/net\.sourceforge\.htmlunit/neko\-htmlunit@.*$</packageUrl>
-       <cve>CVE-2020-5529</cve>
+        <packageUrl regex="true">^pkg:maven/commons\-io/commons\-io@.*$</packageUrl>
+        <cve>CVE-2021-29425</cve>
     </suppress>
     <suppress>
-       <notes><![CDATA[
-           file name: commons-io-2.6.jar
+        <notes><![CDATA[
+            ESAPI does not use this jar directly. It is a transitive dependency of AntiSamy and (as per Dave Wichers on
+            the AntiSamy team), it does not impact AntiSamy, and therefore does not impact ESAPI.
 
-           TODO:FIXME: Not sure if you want this suppressed or not, but suppressing for now so mvn site can finish successfully.
-       ]]></notes>
-       <packageUrl regex="true">^pkg:maven/commons\-io/commons\-io@.*$</packageUrl>
-       <cve>CVE-2021-29425</cve>
+             file name: batik-i18n-1.14.jar
+        ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.apache\.xmlgraphics/batik\-i18n@.*$</packageUrl>
+        <cve>CVE-2020-7791</cve>
     </suppress>
 </suppressions>

From d34beae9860d73df4af38f1c495c669b06ed8694 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 17 Apr 2022 00:27:53 -0400
Subject: [PATCH 805/812] Change to have the creation of the changelog (via
 'mvn site') to use a property. Add reminder comment regarding exclusion for
 commons-io library.

---
 pom.xml | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index c39586cc3..7820d04e3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -251,7 +251,10 @@
             <version>1.6.7</version>
             <exclusions>
                 <!-- excluded because version imported by AntiSamy Requires Java 8. We import
-                     the last Java 7 versions of these ourselves. -->
+                     the last Java 7 versions of these ourselves. Remove the suppression of
+                     CVE-2021-29425 from the 'suppressions.xml' file once we move to Java 8 as
+                     the minimal JDK and start using the latest commons-io file.
+                  -->
                 <exclusion>
                     <groupId>commons-io</groupId>
                     <artifactId>commons-io</artifactId>
@@ -788,7 +791,7 @@
                     <dates>
                         <!-- TODO: Be sure to update. Should be date of previous official release -->
                         <!-- Exact date should be in previous release notes file under 'documentation/' directory. -->
-                        <date>2021-05-07 00:00:00</date>
+                        <date>${date.prev_release}</date>
                     </dates>
                 </configuration>
             </plugin>

From 657c2a751c0b8dbd70b8da1bba246d86f7ad3b20 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 17 Apr 2022 00:31:00 -0400
Subject: [PATCH 806/812] Misc cleanup and corrections.

---
 documentation/ESAPI-release-steps.odt | Bin 168476 -> 170237 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)

diff --git a/documentation/ESAPI-release-steps.odt b/documentation/ESAPI-release-steps.odt
index 0e55259ae15648e8fd4a4ed565711c9db7e95806..b076b21520ccacd49a516c40864fae74bbcd5ac7 100644
GIT binary patch
delta 51707
zcmY(qb95j<v%niC8#~z;8{66>8*XgdwmosOv2EM7ZQHh!4d34Tz5Cw1{m0Cynx5*a
z={kM7PR}o+0QRF67Ew+T90DB#1O^1e0XIe|7Ev7WzwW`@f#VRoARrLDvBru}bkvN@
zlq9iTga8MlC=a6`FOLKtn*hInj1aGiD36$!q?oj_l%l4hq?nwHyoQ3LnyQ+ZvZ0ik
zk+g<|l(wCkmXVI0j+TMBx~Yqis-%&YnxT%qnSrL0k+Oq{mZO=jhlzr_shXFSmYJ!!
znU#Z;y{(mltAmx9y^Vv5gO!_`n}u7Do0q@0FW_zMm*nLa<P@0T6qMo}9OLsR-ZLV@
zH6qt5w#e5`+t*qz$kp86+bz!9!q3My*v~62z$rG^Gx3jiYOqu0ALq1i@4QI&;&`8c
ze=X=wP-sxlpNOy^|Ipyj@IOJ};o$+nae-lR0THQTk+GqXX;Co|!7)ieF&UAu2@&z>
zKy0voe0X4NWLRosU`o`Vn5fu<*ocgnp!E2N?3C!_l$1Zo1rb@bDVcfMIq4a>MG5(J
zF@<dzMKzfvby*edg(>0r$uW6p@wu64rCIT%*{QYJ;W^nkIXOxBxtZm;iRJkjjd@YE
z`SG<y>2;-<?Zxq}CCP2&>4k-bc}1m#Kxsi?Nm*%8enn|vd3kw3MSV_nTX|J&Rb6>e
zO;b^AYej8+MMGOvOJ`kWNmETxLrrCSZGKxrWoK(;LqkJ-Q)^>uM{84kduwAyM@L$9
zZ)WXaQA1BjQ-4)UPkHB5Nykh>M}KYSNM~11RnK&F|3X9WcvnwP)9_N)+-`3bkTKX?
z+|%CB)73H7S=ZaswbWm|GEluZ(%RG0(?2veFfuth*f%~pFfuYSFuBw}wK6t2H@z@5
zFuO56w=lV|F+bivKRvcG)xSJDzCPQ(K0h|UurRx{HoLO5zPhlovNE=MxW2iwvUj$A
za(l4Yzq2%Pv^IXeIkCIGu)DbqoNO-~?5<xOEL|LKKAf!`9v<!;ogSWCoF468oE)BC
zTpV29AKg5k-9BC1zdT$W++Cf&UhUpo-#p!&KRrF&KK*_C`~LEH_xktg^Yaq~1mx@M
ztNw-J0R)7rTU=N`$!+b@8_tPz*<EL?NP2!jJbi7Jbg#AziD5Ykw<F0FFa=AtN4riz
zUgvC8^v^i#s}e&yFZ|P<wwpE;Cf87~BEd@lv%_eIgpHX89lidFr`lQk{n(5`4E)=<
zC`Ii#Yg}Q)Yu$N^#DQ`m`R_Xo&f;e_@R;^<CwBYG0z8oWmggxDEXS`m;LEYA_zTP6
zZ&rW}p3{B~F7zhn$&dgCfY@d~6ZwC2|F7zO@Jh7$cBnD8Kl$$~Klh~V!yC}yAau?E
zd`_D72QaYeymhXQAJVn8yLWDXRd;V(YXgUpb$6~lh9?cfSy$KG>$a~49^H?T3_Oz@
z9v`2!p37esZMT-T+bgf@*`Gmw87961)pUoSH~ijT_kaJMf4J(lT=QC<bQ6B~-=;^O
zRa>7_Utw220vJA}U-iH}fcN42(JUeR;c)oce><kl?{mG)XY2Ewul4C}Vo8yI5!kNo
z_+lwPIS<bKc){X-Lw}zvd^dgj2v=178Z&(bz&(+&Y2Sx{zq`>N7oJ;R&j3*J)%IEi
z%maJ(CSR(6>v7>SMdCS7X48?y`*}ZH<@HrtoBfgs=h~zC^>WGoT>Jc${@ISy>3l@@
ztQ7qz_NsG<|Mg1n*xb$W`0HzLMfL%BBFz4I=eqD>M*aP~`&{+aR`Ydb+w<x2`g3w?
zllKss?^f}Hfts}YGYRE*3MfXL{1-b<m&-BIS9ACJ*E0qG?N)nr_g~fC4_)vOeou+c
zd($ht)vkc8@mSTj?q^m0`7egi*z*tB_YeNV%~07auVIR7L8Q(P{BEO;{rc)|XHveq
z_7B&uF{%fbhr#@7q3G_z;_ddEF6b-zcbhM3xaTL}X}j}n%W%mQ*aGe{zjD47#Ewq*
zKUUg(&M&{r-g%$j`{Vh&Zi`=SKSw+PTL|ylYajiqsNW}C6xT1=&re@(+ShN(uDaI%
zp&+h=#b?x3?Lzliw~y%;;B&oDe=<8T+DF*6-zod^V_CK9wm3gBIlJ5E5~<7QvGloP
z;p<HD<MW?>ksmmD*8Mw#%g}u{#{qo3hA($}TplKOFLb*kV$Ll#F6#iN>8jf;PiM=z
z`H-q_z{A?|mfPP+tgV+Zj_R(vw}c@b_sXxw<gND)j_S|e^M6l2UsYcp;&g%1uSB1(
z*5j=6Zo9|H<X7Ep3E9py;J)>^s`H`Iw!`a@hLoWbaEMg-Or21w?taQl3-~-a4EXlU
zo)iKcBD8f>{k#p|_PTuhY%JDkbLp)9D9+D*vHFT0CiKy}TeS3M8^1oS9`w-xPgdmr
z625D%#pP%5VST#k_WXFey6mQ5|9gM?hA31BWP4!c^aJQW40WYCU7ao#IjXhKyKh&N
z-n+H|uM5BBXfIWl{rM1ruKU;Xkgc!Oc2mCRrsz%Am;2FAMcdXFA={tZz}GAxFg@*;
z-+-%IFR=`;Jt@#OIX)a#6MF2o*Wl{f@qbzJ&jRyrCikvo%jeaPH|4U=y4ya7+g+bh
zU*li9aJsJ&`KOOB4S&y1Ms<O@=BESW^Lt=BGo|cvEgL}P|J4G$`4ZoDJB0i2vHA38
zBhs`s+8zl=_V$o(znzVZwU55oI=tLkBpt{n^lCn>j2vj<^|8|HdW7E_ef`49HqCR%
zcRe%nJV1Q&ycYl5IS`Ap+OQwqd)6`owwDZ^rg*~m-JV}`Wg_s}uB)15J_{$b?STuF
zH7Y3{k>{?;byHHLGDV7WQo!<z4(V$Lsq1nE<!+t=cs)ScdD699+P=+l^(Sn*K0)f(
zuZpdWf6gJ)=-iL_{YCjIt@GQe%Ujcn%z~q8!`0!q^7#j_LvUF2cEx>az44fz-7$Y|
zX4?t=d4hj#`_(h*Idt{YVcT=-575Q$ctVd<&ogxeeKiYQt~Zf&js%>wnpSDKKRIT5
z9ywaI3T}6rdQ^l~WwqXMy`J*kTU|Ty%F9M)6;+$^{a$~_@_9X_*-oPK{#XKid%NF2
zpf&)o=$A>Rl`LC^b)AB5v_hms{Wm;7TX(a5Sh-6DH*FWG;)`4k9WF?a0ED_i)FAm5
zg7O#`KU7X0E^Aw(Szx<{x4g1PnBT3vJfm(c25e{xl@TJOsi^v~bG1Rs;y`Cyx(=C@
zwA<9Z4`oZb{}zq~Y=-YI=R4T@Zw7~JZ}bEUx#G4Qwq3w*tfp74rO+8<cdpZ~-;sD^
zX{8BSa%|YL30sp^>|<d!09FWNxV!3+Dx}=313t^o-h0h3#M;@NI9=<GtG1_l%>g`t
z+FQlYe4c;dJDlB6c=Pb&-$Qc(D?J6ip?E&v`g7}SA*|2y%U_5~jYOaPjqM$YDpQIH
zNHaAIrEd~>$WxZ1HMDm@$aOaRj<JxVbc}E^O}f=gE{DqABaG>63v4N9NlamJrf9=Z
z`7e{W>|ZcQ_YJ1BEv9A4E2SvFDCt3Efl$PS#&xnAL|1K2pK|}`*&^^LU}%CzGh?9a
z>#b_})e<r)H?Fr818p^Jd6+jBjC35HE@s;_nP;pX^p{>+GdMQLF|806%6}x4Zq*9q
zyl$ns0+OuISY5sB24JgZKwKkHQ9v0KkaS0AtLqb7$IGZ^eU2<?*qsNZw&BrigK+(J
z+kO#TZ_vG-m_e#X+(jWO*-RrUG@Puwn}!ia`ZSH`NZ2}mIx>4)YYT@HXc*>0BGgYq
z-|G_a4C2}knY?ni3H4EnNC?wJVZ-_6fGBMK{Gzr~K-2<P3GDm~jwa$VbGxq*ReF38
z8_3htw%4BcBh*p5TqSY|1!ZJTFp2I|5a1P6k$H6_?}Ot{+n3sri-X*|5h242bCgU+
zQp1WnSy9hxKVdt@N6#RF_H_O513$#<mz5dY8>#=B@3(HpJ!{J^8tQGa{U8in3yYsc
z1w`_O*hxF3w?OTR7f*bcEG3jLa@os@l-JdZM8MP;!q{)E4I9R+9d@b^bN1CC>l^8O
zVu{nTO9#w7_F75FH0h<1)uLh!ck^`nFqit?Gj%rYdzvQPNEb3@Y;#-$!o*BWY7LXY
zA0pvO5{Yrjb!FJAe@P2HTF=aGv+iFs)IXNA)My{mnSlGbuC(1J4k37qhmctDj^Wmr
z97p!O@8+SZ(Vw~(K8j0Y<RU*og1|#ZbaZ4RAiHk4iFJE~Jas|>FQAbCf4ER4id8A2
zCs+5fRdy-SKfyu}-ftzwF7DA{o#N2lszwDZ78(&PG%_qkq!6SsJ6S&*RaU+;BFhZ_
zAaWNK6#%qf^p8;(cCbK!Qw({fE<da$%+DZjDoQE&EK^WprCw5Z;|n{VS8O>`#gY0L
zfnS3538V6FjBdDMU@0K=_z1It+FM9o{RL-1Kk!kTI*f&sIk*z#e@^w61XzHx65vf6
zE0L8KEkKB+g6PwgW{Tl?$c<_|<H80-1%vCevjOe|JuPewdqyhKv_l-dcytght5oC7
zADob-4~ko~$>ZdkP|A6c{m~b9`w2NGTPCZu5*4vpN#7w8PeW$q<=>{|O{uxFVPL|~
z*O;Nx;4d1%Mpk!jA`@F$7On5Y*pPeXkas@6GjyK7Br{n_eOohpPrtS225B284kQuF
zjsk4MfWLM*hgOJsVkz_F{i^uW6z?Joy(us>PgL|n_|a7-wG^;Sw|`+!9iht&w@;zL
zCD}25M3Xw+wzX+5d#2lU$sBj3sM|AkHrnv$x04Z0VCt9J3Cu4Ib6BoaRvNbJ3^qyX
zy37v|^44FdoU?FmTK94dS1zzyiuUU(uK=Y=)@yZtxU%7PXfSuMkY@dSgHo_=Tq1^&
zk4S0w>({a4tk6u!ePIn)zCk$T?_1}9AKp=}`O=iSNoab3<ZQBN<k=Y+8LQ6rY@#t{
zsr{u?ld|G1qAp!YWzP^V9}9$4qGQ95oY2h($7d0pRZ?{Fz4w+mu=<4cWk~AIN(4L%
z`r=`%lp`f@qbZv*?P$&_K#wu8SP@Fj!c1P>Cx5*NS241&WM`8^SJ6r}vcbfbSp#Dk
zN}_OL%edu^<|`$pQl#28y{xQLbR`YXlE1Q7)+lGEWJ*W0nxJQzNL(Sr5Q&*}gV&fg
zcu-P5m`bDim5Xr9d#N$Lu&4C`dw|-i?Zf@#Pg(73aGeRg(qYN>e+%_1V)<Dd`&y|3
z;?ea2_N?<jXH1JEm<~N13aXwS*FEf?KZYY)^RdtvnVD7>Sj~`y;)s+f?t=}Ucri_q
zSs={`VXmrPQKx^AdI$7t8pmD?JBQpU(m_wE&z;<Pu|R5#T=$TX5@D};{{lHXQF%g9
z_^AUF&D8OPy3BM?#*b+3ndma{2K4#;BAi9#avV*JS`agG6v(VQu|v@4Fio%`3G5d}
zjb`X`$T+JFpvQ#DRxq?-mqMcf@*t`R;#)(5nxFXr3b*sn@bc72<iq)4((Uz^W3=jO
z0_X?i2B!&AzpfMzXL`GG3IJJrKbArY140~ms<3F#Mz`uOJBJUQI>#UFIGR7hmi=5%
zPg0o@($d#B8xoZEBUSpXTj(_xajdHx?F0PTgX-`Q!WA^;ED+Pip{zZUI*}6xG(}h0
z(^}*TiJs%kRg-G1XS*dEGm{QE8x10(2+rdX%i3)stCCK!NQyN_8v(jy>c_JZ#9x!E
z70OZBwp@*1X~$wsqN<A?RKFVO>2?b{)X;B~gDTIhrk%&w<kbt6EC1~eRuL)mWSkN>
zW>I=iz*tC7Ug2G~PrIVMB{umAjmTXM5Z|zId;E1#x`@>#5Hmi5t^)it$eSHTRi@w_
z22mKW-d@&|6CV;zV1X>{&eq&&C&oU}0HSO$9Mg*?YX$v*^IShWO$NzM1kt)cf=0@T
zOD@E`Ag(QhJ-gRuGKPIY*XZy%gUcWbRN7ya6a#}bbLIIZ4YRXNm_-Yv@FGFq$RHU5
zaqutfnc3OX|M<y^P-t*tO7@S3Ect!Ll1g*7yTO1kfJP11@&W7?ksypV1w*}Rg12l!
z`C{(OS#r$ZoP}fS$|){`6#9KboHw_AJtEh+w9S%`Zb;YE)ht30K`BT``5Eo{JSjSX
z4XLTqa)~HmOh~8E#X#<x%Cb`wn=uVg{fezg6Fcnz*~f|(hj9w6M<1YBMPp**!YF<W
zJ$H~ubjX2qH~|ExW=?97$t=vw3p=!^ATMg(QU1+gwU{&cI^#m}@k-*0qn~K}{yHrg
zoCIt`WXS38y-1L6fYsau3<3q_#jG7lH|$YBVAqQDY29@$>ku^R@A!^y*-nK58QWMc
zwIee(>fNN+-?8-D@rUB6EH3T!sBO4RLx@kIsH0-!J%HW{{uw0a7Iw7~8L&k3;xzqR
zGoq6_dkVi?Gn7_b9%O0dvUB6|*4Ty&>ZUZ6evM4)rDRQ$N&DNC3yY=#HrC3QTmLyH
ze68|E`AIq~4t}#)s#YZi=OENDcxTcRV#LNG)JT@85Xf;%mP{po33K+D;Hqg63<Cxs
zR+M~7Hb8w7^knKXeDqIkODf0Jv=Q1b{7j2z5?qat#Dq2{P#QP!TW0R84IRpXUj1Lw
zbHl$_3Kno*XA!U)QqnrSQ7!Fo$z*o5vMn(hM_^ok7xz(0nAIrpbL6t0AseGxPqL#h
zKQx{Kdw!*CAHsC5QF$BUoq-W^-h{f5%LEmL%YYIu5(aN}`wx98*qc)IRd7|Vq(&jK
zOKD6?{t3FiWs-TQ4~m*eW8SfQ?9OniOk$1bcx@2O@5axJs5c48us^6wr1)N+qp69p
zQ3S|3X7zUO;#PLCo<lR@JJ)M$wRTy=VJsl&jUgr}tAaf}hrFWU#W}!(s+Al!RuJSx
z4uDXkVU$?d^IvR&eM`CZf=0Z`b<H`y`qPAt@5V*-b?7FJQ4;y(1)5_NP<1grTYo4q
z7}~Ztf|bOj&xnTVhg1-uR(W#n912+Gu9EQbpt#Ekbj0W^DauWj=>5bEL0e^A=v2I&
z9X1?yWj*kkL(ugK-bJ&O8{0*Pl#alHX9G4g2e|^31YsN_7+-EqC9^21CYC;1OI-5{
z+Y-r}!eOw3^|9bhxHQ#H)sk4Wox)o|@vE41#&tc-8%enCUn75LeoKA&<&Qt(Wlp#X
zZB5vGc@perS{Nfy)@L<bVi0fFnsm{4f*?;%8bj=Ie0^wURC4)?<veJJuaAo=9trRS
zk0DdfWj*(zx8Qi^+Rh|(na{J^!5cz^#7GZCKsH@A`rX@i+ZV7tQ8;aCU|Zv4PC8dM
z%QDMOKy3_%szGnQgQm30B(Z~>EenF*O9XDsfWjRwVf3^dpe;3O=m`cA_7L|6WhRWG
z2c`#(h?hBzkgMAN;6QBRr3IS&_Z~2cvM&dZAKfndBbDYCwFsyU*je;o&yqJfLX?#}
znBwWw(}8&mh+J852PhUi1$A`%gO7E!Z|g&Qz6VvqZ|k?v_B4Xx&?n9h(4GgsD$x37
z31C<|+#F&kVX?t6@L?z5lr{yDN*OfteVj7|T7m=;b2^~5GSY3g5A2s-2Ny8v0bPue
zcv#O}Bk|O%Go!bR7b9m*%!~zKdUj1eu!Qz12CJt^$Dea}+jI-}(V5UKBag(~{@S}t
zi{K^UTY~Q!4GlQxi_c(u!8T<!RJFq~M?(WqL5F#i$T8a&6;>Bxz)EGWvU`0Bw16IO
z<txzEe>&P`5X+K|-8)Z(4F{Y8nyf4ie@KN778*tRZY#9zBM?;{;046>2#;|Y7}0OZ
z#5+5CQt@gwTSS>B;)PfxWlU0qxzLDOE^N>$SD==zC?}sHZ;0d@EuqX>=yhs2Qa2qg
z#h&N28Dox*KRMKj>R-?O^)OzoD=X-W;uuE3oS41`8{uJelz3F~-2$lK^mhu8wJl+I
z;c?;gGR7Q-?CmHM$r<CPjOKQnM4wsq*8<CAV$eC8P@sz&7dfQ_m8}II<)F;C6F+74
zI|L6!v`4AqiG)P@LL6#2m41o(@p)~_mPrL~kjEKHd|yQC=F_{@(kH8!Ld`iKjd!!0
zm@39CZ)|<vFrtIIZv|Gfm=a}8QAL+h`ofEPu}QK7Sc>YZW|<E^{ZU9M!_kfPX)IGP
zSMhZhV<BUiqA(E-c)^Mio!Dzbkw?kN?-+$Zok|tjK<|>C<)0bDwdV8B?S#I-{viC_
z86cy&s+E`h&5dXx(Wah_g}94nU0dqQeq8+Ty3lMck5U_62@tb8{kXN$rXQ}I>-U@P
z@!t?qO#k8Ppb3-gDQ+)G8?q3{sY8Lh1vaEzU8~-?Wh5NYYW};0(N#0D=FLkEg1?Oh
zo_h=AJh+Juky$*)f5=NrfAr&}CM?SC!^oEO@ictj(OvSlV-92VeG=%b)>a19u`0bR
zX-Z~#lhe=OA^=vC5Hif#O0@xFoaCW1bOSF9FT3f{pvr*tuMy6>nL|Dvw%fg%0Th}_
zl-y}Rp(c2GXPt%8nj3pS=4j$*88{n^fd?2WOb)k1>+OJn*HxX*v<ZBH;~BdWpI6<z
zW0-U3ca}6$j5z$^)yqsRs|&`!(u}-bx(Rrr?XjF^3Lx!$<y1;vK}uw4S8#nP-OXdQ
z3YSu~2D#SNp()5=#12!kMTwPqslocEdMVL*Iq5Ka8m?jjxg?e}kER8W<p`@)phJ{C
zQ)UGn9@feLewTGySpt4habERgUHvE`Ap?sfEs&T(mZYvvGqE4TUiP~woCUSGKNC@H
zY9cV70ASI7jVtiBX))@Mv4|_79p}s?ZLOLn2RS<FF_s?^P4!PUm-V(;&MgEJyyxK2
zgh{!;ZJ(I?uCc`9^lMfTTQx#zk9VCEL!u24zglF@dM0w*3;q55o!nw=MGz5Dlq3CY
zy)YA_NUgm3WkNC+6E?UZaghwXUjC$u7_@R`2XNtz%Z>*jeJVg;Nw7VY;jI(hRJFH!
z7!9(Pz+nX4{r329rRIfm@Q#g9kao>eEi;roQ5GyAA~eRUl#}__H%@*6e+j0sLQ9_b
zZ{Jgyzko_E1Q@&?xT2FkOQ&DfaC`~%`=B2=_k$r!trt5p>jkK*Nkda0`m2y4`oa*h
z3g8@BC15TcKp`*|s8)!l={K{;2eVuHHymWJ$#ro<ZNtj%%wnT*pnNrP+#@WDJxReg
zDZ_OW$Gf$vf7xb{ZXRj9x~+<`gv+Le^P%L3`(ZNb<<B76zoN`ax%OPYooTm)?1=lo
zAjF%WKFv9OH83>1K4D>1bz!w^)?$r55kSVJqvlapE<VIO-jo=%ZNT%uAv3gE?$gD-
zP}<aF(9geNZNA(R4NWrA96%zIo$B_gQpY?=)Kq6uyc#RXL`>dw8z){OTELH}3!1hG
zsa(YydsxxZ#&6kk5q#FXn%H^EvKp8=*$O6&6HH1t3TAG;${Ay>pmklAv<yNm128s%
z-Z+pQ<RACMl}eW+Ez`Mq>!^ATO^ChFG7~8DEQoZF{+_!C#d;DUg?-dmQ^qeR`lD+1
z?pK?t)Jaz;WZ;BQVVF7&%Ux)}4=hhr9Q~@W``pbZl!>cX`N@(;Z7A+7W$o}{hjyu9
zyTebWRT1oE+v&$rb+dt_As+o%1At!jTnI6U7y~^`2}3d-h#&q{H0aZ)3F9DgV*-|Y
zeTFfDSNFJWQ6mfsIgpQFN=2~sL35Rjbs|Smn!BIP7@lICEET&{)j_^X@XEXwG1m#M
zzRo-_%gH!m-^{$b6HTvv2Y##V)XtwxB!JtPAl{fBi5YWHGd_QO;=bD@0KTKLiiH-o
zZ}R$hd3HRdc(Zc%SwAv{gP19RIa*0%A)4-Qz>f~KqluOA=58i{QQX?(on5#Ta>s}T
zQ*_vO+Hr(JqnvO#U0}LI_uvMnH|L$(jVf4q=EB~?SlAao%#66%!(ts*bl4o+Ej6qu
z6i?EU^qD8oBzW{SKbe%70*G4AI1C;7Y%+GVSHW16p25~>1LXnVvDI0?ZVxsjcpLFp
zcGPT~JV~>n3#n9t!(e3xSxgt2iVCJm-g3<DRj{2YBl5X8u@SGZ!}hT)xL;<-GPT1b
z_N>i#xW<NW*6I|U60$5gF#>5y;{GI4mjp@?W@<`;#=n6i1uD{Q0#?j5W5}h}L2^%V
z@L}#7yD|ZYodhCv7;Tmkgo0P$lyVFq^$#S2%)eWWO;bbWYtUSC3`LiBp+vbPP%5Ef
z#iAaxnrW1jo$PTUxEzppCP<YzQw>N~2>;a<At4dHk1eT*gJn*fJBgR65$BEvlH7YF
z8z?p7D}?uFhFH%`fa6ASa`@DzTs@oW<!;ixGu@se^hPGNW5JKA!I2a}-Pg=T8+^?K
zYey9m`Lbsh$rZ9C9q#Rwz0m4rb-2z#uoVfg#DtlU;5KX2&_mGr0wtT~j1iBrizN#W
zgrZ%T3~&pcBFnZSs&yr>jU^dhtBzASF1g8~1SC`tB^st&fZP#8PiS%PJ7bnY4JdQz
zeY6HzgSB-W*hJ!Q${q;&1m89&r5~&K*F8i!zEh_7T)*{lg=45Wmuyv?A4i~!gHZiZ
zCF!=xHPC7%H^MM3M_g1Utz@a)bM&O-t-UT%ya^Oj+GE11w=H{VM++A4utg-2%&20t
z+!N|X<y$gUf%?%SQrMB9xw8|kpG<7v5;B!Kl|0I?Ws6i*h3m2^=HF=SsJ!KjM(};c
zDpDzJGE2&1^UW{Ft5~&yEvXhBS4Gb0@7tV1HLdl>L^KeB-R<+&9dLX$du<wf1xK)7
zopI>q`VgS!F%juq&EGJ|kc)S@;jf#pVUA1GS`_|30+Ps*48&M%%kZ_<;ey9$Xqf}w
zmH&3_*lgq?J9a9nt}xZ!bYSTv`^jdX+i+!&%>jP05NdYr0&~3Ps|W%0Kd<B%puUhX
zFC<)|3N_=L5F@WFTjqb+OzK@3C%Rj4wLr$c=+bVKaBL1ubp(}92&`GZK-R<6PF=xc
zcrZ<!0V$uWn2F>`Sp#pWTp{G3_Kvk|HM)o)R^K9(eTfSD6?mI%gq?-kUd*Z2N|hdX
zpk$k)r6-$qI*LHpSYQ{-K@e$>$S|xE2J;G#2{NAnc=AS0JRS%oZ&L!<C<1v<$_Rgo
zXMqZkO2g42=vd~I7~U?ifD}soIiqIqy%FvW0N)sP#@rkXPtlZzYOz9yOwz9^O->;@
zLZIe-M#aj+!ahUc`2}qUhRIjp&|XseO|J?ep>M%W$Il%^?vz{xdfS5vKHC6sFn2XQ
zKYVu48h>IHe7Rz$3IcFyX_i}u=SA_7btAD)qNo`3x-b;Q<ZG^g-_`P=l?Lr&$)%72
zNPa5%W4$!}2}PKdq2DXo5S0j}samGC7b@5!LhO_fx3H;o6h~z{hp9{^(vW(pSRr=i
z{v$uM8iQ}vD!kN$tys?S_nY!sS>UOW<Y;NDxaUC)rxtAK^KVb&(>FmXraIa!sDq0R
z0}NEClqpdB0HvxJQp+I-#yxi$%gD1yAUrIJqIe9s5XCqk(XkEEah@GY(gV+2)LLK1
zSUyVqReZ9yL&r)cO%F%FqbzFSsBevP1iMfeF$13miSN!Fvz~jI&&lPdWr8~1x(l{D
z>4QD|Zq@IiNK@syn5vVqybm=TIh!PtGwQs^tl;kmKV)pP<jS$4>Alu;7N*RK0XDm4
z_XqH$(7MFQztoAT@h(sA>Nx`@=sD%_L`CR(l;U+}Rw|Pd__A}Q`aJDUyL^uFzbO>*
z;jSUSF8q*+i9`7@z?Dp*3g>cee!)bgUrfr;R|q2tnVX(oh||`~wK;uD#H-VBSdvx{
zK9n?uRxb&=lWjuobMB{;^9q~M0A4Sw5ZGWfTjDH<>;E0n^wX~?q0{G*U}%ry)@KPx
zSduC6n(~C_OSgsK<*P7eYPah%u)2&-;q=LvqtR*7*PWXnS2lgG;CNjB)soTwH)Hi%
zy>ZFuO{=wXOXizDi~jauR_G>?n24ap#tm2DeD16XX}>8dBmVIuj!@?&0nmK+*fO+n
z-$Ggq<8{z3h;WU9IZmg&l25v!RX-)(AXAJbnulqxy@fHpF+QVZ<9J|UQB;+v&$dah
zx_?NzU(xQj8>a6|w5IY37hlyd8<?spW;;@w*f5c~9>%&(UjjQA2rDCi0Ui@ND?7?w
zcNR@nX~a^lIFvKtyYI*%4sdd}mlI6;IoX(b9HL2;RG`w*pLp4-;Zg)T_-Ojez~ELY
zJ%rAzW|c3H4u|uXu})3N8trSu&2bnX8G$Jb{e&_hWS*j;P@puf8q6)~sZH^Cj~7SQ
z^%47Cn~2@!9v3*)96H^><X`VKFAOWgD<4`F=E6y`$tiE_kBad{33xcvZxm-!sOQ)v
zRoSKYsedRI+h-~_gIcf#4_x~hZS4^T`<{;Gl~EZk3A+RnMT51sjX&Y+UF60znyi}(
zFGc+9-)Q$@;ugmK!|*K=jib4b`79AuR%0*RoJcH>u^{RYiorbIm^OYAxuc09BT}6m
zD*D_!^<b<}!(>wb0ocUIGDO94BIVJ%kg>Wx<ApxbK&0;})4ardfQrY!D?eK*uPmEB
z2#ZdENTzm-Y9F?A<2-O)p^~t05HA_UAW!eiQiKS(74W>Tc6%&E;HB=vh&72{SBGh)
z%q-q(VT|Rt3LGMK1_NWmd~SR>$o1rN`ZRDL=1Rj`stbZ$19GL{!1u@H;)1d!+IA33
z6;8x=*+T;nz)iUNB5@eHK&^OcJ7a_Y?qRatt-8l8PxZR_`9C(sQyHV8FuDsYF2G^v
z6(~2jpec>vBL=25DN(_0(yli@xgQ5<to>@XM6j#;uH#FxA?!oKjJ?~%xl8yHo5`oS
z#o9ic9Jeav6!1u4*6WUAMBfaC3g$@26nY_X^Yor`C!K;GmBR_vYmoPkh_VBxBR^Ui
z2gyUNT8iyq!xMX3oK_oB3lTD*9O1rkMA(}In+(AdPzW9rKsRyYZl$Bwfz~|ND`!NY
zv#SymK&K|UC(hygE4oRWlOd#wfsu-iTFZ4(B%wKd4?GPhLECWq?PvamS*>2gU^?(g
zv7=%=oH=qH3(0r5MJ(9kAf~SRG84%4&t|XM3n8B=G0+jd-9Hk8^t}*w791_IEfPqM
zn&`VhtpG<dAO<7@i6a^7VxEgwoY26N#n~(MTacr<6?x0nVc18YXpNm|Omj($588tR
zippf10S!fZ0ZE3ebkU{!`XJE8wEj_9D3=sxo&wt>vcftBg@k40r@y53X_(Uf=gWSE
zo59Kcgk~h)ulh^Y5Qr7<;Z73>);;m;q0#){HTOtM+o!WtsDC|whlA?U&vozF_hVol
zN!Dg^z?N9=Vb^(La-dnPqM4&=86kY%YLhV!1ak1bS527RkPVjT*xjLLiBu9+El@Vi
zQ!hoM7m{f-nWv+UamYmX=*g{F7(X73Kw@VS#bhNAv9v9Dnfo4lm#EVgDYqpL5#>|h
z8aTxZdekxmHw~#o+U?|-1Z+r~7^`|@$rQyeZ`@#`Opq$QKql}5B;vE|AqIRUKxXQ{
z0W`T$QU0sp;*am7x3#VNAY_Q(GYe_B`4&Ip#bk=6VrFP$ad?f3jnr_6Gn3+?t=`sW
zRn~?rN`<MR_NZV-iWgguh#<J&ufx;xnV$6r=k_(8Ufe5wIzt`E3?`#0y$3edt3*gt
zuQ%XAF%lVf7(OtFohz|Vc06Z;a(4GR0MU_zOAk&yJhrst%QB`trvta~b9i+esVNQi
zFd3TBm7AjUklhr>rr`n_{`|}YucmM-t(#`{3qy104V*Z}FUgp4@9Q_~RaPd9K~T^w
zN?jIh!aGY)LQOuZtQPw!`Hw)XxF2HI3AYyg5DZ6P){W5FogF*LJ@gB+k49iRU@tl)
z%_A5|gYM%O9P`aR6LH$@N8c&bMwVir94gBOjTffZ9}D*^Nd3<PK;P)88MM;4-JId)
zX-m_t)gpeoy!lI$W}YWon|)cZw*93j%~Tyt!r4QOKF1O+dsWFg?bgbmN@D%3&I#=a
z3ROCyqbJ{YNWK<NZR{6fMEF#6U{}RKzTIA4ARh`(8MiFy-`Na#Ql029e<282qTI=e
z3i<w6seMk*Q>nf5-vm@}es72<rs8*ujLof3LzvONup78XL0eOlkDB3w4YZ%NSfa>c
z#!e{#v{D~?`q;d4R{QhOrAc|zlN$kTpz=^X8-eazCOH>UwB==l3m~iwfJnkUg0X#9
zBza731*oy$JT4Z-7-up=R;}Vlhx0><6c&32JQ>{nWFSw#_oT}oNqKJ(FK#2QA?~L$
z{Por>u`yMFIw7X1aa^z?M0XKLpN-@kKEYfl5H7}`L|Zi!;Kco-=z`6VwDJzclEGTv
zZAcSm5<hUfcbSe+bu|cIfC(8_EduU6j+>ebEQnAjDp~)8Z=ibwu;s)78IHNo0V7j8
z2!)zECuQfqT^nVeR1&pzQG*n7LPLW_)+iZ|b3|rsdWG2?5Y|_Gq-HsM@BX|=mftG8
zv<DJUFt)iF#V~_HGun<M3ScvVhthyA`Tsg6_8UCs(xdwRT~XkD7qCv|+8xrjz%$*4
z7&agRH{gyqrr77It8t&;2Abe8WyocuGr8E(2`~rkZ@|GB1kIs)nE%}NXn#Yq-H|;J
zZ`My8A3aBSqu$lg82{}etbj`wI)T4AgEHofGSJeZlfk@vgca#HqIPw4mQ)|KYXzCR
zi2*Lqsnn`0HgQLH3T$k|vl+j@3dF}z1!_ULDf2k!2ubYWpQ`@2h)4B>O6?ckLcTKZ
z!Csde`H}SJL3n4?ZjWDm4*_Nase?bDcRz%k^|Xg|#PGMRp3~Y17w-kK)gqYS5A^F`
zf(C8#u(<9bZ5-If*uNxTa9KZQ7)!Ws$_Od_L`FnY=;b<u$bj$^BF<JG&N_ir=mNx!
z4s#RrHgr8~?1G0uD)`3^6KtBtAZS>w2xJ}ZO_jTNBJ0xQqOcl?Hs(%wy$_r?xlTqO
z{c4JBxuP1mkeXxJ*stICMgm6H?2UdH*B4=Ixut(*ov0%*U`}yN6wk~mn&31gDKrV?
zH>B<ri+?YofB*{nzm$`4Y267qW|~D_;~5XXjbBmRWwq2nsZx;`nJWdO=0ot%ahQ>X
zpTPBtlh&1cZ`r%GC0M|%CYMBrvuDb3lT91*-6B>U<Aqhx>)654ByUa*mydKB<zw#s
zkxt1LE*#^ynDiz)V@vud&@sN2{=Jl-hIS;j8_cj(Aqs?3-x(F-C@r6hRyyIrsB-s>
zugHpGcFnkk#&})%N!tB}vEut(`I7)0`Y-XJ9jZe#g`yOcC>#?NL@g&tcS?j)pT0!!
zFLUa`!F4-f30L)kRme(<B?hKr2pGz(=8d?Z%DuY94LQ?I<L*W+hSu?@Nv*`QD7IZC
z8s&CTO?|+iJu$5lU9(mV3}>8u%*6Y<COW>MG=8(CUy5v-njqM$`spsU*H0KkK?Uv!
zNr7r%4t+sFQ(U++CQ{HM0fHf!PwW-y91-N~oIS0%j*_Emh;<^!VJrg+sEJ|;C+{Cc
z7UFig?+<-$eAdNm#_$m)@j)%TPz!E+e2PI6C-DHJh812&Mh8W9FtTvwe$Tc}5fn@g
z=Fm)Z25o&}4OYU?nbMS8VqWf9nLn!AZz`ftCFKxJTnRF+pkxQjF)%SoN4};h>k~zF
z)?6I9TDk}pO3NH^Qr;pO#U}3DGc?gzh%^cLNqB__+#FkX-QXZU9-Eqrf%EZMbD^}=
zS_a?+y~t1ygiMzl4b?C8p}L`PF<|<>kJnEgWVi_<pNhUW)06gecJDrS4z5P^B^jDv
z)(??YtdS_qiF<ZcH>VEH#BLcy_g?{zp+*0lrPxEl4ZT<_t{`ZGfAr9&34VQc6$_3J
zSx*$SIpau<8)~~Ly^oM1$C|b>orFdq5gK@%XNY*;2^;sdiul+&_+XM`z%e<TQ{o;J
zRxg;IIJ7e4t*r#@j3YHG%4jYgMlVRmP+GupqEQ{m)h^JaxxA>;myKEmg*5)5JC@JY
zFBr^geRMx`=RKxXRbp6|MWfKuk&eycC|vI_&=AhmZnh(sAp?CGx9PvgM%E0q699~e
zpG=-aqlg=-u5-f~%o~Epqssc$t~`k()QIj&N`M*RBKvTrn)BHo&9dw~@br#KahF#_
zfgT=&Bwobx(6V~{25-fF9gQ4t@o8df&+ndJK*JG!EoB*ALR7CU0IlmjU>Jhk4_jY~
z!Vi-67}Omr+Wm1@U%>o(%N4Y~K^QQqgIDrqWeXC;R3+JtOfsoHpA0kB9P%1WYbrWk
z1~va4A7*}7VP3FLQn&1geSErEb59<jK6Dr5H>G~x6iKLf$EC%=cQDhZtwfh&vn86~
z&dX_9F+4da5~9=F5UEx#<>~;5hBZCQBVUmHd#ZYxxM5@R7@K~n%<|Pm@;5L(vSkmS
z(jM8q8y@H*5U8HKfLkE6QM3Sqoci`FjZt%)7H0CeAu1I^l@hM4FYNlZM)4{<TKhC7
zy8Wt74^FtPmF2doj~q=VKx(}oZ?{$F4+ZYU=1{yp_j!rmt;4TvHKQ|vDLRr}s#An|
z5LDr5L@qM;i;uY>hOrNsVNyV0nkwVz5Q6d^7V(%E9rf30B)sUEh4D{A5CrqHQ?|tc
z|8>+lUE$*`|A14GBF{KJ*#6Ltb-2fI&#~GRoggKdzKJ`v7Hq^n;Jm-p#YEZk`FPk(
zii#BMQ$n+I9;o|jJ_l;ba(l{hN2s64jhpQ;Dr8LZNj7NEf2>DoI$Z*Jt6jn?LFW&H
zwdRR{?4t8ah|esAw)}K%NlAGag6HyJ@tMMlM669@wxY|Su|*!6?FhZRY4ZMIgR!zs
zG_Z*1FxHG>K7<DaR)~7<N`YGEfI)jD;c&D-5kD@LGp>c&x}7_niCl0^z|(s?B}R*y
z$hCW~g~kWeK>&Eddcf4d_7U1zUH|-deS3W`+|@o8{rWk^RMC!6$3mr})a!nd1}&qj
zDb=EJji?E15ySEp<q?f;F&d5u7iY=~PCKy{rk|9o&10NWb=SR!{ddnb#j@T$q#kVv
zscU`g<8GPQl0}FV>qMd=9Z6m3AQTjsJvg+(ATo!@8*@2n(m<u0sLxpp8&b~%F<mS-
z#KR2n?$Axn7SU#GN`Y`1{4U?cx3i?XXE`sfPE|(kKl}++71Z40pTmxYT2LOr#!|Br
zLh+_*FsBO;#8mww3VQ!a1cslmdqlx}BW(x<jLqms+9*%QFf<5K31+&2xqAJ4g1!6j
zzidkDxL`@s&4H{#S1f(*cEgJh0$A--Xw^HA)9Hzq@8JU%GfydkWHMB}CoQvpfJR$L
zz}P`3Y$7bJo`_umv9~RQM}fL5r_f`D?=Y-ur!S2j>H#dw5Q6MGNuHGv35Nc|R=RO`
zzQO4rks_q{qil+5C_L{k|3&x=JX_LaL2s*b!melSA|Ok|EUMzL&D}E1RAD6PZro>!
zk=FaW2IAOSjDZHP>IAWnbs+!u_?bbNYw5yfit5!GW}EB!oX`o6lSim8A$;NK!kH{B
zb+B(K66A{9^E-mpf|2I1zLK}CO&-x0^@!F{Rf83znt#4QDzvg@N+T6|ww+#e9WJpo
za}sWe(gQ)ILq}vuU$&`K^NuT3$Mouy(Gkpb_I#Qm&g*vY2Wi2XhOAts>zH*SEo$be
z$Ko~ac&T(!6(U#0VsI06Bl5cR>$LV@>)W({;)W~ZCXBycnEC5z&)Hj>_sAP2|82X6
zj=k^>{7vyBOQ?VJ-V4ZpeQC|6i3E&l`H{#?ngShBA?c8`@y6<Xd;7Pc^-&Y6J@vrd
znM?@B@yXJ2OOo18`C#Ga9rN#O?CN5Mmbs&S`)wkam@+O+fBn8kxX+uWX4p-$1szPN
zwQF*yz>;Z|;j$$~g6iVjAbjTy7P2MKpGAh1_xI!&;)I5snX@_2g2hT!2Jz#L%>+}2
zqyUJNa51RCOkzL{!nkwOw2#DO4(n(o<cmsh8suTiJT!yK%1oviC{^aXDEaCudNS=9
z!AoGwDcx)E3jmxuoFsEJyPjj)2Po9Avo_{Z;YM4ncX8F?j~Rn+yoD@as%_eI80pdK
zwMsv6r)|)31TSO27A2AQ6!-O(RGqO|2!M3LaM=O=4)3I~qXhe*qO=>71jZ<Ey21j3
zFvY~1L@<#k2luGJw4Ws#u*YGcbaD|HNX^3p_=>>^Cb+aM6O~OR@5fec&UNb6i6#;)
znx<^ZVM4f7+a(P++E5PVbQ1u)OQk~L+8u}eur&v}_OeYvS(D}(^vF5KyUjN@aA2mr
zxK=qFulqIvh7|qVIdqTA5!pW5PrHrn{UC-Ql`a#EE+ax=87LCzY8d)QE)z_3)PZpC
zbdU~`%(<=asgtb#e%dsQG2q(Xd8JIYO3=dPSfkzDzM^#rP<7Q0zt#)k^`COqSg}gh
zXi@ey3;OHN3V+0Jz-O`tb&qXsO$!(@1lGNESUn5dqtq3rT4`mkkBG>^oMd`W+uOYa
z=8_|3y9;ySg%1vyfG){tiI-ADng8i0+Jc}U*N69ob7q6Q3pq*HxdJ(K;>jP3#t$;g
zPgs#Hxq=eQAmAzTzwPh<UKrDIy}o(kVTmCFR|wD(-%7FRGeYsqc-OSR(txVziU2eT
zXHvwd5=VED!L<;F_|aOHYcPAWA|IyeYLgz4Hs4|dAxX;l`A>Qf$Ia-O?^gQk=>gPq
z7uFycekgFhB9iJ!*e;7*&TEjdf)j1MAZ=V0RI!!Pci%(`66qwfhDZx}L3z$6_{bNU
zw6C%Vh&V?P+*!Y;OU6#n%mDZY+Bd;72^>EtNADqzNYpeq`apgaxrgEfxfkw#J0{#d
zhb(nG8BD{A+#{AXL~(XeJeEa8{@Rinp9|cD+z{gHh=5;b^#pg_Wb_G$S-<VCq$^Za
z>4le!@W%_pK}RP}Ae(7gw=X_JH`8w{#44+ls?%7pnH3uTd!sT~p$1$8;OXV>c|~80
z$1UMwe~MJOGE69PA5;-bRU1t!o`~^wqI2PUA+cl4opWQi-^^&i7ZPP`hnnVAvFe-T
zRhkty+KWiaYAsDsChL39^1aDBQH;>U9275HIQbWXC`IMh-g`dSdHzK6Zy5L~TUzr2
zX+U|`9QB|B*``e?R2vA7u;ZAERNl<^JM8{|{0mv#1d;d%FEY}rs*=P^&5TMWI%hSN
z2@Z|y0gl^RFNUp+DFJQf7bOzP216f|EIpnZ32)c3qic7(e}P>{s=2Q-H+P@0jPr(V
z!&s<a@wX=t0!`VHkF}qVFrF(yDQuFT=Uw%~Jl&GPfwKbKZqYy>(kzA%L+7?9^M%98
zrj7-wEk&}RNVDZTwAgRYEJeR{$pZYujg+mz^-hddB=et;mlBqA-{ytKrC=4ZQGe{9
zxT~Z<7Dt`M?tk8_BvsomaxAzh2b?{jj{Dk?pc%S%?-|w~Bz3<Wh0DoYOGC?wnHeC?
z&=bhacR$~nLhu0U$XwGSQwNZQd^ju-Xs4HuZ0&I(-?SyYU`mRIqXJg6)HP0QpQ-}i
zCe|3Xe~N%@j*X=$(m`^ey758kFd&_*o8YRPBv`(?Q=zk0MfLwX($GmoB)?E#Jh*{?
zT`^a#ozK}R)u~+ijyx#z9XWV8U;<`iF^_C(!`r{Qg+>$@xBlaTuxmGKz=!QLxwnWz
z(hFuHy^fG1ETGkDvpuEg8T2O>J`#$niD%DTI%5)XDX;5yK>$5s{Q7n5PAI?K>-ptA
zys((RmigT3TLKpC2TmS;Bi2;2b|p?xN)IAI*3&If@##(U;K9-9cDp`NaKizF44*z;
zvKzJ9FfJ#syzdtfck{6-rYXAc?Kv+_X7HB<tN3!61}D71_`ivPayTYX43mntyEpv_
zKOApRcl_<plR)q6@#*IhE2oWV;^KDXO6205m5U9m4<+<5JUC8Inw-t!K(Ho%9q4AA
z$ZgVAOEaIVz-X~8_%3tAc&k#f)3d4fb05D7A0!C?;caE{U>nCI)q)E#Gx{$kE~Git
z3Al$`Az9xTp1LfZUG{gofZ~LQmU96RliC`y;QRpMm!gTRzJAeGUC^#m7J`F%<bvD!
z5a`kQfW=RAd`|^u<ZE^>1T;2b+X`js6gXJw#dIXW`wYWVN=stY`iVxUsMg~%E;#iY
zJaC{rN_(_i&yoXigR4+Yg9byQq%D48Io4y8c1@UXls4tL?}Qf5gcpwF;N}w@i&<X-
zWo1_JTciwC8km9IJGO+>Fq3^<=^>euDc>J-FbZ-d2Nx$iwO^yysfJ6PScGcWlKvAd
zUAW<<4QgOAAj;wS_|!k>@uj7WOanOiW7`1En(iwk+XI~P9(?ndRG|q7y3ojy%@Vx?
zHL0BM;~M{nR|z+v-)Jh2DN$3>`j+-nB#;??>>0YkLxC*3Pd#Y&ik2)ztL$)zrCj~~
zjDU@YWizY3kfD7Sqw!_^$cBH-@)O===JzBg%|AGdu8*x)9@EacUY|k7x&_zAt5X2n
zw61s6a5F>KNO;xV$FbS`*U3)`Y8|&&`npI?w_OnzNFBlHZfb_7y>O?mR))?Sua{Wq
ztoGN8irC1*&*YU)IMw{ENPg3C0gnHRGQPkqN0xtB+J1gEE@yl0AC}wdd?0>}SU%j3
z5zb`W)7352e7Ii%L8cSM^j^24WAo|NKEFM0yC*-dTgn+a<=pw|j*k^pX9kv>kI$;p
zRMU06?|8g8GCpmPKB}wZd=8K+IkHZ>-|uK%Xr?>fjo;S~kh=3b-5|T4eouF80DfA|
z-M3#<e+d5<ZTWva{4W5L`G0vmJ$wg%xOANqkEUhD{Ub?1#6@I;s|5A@|3g&6z`*=B
zQ5|2zO$_Xq80o?680qQF>g(yj>>BIs)PON#>t|R|LRT13hk~Lfu7DX;_?!QPi}!&w
zeD`Mx#LmTe@QtubvC$=>KrH%!Ya#^~!Gtto7Y{Xd&*JNg4GkWU4FTSd>JAkgo+rmP
zu5SU+Q?-8p-lh=kr{B#8E(FJ-G)bIt*z60hnnLG&t)CYm1rN`}DF2-Z8bnSK8is$S
z*DC&>*GQls|K$J8fY;mdP>?|U7X==Wrrn&T4eFT%^FMre^3gjeQF6jNDEfbQ_>buH
z@jqh4J1FzN!2c6@GX6WL;(xlme1Nk3|27Cd{@Fl?0fUAA-@_*Vw|egb6!kyv{1ch~
zzd;y*|FQaCU;2OAKWH7q+So~--p$%7GG5m<oe_O-`<V*)oMvSu&{w2{ReHX_d9A=$
zW1D2y<qt<qEEDm^(|$JT+Cy%1##=kzu}=E?r-JI1dWwog<9$BzYnGgpW9eAtm**Fm
z*vH$RP*rx;541qbrA0wtH3u`vL#W(hRBP>Tro8aHN|W%cM#BJe9&WA{ocg>Gb6TP#
z*<yDlP}f8Z^59MQ#JNxeA)jQdSH_)CPqXY)ltww_TQYDm<4+mkYd9QujlfoSE~ar_
zJ{vlnOTh!74}WC)J309NtP&IoGk}=5k(E<&7I^41eqZd1)olSTqnN_HU=?A>;2YP_
zk?za}qQ8NN!}ME+UK13Y(T5DPa{Z`n21AUT1t9A|`f#?q&x{7aGXhj8jxu72<0+Aa
zDShpct)F0G-Gmrn6&s}Ie~2<dBc`K$qrbeN1lvL=hF=ZOK0W4r4ZCrT0O$xfCdO5s
zCa7mI<^6SUCG~+KT+&30pPYPH+XL#<*GQFRh5E{xy}iuR36b+e4Zl-_asBJ;&;&Au
z>@%v~OuaV1SPa%i)=bH!F_$^E*Yr!4B#xxp3Wp^iq+G|Yybh-GD$LzU&-UG@WP-xi
zDn?JJaWrt&GPKBouM%`{uNENs-C|eG&Gc2URr}S`xRAICm1nXGFsy}EcU=1StP@^x
zMtZ|3V76X2!@vG3ogoC>6`%j5GA+dar1SqIOrt&+59ogqDF+mc0MK;YYeDtl?<N`i
zf4KU_=uDa?-q_xaZQI%y8)swNwlmSjw#|)gdt=+#*miE-|GD?e{qUT5W`1>Qda9?p
zt7@vMPs<RX&?t&2R#-5<p%JYUcN7|H`32H>kaG+AzFT0A7=M#g4}6%HD+-5@-uPAC
z-d(Mgtq0J7J3a)oUSW62nfPLrvC8NiJUe@4ojji1md_J%em)OUeA^m?jA>Q$E91jd
zm%<{M)aOC}eZP0AJYeBZyaPmliGgB39%HD79=mGpydMcySieuiKRNqmrT@gnm^~ge
zyf%t^?R{d)VwPpa7uY~@!OnV`6H%#@=vEuV@=_|KsKES2JBBkP=K1b+VqHJtRy<m4
z+vK`z`+2Y=-utq*p2DTj#J%QSne3Vcmh>Bw@XK?WyvlxA?F7ZNxeH+3tEaC1h$~0Q
zMiDP5%UB;AT$p;RzBA(v8LQe0Tc=*<lDn9G+_x^-hG)%a<&t}%e<-Qn7@IV$Mqo|5
zyNIOcSq7KrFT&1OqWfWPk41_#Gat2&Dpy<}9+628VatSkneanM6p!wMPjIJIp1)&Y
z)6D4nq0Sv?09p^<^ae<OG$<2x)Wg=|cIJ3iytwZiPcqOZPig1WWr)gY)&AAm=LYk`
zr)9wKUeukgt)5d^nTWtFiX<T(vRy6vGp$>S%4b}C8eD_0({`wZkA`_+CS0s;K=S)^
zOs@~kvDnZ7WyHmlYi%4Y_EzUZWSspy`^+FjJDL|q2qPQaMn1q$f$GKIk%;V9@~w~P
ztz<-pT%l=i?2+1LYfm<LogYO1*`7!bKy@JV$9TgRwG-M*r2lSc>xAK48~J1CojMZV
zs&=OC`I(M0jn^kPmH~m{DVp0W?`qkkiR&A2i*AY9Ql)Up8<HvnDgZH>FsjBpM=~<V
zD$e)D{2*TfB?O2s33~jk7~R()D-_UJ@Yf2<V>Ck)B^3?t`FFrmhj?A`{b4SN&YF3r
zoQeN^$grGRcv{%AWj9gyZ-Wm*VVxG@EM^k>Y9tu+uwun1D$`b4YHZJQM7}(#9_X#s
z`Uj`Y_$sLpw^Mzf3MUp;!P08JLB^Dv>+>#J{fheqBR+5<n|?cF^}5i8M_=)|*6nIK
zebF7<*k!{(AR)UuDYCnwRxaMk<uRV#H@YF~*{NAP(-fS%P~+HLvPkE(9x~NB*HmGv
z|C05`hR?OqBn(5%+}$Elg1z1fld|*AI}gFeMvO$(&%G7R$hry463Z&_;9ARvvym}v
zleOvz#{xixqNpdRHE;x6!`xiFQs{cHC~ILa7ON=tc~=$IK`*N4WuuJ2Ot;Z48eFSo
z<)f3eL2ZvNY)Iu*-fo@^kG#a1?!-izO)6s0GrAQ=4H~|hhaGq7-0QK4dZ>WeK_9Qe
z>jx6g0Q|^pOY;J1%v8QXLWAd`&lZE~s>ZiP&K4l_aSiDbPjlSe^_%s=WU~Z#zsC2q
z7?GH}dNP5F--yf2b-zu}tyI^TGTy^C2(hz-y6YN3npV!R@!RXDR67(=7g?-$R**d0
zk)Y*>NGT7+Mzt}P@r3evl86$^(I^UkbMg2v*}{qRpusADJ?|3$`3#q&`yfH*@Na@0
zvLgUH6H$FRxapFmvnk@(EsgXtxL9Fy+~e=~{fA3XW$UAn^zPwh1K1=lmtIMMyV!y7
zvU__Jv?m>rcubdl{a>366>Mkuq~6v2%Mvr&E(*;1Hy*4BH9?HbaQVz?Z^k2vPlAM*
zW`0_TA=RZnL+CG<H^)+9;u(0bqL%=FVQ&Dj9%nKyLib94<EM8nd0$X84}8FeDc_S1
zRbF;1;{-~ID%lE;xEw$gtE5a4Bj1Hfg4tv+S_M&w<BVD=zQ>1<BnPXAnE)7zw83bn
z6^Loao~#a-zVl;Tiu+eV>DX0Oj8y-K;1~S`>V+T9b#r928#X8W?*oedZ1S3agae>S
zjfDsC^lop8K4JrtT%W5MWV84allU<(5d^yX<0VlAIY)0mDThWtk}glUlkpIkQ+j#K
z`YYR=QIqs+Cs1zp3TzRi$RAp1ug#2XJZQ$42RqmF{Q9RTEyX~DC^%G`hB0gKn^;4L
z;-3i_yRw*0D~URr2DZF{sIzr0SSx_#SXi=H4Oda%na*J#DfL@J7J~@M_YY`u_(+yK
zcaSMU(w~(|<QUGuJ>P=$^``6-eGcD{e@cr?+1lb*fTb}btMhdt<3Fk3XJ@h>;HM$+
z?rUaqfwO{aiR8G~c@|ej+XpIrcz3FyWq7#-IE-SMflrmZ<x>n1Eg9=&R=WU!l%2HT
ztgYC566(vJ4G*%z7z?Q|NaA5(6&A|w;!~*5STr~>_&~){i23ou`y6m<YC-2I{zuS|
z8m)Dt(*YAV;kD)P>=U}SMSL?AWUYBxGzel4;;NdKpita6Mt<7XRUQ#tXwn$P_<f!$
zqH)NSc+_DUbdfGJ<c9mSm@HtRI+RdzmtMK)F<S&lq*Ye+8nV1;jg5=dt*SH#3DHE4
z>c~4)Ch;6;<WXYZ2!`@^?iz!5COTVUsx$1z`7ZN8MP1?+8)Hl$BW)Lrrdx_&*)EjQ
z@`}v7A050;O2WxKvMi?ZpZb>ia(9ooz?>jEfGsu?ojByrAHJ@U*FOMby7x6Av+=r;
z!s6Ztw8@-H-<&-PJKVe&h7kV278^_aB_+k*HesNjHR<usBQ3f>xSs2Z2#?ve^I;DP
zR+w@)SNKgCrx+XR;h*qsMh2Z|)Tur<oAQfDTApXuq;k>(?h`aJ2AigHTK@NLtR4{X
z+@OVA!Cte_&g4s)hD9Kk2r1!0ss~)B7j0?X?ipVyx%E#%>{+cHZ^STBF)8{#kZ|Ir
z!v65jS*IONzsQ63P`q6v3G(cxE){GAHO&ad=x)&wBlg6e8Lqh*(wM=mAz5RwBxjqR
z{KV1Jw@bTF@(K$My8+qj%cjvS&bdv@m)V@n1^LTYJp|5Aa0TE?Suqi>hO_@tUZI))
ze`V$WX}13z;l6%O&K}k#PXFn*=Q^h`YaD2wzQFJ8{6}g{=^G;(J=X|bzaM^No$c0_
zRzlJZl@WAs@f}UKOKwl!$>ZwIT;eBOzU5YOi#T$<P1pw`-`^vLG?&4F!9#;qr!=C1
zkpc4XN|ovjtdlmwwJCx|vxrfnOMydXn=~)Qu{&<W{gM@zXnFyW7Mv`_j3e$GBV4Q|
zwxGeXLYIlpbb|Z?MNPa9jd^Ic3gXphx@P58XIno=bB`?KSzRlO_{9yA9x~CJeV6IS
zKDV$jW=>eswu>pJi>KYmJSX6P$u_exw*dGeZ=Sm#jlM7TQj@1yEHZ6)xi(lj(Df4q
zAqgU_H>mylcp2}H(TQh*e_94C>2Z_J79Hgaq_6%I9<Zm!*q#=rIK48*wb3u+$a^ua
zjyD*(!b&uZ6ctmp+D4UDLEkH#bvw$~%@))Rpho2$83b~N&T`{tox@Lwmi&4>x&`w0
ze)(44?K>PNRV8ugs5vdkKPuj@wQxwdd{k;{%u$pV!iU-Tj#0I_@~n2WTDd8tP`CfF
z!w=o9K`6S>Fte%tp@1xDbAtGr#H-Grj&|sP&7*5vXl><?>0SKe8}Zro*e$-)>8xSB
zV7O#>>XtBmn2m9->$u=5%3SmJbP=FdC3~~sq|QV{sf^<1;rVFxa1)r^ci$*47MHu9
z;)k%!7C0)egy2odYPWxBq^5Mh1?K##9gKW`#v>6fchcKcX>BEP&Z{C+_<n->AYv!i
z3;Yg?K>D;C9-V@OKU`~HFcwn;%Z1hs<0BzqqqCfT@;T3#GTpxu9@T0X_&E${(_}vw
zFFxe*IC5^~$Ot#K_hGr^u4n2&9qutoqDf#R`{2!(<(|#vrHR}rZ{+eH-hjDpf3JsU
zd5f$52_HW;qcOP<2o0ESrYr<PDBrqX<ki)@+^;7Vwx~$A!in&U8L>~b+$QN;qMK3Q
zVnZ%($uPaY?fu(KeLiIP*-`}DU}h!zrPgyJW{-gs3lQ2EmOsw@!d0h3oUfhTh}f@t
zEK1ziSfl1x$=RJFoP1d4gzN}u@k;Q!#cGDu<?D|ys}VZokLVjD)-7>T$jtgMSVm_O
zq>^g)SVN@;iMU<FpmApV*uv_Q=!z?brg*3lg_MA#TGaJ|pkl?zbB_X=MXg7d2)`Yp
z_UZA3KBsl7+ZdD%kEtdL<+H7$gx+en<{pa2oDK>dkY8;LYex6!Rf<W(=J7Oq{|X^6
z;c`?l5_`?V^TLyE=Ik9~)AbuwD`ZGz*$y_Q7nYmK(X`OM|CO}#9T(TevcOY%PKN%b
zp}g{Hi_2tM-+0(CAgcs8c*`7LYS_D(FgqWj?|ftU!$B!d85TJyW-;IzP}{*GT~Ff6
zn&L~;KW`l<)-VC5M)q@rz|_)Xf9Z<2ac<rq5wWz%;89tUsEGlq=ol5T>o)CF)@OY8
z*3!oKR|umr^*i&P31-D-ohMFCLCFm3{2XR||0t)SzMc&69OiFe9^LUZKekQSlo76s
z*7zeoR=nZx{Wse$%418ZpJDJgTh+Vwa{Gtj+u`6z=)~mj8;ypyc1wKu#u5U~#Be5q
zeU;HXERxlhF2AsUwKecR$MNuNexU8L)xlzAKqgKoMJc1Dw$&0GUsrz|rC6PvpjIkd
z<{rugV3Zh4c0ox2DV|A}V{6{ZdLYT9<GL<|Md7P!n#CoaH0>rTiyjE(=w@31F+L)N
z?{UGJhy6nm83Xd^S^et7MoAD_P;VDI9Y)0WWkX`R1E^H18I^t4=7wXf>=vi*rdoi#
zum^1)wc(h7D`~Yr{p<;1lS{hTDM-QW@9)XJkcuGL`zF!AZk>zT7^fbs<@Z}~sV#TG
z<5LgcYKt#pBv0ZqoeN?*P@jW+Hl?)mZfC=N?zuEx*lgTw%xKX3U}tvGO&^EePoz*!
zpz@sWNJeH4-#Jdo*}euf%%j@23s;6h?5@i4HjsCHuvN>sG^*)^D?^{EhVN0u$78dS
z<M)k-5R);`gI?Z~Dt?>h4_kTE>=DVgc+UQP#;s?4!5(^G%t@UlNTGNC)v~*sC;aXX
zp4;?WJou)$*@B1;d|gd1m1NYM2Z#qE?_t(5C!t_1btRNSN-_T*0wnUM#jjZ>@6R1|
zW4Q#Q?Z3fFZ&KUA<>_}T0*{%m=*frBtr#LV3_2BnsQ*U}IfZCr4Y@^YT!%0s><-}q
zS`nLHD`6MGi2yBVbc)&!!^FAkMkpmQlXE5+l%`Szo?olqe=9598!ZhbN&3hk^nPFJ
zhAFClaIJ00pvEd)MzgzXU+1CBfEgs;yX%1mTf%Ms*eAxK4_F&C_hikP@BvtICZHZS
z-H+sfU?CzjJWVBMNbI?q_Z(|B?GRzr%<b5aR<}U=ltVfVc<-6qA>i_gf@n;7ZLcuy
zoL_@GpTML|V6=L4AUYZ6{iaScB4Aa0cwXM-m;A&nZv3ng4&HMXE57pc$Y^pvc_Uk!
zru5#|p;c3QuDsFNt1;PB&C0^JG5HTZju(xRNPP@$`sWt)BLMcF8$tH90>>2z1jNha
z|6iG#FR;L-{;waQ7YB?G*b`5tditT~AKlhWpHDeL)WiQL@kGH?>aW&c6BgkjhH|ZB
za5On68X-SOzg`4>?Q+1pKFzlNB*h~&<hkM{o;!jU0}Wz(J%GBXP5Lhxh?~Ih##Gna
z#i=~&lsk&SKGcVrnQ6U?DGY$eRVDC#ayHy<hZ|U5o%3$j4Nvh6aHFfr((g!x6|jv2
z7YP2uxoRZTxt*(?#K;5im*a4CULRycm#&|9QsMP{T(W##(+_s_@}FkP-?=+8-+3@{
zcH0Q|+FR|;72ng2|D7$#nKPdHMqYybs?U)RXd?u|JBG+WDy9xx&#EeR6AoVpyLsAU
z_MYz-793lx8P+BMqD<Yi{++AvYzlY+%F7ANJPAAQJ=z`EOu9CfjDsXkHwwe{i<hg7
zv-r0`YqGx8(pn=g8?}NEi}P>SOdEdb*PZx_KXC6HeZAJ?-p_4#SM1DOy}J$Mq138(
zh~H1|k&iWC%v=up+?+~rLM}QuQr}!3UWs7hi*}*Cg)CYD)$)bb-EOl@-Q=z=gbnqe
zw58#q>KGflOntsobYjF!*6Qu3VD}!QbUbfS(S{xH({MscMv2LxywCG{<mNpu=K8sm
zjgu7ID#F3097Bo$*<~1uN1E@qM3LVHWKO=xEYs6!toiWWa_G5v|Iy6~j#hf2p)2u$
zR3l{2-RngM#<nv5QF%Q3V^!h7kVL5DOiOFDX}tKawDq~gTOml0k>BjF?T94k?|`H9
zw3C4imbAj?cpH1&t+?0*os~TX&<7`W(6S0g=eGALeJ2Givri>5A1C1wv{wvxb~!lZ
z17OT@P7p&<NbM=gNvlx89lkg2<=@&re!%6h$MS;#;IXVG17N3TY4M<`zM^WQ$lqci
zalU!c;Y4G3&D3u()64sEJYBY2R8MY#5jDruD}sc4KWg%{I`E94MV=FiWs(5H_$WiY
zo-4ok*@d|o7`jnw(}4=F$TTCcc1!eP^TGacJ}c?l$!06O^uQ1`@=zcSag?nr`^Iy1
z?x4T~5DT=h>B4UXe)1u|QC*!K&2DStKu1iY6IU3OB{Rdn5vBJ-s5q^*j08|GT&~Dp
z|1_fU_Ja&{Y;Z0pwR{?%<sfmic`llp1d|Bzy+~@sjq%r!TbJ)E)0{?T2*q#~LhP|b
zt@A*ny~Ou5;Kb$FEp{aB(>KMOeD%u+4XU36<_}bzZi$x-E)cTqcJk*}kiDyie9t=A
z0ybBX=wlS=Oxt$`^}JbNPL}U~U+ch{s%};UW@w(auZrgXyL=!CE`T1W651nc$oR+#
zJU|LzOL*RYNh>d}KC+AAz9NJW6}|aabec=IZsn@OwO=8+lFbV_#8Tf+EveWrKR&Jk
zjG1qKXMjiqv17hfTkIF8VwC>K*25Qo`@N*@v3}mv{+ZuBX&A{q)OV|z0xMvG$qid2
z@$j_ACh7s9_Ra6dJ#NSccYle~ngM<1f^{P_MioIftS~e?qrlZ%)F{IK<XM?yFIA=%
zyyPj{WYB$DChV!c*=|q9yRFTN6K_KakjLMxhP(~kfH<Rv^R_@wB^ixhTrL9Z1W7ja
zPy(-hq-GW{b%ljN7{b&a(|lk1YI{yZVB#a5&#V(zgU}~H<+;~uY;KZ6Mr%>gp+wmB
za0sEZ#Vk=-3+0?O1;=B+d!7g7yfFpaCS=Ceq=_?q|AX=<bJKkN#6oZhusm7>3~Gh~
z7fY)_`?t#s6lm=pt-bhYLgc!>SnZSvQa+k=dzm%KLGhU}vCvkfe8s(Wl*G|oT^4?$
z|IOPO)6IhmnXTk*7?Pz3C^#7Y<3)>hUJk}@ZK{US10sLG%X`N&niHLeiDtD)p33pO
zcPSBrjJidKG*HIpo{&^>*0upXZqjk4F?53K%yAE*0UA1m_m#d|7pkFFH(7@NELhUi
zD;Jp+Jy~XRp={<rE{z9zU6*V%(9hJn3P3j##sYb^5ye%z=Vm}Joka(mSkKbY+lMdB
z{oGjU486FH8~^m|xv|j^$urPmNCttM?H+~RE`IwNWFnaQP-=F%%vu3Za*CtlQJNJ>
z{H;u=<!+=b(5*gcy5hyz=5L)T+s=&|6hsb9h@%*vac3$+dAaZ9#kR=DaDR)2a;GGf
zb=K@3%@vMK{@)#EMftD9@$&}DzUsYEefjQFeehpRUq?-X(J9*X#MgfaS>&(P+9*jJ
zn+vqE#c8yylq+EW1HSH*6`47MAI)pj4#wyEC1A=FR<v&kbFMrIj#vBt!O;-A2wvxK
zQU819QAwh#CL5KNw*MghR)}991EQ%m^h9#vlT5$o&RuAtiMszM8tk$e-+6~sm0%xV
zvw~Ka+1YCbH#zYiW#ApFpFW_U`?C>9SCjUDem++#<Mt!zec|c2kzXu{$YlQVPzS=t
zHe&>pD`ia7$bAXZ84C<(TiCf+TIiGylaX}fIo$7Go%M{7*^#*m%@WZn#9^gw50G!8
zp$3!s^VO@*K3hd|sIwHEw(U}5U-Iwa#U_^RCocQyFnEj6S?E30?vu@%|2_B<P%M<p
z*5l=PZG$Z6EH93ba2@s<WpMVznOwx|5m$H3hXnlB0js_q$(^>|)psH%$m~;VcQL4C
zBiFydoMe>ycY<&A;^U#gXT))?Po=RJqoJmO1|=q{sZaltUF4MtGN1l5PqyC|q86BE
z6Gdw*{rtb)(?twUm;p-FAPG9Z1onmAY@a{dXGgjhq3)J`wKYPGXFF=3P+;+I6&H5z
zSoYn-&xMQY|22D?-TYoNi)N_je;uFAoAy+<wV%2<DoMX*P`>n)XU)xDvaw>U5H7M7
z<6g@H<L=mMN}7rzh$rqj3N!pBRuwOb9*Q$25a|rmt=&B0x~%g?2Gwz*GzPdf`U^z9
z)dAbcsCJvYk<RsQ+sJ4Fivp2nPCXfw_`VBYXgz7@-$dbleflu_;D5hd!&m-Rg&D*Z
ze`kMLy&Xs<*_!S-F&L=o+)57|z`aK%O+3ec3Jf~ELne(q&(S3yNi6}w1J-N3{obeK
z5P*5tzB_qs1iBh%zb?8}9wJ|gzD=R=k@qRlW!_MHJNw-}UAVX0t?HVY6L28ja9eKJ
zSL8^lI;5ADr}SCIxHXP7jjJE-wA$NDuax`ePrC)=b`3AA=E~8UU79G~^9QbK{(b&h
z$dmp*jH+4y7GK==(Z4aTtb8mJ9@^k5X#nvx@9*y)p7#a;D4rGm(UkGDtVdXjeM53M
zixk>O(u&;k{rgHVWfHSLpyY|OY+*BOgL}8B2WIIFP7z+{@h?BNC4ZItQS69nTE~w0
zGfVT;>n{D#WcG`}?XDn7TFY``ks+RDq-*PLAahreXlDufb4~58X3jF!1V4{9c=b6#
zT<!S&FrAlvO-mD`qoZEKrdi?1!@~!0L3@?8tr|Nu=W$Hs&Th|gCW$=`D)BpU##i9_
zop#YdDh}Z)Chbc7FLC?#;QBts5ppW1;`ftf2Je#T1H?59G9`Zt^EOim$ic9HeO`&d
zvK1beg(`@$*-Z~e4#j$x6C7RGUtYNfD#q32ZqbqRN-B5eLEp_0H9N`)jla>GLMYn?
z+bYjwKi(><Oq@T~N8>$@ZA>YtxFWabtQ|q-4EtvP!RdVWC6Ib}=X<zSM!&;<xD~|N
zKdj9u`SW7enS&Fi);;jfr&7=dAia)i7<-Mfy}mu%G984wun`ug&HA@dFGvE@8v6#{
z&%qvNug9L#pigv^aj>^#JZ-WH@ooh>1Ei+v<}#Lf;${#0J#W8ji|MX*r2tqzJG|po
zH%1>wb&I7}v;*xC3PKg4+DuUUtU(OS#$vgnaP+t@5)cK>5<>`G8v+i1ad7sH6)W3d
zkK9FWFM0`mf>Ka93-7*`4MHpW8$lausf{TeW&*39Xwa5QO5s20UW-CT_gJ;g=b>)}
zZA{@hK#~`*m0MMx@U#9AMj$R}{%BuwP6o&VQ={NkneSMmbUq+Y%%Ck(Z-ds#c8otD
zZ4a->b86?(%pKDL(XnU&nE3S;kypDqubMu?h7RZsVc*R5Z+8s%%dl^uG2X<N-%r<U
zUJfhHeweEGk%dSO<Z7{P<3tMOsCNgiZOQ$h`!~cSEwlQJ65C%y^Ccv+2K=KJHw*dq
za1QEBR^H4u-~MmkmKRm)PgzEj1wuMD=$~nKdhYRe$_YK}>Bd%p5&jAVnI*Z?s@CN9
zkL6=kCdlV#qzmLV`)$mC*M4WjO(o>g_Z{7O)&Yylv@<SM+oOeZDbtIx+6Bh9F1$jM
z^wyFpt#0Ra!u+oI){<oXufGERP8RYT<G#ndN~Gm7T?K)!@8<s9_UnXXyc_FEAuW1b
z7s#`jQ|n5BZF&IL1$(}!v;C)-mTx-9hvN`EJhqSP;v%>k-Wy%aoIm)sv+Lo!48-el
z7R}q~_F+nCw4K8b<XNKebtUM*DS~$BGDq8sGXFiZn2o?hMb5{0ft%Z52IznbZgpq*
zb6R<%_A+eKz$u63y4VcMP4g$rJG>8QSIo<@i9-wgz(#-{_`?DwAAj9dQe4vAK)<0`
z|K?I6Y_nwafYfvuxbVURmpQC=7UtPUcV`qES2+%s(>t`ZjDXLEuhji1W5XB%+qJCZ
zw&`Q=fr;u_8v_!---!NE$0z|GwxU$BpHOVTJMZuV<(a40V~<s|&E~#5K!2Z?M^d18
zVJ|FB*BOX~7EyGGy?5}G`POGK_e$!t%I~uBk!0{u)8Q;%+1q_KdZ0bw;8u|$&{5)h
z&^^mvmY~r+$p4IfG~qIbC{L+r&^~!}DeRx7=ZXgp9VK865rBUK_H@baa~546>L~2x
z!SBG2%pkPgI;rs@jU&D`_?aLNCIcE_z;0T8zXi-8F83dd>Fw!vJ*-iM?&${yQ`aw8
z?6E?bBj6%@>MZM~r&HL`FpfF-%(SFnv|%M1NEmO`X$CfBlE553)(GikY1}OpokEQ5
z+qFU0JwcFRWp3{{;Axtbui!MjI--&iv5*uJdfhJPRx<g{<pT{!6R7CEw`}VTJj*Lm
ztw2}3M0QX69iDs!p~S1j)M8)7V8C|5f2-ly{7KfhcWcmys)w-gS5<<#<|J2d>k3)%
z0=VH=&qGP|HL1>xLDQ`ht-xJcjVp6`W!J4cCFowQ<2F5%H><xiTh0rQ8O)noQjedG
zXn-tbZAX_-iII)%SIywLwhR?A)QW;P0A3)~1d>*cw7;S|<Jy4qXweMh#g^woe0ojK
zGwb`_tGZaHXo<j)GDP{9+t<K;TTOpygn132R#6Ex(o%-N`ulbDQySq9gW5r~t2Ypa
zx}cT&fKu|%pdCpWvAijI<Z#q$;emo|@mpX~13xnv{0c(x4<IE!2Dlj~va|sYQL~kz
zx0k=8d?6Z$tgC&GDjaG3T^Y;yG@U|vRexP}8LY#TX@w1itkTb6Kdhp+FC0g%;#a<W
z23GDL_FpFZf^F;5I^18y-bvUn&;BuCS(f6V3o`x|f%UuZV;L(iLu>m=iN3nmo|f7Q
z8J=!4dln)zuhL>4+m`&&*l!K6o>(EJ{5lanGf5KjPvu`DPz(KegO88p_V3v1_cc?a
zQ*gT!L>47uGVglQ&goZbdF5y!7{u2k0kby9)>4}SF*<$*lSL?57Cj44Xkbh>r$#Yd
z4f08WjM&r035hXn2WJ#f{S>T`U=n81dliyJ6SX~q@@pW_irLqSaRO4K?=lB=k<1YB
zm7Y?nCo@6z+ElZNySjL+Os`_oKK@wOHqNM$<lu3G$b4jmoyNzR;|lXge;4z`Z4kSA
z0nMx;1q<$ZICu;bu<g1UzU~`3x1`&-Rx^9F$JtRnG#n2--mA#tmE*9(?qhhJ8=|w<
z_eO5AbZ&ALt)k(u*aM1MfXprUt?1vbR|6aAnJ7-F`Z~WjQX_eJAfYZ7)qRhHuz@NI
z*Y-UJ#1ci*LdY{0$##<Js7Px%Z<Ax5YyP7*dnAqy;uK*hu$OwMbt^+ZihLKZ&yC9K
zeHu~B*5-dOE@*qt&x_G@?d(t;6Q1yJjq2}Ba{@GER^ILcu|TAF=f?o|*O`o?Kr9#1
zP&FZXJbPCoB3b#xQDYyYih}Zd6g5=cIDVy?#(}LY<r2AY!L@!q>yBrF@&vXEqORL1
zzPyWBW@>(kK|`ySorornktyd=KJg-0{9+2_+StG7i9F$;i^YtT3*-hH>&^~#i2$7#
ze*zrWcB95Iz%cm{zMX*e2iKVd|E=fQ>vT=CR&*oUkh|dWJ=RCBK?)>E40wBXr~=e$
zSHP-q_uK^904Uhv#o}w5CChZv!YQ&0ev*Q`q&l}YzefuVS^Zh-ab;!(O)VWz!QtIm
zDbuw1?jk>J_mJdE;6Bsz-8w2o4q!VAoq}X+*F;+d0-L5;SIjfeR8M^{>;?+!TGD02
zTAKUCo#l%kh62y&^%d!}5LeLmR*S<tuLzMrY$67ba8nb{1mY&vCWEh)c^k8`^5c6N
zJ;BY~Ww`EwLfh;S+B<cNbyjwE)a^jq2)SC`Ur=|J<wi;a`myi5I_o0CJNs+16ck`3
zG>X&#YXZ|o%@X11#Wk&yRF;k9hjp~M)1kvr$A7pu@SCIG@-UQ%hPet90efu)SI1x0
zP$py)?+&Lexo7)D3h=Y_p_qPoW~f_yJ&Vm2l$a9SIB-u)%|@>kD20@9))jUo%zKki
zFcb(lRloQda)d5ClS79pJo#Fk7d!P0Bm~5PK~HC|sP#%ti`7fd3eW>Y%L+4z5Wxk{
zWthC$Z2YJ@^wSw+uH_kf-CBYTOH;SgN=sMusksQn(@uj2<jI3oU>M?S;{mH2(g})*
zFO>Je?}@UGv4S&t88P`i$Y`^&nVoC9j>FAqR{iRSM?%xEd4W51#xML!uJZ))MR6dI
zOjCti{lQFkQn6$14A!Yxcl)zNZ3H{=rD<_xrKF{1B7hr4)~FXck&@%puL!Hy2`@rE
z11c9fkxh<9!KqX7<p;<_BIS71y~2M320r>yMR&G~@^r9?{od`kaynH}-g`OFwoR8x
z!)r)Uq9mwy!xL411N+(6V!U)%5qQWos8%ys$f~u`YFhkpGIN)YEzy*`*rki8>^3x+
zyESXjaQctg#q7+*lLtTga&e64WU|x>UW3u3gm<sT2HClx?;g&vjdiusRzBo!C8q6M
zmZI922BS_fFX>u4yXkt;fpg`xU_@0_3ep#}#L%dFF6}my&5Cydv0RA>^v-_ea2&zo
zW9xTvBwj?esixoO|7>H8Ud^gSO46#PF61p>t;4Itb}QoE2wSl{&0M$-XVd(6uyOvE
z#lCa@!lqT}vFD4Aoqn!8xiDP{WjXxYl(*U`s&gm7$JpF8f_@D_R&QCZolf_ZX!;Dp
zs|l!ILls;^Qd&#s_3HdD;rW|gm1%x0**QureLJ)z-A~?C>2`u7`!@clHgUJpf7%b7
zWMjv&)=@WVZl?=s58Z{mBlD#K&ds{ACR@@cvK3Xya&5Z!Ce7shog(g?L8C%MtD&z2
zeSao0ngSZD3M%bl@T_h$1|1L|$4<gyX9;<A@S}~IkR~Dji62)0$J^FlWoe9>9>$?r
zbMQNa|1!9p)J$3_U?Fubv?ZMx$U>VP_zWK(sVJM{XJ$OE<z5|~Z)C4L58)wZv7e_A
zV@gijm@O~VzNJ<2vrYzhdiSeVSCTGdR0h_Ql#t>{N1$6^&~S@)__sPyC+H4axZQ`B
zoLL&2xrC@{Nic8%>{gNAWh~r=NcjgYPL__ss;29nGt$x7A9Al!(|^;!mDX|BHVS*n
zOuV2%DrvrVC4(=`)2%7!bI+gULMUCFtRK1I&n!8-r=^plJrHM}E|D*@V5*zRw#S!z
z=tH2TEhe_dQ?8V0nf=unP3T&zmk#H3p{Qa!7#sTM*hCr%JhvNn9~u-O%T<Wxl%;L!
z7NYp&mJbTB*Uxjla5@)%y*@}h1+@g9^W*OfsgBd<8a&C`O02T&`hSV9<mp+e(-d{s
z$QyGP(|&1PGVIgsT@!Fen8rJT;(R%O3I;XU62jowl;<q8G=G(v&e|O;^{<6J^m5<V
zdn`Bz3xDm<kRh#AubXyS=HxFkA-V<z!xFJ0G`HF2CHs$RyJ6Be0A2P$DWEv~XO3_{
zNLgA@M{Q>2WMcabsSjzoDTZTjVuCA>D;CQBEeifbNmE32H!n@Pqn51ri>3}2myI%y
zeA3($0#k<jsG(i63T>irE1#MYT*8jgEh+fipqd|;7dfk%y)tLAhNq`uuh)k!ZV)S}
z9?W4&P~l{O&7yXb5q<CbL>m5dooMBs-h6ADm6^~{@|E8UehYXs8|K?CIG<{<kqs`;
z+xj?5eeiC0cQ|t`UwXMepNiJlJpPzx!zN6M!!%NW=5L2<uba>MY8YJmUa|>tLu7tB
z^#TB?<hpuZn=I>dSaIx7y<lf$fy!GV8zbRkmRl5Lc_3S^b?4XocM4wTj$tP6e>Rar
zGW)N_HSKoy^Kf6r4rtVNqcwL@3`2gW?iH1HIMK+jfkcb9-r_={8Pjx<Yt}wrG=;-2
zRxy0yOjj98GNFCnPjun3y|$;1ZqRQEd>&8ExgM+LkZV3TMZ2;Sawn%Y+`CUy;Vm2^
zRK}@}k58h5-tC>bGQe)%oh9pnj7_qG8mpLpN#<W^TW5;FU!AC>)!!N8Sz};FA;K5h
zn1aq;P1#<qhkYRVoT#4uCcJ7;D1p%%bB@jC$xzdWD14J7!qqjG5M$yew_@yo<JVWQ
zFSj<<dq3@a-ZAQP)SlOLOz|VN^p&*kF2!G~%R>4Tt<R0^=w2(nQ&X{sv3X}2Gxar^
ze+?|k=K&_Y@k<?-u#faVoAsXKwUA?We3tYeBB){>LwM}|)wCbWhGoW(+`)1?QkGA^
z&}QT|sIS7&KDsM?WBToVe|A_1q%^NX-fur=yyH-qcZR8US`0o<8kbwiWpB2Zm&*}!
z(r7+nJj9+Ahp)VC9)NebUgX!F!!D@uvRYH|smZ|oker+;hEMOP5n=rIvt?+dOv5#u
zNo~6Ao!6ICN;2ckcq8@J4*>6pQ|LiOJTNOq26+qcy?zur`asw&WgM;nAW$**=s&y<
zf{6{u&@1@eJ{B~nhORxv?ir)jyBQ`CC>v6iHVqG6nqqXu9Ab_*I}-Bn2h(zdziep^
z#NSt}0AVdTwTJbTY166;H;J`E|2-%;s-m1n*>N6k{~j(8b0i`B4<ljJ!KTaQyx?4B
z*rmcUAKTlM^VLh&4X}N{>X9XY&;WAOcBH%dGT457nZN_~P>rxB9fMU5lCYN$SM<BV
zhFRKHF-I=Jbf(Vvs!X{b5r5mmx+Fm^9+N<-*$O7#H4&f3q&PgXdS);3wVNjVJG&Q3
zciz$u^-ARbzKd*&-Qa(8_!qBNPkvlCe^UChu_{9GmRl+GNrMwLg+QPT*718m#Mn$_
zy|5aWK=xO4kPH_SQu-f4O7F0x&~kv`06jhy4e80AO!fU`r~PLM>YX{Z3d9{(4G5<=
zUWPWEl%J2Euh^GA_1u(RBsP*B7Ta%tcOd7yDpga<kibcRr(685NpWg*EBV{&jBC-W
zRiREXg#dHRn7n7V)Zd~p`Ek<QgpcYtUyUz%d?x{@|LBizzMYP|89#jy1IZKuwb5hp
zHQNK#vChXV->n1?$ZuPsAMAW)KDy06b9S=5XFlZZ)Vj<+DVqrO8a@-&lNeV&kIzRj
z&p+>6|3y3ihOgIRuL7ew&-w2;+r{1(tH5i-!>8EmC&J_Y7wp-7^99$wKYhXbRsZ8A
z|HZAOnf8kt@NF&Ti`~zQzhCSiIR7a(e9}&4b_{_vvhunPzkvkDBa8drroKT6n2j(+
zFvC$e7)4WmFHl$}BuyJg?TBiPNv%SeWa*a=xF-2q*tgUFyzXVqMFO_}7k_71?S@Ef
zw;Fz@-<8|&OiWDRCLfP8-Rq%1D$9C=wKy7!uu2WcZVug@E;f$r!)AkO?-z~Qknk6{
z;2VjU)@}PpoE$N&m{_t~<8@k==A3wVC!*LNDb(bC3qj@_O+Y3b_nms1W}evT!9(Cp
zCEks!9=88VNcMj4y54>nl5aYEzo5Bg?b=<gbvJDsHz-)JY6x~yJ#E`)zwqlYb_wZB
z<~{;uDDPG;TW00SnC!k)!K~wRp-=gK&dGPT)A%Yw?FwqtZSTIG+9|wT*0*~Zj990Q
zw78W#5*#4F4THE7K<YYy+w#4wVO|;G^=w6=<f7ZZU(?|}xOc#uUmMLm5ySlGbH#GC
z=7WM4ne@3oYs4S^G}hKDl?_-ZMa(d(G711rZ&b7@>&=>LQzcq=7NIOa@|~M*|9GmB
zavB}4+4Jqb*!3^_U+cQ}MF(w?H7$}2;nuQklE`hJVFBB3Or5acm9UgU(v>rIcAK5E
zfg_fSz!s0!L)r84Tk8{^ZI`5J^)87<f4y0O1fuA})b~Miv>B$au>x>bsGfta`T?|K
zbpC;L$2h%({>Q&zZzrRPzdbyaGllL{r@D@CKbP+lFvMSHN`!wo(-ye>xEcCtw`0_f
zn(C~GkaaxBRt#^jAOqzc=|<DOF-S9B!`I^WpVg*<W`qv%cw4qo{qkWfHOE0|SJ5Y1
z4G&(2D9SB7dmEr7Lid2IJ7vDjy#hj+dL;aokl;B^(Yr$QK0p}B3u#{2VM1@!gT!L4
zLi)CfVvErl%5;T8=LKXBn&Vb#u2$$WQ;dlLW?b|sSwT>8IWA{N9ydYHxD|m2=W>{1
za`V?Z!uE5CxL$#F!gIz~hxvCZmM62vf?E@T=r%&J;*T?5=WeF3chb(0WFSY(^Adjc
zG3Jg$$p_>3ol$a2U^e3HTB8uTi^%6wl98p^Ebhl!z}*-1bau8<v!>p(ZuA3KmRF!*
z`*olTnN(#4`eyn0kA|lAn$Gi(EE|C{+gAg|Mm@~4{-LP-W=EyEJ(62+4Yt2F0vQ#2
z#%zjfI{FxMb=BiJmAINxfb3G3q&{xWmCV>0TC4i#h0KR5p&@$PmiN<@uFUrz0^Tj~
zLkBfWAJerJx+PyLXGEyuN5JhZG^eA{4jV`J;~7ObMm_h+-*28S_v7(BD~%Ol?fr}V
zFxGZH2J5Y?1|5c50k5nYe{)bKKZLf~q7IL;P=jqE!6mSc0z|3@0g3CUpc*7(u=3xS
z4!d%gc}%)%$bFw?UIe1uQIVf63z-^faiK=)qVsQTw=6YoF|h3>4-@@8n{2Gp1tlls
zZJ6JoFydek-(m>{ANyJmy>U})gA56@1&DtjiL_S~CuP3@54&5F{rbC}yE!G-c8EK$
zH`k;L1pc+wE$9-10E9P?nlQt$NiUv_yTMxO^frb?%%0z4Z)9Zsdh{>o+b)(gXP3O3
zIMlaJQlniavw*kKhT}ehE!-~k8*=6f3Xi|rG_guIu%H46^{i2D_G9NLop&)qEHDD5
zf@g&HUCmlVgrt$CC0n#C>2~lW)7^xJNEWh!8~?2rJp!D-VV?UFQS&_^@G377Jj<8g
zO}Lc-U61a{#KrK8n@TwDTD@_RUfFrU72Eyzy;<My7popfC468S@sF@;ur#7u3DJa#
z3>;L~j=}FJtccc(o;-<oCunSI;iMzr22VnC`9Y+%#bEuUq}zh|`t=E&Br-4ikX%A!
zc;e!089FWiT<oz?Yz#m7(GoF-mP83;2xx1_4CBRqoGTaPE42`R?7Z1}01S8s{@A6_
z69(8g%hkAR(GUGd;k6LA<VS{&4AGo3*pc`jb9{9m_NnEcd+YGl;bzhUADp{$Bw*{~
z2i-~I+uS%~XLO8gYZ5=up}zrz5Rt>ZNJegkF?&=%1k$!|-1Wl)Mk)p5b$;fZ4+?5I
zU&z)L02uJKa2TCXGdri=8ej`Rj68#qK05HlR8?06P+5wj@lJe&k?@nxL)T&YjXy0;
zS@laZvt0F42D!RZ!TXc{+;KvVZV^bDN9jdQP|Eq;?xfs8f6COp&heq|#SqHxo`Slp
ze5nLDZg=AQ!y%B_cZFVXU$~L}<g4-+up~TS@;-fOO6d_uStTACHpR+AgR0*qR3UC!
z)j6G3RaEfbEO{X&+UDi_@MZQCP7TQd5A%neKf$oZc!=qm3JF*V$T(xPp7LTFqP`-j
zJG2F#2tadYgU_!HJ1cQUO$Ta4!0CfED)4|6RhBb+nQwA6b+P#dBvgkrL>>^keGmBk
zQAt7`ctLrg2mUdq?CGv-6vo8IWUK`|n%)^V%@t{4#|}~Os;>&+65{o~uX7XUyrYK6
z7ZOW?oUV6?f`sB#LrQn37NxtGsWEj|!^YZE0ba^;pxywMP=HNo1<eh+J(C<!>LIWo
zW%Bc<!4DyIciD^^`c<<j@25thy<N7v(FiAb*BiR>xfhTduaY^!yNS+l+G;T_bf}>k
z(OTxN=67lwhM7Y6M08nPst%BIv35>EsW*Rl<6BtN*&m5rFS8DN1MXoSo)IhB*xnBg
zs>n@ul&v1nfkUC*UIZJ^@)8&Hr-Hyo0LO4hPZ|!mj(>R~E1bFnd#d5)fskKNm}n^X
zz)V7~X`|Mnkahs)Z7az2-CUysFVcp`cy@LMmE%g4#H4Lf$P1K?kOtm&Y~OlC9XuaZ
zyss*qTFq&yfp=G3Fa_XAops4~<lQ)sy~Anv2P8btdnZ>lWcQpo>p&yHMG`O`Fgn=g
z#AJFQjU*?aAvL2Uw-}t|@J@w<$zp>0k8zynH@>bnOI0M{R>upck+IPk*a;;^Ko8Wr
zK3KqU_tOO>X&dI1SOdrk!a1L-vt1AO6V?W2)GxzG|AuPA{wT+?swPaxg{^C0h06Hj
zoyP}oslUJQ>xSo7;ui5BYj%OO({|Q1*3y(hs}S3_kwd4Gp_H3)Y0oSKCE2|grh{?c
zff2-TVF(s>bmk$ao}B4^WXT?pk2i<5fv!w}kDyOEGBvDZCSozQc(QFoN_Fv+9%&<8
zuGPUeqM@G(S159G`avjYi~4Uz(9(MZA0cetTrKMaArs2Ywl(W`SJr`4;_hov1nH@W
z6&zKjCE_#qJR49JWhPJiK(T%P#Ytg;o+n4#Lo9KWw$jT{#NUJ;Bty)$6`>^Lp;WbO
z4%C^|Q>wD8Nn!*KXTHpq(Sa-Ih~9&$k=@J494MjG803CxaK~nJ!a1jv?*GW{kl%2-
z(%%0B9|auEXjz2CDzN~=kQ-o|ArLFvRyOs%mOKPu0sJd>95SD(R@Ph)JF`&(MYSCO
z+3xR0G9<!L416r4brON<PVdf3E8?im%{>#yl|DFd2EEI(2`H>OT4AHw4xZWkgTl>k
zcey6fUTDEE4G5Aoku2>4J**iBv1x9{h-4gTe{mh(4&X4tJxl?&ZoYc05mrv6xAk6y
z-oYY04WhGZQNrphdU}kGwtYT$hJn>-x*<(3>5BVX>C#aC#ek}6dVS?}gmM+3*>McX
zCV>FD>y7ry&=O`gO*|v?s~5ewGxxyxC2kf}i%Q`@vUHo^=lAm{2ZC5Gb7zK@2U!f1
zEMi`5ceCO~m_#5HgSAtG>d(S^nvL@n2AF^Mj-Ddb_+T?y(VS+yK_d^i5rpV3E0y{l
z4R?4HkBf_qmsjy`mJ{Gtx$`@rVVzf8Z5|kY6@kMk`*00oXnAqM1T3UtX+i;@J9?_z
zj(ZfAqF5y0b^pd6Kr8z)^vUaL&DuwB58$UO1xvv4knVu8AQiHB>pJuqpPDPY%=|f=
z2NbUv6Q7zkvnl%`DyER={d7CsjZF(;ij`(_mGtUNK1~HsVm5QDiBk5T56R%0&dJL&
zsQNHOpdDe#P~`@?7~{%%ME8Up&xYUGeYij-EUxT-13h|GwufL542sJWsq*XS7n-*Z
zI!@D;>}|lin*%RfhLhQi^35NMqMH+4kQq!f2VRDTBhU@0-joUWw=$ULj%o7f8EjI3
z++`ZmyulJ@ODYCpWH0f-FA=42@`(UB^U$}VJ9u-26%i^_+7vOtL+v0^dhix6nFDjD
zlRqYrrtx96Xh$woxz${ocm;(xS6w`nlK6_1$P-||TSU*IYnwJu>2d1zcVG^KItUXi
zYKr0>>A!uQPBsY06i01Crb5`>FB~io7JiNQz>VvGK=-qp?2SzcL+`scSa-XkC_O2i
zd*wLOtlx%7`uPFg^7c8AI$0uK0NTDG*!m~9vr3ufq%Y0;d2~n`$ihZ|h016}_^2Pi
z`~a}UBwy%5e)`70HZUV~432L-x!wjRCqEM*B-4_@@Em1yg%pjDxFa_;qagn5-;KRt
zm$sihwfQaeh9JQ6IjPt2deO&}kyX6%T6xWvD)6hS-r?g7tR-fJqYDu-I8An!{Ez<@
zRL_sFY;BzCx9dN_^$skFM6n^V_6?HJuChRLpmxF&tJI%;;`~5txM48}5KQ!urPHaP
zLyTh2+r_8jgZI}APB)-KIT-N?0v2|CJq@>Dn#q%m&r8GY>Q}Ay?%k^WI!YDeN$}_4
z0{?npdCb^96{i!%0~%-9lMozU7g<X)h5`RQjK$)XfaZ*+T_h*a&CL$a+l|IvM>as`
z^>3Ixp(3)c=qhWpPA=^v$^JI`a<u)<l1@JqFC#r75?54f7aozyQz7>T>_o;ebXVKj
z)8(=uG8nbyda|UGK%4SMd?_<*<Ck@6l^;eJqxjhA>1wMRd*jC$%0^7Btarv%>SE9l
z8`yPM%n>@ui@0>KGZ|-u<A2G2(FC+11$GSD1BG}}tH@jjdbp+=$VI*w)JhMM1JaTG
zY+9-z(}|@BWXtmux&kwKe*TJ}4gvcz-Zq&9H1-Dbx<tv#Vq<PBINH6U8Poi=R5Ee|
zqoUE<DAeTq)QWKgOv;TMspV^-P%+8Z=uyWI0a1^;b9gYvO(G<<LtNZBX!K_P=E}|Z
zppj*bCpht5YdM6a%rtNy3;JuHT5@*G#QLYe1iH4So?^uI1mJj6=)}Qr0q~f5&!Gvv
zpaiQl@p52;K--OHsC{W@4Aad;!UvrhJb$E{S+{7ooD)-gLq+Ar+j%1PeCfdYUX4*<
z)xOr2M;9l)4YV4srb?91_}`hb;abRB9fQpNW8dW_{2J?KPl9yphPpHf4S&7PREt9<
z3O-^Y>&f4M!?kSmik6!x0MLQBw(G{MA~b|U`w+r9WYj-q+`h~m(pC8T(&@ePp@&Z-
zEU1@7l*xt<r}~fh;kVaU%ySEeW0L17*r<CQw*1JOLF7SQYY_2=OZe0@rm`DTE9laY
z&5(6?cuM4W)l?#xJc&Hi*;-69;})lG=W_qzzcK6_OvXgcS}e@39KOCox|^Kt)?6h7
zPv`>FkEfe}CTI-TkB8lYcXyW$K$}jxrPm*c;opXL%AaO?eiM2V4KYwM2_bLJ{@yCp
zh32Fj$-%LYUsajOCsq6v8b(C(M8VsZ620KtBqhD=<LHXyIK!KyM-qSzNRjh0$;sb8
zSAv4?%smi>PV}zp0R2`T1FdqQem**s1^kNj*%4_w1h~Esa=<kgJe41D5IYDxldwDP
z$oJ8of`8G8@gQA~j1l>tJYm8q<7EG-8S;kV1<+cQAqUii9m}I8w-2j>sx!n*9ic*G
zYdBMn@~{5n8c#97z>HB7{b=Q;Qed)}d-|as4vk8YoG$rQ$tM*8QFSR_-=={|T@wS+
zN+KelF+wa4*|1cyBW;v|7{_Q{Wj{NTzzCJx0ey%K2G7`&V}k*eq`J&S+JGmV40ifZ
zCY&@g$?3)kqAQ;5cwGBNk<^GkyFuCrwf&@YK5NXOAZAAFPg*`WD1SDZT<Tl1w{LN7
zkN9aw%?0161^~J4=j!(e8ii{V?Oy8-2QQ#5bGfinP05=QLNGIM^bsp!=JvOS&@Xv+
z$Gmv9Ch<~eX2cp4a%Y<a6x1cJ=*(a1E`@@r50;YO4I^k2@so0|qwiuB3gl`Zk?tdQ
zF`J!naqj#DHwxyH_v03FNkcnBwH#-~%Oqq$CZu921qde1Z^e~<FdSA#j=RlK^B5+t
zEyY?yXV&{wt26%oeiItZ(P}f38Tdwq$!<7BwSBJ5Rx%+SXcNJ#z`Oi!FmrEeyP_`~
zB_gN?-dM12c*(TyE2v2NugZ5?V^@<{(_M)O?0aKHXbFCm3I{_8Nnw2|0p|4LYbP{J
zEJq0paG)q@Z88v-86P^1B+<d^I|^vxcP5@*q0vG~TCFSG!_Y&b1`*6ayJ-{f&@e^>
zx(MzP7-c`0XH(y6WBsK0arca1l(Ks{@MCCv1N*|eakUG0mdo{Mx^vIP?Gq(c&u+!+
z$FJ>UrTd9gmSd$v$SSMe;?rORuj2e5XQJ_+p8)>T5ax{ckAOHIS|JgaEb30%6VTib
z4Q(oTe$dA6k2G|-U*?37Sk|ZH!U3oSh^y{A>@-P_Sxlj&UvQ>{LE`V`=x`+{rZ?ps
zS6ii;-=}N}g1ufI$d88bi79CzR!B2c&m{*aOl5sO`R4}AsttFY-G7$Rm)CovT;>{i
zwtxeM)CCr=sN@Cn{{vG%tiQEuu43UjYpXER(ykPjzM^@q`%J5}&fPtPz&me|^{UEI
zcziL$<jQ#W-8)umWTaHI7~yHURHat%5nba7-C*O?ozj(IgRf0H8AdkRlCOG$)(f-u
z;wA3RpwSvOOw;(&?ejm^n7uzJw)}Nlz2S}3ZolY%c5hlQUw&iuJ2%~LpSK5=dGq{5
z%TiO;oTBIy3}Bi+84DjHto=V@H6QzV_&AS^J7Lezrfm+4hH<+9g#q{!@YLTEdHAaJ
zsoQz+;zfJd=3@a{W{>g1e|4SE{nVU<HIKx=#88-W)B>RW!A;xBq4s4R%+?vb+ZnV0
znZw+F=r<Md6)^6fHHp%|DnI?5s<;yDR`n)3X%evk%5f!|Mv*2*MJniUCsC1rp=Lis
zlFn`mq|M6+FC)|TisgffeJ($?BbhD$-|`=ROR7EDRk)BMbF^F(%O!p{7b|5(onX93
z;?FL#E%Qq7NaC3kzOqwb=(O;J%(t!!84ehKB@03L5+`BZ)6s3$&vjDKMPnJ3o~x!q
zDdAVBw*VDvAXjh9r}G99aywpxB5K~pGw(MHWy5Yr7!MdNb%^DraZt5TTSt(j`nFTf
zb3rrNYW>!#q@Ll~GYq2TSSUwk$tXu0klu5=ExxJ`39$Wj5x7_*MoC)m{w3dlizL^7
z+xA>L+EU`g608ImhMsuA$o9yK(UdUZve;4#e`=7J)u8DbC`1<8kc%U|t^G!N4{PO=
zX%=MG3J70aL1nmmuI_yyGCJEJW3{Gp7V0evG1te#`s6hN<1z3s$%L{UH0#Tzs7d{f
z^&OJ+J&=*vku0hVz<@|Wu3<F*DJXD%_3*Ll&?Ar!8T=rMLYZ<#7EkH-CXrA}5H!mj
z0mQ`e>#H+p+gca!Ea}>1P#6IC>lOcf*HQ5_;Cnb0=SamM(9s0hN4rilmw|@6jFpPs
zo6=d}^85)qA=u;CNIL{m**qJ~v?O=}*A>zmrAaQ$PJ#T5t3vOa?Wqh%GCHGw^@ZZt
zv$>;i3^_S*m&rJg69eh$2)3oWa<$F2(1&`*y5g>MWmMtHeO5KnlSE1OPmJ$fxUuTt
z!gr*cmwp{(Kd+IxbvUZr-jIx>Uk+Z29_wd9n-$ihE+&el0nZy~^Q9!^5;RSUst#8M
zF{ep0DJGJOQ|(C3lF`IBk1sfXz7L1Q?z^<!f@eG5`TeXuA?#ev+!fJ2aDjoSaO4xN
zQ%dbID&Xyp?~OM%uXA0m3Ch)x_OP(jg<rk4F0bvwyZ5jDaC7(a!|z}I@x!~D+uL{F
zzrVRHUhT^8JCpXUHb#A_a{;T=CiDV*o8<i`Tc%Pgk`yqNQbDpQAR`!myJS-!d2U_F
zI)61u4f@nOf+WL4vQ3gPNHJ$V0d#9xZU6zMi$>r})QB>21i3gI$Hi*{oIYPi0OUyE
z`{+Oc6&#avD3(KvZG?yu!vp0+VNf%X!^-=TmcN_0VI-^EkxF>Zwo4hHilHO;F8Ux;
zQ0WDOKC|QTy@-ktt*aY<npJL<?x4aBg=wF1k34~!6fEL|Q?H-+gb6anT(lR>Vdd=g
z;^aUYEX{z)1p+yO#JjcR7&s|Oa0rQJX-x^3<^ju+yTWN+7&jgoB;YIbl|2SIe3ijD
zG|!$bC`x6l_<Q0jp0T%2$yp>8&OLi9GKCCbJy`OUqB}S(C(mAg8zk|$@nfn3;V|Ty
z#1qDr2r1n%`0SHbvql)n!#_pBk6eoAcYXGopvL6-r79QaZ#g0cshI+RWQ7eUAcS6$
zMXmr{tEzY<7BgOk_2KH9yJl3N#Gc!58_0GvUAT^jt}ro_|J;z+!YZ3+HhQWQKm>aG
zRTtdodi9dffkG00cT(~IOC6vi8O|Y6yG2N+g}0o1g|#Xm>^YZz)vmBp7a<+P&Nc=O
z@<}Cj6pHAJRHp-#G2etWNke>WoZ}^?TNz!@;ve!I63D7~iEm=$LnPhpDpWvL9$7&J
zCV1PqXoVzl0^|GaG>AD9pa4&hnSgSdWCO4ol`M5ZYrm_1s5*qaGv@=Auud>FhUWdp
z-~P@v&VT&vzw$IJmgy2`|3tGYmxNt|uEM;IsmMusD)8kA7Ro`6Jo04pg0%NY$|b`l
z5-Ea>$4I3g6O(>Zw;GCB5pLAyK+GTC|ByC*$s!%o>1x>rx*Cpvk8_|f^C0k=(Z`73
z;@O%&s}5;@(Jz}<i)86T`w=~nI9YQsTKMq--OmRHwP;c;I0qH6YPm3uTIZyE#C~7J
zVEp56|NcZl7`@$tFnYTOVf0QS2%~>GK^VP38lIEfTw~Lf#v6@i2qa9WjxTf*zG?+e
zmS2(~`xY>PFyVc;td#l1RjdroHSomTKCbge()?6^^^%H<0^}<cN;}Mro35p*#uE;b
zsV*yB`}eex^P6$J;2K*o#de|N8l(_XM<&>Wja~$K!XJAJN4Xq>(4A5vhS#s|GN5rP
z!VBbyKY{LvY-wpnjL~edKk_`1D?VNZs_tKNHL|z3T2_0n)v{J?o_d`YwS>bhtgBUi
zWocV~O$!yWZb&PYmVh)vQ?8s+-f079=aUlXQcr6dFDcMf!8@a303&oeD?@|TG@Gra
zB_~KMG*;7spIh?h@_PbT4Zc%$jGT?3{L4Ppy?YD0gS!4oFjl$@SYPA)b5kxwrgki;
zj}nTrAF<8i-xc5>Lp#`IMMNZCCh{#Ff)OBp#lQ-Z$WtzIH;5FW6uXIy+l~@rg{<R2
zDN`K76iM@`3PCe|Q$_ADsKsrHCf!ft-`?4vp}^v=<k(koAXs{Sc|hh>k?C_#1s9cc
z6($1tHMbKmPviE@&AZ$0-`*i^=5V1ds-$U*^`s-DOPwnmqb6G!zeb28&|h&70qiz^
z|AA7U@XpBxKi+-Y81Nszu5HaU6K?|5#f0hnNREdpcag^Z?(OTV4xN2o27Pn=DRT4Q
zEtkMi+w_IiYMEF6_WFlg7-D8O&@PCf{ObG2y^iR~4*}Qisk;DU(;M_d<Dv7R^`X`L
z6gfPe4pPdEGi#RbSpZtmAJP-g_(3y&@#+)J1+3fH!(cIg#U7h*+6;i>%$wwsW*d3>
zc-NU!12!Hlog)AHuCrvwM71a+i7rq(D|_E)Sr7ZeF&w0i_7q!h!C-%}L+J(1{J8TC
zN4jw%+i*~KqrX!HLM#mPvq0)2lfjA_1ypkzwi?*^%5iAHnu%~qi5H-|EBn=dyZ31L
zk6o{*u_#)YXSO3ayUxX`t%;quz?fMfoZ;GX)di6`aS^9n0cH@tf)G<O$j$)EFFzVR
zYhC0+sFFd`id539?8^c<tI&e5pil&lXKSq*YNf4J#>XiGcrq(*tCXE5Vem8e{9SJm
zVf@50E2f$Im^qp&+)RlU*-#39*RP@cCbiD19Tj^rJ^K%?psK?lu*A_7h9Q!nZnE$i
zQ#Wofuo%He)br{$5>fJjhzcweKY&*LgFO-+8XL?K`^3tN6~Qvu;&VGLdTT>;IUzBz
zVLHnGW0=mb$W1|klFP75`XXDEBn1{&h^+0^!MJ95N^5_EYsk0ak-j^BAT_xdJXOm_
zH~7~yt18BJHxPdr=INoOcb5Zx+9kld=6*_mSMP*XNeh3HzFu-j;{hzs;>5E9ha+-F
zUcN-HO5uCFSf#2!N6U|J3*`!KpqLpDi7wX!gaPO&{^HW9bbSuGC#AkZLui9W^NsX!
z>t3#|{^d$4Ida-sm{gg6&2+tD72oxfE(hphfmgAgJUQ6|;JHitF=A$nk2F`_1Ds;F
zqb-(wjy6&e!uC?fBy<b|;xE+t<-*{$QEWhlged{V7%edL?N6y1sVbqXlksP5Z$+<L
zN-yrk_#?XQ8>2*^$nV=u;zC+Vl%zH?M3pnG!Pzr`VhkvV_4_7&^vsoVxTD1sX8R<h
z97QIP#XRX|fj%R)8j_QU_lHel=U5m4M3W08!d70uf@7YMcctAS#E4X1$ww@*vTure
z<I?6<D(rY6Z@ehDMAHaLO{z`TiknMizuKz}=rfZUe?q4|$P&Tw&rHYAskkC~(`bOE
zP$Zo#(Fc$W+PpA-{#1LHObnWm^$ImU0-&#r7lBSm*dCm`w;J`EagJ>7PPuoIuuFuX
z>?*TUPy$Knt6&t;jDkw=Y)KLPa?Q+?1U{*Kpac_piocO36X$S(OP-KZ9EtMI!(ilz
zSwzGFQ<GJ-U3d-C;4#&Sdn!bW>69zUrJiBMn^xp>AXIpNxaF0{^D4cyYDueaGH*@a
zZ|Ww!RfvLC1>;Bc>kYb~$O4`?;w8u#eMtqGagY&HX4Qd}$@JV?OdGDBK%9H$nj00X
zck!M4b4Sd*K-CtG&<M?hV~LHu;fO5!y!||&^<cOSmw%wjW}Zfoesp@{jjR6wc9F4h
zBd2L-!V1rS%$WDla*lMaHfuKvg^tQ4Wr!l$cB$JS{6SZ+Fp)iLadRDBK2*${>JOnp
zDs1P{kljTn`G1rq8Y;z=j)A<mA~9N|%I!>c!fhJoKe!V-wd0Qw8^zt3D33rmN*vBg
zTaS0LSvNIJ0g|_c52d_ONFfO*k21yFj~4-1R1oEVRF1_LsKtWh%mIYlJC#e=<^<_W
zgKL5ajPF#ngwn>2vXn9Ynp*p@u8}(?E5!&)c+G+b_34_mJqXcead9cvfbXdV_yJa#
z;m{s3;5aJp4~-<*gjKvBNj+j%Yh0^jvsIpYVQsF_TYhhV9^U|}6E2{RvZQz{!K6X2
z2qt!a-ATMG&YE{sh9GiJp8W1qE=89}So$O?oklm1)++Z_TNn={V=3+U(xB*HL-=Gn
zRDy*xX-M{<5K~9IAJ!7@^VlebraZa{p+P^lJ;u|(3InQ>X}_|1frJ}cDQ%aB({8o0
z?H#Y4WjbZ!HN#b*CiNjq8iX4%eEv~gM@bKVbV=R%+_ho}0nS@thf=Erf`WGXwRNJo
z9tli-iD`uJg2CkY;H+MmD3poM7~hkZIngPTx1`?^t?Y`fp||+`^NV~(AZ{-s1DUh^
zwm4lAt#i1UnMOvo@%;OnH{ZSd;q7-aLcd)7!=hO>NCxp0T8OTgGJC-k!(p@6(nAA(
zhmW@WS^;|$12uc_4IH)B7u@Scd=leD-S%L^{pOYp%nzW+wA)>?MJ)6^>>7r7a6KQg
zdh+t{BC@m#XI)iHp(9@5dH`J;L}55wXgw+D8l;nwwz}Fnx1fy<XvXjgmtk;dS!o@n
zRp?NR2i+%RywI^H+;9_1+qb>Pp9P+O6LJ;7dB*e2S0>7~fFmCf{E?12j2z`I8pv#D
z#ke+Zvi*T_kux}5HroDP&?r-z0(G3!LJjwvAxrAoz(<Q2T=C0I5W2op&fSP5Mx{(F
ze2+R4@@I`7@q=^wqkTz#Z7`e-)jK&NLlm57AbSt4L+KEAIg}Ht;O?hU90vY>)O$=7
z%38jo3eI7oZRa`8g3}?{Ls1}G;fLX^SHpTpOqKePW-xD$klDewu;B$G=aqS`%b-#t
z$n<u}BEIWC1RsHDx)CtC#|D4hP)7%kWwTy+_sU8x+!Um~r2?&aNXHr)pTHD9YEGeW
zcU_DEUDe;J2zs>!t0Xc@Zq%87`2hR;0rvKTTHS|W@&VLwpiaUcyCT8_+_LkPeYX}9
zXlWg??C_c=je4p{R42nc=1<(O>%gsJLHp1Rv-W4)im~m>Kms(@VS>dxlcJZ-m@o;D
zYC%X#+8tw=0krG`IxrIun1eE$$zRc!Pd`ag%>ozN@Fe|_c_YUEupexHV}Lw~je1lF
zUPUib{@OVm;9!~7bi@*yV<g?2&ym)Z=F$4f(5SlO(XUD*!)!_tB1yLl7e0j%%Vncb
z#6F{>gqp~(Wq8Y`A%UB?lZgmH9)Q)2;Sb@0aZs_rAbv?+MuEBl1O1dD&tT{74j0{@
zVd-ZyrI7%@FsjDU!VqD9h$*0`{!is6HnmL*MlqTIi6_Uz??(2BY_m~P&?l`h;)n@o
zVxj@G4VD1&5F0c?V%=QBQ=&BruuUQ5-N3d|;{+lH`spLqaI;QckC<*tEV(;~E1VCb
z#}8@#a24H5K0`}L`dKZ4RFy+&g3fd#BCA1>IvkXfa6hRl782xt`a$i#7~;H&4?Xkc
z;i_?T3#)PDO>xTovSXO|`fPPfoPEyjA)2R*XiFhmjpNm#oIhM5>CYVQCOH+k6|jyG
z{+ejjm-zi^$zEk|PDfe60kE!!0<w@AmRrQ(yu5gOOHT~Go;kA~*J6@Z{AT<~<+YQI
zLZ-;$8iCsX<oXVORtdy4%x#D7CiW1LHM?TKgYUp+|Khu!3^pWS_cxy@!Z{EF{4u&P
zrlCC+lLcASZ{6vAmE#ok|39%7M>VOW8(8{jqL1!e<xnVw%@{PIap+<h>rq9h8vS-N
zN7Cee(sqs2FuC0Zm#Ikw=`-Q?JnyZ=+AJueFgnrx2fy%tUoNEeB^RW`|IHbp<?bbR
z=q722$%LyuWIj%*)fesM^}4Ke;9TWq=IEUcMel&3EgDv{{9pp#ShMgpRNxvd43FdP
z=<oDp(&@GG(vo~qc(YhO;h*U88f&==m&W_&zfm6Br0TcYM_ET<GEw#dcsb)@NKFar
z7n*#%YpFSZ8z3q@Zv#$X#R3_yI}zUsSI#0go2qBP!B2_?@QS62(T$>oNIYVQE|2Ow
z08+-HFtA11Y#y<TG{9>6v2jJff#e<EKUTO1+AD`C?ShI#;}N9>IM5Umfr%&qS4<dt
zb`;^J@k`|6DSRUXh+21UQ1;f4h#kRlskTVu;(fz^ZB76JsaHDclXRHW*&k4m5KNEp
z$el$JA;|CJk4tRAqU2%M!%F0+7%1g|3R_@INX&jPY)~MjG~gUq&KIualqzpT9P)xL
z>E(T3+zW3`UK@!keiAK4*m0AbJ(zAdamTp$ckd$!=B<$CIy?>qG^F4rbLjip<y5?a
zJE_ZmoL6o4OT}p(R!Chvs!k^0%#aM4XKz@;liQD0Wfb-ba`(!eRP911RrM_F9MZ&6
zzg6ZZLe5dOhqThI2yFS>jAElPlQl>y;eV6yAf_^1F8ME)VZo_7|8vWQnk`uAesFVC
zS-78<PBR`c##CbC-kUt!-$ouTySn5baNIb5>-@T0^)?!>+1|l5eWWCWHIpPg&xH6S
zPJ2anlF0FVGS8)v#_5*c;H)dujae3!Qvu)3CpDtbKoW0OIw(qRM0Q`Bh;%7ElO<`a
zZK34TEWmFPfNd`hrtA)JB~N#gx+DIY*HD)d_cw>8Ke)5Jhm{jCO0PPg_czAdH2IW&
z75j<(5QLcZOd1JBbP(s<-%=$xRI9BODPFNj{d)8dPDA~T2O;g7#cZBXLfFM@Xa%>x
zYStgGj}cn`wF35&YxFfsK+9eb`C!-WDOq{h=faZy!z4FKmG_Y=L4^#qxo*3Z&F2IM
zYeYsa5HsbPw|Ure+^}{R$X-<)*D6_ms;?S3%1BMAE!3B9aDY)>h~mO<m0ztCT|gvM
zev|9kI0-bmBH-70eH8GE@7{f<@c}lC;VO4}v#25=*{`aLE8&-0WrKHz6^Ev?eyZEY
zJk@5m;9lVhGA&2*l?E5S7mPphO->q)W)8?!vthOEYooBatA2Ht-GRrFHw|=un8*g{
zm)Pq`)oZy-QV6t)+nBvpMRg-nCHM;J=L0m{m-_EKm^ZLZ8`pm1f`_qKD+DPEpk+Qp
zm!6HbId1q-XO*xDu5Ot0ICXsts-fIk+3rsoD`l7krB(p4Sde;-B>+4XD2yQ*<T)GL
zkw|4w>SChGTH3LU@8ia-Y}`bDK+vEYY1UD$!ZMo1rt|5wN*zc;Xc%n`bZpook7Q8#
z1<q!jiE-eUzN&Z08**I_<y8j*ME!3BwcEZ=Yk6jko3e-@;}fH3GsR)?S(@`Q-`qYp
zQ#I5$hfy2S0Cz#=m&uAR2~F>W9%Uc_q&D~$+(eo>)Baho^RO`rK5_DY_1|w6ae)3T
z4kJ#e3dr1a;Zz8lAuX~qI1LoD?_!mZdJg|8yjn?#Rygj6Cz($k_{I$MqtN{sAtmJC
zg-mgmE2sBSh&gIFXt?6cLRq9fzQ>lDoRNY}duNX;!>EX&KvtfF7v8B_sjqDxuo)WX
z>X%!4A}%h|<BGYg6keEr5`Q#0IntO77{<v|YwX|WT4NVr@R*Y8V5P$3AM&*ynW=3R
zW~VEfwyV?=<ovIaVzsHcQdQtdiyW{|6xcSpMpOk$W%@-XjbRdGQ4A;%LXMKuy_7@H
zn;0XJWTB&^NLV3%gDh@^6{jd;GOa|5-K2%oSyiHsZfrO}n+P6%4;tpW0hgPR`B9ll
z8r9z-hBFC8bhKFuPaxS63hX3wY#3;d9%VsI3J9Sl4itM?P?S_P)s&}#$H441>T61+
zDn@_}E<&p+bns6qz(v+Vm4z>4z0i!b#K}7O;!*O@*_nfybazF%B0O|DI1V0HDmqPJ
z`D)R83vfC&ESNBV+a#T;7#inqRTGPh8Orv6DLE2VT(^1Y=f;`aZkP;)59NS{w8|xJ
z63n}h-C~i7<3%H={eZ(WY%g2BoD-7p5+Oj6fadDX%DUKGw1`LNTCU{g)GvzKF3<0)
zCPEz0nJJNr7c^Zib7b9HGE8qt{ezy#0mGX~Nt`Mxl3W#k;gpQQzcnaqUK3H}N<Q7^
zoHA4^wXy;tRSi04C1cKB{vkF^yqA)7e6OR2Vy}2voCSM!=DtjKwQ`IRicFdGSUUWX
z5UZ=HCB1fJ4bg92e)sAPbrQXO_1&AByC2`btXo7h9pvSk7uyYiT^Ldf5P%hU7;sZT
zS-b&+sQ2H0J~ujpK`Tf3u_Ge2i=JfJV(Im06<-fkFHlC)r`40Gwg|tsYJy8$noA5G
zuOqy+%iCbK+x00z%Fxx#wWsKvRx(2F4y)=HX=^=sp=CwII_BdIokTJ=jR);(+%8Xm
zBz#cK2n=Kd*@%K+aJywnNE(Jgjt#8qO1kC_-EaqgU8zalCTOQ@iQ9#5wED))JVXP*
z&@ioQt9RXnUtSw8U);&Pk(Pz5VL@lk?}EU|>^A{*bn{8&mK2dDO!JG=I_+5*WGQ=7
z$Ql$x+G5qK8<;tq9nJ+=+2*vdF>YYJc1wUr3X{DiDIrB<0P2(G0OLgRSh<fi$P8ks
zMC#0c@$?<`qAI!)!>C@pe)snM-OZaj<IUT<m$~9hMz-6GQhhKWh5a)dYiz8T`=!$%
zBLu1ervXKC(4EY5mZc3(O64boHr%zoW*dMm#Ywk@)b%Y^WkInuqp=kix|5NLNw^+H
zUvn{iCM}D3RS7Sc4rEpjd+B79Lfs-+{q`n*i!uhomaf1wshYxyN&PpR*I4e3>|x=7
zeA(5Q&dBmU6YGdpl5hc+{zaNjK*81jRA)QO{V$c<iCIyvGb+2%q~ZEcY%-kuj~{(x
zP*^gfNnt}W;C&^YN9JH=k}%k`h5bXrn0k{)At4RuUj>-y3|*mzg@^s4DR{}n$kX$G
z)ZT!;a1katJ`l|js8=wQa%I!9sB6wrjEqqT+6e_cG2vXFme)vurSO?U1-VyOkcrTu
z5N2kKqtFgrAu|r)p&xV9`}04%q!7?}DY)zo2@PosLOv)xQ_mN#bts%bl@?f0xH$e7
z)m?dk<`iw#%!zexF=8(B4jYW8z#Ef)&|i!OV?{G5tg$K69$m~;BB5^P{E$7z+4tG}
zSvk{Ag*<ASNZaMv`R!iCof@<hkLMHnAVnZo_5q#PVX_euCZ)+{<cP(55ml5wMX8c=
zxpO((=Zkq1!;rHy8ygnlQgx1`s*5%aE%3_iR5xHyg~(y4%*@zXI}N{-x`ji3Yd>`h
ztLCV03&e<pqMKgp=#<{5ilDB_#}y(=2P>0cylZVxaZHUegm94IFy<M3rFekLLV_zr
z!5lHPr_3g)y@u3QE}Hpvbaei2e)vJjgi#&ZHmE|@ptL&3mpiwgJNG{|FOb<T==_WV
zES{8nB*f}lsmX)_=zfzuMAvD5n~`L9|M9nfZ{TUt@`P<@+_6=0Da#zJHtqoNYJAVS
zkYsf=lt`+`v09fiUy4_zuX0jTCIBqj!p)}N0;E%(<KC`Hghb~5CRl=GnlsW;Wva>#
z8JXD+E27o=1!c!;S`2p*+HyNqnYPuI8QfC50_k`$Lm8M9o5Y=1SZ5x8>Gk?DwQ69|
z{2<11(M~GTf!2SSkF6FJt3)7|Qi>^5K;~|1XNY3?xfKCS|5DUR04k3fXqQKHVd3mQ
z{plvg<RH*xu334$cc=FrwxGc@A3>RMvacbf!pkZxqsPPnM_Se_z>4snD5IE*6p{fI
z^RBTh<{ttNlq4a-=<Bb4zpevVxs3>m2eRw{yNGL;2QG#Yq2=WjndV@-X*I4a?}v&F
zE%X6YL*<8yD9*u-v2b%NHP>v`9a3I-&~Z#uy*Zr3p(t_8v=JWtr0R>lQhquZj2)3M
zq;SbcoFCa!ig%EIG7&&j)gxck@TCS;xfDxK)@L%}+X<2kB-9{(%TJm`DbcjlhzK|@
z)`kJ8RA8DwAn&%W|FHbb;mx>Z`}Qki#s@DcxTu`AYui9+RoMSZ;UmQzCx%b`KvI%A
zr>n*qZyX2M%VKtI+;DYYHW=90sf%nAHX8au44SE9!>yRnG!xffeW4AQHjow&MJFDR
zD3pl)y1>3kfgfFeb$cyy*fy^)<i6oX4LE=eES%7Qv)hR53I1_uKQ`i^L3W0Qo#`LY
z!0@>S*S&r!nGXftqXJqiGVbLpC7lHvHySS@nKA-f>v}e}N{<&ZF<Q0#kat`p&BaM9
zprFRxB&>@|8NKLZdugPC0t*r|8Q}nydLD`1arm2wgkI@?I4Kd>Vy>*HeJAr}D3<y~
zkWwD_y$<=vfX_y{^7UYd&vpuWW+GAowg<lk$Hi`B9)|&@jw~B3%h~KvIKtGK9IIDX
zfSpOVHaNXXP=Os)Tt{Zx-{S2y-pcEZ8C$W89L&|V)(&LpRCuL_oQ(g9>acypS^~1C
z+|mxoX8o#v1}BZ|CCUML8$*dqK%9+^GJ8RHy3JhZQ6}zY`C_x#B=0cDKlk=Lo2Kmg
zyXt87HhQM9_B|ycI<mxoN1;?~62av83g-<5Zs(B3@w16RHYfrM!=wnKMbA(g8;N`D
zU=6aVsj{)oF`gA<gA3~Dt%?X;QjC>fr(tdG4x$%-P|FYj5LIJZ`>x{Ir5mbRMZ%#%
zM*^1=#AETb@ro*ej)WH*H*a2mIuns=13Qqu#p;J31}k47N@Iy!iBj`8PJMwgFnD)P
zh-uO{{v$BsOBE;mkg0Y;rMx(RPR4TtBwcw_sVJC)tk^4|OO>69xc>f?Dp&x+(5aMx
zb8s4evZ1d+mZak1y!cdBM#MP55JU`0u5TLW+>uk=A6Y&eLo`(5fb6Ny8Tr|=pR8sc
z5RPR?2UQ=#qDVM&L=k=y`P2T)C(>Q0JkcZ|vlHBS_nyN>$hN|jWt;#svWsf{`Omt=
zP&(y4P;4yox|(}p-Ko?9l(@enU%1Q@-U?fPNg?i<2J<KmSFT*kcr6W1_KF~>YT~)$
zxXS+wqns;FduiMUbFP5H&L;{qRXy(Ett5tiMkjtmB_l2<+62{Kd?))#>dW*VwX=S^
z8d43Gg4<50sc|kg7<t}RI^Gbsc#$M;svqWvAIjVfI3MfLsd%>dPS>&KSD6UW*!;zR
za=%Z@y@oB5I<x7s-1O8IH_7hpw@LPD4Tf@v&Yt}^_X68l_1!1!Ro;kC3#=10oBvkU
zWPT2uF0{4Fq!%o$+N2Ih_)~Q>&ufe@NeXwlSx~Y?x+(-JvxmhTj7)<;tc8QpcJ4lB
z>povfkHdW?N$JLq-CKJGl4P^n9Q=8I<%As7?Xp^)u3RYrx||Er#*~LhCJoA_xluKz
z?2vZEhlgrlzrDRR-lyRT-v`v7+c?ifxZK{p|Gs+M3reM@Q@DO<wVXTph5LFdmC9uv
zXFa1wQhc6U2i5qdTm{7*i0@?uSIK;m!If5nfro5J4i|prt&DLfk@UFf97(l*ps}xP
z`AAI2L=RYxS@K&D$;h^ur42-)5zD4bvCW-&f&bRh0IKR@Qs`!O(>YWV>oqYjH=H2!
zLinz5RAd^$MtL>%7{o7st=8ZJX}VZgos7u==lO8<5b28;PVbHvXl;{C#*<8hbm|{{
zdx1)a`*UXIB=lD%l%{GD(ooEQ@|0S2<&8ojeVcRaC7rL*<T=nhIQEUe{a;tjnROKj
zs^JwSh3qeCwUa5YrInawWU^J-&I+c(4tr$_-~-8#v8e_si!jzUAttwJrD0bs;GS`M
z6IHU^Zniz$VT&@*@nC|CCJ8N<oy_pEOn0$YpgE?>wi9sp8M;5HmL-ROp0W#TwE<aq
zgR@*uGP?iNIgA`fW6ySHsyd;IMm&dClUa)_z`0s>@Ti<_MY8xIm}YNQeW5srqGlxT
zS2GBwR|k}TH_o{ty=pPGZA7e6rK*xJgUUi+?xc(y6Yr()AfKt)7!4Hzhtmki>!W_L
zQsgQV@=P3h?4cVmz*aARe}{8!yz(>sffjSD`4|#ug-h*=u&Gh$S(W|7IwjmU(p4p5
zS>=j_J<DVOQ?xSW@w-u)WF@Pmk3->bm-k3@WptR<_!D=ER<!~q!CC!O-Q5m7j0#tQ
z1oe^Fp^%OG?|09hJx|t@lo?RL=_xK$u2`ZPp^Z+fR2v4!%7~SJkpK!s@|!BHstOEh
zY}mleBp>C)nmDsNm#X!FEN{sk1erkv0-bib%`%1daOD(MN^-sRlijG0pR5&^0qz~%
zDoO&;C$aja!OTiYpnRKwD?V4Z{#HuXiAseD2j@T1z4?a3_;;|o0d*rpdXdvzllFT`
zKF1@Bra>ySlav8}k)kdi`*Ybi5edMBqBGg=rD7LxGczoGavld*u@<$(ITNFrlIO-C
zEuD{RAd$)^2TPfsa-Kw$acs_o&K2yb(y@87gS>#g@VLS9B_Q*`ol<o;j(B{|wUt5C
z8gcel`8+7Ox+~jB;d@nIDFb-+OV#5N=>l2#rQU;;5LRk`euzg7ykn;c)@La1agS5}
zF)bT2;W9_6<Y<o6{Kc*)(8fS}xlFB!{IWqoRO39DVWEUYIL5ReG#dh~tuYMHiKsBf
zyuy?+AcuH>iO^_YuYH!ft+QuMJIY0Wa-n|WJ;KJAs;Y^#dy$lf^7pDL3!uqb7S{hs
zWGW}&Ca~>)Fk}2t<$f%rBT20+{77{*prU;{2$ERPIu+W`WQ-(g#`9WF7LznUx2reT
z7a;M=(ryCBWWmFg(nGQonit@Xr#6=iSI}p#t8>(eyDrb~!fVByj}#3?(#Nz}@&Zo)
z!?|bsmm@Ay8JmGB;<*ys^P~<{g#!_*o8{Rvh>jP3`Fb48L8}K!suojgb~MN5lTwpd
z4N>7yq|q>~@o_G#QPk%>I~Z{NjI|I8;E}A*G%`fKd=5-WO{#%X*Q)IJm^xbhJqEq`
z(>y0Yq{Dhh0<Rq4TvqY33)&9IDBdMig#ai6U$8NhLrdg)&T5%IH>tOf=`bbpx}6JF
zkaGEde|{ZElj2D!19ggOsE)G5E0n3WdU)dYIV(Teaz(an$f_;5j_lSgk0-B6Tc(a!
zY`{#?iR=4dO|y?2*E7tPs(q5;#O9U_5vf*Kq)s*&xXjc&=jH_OpId42{wrB(Nk+9$
zRJQMImVb4#FHMZ0SD8M^{7sOFcKSFYKj;sC(2%mxPOHccveRms^ThME-N(D(LJEw#
z;UY6g&D9{cddn?RIM$TxCE*O|k7P>|E{!Hn`r1(>g)j=zIu)~p7rS#$RjNc^=tb)L
zskm7fxsp|zQl78u#~B@Pw1{I2M`i<5YRoBAT0!w44U=P1ve(Du>SiE(J5|mRY!HBd
zG0u&N=gy<12F+-5R=1mX3SAmGRw`RXsRAD3FyKnCAyR{>>iiqoV@mADK&k3Uff45U
z*ur<wR#)TGWYeOhR9D+Z?9QmfCaJQtw0jH$qH+miEG@Ofv>J{&qqcgnF>@WCb|||H
zXF&#l8jHw%hTbP*76f&cFC7vbrinX$thHajL(YMI#|zGNG~_9fZg(s_%5D;D<~5gP
zS(2lXct~b&N-+=>Lx*KCJ>v2(2DQz>oTKZ8t`?PHf1pRl#;2Kg?K)qb;a{v)zt?H^
zTWzyI{rDl#ukh6d=ohmxDud<N{wR%kv%u%h2bGK;abHL#uqP80Vap0+u^oedbcEsn
zF;X}+57=-Bud6g=fW$~Nfy|e_al@~`fQ<&0_MuKsDblVA!K)1}s0hHl?{jn{OLEvd
zJyzW-QA?&fkwBmZki<!H@E>0_OO}}au#11MbXTwlTvCjvzKtGHa-G|-S4pR^3R2!i
zQjRe#Df&Qo&RxM=Jy!Be3hHTpCaeGXMvfO$oVo#S9yegfNv^yP<;a1xma~t%AxyFo
zJ^%LFO>K9&!~USv=@#BpOYf#u?thC@TkCIqhqj*D7v{JnQgX$i!pv>S+>*o<jKy^r
z|6HKOV@^HKmr^;zedujA?|v%<aZo;A2yVDY`tg6tAdFxhQDrGoUdZ)-LYnH|bIkyh
z=uY{XGCi1XMUn~fU+m|O=7H}drDTh{rIeQMtbj9--_pU!z2gIiN_<C=O$-dnM@6#J
zEhsND*I!^aE7XCo=;mTxL!}E+M@S}OPdPY<IWoru7KnMcAfCG(1qk3HCs_KZ0p@M2
z++!K5>?^yz9EPJdsOpt}Wq?*1a`|FzEhTBO@;0%;ltw93<^7PJuJV2;M>YWVET>8P
zK2updOUgYI6_KR*GoZmoSV_FZRFfXAZXg$$u!eskJy2~9%IocB>r!RrQh*Lf7T9Uv
zl^oCZW&zA<DwtEGCi}F5(UMWzoMB)aIhy&0umAcLo$#l!TGEDp)Lf&!Ws^qdo{ytU
z8sOD4tCJoqg<X5M@PgTcpAti|3M>1-6@bzVVB6<S(%v|>_#`l{yXY;qpfo-1h(SD-
zwc=R)gKV%aoeAi+RK>6O;@(r@7F<@0h3DXcog$Rimr%p_JS^u1rdic6$&^7Ce10R2
z=SpkpZ3nt6D^Co6Q&qtI@%;~<DV5TrL3WiU*^!zw)l!x57$6obJWSx?`nnh-n;=_S
zVl%XeDl}njg`7PxNqxnp(YQJA1(#M<XIKd=%0Sdk=AZ%;sx$<=N$dtxcHt-M(6%tr
z(Q`t3c|8fylTUxlzA_0x(4}AHe$7BAQ%*8WmkPoLp9?I1@GuSS`Tdy@Jxs5ct`pyX
zb=Gb6tghwy{Nueq*#NG8bI>2O@mCu9=LU!Y;?q}WEwvgKr^y|$ckUSL(neQi3;wZM
z^q*Gy`3w55HT<^SdT9+`JU72JhajK7__jIsr)MQ67m@zenE;W_Q9l9QT)@75br$$P
zfV^`C+mB#>&OjcJK+?LdaAdssDdOrNdstq%dDtpX0)gj+q;#t!5X)+>IMJxUYjV~&
z{FB{albj%gf^zxYLGxrmT}T}wySlg)B6~!Z)9zaNr94;t)j<<^uhfbEO!JeqfnA%S
z4o4}kU^DETJws1B=GUvTC*#bz!-91u`OlcNn^Yu!whc<H=j?LU0+br2g7j>qh+(Wo
zZUmV!kcK&+87iqTT}O`^mPZ~8d-+PX(k;fp0<uSv)ZrwMiOM7Oka-x40YPrPTJ)La
z9MPxV9(D?kpkn*G_T*g~zs>;!%)iM*E9nXf)%ki?N?|*K(4euJRDe)XxU0dp>_JJ4
z6`?(UK@~YuW|!)Zv4KU!nMwPM3@)g36w3n|aDOr;llQ9qs~dYXKk#j|^5u$P80X^C
z9QzBi+dy6%;)&jh4dfC%OJmf)a5SoOQfaHhauT%-Ssm<ZDJDpIRLkTQx`hE1{~?3a
z(jRF1(!cUP!r!?m{cl;?rGxpnQUOF)a%xq72=%RYx&uyXu}XrK&l5}5NILRT=q`*U
z#dTMkc~?3%WPzyND6m@<ztu^Mv}>Kziy{Xrq=OB)-4zRvM19QN`?QO}R|DD8A_pTc
z80BOAsYZhUkr+_Ka+CZ;(cPQm$%hY?2~6KIhn-G;&}SKZd`%oW2%n`<*C1i0KjSNZ
zXhM5twJfvIYB#Lzon>8jt!t~*?6g4!ZV!3``h;Hl9Sg4!73Kf|+od@BXTSgHr{7%_
zKPo}ruqx}^#Qrl}Wu4l)$h0~ZJEU$CWlX67`3$Ir$s<*oIe!%KMWR4S!dO(av1$B7
zrS#!jxHQ2>R)rT#&A8lFN&xtzeZn7qQ1!Z$Uttli%vb3gmuZFm3Cc0#_f!22qzN-;
z5@t9!_leaqStx@7u-M2fYe15|hS$`4l+}9D_6;lN_-gGmRmH}@@s&`NpGuMkG)`t!
z`}MPDS1K!kM&P^Bp}R5$39E5f$^i2><X$vrFPibEqBQ?<+F;2FqG^8v>ioig*S=!W
zR^g%>Iq4W<J9tP8)rf7^k0f81*b6U~v^4jL4C-YE7Y82Xo?ofpLi)Cel{v6FCLYEI
zX%vHbvp*vPOkz3?1}28ENKnblfvq=Jnn1!;K~;fPKsA|0j}@E_i8uC!!T<dcWv(}9
ztN0%77PaYFZBST;dzUK~W~+aH_AKeSW2^u9kKB=GOs<hzY;KBf?;C6nOCHC|Ow~y-
zlYZn?vWMAEOW}EJ8UlzD>rf=>rMIGneL#u(Dz>LrX`oWO**Yy5e0_bXExXR%4>DB~
zZJ@|;jE*iF8*_wQRrXb;f>EswyRGuN&StBd1Q_E}N`YbKfFYvTz7*Jh(49RsQi&FB
zY;)SIbsli^3M-zqZpCZYx8k*%T@ZLzt$3}(wwJf!nRTsr>L0k^EoshceKYL7_@>oq
z_pN@{>a<VJif6XUHLqQtS4vu)OmH_AjccG`M$w&1(Cnxfxb!@-E(&L>Hb?Dms&Bb@
zIb3fssbZEBsK{FGCm#8Kl|EQF23Jauu?bm4Nac5`3M#5~tDqcA%+Tk6^t61-Wv06w
z4(+5m;K3D?t#ruE<*4eI0IK>rbTa8|I!6Fb;4Re%L)(Qe4vh1kr1>utaMk@}R}nf+
z?&XjnCE&l4^)xcdJ@q}B1te5rCBYs1kNdU6byqB9uWg^%#5gs7$yG#HbyW;73NsRB
zlwj6HDPuLSZ41+~zGcrW_fm9+WLjpGD2eqg6iqpvRE8FjEgG&Rz=b{DF;s`?04Fvk
zDF&6LPP(!RTUwHlEnCv?EJOK$jinVh33*6}?5aw_IC#43?B|Kxu1dTYN$YXV8JId^
zXfTJDs#X*rt~*SB%D8Z#95AztrKpT|mbSKB@EdJcExblT!jj95<np?SF}?5rCr7r%
zMCU@bqxRCeB(6$`jktK`Qjl$cTC`p&O&#W-V?!!_9Hg~~ScQVesNx_p$JA>u5*#D~
z%Lr|0m0i`Cc+pARG&?+if2MV@@hgOmcZ(==!pYc|VccMU9MeQ<b;<ThOQV|Ijj^TN
zoWi=Wv$%{wgXK9c1HI6(rD3=;o)8V*2DqmcTvE2K%Prz$i@BKFm?vkDmpa8Zj1C|R
z<E7Eu$csjkjodM*67eUV9U-ZY?^A^G*32H!GQ-W!4I;KtCJnTBPn223UD;z;@JM|0
zLGFnXJGI1r`i%0Wg*}r%r3TU|w)*3?!-jH>Il^;CBIICkj1r@+>3CUKeiB5QaQ?hy
zb;A|N=5o}y1?uF}rACoo&Yd|xum%;jne)G)v==Ij@T{<1pi6W7V_MZ`qiKOk7AvW3
znGe5>g2acHgj~&5SY0)EnXV7{`O|b68A?dE7%xYE$_nHL)Sy{`thJ`XHgT^dbI7?2
za?GGkyneY#hjV|+rK&Q_A2<FS-4z(FW@Du$7rO*-X|2q8PvuvQB5^fVB=N;hWgD+@
zsjY>zt8m$k@#_a5VBFJFQ)tF=>??Pn{<pA#0^uhwQt0MdRH)-tRpj-si#7rgYEa|h
z4miMn>6jYJg4H9DR<$2JvZHalfFqv9`lzZKGE}IE$z&J0DoBkZC9B5(U1z<`&bH9L
zl%ZpkghmIMNR=Cnv84tbb?)t5^L%f6fT>#qofxChn0mp;_V5paLfgWoTrn(V|M*dC
z8;j-y6=WY}Gg!o{7ddh(+1s&bf>j5l3ElsHZ`2~b(Etz|puxfUYc$Xg=QXJ8krs(q
z1HEz?Fqs|B0IiLNBVv1e-ymM0+e@!s(BTjf*JuEpo@3B>j_g%!VaYWwwuq-}^ndQK
z+5;}q(7T?s>=XEYs>Q@yGz<+ytRH5MlvEheokvb`+v8CF5VH|x=%qx_v$%*=00c&V
z%nb~t%+@DDzXKMxn%{>uM(JlNUosjq>S>bXU8K#b$_6S~ylGJR{w=qW+iH4|(eTun
z`<L8w|59V%L92M+M!0N*4g7z@G(Iku^uKne)$1EK^U$zN`2XwHAb;4ismN=`V&97?
zB1N5kJF`5~+Pu6Crn15tS8snx4Y6GqwsfEr?5IEubWf8fSV`hhr6i0=t;>9qmmz=x
z6MscPjwbsQs{oZUarvmhZ@mpBw{#Cm@QI|2JL;)oeR)NJh;t32MTa#Fq8}>WZVmBk
zN=6>sI+1w2Eegj0t^Y2_bxK_gc0>$NrWLJ!;U}fM(gG*>s*(Tk(s5&HVj<gv8#j$}
zDG82k)>Szghx9g;&Xr3hKxa%vDK09VyMK)b5Emt%Ys4P4H*~WuzaJf)`kZFBjU6~5
zgQ8yTq_(pW#Yjl9VX3Ocv#!^`D(`VYt)r^fD7}$becQ0P3!w_Q$){He>8?CyFATxs
zaqoKRZ6QXi%=!*TzStvB04^@oAt7s-jC><;K>0jxVwCEn%@H&mC$y)sO&zuqAb-OX
zwH=a$DKMQpBqO1!E#Aac;`x=GFg3QSn=4#lXI*A`8@^gju6o`TmQX!~L{Z|<!gKud
zI>(mCs6F-;r@LwiO+8H5V`Nw|(uD{VwsB(_03W1s8m6Mc@u1DdgJG!B^2tFiI$9%Y
zN2N{|A1D5j^!p&p94&R8bSmO@dw*$4s`OB*c(EvPa?!feBP~g*%`0Rv!ctCzAc^eG
z`#7-R5M4Fyk{08g^%hv80>fj!3xX-IvFG<;z`fyo<8|;e&>Y+N7BDyoKCw*w$Jej_
z&@{eDtHaE=ag>{1`#=8ncMfW1eO_(>rhsc#540*A;uyO|*(cbh$ekorZGR|Lp%nL6
zI$1@gKF7#qjL*w15AnQWE=i+)QKrOT+sjNbORB1s3*f#>Rx=MpBjco`auP@xsWuJA
z721B<t1H>HSw2I7zC(iQVt5z*O*plJOzI%=Zmj}Cp^Fu``P)$KIo377EVRT_&V|iX
zTfwOmE{MjmFmSmx#g7~txqlYo{**P}t@cWT_8-##&bL3^+`g06@umCGCHJ&`5BRky
z>f}y<6!N_-J3DYxsuB`p4mlPAsLX_Kk$R%idt_{?tidV)Bbd}CF~kI`Y(3%2o;PaO
zxL_a3agvof(siHoqe}x%(3uYeH8EIH<ZA#sK2t@f=#@mSlyzX_X@5cSQl=h($cLu|
zg+-M%$>UHTb@FxCkxNmyk4e5NrXPWTCDQs2X%mi2cf9n-s*uNs1QJvqQh(nfk`2!2
zlrQFK*@t<cEu3|#a(TOH_jZI}U;VjgcdwSqWkXhGZje1>9=efeL^4vb@q~Hn-C?1m
zUwhrfsp~cD6Xo#?W`C>2xz+8g51%+8%IoTSv4b{T3(s7u57X}ry8U*mKPV~>laR4`
z<zd>Wm`{S{%t>dxD*V3oc(FbDfC|+IA<BnMf2crSC30V)h(k01Gmb#+m59zN4@iP0
zKneYEQu{ieU|lZ=v&L#R*pQ?)M3w*`E)wk&g_$XCf+;)73xB)Ov5GWlC|!VDWCz2c
zg{-HS$sv%03UlrYVNQ=C(L7M#S!YkeTau6oRjw4{rkZt3xwTOBDk0aIQ*&9tmCUne
zgg3&)D)OG^Jy_RDbIW9?QG|5zAi);K0r*(TRyH$t{js-D?WGKSDGhBWR<c^UhjIgq
z^H;NZ5XLCu`hO&`zsF-&_;SkYijq*!9L*UbibB{9hesHoJOeAj`U;r^$JC1_TELfB
zLY75tS&$ErLtkQzSWnD2RG&I_A}<CejQ)7(Q-<pzIWD>_$jc1Ny-#b<0+8RxxPo<<
zC^`xSC&{Dv5Cec5LXgYirNEDDTvon%1Y=vq@>9^}Uw;>F$Zw8RkZ1G4xbcupP=v*$
z5;!q*!&oY>z^Y%<jaCdwx$;8#L6%iV9gggc!_|CcU*}X>Al1q?*bR{tkty8{lq4xq
zu4lw$N=hZ71~upgY_IfOS7EZLAew}q(<YGXgy!J|QQgJ~=!coAM{d&NgKTqH8H9~}
z`S0?6Mt^*C$tfwI@XQ`T^O>O3^*x+SAkE)+w*OK1(Y-s@vjFc|itnykfIn7O(Zr;>
zT$G7QRIL0e*X+~x;fju_bMqFu!4@q9t89B!X^ecF<+AZE@~NzE&S-%W`6GtSX?$YJ
zDouK`ybuqXbIfel<I5Mtk<M&gDuE_VB;NtqoqtF9?viySZ(KnfT(kX4NvsrQ_^(`S
z2~_DPs|?jjVv9GdtXPJw98+^&i%-IqxCPF83YhJ!Vm7y~ZSV>sVnrdW9PR>je7w*+
z&q(31fHk(n(z`}7NJnovEekhVi5WYZ7yJ&`6q+?BLNye$GnK9Mj-h^PIxYc?c&hke
z6MsaWN9;bS$Z5`!@&gci4AK0-rHIQw$7YP{%R~%kYCzgp;4xEhhfHxn%z}`Ok+tLd
z^$0MN!ocufZ59V8qdKzTRKY|1KV<9ZOE;UXi%XV9fbV0qiBJguNLd*)4M2wE7e(O@
zG#5Pt;NAu?mc-VZZ>04BOq9Aivwm&{^?!Nb`()e3a~64IRc{)%VmHIga=C0K)ZvQK
z;+pgO`PFj}xTe?%fF}R&CYkaG36|PxN+?;CZ`{O=sc>l*AzKYa3>OHrtsBqFoa0oI
zN_2lX>Mr;EU<;!$7s1?9MQW8jAkkB{yZ@~D$ergXfLzA<YPQNHRfV=Q>N&T80DlF~
z<=~_QLcOe{cjlnK-#+dur3l|~&sJKk1eEnw38Jb@AnmG^5oCBxa)Bg?hEw_}+L>}*
zm@SGDtpm3rJQtTp+ppr$Y2_;+ycXd!G173Jr8E;%IjYQlXFaV_Ispr7T<9wstBb9p
zY*h61!ghF^O)3o}g_e*Cz%3RyW`Be`s?g#35^`6+j7uik7aeD4|HzlUsQEQ7M}N=i
z%z}8kah#BP3Hgt5F0>SS?l_hfW-7Ccl_DeQX}etUNN~uvJY-3<NUe16j-|lN7#W^Y
zfnV)7T!!`maCmYLDd86FNsC!g_2iAzKM9Vj{SD5l5$fMtCyv#_N4`DBa(|!eUuhW?
z^xHRgtLo2IB@$z?t7mWC-o4b@18VnIKNJO#q@k8zqP$;(&9Xg^d8@9L^}wX#q$73?
zIHpo_4jmN>XJEEoUn}crruL_EXhNbmgU&>e`~O#WZM$t7LG)LM=EVj|GEy$08z89L
z)HYHy7Ob>=EGUVR>F^?mqJM4nH~N~7&79fU<w|lyQjwd)4?%QW&faHt&N-u;J<xbL
z@|Hs|Z)Ttvvh6-l<`#9nagb?<#@dZ-r}JB|mceu!?GmgKhb!LcFMj4S5bOADoa)7}
z)#`7y?N*!B3k%c_%76%vfHELg*m&2s-fn9|6MYYUB7y*{v1PDFl7D}g4rn?9Ezdo`
z?)k7wXA=$OMS=v4oRA;_0{itZ1w76>YtsYt=~xcO{B`bJTTr93zk=r7YSqS8VMEpk
z8*N=@RFhX24qqaKr7cScia?Nn$h0W3LfHq(h+&B+ql_>M1c`u<qOwQ86hAg3?5Q*r
zMHvER4;jUQ3W97w5QWGxO++m1={@H==icW&@B6&(eZT)t0imRIux)y)Ve{H8dO=OJ
zc;v^pXBl1L&fSKkKr_WAE}g(V034|K9_xv|#-aFh-YB*ndwz-APINd^wB7JNu?%;q
zXyb=m>-+Bq{Mt`~m>T1`N_)KmEevfz2})S5Mb}46Iv7xsdgg(yxbjn#gi_&~O6HxN
zKY;<lZ=(GXgzRHUr$%Q28l;Phj`z;Jxa7U%%L{JRCcKzL?I?_ioxEy%;kN0|jJ$X2
zPRPZNVj0!q^}5hd9`#^C37*zT6f&R1KbPFl)y?P5#rtIp-tcc#p3$Y~_4lODNcCg8
zMbvumv!H)hh@Ix(BfLV#84rps*Z9;is_hY2__MNwU~&n~y1kCn>+ybSVhYi?DE{fM
zS&QkNKtWW5Zw{fsgnV15Tc^Tae$8gYmjq|$x~77qTGBAVWZP~c5=~q*FG4nTxRn1o
zQJI37GEMj;Mk*{pC9Lh<$Tr57lIN@lKNwmh<O6@~IPcxrKQOTL`)Eo?=wrm@@{LBP
zA+?LihQSLT6C7$JakT^M@3j9+^hB?qxMndZla5k%owB^cZL6a>Z)6=WpX3lKymP&7
zOOi9JLE43vN1dbsk5?ilj*4(%KhsP3-gB&+Yr5m1Mr=4hah>zl70k&pdPvDKAiTS(
zOhD_WG30|R2^I9^l47eNl;Pm$O4PW&iZ}blN>a5}N3}wy#pmT3cc!K9<WT0EdD7AG
z*1twQw?6MYl{vlhoBE1HbTI`=>>D=74RD%|-9GZ_a);wfZ%uci*<EF?NKOk+(=4N&
zM#s!dsK-P*&c*o2R?+Fc9O2={s9a6ga4{OelY|xFV$6}Kg14e|2Vz<av-P5uQp0XB
zu5Sj4$=>@8xy@r!=jqrak*D~qd^tacUjFpWT98wn!NZ1nvfhk#==vWFi$m4tmp5J?
zpJOZGep1!M=n_#Tu35XOsmaINowZ5?M&NFiI}iAyYIC12@+R9jpXLRJU!m3`CBx(N
zRo}#RNaW<r*QZIDGo5Jpr-8+aF$a__;?7xpdUA^V1<nu0<Yv^W;55E;ckYPBgI5G&
zRiB@$k@a7&?NKQ^VjyG##9S3>L%%jQwTx(?`|u>2%^7(TtJ7MLQ?gA}*;2UyXx#S4
zm#Z~5R-^_u@5`8&O*&ER`rQ-%IDs&6dbH|7uj%JBZ+avuXYFVvA2kE*lP!N(QcCt^
z|C}FL+7a&li84=$$GJ)1FGOu1^7vkFUQxNM=@?pXUB)|fUS=&0Z(UxEJ-|&<?TyzE
zapPX42z_Tt4B_Y6q*Bpm%wEYt$FK$V&s=$|n?Izrj5<#Iu2%4&*w*0~Rr*$7*R13t
zMS(N8x9=Z}9Vt`FxSOs81ZVJxH5M(01&8J=>3cE6D()Ke0ru+?t(^n2L%0)I=aBXm
zWO@$uA_ch`8j-awHq>iX55cm>jEi(eztV8<3c#Hr^5gUr1>_^e4qIeP_KJHe!k+f&
zpTFB?q5#V#SJPd7gi535XdHI}sav>nPwJ{&d1sDasS^E@>d(g6<>rIIyghA6^EOj@
zFrvwgXeqhQuWBsX&exH6&ntgg=F{N{|Ha{{%`6Zve+sb7?{0RTPFZ;QnwQ>)TN(cW
zb2Im6Vvtx#R;6&llk3e+oOLH|KJLhyKSY5Qd)xUgoz4F6VDvt}tJhIE&BBeUv}>(8
z=GviSq4D1f_^r!pAnOWMo8NAZsO8zL$z4p5qb;qWSkAJAgEA6Hmmv@x3>0E%$_5BP
z1RxNm2YjGtiq)ld6&@7R?Va^8AqWJ#mk3B4WL-t8-{^s9K_D<Ka3&E@6K7%Qfo2~v
zlXZv<0^woNzpWT8P&)}gz*sEMfw=>$w8`NbXTaM@0M9Pk#6pQq;EN;xEwxv`w*<@$
zV*ddGFhFuLAoE3c|HZ#q>I{%Z0%X1_Br_EP8Q_a#Kw1h8hkt326$^Y#z-sfKRmlLg
zlL6J;Snm`70fj;UFg68{f$x<EVn|F_hY4?!faAN&FHkTO8r)$M1uv!mT>J1!Cho_i
zO0XW{AF2N~H@O=w2x^dkgW7wg!gNEhbmr5ZgngaHw*&|_0OIQw<g9ST*Jp2rdr{y!
zX6b+t6y!<;5cVuxH^bXp{>*W5DF1g%(J%mlcMA&g^z*>~U#|Tw#9ZIhSsNu@Fd`KY
m-fcCLsRWFPg0-mt^2>ns|6|<$imN#aZlnT7*$HIU5dH=MmXs3!

delta 49903
zcmaI7Wl$h7yS9nL;0z9f4ess?3=T86ySuwX<L>V6?(XjH?(Xh<^PaP3_x#x1RCUEF
zm8ARbRPsEzK5Ago^I;KX{(?iGfq=k(fYhb=%f%pyBmO5gqc*QW=K=vi=ZZ0uhoYcj
zVxc06=_CLc$@tkBM7S9QesTZdW##ANmlFJ?B*G;oE+H-{|5r{;{;#;2+#h8nRWU_<
z2^9lLH8TlK8x;)$Z5=HQJrgx!Cw*lJ19fG6O<fZ`4F`QiM<X>`6D>C*Iagy9Hw#S@
zV^b3gdn+4D3p-~!3sV~_J108}7Z(>(=KxnvUoUUK)6yr=!za+eKi)nd#UmivD<sw}
zEX_GQ$0MfD+eXvdQYXOK)Yro$*3-<}%R9iwBi7F$#@{_Y)GH;>AtS^wIn*;Z!nGvc
z%kN(Z2n`Gg2nY!e4e$#N3JDMK4+{(P4UF**jSGlK35|#eiAal#jtGoSjfja4k4ue8
zP6J{Bed5CWVk1IRBK%V#gJUA2<D-M(Vj_}~BhsS-(&ECCl9ED`^1?G~k~4BMvoq3j
z3KQ~cqYGM-$~)4FYBGvzGb-8(lEZV7qI1*Yax+s)(ql`qQfsopin0^)ax%(t;!E?=
z%StjDawDtr;%W-hYD+WQisD*JQws_Ta)E-9!jgi5;<D1h+~T6*@{)qG^76d$y6no9
zvdWsm>c+y_){5%7^17DF=8oEm;_9mE#_GcQnu@lX{FeIi_U7{X`ue)YmWG!0md3jF
zmWKBB_SCALjGBSM`tFj3-pc0g;`ZtKj^66dk&e#p%I>MEzWIip@y_n<hQY<o*>5{N
zmFdGx1wHL?TVPng$k536@L=EANdNHgaR0<&-{kV>#LU$EWdF?i*v#C-{Mzhj@A72d
z;>_sUZ2#K)*xcOQ^y13Q^5)vg{Oa1;=*q$B#?H#_$?EaV{zBjO;`rg}*xAPT?%Mp$
z=IZg*{NB#`)&Ane;pYA6>cPRm?%~P7@%hQ&-r4cN+4(teaB+8d{d9Wscy{-Ef4P5q
zb^dy}bA5IFczgEv_;~a9a{u!F{BZmF{P6kt2?7H0_4Os(GN20r!Zs}~#INA8df|y+
zv%l!6y;>jFSd!6biuXbixiKdm|D&kK>&F&o&ZwIn++nCyEN?QQ?K~Axj^;ri>(;ky
zIj$m2bxlT~LQ#K!l;2tsie^BEPm9d7()v_VB*-Gw@o`=Qm7Bn-T<kK4*@{X%(Y=KE
zbv>mM38Za5!(b;i{30F%1CEDB=LX~I>$B^Nyi@-=N$)js&*%sHUNiR41c%k2Epud=
z?RxnCYtj3Gl}OjkEC5H`Hg)rG)f%A;<;SPlR``g?cek40a#R;l_GP{!=a^<?HFNs)
zA@BD|4ZK6|^lW`i#LVHp&2M*ac+wJ9!K={&GnSq6MP2-#Khkc@uT-`^-Mg-53a03A
zl$CFRTX*2D3nNJj`@P%mX<d=&>&P;T)$2@ub;0q1I@8t>xGuX+>52Ndpx<~rQ#+HV
zo>G90%3qXz-{$`MjC~MxLHWhk^|6nHwE0GT^;Ho2qMD~){xMlZ*R!QY`FX2jqx*Pr
z^*+CCy)#K{JZ=2B_VhU)wej%T)@gj5`~K0zLh*4)kLdM))M2chp5k#ZH6M=ozzw`U
zj#*=8J?9VruE%804Sb$Md~YRBU$fiLQk|Bc6;1QjZ=ECZrx$!c*sXRa^V{}zZ$A=(
z*S%kgJfMvoX9fM`avkMmc-;uc_wdp65lQe|@k#6X(#H4M=eHFz<aI>b<VWCkyFc5-
z3Cs~>J#T*9O!fd=cQ;S#@1y1b-g`fR-;MMJf)wyRyf)-yjRWsxd~WVX{<Vq;^+n74
zIJ&*}^*r^=BFAiOwZ&QUe#~wCrMma1{W90Yn~L++*Ms!F^H%Ph{?@U!Y0PE)(({A{
zT<4_CF#9#3Z*o4@d_7k>caF6`dm?>gXyfy|M6O$Yg|hBtNl9*MaNKni5a72zdS1O~
zlLONM(17Pnq3G0Bt;eC|*Bb%i=TS(AcJoU@k28_I<|N(5Ji*lG`*uMZ)YlugaTU!*
z#s}u{!P?fH!IyRU$4FKLTjrZz51jVPslD{(!}xZK@joHCz5LbA383$~Kfjymcs<{?
zukttvIO=?b_N(Iig~jugU<{@0c`{(E4S2pL(9fh`@cepyT{zNmyKE@Z_PSgs$^t&A
zXj{2lK3Bfp8hVZ@y*^IE>RqnSb*>kTu?9RZ?Xz$_K2w%5@jM<()viu@%(LFs|F!ab
zXyJR^U9OwbEP(#f5Glp1@~Rum#_aOo+1~8FAFgT_D#AP<_j+9@qeradeL05%s^I6h
z+Aj9Gc%J7<MDf#KR^h;fkEZUI^0SnBNKa6u^E=VgZiwZZ#G~GaFuTq&{H~Jhvcxv*
zsndU~=cR*aW5MT#gx}ZPXm{%Gn$vgKI9~4#8OuMtFAfoS+{`x_F!Q?J#-LWUyWD<!
z?Hs;PTe}};ssqf-F1Oa&&zVO+7mv%AC7;Vu#?>dL+@pC`!++G;NT1>Mv}mdQc{-BR
z37K}I`o-M!DCoDuRmBE$ea?O^@OHkQ^ej1NUA_PN<WpZqQ@nFSS%V)*ssq|h^j?qh
zT~@$p>_>{Vq(lSou$I*yg>q@j+$qbf<rYE*=w>Zxc_q*}oE<F10^=cRwvf<RPdD1r
zLD9S?4=`k&=?0gcT&B#tENpBGJr$@MeyE<W=J|eY?CSXrXC<1A8{|-z_uo2d`MGv(
zga{VX@jF0>@}CO%IyMvXCyuu~)!pC8j<~HstuwI4q94+%)IJg6fTh(?uQ|ztrcIs)
zWpb(X_M?7vSm0n0P%nZpmkx3;b?35v6ub({9LN&6l9cW_=+8L)F#g;K>EeD%6y3UA
zY|7vf-gH0gh_mjw=$g5=>N?ZhcE4=7Xd99amrQT*d~u&on}WFSJdSFA5$X2~`4!2&
z6^bwZ&O*0kKlldSWYGDB@zOsY!kqC?lg75Wc~bnfUHH-jbbV-d?ukyV$9lFoOle**
zb*Z<q3X27Oz_d|6ezU%h;CnZ9Sl$zx4kxr__G<gWO*(nUmHrr%m)7ijSK!d>6bKu5
zGIZK68OyqSI(aHOG5VTQe$6V(qV{Zjh~T}4P|KJ&KPzEpe*m76KRmhF_x}9`=tY>{
zk(${~@+PB!yJxGQ3zW`Nq!kS86j4=l*FM+!MfOU(smzpmY@cwX*)mgNMJ8#mYzk9V
zQ0!!_JYurT>Yd>06l+mtTpza`!g~axp4sP>bDH<UL;Sf@QVWq**<=L;QuFQ_Bpgcg
zX>obQ<7R6P1SD&XE1L^0^sXL95&HY;N4r_61G#g+@5u)5jn@kEOp@RY%Y6dMO1I{k
zHp?<1{<*?rD=JJh5$fwZ`D@;iX~<c>`lr~A%?)lyi_34Y*}e{MuVW-<H{S-<wd7~s
zGxTO*zHmqR!yzYkf29lNeL?BGvfpR~Y83IgOS);v5I>Yryb?LGGUs%Muw8b$s9^{A
z8zDvj#sug_KB_TRgOz>Ik@~5X$cTnm&OB9^)xp79!6nxEu@q;as`e7%eRl+bgXTm6
zo%Hk=l(l^izFY^}j%afN&a8NTxz*!SmqTOY?OQC;2S`mN9koH5TYT{tQtZP=v}j!S
z_sCh-SvVg^6iLFH{vaPgEOb$m0D^OSnO=M#2&8p~@|V<@Ua!Hv+quV<*ei?K>LsrR
z)sm6qtQKvWAuf^LT5&P9O$`LwcCIbrPv;)nbhQQ%WhtJ7+=$asX0C-&3(LC-+E%ue
zOCtxH{8c3dX$?0;jm(VB*sr+$`Wb|PwBI~u-k<Co!QA{!W1sI*9Jg>z0ubgQD*P${
z`6&vXQU(ex_xwp*^Hz1%Nq<Lluvt8^n_%PYH*1oX_ML0p;zeX6Zh_JG*&nOlxbBfp
zTHcfURtMat#j;KV;CE!Ae*Q=Z%l!Tw1cUs}PX&fZ0^=J%W58GrwKe1}o>s$mx8wO+
zN#f3{ubNec1%_#uX%+=y`d-IXiILD3fEs^7hX^xg(`|A{?jDhS<&|h7al`Vw!G!;M
zY2LgB4GC)E{b=x?FqvSxA)!;iOU_ivKe=a-C1ui7OIAsazP$6!Oies8bb0a(A37=+
z;9kPwzD{#6ID*@_f1x{k>r2o<ZHGM|;$6#T74CShSMsYPTsNtAvGp*bWyD$m*fo|+
zbn15&%R?;}%C!c1)fenK6dE?b_c5duI}n_yf1x*9nF_iR^J;i{8fkgzi(D=s)!jHU
zQ(|__4#a~#V&&Kx^>dp~>-uVSJAUIO{{4q|!`q&DlJew-kT1>_oVyJDHXbQV8{8o@
zSPg+=@-fd$NbVNAUIEOOl*Dcl0N-xSvNlLn(4<p2IZ`7Hb{9*^VK$|k=g~ACn6L{)
z9I=>59mvLuR}Oh|JViuIKHC@T%!2cSst=y6KPe;#zO&A%GqD=G`TASeb;z6ZI(D?&
ztg6i_l>8nOKJ_SS6UGrq_Iunn=HF!^(D~@bPKWXKXA>uL*bFI9a6X~G0WR~H<n$5N
zuNPbi4Ig3OGkj_j@s~la;z|RCSq$`S{)dfGQ{h_g6-D_Lh1Y$^=(?#h@9oANf#N@q
zaNYA8An7ycrko9s7(^adnrW5Ere9Ulky-_4H78ariESs5KUU$BQmGRsO4}5TAk*}0
zcX1r(%CyBs*`J?Lra_A*fI&jXh8|>V!fnb!ZZw8adbap!Vgxm{*cuMv(p%$<)S$=L
zk%X+~z66u^Z_q+IQc^=4VA<(Wd)3xK8%eS5N%|$#yn90$2iQW~pdm?w*=^;~LUkNr
zsA9p@s*Gj*gYdTsdj4gXi}4$t6<v^+p0CxUWlBT$CG4xFT;KJg0s1pVNA{w`qDCjM
zEqeVj#i2;+h98*R&w_kA&yLnw<{U1X>T9>=+zoi(SDg3APIy^fZ^=TvXK6W@J;*b9
zdJIfmVGmG&28YHqrK6#4K}0Jn?JNsWtIvK(Bnp9zED4HA_z=h2S_z0?Ck^Ce1vE1A
z3T_vII;yLWXtdNDz}dlc{!ePyXm2aAlLELB2d5jv`e_(`+Lyu8DX}K3`1t(#8ai&s
z72DZ1R@a%~4P!J#bc)+R3rJx{y*D{F?b+G|RdB$ff?-XGGQ)g8n}=bm0?fc%EiXRH
ze*!4VZW)PqPz9f)->9OPJNZ7n|JwTPsK;Wm9s(Al`Dt1Kz}ct~F;o0I7lJ}}IUTb1
zhb>aR9LbsZQiy<Qr@DU36$iXAyiKUThlr|gNU!+<CQ+1UtSroJ)5^c5k{u1zPGK7-
zw`Lz^X|SAlu3&xp7U8lMw*X>jhjO(PR%i{e3)`Bv7}jgZIz}hy1Jn^p_311(D9Cxa
zk7&0*9S=$eKtk;$Ql<Rf{Y+%d%2+ttWX?=bIbnfGi`%<0OT)l1OnYQs$4T<{4()hy
zp{5f)J7>5~Ar&lwK+@C=FCnI!s9Ang{t^@c@8^I<5+#-h0_eCPXF~hrTyx|JnHLVT
zyg1_mf2X2)cSC@b?nK~<_(6PX;<xBwJ1trA1pzX4pfLG$5Vgq5LjrWbo*Ydz=_Vka
z4)tpOqd<Ptpa={ELX9pg|GhVl9P~GK7T6-&N4*CZYkyJCk&@q3xj-2<9`2-va7)}3
zT5PP#m<?Vd3u9^9=4q>N!Em<GOc$iWMq<OBTQR>dxciiFW|w?Jdq+j#mD)pg;t-kP
z!iMJ>kP*G{G4$bRTGG%I^5^f58aKx(t)g@HsfU-w<UC@lW{y66+<G&YVROYeY8QXm
z@->7&@Sk-<GE)7Sw#qPezBiCD=c5W7Dmu!GH!Wa9-9FjtzimL6ej=jK^~AbRr@9MT
zP{1~${f&)t`D<=9!A4!TfXGHr$H33;vZg_038W?6N{&X_@HD%ufufXB#6>{7i}<dx
zeb{NL`QD~O1drY0b0}%(3g}%J)70-06&?_4(+oWF#K*I>2H+9Q!_|ed5l0lwx`Hq$
zpdXw|lx8SlT*kz6cY`SvUB(kyL<m0QK<5`)6=SQ>rs1XCB6FzXx3RwMw49?EM%ZN^
z0x7QwN%<=;@or^5V%V|2yVJ~wz*g=IqyMcbO;nJ6Fd5{}R$Cqf$sdvzffBg&fy@TU
zZXj(<?8d`hg@;UjO1B25G)8BdShryN_07)$L*ZAp0RjlwBAvHHq`>}fJ_PUbxw%V+
zx$S!zL&M1D=?9FhRfj*mLje*|wLFa6w!n!IiU$!V3p|HQUPcCk%}Spzs2Y9Bdl)tC
zNxm-BHH>nVy`z}FKO<k9=|oDTLNO0ztu?)Fcu*<(jV=hoxhx*9z0UAMF+2$q0_Blt
zNY2iI&2OX!v3C6-Fw&w~6xB$7kVtHL_l(HxwVc^J=20vGNsKNblkxNWpvC28Wgtf7
z2K!7J%kU93?dg}HGhS+-JiYbW^9(baaD$WI<aGa=(%7wLR;~t%wjyq+TcaPE+|zaB
zmH>CBx|Vh>y162dKxv7cg(%X3iz09;M*K?rhgxcqL@Do<n9-}8rZcu)exu`pUp@it
zWuxe9)AasvFd!VZ7^3*<&>=d36j)B2<`UX-HcXHxqJ^f8BPrThzXYd%90ZXl!l(ra
z!gxnP;Ze|y5fj5aG-i5bXx3v|v>K4eig`vLTyF)J#7iVm-Fl3MrE^1;?XFyDgTbyN
zwJgb)AO@em6ZWmP;utP2#XSg*TG#ky7D#12;6dtNVpN>_D|enYLgxN~3}6YhTTzgT
zwBba``>6R7Q1{zJTU8sze^un&n7{kWlt#!G#4$M<qer_E^xWS@=6xeQPY4XEY>3rA
z<G735mr_?tgrf_tpj52=&t*Y(1T9ujy0V4?M`}~*E<Q&e_q=}p#J30w@>49)`Am}j
zJ>RE?pjS=XkVzSK^h|6uIKa2Rwwb-ABkKg6j65Q@Vr4)PJOzYk!md43F|&?5F?Dz7
zEjc`vo+$5_b$7O}2PRH76!8@WmjDm6zb@E8p2Q&hJYMbfi)2B*WDN@{KwLB?oD$ua
z@)ttURm!Mo5{bCyd*q2c$^Li$Z87KWeV~ULqDuG640+X1MUoD11O|AOO9SkNj#)Vt
zL}8&iry`tk1#Ia4t%PN)Ewbi%#w$|9elZLJCJoh+$hQ%-b!M%CCHDS%YUl2L%tx{}
z^*ptf1f+(xx5JfqsusuS6>1(2YVPcuy%)^TC3LurPt7=qlq$ZGkMxXxF6>U~iL*~A
zY<1|?5htkq)9l;?0W@j|@}JMfeE1-{u(?qKRB_8h-s>>Ezq}CulqQTf!wJ3VUc-(2
zp-j3hJI3&B5eTJr$x0mNYrXs*cb+#Fq4ZS9c}5PDYz>k|F%hmm(!ix~I&vTx9-(y#
z8tlbav<YNZk7v>{QWEO)k&T9=3W;RNG3G7)Xv*+YXXO0;XMft}mNvYoVJue8haYGv
z`OFZ3k|E^uqE<1XcC$K<|5NZgTJBP#?1+NL|Bsqv58JSB2~D(|B&gLea&UBxgL^XR
ztWPOOY^tdl2xk%1<cLvEiXvtmt|}+AL2m{+R&RpsB~1rkF-mnhD`+y!ta`$O1ev$#
zue1~uaOS^o%fMfB<AXmqRH!%#MPRG&q>yqg|7==I;?f|dC$I2V6kBj1h0)1j+Bwav
zI&L_T?#+y`U(y*;YX;+$YX@IB)d~>&Nq<7n66lUnTKpD^;OmHogQ7|@5Zf?vJ&U8@
zjdU0!oK6UR6Mj%LoePV=Lj}=*Yq-a1ytt;^HOhYdMg)Agbi-bW)v$X~APCNbhT8~m
zyY=1ko6TEy>$|%Ge{LcVMXEehZHQkMWLvn)Hw)Na8gw3(TPfz8ArCc>Q*%4vv7Ton
zUZfQ$))_*fCN?P2`;ac368$z*I&Z^LTuanctMy!~;}IRc5X5B)nP~0kTW&&?bA%Q>
zRQd6T&;u|gt?|sOvVvyluFheviG^Z-q|_-8ib)_laZ{b8%a%tE3Gw^V%If5sdogBm
z<2Gp|bltA}JpxT_9_549?DtbsQp%6azIEUxA_8$rl*KYn!BY$hrSv$&7?ls9EYTKL
zzLT6jSI<jpCY&@JKa*8QTnPbHjll6x$5yJ&Arx@QSy9h&+K1$++s@9-Tg2OTfk|Yk
zD5mRf8DKZ?s*19x%DHu<J@I~1m`24AKQ!%|F;%|zEUd;u@$=P!aC-@!nkk(?z)2T{
z4I_6pCEHo%LW6WC4wsj4zwe5|`6hmhG7+t-x9Sq=M@%F?_vRE3?{_xN(6^2WW);FU
zPYT#{Xc{}NIvzGoklL_yU)SW|Z%(o&Uq4Vq^lsq(ZpJ5UI46hef(dg4N3)cvUnR7}
zQ1;`-0JUg$m;A$TkxXqQ%M6a&(*k&HMP)8bmqN=W%378@aXQU4in|ge3l7%r93whJ
zyy7<PSDP8nM+NaAXo`=1+E_*WJ}+GhXa&kQ?J;GT&8UEHW~KF5Vos{U-=lB2WDARm
zi2Qpt!dBDWwgSed#IihoCIQ-my|0nZuxB`()r*U@Ew-bh<O$d-f2=-;YjO*eC&`v}
z7TI#-nNw-?!LtqD(nF#Jhh+Z%Dn+wp0n`p4gGH8WyPrY_W)-_`l{+kqt4`q;-~fUu
zYtyw%g^5!JtR02WB(7s$DQw!Q(MpBwp2b3Fc%@=Z?sGB*_r3m-i|m9Z0zy-yaYw91
zFoJ3Hy|X_ZWxN4r8k|5uIXzlE=(leva2PRE#X%e1HrYP{xu*G>a22<qa4SC#<QSeb
zwwbDtx%|C2w)^oz2sZY$U_pfu5rGqKh&+VPH(pc~?2=mBFP*jt9}!nk6^)b{vUcam
zTiYLcKMlB*)=`X#Bd0Hg6m0x+gEpT(@>bEfuDC-6$f_@>4Zb470!s5JKt@z4_OKxo
zgxS0cH{Ws~L8RD06$;Og=zU)1euKZ}g3>+eHRH5M4m^=UEDCOVEMb@Aq5{`Mk93u6
z#N<W*b0X3s?5xxbOHmz8K!a+9zPBy0WC$+Wq_#}$6^LZ<DU<8A?a9y(+6l?1goO2L
zXV+evmuJ!CU5Ho94VA{y$@#3AMai9E6s>!wXqVITkRkM0eegnfVTPR^p4HZkW?Q7^
z_jw%JtTxaEZgp<;*pL*}Ho#}YjKB4`sg&0WW#}oRwe6shEwD@VsfyY4Ch@FmhsDli
zUx1dcB?;`R1x#!Xv}yngH(+lAf9aJW)k>)GDf+l&dE{X_Jibi<1f$QOoT__$6xBcU
zh?hWYFW_&YMw54oQTT+Wmmd8OS8zK)ujV&9Yhf#lG?A4Wd&({?2;lFV(YESAXv8Vn
z;b?_wy&qfiHf4ND4!k6y`_vGAD@2srDym(*(s>xSo>OS0xUsVxq*e!t|618T?|ZV|
zpIA=N9w+{pIUQ%=z}x=$jo8*~4d2nX%Y+o&A5pdIR_8ohJuzjp>_3n)PQ~~Aaa&LA
zbs`1NY`>zPyvj#=HG$%!?{UqoYT%K-Ho9RK;TCq)QVH{XS>zTil37veb@9(6>Un>f
zE|w<r=`^aLBDM$u{$`TDHzg5uMA10%@LL$aH~v(Qfc|4_{X6Kdi!(e#(rsxC5qMIC
z7V@{OfeVxd-DA$RZ`=?VY$&q`Trrnq=W_Xfxdgw~1<C3oWuO4voiAMHUPOYPICn}0
zfa?46J=xPS>6t}N+!pfX6CF9!qOVSrS6fUJto-Kv2iGPM9XVDdCJ9=nyW>pIBW{c@
zTF{J9jHIAP&`e5tS9mgO3-cDjv;2iIUrnV|mBde6NpJ;;lq8Zm7sStf0YPCLB~Tjk
z<;*$EqYG1FX>Xu0ojqFj$Y-YUj+znzv*$<Sor#xz7wjEcYKg0*SCc_sZ?A<gGfjQ7
z1%jtVkS<s9HVWJ@1@w?7W^-If%ky|D```8hamuvV1X={GSp}QBRq(6+yIX0m@4YSe
z4yb~~RH%CgcS0@Niv{AEwmF;Qg%La);!VM+lSbu^@k)SqyS##u)mdLwe1iNO1A=kg
zbTVFR6>HUvp}E#nU&JV+c-jn`#+u3bT*Jk3V@FF!*d(WdLz9#F<j=~Lv<A}IH3#Y=
zi~Xxurcxz}Tt|r}k@MOsCFC``#SMFI%Xm?`-pao@HEV3e!D=FdW-C-gp-yFJqgKs`
z&fNKHtcQR_bBk()EXcS95@qkk_O+8A-cz<d$zz`(&!6me!gwOpDno{P+!Y%4-t>`(
zPYv^xs}QPRy4^7S)uRvR4kr#j%|%81vubUVZN&%C+hRTlS!!*ihFJ|Y@PxoFW73lQ
zs}zEl9BhXUMN$+eBV-ltmG~SQHk^pPP&lln29*G0)+!6;mJH#IWq}P8L|uWPKC7la
zNmW5(Cw%w0kO(f60h>7;7*F-GHzz%3y--W%9I7%q#N*KwxLQ5e?%9)0*g1vb2_phG
zk^*!&2J7+sQx0>eJ*PiYsUkSO1>}=l(ZWTbcoKFmB%$9<k!0OWY(vW{i8MvYCSc}a
zjp%{ws;Xu;Ic7=m*CxzFgTS$?@jus_jymgSIq_72tQj#~0C+g%LagKW-w&NXvY#@f
zbQOJ9?p;V5()rv8F{RC!3?tF7lsmYbmvpadrHotq*qhxa5i?%cptHOp7W4{cP}F9O
zjn6M?Xsc_Zo8=ptAG<EE>bOm|e_=w?*#`h-ZEu$b>Q;)B&iUM(UD{i{26LnlB7U2Q
zze;>+n&wKIuJL~jdKNW9quVE&2~Wze{|dFT5vA-BN7_T~zwK2z77OV6uGDqFU74m3
z+%b+{dF@WFF^~4sFlr66Z6mtjLF_mcxn<`uV2+M2OmV13_nI8>Auuy=U&du<npqD}
zp$NpJTPG83R=y8=bCvT|($}Uw@B}7@8V|4J`!AO+U~Oue6rJ4-N2{rA*7_XJ7aPI5
zHdj?Qtf9uLVPkZoV~ym9ifguPe#MO<aAU0@)Gu9|IdyDS?mh6ZjI~yza0#^;p|Br+
zMXasrV|c#a_tJ$}a(E~#PgRj4YV!cmbb8B_5|d_}HpZ|tAduh;wq+7VBt}^yV1Ld_
z{&}eR)O`;qL2CCvB+3TAjZCPyv{n?mYMNt^p{v2~m-~}I7NSu>Nf#QjPK>jSo{*u3
z6^$W}IK5igkbT4i5sn)cAxg=8a<EnWF>S_Jv*E~*e@x=gsZ7+Y5dR#dQ%V5lR>FyJ
zp)wa827VG|WPN5!Sz8&wTAU$kcq}u-Bdt3Zft4%piyz#y2ii~j*H)faDzL)d<$!hb
zL?@i670O$TQ=lP&yridZW{ApAd&(>n-lP9>fEZNVODixqG7wLJM7ydm|9Qe6oK&B+
z({o%)Ae6f69)R3bG_AUFa{U2d$sag?&sc-^YTk%hR?MRnO8(T)<Q#&f(Y?-zSFCh)
zp@T8fxU4W=UPCnD4?;yfVDM+`skE^OJ~s~1Riv*;IfNB%rbBwqKaVW4{$^Vf{6$hp
z?Y}fEDvfO2y|3b?6cla}<K8nZwuMTzLR5<sSVHs~b3XhDnS*m8M3oH;r%ero=<B`h
zVVa*h`M467yr_cv>EVNe=Nm$>uVcf+D9!x4HlXLl8+CubS{r^ygOtgfW7^(1#rbV-
z#!Xbu@HMB4flT*UGW<YPwi3=PL^7FrmQA=hK>AdS3Jg0|JUP!>DMy0G__C;o8e~}q
zmr}x~%&2IP+ITBTZI&8{&6rYKidZ*6VE@P)dKWZF6r~9hV?lx3)kmof%!%WGKVTBB
z644(kCL&3}rK?n+Sxp)(P(WW8TVS)h!!KPNe`rVzlM&|}wjdr7WaXn?GL?0_8{X&g
z*m+eAgPsar*<oaZA6;Zirdry_U2h)`)xa0pyDnx?5>sw9Ctm_~V8h^riz=_fF6{T(
zrdOCe3xC^ylG_?x!*F2S!q9V_X47h*rf?;OMaVjTe}f;j6F~NA6XLjG(ium<=lKcG
z+?cw)bp5C0<fz8_L4AO#Bhs4bUTrKa^8&hKS^Y7utv+N^iu|@7S??Id_+`4|T1{T$
zT$adeXSylG-{%|9r{-X)s<m6hk8<gy+eW+h=8UFUQdC!)+RI#b2P+c|VE{gi3Nqza
z9-lza{%^sN^nT8)5?y^Zal>TV{kz;p?6x5TYy3k4qFwYgqZ8>@^pBm&%Hhg1t4bOQ
zuGebVhY%kA(){V2Ke@>m6e}L&-25po?=PwO#!O+vCrFjRw@L$@hQrPkA=s)oab3QM
z?{UuwY=zy82e%xx7y(r@C<5+5zT|3`N2#q_CJvmin?0cRuldXDI8pB$`U3YmKGl8s
zFkZx^t612Tfh(x*d3jg_ZO0QNQw82_Inb8KIC{<4iMR*YH(|pzjT;woi$4(WczmT`
z#QTtxzXjL<ru$9Z_Ea{#QE2tQVxoNBG$3mD?4sbh&zUq>q%JLT*v;+qHLaG}(zPoZ
z&k(~DRPOFcH43J>AIg?{6rmY?hK)a(?J2%Sf)5WPc87YWz0VXw^QLzblB6rKZ{#4(
zXqL-!V&(oo-%3CYXFK|UE!@Ar70sCns!7%GP{A4kkpeyaq?SK$0`f?tt57j;UezFU
zdEOpGAf*o1i5b;;YSSI^Z)?jSx6$^YC<Ul|{_SQVx&HhcX(*587fddN!q`ENW+<28
z`&nD`^f+vl@AO9GnI^IHi!6J<Fs1U3{RVa<Zc2Z26Vrw7nA_&k0)#DyNy4d)xt+a^
zmBQ43T^MP{D%~#}8|A<t-19dX5xgA8A0rKSP=Pi~LLpVk#C8=@nMP-JMYyjkv$h4o
z>U;LG3D13F&LTk40$iNkv~9o>RhQqM3Zq-rxx_k5<mzj0TM=%=S>A|P#F&G6h<%f0
zB3-55#Y<oy6&ggU>wpkqZ4Io10>Y$X%moLqR@w+!|2QH#X;N*Os7z!RhOs)e*XwJ(
ztVEE^TDPCQptDlKHKtD4cDxB(<^6@i<GAFsR$+Cn@x6xC5SZk|Jq$~D+uRPRF+Lb&
z4l&Imxp+Nogf9OPo!_g#7B@$Rfd*D|C3Qe=>Re<OtDqd=hJr>Rt?kR_tmJzoIY9-)
z=1N#^MX78O<&KM$LKN9uh%1hj6p9?I%(~-4PWFm2sUoDu`cR!oVgod+fYQXs^`-mB
z*-K2Yf+MKIeg1h>SUS^vP2>X-#$7cByK3#9`2HBnv$7;5OV5Y^(8;Pv`sIrh>F;ft
zs%(}Ufw1MK5f2sZye(p(FS9>AsSW_ARhq-FvIF#qKyzstGsh{mnRm{*^d@S|UnYH_
zhM1O?PCKtw;x*rl|5DPDEbZ8_zgnS*^cr9*V3Hvu-Up2oz$e<p@CAn?tFy1D;#Gd+
zeW$EA3fw#!uMrOx<KGWOgRw*&45}s5z|Eow4Bt1xnKD^q87fky(9GwPYvlmK)56+)
z-8x#w9u!5gP#HyJwKv&Q*EN0op~5y9_C_BhUIqC6R9fF$39opFjY(zFmXloZM$?P`
z`OII3U?%VJhnSNSj$JF^HolUPTZI@uPN|0-Ob9}p)p>uPGOWdB;7v&QeY2mcy_~rO
zGhf|`7P@Jj+-<|6yZ4YOf~5c)%YT<1Wp7_s+sToGEvQQ&n<pCIr>qX3Z1Z&UV697+
zlSehKGyR<=%PSpJRkM-R#vVrYn~_u;ne7j@a)up&O0oE3shGbE-k~IgXbBn(5vJW9
zWR=VTC8kRQlV799TFI=W6X@vYeZN<8(g$)DV=%T1;i`qL_JvcX*KsJYyJ7^+t`_8P
zT4{<v(X|aZkg?qHHf4Nkdj+L&(Q=N>XIV3)Sf7(TROg41(~Mb@*%6Ha9+&_&NvPlC
z#}OhxllAD&^Y_RK*`{mo7(}`VnW04`Jv^Z15bE7#$r$$y=Vtq7g2p3z^x5~SNNSx`
zXZXskswEF<9aR*>{gqV!?6!O`JfQDfBxBlaorw7N6U;tdfuGDHX<qR2HRbwU&w|+t
zu1#ZiHT&IF&Cdb{@kyiV%+qH%jC`N?k%IXYdHH8h66_;5?l>faTIZ=v_pzufBtb7d
zK7U=aYMJTao*|Sk%b0-(<!^zVamoEC4ifIz-TN^{nPv+rKLb2~nrawOf0(1+b>?UY
zv{l6DSTd>zi}us5*WXn6Z_iN+J&M{L;_Xv@#;GK@&ne|)%y@iToN<XyK1vX{S643x
zmp-<cJBG5OycZxQ)>j#~?_>@ixN!J+dknSyD+B+)BT6VJmu`+=1VUstgCkeII)*_T
zD@5D|s}uW(Xm51^z>WUYyP)amlhGp>nl#NJ;=Mffsv_VnWw2TxA~HV{>Y#KI4QBmK
z)I88Z(I3(u$fpYyK55iy<J8eV(Hw2&;yqnJLjThsQDT4%ob<0P9h(wLLL7yK$8=52
zo{mA|-9W671&-9F;XC&{{Q$o}kkG2&xBlT62aFCC48)IkfQwj(9EmU*P2P1N$gO(G
zPssY&48yGCgoXq;@YzW#wvqnili1is>I}0n3!>zuMqG@j8n%g85AQqGTN8Kh8U@zK
zjdQYb5O1F?U6|K#p-`^zJh4p1-#@$1se2R&rL!E~i)N;#u93XoC2lHe+)N`X!woh3
z3JtlLvux}ZfJVb*F>2hv9kZCH7_krbd%jSC88%U2wKL>sJkm!wG+#FO-w$ZyU$+R=
ze4s{<Xz;z$n3rk<*J$AD?%h4T7DOHg0ii-zhk}2Nih_`CKz<09-HW4{a?RfP>Sp1H
zbKo-O?hBlg&cjg9HGy^Q2s<U%IR<m7irVTiOVZ!V1E;9uu*xJvK25U3B-Tj;x^xoD
zPNlXiq9jM58r~?vPkB5E9>r*>Rj-K|_on5;5uU%zULVJMn^{e}A^q#q6*j#raDJMU
zaUxjx%`y2x^yI1rp3?MENE7Yvdw6k5ACTuOf^W>)-%7wzsinY*#u|<Hs)irNgwNf1
zf1k;z2Qu@bAd%wAhvp;SGQ*Ez+4O+}p2QnB{3>r2bjdJmNHNX_gFD{>H1F5~xl=X7
z%`7DxR3@-fabekspT4T9F@$1$7F2xJxg(*Em%_rF1>oTEv--8^Y4e`w`ILdmLp}o)
z&$d?a6oR3{1-^M6R5{KdPvFt?Is2S09!oYEfc=CgZ1#ERmC9L}l`!%0dLG;b8rfs1
zd#7+f%Ia!jM(L%jz{;BTgBh;jkkbWJLH257-9g*s=t!yN0NcR%!UvvmO@`Z){aNsv
z`t#)`{#_ZeIoH*ac}~-Sm*<va3Oi$#X-d+Q?JWaZFD=9RHO}B5q_3F26nlTsI*M&F
z03B_w|6^$<M#(2Q5Ve04z3!K88M<yU|1cicPg)Av6QOScEj@m7PTJjm(&VDelG4Oy
zqnD$8PxBQWe>|twhDRhaZN{k0mBvab^NUqBoxDez&(#P<EmS&>S{rp2Pg$3EidWqo
zH6AaZM%@{#*@O4i+#}_0#v<%CHp^Ie0g}40?axldGV6t>g7Zfzwsoq<6XplaB60EJ
z&Lj2@j9YG^t8Qg0_#HjRH_!t_VuV8`E{TI$oi|<Xh)b~zBvNeT;^Oaw(&@At?r>n+
z;Z$d^qnn9-p*(ml3M%jYpdf0E&DEKu;CCY>*z!!OFyyK21BsL3!2-tFY~r$DKv-Nu
zqgxO}D)QvHKx->?(KbdusyP9;dGg}U&yNTb1ngc(PO*w4-A$SOT8S&$O$mKzNRUY>
zT#(`XVj`2+M!gbL)?(AxoPC1H0(g_;Bi|vp()DYFf!PF7Yd8JP{?Zs`wn@o3ehImG
zPH3u8G^YGQeURqjv}O<^Oq-c#U?lH~lBz{qXuh4<dU2K(!bv>7^q&`743G#D6ksNG
zR=#jIkB7luL+97ceS(%Ho6vHNadwQkYgArCouOo8wDsM#;$KF=MlgAC%d{aiC*Ni?
zTbGeDdlWyOS~|N>&q4CDar|4^XP8T$H?HJIo$TgAKVDr$K<~uDb<^4ie9W9v{IVJ>
zY8F2ZQ^mS4@g9<SA%*eF-RPJ0gOxxh1Pn%Ky)Ccy$2*EiaB*9ikFbnll_fRGMmb?&
zf^O;rS#W)ymoIzNx19NjYQEVIK(^9Ij_01oijd7V8idQACg-kK@Vh+^OW6F|?j*Z9
z+Uqb$WDwpTXt3Z0HrrzY2^6Y%VvmAvVCm970%sSJ%!VIJ138t+6O<Bs)YAl(?eLLM
zN?BuJcf<tzbBf-lq3S66XU##a9#+@A^D-ZIteZ>g90XyKYVmfw`y84`Lf_r|q#QXo
z?yHFkG0%Y4p!@<9eW@g4-EFsMia9511;yBO>v~LF%QVuXqW%lux;>MBOt-7q(6#vz
zDvfqt#Yt@CTDH%8*{F=)x>RYveTlJ7sNP$YSsRJ9IYTgH*%h7|NrTe>)8NRe{<~<Z
zW;AYPr{;1%izznN9c8k$bUsUK;@^{&@%zy7BZ4H*$-@PYUqvO%_U05xStANG9F}9k
zIug{jT3h(o6VI~%XL-@DeOB>6SEWd`Rjd%|00p`4PfC+jQ?clOl`cEYf2PS6cw|?L
z&9YI@Mjl|)t^~~H8$6&j`Jz!KuoAcyLs+%F2_5hZ`^3Qxk8)19Z-CHTA?!74(fh+u
zn=#tvr!17FAXu=^pSo?hdek+}RlK-QN^NN(Xe8>av8qA?RK%FF@S0Z*ILnSHQ*;g*
zqDdY_az)#YQKIb&uE%TmNJ)D$4s=M7d0Cd$LseJPu^o6`;kxUuyk!&8dbqf{>pwaW
zZ><T5vXND=5f6xrJ$Kmqf5F#?W!cdNJPGff<)Hfo?|btTY9N8HBlJn+)l<@tMGO_&
zWxdHv3?$M4Z{K=#AaEUB1=ew|`yPyJCCxn?a9MF+f_5yh@?xrWdB$fks!Ep_rK6u|
zkpv1Ok9i{5`fT+CAHCprqR~YESztDqr!=I~k(@PGjINdNMfGPb9!WAe7eIArenHi4
z8yqY$Z*s^;QR}Fcik(`zI>P6l%*4mGc7Ef5r-DNP1{sp%d0f6JYViF*p9zVjj6wbm
z>rCSEb<!VW)U5%!fS&Cg5+_gflW=1m4o7$eJ6k|U6C^gHvBaRPkm@QwS;>!!g%F}(
z>91q2>pDY}FQ;DCj{~0_jL?=G*3%&M*tkfAq?U8cQk~WuB%@=sxt+<<KD5;Jj-ZZF
zP;CMZK;#lmx3M~}WHon5WP3Zcy^I82mN=)9w<W6e8XQ*s*K`;sk5=oI-Qg*_tCBkV
zDGTqn^vvtO;mrcbxH%qDfAOBg9^=F+=Az=;K8SEhhz}uXEPnCO>g|fvMTxZ`Nk~qv
z45n+cAk+uXQE0CVb1}%EpS<qUFpU$c^MsA(0xh-awTN;eu0$X!!g-;NYt?@mHKNN@
z!K0L!biU&jkgC*&!n8t3Bf3#QuI7}d<c$o9*uy=%;)`Ye-62mRc=bN-wy=_uEhZ_|
zEk2EV*3tcGXiyhNC_j$IJCmlw`oMzD1su|}J3PIFyn(@NCDpcjU?l4|+#yM{uuaPo
z0*1YR)o@A`xbp3?EMk^V&QkNgEoJPkGPu$ObemYQ+BW#k-t#$(8bx`fTUA>SL%)a&
z<PiGbD;>v;a7&F;TJ4(6*fNqz>i5~>sr5LT*)Q5{_7q%X`jy>V)T_-SWEIF42Yf?s
zzDP*Z9tesA#l^+F+{2~&(n3#EC1;tn0{Dj{q;NHL>+kcDl7n}mUr-%Vu;+|pO^oOD
zqysNcdt2D{4Pwf19bC;UtR_RWi{|@4qqxuPphjwIA$H5Hl7ea<g{fYC_qUNEksY+4
zX>?(@jwK00p=FjW!Db-2w9u>V-1%8;ZS_dL?jcww$(Kn^S+lmg4WqPY*er)s00|#r
zrnnu|0>c1f2mG(QnmC@MUfAW0BtImH4O8!v_EfO8S58g@!-a9Zg80R3P^q#wkWopH
zP#W1wCj_t-25#`%havA;2L|>Sx$t+MX#3wIS3Ix=Fz^G}%TGOo!L_fU$hBI}upqwr
zBBFtT(>dVQ)$~)t;--6GJXh4s0F2ykrN4FTBM2Eq@)V=DJ{p{5h2)c)lV}pCS^n2P
zu?G7D=lsLB8+7BdC<o<>ZQ2BBvnSKpQk~|1&H$mYUW?Uu4CV6@thP%S@4rt?h)LB#
za1Xi_84ODTaO=P60?gLxQoc7UK75p)AZNv5hk4!wuibkNS(g7bm+I4v1YpYQF)m-q
z9kM!12P<ZP*jcNxk@~8F03&E_ue{U7<0Z#9ifahuzBjL5FxGDm`!GpG8}Pk^saj|j
zgXi=eVz#7cE&S>F2_+_6IqEtlmKP8i6c|NQ3%wn>RuH`LOhb^FJVb8jBFg)Y{do=k
zb-f5MHA(e_(71+{6YQgozzs&0NO#;jZS4{(!xGB5{g+|ukeu9Wc+%X&M*|yxg#2r9
zl>L3t3Hb=**RDQytQnCIo*)otzGW}wwmIvjM;`zkf3f&(#qSjV?SvdZ!P;=8+?imq
z`rjqHZ`h6UIz-TNE$}=XwC2$4)Fs>m?Z1`l<aYQIeh$CHdHW8{18wBwmk0^6`S!!$
zN&YLS&H4f+CYQF<Mbl5=`#OlA;skvHdj4&Q<3E=@b!H2nG61w{LeM^{*#yQFrEUvu
zI8cW0bce_9AaEBou*tV!nER>_u-w!sEpG|s`TH#T0y!owcQEs`Ll|Qebq~jD6X`>)
zT#)W)lwmmVJDb1h0LaV2?%lt^O%o&jN21&GzlnA&4f7{zsbnGtHm>~HeO$i42aSG<
zpmS#AXfFpp2^`7L7^Ua<UALc*{23g{%y)^<vGd0bH+butX&X)k>Hn|}pa&y8)}o(O
zSR|H}iec!&=6!|rH^;jYK(gud)7MVocn^o4b68I%jxAzY1bVDg1sX#<m?^l(tWwm=
zs^6bY&CwT(F5C#7@*up3SFCJd{#51V5G}a~230Yg|ESdyLB!nY@q*ZPH`I|JkLab@
zUsR*fA8mzrU@6AjPhj1cp!)55+gt#q$i<!702;M>sdDCz^ef!FBd0G2x%H<*Za$@M
zHvxO|PE3B6B>;n3^p`UlkEH{bP`b{N#knTlIIqelnNihoryMlq0YUy%ma0>#z>cIX
zHLV7g!$~MKe?=v<0->rpcV!jfc}L{sQ-r0Cqn-zf_|GcC2PiJ03;lNDNb@z<D`XF+
zO}sg|lMPYOCiZt@`H;EkI9!*4f6lh+aI-8z4~2*EP2kYG%C-wpo+Nsi{s_TwF}DnU
z0wjlKEyRB@=SjdAYofv0P3hL<hRl5cGkO-e+8N>m%DbqnW?`Re299I&_}WMdTS{c}
z8u?Hhx3my3pbrTcSV&07ub)}+^>uO*ke>^5QuAx|CCMM%%^>Z2N}gBA1YfEMYfAIy
z{Jws@0gzf$4qkEZum;^>R1FJ`oc^%Ayq3`7DFFL&>c?+8&20W{Di;*;VT0=#8oJ8e
zxnxrBgf;(wgBHxz><0l5<hqPWgpmtg4;WE<jKNQ(be}N<g^DEO?@W)sldJvo5lH4H
z;_B9tC61-oX6O;{`@nj9O8<BKrx%_Zs|w|$16)p~C;u)fpxv3bf3I@cSk0RoHk~ny
z#0MS>Z8P#Gp4rm=zZtIoi}ZSav>u%EtLl1OXZFL?a=$$3f!o?oGwAwySJrYrZ1{Jm
z+mm}^p37oa&r13H2vg5e{Wxsg{ZjMWdio1Yd37pnd<pa#@wmF$y7je%7oJIL|7hOY
zFWNywd_By1N4a?wZwRFS7~H1T_IeoIZlMQI_%_^L(pE!{ZWgMvUA?YdZxg7$x?-RI
z|9G?iO{I1ID*S?WQI3)Qf&N1b>>pGIA}%Z?R4Jh2``;uf3=GVFk)&}6zlZ=GJp&z>
zZ37*h89f~xm>ol%?P?GvEZuYo3g~hJreILCgk=bWa$i#(gg7sF{daH1e}<QP9e8b#
zVw9BMA~X`3s1gns(Xw#;R<pk;y`Yeh_jGi`kacuaeol4U$fA|%5=lgWEIX!q{8m0?
zWH`q((lOBuEL{O-zK4z8fvuxFC6%~mk46DUg9MTJ3k@?g@nIPCZ^TfbApi3Jn|rO(
z<0bzI@gMTlFG8m&LI>16^WQ}NdnQS(U!d~;RhNYP1<LZ@Deo^(CYb-BW)rT#82+D(
z6c}N`D%kh`y9HsAYXTTN{QvGQK?;oNzv}-b2$PUO!5|Wf!4Utu1O<#0_@A!-^Lqa$
z{3CQhEDarW>0B%=BI5o=r7@rdJbj=CPhz|iB3Hu@D=I3M$T!HzH?$4c{OYG&9!`#a
zd19@CXHF3&WlMk4%(AB^>*|_MaK<Q1P`mIz6WBrxHKkK*xdSfwAWH!4_OXY(JOf{w
ziB>g$0(ZVwZmOX)QKBGY3tO1Q((o@@h45b*;#L$hQzG-!aFIB>lKj`UJLyF>2=C6T
zK3>=cO3=|-`0xeDgY!|=j1rMhW<n}Pj(U&)7@G6wYd{d;oGW(m)r@6Z{&)sauo-mj
zO&}@o?z95*2QFw*v>Hx&!SUAHCeNqY&N4lac!9_m>H#kgOA6nxiiUJ+(%*yvA`a7M
ziM8=dY(W#TYi>W<q8;7FB>a;&84`K%`cjab8efRh#Zhk(+crhWhe!l;z1cWQ&zJdo
zfo^OLZMbZ>eYKAK&z=Iuq@UXv+yjR6okIkgYsU2-p};sk`}mmBV?Wgl21TUyjlC|A
zi%Xn<&cnfruHCOnb%j|`+M=td-qXW_FdAseu(=l;4j#bhE8DtaG3)r{kEE_65{|3-
zR=z*7>vp7m7HC#suvx6`RxZ@-P;@>y^hq+Bn#i8Zi%4K7yHn0)eyhq-&r;7xn?NCX
zC|8A`Jr5x=wsXF(mW+Pb0#3f7p`gYA`5~@0!xqokgo`11vj{DWsHMSwy?CYd4*nk*
z>lVXQJ^qt04aEP*_<!`$qzDei4GR26$NwXn|HSbB9(zLv2U9C!`~S#iL48a4wDr4J
z7Z4D()V7Wx(^TD<xd0}N7QIDCUs;bJBOaGY(y*-!kVCHHLmr^nU2=71v!sZVF>iS=
zmvnuqK<w{B+V3#CWsH0>Fp(#>j^CZ!bIo0?6e*|hS$zU`VUlE>VPW|8c_8wxRMqhe
zLh0QORH0=<ODVx~KLvX+g+sw;LT71fk>@7rci(0PgjP<|Aa73IxtQaaXfiVfY~P6|
zzjQp@5^2$3jYsAtWRhk=_%@Um%<kP4!)w@u&3erkLu%7?)3Yi*C)3L@UnW^v#wP|5
z(=N8&)u;g#&-B;t(4%bRXH^TcmCV_-&%1li6J{xvcb{CwAbXOLvQYsk6R0ilJKuC2
zQd>q2Bi<LLw2iY4&gt7C$?eK)_83|Ox8mw5eDC-GEe$-fcZ|2Wl}E#)T0Z*PlYD1m
znoAv|9|%cC!BREP**&`9Izr6sv7#IqkvI(;VUU0o1JYG2FTc<^?I+9cof7F^?cJNk
z`j$_%28jL8+Ly++sZY8k0(RQi>YNUAAF`MC9W+07h22`(_6}}G#X7WhxFHDmG``ok
z{p3N}Siz>ELZ(NGwPd7Jt@b>?Y_Z@yz>dU*b0a*<TbjU1f(Dhxqg5sO8!iO;fwevq
zYsCn#@u@igjbRZQBhQZw#u4#lRUvd_%L&VMoE|y4CuEMg5zA*g0Uq8STtx7_K<K(5
ztf6|R2a;(UewD1<8;IE08~N=5CW`2Hlb)@SW7=-X6#=3{He-Iwv19#pg1+St3|!jO
ztSP&Qbz^tflU^O)tK>Rnbo|zF4C9{=OJ~6SX{+LK>{d@G;ck@pt;wz8cs-2WO*je?
z5dN`O!tZ^ILm{2Qn$jNTe@{NfWkbz)e^BmY;vWpDVO0rk8O&EuomFX|8}>~*;N*rq
zQAHBP7h|>$y$FqP?y)6$)QZ)cp31x)8xm0}S0#>ErxQInx;yD8Q5r=X>@Lju%N;Np
zUnSOOw72&&WXHnFTT)xEhMSVIy4j5tsJmI$=9o`oIf__%EOTWHo%mXl=H@ne((Y5+
zqGQ1qmE4^a++9%~`#)TLWkB9c(=N~=#i6*nQ{3I9xVyW%LvVLWahC$c-6`(w?#_+7
z9-jC7`+j9JGns5=H_5EbHR8+Zya%v7!<({R9a@dk>|w>rj5l3>7G%8F!X{g0*~je^
zE_qZ}J<igjP#b<*co;@YGzc#?QgoEPaT5UR>v0lUQoGC15-kT&%Jg&+p*1%5XG5cU
z`zuxBP6aX)MY&+k&<W7BQ`N`~PzzB%c}53`nWTko`YTX(I&t9c+LU$2+O4`65pA{)
zo*yQr^kSXKaMVEp9g4FKzcOo47DtOMe(iX${i()Nhpti2!oZmXc|SB#4-_yt8sMcw
z!9c(P(+Sa&d4@^#UI)ILjWi$~@C6P|`TJGG3p^`RzP4|TR{D(+UwR`d?sun1-|$-S
z9(th8w3mBWE7F(QVaNUY&*P#ea`iQrMB1j#u<_eawbAWOy0y$?DHn;6Cb$26Guhkg
zpvoGB$RMRcYeo%r((DPYN0t~w8gMm)X%Q6$Xux?}26IYAUtpF=d+#Crh&H(QaIl!`
z{*sPY&K-#&%-+zzEqxIyj7@k5NxZ$k5GvD{O+W|aox-Tm?oXsi-=;)RX^R(ng(SD!
z5r`O0hPn&e?KCZy#3UZ|!fN93yH67%A8X@fHBnQrAg5Dl{h0Ttd~%T{SPHcf!m3ID
zsj&VBtc$%-Xems5_`%aILE=v7I-H5TD7{OAc`2V<@}A&WZn(g8Gu}sEs=VxYhH>N+
zGqPnG@mPS$pBi>3Dd{3~D8x3kmR9I5l<wEE>91jVGt|T<M%QsRl9&Os&S;d7rIoVf
zi<`#7b}BRTxu@gF=uh+JHDQuveR^R4Ni6Sks>e=qsgrvUhTGvIL2e8z#hx$(U%Rfh
zgbR+4^xAZFKP&y5gfwts)&u59=qo(`cBt)fqP!1XO0H7!u>WfBCH>K<+;Z%$+{pX^
zGQYF^xLDo2KK4moY-Dxf=verYPK-}it-@&~Jq-B|j3{=zJ|2+;ei$|WS4sjfr-1Id
zpJ*^`V#+IoGF=k@Yrtes_-COCwmiryo!wAUI=L>LP7v=^MP#Eko+rl%W}Hm5%&e)?
zr~L<kJMR8L<DCk0-4zdAj#KE>9&^v5GO2q)(bcRewLUYfJoJIN!J7iA{j-f%Eh{pD
z>9Dwy1<os0vu83RbO*W->=ze6Ww$8Y8M({R{BGG4#eJ5?Rd!9}*cKKHq$aA1omaJz
z1?}`6T>MJ|*@;et-1*kJ)y^M=I!~dV5i3M`C_N?Rc@n%4ji_}u+dEEV>4#mEYho==
zk*$rGyeo$8-`KjcFxeB$uR<__;eT~>g!^KKQnHivY_o`~f)WO)q@3}AX7vfklth$4
z*huiIzAv`E2gVXtv^!zN9&pLy9f$F~3U*1RPTgf7c7%zsELxg85s_s~8drW9iV-*O
ztv7HF`0YaGqvEK9+`v%Oq#ysfba@9dRWYtJ4)zU?M`bD_)z--s%9^{;+}OXf5seCO
z?iYH!iOfPKpU~NXXtHwvecin(rOv&1K_@ft(6Tb#mZ6t2hIGFx1SXR;<<j!O1f-E-
z+JCbS$ZW84Vp_R~H}*K##}7%!rn-4u2WcbT^DoJfgyaluXGB>n4z0=tFwvs0B#8Mw
zC$cEAeJy1>7g0Y`MEdG3byv%Hb|d9Fb@xvMnI&`s$%@8{eT)78A1P#vL*NQMRtmW@
z=HVT`FUo8xgoIEj){Fe1TLZ~UTQ)E8rGK}SCB>iB*z-h%naD`cjDVww*hq$@y%rtz
z*n@>1w1uDTB0_`9J8hQ1m%uF~M(r}N?B(G|Z&_p>A0<%k*e6lc=1aG-8z_yK2*0~?
z^eHW{o^tFIKf13n?OkM89>V#W=WNUitlsIvbA0^Ic^PHjp|Sn+Wuck=uk(_^j{t!u
zqM5YHj_S9m->pRRViGHPf+cmDrm~>QRc2%E&bPdXCMt}&h}KO~ny{yzGawcJl}eg)
zb$7h4luVezUwrpeoCEQoDGLGOv(|Ab<!BIOKov%@R*i*u=4z}lL%={GE>2Pvbj)PC
z>a8qs?}cz^g2pC!=U41mI};iG_$!-uN3)SN2>6V^4eA?Bf3NVLw(e)vBIIki(R$?V
z6Kab~UB2Ri)3e!TXIekKqx)z;T(ov?)!M&5x>)G)=gpbBW#w~a^R6Us(=iLv?aYlF
z0G`mtyFPHMx7+PsnTtH8sV-cCtBkFPW*HJllwnT$q@lxH>@OGi)XM=XjuG=(>@>?2
z``O|tTdGpy)~tl<3$hG{_r@fy+GPSc_j>hdmi=d_u@(tGW#ygLaTIltPW~(b`>7j+
z5~dNPI6~9CP|nCj&fMIqnAs6>MfcN(fY@NstKRYO?hLIit!-=NL1oT)!AX;&ZS2Xb
zc1vxsteO-i>gwxnMHi4uy{GfydF~HoH`PsU<bFeJ>HWHi6+Pcvg7}p=Tv)MtlU@_`
z=yA(ypR}OHx=F+5m{&^SrQMW6o?i<^{bm7Z3201RA>62|LxG^wfO_I$durA&!00b;
zhvmHKXlSvLY~sXf5?`DxWG2-s&V$LxQBw58ce`2EvU>q28~Un)WYu5UZBTy2U-Wke
zUK7di`K!IPH*}ghsqITDur%J@p`US>>C6Gx@0j@S^RY=ea2OL!?th0P^S=rrHKTfp
zidtyQ<zBt4aO8{+9fu?~Swtko0xc@Mpy6_mkn5gZr$Ab;m3s)&xnK)d7yQJaemq$$
z9o-9O{-oe?kqArJQE97?_ryNr<v(gOOp`}a{Ui*sl!Cg<ztBkU>7M#(NT>?qt1V$8
zJtvFK%85H_^!qgMcW5#5yt@<Xfu*XMMPue@1^`R<?M+;YxA8$v8`<`6U_{?V3&LpP
zfYsy2m(+Kk`iP1R`Jc81HLMDQ((Vk2qZ=toZtnJfmP~+1d4O}(c@yoDVCP&GV#0Wh
zz~c&@A-fx@;(-npGt47vLdenWIm}S~A6On0=)hK@9*k~6Tf1ax`VlaOA$$@~CrDjt
zLq*3!&(-h-q2!KP1n;l`8>ltp`hZNK1PpLRbYT8&)DV(Kz@V)O6*1!=LNsB%9FUF6
zSBVLomhulEwB~{Z8ZhvMLQkfY3QK?e-X2noK?j97ojKC2Z+vB#^#G^PPiQq5@yAVU
zfZ^f;tco1xf2!&!+t}2X#+=a0vNR0MRyOtkyT62j67ZwGxn%?CH_puZv$3NbISsf?
zx7TeYE16hXWX#-{MJTJ^2Chfw#v>ocb)Ey@mFo~NrrBwA63B?XQ%m;~^n1hR<dnk{
z*>hJy*OiF_q=?^H=E9$4`VZ#^hsu#ANcre@P1XN=)Oz9M6#SWHnVZF|s~(OTEu}Si
z&W~>uw$n#bQXc}&#E4x(#`Mu<!gt%d;>AzMbY-cj9fe3ARNFTq#<Wp%993#b3Jbg1
z)NI~W(<OeL9Z}MW=9OzS&l8J7MJQLu(af5sG*Su(NDQv(3ulV6gB#cR*Ls#ENJA)d
zEc9}}^AWzSMC<b9CrcyTib_rGu#PRe^B*f!F?)K-$DIIh|D1xC|04cXQS|N|xrLG6
zuP7hkjsvgQQPIAvsS2tW=u$ZKS$f1vdX&1c!=l~GPc#^{-Q>%3-zwnmX&#E=gb?$t
zQ{^O(wOOvGu<h8iIYpAAvKQkNv!NKX+v_(|)9R>fl&iDAH&AJf&z!lyh5eV*KBlPC
zXlM9z04D;(82Q~E;l>g8@&#S6ft>UyZjT7Rhk<z^j}?nQqoODCx8vG#6RIj5ML*ej
zmSc_c>a09(NEbjlgx|ImH}FAbMOd~6{ZNWPL}Vvnx|q*$3mPsA-w?L-lMZX+bdN%8
zm{!Zt{SFWLo3gcxVX|$$SiuhhCKSHe2pwzIf}aIo%tL=WiA@-6bqpnW?n!CGIrsPQ
zMEn_oOq1%P4>C~=i_Z3&AFvU2`iBcb^D40x!eGaOEOk6bB&sqzY_EGfn5AGZng=_X
zsh61V&HK99Dq_hel+0h`R(jN5(cYYF-&cW!+X{@6GCb2e&z@hrpzKWq7Qvb<h1K*0
zmtX*mWb_<~>LtX)ug;qJzn~Z&dKX3B%*p><U5`jaJ8^d|7?hQi<A;9h!9bUmkj}`D
zw<`0?U1>fmnT#M#-Fe2$bD{VGDrof}x6_4%qG{~IecNfA7^V<*9OmS^gxI_rxO@l_
z(ENJSZ{g<5gFwMzk0As7u;Bp%KzB+ySjYm?=q56~_dxBm13s*#W1tAZ!3IK)Zg!ms
z{iSFS&PPXYhCdyHZCsLg<Ace5xYw`acd{;u?>wwlx1*z0^srXO_{steQhaQa_L9<*
z`VM>U6D|t-q?FpQl?yXRR`fAd3p0CG^s=7^(7aZ<Zbi}4yjGc;#hEO^IKQ36J84(`
z+Q+y5rVZ{1yddon!N62a|L>o-=?oWQ68!&9Sasn;5CW@`zo{Pi^#fwto9Oc?hlu|1
z)haC~Br+>E)yI&iEStKHvJ!zMQU!p)fdxhSG^>3~nX#;!%`@CEBHd`-kvn6!(~-ga
zYk@3MaZ@iA1v~ePZOid}T7Sqf%XYg6PQZQK%sL)lNIQ5`GiZC?YpZ*37hs1n-xPS-
z^uvrEtOWLTRs$MRx%}3uAp}A{tS%b}b#G=bCNS~<{L}<o-Is&0h)UyA?o^)6*AwoS
zd$#fZF43zX^%rL^t{2xcpU6|c=!=6+Hi<j);*>i5)x4JS7p6`)$#Fk^#1p?)>T8@`
zuxkE{jGDIENcrqj;Pu=FXYl6q@85l=Wu3+hA%L@GCaiZGolh3ShWuh2Gf%>Pc_De1
zi&N93h~tj->3r-n81S^$z3%5VW?jPf1@Rc{4C^+Wb$P3t@RwnzISpl&a$okN{nz_O
z(DUkQW8LP&m`AIjJd}FX7V+EZ{OB!Ra9ykOb{m(9W*$!!0!3HW8$V2-N$DfFzJgZe
zG+^ag`FN4mlu}g1Aj09+Gj^(WeER!X^V>j>Cd$kf-y7_P1?Pi@Oj1x>csRR{fzH+L
z-u}=A=WSPqm#4LCR$5x;nOfJH!y6U*8yX9-U5~hAn|dA#QV*xlSTlcj@H%s1gY0fv
z(^KoN^3w@fJ*Y?BkPAfH{OoXr^H5p$`nl*SF+7UY=ddq`tXcjXtT!?<K7(|-fZmy;
zW6ViHoq$C7jSvSKj?f=$gB<zDC!HrRDo!SjzilEWp6^btx<5Y9-Bf%C#bxn|tY1=)
z29E*;rw#@YS?8C5U)B@%Bw^3;AFtl+eVDVWlW^MLp2&PR9T$T04c+ZJs9FgFFu<rd
zTEifdFM%0sHtvY#$q>F)(AY*xuGfu@!Rwl*cz<{j=L3K7ZG9ORZ13KX9d;`oV*R)M
zxXy*)z9BaZ>cLRJXK;q->us4&Vh;YrMuhI@oE{I{AA@{={ZQ!E_MPn=r1aCTW6n-^
z@%Bf<&~1VE*CPUT*;krNSz4;pcz{sHstRv2=z|yGmFjZrNNHCy2P$gHRaj$C>4!1K
zqY!J@x3U9P#{@{_k<GfCouq-jD{u^=k?EP3{IYG9pR3_R4f`o_Ja9IYx6V~#>q`)B
zTy6qfZu5b9twdT=kn>=F#fA>p%G=!^L)LAU!ZSu<V1m*#IWPF^NKhxZm4Q?3@$oQ&
zuof1N&X6c2bAihaoR^xL85l2Po_b!<8kSWAhWDK$afQLk3k!i{1GD{c?&i{l&cCu`
zTCa9Lj5xgn&v01fgxiicxh&2dB>B?h%X3;<UnAcaQono%31&*Rx4YQ>3h^GVgbT||
zrkZu8{HI}N#tBXx`8z$W#R|Y4&*%y9N8O?~dmr(79K17)*u43>E0MR$rbgi220HI5
zsj9;=Mi{+npEvE1UlxlEI!&<j%?zfB+p>a~`qNo+oWtV7&0)JRqdl(XZLoE6l|fXm
zcys+lU_EtA@O&(jlNu|;nHJnKb0Ce8KZ(T<?@R{Iqi(a3-rFwpfDB+gRDJ^U6I?}p
zE9%x?4-7QPFl^=i#i%ZLEd$j0hxoZ4Tw*sGTsgw9w0Bj+tv6XiUs0XTqQ)HK1e+qi
z3r*KS?dB!;CYBf0T+8_$t>k=n@zo}5po2W(&OvvHwQLH5opKeRJc7zfFs(<+J@u8F
zTJA`gKcN;}1Z<8L3<1V+A?rDHf5Xcq#-ZdU?_$fCk-Se}i!eJ6nyCoi<%^BuiX`w!
zg6P}GQ}PW(unWgR*jJuo(Vv4^GP@TO;sNHE*-M7zbA&3H8dtIYr1*`7;+4mv-HU_;
zlReJ-5twN4_mcT?x`nQTS$><9$o_pigCZ-WQVOmK3%IztTR>ZpB#Q(T(Rr$*H(7W2
zkC|ujE_*lHKDH~lnrl{qxEQt5R4P7fOND?&YJYd;9fLOO#%NeKy8o&&y)T4*2}N44
zd0gV}&Yf?xO5k=ExxVX;_Kyc!vxX1vK}&V(iU$@WULpk@j;tquuTiznb2ovkhndL5
zd5%T(411sez%77{P2y7`-5(fU%3Rr1tWtN?e#D2oBv?OEahRer&xPt6mi+!agcD60
z?B{wZC!SscNzhdQw(&{LT5#YkK`!j)f!)fAW>rLLR~%H_QHlE@iw0&0f7==9TlaRv
z+zXqu&OmCHlgl~{N-eI;cc~}TO&_Auy-+QQ-oXbTKUGc~Ay&kis`(FIQ29R`If)w?
z)vmgk>mX)(NPxG`CJ3GxR_W%UME&o<z7@{0$Ixh}{Kt|=5rp-};_=e{7M_&A;xc%C
z&y6k-zxhAYM9*0WoGgK8dilHRrq{UbN<C6|C`ohX!1c~QI{g8cV=+h%Z_X(|F>?*`
z@+HA*#`S<nP!fgMT+zlz4+^+U5kqU+4HMsc{*L8_9SpX<bek{JcgUYwv#ntkB22xx
zj43WJK6R2ox>^!1y2tYZ@ov(`=(~2>_!kY|@3U@6D7|PtPX8GOYk^Rs!f$?h|Fizy
zE=)F28Kqzw1#lKGU^^y#03%9%(<Wo*`7n$YiI+<kO7Xe`Y7uh|_=}V9<Q;xCL|^Pb
zXAnYFIF_@_)Y4_>R&XY97@!7|p<vJjVHt)LeUu%YY|VI9e+x_dKbs_df|Lb7!)x_p
zZSY}VSuwIA{1vXo_%!Ti=b1O)B#7}+-J1SigL#l6Ze#;Uhr{9Ou!?@LTYRk^MGzZ9
z*bnsN!+R!Q8JyP^2UXiX+hk8ZGkS~7;!Z1zX5iodG_lhqywq&I#(#DK`i1IwYjw`5
zv+VVAo7&R8ykm)W4fL<PtvYomGLS@wq#Y)~#_uHRGI_9~A^U{l+{?C4F9_`*d~xAr
z+;C~Y@$bk#LUF%kfy*$MmUDdZ)@7bc=x=!^_~Q3mTjOf6f+vLH@5?BnmeP5K)tSPa
zy^+K`A@rt;ebq3^k$Ao!PotkG_EZLUj7Eza_TxgrcF$obBln1}LL_RRrJ;Ly1|*cp
z838e&a}EA~@8*<HG(3jSls}*_mc9t;yR85;M1B-K8$x44Z<C@+JmL6Nz)p`I>}&33
zRrNH@7XeNwCWk-9UBoU$i@jUu=yN_4wQEBJaUjExJN5QDhPlkb!lsk3^>RK9TVvkx
zW@)uQ>y6hdA{*bebNS1kjgs%ex=E!H%3qtidPsG12HE1Xuu;2`B)6;72`OOm24R6C
z53&~KpjbnCo3lbg+n)Vuv}6%B8UE0CFEWtvCDzRG@9I*hWh4R-x^>jXiQG-4t8=7S
zGS?C2j#Z0Md~20tO`;7&{})LJbK7QXXvPNo*~;*%_zN48j2A=$90I98Uo@L^v&FOM
z*obk`Zynx)2UBO71+cTRK8GGlyoo?&ySvQ-^@)d%4S^Kr22Mr>I^rxImsj%nkB!o3
zRL)9iX5K`2Kd|zLy98sEOe4)T&|I}2ndcjr24R}qpEATepTqwMvOCBc?k;U3g~Xd&
zY~_SfgIq8R)Md4Dd;7zNZ*%okd>I#?U%vk1QfoJIPV|F`B$kMi3T5?6KstWq3w;#{
zpxx<gQkY$qEkRl+NE^SSyH1oL$wZp##G(=udEcJ%r_9o>E625Oh{0VzUUiZ0%+Ia>
z!-wF-vrOyu{>77O`r&42Qh9#TeQELwb$rgCUv}9+*PS2Dp001irx1Gx{(Vx?(0!uC
z{S)ZWupIr=f?t6ruNMn|vN91UVTI(5&hOCGtmDJ1pGBIxE@5T-NAR#h!^QO+paq|t
zZQ91ct_o3f_od;Mx;e7F-k0HnG123RB>BY|B+)LDQriNXvu|+Y#dY%A^s)9TD2tx-
z08QFwzgeFBxmuaPcS$ia?NhI+c~vR)bAZ?GSp!ahUoIj?(Khf+t<Aoa{`yg7<&67x
z5t$TT$*K%BMa@YHDh1M<tXWkW(sMv-Kbi+Pd;v>|Q^h3@&8PqdZe@edePb!zha?o!
zcl3JWBXiicSI84{=#%izeM_ZV#_teKH;;*NrtSlgItK=K{jf%49OqN-t78P^m00u_
z1Xb~bhv#2AenJCo@B%xen<(y)cOdpRXEis%IvT-5;k~|GZPqOuja>P1{a%ngCE;%;
z<J9fw)hC$vUQ?Q5Xse&~_(v!1mhuP@?9`boESb%Iz0L#G6%}TSrit`^h@NfQJL)|F
zr>n6Hz+QI^jWy{*wJ?(|Peog?*8R)x^$G*n9enh)3kg8$y~hzq?QHS3x~>;kqrDgB
z1o3_6YZ^i5DD!Q(<#Vlk?ztEhN)J8uw)%TlwEK>{pM1-A_xe2J_yIFf#MeOkGUHw>
zu9W5>0r~JU4bkPWMo7k`yQvJ<%z*a*Z7KifqEuiVGuAt#1RHYgqLgm~GvuY<>tzay
zo#Nn8T^-PPUb?-7>6(d%2ll6y=Z_i5(%`wuwmzhQem-|+{}Zny!00QFfF|I5Mo>7^
z()s5-CWp@rNlEPU7B54Sgl%{*t%nBFe6CfzTxZ2*sR;ao>t(`rG@b=p`U=jEgiE^Z
ze}3frafM&Ff2}El;gueE$@a?jv(#>FFnd~+3jtOt`_J%gHlYjd4AGX5^v@!^`si*+
z;}byX7k*H<`o=6OQ!X-Z?<@@+codID^5dQlAx{h>w?>5E7~Ur|ude#B7^roB#D^(m
zd)=sZeTc4IWo`z{!(C>N)FHdW-BsfKWd074l6D*sA%)7#3#knrGs(jIk-dl;w~Q-2
z1^}j10Xl|tW%J7_?^-VP*%K|Rr(SO>^LO0!B<{33?X{#${|z0E^-Gt0^hRs=4|W&E
zo6%_FLGfKAoB)HccCdGES;96o3`IAKA60{uhu!2byo>xl0jXY#wntz`%AeYRsa)K?
z;oZ9x+<VFA${KHM(GM5W5pQgYv8ajL7VsGW)2!~k+zdG`Dz)4xzOLn6bjMLP%!@L_
zHWR(4FJQBXq7HQ64?%c7AIt6fq06H|0Vwmu_fryeZ($+D+0Jrnk1tfOV@6?tCpZc}
z*KowKt-yjZFy0DWEMiM8PycKet9DPQjof8%UE{U?l)tKfa;(oex1k@?qJ!bb2GT=S
z4gdVUFgX|{7i}E*PNHq~Euo{Le%IL8mKR5rGjxwfqGv_z1oVUbMQsxcO@BC0!aKkA
zr8tKMW<z@MEpls9N$silZ|7$8)rMN@$70f>Hh0AS9RfGLvGc<eU(Uk2;fb7WfhK~u
zZ=LX5P1qM2%W9!YHMz^v3o}4+4v3`s==tfJ6V4^$rweef0i;I*=3viu@5eE@O<itY
z)B_Ks4c;3m`AeJ9im%H|iVYIQoo`tRn)_;z%X(^_^<JZI6>}xNz0H`CjWg<q4ce`I
zXAQJ&e`m29c%;caU$muq!ZzveQeV5(lxDVxkK<M*B&j<*s+0SaVTLI{fC(D+!QcQ4
z{Ujoyz%u)uy#)>PeYYC3EL8J2o=;q`S9S7ZO^PZ;2*It)Y#B@n=0(ZBX7o`3wCJ#5
z48k)S3>Sh9-ZcXr<4Rob2zgU8@e<lyHUa6DYZFb*O(S+;fe1e|pxc0UTLh=wvG-2t
z7a371DHd^R)f*AzHxdpv;ESME9BEy@Hj;B{ES*3^B!oEv2<tKBV&V*J-Jf<6S${K&
zjm2X~22gEWTCt!_aEU!*Koc-u^Y3wNA%@89i|w~(*a3?X1^Z*o11@6Vbz^DNna1El
ztC!lW8$-_fer^N%2Sv_xf?NvkyE%d`?Q***Oxu|}PTjxIE54;NV0w84rKN1CFy<4L
zn=yyG6PstG@xG1i8;Mz!ldcjwRuE2Eyn|QM!2D0jvD6Qjj@5>894$AqLdY{$$u^S8
z7>8iY&RQ3c$MZUNb`XMncv1XsX+X{2TUJg%wBG7(Y8zXzZpaadbqQ9U909t(=1Q$Y
z(|~`IroE6})wKO8@KzvPI}rBpW!PfwG!FFN3E9J!2wUUkSw&*aUF}uDTB|PY(eIUk
z`6T1bSVPP&Sz095>*<J9(!t^j2Ib7#UTrk}*s3v1?x%c(D&}~na`N4|4ow@#WiA6_
zc9m&yi?8aZqu<vhV|Nr=we3k81g08mM6MU`zPYhMd0EIWjmJ*^fOA}CII|ji+^QzL
z8~a;xA=0~Hw>%KJ_~Kvvm+3XA_s7XMd}uc|lsx!*Ur%r`@A3k#$MXdq8*1jM#_3Ze
z7xZKWSxF5p9X`htfDr-%2(y--vcKQ;CGb#eM6-!Wkpo!IICJ3i+#1O0p=~9`O$uzJ
zHRzF4+fhOS1X{H4NSth~LSrnXi|+?Ij_C~)>5~zb(RW9RBfKsNk-$u&`VetbRXq3-
z##bjouQYfXva<3M|224h@%E76oC^+bb%1Z{&@1lk+1}Q$Z>c8)IGeQ(QMQ-lhDri^
z3GTc*YLV+ZdTX*26uwDl8ZyC)v1wH(6I+~Sxqf1f*x7j5MI5{C-k7xPAcR0(>_x=G
z(Zm~{O_vC8{-EOFqGk_bb{g>g>#C#RcC9o7S*qCw_fMfN+@8STbhSPyssIlG(kHde
z-A4^ZDM^z3w}@gY;AsBk>vt$f^-`RaNg{VXHBCb`wrm~lQ@!fy0>T0#zOtgyiv{b2
z3wOQ&u-<a?g}MTfTq{1CU<HlISn=n`yAo);GYiftjX0~TsJ6S6Ri5(0tNxNZoS7GB
zbLY}jV~8^GkL1Y&Bl)gRZo9YOE9o-k!sz%p)Tmz%)5QWX+D71@nGy9tOXrc(F12i2
zuh@>p2OsO6c|VM5T_A*9Q5L=amX_j-cES2He6vCwlkXfI6}t--ZsSjL^>`o`jI3cd
z^e;;G7yl5fVkf*P`3#6$=wGaIGz!igwY&Ua<0^H-m3Inv7Uv7r#OJDdN}ZIau3+eQ
z?%Nd#sfx0I&r*<Gt6sOP=fLNPaHywMo8hB~n{<;Q1bd!ygn;$z&Pk<=#R*#X^W4H~
zI+|2j%38n5wvgM{e9FF*apew&y^Q6an=d)k!~N7%QpH@QA*6iqT_MYHi5;3oYujrW
zVIF&2t?7^O{sOIT$wW!ne)*!8LY88U_T9RdD-_U=-4@EGkpK5I8RNf;e^xB=DP+}{
zBZbj`yPe*B`+QB{pJOB8tM%vwUBy*t$Gz0LPNECk29@%hPM06bSXM}T)zTf+(`WHd
zD;h^Mb>;2Vubb=(XfMjYRsH#E-*6D~;%Z{i=**=qLi%EhhnWs)pJ2NWmA_BOTc&Tc
z0a#dl2kTc&ue6{8%$k<!-ZIu>!D^jSSF+(ZME09&>3;@L(MfTM+Kig9!2VQ<y;rJC
z-dkGF79P)P%VQQ%k#nl^HdfAKon2Q*+bm_UWSl{dd{{$BPWye5=w)2+w=fAYnJX@l
zWd{YXN5u5J4qX)25m3=c_MBC#UU03y1I80<qXqtQR&M)g>Y^w;|6W(!=JYz<(owMa
zHIj}v0hK(?=w&_W!+5jYO<Q>8^at^@9V%pdN}KO<kVhl?%Rm;|{J?khyhK&S0zWh3
zVKw)%1hk&L{4{`vkjw^3BgT}Rvh`k4t$97J;A5ExG;-@ztEwQGKdlI=BWc@R0zy$~
zmFQHQqCLL&9x73E#IB#0q02AN_bi<v#xzFiRMIYBQK!zFX^^t@ou4coap_77A5_t*
z%`FA>6wqSSQss_3FR8#DPotkopvhR?zDOhL=+@Zu4%FV#D4(CK9l6{7soHs-MgK{5
zCc>#+^|RXaNA*a$8@c>jHw+nb5kT!uE}vghF!HM{k<zuoJO$0&%0yj%4Ab{Vzl{X)
zjr*|QWUn}3rbYz6E>m}hBr%wfdIUgYR%(B1Un0{&JC5%n{u}2*W$f)os?!t*o94HU
zE|YAV!3goCJUMe!s-i9{xhtJYnv&+lk3G8I4H6Uisf9ZJp$XF$RE`+^Ccq8^f@;%h
zXd+r!>TSl;-KAT;uY=s3jh<&_{8Zfhfzm>``hnM(4v{X?bR$^cn32a+Yey=&G8Zgo
z1s{R2Skl|C+)|^NKk-|6v}V-ybd-OX_bXo|*TaibLv$GTo7V}cP>lLTcLSe)4Jagd
zP#vJ!(?yhi%A5^+9UoRi1<cV{0^y4BTvl|+)gz2%?5BV222?brv`P0KR4)>g5xc2d
zdaz<O;*(RM*BQVSvu4TZM+i_;{IxSd{WNfD_;d0He(VP*-Pt?0<H@!t?WC>vHG2Tz
zDe%F3kaw#96gSU4&^v8!54g#A^RK)wnYGQY&SgKrZRFtBwX1*TPC1<ZSc-1P3Zgk$
zR$W3bI#(%PQ(bD%3guE@j-)A8!IT;9NK^eE&8xysTPkXa%XS6l4iu1xT9(Q|Z$Hhq
zK_kH6GTkN`HgHMGf1OoVo=~=au+nd>errD1=5Dme+^{&&qdB=|?`GNsK{?<SzJ!iw
zx5kZ9A)&201=Q)D%$UbylPnm!aEB^MCKy#d8zMjaH|47#wp6_gwBOY0w$7VJ{C>+U
z&>fd({2bX>wVSEOTDgY~NK%`b9Y%tkT)Fb3e6992`$_L_dYBHDPgDQdot#wW2l^TJ
zD+jFidt{#{Ou^?wh|y0WO1?7_n4{#~%rpg=lDf(Q`HgjwdU=yUV$pVE$?OBS;cFRJ
zXnl{vtVKG0!#~$f-9cIPEDon#)@w^{G4&heRJds~BKt0`+Up5wp*WJ&bQ;&`Nt}kL
z<eJ;G`c7dwa2xJ#V%6c-9$i&8YKUza8)!pMN5TBW5@#k2jcv8xl$P@=7@guc?#dE}
zQYQTXSuMFJ-FT$z&W);fnN!(cU9z+j98+4l&etv{m6hC{xA_+9+9jZ6Sy!{0(qU*H
z(3;rqW3Jj4XS1cLD;;y4OChINcHODH5PYro*j_d$QNFC%_R2uSU4biHMd6h`%2W0*
z?^j%~*kFiQ3q}ELU$8CAdbS*>ycb%3(ylRp!+MgJ{@v#wl-P(Y`GeQ}eO>cN<H~dN
zj-g?#>&FBu4{OTehS9-uaol)=W84u(dr}^De_D?4;KZvfDtBzo(@Qu4!LYG2JIj7$
z6pCRGP9+jnc(_yKPg$gOY=TX&2*X!}OYHBFlJ{-uO9yPlU6Z!&t-3GkmD>J3AU$#5
zlC+#?8R6>TZr#C#gIz+e=V>3hy10KVg^Brc5DG<1<3aPFDT4ZW*<7uSeU^quGOm)3
z0~MMIdhF*L-Amx%8c#N-c|iy?o!oBNBTq%hdpcjZz?3y%^g`Hb*fP~6$rU27AsDsm
zZvOGO`jI4<o<<dvHP0rwT?D==0uhd9vYgEoI9Plr_ljLR8)&GmhhjV%xBKriK--uj
zrHcy!2MBtZv0y`ZGB6AMz8JPVSmPtGo-6FJZHc{re&4s`CI5c$@xZc?)Ok{T8`nw;
zs&L=`c>dsD)tydm6csq|bMcG%^;4cn-}&d`Ljg$op-HmMMa(asFeT^KFX`9M<eVdk
z1Io8ek~ijGjeVR4e(<02qYC?!0|`&Vm!HA_yqKR6UP_LEZty12v63m(fFG9hfg?U>
z^Res=n12`O<$Ef7%h{;(nSYnJ5$Lq~plqSlZ}^y9O{!Y?I0lWVgFgE1cmLi4iEY=a
zF9O}NPjvMk_n*|i_aE5j!=Hs)xBXAH(aY5*dsz2>+Oq%CX0QIK4WMi!{8X2;mi(#i
zo83sM#fN$(muHNtiuvbun^&+<R3!0$xA<2`0rMfoC??neN8?y(w1O!n0dbNDCQn>v
zLMC0}Ow&+8=mnCI!k+Ekr!{YjCAqId=sZ1fReeH{nO#5d2pdN~SCMF*6EIENrq@^q
zO-@WiGMPO49vwP9<7vgv!YIg%(I#>km+&d9&iG+p9S?=FLk?!{C|$(ajcq&qRyR(9
z^ja;8FQA!-CCKI@w*`EfrLuh<b055)!(uCupq~wvy5Uh)TN}5~`h*_$9ws_Yt-DgQ
zAKLzoO+H524orM6C_=)m&?{hTXVF>&ZMZ`3kr(isH5iZspNTo{d45QK=Spq*rvCLD
zF*A~~>tjD<Qx{!;=8Gc{y{5y}+Z_kh+r#ks+_Y$;Orh-h@LX@E(BJ}CHZ*iq3ls;z
zJBa7f81LU^J#wz=*7L6Bg3PE^aPi&LoE}uS#1i6obVHayUPMb(c02R#V@~}kT#HmS
zPK)8qn5&EfpxbFx;CjEu?slMP*W4h4<4=_gYA?%H9Ua$rX2*+beqUvD%k6OH9gN0n
zkdi5qs$ZN?@($t*s4I92xapmvfd55-XFZuL-qqpxB8)&%p!wmudp7*%K;&j|$GQ25
z<aj+Y$^?EgJDLCud08L{tw2gt<YjR4U6)0x0ovjVPzm4h6>+54`s*%KF($<r4^OD%
z(r#4`QD~RZ3i07yRibyZ<ccx@wY1Z&+9B9MGYoy0fL`9}Ol1JC%YK4E)UYucJby&Z
zS97^$x{f}EK0Elj!3p>!(X;Yi%9JRQ`ANk2dkCW@*l0oR>G+IX7b<EVfh$-^F};8@
zuUlR!;1d$+5@n06H*nl5;9@(4VY?_;#k30w+>wCCaGLZr@6w&PaQLfjSqd`AoqW=h
ztO+}v4?El;x#p1mn0UYQcLl+S?})kq6Zr9ZCijyh>r}#C-&Q)$2kl-IO)e+TC0<Vb
z@LUBV;oq0vj(pbR3eF`GN(I^o*Q;cVJ|r1xfqnCYjhD#VH`0zFl^ijz589cBxLXo$
zAB^LmD#=ZOnW!<4W+74+iSMU${h!0RiUsxhl!6Yy!;Rb}yH^AJ2;oz+kO!+aq!?QP
z8~YbS^Hrp_RllX5phd`+YDdziinU*7%|ow(7%@((lN7W_*s^<Wn5q50&S-BaPeXqL
zO0%vcsHrQIyt6xvqCeDXdA@haij)gKjE5mzWY+W@h9S8J6d`$oknnqtT(z<$s>7)c
z88`*H+(|jy&IS%1vX53|(df;bYkyOsot{Jx|6{RU{_Y-D>5Y5@4~n_4a6ccL)~g1(
z-;&Gs<6ta57~|PpLDbI{c;j>B|J+ysm%hA<or0Uo@F_&3uN489PG@o$c?BKJ7x*7J
z<DSUAxRxKMWn3(kB$Tm+*orr^W21tbd=$5#8;eMgeCKWu0?*~y1qDJo1}I#4p*b@J
z9w!z}0ropP4O3~*i*exzy$Vcy;R)Fv!2OQ>p&_Fi-(e2rRa5#d*WQJM4KEmwwCunU
z8wuy@Q9V1ou<=7Y8&?*4iR-;zSfhbzYE7d~hR`?LLE6UlcwlzV#l&HnhxrGh^N$sr
zCsoT`{MmG?&bqz7`Pj18ncX2ol>4NCepm~OP^ecJc5T@Co9{x}P}_s>@o&2uF9GjD
z_75wd%8eD4c(4N=rwwbO<w;DyVYt_zm@5a*Isnf<E$BY3>n)6m0OxJj{-bofqrdO2
zLCU~OGtb<?#K@yMOFklxb0eLwPwrQB(0CZ&VS<Jyjw6g#-|*m^!D<7RdhyDenkVQG
zXu%ns8f<Yil;qEgw5vPzt^4DM5ec#P9r@sgcwqA`^vWLEIefX->CiubAiS$vtP2tY
zF%uzb+L-Zs;F#0am`jLCd5rLEnEP*K%n#Xe0dJUER)xj5v3EofaBhc}j(>%Zm7<Tn
zARjGJ|E%R#?QYEM{Hvj{GMHyYHZo4^FhdA@lMi9oK2pQb8Xoov&JmKY8is`(Egg`E
z(uNgOl&^TAeH@e9pIblxeT#?6;pUN@5?>QM{G;f9AW!UEA~4Rhfh*qD&Q{p`66|lU
ztU(S=cc~79q4X}2fY0tBTW=A|%;l^^u)7D=?<rzXywtWb5@M?WiVF$~GKIMSoabRl
zJnlfATWiHz_pMHR(4`z{b14*=SZ^tI05?pZLuYs~9!gsRC&411V^ELeOw_s(S84C{
z4eCHxzGrC~Ui;UzAqKdFDq@V=A}2gV?Sk-BjA-GHGI9UFoVCZp{v(t;0yjiRSJ<X@
zxC~eSf{VNDT=p&T7r5CQ0#;hc&4{s<RYBu4FoGD<qZr~g65X%^{V@d*9xV)p!3O;L
zu#TYZqO2WL;=X=B)MsK_=n}3k^msKL_own-^x(Yj<6j8X%h|?<NL+|f$agb%^?d$Z
zyH})%ojBSeiN7$yN@2!oiG%!ZM#n+g-FCmvCDcXC?Qc^J2*p><XQZCP=Txo{$5u5S
zF|f1izz9`Gq3%u?1I6T*Ff?QKMhyxi_)-s5<t(kF^7w@S3lG^0=I<-!@;;9ZL>$|!
zdBaieac=kU1+&j!%)WnS32*Owv-u2msxlpREU+$6`qSCi-o9yZOkcyHVIUAvjesG9
zc10LR2wbMw@RLZdgiV`x3%cd3+GT2RGX1q>%J>;H#XoV{jqyR%bYU=MkzhYjV0q~w
zy2*&Rr*Q-hq!ehta;jn|U^dHfIR`kZ6wn-S5qur%gi_`rHd_~0oia7{=Ts}@Y_wz{
zuw#iiKH9E_QTN3@==e=S)`<hzJ(z}lu=DY_dt#7JrpTHD>vv~D&q|dBsjR4aXfP)8
zGgeeUQ+j$9yy!mAV*gnY?}un0!w6BTJ&bqLW1+4kaG~Gz$YE=eZ;wmv`d!E%$ej`D
z>P+9~Aqhhk|B*z?-zTsUi6z~NsMsgEShnI9mf_NVl!kMGj#1&Un9!YjJF*I+DD%}^
zyM(7A6;!d9FPP=HA{cFUOD7KtUko==tJ%>2(ph;<^HtH~NunO5v8?h7X*3rL;Z&VG
zleL2sKq(jf?)UiJ3jqICQo!q*N>>xL`=Woj8F35Mi%JpvDBg~?Q5|IJ@~xfhAf%vT
z2+1h(t7erk2b(wyu_3}hoL}`^@uff^R<-gjWSN$ZHTYuU`tZSk&q)lWk%pJvt(t1<
zBl3O7R3jKQ3D$aBH_0`D)nPeesNlIL?x98(K<uJ;fr1Mw@Y-Kvw5CBBNk;lRU(?7=
zKtHD<9Y<Q5?QGeF$x5sHEE1~IDCV8vpyS(Dqd@AjOKD=$=&Y&36FfaG$JZ|(q4s87
zW!<ePd{(sdhS%iII#cvpzLN1-bq4IGl+3#cR7**+_Pw|EzXn1@kbkTXwaopVg(lJS
z0OWTr1J3FK%zEjsZ%|(!UOF+%<%eF6`E=Cc>Bl78pS;ZN+5g4sqNL0B&!a4m^W4$o
zx>Gx^B`L7wnhFMrq0Nv(QKXr~j<)}_C#o5qvqawIP_I@PV|jVmPg@txZb{oYL=1%&
zp?@0zGju1Ha|PK@*KEy`A8I-fFF=Vi0ShbIMin{w!eY^7s4l*y-~~HoN4>C##Z7`{
zzDTuw^7a5p_P`XCW3=kOQ$V(E7a>vqa7eVU9u_jOqzU`Ly@_MRQ*bADp=C>&T2oLZ
z^vogcciIez0*ThxoLOFp#DjXHa<?|j*Y{9BERPZML-LoLrBwR#34A>YvQ&{OFb?6p
zO)t3DlF@qi5JRDo4!tE*+UquO(6jrvs0mh!NT8ocJH;&(EDqy26isFd^$jW*Q2ag^
zld)o*+doRJ)ns0bWZ~M*v`|sYJ1e%qsQ=iAD?v5aqL^77DViwT2vNTqV!n%(wNM?l
z6!qgYXr9kIkX9^!s~&RE=WXX6ko(3o+$r{V#%F(TI&fq>S5w_myhy6H3GcGFwl6jk
zOazSUUxuV9BhIsFx6B=+(#J*ygSg^s*q5oyuMg^v(69R^Zs!IO1h7&ykA1q^m2CE#
z?9dfz1*-sVlSl_w(_kEV)rmMw)j1@xt0P9!u5bjwRE5i9t!IFMqcA@M;1Xf%A{DML
zg@23By3E=@7@|tB=Lj1uAswz|&fEXxu!ZonD$o61Gyr@jQM1=%BbjSg_=-2IXgtfo
zYJ#*>x}w9Sw8fZ2^)r2?B)cdK)e6#q6wE7pcs5*^s~Ba}4;2mc%QZp+9hrK6PZEVv
zSzE;GOCOwclIYmpGm!@ZAOt)!v))5R(n6ovo-{Ef7eXO~8S9$4M!1<j`UPX-t17;$
z*Jki1fGu7g^DqE*^k%<e!at3Ju=I%!rOHO<Sfr$g2{UpdPoejGI%XirxHMLDl>^y%
zIhh(E(Y4PwEbo-VUj9#e>@~)o!`{L&4XMYVg*i|J+IRM$8cmTI0Bzi2$cao<a~7U;
zqGsN<YUiN}^u|p9*O>M|>(s5;pVEiU`D~~g=#l98i5xw!hw0UoxV)fk^<9q$tF1Wj
zYWaN1lohy5t$7D_xlq)v*VRn17!lKz$8Pc7h=90MvJaUHqsX8e3iv-U{JqmV^B!k7
z<qp4sH>aEP_3=}nO+Zh&7s@9v_^aLdSd5|t7N13SOF556sm2cnuZm?mm_<z2-j5qA
zSdQb9T_?}^%*Ut}_#@QkydF8-q?I)1`#NaAHj>t(ErQ{k5pxT47quv$YfUFH+fbDW
z^MG=<1zpIeb_StagGmhS((M)u*L9A=zT|0X>G02T>~0?bEA62iAC|M&;N`!ZUmpNQ
zf4Cz{PJjBM=`YhoMiHVhQYCC}k6I|Qub+U^4=2MdenKN(Hi%||gB5&hW^)HZ?q%Sg
z*D_LxC@xraGQxNyVoM=AAF5YRxZ$rcdfyUi&nyJCQh};tR{^wVO)}YKQc67|oBR!C
z?%-lkQzD?dnEmQG1Q8NG8a5oC%zVcigr^z+S8)$fLqx09nKZoxOR*As5+P>j^eRZ<
z^fgS9`dBI=(j{&?qoG@8U7XdUzW%~OhR0#a<H9HX3-P*}q|EtXDpQUUZU5|FN?vFr
zS(EWao0~j#VQF(sE69T0n#bmxZF8~SNeF@Lb93M|EdPoSkENXN^<vwa)64}!VJBF5
z6@ogyQS|y{?92g44?K>=Yh|1_ILZ1*>o2fQpySTHvZ}svWA5%M;fuobB_E3uu4<-t
z{uHj_yo|<^ztwE$-r7n0Cd!=3wpqgzmjOX)-CrGX_jf*0t&<x~4M@aC6O-cFd)xg2
zZx)!<>rMI@zpn9<gockrSH7(Vgp7}n%I%Mp3%j(Mjb1)^H3{f`y=oHRsU$RtM11d_
zp2+E*$?4t{is{HLJSg=re6C_gCeE#LLypa0hqSv!e(B*0h!fDUZfUJ_4KU$Ni>5Sr
zXB2l{*6Bh1;O;g*f-B=mUGldEu^Y3C^#eaeX%@|;11S?Izube~KsW9&n3MO_u1`Bn
zhy8H-vUCIe?@gD~QLl$p3`b}|8{HPc0{mUMpn#C9u9im&ex0ljLQFVJJBQrBpN<@x
z#V7PS@`|47d&@z4N64Gw4%L5E?`-!em9A>Le$oCZYNai|g);e8hy`v2o?fs;-~c4d
zZs{IGmY{0ZJb*n<>thO1+ct)`=7(}3D{Mlf3fffm$F}YB%%O*jD5{In!q0pnTBS})
zxP62A7kG|8uuGQ<7K*$8Rxb#*ZA+v~MhQ-x66}DMnwQ0PyLC!Tl`YC%q#pqyGlHpX
zBNKq>p(utF)4;<whBRmq<u8Cn_5jSLi-;a9D7OvNe{1US>Y+Rx9^?vk7s`ST4UX4%
z42?=7GST6ZM1tlUsIYM9VM7zex|gQ&4bF@dj{>kx$Tr4Il8|GVPH2qe#gS^hlRKiX
zkipoPcu}nXpcK_pKK<R}f+mHUJDG+i!AX0#cL?J{Z8?+HvR5EJ;Kgg1vI3B}?JJh@
zq=3W;3!+q5#GoO(cp)<xpPGF9D02UapN3VR^A2l5uKBz9KY+)4hNict3WnedXvh>_
zUoIwPd86N=QHVc;VR5%9r+XsRqajJKB!`ChAVrFs!BN3LV}64vfuk3j-pub}4M36O
zJZ`BYlCgUfuslR}TVx0Grv&T`F2m~Y%ROtd?G{%pL?1V=a;lmqcC<LO=7%<DdCJYW
zO?*4&Y$(&)Y77|6qUUcoIXsfxbx@-s4Ruj&$gx-Z*ESjAEG&{%F~+%u<ed~r527J9
zCbA9+JxgnBnV_to+uBo|U$HY)HBgKakUaw6hpw&~(u|)`s>t_g5&?APwi!v5tAhS$
zZjYfL(j4gpPIgi<V#Z%NShBN^Tmf+KEu>Kab0e}Z8!@S|L6Rtu&3v%oVA8Ny_`A6#
zN`=Yvk1@`D&dBL`QQaIzwcveym^c`UnY&RIZNi;t`n=d0kZiLXg~Xyx9Z7<ZLK0Yb
z)Vw#zFM(q`O{72TvH`Z{=U>Si_P-9_YH%lJ7$vdU$&#)m|I&7ua6=&bkQoTo8%yx}
zO+FirnRRs;m~2W<Dd?I@S0#CYm8_y-DhbOA()V}3!W{)WFV&Dt0%TE3{;Xg;7jxgH
zNdB246<Ya+W?FhAg*3%RDnl{8s%*R2DOZPBb0`RQdvk?&*8q?sqhq~nVHUq$m7QTy
zRd)EN@2g!XwVpS0RnK5;&bJ1dk8!dHoiWEOjyuFhE$Ua;)N33-4XQ_$#0rr=^{06k
zeT!AK4$ldMx3Zdsyi6m=c{{O;oQgW$j_Lohktoq<MPIV&jwq2mhF3a<*i}28xE+r?
zzm4-?i&Ly5Rsmi?3oIQEXI$qKxzjl8F1jzXpjm;%)Q(Mt##dMEj_sIfJAqR-d#%Zw
zkK6|yj&;JEM(9w#n_JD%c;$u6{3A4YgLDB)I6~6$Hv!`g+#AbB#<&Ka!OT2aZ9)qK
zkQ+GcmrLrc(k{yDOWjlDrkk_ny8G(!L5Rk&`pe$Wd{UsPw>i8pwz$6BkUYly5=g<9
zpp3=@5zq~HY6Xi|6N|+c=CGD&dzu~EEvt9U1S$j?IiQWE@~by)$AnzEsExmq&Tz3}
z;jm%?Eccp}3YkI4GEzce-719T4Rg=vP<@BdQ?5}?RNS~^A>6;F*D!mj2Ff<rlx5@C
z-%&;_eZa-Rgfz7@Pc??r>#}KMx7IfTDc<ir>Ta;`S#G=%d-#hX@X*nTAw)hAN!91a
zM>uzNsU|K7<UKRau4Yth&#-qGxq%3KCoxYZ8-l`i15r~E>9ZaOzP$?UW1;?6{?kff
z8g@9)s&EaiU!}?dxVL#RS(7T%9?PXqu(SEPi2$wGkXo_d(Jp=9$9#jUJ9QO=v5O?H
zrz8$Fc9Fm8x88nsf@4Z`)*ZK))fe?ekaK@ygy*{oOgK)!ETA^%F|8@WdY>a=`YSZc
zrVvh7PmC$y)%1XS%vYYQT&&TkPEF+F3Yolp-a>O6GIV4U6g@xErCHKMx1ddkbegmX
z6Adi3rO8muiq~~o<fW<9YHSiK9z$TKVMo-qfx(BP?cx0X5+4YmjzrkT&Ij=n-;I<{
zg+^^|a)st+kNPe7t5ApVv8YmxzJ8X_>T|2VIn3gZpdPS)`c;n?ZLyJmz&CqqI3;MH
z0%9qK_*Y!hTVPn%Ov~r)YN@jze@y07+jRn#{aP#XzokdgEQ-myzc*Kswkt;NDP5oq
zZ8p=~cBW;I`I8l}Xz5eM@@4SA4#p>acTbD{!o?I{8Ec^3N~^wV1Ls@fR!(~!8BL?p
zGFcnxmPj@H{>}QNCngyQvy*<W{q~gV#WQBEqE~VMKGcNlE^u4=R)g=mR#i2D;cW<z
z1I25fJDw8w3vLRHx{Ox`yDyVsyf9Vr$80?**H3Y0KM#+AD_>5sd#j>54BpkJi3{_)
zZ-(;ELl<8#vBF^`__w)><~pHC`Z69a>K8exocI#Ijm#(9S69!4=>NaA-Z?yz=vf#2
zV%x^VwryJz+xA3XY}>YNOl)&v8xtoJ-Td~x=bnA;z5P#j*Q(W3U8|q&e%7jb-=0>6
zx~str55`YNm*@Avo4l{v!HukqjW)r)t`2(rtBJor-lV4*4hg?XXOOBTiU-h-^urHI
z9ST+2M0BPM72!r|;ve<8jnwgcZMCL3eb{A?zUTBpiAJP<D8{ji(^>NXo$S<{{_r!o
z`6w@_?1j<z!VHKT?ziiJve{J>05|H30FROo#3&g-<dGvC8p;09Um+f4>?OIw`iI`)
zklhiWJ$8hbLosS@)0GN%x$!A<Z<GKuj+$40{_NCRCXX_6p}L!B&qU3_mF8Lj)0OIF
z!pSZLL=@NF(gme}QD8JP)|I%67Pof~7k50QEUTe&fKaRG{+6~ge0DM!SFl)9b1Ar-
zOI%2o-l)C4B_|;+*)Huv3jdPBqCl{BQ$7_CL-y`@NR!XRAuqW}iZ0u`^vG1^U%yv9
zJdL=AqqahB4~Nvg%R!hL)PT_#djw@PJ&H)D+222u^cFEpiDAG<d_iaG!kx!I4uQBy
z7ipEc*?nfb%u>_n05TfeH4u`AL^@}PQ*HHO+J^L7mTDx;olW*4Q1au=;0>YHqVWM>
zOU@}Qn&|5+LI8a=SA==ds0@f$ew%??e@v|=3=9DknG+>BQvDJLPvRavX^T#<tG4Il
zxTaPW=s>Q^tL7CfuUm#P^QEoH+-Z>_O+%5Am;sqL$XN6%MYS~czR49nBlFh8X&@#r
z?}kK3V_Mb+?FSL*o_$&YXyM%$EDaN|e`89VmMj4cd&i<wcq#(`;Tbpup1eqg=f7NT
zS^=m1rYF8ka+t$SRPXN=UBS$DBl!8`(dzX1JwcgLX4D{+CiF&`soueLj_ZnX>?S9!
zu%H^i7}ubL=zN$!S%?+fBdNrI!jT|_V#_B%^AZ2O3|_gc^l(?H;;F=heE$LLO0xnc
z(=9OP)Ta987wtm7a6!ScB7xT7_(nrB<krA6pT}c<H2zAFO66%Lnn#OBV#g{9A!3~S
z@Nra%qEHWXQ9`Log*zyBQ<#vvd^Uw2`S$N74n25&iyykE%NtqZnJkdWs|+o8{yPJZ
zdwhDCL(i&v-ZNBap!woOgcG<|rSaGFl^mzh0R#;iZ98mICc{8?cw$!<OmXV!fCor6
zt*F6R(N5*qDI#ed*5S0+qPFZgAk4C?9%2KOq2=yt*oRnMi==LaBUmL4iRWP%u{V1l
z9YgCqqPIPBh8OV=se#e&X`l2Tseqo1r~Cx%q--oH!C{tY8vY!+mjc$lc;bwGmok3;
z?d)6s-0IPo)Nc7z`M9Twir7|PtMQr=V#iLeHr7c}qoxJA059L*Ec2@jAwNeEHUN&l
zrh>mrNE7BJIuay$?urfpK|<A`H8V7wxM9xFWm2Pw+>fD;(s6m0*J^a^5B5agrO8$o
zXFYHEMIE?F$)x`y`!<k&d00ivdNk1szJLqvCQynR1PW(;Wafv0*uEL*&OQk?hzeUZ
zaRlEHsmJ%vk4!_>TKhB=vqm@%VKU1wvs?mG-UKq+RThnNm@vKlqSeC3(&tqT3@$9)
zr%bdjIb>kTNg9-?KITsWD0N3=X-y;2cmo$+kb5?JgPrc4k5}L{!M-^n)_I{!=7^Re
zk4WWG#{l!XG3~)KbOPWXFCwY`*0G?{IodY&?e51`Tnxz9cdhrzl*Yb%erGyU4pGFd
z(h<W#`%dpKx8;JS*~xr|T0wF9&#og>F6*pbCT;qU^Bw)3?hq1lbFiyG><PxcxXp|3
z+-~@Gcf~CT%Pin_J`wJ74pI$L&2ib-@vU0CihcIaCZAc*xyaA>T+b1t%m~dqDh9)?
z5kknQSGcFO;3RVZzQs0K9^1y);%L_lSys}m<r(_xjz<o;C`F|>iLh(HI?kUriOJ3#
zqS!rRUpC6Mcv#4{C>&Tu$K%l)2d;$}y!q(B&X4yT8f2icQMv&^u>dJfb-9`!dz(>J
zKt>&Y7-n?_ngZ1=sH=xnpVu2A!dJruhTD!9-2GHD!Az}7gSCw@B?FVW2DC+ctFD`{
zse<khwWdGLP#y75GJGTJ@4Lx3iCHbISL905xn|N7Cfc_`p&6QHVmc}G{)0c-O@Z20
zHYvAG3jkp5)Wimj>4_8e`^2=<Y8IJgU;R|1)v<ti>@h5-YN0qs^1!1FRiAXty|v_U
zuH5Wr&xO*m5wh0)DeNHfxDuznXG{bhC$?6!A=&w_#~7hx&s{MH%*eF-ls-1e*su}E
zo*{vTJ7e*Bxz?A>*r@GwWIY8bK(J2Y2YvcX-55|_I3RJd9_}A$rW+XqrdD|M)v|C<
z5?4t}UqAcd#ys>6L42kzd~Wqo5$=0cTP4kiJ119zczRh_>b4%@i&Yxn=KPHsM85}3
zf}H+c{KadWBnGOUFA8lI5kGc};MXf^4@=0+o^eVgC;`3T0DUrTdx@dB5Lu@#8Zu;l
z*$XgAwrt^%`!qNCA1p!v0`4@@z+{bAN9TDOZN=f3m5q^#8OP#lgu2hFVkdrn6omfp
z$i<;4lK%<AbXa%>vw({3FC@pv55HEeC+>Br9OTwCFUSHDY-AwGDkCOjTZ}On3z-}&
z)w*Rsfdf!xS?VW@UT(A?tv9V#j*1tvTQxB5wACRRHGs6wfj0uqids2weGFNBrWw*g
z5g*+|NVs~3v!JXld60mff@y<Na!lD2_2*QQJ?1H^aTN)7geP!~%sn;)MTo5<p49dT
zf{yDL=a=Rhfk?E}V~NiYDeYTny9u40eaS#9*4;={pe$QV{t_9UdQE$W=~Gq5dJ&MH
zHRFlW^*o3Uh3;$06+S1DwvaOh(h@eOc=E?TK%#IK)_R`xO=7IDYN39?fF$6d<%v#-
z8Yb%X(*gaQ^8o*kK&tT#xDgh#@E>*4vV8EwCCz@SVjPH+-9M<LFGraf)G$7YZ$dB>
z$Kb#piWD<OP-%Q5Wn8F7Ibr={F6KZK6gWBg)MfWQcDbNYHOlJ>WO@p;TCy~+P;v+D
zgv9`*y**4#!r7|7D-+~3z2n{NzI_#$4;mz}xERqy%XO=#fuwMr`{7u`77ye&rX#`<
zav5fvDin(@4$M~VexOd*IX3oNv^&Edce8dD*AR`Zj=>U^6!@~Xo(PhrdndrF6ObCH
zLA&;MFm;Z5^vH*zMLY-H52X62=m<P+X;Cx{PxF!PxKx*7mzJMh`c$rJ4Ai3N^R2QU
zPrFE!fg!P%KO?fL{@xXs9;*SNF;qsI8QJIcf)l?atqKd&bkDHEqb|rKqSQKaB692H
zuii^|M^tTmqt~deXR`00gNuMed)3X4p0w+ls*C8vzjR)dCh$Vg6aDX|Y^FXuG2_J{
zlogJ&e4tvi;<LH^<KM!ZVK%afeJh;gk)aNF&FBl78w#k*qWel${HkpZwM|Q~jbQ42
zIx-6CHMK&KtkW?t4CDUg?*It?reVcj7lp*vIsPa}Aj_(ceEv}(32y_8u}QJzm<ZyE
znLcuxxIvgZz!P#CfH+jfM2{m+XFJ8{AFAbzNE_C_uZ=_&yB<&4$(blAM}-m15i40N
zhg`rt+O`He2oR$y!7;E#|ES^?_=8wtNFs+D$S*atgmMGbGW5pBAyYsdXD?zoH*2Tu
ziK}HK<i>KPslgcU7~}%<oaD<6_yj5Lb?>Tb3*YPptAWwm*L@476PuwN)t<Yu7zfnm
zRWk%|I_MjfLa+s`0W`7LrvnjbY0h}7s%j1lIYPDAh=d(A?8$;eCuM9_szt&`k;WoO
z4njb|pgA}H&Vu(`?rB2BK$>bm-J;T8!<}~#m~EIP@DqGWd42P_;FG&1AB0o$+-P@=
zKdFq1<0v)V%bDIS6)00sK(Mb>up@=jiKZ?A0^%@P^V`z0h+TaP#@bO_G^su5ed0RX
zZ!Kb;U-~;<=evvhIIw3zFPm@^77*pYV;}g-gRpu0(nPuSXs^+6hK+U=yTjC8YRxR_
z@^N_do65N06vBYGV2RVV?C7Cw`aL@!D8%Pm>HXc@A_IVffl#dIY)v1oFul-(q>TN<
zVUpE8BmvMKj~~RaNC=;uByos@ljc1tYbolCUg+Z*233Rpb$@#5*wF<7sJCeqNSr+M
zqCwT!D*`_k#>bMf={gcDj=?VPq1HB#oZW~5Z=sa*{CR-fy+=GK6tt;1b(dW&tq$d`
zV~vBfxoqcx<Vrd4_wj;GeKlZhu@Fb1oMY?fj<j@(SPGhKwuVgq_>yLlXVRHq;sN-q
za@vE&G922%AOz{`5L3dq-yb5&m*Q{!4|8d>D}un!aBS}@VES_@hfwYiBr;7V{f{21
z)st*Q$9kaL#f}lT2%I$MXm1(2=db2owuvzX;|E%vG$qXbDOS``DMTbJfe_tDv!a8*
zs|)E4YRbXXJ^G|jaQpq(Q3dEbK=n+ZU@+W>@GzuF0QIpM`qHVPQnH#C_T}c*9_SG(
zT~d@e6e<8);*aU-d^XdNE4Nw-#Xee+_7p@B_B4=uD9L2s<A;lwdo>lcU!sOdeGao!
zjRKe@9v#Rr2}gOzP-n+>fshTlp)BWwvcFvk>Ae`@lIT@Tq~jSuIZ2z0Bf;C?>7Hn&
z+)r`rq**0;Il(G%r%KfGa0-I3NSgR;L`f>L%NQeu()Pz6K7H8dU6DxaIx~ARXy_hk
zdR4&OL5-X44w1}q5BL&#EinXEr94*R@D*v%!G(ma=>~qXiMw{O#x)nI_+2GauVHP*
zrL^~xtW`mN;OlXj?7Lq}bw%@dNm2DKKubeRm{tm6vL@6qI=82zgc5gWJ^L)^Vi{W2
zg7uTk1xUT9T8wgl8!!<CdDa}-VRfG}EC8e}tVQ9Fd$xOtUY|K&4)`f*Xd*{76Ckl0
zHy^?QBOkR<#Mv;}-<--^q5a&4z_3WCRU898^lRHLSe#S|AcfaI$oQTHmr$M)mAd<N
zTx|p@9wA&UO{2xKSIHXnOvf%*uve?!MR})YVR6h9h!}$6k9olsZT@-<My|uk&JHvM
zN1%s)_VIY|@FIP?((a53f5jp+F#mi<+d{UZ5C5m){rrG;#v?O<H0g^Dvvts*HnMjV
zUBkM(xaxqwowMQ$&LO1cwGEjq9hUL0o)={@yf$6jmZRhrtVp&o?bq<Y>Yl{>fVA9w
zI71xj3<!0q>ZuVHWCE0}1zdfmUo}t<#gTYrWHAg@$ISbPspJa#)?9#iG!#sJ=4W&`
z5|`V?-4xY;{6X5-n(m7PWV~G5gR2q;UeY^mzjMWy@ZrAipq&B$G(p7^KB@hE=>l7+
z1vGl`d8}3;8Z_AC;sCWvSjuSev7U@YW=n;o4Bp#SVbnH$ROU=X1oST2O&qu<qfibm
zG}P<y5JO)Uz~R=-oe>97`y$<pZFC{n$YZj-xYpu$>#!pZI;A7IHt?4VeJ(yQYl^wu
zCQTL9)c%Yv@h17|H^x#EO`~kHSTL*Tok4DxA+zvxkXFk260H;|O<QUkT+PvPQ+<jy
zJE57DdA-Dpa!XkALJhR->n1STxP}>R7@2ktnB!zt9H`0wM~!tp%?<YDG8uACuXX0<
z=%U8moQDOnla!pTY=H)Lw;eq5$suC#XL;EF?W7gYf*>rd${y(o0}rjeJv=_R-ZLuy
zBtt7`$eZd+0d*jAmZp7a!M}e2FZ*%4of$6Mm}Yn5^^yi1SE_nS1_~(tQ)BGf1}%Z%
zD59Y~Qu=8@GZW&)4YdAjxIfqzp?3GoUIoyvc(7+`m`oaT<{%aC@9lRpbBK6{hmWG~
zwG7g;W9hI!$E8s@dhCmA{Es~1<5ZhsrlYUqo1R%yht{;kIEh0IU$+G4h<on92W=%t
zXMP`yI>2D=+r1f8_7e!~76^@eUxi(ZtCdHBgZronUbRzfoPe9g#6%$?`-9z>AFc&s
ztzVz#hR0?rfXt=!W5Kz=fZDrzdN9|-yX9@>ablz9Y)g1JVdM^SiAP~56sARpL=giL
z`>2GRL0tWHStgT{wBRmlS>eX|Lak~u*5Li&i82JKUIcV?Sp}FSo=QIEr>-{x(YHzS
z)vRNLK7&4|sNnXNUZ#EHUO8az3^(~8FqOuq^P+F)dkB~7DlnCu)fqK59cl)wYZ+ij
zIya+e9gw!?*77b2*oL03cty>c85=-JlcsA@NkQo0r4uB@#-ch9Y-oVCjc0t=`Nia5
z*hj@6GMch#Yyqqx%_$#BentK;qX>m|JPF{DaMXfG`zf1A-zgwbt(2H|%1c2PNE#Yo
z+zs-RPKtk6*Hlr0&iEayqlAvtSp_F~oqFt_mpL71OuHzV4l)XIbEZTkc_VFobPQp+
zdRMrS!htHb9fB)O`j0qMrGF4J<~b2gyC=PL-J^KUdT_uab=lApML);#n;SNInsj#i
zNNek8Mfj6RwTdANtG^#UE<}rRuOe6Y5_ZsFn-CcWBeZ__%?@Z@#R1^)>$?VyXjbQP
zMA~8eE-}h~BbtQ1{F=hS9>|^eOhnX$j!WU%vUvnxS_epZgBFGQ2N_an%a7#ix*fe#
zXi;N%_oabkt&qJOU>{VjKyfJ;Zch@`&7*TKU)OAIYc9+7eRN7?dfr@P2SLP`(d&Yy
zuoNTHb_HUY-F`R+v-uItQlvHb7MIt_8g6$6hQ)(OX*V?wh9ekD*TxWLJf`TRal)Ry
z*~f1*)m>)t)qa_ZF2Td7Ip(?znoxOlV>`_XN-7|7w^XHh>9NdDShDF>b0C?c%N$CQ
zir2zJR5zXp@>n6Zl2|J?IrVSK(0op20Eu*%I7ni>$S0(-8I<gf(z%8<D%!?6kBCJI
z4pgOZ<(ik;#E)m#<4%y(9^?qzjO5RA2b95#DM+66>JZ9!TNsE|Hf|31W=W*NMj~+?
zC3fI1SX;XCSgNkK2-SWQ!%PHrt>Wxg6vLn@qX`v|_oQe-6mcAJ$X+Vl^n_F{8)AcD
z349(_7o{YQBq_~rl4``(n9-EV9TlH?UA7(2>=^_&iYa%SQfKS+SG=F{f+nFX{Dv~E
zLKs-_djC3{j!W?<g7!q2^C_yGBeKB3ev1P)WQzAa=b^0ycjurNCs&k@r=YvVpyP@2
zJ3!M5g%~vz_vSmw$;5RkH7#t@C~?)%NDxgYm(GXaG8xji8_(%+O52J*g=fi%cBhMN
zSu%3PYa<;+Ms^+8Ww5twjH$LxvSZa~N2@>!d#Plzni82U7{8DuN->-UwJ;vhOQV5e
zDbTir>2EAs%M;8JR4it95AB0p2i3KusSoRz!|*`Q&&8<KrG>vw!-{nd*V}#G`fZs;
zJY)B(v#ofbA*bkI;D!){kegd_rU^mFkJqDR+7?WfM^u8X=0&|N2Xs1gJ%ly;7bI|L
z5lWBE(X<QGOCB9V$d^1S)?MB4zFk1Quk*5O9ew2_?GRZbVvnC@y}s*HvYWcfgEg@^
z?ah}#@g!<DHeGy2k$;7Mo?|0Iiy()j?)F9wMY3%N@?mR9Cnir2{BuC$&{2>|>Xvs8
zQbDoD>Rmav;k-vi02h_#tc}@r!}9x8!Vh$(Y?af(Yzz&_lr7)}!h-U;z(WI9in0`G
zJSxN4jCz%`F{5WDh-H<@49Eu2tfI^o4GoVSiy6dY0ynSA2sE4wE*^bB#8lwV*`;Bq
zNx_uz(4p#4$4!nhSBP1|OHeCVM;ATTq7)#ohL|d`>b84-d3fCaQ}F&czW!A!6P;@3
zO`=W&FJ<&KHDdaO!RY^2+%y;{#Jx+FZ;9AhnSq(syeB<<O?J?y4|U_-LD08VL*n)k
zeng^VJ8fw@jL{~>Wr&IvRxqu*oJBojtgkK$T?&@5JXlJIQ=-(Ot+=yhYB?gbw19ES
zQ{q;qwca-`#Yf{I`NRaqWAMdX%G#K14hlOjgUYbGASi3{NL~M$cWw)`_@!ZW<Zk>v
zP!&DFz;4z4X_5p_`E}3}=L6^RoQ2LoRyeM?|I2tcS-~e|+|h6mlY<4`#5$2UIG9b_
z55usO)ivZAi;$zSWS1Okkat$q8|>de4%7T?fMu*uPhdeYZC0xI6>sW{6kbSvj?x?&
z+RUTXuNd?mn7lt~IG%1mhzw|YSR!*jZrJHLH!&Wfw!E_N`!b*>p|bK?$>5`)RH~E-
z@*T)t#z3KGjp!(%Y3zOEz_4&@`E?{5TbX5(xk9yf5Q<BN$C@D@$aebBsxccjZKibS
zS81|=E3;-qa3yuO=o7xhj>WyjksPl&dbt&;T^bZ`t2c%REUy-j)n*sXn^BBdlZ^~N
z%cv2>gra2J{4jjj2St6!NUU>2-eOFItcZCA>z*o<!~$yoGLn+dxk64zMPDQ%6qD=1
zUB-}54W-NoWLd$&^s+i9l(EEreQr$=q@|Mkd;_$B%Vb`@&dpWEK}}pq^XLFJp(KbL
zm1(<$qnxW$gr5y)i-9bEAKk0M_uGu5AEVGP7CRHoJW1`uz>*eg+Q)#7=ZllkKqiB!
zQgj0{WvGhn?(QOIV>ah4FA_`20Si2MuVf%85h-5Fm$s!?39!ZaN7OaviC4<~nF#py
z44F$ouDB-f7J>KAuq6l(uDO!zM$&(7O_ji-U%w0*@R|wCC*@3L4P$XKn#Z)~c+>~a
zf$h}5Q8qJV_=`%mn4OR+bExJwHa6v_g;KN4SPs-(G;U9tOWkOw9Pp+pQu1m>t`p+X
zpHhOP7^ZNd#Ki1|^g=+T!ul-Q$FOY2`ZeL)t#$mjJ=t1T-!EaY`n%BVt&5bmBJYH!
zgSY0+L<0qg<nL4m{I@6{9l@U;rrWg7>qe=H^rmGP8GHIPGd)iwshiA*!%sHDx)5&;
zlA7`<meH<z7HwOY9v|KE_=)V9zsse7?fdod>_$x6cH{aGgDHavW$58#_03v6M$A^)
zO>BdQ52jsAD-%{wD{|2XWvAG=LJF(LWI_jv2WJLk%aRHkQp?uEM{BW)MQ)(}i<e}9
zALp0Y0%st#iU&W^D~`S3G=7yu^e3s)H6F;~?*Bc}-dl|%GwtMD5s?p^6+><#Ad?m^
zM^DWY3Sx=2sz8}H)vtyDQ^9FuqZHEBR8KQ}{W(<V&}KXCS1|p;M=`uvOyq8dN2Lnu
zees>nTikxYcM(AZy{~jKx2$y#gOJ(NldfmOsmq;g2cU2VA$19gXzluDfjCb$tFkZ8
z6)Rm$8}vs48wWXaz63cFAvvjoyBtS-nOARHT?n)LfGs-3vtRNDTl*~nhQQSoGlqXa
zly)ro0}<Dh$1*)*{SYBK+{RIUYZUcBDU=^blRvDot3RWn(z5CP!v-aS4tY&`m9+uE
zr5hP$xUs~){Xk)%J)MhxnEIN6O;0z{UyMj+l@!CZevLW_C04rP#PpOf?B<NhOR9yO
z98_m2B_;Pp3>IEoUJy=Y0<3S9gb3&FpKFa?!szus3MVsiV$R<)N2`WIYiDBzW4%j2
zPP4)Wt}J9&$@ES_6SGa&`Zp`cmJu9PM2zBuVM{Tq5uNU>bv&mYW*Az`e*cclj)?~9
z9N4e>`1=b3rLD#|ty=AeD(y^?i~@tD-Qt7}F>Yc94ypv0@TPfX^U-64w%0^m7g8+F
zNvy1Ciq`<)&y37_+vA3dn@V?i`7CdsuL}gCjvB&WDxSz1{B$IPy*Q8thCJs<l7@&F
zb}CS~A9>J4;<HM)c-*R&v2dhS3~1Fe%wia(L2&1obWzv3Dr?CGWjN;7h=nGK<E;Q>
zbrbE^+WkKzcr+Vx{RJXBfVAB~liQxBz=`!Ze8v@feL*mGN>T?1cTS(6Wl&)teCoAe
z@(5}NYKb|m!j?Dbiid|nc*ZQ}Cm7R#EY3flyb4s2k~%I51u=VYGQD4FFO=9})m5?u
zvZ+>)?XAx#)xv<mxeD|KM@QVo`RZ7zy`d1n+lq3s@B$!7ICe7Q&eBZBMqamIAsaKK
z$ynjxAJx33jiv^HpVNHA_))t+gvyl=_E5*u@W7{${j!grV!=>KJZaKG=6$VCPXtim
z@g2dmjcXuO)>z9luX*Y=@g5UBOKT{{>g>-$UXc~bl(&{Jy^a}_-5AGlBAe{&$IAEt
zx*eD{^n3D41(X%mmmM0qM=GJpGvsAGOQrqUw4?Qc5yp~cU$&mKFj0BH`3NFqjBq$u
zV&O-uo$=npPRbsrBeCt+K((NwmR2-t>+Gnu6a`i>(rxVi;PWu5{V>uSP{aW*Q))ue
z-flO#TXlOlHgsT1=gs1Itzj5hiFQs~={)vujyu%bRdbiNU;%z%6Xnf`zTtY6-*d6#
zpv}o5s14ur@lK@iuwnqPB&4*=8j(>;yM-G+{%_g2RJJBIL1J>gYg4{y)`Gf}!def3
zsMR8anbs)e@cE|i45nBw`gWidMgQqY+?I|@D!Q*0JL~zhz02Q|lpq&1MHwf%4tW`v
z_+s5nc5`MiQY0m|!{|zGv#{nL0;+1P|E8~Mo)}_;Ubyp*`__K}87z;Up0;L}5A>B5
z_y}emyQ&ZClo>r&^(rpuRah@@_{$|oA+wxx5^;ButMc{o6>r3bRr`|?`%5%}8iH-5
z5V8D@YoeW~5+2$MFr-`Z8|rLd$8eI42<vBRrUN`k$;VskixI@MQKLc`8^-m7_Gp$C
z0F@JRDs1NNi`@T!sIpAVOq|*G_fxleqpAJo(0C;i>6qaLpV~3K-V3e`$lN$dU<zA%
z!Ndz#%p%(@n3i^E2+>K0fv)Gzy&Xa&gCFdyE~wMA&SI+UFw(RX_OLabcM>F5z0<Gf
ziM2dd0{E7M_%jl_pLJEoQ|*!XG?N(QAv=uL>R5D)aVhCQbFojgbsDJB!D~G;xLvUE
z{@Myi8r<6@4ibtss}dX~`rTZ|5mb!OE&EpfEu)~siCe?KQwnH1F$hLhI)=rLQwYo0
zibgvqeC5z<B<r-1`Qpm~Z999lZ9eMNoA7HvH*(U^grkgWIZS-l`EZMSYZe=n5L!)I
z7{Zjr8fbhVW03Td`EpuH5S6vWzMpd54Orwb-ia=Xbqe+dN1|qhin?^VFg+=g$AWTf
z#IuTL{H&T?bl`EoAobANqw<wjg-%L@F$JRCuTu&5diIH(y=)ssCVk<|AuJcV18h{Q
z5ZNnUBh>=O#_Gd}63KST9NMbhMhZ;cW4fdzS&%Vca^{VM6;DbzgMCQsG(qu?KeyB7
z+6Qr4Fxtzo>EM*-s_d?;4@`49BUnq4#!v@Q7n&mjLQ7@inTZo1EZcm;AycrjY!uD&
z)anL<FT5zhEYAKS3GWnDB@>weuy`C}8a885>`vw$3}#gT<%UFlXi{oeaGoRBOf#?R
zJsL7#HTsU%0cDpmi69Ow1K1{Sw|eqwfr9aJl>b>uqR=Y`n5GYn!$(bgHChU+3-rv+
zV$W;9&`Vo=7l<2=s8@ojRnm&SioocP=u+XzoFug;<U$6bH<$Tj1eo6;#jJmBLX5Hc
zV}`kUc9Yx*p|pZATZXyOiaw-r9~;ET<AO?nW7OP=r2Skk$0A3ukER`~-5tW4Ogp#j
zycgt#7uz{X1)Q-eJ`<1e!l}4UBO0%KRGFQ$Z{j2#>ITwq9#67=h>;itGHyeRgO=em
z&Rw~X@aabNQK~DHwu$k|-c7X6&8A8sOf%;2>0hIMD%->aJURbS$KW;!3X~f9#Wc7N
z{KmK(P$OW&0%fjYhDQ!8XJY6c&|o2s^YG`MwiK%KO;xgU$W&%9PNH2yb8(V`&#cVU
z>fn~_Sngh}?9?Pie~(b_HOQ80`LPM!iep~Q+b9+n5KLO(5JEKW{G|qTfRaXuQYury
z$&5^Zoc7c|m=BDFJk@+WK1U_>`?+2Md`{<cZ`WoBFVk<ajjS}+_lF{BX)$dN;L*{`
z>Xd+X`}OaKHhhO@JlV7qN`@&M<{mfTPx6(1t4qej3cMOhU5fl+Qlbh*>>%cf-gJW*
zG7jTi346MW22wIQajE;PWzOtL8U-`1LI`Do#31}|SVz5x^3Ca`;qNO}4UuXypd^ck
z>g3$#9XC@KTg9{VR!-xA38v-aGxp`N;vGC_0^$Y9c$c%ki*o!d-6=6~p+}n9Ge|zX
zPgqPoz6$AflP2v`hqQQz93@3Up`Ag!akA{u{e@8GlCaEcrJfqOTQa>OiG1_&U=nhC
z({&QU>bN`LXA8+{!XKWa0z7qTpx+Wx5<;4^xub7db?tKkig)IAqM4jZcKW6-326%K
z#dL%pNLmK!@utP@mg<k`K_E#bMT8}0<jB+2v~!&`X-Vun9g7uZMjuS!f&!7n5bPre
zu88Tn6~-T7cWrr>T(14rH&0GoXl`dtT~o-44%|ZxhxQGa(e%U|vTTwMAd0Qkl={q&
zv;l8qF|>rRwzF~TUt^E!@xr82+#V@k0Sr#K9~zD8Y7_S*TU<qNF_=!#Mq{>~GBI2s
z6Evry#Xp_tWS;)D>z2ctI(JP_2ey1Nw{|c;ZT?zP%g3=(m~+3M$(N-cm6;bb5+G~g
zs%F|PtR+ziinxr&%fLK31)BJ)Jr@6lzW1@+>#{7Wy0vPwnpd%Gu#53p089CSke13Z
z3?Q!bF*Hh{I)9m-H($zOSTV1?T0}HUGh&pwt!oJ1v^aHJFc(&`cpX6L-^*wplzD^T
zJH$Wr=-zD>m(NDs3mK&;yd;be=)CVJuTR8}8DeD#QjG*D$7Z2B2kxV!g)x_dA(j&B
zaVCp~s6IiRyH)#U{#vd5*uwcNF?o3FG;)2=2++7=kyaeg#LIV|lDV&U)##iL=Y;dI
zH&z;dL3s`_1>K-k=5MJM!pvfplB7aJ{t=?;64w*-w-Xi)N-A0mZOrz}hVva3e$CP_
zh0uCEne?g>xqE##5Eu#A^v*2$@iTEy-%6GvK<xWfEe0BZFN93l-@nsmnM%j}v1jN`
zQ+<-Ugi+~`C7G;y!f`3S@K6<)+?J4R5-uAlfSl{1$)u^B!k38HLWvgg?n6HcN29O>
z;EdCuJ0#QG4s$;Itv&fia$A5xD<ad)>8ccwC#MyJM|n@29k|3`ee~4ECEfBl<6(Jn
z`*gCO6do@NiDAwldz?r{Xh@edczU8jOUQcutCwnmq!vsg`BNEsGv8Feg>*N=WhLlK
z75p0sJ3LZ2AyK3jV?pXGm-d2D+;w6U9jC|jUy@whm$9Hb8<G!i#i#b>ZgKOz`7dKD
z#)QR%{&C*}Fd(Ijk7$B)G%T%vcp)<#6*cRsfgu>pl3TsPv9Z3W8=Q)yB!!Y94^ub{
ziv@&6*jXEKXcr*_VD|^F*1z(zBl+r07i_o#*{&Y!&?1&{rIdnzCmiQtqiaZV%i0Hu
z2IFK261AhpcmalcFDfVw00&*E^c%4%Ij`s#C;DT&De#yzzh6>Ix_d}1k+9aD7&Eip
zA4uw}XpcB?bY*^_V!o{cK$JpW!`~H8*zi(i4QII`z%uh{0;JZ;4wdjG**+nLDsGn@
z!x!z0;Y|zre68M`X7Z&TCH=1JkZ`-8ikayll+4iWucDNo<j+CvI<{wqZt@l+&oTX(
zIuc9^0G8nV{*%Eey?oGqnDo2-ys&LEZ~?#bhr~bZk;vyqq(YkxN2z=VRm`6K4Z)I2
zhW1-*$ypR=UUAMk#)8liFRd9BsSSo5aFmSx6VCnoy5`hv_xvd5yCF9-;mzk8eZNvQ
znHb0nb!!XB@+~z{b#Oa>+lIePlTnjb#$<MZwm_rS={eHMsbC0f=aEq|K@BirXili!
z-NcDIc-aa`?WFZ_e6<phl{kOSh%JA=o0oB(<mm+0hs!x#{WwwA=S8BXx@gglXduQL
zJJ<{rfnB;PMlgZ^mKKCDYUce}2IiJxZCWjXVju4XhquJ4qwlBFdA>i$Y9IG0()tT6
z0`S8I%oOHi(Zhni0~f1ooS>ntHssN=h_(mf3!DC*V%5h3&c`bD=bAk~XXtG1x#0Pr
zaMk_g=<#M=c1pIc*gp>o#IcapcbL;-(5J_)rr$sqkwqL^!9Z@X0ug}pMdv`m?QvOn
zRnVnTM>!vMDrG$U13yJPwuJZafkcR260m86x$u$|@1&SIxpnde@m~krxo{=&_u@tk
z@}D1#+3u@Uwlv{eTwez{OVXdL^2QpF?slO(_$A%7v&e?x4*V2*lj~F(=37Snok?U?
zQ<w5IC|S5iJ1($1Rj4XyNeMosOUF#xKR5%&Xr)BS=gd>oQfrH%5hkOc5W8MsTY&>%
zBOp+PoQX={5b+V)WXT!7u(kY&+w`seO*zM&ra2(-hDa(ke&~7M*2Wl|0F1vUafXsA
z^ObTgJjh#me?TL^R!KuZ<5YIx7EE5J4(+34nk+T39=TOqV`rI|R%g~9hf4)(OE&QR
z19_%2@%Tl#(c9S|c@MTDkz`n_5(;#`_Q^CcFnVGRj}qmZ*I_Q!EySA;L4cPmGNwui
z<*(*e-nd-ur%0Q@mX5Pc=@w~Y`nNAAmap><%+BDS=C<SuFK5wLYKb0CIufm!h#GmB
zMu^f5%K|~YYLh1FyiacWpv1sMnutdMJ@rf1Iz{)wZxT4M56A#@X2YDJ!Y<&7a1YhL
zdJ&$rcz}KbKzND%dc8~+ycc&Y7nK|PS3gxAvQP*<K5_(zI2~t%0ohj1e}ESZPk%ok
z_^zEjK=~3()~>IxJDn2yB!-#?1!sIl*X0vjN6fQ4NK|bxb$Wz4ZL!zJXf!QC;<WRh
zBAlXmU3t)TOQ`jLf!n49-U9R9Khq5SJk;OI!F_{dFfiU0oZZ~cpGci=v@Vf5<&zsm
zArB4nMJSQfVvpbZBN$O3WROP+jbr4muxJX9b_Pmd1R80&4XsDmJ5)e_Q(mEc`d6-&
zyui}>n)S+@w9C=n$0^5>P!?Re5MSnVcd-oi!>ClJMp)yb*9@mxD+7fRAK1G~w}Yt8
zl3MMwxJNZ@$|`8$A!F<O3*Xfe`SKlEs@7}s_&X9S;MhQSQV_Sk5uB?>jHtn;c96a2
z^Ls2u@*-uv6E-3B)DY$0aFs@}dY>?&IAF21#-vBFp$9~bbtP>({m5Ph)^t4^@=H1t
z#SEFe2f1WOp5J98NP!D&@^m`^DeSjQ+i*qLQ&}H4IEJVIXC@}*ZE=4Yb41&Yj)ixW
zTG&e1W>A_<Hm~ws*LLAGG{~=K$>a|GqMCh+cAceMixy@hf@{56t<#$AKS{-_vD9BD
zf{v7gQSY>EYfI?9hn#Deshde@84JlXa$Gr@<AkMB^aQgei$G+dY^^ZTGJQl_O6nzF
z<cK#K4oXccHPx=4hd91sI6l6<74%&*+s~{e81ngJPSM*eXn4-Sx(QF>rBli^Go3Ye
zUNc@*Nn$?^R40;*j{R?o*ILon=5n~_RU$C$ZCw_s-3T4OF_Ci{?1ybu+xA<s^pGtz
zYdmX)TGQJ0&wy?<o_9p;yYxmgHXlrv0&fM&R?jhhtEbJ1Gm&L&6YO<*c}P{(U~Vi4
zyIMbM14416Js5<Wib!_{?#DW*vTN4yTly-XkB^TWl}Cz~ek$aX+H~Z#KWhFn*u&OU
z5Ef%G#URN5r>UwNORYg9w>HKVl&mW&F<@YwzIL?aT?T?6)#lrlh}vHlX^w&`EzcGt
zNk^!1gA!ltsE{x>>y_^d@qUS?e~CcVcII8uh>YU=#y22?cyB8_m5}Ht^OJ1y50;_h
zY!CW!>Pv0Ejx4!MIb+SLS4q+p=hD!GgfC+HVJHD(u9v)^;d0Q*L|>)z^x!;R&P%+=
zQY9vB=m;#ZoaiqjMUJqYcccelxV(zJ6_A7C;$|6_EUyk*z`)pC=!~)bgBogq@{D9l
zN53dNCMsg8k%BkUzi4J5sCel9^PBTRJI-e2_Y%rMI5(zxYd*kf%Uoq-8DiK!!;CIx
zV%O5hW>S1&-hFw%<`7!T87EaYh?BV#i*WaFYz3Hpx`|>}-qY+EL7Qa#qqe@ob&NxZ
zK!>rU6wzg_fdoSkaUoE=TBP4Z%?UXJ^AS559}zXcEV#6OqSjij`;=@flYsEI;Nt$D
z7YvcnE^&08J=4p{IeR8-Yr5u6Q}2)x<(cb|H5q$_2BS4)UGT>KJKMAX{qnU1CJtQ1
za8RHF*ybWE1NFh`(TZbXi|*9bWD@I`Y>wfZI9_~6|FWh1p?J}_#AUit#0%PNbo|oj
zB6>kLdlOXil;fgHOt@XLG&%h?nw5r=<`Xt1pR>R};%Bjl9Bo5i3GUTcZZx41$OV|z
zmji~OOxM^yu_v+F@joV+m!dmM4$O>R$4P(-!S^ThRd}^R9JfUy^zoE=4D6Bb#@ACI
zf$U?%v)Nw=B|S>U!4@G`pn91>RErCOc=B*+t6DO4lRnk<=wt%jWQW$R1Lu|flg*)H
zvw6oW;htih!=BtK8pIs=kkhbY!W=kn5#IFaqBCakCXnnyRrVb+VaEG$y0bKc?@qvj
z*?GNyJ!^_o7w3i)!0OIK_OqIwdO4Y<i8!diyIS)NP1<_7k^n=OQBNln=tvJAMu>U!
zpI&FIZ<ZTcDrCPq(vU(^y#VU1Ia)D`hdkzjDuhu-DEwVlxfpTvi-e@qULyYbqIvD#
zD2gV&rdEh3G)qHMO>pWM#Ulx*<mN#C+NN!Da~%tV$T{W-t)d{g;)xi#%PwKb9B;2x
zzMTz1Lu+bbN(mb_3VkLP{`Vl!0y`tsYV6cT;JZ|7Op03|Y-3y_4&DB66MhHA<&_p&
ze|gYC@bwqxIrfevARJ+CclVtg_cZJtR}D`(LaaJKzXLvf3f{thMPkt1coCS%5w2PO
zG<SitGS38HW5X3HJHh^y`@>sZN6UFSihiFO?<0@5`pG|PX{pwN{tdi0&zhN86H^on
z<svNO2RXWg>q$b=<^vbecjj#<ju*A^16{2v1|Y!c7#C92JPNyD2ZYvex~w3g;4|Yc
zJ$fYCE7LR>%c`jnK5&Z8!TOsr4>)Oe=$@%x%+B}g_>-J-t8WR%Q#5ZzqTMza;T<Ty
zD!`ET(C1#ZeDS@cr^M>|@^!I73|wpaHEA<yyc0!DDxTxV+r+oE*4>Rz+Bkrx`JHEq
z&_K}YnvZTfDTLsvm_(^1v#(r27L8Ls>Em*OJ6b(c-Z9q7HbJS4;ts3|#Z~zu982+r
zJ_$%+ae6K9cj!T&Xmdr9`5RFjvvEBh>Gw-KAlwC^NIZ-kp^%7W+aBT8Mn-~glPAHm
zhrV(W$3oE$)|o&>Gl&2MEV)+v!r(=kyS^D$rnmVJ$k(=|m990$u{R=rr7IPfI^Ibm
zc@V!%;WFSn4t^S4K?OV!@3CvU1?(3NxrD40J%uu?96c8msSK&!v^K~~7Ar4RWuW`7
z6k@|jbI_@`x@$b*Vjq$BxE3{LbJQw({%8<uGk2~M!EsEQop%lHy36ii0*@QzzX)jy
z!ERu?*uZ}^juirFZ%+;jt~MjRi}@~dy6=uqu0-RIoO8XL%Laz)yRSw1!z(UjNvSpb
z-n@^G4sHbeLeq>m(QKYnTdTCMoe0Tr%c!t>v6k*U|D~xV@`(PO<0J|<ds}ybuR~n)
zw5F4NT}jTi%w(iJRxefzheCDvIKl!DkUC<UvIsd4&WeE&O?o^@3et6LmRM?%$z>2w
zcqc!57Eb5Zz60`ABu`&GEp%(_6(rvpEAJl`x|K<4$7>{Mju{7&<Uk9f{>gcEGIS&D
zwBD4VAK|^Aug`}F9sNWHM>8~0EHnCzaOiWT{+D(RU-b=zi3?GnLGEKzv+i?l$xljl
ze5$=GIm_VfKQ$YO*5<zYwjdPIw3@_hH2C|FBQz#YFu*4k=TT`Gd>M7BVg41()PxE}
zW@ns(`^HI8zPfbTg>r*rYUZ^k7FFaV8OI~g_M61zDbcb7Cl!?|nBr))vCsopc|p6=
zl*@IxyaJ&e5@9#y?x@e>wU$7+bK*Pu8eP$XD2(>kETwC1OyPdI<{`Bi^*Pg<{s?4-
z@R3F)M_>oXuy<^XE}Ro^YT&PgcM0>`8=L?AG$Uu5Lx`KtnV;)8f6exruU#Zh2O6>L
zr)}gD5`GFz2zY{M>@qmb;+aly?$`q%N*2v|JM3?0iVkUb=6;%gsxO5Gv779**I~}t
zh9#|zTa@w_3%}7^kHLiH;ZxCHaev3onugGLkpmNG#pkh|w3WKiD<p~U_N;`BluPCB
zzQJU3d<e`BRnV_R6YC<+B#8~VtxzJGRV7P9^u0{Y#!SROVJeX-`W#Rq7%W{Uu<o1P
zhxn8*XL!^D7Rv2myvarC>$dfqyEG?{8c8NNImZZDkhaFG#7I>dZo_|FY#9|48+dOG
zR{$@Td0D7tJA-9qE0(XS;qtIaA}{XT8-N_TQ8T(#<V6=kaFAQQwOANQ(qmdZ#w>Pf
zQ=`Hz=4Ffe7=8xc-D~*1LLuit2gyiTpGvXaG@AmFAYoLX$9Mrtw12bJ3E}}U0f_%J
zRQP%G^z~>-D!u6OE+s|KNNEAcm;ug_zkyR~lKrj(X93?VAL3qY=+}Y_qd^68u~gk@
z<3z|}u=iJRBnq=6^SnyiKMfQ`bP^q5ey*aMlxDh3wX-8Xl9DWC+&lm5k9%mM3}zn~
zqB+k!_SIZfv6wt8Rkn4#BksqL0K913YCQ0G_)hAKU8~~uCPTKMq5Z6R7ySvc{tArx
z!v}4WZ10=6yt9`;>%)EIEPh658GgKpER8Rh1@?nYDJuZR$Sh<k(8PKfjeb|Qnr(8R
zwR|INtbnm0x%y;^ODYf7ixdm;DJs`<Pd>DY)RUfvZmbV}GN-h}8f1(}Ost<r4jn6m
zG--FnCm2Ksk#OwjMrBNrgOt{QGZ5H7U-&|;dtV2~dB`cr(%tl{V9Rrin5uPOB{CDc
zxq!Yz&~UlvOoFzwSl5kIU0>H}?h#W;iIZdX9YZfql{vtbM%Cm?RD+|Gk9RIMn64ui
zHjP>;Wej_%7cahNAwh3sv=r46)kDEsNB}J}3`=a8U^E}w-1_@Lg+gYTFak;=x85D~
zP4Z&j&Xb=M`j@hL15zxa_g7{enF46Ob~8RDN8?Jbb*CS?EN*+ctp9yz>Diz)ojLE3
zvxqj_Rq2K)?S$c3D;u29Cxbph2KCSs>8pQ|QWOhxpiGWbjg>X_5`d}dZ<};y4^Vbe
z%@%V^vYzNW#b%s&`Mef#sQ@!-WFeM<?G7pPJMXD>yc=uBVravIY&d+Rl~V@bzEY~_
z0uVne$qTflm2N{*FyLlWOlYocZl%{y+kSg0f;9E0PaUtcAm|&3(UAu~4(sK|B4I_I
z;863Wc8rAnv|g1GJ1LhhGhLUsXZj{%4cr0A67fD>OSpoZmXoG!F#(q6CdJAMUF6W^
ztbs?IfOxCQIA^jJbb}kmHDoaA!M4DwMGv?4%9T5o1{Oygk+7z?k3nJ$(LrTktJuh|
ziuSoietj3w{lw2#J0A;Hg+RLfimxd`({pHLVEBm((i>++AwmrxHZz+;2NX1hk-Y`1
z7lr~hH;6|D{#f6~Bm)KfBUA(}R{E#&1rU7lqSrlVNaLo?<gZr#Op`Y0GGxKHwHNxd
zAN%n1dBK9Ng1<q`9TMqNsuGeksr-_MA+K_dyjWAjV7MYRbtym_ga9?W7`bOT;Yuk+
zZ6S*7oXinkYc8M8F}xnvZe2i+FQ?wv0&4gS%{09Urd9T4mI9rnTZ*Qm?PsP*h5B5$
zX{ZB~=n2khwu!FWUf*O82HG~~Q#5D+W-aReRI;ehLDpuc*!oGj;L?SA$$pWLrP*(0
zQPyG?ziXgphg;@3hO%udJYBV4QK7%_ni91vx%ySKU@H04y!x7Q6{)*{A;a`bDKX2#
zE6N-bF5O;`?m)8wHWecxYPMiCfPMXM<{z8NR*0)u@m=SSI_njG@cGRxKgU+P%3s+T
zC4Fblrvg2{5hCJw5MPmu8Q9RgYBAt8STL+cP!kdy8}w@1Nx4>Z@EghGiuLsXdVv|t
zEPSP)ed}@U@K<2Xm_<2yux*wK+EbAe6b{9o(rUU_4nRkZ5bUpQ9;a$TfxBt$l~>&_
znep=c?adAyb<b9sp!7<u9zU07T|1<5O~Vgtbg{%h?Z8jfKIkknZ(>vpJ@ShHg;8no
zOMFMBl6`y{8qAsBwmrQXE2>jxiYH3JV$P5$5u|A${8KyRc{=_ncO%m9p@v-$CNvn<
zWug=&tUzZ>9r6#mcpD&(^8}4LOu!_43Kl0eSVHVh7ppY9jq+Ep-Kw!hjvSldF>Lt6
zk91mMxwV%I_2ZMysPc&oQEn7pfSN8X3=is7gs^bZmCf0;Q8zzzSANzQw!Up0u_#3_
z5(xjlvouocY%ZH+a1~z63FaP!tgM>i0=hb4FW_pub_9mD6ocx))8q8UM&8b*T?-a=
z21jCpWcpP^ZBwy}1Peze%^as%mAnhLZ2#Xdj69hSw9T92``Eb?M3ZGAVvkZY6>R##
z?=;?8^MI>ZqPcyN;b<pfh2c#wJ@%Lg`$!fISkC(Fja>d$3Gb8e!uBOK<lyq=uTD_I
zHDKj@p!h%M=nuMUde|89e<q~SD;WxPG7XpKHd*2-HomQ)BOle_ItOT?;_HJLm>A2d
z!cWY@SD%p^XNYe`M#C6fb3djAHL!Rz!>UPKjSF{(Ae>U2;N-8$rdTRPHsZtHrvgX>
z>2=$a$`u=!{+b|L3Z|2|Iax*Sd#q>88vy;-xW!%=`z23woC7i8)U8wb{wyva)Yc1T
zzI|zW&~qaU3O&%!88NfRXo-m!gQ?IW7g`U2<hN{!7)!pEAL8p`&%Pu<(<~Intk-If
zs<0fK<Xv()U~V*7Gj#<T(idsJb<?ddSJmLvM3M=tt3$S07nKmkIPlvu{S~JgM+f3{
z(xnkqvb=HjAZ?`U9vg6F;7V{wn;g>EfUg_T^fo8AxoXR+>tXnrAN>87FKNBUIQ-hd
z8+thf^YK=zSLiunmocccxJ4P@6;Wuu{aC@WhwRmSdPL9~GIY6pixqmTZ1HncUtUh7
z^o~y_;CCH<3u71pgAtU=n+h~_m_D#d7>z+$I{0M~D*+(^xSyi#``dqsKcOG}z6jDI
zk*lu3UF}725KpQXBmws25Q7)Ozf)(6s4S~h_^_nfH~%kKNjF6zQqC#I=$cRE^Z1Tv
zOz9L3sFy-;N!tN_=t^Jf^Jty?TRi%`endtnV7rP;J&_@m;Za~z*rSEhdI@OJv$1BA
z0H1qGF8`O#u;dy47iRqkg+z^)2G645o;)uE8PeHo{OS3xl|xP+L{k0TrFfmYJvs)6
zi8_R6x({I>bpZO|3N*z$jTGqf@0BvsWgOzo$vVv994YS9i-j(24YzT<cH?Bj0^p4w
z;6I#{(pv0{l}-QvCnp#{2}u?N6diyL0DRL!H)RE@q=hAcvLOEF$ePxs0fPqsz~D(6
zO#<a2{*P>Q`ok;^002OO008jc`~SVA^P~|agW~=-pC$kI5vUPwlA{1;T6{7n{C`XH
z|09joOY2Ss6@>oY{@dPG%C{8hJ?%9Gl>NW;l+(T?=I?1lDWFvUW%Yks0RZs-=LsP9
zJ*_SUlmhzy@%}%3!PeeEQocY55dU9y22A~KL;e6s83)Dtf4BXYO^J^*i*K9%?Ztm-
z`+aNc{eQLptF8IF?F$qm?Ku?`ndCpg`JbK<{m&D?`L`-DD5=<gJM_P9-KZS8?&&*_
zbm0FL{r}N}@)HDLXXa|e;Av;8^nVY~|LT=C`=9Wr0@5zN_uBul`#;&e|Ia~51OWxO
zn7O)I*;}~$|6S{UvXjF85BmTBH*A_gIw<ykhr&Dk+u|;ET3R~jkN+Bw|M>*L{U80B
RaMRY)K?xvJqd~vr{};El_w)b&


From a0d67b75593878b1b6e39e2acc1773b3effedb2a Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 17 Apr 2022 00:32:15 -0400
Subject: [PATCH 807/812] Fix for GHSL-2022-008 vulnerability.

---
 src/main/java/org/owasp/esapi/reference/DefaultValidator.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/org/owasp/esapi/reference/DefaultValidator.java b/src/main/java/org/owasp/esapi/reference/DefaultValidator.java
index 530e2efa8..0699a5287 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultValidator.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultValidator.java
@@ -466,7 +466,7 @@ public String getValidDirectoryPath(String context, String input, File parent, b
 			if ( !parent.isDirectory() ) {
 				throw new ValidationException( context + ": Invalid directory name", "Invalid directory, specified parent is not a directory: context=" + context + ", input=" + input + ", parent=" + parent );
 			}
-			if ( !dir.getCanonicalPath().startsWith(parent.getCanonicalPath() ) ) {
+			if ( !dir.getCanonicalFile().toPath().startsWith( parent.getCanonicalFile().toPath() ) ) { // Fixes GHSL-2022-008
 				throw new ValidationException( context + ": Invalid directory name", "Invalid directory, not inside specified parent: context=" + context + ", input=" + input + ", parent=" + parent );
 			}
 

From fee328dce6d6fe52ecd1b26b778051cba506840b Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 17 Apr 2022 00:33:22 -0400
Subject: [PATCH 808/812] Add new test case to verify GHSL-2022-008 fix. Major
 clean up of numerous other test cases.

---
 .../owasp/esapi/reference/ValidatorTest.java  | 337 ++++++++++--------
 1 file changed, 192 insertions(+), 145 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
index 50972652c..e1642b3ff 100644
--- a/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
+++ b/src/test/java/org/owasp/esapi/reference/ValidatorTest.java
@@ -73,17 +73,17 @@ public void testAddRule() {
 
     @Test
     public void testAssertValidFileUpload() {
-        //		assertValidFileUpload(String, String, String, byte[], int, boolean, ValidationErrorList)
+        // TODO -		assertValidFileUpload(String, String, String, byte[], int, boolean, ValidationErrorList)
     }
 
     @Test
     public void testGetPrintable1() {
-        //		getValidPrintable(String, char[], int, boolean, ValidationErrorList)
+        // TODO -		getValidPrintable(String, char[], int, boolean, ValidationErrorList)
     }
 
     @Test
     public void testGetPrintable2() {
-        //		getValidPrintable(String, String, int, boolean, ValidationErrorList)
+        //	 TODO -	getValidPrintable(String, String, int, boolean, ValidationErrorList)
     }
 
     @Test
@@ -92,7 +92,7 @@ public void testGetRule() {
         ValidationRule rule = new StringValidationRule("rule");
         validator.addRule(rule);
         assertEquals(rule, validator.getRule("rule"));
-        assertFalse(rule == validator.getRule("ridiculous"));
+        assertFalse("Found unexpected validation rule named 'ridiculous'.", rule == validator.getRule("ridiculous"));
     }
 
     @Test
@@ -116,13 +116,13 @@ public void testGetValidCreditCard() {
         assertEquals(2, errors.size());
 
         assertTrue(instance.isValidCreditCard("cctest1", "1234 9876 0000 0008", false, errors));
-        assertTrue(errors.size()==2);
+        assertEquals(2, errors.size());
         assertTrue(instance.isValidCreditCard("cctest2", "1234987600000008", false, errors));
-        assertTrue(errors.size()==2);
+        assertEquals(2, errors.size());
         assertFalse(instance.isValidCreditCard("cctest3", "12349876000000081", false, errors));
-        assertTrue(errors.size()==3);
+        assertEquals(3, errors.size());
         assertFalse(instance.isValidCreditCard("cctest4", "4417 1234 5678 9112", false, errors));
-        assertTrue(errors.size()==4);
+        assertEquals(4, errors.size());
     }
 
     @Test
@@ -302,35 +302,35 @@ public void testIsValidDirectoryPath() throws IOException {
             assertFalse(instance.isValidDirectoryPath("test", "/tmp/../etc", parent, false));
 
             assertFalse(instance.isValidDirectoryPath("test1", "c:\\ridiculous", parent, false, errors));
-            assertTrue(errors.size()==1);
+            assertEquals(1, errors.size());
             assertFalse(instance.isValidDirectoryPath("test2", "c:\\jeff", parent, false, errors));
-            assertTrue(errors.size()==2);
+            assertEquals(2, errors.size());
             assertFalse(instance.isValidDirectoryPath("test3", "c:\\temp\\..\\etc", parent, false, errors));
-            assertTrue(errors.size()==3);
+            assertEquals(3, errors.size());
 
             // Windows paths
             assertTrue(instance.isValidDirectoryPath("test4", "C:\\", parent, false, errors));                        // Windows root directory
-            assertTrue(errors.size()==3);
+            assertEquals(3, errors.size());
             assertTrue(instance.isValidDirectoryPath("test5", sysRoot, parent, false, errors));                  // Windows always exist directory
-            assertTrue(errors.size()==3);
+            assertEquals(3, errors.size());
             assertFalse(instance.isValidDirectoryPath("test6", sysRoot + "\\System32\\cmd.exe", parent, false, errors));      // Windows command shell
-            assertTrue(errors.size()==4);
+            assertEquals(4, errors.size());
 
             // Unix specific paths should not pass
             assertFalse(instance.isValidDirectoryPath("test7", "/tmp", parent, false, errors));      // Unix Temporary directory
-            assertTrue(errors.size()==5);
+            assertEquals(5, errors.size());
             assertFalse(instance.isValidDirectoryPath("test8", "/bin/sh", parent, false, errors));   // Unix Standard shell
-            assertTrue(errors.size()==6);
+            assertEquals(6, errors.size());
             assertFalse(instance.isValidDirectoryPath("test9", "/etc/config", parent, false, errors));
-            assertTrue(errors.size()==7);
+            assertEquals(7, errors.size());
 
             // Unix specific paths that should not exist or work
             assertFalse(instance.isValidDirectoryPath("test10", "/etc/ridiculous", parent, false, errors));
-            assertTrue(errors.size()==8);
+            assertEquals(8, errors.size());
             assertFalse(instance.isValidDirectoryPath("test11", "/tmp/../etc", parent, false, errors));
-            assertTrue(errors.size()==9);
+            assertEquals(9, errors.size());
 
-        } else {
+        } else {    // Non-Windows OS case...
             // Windows paths should fail
             assertFalse(instance.isValidDirectoryPath("test", "c:\\ridiculous", parent, false));
             assertFalse(instance.isValidDirectoryPath("test", "c:\\temp\\..\\etc", parent, false));
@@ -357,40 +357,93 @@ public void testIsValidDirectoryPath() throws IOException {
 
             // Windows paths should fail
             assertFalse(instance.isValidDirectoryPath("test1", "c:\\ridiculous", parent, false, errors));
-            assertTrue(errors.size()==1);
+            assertEquals(1, errors.size());
             assertFalse(instance.isValidDirectoryPath("test2", "c:\\temp\\..\\etc", parent, false, errors));
-            assertTrue(errors.size()==2);
+            assertEquals(2, errors.size());
 
             // Standard Windows locations should fail
             assertFalse(instance.isValidDirectoryPath("test3", "c:\\", parent, false, errors));                        // Windows root directory
-            assertTrue(errors.size()==3);
+            assertEquals(3, errors.size());
             assertFalse(instance.isValidDirectoryPath("test4", "c:\\Windows\\temp", parent, false, errors));               // Windows temporary directory
-            assertTrue(errors.size()==4);
+            assertEquals(4, errors.size());
             assertFalse(instance.isValidDirectoryPath("test5", "c:\\Windows\\System32\\cmd.exe", parent, false, errors));   // Windows command shell
-            assertTrue(errors.size()==5);
+            assertEquals(5, errors.size());
 
             // Unix specific paths should pass
             assertTrue(instance.isValidDirectoryPath("test6", "/", parent, false, errors));         // Root directory
-            assertTrue(errors.size()==5);
+            assertEquals(5, errors.size());
         	// Note, we used to say that about '/bin', but Ubuntu 20.x
             // changed '/bin' to a sym link to 'usr/bin'. We can't use '/etc'
             // because under MacOS, that is a sym link to 'private/etc'.
             assertTrue(instance.isValidDirectoryPath("test7", "/dev", parent, false, errors));      // Always exist directory
-            assertTrue(errors.size()==5);
+            assertEquals(5, errors.size());
 
             // Unix specific paths that should not exist or work
             assertFalse(instance.isValidDirectoryPath("test8", "/bin/sh", parent, false, errors));   // Standard shell, not dir
-            assertTrue(errors.size()==6);
+            assertEquals(6, errors.size());
             assertFalse(instance.isValidDirectoryPath("test9", "/etc/ridiculous", parent, false, errors));
-            assertTrue(errors.size()==7);
+            assertEquals(7, errors.size());
             assertFalse(instance.isValidDirectoryPath("test10", "/tmp/../etc", parent, false, errors));
-            assertTrue(errors.size()==8);
+            assertEquals(8, errors.size());
+        }
+    }
+
+    private static void mkdir(String dirname) throws IOException {
+        File file = new File( dirname );
+
+        if ( file.exists() && file.isDirectory() ) {
+            return;
+        } else if ( file.exists() ) {
+            throw new IOException("Filename " + dirname + " already exists, but is not a directory.");
+        }
+
+        file.deleteOnExit();    // Mark the directory that we create below to be deleted when the JVM exits.
+
+        boolean flag = file.mkdir();
+
+        if ( !flag ) throw new IOException("Failed to create directory: " + dirname);
+
+        return;
+    }
+
+    // GitHub issue # xxxx - GHSL-2022-008
+    @Test
+    public void testIsValidDirectoryPathGHSL_POC() throws IOException {
+        // Note this uses different 'parent' and 'input' directories that generally don't already
+        // exist, so we will may have to create them and then remove them. The above
+        // mkdir() method does this.
+
+        Validator instance = ESAPI.validator();
+        ValidationErrorList errors = new ValidationErrorList();
+
+        String input = null;
+        File parent = null;
+
+        boolean isWindows = (System.getProperty("os.name").indexOf("Windows") != -1) ? true : false;
+        if (isWindows) {
+            input = "C:/temp/esapi-test2";
+            parent = new File("C:/temp/esapi-test/");   // Note the trailing '/'.
+        } else {
+            input = "/tmp/esapi-test2";
+            parent = new File("/tmp/esapi-test/");      // Note the trailing '/'.
         }
+
+        // Create the 2 directories and set them to be deleted when the JVM exists.
+        mkdir( input );
+        mkdir( parent.getCanonicalPath() );
+
+        // Before the fix, this incorrectly would return 'true' even though
+        // 'esapi-test2' directory clearly was not within the 'esapi-test'
+        // directory.
+        //
+        assertFalse( instance.isValidDirectoryPath("GHSL-2022-008", input, parent, false, errors) );
+        assertEquals( 1, errors.size() );
     }
 
+
     @Test
     public void TestIsValidDirectoryPath() {
-        // isValidDirectoryPath(String, String, boolean)
+        // TODO - isValidDirectoryPath(String, File, boolean) - returns true if no exceptions thrown
     }
 
     @Test
@@ -400,56 +453,56 @@ public void testIsValidDouble() {
     	ValidationErrorList errors = new ValidationErrorList();
     	//testing negative range
         assertFalse(instance.isValidDouble("test1", "-4", 1, 10, false, errors));
-        assertTrue(errors.size() == 1);
+        assertEquals(1, errors.size());
         assertTrue(instance.isValidDouble("test2", "-4", -10, 10, false, errors));
-        assertTrue(errors.size() == 1);
+        assertEquals(1, errors.size());
         //testing null value
         assertTrue(instance.isValidDouble("test3", null, -10, 10, true, errors));
-        assertTrue(errors.size() == 1);
+        assertEquals(1, errors.size());
         assertFalse(instance.isValidDouble("test4", null, -10, 10, false, errors));
-        assertTrue(errors.size() == 2);
+        assertEquals(2, errors.size());
         //testing empty string
         assertTrue(instance.isValidDouble("test5", "", -10, 10, true, errors));
-        assertTrue(errors.size() == 2);
+        assertEquals(2, errors.size());
         assertFalse(instance.isValidDouble("test6", "", -10, 10, false, errors));
-        assertTrue(errors.size() == 3);
+        assertEquals(3, errors.size());
         //testing improper range
         assertFalse(instance.isValidDouble("test7", "50.0", 10, -10, false, errors));
-        assertTrue(errors.size() == 4);
+        assertEquals(4, errors.size());
         //testing non-integers
         assertTrue(instance.isValidDouble("test8", "4.3214", -10, 10, true, errors));
-        assertTrue(errors.size() == 4);
+        assertEquals(4, errors.size());
         assertTrue(instance.isValidDouble("test9", "-1.65", -10, 10, true, errors));
-        assertTrue(errors.size() == 4);
+        assertEquals(4, errors.size());
         //other testing
         assertTrue(instance.isValidDouble("test10", "4", 1, 10, false, errors));
-        assertTrue(errors.size() == 4);
+        assertEquals(4, errors.size());
         assertTrue(instance.isValidDouble("test11", "400", 1, 10000, false, errors));
-        assertTrue(errors.size() == 4);
+        assertEquals(4, errors.size());
         assertTrue(instance.isValidDouble("test12", "400000000", 1, 400000000, false, errors));
-        assertTrue(errors.size() == 4);
+        assertEquals(4, errors.size());
         assertFalse(instance.isValidDouble("test13", "4000000000000", 1, 10000, false, errors));
-        assertTrue(errors.size() == 5);
+        assertEquals(5, errors.size());
         assertFalse(instance.isValidDouble("test14", "alsdkf", 10, 10000, false, errors));
-        assertTrue(errors.size() == 6);
+        assertEquals(6, errors.size());
         assertFalse(instance.isValidDouble("test15", "--10", 10, 10000, false, errors));
-        assertTrue(errors.size() == 7);
+        assertEquals(7, errors.size());
         assertFalse(instance.isValidDouble("test16", "14.1414234x", 10, 10000, false, errors));
-        assertTrue(errors.size() == 8);
+        assertEquals(8, errors.size());
         assertFalse(instance.isValidDouble("test17", "Infinity", 10, 10000, false, errors));
-        assertTrue(errors.size() == 9);
+        assertEquals(9, errors.size());
         assertFalse(instance.isValidDouble("test18", "-Infinity", 10, 10000, false, errors));
-        assertTrue(errors.size() == 10);
+        assertEquals(10, errors.size());
         assertFalse(instance.isValidDouble("test19", "NaN", 10, 10000, false, errors));
-        assertTrue(errors.size() == 11);
+        assertEquals(11, errors.size());
         assertFalse(instance.isValidDouble("test20", "-NaN", 10, 10000, false, errors));
-        assertTrue(errors.size() == 12);
+        assertEquals(12, errors.size());
         assertFalse(instance.isValidDouble("test21", "+NaN", 10, 10000, false, errors));
-        assertTrue(errors.size() == 13);
+        assertEquals(13, errors.size());
         assertTrue(instance.isValidDouble("test22", "1e-6", -999999999, 999999999, false, errors));
-        assertTrue(errors.size() == 13);
+        assertEquals(13, errors.size());
         assertTrue(instance.isValidDouble("test23", "-1e-6", -999999999, 999999999, false, errors));
-        assertTrue(errors.size() == 13);
+        assertEquals(13, errors.size());
     }
 
     @Test
@@ -478,7 +531,7 @@ public void testIsValidFileName() {
         assertTrue("Simple valid filename with a valid extension", instance.isValidFileName("test", "aspect.txt", false, errors));
         assertTrue("All valid filename characters are accepted", instance.isValidFileName("test", "!@#$%^&{}[]()_+-=,.~'` abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890.txt", false, errors));
         assertTrue("Legal filenames that decode to legal filenames are accepted", instance.isValidFileName("test", "aspe%20ct.txt", false, errors));
-        assertTrue(errors.size() == 0);
+        assertEquals(0, errors.size());
     }
 
     @Test
@@ -498,7 +551,7 @@ public void testIsValidFileUpload() throws IOException {
         Validator instance = ESAPI.validator();
         assertTrue(instance.isValidFileUpload("test", filepath, filename, parent, content, 100, false));
         assertTrue(instance.isValidFileUpload("test", filepath, filename, parent, content, 100, false, errors));
-        assertTrue(errors.size() == 0);
+        assertEquals(0, errors.size());
 
         filepath = "/ridiculous";
         filename = "aspect.txt";
@@ -510,7 +563,7 @@ public void testIsValidFileUpload() throws IOException {
         }
         assertFalse(instance.isValidFileUpload("test", filepath, filename, parent, content, 100, false));
         assertFalse(instance.isValidFileUpload("test", filepath, filename, parent, content, 100, false, errors));
-        assertTrue(errors.size() == 1);
+        assertEquals(1, errors.size());
     }
 
     @Test
@@ -554,54 +607,54 @@ public void testisValidInput() {
         ValidationErrorList errors = new ValidationErrorList();
 
         assertTrue(instance.isValidInput("test1", "jeff.williams@aspectsecurity.com", "Email", 100, false, errors));
-        assertTrue(errors.size()==0);
+        assertEquals(0, errors.size());
         assertFalse(instance.isValidInput("test2", "jeff.williams@@aspectsecurity.com", "Email", 100, false, errors));
-        assertTrue(errors.size()==1);
+        assertEquals(1, errors.size());
         assertFalse(instance.isValidInput("test3", "jeff.williams@aspectsecurity", "Email", 100, false, errors));
-        assertTrue(errors.size()==2);
+        assertEquals(2, errors.size());
         assertTrue(instance.isValidInput("test4", "jeff.wil'liams@aspectsecurity.com", "Email", 100, false, errors));
-        assertTrue(errors.size()==2);
+        assertEquals(2, errors.size());
         assertTrue(instance.isValidInput("test5", "jeff.wil''liams@aspectsecurity.com", "Email", 100, false, errors));
-        assertTrue(errors.size()==2);
+        assertEquals(2, errors.size());
         assertTrue(instance.isValidInput("test6", "123.168.100.234", "IPAddress", 100, false, errors));
-        assertTrue(errors.size()==2);
+        assertEquals(2, errors.size());
         assertTrue(instance.isValidInput("test7", "192.168.1.234", "IPAddress", 100, false, errors));
-        assertTrue(errors.size()==2);
+        assertEquals(2, errors.size());
         assertFalse(instance.isValidInput("test8", "..168.1.234", "IPAddress", 100, false, errors));
-        assertTrue(errors.size()==3);
+        assertEquals(3, errors.size());
         assertFalse(instance.isValidInput("test9", "10.x.1.234", "IPAddress", 100, false, errors));
-        assertTrue(errors.size()==4);
+        assertEquals(4, errors.size());
         assertTrue(instance.isValidInput("test10", "http://www.aspectsecurity.com", "URL", 100, false, errors));
-        assertTrue(errors.size()==4);
+        assertEquals(4, errors.size());
 //        This is getting flipped to true because it is no longer the validator regex's job to enforce URL structure.
         assertTrue(instance.isValidInput("test11", "http:///www.aspectsecurity.com", "URL", 100, false, errors));
-        assertTrue(errors.size()==4);
+        assertEquals(4, errors.size());
         assertFalse(instance.isValidInput("test12", "http://www.aspect security.com", "URL", 100, false, errors));
-        assertTrue(errors.size()==5);
+        assertEquals(5, errors.size());
         assertTrue(instance.isValidInput("test13", "078-05-1120", "SSN", 100, false, errors));
-        assertTrue(errors.size()==5);
+        assertEquals(5, errors.size());
         assertTrue(instance.isValidInput("test14", "078 05 1120", "SSN", 100, false, errors));
-        assertTrue(errors.size()==5);
+        assertEquals(5, errors.size());
         assertTrue(instance.isValidInput("test15", "078051120", "SSN", 100, false, errors));
-        assertTrue(errors.size()==5);
+        assertEquals(5, errors.size());
         assertFalse(instance.isValidInput("test16", "987-65-4320", "SSN", 100, false, errors));
-        assertTrue(errors.size()==6);
+        assertEquals(6, errors.size());
         assertFalse(instance.isValidInput("test17", "000-00-0000", "SSN", 100, false, errors));
-        assertTrue(errors.size()==7);
+        assertEquals(7, errors.size());
         assertFalse(instance.isValidInput("test18", "(555) 555-5555", "SSN", 100, false, errors));
-        assertTrue(errors.size()==8);
+        assertEquals(8, errors.size());
         assertFalse(instance.isValidInput("test19", "test", "SSN", 100, false, errors));
-        assertTrue(errors.size()==9);
+        assertEquals(9, errors.size());
         assertTrue(instance.isValidInput("test20", "jeffWILLIAMS123", "HTTPParameterValue", 100, false, errors));
-        assertTrue(errors.size()==9);
+        assertEquals(9, errors.size());
         assertTrue(instance.isValidInput("test21", "jeff .-/+=@_ WILLIAMS", "HTTPParameterValue", 100, false, errors));
-        assertTrue(errors.size()==9);
+        assertEquals(9, errors.size());
         // Removed per Issue 116 - The '*' character is valid as a parameter character
 //        assertFalse(instance.isValidInput("test", "jeff*WILLIAMS", "HTTPParameterValue", 100, false));
         assertFalse(instance.isValidInput("test22", "jeff^WILLIAMS", "HTTPParameterValue", 100, false, errors));
-        assertTrue(errors.size()==10);
+        assertEquals(10, errors.size());
         assertFalse(instance.isValidInput("test23", "jeff\\WILLIAMS", "HTTPParameterValue", 100, false, errors));
-        assertTrue(errors.size()==11);
+        assertEquals(11, errors.size());
 
         assertTrue(instance.isValidInput("test", null, "Email", 100, true, errors));
         assertFalse(instance.isValidInput("test", null, "Email", 100, false, errors));
@@ -644,56 +697,56 @@ public void testIsValidInteger() {
         ValidationErrorList errors = new ValidationErrorList();
         //testing negative range
         assertFalse(instance.isValidInteger("test1", "-4", 1, 10, false, errors));
-        assertTrue(errors.size() == 1);
+        assertEquals(1, errors.size());
         assertTrue(instance.isValidInteger("test2", "-4", -10, 10, false, errors));
-        assertTrue(errors.size() == 1);
+        assertEquals(1, errors.size());
         //testing null value
         assertTrue(instance.isValidInteger("test3", null, -10, 10, true, errors));
-        assertTrue(errors.size() == 1);
+        assertEquals(1, errors.size());
         assertFalse(instance.isValidInteger("test4", null, -10, 10, false, errors));
-        assertTrue(errors.size() == 2);
+        assertEquals(2, errors.size());
         //testing empty string
         assertTrue(instance.isValidInteger("test5", "", -10, 10, true, errors));
-        assertTrue(errors.size() == 2);
+        assertEquals(2, errors.size());
         assertFalse(instance.isValidInteger("test6", "", -10, 10, false, errors));
-        assertTrue(errors.size() == 3);
+        assertEquals(3, errors.size());
         //testing improper range
         assertFalse(instance.isValidInteger("test7", "50", 10, -10, false, errors));
-        assertTrue(errors.size() == 4);
+        assertEquals(4, errors.size());
         //testing non-integers
         assertFalse(instance.isValidInteger("test8", "4.3214", -10, 10, true, errors));
-        assertTrue(errors.size() == 5);
+        assertEquals(5, errors.size());
         assertFalse(instance.isValidInteger("test9", "-1.65", -10, 10, true, errors));
-        assertTrue(errors.size() == 6);
+        assertEquals(6, errors.size());
         //other testing
         assertTrue(instance.isValidInteger("test10", "4", 1, 10, false, errors));
-        assertTrue(errors.size() == 6);
+        assertEquals(6, errors.size());
         assertTrue(instance.isValidInteger("test11", "400", 1, 10000, false, errors));
-        assertTrue(errors.size() == 6);
+        assertEquals(6, errors.size());
         assertTrue(instance.isValidInteger("test12", "400000000", 1, 400000000, false, errors));
-        assertTrue(errors.size() == 6);
+        assertEquals(6, errors.size());
         assertFalse(instance.isValidInteger("test13", "4000000000000", 1, 10000, false, errors));
-        assertTrue(errors.size() == 7);
+        assertEquals(7, errors.size());
         assertFalse(instance.isValidInteger("test14", "alsdkf", 10, 10000, false, errors));
-        assertTrue(errors.size() == 8);
+        assertEquals(8, errors.size());
         assertFalse(instance.isValidInteger("test15", "--10", 10, 10000, false, errors));
-        assertTrue(errors.size() == 9);
+        assertEquals(9, errors.size());
         assertFalse(instance.isValidInteger("test16", "14.1414234x", 10, 10000, false, errors));
-        assertTrue(errors.size() == 10);
+        assertEquals(10, errors.size());
         assertFalse(instance.isValidInteger("test17", "Infinity", 10, 10000, false, errors));
-        assertTrue(errors.size() == 11);
+        assertEquals(11, errors.size());
         assertFalse(instance.isValidInteger("test18", "-Infinity", 10, 10000, false, errors));
-        assertTrue(errors.size() == 12);
+        assertEquals(12, errors.size());
         assertFalse(instance.isValidInteger("test19", "NaN", 10, 10000, false, errors));
-        assertTrue(errors.size() == 13);
+        assertEquals(13, errors.size());
         assertFalse(instance.isValidInteger("test20", "-NaN", 10, 10000, false, errors));
-        assertTrue(errors.size() == 14);
+        assertEquals(14, errors.size());
         assertFalse(instance.isValidInteger("test21", "+NaN", 10, 10000, false, errors));
-        assertTrue(errors.size() == 15);
+        assertEquals(15, errors.size());
         assertFalse(instance.isValidInteger("test22", "1e-6", -999999999, 999999999, false, errors));
-        assertTrue(errors.size() == 16);
+        assertEquals(16, errors.size());
         assertFalse(instance.isValidInteger("test23", "-1e-6", -999999999, 999999999, false, errors));
-        assertTrue(errors.size() == 17);
+        assertEquals(17, errors.size());
 
     }
 
@@ -709,9 +762,9 @@ public void testIsValidListItem() {
 
         ValidationErrorList errors = new ValidationErrorList();
         assertTrue(instance.isValidListItem("test1", "one", list, errors));
-        assertTrue(errors.size()==0);
+        assertEquals(0, errors.size());
         assertFalse(instance.isValidListItem("test2", "three", list, errors));
-        assertTrue(errors.size()==1);
+        assertEquals(1, errors.size());
     }
 
     @Test
@@ -751,56 +804,56 @@ public void testIsValidNumber() {
         ValidationErrorList errors = new ValidationErrorList();
       //testing negative range
         assertFalse(instance.isValidNumber("test1", "-4", 1, 10, false, errors));
-        assertTrue(errors.size()==1);
+        assertEquals(1, errors.size());
         assertTrue(instance.isValidNumber("test2", "-4", -10, 10, false, errors));
-        assertTrue(errors.size()==1);
+        assertEquals(1, errors.size());
         //testing null value
         assertTrue(instance.isValidNumber("test3", null, -10, 10, true, errors));
-        assertTrue(errors.size()==1);
+        assertEquals(1, errors.size());
         assertFalse(instance.isValidNumber("test4", null, -10, 10, false, errors));
-        assertTrue(errors.size()==2);
+        assertEquals(2, errors.size());
         //testing empty string
         assertTrue(instance.isValidNumber("test5", "", -10, 10, true, errors));
-        assertTrue(errors.size()==2);
+        assertEquals(2, errors.size());
         assertFalse(instance.isValidNumber("test6", "", -10, 10, false, errors));
-        assertTrue(errors.size()==3);
+        assertEquals(3, errors.size());
         //testing improper range
         assertFalse(instance.isValidNumber("test7", "5", 10, -10, false, errors));
-        assertTrue(errors.size()==4);
+        assertEquals(4, errors.size());
         //testing non-integers
         assertTrue(instance.isValidNumber("test8", "4.3214", -10, 10, true, errors));
-        assertTrue(errors.size()==4);
+        assertEquals(4, errors.size());
         assertTrue(instance.isValidNumber("test9", "-1.65", -10, 10, true, errors));
-        assertTrue(errors.size()==4);
+        assertEquals(4, errors.size());
         //other testing
         assertTrue(instance.isValidNumber("test10", "4", 1, 10, false, errors));
-        assertTrue(errors.size()==4);
+        assertEquals(4, errors.size());
         assertTrue(instance.isValidNumber("test11", "400", 1, 10000, false, errors));
-        assertTrue(errors.size()==4);
+        assertEquals(4, errors.size());
         assertTrue(instance.isValidNumber("test12", "400000000", 1, 400000000, false, errors));
-        assertTrue(errors.size()==4);
+        assertEquals(4, errors.size());
         assertFalse(instance.isValidNumber("test13", "4000000000000", 1, 10000, false, errors));
-        assertTrue(errors.size()==5);
+        assertEquals(5, errors.size());
         assertFalse(instance.isValidNumber("test14", "alsdkf", 10, 10000, false, errors));
-        assertTrue(errors.size()==6);
+        assertEquals(6, errors.size());
         assertFalse(instance.isValidNumber("test15", "--10", 10, 10000, false, errors));
-        assertTrue(errors.size()==7);
+        assertEquals(7, errors.size());
         assertFalse(instance.isValidNumber("test16", "14.1414234x", 10, 10000, false, errors));
-        assertTrue(errors.size()==8);
+        assertEquals(8, errors.size());
         assertFalse(instance.isValidNumber("test17", "Infinity", 10, 10000, false, errors));
-        assertTrue(errors.size()==9);
+        assertEquals(9, errors.size());
         assertFalse(instance.isValidNumber("test18", "-Infinity", 10, 10000, false, errors));
-        assertTrue(errors.size()==10);
+        assertEquals(10, errors.size());
         assertFalse(instance.isValidNumber("test19", "NaN", 10, 10000, false, errors));
-        assertTrue(errors.size()==11);
+        assertEquals(11, errors.size());
         assertFalse(instance.isValidNumber("test20", "-NaN", 10, 10000, false, errors));
-        assertTrue(errors.size()==12);
+        assertEquals(12, errors.size());
         assertFalse(instance.isValidNumber("test21", "+NaN", 10, 10000, false, errors));
-        assertTrue(errors.size()==13);
+        assertEquals(13, errors.size());
         assertTrue(instance.isValidNumber("test22", "1e-6", -999999999, 999999999, false, errors));
-        assertTrue(errors.size()==13);
+        assertEquals(13, errors.size());
         assertTrue(instance.isValidNumber("test23", "-1e-6", -999999999, 999999999, false, errors));
-        assertTrue(errors.size()==13);
+        assertEquals(13, errors.size());
     }
 
     @Test
@@ -824,17 +877,17 @@ public void testIsValidParameterSet() {
         ValidationErrorList errors = new ValidationErrorList();
         assertTrue(instance.isValidHTTPRequestParameterSet("HTTPParameters", request, requiredNames, optionalNames));
         assertTrue(instance.isValidHTTPRequestParameterSet("HTTPParameters", request, requiredNames, optionalNames,errors));
-        assertTrue(errors.size()==0);
+        assertEquals(0, errors.size());
         request.addParameter("p4", "value");
         request.addParameter("p5", "value");
         request.addParameter("p6", "value");
         assertTrue(instance.isValidHTTPRequestParameterSet("HTTPParameters", request, requiredNames, optionalNames));
         assertTrue(instance.isValidHTTPRequestParameterSet("HTTPParameters", request, requiredNames, optionalNames, errors));
-        assertTrue(errors.size()==0);
+        assertEquals(0, errors.size());
         request.removeParameter("p1");
         assertFalse(instance.isValidHTTPRequestParameterSet("HTTPParameters", request, requiredNames, optionalNames));
         assertFalse(instance.isValidHTTPRequestParameterSet("HTTPParameters", request, requiredNames, optionalNames, errors));
-        assertTrue(errors.size() ==1);
+        assertEquals(1, errors.size());
     }
 
     @Test
@@ -849,19 +902,19 @@ public void testIsValidPrintable() {
 
         ValidationErrorList errors = new ValidationErrorList();
         assertTrue(instance.isValidPrintable("name1", "abcDEF", 100, false, errors));
-        assertTrue(errors.size()==0);
+        assertEquals(0, errors.size());
         assertTrue(instance.isValidPrintable("name2", "!@#R()*$;><()", 100, false, errors));
-        assertTrue(errors.size()==0);
+        assertEquals(0, errors.size());
         assertFalse(instance.isValidPrintable("name3", chars, 100, false, errors));
-        assertTrue(errors.size()==1);
+        assertEquals(1, errors.size());
         assertFalse(instance.isValidPrintable("name4", "%08", 100, false, errors));
-        assertTrue(errors.size()==2);
+        assertEquals(2, errors.size());
 
     }
 
     @Test
     public void testIsValidRedirectLocation() {
-        //		isValidRedirectLocation(String, String, boolean)
+        // TODO -		isValidRedirectLocation(String, String, boolean)
     }
 
     //      Test split out and moved to HTMLValidationRuleLogsTest.java & HTMLValidationRuleThrowsTest.java
@@ -1011,7 +1064,7 @@ public void testGetCookies() {
         Cookie[] cookies = safeRequest.getCookies();
         assertEquals(cookies[0].getValue(), request.getCookies()[0].getValue());
         assertEquals(cookies[1].getName(), request.getCookies()[2].getName());
-        assertTrue(cookies.length == 2);
+        assertEquals(2, cookies.length);
     }
 
     @Test
@@ -1040,6 +1093,7 @@ public void testHeaderLengthChecks(){
 
     @Test
     public void testGetHeaderNames() {
+//testing Validator.HTTPHeaderName
         MockHttpServletRequest request = new MockHttpServletRequest();
         SecurityWrapperRequest safeRequest = new SecurityWrapperRequest(request);
         request.addHeader("d-49653-p", "pass");
@@ -1047,6 +1101,7 @@ public void testGetHeaderNames() {
             // Note: Max length in ESAPI.properties as per
             // Validator.HTTPHeaderName regex is 256, but upper
             // bound is configurable by the property HttpUtilities.MaxHeaderNameSize
+        SecurityConfiguration sc = ESAPI.securityConfiguration();
         request.addHeader(TestUtils.generateStringOfLength(255), "pass");
         request.addHeader(TestUtils.generateStringOfLength(257), "fail");
         assertEquals(2, Collections.list(safeRequest.getHeaderNames()).size());
@@ -1128,12 +1183,4 @@ public void testavaloqLooseSafeString(){
     	boolean isValid = v.isValidInput("RegexString", "&quot;test&quot;", "avaloqLooseSafeString", 2147483647, true, true);
     	assertFalse(isValid);
     }
-    
-    @Test
-    public void testStandardHeader() {
-    	Validator v = ESAPI.validator();
-    	boolean isValid = v.isValidInput("HTTPHeaderValue ", "mary.poppins@gmail.com", "HTTPHeaderValue", 2147483647, true, true);
-        assertFalse( isValid );
-    }
 }
-

From 5af6228f186c6bb10734db99c92aedf5d7c644b8 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 17 Apr 2022 00:36:13 -0400
Subject: [PATCH 809/812] Updated generated PDF.

---
 documentation/ESAPI-release-steps.pdf | Bin 247566 -> 251975 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)

diff --git a/documentation/ESAPI-release-steps.pdf b/documentation/ESAPI-release-steps.pdf
index 1b2a03d06a282e8d2a7e3390dcdc6ed16c233a3e..04a9c1027ba9f789534c0d5dbdd0bb30c9c78190 100644
GIT binary patch
delta 105113
zcmV)NK)1h+jt|GM50FcLON+xe62AAZ$ax_dt0cc57?MtM*xNwE9EQ2=1NN}6bJ@SY
zQk7n|O0xTDcdu!vbR0{T<?mBHRFbQcIQ;kNKZi>HH3AN84~IYh{`A{l4*#}CtHYoF
ze7e3o_43pl+De_e!^__ezdXc2G>4ae{C=*)aD;OOgBG$<_@y3y{&@N8)BWY?*GVlx
zwkP1LX$DtIi*+=^QJ$-Akfz$6YQI!<C5K~U&%V&d70;K|^Wcl!%)fUp9$JVBKdK9s
z@9{KKTu}R^z-!lZ5;j4|s3Fv-J6%HmMmH)3brv<A+@NfI8$>5etHp&ruJrMo>luJX
z_es;$C+T}eVb6$v8&-EU)rzyY51nc4LpRiXmG(yT|4`{`=uh`e_fJ32z50W~*3top
zPX7op*Ps?OHkukv{p3jj-TFnBHcf-GeLCT}jQUD959&dV`;^cUf5}3I+99ixqISSR
z2nRe<SpUgE-=9Ms-KsLzQwBf6v`?6;WHDLu^<S`>UGDOKi=~ho{m3w=mWpAJ8JJ)G
zm8Z0*-Ov&!_l#YDe7zZQHynPL|B%hZaXsj?^pmK<`FKKLz8==~Fb9MCD)9g_G~`Bw
zt}^2>*T~iJvCEyApTgk;?Q<NiM4~peWrV~%qGhD4VT5#!Dd_1<2kHD4Nhvzwzhk-9
z@JQj_>vH6OulWxRp2k*mp^IFzCRWwy)^crLA6UEm|B>@NOdvYL!@6ryHFX{HFqp!E
zv~1v%v7aNF+CpgClN!C#aV-4Mbi@;&8jM3R_**0Ge5IpD<gG5|86T-$OI>4?Q&|8i
zEwWZRG)g<5?2WGeK!2*-g1Y)VZI@!nc*7-@X_;t$4rCejm{WYO<Qr)@Q=U%i3}x)E
z#51M+T<t;wdAxw(2Q+*Q7l&hKwWK6I-G*^-YJvzZazycG*UnLaMjwTCtb^(L;g*6X
z7gut+Bda_bO7JIB47%L2kd5NIc6I#!SdNrfkvxexR@7}q_fQ{QN31AYgU69M2)#p)
zE!9nb$b{aVDGHZhEZ)4|cbj0ox7Ra$fDQ753;0JocN3D{tu`xJp`OKaR;UzxuGdxv
z^Us!_PMzeL&QV9nWYmLTw&6&RIE3d>FrxxJJO{*afK_(rWl9TOR<skJ$z#0pmyaVV
zcy3GF?1NHxo;Yf;3hKgXw_#M9Z~QW~lH*Z-o$JE&k+yLRf0-^x9?lu=MM6NAjEV%2
zNKMoPvXTYk)r)A!kO`I$=?g?;(YhifVHKEDW?<bFJ-YYykdU?|kz(`Ohwuz}5JOuV
zuZFqp^`W-Q%_*1!Cv$ufsuZ6iuurUY;!We6e{Z4%k~wWbEQ*e28!wugZOi(PY?r%#
zd_Uz&oK0YVhDV9Bs_zqJK%B*khA4xqoRx<G^RYYSt;3Nw?}#rkZy_z^owms7LOphu
zFge2LIB}K|OW&t;bY5>q(Ftef-Mw`fEK6@Fj+z~!3EHh|Y+L6;hqCTY!1n9<`1uSp
zZt0`IjP!w=r7AL`t25e+I>1L7WbMI!c_(C9qtCnk!DF)6uP5Jwbs0lgO>9iCzD^q#
zokX}x!StAo_m~@yWUr*u0_SmwI2sY$!rqZ3nhMWzqyx5p*T?kcWeMU*kIq57txAJG
zyf&Ct9<cpr>!A|Y5L~RIV#3myA^J1DC0SLcmhGd}L9k0kex$NU9{O1}MJCmMO-WhE
z_5;kQ`PjjX!J=lSei)9aIJo}t43luG*}hvJO>3cY^B*PJBu{dVHcAu~kbIp2N+(T5
zv0+CnvQUEgpP89?TZm0V8rb_<ABwyD-t^Bg56nbRmP#@^6;2e?r3;!1?p||Y-hJdX
zw4OSCLWeif%B*z794m7{y&kQ9F{ZWaKjdBh1bTg?vLwpps5eJh0j2yqG!dt>prffN
znxdr{D{+ar>n3D#Tow<r9!UA{LKJ>@499*{e-qBa6Gkn#c>|XwiQ`$?8)@61w4;gM
z(nOs8zbVBF3-O2sp9j~kt3&*olcdZ5rpJ*1T9g<d`z~Ql<XM47he+*zzY)rpCz|O)
z^5TPg;4n!)TnCTAQs_<iNTJUTQZY{o`KX=gF7CG1hu1E@nl>B`kT#Ib10&jWGUIN&
zCIg5K6GZd4@v<l~4@uLQpaJ~^Zzm(p`j{#PpH)Q5xJc{Oo`@kTAB9CA&N7Opn0;QW
z^qNJVoJQEgSa37CW^!eJye8Hl^-03h{vOtd6-J57lT)oR?72txb<i%OF^8%-G&X%E
z!I^sa;b#=m8HXu&EFgVMAev?Y=nS?5o+CmbaH|1a8d?E!_QWV+hHcW-<;H6zPm;gG
z)kmvce)8D;_4<Ip*&+tks+3F}CjaA=vLBPR?~HuZH9@tE2Izc$kWDm(U0mx|$I~u<
zI+M#(WI(xyii+71f?e0}pjbFWc1lo<V(N;sL}i!E6pW+n3fD}#SBJtbw=dTsC<9mu
zy0vA3Lb^9Yw0Z)g<I`OrrZc?kLh?+|{Po%63llKh#oX}_v7^gRVir-Z5`;!3(fh~{
z&xb(X69G|BvCm+CivavWG&4Oy>ZZKYk`(E-1gaVbbnWvvI`qxvW2TvyxioKXXOwr%
z#(FT$WGm$3Yi7eSu2<F{D8IYh0*T(uGX@#NvwM+e(5E{HykpA}%-xLgO?f7ak~c$A
zCw^DL63^T;UWg)IHtLt%E>3BOi@TZi;kC<ePP{jhGE1(1IZ}4%@_%;C!@{hi<p$hH
zJq5LNwV(1`iAOzqW9!3km)nu=Wn7LqbBt@!{Rh~!6p`;xh0RO6TSdan)*Nw__>A_<
zu#@rus6_4TUInHu+z4XU*oBK0rhpJ`C$YKhS8|rG>jov`iL@|%l<q-MNMlfJXRnXE
zk3r{_wNVa#<M1eRqfYk};1^-Mk{jf-FG`4*PUb$|jp#TAImWfmln9wY>@E;?>#wj+
zUlTSyc1uP=@G{iHPS;XjTK?(^BS$mlRX(PX+4W*ka{P?VO&2XfM5ZhD7rO$gfLsBU
zvFn-Y*B=aaxy!f7mGuC_CJHc@bJ~oLT}p>2EgUL;xFX6<-YPYiec6SJAVY&YsN-Dh
z+`^)eOe!vBV|6tO_1U~_cgez@il$@O+gu$oyZllDy@pN<UKY`*N*CZq^EJZcZxM7a
z@yuwHqqQvJ9NA-GU90paNt@djuDE`PYyA4K*yZ=8Vwq<Q<cMcktRl}upDyE{+v#UM
zlmFp=cIEbSh*82rJ@GHh<Yi{PL3vV%QJ2|#J`-w;?o~$b1wo}J=zTO<-PfL4wy&0H
z;5V+XRc0_@uev(0w?c|dDLd{_Eh1r;+sGj(yJ+cNWUbNf;1$_uM}~Me#wceX>^5Qz
zz7UQpY+-^9E4y^a&sV9`@eX?j6$S%S0a0atX6;e7`=t_wpG-HdkM^G}m#`v-?m1R8
z%*F!IIyp1wMlqvkE1so0DI_Zxp1t)Ky&!7o`nv4ot2oK{W?rj%RJJqh`z}JZuFaTl
z{q5%s)vh;;;c8tSQ{PK&K`VWf{$k*;h^ckDcs+8~n0GQov>NFP>u^Pzbx-xdOm4Y<
zxdmVwv_4XH`F-UUxVwnL9P$knXBMTKcWow1a>Mk*vt`}b1&l)^`8Os)XY?Oa|N2jL
zmp@f*fvBHDaE?ez2oB8d2x4$XZdfZho{9yt{xSqIFv#JvHd;5Q5iJbP25bBaSZPUe
zX?1Sl9RM>^rY<X=*7_%#6y{&EVOC^Pvt6`0lD~`GB3HNvYPd49KSisw4LQ+;21~dP
zAT2_6sUiOLWoYhZ*ILz8bE?yNO*Q=fYPA6K3hlHZQC_emTGsQVPT=a8_Q9`*{{bFV
z!R(i@m;n<EGaxV^Z(?c+GB`LelSB(Yf2CSWk0iGZzR$1dvw`V|luA_vEE?!%fZQAp
z;KL%P#10U|0lXLgeUqXd)T63<Hapm^t}2P5$d6C8Il|$Ox8Dzj{ygAeUh(klm$#pP
zIQ;L;92Zaj4(;{Zzu#s&0GOjaIKLbKfxdnF<?!nd+b?7Z!;>!`G>q1rjXN%fe~*71
z{_>z%{_yeZ*DnT6@A$<a{aNEq^mQ_xFLQXlnAPCvA0K~vyMMg>I3nt2bM%=g2+_w0
zzTiwB=Eff=m;346F=6^x<+0}{;KNdu9>FY+WYEHc;>a);fXB%2LQ$R~&7cpSe5bFL
zSx{>+b)?rzoP=<4@vAjF{><|Yf8V?5^zMZUUYRtMJ-~8$pXHrAUPljuH2I5*tftrU
z6!jC{BwRD!L?FF#w9zC0-biMjhGLO!y>tG=C`%brWR%3HccsP%D<a+dzRo94pS8~6
zoQR#vW`aCPrLIywwtAx{PeoXXSx^#|li|Lsc@f;$Jh%*lyOO+244gP9f6N6+_L`Ix
zWTp9?38PCwlqkm+*;k-|qL8KDiflse3r6SsFo~wny(a3Q=ZW;@Q*9b$A8=8Kzn!W*
zl321R%JSiro8!v6AaKwbeikIyu_T!?zuPvTTiO3zWVLEgF?S35r=kOqv69=R*lw$D
zfqsx$dh?!kZI+}Nk;kpkf2|Ub0--5-76}(CB9qWYpA}8y^U^Q{%!U<}hSo|}$w@gE
zJVG_XDeG0{%cLKzUN_7i9vNiW8!Ny*fdS5)FKGD`TUhcIQNuv=WLshT)6l?cvyYxc
zAhOhsAn6}!B}+g$t@>X0QxF5w$ZXGXwLW&_xN0Wy4jSiiX;DoGe_EC3^48|=VfM3%
zpSg*bInY=YHfkpk2Q1Y9r8$k^T~q+}S;2nfFDmJR|5>4B3D&TW$!W2@Yuff2(Lf6W
zB^-*a+!aeQHVY132{Kdq(8i_ivjfkV%sIerWXj>Nq3!G`A$#tkQ;1-<1l6JcQz%si
zgq$AY#9{>g#%Ur)fB5XrRbn<}gGB9rlyAH|@hg*G8^7|!-cBF?sU{pJ1FKKdCdzL6
zX<y?;yxQrM6fST=D4(s*l*uI(IE!f|2kFz~4dEoRQQ`^@yo93=4^dwcJmC_br$7b5
zRZ`z2GNCzDqJ$tDO81LA{`uP*XX$@bQv3T~-^}6N9M{8de+R^g-iMq29)9XHVhtSK
zP_|@=CE$#bpT;oyWU7N=?Zh_nff78`L*-PIk1qMB4aCfK0CAb6oSfwQ6sUGVI=Rl#
z1RApI%Wm0HdwW;2f2mw;6T?cP5(8^nljPKQ*JR%-n^j;_1&`y!pSjxrp2ppp49)^w
z6>_TNrpv5Ee*?MP`9Dj7u{+aF^Y+Bc=kUl;O3$gBc8&Wf$D6etNxGd*RcdOkc?Oo^
z^Yi|+3gC4z_{@11<mY-atEbAOc7XuUIfzp7M)BmNby)YQeC}2!J>Mmc&20^n#%k$t
z>Q-#8t1srKz&P(p&&`(HZ_}Q+vc^_(V;(FwR$OY$e}raDd`_AS!{klr-w+!<Y&t)%
z08M|V;^~N#&%5rbxpdrPN?baQ%ixF$6`6O5P-?aeh<s&dzGNi_F1dyX8)SLL>wF?{
zFR-K+0RZeH!|sEzdA^g;XQFi37rI$H-xX@Ds%a%@7#R%*Yp7E0+8^&>Ah{5M>C$*3
z0kZh|e-hZca`7yri?vs<{}ioH<a6WLpfmFg8Qax76>>5l%h5dX^A1xLvvbNkt`Ve0
zo+Va^AnIbqm#3-2wg(HlPQ54ltcptFQ8h%f*Wd2{=r}jhdt$|EU~PE*l9fd%Rbuvo
z1-2yDcQ1E(O0UPiVR<bJURa?_LsaV&c&}Mve=5+sj1|aXT(D~sUU#*=?Dn#otfadi
zrWwW1OAk*oraG5np_e_SvRPGz!DuUwq(C%PmaE&3DqB`gs;#?qduh<688s|+;%yr*
zyMnkdJ<g~$oL$6#s~R|=o!@nYa%P@5)W!BLFnr(eRvkw{_$B2ur7Isa>ab{|Y?nd>
zf99-5DXmItbFG@2%_0wld(>iBRZ0}Vl9QcJXUDHLr+0l*)-{%vmFhk%tv#3Z#o&YK
zdp5v(fmmz#5vOB>Rz3Te8x|2(zIzt{Q{U`vgTFdL66g0Q``>V6qup%#mw2voRo*^G
zdX|xmW$#CYPY1JzGYZE($A6{ZM?%&{e}|m~Acg?$1luPJRY%9p?ubL#f2yS;ySfWg
z*_=f37`;XjL2|OH#}cq}SH$X(ElC<UXvgTyJnhH8v<|v4b-OFz()QhV0pFCv&a4iI
zSOg(v$oZI3mLQ42wigma1_Pu+6qppTVTEvST}J+rAV7i&(h89^3>6o2DJJSde{cL;
z>hyR_I%;zjIlR#3vNUY7&4rZp*`Z8hR;gM^ZGdSH8pel{Sjn@TGx4?oT7Oz>f3J=$
zaXik9ru)iTwGZ3%fY^8R)j3&39sAm+NKQIKT^R49kZ!X|!8^!bHWJgpk*ivucXicK
z>REd(cs#3<p14x*jaq@?!rB!#e>&xxYGEoUMK70N@#68oD-7=H-Ylc@{<Iz4(V0sk
zyK$zaateiy_Q<?Fk?1u%PFt`#BUjy-u5ccQ#ZrFh^nA|wY8%*|oOplYga$hw<IX3n
zqiDzgRM)Z=h7uQcr`M^f+S4<x{kfTNo*S@yCwNqLu3IIWWvBu|CGkm(e+=lkkB`E#
z2Aj5U^8<o-#!{Wa?Pb3&Zg1PMsH&ovY@@ZPXsh2tbAJEqS3AmXURUTmI1LN_EA6=Z
z&BE}f7^;WgIQl0QHTvl|3j;2m;u(<Nn$drfH~m@T%}m#Yu4{Y3R}r(5`u$qmO>oZf
zTy0eLQaZTBprbSZk@AGhf1vq(1_LoOA6-K%5jvX-5xJThUGH@N00RJqu1KX4f`f@h
zuHYFbu)xZ5xU)*{&SX3fxYD;9c*B24Rx<GqJdp7&Pi{ovYG!0<tW@(%^qnZ9qw7Qg
zYlm@IUCTInVuHX(gyr**md3eW8W&=94U1!DCXWVwgT%msKmxFVe*!R@^p0l-`Vcmb
ztGUv~c@{s}XL-pjWX-bik%7Q8o{_RByy6Y-^mn6sj}MlLutlG&R7&Kn2@B6b?vANg
z2u!TZBGKRmGg1-+Xr3@OO_b*kK)`b1-G*IH%m963qSiXv&18YtaApbTT#le&17K*T
z6$$b@5QcUcaJbC?f06WP0y)A5sfkr`1z#`|ls8*sxxB!d6WU}mk>V$r#q6O5(h|j;
z(IJ@+KVc)u;11YihQFK5h*rahX2lb`d?h8ber6lq?y?WQWuMS;4OYyO4G4<{<k>p+
z{97mxo4O<S4C1d7TrQj-*VSh8h+{IIyjw??XN>un!tZtl8;qFpo0y#5Z7qs3NoGVN
z6nL)8`|<E6E_kSdm$8@u6AU&WFd%PYY6>znHaU~h6+wSJkK;BF?folUAFvLGq(}-_
z7_eozNO!;jDS~v#1xOJf*W~Z#%?!UJTk>6!U98rm$eA}E96r+KM904me;o~e1KDF7
z?eXhxho3$j|2&ve3ivs$|9}1c5be>X;pC4#q@#EKG+@^8%O`$8CY_SJNaHEA{_mTh
zkPIukejI<IKaIyI<34^p{&4r0bo}`8Zk+MP*<`FqCYX@|MHA6$opYWN4USB3-Xx15
z=rMQ~&BU{ux6uSUlsWQ_`v+sW7w?EhJni}8kHh?N`1}l17>85*KSAL++3`PuO7;QN
z%~_tzHbWGi(jFkpT0=?10x+vZhoyn;#Q^*tX#jsfd0`@rHtnhp9LJ@4E58?WH#5Y{
zG}{~glPW81b3rT69sQHD05tEa8N!wty097-mug&s&5-K|fBO#f4jKAf^wf(6;z&{A
z2bY-$1+P#$vniT-=ll!N6tTh<qV1gnN2`!i6oDMr`>sIa9|RV3k{J+c*_)grc9hJ*
z6ZwB(@HsGYbEhk@Wi<*!bafZvurm;qAr^AF@4*>HI=K~`sim$0qUf#yghf6iuGoz9
z04Q=2$z6ppJt&;v#v4QisFH>FsG1_%RFzaacU6VqWM3><FVTxwn6QHD2;5v<hn|rb
zNL{o5l-PP_WsOOAT;S9PK>NbggMENw*S~*sg}}K}$WQ{?4p&QMfv=45fQ)R|Rp&-*
zM4Rf|-9&HXQ>U&ME)I{9aFKy<O1^No4X;&-gTGCsW_)^~l-w(oSOedv(h*0Vqy9pv
zF)v*^eydV5$`%y%Rr(b0TqwmhC!%$6v^+!)Y7~XMGOxTQQNG7r@zHIGUnAGz;B|kI
z@S5bMaKng@S14~u$YhTVn<h8mNnEYW&FhX4?QZ7!VAiC>dT|-zqPAkqGRX*9d(}=e
zf_}&*^}<q6rTDC*OEiMkAIo?rE)!Ddy;JprQ3nS}l3X^lAW|(8)D;fPtM<;-n<Fee
z1N)6D9oiGaFQ!SMS?Js~!_wLeC<=eVgqr%<NLJv}g*R!m7@X%(++s5pn>jWfiZcEt
zOI||W(zQh(XBh3%77(%xK4HE0sBA2ji5dI=a#wo96Bm~~0b(HUd2c|QsluJj>*rGP
z9JeXM4NfX2-rjkeGyxpY?*Vn7cf;ehq`rf9)OQS#d8UH2*eMM^dDK4naiD*1EAb0w
zQ}66Tb5#u|BFWakO0YIunTOti1G%dhgl<JQmeFTrG%G18oVt`OjWOC+-fR&Zu;^W7
zpm<No(uy6+3Tvt4LHywV*$kZX`w8Vh^)~7~5^6IxQU|}oN=>rw3Bt<+1MjmBfk?dc
z07mkii&tBu0PM}Y2$l4@WafXCIT`xJa*=0gD1zqVF$NVWlQSCjfPqP^fo+t-8}laS
zObA@%P+AnZ_>+cKNy^xBWIbgyM!C(CEck;(`Oh^22U+lmFF(H<I$I9(e17xq#-HEN
zx}E7Am7een(jCuuq};3TDV^WqyG|oQhn@Hp529H{_$YJRh^%AaA<}>5<lz>!XLJSD
zU0&SUcu`&ejzvjEHtS1is0100%+fB)jcW!G&OyQZD@$<vkkO%<O(`QMr^3}N*K1sZ
z68I`;tk$UF^IIx2ic=X|Dl$8xsdp_tUCzIJ{J0%TM~|Vr7ww(<RP0a{XlI7t*&)99
zeOv|B-p<)pwa2a_%H)4Xo7ZNP21UJ<S{yaEx&)DN{lpxH^>7us$cfaC?wy;}-j?tC
z+#0KgvkR(9*dp_;HQQRsKN#6dFY~%3KrOh%pKG7&h8KrpT7|bINVf_*!<yymjKiy%
z<f*1ZNzOH{lHFs;>aGYt6O55$(6)n?HwwL+hYWn}{G!d(PIZ6fB8)YeU%4PBN8mNo
zR_xU3hZYUBf(Ikb+c?{-7j-&Jss_@Zmg(5%pqw!KD5!PzJT6LM@1$Bqc5}hlhoz1U
zsQR;t&5Kgfv7}sAc$>Y&xK&;XnzjQ}(1NjLaS2VG-3odqXT2i3P`Igcd|9k>=g)<^
zB+aG@rLDoLKUaT-Ti?^A*R6u+oWAlvm(k68PlE*#wHGXG#p{E*orHwc9Y62uPOh8+
z<vUVk0(?J0W4X}ecYJ=(lLxrdC_Eqv|MFDNr@|o|<_scVj!~8xgJ3P?RI$eoD6UU$
zQLldmkQ{u3cu>2R6E+24ti+Ua>*8t$ENGB3xMh~b*8qPmWO^f`<YGY1X2QZImduCk
zd^;thc0q?VF;=f6{P6`Pi>!Cr6&kausHQC=p=OnXrurAYjjmiSWC_dI@QpaAqa34l
z!47797qC)4P)-HCo6ILOKHCbTwL?b@9dlKQ0kc>pmX6PQ`3w!(h^V}vgk=50jliW`
zhxJ0Ya*=<*^8E-04T&-GQH137Yjq<iH=G*@WyI{%3{!va0w-DnuSfGM&Dn=fye5YV
z+rCfW{L}k`rQf_<eN+er=P$lIAqIhiO8z1UPe8%J>Dd=S81@_~&Lg=PxCsTP!_XYN
zVZ3)6)^Fdo^MqK>NOcc!Tq7NqHcPTUc>Z{=Z6hxv`MOo^;8GmCALPE<>jsX2cprNL
zq~~;{&~GWVk-uAeB7?!gf;#W>@gI@E>BpC`m;n=$y&VbyH8zvU9YcRfkL)xMzR$17
z8L1mrc}t|HmXdTg5;tHZ4u}(*ga8RH{C%qI*e*Lxdi0pqWD>_qtzRuY>I%cZZ+{Pp
zJ`Qm36Au6U^7j1~!(VUeIy(9p+Q0w&_U3VLZn~PmxN)%RYH88%>lcUP@c_k3mv@>)
zr+NT-{r>at<<ktHhWCG8KbbjwZtuUpJ>K8G=`D1lr30#kID>^rp>oQDRjbl4Dg=k1
zJR(>P3UN{s&2i}I9yGlJujvjaP3u6>YE*Z=r!h}EA+MyX59{ff&!BxB@H<6MPVp%d
z&!Q8(cFLU+PS=L;xFKz~z=O%6UkhU(+lC{<<}_wC2GRnX8p40!Zew@?N3)EY42z)1
zPSI(kvjLb0jb>8~0RLWfS2Z-PPbtoHmO~cO6J}T>6-BfM>>EAycU6y5ff;jkaRCy^
zwBUzNc)yuXbP#+}ce;SPT`=Anf4dmok*+YN2}G~uKc1G6dU!?{j?)$uChD@&gXRJ7
zV4N(Lm@t8M%P)U1ZnHg&abH?L<<qB{P`Ps<Lre{?Hd4ZVOgt=^x3qZ}o^BT(2gR0v
zJc%y~Z<ldflo_p81VKuo4kj0d!V%;4=8|MJMP7b<|GKMw=gAC(Hg(b_@j<)C^GQX_
zHS$9^e-dx!qrENo>(sH7SEi*EU2D^dte7HuU8^OCLf?P0!4XlHsE>3nO|WaDQJTUQ
zA8Cv2$jxM<S?HwcZQ6RPZNqF9OYgMdfu)#~yA_M%wfVg+gSZCclJ<!DadQ<PVW+~3
z5=PhZu@Q97HZ@6Z@;<e_ML!b!+>3+7V|}u~Z1CCJrgK+5u$gE9V0Yj`fJ?x3n>ubE
z4-KSj41s?aG+<O#oVzD@^AmVP-hFb>@JMQ)S<z+hg2O;ep`;<@C1%89*W#ooQKF#T
z4hi}~74F^|bm9U!O#EMHEH)-FaEDMKEC>q-!X3{IK*0_I0uwSoK!iJ1T~dC9fGvj?
zDUC2l+_~D@vykO3n{twT>m_QVpwV2Myw-6_%(#Cf{YQhF8vp2-snGWk$%#)wLf4Ov
znen7nabVQUQU&Wa{%l4BwcQdj73&vHnoV8=`otADVIDj1xmQv>vlTnKJy?7`7)W$G
zNCUbaJqwdqJNv{X(HDfZvamrPxlYHW>zH)RfofvO&T$2ltZ6}Gpl~}&9rUDX@t4$L
zxdneIz^e?wfT9ectHEp<1(r9)4tI;@VDvtFu-Sd4;+DQB(iFel!&f%VV2@cfUg%|K
zxkdOLdy+{Tu~?jKj*AzwHV!vt$DK>wn6*|#jAH5n>V??}a`rhyl|G0>T_jp%6If1i
zSfg(#OTr4SUWx6@T%v+;y82wI#C#Iiuc?2`(p*v~D#*Z7ZAeKfjjdco0vByoaX~j7
zmO^2BGfk8b*Y;yn4V+O%L47DQQ!B!3?b=5fXPda}Fy8JkKk0lGfYZQPU2}ESU$Ov0
zp(11?(gL?f6@q(MUAV{rD|!aTy)SaGbp<>R_l5w#{6Ce(S@DV9&=Wkl2G&3tnnHi8
zVB}|_@l5&QS`nfRFXS$RHfrP=n?@9o<<-jM(P$uuw)Qlp!#f&3J;wTEW0_z3d7sl`
z2nua;OrSONQ;=H)0D8p-RVcDC0kJJX;<_SjqUdUon-zG_G~$`McN}eghZ*l?p~C>~
z2h^f62jm7K)e~5sv`4tEr#urnV6%V88Vus(b3_)n{*H#NA?h1(<^B||2%!yxYE}z@
z++=K&G#Q>}Yl+su<rJH!dK{h_*#JX<v6khNm&Rk+IUwke4>gX=5MtAeM!6#e1X(BB
z>(RE^wY}A)t4KGh<Q5~2$c#$l!6k4R2uR~-+jtuhMBJ8FbbE0vRHbIghM|8Uc2H({
z5<YUps#BI<@C>W^|6YTc&w%)XfHoL^evO=9bHiL&lvV5S1$1hH5;*a3hn@@rV9_%m
zAs6bE?mfGd_IgYXrdM_?O%A4>^g**yJ#5U8!^Wcx?odoP75V%^hs=xsu)?anS<FID
ziyrl89_nc{K){AO7<#{wB%Xit-e}Lh-jaGs3XVJIIPiM2(sd<Y9JwEjN_lgq(I@wg
zNm2&bJ52}~+*AebPpdggiNg$%M=<vD3LhG;p>xfsKx<F^njEtQ6C{51gE&=&;n?$s
zq(L%ckkC(VT{CHD6KTdVYaDPip#a4>C%jz%xW@q}POZ`KsfX|#C_{hBdm6+crj89M
z=*Q@Q@T|E*Ln2+@kEk1w;>L%l8*@kKBh&>+2Ag9`(kIlB{hb;)TARd@u~N?&26o_c
z(n<3rX+Nx~fDGBlLrYC{j|J5uLc`H|!`W+(XjwXbq{kyln1WSxpQ^M-n!J&tUINL8
zr={I3;n`p~xqx);UhseL;i*+OCs+B;3izL*hT2MPS-drUpsKLz*Hy2w{n!G@QRWP@
z2`N&#+cdaSEVWIwaNL*>aeJz*j^t_UxlkgPmu--?T`4S~j`dY%sM~)O^-bNwIO)^%
zT9LW*ECS9p@S;=m+P;dcKP;1-!50~I0`%1?m|UfDbUTksm6Cs{YCR74DNl-5BCOj`
zj)D#HnPnPsW(RX)+wmKcEi1EWp+E`TD9JtCZQWd@HBr<6{YJy~E`2e!-9_bW`D7e!
zD3=Y<?aP<Bs5}VHWTY^U3=Ri&lL-k&<l~R5MQRm-USSZr{OL~$W^VYm()hPuy{X~C
zJ*__}g&!%bg@=DXhVS}F0F&RD#YwZO?Gg(on{vh|Lr&vXsUIWO^}d>kwp6R-AdAhe
zmD-=FX%KHkuI^=y-1wMmmu)0|yfxd#p3=G!t?*qyl3!POIdF(8?p9f(Su*;SPHYkF
z8UDklcldwSTIqCFA`lnvlU?LaY>VLu;55SZr3*D7ko<q}ltHh0-5f59<9|$0>iq<t
zdOK9TBBkOJSF@a)b5c#&t!hf=SU6L*xZT;()1i9^9U=br5WD>&h%@Fav-3F<FNqzC
zM6(1o<mGQ>@tL3Fm$=K}_ua}-4!hfzckI()Dd}}RLV6|j(V@r?(%XZHB@XhsZ-)N>
zMn%S93T2nGm;n)!{3Z(mI5?9DCqaL`TFZ{>HVoa*S7d#GNkvMQY#<0=C-I`Y3k=Xj
z(On-v7X^AZ{r!^Ei?(bhb5Rt*B(^M3Bt;z_(PPeV`seNMlcA3XJcR*I-+p`h>C5Ra
zZat&N;F{lWf4of}Zvkm=F#a4)AHSY{nDGSe^zr+}Oy+U@`19@Y@%Htpklufu`wbyK
zU!c3f#q?&l`U~8y?{pKW1qNfmU*GX!?lcWG!~N<m0Pvs&={(C*j8D<<9fAlL>9KM0
zcuGx3qr6=CGKU#x7Np)h9<L#d0lfb5@nbd1l|SVVANq4wOhGZlOlfwK;f`g1>34*X
zKRWV<NE*cM8_6SmSu?iVSZROt<}Q86`Y!e9(}M@ypu^4pdN8cboO~diNq`rJsP1X1
z=qp!5<A!8%Ac+ssL#cq>wO{HD$=xJmGTov-M*T^R*e=7cU-(Qu+T$Kn@PIhW^-()u
zqoO7*ue>zib&wTz=@}_Sn)UJPJ#cGkOk>$C^f07BfgVTsL+ukE^|61!v2{g*6tdEf
zLJ~M49fw5KYl^L9GROkejDzd|F(8gbEU{Tkxt0F0^<E5$qEPmc*p@wzZAImcq->h)
zUX0+4R&H=?T~uAGy%cp|iM(IqqpFUccUVm>mar6>tXLvTbvq6W7tXi}449)nXfPQd
z&X_qyM->jHsF#h4YSw=R#i&(@6)d)jY9y@B!Y~^Q<Mv`iZ{U8QCs=^tY@<Og8g#KU
zQb>Zgp1+;ZxZ935-EuU$!Ojp6oq-Mm2Jq0^*}B+vD6Jbz-girR<`#7_0l|VHtqcJ^
zf+4A<BWU&9&a<>Vk7o>?fO2a_hrrq+SpojJ=AOf&k;5M~4mf{P$zK|49f7hM+vTx9
zBQ2q0XUG!zrle&?%7Qm)>p8!e2Yq^J@$~DZeWdSTW-tIWW(4Fmu=MmMy{(y#w278b
zi1#aP`uG9zE_5`97ik^I>*;<J{m4u7G(=r^W{~;l{uWn>^cuvL8(StlEwEHizhjj5
zTsv!X8f&x*q)C6EIc77;tQ}0Woex)yq93<bpW^6~>u=n7Snnh2UfM~5EG~2_T%oms
z#a>R^|5E^Z&$uF2DJ|R!Bx*PkIJ|NHheFwy+9EVf6@ZdT4Yt!JFB-4$>;+}Ormi-(
z3Q8B_09v5CznWMG4ab~FUvtd(0y}fAJ7Q;a`2suJ5+Z->EORf#a5S@la*0FaH#DGM
zQ#oXsC!;Xu5E0|~(R-1Yx!6#r+M;F50jEm9tmbQ2$YT`blM0EZ4OR0o*)<*JTL-Sq
zw?@`xxE{s=#ViQn$t#<qFjJ+tzPnV3#lB9I3gu~u5?oxUf&G*eb~RiRAK7DGn;amL
zyU%d|N~V7q@hf%_LVH3!%H$TGW>MSw^MA<$EG_;fE)x(DW|K~o@A;RqPk1J)3u|P~
znOVyt8y{w{jMvm^ZWdu6%?HkE#tW7|>3gh&vuD4ZX}-rMY*<@nExc-+q3L(vqXj;d
z1sf}uq%i{_5+yl(*kDu)V?ZC0N1K6`%mN>rx`BV&kwW6zZ>QhCY$S8;ZR^xImBSq#
z<WicDoPuc4?Wm4npm`eAC2>DfdeaGJlX$M&kSGB;nMey?ujDpXI<u6$wi7$_^c}D#
zYX><;(>L6u9f8n~en;v-*So$TZP=Hs1q*LH)4lZx_B+&=$<e373`0YZtE8teBZJ95
zS)qS=DmUeLl#j!NhjTov3wByQciFBI9V@60oP_Q|mz<O>7^TZuZCW4n>j^Wm8dSu|
zR@TuVusWL!<%q1vhT=~gZG9{Vgpw3|WpOoMY#etB`fpYUT+GZa<*#xC&N=NJeDd5F
z=bH4%)e2KEsSt4Bqf!J&w5#<Gq)Nt7&ZmE4aR%(lg_l)^6>~lC?5!N^Rkeh=d3EI0
zNxoCGaKkI8O={`sUO7g&T}F19N-U^BP}Lt_D@Z}x>gH=QFthZb5`tUd@p?08#sNBP
zRuv~ElVKUzB}T|_j_D-UYPD8nt61aACYiDw(s~SqrTN6Qo&*EfX3u9w#l@~GCINpQ
zHug>QbJju5IH|4_JC^`0o)lnMgtDs1^<{!eI@8IkZcHt10Uqxw^uX0oWVzllw5hJ$
zt73YOua1e^#F(&FamsWsD)lv(Q?C;883M9->U<Yeoh?ye$b+h%7XYZ7_hjW^=#O9^
zTeJv1wSonm7K@;&fg;L26e=8IOfi42Y|fzcs80W`+_O4pHm>kP;|eJ!rj^{nV|@Ur
zfm{y>wQnuh9-OM<#x1y&(nD9`l9LzTMfdp<3n{!yne}ruiT!=J5$#y9HGcJryra)Y
zi<<iS$fa;a7qgpy+JW1x{Cl{#UDqJo>yF)dO;EE^NMoj@K?h7hxkGmOV~u}2YlIk!
zlOjyml5`{RHE5-?UR$zWlZldaTl~;qp2MRup+|h>p>3(ir|8JoAc1U9MGX|tR<7Zf
z!3@&@gFFlXIwdr_JFMSZ$UBhymU2UfrV<yu>vX_0#?<xBu@+aX#<bozRi#Yh3I<>y
z8bKp|<r;)>8w;!Qr>cg;fQx_rw;I-$l%#pBM5N2q%1!}oF733now{q*#T|#~WpB#H
zYJVturd$K!)cHagC|YnB2k2X>v+43ROe=1(Jc}%rU<dt*gztcgeI}%X;~=)w?(RP;
z8<p|6rnM^DEta^!Y_&lSUc;`L_NPG}pxNX9|2tb)ypY^JI+x6$jv!V_2&z{AD<{>r
znQ@^HGE;x>#!{nbUgP_76b)^m*z#O96n}!_%enfOU2S#?(4FC;W+V54cBe?u0iOMq
zB09n|W80fl4!>J6SXuqA9$!!Y0*pqNV3)C&0TT@|H6Sn`Z(?c+GBGkRlcO&~f60zC
zw++6}Q}o$DcSLHd0vZkU8Xz|(1LR=jl-LH0I6(f3Uq7U%g;Fg&PJ+SIRH-D2%SVc2
zjXA;Lw~v1x4E+SaL!9yO?Z=P5es}m+9yKR#U=D|GKY!dlKfp}1BAWRW4xj%x{NaTM
zfWzlcKb$dM;B3Oh@#RQY&(DYxe~lpUh+K`k9Ptc5Z{cYkJZa|3m0zaev{EKSq57y3
z%*4YXk>F)QGu;}?mq^>eR2QM%G`*DFV&!Uct;5R^3Y|G|lQ+JJY$9f&IrU-`T{Lm=
z^0&`FeLO!uz9+RpQY;*_GXMVThoL{ebvpm^A3x0DXioFt*8|QVxBoo+e<e{#6SG+&
z5}`1Ay7pEvFIG}4(ixIzI-4g;|F~rCiMez+f|XYy$<$<cCZX<CtLYh{7(<LGs*&5N
z&QThdHTN`1+O8`?Q<$Rj?9CV&I5NkLt#N4vi_*6_VZi7Xf3@xcoMP3TBi)_xMjL$o
z@--rpJxwb_$SuN!c(QmWf1VTf36zm}2S(C#3G}*3ePsBPe!^L=fOt8E{2H#8NJ7Fb
z&qg!ly8=2WGb4bR<(`a31Ri;&rBx5e>+o@Di)r7?8+vAZGBXhgnORTD)p}hZ(7BTz
z<ATtsP6W-K*^eHVW6TzB7Ie4XEtPE>hDnU{a<1-|@h1e2-MR#Gf4NIMV5XJ>i-4&y
zEBI~b<VC$h2)N6DJKIN%Y$EDZ1yjznz$@BkgM2K@t4cceO48o5@(PEVW*!{%qO_iL
zsudl#C2BfVj$PDWHZSVh1%@>vEXHWU9Hzlyr>eV91HYO|nu^7MD4M#-93|hg9YnS#
zpVSkZBybf8Zxszrf5lF%zNb1*8klC`WH8BMo#ru5UQ@BcUXi;$IB!dGI&fBDl)j!_
z_#6~|R2m=cTA7%&v+i0O{2~m<S#fX59h_k_Lw4_m{oWDYt9pTDyXExB&Kh4+|Ga0<
zdw<F)^KID1n<Pwcp_X}gXjWVXk`;e%k)jFMd(H~y3y2g3f7X4j(Dv1Rrb3d}KzIuX
zGv*~5+S&D0h$HXHh!TA5HFH;m-PMLWYZ72;bXATcEct<(Ww??^Dk;>ur=ysy$&Fg+
zyTBWhH_`oFg^7nssWupBqL;*5?b@G^ji^S2LgY=K!PQ<4cVXbCu!sxInCz2e$9*Ju
zAD5w}<+x2Mf6K<So-Z$bYE=ujLgI_@=(rk?#)u^PZO1FsKchS=1(kPpt(>Cmz0eqH
zC|`jxRl5n2k=7uWF4(DdGmc*7va%gSVY^siM&Fhy;PB*Dij_6Naav}Kd!iSiiqbdj
zajnUYq#Cv!VJ!{HMW+-pbiQtjo!ERYxV0zyrb=`3f4q>`nQBUf$OIo0r;~i6MWGF7
zbsI$}MY@xX&IZ_9jpG7<stn}%8fHrCow?(jo;^KHCYYJ(05tW9-p~`gz(cS=OwAn5
zVB%*=GgX<iV1qo?_H0<k3oX?Z)|rX(HySa-R5W*Hjz$whL^{%#P48%YcN;fsl6e0w
zes(t@e;CAJo5X2KLdo^u24L^_w62md<O&2MCPT_PArbL3<dF(SK!U=z9}ho$H|)kU
z?b>!k`~g>dxEpN-@YvuMjoV;1F=<}F*1WNk(e=J7GdN<mCvs14*!kIF3&J`@$5;?+
zBNe`euLu?`Q@ffQ9k{deqG{yJpRgj>NcC^ve=>J-R}sUQ(j2L}eDPA*mK_6<4S7=+
z2!xFCNIpTX!eAvI-63x$Pxjn&Hly7tkP8LA(ry!tl9{Yy%mZ)48&W``-<1`l8Gf4C
zeR<p@w`>l(hC1gRv1TX6+CJ)d=Da4#7f~mg@Scba@olPQwaSNDPaq{iDy3M|MB9}K
zf2#i6o8)_0UvydSMl3}Kq%I|ut$9Z}SEQG)x!TXH(iNR3CHz0jqE^0AI$ISc`QLWO
zuT<kJjhOY+cP&9&GtaVS`BF=yWhMLRAe|c}lvKq^B|vsTt{Ud9?Ew{S0=X__A4)5&
zgVoedMu$d~Qj9JlRN|SA?nkruo*rs*f2J!kqnN{1%*UF*!Q2^R#8RL4wjNQVoi$XE
z0n*emtx)btFkJ?$fiiUcC6$S(BHBG_MWgEy=W<umb>9J0y1k1G3=5aTx>4;PY{sCi
ze$+~126X1U5Bf&6_0EU-^dUyts>I9ts_Lsa%A2|gC;i1Hl+LU);2F<!im*<Qe^JV@
z8j2|Vl45?8zA&L;CZ0n=utZgRMt5<ATIye5$e<}R4A<&3j_D7`6WGhq%N8I^0E%+~
zBslE~<o&|)GfL-*_4QzSuNth8AU$TMY`!p;-UiKjVUDeYkrJH1!t1NGeb?{&LSK5Z
zcD3Q#;fnH@WvHvC!TyFr4`Sn^e~TO2<?d1{Ep~!ZP<1WkTN__hVb@Tt5lMeRdxLCe
zmX2PP-D<lbmcKM(;A$~wr+UjX&eg(0btVM#%(lLx1+U9-UdG;bA}{)Lj}{421YNed
z%)MFkIj&Kk+c-H+>?rY-PjpDH0BA@3RU>Re-a&Qp*%YPo0_ozk5^Aqef4ABCPL)nn
zl3#5E-d#{o^dF;x?w?<qC+3FiSKLE?pJ_*L_L<RwTsFuD<gYg2<&>!rXSGeG!iaKD
zt)2XdtmZx1$kkF$1)a?=#J@ABZDt%@3u8=-7LEKbePJMyOQ%or`KB-C+u3T&93An>
z^3I))NkY+o$)|bE7CSQwe>B{)N|v28wyxY`BRH<ba>w5w(`RD^sp<v=u&ojJPF`u7
z?aC@&9XeDDAMRDh(Y5v(CY+W3a41Jj7JvMg3#-hnJIOLaQiXT@W0>Q@tJ4=-Y5POb
zn~bGn{$3&8d87Illk#5()hk*BH5_lvfE!FouMomK_TB8u&emAqe|Clx^4!D#Z=!uV
zXI@~a6mg^+F6cdYL}_mDTNg0^rDyi;oSiqj5P5IPipFN!%Qy)10!$#<GjSlCP)5h}
zVS<@Pa}$EQ9?W6thyaZOt(k~p!=1j=ntR~QAr)T0To=ywxpHIYrE);K8rH><6X_(S
zzRbPto?2`-^RmvPe?xEKDf}_t#<SMAqe=JN$qer~qjO^HuqA$Q!q_O&J{~=HJ)713
zcfGyi4RCCe{oXy>48l(U@D6VL3*3{6h=i`)u2ys>9II=N0hU8n4lI1U<EuVPYH-_f
z5i-ijFX^7~xxt4gErc~j*7_$~n_{HXVvR=1@KoRb`@??#1g@-KxR<e*0TT={I3O?}
zZ(?c+GBh%io;gB)ty@d4E4K~apI_m10K1}|Gr)lXKMQo1_5fWJUA0MopefM1$=@#}
zjwI?iHgfO59ou7#9^^;zBPELy9De`!-$CG?1$l6*Jbe4<<L^Hl{=3~3hi|`pT)#d*
zEZEk8IJv{uzYl+U>I1;x>*r4)=}$csfRR#ICG}HSu+o8l10$Rk03hJ%|6?mXZg>9r
z_2cpN@nd&vyV{c;jV%;d?Bgc1)KcPz1}xsgSNs~J6B>lTktE<d=VwtrF&}%8cpZ!_
z0ef0;4fswPSgF5qw0@iUnAV+^p{(sdasp)p_=i2gs;~oV^~oHZJlO+CeE03A!_Pm|
z17gdyHy~VpP=uGLJYnPmG+YMLmeykbonC^{M-%QY-6-s7q-yO&C>9j10w<h6T^jHL
z4r=XuI~dD(om#0-GGQo5L;d4Zz*&BZ^$go(@fQ_8Vz2k}(S3@?`KUhu{QbvSe;RQ<
zO8>2I4&j;D4x8OVW9ysXZJ-ON@M0j`_U&k_H9aSPtbb0r_yi5Az<0T%ZXWa^QwIhw
zN}Z3Os2h3n--pp@!n6?VH%&0#UV5X`_u(_Ozecgd#`5l;aQ-_<mu>jtHhx@y=3<RK
z`m2u8NplVDTzmr7TJGWQb-NQp?DZ5MuZ6eWeVqUK^_MXq#2QUK0YX{?gfe~}xT<Aa
zL_)-Wwuo)%Q9^yyiK~Bm317+cy1m6U(5oWhW}J{x?@0ragO5Zbx%fh>42|upB?#rl
z#1tm$=mpX^mkb$oi)bRna-fCjX~z^yD`qpe@Zn{U6-WR3=t|APBoab1I5xwhK}-Y~
z2R-$F=NO+M!K}J*4Ov#Zn(l+<oi*phv8nfeZIm7*X`3`fDBV@3$F8kcaLsuALtrHz
zbY)0kU>aF^XI?rx%X;ar`o)0ssp_q1Rd1@rR+y^e!8>x9I_JuOw>z!6swlJM07Dx8
z-k~Gnf;!fymtro^n0%6y3=-&gPi|cvXxL>DKxt8_0dr3qbWmbEN?_kvNH18tfyVcL
zGn0`t)ooG1r8)1y^8#Y{hHUdkZgp}g#y<&*|L|4$fB3o-G{`91ppX`0Gx~$4lh`pX
z6apr~mDKd0q3=moo0lXb+FB-G85bygV4^RBMzjnI-n_UA9)+}+V=gI#S~6n}{n6bi
zkhta3fRId`^Qmndnw)-=5bK#)>TF_vW)ZfMD+dBNkV-RE{OdR5*Y@yxS95>;^M^Pb
z1rq7s4l4MM@Zmp)zYV}9T&rDkj<hA(k1aS7O21lUkeACXNX%^gz(PZY=fsJm(7~OX
zEM{>#7j7o`<i5#a+vmvcFiFCUg~=ik{*WPBpCw|#pa&FQ!Gh2ABneM0j)B&H$s^ta
zI`3)PM2#3X-e^_|;!>lQNL4;l2!S3%5X_U?Jp=76$A)AqBvJK16<2<thKk1gY><8m
z@OFu?SkVcXAS@>=&Y}|7$p~0&bT7_f8sF&^7EDrC%%PlIFlW=$Gc4jJR~*QIQGoXs
zc*wiBOWz`;xx)A?Oj-Pd^T0WOsE~=_bJPo)QL-&Ik6>Giw=FhZvMD$zZ&Si&YT?7s
zrnFTjSs|egOhuk@WJE4`O~{b$kyW0E-AlF^G~!a!j6tj*f1JhiXzKR%iar>zk?iUv
zI`K-ThYVnVHKkT`SWJez44@EcUYY7Tvc<&?G(e1t%<+EiWMoxl+Y(KG)<co=Bntzc
z*N}%Rcz&`zxkCZ8?)Vb_B&D!R=1iRY5DxU^95v*!tw*jylNdTeFe}2J4gZ!S#5Vn@
zKf4|*mo!pN{Hnit)vZFxANdd?*BRL+<8k4$hOAX`m$#UD;}qt_i~br@=^>KMl*QFD
zs<VsCP6LYR<25}oMU|?5ZKBF&%LrXedI}mTc<-s;=F4F|xgQkSv@g`PbBZw&(QFIC
zO;c&hGnIb}#><KTi8N$W4~ER$+6zFMi@o%Wx6Px+L0wT`>Qa+^y7OB3q_hn({ag)W
zj>yQZ3lI8B9y7d6RIVFxrWgYoi>5hwF%?68ur!67Q&)^#B5hQEnA&AyEz`M(CWiD0
z3sMW~%eB4|@9zjB@mj_kZ1;)_3<E3I2|t&#<T_i=h$yQu$HJ$S1;(7J<ht2V8en~8
zoy`i8YJv~5ftzeD7T=P#!{=}jVf-O^ma@Cz8i$Z6KU;*95$n6M;8`Q%L;*o2dt6rk
zyLJk{NvbAZNO~!MN99&hy5G_oI0cwF5N1rwDC5Fr09IycV(CWqTv<S=OBUX_!JIS>
z2^ex~G+{ROTO0sw3E6aa=Bkv#lpmtGxfmmJ@GqE@&5?k+`yzIC(!{nJwO2zY>E0L~
ziaP#C!jv|TJz1`EXAbY_2(^}BvfL3Db?vrDIR%ndO-X5gLno7eBCOmW_tsvKnJe?;
zk0gnfR-n5b7cL>$7=DvcK)T4gV0{CnvDVZ>!y2YqdL^UT!llgHX0>anYJrAVFGrhF
zx~M^Kn)tr^UQ<}e)=Ec|uyTZ4Y%{g)tz@iWu>4`B;Y&r{Os8VDMJ7xo9baXNd(yLg
zDy9oxv=rBWK&8U8{M&IUM6T+j`;uEydZ_Qz@zgREQYF{ziMRrR_}ME5@<($yF#PcX
zp!7j`SpTC$yEp#8T$y6$`!)M?`lS-bKI%K={VCo=y;FE5Ot@_u+qP}ncG9tJ+sPMo
zY}>YN+qUhbW9)yQwf1xFs&4A~tx<E15^n3Nd}R^6{!q_}OkFZ{&|a=!)zm1Vo<>)O
zyK_m?cqt3Ci;8s(`D&&7nR)ux3ey#x0x&VkUn2DwH#<L1^N$+z>wr0h=q%D>(FDV7
z7n@^HIPPp^k0xJC@OM@Xb_@M$WE5&4L!4L)LQuCh(x}2{as0rrw(*XT5q@<ZHadE4
zy~p6v*L^rwN%|#G{Ewv!DBHpns$T(RK0d~ys)TpeDl%%Mnb$=)xs8BK26R4$1t3wY
zaSw`})M;|ye!BXW*mLYWM`!?Im3*R30OW*P)7I;IFE(;>Z$hM?f{(RzPIR{FYb~#=
zYOD13a!(m%)ZUphh3ag7CgaL~pGF0N+B!(BYtTo3oV1kQi`S-26J+kmiQYFV8rx;_
zFj>CC<ql2#kMwR1=wjhy(+;V~CEy-k2B30cbG|lWljP~8e;u!!swlMBf|NV0b6wF8
zKa*;av32EYO`X>?K9+u|2kG9<nDTM79Cl`lMPRoUkcK@kv#3Op;pFFEUP1JeHA2?Q
zGM~c{S*1X}*8wByjwtXCpC8{^mVbrw!uaH=(NUkrn!Kc{;h(ni8~-cpE<l}W$<|ti
zYOCVOQ<3JWaBs^T)qkiPecgvW*SqGtjh+*s^+kXwOb109OP~+4jjTCnX)$;p$wgpd
zu8RH4S(Cq(C~8bf`jrMmTf91ip)3I0GV(^ghV?;Rx4m)@p!T%M|BvJ8Z(TM6-OfQa
z87J(-R}r`Oih<B%D$5VmGhk&npUVkHq}E&Fwf%vl_sbLHVsPC~D}$kA5{#h>7n9Pe
zWNC(WiLL$b%9>lfN=z^-o+7W-7x7nX(v6anvx}u41QAXR6!<hb0r<TQ{33#9Beg-U
z$nxFe#Rr|3Ob2!aeO%LOHAliLhfbX?p&;fcBFi)XxNNg25~m3c2Y~)b9a7Q514<JI
zw@OcPhmEMn99x6%i(h6UHUf!(lzPpIHDw~t#!8iO7qL3P->t^PBkk_7Xh+AYzP9^Z
zQb0^Z+{I_MI;T}^!``xkKO4=dCP~MC`tBi=lMQ60FNgk_8~lXiLKAqGca#2SEQsKH
z6$Iz+{T{3;BzMKG7T|a*6kVlr{^r;CKwLuQm!ojAh&Gza`w}w%sP+M(C+U!!ywbz9
z^PPcLxf}P|Q?v4Ty7FaXoF_Z&GvCIfk1etY%!2}{Y%9iiuj#RB3!%^Y_a#F>g@%7S
zhJDbXpY!{J;G=jf;8#uEf~4oL-%{yfzTe01ZQ>AS(M6Ep2OKd%8v6ZzxG4+s|C`OZ
zS-6r6#YF%*Q?b|W@H?*>p8P^;ax$rQ`G)!W_=fIDZ1E#RU8X2-w_xM8r>~?5DB{ws
zQ#o0jK~Xw8?h|MuV++J5w{!E~k1uPrufKSPoU`lSUt?{1e*ft`Y6RzM3Cn7K-k<Vz
zw;e}kHC<YF6di)y&ZzbME)LN(f8R@v0!P5(d_DnBTZnu0c+LBL3eImd6T(dXV!qAY
z`%W^mfOrAhd4crHmj{l*w#W53i#5Nmg3lFRcc7gy#61IV&3lmc^?Rqrv>)lbB@oBJ
zuFj)D%2-(456L&rP{~`X`tb0yH>kdt=YM#;xoJ!3Vh1deUUb$_gqD)*S<r2R!A{%d
z=+OX|WtzY~i45-PBZo6BX>I>l!U8u8R#MpFKnV;EGht5+4z2|ct1n&uBKybjEEL(v
zN8@AWx-KddNWMgvFWmTwWxQhexD&>SO;UQ1)qkIH4tu$T4tq7=f3t497=jK#?xx1#
zst`2^%`Snn2--y)yw5*3e!K1X;MPB>9LfNn0@Iv&A6LDZ3}kZXU3bRso2b<0CcgDn
z<9Ehr&<2t8tsJB4o)p1N4oY3u4VQDCkgKEUPW72G2MY;L<Mg%n-&8a`FE6#gkX(o*
zTVI`TgdymIP)%_^z@@tf^NLK*ua0N&E?zLn)Qt`)%n;I)`zbL~FnmM<L+m)|035&z
zrsS`4Cc~vS(gNR#s$Lw6vakZStpLLkpe5S~A<v3?e5zq8f?(|asuu3N44$~uAT<9l
z0_a@qz>DO2T$vIE`q<`f6ZO0cV*FDDD(SQ#Ujyy>4TBFJV-4%nzg!D6vptF#IZmN4
z6IM(5<00lPxd^()Mrtg9Aj^OX9~@B6Bx_CbvP#>8**Jvd-oldWsHtRRGz~r*kS^6o
zO`ZJDBQ&=)jC;@@9~H?&Aq+tt6%MNI0ITlD1d1Z1IqiOTTV%->uX*(|Fa>I~;O~N}
zw^osD6ATXv8r3~(A|!1Uy{amZXnX~+T58UDfHuD{YC6B_l9))H;j~qS*BAhnmQ~_9
zH2P}J1YQ{TN^$xGeaeb7XePBmP<ZhS)0QCU5A&BQ6-GDN0w&d$_=REZ!Gq9oeB&Ht
zmg2cj`vgumEza`sU+f^`gCV{ry=FS-6vOkRt_?N&v|L>^+mM*dn#p0hE!f-%3To4&
zteQe+5hb&apuZ)O%n6;Kfro$&*BE+fzZBKt(H?Ca+N>tt{p>B7{6CTiRKF)~r4<Sj
zh_A<rkJaE#;l!h&3h*8yy&`GYKq$E8RGUnovjsRx?m!1>QaA=C)f8(bN|Z=3<KSqz
z9Q-Ju_h|y^BovK!O=!la>DUhx^X!Oc*xRX_t0Bf#D}LB?)Xu6nutR{C4&0a~Vu9OD
z2%A`3sYKwTsW~MQBrRtjQ_FybD=p+z%~U?{P$bmkOq9I!1WC)toKm~Q#l6`0Wc3h8
z@B-+$_6f+$07P+A5Xc8_SjYo;{hfRx0&wQ~(B^l+zqRv+LvSXBIG5bwG(;+}o=hgh
zgq?CcUwFA_@V<H2FcJV{6@suq#}E=^bQbH>%;~o+hQ?Gb_ON#Wy9QFKNldFKv&p90
zYk+42JR&u+@$eOkDvc3%PdSQYLs0+mXb=3Z&TeJ(AqkB`oUQ=)(v$>+8W5(MQOJnp
zTO)>sj@-8M6^U1tYrHG-BT>J~YJkqM^bQ*8z)TvkBv&}T?h?Sf0@$j>t)SUq6SUIF
zDSVeaeu6$ivSXOblg6F9g<2d0W~8+7;T%GvzMyiy2RKo6#@#C^A(4@Jx8;$KRbQMo
zosapm0*9CDgeR9r*QB<t!#8Nk`(2B1Rv@H}KdxiXIO%6q!nZ-W3JtnR^r$J(10P?3
zSBiZ?c@sJ;aRM-mnKTOg&$mbeo!N0N2IXYH&h{QXO(%@RNPsbbH0|S+hkY7_wlomN
zcxCmS5=8BBG?1#_2_H;GfHrAE7c!rW(VEwywraIZw4EuvFofHqzFc*+6}J&(sNn)r
zX1`M1NKrpy(wayuZgU!<jhF^u5U!~Kxf-XQ4~N>-%?+T8Qc?Mi$_Xp}mo$w>O~hHP
z(E1|nvt|&^{JYBts1!ID1X!XS<K2J*v8I{KZ8xItsF!Sk#0dub<pI2+`oHM2JWjB6
zCz-o~3Q}7ieZ&`~GhySPI7007ZHIrjEK?)wUWsauM?z%73K=^%bht2Cqe>B^it9S~
zho;gz!6;yKCh|QD7AE>pu$JfE^+-Kd!q`Wvp9WXWVb}nA{+ZvQx1%8cljg&<-`p4C
z4J|~yCSnaqgFkCPgz>z?w-A;<_St={1-;fjJ6USQAu;p9HZ+h*YZ_+-X+CwDRd7RA
zqi#2F9V?V0j5V;ov(6889O8bk(`ufUAg!&ReG|Z7YYD(kUbj@1zv|@1E4_cngHEa^
z5iOsC=yg4Sby#_Bfk(50;XJ!{x}pBP^KWk})BqBxfeu{wvx_7F1k{-CJN0&%JoaI>
zl$NXB=aMWWg=rmlFZU_+7q#>#^cSXhFifh2WYW?2N>-T%MgY$6yj5ZB$KybDg*^C6
z-5oG+2&`305M^u%yQ~0T=|`{(v(?I?7U%)=f4BJI;R9@CPFF~pD*|qihd|5tuVNBo
zb>O{g;bGwxPj@2Sl(cqai1Phio}8X;`E2dO50b);ekDwZ@=Z=H4C?ZiqE3K9gjTdt
z+#V=ezs$=o2>TNw`ji81xo6=~6Zw)xfEg{@KI=g#(6Q!JF^^j991f>8QJm@Zx?%f&
zzAV?<B%q|p;_#X|Fa$_GzJE79s71AiVIV@v6McJU+G-TwQhx*;UxlQ-{}k0`SEG+7
z#y!Q(&xfqj^j_D9%{<Ga@T{-9%(u3A%~m{GO0eVmV3)vtN_(8FP-_W6jfZv40j!6F
zE2?*7qK=ewxz-3+rBY?;mRp;9xLaI0gcxv&J7Nj820O12uF@QwE3`=m_RfaMu=ZHl
z&=WMpHJ3Cdj7qe#Dj}ETUM|lWEjxCTj&ILqX$4`Z?LT73R<<TRw-Td3otTA!F|#&e
zKllT-X{+NFi~Tb8RyHmyZwMS}0PWR4QY|OV1Wn3(Mg+=u9b?;W6%)xGAv_a@{==Aj
z+T2FqGOq_Tts$$Az%IA~X+{4LYDxIbSR0Pbu^i9^qs^g-I<uuKu#TOg%g7)XI-E}a
zkGk0cjz>1bAPD-A3f5!0Yz*o8bArO%tCihQ{>S6a0gByVi~%;s9dac$fEP)2uZ8?d
z791~cTWau_Z|pje$PUkpXIf8TyiSj6;0O*4$8xPv9iaJTRlMWwxLD!Nq!Pk;;m-g?
zbjqBGkowM=>oOKFL?%;(r$Iw>CDJPV+dsphZEgFuim=2gj@HI|{{0Jo>n5E(3(~GP
zbvMKgz23FJg4e(*ehMijz_T%APpildfsA7BDamCkx%+tzqc(0wU`I`#4Kq;gP9_OW
zm%4nJ+5S1JiM)i8df(ZE;`iyA>8Jm>|AWS!`}{YS{ubvmN#BKkBqq|X>(AmhM`tA#
z!L9*zlprS7D`C7K8j}~Fo?V<G4PJ`FIU>|(G2m?}NdAHD&u_*cVf$~uSKwg!*wRX^
zK>pgN%+K%5Z(Y-`$Ic#*^C>FN|FkSN6=6U*nV6H#6ommRI?{1;|4*!OYpH?GWSPGP
z)XVK9gdkxbfr{lG@OIco$dD*ik$U0fjx>yzTcKP*6?r9DIhuWau-5k9TmP5rD*od&
zLf_Z-4dWi(&p&eo7Zxv`=sv*vm`)_6hZJ+}*TGpE)}j@ShamoBj%*p62VX<iftSOt
z?<e3OYcB@Dp`XZRjnQFapmq`O;4G~V|L49L5>`Xd_xJXYySr;@qZb!ZusV?NHnMH*
ziMd+`&-LAR`i^2i?um<Vr)z?1B_|F;@`{bb(B4zg<)-P+Nkv0~83>yoj2#{wERvc(
zv1|9hXACTbINt7D40?C-n!Dm1CWNzM93)_e+e*3q+@R0*^X2XF1%DE0So@bTak|V=
zDyb$>4$?*;!PJWNR)AFc*M8{zd~YU1(2kFnfPJme!q7En!;zI$kZEd=F4x;k`cV}Z
zM%-Hfbpv+_aRO~~EF?)(@4<QY1O=m<?_u|fN>~3}xenu!NTt|~!vFmb2b#3*zeK=G
zVcx?jiq-k#)krLr6CBQ<RioKvK~?ts?xb(_@R!2h$U4+b2su5jW@?$$zw=VLmYo{U
zIggpW(wKi&TePSq26tyumb&OXH<}^T;U8XznpAbry($(+9%-wX(Q}X>>C`lIfyAHC
zQufv(3R^+-g?oUmLq9MaB+*)wERX<E#ahFIPoNdbe2>V7S_zlYX+)|fT8`Jn^{Pw@
zXsdjk_YDFFXV@JD{QYsV4JPUS%pQhYiLQ78Ug{^BHu$LCjd#RnzB^P}&p|9R-oEF%
z5qRCYd~j)3oLHN`-oc}TKz8%^L@DtLV9IykWZ+KjX`$>(7zt1^^%L6(7*c>7Q097R
z(EjSAvRJ+ce+9Qfl_n;x`i6gKcuVaKg9&mXqTzhds6i`Hf%#jdc;Ag0KPS|0Y@vzw
zq}imR+DIn5kt$pz6u`4O1NF1E@a%}wCcxN4wBoX^5i`hmltg2>7EbAT<f5jF9x*1s
zP0~ULc0F^pTjyEU=@M^=ENTFw5YI`zxdbAo+ZcGshNvQJxpuhiE1XDb_t}o{`dY5-
zEnSVMM6idzE~mtzo_pFcC5Tdro~cQhZ1uq|%Gy84KOh<diEK*aKO4^cafJbr@BeHk
zIgA`Nb~cs`x0dbBChsc^Bd00;VE^S_KnH`>?3t_s0nz~<7VHl%8*~EvM5`~WYS4!n
zIBP#jyz~!8Mj*vxwTgMUBR9bpaOrI&)yZB*ERW@rXI6;`*JNWx#FIiN5VL+6H=AAw
zm2Zr(AIDd%?WLAW*AV)Kj`x<T*wJ-RFPuC@1`7*hP+c`!)oOmY$okX0>WPAO^Npf2
z<JALiDbdS%&5Vx(Z59CvsT)#G?Y<Ie-AnBXIV0DrT~I!uf9PZs%{ubSHHr$@^O7f{
zZlu6aLo>5&X&_R=Z#sA~Tn-U$t7H0_E=S#;9+a#@I=>eH6!;^C%O?8eAyM&{kz@I}
zSZBz18-vT+gEG(|)v-D*2sc}YGF=qN*Mkb&1;?EvxaZ=__|kxXXvC6t?kXxO>9geA
zSd31xgD8&eI32Ab?=thOwGvP5_XVdU;)5yl3Lu;t@F~XKV?Km~0^x-s0~g&CUrb#J
zc1^chW@DudmyA*6Ix}ivu;^$bQZ^xm0^w@MHX|rCZ^yMxLJj<*ur0aHVX;+-B3e)l
z{OKb-8(Zt8g?oS#;%P7JCS&#*jC^<Hb)JBWp1KM%a%#1-6TXF!R5A&m${g)yJdke^
z!&M~>QF259&&Cw7&t`fqH=BQTTV(*KQIuv2o#<sOTU=HVC^h7JY9|a3cx3n>OE7tR
zao);^*rwPGFCauMFV_g0H4IDl7~{vO>kr$8%ih{kb83K2M-xAe;Y;UP4_NSv5|TJ%
z>84zmyg2y)17B!nvD$ijQz_^02)UZn(qM#tlXs5V)`3-n^~O;x6(Efz$RAvC0&Z0W
zq&E$+cI5?E$7ut!URmcs{vW{*UR(2RNt^}8#5DBe6ng~Nb+ljpN^1mti~g`a6TzK!
zLmnodV>Uo*s)nZH@kb<WH1z>8LtWXP;-^dWTORjr|ER{PEPtEeeTA%?_|c|YO_LUx
zc`bm=99oaf$2xL9?*5#B{m%r)oBoJG#9Z8Cb?3zx5r2Dov>i%-X4Pkg1rj9sgS=W0
zAoJZ;yxnpf%ST$Q%30o)nT)u2XP_I*OLZ(?EDKPFQ0Eu22UW)ltw-#J{yKm6)$7kU
z9GB*-2<_7Oz%sn540|WMxX{?Dyf)Th8biDbaBAj|m#H#BVXUa?h<&1$cOC+pvN14s
z%=?SLVs8yPqK22{oJQ#bIX_!=xtO9vIg>X4uJwgt(%2ev!r@MD+$ful$1aKjHLQ}N
zYyf~W<%y0km^fDhCvCO5$-POIPGO~q<k~X4uas>_m(;FKxKc_3kmsL!r`Dn|ozN+O
z?N6g@#K6~>Sd0|WJYv1lLhY$FW`~C-Zb8^tu!3BRPtf)#op#tx)*Mgo@VmRKaAjCG
z-@!!vLS#J-YIvQ(-ac%xZ$>EJ5KKR%kN}1x+aTtYD^gwIuSfCLS4uiBG42<@Ozbd!
zB{Uzn6>BGiEs`31tDV#zc6qBB6IS%!6|lQio*61DncG@&vwF$}NMCe4x^_vk|F*3R
zIU73~AtsJ~$qL++nVAUKyrDp1E14Xvp2;HjwVFdWRsu6eN_FHm+W9L`Y{UHauK;`}
z=4&_?2d!@4N>+m}|7v;rO}FlkL_V-N+Ti2QSfW4G*VKyrN8YuwswRw(HC@{rp!7gM
zqc&C~m3iCXW__W~dVJmO`rpl*H6|(wdQ!7Fxa<n%)b>rfW}TE}7WB)4<ZLEn=CnZv
zx5t9jYn7tHl)mEiS4~KIk>}Jny8z{ueQA$dyi$bCScWBv|FGQu*`AvDGr~h3AILNs
zmu1cFkb5xdTjRCo^ah5nx75<-yewZ@Wn_u($rs$W)><2n&APk%HQg^w5v?j{t`Mrp
zjC?$2cDcZ55ua(cdM34&o<S3Up3E6Ja%suv&kCG2jNx2O$M!dvGw|2-;{{|aH8Vtx
zb;xqVc$<)|r`TFkI;3EOsJzV?ivgYG6a+LO`~>gKN?^{+=p@1M0jJC|k!D^8OEd7=
zfOPsa&whY;FyY#xOvipxz{hw)I%uUmaL-58V<<I@&N8{|B7w0I+)VWKbJ5+^wE0@>
z<A}&RVrq^CoW0O-83E_=M*y54#g~V6W_G~&Ru*)im{5)wk^~&;%YVM_Ogn#S;JRy3
zrVe$m^9<hA&11qjPpa4yI^B<aGX5dz=mKGDr6C=SvM?7eJz}yJ_&=gdTF^hoOuubR
zV?3nwWo~>$Tg;8w#;&NI6hk5M7GJFu?5_k@g*M41cRC6&Kn7w-u>+ddz$;`FZNjB<
z5Eu~3R8L!8f9SMUfTHR++4_Ah-YRlpIqCQU{vujWihIaV`Y1Sr;I;ehD5QBtvtSj0
zfAHKuN4e|KC#0v`?w@rrryjl<LNwVH(j7^ZJ7J?_v4CrsPgS^zKI)7ySV8FMnux=;
zlb?BK_vzcgn;lF-k^zb^LR0N{!)=u0wcU-mcnuiwIR!?`*+(dO-`vP=8GnELd~N@%
z#Zh47Te*>TL7*>^)Rx2O_phunPp*AVn~hm$v(1N<gJP+GD=Cv`xk7P#&P08#!02-J
zNJ`1vZs%}1){rFB^J4whU-ZQp)_9b8A=bW`vIe0_83HLYRRKV4ophAuOWiV&fug!d
zY=Ik5Nuc{d1E3wjm_YL3x*HY6P{N6!Fb<$*S-}!e_K~s7?nU36Aon$S{U8K-o4F}$
z2iFF>(uacQRW(8QwlP0`F}{Xgx1%3H(%Jn&5AYQ1uO|xF7Xw+-qJRqbAE{4B)tuJo
zyCQ%J4ij&?6pe9xfrP-!s+kIXxZ1w^QS>0Pw2OrERv^9N_CA&fp}{ge-_UP+`PYZy
z-ojXOf51lZ{TVnBe)UhwhVo#|uS<^zmyT}{?H+$%Zxn5_r^~u--c$Z+T>J_?{O%kG
zCN`Nl{V%HK{9jbf%EZE)B&012n8BHd1nqhdFkn6lz*m#rxeOiH{};a%9Ec}kuSFCF
zd8haI`Nyhi(fV_SJpG}4MY-ZdURm<(>u$^;Z_-b_U$N`x?C$sL?J7?IP_j@o0qFbv
zJbL^#TA;7D=B>@!`+fU*0u|gTyaRmSz)oKP8C?1fGA@_(0e(-8e!d?7vX~I<C!j=A
zR_{S-J5U$_VeLHOMnXFmlr%m(`<U1MmVz}8^tOCqt05;&o8PXE0d>!_iY`9$Vtp$g
z;8I9YdJFv0Bwv#ChC2uCX4k|<4tV2GQ^AjKgmRt~ba3$LjLpw<5D_$@>)x4%yd)Eo
zW&|V&$C5iw{B)oM4^dVCCfn$(Y`8A&22U0_qF^OxLPr1&-8GDnq|zooqvg(P<SIXI
zy>%dK4^WBw>#qoFvyKJa_Kr?Xbyie20YN=iZqe?3ET^03(I^bmXm;-}tHheEq>j^$
zt#D<m?abG+ZT<ii;*r~E6Jmt?&y_QeZJ-@Yuoz1^lkh!ZUCJ;31L9WW9pAD!-V4G=
z>f2J4$W4(Xh3K30AupFt-N@bB$p_+|q+DvqJ{MSVR0b+^kDgdR;}*2XPIcL4gMocf
zKG-Gy(|L0O_t<VeKK)Aw$jQAbCdY=d($qA?{YUV!R69-<QOh-8C1t&AwVoX117e`S
z8ov^^`gyCzZM+@Oac-^?Q@>xxA=tXWn;95#C}T>CvxU0JI-H6hw|;V%BGfs<c^C=Y
za=GF(>V#YuYyKLO|7U5ssS~L!h7`<0gxqm{ZWTMD>u5LFACe0R96di>%?ch$sF+$Z
zJSp^#OD@AI!7IU~0uv^XpPR^DFwXu?6n$Y30yW!aLSY@iGnjREdZY%p{hc#63L%BR
zG9b8=U>|K*nE&(c3XOiL-Cs%_IP3X2Y;pybRjgIS{o3l3fF8-!Gmf*7J&PZ+RAV9_
zcxH(aH7G-2Zh@|@Y*P(S#(?<0(l;C0Ia%4u_Ez`hRK6q1Wx^RW;WH`3gl7B!z8pU6
zmk(sfURpIEqoYFn%Jf}}_)uL3#YYMD)W$uDxYjn}c$_d6=h`fo%}u=BGp}`8Hp5(9
zgqZg<V_vt9uX_NC0J?Ja<EFzcDrg2cc_YOgQOB7A<-$LNF5+ecqPd%lfPsiD*$Ju_
z-EhE5G4^jODxpp`g*HmdA38;?71fvewM0f#&<t!qGYl15_Yu8iDt&+>PLfz^!-z7r
zz4&E1(b6JJO!c=g^qg`zcB#f1L4Q4I?9z1nHEtS%=*f5si;T*(6S1S)fW1e8c?r}_
zVdy{MI8nmC2WnoDb-Dqrps9y^HPX!G=|`kn{eLB+ueHxGyq~HxCPBOpG8}XMf}5<G
z)WDwtd?Qx^*7%K%M3%T-;b1P|4;iLgn4*+3|0em$9(371oLSkg-|##agFhxr@>r#@
zZAgog2i*{k7fo@^^mZ0#*;-Q9$gj`f1uvx2(9WWG4?KE7<jV7nL<h9?K1AY;i992A
z?|=l;`)~>t?^usFYpe{xF4DSjJ;*`UzSsl-uItG{IMUD9fIy>cncx_bLTo0H7k(2>
z<B~#ZkE)ZItC*d2BMa{?K2^c{Iezl9P$@))I2;j{9nAyeJSwVg&kDPV_R*XLsLaD1
zktOKECKd3vp`UfcDnx`n{8ObD6`eICxQK)qUOCqL%*?>hl|z<NzvR#h4H?07pCuas
zr}RSn1y8DM-di{e?K@?a4yK`OP6hH3snB6OoF+-(&%5g*AN7nqK@2glt9i?xb)I8%
zqy8mK4jHCyPzJIo^Qo&0B(ex8@{>3-W;E(HIAvLI8!`xPTTXHlx#=P!(vJiZCDP&r
zNec|vr=x4vl>i1<EAyJ)f4axx%_*n=o)s~F1Ok%6hz19odFT$%p~S)-H80BxPgX!_
zqxQ=vn5dLbWa!aiVyReg&q#l$LCaIZjFQfAeYFXG6<ToS$bECp*_JK=?_DA&wT$YO
zlUD3zOvpO01H52UA0f5sy4Px%to;z5vN6qOzF+1c#I&TJeE0{}3EnNRP23hhkb7Pm
z8q`h^;kGUt?>XR{zx7T7hTtG1VDnon`^=UPod`YPl+WnkDCEoCGnYxtdj3#JbU3A-
z%d`DPEFLMv==eR;+<B5r&uk|L+3v<=qiTi37fO!+6EXO|8z+ux9$hh+$j5{7!!d&2
zURMKf+@JGYUpD=NX=wX{&_DHns4CirFPyR{XF0NoT{nd{9u<u3EwbV)LYdGz{_8)H
zIgjjFyle?Qc==gLaRU=caQ<M#ZKpiU+{T>h?K%_ke_#!ksXA_sb>wfg*bwXFpN81D
zt&;?0?*y8H$E1=+6FE^Dk0B)egbK?1ytkkKKqBdY9L#Yi|B*en<LZV4@WaE8iHjKC
zJz=E@fcp3>a`>i|sN5bD#;TL(yCBlr*5~82>a&#-vMAPl#(Sa3cfwy5q7g2~4|?f~
zU)SA~-SbNv7dSaq<o;2^p2lUcu#;U>u%07#T`{wwYrZ9LCfCa23h(|;`hSp+rP^^_
zZ!N1^^LTrSrMDcV%Oy(>=*^R0{~KR7E9JrK6u%GW&V_dNdz!d$>6U-SB5Sc@@z^id
zr0r=dR<|laEQfBi&?9qEgSwj_miI3{au~0wxLdVO>puzDBH@ex#LE)Bbkrn~=sv<9
zr`!G=PK5&%<3yi7b_VjQ5WpJAGo!V7skwa2_B5V5(mc6jMao<v0C@0HMr%_=1;ym*
z@~O?FoJHzmH4zh(^U3*(-MCJ3kA#n6I@IV4Wdln^+-nk11~~&NNkLDcF-sVRCXY=6
zBu;l;lDkMEX--WU(znVC_DdJp>8w(BNz-dgQ&wBoRsttF9l{#T5}HOoHF=tZdW@PH
zRenSS#mqv}a}qB<Kw~6%R*QUEr<fmmN`o~obqgYjJf}}0%G6eP@O%)tuKqLbZ;x()
z{j9UWK?U00!|@@GE~nhMyGNL(dR+s_w8EBHQ*no6|42kGEF#Cs$B|?OejR4s+~n!2
z7q8$t_SrveLQd&zsyf2s<Mx`dmMOfvBusLD6??8dc(u1%K<dIYkc!RnTdh9Z4Zjas
zgY5M2Od9frqTx<P%hlg3hx*#O?WyBKOW!*?b>~44{*|lTTfROLYK!A4ww<Ej-oZw6
z^|gu*PLpALn%}1#KBl1qQ}P`52{~c{nfF0MR}yW#+Y18IC-5Wz+|pM{p{-?&>5uy2
zxQ;7%z4`qNz>5;*YnY?t(dew_(28a;w%5<IKA53S<XMXM5UXD0=KzE7o$8tC^9@)p
zY5QY586*RO3?3%WTJ^j9s+D|O%GU%UomO(DSgHKa=H#*gj=Vx9$%|SBV^#5O#PIr%
zbr}j3_j_sBO4sG&0B5wbGN+|zI%QaJQFbbP$@$WZh;9M<#S0A~>bnhGGr0E?WFm;b
zW7Ff`S2Hm8Ka&-nkPKp0v8%v5q}SD`a8n@o144(Mh!6+YNaI)j?_Y$JPt`F0Gg-1S
z{l5?d2NPG)qNyn0|Ia4}97Qg>01XA?0XNF}1keRlKT;{NfoID9_)GIwB$)f!XOXnG
z3%qEOP)B^dB{cF39=!fXl+nIj0wDYL58CqfdOt7k>%LU+{Xajq{vFMb!vC}8?i?CZ
z4C~{20CIeLJNZl!L7#P0KK+WNbQ1*a@i_Bv0f@}SeQ#thi`*G<_kAXL57*s3qv>WN
zQ=S1o-#Y&s9A&kQjcv8Dg6b+20W0QWj))!H8`4I4t|GR*eaY-)&9?jGh$&iuN%6un
z(kmELM(`0qD|KG9w_$&=DdMWb&yh`N(1r+$doYg^MTJ80%^jHf670ast(vOYz=p^_
z0l-Z%_2cY@(o4syS2J@9>tP&D$PTfW1D!sXo|=tt&2MtMU7k1d{%dDN%8g#GM5emx
zhVE3_6J@fVLh`{r`fMKQePhH4TyRPY*71LXe$)*NiDY#WQOW1kxIbUcFIj-<Yqj5F
z<}Zr?>dxW-wpAj0p&3bab4W^f!8Wwh|AkP5)elJ!?PD{B<CBD)k~{_4PE!kREm7<=
z@|tkTi!S#~RgfC|Q6<(i(Ha~oWs60d{g6ukiF3l;5Uax$ZMX&%Xb;DE3wr*Qv~$>R
zMCNuPFkbgS2{<f1trsI)n52pc<U119&qsd;eV>5OCi$HY2pGSkGPIvu+N&bI0}SxK
z!wL2vS@Qq;yZRgg3-KXGk<K?7e|M43-&nRYpX9q5@D>0mo$p69ahznyCcVnpofO^G
zk%$)XnG3mT#+@1CR!*x~Z^|waQ-zK^%3YsHGKd8_X@yxM(w%U&L>nYA!|X!LjmA8h
zcp{smwi<5-h~H84&pQ@EXeArr0+e_`4%oo3G*_=tnYe45s%dEjBd-WuCa{XT{762Y
zom;Iir(Qnk(UCb^HOe><xgW7~556-MrdiA~NZT;?BjcJHqRkkjmn%br>L2=QStZvL
zY&ah02C)!RowM|A%_5&y(XV`<>AZ_J8Ocr0n+?9HC2SE7oiRBvCf2l!0nBbFaiO&1
zDWP9ipwN8U12sUOk;WZF;L7_`vH3RDNSynB>DsaK39ii@wL`IoV~{3rnDCqwLBldT
ztxS;&?Xusfb{?P*715W7Ldu!TMC~})tdIRLa6}idl4t^BOEe_&ky^>Xe3n_WINe4;
zIb`##oIsXAPfhwIk5O;40f*!SI%M#!wyATMnF77RQ`?7`#s@vo#{PkGGb+!aja^E6
z&R=A{5^R_IBrbZ$h%Bzg5OPNhi5$(*nN-Z484>a)Gu-}QBUNz3ex!rklNG7z=@;}h
z!k6GsQq|VsjiZXff7T2&%vW3mjFx>G?1Kp2QkxNJSA`E&`H|!m0G7Bgt%!F!Qk|{O
z)Rc?mY%{WN>5WB79wnRloNwY<^A7mYC1ctfL}e>X&ZysB+&6fg(_j}D{=}Bm*t65+
zx%<K;MGq&FvK3l1IrBY&%n24@%L}pQw6$3Ep<k<PcEe&D3zSvTrx~%`#xGpRn0jD$
ziCfA@n{KyaTFiAl0I($78}!Ak>r-$^3hniFGYu(VRO1^Gz2}DPLOA0KK_0061<Ju{
znGAGRIAqI_y-TU02pOK{XZ(eObb#`oQ{&a6_pfC~fr#d<qL@WE3tDf&>BcP9@ZBwT
zrESXD`U6;0F&*A0Dyx%fbn3}7r7HmNA9^NwHRzP8<o-$o0EI~1Jy|hQ%HKv18B=LC
z7_!5p@>5y5Oi~#Ite%V#;>G<^#$)jn2q!V|W-&3H^^l*UGN!Xa3<%bXhg_Y@5r?vX
zVm3}DUD5JR-8DmE<C&+gURPXtXKe#=ENrcge@ponC&oJ81QQd_ri;X`=-)g>P<&Pu
zCkrs%2^M<)0I#YWpS=OIS2h2D)4W04|K+^IQ7Oo>&qZ_Sh1#9`jSA!5lPM4J)<c48
zQI*MC!;}+(!~@}*xI;AF6;E$WiTKnoz18+$&o`S5&)RNN7P}&g5rHPd^e!aKNSIkS
z)nFU=T{zOE*6-Rk8Zx!pP+;PX+6SHi%HuK_!>+vh0SMcF6#ka&2qF7j>0v716#rbd
zv4f7?ov`S;77YhZ4HH$@E^K01xDB1A_t+)wzwL^zagz}==(p!b=&5MktcGi=t+B^a
z6DmMY@X1$q!W9Zzex}S-9G$U>_4&=)DHGRq<r@BjLRlG8S)wR`K%+Ja6PDHHBiRH~
z=J4Dg1IYRQ^@~tpUWkHkrfqD0LHyH0HnRvM5>nFS5*wqQ&l@>y*m$UO!tE*&^!}Ch
z5gHn0o6XLFKA9_Pzm58$r!j9-jVB2~35~Z4{!w#T0EYOOX<dH01g@i)a(U1~(QSjB
zZ)B`yr=Qa1x3F<fnWwnz(P5%)XO{%AcBgXi1<30}SU`yL?wrElnl3%rh-Ds_m6PT-
zeJtugp8l9gMW#Nx{RoE{3)H^-=efVZ34x`Q=>zv=bnO)R2{Z5$Vi5WB)X9~zM#v&6
zCws+k=kVrAOt@IKm80A%iL(jx<h9hR)YX4^Ur!DXZOXH1N6!wcgtv*t{76$Z$r*0R
z4Ip-o2-&7JRmjr3&1Ky;mdSGNo29~Qe|Hz|<91_<*O=xQmi|z`=aYDds>BPX`M&MB
zl5Z|iK1Fb>t`YRBiI`34`s7Df&3)2SR}xM7utcY;ZT(}!fC@rKHkLn@AHyNdFwu3O
zY#(v%74Bi`ag2PJx{88<bQ#dtP>_$@4iFcbic$^{N3shFZax|_*h32(zRT$Ve1FK}
z?*=+vYYc+O4;_X92!1$7VmQIjm;640?9~0c`EO~xfOl~P8t(7-LdXorPaK0?N#V0J
zVH+9*+08MlI$hO{ep%`FChj;_V|cY_{?S#Um$4^K^To3uOn;Jz>iGI$Yp~i|10*qC
zmW~Wt^1y9&Exa$%I(uJmw0GY~=z)nBK5#AoF{2UFg5)?!_y9RJh1UstJ^B(@Htk)<
zKn#!8A0E>u4`QqBP**tIMU$jwg{`K0a^2o%mu3suZlvt&Qng}k?O^;nZjuc1(7r{d
z=x%IwC#URW0a`Ns)@YGlMQHRp05p<vKUw31{oDX#KYi%4^vH`yIiV-e3j75tpAIiV
zV*OtoXX;rKye=7=3tGTSStW%?TwGJg<8tHF<r`R3rA~8EfmF0Ff@`F6E(j9j9Va31
z^!*WqA9Xebh>-{4k$6(ox2yfkR@hWwLuvYMzJq}t!+~XSL!Rk;xUUu~K!=PkY<5-2
zGMuL2W?~-VgDjy2z5K0Wy;_?2VqWnB(=W@Zs->X70iIuMM-3NGyY2Mr#r}C2uvhUV
z#m-)}WUFsq_2kDcaAo0UX17M)0EQEig4z*(*VA?ij54oqYQ}i&@6}2U%1=BhH|kdM
zx%FRTExw6G6~@fo)Wy{~tvwwWF6rAI7KD{E3C2MfP@*GS#ny(rvuChiGbHzH>o#O&
zm>YVXtvgO)dV(3kh2-${s;4YnlBl}F-@rWWQ6@>BQmK&REv0V3|NZjNCp`dY;!x3?
zdA^Dx{CzY3aPY4zH30my`}u)^iUw=XJw5*$dQMBrXwL2R|2QktNPAb=W2AhoIGdXA
ztvo3N2)3vpzDd^HAFxL|62~gdJ!eSl@1KG1E;*g+LRx|<E`hxz9SCMhzB41Py0v~S
zpKPqF^h$(-7MgmOXx$U15!Yq^=bjlo80cpZ!T4aXBbU!2C`@0Q>g)aac=-Bwt6eHn
zhoy4WKWh^H%cFW;w&=u;|6CdU;QgoR!FoX-uycf36|)K)^8LX%TS*z?0>L_C&)+ri
zj()m)ir1gKq_`&)n%yJ7*h5^jctCn9V<4vrVHILK!QP%6X5NwAJOkr70!jRn3^Cv<
z%Z$e_@2zOCuz17TS{lnbmp1}+@dwG2N<tW$@I<sMF9V7Rk}t@D0W`RJBK~o>g3xjp
z5ZUGP^`LGlt<n|Avj~xe&a9Lmejky<a}R@%7ip=xNu~JNk8Haaib%<4aa>#c9b^Gw
z1d4ezOREWhpu+1P32nOB7vZJpZArXiuF-7*x?QSG8-$-YZ4F*7+NySX7<(jk5b|2@
z*YSjOz~w*^j&00m=N4~CJ~n+S48&LjxNpcm{5ACtc@92eo2_Gj&ogVCka9~<i$VY=
z3Q?Hqu|R19{zt-^<K7QdCCDA2KGs;HG(2RrK$c8gf*z3=W(uFEdd-fu<#Cx4A@{Te
zTfrd-mH3Z*|5G(O5QUV+K&St;DwYrWJ`d6HNQ3vDtW5*sMV~mSJX)$ovv4y9pew#M
zgW!XmCdA^8c4ws?F!7EeMHfxrEm>m?iIxaXc1nkamsydnbxY>|usO9U@yA|rPzZDo
zV^dBxv4wg%zNJdw`N~<lO(mKX=wybE##W_!PN>k&A~Puv{ZvZI9iovNNL>?B#Fz)5
zu5wf<kYu$1Xx;WjM*9}puBPGvcp$65XMZcX_M%;QhN_(r2=~C&Q{Y!RPh&dyPDSmH
z;+vTHG}kAOi)wUd$f!pj;W!(I_!p&vS7-gKw1r!KEj@|_oKAd<H|lZ5AAk@I)xy{U
z0^sT(OtBCPV9qG@CB_+zr8c7A@rFrx&lAGh{UH+9TZPZw0K+9CL4nQyaR~s|UErsf
z_dIzb`!f(Nmn?V0!COrgaw4_fm8H}Cf%+zhG{50MI#vimJ&?(9vzZlFCODdGFMgA=
zvZ43IF2%F&@5Vr4nC=Kj1b0f;f{e5vu)defKa4o1V$zu_v1ZPaAEKsmmbPl@r6&u<
z^6TpqeT!PIw#<bHXFFj4Pd^w$Dp-eWqJqVw;bgdv4p!-@_6<t6Ohp=1Bsv5a;nHgG
zQPq<~l36(D461;w_UcIA>D#q>?`a@ngd4tR3`4KcA?MIJ2Xp`;_E^?O<ppXoU$C&5
zQpj<jz?>v?RPRFLh}#pWF?r!!3p!0t-tV<B8=qN9vqI<^D(eg2wa=Go{LJ5m=%LL)
zaM@KkAjg2kdok@-4sZvI!RJXTN7hjsP=_?y?MO*y3eKh$l%J&xUY(O=f6Eu))c#bQ
zR}<64eLCo}{VagZ-8SCARCOh)a&Rh>G6L!gqL7%edTln*acnq(K)!}H$qxHWSJ0$q
zPb@C*8SdpAlZ*#QY*ekAT1;m7OQp}pNVJ;&wxHczTCjcUHjw5wIws#2&CAq7$mLb9
z>9E--Kl>St)M9qp!ozasoW3yXY@NT&kRbMACOn{iAbz=Koso@Dq40E`rH=-@Wi=}n
z|C`~S85z|NFtal|8qFC)7`olGX6X52Wp}c?g997CrauQ*06pydM8R?}(n|(z?s7z)
zRxS>%XoyWI2@Y&@^@oU=_Kr}%^<(j;nUB+M0qFoahe|YjL&ycsYl>*B<Jzq?0cE+I
zVz}~2ZDbdc-E7pJ@mA-kt*yiP0m=|!@Y&MjY#%qcTb~Fu+moRHl8LPz)*GIs$+TJx
zL$eMv|NH@Pql8}291?S)MAGLD|JxB73QvA*$7wW;usg4O@AvjjF7ja8ZBQ6%(0IX6
zqKC4o^9nhon_N;=AH4T_Z;X(u^?NXK%UZ`UZf%u6PSI>)*(u?vn)_LFoPK+8>7QI{
zVbpZ48ayQ#)9$xRKP@s(c0=wH0V4RIE_eNw5Vrx)m(;q;^6&?%&Rz{MRIOZ5<ulqD
ztWp>Es^D&0BXu|Kqi<<(H_$yC_eZj$izD5HxbE6Z)#Zz{bvY)dz}s={cpQX)R(vyT
zOIOza?rC>jxZNx-SKu6{q*tvFne#Y%qs&N=^P-P@Qo^fejK?d`?BW2GD6KvmUA5QG
zjllt~lX7VF!eaeS<joQ1l1eAjrla9(8z(+p((&n670l2B)u!m2D$%BtDGWkg=-ikp
zRA;6heZ4~++gEPfA*~eF@QKrQWrN8kMwe93R$KFHg=(uK-cXQ@Q<0=cYr?!rrTLp{
zDV0;EGf6}odOQeTF}gMP$|DMS8NOGmtAqe-rU@{C1kTlG8gpbt^7wX<9>khA!#+Nm
zKhJ(l52`4%DDJ5mQaw(zqvS0pgMCQ0+1!;ini2{4G7O+Z7twz!wc}LyP>qMZDbWpx
z3iMJ~2k0<hu<(E{_I89Cp-+O^aB>+xtOzcR4#TlWt-;wN9tjdf#?PA{nJ~$!AXor<
z$$Tm(T}f;>eZ@sVCrnl$cz#7`<Y$0t)!Vpb9bI@oe!Yus?b0ysH9Xr(Rqs7!4Ao?#
zWKtu_c}X{9e?#Q0RBAg{z8)HMdo!0+pcBb)xW>pGr3>P<96uPx8{C68zw;4HVSV{o
zzTCsmZ%3<a&~nDHZ=<8r0`ehm#Wuiqyql8K`OFX;Rcs+`=TS7$<fO1rw{8#!hn}ea
zS1nV3`K{Pw`FZk?!`wC9CB7K%ysBO9(@_84mMTa|Lpo|I2hFA<Dc_vEtjo<)oh&+H
z3lp<V)D-_2X_-9cEd7D+208mkLQ3%VdN?ffPZoRkFiv?nYb)3ATX^nMz7{~eollvc
z`kHIo1gz$Z<B43RgWpV6#@7#hvkLU^vJT!;J${88yUk6KiLmrL=T(gRJxwlY9+<QF
z@Zom5EcAnSisc8B8$qI>zfSSKHzb+&fI>6+oF|vmGmCp+2Co}jjvHX79B6MmamDj%
z52Loaf85x02knc}$JDK++yyXQLPD9zO|VFf!5!P^*rB$lu{A_p%grN$kxW?`K-m21
z@!$83)16AV$DJ(!`!+1@BG<|~Hi*y?VGZ)%<^`=D*McM>#-IyxpY*FcQDKXAvLTpl
z(>TyFs~VvRlLtw-w~MJGwk9nc$?Wi9r-}L%Xug+S181W<8f+m?MZ^FC9m<dzKtn)w
zrW2hHS)+794Q(<9!r3}{Yq0x<BhAp1Ftkv%MID>|t$$-x6N~R)>eMP(XN=WQ$12x`
zO!EX23YFZl^23Y(dnGEi?b?@mOj(56<Rpd1Ao<v#zVmDVFNHcfa?9Q0v3G^ISewx;
zv+<DI{jv9mjKXN<We=c>TVQ#co4gk_>ZMJceB(D@z4Hca6=?6Q?wVJ;tw7j&s~0$q
zDF9^PyTXO&0-)k}qRcN$t5;fo5h)#6;hAtKzPIq;pwsA$&S(bxWISi~$&Zid8}h2z
zUQ}#mgMeBWEA4WOOZ>d+v2>U9UG4L~bFi6_-Tz%Vr1hr*gC$ve{};ODVovh#{{LK_
zwa5R}#P;g$d4$x&F3mu}LI2_X*AmkuiXy7=0)tuvX32X0mMSJlrt7kI2$JZk)ngI=
zb9_Lob_uscNcfwh`gR6H*|-1vSw{%?TzbxXR+aDjeL8x1KVXLY50Q3VJf&UCF=hjm
z&h7p93%4DLU!XI<ER4nd_a7GK3E(h=knd6j$6^Tl)HBdimedM~|2W}Z`z(s(3VMmE
zFH~3-?^#<>HiumIQU~IkI)=RAqqkJ+q4($L>Axe+#uST6I!1C5(#$=rFu`F`AP{BW
z*e+uU%>Q1U_2Cd(R2e!+qhYzckZLgvp&Vm9bJ-NZPr*Olwue~JX~G}81K<>W%OOXR
z8KVEwFVflo3wJqMu+x;WfoP-enox_766F{sdVhW0h~}JK#7XS*eccz7qGtblwp)}5
z(<{jWC<1oU$I`idSsM{A^EKw@UOBAbY@RnT@|=!YwQG3Vfep9y*+IcX`HFB87-y~~
z^v((B5ut3rKM?FED<!vW0DcQ=RL6lvaf3hiMYu6>b%Uh(K)FV5gL^?Gn1l2Y&U`>|
zJ0NcLdRGq^!HVGTBkU8j4ilskb$8EaF8IU1la5ph_ykM+`76|aRhX))f=~I7>sIcU
ztvnMg3zN>u2l4(;0+1^kqH*}DH?sHk2PkU(lalU<M2?`D$FbAi1JD>Vn8?Iw-a3!T
zz+)8EBOttzJErdGDEcz)P}`fYCTJRa^cLy2MO_O@4rR~?zo_oeNhfbSmq4d4?3V_H
z+v<wDD17Gkcm!HIkv&F{I?bP`De8L*%ZWXiguRf(!bncf6MMozhCLA(<ju{*VqeTn
zgqo|n9KXakrOjQe0Bhq8dcL<ytjUa38F%C9<P?g>AF0RIyX9!T2hNN~CS*^$L*hD{
zdq@+&3R-h)!r40y5G4g3j|#D|-Q`flUv{pA?kJ`g&$<4mV#5BHq9V{Vf_)x!*UtJp
zDxjZ&!BYjaTESb<R)w__dHg;eGl5+ftP;?WG?IlEKve#J0Z+Lc`KRRw7;~vw495gz
zzW1r=dU8^X#9eqsom#EHDA&27Zq#X+&1sRM_cEP=tXLVz?}UHx4M+LfM|=@of*>}X
zMBt96pj|;BpY=epO;^q~_bY{jq*)4Cz@3KOO%44U@T~6K+t;gkK!I5lby_gew{HwK
zeUAqwV!M|9YYFsA_sibHv&0zAAYFUoe#wc%eQiveCn0KWs?hDA*N)K`YI#e|Kc&L1
z?t~ggjJoyTr1z`td$5l+_-Y$~!VN<<$&%sOq+moR8`j8+Q9%p@28+re4VKgW^S0Hh
zYn7H%8}p~gIXzUGJ0y*>e#SFmhKF!IZ$d2^-!?Au1@xK;Fo@jrSCn9o{G;%gqADpd
zlTDueYfm<kz9@TRHA~+$-u377xaYN-d40Zk(yJ3B@Ncm<kq<!>72NSMuZjtrR#SHb
zx=mYy@zmx={E1w@QDO%^o3{p!J9DS4ZtR^6IInn@SjpVDoq}jzgng0Pg9Q~Mlq8a&
zFwa$6FJLKi>R7Mp&w}G-O)me`&GyLixyriHNU|ATO*Az<Ea8V7BpM`=(>Xi@#{>S=
z6do(Lf=auFf#EjY7Ophq8i9Mt19pfm;t;CZvo})jppH|NVM=b1EA$!;<e~yI<Y+QS
z15buje>$fGDxz<&Z-5Smuq+(8{%%BKLc}qe3LxCJEi7K&vu5}hjdP=S&N=`?&L)?K
z=`P}?>gNt(*FR-^uCo|gW`kUfF<)Caxm2>RwW`in7_7K|R#Gt&Y<0EshM#q1s&P(s
zfEtsR5UL>8iHjCBk17~RFfP3^*X)(pOikFgJ`jd(<Bv0&{*C=a`ZMB%&%EHK&VWWn
zD}Y1XRy>A*+s!M@qxrG2=el(*iAfa{qj@U&CaNYTmsU-I5eEpKF|}J<&4Q5(iRO`m
zO;`yU_{hFkKP$xfGw{a!>YGoq@wB&;vas^w<XiLB{1a`I6)G`x0Hy^p;|+?AeY1&>
zN6dh(muwxqJAS4BtT;$}8KioutK@=58z3yK`HCKZpTbd{;;10p;G;iu!9AmUf#T3-
zh&l9Odj#FH=IX!pTs<n_b6l?GL4k}v>kND0!;8|sztQ|n>h`(&v!E^|)mfKbZK0{0
zXSVcxf!}oFXG56pPR1#sPtvu}1A;ZP+!W|tLV#Ez@Ho2;ZH+5;nb3<SUr63f3s9x`
zKLCC}fxpdfp~zwL8>ep*SPX;dX4L#<gFCfp;^<|q#Ygrbu5u2o6#fw6p!9^U2}>|v
zO%6qjyMhaO;F4T6L#j<&HWxPJ;+kD6%L@n&Nt~|3J)^=YxgstjOBQ9xjBaQ~bzY(w
zbu=^GjLeAWqR(v>e%a05h)erMMZ1o!@9{Bzs(*4B*%dCEep}7_A<9c5`d;6v^Z;cI
zx^3bVNb@!QMs6+|AF>Z`E>;oMedTNhOP_J#Pz$xwkqmI$7ZS9!FPx7v3>p`%9c6My
zG_fPuYU$?7D7Z(Uv<_}FnpVBaTsy}BVi!blR<nQv`CMea5?kT1Hp92U+zoG1C9`mU
zY7~kRY^+(yoDs~}TSV<45)$iEnZtMoalD#5!$D8b2lg*hac#JCCnL2#7uA96cU_%u
z=q?(zA=;kUw5eSXS1+n+QNb)-I9Cg|HLR?#HU-w#>#IT-D}O8Ys!f>PT`I1Uwz-n-
zjR0(j(V%0sV`v>L?T40T@Ss+}_u6uQe167<6GT>G3y}_$Qa|ZcJhm<F-bLY|_kiDm
zO;M~9J)*f^Z_b=d>bcd5WR}2MB5PPe$XroNg|@3SIP)m9zp0(N#Wd(ts+xQ>B*K3w
zuKfm5bzn8~*tqXo%C)YlTsHS__j<GA(0GT3Ex+zGIdmJfJyy$gn_vc`CTB~3_zO>{
zSzeqenAe&S^jWfQ-cmm8?hZJ*R@d2-|3Z7Pv#8;aA@fG;_8P;@9LwN_!%)bb55G@j
zf%JQdSow1pq^D>V@oydokVrn(gWNRqWFzIV=>guW+(>y(`S%*f5f13L=Nh)y>kU0R
zQG}O{+}_Dc-V;8AYy({I^A_%Z3Pwv@OO40c2X9hA`2obW{OD<TtcU3rCY?`-PG<X~
zj(Ai(WRtt`9e<NEGVK8;HiDUjeXUSbdxdXLwz@Wf?2>brOeDqlHZ+7v*u9Z_=s$p)
zQ<S~sy*VVwAa=kMdHYin_*y}P{uKSIF@=oVSdx9i(sSQp%kjQo_&vL2?>Khb%x<`e
z7r)TsG)8p|mc=_MPISpCV&_C9$(${@W4}&FE`EFz;LWDnspAZqYE)u)^g|qcm3tz8
zYPUOURXkQ5$YnYE??KEkgZBhTl{C61BgE%2lo557F#pr^KP<8DB$u(60TYwkgbM;O
zHk0UtM1PMXw-LV2ujsP@DJ(vk-M~PAw2}hk=45~zjGPkNfDs4CUi|k%vdF3;n`}wz
zcraM4)XitrSFev$N0@$l`|qT}-wb;4tDe68`1bejrvK!pYWn)~+vVfU>(F#wUHJU?
z*Yu~mo*;bt>4$f4C;JXMd?+8kc{raA%e%Ur4u9d%a)NiY#t-~GhbG#`-&cAF^XZ_m
zslLW>@aY#Gz?4y7p<d=1djZ4;I{bw;;hRlE#f4z|^>pxM?(}p{UvF_4ajx9o+)}@D
zei=XSaXGxwIGXk1y+8fq<1cTwkGJm|Ng1^sO;=Qp1fg79GLXpPn;==5Q-2Xpt&mt;
z7=IYt7VbL^0yoqMJ;<BC3YpAh9Qu7|)@4z{LX%|_@tY=3@6u#xu_Up9tPoX;I?gSs
zND4yb84|4BM+-+_vB0h*2`!}%1a*z*$?Y}HkT=Y&E&`0{i8ZmE!SNVaNsZ}ok^$R>
z(qVydylYu}rMQ^^k9)F&a5(d>5bJVteSZ;z_1+4?H;wVBM$=_b*Qk`eglVAV+2y3)
zD~aR{f_REEEMb##R!O76F!(MsW_Mg$E9$9Q+prq#;*ubKo5KgFBHTFTnKULP(yWPL
zQrUWMM$~fJY0^{GK?@P2iNIq|eOjxQVnH|jZz;oq7k)G<CMeX=5_B~mD_U2!Du4YS
z`c`&=8H+>PG>et;cPRh3iaG4YpFV!+^|GLjwy(F=hFRD_UX9Ne3M$S9_vcX!Nt@<@
zUoq~uG>dQv?dD8UB4-w?brE_AI;~tu*NTem_v1~^#pBHJx7N9L)^d2~NFIzWEyLEr
zc)Bn+Ktw`z{v1IV>FSb~$0k^Qhkv-;I7aF5=t<w1Fz6O^R$YN~wc9H2=oGAT0n_Y{
zzN<&!q%<0%7zol(Fv;%!{PitHncu2e{`%)PH62ud>aUYlp;h|+@9A$_STD=bbyuRI
zMxCiP5-gznlXz5fcu;z4?0rc%J4eTL*&hScG8hEzCm*A9M1jt^)FDA@iGO;I57zhq
z@bjKt-r|(eO-4VEWLciVoPW6VxfyFdl^I}$%dQDJ@7lnw5(rjuqg&rv-tQ(c-4MN-
zK(*~hbBk2r3pKJyuBmC2n$S>ar|7*){3ww<*w&NzG2AhRaT<koytSv-+yy>GSDW--
zTuyQwZGK&OjWCc?DZnL=nt!q!3hjF_1VJzddu#1C1!zwEbK;(SLr25#?jSbEd3p)5
z92RnrMO_weV>>hK=zZ&+Y!iY?zH7+~%hE!su?lOL23}-_oJ09ep~9mX5XuA6cTz&o
z<tkIUHZR6aHkD7EyW2|PXKGa?c)Yk_iuV`?w$1W!4H>3$mGEkU*ng#GF7+z{gA884
z-lUGuTn*5!5aE@uY=)f7d4-|K+=WB9oYd8!GCMMnF^g``7Ahd@LzH2NQ^yKz>)U#P
zh{pyl?1^%9!Z~}_;c?R&;RoO$1`KR`!Gqn4QppZ1ByE+om;3+=&C9X+T)+cVH|ks}
z8FG;)@K{Q9LL)m?Mt_blzWDk92|<#Vn(Bly872E!+~eKuRoeTV+pX_{0elOEQ322`
z??p1oAp?iV#X_jI@+-YlvQsASNIwfj7FOI+F$Nx2KnlKR?{$-LfI7EBUqbuyu5d!e
z*<;#7;>(#tOCI$6p%Bg<1pqc8k;h4^6}|p%niy16PN@DW%zsuyD`6m3i2y?39m^}U
z19pvdZBMxw(~NS6epY%(?)O~2mojvzzhbVK(leyaxaxZ7>Z+xwywP2lc(YBeu2rDf
z`m$Vq5}Od}dEpCN9%|1SG>*8>l;|h&*@MkFz_aylsMZH^!9vNp4FS<jp-@{wony^*
zRSP|8X@6zbZhutviEE=6lW_+_COa?Js83pKd>G&DabhnE8{DS}`y1E)vO?76VBrr%
zPsMcZuFNd+CnLLMVP6uY@%nR-vBL|$ifiNiXXE;{)jzL{6vvD;?QSsatY|hIO+<*n
zLlqf{N^;>vsVEp{S=MhWi$_dNoe5!{%OtYk9=45tZ+~E<bm%3jr>b2wXNTL8fGdYo
z&Qa26sq96;2x>;=RDvF8lN&GlaOskcTp!nqMlaiXu}5@l1T3=fMyY-3t)JN5#qoBQ
zdfJuX&|cC`VT=$w2EkM3T!P_4VxQHTFoH`I`PzWJgO0&)F8jyxj9~>;amvMV%kc_>
z45*kn!++mJ2G}jNTvs^V6Mw0UbA5~^h!84dbNK>i^o+Tt;Uir~{;y8kkvr}zqn;<*
zX%fXfL7`gE=Ezx6WS3pb-DL5x1e1Jd#amrk*FH%7+fyYyVu+G2;Mz}uSomY#vRl&a
zhy%@M*aW?<+lWZEQRWj^T^p{jWw^#3MQL%E`hW1A$))iz*nlxFg(wwdI*S@9O3(t(
zY@<Es6P$$?j6{IA*i@n&i2z(kfTDiwIrctNDUd5pNmwhDS0giO_t_7P88f@UST+#^
zA;`tCJ~hj1DADd^88(J$pDnf6Ff$z|w7pv)X^puI!FZ@H^K{7Y*5P#Kyw)fg&>##_
zk$)srv5S3`Vj1dk1nekkH1iFD(sLfSWg3AvUQ<FeTcZsEOs;YlBEEA(#fw=6D{Q4Z
zpj&!WxgN-!<8Ut#tFGeMd}ATVY2LXDv8uR1OT7D<FLEdtT;ae1L-Zh#Z14OWm|qu$
zB5a7$icPN2LbW9F&t%2FBPr&f=c~M~x_?w9f*3KE((Fv}+XqPo@8^=xdd+eqRE`8i
z-!@s=z4~V>aPD9|YgTV)_clZB2e#H9#+z2-4M~}!Dd$7<Gg?obQ}2Qo^sC_I9<)i$
zW3x+<B(p5udiQpoO_vX^(wLhQBk1^IaY*g!1Awk+h&+H#!iL$$^B6wZT8LX2)_<N^
zgowEdpvUa-E|6huk4TI<l}IE`S71`d)vgM#zYoplIo=F%M>_?i%+uE&r=Py-1qPTi
ziwtZlaeud5nW3{tTT7P^foPNTbF_RD$r~D*L(W1mbX&|wSQa_sx%I}FzR5?zg$}$e
z`9seXkM3qo)kQQfnYjAQMIKjc$$z+PPbZ(R<T>MMD(A;Y0=n3xq$)_wNued>B9DJ2
zNt%&vovv`Bi^IAN92UaNZI1+=pa_Q65wEF<F^#x`3DI}bp%Z$s$Q7VuZ4$F7@9<<0
z;^kU=r4}Iui$leP#Ah_5hZ->jk;03s#irQ*OP*2Z0W|JsuoLa(dMENW>3=9zc8P`Y
zX=@5GpxuihM)Y9NTo9d@X6PN1fQfELj3IqMv5mnE98pO1_@Ji=0dfv6MZ|CPEmZ-`
zL}b5&nyYP8mCQ4|SvyPilI%LV1t(tt$bNADeBRq*dwP)AbQ8zbknJXXz0+?b-iJ3P
zol-~B8yC;yhy1xqA*|C+q!(=zNrqm_AJ^^}am^qi+4s}`0R4nU>X)&Y0Th#9j|u`d
zIFoFTLVsCFi|a-ZzWZ0`9I#(kuM!x6J@$m;_L6}dLQdHrWD@c&@9(F&s+Vf1CHs+E
z7?7o2s%!ab>rp2dJ|F%W6#jY8LzwjN>DR*#Uk!hyQ8j$}{cwFd1dU6BnofRr`(^m>
zst17K?YAG#R?To$BR;^-M}1cJ*`5`?+OrOE>VFm=_xNo9r|d1x)1Zcs_Jla*;uvk@
z??_Wk_%LQZf>}`ps2hkrQ=o11rqi&=BQ~VP$cCBojBaRn9EU3txXs6qjwOz!^o{GB
zii~SJ<HO-YL45Q0041nhXFxg^;#u=A66aq-l#>RcLO^HLuxOgz9ia5UZ0M-Gs@Af%
zuz%UrJM-G-WuDHNop=!0@29tK5BImj#~uXy<nY--07ACEm*OD*)gaN1KyP|Jj#Ak?
zpT9fo6WvV(6^qajY*9<Lc@b*zQOaGpykE(sUJ6|lF)_5m<(?f|AY~ocq?4i|+Erj0
zk0EeX6;{l5K&ojPC+^jYR@kN`mt>*JM}Hh<m5oJ@VlUX}h{9C1I_|XCaFforG_hvI
z#SuhvcE{|aMU*7*KCqur4m?D(gH=#7mux}w6w_)-mjH(9s;ZaTt|kG7&@w!BEOV@C
zvJ$)OTS?slZe+$giyX-j=&BX*Q*v@7R+gL`CH`2hso;0a8l@!>lN^JOnY{)gJAaWm
zv6by#9fSFRz-G-%CPlPtwi;{T2a#navC?P*cG`DM3fV=339DF8QA=_s-nKwqG7gLj
zbqMfQ8?Qi8_(dG2GYg^ulbe<pE3SxVw$Wx80{YpL?4JY3rH-3hWQje3>>?!5qlge{
zUXv0UDkAC<_DYV-`}#`89My!xHGldV$)uNP!H8U3&ny*3M7Nd6D@(<@b^)XHDul3v
zfn_bGdX(%%oY@T$BjdUSQdUTfQ2Y>Oi@r<28_*j2$PQ^=^<U|^8+vrE3eYVTpURty
zQi{#Tl}vp#IZoLP1$JObhuyQ9KrWPwCgTXNV6^*Zz@f%<WzjQb_C8(X+kd!1F6H6J
zF0&W%SFv=Fe7Y&RiE15*Pfo$)lib>kU9oeNE@yI?j!^^!0TKuHlf<RyCM7^&y2~Pp
za$?vgXyY0i)#-d(E$jKCF9p4j7D!$gs*FFs9~8R(=SC6VeSJ{FQJtpYebBf}^T(gV
z_bZfGEIoA}CN+630{d3ER)5;08s<#sTTEiqO=cCqzAWQCSJt&jXBR`5=TIx#jCm1s
z7)F>TI3E=#6|CG@e<Hco&ZMc_1bT9tRthkm2n!U6c9pYmii@0#pa)0+(<UCdI+vPb
zD13%WtuxmFr&Qi!cm|8}+wipR6uO2WZ#1nPPue5B)vv^w$H79$B7Y?e;)sT~Kb|8p
zn$y@Jf<^ljofR;Cl3Jp_0FYDgr<!2Gb38i=!bsgBc;ke+>0C6xW>Y_=`3xgGXpBD)
zqf6Qv=!@T9sBOi+DIMdKL6inM8OAio{G~5oM8vR`cR}i7d}Pzt^GVQMpVs5aEiLvs
z!>UNi9>6KbHHo-QK7UP#*lk>Lrd%|<sYKms@~vooWyaaEM2>RL)()cJ)r<aWRUxrg
zanC1iTE;~yT1AFiCmof5=ZYq$61B1c=hCM2ZU)+OjvH52y9kJm(c0f+-85BTmNRp0
zVsT?4>*jT%Uut8u@h8(c?*EkUtBn6O-y3VuF+0ZD&i17tPk+^7y+T{I+K;Z#6yIks
zMW1vf>e_CE5N%X*!}AOX?KG{z(6e`CdRc>L*-kw!JK&3yBpuF)W@D>&DNS%n$G!L|
z+L66$+vTO8ye}!2<T70K>Mki@s~0P82QWB+-@R4ajk>$G9#;vcwr8?|<BLSmwQ0Iz
za5-Y?>$5F$jeqg&)wsMne4-ER10vRZy&kMyNQY%?FDv%@d<=nmio}XcFRvscA5_by
zDl|5N`n85U()4wUtWyfZSBEasF`N4!UTt*tB^8lJ<m|phLkA3nJsOc`WT5Q(IAFk4
z=43I30)`E%9B$HK!jbxaDI6v0aoo^)N9(E9{qW7Z^$Wx8?;%qA7p(Tkzn8I?0Tc{1
zATS_rVrmL8H8VJazmvDWlL4;?f6I>Jwi4a<S7;r;4xb_g7y|6J`{LeRk_NH}vdRkx
zG6^!9{C<iol2v?2>Yl;fBp8fZwkWb#k5i|L7H2vA_4MZ?;NL9O<Q6r3{ORf2FQ(tq
zw_^JE%hT=k$tf5*`}ypr*B_@ZU(_V$>GkLDE=H{8BHVgX7qLhwRlIwwf9fJ<xQKiD
z<}RgB;vSy}o1VdqjJNPGeuMLPv8<;#&GH<+_b}>Y_UAq6i@1p^JX9+Fk@!jK_50WV
zJw0BZz6zT<t64eI{pH)V=B&#$4Q%rw4J`2b>)R&r8no0;^4&$+)d%sj+;Ar^D7y?Q
zh<~+Q;bK>bd-P?CT8HoAf0&>lyfZR>cHvQ+PCtiRz0Mc)T<yCvrc!5H1e9n@gA(CF
z24sRe5CSx>gkMiCt`DD<H4h6H>62t83ISJNW^j4GVVq22nzF_zEfNRA*3E^Fk1Nxg
zD&B)0PEzOf;z~=NA*ds|W0nNeVS+kjPzTCiZ6=RXu8}W1Qg>WGe-FjaVe;U7`HF(j
z1oAQ5oUnOEILeiYM{0|A;eu-}MH?QMfj6bE-cKTwS$AzOd}Dc3y(4u(++|J51zk!e
z+i*3xmD?bgCM(3~veh|Z!l~0XQ}^jW->7ahyb0D!GO_2N5IJ|AOIun<VKjA-s5k_D
z3y$(ge@PKb<0+&Vf3*8`SM}B{jq2sSC{<o5_F&C+=3@;4<oTi)a=>m9=1WVy<WR2l
zu+T<_F~cS;!556Q6@ARiGFg$UxI+gVawm`U-F|Xx;g>!KR|QUGFSym(MrTw0b4zIp
z*K8|=wnBi6X~pc%A%)+X#I6>k4UUen95o#GbCQ_j;^*L#f0DjE*|38-eWC6p(TZCU
zs>^(+bVbW4Si4#|fa<QpN`F=@T3kzrJt#72c&~jWLtDGj*$TPLS!G&4<{T}kQi3bf
z#r&w04^R-@4zFlk*SM%Iu6B)s63m&P!SuEX%CkY4GTcQ@B4}Q8Cxtt-c?}Z)Nphrn
z#6Kod6PCS-e|8`p-jbw8X-+7vEE&}$C$6F&K0Jx@JpEN^^6URRiRmQH%k*JV)<TMp
zAAXy@>CCHv&Y7XQQ%Dj3bl}1<eHhR2mW3n^!maU_amx#15xdSP^x3t-s#c4RL*gJc
zCZ=KTg>Im6o>?kxvv)zr5P0SJTewOl6O^&$HszC!f4k2;(w1dQ;N|ETkddreMtxl2
z7jH;c#+gpxK>1~b!`mq#>KVwa*;Z0X*_=_#l%y&(#^}XG3PZ~ALJI;Q=2(w_7=3qL
za`<az6@4!jgrT-oTa!76Z?RlOUM5-|+}cfY@6-hpR1xREp&A0N3B@Q&&X6LEW0HAt
z?FS=ye=LfNubQNyl+W)g%lf-sGK-8Mx`btv`Z<Xht+_G90@%f;pvY!vofrVoXF0US
z4!JwMr^cuiNS=-}JUEi60T0ehwSGNIu$^!Ym)^}q(TJ7#?*$vAD=}cmA7b`GS5mQr
z)D=>of3e~P$cE?AjAD%inmI%mEjz=%17R4Ff2mSzy37d&RSHAGDp`!iAUaU87_E~-
zufZ{t)2&oQyv6BY$w#y!`7z&8$E_4&GR)F!@d~*zrp6R-?F&#YG;pg8vmvuJa_%z2
z0n*p#<;gy%)}*HAQP6D1%bS$jKv-buz@@@|l#@V@j5P2Sc%lcA4xH-aPt(s|G}~5A
ze+@T%lx?=us72@#4QJe{+^WLOwe1w%5a6ZZktOwF{{@5_329MZ{0L7vj-8BS=Am8)
zZgK{o9)sPqv^S99hH93CVX1JXq>egR$dKEOmp!HFnEggN+xH4DI>$_gB&V#WVPOT>
zALelWFs#BzHC*je153_!IA8LTBN)bEe_I%JWoW5_F!O;L?J_Q(yScZk72b<WBIife
zZAQuv?PC3;?F^WAfOZj`M$&((S(LW0)@a6Ln9uD#CTi349WA*3Qd3{*Y2jp4=c+_*
zT1)h7gK<$5PBj(57Q$tI^_kn<CFRNWOkcYVT!~UIVh@!*U9JA|*)~dm_mZe^f8<v?
zx&2yl4{If$mowqmLb#nmfK5g_#(R8;_e#K^Q1YVBSaXwf2Wq$7_IP*j@7rGY<<vW|
zLYlygv~q`7A&nX?_{jk7BK8bs{J$ba5(`s-bf7L)T`F!j*6s#xl`^-!-+x#zEYWw4
zq-vRSp|F!6kV@bizV<9+M7IQ2e=$14#rQQly{^{TcQ|SLa-g({IibPGe=ez)w4tte
z*((>7TY69vq=ON5_s1VYYCS$Fp+LRyZ*0CWWI;xbM;)~tf`aXuX@}!(!1`Tjfrx?#
zQ;+O?zIlN#r_}2;XWT7)+e+F{k)3kk=1|3<=`BUqX1Q1T2>FesnVir3e-1kcYVL{k
zu!E3oSp>tjANNpO?WNMMqBEsIMO7bU#E?+7=b-<*y6O!F8EI)^T=J-9NdmD1!gI+j
zmPD9S{qU58>HqMQM4Rw@^OOW#OwWDob}t}<(a+nA!=%C6FZ>Xo#ca+k7X*wF^c?oP
zJi*Rt;?Hszt5a3K*)+|(f2s&Q3OC{UvRF`GXS-L2exG{noGL%(rIn(_*8sma`tK$?
z5Fn`H=KwEd%d7)-)VVb*?306*fFts--BgK6l6uI!O~ol0?2h$iOA;<7OOet4K%`Fi
zyLmuX9pZGL!rX1CdBW(hBeRyOmAY{PhqfRdLiJYF>t<CLZ)zpxe^P{LxDs~bx4JUn
zExWR_4Ki!+4W{t+$PHY{GHbM%am?0tJwgo#a!VEKK3<QRtbaP@Rf8XZ5N1ERSR5Z%
zy`yVgrBcSA7|>C)aj!c@Pkv@qc2)m0XaEkT`ke?-2nrRlV}GK@-7ifX!_Q%-XHZGh
z989sZNs8M8s1QAKf2Q-i9gDNdasOawSl!uh_%DS%ZqUI<JCw4j@2IZ39oBc=pY?FY
zw;UKb(>K(DCbTQ0LYi><LL?&!dfS@T3IXyA=EZq7<Jv}@4c;4-bz5`9`g$}+keUC;
z=&K0`4pcv23+sX0=*fiN7SZo@l~rKJFtxF9qzfZq2vDFe5C8iCUbz1;g?au4*K&99
zm$8@u6PKQ)0Sf{!HMgs!0cab4NsBDG5x)1Y=(C~93ay#Y6x7mn@NJ;M2jiO;@L^!)
z;=k{ZLQ81PUIxsg^HpV~LZQ$XUo1*-hS&eT{PrsFp9T5qcKQ1IKVSa(r`KQOUGe(+
zzh7=2FHYj4b~kwa_{Zy?pYj#()4%@q2IivQK;lI>|H;Aia@yX+`{jgxx3&wsiQQkq
zcLkTffBfa;{p01AMm~T&J3axV2?Si^o4BG3czQwVa&m9N;#~6KZ_3LF=yyK{J}Rek
z*!{c@7on8b{~A<&$B*jaC21W*KeGBbVOpl73k|?4*f2Lf3tl;YUwQ55cCkSGZKE6M
zyLA4$7c69a&iK*bFJbV1BdofNND}<i&VRvgI?QFrC^{-mPq)Kq!Ux|NylK6qz1s4g
zg^*HyOK}Vdq2*c{U#1G$qW=Cf8uSDz&M31IK<eS`$rcgJHgUGi4#masg+4O2f_O3(
z*}H7fjdoSlGoE$+<MSF|$dCkY9pQyiZ)+JKwwaIzDrdd2CjxMPFqRDflIeOwt4QxZ
z*6&t$;uO{vmU;?Sll0y11eCic<3FQ(8OIp^#RUjUxo3egn$0HJl75g^Edz*75Osw6
zMMen-Kbv&6TqhSdBo7Kk(&}QOc$_!rmV}w2!E*OuKX1+M*Pa+1k?@uPkkK~8H$2Hp
z=y}xWlpJ{{PD#*zA)z+^UIs}ZK~dnAJhphg_r&6yQQmFhw2*yAvfIJ&nBH1lDrED?
z%BY}!@GR{zhoRiEz&(i#qx@6JUd4*|QznTlkW}0<8Eu)2^5ev6)#?VDfNOzb)$qHz
zr>St+Bx?x_Va}?JKFl5iA{vk$-{1@-_9&;3vJYencDK-fb735^VlZ_ICI0H8)?n(-
zfT%)IruvTc%Iw6{w2=2szb#>%KlU@fC=r2;Ezw7Ic<_QoRtQUfXFIv&Xz?h^n8x;i
z5VMPpI%t3M$|)*v=&BO6@=7WfE(pkXw(JUu?^sP39t6qD)HVOK2*_(}W>am;5Gvhv
zmfRGIWl}hQFffdsj^5ST3=R2Z;%#g?LPthn;Ti(1OJr5{sbIY2Qc4D0lP1v&q^n6z
zq7MM%Y)3J2uU&tf@W^X+`<k;Mvfsc0d2Q;EvMH2SAn)ku7%5IUr78J!2^W|*K=E#F
zhiJET{#W=cXKT~o(4i91WTTpir*h)j@Dq<by{;jD3vEN*B#wpOsx-5MMLlp~fF&d>
z^qiu75@vi_<BOA!H-jjuv`bL$g-4k44A~~`dWt1=M3xm7PAZB3$GD4(yfaJ9Q7~Iq
zu8mj}9MUtRK~Dc;?{Cb((~nj=RzD4hqJ}z)EL6tOb8!6*k1Ua)T}Kujcv;;zk3n9~
znqz{0glnP4vD3Dm!Q%(3J|CHyNLVPSE0gElxgQ|pYq2`3Pl~n$Drd5Y+ROfS0Nk?2
zIoD;0kzpiM!$EWQj-36t@D*lj@wB#gt&+5r=(mK4k{y9msIRklc|b}48d1lDDqbR^
zB~(liR#6^sxEpFVGAAo4O4-7jA64gq;FuGCm9DB_uIE}gw%U-K8K)T9^3OpEmQ(s_
zH6`=S!6c5A4C5Wk6?9h-CVVOVh&7}V@vuCw<)m5pv_u$eePINZ=2e4kmdb-o_9_I6
zOKh{WGMqI07LOl=P_ikyGHV`9i<!(O;4<M<Jt5m{adNd`r2T(~#!nOmsVlccg;2eJ
zcOL`oXluFzS61{DIwd75y%xYz5TqitFlX}mqvpY3;2HD;`3xz<#PU;*^d7O&$jQ5&
zZG#}jfK8c0<r70m)iKEFW7~IbnnlN{iQe{}5sC#f8L*w|s{H&U57Vq;u^o`wpj52+
zuFXa{1oA!(yIfP&{6ZP%gUT05yEr0$fq^wfT-xM)S^piDYNt|J)!9}C3Y}7X!o*8x
zINhfs-^=RST`N=-#f-D4vZ_J}Rhx0tTpaIf>$Pp$?l8)Xx3ftcSktqVcWL`LtlNdQ
z3C4Fhce$Td^sfF#^z`N}J=WYLm6?ySPGrNn^A<uyYyFSasoSZ^7+J1R{6OV@DP_{V
zA~DyNTKs^j^gU9JH){9}hOxZ)hlXzhEU$F>cE|xfw3(y<-mR({YF?C#PXe0W+=|cJ
zLTX%Gx~k{RoH=&Iwpzg|_NL_ZGp7u(({#xE=~#GaU$FggmB>*twQ4$JJB$}o7_M{C
zLH?DFtc$Pkp(Rze?ZHoK;MER)#Cidbn&u{~;5%HoN}DFvGcu1Nx5{H#geWacE~+{A
zZq^VWBDdw<sck#&qc(RYmt{QN^jUKmnq(k_3uypz4(ov{jh4#76O)iV+*88BuC%by
zNe~*BVJ;v488+kfUeB<V8Ft~s75|jD32%t81SK{^=SWA?3yg5#U{r~JJ6P0hM`rZ*
zMACl#jM9@C$*^V{AH)nw;}wIUCbcwGLLA|gQWEfo^E!SamI$9=y8mGGM9+0gV-D)Y
zDQ<UgI6de{J<HTbzqR>EhQ1mzWt(cRU)10y5asoiYgscTwCqs%mhZBUYO6lxapAaM
zg%^ZO8XSA!Yf@FRe+K}6(;?QNY>dMgO->KKOM{~d@6E%*sDg!T5W;(5gR_>lFzk<6
z=Ug?05{q;)rK9iJfimTe<7rZwGzi@a9lY>>7BQrmpVDHH!D&$_q>sHJ79>ghr<4RE
zks_5$cRW$z=eu<H$>MMqp7&S(|0XP&Z$U$Hv#83~Td#wZhKHzs<cQPeswWjTcOfle
zCGh}qvD^GjHH(BjQh!?dj`qJCEp<_~64FQ29|Tp2oH|3#Y@9!_X5%tqBw<GAjFNx_
z3|`>TAp(~C{eT@4uwxQl(AJZ%y7{om=F4IAj<|Y=ck!HsQz`3_OjF~v0;>QF1%CW4
zJ%S}5+Bf_b(TmA{!7SjD0kuwVkTLP~KNOA*bjRiEaQ#MZ;Y2;x*K-RbX*1OJ6S)QW
zuC0^CujarUB^J!g@%6=nI6E%+%ZrcZ8|e0_#A><VaKghK$h*#B0PKCV9K3K+g_!XR
zNyFa6AkGC&;i33>*<!e-D<@RCQ@zVtB`WEay88Xs(tPTF>ttTt^EV18?^4a8SPIm0
zTia=DvazZ$(IgywgAP~1yK|pxhf$PH+2L_>7q;bla9tkQot$)(Kgu#wB^_E(v8Zm&
zfMl%8X`!sMA@h-QE;db_{8w*@Pv-Al>&@tC_V;VAVvZvDEP_&w8zKJVH%QS-PCLs$
zyOSZ38ViGed=$<)ZcA9W!OL%&-kp#6JWJ@8l8hU~H~NRXjX}`)omU<6ntjfFW|^sh
zR+s{er^Ik7g};WV7p{2s>0Q(RT>ghU0Ng-oOcvw=0{{{&de@V#a)X<?uYv_!L4?1X
z|3e~w2aO|_(FtT%S|9WOQXsOw{i!8FP(+);eQXIu@x=fCU`sficCZ8?4}Il*D!x3e
z{l{niPVP0$f{pO4?Sb4RXEqKbns6|Vg_az>W-_G1eI3d0Is<#N;+NO|0Z<4A(wDKA
z0TY*6%K;1lGnZ$}0YiUDk1V$hzR$1dvw`kN)K&!y3g~4fKyJ1N@WIF_UI4=mkazLl
zk0eSWwN>@laq#fEduov=^5e%v5*K;;{pCL=;s03)C%3}s%a1SLeRcYGx++dzetx-q
zyg2ZWIw>yh^zp;#Z}0jf<>}+6S1{5DC*P$LO5CLdDOc&@HDQ0G|I11N5*(QA<CmAW
zkC(4U1KUO7uz<sU|El$NmapQm`H#0vzrw?R2<JZ}Z0G#xZ-w8>mLCN_x82TwkHUSU
zG5mwz!q4!u9}ZvlA2$A6%2PsxpT>XqNzxrD!^g6n9e)YO!-@S@bMvuP!$uv&Ki4qU
zJx&!D6#kBrqUe8dt|XN!W5k!<xATf~pg_1(dK5>+dv06vEl3NiRytTjd`inSoK)!v
zb>EU!yh3r2;i~jkl?k^VMOTlktEiChwVjt&rN~&gq?NSY3-Qm7f6S3$?Zq@$!O_CY
z0BMbJc_@O{`bd}JTFrCO<v*WIxiS~Txg_H9y1^^l_D6q^Vi^zd@EWo~igUF4IjYP?
zNJIX-`6WQQ>#=x_3N}H0eEf`XjQWZYfS^NknS3?CC9WSIjPrSfMCS-|tU(H#-{O#Q
z9K2gzvT2-PF7v9Dmm<w?@e*4N7s(}TW;r4Xp@`$Bv`JR*3$(A5l=$0)72}1K1`fJU
z;(B*aGNgZHnWVp>1%D40MUr{lE^Oru;3hx-b%Dl?;zm#al<J0GDtQS6XR1`;UFjUn
zYNIb@5xp;&;7cgEtrn4&8gB$of)=}-j|l6fZ}?Q!z8|SE5rw?|75sqw_uyBfPdegU
z8WcHWMUpKS?=@lYTQ?MwSQCd=#l20wjVlEj3TS^t5ob0rs!ci{b6Hu}SX77aL=q;2
z659}Ef({UgcSsc#L$+pkl)3T?LG^EWzV!UH5TANP_ZAos_K;#$d088zaMhN@l{I@o
z%ZzU+5a$@_c;q76W+6Rv9D8qfnglgfY+4b!nnc_Nsbmr~*R{;w=tNdJajx?o9NE&+
zBf5V8mSE555BQ0p+%*yv6rzoC8lZ!f(%S(OK1K5Q3xolYH3f~ElN(u(9p=y;)Ka3B
z(3Rifm(GDCV`pW)eoK<>qdl&Urf%VSBo)+gJdmkGEvrTQ_-&jyDS25umHLG8%a5m@
zzG_Snp0h(+c-qaHjI<lE6mlK>sb+xJGO&N*a71*@2PI#Cj8LGB_*q*LfFYFY<c#?N
z@JtOhmc;J*sD<7~$?4YoQ3%adez%fK5?vi|xOelnC*q7zs+TOHHv90@GrfW;4TT`*
zxbp6d2_Fr~4~LB0I;{i{o})Z)z`U4AQu>VHEIROlNhSkK409+9l7C3U@=^*g>cxLS
z6K-U7F%M*)E~iLI)e43=zy+3o74Ij%XIxm(3oBzDH8-<jCRGhKrG2uzd;m<jcCHk~
zAyq}eGMWne?gfo~Mn6dD+kygN#;usx${Pk4Y$EBV$1JO$aQZeEVd?~ijhM2hYP2fl
zn2S;@TFH*e8$IVB3qgG;tZLd<Wz>IVNdlmy@k%`{bqO}dTXv1iXS4TqaUgU@1C99#
zqOK{~(G`z2$rS3gjiMC`3{o!goCJsglsMMLwf|I?JD?nw`+I;v)a?cJD$23wmSX##
z?IhrEEOUs@b1tkbGYhFpuspMW?h5&`f86cSKH)S&#O$kN4}W?U`$@w8OMQQ7666j6
zMVq`Xp$HY;k+KaGHO5gXjFN0B+>2YWbd0-I$=7(8aSZNhq#Jom<y*_vQ`lblGvuwI
z%V?Sf6Kdvsy?gb!6w4H*j=hT(XL`2UjS78G$O2%XBerCsIzqEIGk>1Pi6^+8c-w9>
zMRo*PwAWeov%z9GDP!@r>QsN%VpEn(Efo0$Bgb)$6q%Hjf;@b;rSUVB;4T`h?6`w6
z$*~9ccs=kFvLW-sR$dO%NutqeyjtAtD7;V*>>^t;?i=Ol(L~e`FU3I~WzgSwqJZQn
zN~#KWvQ~DPl`y4&Uu&(c2vC4Xo|FibnA|232Z+$N;|Jb6qoRw{juwA0Wf=?*x-9}*
z&SK2^z%Ho2qpBKFV-GOph+2%e{az#l;B6MvpyGbyhgd>?0qb4#+I0i&%lf(j_hQC*
zDBzuD*yE*=6D3c|eKFdr=)xa+^EnPMB9>wITJbn_&kXs!T?i=X3!A4Ss?RozWHfm&
zmr#ALwpf^j6~e-eJZpcTOOAAGck*sP?pR1-GdYt_Ms8#R$`UUZmeZW`&ufWa$mJ-A
z!6*?xjb`!p-;;^+OOTr46G6bN7Z_@arC86lZ&mcNH1|0teIaUbx4{J9pwooOWZVLa
z&L5wT>`w)6Dbh5Bl51VjvZRl)o-Qg*0(Tkzb8$~C%OnGT4_1F-=pi;8B1otDk>pP)
z_EC7KY7NISn9@D3IxfUbC4<nFT&zl~1Sc99Fc^=b4!@GKk!;Vzxgv@Vn>WSC%yzwz
z`(RM>T&onW4hr+tT6Zn(bYCS=S<+g7y1x58K&4GTEMe%;gt$LYv$s9I*c`8Rc8VI}
z4yYx=*#iJ#{#t*i6sdtX!-|S|z#Hsbl;~TRXe<rR&R!=4vZw2Dr@8Hrl)Q}@s_XwY
z<rR~Ob*<_xz<EEW-2ym*n-YDQHQosNA7Da>LPX`XM%Pk&ijp#)c6k%a9!kV$V*3Rw
zINg0St-$Ko=>;8IC7~Q-&63?g7Ij$$gM1$p5Q48<BL9EHz~I*xG=vKX{#gEw8_!zf
zR+GW~reqE|-HKZB{nVU`6z5Xs(uTRET>TXLy&71=MYVC~Ugdg{Sv+~f3;{gqu;%il
z>)x_2<yFZc7lZ;u5?L~S=5SX6NqtCZ=$GT{Gp9^Ph~=4IlK{7VFyBH<Z<RJL?H2KR
z@hN8$cUpgSg&upv2VjkdZnLXOXSyPk`ii1%>zs8}PpvFsHtji<wNRpRyyeMFyOat@
zF*2^VsB`@{YgL!_Uc%8xxm8lNS7fB*zeF58s55se{m%U7VN;4?#JnH0-?H09fsvj2
zQ(nV2*t<nxaJ?V7!4T#<jm!4j#(c|U|IFI_a0h=?YRxG9CTw$Dph}V3vkW!D8!s8j
zSLylOD%#e0Y`aG^)-`va((vTnMk?d^&gRpFI4IkZ#_&u?&I7VJYs&7ocxStV1RmR-
ztaNM>RyNDr@0b;=u>fR>Ek2)iwJu(7<IY=x-KHz=DNvKTl4aTmW|5+tw88{@7C>}C
zQ=NZ!5-w6m{CvX(06JP3Zzc>)Fs*R#1Sg1<oq85AX_KL(^U|+=%|<~u?<{P;>vb_g
zt~QV6bD!a8a*?YaNrQt$X{B*w|M(qNKar6}g=WJI?(hgrQ~z6pf5HeYtu)3beEzA`
z|7}H(DIBc~cYIOjubA)&CY;WW68q;s`ul&5Nh{Og8!qF&etQYWy??Kk^3C60#OWMZ
z{I`>`>F2MfZ^woS!yQ$JNEC;i?Pn_HaT{@P-sTgj+P))p2U%dcS-J+zN?UfH*1T6L
zCwrxcKK4daNU`0^1mm0^&39~32vasao)yCM+azoQ1EUpegR^MyDycd3aSo(J>_C6t
zg~jmN@0nCR>6&{|Qvav6>*r^2%0@-Kt5NfMn|$60RJKZILzHO+Jvxp{5sB@M)K$zA
zdGDSfoMuO#Q^^*DQbCe*nox(I@8xgooZe=`8WF0%!MJf8rKj&nxY*HqBN)ua0O$Q_
zG)9nFvbn!L{TGP{1_=sfZe(+Ga%Gpfm;noyo7Mpf0y!|3sMY~Pe@Tz@xDCDcuc&i?
zs+f``+d#uWE!_cfo1}pp203K|f=qzSW&VCBQKG2T?qo1XeQqz3NIpI;Ql=YRetG-P
zWy1d~sLQgc%g=v%`_peO{|<Mj%g_IKdwjhu3SV8O?Pf1uf4%(nQ(XWqUw{Ac9j5&{
zzfao^@6*SQSJwTle-`)mi*DlI@bqsj_yQ>RR(hmi4^R9c;my@Ozx&I1zp8g|H?+pL
z=EdLj-%iR81mJ$Ge{Z3w-BQF*^w8h+^Ube4JW(&2`MQLatvukmU%}ExYTnhmGWaur
zyR!J>BnKS@TxiKc1TU=Di%!dP1CxqK<nR&BE|*;BNul5@f3vo{>ZQ>48YknMaoo05
z<_CYUrgeoWKUib5=q;$kkND@W-@ko)z5UQaiQNqT<|v^_3=IL98q#tai^MfTQkH+N
zpYGC)r=BdIp4^XdKcC?y4@j~Nu&G!^setf@R{){MLyfIMUpN3Zlq`p%Ngl#FUM?NQ
zps5H+83M?ufBcn7i)I_R*G$6pi#43QLAX`ISiCvLMmaQm2*A>^_v;!)P*QV-Tz3c&
zYb%JHBNAc@|H#XU7(iZ7_~R8yvVZu0{9XFg{RG~~*d&>!<#)dd(}0O~4xb5YZ2=@~
z`!UW?+SThoCuG*H8I|O{;Q+I&@XGypCf1Ogi9zyBf46oo2)`IY#6T5mno$CkW}{h$
z?CRus6<)EBZZwNkJ4}z5ni4Z>b~V-<O64K&9z5$jg&hHBXzLJXJ!HLtz_BT*l)PC0
z+vcJPmTZnrI11WNh<x%3!e36vIz)_KYEn7L+#SV4ZeR`jSLR~HO^za)2j)!kujDW|
zv7{fze`0xxK<MNMP7IVZvn0}?0bY4hMFKJRF*%e<j<zH)3z#Y?Y69va<4STgybmN|
zBFz8GR~ze;bB3U!b0rPIp;Vo^g0wP3Ar<F_!60`IbTYK2K)B@^ZU=*=MvFMR#(*Yr
zKmR^QqIlPaobz5J#3c@bVPaIhMqJjG7M~xaf0f}?PIF>rP^KA`0Zlc|+!<UfIyt3C
zfudT67N6Gd(gD0P6>_kc?|b|r=u%g-+T`>z%roHR5^g18#G^u+k{9q<%}<BL3?*4A
z*(PQ@6ys9*A#yI80$)GiUt>j-Kpg!~q!Lvb*2;YCp1?JNf!TEJ_%CLlK+e)ZI7*2C
ze<!G!mUk+`*V1<sMmc^J%SC;*6p$+COR>Qdh>UGYRHB>EWkkEoSv(*}!i2^!@5TTY
zk9_U)$TH<DHp$9|3G$vmkBpO(SG#=5aLnT@2YK~jl4+Lhe@+?5W>WH^#%t1VS@xx1
z)-5ltGNiPCL&J<KE@P&;DEG!LB7dWze@NX83SM)W0(`gcqejsti^f+ux6PvGRzjo<
zuzB2QCiW@uMocE#n#qmfdkVecW*qE~+eIfq_FyknAx($JzJ*($4YZpyLnLTZ7gnY5
zxC)Qy0?P}j=K@SC(T1^*6`@|qE|gHyl7GDIp}prsV>L~mjv~tN^%6#t#FOIUe^yXn
z@Hfpbs0c_@C)Zlt(9{Z|N2Tu&<5>r$fcrDTfvK^|!-5Jk@*&zUv#YXBC@5-(69qLl
zrsOdhEcd}zt|mF5%!ZG&$0_$%fw4c^WuFK-Hn@yB87IV{nhO#Mxa{<bY8Y=zML4!X
z*_DWrGA%1RMbAcYL0^fS$ETvAe_Kht0^zXH*A{lcJSg0hRm)ucD~vv`%WYw!&uH{_
z^}yM`{&{YYRo~XeAU@@C%XZ6k!Z;0we|;kN0&3RbU6tN&jKAT3>!ha*mK{ZVMSjQI
zc8K5E*qdrayeVZuMGd!PiMh-$Pi4)M2;{*-Yif?1G;^f}AEMpkaRU+Je_3P5?NBsh
z7iSVmpiAZ)z>=(y9b?o<;DVH4CbgK{8L=cPRem!QY&Ix<o@TUsQ}g83B$|ox&5C<W
zVrt5fUc#yHJuxr%nbE>xw!i%JHep!%C0o=Ve)l$AuG4M1{B*GvAN%WnUH;fvKH+8t
zfnK?Nk((C7uvt^t{$fL`f9QI-qodjzGKeV;MOasKu3Ch!c(CqCbM+@TaWY-NYHo9T
zxUMMy&e<|{-~;@B1vSdm9_kThd((YIYVAhpC^FC8;v%Jd<hY{e2al}6szPLHu~Lp3
z(>-dFb*jyFm!%m9ha{<jjD}=%Y_E}|t*=}J>r0@4*N<w#j54+&e`eRUq%00(ml7oT
zc6QRZQJ1ROtco1+^fwwaSy3+bl@c?j9Vk)U$oy3{8XmDQuPd#CV3ZjBV9U;B5%cU~
zCy8!I{;NHN0o0o<`jhQav|&<gyUyXYEDV+5Q|#rZCPURWDO1&E*8RQWT=s4Gk*Ho-
z?HMZ1P0{wovY9ukfBEI2xO9n~U0DmCTTs~BN?lAB=i_zOpn0VGFz+I{9YI8I_3nx&
zPifF{nn-5V!*;dO)LxKF1uw#|o6%{S#mkZ|^V`j|yI6lcj`sV+AIQp?WCb#}s!u}M
zI6*q|8(^dMst8xzi(QdwD{|=LjkLAhPJHEHY|yGO1MToIf7FI3S?g_<lJ`<`Ku~Av
zlmi!c=MF5SXpnW*Jf(Cs7W=))7^y|Nh~S!xSHvB+Y{CAWcqiD8LQ@EOClWDj*PddR
za>kIZZ(-Y2f%tvx@<-%Vr*bX`!w6KaLf?0uo)%^3gGQz%#W~K@?0hq)vUVD_=vEjO
zOc<mfeT>WNe+VXu&XMRl*Gs32-b?jqou^XNrJtfIaHT*?=0Q_3+zp)=+uv2YO4gDa
z{;4EYRXmR!mP9DujicQx2zq^Ac><|yk;Uc-lSmo&7rxnR2@Z+QG`5xa1c{V=kz~Zx
zLOci{D)GFRl~cIwott=-n(FUJjuYdKunOf|+R~m(f5k>eD}*@)JE@<k?HIOv+IZ+4
zDZtM@_v@BHyJsb_#gcDpg<WphsSTGynCN<giBB{-#rs(sM;foinZ`VQ>g@-WXE};v
z8bTrQxCU26Cmen#=mf|}QBX_qDQ?X9ex1R(F<gE)<UQT>3Y>yyXC?eur<bdqfm%Z=
z`iS-Rf79VD_4LC4xR#(=nuGaGafG-}T1M56R`xc_#cNtTx`^8^K%BK}U~ODGsU@_Z
zU3q*epIP`VnxKj)h{0M3Qii_gH=DJ}Za1AbYhnIwv$h^2G;48DG5Fhe?#U_-9>3S)
zZmMua578W<X$zZwNVlKPf}thEho|s?hJ9rUf1bS4Z#r(C5)hr+^UDyx;rqbUFh+QY
zFFZ8n1dTCdm0mEpXrv6H@33*kFz5_7S!;X<%#G#9-<_q1E=bw1ZJYti8K<l{6BmkX
zO#}lv%^?n5$qhG-Ol8oC+%dacvZF@uM{JauW4m__T_o}zSP%wE8MK;J2Hn$4Pk#qd
zf1@q_PvM=OhlR1H4O5`**cy=t7X8$^Yb+5LTy}drZ*tgXbob#dc;4MpmEs@VsON3w
zT<xt|koa2cHZOGslR%WWyvp78))u5(r7CI^(OTmx7fVu;s&k5^Q{#5_cAFc0sg+T?
z6V%cR_#FgEI7B6^ynWe1&NNR?WUCePe|Q7dr4=Q1j``Om>1)ov)3-Ov>Op>_Obyo-
z>pNydbfR<$;_fLg^@#;<TBc3)^ij;2t;MSJmy44{j2tc;ujRURT=(S3pW^2E!PXUN
zxTS`$MC1TubmP(H1sm`C0R&P9(Wasd+vmXG8a%!7%zc~}XIWXMr)D|Iz*CqjfAjpQ
zPG8xTLxCw8n({bi574vAzIogwKfk&W3G}|TQ*%ud@2%%&x%mV~x!Io1LI_7~oHjev
ztHFG(S8rfCvZnP$*F7M2wYfdOT1xmlh^)mSx!yK#dnZC1L@A5k#sRmy-Vgzyt`gfi
zJNUmTjeKI6s|{IdZMr$AvE#d*G3t~5riSRFH>{Z^OdA{H`f+sEMGd&dPvbk;p?!`;
zGHO8&Y>n|Ky!(gCe*tnnJl>bFm;n=)yW#-}1Tr}{G?&QY0YZOTNvkA95We@X=(Esm
zMs8IFkAm*5Zo!-Sz=L>l15v@b%-=U6BbTVGtYt(Hod>mNWGr7qe3?D!3g?ffKhFyP
zJm_;b=<|o4PTziZ{v$qB=MTS}?(e5g<ENb(uKxV~<N5QKJ_DTJfBx=G^&`B&W3+U*
z*f-VDWydF=cY1%kfO%6-e4y>9-?YPn0=n{e0F~b3Xz-(dQxgxf@rtA<9j?_)d~ACX
zMDr^{hwxBo-O){c90Wl>Ub?8mgWgQ}p1&N*y(cj&WXfU<u$1@^o<hm+)ZxJxVJc07
z=3I0%V4(XB<)(?Ezxw>$VtVo+8h#tUfB*9Id_R5F3W|Rp{8e*MEC&Uhi=&M3&>6b2
z;0%B=%7D@1`>!ogpn8(kt7~5c7~B~35q1phh!wrSS`y~{)zoMSt{H>}*>cUc_Gtor
zqpN$2I1bT#hI>4lAVfpB*%P&<Cfn>_VKWDTWdx0<xexgDv@qitb*wNMh8OR};fs$Y
z3WkI<v|N9FzG3Pdz(V;)hVrdQ3aN+>Y<$Wg4VSiypIMQGEEQe~)47imX-@F_n%(@G
zb)AwrSR0D5@?~)ir|ew_$v!yZg6(jdZi&hQG`dXJrXS~*LZ1L(@$g@Yd9HdZG0&Ko
zTbN>QD`RuyFO51l<OpW{b4{JHPP38=KE-^cfUtjn)HXzvg+aRCsWVzH68LYFn946R
zw`h_O`j!b9lbaVlyZARl?N4zzf05{atTy4X2CJEZG9{@w6(yQV+p2NF^K&cW+%_4=
zQ;Ao*2Ren#`BQ!2&<&7gcL@Yh(J+m9QqSLRa;_VeWSwJkW?{Fj<Bo0Hwr$(C?N0K<
zwr$(#*tV^XosON8{nk1ARPFr(?lr5{hc(x@=N#A2l41F^Y(&Q6Qg*cl$}T%GitRw3
z1Of0P*qq@U`gK|(2j1NYuZFR*6*j*J+K4>&a%0G0p0JkwQ7S1>sHpizB{s9W#q-9o
z6<+31kQdgXl6<)16XaL!UU`?2Q8OE-<ot8)(oh?I??X8|KkyHZxuSM|Lv6otR=8C6
zoEp|7X>2CDswSk#UvpSEBi!6tlgE%+iw)pGn|U-3e5%QwQ#&4ljaNN?Xjf#nYH-yt
zPb9InB&oDMu!>(5yy}US82?M{5>9)Z%Ro7IgKG#xW+|EFI)Rzs$j)oRyA52>Y#G#d
zu_z5uerXMK5AtLO3@Bjm5{bXlx{jxlbCQZ^QR|_wM2d|mph(y|XxfnKkf&0d+!H`#
z_9A)>m4h{@Fw0T?9eiEpdHU;RZeZL($CjhqF0=sN*T!wZP&93QBEo2TsCUVLQq~lG
zQFm49COSJ?6PY5UQJM=Fs(MLf4jiA@VuES{+PpH5kTTd&ei<3{g56k+zJ;vp%5I6}
zhSw&tCRE$QKA1*kqI!U2p2%i|lM67r7;%ir=Qdj!9QV3RC+k39W!DB3w4<-LUG{gu
zZ6zg2XCwRZyq@-56auK;kj+d$S&h?F|MGxcJX^sR`j@LR9Asplmi*V?4Mhmw*@5h6
zT`y<Fy_nJa`zNn!y6^s5+dT&ih80`&Yq{fb<Aa<f{kCC$BMh@>pEN3XoEE@PB~@8I
zL(1`b)Uv9?D-$j%YjV3Z*^sD*__VE&3Xzc8!NO=VuqT%x;_kexW(---Y81HmR<7K=
z5<YNp29NkJ3J<pP#Kh%_6q7-7kC=2DSIc}LzGrDm?8JTWlQJhE>m(Ipx|E#?!{r9s
zyGQ$jdV>)7_LdD(kZvt8ng{@CNKs~Cts0wLf`$o2=ua5(zm9TrXvE!Li7^trIykO3
z^J#DduC}h~YfSg2P*g^5e+19at8Nz9kh7@!^*t=<X9ie6`!i3FwhUMi=-xC9a|()+
z&M!f}T93+fv<m8d;Zk#@HUG`q124)G6|2)|0%haBi2+9;(bdvc@iPOw^>M5@i`{XY
z#!6H9C!_AbL-kE)bt}|Go!8Szi0EBM%dI^#9Y<2ka4d7Je^0t&fk&|E@(^v&yL3S*
z7u|QrTnf6~H|A(se@W6G5eE{X5$zu|ccn0*^w|WLqY;G?iSCIDq}XLrb;gVFFjaz!
z?DzW;dN2C#(-Omu^ymXzL<c}TnmY=_@LTFYm@m3jZwEo(OWf(7Z!PAgIz?(e8HHb1
zX$H)+f<Z5xck4gG5hdwhkZIl$4J5clN@Lquz&fXjTwO3chS(QFw+~mGk9!q!!6i0g
zEoG6)y?%y#%3X26i+<WMvwk}vEx_jxJbzlPBWzOI>LbrXgd_kGgx=;Q+h*c@?C9J|
zY9s`M=_~B|%rTN$2>BS{K1ZnBU`kh32Zd&LO3AetkAr_~(cBy4Yg<pK|H7&9A^dLF
zj;}_SF9=yQU#Gw3>LUP}4TEme|47DG%TX4Hf-9r#9KMmy?vGmlYFCsjdd}yb)q?Lc
z%C0>j+-SKVKeYllxKR9Z+HW80*V);do7XdYHli-@h`^b)9N)T5w&AU{4I~wrtj$@Y
zA~64&Y$A|n+e87k)O-R+wmjZogxeft+)fAZx`Z{thI$idTT%_;xzL&J!rK<M+?{ZT
z8Ydey87!>Krm}Kb%2g$f!ywj{5MlM)h?&&V3Cw&ghN1E6R4~Cn;gwDXAoQl4X#fk?
zfA+Lmdr0fa$=G9Br~|HD^5-*G{#Y2XTP+&Pg<j9CwY1O2^Ilio8~9cQQvau=Q?viK
zS%iy&@jv)6V{2$=_Wzgu#mmbeYi4iZYDvhR)W<*yNYRv<JY+}wxw^aMn!`&`$H5k<
z3)_Ogc7|*>Lmneybjj$=qfSX}v~B<Wk}tsEeD!!Pbq+QdH`pe$pZAL|SPEgc7vJyO
z?1h0(ZSWZYzq(3fse3K~zz$nA7_3v^^C!>;d^@Q#5<F^geRNhqjjZRX<x6N^IPqsT
zc~5x)4o;E4ZaoKY{snm!9f16qe+<8gOBIj`WcvznCF9REH12=)oJ2V5hX2<d0lkbj
z4LqF&MEN(?VV=?@W4<wgY$ql6+vn5WvkTsUecS!*Flw{UUcf?7?<I(PPuAV0hZOt?
zw%*%%JS3sku1Ry(lF7G#buv2cUQRXt-|xF2Kx!J|F;x{L>Gr%aJRv=9lDvq*k04@S
zY0Q2RQX5i$o2o9P*iGls8F01=xy2CH=0f*%Gz+Q}cIPVFT8N~aoEnX<jw|?UsGnq&
ztU|=zK2O_x$ub#*Jw;N}s%rZnHC8nT`jb`zZa%bI3T^Dj_IpZLPF}sSic;#iwgM&%
za6m|c7n3QC+I)l_DHouj+LC`vlAaBM^iuw=4+C8%!<rRe53a2z4YASKQ_3xkMkjkS
zF{P$fO^q~;mAoQMKXrGPI$0`JZ)0qlwR6X|We3RkO%)5t!A3V6HBH|~EdQ9!hxsfc
znuVt5=n*YrxJMnGF_Cbfi+(Wb1<F4H&^GVhNom8~l8`c1$FhcbDMfM?HI8fA6(UT8
zC6X1hYnP6p-|$vp#c366)`zAgWkMymKF|?o3!b*NGxRYlQZdp%yflG_N8B{@q=y#m
z%`99xJRlZa?)0zokP(ryd03M+fI+-9`~i1F>1;{$>^{Xa&W391J1y1Y&euW$$lVi+
z1IB6k3pF|XQN3HNU_K(p36FQp!7q>#(DfKVzAh#GF)e&AU0IM+_1#hainqv*{Ui+`
z?||2~$Se7{G%L6D_NN3omB1{}X%yLF`>cTDDY7QwE}#tNYCeIDf;s;xYrqr4stR)7
zYY?TAwVb%v#nTEmG@_dHN`6!XaG)t-BlC(q3l}b22Py~>DO#5BzI4Fv{&s}WWT8BS
z69V-+V3UF&RgpVGSlyRy=HB=OTQc-lztM?~F<ae{=v4x-j(odB`7TobBf_XT_=nW6
zv6XBTq`}C0^zAO$5@N%+YeYL4R9{E!Mft3TH8A29uiv6|t;Ar9twdcNaOh~ZV7xaf
z9MXziA_M|#q*aUs)|8My`8PTNp4_5#n4u=2;*KoV>&pQwC^}i5JtY189Z{qIC5GKc
z6>^W*y+p)A+Z{oo+JgpnyvxWMgyGuFqtIjDm`2F?q#joh%Md&Y7HivbQC0egT3iOj
zDftYVm_FQ@UF{0!i()ewz}AL>LrS4tk*KPS4COeOHavxlPserUy>*QyP`$N72UfP?
zN#sEmMWwM;^3b}@mMXf!eHHv=GGi#ltdp2LQQmG~r^uyV0KLSfIG{Yv9h80wOn)R6
zGuH8X19O9ZgfxzhN*fqzW^Q@@<hf}vSpzGz+!6en<7lLgOH`BqF#ix6V5JcYO~ZAZ
zI4_UsQXRKIu7m2;gr@Cg{1^*jqARqBu3_T$_p)OQFOn{wFjUQR_awyo3-uVC`ur{q
zEZm&s57S@%U9@jpFh+cjb)7qRhE4MgPWej4)J8gv*@9HnD;xbSim>X*O&{acMv_B)
z{D>71ufHPLtlI|h05>uBkq<}>eMdUKLh=v5)h!uc>}ChCM;8(XDfx<YQ6>?7c!$)5
zTu?-ruPH{){X!#Osd+ToXd>>MrzvsY{x+^<2T6{GAvX=mIm-`j{WZDPRo>Y99{-S>
zB<_uymU+P5;qZu3p<XGoRQ+~f6OP_|R(`&uh(!NmfAS6p0A_Z9w||M@RW>lWw_D><
zbBAC4v{WO?tq^@BG7{6YVTL|rn<UW~Xw6n+>HG8pwUWOXqMALxb9Pt>sy>nh_Xc5f
z;&)(zTyW!6t)NixiVb&ZnkZK<<09jT$_D(X{6imxjQ(6#9yqB$qPE1VRQkN5+_Uc%
ziWMsAIJkEFe>|uw@9>b7Z9TtLd+pyJ&s;g>2+qEkKM>U40v!L-QfS#Z|8Kw#6B`@*
zf43AS*8km8m{@<B3T7H31_)Fe`~|QaB?v2LnjQ)W1~6BeAwCF2S~dzu1loTNDns-0
z|Nm#PF}87|f>Z;iK?;Jvrb$(Tkfx!dgN#vd{Zv+lW>9rdv$ryFFf}7&V*9VOq5pB1
zIjvt91O=ESsh<JkKg9vej4WL2KLvhh^#4WS^vquF^zuYiTVeEb*seVH-A#0r)L7K=
zzqA5@2tbV=64V?(mJEt#)sjS9Ai@(wB+73L_Ei!WWLE-K;-(c*WbbzZ6T(Z&c*ess
z+A;_3cfvtaex0egrp;&RJ$dEZ6)^CqJik8KYRc2e83}Dy14u??A_^G~+XA}ZM`yi>
zgXu|vr_t`QL(aKZV2*4cnHV%yXVbf{hJtp9hU^6;ooq*{!Iv`+v7!(cj){_$v{a7j
zeC`M4P=g_^!`R-I1qYv6gLs#W_#^8wwqI_)xdrBkS;IrTFRBGY1YGl&pwG)JeOtfx
z-&!uA1LyX{0p&1mU+ZdLOfF6NJ>W#sfp3EKP9W0Bh}b_X!jEujj~s122Jnxt!GA*L
zLic3^fI#n?XAo0=CP69MMayS!;z{eqE$etn^Gq{q_)hfw+lwf9@##xd9(jk!OU)0_
zQ?w4dmwul&lUR=5eL_Jl!$cxsM@JaEikv>8^J7XyfKk*qJPtqM@gb>_p7GP~7zB@u
z&S?Cjy9BtD$>&b~OCVFRdnD^#p&t&<#^ivRRU+%zH#z#m?Exlt41D4CsT?IA(wTMy
zdeO;TduM2#7{+{*B^-B1Yf(%24M6vaw7N->-cHEu8;g4<4&>CR8DWnf;-WjUbl+T7
zk;_^XAfrUnM{lmP2D2dPibo)XQ4h@*n3Pcl6jnATvGrX~@MYXDXDQ$fc}=m`lf%xq
zn=dzIs5;6kaW_xBX2ivUoXG%mId4gj8(10;x(tF2Db40llOidek9LYgIeoP=NY}X-
z$a=L4JW@61-B*l0Eu=E{NAej7q8Y4)jDBqzFnRiCtF^;~{zp=?lwq1}E?ScKNc6WM
ztNksp#Moe1mgJdp&yKsFhd2v+0_2D2^0Po&Z8|vjw%^lLijd5^s``I@<yBzy-!L<8
zMc90Yw#PhF<5iSA2iPPaWCTXr@d;((+kb0Qr;Q9^g4&$q9>h9g%z>zmFqqlIr})YM
zQvW=ckkyaI3DWBWcM$yxpi1&BAwwC7!_nb2e<)87BMHUeSB%f&usua&^0>_pct#j&
zuLJa6PDMX7FD2_sML_+_&9&D^UN&Vtb;E9vuGr&BWyCCjB+|_#AchL8=(`zzet}U@
z3H~V0>{?3pQ4sQyyoDk1tdGbY5N;m_93Vg)2~#5Bf7wqT5h01I@3JVv#-Z{^7#A@j
z!W9$p3ZF{nN>~mjjiw5F+2xK>1otFP79BEYQEIp<I&~U_Mxza@k0GE<Rawn2{K9pL
z66c#@sg};k{DCN9Q(EVvo*z{>^mjv;wD&zs5X=n_mc#~z<Q%`#hzy&^+}~#d?AsXF
z%seG;#*;ed7`?_31!#-o(@?Fc&MjN!5}j+k<f@S57!+32y{SJDQbWTDj@gqwj*roZ
zRGiD(C>WN0@1H2u-&ZO|QZNW4%WBYJuR@iT!;r!|L5auBeeeZddG>TTc|-{;3{YV9
zN;G2{hlbq#QRevMgz;aQo(9JU6y&#et?zE^ux^uJ@=eoe+qwAi$K#--4ItNC)m6KP
zLa)3CkKAGN_F=4h_x~x3H@i$;Kul63TzV-0|8nNLe$Td7IZ6Nfy%gh5D~Ow4zbQ9f
z-=QYDSb%Jet%F?)W7%;JiM*KPOH`Wulznm9kTREB8k;+Fc7(rYH~+E#I7ZB3>{>`d
zKsC5RV3YfGmMMjGz!dr*z`31k-Xt|9^*n9@-e>J;R)hE#IY5%J>K!Z|hr48*QsY4&
zn81JwSg>%M_R!N1t3$qrqL=rMqmCRJ9npU-WZXz7{pW}2KA-T71b5P5Trv#n%h^!V
zE_Z55v7?ON^bz*zkY0=i(Ch9~!Ar(WXNrd|e1w*uRq)`WRTunmeAmSY?MgShwvaTo
z=~q)yx5s-9E^<9t6m&HxIDvehB|}psQtNC%cB<E+c<ve|O5nJ5LRE98)Bp<o*mIm5
zGDtBw5xh|NFSoEEN#-Vs5cxWPvH|M#nf8FnEi?@n7?uhpS(xeoK+2D484OVX1f5#|
zx{t3+O1aMr(to5*{bPKFE?JA<76-*H*b(+q(>KMf*=?be7`D<h8nx!F8Q>m-&auzq
z`H+$`%GU`83dNF^UK)s{XH=Oh0DHw%r{qx57FR03kmggv&npv$j2JF)bx7uAP9YhJ
zx5D3F4(_zx4hJ^{2-}}tmn#~FLMP^IN8or1)_SPJ+??U>%+s;b@QEE{o&C)n3xs4O
zz!z2x9)6dVUq@FAdGfzPi_TwY6y|6PCssSo1a?K5y`3<heOU;&v#h6x<Hk_dG*=Cd
z`q_7p172ir9uCrowL|(h@h?e60h{PphpXTLGAP67NW_;8@NZ7TTN$W~sExTfg?%AX
zkjAydNl|IyAcsOMIP*|n-9G*Ttp;=4ZX%XFnp!)<F^dV7QVD{T7{YtaF>Z}1Glbpj
zPmPp)k^o(JqO7V*p|Wa(w)iNg4x=462wk0EbmhQlIr>F?6S#RyQkIUBN|dx~s03?2
zBvbVML?ZnhfGkNS&KgNJ=?2J>^3(s1=rT}Kf6XCGimD>|t99n2uj+a{o+c=OGng+Z
zKrXl6AF>Xvf=^9E1bbF-BUfhAW$=pEPQyRkm?!j1uJ8RXVkt6X$r2nj)sU_$J5Fz5
z_FaII6}w*o^cWp*U2k$blvXgvaD+BK6(q4Vnncho;DP2$L)JVy$>c7xD+5bEX;XBI
z{26(GHpP(IrD=L<Dz%!`QBY(v=+gMw4K+@=Pxlg|swkLtz}l``EA>Emn!1F!ANNAm
zjhJQP`sCc?0_DN%-1{Pszre!*hX4o1tSL%Zxj>JV2l~n#C$HqFMTkHdORca{Q?2&z
zsYx3(p!iLDxI*;<0^S98zeurmHH&{4Y&F{y<xc#_dod|VZqA(fr1-ZLN;h%V?Sk)I
z7T4(E?SO$fMC%=N76ni4L);*|iZXW6cALSsZ5^C-Bx|;5B*~ie?+481lE?mZy^qHh
zax3Tl{`75{gC_x&k0JrqZfB}Tv)_xCBAfWKfKC+YJYK**W^;q@2{oM7J+a>kRZo}m
zCI$n4CD2|7CU(A37IS@s8f-I+4}hPiw4kkw^9FulFj{dHb<uyoYAml<oDSjs!1>uQ
zgjJgLsm%`7h!4fjEUVL}kQXMG77LWyWox5l%lb1FFI_Za-ja>;v>ikujr01<>tQE}
z0TdI{(s`ND{<t}9^5UW2h8KJ&NrtOCv?{F<aeRDON%NP}jXYg~zzhy7T3#}{q6!K-
z<|RQ8CgvkwlMOYcTnJxdrad3GI28K5yeA>5g{B6F0*(TYYn358T3?AJ;L29_3#Ww*
zFJJd8=Efj}r$d?AfGuyk-XM>imrIyCz>E!m>$ls*{@+Fv=a-mR>7=y+TP9~hgbsyE
zBnxF~H6_WAzbLjd#(CrBOW4WsBYKx6SUk`-q!{=)odMH*>e1J^Quv+IhfI%hcOy*f
zH->`ivcxZ&-CCb(1q*`$$&Qy!UySBl>^AR34%q;+eG{ED2EbiJi0o{uOwB|NATf^Q
z*L%ZGWcdd3S?a@jS)K30c$kB3VFV<8%r03}hIjmfrBW0j$M7kd0rv<daDkaEP>gLG
zT%0-cZD*&)VmIHsUl5(4gh(lR&`3B{JpF~ISo3h<9Fm1CD)p0?SVfGuPQ$FFYLfA;
z+86pP>%a7qW!I`R6*KsOzmyczfSdtG(I5Jd!j2k10^?+g9OrtRW(yX-!(ux6iit<1
zR^YeD+u7TrLvipC4`(SO`uBUA!@GD1y*Dm}G0Tc!+Czma8+5P7i<Pb<%WYA-hB#=C
z5~ZH2qIf<f8tE2!RSMmcRsagMq=-wCvrFfhDke@FmFzh@1ZUT$V6rVaKv@e%xA_7S
zfVkily7YBX5;PT&5=XGR)0!GBupK5dj^%Q+d~bIKgyXEy3hj&nhfVs_XPpv=s9vE=
z1PAjfP^4%Au8z&gxM2iKoZorYGHz4K>u3T_xX)%(2c0ChP&yiiH%QRU05|Gz;7}$5
ze0_%}P?WT=*$OgMK=``~a45?y;hL%DEndf-$!gs)ZoXQjnyq9fsM`={om4HhROouW
zK?_={ot!Mkl@Qf{v5EJ&58q1c_rv7fNMFV>ubAbk&MrKSdCy6>zRyV^w^F~oPc?5m
zvx}-5UPijV;;79_II<~Zjo<}&UoFTj6sno`ZzKs3c2Fci-<#Y3Y|6RCn1@j$G~%(Q
z7|H&c&Ea|;=z+1A!84s&&`{oq!Ff?r<U`^A_XuZ&sYfsktc5!$Cq7@Uxx|w#E??AI
zffQz(J+bmsH*A?x!8oA=fjmx`(!rc3USx{pk`dP+%AU7F6h_(3vpg+$2ez|_k`X;d
zr-`ZxEi29;SvsBrxH6aU{TG*4f}<Is=IMMp{MQ5FvY*T=YoR#qc9|k~M2HteAs~mK
z_r}4axVOc3;U`766L>YrzY69Bd7CJVlUf?>fOXxLFpRx(rc^Z4AWg(JahVv$T0M*+
zMk<j`$G8=0Hn+#~Ol6cLkn?37Tq4)xS98o}17UL()Q%SwfHvw;MTedR0J&MxO&DjU
z%Rg2G{)lGMJT`U@U0kolWs(th;90Vuc&viF6YbntWyzsh4YUE*csgT@=DSUpWEebg
z{B2hB(AM;FCnq~2RU;s&&?Bjh@7rA~_xDbKm!ZYCC1OIDX>4E%UJJ;Jl(tGRd;;W^
zP0J89*Uvl&kRWxpF>QM7ax&B11Ngo;p}#b%Uf3=9W&Z(_7wRY$rSN@WV^vHGqhsj6
zV&vd$?c}D7U)7Mx7~NmK7sMYDSnfq9j@iZVXEj{oG1Nn1+nf`9%stC<B`F7OmtX*7
zljTJ;(AD=9z54W>_sN0u$9vsITlI&}xrlbt08~f-FfeY&gIAad<Osiir9#*PSx2>r
zFt=7$cVK!ZlK%<2j($kOrkF1%yWq^7t5k^@$W_fjs6GkdD?O9%X0_M?OjosR3^!}i
zr=~t%v13oaJ1<2x5pD}>mId889$;bzH$~DbKxP-;{KAt>(;e!v8Xw}JUQ05#5lQ*o
z76^+D2<%zwXOKf`l67+GQZI5M#OF<7BR{2SGB#z?#$s#Gj*u=vc!SlpCDx|Xr1zMU
zDCBu4wcS_>_Yt(RzS}03ffqCdjqNhJGO}HATSr^UJ$D-NK=XU=hl8T&9ce#6FeC7N
zGdxb%YwykTd}~08!?@DwGNs|a4+!@4MD#-hFeHARbCZ7FKP5NT?d;V5Ui&EA)h(sy
zfTd5%B{iR;!agwzXM!E+3Ow>m4bzO<W)d5>%L_!(&DR_sAK#wRP517@kHX>f()0cc
zq%MUK5pZ|@<a}JwnvwHlmMdFF&9rLDdIv3rx?qi`B<Zlk0+Av!e9GC~GG)PhrZr>%
zxFuFVG?=<M7WrWNvdLXV&ef=p%uq0kki;Wf!?pH8EYa0eo#N6XS9}6Q>i}(v$SGhy
z27C5J6;%3ib>=3=N(x9BFe-U|Bz{88PI><0ItKdlpi{*TpRlr*;mNy5+ya|%pDqfz
zZsz~)c>5bWT-ZB8ouv+(T|%r1c9=f}kl+s>e`4fF>J%Hy_sGe8t`#(SxvKm6x@qkN
zc-%i!{xI#<>Wx;p$>9YJhX3th;c{xfl|3Bg@xSCf@4lbL3AQ;1uGj%>hI&V-^Q~cq
zOkdCG&`xpY4VN?B?p<FuxBzu5u964N@N@-XIiv=)ENfhQ9i+3o4eLwOSAF~gG-g`g
zB_CyJkfn0*-Cac<zrAhPs;srv#Jy;vovsSbmjJ^RN{^rQuSGvw#Ul$#kx^m;yU5t$
zvF9fN>9tby+kw(3(D@<{O-%{h7V`Ms-sj8i_Pic<xLrtYbv)1HBq2D@OJVB($<j#X
z1)0&JS81CpuU)FQ$N{^Wqs5Z|l;KiSj;~K=Kt^<dfkO~u_;Q>^#t*2K-xYYT{@@xq
zrj>*|a~LGx+sNENG6EfEJk^aWY=Pz53Cu%jfts{nU&1G$|CR1Uev9(OB@d3|J%rgA
zqwhpTCA9cWx75{c*0!)aGTC!D)enqt5U;BH*Wl|i;N<z5ENo>T^K8-$U>9Q|{-m4I
zY7Nsw({%z@e-e<7(ja(*&xH7SW`d^P-6D}KZ^2v<#GeE*nxB5{&QANRM=5H1Ww-@k
zoJnn~l}x+}g1bZKQ~zU!!@SGYXd~yMGN`Rr^?3Y>;P7RBvDvvb_3mQvZML1Lk_3Vv
zz&+}E`+OqY&w#(v=KDep;L^}RjQ}t2;+Y3yq9fO~ftT^MMG!${7i}-Z)JwJucNb$}
zN5+GLm_d99Fl%ztYNanicL9HBjxuw`T&cjbpNqB6OayWsh<!cVbm;Aj*Z{np4{dbM
zI&5|QUPZ5X;J&YZXl%yQ*n{$<&ZXs};fwoiybxO)S3FysSMPTMP!Ir?%K~~P?(0U#
zq=1)-{MD@DJv2<^DdEFAEWkxJZp)n2hb{6)cFO$k_59!!1a>EyDB43rBph_;PLDdG
zqwBnLIv+(>4&#vvH{4SlX$<Q|0-U>#GJpq+Yds!?{J=I7?=z4mUbs=rga6Zn$GHnR
z4vwZxVST?Ym*43V@P`6Ft5@sy*4xcJf$na*^##<{?ZnZ2nXCYVz9MVUcWid%FY_4#
z%(-6IuVswmFk`Jnq_umm_#&Y_1U1Xz^jNFg{#((Se%p*$|Is~W*cDEUUySp}v>V<S
z##2<N<x^#Zy3e;@>??CA;)+%BWH=v%a13ToEqtD-yaV|0fGM6${)0OY#aBGg=2~Fw
zvV0_ChTIFQ8>A{R%9WXh3M;;rc~Wi4=f_i|X=Jqw1u&hNTi%8-(kpc4;}2pdBR-G>
z6a{Gka;g}?895XM>wfStb}R|p$rZ`nFVaT>Cua6$uT>WjbN+-ji{(H3yM9moEy*fM
zIQS_&W4Vol0KnrwV;AYx+#7qXye7AYl8DfmFTP4%0ht?#zPFpqn4ZDoeqW(%|D_ZG
zXKn0t8P=&L7&|4j*DxlJr(o#3*l4+2ynxF4ua%h@ta>?ikzQ7aeZ&Dgp%wA%82slx
zdz>T>**C2Fy3dx|5Pm0$1sikozZZvdIZ%ceg>|?K04fgWjpodXbGJshdf;MpuGSpd
zQX^CLQ>a<1DNzwrrFm(w<^e2`2k#hSZf@xc#&k9pHU&#eIMb{p6wiH@<-?NMTVRQ_
zJa<=YSZsMO$;3d<@Kxj1#|wvl+Ly6CL0FXWc?@;4QXAhZ5hN<xQmJTlbSSveHL0p0
zw|Vq60Q+}};Gy5e1ix;s!=7c5tSyG+=(8}VlgIgk&bOs+Rrr*+D^Y(HV;7oCO%#&~
zg)_xR%evGx@Hc7U*o4E28pQOVZR1Z{_1O=NY()7sh}Zn0rNf3XYErgIQ?O0!RD~~2
zv@eliBymneY-qzH>S8JYgvACZ1#B%?D*$!l0D{rHA$S>hs7G?11&>g32^Jb{PwYQN
zVlraxt(VFcZUZ?Oo~+(oUQ?Ycj_D?z!BHPaHr~Kl5copMoG(A)z$ub59Y3n*l(qk9
ze)ZcO_|PUPG1=>qZM(R<r!~$t4%Yq(=fm|uC|<?!45HXEUL+||yj-M=A%##DU2tMY
z0`TXb`mKQQL>!*ld;dv9m6CIG=L|x)iIAP#>fBqv>T>RH%7Ar=78ts-1LXAjEM}r9
z)Ox-gZ7@q77pD86lsOE~?zG~bT3E`CH1T^~d@_7Lylo;Hpqxn^|G_nYDNG=oA`Hz{
zxJ(~dVB~qNEe{cQ5{2J4OvLRna)mNQ228fg$6`*Jz^+3?sZ!U(s!=B!iVJcll)}2N
zZ_BxfgY1XUEv1SM1jrQkK5*lEo)F_xcEh(GKDF_<*LTz_6gRB+5=t<Yi$^aKfzRqx
zkDW)?v>BQ*X;08Srjk!`!PF6_t~|LE?nToyYZewp5BE^=C}F(oMv_H78g_}D0)Sxb
zi;u~@tkXD^XgJC`&mfiv|HP)J#S+%^iXiYq(G5;{^mZfto>^mcI60o4ozk}8F3S3T
z3%uDxLiyFNJv*rLpki(CeVRnWVqr6x_s@u^>(^M}8hL&i2w9{#_*_)LLohbt7%UWg
z)|NfkIV&Ffv4=&mPb<Uky{8{30f1j0=>d8Ow}?_C#-@8xx}}GCF=m8E&y_nrTG)u_
z{uQnv>kC^%#Kh!ILI!NB!%xt`)B94AlhP7~tqmMZONB35J2~?N#{I_;cW~tU;HvHW
zaL3Hcm1aeuF40ey<1Q$w;Mw@e8b9~@^X1oxK&Kz>%#OR~nf2-r6GNm)As{RoGJ5yp
z14X7fgrpUowz<>$Csk%Nc^{V{(SS4pJ=Zb*v?3X|(-+#}RPy;cl5kLq0LsE|^=OMB
zTP=7NJb+$A=-GBmu4zeAzHW8hO8l}xT;#)??L2-%T-Q)@48Vf{Mo;l$fBQXP0pg75
z_1v(hQ`Va`MVX%VYC_9%1kmaFn<9b#+xh4~M}yYTTRKn1pw)cI@*U5xH_=A~->2#7
zt|f}V_byBZ067WFM{)}4oG;>KTo@SAtX?$ltPNSTYS@K%pbg6(%3C_*lJZA8A|<@T
zq<&AO?07-vnNfrMSE>SIH)q0M>AMX-R{W1(rc8te7KE72rjW_rZh-wDv+~z{RWkpw
zV4gKsXw!W5Fr|cpdzdr=6sioZ8NcysOE!2&oOPF0xZnb6?D(4X*{;AB7=5(eJBPY{
zGQE_;wa?o+T|6URYU`dgFH~H}!#}PwLKB-#dS8-le_fp&0iU(WdcZH!u?*>u8B<dt
zs@6tsG#ig{HEIb}RzQ|Lt_dv*a*>jS22vHhewZ7gw@HXHIk=dNyQTBrorp8O8QGYm
z2TgYi_fbRJe;d>A6c7ea*WpUze9R}k?_X!@;z{vcw~k-wvI^5yw!;JM5)4uY?H@d4
z1n(;MOg<fQZ-*wl8L%)X0(hP@{w@c@{Mey_AVV(FWKn``nt+vj4MXw4<X6Ijyy_vb
zKJHu+TINL&iizH_su0Iw`#W>7JLPbnL5uhyIo=1L1^<Gf%B;=WYHvK5@2Fmf&4TIO
z$XzcehSXH2SApIMe1$i`yZxJvne5!uqw&y*A=~1`3Pw+h?g?4QDq}o%IunTMk@SZC
zY#aFW*-VEFE&!cqd-#Fu(vzs-CG_;kmW#0YHFraZZe*_9cmp-L?{5*-^yRqhRQ7G&
zD1pyWk2?M!jt|Oi8sC_r6@lr)*6xv`UiZuKNhUjnL>i3}e!1lDfBrXqeHsxEQTDNF
zlqtOCOoQcWyhut+)Dom=kx=UOMopAWUX^WwteGy2vVfeYgoVk;E<fqW?!c4%5gJ(|
z9U7If<`%v|)jr}ypcUJC2JFlRYBlN>kS1Co?A!xPVOH%N;b~*_aV*J~;PeT_XBTM+
zdCyJiOQrFA)%44x8R@dw13l&2XHM|vc1rMn{65kXCd!!Itl$ExPkNibUGva@I+1<U
zktZ;IZvc`K`|8_uoghk-(aO%3HwU!|oueCYXvJ&#(fEmHCrX$$_=d``f_)6VpRL+S
zK3W5h|2bb9p36F8$s8j(O#y#N<(_G=bhsvloS{)>Xmks>jLj)cO>W|Iwbj`n@JSdX
zD)F^+IUgU20Q?^?HlA<79x!h8;XMT?PhP1C`2g8}tJs{K<NOk~JXj|6wD?@;66Xzu
z355A)Lk}_09gKCxfUYtBDkhg3ok<}R+mz-{Q?}g;B8U{8)H7KWBltaIZQhy1>8SUW
z0o$e`+!9f$FBymWk2T>&j6k}<WH7Vfu0`QUJ|*znXtvu3g!$5c1w<QvQO>%BQx6FG
zlK^a(r?+?n0|N}<Yp#6Z#OV{RRQPROz{jF9bN2#6@1v#VFxiTh%P~cu;_f}CNNiy?
z54Wx@-jN1D!~Zbyty}E8DPp@o*~t0wNv(M!{WWFkbi3v~_9@#@ANMvaY}K3<X7ryz
zm#4TO)ihoCsA^3=&jt$RWWvfS$E!`Ol?3ETUpNAIaS?c)|J8v17Vyl1k{T_!((Q2-
z<_=By?)aor_jt=abDm<Cx*V-g4KH8rgQ$rO3ZEV>aft@DZ`Z|Y3+9>9J3^%&a1xXV
zS7H>3uP3_i_WJnQCQd(G?cR@vukALq(P1!`&>;)pbP8kj$~xReYSmI@VChGA1Of=;
zFm$BYw^7r>a}~<Qn>{|1tIqu4TxC)Diwj@2sD13xh-dK|?*`?X+<Ua2Yv=(Q!IU;A
zBR0L)po=4F_~C(&#q1-<4dG!VEMtku3<2(<#pWmy^lb&R+UtZ`-0p%Q9suufi$I6Z
z)Bq4NJO?e3NPfuU^H?;#y5aY^`Vo~;7*sPhLhvpm7M*5)eG!A67;W(2^Cf)(g&^OW
zA%Z6BCmq)uC+F<<mWK=p*>z;+ERtps&(Y+dOYd*@?2&iy{9QYAAqNT97@yNnfU!f|
z;)Ebf*frkvJ5T)be98?jTGP_?PjD0fPVciX40Sj9jh7W=nc}sW)7dGxX#n-=ooiU5
zQG_Imq9+=H4;|xYT_3N<x53xAvAcS#mw1rITH$r$=s-g<(1Dtj+hDR`{uO_;hfl`F
zZJhoSS5GYm_EIG3;-;(&P&=8ivDSzwo+`<|=V~5bUD(a?erZswF2co`A?A@>O0BAH
ziS#QgDrGW9c2bDGp6|kzMgU{jAu&u6j1qN<2dPt(2QpH`q;WBYPRS95*th`-x}8|i
z9r<3std~sThjy-b{gU{|{ur<f1{%1`bAIh!S+DO#&wavMN`OpUO$TpPyWjegf;z32
zsoFj9l(&1eUc2u_=`_ymz=}Z6^Tfgd`^u~H=fieMPmY?4err=JI^e_CP+mmOuwd!o
zc3~NgW`%vSJ)boq#z<nU-LUoa(#Qp|M%`r5^Y3*0uk&g57!)CLNkmgpEoasZIrM?V
zxvTAt(WTyl9G>e?P8018x+EpXu-60Hq;8k_5|*hjnl@U4`rC%-s&%BE#y?~metEms
zVG5Uka%c$?oW;7U4ZyG7UY|#XpM+^A+o6(6QfHCaeu~KFCe41sF<H%Pvb+Ge`iphF
zOQX~%qH4=l4B_&pL<Ufd183d1ACwQ<KB6CnOX#hP-K(aod|8JM9ZU++AM9}p5AXO{
z$+J{C<c&r$Tm<$)yGzn1!tjC5!am|qi7w#?q)BF7dV;;QTR<?zbgOVKCJ+OV5DUlL
zyU>~bjUHjWT!<OuY|{ADr^fA$-2%DQ!Qyk@7?K_yqi3v9IPizSj2Lip@E0lm-dwba
zHM)O0hVZv7TJbKB5wqZn?dBq<|3$0RVy)}ia+_(VHYNE2Cuns^XixM?y*3^?YpL)X
zvv;mB*BVguB_I;o#kq80IOztum6%E5Sz}?f<kVs|*9_uIO_}+1>My7=bK0)@$fecq
z&zWATkCHnqHU6KE%DlY<rF2C-rW<$n4zieWp;pWY;mNRecg0+x>IR(XZU9h>)Zon!
zo*o3{oijg%4=dPQgcN!tRPcN|qIlLAu(0TAkJ@aO1fZ$2m)lAvPKxVQL%H49@@SK6
z0rF$B`KILg<`QW4V2q#H3+{_znwK(`2Y6KVm6utpS?Hl;?v~KW8cvxKO(-wXqHu2e
zhL+eNA%5J1Rp<2gzADw(((`U}`<VArO6x*v7GZ@SuQSPE0y}f$hx*e!^db5qbS@F^
zCm*tK7vS=``%G&)hw{b8JAv)OTQA8L>14Mx83IV}H6wJQ=pzUO^@}gyXK-N*zEcCK
zBvX4nGW<}F(M3bY(r)%NzJ4xZCjj)kWRW4bDQ>t$R+=Y^3Q;0yP(KU213K^6tdEOv
z<O=JIOwUHAP<OH*+3KIzsPq(Gh!36_DDZ|V3NS(cK6T+#Wv_0{fWuBJl|`AOop;1G
z9nns#WXfWzAZ4K#y)R(+W%l$sm$sh4Px5PR+V$M7G+<1wNE@uUhi8pdLbPxGvC<mx
znt)5{!X`Bixa+eU>=OQ^#CBtrrFD#k%?mZjjx}hqC98cbOOoUvWBnvorzv;;H$SuY
zF~H{=h6O*}_#}8FQa_`J=F7)+@+9iZ&uU{*4FT-i;>)Ei&0)}~%>B!xfwg<@Yb!$p
zTYPHLs3+x%^2%ErOXF=Wi{g3j&&i0w4z<(GQOaL_0V5Xr*QDlKiZePZJ)yJW$nleZ
zmsy<fy>E2~3;$GDECl{t9W3n5>;X4^)Br#YL}v%(D1}%nJV7x*n}#7_SKLdwJ-QiK
zlrfNFx^sHr4S)Iiopi>{%xt$>tYdvBoV`2LnaG;&dY#?X`Vz#0aP_9*o1Kg?1^S0Z
z{1dH{kWX3&h~E+2;;WfA<EN>L1NHQd3T1dsv8sn~dmmSmpj>{0ULK=7&G0x>WC0|+
znxTJnqI9QeJQ8rW99F=z6ZpPP+J2x|DNOu@*#3!-lyTP$7&efa#CqEWpAw^2Sjpor
z4537YoupR791Qwx4h;k9+&QZM1Gc9|@(o*UBs+iPm^o-U9GWe&Y({NuAMHE72IFgt
zq=pcdeIg_9U`4+2$hB8OYhViFkO7o<ew%mYQKgaZiDcapSq+rVJhQ(dQlv&!%qyWs
zO<Su`ySl$MiKMY{pEhad$eYZaxHhuupblyCRzc_#nilcIc5stGyr$pOS`s;Ln52+t
z#I_KhR6-;0rID)ctQUIa*?n(w3^=&hS8soRobN}uh@1^=KZ(Y*GZ^&5C;)2w7(7q4
zHVK{_bemaf1nvcJN~DtN7Q0NcSR=9_y4B~#@T0*oiSx<dyAc}Euis|~e!0!&Ig(nA
zY+}YWBmF9tifpd}Y&2=lm^{?$n~!?aGRhR>JM8s7_Yb@XRAb1G$Z8_k*afpu)ErN$
zfB(_;OKanBMwgm}{j1opCIdKFS`31PL0o{h3YVGFG^S-T<BtMg5NOIy;JlfT>=>vw
zkWxF_#P+98C)|r1M68-q4S~=Zzw-j#B;EdyKM(QPtK*>c-Vb(lxmc+J3{#oJ1z#IJ
z?w{Ninm7c$bGADgG`~WAT^3L&w>LNM8~qrSwQ7GjB=>hWyp2Pa$N;H1%ogz~V@V5d
z^BxMmr2F7%Nq2LPhYN)D^<fUuVKLf{#@{7-{TM%r0*0dJ>5#b**ARCIV=Z?|GCx^Q
zH4M<^u@I&p7R*6`JC93>aPWiGQtHlw`4|WN!c0JWL@|+5rxDiHw`t0fJMc9(ox^x1
z#8VV1UhS{wyyKo=0MPr~W#YB6C8QmY-fZxgJeBZ2N~$!ePNH_dnqOAk45zO=`1tU@
z>b=l;z3?9SU)G7v%Xt<XYfV}D6H9yl8K8F4E+*!UN~z8WC2N1!no3xt3yQ?_T}$!l
z+lL}>XI%DNLbF2sdWl@3t?3CANEO#3@`AP3SxTLRweIZe0*vs|-yhKU3n1^gjFFx9
z$2&flLMGJeGJ!-MhpMjka!+0!-#I931USB5J$XJMT*ZOr*v03$Kn_f52uTPw*2|)T
z$7h&)zc_h$t(AiH<I7%i!Wc3VV|s$(^S@m;0l}xsK5cuQK#pH?!Wt?H^trI@or%&f
z5znYTg|{@Q15%`_)H2|_;i_6StKBuS1CQ|h#aMBMow`yqI;En6L@SEG+K`30u8a&2
zs-wijlm68+Y?x~o>eOwPkeIldahpd&#WAI1*k^=Gxjxb^Ww?^h7!g^+mrP2eaK(4a
z=difNQeC=r=gh|L;)ZY$-H#wqnVE&;<tqngk}}FV0=yc#9oy;jg&7!{JLybs7^kES
zl2_!CbF&pW_Wv4$eZtWAxRtyVEOab9Zw~qJx?o}v>!p(|@9oanpyRXB=q6g5OJUp+
zN*AFs$HYVoDd{ss=E?_oBfZ6?z<zph^z)QbLdKN){bQ!Ebq&V>Wlyi*B>cpAwrD*3
z<<V}30#K1)fIfiia}+l$j&hG3UHZNa=f;&38jq#I{Q?h;T}46HB%m)<_rqF#a(}T9
zTO6oro8Rp(Ajsf31ihv!mOwKO)h`2;GlUfvuYoYABBNI4(s&O}Rl1|5tI{mgsxxB6
z#*<jQhl4Kkr+jUrwkr@W5ZU(-z1t^oG_0(!0puCQit)Mz2DwnOa#jF@0kNJLdYT#3
zzFy8>Dm=$|sb9H~Y#S+;Jy>xF-|dJjSLL^(`;!C%-DWu1u#H_|I3dW2<Q)Xg2S%UC
zR2`x+T`cS?$P$H3xK_T)+$HXN`5&~^6Cj60G4sN#O!2HOMRhFP^ik!UMGeoIc?o}9
z0DrO@_=nb&+C1hE|BcV@EY;={7vdS3zuZpF$F}jXdwUB{7Y5ygb8s`ujv7KR`^VyP
znY?UNm(6~Ek>E0r=K1(7?lURi`}&wz4U8mvjeqHbA~P3X9g+A32>mX7#&fbgnm-O3
zmS_QguJgW!T(QS{as8U;#=)n`)KPnA`?=HWPW3rh^wU3p=HclwynJwSgY#+^^Vspe
zDE)r!Px&Odff8&G=w&k1&M?}0j;8q#C~<(-c@ZA{#%tXTy?jF;l*;*b#LgWhu>9Sz
z*-LNi`uwX&gK!-Oy5#Yc5<ezaP+}gA6;(mhWlpLY1EYxU#fBBsZun@f5!M&<03ct;
zVhO4poH^&k3c(h%YAgHzkY*72mV5w-7J%k&(bfkrXdYUXgV2p;DT00hABjxrTWUqI
zgI1e|N1b{w9NO|Uz~xd|;#ESxS&GVe;;e{7VdIIq7^T#0I1~}C)u6kAeTF9*U3osR
zd*c}Yp?fh4wYW<kp1PRwFa^^R0njJpt<$=Lb%uV%MxCTOo&3pr?eW3;X8vv}RQ;E$
zT$f#DtEQ!Pp_&&cyj8YS%3l_-8ohM6<Wn89NWaum5Va^bXScAuG<y1eMsa%a@cWSf
z2W(Jy@I<`IDe9k$N@2xP^TI<Z*NCoVEz3=lY-@GH$F_CrQ;U6lt9IQw1Yq;rj>gVm
z&FgoUZ@zEiXDG=G(?$aawajrJDk}&QD*q=-q3Z)-d7qSVAo~VR*ai11YeSL+CRTnZ
zNfT;0wK6#+#B^k`7G@K#^0DAaUUae-r2q~U&75$)(VuEj^=w?Ks(Abp@d<0(p(0{4
zxJa`Zw=WAX?0cu;YLRtOJOI^&66|=%S`&3S9&wK(RuN}vR5Dhv1z!TQknj4GWJU;+
zS^{&J@%kvS8U92ku^ISVtS_6gdZGT-zNA)&al3%ng!Qq^^`@j&(6!2!LvghjLZxg%
zBmA`LbZqitdEL2!R||_Zjtz#o8g$B+c&{Q-xxt(wPf@ATsoK2G7+_*-3K1U?%zUa6
zITRfG92D+rWJ6Fd(|fIZurb)FUbLW>Neok8BZ0lq-CNDGnvq%&15<;|<eC;R7;h-1
zre~%W6i>ayvX^^4R2fQ0XHjBiT5RU#w!_lQPWcit0s$~vwgn7|2<N}qlLm)YVzu;-
zR6<x**Puu*jFdqQ1HMKoJH-19G^k`xvpGvUI$8^*?W@bJEguH=1Wn-fxLoW-?CKj^
z1BGEq-3oVOP!Djbj@6)wK4N0j`USTY0f>gc=7S(EK`m}-R0AKG8<E&XJpz=f>fkmO
zOG3{N-~-!DV5g6R_UGpy_lEOcj5P(79R<{yDmok@kZ%`(0O9(|f>!Rv;5p3$hvMIP
zddq8yI{SHSHo*0E?tHR2@IILao0=l~97`ajMODWHvKM_2kg9OOXx0|19AL-e;iV8X
z*p-#%K)JmO0^RQFb|lqm2M)IyK<obQEoed+w1RL2I|gZ)0&PT!2H<1z-iD^Df`SaP
z3x<X(U6uK~fR5VAN@htdWhk8-@FbwyYQa6Cj*@dh(0r|R&7=*un{z=u5?MINuL<cj
z9z<G2CJ%Nq^tp}(P%eO&2+-TP#Vd|c%6flu=E%q!@Y&h@$*jV?#ES~>rBqPL;<t{$
zLEu{@qzv{cb(2L57*=`FM-~lBhQ0B}ZNfmhcfJBJfRI8Iq8JkIZ$?Hc7BH}Bb&UgT
z>Cd|>0mn8kj-$eixKpJ26Qj*|*kb5dsYr&rcPFxqPy&rA_-F}i9WSvgSmp06WaHpz
zUH}UT!kqsA6b&u-O`Fb;Z=`7Nuk~=9whEWeoeTkQy!L%!t)+;K(O;;Tn*&m^&)5s1
zjtO-SC>3#db^~XX_JcU|V(9~)4%~rY1<O_hZ(i!xb`AAc-haEH`FP%ma8{^q;)7wF
z@OQvY_Om+%7_^|PBb#D#Oz@#jt}`Da2<ZTA-2sY%fetE7d%z3Iq-)hCsuo&g42L|u
zR2z7clnazX)hXgKZ)p%mfrhNp4T$dRO-w@oUF<0#w-dmWtD>h|D3;rVCW=(E7i&6*
zgx`s8z4T}YW|zm~j1uEl&G^ahp~8Ha>l*3it}*S*zs~b>7EJgJMT}O*%z9-PrM<wZ
zjocE}7ln?4zoBKqryeCdRVZBS^}!askSvoYmhbo|2WvnvL6Sf3YQeE|q!Z46*CUz&
zDqqd;gJ1b^ym5{i(B}AIdSHk**l{dTL%I1174FThs?W9ra?nc8EInsDo|CzJIqU|I
zRq+xup;Kx%32!Q*3M-h?PW>uPX|2W?Y`$I7nPft7MykY9QF^D2Dj`>K%r1G#)v?ye
zLi8BgiiHumG(xo)>STyyL3EhzG&EoVDs`R7$}>}m|KQwpI^{=NmF;0%l`~^A(E?C+
z{?V?J^DT{+SZm!4ELA6K$b2F^)TUZ3Vg_KxGgSsVq~91p!SrqYFjogN(NZr)3>0S=
z7C8_zG#EBZM<D5&%;YK(j_UE@{BN1@>Wg++wXi!c6vRY-FA#H<eShal{Hsg@P_607
zU~@ZVz;VV#uLX3-e`amUCGl`F;aAT~t~)PD9F`FZbM5D%m0xe!@UZ~vAM<rW%9zkC
z;h6aZGSe*{@=f`FF##Ewa;ByVB>s|Juk#5d{reA6#8fwMR4f<eADF2ay)K9X2Ja{#
zgQ*gkCn>MhHz6w|Lhy+orT|bb;8`SxzsYHrM2?=76z*9}{14`<bPzrR^^lgKb=F?&
zK6IP;Ko_hfTOZyan!Q|@x+gL4^^v1cETo4JeTCx&Qna+T(|Ll>LxMAEOXqo5x+6ZV
zU|oNGAETxrC2yGcdAlM3?F^-m-OKx5{aOcT@AfaXxzR^Ap;nvEX*~`Ez%FTk&V>V$
zg~R@KTm6OldQBf)pnW(8=Hp|a`|2*g!q4u|E8!|e-e@~)-T{7|ul63ZPvo!y%w=t_
zK8<5e_tQ*E)oQrs^k&_jwovi~YHMNt8muE-p*tc~JNGFASsv`$A22v36COiR1{~WP
z#w{k>$<WAsW5mw@t`Tx40I!wDCpbWt*hlxnX>qh5PHS-VMK5br&7H{6XdK-6iPx`&
zb6yPq0b{{Dlg%S?KFgY81Y4$Cmj0m9UItPIpV#3X$@8jQ_>+xcNoQZ<U}t@Fn$^Fi
zE^`BN07aWk$v^K(>>6mtjn6%U8GDT1?UvkZoRjWTKevp!foLoYC~zt85F!0^yf!j_
zmMKU}cVXy$M^5sid`4`#5c9d->-?2L#BD366+e**<nojK$ag7<P-xyKJ|7z8k$h9W
zE0pU;J^z>$D5^1{?nDF1iR(LouOsNB#8<+BcDc?x*YZ0Y`lKj;&;&s=7o5}JQtixp
zVf~ufmaFUN5}nu{aF(D&Xy3rIU&@Ax$zJ9#v)yHSUo)M(k5(-PT#W{9zPKT}I`Z$T
zwhG5_1mbcdz9#_6R<kic=pyDK<Wcl%{PwMU4a7)qgxh>-qp>BRh13L&z1pcp%0Og@
zO<X46|FHFr(Sbz4qHb*4wrxz3nb;HCnAlFonAlDxwrx-BOl;fc%{dq6zI)!k{<FJ#
z?XJ~pud4dKx@K7DVd9_xXPWgzvWn&j3P@-m!NRYEEKi|qQ;Whm0<>C<Vyy;u!F9(Z
z8roe2{i9;wW6TBQ*@*gOk_{cwq_t5XJ|MoeoNWE>Rid2PC_xKONxbS=c08gFJT-ac
ztl-&^W{8E)8$<i*xOU7v?G2D!#Bi4nDW)9L=`&RBGeeDa-gh|smg2vaz=J12IN};!
zd1Ze`XEFGT6%>m=9XNAd$6FOjMjbNSR40j+J5s%pXYJxci(xq0rlX^A#%wk!<{^v$
z@kM|hfZO&2sp^M(`qf(rR#XbYUsE}dZA#B-C>G8-rr76KWH?=|VO}_9I?S1fn~b9o
zNV?AQ7loyQTZgj&AER~Jb?h4$OeDmH%@Bd@Aifq=q=G!tFF>^+h90i;cX80wsA8YH
zC-#s$(lxzUiOEgkELP;=bGAl17UH=Q#weaX9^K_OJ)EkjNI@_a4USjC(u|^h4eJsQ
zH}6|-oDm8oH8)q^&#GZT``o=~<RZ*W0&8moaV-O=dAx+f(Z@Z58e=j-ct{8XgJ%+r
zpQ-by1Or>4TWp~9G>WNF_;CV^FwID@HM0!{Z0T5u<#Psb6(|V1v*D`^1~_vD(BGfY
zgQq`1F^Z&^{}Xk?|C+G(zgahSZcf(!3sB?up8(ru5!i1Uw*QWx{cq~}|Kh7zxKe71
z!Ons5$e)ubFXo(+h0i+arjvFDXQ}KaGdhXGdQPRg{+wQW0i2+%CcYASY~7^QJZ`}q
z`)iap8D`a|mm2w}XPnUMr&;%WkAF08cn@)hYSrbtdvfNOA=%!+#N@lNO<p3v+1?Aq
zxP%`@Cy>o;eRXquXFOjZCo_F#?vEdT{SgL^c-|rZ624P*t<UIhwG+HUJ~-aB6V^Q&
zIvot9M}Pdezf0kh@3xLRW;SrW^SYbR{G5T702IFz5XQb)GJv1Rc+5xGvjfq<8%snM
z@twqx+mg)Ln*np}M?SS^_fRv;JJF%Y5q6f<yE^#SQ<N$`Pjb71^pCI`m!JJ7<^blS
zz~ar_O!pVTlg=z+p3dhPXoc<}y=>nYySqE+RKa&pD247h>qGs=y4(Ew1%R;mwi@cC
z^TO&~q8jXtY3#ZiX#uz+ohCMbzw`38`y>1()c@np?j65w@m@M#mq`d|s{SH3kc%C$
zPSRpz5B<^FHv7UFecM=wUAUp%f?B%5^wB93>f6Kc{)%V>DP;6N-8X!;V2J-g8Y=yV
z#4?8+yfvkV9UM93kR9CN|6DPqAXb2(({OV9cMS1AKKTEGA#(pGhWK9uq&))o2RRrg
zPl`PYI3^h9|3V<ESiqw(Isb#5{QoZJVrf=l1wR2z$teC`2xPGpJ2<ES=YMA)x&Au?
z$@L#GY4?Tt|5pIAa{VU|+5AOgVngF{{hz?*=4Sh^xaRuLxUR(f&-MS$3vo7+5rdI|
zf^l)B2$z8|r8tv-$@6pl_r3T}<-q^5_Wy?s{SV>5|71f`yeq)S0jX3XD%i0g3X?vx
zZ?km+B-%^tBozJ-Xu%X_U|~9P8sA~a{)Cay=nO)d;G$@*h5hE&u?ITzAe&#;%4u|%
zt70eJ+B~Ts_Fe?KAH6<3%xCBRsTRv;@g2^WI+c~pDGFD|r%It4h6^~^dgyMYFmI3q
z5s*Wiu^)0vo`oT^0W3c0C}x8dZOcx?0`C1DqAhfycdzDCnmkr+8~Dg5M)IU4!>_7I
z`<PSuuby0_#*?JcLaM2?x|(^^1ughO#i|oFErY49yBgj^;XLIB^OFpl#v0H;k?S%0
z&<Dwz%5KowQz&e<NJ284`%d)4s6+2TQ*Nk6>3Zt;HcQ_;fd*8z^GGc{b$v~@#j9du
zRJL_l7=DObknR)c9Fbxnc7~zTJE&d@wg@S#@`(%kwlyNVViSGoU*_EyM`*G#Q%5V6
zUNMShQx#{Kdac_X8$K@&W0%4PTbzM#dsfiMxO^2?ZF$>^F*v-x?oxMZcmFD+@>n`b
z1-%L1Y{y&=0mC+LMmuEi$CswWRl*MOkU<TlZ)aEKvLD?t!6NPF)XcGhCa0!9=!egr
z+HdPR$oDXBFyw5=%0EHQ4eQ9WwG_DG`9I0mqD*Lamc<|3hUxp)g7-kJpHV!(Fbm;>
zYX4>I6z0ToS4YDMg>sJw?nwo8gc1yF%JHyau?oj}0jUlJA<tpDvdOVYOGAu`atkEh
zxXVyKN1Vt13C&4SmUe<!vTMo^kvH$qSbttctbWK1L@1E&)1yv7Da+Z4OKCB=+P?bl
zIRMmoH$uF9FL4j+d$?Mr4tZ5wVV!ZjJuH=vJN<lY_|=Y2ILA5@dauxHZ=dfojN<KE
zdmCylK*_maA*$sk1mzur<8F}m`aEr1eE5GclH^sydd|ArHMwF?`t;ZcZDw13AJ6YE
z56A2D)cob<X3bT&$CkZJpxuj>^;+@Y6O>qvTm**LzOfbJBqB!C9>-VK2=Fjy=*_eL
z#5<_OTVZ$7sHtI~N|IsiaKP=&BLmVg8DgYNl^MY8_6h68jMzjc+rX3;NcLSNYox(P
zzBPvb!QdC-pdk#PHI`xN^t50h8|=zIR^pg2orXpw1_P}SDOD~_3K@huROdvd7sE5G
z9^s+jDVSYiPdMXDXR+*4snD*mWp>7g;OKS6UjUfJ5b{<S9-K8iepI+yj{r5fUEfG%
z*`3@OXn7K`;z%(}Ww|MeifIaeB{|nguVgIGdM}dFrzv5vsYB3@+R=p9?rSus5iYEG
zn~!7tc0oppa_PROXMX5lOU5POW580bjmBBrm<*GV6OB}8hAKQDhIOTWT2C8u8r|h>
zb3TpvF84Q;lodxEO;NZ@bPsTGaxzq;vu3hl5}se+Ag9p`obZ}BIA}8*wpG>%ph0RB
zY#+s@@1RGkPgea(U3HuW?}`r)7#AlGq~3{^mJv8zRg>Tx9l|fI82<kJ$tu!B;uPEO
z?>8Ev8fwA@PHZG+EYn~fK7Msh?&wN`W;{9{pZq=CDo<-Rk;bxG4-5Fd9F3ztORzf|
zstyrKI;5U7ly3INb-e_R$|8#LeGeWY<D83Dm|xV8vf!8dk4B7L_E;&6a%0GO{6^{e
zBq56Tg7vOjLvUQK_C(_E9CX=+y@saO-Os9e-$_XGBSh25WNE@j#8^pFhA6qL?c})@
zXqd(PRgnw(B2A%BjV6JuE!X2R6U1^NebMrP^1)0oqXKKQ4mAcZ976TknuEGrJXpG_
zt)=*WiZxeHyX-wLKG_>dlM=Wyq5!RA){52wBeik;gYq5+ZW+33NFzrGN&?tq6>*hD
zF(en^^ZZfN+%~pclYytLu-c!}FN3f%a4OC^FE#Yj5Hj9)cq%|oD(N~&5{nR5fS=lU
zEF3E;fdC3%{NfC*r)I)4p^E8t^{o`bn*ub-WS~u^pDy(8_Wa>k>`fUTBCWK+Txm?0
zxnvwO3amv=b{Ybf%ymd@h=}Pgr97Ak3@jW);ZTejhNKid)#Ji=15*~Xig+VOhwv5d
zB*DZn2Q$U&Aya^JyRH~%T$C#g1dEzT#q2MfSXcCTl&(b1Dse;=4N*2taynu!>TZVW
zUN4VmKq7Jss%r4QFBfqm<cS|r-g#05Pr<RD?FRkWi9yv#H5u&J5Lu*XW?aeKne4TL
zc2%1(dGVew*soGro+W+<Hw^vXizLIrCtAwT%A>K$R7IdJ2GmS)d24usgMprx0hMe{
zM|?t+{U5ZHk0NVSKQwsoBVjVEWnLk{#Gfg4WYAoXkncpXX`wibQ)QfqBKYyJfs~nQ
zWYm9n$Js4B<Tzq{AJCFa>*7)n>qs(i<F3ykIjx8f1R}bMLG~=!!?so<8vo9miA^`C
z$NJ!XM;8T#@q+28^nQ8nB*qs{K$OquTU*q;h`3y<<<>Z8;ZmuV{JtrcRCUt)PG~(4
zmDejACSs5Bo0bO#b|%gEufhISDlL!31he8Te1msZdbI>5B)7pmRicjrf(l})7FrJ}
zEoJwyRg-VAG+lsr;qr@%0>uT7Ct2$ecine|x4L2A$X#s+4k~+}rF_f%!6Ae2=GMkg
zyG1>k+yI`(8g$j6>ZY$K?##jW+Ahlb5}xQHr_8B`L;_YA$>BIWNjB*<?Atg(`7UD6
zK2KnF<LbDq<$!h3@E2W%vAUf}sC8DefMn`ATr1W@STr*=!JQDW7GUq|3bXoX@Y>pB
zzmyH+!~mU+VAg(!q8cEb@-ZWkRcl`fwT+KqE7{&5*_?$^(PF(<+%a}q+8WJLMa#X9
zBsSmhS@;dyBG1lmH>;C1&@HG1(4}7;94@*#v_f$xIWj}RY=cY{i>J)d1@4s<wLE#|
z>kG1XQd>G-^7f!)S(>q+B3YVm-K6L=x!k~}j=ln1AL-5@aYhzNGe>-*T{VIINq{a}
z+rv4+_L@-VEn6LF#BtUlb>`{AQ9a4hk3&aSC<XIm!K+Q`%@>NA!TKgkQ{$1y!Hi_R
z&kb#b?v$G_Q_G1;MBceeeW%weTa=ZjC&KdggdzD<5^QR>W3I9y_xGYzb>0YZU15OC
z${^;h!K#W`{nZ`%;adCdBSETEpvRUa^-n_S&)-v%?aw=5tBh?BM!acYjI<~+{!Vwz
zjF9rh-@FbMFiK>?BaG8mMm$w1AW89In@=ImvnNXL5s0(04Y1}oQ-eB3k8A=z1Z~3@
zmTUBz!Sgvn2=9*id}18lwTIR@gzbRMe%ZU7Ds0cIv}fa!qI1E&9f2Ix-;mjdqo~%m
zU0Wwsvts>FV$YyN&_o55XO*bbs-s$TbQ}guIkmyS98`l0zQe$YqQLnJLnNbk;|KgC
zb!UQ52sTiK!3zGv1p#hRN(;elbiLZ(j?8F_&^wP33G2@cfh}sEtY!<XK@0{|`lCQ@
ziP{T6<WMLYuV;wHN<`Fbzri;kSlJeG;?ta<!p_PzfL1=+Br;XbOT=X(fX<0pRUwL`
zNyk|SWTKda`UUl{2r>m*7N+-EN-us`GTSnDAZ#f+bP()ILYAJCsdxUgEZb=)cOx)p
z>OfFswh__RTeLU-i%tYl*7ghFPOnU=H&NDgex7pxecWU*pGn7P+Dy)9UT?NjUVkeb
zzX-Jrx3STkh+d>1%wpRuYBhb`u$@qod3bAe;cUboOB~Um<Noa~iI+z8c#qaSVSo}A
z8)v(#6FF8qvbts5h9QCD#sCh-W?%y~Z|WxuzQVTU4Ao#V0G(e}c%lf%-c{?Wa_Tlh
zwK*fUt@0n_3D(vBa*OZTcg`nrDwTe>OK`XCw&k`LNV&b*;nwroUf{RY(x@@oz4;-V
zve2B(Es*!!eI4DWMX#O!b1w0Av{=7GV1M{8@`h*93O2CH3-uZi_sGI4=gcRE7185h
ztBz*Z(`#M_V_*ikY+wkS{Q}b0Smg3~pWTn|EVl<h@+l6>REqQ8k8I!{kRB1+`>OuP
zQPwlhk+Yq5+iEYoCUbAVU>6{Ax&tN~x-b36GTPM9Op>!_*U}URc#*WKt9s<vwVr|^
zVhmSUlaMCf5Rw@n#gIId-y%R*L7QNvDZXWa_-5`w@GRz9l!E|PkT_xyMep+9y9{>4
zc*Var46!4u^;>~YU%i#q+vYi)Pxxw5xrCL;KNS+_<PHgBymLkDsD#(<h*E>7fk`e{
z5*m+c%oX>d3D_qciU+|)%zN(JiOrq5m5qv_;jk65HSosuP&;|^loZdakDKox`kyxw
z@NNQkS0}2Ef_0R?k1M<jy}?0iSb0Y^_iyLya-LR0iL)qFY%PGL%eW>JWhUf?6uVY1
z9H2g(XMkfB7{uvkP5SgIA2}=Hx}B9&wlTBfntdZc^W_)cX1E>}PezHRuCb&eb>10Q
z*M`fd$@bb$P-qaE6h~q2_IIWVG@%Wq&_t+GNeQ<19f^%MY0k()Z6}h1ld=p$VV;3`
zRL-}%<f$&TfWGdet-sgh9L<vYGt}*81-L$KNHlRoY1XoM=C}_(-;NP`3mU!i&tPVy
z{fxTJ)_W`#u1uYuc3z!mI=Acaa9<;jIZO2gw#Cb;_ifCdVq%*p62C=fp0R0!`9CSk
zKFo%N?{*ZTPR=BP#gA^5ANeJ02k6eGZm6LR@1J?n!@81k(Ze31edM2y&cq0*0eU_J
zC)+PE23zRWG~L;+BF~Vrn_1A=9`8R*Kf7=uUl9KG+9=RY`9gUPt9-~jD?Mv^pnEE>
zP~~rUDsi6`plgy~^I7xxP>YV6bw=G&o;nAefB#KxL~ZYw#RrQO(avL33uo={-9G0|
zBm%kV#h?;7-COZ6kc}AQm1GF|9B69m<R3n><^a2%za)TFEr0b)^(#Ajs4;PJDU>dN
zJ`6lPth~6hZ@t-Tg~$GY%@MNF^g5i4;(K~tZZ5*Uw<e#)jqgRs($>G>6270#j#9y{
zQ^bBK|G?WDCjRQ`^t^jh3~ZT&nF{cU10jdNA^DaLf(_xW?RN;VMA1VB3gAH+NS6u@
zqk^0-TXSGgm*i@Y`>7d7;h>CfirL5zGRBu8^2$W8)F+!^QCQ3CGw?{+$e}aRW07QF
zWfo{G%oa6zf2V*o!2DKkB!MPg7Kw#9txO^M*?wFdc%1%`BV9CPzWN>4(#>1oIeiYj
z0n!s%XM6-Z3B#86@g9=+5x75?Si$iE1wOv}oV4#b@=^Iyx~7E^5K$0S2%r$%OkJbw
z8qy=X2qa!Bjt9!ZvvgA`6_{$FKYO`rc<~D4wb#L?JVsHBvqfvn=V3>eAUWvd<d;l|
z#EV@dQ%kM4pWatd$Y70W>5S;uR;yetNtS7oarr#fqIPbG!^QW+11cE<sY?YE851f5
zy|qbd1f&<qI!o#BR!+IJ*e8y;4A{S&NJGu!+m*YeQp+AEjx4@HJ2_gqYIY?5GIg;S
z1Z`oENO6KJ>rQ7rLHx7M>Vl*NY63AZnTW{Od9_&hz5OCNn6v1x-e9@5`wl0T0LN2z
zP$kQDsh5_WII?2}XlbaKZ*}TVcy(FxGriv}S|T}b?UYu#*6_({Y`ajXzs$Uueu5d=
zQ;B4xoikaA6b?LE<JBjMVB6!3eAl4~oD;~Dmb8FJmQx|}C1Ow!E#`wk{=pd%%B8hW
zF<}SYrDH-!Jv&zLuOmnJL7S-1TwqcTIZv3m2jQ74keo;Z$ns~$bzulq3#s?ZK2pM~
zdX%%Dhj^8%nSeNzs~Lwtq$*+Qg+Tu!lV%P!0wIr%f}Y9UYl%+cJqGv@OK;D~_M~l<
zL#$L{R2=^@kcV4-6bN28S`uefQzVJzTGpGdl|uYx1#4*}ubgMp(AY>-!Y;x}Nl<#h
zk}2~k;r1vEq&zt`YdYzuWS#LeHMSzo_acHWx|?a8mRB_1qf)iSPiQpW?C7gozW9q}
z)o<Z&$H$)SAs`sD-4YC)I75-drt+)KZ`-@}W&K2jw)Vcft6|()L8wnkF`VCJ@gV2E
z8Y9%#zp_=iR@)|MK{@P^H)+e9(h{@{Bx$L%uAABcK;!P+36PZW9P9@SIEO=w`nCGi
z`lb3U1AE7JOcxBj&ttvkb7c{lWJ<>l?552mMz&{MQn~+yCEoky>p+YFV$H8y3Tk?S
z&;B<D`7F>-0FvgS;M}S41^2$-K6jz22j;8<vAY8^!Y9GszVljLaBN1)$NW@G3vB`l
z8f_Oql9iQT7b|OKR5J`-mB3@xa0jXUBS!mnK#+;CsztlGzbE*_tgx^cu_9v%smx9&
zvFlgzHS4a-t9Hx`*R*e~ogseKFoOpUY8FzK-X%($f|`QEz@@cwl|#0pqkQo{y5kdP
zxweG1Ilk<piZ-^Fr2t${&_Pp<oh#P1_mo@U>>$AYp<#Oe?YBbLFKZd|&4(*O0(!M%
z#wG&$tc~aWWv61|Pl|neWuN<Ws-iI<t0LWa<Bj2|7nJMjvP0N%G>Z9G7w=2&nPvmC
z?QF1YyjNj-0Y!v_`Ai|?Ig|6I9F2T<+rUVfOa~X@$!t#!l#Qi5AEMUm&Wt>CH>ogi
z;Wq@U)*r%C3d-qtiWf7P+q{4}(NfpxMBIM=BxC=WXVZ#Muiu>TuleIXnV*}Bd$ZeU
z`=X3?3xavhd^9rnY8G<nL1-a_Nbzxh=25}t?r+8~;>3|NO<Rb#>4YURbqIlgt-~c-
zF8ot-r@EgEMEUF^;STL{=@@j;6kj?s`2C%4L;m69LcGug1UzxzwFDY6a}?0O752Z$
zAVrS&SMp9Lf-mzLjQBh8+Q(B_P!JIRonvOiFpR&+1!rc;P%UY*qGyS(bgRjS>G$w?
z2~pauuwElpZ)Jx`ZRoso_5Isb0`{G%!>;#qs?$TDO)!GhUg0>KNsF)R`Qh0Lpkks|
zrmFrWO~i@?byigd1^%Qs-E?v@d3x{Ts^hJCJk-^6Cb^GaEbP^~(>jpZS4-oBuE{vX
z1!I5_Nx+(R$1oIb)~!LpcA`+aMCFL3B*XRFyNf0!M@5B-D_naJ>$+e#2hBfhg<ax%
zc`Etnb>G|$uhKO8A8tn|cm<vmfNKp-;F(1?N?i0wyBhKtM`Hz@oCU<w*}RX-MJj4S
z=|Zy!5ca;wW+V6j+niFxdp5=%!&Mrw?IeEf$scFl5!ef<-s1}GHLAyl^lx0^tsdH{
z;Su2K6=l&N>+<TT8GuLBE4k|9VMcfm&BmVXFn9#p4ZhWT8il{~+%{zf&K~=?n4N=i
z=0P{)w#}_Dh0YWW`-#<#V31jv4HR29;K$HJ_92)N3LOgfAd9him@{wtESWnlgY!2&
zF}*kE^gN^qx(Hhc>j*0d%_VS(c>E*Wb16|TjLe#_D>&+X(tjp(-qATNV%D$i-|8G+
znzsp8<fg^hdn1<kY?U|w-YHd`4&N|9f(UW)A6$Y+!+9NjY{eH6*sVvOlB=Hz;;gsb
znCVQ#@YLuN<lIhtksLa;-6&k%WxbP@y|x>5SBHMCEBwgkjs@T`9iwz8`MyCT?C$7f
z4%syP0TsU#4-Hw$t@j(d9C?VmPV~eRv=Y!3@Qf%1N$?Vo5GWP^%mrUS3sa36*cJl*
zcv%Qt#!;(cc<fcB{fMU?`gveziu{t3i}Fk0mmpH0y-}G2`Ij6YOq)mDX+N;D-}#4H
z2B1uO7I5;8EKp<e9M+NDYZ$m;jI2j6Nu=X>`a*e-6w-%3nldXSC>0hhLQI1Dcf`Dt
zVwsMLlDhCoBY)8XFbv-qp;}%n>S1f6P>cf;`$-ZLQay>mqp*k&UDU$`HysORO3UI8
zrt#BH#(!CVX6K!@CL0TT?!~eJfxcTIBH5*<ob(?{Rh}w`Gt4HoL+3hZO2}~Hw>urM
znJ|bvc-kvfFl_NPSwb6qd4DizVJXYSsaatd!763@G&H?gKuDp5q{{O;SklJ7fVr(z
zWLT||E}a^|P%!WhbCAs&MXtKK>ARz;TsO$rc?$@9<}n{QUUeJsa#qHokgkW4nYQcv
ze3!igSof3BgC9S?o7encSD*tjir}x6YK!hj`@lDNlq>@iTyb*~IWzy-qn^eQgt2i&
zvk+J_oL^8Q0D?Tby%~>9$m4|lJc9N_&4(inqCt~dMUo4{Q_z8xd-1II=KgcJ#Rp8f
z9h;awgZt}EK)@#<={ZX`w88I*SR1Hv+%R6Ij#>K3ZxRXD#FXwXpm}dh&G`N#cnHnK
zAOwa*H{hlsV~<AN28%h-_V3#Jw$+mvQympAZD&?EKu?*2BlU8S(Uv=`6Ryjqr4|`N
z00}<S?yp7CARi<dJA*c-L2LE9j9;d`TUYMkHtGZRC6%VY-ySmX-hsL7L^4kW$JzEw
z+SG`!v)FcI2FFy{x2mvBj=v3q0}JVR*G)stea;K>X0sV4A`EPC)(tooh?NpzBRL_W
zx%s3vUpkRn5{qvu8Mf;sUPL~+Qa#ZGO}0-v@uY~03qrArEdzke6y^Q<A?rGOf|u)*
z9y=-T7(vT+*Vl|2{`+}^1O;R1ArYuz^Kpj~RN`sPB}hX*Ib`~O@*j70@o<+Sy6;df
znEebM^sKnkx*(m=<{HV1@Kkyn%;<()Fk*wSfKl-911hN;L^Dh#jBxl>5)AQgdzBz?
zGV7n)$r1S9n?xb9j<DDVL>=OXrxs?~wQka%a-ZC0YLwnIOi(Q1e`E3GsYC#1%lUKx
z2(`#+doPn{#MsEw-g+v$>xb#RKc2~)Q9)IPf_Rw&PHHo;mfy)Z!mVbc4Dr9ypc@9j
z0Cg}PWRhglWx8h@d6i@=zdDU-<yCTBj)p*r&2a-KMRBlI+1txZjwTZ2;a#RzXJ1|v
z-|wPNUfKmwGdgtz(Pe7DARzx8Dy?Vx-IU&pjMZppKJrocKg*dCGK3x`<;qee6vze-
zX-zeEm5-Waw)sZ!WdvMn+O_weI`D;y0oAvB<3TNid`yi_b(DBg@@84`3StAL#=#aQ
zO+;&+VJ9gkxPq&&?W~L!)xXNUQ!4#RZqYtUuAy?<LsBwbe5O(DAvIKATU7QB?eyP8
z_+kOG^`@Z<JYO#nh7808ru&IipBr=cR~7u_=aSPbLHx_5<bNs8midn7iMK1>Uk%`r
z?cuVqP97p8;%W*!^~3nm<W}xq>XP6$>FnAo0|Sq25c@(@gK$MWQrE<}26}bcxaQnw
zC3f*f|EGJ3#oHZ0>x;qen#bD+ZhCNH6`hRZOkTw2NBF<Zf+Op7o3hG318fPW+JC~N
zWSKVct^MeqKy_+NYfL3|FFDW51Y$IUd!>3cMbr=i(%7Mw<+BQAC2i=wD;s{Nn@xcO
z%UKCGj+<m7jGXILBs|g>q7(|1DgJ3yJP1X%oohKK+O4g#4~CYpR4`%GW>(vII}4_6
zJ$tjpJPNzNy0G97T9}|f>|6imW4n&pRrL-Eo8>U^>h@zD*>;oLdSq;o3CI@qGJ&~p
z-xo_w+GzRXFjFJ-&bD^EsL<&$&MtAej$cw<QQqmg;}<(fd?K7nWK65dwK;tcfsacg
zgOy#(PwpBD8EjB{<>{kr`F-lfbp-T@TTVO9dNBuSwN{=9M^T;HiMO+ne+dljG0Jhf
zfo&It{egc=D^YBeum;2A0odi9Z1C-4{y4)~(%LMpYt>%={Pwy>X?g>aGGWGjbp9eg
zg412^+8Ke#iq@Dd8<K1iM%mB%vYL!goRBN%WW_d5sbBjpLTNC?+>$ve!ykUWN`mue
zCkT-Hl(35syq1lr3y;Eoyj%otfBKu|^^tdhv#@wDcwwd6NBq;a8!!t;^$>p)nieX1
z)z&qIE?;yCLPsFz_V}82Iq|bsRD0^8MeZAS(NXj;eRU0Y7LUVq7drKPmwG&OE14~H
zo%f%$q<^Gjo&L<zoF@xM)9e$5C#h88f>{>Za4lN4@NNOSytA}kT0Gv~T1+2GHp(-B
zG9c=duls{T%e3QuyTH|O;HcneTU57|*boZVs)17rUsbp<FAYhQ3F5<#A?;MKqU7bi
zOau1=I-9$5Mgxo(8`)m2E^mACdC`f$(YsxhkbDPkm%i(NQR9iX_k8-l%i*<(n2r}P
zvZ}mdoHPEJ*@P{1L{sKpL5piz8|<?hJU+i~SPWFFPkhbtLj&NO9-gAV)6|B#H0C2-
zfN(049{G%DQMv{@d#amn@x9+XBCmE#75SSE7Ii9&r`LYW@Fz31EWSnF9;R%5K72GH
z56#!!%))=A*O()iHac294howWsLnl~|1D*$@;f#8tO&6-b`II=A(XuiWIY#9%*cF?
zPo7-GNoi7GKm+n4V5fa{oM|LO8;=!JkUpF(WJ2eTr{h0_&(W>QAs77GCL<f58=Vke
zknjiFWL^g%h!EMK%$jY5hh~Bkv29y#{Z;9?sx(S$(Iw1Y@S}X1oHl9WtYpfHXv`Ct
zy97LMB9J$H6TWGedpc?hW+ArkbCGa$PFhPD5eB3+)&lZ@8?f@ty&zP95ps?-Q1GcX
z6&swJi1lkMy@<iKN4p^$+%4-pUqx8_kBg9e+oi)08{4I=kbT(UT#VUcs4V<4z_B0O
z)_oJPx^){QSo<IZ3T_28pUM9k<VSOMUb$<30R$h!(<mbGEEVd319ye9SSS9U$fh*$
z@DsOeF2E&m$0F}M(q0USQQVVhI<Jz>lNTDRH8;R$$|-OP@z4U?uH8`B#ut~7(H`8`
z1>9lI^v~>OaILy~b)kB)J}#O*5sE%ml>7W(?D3rSwq@DsH)P_*Axe=ZdQYEpAmX}4
z?0uW7<5o01*5Rq(X0j{rg<}<)xifZOn8;YG8F*aVNDq{^>uG=Wbp2&jjICZfqLNa+
zv#X-}NuMlM%9XVo^pPz!1T|+pGP&o0TAY9xRA4b+q-Sgv*`YaIugsAbJu#5EVEZ|O
zxxvlT_-^mwp`MdVb*wS(HoqY+?0xnAWBMHga@Xy__oer|^Wlg7^UK%vHQT-1p35xs
z1J^%)gRvVB%=f_UJAKOUJMFK{&)yQ-dcSQ9#$>OF*~oFO%c#AF6V;(lFeywIvqXGn
zfkQ;ikG_qM9tu{O5=U%~ilnz_EQdeKeC~euk^PA`UP<+!bW!2>%~EZl8%%2ady6so
z4$yLrut|8$KWxwYv*Co7{?L)?nt?S>0@#VwncfLVg>P#6GXm+tMB^k<`;}zTEea2g
zl6lCvj87JkXyA7+ks4ynIa5w-k0B6z+wo$q`swSs;d|lWdOgU=-0866(zLVFR_v=;
zR%yju7y1Y07*$fSDgQI5wqQi^E~EIy<W+^DoCKro3?`_l0mqfIC=@GMd`avv5!mE6
z*|(`KX;~3cFKad1*KT-Z(wq+PHz)sNyJ|H9vdX`8<FuM|LMh|B*@T2^$C4TeW&Je>
zVd(UClSsWz?}j1G=uwk}=a&Pp^@Q{0w{YigC*JTs7nE~?Asq2?RHK@tS^BcB1;#u(
zSl_dlic_?YW-DcyJy2z^?T^}=4S~vqL=V*R>~r2~UC`>KimsROKXrfHuq=w#cYcCq
zU`x{Eiv5(N|2j_JFn>Pfop1k`;s3aQ7y%gVTAcdLNA05ADmp5!qqh$J(Gv$<JXQrK
zRlnW$t7qi6Id;9nf4=>lp~kv+w7=+&bbm;OgvUQ@)YI`CN?%P>P)DE0*#XL9^~s`Z
zMjW|PCy;u3>vZD3eOKDjh*=!xNu3Sr7jfUHvUPVFsLJAv>nH;&J>;qq>e<n2YqQ03
zYnadW=i~l!8ll??Z~nF|k^0&V{jil|c+RXKP=MgK`zZVu!A@|P`D1G^R7lqHo!!f9
zW@ka4rqYxKnSWGF@RLJi@&vFRatEWf$;y(OVu5A=Z2-mU4wf=v#KJ0WwHWwuXc<Ga
zvptY>V?oVLieTl%VCXje&yEh&3p$VmhNu1JHYTQ%Xl40ux`<GxIR#(u?IcB^`+fW9
zpiqX(+5)fB8{@XrF~{+=Os)$@(jc7;yCp`*Mz!gD*}>@Y9a+d{9S!)kSf|AKsw})9
z|1vznwK2&8wbi>#kr@>sj=+VV>ddET1O9@wyp41SyNZla=5>0)VsA)O1Pu?dl;PH(
z#_HB_m0p)Tf}ZsHssW0aa)XAkHb~UMb7Sl3Z`+oCKYlMSEyjAo9`?pTD$zb7-#!`1
zl+v8w=Z}l0q~4H^^a)%b#OVrtPn0B&Y1yj&{CIr6^m}_*@BJ4e&~>p<slC9?Osk#P
z{)fn{PtKlP+Kc=Sto<hNrs<~Z2C-nv9aHgBoRk>BBsMdb8)REEWE-(UDK>IYoN7qJ
zOvlQaHJklrS$vwE0ofIAGw-A^v`j1UH#?&Hi)gBxXXSk%w;}Kx1Y2_^=X?F*cu{|O
zF5E>@FRx9H!5lqbY2Jx|`6ihH{jUgA0Bazm76VFsj~YCO=ATJ0Q!JV$kOMcCq;315
zsMdjnZ{F8YcygJ;@$SAu=Hqq;SvnPO;SrQ?JMcdwWR@nnIrDUBMZMNT^}{zbxkjjO
z_xc3HkXa|<&ftM3f>J%Ip{z733`C<((2KRIj>gj^$)cH+lo6?W$B~gYtuGHwuMuMn
z8<^GpYjo6=?T$J!&VcEUhSXa#6}%X}j6MB-7gxG%zls$qj|tDCSLceWq3!MvKnMP9
zu!kA4w^30IoO@wMTa<nrA;==_5qRHx^h0--2--V+x<CStN&j?H{wbvCvX)lttQ1DT
zRRK2JX>w!L?W=3<HrwH1TV23(bRS}jV2$-hF71$lfUnTq>86>+rLz-!MA2lnR(HYU
z5iK_H^MT4>2E6*?ISoB}X^NmHha^<ycb){z`FvKog?>wd`Op=ilzM`G>=X49+z29s
zuS)AgLIJ>3{7p8f^5hrX{7h1!QCrBYNaWoTN0fsdk}j>Bw%=b(P}Su9$~JO|)Xiv?
za_#)LorSD%2#h?gMH<TS{v&hhIHo$)7$<@;T;4vd3UOkY26DKRhaZG${F9C+2G<bm
zINH1HQ<uKBQ&rfm-8DH5q9D<oKFT91T}oZ5bsGRb)KG8C(?poCGpz8~Hp3{c>RZsg
zZaDD}rM#(YM$$2!>#B_`48FVXWA@=ZRK+MQ<>k5CHsRIQ<GNckt>L~?JPx`J*G(F=
zFRzqfV7`_`UzrSUy3n9zK4Ak)OSV8?hyUo=DnWI7^kk#Yo=T78TF;S2emGMoi1-c#
zQ8<t>PZ_say;FiEs|zVYe-N--@xJpYu>?5kH)jJa_o}`QZ;{j11oYa+ydAhVU)5|1
zq-ym;<*DsfUC9Fcj*8WDW1ofDu&Lg>{)GIL`*E#zOTqlbdYuFaQ#8qVuAjm6$Lag~
zPB*4((r4$?lLOlgkw~d>t1mf-E-WYbk^sJw!Il?tmPGf|huH1%X;SI<0N;Kqwy>&J
z6MJ>PNz4BBx{qzCl91XYy)d1f0*!JL-N=3Oph3_|PN{u7ZvT8P=G7P%1}*Yl>o67%
zs4N%A3n#3p%6p!l6<ua%f_5`n(K++z-V?4W{j=sqc-h~$uVnwa(M-l~a?c!BMc_V&
zFnY-_iZG1u*VM{3g%3@QSO($4k|DfLMWG$W@ZArv5v1ZXl=^<P7uQ}KxJ<cI{Xmz=
z*&TEYu!xK^MRVwGLI#X{HRqtb1v=vc%ava;&|72Rp~4#c-K~Pn>xsI2^cm%qQcEg8
zsg)hFi?sSh_kOZcYhcLz+~lPEGO)x@F^j3{5M$XE=oI10dty%ALeuQQkE;U3f6v9D
z(QCFpt>YK|FG5@dh1Z;VBc)>$x+__j6KntVPbf0qbI(zrzRy(@vd}}Xwh+%=U{Y69
z*SXLG7O~3fpYBV~O$_4Ib?6Zxme)UJ|DesiuS$`lpSK{11@;3cguYb(H$bnPP)jc~
zxi`x+G%0bxQ_o&tgwWFhG;rIyD&#H%s-X7zX9n8INAV<3Noe>1^C?w@Si{@zX-fHx
zn&v}L$bA^vN@Z!)dt3!hum@VO7GDU(XZkV#x$Cx<T8QT&!D^eA`0S>air4@=!UCM!
z`=^hr5M>EE<&nDdba5id7tW46gR~~j&l2Ujg-2Y1`6gr_?Gx3-*hSv;vx_Sy`l)BD
z(Glzv;|EJgJ%=<RFt2)KS(xH#UX5k+VLNwUN4WB7nV<#<)93|$vTQ$}YB@JgJi*?x
zTrP-lZtON4=8W<!_4BfN(yKmxZlz0kRNwAAZJY7wcq`_eqIVGz0jREzLKm`K@~#Eb
z4I5OrC<l$s^10rKxqug6tbLW-(V-z$KBQq8uEv9K8S+on$YzJ5%CdL}C;x7i^pyEj
zIqaDCa~wVN_gd5m)&QGBXN$f7oiAlJHX``ZhQCzMEt$6{H(55CVJA$)_YxG+&}1|%
z&-i59!a|n@l~uf&S->asZH}x%!MxMPdBMrZ36U&=O1|ge!C1Rv<<8SOKH>O7Bzl-(
zx}TAUh9^Ip{fePH-8&Og@OiEX)F*gH*v_;u<{#24r1}M>J*D(_THly!x~4}1$hC*;
z*)&#G)k<U*z?jJDJ?wacFP~F&-`H<?sDX?)Vc4B_QC1_X2f+8391vk!3^cxj;^zAs
z;tbx88!44Hj1v_(=qW9D>Je@3p4k8wEtla+>)Nz`SYD^joY95=^Cf)G=N4J)I`;A4
zLa_78Exvi|hv%}^y9&68$u?lC-YOc`<9cf*Ggy(FVeU`agjg^2MyBoVHM)Ua`TAo<
z?S}hv<H!X8fMc1zbss(d{0y_a8>NwyhOF3#LUzaXg_Zgmk+8xBy33EK8AOzXRc8={
ze5OoCC>1P1L&S;{Mk7sjc&KQ|S8wuhmOcn_47}VJ)Y-@_uDrx8X!0IQ@=T6CCGvsD
zntw2-QHth4aOA_{!})*Y$x+Bva=81{VW;24m&}410dWg9(LmJENJZ<QT=7^M4l;3r
zfmdI!ORnF|{ySOUlnxc=gG7l6OOloRU@;W5z!bVdOz|13Wabx-X46H|wf0yjrNr`*
ztp0W9HRj~Q)NuV2#}^;kGzyZDQ3YC%z4k@^3OBG95~|hD)5z$KwCydIkA8PcofgZb
zn}B0(0(`HT&H{=zOn+-3v;MI5wc@Q0{;P~WjeR2hp2%d9nTZ=~--UV>1fxvNlxn6>
z3j+xzUKFsG!liJZ(MeLbk%-}JsLXRNK$y<x938g!lI{t1{Wu08g|lgxh)qzSP=Ws_
z1%K%1=R~&1>9p3clP9{=?@Y+i=04wZC+D`_2rwQive^@7gUz-bU{10a`3_Eldd%eZ
zm;HvnxrLX3nrCi5RlBvi>~`Bu=idBYO;%f-R|W1&rRoSI^lx1~w@?IzqNqrBn>bSN
z$IFmMb3n6??tr+)g7b7}dxQqcFd#ljlV`q<y2L0qe5h+;#$0ZcwzGgrt<N4I#A@K#
z1AC?XY&h25`QAX+J&oAbny#Dzkz&_ohaNB3qHPCIaT8XDo9ETkcXGJ7jZM#QyBc>Q
zfYAMKN)bvzd(~I9h4T6~aMa|1fIGd4m??$You#U&s7{TG(c(U>5(--3X>SL{jxruk
zbi|URus56|tgu%royt<t`*$`4K?0OEF!zTRv2Ly>9_ny*i$YH4y<(j>lY4I!8UOFp
zJfw|Jpw!k;%?XVDdm-e7UPB|Y@mFW#qmyh-=%!5<u+IpeVrT6dfWIc2Gm?~bxeuM$
zIt`6v+ipq6e$;6^B=6&KSN$uebX|GsTRunqo;(@cbl8L7h!LA@_OCh%EbDqR(q74-
zgnh!wR76aA+Yvq9+O+gK^zj39>K!Zbr1?v?SlJZ+6)<$b;aa%EEAMwkjar`6(xm!@
z;s(#c3$r`6SuY{u$xG=C^HKNl>S`J~po(-UzHO_L4NAzvbfyccQgpQF@b67@hurrj
zQfCnKc)-KM$Gkh^_6VVrmT8hUHJ-tB((umRrDKj1CklyqiZWxO^uvUSBn`oHlEGD8
z4s0gJh*S;Grf!BOr{)`suC1)KsjY=<V&xKV2<O^3bucpUujd~@nw!=aL`jW`=9~0+
zLTMtJ8dMmfFfH!PFB;0(#bygobt?%(x`%r}+QqaF(!7T=_U-BAih`1VZYwa0ciaq0
zhqdz+dLdgP=cKg%DJ3`JRq4pO#*>~^T#=Tq(hClpa6;Q==NBfH@s8rP@S=)gPvh_@
zJd_@i&GW2K;P9SxC?O*hPrd}zHxuKutQ|NDTntB93HrkHZ&3@``Na2L>Q?F-G6;lu
zw7T35GOMOV8X&V4I%KuzP1f)bi0kP-VOop#9*I`3TC55rq2v#?_|TafKDHP{M0Dj8
z5OM=!T{|wzuI-CmJOmaBy<cY>+bq4=7cryOmb)%edRu_9_SYN#*ZD7Bm)agGFxCY7
zjE>Q@AlURrdy7w5??-oWp-*k9odRp2t|wEb-c8+&tkJXkieP_Ss>=!8&3Uzj)2HC5
zNfG~FThDk>eviEVrxibjcT{k$zE2zxL8dR#1&MXKHw=gOvJLv;^H4Zx<i#Tb(CyUd
zHyz};3Ws14pYnfULW^l}XXvD>+Azc~OPP3?0{Y%Z_XgXJcJz15Zws5)E7~5cD1#l5
zlTqX2WfA^Eu~CT1F5_H?ng)3XM~LQgt`mVv$(a3fQK7C_*HZB5ArSOLM%ZF*8<5-Y
zC7oKfW3Ft2gucI?%2d3x)2J&-BW!v$x_WA+Desq*%zx19^i)p%cdEn)83@6%E`kQ%
zA=_Mv`#=Pm46FFnaR5pM!=mD+1KI|&^<5tBDiA~;=Bf)s0&<DEhYNIpdW#<I%Hs}^
z5z+U-0~86qM%OP2tOCOz7o;Du1rYbkzC)yk_t8G70Lh`)IP{eE3x&{N?6C=Vt8H-W
z5(RsLV1b>c>v03~rt7(e=y-s`>D#2}Q2`ZKdRvD)`o8_DhqARgMsJO=SL$F?W{Ft|
zOF^p&f~k>zAi49S_6LRwKdK~$QvjA-?qv!m)yDOW{&T>hX|Bfc=f~UW*I=eHVFCJx
z4cWTI7i<^Sy4_@%Sj2K@c!LMe%b7*Jkbh^-n|L#jBDy7hXcv4B2!h3mByMx{D^@LQ
zRbj!8x5iJ(9}rXcnnWff?PP=YXgCo~7HpNBrHZehfqw8;Wd_|HsiVFl$rbw5vG=Eq
zZWzmpsYOqpjxeKY$up-ogg`Xey-Jq6pc?i95^95j_Q^6|M=JiME0HqRU*u)l{w>~#
zp{M$r#xAHK6Hr_^+Z1@8my7qR`Xkfj-D@bA<Ne0F-60I8QsVE^SLxNCEIT+ih6B4b
zsqbcg2hs`6BsO~dkBP;h(5Rr#bmaB)rjW@!DEPNAsouh@Uu>m$5&;(Fly2k&q5j$T
zg0AaN##nQ8h0~DN5Y0P=`Spkm4_U1m_@S0eSEkI2h35B4EPfxt#LK4;w@sm!^rP#)
zX-*pJTk5vH7K=MT#fM2|)#*XVUG1P-w6Egx**<Y%`vw5h*4>2UX?@-<zufq$Kl(1=
z8*JYD!JO*bavx{P2_zxQ(Pnw9j@S|%Y);W#+R)R|>NFfJv9FRmUxRC7t~U+e9S~pm
z;ORX2l#IWhQ||AEO2}4a2;9RYeiC+EVOe^K^Ii>Btl|mldyf5fBW@EB#D}T2zaN)O
z)MajkH=Mt(Hz&us5(A9{Wx}^>tbvvXrIQjbfoU-QeT~V951fFjBUe}Glr9Uax|$5$
z)g=@r`wO%Ao&)urq@OPaJD={Q<+d;T9WPW-x$ik%hJx=TrX0AltcP_|7=)xl&r&6w
zL3>V0j-j^Dn*NWbvO?GWrzVs|)Z2|<IXV5W*1AHpL$4;@RBI^|@R!UbQ!uNMJb#Tn
z*+2P8jZ_4J0NLopoFL1_Oo=BI>s=|?(`|X>!E*|3MV%mb6kCGX8w$O-d48cyxz%+k
zx?@breAShw#Z|3qy<m0DrhAsA_2D0@LW>s^0Up2B**fa3>BMyc(nBA~?xPzxcTE4*
zQP(0X80DDl-m18Fo-@DvgW(T1sV&7hJxmZwy$H8Q2X^jc^E~i;G35t21N5Hvh&n2k
zkYO)F<2K+9$k~>+r~z?}`vehNO7lOlxZ`IAUFNT~W6N`A%sQma**|%LH+%Kx*9*P$
zyEQ*UaznSF`fo+exBX_UM%e|eyM7Q*B!@u{bW;e%-X#>~?3bvTXW8nS2^zeI+QgrG
zyxvAn0?{+kh|!0Hm;Am?lMY>HCkJgajdS<G{QW+|#&>s*<JTNs*^fmYrkDB&Q6udM
zz^xSRLSkEDccHwrZuX1TA#K*8>&NuwvhX~R4-_{jym*n&+H+jV=@=KqvX%^{L)OMy
zJAzX+u@b<^F`grEo_lh(>JIs7T*2-%-kGQY0u%8jY~0xgC<l}7>C{ptVgi-@cTMhE
zF*>W*3ix5@Y`d2J6#fJX__=uELvvK|eFWB@G4Yz?Ue^thp7r6M9BJR<mxUx@<*T0>
zG8m(a{hiH{+|x;=bfmxTEKnsOFcCMocK3B_+O?b=OTr@Ju;TkYfo9=su2|c*glnMT
zoAOh_bwiv-iZHrDhNN(R#C1d3n!yuoHr7Z~UyD0m_#W&Oa%Hyex}uMjX|RgYh9c8M
zMWwcezF>Qq$O%_{dt$~My+m78lj}pKw56ntkFJf6hnS0vT(Sv)Bc)Ci2a*Fu61RzT
z|Cet&sv=vd6jWw+%qnk}&U`B4ryc;<IGdTu{V?sE|Jeq%^?OJv>0XI5D<df(A<3)s
z3U2zOM1_fSK1E$+lCip5sw~Te7ggD3|Lnv<%v8`!ZBY`v{;#>z;67p!C!(^4Trfv&
z=T53-eVMu1?08zzJ>ou$&Z=Ut^9E0K7oV1r;7=RI^ndcc(0Y+}C7JrPQFMTvMM>ns
z0s>Qvk+$S=<NZG;EA~Q2)qm{e1(5qnrFm>xg6&_#H$x&*HMyZB??Yixk*iQ%rhZzu
z^Hf=Nq?+pDcyiv7F|C%Sz94<H=&uqwJ4G*{=DOT2PqXJtUU;QnPNy{|2pDq#Cn0o=
z_cy%!bsTiDjP<cu%J*w+FDt-vVn_B&+I><I=aRg~kLSn}-hYT;`DGnl-c)SxylR5%
z(rNwzu_vQeo=6$$`r7K@-{re(_b9(n$QYY6xK6%}(gatPR#b$Q1(ftKP4-GJU1hGU
zWXxBMmsLvK(BYMNy8dxfvylT=t4tcDr>mJ7E?G&tJt!j+MdGFiqt5{}^&?DOoJR3c
z#?~y<zNSg(ex98{!ef~v4HdGX2ge7e)_;~%7#ixD>R{Z{CAT_>=j~akluqR5sq(Y>
zK1o{265bS}geUBPq$!KidYRt;=JvO)sIm$(`%!*q@^4{klISN-JObrE6D~bO_jPGH
zDag1hx}ify*$Ilqf@lVS;vS<6&WZ9KgX%c?Q72x^bDJ{m6r~Jn?9jjm_Hacjs5-xU
zAH$BZlvGp0sK6A6WXArvyW@;8^OBZ|7mZ^^79FQy2bJtPzz}!+q#~Bruwl)Hd`u$|
zX2ohwbudrD)EM&JbLV~t=cC0LjWN9G@Q~~W@6$xz{J&oxtP8&YhB%rOe2Z}DeI4m%
zxm5Lt+d*OnQPCD@x>lNGmDysr->QRxsHA^?mKbUM+!qD6sSFX7YmtsHt{K$S0H~6T
zz#ORtD}M!sv|`PvI{0pcbyO8&s7!l?cm1f{-*oys@np?b=FVy2{e4hArKH7$laqh#
zYbns4+{BHYqoT(Ee3PDcEw^aPyr~aZP-`rw(sP13$+!zWm%MJ<cW9m8YQ{3;r2EI0
z=HNS(*R8Z-i`YbJsFhIromRCp!vzu(ZC`_Tznki|Rb%Cwp}Elq!5dR#Ok?XXapgbU
z>zM|>=!vq2E^_Zb@JVNsdKN2e^i^4C6P5kWjD>=|o!Kg60Ns01A|0oy{Ll+R1#4(i
z{*2NOm%L2r1~#T`C~2Dj8O&?FQjCR}%xn{!e^4&o>VJ88aT)uE%Z=t+{wa~GN{#2<
ziSut&<<6^3cdWQhmMJ>zFj@*`i!n~iohzsPXq4U6gB)DA6~1!A+LsgS_@^bU1nJAk
zYlWv8;c}={3Rvb#&TWTmI#gxeG;`@yN3Z0D@Gv?Zmz3mrs!P1&Bd0~pmu@nY`4A3`
zjz39`{GQ8v2Xqt)%cC7@c1ud^icOhjdDw&wtX76rI*{_YNW-r!Jj9jhm9Q6c`gjft
z=vhjP_oZc);a5*xelT;`RQx@Jl2%B(VT*V$<Vud|1+c`G0nLcZwmdiQq^U+wvTvZE
z!_?@8if=+Vg2vQ;?G|^|V;(^%5Z+n4i8pF9hySR57URCJgJpJrYiSuO(8sE=M7M&>
zLO#{DWPFD9*?s_+4_7(#2+uN8T-l}!=0ll`g6#)q+4UXAr`3F~-EVo*cF$mY%y8=;
zQwrEGfI_B_%gdRinh@c|PxrRz)6b7~u1~kCm~ivoU0F|ZOleP3z?<<7fE^bOP}_Vc
zRP%CPW7MDvw})gsaW_raJ@<TqiUE7g9bJ9s%>D3;;P1?s=1)05ZASMw3kGo+|GaaU
zsy>4izsVHi9WetB&w;^t@83Xeqzm4XM<PF<%}4w3e-!o{@KkpHzwQ%7$=+KEW!yaw
zQD_*cD0?L<yHLi>NF|x^WTj=5y(45LEgF)UD2j~8%IJUYrT67}fB)C#gL}W{d%ov;
zzWbc#dCt=?oge3yH_dl>Hxy_4*y3Dy@3%tTLhbxw)DCXPE6HK`?LJJ?NMo-CPn2wh
z&Zt#^7x(v*B}(+NiaMhfPfnW`CO7q%RV+T8E*a?>(6(Rd(>`257Y?3Mx|q2%|K4XI
zZfa@j+HhNzi*fT{R!kd8d-#^K_FMi_Bm8z`Ll1Xm%s|eY3WqT(n5Sf}w2SU}-1G!t
z-{u9q@B5uz?jdVix{%S{lAcUHl0$Xh_X&AcZh3z2NBQkMm^^e{{5R(#MfVYob0=Bg
z=Q>Gsf$>65!%q(8k*($mtvf%5=7%YjcvY*NJAJ;imZJgr=<o!O*ue03$I(scOwHVA
zZSuw5S7)`00&MQ!+R#yS*H!4MKOV7=F2))WuWs)|KRM!PXic)QFZ{Y0IhJ)Xdpj~D
zLv#Kdaf9QG4zCE)HR3%N0fKm%{7wEKuKb@rhH{lW4{DW)YwXa8H!9%i9epbF;CM_;
z<~FN`{fDe<GNah?nY5ld++pN+|E|&*O=NdEaT)(&bEZfO`#mwvP>oj33|+D8uryK5
z2CEHq2WMN55&QPOX1J{3R)n?i=S;I!2rXflyn8`^JT#<lwi9Iuy=7xt!rE!?yL&=D
z)ceklfk$tfes6p>+MTp=Hp8m-5EHShpJ88lvc6#madp$52kYUjj1V`Ro{rc_zWy@2
zV-IWam_L&U;S$&M&oE|oH7m;~;%80E$-kZmUrx0!ej?~SUskSg<vNt1loP*{)-}{H
zTBhPTQZ$R7o|4x2mO7Gv>X~mm(fCs^*9rbC=hSh&KyoqHr8QD!pfY{XFSOL!>s#CK
z$sd0HUMWv(e-$|W@>sYoQx&c)*hwBus9N}tJTUmyn%BR<_<I`m5I(W!3Otw8+&Z3G
z-f(gB{BHc@u;=-zSH??x$~X6FB`Xi^%befQbLoD#b*rg$!K(u8a%DkqR(8Vg9@*nv
z?p5zp9=MeZ6yl!yR>c<|HDxL~ywNVV{KMXjIkqkI#h2v18LG->vb5|P^7@+XKu-Uq
zT}=Ec#P_Z`-F&#}ZEo?_`;fyIzQv5#nCidCI!jg?ofeGkCa#`;I_B2cHCq!YP@N-C
z{T{u<p0Lm$fSo&JBTClW6Z3J~gQSJjoS2WF1T~k~NyG`ou5QDnLv|CJ-CaM=+;0+j
z{OzeoWCX^)`;dQ4x6mAYJaOXc`{D)ilwiN+*6@W?_h|FSV^8Hz@JwtR-!y9)cQ+?e
zrB_beL=(IY;6dZ8-l3=RLt@pU9w`5=Lr+B>i+-Nz<(W`4EnRv&*)(>{`1jYj&ofVJ
zjDK6?mM%3`D$NO1CEG61qkn#88AACdjWvzE+v}e`7^8A4r*t9e3c<gt+xYh_$=ybC
z^nPEm$&o<>f8T8`3**6I?RO0F7HR}#$WxIjU(2Uhh|rwS5W{ox-A`Cb_V`CE)P)XS
z-O7>3&%5h}5BZ6{k;)S{VSNR`vl^BP#ik32D&Q;$xy40>pJnj)2!b0yKrNq-fFDID
z!RJR27(r1qfgp-UA(<%u!ArA6(P*?N4vD0EhHFL<XNCU;f<^+R5&Zx23(i|OJci(-
zX95&NVdpV~B0UoZgAs*u#t?$=t1*O-;`%co2<y*;ApFaj5QKkTl3gk+hM*Hh5HPTq
z3W5tkSUKUuTm=!wMeVxwNCyJ0lxYtlnGQi%IS!&t6;UflSbrP@;m^?+FbV^4Giup5
z+n%u#MG^iv{$WZD!AbVzY>XvWDi0iSl(RpN<+nJG{aT=N#x;mPAQ<_9UF`$EoPA3`
z@WoRtTPy?>H#J_lhU5;<@2}r@I&O+x1Zi=4oXgeMh9~a_S0d|1tA0nnJ?!JB=!*Sw
z9Zm&{ewd$IP_C}_mp$txG*)?jYN+*ri~gagoBB@s#4Cd(9iE5oAxkwL%V1U8%7K`U
zYh|+;bSKlN>9W^$w+b7T^c|n)PTs!ntLVOJFT=Ku>5bec%*FQct3Lf2BjgnDKC|MX
zxLT<Eov?hN6L~rnrn*mWpkG9co?v^(mz36q`gnOR$h0QzF}W(!Cnho)`$FE7t&H?j
zi5$|nkbUELIkc;zCs~1<$vw%!5zWa&Ul+yl6c-e%6>I00kuJNB;bzi>Ip25om^iwn
zmd(Senv;U^mlY~&><&gpzXT^i+>9QIOt#NCGjloWu2LwWj-Y_qr6@U*@Ms~hR(#@j
z_jX}!mYB}^se0A-1%oy)GU{G5E_jQ-wg-H(<66+~#otFZLq36<$>=81L~C9s+*I-T
z9Q$?`=Jb%$PgC!1^mGqR+MY{JId*+8fFyG+@R7FJwq{=zAx(b>`n=cmcFI^Cr|bjK
zMoZMtBrz^qJh4|ii(bB+!N5R~!6s3)EHq0RxnJjwr}5JR1@xyPW2|m?SvFkia{O%R
zzuPNVP%Sxk5O3KoI!C@B7-E$nZdm{;J=qYPU#VTU{Z7U21f~7{?wQBBGApHWM5K0<
z)QmkX{H%T|;OxB!EDI_*z{L{t>HrU~C@QU5``D1<?3b=WL4vEusnPAv$G1L4-Rr5>
zt+=BY;i#Go?Q<7#7)QO>z9?mrKAi+!fFxE?Hq+!gL72GF+wv)k-1l28tLvQA>z<(B
z{0oZh&1YQ14nT1=9w^K5sapO%)^I%$eqU|lOP;&cmO|c>MNEcXT->~HZBk&MwK@Ai
z<x)ARFgIBrQ&{fs<mWSchlY33F_PLzNdK-66Q~CDi}Z7(cEk9)etc%SM)zMjpd=;Z
z!x$=cIK8*-uVTMAaGxxdlKJ62RJGImR+^}J=E30`dXeT|9yo{Zq}v`UFZTTS(YjFI
zfQ&a;`wGXocn!J)^`i<FnGWJKGPmjl>c?yCc)P>*;LoR9QVK-4UpUqOOyg6oW?u|R
z&9$}{yJ{1S>Yozd_%_tx!7=p*$Gv{)<L-v%DK=rd36(F8Me2GcMw5~8!I^g9@<jsf
zX^2CvBz+DqkNQZh#D<#&^hS5jdI&r?RaR+6R$a=<XeR{eM}5;ed5p08zO8ty&V7aU
zjPI{hK6uUe?=tL2k}UpZ1YPC7>-*Qa`PutbRf=~@9@*u%XkcgJj@o~iEU~L{(a^_6
z985M<dH3o&I342Hi=toG$yFX3D*ERKhMylo{9rdtn-aX;Bt_WGG<D7F{KE&Y-~0Ks
zDyNp`K9tWR=Xqu7=KuQTdFY6F2GdLJA%4C3rJ6xP`Q28p`Md82w%+&};Z<4g?}@b;
zt$iW|8)l!`khg)n%eUu;bFS0nw9)zdj0yDDg1D#8XY%1kk2f88vCn6ajDIr0WH{8b
z_uU;O@^!~F+(r&u_*_vMK@U^k^Sv%Vd3SEU{LYiF9H#VdHxL-^R33U=5%)IWhvD6U
zu`V<7ly2}O`2@y@zBr+^BXeJa43^!U*>+F$Z5cm<I24)3$FKhhL&0fJn?RO^!zBHx
z`vbFML*ZD?TeogIPFRJvw2*oAZ7tN8>ov0+yxiE_Hzc?{R<O;h3FDqqdwtCOOUu_I
z#rG8kap*XrG4|~F>)6uzhj-NVPn${W`@O_i?L2H)_3&DA)SH@^iszg&Z&UAu&DtKe
zI;U{n&_LhZ+R^9T+waZ|=h||x<&}D^5!=4c;7aB)J8xff*Da6tn2pcHlCiID4kqsQ
zQth8D6VGSbsq-|eTrDj3wGc<pR$kmm{_7gAUd~6ggwh|x?eL9_`N7v}%Rdf|p)-^|
z+x4vJ;I^^@f&8tP2X^W^VfxNs$?=Dy%HRG>2*wJ%yp!||=bZadpn_?Flx5JzyzNo|
zfAJ2zi<V5gwtP)_>v)2#*oOZs`F!f@wt>lch3gqcZTsgnUe;v^5*P~4`DXFUJ!i&n
zCtUH)SBSd(B+Ov&;UxirLd=&-1-RqKnhze^<;U>x`#Ha3W%6>7w+0ID1efP2^bDNJ
zzo26$^2Dqm^k{<i*Q)OO2PHik_wB4FJSc7^<hr5nKJj)>oagR{OMVg3&Kyfmp5yJ<
z={4V*^RPm{%&{l%$)IbK{-}dpR~;Rp^5L6mAMAUaaysjsf+OK^Z`2a>>_QISZww1~
zU6FE>@taLCVwc5S+~S@S@nU)m_iR*nb`?J1e`dv;8C=INW^i{$2E7cX{@Hm$z6wtc
z2Xw2%eTLSIgC^*~9_AuDmN=z|2lvQqPv5dj1o;r$TMPRZTPiv;%B?vo_uqbkedM^5
znl>nJ=W8VX^vTT+hqqU@n7&bP&2ux%JYtl2w`*wZtK;<BCXJJV{0kSQX4CqRb7^<P
z6{H;|iuE;Od}E6q1;!n(e|EOWBtnh}E$Sm5?q|xGu~Fvq&%W!&-u$lXwp|PfzfKkj
zI+!x`7IAEJ)14^x`fEzBIU*9W`uE-Jzs3;7lb6xA|212p&<?G<*p7pZoax?9J)DVc
zp8M=7##;oJE|)DWDC92$9-WP*lSJE(JL*X)@5vFHa){ce5&krCN+DS(aMRqmBMf8i
z(%MT=+e{HI4im;xp;afEd4~0Or?*W?lkeRrvitE&DLQ0KDKXh1(bKgc#QNIa`@Q-a
zwzlDcM^YbUu@-E;I8pH0Ox-o~V((GG%)5_Cp*&|h*hZj{+>TGayd?L=#ly-Ti&dH~
zPT8+CB<wc|eJw1C_@YS8N={}y-`A2eoj?BAxRIsm2&aRO+r*Sjd_4V8=gTjYUG3({
zU>(gf!h3x84vdRIuTBS{t+%wRvd_D|E#_U6bo9xCc!|w{-?g3yxBb#q2vW5bD=|`u
zI-s7#Q}RYhKst4xFgC8>BdWnl!{Fh|<7Nsu@AQVo+mC#C6YX}nvgG5hLgs3_Fkuq<
zVXb0no&O-iXk&G2(Z{Wi3>7;cVIZgHQRMQP+>3}$=dC2=*pH<vY8xabU9X?SbByW0
zF++<5Z4M9epIUI+#D6^_J>{Pqdt>ldn_<mC@|8!e%&G+J!`ttf)tygh$sf@>Qsj-&
zzrnXVJHx)I@6n@OTJon@6JxK(eQ??;f7I}^=-%`hZiLr};fT_WSN?O|kBc9ak2W({
zlTUQMcjsW~WbV%FrQf*!mffWy6<*;*cuHp^Vqvt(m^{JJk)l{EaM9mV&W&9@K5M6a
zz49A7E%5_YTQtvSe;mzAkljJZefR6^Bf*K9gFjjB+t62qD4_><3|_%eu_G};U*m1s
zd-Qsxgszqcw!*hP4xhcaWSu*+khUlNtuldpLHpfiZ5}g)`$8&gMulnf@+J%l&-3FN
z?h3y{)RGqq+N&OYXCB!$B6Fsazx%A{KpV~u9CvldeSd^eYTLP^-QSvm@1+j~cR4<4
z(&-^N<oxz>w)2Es+<dx{4!Bk%8}wk?Qtpeq>@v=&V7Sw^=LhbV8KmBJYvg#&cS|{u
zNitW_d5*1hGqbx#J`#V<N9TXBF>JqRa*ogQu;<Y0F+-l$WAqXD*`_Nl1;0D<v%Jo>
zT@(7K?AiaVU!IJcAm7_QlAYZqYckW35RaUTN+)!uoJ&?PluhiDN~rK}+N-<URrmat
zqBl+I{olX!4`f}LZ}<CZd*JK028VKONj4!j@-vM?*&pq`9CchI3hLN-);^0xX*LUR
zi@Lgev8n3Q-*nw(j&tZ!sB6l!q_#kdP9Q>wmu|7Qk-!q&X#h1}d$XkJBQoJ;6&jhI
z+_Lm*LT9AM)=d1xAi?7F`3=@b(L)6%Wa$qS2#hGn-?%10YL^<<F)Z*%s%&a@+sEmo
z?N8<}{+`i;m*iAbbvq)Wi95vp>ZKXn-gYWw57!JL1fN*C&-LEWPYtQ(^e@7=2KqF<
zp+<PU#>GE){j789sO(T5v2~r#u1xaiJ><5Szt>p#DevV87m+s!dr{`!8XLEEMNQr_
zl6{<<BGsGlDT70mi%qW%&-VUGi%g(q@LO>~GS?^3U1MC<lWyB9&$r-qS_N2Zxk>MQ
z&m#9@d=Bjp(?nFRBq|%;yPkD;7l;VMQ(FtSrwqz&t$L&d2Thu3E)3{kz&qB+Sf3Y3
zddSX^10IW>4<20RZ2hI_bH(?Tpu_V3!}Q=M(h8CHumhK-Z)AofN()y!dt&g{FVXU3
zWe@UB1qq$<6I(Eor`d;&{5%z|U7mS(tAOwoVU=HBikaJ*(GHE>=0XY+gI!iO*LO*#
zTfCdV$2b?0C*S;f6d$wmxR$nG-)$j19o|yk_7~?T@BaRk((L$v$KabVcwK;+X6JlT
z6o)S^CO6Tv(0NBOYU--=3;CgU;#TPG!}O|J++^8PNQrOWQ6Caz58KkUA}YBz8TQ_y
zFEPCJ0TD`Xr7?PYhg_zVO`%h5Ui$z&x8|b@ZXJ&ODtxoCLQt29+-1j0NN@!GRr#yK
z@=Cw28qd9%9RBLfa<kF&2j}@`h~@`Ddrl9WRL#Z2ZxC?Ve?U9-8bi=s^N?b6mqeWv
zpM%W}a`5xQEzW$=HnSppRnece@%2Q1B20LoXCk*Go;(4IrpVTD9!!+<*x!wkszc2k
zidU4VJA_setJ{V?9r;NUopq~dv(47b$&;>4krH+Ed{t4O%C=~p^bU{ueI(@C^=W*(
zu~ePRLB#_D8qfYJbA2Q#0#`@RnHG&)Lm%HoXflDnA4Z(q*wpvon7t7RKCXw5#4CFr
znTQ?Pr}TrKclw5D#NHa~Q!|$@srHs|epe>7$Z9>B?I?awX1sA!s?&R8X~e5$hWb4z
zqHvKOVh=`Av6x5Y-L!*O?aRYgRUC`GRD8cof%o!`|Jv9kKz=j*Jw)*~-9SyYQEtgR
z=Xgi2t+^d6c?6*?CNJ#w^HX-Q?8Aq+n4UqGO7D&2VVC1QUJ+A#{lN)y)v0jo5ri5;
z&>>#$;cU432x7mO*X5lreiL2IUMt5Y2t@cDYm43TEpBS;p4yHCv%p6|)hJlwC_<A=
z?ybJP1>L0{enduiTTXRZnp-oo&m439)aDwwbg}nQO~-I=FC30O@g}KhTA^C3eW%f7
zYe)X9LqT`#^L8;OytySME3DV_r6nxK__97Pf8w+4g0+^zJm(_4V<I2m4Z^2hNe!Dc
z=uYQK7mW$D7M4Api2d?|EHb;}_NA84^Y_S6Mqxkf4Jvyq_8;;xJbH9afqY-TfcG*a
z`Q{Y<+?{W%hx+d+T;s5R%6xF=PIggWy9<x-AzP%4w4`{An`TM!r61G$gxg$eV;paG
zHREcYnhG$OeRg!-GLXKIIQYKB=hDW39q&bj!Vj@u$!H7J*tSEIv60^N_(5)FZU3uf
zI$h+Q6Wsac;H4(=&%zD4*^a2|#htn$PRE+C@R-9oCgnrxNhuwM?R>lvA`Fd_Qo@Zs
zHZPixv3WUdpRRor2oAYA=5EW7wZPo>>uAT_^djwaUjLoyLSyPeQ}wmqT5C><vfDmB
z@MN>XYf;{xk6P2<vK{0C)$0;MkgiIhYCS_Xo_xbL=o?<DP&JMDq<|}awt`uwy?3|3
zqf<e)PUE@wvStRa4;Hb^9ZoG4K|3{6IvBPJY{Gvf+6L)zY|-t!aJsOjnQvoB-aCe~
z_>3Y|#{SF2;HY2`OvrJkyhesjr@VHCQt)a5CuALiHD6`y>l7RQMKRUijsmCi>834k
z!>Z&kVcfF<)%(n699kIqf5%zOB{NTV^rF&q!-Rbfzq~wxe|$0Npyoq8fz#IR)~7NL
zZPK<0G_yHUf|M51KyFJDoDkrRD|e?;t3LhfcI*)P%`TpjwBHxEh1iFF=lE)tDJ2}o
zPV@?Ns@?F@zvoaJY1>yeq4RU6EgPJml#e02FgZwFkT0VxUPFm##^puO))Ce6Y97z0
zcX{k>Tz{Lw$cM3WeoQ$o54n?d<ZlO&j;Nb_+Q&9i6St!}psn3Uh}C^hArvaq>$b<F
z+H$||hwH(|FtdG|Ou~X(UY{QxG%hy3d&+U+;}FO3b0e}hT%QXq?DAT)j1Af8JJ+b<
z*#G_sc~IQS?tIAW9D^Tc+H23*sKo!(mB{xfT-8;)Hh#mvllzAeS5p?0W&E3#j$2GH
zM{1Ak?bJNH)7$N(h-zBK%`@WLhmUI9li;v?w|{s3!RS_pE%VvuqlKrfiC3GQ%Y9oK
zJZ9hM87Xr;5p$Ij2+2JP&X^y*K^kqzEy+6PtQuoTp2v=KRiwW%BR^mCx}@nk^Qd6D
zu+!P!dwOZl<6lFGn&zk5JqL#lHy1Tq=lgC`z8Q?N<4Je0@)R3yQB$*euY2a?HdBV8
zQY%O1CtX*FCHEB)B>2L1(EU`1>OZIFqQxGwz5K7F10gX@c{o0YnEuWOp_a)~+8f#>
zhOEs9eiP(W9$eSw?rWl{UniUMvK4QOjJ|Om2rZKs(L13q9uYu@uQC|XxD9oB9hONx
zc@UN0<XORIo&UWkUPiiXgkyN2e(?f_|3Gjahfz|Qr{e85jN5g1M}m(@eoY!DNG6@B
z)stL!#psiq*Uk9UwSq(Zbf;1C*XK!*Up7>5Y><>uBo7BiB#(!4nAvQp_N?WW?D`bk
zs$=J+7Q}HXj{(ij>^m4dlQdq=aVKncu<ml}1HC)KK1q8Bsfm2{9%^={BNCn!@m?|#
zv>MSoVU`?BpMIi!vyOM*w_se%3C$}UWtgl)lu3wjkHU^u&xU@&;``omxt%=m-R{?*
z#aoYtsohcJH2Y1d+_B<)y!=ZaOkO>evz@PY+Y^9ocx%DnTKZDDImN^{DjT<Fw4Zd;
z<ZX#++<VtLkB)0i)r6BcPbT$*vOalj^P1j^+M1;(a)x9unR~Hj|EY}jBpsH=!&}s%
z4>WGxgxIk8>lI<4+S@y7UP};fY#5Ff^~`g(*HpYGn9O6=n~H21&bUM;n?kTxkQ-xm
zZoK`Q_XNymh)_h=jMXVJ5$|Rs<3)wJ666Gx?g)(;wHKb!Z)SY;Ah}i9&a|(hp=9=W
z?R>|ZuX>;it$;%e5k$;3J3;TT&ZpgTZ|Ss6RPt^b6UIL`cv+9|A@MSe`N$fjvyuL3
zt$b{J9=_2<>VamAaR=cah6oO!1LNTvF1VhpC_3JEKJ_Jg+fH=}o!B9Xtyi+c-1%TJ
zBZMGb46JN~uqGc0Ikmww5jMeVhG?g4ue0q+P5v6oDkS;*SdvVao9z8=hKKToPZHCr
z=nQM?1IV&-exr#d7=ex9tcx0gUSX_5>1dr9&Ik0jlTM=fw~IAMm%nj#SB=^H%%s<|
z#*jzQtHxOF!*Jj=IaZUqrWliKIm<bEo=1a$JSKVV^j>8$f1MjLLDtcqyS}N)z2?F7
zPmDb9&`u9rnYf(gWovkINm;L^+$OVESj*hu-LRH1LVc640$16|zO-04-WVZ3mkSpg
zBSbixLauHi%1tlW_y0BX<3gqCJaU2${t8;?gy2mkh~22Ao>!CRb}2TvcQ30^7@wuC
za)H8!aPg(0mtFJFE#-{ex4M5nyL2c)+55{E>qACMmtjv6guKvuPqn|akc&=BU%XU)
z{Z#Ajlxn-;9?`OU(~HB^f5EjT2pzgzFq<iYV`oGdE4KFZllaEZcUmM*w5l0|D+Ouv
z>hOM&-S!i+`|7n@yaBxO+11)tb737*gc%h3`wX0GijXEx%$N3%S?)dlM6lQ`bKxTE
zx&ANl&t2vlzg4q5nVBuubc;w)A3X{a3pf4XRl1vXzD{bd4mcT*@XNqfL6<Nu+%=N&
zEMUgHH(b!}X}|%JtI|fZrvaDP+wTbWDv|cM_nzD;_%gt5>*<#PJ%V<p&hEuK@t^YG
zH{7{1DYY(q6FWI&L)A>u<9MR%W&L5NM@4>1+I!O(Y*@}N-ZdeN9(NS>)0%hp@k`&Y
z%j!AJtfD&mtFc>Tq4BYaQU26ufa%W{hbzoZT<{!^R$@OanPziCOE{ppr1Kn$dE{6L
z5$(9BbE!4jco>%1dM9PLTGfunV6$(?VR6?xy{yE5vc2@2<f!X1;eM}n37t17nZ;a)
zYpA*t7nY3Z_f;@wur2JcZ+!M7eA0@1l>TNPr>AQJ?$J^kTW>+pyX>L9vW6gep~bpS
zxjdm7Y+4E<k8HGO%yoj_+qM1fa~>;lBz(ktN+Vco;Qec`W>;0>(elxUvv70u!0&}I
zc{>&dV{_5H%D>1;ox4mQ45TF<J-VTir2eko?11DQk)i0*c-t5iT<Z>r+vYn`IU^7@
zoDw?feIG;K=KOpao!|e=&FDjjAZPN~rz(ZDB06t8T}Q-5;9PsfA|Fx2)lV;yJK`63
z+JqLz>nq+qH=FB!JU2e#Dj*Y}&iZ~dyE=2e?|6Fg<_wpiUh+nh9g2xXD$lP3`@a-Z
z=fYczDBR{eQZti1?Uv&`>U(5iKBDE>t7F6O#48%Ca9^{}r=Q+tP+3<qdEl&n4}T|P
zlBK}q6Z~`w_JesI54<z7%Y0$q_`&>U&XQxhPuoiBckp~4XEI^%msU)@KNy!+_yDf2
z>(Jh%z+RrM)*bznOl;MDd=km8ec-@(GuG(sEdnwhcK1mgObhsHQ2l%7rgE(-yVLeI
zeJP8|eW#O^DqA~pIHQ}cI{3FkOWf5<@}t2)9f1KkAG~wxrkvRNG~#de$4{MyqL|$i
z-iEz09V~qwy;oPJ^NocEf6{><JO27Nx3R?J>FT6@y2-<#IY*PpJz4H4e2t0^x)@l5
zPggU)yp<eV|3mk-4eOr8tJ6(6%w1tu=jRph%?o;8yX(4gW(_Ozq{3&??}x^eb{^H>
zKN`lTtQf`m!&u_MtE0n%XVGr;<4a%OI`H<*aI4LwK9o>AR2XmOR<FzTWpLAh+S(ep
zM`>DP_Ty$^`2E?Y`!~t4-6HfZ`B^W|aTU1rNbEi3@mBbQx2k>R)ya|b_8+fy3>;_o
zHXpPpbGfMSRaD2Zpxxdxm2rn(C}z9jMZ%3YTBIF4b_d-~cw=hQu5D?3=~*KYvVpBC
z`BcUzV@L@e9a$0?h+^VmyCW-brbe1a@Rwv559BSZfen^4w-C><Bloh#R7IiWPJU6}
z!WTXt+A7ANZBa**5e%2Mmg0=sm0o@;5O;apbrUwn`o7h}zQFV=j<dpEUk)ELpKIRy
zO@F53xVXkN*L8p9dZy02)C<`NUT(Ic+2}rVhNDVnY#lkeEt2AISKjTGuphMSSASTB
z@c!`lBhtMurKnoIdRCU~atUYtqH2~{Tc11l=qF0$%1th}&p5#sy7U~2@9AQP1|ONp
zv({V|9sYEYTPo0KlbXt9c9#1|dQjl(xZ3R$zaJUaBD-a_cy96g_4xjdZST<E10LUn
z@}JUe`)*a10S82fZfHI*{Y~O2uho9~)Fg|aC_(*t{yozD%}9sq1+nDfJm(YhsGC7y
zV(;DQV{B}a@&`(Hbc6>eK1c33gL~&;(>)U=CVgj+`MZ+uY>LEdi{Kf@TP@Y{y|4C^
zPq$x)_5X6ELBzqM;A{CCGS+ZMO21Nm_0ivpS>ajrBKuixw&gSmwSM{_O!%SMTlPHR
zzNu~+i~PgyJKwXp?|T%W)khYVloQh$3f6s^Je%`rhsE{9;CEMCBAIWDHWoBtvlEft
zW`qE&Xr;WF*`<Y3{t^>n@@WK7Q)xfzMTV@DD`VGY@%>I*n=)<Bxa27W`E!iQ)t=nh
z<MG2R;;c@VV@u;_TwckJ$YWY>OMd;R43AX_pAbp+zg*_H`5eoRx@HnYUNUJO=~e#B
zGu|026u846wDhXxS%z-G?z(apX8VxT5OaYl+)!9++OW0?W>H!i_ieBJr87vw{c<`>
zFO*sr6rX!PKlOa;bFcSS!x7nI?bDrm-5zkopcNQSOJv=<EF&IV9q#hDIOKhJ;HX$<
z5Avj~DEAB1q(h=kKd`!Q4%k{L$wnTVi19X(I5lzA+eq`s)9Qw|=iN8Ai|7jM-+8_M
zt%g;|kax$1<Q7(4$tbq2LwkQ)9(gKsH9h74DK{ehr9^T{SVC{wUmm&>g!;F8G#E{k
zUa|$<s(-5_&Eei>AMkn8RXG17LWC@+n^@+xPxhvcct5jdzx@@N+HQTBWUV*><9>UL
zG^UDl*Tc~E-eg>fK`M@wQA)O^rQ_x+8zHvs>D!M>OA8;(da;E8K3gpPHfZ;43tiDS
zeBb4;+SSon`!Y4zZ~^<P&<`q7U3CWEl<;Pw<y(Yuws;onY%VQ2TUs(DMgNS8Tzvc_
z*FnF%#=1ASuXA$q@Wh$ixwV1*x&`l1+Y^jZQ8)KEc82b0);^fG=x%!bW{FMmr~Sq(
z+@7AhCN~dq?K~T>-`Hy(<C)T(%zML%M@EumowD*$vnAR0^jX}4aAsBa(=lBg?P|uG
zdA6QCc|(0by~ChXx{Y2us>C&~0?qn_TynV3es}V&z`17$;jiMh+GvYr6_s36gwI-k
zc~kuCixSg&hCKOh@SL-h`&nb<q3)iy+@oK=o23P3n$|k)P9AY%J9uv!>+Rj<uerZ{
zJI#3JY<5GwF`L@^RN@Iog>6DbQ+wL_FQQ~yWJc_crh2GnNR}mJ9%ps_X74!s#1oNC
z4oFQlO=i3Pn(ZrN(XIRzt7KWrQ(KAx*qP4o9LpYJ4Cy%BBw+jM;l9fb4O{rOdS*Ls
z#te;?l)Og@T{ie`#e=r2Gp*^>F4{FxBYZ3u_eKw?^>Nz5YlC6X!CS>#^I;)OC0RzQ
zmo~`?9+2X(`^IQxnz4&jReD$LMWLwuc2;`i*9kaBCg_KreT}O0z9w~*V?2fe4p&*!
zSz-(BIBpI1B?uMkpSH7?9C(><_gzSfa%)BsyX4d3>^Dhiu3C>6vDUUy>~dSYJh>Qr
z;<#E3n#C|kaoIY>z!_QIOrtA-UVlx}X%$C`GDa2OyQFv4B2&#h56km$JFh@vZ+2w-
zell16FS*ahU0WH&{lM*7TF#MYV$`gxa4Is{8;(x7$vW_QDW{zhBX2%<BgpqqzGs=q
z#TRuZ1jd+yFTBJCv09~~`h+y;Y&E9wCCeU>9Q}}!A0OM*?&aK`p^sYPv>I|iv$HdW
zNSIWn>bz$v_6}}6{PK8j#ig!b8`U>UL7sZ#$ee4}tau$ePUOTMNG%xL)}W-J-$=}~
z5zi`i)@XH&<#x<(@ciszxh>(=Y0H94+j@zOsBX5>AMORA*Bp7JrOofSSe~9s(fmB5
zjE=A`O(;Gmv@3lM`QSmlFR>^0#>=$)X#<P!4l8B{wayWXZ+{iq?&?pgdM`9+655l#
zU_n+qm_%R|ft?o^#htVcJ&O@3^-}Z+F|6qR5CRrj)xm};itT00ZEBX>o00R4Pkia$
zYw$X4j`RA|+%fyeIAHopaXD7G@O|F74%9oZdo!o<qAE{by-`}!xOmJmRZMGR{3zov
zS03B#U!|yQyPb~*7LR=XYBf^-^Q(n2o5i*cGPlU5O>gm*sqejWGeX1+j_kRAgV566
z!(ICM8t?W26Md@}Ms>T<F9x1DoGLw3P!V5}oh3s&X?U=e%SHNqzZ~~9XMX-z&jB0M
za537R{-gCr&r^x}AGM0U&EO(i^$SjBh)(2K-Q`YHM~Q?l#C$=#sH!2FZ*sIVMwuGq
z8NMdhEXeKKA%0&*ZRD%2*ksiwkJRnTN16H+coxkk^(xg~1lHNAH%H3tI^0P5LHf8G
z+h)L=SbQbw#-%9RtykG^m;FB0D4T8~7Vs)|m-PVeX_psVm6y+1OAc()N<kLdhz-}F
zvvM1_2U^JLHa<5`PtZMlhI3Lr#(IJAq_Wnv>Rn`2^`wyi``PJUA9m@BS57Dke>|aE
z(myHFBWN`&jbw0qB5KQ4brq%iaW3)@LllPRd2WsG);QaKMa7%VwZ1#5F#YF5P9lGW
zc`LIF|Ii+~AU-ZW-9;a0v{7?o@8iEtY!vmTd$+m8$9eLh)8K6NP3alV<o5F+jtb1`
z>4`cUb;&Nf{rZY#+oc;Ozhz3_jL<#hv*hj`I#_=_V&L~VCY2Q5V+(9EY~zzx)3(=0
z{W`vB_Sm?=kAaOWwNki7+?`*#3%4!_UQ%I-**#W?shu2EG`u-bN~rc5ce+`1=LT`E
zq>Mb?`_`pG!=T@1tTXMi!*l;g{mp{2PH~!kVqQkY<X>tUo>Ttg_YIqMenc*^cCpOQ
z#4DW?iS&D>eAaxjszo`f3O}Y;KK4S{O-0JVojF?h?ZTGQk@&mKu2P0Lm6($`CEx8k
z>P7}6eKI=ajs$qg_9%U8l)N<|hm+h@+EMtx?s!8^cEyJ0a)-U*zc@@B`<mI4J{zN(
zd@j_d?}t0Nx&N%;&B4da-+Xo)z4j)B{<+KJ0?2HG<h{ry;?}KGjb~$aM<`z(Ik#c#
z(vMNUO~P5Pew<!x$T4?iIR^X47%Lf<&Esv)`TM)XHNF}9#xf0FnKZ^T_E7Qp(F#Tx
zub}f@(WxB;HH885?Ygoz(^6_bbUttyG_dY`Fdp73^hA+N*f7dEE=CjxR0&qz>?R~O
ze#zo@FW*!NYXatjY5%tzxgYoTcK9B*@9_1LRx!WS&%UQ;AdOv@qY9SE_#t!u)wGO>
zYoV>`6tC{VD}Gg%@9qM}W(6som}RPpW0@HC&bJrNm~@|b(0cAJdORxH!0+f{#1P^A
zq=%!X_t3a!D|z6(`%=d%BWINlt${;Y%~=j`dRoVD{FUS-O&mX+#=Ek?=i9^Q@Odvv
z<4z2CTo69QuzS9yq|vD!)|Y);+IYm$z96e`6ZfI0)c5Q~KaF)xFv$L5l2LT}6tuyC
z@#izqTK^A^DlE;+dcH6Is`=Hf=hs~;)y4HPNi$`ri(aprY^sMQ*VI1g{%dBITyD>i
zDM(T@Lg%77l-{T)c7!s<?l_OK6nbd9BX-GELeMalr&?6-w!E6TrB-lV5tH3(R>oah
zFKvt3bR|D{vQ{EOIUg~8pf-%vUJ4b<^_%{eL=oxz7UVP6V0P4i{?8`&qU%gnJSD8c
z4mS^kSH4+dnSgft#jo7jNg%Ggz6gaRqE@|ji$H>1oe*VQ;5Iti_azaL@NQ=WfqWOq
z3N9gEjOgA=FTADbNbvO?*RJpNdZ0Z+w@IsDzd(?n`_s<0-(eNIM(BRF-{ezHbgOE2
znejK7m_bf$G<#wHb8qkPna#Tsx20&N7^3Sw$lFVdExmbZDD1&9Gh7Q-s%SsZkNX|w
z*tWgvW!?E3;R~|Q$-x12Uz-O$wGFT~k}q{C{r<FhzJb%QGa*1X|CKR;JSLZP=zYKc
z<>&qG<S^;q2<1_XKy<!-tUv#(g4ga#uTn_HT<VSn6{d;#B1^^|*U|)a7sur44-4$Q
zdS_?nQ;9C3tF*~+i}XqQvLkV`MmJ7Yy`B}CJ>bYbYdA>gEiRz1-c)gXT*DFHoBfJ>
zDEauc+#1C%gHKBihXiRaUCwV3`B>Z}GL`*H@q5Gl>YyO~-%Lvei^=bf|2{I5p>jZI
z%H`(cp^y80C(MIdtK&?jyyPvWTzU@-nOjzGAn%l!RvR*}z4Wd+STd7*@wZx&d0%UF
zPvG0RL)uebwM`;}2fi(Q(j79dyB4kT>Qb~^wePOELw-~8ZEucc`m~sR{heEaTa*p{
zP~d*x-tpI|cL%Fy>~5Yq*)++h5Y=u=)i;D9uG}(d?TYwBhlW+%5d3jlAg+J8uaUU^
zzDDA|+}B84bzh^#IHH1=kND?>S9mlD|IZ7rh%2`_25yE#U<*d*3>TH$+It;|xYBQo
zkUbrOxN@%}z>el8uD{ojxO}f8{M#Dh{rgTw;@@{VmNsIcNj`Y~B*e&y$0LcW*jTw|
z`Iioqz(rhd-6UjbrY__`2cNKmwoqPECIM^dK`G?*H-3`V3y8EzKpH4fAZ?2G$ZMd%
zU6?B$G2kP98HyD}ftydM2slv`egy#!per8<qA1cIC=pPjA~VTrkO21bXJzGoW=8rW
zckm`M4HxG#pfei2bp-O^#4e9=#Kyzrth=?12WY{-Y{wzoCRJx=mopy5OmM(a=qR`7
zGQXnBiV>wM@(2?=1loi|NmL@DB&x_nNtC#8go#8Iizs~83JQQ@jzO~jdn`E73Swl(
zQY3Ul6osWQOZkt5BMl&B*h>HZ>FWq@HGt&)gERt*qL6a>pJ)mHvjw-z8-_Y3Q50r*
zQYb8vLQn<PIq{!^Ghvp+g2LjK=fiCX$^Xys9O3%^zuDdB|LrYm{QopBPX>X(!7V2s
z4fxxC<AQsfmz9B8QAWARf6`~cP^}*bi)x^v@HGQS6~1cvpB-WFvcipUtN}!VNoN0v
z&5mBSIuv?EzG&jIe3{JuvoGv!0_}(2{(p#$aDc^s(m|jx%VVlp{wFRAYQ=_7D~_RH
z3hBYytp2Mb6I^cz?GQkrsF6+-g`$Qx@PB3cD8e!e64nqK%ohs&j2l4A|J%S2cmm9H
z8WI=A;N&&z-90G5fJ#zc%MyG+qnE=O+<O|5ffKADB?JKtYr8;vFv%I(2@8R^DYES8
zD;<zjH8aT{vp;j%MoB|mLj%@62{|)>`_-{T5}fP`@xx9o&}ImYM8iHV5DJ#C0g;D@
zkt2v=aacJpxT*YMOLrURGjNeBgxQS#n=ewFBP0s*oq{qXsOSU~Ne;002OV&}9KH^_
z+jxR6@PZ>qAn)8jA3+<416Hwxej!LixcM|B2;X&w#3|rS@D)4g8_RN(l3(dbf+sv6
z@wf}%Ws~Lh&`&YyXm|qle~t#%xPk$QXCV$L;tIQHB-K||qyiojphUsdQrYeZ6>b7j
z!63161d3d?!<}S6<)bIW4r}>9Ou|$Z{}Jo59##`DISm=}QdtARUk;4+w;(8@HTQ>v
zU<PkUj1h%IqScW|3<|Dvfsit2B#MYc;<4Ztv=Au&!E+B33<47TqL;rD@JJ+10~RJj
zf=JMV1TZMAe=szbKT~>AdQhkkR&eknc#k(w@<xiLb4~#XvpWMl)Okayf3t!v6?TFk
zI(jULB!`A$&w=(4FMwWi4ifzv2?Ia(1xm7|(76x<V!;z<=rVX_0}U)?^<0<bOjR8k
ziGu~tLc*}355z{%-`~Wrl*xC>qEUo3O8ldxmEOztqhsR@EFVdP&w}ySP{A#;B<%*7
z!>8P#t+0*@#0uX!2eE9Wh8_8pt|ZvY4?_JtI3A{Vhg?K4Sk(W=IuSnY524aux<ho_
z%W9>(Sagk2g?xZgN6ElIfa7i2hDK47<R2TOa=+TffC}M57l8fSo`FK(axaL9;)Zze
zzSBgCPzSuAtq2e>pg;&!YIPRcPq%DNI3h_7c=10Yqfqc-ASBQG#}(1b(dW;&IC#kh
z;(?{Sprq|o#xY3TYCjf5qn3-4WhtZ3a8d}+(PGfDjwo)(3afZSAok$bdNdlftlVX>
zqHwVJMG!EkZp(QN@)g7bb%I&1;`AS5fZco{PWWL6Bv$(E93)7$%o>h>kpq6Us>d4E
zFmTHyU~|Cz7)6#N^vWdBRKlx;3;X&&jTCtjkSJKs1>$G@GtFgg(O5Y2GN83J7`QUk
zd;gGHA0fqTKy<wq07=69eh`tc9B=Rh8ctW67<eEF1e8@(9U25Yw~N4$^8BD|juqZl
zIH3j~Sh)y9ZQqL!=ihdThD9%cApXH08j@S-v7(}7epk9v`CUB}8buwdl;;A}O((Xd
zCz?9e8f5e`UrK=xILMF^<}oPbT0cN7&unFEYGPdRq-C+MA%|Hew>Jn1##70G7_`=>
z*N|H;C^W_L_(jlb(j1k8HR@FkhQ=uB#h~z1^@@SmL6P|%&Zumz;S6@Y2z>3vMd<r7
zV`w6Jtp?G{5q(9hRCirVfD-@Uz7XiqUh2$HI2w0YA+Ri{l?kj+qw=<v+NVo^8slZi
zWZ9swXwtv3vqEh>J4A}4h2h%E5Q&<oumm|GB~kH;qu0)aYAtKVrrM&g8kUk_R`LcV
zSKvXGp=KVCD+nM9VN{p%3JwF{;Fp?xC~cHJl$-*dd~=1kw^Hd)+9`M>SkV*W2OAEQ
z&&zmtK#P)}aIhE|5`bOLLmPHsDPvLc)JldUV3e8U_t|)yF<xF0$)7MZ0uT26?Y>-S
zG_6WeSUmj60ODZvV3J?ECeptG<p?j+5jAC!-|KP~EThn<RWiWCVv!I?R#-fUrC=Ea
z{-W_jpa77g<cOv#oKU^x4=2FV<Vf(~Rp_8J3XKGT4TnX_ffXSJBZv9ZfvTlH9Vn5<
zBn;Bpg~H$f{S|bIn*N|Khr^YbVyFsi4TBEC`k{~nBemqB7zM0#4N^ydfb}#K65{-a
zr+<tPuDu2w+=aqpDboNh1(v4&4DzoXh~Z$Ey;q@a8z@xZPgfx>xH25V)1&c}Sw6f9
zNl=Z7I%kOp3iV|n0VcuInExT9M9=|7g+US!g?MuqAP&T>2xo*ryeqHnrV5EV18Tg1
zuS9|_BG(}14LFn>3Kj~7q+#YLNQn(i`A!uc5vT|QY@FH_1lr&&;Skd%G<aB)2vh(k
zkwN+$i-I)az;F;t*&-k@*ex2M&4xqUn5bjnDN!5lhz4UhM?l*sQv_N96V{6Xpf3@C
zz2z0{KkQLc65L2>H;IJ!IQ|hQ*lGjy4v+`D`#NZS8wv4pF0UV{y(!Jqj0qP~nh!+%
zVS<`}Vd+=^to|EF&FXLp1&EJc<_uH<fHrp=0A)u*eC*4qkYX)=G!I{+G)lxkys(Ws
z#6nLkVc-og04BzObOq|4O|VQX*Z{c#1M#z6hom-8N-TJsf^z9PBuP&#*kIcm;QQir
zFumoHg)#_*|K$p>o6_nL3n*B`gFoM5|CkMH9LV9V@z8GAA`aTNnG%jE<uXX%a7qHS
z7d{*c(Zg+^Nnly}D>eEmKSY6A*fIuEfOTN-=TH(vT<%m)`O23JC@b9fGg?hNcp&{<
zGT<Qp1|-f*CHZGf0(;&3GoEBTB+dv}0qYqGBho2<8WKSRWqm}Y)1Lz2@o3=3lr0;o
z-(b;lKw<yoITVt4x4?pwJpqb`oo_<~xGw=phQ;oHPt^HVBtlVeCFN^S5(L9WcmFgP
zBtw4i?B8EmZbE0^oO__P{3hfBJEek8r&AzLm^%$ff&UhC2QEzmu-*uW0iL@B8XVFg
zJe+zP@`af)K*NbUkPUpF@`*a`+#SdgR>}llqwYesaC0W0g1iU$!)Nb9gt%NlWcVHw
z2pc~D823^kcUUzGB65S!gcHS~P{6A(SR9CFI5Y@}F!B~80e7ZDNcd|Oq`-z1#eqc(
zkSU0lSW!HP<UjJE9k6sdv<HsJ1_W=VLkuhc4wR3jL=aIt8VQRf030e2d=7-?T4@0B
z5=T)EAcqGL93bt36EZ-J*^~njI7t*9(7^IBAd(RPCK@~)PUR*i6Zo@5E`?`27zPa}
zfN)Ks6f4Uf^$!+j9z@^(ds7rXNNDgEizNX^$H4(9fFsdVQ1>ksfS}Zy2Pv{)2{=Fq
zg{Q=53R|S*;a)s|&cdnrE7E15wycC9957nBTYwT3=X3$U5zdAfwo(>)Kt@!0VEW_v
zzy<#drUi>+L-Z_^2!{ECLI4cqfSPbm0$4u%LF9s?LV=o}WJ50ShatKxaAzi{KAmzP
zQ`m$9u?d!rgyeuWEnp801RLC&3C6gQ3rvE@iP!?4&V_a@Tf^ZzC;}ef0x08oP%#3F
zp|}|i?#hQE>9FwYYZN0WfSeFuqw94h81FzKbQOU?!tV<qVFXaibRmRAkg%{!5%>-k
zr&>i&geDq^MS;AI0R@395-W*BN=mQtWp8(zQ%p!vGzQHClKsjLSkK@vIMGw0R2XnL
zuq^<K7em|0B+3)_lpj&&KaD8rKIv*0C>%(Xz0<WY9G<dWwHk&7YZ1yW!D<*NIPf?S
z&(^}g%iTa+KqAR&2FB4c11b|RQ<~18UZQO8t|kZuCg4FHUkyV7Jj$l)S{N{AP#*jZ
z1LGq>XA&i2{0*dhK!IHy+L@rR1j?TDYCMqVK>@TDhD2eBl*Qj_JS2)hq-;a2hJn5q
zGIrg-pb({np}~aL%@~bC)4)J^ho|g5t{w!5#t<mmeXC($U_5053;dA();k3e_~#l#
zBpQ#UY)w*r{;>}<5&tiE>vRl)0)CyeFraK*O^+&n5|VOFV)Y<kBZfrTKwb?4(gIOv
zEsTPPUqcY|01=dSBA_ppatUTNJqjLyypAA&x?!*y5p>2AXvGSoidn}rk%*<yF%m;0
z;%UT>0v@q!{XqVI#0r1}B#pRGVAttiq(G!xQCQ6&1&^`~vKB^MXVjpUAkpBFf%Rk8
zxe3@Y1v;T2h$7-hG&2T$(Ky=Kfh#MNjn*~H04Mn~<3AGyeX%$&e_BKwWpi|GXP{3S
zW<X~=<$w-aytT$f@nSrlvOTgI5A-Er{z#C#67?vEAV97`M1i#_o_59<9CjTu7;xkX
z&5Y3)99ZA3r3YYO3APqS20#*JdwUIs7(9}4*@Om0y}m^QL(@tD*eZr{?TQ8uN7-DZ
zfq^TEq7?sI<=eo}*Ut`5Tt7QJiPmL7_yA=j?I7S#m~{gaF#k-BypnW4?4ew}Tgwaq
zw|;g6{QB8}&`M)7fEm)dz=a_q*Tn@ghDg2ow{~D6dcE$5SX#qGV~Du*sw3iQ!#BVq
z;Am_Mz=)KXLY4pDE`cGgOS5PU3AJ8#B<ebREz=|r;%FsE0&cPnhNE2iT<I&kTo7PD
z8SoGA4~&S01F9enGL}|_V7GwQ?Lia)DeiB&%OtSCjA=E4MFQhqhexChH)yb(v64jp
z$x#4^qFf|hGjS{mv(8MgC{XXL!y{0xf6??MVQD=a3lhK@I|e!eaSpRi{a7?eAhZP0
zc-qtt`VzoGh-P3k3Ab)w47lJ)i-*CW$m<b7b-NA`<cf8$b#(|D3sk+19uVs~)nU>2
zl`;O#Q6OSt*Oh!=F|w{210iy~-f>8p+ykVF1LYVk(>U7r1#%P?hr_NjBpg^(tm{l%
zFKRq;y|nOX+Kdh|3ie<60&k|tQ6OT2`g!fZlvJ_GtEkqG!VvMa_CbMBZVOm#ga8J1
zvuR-<eEos_oue=yd(-F`g~MQJOFjy0-M}~up4Q+{IM9`r8IWpe12Gva&A}cW4Tk_m
zTe|{03~hu3Fe0t$z$y<#8(>j*0+O=nvqmxi22#)390d^3v?U*a;b`km03)ocLx>ol
zWST($jJB)<+^wo{S8@~z6nE=5B;r8rMMIE;UYF*<%_Bt0HvO8}0Tr)P9SGvIQ5;1E
zg&bwub#-U32E_jxj8+N&k4S3^VBZk4&SgPBUzf{JXcQ8teQk~cz;!;0LStx)VSt6F
zT=QPTGzv|kTq|D-BjMMDWl+?wvLo_xGC`3*YNhE6F5+TnV>)HZv<V9=j3_f%GcefF
zT$l3zY+bE`CWD1GE!Sv}U)ICc7f--cX>A59zA$Unpnxj?TNf8VXhc%$8jAe?E)hW7
zqFm5iI}-wKUD5%&v9y*BY6kTBiGUi0#()9dnk6Vz|6n=1ZkYgJ=yhcvxJ`{VRscK_
z<wDFFrYXixD?tocG196NgH$H2M+D0yS}B0+xi)VDv0_l*JV3E>P{Ys$POz8+DV>%l
zG;Uo=0U?ssOM$h6m`&Rk6z%JH$B<U)uT?b+1`9ULXgh;|y{<Dz^0YP!!Ygg+0eOq~
z_j2aX9u5|)?^jLkj5~br3B+QDLCYU;aRC=$C^M(rYH`5%lneL<k^uGFK2c*)B{fwN
z0i}*t+ecE{ivbstz&6i5oH__MK)$5CC{<;q|3rano<JN5Xp{yBdizv?u)x&?)qQvZ
oUL9;LfocdvAgSS)z^0YQ8B6yw)Ez4{mH;9K)AsG^x*AOX2Sx6+LI3~&

delta 101401
zcmV(^K-Is;un&%o50FcLNpI^m5WeSE_*}rQxJZ-$Lx9&qZx0C2L(y9opoao|m;U{d
z94;eiNXc#zDzOn@BFhrj@8b-IL%Q0r&A%`IY%2ZNFuqY8-+cf5<>wzZf4jTY=KG&7
z$Jdum?3#_L<gVSk{<it?$~LUoy#DdazGD5B?<?MGAu4G<)cvo2uRpz9USGbAQei^v
zIGs$>Z-q-n*+d$1+1g7{b&&j_s<nhi5Aej%J#p&&J7*&<L0q+9RljZEQoq;rTUNot
z3`#GU&A5gqZ2nBdQb2(&kb};f$zHmOv)anWO6AMIT4qYj4)E^?|4yl9;k?le(zNwX
zgl3VpS=hPP*&R)PwrtNXJu_v!>S8vwfMO5d@QRsAg-@=M`wHJ>E|pfl%sFehNR>x%
zjf<w{yKdA=9Qya5i)H@1UV;7?G!ox)+c5gB^i2s6!5@-1fdYtXC!qj*!<a`KGcRv-
z`wNqV)PHpkb+p+r3mRz(r^Ug1J{lpDn3PgulFaO66MD*jr+g>L#Jc|_C{qhb5XOwW
zuYaZK%xXWLM24LsoiA2eu3p1kJ#aHeWgs~EiuL|^`+a1+9?Y2;bo@tYZ-fW7aa>3Z
z30*}Ow>V&)^3f^zHsqavdyc#no2o}kUTC<embF17ojqj9in)i#%i&UADN9Cem003$
z72MWp-Ey~o3ktmRbhoBX<K8|%CP^xDrnKQo7QZ;up7QI-#SEMva)yC*+a%N{<b578
zFj~G0zK?7&=5ipY=Nnk`pgAu<RQvK(6Vay1jV9(+=R$&z!Wr&vEn}}hbvZD>9c7IP
z4sUV}@3Q3lgDauuLu8GMckpMIYtT&ZuHUB6+3VSVZjN1A=JZ=y)h#7jcnO};Z-p;`
zUlJzG945BhdncsjV83m>om>Nzu049+(~QTN@O+LyQm&B2EnNv>ouc+;$4X%xy&b4|
z_|E3R+f>&G&Fe&47w5%S;Yf}ZlZKyTMXly_4!T@w07m=I0I>7$aW5T4T(T26^Cmw;
z=t0td;VTUKW6aOv-_aDKU&Hw@BI#S&or1SJPB&n2cz+G~QKXr4;T&nC$f**3jL2`m
z396BO8h9)!sYm5F%2G%*jiCJ9(d$e_brFE-(S3*>7vwg9XBE&AmGCrB4g=lO#uD;#
zKS&OA3VgLdpQI?%Fhe1#Ig5jDUGV)dE=>A=V$UyGF6dEkJpN$<)NYMOVk1J%m@Pr6
zFol2?J%<{N0O_<*WopVtDva~KbC(*L@L$4UkCa)^IDllChA(f;Di_rP<-zxqrM1cg
z7IREuaxx48lc4BvRstX&S?0i(Cd~02>7r5O6a<Xq==LG$BUds}tn!`sluvmx*>h}v
zouGWruQ|5Lu1n}W#MUu!MHO_*1&pbIHuHQ1BMkVfMxU*=vgyXTRG1t^?a4W0qwu?f
zc~0Id=*nxHf$p};PEJ<c1xLkKL4(%8Dd@6|)^6t<33wSVxp*%+V<S?{T^?O)kV_Fh
zZNa_B&T?d1&+8+&ywx?3x3;1O;OK#Wf>V%)1H(DLq#RzMeD;O6HUULtT9s<5^2m5(
z`S$kQw2${fX8EJ4g&G3QmxOgVtKKb_(o3tfTX%LMqyn3oz6pE?D>Z%$zrmU8xE0Ce
znH5Rqr+W9XOR}9J8?rpY9!JhoW70u$)To<<szo%nsg|j8ckIb>t|=bOle9K}xzj5k
z&AKmD#qwSGlpjx=clR_*p*BZ9jnIXfNkq-0de4Q%g$9S2$T4Sp<rz69WHMf_+qGoD
z%XjlrehvzibF6c-z(j)AP)#IP(}At}?VPfVlP_!ijaO={3*B=KmXW}-&JJ!3Nn&4N
zP?A$7vulOii_w{IMJq|z0eKvMJMeAM;4>^@;WaQQHySt4N>tu3ol(;)=Uh-K(Zc1S
z|G7w#hd$N7R?DzF^ckN}23dq?vLu32n>+2|*YStgzA^koL?<10fDEJ&hdv-M=R|`T
zqEXxe;z=e*u2W<alt<hn$ikGN`rT6IoTZHD+6mQwGElM6D$;yx0&UfQ8RUjh812hA
z`7e#@8SYD3#Vp~W){QW!i<;^Z6<uw2{8=gnzdCYqNF4oum%(D_gg6FYwxk1E;jxq3
z_=d9Pkf}{UoRKoR_zfyq4|}2uWlQ(q`yo0DLb50ZK|EOl0AVW<<2IBfnk?et`-@mB
zpitws|H;Anh~(B@v9XkYE>zidstZW=Q85{$xd#zYIveVk)KI)Ov368d%a2`;Cf8sA
zz3uo<;%W)?nl3y3lVQ$!Xp`7v`Tudl(VB+<GwccoKD*>z>3Ua_6)6w2r~G16&XbVB
z;1Uwna$f(TOE<j+54S)z$<P{MnqXayqExhg&JarOsH+l{C=ZW+r(A<v2RkW%T8CPb
zXQ!MV1cBIzS7VLOd%V|tye>=b9!U7Y?}}iZ_ishh*xw$<cDrduu&ZNOk&J~LEt5%X
zc)yd2L-H=sBWr-)2V$9O0jp{9N4N++J;MMm+Fa43D#lv@^yZ;8fXl*wQyd-^rog9>
z?zt@thzv1s|C6qNUEc9sOSVt>;q$Y|HPGg*2u1<H66}&E7@M9e00e_py8l=N8(fJZ
zLLCJ(?D5!cqANiYOlc*n$T*u1__Lf#FU1RCc6d<LDv!5EmTO?p2hx$k-vT=FZhB(C
zgpPMGQ{G~+Er=)G+6<dJf`{5fEz2YHDc3w6Wa&l%Y6;zc+UZ9A1l^D$<800@jQdP$
zWO+LOhFOGR-Z)gVN^=m75R6h-+J`qnP=PcvCk9*2XD3eFC{*``JEdsuoQIUD>)Szw
zz3+n%1(cvGNirg#+0|sbmxttMR8)CdP|a*<k?bF!MKj&>PtyW96K<ph%+41DH%tR{
z{x_I?P)`DX&N05HjU+`eN8wB%C`iZ;O(7-nP{x#KXUZvNDs_q}O0kshBDK9fJF(Qy
zWHC@rcdh3QazAh-4F51R+4bqT_?^TstIfe@R5{8I5>NS<veZCMk-)lw^X@Y)h|>$u
zK#l?x?%bGT?wZwADSC5Gv+%xN-ni(MZSG(wyqIc#N4kSM-4yM%j5`_fv5s7|i5i!O
z&11?nT0|5)mJo>(hZjU54b7miEN~bc7Ztq4%be24l#2UA>tIf()TvR~Z97yw$^+#o
zKNSh{45JWc8I~NmfngPK;J_u&YVJ&sC2{mue?)Is<3qs+Ha!%8FdyzupUOte<&yz+
z&9L5oV*DEc41SOzsql=`gKD?D+V$@CJNK;Cb{wH{Espi|Dy0wPAJsDp_{TcpIE2e+
z&W|*lK?@Eg9UR3gg8mvDY%n;f4Xx+Lc;suGA<mx!Vkes9o}Iy&9i!PY9Qu(R33NSh
z3T7xsj|Iv85VhGhOtouy7JLo4oE2m*EMY}|OB`~5Sb;XDN&Blg0fq?cb0-tPgA#|Z
z#ocVf--byBj!$>ACD%u*U5)E?tJcxuzaZNs1i{AeSr@$?>z_7HJ7buW$rgv%I^`NP
z(c7vnviFyev>}dLh$O|6v-FR#jLGLFSm^BDu|YT!=FOBDa;UPE$Ier(U#@|!w~&`_
z0=iL;GuyveO&rz`X^GYmPL6NGDIa!*q<<kzD5La<tjhQEQ+{^225!D9wJF{#ptdqU
zOE`){HwLl|Mu&Zj<IiAFC-)@Qm5Cmhq-)-w&x5HMH^2HhEl3PFbmL0WV1_oJk{CC^
zx6Ob4RXfI$;V%;mGaxV^Z(?c+GB-Fflcozlf2~?ckL$(}zR$1V*?^SZ*d&3008tVR
z<mP0693Fgf>;Q%xAn)S8?^=4PUPx(PJOfA+*<D>-_0`%`XFdG!_P;^Fzt?7%7BhVP
z`R!ld4gY;p=h?&GP=9~@&)Z}Mt<~8M&d-B38m_+nJpA(A{sUe@;pFuLhQYd%a_4#Y
zfB5(Cw+&|b;p3NgrIopS{QCCzc>AH6GLPr6Gv&*>vX_&2R}TJ1<u7nKsTsc(x_?!x
za+e=J{@x=>eE3P7eIlxfs8$#KZYKCp8-6(WI!*7u-N_+k_*nV=4A<JzQX|~axOf_K
z#W6haa++~E3^q87XAo_o$#*S2w=|#bf7%BQ$jjjh#w1ckhoLZX#19;)>867PeV}4)
zNZZ7H!1Y|NOT?R-BvHJmdF8uK-hqt*g<IyFNzkPmFQ+I5WYCx}$z=hTJI7~1nlOar
zp18`p7uyoUNa#Vn=2-EghtEp!*T|OKj7GY1=8iN{tJE^z*9??hISN@5fM`V?e?5z3
zR|e3S2Iq15QG<s#aVmq4DB1NA6b9ldB&jFBYNo%2#kG~v4!}sVbv&a%1mDO&r7OA_
zWfNt`AYtlx77K5w%p-3@uUYN)OR>YGdK|W-#Zj!zhh+~@;B;gD$70l(@U8{j^WKA|
zRtYNLZ9*Rv<e%g#M79d!t#!@Ne<zu3dGZ`hv5>|lQB`b808q?g`DP;mizuu<DH+Ho
zK%w{1D=jGWvj$NaBb=18<PM4f5p<>P;uf|-rEwFL>BBXMVJQH{M943xmz;r_8fQ?m
z$_l=wO}fl`($rXqdoJx(ZX(~zu7qK7tvo>u0@m3UBhbl7w~{f&q2RNQf9u$9m1yg3
zEc>lQ@S67pqRac5N`V@|?=|`~a8y;u41s18fkU{66Ja2NDLt2qOAH@^LYu}nRM9_U
z?J)eyaAHt<_I|kXINR1MwJw8wuTRD)?fRM=#Y3>e0~?7QMwTglWUDHEC%-MQ7-D~P
zq-Z630SQM`)SZa{PZBKye^<c1Fr3=^<-jU@q;ViZGol<VUSYn7R+5ZZCT0no(d*?U
zf@@r#IF->al~Z}Qw>rT+k4i5-P8%V?ZKr(+JDD>Z6MMfo<$?TJ`%9jeA{XN@Mt<5w
zn7t#Jlx4ES1t4$@hq4Rm3h1FPyl+y3(#%!V-Wr&YoC+yw5)0G^e_0ei{r-kI`X7bB
z{_*{r8cyoG48IS?jPRU({5JfvQHE9e?7CtFGxP=4tBj|zi#CIL0>qtEpa`5IKM?*z
z_-5fd06xI)Bl}5_L$fw>_~i^8V$>l-N7pzSqQN^~pVci*jw&i5c-UqOos=WT)mjt5
zIUQPUVYC8rqTq43f50=3OAxBiu_cJE2?vzR1_xRsFHL3@wD4Ed0=2Sv#i>-uD~=vO
zD<)J<Tkyi-P7zFu1g%OoaPA|`;A!9JN@Ma?rhzYb?F{;+gf3F2L;Y*rcn4YOl5Aw+
zAB&-?1Y_K8Ri^VT!YFoiD!0|i6XnwVY)xkQby+c8miMQ~f4Ch=&`lQnZ`shfA2)Q`
zDPIsxz{ILH<ji6##>Hk1wRhru&BORf?)U)bo<x;yK+vi>Ld7=D26BJbe9MhFY-B|)
z9dmg{x2(Bk^)k7IHr*iyfnZMZCw`GOZ55RfzNZW5^Q!0gfB=NPmE=IC>hTwkz5=E7
zSYv8wecl*je@6rlCvjwTA)o7e@!GQp0Ht`xi3g);lYIq(`I7v85jV6?WyDqmrLMnt
zk=$pJ!G2s3dHs%<?V_H_ISSAs(jz~qd&dz!rQDtRBE?nfQRwzA>gOb%s;)NA9ij!W
zHV*NViYmHjRZsO<=ST)hCXlE~B}=6C;Ske_II1sae@Xp7a&7ao(~$a15KT7FtIflj
zcT8U>hw=Dfb9#D9GLy+dE~MDfQl%WZKX&AHKJ17WjMjNhx9p1cu8a0x=1Mj__v9{0
zPY1C|&PfgmOA+az1em76h-C*;B;F$E)djrF^g5lMZYun0TGAH4TC&|w&~^nS(2!d}
zHt$FFf0a_AFS@W>wBtjF__lX0x|a<1H6=>9$4@MAc~}?y5I}4KzEEAA%cP1{H08vm
z8)U8`)pAu*{keSm)i!tQPNcU=I(NDMC7M}tW!>3~*!sy2IJCw`cKwYbKpWv~bqB4*
z89>N8vnY#_?GOlK+dglyO>r<qE|Hwco^R8;e_QIg8>*+0U%90Lu(747ty97H|D+9B
zv)Nfgkmf_klzfYrchIuO%?D%97rlRAQS^xH<j$rm_*a`myr&1VQ#FWUN|OcPq&H#d
zkmMeMSUIvL2?IL~9=VUF9UeU{o&HYQJ0m>WwvW$YI5$cranfW{ZY!FS;y7wL3JNTM
ze-ho0P%yl2xhN*`^qcU_aG!(j0lfzA8mbv-C_A4u!&4`M>@;T%rM<3M7Qzc%GYbmX
z?V1@#0Bu*G+%=PJsXDw=XB9gKoVJi>KCjZ<tj|4-sv?YsX>74a>u6m}j$Z4~=b83c
zKpeKM<u;nmxRl$LtV#HxHujuk&(`mxe=mCpYIAC<izT`(I$;4<naFKVi>4=DbgI>=
zw^Zk(<fq7I>IP?q5_>n91HN$5@B({>x>s}WrGdDYqCvFeP}4sb6RCv2M}6qtoNTlj
z?j_x^S>Lp5i!y2_6pAA)k)ba!UX+3C^z6lhoh-L^%;Os0;+9MKvO#z^q<IOUf9gj>
z3022OPxNb+_TWv4lUn%4UncJ)Hv}@c^ZBFnWTHTjvaV0k9{sblx<Ku{cMx=5oZ%g1
zxi4;P*OSN!LOAZCvlG-?=`0yaR_M{oKG9Oj=TB5Qb&k=<U&S3a?>fvvhxyz_H2>=m
zbzDdrKb|M%z=iWa>=!Bvi(B{}f8pOMuRuC#hVNykSIWffC|-UG+aYgkq@kCEu9<fk
zbP)E9fxI9wsJ@*+BBrLZtB6HH_!{1%Zt4!-5BR-lrL|Vr>(uaEJ3XRj)*g^z^^84C
zb%kmP#_B6Te$zL&x@)iS-++yb_-=@SOU-xgK;fn)1Jck7q-`Ty17!oSe>NjzWCx7v
z#np@(4@>|cfiQn=acMJ^OPd*3U1)KWm`S5GJ~6<+Y%~bK5(SNH!ZVyr^fhhVEb0au
z$60vinB_V3kR{8?2L^~~b2Z>B%+1`*1OD&u+nWug!fe4OD%B`&6)ilG+#OP}nwVIS
zMWC@Lcw!N0>Iq}x2svd3e*`Ee+%4^TL<ZmriCXJmH>1_S1{4qm;pYGvmH-1YElUvR
zX=dn<0cZ9Z0FvG)A_w>YHK9sw+Gos=@+NCgE-$d=m^Ro<p!i8<O>$8kX|dw2#u+dl
zyn{xPz)jdhhQFE3fL4WwM#TfW_zg-%{Y;jg9<r}}%|4*zMplfHL?wg;1M+B{NB)hf
z!K%(keSuJERllizR(j9HjmqOo!!=!;*5_lS_kB8ysQh-?lZO9jCJ;=IL}+xRc|Qz)
z0_9$|@0W4r0ThxJ2m>}TFp~=wL4V6`>^2hJ`zv}Kz#SGzkrH4uAoXK0y8s5V7-W~Z
z1I%K8+)aLe&Z&|pN@}TnC$V9<#Yfet2aAVncb3ziZ-1N|ev|l9?)>TdzutcR>Ga<>
zcWx7YPV4{Q|NWNz$+yipo?>cGF~oC&S*LG5u|r&YZndNB&S`G{u?YsrQGeO+`Ih6k
zJ7pdB`TObTN5rJl=eG|RTy(*=&b!tn*GZD>GFp8IAxbMv5SK!9t;Z0wIP_(A<*X2W
zcF8x>9PML!<2+l@C(_~RFQ5N;yMMm@@(fh!nsfd;LE(Az-CqRN`VFXC@SIGWAqr1@
zZy?NjC#{MFV5&ufmqs3w0e|@4Ndth|;j(nTJyf3<$EA9&zrB07JH*`O?r-=nrfhn5
zJ>HT$(0&abfbNHCnzW}zda4O|sV20r8FGW*@7RGcAVZ&vzSg3FI7`;}!DTK(!7J3k
z?TVJ#Isb=f$yi|v(f+}}$tvWMRUiZVI27pOM&N`_GXp|By~!N$oquK)p2!b}&xy$0
zLk6K`B?=-kgkBhS0x=nCA=CW`PSeRbtl(Vd)HOho!=OMYa+A1fGtvW~BxocL73OxM
z@D4ZLATmLfF2t>B$+W2`DRv&JO3m57Sh7*0m$5Km1?vdhTwI5iP6(tdS^#Qkeek-*
zG&~_O^#RboaCPH1aDV*zR|W{YR|*Lw(RR36D+_$(Tm)of!=bv+VI$gA7alH0r=Kcy
zwQzNK)`ZIh!jydBaGzeQR0n@erDc5kLaBsTDzOH>s4@s6&#1pp>fB4$c3)NMI^BZO
zvC7ycJQqr_&8cWx9CIF`1vN_2xH1Q>NtEyIP<#%1;@8NnIDbT2BwUkR3O9^M;|k@L
zgiMauu;m)AcnYhPyG7eEvOmn+nB1C__^2*JT+CLiS(1!owb$%)9q5N{QZFn8Rm#sw
zx<(^e{qe+mWtq@IAA_lHoH;mYl8j};3Zj%UAywh<T(u8YZ$?;K8v2cu4)0gOpG?z2
zv(R~HhL^P&P=Az^3C-&7PO}1^dT!EqBe=*>e4`nQ%^Vw#WF3FgC9ff$({+x(m|=2E
zTR_Nm_=Jx!qOwsei5dI=ayPZ8C;BjY0>nW3xi{dQRN+DM>bcTJ#_c-7O+hOsdLP^-
zT>=M;M?eGUU9;Vm%y;mP`Hm3DGYzE2PU-mMsAKXIK!4v>;up@A+SwD$H8o5`(XD|>
zur|Up53LOYd8inKZbdhi(Wf%G8!4JN^;EJf#&{pN*&;Y#(TB=F@t%^U6+6}yHm6bq
z@q_>Gu3^p}CsY8{+o|_RsNL9T9sB_+Ey;c)2rm;1yw7g}(Q@eljOIIw*StspIJ)~H
zRN5L^cYmKVXN2B+7I{iT5p;dT7*wQ@oJn&83`}YbY^NOF$eYNS5V*pjtSGYhi-p!m
zN>_7aJ7vv`a-S!8@CT3bKh_K!WWguC{S)WEi~n%(^4=ocm-qqd^NxncMLyiXM|*ik
zYsap>G_qUJlWmfCy!$JAI7aR|AVQRcY6Lz}R)6LYedqa+Z(f^J^VIPu!cBLDaG3Or
z*i34?bYp`F(rL&rYYKcBY^cm8MitZWp~L4MSZ5YY3e3EwR=dTfhM1_X*k!umi^-tk
zT)-;;D)V*jjKW<nzkU8=KdM1CQAHk%+ABwz*lY?);|ReluR<^s^=AHUGS}=0>)1w+
z6Mu8>FdH?-#vImLL&>o!Rkkz7P^^ZV&_#Ci_2BooO<lY%N61qvD=*ln-XbtSov*UL
zIPMwPdS102{2bqQ$18^s#!*?;5iU7Wt;ou-$@ce6(k&KAUs7TysAf=Q<quO@SLML0
z3MDOU6-*i@QJW<ElJiYrQ(DcJkIN!2zJKO|DnG9Cy1ma@#`0m7a5PfAjEl4Vs?J7f
z=@6`dIwMzU7&UXM6ddh~by2BYw5TM9+2H(kz30iJCEgZgjZt5(F+Z)s+2F~%I&vlS
zr6exPA#9tIWDd`!#8;B)42*L$@C-xc`*Gx08O*2kR$|#!&3;mFEFLu?g)58gO@E<P
z&R=_>%I&^hN$YtL#Of$u*q+yicYjr4Qdq#a*9X0ZN;2M?8av>fiFDH?C;ND&u+s?m
zRHxh^D<_Lm&aBES0_HR-UyoK^W>!Hh(@EoqGe};a=(1f2D<C}#DH)OZs!kaefKiE?
z&a#W^9x$Uu&*h%Xi&q07jg&`6>3?N`p4XI_T`8Fd@bSh<M;(GrYqD%!Y4OKPONuP_
z+yxq$RyNa?kubBS!>9QdzRh8}a2O>lW5Zi=&`CX79fED#`hH-gzL7B%?7nh5t?|68
zEY~*`T@2)}8Ur$0lFh*L-*~PDm1IdfritR?=9ZwJuE=Vkd$~xkyfb0Ykbf8*k0+ux
zVyjz1z4hElD5qw(vtj1%L*OE7;N`eJ$bIzT6R+t(!_VI_F#qgMVd=N1*C7Rh!<md1
zDnbxAyo_HC;Rz@>Og;N@2*aKu#TjKR2H{F7HDj0^yJLI|JJ#>tz;i+_=cclc1n$Nm
zu@H+E=GD8qvFgcQxr0k_7$)Dy{qVyMjz+kbJpod2yQ$Le>GYXjw>=R-tf4B+znuOD
zVBqWrli@EDlm8tG0yH<13m!v%OONC>4!-xV@Hs$NM2eDZpiw~CRTUt&Bn{*c<g~l9
zz+$t&=90f3QnDmUesm`@h4I+3BvO2Qe0a<ShCg2ZKN$Xbz#&XH{Qj?(pT8OY_hK%i
z=RZUL@9+P92{?E^U1%Ub4$fR0FB-mlb2y#|7+E^M^DL$s0QmL$KZkFBpEQ6O-oL!j
zE&s0X|9N@5zx=Sb(2tG@Gz;+t4km-fn*h!%#=>Y2Jc0>`;4B!#$xJ-QW8izR{0@TU
zJDe=91H-G)+~uCf0`G*flCL4I=Vzh8`+AUfhM&9<DwE7&iots0PZ{TH$9US1x0~T1
zZ1G<QV`SS!l5uk$a~30iYw?&CB5}VScmmI}$V?<6sIoImjdeDFFkz8a)d0xfi``WX
zPuu4dZ%oUh2<Ztom^Bwwv<Js0JMQml9;X5$y7;sJnPpz^%NyRW^u~nX%{=)6{`!jP
zmiU(549XS8Jb~pBCr`Z0jB&>E`Wj>&Pn%g>{L<B((sGp1Q7_?t=QJUtS29X*ll38P
zlvYoL_}ucD_bppuz2&L--O5VbQOLpEoNX%OQ{5vn8!1^im|P59U&p*iowTfYT_q`O
z6~2z9m!l*qV?8dGlj8N)_wRQNzy~%&rB9pn$s~Ali1Ot_B^5+wL}}{n?PzZY;WF*m
zifnXdT-NZlHLi4j6eWFEj;4fTmuz!9zEqXO+oGuhD_y0j%rP3`l#W=8wrVc%5Ykef
zx%3v2?Uos{@_g@9oGmj8Qr_FK_y8`^!n9SAz002JD9TurVecNr)Uztf$OqckU9*(*
ziJs*pRu7(&*=Od{{Q2CW59}sc0k{ps7~*Yc>-mx3q#cWY35Lu<gc?_8Z`sYh0*`d?
zDLZO>OnR`%jbFiMk(}^SHE{qNE77I8DP1QGKpONSgebl2NwtjNo>lLhBWR_64Mwh3
zMlH;5U@C?OWdl*X<GBeK*Z@I1gboy#F^}VPGJy<(MYp}TRcXYrRazQki+d<ERT|Pl
zR!(wDT=eRHOS6|YW;GL*BFH3t<s{lz3nx{y3aB*CSvo5q?uW{H_7r9m#iX4W+`#Jn
zwUBHHY{`Jr%Y;xFHI(E-x$HV%O&@wYt0Fx!7B~7WUVI%UY_Ro{zP(hFc<k+ymL!Kz
zCVTEbjgFN4*Z6dDhHCr0|KwF=zopEF3TR0shk$K=C(~-6CK0o2A8DTF3Iv98g<U09
z^Qh>&9&0%_39{Qn!l~c{jq9c3YQNlqSh3I5DA$QWA@0U}$6`8LdusAGK4bCbTUtBQ
z+<V-u`0lNNkDIa&1ru{iO<7&$rVRxf_NHr-wX2+~?otBUMq(6qb_yU?PyA3~ALtgR
zODH9OOUf!isy!xS`Cn(aFoVD~BB!c6wn#MzQoK1Mh23;m62<Llnm8?PO~*dFh*4_<
zsa9Kbt>~!T`oqMNI)pEB2^+{SZmQs>1G6ptt@aE36ba_m{8qI>RAmfd>Kr9tVLfp>
z)+-gy13t0))7L3A%}P)FhM(Xm)vyHwsnB_U?I_R8<C*&7wPD1PER=qOWkZ%~n@0?@
z70e>+@n~d-w+=jJ<2xQdCF4T2vT|Pc_kO2j7zbTPCh{6PD=19^0K4GBQq!V<)SzH-
zU6401e03;o3p{8a$xORPjyJ!<4evBFF@XC4w`k~q-N>YQg6Na?h}Y%x%#07%ZL&mv
zgE;veu?2pAM-ppD`bJ!&Q-upcYzU#bnVC^;B9|o1h8M(Il6CO=XrktEUJDZths9Qw
zPg$DCigQ5Jp%5j{W(cW$#-q}k0y1aY+tKy;wY#?Et4cMR)Rq#AsC=pxk_{{ga+nAj
zUhpj4uP_1?Q9RQv^KgS#xp`89;aLQK$?2!diGBq%+TfuAvrxj}2gLhGT+jZOD`kb7
zw<7H>YfQ1>1N5|vCUD~B9s}D3z-(`T3|?p#z7OJ6HrO%ym|euXEc=*w@(*d@vY6<|
zXA^0{4Uj3nVz-}}$W1^17FcW`PHgyTwxb=1?TRcwgois2zh6WY{GMzOckfw$J!J*Q
z4SF0nJ}rD**d0e{PNOk_?mYUGMlwr^Kpd1})Q}D<NVD49ij*YMAUlP?zpMzc3me<m
z0t~$N)V0|+dptotuYK@I4GAI#`LQ%uW`Yy;DSd2V4P9o9yc|tpj%6U=Q0JAyD+~`f
z;3T;<l2AQF@W>f*^3#D1AL`hDkfMIbMvxcH9U2nr`hLXSh#WdT#obsML!aR;N;2A<
zSdu;Aj_vQ%$kDkhmYNe*5bRsnXYI79R$7Ne6|f<bCR&TCd#b1&spdRdPm;p!F|7*6
z&-8gzKcQk()B4iQ7M(gq&?>!#gr~ZJssNfGlCChVJG#eYn+Dg~_J?PGgZxijLan9t
zZfi{UZ$7B3KFayKHtiW|GgjoBx9fK2TA;5Px}KmiITgI;*6diK-P|O+c;uivA$@y8
z8ABWJo9578=|i4%>-vVptFAq(e79Z5-B!(+ebuIr7WOBlvTuG-CEFN%aRw&e=p6mV
zDRsT1N<L{i;<zSD<;u)|?SGm|0=B8?@><i8Lvw&UQFQ}j`38lDv}c72S~)2V-F4Zm
zYgUTL0rqRoqz?71ObwFigm!%E&gl9LajA+QRUIoLpnK8Mq4}&#rtVr{;K*#WZXs$H
z2Bpz|{Kiqu4}Uaz|M9yQGrUT7>o-p4M~-sw;lIOA`+xvb*ciuuN!O}x7^@62y=%S#
zW#mx)m76olOZUFj&{i>RI-5U?R3B3n0Mtxhr|lsp%YNf%8WL6xKi{OS3M+Z}+Q#ZS
z<D2j_A9O~KAa`SzR2yKmD@$d?Stx+fZbHF9r=?N9w*Jlq3q~JCy3(&di+8&+u23^6
z7(H*>vBvlMJ5nfar~ggCnfMbz?)Gp!i=3HHQr}9hE;%+QyQV9qQz^~K<9g?6mxu2m
z_K4)aj=1$diFl&3L@$)Yyykg=BGwmR?4Q%OT{!#_Zak;7n|)=6eLfuLz<!UBodWxa
zCJK)1ZLxl5F6(|6{sbJI#;ud#FBFqbCkg^LGm}~;L4U1UORM8H6yD!ok@Y}Q9Z8mK
z2!S|>7u^k9=%RGjnL-zZ&Zd9A=b^{3Wjnc-A<Ru8OXsccd{V}o;PBtuzXyY_0QL|E
zd-(C~?YA$7e`xe%gN?p<|MAz``2H3xE{-Og;^F<z!!MIPfIqx{|NU(4=5{#(z1zzl
z@4vo1-hbb|J{31~r*2gobQhF$HRC0mK?Dyt0)y!wT#oi^Ce(w&aKHF7Sa{$7PoDUx
zm#5ayHw!G_hL4RbzNaCNt9t&_7ae9qEnd8__7c+?aC5hO`KKZiVvi1GS8R$*(r#xT
zVP71WenTFHhFrLkHzS9D<qd4)zzRAZ4rbzS7JnbhoNF4V5$kPdoDBf<SZ4amG0J=q
zLGe*bB)}Y4vnl*??30L|v_zg&=b}=csAbVa7|n8OaX=pMGTYC>#xEWJ0IHOL<K?4R
zCvjo_j-HYlXn>vUd4$K&B=n-sf7Bp;^b!$#7So!6##r{4Wczb^bgj$BtX=|SWgZqM
zaDQ!jDhXd|vyO_gBu^<Ec`JzRHyXCK6lrnfR_4p-RO~@fo-zZ;v8DU6d$ij&DVvH1
zwBgDZTYY^cK$iBbJmE=HB<Yc;R8v_oJ3;9{MKyyY6}{Z82Om#%Q4cVQJ>K|aJx5}a
zNQxDpA}(p?Nh*y_Oe)q$jIVhTT+=?tPk-2jD;0FCSvaONNG$wzaVIo@;pD^{FW#Kp
zWD!0gxIllsxxD|qv)**`)y5j@CWzL01D%aFLV(^)&db=Yv~DnYug&F|o7iNc1qTML
zG6?w=Fy0a2d%$lvPFmWT`x;|Fd|cD$Es*sVy@2rC@<6rG$f1{72h^+hUs~%tVt=t(
z+vT-@D;?HThp31in%)f5y3CEB1sh^84}A4J67W6n_!a*~Gl2oXHCM1S1`eOzc(%i0
z*|A1E!TRnO*7WiMj4pJjBd|2YdK^PNY#&AmpGL8TGz06y?>EU3+BL8*H}Z^UIv}Y5
z->)L?xpmIv?$uZq(UOQda5J*j4u3}6%ez^_>bGmz$2$68{*6Bk%YEehOFM~S#m8<5
zDvaf7FQ@H)d>K0vLMyCJJVyXAQ52V^(jt4K`40uL(#`~%h#KUEG&6}ow%~27MmL!D
zf<d`&i0ZMl&FbH><rD~f8X3&0>MJkVa(jWJdEdRt(eAHsv^9Cc(U`!@Sbq)^8k6Xa
zt)yrWj)M!Xn$dOS@i8sKN)cWqluSLqVD$OpSaqTNZiV<U8__J0g?dppC?U)!g{KY4
zR1$bC%CN@vny&}nHeczi;|dp1g+Z9KNV06D#F#kK$4$ocQz?@Vuam=AYd4XTrMv}S
zSg?Z6kOJ(kxdl`(BWi<Ch<~l!*{5yQ_2Kk0iGjoHuL3oKG=ezVgam-zu^q){vbwm0
z>fEZeJoFK9&=G*+sJS@{16n>%n=^sI{mI;YE4({}_15zlpKL?pGL50EQOm}6ltr}Z
znJiezT#`nV1X&d~`C)}(5s(4CP#$guOql~ZJ#_<(TP%qm-wxlutbcTOn(eCU+}q&}
z4-6?P#GqK~tlu!*#sT#-rgJBMX7p+h%qkOIgduSR3^KA9`n-_ac<Iet_R>$=*?@ne
z?a|wT&(ru9?mTV*;Sb-hI0HX##saOOShgO_qVdf3HYT>;;L6T_qReb;7;}~M6lQoa
z#wQz8x`CU@c}Z~vn1AHR{-7_eLlktToWvZXqN6@`XZqy%`hrk8lOuiHPJN>sIECXl
z#iY8-LDnExotejST%L8MdSv$ENEAKlU_D8{DA2!h{N24NkiN!Jhr)MsQ>#toD$2&o
za4yGL3gV4B9W_o+r`&OVE28fNn242#lo%;T_By|{1+`1Am4C1ETZh%y7JhoGNBw$p
zlBSh|xNh`O@x(STe6_JnS0Ueb%&umRv&i$(nCZlf9>jdpk=>J6MoNbw%l>gm1(ezQ
zs7$?GmJY8lk740;(JK>mftO0j7hRyDw{}faIa1OMRhcbSsBWhGvvL5}Z2cT7v85)B
z%RH`Z9|?8#ihs{O>8430FZMCn%>Yr$8D_lmT6tpK>*+{VH|R{@9*p?K0i{H?u54<5
zs+P?*d(zz85>?2VG__2JrIg%BW|V?g08p(+VOAG!i40q{sK!`9pkyt(wwHAn`aKZP
zf@|T`!3`A87lhdecdw|hgD};*6sD+*$k&~p=sRZr{(lj|(8NHFK(fs@JXK}Xf^nUz
z&);ihVuy0*DR`AOb`26WF8XHc;UzyHL3HB^;lmdc`+ILz;JzZNsh6yaZj(=n>Q;Su
z+Nw}856wz=OH)~Z>{|ETO>fsV!1iirH~mr_DW*lE1V%yd7Ee$y;Vu4H;>{~W!HwmL
z>0Z*VaeqoTJ#~OzTr;ViSO-@?WDYf{Rtf=_;p0##!B8ygOIa5%IOe^o*ntvL`G$HV
zw`Rq)mLKg_0v;BcjUJc3X5@s{t=(p(-X`SVscP9&9?|rSS=C9}Du-xpD@MJyG-*nN
zWmcb+YarhFCbg=2>fb{inTce!r66p^d8*H^-+%C=O|yQ#<3WgA`6Wv266H&+{SW+l
zwp#->v@~Zm+)J=l(5R?(6aEbxEFwOE7j+{pNsuax{jySfd&yd#iucNYza+J)?ak9X
zI}?Pqxv&2!+Ys#!qdh>g$3O5J?q<C<MOd=7T7<XSWjD^xrGcnJh?25MnEti3^j}Q%
zW=X+`d{uzWouvZN?Eee<C$`tcj#Rl&qPhIefnNMq3MIBPbhFvWJzKYNQ_+Dvg*8J|
zedl($rIXLTYa+;2r*3n<9{vZqhM7H+;V&KnFgKF{FhhS!t1Pz>-k)DFYr{-bC8^a7
z!@xWP**Q6oMaU|#1I7;IZv6LC54BWMKjzp8m)oZwQmNjm`ZVqYhhIPbb8z%;06e4#
z58r<H`0ICvf9JRE6dg>%;oHAHZl53EMw*e_bQ%ty|2+KRg$IDc=Z}9oW4gfEjhADX
zuks>XrZa!aGeW-7r{QwMGawCsr+e|Z8(;1`LSD;c9gvjrs|;{geyt=Xx>dq*>mpw!
zS^~y0Dd+%QR6goze77?9XeS5y4l|*fu#;E5IU}$Ty|!}93Mu0H%ill$^zr=s_?}b?
zqFgvwh5qB04@ZA~ZS?-<KYqBw(VeElF9)1}2FriL&xgMV9T}R9laRg+Q>1Ha8*r?q
zGz(2eIgV$C!sX+V`6vG5!t%%`mE~HcL{`{cRdY=G3`xzQW>nqi?O4XlIxln7j8P{H
znS3>Krh=_0bd-9>WLaIAnw`by+nsR06c&H2<_0*WqPZZNa}PEqDep!LeVH7YAg+?b
z;X;4hMZ6R9B8IqUVo`xz>dM-PRelZx($jFZGay}#L;eic3n}#lw>&zyYrdPZ%3vOu
z09_tNMkE5SJTlU(7mWGS<5DNnx|uhO%=p#ah{%|kO{8Y4l7%ORKx*i+gwiR|gw?P)
zpk~+NSK=HJhSxT@jg^frlN|DODuLKJqIG{y_IAA!9zv!j=JwgGGPA{xtDhRijf;;p
zc>KMjIF(fV80Y*2TTUPR!#IDc1o9h+vod-r(WD*_7GyUxWBHG5+=O9Us;bplwW2e#
zvf38+9mBicE&8m&?8(d7PQ@uSqh6~<bd!KI8!)pY(FBcjShuCv(ii2V>`8QcRq=mr
zdBahHC5bMKZ``WdD-?1&ep9(DPPR~S>wZRbyN%vDa$OcJ0vVk>n_Rl8bQrdluAANK
z3kHX{$OO7=82yT2vB?1o#&ekFEx6fp!fy^y%_lbSXQMdX_zDwa`@Cn*d#wj<UGmwm
zO?Xk3D{@w+DOF5##*nKCrH}cVFB*RtJ2khwcV1E%*o-`-or=F)XPRZwu1~l{mGZkI
z_P7?Za}M^kI8#~Q>B2aIR)^+AsZEXC%E}x)BzfIiIG5^f(q$yoa8R37seM-Y9Cx$l
ztyx+tIUCUT>fnnqs$aWGEn!sm+){5<DJ;$Eb;cEIbQUX7;k;-4I1Y=9P)&cBgORqv
zT^cbhY1B%$CJ`U`;`s8knYr5bYWCEvZ8WR}>AQTS8m{{TwL-l}EB#dreyzKr^^?+=
z8>!scR4=*~!>M3_=7ikDSpD`~8@BJ=Mn7)1EzIZJrUe3$nU+n<n%p=pE5<#^XOU*!
z*NidDx+uP>QE;oCEzep;X*+*IJL|U4!sL6gy+8Rky;_*2g}nY%>}dT_oCh`L^nFc0
z8;;eilwj`IgRXRT;Lv$ens*qTM{cxXl5XIRlRQUy8r|R~ZUbC-qA&CWFQ87v0|L!L
znmh6{m6)GDZL>ik>svN_;E5jG;DZ~Hc?#f&spRg=oDa$nkxul^%Qt^|zq?H677^Zm
z$G_c0$PZGtjBx5$2!t!#0Q?=FJ`^(U6xffL3@Ph`L?qIyh^O%Y946m>IQ;lsw;GT1
zYs(Sw2VC(HZnPM{V}o0CVS`;^l6pV3Cee`VeOG1(#BNLEF7B}NZ;LG$)+q+|1+_L(
z-|P5_;L$TRZb8XSLsWlFBNzVUE9x8cT^!UsH&<0LoSQL{qRSUg)nz#_Ky1j1hJl=r
zy*yD&P^hr82DeAvkCE)T8Enpm)j%OM@Re2@=`ESb2ljd3g?Pb4QIXbWkY@O4;_&77
zPQtPV?3&kw7>G4LvajuX9gm#WMERoEsU~71B5i^TsXzeH6qkP$6Yv+)&VI2QDqC?|
zb#L{7%f{j>%_{~VWf_@#X=Y?wf&JNWVuh|~MEU=J_d}QI+_bOIwLd$^-`tLuQqSNm
zt95T%A#OLUUH4>5@m)})2(q`w(Y`UKlDeBp3qZRC^44zf4lJIg?p7=HC5Kl0Qu><L
zv%DQjRg}`88cl!QDLc2=;R{MAz)ag=CbdQ^)p`9i^&R}0)*CEoY6)a5RVR9IuL=bY
zSw$Ci%1bLkDaG0*G~7$s{It6D8PyEUi9m67t;l!X1BXTAiS9E1Sd02T6`6Kn1D9Iy
zbycNlpSG<~sah<(X+$1f>)o~D^?TO()v+4iG*CF&W1N41le^&D>j`~i3}-n-FkQC6
z$Z7pWTM~CZ$R5sV9%hU4N01_uS*A#%!h-?k0(bf|1_fO;V(E%13|!_B0>{&Plt0q!
z(;qTj)Foihb-YF<6*l1wNR2Trl7>3CMNw8$u{n$?i9{Z2X4OLvj>EDYy%0-gp3w>j
z@Opy?q$YoAR#Wpjq;2xCI__-^m+ZX}5;M8Xmo*dYuiHXr8^<@H$J+y2?_Q&aeYnYb
zkJ6~EYSF@?HJ{m&$^8_8!7WonQF!eQ+q6%%t9)q@pzy^gx$Ry!2bwe4-QEH;LZlg9
zsn}cblvT_^+-`wpy=q3ugH2K3<sj&p4LaCnvmSrUmJ}CS`C$o1&AZO5nOY}Y8<45d
zn3cQLo*ciTLN~x5j(oRjtOp>gI9F5VNN}yAnY&Iw`$nH3Eb@Lev7=b-S3=|1p6=A0
zTkd)Ty1*bX%sA98d~X2Ay3_{DWwMD0PqUw8Y}}l3XA>7QJ!(n4eaieMuPu+2w~nza
z08)Q(xqbs*PTn;zz%uGZ!c>EXIS*K@nQKXubU!UZEHu9eAffPTjL{=*-Pr6(k0N$1
zVrdya$4UJ)ggvfXRa)SzDhJQTt8`HHSpy{Q3k+3)bpht{3ga04`M<#{O-7<keg2(9
zo1XgLZN%2v7Kbh`NhmHi_d#fw(jv0u%vXPp47}>?IOLZ%e)%l5uZ>9abCn?%LmC@H
zlWw;*xD6&1Z-im$p*#QblXo5%5m79FaS(_u`Dft6d`Arp?S_I0M2LurkMP%!aDa!4
z{vLv#Hi3-1HdRMGUiYFX9OwhMfoM;}fpS8X9n*&qCVHE33<ge^LjhHQe~LqMM&f_i
zF<2<*-UDv|sdoeBdggqetI&ftg#%jEu`ZUJC>SNs&b_WKC>>RzK12){Jv@~^=G#Tq
z8iS&A&tT~Ao-^7jdXP@|!4XrXOzT9944hW0{qK5v#~WaewEfmK>j?6n0U!pr@qb`g
zD<P71?E+&doUm`udAsw&W&Rmg|Ew&9!e$(kQK&0f&^_aGgO5mB7}gkB0b#b*#6<hW
z8VTmr8zBDs!+!yb_h}20;V%>mI3O?}Z(?c+GBh@m)Hy<bwOdPzB)Jj3_phk)LYEbi
zQp$v;pq>Wb)^6}&@yXsb7_Y%|*}w0QLXXfhvzPHSlU0?aRD>eFcuFPCaQf}-zbAoz
z2IR?Z^7QTJx4-^y`cJqkPT&6dcKdt-vEo<@;%rZ!|2X~OrB48-&tE=-q(Aji0E?8u
zD5+n<fRPq|EG)um0RRGS?mv#w<8hbIf4x0F-+t`UHk&!?5pAKs;2d|MrIr#YE@1E;
zzT(#)t<WF@Qj&o0tmC47VorONcpcD|fHQ5l27D(M*l50zT7S%(rm^RBC~Gs2oIn`?
z{^3lpDV)F<eO^vhp3Mm)zWes`>6agBf;e*P5riv$itrkhCl>hx4c7tN(ioh-GmBUH
zh~e(i7lkv8RIQx|#frjJV1*T^%LSZ(y;?ip4rp1YQzI2h#*>mn>ZcE(F7iX%E)XtP
zcUj^`ob`2i2ZJnK^an_HUtZqzhsN8|eeK4>>h8bNmvDE3jT=FC-37FNS%kms#}Tnx
zdQPl=_?)!##JeS;3fyFg0zBzOUE=fB4OKLOzskEC;K>umv=W+_7|gd<PW?TQci%&}
z5uUg)$q<!?<6v{lDY}#lFnKV^#wqcV<r8?_+yFNrakeE9Fm`X3_ch$S`>7Us-f;HW
zq&W0%pMM%7LTu626C$KRL@43-(1BVcL<^yRHKdg{(u*s{n-BNSGm1{|PJ+B_;T9r-
zWXmMsCwv7JAOj2tBpRIrAhL#Q01_(iSxTN+OD{6f!S6tYN7O9>iWJMS<_T#NN2et-
z2Ci(;Iw~dM|99al4vcJsSu#L^@ev&xA;y7E1YQj1GcYWhZrnqb76*7&*#q1po8~Nk
z4c43&$5`*%DLv}tZ4-+!xhy-H@jCZ5-vzP2{Q$0#p~Zc>XYj3nAwJy|z+n&RAwNZc
zSy}`vr8BRQ#Xag*%z58SM=MSqvqfDMY_2)Z;B^0|2$C7nXcEv!p*8#$tzBn0b05kr
zOlJ=tmqv?9-$xf!x`HhS>5i19Dqo;~i2%%KG)))Qw2*ye=2--1jyXLp*Mjz082pE?
z%KgLFwaA1PWg7I+I#vdIOT;!exmzgYE6L(X^j}F=!BGkqCBwkvE#m@RDwQ;-!LK&>
zaqB$_X^;n9rwtm(4B1accO8hvDB`*!irLD`oXQg-?)0O?SKs-B$)+Ht1##_vfJX+V
z(@YnC{}pp=bNa2Tx<CK%O`P5ZCey#36gmz|AO3y%%K&M@w(4D6_PN%!ld~k0eziuo
z3LcATnQZwex$H-IhB@>gDRywTra2dPW&{CC<c^1PzD8Dul@gXMOc*ii_hq7Sr6N`h
zdXUE}Sn;`@DB-o^R+Brtdvrd3QuL$bD2+(A9fF<Is3TI8s}+2h2Qroyvw8;DdyWXn
zQb<hd;c2f^m!z>m8x)`d@ITf%un8#_FDWYw(yyd-UIc6=dKYUEoSj)=#WHn6)3<WP
zs!h|(u!_6fkkA5)0=&P%Q$EB)x)G_+6^pCGl)+EP2lAkNEr!q0ER3UnWLb<4Z&|Ce
zEXFQb6r7c_DB)@~|6yoR+NiUvV9>;*PMwm{*jqB4NwS(VJVH+4Jhh*hKv##aY)y$k
zFG~$?Z-foP(vcM6P^E{le*iV5HuP3ZguD-+5NJ-9SQQNHa5V!3q&z}%8)Fq&Rodn>
zGv=6zl^EO*YYSsxy6}5{(e|QkPHjzhJc)anYS?SemvXfffuOfbRFcisUL<*AHwepy
z_-Ew5<OXp}pY>NqZn?^U?6wcMt1`mOTx!tAwInfeoT=ty3Z$lr2zT9xHCLqz=_A3u
z-@fRsa!XnaY36$uT6Ia0lTwdi`gl8rC{<fTRmrAOt7Ui^I6(@3K7DGqxptUE&oXGT
zY1gQ0nF`^Okev0Gm}$B*<lT~2Da!wpEadUth?z?}0HV3fi^?jYHhV|QA^Uq1og<Bt
z(k{s6b9h;EC9*)q**(*9v%3Ut(oC4*3ry^n=7PmmdGV7~Ckyw5Bt<hzpBLil9`cnb
zFQSPa{Y(XO3gbF|wXO;8?ubR=wTv`4?uhI2gq7_Cp1kC!-DGNI>#0bvC%wg7qZH0#
zWS_=0)){BOdd%S5pG!;>O^0tu<BDd+iy$6GX|t5wRaZ#lUDLb>6zq$mU@j5MQ+$>Z
zc_6X&1WRFVjEz?nhHbnM+){DMO=Z@cs@k5joQIngv(9yYt~f%}vNq8)<a=8gF6(}U
zb8;}x8;404rq^i9jP{qZ0JJJhsJoo!6zV{qNz0tlrVN0mQw$1hqF^2+-nyNr5<)lD
z{0)vXX^o_N&yXlu`J=Aoen0Y_Nd&FBl!OLr&u!t7i_Ui0s@TJkR!u)CNSld&OZec9
zS?0jjTRrc87^f~`Kes@?JMLJrq=~gHLn%Y7^^$7drr7cfZR#*KgrjxM0;HE$sph<|
zRI~!M4_PUzoNP>qS}47}w*!6p5s4`<WNW6Q%&_)`TyFNV?YE<+do4Sfj>2G?j=4a@
z;R0>vEQBenDlK1Y3W8F&py#{ketL29I1PPEJ!y)6$W5JfUw%1i>Ch{tHH>Or%$;m^
zCQ2TjUf8177UYlSwxIvxjX>!l^so;|HFuBxzSU0L-+pd=tkZF1TdvdMpQ0XgyTSTM
znKtoUy4Zg6a#Z%s+B;SAji~gu2aDcKo5>v5tcJa$-WgtB1<?aew&l9@%t))Ff_zXF
zRZP7DcP0$5tr@eEj&0kvZQHh;ys_1>ZQHhO+qQGRb7#)1`4>-Z)%GW#2lgz%ND-AF
z@mkOv0;%2BmfSdoa$KN_R)bstgU!O@_-Ih_;;7yw%-z$Q)CBRB$>LEg-D`OGkC4ge
zgOz;V<CG*(M`3G0b-uBp!U>KklS7e|6;fR7i`=Wv5(@t1!p%HtX5rvaT^*>h4Y4w^
zv3YN%D>LkCqj6g2h%yTxpl6UtqPA+!i6Okx$|uItR<-w8&T~oSZ<OUze5KtEhgD>e
z(da}gSZ%SvN}qE5gD(`j+~XK!)DgHriHOHhGS8(HgkGv^?^U1Tt#(m{^j=e5Szg88
z4tJiY_xDx0zfAVnk9FD1@@#@8?l2&5-?5&ySYe*VrKt_kJOy@uSmJP6*qfFCHjc;O
zY%l&{uoSA}LD?9}6J>xUC_#fRu8d*K!Jly^4>Da{a)U~$$&WRJS|FR2p8_nXP~{_f
z(C2ee$Ln&REkT-yjXKqQ-^cRO@0KK*ZT%EQp-~irg_S!l4K}~s@8H6W8x!mDG8jnJ
z6Ip^&HB-Hp)t7xh@TRQ2=u0z%0(gsHi?(1|p>vyMz)t3)yThUoHAgKk0Y|O&QBX$X
zHqNFY9CxY4PtmNpJ2nItHw61JN(+#zevf5%NzsaJ-lGozL~65+gezGMXmhOc7F@(S
z^bOg}v!Y&31dDlt)l7M(v_DhVVFO8X9ZEh=>_w)_1!gyZqz(?nZ*0lveyn4o!%}xO
zSziWUr$hPLF01&T8hfqGsDb*5|7wx3(bu4@2Trb?HUiD|`4^p~2`YGavNVgH&YzvO
z5m3;;7DT*Y%EXFuN||lHyqZ}Vlx}3*3Ny6@vMZEfpL3A+^ZG3NI<3y@Z|xNs91`m8
zug(pMH~3Qk1FZTW{E}^t*5hp^p~+zt&1JR)ei9s~;hm-*jr0S=6#+}k$K+=}+T5a@
zE6;7|;1`331>p)V7J!c)v#z}1gBJbZ*i)WD#jz6BfMN!m?{79n3G}%-);>o;C0Ci2
zWGUiV&MdUiWt?9=aJAH0+@FeOW#cBG0lk*(@8m(iJk4o}g3^_dyKVX1t}=nY?U&H4
ziRUs!&5QrXoFQbqyD|P>wd6EYGzYc@Ii@Lg;<AS$hzzLp?7=;?R_&?SDki#(_wMfx
zX4Q>B5qm_t%bxUC;T{OjIgp!D9b7T4?jS^2%lSTUWez>mNlQPT@4paaPzNxkb|%g)
zPNs&57xXZ2OpN~v<(!NxiAAD904?d-%NE3)Pjw62KDyijFbs$<F7O6vZ-2VTn~f%@
z43KFuK<^O`hp<#i@(GCG#@@k48WShZ%wcAjg`C^l{oQT<5ungjIAi;6a2Fo%VfD7!
zpLH@{WO?@cbN4!kA#Vpon0;{fO&EI5GJlo}8gu26@d!oE2AbvmHoCtFsEv>P%lJFx
z;xOdWB}+aly$L*{>|%3Qs&c*;ey)N2C~0ZQ-RBuO^Sjrs&|gw^^WrH%CogTr7c+RO
zAGYh8lstIa3gE*AIGSJ5=lkFcu5-L~>0PbwoD2S>O{k|nC_gIl8KBAfw~GXX-YE7=
zA0MjuWz&muBbECP#ltHA{um}@8+j_B%{O_*H0R)FLUVLmkHy7BNPw_vhEkV&DZbL?
z0+081X~eOpGTp>>-eXYgJ!yZ!@>en2M^ZURY44={PI1Eelld?}zD);YUEqnEgpKdd
z5}bpTmO*|_p00+Sp6+L|I%Ay1Ps?QvuKVfm^=j)PH29W-2cYW!s_#dzm`{6K(W9!F
zOY3^F+j}<<IB<m7-c}5%1?yj}$_CIE1?pwq^VL{1uYKxsLZ->ihZyWB9EzDtU!`)#
zg0wSBY(Ph)$tR?dKmJ}Qp7W{Zj6La9dMS_3n?+l>nBjakz5^hLxUo+QvZu}p(rs8?
zA52os9AVX45ojp^hD8@L@PAt(VQ130VP2VX&#ehO6Q3&uD}o&ht=V%tx#8Ge#gx`b
z-g~)ZvL?y#NBRwQ+)OocptZkU6SG(sVZC<Z9hfLTyJSMPKk@{CfxxmZpv>HYo!guS
z6h}tG7j5=OVp+Utj3PtUG)y8hNo2v;JCAn-f6R3Z@YDYRXqfh(Q`51(uV!`v@8|z|
zHWJwAFK<1pafh~r<DkE}4Y}_)p`fMlFoGm8{dJXGYr0O8TC#?l4UvJLksVbds{=vg
zXU|v{ca=hrJG}EG5{1eF0vkN$U<`)U9Y!<`aTxP4Ck5LnAzJmZj3+}mH#Zp!Qd<=!
zp#BOr>Sxgg4C})2%9Ct>mE@G79VMkDV!8KG&ygys@>Vf5uv6#TEdq%pBInEi;nAj2
zrw2Au$<c#0OrVeuOJ*_CD1@L^9CDUoR1Xs#V|8OQ#txt1+BYz$b)(Smpvlv<XJSYF
zu02G#X9r-8Tfq2=EMMVZNcPcf#AB$;7~T|c0qCg#Jeyj?K&8gyCW+;6Rt|Y1-g>yS
zTh>V)H_ZN7h_6rxJO<D>WY3fZ3o8|zRD7s7drGJPQr7FBE}J#0pg93r{koO)KTHJo
z(@2om<05ZBXzYyVa6V5O8l@w!%m}hA#bmB}hsRO=sFgu?Zi^^gx}zYBmq;oO>`xqW
zC``tH0P93+-jWwNR{`5GA_hwBBv9}exJpLIU=)Iu4-eqKW^00}!nAt(acJ#YY5b$^
z1R>1K!l)MI4@#_mXW$K5e)1KZ?5^A7J1KM+>=*+Bz%9Ar+g=H;edl;X;n~?@2vV1M
z@mL7rubRXBO?U95Ah?=$N?qg_rTT3UqC_hJ1kdirW~u%!Q(=}yC$`OdMyT)>A3_i&
z9;BFoZ2~2tOcuEE25A-eW03SLa8L+kgF2sz<6KfK>2#k3sJ)|Mq3#%xN+~W!c3PeJ
zbaqN6>c5Ni$}=g#53r-hM77gJBsl=gs?c3Vq*u+U2EM;=YPSPQj_Ezw4ZyB#b7TR4
zoSKYep9)&xbAgFGYlSF_*hvhZB_$oD>agQrQl`Q!96^<eJgg@-t%QbW<PgW{uj{%P
z4*GA+hlsh=6!sZAcJQgh9a1-JO`c1qPpG}+ST2l1hEy}L^Y(REs6SowAU=B*G_#AO
z^KqiVJ$KpsHDv|f0VQeTaaUnB7V0d3!2@Pa#3?>2!eQ*$XV38$n=)9UD-+(FN9aqN
zAqv%(jbKXtm@Uz-<UW**8u3*lt)34*T%rpf1)@&m9-js9pI>kv$ujnY*{!v>B?jOK
zEg80A$<30@ARFp`Uf^pskes&}b=>~80oL4AL?xz`zNlckETnG!+kUQ4d_OdRGw;7%
zJ29G2y%<-#um^;wPF(sa{Kwuc{?MnlBmK{b9iDnD{M{Z4VwdGHryBy5<7DNE>RQN3
zLr<b4WMv!9Qj&CN1zeNO+6$ZhLSY&GzhJ_LC}dr&%{4^waNiei%{ZD*!g#jS<lf1H
z3yB$htjhrf5p~bw0v*D`iv^v4Y?o|}Ng>K_7v0Vc^E1tJEus#;K0cvUsNFKv-R=%p
zuZK;Mq<gJ&bp)GG<yV{|DID*=V|0-_?0?(>%8W8v_<04R>Mp)T@vB~t@zAMh=~v%%
z=R{wKer}keOwe-Z^(wGSse$e8&Fl}H)>(BmDJvEmCip6d1mA;W52CaH%R<Bs(lN;w
z8F<-UZ430KD?zDt^;;FDl6Hk$@s-}&$v#KEW$}k}rnLMGT;dlYcHQpE8j5;sth`ps
zS4eBRXmZ?B#4q>1#j}vl@OcBHAbG`wl(+u+&#mDzfM+}~Z1);opHdb%;y{^tcgxf8
zU!_AyA>msql+->N#|9;UAZ(c-qy=tfho&fWD6eUDBSRIDsWa+9a&$|*d6;8xvU-U=
zL8YE#;-FO11vTsw3(`xZE3KY<cQ8bVE>-;s=A>4w24=J!jnu24c)J0JT@9D5J(t%M
zDf6&-#SBQeFS?pBJ_WlTn!>J2?vC#6`9)_rh*tqh%<jdoqJk%2i-=ka&#*GFNXSSw
zEyIA=Z~7KmMZ4Xysx5@DafGzm7Q3OKtLI9$i%3&8zcW%}xagQ#Wg<gM+y2oa|Gffa
zC*S-s<>y;Puy*7jhA5Z&OnVxG+jHkkeIc4~(58(TM1Dp9<R`QRekw_4W+(jA|1u(I
zX~Eg2IG?b&GT9g~>cww|Lu2BecC|Y`;N*lTb)2!BJSpZ6P=^t<sW9xegEI8T*DnYx
zEH6^YvI13Za{28)jKlCoxtAEhnSGgH=jXWwLLMmg^$4k*whPD|09i8|xNe+#7tqvs
zwk8QFgJk9G821xG!Jxx}c^*5{$&t~S3H?i}Ct6;lfbj(QI9-Ebg}Qxk$!3c%4Qntq
znVp}=iOTYwCYa~R&Aa_9Zg?+?^;s@aI4Z~Zlg!?BR5&ZS05h$e^eXG}20T>W-#^9?
zi0BjE^R8F0s^-r<2Ev70h7m^`+CFEBU>&U4*Wc;K+xHK4tM<2eW80&Cc1!itT<r4?
zfBk-A8=p2{mW<Ljz=0pFY5*H!8^c=RGt!2|xTO<(TZy)Iw>65hCfYi>D?%wFSi00R
zS!92?@`SABWAIjRn+%@+WPUXWw};w2iFeBne(;s0?zrF)f1E92{5V$3%1)!S`uy3<
zHGZAJix<CjSA28O_A=s~?zK)oLCotz&V55q!QPouo(W$p^Gm~b#r=tQ>j5wQ*XeiD
z_ObRhq4XO38SS0o(XeU!ufmq}FMH?vwB647H2WX`$hT<p?SCo{a7--!%ad#j42kgy
zf`DnQ@kkbSq@GvhrF8|<>xp2Z{ECi;z0CZ6$ivOGP|iQm^p790P`3G`jSZizn2Rp%
zbQ1~`EA&E0=$;?Dn*ezbzbqAU{>nxC-k$HL?Q{OOC!>d3{NCPe{++JCzg=l`H&6Gq
zi?5Yj{o?q&-#)6Z$27GE^<|au#}B^m$AH7I*3;3=IAJFwikNfB&a7osu6nu~DpbX+
z_yd^K1F9vZ9V;9u`UMH(8;hj2K@7)A$~^=OtJ;LMqE>;}kwb!GON7FQ9Q0z8@5I-;
zSsL@%H$kBY!qNBrz&w01MfS<bBvJxN5HDR4r_g9bUINpa2?9to&IONS2fYaUXux2v
zVN%`OwQoM@;dd8?Q4|DFvin=m)Q86{dIIj3=gBBT8s0qAJ}mK2BKlA+bRY|bL=pV0
zRcLXXyLCojy$H<&r%b|W=jy8fq1?&i>XQ&J8j@Rck^^9}p;Hw(yI8u2mS@G?CoFJ@
zV<Mc!=vxFv9;wP=ICDt7Q8NWv9^l@5{VmGA0WU<*LhYAGRxoELiQnYbVk6kd{JvhL
zm|aBFFJ4Mt9s;*)dA?6P=-GD43Z^wL)aE;-DSCfg7`}XV<}!X_!#fx%)6A+<#24|O
z;PnET_a~A)fTCvD)EnmY$*N$oEP`2*iGvqzGi}G>Zx8nZrE{~VB-PN^0-!Th$1sIQ
zM3h+nRpfPGB<q4mssYo9GC4XJjAp#2xMon8G3SfwqD*5v$pw#(X?SSlM1g2J32xNE
zR(_ZO=H7&s<#=K=X-@U6+!#bFCFUZ!Dkyjm%xj-)*0#Ow&&q89px(8W&RM&lyG=lV
z|18McC}(JKHmq_XO}n9X8o-${bcUYhanv@0%hfqsLz`CKI2|uER^%X*K!mVKN_+~(
z)M~+hqUtbSlTGt$V})1@#>((t$~V4>dPYS)FHps9zTWpTD4UmD+2kc0)+2O2M7llH
zLj$M%7e}`7EWv!=U~E3^;qzJto@@pO`eY^+=tMw8vw_kQuN_m16yVg7bvjXP5g;R*
zQ=Dc2cs1?8Yh*C&upky~sbmvXnb?7L;I0ci&(&Q1$J30NF0(fWR?wOyGH#OQn8c7#
z-96K2xM3-61pKt2`9!eSmNBZOmOxAX=TUMMOF75T<5==Hnj|O~8gohK5O$#3iJpm~
zR`Ah=k;|MvhKOCl5YQ7U%@9G$)EHD?K$6%u0y}MH$By!8Kvo!^Eqff#sZGw!C&aTV
zx?>75d=OwF#tkn9S|=d}W`pZ*LMo!D_EAxOYLPv){($iT^ALkcWpI**O@^XGbksF;
zwnPS(quZoG<imbDUCG6B3K{B%F~+|bl`Q_Fo5@fE>zFGg1c;%y_)ksPH8yNPrde?z
zT&gk&Z$_vxup}R?EelsH+M8!hTc{q&ydLMrHN@_WlC&l7SAUE2gpOIg{p3pc(ZGtF
zk5wO&jh1CgL`i&_c$72M-lV*86+2&to}?G}cYN*2Kp~@9r0v|DOebtO=|h$@I7S2(
zQWe`KgKQ*H3>ck|u|hAKI1+3#cJ(?8DS>C~5k6jKa=R8h>!EmL<)=h3xmFpw)QGno
z)cCxc2~te+IxDR5q5ns6@-z*?EzwSj%Hm{ySw?>lNi_l?9M4x4P`&(w5a)_#^3ZKG
zTutSJ{qk4Tj9J###0=Ji&3TflVvAd}+a}eLH?(+C1;A)i9k(u%#Wne!a^P!w44{qM
zy-0w>Db&9_bs7INt`abXPs<X`jy*<0P>Vu4E<>HmAR974R72TTSUJyzAbLAww;ASa
z<k4gjnL0|LP1Lpz-QN5U&tJ8^9-KJy`L?a8;z8?1V+{KeYMa_xT1@NCB+6v}P>H*^
z=7yF-0nk4<y0tyyoA9cmRSk6#?Ic}8b5OgI07`Qy>cZ=B;%A#mk)K2)Q*~wRb@M@D
zl2X267MH*<ThERB=Jz17)^sQ;7lB$RIk()ALB;CowL0B3H<Ti^X?rBKUnY|IRI_1i
zz}dW20)%Meyb2M0jm$kMty-OYc!pPbe`!Eg1^BPr$Bz4YENfYi{6i!j)DsKUJ{q}=
zCv-3CwGI<C)~TD|=EgYBhxe_*eSYa1+B2P}l$n3cd{v<p#n)*(jts6$_pG8jG1~-R
zv{jK51@p1PV=u3Y$z{b;89o<yz#3D#<~i@lTCj^(b%6!3=w#f;;hNg5k*)<kQ@`C>
z2PlpNvdwP`8&76IA4NAFFe2cV$PYm=3jKXOKHMFw#l;$sK;da-*)%|bdl9KD?Xpj7
zL!|nVcw64<Z4}t1++y*Et*r8}pv>}Tmzuy7)7WoDl=CF*$L~r~qbkSU>bGcfWY}1#
zM0rx7ev_h#yA8+*Y4?vraSHwS7)k<i2>5~8WN1&(3gre~6~ZjEV~9YgFcd(A*xQz}
zq2?Vg^+Lae3AE@20+p}YHl3G4@9ih~eE%JH@#zwz?$K><?*h)j<Je&+D7B3SiPe#I
z6UP}Vv*nB4t0<lD?`m@L_oO^PC~lPLOrgV7cDN@2!IiUs=VCa}=Q*$Qd@!2b1uR`{
z(voa}Q(p7u5RaBu_t_~jpx316=(kGbCYR7C$J`~-+}Cb4dDV@5=-GoeMCNTe&?CN2
zc?Y5jR0Mdcmd8Xzbi+J?Q)#6BmvJ0G%Fo7S&z+&;E22Zd_01zuw#DUTGOET7&Api}
zlhn1bhH=&sQwz2HCq6J&?7#0n13;<MN2k*EW`uub5%0SD;2^(jBIf2$VxmBW)czGk
z6oi$<W{>hxV0>9&UXxr~m;QAU{*~c1e|2wquD8vmE`|_khV|4%rC1FpQd&f>VikDQ
z4B6ddeT-c_s_T2z!1gZ*CDpNoU=8b%tF_m|LA$uK?EFN4NkxLL#C=rv0DOR_sjd_)
z`Wc@UWIsWv5L|*9^nbx4h}q@~osY24l5o0?sz92M525(~0m9uw7J&6<zmuv7r$mrN
z5E&rnkVDXM@|W4O1QH4+aqoi%Dw+iv7mk7rUao0s3CMXqkt~~dQuwPL;%^TNb>MC#
zW(mBN@v??%Ou@MsBrcM#1K{z`7ki4uK`dS~3yLc})B&!M0l(W5-~Z&W3r_7h_9%Vw
z4a*4p`C&|dR1>(!gdfDBZKLBJS<SVwoM|fi_H{g`IXf<9BnpO<24)_TDiC;suQ`nr
z;oGk!b5=S2BxW7UIhC-br`=%T!_}D3ZdBck!+qJ{<b5}iws+uZ1Po_Z1#C5qVa{D}
z$9cwOvvMLnzb*aQ19!+y9tFcJ+iPdX2_8mM-6F9;N90Oqo@d*1mzA%QZYj_AsnyaU
z%V8g1kxU)A#xA+DmEX^`PTA2>=?n>oEFIB2t7?ADpKM;IXdD3cyFSx<M#EQ-66U~V
zQ0foJORDBf?wt}w`ZHE(7H~AWm<t`J3;jQcm{_X=4aUUE%97ZnBM4a5{!eafgZnSW
z`Oh_=h={b;KM2SXiM|7S4@mcq*{Wp#9gGXx_h&IlRFU4y_}2O#x|&+!NtEGLaixwE
zkkVh@uUC_^StySTG@kF5%hBCmr;pj6r7XYC)zOb<MnbskKAn=qRem|Z_7?Qs)AOu+
z(9d5xhBWSNSu+;m4|0G&FAj(t2PPzQ^iR$X5e*BP<&y~_1kMyr&h$?<egG%}oQ6d-
zK<pPpG3@^1`8Mu!byS{qWW=<q4bAxEMsneZCBhkg%0fIXTy}^X10Y&w@jaHQX&5*>
zFXV7vHOFCH!mz=_EFa|d`1&tazxWrsylq|s7HTim%z`io+#Ha_ZQ}c~3UTQWgxa?=
z?H^?xt>HC*j30qYQZlEh71@0VYWL<q?F)JbWgmzVkxY6qsLYI=hZ%lBt8*J>1Lx5{
zh9=hH_XE~7P^x(j^7zbyn5+J3dA8zvaHMbh6Zq50ynpTizIJ=~C;)<ncNHNDbI;4i
zGaf=`a2TSW&Hxym*8j>5y2Rw4MgWl8St$CI;ftajLI#&wf7u!Qyl~pz2UNDNvxGRy
z2`R!?iL}QT4Av4va*%XG4Mi~5ar1|c8WQ^BBhF2LNa2%svBmtYjTo7kXiu1?*9Tl~
z24^RHHp(6aK0TS85dHLsYSwtj(-X-n3N@Au(NonJ8UaF=CYC>)<N&bAq*l)nYYE>V
zlYu#$ND>XF0Wn(*h8+AxcGA(OI&0VkN0e5i;38hiCe#$h&V@=s2Q=x9ds1Z};Pc<v
zxqykQiqXY@{44#6*?a5_acxmB;ugHqxK`ys2xiq8bw!lUn<7byU&IhmJ=+o~Q9(?B
zYjvCNc>tI_NpPS}-IAIHtTShp_W>|-qED!4+Zs{4cE+&R6(JN3^c9*=#yk=Wf|U&L
z6WE8pSR5IcmoSjzUx`bwj3?QFJR2E-7CES0&J0+Cdgr&4yE?d;oJC><3<wF0VY0mx
zYB6OPv{IkU;_*O~Fxc2T6}yY=e6~2P82fckY5>6qLlMgNLU8NW&w-A6y`5P^cdF)J
z>7#Tjw?KA%bVQAwBigWyqhjbky#d_qoR{&O@A2iU)g@VJ{e}JvYxhhkltQp%v+YSi
zUpdEIuuV`po1H#=2qyvf2|lM3M`!s3l%G(>2MhM3^z^7{*o;v&;Yz3|nlQ^%;30g`
z$bfW$0!pq>m;p)}T4<<2-6=OcMca|d0W3id1D1*A9L?=~U;?%MylnUq*AdS>v{Yiu
zfLVq0$K>P=+Os}A#!1K_`R|T5$KVN~!+_?v>(*@C{uiz*bT`SF3gKiBt9c2;tpq|4
zFsV$%i1NC6lZxkuFvrsjI6H>@$<KVXEr1bq^_B8&?Kg+kiS6{B=CMJS1slf7ELG9S
zW!v9mkHR3q$<hx__Ej{B;$iOeHWR(+i9Tqx;q)NX^5g3k1p0#>(;x9hN*+W1s)xmE
z?3|O5c9`bz0CHOV<K2k_Q(9@HsP-ttO<K5x<QN2#AbI)MyDg<5?6smmU0nO1FTl_y
zs{osHsENgZ?q1Y-xMg7c1j+}&r%F9@T*JXY7#5c9u`6Pa-h<!)=0ZGfN(=5_9X#8_
zl!KRI2(@^XVO4yw%8cmoQFv>g0o0%)YaY)TUA=mph&U*8hqK`a<wzWEZtNn&0&J~_
z6e%wC7ISgF;5Q`f#yPTJXVi2JGyoffh_&!)_+G!-^)gA{XpYOP?>-k9Zcn>u^vGyr
zr@-8I-Q&fYAg6oS!^!a9+54yg1Y>bb2aXRfH{hl)_0A&(@vVzk8jD@L6Z^YP_%igI
ziJg&@fXy&t5wBdy;<(E>r{GLM)3nt1VXTY7d0S(Z8Uri#U!B~Qlnxc?Ux3YycMthX
zsrgu%A({Qb=(m-+eCwT1#hC*#`?BJiu=EPGLQ?S`W5!3L3NzU;B`1cS+d1t>dg*38
zFk$6Vf@~<&C_-&PtIo1$Py50*gAQp;1ujybteNBuWyRX{IBQ_%R=hOlWYn%iDBTo|
zlLY$3YOebvm|-4LV&%t6FhFxrZQ<8HavNUJj&VrxVo6J@Av+eDeB6N0i@w5=fb7yq
z1j(t0VEgpXoiT(@%ptAPIKzM*RTPpB8%R=l=W?o4+gB)Q&zxpGYtI+au%KNsMV-`w
zL1;6Kxir1j;lOvn@pZ>@X}RT|kYnoI^Q9Onw;k{w=2lCU5~|4@PJsAQuWtIt(Z4T>
zjkR(*;mZs?Px*PZ@<O9^>LY?Ad-`b4)d^HZf|*7~?Z`se{|f!rwXxe$Ty)J1c)_yP
za+`3SvBqAD*WJL2=Q8^&y5x~MPnkR_7X-A3T|)0<3=O7Wek$H>QXyaYjDM6Xm8?$V
z>$hZF*;e0pt50GI%>by?N-m||FRE{|N&0(sJLlf~z~`Kbm1NUWU?l|EgqB21a<e!#
zms>@YD0GNppl){AW)+9&#cS}(H&~dXl{!s^Arn>Y01uP+Z;`{bp^A^Ivi*L2N@vNU
zM-emoG`{t0WqTEtgBOx>4O2*6*JXX`j+J>PHMci8{H{&n6aYfAUm>|s{W`LzG#paq
zkT%sfKwOgaljlvq)w4f-P=Huj4fm<KS~Huv@?}fKqIq}S%05knRg#_WCb!Z_*44Mr
z;PK-^p;y6OWdf*3%TBt43hN9TY`x^v^}T9{i0Sg^P1UC2G3+HhNUr<w+TsU>(xtVN
z5TrP$gz^ct6X4uaaB=3pME2rXCXf}T6+p)RPZ-Ci*3D19DGZzI`)X%nvI>25@`gK|
zbH;D8iZV-f^-aeioa!)g!?g@4jHZXF#G86Y1az(2d*5S0=5)J4hYBhd)<4N*fe3y&
z5N5L8Q;iz0xWbBr`NP*i>)QmP?L7lITJvo8x$J7l5K#7)L9!WHnFVey%=XvEpI=~c
zbjIz?&GeT#lre(KYf|nbZ~x^Lt4&H{K`r&>6ZFidr5%wA9kIJTL^qdwT*Se{3Iw-k
zhDdub{->=pdpZ){-UR$_<AQ!LIhU8)AY`na5P#q(eoiPsRK<nk&%%tyqxiX>L5hXz
z+!~TEHz3IVOcs~_z}BerUP6G-+6B4=-J5hp=QSH2LnPU)2y*2?^!o4FwxwjM5T=gm
z$3z(y_JD3<of}cFs*?|M*TyhQGXj>FX3vt1NEy`Ebr5bvYAULdxFSNz$DK$a7j<VK
zxYY1}%JoowW#HiXXot)XvZ3>O%Po-MT2VAPIUonKZ31KbozqgOvG*+J2Qj>=dwsXk
zIKjwR_ss5WPvKhl(8fP74}GsTL&{K_;YaS}1?jz?PPNLOpx2J(SMLe3aS2<kV|Bd6
zq_!Z~s*=R|CO4bvN7XQ|F}!WFj2)oI$~U=HpqpN-Y^_P8o~tE14~dVv;HLI8{uwj#
zDk`k_h-13XQ46m$@@ukJ(M8**;7|4^Gxpg2@op(!+>PPHNZaK+(ciKA7D{a7#Qm91
zKMsr(S2}U1Fzuss@fUcdJs1A}VkMtBEC?fGqO`d%KsN5N1+nM$zp)j6-I;h4N&~~b
zhH8**Qr*0;f>JhU1QzfIy@ywB96vZwsU3D%1sb&$6DN+WICDM<*MP-Z``#>+Z&`nG
z_QUhZS9`$c$y4r=N_NlJTZ>N@XHh=<osk^=FW0vvYw7#b{b1+91VxM<Ay5B&wy?kE
zwxLoYKnM;hd>@-<S(o!eCt5B1uPFgfcYlGJuX34MTYjmxi2VXakVwCE7>m;OJmPm9
z$N_SW2yim_1oJkwY|=9>zQ~~=S^>yio8Q;d%a_NeTif4ay8k-HR=}_+ZDM+kjl>#;
zAeDmoj1Wsj<R>uq@Kid8ELItnb|RzwHZ+cW0Cg?TzY(wG_uZkl|KR_r?(-`#CN2mD
z?y)Q=W3RAIq!nh%!avO1feC1TescFc+wAQ7vEIVGUl!P@d#JPN93bQO>`ZiPO?01n
z|4EF|8ccllayy6q4Uf$M8R<XSma!aZ$0isHp@tiBFTpf_EFk;OmB1`CD}Z&zOI(HN
z1%&VlkfNCH9cECb1;Gs?(&-C?(S{Tg$<riq{~KZPp%$<2WDsUh0vlSIdcIopH7Z0U
zc<kS#Znz9L7qzTs?#0Dv(JlKuJf#0LGuj4kHB)NsO%i3k4B@gC8lA*+Nr;YxB}W{r
zo~cmTA0e5)b%dCJT#4>^yULux!h{Lt2f!k8mw|R(X0i4CIf#uaLUrg_D?|;fEbklv
z0x@LO0)8Gc#;F2!GJu$+o;gZCn%TIiDx23cYcH6khT#93XME0uNb$xCv!nMEe!9)7
zIp~%{ubc%WI!Jf^FFHwvwe662ospMK(3!2`cj~o2w&aMHEGA}f3U&9sy;8zl0uT}y
zWMo{8kIH{_S0)4l9!tApk~IN^G`d}sio!v-a32xXSaO-<XkG(GdLr^0JG%-)$KBU%
z*u=0`(-=$|p#iN8fk6f3lE$8+_U|xcP`iO>jjL-<9(_rAt$~b%icYU3hm)f(NWT0w
zt5yB>Uhjlc=}axv54l!rCd4D`4)6uy_?i+qqZmPB%B|#gBd|_{G!*t~th!#VoNUGg
zo=N=K0TC=(K}BU|i%LpVRV&OLQx~KXMwP(~8KAb~e$#hV!)=&5hJ|R&y-P}-AXW95
zi)_vby7xvKREj9r!u;>*M*e)yX6*IoxO05k?<ul_Sp#_z>}d>u(D2_7383ao$P8m3
ztQe5h7bJ|{c#NTQmN*D&I!pCc!5LP<<0K^At4KH1Pp%*c<4brH^1fdV-5>017nV|<
zj!<#d$^K~Am$$WJk9fd1vYOBN1izXtUDTA_JRXsN#9*yskXUQgs<p|a`5$Y4W%W;~
z-m;!h$P&^d)U*tY(Z10W09b+(Q2I&YlBc|$;Z}wuSkXajWaf<06DU9*!bqJOF)|Pz
zrr;8v-o~h=uP8&-z<=AWsw>Fu&_q#F@0V?fx2iy}NIjB3@_EYjQ1R2e?}t+}Q6-CP
z88pDcyoc$zBawZH?xIU7GkMUhi24~NC{)*0XsW2j$P3GQ9&O6@0j9LBVbSHyO$eOB
zY^CGHYl1P!wj808$D(KKdhW5fsn)D>1Jp8MrV{oaF%zaqRUtYtXhWV6a<5eJeX2Mn
zMOhw<-x5sTy5Zk~EiH$P%AmXj33f0Pnp(q*G(4+hu&Dfg<jlos9v0Y(Tg1Xr$*ERN
zMB5n{{w?{bkYm+PfP5_`Di=Coq5C+;b;@R%xnk844SfttbUuyAjSwcXC8p`X;mVDU
z4i6^GAr53rhzQxZe5{VH+{v*WBtBfckq7JV`#FrN^MC@44x}E8hbSbt*aerD*o-|m
zMcIJ~IWe}o<o4hkQL}QQJ6LYYd_gVoV_rI{RkCONlWa0e06lOgqF_FP?*nUji5YjV
zVRcP6(KEGGnKoJzja3H9x5BsBGpSK--Lb4`-AuoQHjt=<#)zO?%TG%>VhdsSkQ8*V
z>GsMPgsRPbA?*pt^j?V*!(~o9i%fNrQ|RB;IZ%*dvk#q@4Gv_ag;*0C)x<w6n9IQI
zJFy-S-$qO`07i6(J)@VlG(FW4h^5u06hqreK)|bC;Wb%+{k-9#AnGzOwcqN}=&@L4
zC(E!)dGV!|zUczptv2RC*EP^<vt%~=&2Jt3ZYz`qXoyYg&{w0F@koEpcbR{Jc(!b`
zuZ1wspJN0$bva|?ePZRg#_8{|!vvzzZr4@t=elKKK!Zm!Bh+;FXdU~@9y)m2OB(iO
zCJ0YX)tLrM;k2mZ*^?9IHzs+kw9E}tuO5*IXvI_aMaDdOr9qBVEy@T>`Au#F{5q1C
zZBv9x#18JM50=O*Z*B-LLv)%24TZ3oQF#VrAdW(cHzXFJ3#f&+jHm<H6mk{`{_oej
ztRmSRz<Th;9pI;2%8U^H?Xw`IU*hq2yQuG-<aly0;`9N-SlJF*E;~=hoy0BH&ubw#
zfvOZ|;52*Xn&+0ezSWQK^axS`u|I*s;<g!Cd46@Xx-p)f(N!)a<XA#b_>Y~GA>L9N
z)o~ScH>W!}4f``LL?kMhfbx>Sv7_tE@6(zX0Q^YAK$t)OGIa)U9S5HNjgl7Q^TSWY
znHayxCLUg7dYa2lsW*9CPu()U+;QB3cYWesYNz}lxS!e|qRqaOC235T|Ap9Sic~YR
ztCRGhlc-9+QU330In4{*#zMcjMi8<wIF82|9VBc=(7Q*xC+v`$;tnc@WCxq#h4@JZ
zDCF$~1FP^1d25KGp+?X?(TF;~oRyoj?LP-qdecvWLCoFL)N?c@k5OYYkkY!E^I7Fa
zG7_}$ynCmCj0H{CYX?r(MlB^qE44Yctl%(m&L3+<KDu-Ic=J8A`@py%Tc+_cQfhpg
zP{m+W9M7Y*^LptxNDNgYoy*nnrO%}RsFqS_YRidX+rMXgc#o|zqo?JG(pTqNLUIa#
zq^IGqDildh#Sak5_h1v1Hj#$vAcs`i+0^@%W+Z6pGN4?M?X96OBh`gFlooFB>#kMC
z2XTCQc~?|nu3>4;$3$UhR&)y-chyf%@=BuK;Qb~>pTKwjG9S;-`xB$hyA+`ScoWqz
zxRK$7IAA{?zR$z##WKKxwy7ynCdWOBUGjVANpOr8N6NdUk_wdnxCa$g@tKSYydTVJ
z^5JB!M0HIr8yEMWsx~Ra3KvwW=tjn7I2>(^d#sq{T)8go9Hq(FZrKT%Yzd&kH}WPQ
z7Ax8k3frthp`Ug9IRERuReBn+FktA~0b%&J-o=37vR!Gry+78ly*Z&qvd_lidzj)n
z6H=^Loe76Mh}-PKIY1^=-vUuR$ifS**q~^CYmD09?Ij)o2W>8pT7ok}EGakWsewQo
zWfBJ#dSNR<R96*3(!=|WzIX$@@_!v?=Kt^Q0xJ_^VxprUpjk_@lBX51w^yFgd{CyT
zrDLCwfmfP<o&2v811D(<;Sqiv{m%!bs$|8&!gi3X$DDnMxODl2dgqd8uHWa|anYXr
z!U+nR^T+dOTra@=<2H=X(&O`T79V)0(t(lu6y3wh8JgkjY0=%12wtn#0H+FV$thh<
z|34-?2N!+@oL`pW^Cfp@$lKQ5D08}YUdXfS&TjZofz~z!pj-9i=zihlItFVU9-`tu
zF%8AN{rCDzGgI;e*j|<*apjV;=-HJylFj95q`Ssk*g0C!v?u3|)s8h8(P>pEL~m~&
z75+f>%pFHcWncayB6D*2UP4cyXv=jxbFYMBTQmg~0Kf0k?e<08=t9QbG?hJBA~LV@
zCbbI(@Y$aql62tLN}w1iv^3a90(_3H>htC3<L|1ErKdolo8#sg;d3q?>}wK>!(4gg
zB#PY1SdzrXlY%>~B!Z#$WWy3&AhXs{bV4ESL2!3UgfpZ@aME@F$BLpw-=iyz<-$}m
zSAtCgddc4cen@cIt$Zox{^X-YV;*Qpv)M|2(+tmSQ6$Ktka_KZDRGTgGDw64lk3%=
z-D7AQ#;T3Wp?e2cYr3jQ-hGZ6mDt|bz1kE-u7TZ8ouE_RN)^r8tnZm3)*w}to5C=)
zFP0hAdtAfV<!9*cEmOQ@kb_o4&8#q21X<t#j<pt(NtA+|96$)Ke9jus1BC3TpN;~K
zh!Og}67*`%dyP-VSmUuHYCa+8be@#m6barzbv(BB2R!c7LcigR{m?>1>ug5_RWNpv
zLF<1=J$M@6jc>@iP`<wKZ0Sl7Bcn%>Pitki{@tKVI=IDH0;NW6lBAMb9$dqOx}IDE
z_#n5tfWZoZphnK3xIqFLu?;76(oe3W8(>8~qE)=ITxz%LdHfb=RAM#-`tMu6<{dr!
zx1c{#a8z`RJLD`qnIEu*NH@~|;b2DhroolGiyBv*();x_MX7tGlU#lodE+8Ej!yYU
z<;M_iu<(lx2}1@bCp_f_dX8VBXZ;%h%uNcM5*zMi1Uk}3u#_ib^dsQ1(Y*zSiOyfV
zjSst9|71X<Fen$uCz200>wcMW*-P6u7R!URKXpVZJ!l+<V-84j?aYSfiPk#JdUP~E
zWR?sK6_Y`omc}h8?2&=v_7ZTR@PzdJzF!l6EbUThd_B+NU%05H9zW3%LiK(DPM=!Q
zObkIx1Z_B!rhrEV7Dhw4a|m&JWl`-`GnhG1%TQb&*CYn_>+fZ>OWg<|29<g4dw3u8
zVuB0<Q7}Q@rfve~$fudRfsZ9xR<4J~);*(=N{3d4<4!#o<A{6SN3vsha=UN$94)}~
znY0kl4w8*tyz9N^b)fKA9%f<z3Q}3@KI`H>x($_la&nJBO;`i#on)SuLVW63Y{)Dv
zohxFU-1rcUJ0ClHY>XzO{xW1_VZw{G%RUcY5PMdKlJwv4P#75HKyjAgFyboy`6^<X
z@uLON0mVxuT^Y^luWut(g#j`9AJ6t1n!~bt^taUv;x0K>e>%M@flTZGH*lj}+Qu<V
z8<)^8O^&<1Fwt>a<X8ln*`&~BGfSAs4{MCB3=T5cx&Fk7IfXMIs&6WN_{|pJF5r8J
zL%ny~K-tK5v<p3R9-Sy&)S8^(_SfDGPFDruUkzHaUP^2?wf0ziK&k@iy6kT7_7md)
z<4vDVOu!CKB;@5}b_;a?b055Q1@?6sNVyLgXtj_W_xX8>Rifo{VkM?Vo$Nha9q5Vm
zmPjD?eG(3E_u-gv7A365ktde<Xc>+1JuSTcm8Cz8{Im;c3P_+#b-ExHqFgk>$kuHg
z{UaVj<4Mm$I+bwW7H`P<e59+8ga(Q8TUO?ZQy+7CT<CI(imDR;LArCX*fzQf6#lSi
zPo36AEu(qfSYMmDV!`1qKAL8(La&AR{Pq#8NFgF^R3iiSwDcK1rCK75ZA1d`{NUVX
zJ&h#V3Mo)IMAS$@=o*gcUG2b4x&#R&_$Y_!N4opvI;)OsP4cHmpXkJa>ANDT&y=RN
zEYoOw)4~v!!l!D$K-@#OuMckNOR&kiNk34630xs%S=1Eel49Z>Bs!RO65Z5s1ws8_
zuTtJowP+3vfu1XzR2K>p$;L-A#b})`8X1bsi4I3l@&{6Ey`&3OHmR0vL#}mA41r~X
zyik)D<#&aY3hAWwT-{?J+BL;cQ`C)26bro0U&MnoYvwKhFtsA16O+Ssd2w&=MM{Vv
zSd)RZLV^0t9}7P9avm8b>jaUKsZz?o@^arOzu1O<MOq>TjAuf{!HD}j;e3cYREPQ`
zWJD1~@`p5i5a^34%{by7Y*Y5b`^+MZ(l!|B>s*%>U?P6*ppIlmFgsQr{FkMkWnmG-
zWEho{zRw7NzZ=j!p8wTfRX_#l#b!wTwj<E5i|Qm9@JFKRhQ$akRU;^+3n&vNGSq{r
zH>8gU?o#lxD={(oEMeD>+uChiQoI!51x4&8QIZkbDzuH-&cHr6x|6GyCuC1()MvcV
zjMs!}ECDcWDPyea1Fp~A)WhadB9p~nZ4HUoFWJR_5FWCulS7z#S7-Hqh_0oslcq5w
z++`zn&rDUZAxx*SgMyWxSeR0*i2s%3N?TgNTb?NEC!n_ZqFL?+p0C?^JZ6*Ex8_`Y
zKkE!v+)%l%$&5x?E@B>UW4z7i-R6uocQQdY6Yj_Pq_Al_V>@-RGqeXG|MknsFI8xy
zI4V;C46pXVtuf*9v>9Iv<;T5E*PCEYGo0LVwYE3_5)dWqHH9X^T5&ZjsaG+7`rn9#
z;dNs}CYJ97&82k85W>f#m~ViM$f*7h4}*-<JC@LDbNgbjJJSqkx~Y!TfNT>gOvyA`
zaN9ge<fRqYikep&-SJtm?p)Y*BhozXw``UIkf_$~B-WE@O6PiuvSiAlu63g;3LIIK
zuU0MHf<>RVT27vq6X=fZx-~jzm@O#7Y~f?m=8iLx(dkZFxZSPIrDy1ApW;W2--0#h
zn^*8QFp)o;p0VFI%-qdk;kpemF1Wc<P72n{^u0{lD;(e%O_KMXDe&#Qzq-=VACR;F
zd7YmGb~SiOv>sav*z0W<A$uiyP;t{YdH$giT3WY#B@o@(+4Qz7CnmhYDdUmFM^czw
z6`|~_c%e`gRo9C5%DT@`{Gy8kIV~;AjQ@t0w`@|iqmEG+pofi34#j&8roEc+lDNbv
z>Pl{@9wMh;4vd^Pt@&lpfo=|~K;UWs13aDB@;v#na%`|Qpdog*dCdWu6DOwcMLOhX
zi}sN*x27#^eOjR|L#fp*mqXd<*EKUCU-9>)Z+cnU?uw4d?L$!DTqgs7B5W27mDxvA
zyL{AZB7M|tl=V#T*4HRs-PcEgoSnlIc)rwu7jF$(_X_Pl8^Z|`2GzgjrXv3>#M?7T
zaNSW2@^nq)(Z4*wF$J%&4bi)#=9|S8>OK4O`-++kX&5v80cKRrvM9}ov7C@u{kK8M
z@1q3(PY*3~Q<OG1q=3Dm%3sN<7xpK_hgYa%d&54HRPe~`6H^C{>WWs(X~6JsmBz9x
zD2%p<B9pFusvOZhRM)X80CvL%NKUZ99Mqc#`?Xb&-pTT4s;$dVihBw$AzKVKx?9@w
zv&v4g`5$Z;ZAg^>xa;4miReai4rjtTQ?J*FMPk4`Ph<#P<Tl0&R(6`x>XRu;5y70u
z2qzJW{fIci$3g2uuI4(ZU-lk&BZ%C)OwCHId(>9^O2;JZX)jf;zW%Nd6;C`FJLklL
z&&+q>*=tLud9)ffiIA*EdXw(v{y@$p^zi&Y;LP^FQB4kJhQwK)|A}h;|IK(Wg%mh2
zh=eQ;|8?2_Y5&xGfJDj#q)&f+=Zi!X;JG=u4G%v@*ru1feMxBPKApG5>C3_V%5G$R
z8OinjJRZ^mIKJt1RZI1Mza4)+?jTaVn*U!ferrnda&fiy$4k{~S^ZgK)`2wzuyMBt
zNPo81=lA33<@1ACqBCQ{>*x*qIVz1Z{6IM0q*M^;(DDu1I-s+Yn31V$r!vRmV(JVA
z#fWPf<UVm=@yo8UDwN(hv*gWmp{`l|+ZDI!+X3-l=vv5pIN)t}Q3JO<=Pv3}9dWBO
z>tQsIOkO(*IuQ${ftq4FL5xViw+K4`*d&&hNJ!aPeKSIkIfzPid94?EL=s*)bbfK>
zrC+@rOHpB^<XLH0mQRS2EclF;!TQ$mT^sNA61CPwPMcg<O9|+!Rn*SANR}4rySBMp
zhb$q~703p+3<-ihZTmozD<LpIQbX}xtIxSNIN`Nx$^hjy6NHVt0;)%*owI5Jh&Q2`
zSScCAxV0VE{$AZo&~}gJUH!97UC$pxsu8_GOWICqt*>@I`IUq{|Cri@!xq;Lwce`h
zIV3KcB}kri;Ej)^zKfrN4Mfa+<YjWuNTt!$5=@2772NQ`b_kLeJb(xf+(C-bIx}il
zSj%>`#M|F8^+Z^7P7xQ5g#)qx+!I+g*N#UKhaAjng8Vg8`y_&pQ1UTROPsR{5o>58
z9&~F&&PfO~D|(swG;eg9_iYe6_t#$VthCE>99)oP3-*Q+V@V2<TN!G7@C*N8zEKy0
zhEfc)B@%7UuwH=q?y4L?4ADd^l{UXlS1iw@z5NsPoA1zl@g;p}vS%|6a5q{<{nbpH
zw7H+RptY0t{)0E3#way=j_6VM4?S$V;i`D`db8C;1eTX%a#C<|`5~DOU|b>auz8g6
zrbP6T#ATr85)sw}EU}a5N>yFL2A9hjbtCX1PI6a$mH%uk6NZWG&81SA>6J^FdHI#<
z1o|$mmrr_n{;v-mV<k%-z=9_<m2oIo$fRau&&_zCIVxtW5k<rqQHJOls=h+}MYV0^
zd)Pzv#(31|SQ^m%WElRU6gcU0)j)I<y}Sz+{jK0=0hi~!23_QIUL|Qej6&fj_GJ+v
z2qsME-991wZ;Y1nqbDxIKTW1C)`ZUGHnB#jLqZIAfvs_hC<-hQAUl!YqLDr}!j@SY
z^LDNZv{V9#;h5O+_B=JgM!FR-)rw8#+p<v(Gc|6{!9Sf9q1{S>dHE~Vc16q!6Ittj
zE<r=&KjNN9iaKuAr{Gxtm8qSWW!mP_lv-3N91assJIyDuoR~o)HE2O&PsUsbkO6MO
z!u`PuP)oZuwM(o3`14);xA-Dp7HOIVWzpFg&wmZn$llc(<SxkWKe5(56vf8G%9*O7
zm8U9c>+K3L_GdE%<JILGO)1Bv!I%joh`CLjpjuJDBtXaIeOw~mFF7w)*Z=~ltG@Vc
zDJm&j8YV&4(I+6jTf&ckmX~ZLMJ#j;`~l}v3S1H*;*CNH5P0r1*5>kuH8t7|C!Tqd
zC?3W}v7#PrbY;DJCkVYQ52hZR?N!lD;}*f4v;wMa`vBXLt0#}F0jz&$3kEPs!G&y9
z<zUfA?7`iziIt0(XCXx2oW<9>K2R4WlP%kN{<yhaLfCHJx5?gJlq0iBX$ALkkfc|F
zLqZ7lhNz1SV7g0!_WYx=)V^?x@hKSZ23l{e!d|$PViy^@5I75y;$k9|OF|6zeHS)#
zd#gTpmFM><Thu%($d%u~OcLXHzdfHd))!%PpT@gfRZ2DqD#&xCApIg7v%JBjJ%V47
ziujJv>Ejt}Ul-cjkn%mkNTXqO%9k^o!O6cy8x-IGtTpg>j&QD%DB(dRc*ZDYg)04N
zRg7el;LM3GvX}~P{q)s$XYOQ_{uY4_f(zfRRuWA;T2EnSvK~(AD+9vKDTD%lQHq+U
z8f&)HMQHUcM5$03F105eo;Uz+f%41MH20zea|w->iy(sn9nb!w>#kQ}#D$tJZaF%T
z#3%<0P!0on*eU`)s7|`&#JUlrwpJV-T&40$?ZW|aY=Ef{Vj~a6Vh|`#YY8^7XrB$h
zVHq#g5Sze3v2LNFh0~-~We8<zK>bH6D$Xbx1Ntr4oeBev#}|>JW;)~}|74Cf)1oF-
zQi}_JJ#?|dTx@spO~oCwR>rKjKof(V>f5UcaJWa?rD?xtxYd)C`FPb3kFIaZQ~$8J
zvMa_*+TQ4iX(qOddUz4`RK5z|4!DJBS`wEvg>6sA%8YXSO2SIYyvxr=&k3{hun^gJ
z)!SvQejO#dZL;Q&WvOH5BLlqzB9C37iwx_SPkQ38<Jpch+qfPxQ0OS}^jl&X!U}E&
zm@|c2p47YSTCk<gTz}GT&fguxcwoe{p?mE@@m1jW94p=Y6g+AM0Yag(j$B!t{7*BC
z&l@4|_DhQYS;H5j0AE0?fxq>x`8zhQ`Acf>4Q!5LfnxtIjUJUTGZvH*UA{^{ue%y9
zo?vzEDoWowIlO?iEb2ksVL#-VotrZOMkotNN?;8yT8qeDrAygIUYQX_4<;QXqyJ%z
ziRk^VM2DKCHqXMg>5XE-Z!?jWoS0aqyh4M(8EQVBIdVW1F=#myA@P6O^i?n6Y2SQ&
z`qT^e;}IPNE(Mx7TLiv}Nbku-wqQj$NteUvY7^f@-sEpvY{F@}xxaXYH>B1Al+wt%
z7db`4momyatBolrpI;&L;(+$Q+Yc%JU1Pec2>0WIRC~<R6lI}N;}B2xG<l2S%jRhU
zLxGJvk|tlF!&4NTFV_jo&RKtP|1&BzMx%XI%k1{YMa7yTl1fa=nl^E|X=brt948}^
zmwG#v<#g1){4Yzs`RLP}cNzx<c-}aY@}fi4#uSFiQhuG0o~gm1I2On1k5DxDJdaA7
zk8M^S)YL3%Wj5QV56~uT6t2wpu-6IIw}K+s_8qD>*AUm$DEUkhbYPjon-&*5u%iqf
zlyp}!glm}rHBI_IJe^~gCBTAg%Qm~zg)ZB+ZQHhe%C>FWwr$(CyEuK{ytzLiSAL0=
z8L@Y~Uyq8vg*^Wg$k={Q=0QZ|G8+#l%4brIX4#R)9@a%9U>qY!qdBcGg4e!s5OYnK
z>#TCa;k;gn+=N+*%g?o8n^EN|$mVrU58OKrkv|i{V~Sc8+BD~Y3Ach(80q?SJ3+Ei
zL4hLaPOazYpc{9!jY)jHa|utFlyob6_Z&F@f!)2Vaht+r`Nn;TBwYO5Vk_n2S*Npy
z2^Vx5ZedsxaJj6V84)(4p@}(>v-`x1aL{SO9Vx-X^JODX4Z-pELtNFZpF#&`ukmiB
zFIT%{oZ}!5;@X73tZit|<_Vn$4hJd}&m-+~7?FiMAh9^Wb&fbSw)ZMAbC8u|>TwvJ
zBj5fYhA9*B{>wf?5e##5g7I~H!)YOD=g(!5pgThzF%DlLYv-fm`;^fW?jZA5LFj&6
zhQ_}V^Q7vMAYZmGWUleC_y0ymj{l2}ENtwFAfdv5|HFH`5SEinroi_joz|b(?g?TR
zcg~=7kpHK`+3Z~Om~h1|1f7b7GMX^+agWDB=JfV@m@Cxy`8@Lb(;RWP*Z1>%asT%2
z>F93vm5=Xa7SS#hya!A6YyUBJa2C-^9mB`><9h35aXu^a(s*_{8u0n`m>T<WItoa=
za5Y^o@5%KDl96V^yIyZna<ip%P+N`KS74I+T93NVels;HJ$zWG!?pDBj>D(B{5X~Z
z*zUD&kx~1Jm9RDDv3@hOc-_j;Bv|-KGvVpvL6F-U2w{=~fq1)T__DEny6Mfh_&+@9
zd+=4kAYw8~yFZ)1H%%RCF<F}jPy+@&>{q}6ntWawdkYIzo)&+1)BC!UA=CU@9QjY<
zW?gu)t+=hRckfK&cjBOCaE}`CTQaRVQQi=vKwFu-gWXbhH%U>k|Aut?MG+U>4LvE?
z{OP$2_#W*VWjSk4gyUIYH1eZ-h0<zckY6!zBodqa;GZeMdU|0dXR7mIZUl&H7G?TS
zqg&7Dp!(X`-B(lJL1Ig2+i;gL!Z23EAoQV9moro8QtvZPQZ*cz7SZCd55`Jx6%7%a
zD>rtB$e8)QJxp6o7toZ$YYiruDeNl1_FF7c4A4GmN|nM*A*1nW9Q%X`zNI`Wtw@N~
zoKtIPK_axQB5lbJff5M9;sKgA3eu+~k_JK-<pyvYI2%8pPKi0p@Mop{gRM0D=a=z{
zNs{vl*7G?qfaMTjjEULmqq@cRM+aW0nTvtW+BOo>Jrzy27Iy6Yjhg%^DxgFS?)$4x
z&r}WZx;;nr4RS4eZ6fLKf^MBHp^8g*)Us$EB{CuffR2x)uu^*JYyfkLiI{|fZ$&iB
zyvHHp0?Ab&?K*E9BCIFgCD4%W?a2#CGltv(8)znDJ1-8I0|b93>sFsxE;C2;M;e&P
zLFz<QECi0~b|0PN1AITnOHapNbhco&5Wtgi-Ib@onPASX^WKRt|D<q?8DTrlbu=yn
zu+DAHO8K_g!j$4<DgxNIhl=|u!mNSwQj+z@j)dZgA=MqhQKjQKJc-j(zxX<!5H-xJ
z+Sdb#fMykiB|hXW0v9rx_aM+P#;=7HT(g^+t5XVF$B!1zjgZiOvMh(xQ$$>XJAPju
zX%wLr4gaHd31r_+R9uiU!gY|Xj1uIAq{oK^DYNjxgI5TbYXL?Q4o0$vsntFgEmx*o
z)lm_g#dYi^6bm&4z>EKR+|XgWZ7bP-ZpLcg$%fi{<hQxP2c;9QX5Yx3T3&nxq_yY+
zZmEg%`posv+wN~s-w+w^8Wb~LwlQXKAH(~$>AN-uz#VE~7Cl~FVf6xVL@t*4PDUKO
zIZE1Wy*tBurvUxF%|mFX+G>`^F?iy<Rp#eLGxlAnGs&T&ARBjAr0+iSuKJ=o!uIOn
zVCeMwzp8N7)nty}otX@J(&#we1C!|RY~IG}JL;`5%c{kzb%{_~hKT}=Si24iW(3rD
zbLjGGMuJ75>`P@P%`+QPtNQVSqcnnhFq5>(J@M!9%K&w=+>Flf5eMBY(Ls^?(1A6R
zVc%im^k1S{_1F;VgD<T4b!>id1s>z4K!+$mrn==BM>3!cUocN_CVY|b*i8GJ?L*?E
zAi%(+OZO$LquK<TB|DJSu*8SLZg$3es&NA|64UZYV}J7Jd1{DrMZ8RqHoC4yI`&?1
z6I_0=ngQ@mFR%N{;Gzy?Npy39N2t?8jDK%(B$V#;^QZ?}NvC7a(>yp#NuQd%VcsH}
zl-cVG4ye?9P)^y1I+^v$JNFgzi%vVE7gR{1)J#{%Q?aOpag2^gHCT<H8(5eZQwP_K
zxWXGK`We3C7b#W%!|NJqt2P$;*kWAEr_1Uvm;xm2hr*#nSOo64Gk65*HTh#<TFZy<
zAv}h>b%5{#BOauC(j1YAF~O8)setx4B?H2vM@NY4L{xsE<ZB`1`H6>&&s3fk`Utdu
z2$_Pl6@t-#jDJpvdz-k5EY)#D62vS1WfC?;m*jg0N27#7b@0wE3fVE6;htVIm?)fl
zX#tF!t$~T+6+Hf-$DZq(?OowQXaNyXO8<oi9a3sP>J7c!O^peY>C&F|`9nyeo0-I5
z?=eCo+pW$vfLT7Xl6P+@KvB04uX@lIXBbkJQq=!vdj84WIiPtWWSnex1BSIW;y4+u
z6x4`o9X_RPipdhh=q1U`*rwZ}XQbP*rwIVkUSy~`73)91tz83IZd8>q54B>AN(Noq
zpB<bMIo4Miq&owBvC}UJqF1M?OhmPar~_S|qOTP}q%%g%*$cvKhvTF)qqq_C@UI1#
zCgg;@z4mKuU^DPKbkY5+Gm-0;*F)&7-alG&MKSaxvMuWoBSkU(p$w#-w!A5ASSdiN
zYxvg6y6JoA9+VvMocIGx%YI)~ZeNWrqMt4sIXCX~*Euqn=7W!h9LLVNDSruT<^CUA
zGR->2vi9CdyC+<i>HK6)X~j?+>~e%9wqFjgw16r6@C8?y!E6;$V<)giDr7k88mdw#
zuDC!IJLp5=7PCntHqb-?BmGG8-*bQvk?uf4ffQbDot{p4s5W8H@&10<eUNmy%YInJ
zNYu$x0s;3`68wLN;kO&2Lv&fc&<tnYVVsrGCWce>OT8%$Yw+~xDDe7dvf7Psi|g`J
zuRHO$>_T6&Q!L3QOniNr9T&<!ABiBR$62k*n)km0v&lXtyVWynhxT}pB5?sYYntvE
z2YWB-yHUsT#wIa3Rsjbz^lrro68dDH-?0~+T2!2}v=qaL7T`!!0mAW0zr$8(Rl;EZ
zxn@C7Jv*GyiNJwk@->4Z{X=x#@;QQ=Ej;ND-TT}A!RHQLa?00|30EAK&7jGB^Hk-9
zl&8|MxlI?5LL4`Uk;pw@1DXJWafnLMFL9PKEsp_M=B0!5W0W(#vB7S9tabS)PKfE|
zk{YkcT-I;|;G0B$75oTLi=(sqWLWeEB0r?U=j-=l1qB|aGbDvg8Bft?BLcG9f=%q2
z&6_k2li0LgV9k_nYj8)K*0yMDD{r|#s2|dVQK^)G8@D;ZR8*oxPnZA%;}z1|4uj4)
z+ZLiS2WYUJEf?@C4Sf1mBgN;O8ssidJR>lwq|VB^$Bo+ZOI^>;m9xVv9Uxv?RnQeB
z2$!~ts(8>Z`jh98J)GpCV8PLg-CY9EhlGS|%Lu9cT~`=rxFXT0y=TU((^a~bd(oR&
zh>Co0eKaN}jCTdWN;rUW4viB9J^Ai<=?lf0f~Mf}Wy_Wn@qNX%a&}!j9r_a1>fxkE
zELQbj!hsuhBp!q{@O57xqSXV!2|yvFJX`gzE<?RGjpw$T?O-}fu96|yLLRG=L!}~!
zuj)Qt^E2-+M2+zmdHkBjyf?aG67cAZG>-4#FzYSwx3a2aDelaAoJ|oc1ou~5cjl^{
z*HBO@FTrTtp3@~v`5zV4RJX2Gtnc5<s;zATE`FCixZj`vtLE|lM9D<$cvuh)wnU3~
zL4X=Z?G`K2&8u1+YaJs;kvOzEl)L8#+EDg2xHee1H;XUy)d*nM=`JB9A-f0`V=h9-
zamEhee5UNSv{v$P7DwIy?D_ied>i&zt;q8E`q82%8)R=jZ*-<|6Y|*+*d(gM=l!rC
z^!$qU-GK3d9uYgt&=13PfQK)eFvtF$9e}irbj+C@SVc(uyQ8$zaazPRRziBmpyPMA
zlA-6xYf(&<&OYoaQI_x-Qt*$5my2gdwk}y=r*7uF*kV3@MhfgMAxtqD>K3!E->Uuu
z>b3e9`B+LiKipk_Iw|vx??Itw&clh&KQ|LzC^emJ9_04<xTHO*cHU@c%hSod0YKWO
z(V#M#GNlK=Yw`Kf<2ahRE3299!d77h?s>+Kp|`Yo(0;~r%45rRuQ=C_kwF+55q{Su
z*iYGn+eW2Wy$h`!t;+ZEW<6{TX~dGGp$yA;8j!7dE4e5{pRPa0@KFK32qD9tgq}dW
zBzM5Wpg#^XOkLSfFfbD}hbEj(03b`J^+t{H?hxlDzBZ;hgIRVVWhA94DyUTq$~GtQ
zswz%|CyiZin*I&$W=+`Sx;x8&t-Xq`zx1qQ9wPYEysARZbvJf*(+iQsHb!6XI5pvE
z7{Z&*HpXro%K2>L>YspFSJUu8?gJ;UeV{mNDlC8^l!W~x_^TMcyN^ZC70^nW721|-
z9~=Pj4ob;-Z@HJ;#g|Y94sb$4b&f@+uQO&6E;xHd(tzbGn<&-_LA4~*ZN!b~BN9SX
z+PaWAiy{Sr*iYq@l7wQQJQ`^_N-?&+62R(6qn^j9&LL7u6{Hv^LLpHZI9bYCQ6bxa
z4K5R2S99zt%U-CYH!}#Q1|*GA^Rgyg#l>A#Qb`(8q=3RFGFVQ36KDFooMc(GlyhQN
z>O5a&2V6>;xpp2qqXUG(8zgpkJxH}S;X+7?t4l@~YomZi-e*`zzJDP6H&%W)VbsM`
z+OWz475Yry#^tdR8Sr)yyf>q2KME36?WClfJB%$G_3!pI7akDl0p+dNM`Y02jx#o+
zsH#R~7i+!P;xp4|>ZN+iB^Hyk>(9@1)5WmD&#DYAJz-TBlIT$%L<Czy+}5|t>o)Th
z+e(`)FOr6{Vc2Tu*E`^&!>{C1UwgN}J~X=2wXW*j1*vfBW5uCVWK$xOdIOSIO35_n
zq0gA{S~5nNDXy!zfD1a740I~G)rer5>fICVPB{Yx?gw&Nt2zhrPK3}e<?|M+`-XL+
zO{-{=s{T|y9s{?QGkE=BtL;GL6vx_KBVgc5gGg{duX2uib={5SCWlG0ih9)@Oc3(w
zu@r9kROVTV+^e%@$X;qMA6IP+fa>5Gl>eVv_5Tye63^)1692s!fzmTD22P~5PNV|Y
zLj4nGZn7fve5jq__95t@kn|zxdt4WE7yoaSn?jzMCPV7mHx$>A-CO+OrXUqVpve>A
zlxG)?Mz-O@^Q{y0&MvN^G4Z0uoBQ*v=7VVqeLHm*Ve+w`(%t1(=;9jB&qjA|r7Xhs
zV`<}p;Ph-SzU^!%;xL&J-~uQ2(|HB(x}G)6jK8cwttfFlyHqvf=oi=)%H>ubgzWYs
zymkjCo5U9!TG$!rOlz1PE0pKx@=ABNGH<=ebJ6IIa^q6`iQm45&-C;8i3jbX7}!wq
zKFP9}nMleIjftx4lpXs(O<eUv-#%_tEg<{ycm@`Z5|z`ED#&T_)~h*VkJJbdwh%*6
zrE;6?J#-E>6MefJ=Xp4KI*|SFV6U_qaXf~W1kQ{XILBhf=7534(ua}thouidPW@}X
z?bCJ_xpgQIb3T4X<0^r6#T`F&ql2!_a>MCMitYpSka-2#>-oO)=2RVEHfIT|V9$BK
zgS8Hv{i_u9+!<x}0c3s{%8neMb$5ziUfRan>pH|^HbYn}N`V6GVFgQOodl)Vc-5@w
zQpn}9+IAwi(Kg39a{~Ia^N6&*-PHRF_OkHAMv+X|K)EPuuG*L$UTu-t35R_$PcVx@
z{9AuMU|xGuV!bS}rDdFcbqvLew?r=emNcAH(XBxGbFTD?wJlumRn8Ki4l|ReDSyA|
zzq(m2-{nn|JOS&(qTWQ@UCu}L6fp2|Z&Krpu{s`I;yxyn-c(nF-r!E*V?%f2*uDFA
z`p<bPiV#6KYY&-TS5r}c*+6INFI5SGabf`pC(vxTuT#?n9^Arw<uXWKzV`#-zvrYJ
z6eH-K@<>_xkbBPdDV&}F6|eOeMg9Fpwk#*fF1#Ds{gFMih<KN)d^8j_6OJKFekr3o
zR4ED!{GaUp(99jG(L_qrQQ;U@DT9THrz6h!)QMu*?zlxH^iptw*p-Mgk3WT{cE8G4
zV04s9{%m+p{0U7Cq*|dcwy?(@j*VV4yiKa!P8Xw&qJB>kV6f2!46ygcao=x$=Gy0~
zFfGJ4IYMXMB=f}QW1qW_a@CaT@!}6zob{Mqe12yJp2Zw6yX0~$|J%6fea?T$V`+eH
zFv(;a-9X1DHBd{jQ;)J0a0@d<DtSYbIJJ_@YW%8Uz_aNnnj_O<w34LJjE#M=td5!+
z)P@G+xztQePW&5YvX6lqcz>f@4MeP|>-&)q20nC*`>3ZL#Ey!`$T}{UTt&7&_@kIs
zl{44eB3H-ZRH4Jvn)$VnuA<Z>E-9bD#)*eM7OB)oSU4oZ;-RG15gU*Gy5Z$2_&Crj
z>^7Z8tce4gtCCdKq?(Wz(5v!eVcf1*NAoZXLV<28gKQ84AWV2k8{Pp|W`A$M9l@BF
zP^syn4<A*MmQfRQTw1F(x}E$945JWMQkG=)lQSm&fC-0I#3YLc$z1l-r;nKTTP)_l
z_Pagifh37rn2#TdKIan5fWvysDHhQ0KDnan(TMHBYlqyT;P6|?l9?Wesv@!nC2SLe
zjJH2unxxJGM61RL=*%2ill7Ww1V)WM!cH2AYNlX<ONDQ-awC@*Dm1eu;rZ!SpjQVQ
zUfok;tUodLe~pe#f>XbvO&UEJ)2fDKl($BQ`>kg<#5D^gsrX>EDeF+2;sUKiTqB)f
zb1V(#OTK786ry#=KbR7w_w6;~v0E_+$&}$5a_Y$ea*5*uul>rhgeN3{Bt)^>z!5k=
zEFq7cj*VW=bqL!UDkxkrU@0KVPO2yrK?|@p(eN+Mtz)_yq2axn%p`c8e=v`t=aQJu
z=#s1YUF%}8GA1O#$y5WFed{Vme#0+yl+-AMGedyL6hFjBif{jY7dDl$@J!pJ+;ojn
zP|m>uOpR?NC>a=#G`kXCwc)7V$SiALHT#o<_DCSA<GnCB+!ZxbyU6(7n09VrUzNJz
zWG`+Dd|LC0!5tR*s>3IkRy@)q-9U=FbCu7OmSB9;His|N5ZWjRS9ZA&gkPp6j{S~N
z^7oz8mwcpaj9`s{vo+R7^H}V6XC~UAQME$_xHW1a)R<kIR9{O#7wPXvz{@Y!@9tWc
z#9iI=QzM&IuLjH|qc!pwZ~!Q^V1tR!u2MSdO(Qk;c=SBCGlF)g&Z=`!GA#a`AO6SY
z^0K4U)1V=4WS^+|%C;d+lm*k<<-LXXFEjafX1QQp9z@zKlbGMoma_%QjSmaluwDxw
zG!EX^Jy$pC`~0$bI^~*(a4pGd$_Ms-E`VcFE^(`WjibZ+NR4;Tv7r_R1RE<-(R_=g
zZ5As<9+TVJC3-^E#V}C-5*|Lq%G%)axzl_+*uV-0k-C~)7y*PaZG7Xmv|awaaZH>a
zlk;3sgbwx)vrFWS8$}OABEotG|Dh}ZC#z%Gi&3GSVu?1K6kp=TRd=+zMQ#|DS0$#?
zzq1gGWvQ)$M^bzRPJ16Hj;nl{ct4mp;<~rIUazNmzfka*1@0@BRSnVFDySLtZ2<X&
zSF9#UUdPmgq}Yjv^;J3z+4WVr30cdF^vv9|45zKs`r=S*Y52ubfvYUm%qbgScs9Mr
zImyo&?8`tvCHlh*6*uKGSVf1=7rL*Dt)f8If$2Q3(p@i|uS=GGAcpkI69MZE_=bhH
z77Zte#qsY29J@PmkyT;~co9MQUv6u=l*q>=++`gl{f>l2Uj2K^1W)*IGJ6f<-IX>a
z`8~4A;kGJY!Gx__{{R9e<Us@g>|=X4&aL`IrtJDH#KxxMJU2VPDM54u{Pc{>PD(wp
znjb@Wy41zkTa>SpD5&0I3gr0pXW)6)Rv4%qWt>Nk)CTiriC!6mF>SvQ@2VB?EVF{m
zVO5ipl$+vB&oaaMd-D=(=z937F+-E<gvT^|r76)g>rTUV)u$N!C>%RLnIML>=~oF9
za^ilrXKn0<e%_{2E^P*EA}B<QPP(BRnL!w~#Hkj%Or%-&(TlD^<L>3Q97xgJ2Pl_&
zqn%@WD^=5mK-8fG8wGDetg%e=m-gF7IaxsD12&dUHsD1Nh!4KQ*Gg$ywfB+J%17<h
z!;08@aGPjf{e=8f2$G!+GJ}v_gb!q7KHH&}N0JX#wHt(qbD`wbPV<$t3q<_vt2K8&
zu(X#`>=ZvCBFs9qeh3&XHKH6C284;NHKiQb90wp{_tXa8bNY{0@1Gu#K)uON-?ui7
z>#0T1_Zy?zMk_BAWLxUTS7JV)OpeS$FAr+u-kmz4Xe<;zp`-t}m+q&X{L?9q?y-Un
z@cnh%sz>|7n^Q5F`{TXNt7{rv+u<^BIf|d!%l!;~ck>U+HQ?M@tAAIZ+L5{M&^z#1
z!3^N>+}c;Mah`vz^kK38*&Nl=+u_sorTJ&L*rX=&qxTQ!G!?uf7CiA4xriA%&(0w-
zVK?>c<;o~$3)Ql-Qi3{6-wr?NKZ{AKx=+gW74#J96=8tatI>ZW;}2o(js(S!Gb7r0
zJI@Eg@%0oA-UB7(T680-y!z_Et(~F9(FLq@?h(PE2<xBFai`;-t_smVCNb#_Ce8L?
z*1+;Q6`31mK3jfXPGR%_z}3PtPVTcPFK?q|BZR|OqQd{i6*h`mn?-iC8-^pC2j$J0
zYvpiXMgSzGn(iwyTCE2%qwzVe!3G$ca#b7QuZpn6Tgi_2Y4AMnT-Pp7YEd(=_y7bh
zm-gH80vX=p`APfmXp2%l;LjI;SH#bWyTe0@T}|Ahu8wXSLKW`@h=7y1J(l;_W4m{Q
z{>?-#buhYGGQW^9?nNWAbj@2-8kvMh2#ssVdgmAtlpzpUAtAr#7PJtgZbtQ{SIL%M
zV|Y-bP&4~qo_H_jCs*d<cIhVxTL1!tg*_SsmX_blse1zpT&DZCkmJ>d1Du|TBq9)f
z>&2H^iWa74jtwL|$0B#^`q@vyghv?62Uw}KBq9ycoB`?lDPlt<B1jQX@q^k<Sa+Q&
z5{=*Bjo>F5H>h#)i_=N{=5R6`0T*F)3&y_=bB8COh9vf=f0Ne90u4$2bARuM<jE83
zIbG0UDFl3hfGln?WX#FkqI<>aUzcT4$9ON&1pFP(r$7iFOR35)1fhHFR38zWW8gC)
zyqe=KQBj%ex57C-fg-$iouDC^NO0Dp`T677Ppn2Y8cE$O&IfPEWKm+17SF<WZgfWO
zscWlQF%VWY(FhL8bFsWtQUW0AMd(u9yPe~$Q3ZnEywV2NX1w3Sxi2MM!d0TLW!P-k
zwoalkcSY|zV{!X*1u4RJn06Wp38QRA2mnj-6jiSuI5YF*f{6IjD>3d0h4Dn|q?Go^
zvZ&3+Ps%*lzrdlDpU*6nOiu*XnKX<6lpI`oPCI?%NnC6)bScd6qXkHDOCco3Ukw9O
z2+5aWFH;y+#Aa16H9Ct~F!%F&ONKX>6a`HHOLo0KQFld_qO=hiW@dtA6~D%Z{fyyX
zUJSUNK&L7O0jKiA5LXZKtNH7OiZrfYQjejIcJdoc2K*1M%f$m8H`YdIHr155fZz2<
zK_6!$W!wm=d(>8oGduuGr!*@APTbceaDXW+xZAmmG5K4uO%`Z2D+Qd&Uqe0Kym@uN
zT8TrW#$GrvX?zMK*ij2A2ieh<Z&%CISV3odfXif#<32z5mky!0>4OJ`-K;)zU%@bR
z1;vn7E%%@(J<O9|;VG#Zyp8Ix;8n2txy-=&YFZh0Q5f<_&>?_C*c>NYJjSTvE?Jp6
zUwTkbu#m*jC^24*J#|WWLTDJr!~LPjsc@sfGet0Tv(*49rGs?=>sDj3X6DS|Kw1ad
zP(eJiiB2Kp?*~Fe?uh(SSz#~?boiW!#?+Deff`9b$Q1DrHl$f%y=&5+&)tH<JV$t6
zHfA^zOMJf8=1agjOf#y^`5qCM4{_ot`PeY!bmq#35>3$J+u|7-L`X5=`IGI83xbry
za*Mg}$?v%)BH%zVTe=8x12T<O0_iliZqBcQ`GHN7YGgtSx&VLml8UuhyNL=RW||aK
zd8?&J2ZoBhEtuwOq;&pMr<5%k2!$=WB{yauf{cK(*eQU4KMuM+ly>RxM%^A6Pa1*2
zoPk=mP-mJ=c8oVuC6zX7eiB(CUBs1-Xgdn_lFdj#`<m|3f=Oh{wnx%AZHY8?g0HX-
z=8D|Vo#Y&2?;Gs~0_IZr#ymjO=yv0JOE|9qax%67WV6UN$55rPOJtRWTKI9apH*8L
zqkvs2sUC2X739v9>Y}=wepu??tUAeNwFX`KB~dXeKNOAqksAi?dO-}Vf~SH>%3x)8
z3voo#QSnC|;^{@zytv1*^^fz&?|@$2z32}(W8!B~A@AAOOy0)!bEU5QfPNJiR+BG7
z9F@y*Jl5o;82T+S=^i3~Qj<v)uiCTy`kye<J|;kD`)|sj-)c>%s*c;!moMgO^9Dje
zWBkK*5*=I1>X5-uJG@Vf+N_P#t<CG_DQgSQ)x$egMF#03l_14rbNpU;mJ5l?BmGJi
z>R(KSxK$&RrDpJHDN|)Nu>h8jd)H|*^#!;}!Sj2grINBc8zp*6fkEs0Fz@~%(_S{q
zB?JJ1ht@p7c{<G2>n=kJ(;q5V%?&Sx?T)t9GI=H0nIfdov?0+`%<bQ9QE(SPWxtQd
zU4QXhT0BXPaAQ)kI#zZM-q?zbp&KO{QYj_re-dRdBZ?=XzPgD&%7pP8(;lU0oOwjj
z&DpfEO?G#|L$@dlfn{So7$K(p8Z4iGrT_xaHe-=dc8ha2Zu{I89BxGvcOMU<te~#n
zT#l29s$iIURf9HhN~ET%LdD)LghI?S*ZIgla5fbUG8qr~v3`*=l47G^B@2LQz*-Ar
z4e=Q<OJgf6oZSW0q1?Lh9A*#hHv)2No&X96EKK}F-R#E4INPhDqKPk-K^L8PsvrOi
z1}_j=QPOA84`g1N>l|IDunihuFt6@xnlg7=;T2c?uc-Q*5Y_0u4VJte{*6uy(86W&
z798zteTtpm^dZ0+VGl3Dv)y0PJH93QOze7O9kggV!`=)XH|AP)5#Cj(D$O%uFtTI^
zFj>H9?B9oOGOAU;G`{_Iq2NX_bCH0LDgmoO14aSfAEARYVXg?fuV);Jk*bIGo*Y90
zbvYSZzIemE4v+`-cxJK-afbZTm|9rG3s$KKJ&bR8y}(wvV>KcFFW%Uvyw!Uk^~<t#
zcCQ8Tp~o4=)<eZn&Je-*mLM`QpRNvTAikNHR@3$fc1<<BC>fu!6@^UYe=-IAm~1@R
zz7p-a&$ML)?zRf6EPThwSI_r#v7PF{AU$S5zD=w{_w0qC#DU)_`|)j*gw$*b5gS$M
zmLmb0T$<N~ZM3a{R|<KTO|V3f=Ia|T<9Xy@Cw1f7nK`kHVKY+Os*?*vGX@>(-c&+H
zEIJlnydKe-@ArpA^Bb|oP4xh=A?L?J9A7Oeb4PPbr$cI7mtT)tIi1Ktf{R;W4xgcG
z(f;-&^v0A=*(<!?GJ{d@RsGC)JR~8?)n^xfa(fSysH>L+`AUE4K>Hvz3<vUd>7fYL
z5}fW;=<3pa(CGJoCjhMP1Zlm2!|{Vq;2jkWvqpV!1foE%g&BAL$S&eAURtOZ5;w0-
zEDW1<0Tf8_ZrE;!V&#*!+Ul;er!o;4Tksv<>V-GIDaA+%VYChnjr~zW2ZG>Jn?(jz
z8;Rh*pC9<jtU+Y|U$%t%Z)=#9fi+cb7WkitwU&zGKO)xnXK_63W3kfWLh<t>i16*c
zcy$6*`oN%H#HLID{7sY2iCS3*q>c^_3BHNrirO7jGxo2C``W~ZAKX2Q?YpN(M0~*K
z&C{&2O1AI!=IHlxeF4B3+(lPT55V(vVj&AuT8qy&AD}|TZJ?sL-A~vDVbxVa{RYrO
zKm(~Uuhj$myuCc%e}&a`0>z6EeU!=-*1~#MoGt_QTo`iS+A`#t|02#k)%zj5e!fn!
z@L7It+;kA|gu8XrS3MEb?7vO}+%0oR6;xB-JPM0H*>HM-#SSI!A@twch$W9nh{UO2
zbr+{cRT82ZBYI!>FMs1leXI`**8#}uf3HeP+XM@HkK36@Ss{ttTpSe&C)-w^cTjLM
zuoc3C{f<6RIrQl^^LN)UWw3<8r`+<upb()zy_7%`{c{;+eiJ;R|CbN&Ws87xI@97W
zjwa!a#c++j7?Z0A)C{-Wt$AiW0cg+CoizM~DKv2Sb&(H#Om#Cl#IF;wv<CqG6@GQU
z=t;8>3}iKx+qsLlpo2K-xO!_69_EZ3UnGx19P!VW%<7Ew$GCvn)?ZQ^;efQIZ75|0
zF;(Z_T(H&VpHOCq7@jm~B-K2*D>J0HO`JGwhwbSt<7JQAk1kzDD3iJpLsK|-Z4CxT
z0ocO8?nPMLI@);Hda=irI{n|})S3LT0|I@<!ZE3UJOmE^_gIq#<^~rMtcbf)gCQ*i
zIVs8QG5L_%ZLvP&u^vpNRgA+)nGft_#xmjYf-_oC)T)(`C`}7$`{QILpnFF_mk|Bn
zC7tj&O6yY{U(?XpjGB1Gjq0H_<um<ik=yY`l-P>;nR0g(9`j@^&jnz8>BZxtqC+b3
z(4kHL<H|oATmVfF-Y*5Ez&R~dNOe%`@n>5SQyNI5z2X*_0||?FBw~B7i$&ewJ_0_)
z=W@z0d=Qsb?cWq02(~6#N;_lF<N<v!eqDL9C2>#7Nac*D;tC^$tOqBbpCrlU8ZL}n
zPxu6hF75IqyovdaY#89W!?I#eta98%0QUIg$R8q?&W+&mb^;;~ww`sRFW{~|5Yz`o
zOv!j=cQ4mLJJ$uBxQkj!XJ9w9K?AX?FBQS*u0o)28F?SSUGq}3?|sj^Y?j9NWB-2N
zDT=?(!KNJc+N+TerVA@k=Jjr6TE~Xebr@&JJkLdDL=kG}hYE;bg|L23yOVTjNFm9}
z*56Y#w&SR0sa+tvtYcGc>7fA_>(K07FvEH7I$q6mxAX0Uv8!I@Fbs^)(j>t*CFFq-
zvMzM4-WNE&{t1{LmX!h}scMr&f<$N=XK*q=hJ}{q<pm`j;iBFPWhpWyX_1aYM&G^S
zY548b7hH%g#s!e+q$)c6GJa;1M&CsVb5eLry5ZPlDq&YhL$2)sBDT&(7co^=45tZD
zxc{D1SYvlS7qj@zn}|zF6qnHSV%`i&J+m!#lGAM<ua^`HBA4+8KE{%;D-x!?46<;f
z-}tBHbe+yas1+;@Yj&*stMhiGPFjKgvY+g?0S<aRk_J%MG<`oI#7H{#<}dA6Z`*Mi
zFbYB}bE*IdVhvH{-MgNubj08x-e_{8oCH-@ZT{)ZBfP^4k;6KcG~Yb1`TVTaf)$=;
z&S^U<k#RR8d`3~G1B%-e&KYX^GV<QA2#w>w7)J)0E{RDD`bm9LUXEc<%+Sua4@*#G
zud-&84FZ@smPbLJFHqnVer9bW*+>YdCp-BGT40L)nXY^_a=BQ<5d7@A(=n>tSLu+|
zw$l$ZmNbT8+T<0UwDfXQ84fviu^)qzZ!-c=sBd#N>KWIijaNOsK4K8VHaNu-rLbmv
zHQyi1#k&og-4R+-kkklKCMO8`^BfV&M0_X3y8_OdcFUm<f%o&A@Ux_2qWea#hw=D(
z8NWjI;g&rn9JZ`|>5CnbJUUC27M{}Xcq2Z@iv`9QO{;T`qp=$#Kl0{sk7^DWOH12J
z5tB(!$|xZ#m_mv0;*5eCepa!f8ETx68)8R9Fk1&uF<aP+XbWwXAY8Sws`?7Mz)L7m
z{s3gz?Wj2tmioKv!pPrghy^#-;x&X4_mSU492B~B>lw`&bri50?7b+0!a`%Sl+q)K
zwI*anulZa-ZO)*!c#T+G?Gns2x5V*OLL8t#qkZBZDH~GyEYZCtM(;T#UlGC*^%1B$
zfbd*tK_C*6Hu6qNkvuH4^dX9JPSlWm3IX~^!Xfy7jI|BM^)vvSFk9eXn*{(L@ZSsL
z4VnsGTC;Ebo!Ji5<nhnAorMRTx7IO9bvD4v6val3`MCOVVmCUxSfNJqFNcruWVGJx
zs;Koxswyo+*QnugW{9=0NiB4aL0mrVQH}QU0&*Zc1s&Lg<l1_bc>J<WdLmHkK7jG`
z<wmE2f-fQ-<!o_fU*CypayYxyCDQ~4=VHF~9T>aYpbo>>KRk4(B8UgTo$ac`fuhRI
z(?Tw_C3J~x)E25JHU)<md8{q332=F2G=0bo6kDYtUYS)#gb{^U6o~HXKq{Bl@J9;o
z8O<r518gfV1k&)On7D2xKCYE2=YUk3ME?~j#LOv~;$i5_xj7}?K?#&x5plR=LLC-R
zYFAd>y4xQ_ND3D6ri;j`d-}6gW=GPrx%tPM^nW6}3mIXwS%qWiX8!hXyMuQuyqb~^
zs-b{Q${3b3=LP<G{<rzDr?@Rso_u5unNp1|f&nOvdEqZCRuM*MR}EhPEFf2Oac+F!
zh$0-QM5tV<=Z8RAn5?zflN?tEC}^6F0dFXdoc5w>bFXogAjyRskugNSOfa^Jb0>Xz
ztfdRZ!;8g(7*!w4{yPq3?gDIaOnwy0oWg+Yt@>|`sHn{toyDWDQ&yOL@o+UU6HBM>
z8cLi}i+28Kw<G-7)!&5~b->>`wID^FSS(S|b1@N{xu$dJ!_6Hhuw>0uMQ~`iY8}S=
ze|9OOvSgcN^X{{~ViZ68o=BVF1?h1hR@zT7By&&Y$oPC~w1Rh3SiIke_4@fvAO+-c
z-~g74gQM#;q<5L$ZVa1SMH`IM%384L<8H18h5VgZIxdH6Cue@RnSg(!GImo}RmP)g
zlzaXGBJS1eK@GGT>M~~DK`WpF=(vn3qM_b@_&C?>#WXzRd=yigkXM~%ha;_Dth9Lh
zD9^yLM)m7QUSvhaR}w-yhf#JZe$z`{YZzB0wFUi6t^5Zb!|JaCKj=*-^Ur6|8w~Jr
z1<CU46UK;y0c(E~!U5i%;C%wgLZO@rHV4#A5kj=`Wlg6(N@1!-?BLY{?E|JyE-f&u
zspWsW%*5eo>pUcNJ>BO;aSE>Rdk;@A8}wPs1G#qYfp?b%0c!iX4HJH#RstM9OD6y>
zba%(S13bO8zf`Q=1@LAqe@4GKg6zcw?P1TsVvg?V_<Vwd_WphNYW@AP<6E+T?)fN9
zbUnZPhg<z+MH<Idg(RiX(8{vx?B}V><OaU+ME#esyfj2)sShE#2?LlaOIEs-K*Qby
ztohiVLK>nZi1%JpNiH1uBw7iRQb^C<U~=nFht`^p0+}hwe3rGWh%3Q#RdV9iL1M4J
z2U^OY87q?*dJ3?)Kv8^qB0OFHrPi03Gc|5jlW{J3y@>;<+-76uwv-T$^=eR}f<fUR
zv4ZG=hf3xiI({3^tNI5)xU_+0EyxuZm^sYWR|(N&!>EN)IRLcd8(q$91GUA^jLo}N
z4#|wz{@Ij;2zj#&B>mrj4!(@>XZgPpEgKk<)b1f*D7gPNqS@G4Q<FCS#p1~r>Q?ye
zS+yrlem7wW5*6TRkdAj`0xmL8<A2!pAqY4w{;vC5F%*&rMTv@>ql1H&r=>t5iif*m
zWK8z2`}^EP`yaTmM4hAaSAfswp<F3owDRETV-|n&G&K1}fhr}E!{__)=`@uaIExqX
z{tZ)?^Q>Y`r5y~XcdDXS40!JCU1@w)dq%(6UpeTdeC@ZTP(RG(C+78dyggKF%sECk
zbrbk|+6=AcKywY%?pE~EcS=o*XKSW;&Z>(jb@73{8jq-{z0Wd=vyk;C^M<5c%_BMS
z18D-lbTbHxNEu-sZ$T=I<aUo)I+a&?>6~;^nrfaMQn3Z9IZobU1kgiW^cN%uG2C4+
zbdEoJ7}YH!Dh>J^pm{`B^EQqqT*av%?)vyA?c&SH#oukd8lq18puPsftPclK6KV;D
zh`n*6DG=?d7(}&vMD&Vy$RSZqRExR8pN$}vWUG^_Jx?I34S0jC=&ORLJ+<j)V@9T2
zzPd#bD5|f=6I?e=02FD`XaT>gzLhjujxoC|QEt3OHf8w)aI6menr`}dQAi9SW70hG
z<e5E+zEnJ$EkH$-8BWVC?}DTV!(q}WZ3JtR{m#!*O8UX_mDc!&jzuo&OTHSRdHqmL
z16A6%ek0v%vZ=N<F}IV|eF7WbS>v$KWMdcEb?ql!ZwUiS2H-1OsYu1+`OXjj1%>ou
z?5DkB77|rHL$Z)ydY#~)rZgi0$M6l5yf9D}GBi_z7Vv_xN>nuA?-D`u!kJ9#M2N3w
zTxYl<#Y;bm6;By}+c?$6{>`ReFgr%p7`@b}u@eq_!z|FFxT9$x)TrQ!NUOIjTbvbz
z9FIa-XY7es1UUO<%70CCKzfMIQ%4X6o^_w`W1YwwaTru?G`@qW<#W#v0YQdh3?rYG
zRJu^wu+)ws#L%pC$(uctc4a@6M+u%{y^mRpc`VG(>akRuR4%hLCsMpo(oAp3u*PBP
z8`ZRjYyE_xcM9WIXXg?PQQR{`h3!u9e@!XCnS>n71`ttqk0}qP<Y6wN!Uu+JCL%GU
zpH^=@JWb;KCDpK<;mgV1D%=s8JdYD^-ChQ<YH(_3A}@DsJ2(8Mq}69hARd~_Pi5&w
zR^dpdUl4h7qc;Z=7^lsD86kRR;<6DG4P%wh{%}F?XQgM>FOM3I8+|}d3H^tE+kOMc
zHZMdH0{GEVOfVv{!sH_!_8EoA9<enBn##IA_@JErNH-P%Gqq6~7?I29yWu`a-CMZ`
z0NZ6a0<|1hxocIl>CugWi14G>GG;87<0z2{!|l81(?f3sS|>Q{S0{u|;jlsonPhRc
zS`vj;8vjLbg#n^sN&T!pG+jaEnQ9JwF-ZO40R;AC8#S0IP^eKcylv4z#ZJbk+K0PW
z$4=B)pnOE|T)D(UJVn4=`N*Sfnt<wA!U40rimsKb?{{PNeEJq<_NQpf@G9RMZ)uQh
zYJWWt3y$Wi-Pcu*-%YZf*5yCdWb*`E3{ol{$eCHZEv6nNo-sRyVC0whjH`5F4GyOp
z0#veD4K6z4LfR#c+G;%vC$HQo^mbO(AddEb1&KurG|X%{Z>`X*LpX+MSFj~)$~*;0
zk^*VnI6Vz2qlSc-I3S!|gHgfAoTM#JNRoQ1ur4%|2_p!G{d8(qQsP^dVP`}H@ravx
zjcJV_Yn3Vn32(Yu1B{;W^yjMA>{qa60K)DFn+GLVX!kMnR7u+=A>vTSS^;h<BBP>z
zEGio+rq}|{<1!m+NL^9VRxL~NM00P5qMJNl6R$gRu7?+DF6%B8!CSi~su|M>+f6#8
zWgPFIKD~Onm36o8OQGG*jvjH&Yc4*6<h<BkZ%Ik(+ZD$wj*@|Pb$%D-<V=aQ01gN!
zX~>S+2O8T0S0-9w8qO)WgdA4{@`m%lU6CBM!dRdk32azv*Q%3rj?}f-#te7AQi2fL
z)MD-K@^$X5(yc0dZXD9Vs7Wn#VXs?y$~~X#(W0+ZKubnd!lTj`BR$f*;%MLuELumc
z+wlP(NVHR53ii*fz20Gq8rms~06Q|Ht;YS2+R|RPH?hh2zN^$(?uqH_6YWL5F&>wP
ze#Uo>Xf`nYOS}iZ+0^!az!7d#@1pV7biG_YR9b1IZQ`YEk+&VbQYG)kH`^SM*^7L1
z-n7W`b6Ha9!n{%ZILYsJ_p_#|KTw&q?PVZa!4q3S(S0e7d}wM4taC$gfS<<l3lPW&
z_WY>dSIL3qhn86Cd;p7XD5R%9T&koiU))Z5dJXc^ooRN;E7VpK=(M%eq3LfLz1wx=
zRxYf86JuE=D!jR4B#3fm8lZ+!$DZlHF@^Ca<Ae8Mw^-WJf6u}X<jMjYIheuMVojD3
zUrH?Jgn@{!_YyfUl83z!09-_7#T;ml(Y0JK+a;S?kDFuiI>UDbDQL4akJFab*9k7A
zvF`%a^Ylg)4KG_L?z#Ew5MIYbD3>_77HIG%Vmq+v8YNr}NX=Jd^jUL(sFW*lS{{{3
zElp^cBn$I_5#Q*Q$$@Cuwb@&phTZoaFpo!K^VxRl#8g=x@km+@fZ*98dV6J=rVdQV
zp6xNU#?-nS!$W%E=rU_q`=>`)a)n3VH^oC8TjV-qagSdEpy%3NcgPpV>;$lZp8vQ7
z*-D`7x577Rnk7>M=I&$n-b_okL7c23nF~?=&WzIiN$Fk@&20qLp%fi(=niG#2WIAt
z3y_l~I}=R=2?j6h049}P3yY)C1K8-#C@IIRT&!!$F}DY2Vl5UbQj{p0Va0+j*kPxp
zxE47HZnJ`vrcQ@WpFSKr54uq?-CappEfGmHt$<o!O~=@e#CuMwe78^=+{U+fKkev?
zti3E2oIiIS<Eekl*+2tyQQ288oVUp;Kgc@mdy|4)3z^u30UhNGW(7>7+KyUz3J}#=
z4=D{mc1Mrt*vvC3T`(fir%8uhZGUQ=3pQH%cK6Oiwvn!nJZrZALlp9(1n*`+eGE<Z
zn>RLSVo<!7{qwC_c{ke#*TUDQGR~h25}WK_>Uh3GQ{|iss$^A3IgNv|GBRW86-Q@3
zA&rQ|XnRN$00|30<iE~Eo5P1!n}Hu{J%|PzQ_q4{vjNh2#jT5-Kfa(7`pLVBuMCl?
zwawk!-@vCzq}DAF|A-v~pbKt@#WpCg@@Ke2ZF6PP4<8mBkCYQs{NnlA_U4mSRpt@6
zE3UR42)<Z;Pt=J-1TX@e;fx~?=a?Uz3)Gk@uWq?(fZgXUKz;8f5u`hDup^{XF>4J>
z2<C(!Kw;F*ebGkh>Tv+Y_TboFmF6Y>!JqmLv@E?&YcETy7!1Q^%?O+aZeCpQ@|V}t
zjPx2#zpyiFe0{T&N%m)SRNylut0a5J^wIB?Xt|W&y#1}z+{wFeW&>5-og1@Cm-Gy&
zv#gtCK-JRr8S_v1#N!Dt?fUhM5PQR)Vp$$TyiU0@as6x(agO$ACPx$|>4V=j;s!|$
zKgFF3PA%eE)U^H=3#tTgzfK!Q0I7R-yRK)!I-w$ZPv!*(Dq3}xIQciN72|yJ-`}^0
zYgZepe`mW`wM?R<9U8=y)Oz7e!*NyEudbkc091m=Y?ZcfX3bh&{9BpmBj2MtrGAmR
z>bvY61NjmI(u1=p>u>63bCwu0K>h5;6&v<3@oT5APKe?7dZGuU9C*~I{qX|TcPskp
znON?b>4as3|I}3s;q<wUG~UCz-bbG>hYRmT2@W+Vry!pjzod3aOM}kNSQyLk8l=el
z0Bjuu8}8OnNWj0xmf5V$3^3ro2}Elr9_dn9bQQKK0EK-0$O}{u7eJ^Jo=tD+6^uoD
zW-Oi~)jr>{&NLsJQGS>Ge?4!p=Z_?g1bj}1+<Dqh?O8YnUSvlhb+;pii%FeM*xK)b
zCnkpxkzN%CA{jiKeKWuA1v;@S#jvjAm8B?i%k5-MP@`EhmI*4mt>r#6tRMluSRP<1
z-9UA$V>4J>!Y_8~`(bz*5+Aje3vf8=B;9sFcSS6_#hmQ037*8oFSYAL1{$k=@p`+x
z(_v6a45d1p0ONu&(bIFJ#-9KS0yLx||FHe1p8AGcSJ<kl54ZTj9=Ayf%0bO>3{HqM
zru%YRT9lx?oY1kEC`6F%@7k+eF{-AQymUYvtA_x<1OMbIkKrvlJk>+s^LF`U+C?9o
z?ZrE34OF|Uz}&xzvE#$<^(`w*8g13%(;b>r(LK8MWc*7$fG*4PUG^pqDBYy|o!nj#
z*<g>v`Hu-J?!hC0r{@QJ;~8Lvh-><w@lWi-iOGgy>YapoiuvOCKrZm>_%Pd>YcgKR
zm+-<qGB%;kIl6YnnWwmw+iOz0Ntohqj<*SC$vv-Z9y$|?Y~V{Cumi-oLXF{f!2a>D
zu78{~NF~7g<K^z%^^HCP5D9xzMNbQH=!mRHp5L6PJIeH@Iz`bupXBWA<wHCPO(}^b
z{BdbWeZy)cR0CxWlgd-VsDS=-rUM+#lZ>9O;2I*jdS3qgN;j|u?R$dbCxcjc+_|32
zQbvw>V`9cU3S@#m`BsW<?@`PwbV5=Uj1;JN{-}q&BOs@{v#(zpum@2hho!Muq8c~&
zA$1J>)JjQVV$>s=3gHdxIEkD<fvN!e*H6O%BM^(1%{9q*s5EI&BZsb}V|Xy#RGb6$
zL|R(bMF9S_1hoaU#s^V40Gn%B$*BUvp=yYc@n<)x9Sf+1q{GWu!z@2e3fAfjQdyjO
z9jNPQ6ynzO=8~cafQ>W;BN`+gXStD&UEG284N2U1jEO~3bWofar`<10yPI`5y=q($
zR*-8%R_B|Vv$s~DvYWta69zA)T&;`8EDu^Gp0<P0KLygD3N!r&M(;5Mn`;oJ&o{gK
zfWQH0rr=iM^jgx)=j@SnCQDf_FS?Z6C<lzx|GVEPl=A`~kl<SUrcbfD`Oe{mAVZ?6
z9@#%HKu&`G$)gdkK)giSO0giSKtQbnjRV`mU~gl<ifD}2XN}0jk_bbBzaR<u+HJ2{
zG%q?xfV}IbAme_qCj)6Yh({6Sk$NGS<AX}$R69Rcu!J5|PXjMkjBwskAVC1JCil#O
zo6X-1N-9|iC^qY-h5QXPTX22P{VwkxioVum(|o_UUZs`o2xb#qZCU+0_WA~emhje?
zHtb{inDLm<3cMZe(T3Kdwq@HmYdb*iO17T?wGFBd%yt3V7Wr6~>`j~s&TUPD<5=c(
zvNWkV9~={#_;EEYJnwo7?N!F1Kj&H=w=N;(rp)*b5auf-g3bRLfT=$YT7WcIV7qq{
zR;N77#<^?khmbGA->W|EXX32WZ*O&nw>EL2(6}f1C5&(jTiS6<SrG{LTw6sVUDn6!
zd7KOsT9<CwP!P~;1I(Vb)vEIGp3y^2fgBY((QX_7t=4Q#sG@`1)8HCZ4dtY;rD1HS
zA^A-Y7(eM411nY7FxH#az*0$2=qVbX&N|&5>NlQgsaEqK`7q~f4VKf)H-r7Wl2jug
zL0Xl6>6Br@Byfsi`<5nwT5zH<UJ&~IcZ<)56RJ!`4};S8by@&d4rF4l)aY(5vG|cM
zX4mbvB2iU)nd@v546V4SNWP8{GP!z_so<YSfD@v03Vs@0dG@w$*(vY#YK4&Yl%n;z
zgW^h#<Lc5f%V6M;kVpizqG6h%d8}apoBxFf4yc|Fms8uS$i!qahrP^YTT0N3t&?T7
zdg`8GutI#)D2Z!C&<^6?U!Bl*7ogf`pyW!)K4BaW1oR6fAPqJY@!Yx){a}gSo5V&l
zfOSbuihE1D!3~K)FPWTBFomiKx~fuxYR|H$`GmU$C$@I3(Zk=FW#j%#kg|7Zd*Rqd
zPVf#47&0l&Q^%wi8ag7)CC)}*H!i)ZqGkvM$!J=fV3ZtxHC!|M6(j)8z&)EDmD0mB
zc+P)=-^Ua>hf1q}^s5>50<vM0#Jo9b0LokD>uU^>py7)7uo&|T@+34P1fd|Zy0s>q
z$*x+CPMm4S%5jh^=m%NN!yn)dw)pn6DZ%l7Ns!<Vl)DD!N3ipQsP%-xAwomYZO#D?
zQa#kSMAF37xN%D3qb3eh3M2Nf#z9EIjEAgbB-f8yRy_sgv!c=RV_mJWLZy4HfYE)T
z-(e%=I*muXVl$RyVtCE9U`<C}?R$cd5CwBLO8fyANI6y?mM1NHMw*)ae)|~2wV!QL
z0&)8qEmEd~*zwkjRYe>0HS_<&);mX68oXViot)U{*tTukPRF)8)`@MMq+{E**|F_T
z(y^WN&F`D}=FXkDf7E){Dn9R1YgMhP+Rxs>!fVY{FEc0)M_M_?M@<Zh(^&gARKXp2
zZ}u&<)7!(XVSm2Zilc*KPQV=CJy@oG4q}1{m;ul48Ny5x*Wq=7S)vt+-SqIA-@s?`
zxgDm*`3J&M2_C}^4;aVB&OQ3wvj66eP}O&Lx<2dLJu-NxrL9hxUP4@pq;3wJB}|M<
zDK&j3LnF8jJ{6p^P#BNV3$}Wh?lI5Db5Q>-;BT|1DHQ&r!sk;zKwm+!&Td7)C2FIX
zZyX3?yUK_owneS7W^9LdKnO1!)y;so0NyXx_+x&Y&)IgXsca{Fej38QSM7?`l4ib_
z?s)RMZg8O6KTwt~uotjRy^{{i8RL3W?-`$UaAsq8k<?J+{i0Nc%dw;ThZYe)e<<qU
zC5nsaQpu|#=)tWgH)8eJgWSBWAnCZeZO1k}ti94)Y3x`#=i1&<)+(CyAnkx#swG6O
zQ!czQ$GxsVn;C0MngXqxoAEk$;~18jn(?14{5w6z|0FPA;o;!<&t;yYi47ba3mf<U
z%;x83k~ep-bhRR8VdF`zcg6x;2?1bRH6FkesBzi;`>v0LnU$OM|833A400p_P=O8z
zz#}pKt1DGFLBap6oTW985WETuoShZKL=65&#r!pzDjbu#qlSaEsiT=WF$+7(e`WoD
zTCssh9>CC(`z5gdhY{|f;7HIo?Efva%EHC<zuUm^KWrF^0S|*_{|_~;DjcXQ4S?Nh
z9Se^AH8j_MhGqoS$AK$Sv;W5n|AztpdEWm&%;x?t1Hk^5AK*$!7QhK{*#FxNT%7Ej
z|L<RN{7)|!-+-rKu>Z%Q|KIL7SXvQo!Lz|YvLxULARc0Ha?six_y8Zr|LqNq|JxfJ
z|IPOMzs(TGfBOaw^n4GF4)pv!+U%HZV4-HqY3<F9Yvj#t)u`E27mOPi!n}$mx{Avz
z9gIm%&mL^??I4{PpNexpn|mY<oyqBEd(RL&0ybV3B)(%iR>TcvCJMC4!G(7q`7U{Y
z&XxL93<|`X|IXXCVQukc&7Ul_QpIfEhe{io`NoD==_1gzxcv`87~r3DI1JG-W6{3t
z2HJviy`$Q`dl}KT&UG<4&_9zM1xr{|UYNNn{q^ROk3h&}Eto_}6xLTWDcwA`Q-_*}
zg#Bo0Q#)wPss)D?bk-7tyF$J+DF?99ziyLUCZ9%Hbrjb-Ql&jI(lWS5AbR9YH18at
zLDNspNxH4TKlWGh*+BK^mvC4axX_@zvA4rtBBCX-O@fOHn4|zD#Xeub(<YqX-+(8f
z4|#=NaaiKn+eYjZGUFD}OBPBpZe!EzS{*(^V=9EhnR|HI8L8RHJ_-i@BF3mM|1Qyx
zqr=B_oCTZ{IL^J+DCEh@%{WMc4d*tCOWhB4cm5gL7#k@$i2x~iq<Zi*Z&<y;`IQO|
zr}h>T5Zhhv`xF%u8xJ3@lA><;nZqfR5?aS>4>PXv4#sMY0(`$Q-rxD97noxla?^|Y
z5so&bnxX53aO_fS^i9}|=Gn2qXeDw$LXFETI>7VDwDcjks3P1kRy_y!#PUzp9>*n!
zmEApTQqtp*UjdT`l@T<^<sXwq(*u}WTCLl}U7rk-pvU7GQ=|Brv4$T2!$X|U3|?tn
zWAt@#_lZX&C2ZG-b|XB0!2#qW_bZXIeu%v>K4}L~mxGhtW;EMi++mBE&(>P5$Ic98
zZUNGlVu*r4?L|bz=ZiTDEy=@XSWko*N}sZX==i)@8o>A5$W%Th`t{Chp<p1{TgD{=
zxpg0_CnKeNtAVxx{s7CVSa7ZN*=&u}nBm;(RiIpUyHjAVv;Sb%Yr9+XiXoTfV{@a8
zg{Ib2x&e<ubvm#4ZBZopNIagdU`bn99kCD<AKlL;rol5Ax#k}XM~CFeb9pO~;4@(3
zS_QLu7{EVl7`kqKT7TddzaP?RSQD_p-B$W8O{q}iiQiC|z1Y}jCo-XE{7SXL>;WH)
z$}FT+Z7~!nAE90%k*%Xm9yePLQHmtY*i(BP3~G-}-)0{?)+#V;ymzB#FsqkmwdgW9
zG}2MAPpz<esEF&SuvkQOr^+aKD{0MuyB&8>LjzJKGh<BMgu07Os~f>GmfGw)#9=2{
zH?A&J2-`L}IG8RWw62^njpbr+yjj%IvSvrdoR&yE$QRAaXi(v$ZoNRiU2Z#4$o;x2
z(loT)Eg7LE65bZ<si?i0E@NQ&b(V=b)%~E3``E?s>nc+PW2#Wqas|1W?M*cq1%s_x
zuo!rS-+%es^LcukB-|zbCBrIZ#X6x7FX~qaGPty9ax*k+Rw}==y@Wp}I@jM<tLo|5
zN?OFK5dE3lA^E)?c>NN4Y4x!6S=QVRpnN^hudT@?P{`=4W0^45q$2>M@85yT_2}BL
z#VaU(tFZ~P5IM*T?KZFpi+$5*fMA>3ZU@HJcZsI8J)tyH&k+6jWj)m|9&0LC{a0ZT
zp`Po_$<A`d_B<Lcqfy6C!|EnB(CP~9zQ)|u$alHyMYnZj#j=$KJ?cG1Q>5CW*_~E}
z1wJ-JZxCnJky<V{)qHYi#K5q#K9D|BKVw&nMO`tqwu0xgvw{o}lG^IzS64b2J3CNv
z2`60{aD!U8uCEt@A83JJH;rS*Tqx0_%)X?>!``7@T`}zy8$&UTsgO-bF~#6qW2J(T
zsU@pnco&lnr=I5MaPYIp_4@FVb@;=ThKB4DCq+9a&LB-=X=Qbt@PWNk*Lk~{F4n<O
z{ow%S%`ev8|J2<oe>2(P2;cvR4iOmJc>H29qd&_nSR-8(6ot-OS%Y$5>pD7=2arU}
zfGSS>dFM~wWD=+v3v2kt%vbUu1FEaq%1Kj}pw*>e9>yUlPm-gcT~=cwhMQo@kW#(q
zlD(UfL_w;N+R{6A<LqgqCde15GSzc%%s5Z7T1MSCeE<&ddVG(oDQ=%3nGH0szHfec
z??IxdSmv1TQMqHL8;$L^BP6N}`|UCq6KX+fP^D;A#!|TCb-6bZJ8kxoZ#RXp)QGku
zo7>OjV?cy)84XWf_EJTi&sY`L+Wvz+4}CqnUaNjT#R9#<v9)4;e3K;+?q<s7;%>?|
zYqE?br^;<dcB3JAjkz<wffz_6ru)Z%Xp_UE70zQyclH^dv3)`xG1iBBw}eaU)gykS
zW90a|sJiCFoT`pA8{Cw#%tJa0v-i_aT9WQ6O(RJ9odzNpIyUl&fTr_f6Z2(lu^&|=
zsZQEtLpF;L%>m|N+CP}+OjjI46-s`IFXiECM9Lj)b_QZz^d}uVr?LaVy>x=ioUSBm
zyfwRsygl$VJYov4Xcp7MJf?aV@82O~mE<7SR?+b)im*E5bfA$q8R;}+>D*E_-U<As
z{CU?RV#I=bQ6P8J@hNxI)y1hK6na`FtdeSz(zIr8qqN)O($3~2M4-&BhU;si!5;!b
zV-2#BWM6^pZ&ij1iMK#g<-d*ossR%OBJ8R`ZHZLg`zpz9Sz|xD=7?{>F*WdMcug7y
zLttA}b^oUCf3Ka&G`U;<5`f1d{542~x{_;1m1gJ!XUM!OPKoGGaXJJ&#!+OzkTf=i
ziql|Fnk<DvBBV62tIt?GF62@qx2vGwUuiIhb@pP?U2%NxEf@+^Pr+o+NtBwu&bDks
zw_89`Tz0B*md5CsI60qGQLab<VTiitD;sdGSHdXPqxeRVxqauBx+zfPE9kEMkl@Qg
zCX>2sBbu<R*?Bs#uU=Y<Aiu~1_@zB2`W_=UH=>Iw;jb?VViJ1ZJ@;!xiP|$M_Vm!R
zH5yGICaysv*#m(zK6?s$BO3AJlbIN8$&XVU&xjti+=Mp|<ZfnB<QYkb<3YrH$@Qbn
z{>jruvp*uLmzB&^QO`oF*=HnW%U|q@i_bme>(di89PUy<abFX|>)WE<-eiVvQhU+*
zVKz8}TPPJLUvsVaw{E9B@NKV_<6;HSTbXUYoe|jbM;f@bt0fxfBv6lz1zWL@O<Ad+
zD7){K8R=2_Tjs%k&9-?-+l)E7LEg0^#k+S}cJk-PS(Q<7ulV+9SRUT5P35yNQZD)e
zta54^ou&xd$(S6?#U@V`gKdlwEVhU#Sy{Pr&TvpUy-Py=f)9LP=VO&Sp}b}9v-|FP
zs{WH@FblBC-nKm>{37g9{W=IhuG}QHeuWtSx#3;<2<`8&V=wfIdNGr|9xK|*4C0Oi
z$!n&vn-E#EQznudhLLqIJ9=nOVJ2s4*?jOCAiWqtzCtfGfE$Vt;@rX09seGicpOK%
zpKP$ZqIOD&lhE%!{XNT5)*<?@e#OUMBX7Yv7YEo!c^X;*&qS~kmkU#Eu=Qcd2+01U
z{kuQ~*#>M6=)Y}esQDQ7nD36+VGw)Ci*k2{+te*pM!{1gRXu;!RepJICOWU?CVI)S
zZANv4&$03kkBhxCu(eIVVVb;cOOej;*O}5%yu~HMiaub@Ht!i%xi+xCcJ`4@^PU+L
z{{n>5>4pv8<9p9}bi{x48(+O`s5%#|=|bS6=6g7Ks){~&3X;Nme;!&{1A5S3=r6gM
zj&j9sdA>gXHjH~OZEEXoe&`52Gtd=4rxd!qFL`6DRimmjSHqY1xx(asQVxA7Q=6s9
z+isO5;J2Bz<Sf*Q{6P;Z(5?N&a7kW3rU+cKDu2MM_O+=d3Lk`>Qq-;|Jv#9k1c$h+
z?wZu<f(vY*&lMHWL%m%1EVBlz%P0pxljRY;U#E#QxMN&zQeWh*`y|AptA+4iggk;k
z9yU*ccWB0fy<nybWZ0QWDj*3P8tJ4ht7ETzJM!^y$v}^Zr0j!p1^+m*0xR3w1z?%E
z)I$qT{wi!#@+)`6k0d9D$BxM!&NqmPHZ10*wJwSvGL2F$(I1RP7FEnxT(a@jqiw-h
z{XK<5%QjCoSk1Y87p)I2(}7Gw52Hx-UP7kC6TNQIwn)Ri#Y9AWPEym!HqGBW{0jnX
z!wMB4G{nUbH^jB6L>plUQ5B<|)PW(vRb5&!Q==I7ry?t55s+~#!^LIVLTy8X$G^)I
zC=Z_R_n*xYRU7oGv9q(QSNJB=d~;g4pKn?9k*0kJZZi3%^a61{=FVAuO7`2eQcXQ<
zRM(KIs-F>EP}~N(lrcbCWTWAho(Lz+rxUH4mf$*+c%IYZ>4KdEpSZtHmIF@`xc{24
zOinh+l*!Fy@^Jnw5#_P-B=>$l!CK+e6Z&07-~seH8OwEvPF1PN$_i5Xy)NIO@i`@T
zdS{_np(n`k5E<?+&SSjUP|S8V7617L6soP((JuB;ww#A0u)lJaRJ>l2?{RRS>d06e
zS!60<?k!V`ju=m=!h&G=(F9EIPbfN&FmY`8;vQCqzt<r)3k=3wwFoqUr^bxHX%GL^
zR#cEO)dD+ck%^^^e*->ZT^sw)a~I1U;p+rMTthIBB9+P1LtoQ-{XXMxAU9K6cp%_O
z=rOEzLIclViv(Vukqp^AZH8voMMA-$!HJ6y=Z~{I=G2G~ZB~|Qj0R+!VQn*)PTR|6
z^`#jMXYHaHtUWw7yClKk9Is;(5!4N%N#RsFO6V|E4l}*QV)c*?1DSb>hDn*N5)UGq
zX)9V|P2j5@kMAat$b`YO`Z5eU<HU_!<CFbsN5G@G(8<uH9;BD$lR1){_}1psMf??e
znDV0EbP>y{MaMO+hXc9>2be<N6s)RS>#%@y001huZJ_FH>V-J}4G$<90Ki3~Yu|vn
zq~7p^ZjGOwff^DfA_KJo0K#meU&jNX*+(0X0S4u0A=@SoLC-%A$b$UWuWy@pz{SV&
zFur`Sqkemx+LpKP*Xz5bxwar$2!H~~43XdcUUf4=dpk$+_JL!kCp2)QR%_EE{sHG8
z<kw4Y2`C)`APN;IhwXVc1=@uGNRzaFt*!sKoebs#6Mx~w`)RMFBK%Eza4Z$2{ACc-
z72L}Tl7R$B0UdX*l%a4gNu_8o<55=(^|soM!@A$YR$oJnKno~mV`de<tc9s%=&h&C
ze6n{E>@XOH>NyaXi~Hx;S5u)Btd&zR<I4_RtRz<$hG-FD75<<h?bSU*^GkQhjA`J}
zje1+AxYZm|y=h^sKgFK@P&ay+zkLQG`DV|GSxE@Y1Em>8p4lr69GQ!XJFCjeeY1s@
zXn!CK1)^KCW%AFtMie`%W{*U&A3{-JV8EgXvI`sFiG_V<p!^<FZT6l8+E}s49p=co
zK0Kv*`l-O|vJw`E_3{fZ_=V=*UOU76<z8TWB!_hPL6SJ>X>-9`1g!Lcv&c$nl7v|D
z4rvW~D=?}{;v5V5W;nXRG)*EzT_vUXM}hRW5K5uzq18hwcMhDWWDyxCsPXXr8~&)#
z8w1pztnw69XKtPcPf+=L`+S=jV06IXw$GHu6B_#kny_41l~ErRDS>(?Z#QO~h#?%O
zq?;f`b{HrD$L7BjHRHK<C=@cIeG5u<DD@(hh`^&YqYlIgy98^%8dMhIr$w+Dr{@Y(
z?b_}Sy!TGT%f@~JPHpR8cRcphyr{YOmcT)%AVl8jwcTWh!39p@4ZCZ#kw6CedXa2I
zT6^UIZWD&A`hKaHJq^6``hIsjyO#b7*jI17$+~`RNk{X0%M8h0rP+V;P`Y*j0@}mg
zD8NFg*ao`<8$dR0Q~z@>rMACma5txC%wP1vQ9^Y#lTJh@lG1q<hefE3^v(1ir)Z*T
z8F^Y6DGc(m5vY?9G~w@G0d6&V0kce*J&wg4G4~Up)qjC|5yrnr-yk})Xrsc5A*Qp9
zGMT};bD!qjreVCr!wm#=wR_xm8=E7Xd4O$^WPk_Wg$Sv=&seY7d;#gFrvW6ddj%bw
zP2dWJyo0%aZqS)-jYR2!+=)?~I;s}8%8*}O@wnrz+oJ(=2>$GOfC;oGKFW$CHX0Ep
z1<4XZ4>vg0!I!}C_T!r71*mN87g*gMuCIX)I_0J}^uG!HUc>TyIK%fnrS&$B8(@0`
z_OBe{rb-Qd{T3&KH6_Y#PZm(MrYK*CP|CpedfJq}eX3sgXv2no80o$MGqtzbN7NKJ
z1HC(`1eyw}Z0YgW6jYjVacmA%rK%*eX52yl%ABI`5A5mv#!N;c*BksE*OWA+P-mE|
z-(h=a>Wz6%ycThM_t6ZMxw^Av%RoUHzNhK(#+4oKe_MN~n*y~}FRm91$TQnSFxrM6
zTXR^tEnDrhi)<H-+VndS@l?iNQUv9{()D5Zn-UVzAJ7Tbq(NX8Q>$M$v>v2!)fI7+
zGEjvw-?|kKJq;G|l84M98NXR3?U}LKDTJ*bK0j8NXj93ei*QE1rmraE`U3w-AaZ$m
zkV(_Lo~zlNDV~IPHtDvJGRpXTPeXV&-Sv<+taLA&4ZPr^PE%wp#-8Hr+={8!c3+oI
z`@Z=Y>E^%h-v=w?EV>HIps3fGt^79xjVi`nv;y5#@wpORk$0~Q-Txq@TXFRg!mMoz
z7PZB`+Vb99am*!X3pNNnEeGf}Af@QJ0b9!&X2@$CjehAgKugucm){S|rVYS}gz9k{
z=v4IFf>n`xUoajzU7}Wr7f{U0oS%wm;vr#g`66i6i4kK!s(&P-uT>lfQmZ<Lq~h;)
z9rz_vRX7B@iL*R~%{a*5NPuo>?)EB&TJSfDo0Z<3{lm8IZ~OjhoHTHOJw!EH7S$O6
z5opI~X$ETi*x}9-{<Uw-{1rZalya<8Q$4nfOZ;?`MN?zFK`dw6w#RcZa=3%rfXf$3
zs-X9IT*730Jy24(kuJ1|J|GnRX++MpXs1{Tz3T==GG2552>})ac`qK1w5OcBYlVg{
zALJ&3!l&KdR7jv2r-;RLt%`l(wm2A&Hj~Lt0D6LIJ(vX|Zi4XP0eq~Vj)Qz~+=XS?
zoWz6}zZmiP3ka@s<{G`tXJDr*vzN9V_0Kz(T28PAeAbgrR4&9WHb9Z^0B#__3g0tk
zV{Gf?08Bwos4hpB>-uom!{h>onUj97p1GgjEy2HJ2?rJDr*Be|M34b&nzR7g3b9Br
zggKg-j1fpUVYdn*SN6IEBEZS5vq@{;yLbw1g;s)GG4+%jDY81og(itGRZ(`+;IBsH
z24z11b%vNHpO{Sow?vRS>^4{`NCW|33XBf7fY8sxGUSvBQz#i8wA?JtK1oF(p!%(z
zMZf9HP*EMa38FtxP}>QhH{S2-1-)}VdFZj>LC2wdNaB0Mpqx^%Dn5O$gv`$}W5uN)
z8K&u&cW@U;hM&;eb?^W21yJwLWL!N9ie*I6E7WJxt7bG_gT(4O3&PT?TZ8myL-^)(
zs>eJC>6HT0;|gLz1Yp8JGr|~5vm4i*>4TII0TM8{yclg}`z08lEJOev7!#-s5kT~P
zE-V^`oAL48`QY2rTtK(T8}Tg-=<KTmi~$6X1Q1|(yqvzvwavBQSe)u*Ve|Ri?7(Ym
z2Q`N`O>O!B@&wBS^0xj>Ku2e81ONOnjn@4P0C^z+n7&krMZd{2e=vOh@eq7J6y4IL
zUWs&xpA~?aR2G5;4I=>*1?Aiwt}9RpP4pZz1uy9jyaH26H;`jc*az%JGDZ&zW~sE7
zL^b31gC%zrvG)|n?%4#QWAm^Bv6-rS6{2fED#!o>0LDKTPy;f626(^0wc~?T)VIfF
zBtRb!isE(fC*$|>=fV9B)PaxhR$<%d4CzyOboP%BPlOy5&2Hlq5-PsnQary(w(QbO
zKjh0tr9XY0JWf(b?1z0t_}n=Fro%q5NIMlIryP7@9w%1lxFcb9=$0d4M<n*f4w6hx
z#73T2dJK%|d1EPvNT3q<j+f%Dd=}<V#RI3oy5PT~e6`?)@QzQF8oa0IrFg*-zxwVT
zwIV7QzPGSkV&8|s%cp;~MvT>~-cNmu-WFy0O!UHho-%~6W#|j6@|5v?mKzsc;Y?#5
zy7(E*{-uL9<JAvxn9y@G4?Dz7@RbmPV$`VIDo!w2!khWvQ9x-~%wfUfR3rgL-FF<}
z-zJ7CawCd?&Vt!Y!HqvInoP}2N4@HM%fXeL;rQD2aSi_chH?6#bE@g?yjjo>iu?S$
z)`FKPgrUrK-)`u5o1qe|{0jDVZ}nJj&b-QSy2E1zM+msv#n@q>(SOo=zq2&F0lv;)
zH9<F5GbNA^`2lk-QfoARE=-lv1Z`)Lo;ueSq0b?^$#7;ij_3ZeK~I`xN>+`M3S@;t
zD<!>g9JJPYwHRM@{=>~+Cx#R?&3l;pV-K0qny>9K;qh*ziC|p-B~ZfYNby4cGx{vf
z-)TSluX*je@viT)yEc6E9wm(J)AG)y-_7rZ_0ZKP{Cr?)cH(lmgnRU`&8+T&;+kZY
zcX;q|^67gQN7(sH9ij+*Y`}Zd&s83EepgMsp0n=B<W);(-3r2%#$>9CpYGU@jDX&d
zY~H1x(Q7{z<@Sv)j{XqbI4TUtE;2;MsBJ;WLlw@Yq!b-PlKcSg?k7bH<c>=EJ0vL-
z?{_AQMO_aZb){~{hrUf+kK|~QXd{4Y=G#5K7D8NSy}2IFc2d@5p2fiHb!#)&3gK2R
zId-w=-WE0s&N^Z*Y+Qc1XgHij|J}mAngwM!Py7q2-jy0rvGjxK*rks@uHcV)DOcsD
z<;cx%+SdMH=#7;EoTkPk?oXN~1n>gjg5Y*@V5T$B8E80qlpzGu{WE<7L&yiqA?o0%
zyy7e7;xQ$0<hyCuj3T-CHRgE5-QufPwmd$|yZ;M2PS|dDsItGc!`Sq^U5OTczna7g
zk7!bz({=F<fe+bxE+oE`#=EEaOw=WEaI4PpVHeyQH*yk5W4kr7T~}Vy_V9~)chi-G
z{T&?;_Pyqg6~9%Fz!jyGW9^*1a~>jDa5y6=djL<~x&$BHk-eCkz6-~ARx)hfqSFXX
z%pGP_kuBvBLQDw{=R`-kA0yNsracX*V>bmJ=>y&(8jKT}40j-$i5XRk-6=w5XAB#w
z;g&S)e#CG56h)1)&H(=iaWsNOJyJSFO<x(<k1O8B1p&UoqEWBs+`lly;XBh|LM>bS
zyb^j-;j=`CO8izK(|c(gYOif&sX{P_AB1A4`YvY}6@IC1Uw{|G#@5u@oJn!PZ`VbQ
zrS%ON?-@^0@xAb|)f}sL@1pMYZVih_YV~O;3naKtHP=WK*A*805@}Sh!<eV~5wik3
zgCxa9Wf$n01(#5U7de4e*%wJ=vk^uiGN8V1WWshkCkqShkH}ZT(OxnO(FvnKk#;3+
z;Wi4<M>xJ`O;AbP<rx<Yg}@O*@XAX;j}Z)uj?xBDo4?~o#;Ue7U@jxt3XS|sU>VY>
zF>0uaVOxG*7T;j0v%rCJstGfxsd@v(v5-sLzXxPHBL71t!;QK2NBsW!1ipzQy&_0Z
zH($$H|D4SGEC?F!!C1@v!`wIb4~n{?4(z~Pl%^=?3h$y&?`HFbeBe{-n}<C7#lLr-
zWb<2|Y4kU~hn?xuG1>RP`(3XK?@bkgxC>`=AVl2P@n!wN?Dab7cZ~@FiPR7fZ;brX
zc^_?{Nbxy+Gx7@80bKG=yiE2p)LOt_fBH=Mg$~%@V>fhZ!2H|(AGa~bBPmj%TN7`<
zeCj;cvSZ(C#`AWBBipuSV1l>g6I3PJ3D@2wseH-40M^xm_VG{$l%Ko-z#e|5Dcj$-
z*3>+{@O*UKmYNIWEkU9s!NVBH`kunJJM*xKbP4bW>s44Ku`((4?DSN(oSm8zsCpYo
zu+TPnF5bf{oYuDQ*uF<!AWBwE7EExLhE5JW+&@&BQk&|nk7>1Qc_05}Vc*(gwPE4d
z6uz%XM``Yguqv%BgW4X6^2yr+wnC}H2iFm9=QEg)9jMI=?aUb1G`wKJFGH1m(-h$M
ztisQL#`f}qznYBZP-x#;pgr|Gz7&xhLw4Vqj77|i-#$puDxx%b4Cb;p{~t5WVchV-
zcv05M=z>Mkw34KPlUhJK)eGLfHE|&XW6n{8i1NO5P6{l~O_Q)oNG7Nb6F>y~u9Vr<
zD#4JWNP2)MbzmL28PZv)&6`2b)-tkSp=$BI6*FC&oj9$#p_95SOrF;SA!h5%3vw4v
z$x72JF7lMGXJy0ITVE=XM}7<m5(t#Gtm~X*|B!7!D<+g!gdlyHsJcuW;K`O-H))#a
z6830gU0vd3*qmS9T3;^wPOSx8G)UB-en7MrFxF94)z;I~c8Lr^`>q^hET3)s^)BWO
zUTyyyAizb}|M=TY#d|%?J&ep=KzntqdXgzit85XH)P4(<Vs@*79f4)JrPZUQseT}>
zB}e*OWN;$VqUYK~&a{)QCA>X@9`|CRF=hsqweC`h9#(|-`au8XgfKR6Lv*U-!IcsD
zh^~^4SC=<sDX?yS9rIFeJvLQtnHqFQt&P{$<LUvel|QCo|5E1Rqomtb*yvM^R^krZ
z`rz6!DnXqXCmizV>!n*%+DI|G)C@K1;05yov};s-8RI&;4A76q8fg-4Y${Ypo&J-b
zvrAiIAktP`T3wB|0ow$GN^^C0lT?<J%A=YM8WD|lYYE9<nT3+2p4C@wZlJ=p5u<R-
z;yFemslZ?}<6dp9V3;iH+*sEcbS2iQkJcXxLG*wO=31y}g7#7FUY3^XXZG6&-a<7)
zqzzowJZHnDU2SmTAs}sXBG1>$E2fHY%dZiJD5gioau+AfkCXsPRBF{SA`D3tLqZp$
zP+<8P>YFK)F$jJaP@lN1;o-jBa$VGH$S=-L=dz7c#S?u~FLaU3A~uxqJW3y6xuKkm
z$<CK<W8PfTz&`(>qpm9uKG_%1^!*BEyVaz~h5~LIY!aGzNi>LDd^v$oaw)JFZoGe9
z&lhB5hacQ3YC#IrKsoD7FznZ$inu3vL||?gnOA^|j9l{VZ9<b@8f`8!-h4^_75dIV
zZH#ow(7(Rtg29UXbBkP_mSrb2Yk_$yNPR24qzR6u@9oX2w^tJ<$q!Hni>#88r#bwr
z7ExX~E-g)so#gb8#`}YAaUWGvjKeVQiqM5E4N~UqX<Y&+(!t3YWn5)#+OA2NI*}9q
z{SI4$;GifivTnHpM`KV!r)n5;Be6F$)+(qWbi5=7H5q@%RcdqO_n0hajd4+tZ)8ts
z{U0DfV&&Tyf5{f@@{wCr*3n>94cgtFXRiro=E%Bk9FI-(QW>m$Yj81OGN(Ew^Hs+q
z>nE&t?rk^lg4%go*jKOPhAN_og@H!Ne{=id9LM6q-4qY51pO1u;^W-xfKv}X^ap+4
zIT7C7A8kD2CI;>8P$Ap>I|rV1s^!z9=SiKZBkNJ+oy6_Te#yrq29xc1!Y8%R)G%fO
zvks~%tv<<+)18r~g7R;fPjU%`(aq=!g~2c40kKv<UEdHg`HhfNorCTI+%Rn!uyT`a
zVM`y~%_J_9l=Pn(ku0`|Ph-rPbd~8_jN_LU>n#lpy9wqr8d_b&+VP#*>>XZK>gySx
z;i{F1A`IVfzl{ug(i_cS`9jV2$k?Bgg+XJTNwGS1n8Uu@w@hj9%x_Q!z9d!o_QS3}
zrY$6Z(083E84+a-FwKQRp_6Z6GpT9M@-#7LdiTI7sRuX~c%)nm0kIBxDT3pnW8bG)
zJzXBVWlBjCLdhH+dfAZuPc?$pESFFSUagv#4AZ)97Oi{IquA{9cxJzW$+XZaWV!kt
zOx<*`e;BD3UJc`KhqNnAFUlg{C=*_oIX-KE5E#xa&?S2t!B;Xx-ziOAJbg_C*5YOw
zJ%2`2m-b;-;RI(%JTs2)`yGoh;)qY{(f2~#@o4A7UY&ai!rx^)PsbelCG?-L?Z5C>
zjdGO(qWYp&e`3Md5a1I8002e=0lSdOOu|>~Q^zgY2mf43Hq~4$&Twk}vVYHZ;3eP(
zc0b%lF6@_<exIQ#E%6lO&A52E8>h)ZR};+oS4#8ldux0Xz8T&(!}Kc+qVU9!WLK?U
zcQ})XAEs~-e<k8n=r)+p1^<&+{;})r5oU(Z(bDVJ&ieauf2-$fl*#^~?*3<guu|_I
z+#j)5-HsVal?-npnhZ|6D?bPyLN~3KfT!>{YfEqal@<bg!(xwOPD1B9mbVFh!jCj>
zi+)pYqHp4_>s?nTJ#247A9-ct9MZ4ycWj$2mT`iE`DRP+@=5LM4W-t|t(m#!`8J)>
zklW3kcSS_G0TZ2zSyh`hGc^VJ7@aMbX!M=JTjpt%<7)Y(-nsiqf^J7Nmyx5tfdcU>
z=3Y4fuA-|9c@9}1CVemXZzNCDtOQZY18(j`qGg50F92)HF=`jlNaquYXC3co<AY_V
z|A>IH{$;)0josemM%JH~zui9w<$6nnR(orDdkwpeFX@#oDC;&6Pq$>!Y<@${KwVM^
zwS4KtAecJV_GIgZ+Sd;81$kg!0XI?F#QMT_?O^<gUfGA-Li&h;K7uV5n@QNecCwKL
zef@oz@TQlV`KFgwRsSBOQHp@BDFuogN?#@e<%9Ne-i=15euf;#B~yMHipLkyxEkew
z8RT1|J-TNd!Lizd;S#UB>EGkEn#ZvdeNwVI4^t09Wjoq4Gt~rp<%1g<z)aoWFSdNP
z?H@*3@D*$VjTQPizietPDcxU*maHJKRSt5PK-@<geXKh=CK)qe-t;*4=g=F3t*C~Y
z&EIwi<wA?c8>UIM=_S&1<Ywm`d5m$IPUz~+n?jM%$|z>(f??i_?=Hi<yu2Ep&Y;gM
zr5@bi3!Svse-ipt{KOJ>1A0h|zeB>~c>p#K{@s))6uBIJ(bIK}SlvngJGY{vRR47{
z9O8E9kfHuMnCN6?Ztx!D6w(9Z7s`T)v_P9DAx2)sjUOjYN<M-%4WG>aIt1581<NK{
zls}}d`HppxJbR?g)<->vDm#>}HBa?>PL(!7e^u18%!`ueQT9z}9x&yX{zW&Bf%Csm
zbIjZ<?Ef2R?Z04iZ5aOrFZ)06YMdZ`VgMI#pBW|W$_tLDGo1EjNJa-%qClA(X{$Qz
z5)fi$M8=?KHW1ia`wz!MYaMXX$aZ(PCVxBS-}!Wq)EizdbZw$oNCa+Js(Z4A|HA(|
znS?XqFGKfo$+VUAr~b*Qm(h3aZJ|lW{AK3(yd$L3OB;D1vDf@1p4kceV~ziP9e*GA
z>Xdmb<ZIlUPHL;mc1?5C<#zXUIneGZa2fvWsdpJ)|HrU@)Xze!p`~J831E0!b3FUP
zW?5NaHD%Lk%l0@3oY5;}7*+e%317cBGG9<O!O05Cg`@|!g0cG7AFL*&xCfJR&9TWJ
z+J9aiT<Gi*s!OwF7t8nwZrjQNuzd>bIqb6WL)@kjl4=QM#kaeaidFc0*3W!TbX?lm
zqu2Z(z^{7Mx^6waA~*by8&?4);XgR$^quZV``sD_FZHGwJa{k}Jvi>loEq+RK>%s#
zr$tW<2f`P7L#WDuq5ndYdKW8!-H@ekAo&N6fxn-7@?S}8oXF#=nw)<JBXC^(AKEeL
z0~J99y8t%R<iC~GU!Rzw_&>a4%rsew3y*uR=J=;hl4hv5>(?y*Gufb1J#hH{fiN^7
z1?=H+vM>{KaBvd;=lh?;&BjK|_LW$<K*%KE82lXnHyrY-_Wy-n{Qtp-a{MoBBrK4X
znT47A3&8o))y3S{9?mmssng5zy9Oq=x8qjDsozeLtF+bvIaos}EH<R7Fxns?Odvaq
zOmZj$3Bf!V1S&YKoHk?%Dhi4Um<lh9m@;R-GlU2M$l1S;tZf<`{D70z^^b>xn<ZGb
z*UnSV)6AKo#@0uc&*RU^g+=aGTx*~T8>w_v)`g?fzx$U=n0$B`<DY-JDDz8l9z<VQ
zMJMGr5ZNpo1-y5jVCwNuRPl3IY(=Je2Y^3<6F7<TW8T+ofJ>Q{;U%Q5GqT!+Kn8X@
z_^ac5f85h<8%r*M>!dpX!`GC(URgrYendl>B8UQ77hdiD0T6B1{y^l5pab(57vC(k
z-bSaV!o1N%e?cM!8ZAJikdvsp20wDKYjWvryo*7K4#vVb!{;Log8aWh9a(3S(2vrk
z&^Aj}F5tybHV)e~@|l<%WZej$=>>I`mTH-(x?BnRsi`i^v#~Zdbbq+KBDc{!UHU*F
z;bu`G;qcP;=3Q?W?2$>v;Q|FL>~7j_D9~l86lw4B|K<9&!EZv|qi6-#m5KK3JQ`m~
zYO)jMKUOv^`+r59sislNB!Bh}iQ;(SOH$4HH^Fzq7E2ZC)6JRO)ARamT&tbndxKSr
zjLva3VLrUo{w54|!yGT3Dtqr0`+7(ECJ^xWZ8O}sTWgMeGYGaqSOI87V*^+nwxjdW
z#0{<46+5BV%!hV{yMx%hhImbXga3kSU~Wb{7QF5Gf4|(Y0^BjIk0D4tOg0vMs}3U2
zWG>8mq3<IMe%z(8!nM*SFbd35_u0^qF@w+vBn+9~ycF1M(5;qU_!Kbef~$s>Kb^&A
zhm4JPCo&P1o7LG5+5&ck#Esck@*Um2Ndtansf6W<$M<`%`&KGr7(}@jbgNc35!eqx
zwtcft@VEO%r89=XT$tGMf&0{{yOZzD4yPa$dh*3({!8VZk$A8=<k2xBQ+j4SQOBF8
z4f7*`W(@lhcK%-Y4Y6F5Hjo8sd0OB%!TxjsWLcKs#4;(}TN;qw`ASaCD4r--uM6B&
zY`<HL@@+zvDkX+Ui{E|nM1@QWfvKalju^N)OJcIUD+0J`=X<IF`}o<w$~M2C>O)0E
z@pyah+G$cnStwGwP^KXZIa43fPptv77Zrpe^IbmFUny|ZFeQ!l`_ST1X)&fJ9Gz&8
zAxwX;!tHmAaRneDP`V67ROb5H!?p${lDXk1F44rSXq5*IFEr4K7;+C)6zfhv6fcLr
z24TYXPC$_4K30#A0klTmUJx9$fyic7McpDQQs!h}FDC-I8==c_YMf)dblRl8Sg|au
z0w`8?R1%}R6u|xsS>n;ZRgIu}O0B(W9oS2&&R<hSyaW8}{x+`~9)6$W+YXPI3_`dW
z6ovDW$&V|D(}b@sFV$Uc!kN2|`fi_EIsr8N5%Fy708e9O{R5S?IONsyR?H969|yo!
zi&X4=3olCJx|Ddpw-<8`9x0|*Fh|z(9$>_m<5;u3y&vCl9XUdT!Vs2jOv2wYsUS2h
zn&&1bmk*Spwkx-~X>I0GdV-NulB?9*m{<OGC^>9iC$9TOSDBqZz|oUXUx2xD5$(|J
z^gfngzM0a1lB`X=_?i#-dCPy<ndP8%oWB2WIW~Y^7(cIWLt(tGLqU8YAI*kP3$q;F
zs^bm?jZM{;q$KDu>++;Nbw1}PE@%2L2I20-SQ4-y4JDJiYeMbYcf$*04khTnzhrO@
zSi<gwc(-ye8)e3(uE$Lw`)oWlvQhSv0;HKM-yjn3c#DUrweE!^33s@`gp<bU550|W
zIurv-^GIL0YB`}WQ37TqXi!Dcl`+xo@`+yy@#(ClCIfIj;f%EPdnPB9!%9ia9uO`L
z86|*~c{N4yIcV9K4M_0$Q4=Rs%94RqTB0Iy68;d79ch+&Yb=NMy_@SwPCe(4Vwb;5
zgD(b!Cz9ZFCMs-1Yv3#~PV{4yk6gpWiJVrCX(}I8>H%;M?dK_>gH*pKLK+e&auN?H
zL0cFS<ntmRQ*`)C?Gd%37<vFWwkjoU=$DA6j4$&n45BE>cYZPG0f8cE^#OB;px@Q%
zPT@%3C+g7MVxZVX{X&9H-%q%8dhJ!>q8923;+8yhLfyhJc(w#R4wKU+gj-P{5!g~v
z$|MN%jY{&wU~hS<q#X*HV)8|qQoJez1eK~$(4v2zY*Txg(Mm;<EbvcM!nQ7Tpuz*k
zLN;f&RPu)qFiN;P(Yah}^{%Qgx8?-83U#eiyd~3`W`_mlAW@A3`9sQJqCGOQ8W{56
zF2FYEutkc^LmjL!Bq}DGJr*SR2P<{>Da-+X=8TjGT^Nh%CauT`d5o=eXwzHrs|mYY
z^eQ8?(&QQWEJD&9|AaJ%Ay|ZIAUpt@AA@=tOu@Mk+f(zan-Vo4bn@w9!=qFQulOlR
z7wMlGT!Qs#?FOYC)ZCkl)z?PE*JDtHWmt((S!M?%y@%rF=$mNB?5A8Z->oH5%nE*?
zrxwUAvht3sMOiP9Sb0I3sAEVn+14ZR=^8J4wzng4wN{8*nu)W;ppaqL&|d(-^?BRR
z%^8BMZwbC3789X>(shhD+fu>vqu?e;4ejMZ<7x340Jgix;dPeGb>nQ<D0|H$&86N}
z(g!%Q8+TSd21VJW7jP&lcB9PQIG%?11M1)<DeWQ@p>02>F%P&>)C8Gn8AfX7zqM2B
zK7d$Ph@+MBAXI*nL5hf%?^^*;a-3NX3dUo8{!}nX=Av7$b;*p_I5ZGVFGiC$uL+%+
zv>TTNK(jXqj4>V=NOddIrbl<1D8wWvXjfMw|8~*)^`lsw^4CGOwW66M&xgLBy<cz-
zy*`otEY<yA(}RNpQ#*GRX~u?V3#r5{hl9rEF3uA%+Co`%j7nN{e7|#`YN$GwdY0_4
z<1X_ksvy)KuWlSQ1*a()77|DK94<17VF-K5pAKOl&N;dcSf(xL?u?%bNKEhM<|cHt
zbzUysiD0m+#<Gf*F0T(n2?xz03W;&a3a}8m*71Y~{!N0|jnR&J4r!EFm+>3Ttj1Sr
zgF>HbcXY=K1`S*@f^`qTo_pQ=nDIL-CeufRGM#2)HiM?Okkh}V538WIXA;QI(uR28
zpQh1VEqdJ&PrF>7Bl=MGddE3G`1JeDIRh;Js7j<K0$!FCvImu^(An?RpovuocXF3P
z1a?JvW7xm;r+<~p^(eJ0(iV&q=pT8iB>imam8x4wB<hun*nWfo%@fi8m|My#hzQ3`
z>r#=C0qY)eWX9`k9b0Hd3rBNuV#ci=Ej9=Y@&Z7u8C6}yhDoJVj*aso!7Oa1SE0|G
z3t4aeCJhGOyRn6}hUs^{xGD`y*F<f(o}NphSM<QY^P=Td=GNz9&d)h)Y!)Wq1t&wl
zc!2}n_WwRwx1aZcbhp#CKt4C?-~Icyg)Yyr25FS_VrwRc!i27%RkHpf^$L>&xChxL
zo@hVHOch&YUL245c=L1WhGc$E*Gni)fG$gi52epJXY%MG(^_WVYF99rIa}nu<CDdc
zWw<QzyY@uA)N^q9pVf1F<ZkDq)KFx{A3g6kQdq14gU1`d6h3kysmCYF?o<}HKl5&X
zqh}1?o)?gJxRuaR`JsB{Fxe1^|9-9iA`Ve=bUg?$Ea0NQSHI!%IN%Wun(cddTom~D
zG=0$Oj>QGaGa$ucsFCO|-$ZFgOXQPHKVz$(M@OpQ#kQE_&XrLP_sG4w<yarF%vAo>
zWGk7#4;fYgI><wX?nPW`ALVpag2gdTXDD!PCTq3f@ZbOCU~3t^knX;n)cAW$r`3~+
z268-3FYtWN-RZr+%WgSA%?g>)4%VMPo-f9J-|nY!MxE+24C`XWyp9#YDF|i-A1))_
z<NQ%=S3d)nr7VK`3zQ97Q79!{ZBsy1^<eJXyFe}gnz1ETbnF&nhrfIzOtTeT?l4_i
z#?|;9j<sCtsJav|fqwBl?pIn4;C#b#(Q3hUK}W<Tf9$hK4MNc@S0zD&e-SEFHigv0
z<z`+-MJUMY{M$TkTf*;T3Q4@jVO$HB96LWEg+w$$)XRi8>UeNfA_sOkz#vqZ%sQa^
z?MOKR*sbA0nN7z#MJrIKg{Oeqyl&Qbra?Ph#z|bWD%C8rOlqUT>tUY;rp6#Uou4%}
zxEg&C2j&E=J7+8IuKK#VlwnbRWnGn3a1#8Mn{s)ZokVG^d3~2=QIE4X3_?GRd^y6?
zQk=NuQ28ZJ81iwZtTdOmY$d#wD4Nezh6;ZTG{3kg>5yz3Ocq~5`Zd8^@=>ak<L^JS
zmR$P8X7Lw~=HIEtJ8fAGEK#?!2Cn3a)K6i|QI}*DdRoi}q|(HNGJBh$eD2bQ>W?t&
zN;ZsP?g<f6oMKh2%LS_xdQ-+Hmb8;2Hr_*&V%O3R9O;}fA8*oR)ON_|Albn26R2@^
zVEfO_^OM@omuOcEx_USzq#ot>%brqa>(3F_zox!_=ct@f;``K$j-|c?su})X?J2#%
zwRvLgdLuZwff<_c9iog5mF;IyW+EQWTCA+4j9qWIL?|@q912gJUKg>AH<-&!u<WfZ
zU@`gaORJ+m3pMV}HlA<o-E3fmxU=-@0+}Su>WyvAAdi$#JDczh>$B*-c{Szvn`B|)
zco_tK=cKcwe{#mJRmYw1lO4!ZG4Q~+2#dlH?i9h?TB|C^#WO>TQGR*v6`=h1_}=4$
zn7p965kG&xl&~CbP>U?5*B@?Kbj^iVPX9fae)1v#GC^vf0WPGBK4B*bQgZLFBajm(
z!>o2o{z%a0_5RG~smK5I++l?FL#*TJwD$%UMyu(0sMk@t(Co)5f=?!_&w^TX<-)CY
zY;%Y)f+Qr-J<WIVDO;9-UBCWr$?giS2EJ2HvU=gTjiJVztaAeZF@2ptXgsB?R+{5T
zl>dzJKT~r466?E$iOfR6Wb-#D6yUvS7I@17Nd@e;W0Y-9$o=TCUkxAMV!NFoOQngx
zFD%De^1hV^f`^(kq%GXUs1Bn{8h3-$>u{c^xj<FRW#%JV{iw#Y^&|w;G(;&rxc_{K
zQ>0aqJT#)-P+wJeBtYU~MgF{LYZ95?zjDsG$DP&{!`#+sk3)cuFM8hrX9a3QyqZAw
zvP(>IQjlNk#Et}dUdu1H<<)LRB`#T+FAmvI(54EWuvyhdS~VNBZ;B8_Ud(3RTB{Y_
zf)$t3v}V%td`m>+zLjhWuUA<y*HZSW7**NPxZi@-qNwT$ypu&b?0P@^tP<;A_{aTv
zI7mi_^K!pWp?f`!OnyEXd=2#TOuWxH3%IY%RGaAa@)@i#zLWaA95A4rX%qF%N*5`$
z$^y}huwdW8r5*erG!bxr`%ckn4=3pqXi{8M<jVFF^%Ts9-eLC;<L{iGHbpiW)I??G
z?+mH|HolAB{22yICOP9)hZs@VMN7OU3EO3s2(+N6IcIO%_8GJJ#t7idp+pXGPx{Vq
z`19{~#GDnh9IbNcb|v#jSptexd>b#6Vm)#7$##88<wszQ?zasw1ts2xkmpM*(Ip=j
z4?#wPB>%J?6BDQLr0z(iDbKwh7DR3LXO)C_q}Baw&aew#vIH4-b>e_E^ME&}YaiSQ
zQSWF?wpvKe(V+^2VL@POVgQix5r#{xLt-$`BRl7*McDLt%JK6i_gbi@*WF|(d4tn#
zweBZD^0z#uJ%e2wd~VHG(EWoH(fgl|C&5p)*$dqSH@v=<e8B<@WKK!rM!tJYc(!dz
z78?Zqwoblt{D8~*W|_P@q${J5%nKuXL=B~0=T)3HQAY}p{tZyt%O25d;P#>t?ROUT
zgS)w$n3#SXjmgHclwUR6y=~sfd;pY6@!`FZovbfzQHZiCY?Nf*CYo+I;t9Dh=t9Qz
zE8<U0E*F7??M|udMAPscpL)T=v8UZ(i#Mt6vU{QQPq3bA%n0VU1-SWRBb?~rie+sM
z&Q1+`wQt!!AP<2N>cQs4?E)Q*0W4a=!X!f`N|ss9=MhnhAMi?iq|n%#kk)$w3|PhC
zgE$0WP<{Ms{=x5)3g6Zrv9c35m^CZ=FPW`LYMSWsdsjz|Ma#y-dUj(k8{|a5T;f(l
zr!sZj=>T?J=W>ddy>DRnNl|hizjN1~HZQjh`*`uG{JMdRo9yoDGa7#@IobHge73*&
z5W?`HBCB7bLeJ$28W=C>`jDTvQYQ1Bu+cc-N1ZuXlDX`JiY_iAjR2qy@V(BW%+>@~
zi5=%mLpNGT&a%b$R+`wkYL=RR)Mme2uV1xvbuUbH33)v3EHm&3(p>k6{gi+E=gIs1
z{WMTuBg_$)^0QfDPW$U(99;or;lQN%C}MH+iFwFKEQT&@Za5-LTZ`V5tiIl87eRzb
zn^PBLe#UC!j3uJfsZAMfoV~sWb#YQc6G=>UzM9+ncKK#o_HpbOSF`o8X`1PNu}Pn*
zZ=928kkqm#%MYeBoLp>KbnK)gzn*wse;<0!wtNMAezDB6X4@4+bGnK?iWE!o0b4H@
zKtuc9Rj9@ErJG{Yux7>?$Pwn0kv=uFRT#d3$nH)TL3@IZf%hGudrKL`$+g}kU4W_~
z8|KeXKEy{y@>uruL`3)6Lojz37Z+kG`F<XDzE=zn;!rcG?br92i?JJ7COhqR`w4g8
z)O{rIY*gs=`dwk2Z24c-%kD&+hHl*ch!$fOkHf3^O;92ml-*2qx5v?YDA-4|rGcNn
zKXncVL6AT$7!NMQr*f!dBu+XM5rWbp?qu2<f+s!Ws8Q^l(>HX6{(@>H)R8RFzzILN
z0XJkNBhy%YYl!Ak^@e_?^=nlNrRN^CLlJjiuGu!~XAs@0;vWzC*$zyr>?p~IZm*is
zZmBNJd{4g7lH#YuktFT>ft5ljdO7t!f~a;pgLgxu$xXUr>2H-op${<Piu^Pm>4&ag
z!l(-T<&ap!8)o>h^tyC@PmSzGL-o(ICD}7b8823!3zZ{JAD7X{jHQI}Yu5?)8q+C2
zNXSa8v}3A+k(O3xh5h;VXk7T;m$&J!NDS3PH~W>DVwYj3$k1_<Xp=cHfd^-Q{dEH3
z$oip%iEFVfp^?X!J65@yVQ(#M{`IY|@c>%JElyTOh|xsb3dh#VI_C}uSM5!2k>z@g
zKAUHva;`F+*bCh)FndIiHh+C{Cwbflf@R;bC}tY)X>=>Lz;XsGQjUH_$hyW%LJ92g
z#AaAUkWy-vM`&;#L>Sbn42_IXV?Z@p)EucG76#fSdxJCimi+3v$KlyMxm}1;3>F!r
zL6*@(LB7$MZ21Jx8$@r-IWhwvZ-0kAw2%Aj@OoQS@U1oMH=75El`kcoqI{kJ-%qc5
ziOKzSUahZdK0RyM%N;Za4sRpt<=fBM%C@T^gqG0F^Js4_*~RR#eq?0P!#G1FWtd+I
zOj~l=9w62SuFBP~m~NQzAg;zfd-~KfZI?X+6iXZs+iBWd+(s(Mf+hmh=c`>|Ez}j!
z3Ljg@LbxcAPG(t{X%lpH{vWp9DLBw3V6cvD+Y{TiZQHi>#Gcrkcw$a$8<UA`+upaf
z{_n4?+P&+$zUYgt#yRIQ`WN68S}!^qbZj9t+J1jslRa=RrkioO629HW+hk){^XAQK
zcyrX=v)ij_PXxGb6@eKE&l^|UX*1vVp?lMgZrwXOi)O(-`~K08Wg;5gZuRI&uwbPd
zO{gpKbF}%^ebVt<dE7KbhTaB0eT3TDIkjjwO;V+PvPqRhgQg)n<py%12$bE0?1J;e
z-Q2kZ^kw49D7mSU`=y@5%PcMpoxdmy+jp|)BY38WjbCr9?lYY9oAz!ok-OBjkjC{9
z7J$76hL^0I^ng!91sd<Aa;NU^N2$7A#9NLeBCGhZ+dm|DumcFDC$B?KH1vo~YL2nG
z))-O;C`gp!{rHl{|IyzKx#tHlxBMfC4)xNdf6uf_MPV%=O3-a4Ofoh%)vYK{bXG(i
zWY`I~m7t{S_Jdnzc7y+(8_PKcwg&K3#lDE+*=<6)Vno^wLlCOobPdN;&%8jvOJWt5
z4*WH?X~}K5p*6L!6Jmgy2_uXBK{=v*5!-<7(J))8U8IdXq6dT_)$d5!I;xg=Mx+06
zb?eA+6h;g=|Lt=M^B0QyVJBsdb;|$yz3R67=k&d&{o2F7YLBv%j@LS-mqJ1oSd{8V
z{x%(<(yPY=p>A%smX<vlVk|PhAo>^wC|?@oWNS^3ZX9W)-=M)$i91o_my*8}7fj5)
zoK<O!-y7Z?6-|L>hYW{{d*KAb3+dFbk*EO7u1T;SoVd_%s}#S^W>3>=&^^p$lu>JG
z{oGAy8Ibk#*+|D(ra%WPi_5|YO%PJKD@d|s3oAb`LVfOF6Ti><%T^)R>t_CD$n$b7
zIiVW-$Nu&?KbKAp<f-q%gPzyfYT^X979#zQH4c{x_&s1{g_IoZM^3(<d-Nacq4Z!0
zPpxYfx5G@<<b8?zSo8S-bR;x^v}ChZg<S-~(=7*7bBc5Fq^awe+;@q_n6Y+}IScBO
ze8hH}biCQqM_#_^D1jyIsO@S=Le=#scm()YqvMdiLvv(rGo=H0VI*=VAuRv%q30A_
z$a^#((*h{>kJReA+Zjx#^EaQ2fs|J|l{-CenbLLm4!Gb-b{Y$CieS<ge7-FQc)!b|
z2<F&AdPtyoQ<*4fw59Dh@EFR&nSBvQ;8|)1cg)5HW%;$D?NYU)fAc}X3wqcRb$cMY
zS-2X%LM+6lP}fojeWbX2m&eWf2j%$~f7DFt_XE=&_~}V8Muw#i6`*hb##nNH9??tk
z_%`vW`%3@PHl=w+opd^+r*>7}pO%D3E|ZoYS(5&KJ+*Q+v40WL_EF?z>Tcg3x8f8V
za93W7v%8_-NBTQzRr(pn;4kr}*#Xzy(gnQKV;g@XjU_gv!sU&RiK^OLc+f6gDOah-
z|7WA;9OPcocBGIjo~b3%G+-iJ5;^&aDVv3X!LV959_>d}=EeP=S!>B`HE)$Lv|-qe
zi!T?)f3=fbvixBz`}^vh$`W5ebYdVB(yWR94^=%Td^s^MQ<^hmt0Mo0%A|=u8GXPT
zY`%Pi#9aYW7iM2OT0>m~X(GsNuIf1190QQfae|pS&wMC2_CiH>D{V|Ti;9(XT8MsV
z^sp#Op~~gcRO~||-jl>8y+=vp3u4o!Y`Vy>8(U>K`uDqED6G{EzGcVDa45FaLcgD>
zu2CvkDAE7ry_T(<%EG6y(3J)H)SVV#OQ((%eV|f1(qJ+Zw5q|<p7}Tn{7CKS+!9cP
zS7F@aM*kzAg3&2@&*PPwnANFhPnuC=rRG{4BhxF0f@t|nMOE^1S#fvv`}MO*X%|sQ
z=317^dFqWStLw&2zuzvBxEBRGFj&8f;?be(;~Mhi3erE#y8h%yJ6v_#42vyJcNiTN
zvlveN?suj!BtA<lYfiZ@pL{V7*E;aehM1<iYwCQo^d;7t$gyJ#BYZuRjFKQQrXozD
z477UH*od9oOruiW7Sd8Dgq?qsCCs{+H#~c|I+-nT43;IW@ai}<eq*dfW2HD*q=I>s
zJTF->x1X<chuDSo%1;q)PvE63b+&}n*9I<-^CRFzpkr1x$N*B14i_^@;1U=gH(t@N
zg$PxxkX3%X+Bac9;Tc&)#429ei6Ka`I-bY5MA}<G5EW$Z{%qbr_0bc#_vZ0p_MmK!
z`(YQw?MeL2J^N5isKz-y@PL#$Q?;7IVSZwLR9b_azl9!{onOo}UY(_@!r^uoEF|&<
zf9dxu`UdaK1l@I=a{r+|PXx%^F5>aDOZCcLb!HvbR_C`9OrJ3AB9j(aiMb-gay8Z*
zI9@UDDaZXbIh8>pvn%_hKwWn)j4W1kT+c#Piu`p0x&G#naIV=`j%uHdd_ziY_|G&V
zXsn4KdKkt7KC6+Ha3vOBW~NZ@TDyI+SKOcRD=E(Mi+<K4igrLah+NN(b$WwOI3(B@
zsru3lSCTR5QVrDJ4RS0lJAWr6;yzAR0f(b_@i&ebO~Sp;6uEuu%0bta)w{|dcvKs+
zz^c{On=+msk)6UP|M-e8(w;d>xx*Fzk$m}<=43{p;D36ToR-Y9T#yKE8pxdAgth66
zvITPIHz523$b6sUkC2^0-Z`)`QY8-h!S3q3acSQ@uY{UjZ~3RLQ=BpvvlZ%5zZd(U
zYT`qqriU$@<3JsK^m$st_{I$OFc=41gr%ZXm_-unN$>M~K60<FGY^)#lM<0?H_heR
zxS9m?B}f#34Mv46TAx-ad#uGt`WrEUJ|*lZ$I|s0S!v;T9CULX0Rh@HHq!pbf2k0W
zgQv~u@45D)tA?ZRVe8RbF3w0S-2>pblg4G_N7vhvIn$=TzKLnNu125T0XHI)4)(8~
zgTB}L?WP4i3`llc?O`h3pE`GSyFb4Qhsi0Cs1f9WZm+4Rzo1RWj{4P~gOPQcxh_`(
z!#)gSCWa68t@>T?rgKD=HG`lSr)kzGA%ZpiJFFM%1nl};&G_CNEI3iqSlAD%2W(+b
z5=|ke{QPZsVXe?4d5qWt%rKl&;0NMCk|vvGiT#<=DS;nft3qW2C)+KL5@pX>W#~qm
zA9P>9`gvzMz29E+kqX@ib9u>e31(F*kJ!rX{=w?+&pqhxq?Pj7?q=W5{t##jpA`sy
zX-FNdLIM^=k@{rNT}?ahfn-x+yFR$LK%CX9xE(jXu4*pm1sKe~s|r&+H)yQ1{7F7m
zm@>NEXG=y}p-bb}tihIwQR+?e@+@2<>1B$*((t<PnY&FF18xzrlMoDpd|YrFjM;(d
zzq6s9=>IOuhr~@;+fQt;$3GTtRSrsq*IoM7PoJ;3on(@YCKq7R*Tx_S1dLCMii}T*
z{$YN7JkPFs@vqdgI)CkIU|arSr(b_MjroCGYpWBcGyC+1uGL|+%?8|X<>~m@P{(%&
z7~wUt&Fra~YAyDik@H+yiUDAzY^sszQ?rS+J33s3*RXi7Qz;u<E?{`Dr%>|*?2(EV
zZSC=tnAi@2eVYvS#S>xCAaG?`2!48|ghx@h`?X%NAf9+1$9Iy>WTrb#n__H;e8Ef}
zTxh$0QQYrNOiyCd`+G0gdWO~Un?$z&-x*x*`^A3Obt4TcBM-<%UpoodjGvbSMl|sX
zZE<<xwG%8a;<rRtbT|lEu#?><Z1td?0-Y%WW3Db?nA1;WFpGu{7JH`p!T8L22(6X`
z1J|ZAC_WVo#IfV2>RweAg{)v&=&yU4$aj!5>s>mcIb2eE{glmVc|%vwDs55#hW5}+
zlomCMsZPY?KKKV({!P)U<`6pg4kU^75tOeG_279oB1B6?J;E*zYgYR)*;cp48nwXF
z0U@)igcdYHz8Q`w$aliMG6+MVP&70*`+jCNqVZK2Gl>-BDVK020!q)y8wJwNTg~6*
zSVGT7hSgfEXc_hy5W9*(reY4DS~C*zXGK&`Tz<JW5+?{<XVJjMMuq!r>Uv0x_0;@l
z+5;xdQ<hqJW^jRwY*~;_my+x*+`!?~!tS!uXXJnpZGj4A&?7zCrDvFFDqO5e`NBB^
z3k75PqBVl6VfA88483gWrtkwH%v>h>o#Mv4MNkpb@qM3^7)V~KePJdbjFSg#(j0w3
zF7AG*^O);{(0QI?))LqD&#WM+5>u>di!n`dXS@8Hq#Ll~dm)mVDIB-E>9sx*aoGUn
zE*n2iswhG%VhWFdj#jfv6s>@HOXWuobp)(X17gGEiHcW6x8ciW#z%n{&I_{hRjmPw
zT|1JBK>jn9F>(iU_E(_$;uv#`;S7^s%=^ucBFuYr(~qsOlTYR5^?}T8>9L1?wP;4D
zD-{aF;592^qWB{e4C7TG_`i1wQ^>7S7!|qNvytJrDC{l<2DWyKr}5RZ&t2kRzcV#?
zk`El_EB*x|O1Mzf(z+EZ(Cc7pZe6DM1Q%W?9@vcZ{JLegQwl&zc$|mYYG{loJbOUs
z9Yfp<>-)luTb;AIB?}QRqf8%tj(*-5&wNBTxr`-;!-j&6Yx%yA3ESfFb1q{sOOPCT
zWg6kkp)7bzp;#B9q(@+dT}q;F{;|>)g$PAJ=G-bh0kjLe3*rLlrIcW8maXN4j>88d
z#f&|4@=s3tNe&=Q{*bk5RbbGRzw0N+ZF%JXeb084XL=k~HnF8+M*HpSeV-Bg<r26i
zxA+Y8&HBBXGugTqw$Jy~uAOb@t+X{o`jh<Vkab%INcR*hm8b6fo;Fk353`b^bV_P_
zzMFL3E@;5b2&7>6(D9Yi)zapyaJ|Fjf5%hotNVJ7at97xrdAUIpQ9e0Q(hc(zLtWS
zijH?FQ>nAnyFlZDS4|<H>^lE$t#4)ER=`IOZ_OA%*N66WJ${asA2|m2uF8Bcokm{Q
z8p~U5``!-B2oNWV^7N(?nI4a^gak!IcSji}<WiP`lXge9`RSTX254#)fZRM_AsX${
zEgK`AJpn0I@yeCwn3YK?b8Ocqg_dad=ky=QQt$M2M9j{%r|4Gqf?sdTt1sn$7b;@$
zJti;TXVzVQU;*R|Rwn>9^KqNM4)7L(Riw;JU!`t>fP7U!Lys_aPUPpoO;suWKxlY=
zl)1dk9lD%c+)GeCuR3%@1eMbX{xC*ci37v33Sb9pOwL>P-n++EM*ZYzlc62-<J#?(
z4`&A@UWr1MM(6bGX{8C`ZjhIc{n?;xuUVy9*tAeU*iqdeQm}aDju$Fep7Lkalw@g7
zhhqip2mZRtzeQY@u~Gk43HbR1qAL1!*J?}wEe-FJc8bEgnfTo2;T9o(x(~tUv$gKo
z8i1&Wn<-UfV^_*=D&TZL!QcPUuOEDN<*WI*L4xluG&A5MpUwUXH_g`~n=%GFX9xN7
zqF+0R6wJ0!=!L{?H}K@cMfv#yRw~r8EA3V~VK<0fhQ;e~R;e!i9!H=$W3hn<eoB@4
z1pkHDzn=Mv>0Bb21$}8yH=#c}Mf3i!3IKE&dMDQj1!7CApkRM%U(~pqor*+2!q`Nz
z5B;#FcS&z^Ef@wnEzp^f&TX}zFfdthDye*MKorK7M{)jP9Hn7hDH>XX@!A#SkX{?W
z^f<D9`x7xXUx?OVz47p`6}QJm;T%J?;0wK>`-_4z@hH|+Gzam3(T0#jWnwy~AVBh{
zPcn%aaPBJkl_%ALBUc2ASG;7cfp986JLOek<(i*JI6ZR_{{>FM$M+mj!W}80rFgB*
z|3aYUY_~hKOk^aP4j%XULcjjsku9|`_H69>DgO25_V>+^Bw6<70jR&{B5mcfTd>e;
zA2E4j(U)o0xUGcrq@9CjQ^k;#BmfoAfczH}Q{0y@w}YXs_+yWZs*VR$4?TcK@s6pN
z%~NR&9htLL+GA>rYda2j?B-s`&QF-40;0NpB;=M~q<p4Pcfcm7)5qc>DvQe?YiXA%
z#;S)|H6(K^)Ketn=kU08S}3a&BX=evbMq$+B9%cU^icmCDbP>VEm_3A1*ra>#8MRW
z?@H|QTPnZM-{aj!O(i&id{GC@l4ksd78{sPAr<d%9j2zv##goYKEh~<rEBA{;TyQ*
zTK8)JYypT9`_PYEF%-idI9{;iaEl`9pecg)V<lQzGR_|`PsXmJIv}B_{eAd1Hw~=?
zkj{PPjmJxTk<yBzCLp120C;{Cs1lWHp{7e&qg2<=Kb7*jH52x8cG`c2P5*SFVbEWL
z(3`H}#P8R1ttspgP)HJzx22&>*dV|88XNGlX2(GXG;l7UZTfC165>|TEwh*@cvn|!
zxNnNf7gbp$&6KdYAi=A+QHu#yPK951oaI)y$)nbtU;2A~98nLz0$E(~)--&4cMxf0
z|0se@LMBu8!zUeX(R_UhHyubjBTY2lDysvF9$v!UV2=gypPZ_17BhC=C(kCgkYgde
zkC<7-dHLijhkJ{c>G`cSODGm+l4tfrQYCB5@$j*K7I&E<2;@OMl06X9;lABFhO{cF
zpx~)|o>?dkouF_*0rt#l?MiRRM1AIy$XBA?<Z4PxaQi5I&XOkPQJ(Rm|GsaccnPFM
z#-C^izA(e$m(j7bi5bfj1933}`R<yEY?2lSAH1ATsE)8+gZ$u6RZ24}mQRJzaYB<+
zs`{60qhmB?76mIUQoCd)Y16Hj>~MZcj?O>$hlWs-$bNOp0(vFNC&~weN&YV|1evyH
zYgS=qD#&>!I|OiuibRRrLF9&(RGMWnM#MSaLr<?%B|wSEPtPBnRwLwt0L_3rAMKmX
z%iX(6!3hsH%oQItq0C`Kun=?Y*tdKSkNxgF;kVXuAbR7d5NIjycOffl!Zvnb<9hFr
ziTgWr6E<lUfD2dpcw)g1B@kmMsWq?6k2)<fI_Ib#$GMMh4Yd|R_satJ4Qqr@jA|aL
z8HS^n&6?g8v~Di$<Xb*J@=N8!2j`phB@WN$bJN(RtWdU@z)Ae)i<CMDLua7{!x}`r
zZr}C7wd0tKr!hXi+B~m1IDw<+v^U+7SS;S9l$%K!;I!scL~>$5#~T)yynGeDCFvv<
z*NEFYbR#d=l<AZAnjc4EH|BE(pEDhAyj;KS*4<{YVRMDuLu@qLJM>*dt=3ikkM5Xe
zU0rjLck#IIrt_cPVmU`Qdoep7dx152GyET?6Et^pcYKfK2bZ_6xBvVUpN^kYQ2q6D
zH>LBoz=r+DTB<oMTMc`+O*|WR*7>v_eF}pe{dawK&1W@!wZqb6OMeU0y6if>=hoJw
z;GE!U;9}Aa&i)GFVV^lW7%B$OCTkIbJ8|2p*${+7GZ*Nx*PV?i)hsisFrt(djj~6x
zyfQ&HCPNdmrBCxzu)Giv!@Y7KrLN|$aN$8|KqtDI`-iS3slZHZ`XYCfl++|1#%%7@
z$Ly*5QHr%rq-zwf?ou&#vQ&eWhBBY9|2(TCEIl>@oAj)2kwwT`gU&oFyjf+j1=4U6
zveYDhs+Z&>+=IZoZF9AFcYEl3BiyhXvBae9k=<3NwNB`j>Q{laPVALhR*?l^c11QJ
zz;Lc2v?%rJ!FHB?hNY<mtMNtItBh-{J*Ul8+#+*guqrh+Gc|#6g$Q9eRf!b=iH8sN
z^Q){wIH1FKC2z1X{I*^^sh36r$IvKCu+q`j!@QcASD6^cNWkoh9@tMbw(tnh@F-5C
z++f*>KN~t5Az`p8x3Vm=^77bXX=bDbUc$>H0gXp{VE<F}*O4bh*vJ{KM}OIwq;+)_
zw(Nr3-*8hv%_AUXr>+i-(p`~2Pfblrhk;8|lZ*4!#Q9eR)=e%?YXhUUhL%hr<O1LP
zwPZ|k*_qGcfHk0|=E1Bi^p6-qJ7~4OZ^PIiz@w76x23jGGxHi5PGhmZ1NRY_69@=)
zey0cZ{jAS<d+X!Zb|;dztFE=FMp{~0oJ9%wdi#Y^?O0tE%}C0=_?C0BWu?W%v83^4
zHLVL`pR);~Rt{cpw9K)n`ts8w=rr@}^?iY_9u#a5#3a0974c`V4{MQ4|HR1InQzc>
z-JMchj>a;C-QpYmXPPkQF9QR>LYWd?S<L!oxg2xK0fAi|yfNj9aFGLLE;f-JCzGR&
zmpY-guC^9VHC?@5)2g2Wgr5$jt-!H@at_8?lVh>WW3ZD_c^g6vJfyc0?g<G3UVSD{
zAq%qE@l1HeXcZ@@Cqn0oQrp6lxx1yJV)rU8?)Cn-{Jr?20^+G;Z~_<juBx*U5%Wm>
z@zXtRwMjA<;h);qbXt}?mkO(YDsv0yi5kop>^x|NXr#Agsg;BX2<|yvcF1Xeht6s6
z2rjM}yi}pTI<#Xk5`qsQPOhywq>Llxo!BOFsVs&tqBW>(s??%rRgkZk9kI7%v3x3I
zM$lEb3g}4z<UOfGgey5PRpiy%<p{D^?Cy**_(iNW8S(dp8cX8tLY*2h@-?k~fI5?l
z(6_UW?$`Vs8_8@AD5Evj17{KGP8e-rDbZ398$>G9^0(nG@T{2X7m|0m8l*z$zfky~
z$M*eP=~16dvd|`TRj56a&eBV~2DX#_jr{`xM~mT}0Y+fawMG^&Osh43BbPl;8NQR3
z4X4D_?dG=~a1thfN3k;wES(yRPfEL6Q^z8sgZ`zDUwSP6%cD3>B#pn$%t<8Z!|v?6
zMLl(FWje(qK7HLrfchCR+?Tnd4rclU&&>kqpBP{1sDEF?KyBJ&U{;yN9h~~WS#eW&
z=oIWXdOAwpdBPn~W_YyGMO}7ZG)J9gci^WSp@+;2LH&Mc0MFWzO2*-3Ogg51Kgl0;
z6TtbvIc`Q*7=Y!EE&j)WbB-F!!&klFXmU+wy&d4C6J21r$-Ta!aeMPz6Q}r1N!x%y
zYtX8)rG_oBV9q%IsXnRwH`!?E>y+6n9f2!EtA?H`Fl!Q6RH@|}U-43|q3w`^>lAU6
z2_<o@MQ9Q+%n;3lXfgfgREtw+=tWbSoAqNK|DwgSJI*0(1M8%OosfeLj;3*6r%|D!
zH${%4@j&9Y&X2nEC!-Ss@`W-QI1Umsb;xa)ZE`fMpmsM4MoD%$vSo$dqFkdgClcN|
zkro976@5!!GFz2y(geH%e_#@!FFtVLzt3p3LTM_OG6{RRx8J@*!&M?>#$F6I7ef}D
zJKVIk&}V#)PL5m(S3Bac+Qll3ht^RON+zkU1B7(So9zp}mY`kLe4eODBfP)4#$O;T
zbjv3FGC@DhKnH$H(=z}R$k{=G`)m}j86*fvE;K{{ae(3wdLm}KGY!AN4MA*IqD0!B
z%1y~<=o|?@N<O&B$L38J^w~pJ=sTgUXCdin8!_v^@R%0wgSQIm43yeBf)|2T2?zX<
zg=iJ%6;7?R9aQrGI;?YD5WK5+8@#Jb_yV$t`dY*S5@J!pzYLYmDw8PK<3X?oJOp@z
zP{;^iz|FcjANsL>FHRL>L<r;AGeB=;{qcIBrxrh)r}lB#(~!^mCq!*s?@Vq-yqCdf
z?fKy{_%dt<t)ay~Ex2_9;G1>)@i8M*-zXq!ht)sY&;Qn^aPo!+ONgntQ?OJ2gxBLW
zZ!&`s{kE|c*gYJ;S$46P2yMXK(G|ZWQS}9E=C);p2p?o<@JvTM`=SgvSGGjj%vRD7
zF$af9-oS0+6ii`lygm^DRa$@551D(aLM81%s{c@#WsN{iXU}mR*E58`8t(B$XEb;!
zHl=()89YVK0&|2>gVC(GeV<YAQDmZC_guaw(_}g8Nqag+J8L_~{ga%!7f!hX(S1OL
zo`6Ac&7a*p)j<%AcL2w5#_#oQvIOybDD_jK_Gm5w1syIAsT-dR7y2HFwbKxxdn`Bb
zb`v`*4%`PiGmmL!;eC5^7Gd55d?G@<1tYT<+Vb3l$`^$LoHK?~zpLBSZ_xAZ09~eb
z8<Vn~wKYl)r*HR=>f$yW1A7tOR}I)*$bs(gL{!-YV@EN+*g9!K!H(*#(of)9H;9;q
z<|<f|ADR~UZx@~Rq}phX5FIRwQ}D@2x9{kQX6p+1Lml*|sLx(M=fJnRWYfb2d}bra
z0H2kUIT%rnli9l4rMo_VOeorb7~P1vdQyKh&Oon+vp(Itwm*WSmIK!=stp*ireV(?
zz*`B2vKWw9Q!<+-ja2rI!x}Oz{^R`ENU>ar3T{BBh2UD_ZT`#dHOg~&MylZ!bvJ2B
zO8RKfdz_V?QOyQEw66dJMoU27g}aP>316-9CRvq;TMsng(3#M#Hx4sWUnbmD#9e0(
zzFdLPbyF+zFdJ-k{HEDFM-JeTmtD07ORnYLBRFA2@kbcl%M{~bY(ON6-}=wgz(6?=
zvLBmQd%nLm%Cgs%+X*-965S2IO*4`qxvLT`pid4Tt3T|pLZdiJ9z;9{+CbKJ6@G3^
z+N18>ooK^2gk(?m$7)?xVMW<?iZhk<mkrJX-ImUwEAAb_VZ;xpC1YTWIgSGY;T$mo
z;Sx%MsM&xk5d@4p*lU#~a{VS^3HHZ-#@=;|%YCT`^<gzpZwu;%u&rU26tRy96xuxg
z(rV0oj~=PzS_v_~I0TD~)Noqg7s-gqUnGA;*)ZY+bT6%cGp%6QXXl{3?pU)#sj6mY
z@6c!+5Va}GjzTZMDZ*-UazGX{FoWAF(6}A?$uh67B*lk=fic(nqg2z#+seY4-iX}<
z>0nS#jVMUxV}<EKOKaQcGD9lBPb}InLu$fEI-d?X=rV`c)Pom&M2nn!gE1jPn*47%
z?|+Q)ENmPs|A$hZ^Z!%I=V*b&!2FL<K4T{o3@bx+28=etK^trun8Ym4WqO>o&6T@v
zXP?a7o?2zG8Y^n2PU=2V9R;_08iTY0a~=PP?=lY*GjzFv^O<ayJK&l&T;6VwTwb+9
z>R9GG_qY;iI&hm|i#Myw4Gb14H-a;NgN(=xWEy+GhBkkbi?k2CNXsFf+4$%X{49EW
zfY0UmEIMDfUK9p^IhQy1IKDSI|IXsxJ};g(_>036FFy18!K0}J4#H27^HU~|+`v_`
z1*5);ljoD1rmte;_^)3?_f?}Gycu60p_#;=sQ3H)QLiRgd_pG)bJz75E3f^Ark_$u
zVSx!wsBZ!@p>s^U%Wrj1|IJdY{k<p#!1m5D**4vS=ad6RbI?k?qdd0{e*gUVgq(fv
zi;?pK6T107iMCHpk(vG8z!CBT%U5T5uPlzG&TGDT9gmF=AN)3#-x3TVUkuXs0mAC<
z6R}@HeOM>YFI&QZFf#b3$mpq8hvGPghyOT&81uI#6M83ybIs1yyPHAjqZz?*l`NA~
zcd;|y9|NQhKLF`7NayVtp9P;E>A&T~0OS1Modd=U1U)c@41xLoU_2QiaN&%MFfiu~
zV?8kBjPx)tm;Zl6lToh^hR(<Ne|G>l|L+a}=l`Pv!1+HN0N4z@1Tb;{RvtMe%t926
z)dZHrM#nUfK{yBjMusF<oHRPCK03QT3PoHQRYJKf2A-Okq_GVZ(+g#TxK6A8Qt-K>
z|8NiP)W5vSN>sRZ_TI1exxkB3z`)@6Uxk{-f71W*N?ydrd)nwMcGUDSw&V0=$iUA#
zMA0!7(LO=9z|f)i4`xDOp&Z6UbEYy!;5it4IgdQ7icGxM=_yyD$@8$sMTqnWLo^~#
zSwqM0_G7Wm3YGN<;qQrFIPQ8{sjp~E$G)5G;zmUH$iMT^-Fxa19gcEO%h&UfVS3X2
zCsP0Kjk|D<)`mv}(*5I|CUrHz);klIkJ%T0XwtG%k3aJfh$U74KIuY_)~?56nuk}M
z_Ztc6!gN@@7z^@ERp1S-`x)DyYnP%E%73_Brg_8K1ycFs<*ldeQ>pvaUIv&!Xobz`
zX2<gh?!-x2R@x>XRqlGZQ}34#I22Nct#gn6V`AZ81h&2!_ug7kv19_S9=qd5*j{uB
zWrq0JH#zYaHINEy3^0*0Hb#9J-t9u6Q0WLu=d2YF2BwXFd$luLw+0+QHs;uOLo_FE
z#Pli|Bzt9ciRPD7D40(dBnpUo4ym1wOS--TL!J5bV!Z2PJxD$lnVnG^2^_=}3B^V3
z;mk|EVgzqAKKBzPJMi8q8w&ZtQ=Q|WADdz1W-M;$8`D4>701-*1zKZj^#G@1ux%sO
z?c^9|rfiv6?NgQ_t<0r`c+NQQ9d$dbl*xOf(cdR0GDB}X9;0w~&O}>Ra@oJGg>vgU
z$&;UXQ4`Py%;!>DUP)HgNk5_+-$b8$ErkY~w?dJ<l2*Ob2C2r5@t)3vPN%=Oi8s-j
z;T5kOG$MhuEiJsHXC)QUSyLy1jJhn|AF8Yk-UBZ#5@w@uL>zZ(sNu^P2*jN3V~eg|
zJ5^AK1c}SNM%#kjO--zR7Vg*S`RRBUcsG7|oK-($*l{644M*MR!70RIL{@Kbawu2f
zCPD{855v1zOLn&^O}belpy4M>RogKJ@iU0%=}Q2e{<}<d%HhAanp>ou^pxaB)sxH?
zh-!|b5LN6^2&z>uvJGZ~A%8_OS!*E{>>?n^RWG2ki4+#}c>_>xNm2UHQt8t4Y`m+D
z12yh%SPxL2GXE2Ui_!h;W*s9chE1WAAMSuYe-eJ~7e<$V-UWYR9wMn+G?k0Y&>D&v
zNkagLkKiH5x>+TMl0ycmqYz3d%sL8L1b)zHR8^-e{>_g|KjK5u9gk~FY$wxJ2{e$2
zV;F6mzPLF$S~qJ^u9kAvt{zn|@@qIuYlz#a-)%^g_4v<^=qqVhjb`ef%|XraEnd&l
zPu$bXUe2FiEZ6iU{?9xP7ccbo2k7HIU0)C2=*S2o3ps5ueF(jtZ3*$iuHGkMbwi(v
zpfd*}jU+nMVYc>Z815=+sM<n<nFP(rxBn%HWwfp02McA5a3$?1!N(*r)Z05)i)U`p
zHw5Jh!wS#JU~teHViod)Ih5c~_DGubELzs?y4*pvGQ~)0MPfR{5Qj=Q`wx=K;mHty
zdOZnUHrq^pEh=Wm`Qmo*u%Qh1x508%2&}G|jL<t+zh$Sw#AJ-JK5RRliVDN<i~9uy
z{bB>i*-zb)RaxTXz$Hham--O*9D@mXGTgM8o1L4+m+cQ)CbY!*VtBD^GK`F&1Cz|e
z$$d2Z9x6U~xzvopzRE}ylaa;{4;CxHS-R6*qa{L1iMmi?Z`gFEkVTb~&5$;oBR8JT
z#@lU``6pzWrnCMyDVihSA1bXo0Yb`l3RZauPh<%OIpQsSRTjD<rhAQ@wwxbnFJLS@
zA!zXsa<t@?YbMB#+=s;zsD&M>`mC;^&IfHYKR);4tU=NUGB`h2S^LonB%v??W=m-{
z=^t?kKS_!(*-F6VAtDh5wlf8%gEBDra*rxw_{<a4!32~0Bson5N_Nu*_q@;Ue~9~N
z<V9dn{yzODRl?RhhaCmctW<{p)vwxRN^hdf_lFr&lr0<t{Oov6G`sYvR7=CRf<hZN
z4x*|gQ(wKPMd6ZYZSr>JR{&84pmF;{iI5k*Ga3RV*ISv7O%vtL<6>il<Dvbt;fD1l
z3PRhK6GBSSS~D7Y9|G1@kW5k?GyQ$t{~y+GaNejEt;W5?GVl(c1p2DbcH1CX3htsJ
z9_~VOlwnCf*Vt>yKa701u;j6k4->)*oaRa>n(^!8gA=f7vPe4f8G1VUKw}1|rS)p!
zSiX8#8bLBlk_}_=QDxRyXo=wO)RFzr;JtUG@i2B3YALpp`>9Z2>wMBAX!9cx$;l>L
z%+iGz^8u2u1rk@VoI(E3^kwn;6DwquPI=C|MiDG?HgeV;fnS!F!?{-T&lo}c4p6B6
ze)a#nvjb4FpI{o52CYRA0G)m3!=YFWrCim!<}72Dw^&R>6`|jZTeKLQigbgea2hI(
z@#-8I694)oH>mMGLUACVi!(z)lTh<`ED<!3qO(H8{(bm!2pLT-SG@YFt2l#WIf<@f
z4+}2_Rs8tx@3ZP%PLJg|a%BmbwR(2V_JinAd?8hGXdt=V!w^$!91w5iQEj}VgVc1F
zU_sclO3E~g)e`P!#Rt|BG>BDCxKBIlgf~pIpYgFZ_RMp=`&GdUEzDWmYa^m7iI$v~
z8*CzPnZK`{Hxp#&Cl=-{6F4S0u=U~0O;`Q*Pk54Tn^ND%vkd$?SnV{ko)5015L616
zYiQ5f?X=Ieq`R%MDiB7T;QlxyTQ(6OL1G!PcndY)nkzE9=3rUIZpx`vcFDqrvAP>a
zsC!XAgJj`3)*_ZpST;ZVlPmcn_ruvx6XyJx1e|9qRDcQj+t&(u1q45=9>h0~DCKms
z?azN9-N)VK%nzl^o*K1q#qR&O7%Np(<0jR@mb`bZiLg>xC&1h5#eD6ntL1w2b3^)X
ziuzdSLq}~bMuBwHZ0WuzuBq12`6IT3YM17cHpYCDqaD;6uQMgMqJ^*=RH}ur8q`6t
zP%>!hJib$P9o6eDO8=LrBdn~5na=yu3{*Me3P-nIFC)s#={gmc06c4!V0*wIk7I%$
zdWeAsqZRgzJ7BW<`5mxVqXe$Uf1a($kv^r}XtVm~y7%$nod#JieR1PoqQGa*pVs&j
zq{5#Gn=K<kKKd>V`l%a#-cPcN9&;QGF6jvZF2|-s1Qt~5I$HD{_8nG6u9+*PDNFB!
zJNu186w4H81o^IyV#yp^Ptc+c#o?Mugy|t?=C)ffxPdgV%Pc*$UyMH(<85ro&oz>i
zr>&Pc*7$SO>~IBn1^VU7^q67w(zZsSz<mv|bvjH69HAuv1iqIf2|waPsOI=ylfbL3
z$jp=QJf?>Ow!4ufg>|=7A8a4P=zP0Gd@<j?8rPgwXi`v8l2ybIiZI`@l0x}vLwuL^
zwxXy>Tc8C3Vy_aWe+=ayk^}<`fT1USVT7O(yU~ZqN9aF8p+^#NfPqr|O#`t^{^9_)
zrO^MAG!rkRf%GPP#~(&<Vc-(xT<n(yN)e1c%uM*s0)!2{pBRiQ4Gi53pOT5TD;>kC
zuuOt{y=4)m^`cX;zl}2S4_`6}d3c6)MhFX9DWDOyQ7jP?3=M4Xp$(%f%@(el#^Al2
za096eVwa2?Ns32Rq_X2o<61qtlKXN^8F|HZL8H4F(xH8GzyL?doB8)y<)(EDl+}1i
z$4N~2J{VEG$;{p#8vAbsF2_!<>ynPw$xH)e#yAHDgF(eP3c@_r{fKr8zir29RnpGy
zzd+?kDuPa}{1LBPadc!!vW=?{)9pF}R4~k`4d={on}2o}qF|YwN|?*&Us55$rBX2i
z-j{_!213PBF*#p<=1Sd4q+#**H4Tjg4ZB}<t-m_EO&Hh6_^LRmVD%Nb&RCXpD!v2I
zW-k{m!Qzh_iFNNr?3gy(*AZjyv>f#tGJ(^zx25}t$TXNbzb>X_zw~0$Y*)qCi^+^~
zf~}Wby*kzRJtw|FV?UN6V#e|q#qx1eRPLEe**!$=7kMnuscI5@`Zxmzr4;-!8-6Nc
zx;#OKTpZ)nLxQw(_GaP$`+mXQKohMM%;pOFCo^Bkvd?9P$#;7H{h!W(XUw6`RKQWU
zh1D#hT^={3Q1o1&LHLw@cta(x)xWXuYD1+t6!@-iH_$8;(7%*@G@y!bb7aEuK@4E*
zu*y_H#8gV4GwvV`n8tY^W;E7o#O%ylhnM>M82_j)OdHm<F4tQVGV*=Tp4B#j?(0aE
zQr3E;bQ1d8M-|`>5prh4-G}x$C;&_e1kEKK43ka0?)n*c1;gL>qFLB6U5S_BDO*pz
zf7V0^Df#PJ`)lK-@uFf?GZGK3g}$7zdR`ybu^s(x3OTB-1H3sFBwlr2vA~SY8q*dg
zu*<guzgiOn1q-KRt$`Kdq*ilPM&w5LkR%HHlmHq}u0qKLTHUyzN5Gn01;A!%$mSkm
zUk6rk23gXcrK-j+ia780q*Wa(?Xd1X2v`H@B%kST$0V_+JoEd?D#GTX*=8k=FYC|S
zwFE!a?e^`(S?=+rv01g#Ri%@Mcg`*vQD&HMRg*6~)!0p!!DUEkV1+<%pH+*UuDR<f
z%%SfCtgX&FZF2cigcATzVEN)k0NKd~uhUiK!SMFieMW}RhvmVWS20~DGZp@^K)~`e
zS6%MEIrqt*EtgJRKGq+D$k&;HM*WhNb%zey_r&B*GStELJgXM<DB!oHnHQy~=%YSz
z<hjK(kQ9G_x?kXm5%8W07H`@zB#}+$H54mpE7cUaVlN4;bW(y}fVj^i%kM}#p$L(L
z-l7lBqv|`l%s_5v{`)tpiJop2oKK#(NWFaZ{7-_1#KMn^yOg`wJIaTmE(OW%$0ElS
z8LCEMM&}jxH^s2bX<z(vxusK>^=J%<A;p~oUJo>SEH9NIQ_Pj3s2#!GP%L8m$9`U7
z_SauC&=!K!cOoswz?y@HpId!X(;Uo@8sJQ!UUPM90#@0$KA1ec_>(q?C>Oc9ptWp4
z>~I3zYNp_u%Kxd_V)Js6^K2)>YCGF-rRt|Jwlox*yG_9O`o}?NCzq<hn7F}8`I}uL
z0|0i?bUt4!j<_dF&JX`I3>JrB{2$i`mW#dP0Gf|(oB~n>Kw4u2(Ud-s=z%m_HO(s%
zlt-A>fZ+8dGm~WY=B%aj!X;NA@+gR8>d3L(qjQ!MgDEQOEr^>)fSIfG!OB_?*62=3
zi6(<+g0j<ja+{P)P*WF(Cc%CZm-Ql**}VZF@(HsousAke{`@}K3+T;|ZxH%Z(b#Di
zj*!pOKE%(!^wIPhjvpxCSl07K_@5mxr4OxhN{ka34Ox>22HD5TJL<MREs~dL!kc<e
zqzq)rNhYXS-i{35LOy34mU7MD+Wp&-6s9wR8ms#-V6sRWf9{6y$Rpi2o_9x4A%)z%
zm1aI}t`kd_HF>(Z%E$P3l>s%UXS6NK(24w2##jcZR4|pdS52O_q>b5Gk!6TM@sdNb
zpAPomnM(!t;89Kom*7cMU@JGM-NsS>eHK8@i>Gs0R$81~<$rg=cl0zJ8RpRdt==R}
zC4l`{GT(cV&W2Mf>NfbRG%}KC^=WnXyH>C5_sD}kCB4v_;%xAEu*tHz{NiZ@aVG11
z@K_b_a}rKAPszdCv>+b8tt;>Y1HVMDRcf3bue`2Fb9s~h{fP!yG0IuqbGR*;RUu;f
zg)MU?@BYw*S}cDs^KUpS_we9&SXj%=ocQ7Halhyf_r}m0Wpy(j>tYGTxew0+If*3~
zvTkwR>Gzl7-ec83%AJh|khgoVsYE7b?!91O5tlnfWz^N$f*bxMny7U5tq(#<zJ3;B
zUA}$`Vp3twI0OzIBL~D_LLXh4(m6XQb0-&8F$?5Y?+g5kIi|oCYzD%JYRs|JT0u+H
zO?4{pn7U<TlvB1Lgv_OR!c%#amII=O@*tW=Br9fqZ7J*541`3g%R$GWGvg=m=H?_|
zuqU@^Iqgyy>=@ZlGwtvT$q}ZFl6gVb$l^cK0o%NW{o9!a_E(4QLIQ1W71pl)Vzhk5
zy>`{80}4cIn!=L~KS?7|!k~yOIZ`}MHPouIxwh4cEw>4`1#_lO*A#DDC}DB}Z(y{D
z3ya4%Kl~a!B@cfG(tQpdPve$T8oV*^>U0u#eKbB%MJ1@d<qvVxm&inNpKav}41Csh
z)qT`9)7FWuWqvYU1*01Eakp`_xXtaAUVb4pp*aMFLReHG@laZpPZqK1^1!<k(wcs3
zn}i@%1;*&zX9_S*fA^}j4)%qgS(cWSB30(hBGozxX14gI->U4(z3V3Y<(&g&>YYpo
z^Tz0XxKZ<v@(iz08VaiOi=wtyPxR0EPY-ext2F*Do@TpKxtF{1&+B+tJTySEJ%Cj$
z;Qsu5B-#4?SFn>sD3^o5-3Az@lHq_VZ8G=EM2t_Xnn>4v>QoeXTs&nfCwgZ;R8|dm
zT%#;I2l9Srn{9p2zx0E0-UtC6Mt@V!jsE#tKWMEkSVM1=&}C6PU&$vY(-Y-MWZ*S-
z&P{U`a{oB%pscDr?@<3O2MN$Nmkv~@Tg&{E`ayW~+|^c0V5RMGy<ZLW52i|wKPEy@
zSB#x}>}lNRq0Ee_KQFfRka<dQ^S_4PV;#KH_R5C;_Jl-dWmyn<m;5$B!-mx_cTBkc
zu8Z$0x~U~4$o+bY?^NlaOxaZ4o+Lhi3&iT9-oS(un02n(R~Jmr$ToP#%}`K{EGycn
z{-#bo&}4{?1t)~2jDI<>Pi)-v<{WA?Ayi1Qr{>K<WLRb9#BZ?_Q{yzZ2>pRSV?GF*
z{R`F3zfGaH?N_MG8Zsg9wukm#sL4Q&Cdob^gir!!=5n1W4$sPBKd@<yFEm(Y^WHGS
z>LQj-*nGebyX$KsXS8UY4Hx{m<mz<50zKO)uh(<$PSoP=tn46Z-*~6C(v~?08PcJO
z@w(A)+iNsjEA8vTZW39m$K~ukgDzigB`{thD`yPPr$q#$*!VvZb-cuiN0I$~*gr`H
zkR9esYKqcrR5`d8_ZcV|U~Q1uplykw68|cJ5&xIZL#8`yuM!Wg6m2CgG8?othD*=C
ztH0(v`Fzmt&S49)>(q@EX9i-e6xRoGGJgrP{;!mYQ?K3cwI|@_^nC)x8#*wziv3QC
zDV41#dC`}+C0Gi`GU|IBKs1_kKnfkU<bngUYj876=r?ikwhsw6Ru=R3@-wNx#_Lkv
z4Zk(S*$dZaD)H^Vf*gTA?z;Jdy>&k@X}EG6?qGNlB~$_4le0Iw1n2*+urET0VGfnp
z)Ua>IsT(_;Dx}wx38DD5-~h55o0}>3c7TS-e<z%L>l+gY>{T=LktOIQY$t3YtjV*K
zA}FI4iS;i0ftqe=nT}n}-W0&An%4aQ=Qd^0G+%nJa!PDfBE(RbmE`PSQx>rE`_^;W
zF~C{)06dHkNAAfjj5M0Z-$Bv$2%XJ-A}qb`wM50fADM~PLJWV2Iz^%NJP_6;K-Y`H
z<6YlBZPg9<`jfX#rM!6^C+URpjYWH)+b-)KgoHCP+|He_ZY=^HXBdTq*dS&Fnz5a7
zh<i@+$nLx3+v5Fzr6fq{<%i^_=&R`W04~QeY|XqB^1IVU@H&Y~1H<>g5jQ-UYF+Kf
z!~*#(x)8;d-&O!A)Y(*4l02&z5loL;%B?*#V89(XRL=o;#a18}->-Us)0m|8?vO#~
z-dUnH<`9AUi?T<#=_&-s<us;Z2j37B!q6{o*0>BMKbb}id09o-+Xl(H`2n=<6otk*
zx!^-~_d4ld6PiT1L3t~<+~S7MB#aeFR6NyR^pG($Asmox7@40Okk@j-j~M#mljW*7
zSYJR;NV?arD%3^l+A;}t*Qjk|o9@lvbjh()k_Y{exiN^sdzu@M5G=_NdBPea#bEyl
zAsL(H*}p=tsI?$%;;>A%1ys4jTHP-pg)NEm$eZ&d<`tTl)94Y|`TcXq1Dt`$bDcSj
zf#HoUK+vIQZY1OkdmiXdtxcs1wVY)E10O)dQqS|>zaHnpOe0rPyPZpe4xv5M?co=Q
zC?bwau4W_2HpMT@C`IN*gkrWv%BDVT_nkHKh(k+iHn9fWh%6D-&;^8CT*a(ia5e&#
zK~1*mUJNO*%$i^hZK=L;cB5jxw4-;%X(NSuslWayxNoF8mvW%5-+Yp5E?-f77+C=6
zB!VUzikrT7X@*{KJmtQS?9Bw2_^W{}7nle;j-!$w_kjFi<U~k1@$gr_qY&{CRP)59
zQ65);kItjV>N4}3`u?h7BkXYBE!q+5S<gbVcpI1qC&CCvZD`axfoPqXud{?b*F%o2
zMgPu?ceI1mkaK;Fh0)tDQSknug?u1Y)K|&%Z)YxPCVccoq8|dSd#3!yOw=~}QuFZ8
zQa0Xg%ewo9``SOtzd7b2^z2FW%{bPGHBzGE1>vHF<fINP()T3RJ1dcn4Zr=+KlNq$
z;_(8PqkjAl!>_IF7HV~=08HviAHk1U1Xz>(9>;X`a&v8v^u3&v9;5PnZ6kp3;)a5K
zkkAFTBkq4=2q*LxA<TVck*T&+z?qlK@bj<Qz}SwM-Ndf6OoS80Aj45M`pI)hbf)Z#
zSZ1Rz6VnE5(#8M@Y0Q2GFsgxBGJl2vDKY|7lU|s0^)AdksH7Sc5vq=1_Xgoyin}I{
zhgwlXbRo2FMm)}#f+z$s1yx{NR4SSF#VSdl2u&LM-BhG@oBo!?MQHk1;!pXzAx8<b
zQdlin&{-z)vAD88x*A!hQW&KRAuo-6D2xReMl4BeB3%dt7{l7)6~hKCSaCWX+POHU
zUSuGGvu`@f34NH03P)3wY{ZuQX|pnPH$zPw@}ko9?^<A`vwn4bkqu~2rxjLK4j@{*
zgrzQ^Dd<6vOYJm_q+sr?*np(l@v*>3>8GGk+nrx>tGTXV#jUGlE1oI)ufsZeb>o|>
zxHos+g~Uec7#V-Q@naS3Ck0iLVtF~~-oFM>c2+%PM*;E2$%nZ7%dqK8tY@u1i*0h6
zwEuiyfq&kibDQ0<GaZ272}~PUb!C9Q)nUf9p#a_G?E6=(L&6rz-qMFQ7QVH?QBLdm
z5Yx@mIOp9z@>(x1r!EIQOQECx9IlIMGdA~_<s{dXs`SS<A;NLh`OcO}T&a>vcQ^FN
zu`e3@X1o1;cl@9`vgCbeh3uji)a5oAb(E&t5xkPEoaRh{0{y^ahcj1>+b-dgVBol=
z#T<By9a|n-xykou%&h~HYxxCN$_$N2Yy9yhP1xiFyB^`y0P0ax``VQ56bk=}r{v6F
zb;wT1PBjS~RR2^~sC~Jjs!d4?n>g>_*vy!b70Sy@9yiu2{X)MtA;Lm%yodh9vGb|B
z?Pc?dumwN6gD!A_9Q#XO*c3gdB1^tizD3E=cBgS#J^x*Ur`CUYjrS|jeeYDv>1bI<
z{pn>UMsNr0C=M-ftM@$k(l3%J;Pvdsy;TBSzeAlrMAKh9Y<5N>!3v;*?{ckz>u12x
zn1COcN1DeUEhPe+#uqX0m~)nNRf~IuO}^G7kw)`fpAI0@#7kQl1`ED!nJP{4f!-;D
zAP87!P8;<6Jgs*)I|u>wz+{PB(DMsoAaU8IJyxP&Lt@(x1gVwa`Mm)(DQqd^v;V%N
z^!lTK7*g*XTAkCY@*TsvpsPfl=%jJ=0;=0!n+A8^YpK?&flRV!34MGn8KJ?PTMSrF
z-c@I9wgMa#B03HxTWEemT==|Zxcaz^)&+Eefve}<)ZyKXF*J-8oa%5kxa{`?_!?*E
z3%Nb>oy`~qI5=KxEtP(#94=L*<2B5l5J9d<c@S6TTo^z4#yf`u?{g_htatd(YFl6G
z5N6z;LZNN8dmmyxMeL6<ZTNk(tv$)!foP3g_5qB<6kcW?($Y>l_Z~kx{_sA?H)Zjb
zMXM-L>9+aTrmqhW9(%{TPh?{u5$B|b0_r*HcROf(8smW;yDXk?Y&SUkA3?6IuFE4r
z{|e1uVm<0t^$C}U8VC+jBpb2Ti}o4h1=S|)P2$=3-NJd_9#NTNMtRGO35^8mQEdy4
zKmm(47TQ4;?jGLVmor7n2_N4)rr||Q2DN2&yBNjgVyo<F+a^wN`~Sex`4{kF2G06B
zoci~VKqvOS<*FmuCY9)L4L|>5lGGKuj=!i7UO{*jC=cz{HE5k&yxmps&Ut~K?@|t1
zR%-o?t_%62R@2(wV-Ay88)ktcualF+{(#qZN2KYQw$CZ#`ZZm;REE8wDzM*}W1HgH
z^I?1ObZNl7Zs;JCv9?vr%>=dhxxwhKntbwuOh#efAx>_67BhN&7~&+*5$~Y9zk~g^
z95{g2T-sm3ZY}d(@Z|Pq5zJ2509kS?bnO*9AQI7FbNF*(I3Wxdyh*M#VgE#Q0)U5i
z>IEJre$ruAthXm+eMy>aUv41F9-Jjt(o8&0WEc_h+#W_c^~(IJ(GX~_$)AZZaK%T-
zF|=x-Xh7<pTGK8UxrQiTHwH=RAExBd4uzcJ)V$8Vj?i(W_7n@of9oJ!M0DhGcH};e
z=<VE%!hh;8$-(Dr`|kknhBNHm0f-z&oE2=|l;R6I5864dDBY%a76uo2mi(4e-uPdI
zJqJ9M-}_(QBpMQ#$t?{d+&!`)6b(C4X4#?aeM4FlQN78EjBK(>Ms`G2DP)w2j6_EE
z|J+O8FZX`GzrW81?|t59o##BybDneF_nxCxo1XL~r3)z{zlFWTrQ%4gYNdPq=G2es
zqw9qqJ11%;&c-~}5s1Y;w3HF*3OP~ss?nXbBPA5hG0El^6`njx`2F$X)l)z7`KOu(
zVJ*uNex6kR>k$&ry~SNY#r2-z#XEe+?nk|>4tc3yKWlIwPE^YYNJ_SYWcIw>39oCn
z8<@0O6tAw>G6`N<`LQusVK$bd?u94YfR?RM$%I1Ul3tKiSGSF)4gO#;!)S(0dvbb|
z;n{|LS_T<6gSDI&GLLR?&i`J&Z({oRLHq;jV=ns|1Bp>-h&@U|T)*@&=e{)fMU(Hv
zu{&Sb_bu0DPEF!hNm=s9nbg-WW}R><HE|`6r(6!seG2A2<jOU^U;17Dcjo-*Zhr5t
z5fJ~WkA>eQ3nUEKYEFu>)?Xe|hs5ql&Z~(S30oxIkDjyaJ2!p6{Y#~twN1+R=*&U2
ziMvsjF7AG^0jKx)X;@z8agKzYq}v{Qknz^fY|o#SPc<;u&|kllM;M<c7~A2pgD)oC
zTTsn;y14zQ>ArGX{yfs1OoiFqQ!VF78|%%l^%|d+P(j2AUrej9G2e0As`3*;+FqBy
zO)`ByHN7|U;G1_c<6^FwA6qrwmwXOOuzqq#pl6`Oc>1I7DbGriZzY1hGC#TXric2-
zY@*Po58lCOA$_)=$7H?6%7QiZm&$!g-BgA$ZQhnxo@Z0oH7*+R=)#d6*1qFmcLoS*
zUu&n5rLSURoA%c5<eJrFrJ}@hpJ2;(7QL8{j!m_5519A8zeTFu7|FZ&=<AnuHA86q
zN2imGW00JQu13<uU$*}^KB@2iwITC!(FyYICl<9%a=Y%GzjMRE{AfRSn1B_J$1^64
zq}M-2xC&iHJG>1mTej~g%rH2eiZe5;OtJ86u+hzbjStC`-uUFiU>HjWOYXCF3rC10
zz|peKLPv@)^PcS0KGpPjz;?-FuCnwL_G8H>$FI}Xou|55+|FG5^-zcHP_SoPS&HuB
zEV((gp;3y|Q=&w6?|ao3IOR^9-lZ&Ee6cL9+C827epmh!*Vi1}pq^+2z9akAASuR_
zloKeha4B-a$ptUowIgfY#Z9N@x%S=2)6<LG7st*W)i3RF{Y4*KkZqu|ZF6q^+-DbN
z1DVA1Tvr}-f8QLj()o#jq1dF^ogZ`khZe~W6@f-ev+b@H!50kkohq&-qQsOjF(T8V
zg!Jw&fxhb!MI3$Se&?Jr>--^5GyQS;W$XI`2~WvSMm$TH>$>HYU-8E2G@jPLgsJ-m
z4FpK-;m&=A_~w@`Vd)?r1<qJg|H4>rUvTb5RZ*ZUTMrHw^~Ur^<)woHHC}~U8b74H
z$X}WQM@!w{@xWhgnBeSV5^3JwZ}ny7Z0G*rG5+4HLsp3^#Yk=t?ocrzwO4oYR{teU
zjJ%R_srh=DITUu1c~I|&(Jrx%pLQ6{$;&#co!RVQz@z`YjFDlgS|DAg-d3_GG3}g#
z($|ubQ-==67p<Fd&6<-8DhxAt6!F7yVNsvFe}sc!<fY}8vP0`%fA@g4Mw{_;zvN@8
z)jNOw=`FKr=W4D#UZEJXbuty>#!1<`r&K&YBq@1W=9RUwm0xJFNtY~U5xW^^G7~W$
zy0OK+G&{-CGf*A&dva{w+r%GFTS2+@;@ij`WA$t6KWrZ%?pwTg@>Rx8PStn~xo5rh
zON->`=Yp5#rz(7LY;rE|WzH0&Sr}^O3%eeYslUSC>yeA*k0pG#ms8hS$6Qws5?5ta
zq&Q-DCsHX$S)=h%(W^6|$9dlKY^eT=%QE{=J>wbirt`iBH{Lz{=oRCG9{J7XpKkNp
z-bh&dZOW&!A@V_}n@>%D{ph!(XL>Vz+^WC#_HQHy-_433+beczTrd0p8wGTq;;I$;
z^~LY(VKvmdJHs1)?}#cso-ZX-Bg|LH0CkbN+-wRi-P!awPcW>j{q^4czlPG9Oql|4
zJ#`z>?u`;8%3s_t>iQ5oE!b@OieJM@dT=<zRjISwbtExrHaF2ZSKLmm$7g3zbFt@j
zw!@9aSIH+v??33xA3cqInlRfpYT|&Hd&vQ|*8FKUvdGW;5qy#4bQdms;a>apusYEU
z!+hdW$9pdCQmZPQ>qGub38K%|kJFpGHL^Z6&%upy#IGO5YTg9+%yn)W8nLs}`1H12
zYY3j=#e6NV=!s5qb8LR-6YrmPJl=3>;F1IS(Wid$adQoDjP#wICu8rBK1>Bfe&@+P
zTB_QpH(}f~#B@+cWpI2$rQ(N_jN69<40uK2Y<3G&9t{?2eK1+w^tC0I$?_woy4mUO
z6e+I<GYiO^L|mPumG?~%<z3dlZfKTEU-5C=_FeSMBvCRu@{UkimGwlnq7>i7OEIk`
zd42WqqFLnq58iy>i*fgP@A$&CBx@+ZJBWkv;=~At>ecadu&?6Gq6TrjPrSYIY;54f
z=`9wrZ=SU5PaAcZC7!xi__Q<actKXD-8lulvR^M;<dRMq>zovQZePkg>c?C<TI{LK
zB4!j)sV@ZwEYx$9M#e{bYgpKnryS#WC|mVHS*myIMY7DL2ky|l_5zaOl*GZ9se4k8
za@%_48om=w?hx|nzOh#w@e-HjFX<@f84sqc*GF;Jn~!k&NY^ih%_UBLJe;06e(bY_
zqj{fRyJ}-;LkRPr^X^M-#Rp-J#fA}ueO<j~U3P*)Iro*lws75Y&o^wt3{50W1Q|9u
zoY;0(1))NI_<q})IGYgo%?tRIaJFs?G4QIE<Uwt`tr!{qwrs$Dm-FzV{HUDUmIdNm
z`?uEjqFUiMoa-DVeG+poSQuWb&H5Q@;LY7893$L+H|B0Z;KqCDstya{D4yhe3(-j9
zYP7Q@)BMxTN_CLC#8al*P#Du+d&FXcQY1Mpo(OQfNH!fhRi0b?`1tLZ&3U0lUy{_{
z5kv2u&pC6zLrX((v~|n%odp#pQfYZm_TdpLsmMocGcJ}n6?Re=VuSN0_LLq6qm~QN
z>e>T={1&Z+b0Q90;^gi3Nhiu`MArL7469o(mkJ!X8@K-8aTS{Y)GyBTyaZ@G!S`iM
zT0qZ-=uSIwokX-oLvtI?g%q{7>A}}dK1-bf=QAC&`1y0OBmA8Re?-8$!gA3c8lew*
zCdAa`q{^6{H+0rMa>>%Nhy1r+IJKpL>49FcCFi<3jxL|QYg4^@ZJs~RMm93bcsJED
zD+|tl^SAf@d4sKcyi8s&ZQORkb~<~bxB7@bLy3*ImKXT~o8X?gm&5)krv$x5{Tsb5
zzGasD-K!#aVTwVsxSg5syZ4}A&_o$R@QPQ+XDEzK;&-o<;CutK{ao+NI@!~G{>p;&
zlk&-I%5#X<@aVaNb1y$b@#Kdsawor!PL=t~>ZN|}{(LS`bJ$mQAfVx=?|}bezxPjn
zHrdHCRLt3p<i;7}BsToaUt)U4#dy9)44xYoJ{%={xK!h+?Bh*Vo83b2y<8oat#TQ3
zXAX(?PBUl?+DzDv2~0&z<jpu$GOy3P$Dx-b>?c3Tsc!xIafYaxSn;z?kA#phwumS2
z@Uum=hzwDMCtX4sjprX%ACE{}wCrYiV>l9PX7s{e`GG%~p?sc9_I?u)9@#OKr@821
zlj&r?*vRZND9KWiVeA%Vdtfo%<W~Tz)4BW7*#+x~E>i)XvLytb;=rzB+xk&6AqS86
z%KN-SJdxT^Svel5f&8wRqqai?om$mjIjVS{Bg!;`c>GI-ZUN{0z@aMd&+KD1W096T
zN2eK&?~dg7MAj<I{u#evNJ;O2LcoT0PF3NFbpdt>O$S-u-JeZ&65KU<cY|QlX?y;t
z$w)l||5u4OtMqzg(*ku<4TE(Y&|Pe=xWbt{^sf8+VFpQ1<I|Mdn$yi;1Y5o)UGBwS
zZQ65sBUy{&nGQMKIK{hh)4Z9co`R>!#Ye>qcsR7)dB~A}5xzCI1&8lU$LLF?F7Oyn
zq0>JEtDN_XJhw0HWbZ9$i_eJgp<0xOKfl1a!w-EwZK~d*aXv`7+EgYvI$OE|BYjeT
z=19_s7d#s~$H%qXQ{fW^ZT?uc(dLLpXG(K@r1`HBUN#+@nTuuO$4k1&&m56NhU+?L
znM(?edG12mlH-5AXBV@(yi>b``Cg9+%M9npQQh|HvC5a=jD>PJ)Vo9YPxrPD4x}bN
z-!``U05~i=N$o7T|DBlqt(d+a0flkZg6pr>+8+Gtss^_L2@(ywowdI0HP_R$a3-k6
z&%1=(oG13f1}5bJn=9Hv&u$6tCEBbbnqA>gCYoM(z@E=XHYsKw3{p2)*S_I7=R2!)
zrdI|Xm46@fEo|J-8I<*A!wF?eq(V6R%^+m`hHX{K<=2Cp<c>CVDSyYS7gpVM!tXsH
z{Ec1JnxrJ0=%mTvG>#SR6n-Y5Vc2&pb-lawoeJ;;tn2IF-z1+nCU=Cz*eWsTR8ZNq
zstw$5^rDl|<TymWLbkS0l}bCAtZ}~(?cAKBd+){%p4e*&IuExSURW5H`M{!9Qp1_Q
z^E_*NQJaJL##{C`o4E&-7w%@9FN$OjxmdzJd}V{?eu)RxYS|lR7?tb%zQB03$%taa
z)9$;RP9~bf5w9H&#hq?ne?R-sBkpJLF$NW$9+SJ=JJQtBplR}n&HWcIJMMljer`TD
zuAK2hgA>1WqUFS++!L-Jv&Fv~qb~|Zt!pWq+WrRV;8T_5`@GqtBK79@uW?q@^=*=+
zefxgd2o{kSQwTkZnY**q;xbsAcj=7(6;{#vbLQC||7%;dRZGu1?2!sRCUjey8PoCk
zFPAKcSainyn*Xr_95ZB9p~!{tyjz;Ni@JJWZ;w_dzYt|m>53a*4AI-?@Fhj+0M7-l
z)Oojz$qk2l>jh4z4eR=REHWf*(zP$Lj~vf>${Y8hp!{Kf&sSJj%C5b+-F<^kW=!m+
z8~OPQi5HLc^)uY79p<&$WWaWI7q=%eBj3e5{epGVAm+^GEzv(~mB{Sfs(Wx(Lbc>o
z1NxG;9t&{Bp3saP*dxPB#Ba|}RL~MVpWwH5`<wW3mWR*A+n>vk<X#mB?hJ~#v$12A
zDePsl$#(V<pCqOqXN&SA&-J<tPG36SbFJH^#Qt5mk{BK@RkqnKar8@_#Pm<7RIZ16
z%Y_#vqL|+ckB_MNIDg5sCPyT9X*TYBjKzFCxtq1=`jkwqDcUaD`l%(?g&gy;qct2|
z0_hJnZx^$xH6)dUKYZF(|E;g4Z|K^+x1+8ho7&HPy2T?)G$@R3xqkbr_!AZv=TBec
zihjl3jL13_r}E*A?ho~DV#lnc8=HBVt@xnFlW|F&tnV+*g!hqkwu~rzBHL+4GYAmh
zjGkuEP8@iD>D~P9&q6-qL1(KNzE`@tdvljY{2JI4rFAw^3%U37aAd{6*q~d|VI-e`
zVe~P4gw$Nv^ULSa1Eib}369&YFLG|o?l}0|fQQs9;*w^YZX0;3q2N{?D(*z?m|-vn
zv@x<v<<x_#i-QcM2b|ts`cZKWY<#Y_#pmEYE7uMwYma%7kI9j&!P|~av4&-`CPj?5
zk*S6z^=!lsiKv$%J$K(8*Zd)#A>#8Z5XJp+XR?SdzpAw=c#ay_JBu2YHXGTI!1_Zs
zlXS6fhj@Z^gGO8Vts6WCW2&2;KUI_Ie^lMPuk4jc-z^VgqI28+$l`^+UM7(7Nqu8V
zc3wl-{ygjD7L|rLHu;QNF7Sbs%lg;p5t3dBb?5hZhKSr6s?2jJtono;A2dxj#;_`L
zdvqyxeoMZ>BVIkCMcVkHlj+RaiDJaaZ@o6N%;fye;wh%CL!PWZj*YmtPK37Q+}PXQ
z;(0BjX!2gA>ZqVwHs39msF%E($O@qbS*b-I?r`7VKJs}gdHvi{G(5#*QX*4z*JUKn
z(xdiu9p=W~&sMI%hs=Ly>fW^XR*IM#J+%)bgLG*Pb84^U5U75?ez+wDX)H9a#{RZ%
z{&wG1NFeBXcE5pZh4<2Y68f~9eXYICeaqZ59%k9-M^ytP^&W=LcesL^#9GLM9Qm;x
z?P*K%`#&ZfH;fCEn8Eq%Gqj$I)|qBVi$C<E7OkKedc%aWuL9Q8{6+?Lcg|(Q*u!y|
zo;Ik*@l}q4vnp-5uhW@(N}4lEF8JdGy0v%m%tkJ>wWI_Pp9FjVxZ**sXvqVwOgC`*
z)s!4QEuf&xmpA?8U07zCVX!q>glEso?^{Ckdd&()>a$!oW}Ut4!C<~Y{lH5kgTuN3
z(aRj3nwN7Jy+mFzGwxtF&it!$onFk#%%i>iEriF|`S$*G#62%v81SrFs+W}*gSPgH
zGI%r-A`VQ5C$utpJ#-5mRAJc3X?*Lif<4{7E!}ynEWI2r_Z&+7OK!u@@V{!v+kSVX
z>Ru=N|E0ymbK?8-)<+ywqppURM<v9wG(wW9!;=%0az#TD-Y`CS#YectA!#X|7~dIw
zC^5W`vnZhC{ksQl1$E?^KppssX~NRnuQc+-<i&|$F%L|w;gHmz>G>MldkFqhY^*Pb
zC%c6*i#OSPa4aRnZS*TtXW07@H%y+M_$XiU(V)>fv(!OKh^xCX`0KHmK56^&?jgRz
zL7ZhQ#s@m$YICPj6h@fWGfKQn^;;NJu$U6dKfmA+kY<!w%>SyS8e6qQIIN!kG{~@K
z;38*o(if*e)blJC;YZ#bnvHdzs?L&=em#0B>|=S7cS~dQrMFW7nhiLyo?S99`G6&J
zQ*>4KEf+;8-|F3hK6WoOi=9N$mn7>5vwS-$X3lSVt|RgDyXQn{bsTIKT*HruFL>V)
zBY39Lc@gP%wZm)V2zyOa@a~=0s)h-eeQm=?DF^1ws&m5V>&SNF{-=(Pp5C0bdrz}S
zqCdHwZ+6uxkG-PtVxl;GiZ}cRYLXnd#CG}Y3lDw5N6GrQ{c%4^CTh(z{S8RfUvnKl
zMZWbJvCsSP-6q1ThLAls`R=`9Fz!uc#o*N<hdzHPc>Y{NQlE1do)CXatkAn2s_U1G
z(fRSaSAJlu!=TC0ru4<#s27U~A6<VF+_;99{Jvk)7c?}~n(4jU5?&BF@WW)0ypT4&
zm>(MIR}~m6o3lAou(MRB**5UFy{u<rYj5GSklBw>Ns$<7tb;?>m*i`)^P{~11xGtE
zb&HY~T`j+>o(72Zc>X*%c>z&W{tok49bf!4<BG=n&gffuFWF|0T+a>^y(_mPvOLlL
z9;?uFTcldI_ku7XW2fQiJk=aHWte>Qgm=ZF=Ici>Jf%~m?cE_{PsA9x=&jDd1y)1v
zu<EA8#^S6<pDgs%O(PE+Yb|cx4mo%B?gjJliwX~}=&K#wDch6SDSzs-H|g8lC+DZE
ztzkd)Z!|W3^3InCzT4-Gp59(tS;YMo`x$p`hGl*z{-(xjjw?1__nGJij9u^KwIa*;
zTFHDoner^@m9ur%?_v3(u~!uwZYQ)xe|zmu9~IG5$rR>&JYHGa-F9<Yv?wJzV}Dk+
z@??4c21Bz4(_6c9Latt(-o2f<HDFL+#=7!#(2N>lRLxk*yzdwIuHcBk0^e?g;l9rB
zby?m14}Ju=Rb4XN*Ie}8O210W>Q=n&PV#epNwIwS^0{4K^89A>Y&|=<*UQap{G1x&
zgx*;i9Gm|ZgR4Js0ez<I$JhF^qPmTFKV@cuow}TvCl!~j#wL9_Sn*4N+oZJFrVb}_
z-cWc8*Rjfl&r&MW`xh>Jw<nptJDqd}J~Mr0$t2>uXZK>!<G^!4=OX&VYk2!N_47-l
zl5L7?5{ATGLp@XH(vnh>K4^`$f5Umc@HG12gm*tY4$JzFzP}rKS15|vHRF3x>gy1R
zjW3D@-p^p>`xb^0nB!gJV;~h@Az%AGK1@K6l6YGjpIGhg_a>(N6|qg)mfTOQ-lx`%
z99&=Nr?yoxVSmnNtNVMxo{wR#5esTsrB%qg!I8uQi3L@y9u6Gs{A&EyInbZ2eE0b7
zP~(r~tFCO_7h1l<aw#}8ynb#h_vmcajU{ZjVrYBGE0&WrzjFh{ZzlOVncQ=GxJ%`%
zs&qr>*$fNmhC31;C)^(H7x~yQmb;~Ox(4vR-N~)Sf7EsHhMPV@Wd4R*$E%_mvY;B+
zsES+>IF=iJ*5WrQnyYrQ{I}b|8(&x(*;1noy41b3%mTDEy458b($ddp8_B##ksp-J
zxpp_KOX^HvV!q2%q^gyrt+#=#xBFpd+Y^cBcX*HtZ)0~_ao#7KKPqHxZhku@S|fSa
zF^)Q$xIQt9#t1D#va^%9*$E}H;<v{NH+>>Mtx>r*sey|M3y+ElcVu_twRYAPh4}_w
zi;047to0z?y(zrQl3e28;+z}%bSEa&CjLe^2Rb2c{A%69^~ptv3ZizBM3=U-!SH)n
zM{_gp!=&Bs@!Gp$-Z!RZ-ae(>sBIHyo}bebE4dG={U-CSGEBf~E8Eyyy?Z2E;>++L
zd3Nx59&d|Z%3!!oi{JPYZ4KV^XaoP3yn*q@ULV~cUX%a!?b|m;LVt;2LPk$d-fK=7
zeAuqZdFFtU*ifoPmCDi0I$t+izwSSUf2-SgAO>T>u4-#1z!l|ds;}Oqp3r6}YjGs8
zn#tw$f#H+M9(D%aBVKienFIB+b#;7cNkwsFFXhR|!S(SPI)+BF98w!S(>%=Yx~!k_
z)z&p^wfS8%+fk@`-eDZ~SYr3?Gx|rAZTjmogEWU9*45p7B6^+m!si_au552iPA`_X
ztxN0hIG-68o1)9?WAUyHYuv1#TolLH86==1<=A~zNAW|&W|nVt7H#i$r`er!hcv_a
z8`8+umQVOY?&TSm`PGj<(>9M&N8fR1iz(yddZ$yZq>-r^E@i=~TB3ZfLt0cnkDWs~
zD73oGWQh~usJUa;VO3$X(faN&(JcPdA-=fq=0Q?;-egWrHCNE?ileyjTe^@T;f|`N
z{GOt^vFAIqFe>87LV-tRs#40&s>lSWc=XDUubmI;c2oJnSDB*pd&dFEPiM~r{&t=y
zh-^vUi`&DoOPO`f(S!7WPq6=S$o<BbZ#TpvIjn-p9WYxv?mSi8*Q>SpMvFsEt@M}2
zJ5U+bk>L-t{Bz%K+x9)+eT>#`$ALYpH}d=Y5l7m8H&nj8r@BabXMN>pF3c~i_|-w;
z>-_q9a%$Dg=SB|&g(6ka=fVo2-?f+$Qd**~^Kb~CVi!-IQh?IaubOT*imlGp>pO5j
zE=(2WOA2c_l_&rBY~c44H?m={w}Bez$)m5^Yy(Xj$ioX_LsjeQy1exJEgxpe9uc{)
zLH0=BNXzW7wSLc8FU>hq28Xz|GfJ&rbLGS=t#rsQtUvFycvPZ7)(_^CJhKx%w%Nyq
zUAIqDJdAyG^z;Nlbtt{;;GW|)==;J+qOLg-eF||hr%uiph0UD3f>-|-{y>hoH1P8|
zTZyUQQ$s<&E%gu8nCp0UvdcByQ=Kw3vg|;MWkhXjNUv}b|0>h$S^Pv%dr?e8*E%Kg
z_9U;KDS1o!k-o<_2Ng;8EX~fAZ@$~9D5+C<Cc#1Ph@;1yPul!%#|(H!Yiliel@0Cy
z#RYJh_bPYP+2=wde08==4XL)Hr?=ajEZUb|<@kiDFxEgc=gEDmVqN*<$yv4qslcfd
zhl|?u>ok~ra3mW(oj|jGjby9GM_WH#m76$A8tEZ-xII5;eU0yPQGLSWxSN9p0=$=H
z&vQ8>`CyW#oOg&}`h@mk-Z-``T_WAfJlNqca74*lO49L8jm8+ts8tr6FwK+4qH_Gu
zYs^jk8->pnIV(L+76$npJS9<Zw>Z0`8_rW`t+w{Edo-_TWn|uhuUG!9muA8_3FrOJ
z;P<G}CI3DvfMEQ>aakJ8zP@Jka1+MG^rH)|d%;ccXgTt)Uvqr|pA^>@&z9B<jB@pU
z5ol^*eR0M&*YDD>d&rv#HKncvi;abIOFB)h<V3_5NtrIUhuM)kJqsr$I$B?-{Ytbi
z`SE#a@HJ!U*JB~22QJQ)5_Njzd<MTHw<hV$Xg{+jmnAc1F4YKj%*(x$+vj8SyQ|XP
z@l_>xu}_d==|#x#c`2)3WS4ifH}?BR{hrYot}M;A^?7}5k&Sm&sPyaP_8nwiLrdN-
z<YeKlrTM_F1>0+n28_GP68+O=O;2~qd!F=NI<)AU&1}tv-TA@6c$%TuRqpLbS0N!E
z&KnMJZX_QX=FO6Z*1v9@QH$|;XnQj~5S6WWY*;a<p(Cm^qP-B4A7<6=Zn{5gQhQOW
z{{H@0vzi+M^&duT3NWWTZ3+atyYr(ui$vZT<+4~4UVhq~75gY>se5u~saY}EyKgpc
zsI%=?yKAj0>V&I&S4U!AePLeH)2T{*^I?Gm*SFo|vJ7F%U-r*8-<KR3vA_Op?(v6^
zj)(G#5B+2p&;L9*%sF-P?X~tB2QPT=maC2xW;`k&58hQ+;w+MK80K&v-YIb{ig=9)
zBXwP%>WzuL`AlnH$CsOzf}}IlmKfd7>QDRiDIwzyjdSn*YV)(h;II7~PjVwqF!jE<
zbRyT+EDl#gM&Dt$E5}gU6KXG#ht($r?tP7J)3iBlL$b2U8Tf@7%?(K3i@g8j$ecTI
z!_X9`+J*q-oo@?n3G%jbpSV?4r`NG=Qg<g|Z{itVA&#Wu;_c8yi!b>&n^z%kgwByT
zR87sIgoMs*e-QFckz-$4)bz93kfXV~I*^j_K8KElTvcZm=F`!7BpZO`IUz56(^#=W
z0p8lc$Sb7u^XAph6P+R^Os#jeE@CZp6d&tJ+;oZ?8!T$AU1GNR`XQR~?R7XJh>?XI
zg(G5d|C|$yr=AnMAC7Hc3>2n(1%2&V!FbAXvG%6ctkTkw$Ia|4oGcM|Bra^sOOR~v
zw&8XMl9Q>|J9_u)@1}|l-cgsYgz)g};aboLmpycJ(=F{#;VVq`J&~RtPYs$X@Bh}Z
z=*40<e0%QP`;&q8=Zs>??;3Vw@KzL)gPe~xe(G>hk+5oQ)AD+{G?~s9S|vR_QKa_C
zWmsatBkDj&V@y}lSa`{Wh{YYUdjm7iageL?UnEM(xg^cZOz>Pa`ovWz(h%CP&$ism
zu-_5qm278Xl4BU$Fn>u(#;9LpiB&fG@X@MhN6o<!mg(4(3O(odA!#`m!ZO&do!D0R
zt+esJ*h!MnV9Yxr{LRto{&O#kMfL&Sr#Wf(jQhu~4TsA(m^}X=1n($#e#~6SFxxzU
zTx2GTC`FYDjXul#DkI}Jf71V*pkA=|ullDov!sQala8|+A2`ki3OG#I-}$Z^xi_h_
z(vY+eaI4km!)&wB?juY5=!JxlV`L3PYvzE;NwQVn#Kt!E*<+Eq1Kg1s1CsEo2`O-`
z`+CBY7~m5eeQcuh?5w~Wu?eXO`2p8_vgE>>wi`a+TCzc<)Zb{pmB%%E>51#lWB1P)
z?XMrW5$MC8)YI-Z(Rbjs&ox=8S(zz^=3qzC>~`}brFxqetcPl*YtRd(o>kM#7OoRw
z-$WN~=2#BPl}O$iWt&Z$@Jx;EIp>{Vly=ppY?g1~gYIL&o@8Y?kAw->O%69DXfzty
zk~!e7ELXyP%O{nTRq)}pMLpP*LB?8op}V?ol>4Mwsj-n-Y0kreYYj)_>Z5&>z<XMr
zq!-6Or~BG4O?Sr(iKYwo5sh?QNF4$JoyjBRJ#&r&%=J%8d+Ot*5zG565MW6JqXfLQ
znNgaVa?&xHK!A@mGh#VeDd!!7Pt@~|(P%URheW~=&5X``)DHlaf=-~^0RQp8k8wCy
zqJ@!{iE>ghD}20#QHqIjSTZXd)WWy}0$6ZT3*$~H`XiI6F+dX*|8it9{_i7`Hx@Jr
zLC<-3@qc#zz@tg4Hvb^3Z2nOz4TWvT|JnWHpO7S=3NFb&Rt)f93*)Bc)1F!7pin6S
z{XP-|`h6q_|FVw+;m<x2tOW=I#swip0u~nZW!w(4jspqqf{*}g;LCWMg-T0lDID{Q
zk*k2!kFl455m=nk2T6Qa7#XAq^yVSZpD0cE7xNIP<|!DJgXVcR6aKag9!Z3e2#9N0
z3o(7@;dUzZT6+^w1s(d3BLn<E2-*anJ_}Wl>5W08HwJN)F_cjV6pld2aFWVs1PZ@$
zi2+dbG87A-E0;I~3iuWk7mq+;SD*w0inwwK`VB>(Ub9LnlK=`88<_5&ekA@mnjPd$
zWqUg(K#YN#4IocW%ra|DGe>)8hjV6*;0_ixHiTq3skTHc>xNkN4Fnuz2x&2}!efRI
zCj$arZv<)au#%QBNmNb<64i?kBofSK0m;JCMv(Zw3kk7+PC#HYnq|Cd<Nv|~%HZHf
zW)L2BFo7iglb0L=dYKd26q5XRtbaK5{wEI5N_HEX;uD$(6o%Tf;6G}ab@sXcVof1q
zL=$0V3rHFEIR9U0e>5P#B4+>9mOnUV|GN<cIKceBSWvWq!BN?4FsB7%`R{xvILv73
zFpGd^tRWSc%ksa}rt(v;h1B8x|HS#DHXeRr^}qORLoNFW3bpJgDAbClxLf}(G8Pmy
z+z}`gyu|{NgB5K43;Q2Me*Py8wYyN*m0rE@U#zI@=CFhIQ|w5BLv8;jqN@>f84k09
z*fA&~McI{F<*>ao2sjKzQrXJEkrH{-aFIN20zROZjX+6rO|l^KMA$=|@YYa>1<taE
zqzFWu1QtO+ktBdW8c3>}IG9mGmud;glV)xdZd7ZoiFE>uxCrsG5vlfFmV+Xp;iXFu
zKYZpQWP_)&#S;IGsk(!i%ik(4OCV8w1Zeo_G{gZvu!p$e9gaXvyPFUX{OAU>9zJ;q
z(ljDbbj9MZ5<t6Ex-O@e6<w)ewMJJ8WR0EBf6PRp#@-+GQ55yLVLK<_(*h1q6rL)M
z-ZabNR$8%afR$EI6C_-(50s`_8MJ`~UKapug~c7Ag<TYDfONcqOikab6(ynIJND2{
zO3PVbYbR*z55cmiWo6e8pjQz@I71U6RE_ZjEKO&w(U__PoNWN{2rat};cs(LGPvf7
z*C3Zi9Qe^y;4=)aP}Ux5mtv4u3BYcZ^_M+m#T;<A10)D*+e7Ry@*>2#Z}}$G4^bql
zWL8OSE2j%)(#lH8%19&zgG8d0U@<r73=dU#6bU5(oZ%n-Bn*7O3EBa+FM-GIKnQj!
z0U$(C2r2&y&>j%P0DC1s8{l4d@MqB;Lc=d_Lu@R6<H9yhkSJW@2_?fn>_P8j-G`XA
zqDZTqoJ4>pE<z|e{usFFHiUuADDHUq4zv#D^@c(q42A>``$Bwh-lY{`bc9%Vs}JN0
zM|eYQj7U5@W)E%uBX_mKf<bK9;a}w9;Pqt49>QXA|B%Avm!NI%Q733O6SZjt6=cx#
zy;Q@2E%;~+NA1lO=fT3(&d_d3r)&^LBbP_@<@A7DE@;+v3l>-x31fVrWXWZx&^xV<
zpgI5wLy!PY|4#=|^N^<GiX04l%?tQ&l?(6yY9CNIQTqvwbcXg9*!w|<6^-#k5(wvi
zIH8f$kXVinG!g@Ua)ovy{{$-<xyC!GT}R_fR8jDvKlFInm#|3O8dZS+c-|M{p>#*8
z8-!w7CSVAFt}&qrNC`CD<qjQRfwloC9ODBCGGJj-&p*fosaFAHnLTZsQP_XH42sKm
zFK8PQzY<kw<f<HrMo|+TjozS^2gW8{hicHv*%*nU3E)*Rw$@5ud};HBb|3hY`O(Pb
z9J7-7mrKO8U5kUy-UPt_vZ~p#=iu=KntoX2pJ)^suJ-}Wrzoie>)nL17(opi?FQPJ
zK!$cL!wZxGLAUN$X)4tf{%AtYc4#o9e!mR-kKz(5B$+`_F9X{e5)=~V^7~s>{cR{_
zSwj%)YmyEcxhkUp1H(!FkmM@f@atgc+A=9ndyOsEl7hyyURiCv<qF`>z)6)t(^+^}
z(ha1zk0H?8<=(=e@M|P256mk8@kiW>6^QVY0MI@>)s|aAq0wbeLKD$zdjNE6^%W3C
zx35Bo6>Rk|sC2nWDBRk?8jV_xjAgT<a4?G>wDbP;l>l5Jx4#P+?V=_MESe_lR*}Pv
zSD@_-MC!1z9z&q|<*s{>6wh+*$I^v9eDNx@10E^{X{r4_w2cuI_9OS9jEx4YlFNe&
zaO`k9fbu8-5`(qFp*_5mF&wkPY1L?kC%|_Spo4IIIK;b$8YPmHoU=yd)#yM;3i`8$
zkkDo-(jT+H=`f@KKZ<}h!uSYCU>)Tq-187*U&#lM6wDV1?O~?sfWpIJ51`}lok%bu
zoPG#xTt=0T1gN~>0ChtYv>AaVNni{l70n!-&a6zQ{#J|XmauO)q(l+N1p7omtjuTx
z8jq8}!@*II2+aHtl4hrVM&PhWkc`j-q6B97o)@?WTSr5@uyPO>Vh0{BYt01rMngjI
zt!Pk+SVaI7-55xSmD)mTpu$ZNkSbgs19bi!4Q+xbtqXntR6Z36R6hI&;@z^=dT?(d
z7`o~s0juYaK=Q*PVfZnGfEA(uL^2i<VnKl*T+V+fQGj<MfGrE8CQuj=4S)i1e}L4q
z4Gxn5z|c5|m-FAo2Y7P~xXt_+;@OT_PU?RfjXF-jew6#(kD>icV1Sb#!84T4zaB%v
z>yRLtVEaelqg6b(4F+0Z%&(NsJ@F7P1CFBnF4!g(G*%}8{P|3|dY$k`J8Jy^AB_X}
zhZ6ztpP~gWrU0J<;Br4x%_9F87y*?89I1eE^@MUI9uKYrpZwuSEdb$r@qie90_|S0
z45bK#Hzok!mSkx62C5iP?!vwlkS_o+FQ;-8yekEiv>OtEmi8%7IP9GW5n#DgC<>lT
z1af%NpgZt|BmnD8gJ8HX3BYpFA#eE16L57Q19E~}o`AdDnUE)}lnkzFGa(nakaFdc
z1wDo_DF9C=8*+tNQo;O{@hRj5e@q2;^PWOxaB>>BQcnN{v~CV$47;X-k3VuC3mBOJ
zu7YwQGTckKQpkg@!=ahriXk6zfaSn@Xq*@vsI&1Xj06hAD^3E9z@x$KA}~`SJ%c1*
z-fW1#i2}nW7J(<BL4L+!@!%RP_mrgroT~+3r_k2`hZ~I}0Ad1?@)wJzB+F%!mgPg*
zF!?D^I{F#3o*jio19`xP01Zsp!DtK+_Q2|yAhHnYAWWv8fkK)u2O@BRXh0({I3mDD
zqY2<IhJgBm&r%57qX1xWqOe3tssRiM2n>>vVS(!h7X#g>I6AoyaT^u`)B!6Spp958
zxB~eLv~VB1r5LESF%Q^-64~rH0v<3yfxt!~aG*k^>b4gaE&|<C_YW53&Pt%;k$^L$
z1uIyN`M{#USQrEv7z?zMK+Qo&+;S_a@;D11DRvA3gU3qX{~&<nsMuTx1@jhz{8?Q9
z6cQ?d>|u*%;L4yBVuqVaAYFLFbD%ExXbi*8AtF3k3Y<W+a7BAK{UsC(Hx&XuaVvvv
z!uc=24N^H20!J1>g!>hc9jsUks0>Sio1|4h0r0__&?YWz_lstdhfSPJF4$Xud7%Ym
z-3CK|wJISjBM}GRs08EF{y=CmoLdQ95k?`gNGw=dBH@tYNbG(ja=*x`Z0+V?X3h#0
zFwrR3xC-K9LV;-~7A99gd&xw~vJ&M7VTWL){0H+@G-ch5^797<phU_XaV-poBY@<y
z8U|>wlqIXxFeDO(qg489VFcjV6d3s*A%GZ<qhW|d67U#07>Ps#v!m4v0WFcTCbk-e
z1XC1BrM(tLY2GRrkPli+0>7((6bcXyl!}+~^S2eivKt0eldEBX7EM_~S`9-2JjyP-
zYheTet%86SOQz&!T13i9?iv_Sg|aBP8U~2Lqmi{RP{v~Mv`Pc@NHj74ErGHo3Vy)C
z=1RXK(HPWnpR8&z$Q_h5KN`U#9IY>)aYPiI(nKsRKVVbT+AdZAtkFa)hPEXb6o$^!
zU`|5Wws^HNVE&1LO<qA9WF(5Vk!U22*0+%uESU1rvcMCNG%%ni0So43YenG+XgW0s
zMDSn$pn;O|Z$n}TL<~)Df$+p*X?lhNgBfap?zn%EPr}j2LV-9!)3G3sXu|`AB#^)}
zh&8%{z(>)-P$(>E*@0HYAPPmmk!XYfVz5lGmLb5yqiBSnfcMcR4nT{eEI_U{Bn5Ac
zQ&D0Ng~k9^TZ;&Y30RtV19*7KJasKY9G<pUfisgR+g`86Lu0^Pg{C0@h9Xl|MraVh
z`W_t&OIb*#!J|Cxp@re;tbjoi=&XuClTgcE@=pw+fuU(l4Pam-r4@ofQ=Sv8RR%;1
zjn4pD9Bmc@F#Oss0rm$#0+!BPfFGS@FeJ(YleL1e$Tj^5ZlW<*G_8LC7*L0f7K__Y
z;~)SLM|splBLok#zX!oWq)a|(ZjopM6L=FynY4IdQ+zs6I57F6!vhNwbTHhqN304K
zAOuhE5;y{F<N`b*eS2^u%6jD5hTy47Lo_ffWrFxOj1nv$2Jp1$7Ql$~Rv>^ua1}9?
zmOx#e{+r=43=}<dcsTmT5eQ`Z)`1*EXI3I=#kv1Zi)aiHO?kw$RxlAuuQU-yd5}hf
zN5C(;&aTxA=@T6Wtm0-jKpY}y${PGy9wfTK5se|?spw=-5YeHNXvbzW@C!Qc$0E^m
zo(5_$y3z=XB+!K-7D=Q$W?fqbVNpoBp$|(*nluW6(UtNjaZMXR2}n1VU{QEFdtyPo
zwAwyYufl@#NGAl1rY8msrt3&h#M8tj3XQ|lItvP9Z}e)xKzj-d41sG~0)S}RdI`Yr
zl*gp2TMS?%%2U*}Fd`8=iKl~MX}TDNAt5o#G5Ajk20)N-X^BZ#+7cGjcyxsy1x8yM
z0T`Ax>i`&WtsepVgCq}LmZ1@hBOz%=F|f{pq;*yRLsOnltg!-)L^tT5z}QLaGbjRv
zfFskI6#yv@xYsZw(C2<IK;!8d;s8$?S`rG>CG@aAmL~rxp1}G67#L|0(O?om2gA`h
z9LT7&SqBARw1W<K5<-2(zN&Gcd?bOX6P*weu)|uxU|p3?843(d({%tw=N|w@c|~N6
zRncIUg2$3+fp}0~(ZlG%6NLwJAzD13GaW5pN7Fb^T!9W<p(X#B{DI1s)(YSa7vxIv
z{U`SVAYFxoMq_Cm7@*NtLufQz4M9dz%A7yi{H+YA_i4=qQucDn{HNdsa?!NT3Sd~e
zX%89;rl&O4LW80JjiBVe)eLc15}jZ$+oj1|Xf&AF(wY^G$Ix34jMsFuVAk=sGUS!H
zH<|$65u())6cn^+8N7-_S7ZVk&?X;{yg`#``4I_plSwj|-%}nlueAb*9C{eYNHlmD
zBydAI7=|`uf^Z<v7p*8H<=qmh{r}_uP`iU+oR%SYn}${yEE<ocwH6k=CUTq{Osp=L
zIZ$3G)Uxt0qbz|)YTDaV9?Juj!Rv>TDt6}f2;hGpeNsOvBF-SB(KtmV`NQ(cC?%qz
zk}{Sg4<<`^0#RNbJd~D4D;<_){r^!AU=d!?{@h_pvvW3%&bA0iC3$5eQ9+T2#wwxZ
tQ3{8Vii)5p0;?mSzyp%7hbiy#I69d)I8oPYfLD_+1lGNKmDH43{|`aW3E}_%


From fd9090cccbff31d830670a1ef5058bc303aa79da Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 17 Apr 2022 00:37:32 -0400
Subject: [PATCH 810/812] Added 2 new test cases to verfify 2 vulnerabilities
 fixed.

---
 .../HTMLValidationRuleCleanTest.java          | 25 +++++++++++--------
 1 file changed, 14 insertions(+), 11 deletions(-)

diff --git a/src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleCleanTest.java b/src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleCleanTest.java
index d7e0686a7..87a2370c0 100644
--- a/src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleCleanTest.java
+++ b/src/test/java/org/owasp/esapi/reference/validation/HTMLValidationRuleCleanTest.java
@@ -127,10 +127,13 @@ public void testGetValidSafeHTML() throws Exception {
         // assertEquals("", result4);
     }
 
-    // FIXME: Update CVE once we have a number for this.
+    // FIXME: Change the method name to reflect the CVE once we have a number for this.
     // Test to confirm that CVE-2022-xxxxx (TBD) is fixed. The cause of this was
     // from a subtle botched regex for 'onsiteURL' in all the versions of
     // antsamy-esapi.xml that had been there as far back as ESAPI 1.4!
+    //
+    // This TBD CVE should arguably get the same CVSSv3 store as the AntiSamy
+    // CVE-2021-35043 as the are very similar.
     @Test
     public void testJavaScriptURL() throws Exception {
         System.out.println("testJavaScriptURL");
@@ -145,23 +148,23 @@ public void testJavaScriptURL() throws Exception {
 
     // To confirm fix for CVE-2021-35043 in AntiSamy 1.6.5 and later. Actually,
     // it was never really "broken" in ESAPI's "default configuration" because it is
-    // triggers an Intrusion Detection when it is checking the canonicalization.
-    // This test assumes a standard default ESAPI.properties file. In
-    // particular, the Intrusion Detector must be enabled (the default) and
-    // Validator.HtmlValidationAction should be set to "throw" rather than "clean"
-    @Test(expected=IntrusionException.class)
+    // triggers an Intrusion Detection when it is checking the canonicalization
+    // and the '&#00058' trips it up, that that's pretty much irrelevant given
+    // the (TBD) CVE mented in the previous test case.
+    //
+    // Note: This test assumes a standard default ESAPI.properties file. In
+    // particular, the normal canonicalization has to be enabled.
     public void testAntiSamyCVE_2021_35043Fixed() {
         System.out.println("testAntiSamyCVE_2021_35043Fixed");
 
         String expectedSafeText = "This is safe from XSS. Trust us!";
 
             // Translates to '<a href="javascript:x=1,alert("boom")".
-        String badVoodoo = "<a href=\"javascript&#00058alert('boom')>" + expectedSafeText + "</a>";
-        String result = null;
+        String badVoodoo = "<a href=\"javascript&#00058alert(1)>" + expectedSafeText + "</a>";
         Validator instance = ESAPI.validator();
-        ValidationErrorList errorList = new ValidationErrorList();
-        result = instance.getValidSafeHTML("test", badVoodoo, 200, false, errorList); // 
-        assertEquals( expectedSafeText, result );
+        // ValidationErrorList errorList = new ValidationErrorList();
+        boolean result = instance.isValidSafeHTML("CVE-2021-35043", badVoodoo, 200, false);
+        assertTrue( result );
     }
 
     @Test

From fb9aaa120202bfee54abfe8299bf2afcb18f4dcc Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 17 Apr 2022 13:24:09 -0400
Subject: [PATCH 811/812] Add comment on updating htmlTitle & offsiteURL regex.
 Fix more typos.

---
 .../esapi4java-core-2.3.0.0-release-notes.txt | 21 ++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/documentation/esapi4java-core-2.3.0.0-release-notes.txt b/documentation/esapi4java-core-2.3.0.0-release-notes.txt
index 1765eb97a..5d2a5b4d6 100644
--- a/documentation/esapi4java-core-2.3.0.0-release-notes.txt
+++ b/documentation/esapi4java-core-2.3.0.0-release-notes.txt
@@ -13,9 +13,9 @@ Do NOT:  Do NOT use GitHub Issues to ask questions about this of future releases
 
 Executive Summary: Important Things to Note for this Release
 ------------------------------------------------------------
-This is a very importanT ESAPI release, as it remediates several potentially exploitable vulnerabilities. Part of the remediation may include reviewing and updating your antisamy-esapi.xml configuration file, so be sure to read through ALL the details thoroughly or you may not be fully protected even though you have installed the new ESAPI 2.3.0.0 jar. This will also certainly be the last ESAPI release to support Java 7, so you would do well to prepare to move to Java 8 or later if you have not already done so.
+This is a very important ESAPI release, as it remediates several potentially exploitable vulnerabilities. Part of the remediation may include reviewing and updating your antisamy-esapi.xml configuration file, so be sure to read through ALL the details thoroughly or you may not be fully protected even though you have installed the new ESAPI 2.3.0.0 jar. This will also certainly be the last ESAPI release to support Java 7, so you would do well to prepare to move to Java 8 or later if you have not already done so.
 
-The primary intent of this replease is to patch several potentially exploitable vulnerabilities in ESAPI. Many of these are related to AntiSamy and were introduced by vulnerable transitive dependencies. All but one them (a DoS vulnerability in an AntiSamy dependency) have been fixed with an update to use the new AntiSamy 1.6.7 release. There are also two vulnerabilities within ESAPI itself which have been remediated as part of this release, one of which dates back to at least ESAPI 1.4.
+The primary intent of this release is to patch several potentially exploitable vulnerabilities in ESAPI. Many of these are related to AntiSamy and were introduced by vulnerable transitive dependencies. All but one those (a DoS vulnerability in an AntiSamy dependency) is believed to have been fixed with an update to use the new AntiSamy 1.6.7 release. There are also two vulnerabilities within ESAPI itself which have been remediated as part of this release, one of which dates back to at least ESAPI 1.4.
 
 In addition to these patches (discussed in a bit more detail later under the section 'Changes Requiring Special Attention'), there were other updates to dependencies made in this release done to simply to keep them as up-to-date as possible. We have also added the generation of an SBOM (Software Bill of Materials) generated via the cyclonedx:cyclonedx-maven-plugin.
 
@@ -90,7 +90,7 @@ NOTE: We plan on issuing an updated README.md and updated security bulletins on
 
 FALSE POSITIVE ALERT ==> A final word on vulnerabilities -- CVE-2020-5529 is a False Positive
 
-Dependency Check picks up a false positive CVE in ESAPI 2.3.0.0. Other SCA tools may as well. Specifically, Dependency Check flags CVE-2020-5529 in a different (the original) Neko HtmlUnit then the one that AntiSamy is using. In Dependency Check, this is a False Positive caused by a mismatch of the CPE (i.e., Common Platform Enumeration) identifier. If you follow the "Hyperlinl" section referenced on https://nvd.nist.gov/vuln/detail/CVE-2020-5529 page, you will see that it ultimately references https://github.com/HtmlUnit/htmlunit/releases/tag/2.37.0, which is the old, unmaintained version of Neko that AntiSamy had been using up until recently. Dependency Check is incorrectly matching "net.sourceforge.htmlunit:htmlunit" rather than matching "net.sourceforge.htmlunit:neko-htmlunit", which it what if should be matching. This CPE matching confusion is a common problem with Dependency Check, but it's by design. Understandably, Jeremy Long and other Dependency Check contributors have deliberately tweaked Dependency Check to fall more on the side of False Positives so as to avoid False Negatives, because False Positives are a lot easier to vet and rule out, and one can--if so desired--create a suppressions.xml entry for it to ignore them. (I've decided against suppressing it in Dependency Check--at least for the time being--because there are likely other SCA tools that will also flag this as a False Positive.) For now, it's easier to just acknowledge it in the release notes. (Especially since we'll be releasing a 2.4.0.0 version soon after the 2.3.0.0 version that will support Java 8 as the minimal SDK so this problem will disappear.) Note however that Snyk does not flag ESAPI as being vulnerable to CVE-2020-5529.
+Dependency Check picks up a false positive CVE in ESAPI 2.3.0.0. Other SCA tools may as well. Specifically, Dependency Check flags CVE-2020-5529 in a different (the original) Neko HtmlUnit then the one that AntiSamy is using. In Dependency Check, this is a False Positive caused by a mismatch of the CPE (i.e., Common Platform Enumeration) identifier. If you follow the "Hyperlink" section referenced on https://nvd.nist.gov/vuln/detail/CVE-2020-5529 page, you will see that it ultimately references https://github.com/HtmlUnit/htmlunit/releases/tag/2.37.0, which is the old, unmaintained version of Neko that AntiSamy had been using up until recently. Dependency Check is incorrectly matching "net.sourceforge.htmlunit:htmlunit" rather than matching "net.sourceforge.htmlunit:neko-htmlunit", which it what if should be matching. This CPE matching confusion is a common problem with Dependency Check, but it's by design. Understandably, Jeremy Long and other Dependency Check contributors have deliberately tweaked Dependency Check to fall more on the side of False Positives so as to avoid False Negatives, because False Positives are a lot easier to vet and rule out, and one can--if so desired--create a suppressions.xml entry for it to ignore them. (I've decided against suppressing it in Dependency Check--at least for the time being--because there are likely other SCA tools that will also flag this as a False Positive.) For now, it's easier to just acknowledge it in the release notes. (Especially since we'll be releasing a 2.4.0.0 version soon after the 2.3.0.0 version that will support Java 8 as the minimal SDK so this problem will disappear.) Note however that Snyk does not flag ESAPI as being vulnerable to CVE-2020-5529.
 
 ----------------------------------------------------------------------------e
 
@@ -104,17 +104,28 @@ Simply upgrading to the esapi-2.3.0.0.jar may not be enough. This 2.3.0.0 releas
     The corrected line should look like:
         <regexp name="onsiteURL" value="^(?!//)(?![\p{L}\p{N}\\\.\#@\$%\+&amp;;\-_~,\?=/!]*(&amp;colon))[\p{L}\p{N}\\\.\#@\$%\+&amp;;\-_~,\?=/!]*"/>
 
+We have also updated the other regular expressions in the '<common-regexps>' node for our antisamy-esapi.xml file to reflect the latest regex values from AntiSamy's antisamy.xml configuration file in their official AntiSamy 1.6.7 release. This was done as a precautionary measure only, as the regex pattern seemed to be malformed along the same lines of "onsiteURL" and thus potentially could allow unintended characters to be passed through as "safe". Note however that there are no vulnerabilities known to the ESAPI team regarding these other 2 regular expressions for "htmlTitle" and "offsiteURL". If these prove to be problematic with your applications using ESAPI, you may decide to change the probablematic ones to the original values.
+
+    The original (possibly vulnerable???) regular expression values for htmlTitle and offsiteURL:
+        <regexp name="htmlTitle" value="[a-zA-Z0-9\s-_',:\[\]!\./\\\(\)]*"/>
+        <regexp name="offsiteURL" value="(\s)*((ht|f)tp(s?)://|mailto:)[A-Za-z0-9]+[~a-zA-Z0-9-_\.@#$%&amp;;:,\?=/\+!]*(\s)*"/>
+
+    The updated regular expression values for them:
+        <regexp name="htmlTitle" value="[\p{L}\p{N}\s\-_',:\[\]!\./\\\(\)&amp;]*"/>
+        <regexp name="offsiteURL" value="(\s)*((ht|f)tp(s?)://|mailto:)[\p{L}\p{N}]+[\p{L}\p{N}\p{Zs}\.\#@\$%\+&amp;;:\-_~,\?=/!\(\)]*(\s)*"/>
+
+In future ESAPI releases, we may consider just replacing ESAPI's antisamy-esapi.xml file with AntiSamy's antisamy.xml, but we will not be doing that lightly. We tested with the latter and it broke some ESAPI JUnit tests so such a change now likely would break some client ESAPI code as well. However, the changes to the "<common-regexps>" node did not break any of our ESAPI JUnit tests so we believe they are probably okay. (If not, we apologize in advance, but we prefer to error on the side of caution here.)
 
 -----------------------------------------------------------------------------
 
 Developer Activity Report (Changes between release 2.2.3.1 and 2.3.0.0, i.e., between 2021-05-07 and 2022-04-17)
 
-Normally, I write up lots of other details in the release notes, especially to credit those who have contributed PRs to address ESAPI issues. I apologize for not spending time on this right now, but I will try to update this set of release notes for 2.3.0.0 in the near future to add such things.
+Normally, I (Kevin) write up lots of other details in the release notes, especially to credit those who have contributed PRs to address ESAPI issues. I apologize for not spending time on this right now, but I will try to update this set of release notes for 2.3.0.0 in the near future to add such things.
 
 
 -----------------------------------------------------------------------------
 
-CHANGELOG:      Create your own. May I suggest:
+CHANGELOG:      Create your own. May we suggest:
 
         git log --stat --since=2021-05-07 --reverse --pretty=medium
 

From 9473bf4676d2b28fee93ee059099a4f4e707dc51 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 17 Apr 2022 13:26:58 -0400
Subject: [PATCH 812/812] Fixed onsiteURL to not allow 'javascript:' URLs. Also
 updated other regular exprssions for htmlTitle and offsiteURL in
 '<common-regexps>' that appear to have similar issues but no known
 vulnerabilities.

---
 configuration/esapi/antisamy-esapi.xml      | 6 +++---
 src/test/resources/antisamy-esapi-CP.xml    | 6 +++---
 src/test/resources/esapi/antisamy-esapi.xml | 8 +++-----
 3 files changed, 9 insertions(+), 11 deletions(-)

diff --git a/configuration/esapi/antisamy-esapi.xml b/configuration/esapi/antisamy-esapi.xml
index c45fee06e..b6edfb3cd 100644
--- a/configuration/esapi/antisamy-esapi.xml
+++ b/configuration/esapi/antisamy-esapi.xml
@@ -31,9 +31,9 @@ Slashdot allowed tags taken from "Reply" page:
 		space characters.
 		-->
 		
-		<regexp name="htmlTitle" value="[a-zA-Z0-9\s-_',:\[\]!\./\\\(\)]*"/> <!-- force non-empty with a '+' at the end instead of '*' -->
-		<regexp name="onsiteURL" value="([\w\\/\.\?=&amp;;\#-~]+|\#(\w)+)"/>
-		<regexp name="offsiteURL" value="(\s)*((ht|f)tp(s?)://|mailto:)[A-Za-z0-9]+[~a-zA-Z0-9-_\.@#$%&amp;;:,\?=/\+!]*(\s)*"/>
+		<regexp name="htmlTitle" value="[\p{L}\p{N}\s\-_',:\[\]!\./\\\(\)&amp;]*"/>
+		<regexp name="onsiteURL" value="^(?!//)(?![\p{L}\p{N}\\\.\#@\$%\+&amp;;\-_~,\?=/!]*(&amp;colon))[\p{L}\p{N}\\\.\#@\$%\+&amp;;\-_~,\?=/!]*"/>
+		<regexp name="offsiteURL" value="(\s)*((ht|f)tp(s?)://|mailto:)[\p{L}\p{N}]+[\p{L}\p{N}\p{Zs}\.\#@\$%\+&amp;;:\-_~,\?=/!\(\)]*(\s)*"/>
 	
 	</common-regexps>
 	
diff --git a/src/test/resources/antisamy-esapi-CP.xml b/src/test/resources/antisamy-esapi-CP.xml
index 4eb23cdfe..ee1aa6b4d 100644
--- a/src/test/resources/antisamy-esapi-CP.xml
+++ b/src/test/resources/antisamy-esapi-CP.xml
@@ -31,9 +31,9 @@ Slashdot allowed tags taken from "Reply" page:
 		space characters.
 		-->
 		
-		<regexp name="htmlTitle" value="[a-zA-Z0-9\s-_',:\[\]!\./\\\(\)]*"/> <!-- force non-empty with a '+' at the end instead of '*' -->
-		<regexp name="onsiteURL" value="([\w\\/\.\?=&amp;;\#-~]+|\#(\w)+)"/>
-		<regexp name="offsiteURL" value="(\s)*((ht|f)tp(s?)://|mailto:)[A-Za-z0-9]+[~a-zA-Z0-9-_\.@#$%&amp;;:,\?=/\+!]*(\s)*"/>
+		<regexp name="htmlTitle" value="[\p{L}\p{N}\s\-_',:\[\]!\./\\\(\)&amp;]*"/>
+		<regexp name="onsiteURL" value="^(?!//)(?![\p{L}\p{N}\\\.\#@\$%\+&amp;;\-_~,\?=/!]*(&amp;colon))[\p{L}\p{N}\\\.\#@\$%\+&amp;;\-_~,\?=/!]*"/>
+		<regexp name="offsiteURL" value="(\s)*((ht|f)tp(s?)://|mailto:)[\p{L}\p{N}]+[\p{L}\p{N}\p{Zs}\.\#@\$%\+&amp;;:\-_~,\?=/!\(\)]*(\s)*"/>
 	
 	</common-regexps>
 	
diff --git a/src/test/resources/esapi/antisamy-esapi.xml b/src/test/resources/esapi/antisamy-esapi.xml
index 4eb23cdfe..b6edfb3cd 100644
--- a/src/test/resources/esapi/antisamy-esapi.xml
+++ b/src/test/resources/esapi/antisamy-esapi.xml
@@ -31,9 +31,9 @@ Slashdot allowed tags taken from "Reply" page:
 		space characters.
 		-->
 		
-		<regexp name="htmlTitle" value="[a-zA-Z0-9\s-_',:\[\]!\./\\\(\)]*"/> <!-- force non-empty with a '+' at the end instead of '*' -->
-		<regexp name="onsiteURL" value="([\w\\/\.\?=&amp;;\#-~]+|\#(\w)+)"/>
-		<regexp name="offsiteURL" value="(\s)*((ht|f)tp(s?)://|mailto:)[A-Za-z0-9]+[~a-zA-Z0-9-_\.@#$%&amp;;:,\?=/\+!]*(\s)*"/>
+		<regexp name="htmlTitle" value="[\p{L}\p{N}\s\-_',:\[\]!\./\\\(\)&amp;]*"/>
+		<regexp name="onsiteURL" value="^(?!//)(?![\p{L}\p{N}\\\.\#@\$%\+&amp;;\-_~,\?=/!]*(&amp;colon))[\p{L}\p{N}\\\.\#@\$%\+&amp;;\-_~,\?=/!]*"/>
+		<regexp name="offsiteURL" value="(\s)*((ht|f)tp(s?)://|mailto:)[\p{L}\p{N}]+[\p{L}\p{N}\p{Zs}\.\#@\$%\+&amp;;:\-_~,\?=/!\(\)]*(\s)*"/>
 	
 	</common-regexps>
 	
@@ -168,6 +168,4 @@ Slashdot allowed tags taken from "Reply" page:
 	<css-rules>
 	</css-rules>
 
-
-
 </anti-samy-rules>